summaryrefslogtreecommitdiff
path: root/src/soc
diff options
context:
space:
mode:
authorIru Cai <mytbk920423@gmail.com>2020-11-09 12:42:19 +0800
committerIru Cai <mytbk920423@gmail.com>2020-12-28 21:28:00 +0800
commit3f10977a1e04ce52a15c5602cf517f7dcc8fc198 (patch)
tree903a711b39a58e582d1e9ac5f73b1f1b152ce973 /src/soc
parent98478382c580374bc86f2944c1d4c4c064dde677 (diff)
downloadcoreboot-3f10977a1e04ce52a15c5602cf517f7dcc8fc198.tar.xz
add broadwell_mrc.asm
Diffstat (limited to 'src/soc')
-rw-r--r--src/soc/intel/broadwell/Kconfig30
-rw-r--r--src/soc/intel/broadwell/Makefile.inc6
-rw-r--r--src/soc/intel/broadwell/raminit.c9
-rw-r--r--src/soc/intel/broadwell/refcode/Makefile.inc1
-rw-r--r--src/soc/intel/broadwell/refcode/broadwell_mrc.asm72358
5 files changed, 72361 insertions, 43 deletions
diff --git a/src/soc/intel/broadwell/Kconfig b/src/soc/intel/broadwell/Kconfig
index 5871d58d17..de80bf3dfe 100644
--- a/src/soc/intel/broadwell/Kconfig
+++ b/src/soc/intel/broadwell/Kconfig
@@ -124,36 +124,6 @@ config DCACHE_BSP_STACK_SIZE
The amount of anticipated stack usage in CAR by bootblock and
other stages.
-config HAVE_MRC
- bool "Add a Memory Reference Code binary"
- help
- Select this option to add a Memory Reference Code binary to
- the resulting coreboot image.
-
- Note: Without this binary coreboot will not work
-
-if HAVE_MRC
-
-config MRC_FILE
- string "Intel Memory Reference Code path and filename"
- depends on HAVE_MRC
- default "mrc.bin"
- help
- The filename of the file to use as Memory Reference Code binary.
-
-config MRC_BIN_ADDRESS
- hex
- default 0xfffa0000
-
-# The UEFI System Agent binary needs to be at a fixed offset in the flash
-# and can therefore only reside in the COREBOOT fmap region
-config RO_REGION_ONLY
- string
- depends on VBOOT
- default "mrc.bin"
-
-endif # HAVE_MRC
-
config PRE_GRAPHICS_DELAY
int "Graphics initialization delay in ms"
default 0
diff --git a/src/soc/intel/broadwell/Makefile.inc b/src/soc/intel/broadwell/Makefile.inc
index c59d1e326d..95f198898c 100644
--- a/src/soc/intel/broadwell/Makefile.inc
+++ b/src/soc/intel/broadwell/Makefile.inc
@@ -32,10 +32,4 @@ CPPFLAGS_common += -Isrc/soc/intel/broadwell/include
mrcelfoffset = $(shell $(READELF_x86_32) -S -W $(CONFIG_MRC_FILE) | sed -e 's/\[ /[0/' | awk '$$3 ~ /PROGBITS/ { print "0x"$$5; exit }' )
mrcelfentry = $(shell $(READELF_x86_32) -h -W $(CONFIG_MRC_FILE) | grep 'Entry point address' | awk '{print $$NF }')
-# Add memory reference code blob.
-cbfs-files-$(CONFIG_HAVE_MRC) += mrc.bin
-mrc.bin-file := $(call strip_quotes,$(CONFIG_MRC_FILE))
-mrc.bin-position := $(if $(findstring elf,$(CONFIG_MRC_FILE)),$(shell printf "0x%x" $$(( $(mrcelfentry) - $(mrcelfoffset) )) ),$(CONFIG_MRC_BIN_ADDRESS))
-mrc.bin-type := mrc
-
endif
diff --git a/src/soc/intel/broadwell/raminit.c b/src/soc/intel/broadwell/raminit.c
index 506c6f6a19..d612a6fa0e 100644
--- a/src/soc/intel/broadwell/raminit.c
+++ b/src/soc/intel/broadwell/raminit.c
@@ -73,7 +73,6 @@ void raminit(struct pei_data *pei_data)
{
size_t mrc_size;
struct memory_info *mem_info;
- pei_wrapper_entry_t entry;
int ret;
broadwell_fill_pei_data(pei_data);
@@ -107,14 +106,10 @@ void raminit(struct pei_data *pei_data)
pei_data->saved_data_size = 0;
}
- /* We don't care about leaking the mapping */
- entry = cbfs_ro_map("mrc.bin", NULL);
- if (entry == NULL)
- die("mrc.bin not found!");
-
printk(BIOS_DEBUG, "Starting Memory Reference Code\n");
- ret = entry(pei_data);
+ int ABI_X86 mrc_entry(struct pei_data *pei_data);
+ ret = mrc_entry(pei_data);
if (ret < 0)
die("pei_data version mismatch\n");
diff --git a/src/soc/intel/broadwell/refcode/Makefile.inc b/src/soc/intel/broadwell/refcode/Makefile.inc
index 74bd08dfcd..ce1fa0319c 100644
--- a/src/soc/intel/broadwell/refcode/Makefile.inc
+++ b/src/soc/intel/broadwell/refcode/Makefile.inc
@@ -1,3 +1,4 @@
+romstage-libs += $(obj)/broadwell_mrc.o
ramstage-libs += $(obj)/broadwell_refcode.o
$(obj)/%.o: $(src)/soc/intel/broadwell/refcode/%.asm
diff --git a/src/soc/intel/broadwell/refcode/broadwell_mrc.asm b/src/soc/intel/broadwell/refcode/broadwell_mrc.asm
new file mode 100644
index 0000000000..5a6b7db548
--- /dev/null
+++ b/src/soc/intel/broadwell/refcode/broadwell_mrc.asm
@@ -0,0 +1,72358 @@
+;; Generated with r2dumpbin (https://github.com/mytbk/r2dumpbin)
+;; f va @ 0xfffa0000
+;; f fcn1 @ 0xfffa87da
+;; f fcn2 @ 0xfffb7579
+;; f fcn3 @ 0xfffab07d
+;; f fcn4 @ 0xfffb742b
+;; f fcn5 @ 0xfffb7458
+
+bits 32
+global mrc_entry
+
+mrc_entry:
+pushad
+mov ebx, esp
+mov eax, dword [ebx + 0x24]
+mov esp, 0xff800000
+push ebx
+push eax
+mov al, 1
+out 0x80, al
+cld
+call fcn_fffa0024 ; call 0xfffa0024
+pop ecx
+pop ebx
+mov esp, ebx
+mov dword [ebx + 0x1c], eax
+mov al, 2
+out 0x80, al
+popad
+ret
+
+fcn_fffa0024:
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x4c
+mov eax, dword [ebp + 8]
+mov eax, dword [eax]
+cmp eax, 0x16
+je short loc_fffa0050 ; je 0xfffa0050
+push edx
+push 0x16
+push eax
+push ref_fffd5f4a ; push 0xfffd5f4a
+call fcn_fffb76e3 ; call 0xfffb76e3
+add esp, 0x10
+or eax, 0xffffffff
+jmp near loc_fffa1e87 ; jmp 0xfffa1e87
+
+loc_fffa0050:
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0xca]
+mov dword [0xff7d0274], eax
+push eax
+push eax
+push 0x270
+push 0xff7d0004
+call fcn_fffac673 ; call 0xfffac673
+mov eax, dword [ebp + 8]
+add esp, 0x10
+mov dword [0xff7d0004], 0xfeaddeaf
+mov dword [0xff7d0084], eax
+cmp dword [eax + 8], 3
+jne short loc_fffa00af ; jne 0xfffa00af
+cmp dword [eax + 0x8f6], 0
+je short loc_fffa00af ; je 0xfffa00af
+sub esp, 0xc
+push ref_fffd5f6e ; push 0xfffd5f6e
+call fcn_fffb76e3 ; call 0xfffb76e3
+add esp, 0x10
+mov dword [0xff7d0080], 0x11
+jmp short loc_fffa00b9 ; jmp 0xfffa00b9
+
+loc_fffa00af:
+mov dword [0xff7d0080], 6
+
+loc_fffa00b9:
+mov dword [0xff7d008c], ref_fffd65b0 ; mov dword [0xff7d008c], 0xfffd65b0
+mov dword [0xff7d0178], 1
+mov dword [0xff7d0028], fcn_fffc54ff ; mov dword [0xff7d0028], 0xfffc54ff
+mov dword [0xff7d0030], fcn_fffa5c78 ; mov dword [0xff7d0030], 0xfffa5c78
+mov dword [0xff7d0034], fcn_fffa5c69 ; mov dword [0xff7d0034], 0xfffa5c69
+mov dword [0xff7d0038], fcn_fffa87da ; mov dword [0xff7d0038], 0xfffa87da
+mov dword [0xff7d003c], fcn_fffb7579 ; mov dword [0xff7d003c], 0xfffb7579
+mov dword [0xff7d002c], fcn_fffab07d ; mov dword [0xff7d002c], 0xfffab07d
+mov dword [0xff7d0020], fcn_fffc5451 ; mov dword [0xff7d0020], 0xfffc5451
+mov dword [0xff7d0054], fcn_fffb709f ; mov dword [0xff7d0054], 0xfffb709f
+mov dword [0xff7d0058], fcn_fffab11d ; mov dword [0xff7d0058], 0xfffab11d
+mov dword [0xff7d007c], fcn_fffa5c62 ; mov dword [0xff7d007c], 0xfffa5c62
+mov dword [0xff7d0278], 0xff7d0008
+mov dword [0xff7d0000], 0xff7d0278
+call fcn_fffab405 ; call 0xfffab405
+sub esp, 0xc
+mov eax, dword [eax]
+push 0
+call dword [eax + 0x74] ; ucall
+mov edx, dword [0xff7d0278]
+add esp, 0x10
+mov dword [edx + 0x60], ref_fffd608c ; mov dword [edx + 0x60], 0xfffd608c
+cmp eax, 0x80000014
+je short loc_fffa017b ; je 0xfffa017b
+sub esp, 0xc
+push ref_fffd6080 ; push 0xfffd6080
+call fcn_fffab5db ; call 0xfffab5db
+add esp, 0x10
+
+loc_fffa017b:
+sub esp, 0xc
+push ref_fffd5f7e ; push 0xfffd5f7e
+call fcn_fffb76e3 ; call 0xfffb76e3
+mov esi, dword [0xff7d0084]
+call fcn_fffb481e ; call 0xfffb481e
+mov dword [esp], 0x5ac
+mov dword [ebp - 0x2c], eax
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+je loc_fffa0efc ; je 0xfffa0efc
+sub esp, 0xc
+push 0xc
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov dword [ebp - 0x38], eax
+test eax, eax
+je loc_fffa0efc ; je 0xfffa0efc
+mov dword [eax], 0x80000010
+xor edi, edi
+mov dword [eax + 4], ref_fffd6584 ; mov dword [eax + 4], 0xfffd6584
+mov dword [eax + 8], ebx
+mov byte [ebx], 0xb
+mov byte [ebx + 1], 0
+mov dword [ebx + 4], 0xfed1c000
+mov eax, dword [esi + 0x2a]
+mov word [ebx + 8], ax
+mov eax, dword [esi + 0x2e]
+mov byte [ebx + 0xc], 0
+mov byte [ebx + 0x37e], 0
+mov byte [ebx + 0x370], 1
+mov word [ebx + 0xa], ax
+mov byte [ebx + 0x1da], 1
+mov byte [ebx + 0x386], 1
+mov ax, word [esi + 0x18]
+or byte [ebx + 0x45e], 1
+or byte [ebx + 0x49e], 0x80
+and byte [ebx + 0x486], 0xfe
+or byte [ebx + 0x412], 0xf
+mov word [ebx + 0x388], ax
+mov byte [ebx + 0x3a], 0
+mov byte [ebx + 0x496], 1
+mov byte [ebx + 0x497], 1
+mov byte [ebx + 0x498], 1
+mov byte [ebx + 0x499], 1
+mov byte [ebx + 0x49a], 1
+mov byte [ebx + 0x49b], 1
+mov byte [ebx + 0x49c], 1
+mov byte [ebx + 0x49d], 1
+or byte [ebx + 0x419], 0xc0
+or byte [ebx + 0x41e], 2
+or byte [ebx + 0x424], 0x40
+mov byte [ebx + 0x43c], 1
+
+loc_fffa0294:
+call fcn_fffb481e ; call 0xfffb481e
+cmp eax, 1
+je short loc_fffa02a9 ; je 0xfffa02a9
+cmp eax, 2
+sete al
+shl eax, 2
+jmp short loc_fffa02ab ; jmp 0xfffa02ab
+
+loc_fffa02a9:
+mov al, 6
+
+loc_fffa02ab:
+movzx eax, al
+cmp edi, eax
+jae short loc_fffa02c0 ; jae 0xfffa02c0
+imul eax, edi, 0x12
+inc edi
+or byte [ebx + eax + 0x1e1], 0x40
+jmp short loc_fffa0294 ; jmp 0xfffa0294
+
+loc_fffa02c0:
+mov al, byte [ebx + 0x436]
+xor edx, edx
+and byte [ebx + 0x426], 0xfe
+or byte [ebx + 0x432], 7
+or eax, 3
+and eax, 0xfffffffb
+mov word [ebx + 0x43a], 0
+mov byte [ebx + 0x436], al
+mov byte [ebx + 0x1a8], 1
+
+loc_fffa02f2:
+mov dword [ebp - 0x30], edx
+call fcn_fffb4984 ; call 0xfffb4984
+mov edx, dword [ebp - 0x30]
+cmp dl, al
+jae short loc_fffa032a ; jae 0xfffa032a
+movzx eax, dl
+imul eax, eax, 0x2c
+add eax, ebx
+mov cl, byte [eax + 0x46]
+mov byte [eax + 0x4f], dl
+mov byte [eax + 0x50], dl
+inc edx
+mov byte [eax + 0x56], 4
+or ecx, 5
+and ecx, 0x7f
+mov byte [eax + 0x57], 3
+mov byte [eax + 0x4e], 0
+mov byte [eax + 0x46], cl
+jmp short loc_fffa02f2 ; jmp 0xfffa02f2
+
+loc_fffa032a:
+or byte [ebx + 0x17a], 8
+sub esp, 0xc
+and byte [ebx + 0x1aa], 0xfe
+mov byte [ebx + 0x1a6], 0
+mov byte [ebx + 0x1a7], 0
+mov byte [ebx + 0x1a9], 1
+push 0xc
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+test eax, eax
+je short loc_fffa037e ; je 0xfffa037e
+sub esp, 0xc
+mov dword [eax], 0x80000010
+mov dword [eax + 4], ref_fffd60ec ; mov dword [eax + 4], 0xfffd60ec
+mov dword [eax + 8], ref_fffd6194 ; mov dword [eax + 8], 0xfffd6194
+push eax
+call fcn_fffab5db ; call 0xfffab5db
+add esp, 0x10
+
+loc_fffa037e:
+mov dword [ebx + 0x1db], 1
+xor edi, edi
+
+loc_fffa038a:
+call fcn_fffb481e ; call 0xfffb481e
+cmp eax, 1
+je short loc_fffa03a1 ; je 0xfffa03a1
+cmp eax, 2
+jne loc_fffa042d ; jne 0xfffa042d
+mov al, 4
+jmp short loc_fffa03a3 ; jmp 0xfffa03a3
+
+loc_fffa03a1:
+mov al, 6
+
+loc_fffa03a3:
+mov ecx, edi
+cmp cl, al
+jae loc_fffa042d ; jae 0xfffa042d
+mov eax, edi
+inc edi
+movzx eax, al
+imul eax, eax, 0x12
+add eax, ebx
+mov cl, byte [eax + 0x1e1]
+lea edx, [eax + 0x1da]
+mov byte [eax + 0x1df], 0x71
+mov byte [eax + 0x1e0], 0x1f
+mov byte [eax + 0x1e4], 1
+and ecx, 0xffffffc0
+or ecx, 0x27
+mov byte [eax + 0x1e1], cl
+mov byte [eax + 0x1e6], 1
+mov byte [eax + 0x1e8], 1
+mov byte [eax + 0x1e3], 0
+mov byte [eax + 0x1e5], 0
+mov byte [eax + 0x1e7], 0
+mov byte [eax + 0x1e9], 0
+mov byte [eax + 0x1ea], 0
+mov byte [eax + 0x1eb], 0
+mov byte [eax + 0x1ec], 0
+and byte [edx + 0x13], 0xf0
+jmp near loc_fffa038a ; jmp 0xfffa038a
+
+loc_fffa042d:
+mov al, byte [ebx + 0x24c]
+mov byte [ebx + 0x24b], 0x7e
+mov byte [ebx + 0x253], 0
+mov byte [ebx + 0x255], 1
+or eax, 0x1e
+and eax, 0xfffffffe
+mov byte [ebx + 0x24c], al
+lea eax, [ebx + 0x38e]
+mov byte [ebx + 0x254], 0
+mov dword [ebx + 0x24f], 0
+mov byte [ebx + 0x257], 0
+mov byte [ebx + 0x258], 0
+mov byte [ebx + 0x259], 0
+mov byte [ebx + 0x25a], 0
+mov byte [ebx + 0x25b], 0x64
+mov byte [ebx + 0x38d], 4
+push edi
+xor edi, edi
+push 4
+push ref_fffd6190 ; push 0xfffd6190
+push eax
+call fcn_fffab101 ; call 0xfffab101
+mov word [ebx + 0x36], 0x8086
+mov word [ebx + 0x38], 0x7270
+mov byte [ebx + 0x3b], 0
+mov byte [ebx + 0x360], 2
+mov byte [ebx + 0x361], 0
+mov byte [ebx + 0x362], 1
+mov byte [ebx + 0x35c], 1
+mov byte [ebx + 0x35d], 0xf0
+mov byte [ebx + 0x35e], 0x1f
+mov byte [ebx + 0x35f], 0
+mov eax, dword [esi + 0xc]
+mov word [ebx + 0x22], 0xd000
+mov word [ebx + 0x24], 0x10
+mov byte [ebx + 0x11], al
+mov eax, dword [esi + 0x32]
+mov dword [ebx + 0x1e], 0x10000
+mov byte [ebx + 0x18], 2
+mov byte [ebx + 0x19], 6
+mov dword [ebx + 0x1a], eax
+mov esi, dword [0xff7d0084]
+mov byte [ebx + 0x371], 0
+mov word [ebx + 0x374], 0x12c
+mov byte [ebx + 0x372], 1
+mov byte [ebx + 0x373], 0
+call fcn_fffb481e ; call 0xfffb481e
+mov dword [ebp - 0x30], eax
+mov eax, dword [0xff7d0084]
+mov eax, dword [eax + 0x14]
+add eax, 0xf8002
+mov dword [esp], eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+add esp, 0x10
+mov byte [ebx + 0x284], 0
+mov byte [ebx + 0x28c], 0
+mov byte [ebx + 0x295], 1
+mov byte [ebx + 0x294], 1
+mov byte [ebx + 0x297], 0
+mov ecx, eax
+mov byte [ebx + 0x296], 1
+
+loc_fffa057d:
+mov dword [ebp - 0x34], ecx
+call fcn_fffb5bb6 ; call 0xfffb5bb6
+mov ecx, dword [ebp - 0x34]
+movzx eax, al
+cmp edi, eax
+jae short loc_fffa059a ; jae 0xfffa059a
+mov byte [ebx + edi + 0x298], 0
+inc edi
+jmp short loc_fffa057d ; jmp 0xfffa057d
+
+loc_fffa059a:
+xor edi, edi
+
+loc_fffa059c:
+mov dword [ebp - 0x34], ecx
+call fcn_fffb5b8d ; call 0xfffb5b8d
+mov ecx, dword [ebp - 0x34]
+movzx eax, al
+cmp edi, eax
+jae short loc_fffa05b9 ; jae 0xfffa05b9
+mov byte [ebx + edi + 0x2a6], 0
+inc edi
+jmp short loc_fffa059c ; jmp 0xfffa059c
+
+loc_fffa05b9:
+mov byte [ebx + 0x2ac], 0
+mov byte [ebx + 0x285], 0
+mov byte [ebx + 0x28d], 0
+mov byte [ebx + 0x339], 0
+mov byte [ebx + 0x338], 1
+mov al, byte [esi + 0x5c]
+mov byte [ebx + 0x2b0], al
+mov al, byte [esi + 0x61]
+mov byte [ebx + 0x2b8], al
+mov al, byte [esi + 0x66]
+mov byte [ebx + 0x2c0], al
+mov al, byte [esi + 0x6b]
+mov byte [ebx + 0x2c8], al
+mov al, byte [esi + 0x70]
+mov byte [ebx + 0x2d0], al
+mov al, byte [esi + 0x75]
+mov byte [ebx + 0x2d8], al
+mov al, byte [esi + 0x7a]
+mov byte [ebx + 0x2e0], al
+mov al, byte [esi + 0x7f]
+mov byte [ebx + 0x2e8], al
+mov al, byte [esi + 0x84]
+mov byte [ebx + 0x2f0], al
+mov al, byte [esi + 0x89]
+mov byte [ebx + 0x2f8], al
+mov al, byte [esi + 0x8e]
+mov byte [ebx + 0x300], al
+mov al, byte [esi + 0x93]
+mov byte [ebx + 0x308], al
+mov al, byte [esi + 0x98]
+mov byte [ebx + 0x310], al
+mov al, byte [esi + 0x9d]
+mov byte [ebx + 0x318], al
+mov al, byte [esi + 0xa0]
+mov byte [ebx + 0x320], al
+mov al, byte [esi + 0xa3]
+mov byte [ebx + 0x324], al
+mov al, byte [esi + 0xa6]
+mov byte [ebx + 0x328], al
+mov al, byte [esi + 0xa9]
+mov byte [ebx + 0x32c], al
+mov al, byte [esi + 0xac]
+mov byte [ebx + 0x330], al
+mov al, byte [esi + 0xaf]
+mov byte [ebx + 0x334], al
+mov al, byte [esi + 0x5d]
+mov byte [ebx + 0x2b1], al
+mov al, byte [esi + 0x62]
+mov byte [ebx + 0x2b9], al
+mov al, byte [esi + 0x67]
+mov byte [ebx + 0x2c1], al
+mov al, byte [esi + 0x6c]
+mov byte [ebx + 0x2c9], al
+mov al, byte [esi + 0x71]
+mov byte [ebx + 0x2d1], al
+mov al, byte [esi + 0x76]
+mov byte [ebx + 0x2d9], al
+mov al, byte [esi + 0x7b]
+mov byte [ebx + 0x2e1], al
+mov al, byte [esi + 0x80]
+mov byte [ebx + 0x2e9], al
+mov al, byte [esi + 0x85]
+mov byte [ebx + 0x2f1], al
+mov al, byte [esi + 0x8a]
+mov byte [ebx + 0x2f9], al
+mov al, byte [esi + 0x8f]
+mov byte [ebx + 0x301], al
+mov al, byte [esi + 0x94]
+mov byte [ebx + 0x309], al
+mov al, byte [esi + 0x99]
+mov byte [ebx + 0x311], al
+mov al, byte [esi + 0x9e]
+mov byte [ebx + 0x319], al
+mov al, byte [esi + 0xa1]
+mov byte [ebx + 0x321], al
+mov al, byte [esi + 0xa4]
+mov byte [ebx + 0x325], al
+mov al, byte [esi + 0xa7]
+mov byte [ebx + 0x329], al
+mov al, byte [esi + 0xaa]
+mov byte [ebx + 0x32d], al
+mov al, byte [esi + 0xad]
+mov byte [ebx + 0x331], al
+mov al, byte [esi + 0xb0]
+mov byte [ebx + 0x335], al
+mov ax, word [esi + 0x5a]
+mov word [ebx + 0x2b4], ax
+mov ax, word [esi + 0x5f]
+mov word [ebx + 0x2bc], ax
+mov ax, word [esi + 0x64]
+mov word [ebx + 0x2c4], ax
+mov ax, word [esi + 0x69]
+mov word [ebx + 0x2cc], ax
+mov ax, word [esi + 0x6e]
+mov word [ebx + 0x2d4], ax
+mov ax, word [esi + 0x73]
+mov word [ebx + 0x2dc], ax
+mov ax, word [esi + 0x78]
+mov word [ebx + 0x2e4], ax
+mov ax, word [esi + 0x7d]
+mov word [ebx + 0x2ec], ax
+mov ax, word [esi + 0x82]
+mov word [ebx + 0x2f4], ax
+mov ax, word [esi + 0x87]
+mov word [ebx + 0x2fc], ax
+mov ax, word [esi + 0x8c]
+mov word [ebx + 0x304], ax
+mov ax, word [esi + 0x91]
+mov word [ebx + 0x30c], ax
+mov ax, word [esi + 0x96]
+mov word [ebx + 0x314], ax
+mov ax, word [esi + 0x9b]
+mov word [ebx + 0x31c], ax
+mov al, byte [esi + 0xa2]
+mov byte [ebx + 0x322], al
+mov al, byte [esi + 0xa5]
+mov byte [ebx + 0x326], al
+mov al, byte [esi + 0xa8]
+mov byte [ebx + 0x32a], al
+mov al, byte [esi + 0xab]
+mov byte [ebx + 0x32e], al
+mov al, byte [esi + 0xae]
+mov byte [ebx + 0x332], al
+mov al, byte [esi + 0xb1]
+mov byte [ebx + 0x336], al
+mov al, byte [esi + 0x5e]
+mov byte [ebx + 0x2b6], al
+mov al, byte [esi + 0x63]
+mov byte [ebx + 0x2be], al
+mov al, byte [esi + 0x68]
+mov byte [ebx + 0x2c6], al
+mov al, byte [esi + 0x6d]
+mov byte [ebx + 0x2ce], al
+mov al, byte [esi + 0x72]
+mov byte [ebx + 0x2d6], al
+mov al, byte [esi + 0x77]
+mov byte [ebx + 0x2de], al
+mov al, byte [esi + 0x7c]
+cmp dword [ebp - 0x30], 1
+mov byte [ebx + 0x2e6], al
+mov al, byte [esi + 0x81]
+mov byte [ebx + 0x2ee], al
+mov al, byte [esi + 0x86]
+mov byte [ebx + 0x2f6], al
+mov al, byte [esi + 0x8b]
+mov byte [ebx + 0x2fe], al
+mov al, byte [esi + 0x90]
+mov byte [ebx + 0x306], al
+mov al, byte [esi + 0x95]
+mov byte [ebx + 0x30e], al
+mov al, byte [esi + 0x9a]
+mov byte [ebx + 0x316], al
+mov al, byte [esi + 0x9f]
+mov byte [ebx + 0x31e], al
+jne loc_fffa0a97 ; jne 0xfffa0a97
+mov eax, ecx
+and al, 0x7d
+cmp ax, 0x8c44
+je short loc_fffa093e ; je 0xfffa093e
+cmp cx, 0x8c4c
+sete dl
+cmp cx, 0x8c4a
+sete al
+or dl, al
+je short loc_fffa0948 ; je 0xfffa0948
+
+loc_fffa093e:
+lea edi, [ebx + 0x2b3]
+xor edx, edx
+jmp short loc_fffa09a6 ; jmp 0xfffa09a6
+
+loc_fffa0948:
+cmp cx, 0x8c50
+sete dl
+cmp cx, 0x8c4e
+sete al
+or dl, al
+jne short loc_fffa093e ; jne 0xfffa093e
+cmp cx, 0x8c42
+sete dl
+cmp cx, 0x8c5c
+sete al
+or dl, al
+jne short loc_fffa093e ; jne 0xfffa093e
+cmp cx, 0x8cc2
+jne short loc_fffa09bf ; jne 0xfffa09bf
+jmp short loc_fffa093e ; jmp 0xfffa093e
+
+loc_fffa0979:
+cmp byte [edi + 3], 1
+sbb eax, eax
+not eax
+add eax, 4
+cmp byte [edi + 3], 0
+mov byte [edi - 1], al
+jne short loc_fffa09ba ; jne 0xfffa09ba
+mov ax, word [edi + 1]
+cmp ax, 0x7f
+jbe short loc_fffa09ba ; jbe 0xfffa09ba
+cmp ax, 0x130
+sbb eax, eax
+add eax, 4
+mov byte [edi], al
+
+loc_fffa09a2:
+inc edx
+add edi, 8
+
+loc_fffa09a6:
+mov dword [ebp - 0x30], edx
+call fcn_fffb5bb6 ; call 0xfffb5bb6
+mov edx, dword [ebp - 0x30]
+movzx eax, al
+cmp edx, eax
+jb short loc_fffa0979 ; jb 0xfffa0979
+jmp short loc_fffa0a0e ; jmp 0xfffa0a0e
+
+loc_fffa09ba:
+mov byte [edi], 2
+jmp short loc_fffa09a2 ; jmp 0xfffa09a2
+
+loc_fffa09bf:
+cmp cx, 0x8c4f
+sete dl
+cmp cx, 0x8c49
+sete al
+or dl, al
+jne short loc_fffa0a2d ; jne 0xfffa0a2d
+cmp cx, 0x8c41
+sete dl
+cmp cx, 0x8c4b
+sete al
+or dl, al
+jne short loc_fffa0a2d ; jne 0xfffa0a2d
+lea eax, [ecx + 0x63bf]
+cmp ax, 6
+jbe short loc_fffa0a2d ; jbe 0xfffa0a2d
+cmp cx, 0x8cc5
+sete dl
+cmp cx, 0x8cc3
+sete al
+or dl, al
+jne short loc_fffa0a2d ; jne 0xfffa0a2d
+cmp cx, 0x8cc1
+je short loc_fffa0a2d ; je 0xfffa0a2d
+
+loc_fffa0a0e:
+cmp dword [esi + 0x10], 0
+je loc_fffa0bde ; je 0xfffa0bde
+mov byte [ebx + 0x284], 1
+xor edi, edi
+mov byte [ebx + 0x297], 1
+jmp near loc_fffa0ba0 ; jmp 0xfffa0ba0
+
+loc_fffa0a2d:
+lea edi, [ebx + 0x2b3]
+xor edx, edx
+jmp short loc_fffa0a49 ; jmp 0xfffa0a49
+
+loc_fffa0a37:
+mov al, byte [edi + 3]
+cmp al, 5
+jne short loc_fffa0a5d ; jne 0xfffa0a5d
+mov byte [edi - 1], 5
+
+loc_fffa0a42:
+mov byte [edi], 2
+
+loc_fffa0a45:
+inc edx
+add edi, 8
+
+loc_fffa0a49:
+mov dword [ebp - 0x30], edx
+call fcn_fffb5bb6 ; call 0xfffb5bb6
+mov edx, dword [ebp - 0x30]
+movzx eax, al
+cmp edx, eax
+jb short loc_fffa0a37 ; jb 0xfffa0a37
+jmp short loc_fffa0a0e ; jmp 0xfffa0a0e
+
+loc_fffa0a5d:
+cmp al, 2
+jne short loc_fffa0a67 ; jne 0xfffa0a67
+mov byte [edi - 1], 4
+jmp short loc_fffa0a7c ; jmp 0xfffa0a7c
+
+loc_fffa0a67:
+cmp word [edi + 1], 0x70
+sbb ecx, ecx
+add ecx, 6
+mov byte [edi - 1], cl
+cmp al, 5
+je short loc_fffa0a42 ; je 0xfffa0a42
+cmp al, 2
+jne short loc_fffa0a88 ; jne 0xfffa0a88
+
+loc_fffa0a7c:
+cmp word [edi + 1], 0x50
+sbb eax, eax
+add eax, 2
+jmp short loc_fffa0a93 ; jmp 0xfffa0a93
+
+loc_fffa0a88:
+cmp word [edi + 1], 0x100
+sbb eax, eax
+add eax, 3
+
+loc_fffa0a93:
+mov byte [edi], al
+jmp short loc_fffa0a45 ; jmp 0xfffa0a45
+
+loc_fffa0a97:
+cmp dword [ebp - 0x30], 2
+jne loc_fffa0a0e ; jne 0xfffa0a0e
+lea eax, [ecx + 0x63bf]
+mov word [ebp - 0x3c], ax
+lea eax, [ecx + 0x633f]
+lea edi, [ebx + 0x2b2]
+mov dword [ebp - 0x30], 0
+mov word [ebp - 0x40], ax
+
+loc_fffa0ac2:
+mov dword [ebp - 0x34], ecx
+call fcn_fffb5bb6 ; call 0xfffb5bb6
+mov ecx, dword [ebp - 0x34]
+movzx eax, al
+cmp dword [ebp - 0x30], eax
+jae loc_fffa0a0e ; jae 0xfffa0a0e
+cmp word [ebp - 0x3c], 6
+ja short loc_fffa0b0e ; ja 0xfffa0b0e
+mov al, byte [edi + 4]
+mov dl, al
+cmp al, 3
+mov byte [ebp - 0x34], al
+sete al
+test dl, dl
+sete dl
+or al, dl
+je short loc_fffa0b02 ; je 0xfffa0b02
+cmp word [edi + 2], 0x70
+sbb eax, eax
+add eax, 6
+jmp short loc_fffa0b0c ; jmp 0xfffa0b0c
+
+loc_fffa0b02:
+cmp byte [ebp - 0x34], 2
+setne al
+add eax, 4
+
+loc_fffa0b0c:
+mov byte [edi], al
+
+loc_fffa0b0e:
+cmp word [ebp - 0x40], 2
+setbe dl
+cmp cx, 0x9cc5
+sete al
+or dl, al
+je short loc_fffa0b25 ; je 0xfffa0b25
+mov byte [edi], 6
+
+loc_fffa0b25:
+lea eax, [ecx + 0x633a]
+cmp ax, 1
+setbe dl
+cmp cx, 0x9cc9
+sete al
+or dl, al
+je short loc_fffa0b55 ; je 0xfffa0b55
+cmp byte [edi + 4], 0
+jne short loc_fffa0b52 ; jne 0xfffa0b52
+cmp word [edi + 2], 0x70
+sbb eax, eax
+add eax, 7
+mov byte [edi], al
+jmp short loc_fffa0b55 ; jmp 0xfffa0b55
+
+loc_fffa0b52:
+mov byte [edi], 6
+
+loc_fffa0b55:
+mov al, byte [edi + 4]
+cmp al, 3
+sete dl
+test al, al
+mov byte [ebp - 0x34], al
+sete al
+or al, dl
+jne short loc_fffa0b6f ; jne 0xfffa0b6f
+cmp byte [ebp - 0x34], 7
+jne short loc_fffa0b7c ; jne 0xfffa0b7c
+
+loc_fffa0b6f:
+cmp word [edi + 2], 0x100
+sbb eax, eax
+add eax, 3
+jmp short loc_fffa0b8c ; jmp 0xfffa0b8c
+
+loc_fffa0b7c:
+cmp byte [ebp - 0x34], 2
+jne short loc_fffa0b91 ; jne 0xfffa0b91
+cmp word [edi + 2], 0x50
+sbb eax, eax
+add eax, 2
+
+loc_fffa0b8c:
+mov byte [edi + 1], al
+jmp short loc_fffa0b95 ; jmp 0xfffa0b95
+
+loc_fffa0b91:
+mov byte [edi + 1], 2
+
+loc_fffa0b95:
+inc dword [ebp - 0x30]
+add edi, 8
+jmp near loc_fffa0ac2 ; jmp 0xfffa0ac2
+
+loc_fffa0ba0:
+call fcn_fffb5bb6 ; call 0xfffb5bb6
+movzx eax, al
+cmp edi, eax
+jae short loc_fffa0bb7 ; jae 0xfffa0bb7
+mov byte [ebx + edi + 0x298], 1
+inc edi
+jmp short loc_fffa0ba0 ; jmp 0xfffa0ba0
+
+loc_fffa0bb7:
+mov byte [ebx + 0x299], 0
+xor edi, edi
+
+loc_fffa0bc0:
+call fcn_fffb5b8d ; call 0xfffb5b8d
+movzx eax, al
+cmp edi, eax
+jae short loc_fffa0bd7 ; jae 0xfffa0bd7
+mov byte [ebx + edi + 0x2a6], 1
+inc edi
+jmp short loc_fffa0bc0 ; jmp 0xfffa0bc0
+
+loc_fffa0bd7:
+mov byte [ebx + 0x2a7], 0
+
+loc_fffa0bde:
+xor edi, edi
+
+loc_fffa0be0:
+call fcn_fffb5b8d ; call 0xfffb5b8d
+movzx eax, al
+cmp edi, eax
+jae loc_fffa0cba ; jae 0xfffa0cba
+mov dl, byte [esi + edi + 0xb2]
+mov al, byte [ebx + edi*8 + 0x580]
+test dl, dl
+je short loc_fffa0c0e ; je 0xfffa0c0e
+mov byte [ebx + edi*8 + 0x57c], dl
+or eax, 1
+jmp short loc_fffa0c19 ; jmp 0xfffa0c19
+
+loc_fffa0c0e:
+mov byte [ebx + edi*8 + 0x57c], 0
+and eax, 0xfffffffe
+
+loc_fffa0c19:
+mov byte [ebx + edi*8 + 0x580], al
+mov dl, byte [esi + edi + 0xb8]
+mov al, byte [ebx + edi*8 + 0x580]
+test dl, dl
+je short loc_fffa0c3e ; je 0xfffa0c3e
+mov byte [ebx + edi*8 + 0x57d], dl
+or eax, 2
+jmp short loc_fffa0c49 ; jmp 0xfffa0c49
+
+loc_fffa0c3e:
+mov byte [ebx + edi*8 + 0x57d], 0
+and eax, 0xfffffffd
+
+loc_fffa0c49:
+mov byte [ebx + edi*8 + 0x580], al
+mov dl, byte [esi + edi + 0xbe]
+mov al, byte [ebx + edi*8 + 0x580]
+test dl, dl
+je short loc_fffa0c6e ; je 0xfffa0c6e
+mov byte [ebx + edi*8 + 0x57e], dl
+or eax, 4
+jmp short loc_fffa0c79 ; jmp 0xfffa0c79
+
+loc_fffa0c6e:
+mov byte [ebx + edi*8 + 0x57e], 0
+and eax, 0xfffffffb
+
+loc_fffa0c79:
+mov byte [ebx + edi*8 + 0x580], al
+mov dl, byte [esi + edi + 0xc4]
+mov al, byte [ebx + edi*8 + 0x580]
+test dl, dl
+je short loc_fffa0ca2 ; je 0xfffa0ca2
+lea edx, [edx + edx + 1]
+or eax, 8
+mov byte [ebx + edi*8 + 0x57f], dl
+jmp short loc_fffa0cad ; jmp 0xfffa0cad
+
+loc_fffa0ca2:
+mov byte [ebx + edi*8 + 0x57f], 0
+and eax, 0xfffffff7
+
+loc_fffa0cad:
+mov byte [ebx + edi*8 + 0x580], al
+inc edi
+jmp near loc_fffa0be0 ; jmp 0xfffa0be0
+
+loc_fffa0cba:
+mov al, byte [ebx + 0x40e]
+or eax, 3
+and eax, 0xffffffc3
+mov byte [ebx + 0x40e], al
+xor eax, eax
+
+loc_fffa0cce:
+and byte [ebx + eax*8 + 0x554], 0xfc
+mov word [ebx + eax*8 + 0x558], 0
+mov word [ebx + eax*8 + 0x55a], 0
+inc eax
+cmp eax, 5
+jne short loc_fffa0cce ; jne 0xfffa0cce
+mov al, byte [ebx + 0x46a]
+xor edx, edx
+mov byte [ebx + 0x364], 1
+mov dword [ebx + 0x368], 0xfed00000
+mov byte [ebx + 0x36c], 1
+and eax, 0xffffffb0
+or eax, 0x49
+mov byte [ebx + 0x365], 0xf0
+mov byte [ebx + 0x366], 0xf
+mov byte [ebx + 0x367], 0
+mov byte [ebx + 0x476], 1
+mov dword [ebx + 0x47e], 0
+mov dword [ebx + 0x47a], 1
+mov byte [ebx + 0x46a], al
+mov byte [ebx + 0x37f], 0
+mov byte [ebx + 0x256], 1
+
+loc_fffa0d5a:
+mov dword [ebp - 0x30], edx
+call fcn_fffb4984 ; call 0xfffb4984
+mov edx, dword [ebp - 0x30]
+cmp dl, al
+jae short loc_fffa0d77 ; jae 0xfffa0d77
+movzx eax, dl
+inc edx
+imul eax, eax, 0x2c
+mov byte [ebx + eax + 0x58], 1
+jmp short loc_fffa0d5a ; jmp 0xfffa0d5a
+
+loc_fffa0d77:
+and byte [ebx + 0x45e], 0xf7
+xor edx, edx
+
+loc_fffa0d80:
+mov dword [ebp - 0x30], edx
+call fcn_fffb4984 ; call 0xfffb4984
+mov edx, dword [ebp - 0x30]
+cmp dl, al
+jae short loc_fffa0df1 ; jae 0xfffa0df1
+cmp dword [ebp - 0x2c], 2
+movzx eax, dl
+jne short loc_fffa0dad ; jne 0xfffa0dad
+imul eax, eax, 0x2c
+lea eax, [ebx + eax + 0x50]
+mov word [eax + 0xa], 0x1003
+mov word [eax + 0xc], 0x1003
+jmp short loc_fffa0dc6 ; jmp 0xfffa0dc6
+
+loc_fffa0dad:
+cmp dword [ebp - 0x2c], 1
+jne short loc_fffa0dc6 ; jne 0xfffa0dc6
+imul eax, eax, 0x2c
+lea eax, [ebx + eax + 0x50]
+mov word [eax + 0xa], 0x846
+mov word [eax + 0xc], 0x846
+
+loc_fffa0dc6:
+movzx eax, dl
+inc edx
+imul eax, eax, 0x2c
+add eax, ebx
+mov byte [eax + 0x59], 0
+mov byte [eax + 0x5e], 2
+mov byte [eax + 0x5f], 2
+mov word [eax + 0x60], 0x3c
+mov byte [eax + 0x62], 2
+mov byte [eax + 0x63], 2
+mov word [eax + 0x64], 0x3c
+jmp short loc_fffa0d80 ; jmp 0xfffa0d80
+
+loc_fffa0df1:
+mov al, byte [ebx + 0x446]
+or byte [ebx + 0x442], 7
+and byte [ebx + 0x45e], 0xf9
+and eax, 0xffffffcc
+or eax, 0xc
+mov byte [ebx + 0x446], al
+mov al, byte [ebx + 0x486]
+mov dword [ebx + 0x44a], 0
+mov dword [ebx + 0x44e], 2
+mov dword [ebx + 0x452], 4
+and eax, 0xffffffc1
+or eax, 0x32
+mov byte [ebx + 0x486], al
+mov al, byte [ebx + 0x49e]
+mov dword [ebx + 0x456], 3
+mov dword [ebx + 0x45a], 3
+mov byte [ebx + 0x462], 4
+or eax, 1
+and eax, 0xffffffbd
+mov byte [ebx + 0x49e], al
+xor eax, eax
+mov byte [ebx + 0x10], 0xdd
+
+loc_fffa0e74:
+mov dword [ebx + eax*4 + 0x1ba], 0
+inc eax
+cmp eax, 8
+jne short loc_fffa0e74 ; jne 0xfffa0e74
+cmp dword [ebp - 0x2c], 2
+lea eax, [ebx + 0x4de]
+lea esi, [ebx + 0x527]
+jne short loc_fffa0ebf ; jne 0xfffa0ebf
+mov byte [ebx + 0x526], 5
+push ecx
+push 0x28
+push ref_fffd6168 ; push 0xfffd6168
+push eax
+call fcn_fffab101 ; call 0xfffab101
+add esp, 0xc
+mov byte [ebx + 0x553], 9
+push 0x24
+push ref_fffd6144 ; push 0xfffd6144
+jmp short loc_fffa0ee5 ; jmp 0xfffa0ee5
+
+loc_fffa0ebf:
+mov byte [ebx + 0x526], 6
+push edx
+push 0x30
+push ref_fffd6114 ; push 0xfffd6114
+push eax
+call fcn_fffab101 ; call 0xfffab101
+add esp, 0xc
+mov byte [ebx + 0x553], 6
+push 0x18
+push ref_fffd60fc ; push 0xfffd60fc
+
+loc_fffa0ee5:
+push esi
+call fcn_fffab101 ; call 0xfffab101
+add esp, 0x10
+sub esp, 0xc
+push dword [ebp - 0x38]
+call fcn_fffab5db ; call 0xfffab5db
+add esp, 0x10
+
+loc_fffa0efc:
+sub esp, 0xc
+push 0x15
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov edi, eax
+test eax, eax
+je loc_fffa10af ; je 0xfffa10af
+sub esp, 0xc
+push 0xc
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov dword [ebp - 0x2c], eax
+test eax, eax
+je loc_fffa10af ; je 0xfffa10af
+sub esp, 0xc
+push 5
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+test eax, eax
+mov dword [ebp - 0x34], eax
+je loc_fffa10af ; je 0xfffa10af
+sub esp, 0xc
+push 0xc
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+test eax, eax
+mov dword [ebp - 0x30], eax
+je loc_fffa10af ; je 0xfffa10af
+sub esp, 0xc
+push 0x1d
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+je loc_fffa10af ; je 0xfffa10af
+sub esp, 0xc
+push 0x13
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov esi, eax
+test eax, eax
+je loc_fffa10af ; je 0xfffa10af
+mov edx, dword [ebp - 0x34]
+mov ecx, dword [ebp - 0x30]
+mov byte [edi], 0xa
+mov dword [edi + 1], edx
+mov dword [edi + 9], ecx
+mov dword [ecx], 0
+mov eax, dword [edi + 9]
+mov dword [eax + 4], 0
+mov dword [edi + 5], ebx
+mov dword [edi + 0xd], esi
+mov dword [edi + 0x11], edi
+mov byte [edx + 3], 0x3f
+mov byte [edx + 4], 0x3f
+mov byte [edx + 2], 0
+mov byte [edx], 0x62
+mov byte [ebx + 6], 0
+mov byte [ebx + 7], 0
+mov byte [ebx + 8], 0
+mov byte [ebx + 9], 0
+mov byte [ebx + 1], 0
+mov word [ebx + 2], 0
+mov byte [ebx + 4], 0
+mov byte [ebx + 5], 0
+mov byte [ebx], 0
+mov word [ebx + 0x11], 0x200
+mov byte [ebx + 0x13], 0
+mov word [ebx + 0x14], 0
+mov byte [ebx + 0xa], 0
+mov byte [ebx + 0xb], 1
+mov byte [ebx + 0xc], 0
+mov byte [ebx + 0xd], 1
+call fcn_fffa6801 ; call 0xfffa6801
+cmp eax, 0x40650
+jne short loc_fffa1033 ; jne 0xfffa1033
+
+loc_fffa1011:
+mov byte [ebx + 0xe], 1
+call fcn_fffa6801 ; call 0xfffa6801
+mov byte [ebx + 0x10], 0
+mov byte [ebx + 0x16], 1
+cmp eax, 0x306d0
+setne al
+lea eax, [eax + eax*4 + 0x6a]
+mov byte [ebx + 0xf], al
+jmp short loc_fffa103f ; jmp 0xfffa103f
+
+loc_fffa1033:
+call fcn_fffa6801 ; call 0xfffa6801
+cmp eax, 0x306d0
+je short loc_fffa1011 ; je 0xfffa1011
+
+loc_fffa103f:
+mov eax, dword [ebp - 0x2c]
+sub esp, 0xc
+mov byte [ebx + 0x17], 0x14
+mov byte [ebx + 0x18], 5
+mov byte [ebx + 0x19], 1
+mov byte [ebx + 0x1a], 0
+mov byte [ebx + 0x1b], 0
+mov byte [ebx + 0x1c], 0
+mov word [esi], 0
+mov word [esi + 2], 0
+mov word [esi + 4], 0
+mov word [esi + 6], 0
+mov word [esi + 8], 0
+mov word [esi + 0xa], 0
+mov word [esi + 0xc], 0
+mov word [esi + 0xe], 0
+mov word [esi + 0x10], 0
+mov byte [esi + 0x12], 0
+mov dword [eax], 0x80000010
+mov dword [eax + 4], ref_fffd65c0 ; mov dword [eax + 4], 0xfffd65c0
+mov dword [eax + 8], edi
+push eax
+call fcn_fffab5db ; call 0xfffab5db
+add esp, 0x10
+
+loc_fffa10af:
+sub esp, 0xc
+push 2
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+je short loc_fffa10f2 ; je 0xfffa10f2
+sub esp, 0xc
+push 0xc
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+test eax, eax
+je short loc_fffa10f2 ; je 0xfffa10f2
+sub esp, 0xc
+mov dword [eax], 0x80000010
+mov dword [eax + 4], ref_fffd60dc ; mov dword [eax + 4], 0xfffd60dc
+mov byte [ebx], 1
+mov dword [eax + 8], ebx
+push eax
+call fcn_fffab5db ; call 0xfffab5db
+add esp, 0x10
+
+loc_fffa10f2:
+sub esp, 0xc
+mov esi, dword [0xff7d0084]
+push 0x27
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov dword [ebp - 0x2c], eax
+test eax, eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 0xc
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov dword [ebp - 0x30], eax
+test eax, eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 0x36
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov dword [ebp - 0x3c], eax
+test eax, eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 0xd
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov dword [ebp - 0x40], eax
+test eax, eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 0x102
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 0xdc
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov edi, eax
+test eax, eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 0x6b
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+test eax, eax
+mov dword [ebp - 0x54], eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 5
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov dword [ebp - 0x44], eax
+test eax, eax
+je loc_fffa19ec ; je 0xfffa19ec
+sub esp, 0xc
+push 0x11
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+test eax, eax
+mov dword [ebp - 0x50], eax
+je loc_fffa19ec ; je 0xfffa19ec
+lea eax, [esi + 0xce]
+mov dword [edi + 0xd0], eax
+lea eax, [esi + 0x8ce]
+mov dword [edi + 0xd4], eax
+lea eax, [esi + 0x8e6]
+mov dword [edi + 0xd8], eax
+push eax
+push 0
+push 0x27
+push dword [ebp - 0x2c]
+call fcn_fffab0d1 ; call 0xfffab0d1
+mov eax, dword [ebp - 0x30]
+mov ecx, dword [ebp - 0x2c]
+mov dword [eax], 0x80000010
+mov dword [eax + 8], ecx
+mov dword [eax + 4], ref_fffd661c ; mov dword [eax + 4], 0xfffd661c
+mov byte [ecx], 0x13
+call fcn_fffa6801 ; call 0xfffa6801
+add esp, 0x10
+mov edx, dword [ebp - 0x50]
+cmp eax, 0x306d0
+sete cl
+cmp eax, 0x40670
+mov dword [ebp - 0x38], eax
+sete al
+mov byte [ebp - 0x34], al
+or al, cl
+mov byte [ebp - 0x48], cl
+mov ecx, dword [ebp - 0x54]
+mov byte [ebp - 0x49], al
+je short loc_fffa1271 ; je 0xfffa1271
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov dword [ebp - 0x54], edx
+mov dword [ebp - 0x50], ecx
+mov eax, dword [eax + 0x14]
+add eax, 0x10002
+push eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+mov edx, dword [ebp - 0x54]
+add esp, 0x10
+mov ecx, dword [ebp - 0x50]
+
+loc_fffa1271:
+mov al, byte [esi + 0x42]
+mov dword [ebp - 0x54], edx
+mov edx, dword [ebp - 0x3c]
+mov dword [ebp - 0x50], ecx
+mov ecx, dword [ebp - 0x2c]
+cmp byte [ebp - 0x49], 1
+mov byte [edx], al
+mov al, byte [esi + 0x43]
+mov byte [edx + 1], al
+mov al, byte [esi + 0x44]
+mov byte [edx + 2], al
+mov al, byte [esi + 0x45]
+mov dword [edx + 4], 0xfed10000
+mov dword [edx + 8], 0xfed18000
+mov dword [edx + 0xc], 0xfed19000
+mov byte [edx + 3], al
+mov dword [edx + 0x22], 0xfed80000
+mov eax, dword [esi + 0x14]
+mov dword [edx + 0x10], eax
+movzx eax, word [esi + 0x18]
+mov dword [edx + 0x14], eax
+mov eax, dword [esi + 0x36]
+mov dword [edx + 0x2b], 0x400000
+mov dword [edx + 0x18], 0xfed84000
+mov word [edx + 0x26], 0
+mov dword [edx + 0x1c], eax
+mov eax, dword [esi + 4]
+mov byte [edx + 0x20], al
+sbb eax, eax
+mov dword [ecx + 1], edx
+mov edx, dword [ebp - 0x40]
+add eax, 3
+mov word [edx + 2], ax
+mov byte [edx + 4], 3
+mov byte [edx + 5], 1
+mov byte [edx + 6], 0
+mov byte [edx + 7], 1
+mov byte [edx + 0xc], 1
+mov eax, dword [esi + 0x22]
+mov word [edx], 0x800
+mov dword [edx + 8], eax
+mov dword [ecx + 5], edx
+mov byte [ebx], 0
+mov eax, dword [esi + 0x4e]
+mov byte [ebx + 3], 1
+mov dword [ebx + 4], 0
+mov byte [ebx + 0x10], 0
+mov word [ebx + 1], ax
+mov byte [ebx + 0x11], 1
+mov byte [ebx + 0x5d], 0xff
+mov byte [ebx + 0x5e], 0x80
+mov byte [ebx + 0x5f], 1
+mov byte [ebx + 0x60], 1
+mov byte [ebx + 0x61], 1
+mov byte [ebx + 0x62], 7
+mov byte [ebx + 0x63], 0
+mov byte [ebx + 0xcf], 1
+mov byte [ebx + 0xfe], 0
+mov byte [ebx + 0xff], 0xe
+mov byte [ebx + 0x100], 0
+mov byte [ebx + 0xc2], 1
+mov byte [ebx + 0xc3], 1
+mov byte [ebx + 0xf2], 0
+mov byte [ebx + 0x24], 1
+mov byte [ebx + 0x25], 0
+mov byte [ebx + 0x26], 0
+mov byte [ebx + 0x27], 0
+mov byte [ebx + 0x28], 0
+mov eax, dword [esi + 0x3a]
+mov byte [ebx + 0x2a], al
+mov eax, dword [esi + 0x3e]
+cmp dword [ebp - 0x38], 0x40650
+mov byte [ebx + 0x6d], 2
+mov ecx, dword [ebp - 0x50]
+mov word [ebx + 0x6e], 0x30ce
+mov edx, dword [ebp - 0x54]
+mov byte [ebx + 0x2b], al
+sete al
+or al, byte [ebp - 0x48]
+mov byte [ebx + 0x70], 1
+mov byte [ebx + 0x71], 0
+mov byte [ebx + 0x72], 0
+mov byte [ebx + 0x73], 0
+mov byte [ebx + 0x74], 1
+mov byte [ebp - 0x3c], al
+jne short loc_fffa13d8 ; jne 0xfffa13d8
+cmp byte [ebp - 0x34], 0
+je short loc_fffa13dc ; je 0xfffa13dc
+
+loc_fffa13d8:
+mov byte [ebx + 0x75], 0
+
+loc_fffa13dc:
+mov al, byte [esi + 0x46]
+mov byte [ebx + 0x77], 1
+mov byte [ebx + 0x78], 0
+mov byte [ebx + 0x79], 0
+mov byte [ebx + 0x76], al
+mov byte [ebx + 0x7a], 3
+mov byte [ebx + 0x7b], 0
+mov byte [ebx + 0x7c], 0
+mov byte [ebx + 0x7d], 0
+mov byte [ebx + 0x7e], 0
+mov byte [ebx + 0x7f], 0
+mov byte [ebx + 0x80], 0
+mov word [ebx + 0x81], 0
+mov byte [ebx + 0x83], 0
+mov byte [ebx + 0x84], 0
+mov byte [ebx + 0x85], 0
+mov word [ebx + 0x86], 0
+mov byte [ebx + 0x88], 0xff
+mov byte [ebx + 0x89], 0xff
+mov byte [ebx + 0x8a], 0xff
+mov byte [ebx + 0x8b], 0xff
+mov byte [ebx + 0x8c], 0xff
+mov byte [ebx + 0x8d], 0xff
+mov byte [ebx + 0x8e], 0xff
+mov byte [ebx + 0x8f], 0xff
+mov byte [ebx + 0x90], 0xff
+mov byte [ebx + 0x91], 0xff
+mov byte [ebx + 0x92], 0xff
+mov byte [ebx + 0x93], 0xff
+mov byte [ebx + 0x94], 0xff
+mov byte [ebx + 0x95], 0xff
+mov byte [ebx + 0x96], 0xff
+mov byte [ebx + 0x97], 0xff
+mov byte [ebx + 0x98], 0
+mov byte [ebx + 0x99], 0
+mov byte [ebx + 0x9a], 0
+mov byte [ebx + 0x9b], 0
+mov byte [ebx + 0x9c], 0
+mov byte [ebx + 0x9d], 0
+mov byte [ebx + 0x9e], 0
+mov byte [ebx + 0x9f], 0
+mov byte [ebx + 0xa0], 0
+mov byte [ebx + 0xa1], 0
+mov byte [ebx + 0xa2], 0
+mov byte [ebx + 0xa3], 0
+mov byte [ebx + 0xa4], 0
+mov byte [ebx + 0xa5], 0
+mov byte [ebx + 0xa6], 0
+mov byte [ebx + 0xa7], 0
+mov byte [ebx + 0xa8], 0
+mov byte [ebx + 0xa9], 0
+mov byte [ebx + 0xaa], 0
+mov byte [ebx + 0xab], 0
+cmp dword [esi + 0x52], 0
+mov word [ebx + 0xad], 0x200
+mov byte [ebx + 0xaf], 0
+sete byte [ebx + 0xac]
+cmp byte [ebp - 0x3c], 0
+mov byte [ebx + 0xb0], 0x30
+jne short loc_fffa155e ; jne 0xfffa155e
+cmp byte [ebp - 0x34], 0
+je short loc_fffa156c ; je 0xfffa156c
+
+loc_fffa155e:
+mov byte [ebx + 0xb1], 1
+mov byte [ebx + 0xb2], 0x40
+
+loc_fffa156c:
+mov byte [ebx + 0x101], 0xff
+mov byte [ebx + 0x2e], 1
+mov byte [ebx + 0x2f], 0
+mov byte [ebx + 0x30], 4
+mov byte [ebx + 0x31], 0xc
+mov byte [ebx + 0x6b], 0
+mov byte [ebx + 0x32], 0
+mov byte [ebx + 0x33], 1
+mov byte [ebx + 0x34], 1
+mov byte [ebx + 0x35], 1
+mov byte [ebx + 0x36], 1
+mov byte [ebx + 0x37], 0
+mov byte [ebx + 0x38], 1
+mov byte [ebx + 0x39], 1
+mov byte [ebx + 0x3a], 1
+mov byte [ebx + 0x3b], 0
+mov byte [ebx + 0x3c], 1
+mov byte [ebx + 0x3e], 1
+mov byte [ebx + 0x3f], 0
+mov byte [ebx + 0x40], 1
+mov byte [ebx + 0x41], 1
+mov byte [ebx + 0x42], 1
+mov byte [ebx + 0x5c], 1
+mov byte [ebx + 0x43], 1
+mov byte [ebx + 0x44], 1
+mov byte [ebx + 0x47], 1
+mov byte [ebx + 0x48], 1
+mov byte [ebx + 0x49], 1
+mov byte [ebx + 0x4a], 0
+mov byte [ebx + 0x4b], 0
+mov byte [ebx + 0x58], 0
+mov byte [ebx + 0x59], 0
+mov byte [ebx + 0x5a], 1
+mov byte [ebx + 0x6a], 1
+mov byte [ebx + 0xc5], 1
+mov byte [ebx + 0xce], 1
+cmp dword [esi + 0x56], 0
+mov byte [ebx + 0xd0], 1
+mov byte [ebx + 0x2c], 1
+sete byte [ebx + 0xfd]
+cmp byte [ebp - 0x3c], 0
+mov byte [ebx + 0x55], 0
+mov byte [ebx + 0x56], 1
+mov word [ebx + 0x4c], 0
+mov dword [ebx + 0x4e], 0
+mov byte [ebx + 0x53], 2
+mov byte [ebx + 0x54], 0
+mov dword [ebx + 0x64], 0x5f5e100
+mov byte [ebx + 0xc4], 0
+mov byte [ebx + 0x5b], 1
+mov byte [ebx + 0xf3], 1
+mov byte [ebx + 0xc7], 0
+mov al, byte [esi + 0x4a]
+mov byte [ebx + 0x57], al
+jne short loc_fffa166a ; jne 0xfffa166a
+cmp byte [ebp - 0x34], 0
+jmp short loc_fffa1671 ; jmp 0xfffa1671
+
+loc_fffa166a:
+cmp dword [ebp - 0x38], 0x40650
+
+loc_fffa1671:
+je short loc_fffa16f2 ; je 0xfffa16f2
+mov byte [ebx + 0xfc], 0
+mov byte [ebx + 0xd1], 0
+mov dword [ebx + 0xd2], 0
+mov dword [ebx + 0xd6], 0
+mov dword [ebx + 0xda], 0
+mov dword [ebx + 0xde], 0
+mov dword [ebx + 0xe2], 0
+mov dword [ebx + 0xe6], 0
+mov dword [ebx + 0xea], 0
+mov dword [ebx + 0xee], 0
+mov byte [ebx + 0xf4], 1
+mov dword [ebx + 0xf5], 0x320
+mov word [ebx + 0xf9], 0x118
+mov byte [ebx + 0xfb], 7
+
+loc_fffa16f2:
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov dword [ebp - 0x40], edx
+mov dword [ebp - 0x3c], ecx
+mov eax, dword [eax + 0x14]
+add eax, 2
+push eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+add esp, 0x10
+mov edx, dword [ebp - 0x40]
+mov dword [ebp - 0x38], 1
+cmp ax, 0xa04
+sete cl
+cmp ax, 0xc04
+mov word [ebp - 0x34], ax
+sete al
+or cl, al
+mov ecx, dword [ebp - 0x3c]
+jne short loc_fffa175d ; jne 0xfffa175d
+cmp word [ebp - 0x34], 0xa0c
+sete al
+cmp word [ebp - 0x34], 0xd04
+sete byte [ebp - 0x3c]
+or al, byte [ebp - 0x3c]
+jne short loc_fffa175d ; jne 0xfffa175d
+mov eax, dword [ebp - 0x34]
+and eax, 0xffffffef
+cmp ax, 0x1604
+sete al
+movzx eax, al
+mov dword [ebp - 0x38], eax
+
+loc_fffa175d:
+mov al, byte [ebp - 0x38]
+mov word [ebx + 0xc8], 0xcf8
+mov word [ebx + 0xca], 0xcfc
+mov byte [ebx + 0xcc], 0xaa
+mov byte [ebx + 0xc6], al
+mov dword [edi], fcn_fffa5b74 ; mov dword [edi], 0xfffa5b74
+mov dword [edi + 4], fcn_fffb3f0f ; mov dword [edi + 4], 0xfffb3f0f
+mov dword [edi + 8], fcn_fffaafc2 ; mov dword [edi + 8], 0xfffaafc2
+mov dword [edi + 0xc], fcn_fffa5b68 ; mov dword [edi + 0xc], 0xfffa5b68
+mov dword [edi + 0x10], fcn_fffb3f28 ; mov dword [edi + 0x10], 0xfffb3f28
+mov dword [edi + 0x14], fcn_fffaafda ; mov dword [edi + 0x14], 0xfffaafda
+mov dword [edi + 0x18], fcn_fffb3cfc ; mov dword [edi + 0x18], 0xfffb3cfc
+mov dword [edi + 0x1c], fcn_fffb3d06 ; mov dword [edi + 0x1c], 0xfffb3d06
+mov dword [edi + 0x20], fcn_fffb3d4e ; mov dword [edi + 0x20], 0xfffb3d4e
+mov dword [edi + 0x24], fcn_fffb3dc0 ; mov dword [edi + 0x24], 0xfffb3dc0
+mov dword [edi + 0x28], fcn_fffb3db3 ; mov dword [edi + 0x28], 0xfffb3db3
+mov dword [edi + 0x2c], fcn_fffb3d20 ; mov dword [edi + 0x2c], 0xfffb3d20
+mov dword [edi + 0x30], fcn_fffb3d84 ; mov dword [edi + 0x30], 0xfffb3d84
+mov dword [edi + 0x34], fcn_fffa5bcf ; mov dword [edi + 0x34], 0xfffa5bcf
+mov dword [edi + 0x38], fcn_fffab48f ; mov dword [edi + 0x38], 0xfffab48f
+mov dword [edi + 0x3c], fcn_fffab4e0 ; mov dword [edi + 0x3c], 0xfffab4e0
+mov dword [edi + 0x40], fcn_fffab4b3 ; mov dword [edi + 0x40], 0xfffab4b3
+mov dword [edi + 0x44], fcn_fffb44dc ; mov dword [edi + 0x44], 0xfffb44dc
+mov dword [edi + 0x48], fcn_fffc3868 ; mov dword [edi + 0x48], 0xfffc3868
+mov dword [edi + 0x4c], fcn_fffc3844 ; mov dword [edi + 0x4c], 0xfffc3844
+mov dword [edi + 0x50], fcn_fffb3ddc ; mov dword [edi + 0x50], 0xfffb3ddc
+mov dword [edi + 0x54], fcn_fffb742b ; mov dword [edi + 0x54], 0xfffb742b
+mov dword [edi + 0x58], fcn_fffab101 ; mov dword [edi + 0x58], 0xfffab101
+mov dword [edi + 0x5c], fcn_fffab0d1 ; mov dword [edi + 0x5c], 0xfffab0d1
+mov dword [edi + 0x60], fcn_fffa5c15 ; mov dword [edi + 0x60], 0xfffa5c15
+mov dword [edi + 0x64], fcn_fffa5bfd ; mov dword [edi + 0x64], 0xfffa5bfd
+mov dword [edi + 0x68], fcn_fffab0f8 ; mov dword [edi + 0x68], 0xfffab0f8
+mov dword [edi + 0x6c], fcn_fffab0ef ; mov dword [edi + 0x6c], 0xfffab0ef
+mov dword [edi + 0x70], fcn_fffa5c8a ; mov dword [edi + 0x70], 0xfffa5c8a
+mov eax, dword [ebp - 0x2c]
+mov dword [edi + 0x74], fcn_fffab0c8 ; mov dword [edi + 0x74], 0xfffab0c8
+mov dword [edi + 0x78], fcn_fffb45e9 ; mov dword [edi + 0x78], 0xfffb45e9
+mov dword [edi + 0x7c], fcn_fffab039 ; mov dword [edi + 0x7c], 0xfffab039
+mov dword [edi + 0x80], fcn_fffb4ecf ; mov dword [edi + 0x80], 0xfffb4ecf
+mov dword [edi + 0x84], fcn_fffb506c ; mov dword [edi + 0x84], 0xfffb506c
+mov dword [edi + 0x88], fcn_fffa5bc8 ; mov dword [edi + 0x88], 0xfffa5bc8
+mov dword [edi + 0x8c], fcn_fffa5bc0 ; mov dword [edi + 0x8c], 0xfffa5bc0
+mov dword [edi + 0x90], fcn_fffa5b97 ; mov dword [edi + 0x90], 0xfffa5b97
+mov dword [edi + 0x94], fcn_fffb73dd ; mov dword [edi + 0x94], 0xfffb73dd
+mov dword [edi + 0x98], fcn_fffab06a ; mov dword [edi + 0x98], 0xfffab06a
+mov dword [edi + 0x9c], fcn_fffaaffb ; mov dword [edi + 0x9c], 0xfffaaffb
+mov dword [edi + 0xa0], fcn_fffa5b8d ; mov dword [edi + 0xa0], 0xfffa5b8d
+mov dword [edi + 0xa4], fcn_fffa5b7d ; mov dword [edi + 0xa4], 0xfffa5b7d
+mov dword [edi + 0xa8], fcn_fffab06f ; mov dword [edi + 0xa8], 0xfffab06f
+mov dword [eax + 9], ebx
+mov dword [eax + 0x1e], edi
+xor eax, eax
+mov byte [ecx], 0
+mov byte [ecx + 1], 1
+mov byte [ecx + 2], 1
+mov byte [ecx + 3], 1
+mov byte [ecx + 4], 0
+mov byte [ecx + 5], 0
+mov byte [ecx + 6], 0
+mov byte [ecx + 7], 0
+mov byte [ecx + 0x5c], 0xff
+mov byte [ecx + 0x61], 0
+mov byte [ecx + 0x5d], 0xff
+mov byte [ecx + 0x62], 0
+mov byte [ecx + 0x5e], 0xff
+mov byte [ecx + 0x63], 0
+mov byte [ecx + 8], 1
+mov byte [ecx + 0x39], 0
+mov byte [ecx + 0x40], 2
+mov byte [ecx + 0x5f], 0
+mov byte [ecx + 0x60], 0
+mov byte [ecx + 0x64], 2
+mov word [ecx + 0x65], 0x2710
+mov word [ecx + 0x67], 2
+mov byte [ecx + 0x69], 2
+mov byte [ecx + 0x6a], 2
+mov byte [ecx + 0x3b], 1
+mov byte [ecx + 0x48], 0
+mov word [ecx + 0x3c], 0x3e8
+mov byte [ecx + 0x3f], 0xf
+mov byte [ecx + 0x42], 0x14
+mov word [ecx + 0x50], 1
+
+loc_fffa1956:
+mov byte [ecx + eax + 9], 8
+mov byte [ecx + eax + 0x19], 7
+mov byte [ecx + eax + 0x29], 2
+inc eax
+cmp eax, 0x10
+jne short loc_fffa1956 ; jne 0xfffa1956
+mov eax, dword [ebp - 0x44]
+mov byte [ecx + 0x49], 0
+mov byte [eax], 0
+xor eax, eax
+mov byte [ecx + 0x52], 0
+mov byte [ecx + 0x53], 0
+
+loc_fffa197f:
+mov byte [ecx + eax + 0x54], 8
+inc eax
+cmp eax, 8
+jne short loc_fffa197f ; jne 0xfffa197f
+mov eax, dword [ebp - 0x2c]
+sub esp, 0xc
+mov dword [ecx + 0x44], 0
+mov dword [eax + 0xd], ecx
+mov ecx, eax
+mov word [edx], 0
+mov word [edx + 2], 0
+mov word [edx + 4], 0
+mov word [edx + 6], 0
+mov word [edx + 8], 0
+mov byte [edx + 0xa], 0
+mov byte [edx + 0xb], 0
+mov word [edx + 0xc], 0
+mov word [edx + 0xe], 0
+mov byte [edx + 0x10], 0
+mov dword [eax + 0x11], edx
+mov byte [eax + 0x22], 0
+mov eax, dword [esi + 0x8f6]
+mov dword [ecx + 0x15], eax
+push dword [ebp - 0x30]
+call fcn_fffab5db ; call 0xfffab5db
+add esp, 0x10
+
+loc_fffa19ec:
+sub esp, 0xc
+push ref_fffd5f93 ; push 0xfffd5f93
+call fcn_fffb76e3 ; call 0xfffb76e3
+mov dword [esp], ref_fffd6594 ; mov dword [esp], 0xfffd6594
+call fcn_fffab5db ; call 0xfffab5db
+mov dword [esp], 0x20
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+je short loc_fffa1a74 ; je 0xfffa1a74
+mov dword [eax + 0x14], fcn_fffb4a59 ; mov dword [eax + 0x14], 0xfffb4a59
+sub esp, 0xc
+mov dword [eax + 0xc], 0x53524549
+mov dword [eax + 0x10], 0
+mov eax, dword [0xff7d0084]
+mov eax, dword [eax + 0x14]
+lea edx, [eax + 0xf8000]
+add eax, 0xf80f0
+mov dword [ebx + 0x1c], edx
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [ebx], 0x80000010
+mov dword [ebx + 4], ref_fffd65a0 ; mov dword [ebx + 4], 0xfffd65a0
+and eax, 0xffffc000
+mov dword [ebx + 0x18], eax
+lea eax, [ebx + 0x14]
+mov dword [ebx + 8], eax
+mov dword [esp], ebx
+call fcn_fffab5db ; call 0xfffab5db
+add esp, 0x10
+
+loc_fffa1a74:
+push ebx
+push ebx
+lea eax, [ebp - 0x1c]
+push eax
+push 0x11b
+call fcn_fffab60f ; call 0xfffab60f
+add esp, 0x10
+test eax, eax
+jns short loc_fffa1a92 ; jns 0xfffa1a92
+mov dword [ebp - 0x1c], 0
+
+loc_fffa1a92:
+mov ebx, dword [ebp - 0x1c]
+test ebx, ebx
+je loc_fffa1b43 ; je 0xfffa1b43
+mov edx, ebx
+mov eax, 0xff7d0278
+call fcn_fffab505 ; call 0xfffab505
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov edi, dword [eax + 0x14]
+mov eax, dword [ebx + 8]
+lea esi, [edi + 0xfb020]
+push esi
+mov dword [ebp - 0x2c], eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+pop edx
+pop ecx
+and eax, 0xffe0
+or eax, dword [ebp - 0x2c]
+push eax
+push esi
+call fcn_fffb3d84 ; call 0xfffb3d84
+mov al, byte [edi + 0xfb004]
+or eax, 1
+mov byte [edi + 0xfb004], al
+mov al, byte [edi + 0xfb040]
+or eax, 0x10
+mov byte [edi + 0xfb040], al
+mov al, byte [edi + 0xfb040]
+or eax, 8
+mov byte [edi + 0xfb040], al
+mov al, byte [edi + 0xfb040]
+and eax, 0xfffffff9
+or eax, 1
+mov byte [edi + 0xfb040], al
+pop esi
+pop edi
+push 0xff
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+lea eax, [ebx + 0xc]
+add ebx, 0x38
+mov dword [esp], eax
+call fcn_fffab5db ; call 0xfffab5db
+call fcn_fffab405 ; call 0xfffab405
+pop edx
+pop ecx
+mov edx, dword [eax]
+push ebx
+push eax
+call dword [edx + 0x24] ; ucall
+add esp, 0x10
+
+loc_fffa1b43:
+sub esp, 0xc
+mov esi, ref_fffd65d0 ; mov esi, 0xfffd65d0
+push ref_fffd5fcb ; push 0xfffd5fcb
+call fcn_fffb76e3 ; call 0xfffb76e3
+lea eax, [ebp - 0x24]
+push eax
+push 0
+push 0
+push ref_fffd661c ; push 0xfffd661c
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x1c
+mov ebx, dword [ebp - 0x24]
+lea eax, [ebp - 0x20]
+push eax
+push 0x73
+push 4
+call fcn_fffab5ba ; call 0xfffab5ba
+mov eax, dword [ebp - 0x20]
+mov ecx, 4
+lea edi, [eax + 8]
+add eax, 0x18
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+pop edx
+pop ecx
+push 8
+push eax
+call fcn_fffac673 ; call 0xfffac673
+mov eax, dword [ebp - 0x20]
+pop esi
+pop edi
+add eax, 0x20
+push 8
+push eax
+call fcn_fffac673 ; call 0xfffac673
+pop eax
+mov eax, dword [ebp - 0x20]
+pop edx
+add eax, 0x29
+push 0x21
+push eax
+call fcn_fffac673 ; call 0xfffac673
+mov eax, dword [ebp - 0x20]
+add esp, 0x10
+mov byte [eax + 0x28], 0
+mov byte [eax + 0x71], 0
+cmp byte [ebx], 1
+jbe short loc_fffa1bd2 ; jbe 0xfffa1bd2
+mov edx, dword [ebx + 0xd]
+mov dl, byte [edx + 0x49]
+mov byte [eax + 0x4a], dl
+jmp short loc_fffa1bd6 ; jmp 0xfffa1bd6
+
+loc_fffa1bd2:
+mov byte [eax + 0x4a], 0
+
+loc_fffa1bd6:
+mov edx, dword [ebx + 5]
+mov dl, byte [edx + 7]
+mov byte [eax + 0x72], dl
+lea eax, [ebp - 0x1c]
+push eax
+push 0
+push 0
+push ref_fffd65c0 ; push 0xfffd65c0
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [ebp - 0x1c]
+add esp, 0x10
+mov edx, dword [eax + 9]
+cmp dword [edx + 4], 0
+je short loc_fffa1c29 ; je 0xfffa1c29
+mov ebx, dword [ebp - 0x20]
+mov byte [ebx + 0x18], 1
+mov edx, dword [eax + 1]
+cmp byte [edx], 0
+jns short loc_fffa1c29 ; jns 0xfffa1c29
+push ecx
+push 0x14
+mov eax, dword [eax + 9]
+mov eax, dword [eax + 4]
+push dword [eax + 0x1c]
+push dword [eax + 0x18]
+call fcn_fffab0ef ; call 0xfffab0ef
+add esp, 0x10
+mov byte [ebx + 0x19], al
+
+loc_fffa1c29:
+mov eax, dword [ebp - 0x20]
+mov byte [eax + 0x20], 2
+mov edx, dword [ebp - 0x1c]
+mov ecx, dword [edx + 1]
+test byte [ecx], 0x10
+je short loc_fffa1c49 ; je 0xfffa1c49
+mov edx, dword [edx + 9]
+mov edx, dword [edx]
+mov dl, byte [edx + 0x301]
+mov byte [eax + 0x21], dl
+
+loc_fffa1c49:
+sub esp, 0xc
+push ref_fffd65e0 ; push 0xfffd65e0
+call fcn_fffab5db ; call 0xfffab5db
+mov dword [esp], ref_fffd5faa ; mov dword [esp], 0xfffd5faa
+call fcn_fffb76e3 ; call 0xfffb76e3
+mov dword [esp], 0x19
+call fcn_fffb8358 ; call 0xfffb8358
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+je short loc_fffa1cea ; je 0xfffa1cea
+mov dword [eax], 0x4943524d
+lea eax, [eax + 0x14]
+mov dword [eax - 0x10], 0x80000020
+lea esi, [ebx + 4]
+mov dword [eax - 8], fcn_fffcd152 ; mov dword [eax - 8], 0xfffcd152
+mov dword [eax - 4], 0
+mov byte [eax + 4], 0
+mov dword [eax], 0
+push eax
+push 0
+push 0
+push ref_fffd65fc ; push 0xfffd65fc
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [ebx + 0x14]
+add esp, 0x10
+test eax, eax
+je short loc_fffa1cd9 ; je 0xfffa1cd9
+test byte [eax + 1], 1
+je short loc_fffa1cd9 ; je 0xfffa1cd9
+mov dword [ebx + 8], ref_fffd65ec ; mov dword [ebx + 8], 0xfffd65ec
+call fcn_fffab405 ; call 0xfffab405
+push edx
+push edx
+mov edx, dword [eax]
+push esi
+push eax
+call dword [edx + 0x24] ; ucall
+add esp, 0x10
+
+loc_fffa1cd9:
+push edi
+push 0
+push esi
+push 0xff7d0278
+call fcn_fffcd152 ; call 0xfffcd152
+add esp, 0x10
+
+loc_fffa1cea:
+call fcn_fffab5f3 ; call 0xfffab5f3
+push ebx
+push ebx
+push eax
+push ref_fffd660c ; push 0xfffd660c
+call fcn_fffc5551 ; call 0xfffc5551
+add esp, 0x10
+mov esi, eax
+test eax, eax
+jne short loc_fffa1d21 ; jne 0xfffa1d21
+mov eax, dword [ebp + 8]
+mov dword [eax + 0x906], 0
+mov dword [eax + 0x902], 0
+jmp near loc_fffa1e75 ; jmp 0xfffa1e75
+
+loc_fffa1d21:
+mov eax, dword [eax + 0x20]
+mov ecx, dword [ebp + 8]
+mov byte [ebp - 0x2c], 0
+mov dword [ecx + 0x906], eax
+lea eax, [esi + 0x20]
+mov dword [ecx + 0x902], eax
+mov byte [ecx + 0x90a], 0
+mov eax, dword [esi + 0x245b]
+mov dword [ebp - 0x34], eax
+lea eax, [esi + 0x1092]
+mov dword [ebp - 0x38], eax
+
+loc_fffa1d53:
+mov al, byte [ebp - 0x2c]
+mov dword [ebp - 0x30], 0
+add eax, eax
+mov byte [ebp - 0x40], al
+mov eax, dword [ebp - 0x38]
+lea edi, [eax + 0x25d]
+mov ecx, eax
+
+loc_fffa1d6d:
+mov edx, dword [ebp - 0x30]
+mov al, byte [ebp - 0x40]
+mov byte [ebp - 0x44], dl
+add eax, edx
+cmp dword [ecx], 2
+mov byte [ebp - 0x3c], al
+jne loc_fffa1e4b ; jne 0xfffa1e4b
+mov eax, dword [ebp + 8]
+mov edx, dword [ebp + 8]
+movzx eax, byte [eax + 0x90a]
+imul eax, eax, 0x28
+lea eax, [edx + eax + 0x900]
+mov edx, dword [esi + 0x2498]
+mov dword [ebp - 0x48], eax
+lea ebx, [eax + 0xb]
+cmp edx, 2
+je short loc_fffa1dc5 ; je 0xfffa1dc5
+cmp edx, 3
+je short loc_fffa1dcd ; je 0xfffa1dcd
+dec edx
+mov eax, 0xff
+mov edx, 0x18
+cmove eax, edx
+mov word [ebx + 4], ax
+jmp short loc_fffa1dd3 ; jmp 0xfffa1dd3
+
+loc_fffa1dc5:
+mov word [ebx + 4], 0x1a
+jmp short loc_fffa1dd3 ; jmp 0xfffa1dd3
+
+loc_fffa1dcd:
+mov word [ebx + 4], 0x1d
+
+loc_fffa1dd3:
+mov eax, dword [esi + 0x1837]
+mov edx, dword [ebp - 0x48]
+mov dword [ebp - 0x48], ecx
+mov word [ebx + 6], ax
+mov eax, dword [ecx + 0xe1]
+mov dword [edx + 0xb], eax
+mov al, byte [ecx + 0xed]
+mov byte [ebx + 8], al
+mov al, byte [ebp - 0x2c]
+mov byte [ebx + 9], al
+mov al, byte [ebp - 0x44]
+mov byte [ebx + 0xa], al
+mov al, byte [ebp - 0x3c]
+mov byte [ebx + 0xb], al
+lea eax, [ebx + 0x11]
+push ecx
+push 0x12
+push edi
+push eax
+mov eax, dword [ebp - 0x34]
+call dword [eax + 0x58] ; ucall
+add esp, 0xc
+push 4
+lea eax, [edi - 6]
+push eax
+lea eax, [ebx + 0xc]
+push eax
+mov eax, dword [ebp - 0x34]
+call dword [eax + 0x58] ; ucall
+mov ax, word [edi - 0xb]
+add esp, 0x10
+mov ecx, dword [ebp - 0x48]
+mov word [ebx + 0x24], ax
+mov al, byte [edi - 0xd]
+mov byte [ebx + 0x26], al
+mov al, byte [edi - 0xc]
+mov byte [ebx + 0x27], al
+mov eax, dword [ebp + 8]
+inc byte [eax + 0x90a]
+
+loc_fffa1e4b:
+inc dword [ebp - 0x30]
+add ecx, 0x128
+add edi, 0x21
+cmp dword [ebp - 0x30], 2
+jne loc_fffa1d6d ; jne 0xfffa1d6d
+inc byte [ebp - 0x2c]
+add dword [ebp - 0x38], 0x433
+cmp byte [ebp - 0x2c], 2
+jne loc_fffa1d53 ; jne 0xfffa1d53
+
+loc_fffa1e75:
+sub esp, 0xc
+push ref_fffd5fbf ; push 0xfffd5fbf
+call fcn_fffb76e3 ; call 0xfffb76e3
+add esp, 0x10
+xor eax, eax
+
+loc_fffa1e87:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa1e8f:
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, edx
+push ebx
+sub esp, 0x6214
+push 0x5ee4
+lea edi, [ebp - 0x5efc]
+push edi
+mov dword [ebp - 0x6208], ecx
+mov dword [ebp - 0x6204], eax
+call fcn_fffac673 ; call 0xfffac673
+pop ebx
+pop eax
+lea ebx, [ebp - 0x60c7]
+push 0x1cb
+push ebx
+call fcn_fffac673 ; call 0xfffac673
+lea eax, [ebp - 0x6173]
+mov dword [ebp - 0x3ab9], eax
+mov eax, dword [ref_fffd3288] ; mov eax, dword [0xfffd3288]
+lea edx, [ebp - 0x61c0]
+mov dword [ebp - 0x20], ebx
+mov dword [ebp - 0x60c3], edx
+mov dword [ebp - 0x6200], edx
+mov dword [ebp - 0x5efc], eax
+lea eax, [ebp - 0x61e8]
+push eax
+push 0
+push 0
+push ref_fffd661c ; push 0xfffd661c
+mov dword [ebp - 0x60c7], 0x1cb
+mov dword [ebp - 0x5ef8], 0x5ee4
+mov dword [ebp - 0x5ef4], 0x1866
+mov dword [ebp - 0x468e], 0xbdd
+mov dword [ebp - 0x3ab1], 0x3a91
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [ebp - 0x61e8]
+add esp, 0x20
+mov edx, dword [ebp - 0x3ab9]
+mov ecx, dword [eax + 9]
+mov ebx, dword [eax + 0x1e]
+mov dword [ebp - 0x61fc], edx
+mov dword [ebx + 0xac], fcn_fffc6ea0 ; mov dword [ebx + 0xac], 0xfffc6ea0
+mov dword [ebx + 0xb0], fcn_fffc45f9 ; mov dword [ebx + 0xb0], 0xfffc45f9
+mov dword [ebx + 0xb4], fcn_fffac81d ; mov dword [ebx + 0xb4], 0xfffac81d
+mov dword [ebx + 0xb8], fcn_fffc3bd3 ; mov dword [ebx + 0xb8], 0xfffc3bd3
+mov dword [ebx + 0xbc], fcn_fffcc900 ; mov dword [ebx + 0xbc], 0xfffcc900
+mov dword [ebx + 0xc0], fcn_fffac7e7 ; mov dword [ebx + 0xc0], 0xfffac7e7
+mov dword [ebx + 0xc4], fcn_fffa9178 ; mov dword [ebx + 0xc4], 0xfffa9178
+mov dword [ebx + 0xc8], fcn_fffcc4cb ; mov dword [ebx + 0xc8], 0xfffcc4cb
+mov dword [ebx + 0xcc], fcn_fffa8c9b ; mov dword [ebx + 0xcc], 0xfffa8c9b
+mov dword [ebp - 0x3ae1], eax
+mov ax, word [ecx + 0xc8]
+mov word [ebp - 0x3ae5], ax
+mov ax, word [ecx + 0xca]
+mov word [ebp - 0x3ae3], ax
+call fcn_fffa6801 ; call 0xfffa6801
+sub esp, 0xc
+lea ecx, [ebp - 0x61c4]
+push ecx
+lea ecx, [ebp - 0x61c8]
+push ecx
+lea ecx, [ebp - 0x61cc]
+push ecx
+mov dword [ebp - 0x3aea], eax
+lea eax, [ebp - 0x61d0]
+push eax
+push 1
+call fcn_fffd28d0 ; call 0xfffd28d0
+add esp, 0x1c
+mov eax, dword [ebp - 0x61d0]
+push 0xac
+push ebx
+push dword [ebp - 0x61fc]
+and eax, 0xf
+mov byte [ebp - 0x3ae6], al
+call dword [ebx + 0x58] ; ucall
+mov edx, dword [ebp - 0x6200]
+add esp, 0xc
+push 0x4d
+push ref_fffd3238 ; push 0xfffd3238
+push edx
+call dword [ebp - 0x611b] ; ucall
+call fcn_fffab405 ; call 0xfffab405
+pop edx
+pop ecx
+lea ecx, [ebp - 0x61e0]
+mov edx, dword [eax]
+push ecx
+push eax
+call dword [edx + 0x28] ; ucall
+add esp, 0x10
+cmp dword [ebp - 0x61e0], 0x11
+je short loc_fffa20a7 ; je 0xfffa20a7
+lea eax, [ebp - 0x61e4]
+push ecx
+push eax
+push 0x5efd
+push 4
+call fcn_fffab5ba ; call 0xfffab5ba
+add esp, 0x10
+test eax, eax
+js short loc_fffa20b1 ; js 0xfffa20b1
+mov ebx, dword [ebp - 0x61e4]
+push eax
+push 0x10
+push ref_fffd660c ; push 0xfffd660c
+lea eax, [ebx + 8]
+add ebx, 0x18
+push eax
+call fcn_fffab101 ; call 0xfffab101
+pop eax
+pop edx
+push 0x5ee5
+push ebx
+call fcn_fffac673 ; call 0xfffac673
+add esp, 0x10
+jmp short loc_fffa20b1 ; jmp 0xfffa20b1
+
+loc_fffa20a7:
+mov dword [ebp - 0x61e4], 0
+
+loc_fffa20b1:
+mov eax, dword [ebp - 0x61e8]
+mov edx, dword [eax + 9]
+mov eax, 5
+cmp byte [edx + 0x55], 0
+jne short loc_fffa20c9 ; jne 0xfffa20c9
+movzx eax, byte [edx + 0x2d]
+
+loc_fffa20c9:
+mov edx, dword [ebp - 0x61e0]
+mov dword [ebp - 0x45fe], eax
+mov dword [ebp - 0x4602], esi
+cmp edx, 0x11
+je short loc_fffa20eb ; je 0xfffa20eb
+mov eax, dword [ebp - 0x61e4]
+add eax, 0x18
+jmp short loc_fffa20ed ; jmp 0xfffa20ed
+
+loc_fffa20eb:
+xor eax, eax
+
+loc_fffa20ed:
+push ecx
+push ecx
+push 0xdd00
+push edi
+mov dword [ebp - 0x460a], eax
+xor eax, eax
+cmp edx, 0x11
+mov edx, 0xfbe8
+cmovne eax, edx
+mov dword [ebp - 0x4606], eax
+call dword [ebp - 0x60df] ; ucall
+lea edx, [ebp - 0x61c4]
+mov edi, dword [ebp - 0x3ab9]
+mov dword [esp], edx
+lea edx, [ebp - 0x61c8]
+push edx
+lea edx, [ebp - 0x61cc]
+push edx
+lea eax, [ebp - 0x61d0]
+push eax
+push 1
+mov byte [ebp - 0x61e9], 0
+call fcn_fffd28d0 ; call 0xfffd28d0
+add esp, 0x20
+test byte [ebp - 0x61c8], 0x40
+je short loc_fffa21cf ; je 0xfffa21cf
+sub esp, 0xc
+push 0x2e7
+call dword [edi + 0xa0] ; ucall
+add esp, 0x10
+test al, 6
+je short loc_fffa21cf ; je 0xfffa21cf
+lea eax, [ebp - 0x61d4]
+mov ebx, 0x2ee
+push eax
+push 0
+push 0
+push ref_fffd604c ; push 0xfffd604c
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x10
+
+loc_fffa2184:
+mov eax, dword [esi]
+mov eax, dword [eax + 0x60]
+push 0
+push 0xfed40000
+push eax
+push esi
+call dword [eax + 0x30] ; ucall
+add esp, 0x10
+cmp al, 0xff
+je short loc_fffa21bc ; je 0xfffa21bc
+test al, al
+js loc_fffa2abe ; js 0xfffa2abe
+mov eax, dword [ebp - 0x61d4]
+push edx
+push 0x3e8
+push eax
+push esi
+call dword [eax + 4] ; ucall
+add esp, 0x10
+dec bx
+jne short loc_fffa2184 ; jne 0xfffa2184
+
+loc_fffa21bc:
+push ebx
+push 0
+push 0
+push 0x2e6
+call dword [edi + 0xa4] ; ucall
+add esp, 0x10
+
+loc_fffa21cf:
+cmp dword [ebp - 0x61e0], 0x11
+mov dword [ebp - 0x6200], 2
+je short loc_fffa222d ; je 0xfffa222d
+mov ebx, dword [ebp - 0x3ab9]
+push 0xa0
+push 0
+push 0x1f
+push 0
+call dword [ebx + 0x48] ; ucall
+pop edx
+pop ecx
+push eax
+movzx eax, word [ebp - 0x3ae5]
+push eax
+call dword [ebx + 0x14] ; ucall
+movzx eax, word [ebp - 0x3ae3]
+mov dword [esp], eax
+call dword [ebx + 8] ; ucall
+add esp, 0x10
+shr eax, 0x10
+and eax, 0xa0
+cmp eax, 0xa0
+sete al
+movzx eax, al
+mov dword [ebp - 0x6200], eax
+
+loc_fffa222d:
+mov eax, dword [ebp - 0x3aea]
+cmp eax, 0x40650
+jne short loc_fffa2246 ; jne 0xfffa2246
+mov dword [ebp - 0x4675], 0x40650
+jmp short loc_fffa2274 ; jmp 0xfffa2274
+
+loc_fffa2246:
+cmp eax, 0x306c0
+jne short loc_fffa2263 ; jne 0xfffa2263
+mov dword [ebp - 0x4675], 0x306c0
+mov dword [ebp - 0x4671], 0
+jmp short loc_fffa22da ; jmp 0xfffa22da
+
+loc_fffa2263:
+cmp eax, 0x40660
+jne short loc_fffa228d ; jne 0xfffa228d
+mov dword [ebp - 0x4675], 0x40660
+
+loc_fffa2274:
+mov dword [ebp - 0x4671], 0
+mov dword [ebp - 0x4679], 1
+jmp near loc_fffa231f ; jmp 0xfffa231f
+
+loc_fffa228d:
+cmp eax, 0x306d0
+jne short loc_fffa22f2 ; jne 0xfffa22f2
+mov al, byte [ebp - 0x3ae6]
+mov dword [ebp - 0x4675], 0x306d0
+mov dword [ebp - 0x4671], 1
+cmp al, 3
+je short loc_fffa22da ; je 0xfffa22da
+cmp al, 4
+jne short loc_fffa22e6 ; jne 0xfffa22e6
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov eax, dword [eax + 0x14]
+add eax, 8
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+and eax, 0xf
+cmp eax, 9
+sbb eax, eax
+add eax, 5
+jmp short loc_fffa2319 ; jmp 0xfffa2319
+
+loc_fffa22da:
+mov dword [ebp - 0x4679], 3
+jmp short loc_fffa231f ; jmp 0xfffa231f
+
+loc_fffa22e6:
+mov dword [ebp - 0x4679], 5
+jmp short loc_fffa231f ; jmp 0xfffa231f
+
+loc_fffa22f2:
+cmp eax, 0x40670
+jne short loc_fffa231f ; jne 0xfffa231f
+xor eax, eax
+cmp byte [ebp - 0x3ae6], 0
+mov dword [ebp - 0x4675], 0x40670
+mov dword [ebp - 0x4671], 1
+setne al
+
+loc_fffa2319:
+mov dword [ebp - 0x4679], eax
+
+loc_fffa231f:
+mov eax, dword [ebp - 0x6208]
+mov dword [ebp - 0x61d0], 0
+mov eax, dword [eax + 0x14]
+test eax, eax
+jne short loc_fffa2347 ; jne 0xfffa2347
+
+loc_fffa2336:
+mov eax, dword [ebp - 0x61e8]
+xor ebx, ebx
+mov edi, dword [eax + 0x15]
+test edi, edi
+jne short loc_fffa2373 ; jne 0xfffa2373
+jmp short loc_fffa23a6 ; jmp 0xfffa23a6
+
+loc_fffa2347:
+test byte [eax + 1], 1
+je short loc_fffa2336 ; je 0xfffa2336
+lea eax, [ebp - 0x61d0]
+push eax
+push 0
+push 0
+push ref_fffd65ec ; push 0xfffd65ec
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x10
+test eax, eax
+je short loc_fffa2336 ; je 0xfffa2336
+
+loc_fffa2369:
+mov eax, 0x8000000e
+jmp near loc_fffa2b0c ; jmp 0xfffa2b0c
+
+loc_fffa2373:
+cmp dword [ebp - 0x61e0], 4
+je short loc_fffa23a6 ; je 0xfffa23a6
+lea eax, [edi + 8]
+mov edx, 0x185e
+call fcn_fffc3dc3 ; call 0xfffc3dc3
+cmp eax, dword [edi + 4]
+jne short loc_fffa23a6 ; jne 0xfffa23a6
+push eax
+mov eax, dword [esi]
+mov bl, 1
+push 0x1866
+push edi
+lea edx, [ebp - 0x5ef4]
+push edx
+call dword [eax + 0x50] ; ucall
+add esp, 0x10
+
+loc_fffa23a6:
+cmp dword [ebp - 0x61e0], 0x11
+jne short loc_fffa23b3 ; jne 0xfffa23b3
+test bl, bl
+je short loc_fffa2369 ; je 0xfffa2369
+
+loc_fffa23b3:
+lea eax, [ebp - 0x61dc]
+push eax
+push 0
+push 0
+push ref_fffd6070 ; push 0xfffd6070
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [ebp - 0x6200]
+add esp, 0x10
+dec eax
+cmp eax, 1
+jbe short loc_fffa23fe ; jbe 0xfffa23fe
+push eax
+lea eax, [ebp - 0x61e9]
+push eax
+mov eax, dword [ebp - 0x61dc]
+push dword [ebp - 0x6204]
+push esi
+call dword [eax + 5] ; ucall
+add esp, 0x10
+mov al, 0
+cmp byte [ebp - 0x61e9], 1
+cmove ebx, eax
+
+loc_fffa23fe:
+mov eax, dword [ebp - 0x6200]
+dec eax
+cmp eax, 1
+jbe short loc_fffa2446 ; jbe 0xfffa2446
+dec bl
+jne loc_fffa2acb ; jne 0xfffa2acb
+mov edx, dword [ebp - 0x61e8]
+mov eax, dword [edx + 9]
+cmp byte [eax + 0x56], 0
+je loc_fffa2acb ; je 0xfffa2acb
+xor ecx, ecx
+lea eax, [ebp - 0x5efc]
+call fcn_fffb82ba ; call 0xfffb82ba
+test al, al
+jne loc_fffa2acb ; jne 0xfffa2acb
+mov dword [ebp - 0x61fc], 3
+jmp short loc_fffa24aa ; jmp 0xfffa24aa
+
+loc_fffa2446:
+mov edx, dword [ebp - 0x61e8]
+mov eax, dword [edx + 1]
+mov eax, dword [eax + 4]
+mov dword [ebp - 0x4637], eax
+test bl, bl
+je loc_fffa2acb ; je 0xfffa2acb
+mov edi, dword [ebp - 0x6200]
+lea eax, [ebp - 0x5efc]
+mov ecx, edi
+call fcn_fffb82ba ; call 0xfffb82ba
+dec al
+je loc_fffa2acb ; je 0xfffa2acb
+dec edi
+mov dword [ebp - 0x61fc], 2
+jne short loc_fffa24aa ; jne 0xfffa24aa
+mov edx, 0x5d10
+lea eax, [ebp - 0x5efc]
+call fcn_fffae548 ; call 0xfffae548
+or edx, eax
+je loc_fffa2acb ; je 0xfffa2acb
+mov dword [ebp - 0x61fc], 1
+
+loc_fffa24aa:
+cmp dword [ebp - 0x4675], 0x306d0
+jne short loc_fffa24de ; jne 0xfffa24de
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov eax, dword [eax + 0x14]
+add eax, 8
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+and eax, 0xf
+cmp eax, 7
+ja short loc_fffa24de ; ja 0xfffa24de
+mov byte [ebp - 0x460f], 1
+jmp short loc_fffa24e5 ; jmp 0xfffa24e5
+
+loc_fffa24de:
+mov byte [ebp - 0x460f], 0
+
+loc_fffa24e5:
+mov bl, byte [ebp - 0x460f]
+call fcn_fffab5f3 ; call 0xfffab5f3
+push edi
+push edi
+push eax
+push ref_fffd65d0 ; push 0xfffd65d0
+call fcn_fffc5551 ; call 0xfffc5551
+add esp, 0x10
+test eax, eax
+je short loc_fffa2520 ; je 0xfffa2520
+movzx edi, byte [eax + 0x19]
+xor edx, edx
+cmp byte [eax + 0x18], 1
+movzx ecx, byte [eax + 0x21]
+cmove edx, edi
+cmp byte [eax + 0x20], 1
+cmove edx, ecx
+add ecx, edi
+jmp short loc_fffa2524 ; jmp 0xfffa2524
+
+loc_fffa2520:
+xor edx, edx
+xor ecx, ecx
+
+loc_fffa2524:
+cmp bl, 1
+sbb cl, 0xff
+test cl, cl
+je short loc_fffa253d ; je 0xfffa253d
+movzx ecx, cl
+mov dword [ebp - 0x4617], ecx
+mov dword [ebp - 0x4613], edx
+
+loc_fffa253d:
+push ebx
+mov edx, dword [ebp - 0x61fc]
+push dword [ebp - 0x3aea]
+push dword [ebp - 0x61e8]
+mov eax, dword [ebp - 0x61e0]
+lea ecx, [ebp - 0x5efc]
+push esi
+call fcn_fffab673 ; call 0xfffab673
+add esp, 0x10
+mov dword [ebp - 0x4627], 0
+mov dword [ebp - 0x4651], eax
+mov eax, dword [ebp - 0x61d0]
+test eax, eax
+je short loc_fffa259e ; je 0xfffa259e
+cmp dword [ebp - 0x61e0], 0x11
+je short loc_fffa259e ; je 0xfffa259e
+sub esp, 0xc
+push eax
+call dword [eax + 1] ; ucall
+add esp, 0x10
+cmp eax, 2
+jne short loc_fffa259e ; jne 0xfffa259e
+mov byte [ebp - 0x3af5], 1
+
+loc_fffa259e:
+push ecx
+mov eax, dword [ebp - 0x61dc]
+push ecx
+push dword [ebp - 0x6204]
+push esi
+call dword [eax + 1] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x4627], eax
+
+loc_fffa25b9:
+cmp dword [ebp - 0x4651], 0
+jne short loc_fffa2623 ; jne 0xfffa2623
+mov ebx, dword [ebp - 0x3ab9]
+push 0xa0
+push 0
+push 0x1f
+push 0
+call dword [ebx + 0x48] ; ucall
+mov edi, eax
+pop eax
+movzx eax, word [ebp - 0x3ae5]
+pop edx
+push edi
+push eax
+call dword [ebx + 0x14] ; ucall
+movzx eax, word [ebp - 0x3ae3]
+mov dword [esp], eax
+call dword [ebx + 8] ; ucall
+movzx edx, word [ebp - 0x3ae5]
+pop ecx
+mov dword [ebp - 0x6208], eax
+pop eax
+push edi
+push edx
+call dword [ebx + 0x14] ; ucall
+pop eax
+mov eax, dword [ebp - 0x6208]
+pop edx
+and eax, 0xff7f0000
+push eax
+movzx eax, word [ebp - 0x3ae3]
+push eax
+call dword [ebx + 0x14] ; ucall
+add esp, 0x10
+
+loc_fffa2623:
+mov eax, dword [ebp - 0x3ab9]
+mov ebx, 1
+push edi
+push 4
+mov ecx, eax
+mov dword [ebp - 0x620c], eax
+mov eax, dword [ebp - 0x4651]
+mov dword [ebp - 0x2814], eax
+mov eax, dword [ebp - 0x4671]
+lea eax, [eax*4 + ref_fffd3230] ; lea eax, [eax*4 - 0x2cdd0]
+push eax
+lea eax, [ebp - 0x282d]
+push eax
+mov eax, ecx
+call dword [eax + 0x58] ; ucall
+add esp, 0x10
+mov dl, 1
+mov word [ebp - 0x6208], 0
+
+loc_fffa266d:
+mov eax, dword [ebp - 0x6208]
+cmp ax, 0x40
+lea ecx, [eax - 0x2300]
+setbe al
+mov word [ebp - 0x620e], cx
+test al, dl
+je loc_fffa2795 ; je 0xfffa2795
+movzx eax, word [ebp - 0x6208]
+mov dl, 1
+imul eax, eax, 0xc
+cmp dword [eax + ref_fffd5c10], 0 ; cmp dword [eax - 0x2a3f0], 0
+mov dword [ebp - 0x6214], eax
+lea edi, [eax + ref_fffd5c10] ; lea edi, [eax - 0x2a3f0]
+je loc_fffa2789 ; je 0xfffa2789
+mov al, byte [edi + 0xb]
+cmp byte [ebp - 0x465e], al
+jae loc_fffa2789 ; jae 0xfffa2789
+mov eax, dword [ebp - 0x465d]
+test eax, eax
+jne short loc_fffa26d3 ; jne 0xfffa26d3
+test byte [edi + 0xa], 0x10
+jmp short loc_fffa26de ; jmp 0xfffa26de
+
+loc_fffa26d3:
+dec eax
+jne loc_fffa2789 ; jne 0xfffa2789
+test byte [edi + 0xa], 0x20
+
+loc_fffa26de:
+je loc_fffa2789 ; je 0xfffa2789
+mov eax, dword [ebp - 0x2814]
+cmp eax, 2
+jne short loc_fffa26f5 ; jne 0xfffa26f5
+test byte [edi + 0xa], 8
+jmp short loc_fffa2709 ; jmp 0xfffa2709
+
+loc_fffa26f5:
+cmp eax, 3
+jne short loc_fffa2700 ; jne 0xfffa2700
+test byte [edi + 0xa], 2
+jmp short loc_fffa2709 ; jmp 0xfffa2709
+
+loc_fffa2700:
+cmp eax, 1
+jne short loc_fffa270f ; jne 0xfffa270f
+test byte [edi + 0xa], 4
+
+loc_fffa2709:
+jne short loc_fffa271b ; jne 0xfffa271b
+mov dl, 1
+jmp short loc_fffa2789 ; jmp 0xfffa2789
+
+loc_fffa270f:
+mov dl, 1
+test eax, eax
+jne short loc_fffa2789 ; jne 0xfffa2789
+test byte [edi + 0xa], 1
+je short loc_fffa2789 ; je 0xfffa2789
+
+loc_fffa271b:
+mov edx, dword [edi + 6]
+cmp edx, 0x44
+jbe short loc_fffa2776 ; jbe 0xfffa2776
+
+loc_fffa2723:
+mov eax, dword [edi + 4]
+mov edi, dword [ebp - 0x620c]
+push ebx
+push ebx
+cmp ax, 0xffff
+cmove ax, word [ebp - 0x620e]
+movzx eax, ax
+push eax
+lea eax, [ebp - 0x5efc]
+push eax
+call dword [edi + 0x94] ; ucall
+mov eax, edi
+call dword [eax + 0x54] ; ucall
+lea eax, [ebp - 0x5efc]
+mov dword [esp], eax
+mov eax, dword [ebp - 0x6214]
+call dword [eax + ref_fffd5c10] ; ucall: call dword [eax - 0x2a3f0]
+mov ebx, eax
+mov eax, edi
+call dword [eax + 0x54] ; ucall
+add esp, 0x10
+test ebx, ebx
+sete dl
+jmp short loc_fffa2789 ; jmp 0xfffa2789
+
+loc_fffa2776:
+xor ecx, ecx
+lea eax, [ebp - 0x5efc]
+call fcn_fffc3c0d ; call 0xfffc3c0d
+mov dl, 1
+test eax, eax
+je short loc_fffa2723 ; je 0xfffa2723
+
+loc_fffa2789:
+inc word [ebp - 0x6208]
+jmp near loc_fffa266d ; jmp 0xfffa266d
+
+loc_fffa2795:
+push ecx
+push ecx
+push ebx
+lea eax, [ebp - 0x5efc]
+push eax
+call dword [ebp - 0x60cb] ; ucall
+add esp, 0x10
+cmp ebx, 0x17
+je loc_fffa28a9 ; je 0xfffa28a9
+ja short loc_fffa27c5 ; ja 0xfffa27c5
+test ebx, ebx
+je loc_fffa2920 ; je 0xfffa2920
+cmp ebx, 0x16
+je short loc_fffa2832 ; je 0xfffa2832
+jmp near loc_fffa28f7 ; jmp 0xfffa28f7
+
+loc_fffa27c5:
+cmp ebx, 0x18
+je loc_fffa2863 ; je 0xfffa2863
+cmp ebx, 0x1c
+jne loc_fffa28f7 ; jne 0xfffa28f7
+push eax
+push eax
+push 0x3a91
+lea eax, [ebp - 0x3ab1]
+push eax
+call fcn_fffac673 ; call 0xfffac673
+pop eax
+pop edx
+lea eax, [ebp - 0x60c7]
+push 0x1cb
+push eax
+call fcn_fffac673 ; call 0xfffac673
+lea eax, [ebp - 0x61c0]
+add esp, 0x10
+mov dword [ebp - 0x3ab1], 0x3a91
+mov dword [ebp - 0x60c7], 0x1cb
+mov dword [ebp - 0x60c3], eax
+mov byte [ebp - 0x3a6d], 1
+inc byte [ebp - 0x465e]
+jmp near loc_fffa2920 ; jmp 0xfffa2920
+
+loc_fffa2832:
+sub esp, 0xc
+push 0
+lea ecx, [ebp - 0x61ea]
+lea edx, [ebp - 0x61d4]
+lea eax, [ebp - 0x5efc]
+call fcn_fffa77b4 ; call 0xfffa77b4
+mov al, byte [ebp - 0x2815]
+add esp, 0x10
+cmp byte [ebp - 0x61ea], al
+jae loc_fffa28f7 ; jae 0xfffa28f7
+
+loc_fffa2863:
+cmp dword [ebp - 0x4651], 3
+jne short loc_fffa2898 ; jne 0xfffa2898
+push eax
+mov eax, dword [ebp - 0x61e0]
+xor edx, edx
+push dword [ebp - 0x3aea]
+push dword [ebp - 0x61e8]
+lea ecx, [ebp - 0x5efc]
+push esi
+call fcn_fffab673 ; call 0xfffab673
+add esp, 0x10
+mov dword [ebp - 0x4651], eax
+jmp short loc_fffa28a2 ; jmp 0xfffa28a2
+
+loc_fffa2898:
+mov dword [ebp - 0x4651], 0
+
+loc_fffa28a2:
+mov ebx, 0x18
+jmp short loc_fffa2920 ; jmp 0xfffa2920
+
+loc_fffa28a9:
+sub esp, 0xc
+mov eax, dword [ebp - 0x61dc]
+push dword [ebp - 0x4627]
+push dword [ebp - 0x27cb]
+push 1
+push dword [ebp - 0x6204]
+push esi
+call dword [eax + 9] ; ucall
+add esp, 0x18
+push 0xddfe
+lea eax, [ebp - 0x5efc]
+push eax
+call dword [ebp - 0x60df] ; ucall
+mov eax, dword [esi]
+pop ebx
+pop edi
+push 0
+push 0
+push 0
+push 0x51009
+push 2
+push esi
+call dword [eax + 0x58] ; ucall
+add esp, 0x20
+
+loc_fffa28f7:
+sub esp, 0xc
+mov ebx, dword [ebp - 0x6167]
+push 0x80
+call dword [ebp - 0x6173] ; ucall
+pop edx
+pop ecx
+or eax, 0xffffff80
+movzx eax, al
+push eax
+push 0x80
+call ebx
+jmp near loc_fffa2b04 ; jmp 0xfffa2b04
+
+loc_fffa2920:
+and ebx, 0xfffffffb
+cmp ebx, 0x18
+je loc_fffa25b9 ; je 0xfffa25b9
+mov eax, dword [ebp - 0x61d0]
+test eax, eax
+jne short loc_fffa293a ; jne 0xfffa293a
+
+loc_fffa2936:
+xor edi, edi
+jmp short loc_fffa294d ; jmp 0xfffa294d
+
+loc_fffa293a:
+sub esp, 0xc
+push eax
+call dword [eax + 1] ; ucall
+add esp, 0x10
+test eax, eax
+je short loc_fffa2936 ; je 0xfffa2936
+mov edi, 0xffffff80
+
+loc_fffa294d:
+cmp dword [ebp - 0x61fc], 0
+sete bl
+cmp byte [ebp - 0x6200], 1
+sete al
+test bl, al
+je short loc_fffa296b ; je 0xfffa296b
+and edi, 0xfffffff0
+or edi, 3
+
+loc_fffa296b:
+cmp dword [ebp - 0x4627], 0x20
+ja short loc_fffa29b8 ; ja 0xfffa29b8
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov eax, dword [eax + 0x14]
+add eax, 0xb0010
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+inc eax
+je short loc_fffa29b8 ; je 0xfffa29b8
+sub esp, 0xc
+mov eax, edi
+push dword [ebp - 0x4627]
+movzx edi, al
+push dword [ebp - 0x27cb]
+mov eax, dword [ebp - 0x61dc]
+push edi
+push dword [ebp - 0x6204]
+push esi
+call dword [eax + 9] ; ucall
+add esp, 0x20
+
+loc_fffa29b8:
+mov eax, dword [ebp - 0x61d0]
+test eax, eax
+je short loc_fffa2a0d ; je 0xfffa2a0d
+mov edx, dword [ebp - 0x61e8]
+mov edx, dword [edx + 9]
+cmp byte [edx + 0x56], 0
+je short loc_fffa2a0d ; je 0xfffa2a0d
+sub esp, 0xc
+push eax
+call dword [eax + 1] ; ucall
+add esp, 0x10
+cmp eax, 2
+jne short loc_fffa2a0d ; jne 0xfffa2a0d
+cmp dword [ebp - 0x4651], 3
+je short loc_fffa2a0d ; je 0xfffa2a0d
+lea eax, [ebp - 0x61d8]
+push eax
+push 0
+push 0
+push ref_fffd65a0 ; push 0xfffd65a0
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [ebp - 0x61d8]
+pop ecx
+pop edi
+push 3
+push eax
+call dword [eax] ; ucall
+jmp short loc_fffa2a24 ; jmp 0xfffa2a24
+
+loc_fffa2a0d:
+mov eax, dword [ebp - 0x61d0]
+test eax, eax
+je short loc_fffa2a27 ; je 0xfffa2a27
+push edx
+push edx
+lea edx, [ebp - 0x61e0]
+push edx
+push eax
+call dword [eax + 5] ; ucall
+
+loc_fffa2a24:
+add esp, 0x10
+
+loc_fffa2a27:
+cmp dword [ebp - 0x61e0], 0x11
+je short loc_fffa2aa6 ; je 0xfffa2aa6
+cmp dword [ebp - 0x61fc], 3
+sete al
+or al, bl
+je short loc_fffa2a68 ; je 0xfffa2a68
+xor eax, eax
+
+loc_fffa2a40:
+cmp eax, 0x1000
+je short loc_fffa2a4c ; je 0xfffa2a4c
+mov byte [eax], al
+inc eax
+jmp short loc_fffa2a40 ; jmp 0xfffa2a40
+
+loc_fffa2a4c:
+mov edx, 0x14
+
+loc_fffa2a51:
+xor eax, eax
+
+loc_fffa2a53:
+cmp eax, 0x1000
+je short loc_fffa2a65 ; je 0xfffa2a65
+cmp byte [eax], al
+jne loc_fffa2af0 ; jne 0xfffa2af0
+inc eax
+jmp short loc_fffa2a53 ; jmp 0xfffa2a53
+
+loc_fffa2a65:
+dec edx
+jne short loc_fffa2a51 ; jne 0xfffa2a51
+
+loc_fffa2a68:
+push ebx
+mov eax, dword [esi]
+mov esi, dword [ebp - 0x61e4]
+lea edx, [ebp - 0x5efc]
+push 0x5ee4
+push edx
+lea edx, [esi + 0x18]
+push edx
+mov dword [ebp - 0x3a9d], 0
+call dword [eax + 0x50] ; ucall
+mov eax, dword [ebp - 0x61e4]
+pop esi
+pop edi
+add eax, 0x5efc
+push 1
+push eax
+call fcn_fffac673 ; call 0xfffac673
+add esp, 0x10
+
+loc_fffa2aa6:
+push ecx
+push ecx
+push 0x55
+lea eax, [ebp - 0x5efc]
+push eax
+call dword [ebp - 0x60df] ; ucall
+add esp, 0x10
+xor eax, eax
+jmp short loc_fffa2b0c ; jmp 0xfffa2b0c
+
+loc_fffa2abe:
+test al, 1
+je loc_fffa21cf ; je 0xfffa21cf
+jmp near loc_fffa21bc ; jmp 0xfffa21bc
+
+loc_fffa2acb:
+push edx
+push edx
+push 0x1866
+lea eax, [ebp - 0x5ef4]
+push eax
+call fcn_fffac673 ; call 0xfffac673
+add esp, 0x10
+mov dword [ebp - 0x61fc], 0
+jmp near loc_fffa24aa ; jmp 0xfffa24aa
+
+loc_fffa2af0:
+push eax
+push eax
+push 0xd5
+lea eax, [ebp - 0x5efc]
+push eax
+call dword [ebp - 0x60df] ; ucall
+
+loc_fffa2b04:
+add esp, 0x10
+mov eax, 0x80000007
+
+loc_fffa2b0c:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa2b14: ; not directly referenced
+push ebp
+mov ecx, 9
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd3290 ; mov esi, 0xfffd3290
+push ebx
+sub esp, 0x100
+mov eax, dword [ebp + 8]
+lea edi, [ebp - 0x31]
+mov byte [ebp - 0x45], 0x40
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+mov eax, dword [eax + 0x5edc]
+mov byte [ebp - 0x44], 0x60
+mov byte [ebp - 0x43], 0x40
+mov byte [ebp - 0x42], 0x40
+mov dword [ebp - 0x70], eax
+mov eax, dword [ebp + 8]
+mov byte [ebp - 0x41], 0x40
+mov byte [ebp - 0x40], 0x19
+mov byte [ebp - 0x3f], 0x32
+mov ebx, dword [eax + 0x2443]
+mov eax, dword [eax + 0x18a7]
+mov byte [ebp - 0x3e], 0x14
+mov byte [ebp - 0x3d], 0x14
+mov byte [ebp - 0x3c], 0x19
+mov esi, eax
+mov byte [ebp - 0x51], 0x2e
+mov byte [ebp - 0x50], 0x46
+mov byte [ebp - 0x4f], 0x46
+mov byte [ebp - 0x4e], 0x2e
+mov byte [ebp - 0x3b], 0x21
+mov byte [ebp - 0x3a], 0x32
+mov byte [ebp - 0x39], 0x14
+mov byte [ebp - 0x38], 0x14
+mov byte [ebp - 0x37], 0x1d
+mov byte [ebp - 0x4d], 0x3b
+mov byte [ebp - 0x4c], 0x35
+mov byte [ebp - 0x4b], 0x35
+mov byte [ebp - 0x4a], 0x35
+mov dword [ebp - 0x88], eax
+mov eax, dword [ebp + 8]
+mov ecx, dword [ebp + 8]
+mov eax, dword [eax + 0x1887]
+mov edi, eax
+mov dword [ebp - 0x8c], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x1883]
+mov dword [ebp - 0xe8], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x80], eax
+mov eax, dword [ecx + esi*4 + 0x3735]
+mov dword [ebp - 0x7c], eax
+movzx eax, byte [ecx + 0x2409]
+mov dword [ebp - 0x90], eax
+mov al, byte [ecx + 0x3748]
+push 0
+push 2
+mov byte [ebp - 0xec], al
+lea eax, [ebp - 0x5a]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 5
+lea eax, [ebp - 0x3b]
+push eax
+lea eax, [ebp - 0x36]
+push eax
+call dword [ebx + 0x58] ; ucall
+add esp, 0xc
+push 4
+lea eax, [ebp - 0x4d]
+push eax
+lea eax, [ebp - 0x49]
+push eax
+call dword [ebx + 0x58] ; ucall
+mov eax, dword [ebp + 8]
+mov ebx, dword [eax + 0x2443]
+mov esi, dword [ebx + 0x14]
+push 0
+push 0
+push 0
+push 0
+call dword [ebx + 0x48] ; ucall
+add esp, 0x18
+push eax
+mov eax, dword [ebp + 8]
+movzx eax, word [eax + 0x2417]
+push eax
+call esi
+mov eax, dword [ebp + 8]
+movzx eax, word [eax + 0x2419]
+mov dword [esp], eax
+call dword [ebx + 8] ; ucall
+mov esi, dword [ebp + 8]
+mov ebx, dword [esi + 0x2443]
+shr eax, 0x10
+mov word [esi + 0x3752], ax
+mov esi, dword [ebx + 0x14]
+push 8
+push 0
+push 0
+push 0
+call dword [ebx + 0x48] ; ucall
+add esp, 0x18
+push eax
+mov eax, dword [ebp + 8]
+movzx eax, word [eax + 0x2417]
+push eax
+call esi
+mov eax, dword [ebp + 8]
+movzx eax, word [eax + 0x2419]
+mov dword [esp], eax
+call dword [ebx + 8] ; ucall
+mov esi, dword [ebp + 8]
+add esp, 0x10
+cmp edi, 0x40660
+sete dl
+cmp edi, 0x306c0
+mov byte [esi + 0x3754], al
+sete al
+or dl, al
+mov byte [ebp - 0x82], dl
+je short loc_fffa2d11 ; je 0xfffa2d11
+
+loc_fffa2ccd: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffa2d03 ; jne 0xfffa2d03
+imul eax, dword [ebp - 0x88], 0x2e
+mov edi, dword [ebp + 8]
+lea eax, [edi + eax + 0x3756]
+mov cx, word [eax + 0xa]
+movzx ebx, word [eax + 0xc]
+movzx edx, cx
+sub edx, ebx
+cmp edx, 4
+jle short loc_fffa2d03 ; jle 0xfffa2d03
+sub ecx, 4
+mov word [eax + 0xc], cx
+
+loc_fffa2d03: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+je short loc_fffa2d32 ; je 0xfffa2d32
+jmp short loc_fffa2d1d ; jmp 0xfffa2d1d
+
+loc_fffa2d11: ; not directly referenced
+cmp dword [ebp - 0x8c], 0x40670
+je short loc_fffa2ccd ; je 0xfffa2ccd
+
+loc_fffa2d1d: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x3c
+call fcn_fffc3c0d ; call 0xfffc3c0d
+test eax, eax
+je short loc_fffa2d5e ; je 0xfffa2d5e
+jmp short loc_fffa2dab ; jmp 0xfffa2dab
+
+loc_fffa2d32: ; not directly referenced
+imul eax, dword [ebp - 0x88], 0x2e
+mov edi, dword [ebp + 8]
+lea eax, [edi + eax + 0x4b19]
+mov cx, word [eax + 0xa]
+movzx ebx, word [eax + 0xc]
+movzx edx, cx
+sub edx, ebx
+cmp edx, 4
+jle short loc_fffa2d1d ; jle 0xfffa2d1d
+sub ecx, 4
+mov word [eax + 0xc], cx
+jmp short loc_fffa2d1d ; jmp 0xfffa2d1d
+
+loc_fffa2d5e: ; not directly referenced
+mov eax, dword [ebp + 8]
+sub esp, 0xc
+lea ecx, [ebp - 0x5b]
+lea edx, [ebp - 0x28]
+mov edi, dword [eax + 0x2443]
+lea eax, [ebp - 0x58]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa77b4 ; call 0xfffa77b4
+add esp, 0x10
+test eax, eax
+je loc_fffa2e3d ; je 0xfffa2e3d
+mov edi, dword [ebp + 8]
+mov dword [edi + 0x36d7], eax
+mov eax, dword [ebp - 0x28]
+mov dword [edi + 0x36df], eax
+mov eax, dword [ebp - 0x58]
+mov dword [edi + 0x36e3], eax
+mov al, byte [ebp - 0x5b]
+mov byte [edi + 0x36e7], al
+
+loc_fffa2dab: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x3d
+call fcn_fffc3c0d ; call 0xfffc3c0d
+mov eax, dword [ebp + 8]
+xor edx, edx
+mov ecx, 0x7d0
+mov edi, dword [ebp + 8]
+mov eax, dword [eax + 0x36df]
+div ecx
+mov word [edi + 0x2489], ax
+mov eax, dword [edi + 0x2480]
+cmp eax, 3
+sete bl
+cmp eax, 2
+mov dword [ebp - 0xf0], eax
+sete al
+movzx edi, bl
+cmp dword [ebp - 0x8c], 0x40650
+movzx eax, al
+mov byte [ebp - 0xdc], bl
+mov dword [ebp - 0xe0], eax
+sete bl
+cmp dword [ebp - 0x80], 1
+mov dword [ebp - 0x78], edi
+mov byte [ebp - 0x81], bl
+sete al
+mov byte [ebp - 0x6c], al
+or al, bl
+mov byte [ebp - 0x84], al
+jne loc_fffa2fd2 ; jne 0xfffa2fd2
+mov dword [ebp - 0x98], 0
+jmp near loc_fffa303e ; jmp 0xfffa303e
+
+loc_fffa2e3d: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x36e8], 0
+jne loc_fffa2f5a ; jne 0xfffa2f5a
+cmp dword [eax + 0x18a7], 1
+jne short loc_fffa2e6e ; jne 0xfffa2e6e
+mov al, byte [eax + 0x1876]
+test al, al
+je short loc_fffa2e6e ; je 0xfffa2e6e
+mov esi, dword [ebp + 8]
+mov byte [esi + 0x36e7], al
+jmp near loc_fffa2f5a ; jmp 0xfffa2f5a
+
+loc_fffa2e6e: ; not directly referenced
+mov esi, dword [ebp + 8]
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x74], 0x3e8
+mov esi, dword [esi + 0x36d7]
+mov eax, dword [eax + 0x187b]
+mov dword [ebp - 0x6c], esi
+mov esi, dword [ebp + 8]
+mov ecx, dword [esi + 0x5edc]
+mov esi, dword [esi + 0x2443]
+test eax, eax
+je short loc_fffa2ea9 ; je 0xfffa2ea9
+mov ebx, 0x186a0
+xor edx, edx
+div ebx
+mov dword [ebp - 0x74], eax
+
+loc_fffa2ea9: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x1887], 0x306d0
+jne short loc_fffa2f03 ; jne 0xfffa2f03
+cmp dword [eax + 0x1883], 4
+jbe short loc_fffa2f03 ; jbe 0xfffa2f03
+cmp byte [eax + 0x2442], 1
+jne short loc_fffa2f03 ; jne 0xfffa2f03
+cmp dword [eax + 0x1877], 2
+jne short loc_fffa2f03 ; jne 0xfffa2f03
+cmp dword [ebp - 0x6c], 0x640
+jne short loc_fffa2f03 ; jne 0xfffa2f03
+mov eax, dword [ecx + 0x1c6]
+test eax, eax
+je short loc_fffa2f03 ; je 0xfffa2f03
+cmp byte [ecx + 0x1ca], 0
+jne short loc_fffa2ef6 ; jne 0xfffa2ef6
+cmp eax, 0x63f
+jbe short loc_fffa2f03 ; jbe 0xfffa2f03
+
+loc_fffa2ef6: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov dword [eax + 0x36e3], 1
+
+loc_fffa2f03: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ebx, 0x30d40
+cmp dword [eax + 0x36e3], 1
+mov eax, 0x411ab
+cmovne ebx, eax
+xor edx, edx
+push eax
+mov eax, dword [ebp - 0x6c]
+push 0x3b9aca00
+push edx
+push eax
+call dword [esi + 0x70] ; ucall
+mov ecx, dword [ebp - 0x74]
+mov dword [esp], 0
+imul ecx, ebx
+xor ebx, ebx
+push ebx
+push ecx
+push edx
+push eax
+call dword [esi + 0x74] ; ucall
+mov ecx, 0x3e8
+xor edx, edx
+mov esi, dword [ebp + 8]
+add esp, 0x20
+add eax, 0x1f4
+div ecx
+mov byte [esi + 0x36e7], al
+
+loc_fffa2f5a: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov bl, byte [eax + 0x36e7]
+lea eax, [ebx - 3]
+cmp al, 0xc
+jbe short loc_fffa2f74 ; jbe 0xfffa2f74
+
+loc_fffa2f6a: ; not directly referenced
+mov edx, 0x16
+jmp near loc_fffa5b40 ; jmp 0xfffa5b40
+
+loc_fffa2f74: ; not directly referenced
+mov eax, dword [ebp + 8]
+and ebx, 0xf
+mov edx, 0x5e00
+cmp dword [eax + 0x36e3], 0
+setne al
+movzx eax, al
+shl eax, 4
+or ebx, eax
+mov eax, dword [ebp + 8]
+or ebx, 0x80000000
+mov ecx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+call dword [edi + 0x54] ; ucall
+lea esi, [eax + 0x2710]
+
+loc_fffa2faa: ; not directly referenced
+shr ebx, 0x18
+test bl, bl
+jns loc_fffa5aca ; jns 0xfffa5aca
+call dword [edi + 0x54] ; ucall
+cmp edx, 0
+ja short loc_fffa2f6a ; ja 0xfffa2f6a
+cmp eax, esi
+jae short loc_fffa2f6a ; jae 0xfffa2f6a
+mov eax, dword [ebp + 8]
+mov edx, 0x5e00
+call fcn_fffae52a ; call 0xfffae52a
+mov ebx, eax
+jmp short loc_fffa2faa ; jmp 0xfffa2faa
+
+loc_fffa2fd2: ; not directly referenced
+xor ecx, ecx
+cmp dword [ebp - 0x90], 0
+sete cl
+shl ecx, 0xa
+cmp dword [ebp - 0x78], 0
+je short loc_fffa300a ; je 0xfffa300a
+mov eax, dword [ebp + 8]
+or ch, 8
+mov al, byte [eax + 0x240c]
+mov edx, eax
+and edx, 0xf
+shr al, 4
+shl edx, 0xc
+and eax, 0xf
+shl eax, 0x10
+or ecx, edx
+or ecx, eax
+jmp short loc_fffa301c ; jmp 0xfffa301c
+
+loc_fffa300a: ; not directly referenced
+mov edi, dword [ebp - 0xe0]
+mov eax, ecx
+or eax, 0x100000
+test edi, edi
+cmovne ecx, eax
+
+loc_fffa301c: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x2008
+call fcn_fffae58c ; call 0xfffae58c
+xor eax, eax
+cmp dword [ebp - 0x8c], 0x40670
+setne al
+mov dword [ebp - 0x98], eax
+
+loc_fffa303e: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x5034
+movzx ecx, byte [eax + 0x36cf]
+movzx eax, byte [eax + 0x36d0]
+shl ecx, 0x18
+shl eax, 0x10
+or ecx, eax
+mov eax, dword [ebp + 8]
+movzx eax, byte [eax + 0x36d2]
+or ecx, eax
+mov eax, dword [ebp + 8]
+movzx eax, byte [eax + 0x36d1]
+shl eax, 8
+or ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x7c], 0x546
+ja short loc_fffa309c ; ja 0xfffa309c
+cmp dword [ebp - 0x7c], 0x4e2
+mov byte [ebp - 0x74], 0
+setbe byte [ebp - 0xd8]
+jmp short loc_fffa30a7 ; jmp 0xfffa30a7
+
+loc_fffa309c: ; not directly referenced
+mov byte [ebp - 0xd8], 0
+mov byte [ebp - 0x74], 1
+
+loc_fffa30a7: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa30d0 ; je 0xfffa30d0
+mov edi, dword [ebp + 8]
+xor eax, eax
+cmp byte [edi + 0x240f], 0
+je short loc_fffa30c7 ; je 0xfffa30c7
+xor eax, eax
+cmp dword [ebp - 0x7c], 0x5db
+setbe al
+
+loc_fffa30c7: ; not directly referenced
+mov edi, dword [ebp - 0x70]
+mov byte [edi + 0x1c5], al
+
+loc_fffa30d0: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x3918
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, dword [ebp + 8]
+mov dl, byte [edi + 0x36e7]
+and eax, 3
+cmp dword [edi + 0x36e3], 1
+sbb ecx, ecx
+and ecx, 0xfffffffe
+add ecx, 6
+sub edx, ecx
+mov cl, 4
+cmp dl, 4
+cmovle ecx, edx
+xor edx, edx
+test cl, cl
+cmovns edx, ecx
+cmp byte [ebp - 0x81], 0
+je short loc_fffa3132 ; je 0xfffa3132
+movzx ebx, byte [ebp - 0x74]
+cmp dl, 2
+mov cl, 2
+cmovle ecx, edx
+movzx eax, al
+movsx ecx, cl
+lea ebx, [ebx + ebx*2]
+add ecx, ebx
+mov al, byte [eax + ecx*4 + ref_fffd32d4] ; mov al, byte [eax + ecx*4 - 0x2cd2c]
+jmp short loc_fffa314e ; jmp 0xfffa314e
+
+loc_fffa3132: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+jne short loc_fffa3156 ; jne 0xfffa3156
+movzx ecx, byte [ebp - 0x74]
+movsx edx, dl
+movzx eax, al
+lea ecx, [ecx + ecx*4]
+add edx, ecx
+mov al, byte [eax + edx*4 + ref_fffd32ac] ; mov al, byte [eax + edx*4 - 0x2cd54]
+
+loc_fffa314e: ; not directly referenced
+mov byte [ebp - 0xc8], al
+jmp short loc_fffa315d ; jmp 0xfffa315d
+
+loc_fffa3156: ; not directly referenced
+mov byte [ebp - 0xc8], 4
+
+loc_fffa315d: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffa317e ; jne 0xfffa317e
+imul eax, dword [ebp - 0x88], 0x2e
+mov edi, dword [ebp + 8]
+mov ax, word [edi + eax + 0x3760]
+mov byte [ebp - 0x5a], al
+
+loc_fffa317e: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+jne short loc_fffa319f ; jne 0xfffa319f
+imul eax, dword [ebp - 0x88], 0x2e
+mov edi, dword [ebp + 8]
+mov ax, word [edi + eax + 0x4b23]
+mov byte [ebp - 0x59], al
+
+loc_fffa319f: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor esi, esi
+mov byte [ebp - 0x83], 0
+lea edi, [eax + 0x381a]
+add eax, 0x1eaa
+mov dword [ebp - 0xe4], eax
+
+loc_fffa31bc: ; not directly referenced
+cmp dword [edi - 0xc4], 2
+jne loc_fffa3346 ; jne 0xfffa3346
+cmp dword [edi - 4], 2
+mov ecx, esi
+mov ebx, dword [ebp + 8]
+sete al
+add byte [ebp - 0x83], al
+mov eax, 1
+shl eax, cl
+or byte [ebx + 0x248e], al
+mov al, byte [edi]
+or byte [ebx + 0x248d], al
+mov cl, byte [edi]
+and ecx, 0xf
+cmp dword [ebp - 0x78], 0
+je short loc_fffa3215 ; je 0xfffa3215
+mov ebx, dword [ebp - 0xe4]
+xor ecx, ecx
+cmp byte [ebx - 1], 0
+setne cl
+mov eax, ecx
+or eax, 2
+cmp byte [ebx], 0
+cmovne ecx, eax
+
+loc_fffa3215: ; not directly referenced
+mov eax, dword [ebp + 8]
+lea ebx, [esi + 0x18]
+shl ebx, 8
+mov edx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+movzx eax, byte [edi]
+and eax, 0xf
+cmp byte [ebp - 0x81], 0
+mov ecx, eax
+je short loc_fffa3250 ; je 0xfffa3250
+cmp dword [ebp - 0x78], 0
+je short loc_fffa324b ; je 0xfffa324b
+mov edx, dword [ebp + 8]
+or ecx, 0x20
+cmp byte [edx + 0x240a], 0
+jne short loc_fffa3250 ; jne 0xfffa3250
+
+loc_fffa324b: ; not directly referenced
+or eax, 0x30
+mov ecx, eax
+
+loc_fffa3250: ; not directly referenced
+cmp byte [ebp - 0xec], 0
+sete al
+and al, byte [ebp - 0x6c]
+mov byte [ebp - 0xf4], al
+je short loc_fffa3268 ; je 0xfffa3268
+or ecx, 0x40
+
+loc_fffa3268: ; not directly referenced
+lea eax, [ebx - 0x1800]
+mov dword [ebp - 0xf8], eax
+mov eax, dword [ebp + 8]
+lea edx, [ebx + 0x420]
+call fcn_fffae58c ; call 0xfffae58c
+mov dl, byte [edi]
+mov ebx, edx
+and ebx, 0xf
+cmp dword [ebp - 0x78], 0
+je loc_fffa3317 ; je 0xfffa3317
+mov eax, dword [ebp + 8]
+lea ecx, [esi*4]
+xor ebx, ebx
+mov dword [ebp - 0xa8], 0
+movzx eax, byte [eax + 0x240c]
+sar eax, cl
+movzx ecx, dl
+and eax, 0xf
+mov dword [ebp - 0xfc], ecx
+
+loc_fffa32be: ; not directly referenced
+mov cl, byte [ebp - 0xa8]
+mov edx, dword [ebp - 0xfc]
+sar edx, cl
+xor ecx, ecx
+mov dword [ebp - 0x94], edx
+and dword [ebp - 0x94], 1
+
+loc_fffa32db: ; not directly referenced
+mov edx, eax
+shr edx, cl
+and edx, 1
+cmp edx, dword [ebp - 0xa8]
+jne short loc_fffa32ff ; jne 0xfffa32ff
+cmp dword [ebp - 0x94], 0
+je short loc_fffa32ff ; je 0xfffa32ff
+mov edx, 1
+shl edx, cl
+or ebx, edx
+and ebx, 0xf
+
+loc_fffa32ff: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffa32db ; jne 0xfffa32db
+inc dword [ebp - 0xa8]
+cmp dword [ebp - 0xa8], 4
+jne short loc_fffa32be ; jne 0xfffa32be
+and ebx, 0xf
+
+loc_fffa3317: ; not directly referenced
+mov cl, byte [ebp - 0xf4]
+mov eax, ebx
+or eax, 0x40
+mov edx, dword [ebp - 0xf8]
+test cl, cl
+cmovne ebx, eax
+mov eax, dword [ebp + 8]
+add edx, 0x1220
+mov ecx, ebx
+and ebx, 0xf
+call fcn_fffae58c ; call 0xfffae58c
+mov byte [edi + 0xfce], bl
+
+loc_fffa3346: ; not directly referenced
+inc esi
+add edi, 0x13c3
+add dword [ebp - 0xe4], 0x54a
+cmp esi, 2
+jne loc_fffa31bc ; jne 0xfffa31bc
+cmp dword [ebp - 0x80], 1
+mov ebx, 0x3620
+sbb eax, eax
+xor edi, edi
+mov dword [ebp - 0xa8], eax
+and byte [ebp - 0xa8], 0xfa
+add byte [ebp - 0xa8], 7
+mov eax, dword [ebp - 0xa8]
+and eax, 0x1f
+mov dword [ebp - 0xec], eax
+
+loc_fffa3390: ; not directly referenced
+mov eax, dword [ebp + 8]
+movzx eax, byte [eax + 0x248d]
+bt eax, edi
+jb short loc_fffa33ad ; jb 0xfffa33ad
+
+loc_fffa339f: ; not directly referenced
+inc edi
+add ebx, 4
+cmp edi, 4
+jne short loc_fffa3390 ; jne 0xfffa3390
+jmp near loc_fffa34a4 ; jmp 0xfffa34a4
+
+loc_fffa33ad: ; not directly referenced
+mov ecx, dword [ebp - 0xec]
+lea edx, [ebx - 0x20]
+mov eax, dword [ebp + 8]
+shl ecx, 0xf
+or ecx, 0x2004040
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+lea edx, [ebx - 0x10]
+mov ecx, 0x88888888
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, ebx
+cmp byte [ebp - 0x6c], 1
+sbb esi, esi
+and esi, 0xf00000
+add esi, 0x2c08060
+mov ecx, esi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+lea edx, [ebx + 0x10]
+mov ecx, 0x88888888
+shr esi, 0x14
+and esi, 0x3f
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov ecx, dword [ebp + 8]
+imul eax, edi, 0x12
+lea edx, [edi + edi*8]
+mov byte [ebp - 0xe4], 2
+lea eax, [ecx + eax + 0x3756]
+lea edx, [ecx + edx + 0x3756]
+mov dword [ebp - 0x94], eax
+
+loc_fffa342f: ; not directly referenced
+xor eax, eax
+
+loc_fffa3431: ; not directly referenced
+mov ecx, dword [ebp - 0x94]
+mov word [ecx + eax*2 + 0x169], 0x60
+mov word [ecx + eax*2 + 0x121], 0x40
+mov ecx, esi
+mov byte [edx + eax + 0x24d], cl
+mov ecx, dword [ebp - 0x94]
+mov word [ecx + eax*2 + 0x1b1], 0x40
+mov cl, byte [ebp - 0xa8]
+mov byte [edx + eax + 0x104a], 0x20
+mov byte [edx + eax + 0x106e], 0x20
+mov byte [edx + eax + 0x1026], cl
+inc eax
+cmp eax, 9
+jne short loc_fffa3431 ; jne 0xfffa3431
+add dword [ebp - 0x94], 0x13c3
+add edx, 0x13c3
+dec byte [ebp - 0xe4]
+jne short loc_fffa342f ; jne 0xfffa342f
+jmp near loc_fffa339f ; jmp 0xfffa339f
+
+loc_fffa34a4: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x3648
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 0x88888888
+call fcn_fffaa226 ; call 0xfffaa226
+mov eax, dword [ebp + 8]
+mov edx, 0x3670
+cmp dword [eax + 0x188b], 1
+mov eax, 0x367c
+cmove edx, eax
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 0x365c
+cmp dword [eax + 0x188b], 1
+mov eax, 0x3668
+cmove edx, eax
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov al, byte [ebp - 0x74]
+and eax, 1
+mov edi, eax
+mov byte [ebp - 0x94], al
+mov al, byte [ebp - 0x98]
+and edi, 1
+shl edi, 0x13
+and eax, 1
+mov byte [ebp - 0xe4], al
+and eax, 1
+shl eax, 0x1a
+or edi, eax
+cmp dword [ebp - 0x78], 0
+je short loc_fffa3551 ; je 0xfffa3551
+mov bl, byte [ebp - 0x84]
+or edi, 0x10000000
+mov eax, edi
+or eax, 0x80000000
+test bl, bl
+cmovne edi, eax
+or edi, 0x40000000
+
+loc_fffa3551: ; not directly referenced
+mov bl, byte [ebp - 0x82]
+mov eax, edi
+mov edx, 0x3674
+or ah, 1
+test bl, bl
+cmovne edi, eax
+mov eax, dword [ebp + 8]
+mov ecx, edi
+cmp dword [eax + 0x188b], 1
+mov eax, 0x3680
+cmove edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x190a], 1
+mov eax, dword [ebp - 0xc8]
+sbb esi, esi
+not esi
+and eax, 7
+and esi, 0x40
+shl eax, 0xa
+or esi, eax
+or esi, 0x7efc010
+cmp dword [ebp - 0x78], 0
+je short loc_fffa35c5 ; je 0xfffa35c5
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa35c5 ; je 0xfffa35c5
+mov eax, dword [ebp + 8]
+movzx eax, byte [eax + 0x1922]
+and eax, 7
+shl eax, 0x1b
+or esi, eax
+
+loc_fffa35c5: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x3660
+mov ecx, esi
+cmp dword [eax + 0x188b], 1
+mov eax, 0x366c
+cmove edx, eax
+mov eax, dword [ebp + 8]
+xor ebx, ebx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+cmp byte [ebp - 0x81], 0
+je short loc_fffa3603 ; je 0xfffa3603
+cmp dword [ebp - 0x78], 1
+sbb ebx, ebx
+and ebx, 0xfffffe80
+add ebx, 0x3f180
+
+loc_fffa3603: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa3663 ; je 0xfffa3663
+mov eax, ebx
+mov ecx, dword [ebp - 0x70]
+and eax, 0xe3fc01ff
+or eax, 0x3f000
+mov ebx, eax
+or eax, 0x10000000
+or ebx, 0x12400000
+cmp byte [ecx + 0x1c5], 0
+mov ecx, dword [ebp + 8]
+cmove ebx, eax
+mov eax, ebx
+or eax, 0x80000
+cmp byte [ecx + 0x240d], 0
+cmovne ebx, eax
+cmp dword [ebp - 0x78], 0
+je short loc_fffa3651 ; je 0xfffa3651
+or ebx, 0x180
+jmp short loc_fffa3663 ; jmp 0xfffa3663
+
+loc_fffa3651: ; not directly referenced
+mov ecx, dword [ebp - 0xe0]
+mov eax, ebx
+or eax, 0x300000
+test ecx, ecx
+cmovne ebx, eax
+
+loc_fffa3663: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+mov dword [ebp - 0x74], 0
+add eax, 0x1c
+mov dword [ebp - 0xc8], eax
+
+loc_fffa3676: ; not directly referenced
+imul eax, dword [ebp - 0x74], 0x13c3
+mov ecx, dword [ebp + 8]
+cmp dword [ecx + eax + 0x3756], 2
+je short loc_fffa36a2 ; je 0xfffa36a2
+
+loc_fffa368a: ; not directly referenced
+inc dword [ebp - 0x74]
+add dword [ebp - 0xc8], 0xcc
+cmp dword [ebp - 0x74], 2
+jne short loc_fffa3676 ; jne 0xfffa3676
+jmp near loc_fffa3762 ; jmp 0xfffa3762
+
+loc_fffa36a2: ; not directly referenced
+mov eax, dword [ebp - 0xc8]
+mov byte [ebp - 0xa8], 0
+mov dword [eax], edi
+mov eax, dword [ebp - 0x74]
+movzx eax, byte [ebp + eax - 0x5a]
+lea eax, [eax + eax - 6]
+movzx eax, al
+mov dword [ebp - 0xf4], eax
+
+loc_fffa36c6: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov al, byte [ebp - 0xa8]
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffa368a ; jae 0xfffa368a
+movzx eax, byte [ebp - 0xa8]
+and ebx, 0xffffffe0
+mov edx, dword [ebp - 0xc8]
+mov ecx, eax
+lea eax, [edx + eax*4]
+mov edx, dword [ebp - 0x74]
+mov dword [eax + 0x54], 0
+mov dword [eax + 0x78], 0
+mov dword [ebp - 0xec], eax
+mov dword [eax + 4], esi
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x98], ecx
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebp - 0x98]
+mov dword [ebp - 0xe0], eax
+movzx eax, byte [ebp + ecx - 0x31]
+mov ecx, dword [ebp + 8]
+imul eax, dword [ebp - 0xf4]
+movzx ecx, byte [ecx + 0x2488]
+cdq
+idiv ecx
+mov edx, dword [ebp - 0xe0]
+and eax, 0x1f
+or ebx, eax
+mov eax, dword [ebp + 8]
+mov ecx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0xec]
+inc byte [ebp - 0xa8]
+mov dword [eax + 0x28], ebx
+jmp near loc_fffa36c6 ; jmp 0xfffa36c6
+
+loc_fffa3762: ; not directly referenced
+mov edi, dword [ebp - 0x7c]
+mov eax, edi
+movzx ebx, di
+sub ax, 0x3b6
+mov word [ebp - 0xc8], ax
+movzx eax, ax
+mov dword [ebp - 0xec], eax
+imul eax, eax, 0xc0
+cdq
+idiv ebx
+sub eax, 0x14
+mov word [ebp - 0xf4], ax
+movzx eax, ax
+add eax, 0x4d8140
+cmp byte [ebp - 0x81], 0
+mov dword [ebp - 0x74], eax
+je short loc_fffa37b4 ; je 0xfffa37b4
+mov ecx, eax
+mov eax, dword [ebp + 8]
+mov edx, 0x366c
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffa37b4: ; not directly referenced
+cmp byte [ebp - 0x82], 0
+je short loc_fffa37cd ; je 0xfffa37cd
+mov ecx, dword [ebp - 0x74]
+mov edx, 0x306c
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffa37cd: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa3817 ; je 0xfffa3817
+mov ecx, dword [ebp - 0x74]
+mov eax, dword [ebp - 0x8c]
+and ch, 0x3f
+cmp eax, 0x306d0
+je short loc_fffa3801 ; je 0xfffa3801
+cmp dword [ebp - 0xe8], 0
+setne dl
+cmp eax, 0x40670
+sete al
+test dl, al
+jne short loc_fffa3801 ; jne 0xfffa3801
+or ch, 0x40
+jmp short loc_fffa3804 ; jmp 0xfffa3804
+
+loc_fffa3801: ; not directly referenced
+or ch, 0x50
+
+loc_fffa3804: ; not directly referenced
+mov dword [ebp - 0x74], ecx
+mov eax, dword [ebp + 8]
+mov edx, 0x3678
+mov ecx, dword [ebp - 0x74]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffa3817: ; not directly referenced
+mov eax, dword [ebp - 0x74]
+mov edx, 0x3a24
+mov esi, ref_fffd329c ; mov esi, 0xfffd329c
+shl ebx, 7
+lea edi, [ebp - 0x28]
+mov ecx, eax
+mov dword [ebp - 0xfc], eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov ecx, 4
+mov byte [ebp - 0xa8], 0
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+xor esi, esi
+movzx eax, word [eax + 0x1904]
+imul eax, eax, 0x2ee00
+cdq
+idiv ebx
+sub ax, 0x3e8
+mov word [ebp - 0xe8], ax
+mov eax, 0x3e8
+
+loc_fffa386d: ; not directly referenced
+mov edi, dword [ebp - 0xe8]
+mov ebx, esi
+xor edx, edx
+sub di, word [ebp + esi*2 - 0x28]
+mov byte [ebp - 0xe0], bl
+mov ebx, eax
+mov byte [ebp - 0x98], cl
+mov word [ebp - 0xf8], di
+
+loc_fffa3891: ; not directly referenced
+mov eax, dword [ebp - 0xf8]
+mov cl, dl
+sub ax, word [ebp + edx*2 - 0x28]
+mov edi, eax
+sar di, 0xf
+xor eax, edi
+sub eax, edi
+cmp bx, ax
+jg short loc_fffa38b7 ; jg 0xfffa38b7
+mov cl, byte [ebp - 0x98]
+mov eax, ebx
+jmp short loc_fffa38c3 ; jmp 0xfffa38c3
+
+loc_fffa38b7: ; not directly referenced
+mov bl, byte [ebp - 0xe0]
+mov byte [ebp - 0xa8], bl
+
+loc_fffa38c3: ; not directly referenced
+inc edx
+cmp edx, 8
+je short loc_fffa38d3 ; je 0xfffa38d3
+mov byte [ebp - 0x98], cl
+mov ebx, eax
+jmp short loc_fffa3891 ; jmp 0xfffa3891
+
+loc_fffa38d3: ; not directly referenced
+inc esi
+cmp esi, 8
+jne short loc_fffa386d ; jne 0xfffa386d
+xor eax, eax
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa38ea ; je 0xfffa38ea
+mov ax, 0xb40
+xor edx, edx
+div dword [ebp - 0x7c]
+
+loc_fffa38ea: ; not directly referenced
+cmp byte [ebp - 0x81], 0
+je short loc_fffa3901 ; je 0xfffa3901
+mov edx, eax
+shl edx, 0x12
+lea edi, [edx + 0x2051c]
+mov dword [ebp - 0x74], edi
+
+loc_fffa3901: ; not directly referenced
+cmp byte [ebp - 0x82], 0
+jne short loc_fffa3914 ; jne 0xfffa3914
+cmp byte [ebp - 0x6c], 0
+je loc_fffa399b ; je 0xfffa399b
+
+loc_fffa3914: ; not directly referenced
+mov edi, dword [ebp - 0xa8]
+shl eax, 0x12
+lea ecx, [ecx + edi*8]
+movzx ecx, cl
+shl ecx, 0xc
+add ecx, eax
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa3992 ; je 0xfffa3992
+xor eax, eax
+xor ebx, ebx
+xor esi, esi
+
+loc_fffa3934: ; not directly referenced
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x1973], 0
+jne short loc_fffa394d ; jne 0xfffa394d
+cmp byte [edi + eax + 0x1be9], 1
+adc bl, 0
+inc esi
+
+loc_fffa394d: ; not directly referenced
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x1bea], 0
+jne short loc_fffa3966 ; jne 0xfffa3966
+cmp byte [edi + eax + 0x1e60], 1
+adc bl, 0
+inc esi
+
+loc_fffa3966: ; not directly referenced
+add eax, 0x54a
+cmp eax, 0xa94
+jne short loc_fffa3934 ; jne 0xfffa3934
+mov eax, esi
+cmp al, bl
+sete al
+or eax, dword [ebp - 0xdc]
+cmp al, 1
+sbb edx, edx
+and edx, 4
+lea eax, [edx + ecx + 0x518]
+mov dword [ebp - 0x74], eax
+jmp short loc_fffa399f ; jmp 0xfffa399f
+
+loc_fffa3992: ; not directly referenced
+lea eax, [ecx + 0x53f]
+mov dword [ebp - 0x74], eax
+
+loc_fffa399b: ; not directly referenced
+xor ebx, ebx
+xor esi, esi
+
+loc_fffa399f: ; not directly referenced
+cmp byte [ebp - 0x81], 0
+je short loc_fffa39b8 ; je 0xfffa39b8
+mov ecx, dword [ebp - 0x74]
+mov edx, 0xf68
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa39b8: ; not directly referenced
+cmp byte [ebp - 0x82], 0
+je short loc_fffa39d1 ; je 0xfffa39d1
+mov ecx, dword [ebp - 0x74]
+mov edx, 0xf6c
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa39d1: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa39e7 ; je 0xfffa39e7
+mov ecx, dword [ebp - 0x74]
+mov edx, 0xf74
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa39e7: ; not directly referenced
+mov eax, dword [ebp - 0x94]
+mov cl, 3
+and eax, 1
+shl eax, 0x1a
+or eax, 0xe00000
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa3a12 ; je 0xfffa3a12
+mov ecx, esi
+cmp cl, bl
+sete cl
+or ecx, dword [ebp - 0xdc]
+neg ecx
+add ecx, 3
+
+loc_fffa3a12: ; not directly referenced
+mov ebx, ecx
+mov edx, 0x3678
+and ebx, 3
+shl ebx, 0x18
+or ebx, eax
+mov eax, dword [ebp + 8]
+mov ecx, ebx
+cmp dword [eax + 0x188b], 1
+mov eax, 0x3684
+cmove edx, eax
+mov eax, dword [ebp + 8]
+xor edi, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp - 0x70]
+mov dword [eax + 0x14], ebx
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x74], eax
+mov eax, dword [ebp - 0x94]
+and eax, 1
+mov dword [ebp - 0xdc], eax
+
+loc_fffa3a5a: ; not directly referenced
+cmp dword [ebx + 0x3756], 2
+jne loc_fffa3c8b ; jne 0xfffa3c8b
+mov eax, dword [ebp - 0xdc]
+lea edx, [edi + 0x1810]
+mov ecx, dword [ebp - 0x78]
+shl eax, 0x1b
+mov esi, eax
+or eax, 0x10
+or esi, 0x20000010
+test ecx, ecx
+mov cl, byte [ebp - 0x6c]
+cmove esi, eax
+mov eax, esi
+and eax, 0x7fffffff
+test cl, cl
+cmovne esi, eax
+mov eax, dword [ebp + 8]
+mov ecx, esi
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x6c], 0
+mov dword [ebp - 0xa8], esi
+je short loc_fffa3aba ; je 0xfffa3aba
+and esi, 0x7fffffbf
+mov dword [ebp - 0xa8], esi
+
+loc_fffa3aba: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x190a], 0
+je short loc_fffa3ad6 ; je 0xfffa3ad6
+or dword [ebp - 0xa8], 0x10000000
+or esi, 0x10000000
+
+loc_fffa3ad6: ; not directly referenced
+or esi, 0x18000
+cmp dword [ebp - 0x80], 1
+lea edx, [edi + 0x320c]
+setne al
+and esi, 0xffff9fff
+mov byte [ebp - 0x98], al
+and eax, 1
+shl eax, 0xd
+or esi, eax
+mov eax, dword [ebp + 8]
+mov ecx, esi
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0x74]
+lea edx, [edi + 0x121c]
+mov al, byte [ebp - 0x98]
+mov byte [ecx + 0xd0], al
+mov eax, dword [ebp + 8]
+mov ecx, esi
+and ecx, 0xffe1bfff
+or ecx, 0x120000
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0xa8]
+lea edx, [edi + 0x1c1c]
+mov esi, dword [ebp - 0x80]
+and eax, 0xffe1ffff
+or eax, 0x20000
+mov ecx, eax
+or eax, 0x100000
+or ecx, 0x40100000
+test esi, esi
+cmove eax, ecx
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+lea edx, [edi + 0x3208]
+cmp byte [ebp - 0x84], 0
+je short loc_fffa3b85 ; je 0xfffa3b85
+mov eax, dword [ebp + 8]
+mov ecx, 0xc183060
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffa3b9b ; jmp 0xfffa3b9b
+
+loc_fffa3b85: ; not directly referenced
+cmp byte [ebp - 0x82], 0
+je short loc_fffa3b9b ; je 0xfffa3b9b
+mov eax, dword [ebp + 8]
+mov ecx, 0x60
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffa3b9b: ; not directly referenced
+mov eax, dword [ebp + 8]
+lea edx, [edi + 0x1208]
+mov ecx, 0xc183060
+mov dword [ebx + 0x386f], 0x60
+mov dword [ebx + 0x3867], 0x60
+mov dword [ebx + 0x3873], 0x60
+mov dword [ebx + 0x386b], 0x60
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+lea edx, [edi + 0x3418]
+mov ecx, 0x8102040
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+lea edx, [edi + 0x180c]
+mov ecx, 0x8102040
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov byte [ebx + 0x3997], 0x40
+lea edx, [edi + 0x3204]
+mov byte [ebx + 0x399b], 0x40
+mov byte [ebx + 0x3998], 0x40
+mov byte [ebx + 0x399c], 0x40
+mov byte [ebx + 0x3999], 0x40
+mov byte [ebx + 0x399d], 0x40
+mov byte [ebx + 0x399a], 0x40
+mov byte [ebx + 0x399e], 0x40
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa3c5a ; je 0xfffa3c5a
+mov eax, dword [ebp + 8]
+lea edx, [edi + 0x1204]
+xor ecx, ecx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa3c5a: ; not directly referenced
+mov esi, dword [ebp - 0x74]
+lea edx, [edi + 0x3414]
+xor ecx, ecx
+mov eax, dword [ebp + 8]
+mov dword [esi + 0x68], 0
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+lea edx, [edi + 0x1808]
+mov dword [esi + 0x6c], 0
+xor ecx, ecx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa3c8b: ; not directly referenced
+add edi, 0x100
+add ebx, 0x13c3
+add dword [ebp - 0x74], 0xcc
+cmp edi, 0x200
+jne loc_fffa3a5a ; jne 0xfffa3a5a
+mov al, byte [ebp - 0xe4]
+mov edi, dword [ebp - 0x70]
+shl eax, 3
+cmp byte [ebp - 0x83], 0
+mov dword [edi + 0xc], 0
+mov byte [edi + 0xc], al
+je short loc_fffa3cd9 ; je 0xfffa3cd9
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x187f], 1
+jne short loc_fffa3cd9 ; jne 0xfffa3cd9
+mov byte [ebp - 0x35], 0x3c
+
+loc_fffa3cd9: ; not directly referenced
+cmp dword [ebp - 0x8c], 0x306d0
+mov bl, byte [ebp - 0x81]
+sete al
+or bl, al
+je short loc_fffa3d0c ; je 0xfffa3d0c
+mov eax, dword [ebp - 0x70]
+mov byte [ebp - 0x40], 0x28
+mov byte [ebp - 0x36], 0x28
+mov byte [ebp - 0x3c], 0x28
+cmp byte [eax + 0x1c5], 0
+je short loc_fffa3d0c ; je 0xfffa3d0c
+mov byte [ebp - 0x35], 0x20
+
+loc_fffa3d0c: ; not directly referenced
+mov edi, 0xc
+xor ebx, ebx
+
+loc_fffa3d13: ; not directly referenced
+movzx ecx, byte [ebp + ebx - 0x40]
+movzx edx, byte [ebp + ebx - 0x36]
+movzx eax, byte [ebp + ebx - 0x45]
+mov esi, ecx
+sub esi, edx
+add ecx, edx
+imul eax, esi
+add ecx, ecx
+cdq
+idiv ecx
+cmp bl, 1
+jne short loc_fffa3d76 ; jne 0xfffa3d76
+mov esi, dword [ebp - 0x70]
+cmp ax, 0xfff0
+mov ecx, 0xfffffff0
+cmovge ecx, eax
+mov edx, 0xf
+cmp cx, 0xf
+cmovle edx, ecx
+mov al, byte [esi + 0xd]
+mov ecx, edx
+and ecx, 1
+shl ecx, 7
+shr dx, 1
+and eax, 0x7f
+and edx, 0xf
+or eax, ecx
+mov byte [esi + 0xd], al
+mov al, byte [esi + 0xe]
+and eax, 0xfffffff0
+or eax, edx
+mov byte [esi + 0xe], al
+jmp short loc_fffa3db3 ; jmp 0xfffa3db3
+
+loc_fffa3d76: ; not directly referenced
+cmp ax, 0xfff8
+mov esi, 0xfffffff8
+cmovl eax, esi
+mov esi, 7
+cmp ax, 7
+cmovg eax, esi
+test bl, bl
+jne short loc_fffa3da8 ; jne 0xfffa3da8
+mov esi, dword [ebp - 0x70]
+and eax, 0xf
+shl eax, 3
+mov dl, byte [esi + 0xd]
+and edx, 0xffffff87
+or edx, eax
+mov byte [esi + 0xd], dl
+jmp short loc_fffa3db3 ; jmp 0xfffa3db3
+
+loc_fffa3da8: ; not directly referenced
+mov esi, dword [ebp - 0x70]
+cwde
+mov ecx, edi
+shl eax, cl
+or dword [esi + 0xc], eax
+
+loc_fffa3db3: ; not directly referenced
+inc ebx
+add edi, 4
+cmp ebx, 5
+jne loc_fffa3d13 ; jne 0xfffa3d13
+mov eax, dword [ebp - 0x70]
+mov edx, 0x3a14
+mov ecx, dword [eax + 0xc]
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov ebx, dword [ebp - 0x94]
+and ebx, 1
+shl ebx, 0x19
+and ebx, 0xfeffffff
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa3dff ; je 0xfffa3dff
+mov eax, dword [ebp - 0xd8]
+or ebx, 0x20000000
+and eax, 1
+shl eax, 0x1a
+or ebx, eax
+
+loc_fffa3dff: ; not directly referenced
+imul eax, dword [ebp - 0x88], 0x2e
+add eax, dword [ebp + 8]
+cmp word [eax + 0x375e], 2
+jne short loc_fffa3e41 ; jne 0xfffa3e41
+
+loc_fffa3e13: ; not directly referenced
+mov eax, 1
+mov edx, 2
+
+loc_fffa3e1d: ; not directly referenced
+imul ecx, dword [ebp - 0x88], 0x2e
+add ecx, dword [ebp + 8]
+mov word [ecx + 0x375e], dx
+lea edx, [eax + 1]
+dec eax
+mov word [ecx + 0x4b21], dx
+jne short loc_fffa3e54 ; jne 0xfffa3e54
+mov byte [ebp - 0x48], 0x59
+jmp short loc_fffa3e54 ; jmp 0xfffa3e54
+
+loc_fffa3e41: ; not directly referenced
+cmp word [eax + 0x4b21], 2
+je short loc_fffa3e13 ; je 0xfffa3e13
+xor eax, eax
+mov edx, 1
+jmp short loc_fffa3e1d ; jmp 0xfffa3e1d
+
+loc_fffa3e54: ; not directly referenced
+cmp dword [ebp - 0x78], 0
+je short loc_fffa3e5e ; je 0xfffa3e5e
+mov byte [ebp - 0x48], 0x3f
+
+loc_fffa3e5e: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor esi, esi
+mov edi, 5
+movzx eax, word [eax + 0x2489]
+mov dword [ebp - 0x74], eax
+
+loc_fffa3e72: ; not directly referenced
+mov al, byte [ebp + esi - 0x49]
+movzx ecx, al
+shr al, 1
+movzx eax, al
+add eax, dword [ebp - 0x74]
+mov byte [ebp - 0x78], cl
+cdq
+idiv ecx
+lea ecx, [esi + esi*4]
+cmp ax, 4
+cmovbe eax, edi
+cmp ax, 0x10
+ja short loc_fffa3ea0 ; ja 0xfffa3ea0
+mov dl, byte [ebp - 0x78]
+cmp dl, byte [ebp + esi - 0x51]
+jae short loc_fffa3ea9 ; jae 0xfffa3ea9
+
+loc_fffa3ea0: ; not directly referenced
+shr ax, 1
+movzx eax, ax
+dec eax
+jmp short loc_fffa3eaf ; jmp 0xfffa3eaf
+
+loc_fffa3ea9: ; not directly referenced
+movzx eax, ax
+add eax, 0xf
+
+loc_fffa3eaf: ; not directly referenced
+shl eax, cl
+inc esi
+add ebx, eax
+cmp esi, 4
+jne short loc_fffa3e72 ; jne 0xfffa3e72
+mov eax, dword [ebp + 8]
+mov ecx, ebx
+mov edx, 0x3a18
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x70]
+xor ecx, ecx
+cmp dword [ebp - 0x80], 0
+mov dword [eax + 0x10], ebx
+jne loc_fffa3f93 ; jne 0xfffa3f93
+mov esi, dword [ebp - 0xc8]
+mov eax, esi
+lea ecx, [eax + 0x18]
+movzx ecx, cx
+imul eax, ecx, 0x64
+sub ecx, 0xf
+cdq
+idiv ecx
+call fcn_fffaebb7 ; call 0xfffaebb7
+mov edi, dword [ebp + 8]
+movzx ebx, word [edi + 0x2489]
+movzx edi, word [edi + 0x1902]
+movzx ecx, ax
+imul ecx, ecx, 0x7d0
+imul ebx, ebx, 0x7d0
+mov eax, ebx
+cdq
+idiv ecx
+movzx ecx, ax
+mov eax, ecx
+add ecx, 0x3e8
+shl eax, 7
+cdq
+idiv ecx
+mov ecx, edi
+sub ecx, esi
+sub ecx, 0x18
+movzx ecx, cx
+mov dword [ebp - 0x74], eax
+imul eax, ecx, 0x64
+sub ecx, 0xf
+cdq
+idiv ecx
+call fcn_fffaebb7 ; call 0xfffaebb7
+mov esi, eax
+mov eax, 0x7080
+cdq
+movzx esi, si
+idiv edi
+imul esi, esi, 0x7d0
+mov ecx, eax
+mov eax, ebx
+cdq
+and ecx, 0x1f
+idiv esi
+shl ecx, 0xc
+or ecx, 0x80000
+movzx ebx, ax
+mov eax, 0x1f400
+add ebx, 0x3e8
+cdq
+idiv ebx
+mov edx, dword [ebp - 0x74]
+and eax, 0x3f
+shl eax, 6
+and edx, 0x3f
+or ecx, eax
+or ecx, edx
+jmp near loc_fffa4040 ; jmp 0xfffa4040
+
+loc_fffa3f93: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+je loc_fffa4040 ; je 0xfffa4040
+mov eax, dword [ebp - 0x70]
+cmp byte [eax + 0x1c5], 0
+je short loc_fffa3fb8 ; je 0xfffa3fb8
+mov eax, dword [ebp + 8]
+mov ecx, 1
+xor edx, edx
+call fcn_fffb9560 ; call 0xfffb9560
+
+loc_fffa3fb8: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov esi, 0x7f
+movzx ecx, word [eax + 0x2489]
+mov eax, 0xafc8
+cdq
+idiv ecx
+mov ecx, 0x64
+mov ebx, eax
+mov eax, dword [ebp + 8]
+movzx eax, word [eax + 0x1902]
+sub eax, dword [ebp - 0xec]
+cdq
+idiv ecx
+xor edx, edx
+mov edi, eax
+mov eax, dword [ebp - 0xc8]
+div cx
+movzx ecx, ax
+mov eax, ecx
+shr eax, 1
+cmp dword [ebp - 0x7c], 0x547
+cmovae ecx, eax
+xor edx, edx
+mov eax, ebx
+div ecx
+cmp eax, 0x7f
+cmova eax, esi
+xor edx, edx
+mov ecx, eax
+mov eax, ebx
+div edi
+and ecx, 0x7f
+shl ecx, 0x11
+cmp eax, 0x7f
+cmovbe esi, eax
+mov eax, dword [ebp - 0xfc]
+or ecx, 0x27c0
+and esi, 0x7f
+shl esi, 0x18
+or ecx, esi
+and eax, 0x3f
+or ecx, eax
+
+loc_fffa4040: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x3a1c
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x2008
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, dword [ebp - 0x70]
+mov edx, 0x2008
+and eax, 0xfffffc20
+or eax, 0x316
+mov ecx, eax
+mov dword [edi + 0x18], eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x2000
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x2004
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x42a0
+movzx ecx, byte [eax + 0x381a]
+call fcn_fffae566 ; call 0xfffae566
+mov eax, dword [ebp + 8]
+mov edx, 0x46a0
+movzx ecx, byte [eax + 0x4bdd]
+call fcn_fffae566 ; call 0xfffae566
+mov eax, dword [ebp + 8]
+mov edx, 0x3a20
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, 0x115
+mov edx, 0x5f08
+mov ebx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x96
+call fcn_fffa834b ; call 0xfffa834b
+cmp dword [ebp - 0x80], 0
+jne loc_fffa4235 ; jne 0xfffa4235
+mov eax, dword [ebp + 8]
+mov edx, 0x3644
+and ebx, 0xf8ffffff
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3644
+and eax, 0x8fffffff
+or eax, 0x20000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 0x3700
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3700
+and eax, 0xf8ffffff
+or eax, 0x2000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 0x3810
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3810
+and eax, 0xf8ffffff
+or eax, 0x2000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 0x3904
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3904
+and eax, 0xfc7fffff
+or eax, 0x1000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 0x3a04
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3a04
+and eax, 0x8fffffff
+or eax, 0x20000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x3a08
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3a08
+and eax, 0xf8ffffff
+or eax, 0x2000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x3a0c
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3a0c
+and eax, 0xf0ffffff
+or eax, 0x2000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x3a10
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3a10
+and eax, 0xf87fffff
+or eax, 0x1000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+or ebx, 0x2000000
+jmp short loc_fffa425d ; jmp 0xfffa425d
+
+loc_fffa4235: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa425d ; je 0xfffa425d
+mov eax, dword [ebp - 0xf0]
+sub eax, 2
+cmp eax, 2
+sbb eax, eax
+and ebx, 0xf8ffffff
+and eax, 4
+add eax, 2
+and eax, 6
+shl eax, 0x18
+or ebx, eax
+
+loc_fffa425d: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, ebx
+mov edx, 0x3a20
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x70]
+mov edx, 0x2008
+mov ecx, dword [eax + 0x18]
+mov eax, dword [ebp + 8]
+or ecx, 0x20
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x3a04
+call fcn_fffae52a ; call 0xfffae52a
+cmp dword [ebp - 0x80], 0
+jne short loc_fffa429f ; jne 0xfffa429f
+mov ecx, eax
+shr ecx, 9
+and ecx, 0x3f
+jmp short loc_fffa42ac ; jmp 0xfffa42ac
+
+loc_fffa429f: ; not directly referenced
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa42b1 ; je 0xfffa42b1
+mov edi, eax
+shr edi, 0x1a
+mov ecx, edi
+
+loc_fffa42ac: ; not directly referenced
+and eax, 0x3f
+jmp short loc_fffa42b5 ; jmp 0xfffa42b5
+
+loc_fffa42b1: ; not directly referenced
+xor eax, eax
+xor ecx, ecx
+
+loc_fffa42b5: ; not directly referenced
+mov edi, dword [ebp - 0x70]
+sub ecx, eax
+mov eax, ecx
+and eax, 0x3f
+shl eax, 4
+mov edx, dword [edi + 0xc]
+and edx, 0xfffffc0f
+or edx, eax
+mov ecx, edx
+or ch, 4
+cmp byte [ebp - 0x6c], 0
+je short loc_fffa42f1 ; je 0xfffa42f1
+mov ecx, edx
+xor eax, eax
+or ecx, 0x404
+cmp dword [ebp - 0x7c], 0x546
+seta al
+and ecx, 0xfffffffe
+or ecx, eax
+
+loc_fffa42f1: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+mov edx, 0x3a14
+mov dword [eax + 0xc], ecx
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x6c], 0
+je loc_fffa455a ; je 0xfffa455a
+mov eax, dword [ebp + 8]
+mov edx, 0x3658
+mov ecx, 0x80000000
+mov esi, 0xc0
+cmp dword [eax + 0x188b], 1
+mov eax, 0x3664
+cmove edx, eax
+mov eax, dword [ebp + 8]
+xor ebx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov ecx, 0x2000000
+mov edx, 0x3824
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov ecx, 0x2000000
+mov edx, 0x3914
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov ecx, 0x2000000
+mov edx, 0x3724
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x3688
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa437e: ; not directly referenced
+mov eax, ebx
+mov edi, esi
+and eax, 7
+and edi, 0xffff0fff
+shl eax, 0xd
+mov edx, 0xd8c
+or edi, eax
+mov eax, dword [ebp + 8]
+mov ecx, edi
+mov esi, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, edi
+mov edx, 0xc8c
+cmp dword [ebp - 0x90], 0
+je short loc_fffa43b6 ; je 0xfffa43b6
+mov edx, 0x58c
+
+loc_fffa43b6: ; not directly referenced
+mov eax, dword [ebp + 8]
+inc ebx
+and ebx, 7
+call fcn_fffae58c ; call 0xfffae58c
+cmp bl, 6
+jne short loc_fffa437e ; jne 0xfffa437e
+and edi, 0xfffffe0f
+xor ebx, ebx
+mov esi, edi
+or esi, 0x80
+
+loc_fffa43d7: ; not directly referenced
+mov eax, ebx
+mov edi, esi
+and eax, 7
+and edi, 0xffff0fff
+shl eax, 0xd
+or edi, eax
+cmp dword [ebp - 0x90], 0
+mov esi, edi
+mov ecx, edi
+jne short loc_fffa440c ; jne 0xfffa440c
+mov eax, dword [ebp + 8]
+mov edx, 0x58c
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, edi
+mov edx, 0x48c
+jmp short loc_fffa4420 ; jmp 0xfffa4420
+
+loc_fffa440c: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x98c
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, edi
+mov edx, 0x18c
+
+loc_fffa4420: ; not directly referenced
+mov eax, dword [ebp + 8]
+inc ebx
+and ebx, 7
+call fcn_fffae58c ; call 0xfffae58c
+cmp bl, 6
+jne short loc_fffa43d7 ; jne 0xfffa43d7
+mov ebx, edi
+and edi, 0xffffe60f
+mov esi, edi
+xor edi, edi
+shr ebx, 0x10
+or esi, 0x40
+and ebx, 1
+
+loc_fffa4446: ; not directly referenced
+mov eax, edi
+and esi, 0xffff0fff
+and eax, 7
+shl eax, 0xd
+mov dword [ebp - 0x6c], esi
+or dword [ebp - 0x6c], eax
+mov esi, dword [ebp - 0x6c]
+cmp dword [ebp - 0x90], 0
+mov ecx, esi
+jne short loc_fffa447e ; jne 0xfffa447e
+mov eax, dword [ebp + 8]
+mov edx, 0x78c
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+mov edx, 0x68c
+jmp short loc_fffa4492 ; jmp 0xfffa4492
+
+loc_fffa447e: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0xb8c
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+mov edx, 0x38c
+
+loc_fffa4492: ; not directly referenced
+mov eax, dword [ebp + 8]
+inc edi
+and edi, 7
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, edi
+cmp al, 6
+jne short loc_fffa4446 ; jne 0xfffa4446
+mov eax, dword [ebp - 0x6c]
+mov ecx, dword [ebp + 8]
+shr eax, 0x10
+and eax, 1
+cmp al, 1
+mov eax, 0x10000
+sbb bl, 0xff
+xor esi, esi
+cmp byte [ecx + 0x2410], 0
+cmovne esi, eax
+cmp dword [ebp - 0x90], 0
+mov edi, esi
+mov ecx, esi
+jne short loc_fffa44e9 ; jne 0xfffa44e9
+mov eax, dword [ebp + 8]
+mov edx, 0x38c
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+mov edx, 0x88c
+jmp short loc_fffa44fd ; jmp 0xfffa44fd
+
+loc_fffa44e9: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0xa8c
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+mov edx, 0x48c
+
+loc_fffa44fd: ; not directly referenced
+mov eax, dword [ebp + 8]
+shr esi, 0x10
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, esi
+mov edx, 0x3920
+and eax, 1
+mov ecx, edi
+cmp al, 1
+mov eax, dword [ebp + 8]
+sbb bl, 0xff
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, edi
+shr eax, 0x10
+add bl, al
+setne dl
+cmp word [ebp - 0xf4], 0xf
+setbe al
+test dl, al
+je short loc_fffa455a ; je 0xfffa455a
+mov eax, dword [ebp + 8]
+mov edx, 0x78
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3678
+and eax, 0xffffffc0
+lea ecx, [eax + 0x10]
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffa455a: ; not directly referenced
+mov eax, dword [ebp - 0x7c]
+cmp eax, 0x4b0
+je short loc_fffa456e ; je 0xfffa456e
+cmp eax, 0x546
+sete cl
+jmp short loc_fffa4582 ; jmp 0xfffa4582
+
+loc_fffa456e: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 2
+sete cl
+lea ecx, [ecx*4 + 3]
+
+loc_fffa4582: ; not directly referenced
+mov eax, dword [ebp + 8]
+and ecx, 7
+mov edx, 0x58a4
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x6c], 0
+mov eax, dword [eax + 0x2480]
+mov dword [ebp - 0x80], eax
+mov eax, dword [ebp + 8]
+add eax, 0x3756
+mov dword [ebp - 0x88], eax
+mov dword [ebp - 0x70], eax
+mov eax, dword [ebp + 8]
+add eax, 0x244b
+mov dword [ebp - 0x78], eax
+
+loc_fffa45c1: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+cmp dword [eax], 2
+jne loc_fffa502f ; jne 0xfffa502f
+mov edi, dword [ebp + 8]
+imul eax, dword [ebp - 0x6c], 0xcc
+mov edx, dword [edi + 0x5edc]
+lea eax, [edx + eax + 0x1c]
+imul edx, dword [edi + 0x18a7], 0x2e
+mov edi, dword [ebp - 0x70]
+lea edx, [edi + edx + 4]
+movzx ebx, word [edx + 8]
+movzx ecx, word [edx + 0x26]
+mov dword [eax + 0x9c], 0
+lea edi, [ebx + ecx + 4]
+mov cx, word [edx + 0x10]
+mov bl, 0x1f
+mov esi, ecx
+and esi, 0x1f
+cmp cx, 0x1f
+mov cl, byte [eax + 0x9c]
+cmova esi, ebx
+and ecx, 0xffffffe0
+or ecx, esi
+mov byte [eax + 0x9c], cl
+movzx esi, byte [edx + 0x1a]
+and esi, 0x1f
+cmp word [edx + 0x1a], 0x1f
+cmovbe ebx, esi
+and ecx, 0x1f
+mov esi, ebx
+shl esi, 5
+or ecx, esi
+mov byte [eax + 0x9c], cl
+mov cl, byte [eax + 0x9d]
+shr bl, 3
+and ecx, 0xfffffffc
+or ecx, ebx
+mov bl, 0x3f
+mov byte [eax + 0x9d], cl
+movzx esi, byte [edx + 0xc]
+and esi, 0x3f
+cmp word [edx + 0xc], 0x3f
+cmovbe ebx, esi
+and ecx, 3
+shl ebx, 2
+mov esi, 0xf
+or ecx, ebx
+mov byte [eax + 0x9d], cl
+mov cx, word [edx + 0x24]
+mov bl, cl
+and ebx, 0xf
+cmp cx, 0xf
+cmova ebx, esi
+mov ecx, 0x3f
+cmp edi, 0x3f
+cmovbe ecx, edi
+mov edi, ecx
+shl edi, 4
+or ebx, edi
+mov byte [eax + 0x9e], bl
+mov bl, byte [eax + 0x9f]
+shr ecx, 4
+and ecx, 3
+and ebx, 0xfffffffc
+or ebx, ecx
+mov byte [eax + 0x9f], bl
+mov di, word [edx + 0x1e]
+mov ecx, edi
+and ecx, 0xf
+cmp di, 0xf
+mov edi, dword [ebp + 8]
+cmovbe esi, ecx
+and ebx, 0xffffffc3
+shl esi, 2
+or ebx, esi
+mov byte [eax + 0x9f], bl
+cmp dword [edi + 0x2480], 3
+jne short loc_fffa470b ; jne 0xfffa470b
+movzx esi, word [edx + 0x1a]
+movzx ecx, word [edx + 0x1c]
+sub ecx, esi
+mov esi, 3
+cmp ecx, 3
+cmovg ecx, esi
+and ebx, 0x3f
+shl ecx, 6
+or ebx, ecx
+mov byte [eax + 0x9f], bl
+
+loc_fffa470b: ; not directly referenced
+mov edi, dword [ebp + 8]
+cmp dword [edi + 0x2480], 2
+jne short loc_fffa473d ; jne 0xfffa473d
+mov cx, word [edx + 0x22]
+mov dl, 0xf
+mov bl, cl
+and ebx, 0xf
+cmp cx, 0xf
+mov cl, byte [eax + 0x9f]
+cmovbe edx, ebx
+shl edx, 2
+and ecx, 0xffffffc3
+or ecx, edx
+mov byte [eax + 0x9f], cl
+
+loc_fffa473d: ; not directly referenced
+mov esi, dword [ebp - 0x6c]
+mov ecx, dword [eax + 0x9c]
+mov eax, dword [ebp + 8]
+mov edi, esi
+add edi, 0x10
+shl edi, 0xa
+mov edx, edi
+call fcn_fffae58c ; call 0xfffae58c
+imul eax, esi, 0xcc
+mov esi, dword [ebp + 8]
+mov edx, dword [esi + 0x5edc]
+lea ecx, [edx + eax + 0x1c]
+imul eax, dword [esi + 0x18a7], 0x2e
+mov esi, dword [ebp - 0x70]
+lea ebx, [esi + eax + 4]
+mov esi, 0x1f
+movzx eax, word [ebx + 6]
+mov dword [ebp - 0x7c], eax
+movzx eax, word [ebx + 8]
+sub dword [ebp - 0x7c], eax
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 2
+mov dword [ecx + 0xac], 0
+mov dx, word [ebx + 8]
+sete byte [ebp - 0x90]
+mov al, dl
+and eax, 0x1f
+cmp dx, 0x1f
+cmova eax, esi
+mov byte [ebp - 0x81], al
+mov dl, al
+shl eax, 5
+mov byte [ebp - 0x8c], al
+mov al, byte [ecx + 0xac]
+mov byte [ebp - 0x74], al
+mov al, byte [ebp - 0x8c]
+and byte [ebp - 0x74], 0x1f
+or byte [ebp - 0x74], al
+mov al, byte [ebp - 0x74]
+mov byte [ecx + 0xac], al
+mov al, dl
+shr al, 3
+mov dl, al
+mov al, byte [ecx + 0xad]
+and eax, 0xfffffffc
+or eax, edx
+mov byte [ecx + 0xad], al
+mov dl, byte [ebx + 6]
+and edx, 0x1f
+cmp word [ebx + 6], 0x1f
+cmovbe esi, edx
+mov dl, byte [ebp - 0x74]
+and eax, 0xffffffc3
+and edx, 0xffffffe0
+or edx, esi
+mov esi, dword [ebp - 0x90]
+mov byte [ecx + 0xac], dl
+lea edx, [esi*8 + 4]
+mov esi, dword [ebp - 0x7c]
+and edx, 0xc
+or eax, edx
+mov edx, 7
+or eax, 0x10
+cmp esi, 7
+cmovbe edx, esi
+and eax, 0x3f
+mov esi, edx
+shl esi, 6
+or eax, esi
+mov byte [ecx + 0xad], al
+mov al, byte [ecx + 0xae]
+shr edx, 2
+and edx, 1
+and eax, 0xfffffffe
+or eax, edx
+mov byte [ecx + 0xae], al
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 3
+jne loc_fffa493f ; jne 0xfffa493f
+cmp byte [eax + 0x240a], 0
+je short loc_fffa4888 ; je 0xfffa4888
+or byte [ecx + 0xaf], 2
+
+loc_fffa4888: ; not directly referenced
+mov dl, byte [ebp - 0x81]
+mov al, byte [ecx + 0xac]
+add edx, 0x1f
+and edx, 0x1f
+and eax, 0x1f
+mov esi, edx
+shl esi, 5
+or eax, esi
+mov byte [ecx + 0xac], al
+mov al, byte [ecx + 0xad]
+shr dl, 3
+and eax, 0xfffffff0
+or eax, edx
+xor edx, edx
+or eax, 8
+mov byte [ecx + 0xad], al
+mov eax, dword [ebp + 8]
+movzx esi, word [ebx + 8]
+movzx eax, word [eax + 0x2489]
+dec esi
+add eax, eax
+mov ebx, eax
+add eax, 0xdab
+div ebx
+mov dword [ebp - 0x74], ebx
+mov bl, byte [ecx + 0xae]
+sub esi, eax
+mov eax, 7
+cmp esi, 7
+cmova esi, eax
+xor edx, edx
+mov eax, esi
+and ebx, 7
+shl eax, 6
+mov byte [ebp - 0x7c], al
+mov al, byte [ecx + 0xaf]
+shr esi, 2
+and esi, 1
+and eax, 0xfffffffe
+or eax, esi
+mov byte [ecx + 0xaf], al
+mov esi, dword [ebp - 0x74]
+lea eax, [esi + 0x6d5]
+div esi
+mov esi, 7
+inc eax
+cmp eax, 7
+cmova eax, esi
+or ebx, dword [ebp - 0x7c]
+and eax, 7
+shl eax, 3
+or ebx, eax
+mov byte [ecx + 0xae], bl
+
+loc_fffa493f: ; not directly referenced
+lea eax, [edi - 0x4000]
+mov ecx, dword [ecx + 0xac]
+mov dword [ebp - 0x74], eax
+lea eax, [edi + 0x14]
+mov edx, eax
+mov dword [ebp - 0x7c], eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov esi, dword [ebp + 8]
+mov edi, dword [ebp - 0x6c]
+mov edx, dword [esi + 0x5edc]
+imul eax, edi, 0xcc
+imul ecx, dword [esi + 0x18a7], 0x2e
+lea eax, [edx + eax + 0x1c]
+imul edx, edi, 0x13c3
+mov edi, dword [ebp - 0x78]
+lea edx, [ecx + edx + 0x1300]
+lea ecx, [edi + edx + 0xf]
+mov edx, dword [esi + 0x2480]
+mov dword [eax + 0xa0], 0
+mov ebx, dword [esi + 0x36d7]
+cmp edx, 3
+jne short loc_fffa49c1 ; jne 0xfffa49c1
+mov dl, 4
+cmp ebx, 0x42b
+jbe short loc_fffa49f7 ; jbe 0xfffa49f7
+cmp ebx, 0x536
+sbb edx, edx
+add edx, 6
+jmp short loc_fffa49f7 ; jmp 0xfffa49f7
+
+loc_fffa49c1: ; not directly referenced
+mov edx, 3
+cmp ebx, 0x42b
+jbe short loc_fffa49f7 ; jbe 0xfffa49f7
+mov dl, 4
+cmp ebx, 0x640
+jbe short loc_fffa49f7 ; jbe 0xfffa49f7
+mov dl, 5
+cmp ebx, 0x74b
+jbe short loc_fffa49f7 ; jbe 0xfffa49f7
+mov dl, 6
+cmp ebx, 0x960
+jbe short loc_fffa49f7 ; jbe 0xfffa49f7
+cmp ebx, 0xaf1
+sbb edx, edx
+add edx, 8
+
+loc_fffa49f7: ; not directly referenced
+cmp edx, 0xf
+mov ebx, 0xf
+mov edi, dword [ebp + 8]
+cmovbe ebx, edx
+mov dl, byte [eax + 0xa0]
+and ebx, 0xf
+and edx, 0xfffffff0
+or edx, ebx
+mov byte [eax + 0xa0], dl
+mov dl, byte [eax + 0xa3]
+cmp dword [edi + 0x2480], 3
+jne short loc_fffa4a2d ; jne 0xfffa4a2d
+and edx, 0x3f
+jmp short loc_fffa4a30 ; jmp 0xfffa4a30
+
+loc_fffa4a2d: ; not directly referenced
+or edx, 0xffffffc0
+
+loc_fffa4a30: ; not directly referenced
+mov byte [eax + 0xa3], dl
+mov dx, word [ecx + 0xa]
+mov bl, 0xff
+mov edi, dword [ebp + 8]
+cmp dx, 0xff
+cmovbe ebx, edx
+mov dl, byte [eax + 0xa0]
+mov esi, ebx
+shl esi, 4
+shr bl, 4
+and edx, 0xf
+or edx, esi
+mov byte [eax + 0xa0], dl
+mov dl, byte [eax + 0xa1]
+and edx, 0xffffff80
+or edx, ebx
+xor ebx, ebx
+or edx, 0x40
+mov byte [eax + 0xa1], dl
+cmp dword [edi + 0x2480], 3
+sete bl
+and edx, 0x7f
+add ebx, 6
+and ebx, 0xf
+mov esi, ebx
+and esi, 1
+shl esi, 7
+or edx, esi
+mov byte [eax + 0xa1], dl
+mov dl, bl
+shr dl, 1
+mov esi, edx
+mov dl, byte [eax + 0xa2]
+shl ebx, 3
+and edx, 0xffffff80
+or edx, esi
+or edx, ebx
+mov ebx, 0x1f
+mov byte [eax + 0xa2], dl
+movzx ecx, word [ecx + 6]
+add ecx, 5
+cmp ecx, 0x1f
+cmova ecx, ebx
+and edx, 0x7f
+mov ebx, ecx
+and ebx, 1
+shl ebx, 7
+or edx, ebx
+mov byte [eax + 0xa2], dl
+mov dl, byte [eax + 0xa3]
+shr ecx, 1
+and ecx, 0xf
+and edx, 0xfffffff0
+or edx, ecx
+or edx, 0x20
+mov byte [eax + 0xa3], dl
+mov ecx, dword [eax + 0xa0]
+mov eax, dword [ebp - 0x74]
+lea edx, [eax + 0x4004]
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov edi, dword [ebp - 0x6c]
+mov esi, dword [ebp + 8]
+imul eax, edi, 0xcc
+mov edx, dword [esi + 0x5edc]
+lea ebx, [edx + eax + 0x1c]
+imul edx, dword [esi + 0x18a7], 0x2e
+imul eax, edi, 0x13c3
+mov edi, dword [ebp - 0x78]
+lea eax, [edx + eax + 0x1300]
+lea eax, [edi + eax + 0xf]
+mov edi, dword [esi + 0x2480]
+mov dword [ebx + 0xa4], 0
+cmp edi, 2
+jne short loc_fffa4b56 ; jne 0xfffa4b56
+movzx edx, word [eax + 0x2c]
+jmp short loc_fffa4b5a ; jmp 0xfffa4b5a
+
+loc_fffa4b56: ; not directly referenced
+movzx edx, word [eax + 0x28]
+
+loc_fffa4b5a: ; not directly referenced
+movzx ecx, word [eax + 8]
+lea edx, [edx + ecx + 6]
+mov ecx, 0x3f
+cmp edx, 0x3f
+cmova edx, ecx
+mov cl, dl
+mov dl, byte [ebx + 0xa4]
+and ecx, 0x3f
+and edx, 0xffffffc0
+or edx, ecx
+mov byte [ebx + 0xa4], dl
+movzx edx, word [eax + 8]
+movzx ecx, word [eax + 6]
+cmp edi, 3
+je short loc_fffa4b97 ; je 0xfffa4b97
+sub edx, ecx
+add edx, 7
+jmp short loc_fffa4b9c ; jmp 0xfffa4b9c
+
+loc_fffa4b97: ; not directly referenced
+mov edx, 8
+
+loc_fffa4b9c: ; not directly referenced
+cmp edx, 0xf
+mov ecx, 0xf
+cmovbe ecx, edx
+mov dl, byte [ebx + 0xa4]
+and ecx, 0xf
+mov esi, ecx
+shl esi, 6
+and edx, 0x3f
+or edx, esi
+mov byte [ebx + 0xa4], dl
+mov dl, cl
+shr dl, 2
+shl ecx, 2
+or edx, ecx
+mov byte [ebx + 0xa5], dl
+mov edx, 7
+or byte [ebx + 0xa6], 1
+cmp edi, 3
+jne short loc_fffa4bf3 ; jne 0xfffa4bf3
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x240a], 1
+sbb edx, edx
+and edx, 0xfffffffe
+add edx, 9
+
+loc_fffa4bf3: ; not directly referenced
+cmp edx, 0xf
+mov ecx, 0xf
+cmovbe ecx, edx
+mov dl, byte [ebx + 0xa6]
+and ecx, 0xf
+lea edi, [ecx + ecx]
+mov esi, ecx
+shl esi, 5
+and edx, 1
+or edx, edi
+or edx, esi
+mov byte [ebx + 0xa6], dl
+mov dl, byte [ebx + 0xa7]
+shr cl, 3
+and edx, 0xfffffffe
+or edx, ecx
+mov byte [ebx + 0xa7], dl
+movzx ecx, word [eax + 0x26]
+movzx eax, word [eax + 8]
+lea eax, [ecx + eax + 4]
+mov ecx, 0x3f
+cmp eax, 0x3f
+cmova eax, ecx
+and edx, 0xffffff81
+and eax, 0x3f
+add eax, eax
+or edx, eax
+mov eax, dword [ebp + 8]
+mov byte [ebx + 0xa7], dl
+mov edx, dword [ebp - 0x7c]
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, dword [ebp - 0x74]
+mov dword [ebx + 0xac], eax
+movzx edx, byte [ebx + 0xad]
+shr al, 5
+movzx eax, al
+and edx, 3
+shl edx, 3
+or edx, eax
+mov al, byte [ebx + 0xa7]
+cmp edx, 5
+setg dl
+shl edx, 7
+and eax, 0x7f
+or eax, edx
+mov byte [ebx + 0xa7], al
+mov eax, dword [ebp + 8]
+lea edx, [edi + 0x4008]
+mov ecx, dword [ebx + 0xa4]
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0xa7]
+shr al, 7
+movzx eax, al
+inc eax
+and eax, 3
+mov ebx, eax
+mov ecx, eax
+shl ebx, 4
+shl ecx, 6
+lea edx, [eax*4]
+or ecx, ebx
+or ecx, edx
+or ecx, eax
+mov eax, dword [ebp + 8]
+lea edx, [edi + 0x40d0]
+call fcn_fffae566 ; call 0xfffae566
+mov edi, dword [ebp - 0x6c]
+mov esi, dword [ebp + 8]
+imul eax, edi, 0xcc
+mov edx, dword [esi + 0x5edc]
+lea ecx, [edx + eax + 0x1c]
+imul edx, dword [esi + 0x18a7], 0x2e
+imul eax, edi, 0x13c3
+mov edi, dword [ebp - 0x78]
+lea eax, [edx + eax + 0x1300]
+lea esi, [edi + eax + 0xf]
+mov eax, dword [ebp + 8]
+mov edi, dword [eax + 0x2480]
+mov dword [ecx + 0xa8], 0
+mov edx, dword [eax + 0x36d7]
+mov eax, 0xa
+cmp edx, 0x320
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0xd
+cmp edx, 0x42b
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0x10
+cmp edx, 0x535
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0x14
+cmp edx, 0x640
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0x17
+cmp edx, 0x74b
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0x1a
+cmp edx, 0x855
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0x1d
+cmp edx, 0x960
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0x20
+cmp edx, 0xa6b
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+mov al, 0x22
+cmp edx, 0xaf0
+jbe short loc_fffa4d98 ; jbe 0xfffa4d98
+cmp edx, 0xbb9
+sbb eax, eax
+and eax, 0xfffffffd
+add eax, 0x27
+
+loc_fffa4d98: ; not directly referenced
+cmp eax, 0x3f
+mov edx, 0x3f
+cmovbe edx, eax
+mov al, byte [ecx + 0xa8]
+and edx, 0x3f
+and eax, 0xffffffc0
+or eax, edx
+mov byte [ecx + 0xa8], al
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x36d7]
+cmp edi, 3
+jne short loc_fffa4dd2 ; jne 0xfffa4dd2
+cmp edx, 0x536
+sbb eax, eax
+add eax, 6
+jmp short loc_fffa4df9 ; jmp 0xfffa4df9
+
+loc_fffa4dd2: ; not directly referenced
+cmp edi, 2
+jne short loc_fffa4dee ; jne 0xfffa4dee
+mov eax, 5
+cmp edx, 0x640
+jbe short loc_fffa4df9 ; jbe 0xfffa4df9
+mov al, 6
+cmp edx, 0x74b
+jbe short loc_fffa4df9 ; jbe 0xfffa4df9
+
+loc_fffa4dee: ; not directly referenced
+cmp edx, 0x856
+sbb eax, eax
+add eax, 8
+
+loc_fffa4df9: ; not directly referenced
+cmp eax, 0xf
+mov edx, 0xf
+cmovbe edx, eax
+mov al, byte [ecx + 0xa8]
+mov bl, dl
+shl ebx, 6
+shr edx, 2
+and eax, 0x3f
+and edx, 3
+or eax, ebx
+mov byte [ecx + 0xa8], al
+mov al, byte [ecx + 0xa9]
+and eax, 0xfffffffc
+or eax, edx
+mov byte [ecx + 0xa9], al
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x36d7]
+mov eax, 4
+cmp edx, 0x320
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+mov al, 5
+cmp edx, 0x42b
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+mov al, 6
+cmp edx, 0x535
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+mov al, 7
+cmp edx, 0x640
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+mov al, 8
+cmp edx, 0x74b
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+mov al, 0xa
+cmp edx, 0x855
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+mov al, 0xb
+cmp edx, 0x960
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+mov al, 0xc
+cmp edx, 0xaf0
+jbe short loc_fffa4e98 ; jbe 0xfffa4e98
+cmp edx, 0xbb9
+sbb eax, eax
+add eax, 0xe
+
+loc_fffa4e98: ; not directly referenced
+cmp eax, 0xf
+mov edx, 0xf
+cmovbe edx, eax
+mov al, byte [ecx + 0xa9]
+and edx, 0xf
+shl edx, 2
+and eax, 0xffffffc3
+or eax, edx
+mov byte [ecx + 0xa9], al
+movzx eax, word [esi + 8]
+movzx ebx, word [esi + 6]
+mov esi, dword [ebp + 8]
+sub ebx, eax
+cmp dword [esi + 0x36d7], 0x536
+lea eax, [ebx + 8]
+movzx esi, word [esi + 0x2489]
+lea edx, [ebx + 7]
+cmovb eax, edx
+cmp edi, 3
+jne short loc_fffa4ef6 ; jne 0xfffa4ef6
+add esi, esi
+xor edx, edx
+lea eax, [esi + 0x157b]
+div esi
+lea eax, [ebx + eax + 6]
+
+loc_fffa4ef6: ; not directly referenced
+cmp eax, 0x1f
+mov edx, 0x1f
+cmovbe edx, eax
+mov al, byte [ecx + 0xa9]
+and edx, 0x1f
+mov bl, dl
+shl ebx, 6
+and eax, 0x3f
+or eax, ebx
+mov byte [ecx + 0xa9], al
+mov al, dl
+lea ebx, [edx*8]
+shr al, 2
+or eax, ebx
+mov byte [ecx + 0xaa], al
+mov al, byte [ecx + 0xab]
+and eax, 0xffffffe0
+or eax, edx
+mov byte [ecx + 0xab], al
+mov eax, dword [ebp - 0x74]
+mov ecx, dword [ecx + 0xa8]
+lea edx, [eax + 0x400c]
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x80], 2
+jne loc_fffa502f ; jne 0xfffa502f
+mov edi, dword [ebp + 8]
+imul eax, dword [ebp - 0x6c], 0xcc
+mov edx, dword [edi + 0x5edc]
+lea eax, [edx + eax + 0x1c]
+imul edx, dword [edi + 0x18a7], 0x2e
+mov edi, dword [ebp - 0x70]
+lea ecx, [edi + edx + 4]
+mov edi, dword [ebp + 8]
+mov dl, 4
+mov ebx, dword [edi + 0x36d7]
+cmp ebx, 0x535
+jbe short loc_fffa4faa ; jbe 0xfffa4faa
+mov dl, 5
+cmp ebx, 0x74b
+jbe short loc_fffa4faa ; jbe 0xfffa4faa
+cmp ebx, 0x961
+sbb edx, edx
+add edx, 7
+
+loc_fffa4faa: ; not directly referenced
+and edx, 0xf
+mov bl, dl
+shl ebx, 4
+or ebx, edx
+mov dword [eax + 0xb0], 0
+mov dl, byte [eax + 0xb1]
+mov byte [eax + 0xb0], bl
+mov bx, word [ecx + 0x2a]
+add bl, byte [ecx + 8]
+and edx, 0xffffffc0
+add ebx, 6
+and ebx, 0x3f
+or edx, ebx
+mov byte [eax + 0xb1], dl
+mov bx, word [ecx + 0x20]
+mov cl, 0xf
+mov esi, ebx
+and esi, 0xf
+cmp bx, 0xf
+cmovbe ecx, esi
+and edx, 0x3f
+mov bl, cl
+shl ebx, 6
+or edx, ebx
+mov byte [eax + 0xb1], dl
+mov dl, byte [eax + 0xb2]
+shr cl, 2
+and edx, 0xfffffffc
+or edx, ecx
+mov byte [eax + 0xb2], dl
+mov edx, dword [ebp - 0x74]
+mov ecx, dword [eax + 0xb0]
+mov eax, dword [ebp + 8]
+add edx, 0x4018
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa502f: ; not directly referenced
+inc dword [ebp - 0x6c]
+add dword [ebp - 0x70], 0x13c3
+cmp dword [ebp - 0x6c], 2
+jne loc_fffa45c1 ; jne 0xfffa45c1
+mov eax, dword [ebp + 8]
+mov edi, dword [ebp + 8]
+mov edx, dword [eax + 0x5edc]
+xor eax, eax
+cmp byte [edi + 0x381a], 0
+je short loc_fffa5064 ; je 0xfffa5064
+cmp dword [edi + 0x3816], 2
+sete al
+
+loc_fffa5064: ; not directly referenced
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x4bdd], 0
+je short loc_fffa507f ; je 0xfffa507f
+mov cl, al
+or ecx, 2
+cmp dword [edi + 0x4bd9], 2
+cmove eax, ecx
+
+loc_fffa507f: ; not directly referenced
+lea edi, [edx + 0xbc]
+movzx eax, al
+mov dword [ebp - 0x70], edi
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0x6c], 0
+mov dword [ebp - 0x74], eax
+add edi, 0x4ae6
+
+loc_fffa509e: ; not directly referenced
+mov eax, dword [ebp - 0x74]
+mov esi, dword [ebp - 0x6c]
+bt eax, esi
+jae loc_fffa5212 ; jae 0xfffa5212
+mov eax, dword [edi - 0x144]
+movzx ebx, byte [edi - 0x12cc]
+cmp eax, 3
+sete cl
+cmp eax, 8
+sete dl
+xor eax, eax
+or cl, dl
+je short loc_fffa50e4 ; je 0xfffa50e4
+mov eax, dword [ebp - 0xb8]
+mov al, byte [edi - 0x128]
+mov word [ebp - 0xb8], ax
+mov eax, 1
+
+loc_fffa50e4: ; not directly referenced
+mov edx, dword [edi - 0x1c]
+cmp edx, 8
+sete cl
+cmp edx, 3
+sete dl
+or cl, dl
+jne short loc_fffa5100 ; jne 0xfffa5100
+mov esi, 6
+test eax, eax
+je short loc_fffa5133 ; je 0xfffa5133
+
+loc_fffa5100: ; not directly referenced
+mov al, byte [edi]
+mov ecx, dword [ebp - 0xb8]
+mov ch, al
+mov word [ebp - 0xb8], cx
+mov al, cl
+cmp cl, 5
+je short loc_fffa5125 ; je 0xfffa5125
+movzx edx, ch
+mov esi, 6
+cmp dl, 5
+jne short loc_fffa5133 ; jne 0xfffa5133
+
+loc_fffa5125: ; not directly referenced
+mov ecx, dword [ebp - 0xb8]
+cmp ch, al
+setne al
+lea esi, [eax + 6]
+
+loc_fffa5133: ; not directly referenced
+sub esp, 0xc
+mov eax, esi
+mov edx, dword [ebp - 0x6c]
+push ebx
+movsx eax, al
+push 1
+xor ecx, ecx
+push 1
+push eax
+mov eax, dword [ebp + 8]
+push 8
+call fcn_fffb579d ; call 0xfffb579d
+mov eax, esi
+add esp, 0x20
+cmp al, 7
+jne loc_fffa5212 ; jne 0xfffa5212
+mov eax, dword [ebp - 0x70]
+sub esp, 0xc
+mov edx, dword [ebp - 0x6c]
+mov esi, dword [eax]
+push ebx
+push 1
+push 1
+mov ecx, esi
+shr ecx, 0xf
+mov eax, ecx
+xor ecx, ecx
+and eax, 0xf
+inc eax
+push eax
+mov eax, dword [ebp + 8]
+push 0
+shr esi, 0x13
+and esi, 0xf
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x14
+mov edx, dword [ebp - 0x6c]
+push ebx
+xor ecx, ecx
+push 1
+push 1
+lea eax, [esi + 1]
+push eax
+mov eax, dword [ebp + 8]
+push 1
+call fcn_fffb579d ; call 0xfffb579d
+mov eax, dword [ebp - 0x70]
+add esp, 0x14
+mov edx, dword [ebp - 0x6c]
+xor ecx, ecx
+mov esi, dword [eax + 8]
+push ebx
+push 1
+push 1
+mov eax, esi
+shr eax, 0x13
+and eax, 0x1f
+inc eax
+push eax
+mov eax, dword [ebp + 8]
+push 4
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x14
+mov eax, esi
+push ebx
+mov edx, dword [ebp - 0x6c]
+xor ecx, ecx
+shr eax, 0x18
+push 1
+and eax, 0x1f
+push 1
+inc eax
+push eax
+mov eax, dword [ebp + 8]
+push 5
+shr esi, 0xe
+and esi, 0x1f
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x14
+mov edx, dword [ebp - 0x6c]
+push ebx
+xor ecx, ecx
+push 1
+push 1
+lea eax, [esi + 1]
+push eax
+mov eax, dword [ebp + 8]
+push 0xe
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x20
+
+loc_fffa5212: ; not directly referenced
+inc dword [ebp - 0x6c]
+add edi, 0x13c3
+add dword [ebp - 0x70], 0xcc
+cmp dword [ebp - 0x6c], 2
+jne loc_fffa509e ; jne 0xfffa509e
+mov edi, 0x4290
+mov dword [ebp - 0x6c], 0
+
+loc_fffa5238: ; not directly referenced
+imul eax, dword [ebp - 0x6c], 0x13c3
+mov esi, dword [ebp + 8]
+cmp dword [esi + eax + 0x3756], 2
+jne loc_fffa553b ; jne 0xfffa553b
+mov edx, dword [ebp - 0x6c]
+mov eax, esi
+call fcn_fffae6fa ; call 0xfffae6fa
+mov eax, dword [ebp + 8]
+mov ebx, dword [eax + 0x36d7]
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x70], eax
+mov eax, dword [ebp + 8]
+mov ecx, dword [eax + 0x2480]
+cmp ecx, 3
+jne short loc_fffa528d ; jne 0xfffa528d
+movzx esi, word [eax + 0x2489]
+mov eax, 0x57e40
+cdq
+add esi, esi
+idiv esi
+jmp short loc_fffa52de ; jmp 0xfffa52de
+
+loc_fffa528d: ; not directly referenced
+cmp ecx, 2
+je short loc_fffa52d9 ; je 0xfffa52d9
+mov eax, 0x100
+cmp ebx, 0x640
+jbe short loc_fffa52de ; jbe 0xfffa52de
+mov al, 0x2b
+cmp ebx, 0x74b
+jbe short loc_fffa52e6 ; jbe 0xfffa52e6
+mov al, 0x56
+cmp ebx, 0x855
+jbe short loc_fffa52e6 ; jbe 0xfffa52e6
+mov al, 0x80
+cmp ebx, 0x960
+jbe short loc_fffa52e6 ; jbe 0xfffa52e6
+mov al, 0xab
+cmp ebx, 0xa6b
+jbe short loc_fffa52e6 ; jbe 0xfffa52e6
+cmp ebx, 0xb76
+sbb eax, eax
+and eax, 0xffffffd6
+add eax, 0x200
+jmp short loc_fffa52e6 ; jmp 0xfffa52e6
+
+loc_fffa52d9: ; not directly referenced
+mov eax, 0x200
+
+loc_fffa52de: ; not directly referenced
+cmp ebx, 0x320
+jbe short loc_fffa534b ; jbe 0xfffa534b
+
+loc_fffa52e6: ; not directly referenced
+cmp ebx, 0x42b
+jbe short loc_fffa5352 ; jbe 0xfffa5352
+cmp ebx, 0x535
+jbe loc_fffa5b11 ; jbe 0xfffa5b11
+cmp ebx, 0x640
+jbe loc_fffa5b18 ; jbe 0xfffa5b18
+cmp ebx, 0x74b
+jbe loc_fffa5b1f ; jbe 0xfffa5b1f
+cmp ebx, 0x855
+jbe loc_fffa5b26 ; jbe 0xfffa5b26
+cmp ebx, 0x960
+jbe loc_fffa5b2d ; jbe 0xfffa5b2d
+mov edx, 0xe
+cmp ebx, 0xaf0
+jbe loc_fffa53cc ; jbe 0xfffa53cc
+cmp ebx, 0xbb9
+sbb edx, edx
+add edx, 0x10
+jmp near loc_fffa53cc ; jmp 0xfffa53cc
+
+loc_fffa534b: ; not directly referenced
+mov edx, 4
+jmp short loc_fffa5357 ; jmp 0xfffa5357
+
+loc_fffa5352: ; not directly referenced
+mov edx, 6
+
+loc_fffa5357: ; not directly referenced
+cmp ecx, 2
+je short loc_fffa53d1 ; je 0xfffa53d1
+mov esi, 0xc
+cmp ebx, 0x42b
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+
+loc_fffa5369: ; not directly referenced
+mov esi, 0xc
+cmp ebx, 0x640
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+mov si, 0xe
+cmp ebx, 0x74b
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+mov si, 0x10
+cmp ebx, 0x855
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+mov si, 0x12
+cmp ebx, 0x960
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+
+loc_fffa539a: ; not directly referenced
+mov esi, 0x14
+cmp ebx, 0xa6b
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+mov si, 0x15
+cmp ebx, 0xaf0
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+mov si, 0x16
+cmp ebx, 0xb75
+jbe short loc_fffa53d6 ; jbe 0xfffa53d6
+cmp ebx, 0xbb9
+sbb esi, esi
+add esi, 0x18
+jmp short loc_fffa53d6 ; jmp 0xfffa53d6
+
+loc_fffa53cc: ; not directly referenced
+cmp ecx, 2
+jne short loc_fffa539a ; jne 0xfffa539a
+
+loc_fffa53d1: ; not directly referenced
+mov esi, 0x18
+
+loc_fffa53d6: ; not directly referenced
+cmp edx, 0xf
+mov ecx, 0xf
+cmova edx, ecx
+mov ebx, 0x3ff
+and edx, 0xf
+shl edx, 0xc
+cmp eax, 0x3ff
+cmovbe ebx, eax
+or dh, 2
+and ebx, 0x3ff
+shl ebx, 0x10
+or edx, ebx
+cmp dword [ebp - 0x70], 0
+jne short loc_fffa5416 ; jne 0xfffa5416
+sub esi, 8
+cmp esi, 0xf
+cmovbe ecx, esi
+shl ecx, 0x1c
+jmp short loc_fffa5425 ; jmp 0xfffa5425
+
+loc_fffa5416: ; not directly referenced
+inc esi
+mov ecx, 0x1f
+cmp esi, 0x1f
+cmovbe ecx, esi
+shl ecx, 0x1b
+
+loc_fffa5425: ; not directly referenced
+mov eax, dword [ebp + 8]
+or ecx, edx
+lea edx, [edi + 0x14]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x70], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x1887]
+mov dword [ebp - 0x74], eax
+mov eax, dword [ebp + 8]
+mov esi, dword [eax + 0x2480]
+mov edx, dword [eax + 0x36d7]
+cmp esi, 3
+jne short loc_fffa5473 ; jne 0xfffa5473
+movzx ebx, word [eax + 0x2489]
+mov eax, 0x15f90
+cdq
+add ebx, ebx
+idiv ebx
+jmp short loc_fffa54bd ; jmp 0xfffa54bd
+
+loc_fffa5473: ; not directly referenced
+mov eax, 0x80
+cmp esi, 2
+je short loc_fffa54bd ; je 0xfffa54bd
+mov al, 0x40
+cmp edx, 0x640
+jbe short loc_fffa54bd ; jbe 0xfffa54bd
+mov al, 0x4b
+cmp edx, 0x74b
+jbe short loc_fffa54bd ; jbe 0xfffa54bd
+mov al, 0x56
+cmp edx, 0x855
+jbe short loc_fffa54bd ; jbe 0xfffa54bd
+mov al, 0x60
+cmp edx, 0x960
+jbe short loc_fffa54bd ; jbe 0xfffa54bd
+mov al, 0x6b
+cmp edx, 0xa6b
+jbe short loc_fffa54bd ; jbe 0xfffa54bd
+cmp edx, 0xb76
+sbb eax, eax
+and eax, 0xfffffff6
+sub eax, 0xffffff80
+
+loc_fffa54bd: ; not directly referenced
+cmp dword [ebp - 0x70], 1
+sete dl
+cmp dword [ebp - 0x74], 0x40650
+sete bl
+or dl, bl
+je short loc_fffa54fb ; je 0xfffa54fb
+cmp esi, 3
+mov edx, 0x100
+mov ecx, 0x80
+cmove ecx, edx
+cmp eax, 0x3ff
+mov dx, 0x3ff
+cmovbe edx, eax
+and edx, 0x3ff
+shl edx, 0xa
+or ecx, edx
+jmp short loc_fffa550c ; jmp 0xfffa550c
+
+loc_fffa54fb: ; not directly referenced
+mov edx, 0xff
+cmp eax, 0xff
+mov cl, 0x80
+cmovbe edx, eax
+mov ch, dl
+
+loc_fffa550c: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, edi
+lea ebx, [edi + 4]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, ebx
+mov ecx, eax
+mov eax, dword [ebp + 8]
+mov cl, 0xff
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+
+loc_fffa553b: ; not directly referenced
+inc dword [ebp - 0x6c]
+add edi, 0x400
+cmp dword [ebp - 0x6c], 2
+jne loc_fffa5238 ; jne 0xfffa5238
+mov eax, dword [ebp + 8]
+mov ecx, 0x100000
+mov esi, dword [eax + 0x1887]
+cmp dword [eax + 0x2480], 3
+mov edi, dword [eax + 0x188b]
+sete al
+cmp esi, 0x306d0
+sete bl
+cmp esi, 0x40650
+sete dl
+or bl, dl
+jne short loc_fffa558f ; jne 0xfffa558f
+cmp esi, 0x40670
+sete dl
+test dl, al
+je short loc_fffa55b0 ; je 0xfffa55b0
+
+loc_fffa558f: ; not directly referenced
+mov ecx, 0x102000
+test al, al
+je short loc_fffa55b0 ; je 0xfffa55b0
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x240a], 1
+sbb ecx, ecx
+and ecx, 0x2000
+add ecx, 0x4100000
+
+loc_fffa55b0: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x4c20
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov ecx, 0x553c3038
+mov edx, 0x4f8c
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 3
+je short loc_fffa55e4 ; je 0xfffa55e4
+
+loc_fffa55db: ; not directly referenced
+dec edi
+jne loc_fffa568d ; jne 0xfffa568d
+jmp short loc_fffa563c ; jmp 0xfffa563c
+
+loc_fffa55e4: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffa560f ; jne 0xfffa560f
+mov edx, 0x4010
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x4010
+and eax, 0xfffffff0
+or eax, 7
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa560f: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+jne short loc_fffa55db ; jne 0xfffa55db
+mov edx, 0x4410
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x4410
+and eax, 0xfffffff0
+or eax, 7
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffa55db ; jmp 0xfffa55db
+
+loc_fffa563c: ; not directly referenced
+mov edi, dword [ebp + 8]
+xor edx, edx
+mov ecx, 0x1ffff
+cmp dword [edi + 0x191c], 0x1ffff
+cmovbe ecx, dword [edi + 0x191c]
+mov dx, word [edi + 0x1920]
+and ecx, 0x1ffff
+cmp byte [edi + 0x191b], 0
+mov eax, ecx
+je short loc_fffa5679 ; je 0xfffa5679
+mov ecx, edx
+or ecx, 0x80000000
+mov edx, ecx
+
+loc_fffa5679: ; not directly referenced
+push ecx
+push ecx
+push edx
+mov edx, 0x5028
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+
+loc_fffa568d: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x3f
+xor esi, esi
+xor edi, edi
+call fcn_fffc3c0d ; call 0xfffc3c0d
+mov eax, dword [ebp + 8]
+lea ecx, [ebp - 0x20]
+mov edx, dword [ebp - 0x88]
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x70], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2480]
+mov dword [ebp - 0x74], eax
+lea eax, [ebp - 0x28]
+
+loc_fffa56c4: ; not directly referenced
+mov dword [eax], 0
+cmp dword [edx], 2
+jne short loc_fffa56f1 ; jne 0xfffa56f1
+cmp dword [edx + 0x1173], 2
+jne short loc_fffa56e0 ; jne 0xfffa56e0
+mov ebx, dword [edx + 0x1254]
+mov dword [eax], ebx
+
+loc_fffa56e0: ; not directly referenced
+cmp dword [edx + 0x129b], 2
+jne short loc_fffa56f1 ; jne 0xfffa56f1
+mov ebx, dword [edx + 0x137c]
+add dword [eax], ebx
+
+loc_fffa56f1: ; not directly referenced
+add eax, 4
+add edx, 0x13c3
+cmp eax, ecx
+jne short loc_fffa56c4 ; jne 0xfffa56c4
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x248d]
+mov byte [ebp - 0x78], al
+mov eax, dword [ebp - 0x24]
+mov ebx, eax
+mov dword [ebp - 0x6c], eax
+mov eax, dword [ebp - 0x28]
+cmp ebx, eax
+ja short loc_fffa5737 ; ja 0xfffa5737
+mov eax, dword [ebp + 8]
+mov ebx, 4
+mov dword [eax + 0x381b], 0
+mov dword [eax + 0x4bde], 1
+jmp short loc_fffa5756 ; jmp 0xfffa5756
+
+loc_fffa5737: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov ebx, 1
+mov dword [ebp - 0x6c], eax
+mov dword [ecx + 0x381b], 1
+mov dword [ecx + 0x4bde], 0
+
+loc_fffa5756: ; not directly referenced
+mov eax, dword [ebp - 0x6c]
+mov edx, 0xff
+shr eax, 8
+cmp dword [ebp - 0x70], 0
+jne short loc_fffa5788 ; jne 0xfffa5788
+cmp eax, 0xff
+mov esi, edx
+cmovbe esi, eax
+add eax, eax
+cmp eax, 0xff
+cmova eax, edx
+movzx eax, al
+shl eax, 0x10
+shl esi, 0x18
+or esi, eax
+jmp short loc_fffa5796 ; jmp 0xfffa5796
+
+loc_fffa5788: ; not directly referenced
+cmp eax, 0xff
+cmovbe edx, eax
+mov eax, esi
+mov al, dl
+mov esi, eax
+
+loc_fffa5796: ; not directly referenced
+and ebx, 0xfffffbcf
+mov ecx, ebx
+mov ebx, dword [ebp - 0x74]
+cmp ebx, 3
+sete dl
+or ecx, 0x20
+mov eax, edx
+and eax, 1
+shl eax, 0xa
+or ecx, eax
+xor eax, eax
+cmp ebx, 2
+sete al
+and ch, 0xf7
+shl eax, 0xb
+or ecx, eax
+mov eax, dword [ebp + 8]
+mov ebx, ecx
+mov al, byte [eax + 0x1917]
+test al, al
+je loc_fffa5894 ; je 0xfffa5894
+cmp dword [ebp - 0x70], 0
+jne short loc_fffa5822 ; jne 0xfffa5822
+mov edx, dword [ebp + 8]
+mov edi, 0x3fff
+mov eax, dword [ebp + 8]
+mov dl, byte [edx + 0x191a]
+cmp word [eax + 0x1918], 0x3fff
+cmovbe di, word [eax + 0x1918]
+mov al, 3
+mov byte [ebp - 0x70], dl
+mov edx, dword [ebp + 8]
+and edi, 0x3fff
+cmp byte [edx + 0x191a], 3
+mov dl, byte [ebp - 0x70]
+cmovbe eax, edx
+and eax, 3
+shl eax, 0x15
+jmp short loc_fffa588c ; jmp 0xfffa588c
+
+loc_fffa5822: ; not directly referenced
+cmp al, 2
+jne short loc_fffa5849 ; jne 0xfffa5849
+test dl, dl
+je short loc_fffa5842 ; je 0xfffa5842
+mov al, byte [ebp - 0x78]
+cmp al, 4
+sete dl
+dec al
+sete al
+or dl, al
+je short loc_fffa5842 ; je 0xfffa5842
+mov edi, 0xd030c0
+jmp short loc_fffa5894 ; jmp 0xfffa5894
+
+loc_fffa5842: ; not directly referenced
+mov edi, 0x9030ce
+jmp short loc_fffa5894 ; jmp 0xfffa5894
+
+loc_fffa5849: ; not directly referenced
+mov edx, dword [ebp + 8]
+mov edi, 0x3fff
+mov eax, dword [ebp + 8]
+mov dl, byte [edx + 0x191a]
+cmp word [eax + 0x1918], 0x3fff
+cmovbe di, word [eax + 0x1918]
+mov al, 7
+mov byte [ebp - 0x70], dl
+mov edx, dword [ebp + 8]
+and edi, 0x3fff
+cmp byte [edx + 0x191a], 7
+mov dl, byte [ebp - 0x70]
+cmovbe eax, edx
+and eax, 7
+shl eax, 0x14
+
+loc_fffa588c: ; not directly referenced
+or edi, 0x800000
+or edi, eax
+
+loc_fffa5894: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x2402], 0
+je short loc_fffa58d8 ; je 0xfffa58d8
+mov eax, dword [ebp - 0x24]
+cmp dword [ebp - 0x28], eax
+jne short loc_fffa58ce ; jne 0xfffa58ce
+mov eax, dword [ebp - 0x6c]
+mov ebx, ecx
+or edi, 0x800000
+or ebx, 0x40
+and ebx, 0xfffffc7f
+call fcn_fffaec34 ; call 0xfffaec34
+sub eax, 9
+and eax, 7
+shl eax, 7
+or ebx, eax
+jmp short loc_fffa58d8 ; jmp 0xfffa58d8
+
+loc_fffa58ce: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov byte [eax + 0x2402], 0
+
+loc_fffa58d8: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, edi
+mov edx, 0x5024
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov ecx, ebx
+mov edx, 0x5000
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov ecx, esi
+mov edx, 0x5014
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x6c], 0x5004
+lea ebx, [eax + 0x48c9]
+
+loc_fffa5915: ; not directly referenced
+cmp dword [ebx - 0x1173], 2
+mov esi, ebx
+jne loc_fffa5aaf ; jne 0xfffa5aaf
+xor edx, edx
+cmp dword [ebx], 2
+jne short loc_fffa5931 ; jne 0xfffa5931
+mov edx, dword [ebx + 0xe1]
+
+loc_fffa5931: ; not directly referenced
+cmp dword [ebx + 0x128], 2
+lea eax, [ebx + 0x128]
+jne short loc_fffa5948 ; jne 0xfffa5948
+cmp dword [ebx + 0x209], edx
+ja short loc_fffa594e ; ja 0xfffa594e
+
+loc_fffa5948: ; not directly referenced
+mov edi, eax
+xor ecx, ecx
+jmp short loc_fffa5957 ; jmp 0xfffa5957
+
+loc_fffa594e: ; not directly referenced
+mov ecx, 0x10000
+mov edi, ebx
+mov esi, eax
+
+loc_fffa5957: ; not directly referenced
+mov al, byte [esi + 0xed]
+mov byte [ebp - 0x70], al
+test al, al
+je short loc_fffa59a6 ; je 0xfffa59a6
+cmp dword [esi], 2
+jne short loc_fffa59a6 ; jne 0xfffa59a6
+mov eax, dword [esi + 0xe1]
+mov edx, 0xff
+shr eax, 8
+cmp eax, 0xff
+cmova eax, edx
+xor edx, edx
+cmp byte [ebp - 0x70], 1
+mov cl, al
+setne dl
+and ecx, 0xfff5ffff
+shl edx, 0x11
+xor eax, eax
+cmp byte [esi + 0xf1], 0x10
+sete al
+or ecx, edx
+shl eax, 0x13
+or ecx, eax
+
+loc_fffa59a6: ; not directly referenced
+mov al, byte [edi + 0xed]
+mov byte [ebp - 0x70], al
+test al, al
+je short loc_fffa59f5 ; je 0xfffa59f5
+cmp dword [edi], 2
+jne short loc_fffa59f5 ; jne 0xfffa59f5
+mov eax, dword [edi + 0xe1]
+mov edx, 0xff
+shr eax, 8
+cmp eax, 0xff
+cmova eax, edx
+mov ch, al
+xor eax, eax
+cmp byte [ebp - 0x70], 1
+setne al
+and ecx, 0xffebffff
+shl eax, 0x12
+xor edx, edx
+cmp byte [edi + 0xf1], 0x10
+sete dl
+or ecx, eax
+shl edx, 0x14
+or ecx, edx
+
+loc_fffa59f5: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x1887]
+cmp eax, 0x306d0
+sete dl
+cmp eax, 0x40650
+sete al
+or dl, al
+je short loc_fffa5a22 ; je 0xfffa5a22
+lea eax, [ecx + ecx]
+and ecx, 0xffefffff
+and eax, 0x100000
+or ecx, eax
+
+loc_fffa5a22: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov eax, ecx
+or eax, 0x200000
+mov edx, dword [ebp - 0x6c]
+cmp byte [edi + 0x1908], 0
+cmovne ecx, eax
+mov eax, ecx
+or eax, 0x400000
+cmp byte [edi + 0x1909], 0
+cmovne ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 3
+jne short loc_fffa5aaf ; jne 0xfffa5aaf
+cmp dword [eax + 0x1887], 0x40650
+jne short loc_fffa5a7e ; jne 0xfffa5a7e
+xor ecx, ecx
+cmp byte [esi + 0xf1], 0x20
+sete cl
+lea ecx, [ecx + ecx*2 + 0x200d00]
+jmp short loc_fffa5a9b ; jmp 0xfffa5a9b
+
+loc_fffa5a7e: ; not directly referenced
+mov al, byte [esi + 0xf1]
+mov ecx, 0x401a00
+cmp al, 0x10
+jne short loc_fffa5a91 ; jne 0xfffa5a91
+mov cl, 5
+jmp short loc_fffa5a9b ; jmp 0xfffa5a9b
+
+loc_fffa5a91: ; not directly referenced
+cmp al, 0x20
+mov eax, 0x401a0a
+cmove ecx, eax
+
+loc_fffa5a9b: ; not directly referenced
+mov edx, dword [ebp - 0x6c]
+mov eax, dword [ebp + 8]
+shl edx, 8
+sub edx, 0x4fc1f0
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa5aaf: ; not directly referenced
+add dword [ebp - 0x6c], 4
+add ebx, 0x13c3
+cmp dword [ebp - 0x6c], 0x500c
+jne loc_fffa5915 ; jne 0xfffa5915
+xor edx, edx
+jmp short loc_fffa5b40 ; jmp 0xfffa5b40
+
+loc_fffa5aca: ; not directly referenced
+mov eax, dword [ebp + 8]
+call fcn_fffa6828 ; call 0xfffa6828
+mov edx, 0x12
+test eax, eax
+jne short loc_fffa5b40 ; jne 0xfffa5b40
+sub esp, 0xc
+lea eax, [ebp - 0x58]
+push eax
+mov eax, dword [ebp + 8]
+lea edx, [ebp - 0x28]
+lea ecx, [ebp - 0x5b]
+call fcn_fffa77b4 ; call 0xfffa77b4
+mov edi, dword [ebp + 8]
+add esp, 0x10
+mov edx, 0x16
+mov dword [edi + 0x36d7], eax
+mov al, byte [edi + 0x36e7]
+cmp byte [ebp - 0x5b], al
+jne short loc_fffa5b40 ; jne 0xfffa5b40
+jmp near loc_fffa2dab ; jmp 0xfffa2dab
+
+loc_fffa5b11: ; not directly referenced
+mov edx, 7
+jmp short loc_fffa5b32 ; jmp 0xfffa5b32
+
+loc_fffa5b18: ; not directly referenced
+mov edx, 8
+jmp short loc_fffa5b32 ; jmp 0xfffa5b32
+
+loc_fffa5b1f: ; not directly referenced
+mov edx, 0xa
+jmp short loc_fffa5b32 ; jmp 0xfffa5b32
+
+loc_fffa5b26: ; not directly referenced
+mov edx, 0xb
+jmp short loc_fffa5b32 ; jmp 0xfffa5b32
+
+loc_fffa5b2d: ; not directly referenced
+mov edx, 0xc
+
+loc_fffa5b32: ; not directly referenced
+cmp ecx, 2
+jne loc_fffa5369 ; jne 0xfffa5369
+jmp near loc_fffa53d1 ; jmp 0xfffa53d1
+
+loc_fffa5b40: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, edx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa5b4a: ; not directly referenced
+push ebp
+mov eax, 0x80000003
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffa5b54: ; not directly referenced
+push ebp
+mov eax, 0x80000003
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffa5b5e: ; not directly referenced
+push ebp
+mov eax, 0x80000003
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffa5b68: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+out dx, al
+pop ebp
+ret
+
+fcn_fffa5b74: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 8]
+in al, dx
+pop ebp
+ret
+
+fcn_fffa5b7d: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 0x10]
+mov ecx, dword [ebp + 8]
+wrmsr
+pop ebp
+ret
+
+fcn_fffa5b8d: ; not directly referenced
+push ebp
+mov ebp, esp
+mov ecx, dword [ebp + 8]
+rdmsr
+pop ebp
+ret
+
+fcn_fffa5b97: ; not directly referenced
+push ebp
+mov ebp, esp
+sub esp, 8
+mov eax, dword [ebp + 8]
+cmp dword [ebp + 0xc], 0x41
+mov edx, dword [eax + 0x241b]
+mov edx, dword [edx + 0x1e]
+jne short loc_fffa5bbc ; jne 0xfffa5bbc
+sub esp, 0xc
+push eax
+call dword [edx + 0xcc] ; ucall
+add esp, 0x10
+
+loc_fffa5bbc: ; not directly referenced
+xor eax, eax
+leave
+ret
+
+fcn_fffa5bc0: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x14]
+pop ebp
+ret
+
+fcn_fffa5bc8: ; not directly referenced
+push ebp
+xor eax, eax
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffa5bcf: ; not directly referenced
+push ebp
+mov ebp, esp
+sub esp, 0x18
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x18], eax
+mov eax, dword [ebp + 0x10]
+mov dword [ebp - 0x14], eax
+mov eax, dword [ebp + 8]
+movq qword [ebp - 8], mm0
+movq mm0, qword [ebp - 0x18]
+movq qword [eax], mm0
+movq mm0, qword [ebp - 8]
+emms
+mov eax, dword [ebp - 0x18]
+mov edx, dword [ebp - 0x14]
+leave
+ret
+
+fcn_fffa5bfd: ; not directly referenced
+push ebp
+xor edx, edx
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov ecx, dword [ebp + 0x10]
+
+loc_fffa5c08: ; not directly referenced
+cmp edx, dword [ebp + 0xc]
+je short loc_fffa5c13 ; je 0xfffa5c13
+mov dword [eax + edx*4], ecx
+inc edx
+jmp short loc_fffa5c08 ; jmp 0xfffa5c08
+
+loc_fffa5c13: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffa5c15: ; not directly referenced
+push ebp
+xor edx, edx
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov ecx, dword [ebp + 0x10]
+
+loc_fffa5c20: ; not directly referenced
+cmp edx, dword [ebp + 0xc]
+je short loc_fffa5c2c ; je 0xfffa5c2c
+mov word [eax + edx*2], cx
+inc edx
+jmp short loc_fffa5c20 ; jmp 0xfffa5c20
+
+loc_fffa5c2c: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffa5c2e:
+push ebp
+mov ebp, esp
+push esi
+mov esi, dword [ebp + 0x10]
+push ebx
+mov ebx, dword [ebp + 0xc]
+add esi, ebx
+
+loc_fffa5c3b:
+cmp ebx, esi
+je short loc_fffa5c58 ; je 0xfffa5c58
+mov eax, dword [0xff7d0274]
+inc ebx
+movzx edx, byte [ebx - 1]
+test eax, eax
+je short loc_fffa5c3b ; je 0xfffa5c3b
+sub esp, 0xc
+push edx
+call eax
+add esp, 0x10
+jmp short loc_fffa5c3b ; jmp 0xfffa5c3b
+
+loc_fffa5c58:
+lea esp, [ebp - 8]
+or eax, 0xffffffff
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffa5c62: ; not directly referenced
+push ebp
+xor eax, eax
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffa5c69: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+pop ebp
+mov dword [0xff7d0080], eax
+xor eax, eax
+ret
+
+fcn_fffa5c78: ; not directly referenced
+push ebp
+mov edx, dword [0xff7d0080]
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov dword [eax], edx
+xor eax, eax
+pop ebp
+ret
+
+fcn_fffa5c8a: ; not directly referenced
+push ebp
+mov ebp, esp
+pop ebp
+jmp near loc_fffd2972 ; jmp 0xfffd2972
+
+fcn_fffa5c93: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov ecx, dword [eax + 0x5edc]
+lea edx, [ecx + 0x1b8]
+xor ecx, ecx
+mov dword [ebp + 8], edx
+mov edx, 1
+pop ebp
+jmp near fcn_fffae5b2 ; jmp 0xfffae5b2
+
+fcn_fffa5cb5: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x5edc]
+lea ecx, [eax + 0x1c]
+mov byte [eax + 0x247c], 1
+add edx, 0x1b8
+mov dword [edx], ecx
+xor ecx, ecx
+mov dword [ebp + 8], edx
+xor edx, edx
+pop ebp
+jmp near fcn_fffae5b2 ; jmp 0xfffae5b2
+
+fcn_fffa5ce0: ; not directly referenced
+push ebp
+mov ebp, esp
+sub esp, 8
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x5edc]
+cmp byte [edx + 0x1c4], 1
+jne short loc_fffa5d04 ; jne 0xfffa5d04
+sub esp, 0xc
+push eax
+call fcn_fffa5cb5 ; call 0xfffa5cb5
+add esp, 0x10
+
+loc_fffa5d04: ; not directly referenced
+xor eax, eax
+leave
+ret
+
+fcn_fffa5d08: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov ecx, dword [eax + 0x5edc]
+lea edx, [ecx + 0x1b8]
+mov ecx, 1
+mov dword [ebp + 8], edx
+mov edx, 1
+pop ebp
+jmp near fcn_fffae5b2 ; jmp 0xfffae5b2
+
+fcn_fffa5d2d: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x600
+mov edi, dword [ebp + 0x18]
+mov ebx, dword [ebp + 0x14]
+mov dword [ebp - 0x5c0], ecx
+mov ecx, dword [ebp + 0xc]
+mov dword [ebp - 0x5ac], edx
+mov esi, dword [ebp + 8]
+mov dword [ebp - 0x600], edi
+mov edi, dword [ebp + 0x20]
+mov byte [ebp - 0x5b0], bl
+mov dword [ebp - 0x5ec], ecx
+mov byte [ebp - 0x5e0], cl
+mov dword [ebp - 0x5f0], edi
+mov edi, dword [eax + 0x2443]
+lea eax, [ebp - 0x590]
+push 1
+push 5
+push eax
+mov dword [ebp - 0x5bc], edi
+call dword [edi + 0x64] ; ucall
+add esp, 0xc
+push 1
+push 5
+lea eax, [ebp - 0x57c]
+push eax
+call dword [edi + 0x64] ; ucall
+add esp, 0xc
+push 0xffffffffffffffff
+push 5
+lea eax, [ebp - 0x568]
+push eax
+call dword [edi + 0x64] ; ucall
+add esp, 0xc
+push 0
+push 5
+lea eax, [ebp - 0x554]
+push eax
+call dword [edi + 0x64] ; ucall
+add esp, 0xc
+push 0
+push 5
+lea eax, [ebp - 0x540]
+push eax
+call dword [edi + 0x64] ; ucall
+add esp, 0xc
+push 0
+push 5
+lea eax, [ebp - 0x52c]
+push eax
+call dword [edi + 0x64] ; ucall
+add esp, 0xc
+push 0
+push 5
+lea eax, [ebp - 0x59a]
+push eax
+call dword [edi + 0x60] ; ucall
+add esp, 0xc
+push 0
+push 0x500
+lea eax, [ebp - 0x518]
+push eax
+call dword [edi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x50a
+push dword [ebp - 0x5ac]
+call dword [edi + 0x5c] ; ucall
+mov edi, dword [ebp - 0x5b0]
+mov al, 1
+mov dword [ebp - 0x5b8], 0
+mov byte [ebp - 0x5d9], 0
+add esp, 0x10
+test bl, bl
+cmove edi, eax
+xor ebx, ebx
+mov eax, edi
+mov byte [ebp - 0x5b0], al
+shr al, 1
+mov byte [ebp - 0x5d4], al
+mov eax, esi
+movzx eax, al
+mov dword [ebp - 0x5fc], eax
+movsx eax, byte [ebp - 0x5e0]
+mov dword [ebp - 0x5d0], eax
+add eax, 0x7fffffff
+mov dword [ebp - 0x604], eax
+
+loc_fffa5e6f: ; not directly referenced
+movzx eax, byte [ebp - 0x5b0]
+mov ecx, dword [ebp - 0x5c0]
+mov dword [ebp - 0x5c8], 0
+movzx esi, al
+mov dword [ebp - 0x5d8], esi
+mov esi, dword [ebp + 0x1c]
+imul ax, word [esi + ebx*2]
+mov esi, dword [ebp + 0x10]
+movzx edx, byte [esi + ebx]
+mov esi, dword [ebp - 0x5b8]
+imul eax, edx
+mov word [ebp + ebx*2 - 0x59a], ax
+mov eax, esi
+add eax, esi
+add eax, ecx
+mov dword [ebp - 0x5f4], eax
+mov eax, dword [ebp - 0x604]
+add eax, esi
+add eax, eax
+add eax, ecx
+mov ecx, ebx
+mov dword [ebp - 0x5f8], eax
+shl ecx, 6
+
+loc_fffa5ed2: ; not directly referenced
+mov esi, dword [ebp - 0x5c8]
+mov eax, esi
+mov byte [ebp - 0x5e8], al
+movzx eax, al
+cmp eax, dword [ebp - 0x5d0]
+jge loc_fffa6035 ; jge 0xfffa6035
+mov esi, dword [ebp + 0x10]
+cmp byte [esi + ebx], 0
+jne short loc_fffa5f16 ; jne 0xfffa5f16
+lea edx, [ecx + eax]
+mov dword [ebp + edx*4 - 0x518], 1
+mov dword [ebp + ebx*4 - 0x568], 1
+jmp near loc_fffa6005 ; jmp 0xfffa6005
+
+loc_fffa5f16: ; not directly referenced
+mov dl, byte [ebp - 0x5e8]
+lea edi, [ecx + eax]
+mov dword [ebp - 0x5c4], edi
+cmp dl, 1
+adc byte [ebp - 0x5d9], 0
+sub edx, dword [ebp - 0x5d4]
+mov esi, edx
+
+loc_fffa5f37: ; not directly referenced
+mov dl, byte [ebp - 0x5d4]
+sub edx, dword [ebp - 0x5e8]
+mov edi, edx
+add edi, esi
+mov edx, edi
+cmp dl, byte [ebp - 0x5b0]
+jae short loc_fffa5fa7 ; jae 0xfffa5fa7
+mov edx, esi
+test dl, dl
+jns short loc_fffa5f5f ; jns 0xfffa5f5f
+mov edi, dword [ebp - 0x5f4]
+jmp short loc_fffa5f6f ; jmp 0xfffa5f6f
+
+loc_fffa5f5f: ; not directly referenced
+mov edx, esi
+cmp dl, byte [ebp - 0x5e0]
+jl short loc_fffa5f74 ; jl 0xfffa5f74
+mov edi, dword [ebp - 0x5f8]
+
+loc_fffa5f6f: ; not directly referenced
+movzx edi, word [edi]
+jmp short loc_fffa5f97 ; jmp 0xfffa5f97
+
+loc_fffa5f74: ; not directly referenced
+mov edx, esi
+movsx edi, dl
+cmp eax, edi
+jne short loc_fffa5f87 ; jne 0xfffa5f87
+mov edi, dword [ebp - 0x5b8]
+add edi, eax
+jmp short loc_fffa5f8d ; jmp 0xfffa5f8d
+
+loc_fffa5f87: ; not directly referenced
+add edi, dword [ebp - 0x5b8]
+
+loc_fffa5f8d: ; not directly referenced
+mov edx, dword [ebp - 0x5c0]
+movzx edi, word [edx + edi*2]
+
+loc_fffa5f97: ; not directly referenced
+mov edx, dword [ebp - 0x5c4]
+inc esi
+add dword [ebp + edx*4 - 0x518], edi
+jmp short loc_fffa5f37 ; jmp 0xfffa5f37
+
+loc_fffa5fa7: ; not directly referenced
+lea edx, [ecx + eax]
+mov edx, dword [ebp + edx*4 - 0x518]
+cmp dword [ebp + ebx*4 - 0x590], edx
+jae short loc_fffa5fc1 ; jae 0xfffa5fc1
+mov dword [ebp + ebx*4 - 0x590], edx
+
+loc_fffa5fc1: ; not directly referenced
+cmp dword [ebp + ebx*4 - 0x568], edx
+jbe short loc_fffa5fdb ; jbe 0xfffa5fdb
+lea esi, [ecx + eax]
+mov esi, dword [ebp + esi*4 - 0x518]
+mov dword [ebp + ebx*4 - 0x568], esi
+
+loc_fffa5fdb: ; not directly referenced
+movzx esi, byte [ebp - 0x5c8]
+mov edi, dword [ebp - 0x5c0]
+add esi, dword [ebp - 0x5b8]
+movzx esi, word [edi + esi*2]
+imul esi, dword [ebp - 0x5d8]
+sub edx, esi
+imul edx, edx
+add dword [ebp + ebx*4 - 0x540], edx
+
+loc_fffa6005: ; not directly referenced
+imul edx, ebx, 0x29
+movzx edi, byte [ebp - 0x5b0]
+inc dword [ebp - 0x5c8]
+lea esi, [eax + edx + 0x74]
+add eax, ecx
+mov eax, dword [ebp + eax*4 - 0x518]
+xor edx, edx
+div edi
+mov edi, dword [ebp - 0x5ac]
+mov dword [edi + esi*4 + 6], eax
+jmp near loc_fffa5ed2 ; jmp 0xfffa5ed2
+
+loc_fffa6035: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+mov al, byte [eax + ebx]
+mov byte [ebp - 0x5c8], al
+test al, al
+je loc_fffa61bd ; je 0xfffa61bd
+mov edx, dword [ebp + ebx*4 - 0x590]
+mov ecx, dword [ebp + ebx*4 - 0x568]
+mov eax, edx
+sub eax, ecx
+add ecx, edx
+imul eax, eax, 0x4e20
+xor edx, edx
+div ecx
+xor edx, edx
+mov dword [ebp - 0x5c4], eax
+mov dword [ebp + ebx*4 - 0x554], eax
+mov eax, dword [ebp + ebx*4 - 0x540]
+div dword [ebp - 0x5d0]
+test eax, eax
+jne short loc_fffa6094 ; jne 0xfffa6094
+mov dword [ebp + ebx*4 - 0x540], 0
+jmp short loc_fffa6103 ; jmp 0xfffa6103
+
+loc_fffa6094: ; not directly referenced
+imul eax, eax, 0x64
+xor esi, esi
+call fcn_fffaebb7 ; call 0xfffaebb7
+mov ecx, eax
+mov eax, 1
+shr ecx, 1
+
+loc_fffa60a7: ; not directly referenced
+cmp ecx, 0x64
+jbe short loc_fffa60d2 ; jbe 0xfffa60d2
+imul eax, eax, 0xa9e
+mov edi, 0xa
+xor edx, edx
+sub ecx, 0x64
+div edi
+test esi, esi
+je short loc_fffa60cb ; je 0xfffa60cb
+mov esi, 0x64
+xor edx, edx
+div esi
+
+loc_fffa60cb: ; not directly referenced
+mov esi, 1
+jmp short loc_fffa60a7 ; jmp 0xfffa60a7
+
+loc_fffa60d2: ; not directly referenced
+lea edx, [ecx*8 + 0x384]
+imul edx, ecx
+mov ecx, 0x3e8
+add edx, 0x18a88
+imul edx, eax
+mov eax, edx
+xor edx, edx
+div ecx
+test esi, esi
+je short loc_fffa60fc ; je 0xfffa60fc
+mov cx, 0x64
+xor edx, edx
+div ecx
+
+loc_fffa60fc: ; not directly referenced
+mov dword [ebp + ebx*4 - 0x540], eax
+
+loc_fffa6103: ; not directly referenced
+mov ecx, dword [ebp + ebx*4 - 0x590]
+xor edx, edx
+mov edi, dword [ebp + ebx*4 - 0x568]
+imul eax, dword [ebp + ebx*4 - 0x540], 0xc8
+lea esi, [edi + ecx]
+div esi
+mov esi, eax
+mov dword [ebp + ebx*4 - 0x540], eax
+imul eax, dword [ebp - 0x5c4], 0x3e8
+test esi, esi
+je short loc_fffa613e ; je 0xfffa613e
+xor edx, edx
+div esi
+
+loc_fffa613e: ; not directly referenced
+mov edx, dword [ebp - 0x5ac]
+mov dword [ebp + ebx*4 - 0x52c], eax
+mov al, byte [ebp - 0x5c8]
+mov dword [ebp + ebx*4 - 0x57c], ecx
+mov byte [edx + ebx + 3], al
+mov eax, dword [ebp - 0x5c4]
+mov dword [edx + ebx*4 + 0x1c], esi
+movzx esi, byte [ebp - 0x5b0]
+mov dword [edx + ebx*4 + 8], eax
+mov eax, dword [ebp + ebx*4 - 0x52c]
+mov dword [edx + ebx*4 + 0x30], eax
+mov eax, ecx
+xor edx, edx
+sub ecx, edi
+div esi
+mov edx, dword [ebp - 0x5ac]
+mov dword [edx + ebx*4 + 0x44], eax
+mov eax, edi
+xor edx, edx
+div esi
+mov edx, dword [ebp - 0x5ac]
+mov esi, dword [ebp + 0x10]
+mov dword [edx + ebx*4 + 0x58], eax
+movzx eax, cx
+movzx esi, byte [esi + ebx]
+cdq
+idiv dword [ebp - 0x5d8]
+cdq
+idiv esi
+mov edx, dword [ebp - 0x5ac]
+mov word [edx + ebx*2 + 0x6c], ax
+
+loc_fffa61bd: ; not directly referenced
+mov eax, dword [ebp - 0x5fc]
+inc ebx
+add dword [ebp - 0x5b8], eax
+cmp ebx, 5
+jne loc_fffa5e6f ; jne 0xfffa5e6f
+mov eax, 5
+
+loc_fffa61d8: ; not directly referenced
+dec eax
+je short loc_fffa6205 ; je 0xfffa6205
+xor edx, edx
+
+loc_fffa61dd: ; not directly referenced
+movzx ecx, dl
+cmp ecx, eax
+jge short loc_fffa61d8 ; jge 0xfffa61d8
+shl ecx, 2
+lea esi, [ebp - 0x57c]
+add esi, ecx
+lea ecx, [ebp + ecx - 0x578]
+mov ebx, dword [esi]
+mov edi, dword [ecx]
+cmp ebx, edi
+jae short loc_fffa6202 ; jae 0xfffa6202
+mov dword [esi], edi
+mov dword [ecx], ebx
+
+loc_fffa6202: ; not directly referenced
+inc edx
+jmp short loc_fffa61dd ; jmp 0xfffa61dd
+
+loc_fffa6205: ; not directly referenced
+mov esi, dword [ebp - 0x56c]
+xor edi, edi
+xor ebx, ebx
+
+loc_fffa620f: ; not directly referenced
+cmp edi, 4
+je short loc_fffa621d ; je 0xfffa621d
+mov eax, dword [ebp + edi*4 - 0x57c]
+jmp short loc_fffa621f ; jmp 0xfffa621f
+
+loc_fffa621d: ; not directly referenced
+mov eax, esi
+
+loc_fffa621f: ; not directly referenced
+call fcn_fffaec34 ; call 0xfffaec34
+inc edi
+add ebx, eax
+cmp edi, 5
+jne short loc_fffa620f ; jne 0xfffa620f
+add ebx, 0xb
+cmp bl, 0x40
+ja short loc_fffa6259 ; ja 0xfffa6259
+
+loc_fffa6234: ; not directly referenced
+mov al, byte [ebp - 0x5ec]
+cmp byte [ebp - 0x600], 0
+mov byte [ebp - 0x5c8], 0
+mov byte [ebp - 0x5c0], al
+je loc_fffa62f4 ; je 0xfffa62f4
+jmp near loc_fffa631f ; jmp 0xfffa631f
+
+loc_fffa6259: ; not directly referenced
+movzx ecx, byte [ebp - 0x5d9]
+movzx ebx, bl
+lea eax, [ecx + ebx - 0x41]
+xor ebx, ebx
+cdq
+idiv ecx
+mov edx, 1
+movzx eax, al
+lea ecx, [eax - 1]
+shl edx, cl
+mov dword [ebp - 0x5b0], eax
+movzx eax, dl
+
+loc_fffa6282: ; not directly referenced
+mov edx, dword [ebp + ebx*4 - 0x590]
+mov esi, dword [ebp - 0x5b0]
+add edx, eax
+mov ecx, esi
+mov esi, ebx
+shr edx, cl
+mov dword [ebp + ebx*4 - 0x590], edx
+movzx edx, word [ebp + ebx*2 - 0x59a]
+shl esi, 6
+mov dword [ebp - 0x5b8], esi
+add edx, eax
+sar edx, cl
+mov word [ebp + ebx*2 - 0x59a], dx
+xor edx, edx
+
+loc_fffa62bd: ; not directly referenced
+movzx edi, dl
+cmp edi, dword [ebp - 0x5d0]
+jge short loc_fffa62e9 ; jge 0xfffa62e9
+add edi, dword [ebp - 0x5b8]
+inc edx
+mov cl, byte [ebp - 0x5b0]
+mov esi, dword [ebp + edi*4 - 0x518]
+add esi, eax
+shr esi, cl
+mov dword [ebp + edi*4 - 0x518], esi
+jmp short loc_fffa62bd ; jmp 0xfffa62bd
+
+loc_fffa62e9: ; not directly referenced
+inc ebx
+cmp ebx, 5
+jne short loc_fffa6282 ; jne 0xfffa6282
+jmp near loc_fffa6234 ; jmp 0xfffa6234
+
+loc_fffa62f4: ; not directly referenced
+mov eax, dword [ebp - 0x5d8]
+cmp dword [ebp - 0x5d0], eax
+jle short loc_fffa631f ; jle 0xfffa631f
+cmp byte [ebp - 0x5d4], 0
+je short loc_fffa631f ; je 0xfffa631f
+mov al, byte [ebp - 0x5ec]
+mov byte [ebp - 0x5c8], 1
+dec eax
+mov byte [ebp - 0x5c0], al
+
+loc_fffa631f: ; not directly referenced
+mov al, byte [ebp - 0x5c8]
+xor esi, esi
+xor edi, edi
+mov byte [ebp - 0x5b0], 0
+mov dword [ebp - 0x5b8], 0xffffffff
+mov dword [ebp - 0x5b4], 0xffffffff
+mov byte [ebp - 0x5c4], al
+
+loc_fffa634a: ; not directly referenced
+mov al, byte [ebp - 0x5c0]
+mov cl, byte [ebp - 0x5c4]
+cmp cl, al
+jae loc_fffa6500 ; jae 0xfffa6500
+movzx eax, cl
+xor ebx, ebx
+lea eax, [ebp + eax*4 - 0x518]
+mov dword [ebp - 0x5d8], eax
+mov dword [ebp - 0x5e8], 0
+mov dword [ebp - 0x5e4], 0
+mov dword [ebp - 0x5d4], 0xffffffff
+
+loc_fffa638e: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+mov byte [ebp - 0x5ec], bl
+cmp byte [eax + ebx], 0
+je loc_fffa645f ; je 0xfffa645f
+mov ecx, dword [ebp - 0x5d8]
+mov eax, ebx
+shl eax, 8
+mov dword [ebp - 0x5e0], eax
+mov dword [ebp - 0x5d0], 1
+mov eax, dword [ecx + eax]
+mov ecx, dword [ebp - 0x5d4]
+mov dword [ebp - 0x5cc], 0
+cmp ecx, eax
+cmovbe eax, ecx
+xor ecx, ecx
+mov dword [ebp - 0x5d4], eax
+
+loc_fffa63dc: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+cmp byte [eax + ecx], 0
+je short loc_fffa6425 ; je 0xfffa6425
+cmp byte [ebp - 0x5ec], cl
+je short loc_fffa6425 ; je 0xfffa6425
+push eax
+mov eax, dword [ebp - 0x5bc]
+push dword [ebp + ecx*4 - 0x590]
+push dword [ebp - 0x5cc]
+push dword [ebp - 0x5d0]
+mov dword [ebp - 0x5f4], ecx
+call dword [eax + 0x70] ; ucall
+mov ecx, dword [ebp - 0x5f4]
+add esp, 0x10
+mov dword [ebp - 0x5d0], eax
+mov dword [ebp - 0x5cc], edx
+
+loc_fffa6425: ; not directly referenced
+inc ecx
+cmp ecx, 5
+jne short loc_fffa63dc ; jne 0xfffa63dc
+mov ecx, dword [ebp - 0x5e0]
+push eax
+mov eax, dword [ebp - 0x5d8]
+push dword [eax + ecx]
+mov eax, dword [ebp - 0x5bc]
+push dword [ebp - 0x5cc]
+push dword [ebp - 0x5d0]
+call dword [eax + 0x70] ; ucall
+add dword [ebp - 0x5e8], eax
+adc dword [ebp - 0x5e4], edx
+add esp, 0x10
+
+loc_fffa645f: ; not directly referenced
+inc ebx
+cmp ebx, 5
+jne loc_fffa638e ; jne 0xfffa638e
+mov eax, 1
+xor edx, edx
+xor ebx, ebx
+
+loc_fffa6472: ; not directly referenced
+cmp bl, byte [ebp - 0x5d9]
+je short loc_fffa6492 ; je 0xfffa6492
+push ecx
+inc ebx
+push dword [ebp - 0x5d4]
+push edx
+push eax
+mov eax, dword [ebp - 0x5bc]
+call dword [eax + 0x70] ; ucall
+add esp, 0x10
+jmp short loc_fffa6472 ; jmp 0xfffa6472
+
+loc_fffa6492: ; not directly referenced
+mov ecx, dword [ebp - 0x5e8]
+mov ebx, dword [ebp - 0x5e4]
+add ecx, eax
+adc ebx, edx
+cmp dword [ebp - 0x5b4], ebx
+jb short loc_fffa64c0 ; jb 0xfffa64c0
+ja short loc_fffa64b4 ; ja 0xfffa64b4
+cmp dword [ebp - 0x5b8], ecx
+jbe short loc_fffa64c0 ; jbe 0xfffa64c0
+
+loc_fffa64b4: ; not directly referenced
+mov dword [ebp - 0x5b8], ecx
+mov dword [ebp - 0x5b4], ebx
+
+loc_fffa64c0: ; not directly referenced
+cmp ebx, edi
+ja short loc_fffa64ca ; ja 0xfffa64ca
+jb short loc_fffa64da ; jb 0xfffa64da
+cmp ecx, esi
+jbe short loc_fffa64da ; jbe 0xfffa64da
+
+loc_fffa64ca: ; not directly referenced
+mov al, byte [ebp - 0x5c4]
+mov esi, ecx
+mov edi, ebx
+mov byte [ebp - 0x5b0], al
+
+loc_fffa64da: ; not directly referenced
+movzx eax, byte [ebp - 0x5c4]
+mov edx, dword [ebp - 0x5ac]
+inc byte [ebp - 0x5c4]
+mov dword [edx + eax*8 + 0x8e], ecx
+mov dword [edx + eax*8 + 0x92], ebx
+jmp near loc_fffa634a ; jmp 0xfffa634a
+
+loc_fffa6500: ; not directly referenced
+mov ebx, dword [ebp - 0x5bc]
+mov eax, dword [ebx + 0x74]
+push edx
+mov edx, edi
+push 0x7d0
+mov dword [ebp - 0x5c4], eax
+mov eax, esi
+sub eax, dword [ebp - 0x5b8]
+sbb edx, dword [ebp - 0x5b4]
+push edx
+push eax
+call dword [ebx + 0x70] ; ucall
+mov ecx, dword [ebp - 0x5b8]
+mov ebx, dword [ebp - 0x5b4]
+mov dword [esp], 0
+add ecx, esi
+adc ebx, edi
+add ecx, 1
+adc ebx, 0
+push ebx
+push ecx
+push edx
+push eax
+mov eax, dword [ebp - 0x5c4]
+call eax
+mov ebx, dword [ebp - 0x5ac]
+add esp, 0x20
+movzx ecx, byte [ebp - 0x5b0]
+mov dword [ebx + 0x7e], esi
+mov word [ebx], cx
+mov ecx, dword [ebp - 0x5b8]
+mov dword [ebx + 0x76], eax
+mov eax, ebx
+mov dword [ebx + 0x7a], edx
+mov dword [ebx + 0x82], edi
+mov ebx, dword [ebp - 0x5b4]
+mov dword [eax + 0x86], ecx
+mov dword [eax + 0x8a], ebx
+mov eax, dword [ebp - 0x5f0]
+test al, al
+je loc_fffa6656 ; je 0xfffa6656
+movzx ebx, byte [ebp - 0x5b0]
+movsx eax, al
+jns short loc_fffa65be ; jns 0xfffa65be
+movzx edx, byte [ebp - 0x5c8]
+add ebx, eax
+mov esi, 1
+cmp ebx, edx
+cmovl ebx, edx
+jmp short loc_fffa65e5 ; jmp 0xfffa65e5
+
+loc_fffa65be: ; not directly referenced
+movzx edx, byte [ebp - 0x5c0]
+add ebx, eax
+cmp ebx, edx
+jl short loc_fffa65d4 ; jl 0xfffa65d4
+mov bl, byte [ebp - 0x5c0]
+dec ebx
+jmp short loc_fffa65e0 ; jmp 0xfffa65e0
+
+loc_fffa65d4: ; not directly referenced
+mov bl, byte [ebp - 0x5f0]
+add ebx, dword [ebp - 0x5b0]
+
+loc_fffa65e0: ; not directly referenced
+mov esi, 0xffffffff
+
+loc_fffa65e5: ; not directly referenced
+mov ecx, dword [ebp - 0x5ac]
+push eax
+movzx eax, byte [ebp - 0x5b0]
+mov edi, dword [ebp - 0x5bc]
+push 0x5a
+push dword [ecx + eax*8 + 0x92]
+push dword [ecx + eax*8 + 0x8e]
+call dword [edi + 0x70] ; ucall
+mov dword [esp], 0
+push 0
+push 0x64
+push edx
+push eax
+call dword [edi + 0x74] ; ucall
+add esp, 0x20
+
+loc_fffa661f: ; not directly referenced
+cmp bl, byte [ebp - 0x5b0]
+je short loc_fffa6641 ; je 0xfffa6641
+mov edi, dword [ebp - 0x5ac]
+movzx ecx, bl
+add ecx, 0x10
+cmp dword [edi + ecx*8 + 0x12], edx
+jb short loc_fffa6652 ; jb 0xfffa6652
+ja short loc_fffa6641 ; ja 0xfffa6641
+cmp dword [edi + ecx*8 + 0xe], eax
+jbe short loc_fffa6652 ; jbe 0xfffa6652
+
+loc_fffa6641: ; not directly referenced
+mov eax, dword [ebp - 0x5ac]
+sub ebx, dword [ebp - 0x5b0]
+mov byte [eax + 2], bl
+jmp short loc_fffa6656 ; jmp 0xfffa6656
+
+loc_fffa6652: ; not directly referenced
+add ebx, esi
+jmp short loc_fffa661f ; jmp 0xfffa661f
+
+loc_fffa6656: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa665e: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+sub esp, 0x1c
+mov dword [ebp - 0x20], eax
+add eax, 0x3756
+mov dword [ebp - 0x28], edx
+mov dword [ebp - 0x1c], eax
+
+loc_fffa6677: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+cmp dword [eax], 2
+je short loc_fffa669c ; je 0xfffa669c
+
+loc_fffa667f: ; not directly referenced
+add esi, 0x400
+add dword [ebp - 0x1c], 0x13c3
+cmp esi, 0x800
+jne short loc_fffa6677 ; jne 0xfffa6677
+add esp, 0x1c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffa669c: ; not directly referenced
+mov edi, dword [ebp - 0x28]
+lea eax, [esi + 0x4060]
+mov dword [ebp - 0x24], eax
+lea ebx, [esi + 0x4054]
+sub edi, esi
+
+loc_fffa66b0: ; not directly referenced
+mov ecx, dword [edi + ebx - 0x4054]
+mov edx, ebx
+mov eax, dword [ebp - 0x20]
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [edi + ebx - 0x4054]
+lea edx, [ebx - 0xc]
+mov eax, dword [ebp - 0x20]
+add ebx, 4
+call fcn_fffae58c ; call 0xfffae58c
+cmp ebx, dword [ebp - 0x24]
+jne short loc_fffa66b0 ; jne 0xfffa66b0
+jmp short loc_fffa667f ; jmp 0xfffa667f
+
+fcn_fffa66dd: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x10
+mov dword [ebp - 0x18], eax
+cmp cl, 5
+ja short loc_fffa6700 ; ja 0xfffa6700
+cmp cl, 4
+jae short loc_fffa671a ; jae 0xfffa671a
+lea eax, [ecx - 1]
+cmp al, 1
+ja loc_fffa67f4 ; ja 0xfffa67f4
+jmp short loc_fffa671a ; jmp 0xfffa671a
+
+loc_fffa6700: ; not directly referenced
+cmp cl, 0x10
+jb loc_fffa67f4 ; jb 0xfffa67f4
+cmp cl, 0x11
+jbe short loc_fffa6721 ; jbe 0xfffa6721
+lea eax, [ecx - 0x20]
+cmp al, 1
+jbe short loc_fffa6721 ; jbe 0xfffa6721
+jmp near loc_fffa67f4 ; jmp 0xfffa67f4
+
+loc_fffa671a: ; not directly referenced
+mov edi, 0xa
+jmp short loc_fffa6726 ; jmp 0xfffa6726
+
+loc_fffa6721: ; not directly referenced
+mov edi, 7
+
+loc_fffa6726: ; not directly referenced
+xor ebx, ebx
+cmp cl, 0x21
+ja short loc_fffa6733 ; ja 0xfffa6733
+mov bl, byte [ecx + ref_fffd5f1c] ; mov bl, byte [ecx - 0x2a0e4]
+
+loc_fffa6733: ; not directly referenced
+cmp bl, 7
+mov al, 7
+cmovbe eax, ebx
+xor ebx, ebx
+movzx esi, al
+mov eax, dword [ebp - 0x18]
+imul esi, esi, 0x240
+add eax, 0x3756
+mov dword [ebp - 0x10], eax
+mov eax, edi
+add esi, edx
+movzx eax, al
+mov dword [ebp - 0x1c], eax
+
+loc_fffa675b: ; not directly referenced
+mov eax, dword [ebp - 0x10]
+cmp dword [eax], 2
+jne short loc_fffa67dd ; jne 0xfffa67dd
+mov byte [ebp - 0x11], 0
+
+loc_fffa6767: ; not directly referenced
+mov edi, dword [ebp - 0x18]
+movzx eax, byte [ebp - 0x11]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffa67b9 ; jae 0xfffa67b9
+add eax, ebx
+xor ecx, ecx
+lea eax, [esi + eax*8]
+
+loc_fffa677d: ; not directly referenced
+mov edi, dword [ebp - 0x10]
+mov edx, 1
+shl edx, cl
+test byte [edi + 0xc4], dl
+je short loc_fffa67ae ; je 0xfffa67ae
+imul edx, ecx, 0x90
+mov edi, dword [eax + edx]
+cmp dword [esi + ebx*8], edi
+jbe short loc_fffa67a0 ; jbe 0xfffa67a0
+mov dword [esi + ebx*8], edi
+
+loc_fffa67a0: ; not directly referenced
+mov edx, dword [eax + edx + 4]
+cmp dword [esi + ebx*8 + 4], edx
+jbe short loc_fffa67ae ; jbe 0xfffa67ae
+mov dword [esi + ebx*8 + 4], edx
+
+loc_fffa67ae: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffa677d ; jne 0xfffa677d
+inc byte [ebp - 0x11]
+jmp short loc_fffa6767 ; jmp 0xfffa6767
+
+loc_fffa67b9: ; not directly referenced
+mov edi, dword [ebp - 0x1c]
+mov ecx, 0xa
+xor edx, edx
+mov eax, dword [esi + ebx*8]
+imul eax, edi
+div ecx
+xor edx, edx
+mov dword [esi + ebx*8], eax
+mov eax, dword [esi + ebx*8 + 4]
+imul eax, edi
+div ecx
+mov dword [esi + ebx*8 + 4], eax
+
+loc_fffa67dd: ; not directly referenced
+add ebx, 9
+add dword [ebp - 0x10], 0x13c3
+cmp ebx, 0x12
+jne loc_fffa675b ; jne 0xfffa675b
+xor eax, eax
+jmp short loc_fffa67f9 ; jmp 0xfffa67f9
+
+loc_fffa67f4: ; not directly referenced
+mov eax, 2
+
+loc_fffa67f9: ; not directly referenced
+add esp, 0x10
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa6801:
+push ebp
+mov ebp, esp
+sub esp, 0x24
+lea edx, [ebp - 0xc]
+push edx
+lea edx, [ebp - 0x10]
+push edx
+lea edx, [ebp - 0x14]
+push edx
+lea eax, [ebp - 0x18]
+push eax
+push 1
+call fcn_fffd28d0 ; call 0xfffd28d0
+mov eax, dword [ebp - 0x18]
+leave
+and eax, 0xfff0ff0
+ret
+
+fcn_fffa6828: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0xc
+mov ebx, dword [eax + 0x2443]
+call dword [ebx + 0x54] ; ucall
+lea edi, [eax + 0x2710]
+
+loc_fffa6842: ; not directly referenced
+mov edx, 0x5084
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+test eax, 0x10000
+jne short loc_fffa6863 ; jne 0xfffa6863
+call dword [ebx + 0x54] ; ucall
+cmp edi, eax
+ja short loc_fffa6842 ; ja 0xfffa6842
+mov eax, 0x12
+jmp short loc_fffa6865 ; jmp 0xfffa6865
+
+loc_fffa6863: ; not directly referenced
+xor eax, eax
+
+loc_fffa6865: ; not directly referenced
+add esp, 0xc
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa686d: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+mov esi, ecx
+push ebx
+sub esp, 0x3c
+mov ebx, dword [eax + 0x2443]
+mov dword [ebp - 0x30], edx
+call dword [ebx + 0x54] ; ucall
+lea ecx, [eax + 0x2710]
+push eax
+push 0
+push 4
+push dword [ebp + 0xc]
+mov dword [ebp - 0x34], ecx
+call dword [ebx + 0x5c] ; ucall
+mov eax, dword [ebp - 0x30]
+add esp, 0x10
+shl eax, 0xa
+mov dword [ebp - 0x38], eax
+add eax, 0x4214
+mov dword [ebp - 0x2c], eax
+
+loc_fffa68ae: ; not directly referenced
+mov edx, dword [ebp - 0x2c]
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, eax
+shr edx, 0x18
+test dl, dl
+jns short loc_fffa68d3 ; jns 0xfffa68d3
+call dword [ebx + 0x54] ; ucall
+cmp dword [ebp - 0x34], eax
+ja short loc_fffa68ae ; ja 0xfffa68ae
+
+loc_fffa68c9: ; not directly referenced
+mov eax, 0x12
+jmp near loc_fffa69e2 ; jmp 0xfffa69e2
+
+loc_fffa68d3: ; not directly referenced
+mov al, byte [ebp + 8]
+and esi, 3
+mov edx, dword [ebp - 0x2c]
+shl esi, 0x10
+and eax, 0xfff000ff
+mov ecx, eax
+mov eax, edi
+or ecx, esi
+or ecx, 0x80000000
+call fcn_fffae58c ; call 0xfffae58c
+call dword [ebx + 0x54] ; ucall
+lea esi, [eax + 0x2710]
+
+loc_fffa68fe: ; not directly referenced
+mov edx, dword [ebp - 0x2c]
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+shr eax, 0x18
+test al, al
+jns short loc_fffa6918 ; jns 0xfffa6918
+call dword [ebx + 0x54] ; ucall
+cmp esi, eax
+ja short loc_fffa68fe ; ja 0xfffa68fe
+jmp short loc_fffa68c9 ; jmp 0xfffa68c9
+
+loc_fffa6918: ; not directly referenced
+mov esi, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x38]
+imul eax, esi, 0x54a
+add edx, 0x4218
+imul esi, esi, 0x13c3
+lea eax, [edi + eax + 0x196b]
+mov dword [ebp - 0x2c], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+xor edx, edx
+mov dword [ebp - 0x3c], esi
+mov dword [ebp - 0x1c], eax
+xor eax, eax
+
+loc_fffa694b: ; not directly referenced
+mov ecx, dword [ebp - 0x3c]
+cmp byte [edi + ecx + 0x49ba], 0x20
+je short loc_fffa6969 ; je 0xfffa6969
+
+loc_fffa6958: ; not directly referenced
+movzx esi, byte [edi + 0x2488]
+lea ebx, [eax + eax]
+mov dword [ebp - 0x30], esi
+xor esi, esi
+jmp short loc_fffa698b ; jmp 0xfffa698b
+
+loc_fffa6969: ; not directly referenced
+test al, 1
+je short loc_fffa6958 ; je 0xfffa6958
+mov ebx, dword [ebp + 0xc]
+mov esi, edx
+mov cl, byte [ebx + eax - 1]
+mov byte [ebx + eax], cl
+jmp short loc_fffa69d3 ; jmp 0xfffa69d3
+
+loc_fffa697b: ; not directly referenced
+mov ecx, dword [ebp - 0x2c]
+movzx ecx, byte [ecx + esi + 0x4f6]
+cmp ebx, ecx
+je short loc_fffa6992 ; je 0xfffa6992
+inc esi
+
+loc_fffa698b: ; not directly referenced
+cmp esi, dword [ebp - 0x30]
+jb short loc_fffa697b ; jb 0xfffa697b
+mov esi, edx
+
+loc_fffa6992: ; not directly referenced
+mov ebx, eax
+xor edx, edx
+shl ebx, 4
+mov dword [ebp - 0x38], ebx
+movzx ebx, byte [ebp + eax - 0x1c]
+mov dword [ebp - 0x30], ebx
+mov ebx, dword [ebp - 0x2c]
+lea ecx, [ebx + esi*8]
+mov dword [ebp - 0x34], ecx
+
+loc_fffa69ad: ; not directly referenced
+mov ebx, dword [ebp - 0x30]
+mov cl, dl
+sar ebx, cl
+mov ecx, dword [ebp - 0x34]
+and ebx, 1
+movzx ecx, byte [ecx + edx + 0x4fe]
+inc edx
+sub ecx, dword [ebp - 0x38]
+shl ebx, cl
+mov ecx, dword [ebp + 0xc]
+or byte [ecx + eax], bl
+cmp edx, 8
+jne short loc_fffa69ad ; jne 0xfffa69ad
+
+loc_fffa69d3: ; not directly referenced
+inc eax
+cmp eax, 4
+je short loc_fffa69e0 ; je 0xfffa69e0
+mov edx, esi
+jmp near loc_fffa694b ; jmp 0xfffa694b
+
+loc_fffa69e0: ; not directly referenced
+xor al, al
+
+loc_fffa69e2: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa69ea: ; not directly referenced
+imul edx, edx, 0x13c3
+push ebp
+mov ebp, esp
+push esi
+mov esi, ecx
+lea edx, [eax + edx + 0x3756]
+push ebx
+mov ebx, eax
+mov eax, dword [edx + 0xc0]
+cmp eax, 1
+je short loc_fffa6a51 ; je 0xfffa6a51
+cmp eax, 2
+jne short loc_fffa6a85 ; jne 0xfffa6a85
+mov cl, byte [edx + 0x1260]
+cmp cl, 1
+jne short loc_fffa6a2b ; jne 0xfffa6a2b
+mov al, byte [edx + 0x1388]
+cmp al, 1
+je short loc_fffa6a71 ; je 0xfffa6a71
+cmp al, 2
+jne short loc_fffa6a85 ; jne 0xfffa6a85
+jmp short loc_fffa6a8c ; jmp 0xfffa6a8c
+
+loc_fffa6a2b: ; not directly referenced
+xor eax, eax
+cmp cl, 2
+jne loc_fffa6bcd ; jne 0xfffa6bcd
+mov dl, byte [edx + 0x1388]
+cmp dl, 1
+je short loc_fffa6a93 ; je 0xfffa6a93
+cmp dl, 2
+jne loc_fffa6bcd ; jne 0xfffa6bcd
+mov ecx, 5
+jmp short loc_fffa6a76 ; jmp 0xfffa6a76
+
+loc_fffa6a51: ; not directly referenced
+mov al, byte [edx + 0x1260]
+cmp al, 1
+je short loc_fffa6a9a ; je 0xfffa6a9a
+mov dl, byte [edx + 0x1388]
+cmp dl, 1
+je short loc_fffa6a9a ; je 0xfffa6a9a
+cmp al, 2
+je short loc_fffa6a9e ; je 0xfffa6a9e
+cmp dl, 2
+jne short loc_fffa6a85 ; jne 0xfffa6a85
+jmp short loc_fffa6a9e ; jmp 0xfffa6a9e
+
+loc_fffa6a71: ; not directly referenced
+mov ecx, 2
+
+loc_fffa6a76: ; not directly referenced
+cmp dword [ebx + 0x187f], 6
+mov edx, dword [ebx + 0x1887]
+jbe short loc_fffa6aa5 ; jbe 0xfffa6aa5
+
+loc_fffa6a85: ; not directly referenced
+xor eax, eax
+jmp near loc_fffa6bcd ; jmp 0xfffa6bcd
+
+loc_fffa6a8c: ; not directly referenced
+mov ecx, 3
+jmp short loc_fffa6a76 ; jmp 0xfffa6a76
+
+loc_fffa6a93: ; not directly referenced
+mov ecx, 4
+jmp short loc_fffa6a76 ; jmp 0xfffa6a76
+
+loc_fffa6a9a: ; not directly referenced
+xor ecx, ecx
+jmp short loc_fffa6a76 ; jmp 0xfffa6a76
+
+loc_fffa6a9e: ; not directly referenced
+mov ecx, 1
+jmp short loc_fffa6a76 ; jmp 0xfffa6a76
+
+loc_fffa6aa5: ; not directly referenced
+mov eax, dword [ebx + 0x187f]
+jmp dword [eax*4 + ref_fffd32ec] ; ujmp: jmp dword [eax*4 - 0x2cd14]
+
+loc_fffa6ab2: ; not directly referenced
+cmp edx, 0x40660
+sete bl
+cmp edx, 0x306c0
+sete al
+or bl, al
+jne short loc_fffa6ad6 ; jne 0xfffa6ad6
+xor eax, eax
+cmp edx, 0x40670
+jne loc_fffa6bcd ; jne 0xfffa6bcd
+
+loc_fffa6ad6: ; not directly referenced
+imul esi, esi, 6
+add ecx, esi
+lea eax, [ecx + ecx + ref_fffd339c] ; lea eax, [ecx + ecx - 0x2cc64]
+jmp near loc_fffa6bcd ; jmp 0xfffa6bcd
+
+loc_fffa6ae7: ; not directly referenced
+cmp edx, 0x306d0
+sete bl
+cmp edx, 0x40650
+sete al
+or bl, al
+je short loc_fffa6b12 ; je 0xfffa6b12
+cmp ecx, 1
+ja short loc_fffa6a85 ; ja 0xfffa6a85
+add esi, esi
+add ecx, esi
+lea eax, [ecx + ecx + ref_fffd3394] ; lea eax, [ecx + ecx - 0x2cc6c]
+jmp near loc_fffa6bcd ; jmp 0xfffa6bcd
+
+loc_fffa6b12: ; not directly referenced
+cmp edx, 0x40660
+sete bl
+cmp edx, 0x306c0
+sete al
+or bl, al
+jne short loc_fffa6b36 ; jne 0xfffa6b36
+xor eax, eax
+cmp edx, 0x40670
+jne loc_fffa6bcd ; jne 0xfffa6bcd
+
+loc_fffa6b36: ; not directly referenced
+imul esi, esi, 6
+add ecx, esi
+lea eax, [ecx + ecx + ref_fffd337c] ; lea eax, [ecx + ecx - 0x2cc84]
+jmp near loc_fffa6bcd ; jmp 0xfffa6bcd
+
+loc_fffa6b47: ; not directly referenced
+cmp edx, 0x40660
+sete bl
+cmp edx, 0x306c0
+sete al
+or bl, al
+jne short loc_fffa6b67 ; jne 0xfffa6b67
+xor eax, eax
+cmp edx, 0x40670
+jne short loc_fffa6bcd ; jne 0xfffa6bcd
+
+loc_fffa6b67: ; not directly referenced
+imul esi, esi, 6
+add ecx, esi
+lea eax, [ecx + ecx + ref_fffd3364] ; lea eax, [ecx + ecx - 0x2cc9c]
+jmp short loc_fffa6bcd ; jmp 0xfffa6bcd
+
+loc_fffa6b75: ; not directly referenced
+cmp edx, 0x306d0
+sete bl
+cmp edx, 0x40650
+sete al
+or bl, al
+je short loc_fffa6ba1 ; je 0xfffa6ba1
+cmp ecx, 1
+ja loc_fffa6a85 ; ja 0xfffa6a85
+add esi, esi
+add ecx, esi
+lea eax, [ecx + ecx + ref_fffd33cc] ; lea eax, [ecx + ecx - 0x2cc34]
+jmp short loc_fffa6bcd ; jmp 0xfffa6bcd
+
+loc_fffa6ba1: ; not directly referenced
+cmp edx, 0x40660
+sete bl
+cmp edx, 0x306c0
+sete al
+or bl, al
+jne short loc_fffa6bc1 ; jne 0xfffa6bc1
+xor eax, eax
+cmp edx, 0x40670
+jne short loc_fffa6bcd ; jne 0xfffa6bcd
+
+loc_fffa6bc1: ; not directly referenced
+imul esi, esi, 6
+add ecx, esi
+lea eax, [ecx + ecx + ref_fffd33b4] ; lea eax, [ecx + ecx - 0x2cc4c]
+
+loc_fffa6bcd: ; not directly referenced
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffa6bd1: ; not directly referenced
+push ebp
+mov ebp, esp
+push esi
+push ebx
+test cl, cl
+je short loc_fffa6bf8 ; je 0xfffa6bf8
+cmp cl, 0x3c
+je short loc_fffa6bfc ; je 0xfffa6bfc
+cmp cl, 0x78
+je short loc_fffa6c02 ; je 0xfffa6c02
+cmp cl, 0x28
+je short loc_fffa6c08 ; je 0xfffa6c08
+cmp cl, 0x14
+je short loc_fffa6c10 ; je 0xfffa6c10
+cmp cl, 0x1e
+mov cl, 1
+setne bl
+jmp short loc_fffa6c0c ; jmp 0xfffa6c0c
+
+loc_fffa6bf8: ; not directly referenced
+xor ecx, ecx
+jmp short loc_fffa6c12 ; jmp 0xfffa6c12
+
+loc_fffa6bfc: ; not directly referenced
+xor ecx, ecx
+xor ebx, ebx
+jmp short loc_fffa6c0c ; jmp 0xfffa6c0c
+
+loc_fffa6c02: ; not directly referenced
+xor ecx, ecx
+mov bl, 1
+jmp short loc_fffa6c14 ; jmp 0xfffa6c14
+
+loc_fffa6c08: ; not directly referenced
+xor ecx, ecx
+mov bl, 1
+
+loc_fffa6c0c: ; not directly referenced
+mov dl, 1
+jmp short loc_fffa6c16 ; jmp 0xfffa6c16
+
+loc_fffa6c10: ; not directly referenced
+mov cl, 1
+
+loc_fffa6c12: ; not directly referenced
+xor ebx, ebx
+
+loc_fffa6c14: ; not directly referenced
+xor edx, edx
+
+loc_fffa6c16: ; not directly referenced
+and edx, 1
+and ebx, 1
+lea esi, [edx*4]
+mov edx, dword [ebp + 8]
+and ecx, 1
+shl ebx, 6
+shl ecx, 9
+and edx, 0xffffffbb
+or edx, esi
+or edx, ebx
+and dh, 0xfd
+or edx, ecx
+pop ebx
+mov word [eax], dx
+pop esi
+pop ebp
+ret
+
+fcn_fffa6c42: ; not directly referenced
+imul edx, edx, 0x13c3
+push ebp
+mov ebp, esp
+lea edx, [eax + edx + 0x3756]
+mov cl, byte [edx + 0x1260]
+cmp cl, 1
+je short loc_fffa6c81 ; je 0xfffa6c81
+mov dl, byte [edx + 0x1388]
+cmp dl, 1
+je short loc_fffa6c81 ; je 0xfffa6c81
+cmp cl, 2
+je short loc_fffa6c85 ; je 0xfffa6c85
+cmp dl, 2
+jne short loc_fffa6c7d ; jne 0xfffa6c7d
+jmp short loc_fffa6c85 ; jmp 0xfffa6c85
+
+loc_fffa6c74: ; not directly referenced
+cmp eax, 5
+je short loc_fffa6ca0 ; je 0xfffa6ca0
+test eax, eax
+je short loc_fffa6ca0 ; je 0xfffa6ca0
+
+loc_fffa6c7d: ; not directly referenced
+xor eax, eax
+jmp short loc_fffa6ca9 ; jmp 0xfffa6ca9
+
+loc_fffa6c81: ; not directly referenced
+xor edx, edx
+jmp short loc_fffa6c8a ; jmp 0xfffa6c8a
+
+loc_fffa6c85: ; not directly referenced
+mov edx, 1
+
+loc_fffa6c8a: ; not directly referenced
+mov eax, dword [eax + 0x187f]
+cmp eax, 2
+jne short loc_fffa6c74 ; jne 0xfffa6c74
+lea edx, [edx + edx*2]
+lea eax, [edx + ref_fffd334c] ; lea eax, [edx - 0x2ccb4]
+jmp short loc_fffa6ca9 ; jmp 0xfffa6ca9
+
+loc_fffa6ca0: ; not directly referenced
+lea edx, [edx + edx*2]
+lea eax, [edx + ref_fffd3358] ; lea eax, [edx - 0x2cca8]
+
+loc_fffa6ca9: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffa6cab: ; not directly referenced
+push ebp
+mov ebp, esp
+cmp cl, 0x3c
+je short loc_fffa6cdf ; je 0xfffa6cdf
+ja short loc_fffa6cc8 ; ja 0xfffa6cc8
+cmp cl, 0x28
+je short loc_fffa6ce3 ; je 0xfffa6ce3
+mov dl, 5
+cmp cl, 0x30
+je short loc_fffa6ce9 ; je 0xfffa6ce9
+mov dl, 7
+cmp cl, 0x22
+jmp short loc_fffa6cd9 ; jmp 0xfffa6cd9
+
+loc_fffa6cc8: ; not directly referenced
+cmp cl, 0x78
+je short loc_fffa6ce7 ; je 0xfffa6ce7
+mov dl, 4
+cmp cl, 0xf0
+je short loc_fffa6ce9 ; je 0xfffa6ce9
+mov dl, 6
+cmp cl, 0x50
+
+loc_fffa6cd9: ; not directly referenced
+je short loc_fffa6ce9 ; je 0xfffa6ce9
+xor edx, edx
+jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9
+
+loc_fffa6cdf: ; not directly referenced
+mov dl, 1
+jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9
+
+loc_fffa6ce3: ; not directly referenced
+mov dl, 3
+jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9
+
+loc_fffa6ce7: ; not directly referenced
+mov dl, 2
+
+loc_fffa6ce9: ; not directly referenced
+mov ecx, dword [ebp + 8]
+and edx, 7
+shl edx, 6
+pop ebp
+and cx, 0xfe3f
+or ecx, edx
+mov word [eax], cx
+ret
+
+fcn_fffa6cfe: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov esi, dword [eax + 0x1887]
+movsx ebx, dl
+mov edi, dword [eax + 0x5edc]
+cmp esi, 0x306d0
+sete al
+cmp esi, 0x40650
+sete cl
+or eax, ecx
+cmp al, 1
+sbb ecx, ecx
+and ecx, 0xffffffce
+add ecx, 0x64
+cmp byte [edi + 0x1c5], 0
+jne short loc_fffa6d4d ; jne 0xfffa6d4d
+movzx eax, cl
+add ebx, 0x30
+imul eax, eax, 0x60
+movzx ecx, cl
+cdq
+idiv ebx
+sub eax, ecx
+jmp short loc_fffa6d5c ; jmp 0xfffa6d5c
+
+loc_fffa6d4d: ; not directly referenced
+mov eax, 0x3200
+lea ecx, [ebx + 0x20]
+cdq
+idiv ecx
+sub ax, 0xc8
+
+loc_fffa6d5c: ; not directly referenced
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa6d61: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+movzx esi, word [ebp + 0x10]
+mov dword [ebp - 0x10], edx
+mov edx, dword [eax + 0x18a7]
+mov dword [ebp - 0x38], ecx
+mov dword [ebp - 0x30], esi
+add esi, 0xf
+mov ecx, dword [eax + edx*4 + 0x3735]
+movzx eax, word [ebp + 0xc]
+mov dword [ebp - 0x14], esi
+mov ebx, eax
+imul eax, esi
+mov dword [ebp - 0x28], ebx
+add ebx, esi
+cdq
+idiv ebx
+mov edi, eax
+mov eax, ecx
+shr ax, 1
+movzx eax, ax
+mov edx, eax
+movzx eax, byte [ebp + 8]
+mov dword [ebp - 0x20], edx
+add eax, 0xf
+mov dword [ebp - 0x24], eax
+lea ebx, [edi + eax]
+mov eax, edx
+xor edx, edx
+mov esi, dword [ebp - 0x24]
+div ebx
+movzx ebx, cx
+mov ecx, ebx
+mov dword [ebp - 0x18], ebx
+xor edx, edx
+imul esi, eax
+mov dword [ebp - 0x34], eax
+sub ecx, esi
+lea eax, [ecx + ecx]
+sub eax, ebx
+mov ebx, 0x3e8
+imul eax, eax
+imul esi, esi
+div ebx
+mov bx, 0x2710
+xor edx, edx
+imul eax, eax, 0xd2f0
+div ebx
+mov bx, 0x64
+xor edx, edx
+div ebx
+xor edx, edx
+mov ebx, eax
+imul eax, edi, 0x3e8
+add edi, 0x1e
+div edi
+mov edi, 0x3e8
+xor edx, edx
+imul ebx, eax
+mov eax, ebx
+mov ebx, ecx
+div edi
+mov edi, ecx
+imul edi, ecx
+mov dword [ebp - 0x1c], eax
+mov eax, edi
+mov edi, dword [ebp - 0x28]
+add eax, esi
+mov esi, edi
+add esi, edi
+imul edi, esi, 0x64
+xor edx, edx
+mov esi, dword [ebp - 0x10]
+sub ebx, dword [ebp - 0x20]
+div edi
+xor edx, edx
+mov edi, 0x64
+mov dword [ebp - 0x2c], eax
+mov dword [esi], eax
+mov eax, ebx
+mov esi, dword [ebp - 0x30]
+div dword [ebp - 0x14]
+mov ebx, dword [ebp - 0x18]
+imul edx, eax, 0xf
+imul eax, eax
+sub ecx, edx
+mov edx, esi
+add edx, esi
+sub ebx, ecx
+imul esi, edx, 0x64
+xor edx, edx
+imul eax, eax, 0xf
+imul ebx, ebx
+imul ecx, ecx
+mov dword [ebp - 0x28], esi
+mov esi, 0x64
+div esi
+mov esi, eax
+mov eax, dword [ebp - 0x34]
+mov edx, eax
+imul edx, eax
+mov eax, dword [ebp - 0x24]
+imul eax, edx
+xor edx, edx
+div edi
+xor edx, edx
+add esi, eax
+lea eax, [ebx + ecx]
+div dword [ebp - 0x28]
+add esi, eax
+mov ebx, esi
+mov esi, dword [ebp - 0x10]
+mov dword [ebp - 0x30], ebx
+mov edx, dword [ebp - 0x14]
+mov dword [esi + 4], ebx
+movzx ebx, word [ebp + 0x14]
+lea edi, [ebx + 0xf]
+mov ecx, edi
+imul edi, edx
+mov dword [ebp - 0x34], ecx
+add ecx, edx
+mov eax, edi
+movzx edi, word [ebp - 0x38]
+cdq
+idiv ecx
+xor edx, edx
+lea ecx, [eax + edi]
+mov esi, eax
+mov eax, dword [ebp - 0x20]
+div ecx
+mov ecx, dword [ebp - 0x18]
+mov edx, eax
+imul edx, edi
+imul eax, eax
+sub ecx, edx
+imul eax, edi
+mov edi, 0x64
+xor edx, edx
+div edi
+mov di, 0x3e8
+xor edx, edx
+mov dword [ebp - 0x24], eax
+lea eax, [ecx + ecx]
+sub eax, dword [ebp - 0x18]
+imul eax, eax
+div edi
+mov di, 0x2710
+xor edx, edx
+imul eax, eax, 0xd2f0
+div edi
+mov di, 0x64
+xor edx, edx
+div edi
+xor edx, edx
+mov edi, eax
+imul eax, esi, 0x3e8
+add esi, 0x1e
+div esi
+mov esi, 0x3e8
+xor edx, edx
+imul edi, eax
+mov eax, edi
+mov edi, dword [ebp - 0x24]
+div esi
+mov esi, dword [ebp - 0x10]
+xor edx, edx
+mov dword [esi + 8], edi
+mov esi, ecx
+mov edi, ecx
+sub esi, dword [ebp - 0x20]
+mov dword [ebp - 0x20], esi
+mov dword [ebp - 0x38], eax
+mov eax, esi
+div dword [ebp - 0x34]
+mov edx, dword [ebp - 0x18]
+mov esi, eax
+imul eax, eax, 0xf
+imul esi, esi
+sub edi, eax
+sub edx, edi
+mov eax, edx
+imul eax, edx
+xor edx, edx
+imul edi, edi
+add eax, edi
+lea edi, [ebx + ebx]
+mov ebx, 0x64
+imul edi, edi, 0x64
+div edi
+mov edi, eax
+imul eax, esi, 0xf
+xor edx, edx
+div ebx
+xor edx, edx
+lea esi, [edi + eax]
+mov eax, dword [ebp - 0x20]
+mov edi, dword [ebp - 0x10]
+div dword [ebp - 0x14]
+mov edx, dword [ebp - 0x18]
+mov dword [edi + 0x10], esi
+mov ebx, eax
+imul eax, eax, 0xf
+imul ebx, ebx
+sub ecx, eax
+sub edx, ecx
+mov eax, edx
+imul eax, edx
+xor edx, edx
+imul ecx, ecx
+add eax, ecx
+div dword [ebp - 0x28]
+xor edx, edx
+mov ecx, eax
+imul eax, ebx, 0xf
+mov ebx, 0x64
+div ebx
+mov edx, dword [ebp - 0x1c]
+mov dword [edi + 0x14], edx
+add ecx, eax
+mov eax, dword [ebp - 0x38]
+mov dword [edi + 0xc], ecx
+add ecx, esi
+mov dword [edi + 0x18], eax
+mov edi, dword [ebp - 0x30]
+mov esi, eax
+add edi, edx
+mov edx, ecx
+mov ecx, dword [ebp - 0x24]
+mov dword [ebp - 0x14], edx
+add ecx, eax
+mov ebx, ecx
+lea edx, [ecx + edx]
+mov ecx, dword [ebp - 0x2c]
+imul edx, edx, 0x28
+imul ebx, ebx, 0x28
+lea eax, [edi + ecx]
+mov ecx, 0x64
+imul eax, eax, 0x3c
+add eax, edx
+xor edx, edx
+div cx
+mov edx, dword [ebp - 0x10]
+mov word [edx + 0x34], ax
+imul edx, esi, 0x28
+mov esi, 0x64
+imul eax, dword [ebp - 0x1c], 0x3c
+add eax, edx
+xor edx, edx
+div esi
+mov esi, dword [ebp - 0x10]
+imul dx, word [ebp - 0x2c], 0x3c
+mov dword [esi + 0x1c], eax
+lea eax, [ebx + edx]
+xor edx, edx
+div cx
+mov ebx, esi
+xor edx, edx
+imul edi, edi, 0x3c
+mov word [esi + 0x30], ax
+imul si, word [ebp - 0x14], 0x28
+lea eax, [esi + edi]
+div cx
+mov word [ebx + 0x32], ax
+add esp, 0x2c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa7047: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+movzx esi, cl
+push ebx
+sub esp, 0xa4
+mov al, byte [ebp + 8]
+mov byte [ebp - 0x97], dl
+mov byte [ebp - 0xa3], cl
+mov dword [ebp - 0x94], 0
+mov byte [ebp - 0xa4], al
+mov al, byte [ebp + 0xc]
+mov bl, al
+mov byte [ebp - 0xa5], al
+lea eax, [ecx - 1]
+mov byte [ebp - 0x98], al
+movzx eax, dl
+mov dword [ebp - 0x9c], eax
+lea eax, [eax + esi - 1]
+cdq
+idiv esi
+dec eax
+mov byte [ebp - 0x96], al
+movzx eax, bl
+dec eax
+mov dword [ebp - 0xb0], eax
+
+loc_fffa70ac: ; not directly referenced
+mov al, byte [ebp - 0x97]
+cmp byte [ebp - 0x94], al
+jae loc_fffa71dd ; jae 0xfffa71dd
+mov edx, dword [ebp - 0x94]
+mov ecx, dword [ebp - 0xb0]
+mov dword [ebp - 0x90], 0
+movzx eax, dl
+div byte [ebp - 0xa3]
+imul cx, word [edi + edx*2]
+movzx ebx, ah
+mov byte [ebp - 0xa1], al
+mov al, bl
+dec eax
+mov byte [ebp - 0xa6], al
+movzx eax, byte [ebp - 0x96]
+mov byte [ebp - 0x95], bl
+mov dword [ebp - 0xac], eax
+
+loc_fffa7107: ; not directly referenced
+mov al, byte [ebp - 0x95]
+xor ebx, ebx
+or al, byte [ebp - 0x90]
+je short loc_fffa7123 ; je 0xfffa7123
+mov bl, byte [ebp - 0xa6]
+add ebx, dword [ebp - 0x90]
+
+loc_fffa7123: ; not directly referenced
+mov al, byte [ebp - 0xa4]
+cmp bl, al
+setb dl
+cmp byte [ebp - 0x95], al
+setb al
+test dl, al
+mov al, byte [ebp - 0x95]
+cmovne ebx, eax
+mov al, byte [ebp - 0x98]
+cmp bl, al
+cmova ebx, eax
+mov al, byte [ebp - 0xa1]
+lea edx, [eax - 1]
+add eax, 2
+mov byte [ebp - 0xa2], al
+movzx eax, bl
+mov dword [ebp - 0xa0], eax
+
+loc_fffa7168: ; not directly referenced
+xor eax, eax
+test dl, dl
+cmovns eax, edx
+movsx ebx, al
+cmp ebx, dword [ebp - 0xac]
+mov bl, byte [ebp - 0x96]
+cmovg eax, ebx
+movsx ebx, al
+imul ebx, esi
+add ebx, dword [ebp - 0xa0]
+cmp dword [ebp - 0x9c], ebx
+setle bl
+inc edx
+sub eax, ebx
+movsx eax, al
+imul eax, esi
+add eax, dword [ebp - 0xa0]
+add cx, word [edi + eax*2]
+cmp dl, byte [ebp - 0xa2]
+jne short loc_fffa7168 ; jne 0xfffa7168
+inc dword [ebp - 0x90]
+cmp dword [ebp - 0x90], 3
+jne loc_fffa7107 ; jne 0xfffa7107
+mov eax, dword [ebp - 0x94]
+inc dword [ebp - 0x94]
+mov word [ebp + eax*2 - 0x8c], cx
+jmp near loc_fffa70ac ; jmp 0xfffa70ac
+
+loc_fffa71dd: ; not directly referenced
+movzx ebx, byte [ebp - 0xa5]
+xor ecx, ecx
+add ebx, 8
+
+loc_fffa71e9: ; not directly referenced
+cmp byte [ebp - 0x97], cl
+jbe short loc_fffa7203 ; jbe 0xfffa7203
+movzx eax, word [ebp + ecx*2 - 0x8c]
+cdq
+idiv ebx
+mov word [edi + ecx*2], ax
+inc ecx
+jmp short loc_fffa71e9 ; jmp 0xfffa71e9
+
+loc_fffa7203: ; not directly referenced
+add esp, 0xa4
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa720e: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+mov ebx, 0x3664
+cmp dl, 1
+ja short loc_fffa7239 ; ja 0xfffa7239
+cmp cl, 8
+movzx edx, dl
+jbe short loc_fffa722f ; jbe 0xfffa722f
+shl edx, 8
+lea ebx, [edx + 0x3064]
+jmp short loc_fffa7239 ; jmp 0xfffa7239
+
+loc_fffa722f: ; not directly referenced
+shl edx, 8
+shl ecx, 9
+lea ebx, [edx + ecx + 0x64]
+
+loc_fffa7239: ; not directly referenced
+cmp dword [eax + 0x188b], 1
+lea edx, [ebx + 0xc]
+cmove ebx, edx
+mov eax, ebx
+pop ebx
+pop ebp
+ret
+
+fcn_fffa724b: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+mov ebx, 0x3660
+cmp dl, 1
+ja short loc_fffa7276 ; ja 0xfffa7276
+cmp cl, 8
+movzx edx, dl
+jbe short loc_fffa726c ; jbe 0xfffa726c
+shl edx, 8
+lea ebx, [edx + 0x3060]
+jmp short loc_fffa7276 ; jmp 0xfffa7276
+
+loc_fffa726c: ; not directly referenced
+shl edx, 8
+shl ecx, 9
+lea ebx, [edx + ecx + 0x60]
+
+loc_fffa7276: ; not directly referenced
+cmp dword [eax + 0x188b], 1
+lea edx, [ebx + 0xc]
+cmove ebx, edx
+mov eax, ebx
+pop ebx
+pop ebp
+ret
+
+fcn_fffa7288: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+mov ebx, 0x3674
+cmp dl, 1
+ja short loc_fffa72b3 ; ja 0xfffa72b3
+cmp cl, 8
+movzx edx, dl
+jbe short loc_fffa72a9 ; jbe 0xfffa72a9
+shl edx, 8
+lea ebx, [edx + 0x3074]
+jmp short loc_fffa72b3 ; jmp 0xfffa72b3
+
+loc_fffa72a9: ; not directly referenced
+shl edx, 8
+shl ecx, 9
+lea ebx, [edx + ecx + 0x74]
+
+loc_fffa72b3: ; not directly referenced
+cmp dword [eax + 0x188b], 1
+lea edx, [ebx + 0xc]
+cmove ebx, edx
+mov eax, ebx
+pop ebx
+pop ebp
+ret
+
+fcn_fffa72c5: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+mov eax, edx
+sub esp, 0x2c
+mov edi, dword [ebp + 0x10]
+movzx eax, al
+mov dword [ebp - 0x1c], edx
+mov edx, dword [ebp + 0xc]
+mov dword [ebp - 0x20], ecx
+mov bl, byte [ebp + 8]
+mov dword [ebp - 0x24], edi
+mov edi, dword [ebp + 0x14]
+cmp edx, 1
+mov dword [ebp - 0x28], edi
+mov edi, dword [ebp + 0x18]
+mov dword [ebp - 0x2c], edi
+mov edi, dword [esi + 0x2443]
+je short loc_fffa730c ; je 0xfffa730c
+cmp edx, 2
+jne short loc_fffa7351 ; jne 0xfffa7351
+lea edx, [eax*8 + 0x48f8]
+jmp short loc_fffa7313 ; jmp 0xfffa7313
+
+loc_fffa730c: ; not directly referenced
+lea edx, [eax*8 + 0x48d8]
+
+loc_fffa7313: ; not directly referenced
+mov eax, esi
+call fcn_fffae548 ; call 0xfffae548
+xor ecx, ecx
+push eax
+and edx, 0x7000000
+push 0x38
+push edx
+push ecx
+call dword [edi + 0x6c] ; ucall
+mov ebx, eax
+mov eax, dword [ebp - 0x1c]
+movzx ebx, bl
+lea edx, [eax*4 + 0x4930]
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+lea ecx, [ebx*4]
+add esp, 0x10
+shr eax, cl
+mov bl, al
+and ebx, 3
+
+loc_fffa7351: ; not directly referenced
+cmp dword [ebp - 0x20], 0
+mov ecx, 0xff
+movzx edx, byte [ebp - 0x1c]
+jne short loc_fffa7364 ; jne 0xfffa7364
+movzx ecx, byte [ebp - 0x24]
+
+loc_fffa7364: ; not directly referenced
+mov eax, esi
+and ebx, 3
+call fcn_fffa7288 ; call 0xfffa7288
+shl ebx, 0x16
+mov edi, eax
+mov edx, eax
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x28]
+mov edx, dword [ebp - 0x2c]
+lea esp, [ebp - 0xc]
+and ecx, 1
+shl ecx, 0x14
+and edx, 1
+and eax, 0xffcfffff
+shl edx, 0x15
+or eax, ecx
+or eax, edx
+mov edx, edi
+and eax, 0xff3fffff
+or eax, ebx
+mov ecx, eax
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffae58c ; jmp 0xfffae58c
+
+fcn_fffa73b0: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+movzx esi, dl
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x1c], eax
+mov eax, dword [ebp + 0xc]
+imul edx, esi, 0x13c3
+mov dword [ebp - 0x20], esi
+mov dword [ebp - 0x24], ebx
+movzx esi, bl
+movzx ebx, cl
+cmp al, 3
+lea edi, [edi + edx + 0x3756]
+jne short loc_fffa73e9 ; jne 0xfffa73e9
+mov ecx, dword [ebp + 0x10]
+jmp short loc_fffa745c ; jmp 0xfffa745c
+
+loc_fffa73e9: ; not directly referenced
+test al, al
+jne short loc_fffa73f2 ; jne 0xfffa73f2
+mov edx, dword [ebp + 0x10]
+jmp short loc_fffa7401 ; jmp 0xfffa7401
+
+loc_fffa73f2: ; not directly referenced
+lea edx, [ebx + ebx*8]
+lea edx, [edx + esi + 0xb0]
+mov dx, word [edi + edx*2 + 9]
+
+loc_fffa7401: ; not directly referenced
+and dx, 0x1ff
+and edx, 0x1ff
+mov dword [ebp - 0x28], edx
+cmp al, 1
+jne short loc_fffa7418 ; jne 0xfffa7418
+mov edx, dword [ebp + 0x10]
+jmp short loc_fffa742b ; jmp 0xfffa742b
+
+loc_fffa7418: ; not directly referenced
+movzx edx, byte [ebp - 0x24]
+lea ecx, [ecx + ecx*8]
+lea edx, [edx + ecx + 0x90]
+mov dx, word [edi + edx*2 + 1]
+
+loc_fffa742b: ; not directly referenced
+and dx, 0x1ff
+and edx, 0x1ff
+shl edx, 9
+or edx, dword [ebp - 0x28]
+cmp al, 2
+jne short loc_fffa7445 ; jne 0xfffa7445
+mov cl, byte [ebp + 0x10]
+jmp short loc_fffa7451 ; jmp 0xfffa7451
+
+loc_fffa7445: ; not directly referenced
+lea eax, [ebx + ebx*8]
+add edi, eax
+mov cl, byte [edi + esi + 0x24d]
+
+loc_fffa7451: ; not directly referenced
+and ecx, 0x3f
+and ecx, 0x3f
+shl ecx, 0x14
+or ecx, edx
+
+loc_fffa745c: ; not directly referenced
+mov edi, dword [ebp - 0x20]
+mov eax, edi
+shl eax, 8
+lea edx, [eax + ebx*4 + 0x20]
+mov eax, esi
+shl eax, 9
+add edx, eax
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae58c ; call 0xfffae58c
+sub esp, 0xc
+mov eax, dword [ebp - 0x1c]
+push 1
+mov edx, edi
+push 0
+xor ecx, ecx
+push esi
+push 0
+push ebx
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa7499: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x2c
+mov edi, dword [ebp + 0x10]
+mov ebx, dword [ebp + 0xc]
+mov dword [ebp - 0x28], eax
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x1c], edi
+movzx edi, dl
+imul edx, edi, 0x13c3
+mov dword [ebp - 0x20], ebx
+mov dword [ebp - 0x30], edi
+lea esi, [esi + edx + 0x3756]
+test bl, bl
+jne short loc_fffa74d2 ; jne 0xfffa74d2
+mov ebx, dword [ebp - 0x1c]
+jmp short loc_fffa74e4 ; jmp 0xfffa74e4
+
+loc_fffa74d2: ; not directly referenced
+movzx ebx, al
+lea edx, [ecx + ecx*8]
+lea edx, [ebx + edx + 0xd8]
+mov bx, word [esi + edx*2 + 1]
+
+loc_fffa74e4: ; not directly referenced
+mov edx, dword [ebp - 0x20]
+and bx, 0x1ff
+movzx edi, al
+and ebx, 0x1ff
+mov dword [ebp - 0x2c], edi
+cmp dl, 5
+sete byte [ebp - 0x31]
+and edx, 0xfffffffb
+dec dl
+jne short loc_fffa750b ; jne 0xfffa750b
+mov dl, byte [ebp - 0x1c]
+jmp short loc_fffa751a ; jmp 0xfffa751a
+
+loc_fffa750b: ; not directly referenced
+mov edi, dword [ebp - 0x2c]
+lea edx, [ecx + ecx*8]
+add edx, esi
+mov dl, byte [edx + edi + 0x104a]
+
+loc_fffa751a: ; not directly referenced
+and edx, 0x3f
+movzx edi, al
+and edx, 0x3f
+shl edx, 9
+or edx, ebx
+movzx ebx, cl
+cmp byte [ebp - 0x20], 2
+jne short loc_fffa7536 ; jne 0xfffa7536
+mov al, byte [ebp - 0x1c]
+jmp short loc_fffa7542 ; jmp 0xfffa7542
+
+loc_fffa7536: ; not directly referenced
+lea eax, [ebx + ebx*8]
+add eax, esi
+mov al, byte [eax + edi + 0x1026]
+
+loc_fffa7542: ; not directly referenced
+and eax, 0x1f
+and eax, 0x1f
+mov dword [ebp - 0x24], eax
+mov al, byte [ebp - 0x31]
+shl dword [ebp - 0x24], 0xf
+or dword [ebp - 0x24], edx
+cmp byte [ebp - 0x20], 3
+sete dl
+or al, dl
+je short loc_fffa7565 ; je 0xfffa7565
+mov dl, byte [ebp - 0x1c]
+jmp short loc_fffa7571 ; jmp 0xfffa7571
+
+loc_fffa7565: ; not directly referenced
+lea ecx, [ecx + ecx*8]
+add ecx, esi
+mov dl, byte [ecx + edi + 0x106e]
+
+loc_fffa7571: ; not directly referenced
+and edx, 0x3f
+and edx, 0x3f
+shl edx, 0x14
+or edx, dword [ebp - 0x24]
+cmp byte [ebp - 0x20], 4
+jne short loc_fffa7588 ; jne 0xfffa7588
+mov cl, byte [ebp - 0x1c]
+jmp short loc_fffa758f ; jmp 0xfffa758f
+
+loc_fffa7588: ; not directly referenced
+mov cl, byte [esi + edi + 0x101d]
+
+loc_fffa758f: ; not directly referenced
+mov edi, dword [ebp - 0x30]
+and ecx, 0x3f
+mov esi, dword [ebp - 0x2c]
+shl ecx, 0x1a
+or ecx, edx
+mov eax, edi
+shl eax, 6
+mov edx, eax
+mov eax, esi
+add edx, ebx
+shl eax, 7
+add edx, eax
+mov eax, dword [ebp - 0x28]
+shl edx, 2
+call fcn_fffae58c ; call 0xfffae58c
+sub esp, 0xc
+mov eax, dword [ebp - 0x28]
+push 0
+mov edx, edi
+push 1
+xor ecx, ecx
+push esi
+push 0
+push ebx
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa75da: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+mov ebx, 0x3658
+cmp dl, 1
+ja short loc_fffa7605 ; ja 0xfffa7605
+cmp cl, 8
+movzx edx, dl
+jbe short loc_fffa75fb ; jbe 0xfffa75fb
+shl edx, 8
+lea ebx, [edx + 0x3058]
+jmp short loc_fffa7605 ; jmp 0xfffa7605
+
+loc_fffa75fb: ; not directly referenced
+shl edx, 8
+shl ecx, 9
+lea ebx, [edx + ecx + 0x58]
+
+loc_fffa7605: ; not directly referenced
+cmp dword [eax + 0x188b], 1
+lea edx, [ebx + 0xc]
+cmove ebx, edx
+mov eax, ebx
+pop ebx
+pop ebp
+ret
+
+fcn_fffa7617: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+mov ebx, 0x3654
+cmp dl, 1
+ja short loc_fffa7642 ; ja 0xfffa7642
+cmp cl, 8
+movzx edx, dl
+jbe short loc_fffa7638 ; jbe 0xfffa7638
+shl edx, 8
+lea ebx, [edx + 0x3054]
+jmp short loc_fffa7642 ; jmp 0xfffa7642
+
+loc_fffa7638: ; not directly referenced
+shl edx, 8
+shl ecx, 9
+lea ebx, [edx + ecx + 0x54]
+
+loc_fffa7642: ; not directly referenced
+cmp dword [eax + 0x188b], 1
+lea edx, [ebx + 0xc]
+cmove ebx, edx
+mov eax, ebx
+pop ebx
+pop ebp
+ret
+
+fcn_fffa7654: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2443]
+mov dword [ebp - 0x30], eax
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 2
+lea edi, [eax + 0x3756]
+jne short loc_fffa76d9 ; jne 0xfffa76d9
+xor esi, esi
+
+loc_fffa767d: ; not directly referenced
+xor ebx, ebx
+
+loc_fffa767f: ; not directly referenced
+push edx
+push 0
+push 4
+lea eax, [ebp - 0x20]
+push eax
+mov eax, dword [ebp - 0x30]
+call dword [eax + 0x5c] ; ucall
+mov ax, word [edi + ebx*2 + 0x126b]
+mov ecx, ebx
+mov edx, esi
+mov word [ebp - 0x20], ax
+mov ax, word [edi + ebx*2 + 0x1283]
+inc ebx
+mov word [ebp - 0x1e], ax
+mov eax, dword [ebp + 8]
+call fcn_fffa7617 ; call 0xfffa7617
+mov ecx, dword [ebp - 0x20]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+cmp ebx, 7
+jne short loc_fffa767f ; jne 0xfffa767f
+inc esi
+add edi, 0x13c3
+cmp esi, 2
+jne short loc_fffa767d ; jne 0xfffa767d
+jmp near loc_fffa77aa ; jmp 0xfffa77aa
+
+loc_fffa76d9: ; not directly referenced
+mov dword [ebp - 0x38], edi
+xor edi, edi
+
+loc_fffa76de: ; not directly referenced
+mov dword [ebp - 0x2c], 0
+
+loc_fffa76e5: ; not directly referenced
+mov ebx, dword [ebp - 0x2c]
+xor edx, edx
+mov al, bl
+and eax, 1
+movzx esi, al
+lea ecx, [esi + 1]
+mov byte [ebp - 0x31], al
+push eax
+mov eax, 8
+div ecx
+push 0
+lea edx, [ebp - 0x20]
+push eax
+push edx
+mov edx, dword [ebp - 0x30]
+call dword [edx + 0x5c] ; ucall
+mov al, bl
+mov ecx, ebx
+shr al, 1
+mov edx, edi
+movzx ebx, al
+mov byte [ebp - 0x32], al
+imul ebx, ebx, 0x128
+imul eax, esi, 0x18
+add esi, 2
+add ebx, eax
+add ebx, dword [ebp - 0x38]
+mov ax, word [ebx + 0x126b]
+mov word [ebp - 0x20], ax
+mov ax, word [ebx + 0x126d]
+mov word [ebp - 0x1e], ax
+mov eax, dword [ebp + 8]
+call fcn_fffa7617 ; call 0xfffa7617
+mov ecx, dword [ebp - 0x20]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov ax, word [ebx + 0x126f]
+add esp, 0x10
+cmp byte [ebp - 0x31], 0
+mov word [ebp + esi*2 - 0x20], ax
+je short loc_fffa778c ; je 0xfffa778c
+mov cl, byte [ebp - 0x32]
+mov edx, edi
+mov eax, dword [ebp + 8]
+add ecx, 4
+movzx ecx, cl
+call fcn_fffa7617 ; call 0xfffa7617
+mov ecx, dword [ebp - 0x1c]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa778c: ; not directly referenced
+inc dword [ebp - 0x2c]
+cmp dword [ebp - 0x2c], 4
+jne loc_fffa76e5 ; jne 0xfffa76e5
+inc edi
+add dword [ebp - 0x38], 0x13c3
+cmp edi, 2
+jne loc_fffa76de ; jne 0xfffa76de
+
+loc_fffa77aa: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa77b4:
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+mov edx, 0x5e00
+push ebx
+mov ebx, eax
+sub esp, 0x1c
+mov eax, dword [ebp + 8]
+mov esi, ecx
+mov dword [ebp - 0x24], eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5e04
+mov dword [ebp - 0x1c], eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, eax
+mov dword [ebp - 0x20], eax
+test edi, edi
+je short loc_fffa780e ; je 0xfffa780e
+mov ecx, dword [ebp - 0x1c]
+sub esp, 0xc
+and edx, 0xf
+push dword [ebx + 0x187b]
+mov eax, ebx
+shr ecx, 4
+and ecx, 0xf
+call fcn_fffaed31 ; call 0xfffaed31
+add esp, 0x10
+mov dword [edi], eax
+
+loc_fffa780e:
+test esi, esi
+je short loc_fffa781a ; je 0xfffa781a
+mov al, byte [ebp - 0x20]
+and eax, 0xf
+mov byte [esi], al
+
+loc_fffa781a:
+mov esi, dword [ebp - 0x24]
+test esi, esi
+je short loc_fffa782c ; je 0xfffa782c
+mov eax, dword [ebp - 0x1c]
+shr eax, 4
+and eax, 0xf
+mov dword [esi], eax
+
+loc_fffa782c:
+mov eax, dword [ebx + 0x187b]
+mov ecx, dword [ebp - 0x1c]
+mov edx, dword [ebp - 0x20]
+mov dword [ebp + 8], eax
+lea esp, [ebp - 0xc]
+mov eax, ebx
+pop ebx
+pop esi
+and edx, 0xf
+pop edi
+pop ebp
+shr ecx, 4
+and ecx, 0xf
+jmp near fcn_fffaefe1 ; jmp 0xfffaefe1
+
+fcn_fffa7852: ; not directly referenced
+push ebp
+xor edx, edx
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+xor ebx, ebx
+sub esp, 0x98
+mov edi, dword [ebp + 8]
+push 0
+lea ecx, [ebp - 0x45]
+mov eax, edi
+call fcn_fffa77b4 ; call 0xfffa77b4
+lea eax, [edi + 0x2407]
+add esp, 0x10
+mov dword [ebp - 0x58], 0
+mov dword [ebp - 0x50], 0
+mov dword [ebp - 0x68], 0
+mov dword [ebp - 0x64], 0
+mov dword [ebp - 0x80], 0
+mov byte [ebp - 0x79], 0
+mov dword [ebp - 0x94], eax
+
+loc_fffa78a9: ; not directly referenced
+lea eax, [esi - 2]
+cmp eax, 1
+ja short loc_fffa78c7 ; ja 0xfffa78c7
+cmp byte [edi + 0x3749], 0
+je loc_fffa7d5e ; je 0xfffa7d5e
+mov dword [ebp - 0x70], 0
+jmp short loc_fffa78e2 ; jmp 0xfffa78e2
+
+loc_fffa78c7: ; not directly referenced
+mov dword [ebp - 0x70], 0
+cmp esi, 1
+jne short loc_fffa78e2 ; jne 0xfffa78e2
+xor eax, eax
+cmp dword [edi + 0x18a7], 1
+sete al
+mov dword [ebp - 0x70], eax
+
+loc_fffa78e2: ; not directly referenced
+mov al, byte [ebp - 0x45]
+lea ecx, [edi + esi*8 + 0x3756]
+mov dword [ebp - 0x78], ecx
+mov dword [ebp + esi*4 - 0x38], 0xffffffff
+mov dword [ebp + esi*4 - 0x28], 0
+mov byte [ebp - 0x7a], al
+lea eax, [edi + 0x49bf]
+mov dword [ebp - 0x88], eax
+lea eax, [edi + 0x1973]
+mov dword [ebp - 0x74], eax
+imul eax, esi, 0x2e
+mov dword [ebp - 0x60], 0x12
+mov dword [ebp - 0x5c], 4
+mov dword [ebp - 0x84], eax
+imul eax, esi, 0x23
+lea ecx, [eax + 0x18b]
+add eax, 0xbb
+mov dword [ebp - 0x8c], ecx
+mov dword [ebp - 0x90], eax
+
+loc_fffa7948: ; not directly referenced
+mov eax, dword [ebp - 0x88]
+mov ecx, dword [ebp - 0x74]
+mov dword [ebp - 0x6c], 0
+mov dword [ebp - 0x54], eax
+
+loc_fffa795b: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+cmp dword [eax - 0xf6], 2
+jne loc_fffa7b33 ; jne 0xfffa7b33
+mov ebx, dword [ebp - 0x84]
+mov edx, dword [ebp - 0x78]
+mov ebx, dword [eax + ebx - 0xf2]
+mov eax, dword [ebp - 0x6c]
+mov edx, dword [edx + eax + 0xc9]
+mov dword [ebp - 0x64], edx
+mov edx, dword [ebp - 0x78]
+mov edx, dword [edx + eax + 0xcd]
+mov dword [ebp - 0x68], edx
+cmp esi, 1
+je loc_fffa7a50 ; je 0xfffa7a50
+jb loc_fffa7a77 ; jb 0xfffa7a77
+cmp esi, 3
+ja loc_fffa7a77 ; ja 0xfffa7a77
+mov eax, dword [ebp - 0x54]
+cmp esi, 2
+mov al, byte [eax]
+jne short loc_fffa79c7 ; jne 0xfffa79c7
+test al, 1
+jne short loc_fffa79d6 ; jne 0xfffa79d6
+mov dword [ebp - 0x4c], 0
+jmp near loc_fffa7b04 ; jmp 0xfffa7b04
+
+loc_fffa79c7: ; not directly referenced
+mov dword [ebp - 0x4c], 0
+test al, 2
+je loc_fffa7b04 ; je 0xfffa7b04
+
+loc_fffa79d6: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+mov eax, dword [eax - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffa79fa ; jne 0xfffa79fa
+mov eax, dword [ebp - 0x90]
+mov dword [ebp - 0x60], 0x12
+mov dword [ebp - 0x5c], 4
+add eax, ecx
+jmp short loc_fffa7a10 ; jmp 0xfffa7a10
+
+loc_fffa79fa: ; not directly referenced
+mov eax, dword [ebp - 0x8c]
+mov dword [ebp - 0x60], 0x18
+mov dword [ebp - 0x5c], 7
+add eax, ecx
+
+loc_fffa7a10: ; not directly referenced
+movzx edx, byte [eax + 2]
+mov dword [ebp - 0x50], 0
+mov dword [ebp - 0x58], edx
+mov edx, dword [ebp - 0x54]
+cmp byte [edx + 1], 0x13
+jne short loc_fffa7a2e ; jne 0xfffa7a2e
+movsx edx, byte [eax + 0x1b]
+mov dword [ebp - 0x50], edx
+
+loc_fffa7a2e: ; not directly referenced
+mov ax, word [eax + 3]
+and eax, 0x7fff
+mov dword [ebp - 0x4c], eax
+xor eax, eax
+test ebx, ebx
+je loc_fffa7af7 ; je 0xfffa7af7
+mov eax, dword [ebp - 0x64]
+imul eax, dword [ebp - 0x58]
+jmp near loc_fffa7ae6 ; jmp 0xfffa7ae6
+
+loc_fffa7a50: ; not directly referenced
+movzx edx, word [ecx + 0x24e]
+test dx, dx
+je short loc_fffa7a77 ; je 0xfffa7a77
+mov eax, dword [ebp - 0x24]
+mov dword [ebp - 0x4c], 0xffffffff
+mov byte [ebp - 0x79], 1
+cmp edx, eax
+cmovae eax, edx
+mov dword [ebp - 0x24], eax
+jmp near loc_fffa7b04 ; jmp 0xfffa7b04
+
+loc_fffa7a77: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+mov eax, dword [eax - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffa7aad ; jne 0xfffa7aad
+movzx eax, byte [ecx + 0x58]
+mov dword [ebp - 0x60], 0x12
+mov dword [ebp - 0x5c], 4
+mov dword [ebp - 0x58], eax
+movsx eax, byte [ecx + 0x6b]
+mov dword [ebp - 0x50], eax
+mov ax, word [ecx + 0x56]
+and eax, 0x7fff
+mov dword [ebp - 0x4c], eax
+jmp short loc_fffa7ad9 ; jmp 0xfffa7ad9
+
+loc_fffa7aad: ; not directly referenced
+movzx eax, byte [ecx + 0x60]
+mov dword [ebp - 0x60], 0x18
+mov dword [ebp - 0x5c], 7
+mov dword [ebp - 0x58], eax
+movsx eax, byte [ecx + 0xc3]
+mov dword [ebp - 0x50], eax
+mov eax, dword [ecx + 0x5c]
+mov dword [ebp - 0x4c], eax
+and dword [ebp - 0x4c], 0x3ffff
+
+loc_fffa7ad9: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+je short loc_fffa7af7 ; je 0xfffa7af7
+mov eax, dword [ebp - 0x58]
+imul eax, dword [ebp - 0x64]
+
+loc_fffa7ae6: ; not directly referenced
+lea edx, [ebx + eax - 1]
+mov eax, dword [ebp - 0x68]
+imul eax, dword [ebp - 0x50]
+add eax, edx
+xor edx, edx
+div ebx
+
+loc_fffa7af7: ; not directly referenced
+mov edx, dword [ebp + esi*4 - 0x28]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + esi*4 - 0x28], eax
+
+loc_fffa7b04: ; not directly referenced
+cmp dword [edi + 0x1872], 0x535
+jbe short loc_fffa7b1c ; jbe 0xfffa7b1c
+cmp dword [edi + 0x36d3], 0x535
+ja short loc_fffa7b2c ; ja 0xfffa7b2c
+
+loc_fffa7b1c: ; not directly referenced
+cmp byte [ebp - 0x7a], 5
+mov eax, 0xffff
+cmova eax, dword [ebp - 0x4c]
+mov dword [ebp - 0x4c], eax
+
+loc_fffa7b2c: ; not directly referenced
+mov eax, dword [ebp - 0x4c]
+and dword [ebp + esi*4 - 0x38], eax
+
+loc_fffa7b33: ; not directly referenced
+add dword [ebp - 0x6c], 0x20
+add ecx, 0x277
+add dword [ebp - 0x54], 0x128
+cmp dword [ebp - 0x6c], 0x40
+jne loc_fffa795b ; jne 0xfffa795b
+add dword [ebp - 0x74], 0x54a
+mov eax, dword [ebp - 0x94]
+add dword [ebp - 0x88], 0x13c3
+add dword [ebp - 0x78], 0x13c3
+cmp dword [ebp - 0x74], eax
+jne loc_fffa7948 ; jne 0xfffa7948
+cmp esi, 1
+seta cl
+test ebx, ebx
+sete al
+mov byte [ebp - 0x4c], cl
+test cl, al
+jne loc_fffa7d5c ; jne 0xfffa7d5c
+mov eax, dword [edi + 0x36e3]
+lea ecx, [ebp - 0x44]
+mov edx, ebx
+mov byte [ebp + esi - 0x3c], 0
+call fcn_fffaf08c ; call 0xfffaf08c
+cmp byte [ebp - 0x4c], 0
+je short loc_fffa7be4 ; je 0xfffa7be4
+cmp dword [edi + 0x36e3], 0
+jne short loc_fffa7be4 ; jne 0xfffa7be4
+cmp byte [edi + 0x247e], 0
+je short loc_fffa7be4 ; je 0xfffa7be4
+lea ecx, [ebp - 0x40]
+mov edx, ebx
+mov eax, 1
+call fcn_fffaf08c ; call 0xfffaf08c
+mov eax, dword [ebp - 0x40]
+cmp eax, dword [ebp - 0x44]
+jle short loc_fffa7be4 ; jle 0xfffa7be4
+mov dword [ebp - 0x44], eax
+cmp dword [edi + 0x18a7], esi
+jne short loc_fffa7be4 ; jne 0xfffa7be4
+mov dword [edi + 0x36e3], 1
+
+loc_fffa7be4: ; not directly referenced
+mov al, byte [ebp - 0x70]
+mov byte [ebp - 0x4c], al
+mov eax, dword [ebp - 0x64]
+imul eax, dword [ebp - 0x58]
+mov dword [ebp - 0x54], eax
+mov eax, dword [ebp - 0x50]
+imul eax, dword [ebp - 0x68]
+mov dword [ebp - 0x6c], eax
+mov eax, dword [ebp - 0x84]
+add eax, edi
+mov dword [ebp - 0x70], eax
+
+loc_fffa7c09: ; not directly referenced
+cmp byte [ebp + esi - 0x3c], 0
+jne loc_fffa7ccb ; jne 0xfffa7ccb
+mov edx, dword [ebp + esi*4 - 0x28]
+cmp edx, dword [ebp - 0x60]
+ja loc_fffa7ccb ; ja 0xfffa7ccb
+cmp byte [ebp - 0x4c], 0
+jne short loc_fffa7c45 ; jne 0xfffa7c45
+mov ecx, dword [ebp + esi*4 - 0x38]
+mov eax, edx
+sub eax, dword [ebp - 0x5c]
+bt ecx, eax
+jae loc_fffa7cc1 ; jae 0xfffa7cc1
+mov eax, ebx
+imul eax, edx
+cmp eax, 0x1312d00
+ja short loc_fffa7cc1 ; ja 0xfffa7cc1
+
+loc_fffa7c45: ; not directly referenced
+mov byte [ebp + esi - 0x3c], 1
+cmp esi, dword [edi + 0x18a7]
+jne short loc_fffa7c5f ; jne 0xfffa7c5f
+mov dword [edi + 0x36df], ebx
+mov dword [ebp - 0x80], 1
+
+loc_fffa7c5f: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+xor ecx, ecx
+
+loc_fffa7c64: ; not directly referenced
+cmp dword [edi + ecx + 0x48c9], 2
+jne short loc_fffa7c88 ; jne 0xfffa7c88
+mov word [eax + 0x48d3], dx
+mov word [eax + 0x3760], dx
+mov dword [eax + 0x48cd], ebx
+mov dword [eax + 0x375a], ebx
+
+loc_fffa7c88: ; not directly referenced
+cmp dword [edi + ecx + 0x49f1], 2
+jne short loc_fffa7cac ; jne 0xfffa7cac
+mov word [eax + 0x49fb], dx
+mov word [eax + 0x3760], dx
+mov dword [eax + 0x49f5], ebx
+mov dword [eax + 0x375a], ebx
+
+loc_fffa7cac: ; not directly referenced
+add ecx, 0x13c3
+add eax, 0x13c3
+cmp ecx, 0x2786
+jne short loc_fffa7c64 ; jne 0xfffa7c64
+jmp short loc_fffa7ccb ; jmp 0xfffa7ccb
+
+loc_fffa7cc1: ; not directly referenced
+inc edx
+mov dword [ebp + esi*4 - 0x28], edx
+jmp near loc_fffa7c09 ; jmp 0xfffa7c09
+
+loc_fffa7ccb: ; not directly referenced
+cmp byte [ebp + esi - 0x3c], 0
+jne loc_fffa7d5e ; jne 0xfffa7d5e
+cmp byte [ebp - 0x4c], 0
+je short loc_fffa7ceb ; je 0xfffa7ceb
+cmp byte [edi + 0x1876], 0
+jne short loc_fffa7d5e ; jne 0xfffa7d5e
+cmp byte [ebp - 0x79], 1
+je short loc_fffa7d5e ; je 0xfffa7d5e
+
+loc_fffa7ceb: ; not directly referenced
+mov eax, dword [ebp - 0x44]
+
+loc_fffa7cee: ; not directly referenced
+dec eax
+test eax, eax
+jle short loc_fffa7d57 ; jle 0xfffa7d57
+lea edx, [eax + eax*8]
+mov dl, byte [edx + ref_fffd34b8] ; mov dl, byte [edx - 0x2cb48]
+cmp dl, 3
+jne short loc_fffa7d33 ; jne 0xfffa7d33
+
+loc_fffa7d01: ; not directly referenced
+mov dword [ebp - 0x44], eax
+lea eax, [eax + eax*8]
+mov ebx, dword [eax + ref_fffd34b0] ; mov ebx, dword [eax - 0x2cb50]
+lea ecx, [ebp - 0x44]
+mov eax, dword [edi + 0x36e3]
+mov edx, ebx
+call fcn_fffaf08c ; call 0xfffaf08c
+xor eax, eax
+test ebx, ebx
+je short loc_fffa7d51 ; je 0xfffa7d51
+mov eax, dword [ebp - 0x54]
+xor edx, edx
+lea eax, [ebx + eax - 1]
+add eax, dword [ebp - 0x6c]
+div ebx
+jmp short loc_fffa7d51 ; jmp 0xfffa7d51
+
+loc_fffa7d33: ; not directly referenced
+cmp dl, 1
+jne short loc_fffa7d41 ; jne 0xfffa7d41
+cmp dword [edi + 0x36e3], 0
+jmp short loc_fffa7d4d ; jmp 0xfffa7d4d
+
+loc_fffa7d41: ; not directly referenced
+cmp dl, 2
+jne short loc_fffa7cee ; jne 0xfffa7cee
+cmp dword [edi + 0x36e3], 1
+
+loc_fffa7d4d: ; not directly referenced
+jne short loc_fffa7cee ; jne 0xfffa7cee
+jmp short loc_fffa7d01 ; jmp 0xfffa7d01
+
+loc_fffa7d51: ; not directly referenced
+mov dword [ebp + esi*4 - 0x28], eax
+jmp short loc_fffa7d8c ; jmp 0xfffa7d8c
+
+loc_fffa7d57: ; not directly referenced
+mov dword [ebp - 0x44], eax
+jmp short loc_fffa7d8c ; jmp 0xfffa7d8c
+
+loc_fffa7d5c: ; not directly referenced
+xor ebx, ebx
+
+loc_fffa7d5e: ; not directly referenced
+inc esi
+cmp esi, 4
+jne loc_fffa78a9 ; jne 0xfffa78a9
+mov edx, dword [edi + 0x36df]
+xor ecx, ecx
+mov eax, dword [edi + 0x36e3]
+call fcn_fffaf08c ; call 0xfffaf08c
+mov dword [edi + 0x36d7], eax
+mov eax, dword [ebp - 0x80]
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffa7d8c: ; not directly referenced
+cmp dword [ebp - 0x44], 0
+jg loc_fffa7c09 ; jg 0xfffa7c09
+jmp short loc_fffa7d5e ; jmp 0xfffa7d5e
+
+fcn_fffa7d98: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x14
+cmp cl, 0x20
+mov dword [ebp - 0x14], eax
+mov al, byte [ebp + 8]
+sete bl
+cmp cl, 0x10
+mov byte [ebp - 0xd], al
+sete al
+or bl, al
+jne short loc_fffa7dce ; jne 0xfffa7dce
+cmp cl, 0x21
+sete bl
+cmp cl, 0x11
+sete al
+or bl, al
+je loc_fffa7e62 ; je 0xfffa7e62
+
+loc_fffa7dce: ; not directly referenced
+xor ebx, ebx
+cmp cl, 0x21
+ja short loc_fffa7ddc ; ja 0xfffa7ddc
+movzx ebx, byte [ecx + ref_fffd5f1c] ; movzx ebx, byte [ecx - 0x2a0e4]
+
+loc_fffa7ddc: ; not directly referenced
+cmp bl, 7
+mov eax, 7
+cmovbe eax, ebx
+xor ebx, ebx
+imul eax, eax, 0x240
+lea edi, [edx + eax]
+movzx eax, byte [ebp - 0xd]
+imul eax, eax, 0x12
+mov dword [ebp - 0x20], eax
+
+loc_fffa7dfc: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov esi, dword [ebp - 0x14]
+cmp dword [esi + eax + 0x3756], 2
+je short loc_fffa7e17 ; je 0xfffa7e17
+
+loc_fffa7e0f: ; not directly referenced
+inc ebx
+cmp ebx, 2
+je short loc_fffa7e62 ; je 0xfffa7e62
+jmp short loc_fffa7dfc ; jmp 0xfffa7dfc
+
+loc_fffa7e17: ; not directly referenced
+lea eax, [ebx + ebx*8]
+add eax, dword [ebp - 0x20]
+mov byte [ebp - 0xd], 0
+mov dword [ebp - 0x1c], eax
+
+loc_fffa7e24: ; not directly referenced
+mov esi, dword [ebp - 0x14]
+mov al, byte [ebp - 0xd]
+cmp al, byte [esi + 0x2488]
+jae short loc_fffa7e0f ; jae 0xfffa7e0f
+movzx ecx, byte [ebp - 0xd]
+mov esi, 0xa
+xor edx, edx
+add ecx, dword [ebp - 0x1c]
+inc byte [ebp - 0xd]
+lea eax, [edi + ecx*8]
+mov dword [ebp - 0x18], eax
+imul eax, dword [edi + ecx*8], 0xf
+div esi
+xor edx, edx
+mov dword [edi + ecx*8], eax
+mov ecx, dword [ebp - 0x18]
+imul eax, dword [ecx + 4], 0xf
+div esi
+mov dword [ecx + 4], eax
+jmp short loc_fffa7e24 ; jmp 0xfffa7e24
+
+loc_fffa7e62: ; not directly referenced
+add esp, 0x14
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa7e6c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x28
+mov bl, byte [ebp + 0xc]
+mov dword [ebp - 0x24], eax
+movzx eax, byte [ebp + 8]
+mov byte [ebp - 0x1b], bl
+cmp cl, 0xd
+ja short loc_fffa7e9f ; ja 0xfffa7e9f
+cmp cl, 0xb
+jae short loc_fffa7eba ; jae 0xfffa7eba
+cmp cl, 2
+jbe short loc_fffa7eba ; jbe 0xfffa7eba
+lea ebx, [ecx - 4]
+cmp bl, 1
+ja loc_fffa7fd1 ; ja 0xfffa7fd1
+jmp short loc_fffa7eba ; jmp 0xfffa7eba
+
+loc_fffa7e9f: ; not directly referenced
+cmp cl, 0x10
+jb loc_fffa7fd1 ; jb 0xfffa7fd1
+cmp cl, 0x11
+jbe short loc_fffa7ec0 ; jbe 0xfffa7ec0
+lea ebx, [ecx - 0x20]
+cmp bl, 1
+jbe short loc_fffa7ec0 ; jbe 0xfffa7ec0
+jmp near loc_fffa7fd1 ; jmp 0xfffa7fd1
+
+loc_fffa7eba: ; not directly referenced
+mov byte [ebp - 0x1a], 0xa
+jmp short loc_fffa7ec4 ; jmp 0xfffa7ec4
+
+loc_fffa7ec0: ; not directly referenced
+mov byte [ebp - 0x1a], 7
+
+loc_fffa7ec4: ; not directly referenced
+xor ebx, ebx
+cmp cl, 0x21
+ja short loc_fffa7ed2 ; ja 0xfffa7ed2
+movzx ebx, byte [ecx + ref_fffd5f1c] ; movzx ebx, byte [ecx - 0x2a0e4]
+
+loc_fffa7ed2: ; not directly referenced
+cmp bl, 7
+mov ecx, 7
+mov esi, dword [ebp - 0x24]
+cmovbe ecx, ebx
+imul ecx, ecx, 0x240
+imul eax, eax, 0x12
+add esi, 0x3756
+mov dword [ebp - 0x14], esi
+lea edi, [edx + ecx]
+mov dword [ebp - 0x18], 0
+mov dword [ebp - 0x34], eax
+
+loc_fffa7eff: ; not directly referenced
+mov eax, dword [ebp - 0x14]
+cmp dword [eax], 2
+je short loc_fffa7f1e ; je 0xfffa7f1e
+
+loc_fffa7f07: ; not directly referenced
+inc dword [ebp - 0x18]
+add dword [ebp - 0x14], 0x13c3
+cmp dword [ebp - 0x18], 2
+jne short loc_fffa7eff ; jne 0xfffa7eff
+xor eax, eax
+jmp near loc_fffa7fd6 ; jmp 0xfffa7fd6
+
+loc_fffa7f1e: ; not directly referenced
+imul eax, dword [ebp - 0x18], 9
+mov esi, dword [ebp - 0x34]
+mov byte [ebp - 0x19], 0
+mov dword [ebp - 0x2c], eax
+add esi, eax
+movzx eax, byte [ebp - 0x1a]
+mov dword [ebp - 0x28], esi
+mov dword [ebp - 0x30], eax
+
+loc_fffa7f38: ; not directly referenced
+mov edx, dword [ebp - 0x24]
+mov al, byte [ebp - 0x19]
+cmp al, byte [edx + 0x2488]
+jae short loc_fffa7f07 ; jae 0xfffa7f07
+movzx esi, al
+mov edx, dword [ebp - 0x2c]
+xor ecx, ecx
+mov eax, dword [ebp - 0x28]
+add edx, esi
+add eax, esi
+lea ebx, [edi + eax*8]
+lea edx, [edi + edx*8]
+mov dword [ebp - 0x10], ebx
+mov ebx, eax
+mov dword [ebp - 0x20], edx
+
+loc_fffa7f63: ; not directly referenced
+mov eax, dword [ebp - 0x14]
+mov edx, 1
+shl edx, cl
+and dl, byte [eax + 0xc4]
+test byte [ebp - 0x1b], dl
+je short loc_fffa7f9e ; je 0xfffa7f9e
+imul edx, ecx, 0x90
+mov eax, dword [ebp - 0x20]
+mov eax, dword [eax + edx]
+cmp dword [edi + ebx*8], eax
+jbe short loc_fffa7f8c ; jbe 0xfffa7f8c
+mov dword [edi + ebx*8], eax
+
+loc_fffa7f8c: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+mov edx, dword [eax + edx + 4]
+mov eax, dword [ebp - 0x10]
+cmp dword [eax + 4], edx
+jbe short loc_fffa7f9e ; jbe 0xfffa7f9e
+mov dword [eax + 4], edx
+
+loc_fffa7f9e: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffa7f63 ; jne 0xfffa7f63
+add esi, dword [ebp - 0x28]
+mov cl, 0xa
+mov ebx, dword [ebp - 0x30]
+xor edx, edx
+inc byte [ebp - 0x19]
+mov eax, dword [edi + esi*8]
+imul eax, ebx
+div ecx
+xor edx, edx
+mov dword [edi + esi*8], eax
+mov esi, dword [ebp - 0x10]
+mov eax, ebx
+imul eax, dword [esi + 4]
+div ecx
+mov dword [esi + 4], eax
+jmp near loc_fffa7f38 ; jmp 0xfffa7f38
+
+loc_fffa7fd1: ; not directly referenced
+mov eax, 2
+
+loc_fffa7fd6: ; not directly referenced
+add esp, 0x28
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa7fde: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0x6c
+movzx eax, byte [ebp + 8]
+mov dword [ebp - 0x4c], edx
+mov edx, dword [ebp + 0xc]
+mov dword [ebp - 0x50], ecx
+mov byte [ebp - 0x3c], 0xaa
+mov byte [ebp - 0x3b], 0xc0
+mov word [ebp - 0x58], dx
+mov byte [ebp - 0x3a], 0xcc
+mov byte [ebp - 0x39], 0xf0
+mov dword [ebp - 0x54], 0
+mov word [ebp - 0x6e], ax
+
+loc_fffa8015: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+mov bx, word [ebp - 0x6e]
+mov word [ebp - 0x68], ax
+cmp ax, bx
+jae loc_fffa819d ; jae 0xfffa819d
+mov eax, dword [ebp - 0x50]
+xor ecx, ecx
+or eax, dword [ebp - 0x4c]
+mov dword [ebp - 0x6c], eax
+
+loc_fffa8034: ; not directly referenced
+mov esi, 1
+mov ebx, dword [ebp - 0x4c]
+mov al, 1
+shl esi, cl
+test dword [ebp - 0x50], esi
+setne dl
+and ebx, esi
+setne byte [ebp - 0x56]
+test byte [ebp - 0x56], dl
+jne short loc_fffa8067 ; jne 0xfffa8067
+test ebx, ebx
+sete bl
+xor eax, eax
+test bl, dl
+jne short loc_fffa8067 ; jne 0xfffa8067
+and esi, dword [ebp - 0x6c]
+cmp esi, 1
+sbb eax, eax
+add eax, 3
+
+loc_fffa8067: ; not directly referenced
+movzx eax, al
+mov al, byte [ebp + eax - 0x3c]
+mov byte [ebp + ecx - 0x38], al
+inc ecx
+cmp ecx, 0x20
+jne short loc_fffa8034 ; jne 0xfffa8034
+mov eax, dword [ebp - 0x68]
+xor esi, esi
+add eax, dword [ebp - 0x58]
+mov word [ebp - 0x56], ax
+
+loc_fffa8084: ; not directly referenced
+mov ecx, esi
+mov eax, 1
+shl eax, cl
+xor ebx, ebx
+mov dword [ebp - 0x68], eax
+xor ecx, ecx
+mov edx, 1
+
+loc_fffa8099: ; not directly referenced
+mov al, byte [ebp - 0x68]
+test byte [ebp + ecx - 0x38], al
+je short loc_fffa80a8 ; je 0xfffa80a8
+mov eax, edx
+shl eax, cl
+or ebx, eax
+
+loc_fffa80a8: ; not directly referenced
+inc ecx
+cmp ecx, 0x20
+jne short loc_fffa8099 ; jne 0xfffa8099
+cmp dword [edi + 0x3756], 2
+lea eax, [esi + 0x10000]
+mov dword [ebp - 0x68], eax
+jne short loc_fffa8113 ; jne 0xfffa8113
+mov ecx, ebx
+mov edx, 0x42dc
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, ebx
+mov edx, 0x42e0
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0x68]
+mov edx, 0x42d4
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ax, word [ebp - 0x56]
+mov ecx, 0xfff
+mov edx, 0x42d0
+cmp ax, 0xfff
+cmovbe ecx, eax
+mov eax, edi
+and ecx, 0xfff
+or ecx, 0x8000000
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8113: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+jne short loc_fffa816f ; jne 0xfffa816f
+mov ecx, ebx
+mov edx, 0x46dc
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, ebx
+mov edx, 0x46e0
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0x68]
+mov edx, 0x46d4
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ax, word [ebp - 0x56]
+mov ecx, 0xfff
+mov edx, 0x46d0
+cmp ax, 0xfff
+cmovbe ecx, eax
+mov eax, edi
+and ecx, 0xfff
+or ecx, 0x8000000
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa816f: ; not directly referenced
+inc esi
+cmp esi, 8
+jne loc_fffa8084 ; jne 0xfffa8084
+mov ebx, dword [ebp - 0x50]
+mov esi, dword [ebp - 0x4c]
+add dword [ebp - 0x50], ebx
+add dword [ebp - 0x4c], esi
+mov eax, ebx
+shr eax, 0x1f
+or dword [ebp - 0x50], eax
+mov eax, esi
+shr eax, 0x1f
+inc dword [ebp - 0x54]
+or dword [ebp - 0x4c], eax
+jmp near loc_fffa8015 ; jmp 0xfffa8015
+
+loc_fffa819d: ; not directly referenced
+cmp dword [edi + 0x3756], 2
+jne short loc_fffa81b4 ; jne 0xfffa81b4
+xor ecx, ecx
+mov edx, 0x42d4
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa81b4: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+jne short loc_fffa81cb ; jne 0xfffa81cb
+xor ecx, ecx
+mov edx, 0x46d4
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa81cb: ; not directly referenced
+add esp, 0x6c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa81d3: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+xor edi, edi
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x2c
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x2c], edx
+mov dword [ebp - 0x30], ecx
+mov word [ebp - 0x22], ax
+movzx eax, byte [ebp + 8]
+mov dword [ebp - 0x34], eax
+
+loc_fffa81f4: ; not directly referenced
+mov dword [ebp - 0x20], 1
+mov ecx, edi
+mov esi, 0x46dc
+shl dword [ebp - 0x20], cl
+
+loc_fffa8205: ; not directly referenced
+lea eax, [esi*8 - 0x236e0]
+xor ecx, ecx
+mov dword [ebp - 0x28], eax
+mov dword [ebp - 0x1c], 0
+
+loc_fffa8218: ; not directly referenced
+mov eax, dword [ebp - 0x28]
+add eax, ecx
+cdq
+idiv dword [ebp - 0x34]
+mov eax, dword [ebp - 0x30]
+movzx edx, dl
+movzx eax, byte [eax + edx]
+mov edx, dword [ebp - 0x2c]
+movzx eax, byte [edx + eax]
+test dword [ebp - 0x20], eax
+je short loc_fffa8241 ; je 0xfffa8241
+mov eax, 1
+shl eax, cl
+or dword [ebp - 0x1c], eax
+
+loc_fffa8241: ; not directly referenced
+inc ecx
+cmp ecx, 0x20
+jne short loc_fffa8218 ; jne 0xfffa8218
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffa8260 ; jne 0xfffa8260
+mov ecx, dword [ebp - 0x1c]
+lea edx, [esi - 0x400]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8260: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffa8275 ; jne 0xfffa8275
+mov ecx, dword [ebp - 0x1c]
+mov edx, esi
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8275: ; not directly referenced
+add esi, 4
+cmp esi, 0x46e4
+jne short loc_fffa8205 ; jne 0xfffa8205
+cmp dword [ebx + 0x3756], 2
+lea esi, [edi + 0x10000]
+jne short loc_fffa82c5 ; jne 0xfffa82c5
+mov ecx, esi
+mov edx, 0x42d4
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ax, word [ebp - 0x22]
+mov ecx, 0xfff
+mov edx, 0x42d0
+cmp ax, 0xfff
+cmovbe ecx, eax
+mov eax, ebx
+and ecx, 0xfff
+or ecx, 0x8000000
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa82c5: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffa8304 ; jne 0xfffa8304
+mov ecx, esi
+mov edx, 0x46d4
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ax, word [ebp - 0x22]
+mov ecx, 0xfff
+mov edx, 0x46d0
+cmp ax, 0xfff
+cmovbe ecx, eax
+mov eax, ebx
+and ecx, 0xfff
+or ecx, 0x8000000
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8304: ; not directly referenced
+inc edi
+cmp edi, 8
+jne loc_fffa81f4 ; jne 0xfffa81f4
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffa8325 ; jne 0xfffa8325
+xor ecx, ecx
+mov edx, 0x42d4
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8325: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffa8343 ; jne 0xfffa8343
+add esp, 0x2c
+mov eax, ebx
+pop ebx
+xor ecx, ecx
+pop esi
+mov edx, 0x46d4
+pop edi
+pop ebp
+jmp near fcn_fffae58c ; jmp 0xfffae58c
+
+loc_fffa8343: ; not directly referenced
+add esp, 0x2c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa834b: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0x2c
+mov ebx, dword [eax + 0x2443]
+cmp edx, 0x4a
+ja short loc_fffa836a ; ja 0xfffa836a
+lea ebx, [edx + 1]
+xor esi, esi
+shr ebx, 1
+jmp short loc_fffa83ab ; jmp 0xfffa83ab
+
+loc_fffa836a: ; not directly referenced
+mov edi, dword [eax + 0x18d1]
+sub esp, 0xc
+mov dword [ebp - 0x2c], edx
+add edi, 0xf0
+push edi
+call dword [ebx + 0x20] ; ucall
+mov edx, dword [ebp - 0x2c]
+add esp, 0x10
+add edx, eax
+mov esi, eax
+mov dword [ebp - 0x1c], edx
+
+loc_fffa838d: ; not directly referenced
+sub esp, 0xc
+push edi
+call dword [ebx + 0x20] ; ucall
+mov edx, dword [ebp - 0x1c]
+add esp, 0x10
+cmp edx, esi
+ja short loc_fffa83a2 ; ja 0xfffa83a2
+cmp eax, esi
+jae short loc_fffa838d ; jae 0xfffa838d
+
+loc_fffa83a2: ; not directly referenced
+mov edx, dword [ebp - 0x1c]
+cmp eax, edx
+jae short loc_fffa83c1 ; jae 0xfffa83c1
+jmp short loc_fffa838d ; jmp 0xfffa838d
+
+loc_fffa83ab: ; not directly referenced
+cmp esi, ebx
+je short loc_fffa83c1 ; je 0xfffa83c1
+mov edx, 0x4ce0
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+inc esi
+mov dword [ebp - 0x1c], eax
+jmp short loc_fffa83ab ; jmp 0xfffa83ab
+
+loc_fffa83c1: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa83c9: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0x2c
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x20], edx
+mov dword [ebp - 0x30], eax
+mov byte [ebp - 0x31], al
+mov eax, dword [edi + 0x5edc]
+mov dword [ebp - 0x1c], eax
+mov ebx, dword [eax + 0xc]
+mov esi, dword [eax + 0x10]
+cmp dl, 8
+ja loc_fffa850b ; ja 0xfffa850b
+jmp dword [edx*4 + ref_fffd3308] ; ujmp: jmp dword [edx*4 - 0x2ccf8]
+
+loc_fffa83ff: ; not directly referenced
+and ecx, 0x1f
+and ebx, 0xfff07bff
+shl ecx, 0xf
+jmp short loc_fffa8416 ; jmp 0xfffa8416
+
+loc_fffa840d: ; not directly referenced
+and ecx, 0xf
+and bh, 0x87
+shl ecx, 0xb
+
+loc_fffa8416: ; not directly referenced
+or ebx, ecx
+jmp near loc_fffa850b ; jmp 0xfffa850b
+
+loc_fffa841d: ; not directly referenced
+and ecx, 0xf
+and ebx, 0xf00fffff
+mov eax, ecx
+shl eax, 0x14
+shl ecx, 0x18
+or ebx, eax
+jmp short loc_fffa8416 ; jmp 0xfffa8416
+
+loc_fffa8432: ; not directly referenced
+shl ecx, 0x1c
+and ebx, 0xfffffff
+jmp short loc_fffa8416 ; jmp 0xfffa8416
+
+loc_fffa843d: ; not directly referenced
+mov eax, ecx
+and esi, 0xffffffe0
+and eax, 0xf
+and ecx, 0x10
+jmp short loc_fffa8492 ; jmp 0xfffa8492
+
+loc_fffa844a: ; not directly referenced
+mov eax, ecx
+and esi, 0xfffffc1f
+and eax, 0xf
+mov edx, eax
+shl edx, 5
+shr ecx, 4
+mov dword [ebp - 0x24], edx
+and ecx, 1
+or esi, dword [ebp - 0x24]
+mov edx, ecx
+shl edx, 9
+shl eax, 0xa
+or esi, edx
+and esi, 0xffff83ff
+shl ecx, 0xe
+jmp short loc_fffa8492 ; jmp 0xfffa8492
+
+loc_fffa847b: ; not directly referenced
+mov eax, ecx
+and esi, 0xfff07fff
+and eax, 0xf
+shl ecx, 0xf
+shl eax, 0xf
+and ecx, 0x80000
+
+loc_fffa8492: ; not directly referenced
+or esi, eax
+or esi, ecx
+jmp short loc_fffa850b ; jmp 0xfffa850b
+
+loc_fffa8498: ; not directly referenced
+and ecx, 1
+and ebx, 0xfffffff7
+lea eax, [ecx*8]
+or ebx, eax
+mov eax, dword [ebp - 0x1c]
+shl ecx, 0x1a
+mov dword [ebp - 0x28], 0
+mov dword [ebp - 0x38], ecx
+add eax, 0x1c
+mov dword [ebp - 0x2c], eax
+
+loc_fffa84bd: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov ecx, 0xff
+mov edx, dword [ebp - 0x28]
+mov eax, dword [eax]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp - 0x38]
+and dword [ebp - 0x24], 0xfbffffff
+or dword [ebp - 0x24], eax
+mov eax, edi
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebp - 0x24]
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+cmp byte [ebp - 0x31], 0
+je short loc_fffa84fb ; je 0xfffa84fb
+mov eax, dword [ebp - 0x2c]
+mov ecx, dword [ebp - 0x24]
+mov dword [eax], ecx
+
+loc_fffa84fb: ; not directly referenced
+inc dword [ebp - 0x28]
+add dword [ebp - 0x2c], 0xcc
+cmp dword [ebp - 0x28], 2
+jne short loc_fffa84bd ; jne 0xfffa84bd
+
+loc_fffa850b: ; not directly referenced
+mov ecx, ebx
+mov edx, 0x3a14
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+mov edx, 0x3a18
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x30], 0
+je short loc_fffa8536 ; je 0xfffa8536
+mov eax, dword [ebp - 0x1c]
+mov dword [eax + 0xc], ebx
+mov dword [eax + 0x10], esi
+
+loc_fffa8536: ; not directly referenced
+mov ecx, 0x115
+mov edx, 0x5f08
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x78
+mov eax, edi
+call fcn_fffa834b ; call 0xfffa834b
+cmp byte [ebp - 0x20], 0
+jne loc_fffa8620 ; jne 0xfffa8620
+mov edx, 0x3a04
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+and eax, 0x3f
+lea edx, [eax - 0x10]
+cmp dl, 0x20
+jbe loc_fffa8636 ; jbe 0xfffa8636
+mov edx, ebx
+and ebx, 0xfffffff7
+or edx, 8
+cmp al, 0xf
+mov eax, dword [ebp - 0x1c]
+cmovbe ebx, edx
+mov dword [ebp - 0x20], 0
+lea esi, [eax + 0x1c]
+mov eax, ebx
+shr eax, 3
+and eax, 1
+mov byte [ebp - 0x24], al
+shl eax, 2
+mov byte [ebp - 0x28], al
+
+loc_fffa85a3: ; not directly referenced
+mov al, byte [esi + 3]
+mov ecx, 0xff
+add esi, 0xcc
+mov edx, dword [ebp - 0x20]
+and eax, 0xfffffffb
+or eax, dword [ebp - 0x28]
+mov byte [esi - 0xc9], al
+mov eax, edi
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [esi - 0xcc]
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+inc dword [ebp - 0x20]
+cmp dword [ebp - 0x20], 2
+jne short loc_fffa85a3 ; jne 0xfffa85a3
+mov ecx, ebx
+mov eax, edi
+mov edx, 0x3a14
+call fcn_fffae58c ; call 0xfffae58c
+mov esi, dword [ebp - 0x1c]
+mov ecx, 0x115
+mov dl, byte [ebp - 0x24]
+mov al, byte [esi + 0xc]
+shl edx, 3
+and eax, 0xfffffff7
+or eax, edx
+mov edx, 0x5f08
+mov byte [esi + 0xc], al
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x78
+mov eax, edi
+call fcn_fffa834b ; call 0xfffa834b
+jmp short loc_fffa8636 ; jmp 0xfffa8636
+
+loc_fffa8620: ; not directly referenced
+mov al, byte [ebp - 0x20]
+dec eax
+cmp al, 7
+ja loc_fffa8702 ; ja 0xfffa8702
+movzx eax, al
+jmp dword [eax*4 + ref_fffd332c] ; ujmp: jmp dword [eax*4 - 0x2ccd4]
+
+loc_fffa8636: ; not directly referenced
+mov edx, 0x3a04
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov esi, eax
+and esi, 0x3f
+cmp dword [edi + 0x188b], 0
+jne short loc_fffa8658 ; jne 0xfffa8658
+shr eax, 9
+and eax, 0x3f
+jmp short loc_fffa865b ; jmp 0xfffa865b
+
+loc_fffa8658: ; not directly referenced
+shr eax, 0x1a
+
+loc_fffa865b: ; not directly referenced
+mov edx, esi
+and ebx, 0xfffffc0f
+sub eax, edx
+mov edx, 0x3a14
+and eax, 0x3f
+shl eax, 4
+or ebx, eax
+mov eax, edi
+or bh, 4
+mov ecx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x30], 0
+je short loc_fffa868a ; je 0xfffa868a
+mov eax, dword [ebp - 0x1c]
+mov dword [eax + 0xc], ebx
+
+loc_fffa868a: ; not directly referenced
+mov eax, esi
+movzx esi, al
+jmp short loc_fffa8704 ; jmp 0xfffa8704
+
+loc_fffa8691: ; not directly referenced
+mov edx, 0x3a00
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov dl, al
+and edx, 0x3f
+cmp dword [edi + 0x188b], 0
+jne short loc_fffa86b0 ; jne 0xfffa86b0
+shr eax, 0x1a
+jmp short loc_fffa86b3 ; jmp 0xfffa86b3
+
+loc_fffa86b0: ; not directly referenced
+shr eax, 0x14
+
+loc_fffa86b3: ; not directly referenced
+and eax, 0x1f
+movzx edx, dl
+cmp byte [ebp - 0x20], 1
+movzx esi, al
+cmove esi, edx
+jmp short loc_fffa8704 ; jmp 0xfffa8704
+
+loc_fffa86c5: ; not directly referenced
+mov edx, 0x3a08
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov esi, eax
+and esi, 0x3f
+shr eax, 0xc
+cmp byte [ebp - 0x20], 2
+jne short loc_fffa8704 ; jne 0xfffa8704
+jmp short loc_fffa86fb ; jmp 0xfffa86fb
+
+loc_fffa86e1: ; not directly referenced
+mov edx, 0x3a10
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov esi, eax
+and esi, 0x1f
+cmp byte [ebp - 0x20], 4
+jne short loc_fffa8704 ; jne 0xfffa8704
+shr eax, 0xb
+
+loc_fffa86fb: ; not directly referenced
+mov esi, eax
+and esi, 0x3f
+jmp short loc_fffa8704 ; jmp 0xfffa8704
+
+loc_fffa8702: ; not directly referenced
+xor esi, esi
+
+loc_fffa8704: ; not directly referenced
+add esp, 0x2c
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa870e: ; not directly referenced
+push ebp
+mov ecx, 0x10200
+mov ebp, esp
+push ebx
+mov ebx, eax
+push edx
+mov edx, 0x5060
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, ebx
+mov edx, 0xf
+pop ecx
+pop ebx
+pop ebp
+jmp near fcn_fffa834b ; jmp 0xfffa834b
+
+fcn_fffa8733: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+mov esi, eax
+mov eax, edx
+shl eax, 0xa
+add eax, 0x429c
+push ebx
+mov edx, eax
+sub esp, 0x1c
+mov dword [ebp - 0x1c], eax
+mov eax, esi
+mov dword [ebp - 0x20], ecx
+imul edi, edi, 0x13c3
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x20]
+mov ebx, eax
+imul eax, ecx, 0x128
+and ebx, 0xfffff8c0
+lea eax, [eax + edi + 0x48b0]
+lea edx, [esi + eax + 0x19]
+cmp byte [edx + 0xcf], 1
+jne short loc_fffa879d ; jne 0xfffa879d
+mov edi, ebx
+mov eax, 1
+shl eax, cl
+and bl, 0x3f
+shr edi, 6
+or edi, eax
+and edi, 3
+shl edi, 6
+or ebx, edi
+
+loc_fffa879d: ; not directly referenced
+and byte [ebp + 8], 0x3f
+or ebx, dword [ebp + 8]
+cmp byte [edx + 0xce], 1
+jne short loc_fffa87c6 ; jne 0xfffa87c6
+mov edx, ebx
+mov eax, 1
+shl eax, cl
+and bh, 0x3f
+shr edx, 0xe
+or edx, eax
+and edx, 3
+shl edx, 0xe
+or ebx, edx
+
+loc_fffa87c6: ; not directly referenced
+mov edx, dword [ebp - 0x1c]
+mov ecx, ebx
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x1c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa87da:
+mov eax, dword [0xff7d0270]
+push ebp
+mov ebp, esp
+lea edx, [eax + 4]
+mov eax, dword [ebp + 0xc]
+mov dword [eax], edx
+xor eax, eax
+pop ebp
+ret
+
+fcn_fffa87ee: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov ebx, dword [ebp + 8]
+mov eax, dword [ebx + 0x18a7]
+mov esi, dword [ebx + 0x2443]
+mov edi, dword [ebx + 0x18c1]
+mov dword [ebp - 0x2c], eax
+mov eax, dword [ebx + 0x188b]
+push 0xe4
+push 0
+push 0
+push 0
+mov dword [ebp - 0x30], eax
+call dword [esi + 0x4c] ; ucall
+add edi, eax
+mov dword [esp], edi
+add edi, 4
+call dword [esi + 0x20] ; ucall
+mov dword [esp], edi
+mov dword [ebp - 0x1c], eax
+call dword [esi + 0x20] ; ucall
+mov edx, dword [ebp - 0x1c]
+mov edi, dword [ebx + 0x18c1]
+mov dword [ebx + 0x10], edx
+mov dword [ebx + 0x14], eax
+push 0x54
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+mov edx, dword [ebp - 0x1c]
+add esp, 0x10
+movzx ecx, dh
+test cl, 8
+jne short loc_fffa8889 ; jne 0xfffa8889
+test al, 0x10
+je short loc_fffa8889 ; je 0xfffa8889
+mov eax, dword [ebx + 0x188f]
+mov dword [ebx + 0x246d], eax
+mov eax, dword [ebx + 0x1893]
+mov dword [ebx + 0x2471], eax
+jmp short loc_fffa889d ; jmp 0xfffa889d
+
+loc_fffa8889: ; not directly referenced
+mov dword [ebx + 0x246d], 0
+mov dword [ebx + 0x2471], 0
+
+loc_fffa889d: ; not directly referenced
+mov eax, edx
+shr eax, 0x13
+and eax, 3
+cmp eax, 1
+je short loc_fffa88c6 ; je 0xfffa88c6
+cmp eax, 2
+je short loc_fffa88d2 ; je 0xfffa88d2
+cmp eax, 1
+sbb eax, eax
+and eax, 0x3e00
+add eax, 0x200
+mov dword [ebx + 0x2484], eax
+jmp short loc_fffa88dc ; jmp 0xfffa88dc
+
+loc_fffa88c6: ; not directly referenced
+mov dword [ebx + 0x2484], 0x2000
+jmp short loc_fffa88dc ; jmp 0xfffa88dc
+
+loc_fffa88d2: ; not directly referenced
+mov dword [ebx + 0x2484], 0x800
+
+loc_fffa88dc: ; not directly referenced
+mov eax, ecx
+shl eax, 0x1b
+mov dword [ebp - 0x20], eax
+mov eax, ecx
+shl eax, 0x19
+sar dword [ebp - 0x20], 0x1f
+add dword [ebp - 0x20], 2
+mov dword [ebp - 0x1c], eax
+sar dword [ebp - 0x1c], 0x1f
+add dword [ebp - 0x1c], 2
+cmp byte [ebx + 0x241f], 1
+je short loc_fffa892b ; je 0xfffa892b
+mov eax, dword [ebx + 0x1887]
+cmp eax, 0x306d0
+sete cl
+cmp eax, 0x40650
+sete al
+or cl, al
+mov eax, 1
+cmove eax, dword [ebp - 0x1c]
+mov dword [ebp - 0x1c], eax
+jmp short loc_fffa8932 ; jmp 0xfffa8932
+
+loc_fffa892b: ; not directly referenced
+mov dword [ebp - 0x1c], 1
+
+loc_fffa8932: ; not directly referenced
+mov eax, edx
+shr eax, 0x10
+and eax, 2
+cmp al, 1
+sbb eax, eax
+mov dword [ebp - 0x24], eax
+mov eax, edx
+shr eax, 0x18
+add word [ebp - 0x24], 2
+and eax, 1
+mov dword [ebp - 0x34], eax
+je short loc_fffa8961 ; je 0xfffa8961
+mov byte [ebx + 0x3748], 1
+mov edi, 1
+jmp short loc_fffa8979 ; jmp 0xfffa8979
+
+loc_fffa8961: ; not directly referenced
+xor eax, eax
+and edx, 0x2000000
+jne short loc_fffa8977 ; jne 0xfffa8977
+xor eax, eax
+cmp byte [ebx + 0x3748], 0
+setne al
+
+loc_fffa8977: ; not directly referenced
+mov edi, eax
+
+loc_fffa8979: ; not directly referenced
+imul esi, dword [ebp - 0x2c], 0x2e
+lea eax, [ebx + 0x736b]
+lea ecx, [ebx + 0x4be5]
+mov dword [ebp - 0x28], eax
+
+loc_fffa898c: ; not directly referenced
+cmp dword [ecx - 0x148f], 2
+je short loc_fffa89d8 ; je 0xfffa89d8
+
+loc_fffa8995: ; not directly referenced
+add ecx, 0x13c3
+cmp ecx, dword [ebp - 0x28]
+jne short loc_fffa898c ; jne 0xfffa898c
+cmp byte [ebx + 0x3748], 1
+mov edi, 2
+mov dword [ebx + 0x3711], 0
+mov dword [ebp - 0x24], 0
+sete al
+xor esi, esi
+add eax, 8
+xor ecx, ecx
+mov byte [ebx + 0x2488], al
+lea eax, [ebx + 0x3812]
+jmp near loc_fffa8ad1 ; jmp 0xfffa8ad1
+
+loc_fffa89d8: ; not directly referenced
+cmp word [ebp - 0x24], 2
+je short loc_fffa8a05 ; je 0xfffa8a05
+cmp dword [ebx + 0x18a7], 0
+jne short loc_fffa8a24 ; jne 0xfffa8a24
+mov eax, dword [ebx + 0x36d7]
+cmp eax, 0x74b
+ja short loc_fffa8a05 ; ja 0xfffa8a05
+cmp dword [ecx - 0x13cf], 1
+jbe short loc_fffa8a24 ; jbe 0xfffa8a24
+cmp eax, 0x534
+jbe short loc_fffa8a24 ; jbe 0xfffa8a24
+
+loc_fffa8a05: ; not directly referenced
+cmp word [ecx + esi - 0x1487], 2
+mov eax, 2
+cmovae ax, word [ecx + esi - 0x1487]
+mov word [ecx + esi - 0x1487], ax
+
+loc_fffa8a24: ; not directly referenced
+lea eax, [ecx - 0x250]
+
+loc_fffa8a2a: ; not directly referenced
+cmp dword [eax - 0xcc], 2
+jne short loc_fffa8a81 ; jne 0xfffa8a81
+mov dx, word [ecx + esi - 0x1487]
+mov word [eax + esi - 0xc4], dx
+cmp edi, 1
+jne short loc_fffa8a70 ; jne 0xfffa8a70
+mov dl, byte [eax]
+test dl, dl
+jne short loc_fffa8a60 ; jne 0xfffa8a60
+cmp dword [ebp - 0x34], 1
+jne short loc_fffa8a73 ; jne 0xfffa8a73
+mov dword [eax - 0xcc], 1
+jmp short loc_fffa8a81 ; jmp 0xfffa8a81
+
+loc_fffa8a60: ; not directly referenced
+dec dl
+jne short loc_fffa8a73 ; jne 0xfffa8a73
+mov byte [eax], 1
+mov dword [eax + 0x11], 9
+jmp short loc_fffa8a81 ; jmp 0xfffa8a81
+
+loc_fffa8a70: ; not directly referenced
+mov byte [eax], 0
+
+loc_fffa8a73: ; not directly referenced
+mov dword [eax + 0x11], 8
+mov byte [ebx + 0x3748], 0
+
+loc_fffa8a81: ; not directly referenced
+add eax, 0x128
+cmp eax, ecx
+jne short loc_fffa8a2a ; jne 0xfffa8a2a
+jmp near loc_fffa8995 ; jmp 0xfffa8995
+
+loc_fffa8a8f: ; not directly referenced
+xor edx, edx
+cmp dword [eax + 0x10b7], 2
+jne short loc_fffa8aa0 ; jne 0xfffa8aa0
+mov edx, dword [eax + 0x1198]
+
+loc_fffa8aa0: ; not directly referenced
+cmp dword [eax + 0x11df], 2
+jne short loc_fffa8aaf ; jne 0xfffa8aaf
+add edx, dword [eax + 0x12c0]
+
+loc_fffa8aaf: ; not directly referenced
+mov dword [eax], edx
+cmp edx, dword [ebp - 0x24]
+jbe short loc_fffa8adc ; jbe 0xfffa8adc
+mov edi, dword [eax + 4]
+mov ecx, esi
+mov dword [ebp - 0x24], edx
+
+loc_fffa8abe: ; not directly referenced
+mov edx, dword [eax]
+inc esi
+add eax, 0x13c3
+add dword [ebx + 0x3711], edx
+cmp esi, 2
+je short loc_fffa8af9 ; je 0xfffa8af9
+
+loc_fffa8ad1: ; not directly referenced
+cmp dword [eax - 0xbc], 2
+jne short loc_fffa8abe ; jne 0xfffa8abe
+jmp short loc_fffa8a8f ; jmp 0xfffa8a8f
+
+loc_fffa8adc: ; not directly referenced
+sete byte [ebp - 0x28]
+cmp dword [ebp - 0x1c], 1
+sete dl
+test byte [ebp - 0x28], dl
+je short loc_fffa8abe ; je 0xfffa8abe
+mov edx, dword [eax + 4]
+cmp edx, edi
+jae short loc_fffa8abe ; jae 0xfffa8abe
+mov edi, edx
+mov ecx, esi
+jmp short loc_fffa8abe ; jmp 0xfffa8abe
+
+loc_fffa8af9: ; not directly referenced
+cmp dword [ebp - 0x20], 1
+je short loc_fffa8b0b ; je 0xfffa8b0b
+
+loc_fffa8aff: ; not directly referenced
+cmp dword [ebp - 0x1c], 1
+jne loc_fffa8b9b ; jne 0xfffa8b9b
+jmp short loc_fffa8b83 ; jmp 0xfffa8b83
+
+loc_fffa8b0b: ; not directly referenced
+lea eax, [ebx + 0x3756]
+xor edx, edx
+
+loc_fffa8b13: ; not directly referenced
+mov esi, dword [eax]
+cmp edx, ecx
+je short loc_fffa8b73 ; je 0xfffa8b73
+cmp esi, 2
+jne short loc_fffa8b73 ; jne 0xfffa8b73
+cmp dword [eax + 0x1173], 2
+mov dword [eax], 1
+mov byte [eax + 0xc4], 0
+jne short loc_fffa8b4f ; jne 0xfffa8b4f
+mov dword [eax + 0x1173], 1
+mov byte [eax + 0x1260], 0
+mov dword [eax + 0x1254], 0
+
+loc_fffa8b4f: ; not directly referenced
+cmp dword [eax + 0x129b], 2
+jne short loc_fffa8b73 ; jne 0xfffa8b73
+mov dword [eax + 0x129b], 1
+mov byte [eax + 0x1388], 0
+mov dword [eax + 0x137c], 0
+
+loc_fffa8b73: ; not directly referenced
+inc edx
+add eax, 0x13c3
+cmp edx, 2
+jne short loc_fffa8b13 ; jne 0xfffa8b13
+jmp near loc_fffa8aff ; jmp 0xfffa8aff
+
+loc_fffa8b83: ; not directly referenced
+xor eax, eax
+
+loc_fffa8b85: ; not directly referenced
+cmp dword [ebx + eax + 0x3756], 2
+je short loc_fffa8ba9 ; je 0xfffa8ba9
+
+loc_fffa8b8f: ; not directly referenced
+add eax, 0x13c3
+cmp eax, 0x2786
+jne short loc_fffa8b85 ; jne 0xfffa8b85
+
+loc_fffa8b9b: ; not directly referenced
+cmp byte [ebx + 0x190d], 0
+jne short loc_fffa8bde ; jne 0xfffa8bde
+jmp near loc_fffa8c91 ; jmp 0xfffa8c91
+
+loc_fffa8ba9: ; not directly referenced
+mov edx, dword [ebx + eax + 0x48c9]
+xor ecx, ecx
+cmp edx, 2
+jne short loc_fffa8bbe ; jne 0xfffa8bbe
+mov ecx, dword [ebx + eax + 0x49aa]
+
+loc_fffa8bbe: ; not directly referenced
+cmp dword [ebx + eax + 0x49f1], 2
+jne short loc_fffa8b8f ; jne 0xfffa8b8f
+cmp dword [ebx + eax + 0x4ad2], ecx
+ja short loc_fffa8c13 ; ja 0xfffa8c13
+mov dword [ebx + eax + 0x49f1], 1
+jmp short loc_fffa8b8f ; jmp 0xfffa8b8f
+
+loc_fffa8bde: ; not directly referenced
+mov eax, dword [ebx + 0x190e]
+mov dword [ebx + 0x36cb], eax
+test eax, eax
+jne short loc_fffa8c2c ; jne 0xfffa8c2c
+cmp dword [ebp - 0x30], 0
+jne short loc_fffa8bfe ; jne 0xfffa8bfe
+mov dword [ebx + 0x36cb], 1
+
+loc_fffa8bfe: ; not directly referenced
+cmp byte [ebx + 0x36ca], 0
+jne short loc_fffa8c2c ; jne 0xfffa8c2c
+mov dword [ebx + 0x36cb], 1
+jmp short loc_fffa8c2c ; jmp 0xfffa8c2c
+
+loc_fffa8c13: ; not directly referenced
+cmp edx, 2
+jne loc_fffa8b8f ; jne 0xfffa8b8f
+mov dword [ebx + eax + 0x48c9], 1
+jmp near loc_fffa8b8f ; jmp 0xfffa8b8f
+
+loc_fffa8c2c: ; not directly referenced
+cmp dword [ebx + 0x36cb], 1
+jne short loc_fffa8c91 ; jne 0xfffa8c91
+cmp dword [ebx + 0x374e], 2
+mov byte [ebx + 0x247f], 1
+jne short loc_fffa8c91 ; jne 0xfffa8c91
+lea eax, [ebx + 0x3756]
+lea edx, [ebx + 0x5edc]
+
+loc_fffa8c51: ; not directly referenced
+cmp dword [eax], 2
+jne short loc_fffa8c88 ; jne 0xfffa8c88
+cmp dword [eax + 0x1173], 2
+jne short loc_fffa8c6f ; jne 0xfffa8c6f
+cmp byte [eax + 0x1243], 0
+jne short loc_fffa8c6f ; jne 0xfffa8c6f
+mov byte [ebx + 0x247f], 0
+
+loc_fffa8c6f: ; not directly referenced
+cmp dword [eax + 0x129b], 2
+jne short loc_fffa8c88 ; jne 0xfffa8c88
+cmp byte [eax + 0x136b], 0
+jne short loc_fffa8c88 ; jne 0xfffa8c88
+mov byte [ebx + 0x247f], 0
+
+loc_fffa8c88: ; not directly referenced
+add eax, 0x13c3
+cmp eax, edx
+jne short loc_fffa8c51 ; jne 0xfffa8c51
+
+loc_fffa8c91: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa8c9b: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 8]
+mov eax, dword [ebx + 0x2480]
+cmp byte [ebx + 0x192b], 0
+mov dword [ebp - 0x1c], eax
+je short loc_fffa8ceb ; je 0xfffa8ceb
+movzx ecx, byte [ebx + 0x192c]
+mov edx, 0x5884
+mov eax, ebx
+and ecx, 7
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x192e]
+xor ecx, ecx
+mov cl, byte [ebx + 0x192d]
+mov edx, 0x5888
+mov ch, al
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8ceb: ; not directly referenced
+movzx ecx, byte [ebx + 0x1935]
+movzx edx, byte [ebx + 0x1936]
+movzx eax, byte [ebx + 0x1937]
+movzx esi, byte [ebx + 0x192f]
+and ecx, 3
+and edx, 0x1f
+shl edx, 0x11
+and eax, 1
+shl ecx, 0x16
+or ecx, edx
+movzx edx, word [ebx + 0x1938]
+shl eax, 0xf
+or ecx, eax
+movzx eax, byte [ebx + 0x1930]
+shl esi, 0x1f
+and edx, 0x7fff
+or ecx, edx
+movzx edx, byte [ebx + 0x1931]
+and eax, 3
+shl eax, 0x16
+or esi, eax
+movzx eax, byte [ebx + 0x1932]
+and edx, 0x1f
+shl edx, 0x11
+or esi, edx
+movzx edx, word [ebx + 0x1933]
+and eax, 1
+shl eax, 0xf
+or esi, eax
+mov eax, ebx
+and edx, 0x7fff
+or esi, edx
+mov edx, 0x58e0
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+mov edx, 0x58e4
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x193b]
+xor ecx, ecx
+mov edx, 0x5890
+mov ch, al
+mov cl, byte [ebx + 0x193a]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x193d]
+xor ecx, ecx
+mov edx, 0x5894
+mov ch, al
+mov cl, byte [ebx + 0x193c]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x193f]
+xor ecx, ecx
+mov edx, 0x5898
+mov ch, al
+mov cl, byte [ebx + 0x193e]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x1941]
+xor ecx, ecx
+mov edx, 0x589c
+mov ch, al
+mov cl, byte [ebx + 0x1940]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x1943]
+xor ecx, ecx
+mov edx, 0x58d0
+mov ch, al
+mov cl, byte [ebx + 0x1942]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x1945]
+xor ecx, ecx
+mov edx, 0x58d4
+xor esi, esi
+mov ch, al
+mov cl, byte [ebx + 0x1944]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x1947]
+xor ecx, ecx
+mov edx, 0x58d8
+mov ch, al
+mov cl, byte [ebx + 0x1946]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + 0x1949]
+xor ecx, ecx
+mov edx, 0x58dc
+mov ch, al
+mov cl, byte [ebx + 0x1948]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8e67: ; not directly referenced
+imul eax, esi, 0x13c3
+cmp dword [ebx + eax + 0x3756], 2
+jne loc_fffa8f7a ; jne 0xfffa8f7a
+cmp byte [ebx + 0x192b], 0
+je loc_fffa8f3a ; je 0xfffa8f3a
+movzx ecx, byte [ebx + esi*2 + 0x194b]
+mov edi, esi
+movzx eax, byte [ebx + esi*2 + 0x194a]
+shl edi, 0xa
+lea edx, [edi + 0x42ec]
+and ecx, 0x3f
+and eax, 0x3f
+shl ecx, 8
+or ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+movzx ecx, byte [ebx + esi*2 + 0x194f]
+lea edx, [edi + 0x42f0]
+movzx eax, byte [ebx + esi*2 + 0x194e]
+and ecx, 0x3f
+and eax, 0x3f
+shl ecx, 8
+or ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + esi*2 + 0x1953]
+xor ecx, ecx
+lea edx, [edi + 0x42f4]
+mov ch, al
+mov cl, byte [ebx + esi*2 + 0x1952]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + esi*2 + 0x1957]
+xor ecx, ecx
+lea edx, [edi + 0x42f8]
+mov ch, al
+mov cl, byte [ebx + esi*2 + 0x1956]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebx + esi*2 + 0x195b]
+xor ecx, ecx
+lea edx, [edi + 0x42fc]
+mov ch, al
+mov cl, byte [ebx + esi*2 + 0x195a]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8f3a: ; not directly referenced
+cmp dword [ebp - 0x1c], 3
+jne short loc_fffa8f55 ; jne 0xfffa8f55
+movzx ecx, byte [ebx + 0x1963]
+and ecx, 1
+shl ecx, 8
+mov cl, byte [ebx + 0x1964]
+jmp short loc_fffa8f68 ; jmp 0xfffa8f68
+
+loc_fffa8f55: ; not directly referenced
+movzx ecx, byte [ebx + 0x1961]
+and ecx, 1
+shl ecx, 8
+mov cl, byte [ebx + 0x1962]
+
+loc_fffa8f68: ; not directly referenced
+mov edx, esi
+mov eax, ebx
+shl edx, 0xa
+add edx, 0x4328
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffa8f7a: ; not directly referenced
+inc esi
+cmp esi, 2
+jne loc_fffa8e67 ; jne 0xfffa8e67
+movzx ecx, byte [ebx + 0x195e]
+mov edx, 0x5060
+mov eax, ebx
+and ecx, 1
+shl ecx, 0x10
+mov cx, word [ebx + 0x195f]
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x5880
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+movzx ecx, byte [ebx + 0x1925]
+movzx edx, byte [ebx + 0x1924]
+and ecx, 1
+and edx, 1
+and eax, 0xfffffffc
+add edx, edx
+or eax, ecx
+movzx ecx, byte [ebx + 0x1928]
+or eax, edx
+movzx edx, byte [ebx + 0x1923]
+and eax, 0xffffffe3
+and ecx, 3
+and edx, 1
+shl edx, 4
+shl ecx, 2
+or eax, edx
+or eax, ecx
+cmp dword [ebp - 0x1c], 3
+jne short loc_fffa902d ; jne 0xfffa902d
+movzx edx, byte [ebx + 0x1927]
+and eax, 0xffffffbf
+and edx, 1
+shl edx, 6
+or eax, edx
+cmp byte [ebx + 0x190d], 0
+mov ecx, eax
+je short loc_fffa901a ; je 0xfffa901a
+cmp dword [ebx + 0x36cb], 1
+je short loc_fffa9041 ; je 0xfffa9041
+
+loc_fffa901a: ; not directly referenced
+xor edx, edx
+cmp byte [ebx + 0x1929], 0
+sete dl
+and al, 0x7f
+shl edx, 7
+jmp short loc_fffa903d ; jmp 0xfffa903d
+
+loc_fffa902d: ; not directly referenced
+movzx edx, byte [ebx + 0x1926]
+and eax, 0xffffffbf
+and edx, 1
+shl edx, 6
+
+loc_fffa903d: ; not directly referenced
+mov ecx, eax
+or ecx, edx
+
+loc_fffa9041: ; not directly referenced
+add esp, 0x1c
+mov eax, ebx
+pop ebx
+mov edx, 0x5880
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffae58c ; jmp 0xfffae58c
+
+fcn_fffa9054: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+movzx esi, dl
+push ebx
+sub esp, 0x2c
+mov bl, byte [ebp + 0xc]
+mov dword [ebp - 0x20], eax
+imul eax, esi, 0x13c3
+mov dword [ebp - 0x24], esi
+mov byte [ebp - 0x19], 0
+mov byte [ebp - 0x1a], bl
+mov bl, byte [ebp + 0x10]
+lea eax, [edi + eax + 0x3756]
+mov dword [ebp - 0x28], eax
+lea eax, [ecx + ecx*8]
+mov dword [ebp - 0x2c], ecx
+mov byte [ebp - 0x31], bl
+mov dword [ebp - 0x30], eax
+
+loc_fffa9091: ; not directly referenced
+mov edi, dword [ebp - 0x20]
+mov al, byte [ebp - 0x19]
+cmp al, byte [edi + 0x2488]
+jae loc_fffa9170 ; jae 0xfffa9170
+mov al, byte [ebp - 0x19]
+mov esi, dword [ebp + 8]
+movzx edi, al
+bt esi, eax
+jae loc_fffa9168 ; jae 0xfffa9168
+mov eax, dword [ebp - 0x30]
+lea ebx, [edi + eax]
+movsx ax, byte [ebp - 0x1a]
+add ebx, ebx
+add ebx, dword [ebp - 0x28]
+mov word [ebp - 0x1c], ax
+add ax, word [ebx + 0x1b1]
+js short loc_fffa90e0 ; js 0xfffa90e0
+mov esi, 0x1ff
+cmp ax, 0x1ff
+cmovbe esi, eax
+jmp short loc_fffa90e2 ; jmp 0xfffa90e2
+
+loc_fffa90e0: ; not directly referenced
+xor esi, esi
+
+loc_fffa90e2: ; not directly referenced
+push eax
+movzx eax, si
+mov ecx, dword [ebp - 0x2c]
+push eax
+mov edx, dword [ebp - 0x24]
+mov eax, dword [ebp - 0x20]
+push 0
+push edi
+call fcn_fffa7499 ; call 0xfffa7499
+mov eax, dword [ebp - 0x28]
+add esp, 0xc
+add eax, dword [ebp - 0x30]
+mov ecx, dword [ebp - 0x1c]
+movzx eax, byte [edi + eax + 0x24d]
+mov edx, ecx
+add dx, word [ebx + 0x121]
+add cx, word [ebx + 0x169]
+and eax, 0x3f
+shl eax, 0x14
+and edx, 0x1ff
+shl edx, 9
+and ecx, 0x1ff
+or eax, edx
+mov edx, dword [ebp - 0x24]
+or eax, ecx
+mov ecx, dword [ebp - 0x2c]
+push eax
+mov eax, dword [ebp - 0x20]
+push 3
+push edi
+call fcn_fffa73b0 ; call 0xfffa73b0
+add esp, 0x10
+cmp byte [ebp - 0x31], 0
+je short loc_fffa9168 ; je 0xfffa9168
+mov eax, dword [ebp - 0x1c]
+add word [ebx + 0x121], ax
+add word [ebx + 0x169], ax
+mov word [ebx + 0x1b1], si
+
+loc_fffa9168: ; not directly referenced
+inc byte [ebp - 0x19]
+jmp near loc_fffa9091 ; jmp 0xfffa9091
+
+loc_fffa9170: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa9178: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov eax, dword [ebp + 8]
+mov ebx, dword [ebp + 0x18]
+mov edx, dword [ebp + 0x10]
+mov edi, eax
+mov dword [ebp - 0x1c], eax
+mov eax, dword [ebp + 0x1c]
+mov byte [ebp - 0x26], bl
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp + 0x20]
+mov esi, eax
+mov dword [ebp - 0x30], eax
+mov al, byte [ebp + 0x14]
+mov byte [ebp - 0x34], al
+mov eax, esi
+mov byte [ebp - 0x25], al
+movzx eax, byte [ebp + 0xc]
+mov dword [ebp - 0x20], eax
+imul eax, eax, 0x13c3
+cmp dword [edi + 0x2480], 3
+sete cl
+lea esi, [edi + eax + 0x3756]
+mov dword [ebp - 0x2c], ecx
+test dl, dl
+je short loc_fffa9227 ; je 0xfffa9227
+mov ecx, dword [ebp - 0x24]
+mov edi, 0x7f
+cmp ecx, 0x7f
+cmovg ecx, edi
+xor eax, eax
+test ecx, ecx
+cmovns eax, ecx
+cmp dl, 2
+je loc_fffa93cd ; je 0xfffa93cd
+ja short loc_fffa91ff ; ja 0xfffa91ff
+dec dl
+je loc_fffa938c ; je 0xfffa938c
+jmp near loc_fffa95bb ; jmp 0xfffa95bb
+
+loc_fffa91ff: ; not directly referenced
+cmp dl, 3
+je loc_fffa946a ; je 0xfffa946a
+cmp dl, 4
+jne loc_fffa95bb ; jne 0xfffa95bb
+cmp eax, 0x7f
+cmovg eax, edi
+movzx edi, byte [ebp - 0x34]
+xor edx, edx
+xor ebx, ebx
+mov dword [ebp - 0x24], edi
+jmp near loc_fffa94ce ; jmp 0xfffa94ce
+
+loc_fffa9227: ; not directly referenced
+cmp dword [ebp - 0x2c], 0
+je loc_fffa92fa ; je 0xfffa92fa
+mov ecx, dword [ebp - 0x1c]
+xor ebx, ebx
+xor edi, edi
+imul edx, dword [ebp - 0x20], 0x54a
+add eax, ecx
+add edx, ecx
+mov dword [ebp - 0x34], edx
+mov dword [ebp - 0x3c], eax
+
+loc_fffa9249: ; not directly referenced
+movzx edx, byte [ebp - 0x26]
+imul eax, ebx, 7
+bt edx, ebx
+mov dword [ebp - 0x2c], eax
+movzx eax, byte [esi + ebx + 0x241]
+jae loc_fffa92e7 ; jae 0xfffa92e7
+add eax, dword [ebp - 0x24]
+mov ecx, 0x80
+cdq
+idiv ecx
+test dl, dl
+lea eax, [edx - 0x80]
+cmovns eax, edx
+cmp byte [ebp - 0x25], 0
+je short loc_fffa9284 ; je 0xfffa9284
+mov byte [esi + ebx + 0x241], al
+
+loc_fffa9284: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+movsx eax, al
+mov dword [ebp - 0x2c], 0
+shl eax, cl
+add edi, eax
+mov eax, dword [ebp - 0x34]
+movzx eax, byte [eax + ebx + 0x1ea9]
+mov dword [ebp - 0x30], eax
+movzx eax, byte [ebp - 0x25]
+mov dword [ebp - 0x38], eax
+
+loc_fffa92aa: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+mov eax, 1
+shl eax, cl
+mov ecx, dword [ebp - 0x3c]
+test byte [ecx + 0x381a], al
+je short loc_fffa92dc ; je 0xfffa92dc
+movsx eax, byte [ebp - 0x24]
+push edx
+mov ecx, dword [ebp - 0x2c]
+push dword [ebp - 0x38]
+mov edx, dword [ebp - 0x20]
+push eax
+mov eax, dword [ebp - 0x1c]
+push dword [ebp - 0x30]
+call fcn_fffa9054 ; call 0xfffa9054
+add esp, 0x10
+
+loc_fffa92dc: ; not directly referenced
+inc dword [ebp - 0x2c]
+cmp dword [ebp - 0x2c], 4
+jne short loc_fffa92aa ; jne 0xfffa92aa
+jmp short loc_fffa92ee ; jmp 0xfffa92ee
+
+loc_fffa92e7: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+shl eax, cl
+add edi, eax
+
+loc_fffa92ee: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffa9249 ; jne 0xfffa9249
+jmp short loc_fffa9379 ; jmp 0xfffa9379
+
+loc_fffa92fa: ; not directly referenced
+movzx eax, byte [ebp - 0x34]
+xor ebx, ebx
+xor edi, edi
+mov dword [ebp - 0x30], eax
+movzx eax, byte [ebp - 0x25]
+mov dword [ebp - 0x34], eax
+
+loc_fffa930c: ; not directly referenced
+mov edx, dword [ebp - 0x30]
+imul eax, ebx, 7
+bt edx, ebx
+mov dword [ebp - 0x2c], eax
+movzx eax, byte [esi + ebx + 0x241]
+jae short loc_fffa936c ; jae 0xfffa936c
+add eax, dword [ebp - 0x24]
+mov ecx, 0x80
+cdq
+idiv ecx
+test dl, dl
+lea eax, [edx - 0x80]
+cmovns eax, edx
+cmp byte [ebp - 0x25], 0
+je short loc_fffa9342 ; je 0xfffa9342
+mov byte [esi + ebx + 0x241], al
+
+loc_fffa9342: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+movsx eax, al
+mov edx, dword [ebp - 0x20]
+shl eax, cl
+mov ecx, ebx
+add edi, eax
+push eax
+movsx eax, byte [ebp - 0x24]
+push dword [ebp - 0x34]
+push eax
+mov eax, dword [ebp - 0x1c]
+push 0x1ff
+call fcn_fffa9054 ; call 0xfffa9054
+add esp, 0x10
+jmp short loc_fffa9373 ; jmp 0xfffa9373
+
+loc_fffa936c: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+shl eax, cl
+add edi, eax
+
+loc_fffa9373: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne short loc_fffa930c ; jne 0xfffa930c
+
+loc_fffa9379: ; not directly referenced
+mov edx, dword [ebp - 0x20]
+mov ecx, edi
+shl edx, 8
+add edx, 0x180c
+jmp near loc_fffa95ac ; jmp 0xfffa95ac
+
+loc_fffa938c: ; not directly referenced
+cmp eax, 0x7f
+mov edx, dword [ebp - 0x20]
+cmovle edi, eax
+mov eax, edi
+and eax, 0x7f
+mov ecx, eax
+shl ecx, 7
+or ecx, eax
+mov eax, dword [ebp - 0x1c]
+shl edx, 8
+add edx, 0x1408
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x30], 0
+je loc_fffa95bb ; je 0xfffa95bb
+mov dword [esi + 0x119], edi
+mov dword [esi + 0x11d], edi
+jmp near loc_fffa95bb ; jmp 0xfffa95bb
+
+loc_fffa93cd: ; not directly referenced
+cmp eax, 0x7f
+cmovle edi, eax
+cmp dword [ebp - 0x2c], 0
+je short loc_fffa940d ; je 0xfffa940d
+mov eax, edi
+test bl, 1
+jne short loc_fffa93e6 ; jne 0xfffa93e6
+mov al, byte [esi + 0x111]
+
+loc_fffa93e6: ; not directly referenced
+and eax, 0x7f
+and eax, 0x7f
+and bl, 2
+jne short loc_fffa93f8 ; jne 0xfffa93f8
+movzx edi, byte [esi + 0x115]
+
+loc_fffa93f8: ; not directly referenced
+and edi, 0x7f
+mov ebx, edi
+and ebx, 0x7f
+shl ebx, 7
+or ebx, eax
+cmp byte [ebp - 0x30], 0
+jne short loc_fffa9441 ; jne 0xfffa9441
+jmp short loc_fffa9457 ; jmp 0xfffa9457
+
+loc_fffa940d: ; not directly referenced
+mov eax, edi
+mov edx, dword [ebp - 0x20]
+and eax, 0x7f
+mov ebx, eax
+shl ebx, 7
+or ebx, eax
+mov eax, dword [ebp - 0x1c]
+shl edx, 8
+mov ecx, ebx
+add edx, 0x1208
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x30], 0
+je short loc_fffa9457 ; je 0xfffa9457
+mov dword [esi + 0x109], edi
+mov dword [esi + 0x10d], edi
+
+loc_fffa9441: ; not directly referenced
+mov eax, ebx
+and eax, 0x7f
+mov dword [esi + 0x111], eax
+mov eax, ebx
+shr eax, 7
+mov dword [esi + 0x115], eax
+
+loc_fffa9457: ; not directly referenced
+mov edx, dword [ebp - 0x20]
+mov ecx, ebx
+shl edx, 8
+add edx, 0x1a08
+jmp near loc_fffa95ac ; jmp 0xfffa95ac
+
+loc_fffa946a: ; not directly referenced
+cmp eax, 0x7f
+mov edx, dword [ebp - 0x20]
+cmovle edi, eax
+mov eax, edi
+and eax, 0x7f
+mov ecx, eax
+shl ecx, 7
+or ecx, eax
+mov eax, dword [ebp - 0x1c]
+shl edx, 8
+add edx, 0x1208
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x30], 0
+je loc_fffa95bb ; je 0xfffa95bb
+mov dword [esi + 0x109], edi
+mov dword [esi + 0x10d], edi
+jmp near loc_fffa95bb ; jmp 0xfffa95bb
+
+loc_fffa94ab: ; not directly referenced
+imul ecx, edx, 7
+mov edi, eax
+shl edi, cl
+add ebx, edi
+cmp byte [ebp - 0x25], 0
+je short loc_fffa94c8 ; je 0xfffa94c8
+mov byte [esi + edx + 0x245], al
+mov byte [esi + edx + 0x249], al
+
+loc_fffa94c8: ; not directly referenced
+inc edx
+cmp edx, 4
+je short loc_fffa94e7 ; je 0xfffa94e7
+
+loc_fffa94ce: ; not directly referenced
+mov edi, dword [ebp - 0x24]
+bt edi, edx
+jb short loc_fffa94ab ; jb 0xfffa94ab
+movzx edi, byte [esi + edx + 0x245]
+imul ecx, edx, 7
+shl edi, cl
+add ebx, edi
+jmp short loc_fffa94c8 ; jmp 0xfffa94c8
+
+loc_fffa94e7: ; not directly referenced
+cmp dword [ebp - 0x2c], 0
+je short loc_fffa950e ; je 0xfffa950e
+mov eax, dword [ebp - 0x1c]
+cmp byte [eax + 0x240a], 0
+je short loc_fffa950e ; je 0xfffa950e
+movzx eax, byte [esi + 0x245]
+and ebx, 0xffe03fff
+and eax, 0x7f
+shl eax, 0xe
+or ebx, eax
+
+loc_fffa950e: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+mov ecx, ebx
+shl eax, 8
+mov dword [ebp - 0x24], eax
+lea edx, [eax + 0x1c18]
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x2c], 0
+je short loc_fffa959b ; je 0xfffa959b
+mov eax, dword [ebp - 0x1c]
+xor edi, edi
+mov ecx, dword [ebp - 0x20]
+mov dword [ebp - 0x20], 0
+movzx ebx, byte [eax + 0x240c]
+shl ecx, 2
+sar ebx, cl
+and ebx, 0xf
+
+loc_fffa954b: ; not directly referenced
+xor edx, edx
+
+loc_fffa954d: ; not directly referenced
+mov cl, dl
+mov eax, ebx
+shr eax, cl
+mov ecx, eax
+and ecx, 1
+cmp ecx, edi
+jne short loc_fffa956c ; jne 0xfffa956c
+movzx eax, byte [esi + edi + 0x249]
+imul ecx, edx, 7
+shl eax, cl
+add dword [ebp - 0x20], eax
+
+loc_fffa956c: ; not directly referenced
+inc edx
+cmp edx, 4
+jne short loc_fffa954d ; jne 0xfffa954d
+inc edi
+cmp edi, 4
+jne short loc_fffa954b ; jne 0xfffa954b
+mov eax, dword [ebp - 0x20]
+mov ecx, eax
+mov edx, eax
+shr ecx, 0xe
+and eax, 0xffe03fff
+shr edx, 0x15
+and ecx, 0x7f
+and edx, 0x7f
+mov ebx, eax
+add edx, ecx
+shr edx, 1
+shl edx, 0xe
+or ebx, edx
+
+loc_fffa959b: ; not directly referenced
+mov edx, dword [ebp - 0x24]
+and ebx, 0xf01fffff
+mov ecx, ebx
+add edx, 0x1218
+
+loc_fffa95ac: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffae58c ; jmp 0xfffae58c
+
+loc_fffa95bb: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa95c3: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov ebx, dword [ebp + 8]
+mov eax, dword [ebx + 0x5edc]
+mov edi, dword [ebx + 0x2443]
+mov esi, dword [ebx + 0x36e3]
+mov dword [ebp - 0x2c], eax
+mov eax, dword [ebx + 0x188b]
+mov dword [ebp - 0x20], esi
+cmp eax, 1
+mov dword [ebp - 0x1c], eax
+mov eax, dword [ebx + 0x18c1]
+sbb esi, esi
+push 0xe4
+and esi, 0xfffffdeb
+push 0
+add esi, 0xc80
+push 0
+push 0
+mov dword [ebp - 0x24], eax
+call dword [edi + 0x4c] ; ucall
+mov edx, dword [ebp - 0x24]
+lea ecx, [eax + edx]
+mov dword [esp], ecx
+mov dword [ebp - 0x28], ecx
+call dword [edi + 0x20] ; ucall
+mov ecx, dword [ebp - 0x28]
+add ecx, 4
+mov dword [esp], ecx
+mov dword [ebp - 0x24], eax
+call dword [edi + 0x20] ; ucall
+add esp, 0x10
+test byte [ebp - 0x24], 8
+setne cl
+movzx edi, cl
+mov dword [ebp - 0x24], edi
+mov edi, dword [ebx + 0x1872]
+mov edx, eax
+shr eax, 4
+mov byte [ebp - 0x2d], cl
+mov cl, al
+mov eax, dword [ebx + 0x1877]
+shr edx, 0x15
+and ecx, 7
+dec edi
+cmp edi, 0x7ffffffd
+cmovbe esi, dword [ebx + 0x1872]
+mov dword [ebx + 0x36e3], eax
+mov dword [ebx + 0x36d3], esi
+and edx, 7
+je short loc_fffa968c ; je 0xfffa968c
+cmp eax, 2
+jne short loc_fffa9696 ; jne 0xfffa9696
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffa9696 ; jne 0xfffa9696
+
+loc_fffa968c: ; not directly referenced
+mov dword [ebx + 0x36e3], 0
+
+loc_fffa9696: ; not directly referenced
+cmp dword [ebp - 0x24], 0
+mov edi, dword [ebx + 0x36e3]
+je short loc_fffa96bb ; je 0xfffa96bb
+test edx, edx
+je short loc_fffa96f3 ; je 0xfffa96f3
+mov byte [ebx + 0x247e], 1
+mov edx, 7
+mov dword [ebp - 0x28], 0
+jmp short loc_fffa96c7 ; jmp 0xfffa96c7
+
+loc_fffa96bb: ; not directly referenced
+movzx eax, cl
+xor esi, esi
+mov dword [ebp - 0x28], eax
+test edx, edx
+je short loc_fffa96e3 ; je 0xfffa96e3
+
+loc_fffa96c7: ; not directly referenced
+sub esp, 0xc
+add edx, 6
+push 0x5f5e100
+mov ecx, 1
+mov eax, ebx
+call fcn_fffaefe1 ; call 0xfffaefe1
+add esp, 0x10
+mov esi, eax
+
+loc_fffa96e3: ; not directly referenced
+mov eax, dword [ebp - 0x28]
+test eax, eax
+je short loc_fffa96f5 ; je 0xfffa96f5
+mov edx, 0xb
+sub edx, eax
+jmp short loc_fffa96fa ; jmp 0xfffa96fa
+
+loc_fffa96f3: ; not directly referenced
+xor esi, esi
+
+loc_fffa96f5: ; not directly referenced
+mov edx, 0xa
+
+loc_fffa96fa: ; not directly referenced
+sub esp, 0xc
+xor ecx, ecx
+push 0x5f5e100
+mov eax, ebx
+call fcn_fffaefe1 ; call 0xfffaefe1
+mov ecx, dword [ebp - 0x2c]
+add esp, 0x10
+mov dl, byte [ebp - 0x2d]
+mov dword [ecx + 0x1c6], esi
+mov byte [ecx + 0x1ca], dl
+cmp dword [ebx + 0x18a7], 0
+je short loc_fffa9745 ; je 0xfffa9745
+cmp dword [ebp - 0x24], 0
+je short loc_fffa9737 ; je 0xfffa9737
+cmp edi, 1
+cmove eax, esi
+jmp short loc_fffa9747 ; jmp 0xfffa9747
+
+loc_fffa9737: ; not directly referenced
+xor edi, edi
+cmp esi, eax
+jbe short loc_fffa9747 ; jbe 0xfffa9747
+mov eax, esi
+mov di, 1
+jmp short loc_fffa9747 ; jmp 0xfffa9747
+
+loc_fffa9745: ; not directly referenced
+xor edi, edi
+
+loc_fffa9747: ; not directly referenced
+cmp eax, dword [ebx + 0x36d3]
+jae short loc_fffa976a ; jae 0xfffa976a
+cmp dword [ebx + 0x1877], 2
+mov dword [ebx + 0x36d3], eax
+je short loc_fffa9764 ; je 0xfffa9764
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffa976a ; jne 0xfffa976a
+
+loc_fffa9764: ; not directly referenced
+mov dword [ebx + 0x36e3], edi
+
+loc_fffa976a: ; not directly referenced
+cmp dword [ebp - 0x20], 1
+jne short loc_fffa978e ; jne 0xfffa978e
+cmp dword [ebx + 0x1877], 2
+jne short loc_fffa978e ; jne 0xfffa978e
+cmp dword [ebx + 0x1887], 0x306d0
+jne short loc_fffa978e ; jne 0xfffa978e
+cmp dword [ebx + 0x1883], 4
+ja short loc_fffa9797 ; ja 0xfffa9797
+
+loc_fffa978e: ; not directly referenced
+cmp dword [ebx + 0x36e3], 2
+jne short loc_fffa97a0 ; jne 0xfffa97a0
+
+loc_fffa9797: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+mov dword [ebx + 0x36e3], eax
+
+loc_fffa97a0: ; not directly referenced
+mov ecx, dword [ebx + 0x36d3]
+mov edx, ref_fffd34b0 ; mov edx, 0xfffd34b0
+xor eax, eax
+
+loc_fffa97ad: ; not directly referenced
+add edx, 9
+cmp ecx, dword [edx - 5]
+jne short loc_fffa97c0 ; jne 0xfffa97c0
+lea eax, [eax + eax*8]
+mov eax, dword [eax + ref_fffd34b0] ; mov eax, dword [eax - 0x2cb50]
+jmp short loc_fffa97cb ; jmp 0xfffa97cb
+
+loc_fffa97c0: ; not directly referenced
+inc eax
+cmp eax, 0x15
+jne short loc_fffa97ad ; jne 0xfffa97ad
+mov eax, 0x2625a0
+
+loc_fffa97cb: ; not directly referenced
+mov dword [ebx + 0x36db], eax
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa97db: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x9c
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x88], 0
+mov dword [ebp - 0x94], 0
+mov dword [ebp - 0x90], 0
+mov byte [eax + 0x36ca], 8
+add eax, 0x1973
+mov dword [ebp - 0x9c], eax
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x7c], 0x17
+mov dword [ebp - 0x80], eax
+
+loc_fffa9827: ; not directly referenced
+mov eax, dword [ebp - 0x80]
+xor ebx, ebx
+add eax, 0x3756
+mov dword [ebp - 0x8c], eax
+mov eax, dword [ebp - 0x9c]
+mov dword [ebp - 0x84], eax
+mov dword [ebp - 0x98], eax
+mov eax, dword [ebp - 0x88]
+add eax, 0x48c9
+mov dword [ebp - 0xa0], eax
+
+loc_fffa985a: ; not directly referenced
+mov eax, dword [ebp - 0x98]
+cmp dword [eax], 1
+ja loc_fffa99f8 ; ja 0xfffa99f8
+mov eax, dword [ebp - 0x84]
+mov esi, ref_fffd33d4 ; mov esi, 0xfffd33d4
+mov ecx, 0xd
+lea edi, [ebp - 0x78]
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [eax + 0x48]
+mov eax, dword [ebp - 0xa0]
+lea esi, [eax + ebx]
+mov eax, dword [ebp - 0x80]
+add esi, dword [ebp + 8]
+mov dword [eax + ebx + 0x48c9], 3
+xor eax, eax
+
+loc_fffa989d: ; not directly referenced
+inc eax
+cmp byte [edi + eax - 1], 0
+je short loc_fffa98ae ; je 0xfffa98ae
+xor edx, edx
+mov eax, 1
+jmp short loc_fffa98ba ; jmp 0xfffa98ba
+
+loc_fffa98ae: ; not directly referenced
+cmp eax, 0x200
+jne short loc_fffa989d ; jne 0xfffa989d
+jmp near loc_fffa99f8 ; jmp 0xfffa99f8
+
+loc_fffa98ba: ; not directly referenced
+cmp dl, 0xc
+setbe cl
+test cl, al
+je short loc_fffa98e6 ; je 0xfffa98e6
+push eax
+movzx eax, dl
+push esi
+push edi
+push dword [ebp + 8]
+mov dword [ebp - 0xa4], edx
+call dword [ebp + eax*4 - 0x78] ; ucall
+mov edx, dword [ebp - 0xa4]
+add esp, 0x10
+inc edx
+and eax, 1
+jmp short loc_fffa98ba ; jmp 0xfffa98ba
+
+loc_fffa98e6: ; not directly referenced
+test eax, eax
+mov eax, dword [ebp - 0x80]
+jne short loc_fffa98fd ; jne 0xfffa98fd
+mov dword [eax + ebx + 0x48c9], 1
+jmp near loc_fffa99f8 ; jmp 0xfffa99f8
+
+loc_fffa98fd: ; not directly referenced
+mov dword [eax + ebx + 0x48c9], 2
+mov eax, dword [ebp - 0x84]
+mov al, byte [eax + 0x4a]
+cmp al, 0xf1
+sete cl
+cmp al, 0xb
+sete dl
+or cl, dl
+je short loc_fffa9931 ; je 0xfffa9931
+mov eax, dword [ebp - 0x84]
+mov edx, 0xb
+add eax, 0xbd
+jmp short loc_fffa994b ; jmp 0xfffa994b
+
+loc_fffa9931: ; not directly referenced
+cmp al, 0xc
+jne short loc_fffa9947 ; jne 0xfffa9947
+mov eax, dword [ebp - 0x84]
+mov edx, 9
+add eax, 0x188
+jmp short loc_fffa994b ; jmp 0xfffa994b
+
+loc_fffa9947: ; not directly referenced
+xor edx, edx
+xor eax, eax
+
+loc_fffa994b: ; not directly referenced
+mov edi, dword [ebp - 0x88]
+lea ecx, [edi + ebx + 0x49b4]
+add ecx, dword [ebp + 8]
+call fcn_fffaf03f ; call 0xfffaf03f
+mov eax, dword [ebp - 0x84]
+cmp dword [eax], 1
+jne short loc_fffa9979 ; jne 0xfffa9979
+mov eax, dword [ebp - 0x80]
+mov dword [eax + ebx + 0x48c9], 1
+
+loc_fffa9979: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2480]
+test eax, eax
+jne short loc_fffa999e ; jne 0xfffa999e
+mov eax, dword [ebp - 0x8c]
+mov edi, dword [ebp + 8]
+mov eax, dword [eax + ebx + 0x1248]
+mov dword [edi + 0x2480], eax
+jmp short loc_fffa99b7 ; jmp 0xfffa99b7
+
+loc_fffa999e: ; not directly referenced
+mov esi, dword [ebp - 0x8c]
+cmp eax, dword [esi + ebx + 0x1248]
+mov eax, 0x1a
+cmove eax, dword [ebp - 0x7c]
+mov dword [ebp - 0x7c], eax
+
+loc_fffa99b7: ; not directly referenced
+cmp dword [ebp - 0x90], 0
+mov eax, dword [ebp - 0x8c]
+jne short loc_fffa99d5 ; jne 0xfffa99d5
+mov eax, dword [eax + ebx + 0x124c]
+mov dword [ebp - 0x90], eax
+jmp short loc_fffa99e8 ; jmp 0xfffa99e8
+
+loc_fffa99d5: ; not directly referenced
+mov edi, dword [ebp - 0x90]
+cmp edi, dword [eax + ebx + 0x124c]
+jne loc_fffa9b58 ; jne 0xfffa9b58
+
+loc_fffa99e8: ; not directly referenced
+cmp dword [ebp - 0x7c], 0x1a
+je loc_fffa9b81 ; je 0xfffa9b81
+inc dword [ebp - 0x94]
+
+loc_fffa99f8: ; not directly referenced
+add ebx, 0x128
+add dword [ebp - 0x98], 0x277
+add dword [ebp - 0x84], 0x277
+cmp ebx, 0x250
+jne loc_fffa985a ; jne 0xfffa985a
+add dword [ebp - 0x88], 0x13c3
+add dword [ebp - 0x9c], 0x54a
+add dword [ebp - 0x80], 0x13c3
+cmp dword [ebp - 0x88], 0x2786
+jne loc_fffa9827 ; jne 0xfffa9827
+cmp dword [ebp - 0x94], 0
+je loc_fffa9b81 ; je 0xfffa9b81
+lea edi, [ebp - 0x78]
+mov esi, ref_fffd3408 ; mov esi, 0xfffd3408
+mov ecx, 0x18
+xor ebx, ebx
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov eax, 1
+
+loc_fffa9a6c: ; not directly referenced
+cmp bl, 0x17
+setbe dl
+test dl, al
+je short loc_fffa9a8c ; je 0xfffa9a8c
+sub esp, 0xc
+movzx eax, bl
+push dword [ebp + 8]
+inc ebx
+call dword [ebp + eax*4 - 0x78] ; ucall
+add esp, 0x10
+and eax, 1
+jmp short loc_fffa9a6c ; jmp 0xfffa9a6c
+
+loc_fffa9a8c: ; not directly referenced
+test eax, eax
+je loc_fffa9b81 ; je 0xfffa9b81
+mov eax, dword [ebp + 8]
+mov esi, dword [ebp + 8]
+mov byte [eax + 0x3748], 1
+add eax, 0x48c9
+add esi, 0x704f
+
+loc_fffa9aac: ; not directly referenced
+mov edx, eax
+xor ecx, ecx
+
+loc_fffa9ab0: ; not directly referenced
+mov edi, dword [edx]
+lea ebx, [edi - 1]
+cmp ebx, 1
+ja short loc_fffa9ac0 ; ja 0xfffa9ac0
+inc dword [eax - 0x10b3]
+
+loc_fffa9ac0: ; not directly referenced
+cmp dword [edx], 2
+jne short loc_fffa9b16 ; jne 0xfffa9b16
+mov bl, byte [edx + 0xed]
+cmp bl, 1
+je short loc_fffa9adb ; je 0xfffa9adb
+cmp bl, 2
+sete bl
+lea ebx, [ebx + ebx*2]
+jmp short loc_fffa9add ; jmp 0xfffa9add
+
+loc_fffa9adb: ; not directly referenced
+mov bl, 1
+
+loc_fffa9add: ; not directly referenced
+mov edi, dword [ebp + 8]
+movzx ebx, bl
+shl ebx, cl
+or byte [eax - 0x10af], bl
+mov bl, byte [edx + 0xcc]
+and byte [edi + 0x3748], bl
+mov bl, byte [edi + 0x36ca]
+movzx edi, byte [edx + 0xf4]
+cmp byte [edx + 0xf4], bl
+cmovbe ebx, edi
+mov edi, dword [ebp + 8]
+mov byte [edi + 0x36ca], bl
+
+loc_fffa9b16: ; not directly referenced
+add ecx, 2
+add edx, 0x128
+cmp ecx, 4
+jne short loc_fffa9ab0 ; jne 0xfffa9ab0
+cmp dword [eax - 0x10b3], 0
+je short loc_fffa9b49 ; je 0xfffa9b49
+cmp byte [eax - 0x10af], 0
+je short loc_fffa9b49 ; je 0xfffa9b49
+mov ecx, dword [ebp + 8]
+inc byte [ecx + 0x3755]
+mov dword [eax - 0x1173], 2
+
+loc_fffa9b49: ; not directly referenced
+add eax, 0x13c3
+cmp eax, esi
+jne loc_fffa9aac ; jne 0xfffa9aac
+jmp short loc_fffa9b61 ; jmp 0xfffa9b61
+
+loc_fffa9b58: ; not directly referenced
+mov dword [ebp - 0x7c], 0x1a
+jmp short loc_fffa9b81 ; jmp 0xfffa9b81
+
+loc_fffa9b61: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3755], 0
+je short loc_fffa9b81 ; je 0xfffa9b81
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x7c], 0
+mov dword [eax + 0x374e], 2
+
+loc_fffa9b81: ; not directly referenced
+mov eax, dword [ebp - 0x7c]
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffa9b8c: ; not directly referenced
+push ebp
+mov ecx, 3
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd3468 ; mov esi, 0xfffd3468
+push ebx
+mov ebx, eax
+sub esp, 0xc0
+lea edi, [ebp - 0x80]
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x74]
+mov esi, ref_fffd3474 ; mov esi, 0xfffd3474
+mov dword [ebp - 0x8c], eax
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x68]
+mov esi, ref_fffd3480 ; mov esi, 0xfffd3480
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x5c]
+mov esi, ref_fffd348c ; mov esi, 0xfffd348c
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x50]
+mov esi, ref_fffd3498 ; mov esi, 0xfffd3498
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x44]
+mov esi, ref_fffd34a4 ; mov esi, 0xfffd34a4
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov edi, dword [eax + 0x5edc]
+mov edx, edi
+mov dword [ebp - 0x9c], edi
+mov edi, dword [eax + 0x2443]
+mov al, byte [eax + 0x2488]
+mov esi, edi
+mov dword [ebp - 0xa0], edi
+movzx edi, byte [ebx + 0x248e]
+mov byte [ebp - 0x95], al
+mov eax, edx
+push 0
+add eax, 0x1bc
+push 8
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+mov edx, 0x3a1c
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3a1c
+mov ecx, eax
+mov esi, eax
+and ecx, 0xfffe003f
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x5f08
+mov eax, ebx
+mov dword [ebp - 0x8c], ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5f08
+mov ebx, eax
+mov eax, dword [ebp - 0x8c]
+or bh, 1
+mov ecx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x8c]
+mov edx, 0x78
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp - 0x8c]
+mov edx, 0x3a00
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, esi
+mov esi, dword [ebp - 0x8c]
+mov dword [ebp - 0x94], eax
+mov eax, dword [ebp - 0x8c]
+shr dword [ebp - 0x94], 0xf
+and dword [ebp - 0x94], 0x1f
+mov ax, word [eax + 0x1904]
+shr ax, 7
+movzx edx, ax
+mov eax, esi
+mov dword [ebp - 0xa8], edx
+mov edx, 0x3a1c
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, ebx
+mov edx, 0x5f08
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x78
+mov eax, esi
+call fcn_fffa834b ; call 0xfffa834b
+mov edx, 0x2008
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+add esp, 0x10
+test ah, 4
+mov eax, edi
+je short loc_fffa9d16 ; je 0xfffa9d16
+cmp al, 3
+je short loc_fffa9d2a ; je 0xfffa9d2a
+lea eax, [ebp - 0x74]
+mov edx, eax
+lea eax, [ebp - 0x68]
+jmp short loc_fffa9d22 ; jmp 0xfffa9d22
+
+loc_fffa9d16: ; not directly referenced
+cmp al, 3
+je short loc_fffa9d2f ; je 0xfffa9d2f
+lea eax, [ebp - 0x50]
+mov edx, eax
+lea eax, [ebp - 0x44]
+
+loc_fffa9d22: ; not directly referenced
+and edi, 1
+cmovne eax, edx
+jmp short loc_fffa9d32 ; jmp 0xfffa9d32
+
+loc_fffa9d2a: ; not directly referenced
+lea eax, [ebp - 0x80]
+jmp short loc_fffa9d32 ; jmp 0xfffa9d32
+
+loc_fffa9d2f: ; not directly referenced
+lea eax, [ebp - 0x5c]
+
+loc_fffa9d32: ; not directly referenced
+mov dword [ebp - 0x90], eax
+mov eax, dword [ebp - 0x9c]
+xor edi, edi
+add eax, 0x1c
+mov dword [ebp - 0xa4], eax
+mov esi, eax
+
+loc_fffa9d4b: ; not directly referenced
+imul eax, edi, 0x13c3
+mov edx, dword [ebp - 0x8c]
+xor ebx, ebx
+cmp dword [edx + eax + 0x3756], 2
+jne short loc_fffa9dc5 ; jne 0xfffa9dc5
+
+loc_fffa9d63: ; not directly referenced
+cmp byte [ebp - 0x95], bl
+jbe short loc_fffa9d9f ; jbe 0xfffa9d9f
+or byte [esi + ebx*4 + 0x28], 0x20
+mov ecx, ebx
+mov eax, dword [esi + ebx*4 + 0x28]
+mov edx, edi
+inc ebx
+mov dword [ebp - 0xac], eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebp - 0xac]
+mov edx, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffa9d63 ; jmp 0xfffa9d63
+
+loc_fffa9d9f: ; not directly referenced
+mov eax, dword [ebp - 0x8c]
+mov ecx, 0xff
+mov edx, edi
+mov ebx, dword [esi]
+call fcn_fffa7288 ; call 0xfffa7288
+or bh, 1
+mov ecx, ebx
+mov edx, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffa9dc5: ; not directly referenced
+inc edi
+add esi, 0xcc
+cmp edi, 2
+jne loc_fffa9d4b ; jne 0xfffa9d4b
+mov eax, dword [ebp - 0x90]
+lea ebx, [ebp - 0x38]
+inc eax
+mov dword [ebp - 0xbc], eax
+mov esi, eax
+
+loc_fffa9de7: ; not directly referenced
+mov edi, dword [ebp - 0x8c]
+add ebx, 4
+add esi, 3
+movzx edx, byte [esi - 4]
+movzx ecx, byte [esi - 3]
+mov eax, edi
+call fcn_fffa75da ; call 0xfffa75da
+mov edx, eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov dword [ebx - 4], eax
+lea eax, [ebp - 0x28]
+cmp ebx, eax
+jne short loc_fffa9de7 ; jne 0xfffa9de7
+imul eax, dword [ebp - 0x94], 0x1f0
+mov ecx, 0x3e8
+imul eax, dword [ebp - 0xa8]
+xor edx, edx
+mov byte [ebp - 0xa8], 1
+div ecx
+lea edi, [eax + 0x14a]
+add eax, 0x226
+mov dword [ebp - 0xb8], eax
+mov eax, dword [ebp - 0x9c]
+mov dword [ebp - 0xb4], edi
+add eax, 0x1bd
+mov dword [ebp - 0xac], eax
+
+loc_fffa9e5e: ; not directly referenced
+mov eax, dword [ebp - 0xa4]
+xor ebx, ebx
+mov dword [ebp - 0x94], eax
+mov eax, dword [ebp - 0xa8]
+and eax, 7
+mov dword [ebp - 0x9c], eax
+
+loc_fffa9e7b: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp - 0x8c]
+cmp dword [edi + eax + 0x3756], 2
+je short loc_fffa9eb0 ; je 0xfffa9eb0
+
+loc_fffa9e91: ; not directly referenced
+inc ebx
+add dword [ebp - 0x94], 0xcc
+cmp ebx, 2
+jne short loc_fffa9e7b ; jne 0xfffa9e7b
+mov dword [ebp - 0x94], 0
+jmp near loc_fffaa085 ; jmp 0xfffaa085
+
+loc_fffa9eb0: ; not directly referenced
+xor esi, esi
+
+loc_fffa9eb2: ; not directly referenced
+mov eax, esi
+cmp byte [ebp - 0x95], al
+jbe short loc_fffa9e91 ; jbe 0xfffa9e91
+mov eax, dword [ebp - 0x94]
+mov ecx, esi
+mov edx, ebx
+mov edi, dword [eax + esi*4 + 4]
+inc esi
+mov eax, dword [ebp - 0x9c]
+and edi, 0xffffe3ff
+shl eax, 0xa
+or edi, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, edi
+mov edx, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffa9eb2 ; jmp 0xfffa9eb2
+
+loc_fffa9ef8: ; not directly referenced
+imul eax, edi, 0x13c3
+mov edx, dword [ebp - 0x8c]
+cmp dword [edx + eax + 0x3756], 2
+je loc_fffaa0c3 ; je 0xfffaa0c3
+
+loc_fffa9f12: ; not directly referenced
+inc edi
+add dword [ebp - 0x9c], 0xcc
+cmp edi, 2
+jne short loc_fffa9ef8 ; jne 0xfffa9ef8
+mov byte [ebp - 0x9c], 0
+
+loc_fffa9f29: ; not directly referenced
+mov esi, dword [ebp - 0x9c]
+lea edi, [ebp - 0x28]
+mov ebx, dword [ebp - 0x90]
+and esi, 1
+shl esi, 0x1d
+or esi, 0x2000000
+
+loc_fffa9f44: ; not directly referenced
+movzx eax, byte [ebx + 2]
+and esi, 0xefffffff
+movzx ecx, byte [ebx + 1]
+movzx edx, byte [ebx]
+and eax, 1
+shl eax, 0x1c
+or esi, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffa75da ; call 0xfffa75da
+mov ecx, esi
+mov edx, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0xa0]
+call dword [eax + 0x54] ; ucall
+add eax, 0x3e8
+mov dword [ebp - 0xb0], eax
+
+loc_fffa9f8b: ; not directly referenced
+mov esi, dword [ebp - 0x8c]
+movzx edx, byte [ebx]
+movzx ecx, byte [ebx + 1]
+mov eax, esi
+call fcn_fffa75da ; call 0xfffa75da
+mov edx, eax
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov esi, eax
+test eax, 0x40000000
+jne loc_fffaa108 ; jne 0xfffaa108
+mov eax, dword [ebp - 0xa0]
+call dword [eax + 0x54] ; ucall
+cmp dword [ebp - 0xb0], eax
+ja short loc_fffa9f8b ; ja 0xfffa9f8b
+
+loc_fffa9fc6: ; not directly referenced
+movzx ecx, byte [ebx + 1]
+add edi, 4
+add ebx, 3
+movzx edx, byte [ebx - 3]
+mov eax, dword [ebp - 0x8c]
+call fcn_fffa75da ; call 0xfffa75da
+xor ecx, ecx
+mov edx, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffae58c ; call 0xfffae58c
+lea eax, [ebp - 0x18]
+cmp edi, eax
+jne loc_fffa9f44 ; jne 0xfffa9f44
+inc byte [ebp - 0x9c]
+cmp byte [ebp - 0x9c], 2
+jne loc_fffa9f29 ; jne 0xfffa9f29
+mov ecx, dword [ebp - 0x28]
+mov ebx, dword [ebp - 0x1c]
+mov edx, dword [ebp - 0x20]
+mov eax, dword [ebp - 0x24]
+mov esi, ecx
+cmp ebx, ecx
+cmovbe esi, ebx
+cmp esi, edx
+cmova esi, edx
+cmp ebx, ecx
+cmovae ecx, ebx
+cmp ecx, edx
+cmovae edx, ecx
+cmp edx, eax
+cmovb edx, eax
+cmp esi, eax
+cmovbe eax, esi
+cmp dword [ebp - 0xb4], eax
+jbe short loc_fffaa055 ; jbe 0xfffaa055
+mov cl, byte [ebp - 0x94]
+mov eax, 1
+mov edi, dword [ebp - 0xac]
+shl eax, cl
+or byte [edi], al
+
+loc_fffaa055: ; not directly referenced
+cmp dword [ebp - 0xb8], edx
+jae short loc_fffaa072 ; jae 0xfffaa072
+mov cl, byte [ebp - 0x94]
+mov eax, 1
+mov edi, dword [ebp - 0xac]
+shl eax, cl
+or byte [edi], al
+
+loc_fffaa072: ; not directly referenced
+inc dword [ebp - 0x94]
+cmp dword [ebp - 0x94], 8
+je loc_fffaa126 ; je 0xfffaa126
+
+loc_fffaa085: ; not directly referenced
+push eax
+xor edi, edi
+push 0
+push 4
+lea eax, [ebp - 0x28]
+push eax
+mov eax, dword [ebp - 0xa0]
+call dword [eax + 0x64] ; ucall
+mov eax, dword [ebp - 0xa4]
+add esp, 0x10
+mov dword [ebp - 0x9c], eax
+mov eax, dword [ebp - 0x94]
+and eax, 7
+mov dword [ebp - 0xb0], eax
+shl dword [ebp - 0xb0], 0x1a
+jmp near loc_fffa9ef8 ; jmp 0xfffa9ef8
+
+loc_fffaa0c3: ; not directly referenced
+xor ebx, ebx
+
+loc_fffaa0c5: ; not directly referenced
+cmp byte [ebp - 0x95], bl
+jbe loc_fffa9f12 ; jbe 0xfffa9f12
+mov eax, dword [ebp - 0x9c]
+mov ecx, ebx
+mov edx, edi
+mov esi, dword [eax + ebx*4 + 0x28]
+inc ebx
+mov eax, dword [ebp - 0x8c]
+and esi, 0xe3ffffff
+call fcn_fffa720e ; call 0xfffa720e
+or esi, dword [ebp - 0xb0]
+mov ecx, esi
+mov edx, eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffaa0c5 ; jmp 0xfffaa0c5
+
+loc_fffaa108: ; not directly referenced
+shr eax, 0xf
+and eax, 0x3ff
+add eax, dword [edi]
+cmp byte [ebp - 0x9c], 1
+jne loc_fffaa215 ; jne 0xfffaa215
+shr eax, 1
+jmp near loc_fffaa215 ; jmp 0xfffaa215
+
+loc_fffaa126: ; not directly referenced
+inc byte [ebp - 0xa8]
+inc dword [ebp - 0xac]
+and byte [ebp - 0xa8], 7
+jne loc_fffa9e5e ; jne 0xfffa9e5e
+mov esi, dword [ebp - 0xa4]
+xor edi, edi
+
+loc_fffaa147: ; not directly referenced
+imul eax, edi, 0x13c3
+mov ecx, dword [ebp - 0x8c]
+xor ebx, ebx
+cmp dword [ecx + eax + 0x3756], 2
+jne short loc_fffaa1cc ; jne 0xfffaa1cc
+
+loc_fffaa15f: ; not directly referenced
+cmp byte [ebp - 0x95], bl
+jbe short loc_fffaa1ad ; jbe 0xfffaa1ad
+mov eax, dword [ebp - 0x8c]
+mov ecx, ebx
+mov edx, edi
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, dword [esi + ebx*4 + 4]
+mov edx, eax
+mov dword [ebp - 0x90], eax
+mov eax, dword [ebp - 0x8c]
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, dword [ebp - 0x90]
+and byte [esi + ebx*4 + 0x28], 0xdf
+mov ecx, dword [esi + ebx*4 + 0x28]
+inc ebx
+mov eax, dword [ebp - 0x8c]
+add edx, 4
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffaa15f ; jmp 0xfffaa15f
+
+loc_fffaa1ad: ; not directly referenced
+mov ebx, dword [ebp - 0x8c]
+mov ecx, 0xff
+mov edx, edi
+mov eax, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [esi]
+mov edx, eax
+mov eax, ebx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffaa1cc: ; not directly referenced
+inc edi
+add esi, 0xcc
+cmp edi, 2
+jne loc_fffaa147 ; jne 0xfffaa147
+mov esi, dword [ebp - 0xbc]
+lea ebx, [ebp - 0x38]
+
+loc_fffaa1e5: ; not directly referenced
+mov edi, dword [ebp - 0x8c]
+add ebx, 4
+add esi, 3
+movzx ecx, byte [esi - 3]
+movzx edx, byte [esi - 4]
+mov eax, edi
+call fcn_fffa75da ; call 0xfffa75da
+mov ecx, dword [ebx - 4]
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+lea eax, [ebp - 0x28]
+cmp ebx, eax
+jne short loc_fffaa1e5 ; jne 0xfffaa1e5
+jmp short loc_fffaa21c ; jmp 0xfffaa21c
+
+loc_fffaa215: ; not directly referenced
+mov dword [edi], eax
+jmp near loc_fffa9fc6 ; jmp 0xfffa9fc6
+
+loc_fffaa21c: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaa226: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0x1c
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x20], edx
+cmp eax, 1
+je short loc_fffaa252 ; je 0xfffaa252
+sbb ebx, ebx
+mov esi, 0
+mov byte [ebp - 0x1a], 1
+and ebx, 0x364c
+jmp short loc_fffaa260 ; jmp 0xfffaa260
+
+loc_fffaa252: ; not directly referenced
+mov byte [ebp - 0x1a], 4
+mov esi, 4
+mov ebx, 0x3650
+
+loc_fffaa260: ; not directly referenced
+mov byte [ebp - 0x19], 0
+
+loc_fffaa264: ; not directly referenced
+mov ecx, dword [ebp - 0x20]
+mov edx, ebx
+mov eax, edi
+add ebx, esi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov al, byte [ebp - 0x1a]
+inc byte [ebp - 0x19]
+cmp byte [ebp - 0x19], al
+jb short loc_fffaa264 ; jb 0xfffaa264
+add esp, 0x1c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaa285: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x2c
+mov eax, dword [ebp + 8]
+mov ebx, dword [esi + 0x2443]
+shl edi, 0xa
+mov dword [ebp - 0x20], ecx
+add edi, 0x4214
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x28], eax
+mov eax, dword [ebp + 0x10]
+mov dword [ebp - 0x2c], eax
+call dword [ebx + 0x54] ; ucall
+add eax, 0x2710
+mov dword [ebp - 0x1c], eax
+
+loc_fffaa2c1: ; not directly referenced
+mov edx, edi
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+shr eax, 0x18
+test al, al
+jns short loc_fffaa2e0 ; jns 0xfffaa2e0
+call dword [ebx + 0x54] ; ucall
+cmp dword [ebp - 0x1c], eax
+ja short loc_fffaa2c1 ; ja 0xfffaa2c1
+
+loc_fffaa2d9: ; not directly referenced
+mov eax, 0x12
+jmp short loc_fffaa340 ; jmp 0xfffaa340
+
+loc_fffaa2e0: ; not directly referenced
+mov ecx, dword [ebp - 0x28]
+mov edx, edi
+mov eax, dword [ebp - 0x24]
+shl ecx, 0xd
+and ax, 0x1fff
+or ecx, eax
+mov eax, dword [ebp - 0x20]
+movzx ecx, cx
+and eax, 3
+shl eax, 0x10
+or ecx, eax
+mov eax, dword [ebp - 0x2c]
+and eax, 0x1ff
+shl eax, 0x15
+or ecx, eax
+mov eax, esi
+or ecx, 0x80100000
+call fcn_fffae58c ; call 0xfffae58c
+call dword [ebx + 0x54] ; ucall
+add eax, 0x2710
+mov dword [ebp - 0x1c], eax
+
+loc_fffaa324: ; not directly referenced
+mov edx, edi
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+shr eax, 0x18
+test al, al
+jns short loc_fffaa33e ; jns 0xfffaa33e
+call dword [ebx + 0x54] ; ucall
+cmp dword [ebp - 0x1c], eax
+ja short loc_fffaa324 ; ja 0xfffaa324
+jmp short loc_fffaa2d9 ; jmp 0xfffaa2d9
+
+loc_fffaa33e: ; not directly referenced
+xor eax, eax
+
+loc_fffaa340: ; not directly referenced
+add esp, 0x2c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaa348: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+mov ebx, dword [ebp + 8]
+cmp ecx, edx
+ja short loc_fffaa360 ; ja 0xfffaa360
+inc edi
+inc dword [ebx + 0xc]
+imul eax, edi, 0xa
+jmp short loc_fffaa3c3 ; jmp 0xfffaa3c3
+
+loc_fffaa360: ; not directly referenced
+mov esi, ecx
+sub esi, edx
+cmp ecx, 6
+ja short loc_fffaa38e ; ja 0xfffaa38e
+imul edi, eax, 0xa
+mov eax, 7
+sub eax, ecx
+xor edx, edx
+imul eax, eax, 0xa
+mov ecx, 0xa
+inc dword [ebx + 8]
+div esi
+cmp eax, 0xa
+cmovbe ecx, eax
+lea eax, [edi + ecx + 0x14]
+jmp short loc_fffaa3c3 ; jmp 0xfffaa3c3
+
+loc_fffaa38e: ; not directly referenced
+cmp edx, 7
+ja short loc_fffaa3ab ; ja 0xfffaa3ab
+inc dword [ebx + 4]
+test esi, esi
+je short loc_fffaa3ad ; je 0xfffaa3ad
+mov eax, 7
+inc edi
+sub eax, edx
+xor edx, edx
+imul eax, eax, 0xa
+div esi
+jmp short loc_fffaa3be ; jmp 0xfffaa3be
+
+loc_fffaa3ab: ; not directly referenced
+inc dword [ebx]
+
+loc_fffaa3ad: ; not directly referenced
+cmp esi, edx
+cmovb esi, edx
+xor eax, eax
+test esi, esi
+je short loc_fffaa3c3 ; je 0xfffaa3c3
+mov al, 0x46
+xor edx, edx
+div esi
+
+loc_fffaa3be: ; not directly referenced
+imul edi, edi, 0xa
+add eax, edi
+
+loc_fffaa3c3: ; not directly referenced
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaa3c8: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, edx
+sub esp, 0x2c
+mov esi, dword [eax + 0x2443]
+mov byte [ebp - 0x1b], cl
+mov cl, byte [ebp + 8]
+shl ebx, 0xa
+lea edx, [ebx + 0x41bc]
+mov dword [ebp - 0x20], eax
+mov dword [ebp - 0x28], esi
+mov byte [ebp - 0x1c], cl
+xor ecx, ecx
+call fcn_fffae566 ; call 0xfffae566
+lea eax, [ebx + 0x41c0]
+mov byte [ebp - 0x19], 0
+mov dword [ebp - 0x34], eax
+
+loc_fffaa405: ; not directly referenced
+mov cl, byte [ebp - 0x19]
+xor esi, esi
+xor edi, edi
+mov dword [ebp - 0x2c], 0
+mov al, cl
+and eax, 1
+mov byte [ebp - 0x1a], al
+mov al, cl
+xor ecx, ecx
+shr al, 1
+and eax, 1
+mov dword [ebp - 0x30], eax
+
+loc_fffaa427: ; not directly referenced
+movzx eax, cl
+div byte [ebp - 0x1b]
+movzx edx, ah
+lea eax, [ecx + 0x15]
+cmp cl, 0x12
+ja short loc_fffaa441 ; ja 0xfffaa441
+lea eax, [ecx + 8]
+cmp cl, 0x10
+cmovb eax, ecx
+
+loc_fffaa441: ; not directly referenced
+cmp dl, byte [ebp - 0x1c]
+movzx eax, al
+mov edx, dword [ebp - 0x28]
+mov dword [ebp - 0x38], ecx
+mov edx, dword [edx + 0x68]
+mov dword [ebp - 0x24], edx
+jne short loc_fffaa461 ; jne 0xfffaa461
+push ecx
+xor edx, edx
+push eax
+movzx eax, byte [ebp - 0x1a]
+push edx
+push eax
+jmp short loc_fffaa469 ; jmp 0xfffaa469
+
+loc_fffaa461: ; not directly referenced
+push edx
+push eax
+push dword [ebp - 0x2c]
+push dword [ebp - 0x30]
+
+loc_fffaa469: ; not directly referenced
+mov eax, dword [ebp - 0x24]
+call eax
+mov ecx, dword [ebp - 0x38]
+add esp, 0x10
+inc ecx
+or eax, esi
+or edx, edi
+mov esi, eax
+mov edi, edx
+cmp cl, 0x16
+jne short loc_fffaa427 ; jne 0xfffaa427
+push eax
+push eax
+mov eax, dword [ebp - 0x20]
+push edx
+mov edx, dword [ebp - 0x34]
+push esi
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+inc byte [ebp - 0x19]
+cmp byte [ebp - 0x19], 8
+jne loc_fffaa405 ; jne 0xfffaa405
+mov edi, dword [ebp - 0x20]
+lea edx, [ebx + 0x41a0]
+mov ecx, 0x222
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+lea edx, [ebx + 0x41b0]
+mov eax, edi
+mov ecx, 0x6010102
+call fcn_fffae58c ; call 0xfffae58c
+lea edx, [ebx + 0x41a4]
+mov eax, edi
+mov ecx, 0xea1
+call fcn_fffae58c ; call 0xfffae58c
+lea edx, [ebx + 0x41a8]
+mov eax, edi
+mov ecx, 0xbeef
+call fcn_fffae58c ; call 0xfffae58c
+lea esp, [ebp - 0xc]
+mov eax, edi
+lea edx, [ebx + 0x41ac]
+mov ecx, 0xdead
+pop ebx
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffae58c ; jmp 0xfffae58c
+
+fcn_fffaa505: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x1c
+mov ebx, dword [eax + 0x2443]
+mov dword [ebp - 0x20], ecx
+shl edi, 0xa
+add edi, 0x4214
+call dword [ebx + 0x54] ; ucall
+add eax, 0x2710
+mov dword [ebp - 0x1c], eax
+
+loc_fffaa52f: ; not directly referenced
+mov edx, edi
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, eax
+shr eax, 0x18
+test al, al
+jns short loc_fffaa550 ; jns 0xfffaa550
+call dword [ebx + 0x54] ; ucall
+cmp dword [ebp - 0x1c], eax
+ja short loc_fffaa52f ; ja 0xfffaa52f
+
+loc_fffaa549: ; not directly referenced
+mov eax, 0x12
+jmp short loc_fffaa5ae ; jmp 0xfffaa5ae
+
+loc_fffaa550: ; not directly referenced
+mov cl, byte [ebp + 8]
+mov ch, byte [ebp + 0xc]
+mov edx, dword [ebp + 0x10]
+mov eax, dword [ebp - 0x20]
+or ecx, 0x40000
+and edx, 1
+and ecx, 0xfff4ffff
+shl edx, 0x13
+and eax, 3
+shl eax, 0x10
+or ecx, edx
+or ecx, eax
+mov edx, edi
+or ecx, 0x80000000
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+call dword [ebx + 0x54] ; ucall
+add eax, 0x2710
+mov dword [ebp - 0x1c], eax
+
+loc_fffaa592: ; not directly referenced
+mov edx, edi
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+shr eax, 0x18
+test al, al
+jns short loc_fffaa5ac ; jns 0xfffaa5ac
+call dword [ebx + 0x54] ; ucall
+cmp dword [ebp - 0x1c], eax
+ja short loc_fffaa592 ; ja 0xfffaa592
+jmp short loc_fffaa549 ; jmp 0xfffaa549
+
+loc_fffaa5ac: ; not directly referenced
+xor eax, eax
+
+loc_fffaa5ae: ; not directly referenced
+add esp, 0x1c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaa5b6: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, ecx
+sub esp, 0x4c
+mov edi, dword [ebp + 8]
+mov esi, dword [ebp + 0x18]
+mov ecx, dword [eax + 0x2443]
+mov dword [ebp - 0x1c], eax
+mov eax, dword [eax + 0x1887]
+mov dword [ebp - 0x44], edi
+mov edi, dword [ebp + 0xc]
+mov dword [ebp - 0x34], esi
+mov esi, dword [ebp + 0x1c]
+mov dword [ebp - 0x28], edx
+mov dword [ebp - 0x24], ecx
+mov dword [ebp - 0x30], edi
+mov edi, dword [ebp + 0x10]
+mov dword [ebp - 0x20], edi
+mov edi, dword [ebp + 0x14]
+mov dword [ebp - 0x40], edi
+mov edi, dword [ebp + 0x20]
+cmp eax, 0x306d0
+je short loc_fffaa618 ; je 0xfffaa618
+cmp eax, 0x40670
+je short loc_fffaa618 ; je 0xfffaa618
+mov dword [ebp - 0x2c], 0x7f8
+mov dword [ebp - 0x38], 0xff
+jmp short loc_fffaa626 ; jmp 0xfffaa626
+
+loc_fffaa618: ; not directly referenced
+mov dword [ebp - 0x2c], 0xff8
+mov dword [ebp - 0x38], 0x1ff
+
+loc_fffaa626: ; not directly referenced
+test ebx, ebx
+je short loc_fffaa69e ; je 0xfffaa69e
+mov dword [ebp - 0x4c], esi
+push esi
+push 0x20
+movzx edx, word [ebx]
+movzx eax, word [ebx + 2]
+shl edx, 0x18
+shl eax, 0x10
+add eax, edx
+cdq
+push edx
+push eax
+mov eax, dword [ebp - 0x24]
+call dword [eax + 0x68] ; ucall
+add esp, 0xc
+mov ecx, dword [ebp - 0x24]
+push 0x18
+mov esi, eax
+movzx eax, word [ebx + 4]
+mov dword [ebp - 0x48], edx
+xor edx, edx
+push edx
+push eax
+call dword [ecx + 0x68] ; ucall
+movzx ebx, word [ebx + 6]
+pop ecx
+pop ecx
+and edx, dword [ebp - 0x38]
+mov dword [ebp - 0x3c], ebx
+mov ebx, dword [ebp - 0x2c]
+and dword [ebp - 0x3c], ebx
+or dword [ebp - 0x3c], esi
+and eax, 0xff000000
+mov esi, dword [ebp - 0x3c]
+or esi, eax
+mov eax, dword [ebp - 0x48]
+or eax, edx
+push eax
+mov eax, dword [ebp - 0x28]
+push esi
+lea edx, [eax*8 + 0x48d8]
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae7cf ; call 0xfffae7cf
+mov esi, dword [ebp - 0x4c]
+add esp, 0x10
+
+loc_fffaa69e: ; not directly referenced
+mov eax, dword [ebp - 0x44]
+test eax, eax
+je short loc_fffaa715 ; je 0xfffaa715
+push edx
+mov ebx, dword [ebp - 0x24]
+push 0x20
+movzx edx, word [eax]
+mov dword [ebp - 0x44], esi
+mov esi, eax
+movzx eax, word [eax + 2]
+shl edx, 0x18
+shl eax, 0x10
+add eax, edx
+cdq
+push edx
+push eax
+call dword [ebx + 0x68] ; ucall
+add esp, 0xc
+mov ecx, dword [ebp - 0x24]
+push 0x18
+mov ebx, eax
+movzx eax, word [esi + 4]
+mov dword [ebp - 0x3c], edx
+xor edx, edx
+push edx
+push eax
+call dword [ecx + 0x68] ; ucall
+pop ecx
+pop ecx
+movzx ecx, word [esi + 6]
+and edx, dword [ebp - 0x38]
+and eax, 0xff000000
+mov esi, ecx
+mov ecx, dword [ebp - 0x2c]
+and esi, ecx
+or esi, ebx
+or esi, eax
+mov eax, dword [ebp - 0x3c]
+or eax, edx
+push eax
+mov eax, dword [ebp - 0x28]
+push esi
+lea edx, [eax*8 + 0x48e8]
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae7cf ; call 0xfffae7cf
+mov esi, dword [ebp - 0x44]
+add esp, 0x10
+
+loc_fffaa715: ; not directly referenced
+cmp dword [ebp - 0x30], 0
+setne bl
+cmp dword [ebp - 0x34], 0
+setne al
+mov byte [ebp - 0x2c], al
+or al, bl
+jne short loc_fffaa73c ; jne 0xfffaa73c
+test esi, esi
+setne dl
+test edi, edi
+setne al
+or dl, al
+je loc_fffaa876 ; je 0xfffaa876
+
+loc_fffaa73c: ; not directly referenced
+mov ecx, dword [ebp - 0x28]
+xor eax, eax
+cmp dword [ebp - 0x30], 0
+lea ecx, [ecx*4 + 0x4908]
+mov dword [ebp - 0x24], ecx
+sete cl
+cmp dword [ebp - 0x34], 0
+sete dl
+or cl, dl
+jne short loc_fffaa7a1 ; jne 0xfffaa7a1
+test esi, esi
+sete cl
+test edi, edi
+sete dl
+or cl, dl
+jne short loc_fffaa7a1 ; jne 0xfffaa7a1
+
+loc_fffaa76b: ; not directly referenced
+mov ebx, dword [ebp - 0x30]
+and eax, 0xfffffff0
+movzx edx, byte [ebx + 3]
+movzx ecx, byte [ebx + 2]
+and edx, 3
+and ecx, 3
+or eax, edx
+movzx edx, byte [ebx + 1]
+shl ecx, 2
+or eax, ecx
+movzx ecx, byte [ebx]
+and al, 0xf
+and edx, 3
+shl edx, 4
+and ecx, 3
+or eax, edx
+shl ecx, 6
+or eax, ecx
+jmp short loc_fffaa7b0 ; jmp 0xfffaa7b0
+
+loc_fffaa7a1: ; not directly referenced
+mov edx, dword [ebp - 0x24]
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae52a ; call 0xfffae52a
+test bl, bl
+jne short loc_fffaa76b ; jne 0xfffaa76b
+
+loc_fffaa7b0: ; not directly referenced
+cmp byte [ebp - 0x2c], 0
+je short loc_fffaa7f2 ; je 0xfffaa7f2
+mov ebx, dword [ebp - 0x34]
+and eax, 0xfcffffff
+movzx ecx, byte [ebx + 3]
+movzx edx, byte [ebx + 2]
+and ecx, 1
+shl ecx, 0x18
+and edx, 1
+shl edx, 0x19
+or eax, ecx
+movzx ecx, byte [ebx]
+or eax, edx
+movzx edx, byte [ebx + 1]
+and eax, 0xf3ffffff
+and ecx, 1
+and edx, 1
+shl edx, 0x1a
+shl ecx, 0x1b
+or eax, edx
+or eax, ecx
+
+loc_fffaa7f2: ; not directly referenced
+test esi, esi
+je short loc_fffaa82c ; je 0xfffaa82c
+movzx ecx, byte [esi + 3]
+and eax, 0xcfffffff
+movzx edx, byte [esi + 2]
+and ecx, 1
+shl ecx, 0x1c
+and edx, 1
+shl edx, 0x1d
+or eax, ecx
+movzx ecx, byte [esi]
+or eax, edx
+movzx edx, byte [esi + 1]
+and eax, 0x3fffffff
+shl ecx, 0x1f
+and edx, 1
+shl edx, 0x1e
+or eax, edx
+or eax, ecx
+
+loc_fffaa82c: ; not directly referenced
+test edi, edi
+je short loc_fffaa869 ; je 0xfffaa869
+movzx ecx, byte [edi + 3]
+and eax, 0xffcf1fff
+movzx edx, byte [edi + 2]
+and ecx, 1
+shl ecx, 0x14
+and edx, 1
+shl edx, 0x15
+or eax, ecx
+movzx ecx, byte [edi]
+or eax, edx
+movzx edx, byte [edi + 1]
+and eax, 0xff3f1fff
+and ecx, 1
+and edx, 1
+shl edx, 0x16
+shl ecx, 0x17
+or eax, edx
+or eax, ecx
+
+loc_fffaa869: ; not directly referenced
+mov ecx, eax
+mov edx, dword [ebp - 0x24]
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaa876: ; not directly referenced
+mov edx, dword [ebp - 0x40]
+cmp dword [ebp - 0x20], 0
+setne cl
+test edx, edx
+setne al
+mov byte [ebp - 0x24], al
+or al, cl
+je loc_fffaa9e5 ; je 0xfffaa9e5
+mov eax, dword [ebp - 0x28]
+xor esi, esi
+xor ebx, ebx
+cmp dword [ebp - 0x20], 0
+lea edi, [eax*8 + 0x4910]
+sete al
+test edx, edx
+sete dl
+or al, dl
+jne short loc_fffaa8c3 ; jne 0xfffaa8c3
+
+loc_fffaa8ae: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+mov eax, dword [eax]
+cmp eax, 0x1f
+jbe short loc_fffaa8e1 ; jbe 0xfffaa8e1
+dec eax
+call fcn_fffaec34 ; call 0xfffaec34
+movzx eax, al
+jmp short loc_fffaa8e4 ; jmp 0xfffaa8e4
+
+loc_fffaa8c3: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+mov edx, edi
+mov dword [ebp - 0x28], ecx
+call fcn_fffae548 ; call 0xfffae548
+mov ecx, dword [ebp - 0x28]
+mov esi, eax
+mov ebx, edx
+test cl, cl
+je loc_fffaa990 ; je 0xfffaa990
+jmp short loc_fffaa8ae ; jmp 0xfffaa8ae
+
+loc_fffaa8e1: ; not directly referenced
+sub eax, 0xffffff80
+
+loc_fffaa8e4: ; not directly referenced
+mov edx, eax
+and ebx, 0x60ffffff
+and edx, 0x1f
+shl edx, 0x18
+shr eax, 7
+or ebx, edx
+shl eax, 0x1f
+or ebx, eax
+mov eax, dword [ebp - 0x20]
+mov edx, dword [eax + 4]
+lea eax, [edx + 0x80]
+cmp edx, 0x1f
+jbe short loc_fffaa918 ; jbe 0xfffaa918
+lea eax, [edx - 1]
+call fcn_fffaec34 ; call 0xfffaec34
+movzx eax, al
+
+loc_fffaa918: ; not directly referenced
+mov edx, eax
+and ebx, 0xfff60fff
+and edx, 0x1f
+shl edx, 0xc
+shl eax, 0xc
+or ebx, edx
+and eax, 0x80000
+or ebx, eax
+mov eax, dword [ebp - 0x20]
+mov edx, dword [eax + 8]
+lea eax, [edx + 0x20]
+cmp edx, 0xf
+jbe short loc_fffaa94b ; jbe 0xfffaa94b
+lea eax, [edx - 1]
+call fcn_fffaec34 ; call 0xfffaec34
+movzx eax, al
+
+loc_fffaa94b: ; not directly referenced
+mov edx, eax
+and ebx, 0xffffffd0
+and edx, 0xf
+and eax, 0x20
+or ebx, edx
+or ebx, eax
+mov eax, dword [ebp - 0x20]
+mov edx, dword [eax + 0xc]
+lea eax, [edx + 0x80]
+cmp edx, 0x1f
+jbe short loc_fffaa976 ; jbe 0xfffaa976
+lea eax, [edx - 1]
+call fcn_fffaec34 ; call 0xfffaec34
+movzx eax, al
+
+loc_fffaa976: ; not directly referenced
+mov edx, eax
+and esi, 0xfff60fff
+and edx, 0x1f
+shl edx, 0xc
+shl eax, 0xc
+or esi, edx
+and eax, 0x80000
+or esi, eax
+
+loc_fffaa990: ; not directly referenced
+cmp byte [ebp - 0x24], 0
+je short loc_fffaa9ce ; je 0xfffaa9ce
+mov ecx, dword [ebp - 0x40]
+and ebx, 0xff8ffc3f
+and esi, 0xff807
+movzx edx, byte [ecx]
+movzx eax, byte [ecx + 2]
+and edx, 7
+shl edx, 0x14
+and eax, 0xf
+shl eax, 6
+or ebx, edx
+movzx edx, byte [ecx + 6]
+or ebx, eax
+movzx eax, word [ecx + 4]
+shl edx, 3
+shl eax, 0x14
+or esi, eax
+or esi, edx
+
+loc_fffaa9ce: ; not directly referenced
+mov dword [ebp + 8], esi
+mov eax, dword [ebp - 0x1c]
+mov edx, edi
+mov dword [ebp + 0xc], ebx
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffae7cf ; jmp 0xfffae7cf
+
+loc_fffaa9e5: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaa9ed: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, ecx
+push esi
+push ebx
+mov ebx, edx
+sub esp, 0x3c
+mov cl, byte [ebp + 8]
+mov dword [ebp - 0x2c], eax
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x20], 0
+mov byte [ebp - 0x2d], cl
+mov dword [ebp - 0x3c], eax
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x1c], 0
+cmp dword [eax], 1
+jne loc_fffaab38 ; jne 0xfffaab38
+mov dword [edx + 0x1c], 3
+xor esi, esi
+mov word [edx + 0x2a], 0x20
+mov word [edx + 0x28], 0x400
+mov word [edx + 0xe], 0x18
+mov word [edx + 2], 1
+mov word [edx + 0xa], 1
+
+loc_fffaaa54: ; not directly referenced
+imul eax, esi, 0x13c3
+mov ecx, dword [ebp - 0x2c]
+cmp dword [ecx + eax + 0x3756], 2
+jne loc_fffaab25 ; jne 0xfffaab25
+lea eax, [ebp - 0x1c]
+mov ecx, ebx
+push edx
+mov edx, esi
+push eax
+lea eax, [ebp - 0x24]
+push eax
+lea eax, [ebp - 0x20]
+push eax
+lea eax, [ebx + 0x24]
+push eax
+lea eax, [ebx + 0x14]
+push eax
+lea eax, [ebx + 0x10]
+push eax
+mov eax, dword [ebp - 0x2c]
+push 0
+call fcn_fffaa5b6 ; call 0xfffaa5b6
+xor edx, edx
+mov eax, 0x1800
+mov dword [ebp - 0x38], eax
+mov eax, edx
+add esp, 0x20
+and eax, 0xfffffc00
+mov ecx, 1
+or eax, 2
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp - 0x38]
+lea edx, [esi*4 + 0x4980]
+and eax, 0x8fffffff
+or eax, 0x10000000
+cmp dword [ebp - 0x3c], 1
+mov dword [ebp - 0x38], eax
+lea eax, [edx + 0x20]
+cmove edx, eax
+mov eax, dword [ebp - 0x2c]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x2c]
+lea edx, [esi*8 + 0x48a8]
+push ecx
+push ecx
+push dword [ebp - 0x34]
+push dword [ebp - 0x38]
+call fcn_fffae7cf ; call 0xfffae7cf
+mov eax, esi
+mov ecx, 0x20
+shl eax, 0xa
+lea edx, [eax + 0x4200]
+mov dword [ebp - 0x38], eax
+mov eax, dword [ebp - 0x2c]
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0x38]
+mov eax, dword [ebp - 0x2c]
+lea edx, [ecx + 0x4040]
+mov ecx, 0x8092
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+
+loc_fffaab25: ; not directly referenced
+inc esi
+cmp esi, 2
+jne loc_fffaaa54 ; jne 0xfffaaa54
+mov eax, dword [ebp + 0xc]
+mov dword [eax], 0
+
+loc_fffaab38: ; not directly referenced
+mov esi, dword [ebp - 0x2c]
+movzx eax, byte [esi + 0x248d]
+bt eax, edi
+jae loc_fffaac3b ; jae 0xfffaac3b
+mov eax, edi
+shr eax, 1
+imul eax, eax, 0x128
+mov dword [ebp - 0x38], 0
+lea edi, [esi + eax + 0x49ae]
+lea eax, [ebx + 0x14]
+mov dword [ebp - 0x40], eax
+movzx eax, byte [ebp - 0x2d]
+mov dword [ebp - 0x44], eax
+
+loc_fffaab70: ; not directly referenced
+imul eax, dword [ebp - 0x38], 0x13c3
+mov esi, dword [ebp - 0x2c]
+cmp dword [esi + eax + 0x3756], 2
+jne loc_fffaac28 ; jne 0xfffaac28
+mov ax, word [ebx + 0x2a]
+xor edx, edx
+lea ecx, [eax*8]
+mov ax, word [edi + 4]
+div cx
+mov edx, dword [ebp - 0x38]
+movzx esi, ax
+mov eax, dword [edi]
+dec eax
+mov word [ebx + 0xc], ax
+mov ax, word [edi + 4]
+sub eax, ecx
+xor ecx, ecx
+mov word [ebx + 0xe], ax
+lea eax, [esi - 1]
+mov dword [ebx + 0x1c], eax
+push eax
+push 0
+push 0
+push 0
+push 0
+push dword [ebp - 0x40]
+lea eax, [ebx + 8]
+push 0
+push eax
+mov eax, dword [ebp - 0x2c]
+call fcn_fffaa5b6 ; call 0xfffaa5b6
+add esp, 0x20
+cmp byte [ebp - 0x2d], 0
+je short loc_fffaabe3 ; je 0xfffaabe3
+mov eax, dword [ebp - 0x44]
+jmp short loc_fffaabeb ; jmp 0xfffaabeb
+
+loc_fffaabe3: ; not directly referenced
+mov eax, dword [edi]
+shr eax, 0xa
+imul eax, esi
+
+loc_fffaabeb: ; not directly referenced
+dec eax
+call fcn_fffaec34 ; call 0xfffaec34
+imul esi, dword [ebp - 0x38], 0x28
+lea edx, [esi + 0x4808]
+and eax, 0x7f
+mov dword [ebp - 0x3c], eax
+mov ecx, eax
+mov eax, dword [ebp - 0x2c]
+or ecx, 0x400000
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0x3c]
+lea edx, [esi + 0x480c]
+mov eax, dword [ebp - 0x2c]
+or ecx, 0x8000000
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaac28: ; not directly referenced
+inc dword [ebp - 0x38]
+add edi, 0x13c3
+cmp dword [ebp - 0x38], 2
+jne loc_fffaab70 ; jne 0xfffaab70
+
+loc_fffaac3b: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaac43: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+movzx esi, dl
+push ebx
+mov ebx, eax
+imul eax, esi, 0x13c3
+sub esp, 0x1c
+and cl, byte [ebx + eax + 0x381a]
+mov edi, ecx
+and edi, 0xf
+jne short loc_fffaac95 ; jne 0xfffaac95
+xor ecx, ecx
+mov eax, ebx
+lea edx, [esi*4 + 0x4930]
+lea esi, [esi*8 + 0x48a8]
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, esi
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, esi
+and ah, 0xf7
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffaad12 ; jmp 0xfffaad12
+
+loc_fffaac95: ; not directly referenced
+movzx edx, cl
+xor eax, eax
+xor edi, edi
+mov byte [ebp - 0x19], 0
+mov dword [ebp - 0x20], edx
+
+loc_fffaaca3: ; not directly referenced
+mov edx, dword [ebp - 0x20]
+bt edx, eax
+jae short loc_fffaacbb ; jae 0xfffaacbb
+movzx ecx, byte [ebp - 0x19]
+mov edx, eax
+inc byte [ebp - 0x19]
+shl ecx, 2
+shl edx, cl
+or edi, edx
+
+loc_fffaacbb: ; not directly referenced
+inc eax
+cmp eax, 4
+jne short loc_fffaaca3 ; jne 0xfffaaca3
+mov ecx, edi
+mov eax, ebx
+lea edx, [esi*4 + 0x4930]
+call fcn_fffae58c ; call 0xfffae58c
+mov cl, byte [ebp - 0x19]
+lea edi, [esi*8]
+lea edx, [edi + 0x48ef]
+mov eax, ebx
+add edi, 0x48a8
+dec ecx
+movzx ecx, cl
+call fcn_fffae566 ; call 0xfffae566
+mov edx, edi
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, edi
+mov edi, 1
+or ah, 8
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+shl edi, cl
+
+loc_fffaad12: ; not directly referenced
+add esp, 0x1c
+mov eax, edi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaad1c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x70
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x50], 0
+mov byte [ebp - 0x4c], 0
+mov byte [ebp - 0x4b], 0
+mov eax, dword [ebx + 0x2443]
+mov byte [ebp - 0x4a], 1
+mov byte [ebp - 0x49], 0
+mov dword [ebp - 0x48], 0
+mov edi, eax
+mov dword [ebp - 0x68], eax
+mov eax, dword [ebx + 0x188b]
+push 0
+push 0x2c
+mov dword [ebp - 0x5c], eax
+lea eax, [ebp - 0x44]
+push eax
+mov eax, edi
+mov byte [ebp - 0x52], 0
+mov byte [ebp - 0x51], 0
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+cmp byte [ebx + 0x3748], 1
+je short loc_fffaad8a ; je 0xfffaad8a
+xor esi, esi
+cmp byte [ebx + 0x2407], 1
+jne loc_fffaafaa ; jne 0xfffaafaa
+
+loc_fffaad8a: ; not directly referenced
+push esi
+mov eax, ebx
+push esi
+xor esi, esi
+push 0
+push 1
+lea ecx, [ebp - 0x51]
+lea edx, [ebp - 0x52]
+mov word [ebp - 0x1a], 1
+mov word [ebp - 0x1c], 1
+call fcn_fffa81d3 ; call 0xfffa81d3
+add esp, 0x10
+
+loc_fffaadae: ; not directly referenced
+imul eax, esi, 0x13c3
+cmp dword [ebx + eax + 0x3756], 2
+jne loc_fffaae62 ; jne 0xfffaae62
+lea eax, [ebp - 0x48]
+mov edx, esi
+push ecx
+push eax
+lea eax, [ebp - 0x50]
+push eax
+lea eax, [ebp - 0x4c]
+push eax
+lea eax, [ebp - 0x20]
+push eax
+lea eax, [ebp - 0x30]
+push eax
+lea eax, [ebp - 0x34]
+push eax
+mov eax, ebx
+push 0
+lea ecx, [ebp - 0x44]
+call fcn_fffaa5b6 ; call 0xfffaa5b6
+xor edx, edx
+mov eax, 0x1800
+mov ecx, edx
+add esp, 0x18
+and ecx, 0xfffffc00
+or ecx, 2
+mov edx, ecx
+mov ecx, eax
+or ecx, 0x28
+push edx
+mov eax, ecx
+lea ecx, [esi*8 + 0x48a8]
+push eax
+mov edx, ecx
+mov eax, ebx
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+cmp dword [ebp - 0x5c], 1
+lea edx, [esi*4 + 0x4980]
+lea eax, [edx + 0x20]
+cmove edx, eax
+xor ecx, ecx
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+imul edx, esi, 0x28
+mov ecx, 0x400000
+mov eax, ebx
+add edx, 0x4808
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, esi
+mov ecx, 0x20
+shl edx, 0xa
+mov eax, ebx
+add edx, 0x4200
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaae62: ; not directly referenced
+inc esi
+cmp esi, 2
+jne loc_fffaadae ; jne 0xfffaadae
+mov dword [ebp - 0x5c], 0
+
+loc_fffaae73: ; not directly referenced
+movzx eax, byte [ebx + 0x248d]
+mov edi, dword [ebp - 0x5c]
+bt eax, edi
+jb short loc_fffaae92 ; jb 0xfffaae92
+
+loc_fffaae82: ; not directly referenced
+inc dword [ebp - 0x5c]
+cmp dword [ebp - 0x5c], 4
+jne short loc_fffaae73 ; jne 0xfffaae73
+xor esi, esi
+jmp near loc_fffaaf5e ; jmp 0xfffaaf5e
+
+loc_fffaae92: ; not directly referenced
+mov cl, byte [ebp - 0x5c]
+mov esi, 1
+xor edx, edx
+mov eax, ebx
+shl esi, cl
+mov ecx, esi
+call fcn_fffaac43 ; call 0xfffaac43
+mov edx, 1
+mov ecx, esi
+mov edi, eax
+mov eax, ebx
+call fcn_fffaac43 ; call 0xfffaac43
+mov dl, byte [ebp - 0x5c]
+mov dword [ebp - 0x60], 0
+shr dl, 1
+movzx edx, dl
+imul edx, edx, 0x128
+or eax, edi
+movzx eax, al
+mov dword [ebp - 0x64], eax
+lea edi, [ebx + edx + 0x49ae]
+mov dword [ebp - 0x6c], edi
+
+loc_fffaaede: ; not directly referenced
+mov eax, dword [ebp - 0x60]
+xor esi, esi
+mov edi, dword [ebp - 0x6c]
+mov word [ebp - 0x42], ax
+mov word [ebp - 0x3a], ax
+
+loc_fffaaeee: ; not directly referenced
+mov eax, dword [ebp - 0x64]
+bt eax, esi
+jae short loc_fffaaf34 ; jae 0xfffaaf34
+mov eax, dword [edi]
+lea ecx, [ebp - 0x44]
+dec eax
+mov word [ebp - 0x38], ax
+mov ax, word [edi + 4]
+lea edx, [eax - 8]
+mov word [ebp - 0x36], dx
+shr ax, 3
+push edx
+movzx eax, ax
+push 0
+mov edx, esi
+push 0
+push 0
+push 0
+mov dword [ebp - 0x28], eax
+lea eax, [ebp - 0x30]
+push eax
+push 0
+lea eax, [ebp - 0x3c]
+push eax
+mov eax, ebx
+call fcn_fffaa5b6 ; call 0xfffaa5b6
+add esp, 0x20
+
+loc_fffaaf34: ; not directly referenced
+inc esi
+add edi, 0x13c3
+cmp esi, 2
+jne short loc_fffaaeee ; jne 0xfffaaeee
+mov edx, dword [ebp - 0x64]
+mov eax, ebx
+call fcn_fffae670 ; call 0xfffae670
+mov esi, eax
+test eax, eax
+jne short loc_fffaaf5e ; jne 0xfffaaf5e
+inc dword [ebp - 0x60]
+cmp dword [ebp - 0x60], 8
+jne short loc_fffaaede ; jne 0xfffaaede
+jmp near loc_fffaae82 ; jmp 0xfffaae82
+
+loc_fffaaf5e: ; not directly referenced
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffaaf78 ; jne 0xfffaaf78
+mov ecx, 0x3000
+mov edx, 0x48a8
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaaf78: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffaaf92 ; jne 0xfffaaf92
+mov ecx, 0x3000
+mov edx, 0x48b0
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaaf92: ; not directly referenced
+test esi, esi
+je short loc_fffaafaa ; je 0xfffaafaa
+push eax
+push eax
+mov eax, dword [ebp - 0x68]
+push 0xdddc
+push ebx
+call dword [eax + 0x94] ; ucall
+add esp, 0x10
+
+loc_fffaafaa: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaafb4: ; not directly referenced
+push ebp
+xor eax, eax
+mov ebp, esp
+xor edx, edx
+pop ebp
+ret
+
+fcn_fffaafbd: ; not directly referenced
+push ebp
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffaafc2: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 8]
+in eax, dx
+pop ebp
+ret
+
+fcn_fffaafcb: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffaafc2 ; jmp 0xfffaafc2
+
+fcn_fffaafda: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+out dx, eax
+pop ebp
+ret
+
+fcn_fffaafe6: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x18]
+mov dword [ebp + 0xc], eax
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffaafda ; jmp 0xfffaafda
+
+fcn_fffaaffb: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov dl, al
+mov cl, al
+sar dl, 7
+and eax, 0x7f
+sar cl, 7
+and edx, 2
+and ecx, 2
+add edx, 0x74
+add ecx, 0x75
+movzx edx, dl
+out dx, al
+movzx edx, cl
+in al, dx
+pop ebp
+ret
+
+fcn_fffab024: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0x10]
+in al, dx
+pop ebp
+ret
+
+fcn_fffab02d: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0x10]
+mov eax, dword [ebp + 0x18]
+out dx, al
+pop ebp
+ret
+
+fcn_fffab039: ; not directly referenced
+push ebp
+mov edx, 0x186a0
+mov ebp, esp
+xor eax, eax
+push ebx
+sub esp, 0x10
+
+loc_fffab047: ; not directly referenced
+test eax, eax
+sete bl
+test edx, edx
+setne cl
+test bl, cl
+je short loc_fffab064 ; je 0xfffab064
+clc
+
+loc_fffab056: ; not directly referenced
+rdrand eax
+mov dword [ebp - 8], eax
+jae short loc_fffab056 ; jae 0xfffab056
+mov eax, dword [ebp - 8]
+dec edx
+jmp short loc_fffab047 ; jmp 0xfffab047
+
+loc_fffab064: ; not directly referenced
+add esp, 0x10
+pop ebx
+pop ebp
+ret
+
+fcn_fffab06a: ; not directly referenced
+push ebp
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffab06f: ; not directly referenced
+push ebp
+mov ebp, esp
+push eax
+mov eax, 0x1000
+in al, 0x99
+pop eax
+pop ebp
+ret
+
+fcn_fffab07d:
+mov edx, dword [0xff7d026c]
+xor eax, eax
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+imul ebx, edx, 0xc
+
+loc_fffab08e:
+cmp edx, 0x13
+ja short loc_fffab0be ; ja 0xfffab0be
+mov esi, dword [ebp + 0xc]
+inc edx
+mov ecx, 3
+mov dword [0xff7d026c], edx
+lea edi, [ebx + eax - 0x82fe84]
+add esi, eax
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov edi, dword [ebp + 0xc]
+mov ecx, dword [edi + eax]
+add eax, 0xc
+test ecx, ecx
+jns short loc_fffab08e ; jns 0xfffab08e
+xor eax, eax
+jmp short loc_fffab0c3 ; jmp 0xfffab0c3
+
+loc_fffab0be:
+mov eax, 0x80000009
+
+loc_fffab0c3:
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffab0c8: ; not directly referenced
+push ebp
+mov ebp, esp
+pop ebp
+jmp near loc_fffd2984 ; jmp 0xfffd2984
+
+fcn_fffab0d1:
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0xc]
+mov eax, dword [ebp + 8]
+mov ecx, dword [ebp + 0x10]
+test edx, edx
+je short loc_fffab0ed ; je 0xfffab0ed
+movzx ecx, cl
+mov dword [ebp + 0x10], ecx
+pop ebp
+jmp near loc_fffd2932 ; jmp 0xfffd2932
+
+loc_fffab0ed:
+pop ebp
+ret
+
+fcn_fffab0ef:
+push ebp
+mov ebp, esp
+pop ebp
+jmp near loc_fffd2917 ; jmp 0xfffd2917
+
+fcn_fffab0f8: ; not directly referenced
+push ebp
+mov ebp, esp
+pop ebp
+jmp near loc_fffd28fc ; jmp 0xfffd28fc
+
+fcn_fffab101:
+push ebp
+mov ebp, esp
+mov ecx, dword [ebp + 0x10]
+mov eax, dword [ebp + 8]
+mov edx, dword [ebp + 0xc]
+test ecx, ecx
+je short loc_fffab11b ; je 0xfffab11b
+cmp eax, edx
+je short loc_fffab11b ; je 0xfffab11b
+pop ebp
+jmp near loc_fffd2836 ; jmp 0xfffd2836
+
+loc_fffab11b:
+pop ebp
+ret
+
+fcn_fffab11d: ; not directly referenced
+push ebp
+mov ebp, esp
+pop ebp
+jmp near fcn_fffab101 ; jmp 0xfffab101
+
+fcn_fffab126: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x6c
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x68], 0
+mov dword [ebp - 0x4c], 0
+mov dword [ebp - 0x60], 0
+mov eax, dword [ebx + 0x2480]
+mov dword [ebp - 0x58], eax
+mov eax, dword [ebx + 0x1887]
+mov dword [ebp - 0x6c], eax
+mov eax, dword [ebx + 0x188b]
+mov dword [ebp - 0x5c], eax
+lea eax, [ebx + 0x3756]
+mov dword [ebp - 0x50], eax
+mov eax, dword [ebx + 0x5edc]
+lea esi, [eax + 0x1c]
+
+loc_fffab174: ; not directly referenced
+mov eax, dword [ebp - 0x50]
+cmp dword [eax], 2
+jne loc_fffab348 ; jne 0xfffab348
+cmp dword [ebp - 0x5c], 1
+jne short loc_fffab1b7 ; jne 0xfffab1b7
+mov dl, byte [esi + 3]
+mov ecx, 0xff
+mov al, dl
+and edx, 0xffffffbf
+mov byte [esi + 3], dl
+mov edx, dword [ebp - 0x4c]
+shr al, 6
+and eax, 1
+mov byte [esi + 0xcb], al
+mov eax, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [esi]
+mov edx, eax
+mov eax, ebx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffab1b7: ; not directly referenced
+cmp dword [ebp - 0x58], 3
+je loc_fffab30b ; je 0xfffab30b
+mov eax, dword [ebp - 0x50]
+mov dword [ebp - 0x54], 0
+mov dword [ebp - 0x64], eax
+
+loc_fffab1ce: ; not directly referenced
+mov ecx, dword [ebp - 0x54]
+mov eax, 1
+mov dl, cl
+shl eax, cl
+mov ecx, dword [ebp - 0x50]
+test byte [ecx + 0xc4], al
+jne short loc_fffab1f7 ; jne 0xfffab1f7
+
+loc_fffab1e5: ; not directly referenced
+inc dword [ebp - 0x54]
+add dword [ebp - 0x64], 9
+cmp dword [ebp - 0x54], 4
+jne short loc_fffab1ce ; jne 0xfffab1ce
+jmp near loc_fffab27c ; jmp 0xfffab27c
+
+loc_fffab1f7: ; not directly referenced
+cmp dword [ebp - 0x58], 2
+sete cl
+cmp dword [ebp - 0x6c], 0x306d0
+sete al
+test cl, al
+je short loc_fffab1e5 ; je 0xfffab1e5
+mov eax, edx
+shr dl, 1
+and eax, 1
+movzx edx, dl
+imul eax, eax, 0x18
+imul edx, edx, 0x128
+add edx, eax
+mov eax, dword [ebp - 0x50]
+test word [eax + edx + 0x126f], 0x600
+je short loc_fffab1e5 ; je 0xfffab1e5
+xor edi, edi
+
+loc_fffab232: ; not directly referenced
+mov eax, dword [ebp - 0x64]
+mov edx, dword [ebp - 0x4c]
+mov byte [eax + edi + 0x24d], 0x3f
+mov eax, ebx
+push ecx
+mov ecx, dword [ebp - 0x54]
+push 0x3f
+push 2
+push edi
+call fcn_fffa73b0 ; call 0xfffa73b0
+mov ecx, edi
+mov eax, ebx
+or byte [esi + edi*4 + 0x2a], 0x80
+mov edx, dword [ebp - 0x4c]
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [esi + edi*4 + 0x28]
+inc edi
+mov edx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+cmp edi, 9
+jne short loc_fffab232 ; jne 0xfffab232
+jmp near loc_fffab1e5 ; jmp 0xfffab1e5
+
+loc_fffab27c: ; not directly referenced
+cmp dword [ebp - 0x5c], 1
+jne loc_fffab30b ; jne 0xfffab30b
+cmp dword [ebp - 0x68], 0
+jne short loc_fffab30b ; jne 0xfffab30b
+mov eax, dword [esi + 0x28]
+mov edx, 0x3a28
+mov edi, eax
+mov dword [ebp - 0x68], eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, edi
+mov edx, edi
+shr ecx, 0x15
+and ecx, 1
+shr edx, 0x15
+and edx, 2
+and eax, 0xfffffffc
+or eax, ecx
+or eax, edx
+mov edx, edi
+mov edi, dword [ebp - 0x60]
+shr edx, 9
+and eax, 0xff01ffff
+and edx, 0xe0000
+or eax, edx
+mov edx, 0x3a28
+or eax, 0x800000
+cmp dword [ebp - 0x58], 2
+mov ecx, eax
+cmove edi, dword [ebp - 0x5c]
+mov eax, ebx
+mov dword [ebp - 0x60], edi
+call fcn_fffae58c ; call 0xfffae58c
+test edi, edi
+je short loc_fffab30b ; je 0xfffab30b
+mov edx, 0x5f09
+mov eax, ebx
+mov ecx, 1
+call fcn_fffae566 ; call 0xfffae566
+mov edx, 0x96
+mov eax, ebx
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffab30b: ; not directly referenced
+cmp byte [ebx + 0x3748], 1
+jne short loc_fffab348 ; jne 0xfffab348
+mov eax, dword [ebp - 0x4c]
+lea edi, [eax*4 + 0x5004]
+mov eax, ebx
+mov edx, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, edi
+and eax, 0xfcffffff
+or eax, 0x1000000
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x3c
+mov eax, ebx
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffab348: ; not directly referenced
+inc dword [ebp - 0x4c]
+add esi, 0xcc
+add dword [ebp - 0x50], 0x13c3
+cmp dword [ebp - 0x4c], 2
+jne loc_fffab174 ; jne 0xfffab174
+lea edi, [ebp - 0x3c]
+mov esi, ref_fffd3570 ; mov esi, 0xfffd3570
+mov ecx, 9
+mov eax, ebx
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x48]
+mov esi, ref_fffd3594 ; mov esi, 0xfffd3594
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov ecx, 0x1010101
+mov esi, 8
+push edx
+push edx
+xor edx, edx
+push 0
+push 8
+call fcn_fffa7fde ; call 0xfffa7fde
+lea edi, [ebp - 0x3c]
+add esp, 0x10
+
+loc_fffab39c: ; not directly referenced
+push eax
+mov ecx, 0x41041041
+push eax
+mov eax, ebx
+push esi
+add esi, 6
+push 6
+mov edx, dword [edi]
+add edi, 4
+call fcn_fffa7fde ; call 0xfffa7fde
+add esp, 0x10
+cmp esi, 0x3e
+jne short loc_fffab39c ; jne 0xfffab39c
+lea edx, [ebp - 0x48]
+mov eax, ebx
+call fcn_fffa665e ; call 0xfffa665e
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffab3e1 ; jne 0xfffab3e1
+mov ecx, 0xa010102
+mov edx, 0x4078
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffab3e1: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffab3fb ; jne 0xfffab3fb
+mov ecx, 0xa010102
+mov edx, 0x4478
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffab3fb: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffab405:
+push ebp
+mov eax, dword [0xff7d0000]
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffab40f:
+push ebp
+mov ebp, esp
+sub esp, 8
+call fcn_fffab405 ; call 0xfffab405
+sub esp, 0xc
+mov edx, dword [eax]
+push dword [ebp + 0x14]
+push 0
+push dword [ebp + 0xc]
+push dword [ebp + 8]
+push eax
+call dword [edx + 0x20] ; ucall
+leave
+ret
+
+fcn_fffab430: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+mov ebx, edx
+sub esp, 0x2c
+mov esi, dword [ebp + 0xc]
+lea eax, [ebp - 0x1c]
+push eax
+push 0
+push 0
+push ref_fffd662c ; push 0xfffd662c
+mov dword [ebp - 0x2c], ecx
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0xc
+mov edx, dword [ebp - 0x1c]
+push dword [ebp + 8]
+mov ecx, ebx
+lea eax, [ebp - 0x2c]
+shr ecx, 1
+and ecx, 0x7f
+push eax
+mov eax, ebx
+shr eax, 0x16
+movzx ebx, bh
+and eax, 1
+push eax
+push edi
+push ebx
+push ecx
+push edx
+call dword [edx] ; ucall
+add esp, 0x20
+test esi, esi
+je short loc_fffab484 ; je 0xfffab484
+mov dword [esi], eax
+
+loc_fffab484: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffab48f: ; not directly referenced
+push ebp
+mov ecx, 1
+mov ebp, esp
+sub esp, 0x20
+push dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+lea eax, [ebp - 9]
+push eax
+mov eax, 4
+call fcn_fffab430 ; call 0xfffab430
+mov al, byte [ebp - 9]
+leave
+ret
+
+fcn_fffab4b3: ; not directly referenced
+push ebp
+mov ecx, 1
+mov ebp, esp
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 0xc]
+push dword [ebp + 0x10]
+mov edx, dword [ebp + 8]
+lea eax, [ebp - 9]
+mov byte [ebp - 9], bl
+push eax
+mov eax, 5
+call fcn_fffab430 ; call 0xfffab430
+mov al, bl
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffab4e0: ; not directly referenced
+push ebp
+mov ecx, 2
+mov ebp, esp
+sub esp, 0x20
+push dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+lea eax, [ebp - 0xa]
+push eax
+mov eax, 6
+call fcn_fffab430 ; call 0xfffab430
+mov ax, word [ebp - 0xa]
+leave
+ret
+
+fcn_fffab505:
+push ebp
+mov ebp, esp
+push ebx
+mov ebx, edx
+sub esp, 0x14
+mov dword [edx + 4], eax
+lea eax, [ebp - 0xc]
+mov dword [edx], 0x626d7370
+push eax
+push 0
+push 0
+push ref_fffd6584 ; push 0xfffd6584
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [ebp - 0xc]
+add esp, 0x10
+movzx edx, word [eax + 0x388]
+add eax, 0x38e
+mov dword [ebx + 8], edx
+mov dl, byte [eax - 1]
+mov dword [ebx + 0xce], eax
+lea eax, [ebx + 0x18]
+mov dword [ebx + 0xc], 0x80000010
+mov dword [ebx + 0x10], ref_fffd662c ; mov dword [ebx + 0x10], 0xfffd662c
+mov byte [ebx + 0xcd], dl
+mov dword [ebx + 0x14], eax
+mov dword [ebx + 0x18], fcn_fffb51f9 ; mov dword [ebx + 0x18], 0xfffb51f9
+mov dword [ebx + 0x1c], fcn_fffa5b5e ; mov dword [ebx + 0x1c], 0xfffa5b5e
+mov dword [ebx + 0x20], fcn_fffa5b54 ; mov dword [ebx + 0x20], 0xfffa5b54
+mov dword [ebx + 0x24], fcn_fffa5b4a ; mov dword [ebx + 0x24], 0xfffa5b4a
+mov dword [ebx + 0x38], 0x80000020
+mov dword [ebx + 0x3c], ref_fffd65b0 ; mov dword [ebx + 0x3c], 0xfffd65b0
+mov dword [ebx + 0x40], fcn_fffab5a2 ; mov dword [ebx + 0x40], 0xfffab5a2
+mov byte [ebx + 0x44], 0
+mov byte [ebx + 0xd2], 0
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffab5a2: ; not directly referenced
+push ebp
+mov ebp, esp
+sub esp, 8
+mov eax, dword [ebp + 0xc]
+lea edx, [eax - 0x38]
+mov eax, dword [ebp + 8]
+call fcn_fffab505 ; call 0xfffab505
+xor eax, eax
+leave
+ret
+
+fcn_fffab5ba:
+push ebp
+mov ebp, esp
+push ebx
+push eax
+mov ebx, dword [ebp + 0xc]
+call fcn_fffab405 ; call 0xfffab405
+movzx ebx, bx
+mov edx, dword [eax]
+push dword [ebp + 0x10]
+push ebx
+push 4
+push eax
+call dword [edx + 0x34] ; ucall
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffab5db:
+push ebp
+mov ebp, esp
+sub esp, 8
+call fcn_fffab405 ; call 0xfffab405
+push edx
+push edx
+mov edx, dword [eax]
+push dword [ebp + 8]
+push eax
+call dword [edx + 0x18] ; ucall
+leave
+ret
+
+fcn_fffab5f3:
+push ebp
+mov ebp, esp
+sub esp, 0x18
+call fcn_fffab405 ; call 0xfffab405
+lea ecx, [ebp - 0xc]
+push edx
+push edx
+mov edx, dword [eax]
+push ecx
+push eax
+call dword [edx + 0x30] ; ucall
+mov eax, dword [ebp - 0xc]
+leave
+ret
+
+fcn_fffab60f:
+push ebp
+mov ebp, esp
+sub esp, 8
+call fcn_fffab405 ; call 0xfffab405
+push edx
+mov edx, dword [eax]
+push dword [ebp + 0xc]
+push dword [ebp + 8]
+push eax
+call dword [edx + 0x4c] ; ucall
+leave
+ret
+
+fcn_fffab629: ; not directly referenced
+push ebp
+mov ebp, esp
+push esi
+mov esi, dword [ebp + 0xc]
+push ebx
+mov ebx, dword [ebp + 8]
+push ebx
+call fcn_fffaafc2 ; call 0xfffaafc2
+mov dword [ebp + 8], ebx
+pop edx
+or eax, esi
+mov dword [ebp + 0xc], eax
+lea esp, [ebp - 8]
+pop ebx
+pop esi
+pop ebp
+jmp near fcn_fffaafda ; jmp 0xfffaafda
+
+fcn_fffab64e: ; not directly referenced
+push ebp
+mov ebp, esp
+push esi
+mov esi, dword [ebp + 0xc]
+push ebx
+mov ebx, dword [ebp + 8]
+push ebx
+call fcn_fffaafc2 ; call 0xfffaafc2
+mov dword [ebp + 8], ebx
+pop edx
+and eax, esi
+mov dword [ebp + 0xc], eax
+lea esp, [ebp - 8]
+pop ebx
+pop esi
+pop ebp
+jmp near fcn_fffaafda ; jmp 0xfffaafda
+
+fcn_fffab673:
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, ecx
+sub esp, 0x4c
+mov edi, dword [ebp + 0xc]
+lea ecx, [ecx + 0x186e]
+mov dword [ebp - 0x3c], ecx
+mov dword [ebp - 0x44], edx
+mov edx, dword [ebp + 0x10]
+mov ecx, dword [edi + 0x1e]
+mov esi, dword [edi + 9]
+mov dword [ebx + 0x18bd], 0x102
+mov dword [ebx + 0x1877], 2
+mov dword [ebp - 0x40], ecx
+mov ecx, dword [ebx + 0x2443]
+mov dword [ebx + 0x18b9], esi
+mov byte [ebx + 0x1876], 0
+mov dword [ebx + 0x18a3], 0
+mov dword [ebp - 0x30], ecx
+mov cl, byte [esi + 0xf2]
+mov byte [ebx + 0x2407], cl
+mov ecx, dword [esi + 4]
+cmp ecx, 2
+je short loc_fffab6eb ; je 0xfffab6eb
+cmp ecx, 3
+je short loc_fffab6f8 ; je 0xfffab6f8
+dec ecx
+jne short loc_fffab73a ; jne 0xfffab73a
+jmp short loc_fffab70c ; jmp 0xfffab70c
+
+loc_fffab6eb:
+cmp eax, 4
+setne al
+movzx eax, al
+add eax, eax
+jmp short loc_fffab704 ; jmp 0xfffab704
+
+loc_fffab6f8:
+cmp eax, 4
+setne al
+movzx eax, al
+lea eax, [eax + eax*2]
+
+loc_fffab704:
+mov dword [ebx + 0x18a7], eax
+jmp short loc_fffab744 ; jmp 0xfffab744
+
+loc_fffab70c:
+cmp eax, 4
+je short loc_fffab73a ; je 0xfffab73a
+mov dword [ebx + 0x18a7], 1
+movzx eax, byte [esi + 0x53]
+mov dword [ebx + 0x1877], eax
+mov al, byte [esi + 0x54]
+mov byte [ebx + 0x1876], al
+movzx eax, word [esi + 0x4c]
+mov dword [ebx + 0x18a3], eax
+jmp short loc_fffab744 ; jmp 0xfffab744
+
+loc_fffab73a:
+mov dword [ebx + 0x18a7], 0
+
+loc_fffab744:
+mov eax, dword [edi + 1]
+mov eax, dword [eax + 4]
+mov dword [ebx + 0x18c5], eax
+mov eax, dword [edi + 1]
+mov eax, dword [eax + 0x10]
+mov dword [ebx + 0x18c1], eax
+mov eax, dword [edi + 1]
+mov eax, dword [eax + 0x14]
+mov dword [ebx + 0x18c9], eax
+mov eax, dword [edi + 1]
+mov eax, dword [eax + 0x18]
+mov dword [ebx + 0x18d1], 0xfed00000
+mov dword [ebx + 0x18cd], eax
+mov eax, dword [edi + 5]
+movzx eax, word [eax]
+mov dword [ebx + 0x18d9], eax
+movzx eax, word [esi + 1]
+mov dword [ebx + 0x1872], eax
+mov eax, dword [edi + 1]
+mov eax, dword [eax + 0x1c]
+shr eax, 0x14
+cmp edx, 0x40650
+sete cl
+cmp edx, 0x306c0
+mov dword [ebx + 0x18dd], eax
+sete al
+or cl, al
+mov eax, dword [edi + 5]
+jne short loc_fffab7c4 ; jne 0xfffab7c4
+cmp edx, 0x40660
+jne short loc_fffab7ca ; jne 0xfffab7ca
+
+loc_fffab7c4:
+movzx eax, word [eax + 2]
+jmp short loc_fffab7d5 ; jmp 0xfffab7d5
+
+loc_fffab7ca:
+movzx ecx, word [eax + 2]
+mov eax, 1
+shl eax, cl
+
+loc_fffab7d5:
+mov dword [ebx + 0x1893], eax
+mov eax, dword [edi + 5]
+movzx eax, byte [eax + 4]
+mov byte [ebx + 0x18b3], 0
+shl eax, 5
+mov dword [ebx + 0x188f], eax
+push eax
+push eax
+lea eax, [ebx + 0x189c]
+push eax
+lea eax, [ebx + 0x189b]
+push eax
+lea eax, [ebx + 0x189a]
+push eax
+lea eax, [ebx + 0x1899]
+push eax
+lea eax, [ebx + 0x1898]
+push eax
+lea eax, [ebx + 0x1897]
+push eax
+mov eax, dword [ebp - 0x30]
+call dword [eax + 0x50] ; ucall
+mov eax, dword [edi + 1]
+movzx eax, byte [eax + 0x20]
+mov dword [ebx + 0x187f], eax
+mov eax, dword [edi + 9]
+mov al, byte [eax + 0xc6]
+mov byte [ebx + 0x18b0], al
+mov eax, dword [esi + 0x4e]
+mov word [ebx + 0x1902], 0x3e8
+mov word [ebx + 0x1904], 0x3e8
+mov byte [ebx + 0x18b2], 0
+mov dword [ebx + 0x18ee], eax
+mov al, byte [esi + 0x2e]
+mov byte [ebx + 0x2442], 0
+mov byte [ebx + 0x18b5], al
+mov al, byte [esi + 0x2f]
+mov byte [ebx + 0x23ff], al
+mov al, byte [esi + 0x30]
+mov byte [ebx + 0x2400], al
+mov al, byte [esi + 0x31]
+mov byte [ebx + 0x2401], al
+mov al, byte [esi + 0x6b]
+mov byte [ebx + 0x2402], al
+mov al, byte [ebx + 0x2403]
+mov dl, byte [esi + 0x32]
+and eax, 0xfffffffe
+and edx, 1
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov dl, byte [esi + 0x33]
+and eax, 0xfffffffd
+and edx, 1
+add edx, edx
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov dl, byte [esi + 0x34]
+and eax, 0xfffffffb
+and edx, 1
+shl edx, 2
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov dl, byte [esi + 0x35]
+and eax, 0xfffffff7
+and edx, 1
+shl edx, 3
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov dl, byte [esi + 0x36]
+and eax, 0xffffffef
+and edx, 1
+shl edx, 4
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov dl, byte [esi + 0x37]
+and eax, 0xffffffdf
+and edx, 1
+shl edx, 5
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov dl, byte [esi + 0x38]
+and eax, 0xffffffbf
+and edx, 1
+shl edx, 6
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov dl, byte [esi + 0x39]
+and eax, 0x7f
+shl edx, 7
+or eax, edx
+mov byte [ebx + 0x2403], al
+mov al, byte [ebx + 0x2404]
+mov dl, byte [esi + 0x3a]
+and edx, 1
+and eax, 0xfffffffe
+or eax, edx
+mov byte [ebx + 0x2404], al
+mov dl, byte [esi + 0x3b]
+and eax, 0xfffffffd
+and edx, 1
+add edx, edx
+or eax, edx
+mov byte [ebx + 0x2404], al
+mov dl, byte [esi + 0x3c]
+and eax, 0xfffffffb
+and edx, 1
+shl edx, 2
+or eax, edx
+mov byte [ebx + 0x2404], al
+mov dl, byte [esi + 0x3e]
+and eax, 0xffffffef
+and edx, 1
+shl edx, 4
+or eax, edx
+mov byte [ebx + 0x2404], al
+mov dl, byte [esi + 0x3f]
+and eax, 0xffffffdf
+and edx, 1
+shl edx, 5
+or eax, edx
+mov byte [ebx + 0x2404], al
+mov dl, byte [esi + 0x40]
+and eax, 0xffffffbf
+and edx, 1
+shl edx, 6
+or eax, edx
+mov byte [ebx + 0x2404], al
+mov dl, byte [esi + 0x41]
+and eax, 0x7f
+shl edx, 7
+or eax, edx
+mov byte [ebx + 0x2404], al
+mov al, byte [ebx + 0x2405]
+mov dl, byte [esi + 0x42]
+and eax, 0xfffffffe
+and edx, 1
+or eax, edx
+mov byte [ebx + 0x2405], al
+mov dl, byte [esi + 0x43]
+and eax, 0xfffffffb
+and edx, 1
+shl edx, 2
+or eax, edx
+mov byte [ebx + 0x2405], al
+mov dl, byte [esi + 0x44]
+and edx, 1
+shl edx, 3
+and eax, 0xfffffff7
+or eax, edx
+add esp, 0x20
+mov byte [ebx + 0x2405], al
+mov dl, byte [esi + 0x47]
+and eax, 0xffffffbf
+and edx, 1
+shl edx, 6
+or eax, edx
+mov byte [ebx + 0x2405], al
+mov dl, byte [esi + 0x48]
+and eax, 0x7f
+shl edx, 7
+or eax, edx
+mov byte [ebx + 0x2405], al
+mov al, byte [ebx + 0x2406]
+mov dl, byte [esi + 0x49]
+and eax, 0xfffffffe
+and edx, 1
+or eax, edx
+mov byte [ebx + 0x2406], al
+mov dl, byte [esi + 0x4a]
+and eax, 0xfffffffd
+and edx, 1
+add edx, edx
+or eax, edx
+mov byte [ebx + 0x2406], al
+mov dl, byte [esi + 0x4b]
+and eax, 0xfffffffb
+and edx, 1
+shl edx, 2
+or eax, edx
+mov byte [ebx + 0x2406], al
+cmp byte [edi], 1
+jbe short loc_fffabaa2 ; jbe 0xfffabaa2
+mov dl, byte [esi + 0x58]
+and eax, 0xfffffff7
+and edx, 1
+shl edx, 3
+or eax, edx
+mov byte [ebx + 0x2406], al
+mov dl, byte [esi + 0x59]
+and eax, 0xffffffef
+and edx, 1
+shl edx, 4
+or eax, edx
+mov byte [ebx + 0x2406], al
+mov dl, byte [esi + 0x5a]
+and eax, 0xffffffdf
+and edx, 1
+shl edx, 5
+or eax, edx
+jmp short loc_fffabaa8 ; jmp 0xfffabaa8
+
+loc_fffabaa2:
+and eax, 0xffffffe7
+or eax, 0x20
+
+loc_fffabaa8:
+mov byte [ebx + 0x2406], al
+mov al, byte [ebx + 0x2405]
+cmp byte [edi], 3
+jbe short loc_fffabb0d ; jbe 0xfffabb0d
+mov dl, byte [esi + 0x5c]
+and eax, 0xfffffffd
+and edx, 1
+add edx, edx
+or eax, edx
+mov byte [ebx + 0x2405], al
+mov al, byte [esi + 0x5d]
+mov byte [ebx + 0x1906], al
+mov al, byte [esi + 0x5e]
+mov byte [ebx + 0x1907], al
+mov al, byte [esi + 0x5f]
+mov byte [ebx + 0x1908], al
+mov al, byte [esi + 0x60]
+mov byte [ebx + 0x1909], al
+mov al, byte [esi + 0x61]
+mov byte [ebx + 0x190a], al
+mov al, byte [esi + 0x62]
+mov byte [ebx + 0x190b], al
+mov al, byte [esi + 0x63]
+mov byte [ebx + 0x190c], al
+jmp short loc_fffabb47 ; jmp 0xfffabb47
+
+loc_fffabb0d:
+or eax, 2
+mov byte [ebx + 0x2405], al
+mov byte [ebx + 0x1906], 0xff
+mov byte [ebx + 0x1907], 0x40
+mov byte [ebx + 0x1908], 1
+mov byte [ebx + 0x1909], 1
+mov byte [ebx + 0x190a], 0
+mov byte [ebx + 0x190b], 7
+mov byte [ebx + 0x190c], 0
+
+loc_fffabb47:
+cmp byte [edi], 4
+jbe short loc_fffabb72 ; jbe 0xfffabb72
+mov eax, dword [esi + 0x64]
+mov edx, 0x5f5e100
+cmp eax, 0x55d4a7f
+jbe short loc_fffabb6a ; jbe 0xfffabb6a
+mov ecx, 0xf4240
+xor edx, edx
+div ecx
+imul edx, eax, 0xf4240
+
+loc_fffabb6a:
+mov dword [ebx + 0x187b], edx
+jmp short loc_fffabb7c ; jmp 0xfffabb7c
+
+loc_fffabb72:
+mov dword [ebx + 0x187b], 0x5f5e100
+
+loc_fffabb7c:
+cmp byte [edi], 5
+mov dl, byte [ebx + 0x2406]
+jbe short loc_fffabb97 ; jbe 0xfffabb97
+mov al, byte [esi + 0x6a]
+and edx, 0xffffffbf
+and eax, 1
+shl eax, 6
+or edx, eax
+jmp short loc_fffabb9a ; jmp 0xfffabb9a
+
+loc_fffabb97:
+or edx, 0x40
+
+loc_fffabb9a:
+mov byte [ebx + 0x2406], dl
+cmp byte [edi], 8
+jbe short loc_fffabbd3 ; jbe 0xfffabbd3
+mov eax, dword [edi + 1]
+mov eax, dword [eax + 0x2b]
+shr eax, 0x14
+mov dword [ebx + 0x18e1], eax
+mov al, byte [esi + 0x6d]
+mov byte [ebx + 0x1917], al
+mov ax, word [esi + 0x6e]
+mov word [ebx + 0x1918], ax
+mov al, byte [esi + 0x70]
+mov byte [ebx + 0x191a], al
+jmp short loc_fffabbf4 ; jmp 0xfffabbf4
+
+loc_fffabbd3:
+mov dword [ebx + 0x18e1], 4
+mov byte [ebx + 0x1917], 2
+mov word [ebx + 0x1918], 0x30ce
+mov byte [ebx + 0x191a], 1
+
+loc_fffabbf4:
+cmp byte [edi], 9
+jbe loc_fffabef9 ; jbe 0xfffabef9
+mov al, byte [esi + 0x71]
+mov byte [ebx + 0x1923], al
+mov al, byte [esi + 0x72]
+mov byte [ebx + 0x1924], al
+mov al, byte [esi + 0x73]
+mov byte [ebx + 0x1925], al
+mov al, byte [esi + 0x74]
+mov byte [ebx + 0x1926], al
+mov eax, dword [ebx + 0x1887]
+cmp eax, 0x40650
+je short loc_fffabc37 ; je 0xfffabc37
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffabc40 ; jne 0xfffabc40
+
+loc_fffabc37:
+mov dl, byte [esi + 0x75]
+mov byte [ebx + 0x1927], dl
+
+loc_fffabc40:
+mov dl, byte [esi + 0x76]
+mov byte [ebx + 0x1928], dl
+mov dl, byte [esi + 0x77]
+mov byte [ebx + 0x1929], dl
+mov dl, byte [esi + 0x78]
+mov byte [ebx + 0x192a], dl
+mov dl, byte [esi + 0x79]
+mov byte [ebx + 0x192b], dl
+mov dl, byte [esi + 0x7a]
+mov byte [ebx + 0x192c], dl
+mov dl, byte [esi + 0x7b]
+mov byte [ebx + 0x192e], dl
+mov dl, byte [esi + 0x7c]
+mov byte [ebx + 0x192d], dl
+mov dl, byte [esi + 0x7d]
+mov byte [ebx + 0x192f], dl
+mov dl, byte [esi + 0x7e]
+mov byte [ebx + 0x1930], dl
+mov dl, byte [esi + 0x7f]
+mov byte [ebx + 0x1931], dl
+mov dl, byte [esi + 0x80]
+mov byte [ebx + 0x1932], dl
+mov dx, word [esi + 0x81]
+mov word [ebx + 0x1933], dx
+mov dl, byte [esi + 0x83]
+mov byte [ebx + 0x1935], dl
+mov dl, byte [esi + 0x84]
+mov byte [ebx + 0x1936], dl
+mov dl, byte [esi + 0x85]
+mov byte [ebx + 0x1937], dl
+mov dx, word [esi + 0x86]
+mov word [ebx + 0x1938], dx
+mov dl, byte [esi + 0x88]
+mov byte [ebx + 0x193a], dl
+mov dl, byte [esi + 0x89]
+mov byte [ebx + 0x193b], dl
+mov dl, byte [esi + 0x8a]
+mov byte [ebx + 0x193c], dl
+mov dl, byte [esi + 0x8b]
+mov byte [ebx + 0x193d], dl
+mov dl, byte [esi + 0x8c]
+mov byte [ebx + 0x193e], dl
+mov dl, byte [esi + 0x8d]
+mov byte [ebx + 0x193f], dl
+mov dl, byte [esi + 0x8e]
+mov byte [ebx + 0x1940], dl
+mov dl, byte [esi + 0x8f]
+mov byte [ebx + 0x1941], dl
+mov dl, byte [esi + 0x90]
+mov byte [ebx + 0x1942], dl
+mov dl, byte [esi + 0x91]
+mov byte [ebx + 0x1943], dl
+mov dl, byte [esi + 0x92]
+mov byte [ebx + 0x1944], dl
+mov dl, byte [esi + 0x93]
+mov byte [ebx + 0x1945], dl
+mov dl, byte [esi + 0x94]
+mov byte [ebx + 0x1946], dl
+mov dl, byte [esi + 0x95]
+mov byte [ebx + 0x1947], dl
+mov dl, byte [esi + 0x96]
+mov byte [ebx + 0x1948], dl
+mov dl, byte [esi + 0x97]
+mov byte [ebx + 0x1949], dl
+mov dl, byte [esi + 0x98]
+mov byte [ebx + 0x194b], dl
+mov dl, byte [esi + 0x99]
+mov byte [ebx + 0x194a], dl
+mov dl, byte [esi + 0xa2]
+mov byte [ebx + 0x194d], dl
+mov dl, byte [esi + 0xa3]
+mov byte [ebx + 0x194c], dl
+mov dl, byte [esi + 0x9a]
+mov byte [ebx + 0x194f], dl
+mov dl, byte [esi + 0x9b]
+mov byte [ebx + 0x194e], dl
+mov dl, byte [esi + 0xa4]
+mov byte [ebx + 0x1951], dl
+mov dl, byte [esi + 0xa5]
+mov byte [ebx + 0x1950], dl
+mov dl, byte [esi + 0x9c]
+mov byte [ebx + 0x1953], dl
+mov dl, byte [esi + 0x9d]
+mov byte [ebx + 0x1952], dl
+mov dl, byte [esi + 0xa6]
+mov byte [ebx + 0x1955], dl
+mov dl, byte [esi + 0xa7]
+mov byte [ebx + 0x1954], dl
+mov dl, byte [esi + 0x9e]
+mov byte [ebx + 0x1957], dl
+mov dl, byte [esi + 0x9f]
+mov byte [ebx + 0x1956], dl
+mov dl, byte [esi + 0xa8]
+mov byte [ebx + 0x1959], dl
+mov dl, byte [esi + 0xa9]
+mov byte [ebx + 0x1958], dl
+mov dl, byte [esi + 0xa0]
+mov byte [ebx + 0x195b], dl
+mov dl, byte [esi + 0xa1]
+mov byte [ebx + 0x195a], dl
+mov dl, byte [esi + 0xaa]
+mov byte [ebx + 0x195d], dl
+mov dl, byte [esi + 0xab]
+mov byte [ebx + 0x195c], dl
+mov dl, byte [esi + 0xac]
+mov byte [ebx + 0x195e], dl
+mov dx, word [esi + 0xad]
+mov word [ebx + 0x195f], dx
+mov dl, byte [esi + 0xaf]
+mov byte [ebx + 0x1961], dl
+mov dl, byte [esi + 0xb0]
+mov byte [ebx + 0x1962], dl
+cmp eax, 0x40650
+je short loc_fffabedc ; je 0xfffabedc
+cmp dword [ebx + 0x188b], 1
+jne loc_fffac030 ; jne 0xfffac030
+
+loc_fffabedc:
+mov al, byte [esi + 0xb1]
+mov byte [ebx + 0x1963], al
+mov al, byte [esi + 0xb2]
+mov byte [ebx + 0x1964], al
+jmp near loc_fffac030 ; jmp 0xfffac030
+
+loc_fffabef9:
+mov ecx, dword [ebx + 0x1887]
+mov byte [ebx + 0x1923], 0
+mov byte [ebx + 0x1924], 0
+mov byte [ebx + 0x1925], 0
+mov byte [ebx + 0x1926], 1
+cmp ecx, 0x40650
+je short loc_fffabf2c ; je 0xfffabf2c
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffabf33 ; jne 0xfffabf33
+
+loc_fffabf2c:
+mov byte [ebx + 0x1927], 0
+
+loc_fffabf33:
+mov byte [ebx + 0x1928], 0
+lea eax, [ebx + 0x193a]
+xor edx, edx
+mov byte [ebx + 0x1929], 1
+mov byte [ebx + 0x192a], 0
+mov byte [ebx + 0x192c], 3
+mov byte [ebx + 0x192f], 0
+mov byte [ebx + 0x1930], 0
+mov byte [ebx + 0x1931], 0
+mov byte [ebx + 0x1932], 0
+mov word [ebx + 0x1933], 0
+mov byte [ebx + 0x1935], 0
+mov byte [ebx + 0x1936], 0
+mov byte [ebx + 0x1937], 0
+mov word [ebx + 0x1938], 0
+
+loc_fffabf9a:
+mov byte [ebx + edx + 0x192d], 0
+inc edx
+add eax, 2
+mov byte [eax - 2], 0xff
+mov byte [eax + 2], 0xff
+mov byte [eax + 6], 0xff
+mov byte [eax + 0xa], 0xff
+mov byte [eax + 0xe], 0
+mov byte [eax + 0x12], 0
+mov byte [eax + 0x16], 0
+mov byte [eax + 0x1a], 0
+mov byte [eax + 0x1e], 0
+mov byte [eax - 1], 0xff
+mov byte [eax + 3], 0xff
+mov byte [eax + 7], 0xff
+mov byte [eax + 0xb], 0xff
+mov byte [eax + 0xf], 0
+mov byte [eax + 0x13], 0
+mov byte [eax + 0x17], 0
+mov byte [eax + 0x1b], 0
+mov byte [eax + 0x1f], 0
+cmp edx, 2
+jne short loc_fffabf9a ; jne 0xfffabf9a
+mov byte [ebx + 0x195e], 1
+mov word [ebx + 0x195f], 0x200
+mov byte [ebx + 0x1961], 0
+mov byte [ebx + 0x1962], 0x30
+cmp ecx, 0x40650
+je short loc_fffac022 ; je 0xfffac022
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffac030 ; jne 0xfffac030
+
+loc_fffac022:
+mov byte [ebx + 0x1963], 1
+mov byte [ebx + 0x1964], 0x40
+
+loc_fffac030:
+cmp byte [edi], 0xa
+jbe short loc_fffac05b ; jbe 0xfffac05b
+mov al, byte [esi + 0xc2]
+mov byte [ebx + 0x18b7], al
+mov al, byte [esi + 0xc3]
+mov byte [ebx + 0x18b8], al
+mov al, byte [esi + 0xc4]
+mov byte [ebx + 0x2411], al
+jmp short loc_fffac070 ; jmp 0xfffac070
+
+loc_fffac05b:
+mov byte [ebx + 0x18b7], 1
+mov byte [ebx + 0x18b8], 1
+mov byte [ebx + 0x2411], 0
+
+loc_fffac070:
+cmp byte [edi], 0xb
+mov al, byte [ebx + 0x2404]
+jbe short loc_fffac08e ; jbe 0xfffac08e
+mov dl, byte [esi + 0xc5]
+and eax, 0xfffffff7
+and edx, 1
+shl edx, 3
+or eax, edx
+jmp short loc_fffac091 ; jmp 0xfffac091
+
+loc_fffac08e:
+or eax, 8
+
+loc_fffac091:
+mov byte [ebx + 0x2404], al
+mov cl, byte [ebx + 0x2405]
+cmp byte [edi], 0xe
+jbe loc_fffac149 ; jbe 0xfffac149
+mov al, byte [esi + 0xf3]
+and ecx, 0xffffffef
+mov dl, cl
+xor ecx, ecx
+mov byte [ebx + 0x1965], al
+mov al, byte [esi + 0xce]
+and eax, 1
+shl eax, 4
+or edx, eax
+mov byte [ebx + 0x2405], dl
+mov al, byte [esi + 0xcf]
+mov byte [ebx + 0x190d], al
+mov al, byte [esi + 0xd1]
+mov byte [ebx + 0x2420], al
+
+loc_fffac0e5:
+mov eax, dword [esi + ecx + 0xd2]
+mov edx, dword [esi + ecx + 0xd6]
+mov dword [ebx + ecx + 0x2421], eax
+mov dword [ebx + ecx + 0x2425], edx
+add ecx, 8
+cmp ecx, 0x20
+jne short loc_fffac0e5 ; jne 0xfffac0e5
+mov al, byte [esi + 0xd0]
+mov byte [ebx + 0x240f], al
+mov al, byte [esi + 0xf4]
+mov byte [ebx + 0x191b], al
+mov eax, dword [esi + 0xf5]
+mov dword [ebx + 0x191c], eax
+mov ax, word [esi + 0xf9]
+mov word [ebx + 0x1920], ax
+mov al, byte [esi + 0xfb]
+mov byte [ebx + 0x1922], al
+jmp short loc_fffac1a0 ; jmp 0xfffac1a0
+
+loc_fffac149:
+cmp dword [ebx + 0x188b], 1
+mov al, cl
+mov byte [ebx + 0x1965], 1
+mov byte [ebx + 0x190d], 0
+setne dl
+and eax, 0xffffffef
+shl edx, 4
+or eax, edx
+mov byte [ebx + 0x2405], al
+mov byte [ebx + 0x2420], 0
+mov byte [ebx + 0x240f], 0
+mov byte [ebx + 0x191b], 1
+mov dword [ebx + 0x191c], 0x320
+mov word [ebx + 0x1920], 0x118
+mov byte [ebx + 0x1922], 7
+
+loc_fffac1a0:
+cmp byte [edi], 0xf
+mov dl, byte [ebx + 0x2405]
+jbe short loc_fffac1ca ; jbe 0xfffac1ca
+mov al, byte [esi + 0xfc]
+and edx, 0xffffffdf
+mov byte [ebx + 0x2410], al
+mov al, byte [esi + 0xfd]
+and eax, 1
+shl eax, 5
+or edx, eax
+jmp short loc_fffac1d4 ; jmp 0xfffac1d4
+
+loc_fffac1ca:
+mov byte [ebx + 0x2410], 0
+and edx, 0xffffffdf
+
+loc_fffac1d4:
+mov byte [ebx + 0x2405], dl
+cmp byte [edi], 0x11
+jbe short loc_fffac207 ; jbe 0xfffac207
+movzx eax, byte [esi + 0xfe]
+mov dword [ebx + 0x190e], eax
+movzx eax, byte [esi + 0xff]
+mov dword [ebx + 0x1912], eax
+mov al, byte [esi + 0x100]
+mov byte [ebx + 0x1916], al
+jmp short loc_fffac222 ; jmp 0xfffac222
+
+loc_fffac207:
+mov dword [ebx + 0x190e], 0
+mov dword [ebx + 0x1912], 0xe
+mov byte [ebx + 0x1916], 0
+
+loc_fffac222:
+cmp byte [edi], 0x12
+mov byte [ebp - 0x45], 0xff
+jbe short loc_fffac234 ; jbe 0xfffac234
+mov al, byte [esi + 0x101]
+mov byte [ebp - 0x45], al
+
+loc_fffac234:
+mov dword [ebx + 0x189f], 0
+mov byte [ebx + 0x189e], 0
+mov al, byte [esi + 0xc7]
+mov byte [ebx + 0x241f], al
+mov al, byte [esi + 0xcc]
+mov byte [ebx + 0x2441], 0
+mov byte [ebx + 0x240c], al
+mov al, byte [esi + 0x11]
+mov byte [ebx + 0x18b4], al
+mov al, byte [esi + 0x2c]
+mov byte [ebx + 0x18b6], al
+mov al, byte [esi]
+mov byte [ebx + 0x18b1], al
+mov al, byte [edi + 0x22]
+mov byte [ebx + 0x2408], al
+mov eax, dword [ebx + 0x1887]
+cmp eax, 0x40650
+je short loc_fffac2a1 ; je 0xfffac2a1
+cmp dword [ebx + 0x188b], 1
+jne loc_fffac354 ; jne 0xfffac354
+
+loc_fffac2a1:
+mov dl, byte [esi + 0x57]
+mov byte [ebx + 0x2409], dl
+cmp eax, 0x40670
+je short loc_fffac2b8 ; je 0xfffac2b8
+mov byte [ebx + 0x240a], 0
+
+loc_fffac2b8:
+cmp dword [ebx + 0x188b], 1
+jne loc_fffac354 ; jne 0xfffac354
+mov eax, dword [ebp - 0x30]
+mov byte [ebx + 0x240b], 0
+mov eax, dword [eax + 0x80]
+test eax, eax
+je short loc_fffac2ec ; je 0xfffac2ec
+lea edx, [ebp - 0x20]
+push edx
+lea edx, [ebp - 0x1c]
+push edx
+push 0x1b
+push 1
+call eax
+add esp, 0x10
+jmp short loc_fffac2f3 ; jmp 0xfffac2f3
+
+loc_fffac2ec:
+mov dword [ebp - 0x1c], 0
+
+loc_fffac2f3:
+cmp dword [ebp - 0x1c], 0
+je short loc_fffac344 ; je 0xfffac344
+mov dx, word [ebp - 0x1a]
+mov ecx, 0xb
+xor eax, eax
+mov word [ebp - 0x2c], 0x4e20
+and edx, 0xfff
+mov dword [ebp - 0x38], edx
+
+loc_fffac313:
+mov edx, dword [ebp - 0x38]
+sar edx, cl
+mov dword [ebp - 0x34], edx
+mov edx, dword [ebp - 0x2c]
+add edx, eax
+test byte [ebp - 0x34], 1
+cmovne eax, edx
+dec ecx
+shr word [ebp - 0x2c], 1
+cmp ecx, 0xffffffff
+jne short loc_fffac313 ; jne 0xfffac313
+mov ecx, 0xa
+xor edx, edx
+div cx
+mov word [ebx + 0x1902], ax
+jmp short loc_fffac34d ; jmp 0xfffac34d
+
+loc_fffac344:
+mov word [ebx + 0x1902], 0x352
+
+loc_fffac34d:
+mov byte [ebx + 0x240d], 0
+
+loc_fffac354:
+movzx eax, byte [ebp - 0x44]
+lea ecx, [ebx + 0x19bb]
+mov byte [ebx + 0x196a], 0
+mov dword [ebp - 0x2c], 0
+mov dword [ebp - 0x50], eax
+
+loc_fffac36f:
+mov edx, dword [ebp - 0x2c]
+mov al, byte [ebp - 0x45]
+mov byte [ebp - 0x34], dl
+cmp dl, al
+je short loc_fffac3c9 ; je 0xfffac3c9
+mov eax, dword [ebp - 0x2c]
+mov al, byte [esi + eax + 0x2a]
+cmp al, 2
+je short loc_fffac3a2 ; je 0xfffac3a2
+cmp al, 3
+je short loc_fffac3c9 ; je 0xfffac3c9
+dec al
+jne short loc_fffac3ea ; jne 0xfffac3ea
+mov dword [ecx - 0x48], 1
+mov dword [ecx + 0x22f], 0
+jmp short loc_fffac3b3 ; jmp 0xfffac3b3
+
+loc_fffac3a2:
+mov dword [ecx - 0x48], 0
+mov dword [ecx + 0x22f], 1
+
+loc_fffac3b3:
+mov dword [ecx - 0x50], 2
+inc byte [ebx + 0x196a]
+mov dword [ecx - 0x4c], 1
+jmp short loc_fffac40f ; jmp 0xfffac40f
+
+loc_fffac3c9:
+mov dword [ecx - 0x48], 1
+mov dword [ecx + 0x22f], 1
+mov dword [ecx - 0x50], 1
+mov dword [ecx - 0x4c], 0
+jmp short loc_fffac40f ; jmp 0xfffac40f
+
+loc_fffac3ea:
+mov dword [ecx - 0x48], 0
+mov dword [ecx + 0x22f], 0
+mov dword [ecx - 0x50], 2
+inc byte [ebx + 0x196a]
+mov dword [ecx - 0x4c], 2
+
+loc_fffac40f:
+mov edx, dword [ebp - 0x40]
+push eax
+imul eax, dword [ebp - 0x2c], 0xc
+push 0xc
+add eax, dword [edx + 0xd4]
+mov dword [ebp - 0x38], ecx
+push eax
+lea eax, [ecx + 0x4ee]
+push eax
+mov eax, dword [ebp - 0x30]
+call dword [eax + 0x58] ; ucall
+mov edx, dword [ebp - 0x40]
+add esp, 0xc
+push 8
+mov ecx, dword [ebp - 0x2c]
+mov eax, dword [edx + 0xd8]
+lea eax, [eax + ecx*8]
+mov ecx, dword [ebp - 0x38]
+push eax
+lea eax, [ecx + 0x4a6]
+push eax
+mov eax, dword [ebp - 0x30]
+call dword [eax + 0x58] ; ucall
+mov al, byte [ebp - 0x34]
+add esp, 0x10
+mov ecx, dword [ebp - 0x38]
+mov dword [ebp - 0x38], 0
+add eax, eax
+mov byte [ebp - 0x47], al
+mov al, byte [ebp - 0x2c]
+mov dword [ebp - 0x34], ecx
+and eax, 7
+mov byte [ebp - 0x46], al
+shl byte [ebp - 0x46], 4
+
+loc_fffac47a:
+mov dword [ebp - 0x54], ecx
+mov ecx, dword [ebp - 0x34]
+mov edx, dword [edi + 1]
+mov eax, ecx
+sub eax, 0x48
+mov dword [ebp - 0x4c], eax
+mov al, byte [ebp - 0x47]
+add eax, dword [ebp - 0x38]
+movzx eax, al
+mov al, byte [edx + eax]
+mov edx, dword [ebp - 0x30]
+mov byte [ecx + 0x22e], al
+push eax
+push 3
+push ref_fffd3620 ; push 0xfffd3620
+lea eax, [ecx - 4]
+push eax
+call dword [edx + 0x58] ; ucall
+mov ecx, dword [ebp - 0x34]
+add esp, 0x10
+mov al, byte [ebp - 0x38]
+mov cl, byte [ecx + 0x22e]
+and eax, 0xf
+test cl, cl
+setne dl
+or al, byte [ebp - 0x46]
+mov byte [ebp - 0x48], cl
+mov cl, dl
+shl ecx, 7
+or eax, ecx
+mov ecx, dword [ebp - 0x4c]
+mov byte [ecx + 0x47], al
+mov ecx, dword [ebp - 0x34]
+cmp dword [ecx - 0x48], 1
+mov ecx, dword [ebp - 0x54]
+ja short loc_fffac552 ; ja 0xfffac552
+test dl, dl
+je short loc_fffac523 ; je 0xfffac523
+mov eax, dword [ebp - 0x44]
+cmp eax, 3
+sete dl
+test eax, eax
+sete al
+or dl, al
+je short loc_fffac552 ; je 0xfffac552
+push edx
+movzx eax, byte [ebp - 0x48]
+push 0x41
+push ref_fffd35a0 ; push 0xfffd35a0
+push 0x3c
+push ref_fffd35e4 ; push 0xfffd35e4
+push dword [ebp - 0x34]
+mov dword [ebp - 0x4c], ecx
+push eax
+mov eax, dword [ebp - 0x30]
+push dword [ebp - 0x50]
+call dword [eax + 0x78] ; ucall
+add esp, 0x20
+jmp short loc_fffac54f ; jmp 0xfffac54f
+
+loc_fffac523:
+mov dword [ebp - 0x4c], ecx
+mov ecx, dword [ebp - 0x2c]
+push eax
+push 0x200
+mov eax, ecx
+add eax, ecx
+mov ecx, dword [ebp - 0x40]
+add eax, dword [ebp - 0x38]
+shl eax, 9
+add eax, dword [ecx + 0xd0]
+push eax
+mov eax, dword [ebp - 0x30]
+push dword [ebp - 0x34]
+call dword [eax + 0x58] ; ucall
+add esp, 0x10
+
+loc_fffac54f:
+mov ecx, dword [ebp - 0x4c]
+
+loc_fffac552:
+inc dword [ebp - 0x38]
+add dword [ebp - 0x34], 0x277
+cmp dword [ebp - 0x38], 2
+jne loc_fffac47a ; jne 0xfffac47a
+inc dword [ebp - 0x2c]
+add ecx, 0x54a
+cmp dword [ebp - 0x2c], 2
+jne loc_fffac36f ; jne 0xfffac36f
+mov eax, dword [ebp - 0x44]
+mov edx, edi
+cmp eax, 2
+je short loc_fffac59a ; je 0xfffac59a
+cmp eax, 3
+je short loc_fffac5a9 ; je 0xfffac5a9
+dec eax
+mov eax, dword [ebp - 0x3c]
+jne short loc_fffac5b8 ; jne 0xfffac5b8
+call fcn_fffc3e29 ; call 0xfffc3e29
+mov eax, 1
+jmp short loc_fffac5bf ; jmp 0xfffac5bf
+
+loc_fffac59a:
+mov eax, dword [ebp - 0x3c]
+call fcn_fffc3e29 ; call 0xfffc3e29
+mov eax, 2
+jmp short loc_fffac5bf ; jmp 0xfffac5bf
+
+loc_fffac5a9:
+mov eax, dword [ebp - 0x3c]
+call fcn_fffc3e29 ; call 0xfffc3e29
+mov eax, 3
+jmp short loc_fffac5bf ; jmp 0xfffac5bf
+
+loc_fffac5b8:
+call fcn_fffc3e29 ; call 0xfffc3e29
+xor eax, eax
+
+loc_fffac5bf:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffac5c7: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+mov esi, 1
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 8]
+lea ecx, [edx - 4]
+cmp ecx, 3
+cmova esi, dword [ebp + 0x10]
+and edi, 3
+mov dword [ebp - 0x1c], ebx
+mov ebx, dword [ebp + 0xc]
+cmp edi, 3
+sete cl
+test al, al
+sete dl
+mov dword [ebp - 0x20], ebx
+test cl, dl
+jne short loc_fffac666 ; jne 0xfffac666
+mov ecx, 0xffff
+xor ebx, ebx
+test al, al
+je short loc_fffac60f ; je 0xfffac60f
+or ecx, 0xffffffff
+xor ebx, ebx
+
+loc_fffac60f: ; not directly referenced
+test esi, esi
+jne short loc_fffac62a ; jne 0xfffac62a
+cmp dword [ebp - 0x20], ebx
+jb short loc_fffac626 ; jb 0xfffac626
+ja short loc_fffac61f ; ja 0xfffac61f
+cmp dword [ebp - 0x1c], ecx
+
+loc_fffac61d: ; not directly referenced
+jbe short loc_fffac626 ; jbe 0xfffac626
+
+loc_fffac61f: ; not directly referenced
+mov eax, 0x80000003
+jmp short loc_fffac66b ; jmp 0xfffac66b
+
+loc_fffac626: ; not directly referenced
+xor eax, eax
+jmp short loc_fffac66b ; jmp 0xfffac66b
+
+loc_fffac62a: ; not directly referenced
+push eax
+push edi
+push ebx
+push ecx
+call fcn_fffab0ef ; call 0xfffab0ef
+lea ecx, [esi - 1]
+add esp, 0x10
+cmp edx, 0
+ja short loc_fffac642 ; ja 0xfffac642
+cmp eax, ecx
+jb short loc_fffac61f ; jb 0xfffac61f
+
+loc_fffac642: ; not directly referenced
+push ecx
+push edi
+xor edi, edi
+sub eax, esi
+sbb edx, edi
+add eax, 1
+adc edx, 0
+push edx
+push eax
+call fcn_fffab0f8 ; call 0xfffab0f8
+add esp, 0x10
+cmp dword [ebp - 0x20], edx
+ja short loc_fffac61f ; ja 0xfffac61f
+jb short loc_fffac626 ; jb 0xfffac626
+cmp dword [ebp - 0x1c], eax
+jmp short loc_fffac61d ; jmp 0xfffac61d
+
+loc_fffac666: ; not directly referenced
+mov eax, 0x80000002
+
+loc_fffac66b: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffac673:
+push ebp
+mov ebp, esp
+pop ebp
+jmp near loc_fffd286c ; jmp 0xfffd286c
+
+fcn_fffac67c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+xor eax, eax
+push ebx
+lea esi, [edi + 0x374e]
+sub esp, 0x3c
+mov byte [ebp - 0x29], 0
+mov dword [ebp - 0x3c], esi
+
+loc_fffac696: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x29], 1
+setbe dl
+test cl, dl
+je loc_fffac7df ; je 0xfffac7df
+movzx eax, byte [ebp - 0x29]
+imul edx, eax, 0x13c3
+mov dword [ebp - 0x30], eax
+lea eax, [edi + edx]
+cmp dword [eax + 0x3756], 2
+jne loc_fffac7d0 ; jne 0xfffac7d0
+mov ebx, dword [ebp - 0x3c]
+xor ecx, ecx
+mov dword [ebp - 0x38], eax
+lea esi, [ebx + edx + 8]
+mov dword [ebp - 0x34], esi
+mov esi, 1
+
+loc_fffac6db: ; not directly referenced
+mov edx, dword [ebp - 0x38]
+mov eax, 1
+mov bl, cl
+shl eax, cl
+test byte [edx + 0x381a], al
+je loc_fffac7ac ; je 0xfffac7ac
+cmp byte [edi + 0x247b], 0
+je short loc_fffac719 ; je 0xfffac719
+mov al, cl
+mov esi, dword [ebp - 0x34]
+shr al, 1
+movzx eax, al
+imul eax, eax, 0x128
+mov si, word [esi + eax + 0x126d]
+jmp near loc_fffac7a2 ; jmp 0xfffac7a2
+
+loc_fffac719: ; not directly referenced
+mov edx, dword [ebp - 0x30]
+mov eax, edi
+mov dword [ebp - 0x40], ecx
+call fcn_fffa6c42 ; call 0xfffa6c42
+test eax, eax
+je loc_fffac7da ; je 0xfffac7da
+mov dl, byte [eax + 1]
+xor eax, eax
+mov ecx, dword [ebp - 0x40]
+test dl, dl
+je short loc_fffac77a ; je 0xfffac77a
+cmp dl, 0x3c
+je short loc_fffac764 ; je 0xfffac764
+cmp dl, 0x78
+je short loc_fffac768 ; je 0xfffac768
+cmp dl, 0x28
+je short loc_fffac76c ; je 0xfffac76c
+cmp dl, 0xf0
+je short loc_fffac770 ; je 0xfffac770
+cmp dl, 0x30
+je short loc_fffac774 ; je 0xfffac774
+cmp dl, 0x50
+je short loc_fffac778 ; je 0xfffac778
+cmp dl, 0x22
+mov al, 7
+mov dl, 0
+cmovne eax, edx
+jmp short loc_fffac77a ; jmp 0xfffac77a
+
+loc_fffac764: ; not directly referenced
+mov al, 1
+jmp short loc_fffac77a ; jmp 0xfffac77a
+
+loc_fffac768: ; not directly referenced
+mov al, 2
+jmp short loc_fffac77a ; jmp 0xfffac77a
+
+loc_fffac76c: ; not directly referenced
+mov al, 3
+jmp short loc_fffac77a ; jmp 0xfffac77a
+
+loc_fffac770: ; not directly referenced
+mov al, 4
+jmp short loc_fffac77a ; jmp 0xfffac77a
+
+loc_fffac774: ; not directly referenced
+mov al, 5
+jmp short loc_fffac77a ; jmp 0xfffac77a
+
+loc_fffac778: ; not directly referenced
+mov al, 6
+
+loc_fffac77a: ; not directly referenced
+shl eax, 8
+and si, 0xf8ff
+or esi, eax
+mov al, bl
+shr al, 1
+movzx eax, al
+imul eax, eax, 0x128
+add eax, dword [ebp - 0x34]
+mov word [eax + 0x126d], si
+mov word [eax + 0x1285], si
+
+loc_fffac7a2: ; not directly referenced
+shr bl, 1
+movzx ebx, bl
+mov word [ebp + ebx*2 - 0x1c], si
+
+loc_fffac7ac: ; not directly referenced
+add ecx, 2
+cmp ecx, 4
+jne loc_fffac6db ; jne 0xfffac6db
+mov edx, dword [ebp - 0x30]
+sub esp, 0xc
+mov cl, 1
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, edi
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+jmp short loc_fffac7d2 ; jmp 0xfffac7d2
+
+loc_fffac7d0: ; not directly referenced
+xor eax, eax
+
+loc_fffac7d2: ; not directly referenced
+inc byte [ebp - 0x29]
+jmp near loc_fffac696 ; jmp 0xfffac696
+
+loc_fffac7da: ; not directly referenced
+mov eax, 1
+
+loc_fffac7df: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffac7e7: ; not directly referenced
+push ebp
+mov eax, 1
+mov ebp, esp
+movzx ecx, byte [ebp + 0x10]
+push esi
+movzx esi, byte [ebp + 0xc]
+mov edx, dword [ebp + 8]
+push ebx
+sub ecx, esi
+shl eax, cl
+mov ecx, esi
+dec eax
+movzx ebx, dl
+shl eax, cl
+lea ecx, [esi - 1]
+sar ebx, cl
+test ebx, ebx
+je short loc_fffac815 ; je 0xfffac815
+or eax, edx
+jmp short loc_fffac819 ; jmp 0xfffac819
+
+loc_fffac815: ; not directly referenced
+not eax
+and eax, edx
+
+loc_fffac819: ; not directly referenced
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffac81d: ; not directly referenced
+push ebp
+mov ebp, esp
+movzx eax, byte [ebp + 0xc]
+imul eax, eax, 0x13c3
+add eax, dword [ebp + 8]
+pop ebp
+cmp dword [eax + 0x130b], 2
+sete al
+movzx eax, al
+ret
+
+fcn_fffac83c: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov ecx, dword [ebp + 0xc]
+mov edx, dword [eax + 0xd5]
+and edx, 0xfffffffd
+dec edx
+jne short loc_fffac856 ; jne 0xfffac856
+mov dl, byte [ecx + 0x3e]
+jmp short loc_fffac85c ; jmp 0xfffac85c
+
+loc_fffac856: ; not directly referenced
+mov dl, byte [ecx + 0x82]
+
+loc_fffac85c: ; not directly referenced
+mov cl, dl
+and edx, 0x1f
+shr cl, 7
+movzx ecx, cl
+shl ecx, 5
+or edx, ecx
+mov byte [eax + 0xf5], dl
+mov eax, 1
+pop ebp
+ret
+
+fcn_fffac879: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x3c], 0
+mov dword [ebp - 0x20], 0
+mov edi, dword [eax + 0x1887]
+mov dword [ebp - 0x2c], edi
+lea edi, [eax + 0x2407]
+mov dword [ebp - 0x48], edi
+
+loc_fffac8a5: ; not directly referenced
+mov edi, dword [ebp - 0x20]
+mov edx, 0x4b0
+lea ecx, [edi - 2]
+cmp ecx, 1
+ja short loc_fffac8d7 ; ja 0xfffac8d7
+cmp byte [eax + 0x3749], 0
+jne short loc_fffac8d5 ; jne 0xfffac8d5
+
+loc_fffac8be: ; not directly referenced
+inc dword [ebp - 0x20]
+add dword [ebp - 0x3c], 0x23
+cmp dword [ebp - 0x20], 4
+jne short loc_fffac8a5 ; jne 0xfffac8a5
+mov edx, 0xfffffffe
+jmp near loc_fffacb46 ; jmp 0xfffacb46
+
+loc_fffac8d5: ; not directly referenced
+xor edx, edx
+
+loc_fffac8d7: ; not directly referenced
+mov edi, dword [ebp - 0x20]
+mov dword [ebp + edi*4 - 0x1c], edx
+mov edi, dword [ebp - 0x3c]
+lea edx, [eax + 0x1973]
+mov dword [ebp - 0x30], edx
+lea edx, [eax + 0x3756]
+mov dword [ebp - 0x28], edx
+lea ebx, [edi + 0x18b]
+add edi, 0xbb
+mov dword [ebp - 0x40], ebx
+mov dword [ebp - 0x44], edi
+
+loc_fffac905: ; not directly referenced
+mov edx, dword [ebp - 0x30]
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x38], edx
+
+loc_fffac912: ; not directly referenced
+mov ebx, dword [ebp - 0x28]
+mov edi, dword [ebp - 0x24]
+cmp dword [ebx + edi + 0x1173], 2
+jne loc_fffacb0c ; jne 0xfffacb0c
+mov edi, dword [ebp - 0x20]
+cmp edi, 1
+je loc_fffac9d2 ; je 0xfffac9d2
+jb loc_fffac9e0 ; jb 0xfffac9e0
+cmp edi, 3
+ja loc_fffac9e0 ; ja 0xfffac9e0
+mov edx, ebx
+mov ebx, dword [ebp - 0x24]
+cmp edi, 2
+mov dl, byte [edx + ebx + 0x1269]
+jne short loc_fffac95f ; jne 0xfffac95f
+and dl, 1
+jne short loc_fffac96a ; jne 0xfffac96a
+xor di, di
+jmp near loc_fffacafc ; jmp 0xfffacafc
+
+loc_fffac95f: ; not directly referenced
+xor edi, edi
+and dl, 2
+je loc_fffacafc ; je 0xfffacafc
+
+loc_fffac96a: ; not directly referenced
+mov edi, dword [ebp - 0x28]
+mov edx, dword [ebp - 0x24]
+mov ecx, dword [ebp - 0x44]
+mov ebx, dword [ebp - 0x40]
+mov edx, dword [edi + edx + 0x1248]
+mov edi, dword [ebp - 0x38]
+and edx, 0xfffffffd
+add ebx, edi
+add ecx, edi
+dec edx
+mov edx, 0x3e7
+cmovne ecx, ebx
+mov edi, 0x672
+mov cl, byte [ecx]
+mov ebx, ecx
+and ebx, 0x1f
+imul ebx, ebx, 0x32
+cmp ebx, 0x3e7
+cmovbe edx, ebx
+mov ebx, 0x4b0
+shr cl, 5
+and ecx, 3
+imul ecx, ecx, 0x3e8
+add edx, ecx
+cmp edx, 0x4b0
+cmovae ebx, edx
+cmp ebx, 0x672
+cmovbe edi, ebx
+jmp near loc_fffacafc ; jmp 0xfffacafc
+
+loc_fffac9d2: ; not directly referenced
+mov edi, dword [eax + 0x18a3]
+test edi, edi
+jne loc_fffacafc ; jne 0xfffacafc
+
+loc_fffac9e0: ; not directly referenced
+mov edi, dword [ebp - 0x24]
+mov ebx, dword [ebp - 0x28]
+mov edx, dword [ebx + edi + 0x1248]
+mov edi, 0x4b0
+and edx, 0xfffffffd
+dec edx
+jne loc_fffacafc ; jne 0xfffacafc
+mov edx, dword [ebp - 0x38]
+mov edi, dword [ebp - 0x2c]
+mov cl, byte [edx + 0x4e]
+mov dl, cl
+mov bl, cl
+and edx, 1
+shr bl, 1
+xor edx, 1
+shr cl, 2
+mov byte [ebp - 0x31], bl
+mov byte [ebp - 0x32], cl
+and byte [ebp - 0x31], 1
+and byte [ebp - 0x32], 1
+cmp edi, 0x40650
+je short loc_fffaca56 ; je 0xfffaca56
+cmp edi, 0x40660
+sete bl
+cmp edi, 0x306c0
+sete cl
+or bl, cl
+jne short loc_fffaca56 ; jne 0xfffaca56
+cmp edi, 0x40670
+sete bl
+cmp edi, 0x306d0
+sete cl
+or bl, cl
+je short loc_fffaca9b ; je 0xfffaca9b
+
+loc_fffaca56: ; not directly referenced
+mov bl, byte [ebp - 0x32]
+and esi, 0xfffffff9
+mov cl, byte [ebp - 0x31]
+and ebx, 1
+add ebx, ebx
+and ecx, 1
+shl ecx, 2
+or esi, ebx
+or esi, ecx
+and esi, 0xfffffff7
+lea ecx, [edx*8]
+or esi, ecx
+mov ecx, esi
+and ecx, 4
+cmp cl, 1
+sbb edi, edi
+and edi, 0x96
+add edi, 0x546
+cmp dword [ebp - 0x2c], 0x40650
+jne short loc_fffacaa0 ; jne 0xfffacaa0
+jmp short loc_fffacab9 ; jmp 0xfffacab9
+
+loc_fffaca9b: ; not directly referenced
+mov edi, 0x5dc
+
+loc_fffacaa0: ; not directly referenced
+mov ecx, dword [ebp - 0x2c]
+cmp ecx, 0x40670
+sete bl
+cmp ecx, 0x306d0
+sete cl
+or bl, cl
+je short loc_fffacae7 ; je 0xfffacae7
+
+loc_fffacab9: ; not directly referenced
+mov cl, byte [ebp - 0x32]
+and esi, 0xfffffff9
+mov bl, byte [ebp - 0x31]
+shl edx, 3
+and ecx, 1
+add ecx, ecx
+and ebx, 1
+shl ebx, 2
+or esi, ecx
+or esi, ebx
+and esi, 0xfffffff7
+or esi, edx
+mov edx, 0x4b0
+test esi, 2
+cmovne edi, edx
+
+loc_fffacae7: ; not directly referenced
+cmp dword [ebp - 0x20], 0
+jne short loc_fffacafc ; jne 0xfffacafc
+cmp dword [eax + 0x187f], 1
+mov ebx, 0x5dc
+cmove edi, ebx
+
+loc_fffacafc: ; not directly referenced
+mov ebx, dword [ebp - 0x20]
+mov edx, dword [ebp + ebx*4 - 0x1c]
+cmp edi, edx
+cmovb edi, edx
+mov dword [ebp + ebx*4 - 0x1c], edi
+
+loc_fffacb0c: ; not directly referenced
+add dword [ebp - 0x24], 0x128
+add dword [ebp - 0x38], 0x277
+cmp dword [ebp - 0x24], 0x250
+jne loc_fffac912 ; jne 0xfffac912
+add dword [ebp - 0x30], 0x54a
+mov edi, dword [ebp - 0x48]
+add dword [ebp - 0x28], 0x13c3
+cmp dword [ebp - 0x30], edi
+jne loc_fffac905 ; jne 0xfffac905
+jmp near loc_fffac8be ; jmp 0xfffac8be
+
+loc_fffacb46: ; not directly referenced
+cmp edx, 1
+ja short loc_fffacb54 ; ja 0xfffacb54
+cmp byte [eax + 0x3749], 0
+je short loc_fffacb7b ; je 0xfffacb7b
+
+loc_fffacb54: ; not directly referenced
+mov ecx, dword [ebp + edx*4 - 0x14]
+mov dword [eax + edx*4 + 0x373d], ecx
+mov dword [eax + edx*4 + 0x498d], ecx
+mov dword [eax + edx*4 + 0x4ab5], ecx
+mov dword [eax + edx*4 + 0x5d50], ecx
+mov dword [eax + edx*4 + 0x5e78], ecx
+
+loc_fffacb7b: ; not directly referenced
+inc edx
+cmp edx, 2
+jne short loc_fffacb46 ; jne 0xfffacb46
+add esp, 0x3c
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffacb8e: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x34
+mov edi, dword [ebp + 8]
+
+loc_fffacb9c: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffacbc3 ; ja 0xfffacbc3
+cmp byte [edi + 0x3749], 0
+jne short loc_fffacbc3 ; jne 0xfffacbc3
+
+loc_fffacbad: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffacb9c ; jne 0xfffacb9c
+lea eax, [edi + 0x48d1]
+mov ecx, 0xfffffffe
+jmp near loc_fffacd00 ; jmp 0xfffacd00
+
+loc_fffacbc3: ; not directly referenced
+xor edx, edx
+cmp ecx, 1
+lea esi, [edi + 0x49bf]
+setbe dl
+mov dword [ebp - 0x2c], esi
+imul eax, eax, 0x23
+imul esi, ecx, 0x2e
+lea ebx, [ecx*8 - 0x1269]
+mov dword [ebp + ecx*4 - 0x1c], edx
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x34], esi
+mov dword [ebp - 0x40], ebx
+mov dword [ebp - 0x30], eax
+
+loc_fffacbf5: ; not directly referenced
+mov eax, dword [ebp - 0x40]
+mov ebx, dword [ebp - 0x2c]
+mov dword [ebp - 0x28], 0
+add eax, ebx
+mov dword [ebp - 0x3c], eax
+mov eax, dword [ebp - 0x24]
+lea esi, [edi + eax + 0x1973]
+
+loc_fffacc11: ; not directly referenced
+cmp dword [ebx - 0xf6], 2
+jne loc_fffaccc6 ; jne 0xfffaccc6
+mov eax, dword [ebp - 0x34]
+mov edx, dword [ebp - 0x28]
+mov eax, dword [ebx + eax - 0xf2]
+mov dword [ebp - 0x20], eax
+mov eax, dword [ebp - 0x3c]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x38], eax
+cmp ecx, 1
+je short loc_fffacc9d ; je 0xfffacc9d
+jb short loc_fffaccb4 ; jb 0xfffaccb4
+cmp ecx, 3
+ja short loc_fffaccb4 ; ja 0xfffaccb4
+cmp ecx, 2
+mov dl, byte [ebx]
+jne short loc_fffacc57 ; jne 0xfffacc57
+and dl, 1
+jne short loc_fffacc5e ; jne 0xfffacc5e
+xor eax, eax
+jmp short loc_fffaccb9 ; jmp 0xfffaccb9
+
+loc_fffacc57: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffaccb9 ; je 0xfffaccb9
+
+loc_fffacc5e: ; not directly referenced
+mov eax, dword [ebx - 0x21]
+and eax, 0xfffffffd
+dec eax
+mov eax, dword [ebp - 0x30]
+jne short loc_fffacc74 ; jne 0xfffacc74
+movzx edx, byte [esi + eax + 0x118]
+jmp short loc_fffacc7c ; jmp 0xfffacc7c
+
+loc_fffacc74: ; not directly referenced
+movzx edx, byte [esi + eax + 0x1e8]
+
+loc_fffacc7c: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x20], 0
+je short loc_fffaccb9 ; je 0xfffaccb9
+imul edx, dword [ebp - 0x38]
+mov eax, dword [ebp - 0x20]
+lea eax, [eax + edx - 1]
+xor edx, edx
+div dword [ebp - 0x20]
+mov edx, 2
+test eax, eax
+jmp short loc_fffaccaf ; jmp 0xfffaccaf
+
+loc_fffacc9d: ; not directly referenced
+mov dx, word [esi + 0x24c]
+movzx eax, dx
+test dx, dx
+mov edx, 1
+
+loc_fffaccaf: ; not directly referenced
+cmove eax, edx
+jmp short loc_fffaccb9 ; jmp 0xfffaccb9
+
+loc_fffaccb4: ; not directly referenced
+mov eax, 1
+
+loc_fffaccb9: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffaccc6: ; not directly referenced
+add dword [ebp - 0x28], 0x20
+add ebx, 0x128
+add esi, 0x277
+cmp dword [ebp - 0x28], 0x40
+jne loc_fffacc11 ; jne 0xfffacc11
+add dword [ebp - 0x24], 0x54a
+add dword [ebp - 0x2c], 0x13c3
+cmp dword [ebp - 0x24], 0xa94
+jne loc_fffacbf5 ; jne 0xfffacbf5
+jmp near loc_fffacbad ; jmp 0xfffacbad
+
+loc_fffacd00: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffacd0e ; ja 0xfffacd0e
+cmp byte [edi + 0x3749], 0
+je short loc_fffacd38 ; je 0xfffacd38
+
+loc_fffacd0e: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffacd38: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffacd00 ; jne 0xfffacd00
+add esp, 0x34
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffacd4e: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x24
+mov edi, dword [ebp + 8]
+
+loc_fffacd5c: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffacd83 ; ja 0xfffacd83
+cmp byte [edi + 0x3749], 0
+jne short loc_fffacd83 ; jne 0xfffacd83
+
+loc_fffacd6d: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffacd5c ; jne 0xfffacd5c
+lea eax, [edi + 0x48f9]
+mov ecx, 0xfffffffe
+jmp near loc_ffface4e ; jmp 0xffface4e
+
+loc_fffacd83: ; not directly referenced
+lea eax, [edi + 0x48c9]
+mov dword [ebp - 0x28], eax
+imul eax, ecx, 0x2e
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+mov dword [ebp - 0x2c], eax
+
+loc_fffacda1: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+mov ebx, dword [ebp - 0x28]
+mov dword [ebp - 0x24], 0
+lea eax, [edi + eax + 0x196b]
+mov dword [ebp - 0x30], eax
+
+loc_fffacdb8: ; not directly referenced
+cmp dword [ebx], 2
+jne short loc_ffface18 ; jne 0xffface18
+mov eax, dword [ebp - 0x2c]
+mov esi, dword [ebx + eax + 4]
+cmp ecx, 1
+je short loc_fffacdd4 ; je 0xfffacdd4
+jb short loc_fffacde7 ; jb 0xfffacde7
+xor eax, eax
+cmp ecx, 3
+jbe short loc_ffface00 ; jbe 0xffface00
+jmp short loc_fffacde7 ; jmp 0xfffacde7
+
+loc_fffacdd4: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x24]
+movzx eax, word [eax + edx + 0x27a]
+test ax, ax
+jne short loc_ffface00 ; jne 0xffface00
+
+loc_fffacde7: ; not directly referenced
+xor eax, eax
+cmp dword [ebx + 0xd5], 2
+jne short loc_ffface00 ; jne 0xffface00
+test esi, esi
+je short loc_ffface00 ; je 0xffface00
+lea eax, [esi + 0x26259f]
+xor edx, edx
+div esi
+
+loc_ffface00: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 4
+mov esi, 4
+cmova eax, esi
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_ffface18: ; not directly referenced
+add dword [ebp - 0x24], 0x277
+add ebx, 0x128
+cmp dword [ebp - 0x24], 0x4ee
+jne short loc_fffacdb8 ; jne 0xfffacdb8
+add dword [ebp - 0x20], 0x54a
+add dword [ebp - 0x28], 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffacda1 ; jne 0xfffacda1
+jmp near loc_fffacd6d ; jmp 0xfffacd6d
+
+loc_ffface4e: ; not directly referenced
+cmp ecx, 1
+ja short loc_ffface5c ; ja 0xffface5c
+cmp byte [edi + 0x3749], 0
+je short loc_ffface86 ; je 0xffface86
+
+loc_ffface5c: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_ffface86: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_ffface4e ; jne 0xffface4e
+add esp, 0x24
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_ffface9c: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x24
+mov edi, dword [ebp + 8]
+
+loc_fffaceaa: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffaced1 ; ja 0xfffaced1
+cmp byte [edi + 0x3749], 0
+jne short loc_fffaced1 ; jne 0xfffaced1
+
+loc_fffacebb: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffaceaa ; jne 0xfffaceaa
+lea eax, [edi + 0x48f7]
+mov ecx, 0xfffffffe
+jmp near loc_fffacf9c ; jmp 0xfffacf9c
+
+loc_fffaced1: ; not directly referenced
+lea eax, [edi + 0x48c9]
+mov dword [ebp - 0x28], eax
+imul eax, ecx, 0x2e
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+mov dword [ebp - 0x2c], eax
+
+loc_fffaceef: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+mov ebx, dword [ebp - 0x28]
+mov dword [ebp - 0x24], 0
+lea eax, [edi + eax + 0x196b]
+mov dword [ebp - 0x30], eax
+
+loc_fffacf06: ; not directly referenced
+cmp dword [ebx], 2
+jne short loc_fffacf66 ; jne 0xfffacf66
+mov eax, dword [ebp - 0x2c]
+mov esi, dword [ebx + eax + 4]
+cmp ecx, 1
+je short loc_fffacf22 ; je 0xfffacf22
+jb short loc_fffacf35 ; jb 0xfffacf35
+xor eax, eax
+cmp ecx, 3
+jbe short loc_fffacf4e ; jbe 0xfffacf4e
+jmp short loc_fffacf35 ; jmp 0xfffacf35
+
+loc_fffacf22: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x24]
+movzx eax, word [eax + edx + 0x27a]
+test ax, ax
+jne short loc_fffacf4e ; jne 0xfffacf4e
+
+loc_fffacf35: ; not directly referenced
+xor eax, eax
+cmp dword [ebx + 0xd5], 2
+jne short loc_fffacf4e ; jne 0xfffacf4e
+test esi, esi
+je short loc_fffacf4e ; je 0xfffacf4e
+lea eax, [esi + 0x7270df]
+xor edx, edx
+div esi
+
+loc_fffacf4e: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 0xb
+mov esi, 0xb
+cmova eax, esi
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffacf66: ; not directly referenced
+add dword [ebp - 0x24], 0x277
+add ebx, 0x128
+cmp dword [ebp - 0x24], 0x4ee
+jne short loc_fffacf06 ; jne 0xfffacf06
+add dword [ebp - 0x20], 0x54a
+add dword [ebp - 0x28], 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffaceef ; jne 0xfffaceef
+jmp near loc_fffacebb ; jmp 0xfffacebb
+
+loc_fffacf9c: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffacfaa ; ja 0xfffacfaa
+cmp byte [edi + 0x3749], 0
+je short loc_fffacfd4 ; je 0xfffacfd4
+
+loc_fffacfaa: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffacfd4: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffacf9c ; jne 0xfffacf9c
+add esp, 0x24
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffacfea: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+
+loc_fffacff5: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffad021 ; ja 0xfffad021
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x3749], 0
+jne short loc_fffad021 ; jne 0xfffad021
+
+loc_fffad009: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffacff5 ; jne 0xfffacff5
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48f5
+jmp near loc_fffad142 ; jmp 0xfffad142
+
+loc_fffad021: ; not directly referenced
+mov edi, dword [ebp + 8]
+imul esi, ecx, 0x2e
+imul eax, eax, 0x23
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x24], 0
+lea ebx, [edi + 0x49bf]
+mov dword [ebp - 0x2c], ebx
+lea ebx, [ecx*8 - 0x1269]
+mov dword [ebp - 0x30], esi
+mov dword [ebp - 0x38], ebx
+mov dword [ebp - 0x3c], eax
+
+loc_fffad052: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+mov esi, dword [ebp - 0x2c]
+mov edi, dword [ebp - 0x24]
+mov dword [ebp - 0x20], 0
+add eax, esi
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp + 8]
+lea edi, [eax + edi + 0x1973]
+
+loc_fffad071: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffad108 ; jne 0xfffad108
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x20]
+mov ebx, dword [esi + eax - 0xf2]
+mov eax, dword [ebp - 0x34]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x28], eax
+cmp ecx, 1
+je short loc_fffad0ce ; je 0xfffad0ce
+jb short loc_fffad0da ; jb 0xfffad0da
+cmp ecx, 3
+ja short loc_fffad0da ; ja 0xfffad0da
+cmp ecx, 2
+mov dl, byte [esi]
+jne short loc_fffad0b4 ; jne 0xfffad0b4
+and dl, 1
+jne short loc_fffad0bb ; jne 0xfffad0bb
+xor eax, eax
+jmp short loc_fffad0f0 ; jmp 0xfffad0f0
+
+loc_fffad0b4: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffad0f0 ; je 0xfffad0f0
+
+loc_fffad0bb: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+movzx edx, byte [edi + eax + 0x115]
+xor eax, eax
+test ebx, ebx
+je short loc_fffad0f0 ; je 0xfffad0f0
+jmp short loc_fffad0e4 ; jmp 0xfffad0e4
+
+loc_fffad0ce: ; not directly referenced
+movzx eax, word [edi + 0x270]
+test ax, ax
+jne short loc_fffad0f0 ; jne 0xfffad0f0
+
+loc_fffad0da: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+je short loc_fffad0f0 ; je 0xfffad0f0
+movzx edx, byte [edi + 0x62]
+
+loc_fffad0e4: ; not directly referenced
+imul edx, dword [ebp - 0x28]
+lea eax, [ebx + edx - 1]
+xor edx, edx
+div ebx
+
+loc_fffad0f0: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 0xa
+mov ebx, 0xa
+cmova eax, ebx
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffad108: ; not directly referenced
+add dword [ebp - 0x20], 0x20
+add esi, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x20], 0x40
+jne loc_fffad071 ; jne 0xfffad071
+add dword [ebp - 0x24], 0x54a
+add dword [ebp - 0x2c], 0x13c3
+cmp dword [ebp - 0x24], 0xa94
+jne loc_fffad052 ; jne 0xfffad052
+jmp near loc_fffad009 ; jmp 0xfffad009
+
+loc_fffad142: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffad153 ; ja 0xfffad153
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je short loc_fffad17d ; je 0xfffad17d
+
+loc_fffad153: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffad17d: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffad142 ; jne 0xfffad142
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffad193: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+mov dword [ebp - 0x20], 0x10
+
+loc_fffad1a5: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffad1bd ; ja 0xfffad1bd
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je loc_fffad312 ; je 0xfffad312
+
+loc_fffad1bd: ; not directly referenced
+imul esi, ecx, 0x2e
+imul eax, eax, 0x23
+lea edi, [ecx*8 + 0x3756]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x30], esi
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x38], edi
+mov dword [ebp - 0x3c], eax
+
+loc_fffad1e2: ; not directly referenced
+mov edi, dword [ebp - 0x24]
+mov esi, dword [ebp - 0x38]
+mov dword [ebp - 0x28], 0
+imul eax, edi, 0x13c3
+imul edx, edi, 0x54a
+mov edi, dword [ebp + 8]
+lea ebx, [esi + eax]
+mov esi, dword [ebp + 8]
+add ebx, dword [ebp + 8]
+lea edi, [edi + edx + 0x1973]
+mov dword [ebp - 0x34], ebx
+lea esi, [esi + eax + 0x49bf]
+
+loc_fffad218: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffad2eb ; jne 0xfffad2eb
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x28]
+mov ebx, dword [esi + eax - 0xf2]
+mov eax, dword [ebp - 0x34]
+mov eax, dword [eax + edx + 0xc9]
+mov edx, dword [esi - 0x21]
+mov dword [ebp - 0x2c], eax
+mov eax, 0x18
+cmp edx, 2
+cmovne eax, dword [ebp - 0x20]
+mov dword [ebp - 0x20], eax
+cmp ecx, 1
+je short loc_fffad28f ; je 0xfffad28f
+jb short loc_fffad29b ; jb 0xfffad29b
+cmp ecx, 3
+ja short loc_fffad29b ; ja 0xfffad29b
+cmp ecx, 2
+mov dl, byte [esi]
+jne short loc_fffad26d ; jne 0xfffad26d
+and dl, 1
+jne short loc_fffad274 ; jne 0xfffad274
+xor eax, eax
+jmp short loc_fffad2c9 ; jmp 0xfffad2c9
+
+loc_fffad26d: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffad2c9 ; je 0xfffad2c9
+
+loc_fffad274: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+movzx edx, byte [edi + eax + 0x109]
+xor eax, eax
+test ebx, ebx
+je short loc_fffad2c9 ; je 0xfffad2c9
+imul edx, dword [ebp - 0x2c]
+lea eax, [ebx + edx - 1]
+jmp short loc_fffad2b2 ; jmp 0xfffad2b2
+
+loc_fffad28f: ; not directly referenced
+movzx eax, word [edi + 0x26e]
+test ax, ax
+jne short loc_fffad2c9 ; jne 0xfffad2c9
+
+loc_fffad29b: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+je short loc_fffad2c9 ; je 0xfffad2c9
+movzx eax, byte [edi + 0x59]
+cmp edx, 2
+je short loc_fffad2b8 ; je 0xfffad2b8
+imul eax, dword [ebp - 0x2c]
+lea eax, [ebx + eax - 1]
+
+loc_fffad2b2: ; not directly referenced
+xor edx, edx
+div ebx
+jmp short loc_fffad2c9 ; jmp 0xfffad2c9
+
+loc_fffad2b8: ; not directly referenced
+xor edx, edx
+mov eax, 0xe4e1c0
+div ebx
+lea edx, [eax + 1]
+test al, 1
+cmovne eax, edx
+
+loc_fffad2c9: ; not directly referenced
+mov edx, eax
+and edx, 0xfffffff9
+cmp edx, 9
+jne short loc_fffad2d6 ; jne 0xfffad2d6
+inc eax
+jmp short loc_fffad2de ; jmp 0xfffad2de
+
+loc_fffad2d6: ; not directly referenced
+mov ebx, dword [ebp - 0x20]
+cmp eax, ebx
+cmova eax, ebx
+
+loc_fffad2de: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffad2eb: ; not directly referenced
+add dword [ebp - 0x28], 0x20
+add esi, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x28], 0x40
+jne loc_fffad218 ; jne 0xfffad218
+inc dword [ebp - 0x24]
+cmp dword [ebp - 0x24], 2
+jne loc_fffad1e2 ; jne 0xfffad1e2
+
+loc_fffad312: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne loc_fffad1a5 ; jne 0xfffad1a5
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48f3
+
+loc_fffad329: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffad33a ; ja 0xfffad33a
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x3749], 0
+je short loc_fffad364 ; je 0xfffad364
+
+loc_fffad33a: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffad364: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffad329 ; jne 0xfffad329
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffad37a: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+mov dword [ebp - 0x20], 0xf
+
+loc_fffad38c: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffad3a4 ; ja 0xfffad3a4
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je loc_fffad4f8 ; je 0xfffad4f8
+
+loc_fffad3a4: ; not directly referenced
+imul esi, ecx, 0x2e
+imul eax, eax, 0x23
+lea edi, [ecx*8 + 0x3756]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x30], esi
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x38], edi
+mov dword [ebp - 0x3c], eax
+
+loc_fffad3c9: ; not directly referenced
+mov edi, dword [ebp - 0x24]
+mov esi, dword [ebp - 0x38]
+mov dword [ebp - 0x28], 0
+imul eax, edi, 0x13c3
+imul edx, edi, 0x54a
+mov edi, dword [ebp + 8]
+lea ebx, [esi + eax]
+mov esi, dword [ebp + 8]
+add ebx, dword [ebp + 8]
+lea edi, [edi + edx + 0x1973]
+mov dword [ebp - 0x34], ebx
+lea esi, [esi + eax + 0x49bf]
+
+loc_fffad3ff: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffad4d1 ; jne 0xfffad4d1
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x28]
+mov ebx, dword [esi + eax - 0xf2]
+mov eax, dword [ebp - 0x34]
+mov eax, dword [eax + edx + 0xc9]
+mov edx, dword [esi - 0x21]
+mov dword [ebp - 0x2c], eax
+mov eax, 0xc
+cmp edx, 2
+cmovne eax, dword [ebp - 0x20]
+mov dword [ebp - 0x20], eax
+cmp ecx, 1
+je short loc_fffad476 ; je 0xfffad476
+jb short loc_fffad482 ; jb 0xfffad482
+cmp ecx, 3
+ja short loc_fffad482 ; ja 0xfffad482
+cmp ecx, 2
+mov dl, byte [esi]
+jne short loc_fffad454 ; jne 0xfffad454
+and dl, 1
+jne short loc_fffad45b ; jne 0xfffad45b
+xor eax, eax
+jmp short loc_fffad4bc ; jmp 0xfffad4bc
+
+loc_fffad454: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffad4bc ; je 0xfffad4bc
+
+loc_fffad45b: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+movzx edx, byte [edi + eax + 0x111]
+xor eax, eax
+test ebx, ebx
+je short loc_fffad4bc ; je 0xfffad4bc
+imul edx, dword [ebp - 0x2c]
+lea eax, [ebx + edx - 1]
+jmp short loc_fffad499 ; jmp 0xfffad499
+
+loc_fffad476: ; not directly referenced
+movzx eax, word [edi + 0x26c]
+test ax, ax
+jne short loc_fffad4bc ; jne 0xfffad4bc
+
+loc_fffad482: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+je short loc_fffad4bc ; je 0xfffad4bc
+movzx eax, byte [edi + 0x63]
+cmp edx, 2
+je short loc_fffad49f ; je 0xfffad49f
+imul eax, dword [ebp - 0x2c]
+lea eax, [ebx + eax - 1]
+
+loc_fffad499: ; not directly referenced
+xor edx, edx
+div ebx
+jmp short loc_fffad4bc ; jmp 0xfffad4bc
+
+loc_fffad49f: ; not directly referenced
+mov eax, 0x7270e0
+xor edx, edx
+div ebx
+mov ebx, eax
+mov eax, 5
+cmp ebx, 4
+jbe short loc_fffad4bc ; jbe 0xfffad4bc
+cmp ebx, 0xb
+mov al, 0xc
+cmovne eax, ebx
+
+loc_fffad4bc: ; not directly referenced
+mov ebx, dword [ebp - 0x20]
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, ebx
+cmova eax, ebx
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffad4d1: ; not directly referenced
+add dword [ebp - 0x28], 0x20
+add esi, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x28], 0x40
+jne loc_fffad3ff ; jne 0xfffad3ff
+inc dword [ebp - 0x24]
+cmp dword [ebp - 0x24], 2
+jne loc_fffad3c9 ; jne 0xfffad3c9
+
+loc_fffad4f8: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne loc_fffad38c ; jne 0xfffad38c
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48f1
+
+loc_fffad50f: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffad520 ; ja 0xfffad520
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x3749], 0
+je short loc_fffad54a ; je 0xfffad54a
+
+loc_fffad520: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffad54a: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffad50f ; jne 0xfffad50f
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffad560: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x34
+
+loc_fffad56b: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffad597 ; ja 0xfffad597
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffad597 ; jne 0xfffad597
+
+loc_fffad57f: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffad56b ; jne 0xfffad56b
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48ef
+jmp near loc_fffad6bc ; jmp 0xfffad6bc
+
+loc_fffad597: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+lea edi, [eax + 0x3756]
+lea eax, [ecx*8]
+mov dword [ebp - 0x30], eax
+imul eax, ecx, 0x2e
+mov dword [ebp - 0x2c], eax
+
+loc_fffad5bf: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+xor esi, esi
+mov ebx, dword [ebp - 0x20]
+add eax, edi
+mov dword [ebp - 0x40], eax
+mov eax, dword [ebp + 8]
+lea ebx, [eax + ebx + 0x1973]
+mov eax, dword [ebp - 0x30]
+add eax, edi
+mov dword [ebp - 0x28], eax
+
+loc_fffad5de: ; not directly referenced
+cmp dword [edi + esi + 0x1173], 2
+jne loc_fffad681 ; jne 0xfffad681
+mov eax, dword [ebp - 0x40]
+mov eax, dword [eax + esi + 0x1177]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp - 0x28]
+mov edx, dword [eax + 0xc9]
+mov eax, dword [eax + 0xcd]
+mov dword [ebp - 0x34], edx
+mov dword [ebp - 0x38], eax
+cmp ecx, 1
+je short loc_fffad61e ; je 0xfffad61e
+jb short loc_fffad62a ; jb 0xfffad62a
+xor eax, eax
+cmp ecx, 3
+jbe short loc_fffad669 ; jbe 0xfffad669
+jmp short loc_fffad62a ; jmp 0xfffad62a
+
+loc_fffad61e: ; not directly referenced
+movzx eax, word [ebx + 0x26a]
+test ax, ax
+jne short loc_fffad669 ; jne 0xfffad669
+
+loc_fffad62a: ; not directly referenced
+xor eax, eax
+cmp dword [edi + esi + 0x1248], 2
+jne short loc_fffad669 ; jne 0xfffad669
+mov dl, byte [ebx + 0x6e]
+cmp dword [ebp - 0x24], 0
+mov byte [ebp - 0x39], dl
+mov dl, byte [ebx + 0xbf]
+mov byte [ebp - 0x3a], dl
+je short loc_fffad669 ; je 0xfffad669
+movzx edx, byte [ebp - 0x39]
+imul edx, dword [ebp - 0x34]
+mov eax, dword [ebp - 0x24]
+lea eax, [eax + edx - 1]
+movsx edx, byte [ebp - 0x3a]
+imul edx, dword [ebp - 0x38]
+add eax, edx
+xor edx, edx
+div dword [ebp - 0x24]
+
+loc_fffad669: ; not directly referenced
+cmp eax, 0xa
+mov edx, 0xa
+cmova eax, edx
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffad681: ; not directly referenced
+add esi, 0x128
+add ebx, 0x277
+add dword [ebp - 0x28], 0x20
+cmp esi, 0x250
+jne loc_fffad5de ; jne 0xfffad5de
+add dword [ebp - 0x20], 0x54a
+add edi, 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffad5bf ; jne 0xfffad5bf
+jmp near loc_fffad57f ; jmp 0xfffad57f
+
+loc_fffad6bc: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffad6cd ; ja 0xfffad6cd
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je short loc_fffad6f7 ; je 0xfffad6f7
+
+loc_fffad6cd: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffad6f7: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffad6bc ; jne 0xfffad6bc
+add esp, 0x34
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffad70d: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x34
+
+loc_fffad718: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffad744 ; ja 0xfffad744
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffad744 ; jne 0xfffad744
+
+loc_fffad72c: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffad718 ; jne 0xfffad718
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48ed
+jmp near loc_fffad869 ; jmp 0xfffad869
+
+loc_fffad744: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+lea edi, [eax + 0x3756]
+lea eax, [ecx*8]
+mov dword [ebp - 0x30], eax
+imul eax, ecx, 0x2e
+mov dword [ebp - 0x2c], eax
+
+loc_fffad76c: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+xor esi, esi
+mov ebx, dword [ebp - 0x20]
+add eax, edi
+mov dword [ebp - 0x40], eax
+mov eax, dword [ebp + 8]
+lea ebx, [eax + ebx + 0x1973]
+mov eax, dword [ebp - 0x30]
+add eax, edi
+mov dword [ebp - 0x28], eax
+
+loc_fffad78b: ; not directly referenced
+cmp dword [edi + esi + 0x1173], 2
+jne loc_fffad82e ; jne 0xfffad82e
+mov eax, dword [ebp - 0x40]
+mov eax, dword [eax + esi + 0x1177]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp - 0x28]
+mov edx, dword [eax + 0xc9]
+mov eax, dword [eax + 0xcd]
+mov dword [ebp - 0x34], edx
+mov dword [ebp - 0x38], eax
+cmp ecx, 1
+je short loc_fffad7cb ; je 0xfffad7cb
+jb short loc_fffad7d7 ; jb 0xfffad7d7
+xor eax, eax
+cmp ecx, 3
+jbe short loc_fffad816 ; jbe 0xfffad816
+jmp short loc_fffad7d7 ; jmp 0xfffad7d7
+
+loc_fffad7cb: ; not directly referenced
+movzx eax, word [ebx + 0x268]
+test ax, ax
+jne short loc_fffad816 ; jne 0xfffad816
+
+loc_fffad7d7: ; not directly referenced
+xor eax, eax
+cmp dword [edi + esi + 0x1248], 2
+jne short loc_fffad816 ; jne 0xfffad816
+mov dl, byte [ebx + 0x6f]
+cmp dword [ebp - 0x24], 0
+mov byte [ebp - 0x39], dl
+mov dl, byte [ebx + 0xbe]
+mov byte [ebp - 0x3a], dl
+je short loc_fffad816 ; je 0xfffad816
+movzx edx, byte [ebp - 0x39]
+imul edx, dword [ebp - 0x34]
+mov eax, dword [ebp - 0x24]
+lea eax, [eax + edx - 1]
+movsx edx, byte [ebp - 0x3a]
+imul edx, dword [ebp - 0x38]
+add eax, edx
+xor edx, edx
+div dword [ebp - 0x24]
+
+loc_fffad816: ; not directly referenced
+cmp eax, 0xf
+mov edx, 0xf
+cmova eax, edx
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffad82e: ; not directly referenced
+add esi, 0x128
+add ebx, 0x277
+add dword [ebp - 0x28], 0x20
+cmp esi, 0x250
+jne loc_fffad78b ; jne 0xfffad78b
+add dword [ebp - 0x20], 0x54a
+add edi, 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffad76c ; jne 0xfffad76c
+jmp near loc_fffad72c ; jmp 0xfffad72c
+
+loc_fffad869: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffad87a ; ja 0xfffad87a
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je short loc_fffad8a4 ; je 0xfffad8a4
+
+loc_fffad87a: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffad8a4: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffad869 ; jne 0xfffad869
+add esp, 0x34
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffad8ba: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+
+loc_fffad8c5: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffad8f1 ; ja 0xfffad8f1
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x3749], 0
+jne short loc_fffad8f1 ; jne 0xfffad8f1
+
+loc_fffad8d9: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffad8c5 ; jne 0xfffad8c5
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48eb
+jmp near loc_fffada12 ; jmp 0xfffada12
+
+loc_fffad8f1: ; not directly referenced
+mov edi, dword [ebp + 8]
+imul esi, ecx, 0x2e
+imul eax, eax, 0x23
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x24], 0
+lea ebx, [edi + 0x49bf]
+mov dword [ebp - 0x2c], ebx
+lea ebx, [ecx*8 - 0x1269]
+mov dword [ebp - 0x30], esi
+mov dword [ebp - 0x38], ebx
+mov dword [ebp - 0x3c], eax
+
+loc_fffad922: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+mov esi, dword [ebp - 0x2c]
+mov edi, dword [ebp - 0x24]
+mov dword [ebp - 0x20], 0
+add eax, esi
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp + 8]
+lea edi, [eax + edi + 0x1973]
+
+loc_fffad941: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffad9d8 ; jne 0xfffad9d8
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x20]
+mov ebx, dword [esi + eax - 0xf2]
+mov eax, dword [ebp - 0x34]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x28], eax
+cmp ecx, 1
+je short loc_fffad99e ; je 0xfffad99e
+jb short loc_fffad9aa ; jb 0xfffad9aa
+cmp ecx, 3
+ja short loc_fffad9aa ; ja 0xfffad9aa
+cmp ecx, 2
+mov dl, byte [esi]
+jne short loc_fffad984 ; jne 0xfffad984
+and dl, 1
+jne short loc_fffad98b ; jne 0xfffad98b
+xor eax, eax
+jmp short loc_fffad9c0 ; jmp 0xfffad9c0
+
+loc_fffad984: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffad9c0 ; je 0xfffad9c0
+
+loc_fffad98b: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+movzx edx, byte [edi + eax + 0x112]
+xor eax, eax
+test ebx, ebx
+je short loc_fffad9c0 ; je 0xfffad9c0
+jmp short loc_fffad9b4 ; jmp 0xfffad9b4
+
+loc_fffad99e: ; not directly referenced
+movzx eax, word [edi + 0x266]
+test ax, ax
+jne short loc_fffad9c0 ; jne 0xfffad9c0
+
+loc_fffad9aa: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+je short loc_fffad9c0 ; je 0xfffad9c0
+movzx edx, byte [edi + 0x5b]
+
+loc_fffad9b4: ; not directly referenced
+imul edx, dword [ebp - 0x28]
+lea eax, [ebx + edx - 1]
+xor edx, edx
+div ebx
+
+loc_fffad9c0: ; not directly referenced
+cmp dword [ebp + ecx*4 - 0x1c], 4
+mov edx, 4
+cmovae edx, dword [ebp + ecx*4 - 0x1c]
+cmp edx, eax
+cmovae eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffad9d8: ; not directly referenced
+add dword [ebp - 0x20], 0x20
+add esi, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x20], 0x40
+jne loc_fffad941 ; jne 0xfffad941
+add dword [ebp - 0x24], 0x54a
+add dword [ebp - 0x2c], 0x13c3
+cmp dword [ebp - 0x24], 0xa94
+jne loc_fffad922 ; jne 0xfffad922
+jmp near loc_fffad8d9 ; jmp 0xfffad8d9
+
+loc_fffada12: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffada23 ; ja 0xfffada23
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je short loc_fffada4d ; je 0xfffada4d
+
+loc_fffada23: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffada4d: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffada12 ; jne 0xfffada12
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffada63: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x38
+mov edi, dword [ebp + 8]
+mov byte [ebp - 0x1d], 0
+lea eax, [edi + 0x3756]
+mov dword [ebp - 0x40], eax
+
+loc_fffada7e: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffada93 ; ja 0xfffada93
+cmp byte [edi + 0x3749], 0
+je loc_fffadbac ; je 0xfffadbac
+
+loc_fffada93: ; not directly referenced
+lea eax, [edi + 0x48c9]
+mov dword [ebp - 0x3c], eax
+imul eax, ecx, 0x2e
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x28], 0
+mov dword [ebp - 0x38], eax
+mov eax, dword [ebp - 0x40]
+mov dword [ebp - 0x34], eax
+
+loc_fffadab7: ; not directly referenced
+mov eax, dword [ebp - 0x28]
+mov ebx, dword [ebp - 0x3c]
+mov dword [ebp - 0x2c], 0
+lea eax, [edi + eax + 0x1973]
+mov dword [ebp - 0x30], eax
+
+loc_fffadace: ; not directly referenced
+cmp dword [ebx], 2
+jne loc_fffadb6f ; jne 0xfffadb6f
+cmp dword [ebx + 0xd5], 3
+jne loc_fffadb6f ; jne 0xfffadb6f
+mov eax, dword [ebp - 0x38]
+mov esi, dword [ebp - 0x2c]
+mov eax, dword [ebx + eax + 4]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp - 0x34]
+mov edx, dword [eax + esi + 0xc9]
+mov eax, dword [eax + esi + 0xcd]
+mov dword [ebp - 0x44], eax
+cmp ecx, 1
+jne short loc_fffadb19 ; jne 0xfffadb19
+mov eax, dword [ebp - 0x30]
+movzx eax, word [eax + 0x264]
+test ax, ax
+jne short loc_fffadb3f ; jne 0xfffadb3f
+
+loc_fffadb19: ; not directly referenced
+cmp dword [ebp - 0x24], 0
+je short loc_fffadb62 ; je 0xfffadb62
+mov esi, dword [ebp - 0x30]
+movzx eax, byte [esi + 0x6f]
+imul edx, eax
+mov eax, dword [ebp - 0x24]
+lea edx, [eax + edx - 1]
+movsx eax, byte [esi + 0x70]
+imul eax, dword [ebp - 0x44]
+add eax, edx
+xor edx, edx
+div dword [ebp - 0x24]
+
+loc_fffadb3f: ; not directly referenced
+cmp eax, 3
+jbe short loc_fffadb62 ; jbe 0xfffadb62
+mov esi, dword [ebp - 0x38]
+movzx edx, word [ebx + esi + 0x1e]
+mov esi, eax
+sub esi, edx
+cmp esi, 3
+ja short loc_fffadb62 ; ja 0xfffadb62
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffadb62: ; not directly referenced
+mov dl, byte [ebp - 0x1d]
+mov al, 1
+test dl, dl
+cmove edx, eax
+mov byte [ebp - 0x1d], dl
+
+loc_fffadb6f: ; not directly referenced
+add dword [ebp - 0x2c], 0x20
+add ebx, 0x128
+add dword [ebp - 0x30], 0x277
+cmp dword [ebp - 0x2c], 0x40
+jne loc_fffadace ; jne 0xfffadace
+add dword [ebp - 0x28], 0x54a
+add dword [ebp - 0x3c], 0x13c3
+add dword [ebp - 0x34], 0x13c3
+cmp dword [ebp - 0x28], 0xa94
+jne loc_fffadab7 ; jne 0xfffadab7
+
+loc_fffadbac: ; not directly referenced
+inc ecx
+add dword [ebp - 0x40], 8
+cmp ecx, 4
+jne loc_fffada7e ; jne 0xfffada7e
+mov al, byte [ebp - 0x1d]
+test al, al
+je short loc_fffadc0d ; je 0xfffadc0d
+lea eax, [edi + 0x48e9]
+mov ecx, 0xfffffffe
+
+loc_fffadbcc: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffadbda ; ja 0xfffadbda
+cmp byte [edi + 0x3749], 0
+je short loc_fffadc04 ; je 0xfffadc04
+
+loc_fffadbda: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffadc04: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffadbcc ; jne 0xfffadbcc
+
+loc_fffadc0d: ; not directly referenced
+add esp, 0x38
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffadc1a: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x40
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x3c], 0
+add eax, 0x3756
+mov dword [ebp - 0x2c], eax
+
+loc_fffadc37: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffadc6b ; ja 0xfffadc6b
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffadc6b ; jne 0xfffadc6b
+
+loc_fffadc4b: ; not directly referenced
+inc ecx
+add dword [ebp - 0x3c], 0x23
+add dword [ebp - 0x2c], 8
+cmp ecx, 4
+jne short loc_fffadc37 ; jne 0xfffadc37
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48e7
+jmp near loc_fffaddd7 ; jmp 0xfffaddd7
+
+loc_fffadc6b: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x28], 0
+add eax, 0x49bf
+mov dword [ebp - 0x40], eax
+imul eax, ecx, 0x2e
+mov dword [ebp - 0x44], eax
+mov eax, dword [ebp - 0x2c]
+mov dword [ebp - 0x30], eax
+mov eax, dword [ebp - 0x3c]
+lea esi, [eax + 0x18b]
+add eax, 0xbb
+mov dword [ebp - 0x48], esi
+mov dword [ebp - 0x4c], eax
+
+loc_fffadca5: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ebx, dword [ebp - 0x28]
+mov esi, dword [ebp - 0x40]
+mov dword [ebp - 0x24], 0
+lea ebx, [eax + ebx + 0x1973]
+
+loc_fffadcbc: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffadd96 ; jne 0xfffadd96
+mov eax, dword [ebp - 0x44]
+mov edi, dword [ebp - 0x24]
+mov eax, dword [esi + eax - 0xf2]
+mov dword [ebp - 0x20], eax
+mov eax, dword [ebp - 0x30]
+mov edx, dword [eax + edi + 0xc9]
+mov eax, dword [eax + edi + 0xcd]
+mov dword [ebp - 0x34], edx
+mov dword [ebp - 0x38], eax
+cmp ecx, 1
+je short loc_fffadd41 ; je 0xfffadd41
+jb short loc_fffadd4d ; jb 0xfffadd4d
+cmp ecx, 3
+ja short loc_fffadd4d ; ja 0xfffadd4d
+cmp ecx, 2
+mov dl, byte [esi]
+jne short loc_fffadd0c ; jne 0xfffadd0c
+and dl, 1
+jne short loc_fffadd13 ; jne 0xfffadd13
+xor eax, eax
+jmp short loc_fffadd89 ; jmp 0xfffadd89
+
+loc_fffadd0c: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffadd89 ; je 0xfffadd89
+
+loc_fffadd13: ; not directly referenced
+mov edx, dword [esi - 0x21]
+mov eax, dword [ebp - 0x4c]
+mov edi, dword [ebp - 0x48]
+and edx, 0xfffffffd
+add eax, ebx
+add edi, ebx
+dec edx
+cmovne eax, edi
+xor edi, edi
+cmp byte [esi + 1], 0x13
+movzx edx, byte [eax + 6]
+jne short loc_fffadd37 ; jne 0xfffadd37
+movsx edi, byte [eax + 0x1c]
+
+loc_fffadd37: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x20], 0
+je short loc_fffadd89 ; je 0xfffadd89
+jmp short loc_fffadd73 ; jmp 0xfffadd73
+
+loc_fffadd41: ; not directly referenced
+movzx eax, word [ebx + 0x262]
+test ax, ax
+jne short loc_fffadd89 ; jne 0xfffadd89
+
+loc_fffadd4d: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x20], 0
+je short loc_fffadd89 ; je 0xfffadd89
+mov eax, dword [esi - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffadd68 ; jne 0xfffadd68
+movzx edx, byte [ebx + 0x5c]
+movsx edi, byte [ebx + 0x6d]
+jmp short loc_fffadd73 ; jmp 0xfffadd73
+
+loc_fffadd68: ; not directly referenced
+movzx edx, byte [ebx + 0x62]
+movsx edi, byte [ebx + 0xc1]
+
+loc_fffadd73: ; not directly referenced
+imul edx, dword [ebp - 0x34]
+mov eax, dword [ebp - 0x20]
+imul edi, dword [ebp - 0x38]
+lea eax, [eax + edx - 1]
+xor edx, edx
+add eax, edi
+div dword [ebp - 0x20]
+
+loc_fffadd89: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffadd96: ; not directly referenced
+add dword [ebp - 0x24], 0x20
+add esi, 0x128
+add ebx, 0x277
+cmp dword [ebp - 0x24], 0x40
+jne loc_fffadcbc ; jne 0xfffadcbc
+add dword [ebp - 0x28], 0x54a
+add dword [ebp - 0x40], 0x13c3
+add dword [ebp - 0x30], 0x13c3
+cmp dword [ebp - 0x28], 0xa94
+jne loc_fffadca5 ; jne 0xfffadca5
+jmp near loc_fffadc4b ; jmp 0xfffadc4b
+
+loc_fffaddd7: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffadde8 ; ja 0xfffadde8
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je short loc_fffade12 ; je 0xfffade12
+
+loc_fffadde8: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffade12: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffaddd7 ; jne 0xfffaddd7
+add esp, 0x40
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffade28: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+mov esi, dword [ebp + 8]
+
+loc_fffade36: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffade5d ; ja 0xfffade5d
+cmp byte [esi + 0x3749], 0
+jne short loc_fffade5d ; jne 0xfffade5d
+
+loc_fffade47: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffade36 ; jne 0xfffade36
+lea eax, [esi + 0x48e5]
+mov ecx, 0xfffffffe
+jmp near loc_fffadf55 ; jmp 0xfffadf55
+
+loc_fffade5d: ; not directly referenced
+lea eax, [esi + 0x48c9]
+mov dword [ebp - 0x2c], eax
+imul eax, ecx, 0x2e
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+mov dword [ebp - 0x30], eax
+lea eax, [ecx*8 - 0x1173]
+mov dword [ebp - 0x3c], eax
+
+loc_fffade85: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+mov ebx, dword [ebp - 0x2c]
+mov dword [ebp - 0x28], 0
+add eax, ebx
+mov dword [ebp - 0x38], eax
+mov eax, dword [ebp - 0x20]
+lea edi, [esi + eax + 0x1973]
+
+loc_fffadea1: ; not directly referenced
+cmp dword [ebx], 2
+jne short loc_fffadf1b ; jne 0xfffadf1b
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x28]
+mov eax, dword [ebx + eax + 4]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp - 0x38]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x34], eax
+cmp ecx, 1
+je short loc_fffaded0 ; je 0xfffaded0
+jb short loc_fffadedc ; jb 0xfffadedc
+xor eax, eax
+cmp ecx, 3
+jbe short loc_fffadf01 ; jbe 0xfffadf01
+jmp short loc_fffadedc ; jmp 0xfffadedc
+
+loc_fffaded0: ; not directly referenced
+movzx eax, word [edi + 0x260]
+test ax, ax
+jne short loc_fffadf01 ; jne 0xfffadf01
+
+loc_fffadedc: ; not directly referenced
+xor eax, eax
+cmp dword [ebx + 0xd5], 2
+jne short loc_fffadf01 ; jne 0xfffadf01
+cmp dword [ebp - 0x24], 0
+movzx edx, word [edi + 0x6a]
+je short loc_fffadf01 ; je 0xfffadf01
+imul edx, dword [ebp - 0x34]
+mov eax, dword [ebp - 0x24]
+lea eax, [eax + edx - 1]
+xor edx, edx
+div dword [ebp - 0x24]
+
+loc_fffadf01: ; not directly referenced
+cmp eax, 0x1ff
+mov edx, 0x1ff
+cmova eax, edx
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffadf1b: ; not directly referenced
+add dword [ebp - 0x28], 0x20
+add ebx, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x28], 0x40
+jne loc_fffadea1 ; jne 0xfffadea1
+add dword [ebp - 0x20], 0x54a
+add dword [ebp - 0x2c], 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffade85 ; jne 0xfffade85
+jmp near loc_fffade47 ; jmp 0xfffade47
+
+loc_fffadf55: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffadf63 ; ja 0xfffadf63
+cmp byte [esi + 0x3749], 0
+je short loc_fffadf8d ; je 0xfffadf8d
+
+loc_fffadf63: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffadf8d: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffadf55 ; jne 0xfffadf55
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffadfa3: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+mov esi, dword [ebp + 8]
+
+loc_fffadfb1: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffadfd8 ; ja 0xfffadfd8
+cmp byte [esi + 0x3749], 0
+jne short loc_fffadfd8 ; jne 0xfffadfd8
+
+loc_fffadfc2: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffadfb1 ; jne 0xfffadfb1
+lea eax, [esi + 0x48e3]
+mov ecx, 0xfffffffe
+jmp near loc_fffae0d0 ; jmp 0xfffae0d0
+
+loc_fffadfd8: ; not directly referenced
+lea eax, [esi + 0x48c9]
+mov dword [ebp - 0x2c], eax
+imul eax, ecx, 0x2e
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+mov dword [ebp - 0x30], eax
+lea eax, [ecx*8 - 0x1173]
+mov dword [ebp - 0x3c], eax
+
+loc_fffae000: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+mov ebx, dword [ebp - 0x2c]
+mov dword [ebp - 0x28], 0
+add eax, ebx
+mov dword [ebp - 0x38], eax
+mov eax, dword [ebp - 0x20]
+lea edi, [esi + eax + 0x1973]
+
+loc_fffae01c: ; not directly referenced
+cmp dword [ebx], 2
+jne short loc_fffae096 ; jne 0xfffae096
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x28]
+mov eax, dword [ebx + eax + 4]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp - 0x38]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x34], eax
+cmp ecx, 1
+je short loc_fffae04b ; je 0xfffae04b
+jb short loc_fffae057 ; jb 0xfffae057
+xor eax, eax
+cmp ecx, 3
+jbe short loc_fffae07c ; jbe 0xfffae07c
+jmp short loc_fffae057 ; jmp 0xfffae057
+
+loc_fffae04b: ; not directly referenced
+movzx eax, word [edi + 0x25e]
+test ax, ax
+jne short loc_fffae07c ; jne 0xfffae07c
+
+loc_fffae057: ; not directly referenced
+xor eax, eax
+cmp dword [ebx + 0xd5], 2
+jne short loc_fffae07c ; jne 0xfffae07c
+cmp dword [ebp - 0x24], 0
+movzx edx, word [edi + 0x68]
+je short loc_fffae07c ; je 0xfffae07c
+imul edx, dword [ebp - 0x34]
+mov eax, dword [ebp - 0x24]
+lea eax, [eax + edx - 1]
+xor edx, edx
+div dword [ebp - 0x24]
+
+loc_fffae07c: ; not directly referenced
+cmp eax, 0x1ff
+mov edx, 0x1ff
+cmova eax, edx
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffae096: ; not directly referenced
+add dword [ebp - 0x28], 0x20
+add ebx, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x28], 0x40
+jne loc_fffae01c ; jne 0xfffae01c
+add dword [ebp - 0x20], 0x54a
+add dword [ebp - 0x2c], 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffae000 ; jne 0xfffae000
+jmp near loc_fffadfc2 ; jmp 0xfffadfc2
+
+loc_fffae0d0: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffae0de ; ja 0xfffae0de
+cmp byte [esi + 0x3749], 0
+je short loc_fffae108 ; je 0xfffae108
+
+loc_fffae0de: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffae108: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffae0d0 ; jne 0xfffae0d0
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffae11e: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+
+loc_fffae129: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffae155 ; ja 0xfffae155
+mov ebx, dword [ebp + 8]
+cmp byte [ebx + 0x3749], 0
+jne short loc_fffae155 ; jne 0xfffae155
+
+loc_fffae13d: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffae129 ; jne 0xfffae129
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48e1
+jmp near loc_fffae29a ; jmp 0xfffae29a
+
+loc_fffae155: ; not directly referenced
+mov ebx, dword [ebp + 8]
+imul eax, eax, 0x23
+lea esi, [ecx*8 - 0x1269]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+lea edi, [ebx + 0x49bf]
+mov dword [ebp - 0x2c], edi
+imul edi, ecx, 0x2e
+mov dword [ebp - 0x3c], esi
+mov dword [ebp - 0x30], eax
+mov dword [ebp - 0x34], edi
+
+loc_fffae186: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+mov esi, dword [ebp - 0x2c]
+mov ebx, dword [ebp - 0x20]
+mov dword [ebp - 0x24], 0
+add eax, esi
+mov dword [ebp - 0x38], eax
+mov eax, dword [ebp + 8]
+lea edi, [eax + ebx + 0x1973]
+
+loc_fffae1a5: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffae260 ; jne 0xfffae260
+mov eax, dword [ebp - 0x34]
+mov edx, dword [ebp - 0x24]
+mov ebx, dword [esi + eax - 0xf2]
+mov eax, dword [ebp - 0x38]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x28], eax
+cmp ecx, 1
+je short loc_fffae215 ; je 0xfffae215
+jb short loc_fffae221 ; jb 0xfffae221
+cmp ecx, 3
+ja short loc_fffae221 ; ja 0xfffae221
+cmp ecx, 2
+mov dl, byte [esi]
+jne short loc_fffae1e8 ; jne 0xfffae1e8
+and dl, 1
+jne short loc_fffae1ef ; jne 0xfffae1ef
+xor eax, eax
+jmp short loc_fffae246 ; jmp 0xfffae246
+
+loc_fffae1e8: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffae246 ; je 0xfffae246
+
+loc_fffae1ef: ; not directly referenced
+mov eax, dword [esi - 0x21]
+and eax, 0xfffffffd
+dec eax
+mov eax, dword [ebp - 0x30]
+jne short loc_fffae205 ; jne 0xfffae205
+movzx edx, word [edi + eax + 0x10f]
+jmp short loc_fffae20d ; jmp 0xfffae20d
+
+loc_fffae205: ; not directly referenced
+movzx edx, word [edi + eax + 0x1df]
+
+loc_fffae20d: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+je short loc_fffae246 ; je 0xfffae246
+jmp short loc_fffae23a ; jmp 0xfffae23a
+
+loc_fffae215: ; not directly referenced
+movzx eax, word [edi + 0x25c]
+test ax, ax
+jne short loc_fffae246 ; jne 0xfffae246
+
+loc_fffae221: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+je short loc_fffae246 ; je 0xfffae246
+mov eax, dword [esi - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffae236 ; jne 0xfffae236
+movzx edx, word [edi + 0x60]
+jmp short loc_fffae23a ; jmp 0xfffae23a
+
+loc_fffae236: ; not directly referenced
+movzx edx, word [edi + 0x66]
+
+loc_fffae23a: ; not directly referenced
+imul edx, dword [ebp - 0x28]
+lea eax, [ebx + edx - 1]
+xor edx, edx
+div ebx
+
+loc_fffae246: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 0x1ff
+mov ebx, 0x1ff
+cmova eax, ebx
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffae260: ; not directly referenced
+add dword [ebp - 0x24], 0x20
+add esi, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x24], 0x40
+jne loc_fffae1a5 ; jne 0xfffae1a5
+add dword [ebp - 0x20], 0x54a
+add dword [ebp - 0x2c], 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffae186 ; jne 0xfffae186
+jmp near loc_fffae13d ; jmp 0xfffae13d
+
+loc_fffae29a: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffae2ab ; ja 0xfffae2ab
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x3749], 0
+je short loc_fffae2d5 ; je 0xfffae2d5
+
+loc_fffae2ab: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffae2d5: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffae29a ; jne 0xfffae29a
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffae2eb: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+xor edi, edi
+push esi
+push ebx
+sub esp, 0x4c
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2443]
+mov dword [ebp - 0x44], eax
+
+loc_fffae302: ; not directly referenced
+lea eax, [edi - 2]
+cmp eax, 1
+ja short loc_fffae32e ; ja 0xfffae32e
+mov ebx, dword [ebp + 8]
+cmp byte [ebx + 0x3749], 0
+jne short loc_fffae32e ; jne 0xfffae32e
+
+loc_fffae316: ; not directly referenced
+inc edi
+cmp edi, 4
+jne short loc_fffae302 ; jne 0xfffae302
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48df
+jmp near loc_fffae4d9 ; jmp 0xfffae4d9
+
+loc_fffae32e: ; not directly referenced
+mov ebx, dword [ebp + 8]
+imul eax, eax, 0x23
+lea esi, [edi*8 - 0x1269]
+mov dword [ebp + edi*4 - 0x28], 0
+mov dword [ebp - 0x34], 0
+add ebx, 0x49bf
+mov dword [ebp - 0x3c], ebx
+imul ebx, edi, 0x2e
+mov dword [ebp - 0x54], esi
+mov dword [ebp - 0x40], eax
+mov dword [ebp - 0x48], ebx
+
+loc_fffae35f: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+mov esi, dword [ebp - 0x3c]
+mov ebx, dword [ebp - 0x34]
+mov dword [ebp - 0x38], 0
+add eax, esi
+mov dword [ebp - 0x50], eax
+mov eax, dword [ebp + 8]
+lea eax, [eax + ebx + 0x1973]
+mov dword [ebp - 0x30], eax
+
+loc_fffae381: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffae49e ; jne 0xfffae49e
+mov eax, dword [ebp - 0x48]
+mov ebx, dword [ebp - 0x38]
+mov eax, dword [esi + eax - 0xf2]
+mov dword [ebp - 0x2c], eax
+mov eax, dword [ebp - 0x50]
+mov ecx, dword [eax + ebx + 0xc9]
+cmp edi, 1
+je loc_fffae446 ; je 0xfffae446
+jb loc_fffae455 ; jb 0xfffae455
+cmp edi, 3
+ja loc_fffae455 ; ja 0xfffae455
+cmp edi, 2
+mov dl, byte [esi]
+jne short loc_fffae3d3 ; jne 0xfffae3d3
+and dl, 1
+jne short loc_fffae3de ; jne 0xfffae3de
+xor eax, eax
+jmp near loc_fffae484 ; jmp 0xfffae484
+
+loc_fffae3d3: ; not directly referenced
+xor eax, eax
+and dl, 2
+je loc_fffae484 ; je 0xfffae484
+
+loc_fffae3de: ; not directly referenced
+mov eax, dword [esi - 0x21]
+mov ebx, dword [ebp - 0x40]
+and eax, 0xfffffffd
+dec eax
+mov eax, dword [ebp - 0x30]
+jne short loc_fffae3f7 ; jne 0xfffae3f7
+movzx edx, word [eax + ebx + 0x10d]
+jmp short loc_fffae3ff ; jmp 0xfffae3ff
+
+loc_fffae3f7: ; not directly referenced
+movzx edx, word [eax + ebx + 0x1dd]
+
+loc_fffae3ff: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x2c], 0
+je short loc_fffae484 ; je 0xfffae484
+mov eax, dword [ebp - 0x44]
+imul edx, edx, 0x3e8
+mov ebx, dword [eax + 0x74]
+mov dword [ebp - 0x4c], ebx
+push ebx
+mov ebx, ecx
+push edx
+sar ebx, 0x1f
+push ebx
+xor ebx, ebx
+push ecx
+call dword [eax + 0x70] ; ucall
+mov ecx, dword [ebp - 0x2c]
+mov dword [esp], 0
+push ebx
+xor ebx, ebx
+push ecx
+mov ecx, dword [ebp - 0x2c]
+dec ecx
+add eax, ecx
+adc edx, ebx
+mov ebx, dword [ebp - 0x4c]
+push edx
+push eax
+call ebx
+add esp, 0x20
+jmp short loc_fffae484 ; jmp 0xfffae484
+
+loc_fffae446: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+movzx eax, word [eax + 0x25a]
+test ax, ax
+jne short loc_fffae484 ; jne 0xfffae484
+
+loc_fffae455: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x2c], 0
+je short loc_fffae484 ; je 0xfffae484
+cmp dword [esi - 0x21], 3
+mov eax, 0x3b8260
+mov ebx, 0x7704c0
+mov ecx, 0x3e8
+cmove ebx, eax
+mov eax, dword [ebp - 0x2c]
+xor edx, edx
+div ecx
+xor edx, edx
+mov ecx, eax
+lea eax, [ebx + eax - 1]
+div ecx
+
+loc_fffae484: ; not directly referenced
+cmp eax, 0xffff
+mov edx, 0xffff
+cmovbe edx, eax
+mov eax, dword [ebp + edi*4 - 0x28]
+cmp edx, eax
+cmovb edx, eax
+mov dword [ebp + edi*4 - 0x28], edx
+
+loc_fffae49e: ; not directly referenced
+add dword [ebp - 0x38], 0x20
+add esi, 0x128
+add dword [ebp - 0x30], 0x277
+cmp dword [ebp - 0x38], 0x40
+jne loc_fffae381 ; jne 0xfffae381
+add dword [ebp - 0x34], 0x54a
+add dword [ebp - 0x3c], 0x13c3
+cmp dword [ebp - 0x34], 0xa94
+jne loc_fffae35f ; jne 0xfffae35f
+jmp near loc_fffae316 ; jmp 0xfffae316
+
+loc_fffae4d9: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffae4ea ; ja 0xfffae4ea
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je short loc_fffae514 ; je 0xfffae514
+
+loc_fffae4ea: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x20]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffae514: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffae4d9 ; jne 0xfffae4d9
+lea esp, [ebp - 0xc]
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffae52a:
+push ebp
+mov ebp, esp
+sub esp, 0x14
+mov ecx, dword [eax + 0x2443]
+add edx, dword [eax + 0x18c5]
+inc dword [eax + 0x36a4]
+push edx
+call dword [ecx + 0x20] ; ucall
+leave
+ret
+
+fcn_fffae548:
+push ebp
+mov ebp, esp
+sub esp, 0x14
+mov ecx, dword [eax + 0x2443]
+add edx, dword [eax + 0x18c5]
+inc dword [eax + 0x36a4]
+push edx
+call dword [ecx + 0x24] ; ucall
+leave
+ret
+
+fcn_fffae566: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+sub esp, 0xc
+mov ebx, dword [eax + 0x2443]
+inc dword [eax + 0x36a0]
+push ecx
+add edx, dword [eax + 0x18c5]
+push edx
+call dword [ebx + 0x28] ; ucall
+add esp, 0x10
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffae58c: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+sub esp, 0xc
+mov ebx, dword [eax + 0x2443]
+inc dword [eax + 0x36a0]
+push ecx
+add edx, dword [eax + 0x18c5]
+push edx
+call dword [ebx + 0x30] ; ucall
+add esp, 0x10
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffae5b2: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, ref_fffd363c ; mov ebx, 0xfffd363c
+sub esp, 0x1c
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0x20], eax
+mov eax, dword [eax + 0x188b]
+mov byte [ebp - 0x21], cl
+mov dword [ebp - 0x28], edx
+mov esi, dword [edi]
+mov dword [ebp - 0x1c], eax
+
+loc_fffae5d7: ; not directly referenced
+mov al, byte [ebx + 4]
+and eax, 1
+cmp eax, dword [ebp - 0x28]
+jne short loc_fffae62b ; jne 0xfffae62b
+movzx edi, word [ebx]
+sub edi, esi
+
+loc_fffae5e7: ; not directly referenced
+movzx eax, word [ebx + 2]
+lea edx, [esi + edi]
+cmp edx, eax
+ja short loc_fffae62b ; ja 0xfffae62b
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffae5fe ; jne 0xfffae5fe
+test byte [ebx + 4], 2
+jmp short loc_fffae608 ; jmp 0xfffae608
+
+loc_fffae5fe: ; not directly referenced
+cmp dword [ebp - 0x1c], 1
+jne short loc_fffae626 ; jne 0xfffae626
+test byte [ebx + 4], 4
+
+loc_fffae608: ; not directly referenced
+je short loc_fffae626 ; je 0xfffae626
+cmp byte [ebp - 0x21], 1
+jne short loc_fffae61c ; jne 0xfffae61c
+mov eax, dword [ebp - 0x20]
+call fcn_fffae52a ; call 0xfffae52a
+mov dword [esi], eax
+jmp short loc_fffae626 ; jmp 0xfffae626
+
+loc_fffae61c: ; not directly referenced
+mov ecx, dword [esi]
+mov eax, dword [ebp - 0x20]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffae626: ; not directly referenced
+add esi, 4
+jmp short loc_fffae5e7 ; jmp 0xfffae5e7
+
+loc_fffae62b: ; not directly referenced
+add ebx, 5
+cmp ebx, ref_fffd3e70 ; cmp ebx, 0xfffd3e70
+jne short loc_fffae5d7 ; jne 0xfffae5d7
+mov eax, dword [ebp + 8]
+mov dword [eax], esi
+add esp, 0x1c
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffae645: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x5edc]
+lea ecx, [eax + 0x1c]
+mov dword [edx + 0x1b8], ecx
+add edx, 0x1b8
+mov ecx, 1
+mov dword [ebp + 8], edx
+xor edx, edx
+pop ebp
+jmp near fcn_fffae5b2 ; jmp 0xfffae5b2
+
+fcn_fffae670: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x1c
+mov esi, dword [ebx + 0x2443]
+mov dword [ebp - 0x24], edx
+mov byte [ebp - 0x1d], dl
+call dword [esi + 0x54] ; ucall
+mov ecx, 5
+mov edx, 0x4800
+add eax, 0x2710
+mov dword [ebp - 0x1c], eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffae6a3: ; not directly referenced
+mov edx, 0x4804
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov cl, byte [ebp - 0x1d]
+mov edx, eax
+mov edi, eax
+shr edx, 0x10
+shr eax, 0x10
+and edx, 2
+and eax, 1
+or eax, edx
+and eax, ecx
+cmp al, cl
+jne short loc_fffae6ce ; jne 0xfffae6ce
+xor eax, eax
+jmp short loc_fffae6db ; jmp 0xfffae6db
+
+loc_fffae6ce: ; not directly referenced
+call dword [esi + 0x54] ; ucall
+cmp dword [ebp - 0x1c], eax
+ja short loc_fffae6a3 ; ja 0xfffae6a3
+mov eax, 0x12
+
+loc_fffae6db: ; not directly referenced
+mov edx, edi
+mov ecx, edi
+and edx, 2
+and ecx, 1
+or ecx, edx
+mov edx, 0x14
+test byte [ebp - 0x24], cl
+cmovne eax, edx
+add esp, 0x1c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffae6fa: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, 0x1ff
+push esi
+mov esi, 0x2800
+push ebx
+mov ebx, eax
+sub esp, 0x10
+mov dword [ebp - 0x1c], edx
+imul edx, dword [eax + 0x18a7], 0x2e
+imul eax, dword [ebp - 0x1c], 0x13c3
+lea eax, [edx + eax + 0x3740]
+lea edx, [ebx + eax + 0x1a]
+movzx eax, word [edx + 0x12]
+cmp word [edx + 0x14], 0x1ff
+cmovbe di, word [edx + 0x14]
+movzx ecx, ax
+imul eax, eax, 0x59
+and edi, 0x1ff
+shl edi, 0x10
+cdq
+idiv esi
+mov esi, dword [ebp - 0x1c]
+mov edx, 0x7f
+cmp eax, 0x7f
+cmovbe edx, eax
+add esp, 0x10
+shl edx, 0x19
+or ecx, edi
+shl esi, 0xa
+or ecx, edx
+mov eax, ebx
+lea edx, [esi + 0x4298]
+pop ebx
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffae58c ; jmp 0xfffae58c
+
+fcn_fffae778: ; not directly referenced
+mov dl, byte [eax + 0x1907]
+push ebp
+mov ebp, esp
+push esi
+mov esi, 0x80
+test dl, dl
+movzx ecx, dl
+cmovne esi, ecx
+movzx ecx, byte [eax + 0x1906]
+push ebx
+cmp cl, 6
+sete bl
+cmp cl, 1
+setbe dl
+or bl, dl
+jne short loc_fffae7ba ; jne 0xfffae7ba
+xor ecx, ecx
+cmp dword [eax + 0x2480], 3
+setne cl
+lea ecx, [ecx*4 + 2]
+
+loc_fffae7ba: ; not directly referenced
+and ecx, 0xf
+mov edx, 0x4cb0
+shl ecx, 0xc
+pop ebx
+or ecx, esi
+pop esi
+pop ebp
+jmp near fcn_fffae58c ; jmp 0xfffae58c
+
+fcn_fffae7cf: ; not directly referenced
+push ebp
+mov ebp, esp
+sub esp, 0xc
+mov ecx, dword [eax + 0x2443]
+inc dword [eax + 0x36a0]
+push dword [ebp + 0xc]
+push dword [ebp + 8]
+add edx, dword [eax + 0x18c5]
+push edx
+call dword [ecx + 0x34] ; ucall
+add esp, 0x10
+leave
+ret
+
+fcn_fffae7f6: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov ebx, dword [ebp + 8]
+mov eax, dword [ebx + 0x2443]
+cmp dword [ebx + 0x188b], 1
+mov dword [ebp - 0x24], eax
+je loc_fffae9e4 ; je 0xfffae9e4
+
+loc_fffae818: ; not directly referenced
+mov edx, 0x5030
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5030
+or al, 0x89
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, 0x8f
+mov edx, 0x50fc
+mov eax, ebx
+mov esi, dword [ebx + 0x2443]
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebx + 0x18b5], 0
+je loc_fffaeac9 ; je 0xfffaeac9
+mov edi, dword [ebx + 0x18c1]
+push 0xa0
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add edi, eax
+mov dword [esp], edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0xbc
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0xa8
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0x90
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0x98
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0xb0
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0xb4
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0x78
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or ah, 4
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edi, dword [ebx + 0x18c1]
+push 0x50
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [esi + 0x20] ; ucall
+pop edx
+pop ecx
+or eax, 1
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+mov edx, 0x5880
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+movzx edx, byte [ebx + 0x192a]
+and edx, 1
+shl edx, 5
+and eax, 0xffffffdf
+or eax, edx
+mov edx, 0x5880
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+jmp near loc_fffaeac9 ; jmp 0xfffaeac9
+
+loc_fffae9e4: ; not directly referenced
+cmp byte [ebx + 0x36a8], 0
+je loc_fffae818 ; je 0xfffae818
+cmp byte [ebx + 0x3704], 0
+je short loc_fffaea2e ; je 0xfffaea2e
+push eax
+mov esi, dword [ebp - 0x24]
+xor edx, edx
+push 0x14
+mov eax, dword [ebx + 0x3711]
+push edx
+push eax
+call dword [esi + 0x68] ; ucall
+add esp, 0xc
+push 0x14
+mov dword [ebp - 0x28], eax
+mov eax, dword [ebx + 0x3705]
+mov dword [ebp - 0x2c], edx
+xor edx, edx
+push edx
+push eax
+call dword [esi + 0x68] ; ucall
+add esp, 0x10
+mov ecx, eax
+mov edi, edx
+jmp short loc_fffaea40 ; jmp 0xfffaea40
+
+loc_fffaea2e: ; not directly referenced
+xor ecx, ecx
+xor edi, edi
+mov dword [ebp - 0x28], 0
+mov dword [ebp - 0x2c], 0
+
+loc_fffaea40: ; not directly referenced
+xor esi, esi
+
+loc_fffaea42: ; not directly referenced
+movzx eax, byte [ebx + 0x36a8]
+cmp esi, eax
+jae loc_fffae818 ; jae 0xfffae818
+mov eax, dword [ebx + esi*8 + 0x36a9]
+mov edx, dword [ebx + esi*8 + 0x36ad]
+cmp byte [ebx + 0x3704], 0
+mov dword [ebp - 0x20], eax
+mov dword [ebp - 0x1c], edx
+je short loc_fffaea8e ; je 0xfffaea8e
+cmp edx, dword [ebp - 0x2c]
+ja short loc_fffaea8e ; ja 0xfffaea8e
+jb short loc_fffaea7a ; jb 0xfffaea7a
+cmp eax, dword [ebp - 0x28]
+jae short loc_fffaea8e ; jae 0xfffaea8e
+
+loc_fffaea7a: ; not directly referenced
+cmp edx, edi
+jb short loc_fffaea8e ; jb 0xfffaea8e
+ja short loc_fffaea84 ; ja 0xfffaea84
+cmp eax, ecx
+jb short loc_fffaea8e ; jb 0xfffaea8e
+
+loc_fffaea84: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+or eax, 0x40000000
+jmp short loc_fffaea96 ; jmp 0xfffaea96
+
+loc_fffaea8e: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+and eax, 0xbfffffff
+
+loc_fffaea96: ; not directly referenced
+mov dword [ebp - 0x1c], eax
+mov eax, dword [ebp - 0x1c]
+lea edx, [esi*8 + 0x50b0]
+mov dword [ebp - 0x30], ecx
+inc esi
+or eax, 0x80000000
+mov dword [ebp - 0x1c], eax
+push eax
+push eax
+mov eax, ebx
+push dword [ebp - 0x1c]
+push dword [ebp - 0x20]
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+mov ecx, dword [ebp - 0x30]
+jmp near loc_fffaea42 ; jmp 0xfffaea42
+
+loc_fffaeac9: ; not directly referenced
+mov eax, dword [ebp - 0x24]
+call dword [eax + 0x54] ; ucall
+lea esi, [eax + 0x2710]
+
+loc_fffaead5: ; not directly referenced
+mov edx, 0x5030
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+test al, 0x20
+jne short loc_fffaeaf6 ; jne 0xfffaeaf6
+mov eax, dword [ebp - 0x24]
+call dword [eax + 0x54] ; ucall
+cmp esi, eax
+ja short loc_fffaead5 ; ja 0xfffaead5
+mov eax, 1
+jmp short loc_fffaeb74 ; jmp 0xfffaeb74
+
+loc_fffaeaf6: ; not directly referenced
+xor eax, eax
+cmp dword [ebx + 0x1887], 0x306d0
+je short loc_fffaeb30 ; je 0xfffaeb30
+mov ecx, eax
+mov edx, 0x14000000
+and ecx, 0xe00fffff
+mov dl, 0xa0
+or ecx, 0x5a00000
+and ecx, 0xfff00fff
+or ecx, 0x24000
+and ecx, 0xfffff00f
+or ecx, 0x4f
+jmp short loc_fffaeb5d ; jmp 0xfffaeb5d
+
+loc_fffaeb30: ; not directly referenced
+mov ecx, eax
+mov edx, 0x14000000
+and ecx, 0xe00fffff
+mov dl, 0xa0
+or ecx, 0x8200000
+and ecx, 0xfff00fff
+or ecx, 0x5a000
+and ecx, 0xfffff00f
+or ecx, 0x32f
+
+loc_fffaeb5d: ; not directly referenced
+mov eax, ecx
+push ecx
+push ecx
+push edx
+mov edx, 0x5d10
+push eax
+mov eax, ebx
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+xor eax, eax
+
+loc_fffaeb74: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaeb7c: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+sub esp, 0xc
+mov ebx, dword [eax + 0x2443]
+inc dword [eax + 0x36a0]
+push ecx
+add edx, dword [eax + 0x18c5]
+push edx
+call dword [ebx + 0x30] ; ucall
+add esp, 0x10
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffaeba2: ; not directly referenced
+push ebp
+mov edx, eax
+mov ebp, esp
+xor eax, eax
+
+loc_fffaeba9: ; not directly referenced
+test edx, edx
+je short loc_fffaebb5 ; je 0xfffaebb5
+lea ecx, [edx - 1]
+inc eax
+and edx, ecx
+jmp short loc_fffaeba9 ; jmp 0xfffaeba9
+
+loc_fffaebb5: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffaebb7: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push ebx
+mov ebx, 0xa9e
+
+loc_fffaebc2: ; not directly referenced
+cmp eax, 0x10f
+jbe short loc_fffaebd8 ; jbe 0xfffaebd8
+imul eax, eax, 0x3e8
+xor edx, edx
+add ecx, 0x64
+div ebx
+jmp short loc_fffaebc2 ; jmp 0xfffaebc2
+
+loc_fffaebd8: ; not directly referenced
+imul edx, eax, 0xfffffff0
+mov ebx, 0x2710
+add edx, 0x2d3a
+imul edx, eax
+lea eax, [edx - 0xeefac]
+xor edx, edx
+div ebx
+pop ebx
+pop ebp
+add eax, ecx
+ret
+
+fcn_fffaebf8: ; not directly referenced
+push ebp
+mov ecx, 0x12
+mov ebp, esp
+xor edx, edx
+push edi
+push esi
+mov esi, ref_fffd3628 ; mov esi, 0xfffd3628
+sub esp, 0x20
+lea edi, [ebp - 0x1a]
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+lea ecx, [eax + eax]
+
+loc_fffaec14: ; not directly referenced
+cmp eax, 8
+jbe short loc_fffaec26 ; jbe 0xfffaec26
+mov ecx, eax
+add edx, 0xa
+shr ecx, 2
+shr eax, 3
+jmp short loc_fffaec14 ; jmp 0xfffaec14
+
+loc_fffaec26: ; not directly referenced
+movzx eax, byte [ebp + ecx - 0x1a]
+add esp, 0x20
+pop esi
+pop edi
+pop ebp
+add eax, edx
+ret
+
+fcn_fffaec34: ; not directly referenced
+cmp eax, 0xffffffff
+je short loc_fffaec5c ; je 0xfffaec5c
+push ebp
+xor ecx, ecx
+mov ebp, esp
+xor edx, edx
+push edi
+push esi
+push ebx
+mov ebx, 1
+
+loc_fffaec48: ; not directly referenced
+mov edi, ebx
+shl edi, cl
+lea esi, [ecx + 1]
+test edi, eax
+cmovne edx, esi
+inc ecx
+cmp ecx, 0x20
+jne short loc_fffaec48 ; jne 0xfffaec48
+jmp short loc_fffaec61 ; jmp 0xfffaec61
+
+loc_fffaec5c: ; not directly referenced
+xor edx, edx
+mov al, dl
+ret
+
+loc_fffaec61: ; not directly referenced
+pop ebx
+mov al, dl
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaec68: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x10
+mov bl, byte [ebp + 8]
+mov byte [ebp - 0xe], bl
+mov bl, byte [ebp + 0xc]
+mov byte [ebp - 0xf], bl
+mov bl, byte [ebp + 0x10]
+cmp cl, 0xff
+je short loc_fffaec8d ; je 0xfffaec8d
+lea edi, [ecx + 1]
+mov byte [ebp - 0xd], cl
+jmp short loc_fffaec96 ; jmp 0xfffaec96
+
+loc_fffaec8d: ; not directly referenced
+mov edi, 4
+mov byte [ebp - 0xd], 0
+
+loc_fffaec96: ; not directly referenced
+imul edx, edx, 0x13c3
+lea esi, [eax + edx + 0x3756]
+add eax, edx
+mov dword [ebp - 0x14], esi
+mov dword [ebp - 0x1c], eax
+
+loc_fffaecab: ; not directly referenced
+mov eax, edi
+cmp byte [ebp - 0xd], al
+jae short loc_fffaed27 ; jae 0xfffaed27
+mov cl, byte [ebp - 0xd]
+mov eax, 1
+mov esi, dword [ebp - 0x1c]
+movzx edx, cl
+shl eax, cl
+test byte [esi + 0x381a], al
+je short loc_fffaed22 ; je 0xfffaed22
+movzx eax, byte [ebp - 0xe]
+lea edx, [edx + edx*8]
+add edx, dword [ebp - 0x14]
+add eax, edx
+cmp byte [ebp - 0xf], 0
+mov dl, byte [eax + 0x104a]
+mov al, byte [eax + 0x106e]
+jne short loc_fffaecf4 ; jne 0xfffaecf4
+cmp al, dl
+cmova eax, edx
+cmp bl, al
+cmova ebx, eax
+jmp short loc_fffaed22 ; jmp 0xfffaed22
+
+loc_fffaecf4: ; not directly referenced
+movzx ecx, dl
+movzx esi, bl
+mov dword [ebp - 0x18], ecx
+mov ecx, 0x3f
+sub ecx, dword [ebp - 0x18]
+cmp esi, ecx
+jle short loc_fffaed0d ; jle 0xfffaed0d
+mov bl, 0x3f
+sub ebx, edx
+
+loc_fffaed0d: ; not directly referenced
+movzx esi, al
+mov edx, 0x3f
+movzx ecx, bl
+sub edx, esi
+cmp ecx, edx
+jle short loc_fffaed22 ; jle 0xfffaed22
+mov bl, 0x3f
+sub ebx, eax
+
+loc_fffaed22: ; not directly referenced
+inc byte [ebp - 0xd]
+jmp short loc_fffaecab ; jmp 0xfffaecab
+
+loc_fffaed27: ; not directly referenced
+add esp, 0x10
+mov al, bl
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaed31:
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, edx
+sub esp, 0x10
+mov edi, dword [ebp + 8]
+mov esi, dword [eax + 0x2443]
+mov eax, 0x5f5e100
+test edi, edi
+cmovne eax, edi
+xor edx, edx
+mov edi, 0x186a0
+div edi
+dec ecx
+mov edx, 0x3b9aca00
+mov ecx, 0x4f790d55
+cmovne edx, ecx
+push edx
+xor edx, edx
+push edx
+push eax
+call dword [esi + 0x70] ; ucall
+add esp, 0xc
+push ebx
+push edx
+push eax
+call dword [esi + 0x70] ; ucall
+add esp, 0x10
+xor ecx, ecx
+mov ebx, edx
+or ebx, eax
+je short loc_fffaed9b ; je 0xfffaed9b
+sub esp, 0xc
+push 0
+push edx
+push eax
+push 0x8ac72304
+push 0x89e80000
+call dword [esi + 0x74] ; ucall
+add esp, 0x20
+mov ecx, eax
+
+loc_fffaed9b:
+lea esp, [ebp - 0xc]
+mov eax, ecx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaeda5: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+sub esp, 0x4c
+mov ebx, dword [ebp + 8]
+lea eax, [ebx + 0x3756]
+mov dword [ebp - 0x4c], eax
+lea eax, [ebx + 0x2407]
+mov dword [ebp - 0x58], eax
+
+loc_fffaedc5: ; not directly referenced
+lea eax, [esi - 2]
+cmp eax, 1
+ja short loc_fffaedf0 ; ja 0xfffaedf0
+cmp byte [ebx + 0x3749], 0
+jne short loc_fffaedf0 ; jne 0xfffaedf0
+
+loc_fffaedd6: ; not directly referenced
+inc esi
+add dword [ebp - 0x4c], 8
+cmp esi, 4
+jne short loc_fffaedc5 ; jne 0xfffaedc5
+lea eax, [ebx + 0x48cd]
+mov ecx, 0xfffffffe
+jmp near loc_fffaef89 ; jmp 0xfffaef89
+
+loc_fffaedf0: ; not directly referenced
+lea eax, [ebx + 0x49bf]
+mov edi, dword [ebp - 0x4c]
+mov dword [ebp - 0x44], eax
+lea eax, [ebx + 0x1973]
+mov dword [ebp - 0x34], eax
+imul eax, esi, 0x23
+mov dword [ebp + esi*4 - 0x28], 0
+mov dword [ebp - 0x48], edi
+lea edi, [eax + 0x18b]
+add eax, 0xbb
+mov dword [ebp - 0x50], edi
+mov dword [ebp - 0x54], eax
+
+loc_fffaee24: ; not directly referenced
+mov eax, dword [ebp - 0x44]
+mov edi, dword [ebp - 0x34]
+mov dword [ebp - 0x38], 0
+mov dword [ebp - 0x2c], eax
+
+loc_fffaee34: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+cmp dword [eax - 0xf6], 2
+jne loc_fffaef48 ; jne 0xfffaef48
+mov eax, dword [ebp - 0x48]
+mov ecx, dword [ebp - 0x38]
+mov edx, dword [eax + ecx + 0xc9]
+mov eax, dword [eax + ecx + 0xcd]
+mov dword [ebp - 0x3c], edx
+mov dword [ebp - 0x40], eax
+cmp esi, 1
+je short loc_fffaeed2 ; je 0xfffaeed2
+jb loc_fffaef03 ; jb 0xfffaef03
+cmp esi, 3
+ja loc_fffaef03 ; ja 0xfffaef03
+mov eax, dword [ebp - 0x2c]
+cmp esi, 2
+mov dl, byte [eax]
+jne short loc_fffaee88 ; jne 0xfffaee88
+and dl, 1
+jne short loc_fffaee93 ; jne 0xfffaee93
+xor eax, eax
+jmp near loc_fffaef3b ; jmp 0xfffaef3b
+
+loc_fffaee88: ; not directly referenced
+xor eax, eax
+and dl, 2
+je loc_fffaef3b ; je 0xfffaef3b
+
+loc_fffaee93: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov ecx, dword [ebp - 0x54]
+mov edx, dword [eax - 0x21]
+add ecx, edi
+mov dword [ebp - 0x30], ecx
+mov ecx, dword [ebp - 0x50]
+and edx, 0xfffffffd
+add ecx, edi
+dec edx
+cmove ecx, dword [ebp - 0x30]
+xor edx, edx
+cmp byte [eax + 1], 0x13
+mov dword [ebp - 0x30], ecx
+movzx ecx, byte [ecx + 1]
+jne short loc_fffaeec4 ; jne 0xfffaeec4
+mov eax, dword [ebp - 0x30]
+movsx edx, byte [eax + 0x1a]
+
+loc_fffaeec4: ; not directly referenced
+mov eax, dword [ebp - 0x40]
+imul ecx, dword [ebp - 0x3c]
+imul eax, edx
+add eax, ecx
+jmp short loc_fffaef2e ; jmp 0xfffaef2e
+
+loc_fffaeed2: ; not directly referenced
+movzx edx, byte [ebx + 0x1876]
+test dl, dl
+je short loc_fffaef03 ; je 0xfffaef03
+sub esp, 0xc
+mov ecx, dword [ebx + 0x36e3]
+mov eax, ebx
+push dword [ebx + 0x187b]
+call fcn_fffaed31 ; call 0xfffaed31
+mov edx, dword [ebx + 0x36db]
+add esp, 0x10
+cmp eax, edx
+cmovb eax, edx
+jmp short loc_fffaef3b ; jmp 0xfffaef3b
+
+loc_fffaef03: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov eax, dword [eax - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffaef19 ; jne 0xfffaef19
+movzx eax, byte [edi + 0x54]
+movsx edx, byte [edi + 0x6a]
+jmp short loc_fffaef24 ; jmp 0xfffaef24
+
+loc_fffaef19: ; not directly referenced
+movzx eax, byte [edi + 0x5a]
+movsx edx, byte [edi + 0xc5]
+
+loc_fffaef24: ; not directly referenced
+imul eax, dword [ebp - 0x3c]
+imul edx, dword [ebp - 0x40]
+add eax, edx
+
+loc_fffaef2e: ; not directly referenced
+cmp eax, dword [ebx + 0x36db]
+cmovb eax, dword [ebx + 0x36db]
+
+loc_fffaef3b: ; not directly referenced
+mov edx, dword [ebp + esi*4 - 0x28]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + esi*4 - 0x28], eax
+
+loc_fffaef48: ; not directly referenced
+add dword [ebp - 0x38], 0x20
+add edi, 0x277
+add dword [ebp - 0x2c], 0x128
+cmp dword [ebp - 0x38], 0x40
+jne loc_fffaee34 ; jne 0xfffaee34
+add dword [ebp - 0x34], 0x54a
+mov eax, dword [ebp - 0x58]
+add dword [ebp - 0x44], 0x13c3
+add dword [ebp - 0x48], 0x13c3
+cmp dword [ebp - 0x34], eax
+jne loc_fffaee24 ; jne 0xfffaee24
+jmp near loc_fffaedd6 ; jmp 0xfffaedd6
+
+loc_fffaef89: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffaef97 ; ja 0xfffaef97
+cmp byte [ebx + 0x3749], 0
+je short loc_fffaefbb ; je 0xfffaefbb
+
+loc_fffaef97: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x20]
+mov dword [eax], edx
+mov dword [eax - 0x1173], edx
+mov dword [eax + 0x128], edx
+mov dword [eax + 0x13c3], edx
+mov dword [eax + 0x250], edx
+mov dword [eax + 0x14eb], edx
+
+loc_fffaefbb: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffaef89 ; jne 0xfffaef89
+mov eax, dword [ebx + 0x18a7]
+mov eax, dword [ebp + eax*4 - 0x28]
+mov dword [ebx + 0x36df], eax
+lea esp, [ebp - 0xc]
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaefe1:
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, 0x5f5e100
+sub esp, 0x10
+mov edi, dword [ebp + 8]
+mov esi, dword [eax + 0x2443]
+mov eax, 0xbebc200
+test edi, edi
+cmovne ebx, edi
+dec ecx
+mov ecx, 0xfe502ab
+cmovne eax, ecx
+imul ebx, edx
+xor edx, edx
+push ebx
+push edx
+push eax
+call dword [esi + 0x70] ; ucall
+mov dword [esp], 0
+push 0x5af3
+push 0x107a4000
+add eax, 0x883d2000
+adc edx, 0x2d79
+push edx
+push eax
+call dword [esi + 0x74] ; ucall
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaf03f:
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+xor ebx, ebx
+sub esp, 8
+mov dword [ebp - 0x14], eax
+
+loc_fffaf04f:
+cmp esi, edx
+je short loc_fffaf07d ; je 0xfffaf07d
+mov eax, dword [ebp - 0x14]
+mov byte [ebp - 0xd], 8
+movzx edi, byte [eax + esi]
+shl edi, 8
+xor ebx, edi
+
+loc_fffaf063:
+lea edi, [ebx + ebx]
+mov eax, edi
+xor eax, 0x1021
+and bh, 0x80
+mov ebx, eax
+cmove ebx, edi
+dec byte [ebp - 0xd]
+jne short loc_fffaf063 ; jne 0xfffaf063
+inc esi
+jmp short loc_fffaf04f ; jmp 0xfffaf04f
+
+loc_fffaf07d:
+mov word [ecx], bx
+mov eax, 1
+pop edx
+pop ecx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaf08c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, ecx
+push esi
+mov esi, eax
+push ebx
+mov eax, ref_fffd34b0 ; mov eax, 0xfffd34b0
+xor ebx, ebx
+
+loc_fffaf09d: ; not directly referenced
+cmp edx, dword [eax]
+ja short loc_fffaf0b1 ; ja 0xfffaf0b1
+cmp edx, dword [eax + 9]
+jbe short loc_fffaf0b1 ; jbe 0xfffaf0b1
+lea eax, [ebx + ebx*8]
+mov eax, dword [eax + ref_fffd34b4] ; mov eax, dword [eax - 0x2cb4c]
+jmp short loc_fffaf0bc ; jmp 0xfffaf0bc
+
+loc_fffaf0b1: ; not directly referenced
+inc ebx
+add eax, 9
+cmp ebx, 0x14
+jne short loc_fffaf09d ; jne 0xfffaf09d
+xor eax, eax
+
+loc_fffaf0bc: ; not directly referenced
+mov ecx, esi
+mov edx, 1
+shl edx, cl
+lea ecx, [ebx + ebx*8]
+add ecx, ref_fffd34b0 ; add ecx, 0xfffd34b0
+jmp short loc_fffaf0df ; jmp 0xfffaf0df
+
+loc_fffaf0d0: ; not directly referenced
+movzx esi, byte [ecx + 8]
+sub ecx, 9
+test esi, edx
+jne short loc_fffaf0e3 ; jne 0xfffaf0e3
+mov eax, dword [ecx + 4]
+dec ebx
+
+loc_fffaf0df: ; not directly referenced
+test ebx, ebx
+jne short loc_fffaf0d0 ; jne 0xfffaf0d0
+
+loc_fffaf0e3: ; not directly referenced
+test edi, edi
+je short loc_fffaf0e9 ; je 0xfffaf0e9
+mov dword [edi], ebx
+
+loc_fffaf0e9: ; not directly referenced
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaf0ee: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov eax, dword [ebp + 8]
+mov esi, dword [eax + 0x188b]
+mov ebx, dword [eax + 0x18a7]
+mov al, byte [eax + 0x36c9]
+test esi, esi
+sete cl
+test al, al
+sete dl
+test cl, dl
+jne loc_fffaf36d ; jne 0xfffaf36d
+dec esi
+sete dl
+dec al
+sete al
+test dl, al
+jne loc_fffaf36d ; jne 0xfffaf36d
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x2c], 0
+lea edi, [eax + 0x3756]
+imul eax, ebx, 0x2e
+mov dword [ebp - 0x38], eax
+
+loc_fffaf145: ; not directly referenced
+cmp dword [edi], 2
+jne loc_fffaf35a ; jne 0xfffaf35a
+mov eax, dword [ebp - 0x38]
+mov ecx, dword [ebp - 0x2c]
+mov byte [ebp - 0x1c], 0
+mov byte [ebp - 0x1b], 2
+cmp word [edi + eax + 8], 2
+mov byte [ebp - 0x1a], 3
+mov byte [ebp - 0x19], 2
+sete al
+movzx eax, al
+add eax, eax
+mov byte [ebp - 0x31], al
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x5edc]
+imul eax, ecx, 0xcc
+lea ebx, [edx + eax + 0x1c]
+mov eax, dword [ebp + 8]
+mov esi, dword [eax + 0x18a7]
+mov eax, ecx
+shl eax, 0xa
+lea ecx, [eax + 0x4004]
+mov dword [ebp - 0x30], eax
+mov eax, dword [ebp + 8]
+mov edx, ecx
+mov dword [ebp - 0x48], ecx
+imul esi, esi, 0x2e
+call fcn_fffae52a ; call 0xfffae52a
+add esi, edi
+mov dword [ebx + 0xa0], eax
+movzx eax, word [esi + 8]
+mov dl, byte [ebp + eax - 0x1d]
+mov al, byte [ebx + 0xa3]
+shl edx, 6
+and eax, 0x3f
+or eax, edx
+mov edx, dword [ebp - 0x48]
+mov byte [ebx + 0xa3], al
+mov eax, dword [ebp + 8]
+mov ecx, dword [ebx + 0xa0]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x30]
+add eax, 0x400c
+mov edx, eax
+mov dword [ebp - 0x48], eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+mov dword [ebx + 0xa8], eax
+mov ax, word [esi + 8]
+mov esi, dword [ebp + 8]
+mov ecx, dword [esi + 0x2480]
+mov edx, dword [esi + 0x36d7]
+cmp ecx, 3
+jne short loc_fffaf224 ; jne 0xfffaf224
+cmp edx, 0x536
+sbb eax, eax
+add eax, 6
+jmp short loc_fffaf26e ; jmp 0xfffaf26e
+
+loc_fffaf224: ; not directly referenced
+cmp ecx, 2
+jne short loc_fffaf242 ; jne 0xfffaf242
+mov eax, 5
+cmp edx, 0x640
+jbe short loc_fffaf26e ; jbe 0xfffaf26e
+mov al, 6
+cmp edx, 0x74b
+jbe short loc_fffaf26e ; jbe 0xfffaf26e
+jmp short loc_fffaf263 ; jmp 0xfffaf263
+
+loc_fffaf242: ; not directly referenced
+cmp edx, 0x640
+ja short loc_fffaf252 ; ja 0xfffaf252
+movzx eax, al
+add eax, 4
+jmp short loc_fffaf26e ; jmp 0xfffaf26e
+
+loc_fffaf252: ; not directly referenced
+cmp edx, 0x74b
+ja short loc_fffaf263 ; ja 0xfffaf263
+cmp al, 3
+sbb eax, eax
+add eax, 7
+jmp short loc_fffaf26e ; jmp 0xfffaf26e
+
+loc_fffaf263: ; not directly referenced
+cmp edx, 0x856
+sbb eax, eax
+add eax, 8
+
+loc_fffaf26e: ; not directly referenced
+cmp eax, 0xf
+mov edx, 0xf
+cmovbe edx, eax
+mov al, byte [ebx + 0xa8]
+xor esi, esi
+mov cl, dl
+shl ecx, 6
+shr edx, 2
+and eax, 0x3f
+and edx, 3
+or eax, ecx
+mov byte [ebx + 0xa8], al
+mov al, byte [ebx + 0xa9]
+and eax, 0xfffffffc
+or eax, edx
+mov byte [ebx + 0xa9], al
+mov ecx, dword [ebx + 0xa8]
+xor ebx, ebx
+mov edx, dword [ebp - 0x48]
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov al, byte [ebp - 0x31]
+xor ecx, ecx
+mov dl, byte [edi + 0xc4]
+mov byte [ebp - 0x48], 0
+sub eax, 4
+test dl, 1
+je short loc_fffaf2e3 ; je 0xfffaf2e3
+mov cl, al
+add cl, byte [edi + 0x1015]
+mov byte [edi + 0x1015], cl
+and ecx, 0x7f
+
+loc_fffaf2e3: ; not directly referenced
+and dl, 2
+je short loc_fffaf2fb ; je 0xfffaf2fb
+mov dl, al
+add dl, byte [edi + 0x1016]
+mov esi, edx
+mov byte [edi + 0x1016], dl
+and esi, 0x7f
+
+loc_fffaf2fb: ; not directly referenced
+mov dl, byte [edi + 0xc4]
+test dl, 4
+je short loc_fffaf317 ; je 0xfffaf317
+mov bl, al
+add bl, byte [edi + 0x1017]
+mov byte [edi + 0x1017], bl
+and ebx, 0x7f
+
+loc_fffaf317: ; not directly referenced
+and dl, 8
+je short loc_fffaf32e ; je 0xfffaf32e
+add al, byte [edi + 0x1018]
+mov byte [edi + 0x1018], al
+and eax, 0x7f
+mov byte [ebp - 0x48], al
+
+loc_fffaf32e: ; not directly referenced
+mov eax, dword [ebp - 0x48]
+and esi, 0x7f
+and ecx, 0x7f
+shl esi, 8
+and ebx, 0x7f
+mov edx, dword [ebp - 0x30]
+shl ebx, 0x10
+or ecx, esi
+or ecx, ebx
+shl eax, 0x18
+or ecx, eax
+mov eax, dword [ebp + 8]
+add edx, 0x4024
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf35a: ; not directly referenced
+inc dword [ebp - 0x2c]
+add edi, 0x13c3
+cmp dword [ebp - 0x2c], 2
+jne loc_fffaf145 ; jne 0xfffaf145
+
+loc_fffaf36d: ; not directly referenced
+add esp, 0x3c
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaf377: ; not directly referenced
+push ebp
+mov ecx, 4
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd3e70 ; mov esi, 0xfffd3e70
+push ebx
+sub esp, 0x6c
+mov ebx, dword [ebp + 8]
+lea edi, [ebp - 0x54]
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov byte [ebp - 0x5d], 0
+mov eax, dword [ebx + 0x2443]
+mov dword [ebp - 0x5c], 0
+mov dword [ebp - 0x64], eax
+lea eax, [ebx + 0x381a]
+
+loc_fffaf3ac: ; not directly referenced
+mov cl, byte [eax]
+mov byte [ebp - 0x5e], cl
+and cl, 1
+jne short loc_fffaf41a ; jne 0xfffaf41a
+
+loc_fffaf3b6: ; not directly referenced
+test byte [ebp - 0x5e], 4
+je loc_fffaf46d ; je 0xfffaf46d
+movzx edx, word [eax + 0x12c0]
+mov ecx, 1
+imul edx, dword [eax + 0x12bc]
+movzx edi, byte [eax + 0x12c6]
+movzx esi, byte [eax + 0x12c5]
+shr edx, 0x14
+cmp byte [eax + 0x12c6], 0
+cmovne ecx, edi
+movzx edi, byte [eax + 0x12c8]
+imul edi, esi
+imul edi, edx
+movzx edx, byte [eax + 0x12ca]
+imul edi, ecx
+movzx edx, word [ebp + edx*2 - 0x54]
+cmp edx, edi
+mov edx, 1
+cmove edx, dword [ebp - 0x5c]
+mov dword [ebp - 0x5c], edx
+jmp short loc_fffaf46d ; jmp 0xfffaf46d
+
+loc_fffaf41a: ; not directly referenced
+movzx edx, word [eax + 0x1198]
+imul edx, dword [eax + 0x1194]
+movzx ecx, byte [eax + 0x119e]
+movzx esi, byte [eax + 0x119d]
+shr edx, 0x14
+test cl, cl
+jne short loc_fffaf442 ; jne 0xfffaf442
+mov ecx, 1
+
+loc_fffaf442: ; not directly referenced
+movzx edi, byte [eax + 0x11a0]
+imul esi, edi
+imul esi, edx
+movzx edx, byte [eax + 0x11a2]
+imul esi, ecx
+movzx edx, word [ebp + edx*2 - 0x54]
+cmp edx, esi
+je loc_fffaf3b6 ; je 0xfffaf3b6
+mov dword [ebp - 0x5c], 1
+
+loc_fffaf46d: ; not directly referenced
+inc byte [ebp - 0x5d]
+add eax, 0x13c3
+cmp byte [ebp - 0x5d], 2
+jne loc_fffaf3ac ; jne 0xfffaf3ac
+cmp dword [ebp - 0x5c], 1
+je loc_fffaf5ed ; je 0xfffaf5ed
+push edx
+push 0
+push 0x2c
+lea eax, [ebp - 0x44]
+push eax
+mov eax, dword [ebp - 0x64]
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+cmp byte [ebx + 0x3748], 1
+mov dword [ebp - 0x58], 1
+je short loc_fffaf4af ; je 0xfffaf4af
+
+loc_fffaf4ab: ; not directly referenced
+xor esi, esi
+jmp short loc_fffaf509 ; jmp 0xfffaf509
+
+loc_fffaf4af: ; not directly referenced
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffaf4db ; jne 0xfffaf4db
+mov edx, 0x5004
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5004
+mov ecx, eax
+mov dword [ebp - 0x68], eax
+and ecx, 0xfcffffff
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf4db: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffaf4ab ; jne 0xfffaf4ab
+mov edx, 0x5008
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5008
+mov ecx, eax
+mov dword [ebp - 0x6c], eax
+and ecx, 0xfcffffff
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffaf4ab ; jmp 0xfffaf4ab
+
+loc_fffaf509: ; not directly referenced
+movzx eax, byte [ebx + 0x248d]
+bt eax, esi
+jb short loc_fffaf521 ; jb 0xfffaf521
+
+loc_fffaf515: ; not directly referenced
+add esi, 2
+cmp esi, 4
+jne short loc_fffaf509 ; jne 0xfffaf509
+xor edi, edi
+jmp short loc_fffaf570 ; jmp 0xfffaf570
+
+loc_fffaf521: ; not directly referenced
+push eax
+mov ecx, esi
+push eax
+mov edi, 1
+lea eax, [ebp - 0x58]
+push eax
+mov eax, ebx
+push 0
+lea edx, [ebp - 0x44]
+call fcn_fffaa9ed ; call 0xfffaa9ed
+mov ecx, esi
+xor edx, edx
+shl edi, cl
+mov eax, ebx
+mov ecx, edi
+call fcn_fffaac43 ; call 0xfffaac43
+mov ecx, edi
+mov edx, 1
+mov byte [ebp - 0x5c], al
+mov eax, ebx
+call fcn_fffaac43 ; call 0xfffaac43
+or eax, dword [ebp - 0x5c]
+movzx edx, al
+mov eax, ebx
+call fcn_fffae670 ; call 0xfffae670
+add esp, 0x10
+mov edi, eax
+test eax, eax
+je short loc_fffaf515 ; je 0xfffaf515
+
+loc_fffaf570: ; not directly referenced
+cmp byte [ebx + 0x3748], 1
+jne short loc_fffaf5a9 ; jne 0xfffaf5a9
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffaf591 ; jne 0xfffaf591
+mov ecx, dword [ebp - 0x68]
+mov edx, 0x5004
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf591: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffaf5a9 ; jne 0xfffaf5a9
+mov ecx, dword [ebp - 0x6c]
+mov edx, 0x5008
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf5a9: ; not directly referenced
+mov edx, 0x3c
+mov eax, ebx
+call fcn_fffa834b ; call 0xfffa834b
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffaf5cf ; jne 0xfffaf5cf
+mov ecx, 0x3000
+mov edx, 0x48a8
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf5cf: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffaf5e9 ; jne 0xfffaf5e9
+mov ecx, 0x3000
+mov edx, 0x48b0
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf5e9: ; not directly referenced
+test edi, edi
+je short loc_fffaf5f7 ; je 0xfffaf5f7
+
+loc_fffaf5ed: ; not directly referenced
+mov dword [ebx + 0x374a], 1
+
+loc_fffaf5f7: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffaf601: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov edi, dword [ebp + 8]
+mov eax, dword [edi + 0x2443]
+cmp byte [edi + 0x190d], 0
+mov edx, dword [edi + 0x18a7]
+mov esi, dword [edi + 0x2480]
+mov dword [ebp - 0x30], eax
+je loc_fffafafc ; je 0xfffafafc
+cmp esi, 3
+sete al
+mov byte [ebp - 0x2c], al
+movzx eax, al
+mov dword [ebp - 0x38], eax
+mov eax, dword [edi + 0x36cb]
+test eax, eax
+je loc_fffaf79d ; je 0xfffaf79d
+dec eax
+jne loc_fffafafc ; jne 0xfffafafc
+movzx ebx, byte [edi + 0x247f]
+test ebx, ebx
+sete al
+or al, byte [ebp - 0x2c]
+je short loc_fffaf6d5 ; je 0xfffaf6d5
+mov ecx, dword [ebp - 0x30]
+xor eax, eax
+cmp dword [edi + 0x188b], 1
+mov edx, dword [ecx + 0x80]
+sete al
+mov esi, eax
+lea esi, [esi + esi + 0x18]
+lea eax, [eax + eax + 0x17]
+test edx, edx
+je short loc_fffaf6d5 ; je 0xfffaf6d5
+lea ecx, [ebp - 0x20]
+push ecx
+lea ecx, [ebp - 0x1c]
+push ecx
+push eax
+push 1
+call edx
+mov al, byte [ebp - 0x19]
+add esp, 0x10
+test al, al
+js short loc_fffaf6d5 ; js 0xfffaf6d5
+or eax, 0xffffff80
+mov byte [ebp - 0x19], al
+mov al, byte [ebp - 0x1c]
+or eax, 1
+cmp dword [edi + 0x2480], 3
+mov byte [ebp - 0x1c], al
+jne short loc_fffaf6bf ; jne 0xfffaf6bf
+and eax, 0xfffffff1
+or eax, 8
+mov byte [ebp - 0x1c], al
+
+loc_fffaf6bf: ; not directly referenced
+lea eax, [ebp - 0x20]
+push eax
+mov eax, dword [ebp - 0x30]
+push dword [ebp - 0x1c]
+push esi
+push 1
+call dword [eax + 0x84] ; ucall
+add esp, 0x10
+
+loc_fffaf6d5: ; not directly referenced
+cmp ebx, 1
+mov edx, 0x64
+mov eax, 0x32
+cmove edx, eax
+cmp dword [ebp - 0x38], 1
+jne short loc_fffaf70c ; jne 0xfffaf70c
+mov edx, 0x5880
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5880
+and al, 0x7f
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x61
+
+loc_fffaf70c: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+dec ebx
+sete al
+or cl, al
+je loc_fffafafc ; je 0xfffafafc
+movzx eax, dx
+xor esi, esi
+lea ebx, [edi + 0x4a07]
+mov dword [ebp - 0x2c], eax
+
+loc_fffaf729: ; not directly referenced
+cmp dword [ebx - 0x12b1], 2
+jne short loc_fffaf782 ; jne 0xfffaf782
+movzx eax, word [ebx - 0x129b]
+mov ecx, 0x64
+imul eax, dword [ebp - 0x2c]
+cdq
+idiv ecx
+cmp dword [ebx - 0x13e], 2
+mov word [ebx - 0x129b], ax
+jne short loc_fffaf76a ; jne 0xfffaf76a
+movzx eax, word [ebx - 0x128]
+imul eax, dword [ebp - 0x2c]
+cdq
+idiv ecx
+mov word [ebx - 0x128], ax
+
+loc_fffaf76a: ; not directly referenced
+cmp dword [ebx - 0x16], 2
+jne short loc_fffaf782 ; jne 0xfffaf782
+movzx eax, word [ebx]
+mov ecx, 0x64
+imul eax, dword [ebp - 0x2c]
+cdq
+idiv ecx
+mov word [ebx], ax
+
+loc_fffaf782: ; not directly referenced
+mov edx, esi
+mov eax, edi
+inc esi
+add ebx, 0x13c3
+call fcn_fffae6fa ; call 0xfffae6fa
+cmp esi, 2
+je loc_fffafafc ; je 0xfffafafc
+jmp short loc_fffaf729 ; jmp 0xfffaf729
+
+loc_fffaf79d: ; not directly referenced
+cmp dword [edi + 0x36e8], 0
+je short loc_fffaf7b3 ; je 0xfffaf7b3
+cmp byte [edi + 0x1916], 0
+jne loc_fffafafc ; jne 0xfffafafc
+
+loc_fffaf7b3: ; not directly referenced
+test byte [edi + 0x36ca], 0xf7
+je loc_fffafafc ; je 0xfffafafc
+cmp dword [edi + 0x3756], 2
+mov dword [ebp - 0x40], 0
+mov dword [ebp - 0x44], 0
+mov dword [ebp - 0x34], 0
+je short loc_fffaf7f2 ; je 0xfffaf7f2
+cmp dword [edi + 0x4b19], 2
+mov eax, 1
+jne loc_fffaf892 ; jne 0xfffaf892
+jmp short loc_fffaf7f4 ; jmp 0xfffaf7f4
+
+loc_fffaf7f2: ; not directly referenced
+xor eax, eax
+
+loc_fffaf7f4: ; not directly referenced
+imul eax, eax, 0x13c3
+lea ecx, [edi + eax + 0x3756]
+imul eax, edx, 0x2e
+lea eax, [ecx + eax + 4]
+movzx ecx, word [eax + 0x1a]
+movzx edx, word [eax + 0x10]
+movzx eax, word [eax + 0xc]
+lea edx, [ecx + edx + 1]
+mov cl, 0x7f
+mov bl, dl
+and ebx, 0x7f
+cmp edx, 0x7f
+cmovbe ecx, ebx
+mov ebx, 0xa
+imul eax, eax, 0xf
+xor edx, edx
+and ecx, 0x7f
+div ebx
+mov bl, 0x7f
+cmp dl, 1
+mov edx, 0x4e44
+sbb eax, 0xffffffff
+cmp eax, 0x7f
+cmovbe ebx, eax
+mov eax, edi
+and ebx, 0x7f
+shl ecx, 8
+or ecx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf856: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+call dword [eax + 0x7c] ; ucall
+mov ebx, eax
+xor ax, ax
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov dl, al
+movzx eax, bx
+mov dword [ebp - 0x2c], edx
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov edx, dword [ebp - 0x2c]
+test al, al
+sete al
+test dl, dl
+sete dl
+or al, dl
+jne short loc_fffaf856 ; jne 0xfffaf856
+mov ecx, ebx
+mov edx, 0x2bb8
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffaf892: ; not directly referenced
+cmp esi, 2
+je loc_fffafafc ; je 0xfffafafc
+mov ecx, dword [edi + 0x1912]
+mov eax, 0x800
+mov dl, 0xb
+
+loc_fffaf8a8: ; not directly referenced
+movzx ebx, dl
+cmp ebx, ecx
+lea eax, [eax + eax]
+jae short loc_fffaf8b5 ; jae 0xfffaf8b5
+inc edx
+jmp short loc_fffaf8a8 ; jmp 0xfffaf8a8
+
+loc_fffaf8b5: ; not directly referenced
+call fcn_fffaec34 ; call 0xfffaec34
+mov byte [ebp - 0x2c], 0x11
+sub byte [ebp - 0x2c], al
+movzx eax, byte [ebp - 0x2c]
+mov word [ebp - 0x48], ax
+
+loc_fffaf8c9: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+xor ebx, ebx
+mov esi, 1
+call dword [eax + 0x7c] ; ucall
+xor edx, edx
+mov dword [ebp - 0x3c], eax
+
+loc_fffaf8db: ; not directly referenced
+mov cl, dl
+cmp bx, word [ebp - 0x48]
+je short loc_fffaf8fb ; je 0xfffaf8fb
+mov eax, esi
+shl eax, cl
+mov ecx, dword [ebp - 0x3c]
+and ecx, eax
+cmp ecx, 1
+sbb bx, 0xffff
+inc edx
+cmp edx, 0x10
+jne short loc_fffaf8db ; jne 0xfffaf8db
+mov cl, 0x10
+
+loc_fffaf8fb: ; not directly referenced
+mov ebx, 1
+shl ebx, cl
+dec ebx
+and ebx, dword [ebp - 0x3c]
+movzx eax, bx
+call fcn_fffaeba2 ; call 0xfffaeba2
+cmp al, byte [ebp - 0x2c]
+jne short loc_fffaf8c9 ; jne 0xfffaf8c9
+mov edx, ebx
+xor esi, esi
+mov word [ebp - 0x40], bx
+not edx
+
+loc_fffaf91d: ; not directly referenced
+mov ecx, esi
+mov eax, 0xfffffffe
+rol eax, cl
+and eax, edx
+movzx ecx, ax
+mov edx, eax
+mov word [ebp - 0x30], ax
+mov eax, ecx
+mov dword [ebp - 0x48], edx
+mov dword [ebp - 0x3c], ecx
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov ecx, dword [ebp - 0x3c]
+mov edx, dword [ebp - 0x48]
+cmp al, byte [ebp - 0x2c]
+jne short loc_fffaf971 ; jne 0xfffaf971
+
+loc_fffaf949: ; not directly referenced
+shl ecx, 0x10
+mov eax, edi
+mov edx, ecx
+movzx ecx, word [ebp - 0x40]
+xor esi, esi
+or ebx, dword [ebp - 0x30]
+or ecx, edx
+mov edx, 0x4e38
+mov word [ebp - 0x3c], bx
+not ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov word [ebp - 0x30], bx
+jmp short loc_fffaf97f ; jmp 0xfffaf97f
+
+loc_fffaf971: ; not directly referenced
+inc esi
+cmp esi, 0x10
+jne short loc_fffaf91d ; jne 0xfffaf91d
+jmp short loc_fffaf949 ; jmp 0xfffaf949
+
+loc_fffaf979: ; not directly referenced
+inc esi
+cmp esi, 0x10
+je short loc_fffaf99e ; je 0xfffaf99e
+
+loc_fffaf97f: ; not directly referenced
+mov ebx, dword [ebp - 0x30]
+mov edx, 0xfffffffe
+mov ecx, esi
+rol edx, cl
+and ebx, edx
+movzx eax, bx
+mov word [ebp - 0x30], ax
+call fcn_fffaeba2 ; call 0xfffaeba2
+cmp al, byte [ebp - 0x2c]
+jne short loc_fffaf979 ; jne 0xfffaf979
+
+loc_fffaf99e: ; not directly referenced
+mov word [ebp - 0x44], bx
+xor esi, esi
+or ebx, dword [ebp - 0x3c]
+not ebx
+jmp short loc_fffaf9bc ; jmp 0xfffaf9bc
+
+loc_fffaf9ab: ; not directly referenced
+mov ecx, esi
+mov eax, 0xfffffffe
+rol eax, cl
+inc esi
+and ebx, eax
+cmp esi, 0x10
+je short loc_fffaf9c9 ; je 0xfffaf9c9
+
+loc_fffaf9bc: ; not directly referenced
+movzx eax, bx
+call fcn_fffaeba2 ; call 0xfffaeba2
+cmp al, byte [ebp - 0x2c]
+jne short loc_fffaf9ab ; jne 0xfffaf9ab
+
+loc_fffaf9c9: ; not directly referenced
+movzx ecx, word [ebp - 0x44]
+shl ebx, 0x10
+mov edx, 0x4e3c
+mov eax, edi
+or ecx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov dword [ebp - 0x2c], 0
+
+loc_fffaf9e5: ; not directly referenced
+imul esi, dword [ebp - 0x2c], 0x13c3
+cmp dword [edi + esi + 0x3756], 2
+jne loc_fffafaef ; jne 0xfffafaef
+xor ebx, ebx
+test byte [edi + esi + 0x381a], 1
+je short loc_fffafa5b ; je 0xfffafa5b
+cmp dword [ebp - 0x38], 0
+jne short loc_fffafa2d ; jne 0xfffafa2d
+imul eax, dword [ebp - 0x2c], 0x54a
+mov ax, word [edi + eax + 0x1a4f]
+cmp ax, 0xce00
+sete bl
+cmp ax, 0xfe02
+sete al
+or ebx, eax
+jmp short loc_fffafa5b ; jmp 0xfffafa5b
+
+loc_fffafa2d: ; not directly referenced
+push edx
+xor ecx, ecx
+push edx
+mov edx, dword [ebp - 0x2c]
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, edi
+push 5
+call fcn_fffa686d ; call 0xfffa686d
+lea eax, [ebp - 0x1c]
+add esp, 0x10
+mov cl, 1
+
+loc_fffafa49: ; not directly referenced
+mov dl, byte [eax]
+and edx, 0xfffffffd
+dec dl
+cmove ebx, ecx
+inc eax
+lea edx, [ebp - 0x18]
+cmp eax, edx
+jne short loc_fffafa49 ; jne 0xfffafa49
+
+loc_fffafa5b: ; not directly referenced
+test byte [edi + esi + 0x381a], 4
+je short loc_fffafac5 ; je 0xfffafac5
+cmp dword [ebp - 0x38], 0
+je short loc_fffafaa1 ; je 0xfffafaa1
+mov edx, dword [ebp - 0x2c]
+mov ecx, 2
+push eax
+push eax
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, edi
+push 5
+call fcn_fffa686d ; call 0xfffa686d
+lea eax, [ebp - 0x1c]
+add esp, 0x10
+lea ecx, [ebp - 0x18]
+
+loc_fffafa8b: ; not directly referenced
+mov dl, byte [eax]
+mov esi, ebx
+or esi, 2
+and edx, 0xfffffffd
+dec dl
+cmove ebx, esi
+inc eax
+cmp eax, ecx
+jne short loc_fffafa8b ; jne 0xfffafa8b
+jmp short loc_fffafac5 ; jmp 0xfffafac5
+
+loc_fffafaa1: ; not directly referenced
+imul eax, dword [ebp - 0x2c], 0x54a
+mov ax, word [edi + eax + 0x1cc6]
+cmp ax, 0xfe02
+sete dl
+cmp ax, 0xce00
+sete al
+or dl, al
+je short loc_fffafac5 ; je 0xfffafac5
+or ebx, 2
+
+loc_fffafac5: ; not directly referenced
+and dword [ebp - 0x34], 0xffffff9f
+and ebx, 3
+shl ebx, 5
+mov edx, dword [ebp - 0x2c]
+mov eax, edi
+or dword [ebp - 0x34], ebx
+or dword [ebp - 0x34], 0x80000000
+mov ecx, dword [ebp - 0x34]
+shl edx, 0xa
+add edx, 0x4240
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffafaef: ; not directly referenced
+inc dword [ebp - 0x2c]
+cmp dword [ebp - 0x2c], 2
+jne loc_fffaf9e5 ; jne 0xfffaf9e5
+
+loc_fffafafc: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffafb06: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+movzx edi, dl
+push esi
+push ebx
+sub esp, 0x4c
+mov esi, dword [ebp + 0x14]
+mov byte [ebp - 0x27], cl
+mov cl, byte [ebp + 8]
+mov ebx, dword [ebp + 0xc]
+mov byte [ebp - 0x26], dl
+mov edx, 0x4c31
+mov dword [ebp - 0x38], esi
+imul esi, edi, 0x13c3
+mov byte [ebp - 0x48], cl
+xor ecx, ecx
+mov dword [ebp - 0x20], edi
+mov byte [ebp - 0x34], bl
+lea edi, [eax + esi + 0x3756]
+mov dword [ebp - 0x1c], eax
+call fcn_fffae566 ; call 0xfffae566
+cmp byte [edi + 0x1241], 1
+sete al
+mov dl, al
+mov cl, al
+mov eax, dword [ebp - 0x20]
+or edx, 2
+cmp byte [edi + 0x1369], 1
+cmove ecx, edx
+shl eax, 0xa
+mov edi, ecx
+lea edx, [eax + 0x41bc]
+xor ecx, ecx
+mov dword [ebp - 0x2c], eax
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae566 ; call 0xfffae566
+mov eax, ebx
+and eax, 1
+lea edx, [eax + eax]
+mov al, bl
+and eax, 2
+and ebx, 4
+shr al, 1
+or eax, ebx
+or eax, edx
+mov ebx, eax
+movzx eax, byte [ebp - 0x34]
+add esi, dword [ebp - 0x1c]
+shl ebx, 0x18
+mov dword [ebp - 0x30], ebx
+mov dword [ebp - 0x24], 0
+mov byte [ebp - 0x25], 0
+mov dword [ebp - 0x4c], esi
+mov dword [ebp - 0x34], eax
+
+loc_fffafbb5: ; not directly referenced
+mov cl, byte [ebp - 0x24]
+mov ebx, 1
+mov esi, dword [ebp - 0x4c]
+shl ebx, cl
+mov al, bl
+and al, byte [esi + 0x381a]
+test byte [ebp - 0x27], al
+je loc_fffafc5d ; je 0xfffafc5d
+mov ecx, dword [ebp - 0x34]
+xor edx, edx
+mov esi, dword [ebp + 0x10]
+and ecx, 0xf
+shl ecx, 0x18
+mov eax, ecx
+mov cl, byte [ebp - 0x24]
+shr cl, 1
+movzx ecx, cl
+mov si, word [esi + ecx*2]
+mov ax, si
+test byte [ebp - 0x24], 1
+je short loc_fffafc1e ; je 0xfffafc1e
+inc ecx
+test ecx, edi
+je short loc_fffafc1e ; je 0xfffafc1e
+mov edx, esi
+and ax, 0x150
+and dx, 0xfe07
+and esi, 0xa8
+shr ax, 1
+add esi, esi
+or eax, edx
+or eax, esi
+movzx eax, ax
+add eax, dword [ebp - 0x30]
+cdq
+
+loc_fffafc1e: ; not directly referenced
+mov esi, dword [ebp - 0x48]
+mov ecx, edx
+not ebx
+or ecx, 0xf000000
+and ebx, 0xf
+and ch, 0xf0
+and esi, 0xf
+shl esi, 8
+or ecx, esi
+and ecx, 0xfffffff0
+or ecx, ebx
+mov ebx, dword [ebp - 0x2c]
+mov edx, ecx
+push ecx
+push ecx
+push edx
+push eax
+mov eax, dword [ebp - 0x1c]
+lea ecx, [ebx + 0x41c0]
+mov edx, ecx
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+inc byte [ebp - 0x25]
+
+loc_fffafc5d: ; not directly referenced
+inc dword [ebp - 0x24]
+cmp dword [ebp - 0x24], 4
+jne loc_fffafbb5 ; jne 0xfffafbb5
+cmp byte [ebp - 0x25], 0
+jne short loc_fffafc7a ; jne 0xfffafc7a
+
+loc_fffafc70: ; not directly referenced
+mov eax, 1
+jmp near loc_fffafd4a ; jmp 0xfffafd4a
+
+loc_fffafc7a: ; not directly referenced
+mov edi, dword [ebp - 0x38]
+mov cl, 3
+mov edx, dword [ebp - 0x2c]
+mov ebx, edi
+mov eax, edi
+mov edi, dword [ebp - 0x1c]
+add edx, 0x419c
+and eax, 7
+test bl, bl
+cmovne ecx, eax
+mov al, byte [ebp - 0x25]
+and ecx, 7
+dec eax
+and eax, 7
+shl eax, 0x10
+or ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x20]
+lea ebx, [eax*8 + 0x48a8]
+mov eax, edi
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, ebx
+mov dword [ebp - 0x1c], edi
+mov ecx, eax
+mov esi, eax
+and ch, 0xc7
+mov eax, edi
+or ch, 0x20
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, dword [ebp - 0x20]
+mov ecx, 5
+mov eax, dword [ebp - 0x1c]
+lea edi, [edx*4 + 0x48b8]
+mov edx, edi
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffafcef: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+mov edx, 0x4804
+call fcn_fffae52a ; call 0xfffae52a
+cmp byte [ebp - 0x26], 0
+jne short loc_fffafd15 ; jne 0xfffafd15
+test al, 1
+jne loc_fffafc70 ; jne 0xfffafc70
+shr eax, 0x10
+and eax, 1
+xor eax, 1
+jmp short loc_fffafd28 ; jmp 0xfffafd28
+
+loc_fffafd15: ; not directly referenced
+test al, 2
+jne loc_fffafc70 ; jne 0xfffafc70
+shr eax, 0x10
+shr al, 1
+xor eax, 1
+and eax, 1
+
+loc_fffafd28: ; not directly referenced
+test al, al
+jne short loc_fffafcef ; jne 0xfffafcef
+mov edx, edi
+mov edi, dword [ebp - 0x1c]
+mov ecx, 4
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+mov eax, edi
+mov ecx, esi
+mov edx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+xor eax, eax
+
+loc_fffafd4a: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffafd52: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov esi, dword [ebp + 8]
+mov ebx, dword [ebp + 0xc]
+cmp cl, 3
+ja short loc_fffafd72 ; ja 0xfffafd72
+mov word [ebp - 0x1c], bx
+mov word [ebp - 0x1a], 0
+jmp short loc_fffafd7c ; jmp 0xfffafd7c
+
+loc_fffafd72: ; not directly referenced
+mov word [ebp - 0x1c], 0
+mov word [ebp - 0x1a], bx
+
+loc_fffafd7c: ; not directly referenced
+cmp dword [eax + 0x2480], 2
+movzx edi, dl
+mov edx, esi
+movzx ecx, cl
+push 0
+movzx esi, dl
+sete bl
+mov dword [ebp - 0x2c], edi
+lea edi, [ebp - 0x1c]
+mov edx, dword [ebp - 0x2c]
+push edi
+shl ebx, 3
+push esi
+movzx ebx, bl
+push ebx
+call fcn_fffafb06 ; call 0xfffafb06
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffafdb2: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0xe0
+mov esi, dword [ebp + 8]
+mov edi, dword [ebp + 0x14]
+mov byte [ebp - 0x9f], cl
+mov ebx, dword [ebp + 0x10]
+mov dword [ebp - 0x80], eax
+mov eax, dword [ebp + 0xc]
+mov ecx, esi
+mov dword [ebp - 0xd8], esi
+mov esi, ref_fffd3e80 ; mov esi, 0xfffd3e80
+mov dword [ebp - 0xac], edi
+mov dword [ebp - 0xb8], edx
+mov byte [ebp - 0xdc], dl
+mov edx, edi
+mov byte [ebp - 0xc8], cl
+lea edi, [ebp - 0x50]
+mov ecx, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x38]
+mov esi, ref_fffd3e8c ; mov esi, 0xfffd3e8c
+mov dword [ebp - 0x88], eax
+mov byte [ebp - 0xa0], al
+mov byte [ebp - 0x9d], dl
+mov word [ebp - 0x7c], bx
+mov word [ebp - 0x60], 0
+mov word [ebp - 0x5e], 2
+mov cl, 4
+mov word [ebp - 0x5c], 1
+mov word [ebp - 0x5a], 3
+mov word [ebp - 0x64], 0
+mov word [ebp - 0x62], 2
+mov byte [ebp - 0x6a], 1
+mov byte [ebp - 0x69], 2
+mov byte [ebp - 0x68], 3
+mov byte [ebp - 0x67], 0
+mov byte [ebp - 0x66], 2
+mov byte [ebp - 0x65], 3
+movzx edx, byte [ebp - 0xb8]
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov edi, dword [ebp - 0x80]
+imul eax, edx, 0x13c3
+mov dword [ebp - 0x84], edx
+mov esi, dword [edi + 0x5edc]
+lea eax, [edi + eax + 0x3756]
+mov dword [ebp - 0xa8], eax
+imul eax, edx, 0xcc
+mov ecx, esi
+mov dword [ebp - 0xa4], esi
+mov esi, dword [edi + 0x2443]
+lea edx, [ecx + eax + 0x1c]
+mov dword [ebp - 0x9c], edx
+mov edx, dword [edi + 0x188b]
+lea eax, [ebp - 0x50]
+push 0xc
+push eax
+lea eax, [ebp - 0x44]
+push eax
+mov dword [ebp - 0x98], edx
+call dword [esi + 0x58] ; ucall
+add esp, 0xc
+push 8
+lea eax, [ebp - 0x60]
+push eax
+lea eax, [ebp - 0x58]
+push eax
+call dword [esi + 0x58] ; ucall
+mov eax, dword [edi + 0x2480]
+add esp, 0xc
+xor edx, edx
+push 0x10
+cmp eax, 3
+sete dl
+mov dword [ebp - 0xb4], edx
+xor edx, edx
+cmp eax, 2
+lea eax, [ebp - 0x38]
+sete dl
+push eax
+lea eax, [ebp - 0x28]
+mov dword [ebp - 0xb0], edx
+push eax
+call dword [esi + 0x58] ; ucall
+mov ecx, dword [ebp - 0x88]
+add esp, 0x10
+cmp cl, 3
+sete al
+cmp cl, 1
+setbe dl
+or dl, al
+jne short loc_fffaff33 ; jne 0xfffaff33
+mov edx, ecx
+cmp cl, 0x11
+sete cl
+cmp dl, 2
+sete dl
+or cl, dl
+je loc_fffaffe5 ; je 0xfffaffe5
+
+loc_fffaff33: ; not directly referenced
+mov ecx, dword [ebp - 0x88]
+cmp cl, 1
+sbb esi, esi
+and esi, 0x10
+add esi, 0xf
+cmp cl, 1
+sbb edx, edx
+and edx, 0xfffffff0
+sub edx, 0x10
+cmp bx, si
+jg short loc_fffaff5c ; jg 0xfffaff5c
+cmp dx, bx
+mov esi, ebx
+cmovge esi, edx
+
+loc_fffaff5c: ; not directly referenced
+mov ebx, dword [ebp - 0x9c]
+movzx ecx, byte [ebp - 0xd8]
+cmp byte [ebp - 0x88], 0
+lea edi, [ebx + ecx*4]
+mov ebx, dword [edi + 0x78]
+jne loc_fffb0a8d ; jne 0xfffb0a8d
+mov eax, esi
+and ebx, 0xfffff000
+and eax, 0x3f
+mov edx, eax
+or ebx, eax
+shl edx, 6
+or ebx, edx
+
+loc_fffaff90: ; not directly referenced
+cmp byte [ebp - 0xb8], 1
+mov edx, 0x365c
+jbe loc_fffb0ae0 ; jbe 0xfffb0ae0
+
+loc_fffaffa2: ; not directly referenced
+mov ecx, dword [ebp - 0x80]
+lea eax, [edx + 0xc]
+cmp dword [ecx + 0x188b], 1
+mov ecx, ebx
+cmove edx, eax
+mov eax, dword [ebp - 0x80]
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0xac], 0
+je short loc_fffaffc8 ; je 0xfffaffc8
+mov dword [edi + 0x78], ebx
+
+loc_fffaffc8: ; not directly referenced
+mov eax, dword [ebp - 0xa4]
+mov edx, 0x2008
+mov ecx, dword [eax + 0x18]
+mov eax, dword [ebp - 0x80]
+or ecx, 0x20
+call fcn_fffae58c ; call 0xfffae58c
+mov word [ebp - 0x7c], si
+
+loc_fffaffe5: ; not directly referenced
+mov eax, dword [ebp - 0x88]
+cmp al, 0x11
+sete cl
+sub eax, 4
+cmp al, 1
+setbe al
+or al, cl
+mov byte [ebp - 0x9e], cl
+je loc_fffb0219 ; je 0xfffb0219
+mov eax, dword [ebp - 0xa8]
+xor edi, edi
+lea esi, [eax + 0x24d]
+imul eax, dword [ebp - 0x84], 0x13c3
+add eax, dword [ebp - 0x80]
+mov dword [ebp - 0xe4], eax
+movzx eax, byte [ebp - 0x9f]
+mov dword [ebp - 0xe8], eax
+
+loc_fffb0034: ; not directly referenced
+mov ebx, dword [ebp - 0xe4]
+mov eax, 1
+mov ecx, edi
+shl eax, cl
+test byte [ebx + 0x381a], al
+je loc_fffb020c ; je 0xfffb020c
+mov eax, dword [ebp - 0xe8]
+bt eax, edi
+jae loc_fffb020c ; jae 0xfffb020c
+cmp byte [ebp - 0xa0], 4
+jne loc_fffb0103 ; jne 0xfffb0103
+cmp dword [ebp - 0x98], 0
+jne short loc_fffb0085 ; jne 0xfffb0085
+mov ebx, dword [ebp - 0x7c]
+mov eax, 0xb
+cmp bx, 0xb
+cmovle eax, ebx
+jmp short loc_fffb00a8 ; jmp 0xfffb00a8
+
+loc_fffb0085: ; not directly referenced
+cmp dword [ebp - 0x98], 1
+jne short loc_fffb00ac ; jne 0xfffb00ac
+mov ecx, dword [ebp - 0x7c]
+mov eax, 0xf
+cmp cx, 0xf
+cmovle eax, ecx
+mov ecx, eax
+or eax, 0x10
+test byte [esi], 0x10
+cmove eax, ecx
+
+loc_fffb00a8: ; not directly referenced
+mov word [ebp - 0x7c], ax
+
+loc_fffb00ac: ; not directly referenced
+mov ebx, dword [ebp - 0x7c]
+mov eax, 0
+mov ecx, edi
+push edx
+mov edx, dword [ebp - 0x84]
+test bx, bx
+cmovns eax, ebx
+movzx ebx, byte [ebp - 0xc8]
+mov word [ebp - 0x7c], ax
+or eax, 0x30
+mov word [ebp - 0xe0], ax
+cwde
+push eax
+mov eax, dword [ebp - 0x80]
+push 2
+push ebx
+call fcn_fffa73b0 ; call 0xfffa73b0
+add esp, 0x10
+cmp byte [ebp - 0x9d], 0
+je loc_fffb020c ; je 0xfffb020c
+mov al, byte [ebp - 0xe0]
+mov byte [esi + ebx], al
+jmp near loc_fffb020c ; jmp 0xfffb020c
+
+loc_fffb0103: ; not directly referenced
+cmp byte [ebp - 0xa0], 5
+jne loc_fffb01c5 ; jne 0xfffb01c5
+cmp dword [ebp - 0x98], 0
+jne short loc_fffb0150 ; jne 0xfffb0150
+cmp word [ebp - 0x7c], 0x13
+jg short loc_fffb0134 ; jg 0xfffb0134
+mov ecx, dword [ebp - 0x7c]
+mov eax, 0
+test cx, cx
+cmovns eax, ecx
+mov word [ebp - 0x7c], ax
+jmp short loc_fffb013a ; jmp 0xfffb013a
+
+loc_fffb0134: ; not directly referenced
+mov word [ebp - 0x7c], 0x13
+
+loc_fffb013a: ; not directly referenced
+mov eax, dword [ebp - 0x7c]
+mov ecx, 5
+mov edx, eax
+sar dx, 0xf
+idiv cx
+lea ebx, [edx + eax*8]
+jmp short loc_fffb0185 ; jmp 0xfffb0185
+
+loc_fffb0150: ; not directly referenced
+xor ebx, ebx
+cmp dword [ebp - 0x98], 1
+jne short loc_fffb0185 ; jne 0xfffb0185
+mov eax, dword [ebp - 0x7c]
+test ax, ax
+jle short loc_fffb0185 ; jle 0xfffb0185
+movsx ebx, ax
+mov eax, 0x10
+cmp bx, 0x10
+cmovle eax, ebx
+mov word [ebp - 0x7c], ax
+dec eax
+mov ebx, eax
+and eax, 3
+sar ebx, 2
+add eax, eax
+lea ebx, [eax + ebx*8 + 1]
+
+loc_fffb0185: ; not directly referenced
+push eax
+movzx eax, bl
+mov edx, dword [ebp - 0x84]
+push eax
+movzx eax, byte [ebp - 0xc8]
+mov ecx, edi
+push 2
+push eax
+mov dword [ebp - 0xe0], eax
+mov eax, dword [ebp - 0x80]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+cmp byte [ebp - 0x9d], 0
+je short loc_fffb020c ; je 0xfffb020c
+mov eax, dword [ebp - 0xe0]
+mov byte [esi + eax + 0xdd9], bl
+jmp short loc_fffb020c ; jmp 0xfffb020c
+
+loc_fffb01c5: ; not directly referenced
+cmp byte [ebp - 0x9e], 0
+je short loc_fffb020c ; je 0xfffb020c
+movzx ebx, byte [ebp - 0xc8]
+mov ecx, edi
+push eax
+mov edx, dword [ebp - 0x84]
+mov eax, dword [ebp - 0x80]
+push 0
+push 0xff
+push ebx
+call fcn_fffa73b0 ; call 0xfffa73b0
+add esp, 0xc
+mov edx, dword [ebp - 0x84]
+mov eax, dword [ebp - 0x80]
+mov ecx, edi
+push 0
+push 0xff
+push ebx
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffb020c: ; not directly referenced
+inc edi
+add esi, 9
+cmp edi, 4
+jne loc_fffb0034 ; jne 0xfffb0034
+
+loc_fffb0219: ; not directly referenced
+cmp byte [ebp - 0x88], 6
+mov cl, byte [ebp - 0x9e]
+sete al
+or cl, al
+je loc_fffb0378 ; je 0xfffb0378
+cmp dword [ebp - 0x98], 1
+jne short loc_fffb0247 ; jne 0xfffb0247
+cmp word [ebp - 0x7c], 0x3f
+jg loc_fffb0b12 ; jg 0xfffb0b12
+jmp short loc_fffb0252 ; jmp 0xfffb0252
+
+loc_fffb0247: ; not directly referenced
+cmp word [ebp - 0x7c], 7
+jg loc_fffb0b1d ; jg 0xfffb0b1d
+
+loc_fffb0252: ; not directly referenced
+mov edi, dword [ebp - 0x7c]
+mov edx, 0
+test di, di
+cmovns edx, edi
+mov word [ebp - 0x7c], dx
+
+loc_fffb0264: ; not directly referenced
+movzx edi, byte [ebp - 0xd8]
+mov ecx, dword [ebp - 0x9c]
+mov dword [ebp - 0xc8], edi
+lea edi, [ecx + edi*4]
+mov ebx, dword [edi + 4]
+mov esi, dword [edi + 0x28]
+test al, al
+je short loc_fffb02c1 ; je 0xfffb02c1
+cmp dword [ebp - 0x98], 1
+jne short loc_fffb02b3 ; jne 0xfffb02b3
+mov ecx, dword [ebp - 0x7c]
+and bh, 0xe3
+and esi, 0xe3ffffff
+mov eax, ecx
+sar ax, 3
+and eax, 7
+shl eax, 0xa
+or ebx, eax
+mov eax, ecx
+and eax, 7
+shl eax, 0x1a
+or esi, eax
+jmp short loc_fffb02c1 ; jmp 0xfffb02c1
+
+loc_fffb02b3: ; not directly referenced
+mov eax, dword [ebp - 0x7c]
+and bh, 0xe3
+and eax, 7
+shl eax, 0xa
+or ebx, eax
+
+loc_fffb02c1: ; not directly referenced
+mov ecx, dword [ebp - 0xc8]
+mov edx, dword [ebp - 0x84]
+mov eax, dword [ebp - 0x80]
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, ebx
+mov edx, eax
+mov eax, dword [ebp - 0x80]
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x98], 1
+jne short loc_fffb030a ; jne 0xfffb030a
+mov ecx, dword [ebp - 0xc8]
+mov edx, dword [ebp - 0x84]
+mov eax, dword [ebp - 0x80]
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, esi
+mov edx, eax
+mov eax, dword [ebp - 0x80]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb030a: ; not directly referenced
+cmp byte [ebp - 0xac], 0
+je short loc_fffb0378 ; je 0xfffb0378
+cmp dword [ebp - 0x98], 1
+mov dword [edi + 4], ebx
+jne short loc_fffb0378 ; jne 0xfffb0378
+mov ebx, dword [ebp - 0x80]
+mov edx, 0x3a28
+mov dword [edi + 0x28], esi
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+movzx ecx, byte [ebx + 0x2488]
+xor edx, edx
+mov esi, eax
+xor eax, eax
+
+loc_fffb033e: ; not directly referenced
+cmp cl, dl
+jbe short loc_fffb0357 ; jbe 0xfffb0357
+mov edi, dword [ebp - 0x9c]
+mov bl, byte [edi + edx*4 + 0x2b]
+inc edx
+shr bl, 2
+and ebx, 7
+add eax, ebx
+jmp short loc_fffb033e ; jmp 0xfffb033e
+
+loc_fffb0357: ; not directly referenced
+xor edx, edx
+and esi, 0xfff1ffff
+div ecx
+mov ecx, esi
+mov edx, 0x3a28
+and eax, 7
+shl eax, 0x11
+or ecx, eax
+mov eax, dword [ebp - 0x80]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb0378: ; not directly referenced
+cmp byte [ebp - 0x88], 9
+je short loc_fffb0397 ; je 0xfffb0397
+
+loc_fffb0381: ; not directly referenced
+mov al, byte [ebp - 0x88]
+sub eax, 7
+cmp al, 1
+ja loc_fffb060b ; ja 0xfffb060b
+jmp near loc_fffb062a ; jmp 0xfffb062a
+
+loc_fffb0397: ; not directly referenced
+cmp dword [ebp - 0xb4], 0
+je loc_fffb0463 ; je 0xfffb0463
+mov edi, dword [ebp - 0x7c]
+mov al, 2
+mov ecx, edi
+mov ebx, edi
+cmp cl, 2
+cmovbe eax, ebx
+xor ebx, ebx
+imul edx, dword [ebp - 0x84], 0x13c3
+movzx eax, al
+add edx, dword [ebp - 0x80]
+mov dword [ebp - 0xc8], eax
+mov dword [ebp - 0x98], edx
+
+loc_fffb03d1: ; not directly referenced
+mov esi, dword [ebp - 0x98]
+mov eax, 1
+mov cl, bl
+mov dl, bl
+shl eax, cl
+test byte [esi + 0x381a], al
+je short loc_fffb0454 ; je 0xfffb0454
+test byte [ebp - 0x9f], al
+je short loc_fffb0454 ; je 0xfffb0454
+mov eax, edx
+mov edi, dword [ebp - 0xa8]
+shr dl, 1
+and eax, 1
+movzx edx, dl
+imul edx, edx, 0x128
+imul eax, eax, 0x18
+lea eax, [eax + edx + 0x1260]
+movzx edx, byte [ebp - 0xdc]
+lea edi, [edi + eax + 0xb]
+mov eax, dword [ebp - 0xc8]
+movzx esi, byte [ebp + eax - 0x6a]
+mov ax, word [edi + 6]
+push ecx
+mov ecx, ebx
+push 0
+and eax, 0xfffffff0
+or esi, eax
+movzx eax, si
+push eax
+mov eax, dword [ebp - 0x80]
+push 3
+call fcn_fffaa505 ; call 0xfffaa505
+add esp, 0x10
+cmp byte [ebp - 0x9d], 0
+je short loc_fffb0454 ; je 0xfffb0454
+mov word [edi + 6], si
+
+loc_fffb0454: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne loc_fffb03d1 ; jne 0xfffb03d1
+jmp near loc_fffb0381 ; jmp 0xfffb0381
+
+loc_fffb0463: ; not directly referenced
+cmp dword [ebp - 0xb0], 1
+mov dword [ebp - 0x98], 0
+sbb ebx, ebx
+xor eax, eax
+and ebx, 0xffffffe4
+sub ebx, 7
+cmp byte [ebp - 0x7c], 0
+setne al
+mov ax, word [ebp + eax*2 - 0x64]
+mov word [ebp - 0xc8], ax
+imul eax, dword [ebp - 0x84], 0x13c3
+add eax, dword [ebp - 0x80]
+mov dword [ebp - 0xd8], eax
+
+loc_fffb04a4: ; not directly referenced
+mov edi, dword [ebp - 0x98]
+mov eax, 1
+mov ecx, edi
+mov edx, edi
+shl eax, cl
+mov ecx, dword [ebp - 0xd8]
+test byte [ecx + 0x381a], al
+je short loc_fffb0523 ; je 0xfffb0523
+test byte [ebp - 0x9f], al
+je short loc_fffb0523 ; je 0xfffb0523
+mov ecx, edx
+mov esi, dword [ebp - 0xa8]
+shr dl, 1
+and ecx, 1
+movzx edx, dl
+imul ecx, ecx, 0x18
+imul edx, edx, 0x128
+lea edx, [ecx + edx + 0x1260]
+mov ecx, eax
+mov eax, dword [ebp - 0x80]
+lea edi, [esi + edx + 0xb]
+mov esi, ebx
+and si, word [edi + 2]
+or esi, dword [ebp - 0xc8]
+push edx
+push edx
+movzx edx, si
+push edx
+mov edx, dword [ebp - 0x84]
+push 1
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+cmp byte [ebp - 0x9d], 0
+je short loc_fffb0523 ; je 0xfffb0523
+mov word [edi + 2], si
+
+loc_fffb0523: ; not directly referenced
+inc dword [ebp - 0x98]
+cmp dword [ebp - 0x98], 4
+jne loc_fffb04a4 ; jne 0xfffb04a4
+jmp near loc_fffb0381 ; jmp 0xfffb0381
+
+loc_fffb053b: ; not directly referenced
+mov esi, dword [ebp - 0xb0]
+mov dword [ebp - 0xb4], 0
+cmp esi, 1
+sbb eax, eax
+mov dword [ebp - 0xd8], eax
+add eax, 3
+and word [ebp - 0xd8], 0x4bc
+sub word [ebp - 0xd8], 0x701
+cmp esi, 1
+mov esi, dword [ebp - 0x7c]
+sbb ebx, ebx
+mov dword [ebp - 0xc8], ebx
+mov dword [ebp - 0x98], ebx
+and byte [ebp - 0xc8], 0xfe
+and byte [ebp - 0x98], 0xfa
+mov edx, esi
+sar dx, 4
+mov ecx, esi
+add byte [ebp - 0xc8], 7
+add byte [ebp - 0x98], 8
+cmp byte [ebp - 0x88], 7
+cmovne edx, ecx
+cmp al, dl
+cmova eax, edx
+movzx eax, al
+mov dword [ebp - 0xdc], eax
+imul eax, dword [ebp - 0x84], 0x13c3
+add eax, dword [ebp - 0x80]
+mov dword [ebp - 0xe0], eax
+mov eax, esi
+and eax, 0xf
+mov byte [ebp - 0xe4], al
+
+loc_fffb05d9: ; not directly referenced
+mov edi, dword [ebp - 0xb4]
+mov ebx, 1
+mov esi, dword [ebp - 0xe0]
+mov ecx, edi
+mov eax, edi
+shl ebx, cl
+test byte [esi + 0x381a], bl
+jne loc_fffb06ea ; jne 0xfffb06ea
+
+loc_fffb05fc: ; not directly referenced
+inc dword [ebp - 0xb4]
+cmp dword [ebp - 0xb4], 4
+jne short loc_fffb05d9 ; jne 0xfffb05d9
+
+loc_fffb060b: ; not directly referenced
+mov al, byte [ebp - 0x88]
+sub eax, 0xa
+cmp al, 1
+setbe al
+or al, byte [ebp - 0x9e]
+jne loc_fffb07d8 ; jne 0xfffb07d8
+jmp near loc_fffb08df ; jmp 0xfffb08df
+
+loc_fffb062a: ; not directly referenced
+cmp dword [ebp - 0xb4], 0
+je loc_fffb053b ; je 0xfffb053b
+mov ebx, dword [ebp - 0x7c]
+mov al, 2
+cmp bl, 2
+cmovbe eax, ebx
+xor ebx, ebx
+imul esi, dword [ebp - 0x84], 0x13c3
+movzx eax, al
+add esi, dword [ebp - 0x80]
+mov dword [ebp - 0x84], eax
+mov dword [ebp - 0x7c], esi
+
+loc_fffb065d: ; not directly referenced
+mov edi, dword [ebp - 0x7c]
+mov eax, 1
+mov cl, bl
+mov dl, bl
+shl eax, cl
+test byte [edi + 0x381a], al
+je short loc_fffb06db ; je 0xfffb06db
+test byte [ebp - 0x9f], al
+je short loc_fffb06db ; je 0xfffb06db
+mov al, bl
+and edx, 1
+mov ecx, dword [ebp - 0xa8]
+shr al, 1
+mov esi, dword [ebp - 0x84]
+movzx eax, al
+imul edx, edx, 0x18
+imul eax, eax, 0x128
+movzx esi, byte [ebp + esi - 0x67]
+add eax, edx
+movzx edx, byte [ebp - 0xdc]
+lea edi, [ecx + eax + 0x1260]
+mov ax, word [edi + 0x19]
+push ecx
+mov ecx, ebx
+push 0
+and eax, 0xfffffffc
+or esi, eax
+movzx eax, si
+push eax
+mov eax, dword [ebp - 0x80]
+push 0xb
+call fcn_fffaa505 ; call 0xfffaa505
+add esp, 0x10
+cmp byte [ebp - 0x9d], 0
+je short loc_fffb06db ; je 0xfffb06db
+mov word [edi + 0x19], si
+
+loc_fffb06db: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne loc_fffb065d ; jne 0xfffb065d
+jmp near loc_fffb0b28 ; jmp 0xfffb0b28
+
+loc_fffb06ea: ; not directly referenced
+test byte [ebp - 0x9f], bl
+je loc_fffb05fc ; je 0xfffb05fc
+mov edx, eax
+mov edi, dword [ebp - 0xa8]
+mov ecx, ebx
+shr al, 1
+and edx, 1
+movzx eax, al
+imul edx, edx, 0x18
+imul eax, eax, 0x128
+lea eax, [edx + eax + 0x1260]
+lea edi, [edi + eax + 0xb]
+mov eax, dword [ebp - 0xdc]
+mov si, word [ebp + eax*2 - 0x58]
+mov ax, word [edi + 4]
+push edx
+push edx
+mov edx, dword [ebp - 0x84]
+shl esi, 9
+and ah, 0xf9
+or esi, eax
+movzx eax, si
+push eax
+mov eax, dword [ebp - 0x80]
+push 2
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+cmp byte [ebp - 0x9d], 0
+je short loc_fffb0759 ; je 0xfffb0759
+mov word [edi + 4], si
+
+loc_fffb0759: ; not directly referenced
+cmp byte [ebp - 0xa0], 8
+je loc_fffb05fc ; je 0xfffb05fc
+mov esi, dword [ebp - 0xc8]
+mov al, byte [ebp - 0xe4]
+mov ecx, esi
+cmp cl, al
+cmova esi, eax
+cmp dword [ebp - 0xb0], 0
+mov eax, esi
+movzx eax, al
+je short loc_fffb078e ; je 0xfffb078e
+movzx eax, word [ebp + eax*2 - 0x28]
+jmp short loc_fffb0793 ; jmp 0xfffb0793
+
+loc_fffb078e: ; not directly referenced
+movzx eax, word [ebp + eax*2 - 0x44]
+
+loc_fffb0793: ; not directly referenced
+mov cl, byte [ebp - 0x98]
+mov esi, dword [ebp - 0xd8]
+and si, word [edi + 2]
+mov edx, dword [ebp - 0x84]
+shl eax, cl
+mov ecx, ebx
+or esi, eax
+push eax
+push eax
+movzx eax, si
+push eax
+mov eax, dword [ebp - 0x80]
+push 1
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+cmp byte [ebp - 0x9d], 0
+je loc_fffb05fc ; je 0xfffb05fc
+mov word [edi + 2], si
+jmp near loc_fffb05fc ; jmp 0xfffb05fc
+
+loc_fffb07d8: ; not directly referenced
+mov ecx, dword [ebp - 0x88]
+cmp cl, 0xb
+sete al
+movzx edi, al
+setne al
+movzx eax, al
+lea edi, [edi*8 + 7]
+lea eax, [eax*8 - 0x10]
+cmp word [ebp - 0x7c], di
+jg short loc_fffb080a ; jg 0xfffb080a
+mov edi, dword [ebp - 0x7c]
+cmp ax, di
+cmovge edi, eax
+
+loc_fffb080a: ; not directly referenced
+mov eax, dword [ebp - 0x9c]
+cmp byte [ebp - 0x88], 0xa
+mov ebx, dword [eax + 0x4c]
+mov esi, dword [eax + 0x50]
+jne short loc_fffb0840 ; jne 0xfffb0840
+mov eax, edi
+and ebx, 0xfffe01ff
+and eax, 0xf
+and esi, 0xfffe01ff
+mov edx, eax
+shl edx, 9
+shl eax, 0xd
+or ebx, edx
+or ebx, eax
+or esi, edx
+jmp short loc_fffb0856 ; jmp 0xfffb0856
+
+loc_fffb0840: ; not directly referenced
+cmp byte [ebp - 0x88], 0xb
+jne short loc_fffb0858 ; jne 0xfffb0858
+mov eax, edi
+and ebx, 0xffffffe0
+and eax, 0x1f
+and esi, 0xffffffe0
+or ebx, eax
+
+loc_fffb0856: ; not directly referenced
+or esi, eax
+
+loc_fffb0858: ; not directly referenced
+cmp byte [ebp - 0xac], 0
+je short loc_fffb086d ; je 0xfffb086d
+mov eax, dword [ebp - 0x9c]
+mov dword [eax + 0x4c], ebx
+mov dword [eax + 0x50], esi
+
+loc_fffb086d: ; not directly referenced
+mov eax, dword [ebp - 0x84]
+mov ecx, ebx
+shl eax, 8
+lea edx, [eax + 0x1404]
+mov dword [ebp - 0x7c], eax
+mov eax, dword [ebp - 0x80]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x7c]
+mov ecx, ebx
+lea edx, [eax + 0x1a04]
+mov eax, dword [ebp - 0x80]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x7c]
+mov ecx, ebx
+mov ebx, dword [ebp - 0x80]
+lea edx, [eax + 0x1204]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x7c]
+mov ecx, esi
+lea edx, [eax + 0x3414]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0xa4]
+mov edx, 0x2008
+mov ecx, dword [eax + 0x18]
+mov eax, ebx
+or ecx, 0x20
+call fcn_fffae58c ; call 0xfffae58c
+mov word [ebp - 0x7c], di
+
+loc_fffb08df: ; not directly referenced
+cmp byte [ebp - 0x88], 0xf
+mov al, byte [ebp - 0x9e]
+sete dl
+or al, dl
+je loc_fffb09b9 ; je 0xfffb09b9
+mov ecx, dword [ebp - 0x7c]
+mov eax, 0xfffffff8
+mov ebx, 7
+cmp cx, 0xfff8
+cmovge eax, ecx
+cmp ax, 7
+cmovg eax, ebx
+mov word [ebp - 0x7c], ax
+mov eax, dword [ebp - 0xa4]
+mov ebx, dword [eax + 0xc]
+test dl, dl
+je short loc_fffb096d ; je 0xfffb096d
+cmp byte [ebp - 0xb8], 1
+jne short loc_fffb0955 ; jne 0xfffb0955
+mov eax, dword [ebp - 0x80]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffb0955 ; jne 0xfffb0955
+mov edx, 0x3a14
+call fcn_fffae52a ; call 0xfffae52a
+mov esi, dword [ebp - 0x7c]
+shr eax, 0x14
+and eax, 0xf
+cmp si, ax
+cmovge eax, esi
+mov word [ebp - 0x7c], ax
+
+loc_fffb0955: ; not directly referenced
+mov eax, dword [ebp - 0x7c]
+and ebx, 0xf00fffff
+and eax, 0xf
+mov edx, eax
+shl edx, 0x14
+shl eax, 0x18
+or ebx, edx
+or ebx, eax
+
+loc_fffb096d: ; not directly referenced
+cmp byte [ebp - 0xac], 0
+je short loc_fffb097f ; je 0xfffb097f
+mov eax, dword [ebp - 0xa4]
+mov dword [eax + 0xc], ebx
+
+loc_fffb097f: ; not directly referenced
+mov edi, dword [ebp - 0x80]
+mov ecx, ebx
+mov edx, 0x3a14
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x5f08
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5f08
+or ah, 1
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x78
+mov eax, edi
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffb09b9: ; not directly referenced
+cmp byte [ebp - 0x88], 0xc
+mov cl, byte [ebp - 0x9e]
+sete al
+or cl, al
+je loc_fffb0b28 ; je 0xfffb0b28
+test al, al
+je short loc_fffb09dd ; je 0xfffb09dd
+mov bl, byte [ebp - 0x7c]
+and ebx, 3
+jmp short loc_fffb09e9 ; jmp 0xfffb09e9
+
+loc_fffb09dd: ; not directly referenced
+mov eax, dword [ebp - 0x9c]
+mov bl, byte [eax + 0xb4]
+
+loc_fffb09e9: ; not directly referenced
+cmp byte [ebp - 0xac], 0
+je short loc_fffb09fe ; je 0xfffb09fe
+mov eax, dword [ebp - 0x9c]
+mov byte [eax + 0xb4], bl
+
+loc_fffb09fe: ; not directly referenced
+mov esi, dword [ebp - 0x84]
+and ebx, 3
+mov eax, dword [ebp - 0x80]
+shl ebx, 0xd
+shl esi, 8
+lea edi, [esi + 0x140c]
+mov edx, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, edi
+lea edi, [esi + 0x1a0c]
+add esi, 0x121c
+and ah, 0x9f
+or eax, ebx
+mov ecx, eax
+mov eax, dword [ebp - 0x80]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x80]
+mov edx, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, edi
+mov edi, dword [ebp - 0x80]
+and ah, 0x9f
+or eax, ebx
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, esi
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, esi
+and ah, 0x9f
+or eax, ebx
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0xa4]
+mov edx, 0x2008
+mov ecx, dword [eax + 0x18]
+mov eax, edi
+or ecx, 0x20
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffb0b28 ; jmp 0xfffb0b28
+
+loc_fffb0a8d: ; not directly referenced
+cmp byte [ebp - 0x88], 1
+jne short loc_fffb0aad ; jne 0xfffb0aad
+mov eax, esi
+and ebx, 0xffc00fff
+and eax, 0x1f
+mov edx, eax
+shl edx, 0xc
+shl eax, 0x11
+or ebx, edx
+jmp short loc_fffb0ad9 ; jmp 0xfffb0ad9
+
+loc_fffb0aad: ; not directly referenced
+test al, al
+je short loc_fffb0ac1 ; je 0xfffb0ac1
+mov eax, esi
+and ebx, 0xf83fffff
+and eax, 0x1f
+shl eax, 0x16
+jmp short loc_fffb0ad9 ; jmp 0xfffb0ad9
+
+loc_fffb0ac1: ; not directly referenced
+cmp byte [ebp - 0x88], 2
+jne loc_fffaff90 ; jne 0xfffaff90
+mov eax, esi
+and ebx, 0x7ffffff
+shl eax, 0x1b
+
+loc_fffb0ad9: ; not directly referenced
+or ebx, eax
+jmp near loc_fffaff90 ; jmp 0xfffaff90
+
+loc_fffb0ae0: ; not directly referenced
+cmp byte [ebp - 0xd8], 8
+jbe short loc_fffb0afd ; jbe 0xfffb0afd
+mov edx, dword [ebp - 0x84]
+shl edx, 8
+add edx, 0x305c
+jmp near loc_fffaffa2 ; jmp 0xfffaffa2
+
+loc_fffb0afd: ; not directly referenced
+mov eax, dword [ebp - 0x84]
+shl ecx, 9
+shl eax, 8
+lea edx, [eax + ecx + 0x5c]
+jmp near loc_fffaffa2 ; jmp 0xfffaffa2
+
+loc_fffb0b12: ; not directly referenced
+mov word [ebp - 0x7c], 0x3f
+jmp near loc_fffb0264 ; jmp 0xfffb0264
+
+loc_fffb0b1d: ; not directly referenced
+mov word [ebp - 0x7c], 7
+jmp near loc_fffb0264 ; jmp 0xfffb0264
+
+loc_fffb0b28: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb0b30: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+lea esi, [eax + 0x3756]
+mov dword [ebp - 0x2c], eax
+mov eax, dword [eax + 0x5edc]
+mov byte [ebp - 0x1f], dl
+mov dword [ebp - 0x28], esi
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x1c], eax
+add eax, 0x1c
+mov dword [ebp - 0x30], eax
+movzx eax, dl
+mov dword [ebp - 0x34], eax
+
+loc_fffb0b64: ; not directly referenced
+mov eax, dword [ebp - 0x28]
+cmp dword [eax], 2
+je short loc_fffb0b8b ; je 0xfffb0b8b
+
+loc_fffb0b6c: ; not directly referenced
+inc dword [ebp - 0x24]
+add dword [ebp - 0x28], 0x13c3
+add dword [ebp - 0x30], 0xcc
+cmp dword [ebp - 0x24], 2
+jne short loc_fffb0b64 ; jne 0xfffb0b64
+add esp, 0x2c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffb0b8b: ; not directly referenced
+mov byte [ebp - 0x1c], 0
+
+loc_fffb0b8f: ; not directly referenced
+mov esi, dword [ebp - 0x2c]
+mov cl, byte [ebp - 0x1c]
+cmp cl, byte [esi + 0x2488]
+jae short loc_fffb0b6c ; jae 0xfffb0b6c
+mov esi, dword [ebp - 0x28]
+movzx edx, cl
+mov ebx, 0x200
+xor ecx, ecx
+mov word [ebp - 0x1e], 0
+mov al, byte [esi + 0xc4]
+lea esi, [esi + edx*2]
+
+loc_fffb0bb9: ; not directly referenced
+mov edi, 1
+shl edi, cl
+mov edx, edi
+test al, dl
+je short loc_fffb0be5 ; je 0xfffb0be5
+imul edi, ecx, 0x12
+mov dx, word [ebp - 0x1e]
+movzx edi, word [esi + edi + 0x1b1]
+cmp dx, di
+cmovb edx, edi
+cmp bx, di
+mov word [ebp - 0x1e], dx
+cmova ebx, edi
+
+loc_fffb0be5: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffb0bb9 ; jne 0xfffb0bb9
+mov eax, dword [ebp - 0x2c]
+mov dx, word [ebp - 0x1e]
+movzx ecx, word [eax + 0x2489]
+mov eax, 0x13880
+shr dx, 6
+lea edi, [edx + 1]
+xor edx, edx
+movzx edi, di
+div ecx
+mov edx, 0x80
+mov ecx, dword [ebp - 0x34]
+cmp eax, 0x7f
+cmova edx, eax
+mov al, 6
+sub ebx, edx
+mov dl, 0xfc
+shr ebx, 6
+sub bl, byte [ebp - 0x1f]
+cmp bl, 6
+cmovle eax, ebx
+mov ebx, 7
+cmp al, 0xfc
+cmovge edx, eax
+movsx eax, dl
+sub edi, eax
+lea eax, [edi + ecx - 1]
+movzx ecx, byte [ebp - 0x1c]
+mov edi, dword [ebp - 0x30]
+cmp eax, 7
+cmovle ebx, eax
+and edx, 0xf
+mov esi, edx
+shl edx, 5
+lea edi, [edi + ecx*4]
+mov byte [ebp - 0x1e], dl
+mov dl, byte [edi + 5]
+and edx, 0x1f
+or dl, byte [ebp - 0x1e]
+mov byte [edi + 5], dl
+mov edx, esi
+shr dl, 3
+mov byte [ebp - 0x1e], dl
+xor edx, edx
+test ebx, ebx
+cmovns edx, ebx
+mov bl, dl
+and ebx, 7
+lea edx, [ebx + ebx]
+or dl, byte [ebp - 0x1e]
+shl esi, 4
+or edx, esi
+mov esi, dword [ebp - 0x2c]
+mov byte [edi + 6], dl
+mov dl, byte [edi + 7]
+mov eax, esi
+and edx, 0xfffffff8
+or edx, ebx
+mov byte [edi + 7], dl
+mov edx, dword [ebp - 0x24]
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, dword [edi + 4]
+mov edx, eax
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x1c]
+jmp near loc_fffb0b8f ; jmp 0xfffb0b8f
+
+fcn_fffb0cb4: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+movzx ebx, dl
+sub esp, 0x2c
+mov eax, dword [ebp + 0x10]
+imul edx, ebx, 0x13c3
+cmp dword [ebp + 8], 0
+mov byte [ebp - 0x20], cl
+mov dword [ebp - 0x2c], eax
+mov cl, al
+lea eax, [esi + edx + 0x3756]
+mov dword [ebp - 0x1c], eax
+je short loc_fffb0cec ; je 0xfffb0cec
+mov al, byte [eax + 0xc4]
+mov byte [ebp - 0x20], al
+
+loc_fffb0cec: ; not directly referenced
+cmp dword [esi + 0x2480], 3
+sete byte [ebp - 0x24]
+xor edi, edi
+imul edx, ebx, 0x13c3
+lea eax, [esi + edx]
+mov dword [ebp - 0x30], eax
+movzx eax, cl
+mov dword [ebp - 0x28], eax
+
+loc_fffb0d0b: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+mov edx, 1
+mov ecx, edi
+shl edx, cl
+test byte [eax + 0x381a], dl
+je short loc_fffb0d7a ; je 0xfffb0d7a
+mov al, byte [ebp - 0x24]
+cmp dword [ebp + 8], 0
+setne cl
+xor eax, 1
+test cl, al
+je short loc_fffb0d4d ; je 0xfffb0d4d
+push eax
+push dword [ebp - 0x28]
+push dword [ebp + 0xc]
+mov dword [ebp - 0x34], edx
+push edx
+push edx
+push 0
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+mov edx, dword [ebp - 0x34]
+jmp short loc_fffb0d58 ; jmp 0xfffb0d58
+
+loc_fffb0d4d: ; not directly referenced
+cmp dword [ebp + 8], 0
+jne short loc_fffb0d58 ; jne 0xfffb0d58
+test byte [ebp - 0x20], dl
+je short loc_fffb0d7a ; je 0xfffb0d7a
+
+loc_fffb0d58: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+push ecx
+push dword [ebp - 0x28]
+movzx ecx, byte [eax + edi + 0x245]
+add ecx, dword [ebp + 0xc]
+push ecx
+push 1
+push edx
+push 4
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffb0d7a: ; not directly referenced
+inc edi
+cmp edi, 4
+jne short loc_fffb0d0b ; jne 0xfffb0d0b
+movzx edi, byte [ebp - 0x2c]
+mov ecx, dword [ebp - 0x1c]
+push edx
+mov edx, dword [ebp + 0xc]
+movzx eax, byte [ebp - 0x20]
+push edi
+add edx, dword [ecx + 0x111]
+mov dword [ebp - 0x20], eax
+push edx
+push 1
+push eax
+push 2
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+cmp byte [ebp - 0x24], 0
+je loc_fffb0e62 ; je 0xfffb0e62
+imul edx, ebx, 0x54a
+xor eax, eax
+lea ecx, [edx + 0xf0]
+mov dword [ebp - 0x24], ecx
+
+loc_fffb0dc4: ; not directly referenced
+cmp al, 1
+setbe cl
+cmp dword [ebp + 8], 0
+setne dl
+test cl, dl
+je short loc_fffb0e11 ; je 0xfffb0e11
+mov ecx, dword [ebp - 0x24]
+movzx edx, al
+lea edx, [esi + edx + 0x186e]
+cmp byte [edx + ecx + 0x54b], 0
+je short loc_fffb0e0e ; je 0xfffb0e0e
+push ecx
+mov edx, 1
+push edi
+mov cl, al
+push dword [ebp + 0xc]
+shl edx, cl
+mov dword [ebp - 0x28], eax
+push edx
+push 0
+push 0
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp - 0x28]
+add esp, 0x20
+
+loc_fffb0e0e: ; not directly referenced
+inc eax
+jmp short loc_fffb0dc4 ; jmp 0xfffb0dc4
+
+loc_fffb0e11: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+push edx
+mov edx, dword [ebp + 0xc]
+push edi
+add edx, dword [eax + 0x109]
+push edx
+push 1
+push dword [ebp - 0x20]
+push 3
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp - 0x1c]
+add esp, 0x1c
+mov edx, dword [ebp + 0xc]
+push edi
+add edx, dword [eax + 0x115]
+push edx
+push 2
+push dword [ebp - 0x20]
+push 2
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp - 0x1c]
+add esp, 0x1c
+mov edx, dword [ebp + 0xc]
+push edi
+add edx, dword [eax + 0x11d]
+push edx
+push 2
+jmp short loc_fffb0e73 ; jmp 0xfffb0e73
+
+loc_fffb0e62: ; not directly referenced
+push eax
+mov eax, dword [ebp - 0x1c]
+mov edx, dword [ebp + 0xc]
+push edi
+add edx, dword [eax + 0x119]
+push edx
+push 1
+
+loc_fffb0e73: ; not directly referenced
+push dword [ebp - 0x20]
+push 1
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb0e8a: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+mov ebx, eax
+sub esp, 0x2c
+mov edi, dword [eax + 0x2443]
+call dword [edi + 0x54] ; ucall
+add eax, 0x2710
+mov dword [ebp - 0x2c], eax
+
+loc_fffb0ea8: ; not directly referenced
+imul eax, esi, 0x13c3
+mov dword [ebp + esi*4 - 0x28], 0
+cmp dword [ebx + eax + 0x3756], 2
+jne short loc_fffb0f12 ; jne 0xfffb0f12
+cmp dword [ebx + 0x188b], 0
+je short loc_fffb0f12 ; je 0xfffb0f12
+xor ecx, ecx
+mov edx, esi
+mov eax, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov edx, eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov dword [ebp + esi*4 - 0x20], eax
+test eax, 0x1000000
+je short loc_fffb0f12 ; je 0xfffb0f12
+and eax, 0xfeffffff
+mov ecx, 0xff
+mov dword [ebp - 0x30], eax
+mov edx, esi
+mov eax, ebx
+mov dword [ebp + esi*4 - 0x28], 1
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebp - 0x30]
+mov edx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb0f12: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffb0ea8 ; jne 0xfffb0ea8
+mov edx, 0x5030
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5030
+or eax, 0x800000
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb0f37: ; not directly referenced
+mov edx, 0x5030
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+shr eax, 0x10
+test al, al
+jns short loc_fffb0f59 ; jns 0xfffb0f59
+call dword [edi + 0x54] ; ucall
+cmp dword [ebp - 0x2c], eax
+ja short loc_fffb0f37 ; ja 0xfffb0f37
+mov edi, 1
+jmp short loc_fffb0f5b ; jmp 0xfffb0f5b
+
+loc_fffb0f59: ; not directly referenced
+xor edi, edi
+
+loc_fffb0f5b: ; not directly referenced
+xor esi, esi
+
+loc_fffb0f5d: ; not directly referenced
+cmp dword [ebp + esi*4 - 0x28], 0
+je short loc_fffb0f7f ; je 0xfffb0f7f
+mov ecx, 0xff
+mov edx, esi
+mov eax, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebp + esi*4 - 0x20]
+mov edx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb0f7f: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffb0f5d ; jne 0xfffb0f5d
+mov eax, edi
+add esp, 0x2c
+neg eax
+pop ebx
+and eax, 0x12
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb0f94: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+add esp, 0xffffff80
+mov al, byte [ebp + 0xc]
+mov ebx, dword [edi + 0x2443]
+push 1
+mov esi, dword [edi + 0x5edc]
+push 8
+mov byte [ebp - 0x6a], al
+mov eax, dword [edi + 0x188b]
+mov dword [ebp - 0x64], edx
+mov dword [ebp - 0x54], ecx
+mov byte [ebp - 0x50], dl
+mov dword [ebp - 0x78], eax
+lea eax, [ebp - 0x38]
+push eax
+mov byte [ebp - 0x4e], cl
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 8
+lea eax, [ebp - 0x30]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 9
+push 8
+lea eax, [ebp - 0x28]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x20]
+push eax
+call dword [ebx + 0x64] ; ucall
+add esp, 0x10
+cmp byte [ebp - 0x54], 1
+jne short loc_fffb1029 ; jne 0xfffb1029
+mov byte [ebp - 0x35], 0xa
+mov byte [ebp - 0x36], 0x13
+mov byte [ebp - 0x37], 0x19
+mov byte [ebp - 0x38], 0x19
+mov byte [ebp - 0x2d], 0xa
+mov byte [ebp - 0x2e], 0xa
+mov byte [ebp - 0x25], 0x3f
+mov byte [ebp - 0x26], 0x3f
+jmp near loc_fffb10b1 ; jmp 0xfffb10b1
+
+loc_fffb1029: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+cmp al, 2
+je short loc_fffb10ab ; je 0xfffb10ab
+cmp al, 5
+jne short loc_fffb103a ; jne 0xfffb103a
+
+loc_fffb1034: ; not directly referenced
+mov byte [ebp - 0x4d], 8
+jmp short loc_fffb10b5 ; jmp 0xfffb10b5
+
+loc_fffb103a: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+cmp al, 6
+je short loc_fffb10b1 ; je 0xfffb10b1
+cmp al, 9
+jne short loc_fffb106c ; jne 0xfffb106c
+mov ebx, dword [ebp - 0x64]
+movzx eax, bl
+and bl, 1
+je short loc_fffb1059 ; je 0xfffb1059
+mov edx, dword [esi + 0xbc]
+mov dword [ebp - 0x20], edx
+
+loc_fffb1059: ; not directly referenced
+mov byte [ebp - 0x4d], 2
+test al, 2
+je short loc_fffb10b5 ; je 0xfffb10b5
+mov eax, dword [esi + 0x188]
+mov dword [ebp - 0x1c], eax
+jmp short loc_fffb10b5 ; jmp 0xfffb10b5
+
+loc_fffb106c: ; not directly referenced
+cmp byte [ebp - 0x54], 0xa
+mov byte [ebp - 0x4d], 1
+jne short loc_fffb10b5 ; jne 0xfffb10b5
+mov eax, dword [ebp - 0x64]
+movzx edx, al
+test al, 1
+je short loc_fffb1092 ; je 0xfffb1092
+mov eax, dword [esi + 0xbc]
+mov dword [ebp - 0x20], eax
+shr eax, 0xf
+and eax, 0xf
+mov byte [ebp - 0x3a], al
+
+loc_fffb1092: ; not directly referenced
+and dl, 2
+je short loc_fffb1034 ; je 0xfffb1034
+mov eax, dword [esi + 0x188]
+mov dword [ebp - 0x1c], eax
+shr eax, 0xf
+and eax, 0xf
+mov byte [ebp - 0x39], al
+jmp short loc_fffb1034 ; jmp 0xfffb1034
+
+loc_fffb10ab: ; not directly referenced
+mov byte [ebp - 0x4d], 7
+jmp short loc_fffb10b5 ; jmp 0xfffb10b5
+
+loc_fffb10b1: ; not directly referenced
+mov byte [ebp - 0x4d], 4
+
+loc_fffb10b5: ; not directly referenced
+movzx eax, byte [ebp - 0x50]
+mov dword [ebp - 0x4c], 0
+mov byte [ebp - 0x69], 0
+mov dword [ebp - 0x68], eax
+movzx eax, byte [ebp - 0x4d]
+mov dword [ebp - 0x80], eax
+
+loc_fffb10ce: ; not directly referenced
+mov ebx, dword [ebp - 0x4c]
+mov byte [ebp - 0x4f], bl
+mov bl, byte [ebp + ebx - 0x38]
+movzx eax, bl
+dec eax
+call fcn_fffaec34 ; call 0xfffaec34
+cmp bl, 0x1f
+jbe short loc_fffb112f ; jbe 0xfffb112f
+mov ebx, dword [ebp - 0x4c]
+mov byte [ebp + ebx - 0x38], al
+
+loc_fffb10ed: ; not directly referenced
+mov cl, byte [ebp - 0x4f]
+mov dword [ebp - 0x58], 0x4004
+mov dword [ebp - 0x60], 0x4917
+mov al, cl
+shl eax, 4
+add eax, ecx
+cmp cl, 4
+movzx eax, al
+mov dword [ebp - 0x7c], eax
+sbb eax, eax
+xor ebx, ebx
+and eax, 0x1f
+mov dword [ebp - 0x70], eax
+mov al, cl
+and eax, 3
+mov byte [ebp - 0x6b], al
+add eax, 4
+or dword [ebp - 0x70], 0x80
+mov byte [ebp - 0x6c], al
+jmp short loc_fffb113b ; jmp 0xfffb113b
+
+loc_fffb112f: ; not directly referenced
+mov eax, dword [ebp - 0x4c]
+add ebx, 0x20
+mov byte [ebp + eax - 0x38], bl
+jmp short loc_fffb10ed ; jmp 0xfffb10ed
+
+loc_fffb113b: ; not directly referenced
+mov eax, dword [ebp - 0x68]
+bt eax, ebx
+jae loc_fffb12f7 ; jae 0xfffb12f7
+mov eax, dword [ebp - 0x58]
+lea edx, [eax + 0x94]
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+shr eax, 0xc
+and eax, 1
+cmp byte [ebp - 0x4e], 1
+mov byte [ebp - 0x69], al
+jne short loc_fffb11d6 ; jne 0xfffb11d6
+mov edx, dword [ebp - 0x4c]
+mov dword [ebp - 0x5c], ebx
+movzx ecx, byte [ebp + edx - 0x30]
+movzx eax, byte [ebp + edx - 0x28]
+mov dl, byte [ebp + edx - 0x38]
+and ecx, 0x3f
+and eax, 0x3f
+shl eax, 0x10
+mov ebx, edx
+shl ecx, 8
+and ebx, 0x1f
+or ecx, eax
+mov eax, dword [ebp - 0x58]
+shr dl, 5
+or ecx, ebx
+and edx, 1
+shl edx, 5
+or ecx, edx
+lea edx, [eax + 0x1fc]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, dword [ebp - 0x4c]
+mov eax, 1
+mov ecx, dword [ebp + 8]
+mov ebx, dword [ebp - 0x5c]
+movzx ecx, byte [ecx + edx]
+lea edx, [ebx*4 + 0x4980]
+shl eax, cl
+cmp dword [ebp - 0x78], 1
+lea ecx, [edx + 0x20]
+cmove edx, ecx
+mov ecx, eax
+jmp near loc_fffb1273 ; jmp 0xfffb1273
+
+loc_fffb11d6: ; not directly referenced
+cmp byte [ebp - 0x4e], 2
+jne short loc_fffb11f6 ; jne 0xfffb11f6
+sub esp, 0xc
+mov ecx, dword [ebp - 0x80]
+mov edx, ebx
+push dword [ebp - 0x4c]
+mov eax, edi
+call fcn_fffaa3c8 ; call 0xfffaa3c8
+add esp, 0x10
+jmp near loc_fffb12f7 ; jmp 0xfffb12f7
+
+loc_fffb11f6: ; not directly referenced
+mov al, byte [ebp - 0x4e]
+sub eax, 5
+cmp al, 1
+ja short loc_fffb127c ; ja 0xfffb127c
+mov eax, dword [ebp - 0x60]
+mov ecx, dword [ebp - 0x7c]
+lea edx, [eax - 0x6c]
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+cmp byte [ebp - 0x4e], 5
+jne short loc_fffb122f ; jne 0xfffb122f
+mov cl, byte [ebp - 0x4f]
+cmp cl, 7
+setne al
+test cl, cl
+setne cl
+movzx ecx, cl
+mov dword [ebp - 0x5c], ecx
+and dword [ebp - 0x5c], eax
+jmp short loc_fffb123b ; jmp 0xfffb123b
+
+loc_fffb122f: ; not directly referenced
+xor eax, eax
+test byte [ebp - 0x4f], 0xfd
+setne al
+mov dword [ebp - 0x5c], eax
+
+loc_fffb123b: ; not directly referenced
+mov edx, dword [ebp - 0x60]
+mov eax, edx
+sub eax, 7
+mov dword [ebp - 0x74], eax
+mov al, byte [ebp - 0x5c]
+lea ecx, [eax - 0x80]
+mov eax, edi
+movzx ecx, cl
+call fcn_fffae566 ; call 0xfffae566
+mov edx, dword [ebp - 0x74]
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x5c]
+mov edx, dword [ebp - 0x74]
+sub ecx, 0xffffff80
+shl ecx, 0xc
+and eax, 0xfff00fff
+or ecx, eax
+
+loc_fffb1273: ; not directly referenced
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffb12f7 ; jmp 0xfffb12f7
+
+loc_fffb127c: ; not directly referenced
+cmp byte [ebp - 0x4e], 9
+jne short loc_fffb12a7 ; jne 0xfffb12a7
+cmp byte [ebp - 0x4f], 1
+mov al, byte [ebp + ebx*4 - 0x1f]
+sbb edx, edx
+add edx, 5
+and edx, 7
+and eax, 0xffffff8f
+shl edx, 4
+or eax, edx
+mov edx, dword [ebp - 0x58]
+mov byte [ebp + ebx*4 - 0x1f], al
+mov ecx, dword [ebp + ebx*4 - 0x20]
+jmp short loc_fffb1273 ; jmp 0xfffb1273
+
+loc_fffb12a7: ; not directly referenced
+cmp byte [ebp - 0x4e], 0xa
+jne short loc_fffb12f7 ; jne 0xfffb12f7
+mov dl, byte [ebp - 0x6c]
+mov al, byte [ebp + ebx*4 - 0x1f]
+and edx, 7
+shl edx, 4
+and eax, 0xffffff8f
+or eax, edx
+mov byte [ebp + ebx*4 - 0x1f], al
+mov al, byte [ebp - 0x6b]
+add al, byte [ebp + ebx - 0x3a]
+mov ecx, dword [ebp + ebx*4 - 0x20]
+and eax, 0xf
+shl eax, 0xf
+and ecx, 0xfff87fff
+or ecx, eax
+mov eax, edi
+mov dword [ebp + ebx*4 - 0x20], ecx
+mov edx, dword [ebp - 0x58]
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0x70]
+mov eax, edi
+mov edx, dword [ebp - 0x60]
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffb12f7: ; not directly referenced
+inc ebx
+add dword [ebp - 0x60], 8
+add dword [ebp - 0x58], 0x400
+cmp ebx, 2
+jne loc_fffb113b ; jne 0xfffb113b
+mov eax, edi
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov ecx, 1
+cmp byte [ebp - 0x4f], 0
+sete dl
+cmp byte [ebp - 0x6a], 0
+setne al
+test dl, al
+mov eax, 5
+cmovne ecx, eax
+mov edx, 0x4800
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb133c: ; not directly referenced
+mov edx, 0x4804
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov cl, byte [ebp - 0x50]
+mov edx, eax
+mov ebx, eax
+shr edx, 0x10
+shr eax, 0x10
+and edx, 2
+and eax, 1
+or eax, edx
+and eax, ecx
+cmp al, cl
+jne short loc_fffb133c ; jne 0xfffb133c
+mov edx, ebx
+mov al, bl
+and edx, 2
+and eax, 1
+or eax, edx
+test cl, al
+je short loc_fffb1379 ; je 0xfffb1379
+cmp byte [ebp - 0x69], 0
+jne short loc_fffb13c2 ; jne 0xfffb13c2
+
+loc_fffb1379: ; not directly referenced
+inc dword [ebp - 0x4c]
+mov al, byte [ebp - 0x4c]
+cmp byte [ebp - 0x4d], al
+ja loc_fffb10ce ; ja 0xfffb10ce
+mov al, byte [ebp - 0x54]
+sub eax, 9
+cmp al, 1
+ja short loc_fffb13c2 ; ja 0xfffb13c2
+test byte [ebp - 0x68], 1
+je short loc_fffb13aa ; je 0xfffb13aa
+mov ecx, dword [esi + 0xbc]
+mov edx, 0x4004
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb13aa: ; not directly referenced
+test byte [ebp - 0x68], 2
+je short loc_fffb13c2 ; je 0xfffb13c2
+mov ecx, dword [esi + 0x188]
+mov edx, 0x4404
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb13c2: ; not directly referenced
+mov al, byte [ebp - 0x64]
+lea esp, [ebp - 0xc]
+and eax, ebx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb13cf: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0xc
+mov eax, dword [eax + 0x5edc]
+mov esi, dword [ebx + 0x1887]
+mov dword [ebp - 0x14], edx
+mov dword [ebp - 0x10], ecx
+mov edx, dword [eax + 4]
+xor eax, eax
+
+loc_fffb13f3: ; not directly referenced
+lea ecx, [edx + eax]
+mov dword [ebp - 0x18], ecx
+mov ecx, edi
+cmp cl, byte [edx + eax]
+jne short loc_fffb140d ; jne 0xfffb140d
+mov eax, dword [ebp - 0x10]
+mov edi, dword [ebp - 0x18]
+mov ax, word [edi + eax*2 + 1]
+jmp short loc_fffb1417 ; jmp 0xfffb1417
+
+loc_fffb140d: ; not directly referenced
+add eax, 7
+cmp eax, 0x4d
+jne short loc_fffb13f3 ; jne 0xfffb13f3
+xor al, al
+
+loc_fffb1417: ; not directly referenced
+cmp esi, 0x306d0
+sete cl
+cmp esi, 0x40650
+sete dl
+or cl, dl
+je short loc_fffb1472 ; je 0xfffb1472
+cmp dword [ebx + 0x2480], 1
+jne short loc_fffb1472 ; jne 0xfffb1472
+cmp byte [ebp - 0x14], 5
+sete cl
+cmp byte [ebp - 0x10], 2
+setne dl
+test cl, dl
+je short loc_fffb1472 ; je 0xfffb1472
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffb145a ; jne 0xfffb145a
+cmp byte [ebx + 0x49be], 5
+je short loc_fffb146c ; je 0xfffb146c
+
+loc_fffb145a: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffb14ab ; jne 0xfffb14ab
+cmp byte [ebx + 0x5d81], 5
+jne short loc_fffb14ab ; jne 0xfffb14ab
+
+loc_fffb146c: ; not directly referenced
+add ax, 0xc8
+jmp short loc_fffb14ab ; jmp 0xfffb14ab
+
+loc_fffb1472: ; not directly referenced
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffb14ab ; jne 0xfffb14ab
+cmp dword [ebx + 0x2480], 1
+jne short loc_fffb14ab ; jne 0xfffb14ab
+mov edi, dword [ebp - 0x10]
+cmp byte [ebp - 0x14], 0xc
+mov ebx, edi
+sete cl
+cmp bl, 2
+setne dl
+test cl, dl
+je short loc_fffb14ab ; je 0xfffb14ab
+dec bl
+mov edx, 0x78
+mov ecx, 0x50
+cmovne edx, ecx
+add eax, edx
+
+loc_fffb14ab: ; not directly referenced
+add esp, 0xc
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb14b3: ; not directly referenced
+push ebp
+movzx edx, dl
+mov ebp, esp
+push ebx
+push ebx
+cmp dword [eax + 0x2480], 2
+push 0
+push dword [ebp + 8]
+sete bl
+shl ebx, 3
+movzx ebx, bl
+push ecx
+mov ecx, 0xf
+push ebx
+call fcn_fffafb06 ; call 0xfffafb06
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffb14e1: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x3c
+test dl, dl
+setne bl
+xor eax, eax
+imul edi, dword [esi + 0x18a7], 0x2e
+and ebx, 1
+lea edx, [esi + 0x374e]
+shl ebx, 8
+mov byte [ebp - 0x2d], 0
+mov dword [ebp - 0x3c], edx
+mov dword [ebp - 0x40], edi
+
+loc_fffb1510: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x2d], 1
+setbe dl
+test cl, dl
+je loc_fffb16e7 ; je 0xfffb16e7
+movzx eax, byte [ebp - 0x2d]
+mov dword [ebp - 0x34], eax
+imul eax, eax, 0x13c3
+cmp dword [esi + eax + 0x3756], 2
+jne loc_fffb16d1 ; jne 0xfffb16d1
+mov edx, dword [ebp - 0x3c]
+lea eax, [edx + eax + 8]
+mov dword [ebp - 0x2c], eax
+add eax, dword [ebp - 0x40]
+mov cx, word [eax + 0x2a]
+add eax, 0x20
+movzx edi, word [eax - 0x16]
+mov ax, word [eax + 8]
+cmp cx, 0xc
+setne dl
+cmp cx, 0xa
+mov word [ebp - 0x38], ax
+setne al
+test dl, al
+je short loc_fffb159f ; je 0xfffb159f
+cmp cx, 0x10
+setne dl
+cmp cx, 0xe
+setne al
+test dl, al
+je short loc_fffb159f ; je 0xfffb159f
+cmp cx, 0x14
+setne dl
+cmp cx, 0x12
+setne al
+test dl, al
+je short loc_fffb159f ; je 0xfffb159f
+cmp cx, 0x18
+jne loc_fffb16db ; jne 0xfffb16db
+
+loc_fffb159f: ; not directly referenced
+movzx eax, word [ebp - 0x38]
+add eax, eax
+mov edx, eax
+mov dword [ebp - 0x38], eax
+movzx eax, cx
+cmp edx, eax
+jne loc_fffb16e2 ; jne 0xfffb16e2
+cmp di, 0x10
+ja short loc_fffb15c4 ; ja 0xfffb15c4
+xor eax, eax
+test di, 1
+jne short loc_fffb15d3 ; jne 0xfffb15d3
+
+loc_fffb15c4: ; not directly referenced
+mov eax, edi
+and eax, 0xfffffffb
+cmp ax, 0x12
+setne al
+movzx eax, al
+
+loc_fffb15d3: ; not directly referenced
+shl eax, 2
+and ebx, 0xfffffffb
+or ebx, eax
+cmp di, 0x10
+ja short loc_fffb15f9 ; ja 0xfffb15f9
+lea eax, [edi - 9]
+mov edi, 2
+cdq
+and ebx, 0xffffff8f
+idiv edi
+and eax, 7
+shl eax, 4
+or ebx, eax
+jmp short loc_fffb160a ; jmp 0xfffb160a
+
+loc_fffb15f9: ; not directly referenced
+sub edi, 2
+and ebx, 0xffffff8f
+sar edi, 2
+and edi, 7
+shl edi, 4
+or ebx, edi
+
+loc_fffb160a: ; not directly referenced
+cmp cx, 0x14
+ja loc_fffb16bf ; ja 0xfffb16bf
+mov eax, dword [ebp - 0x38]
+mov ecx, 2
+and bh, 0xf1
+sub eax, 0xa
+cdq
+idiv ecx
+and eax, 7
+shl eax, 9
+or ebx, eax
+
+loc_fffb162d: ; not directly referenced
+imul eax, dword [ebp - 0x34], 0x13c3
+test byte [esi + eax + 0x381a], 1
+je short loc_fffb166a ; je 0xfffb166a
+cmp byte [esi + 0x247b], 0
+jne short loc_fffb165e ; jne 0xfffb165e
+mov eax, dword [ebp - 0x2c]
+mov word [eax + 0x126b], bx
+mov word [eax + 0x1283], bx
+
+loc_fffb1658: ; not directly referenced
+mov word [ebp - 0x1c], bx
+jmp short loc_fffb166a ; jmp 0xfffb166a
+
+loc_fffb165e: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov bx, word [eax + 0x126b]
+jmp short loc_fffb1658 ; jmp 0xfffb1658
+
+loc_fffb166a: ; not directly referenced
+imul eax, dword [ebp - 0x34], 0x13c3
+test byte [esi + eax + 0x381a], 4
+je short loc_fffb16a7 ; je 0xfffb16a7
+cmp byte [esi + 0x247b], 0
+jne short loc_fffb169b ; jne 0xfffb169b
+mov eax, dword [ebp - 0x2c]
+mov word [eax + 0x1393], bx
+mov word [eax + 0x13ab], bx
+
+loc_fffb1695: ; not directly referenced
+mov word [ebp - 0x1a], bx
+jmp short loc_fffb16a7 ; jmp 0xfffb16a7
+
+loc_fffb169b: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov bx, word [eax + 0x1393]
+jmp short loc_fffb1695 ; jmp 0xfffb1695
+
+loc_fffb16a7: ; not directly referenced
+mov edx, dword [ebp - 0x34]
+sub esp, 0xc
+xor ecx, ecx
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, esi
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+jmp short loc_fffb16d3 ; jmp 0xfffb16d3
+
+loc_fffb16bf: ; not directly referenced
+shl ecx, 7
+and bh, 0xf1
+and cx, 0xe00
+or ebx, ecx
+jmp near loc_fffb162d ; jmp 0xfffb162d
+
+loc_fffb16d1: ; not directly referenced
+xor eax, eax
+
+loc_fffb16d3: ; not directly referenced
+inc byte [ebp - 0x2d]
+jmp near loc_fffb1510 ; jmp 0xfffb1510
+
+loc_fffb16db: ; not directly referenced
+mov eax, 0xd
+jmp short loc_fffb16e7 ; jmp 0xfffb16e7
+
+loc_fffb16e2: ; not directly referenced
+mov eax, 0x1d
+
+loc_fffb16e7: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb16ef: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, 0x100
+sub esp, 0x90
+mov esi, dword [ebp + 8]
+lea edx, [ebp - 0x44]
+mov dword [ebp - 0x48], 1
+mov eax, dword [esi + 0x2443]
+push 0
+push 0x2c
+push edx
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+cmp dword [esi + 0x3756], 2
+jne short loc_fffb1753 ; jne 0xfffb1753
+xor edi, edi
+
+loc_fffb1729: ; not directly referenced
+mov eax, edi
+cmp al, byte [esi + 0x2488]
+jae short loc_fffb1753 ; jae 0xfffb1753
+movzx eax, al
+and ebx, 0xffffff80
+mov edx, eax
+inc edi
+and edx, 0x7f
+or ebx, edx
+mov ecx, ebx
+lea edx, [eax*4 + 0x40f0]
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffb1729 ; jmp 0xfffb1729
+
+loc_fffb1753: ; not directly referenced
+xor edi, edi
+cmp dword [esi + 0x4b19], 2
+je short loc_fffb1769 ; je 0xfffb1769
+
+loc_fffb175e: ; not directly referenced
+mov byte [ebp - 0x65], 0
+xor edi, edi
+jmp near loc_fffb1900 ; jmp 0xfffb1900
+
+loc_fffb1769: ; not directly referenced
+mov eax, edi
+cmp al, byte [esi + 0x2488]
+jae short loc_fffb175e ; jae 0xfffb175e
+mov eax, edi
+and ebx, 0xffffff80
+movzx eax, al
+inc edi
+mov edx, eax
+and edx, 0x7f
+or ebx, edx
+mov ecx, ebx
+lea edx, [eax*4 + 0x44f0]
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffb1769 ; jmp 0xfffb1769
+
+loc_fffb1795: ; not directly referenced
+mov cl, byte [ebp - 0x65]
+xor edi, edi
+mov dword [ebp - 0x5c], 1
+shl dword [ebp - 0x5c], cl
+movzx eax, cl
+mov dword [ebp - 0x7c], eax
+mov al, byte [ebp - 0x5c]
+test byte [esi + 0x248d], al
+je loc_fffb18fd ; je 0xfffb18fd
+mov ecx, dword [ebp - 0x5c]
+xor edx, edx
+mov eax, esi
+call fcn_fffaac43 ; call 0xfffaac43
+mov ecx, dword [ebp - 0x5c]
+mov edx, 1
+mov byte [ebp - 0x4a], 0
+mov bl, al
+mov eax, esi
+call fcn_fffaac43 ; call 0xfffaac43
+imul ecx, dword [ebp - 0x7c], 0x18
+mov byte [ebp - 0x49], 0
+mov dword [ebp - 0x80], 0
+mov dword [ebp - 0x8c], ecx
+lea ecx, [esi + ecx + 0x49c1]
+or eax, ebx
+movzx eax, al
+mov dword [ebp - 0x90], ecx
+mov dword [ebp - 0x64], eax
+
+loc_fffb1804: ; not directly referenced
+mov ecx, dword [ebp - 0x7c]
+lea eax, [ebp - 0x48]
+push ebx
+push ebx
+mov ebx, edi
+push eax
+mov eax, esi
+push 1
+xor edi, edi
+lea edx, [ebp - 0x44]
+call fcn_fffaa9ed ; call 0xfffaa9ed
+mov cl, byte [ebp - 0x80]
+add esp, 0x10
+mov eax, dword [ebp - 0x90]
+mov dword [ebp - 0x84], 1
+shl dword [ebp - 0x84], cl
+mov dword [ebp - 0x60], eax
+
+loc_fffb183c: ; not directly referenced
+mov eax, dword [ebp - 0x64]
+bt eax, edi
+jb loc_fffb1919 ; jb 0xfffb1919
+
+loc_fffb1848: ; not directly referenced
+inc edi
+add dword [ebp - 0x60], 0x13c3
+cmp edi, 2
+jne short loc_fffb183c ; jne 0xfffb183c
+mov edx, dword [ebp - 0x64]
+mov eax, esi
+call fcn_fffae670 ; call 0xfffae670
+test eax, eax
+mov edi, eax
+lea eax, [esi + 0x49ba]
+cmove edi, ebx
+mov dword [ebp - 0x84], eax
+mov eax, dword [ebp - 0x8c]
+xor ebx, ebx
+add eax, 7
+mov dword [ebp - 0x94], eax
+
+loc_fffb1883: ; not directly referenced
+mov eax, dword [ebp - 0x64]
+bt eax, ebx
+jae short loc_fffb18bc ; jae 0xfffb18bc
+mov eax, ebx
+shl eax, 0xa
+add eax, 0x4114
+mov dword [ebp - 0x88], eax
+mov byte [ebp - 0x60], 0
+mov byte [ebp - 0x78], 0
+
+loc_fffb18a3: ; not directly referenced
+mov al, byte [ebp - 0x78]
+cmp al, byte [esi + 0x2488]
+jb loc_fffb19ab ; jb 0xfffb19ab
+cmp byte [ebp - 0x60], 0
+jne loc_fffb19ed ; jne 0xfffb19ed
+
+loc_fffb18bc: ; not directly referenced
+inc ebx
+add dword [ebp - 0x84], 0x13c3
+cmp ebx, 2
+jne short loc_fffb1883 ; jne 0xfffb1883
+inc dword [ebp - 0x80]
+cmp dword [ebp - 0x80], 8
+jne loc_fffb1804 ; jne 0xfffb1804
+test byte [ebp - 0x64], 1
+je short loc_fffb18eb ; je 0xfffb18eb
+cmp byte [ebp - 0x4a], 0xff
+mov eax, 0x1f
+cmovne edi, eax
+
+loc_fffb18eb: ; not directly referenced
+test byte [ebp - 0x64], 2
+je short loc_fffb18fd ; je 0xfffb18fd
+cmp byte [ebp - 0x49], 0xff
+mov eax, 0x1f
+cmovne edi, eax
+
+loc_fffb18fd: ; not directly referenced
+inc byte [ebp - 0x65]
+
+loc_fffb1900: ; not directly referenced
+test edi, edi
+sete dl
+cmp byte [ebp - 0x65], 1
+setbe al
+test dl, al
+jne loc_fffb1795 ; jne 0xfffb1795
+jmp near loc_fffb1a4d ; jmp 0xfffb1a4d
+
+loc_fffb1919: ; not directly referenced
+cmp byte [ebp + edi - 0x4a], 0xff
+je loc_fffb1848 ; je 0xfffb1848
+mov eax, dword [ebp - 0x60]
+mov edx, edi
+mov cx, word [eax + 6]
+push eax
+push eax
+mov word [ebp - 0x78], cx
+mov ecx, dword [ebp - 0x5c]
+or word [ebp - 0x78], 0x10
+movzx eax, word [ebp - 0x78]
+push eax
+mov eax, esi
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0xc
+mov ecx, dword [ebp - 0x7c]
+mov edx, edi
+test eax, eax
+cmovne ebx, eax
+mov eax, dword [ebp - 0x60]
+mov ax, word [eax]
+push dword [ebp - 0x84]
+and eax, 0xfffc
+push 0
+or eax, 2
+push eax
+mov eax, esi
+call fcn_fffaa285 ; call 0xfffaa285
+pop edx
+mov edx, edi
+pop ecx
+mov ecx, dword [ebp - 0x5c]
+test eax, eax
+cmovne ebx, eax
+mov eax, dword [ebp - 0x78]
+mov dword [ebp - 0x88], ebx
+and eax, 0xffef
+push eax
+mov eax, esi
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+cmove ebx, dword [ebp - 0x88]
+jmp near loc_fffb1848 ; jmp 0xfffb1848
+
+loc_fffb19ab: ; not directly referenced
+mov dl, byte [ebp - 0x78]
+movzx eax, byte [ebp + ebx - 0x4a]
+movzx ecx, dl
+bt eax, edx
+jb short loc_fffb19e5 ; jb 0xfffb19e5
+mov eax, dword [ebp - 0x88]
+mov dword [ebp - 0x98], ecx
+lea edx, [eax + ecx*4]
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x98]
+test eax, eax
+je short loc_fffb19e5 ; je 0xfffb19e5
+mov eax, 1
+shl eax, cl
+or byte [ebp - 0x60], al
+
+loc_fffb19e5: ; not directly referenced
+inc byte [ebp - 0x78]
+jmp near loc_fffb18a3 ; jmp 0xfffb18a3
+
+loc_fffb19ed: ; not directly referenced
+movzx eax, byte [ebp - 0x60]
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov ecx, dword [ebp - 0x84]
+cmp byte [ecx], 8
+movzx eax, al
+jne short loc_fffb1a07 ; jne 0xfffb1a07
+dec eax
+jmp short loc_fffb1a0a ; jmp 0xfffb1a0a
+
+loc_fffb1a07: ; not directly referenced
+cmp eax, 2
+
+loc_fffb1a0a: ; not directly referenced
+sete al
+mov edx, dword [ebp - 0x94]
+movzx eax, al
+test eax, eax
+mov eax, 0x1f
+cmove edi, eax
+mov al, byte [ebp - 0x60]
+add edx, dword [ebp - 0x84]
+or byte [ebp + ebx - 0x4a], al
+xor eax, eax
+
+loc_fffb1a2f: ; not directly referenced
+cmp byte [edx + eax + 0x10], 0
+jne short loc_fffb1a42 ; jne 0xfffb1a42
+mov cl, byte [ebp - 0x60]
+mov byte [edx + eax + 0x10], cl
+jmp near loc_fffb18bc ; jmp 0xfffb18bc
+
+loc_fffb1a42: ; not directly referenced
+inc eax
+cmp eax, 8
+jne short loc_fffb1a2f ; jne 0xfffb1a2f
+jmp near loc_fffb18bc ; jmp 0xfffb18bc
+
+loc_fffb1a4d: ; not directly referenced
+mov cl, byte [esi + 0x247b]
+xor edx, edx
+mov eax, esi
+mov byte [esi + 0x247b], 1
+mov dword [ebp - 0x5c], ecx
+call fcn_fffb14e1 ; call 0xfffb14e1
+mov ecx, dword [ebp - 0x5c]
+mov byte [esi + 0x247b], cl
+test eax, eax
+mov ebx, eax
+mov eax, esi
+cmove ebx, edi
+call fcn_fffb0e8a ; call 0xfffb0e8a
+lea esp, [ebp - 0xc]
+mov eax, ebx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb1a87: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, eax
+lea esi, [ebx + 0x374e]
+sub esp, 0x3c
+xor eax, eax
+mov byte [ebp - 0x2b], 0
+mov dword [ebp - 0x40], esi
+
+loc_fffb1aa1: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x2b], 1
+setbe dl
+test cl, dl
+je loc_fffb1be5 ; je 0xfffb1be5
+movzx eax, byte [ebp - 0x2b]
+imul edx, eax, 0x13c3
+mov dword [ebp - 0x34], eax
+lea eax, [ebx + edx]
+cmp dword [eax + 0x3756], 2
+jne loc_fffb1bd6 ; jne 0xfffb1bd6
+mov esi, dword [ebp - 0x40]
+mov dword [ebp - 0x30], 0
+mov dword [ebp - 0x3c], eax
+lea esi, [esi + edx + 8]
+mov dword [ebp - 0x38], esi
+xor esi, esi
+
+loc_fffb1ae8: ; not directly referenced
+mov edi, dword [ebp - 0x30]
+mov eax, edi
+mov ecx, edi
+mov edi, dword [ebp - 0x3c]
+mov byte [ebp - 0x2c], al
+mov eax, 1
+shl eax, cl
+test byte [edi + 0x381a], al
+je loc_fffb1bad ; je 0xfffb1bad
+cmp byte [ebx + 0x247b], 0
+je short loc_fffb1b2b ; je 0xfffb1b2b
+mov al, cl
+mov edx, dword [ebp - 0x38]
+shr al, 1
+movzx eax, al
+imul eax, eax, 0x128
+mov si, word [edx + eax + 0x126d]
+jmp short loc_fffb1ba0 ; jmp 0xfffb1ba0
+
+loc_fffb1b2b: ; not directly referenced
+mov al, byte [ebp - 0x2c]
+mov edx, dword [ebp - 0x34]
+shr al, 1
+movzx edi, al
+mov eax, ebx
+mov ecx, edi
+call fcn_fffa69ea ; call 0xfffa69ea
+test eax, eax
+je loc_fffb1be0 ; je 0xfffb1be0
+mov edx, dword [ebx + 0x1887]
+cmp edx, 0x306d0
+sete cl
+cmp edx, 0x40650
+sete dl
+or cl, dl
+je short loc_fffb1b6c ; je 0xfffb1b6c
+cmp dword [ebx + 0x2480], 1
+je short loc_fffb1b72 ; je 0xfffb1b72
+
+loc_fffb1b6c: ; not directly referenced
+movzx ecx, byte [eax + 1]
+jmp short loc_fffb1b74 ; jmp 0xfffb1b74
+
+loc_fffb1b72: ; not directly referenced
+xor ecx, ecx
+
+loc_fffb1b74: ; not directly referenced
+sub esp, 0xc
+mov edx, ebx
+push esi
+lea eax, [ebp - 0x2a]
+call fcn_fffa6bd1 ; call 0xfffa6bd1
+imul edi, edi, 0x128
+mov si, word [ebp - 0x2a]
+add edi, dword [ebp - 0x38]
+add esp, 0x10
+mov word [edi + 0x126d], si
+mov word [edi + 0x1285], si
+
+loc_fffb1ba0: ; not directly referenced
+mov al, byte [ebp - 0x2c]
+shr al, 1
+movzx eax, al
+mov word [ebp + eax*2 - 0x1c], si
+
+loc_fffb1bad: ; not directly referenced
+add dword [ebp - 0x30], 2
+cmp dword [ebp - 0x30], 4
+jne loc_fffb1ae8 ; jne 0xfffb1ae8
+mov edx, dword [ebp - 0x34]
+sub esp, 0xc
+mov ecx, 1
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, ebx
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+jmp short loc_fffb1bd8 ; jmp 0xfffb1bd8
+
+loc_fffb1bd6: ; not directly referenced
+xor eax, eax
+
+loc_fffb1bd8: ; not directly referenced
+inc byte [ebp - 0x2b]
+jmp near loc_fffb1aa1 ; jmp 0xfffb1aa1
+
+loc_fffb1be0: ; not directly referenced
+mov eax, 1
+
+loc_fffb1be5: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb1bed: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x3c
+mov edi, dword [esi + 0x2480]
+mov dword [ebp - 0x3c], ecx
+mov dword [ebp - 0x38], edi
+cmp ecx, 1
+je short loc_fffb1c30 ; je 0xfffb1c30
+jb short loc_fffb1c20 ; jb 0xfffb1c20
+cmp ecx, 2
+je short loc_fffb1c27 ; je 0xfffb1c27
+cmp ecx, 3
+jne loc_fffb1d20 ; jne 0xfffb1d20
+mov edi, 0xc3
+jmp short loc_fffb1c2c ; jmp 0xfffb1c2c
+
+loc_fffb1c20: ; not directly referenced
+mov edi, 0xff
+jmp short loc_fffb1c35 ; jmp 0xfffb1c35
+
+loc_fffb1c27: ; not directly referenced
+mov edi, 0x56
+
+loc_fffb1c2c: ; not directly referenced
+xor eax, eax
+jmp short loc_fffb1c3a ; jmp 0xfffb1c3a
+
+loc_fffb1c30: ; not directly referenced
+mov edi, 0xab
+
+loc_fffb1c35: ; not directly referenced
+mov eax, 0x400
+
+loc_fffb1c3a: ; not directly referenced
+mov word [ebp - 0x1c], ax
+movzx ecx, dl
+xor ebx, ebx
+mov word [ebp - 0x1a], ax
+lea eax, [esi + 0x3756]
+mov dword [ebp - 0x34], eax
+xor eax, eax
+mov byte [ebp - 0x2d], 1
+mov dword [ebp - 0x40], ecx
+
+loc_fffb1c59: ; not directly referenced
+mov ecx, dword [ebp - 0x34]
+cmp dword [ecx], 2
+jne loc_fffb1cf9 ; jne 0xfffb1cf9
+mov ecx, dword [ebp - 0x40]
+bt ecx, ebx
+jae loc_fffb1cf9 ; jae 0xfffb1cf9
+lea edx, [ebx + 1]
+bt ecx, edx
+jb short loc_fffb1c88 ; jb 0xfffb1c88
+mov cl, byte [ebp - 0x2d]
+mov dl, 7
+cmp dword [ebp - 0x3c], 2
+cmove ecx, edx
+mov byte [ebp - 0x2d], cl
+
+loc_fffb1c88: ; not directly referenced
+cmp dword [ebp - 0x38], 3
+jne short loc_fffb1cca ; jne 0xfffb1cca
+mov dword [ebp - 0x2c], 0
+
+loc_fffb1c95: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+mov edx, 1
+shl edx, cl
+mov ecx, dword [ebp - 0x34]
+test byte [ecx + 0xc4], dl
+je short loc_fffb1cbf ; je 0xfffb1cbf
+mov ecx, dword [ebp - 0x2c]
+mov edx, ebx
+push eax
+mov eax, esi
+push 0
+push edi
+push 0xa
+call fcn_fffaa505 ; call 0xfffaa505
+add esp, 0x10
+
+loc_fffb1cbf: ; not directly referenced
+inc dword [ebp - 0x2c]
+cmp dword [ebp - 0x2c], 4
+jne short loc_fffb1c95 ; jne 0xfffb1c95
+jmp short loc_fffb1cf9 ; jmp 0xfffb1cf9
+
+loc_fffb1cca: ; not directly referenced
+cmp dword [ebp - 0x38], 2
+movzx eax, byte [ebp - 0x2d]
+jne short loc_fffb1cdf ; jne 0xfffb1cdf
+push eax
+lea eax, [ebp - 0x1c]
+push eax
+push 0
+push 0xe
+jmp short loc_fffb1ce8 ; jmp 0xfffb1ce8
+
+loc_fffb1cdf: ; not directly referenced
+push eax
+lea eax, [ebp - 0x1c]
+push eax
+push 0
+push 6
+
+loc_fffb1ce8: ; not directly referenced
+mov ecx, 0xf
+mov edx, ebx
+mov eax, esi
+call fcn_fffafb06 ; call 0xfffafb06
+add esp, 0x10
+
+loc_fffb1cf9: ; not directly referenced
+inc ebx
+add dword [ebp - 0x34], 0x13c3
+cmp ebx, 2
+jne loc_fffb1c59 ; jne 0xfffb1c59
+cmp dword [ebp - 0x3c], 1
+mov ebx, eax
+ja short loc_fffb1d25 ; ja 0xfffb1d25
+mov edx, 0x13
+mov eax, esi
+call fcn_fffa834b ; call 0xfffa834b
+jmp short loc_fffb1d25 ; jmp 0xfffb1d25
+
+loc_fffb1d20: ; not directly referenced
+mov ebx, 2
+
+loc_fffb1d25: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, ebx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb1d2f: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+sub esp, 0x4c
+mov ebx, dword [ebp + 8]
+mov byte [ebp - 0x28], 2
+mov byte [ebp - 0x27], 0x40
+mov byte [ebp - 0x26], 1
+mov byte [ebp - 0x25], 0x43
+mov byte [ebp - 0x24], 3
+mov byte [ebp - 0x23], 1
+mov byte [ebp - 0x22], 0xb
+mov byte [ebp - 0x21], 3
+mov dword [ebp - 0x50], 0
+
+loc_fffb1d64: ; not directly referenced
+imul eax, esi, 0x13c3
+cmp dword [ebx + eax + 0x3756], 2
+jne short loc_fffb1daf ; jne 0xfffb1daf
+mov edi, esi
+mov eax, ebx
+shl edi, 0xa
+add edi, 0x4004
+mov edx, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov dword [ebp + esi*4 - 0x20], eax
+mov al, byte [ebp + esi*4 - 0x1d]
+test al, 0x20
+jne short loc_fffb1daf ; jne 0xfffb1daf
+or eax, 0x20
+mov edx, edi
+mov byte [ebp + esi*4 - 0x1d], al
+mov ecx, dword [ebp + esi*4 - 0x20]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov dword [ebp - 0x50], 1
+
+loc_fffb1daf: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffb1d64 ; jne 0xfffb1d64
+xor ecx, ecx
+mov edx, 3
+mov eax, ebx
+call fcn_fffb1bed ; call 0xfffb1bed
+test eax, eax
+jne loc_fffb1fe8 ; jne 0xfffb1fe8
+mov edx, dword [ebx + 0x36d7]
+cmp edx, 0x320
+jbe short loc_fffb1e0b ; jbe 0xfffb1e0b
+cmp edx, 0x42b
+jbe short loc_fffb1e0f ; jbe 0xfffb1e0f
+cmp edx, 0x4b0
+jbe short loc_fffb1e13 ; jbe 0xfffb1e13
+cmp edx, 0x535
+jbe short loc_fffb1e17 ; jbe 0xfffb1e17
+cmp edx, 0x640
+jbe short loc_fffb1e1b ; jbe 0xfffb1e1b
+mov al, 0x16
+cmp edx, 0x74b
+ja loc_fffb1fe8 ; ja 0xfffb1fe8
+mov al, 0x1c
+jmp short loc_fffb1e1d ; jmp 0xfffb1e1d
+
+loc_fffb1e0b: ; not directly referenced
+mov al, 0x14
+jmp short loc_fffb1e1d ; jmp 0xfffb1e1d
+
+loc_fffb1e0f: ; not directly referenced
+mov al, 0x16
+jmp short loc_fffb1e1d ; jmp 0xfffb1e1d
+
+loc_fffb1e13: ; not directly referenced
+mov al, 0x17
+jmp short loc_fffb1e1d ; jmp 0xfffb1e1d
+
+loc_fffb1e17: ; not directly referenced
+mov al, 0x18
+jmp short loc_fffb1e1d ; jmp 0xfffb1e1d
+
+loc_fffb1e1b: ; not directly referenced
+mov al, 0x1a
+
+loc_fffb1e1d: ; not directly referenced
+mov byte [ebp - 0x27], al
+lea eax, [ebx + 0x3756]
+xor edi, edi
+mov dword [ebp - 0x2c], eax
+
+loc_fffb1e2b: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+cmp dword [eax], 2
+jne loc_fffb1fc7 ; jne 0xfffb1fc7
+mov dword [ebp - 0x34], 0
+
+loc_fffb1e3e: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov ecx, dword [ebp - 0x34]
+mov al, byte [eax + 0xc4]
+mov dl, cl
+mov esi, eax
+mov eax, 1
+shl eax, cl
+mov ecx, esi
+test cl, al
+jne short loc_fffb1e69 ; jne 0xfffb1e69
+
+loc_fffb1e5b: ; not directly referenced
+inc dword [ebp - 0x34]
+cmp dword [ebp - 0x34], 4
+jne short loc_fffb1e3e ; jne 0xfffb1e3e
+jmp near loc_fffb1f5b ; jmp 0xfffb1f5b
+
+loc_fffb1e69: ; not directly referenced
+cmp byte [ebp - 0x34], 0
+mov byte [ebp - 0x48], 0
+jne short loc_fffb1e93 ; jne 0xfffb1e93
+cmp byte [ebx + 0x240a], 0
+mov byte [ebp - 0x48], dl
+je short loc_fffb1e93 ; je 0xfffb1e93
+mov eax, esi
+and eax, 2
+cmp al, 1
+sbb eax, eax
+mov dword [ebp - 0x48], eax
+and byte [ebp - 0x48], 0xfc
+add byte [ebp - 0x48], 7
+
+loc_fffb1e93: ; not directly referenced
+mov eax, edx
+and eax, 1
+mov dword [ebp - 0x38], 0
+mov dword [ebp - 0x4c], eax
+
+loc_fffb1ea2: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+cmp byte [ebx + 0x247b], 0
+movzx edx, byte [ebp + eax*2 - 0x28]
+je short loc_fffb1edf ; je 0xfffb1edf
+cmp edx, 6
+ja short loc_fffb1ecc ; ja 0xfffb1ecc
+imul eax, dword [ebp - 0x4c], 0xc
+mov ecx, dword [ebp - 0x2c]
+lea eax, [edx + eax + 0x930]
+mov al, byte [ecx + eax*2 + 0xb]
+jmp short loc_fffb1eda ; jmp 0xfffb1eda
+
+loc_fffb1ecc: ; not directly referenced
+imul eax, dword [ebp - 0x4c], 0x18
+mov ecx, dword [ebp - 0x2c]
+mov al, byte [ecx + eax + 0x1279]
+
+loc_fffb1eda: ; not directly referenced
+mov byte [ebp - 0x2d], al
+jmp short loc_fffb1f29 ; jmp 0xfffb1f29
+
+loc_fffb1edf: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+cmp eax, 3
+je short loc_fffb1eed ; je 0xfffb1eed
+mov al, byte [ebp + eax*2 - 0x27]
+jmp short loc_fffb1ef0 ; jmp 0xfffb1ef0
+
+loc_fffb1eed: ; not directly referenced
+mov al, byte [ebp - 0x48]
+
+loc_fffb1ef0: ; not directly referenced
+mov byte [ebp - 0x2d], al
+cmp edx, 6
+ja short loc_fffb1f11 ; ja 0xfffb1f11
+imul ecx, dword [ebp - 0x4c], 0xc
+movzx esi, byte [ebp - 0x2d]
+mov eax, dword [ebp - 0x2c]
+lea ecx, [edx + ecx + 0x930]
+mov word [eax + ecx*2 + 0xb], si
+jmp short loc_fffb1f29 ; jmp 0xfffb1f29
+
+loc_fffb1f11: ; not directly referenced
+cmp edx, 0xb
+jne short loc_fffb1f29 ; jne 0xfffb1f29
+imul ecx, dword [ebp - 0x4c], 0x18
+movzx esi, byte [ebp - 0x2d]
+mov eax, dword [ebp - 0x2c]
+mov word [eax + ecx + 0x1279], si
+
+loc_fffb1f29: ; not directly referenced
+push eax
+movzx eax, byte [ebp - 0x2d]
+mov ecx, dword [ebp - 0x34]
+push 0
+push eax
+mov eax, ebx
+push edx
+mov edx, edi
+call fcn_fffaa505 ; call 0xfffaa505
+add esp, 0x10
+test eax, eax
+jne loc_fffb1fe8 ; jne 0xfffb1fe8
+inc dword [ebp - 0x38]
+cmp dword [ebp - 0x38], 4
+jne loc_fffb1ea2 ; jne 0xfffb1ea2
+jmp near loc_fffb1e5b ; jmp 0xfffb1e5b
+
+loc_fffb1f5b: ; not directly referenced
+cmp byte [ebx + 0x247d], 0
+jne short loc_fffb1fa6 ; jne 0xfffb1fa6
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffb1fa6 ; jne 0xfffb1fa6
+mov eax, edi
+shl eax, 8
+add eax, 0x1c20
+mov edx, eax
+mov esi, eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+cmp byte [ebx + 0x240a], 1
+sbb edx, edx
+not edx
+add edx, 3
+and eax, 0xffffffcf
+and edx, 3
+shl edx, 4
+or eax, edx
+mov edx, esi
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb1fa6: ; not directly referenced
+cmp dword [ebp - 0x50], 0
+je short loc_fffb1fc7 ; je 0xfffb1fc7
+and byte [ebp + edi*4 - 0x1d], 0xdf
+mov edx, edi
+mov ecx, dword [ebp + edi*4 - 0x20]
+shl edx, 0xa
+mov eax, ebx
+add edx, 0x4004
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb1fc7: ; not directly referenced
+inc edi
+add dword [ebp - 0x2c], 0x13c3
+cmp edi, 2
+jne loc_fffb1e2b ; jne 0xfffb1e2b
+mov byte [ebx + 0x247d], 1
+xor eax, eax
+mov byte [ebx + 0x247b], 1
+
+loc_fffb1fe8: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb1ff0: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x20], 0
+lea edi, [ebx + 0x3756]
+
+loc_fffb2009: ; not directly referenced
+cmp dword [edi], 2
+je short loc_fffb201f ; je 0xfffb201f
+
+loc_fffb200e: ; not directly referenced
+inc dword [ebp - 0x20]
+add edi, 0x13c3
+cmp dword [ebp - 0x20], 2
+jne short loc_fffb2009 ; jne 0xfffb2009
+jmp short loc_fffb2092 ; jmp 0xfffb2092
+
+loc_fffb201f: ; not directly referenced
+mov edx, dword [ebp - 0x20]
+xor ecx, ecx
+mov eax, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov edx, eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, dword [ebp - 0x20]
+mov ecx, 0xff
+mov esi, eax
+mov eax, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+or esi, 0x100000
+mov dword [ebp - 0x1c], 0
+mov dword [ebp - 0x24], eax
+
+loc_fffb2055: ; not directly referenced
+mov cl, byte [ebp - 0x1c]
+mov eax, 1
+shl eax, cl
+test byte [edi + 0xc4], al
+je short loc_fffb2084 ; je 0xfffb2084
+mov eax, dword [ebp - 0x1c]
+and esi, 0xff3fffff
+mov edx, dword [ebp - 0x24]
+and eax, 3
+shl eax, 0x16
+or esi, eax
+mov eax, ebx
+mov ecx, esi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffb2084: ; not directly referenced
+inc dword [ebp - 0x1c]
+cmp dword [ebp - 0x1c], 4
+jne short loc_fffb2055 ; jne 0xfffb2055
+jmp near loc_fffb200e ; jmp 0xfffb200e
+
+loc_fffb2092: ; not directly referenced
+cmp dword [ebx + 0x3756], 2
+jne short loc_fffb20ae ; jne 0xfffb20ae
+movzx ecx, byte [ebx + 0x381a]
+mov edx, 0x4192
+mov eax, ebx
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffb20ae: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffb20ca ; jne 0xfffb20ca
+movzx ecx, byte [ebx + 0x4bdd]
+mov edx, 0x4592
+mov eax, ebx
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffb20ca: ; not directly referenced
+mov eax, ebx
+mov ecx, 1
+mov edx, 3
+call fcn_fffb1bed ; call 0xfffb1bed
+add esp, 0x1c
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb20e5: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0xdc
+mov edi, dword [ebp + 0x20]
+mov byte [ebp - 0x51], cl
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x5c], ecx
+mov cl, byte [ebp + 0x14]
+mov dword [ebp - 0x4c], eax
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x50], edi
+mov edi, dword [ebp + 0x24]
+mov byte [ebp - 0xad], dl
+mov esi, dword [ebp + 0xc]
+mov byte [ebp - 0xe8], cl
+mov cl, byte [ebp + 0x1c]
+mov dword [ebp - 0x60], eax
+movzx eax, bx
+dec eax
+mov dword [ebp - 0x58], edi
+inc esi
+mov byte [ebp - 0x98], cl
+mov word [ebp - 0xb0], bx
+mov dword [ebp - 0x45], 0
+mov dword [ebp - 0x41], 0
+mov dword [ebp - 0x3d], 0
+call fcn_fffaec34 ; call 0xfffaec34
+mov ecx, esi
+sub ecx, eax
+test cl, cl
+mov esi, ecx
+mov ecx, dword [ebp - 0x5c]
+setle dl
+mov byte [ebp - 0x61], al
+cmp cl, 4
+sete al
+or dl, al
+jne short loc_fffb2178 ; jne 0xfffb2178
+cmp cl, 5
+mov al, 1
+cmove esi, eax
+jmp short loc_fffb217d ; jmp 0xfffb217d
+
+loc_fffb2178: ; not directly referenced
+mov esi, 1
+
+loc_fffb217d: ; not directly referenced
+lea ecx, [esi - 1]
+movzx esi, byte [ebp - 0x61]
+lea eax, [ebx - 0x80]
+mov dword [ebp - 0x68], 1
+shl dword [ebp - 0x68], cl
+cmp bx, 0x7f
+cmova eax, esi
+add ebx, ebx
+mov byte [ebp - 0x88], al
+lea eax, [ebx - 0x80]
+mov byte [ebp - 0x78], al
+cmp bx, 0x7f
+jbe short loc_fffb21ba ; jbe 0xfffb21ba
+movzx ebx, bx
+lea eax, [ebx - 1]
+call fcn_fffaec34 ; call 0xfffaec34
+mov byte [ebp - 0x78], al
+
+loc_fffb21ba: ; not directly referenced
+mov eax, dword [ebp + 0x18]
+mov bx, word [eax]
+movzx eax, bx
+dec eax
+call fcn_fffaec34 ; call 0xfffaec34
+cmp bx, 0x1f
+jbe short loc_fffb21da ; jbe 0xfffb21da
+mov esi, dword [ebp + 0x18]
+movzx eax, al
+mov word [esi], ax
+jmp short loc_fffb21e3 ; jmp 0xfffb21e3
+
+loc_fffb21da: ; not directly referenced
+mov eax, dword [ebp + 0x18]
+add ebx, 0x20
+mov word [eax], bx
+
+loc_fffb21e3: ; not directly referenced
+cmp byte [ebp - 0x50], 0
+je short loc_fffb2209 ; je 0xfffb2209
+mov eax, dword [ebp - 0x4c]
+mov edx, 0x4cb0
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, eax
+mov eax, dword [ebp - 0x58]
+and di, 0xfff
+add edi, 0x10
+cmp ax, di
+cmovae edi, eax
+
+loc_fffb2209: ; not directly referenced
+cmp di, 0xff
+mov eax, 0xff
+cmova edi, eax
+mov al, byte [ebp - 0x88]
+mov word [ebp - 0xa8], di
+mov dword [ebp - 0x50], 0x4960
+mov dword [ebp - 0x5c], 0x4040
+shr al, 7
+mov byte [ebp - 0xc8], al
+mov al, byte [ebp - 0x78]
+mov dword [ebp - 0x58], 0
+shr al, 7
+mov byte [ebp - 0xd8], al
+mov eax, dword [ebp - 0x98]
+and eax, 1
+mov dword [ebp - 0xb4], eax
+
+loc_fffb225c: ; not directly referenced
+movzx eax, byte [ebp - 0xad]
+mov esi, dword [ebp - 0x58]
+mov dword [ebp - 0xac], eax
+bt eax, esi
+jb short loc_fffb2282 ; jb 0xfffb2282
+mov eax, dword [ebp - 0x50]
+xor ecx, ecx
+lea edx, [eax + eax - 0x4a18]
+jmp near loc_fffb268f ; jmp 0xfffb268f
+
+loc_fffb2282: ; not directly referenced
+mov eax, dword [ebp - 0x5c]
+movzx ecx, byte [ebp - 0xb4]
+lea edx, [eax + 0x158]
+mov eax, dword [ebp - 0x4c]
+call fcn_fffae566 ; call 0xfffae566
+cmp byte [ebp - 0x98], 0
+je short loc_fffb22bb ; je 0xfffb22bb
+mov edx, dword [ebp - 0x58]
+sub esp, 0xc
+mov ecx, 7
+mov eax, dword [ebp - 0x4c]
+push 8
+call fcn_fffaa3c8 ; call 0xfffaa3c8
+add esp, 0x10
+
+loc_fffb22bb: ; not directly referenced
+cmp byte [ebp - 0x51], 5
+ja short loc_fffb22d3 ; ja 0xfffb22d3
+movzx eax, byte [ebp - 0x51]
+mov dl, byte [eax + ref_fffd3ed8] ; mov dl, byte [eax - 0x2c128]
+mov al, byte [eax + ref_fffd3ed0] ; mov al, byte [eax - 0x2c130]
+jmp short loc_fffb22d7 ; jmp 0xfffb22d7
+
+loc_fffb22d3: ; not directly referenced
+xor eax, eax
+xor edx, edx
+
+loc_fffb22d7: ; not directly referenced
+and edx, 7
+and eax, 7
+mov bl, byte [ebp - 0x51]
+shl edx, 0x18
+xor edi, edi
+mov ecx, dword [ebp - 0x50]
+shl eax, 0x1c
+or eax, edx
+and ah, 0xcf
+mov edx, eax
+mov eax, dword [ebp - 0x4c]
+or dh, 0x18
+cmp byte [eax + 0x247a], 0
+setne al
+movzx eax, al
+shl eax, 7
+or eax, edx
+mov edx, eax
+or edx, 0x20
+cmp bl, 6
+mov ebx, dword [ebp - 0x4c]
+cmove eax, edx
+mov esi, eax
+mov eax, edi
+and eax, 0xfffffc00
+or eax, 2
+mov edi, eax
+cmp dword [ebp - 0x60], 1
+lea eax, [ecx + 0x20]
+lea edx, [ecx + 0x40]
+mov ecx, dword [ebp - 0x68]
+cmovne edx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, ebx
+push ecx
+push ecx
+mov ecx, dword [ebp - 0x50]
+push edi
+push esi
+lea edx, [ecx + ecx - 0x4a18]
+call fcn_fffae7cf ; call 0xfffae7cf
+mov ecx, dword [ebp - 0x50]
+mov eax, ebx
+lea edx, [ecx - 0xa8]
+mov ecx, 4
+call fcn_fffae566 ; call 0xfffae566
+mov edx, dword [ebp - 0xc8]
+add esp, 0x10
+mov eax, dword [ebp - 0x88]
+mov esi, dword [ebp - 0x78]
+mov ecx, dword [ebp - 0xd8]
+and edx, 1
+mov bl, byte [ebp - 0x51]
+shl edx, 7
+and eax, 0x7f
+or eax, edx
+mov edx, dword [ebp - 0xa8]
+and esi, 0x7f
+or eax, 0x8000000
+and ecx, 1
+shl ecx, 7
+and edx, 0x3fff
+shl edx, 8
+or eax, edx
+mov edx, eax
+and edx, 0x83fff00
+or edx, esi
+or edx, ecx
+mov ecx, eax
+or ecx, 0x4000000
+and ecx, 0xf7ffffff
+cmp bl, 4
+je short loc_fffb23ed ; je 0xfffb23ed
+cmp bl, 5
+je short loc_fffb2433 ; je 0xfffb2433
+cmp bl, 3
+jne loc_fffb2475 ; jne 0xfffb2475
+mov dword [ebp - 0x38], edx
+mov byte [ebp - 0x39], 1
+or byte [ebp - 0x36], 0xc0
+and byte [ebp - 0x35], 0xfc
+jmp near loc_fffb24af ; jmp 0xfffb24af
+
+loc_fffb23ed: ; not directly referenced
+mov dword [ebp - 0x38], eax
+mov cl, byte [ebp - 0x36]
+and byte [ebp - 0x35], 0xfc
+and ecx, 0x3f
+or ecx, 0x40
+mov byte [ebp - 0x36], cl
+mov ecx, 1
+
+loc_fffb2405: ; not directly referenced
+mov dword [ebp + ecx*4 - 0x38], edx
+mov bl, byte [ebp + ecx*4 - 0x36]
+and byte [ebp + ecx*4 - 0x35], 0xfc
+and ebx, 0x3f
+or ebx, 0xffffff80
+mov byte [ebp + ecx*4 - 0x36], bl
+inc ecx
+cmp ecx, 7
+jne short loc_fffb2405 ; jne 0xfffb2405
+mov dword [ebp - 0x1c], eax
+mov byte [ebp - 0x39], 0xff
+and byte [ebp - 0x1a], 0x3f
+and byte [ebp - 0x19], 0xfc
+jmp short loc_fffb24af ; jmp 0xfffb24af
+
+loc_fffb2433: ; not directly referenced
+mov dword [ebp - 0x38], eax
+mov cl, byte [ebp - 0x36]
+mov dword [ebp - 0x34], edx
+mov dword [ebp - 0x30], eax
+mov dword [ebp - 0x2c], edx
+and ecx, 0x3f
+or ecx, 0x40
+mov byte [ebp - 0x36], cl
+mov cl, byte [ebp - 0x32]
+and byte [ebp - 0x35], 0xfc
+and byte [ebp - 0x31], 0xfc
+and byte [ebp - 0x2e], 0x3f
+and ecx, 0x3f
+or ecx, 0xffffff80
+mov byte [ebp - 0x32], cl
+and byte [ebp - 0x2d], 0xfc
+or byte [ebp - 0x2a], 0xc0
+and byte [ebp - 0x29], 0xfc
+mov byte [ebp - 0x39], 0xf
+jmp short loc_fffb24af ; jmp 0xfffb24af
+
+loc_fffb2475: ; not directly referenced
+mov esi, dword [ebp + 0x18]
+cmp byte [esi + 0xa], 2
+jne short loc_fffb248d ; jne 0xfffb248d
+cmp word [ebp - 0xb0], 8
+jne short loc_fffb248d ; jne 0xfffb248d
+mov dword [ebp - 0x38], ecx
+jmp short loc_fffb2490 ; jmp 0xfffb2490
+
+loc_fffb248d: ; not directly referenced
+mov dword [ebp - 0x38], eax
+
+loc_fffb2490: ; not directly referenced
+mov dl, byte [ebp - 0x36]
+mov dword [ebp - 0x34], eax
+and byte [ebp - 0x35], 0xfc
+and byte [ebp - 0x32], 0x3f
+and byte [ebp - 0x31], 0xfc
+and edx, 0x3f
+or edx, 0x40
+mov byte [ebp - 0x36], dl
+mov byte [ebp - 0x39], 3
+
+loc_fffb24af: ; not directly referenced
+imul eax, dword [ebp - 0x58], 0x28
+xor ebx, ebx
+lea edi, [ebp - 0x39]
+lea esi, [eax + 0x4808]
+sub edi, eax
+
+loc_fffb24c0: ; not directly referenced
+movzx eax, byte [ebp - 0x39]
+bt eax, ebx
+jb loc_fffb2593 ; jb 0xfffb2593
+
+loc_fffb24cd: ; not directly referenced
+lea eax, [ebp - 0x3d]
+mov esi, dword [ebp - 0x4c]
+push edx
+mov ecx, dword [ebp + 0x10]
+push eax
+mov edx, dword [ebp - 0x58]
+lea eax, [ebp - 0x41]
+push eax
+lea eax, [ebp - 0x45]
+push eax
+mov eax, dword [ebp + 0x10]
+add eax, 0x24
+push eax
+mov eax, dword [ebp + 0x10]
+add eax, 0x14
+push eax
+mov eax, dword [ebp + 0x10]
+add eax, 0x10
+push eax
+mov eax, dword [ebp + 0x10]
+add eax, 8
+push eax
+mov eax, esi
+call fcn_fffaa5b6 ; call 0xfffaa5b6
+mov eax, dword [ebp + 0x18]
+add esp, 0x20
+mov edi, dword [ebp + 0x18]
+movzx ecx, byte [eax + 6]
+movzx eax, byte [eax + 2]
+mov dx, word [edi]
+and ecx, 0x3f
+and eax, 0x3f
+shl eax, 8
+mov ebx, edx
+shl ecx, 0x10
+and ebx, 0x1f
+or ecx, eax
+mov eax, dword [ebp - 0x5c]
+shr dx, 5
+or ecx, ebx
+and edx, 1
+shl edx, 5
+or ecx, edx
+lea edx, [eax + 0x1c0]
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 0x18]
+mov dl, byte [eax + 0xa]
+cmp dl, 2
+sete al
+cmp dl, 4
+sete dl
+or eax, edx
+cmp al, 1
+mov al, byte [ebp - 0x51]
+sbb ecx, ecx
+and ecx, 2
+movzx ecx, cl
+sub eax, 4
+or ecx, 0x8090
+cmp al, 1
+ja short loc_fffb25b6 ; ja 0xfffb25b6
+mov al, byte [ebp - 0x61]
+and ecx, 0xf8c0ffff
+inc eax
+and eax, 7
+shl eax, 0x18
+or ecx, eax
+or ecx, 0x10000
+jmp short loc_fffb25b6 ; jmp 0xfffb25b6
+
+loc_fffb2593: ; not directly referenced
+mov ecx, dword [edi + esi - 0x4807]
+mov edx, esi
+inc ebx
+mov eax, dword [ebp - 0x4c]
+add esi, 4
+call fcn_fffae58c ; call 0xfffae58c
+cmp ebx, 8
+jne loc_fffb24c0 ; jne 0xfffb24c0
+jmp near loc_fffb24cd ; jmp 0xfffb24cd
+
+loc_fffb25b6: ; not directly referenced
+mov edi, dword [ebp - 0x4c]
+mov esi, dword [ebp - 0x5c]
+mov eax, edi
+mov edx, esi
+call fcn_fffae58c ; call 0xfffae58c
+xor ecx, ecx
+mov eax, edi
+lea edx, [esi + 0x44]
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0xe8]
+mov eax, edi
+lea edx, [esi + 0x58]
+and ecx, 3
+shl ecx, 0xc
+or ecx, 0xffff0001
+call fcn_fffae58c ; call 0xfffae58c
+lea edx, [esi + 0x98]
+push eax
+push eax
+mov eax, edi
+push 0
+push 0
+call fcn_fffae7cf ; call 0xfffae7cf
+xor ecx, ecx
+mov eax, edi
+lea edx, [esi + 0x5c]
+call fcn_fffae566 ; call 0xfffae566
+add esp, 0x10
+cmp byte [edi + 0x247a], 0
+je short loc_fffb2697 ; je 0xfffb2697
+mov eax, dword [ebp - 0x50]
+mov ecx, 0xfc
+lea edx, [eax - 8]
+mov eax, dword [ebp - 0x4c]
+call fcn_fffae566 ; call 0xfffae566
+cmp dword [ebp - 0x60], 1
+jne short loc_fffb2644 ; jne 0xfffb2644
+mov eax, dword [ebp - 0x50]
+mov ecx, 0xff
+lea edx, [eax - 7]
+mov eax, dword [ebp - 0x4c]
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffb2644: ; not directly referenced
+mov eax, dword [ebp - 0x4c]
+movzx ebx, word [eax + 0x2489]
+test bx, bx
+je short loc_fffb2667 ; je 0xfffb2667
+mov eax, 0x9c40
+cdq
+idiv ebx
+mov ecx, eax
+mov eax, 0x30d40
+cdq
+idiv ebx
+jmp short loc_fffb2671 ; jmp 0xfffb2671
+
+loc_fffb2667: ; not directly referenced
+mov eax, 0xff
+mov ecx, 0xff
+
+loc_fffb2671: ; not directly referenced
+mov ebx, ecx
+movzx ecx, cl
+mov edx, dword [ebp - 0x50]
+shl ebx, 8
+and ebx, 0xff00
+shl ecx, 0x10
+shl eax, 0x18
+or ecx, ebx
+or ecx, eax
+or ecx, 2
+
+loc_fffb268f: ; not directly referenced
+mov eax, dword [ebp - 0x4c]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb2697: ; not directly referenced
+inc dword [ebp - 0x58]
+add dword [ebp - 0x5c], 0x400
+add dword [ebp - 0x50], 4
+cmp dword [ebp - 0x58], 2
+jne loc_fffb225c ; jne 0xfffb225c
+mov edx, dword [ebp - 0xac]
+mov ecx, 2
+mov eax, dword [ebp - 0x4c]
+call fcn_fffb1bed ; call 0xfffb1bed
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb26ca: ; not directly referenced
+push ebp
+movzx edx, dl
+mov ebp, esp
+push edi
+push esi
+mov esi, ecx
+push ebx
+mov ecx, 0xb
+sub esp, 0x4c
+mov ebx, eax
+lea edi, [ebp - 0x44]
+xor eax, eax
+rep stosd ; rep stosd dword es:[edi], eax
+lea eax, [ebp - 0x4f]
+push 0
+push 0
+push 0
+push eax
+movzx eax, byte [ebp + 8]
+mov word [ebp - 0x36], 0x3ff
+mov dword [ebp - 0x30], 0x20
+push eax
+lea eax, [ebp - 0x44]
+push eax
+mov eax, ebx
+push esi
+push 0x80
+mov word [ebp - 0x20], 1
+mov word [ebp - 0x1a], 1
+mov word [ebp - 0x4f], 4
+mov dword [ebp - 0x4d], 0
+mov dword [ebp - 0x49], 7
+mov byte [ebp - 0x45], 0
+call fcn_fffb20e5 ; call 0xfffb20e5
+lea edx, [esi - 7]
+add esp, 0x20
+mov al, 1
+test dl, dl
+cmovg eax, edx
+mov byte [ebx + 0x248c], al
+mov byte [ebx + 0x248b], 0
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb2759: ; not directly referenced
+push ebp
+movzx edx, dl
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd3e9c ; mov esi, 0xfffd3e9c
+push ebx
+mov ebx, eax
+sub esp, 0x5c
+lea edi, [ebp - 0x44]
+mov dword [ebp - 0x5c], ecx
+mov ecx, 0xb
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea eax, [ebp - 0x4f]
+mov esi, dword [ebp - 0x5c]
+push 0
+push 0
+push 1
+push eax
+movzx eax, byte [ebp + 8]
+mov word [ebp - 0x4f], 4
+mov dword [ebp - 0x4d], 0
+push eax
+lea eax, [ebp - 0x44]
+push eax
+mov eax, ebx
+push esi
+push 8
+mov dword [ebp - 0x49], 9
+mov byte [ebp - 0x45], 2
+call fcn_fffb20e5 ; call 0xfffb20e5
+mov edx, esi
+add esp, 0x20
+sub edx, 4
+mov al, 1
+test dl, dl
+cmovg eax, edx
+mov byte [ebx + 0x248c], al
+mov byte [ebx + 0x248b], 2
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb27d5: ; not directly referenced
+push ebp
+mov ecx, 0xb
+mov ebp, esp
+push edi
+push ebx
+mov ebx, eax
+lea edi, [ebp - 0x8c]
+xor eax, eax
+sub esp, 0x90
+rep stosd ; rep stosd dword es:[edi], eax
+lea edi, [ebp - 0x60]
+mov word [ebp - 0x82], 0xf
+mov word [ebp - 0x66], 1
+mov word [ebp - 0x97], 1
+mov dword [ebp - 0x95], 0
+mov dword [ebp - 0x91], 3
+mov cl, 0xb
+rep stosd ; rep stosd dword es:[edi], eax
+lea edi, [ebp - 0x34]
+mov word [ebp - 0x52], 0x3ff
+mov dword [ebp - 0x4c], 0x20
+mov word [ebp - 0x3c], 1
+mov word [ebp - 0x36], 1
+mov byte [ebp - 0x8d], 0
+mov cl, 0xb
+rep stosd ; rep stosd dword es:[edi], eax
+mov eax, dword [ebx + 0x2480]
+mov word [ebp - 0x32], 4
+mov word [ebp - 0x2a], 4
+cmp eax, 3
+je short loc_fffb2871 ; je 0xfffb2871
+dec eax
+lea ecx, [ebp - 0x8c]
+lea eax, [ebp - 0x60]
+cmovne eax, ecx
+jmp short loc_fffb2874 ; jmp 0xfffb2874
+
+loc_fffb2871: ; not directly referenced
+lea eax, [ebp - 0x34]
+
+loc_fffb2874: ; not directly referenced
+push 0
+movzx edx, dl
+push 0
+push 0
+lea ecx, [ebp - 0x97]
+push ecx
+mov ecx, 2
+push 0
+push eax
+mov eax, ebx
+push 0xa
+push 0x80
+call fcn_fffb20e5 ; call 0xfffb20e5
+add esp, 0x20
+mov byte [ebx + 0x248c], 1
+mov byte [ebx + 0x248b], 0
+lea esp, [ebp - 8]
+pop ebx
+pop edi
+pop ebp
+ret
+
+fcn_fffb28b2: ; not directly referenced
+push ebp
+xor eax, eax
+mov ebp, esp
+mov ecx, 0xb
+push edi
+push esi
+push ebx
+lea edi, [ebp - 0x1f4]
+sub esp, 0x270
+rep stosd ; rep stosd dword es:[edi], eax
+mov eax, dword [ebp + 8]
+lea edx, [ebp - 0x217]
+mov word [ebp - 0x1e6], 0x3ff
+mov word [ebp - 0x1ca], 1
+mov word [ebp - 0x1ff], 0x20
+mov esi, dword [eax + 0x5edc]
+mov al, byte [eax + 0x248e]
+mov dword [ebp - 0x1fd], 0
+mov dword [ebp - 0x1f9], 9
+mov byte [ebp - 0x1f5], 0
+mov byte [ebp - 0x22c], al
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x248d]
+mov byte [ebp - 0x230], al
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x18a7]
+mov dword [ebp - 0x234], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x188b]
+mov dword [ebp - 0x260], eax
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 2
+sete al
+movzx eax, al
+mov dword [ebp - 0x250], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2443]
+push 1
+push 7
+push edx
+call dword [eax + 0x5c] ; ucall
+mov eax, dword [ebp + 8]
+add esp, 0x10
+mov eax, dword [eax + 0x1887]
+cmp eax, 0x40650
+je short loc_fffb29de ; je 0xfffb29de
+ja short loc_fffb298e ; ja 0xfffb298e
+cmp eax, 0x306d0
+jmp short loc_fffb299a ; jmp 0xfffb299a
+
+loc_fffb298e: ; not directly referenced
+cmp eax, 0x40660
+je short loc_fffb29a8 ; je 0xfffb29a8
+cmp eax, 0x40670
+
+loc_fffb299a: ; not directly referenced
+jne short loc_fffb29c3 ; jne 0xfffb29c3
+mov dword [ebp - 0x248], 0x7f
+jmp short loc_fffb29e8 ; jmp 0xfffb29e8
+
+loc_fffb29a8: ; not directly referenced
+mov dword [ebp - 0x248], 0x3f
+mov ebx, 0x19
+mov dword [ebp - 0x240], 0x14
+jmp short loc_fffb29f7 ; jmp 0xfffb29f7
+
+loc_fffb29c3: ; not directly referenced
+mov dword [ebp - 0x248], 0x3f
+mov ebx, 0x15
+mov dword [ebp - 0x240], 0x10
+jmp short loc_fffb29f7 ; jmp 0xfffb29f7
+
+loc_fffb29de: ; not directly referenced
+mov dword [ebp - 0x248], 0x3f
+
+loc_fffb29e8: ; not directly referenced
+mov dword [ebp - 0x240], 0x12
+mov ebx, 0x17
+
+loc_fffb29f7: ; not directly referenced
+push 8
+movzx edx, byte [ebp - 0x22c]
+mov ecx, 2
+push 0
+push 0
+lea eax, [ebp - 0x1ff]
+push eax
+push 0
+lea eax, [ebp - 0x1f4]
+push eax
+mov eax, dword [ebp + 8]
+push 7
+push 2
+shl ebx, 0x10
+call fcn_fffb20e5 ; call 0xfffb20e5
+lea eax, [esi + 0x1c]
+add esp, 0x20
+mov dword [ebp - 0x264], eax
+xor esi, esi
+mov dword [ebp - 0x22c], eax
+mov dword [ebp - 0x238], ebx
+
+loc_fffb2a42: ; not directly referenced
+imul eax, esi, 0x13c3
+mov edi, dword [ebp + 8]
+xor ebx, ebx
+cmp dword [edi + eax + 0x3756], 2
+jne loc_fffb2aeb ; jne 0xfffb2aeb
+
+loc_fffb2a5b: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp bl, byte [eax + 0x2488]
+jae short loc_fffb2a8f ; jae 0xfffb2a8f
+mov eax, dword [ebp + 8]
+movzx edi, bl
+mov edx, esi
+mov ecx, edi
+inc ebx
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebp - 0x22c]
+mov ecx, dword [ecx + edi*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp + 8]
+or ecx, 0x40
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffb2a5b ; jmp 0xfffb2a5b
+
+loc_fffb2a8f: ; not directly referenced
+mov ecx, 0xff
+mov edx, esi
+call fcn_fffa7288 ; call 0xfffa7288
+mov edi, eax
+mov eax, dword [ebp - 0x22c]
+mov ebx, dword [eax]
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 3
+jne short loc_fffb2ac0 ; jne 0xfffb2ac0
+and ebx, 0xefffffff
+mov edx, edi
+mov ecx, ebx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffb2ac0: ; not directly referenced
+mov eax, dword [ebp + 8]
+or ebx, 0x1000004
+mov edx, edi
+mov ecx, ebx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov ecx, dword [ebp - 0x238]
+mov edx, esi
+mov eax, dword [ebp + 8]
+shl edx, 0xa
+add edx, 0x4028
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb2aeb: ; not directly referenced
+inc esi
+add dword [ebp - 0x22c], 0xcc
+cmp esi, 2
+jne loc_fffb2a42 ; jne 0xfffb2a42
+imul eax, dword [ebp - 0x234], 0x2e
+mov dword [ebp - 0x22c], 0
+mov dword [ebp - 0x26c], eax
+movzx eax, byte [ebp - 0x230]
+mov dword [ebp - 0x274], eax
+mov eax, dword [ebp + 8]
+add eax, 0x3756
+mov dword [ebp - 0x234], eax
+
+loc_fffb2b31: ; not directly referenced
+mov edi, dword [ebp - 0x22c]
+mov esi, dword [ebp - 0x274]
+mov eax, edi
+bt esi, edi
+jb short loc_fffb2b78 ; jb 0xfffb2b78
+
+loc_fffb2b44: ; not directly referenced
+inc dword [ebp - 0x22c]
+cmp dword [ebp - 0x22c], 4
+jne short loc_fffb2b31 ; jne 0xfffb2b31
+mov eax, dword [ebp + 8]
+mov edi, dword [ebp - 0x264]
+mov dword [ebp - 0x22c], 0
+add eax, 0x3756
+mov dword [ebp - 0x234], eax
+mov esi, eax
+jmp near loc_fffb359d ; jmp 0xfffb359d
+
+loc_fffb2b78: ; not directly referenced
+mov esi, dword [ebp - 0x22c]
+and eax, 1
+mov dword [ebp - 0x23c], 1
+mov dword [ebp - 0x238], 0
+mov byte [ebp - 0x254], 0
+mov ecx, esi
+shl dword [ebp - 0x23c], cl
+mov bl, byte [ebp - 0x23c]
+mov dword [ebp - 0x24c], eax
+mov byte [ebp - 0x230], bl
+mov ebx, esi
+shr bl, 1
+movzx esi, bl
+mov byte [ebp - 0x265], bl
+mov ebx, dword [ebp - 0x234]
+mov dword [ebp - 0x244], esi
+
+loc_fffb2bcf: ; not directly referenced
+mov ecx, dword [ebp - 0x23c]
+mov edx, dword [ebp - 0x238]
+mov eax, dword [ebp + 8]
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0x254], al
+mov al, byte [ebp - 0x230]
+test byte [ebx + 0xc4], al
+je loc_fffb2d28 ; je 0xfffb2d28
+mov eax, dword [ebp - 0x22c]
+mov edx, 0
+mov byte [ebx + eax + 0x1011], 0
+mov eax, dword [ebp + 8]
+movzx eax, byte [eax + 0x36e7]
+cmp al, 1
+cmovbe eax, edx
+cmp dword [ebp - 0x260], 1
+jne short loc_fffb2c47 ; jne 0xfffb2c47
+mov esi, dword [ebp + 8]
+cmp dword [esi + 0x36e3], 1
+jne short loc_fffb2c3d ; jne 0xfffb2c3d
+imul eax, eax, 0x64
+mov ecx, 0x85
+cdq
+idiv ecx
+
+loc_fffb2c3d: ; not directly referenced
+cmp al, 2
+lea edx, [eax - 2]
+mov al, 0
+cmovae eax, edx
+
+loc_fffb2c47: ; not directly referenced
+mov esi, dword [ebp + 8]
+cmp dword [esi + 0x2480], 3
+mov esi, dword [ebp - 0x26c]
+movzx esi, word [ebx + esi + 0xa]
+jne short loc_fffb2c93 ; jne 0xfffb2c93
+mov edi, dword [ebp + 8]
+movzx edx, al
+add esi, esi
+mov ecx, 4
+movzx edi, word [edi + 0x2489]
+add edi, edi
+cmp al, 5
+cmovae ecx, edx
+xor edx, edx
+lea eax, [edi + 0x157b]
+div edi
+mov edi, dword [ebp - 0x240]
+lea edx, [edi + eax + 1]
+add esi, edx
+add esi, ecx
+jmp short loc_fffb2cae ; jmp 0xfffb2cae
+
+loc_fffb2c93: ; not directly referenced
+add esi, esi
+movzx ecx, al
+cmp al, 5
+mov eax, dword [ebp - 0x240]
+mov edx, 4
+cmovae edx, ecx
+lea esi, [eax + esi + 5]
+add esi, edx
+
+loc_fffb2cae: ; not directly referenced
+mov eax, dword [ebp - 0x248]
+mov edi, dword [ebp - 0x22c]
+cmp esi, eax
+cmova esi, eax
+mov eax, dword [ebp - 0x238]
+mov ecx, esi
+shl eax, 0xa
+lea edx, [edi + eax + 0x4024]
+mov eax, dword [ebp + 8]
+call fcn_fffae566 ; call 0xfffae566
+mov eax, esi
+cmp dword [ebp - 0x250], 0
+mov byte [ebx + edi + 0x1015], al
+je short loc_fffb2d28 ; je 0xfffb2d28
+imul edx, dword [ebp - 0x24c], 0x18
+imul eax, dword [ebp - 0x244], 0x128
+mov ecx, dword [ebp - 0x23c]
+add eax, edx
+mov ax, word [ebx + eax + 0x1273]
+push edx
+push edx
+mov edx, dword [ebp - 0x238]
+or ah, 4
+movzx eax, ax
+push eax
+mov eax, dword [ebp + 8]
+push 4
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+
+loc_fffb2d28: ; not directly referenced
+inc dword [ebp - 0x238]
+add ebx, 0x13c3
+cmp dword [ebp - 0x238], 2
+jne loc_fffb2bcf ; jne 0xfffb2bcf
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x36d7]
+cmp eax, 0x320
+je short loc_fffb2d8c ; je 0xfffb2d8c
+cmp eax, 0x42b
+ja short loc_fffb2da0 ; ja 0xfffb2da0
+mov eax, dword [ebp + 8]
+mov esi, 0x198
+cmp dword [eax + 0x2480], 3
+mov eax, 0x158
+cmovne eax, esi
+mov esi, 0x118
+mov word [ebp - 0x23c], ax
+mov eax, 0xd8
+cmovne eax, esi
+mov word [ebp - 0x238], ax
+jmp short loc_fffb2db2 ; jmp 0xfffb2db2
+
+loc_fffb2d8c: ; not directly referenced
+mov word [ebp - 0x23c], 0x158
+mov word [ebp - 0x238], 0xd8
+jmp short loc_fffb2db2 ; jmp 0xfffb2db2
+
+loc_fffb2da0: ; not directly referenced
+mov word [ebp - 0x23c], 0x198
+mov word [ebp - 0x238], 0x118
+
+loc_fffb2db2: ; not directly referenced
+mov eax, dword [ebp - 0x238]
+mov word [ebp - 0x244], ax
+movzx eax, word [ebp - 0x23c]
+sub eax, 8
+mov dword [ebp - 0x270], eax
+
+loc_fffb2dcf: ; not directly referenced
+movzx edi, word [ebp - 0x244]
+xor ebx, ebx
+
+loc_fffb2dd8: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov esi, dword [ebp + 8]
+mov cl, byte [ebp - 0x230]
+test byte [esi + eax + 0x381a], cl
+je short loc_fffb2df4 ; je 0xfffb2df4
+xor esi, esi
+jmp short loc_fffb2e39 ; jmp 0xfffb2e39
+
+loc_fffb2df4: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffb2dd8 ; jne 0xfffb2dd8
+movzx eax, byte [ebp - 0x254]
+xor ecx, ecx
+xor esi, esi
+push edi
+push 0
+push 1
+mov edx, eax
+mov dword [ebp - 0x258], eax
+lea eax, [ebp - 0x217]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb0f94 ; call 0xfffb0f94
+movzx ebx, word [ebp - 0x244]
+add esp, 0x10
+lea eax, [ebx - 8]
+mov dword [ebp - 0x25c], eax
+jmp near loc_fffb2ef0 ; jmp 0xfffb2ef0
+
+loc_fffb2e39: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov eax, esi
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffb2df4 ; jae 0xfffb2df4
+push eax
+mov eax, esi
+mov ecx, dword [ebp - 0x22c]
+push edi
+movzx eax, al
+push 0
+mov edx, ebx
+push eax
+mov eax, dword [ebp + 8]
+inc esi
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+jmp short loc_fffb2e39 ; jmp 0xfffb2e39
+
+loc_fffb2e66: ; not directly referenced
+movzx edi, byte [ebp - 0x24c]
+mov edx, esi
+mov eax, dword [ebp + 8]
+mov ecx, edi
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x238]
+cmp eax, 0x1f
+seta al
+movzx eax, al
+cmp word [ebp - 0x244], cx
+jne loc_fffb2f5a ; jne 0xfffb2f5a
+test eax, eax
+je short loc_fffb2f11 ; je 0xfffb2f11
+lea eax, [esi + esi*8]
+add edi, eax
+mov dword [ebp + edi*4 - 0x180], ebx
+mov dword [ebp + edi*4 - 0x1c8], ebx
+mov dword [ebp + edi*4 - 0xf0], ebx
+mov dword [ebp + edi*4 - 0x138], ebx
+mov dword [ebp + edi*4 - 0x60], ebx
+mov dword [ebp + edi*4 - 0xa8], ebx
+
+loc_fffb2ecf: ; not directly referenced
+inc byte [ebp - 0x24c]
+
+loc_fffb2ed5: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x24c]
+cmp al, byte [edi + 0x2488]
+jb short loc_fffb2e66 ; jb 0xfffb2e66
+
+loc_fffb2ee6: ; not directly referenced
+inc esi
+cmp esi, 2
+je loc_fffb3021 ; je 0xfffb3021
+
+loc_fffb2ef0: ; not directly referenced
+imul eax, esi, 0x13c3
+mov edi, dword [ebp + 8]
+mov cl, byte [ebp - 0x230]
+test byte [edi + eax + 0x381a], cl
+je short loc_fffb2ee6 ; je 0xfffb2ee6
+mov byte [ebp - 0x24c], 0
+jmp short loc_fffb2ed5 ; jmp 0xfffb2ed5
+
+loc_fffb2f11: ; not directly referenced
+lea eax, [esi + esi*8]
+add edi, eax
+mov dword [ebp + edi*4 - 0x180], 0xfffffff8
+mov dword [ebp + edi*4 - 0x1c8], 0xfffffff8
+mov dword [ebp + edi*4 - 0xf0], 0xfffffff8
+mov dword [ebp + edi*4 - 0x138], 0xfffffff8
+mov dword [ebp + edi*4 - 0x60], 0xfffffff8
+mov dword [ebp + edi*4 - 0xa8], 0xfffffff8
+jmp near loc_fffb2ecf ; jmp 0xfffb2ecf
+
+loc_fffb2f5a: ; not directly referenced
+test eax, eax
+je loc_fffb2ecf ; je 0xfffb2ecf
+lea eax, [esi + esi*8]
+mov ecx, dword [ebp - 0x25c]
+add eax, edi
+cmp dword [ebp + eax*4 - 0x180], ecx
+jne short loc_fffb2f7d ; jne 0xfffb2f7d
+mov dword [ebp + eax*4 - 0x180], ebx
+
+loc_fffb2f7d: ; not directly referenced
+lea eax, [esi + esi*8]
+mov ecx, dword [ebp - 0x25c]
+add eax, edi
+cmp dword [ebp + eax*4 - 0xf0], ecx
+mov dword [ebp + eax*4 - 0xf0], ebx
+je short loc_fffb2f9f ; je 0xfffb2f9f
+mov dword [ebp + eax*4 - 0x138], ebx
+
+loc_fffb2f9f: ; not directly referenced
+cmp ebx, dword [ebp - 0x270]
+jl short loc_fffb2fee ; jl 0xfffb2fee
+lea eax, [esi + esi*8]
+movzx edx, word [ebp - 0x238]
+add eax, edi
+mov ecx, dword [ebp + eax*4 - 0x1c8]
+cmp ecx, edx
+jne short loc_fffb2fee ; jne 0xfffb2fee
+mov edx, dword [ebp + eax*4 - 0x180]
+cmp edx, ebx
+je short loc_fffb2fee ; je 0xfffb2fee
+mov edi, ebx
+sub edi, dword [ebp + eax*4 - 0x138]
+mov dword [ebp + eax*4 - 0x60], edx
+sub ecx, edi
+sub ecx, 8
+mov dword [ebp + eax*4 - 0x1c8], ecx
+mov dword [ebp + eax*4 - 0xa8], ecx
+jmp near loc_fffb2ecf ; jmp 0xfffb2ecf
+
+loc_fffb2fee: ; not directly referenced
+lea eax, [esi + esi*8]
+mov ecx, ebx
+add edi, eax
+mov edx, dword [ebp + edi*4 - 0x138]
+mov eax, dword [ebp + edi*4 - 0x60]
+sub eax, dword [ebp + edi*4 - 0xa8]
+sub ecx, edx
+cmp ecx, eax
+jle loc_fffb2ecf ; jle 0xfffb2ecf
+mov dword [ebp + edi*4 - 0xa8], edx
+mov dword [ebp + edi*4 - 0x60], ebx
+jmp near loc_fffb2ecf ; jmp 0xfffb2ecf
+
+loc_fffb3021: ; not directly referenced
+add word [ebp - 0x244], 8
+mov eax, dword [ebp - 0x23c]
+cmp word [ebp - 0x244], ax
+jb loc_fffb2dcf ; jb 0xfffb2dcf
+movzx eax, word [ebp - 0x23c]
+xor edi, edi
+mov ebx, dword [ebp - 0x234]
+mov dword [ebp - 0x254], eax
+imul eax, dword [ebp - 0x22c], 9
+mov dword [ebp - 0x25c], eax
+
+loc_fffb305e: ; not directly referenced
+mov al, byte [ebp - 0x230]
+test byte [ebx + 0xc4], al
+jne short loc_fffb30cf ; jne 0xfffb30cf
+
+loc_fffb306c: ; not directly referenced
+inc edi
+add ebx, 0x13c3
+cmp edi, 2
+jne short loc_fffb305e ; jne 0xfffb305e
+mov eax, dword [ebp + 8]
+mov bl, byte [ebp - 0x265]
+mov word [ebp - 0x220], 0x1ff
+mov word [ebp - 0x21e], 0x1ff
+movzx ecx, byte [eax + 0x2488]
+mov eax, 1
+shl eax, cl
+dec eax
+mov word [ebp - 0x244], ax
+lea eax, [ebx + ebx]
+movzx eax, al
+mov dword [ebp - 0x23c], eax
+inc eax
+mov dword [ebp - 0x238], eax
+movzx eax, bl
+add eax, 0x4028
+mov dword [ebp - 0x25c], eax
+jmp near loc_fffb31e8 ; jmp 0xfffb31e8
+
+loc_fffb30cf: ; not directly referenced
+lea eax, [edi + edi*8]
+mov byte [ebp - 0x238], 0
+mov dword [ebp - 0x24c], eax
+
+loc_fffb30df: ; not directly referenced
+mov esi, dword [ebp + 8]
+mov al, byte [ebp - 0x238]
+cmp al, byte [esi + 0x2488]
+jae loc_fffb306c ; jae 0xfffb306c
+movzx ecx, byte [ebp - 0x238]
+mov eax, dword [ebp - 0x24c]
+add eax, ecx
+mov esi, dword [ebp + eax*4 - 0x60]
+mov eax, dword [ebp + eax*4 - 0xa8]
+mov dword [ebp - 0x23c], esi
+mov dword [ebp - 0x244], eax
+add eax, esi
+mov esi, 2
+cdq
+idiv esi
+mov esi, dword [ebp - 0x23c]
+sub esi, dword [ebp - 0x244]
+cmp eax, dword [ebp - 0x254]
+jle short loc_fffb314e ; jle 0xfffb314e
+mov edx, dword [ebp + 8]
+cmp byte [edx + 0x1965], 0
+je short loc_fffb314e ; je 0xfffb314e
+
+loc_fffb3144: ; not directly referenced
+mov eax, 7
+jmp near loc_fffb3a71 ; jmp 0xfffb3a71
+
+loc_fffb314e: ; not directly referenced
+sub esi, 0x21
+cmp esi, 0x3e
+jbe short loc_fffb3162 ; jbe 0xfffb3162
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x1965], 0
+jne short loc_fffb3144 ; jne 0xfffb3144
+
+loc_fffb3162: ; not directly referenced
+mov esi, dword [ebp - 0x25c]
+lea edx, [ecx + esi + 0xd8]
+mov word [ebx + edx*2 + 1], ax
+mov eax, dword [ebp + 8]
+mov edx, edi
+push esi
+push 0
+push 0xff
+push ecx
+mov ecx, dword [ebp - 0x22c]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+inc byte [ebp - 0x238]
+jmp near loc_fffb30df ; jmp 0xfffb30df
+
+loc_fffb319b: ; not directly referenced
+push ebx
+mov edx, dword [ebp - 0x258]
+xor ecx, ecx
+push 0
+xor ebx, ebx
+push 1
+lea eax, [ebp - 0x217]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb0f94 ; call 0xfffb0f94
+mov esi, dword [ebp - 0x234]
+add esp, 0x10
+
+loc_fffb31c2: ; not directly referenced
+mov al, byte [ebp - 0x230]
+xor edi, edi
+mov word [ebp + ebx*2 - 0x220], 0
+test byte [esi + 0xc4], al
+jne short loc_fffb322d ; jne 0xfffb322d
+
+loc_fffb31dc: ; not directly referenced
+inc ebx
+add esi, 0x13c3
+cmp ebx, 2
+jne short loc_fffb31c2 ; jne 0xfffb31c2
+
+loc_fffb31e8: ; not directly referenced
+cmp word [ebp - 0x220], 0
+je loc_fffb3335 ; je 0xfffb3335
+jmp short loc_fffb319b ; jmp 0xfffb319b
+
+loc_fffb31f8: ; not directly referenced
+mov eax, edi
+mov edx, ebx
+movzx ecx, al
+mov eax, dword [ebp + 8]
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+and eax, 0x1ff
+cmp eax, 0x1f
+jle short loc_fffb322c ; jle 0xfffb322c
+mov eax, 1
+mov ecx, edi
+shl eax, cl
+or word [ebp + ebx*2 - 0x220], ax
+
+loc_fffb322c: ; not directly referenced
+inc edi
+
+loc_fffb322d: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov eax, edi
+cmp al, byte [ecx + 0x2488]
+jb short loc_fffb31f8 ; jb 0xfffb31f8
+mov dx, word [ebp + ebx*2 - 0x220]
+cmp dx, word [ebp - 0x244]
+je short loc_fffb3265 ; je 0xfffb3265
+
+loc_fffb324b: ; not directly referenced
+movzx eax, dx
+xor edi, edi
+mov dword [ebp - 0x24c], eax
+imul eax, dword [ebp - 0x22c], 9
+mov dword [ebp - 0x254], eax
+jmp short loc_fffb32d0 ; jmp 0xfffb32d0
+
+loc_fffb3265: ; not directly referenced
+mov eax, dword [ebp - 0x22c]
+mov al, byte [esi + eax + 0x1011]
+cmp al, 0xd
+ja short loc_fffb324b ; ja 0xfffb324b
+mov edi, dword [ebp - 0x22c]
+add eax, 2
+mov edx, ebx
+shl edx, 0xa
+add edx, dword [ebp - 0x25c]
+mov byte [esi + edi + 0x1011], al
+mov eax, dword [ebp - 0x238]
+movzx ecx, byte [esi + eax + 0x1011]
+mov eax, dword [ebp - 0x23c]
+shl ecx, 4
+add cl, byte [esi + eax + 0x1011]
+mov eax, dword [ebp + 8]
+movzx ecx, cl
+call fcn_fffae566 ; call 0xfffae566
+jmp near loc_fffb31dc ; jmp 0xfffb31dc
+
+loc_fffb32bf: ; not directly referenced
+mov ecx, dword [ebp - 0x24c]
+mov eax, edi
+movzx eax, al
+bt ecx, edi
+jb short loc_fffb32e2 ; jb 0xfffb32e2
+
+loc_fffb32cf: ; not directly referenced
+inc edi
+
+loc_fffb32d0: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov eax, edi
+cmp al, byte [ecx + 0x2488]
+jb short loc_fffb32bf ; jb 0xfffb32bf
+jmp near loc_fffb31dc ; jmp 0xfffb31dc
+
+loc_fffb32e2: ; not directly referenced
+mov ecx, dword [ebp - 0x254]
+lea edx, [eax + ecx]
+lea edx, [esi + edx*2]
+mov cx, word [edx + 0x1b1]
+cmp cx, 0x7f
+jbe short loc_fffb3307 ; jbe 0xfffb3307
+add ecx, 0xffffff80
+mov word [edx + 0x1b1], cx
+jmp short loc_fffb3317 ; jmp 0xfffb3317
+
+loc_fffb3307: ; not directly referenced
+mov ecx, dword [ebp + 8]
+cmp byte [ecx + 0x1965], 0
+jne loc_fffb3144 ; jne 0xfffb3144
+
+loc_fffb3317: ; not directly referenced
+push ecx
+mov ecx, dword [ebp - 0x22c]
+mov edx, ebx
+push 0
+push 0xff
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+jmp short loc_fffb32cf ; jmp 0xfffb32cf
+
+loc_fffb3335: ; not directly referenced
+cmp word [ebp - 0x21e], 0
+jne loc_fffb319b ; jne 0xfffb319b
+mov ebx, dword [ebp - 0x234]
+xor esi, esi
+imul edi, dword [ebp - 0x22c], 9
+
+loc_fffb3352: ; not directly referenced
+mov al, byte [ebp - 0x230]
+test byte [ebx + 0xc4], al
+jne short loc_fffb3397 ; jne 0xfffb3397
+
+loc_fffb3360: ; not directly referenced
+inc esi
+add ebx, 0x13c3
+cmp esi, 2
+jne short loc_fffb3352 ; jne 0xfffb3352
+imul eax, dword [ebp - 0x22c], 9
+mov word [ebp - 0x220], 0
+mov word [ebp - 0x21e], 0
+mov byte [ebp - 0x254], 0x40
+mov dword [ebp - 0x25c], eax
+jmp near loc_fffb3443 ; jmp 0xfffb3443
+
+loc_fffb3397: ; not directly referenced
+mov byte [ebp - 0x238], 0
+
+loc_fffb339e: ; not directly referenced
+mov edx, dword [ebp + 8]
+mov al, byte [ebp - 0x238]
+cmp al, byte [edx + 0x2488]
+jae short loc_fffb3360 ; jae 0xfffb3360
+movzx eax, byte [ebp - 0x238]
+mov ecx, dword [ebp - 0x22c]
+lea edx, [eax + edi]
+add edx, edx
+add word [ebx + edx + 0x1b1], 0x40
+push edx
+mov edx, esi
+push 0
+push 0xff
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+inc byte [ebp - 0x238]
+jmp short loc_fffb339e ; jmp 0xfffb339e
+
+loc_fffb33e8: ; not directly referenced
+mov al, byte [ebp - 0x230]
+test byte [esi + 0xc4], al
+je short loc_fffb3421 ; je 0xfffb3421
+mov byte [ebp - 0x238], 0
+
+loc_fffb33fd: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov al, byte [ebp - 0x238]
+cmp al, byte [ecx + 0x2488]
+jb short loc_fffb3474 ; jb 0xfffb3474
+mov eax, dword [ebp - 0x244]
+cmp word [ebp + ebx*2 - 0x220], ax
+mov al, 0
+cmovne edi, eax
+
+loc_fffb3421: ; not directly referenced
+inc ebx
+add esi, 0x13c3
+cmp ebx, 2
+jne short loc_fffb33e8 ; jne 0xfffb33e8
+mov eax, edi
+test al, al
+jne loc_fffb351e ; jne 0xfffb351e
+dec byte [ebp - 0x254]
+je loc_fffb350e ; je 0xfffb350e
+
+loc_fffb3443: ; not directly referenced
+push eax
+mov edx, dword [ebp - 0x258]
+xor ecx, ecx
+push 0
+xor ebx, ebx
+push 1
+mov edi, 1
+lea eax, [ebp - 0x217]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+mov esi, dword [ebp - 0x234]
+jmp near loc_fffb33e8 ; jmp 0xfffb33e8
+
+loc_fffb3474: ; not directly referenced
+movzx eax, word [ebp + ebx*2 - 0x220]
+mov cl, byte [ebp - 0x238]
+mov word [ebp - 0x24c], ax
+movzx edx, cl
+bt eax, ecx
+mov dword [ebp - 0x23c], edx
+jb short loc_fffb3503 ; jb 0xfffb3503
+mov eax, dword [ebp + 8]
+mov ecx, edx
+mov edx, ebx
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+cmp eax, 0x1f
+jbe short loc_fffb34cf ; jbe 0xfffb34cf
+mov cl, byte [ebp - 0x23c]
+mov eax, 1
+shl eax, cl
+or eax, dword [ebp - 0x24c]
+mov word [ebp + ebx*2 - 0x220], ax
+jmp short loc_fffb3503 ; jmp 0xfffb3503
+
+loc_fffb34cf: ; not directly referenced
+mov ecx, dword [ebp - 0x23c]
+mov edx, dword [ebp - 0x25c]
+mov eax, ecx
+add eax, edx
+mov edx, ebx
+inc word [esi + eax*2 + 0x1b1]
+push eax
+mov eax, dword [ebp + 8]
+push 0
+push 0xff
+push ecx
+mov ecx, dword [ebp - 0x22c]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffb3503: ; not directly referenced
+inc byte [ebp - 0x238]
+jmp near loc_fffb33fd ; jmp 0xfffb33fd
+
+loc_fffb350e: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x1965], 0
+jne loc_fffb3144 ; jne 0xfffb3144
+
+loc_fffb351e: ; not directly referenced
+mov ebx, dword [ebp - 0x234]
+xor esi, esi
+imul edi, dword [ebp - 0x22c], 9
+
+loc_fffb352d: ; not directly referenced
+mov al, byte [ebp - 0x230]
+test byte [ebx + 0xc4], al
+jne short loc_fffb354c ; jne 0xfffb354c
+
+loc_fffb353b: ; not directly referenced
+inc esi
+add ebx, 0x13c3
+cmp esi, 2
+jne short loc_fffb352d ; jne 0xfffb352d
+jmp near loc_fffb2b44 ; jmp 0xfffb2b44
+
+loc_fffb354c: ; not directly referenced
+mov byte [ebp - 0x238], 0
+
+loc_fffb3553: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov al, byte [ebp - 0x238]
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffb353b ; jae 0xfffb353b
+movzx eax, byte [ebp - 0x238]
+lea edx, [eax + edi]
+add edx, edx
+sub word [ebx + edx + 0x1b1], 0x40
+mov edx, esi
+push ecx
+mov ecx, dword [ebp - 0x22c]
+push 0
+push 0xff
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+inc byte [ebp - 0x238]
+jmp short loc_fffb3553 ; jmp 0xfffb3553
+
+loc_fffb359d: ; not directly referenced
+cmp dword [esi], 2
+je short loc_fffb35dc ; je 0xfffb35dc
+
+loc_fffb35a2: ; not directly referenced
+inc dword [ebp - 0x22c]
+add esi, 0x13c3
+add edi, 0xcc
+cmp dword [ebp - 0x22c], 2
+jne short loc_fffb359d ; jne 0xfffb359d
+mov eax, dword [ebp + 8]
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov edi, dword [ebp - 0x234]
+mov dword [ebp - 0x22c], 0
+mov ebx, eax
+jmp near loc_fffb36c5 ; jmp 0xfffb36c5
+
+loc_fffb35dc: ; not directly referenced
+mov edx, dword [ebp - 0x22c]
+mov ecx, 0xff
+mov eax, dword [ebp + 8]
+call fcn_fffa7288 ; call 0xfffa7288
+mov ebx, dword [edi]
+mov dword [ebp - 0x230], eax
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 3
+jne short loc_fffb3616 ; jne 0xfffb3616
+mov edx, dword [ebp - 0x230]
+and ebx, 0xefffffff
+mov ecx, ebx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffb3616: ; not directly referenced
+mov ecx, dword [edi]
+xor ebx, ebx
+mov edx, dword [ebp - 0x230]
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffb3628: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp bl, byte [eax + 0x2488]
+jae short loc_fffb3663 ; jae 0xfffb3663
+movzx eax, bl
+mov edx, dword [ebp - 0x22c]
+inc ebx
+mov ecx, eax
+mov dword [ebp - 0x230], eax
+mov eax, dword [ebp + 8]
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebp - 0x230]
+mov ecx, dword [edi + ecx*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffb3628 ; jmp 0xfffb3628
+
+loc_fffb3663: ; not directly referenced
+cmp dword [ebp - 0x250], 0
+je loc_fffb35a2 ; je 0xfffb35a2
+xor ebx, ebx
+
+loc_fffb3672: ; not directly referenced
+mov eax, 1
+mov cl, bl
+shl eax, cl
+test byte [esi + 0xc4], al
+je short loc_fffb36ba ; je 0xfffb36ba
+push edx
+mov ecx, ebx
+push edx
+mov dl, bl
+shr dl, 1
+and ecx, 1
+movzx edx, dl
+imul ecx, ecx, 0x18
+imul edx, edx, 0x128
+add edx, ecx
+mov ecx, eax
+mov eax, dword [ebp + 8]
+movzx edx, word [esi + edx + 0x1273]
+push edx
+mov edx, dword [ebp - 0x22c]
+push 4
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+
+loc_fffb36ba: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne short loc_fffb3672 ; jne 0xfffb3672
+jmp near loc_fffb35a2 ; jmp 0xfffb35a2
+
+loc_fffb36c5: ; not directly referenced
+cmp dword [edi], 2
+jne loc_fffb3a56 ; jne 0xfffb3a56
+mov eax, dword [ebp + 8]
+mov ebx, dword [eax + 0x2443]
+lea eax, [ebp - 0x210]
+push ecx
+push 0xf000
+push 4
+push eax
+call dword [ebx + 0x60] ; ucall
+add esp, 0xc
+push 0x1000
+push 4
+lea eax, [ebp - 0x208]
+push eax
+call dword [ebx + 0x60] ; ucall
+add esp, 0xc
+push 0
+push 4
+lea eax, [ebp - 0x21b]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0x10
+mov ebx, 2
+cmp dword [edi], 2
+jne loc_fffb3a56 ; jne 0xfffb3a56
+xor ecx, ecx
+mov esi, 0x1000
+mov word [ebp - 0x230], 0xf000
+
+loc_fffb372f: ; not directly referenced
+mov ebx, 0xf
+bt ebx, ecx
+jae loc_fffb37d4 ; jae 0xfffb37d4
+mov edx, 1
+shl edx, cl
+test byte [edi + 0xc4], dl
+je loc_fffb37d4 ; je 0xfffb37d4
+mov ebx, dword [ebp + 8]
+imul edx, ecx, 0x12
+mov bl, byte [ebx + 0x2488]
+mov byte [ebp - 0x234], bl
+lea ebx, [edi + edx]
+xor edx, edx
+mov eax, ebx
+
+loc_fffb3769: ; not directly referenced
+cmp byte [ebp - 0x234], dl
+jbe short loc_fffb37ab ; jbe 0xfffb37ab
+movzx ebx, byte [edi + ecx + 0x1011]
+imul ebx, ebx, 0xffffffc0
+add bx, word [eax + edx*2 + 0x1b1]
+cmp word [ebp + ecx*2 - 0x210], bx
+jge short loc_fffb3796 ; jge 0xfffb3796
+mov word [ebp + ecx*2 - 0x210], bx
+
+loc_fffb3796: ; not directly referenced
+cmp word [ebp + ecx*2 - 0x208], bx
+jle short loc_fffb37a8 ; jle 0xfffb37a8
+mov word [ebp + ecx*2 - 0x208], bx
+
+loc_fffb37a8: ; not directly referenced
+inc edx
+jmp short loc_fffb3769 ; jmp 0xfffb3769
+
+loc_fffb37ab: ; not directly referenced
+mov eax, dword [ebp - 0x230]
+mov dx, word [ebp + ecx*2 - 0x210]
+cmp ax, dx
+cmovge edx, eax
+mov word [ebp - 0x230], dx
+movsx edx, word [ebp + ecx*2 - 0x208]
+cmp si, dx
+cmovg esi, edx
+
+loc_fffb37d4: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne loc_fffb372f ; jne 0xfffb372f
+movsx eax, word [ebp - 0x230]
+mov cl, 2
+xor ebx, ebx
+add eax, esi
+xor esi, esi
+cdq
+idiv ecx
+mov cl, 0x40
+neg eax
+add eax, 0x160
+cdq
+idiv ecx
+mov dword [ebp - 0x240], eax
+mov byte [ebp - 0x23c], al
+cbw
+mov word [ebp - 0x234], ax
+shl word [ebp - 0x234], 6
+
+loc_fffb3819: ; not directly referenced
+mov eax, 0xf
+bt eax, ebx
+jae loc_fffb395c ; jae 0xfffb395c
+mov al, 1
+mov cl, bl
+shl eax, cl
+test byte [edi + 0xc4], al
+je loc_fffb395c ; je 0xfffb395c
+mov al, byte [ebp - 0x23c]
+mov byte [ebp + ebx - 0x21b], al
+mov eax, dword [ebp - 0x234]
+add ax, word [ebp + ebx*2 - 0x208]
+cmp ax, 0x3f
+jg short loc_fffb3874 ; jg 0xfffb3874
+movsx edx, ax
+mov eax, 0x7f
+sub eax, edx
+sar eax, 6
+add eax, dword [ebp - 0x240]
+mov byte [ebp + ebx - 0x21b], al
+
+loc_fffb3874: ; not directly referenced
+mov dl, byte [ebp + ebx - 0x21b]
+movsx ax, dl
+shl eax, 6
+add ax, word [ebp + ebx*2 - 0x210]
+cwde
+cmp eax, 0x1bf
+jle short loc_fffb38a3 ; jle 0xfffb38a3
+sub eax, 0x180
+sar eax, 6
+sub edx, eax
+mov byte [ebp + ebx - 0x21b], dl
+
+loc_fffb38a3: ; not directly referenced
+mov al, byte [ebp + ebx - 0x21b]
+mov ecx, esi
+movsx ecx, cl
+movsx edx, al
+mov byte [ebp - 0x230], al
+mov eax, edx
+sub eax, ecx
+mov cl, byte [ebp - 0x230]
+sub ecx, 0xe
+cmp eax, 0xf
+mov al, byte [ebp - 0x230]
+cmovge esi, ecx
+mov ecx, esi
+movsx ecx, cl
+sub edx, ecx
+test edx, edx
+lea ecx, [eax - 1]
+cmovle esi, ecx
+sub al, byte [edi + ebx + 0x1011]
+mov byte [ebp - 0x230], 0
+cbw
+mov word [ebp - 0x238], ax
+lea eax, [ebx + ebx*8]
+shl word [ebp - 0x238], 6
+mov dword [ebp - 0x244], eax
+
+loc_fffb3908: ; not directly referenced
+mov edx, dword [ebp + 8]
+mov al, byte [ebp - 0x230]
+cmp al, byte [edx + 0x2488]
+jae short loc_fffb395c ; jae 0xfffb395c
+movzx eax, byte [ebp - 0x230]
+mov edx, dword [ebp - 0x244]
+mov ecx, dword [ebp - 0x238]
+add edx, eax
+add edx, edx
+add word [edi + edx + 0x1b1], cx
+mov ecx, ebx
+push edx
+mov edx, dword [ebp - 0x22c]
+push 0
+push 0xff
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+inc byte [ebp - 0x230]
+jmp short loc_fffb3908 ; jmp 0xfffb3908
+
+loc_fffb395c: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne loc_fffb3819 ; jne 0xfffb3819
+mov eax, dword [ebp - 0x22c]
+mov ebx, esi
+shl eax, 0xa
+add eax, 0x4028
+mov dword [ebp - 0x234], eax
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+test bl, bl
+jns short loc_fffb39aa ; jns 0xfffb39aa
+mov edx, eax
+mov ecx, esi
+shr edx, 0x10
+neg ecx
+and edx, 0x3f
+movzx ecx, cl
+cmp edx, ecx
+mov ebx, 7
+mov edx, 0
+cmovge ebx, edx
+jmp short loc_fffb39cb ; jmp 0xfffb39cb
+
+loc_fffb39aa: ; not directly referenced
+je short loc_fffb39c9 ; je 0xfffb39c9
+mov edx, eax
+mov ebx, esi
+shr edx, 0x10
+movsx ecx, bl
+not edx
+xor ebx, ebx
+and edx, 0x3f
+cmp ecx, edx
+mov edx, 7
+cmovg ebx, edx
+jmp short loc_fffb39cb ; jmp 0xfffb39cb
+
+loc_fffb39c9: ; not directly referenced
+xor ebx, ebx
+
+loc_fffb39cb: ; not directly referenced
+mov edx, eax
+and eax, 0xffc00000
+shr edx, 0x10
+add edx, esi
+and edx, 0x3f
+mov ecx, edx
+shl ecx, 0x10
+mov dword [ebp - 0x230], eax
+or dword [ebp - 0x230], ecx
+mov dword [edi + 0x1019], edx
+xor edx, edx
+
+loc_fffb39f3: ; not directly referenced
+mov eax, 0xf
+bt eax, edx
+jae short loc_fffb3a1d ; jae 0xfffb3a1d
+mov al, 1
+mov cl, dl
+shl eax, cl
+test byte [edi + 0xc4], al
+je short loc_fffb3a1d ; je 0xfffb3a1d
+mov cl, byte [ebp + edx - 0x21b]
+mov eax, esi
+sub ecx, eax
+mov byte [edi + edx + 0x1011], cl
+
+loc_fffb3a1d: ; not directly referenced
+mov cl, byte [edi + edx + 0x1011]
+mov eax, ecx
+and eax, 0xf
+lea ecx, [edx*4]
+inc edx
+shl eax, cl
+or eax, dword [ebp - 0x230]
+cmp edx, 4
+je short loc_fffb3a46 ; je 0xfffb3a46
+mov dword [ebp - 0x230], eax
+jmp short loc_fffb39f3 ; jmp 0xfffb39f3
+
+loc_fffb3a46: ; not directly referenced
+mov ecx, eax
+mov edx, dword [ebp - 0x234]
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb3a56: ; not directly referenced
+inc dword [ebp - 0x22c]
+add edi, 0x13c3
+cmp dword [ebp - 0x22c], 2
+jne loc_fffb36c5 ; jne 0xfffb36c5
+mov eax, ebx
+
+loc_fffb3a71: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb3a79: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, ecx
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x50
+mov al, byte [ecx + 0x539]
+push 0
+push 5
+mov bl, al
+mov eax, dword [esi + 0x2443]
+mov byte [ebp - 0x2d], dl
+lea edx, [ebp - 0x1d]
+push edx
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+mov al, 0
+cmp dword [ebp + 0xc], 0
+cmovne ebx, eax
+xor eax, eax
+mov byte [ebp - 0x2e], bl
+
+loc_fffb3ab3: ; not directly referenced
+cmp byte [ebp - 0x2e], al
+jbe short loc_fffb3ad6 ; jbe 0xfffb3ad6
+movzx edx, byte [edi + eax + 0x534]
+xor ecx, ecx
+cmp dl, 5
+ja short loc_fffb3ace ; ja 0xfffb3ace
+movzx ecx, byte [edx + ref_fffd3ec8] ; movzx ecx, byte [edx - 0x2c138]
+
+loc_fffb3ace: ; not directly referenced
+mov byte [ebp + ecx - 0x1d], 1
+inc eax
+jmp short loc_fffb3ab3 ; jmp 0xfffb3ab3
+
+loc_fffb3ad6: ; not directly referenced
+cmp dword [ebp + 8], 0
+jne short loc_fffb3af4 ; jne 0xfffb3af4
+movzx ecx, byte [edi + 8]
+sub esp, 0xc
+xor edx, edx
+push 1
+mov eax, esi
+call fcn_fffa83c9 ; call 0xfffa83c9
+add esp, 0x10
+mov dword [edi + 9], eax
+
+loc_fffb3af4: ; not directly referenced
+lea eax, [esi + 0x3756]
+mov ebx, edi
+mov dword [ebp - 0x34], eax
+movzx eax, byte [ebp - 0x2d]
+mov dword [ebp - 0x2c], 0
+mov dword [ebp - 0x50], eax
+
+loc_fffb3b0d: ; not directly referenced
+mov eax, dword [ebp - 0x34]
+cmp dword [eax], 2
+je short loc_fffb3b30 ; je 0xfffb3b30
+
+loc_fffb3b15: ; not directly referenced
+inc dword [ebp - 0x2c]
+add ebx, 2
+add dword [ebp - 0x34], 0x13c3
+cmp dword [ebp - 0x2c], 2
+jne short loc_fffb3b0d ; jne 0xfffb3b0d
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffb3b30: ; not directly referenced
+mov eax, dword [ebp - 0x50]
+mov ecx, dword [ebp - 0x2c]
+bt eax, ecx
+jae short loc_fffb3b15 ; jae 0xfffb3b15
+mov eax, dword [ebp - 0x34]
+mov byte [ebp - 0x2d], 1
+cmp dword [eax + 0xc0], 1
+jne short loc_fffb3b5a ; jne 0xfffb3b5a
+mov al, byte [ebx + 4]
+mov byte [ebp - 0x2d], 0
+mov byte [ebx], al
+mov al, byte [ebx + 5]
+mov byte [ebx + 1], al
+
+loc_fffb3b5a: ; not directly referenced
+mov eax, dword [esi + 0x1887]
+cmp eax, 0x306d0
+sete dl
+cmp eax, 0x40650
+sete al
+or dl, al
+je short loc_fffb3b83 ; je 0xfffb3b83
+mov byte [ebx], 0
+mov byte [ebx + 1], 0
+mov byte [ebx + 5], 0
+mov byte [ebp - 0x2d], 1
+
+loc_fffb3b83: ; not directly referenced
+mov dl, byte [ebx + 4]
+mov ecx, 3
+push 1
+mov al, dl
+movzx edx, byte [ebx]
+mul byte [ebp - 0x2d]
+shl eax, 4
+add eax, edx
+mov edx, dword [ebp - 0x2c]
+movzx eax, ax
+push eax
+mov eax, esi
+push 7
+push 0
+call fcn_fffafdb2 ; call 0xfffafdb2
+mov dl, byte [ebx + 5]
+mov ecx, 0xc
+mov al, byte [ebp - 0x2d]
+push 1
+mul dl
+movzx edx, byte [ebx + 1]
+shl eax, 4
+add eax, edx
+mov edx, dword [ebp - 0x2c]
+movzx eax, ax
+push eax
+mov eax, esi
+push 7
+push 0
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x20
+cmp byte [ebp - 0x2e], 0
+je loc_fffb3b15 ; je 0xfffb3b15
+imul eax, dword [ebp - 0x2c], 9
+mov byte [ebp - 0x2d], 0
+mov dword [ebp - 0x4c], eax
+mov dword [ebp - 0x48], eax
+
+loc_fffb3bf1: ; not directly referenced
+mov al, byte [ebp - 0x2d]
+cmp al, byte [esi + 0x2488]
+jae loc_fffb3b15 ; jae 0xfffb3b15
+cmp byte [ebp - 0x1d], 0
+je short loc_fffb3c2e ; je 0xfffb3c2e
+movzx eax, byte [ebp - 0x2d]
+mov ecx, dword [ebp - 0x48]
+push 1
+lea edx, [eax + ecx + 0x28]
+mov ecx, 0xf
+movsx edx, word [edi + edx*2 + 7]
+push edx
+mov edx, dword [ebp - 0x2c]
+push 6
+push eax
+mov eax, esi
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x10
+
+loc_fffb3c2e: ; not directly referenced
+cmp byte [ebp - 0x1c], 0
+je short loc_fffb3c5f ; je 0xfffb3c5f
+movzx eax, byte [ebp - 0x2d]
+mov ecx, dword [ebp - 0x48]
+push 1
+lea edx, [eax + ecx + 0xa4]
+mov ecx, 0xf
+movsx edx, word [edi + edx*2 + 7]
+push edx
+mov edx, dword [ebp - 0x2c]
+push 0
+push eax
+mov eax, esi
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x10
+
+loc_fffb3c5f: ; not directly referenced
+movzx eax, byte [ebp - 0x2d]
+mov ecx, dword [ebp - 0x4c]
+mov dword [ebp - 0x40], 0
+mov dword [ebp - 0x44], eax
+lea edx, [eax + ecx]
+lea edx, [edx + edx + 0x33f]
+lea ecx, [edi + edx]
+mov dword [ebp - 0x3c], ecx
+
+loc_fffb3c80: ; not directly referenced
+mov cl, byte [ebp - 0x40]
+mov dword [ebp - 0x38], 1
+shl dword [ebp - 0x38], cl
+mov ecx, dword [ebp - 0x34]
+mov al, byte [ebp - 0x38]
+test byte [ecx + 0xc4], al
+je short loc_fffb3ce7 ; je 0xfffb3ce7
+cmp byte [ebp - 0x1b], 0
+je short loc_fffb3cc3 ; je 0xfffb3cc3
+mov eax, dword [ebp - 0x3c]
+push 1
+mov ecx, dword [ebp - 0x38]
+mov edx, dword [ebp - 0x2c]
+movsx eax, word [eax - 0xf8]
+push eax
+mov eax, esi
+push 5
+push dword [ebp - 0x44]
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x10
+
+loc_fffb3cc3: ; not directly referenced
+cmp byte [ebp - 0x1a], 0
+je short loc_fffb3ce7 ; je 0xfffb3ce7
+mov eax, dword [ebp - 0x3c]
+push 1
+mov ecx, dword [ebp - 0x38]
+mov edx, dword [ebp - 0x2c]
+movsx eax, word [eax]
+push eax
+mov eax, esi
+push 4
+push dword [ebp - 0x44]
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x10
+
+loc_fffb3ce7: ; not directly referenced
+inc dword [ebp - 0x40]
+add dword [ebp - 0x3c], 0x3e
+cmp dword [ebp - 0x40], 4
+jne short loc_fffb3c80 ; jne 0xfffb3c80
+inc byte [ebp - 0x2d]
+jmp near loc_fffb3bf1 ; jmp 0xfffb3bf1
+
+fcn_fffb3cfc: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov al, byte [eax]
+pop ebp
+ret
+
+fcn_fffb3d06:
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov ax, word [eax]
+pop ebp
+ret
+
+fcn_fffb3d11: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffb3d06 ; jmp 0xfffb3d06
+
+fcn_fffb3d20: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+mov word [edx], ax
+pop ebp
+ret
+
+fcn_fffb3d2e: ; not directly referenced
+push ebp
+mov ebp, esp
+movzx eax, word [ebp + 0x18]
+mov dword [ebp + 0xc], eax
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffb3d20 ; jmp 0xfffb3d20
+
+fcn_fffb3d44: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov al, byte [eax]
+pop ebp
+ret
+
+fcn_fffb3d4e:
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov eax, dword [eax]
+pop ebp
+ret
+
+fcn_fffb3d58:
+mov eax, dword [0xff7d0084]
+push ebp
+mov ebp, esp
+mov eax, dword [eax + 0x14]
+add eax, 0xfb020
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+leave
+and eax, 0xffe0
+ret
+
+fcn_fffb3d75: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffb3d4e ; jmp 0xfffb3d4e
+
+fcn_fffb3d84:
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+mov dword [edx], eax
+pop ebp
+ret
+
+fcn_fffb3d91: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x18]
+mov dword [ebp + 0xc], eax
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffb3d84 ; jmp 0xfffb3d84
+
+fcn_fffb3da6: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov edx, dword [ebp + 0x18]
+mov byte [eax], dl
+pop ebp
+ret
+
+fcn_fffb3db3: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+mov byte [edx], al
+pop ebp
+ret
+
+fcn_fffb3dc0: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 4]
+mov eax, dword [eax]
+pop ebp
+ret
+
+fcn_fffb3dcd: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffb3dc0 ; jmp 0xfffb3dc0
+
+fcn_fffb3ddc: ; not directly referenced
+push ebp
+mov ecx, 0xfffff
+mov ebp, esp
+push edi
+mov edi, dword [ebp + 0x18]
+push esi
+mov esi, dword [ebp + 0x1c]
+push ebx
+mov ebx, dword [ebp + 8]
+
+loc_fffb3df0: ; not directly referenced
+mov al, 0xa
+mov edx, 0x70
+out dx, al
+mov dl, 0x71
+in al, dx
+test al, al
+jns short loc_fffb3e04 ; jns 0xfffb3e04
+dec ecx
+jne short loc_fffb3df0 ; jne 0xfffb3df0
+jmp short loc_fffb3e08 ; jmp 0xfffb3e08
+
+loc_fffb3e04: ; not directly referenced
+test ecx, ecx
+jne short loc_fffb3e39 ; jne 0xfffb3e39
+
+loc_fffb3e08: ; not directly referenced
+mov edx, 0x70
+mov al, 0xb
+out dx, al
+mov al, 0x82
+mov dl, 0x71
+out dx, al
+mov al, 0xa
+mov dl, 0x70
+out dx, al
+mov al, 0x26
+mov dl, 0x71
+out dx, al
+mov al, 0xc
+mov dl, 0x70
+out dx, al
+mov dl, 0x71
+in al, dx
+mov al, 0xd
+mov dl, 0x70
+out dx, al
+mov dl, 0x71
+in al, dx
+mov al, 0xb
+mov dl, 0x70
+out dx, al
+mov al, 2
+mov dl, 0x71
+out dx, al
+
+loc_fffb3e39: ; not directly referenced
+mov edx, 0x70
+xor eax, eax
+out dx, al
+mov dl, 0x71
+in al, dx
+mov byte [ebx], al
+mov dl, 0x70
+mov al, 2
+out dx, al
+mov dl, 0x71
+in al, dx
+mov ecx, dword [ebp + 0xc]
+mov dl, 0x70
+mov byte [ecx], al
+mov al, 4
+out dx, al
+mov dl, 0x71
+in al, dx
+mov ecx, dword [ebp + 0x10]
+mov dl, 0x70
+mov byte [ecx], al
+mov al, 7
+out dx, al
+mov dl, 0x71
+in al, dx
+mov ecx, dword [ebp + 0x14]
+mov dl, 0x70
+mov byte [ecx], al
+mov al, 8
+out dx, al
+mov dl, 0x71
+in al, dx
+mov byte [edi], al
+mov dl, 0x70
+mov al, 9
+out dx, al
+mov dl, 0x71
+in al, dx
+movzx eax, al
+mov dl, 0xa
+mov word [esi], ax
+mov cl, byte [ebx]
+mov al, cl
+and ecx, 0xf
+shr al, 4
+imul eax, edx
+add ecx, eax
+mov eax, dword [ebp + 0xc]
+mov byte [ebx], cl
+mov ebx, dword [ebp + 0x14]
+mov cl, byte [eax]
+mov al, cl
+and ecx, 0xf
+shr al, 4
+imul eax, edx
+add ecx, eax
+mov eax, dword [ebp + 0xc]
+mov byte [eax], cl
+mov eax, dword [ebp + 0x10]
+mov cl, byte [eax]
+mov al, cl
+and ecx, 0xf
+shr al, 4
+imul eax, edx
+add ecx, eax
+mov eax, dword [ebp + 0x10]
+mov byte [eax], cl
+mov eax, dword [ebp + 0x14]
+mov cl, byte [eax]
+mov al, cl
+and ecx, 0xf
+shr al, 4
+imul eax, edx
+add eax, ecx
+mov byte [ebx], al
+mov cl, byte [edi]
+mov al, cl
+and ecx, 0xf
+shr al, 4
+imul eax, edx
+add eax, ecx
+mov byte [edi], al
+mov ax, word [esi]
+mov edx, eax
+shr ax, 4
+and edx, 0xf
+and eax, 0xf
+imul eax, eax, 0xa
+lea eax, [edx + eax + 0x7d0]
+mov word [esi], ax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb3f0f: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 8]
+in ax, dx
+pop ebp
+ret
+
+fcn_fffb3f19: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffb3f0f ; jmp 0xfffb3f0f
+
+fcn_fffb3f28: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+out dx, ax
+pop ebp
+ret
+
+fcn_fffb3f35: ; not directly referenced
+push ebp
+mov ebp, esp
+movzx eax, word [ebp + 0x18]
+mov dword [ebp + 0xc], eax
+mov eax, dword [ebp + 0x10]
+mov dword [ebp + 8], eax
+pop ebp
+jmp near fcn_fffb3f28 ; jmp 0xfffb3f28
+
+fcn_fffb3f4b: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov eax, dword [0xff7d0084]
+mov edi, dword [eax + 0x14]
+lea esi, [edi + 0xb0044]
+add edi, 0xb0040
+push esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+push edi
+mov ebx, eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+pop ecx
+pop edi
+mov edx, eax
+shr edx, 0x10
+and edx, 0xf
+cmp dl, 2
+jne short loc_fffb3f89 ; jne 0xfffb3f89
+
+loc_fffb3f85: ; not directly referenced
+xor eax, eax
+jmp short loc_fffb3fe4 ; jmp 0xfffb3fe4
+
+loc_fffb3f89: ; not directly referenced
+movzx eax, ah
+test al, 0xf0
+jne short loc_fffb3f85 ; jne 0xfffb3f85
+lea eax, [ebp - 0x1c]
+xor edi, edi
+push eax
+push 0
+push 0
+push ref_fffd604c ; push 0xfffd604c
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x10
+
+loc_fffb3fa7: ; not directly referenced
+test ebx, 0x10000
+jne short loc_fffb3fd7 ; jne 0xfffb3fd7
+cmp edi, 0x1388
+je short loc_fffb3f85 ; je 0xfffb3f85
+mov eax, dword [ebp - 0x1c]
+inc edi
+push edx
+push 0x3e8
+push eax
+push dword [ebp + 8]
+call dword [eax + 4] ; ucall
+mov dword [esp], esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+mov ebx, eax
+jmp short loc_fffb3fa7 ; jmp 0xfffb3fa7
+
+loc_fffb3fd7: ; not directly referenced
+cmp edi, 0x1388
+je short loc_fffb3f85 ; je 0xfffb3f85
+mov eax, ebx
+and eax, 0x3f
+
+loc_fffb3fe4: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb3fec: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0x5c
+mov edi, dword [edi + 0x5edc]
+mov dword [ebp - 0x3c], eax
+mov eax, edx
+mov dword [ebp - 0x4c], edx
+mov byte [ebp - 0x3e], dl
+mov dword [ebp - 0x58], edi
+mov esi, dword [edi + 0xc]
+mov ebx, dword [edi + 0x10]
+xor edi, edi
+cmp dl, 2
+sete byte [ebp - 0x46]
+test al, 0xfd
+jne short loc_fffb404c ; jne 0xfffb404c
+mov eax, dword [ebp - 0x3c]
+mov edx, 0x3a00
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x3c]
+mov dl, al
+and edx, 0x3f
+cmp dword [ecx + 0x188b], 0
+jne short loc_fffb4041 ; jne 0xfffb4041
+shr eax, 0x1a
+jmp short loc_fffb4044 ; jmp 0xfffb4044
+
+loc_fffb4041: ; not directly referenced
+shr eax, 0x14
+
+loc_fffb4044: ; not directly referenced
+and eax, 0x1f
+mov byte [ebp - 0x3d], al
+jmp short loc_fffb406b ; jmp 0xfffb406b
+
+loc_fffb404c: ; not directly referenced
+mov al, byte [ebp - 0x4c]
+sub eax, 0xa
+cmp al, 1
+ja short loc_fffb4065 ; ja 0xfffb4065
+mov eax, dword [ebp - 0x3c]
+mov edx, 0x3a08
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, eax
+
+loc_fffb4065: ; not directly referenced
+mov byte [ebp - 0x3d], 0
+xor edx, edx
+
+loc_fffb406b: ; not directly referenced
+mov eax, dword [ebp - 0x4c]
+cmp al, 0xb
+ja loc_fffb415f ; ja 0xfffb415f
+jmp dword [eax*4 + ref_fffd3ee0] ; ujmp: jmp dword [eax*4 - 0x2c120]
+
+loc_fffb407d: ; not directly referenced
+shr esi, 0xb
+and esi, 0xf
+mov eax, esi
+mov edi, esi
+or eax, 0xfffffff0
+test esi, 8
+cmovne edi, eax
+mov byte [ebp - 0x3d], dl
+mov byte [ebp - 0x44], 0
+mov byte [ebp - 0x40], 0xf8
+mov byte [ebp - 0x45], 7
+mov byte [ebp - 0x3f], 1
+jmp near loc_fffb4175 ; jmp 0xfffb4175
+
+loc_fffb40ab: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+mov edx, 0x3a04
+shr esi, 0xf
+and esi, 0x1f
+mov edi, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov byte [ebp - 0x44], 0
+mov byte [ebp - 0x40], 0xf0
+mov byte [ebp - 0x45], 0xf
+and eax, 0x3f
+mov byte [ebp - 0x3d], al
+mov eax, esi
+or eax, 0xffffffe0
+test esi, 0x10
+cmovne edi, eax
+jmp near loc_fffb4171 ; jmp 0xfffb4171
+
+loc_fffb40e5: ; not directly referenced
+mov eax, ebx
+mov edi, ebx
+shr eax, 4
+and edi, 0xf
+and eax, 1
+mov byte [ebp - 0x44], al
+mov byte [ebp - 0x40], 4
+mov byte [ebp - 0x45], 0xf
+mov byte [ebp - 0x3f], 5
+jmp short loc_fffb4175 ; jmp 0xfffb4175
+
+loc_fffb4103: ; not directly referenced
+shr edi, 0xc
+mov eax, edi
+shr esi, 0x14
+and eax, 0x3f
+and esi, 0xf
+mov byte [ebp - 0x3d], al
+mov eax, esi
+or eax, 0xfffffff0
+test esi, 8
+cmovne esi, eax
+mov edi, esi
+mov byte [ebp - 0x44], 0
+mov byte [ebp - 0x40], 0xf8
+mov byte [ebp - 0x45], 7
+mov byte [ebp - 0x3f], 2
+jmp short loc_fffb4175 ; jmp 0xfffb4175
+
+loc_fffb4136: ; not directly referenced
+mov eax, edi
+and eax, 0x3f
+mov byte [ebp - 0x3d], al
+mov eax, ebx
+shr eax, 9
+shr ebx, 5
+and eax, 1
+mov edi, ebx
+mov byte [ebp - 0x44], al
+and edi, 0xf
+mov byte [ebp - 0x40], 4
+mov byte [ebp - 0x45], 0xf
+mov byte [ebp - 0x3f], 6
+jmp short loc_fffb4175 ; jmp 0xfffb4175
+
+loc_fffb415f: ; not directly referenced
+mov byte [ebp - 0x44], 0
+xor edi, edi
+mov byte [ebp - 0x40], 0
+mov byte [ebp - 0x45], 0
+mov byte [ebp - 0x3d], 0
+
+loc_fffb4171: ; not directly referenced
+mov byte [ebp - 0x3f], 0
+
+loc_fffb4175: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+xor ebx, ebx
+xor esi, esi
+mov ecx, dword [ebp - 0x58]
+mov byte [ebp - 0x47], 0
+mov word [ebp - 0x58], 0
+add eax, 0x3756
+mov dword [ebp - 0x54], eax
+lea eax, [ebp - 0x2a]
+add ecx, 0x1c
+mov dword [ebp - 0x50], eax
+mov al, byte [ebp - 0x3e]
+sub eax, 0xa
+mov byte [ebp - 0x5e], al
+
+loc_fffb41a3: ; not directly referenced
+mov eax, dword [ebp - 0x54]
+cmp dword [eax], 2
+jne loc_fffb4269 ; jne 0xfffb4269
+mov eax, dword [ebp - 0x3c]
+mov edx, dword [ecx + 0x4c]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x5d], al
+mov eax, edx
+shr eax, 9
+and eax, 0xf
+mov byte [ebp - 0x5c], al
+mov al, dl
+xor edx, edx
+and eax, 0x1f
+mov byte [ebp - 0x48], al
+
+loc_fffb41d3: ; not directly referenced
+cmp byte [ebp - 0x5d], dl
+jbe loc_fffb4266 ; jbe 0xfffb4266
+cmp byte [ebp - 0x3e], 0
+mov eax, dword [ecx + edx*4 + 0x78]
+jne short loc_fffb41ef ; jne 0xfffb41ef
+mov esi, eax
+mov bl, 6
+and esi, 0x3f
+jmp short loc_fffb4229 ; jmp 0xfffb4229
+
+loc_fffb41ef: ; not directly referenced
+cmp byte [ebp - 0x3e], 1
+jne short loc_fffb41ff ; jne 0xfffb41ff
+shr eax, 0xc
+mov esi, eax
+and esi, 0x1f
+jmp short loc_fffb420a ; jmp 0xfffb420a
+
+loc_fffb41ff: ; not directly referenced
+cmp byte [ebp - 0x46], 0
+je short loc_fffb420e ; je 0xfffb420e
+shr eax, 0x1b
+mov esi, eax
+
+loc_fffb420a: ; not directly referenced
+mov bl, 5
+jmp short loc_fffb4229 ; jmp 0xfffb4229
+
+loc_fffb420e: ; not directly referenced
+mov al, byte [ebp - 0x3e]
+cmp al, 0xa
+je short loc_fffb4224 ; je 0xfffb4224
+cmp al, 0xb
+mov al, byte [ebp - 0x48]
+cmove esi, eax
+mov al, 5
+cmove ebx, eax
+jmp short loc_fffb4229 ; jmp 0xfffb4229
+
+loc_fffb4224: ; not directly referenced
+mov esi, dword [ebp - 0x5c]
+mov bl, 4
+
+loc_fffb4229: ; not directly referenced
+push eax
+movzx eax, bl
+push 8
+push eax
+mov eax, esi
+movzx eax, al
+push eax
+mov dword [ebp - 0x68], edx
+mov dword [ebp - 0x64], ecx
+call fcn_fffac7e7 ; call 0xfffac7e7
+mov edx, dword [ebp - 0x68]
+add esp, 0x10
+movsx cx, al
+add word [ebp - 0x58], cx
+mov ecx, dword [ebp - 0x50]
+add al, byte [ebp - 0x3d]
+mov byte [ecx + edx], al
+inc edx
+mov ecx, dword [ebp - 0x64]
+cmp byte [ebp - 0x5e], 2
+ja loc_fffb41d3 ; ja 0xfffb41d3
+
+loc_fffb4266: ; not directly referenced
+inc byte [ebp - 0x47]
+
+loc_fffb4269: ; not directly referenced
+add dword [ebp - 0x50], 9
+add ecx, 0xcc
+add dword [ebp - 0x54], 0x13c3
+lea eax, [ebp - 0x18]
+cmp dword [ebp - 0x50], eax
+jne loc_fffb41a3 ; jne 0xfffb41a3
+movsx ebx, word [ebp - 0x58]
+movzx ecx, byte [ebp - 0x47]
+mov eax, ebx
+sar ax, 0xf
+or eax, 1
+cmp byte [ebp - 0x4c], 2
+mov byte [ebp - 0x54], al
+movsx eax, al
+mov dword [ebp - 0x50], ebx
+ja short loc_fffb42c6 ; ja 0xfffb42c6
+mov esi, dword [ebp - 0x3c]
+imul eax, ecx
+mov ebx, 2
+movzx esi, byte [esi + 0x2488]
+imul eax, esi
+imul ecx, esi
+cdq
+idiv ebx
+add eax, dword [ebp - 0x50]
+jmp short loc_fffb42d4 ; jmp 0xfffb42d4
+
+loc_fffb42c6: ; not directly referenced
+imul eax, ecx
+mov esi, 2
+cdq
+idiv esi
+add eax, dword [ebp - 0x50]
+
+loc_fffb42d4: ; not directly referenced
+cdq
+idiv ecx
+test ax, ax
+jne short loc_fffb42e5 ; jne 0xfffb42e5
+movzx eax, byte [ebp - 0x3d]
+jmp near loc_fffb447c ; jmp 0xfffb447c
+
+loc_fffb42e5: ; not directly referenced
+movsx eax, al
+cdq
+mov ecx, edx
+xor ecx, eax
+sub ecx, edx
+cmp byte [ebp - 0x4c], 0xb
+mov byte [ebp - 0x47], cl
+sete dl
+or dl, byte [ebp - 0x46]
+mov byte [ebp - 0x58], dl
+je short loc_fffb4304 ; je 0xfffb4304
+neg byte [ebp - 0x54]
+
+loc_fffb4304: ; not directly referenced
+mov bl, byte [ebp - 0x54]
+mov dl, byte [ebp - 0x3d]
+mov esi, dword [ebp - 0x44]
+mov byte [ebp - 0x46], cl
+add ebx, edi
+movzx ecx, dl
+mov byte [ebp - 0x50], bl
+add eax, ecx
+mov ebx, edi
+mov byte [ebp - 0x4c], bl
+mov dword [ebp - 0x5c], eax
+
+loc_fffb4322: ; not directly referenced
+mov al, byte [ebp - 0x50]
+mov bl, 1
+mov byte [ebp - 0x3d], al
+lea eax, [edx - 3]
+cmp al, 0x39
+ja short loc_fffb4344 ; ja 0xfffb4344
+mov al, byte [ebp - 0x45]
+mov cl, byte [ebp - 0x50]
+cmp cl, al
+setg bl
+cmp byte [ebp - 0x40], cl
+setg al
+or ebx, eax
+
+loc_fffb4344: ; not directly referenced
+cmp byte [ebp - 0x58], 0
+je short loc_fffb435f ; je 0xfffb435f
+mov cl, byte [ebp - 0x50]
+mov al, 0
+cmp cl, 0x10
+cmovge esi, eax
+mov eax, esi
+shl eax, 4
+add eax, ecx
+mov byte [ebp - 0x3d], al
+
+loc_fffb435f: ; not directly referenced
+test bl, bl
+jne short loc_fffb43a8 ; jne 0xfffb43a8
+movsx ecx, byte [ebp - 0x3d]
+sub esp, 0xc
+movzx edx, byte [ebp - 0x3f]
+mov eax, dword [ebp - 0x3c]
+push 0
+call fcn_fffa83c9 ; call 0xfffa83c9
+mov ecx, dword [ebp - 0x5c]
+add esp, 0x10
+mov dl, al
+movzx eax, al
+sub ecx, eax
+mov eax, ecx
+sar ecx, 0x1f
+xor eax, ecx
+sub eax, ecx
+cmp al, byte [ebp - 0x47]
+jae short loc_fffb43a8 ; jae 0xfffb43a8
+cmp al, byte [ebp - 0x46]
+jae short loc_fffb43aa ; jae 0xfffb43aa
+mov cl, byte [ebp - 0x3d]
+test al, al
+sete bl
+mov byte [ebp - 0x46], al
+mov byte [ebp - 0x4c], cl
+jmp short loc_fffb43aa ; jmp 0xfffb43aa
+
+loc_fffb43a8: ; not directly referenced
+mov bl, 1
+
+loc_fffb43aa: ; not directly referenced
+mov al, byte [ebp - 0x54]
+add byte [ebp - 0x50], al
+test bl, bl
+je loc_fffb4322 ; je 0xfffb4322
+mov bl, byte [ebp - 0x4c]
+mov eax, edi
+movzx edx, byte [ebp - 0x3f]
+cmp bl, al
+je loc_fffb4452 ; je 0xfffb4452
+mov eax, dword [ebp - 0x3c]
+sub esp, 0xc
+movzx ecx, bl
+push 1
+xor ebx, ebx
+call fcn_fffa83c9 ; call 0xfffa83c9
+movzx esi, byte [ebp - 0x3e]
+add esp, 0x10
+mov byte [ebp - 0x3f], al
+movzx edi, al
+
+loc_fffb43e8: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edx, dword [ebp - 0x3c]
+cmp dword [edx + eax + 0x3756], 2
+je short loc_fffb4403 ; je 0xfffb4403
+
+loc_fffb43fb: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffb43e8 ; jne 0xfffb43e8
+jmp short loc_fffb4478 ; jmp 0xfffb4478
+
+loc_fffb4403: ; not directly referenced
+lea eax, [ebx + ebx*8]
+lea edx, [ebp - 0x18]
+add eax, edx
+mov byte [ebp - 0x3d], 0
+mov dword [ebp - 0x44], eax
+
+loc_fffb4412: ; not directly referenced
+mov edx, dword [ebp - 0x3c]
+mov al, byte [ebp - 0x3d]
+cmp al, byte [edx + 0x2488]
+jae short loc_fffb43fb ; jae 0xfffb43fb
+movzx edx, byte [ebp - 0x3d]
+xor ecx, ecx
+mov eax, dword [ebp - 0x44]
+push 1
+movzx eax, byte [edx + eax - 0x12]
+sub eax, edi
+cwde
+push eax
+mov eax, dword [ebp - 0x3c]
+push esi
+push edx
+mov edx, ebx
+call fcn_fffafdb2 ; call 0xfffafdb2
+mov al, byte [ebp - 0x3e]
+add esp, 0x10
+sub eax, 0xa
+cmp al, 2
+jbe short loc_fffb43fb ; jbe 0xfffb43fb
+inc byte [ebp - 0x3d]
+jmp short loc_fffb4412 ; jmp 0xfffb4412
+
+loc_fffb4452: ; not directly referenced
+cmp byte [ebp - 0x58], 0
+je short loc_fffb4461 ; je 0xfffb4461
+mov al, byte [ebp - 0x44]
+shl eax, 4
+add byte [ebp - 0x4c], al
+
+loc_fffb4461: ; not directly referenced
+movzx ecx, byte [ebp - 0x4c]
+sub esp, 0xc
+mov eax, dword [ebp - 0x3c]
+push 1
+call fcn_fffa83c9 ; call 0xfffa83c9
+add esp, 0x10
+mov byte [ebp - 0x3f], al
+
+loc_fffb4478: ; not directly referenced
+movzx eax, byte [ebp - 0x3f]
+
+loc_fffb447c: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb4484: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 8]
+mov byte [ebp - 0x1b], 0
+lea esi, [ebp - 0x1b]
+mov byte [ebp - 0x1a], 1
+lea edi, [ebp - 0x18]
+mov byte [ebp - 0x19], 2
+
+loc_fffb44a2: ; not directly referenced
+movzx edx, byte [esi]
+mov eax, ebx
+inc esi
+call fcn_fffb3fec ; call 0xfffb3fec
+cmp esi, edi
+jne short loc_fffb44a2 ; jne 0xfffb44a2
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffb44d2 ; jne 0xfffb44d2
+mov edx, 0xa
+mov eax, ebx
+call fcn_fffb3fec ; call 0xfffb3fec
+mov edx, 0xb
+mov eax, ebx
+call fcn_fffb3fec ; call 0xfffb3fec
+
+loc_fffb44d2: ; not directly referenced
+add esp, 0x1c
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb44dc: ; not directly referenced
+push ebp
+mov ecx, 2
+mov ebp, esp
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 0xc]
+push dword [ebp + 0x10]
+mov edx, dword [ebp + 8]
+lea eax, [ebp - 0xa]
+mov word [ebp - 0xa], bx
+push eax
+mov eax, 7
+call fcn_fffab430 ; call 0xfffab430
+mov eax, ebx
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffb450a: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+mov ebx, edx
+sub esp, 0x2c
+test ebx, ebx
+setne al
+cmp cx, 0x1ff
+setbe bl
+mov dword [ebp - 0x2c], edx
+mov edx, dword [ebp + 8]
+mov word [ebp - 0x2e], cx
+mov dword [ebp - 0x1c], 0x80000007
+test al, bl
+je loc_fffb45de ; je 0xfffb45de
+mov edi, edx
+movzx edx, dx
+add edx, ecx
+cmp edx, 0x1ff
+jg loc_fffb45de ; jg 0xfffb45de
+mov eax, dword [ebp - 0x2c]
+add edi, eax
+mov ebx, eax
+mov eax, esi
+movzx eax, al
+mov word [ebp - 0x30], di
+mov dword [ebp - 0x34], eax
+
+loc_fffb4563: ; not directly referenced
+cmp word [ebp - 0x30], bx
+je short loc_fffb45d7 ; je 0xfffb45d7
+mov ecx, dword [ebp + 0xc]
+mov dx, word [ebp - 0x2e]
+sub edx, dword [ebp - 0x2c]
+movzx ecx, byte [ecx]
+add edx, ebx
+mov eax, edx
+shr ax, 8
+cmp ax, cx
+je short loc_fffb458c ; je 0xfffb458c
+mov edi, dword [ebp + 0xc]
+mov byte [edi], al
+mov al, 1
+jmp short loc_fffb458e ; jmp 0xfffb458e
+
+loc_fffb458c: ; not directly referenced
+xor eax, eax
+
+loc_fffb458e: ; not directly referenced
+dec al
+movzx esi, dl
+jne short loc_fffb45b3 ; jne 0xfffb45b3
+mov eax, dword [ebp + 0xc]
+cmp byte [eax], 1
+push edx
+lea edx, [ebp - 0x1c]
+sbb eax, eax
+push edx
+and eax, 0xfffffffe
+push 0
+add eax, 0x6e
+push eax
+call fcn_fffab4b3 ; call 0xfffab4b3
+add esp, 0x10
+
+loc_fffb45b3: ; not directly referenced
+shl esi, 8
+mov edi, ebx
+push eax
+inc ebx
+or esi, dword [ebp - 0x34]
+push eax
+lea eax, [ebp - 0x1c]
+push eax
+push esi
+call fcn_fffab48f ; call 0xfffab48f
+add esp, 0x10
+mov byte [ebx - 1], al
+cmp dword [ebp - 0x1c], 0
+je short loc_fffb4563 ; je 0xfffb4563
+mov byte [edi], 0
+
+loc_fffb45d7: ; not directly referenced
+mov dword [ebp - 0x1c], 0
+
+loc_fffb45de: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb45e9: ; not directly referenced
+push ebp
+mov ecx, 2
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x34
+mov esi, dword [ebp + 0x10]
+movzx eax, byte [ebp + 0xc]
+lea edi, [ebp - 0x19]
+push edi
+push 1
+lea edx, [esi + 2]
+mov byte [ebp - 0x19], 0xff
+mov dword [ebp - 0x30], eax
+call fcn_fffb450a ; call 0xfffb450a
+add esp, 0x10
+mov esi, eax
+test eax, eax
+jne short loc_fffb467d ; jne 0xfffb467d
+mov eax, dword [ebp + 0x18]
+xor edx, edx
+mov ecx, dword [ebp + 8]
+mov dword [ebp - 0x2c], 1
+mov ebx, dword [ebp + 0x14]
+shl dword [ebp - 0x2c], cl
+mov ecx, 5
+div ecx
+lea eax, [eax + eax*4]
+add eax, ebx
+mov dword [ebp - 0x34], eax
+
+loc_fffb4640: ; not directly referenced
+cmp ebx, dword [ebp - 0x34]
+je short loc_fffb467d ; je 0xfffb467d
+movzx eax, byte [ebx + 4]
+test dword [ebp - 0x2c], eax
+je short loc_fffb4678 ; je 0xfffb4678
+push eax
+mov edx, dword [ebp + 0x10]
+push eax
+movzx ecx, word [ebx]
+push edi
+mov ax, word [ebx + 2]
+add edx, ecx
+inc eax
+sub ax, word [ebx]
+movzx eax, ax
+push eax
+mov eax, dword [ebp - 0x30]
+call fcn_fffb450a ; call 0xfffb450a
+add esp, 0x10
+test eax, eax
+je short loc_fffb4678 ; je 0xfffb4678
+mov esi, eax
+jmp short loc_fffb467d ; jmp 0xfffb467d
+
+loc_fffb4678: ; not directly referenced
+add ebx, 5
+jmp short loc_fffb4640 ; jmp 0xfffb4640
+
+loc_fffb467d: ; not directly referenced
+test esi, esi
+sete al
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb468a:
+mov eax, dword [0xff7d0084]
+push ebp
+mov ebp, esp
+push ebx
+mov eax, dword [eax + 0x14]
+add eax, 0xf8002
+push eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+mov ecx, eax
+mov edx, eax
+and cl, 0x7d
+pop eax
+mov eax, 1
+cmp cx, 0x8c44
+je loc_fffb47e4 ; je 0xfffb47e4
+cmp dx, 0x8c4c
+sete bl
+cmp dx, 0x8c4a
+sete cl
+or bl, cl
+jne loc_fffb47e4 ; jne 0xfffb47e4
+cmp dx, 0x8c50
+sete bl
+cmp dx, 0x8c4e
+sete cl
+or bl, cl
+jne loc_fffb47e4 ; jne 0xfffb47e4
+cmp dx, 0x8c42
+sete bl
+cmp dx, 0x8c5c
+sete cl
+or bl, cl
+jne loc_fffb47e4 ; jne 0xfffb47e4
+cmp dx, 0x8c4f
+sete bl
+cmp dx, 0x8c49
+sete cl
+or bl, cl
+jne loc_fffb47e4 ; jne 0xfffb47e4
+cmp dx, 0x8c41
+sete bl
+cmp dx, 0x8c4b
+sete cl
+or bl, cl
+jne loc_fffb47e4 ; jne 0xfffb47e4
+cmp dx, 0x8c58
+je loc_fffb47e4 ; je 0xfffb47e4
+cmp dx, 0x8c54
+sete bl
+cmp dx, 0x8c52
+sete cl
+or bl, cl
+jne loc_fffb47e4 ; jne 0xfffb47e4
+cmp dx, 0x8c56
+je loc_fffb47e4 ; je 0xfffb47e4
+lea ecx, [edx + 0x63bf]
+cmp cx, 6
+jbe short loc_fffb47e4 ; jbe 0xfffb47e4
+cmp dx, 0x8cc5
+sete bl
+cmp dx, 0x8cc3
+sete cl
+or bl, cl
+jne short loc_fffb47e4 ; jne 0xfffb47e4
+lea ecx, [edx + 0x733f]
+cmp cx, 1
+jbe short loc_fffb47e4 ; jbe 0xfffb47e4
+lea eax, [edx + 0x633f]
+cmp ax, 2
+mov eax, 2
+setbe bl
+cmp dx, 0x9cc5
+sete cl
+or bl, cl
+jne short loc_fffb47e4 ; jne 0xfffb47e4
+lea ecx, [edx + 0x633a]
+cmp cx, 1
+setbe bl
+cmp dx, 0x9cc9
+sete cl
+or bl, cl
+jne short loc_fffb47e4 ; jne 0xfffb47e4
+cmp dx, 0x9cc8
+sete bl
+cmp dx, 0x9cc4
+sete cl
+or bl, cl
+jne short loc_fffb47e4 ; jne 0xfffb47e4
+add dx, 0x6336
+cmp dx, 2
+sbb eax, eax
+add eax, 3
+
+loc_fffb47e4:
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffb47e9:
+push ebp
+mov ebp, esp
+push esi
+mov esi, dword [ebp + 8]
+push ebx
+mov ebx, dword [ebp + 0xc]
+call fcn_fffb3d58 ; call 0xfffb3d58
+mov ecx, esi
+movzx esi, cl
+lea edx, [eax + esi]
+mov al, bl
+out dx, al
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffb4808: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+mov ebx, dword [ebp + 8]
+call fcn_fffb3d58 ; call 0xfffb3d58
+movzx ebx, bl
+lea edx, [eax + ebx]
+in al, dx
+pop ebx
+pop ebp
+ret
+
+fcn_fffb481e:
+mov eax, dword [0xff7d0084]
+push ebp
+mov ebp, esp
+push ebx
+mov eax, dword [eax + 0x14]
+add eax, 0xf8002
+push eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+mov ecx, eax
+mov edx, eax
+and cl, 0x7d
+pop eax
+mov eax, 1
+cmp cx, 0x8c44
+je loc_fffb497f ; je 0xfffb497f
+cmp dx, 0x8c4c
+sete bl
+cmp dx, 0x8c4a
+sete cl
+or bl, cl
+jne loc_fffb497f ; jne 0xfffb497f
+cmp dx, 0x8c50
+sete bl
+cmp dx, 0x8c4e
+sete cl
+or bl, cl
+jne loc_fffb497f ; jne 0xfffb497f
+cmp dx, 0x8c42
+sete bl
+cmp dx, 0x8c5c
+sete cl
+or bl, cl
+jne loc_fffb497f ; jne 0xfffb497f
+cmp dx, 0x8c4f
+sete bl
+cmp dx, 0x8c49
+sete cl
+or bl, cl
+jne loc_fffb497f ; jne 0xfffb497f
+cmp dx, 0x8c41
+sete bl
+cmp dx, 0x8c4b
+sete cl
+or bl, cl
+jne loc_fffb497f ; jne 0xfffb497f
+cmp dx, 0x8c58
+je loc_fffb497f ; je 0xfffb497f
+cmp dx, 0x8c54
+sete bl
+cmp dx, 0x8c52
+sete cl
+or bl, cl
+jne loc_fffb497f ; jne 0xfffb497f
+cmp dx, 0x8c56
+je loc_fffb497f ; je 0xfffb497f
+cmp dx, 0x8cc5
+sete bl
+cmp dx, 0x8cc3
+sete cl
+or bl, cl
+jne short loc_fffb497f ; jne 0xfffb497f
+lea eax, [edx + 0x733f]
+cmp ax, 1
+jbe short loc_fffb497a ; jbe 0xfffb497a
+lea ecx, [edx + 0x63bf]
+mov eax, 2
+cmp cx, 6
+jbe short loc_fffb497f ; jbe 0xfffb497f
+lea ecx, [edx + 0x633f]
+cmp cx, 2
+setbe bl
+cmp dx, 0x9cc5
+sete cl
+or bl, cl
+jne short loc_fffb497f ; jne 0xfffb497f
+lea ecx, [edx + 0x633a]
+cmp cx, 1
+setbe bl
+cmp dx, 0x9cc9
+sete cl
+or bl, cl
+jne short loc_fffb497f ; jne 0xfffb497f
+cmp dx, 0x9cc8
+sete bl
+cmp dx, 0x9cc4
+sete cl
+or bl, cl
+jne short loc_fffb497f ; jne 0xfffb497f
+add dx, 0x6336
+cmp dx, 2
+sbb eax, eax
+add eax, 3
+jmp short loc_fffb497f ; jmp 0xfffb497f
+
+loc_fffb497a:
+mov eax, 1
+
+loc_fffb497f:
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffb4984:
+push ebp
+mov ebp, esp
+call fcn_fffb481e ; call 0xfffb481e
+cmp eax, 1
+je short loc_fffb499d ; je 0xfffb499d
+xor edx, edx
+cmp eax, 2
+mov al, 6
+cmove edx, eax
+jmp short loc_fffb499f ; jmp 0xfffb499f
+
+loc_fffb499d:
+mov dl, 8
+
+loc_fffb499f:
+mov al, dl
+pop ebp
+ret
+
+fcn_fffb49a3: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov eax, dword [0xff7d0084]
+mov eax, dword [eax + 0x14]
+add eax, 0xf8040
+push eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+mov esi, eax
+and esi, 0xfffc
+push eax
+add esi, 8
+push eax
+push esi
+call fcn_fffaafc2 ; call 0xfffaafc2
+mov ecx, 0x64
+xor edx, edx
+add esp, 0x10
+mov ebx, eax
+imul eax, dword [ebp + 8], 0x166
+and ebx, 0xffffff
+div ecx
+lea edi, [ebx + eax + 1]
+mov ecx, edi
+and edi, 0xffffff
+shr ecx, 0x18
+
+loc_fffb49fc: ; not directly referenced
+test ecx, ecx
+setne dl
+cmp edi, ebx
+seta al
+or al, dl
+je short loc_fffb4a34 ; je 0xfffb4a34
+sub esp, 0xc
+push esi
+mov dword [ebp - 0x20], edx
+mov dword [ebp - 0x1c], ecx
+call fcn_fffaafc2 ; call 0xfffaafc2
+add esp, 0x10
+mov ecx, dword [ebp - 0x1c]
+mov edx, dword [ebp - 0x20]
+and eax, 0xffffff
+cmp eax, ebx
+jae short loc_fffb4a30 ; jae 0xfffb4a30
+test dl, dl
+je short loc_fffb4a34 ; je 0xfffb4a34
+dec ecx
+
+loc_fffb4a30: ; not directly referenced
+mov ebx, eax
+jmp short loc_fffb49fc ; jmp 0xfffb49fc
+
+loc_fffb4a34: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb4a3c: ; not directly referenced
+push ebp
+mov ebp, esp
+sub esp, 8
+mov eax, dword [ebp + 0x10]
+test eax, eax
+je short loc_fffb4a55 ; je 0xfffb4a55
+sub esp, 0xc
+push eax
+call fcn_fffb49a3 ; call 0xfffb49a3
+add esp, 0x10
+
+loc_fffb4a55: ; not directly referenced
+xor eax, eax
+leave
+ret
+
+fcn_fffb4a59: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, 1
+sub esp, 0x38
+mov eax, dword [ebp + 8]
+lea esi, [eax - 8]
+mov edi, dword [esi + 0x10]
+lea eax, [edi + 2]
+push eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+add esp, 0x10
+mov edx, eax
+and dl, 0x7d
+cmp dx, 0x8c44
+je loc_fffb4ba6 ; je 0xfffb4ba6
+cmp ax, 0x8c4c
+sete cl
+cmp ax, 0x8c4a
+sete dl
+or cl, dl
+jne loc_fffb4ba6 ; jne 0xfffb4ba6
+cmp ax, 0x8c50
+sete cl
+cmp ax, 0x8c4e
+sete dl
+or cl, dl
+jne loc_fffb4ba6 ; jne 0xfffb4ba6
+cmp ax, 0x8c42
+sete cl
+cmp ax, 0x8c5c
+sete dl
+or cl, dl
+jne loc_fffb4ba6 ; jne 0xfffb4ba6
+cmp ax, 0x8c4f
+sete cl
+cmp ax, 0x8c49
+sete dl
+or cl, dl
+jne loc_fffb4ba6 ; jne 0xfffb4ba6
+cmp ax, 0x8c41
+sete cl
+cmp ax, 0x8c4b
+sete dl
+or cl, dl
+jne loc_fffb4ba6 ; jne 0xfffb4ba6
+cmp ax, 0x8c58
+je loc_fffb4ba6 ; je 0xfffb4ba6
+cmp ax, 0x8c54
+sete cl
+cmp ax, 0x8c52
+sete dl
+or cl, dl
+jne loc_fffb4ba6 ; jne 0xfffb4ba6
+cmp ax, 0x8c56
+je loc_fffb4ba6 ; je 0xfffb4ba6
+cmp ax, 0x8cc5
+sete cl
+cmp ax, 0x8cc3
+sete dl
+or cl, dl
+jne short loc_fffb4ba6 ; jne 0xfffb4ba6
+lea edx, [eax + 0x733f]
+cmp dx, 1
+jbe short loc_fffb4ba1 ; jbe 0xfffb4ba1
+lea edx, [eax + 0x63bf]
+mov bl, 2
+cmp dx, 6
+jbe short loc_fffb4ba6 ; jbe 0xfffb4ba6
+lea edx, [eax + 0x633f]
+cmp dx, 2
+setbe cl
+cmp ax, 0x9cc5
+sete dl
+or cl, dl
+jne short loc_fffb4ba6 ; jne 0xfffb4ba6
+lea edx, [eax + 0x633a]
+cmp dx, 1
+setbe cl
+cmp ax, 0x9cc9
+sete dl
+or cl, dl
+jne short loc_fffb4ba6 ; jne 0xfffb4ba6
+cmp ax, 0x9cc8
+sete cl
+cmp ax, 0x9cc4
+sete dl
+or cl, dl
+jne short loc_fffb4ba6 ; jne 0xfffb4ba6
+add ax, 0x6336
+cmp ax, 2
+sbb ebx, ebx
+add ebx, 3
+jmp short loc_fffb4ba6 ; jmp 0xfffb4ba6
+
+loc_fffb4ba1: ; not directly referenced
+mov ebx, 1
+
+loc_fffb4ba6: ; not directly referenced
+mov eax, dword [esi + 0xc]
+sub esp, 0xc
+mov dword [ebp - 0x2c], eax
+lea eax, [edi + 0x40]
+push eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+mov esi, eax
+lea eax, [edi + 0x48]
+mov dword [esp], eax
+call fcn_fffb3d06 ; call 0xfffb3d06
+add esp, 0x10
+cmp dword [ebp + 0xc], 5
+ja loc_fffb4e16 ; ja 0xfffb4e16
+mov edx, dword [ebp + 0xc]
+jmp dword [edx*4 + ref_fffd3f10] ; ujmp: jmp dword [edx*4 - 0x2c0f0]
+
+loc_fffb4bdc: ; not directly referenced
+mov edx, 0xcf9
+xor eax, eax
+out dx, al
+mov bl, 4
+jmp near loc_fffb4d98 ; jmp 0xfffb4d98
+
+loc_fffb4beb: ; not directly referenced
+mov edx, 0xcf9
+mov al, 2
+out dx, al
+mov bl, 6
+jmp near loc_fffb4d98 ; jmp 0xfffb4d98
+
+loc_fffb4bfa: ; not directly referenced
+and esi, 0xfffffffc
+mov al, byte [edi + 0x44]
+or eax, 0xffffff80
+mov byte [edi + 0x44], al
+cmp ebx, 2
+movzx esi, si
+jne short loc_fffb4c20 ; jne 0xfffb4c20
+push eax
+push eax
+push 0
+lea eax, [esi + 0x9c]
+push eax
+call fcn_fffaafda ; call 0xfffaafda
+jmp short loc_fffb4c3d ; jmp 0xfffb4c3d
+
+loc_fffb4c20: ; not directly referenced
+dec ebx
+jne short loc_fffb4c40 ; jne 0xfffb4c40
+push ecx
+push ecx
+push 0
+lea eax, [esi + 0x28]
+push eax
+call fcn_fffb3f28 ; call 0xfffb3f28
+lea eax, [esi + 0x2c]
+pop ebx
+pop edi
+push 0
+push eax
+call fcn_fffb3f28 ; call 0xfffb3f28
+
+loc_fffb4c3d: ; not directly referenced
+add esp, 0x10
+
+loc_fffb4c40: ; not directly referenced
+push ecx
+push ecx
+push 0x100
+lea eax, [esi + 0x34]
+add esi, 4
+push eax
+call fcn_fffb3f28 ; call 0xfffb3f28
+mov dword [esp], esi
+call fcn_fffaafc2 ; call 0xfffaafc2
+pop edi
+mov ebx, eax
+and bh, 0xc3
+pop eax
+mov eax, ebx
+or ah, 0x1c
+or bh, 0x3c
+push eax
+push esi
+call fcn_fffaafda ; call 0xfffaafda
+pop eax
+pop edx
+push ebx
+push esi
+call fcn_fffaafda ; call 0xfffaafda
+add esp, 0x10
+xor ecx, ecx
+jmp near loc_fffb4e1b ; jmp 0xfffb4e1b
+
+loc_fffb4c84: ; not directly referenced
+mov esi, eax
+push edx
+and esi, 0xfffc
+push edx
+push 0
+lea eax, [esi + 0x60]
+push eax
+mov dword [ebp - 0x30], eax
+call fcn_fffaafda ; call 0xfffaafda
+pop ecx
+pop eax
+lea eax, [esi + 0x64]
+push 0
+push eax
+call fcn_fffaafda ; call 0xfffaafda
+pop eax
+pop edx
+lea eax, [esi + 0x68]
+push 0
+push eax
+call fcn_fffaafda ; call 0xfffaafda
+mov eax, dword [ebp + 0xc]
+add esp, 0x10
+sub eax, 4
+cmp eax, 1
+ja loc_fffb4d96 ; ja 0xfffb4d96
+sub esp, 0xc
+add edi, 0xac
+push edi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+pop edx
+pop ecx
+or eax, 0x100000
+push eax
+push edi
+call fcn_fffb3d84 ; call 0xfffb3d84
+add esp, 0x10
+cmp dword [ebp + 0xc], 5
+jne loc_fffb4d96 ; jne 0xfffb4d96
+mov eax, dword [ebp - 0x2c]
+sub esp, 0xc
+add eax, 0x332c
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+test al, 3
+jne loc_fffb4d96 ; jne 0xfffb4d96
+mov eax, dword [ebp - 0x2c]
+sub esp, 0xc
+add eax, 0x3330
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+test ah, 0xc0
+jne short loc_fffb4d96 ; jne 0xfffb4d96
+cmp ebx, 1
+jne short loc_fffb4d55 ; jne 0xfffb4d55
+push eax
+push eax
+push 0x40000000
+push esi
+call fcn_fffab629 ; call 0xfffab629
+pop eax
+pop edx
+lea eax, [esi + 4]
+add esi, 0xc
+push 0xbfffffff
+push eax
+call fcn_fffab64e ; call 0xfffab64e
+pop ecx
+pop ebx
+push 0xbfffffff
+jmp short loc_fffb4d7b ; jmp 0xfffb4d7b
+
+loc_fffb4d55: ; not directly referenced
+cmp ebx, 2
+jne short loc_fffb4d84 ; jne 0xfffb4d84
+push edx
+add esi, 0x1f0
+push edx
+push 1
+push esi
+call fcn_fffab629 ; call 0xfffab629
+pop ecx
+pop ebx
+push 0xfffffffffffffffb
+push esi
+call fcn_fffab64e ; call 0xfffab64e
+pop edi
+pop eax
+push 0x7fffffff
+
+loc_fffb4d7b: ; not directly referenced
+push esi
+call fcn_fffab64e ; call 0xfffab64e
+add esp, 0x10
+
+loc_fffb4d84: ; not directly referenced
+push eax
+push eax
+push 0x40000000
+push dword [ebp - 0x30]
+call fcn_fffab629 ; call 0xfffab629
+add esp, 0x10
+
+loc_fffb4d96: ; not directly referenced
+mov bl, 0xe
+
+loc_fffb4d98: ; not directly referenced
+mov eax, dword [ebp + 0xc]
+sub eax, 4
+cmp eax, 1
+jbe short loc_fffb4daa ; jbe 0xfffb4daa
+
+loc_fffb4da3: ; not directly referenced
+xor esi, esi
+lea edi, [ebp - 0x1c]
+jmp short loc_fffb4dc8 ; jmp 0xfffb4dc8
+
+loc_fffb4daa: ; not directly referenced
+push 0
+push 0
+push 0
+push ref_fffd65b0 ; push 0xfffd65b0
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x10
+test eax, eax
+jne short loc_fffb4da3 ; jne 0xfffb4da3
+mov ecx, 0x80000003
+jmp short loc_fffb4e1b ; jmp 0xfffb4e1b
+
+loc_fffb4dc8: ; not directly referenced
+push edi
+push 0
+push esi
+push ref_fffd663c ; push 0xfffd663c
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x10
+mov edx, eax
+test eax, eax
+jne short loc_fffb4df3 ; jne 0xfffb4df3
+mov dword [ebp - 0x2c], eax
+mov eax, dword [ebp - 0x1c]
+sub esp, 0xc
+push dword [ebp + 0xc]
+call dword [eax] ; ucall
+mov edx, dword [ebp - 0x2c]
+add esp, 0x10
+
+loc_fffb4df3: ; not directly referenced
+inc esi
+cmp edx, 0x8000000e
+jne short loc_fffb4dc8 ; jne 0xfffb4dc8
+xor ecx, ecx
+mov edx, 0xcf9
+mov al, bl
+out dx, al
+mov dword [ebp - 0x1c], 0
+
+loc_fffb4e0d: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+test eax, eax
+je short loc_fffb4e0d ; je 0xfffb4e0d
+jmp short loc_fffb4e1b ; jmp 0xfffb4e1b
+
+loc_fffb4e16: ; not directly referenced
+mov ecx, 0x80000002
+
+loc_fffb4e1b: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, ecx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb4e25: ; not directly referenced
+push ebp
+mov al, 1
+mov ebp, esp
+push edi
+push esi
+push ebx
+xor ebx, ebx
+sub esp, 0x2c
+lea esi, [ebp - 0x28]
+lea edi, [ebp - 0x20]
+
+loc_fffb4e38: ; not directly referenced
+cmp dword [ebp + 8], 1
+je short loc_fffb4e63 ; je 0xfffb4e63
+cmp dword [ebp + 8], 2
+jne short loc_fffb4e8d ; jne 0xfffb4e8d
+mov ecx, 0x150
+rdmsr
+mov dword [ebp - 0x28], eax
+push eax
+push 8
+push esi
+push edi
+mov dword [ebp - 0x24], edx
+call fcn_fffab101 ; call 0xfffab101
+mov al, byte [ebp - 0x19]
+shr al, 7
+jmp short loc_fffb4e8a ; jmp 0xfffb4e8a
+
+loc_fffb4e63: ; not directly referenced
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov eax, dword [eax + 0x14]
+add eax, 0x48
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+and eax, 0xfffffffe
+add eax, 0x5da4
+mov dword [esp], eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+shr eax, 0x1f
+
+loc_fffb4e8a: ; not directly referenced
+add esp, 0x10
+
+loc_fffb4e8d: ; not directly referenced
+sub esp, 0xc
+inc ebx
+push 1
+mov dword [ebp - 0x2c], eax
+call fcn_fffb49a3 ; call 0xfffb49a3
+mov eax, dword [ebp - 0x2c]
+add esp, 0x10
+mov dl, al
+and edx, 1
+cmp bx, 0x3e7
+setbe cl
+test dl, cl
+jne short loc_fffb4e38 ; jne 0xfffb4e38
+cmp bx, 0x3e8
+sete al
+and eax, edx
+shl eax, 0x1f
+lea esp, [ebp - 0xc]
+sar eax, 0x1f
+pop ebx
+and eax, 0x80000012
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb4ecf: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x38
+mov edi, dword [ebp + 8]
+push edi
+call fcn_fffb4e25 ; call 0xfffb4e25
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+js loc_fffb505b ; js 0xfffb505b
+cmp edi, 1
+je short loc_fffb4f01 ; je 0xfffb4f01
+cmp edi, 2
+je loc_fffb4fa4 ; je 0xfffb4fa4
+jmp near loc_fffb505f ; jmp 0xfffb505f
+
+loc_fffb4f01: ; not directly referenced
+mov eax, dword [ebp + 0xc]
+sub esp, 0xc
+mov dword [ebp - 0x20], eax
+mov eax, dword [0xff7d0084]
+or byte [ebp - 0x1d], 0x80
+mov eax, dword [eax + 0x14]
+add eax, 0x48
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov edi, eax
+pop eax
+and edi, 0xfffffffe
+pop edx
+push dword [ebp - 0x20]
+lea esi, [edi + 0x5da4]
+add edi, 0x5da0
+push esi
+call fcn_fffb3d84 ; call 0xfffb3d84
+mov dword [esp], 1
+call fcn_fffb4e25 ; call 0xfffb4e25
+mov dword [esp], esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [esp], edi
+mov dword [ebp - 0x20], eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [esp], 0xa
+mov dword [ebp - 0x1c], eax
+call fcn_fffb49a3 ; call 0xfffb49a3
+mov dword [esp], esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [esp], edi
+mov esi, eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov edx, dword [ebp - 0x20]
+add esp, 0x10
+cmp edx, esi
+je short loc_fffb4f94 ; je 0xfffb4f94
+cmp dword [ebp - 0x1c], eax
+je short loc_fffb4f94 ; je 0xfffb4f94
+
+loc_fffb4f8a: ; not directly referenced
+mov eax, 0x80000002
+jmp near loc_fffb5064 ; jmp 0xfffb5064
+
+loc_fffb4f94: ; not directly referenced
+mov eax, dword [ebp + 0x14]
+mov dword [eax], edx
+lea eax, [ebp - 0x1c]
+push ecx
+push 4
+jmp near loc_fffb504f ; jmp 0xfffb504f
+
+loc_fffb4fa4: ; not directly referenced
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp + 0x10]
+mov eax, dword [eax]
+push edx
+push 8
+or byte [ebp - 0x21], 0x80
+mov dword [ebp - 0x28], eax
+lea eax, [ebp - 0x28]
+push eax
+lea eax, [ebp - 0x30]
+push eax
+call fcn_fffab101 ; call 0xfffab101
+mov eax, dword [ebp - 0x30]
+mov ecx, 0x150
+mov edx, dword [ebp - 0x2c]
+wrmsr
+mov dword [esp], 2
+call fcn_fffb4e25 ; call 0xfffb4e25
+mov ecx, 0x150
+rdmsr
+add esp, 0xc
+push 8
+mov dword [ebp - 0x30], eax
+lea eax, [ebp - 0x30]
+push eax
+lea eax, [ebp - 0x28]
+push eax
+mov dword [ebp - 0x2c], edx
+call fcn_fffab101 ; call 0xfffab101
+mov dword [esp], 0xa
+call fcn_fffb49a3 ; call 0xfffb49a3
+mov ecx, 0x150
+rdmsr
+add esp, 0xc
+push 8
+mov dword [ebp - 0x30], eax
+lea eax, [ebp - 0x30]
+push eax
+lea eax, [ebp - 0x20]
+push eax
+mov dword [ebp - 0x2c], edx
+call fcn_fffab101 ; call 0xfffab101
+mov eax, dword [ebp - 0x1c]
+add esp, 0x10
+cmp dword [ebp - 0x24], eax
+je short loc_fffb5040 ; je 0xfffb5040
+mov eax, dword [ebp - 0x20]
+cmp dword [ebp - 0x28], eax
+jne loc_fffb4f8a ; jne 0xfffb4f8a
+
+loc_fffb5040: ; not directly referenced
+movzx eax, byte [ebp - 0x24]
+mov edx, dword [ebp + 0x14]
+mov dword [edx], eax
+push eax
+push 4
+lea eax, [ebp - 0x28]
+
+loc_fffb504f: ; not directly referenced
+push eax
+push dword [ebp + 0x10]
+call fcn_fffab101 ; call 0xfffab101
+add esp, 0x10
+
+loc_fffb505b: ; not directly referenced
+mov eax, ebx
+jmp short loc_fffb5064 ; jmp 0xfffb5064
+
+loc_fffb505f: ; not directly referenced
+mov eax, 0x80000003
+
+loc_fffb5064: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb506c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x48
+mov esi, dword [ebp + 8]
+push esi
+call fcn_fffb4e25 ; call 0xfffb4e25
+add esp, 0x10
+mov ebx, eax
+test eax, eax
+js loc_fffb51e8 ; js 0xfffb51e8
+cmp esi, 1
+je short loc_fffb509e ; je 0xfffb509e
+cmp esi, 2
+je loc_fffb5145 ; je 0xfffb5145
+jmp near loc_fffb51ec ; jmp 0xfffb51ec
+
+loc_fffb509e: ; not directly referenced
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov eax, dword [eax + 0x14]
+add eax, 0x48
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+pop edx
+pop ecx
+push dword [ebp + 0x10]
+mov esi, eax
+and esi, 0xfffffffe
+lea edi, [esi + 0x5da0]
+add esi, 0x5da4
+push edi
+call fcn_fffb3d84 ; call 0xfffb3d84
+mov eax, dword [ebp + 0xc]
+pop edx
+pop ecx
+or eax, 0x80000000
+push eax
+push esi
+call fcn_fffb3d84 ; call 0xfffb3d84
+mov dword [esp], 1
+call fcn_fffb4e25 ; call 0xfffb4e25
+mov dword [esp], esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [esp], edi
+mov dword [ebp - 0x40], eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [esp], 0xa
+mov dword [ebp - 0x3c], eax
+call fcn_fffb49a3 ; call 0xfffb49a3
+mov dword [esp], esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [esp], edi
+mov esi, eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov ecx, dword [ebp - 0x40]
+add esp, 0x10
+cmp ecx, esi
+je short loc_fffb5138 ; je 0xfffb5138
+cmp dword [ebp - 0x3c], eax
+je short loc_fffb5138 ; je 0xfffb5138
+
+loc_fffb512e: ; not directly referenced
+mov eax, 0x80000002
+jmp near loc_fffb51f1 ; jmp 0xfffb51f1
+
+loc_fffb5138: ; not directly referenced
+mov eax, dword [ebp + 0x14]
+movzx ecx, cl
+mov dword [eax], ecx
+jmp near loc_fffb51e8 ; jmp 0xfffb51e8
+
+loc_fffb5145: ; not directly referenced
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp + 0x10]
+or byte [ebp - 0x21], 0x80
+mov dword [ebp - 0x28], eax
+push eax
+push 8
+lea eax, [ebp - 0x28]
+push eax
+lea eax, [ebp - 0x30]
+push eax
+call fcn_fffab101 ; call 0xfffab101
+mov eax, dword [ebp - 0x30]
+mov ecx, 0x150
+mov edx, dword [ebp - 0x2c]
+wrmsr
+mov dword [esp], 2
+call fcn_fffb4e25 ; call 0xfffb4e25
+mov ecx, 0x150
+rdmsr
+add esp, 0xc
+push 8
+mov dword [ebp - 0x30], eax
+lea eax, [ebp - 0x30]
+push eax
+lea eax, [ebp - 0x28]
+push eax
+mov dword [ebp - 0x2c], edx
+call fcn_fffab101 ; call 0xfffab101
+mov dword [esp], 0xa
+call fcn_fffb49a3 ; call 0xfffb49a3
+mov ecx, 0x150
+rdmsr
+add esp, 0xc
+push 8
+mov dword [ebp - 0x30], eax
+lea eax, [ebp - 0x30]
+push eax
+lea eax, [ebp - 0x20]
+push eax
+mov dword [ebp - 0x2c], edx
+call fcn_fffab101 ; call 0xfffab101
+mov eax, dword [ebp - 0x1c]
+add esp, 0x10
+cmp dword [ebp - 0x24], eax
+je short loc_fffb51df ; je 0xfffb51df
+mov eax, dword [ebp - 0x20]
+cmp dword [ebp - 0x28], eax
+jne loc_fffb512e ; jne 0xfffb512e
+
+loc_fffb51df: ; not directly referenced
+movzx eax, byte [ebp - 0x24]
+mov edx, dword [ebp + 0x14]
+mov dword [edx], eax
+
+loc_fffb51e8: ; not directly referenced
+mov eax, ebx
+jmp short loc_fffb51f1 ; jmp 0xfffb51f1
+
+loc_fffb51ec: ; not directly referenced
+mov eax, 0x80000003
+
+loc_fffb51f1: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb51f9: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov bl, byte [ebp + 0xc]
+mov al, byte [ebp + 0x18]
+mov edi, dword [ebp + 0x1c]
+and ebx, 0x7f
+cmp dword [ebp + 0x14], 1
+mov byte [ebp - 0x1f], al
+jbe short loc_fffb5230 ; jbe 0xfffb5230
+test edi, edi
+mov esi, 0x80000002
+sete dl
+cmp dword [ebp + 0x20], 0
+sete al
+or dl, al
+jne loc_fffb5793 ; jne 0xfffb5793
+
+loc_fffb5230: ; not directly referenced
+sub esp, 0xc
+mov esi, 0x80000012
+push 0
+call fcn_fffb4808 ; call 0xfffb4808
+add esp, 0x10
+test al, 0x40
+jne loc_fffb5793 ; jne 0xfffb5793
+test al, 1
+je short loc_fffb5264 ; je 0xfffb5264
+push edi
+push edi
+push 0xff
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+jmp near loc_fffb5793 ; jmp 0xfffb5793
+
+loc_fffb5264: ; not directly referenced
+push esi
+movzx eax, al
+push esi
+push eax
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+lea eax, [ebx + ebx + 1]
+add esp, 0x10
+mov byte [ebp - 0x1c], al
+dec eax
+mov byte [ebp - 0x1d], al
+mov eax, dword [ebp + 0x14]
+mov dword [ebp - 0x24], 3
+mov byte [ebp - 0x1e], 0
+and eax, 0xfffffffd
+mov dword [ebp - 0x2c], eax
+
+loc_fffb5293: ; not directly referenced
+mov al, byte [ebp + 0x10]
+cmp dword [ebp + 0x14], 0xb
+mov byte [ebp - 0x20], al
+ja loc_fffb5454 ; ja 0xfffb5454
+mov eax, dword [ebp + 0x14]
+jmp dword [eax*4 + ref_fffd3f28] ; ujmp: jmp dword [eax*4 - 0x2c0d8]
+
+loc_fffb52ad: ; not directly referenced
+mov dl, byte [ebp - 0x1d]
+jmp short loc_fffb52b5 ; jmp 0xfffb52b5
+
+loc_fffb52b2: ; not directly referenced
+mov dl, byte [ebp - 0x1c]
+
+loc_fffb52b5: ; not directly referenced
+cmp byte [ebp - 0x1f], 1
+je loc_fffb5446 ; je 0xfffb5446
+xor esi, esi
+jmp near loc_fffb5440 ; jmp 0xfffb5440
+
+loc_fffb52c6: ; not directly referenced
+mov eax, dword [ebp + 0x20]
+mov dl, byte [ebp - 0x1d]
+mov al, byte [eax]
+mov byte [ebp - 0x20], al
+jmp short loc_fffb52d6 ; jmp 0xfffb52d6
+
+loc_fffb52d3: ; not directly referenced
+mov dl, byte [ebp - 0x1c]
+
+loc_fffb52d6: ; not directly referenced
+cmp dword [edi], 1
+mov esi, 4
+mov dword [edi], 1
+sbb ebx, ebx
+and ebx, 0x80000005
+jmp near loc_fffb5409 ; jmp 0xfffb5409
+
+loc_fffb52f1: ; not directly referenced
+mov eax, dword [ebp + 0x20]
+push ecx
+push ecx
+movzx eax, byte [eax]
+push eax
+push 5
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+mov dl, byte [ebp - 0x1d]
+mov dword [edi], 1
+jmp short loc_fffb5312 ; jmp 0xfffb5312
+
+loc_fffb530f: ; not directly referenced
+mov dl, byte [ebp - 0x1c]
+
+loc_fffb5312: ; not directly referenced
+mov eax, dword [edi]
+test eax, eax
+je loc_fffb554f ; je 0xfffb554f
+cmp eax, 1
+je loc_fffb543b ; je 0xfffb543b
+cmp eax, 0x100
+ja loc_fffb5454 ; ja 0xfffb5454
+cmp byte [ebp - 0x1f], 1
+je loc_fffb5446 ; je 0xfffb5446
+mov esi, 0x18
+jmp near loc_fffb5440 ; jmp 0xfffb5440
+
+loc_fffb5344: ; not directly referenced
+cmp dword [edi], 2
+mov dl, byte [ebp - 0x1c]
+mov dword [edi], 2
+sbb ebx, ebx
+and ebx, 0x80000005
+jmp short loc_fffb5392 ; jmp 0xfffb5392
+
+loc_fffb535a: ; not directly referenced
+push eax
+push eax
+mov eax, dword [ebp + 0x20]
+movzx eax, byte [eax + 1]
+push eax
+push 6
+call fcn_fffb47e9 ; call 0xfffb47e9
+pop eax
+mov eax, dword [ebp + 0x20]
+pop edx
+movzx eax, byte [eax]
+push eax
+push 5
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+mov dl, byte [ebp - 0x1d]
+cmp dword [edi], 2
+mov dword [edi], 2
+sbb ebx, ebx
+and ebx, 0x80000005
+
+loc_fffb5392: ; not directly referenced
+mov esi, 0xc
+jmp short loc_fffb5409 ; jmp 0xfffb5409
+
+loc_fffb5399: ; not directly referenced
+push eax
+push eax
+movzx eax, byte [edi]
+push eax
+push 5
+call fcn_fffb47e9 ; call 0xfffb47e9
+mov al, byte [edi]
+add esp, 0x10
+mov dl, byte [ebp - 0x1d]
+mov byte [ebp - 0x1e], al
+jmp short loc_fffb53b6 ; jmp 0xfffb53b6
+
+loc_fffb53b3: ; not directly referenced
+mov dl, byte [ebp - 0x1c]
+
+loc_fffb53b6: ; not directly referenced
+mov eax, dword [edi]
+dec eax
+cmp eax, 0x1f
+ja loc_fffb5454 ; ja 0xfffb5454
+mov esi, 0x14
+jmp near loc_fffb5450 ; jmp 0xfffb5450
+
+loc_fffb53cc: ; not directly referenced
+mov eax, dword [ebp + 0x20]
+push ebx
+push ebx
+movzx eax, byte [eax + 1]
+push eax
+push 6
+call fcn_fffb47e9 ; call 0xfffb47e9
+pop esi
+mov esi, 0x10
+pop eax
+mov eax, dword [ebp + 0x20]
+movzx eax, byte [eax]
+push eax
+push 5
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+mov dl, byte [ebp - 0x1c]
+cmp dword [edi], 2
+mov dword [edi], 2
+sbb ebx, ebx
+and ebx, 0x80000005
+
+loc_fffb5409: ; not directly referenced
+xor eax, eax
+test ebx, ebx
+jns short loc_fffb545e ; jns 0xfffb545e
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb5414: ; not directly referenced
+mov eax, dword [edi]
+dec eax
+cmp eax, 0x1f
+ja short loc_fffb5454 ; ja 0xfffb5454
+push ecx
+mov esi, 0x1c
+push ecx
+movzx eax, byte [edi]
+push eax
+push 5
+call fcn_fffb47e9 ; call 0xfffb47e9
+mov al, byte [edi]
+add esp, 0x10
+mov dl, byte [ebp - 0x1c]
+mov byte [ebp - 0x1e], al
+jmp short loc_fffb5450 ; jmp 0xfffb5450
+
+loc_fffb543b: ; not directly referenced
+mov esi, 8
+
+loc_fffb5440: ; not directly referenced
+xor eax, eax
+
+loc_fffb5442: ; not directly referenced
+xor ebx, ebx
+jmp short loc_fffb545e ; jmp 0xfffb545e
+
+loc_fffb5446: ; not directly referenced
+mov ebx, 0x80000003
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb5450: ; not directly referenced
+mov al, 2
+jmp short loc_fffb5442 ; jmp 0xfffb5442
+
+loc_fffb5454: ; not directly referenced
+mov ebx, 0x80000002
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb545e: ; not directly referenced
+mov cl, al
+or ecx, 1
+cmp byte [ebp - 0x1f], 1
+mov dword [ebp - 0x28], edx
+push edx
+cmove eax, ecx
+push edx
+movzx eax, al
+push eax
+push 0xd
+call fcn_fffb47e9 ; call 0xfffb47e9
+mov dword [esp], 2
+call fcn_fffb4808 ; call 0xfffb4808
+add esp, 0x10
+mov edx, dword [ebp - 0x28]
+cmp dword [ebp - 0x2c], 9
+je short loc_fffb54ae ; je 0xfffb54ae
+
+loc_fffb5492: ; not directly referenced
+push ecx
+movzx edx, dl
+push ecx
+push edx
+push 4
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+movzx eax, byte [ebp - 0x20]
+cmp dword [ebp + 0x14], 4
+jne short loc_fffb54eb ; jne 0xfffb54eb
+jmp short loc_fffb54df ; jmp 0xfffb54df
+
+loc_fffb54ae: ; not directly referenced
+movzx ecx, byte [ebp - 0x1e]
+xor eax, eax
+mov dword [ebp - 0x28], ecx
+
+loc_fffb54b7: ; not directly referenced
+cmp eax, dword [ebp - 0x28]
+jae short loc_fffb5492 ; jae 0xfffb5492
+mov ecx, dword [ebp + 0x20]
+mov dword [ebp - 0x34], edx
+push edx
+push edx
+movzx ecx, byte [ecx + eax]
+mov dword [ebp - 0x30], eax
+push ecx
+push 7
+call fcn_fffb47e9 ; call 0xfffb47e9
+mov eax, dword [ebp - 0x30]
+add esp, 0x10
+mov edx, dword [ebp - 0x34]
+inc eax
+jmp short loc_fffb54b7 ; jmp 0xfffb54b7
+
+loc_fffb54df: ; not directly referenced
+cmp dword [edi], 1
+jbe short loc_fffb54eb ; jbe 0xfffb54eb
+push ecx
+push ecx
+push eax
+push 6
+jmp short loc_fffb54f0 ; jmp 0xfffb54f0
+
+loc_fffb54eb: ; not directly referenced
+push edx
+push edx
+push eax
+push 3
+
+loc_fffb54f0: ; not directly referenced
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+lea eax, [esi + 0x40]
+mov esi, 0x186a0
+movzx eax, al
+push ecx
+push ecx
+push eax
+push 2
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+
+loc_fffb5510: ; not directly referenced
+sub esp, 0xc
+push 0
+call fcn_fffb4808 ; call 0xfffb4808
+add esp, 0x10
+test al, 0x8e
+jne loc_fffb55fa ; jne 0xfffb55fa
+sub esp, 0xc
+push 0xa
+call fcn_fffb49a3 ; call 0xfffb49a3
+add esp, 0x10
+dec esi
+jne short loc_fffb5510 ; jne 0xfffb5510
+jmp near loc_fffb55f3 ; jmp 0xfffb55f3
+
+loc_fffb553a: ; not directly referenced
+sub esp, 0xc
+push 5
+call fcn_fffb4808 ; call 0xfffb4808
+add esp, 0x10
+test al, al
+jne loc_fffb5750 ; jne 0xfffb5750
+
+loc_fffb554f: ; not directly referenced
+mov ebx, 0x80000005
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb5559: ; not directly referenced
+cmp dword [edi], 1
+jbe loc_fffb56de ; jbe 0xfffb56de
+xor esi, esi
+
+loc_fffb5564: ; not directly referenced
+cmp esi, dword [edi]
+jae loc_fffb561b ; jae 0xfffb561b
+sub esp, 0xc
+push 7
+call fcn_fffb4808 ; call 0xfffb4808
+mov ecx, dword [ebp + 0x20]
+add esp, 0x10
+mov byte [ecx + esi], al
+mov eax, dword [edi]
+lea edx, [eax - 2]
+cmp esi, edx
+jne loc_fffb56b9 ; jne 0xfffb56b9
+sub esp, 0xc
+push 2
+call fcn_fffb4808 ; call 0xfffb4808
+pop edx
+pop ecx
+or eax, 0x20
+movzx eax, al
+
+loc_fffb559e: ; not directly referenced
+push eax
+push 2
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+
+loc_fffb55a9: ; not directly referenced
+push eax
+push eax
+push 0x80
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+mov eax, dword [edi]
+add esp, 0x10
+dec eax
+cmp esi, eax
+jae loc_fffb56d8 ; jae 0xfffb56d8
+mov dword [ebp - 0x1c], 0x64
+
+loc_fffb55cc: ; not directly referenced
+sub esp, 0xc
+push 0
+call fcn_fffb4808 ; call 0xfffb4808
+add esp, 0x10
+test al, al
+js loc_fffb56d8 ; js 0xfffb56d8
+sub esp, 0xc
+push 0xa
+call fcn_fffb49a3 ; call 0xfffb49a3
+add esp, 0x10
+dec dword [ebp - 0x1c]
+jne short loc_fffb55cc ; jne 0xfffb55cc
+
+loc_fffb55f3: ; not directly referenced
+mov ebx, 0x80000012
+jmp short loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb55fa: ; not directly referenced
+test al, 4
+je short loc_fffb5649 ; je 0xfffb5649
+sub esp, 0xc
+push 0xc
+call fcn_fffb4808 ; call 0xfffb4808
+add esp, 0x10
+and eax, 1
+cmp al, 1
+sbb ebx, ebx
+and ebx, 0xffffffec
+sub ebx, 0x7fffffe5
+
+loc_fffb561b: ; not directly referenced
+push eax
+push eax
+push 0xff
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+pop edx
+pop ecx
+push 1
+push 0xc
+call fcn_fffb47e9 ; call 0xfffb47e9
+pop esi
+mov esi, ebx
+pop edi
+push 0
+push 0xd
+call fcn_fffb47e9 ; call 0xfffb47e9
+add esp, 0x10
+jmp near loc_fffb5793 ; jmp 0xfffb5793
+
+loc_fffb5649: ; not directly referenced
+test al, 8
+je short loc_fffb568e ; je 0xfffb568e
+push ebx
+push ebx
+push 8
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+pop esi
+pop eax
+push 0xff
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+pop eax
+pop edx
+push 1
+push 0xc
+call fcn_fffb47e9 ; call 0xfffb47e9
+mov dword [esp], 0xa
+call fcn_fffb49a3 ; call 0xfffb49a3
+add esp, 0x10
+dec dword [ebp - 0x24]
+je loc_fffb5789 ; je 0xfffb5789
+jmp near loc_fffb5293 ; jmp 0xfffb5293
+
+loc_fffb568e: ; not directly referenced
+mov eax, dword [ebp + 0x14]
+sub eax, 2
+cmp eax, 9
+ja short loc_fffb561b ; ja 0xfffb561b
+jmp dword [eax*4 + ref_fffd3f58] ; ujmp: jmp dword [eax*4 - 0x2c0a8]
+
+loc_fffb56a0: ; not directly referenced
+sub esp, 0xc
+push 6
+call fcn_fffb4808 ; call 0xfffb4808
+mov ecx, dword [ebp + 0x20]
+mov byte [ecx + 1], al
+mov dword [esp], 5
+jmp short loc_fffb56e3 ; jmp 0xfffb56e3
+
+loc_fffb56b9: ; not directly referenced
+dec eax
+cmp esi, eax
+jne loc_fffb55a9 ; jne 0xfffb55a9
+sub esp, 0xc
+push 2
+call fcn_fffb4808 ; call 0xfffb4808
+pop edx
+pop ecx
+and eax, 0xdf
+jmp near loc_fffb559e ; jmp 0xfffb559e
+
+loc_fffb56d8: ; not directly referenced
+inc esi
+jmp near loc_fffb5564 ; jmp 0xfffb5564
+
+loc_fffb56de: ; not directly referenced
+sub esp, 0xc
+push 5
+
+loc_fffb56e3: ; not directly referenced
+call fcn_fffb4808 ; call 0xfffb4808
+mov ecx, dword [ebp + 0x20]
+mov byte [ecx], al
+jmp short loc_fffb56fd ; jmp 0xfffb56fd
+
+loc_fffb56ef: ; not directly referenced
+push eax
+push eax
+push 0x80
+push 0
+call fcn_fffb47e9 ; call 0xfffb47e9
+
+loc_fffb56fd: ; not directly referenced
+add esp, 0x10
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb5705: ; not directly referenced
+sub esp, 0xc
+xor esi, esi
+push 5
+call fcn_fffb4808 ; call 0xfffb4808
+add esp, 0x10
+movzx edx, al
+mov al, 1
+cmp dword [edi], edx
+jb short loc_fffb573f ; jb 0xfffb573f
+
+loc_fffb571d: ; not directly referenced
+cmp esi, edx
+jae short loc_fffb573d ; jae 0xfffb573d
+sub esp, 0xc
+push 7
+mov dword [ebp - 0x1c], edx
+call fcn_fffb4808 ; call 0xfffb4808
+mov ecx, dword [ebp + 0x20]
+add esp, 0x10
+mov edx, dword [ebp - 0x1c]
+mov byte [ecx + esi], al
+inc esi
+jmp short loc_fffb571d ; jmp 0xfffb571d
+
+loc_fffb573d: ; not directly referenced
+xor eax, eax
+
+loc_fffb573f: ; not directly referenced
+test al, al
+mov eax, 0x80000005
+mov dword [edi], edx
+cmovne ebx, eax
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb5750: ; not directly referenced
+movzx edx, byte [edi]
+movzx ecx, al
+lea eax, [edx + ecx]
+cmp eax, 0x20
+jg short loc_fffb5789 ; jg 0xfffb5789
+xor esi, esi
+mov edx, ecx
+
+loc_fffb5762: ; not directly referenced
+cmp esi, edx
+jae short loc_fffb5782 ; jae 0xfffb5782
+sub esp, 0xc
+push 7
+mov dword [ebp - 0x1c], edx
+call fcn_fffb4808 ; call 0xfffb4808
+mov ecx, dword [ebp + 0x20]
+add esp, 0x10
+mov edx, dword [ebp - 0x1c]
+mov byte [ecx + esi], al
+inc esi
+jmp short loc_fffb5762 ; jmp 0xfffb5762
+
+loc_fffb5782: ; not directly referenced
+mov dword [edi], edx
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb5789: ; not directly referenced
+mov ebx, 0x80000007
+jmp near loc_fffb561b ; jmp 0xfffb561b
+
+loc_fffb5793: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb579d: ; not directly referenced
+push ebp
+movzx edx, dl
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x2c
+mov ebx, dword [ebp + 0x10]
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x24], ecx
+mov edi, dword [esi + 0x5edc]
+mov dword [ebp - 0x1c], ebx
+mov byte [ebp - 0x2b], bl
+mov bl, byte [ebp + 0x18]
+mov ecx, eax
+mov eax, dword [ebp + 0xc]
+mov byte [ebp - 0x2c], bl
+imul ebx, edx, 0xcc
+mov byte [ebp - 0x20], al
+lea ebx, [edi + ebx + 0x1c]
+cmp cl, 0xe
+ja loc_fffb5b85 ; ja 0xfffb5b85
+movzx edi, cl
+jmp dword [edi*4 + ref_fffd3f80] ; ujmp: jmp dword [edi*4 - 0x2c080]
+
+loc_fffb57eb: ; not directly referenced
+mov edi, dword [ebx + 0xa0]
+and eax, 0xf
+shl eax, 0xf
+and edi, 0xfff87fff
+jmp near loc_fffb5b31 ; jmp 0xfffb5b31
+
+loc_fffb5802: ; not directly referenced
+mov edi, dword [ebx + 0xa0]
+and eax, 0xf
+shl eax, 0x13
+and edi, 0xff87ffff
+jmp near loc_fffb5b31 ; jmp 0xfffb5b31
+
+loc_fffb5819: ; not directly referenced
+mov edi, dword [ebx + 0xa4]
+and eax, 0xf
+shl eax, 0x11
+and edi, 0xffe1ffff
+jmp short loc_fffb5895 ; jmp 0xfffb5895
+
+loc_fffb582d: ; not directly referenced
+mov edi, dword [ebx + 0xa4]
+and eax, 0xf
+shl eax, 0x15
+and edi, 0xfe1fffff
+jmp short loc_fffb5895 ; jmp 0xfffb5895
+
+loc_fffb5841: ; not directly referenced
+mov edi, dword [ebx + 0xa8]
+and eax, 0x1f
+shl eax, 0x13
+and edi, 0xff07ffff
+jmp near loc_fffb5b65 ; jmp 0xfffb5b65
+
+loc_fffb5858: ; not directly referenced
+mov edi, dword [ebx + 0xa8]
+and eax, 0x1f
+shl eax, 0x18
+and edi, 0xe0ffffff
+jmp near loc_fffb5b65 ; jmp 0xfffb5b65
+
+loc_fffb586f: ; not directly referenced
+mov edi, dword [ebx + 0xa4]
+and eax, 0xf
+shl eax, 6
+and edi, 0xfffffc3f
+jmp short loc_fffb5895 ; jmp 0xfffb5895
+
+loc_fffb5883: ; not directly referenced
+mov edi, dword [ebx + 0xa4]
+and eax, 0xf
+shl eax, 0xa
+and edi, 0xffffc3ff
+
+loc_fffb5895: ; not directly referenced
+or edi, eax
+mov eax, esi
+shl edx, 0xa
+mov ecx, edi
+add edx, 0x4008
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x1c], 0
+je loc_fffb5b85 ; je 0xfffb5b85
+mov dword [ebx + 0xa4], edi
+jmp near loc_fffb5b85 ; jmp 0xfffb5b85
+
+loc_fffb58be: ; not directly referenced
+mov edi, dword [ebx + 0xac]
+sub eax, 6
+and eax, 3
+shl eax, 0x11
+and edi, 0xfff9ffff
+jmp short loc_fffb5901 ; jmp 0xfffb5901
+
+loc_fffb58d5: ; not directly referenced
+sub eax, 6
+mov edi, dword [ebx + 0xac]
+cmp dword [esi + 0x2480], 3
+jne short loc_fffb58f5 ; jne 0xfffb58f5
+and eax, 7
+and edi, 0xffc7ffff
+shl eax, 0x13
+jmp short loc_fffb5901 ; jmp 0xfffb5901
+
+loc_fffb58f5: ; not directly referenced
+and eax, 3
+and edi, 0xffe7ffff
+shl eax, 0x13
+
+loc_fffb5901: ; not directly referenced
+or edi, eax
+mov eax, esi
+shl edx, 0xa
+mov ecx, edi
+add edx, 0x4014
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x1c], 0
+je loc_fffb5b85 ; je 0xfffb5b85
+mov dword [ebx + 0xac], edi
+jmp near loc_fffb5b85 ; jmp 0xfffb5b85
+
+loc_fffb592a: ; not directly referenced
+movzx ecx, byte [ebp - 0x24]
+lea edi, [ebx + ecx*4]
+mov ebx, dword [edi + 4]
+mov dword [ebp - 0x24], edi
+mov dword [ebp - 0x20], ebx
+shr ebx, 0xd
+and ebx, 0xf
+mov edi, ebx
+or edi, 0xfffffff0
+test bl, 8
+cmovne ebx, edi
+add eax, ebx
+mov bl, 6
+cmp al, 6
+cmovle ebx, eax
+mov al, 0xfc
+cmp bl, 0xfc
+cmovge eax, ebx
+mov ebx, dword [ebp - 0x20]
+and eax, 0xf
+mov edi, eax
+shl edi, 0xd
+and ebx, 0xff0e1fff
+shl eax, 0x14
+or ebx, edi
+or ebx, eax
+mov eax, esi
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, ebx
+mov edx, eax
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x1c], 0
+je loc_fffb5b85 ; je 0xfffb5b85
+mov eax, dword [ebp - 0x24]
+mov dword [eax + 4], ebx
+jmp near loc_fffb5b85 ; jmp 0xfffb5b85
+
+loc_fffb599b: ; not directly referenced
+movzx ecx, byte [ebp - 0x24]
+lea edi, [ebx + ecx*4]
+mov ebx, dword [edi + 4]
+mov dword [ebp - 0x20], ebx
+shr ebx, 0x11
+and ebx, 7
+add eax, ebx
+mov bl, 7
+cmp al, 7
+cmovle ebx, eax
+xor eax, eax
+test bl, bl
+cmovns eax, ebx
+and eax, 7
+mov ebx, eax
+shl ebx, 0x11
+mov dword [ebp - 0x24], ebx
+mov ebx, dword [ebp - 0x20]
+shl eax, 0x18
+and ebx, 0xf8f1ffff
+or ebx, dword [ebp - 0x24]
+or ebx, eax
+mov eax, esi
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, ebx
+mov edx, eax
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x1c], 0
+je loc_fffb5b85 ; je 0xfffb5b85
+mov dword [edi + 4], ebx
+jmp near loc_fffb5b85 ; jmp 0xfffb5b85
+
+loc_fffb59fe: ; not directly referenced
+imul eax, edx, 0x13c3
+xor edi, edi
+shl edx, 0xa
+lea eax, [esi + eax + 0x3756]
+mov dword [ebp - 0x24], eax
+lea eax, [edx + 0x4028]
+mov dword [ebp - 0x30], eax
+lea eax, [edx + 0x4024]
+mov dword [ebp - 0x28], eax
+mov eax, dword [ebp - 0x20]
+and eax, 0x7f
+mov dword [ebp - 0x1c], eax
+
+loc_fffb5a2e: ; not directly referenced
+mov eax, edi
+mov byte [ebp - 0x2a], al
+movzx eax, byte [ebp - 0x2c]
+bt eax, edi
+jae loc_fffb5b13 ; jae 0xfffb5b13
+mov ecx, dword [ebp - 0x24]
+mov al, byte [ebp - 0x20]
+add al, byte [ecx + edi + 0x1011]
+sub al, byte [ecx + edi + 0x1015]
+mov byte [ebp - 0x29], al
+js loc_fffb5b13 ; js 0xfffb5b13
+mov edx, dword [ebp - 0x30]
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, dword [ebp - 0x28]
+mov dword [ebp - 0x34], eax
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov dl, byte [ebp - 0x2a]
+mov ecx, dword [ebp - 0x34]
+cmp dl, 2
+mov ebx, eax
+movzx eax, byte [ebp - 0x29]
+je short loc_fffb5ab1 ; je 0xfffb5ab1
+and eax, 0xf
+cmp dl, 3
+je short loc_fffb5aca ; je 0xfffb5aca
+dec dl
+je short loc_fffb5a9e ; je 0xfffb5a9e
+and ecx, 0xfffffff0
+and ebx, 0xffffff80
+or ecx, eax
+or ebx, dword [ebp - 0x1c]
+jmp short loc_fffb5ae0 ; jmp 0xfffb5ae0
+
+loc_fffb5a9e: ; not directly referenced
+shl eax, 4
+and cl, 0xf
+or ecx, eax
+mov eax, dword [ebp - 0x1c]
+and bh, 0x80
+shl eax, 8
+jmp short loc_fffb5ade ; jmp 0xfffb5ade
+
+loc_fffb5ab1: ; not directly referenced
+and eax, 0xf
+and ch, 0xf0
+shl eax, 8
+and ebx, 0xff80ffff
+or ecx, eax
+mov eax, dword [ebp - 0x1c]
+shl eax, 0x10
+jmp short loc_fffb5ade ; jmp 0xfffb5ade
+
+loc_fffb5aca: ; not directly referenced
+shl eax, 0xc
+and ch, 0xf
+or ecx, eax
+mov eax, dword [ebp - 0x1c]
+and ebx, 0x80ffffff
+shl eax, 0x18
+
+loc_fffb5ade: ; not directly referenced
+or ebx, eax
+
+loc_fffb5ae0: ; not directly referenced
+mov edx, dword [ebp - 0x30]
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, dword [ebp - 0x28]
+mov ecx, ebx
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x2b], 0
+je short loc_fffb5b13 ; je 0xfffb5b13
+mov ecx, dword [ebp - 0x24]
+mov al, byte [ebp - 0x20]
+mov byte [ecx + edi + 0x1015], al
+mov al, byte [ebp - 0x29]
+mov byte [ecx + edi + 0x1011], al
+
+loc_fffb5b13: ; not directly referenced
+inc edi
+cmp edi, 4
+jne loc_fffb5a2e ; jne 0xfffb5a2e
+jmp short loc_fffb5b85 ; jmp 0xfffb5b85
+
+loc_fffb5b1f: ; not directly referenced
+mov edi, dword [ebx + 0xa0]
+and eax, 7
+shl eax, 0xc
+and edi, 0xffff8fff
+
+loc_fffb5b31: ; not directly referenced
+or edi, eax
+mov eax, esi
+shl edx, 0xa
+mov ecx, edi
+add edx, 0x4004
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x1c], 0
+je short loc_fffb5b85 ; je 0xfffb5b85
+mov dword [ebx + 0xa0], edi
+jmp short loc_fffb5b85 ; jmp 0xfffb5b85
+
+loc_fffb5b53: ; not directly referenced
+mov edi, dword [ebx + 0xa8]
+and eax, 0x1f
+shl eax, 0xe
+and edi, 0xfff83fff
+
+loc_fffb5b65: ; not directly referenced
+or edi, eax
+mov eax, esi
+shl edx, 0xa
+mov ecx, edi
+add edx, 0x400c
+call fcn_fffae58c ; call 0xfffae58c
+cmp byte [ebp - 0x1c], 0
+je short loc_fffb5b85 ; je 0xfffb5b85
+mov dword [ebx + 0xa8], edi
+
+loc_fffb5b85: ; not directly referenced
+add esp, 0x2c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb5b8d:
+push ebp
+mov ebp, esp
+sub esp, 8
+call fcn_fffb468a ; call 0xfffb468a
+cmp eax, 1
+jne short loc_fffb5bab ; jne 0xfffb5bab
+call fcn_fffb481e ; call 0xfffb481e
+cmp eax, 1
+jne short loc_fffb5bab ; jne 0xfffb5bab
+mov al, 6
+jmp short loc_fffb5bb4 ; jmp 0xfffb5bb4
+
+loc_fffb5bab:
+cmp eax, 2
+sete al
+shl eax, 2
+
+loc_fffb5bb4:
+leave
+ret
+
+fcn_fffb5bb6:
+push ebp
+mov ebp, esp
+sub esp, 8
+call fcn_fffb468a ; call 0xfffb468a
+cmp eax, 1
+jne short loc_fffb5bdf ; jne 0xfffb5bdf
+call fcn_fffb481e ; call 0xfffb481e
+cmp eax, 1
+je short loc_fffb5bdb ; je 0xfffb5bdb
+cmp eax, 2
+sete dl
+shl edx, 3
+jmp short loc_fffb5be9 ; jmp 0xfffb5be9
+
+loc_fffb5bdb:
+mov dl, 0xe
+jmp short loc_fffb5be9 ; jmp 0xfffb5be9
+
+loc_fffb5bdf:
+cmp eax, 2
+mov dl, 0xa
+mov al, 0
+cmovne edx, eax
+
+loc_fffb5be9:
+mov al, dl
+leave
+ret
+
+fcn_fffb5bed: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+mov edx, 0x40
+push edi
+push esi
+push ebx
+sub esp, 0xac
+mov edi, dword [ebp + 8]
+mov eax, dword [edi + 0x5edc]
+mov esi, eax
+mov dword [ebp - 0x90], eax
+mov eax, dword [edi + 0x2443]
+mov dword [ebp - 0x7c], eax
+mov eax, dword [edi + 0x1887]
+mov dword [ebp - 0x78], eax
+mov eax, dword [edi + 0x188b]
+mov dword [ebp - 0x6c], eax
+mov eax, edi
+call fcn_fffc3c0d ; call 0xfffc3c0d
+lea eax, [edi + 0x3756]
+mov ecx, eax
+mov dword [ebp - 0x80], eax
+mov eax, esi
+xor esi, esi
+add eax, 0x1c
+mov dword [ebp - 0x8c], eax
+mov ebx, eax
+mov dword [ebp - 0x70], ecx
+
+loc_fffb5c50: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+cmp dword [eax], 2
+jne loc_fffb5e14 ; jne 0xfffb5e14
+cmp dword [ebp - 0x6c], 1
+je short loc_fffb5c9f ; je 0xfffb5c9f
+
+loc_fffb5c62: ; not directly referenced
+cmp byte [edi + 0x18b4], 1
+jne loc_fffb5d3d ; jne 0xfffb5d3d
+mov eax, dword [ebp - 0x7c]
+call dword [eax + 0x7c] ; ucall
+mov edx, dword [ebp - 0x6c]
+movzx eax, ax
+add eax, eax
+mov ecx, eax
+or eax, 1
+or ecx, 0x3e0001
+dec edx
+cmovne ecx, eax
+mov eax, edi
+lea edx, [esi*4 + 0x2000]
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffb5d3d ; jmp 0xfffb5d3d
+
+loc_fffb5c9f: ; not directly referenced
+mov dl, byte [ebx + 0xcb]
+mov ecx, 0xff
+mov al, byte [ebx + 3]
+and edx, 1
+shl edx, 6
+and eax, 0xffffffbf
+or eax, edx
+mov edx, esi
+mov byte [ebx + 3], al
+mov eax, edi
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebx]
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+cmp byte [ebx + 0xcb], 0
+je short loc_fffb5c62 ; je 0xfffb5c62
+mov byte [ebp - 0x74], 0
+
+loc_fffb5cdc: ; not directly referenced
+mov al, byte [ebp - 0x74]
+cmp al, byte [edi + 0x2488]
+jae loc_fffb5c62 ; jae 0xfffb5c62
+movzx ecx, byte [ebp - 0x74]
+xor edx, edx
+mov al, byte [ebx + ecx*4 + 6]
+shr al, 1
+and eax, 7
+cmp al, 2
+jbe short loc_fffb5d04 ; jbe 0xfffb5d04
+lea edx, [eax - 1]
+and edx, 7
+
+loc_fffb5d04: ; not directly referenced
+mov al, byte [ebx + ecx*4 + 6]
+and edx, 7
+add edx, edx
+and eax, 0xfffffff1
+or eax, edx
+mov edx, esi
+mov byte [ebx + ecx*4 + 6], al
+mov eax, dword [ebx + ecx*4 + 4]
+mov dword [ebp - 0x84], eax
+mov eax, edi
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, dword [ebp - 0x84]
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x74]
+jmp short loc_fffb5cdc ; jmp 0xfffb5cdc
+
+loc_fffb5d3d: ; not directly referenced
+imul eax, dword [edi + 0x18a7], 0x2e
+mov ecx, dword [ebp - 0x70]
+cmp word [ecx + eax + 8], 1
+jne short loc_fffb5d8a ; jne 0xfffb5d8a
+mov eax, esi
+shl eax, 0xa
+add eax, 0x4010
+mov edx, eax
+mov dword [ebp - 0x74], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov dl, byte [edi + 0x190b]
+mov ecx, edx
+shr dl, 1
+and ecx, 1
+and eax, 0xfffffff0
+and edx, 7
+add edx, edx
+or eax, ecx
+or eax, edx
+mov edx, dword [ebp - 0x74]
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb5d8a: ; not directly referenced
+cmp byte [edi + 0x190c], 0
+jne short loc_fffb5db8 ; jne 0xfffb5db8
+cmp dword [ebp - 0x6c], 0
+jne short loc_fffb5db8 ; jne 0xfffb5db8
+and byte [ebx + 0xa3], 0xdf
+mov edx, esi
+mov ecx, dword [ebx + 0xa0]
+shl edx, 0xa
+mov eax, edi
+add edx, 0x4004
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb5db8: ; not directly referenced
+lea edx, [esi*8 + 0x48a8]
+mov ecx, 0x3000
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x70]
+mov edx, esi
+shl edx, 0xa
+add edx, 0x42a0
+movzx ecx, byte [eax + 0xc4]
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+cmp byte [edi + 0x3748], 1
+jne short loc_fffb5e14 ; jne 0xfffb5e14
+lea eax, [esi*4 + 0x5004]
+mov edx, eax
+mov dword [ebp - 0x74], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, dword [ebp - 0x74]
+or eax, 0x3000000
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb5e14: ; not directly referenced
+inc esi
+add ebx, 0xcc
+add dword [ebp - 0x70], 0x13c3
+cmp esi, 2
+jne loc_fffb5c50 ; jne 0xfffb5c50
+xor eax, eax
+cmp dword [edi + 0x2480], 3
+sete al
+mov dword [ebp - 0x84], eax
+test byte [edi + 0x2406], 1
+je short loc_fffb5e4a ; je 0xfffb5e4a
+test eax, eax
+je short loc_fffb5e53 ; je 0xfffb5e53
+
+loc_fffb5e4a: ; not directly referenced
+xor edx, edx
+mov eax, edi
+call fcn_fffb0b30 ; call 0xfffb0b30
+
+loc_fffb5e53: ; not directly referenced
+mov eax, dword [ebp - 0x78]
+cmp eax, 0x40660
+sete dl
+cmp eax, 0x306c0
+sete al
+or dl, al
+jne short loc_fffb5e85 ; jne 0xfffb5e85
+
+loc_fffb5e6a: ; not directly referenced
+mov eax, dword [edi + 0x5edc]
+mov dword [ebp - 0x7c], 0
+lea esi, [eax + 0x1c]
+mov eax, dword [ebp - 0x80]
+mov dword [ebp - 0x74], eax
+jmp near loc_fffb5f7b ; jmp 0xfffb5f7b
+
+loc_fffb5e85: ; not directly referenced
+mov eax, dword [edi + 0x5edc]
+mov dword [ebp - 0x70], 0
+lea ebx, [eax + 0x1c]
+
+loc_fffb5e95: ; not directly referenced
+imul eax, dword [ebp - 0x70], 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne loc_fffb5f49 ; jne 0xfffb5f49
+mov al, byte [edi + 0x2488]
+mov byte [ebp - 0x7c], al
+xor eax, eax
+
+loc_fffb5eb5: ; not directly referenced
+cmp byte [ebp - 0x7c], al
+jbe short loc_fffb5f1e ; jbe 0xfffb5f1e
+mov dl, byte [ebx + eax*4 + 5]
+movzx ecx, byte [ebx + eax*4 + 6]
+shr dl, 5
+and ecx, 1
+movzx edx, dl
+shl ecx, 3
+or ecx, edx
+mov esi, ecx
+mov dl, cl
+or edx, 0xfffffff0
+shr esi, 3
+cmove edx, ecx
+mov cl, byte [ebx + eax*4 + 6]
+movsx edx, dl
+shr cl, 1
+mov esi, ecx
+and esi, 7
+mov dword [ebp - 0x74], esi
+mov cl, byte [ebx + eax*4 + 6]
+shr cl, 4
+mov esi, ecx
+or esi, 0xfffffff0
+test cl, 8
+cmovne ecx, esi
+movzx esi, byte [ebx + eax*4 + 7]
+add edx, dword [ebp - 0x74]
+and esi, 7
+cmp edx, 6
+jg short loc_fffb5f22 ; jg 0xfffb5f22
+movsx ecx, cl
+inc eax
+add ecx, esi
+cmp ecx, 6
+jle short loc_fffb5eb5 ; jle 0xfffb5eb5
+jmp short loc_fffb5f22 ; jmp 0xfffb5f22
+
+loc_fffb5f1e: ; not directly referenced
+xor edx, edx
+jmp short loc_fffb5f24 ; jmp 0xfffb5f24
+
+loc_fffb5f22: ; not directly referenced
+mov dl, 1
+
+loc_fffb5f24: ; not directly referenced
+mov al, byte [ebx + 1]
+mov ecx, 0xff
+and eax, 0xfffffffe
+or eax, edx
+mov edx, dword [ebp - 0x70]
+mov byte [ebx + 1], al
+mov eax, edi
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebx]
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffb5f49: ; not directly referenced
+inc dword [ebp - 0x70]
+add ebx, 0xcc
+cmp dword [ebp - 0x70], 2
+je loc_fffb5e6a ; je 0xfffb5e6a
+jmp near loc_fffb5e95 ; jmp 0xfffb5e95
+
+loc_fffb5f61: ; not directly referenced
+inc dword [ebp - 0x7c]
+add esi, 0xcc
+add dword [ebp - 0x74], 0x13c3
+cmp dword [ebp - 0x7c], 2
+je loc_fffb6031 ; je 0xfffb6031
+
+loc_fffb5f7b: ; not directly referenced
+mov eax, dword [ebp - 0x74]
+cmp dword [eax], 2
+jne short loc_fffb5f61 ; jne 0xfffb5f61
+mov byte [ebp - 0x70], 0
+
+loc_fffb5f87: ; not directly referenced
+movzx eax, byte [ebp - 0x70]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffb5f61 ; jae 0xfffb5f61
+mov ecx, dword [ebp - 0x74]
+mov bl, byte [ecx + 0xc4]
+lea eax, [ecx + eax + 0x104a]
+xor ecx, ecx
+mov dword [ebp - 0x88], eax
+xor eax, eax
+mov byte [ebp - 0x98], bl
+
+loc_fffb5fb3: ; not directly referenced
+mov edx, 1
+shl edx, cl
+test byte [ebp - 0x98], dl
+je short loc_fffb5fe3 ; je 0xfffb5fe3
+mov ebx, dword [ebp - 0x88]
+mov dl, byte [ebx]
+mov byte [ebp - 0x94], dl
+mov dl, byte [ebx + 0x24]
+mov bl, byte [ebp - 0x94]
+cmp bl, dl
+cmovae edx, ebx
+cmp al, dl
+cmovb eax, edx
+
+loc_fffb5fe3: ; not directly referenced
+inc ecx
+add dword [ebp - 0x88], 9
+cmp ecx, 4
+jne short loc_fffb5fb3 ; jne 0xfffb5fb3
+movzx ebx, byte [ebp - 0x70]
+shr al, 3
+not eax
+shr eax, 1
+and eax, 3
+mov dl, byte [esi + ebx*4 + 5]
+mov ecx, ebx
+and byte [esi + ebx*4 + 4], 0x7f
+and edx, 0xfffffffc
+or edx, eax
+mov eax, edi
+mov byte [esi + ebx*4 + 5], dl
+mov edx, dword [ebp - 0x7c]
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, dword [esi + ebx*4 + 4]
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x70]
+jmp near loc_fffb5f87 ; jmp 0xfffb5f87
+
+loc_fffb6031: ; not directly referenced
+movzx ecx, word [edi + 0x2489]
+mov eax, ecx
+shr ax, 1
+movzx eax, ax
+add eax, 0xb2c
+cdq
+idiv ecx
+mov ecx, 7
+cmp eax, 7
+ja short loc_fffb6061 ; ja 0xfffb6061
+xor cl, cl
+cmp eax, 2
+jbe short loc_fffb6061 ; jbe 0xfffb6061
+mov cl, 4
+cmp eax, 3
+cmovne ecx, eax
+
+loc_fffb6061: ; not directly referenced
+cmp dword [ebp - 0x6c], 1
+jne short loc_fffb6079 ; jne 0xfffb6079
+
+loc_fffb6067: ; not directly referenced
+cmp dword [ebp - 0x78], 0x40650
+jne loc_fffb6125 ; jne 0xfffb6125
+jmp near loc_fffb6132 ; jmp 0xfffb6132
+
+loc_fffb6079: ; not directly referenced
+and ecx, 7
+xor esi, esi
+mov ebx, dword [ebp - 0x8c]
+cmp dword [ebp - 0x84], 0
+lea eax, [ecx*8]
+mov dword [ebp - 0x70], 0
+cmove esi, ecx
+mov byte [ebp - 0x7c], al
+
+loc_fffb609f: ; not directly referenced
+imul eax, dword [ebp - 0x70], 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+je short loc_fffb60c1 ; je 0xfffb60c1
+
+loc_fffb60b0: ; not directly referenced
+inc dword [ebp - 0x70]
+add ebx, 0xcc
+cmp dword [ebp - 0x70], 2
+jne short loc_fffb609f ; jne 0xfffb609f
+jmp short loc_fffb6067 ; jmp 0xfffb6067
+
+loc_fffb60c1: ; not directly referenced
+mov byte [ebp - 0x6c], 0
+
+loc_fffb60c5: ; not directly referenced
+mov al, byte [ebp - 0x6c]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffb60b0 ; jae 0xfffb60b0
+cmp dword [ebp - 0x78], 0x40650
+movzx edx, byte [ebp - 0x6c]
+jne short loc_fffb60ef ; jne 0xfffb60ef
+mov al, byte [ebx + edx*4 + 7]
+lea ecx, [esi*8]
+and eax, 0xffffffc7
+or eax, ecx
+jmp short loc_fffb60f9 ; jmp 0xfffb60f9
+
+loc_fffb60ef: ; not directly referenced
+mov al, byte [ebx + edx*4 + 7]
+and eax, 0xffffffc7
+or eax, dword [ebp - 0x7c]
+
+loc_fffb60f9: ; not directly referenced
+mov byte [ebx + edx*4 + 7], al
+movzx eax, byte [ebp - 0x6c]
+mov edx, dword [ebp - 0x70]
+mov ecx, eax
+mov dword [ebp - 0x74], eax
+mov eax, edi
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, dword [ebp - 0x74]
+mov ecx, dword [ebx + ecx*4 + 4]
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x6c]
+jmp short loc_fffb60c5 ; jmp 0xfffb60c5
+
+loc_fffb6125: ; not directly referenced
+cmp dword [edi + 0x188b], 1
+jne loc_fffb6434 ; jne 0xfffb6434
+
+loc_fffb6132: ; not directly referenced
+mov eax, dword [ebp - 0x80]
+mov esi, dword [ebp - 0x8c]
+mov dword [ebp - 0x74], 0
+mov dword [ebp - 0x78], eax
+
+loc_fffb6145: ; not directly referenced
+mov eax, dword [ebp - 0x78]
+cmp dword [eax], 2
+je short loc_fffb6168 ; je 0xfffb6168
+
+loc_fffb614d: ; not directly referenced
+inc dword [ebp - 0x74]
+add esi, 0xcc
+add dword [ebp - 0x78], 0x13c3
+cmp dword [ebp - 0x74], 2
+jne short loc_fffb6145 ; jne 0xfffb6145
+jmp near loc_fffb62d1 ; jmp 0xfffb62d1
+
+loc_fffb6168: ; not directly referenced
+mov ebx, dword [ebp - 0x78]
+xor ecx, ecx
+mov al, byte [ebx + 0xc4]
+mov dword [ebp - 0x70], ebx
+xor ebx, ebx
+mov byte [ebp - 0x80], al
+
+loc_fffb617b: ; not directly referenced
+mov edx, 1
+shl edx, cl
+test byte [ebp - 0x80], dl
+je short loc_fffb61bd ; je 0xfffb61bd
+mov al, byte [edi + 0x2488]
+xor edx, edx
+mov byte [ebp - 0x7c], al
+
+loc_fffb6192: ; not directly referenced
+cmp byte [ebp - 0x7c], dl
+jbe short loc_fffb61bd ; jbe 0xfffb61bd
+mov eax, dword [ebp - 0x70]
+mov ax, word [eax + edx*2 + 0x1b1]
+mov word [ebp - 0x6c], ax
+movzx eax, bl
+shr word [ebp - 0x6c], 6
+cmp ax, word [ebp - 0x6c]
+mov al, byte [ebp - 0x6c]
+cmova eax, ebx
+inc edx
+mov bl, al
+jmp short loc_fffb6192 ; jmp 0xfffb6192
+
+loc_fffb61bd: ; not directly referenced
+inc ecx
+add dword [ebp - 0x70], 0x12
+cmp ecx, 4
+jne short loc_fffb617b ; jne 0xfffb617b
+cmp dword [ebp - 0x84], 0
+mov al, 1
+je short loc_fffb61df ; je 0xfffb61df
+movzx ecx, word [edi + 0x2489]
+lea eax, [ecx + 0x3f]
+cdq
+idiv ecx
+
+loc_fffb61df: ; not directly referenced
+mov byte [ebp - 0x70], 0
+lea eax, [ebx + eax*2 + 0xf]
+mov byte [ebp - 0x6c], al
+
+loc_fffb61ea: ; not directly referenced
+mov al, byte [ebp - 0x70]
+cmp al, byte [edi + 0x2488]
+jae loc_fffb614d ; jae 0xfffb614d
+movzx ecx, byte [ebp - 0x70]
+mov bl, 0x1f
+mov al, byte [esi + ecx*4 + 7]
+shr al, 6
+and eax, 1
+cmp al, 1
+sbb byte [ebp - 0x6c], 0xff
+mov al, byte [ebp - 0x6c]
+cmp al, 0x1f
+cmova eax, ebx
+mov byte [ebp - 0x6c], al
+mov dl, byte [esi + ecx*4 + 5]
+movzx eax, byte [esi + ecx*4 + 6]
+shr dl, 5
+and eax, 1
+movzx edx, dl
+shl eax, 3
+or eax, edx
+mov edx, eax
+mov bl, al
+or ebx, 0xfffffff0
+shr edx, 3
+mov dl, byte [esi + ecx*4 + 6]
+cmove ebx, eax
+shr dl, 1
+and edx, 7
+test byte [esi + 3], 0x40
+je short loc_fffb6271 ; je 0xfffb6271
+lea eax, [ecx + 8]
+mov bl, byte [ebp - 0x6c]
+mov dl, byte [esi + eax*4 + 9]
+movzx eax, byte [esi + eax*4 + 0xa]
+shr dl, 5
+and eax, 3
+movzx edx, dl
+shl eax, 3
+or eax, edx
+cmp bl, al
+cmovae eax, ebx
+jmp short loc_fffb6283 ; jmp 0xfffb6283
+
+loc_fffb6271: ; not directly referenced
+lea eax, [edx + ebx + 0xe]
+mov bl, 0x1f
+cmp al, 0x1f
+mov dl, 0x11
+cmovg eax, ebx
+cmp al, 0x11
+cmovl eax, edx
+
+loc_fffb6283: ; not directly referenced
+and eax, 0x1f
+mov dl, al
+lea ebx, [ecx + 8]
+shl edx, 5
+mov byte [ebp - 0x7c], dl
+mov dl, byte [esi + ebx*4 + 9]
+shr al, 3
+and eax, 3
+and edx, 0x1f
+or edx, dword [ebp - 0x7c]
+mov byte [esi + ebx*4 + 9], dl
+mov dl, byte [esi + ebx*4 + 0xa]
+and edx, 0xfffffffc
+or edx, eax
+mov eax, edi
+mov byte [esi + ebx*4 + 0xa], dl
+mov edx, dword [ebp - 0x74]
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [esi + ebx*4 + 8]
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x70]
+jmp near loc_fffb61ea ; jmp 0xfffb61ea
+
+loc_fffb62d1: ; not directly referenced
+mov eax, dword [edi + 0x2443]
+cmp byte [edi + 0x2402], 0
+mov ebx, dword [edi + 0x5edc]
+mov dword [ebp - 0x74], eax
+je loc_fffb6434 ; je 0xfffb6434
+mov edx, 0x4024
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x40d0
+mov dword [ebp - 0x78], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x4ca4
+mov dword [ebp - 0x7c], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov dl, byte [ebx + 0xc8]
+movzx ecx, byte [ebx + 0xc9]
+mov esi, edx
+and esi, 0x1f
+and ecx, 3
+shr dl, 5
+mov dword [ebp - 0x80], esi
+lea esi, [ecx*8]
+movzx edx, dl
+mov dword [ebp - 0x70], esi
+xor ecx, ecx
+or dword [ebp - 0x70], edx
+mov dl, byte [ebx + 0xcb]
+shr dl, 2
+mov esi, edx
+mov dl, byte [ebx + 0xbf]
+and esi, 3
+mov dword [ebp - 0x84], esi
+shr dl, 6
+movzx esi, dl
+mov dl, byte [ebx + 0xc3]
+mov dword [ebp - 0x6c], esi
+shr dl, 7
+cmp dword [edi + 0x2480], 1
+movzx esi, dl
+jne short loc_fffb638c ; jne 0xfffb638c
+mov edx, dword [ebp - 0x70]
+xor ecx, ecx
+add edx, dword [ebp - 0x6c]
+sub edx, esi
+cmp edx, 5
+sete cl
+
+loc_fffb638c: ; not directly referenced
+mov bl, al
+mov edx, 1
+and ebx, 3
+cmp bl, 2
+jne short loc_fffb63a3 ; jne 0xfffb63a3
+shr eax, 4
+mov edx, eax
+and edx, 7
+
+loc_fffb63a3: ; not directly referenced
+mov al, byte [edi + 0x381a]
+add esi, esi
+add ecx, ecx
+mov byte [ebp - 0x70], al
+lea eax, [esi + 4]
+mov esi, dword [ebp - 0x84]
+add esi, dword [ebp - 0x80]
+add esi, dword [ebp - 0x6c]
+add esi, esi
+sub eax, esi
+sub eax, ecx
+lea eax, [eax + edx*8 - 8]
+xor edx, edx
+mov dword [ebp - 0x6c], eax
+xor eax, eax
+
+loc_fffb63d0: ; not directly referenced
+mov cl, al
+mov esi, 1
+shl esi, cl
+mov ecx, esi
+test byte [ebp - 0x70], cl
+je short loc_fffb6416 ; je 0xfffb6416
+mov ebx, dword [ebp - 0x78]
+lea esi, [eax*8]
+mov ecx, esi
+mov dword [ebp - 0x80], esi
+shr ebx, cl
+mov esi, ebx
+mov ebx, dword [ebp - 0x7c]
+lea ecx, [eax + eax]
+and esi, 0x3f
+add esi, dword [ebp - 0x6c]
+shr ebx, cl
+mov ecx, ebx
+and ecx, 3
+add ecx, ecx
+sub esi, ecx
+mov ecx, esi
+movzx esi, cl
+mov cl, byte [ebp - 0x80]
+shl esi, cl
+or edx, esi
+
+loc_fffb6416: ; not directly referenced
+inc eax
+cmp eax, 4
+jne short loc_fffb63d0 ; jne 0xfffb63d0
+push ebx
+push ebx
+push edx
+mov eax, dword [edi + 0x18cd]
+add eax, 0xc04
+push eax
+mov eax, dword [ebp - 0x74]
+call dword [eax + 0x30] ; ucall
+add esp, 0x10
+
+loc_fffb6434: ; not directly referenced
+mov ecx, 0x14
+mov edx, 0x5f08
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov esi, dword [ebp - 0x90]
+mov dl, byte [edi + 0x369d]
+mov al, byte [esi + 0x16]
+shl edx, 7
+and eax, 0x7f
+or eax, edx
+mov byte [esi + 0x16], al
+mov dl, byte [edi + 0x369e]
+and eax, 0xffffffbf
+and edx, 1
+shl edx, 6
+or eax, edx
+mov byte [esi + 0x16], al
+mov dl, byte [edi + 0x369f]
+and eax, 0xffffffdf
+and edx, 1
+shl edx, 5
+or eax, edx
+mov edx, 0xf78
+mov byte [esi + 0x16], al
+mov ecx, dword [esi + 0x14]
+mov eax, 0xf84
+cmp dword [edi + 0x188b], 1
+cmove edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov ebx, dword [edi + 0x5edc]
+cmp dword [edi + 0x3756], 2
+jne short loc_fffb6508 ; jne 0xfffb6508
+cmp dword [edi + 0x36d7], 0x74a
+ja short loc_fffb64f4 ; ja 0xfffb64f4
+
+loc_fffb64c0: ; not directly referenced
+cmp dword [edi + 0x36d7], 0x854
+ja short loc_fffb64e0 ; ja 0xfffb64e0
+
+loc_fffb64cc: ; not directly referenced
+mov ecx, dword [ebx + 0xc8]
+mov edx, 0x4014
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffb6508 ; jmp 0xfffb6508
+
+loc_fffb64e0: ; not directly referenced
+mov al, byte [ebx + 0xc9]
+and eax, 0xffffffcf
+or eax, 0x20
+mov byte [ebx + 0xc9], al
+jmp short loc_fffb64cc ; jmp 0xfffb64cc
+
+loc_fffb64f4: ; not directly referenced
+mov al, byte [ebx + 0xc9]
+and eax, 0xfffffff3
+or eax, 8
+mov byte [ebx + 0xc9], al
+jmp short loc_fffb64c0 ; jmp 0xfffb64c0
+
+loc_fffb6508: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+jne short loc_fffb655f ; jne 0xfffb655f
+cmp dword [edi + 0x36d7], 0x74a
+jbe short loc_fffb652f ; jbe 0xfffb652f
+mov al, byte [ebx + 0x195]
+and eax, 0xfffffff3
+or eax, 8
+mov byte [ebx + 0x195], al
+
+loc_fffb652f: ; not directly referenced
+cmp dword [edi + 0x36d7], 0x854
+jbe short loc_fffb654d ; jbe 0xfffb654d
+mov al, byte [ebx + 0x195]
+and eax, 0xffffffcf
+or eax, 0x20
+mov byte [ebx + 0x195], al
+
+loc_fffb654d: ; not directly referenced
+mov ecx, dword [ebx + 0x194]
+mov edx, 0x4414
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb655f: ; not directly referenced
+mov eax, edi
+call fcn_fffae778 ; call 0xfffae778
+mov edx, 0x501c
+mov eax, edi
+cmp byte [edi + 0x190a], 1
+sbb ecx, ecx
+and ecx, 0x40000000
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, edi
+call fcn_fffa870e ; call 0xfffa870e
+lea ecx, [edi + 0x18b5]
+mov edx, 0x41
+mov eax, edi
+call fcn_fffc3c0d ; call 0xfffc3c0d
+cmp byte [edi + 0x192b], 0
+jne loc_fffb6c2c ; jne 0xfffb6c2c
+mov ebx, dword [edi + 0x2443]
+lea eax, [ebp - 0x40]
+push ecx
+push 0
+push 8
+push eax
+mov dword [ebp - 0x50], ref_fffd4088 ; mov dword [ebp - 0x50], 0xfffd4088
+mov dword [ebp - 0x4c], ref_fffd4038 ; mov dword [ebp - 0x4c], 0xfffd4038
+mov dword [ebp - 0x48], ref_fffd3fd8 ; mov dword [ebp - 0x48], 0xfffd3fd8
+mov dword [ebp - 0x44], ref_fffd3fcc ; mov dword [ebp - 0x44], 0xfffd3fcc
+mov dword [ebp - 0xb8], 0
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 8
+lea eax, [ebp - 0x38]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 8
+lea eax, [ebp - 0x30]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 8
+lea eax, [ebp - 0x28]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 8
+lea eax, [ebp - 0x20]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0xff
+push 4
+lea eax, [ebp - 0x58]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 4
+lea eax, [ebp - 0x54]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0x10
+cmp dword [edi + 0x2480], 3
+jne short loc_fffb6650 ; jne 0xfffb6650
+mov word [ebp - 0x5c], 8
+mov word [ebp - 0x5a], 1
+jmp short loc_fffb665c ; jmp 0xfffb665c
+
+loc_fffb6650: ; not directly referenced
+mov word [ebp - 0x5c], 0x228
+mov word [ebp - 0x5a], 7
+
+loc_fffb665c: ; not directly referenced
+mov eax, dword [edi + 0x18a7]
+mov dword [ebp - 0xb0], eax
+dec eax
+je loc_fffb6c2c ; je 0xfffb6c2c
+lea eax, [edi + 0x48c9]
+mov dword [ebp - 0x7c], eax
+lea eax, [ebp - 0x58]
+mov dword [ebp - 0x90], eax
+lea eax, [ebp - 0x20]
+mov dword [ebp - 0xa4], eax
+lea eax, [ebp - 0x28]
+mov dword [ebp - 0x8c], eax
+lea eax, [ebp - 0x30]
+mov dword [ebp - 0x94], eax
+lea eax, [ebp - 0x38]
+mov dword [ebp - 0x98], eax
+lea eax, [ebp - 0x40]
+mov dword [ebp - 0x88], eax
+lea eax, [ebp - 0x54]
+mov dword [ebp - 0x80], eax
+mov byte [ebp - 0x74], 0xff
+
+loc_fffb66b8: ; not directly referenced
+mov eax, dword [ebp - 0x7c]
+cmp dword [eax - 0x1173], 2
+jne loc_fffb69e0 ; jne 0xfffb69e0
+mov dword [ebp - 0x6c], eax
+mov dword [ebp - 0x78], 0
+
+loc_fffb66d2: ; not directly referenced
+mov eax, dword [ebp - 0x6c]
+cmp dword [eax], 2
+jne loc_fffb69cc ; jne 0xfffb69cc
+mov eax, dword [ebp - 0xb0]
+mov eax, dword [edi + eax*4 + 0x3735]
+cmp eax, 0x546
+je short loc_fffb6713 ; je 0xfffb6713
+cmp eax, 0x5dc
+je short loc_fffb671a ; je 0xfffb671a
+cmp eax, 0x4b0
+setne cl
+movzx eax, cl
+movzx ebx, cl
+lea eax, [eax + eax*2 + 1]
+mov dword [ebp - 0x84], ebx
+jmp short loc_fffb6729 ; jmp 0xfffb6729
+
+loc_fffb6713: ; not directly referenced
+mov eax, 2
+jmp short loc_fffb671f ; jmp 0xfffb671f
+
+loc_fffb671a: ; not directly referenced
+mov eax, 3
+
+loc_fffb671f: ; not directly referenced
+mov dword [ebp - 0x84], 0
+
+loc_fffb6729: ; not directly referenced
+mov esi, dword [ebp - 0x6c]
+and eax, 0xfffffe0f
+movzx ebx, byte [esi + 0xcc]
+movzx ecx, byte [esi + 0xd9]
+and ebx, 1
+shl ebx, 4
+and ecx, 0xf
+or eax, ebx
+movzx ebx, byte [esi + 0xf2]
+shl ecx, 5
+or eax, ecx
+movzx ecx, byte [esi + 0xed]
+and ah, 0x81
+and ebx, 7
+shl ebx, 9
+or eax, ebx
+mov ebx, dword [ebp - 0x7c]
+and ecx, 7
+shl ecx, 0xc
+or eax, ecx
+and eax, 0xfffe7fff
+movzx ecx, byte [ebx - 0x10b3]
+and ecx, 3
+shl ecx, 0xf
+or eax, ecx
+mov ecx, dword [edi + 0x36d7]
+cmp ecx, 0x640
+je short loc_fffb67db ; je 0xfffb67db
+ja short loc_fffb67b3 ; ja 0xfffb67b3
+cmp ecx, 0x42b
+je short loc_fffb67cf ; je 0xfffb67cf
+cmp ecx, 0x535
+jne short loc_fffb67f3 ; jne 0xfffb67f3
+and eax, 0xffe1ffff
+or eax, 0xa0000
+jmp short loc_fffb67fd ; jmp 0xfffb67fd
+
+loc_fffb67b3: ; not directly referenced
+cmp ecx, 0x74b
+je short loc_fffb67e7 ; je 0xfffb67e7
+cmp ecx, 0x855
+jne short loc_fffb67f3 ; jne 0xfffb67f3
+and eax, 0xffe1ffff
+or eax, 0x160000
+jmp short loc_fffb67fd ; jmp 0xfffb67fd
+
+loc_fffb67cf: ; not directly referenced
+and eax, 0xffe1ffff
+or eax, 0x60000
+jmp short loc_fffb67fd ; jmp 0xfffb67fd
+
+loc_fffb67db: ; not directly referenced
+and eax, 0xffe1ffff
+or eax, 0xe0000
+jmp short loc_fffb67fd ; jmp 0xfffb67fd
+
+loc_fffb67e7: ; not directly referenced
+and eax, 0xffe1ffff
+or eax, 0x120000
+jmp short loc_fffb67fd ; jmp 0xfffb67fd
+
+loc_fffb67f3: ; not directly referenced
+mov dword [ebp - 0x84], 1
+
+loc_fffb67fd: ; not directly referenced
+mov esi, dword [ebp - 0x6c]
+and eax, 0xff1fffff
+mov ebx, dword [edi + 0x2480]
+mov dword [ebp - 0x70], 0
+movzx ecx, byte [esi + 0xf3]
+mov dword [ebp - 0xb4], ebx
+and ecx, 7
+shl ecx, 0x15
+or eax, ecx
+mov ecx, eax
+and ecx, 0xfffe7e0f
+cmp ebx, 3
+cmove eax, ecx
+xor ebx, ebx
+
+loc_fffb6837: ; not directly referenced
+mov edx, dword [ebp - 0x70]
+mov byte [ebp - 0xa9], dl
+test dl, dl
+jne short loc_fffb6853 ; jne 0xfffb6853
+cmp dword [ebp - 0x84], 0
+jne loc_fffb69bf ; jne 0xfffb69bf
+jmp short loc_fffb6860 ; jmp 0xfffb6860
+
+loc_fffb6853: ; not directly referenced
+test ebx, ebx
+jne loc_fffb69ba ; jne 0xfffb69ba
+and eax, 0xff0001ff
+
+loc_fffb6860: ; not directly referenced
+mov ecx, dword [ebp - 0x70]
+xor esi, esi
+movzx ecx, word [ebp + ecx*2 - 0x5c]
+mov word [ebp - 0xac], cx
+dec ecx
+mov dword [ebp - 0xa8], ecx
+
+loc_fffb6878: ; not directly referenced
+cmp word [ebp - 0xac], si
+jbe loc_fffb69bf ; jbe 0xfffb69bf
+cmp dword [ebp - 0xb4], 3
+jne loc_fffb6930 ; jne 0xfffb6930
+mov edx, dword [ebp - 0x70]
+imul ecx, esi, 0xc
+add ecx, dword [ebp + edx*4 - 0x48]
+cmp eax, dword [ecx]
+jne short loc_fffb6910 ; jne 0xfffb6910
+
+loc_fffb68a0: ; not directly referenced
+mov bl, byte [ecx + 5]
+mov esi, dword [ebp - 0x78]
+mov edx, dword [ebp - 0x88]
+cmp byte [edi + 0x3755], 1
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x98]
+mov bl, byte [ecx + 6]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x94]
+mov bl, byte [ecx + 7]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x8c]
+mov bl, byte [ecx + 8]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0xa4]
+mov bl, byte [ecx + 9]
+mov byte [edx + esi], bl
+mov ebx, dword [ebp - 0x90]
+mov dl, byte [ecx + 4]
+mov byte [ebx + esi], dl
+mov bl, byte [ecx + 0xa]
+mov cl, byte [ecx + 0xb]
+cmove ecx, ebx
+mov ebx, dword [ebp - 0x80]
+mov byte [ebx + esi], cl
+mov bl, byte [ebp - 0x74]
+cmp bl, dl
+cmovbe edx, ebx
+mov bl, dl
+jmp near loc_fffb699c ; jmp 0xfffb699c
+
+loc_fffb6910: ; not directly referenced
+cmp byte [ebp - 0xa9], 1
+jne loc_fffb69b4 ; jne 0xfffb69b4
+mov edx, dword [ebp - 0xa8]
+cmp esi, edx
+jne loc_fffb69b4 ; jne 0xfffb69b4
+jmp near loc_fffb68a0 ; jmp 0xfffb68a0
+
+loc_fffb6930: ; not directly referenced
+mov edx, dword [ebp - 0x70]
+imul ecx, esi, 0xb
+add ecx, dword [ebp + edx*4 - 0x50]
+cmp eax, dword [ecx]
+jne short loc_fffb69a1 ; jne 0xfffb69a1
+
+loc_fffb693e: ; not directly referenced
+mov bl, byte [ecx + 5]
+mov esi, dword [ebp - 0x78]
+mov edx, dword [ebp - 0x88]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x98]
+mov bl, byte [ecx + 6]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x94]
+mov bl, byte [ecx + 7]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x8c]
+mov bl, byte [ecx + 8]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0xa4]
+mov bl, byte [ecx + 9]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x90]
+mov bl, byte [ecx + 4]
+mov byte [edx + esi], bl
+mov edx, dword [ebp - 0x80]
+mov cl, byte [ecx + 0xa]
+mov byte [edx + esi], cl
+mov cl, byte [ebp - 0x74]
+cmp cl, bl
+cmova ecx, ebx
+mov bl, cl
+
+loc_fffb699c: ; not directly referenced
+mov byte [ebp - 0x74], bl
+jmp short loc_fffb69ba ; jmp 0xfffb69ba
+
+loc_fffb69a1: ; not directly referenced
+cmp byte [ebp - 0xa9], 1
+jne short loc_fffb69b4 ; jne 0xfffb69b4
+mov edx, dword [ebp - 0xa8]
+cmp esi, edx
+je short loc_fffb693e ; je 0xfffb693e
+
+loc_fffb69b4: ; not directly referenced
+inc esi
+jmp near loc_fffb6878 ; jmp 0xfffb6878
+
+loc_fffb69ba: ; not directly referenced
+mov ebx, 1
+
+loc_fffb69bf: ; not directly referenced
+inc dword [ebp - 0x70]
+cmp dword [ebp - 0x70], 2
+jne loc_fffb6837 ; jne 0xfffb6837
+
+loc_fffb69cc: ; not directly referenced
+inc dword [ebp - 0x78]
+add dword [ebp - 0x6c], 0x128
+cmp dword [ebp - 0x78], 2
+jne loc_fffb66d2 ; jne 0xfffb66d2
+
+loc_fffb69e0: ; not directly referenced
+add dword [ebp - 0x80], 2
+add dword [ebp - 0x7c], 0x13c3
+add dword [ebp - 0x88], 4
+add dword [ebp - 0x98], 4
+add dword [ebp - 0x94], 4
+add dword [ebp - 0x8c], 4
+add dword [ebp - 0xa4], 4
+add dword [ebp - 0x90], 2
+lea eax, [ebp - 0x50]
+cmp dword [ebp - 0x80], eax
+jne loc_fffb66b8 ; jne 0xfffb66b8
+lea eax, [ebp - 0x58]
+mov esi, 0x42f8
+mov dword [ebp - 0x8c], eax
+lea eax, [ebp - 0x20]
+mov dword [ebp - 0x7c], eax
+lea eax, [ebp - 0x28]
+mov dword [ebp - 0x84], eax
+lea eax, [ebp - 0x30]
+mov dword [ebp - 0x80], eax
+lea eax, [ebp - 0x38]
+mov dword [ebp - 0x88], eax
+lea eax, [ebp - 0x40]
+mov dword [ebp - 0x70], edi
+lea ebx, [ebp - 0x54]
+mov dword [ebp - 0x78], eax
+
+loc_fffb6a59: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+cmp dword [eax + 0x3756], 2
+jne loc_fffb6bc1 ; jne 0xfffb6bc1
+xor eax, eax
+
+loc_fffb6a6b: ; not directly referenced
+imul edx, eax, 0x128
+mov ecx, dword [ebp - 0x70]
+cmp dword [ecx + edx + 0x48c9], 2
+jne loc_fffb6b29 ; jne 0xfffb6b29
+mov ecx, dword [ebp - 0x8c]
+mov cl, byte [ecx + eax]
+sub cl, byte [ebp - 0x74]
+mov byte [ebp - 0x6c], cl
+je loc_fffb6b29 ; je 0xfffb6b29
+mov ecx, dword [ebp - 0x78]
+movzx edx, byte [ecx + eax]
+mov dword [ebp - 0x90], ecx
+mov cl, byte [ebp - 0x6c]
+inc edx
+sar edx, cl
+mov ecx, dword [ebp - 0x90]
+mov byte [ecx + eax], dl
+mov ecx, dword [ebp - 0x88]
+movzx edx, byte [ecx + eax]
+mov dword [ebp - 0x90], ecx
+mov cl, byte [ebp - 0x6c]
+inc edx
+sar edx, cl
+mov ecx, dword [ebp - 0x90]
+mov byte [ecx + eax], dl
+mov ecx, dword [ebp - 0x80]
+movzx edx, byte [ecx + eax]
+mov dword [ebp - 0x90], ecx
+mov cl, byte [ebp - 0x6c]
+inc edx
+sar edx, cl
+mov ecx, dword [ebp - 0x90]
+mov byte [ecx + eax], dl
+mov ecx, dword [ebp - 0x84]
+movzx edx, byte [ecx + eax]
+mov dword [ebp - 0x90], ecx
+mov cl, byte [ebp - 0x6c]
+inc edx
+sar edx, cl
+mov ecx, dword [ebp - 0x90]
+mov byte [ecx + eax], dl
+mov ecx, dword [ebp - 0x7c]
+movzx edx, byte [ecx + eax]
+mov dword [ebp - 0x90], ecx
+mov cl, byte [ebp - 0x6c]
+inc edx
+sar edx, cl
+mov ecx, dword [ebp - 0x90]
+mov byte [ecx + eax], dl
+
+loc_fffb6b29: ; not directly referenced
+inc eax
+cmp eax, 2
+jne loc_fffb6a6b ; jne 0xfffb6a6b
+mov eax, dword [ebp - 0x70]
+cmp dword [eax + 0x3816], 1
+ja short loc_fffb6b4b ; ja 0xfffb6b4b
+mov al, byte [ebx]
+mov dl, byte [ebx + 1]
+cmp dl, al
+cmovae eax, edx
+jmp short loc_fffb6b6a ; jmp 0xfffb6b6a
+
+loc_fffb6b4b: ; not directly referenced
+movzx edx, byte [ebx]
+movzx eax, byte [ebx + 1]
+cmp dl, al
+je short loc_fffb6b71 ; je 0xfffb6b71
+lea eax, [edx + eax + 1]
+sar eax, 1
+cmp al, 0xf7
+ja short loc_fffb6b6e ; ja 0xfffb6b6e
+test al, 7
+je short loc_fffb6b6a ; je 0xfffb6b6a
+and eax, 0xfffffff8
+add eax, 8
+
+loc_fffb6b6a: ; not directly referenced
+mov byte [ebx], al
+jmp short loc_fffb6b71 ; jmp 0xfffb6b71
+
+loc_fffb6b6e: ; not directly referenced
+mov byte [ebx], 0xf8
+
+loc_fffb6b71: ; not directly referenced
+mov eax, dword [ebp - 0x78]
+mov edx, esi
+mov ecx, dword [eax]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x88]
+lea edx, [esi + 4]
+mov ecx, dword [eax]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x80]
+lea edx, [esi - 4]
+mov ecx, dword [eax]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x84]
+lea edx, [esi - 8]
+mov ecx, dword [eax]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x7c]
+lea edx, [esi - 0xc]
+mov ecx, dword [eax]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb6bc1: ; not directly referenced
+add esi, 0x400
+add ebx, 2
+add dword [ebp - 0x70], 0x13c3
+add dword [ebp - 0x78], 4
+add dword [ebp - 0x88], 4
+add dword [ebp - 0x80], 4
+add dword [ebp - 0x84], 4
+add dword [ebp - 0x7c], 4
+add dword [ebp - 0x8c], 2
+cmp esi, 0x4af8
+jne loc_fffb6a59 ; jne 0xfffb6a59
+mov eax, dword [ebp - 0xb8]
+mov edx, 0x5888
+mov al, byte [ebp - 0x54]
+mov ebx, eax
+mov al, byte [ebp - 0x52]
+mov bh, al
+mov eax, edi
+mov ecx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+movzx ecx, byte [ebp - 0x74]
+mov edx, 0x5884
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffb6c2c: ; not directly referenced
+cmp dword [edi + 0x188b], 1
+jne loc_fffb6efc ; jne 0xfffb6efc
+movzx eax, byte [edi + 0x2420]
+mov byte [ebp - 0x6c], al
+test al, al
+je loc_fffb6eb3 ; je 0xfffb6eb3
+mov esi, dword [edi + 0x2443]
+cmp al, 4
+ja loc_fffb6ded ; ja 0xfffb6ded
+shl eax, 3
+push edx
+push eax
+lea eax, [edi + 0x2421]
+push eax
+lea eax, [edi + 0x36a9]
+push eax
+call dword [esi + 0x58] ; ucall
+mov cl, byte [ebp - 0x6c]
+mov eax, 1
+add esp, 0x10
+shl eax, cl
+dec eax
+mov byte [ebp - 0x70], al
+xor eax, eax
+
+loc_fffb6c82: ; not directly referenced
+and dword [edi + eax*8 + 0x36a9], 0xffffffc0
+and dword [edi + eax*8 + 0x36ad], 0x7f
+inc eax
+cmp byte [ebp - 0x6c], al
+ja short loc_fffb6c82 ; ja 0xfffb6c82
+mov al, byte [ebp - 0x6c]
+xor ecx, ecx
+mov byte [ebp - 0x74], 0
+dec eax
+mov byte [ebp - 0x78], al
+
+loc_fffb6ca5: ; not directly referenced
+cmp cl, byte [ebp - 0x78]
+jae short loc_fffb6d06 ; jae 0xfffb6d06
+lea eax, [ecx + 1]
+mov byte [ebp - 0x7c], al
+
+loc_fffb6cb0: ; not directly referenced
+cmp al, byte [ebp - 0x6c]
+jae short loc_fffb6d00 ; jae 0xfffb6d00
+lea esi, [ecx + 0x24a]
+movzx ebx, al
+mov edx, dword [edi + esi*8 + 0x2459]
+add ebx, 0x24a
+mov dword [ebp - 0x80], edx
+mov edx, dword [edi + ebx*8 + 0x245d]
+cmp dword [edi + esi*8 + 0x245d], edx
+jne short loc_fffb6cfd ; jne 0xfffb6cfd
+mov esi, dword [ebp - 0x80]
+cmp esi, dword [edi + ebx*8 + 0x2459]
+jne short loc_fffb6cfd ; jne 0xfffb6cfd
+mov eax, 1
+shl eax, cl
+mov ecx, eax
+not ecx
+inc byte [ebp - 0x74]
+and byte [ebp - 0x70], cl
+jmp short loc_fffb6d00 ; jmp 0xfffb6d00
+
+loc_fffb6cfd: ; not directly referenced
+inc eax
+jmp short loc_fffb6cb0 ; jmp 0xfffb6cb0
+
+loc_fffb6d00: ; not directly referenced
+movzx ecx, byte [ebp - 0x7c]
+jmp short loc_fffb6ca5 ; jmp 0xfffb6ca5
+
+loc_fffb6d06: ; not directly referenced
+xor ebx, ebx
+
+loc_fffb6d08: ; not directly referenced
+movzx eax, byte [ebp - 0x70]
+bt eax, ebx
+jae short loc_fffb6d6a ; jae 0xfffb6d6a
+push esi
+mov eax, dword [edi + 0x2443]
+push 0x14
+push dword [edi + ebx*8 + 0x36ad]
+push dword [edi + ebx*8 + 0x36a9]
+call dword [eax + 0x6c] ; ucall
+mov ecx, dword [edi + 0x370d]
+add esp, 0x10
+mov dword [ebp - 0x7c], ecx
+mov esi, edx
+mov edx, dword [edi + 0x36f0]
+cmp esi, 0
+ja short loc_fffb6d48 ; ja 0xfffb6d48
+cmp eax, edx
+jb short loc_fffb6d6a ; jb 0xfffb6d6a
+
+loc_fffb6d48: ; not directly referenced
+cmp esi, 0
+ja short loc_fffb6d58 ; ja 0xfffb6d58
+cmp eax, 0xfff
+jbe loc_fffb6ebc ; jbe 0xfffb6ebc
+
+loc_fffb6d58: ; not directly referenced
+cmp esi, 0
+ja loc_fffb6ebc ; ja 0xfffb6ebc
+cmp eax, dword [ebp - 0x7c]
+jae loc_fffb6ebc ; jae 0xfffb6ebc
+
+loc_fffb6d6a: ; not directly referenced
+inc ebx
+cmp byte [ebp - 0x6c], bl
+ja short loc_fffb6d08 ; ja 0xfffb6d08
+mov esi, dword [ebp - 0x74]
+mov al, byte [ebp - 0x6c]
+mov ebx, esi
+sub eax, ebx
+mov byte [edi + 0x36a8], al
+test bl, bl
+je loc_fffb6efc ; je 0xfffb6efc
+test al, al
+je loc_fffb6efc ; je 0xfffb6efc
+xor eax, eax
+
+loc_fffb6d92: ; not directly referenced
+mov dl, al
+cmp al, byte [ebp - 0x78]
+jae loc_fffb6efc ; jae 0xfffb6efc
+movzx esi, byte [ebp - 0x70]
+bt esi, eax
+jb short loc_fffb6dea ; jb 0xfffb6dea
+
+loc_fffb6da6: ; not directly referenced
+inc edx
+cmp dl, byte [ebp - 0x6c]
+jae short loc_fffb6dea ; jae 0xfffb6dea
+bt esi, edx
+movzx ecx, dl
+jae short loc_fffb6da6 ; jae 0xfffb6da6
+mov esi, dword [edi + ecx*8 + 0x36ad]
+mov edx, 1
+mov ebx, dword [edi + ecx*8 + 0x36a9]
+shl edx, cl
+mov cl, al
+not edx
+mov dword [edi + eax*8 + 0x36ad], esi
+mov esi, 1
+shl esi, cl
+mov ecx, esi
+or byte [ebp - 0x70], cl
+and byte [ebp - 0x70], dl
+mov dword [edi + eax*8 + 0x36a9], ebx
+
+loc_fffb6dea: ; not directly referenced
+inc eax
+jmp short loc_fffb6d92 ; jmp 0xfffb6d92
+
+loc_fffb6ded: ; not directly referenced
+mov al, byte [ebp - 0x6c]
+mov bl, 4
+sub eax, 4
+cmp al, 4
+cmovbe ebx, eax
+mov eax, dword [edi + 0x370d]
+xor edx, edx
+mov byte [edi + 0x36a8], bl
+push ecx
+push 0x14
+push edx
+push eax
+mov byte [ebp - 0x70], bl
+call dword [esi + 0x68] ; ucall
+add eax, 0xffffffff
+adc edx, 0xffffffff
+add esp, 0xc
+push 0x20
+mov ebx, eax
+push edx
+and ebx, 0xffffffc0
+push eax
+mov dword [ebp - 0x74], ebx
+call dword [esi + 0x6c] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x6c], 0
+mov dword [ebp - 0x78], eax
+
+loc_fffb6e38: ; not directly referenced
+mov ebx, dword [esi + 0x68]
+call dword [esi + 0x7c] ; ucall
+and eax, dword [ebp - 0x78]
+push edx
+xor edx, edx
+push 0x20
+push edx
+push eax
+call ebx
+mov ebx, eax
+mov dword [ebp - 0x7c], edx
+call dword [esi + 0x7c] ; ucall
+mov edx, dword [ebp - 0x7c]
+add esp, 0xc
+and eax, dword [ebp - 0x74]
+mov dword [ebp - 0x9c], edx
+or eax, ebx
+mov dword [ebp - 0xa0], eax
+mov eax, dword [edi + 0x2443]
+push 0x14
+push dword [ebp - 0x9c]
+push dword [ebp - 0xa0]
+call dword [eax + 0x6c] ; ucall
+mov ebx, dword [edi + 0x370d]
+mov ecx, dword [edi + 0x36f0]
+add esp, 0x10
+mov dword [ebp - 0x7c], ebx
+cmp edx, 0
+ja short loc_fffb6e9b ; ja 0xfffb6e9b
+cmp eax, ecx
+jb short loc_fffb6ed0 ; jb 0xfffb6ed0
+
+loc_fffb6e9b: ; not directly referenced
+cmp edx, 0
+ja short loc_fffb6ea7 ; ja 0xfffb6ea7
+cmp eax, 0xfff
+jbe short loc_fffb6e38 ; jbe 0xfffb6e38
+
+loc_fffb6ea7: ; not directly referenced
+cmp edx, 0
+ja short loc_fffb6e38 ; ja 0xfffb6e38
+cmp eax, dword [ebp - 0x7c]
+jb short loc_fffb6ed0 ; jb 0xfffb6ed0
+jmp short loc_fffb6e38 ; jmp 0xfffb6e38
+
+loc_fffb6eb3: ; not directly referenced
+mov byte [edi + 0x36a8], 0
+jmp short loc_fffb6efc ; jmp 0xfffb6efc
+
+loc_fffb6ebc: ; not directly referenced
+mov eax, 0xfffffffe
+mov cl, bl
+rol eax, cl
+inc byte [ebp - 0x74]
+and byte [ebp - 0x70], al
+jmp near loc_fffb6d6a ; jmp 0xfffb6d6a
+
+loc_fffb6ed0: ; not directly referenced
+mov ebx, dword [ebp - 0x6c]
+mov eax, dword [ebp - 0xa0]
+mov edx, dword [ebp - 0x9c]
+inc dword [ebp - 0x6c]
+mov dword [edi + ebx*8 + 0x36a9], eax
+mov al, byte [ebp - 0x6c]
+mov dword [edi + ebx*8 + 0x36ad], edx
+cmp byte [ebp - 0x70], al
+ja loc_fffb6e38 ; ja 0xfffb6e38
+
+loc_fffb6efc: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb6f06: ; not directly referenced
+push ebp
+mov eax, 0x80000002
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 0x20]
+mov ecx, dword [ebp + 0x10]
+mov esi, dword [ebp + 0x14]
+mov edi, dword [ebp + 0x18]
+test ebx, ebx
+je loc_fffb6fca ; je 0xfffb6fca
+cmp ecx, 0xb
+ja loc_fffb6fca ; ja 0xfffb6fca
+push eax
+mov edx, ecx
+push dword [ebp + 0x1c]
+xor eax, eax
+mov dword [ebp - 0x1c], ecx
+push edi
+push esi
+call fcn_fffac5c7 ; call 0xfffac5c7
+add esp, 0x10
+mov ecx, dword [ebp - 0x1c]
+test eax, eax
+js short loc_fffb6fca ; js 0xfffb6fca
+mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538]
+mov dword [ebp - 0x24], 0
+mov byte [ebp - 0x1e], al
+mov eax, ecx
+and eax, 3
+mov dword [ebp - 0x1c], eax
+movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c]
+dec eax
+test ebx, eax
+movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c]
+sete byte [ebp - 0x1d]
+mov dword [ebp - 0x28], eax
+
+loc_fffb6f7d: ; not directly referenced
+cmp dword [ebp + 0x1c], 0
+je short loc_fffb6fc8 ; je 0xfffb6fc8
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffb6f90 ; jne 0xfffb6f90
+mov al, byte [ebx]
+mov edx, esi
+out dx, al
+jmp short loc_fffb6fb7 ; jmp 0xfffb6fb7
+
+loc_fffb6f90: ; not directly referenced
+cmp dword [ebp - 0x1c], 1
+jne short loc_fffb6fa4 ; jne 0xfffb6fa4
+movzx eax, word [ebx]
+push edx
+push edx
+push eax
+push esi
+call fcn_fffb3f28 ; call 0xfffb3f28
+jmp short loc_fffb6fb4 ; jmp 0xfffb6fb4
+
+loc_fffb6fa4: ; not directly referenced
+cmp dword [ebp - 0x1c], 2
+jne short loc_fffb6fb7 ; jne 0xfffb6fb7
+push eax
+push eax
+push dword [ebx]
+push esi
+call fcn_fffaafda ; call 0xfffaafda
+
+loc_fffb6fb4: ; not directly referenced
+add esp, 0x10
+
+loc_fffb6fb7: ; not directly referenced
+movzx eax, byte [ebp - 0x1e]
+add esi, dword [ebp - 0x28]
+adc edi, dword [ebp - 0x24]
+dec dword [ebp + 0x1c]
+add ebx, eax
+jmp short loc_fffb6f7d ; jmp 0xfffb6f7d
+
+loc_fffb6fc8: ; not directly referenced
+xor eax, eax
+
+loc_fffb6fca: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb6fd2: ; not directly referenced
+push ebp
+mov eax, 0x80000002
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 0x20]
+mov ecx, dword [ebp + 0x10]
+mov esi, dword [ebp + 0x14]
+mov edi, dword [ebp + 0x18]
+test ebx, ebx
+je loc_fffb7097 ; je 0xfffb7097
+cmp ecx, 0xb
+ja loc_fffb7097 ; ja 0xfffb7097
+push eax
+mov edx, ecx
+push dword [ebp + 0x1c]
+xor eax, eax
+mov dword [ebp - 0x1c], ecx
+push edi
+push esi
+call fcn_fffac5c7 ; call 0xfffac5c7
+add esp, 0x10
+mov ecx, dword [ebp - 0x1c]
+test eax, eax
+js short loc_fffb7097 ; js 0xfffb7097
+mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538]
+mov dword [ebp - 0x24], 0
+mov byte [ebp - 0x1e], al
+mov eax, ecx
+and eax, 3
+mov dword [ebp - 0x1c], eax
+movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c]
+dec eax
+test ebx, eax
+movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c]
+sete byte [ebp - 0x1d]
+mov dword [ebp - 0x28], eax
+
+loc_fffb7049: ; not directly referenced
+cmp dword [ebp + 0x1c], 0
+je short loc_fffb7095 ; je 0xfffb7095
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffb705c ; jne 0xfffb705c
+mov edx, esi
+in al, dx
+mov byte [ebx], al
+jmp short loc_fffb7084 ; jmp 0xfffb7084
+
+loc_fffb705c: ; not directly referenced
+cmp dword [ebp - 0x1c], 1
+jne short loc_fffb7070 ; jne 0xfffb7070
+sub esp, 0xc
+push esi
+call fcn_fffb3f0f ; call 0xfffb3f0f
+mov word [ebx], ax
+jmp short loc_fffb7081 ; jmp 0xfffb7081
+
+loc_fffb7070: ; not directly referenced
+cmp dword [ebp - 0x1c], 2
+jne short loc_fffb7084 ; jne 0xfffb7084
+sub esp, 0xc
+push esi
+call fcn_fffaafc2 ; call 0xfffaafc2
+mov dword [ebx], eax
+
+loc_fffb7081: ; not directly referenced
+add esp, 0x10
+
+loc_fffb7084: ; not directly referenced
+movzx eax, byte [ebp - 0x1e]
+add esi, dword [ebp - 0x28]
+adc edi, dword [ebp - 0x24]
+dec dword [ebp + 0x1c]
+add ebx, eax
+jmp short loc_fffb7049 ; jmp 0xfffb7049
+
+loc_fffb7095: ; not directly referenced
+xor eax, eax
+
+loc_fffb7097: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb709f: ; not directly referenced
+push ebp
+mov ebp, esp
+sub esp, 8
+mov edx, dword [0xff7d77b0]
+mov eax, dword [ebp + 0xc]
+add eax, 3
+and eax, 0xfffffffc
+test edx, edx
+jne short loc_fffb70c4 ; jne 0xfffb70c4
+mov dword [0xff7d77ac], 0xff7d027c
+jmp short loc_fffb70ea ; jmp 0xfffb70ea
+
+loc_fffb70c4: ; not directly referenced
+mov ecx, dword [0xff7d77ac]
+cmp dword [ecx + edx], 0x900ddea1
+je short loc_fffb70ea ; je 0xfffb70ea
+push eax
+push 0x3d
+push ref_fffd3fbc ; push 0xfffd3fbc
+push ref_fffd5fdd ; push 0xfffd5fdd
+call fcn_fffb76e3 ; call 0xfffb76e3
+add esp, 0x10
+
+loc_fffb70e8: ; not directly referenced
+jmp short loc_fffb70e8 ; jmp 0xfffb70e8
+
+loc_fffb70ea: ; not directly referenced
+lea ecx, [eax + edx]
+cmp ecx, 0x752c
+jbe short loc_fffb710c ; jbe 0xfffb710c
+push eax
+push 0x4b
+push ref_fffd3fbc ; push 0xfffd3fbc
+push ref_fffd5ffd ; push 0xfffd5ffd
+call fcn_fffb76e3 ; call 0xfffb76e3
+add esp, 0x10
+
+loc_fffb710a: ; not directly referenced
+jmp short loc_fffb710a ; jmp 0xfffb710a
+
+loc_fffb710c: ; not directly referenced
+mov eax, dword [0xff7d77ac]
+mov dword [0xff7d77b0], ecx
+mov dword [eax + ecx], 0x900ddea1
+mov ecx, dword [ebp + 0x10]
+add edx, eax
+xor eax, eax
+mov dword [ecx], edx
+leave
+ret
+
+fcn_fffb7129: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov dword [ebp - 0x30], edx
+mov dword [ebp - 0x1c], 0
+call fcn_fffb481e ; call 0xfffb481e
+mov dword [ebp - 0x2c], eax
+lea eax, [ebp - 0x1c]
+push eax
+push 0
+push 0
+push ref_fffd664c ; push 0xfffd664c
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [0xff7d0084]
+mov esi, dword [eax + 0x14]
+lea edi, [esi + 0xf80ac]
+mov dword [esp], edi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+pop edx
+pop ecx
+and eax, 0xffebffff
+push eax
+push edi
+call fcn_fffb3d84 ; call 0xfffb3d84
+mov edx, 0xcf9
+in al, dx
+mov ecx, dword [ebp - 0x30]
+mov bl, al
+add esp, 0x10
+and ebx, 0xfffffff1
+cmp cl, 6
+jne short loc_fffb71d7 ; jne 0xfffb71d7
+sub esp, 0xc
+add esi, 0xf8048
+push esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+mov esi, eax
+and esi, 0xfffffffe
+cmp dword [ebp - 0x2c], 1
+jne short loc_fffb71f2 ; jne 0xfffb71f2
+push eax
+push eax
+push 0x40000000
+push esi
+call fcn_fffab629 ; call 0xfffab629
+pop eax
+pop edx
+lea eax, [esi + 4]
+push 0xbfffffff
+push eax
+call fcn_fffab64e ; call 0xfffab64e
+pop ecx
+pop eax
+lea eax, [esi + 0xc]
+push 0xbfffffff
+push eax
+jmp short loc_fffb7223 ; jmp 0xfffb7223
+
+loc_fffb71d7: ; not directly referenced
+cmp cl, 1
+je short loc_fffb71ed ; je 0xfffb71ed
+cmp cl, 2
+jne short loc_fffb7257 ; jne 0xfffb7257
+mov eax, dword [ebp - 0x1c]
+sub esp, 0xc
+push 2
+call dword [eax] ; ucall
+jmp short loc_fffb7251 ; jmp 0xfffb7251
+
+loc_fffb71ed: ; not directly referenced
+or ebx, 6
+jmp short loc_fffb7257 ; jmp 0xfffb7257
+
+loc_fffb71f2: ; not directly referenced
+cmp dword [ebp - 0x2c], 2
+jne short loc_fffb722b ; jne 0xfffb722b
+push eax
+push eax
+push 1
+lea edx, [esi + 0x1f0]
+push edx
+mov dword [ebp - 0x2c], edx
+call fcn_fffab629 ; call 0xfffab629
+pop eax
+pop edx
+mov edx, dword [ebp - 0x2c]
+push 0xfffffffffffffffb
+push edx
+call fcn_fffab64e ; call 0xfffab64e
+mov edx, dword [ebp - 0x2c]
+pop ecx
+pop eax
+push 0x7fffffff
+push edx
+
+loc_fffb7223: ; not directly referenced
+call fcn_fffab64e ; call 0xfffab64e
+add esp, 0x10
+
+loc_fffb722b: ; not directly referenced
+push eax
+add esi, 0x60
+push eax
+push 0x40000000
+push esi
+call fcn_fffab629 ; call 0xfffab629
+mov dword [esp], edi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+pop edx
+pop ecx
+or eax, 0x100000
+push eax
+push edi
+call fcn_fffb3d84 ; call 0xfffb3d84
+
+loc_fffb7251: ; not directly referenced
+or ebx, 0xe
+add esp, 0x10
+
+loc_fffb7257: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+call dword [eax + 0xc] ; ucall
+mov edx, 0xcf9
+mov al, bl
+out dx, al
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb726f: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x20
+mov edi, dword [ebp + 0x10]
+mov esi, dword [ebp + 0xc]
+push 0x3f
+push edi
+push esi
+mov dword [ebp - 0x1c], edx
+mov dword [ebp - 0x20], ecx
+call dword [eax + 0x6c] ; ucall
+add esp, 0x10
+test al, 1
+je short loc_fffb72d1 ; je 0xfffb72d1
+mov eax, dword [ebp - 0x1c]
+mov edx, esi
+and edx, 0xffffffc0
+and eax, 0xffffffc0
+mov ecx, eax
+mov eax, dword [ebp - 0x20]
+and eax, 0x7f
+mov dword [ebp - 0x1c], eax
+mov eax, edi
+and eax, 0x7f
+cmp dword [ebp - 0x1c], eax
+jne short loc_fffb72d1 ; jne 0xfffb72d1
+cmp ecx, edx
+jne short loc_fffb72d1 ; jne 0xfffb72d1
+push eax
+push 0x3e
+push edi
+push esi
+call dword [ebx + 0x6c] ; ucall
+add esp, 0x10
+and eax, 1
+cmp dword [ebp + 8], eax
+sete al
+movzx eax, al
+jmp short loc_fffb72d3 ; jmp 0xfffb72d3
+
+loc_fffb72d1: ; not directly referenced
+xor eax, eax
+
+loc_fffb72d3: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb72db:
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+mov ebx, edx
+sub esp, 0x1c
+
+loc_fffb72e8:
+test ebx, ebx
+jle short loc_fffb7315 ; jle 0xfffb7315
+cmp ebx, 0x10
+mov esi, 0x10
+cmovle esi, ebx
+push eax
+push esi
+push edi
+push dword [ecx]
+mov dword [ebp - 0x1c], ecx
+call fcn_fffa5c2e ; call 0xfffa5c2e
+mov ecx, dword [ebp - 0x1c]
+add esp, 0x10
+mov dword [ecx], eax
+test eax, eax
+jne short loc_fffb7319 ; jne 0xfffb7319
+or eax, 0xffffffff
+jmp short loc_fffb731d ; jmp 0xfffb731d
+
+loc_fffb7315:
+xor eax, eax
+jmp short loc_fffb731d ; jmp 0xfffb731d
+
+loc_fffb7319:
+sub ebx, esi
+jmp short loc_fffb72e8 ; jmp 0xfffb72e8
+
+loc_fffb731d:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb7325:
+push ebp
+mov ebp, esp
+push edi
+mov edi, ecx
+push esi
+mov esi, edx
+push ebx
+mov ebx, eax
+sub esp, 0xc
+test edx, edx
+jne short loc_fffb734a ; jne 0xfffb734a
+
+loc_fffb7338:
+test edi, edi
+setne dl
+cmp dword [ebp + 8], 0
+setne al
+test dl, al
+je short loc_fffb7377 ; je 0xfffb7377
+jmp short loc_fffb735f ; jmp 0xfffb735f
+
+loc_fffb734a:
+mov ecx, eax
+mov eax, ref_fffd5854 ; mov eax, 0xfffd5854
+call fcn_fffb72db ; call 0xfffb72db
+test eax, eax
+jns short loc_fffb7338 ; jns 0xfffb7338
+
+loc_fffb735a:
+or eax, 0xffffffff
+jmp short loc_fffb73d5 ; jmp 0xfffb73d5
+
+loc_fffb735f:
+push edx
+push dword [ebp + 8]
+push edi
+push dword [ebx]
+call fcn_fffa5c2e ; call 0xfffa5c2e
+add esp, 0x10
+mov dword [ebx], eax
+test eax, eax
+je short loc_fffb735a ; je 0xfffb735a
+add esi, dword [ebp + 8]
+
+loc_fffb7377:
+cmp dword [ebp + 0xc], 0
+jne short loc_fffb7388 ; jne 0xfffb7388
+
+loc_fffb737d:
+add esi, dword [ebp + 0xc]
+cmp dword [ebp + 0x14], 0
+je short loc_fffb73b4 ; je 0xfffb73b4
+jmp short loc_fffb739d ; jmp 0xfffb739d
+
+loc_fffb7388:
+mov edx, dword [ebp + 0xc]
+mov ecx, ebx
+mov eax, ref_fffd5840 ; mov eax, 0xfffd5840
+call fcn_fffb72db ; call 0xfffb72db
+test eax, eax
+jns short loc_fffb737d ; jns 0xfffb737d
+jmp short loc_fffb735a ; jmp 0xfffb735a
+
+loc_fffb739d:
+push eax
+push dword [ebp + 0x14]
+push dword [ebp + 0x10]
+push dword [ebx]
+call fcn_fffa5c2e ; call 0xfffa5c2e
+add esp, 0x10
+mov dword [ebx], eax
+test eax, eax
+je short loc_fffb735a ; je 0xfffb735a
+
+loc_fffb73b4:
+add esi, dword [ebp + 0x14]
+cmp dword [ebp + 0x18], 0
+je short loc_fffb73d0 ; je 0xfffb73d0
+mov edx, dword [ebp + 0x18]
+mov ecx, ebx
+mov eax, ref_fffd5854 ; mov eax, 0xfffd5854
+call fcn_fffb72db ; call 0xfffb72db
+test eax, eax
+js short loc_fffb735a ; js 0xfffb735a
+
+loc_fffb73d0:
+mov eax, dword [ebp + 0x18]
+add eax, esi
+
+loc_fffb73d5:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb73dd: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 8]
+push edi
+push esi
+push ebx
+mov esi, eax
+mov word [edx + 0x2467], ax
+mov edx, 0x80
+out dx, ax
+mov edi, 0x48
+mov ebx, 0x74
+
+loc_fffb7403: ; not directly referenced
+mov eax, edi
+mov edx, ebx
+out dx, al
+mov edx, 0x75
+in al, dx
+movzx ecx, al
+mov edx, ebx
+mov al, 0x49
+out dx, al
+mov edx, 0x75
+in al, dx
+shl eax, 8
+or eax, ecx
+cmp si, ax
+je short loc_fffb7403 ; je 0xfffb7403
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb742b:
+mov ecx, 0xce
+rdmsr
+movzx ecx, ah
+xor edx, edx
+imul ecx, ecx, 0x186a0
+xor eax, eax
+test ecx, ecx
+je short loc_fffb7457 ; je 0xfffb7457
+push ebp
+mov ebp, esp
+sub esp, 0xc
+rdtsc
+push ecx
+push edx
+push eax
+call fcn_fffd289e ; call 0xfffd289e
+add esp, 0x10
+leave
+
+loc_fffb7457:
+ret
+
+fcn_fffb7458:
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov ebx, dword [ebp + 8]
+mov esi, dword [ebx + 0x2443]
+mov edi, dword [ebx + 0x18c1]
+push 0xe4
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+add edi, eax
+mov dword [esp], edi
+add edi, 4
+call dword [esi + 0x20] ; ucall
+mov dword [esp], edi
+mov dword [ebp - 0x2c], eax
+call dword [esi + 0x20] ; ucall
+add esp, 0x10
+mov edx, dword [ebp - 0x2c]
+cmp eax, dword [ebx + 0x14]
+jne short loc_fffb74a2 ; jne 0xfffb74a2
+cmp edx, dword [ebx + 0x10]
+je short loc_fffb74ac ; je 0xfffb74ac
+
+loc_fffb74a2:
+mov eax, 0x18
+jmp near loc_fffb7571 ; jmp 0xfffb7571
+
+loc_fffb74ac:
+lea eax, [ebx + 0x1165]
+xor esi, esi
+mov dword [ebp - 0x30], eax
+
+loc_fffb74b7:
+lea eax, [ebx + esi + 0x196b]
+xor edi, edi
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp - 0x30]
+mov dword [ebp - 0x2c], eax
+lea eax, [esi + 0x1afb]
+mov dword [ebp - 0x38], eax
+
+loc_fffb74d2:
+mov eax, dword [ebp - 0x34]
+cmp dword [eax + edi + 8], 1
+jne short loc_fffb74e4 ; jne 0xfffb74e4
+mov word [ebp - 0x1a], 0
+jmp short loc_fffb752a ; jmp 0xfffb752a
+
+loc_fffb74e4:
+lea eax, [ebx + edi]
+mov al, byte [esi + eax + 0x19bd]
+cmp al, 0xf1
+sete cl
+cmp al, 0xb
+sete dl
+or cl, dl
+je short loc_fffb750c ; je 0xfffb750c
+lea eax, [edi + esi + 0x1a30]
+mov edx, 0xb
+add eax, ebx
+jmp short loc_fffb7522 ; jmp 0xfffb7522
+
+loc_fffb750c:
+cmp al, 0xc
+jne short loc_fffb751e ; jne 0xfffb751e
+mov eax, dword [ebp - 0x38]
+mov edx, 9
+add eax, edi
+add eax, ebx
+jmp short loc_fffb7522 ; jmp 0xfffb7522
+
+loc_fffb751e:
+xor edx, edx
+xor eax, eax
+
+loc_fffb7522:
+lea ecx, [ebp - 0x1a]
+call fcn_fffaf03f ; call 0xfffaf03f
+
+loc_fffb752a:
+mov eax, dword [ebp - 0x2c]
+mov ax, word [eax]
+cmp word [ebp - 0x1a], ax
+jne loc_fffb74a2 ; jne 0xfffb74a2
+add edi, 0x277
+add dword [ebp - 0x2c], 0x128
+cmp edi, 0x4ee
+jne short loc_fffb74d2 ; jne 0xfffb74d2
+add esi, 0x54a
+add dword [ebp - 0x30], 0x433
+cmp esi, 0xa94
+jne loc_fffb74b7 ; jne 0xfffb74b7
+mov byte [ebx + 0x247b], 1
+xor eax, eax
+
+loc_fffb7571:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb7579:
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x34
+mov edi, dword [ebp + 0x10]
+mov edx, dword [ebp + 0xc]
+lea eax, [ebp - 0x1c]
+push eax
+mov ebx, dword [ebp + 0x14]
+movzx esi, di
+lea eax, [esi + 0xc]
+push eax
+mov dword [ebp - 0x2c], edx
+call fcn_fffab60f ; call 0xfffab60f
+add esp, 0x10
+mov edx, dword [ebp - 0x2c]
+test eax, eax
+jns short loc_fffb75af ; jns 0xfffb75af
+mov dword [ebp - 0x1c], 0
+
+loc_fffb75af:
+mov eax, dword [ebp - 0x1c]
+test eax, eax
+je short loc_fffb75f3 ; je 0xfffb75f3
+lea ecx, [eax + 4]
+mov dword [ebx], ecx
+mov word [eax + 4], dx
+mov edx, dword [ebx]
+mov word [edx + 2], di
+mov edx, dword [ebx]
+mov dword [edx + 4], 0
+add esi, dword [ebx]
+mov word [esi], 0xffff
+mov word [esi + 2], 8
+mov dword [esi + 4], 0
+mov edx, dword [0xff7d0270]
+mov dword [eax], edx
+mov dword [0xff7d0270], eax
+xor eax, eax
+jmp short loc_fffb75f8 ; jmp 0xfffb75f8
+
+loc_fffb75f3:
+mov eax, 0x80000009
+
+loc_fffb75f8:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb7600: ; not directly referenced
+push ebp
+mov eax, 0x80000002
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 0x20]
+mov ecx, dword [ebp + 0x10]
+mov esi, dword [ebp + 0x14]
+mov edi, dword [ebp + 0x18]
+test ebx, ebx
+je loc_fffb76db ; je 0xfffb76db
+cmp ecx, 0xb
+ja loc_fffb76db ; ja 0xfffb76db
+push eax
+mov edx, ecx
+push dword [ebp + 0x1c]
+mov eax, 1
+mov dword [ebp - 0x1c], ecx
+push edi
+push esi
+call fcn_fffac5c7 ; call 0xfffac5c7
+add esp, 0x10
+mov ecx, dword [ebp - 0x1c]
+test eax, eax
+js loc_fffb76db ; js 0xfffb76db
+mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538]
+mov dword [ebp - 0x24], 0
+mov byte [ebp - 0x1e], al
+mov eax, ecx
+and eax, 3
+mov dword [ebp - 0x1c], eax
+movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c]
+dec eax
+test ebx, eax
+movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c]
+sete byte [ebp - 0x1d]
+mov dword [ebp - 0x28], eax
+
+loc_fffb767e: ; not directly referenced
+cmp dword [ebp + 0x1c], 0
+je short loc_fffb76d9 ; je 0xfffb76d9
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffb7690 ; jne 0xfffb7690
+mov al, byte [esi]
+mov byte [ebx], al
+jmp short loc_fffb76c8 ; jmp 0xfffb76c8
+
+loc_fffb7690: ; not directly referenced
+cmp dword [ebp - 0x1c], 1
+jne short loc_fffb76a4 ; jne 0xfffb76a4
+sub esp, 0xc
+push esi
+call fcn_fffb3d06 ; call 0xfffb3d06
+mov word [ebx], ax
+jmp short loc_fffb76c5 ; jmp 0xfffb76c5
+
+loc_fffb76a4: ; not directly referenced
+cmp dword [ebp - 0x1c], 2
+jne short loc_fffb76b7 ; jne 0xfffb76b7
+sub esp, 0xc
+push esi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [ebx], eax
+jmp short loc_fffb76c5 ; jmp 0xfffb76c5
+
+loc_fffb76b7: ; not directly referenced
+sub esp, 0xc
+push esi
+call fcn_fffb3dc0 ; call 0xfffb3dc0
+mov dword [ebx], eax
+mov dword [ebx + 4], edx
+
+loc_fffb76c5: ; not directly referenced
+add esp, 0x10
+
+loc_fffb76c8: ; not directly referenced
+movzx eax, byte [ebp - 0x1e]
+add esi, dword [ebp - 0x28]
+adc edi, dword [ebp - 0x24]
+dec dword [ebp + 0x1c]
+add ebx, eax
+jmp short loc_fffb767e ; jmp 0xfffb767e
+
+loc_fffb76d9: ; not directly referenced
+xor eax, eax
+
+loc_fffb76db: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb76e3:
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0xfc
+mov ecx, dword [ebp + 8]
+lea ebx, [ebp + 0xc]
+mov dword [ebp - 0xa8], ebx
+mov dword [ebp - 0xa4], 0
+test ecx, ecx
+je short loc_fffb7757 ; je 0xfffb7757
+mov dword [ebp - 0xf8], 0
+mov dword [ebp - 0xe4], 0
+jmp short loc_fffb776c ; jmp 0xfffb776c
+
+loc_fffb771f:
+cmp dl, 0x2a
+jne loc_fffb77c0 ; jne 0xfffb77c0
+mov ecx, dword [ebx]
+lea eax, [ebx + 4]
+mov dword [ebp - 0xe0], ecx
+test ecx, ecx
+jns short loc_fffb7744 ; jns 0xfffb7744
+neg dword [ebp - 0xe0]
+or dword [ebp - 0xc4], 4
+
+loc_fffb7744:
+inc edi
+mov ebx, eax
+
+loc_fffb7747:
+cmp dword [ebp - 0xe0], 0x1f4
+jle loc_fffb7818 ; jle 0xfffb7818
+
+loc_fffb7757:
+or eax, 0xffffffff
+jmp near loc_fffb82b2 ; jmp 0xfffb82b2
+
+loc_fffb775f:
+mov edi, esi
+sub edi, ecx
+jne short loc_fffb778a ; jne 0xfffb778a
+
+loc_fffb7765:
+cmp byte [esi], 0
+jne short loc_fffb77ad ; jne 0xfffb77ad
+mov ecx, esi
+
+loc_fffb776c:
+cmp byte [ecx], 0
+je loc_fffb8277 ; je 0xfffb8277
+mov esi, ecx
+
+loc_fffb7777:
+mov al, byte [esi]
+cmp al, 0x25
+setne dl
+test al, al
+setne al
+test dl, al
+je short loc_fffb775f ; je 0xfffb775f
+inc esi
+jmp short loc_fffb7777 ; jmp 0xfffb7777
+
+loc_fffb778a:
+push eax
+push edi
+push ecx
+push dword [ebp - 0xa4]
+call fcn_fffa5c2e ; call 0xfffa5c2e
+add esp, 0x10
+mov dword [ebp - 0xa4], eax
+test eax, eax
+je short loc_fffb7757 ; je 0xfffb7757
+add dword [ebp - 0xe4], edi
+jmp short loc_fffb7765 ; jmp 0xfffb7765
+
+loc_fffb77ad:
+lea edi, [esi + 1]
+mov dword [ebp - 0xc4], 0
+
+loc_fffb77ba:
+mov dl, byte [edi]
+test dl, dl
+jne short loc_fffb77cc ; jne 0xfffb77cc
+
+loc_fffb77c0:
+mov dword [ebp - 0xe0], 0
+jmp short loc_fffb7808 ; jmp 0xfffb7808
+
+loc_fffb77cc:
+mov eax, ref_fffd58b0 ; mov eax, 0xfffd58b0
+
+loc_fffb77d1:
+mov cl, byte [eax]
+cmp cl, dl
+je loc_fffb827f ; je 0xfffb827f
+test cl, cl
+je loc_fffb771f ; je 0xfffb771f
+inc eax
+jmp short loc_fffb77d1 ; jmp 0xfffb77d1
+
+loc_fffb77e6:
+cmp dword [ebp - 0xe0], 0x1f3
+jg loc_fffb7747 ; jg 0xfffb7747
+imul edx, dword [ebp - 0xe0], 0xa
+inc edi
+lea eax, [edx + eax - 0x30]
+mov dword [ebp - 0xe0], eax
+
+loc_fffb7808:
+movsx eax, byte [edi]
+lea edx, [eax - 0x30]
+cmp dl, 9
+jbe short loc_fffb77e6 ; jbe 0xfffb77e6
+jmp near loc_fffb7747 ; jmp 0xfffb7747
+
+loc_fffb7818:
+cmp byte [edi], 0x2e
+mov dword [ebp - 0xd0], 0xffffffff
+jne short loc_fffb7891 ; jne 0xfffb7891
+cmp byte [edi + 1], 0x2a
+je short loc_fffb783a ; je 0xfffb783a
+inc edi
+mov dword [ebp - 0xd0], 0
+jmp short loc_fffb7876 ; jmp 0xfffb7876
+
+loc_fffb783a:
+mov ecx, dword [ebx]
+lea eax, [ebx + 4]
+mov dword [ebp - 0xd0], ecx
+cmp ecx, 0x1f4
+jg loc_fffb7757 ; jg 0xfffb7757
+add edi, 2
+mov ebx, eax
+jmp short loc_fffb7891 ; jmp 0xfffb7891
+
+loc_fffb7858:
+cmp dword [ebp - 0xd0], 0x1f3
+jg short loc_fffb7881 ; jg 0xfffb7881
+imul edx, dword [ebp - 0xd0], 0xa
+inc edi
+lea eax, [edx + eax - 0x30]
+mov dword [ebp - 0xd0], eax
+
+loc_fffb7876:
+movsx eax, byte [edi]
+lea edx, [eax - 0x30]
+cmp dl, 9
+jbe short loc_fffb7858 ; jbe 0xfffb7858
+
+loc_fffb7881:
+cmp dword [ebp - 0xd0], 0x1f4
+jg loc_fffb7757 ; jg 0xfffb7757
+
+loc_fffb7891:
+cmp byte [edi], 0x3a
+mov dword [ebp - 0xc0], 0
+jne short loc_fffb7903 ; jne 0xfffb7903
+cmp byte [edi + 1], 0x2a
+jne short loc_fffb78ea ; jne 0xfffb78ea
+mov esi, dword [ebx]
+lea eax, [ebx + 4]
+mov dword [ebp - 0xc0], esi
+test esi, esi
+js short loc_fffb78bf ; js 0xfffb78bf
+cmp esi, 0x24
+jle short loc_fffb78c9 ; jle 0xfffb78c9
+jmp near loc_fffb7757 ; jmp 0xfffb7757
+
+loc_fffb78bf:
+mov dword [ebp - 0xc0], 0
+
+loc_fffb78c9:
+add edi, 2
+mov ebx, eax
+jmp short loc_fffb7903 ; jmp 0xfffb7903
+
+loc_fffb78d0:
+cmp dword [ebp - 0xc0], 0x23
+jg short loc_fffb78f6 ; jg 0xfffb78f6
+imul ecx, dword [ebp - 0xc0], 0xa
+lea eax, [ecx + eax - 0x30]
+mov dword [ebp - 0xc0], eax
+
+loc_fffb78ea:
+inc edi
+movsx eax, byte [edi]
+lea edx, [eax - 0x30]
+cmp dl, 9
+jbe short loc_fffb78d0 ; jbe 0xfffb78d0
+
+loc_fffb78f6:
+cmp dword [ebp - 0xc0], 0x24
+jg loc_fffb7757 ; jg 0xfffb7757
+
+loc_fffb7903:
+cmp byte [edi], 0x5b
+mov dword [ebp - 0xd8], 0
+jne short loc_fffb793b ; jne 0xfffb793b
+lea eax, [edi + 1]
+not edi
+mov dword [ebp - 0xf8], eax
+
+loc_fffb791d:
+mov dl, byte [eax]
+lea esi, [edi + eax]
+mov dword [ebp - 0xd8], esi
+mov esi, eax
+test dl, dl
+je loc_fffb7757 ; je 0xfffb7757
+inc eax
+cmp dl, 0x5d
+jne short loc_fffb791d ; jne 0xfffb791d
+lea edi, [esi + 1]
+
+loc_fffb793b:
+mov al, byte [edi]
+mov esi, ref_fffd6023 ; mov esi, 0xfffd6023
+test al, al
+je short loc_fffb7973 ; je 0xfffb7973
+
+loc_fffb7946:
+mov dl, byte [esi]
+cmp dl, al
+je short loc_fffb7957 ; je 0xfffb7957
+test dl, dl
+je short loc_fffb7953 ; je 0xfffb7953
+inc esi
+jmp short loc_fffb7946 ; jmp 0xfffb7946
+
+loc_fffb7953:
+xor eax, eax
+jmp short loc_fffb7973 ; jmp 0xfffb7973
+
+loc_fffb7957:
+mov dl, byte [edi + 1]
+lea esi, [edi + 1]
+test dl, dl
+je loc_fffb8297 ; je 0xfffb8297
+cmp dl, al
+jne loc_fffb8297 ; jne 0xfffb8297
+or eax, 1
+add edi, 2
+
+loc_fffb7973:
+mov dl, byte [edi]
+test dl, dl
+jne short loc_fffb7983 ; jne 0xfffb7983
+mov ecx, dword [ebx]
+add ebx, 4
+jmp near loc_fffb776c ; jmp 0xfffb776c
+
+loc_fffb7983:
+mov byte [ebp - 0xc8], 0
+cmp dl, 0x43
+jne short loc_fffb79a5 ; jne 0xfffb79a5
+mov cl, byte [edi + 1]
+lea esi, [edi + 1]
+mov byte [ebp - 0xc8], cl
+test cl, cl
+je loc_fffb7757 ; je 0xfffb7757
+mov edi, esi
+
+loc_fffb79a5:
+mov byte [ebp - 0xab], dl
+cmp dl, 0x6e
+jne short loc_fffb7a06 ; jne 0xfffb7a06
+mov edx, dword [ebx]
+test edx, edx
+je loc_fffb82ab ; je 0xfffb82ab
+cmp al, 0x68
+jne short loc_fffb79cc ; jne 0xfffb79cc
+mov eax, dword [ebp - 0xe4]
+mov word [edx], ax
+jmp near loc_fffb82ab ; jmp 0xfffb82ab
+
+loc_fffb79cc:
+cmp al, 0x69
+jne short loc_fffb79dd ; jne 0xfffb79dd
+mov al, byte [ebp - 0xe4]
+mov byte [edx], al
+jmp near loc_fffb82ab ; jmp 0xfffb82ab
+
+loc_fffb79dd:
+cmp al, 0x6c
+je short loc_fffb79f9 ; je 0xfffb79f9
+cmp al, 0x6a
+jne short loc_fffb79f9 ; jne 0xfffb79f9
+mov eax, dword [ebp - 0xe4]
+mov dword [edx + 4], 0
+mov dword [edx], eax
+jmp near loc_fffb82ab ; jmp 0xfffb82ab
+
+loc_fffb79f9:
+mov eax, dword [ebp - 0xe4]
+mov dword [edx], eax
+jmp near loc_fffb82ab ; jmp 0xfffb82ab
+
+loc_fffb7a06:
+cmp dl, 0x25
+jne short loc_fffb7a34 ; jne 0xfffb7a34
+sub esp, 0xc
+xor ecx, ecx
+push 0
+xor edx, edx
+push 1
+lea eax, [ebp - 0xab]
+push eax
+push 0
+push 0
+lea eax, [ebp - 0xa4]
+call fcn_fffb7325 ; call 0xfffb7325
+add esp, 0x20
+jmp near loc_fffb8261 ; jmp 0xfffb8261
+
+loc_fffb7a34:
+mov esi, edx
+and esi, 0xffffffdf
+mov ecx, esi
+cmp cl, 0x43
+jne short loc_fffb7ab9 ; jne 0xfffb7ab9
+cmp dl, 0x63
+jne short loc_fffb7a52 ; jne 0xfffb7a52
+mov eax, dword [ebx]
+add ebx, 4
+mov byte [ebp - 0x9a], al
+jmp short loc_fffb7a5e ; jmp 0xfffb7a5e
+
+loc_fffb7a52:
+mov al, byte [ebp - 0xc8]
+mov byte [ebp - 0x9a], al
+
+loc_fffb7a5e:
+mov esi, dword [ebp - 0xd0]
+mov eax, 1
+test esi, esi
+cmovs esi, eax
+test esi, esi
+cmovg eax, esi
+xor esi, esi
+mov dword [ebp - 0xc0], eax
+
+loc_fffb7a7b:
+sub esp, 0xc
+xor ecx, ecx
+push 0
+xor edx, edx
+push 1
+lea eax, [ebp - 0x9a]
+push eax
+push 0
+push 0
+lea eax, [ebp - 0xa4]
+call fcn_fffb7325 ; call 0xfffb7325
+add esp, 0x20
+cmp eax, 0xffffffff
+je loc_fffb7757 ; je 0xfffb7757
+add esi, eax
+dec dword [ebp - 0xc0]
+jne short loc_fffb7a7b ; jne 0xfffb7a7b
+mov eax, esi
+jmp near loc_fffb8261 ; jmp 0xfffb8261
+
+loc_fffb7ab9:
+cmp dl, 0x73
+jne loc_fffb7b51 ; jne 0xfffb7b51
+lea eax, [ebx + 4]
+mov edx, ref_fffd602a ; mov edx, 0xfffd602a
+mov dword [ebp - 0xc0], eax
+mov eax, dword [ebx]
+test eax, eax
+cmove eax, edx
+mov ecx, eax
+
+loc_fffb7ad9:
+cmp byte [ecx], 0
+je short loc_fffb7ae1 ; je 0xfffb7ae1
+inc ecx
+jmp short loc_fffb7ad9 ; jmp 0xfffb7ad9
+
+loc_fffb7ae1:
+mov ebx, dword [ebp - 0xd0]
+sub ecx, eax
+test ebx, ebx
+js short loc_fffb7af2 ; js 0xfffb7af2
+cmp ecx, ebx
+cmovg ecx, ebx
+
+loc_fffb7af2:
+mov esi, dword [ebp - 0xe0]
+xor edx, edx
+mov ebx, esi
+sub ebx, ecx
+cmp ecx, esi
+mov esi, dword [ebp - 0xc4]
+cmovl edx, ebx
+xor ebx, ebx
+and esi, 4
+je short loc_fffb7b14 ; je 0xfffb7b14
+mov ebx, edx
+xor edx, edx
+
+loc_fffb7b14:
+test byte [ebp - 0xc4], 0x40
+je short loc_fffb7b2c ; je 0xfffb7b2c
+add ebx, edx
+xor edx, edx
+test esi, esi
+sete dl
+add edx, ebx
+sar edx, 1
+sub ebx, edx
+
+loc_fffb7b2c:
+sub esp, 0xc
+push ebx
+push ecx
+xor ecx, ecx
+push eax
+push 0
+push 0
+lea eax, [ebp - 0xa4]
+call fcn_fffb7325 ; call 0xfffb7325
+add esp, 0x20
+mov ebx, dword [ebp - 0xc0]
+jmp near loc_fffb8261 ; jmp 0xfffb8261
+
+loc_fffb7b51:
+cmp dl, 0x70
+jne short loc_fffb7b7d ; jne 0xfffb7b7d
+mov byte [ebp - 0xab], 0x58
+xor eax, eax
+mov dword [ebp - 0xd0], 8
+mov dword [ebp - 0xe0], 8
+mov dword [ebp - 0xc4], 0x28
+
+loc_fffb7b7d:
+mov dl, byte [ebp - 0xab]
+cmp dl, 0x69
+sete cl
+cmp dl, 0x64
+mov byte [ebp - 0xd4], dl
+sete dl
+or dl, cl
+mov byte [ebp - 0xe8], cl
+jne short loc_fffb7baa ; jne 0xfffb7baa
+xor esi, esi
+cmp byte [ebp - 0xd4], 0x49
+jne short loc_fffb7bd9 ; jne 0xfffb7bd9
+
+loc_fffb7baa:
+mov dl, byte [ebp - 0xd4]
+mov esi, 0xa
+and dword [ebp - 0xc4], 0xfffffff7
+or dword [ebp - 0xc4], 0x80
+and edx, 0xffffffdf
+cmp dl, 0x49
+jne short loc_fffb7bd9 ; jne 0xfffb7bd9
+mov ecx, dword [ebp - 0xc0]
+test ecx, ecx
+cmovne esi, ecx
+
+loc_fffb7bd9:
+mov dl, byte [ebp - 0xd4]
+and edx, 0xffffffdf
+cmp dl, 0x58
+sete cl
+test cl, cl
+mov byte [ebp - 0xcc], cl
+mov ecx, 0x10
+cmovne esi, ecx
+cmp dl, 0x55
+jne short loc_fffb7c0d ; jne 0xfffb7c0d
+mov ecx, dword [ebp - 0xc0]
+mov esi, 0xa
+test ecx, ecx
+cmovne esi, ecx
+
+loc_fffb7c0d:
+mov cl, byte [ebp - 0xd4]
+cmp cl, 0x6f
+je short loc_fffb7c27 ; je 0xfffb7c27
+cmp cl, 0x62
+je short loc_fffb7c2e ; je 0xfffb7c2e
+cmp esi, 1
+ja short loc_fffb7c33 ; ja 0xfffb7c33
+jmp near loc_fffb7757 ; jmp 0xfffb7757
+
+loc_fffb7c27:
+mov esi, 8
+jmp short loc_fffb7c33 ; jmp 0xfffb7c33
+
+loc_fffb7c2e:
+mov esi, 2
+
+loc_fffb7c33:
+test byte [ebp - 0xc4], 0x80
+je loc_fffb7cf8 ; je 0xfffb7cf8
+cmp al, 0x6c
+jne short loc_fffb7c49 ; jne 0xfffb7c49
+lea eax, [ebx + 4]
+jmp short loc_fffb7c50 ; jmp 0xfffb7c50
+
+loc_fffb7c49:
+cmp al, 0x6a
+jne short loc_fffb7c5a ; jne 0xfffb7c5a
+lea eax, [ebx + 8]
+
+loc_fffb7c50:
+mov dword [ebp - 0xc8], eax
+
+loc_fffb7c56:
+mov edx, dword [ebx]
+jmp short loc_fffb7c7e ; jmp 0xfffb7c7e
+
+loc_fffb7c5a:
+lea edx, [ebx + 4]
+cmp al, 0x7a
+mov dword [ebp - 0xc8], edx
+je short loc_fffb7c56 ; je 0xfffb7c56
+mov edx, dword [ebx]
+cmp al, 0x74
+je short loc_fffb7c7e ; je 0xfffb7c7e
+cmp al, 0x68
+jne short loc_fffb7c76 ; jne 0xfffb7c76
+movsx edx, dx
+jmp short loc_fffb7c7e ; jmp 0xfffb7c7e
+
+loc_fffb7c76:
+movsx ecx, dl
+cmp al, 0x69
+cmove edx, ecx
+
+loc_fffb7c7e:
+mov ecx, edx
+sar ecx, 0x1f
+mov eax, ecx
+xor eax, edx
+sub eax, ecx
+mov dword [ebp - 0xc0], eax
+sar eax, 0x1f
+mov dword [ebp - 0xbc], eax
+test edx, edx
+jns short loc_fffb7ca5 ; jns 0xfffb7ca5
+mov byte [ebp - 0xaa], 0x2d
+jmp short loc_fffb7ccb ; jmp 0xfffb7ccb
+
+loc_fffb7ca5:
+test byte [ebp - 0xc4], 2
+je short loc_fffb7cb7 ; je 0xfffb7cb7
+mov byte [ebp - 0xaa], 0x2b
+jmp short loc_fffb7ccb ; jmp 0xfffb7ccb
+
+loc_fffb7cb7:
+mov eax, dword [ebp - 0xc4]
+and eax, 1
+neg eax
+and eax, 0x20
+mov byte [ebp - 0xaa], al
+
+loc_fffb7ccb:
+cmp byte [ebp - 0xaa], 0
+mov dword [ebp - 0xdc], 0
+je loc_fffb7d9c ; je 0xfffb7d9c
+or dword [ebp - 0xc4], 8
+mov dword [ebp - 0xdc], 1
+jmp near loc_fffb7d9c ; jmp 0xfffb7d9c
+
+loc_fffb7cf8:
+cmp al, 0x6c
+jne short loc_fffb7d0b ; jne 0xfffb7d0b
+lea eax, [ebx + 4]
+xor edx, edx
+mov dword [ebp - 0xc8], eax
+mov eax, dword [ebx]
+jmp short loc_fffb7d1d ; jmp 0xfffb7d1d
+
+loc_fffb7d0b:
+cmp al, 0x6a
+jne short loc_fffb7d2b ; jne 0xfffb7d2b
+lea eax, [ebx + 8]
+mov edx, dword [ebx + 4]
+mov dword [ebp - 0xc8], eax
+mov eax, dword [ebx]
+
+loc_fffb7d1d:
+mov dword [ebp - 0xc0], eax
+mov dword [ebp - 0xbc], edx
+jmp short loc_fffb7d8b ; jmp 0xfffb7d8b
+
+loc_fffb7d2b:
+lea edx, [ebx + 4]
+cmp al, 0x7a
+mov dword [ebp - 0xc8], edx
+je short loc_fffb7d3c ; je 0xfffb7d3c
+cmp al, 0x74
+jne short loc_fffb7d4f ; jne 0xfffb7d4f
+
+loc_fffb7d3c:
+mov eax, dword [ebx]
+mov dword [ebp - 0xc0], eax
+sar eax, 0x1f
+mov dword [ebp - 0xbc], eax
+jmp short loc_fffb7d8b ; jmp 0xfffb7d8b
+
+loc_fffb7d4f:
+mov edx, dword [ebx]
+mov dword [ebp - 0xbc], 0
+mov dword [ebp - 0xc0], edx
+cmp al, 0x68
+jne short loc_fffb7d70 ; jne 0xfffb7d70
+movzx edx, dx
+mov dword [ebp - 0xc0], edx
+jmp short loc_fffb7d81 ; jmp 0xfffb7d81
+
+loc_fffb7d70:
+cmp al, 0x69
+jne short loc_fffb7d8b ; jne 0xfffb7d8b
+movzx eax, byte [ebp - 0xc0]
+mov dword [ebp - 0xc0], eax
+
+loc_fffb7d81:
+mov dword [ebp - 0xbc], 0
+
+loc_fffb7d8b:
+mov byte [ebp - 0xaa], 0x30
+mov dword [ebp - 0xdc], 0
+
+loc_fffb7d9c:
+mov eax, dword [ebp - 0xc0]
+mov edx, dword [ebp - 0xbc]
+mov ebx, eax
+or ebx, edx
+setne al
+cmp byte [ebp - 0xd4], 0x6f
+sete dl
+test al, dl
+mov edx, 1
+cmove edx, dword [ebp - 0xdc]
+cmp byte [ebp - 0xcc], 0
+mov dword [ebp - 0xdc], edx
+jne short loc_fffb7ddf ; jne 0xfffb7ddf
+cmp byte [ebp - 0xd4], 0x62
+jne short loc_fffb7e0d ; jne 0xfffb7e0d
+
+loc_fffb7ddf:
+test byte [ebp - 0xc4], 0x20
+jne short loc_fffb7df4 ; jne 0xfffb7df4
+test al, al
+je short loc_fffb7e0d ; je 0xfffb7e0d
+mov al, byte [ebp - 0xd4]
+jmp short loc_fffb7dfd ; jmp 0xfffb7dfd
+
+loc_fffb7df4:
+mov al, byte [ebp - 0xd4]
+or eax, 0x20
+
+loc_fffb7dfd:
+mov byte [ebp - 0xa9], al
+mov dword [ebp - 0xdc], 2
+
+loc_fffb7e0d:
+test byte [ebp - 0xc4], 8
+je short loc_fffb7e24 ; je 0xfffb7e24
+lea eax, [ebp - 0xaa]
+mov dword [ebp - 0xf4], eax
+jmp short loc_fffb7e38 ; jmp 0xfffb7e38
+
+loc_fffb7e24:
+mov dword [ebp - 0xf4], 0
+mov dword [ebp - 0xdc], 0
+
+loc_fffb7e38:
+cmp esi, 0xa
+jne short loc_fffb7ea3 ; jne 0xfffb7ea3
+mov dword [ebp - 0xcc], 0
+lea ebx, [ebp - 0xa0]
+
+loc_fffb7e4d:
+mov edx, dword [ebp - 0xbc]
+mov eax, dword [ebp - 0xc0]
+mov esi, edx
+or esi, eax
+je loc_fffb7ff0 ; je 0xfffb7ff0
+push ebx
+push 0xa
+push dword [ebp - 0xbc]
+push dword [ebp - 0xc0]
+call fcn_fffd28b3 ; call 0xfffd28b3
+mov esi, dword [ebp - 0xa0]
+add esp, 0x10
+inc dword [ebp - 0xcc]
+mov dword [ebp - 0xc0], eax
+mov eax, dword [ebp - 0xcc]
+mov dword [ebp - 0xbc], edx
+lea edx, [esi + 0x30]
+neg eax
+mov byte [eax + ebp - 0x18], dl
+jmp short loc_fffb7e4d ; jmp 0xfffb7e4d
+
+loc_fffb7ea3:
+cmp byte [ebp - 0xd4], 0x75
+sete byte [ebp - 0xec]
+cmp esi, 8
+sete dl
+cmp esi, 2
+sete al
+or al, dl
+jne short loc_fffb7ee1 ; jne 0xfffb7ee1
+cmp esi, 0x10
+je short loc_fffb7ee1 ; je 0xfffb7ee1
+mov bl, byte [ebp - 0xec]
+mov dword [ebp - 0xcc], 0
+or ebx, dword [ebp - 0xe8]
+jmp near loc_fffb7f83 ; jmp 0xfffb7f83
+
+loc_fffb7ee1:
+lea eax, [esi - 1]
+cmp esi, 0x10
+je short loc_fffb7ef6 ; je 0xfffb7ef6
+cmp dl, 1
+sbb ecx, ecx
+and ecx, 0xfffffffe
+add ecx, 3
+jmp short loc_fffb7efb ; jmp 0xfffb7efb
+
+loc_fffb7ef6:
+mov ecx, 4
+
+loc_fffb7efb:
+mov dword [ebp - 0xcc], 0
+
+loc_fffb7f05:
+mov esi, dword [ebp - 0xbc]
+mov ebx, dword [ebp - 0xc0]
+mov edx, esi
+or edx, ebx
+je loc_fffb7ff0 ; je 0xfffb7ff0
+mov edx, dword [ebp - 0xc0]
+and edx, eax
+cmp byte [ebp - 0xd4], 0x78
+mov bl, byte [edx + ref_fffd5868] ; mov bl, byte [edx - 0x2a798]
+sete dl
+or dl, byte [ebp - 0xe8]
+jne short loc_fffb7f44 ; jne 0xfffb7f44
+cmp byte [ebp - 0xec], 0
+je short loc_fffb7f47 ; je 0xfffb7f47
+
+loc_fffb7f44:
+or ebx, 0x20
+
+loc_fffb7f47:
+inc dword [ebp - 0xcc]
+mov edx, dword [ebp - 0xcc]
+mov esi, dword [ebp - 0xbc]
+neg edx
+mov byte [edx + ebp - 0x18], bl
+mov ebx, dword [ebp - 0xc0]
+xor edx, edx
+shrd ebx, esi, cl
+shr esi, cl
+test cl, 0x20
+cmovne ebx, esi
+cmovne esi, edx
+mov dword [ebp - 0xc0], ebx
+mov dword [ebp - 0xbc], esi
+jmp short loc_fffb7f05 ; jmp 0xfffb7f05
+
+loc_fffb7f83:
+mov edx, dword [ebp - 0xbc]
+mov eax, dword [ebp - 0xc0]
+mov ecx, edx
+or ecx, eax
+je short loc_fffb7ff0 ; je 0xfffb7ff0
+push eax
+push esi
+push dword [ebp - 0xbc]
+push dword [ebp - 0xc0]
+call fcn_fffd2889 ; call 0xfffd2889
+add esp, 0xc
+push esi
+push dword [ebp - 0xbc]
+push dword [ebp - 0xc0]
+mov al, byte [eax + ref_fffd5868] ; mov al, byte [eax - 0x2a798]
+mov dl, al
+or edx, 0x20
+test bl, bl
+cmovne eax, edx
+inc dword [ebp - 0xcc]
+mov edx, dword [ebp - 0xcc]
+neg edx
+mov byte [edx + ebp - 0x18], al
+call fcn_fffd289e ; call 0xfffd289e
+add esp, 0x10
+mov dword [ebp - 0xc0], eax
+mov dword [ebp - 0xbc], edx
+jmp short loc_fffb7f83 ; jmp 0xfffb7f83
+
+loc_fffb7ff0:
+cmp dword [ebp - 0xd8], 0
+mov dword [ebp - 0xf0], 0
+je loc_fffb819b ; je 0xfffb819b
+mov ebx, dword [ebp - 0xf8]
+mov esi, dword [ebp - 0xd8]
+mov eax, dword [ebp - 0xcc]
+mov dword [ebp - 0xc0], 0x82
+mov byte [ebp - 0xec], 0
+lea ebx, [ebx + esi - 1]
+sub dword [ebp - 0xc0], eax
+mov dword [ebp - 0xe8], eax
+xor eax, eax
+mov dword [ebp - 0xd4], ebx
+
+loc_fffb8042:
+cmp dword [ebp - 0xe8], 0
+je loc_fffb819b ; je 0xfffb819b
+cmp dword [ebp - 0xd8], 0
+je loc_fffb829e ; je 0xfffb829e
+mov esi, dword [ebp - 0xd4]
+mov al, byte [esi]
+cmp al, 0x2d
+je loc_fffb819b ; je 0xfffb819b
+cmp al, 0x2a
+je short loc_fffb808e ; je 0xfffb808e
+mov ebx, dword [ebp - 0xd8]
+xor eax, eax
+mov dword [ebp - 0xec], 1
+sub esi, ebx
+mov edx, ebx
+mov dword [ebp - 0x100], esi
+jmp short loc_fffb80e1 ; jmp 0xfffb80e1
+
+loc_fffb808e:
+mov eax, dword [ebp - 0xc8]
+lea ebx, [eax + 4]
+mov eax, dword [eax]
+test eax, eax
+js loc_fffb8195 ; js 0xfffb8195
+mov ecx, dword [ebp - 0xd4]
+mov edx, dword [ebp - 0xd8]
+mov dword [ebp - 0xc8], ebx
+dec ecx
+dec edx
+jne short loc_fffb8108 ; jne 0xfffb8108
+jmp near loc_fffb819b ; jmp 0xfffb819b
+
+loc_fffb80bc:
+movsx esi, byte [ebp - 0xf9]
+mov ecx, dword [ebp - 0xec]
+sub esi, 0x30
+imul esi, ecx
+add eax, esi
+imul esi, ecx, 0xa
+mov dword [ebp - 0xec], esi
+dec edx
+je loc_fffb819b ; je 0xfffb819b
+
+loc_fffb80e1:
+mov ebx, dword [ebp - 0x100]
+mov ecx, edx
+sub ecx, dword [ebp - 0xd8]
+add ecx, dword [ebp - 0xd4]
+mov bl, byte [ebx + edx]
+lea esi, [ebx - 0x30]
+mov byte [ebp - 0xf9], bl
+mov ebx, esi
+cmp bl, 9
+jbe short loc_fffb80bc ; jbe 0xfffb80bc
+
+loc_fffb8108:
+mov bl, byte [ecx]
+lea esi, [ecx - 1]
+mov dword [ebp - 0xd4], esi
+mov byte [ebp - 0xec], bl
+lea ebx, [edx - 1]
+mov dword [ebp - 0xd8], ebx
+test eax, eax
+je short loc_fffb8186 ; je 0xfffb8186
+
+loc_fffb8126:
+mov esi, dword [ebp - 0xe8]
+cmp esi, eax
+jle short loc_fffb819b ; jle 0xfffb819b
+lea ecx, [ebp - 0x9a]
+sub esi, eax
+add ecx, dword [ebp - 0xc0]
+xor edx, edx
+
+loc_fffb8140:
+cmp edx, esi
+je short loc_fffb814e ; je 0xfffb814e
+mov bl, byte [ecx + edx]
+mov byte [ecx + edx - 1], bl
+inc edx
+jmp short loc_fffb8140 ; jmp 0xfffb8140
+
+loc_fffb814e:
+mov ecx, dword [ebp - 0xe8]
+dec dword [ebp - 0xc0]
+add ecx, dword [ebp - 0xc0]
+mov bl, byte [ebp - 0xec]
+inc dword [ebp - 0xcc]
+sub ecx, eax
+inc dword [ebp - 0xf0]
+mov byte [ebp + ecx - 0x9a], bl
+mov dword [ebp - 0xe8], edx
+jmp near loc_fffb8042 ; jmp 0xfffb8042
+
+loc_fffb8186:
+cmp dword [ebp - 0xd8], 0
+jne loc_fffb8042 ; jne 0xfffb8042
+jmp short loc_fffb819b ; jmp 0xfffb819b
+
+loc_fffb8195:
+mov dword [ebp - 0xc8], ebx
+
+loc_fffb819b:
+cmp dword [ebp - 0xd0], 0
+js short loc_fffb81ad ; js 0xfffb81ad
+and dword [ebp - 0xc4], 0xffffffef
+jmp short loc_fffb81b7 ; jmp 0xfffb81b7
+
+loc_fffb81ad:
+mov dword [ebp - 0xd0], 1
+
+loc_fffb81b7:
+mov esi, dword [ebp - 0xcc]
+mov eax, dword [ebp - 0xd0]
+add eax, dword [ebp - 0xf0]
+cmp eax, esi
+cmovl eax, esi
+mov esi, dword [ebp - 0xe0]
+xor edx, edx
+mov ebx, eax
+mov eax, dword [ebp - 0xdc]
+mov ecx, esi
+add eax, ebx
+sub ecx, eax
+cmp eax, esi
+cmovl edx, ecx
+mov ecx, dword [ebp - 0xc4]
+xor eax, eax
+and ecx, 4
+je short loc_fffb81fa ; je 0xfffb81fa
+mov eax, edx
+xor edx, edx
+
+loc_fffb81fa:
+test byte [ebp - 0xc4], 0x40
+je short loc_fffb8212 ; je 0xfffb8212
+add eax, edx
+xor edx, edx
+test ecx, ecx
+sete dl
+add edx, eax
+sar edx, 1
+sub eax, edx
+
+loc_fffb8212:
+sub ebx, dword [ebp - 0xcc]
+mov ecx, ebx
+test byte [ebp - 0xc4], 0x10
+je short loc_fffb8227 ; je 0xfffb8227
+add ecx, edx
+xor edx, edx
+
+loc_fffb8227:
+mov esi, dword [ebp - 0xcc]
+sub esp, 0xc
+push eax
+lea eax, [ebp - 0x9a]
+sub eax, esi
+push esi
+add eax, 0x82
+push eax
+push ecx
+mov ecx, dword [ebp - 0xf4]
+push dword [ebp - 0xdc]
+lea eax, [ebp - 0xa4]
+call fcn_fffb7325 ; call 0xfffb7325
+mov ebx, dword [ebp - 0xc8]
+add esp, 0x20
+
+loc_fffb8261:
+test eax, eax
+js loc_fffb7757 ; js 0xfffb7757
+
+loc_fffb8269:
+add dword [ebp - 0xe4], eax
+lea ecx, [edi + 1]
+jmp near loc_fffb776c ; jmp 0xfffb776c
+
+loc_fffb8277:
+mov eax, dword [ebp - 0xe4]
+jmp short loc_fffb82b2 ; jmp 0xfffb82b2
+
+loc_fffb827f:
+sub eax, ref_fffd58b0 ; sub eax, 0xfffd58b0
+inc edi
+mov eax, dword [eax*4 + ref_fffd5890] ; mov eax, dword [eax*4 - 0x2a770]
+or dword [ebp - 0xc4], eax
+jmp near loc_fffb77ba ; jmp 0xfffb77ba
+
+loc_fffb8297:
+mov edi, esi
+jmp near loc_fffb7973 ; jmp 0xfffb7973
+
+loc_fffb829e:
+test eax, eax
+jne loc_fffb8126 ; jne 0xfffb8126
+jmp near loc_fffb819b ; jmp 0xfffb819b
+
+loc_fffb82ab:
+add ebx, 4
+xor eax, eax
+jmp short loc_fffb8269 ; jmp 0xfffb8269
+
+loc_fffb82b2:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb82ba:
+push ebp
+mov ebp, esp
+push edi
+mov edi, ecx
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x20
+mov esi, dword [edx + 9]
+mov edx, dword [ebx + 0x188b]
+mov eax, dword [eax + 0x2443]
+push 4
+lea edx, [edx*4 + ref_fffd3230] ; lea edx, [edx*4 - 0x2cdd0]
+push edx
+lea edx, [ebp - 0x1c]
+push edx
+call dword [eax + 0x58] ; ucall
+mov al, byte [ebx + 0xfac]
+add esp, 0x10
+cmp byte [ebp - 0x1c], al
+mov al, 1
+jne short loc_fffb8350 ; jne 0xfffb8350
+mov cl, byte [ebx + 0xfad]
+cmp byte [ebp - 0x1b], cl
+jne short loc_fffb8350 ; jne 0xfffb8350
+mov cl, byte [ebx + 0xfae]
+cmp byte [ebp - 0x1a], cl
+jne short loc_fffb8350 ; jne 0xfffb8350
+mov cl, byte [ebx + 0xfaf]
+cmp byte [ebp - 0x19], cl
+jne short loc_fffb8350 ; jne 0xfffb8350
+mov ecx, dword [ebx + 0xfa4]
+cmp dword [ebx + 0x1887], ecx
+jne short loc_fffb8350 ; jne 0xfffb8350
+mov ecx, dword [ebx + 0xfa0]
+cmp dword [ebx + 0x1883], ecx
+jne short loc_fffb8350 ; jne 0xfffb8350
+xor eax, eax
+cmp edi, 2
+je short loc_fffb8350 ; je 0xfffb8350
+mov edx, 0x102
+mov eax, esi
+call fcn_fffc3dc3 ; call 0xfffc3dc3
+cmp eax, dword [ebx + 0xfb0]
+setne al
+
+loc_fffb8350:
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb8358:
+push ebp
+mov ebp, esp
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 8]
+lea eax, [ebp - 0xc]
+push eax
+push ebx
+call fcn_fffab60f ; call 0xfffab60f
+add esp, 0x10
+test eax, eax
+jns short loc_fffb837a ; jns 0xfffb837a
+mov dword [ebp - 0xc], 0
+
+loc_fffb837a:
+mov eax, dword [ebp - 0xc]
+test eax, eax
+je short loc_fffb838f ; je 0xfffb838f
+push edx
+push edx
+push ebx
+push eax
+call fcn_fffac673 ; call 0xfffac673
+add esp, 0x10
+jmp short loc_fffb8391 ; jmp 0xfffb8391
+
+loc_fffb838f:
+xor eax, eax
+
+loc_fffb8391:
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffb8396: ; not directly referenced
+and dh, 4
+je short loc_fffb83fa ; je 0xfffb83fa
+push ebp
+mov edx, ecx
+mov ebp, esp
+push edi
+push esi
+mov esi, ecx
+shr edx, 0x13
+push ebx
+and edx, 1
+sub esp, 0xc
+cmp edx, 1
+mov edi, dword [eax + 0x68]
+mov edx, ecx
+sbb ebx, ebx
+call fcn_fffc3bf5 ; call 0xfffc3bf5
+shr esi, 0x11
+and ebx, 0x10
+and esi, 1
+add ebx, 0x10
+push ecx
+push esi
+push edx
+push eax
+call edi
+add esp, 0x10
+cmp bx, 0x10
+jne short loc_fffb83e9 ; jne 0xfffb83e9
+xor eax, 0x1000000
+or eax, edx
+cmp eax, 1
+sbb eax, eax
+add eax, 0xb
+jmp short loc_fffb8400 ; jmp 0xfffb8400
+
+loc_fffb83e9: ; not directly referenced
+xor eax, 0x800000
+or eax, edx
+cmp eax, 1
+sbb eax, eax
+add eax, 0xa
+jmp short loc_fffb8400 ; jmp 0xfffb8400
+
+loc_fffb83fa: ; not directly referenced
+mov eax, 0xa
+ret
+
+loc_fffb8400: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb8408: ; not directly referenced
+and dh, 4
+je short loc_fffb846c ; je 0xfffb846c
+push ebp
+mov edx, ecx
+mov ebp, esp
+push edi
+push esi
+mov esi, ecx
+shr edx, 0x14
+push ebx
+and edx, 1
+sub esp, 0xc
+cmp edx, 1
+mov edi, dword [eax + 0x68]
+mov edx, ecx
+sbb ebx, ebx
+call fcn_fffc3bda ; call 0xfffc3bda
+shr esi, 0x12
+and ebx, 0x10
+and esi, 1
+add ebx, 0x10
+push ecx
+push esi
+push edx
+push eax
+call edi
+add esp, 0x10
+cmp bx, 0x10
+jne short loc_fffb845b ; jne 0xfffb845b
+xor eax, 0x1000000
+or eax, edx
+cmp eax, 1
+sbb eax, eax
+add eax, 0xb
+jmp short loc_fffb8472 ; jmp 0xfffb8472
+
+loc_fffb845b: ; not directly referenced
+xor eax, 0x800000
+or eax, edx
+cmp eax, 1
+sbb eax, eax
+add eax, 0xa
+jmp short loc_fffb8472 ; jmp 0xfffb8472
+
+loc_fffb846c: ; not directly referenced
+mov eax, 0xa
+ret
+
+loc_fffb8472: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb847a: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x1c], 0
+mov eax, dword [ebx + 0x2443]
+lea esi, [ebx + 0xfb9]
+mov dword [ebp - 0x20], eax
+lea eax, [ebx + 0x10]
+mov dword [ebp - 0x2c], eax
+mov al, byte [ebx + 0x3755]
+mov byte [ebx + 0xfb8], al
+mov eax, dword [ebx + 0x374e]
+mov dword [ebx + 0xfb4], eax
+
+loc_fffb84ba: ; not directly referenced
+imul eax, dword [ebp - 0x1c], 0x13c3
+xor edi, edi
+mov edx, dword [ebx + eax + 0x3816]
+lea ecx, [ebx + eax + 0x3756]
+mov dword [ebp - 0x28], ecx
+mov dword [esi + 4], edx
+mov dl, byte [ebx + eax + 0x381a]
+mov byte [esi + 8], dl
+mov eax, dword [ebx + eax + 0x3756]
+mov dword [esi], eax
+
+loc_fffb84ea: ; not directly referenced
+mov eax, dword [ebp - 0x28]
+push edx
+push 0x2e
+lea eax, [eax + edi + 4]
+push eax
+lea eax, [esi + edi + 9]
+add edi, 0x2e
+push eax
+mov eax, dword [ebp - 0x20]
+call dword [eax + 0x58] ; ucall
+add esp, 0x10
+cmp edi, 0xb8
+jne short loc_fffb84ea ; jne 0xfffb84ea
+imul eax, dword [ebp - 0x1c], 0x54a
+lea edx, [esi + 0x313]
+mov dword [ebp - 0x24], 0
+lea edi, [ebx + eax + 0x19bb]
+
+loc_fffb8529: ; not directly referenced
+mov ecx, dword [ebp - 0x24]
+mov dword [ebp - 0x30], edx
+mov edx, dword [ebp - 0x28]
+push eax
+push 0x128
+lea eax, [edx + ecx + 0x1173]
+push eax
+lea eax, [esi + ecx + 0xc1]
+push eax
+mov eax, dword [ebp - 0x20]
+call dword [eax + 0x58] ; ucall
+mov al, byte [edi + 3]
+add esp, 0x10
+mov edx, dword [ebp - 0x30]
+cmp byte [edi + 2], 0xc
+mov byte [edx - 2], al
+jne short loc_fffb8573 ; jne 0xfffb8573
+mov al, byte [edi + 0xd]
+mov ecx, 0x1d
+mov byte [edx - 1], al
+lea eax, [edi + 0x140]
+jmp short loc_fffb8581 ; jmp 0xfffb8581
+
+loc_fffb8573: ; not directly referenced
+mov al, byte [edi + 8]
+mov ecx, 0x1f
+mov byte [edx - 1], al
+lea eax, [edi + 0x75]
+
+loc_fffb8581: ; not directly referenced
+sub esp, 4
+add edi, 0x277
+push ecx
+push eax
+mov eax, dword [ebp - 0x20]
+push edx
+mov dword [ebp - 0x30], edx
+call dword [eax + 0x58] ; ucall
+mov edx, dword [ebp - 0x30]
+add esp, 0x10
+add dword [ebp - 0x24], 0x128
+add edx, 0x21
+cmp dword [ebp - 0x24], 0x250
+jne loc_fffb8529 ; jne 0xfffb8529
+inc dword [ebp - 0x1c]
+add esi, 0x433
+cmp dword [ebp - 0x1c], 2
+jne loc_fffb84ba ; jne 0xfffb84ba
+mov eax, dword [ebx + 0x3735]
+mov dword [ebx + 0x182c], eax
+mov eax, dword [ebx + 0x3739]
+mov dword [ebx + 0x1830], eax
+mov eax, dword [ebx + 0x373d]
+mov dword [ebx + 0x1834], eax
+mov eax, dword [ebx + 0x3741]
+mov dword [ebx + 0x1838], eax
+push eax
+mov eax, dword [ebx + 0x2443]
+push 4
+mov edx, dword [ebx + 0x188b]
+lea edx, [edx*4 + ref_fffd3230] ; lea edx, [edx*4 - 0x2cdd0]
+push edx
+lea edx, [ebx + 0xfac]
+push edx
+call dword [eax + 0x58] ; ucall
+mov eax, dword [ebx + 0x1887]
+add esp, 0x10
+xor ecx, ecx
+mov dword [ebx + 0xfa4], eax
+mov eax, dword [ebx + 0x1883]
+mov dword [ebx + 0xfa0], eax
+mov eax, dword [ebx + 0x188b]
+mov dword [ebx + 0xfa8], eax
+mov al, byte [ebx + 0x190d]
+mov byte [ebx + 0x1842], al
+mov eax, dword [ebx + 0x36d7]
+mov dword [ebx + 0x181f], eax
+mov eax, dword [ebx + 0x36df]
+mov dword [ebx + 0x1823], eax
+mov al, byte [ebx + 0x36e7]
+mov byte [ebx + 0x182b], al
+mov eax, dword [ebx + 0x36e3]
+mov dword [ebx + 0x1827], eax
+mov al, byte [ebx + 0x3748]
+mov byte [ebx + 0x183c], al
+mov eax, dword [ebx + 0x2480]
+mov dword [ebx + 0x183d], eax
+mov al, byte [ebx + 0x3749]
+mov byte [ebx + 0x1841], al
+mov al, byte [ebx + 0x36ca]
+mov byte [ebx + 0x184c], al
+mov al, byte [ebx + 0x36a8]
+mov byte [ebx + 0x184d], al
+mov eax, dword [ebx + 0x36cb]
+mov dword [ebx + 0x1843], eax
+mov eax, dword [ebx + 0x1912]
+mov dword [ebx + 0x1847], eax
+mov al, byte [ebx + 0x1916]
+mov byte [ebx + 0x184b], al
+
+loc_fffb86dc: ; not directly referenced
+mov eax, dword [ebx + ecx*8 + 0x36a9]
+mov edx, dword [ebx + ecx*8 + 0x36ad]
+mov dword [ebx + ecx*8 + 0x184e], eax
+mov dword [ebx + ecx*8 + 0x1852], edx
+inc ecx
+cmp ecx, 4
+jne short loc_fffb86dc ; jne 0xfffb86dc
+mov edx, dword [ebx + 0x18bd]
+mov eax, dword [ebx + 0x18b9]
+call fcn_fffc3dc3 ; call 0xfffc3dc3
+mov edx, 0x185e
+mov dword [ebx + 0xfb0], eax
+mov eax, dword [ebp - 0x2c]
+call fcn_fffc3dc3 ; call 0xfffc3dc3
+mov dword [ebx + 8], 0x1866
+mov dword [ebx + 0xc], eax
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb8736: ; not directly referenced
+mov eax, dword [0xff7d0084]
+push ebp
+mov ebp, esp
+push esi
+mov esi, dword [ebp + 8]
+push ebx
+mov eax, dword [eax + 0x14]
+mov ebx, dword [ebp + 0xc]
+sub esp, 0xc
+add eax, 0xb0048
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+cmp bl, 2
+je short loc_fffb876f ; je 0xfffb876f
+cmp bl, 6
+je short loc_fffb8776 ; je 0xfffb8776
+dec bl
+jne short loc_fffb8782 ; jne 0xfffb8782
+mov edx, 1
+jmp short loc_fffb877b ; jmp 0xfffb877b
+
+loc_fffb876f: ; not directly referenced
+mov edx, 2
+jmp short loc_fffb877b ; jmp 0xfffb877b
+
+loc_fffb8776: ; not directly referenced
+mov edx, 6
+
+loc_fffb877b: ; not directly referenced
+mov eax, esi
+call fcn_fffb7129 ; call 0xfffb7129
+
+loc_fffb8782: ; not directly referenced
+lea esp, [ebp - 8]
+xor eax, eax
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffb878b: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x38
+mov eax, dword [0xff7d0084]
+mov edi, dword [eax + 0x14]
+add edi, 0xb0048
+push edi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov ebx, eax
+lea eax, [ebp - 0x1c]
+push eax
+push 0
+push 0
+push ref_fffd604c ; push 0xfffd604c
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x20
+xor ecx, ecx
+mov esi, eax
+
+loc_fffb87c3: ; not directly referenced
+test bh, 1
+jne short loc_fffb87f3 ; jne 0xfffb87f3
+cmp ecx, 0x32
+je short loc_fffb883e ; je 0xfffb883e
+mov eax, dword [ebp - 0x1c]
+push ebx
+push 0x3e8
+push eax
+push dword [ebp + 8]
+mov dword [ebp - 0x2c], ecx
+call dword [eax + 4] ; ucall
+mov dword [esp], edi
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov ecx, dword [ebp - 0x2c]
+add esp, 0x10
+inc ecx
+mov ebx, eax
+jmp short loc_fffb87c3 ; jmp 0xfffb87c3
+
+loc_fffb87f3: ; not directly referenced
+cmp ecx, 0x32
+je short loc_fffb883e ; je 0xfffb883e
+mov edi, ebx
+test bl, bl
+jns short loc_fffb8835 ; jns 0xfffb8835
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov ebx, dword [eax + 0x14]
+add ebx, 0xf80a2
+push ebx
+call fcn_fffb3d06 ; call 0xfffb3d06
+pop edx
+pop ecx
+and eax, 0xff7f
+push eax
+push ebx
+call fcn_fffb3d20 ; call 0xfffb3d20
+mov eax, dword [ebp + 8]
+mov edx, 1
+call fcn_fffb7129 ; call 0xfffb7129
+add esp, 0x10
+mov esi, eax
+
+loc_fffb8835: ; not directly referenced
+mov eax, edi
+and eax, 0xffffff90
+cmp al, 0x10
+jne short loc_fffb8844 ; jne 0xfffb8844
+
+loc_fffb883e: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+mov byte [eax], 1
+
+loc_fffb8844: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb884e:
+push ebp
+mov ebp, esp
+mov ecx, dword [ebp + 8]
+mov edx, dword [ebp + 0xc]
+push ebx
+mov ebx, dword [ecx + 8]
+mov eax, dword [ecx + 0xc]
+xor ebx, dword [edx + 8]
+xor eax, dword [edx + 0xc]
+or ebx, eax
+mov ebx, dword [ecx]
+mov ecx, dword [ecx + 4]
+sete al
+xor ebx, dword [edx]
+xor ecx, dword [edx + 4]
+or ebx, ecx
+sete dl
+and eax, edx
+pop ebx
+pop ebp
+ret
+
+fcn_fffb887d: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x6c
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x68], ecx
+mov ecx, dword [ebp + 0xc]
+mov ebx, dword [ebp + 0x10]
+mov byte [ebp - 0x30], 0x21
+mov dword [ebp - 0x6c], eax
+mov al, byte [ebp + 0x14]
+mov dword [ebp - 0x3c], ecx
+mov byte [ebp - 0x76], cl
+mov edi, ebx
+mov byte [ebp - 0x2f], 0x42
+mov byte [ebp - 0x40], al
+mov byte [ebp - 0x2e], 0x58
+mov byte [ebp - 0x2d], 0x64
+mov byte [ebp - 0x2c], 0x85
+mov byte [ebp - 0x2b], 0xa6
+mov byte [ebp - 0x2a], 0xc8
+mov byte [ebp - 0x29], 0xe9
+mov byte [ebp - 0x28], 0x2f
+mov byte [ebp - 0x27], 0x41
+mov byte [ebp - 0x26], 0x53
+mov byte [ebp - 0x25], 0x64
+mov byte [ebp - 0x24], 0x7d
+mov byte [ebp - 0x23], 0x95
+mov byte [ebp - 0x22], 0xad
+mov byte [ebp - 0x21], 0xc5
+mov byte [ebp - 0x20], 0x76
+mov byte [ebp - 0x1f], 0x70
+mov byte [ebp - 0x1e], 0x6c
+mov byte [ebp - 0x1d], 0x67
+mov eax, dword [esi + 0x5edc]
+mov byte [ebp - 0x1c], 0x64
+mov byte [ebp - 0x1b], 0x61
+mov byte [ebp - 0x1a], 0x5f
+mov dword [ebp - 0x58], eax
+movzx eax, dl
+mov edx, dword [ebp - 0x58]
+mov dword [ebp - 0x60], eax
+imul eax, eax, 0xcc
+mov byte [ebp - 0x19], 0x5d
+mov dword [ebp - 0x74], 0
+mov dword [ebp - 0x5c], 0
+lea eax, [edx + eax + 0x1c]
+mov dl, 0x19
+mov dword [ebp - 0x44], eax
+mov eax, dword [esi + 0x18a7]
+mov eax, dword [esi + eax*4 + 0x3735]
+mov dword [ebp - 0x48], eax
+mov eax, dword [esi + 0x188b]
+mov dword [ebp - 0x70], eax
+xor eax, eax
+cmp dword [esi + 0x2480], 3
+sete al
+cmp cl, 0xc
+mov dword [ebp - 0x64], eax
+mov al, 0x4b
+cmovne edx, eax
+cmp dword [ebp + 0x1c], 0
+mov byte [ebp - 0x75], dl
+je short loc_fffb897e ; je 0xfffb897e
+mov eax, dword [ebp + 0x1c]
+cmp dword [eax], 0
+setne al
+movzx eax, al
+mov dword [ebp - 0x4c], eax
+jmp short loc_fffb89a3 ; jmp 0xfffb89a3
+
+loc_fffb897e: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+cmp al, 0xc
+sete dl
+cmp al, 0xa
+sete al
+or dl, al
+je short loc_fffb8996 ; je 0xfffb8996
+
+loc_fffb898f: ; not directly referenced
+xor eax, eax
+jmp near loc_fffb8ff5 ; jmp 0xfffb8ff5
+
+loc_fffb8996: ; not directly referenced
+cmp byte [ebp - 0x3c], 0xf
+je short loc_fffb898f ; je 0xfffb898f
+mov dword [ebp - 0x4c], 0
+
+loc_fffb89a3: ; not directly referenced
+cmp dword [ebp - 0x64], 0
+jne short loc_fffb89eb ; jne 0xfffb89eb
+mov edx, dword [ebp - 0x60]
+imul eax, edx, 0x54a
+imul edx, edx, 0x13c3
+lea eax, [esi + eax + 0x196b]
+mov dl, byte [esi + edx + 0x381a]
+test dl, 1
+je short loc_fffb89d4 ; je 0xfffb89d4
+cmp byte [eax + 0x27e], 0
+je short loc_fffb89fb ; je 0xfffb89fb
+
+loc_fffb89d4: ; not directly referenced
+and dl, 4
+je short loc_fffb8a04 ; je 0xfffb8a04
+cmp byte [eax + 0x4f5], 1
+sbb eax, eax
+mov dword [ebp - 0x54], eax
+add dword [ebp - 0x54], 0x24
+jmp short loc_fffb8a0b ; jmp 0xfffb8a0b
+
+loc_fffb89eb: ; not directly referenced
+mov dword [ebp - 0x54], 0x50
+mov dword [ebp - 0x50], 0x37
+jmp short loc_fffb8a12 ; jmp 0xfffb8a12
+
+loc_fffb89fb: ; not directly referenced
+mov dword [ebp - 0x54], 0x23
+jmp short loc_fffb8a0b ; jmp 0xfffb8a0b
+
+loc_fffb8a04: ; not directly referenced
+mov dword [ebp - 0x54], 0x24
+
+loc_fffb8a0b: ; not directly referenced
+mov dword [ebp - 0x50], 0x23
+
+loc_fffb8a12: ; not directly referenced
+cmp byte [ebp - 0x3c], 2
+ja loc_fffb8b08 ; ja 0xfffb8b08
+movzx eax, byte [ebp - 0x6c]
+mov edx, dword [ebp - 0x44]
+cmp byte [ebp - 0x3c], 1
+mov eax, dword [edx + eax*4 + 0x78]
+mov dword [ebp - 0x5c], eax
+jne short loc_fffb8a44 ; jne 0xfffb8a44
+mov edx, 0x3a04
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov dword [ebp - 0x74], eax
+jmp near loc_fffb8b12 ; jmp 0xfffb8b12
+
+loc_fffb8a44: ; not directly referenced
+mov edx, 0x3a00
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+cmp byte [ebp - 0x3c], 0
+jne loc_fffb8b08 ; jne 0xfffb8b08
+mov ebx, dword [ebp - 0x58]
+mov edx, dword [ebx + 0xc]
+shr edx, 0xb
+mov cl, dl
+and ecx, 0xf
+and dl, 8
+lea ebx, [ecx - 0x10]
+cmovne ecx, ebx
+cmp dword [ebp + 0x18], 0
+je short loc_fffb8a90 ; je 0xfffb8a90
+mov edi, dword [ebp - 0x5c]
+and eax, 0x3f
+mov byte [ebp - 0x40], al
+mov eax, edi
+and eax, 0x3f
+and edi, 0x20
+lea edx, [eax - 0x40]
+cmovne eax, edx
+mov edi, eax
+
+loc_fffb8a90: ; not directly referenced
+cmp dword [ebp - 0x70], 1
+movsx ecx, cl
+mov edx, dword [esi + 0x1887]
+sbb ebx, ebx
+and ebx, 0x12
+add ebx, 0x1e
+cmp edx, 0x306d0
+sete al
+cmp edx, 0x40650
+sete dl
+movsx ebx, bl
+or eax, edx
+mov edx, 0x20
+cmp al, 1
+sbb eax, eax
+sub edx, ecx
+and eax, 0xffffffd3
+add ecx, 0x20
+add eax, 0x78
+movzx eax, al
+imul eax, edx
+cdq
+idiv ecx
+mov ecx, 3
+xor edx, edx
+div cx
+movsx ecx, byte [ebp - 0x40]
+lea edx, [ecx + ecx*2]
+add edx, ebx
+imul eax, edx
+mov edx, edi
+movsx edx, dl
+add edx, ecx
+lea edx, [edx + edx*2]
+movzx eax, ax
+add ebx, edx
+cdq
+idiv ebx
+mov ecx, eax
+jmp near loc_fffb8c02 ; jmp 0xfffb8c02
+
+loc_fffb8b08: ; not directly referenced
+cmp byte [ebp - 0x3c], 1
+jne loc_fffb8bab ; jne 0xfffb8bab
+
+loc_fffb8b12: ; not directly referenced
+mov eax, dword [ebp - 0x58]
+mov ecx, dword [eax + 0xc]
+mov eax, ecx
+shr eax, 3
+and eax, 1
+shr ecx, 0xf
+mov byte [ebp - 0x64], al
+mov al, cl
+and eax, 0x1f
+cmp dword [ebp - 0x70], 1
+lea edx, [eax - 0x20]
+sbb ebx, ebx
+and ebx, 6
+add ebx, 0xa
+and cl, 0x10
+cmove edx, eax
+cmp dword [ebp + 0x18], 0
+je short loc_fffb8b65 ; je 0xfffb8b65
+mov al, byte [ebp - 0x74]
+mov edi, dword [ebp - 0x5c]
+and eax, 0x3f
+shr edi, 0xc
+mov byte [ebp - 0x40], al
+mov eax, edi
+and eax, 0x1f
+and edi, 0x10
+lea ecx, [eax - 0x20]
+cmovne eax, ecx
+mov edi, eax
+
+loc_fffb8b65: ; not directly referenced
+mov cl, byte [ebp - 0x40]
+mov al, 1
+movsx edx, dl
+movsx ebx, bl
+test cl, cl
+cmove ecx, eax
+mov eax, esi
+mov byte [ebp - 0x40], cl
+call fcn_fffa6cfe ; call 0xfffa6cfe
+mov dl, byte [ebp - 0x64]
+xor edx, 1
+movzx edx, dl
+imul ebx, edx
+movsx edx, byte [ebp - 0x40]
+lea ecx, [ebx + edx]
+imul eax, ecx
+mov ecx, edi
+movsx ecx, cl
+add edx, ecx
+add ebx, edx
+movzx eax, ax
+cdq
+idiv ebx
+mov ecx, eax
+jmp near loc_fffb8ca4 ; jmp 0xfffb8ca4
+
+loc_fffb8bab: ; not directly referenced
+cmp byte [ebp - 0x3c], 2
+jne short loc_fffb8bd7 ; jne 0xfffb8bd7
+cmp dword [ebp + 0x18], 0
+je short loc_fffb8bca ; je 0xfffb8bca
+mov edi, dword [ebp - 0x5c]
+shr edi, 0x1b
+mov eax, edi
+and eax, 0x10
+lea ecx, [edi - 0x20]
+test al, al
+cmovne edi, ecx
+
+loc_fffb8bca: ; not directly referenced
+mov eax, edi
+movsx ecx, al
+add ecx, 0x32
+jmp near loc_fffb8ca4 ; jmp 0xfffb8ca4
+
+loc_fffb8bd7: ; not directly referenced
+cmp byte [ebp - 0x3c], 4
+jne short loc_fffb8be5 ; jne 0xfffb8be5
+movsx ecx, bl
+jmp near loc_fffb8dec ; jmp 0xfffb8dec
+
+loc_fffb8be5: ; not directly referenced
+cmp byte [ebp - 0x3c], 5
+jne short loc_fffb8c00 ; jne 0xfffb8c00
+movsx ax, bl
+idiv byte [ebp - 0x76]
+movsx eax, al
+lea ecx, [eax + eax*4]
+add ecx, 0x64
+jmp near loc_fffb8dec ; jmp 0xfffb8dec
+
+loc_fffb8c00: ; not directly referenced
+xor ecx, ecx
+
+loc_fffb8c02: ; not directly referenced
+cmp byte [ebp - 0x3c], 9
+jne loc_fffb8ca4 ; jne 0xfffb8ca4
+cmp dword [ebp + 0x18], 0
+je short loc_fffb8c67 ; je 0xfffb8c67
+cmp byte [ebp - 0x68], 3
+ja loc_fffb898f ; ja 0xfffb898f
+mov ecx, dword [ebp - 0x68]
+imul eax, dword [ebp - 0x60], 0x13c3
+mov edx, ecx
+and edx, 1
+shr ecx, 1
+imul edx, edx, 0x18
+imul ecx, ecx, 0x128
+lea eax, [esi + eax + 0x3756]
+add edx, ecx
+cmp dword [ebp - 0x64], 0
+je short loc_fffb8c55 ; je 0xfffb8c55
+mov cx, word [eax + edx + 0x1271]
+lea edi, [ecx - 1]
+and edi, 0xf
+jmp short loc_fffb8c6d ; jmp 0xfffb8c6d
+
+loc_fffb8c55: ; not directly referenced
+mov cx, word [eax + edx + 0x126d]
+shr cx, 1
+mov edi, ecx
+and edi, 1
+jmp short loc_fffb8c8d ; jmp 0xfffb8c8d
+
+loc_fffb8c67: ; not directly referenced
+cmp dword [ebp - 0x64], 0
+je short loc_fffb8c84 ; je 0xfffb8c84
+
+loc_fffb8c6d: ; not directly referenced
+mov eax, edi
+mov ebx, 7
+cmp al, 6
+mov al, 6
+cmovg edi, eax
+mov eax, edi
+movsx eax, al
+sub ebx, eax
+jmp short loc_fffb8c95 ; jmp 0xfffb8c95
+
+loc_fffb8c84: ; not directly referenced
+mov eax, edi
+cmp al, 0xfa
+mov al, 0xfb
+cmovle edi, eax
+
+loc_fffb8c8d: ; not directly referenced
+mov eax, edi
+movsx ebx, al
+add ebx, 6
+
+loc_fffb8c95: ; not directly referenced
+mov eax, 0xf0
+cdq
+idiv ebx
+mov ecx, eax
+jmp near loc_fffb8dec ; jmp 0xfffb8dec
+
+loc_fffb8ca4: ; not directly referenced
+cmp byte [ebp - 0x3c], 6
+jne loc_fffb8dec ; jne 0xfffb8dec
+mov edx, 0x3918
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov dl, byte [esi + 0x36e7]
+and eax, 3
+cmp dword [esi + 0x36e3], 1
+sbb ebx, ebx
+and ebx, 0xfffffffe
+add ebx, 6
+cmp dword [esi + 0x188b], 0
+jne loc_fffb8d81 ; jne 0xfffb8d81
+cmp dword [ebp - 0x48], 0x546
+movzx eax, al
+seta cl
+sub edx, ebx
+cmp dl, 4
+mov bl, 4
+cmovle ebx, edx
+xor edx, edx
+test bl, bl
+movzx ecx, cl
+cmovns edx, ebx
+cmp dword [esi + 0x1887], 0x40650
+jne short loc_fffb8d26 ; jne 0xfffb8d26
+cmp dl, 2
+mov bl, 2
+cmovle ebx, edx
+movsx ebx, bl
+lea ecx, [ecx + ecx*2]
+add ecx, ebx
+movzx ebx, byte [eax + ecx*4 + ref_fffd32d4] ; movzx ebx, byte [eax + ecx*4 - 0x2cd2c]
+jmp short loc_fffb8d36 ; jmp 0xfffb8d36
+
+loc_fffb8d26: ; not directly referenced
+movsx edx, dl
+lea ecx, [ecx + ecx*4]
+add edx, ecx
+movzx ebx, byte [eax + edx*4 + ref_fffd32ac] ; movzx ebx, byte [eax + edx*4 - 0x2cd54]
+
+loc_fffb8d36: ; not directly referenced
+imul eax, dword [ebp - 0x48], 0x4b0
+mov ecx, 0x3e8
+xor edx, edx
+div ecx
+xor edx, edx
+add eax, 0x520
+div ecx
+cmp dword [ebp + 0x18], 0
+mov ecx, eax
+je short loc_fffb8d6d ; je 0xfffb8d6d
+movzx eax, byte [ebp - 0x6c]
+mov edi, dword [ebp - 0x44]
+movzx edi, byte [edi + eax*4 + 5]
+mov eax, edi
+shr al, 2
+mov edi, eax
+and edi, 7
+
+loc_fffb8d6d: ; not directly referenced
+mov eax, edi
+movzx ebx, byte [ebp + ebx - 0x30]
+movsx eax, al
+movzx eax, byte [ebp + eax - 0x30]
+imul eax, ecx
+jmp short loc_fffb8de5 ; jmp 0xfffb8de5
+
+loc_fffb8d81: ; not directly referenced
+imul eax, dword [ebp - 0x48], 0x5fa
+xor edx, edx
+mov ecx, 0x3e8
+div ecx
+cmp dword [ebp + 0x18], 0
+lea edx, [eax + 0x4cc]
+je short loc_fffb8dbc ; je 0xfffb8dbc
+movzx eax, byte [ebp - 0x6c]
+mov ecx, dword [ebp - 0x44]
+movzx edi, byte [ecx + eax*4 + 5]
+mov ebx, edi
+shr bl, 2
+mov edi, ebx
+mov bl, byte [ecx + eax*4 + 0x2b]
+and edi, 7
+shr bl, 2
+jmp short loc_fffb8dc5 ; jmp 0xfffb8dc5
+
+loc_fffb8dbc: ; not directly referenced
+mov eax, edi
+mov ebx, edi
+shr al, 3
+mov edi, eax
+
+loc_fffb8dc5: ; not directly referenced
+and ebx, 7
+mov eax, edi
+movzx ebx, bl
+movsx eax, al
+movzx ecx, byte [ebp + ebx - 0x20]
+mov ebx, 0x2710
+movzx eax, byte [ebp + eax - 0x28]
+imul eax, ecx
+imul eax, edx
+
+loc_fffb8de5: ; not directly referenced
+xor edx, edx
+div ebx
+movzx ecx, ax
+
+loc_fffb8dec: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+cmp al, 0xa
+sete bl
+cmp al, 0xc
+sete al
+mov byte [ebp - 0x64], al
+or al, bl
+mov byte [ebp - 0x5c], bl
+jne short loc_fffb8e0f ; jne 0xfffb8e0f
+cmp byte [ebp - 0x3c], 0xf
+jne loc_fffb8fb2 ; jne 0xfffb8fb2
+jmp short loc_fffb8e36 ; jmp 0xfffb8e36
+
+loc_fffb8e0f: ; not directly referenced
+cmp byte [ebp - 0x3c], 0xf
+je short loc_fffb8e36 ; je 0xfffb8e36
+mov eax, dword [ebp - 0x58]
+cmp dword [ebp - 0x4c], 0
+mov ecx, dword [eax + 0xc]
+je short loc_fffb8e26 ; je 0xfffb8e26
+shr ecx, 0x18
+jmp short loc_fffb8e29 ; jmp 0xfffb8e29
+
+loc_fffb8e26: ; not directly referenced
+shr ecx, 0x14
+
+loc_fffb8e29: ; not directly referenced
+and ecx, 0xf
+test cl, 8
+je short loc_fffb8e38 ; je 0xfffb8e38
+sub ecx, 0x10
+jmp short loc_fffb8e38 ; jmp 0xfffb8e38
+
+loc_fffb8e36: ; not directly referenced
+mov ecx, edi
+
+loc_fffb8e38: ; not directly referenced
+movsx ecx, cl
+xor edx, edx
+add ecx, 0x20
+mov eax, 0x1900
+div ecx
+sub eax, 0x64
+cmp dword [ebp + 0x18], 0
+mov dword [ebp - 0x58], eax
+setne bl
+cmp byte [ebp - 0x3c], 0xf
+sete al
+xor edx, edx
+mov byte [ebp - 0x68], al
+or al, bl
+je short loc_fffb8ed5 ; je 0xfffb8ed5
+cmp dword [ebp - 0x4c], 0
+je short loc_fffb8e7e ; je 0xfffb8e7e
+mov edx, 0x3a0c
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, dword [ebp - 0x44]
+mov edx, dword [edi + 0x50]
+jmp short loc_fffb8e90 ; jmp 0xfffb8e90
+
+loc_fffb8e7e: ; not directly referenced
+mov edx, 0x3a08
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, dword [ebp - 0x44]
+mov edx, dword [edi + 0x4c]
+
+loc_fffb8e90: ; not directly referenced
+shr edx, 9
+shr eax, 0xc
+mov edi, edx
+and eax, 0x3f
+and edi, 0xf
+mov byte [ebp - 0x40], al
+test edi, 8
+je short loc_fffb8eac ; je 0xfffb8eac
+sub edi, 0x10
+
+loc_fffb8eac: ; not directly referenced
+xor edx, edx
+test bl, bl
+je short loc_fffb8ed5 ; je 0xfffb8ed5
+cmp byte [ebp - 0x64], 0
+je short loc_fffb8ed5 ; je 0xfffb8ed5
+mov edx, dword [ebp - 0x60]
+mov eax, esi
+shl edx, 8
+add edx, 0x140c
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, edi
+shr eax, 0xd
+mov edi, eax
+and edi, 3
+
+loc_fffb8ed5: ; not directly referenced
+movsx ecx, byte [ebp - 0x40]
+mov eax, dword [ebp - 0x58]
+mov bl, byte [ebp - 0x68]
+add ecx, 0xc
+imul eax, ecx
+or bl, byte [ebp - 0x5c]
+mov ebx, edi
+movsx ebx, bl
+je short loc_fffb8f18 ; je 0xfffb8f18
+add ecx, ebx
+xor edx, edx
+mov esi, dword [ebp - 0x50]
+div ecx
+xor edx, edx
+mov ecx, 5
+div ecx
+mov ebx, eax
+mov eax, dword [ebp + 0x1c]
+add esi, ebx
+mov dword [eax], ebx
+mov eax, dword [ebp - 0x54]
+add eax, ebx
+cmp dword [ebp - 0x4c], 0
+cmovne esi, eax
+jmp short loc_fffb8f38 ; jmp 0xfffb8f38
+
+loc_fffb8f18: ; not directly referenced
+movsx edx, dl
+mov esi, dword [ebp - 0x50]
+add ecx, edx
+xor edx, edx
+div ecx
+mov ecx, 5
+sub ecx, ebx
+xor edx, edx
+div ecx
+mov ebx, eax
+add esi, eax
+mov eax, dword [ebp + 0x1c]
+mov dword [eax], ebx
+
+loc_fffb8f38: ; not directly referenced
+imul eax, dword [ebp - 0x48], 0x3e8
+add esi, esi
+xor edx, edx
+div esi
+mov esi, 0x3e8
+xor edx, edx
+mov ecx, eax
+div esi
+movzx esi, byte [ebp - 0x75]
+xor edx, edx
+mov dword [ebp - 0x40], esi
+mov esi, eax
+imul esi, eax
+mov dword [ebp - 0x50], eax
+mov eax, esi
+mov esi, 0x64
+imul eax, ebx
+imul ebx, dword [ebp - 0x50]
+div esi
+xor edx, edx
+imul eax, dword [ebp - 0x40]
+div esi
+mov edx, dword [ebp + 0x1c]
+mov dword [edx + 4], eax
+mov eax, dword [ebp - 0x48]
+xor edx, edx
+sub eax, ebx
+sub eax, ebx
+mov ebx, 0x3e8
+imul eax, eax
+div ebx
+mov bx, 0x2710
+xor edx, edx
+imul eax, eax, 0xd2f0
+div ebx
+xor edx, edx
+div esi
+xor edx, edx
+imul eax, dword [ebp - 0x40]
+div esi
+mov esi, dword [ebp + 0x1c]
+mov dword [esi + 8], eax
+
+loc_fffb8fb2: ; not directly referenced
+cmp byte [ebp - 0x3c], 0xb
+mov eax, ecx
+jne short loc_fffb8ff5 ; jne 0xfffb8ff5
+cmp dword [ebp + 0x18], 0
+je short loc_fffb8fed ; je 0xfffb8fed
+mov eax, dword [ebp - 0x44]
+mov eax, dword [eax + 0x4c]
+mov dword [ebp - 0x3c], eax
+mov cl, byte [ebp - 0x3c]
+and ecx, 0x1f
+cmp dword [ebp - 0x4c], 0
+mov edi, ecx
+je short loc_fffb8fe2 ; je 0xfffb8fe2
+mov eax, dword [ebp - 0x44]
+mov ecx, dword [eax + 0x50]
+mov edi, ecx
+and edi, 0x1f
+
+loc_fffb8fe2: ; not directly referenced
+test edi, 0x10
+je short loc_fffb8fed ; je 0xfffb8fed
+sub edi, 0x20
+
+loc_fffb8fed: ; not directly referenced
+mov eax, edi
+movsx eax, al
+add eax, 0x32
+
+loc_fffb8ff5: ; not directly referenced
+add esp, 0x6c
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb8ffd: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x8c
+mov eax, dword [eax + 0x188b]
+mov byte [ebp - 0x2a], 0
+mov byte [ebp - 0x29], 0x3c
+mov byte [ebp - 0x28], 0x78
+cmp eax, 1
+mov dword [ebp - 0x8c], eax
+sbb eax, eax
+mov dword [ebp - 0x88], eax
+and word [ebp - 0x88], 0xfc19
+add word [ebp - 0x88], 0x3e8
+mov byte [ebp - 0x27], 0x28
+mov byte [ebp - 0x26], 0x14
+mov byte [ebp - 0x25], 0x1e
+mov byte [ebp - 0x35], 0
+mov byte [ebp - 0x34], 0x3c
+mov byte [ebp - 0x33], 0x78
+mov byte [ebp - 0x32], 0
+mov byte [ebp - 0x31], 0x22
+mov byte [ebp - 0x30], 0x28
+mov byte [ebp - 0x2f], 0x30
+mov byte [ebp - 0x2e], 0
+mov byte [ebp - 0x2d], 0
+mov byte [ebp - 0x2c], 0x78
+mov byte [ebp - 0x2b], 0xf0
+mov dword [ebp - 0x48], ebx
+mov dword [ebp - 0x3c], 0
+mov dword [ebp - 0x44], 0
+mov dword [ebp - 0x50], 0
+mov dword [ebp - 0x6c], 0
+mov byte [ebp - 0x76], 0
+
+loc_fffb909d: ; not directly referenced
+mov eax, dword [ebp - 0x48]
+mov esi, edi
+mov dword [ebp - 0x54], 0
+mov word [ebp - 0x4a], 0
+mov word [ebp - 0x56], 0
+add eax, 0x3756
+mov word [ebp - 0x4c], 0
+mov dword [ebp - 0x70], 0
+mov dword [ebp - 0x94], eax
+
+loc_fffb90cd: ; not directly referenced
+mov ecx, dword [ebp - 0x48]
+mov al, byte [ebp - 0x54]
+mov edx, dword [ecx + 0x3816]
+mov cl, al
+mov dword [ebp - 0x90], edx
+mov edx, 1
+shl edx, cl
+mov ecx, dword [ebp - 0x48]
+test byte [ecx + 0x381a], dl
+je loc_fffb93e9 ; je 0xfffb93e9
+cmp dword [ebx + 0x2480], 3
+jne short loc_fffb9140 ; jne 0xfffb9140
+cmp al, 1
+ja loc_fffb9474 ; ja 0xfffb9474
+imul eax, dword [ebp - 0x54], 0x18
+mov word [ebp - 0x40], 0x3fff
+mov dx, word [ecx + eax + 0x49c7]
+and edx, 3
+mov cl, byte [ebp + edx - 0x32]
+mov byte [ebp - 0x75], cl
+mov ecx, dword [ebp - 0x48]
+mov ax, word [ecx + eax + 0x49cf]
+and eax, 3
+movzx eax, byte [ebp + eax - 0x2e]
+mov word [ebp - 0x68], ax
+jmp near loc_fffb91c6 ; jmp 0xfffb91c6
+
+loc_fffb9140: ; not directly referenced
+mov dl, al
+and eax, 1
+shr dl, 1
+movzx edx, dl
+imul edx, edx, 0x128
+imul eax, eax, 0x18
+add eax, edx
+add eax, dword [ebp - 0x94]
+mov cx, word [eax + 0x126d]
+mov ax, word [eax + 0x126f]
+mov word [ebp - 0x68], ax
+mov eax, ecx
+shr ax, 1
+and eax, 1
+add eax, 6
+mov dword [ebp - 0x40], eax
+mov eax, 0xf0
+cdq
+idiv dword [ebp - 0x40]
+mov edx, ecx
+shr dx, 6
+and edx, 1
+add edx, edx
+shr word [ebp - 0x68], 9
+mov byte [ebp - 0x75], al
+mov eax, ecx
+shr ax, 9
+and eax, 1
+shl eax, 2
+shr cx, 2
+or eax, edx
+and ecx, 1
+or eax, ecx
+movzx eax, byte [ebp + eax - 0x2a]
+mov word [ebp - 0x40], ax
+mov eax, dword [ebp - 0x68]
+and eax, 3
+movzx eax, byte [ebp + eax - 0x35]
+mov word [ebp - 0x68], ax
+
+loc_fffb91c6: ; not directly referenced
+cmp dword [ebp - 0x70], 0
+jne loc_fffb934b ; jne 0xfffb934b
+mov byte [ebp - 0x70], 0
+
+loc_fffb91d4: ; not directly referenced
+movzx ecx, byte [ebx + 0x2488]
+cmp byte [ebp - 0x70], cl
+jae short loc_fffb9258 ; jae 0xfffb9258
+push edx
+movzx eax, byte [ebp - 0x70]
+xor ecx, ecx
+push edx
+mov edx, dword [ebp - 0x3c]
+push 0
+push 1
+push 0
+push 0
+push 0
+push eax
+mov dword [ebp - 0x74], eax
+mov eax, ebx
+call fcn_fffb887d ; call 0xfffb887d
+add esp, 0x18
+mov edx, dword [ebp - 0x3c]
+push 0
+xor ecx, ecx
+push 1
+push 0
+push 0
+push 1
+push dword [ebp - 0x74]
+add word [ebp - 0x56], ax
+mov eax, ebx
+call fcn_fffb887d ; call 0xfffb887d
+add esp, 0x18
+mov edx, dword [ebp - 0x3c]
+push 0
+xor ecx, ecx
+push 1
+push 0
+push 0
+push 6
+push dword [ebp - 0x74]
+add word [ebp - 0x4c], ax
+mov eax, ebx
+call fcn_fffb887d ; call 0xfffb887d
+xor edx, edx
+add esp, 0x20
+inc byte [ebp - 0x70]
+div word [ebp - 0x88]
+add word [ebp - 0x4a], ax
+jmp near loc_fffb91d4 ; jmp 0xfffb91d4
+
+loc_fffb9258: ; not directly referenced
+movzx eax, word [ebp - 0x56]
+mov dword [ebp - 0x70], 1
+cdq
+idiv ecx
+mov word [ebp - 0x56], ax
+movzx eax, word [ebp - 0x4c]
+cdq
+idiv ecx
+mov word [ebp - 0x4c], ax
+movzx eax, word [ebp - 0x4a]
+cdq
+idiv ecx
+cmp dword [ebp - 0x8c], 1
+mov word [ebp - 0x4a], ax
+jne loc_fffb934b ; jne 0xfffb934b
+push eax
+mov edx, dword [ebp - 0x3c]
+xor ecx, ecx
+push eax
+lea eax, [ebp - 0x24]
+push eax
+movzx eax, byte [ebx + 0x2488]
+push 1
+push 0
+push 0
+push 0xa
+push eax
+mov eax, ebx
+mov dword [ebp - 0x24], 0
+call fcn_fffb887d ; call 0xfffb887d
+mov eax, dword [ebp - 0x20]
+add esp, 0x18
+mov edx, dword [ebp - 0x3c]
+xor ecx, ecx
+mov dword [edi + 0x20], eax
+mov eax, dword [ebp - 0x1c]
+mov dword [edi + 0x24], eax
+lea eax, [ebp - 0x24]
+push eax
+movzx eax, byte [ebx + 0x2488]
+push 1
+push 0
+push 0
+push 0xc
+push eax
+mov eax, ebx
+mov dword [ebp - 0x24], 0
+call fcn_fffb887d ; call 0xfffb887d
+mov eax, dword [ebp - 0x20]
+add esp, 0x18
+add dword [edi + 0x20], eax
+xor ecx, ecx
+mov eax, dword [ebp - 0x1c]
+add dword [edi + 0x24], eax
+lea eax, [ebp - 0x24]
+mov edx, dword [ebp - 0x3c]
+push eax
+movzx eax, byte [ebx + 0x2488]
+push 1
+push 0
+push 0
+push 0xa
+push eax
+mov eax, ebx
+mov dword [ebp - 0x24], 1
+call fcn_fffb887d ; call 0xfffb887d
+mov eax, dword [ebp - 0x20]
+add esp, 0x20
+mov dword [edi + 0x28], eax
+mov edx, dword [ebp - 0x1c]
+add eax, edx
+mov dword [ebp - 0x44], eax
+mov eax, dword [edi + 0x20]
+add dword [ebp - 0x44], eax
+mov eax, dword [edi + 0x24]
+add dword [ebp - 0x44], eax
+mov eax, dword [ebp - 0x8c]
+mov dword [edi + 0x2c], edx
+mov dword [ebp - 0x70], eax
+
+loc_fffb934b: ; not directly referenced
+cmp dword [ebp - 0x90], 1
+jne short loc_fffb936b ; jne 0xfffb936b
+mov eax, dword [ebp - 0x68]
+test ax, ax
+cmove ax, word [ebp - 0x40]
+mov word [ebp - 0x40], 0x3fff
+mov word [ebp - 0x68], ax
+jmp short loc_fffb937d ; jmp 0xfffb937d
+
+loc_fffb936b: ; not directly referenced
+mov ecx, dword [ebp - 0x40]
+mov eax, 0x3fff
+test cx, cx
+cmovne eax, ecx
+mov word [ebp - 0x40], ax
+
+loc_fffb937d: ; not directly referenced
+movzx eax, word [ebp - 0x68]
+movzx edx, word [ebp - 0x40]
+movzx ecx, word [ebp - 0x56]
+test ax, ax
+cmove eax, edx
+push eax
+movzx eax, dx
+push eax
+movzx eax, word [ebp - 0x4c]
+mov edx, esi
+push eax
+movzx eax, byte [ebp - 0x75]
+push eax
+mov eax, ebx
+call fcn_fffa6d61 ; call 0xfffa6d61
+mov ax, word [ebp - 0x4a]
+add esp, 0x10
+add word [esi + 0x30], ax
+add ax, word [esi + 0x34]
+add eax, dword [ebp - 0x44]
+inc byte [ebp - 0x76]
+mov word [esi + 0x34], ax
+mov eax, dword [esi]
+add dword [ebp - 0x6c], eax
+mov eax, dword [esi + 4]
+add dword [ebp - 0x6c], eax
+mov eax, dword [esi + 0x14]
+add dword [ebp - 0x6c], eax
+mov eax, dword [esi + 8]
+add dword [ebp - 0x50], eax
+mov eax, dword [esi + 0x10]
+add dword [ebp - 0x50], eax
+mov eax, dword [esi + 0xc]
+add dword [ebp - 0x50], eax
+mov eax, dword [esi + 0x18]
+add dword [ebp - 0x50], eax
+
+loc_fffb93e9: ; not directly referenced
+inc dword [ebp - 0x54]
+add esi, 0x36
+cmp dword [ebp - 0x54], 4
+jne loc_fffb90cd ; jne 0xfffb90cd
+inc dword [ebp - 0x3c]
+add edi, 0xd8
+add dword [ebp - 0x48], 0x13c3
+cmp dword [ebp - 0x3c], 2
+jne loc_fffb909d ; jne 0xfffb909d
+movzx edi, byte [ebp - 0x76]
+movzx esi, word [ebp - 0x4a]
+mov eax, edi
+test al, al
+mov al, 1
+cmove edi, eax
+xor edx, edx
+mov eax, edi
+movzx ecx, al
+mov eax, dword [ebp - 0x6c]
+div ecx
+xor edx, edx
+add esi, eax
+mov eax, dword [ebp - 0x50]
+div ecx
+cmp byte [ebx + 0x3690], 0
+jne short loc_fffb945c ; jne 0xfffb945c
+mov word [ebx + 0x3693], ax
+mov eax, dword [ebp - 0x44]
+mov word [ebx + 0x3691], si
+mov word [ebx + 0x3695], ax
+jmp short loc_fffb9474 ; jmp 0xfffb9474
+
+loc_fffb945c: ; not directly referenced
+mov word [ebx + 0x3699], ax
+mov eax, dword [ebp - 0x44]
+mov word [ebx + 0x3697], si
+mov word [ebx + 0x369b], ax
+
+loc_fffb9474: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb947c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c0
+mov ebx, dword [ebp + 8]
+lea esi, [ebp - 0x1c8]
+mov eax, dword [ebx + 0x2443]
+push 0
+push 0x1b0
+push esi
+call dword [eax + 0x5c] ; ucall
+mov edx, esi
+mov eax, ebx
+call fcn_fffb8ffd ; call 0xfffb8ffd
+add esp, 0x10
+cmp byte [ebx + 0x3690], 0
+je loc_fffb954f ; je 0xfffb954f
+mov dx, word [ebx + 0x3691]
+xor ecx, ecx
+movzx eax, word [ebx + 0x3697]
+cmp dx, ax
+jbe short loc_fffb94e2 ; jbe 0xfffb94e2
+movzx ecx, dx
+xor edx, edx
+mov edi, ecx
+sub edi, eax
+mov eax, edi
+shl eax, 8
+div ecx
+mov cl, al
+
+loc_fffb94e2: ; not directly referenced
+mov dx, word [ebx + 0x3693]
+xor esi, esi
+movzx eax, word [ebx + 0x3699]
+cmp dx, ax
+jbe short loc_fffb9509 ; jbe 0xfffb9509
+movzx esi, dx
+xor edx, edx
+mov edi, esi
+sub edi, eax
+mov eax, edi
+shl eax, 8
+div esi
+mov esi, eax
+
+loc_fffb9509: ; not directly referenced
+movzx edi, word [ebx + 0x3695]
+xor eax, eax
+movzx edx, word [ebx + 0x369b]
+cmp di, dx
+jbe short loc_fffb9529 ; jbe 0xfffb9529
+mov eax, edi
+sub eax, edx
+xor edx, edx
+shl eax, 8
+div edi
+
+loc_fffb9529: ; not directly referenced
+xor edx, edx
+mov dl, cl
+mov ecx, esi
+movzx eax, al
+mov dh, cl
+mov ecx, edx
+mov edx, 0x59b8
+shl eax, 0x10
+and ecx, 0xff00ffff
+or ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffb9556 ; jmp 0xfffb9556
+
+loc_fffb954f: ; not directly referenced
+mov byte [ebx + 0x3690], 1
+
+loc_fffb9556: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb9560: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+mov ebx, eax
+sub esp, 0x34
+mov dword [ebp - 0x1c], eax
+mov eax, dword [eax + 0x18a7]
+lea edi, [ebx + 0x3756]
+mov byte [ebp - 0x1d], dl
+mov edx, dword [ebx + 0x2480]
+mov eax, dword [ebx + eax*4 + 0x3735]
+push 0
+push 1
+push 0
+push 0
+push 1
+push 0
+mov dword [ebp - 0x30], eax
+shr eax, 1
+mov dword [ebp - 0x28], edx
+xor edx, edx
+mov dword [ebp - 0x2c], eax
+mov eax, ebx
+call fcn_fffb887d ; call 0xfffb887d
+add esp, 0x20
+mov byte [ebp - 0x1e], 2
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x34], eax
+
+loc_fffb95bf: ; not directly referenced
+cmp dword [edi], 2
+jne loc_fffb9676 ; jne 0xfffb9676
+mov al, byte [edi + 0xc4]
+xor ecx, ecx
+mov byte [ebp - 0x1f], al
+
+loc_fffb95d3: ; not directly referenced
+mov eax, 1
+shl eax, cl
+test byte [ebp - 0x1f], al
+je loc_fffb966a ; je 0xfffb966a
+mov al, cl
+inc esi
+shr al, 1
+movzx eax, al
+imul eax, eax, 0x128
+cmp dword [ebp - 0x28], 3
+lea eax, [edi + eax + 0x126b]
+jne short loc_fffb961d ; jne 0xfffb961d
+cmp byte [ebp - 0x1d], 0
+mov ebx, 7
+je short loc_fffb965e ; je 0xfffb965e
+movzx eax, word [eax + 6]
+dec eax
+and eax, 0xf
+sub ebx, eax
+mov eax, 1
+cmove ebx, eax
+jmp short loc_fffb965e ; jmp 0xfffb965e
+
+loc_fffb961d: ; not directly referenced
+cmp dword [ebp - 0x28], 2
+jne short loc_fffb9639 ; jne 0xfffb9639
+cmp byte [ebp - 0x1d], 0
+mov ebx, 7
+je short loc_fffb965e ; je 0xfffb965e
+movzx eax, word [eax + 2]
+and eax, 6
+sub ebx, eax
+jmp short loc_fffb965e ; jmp 0xfffb965e
+
+loc_fffb9639: ; not directly referenced
+cmp byte [ebp - 0x1d], 0
+mov ebx, 6
+je short loc_fffb965e ; je 0xfffb965e
+mov bx, word [eax + 2]
+mov eax, ebx
+shr ax, 5
+and eax, 1
+shr bx, 1
+add eax, eax
+and ebx, 1
+or ebx, eax
+add ebx, 6
+
+loc_fffb965e: ; not directly referenced
+mov eax, 0xf0
+xor edx, edx
+div ebx
+add dword [ebp - 0x24], eax
+
+loc_fffb966a: ; not directly referenced
+add ecx, 2
+cmp ecx, 4
+jne loc_fffb95d3 ; jne 0xfffb95d3
+
+loc_fffb9676: ; not directly referenced
+add edi, 0x13c3
+dec byte [ebp - 0x1e]
+jne loc_fffb95bf ; jne 0xfffb95bf
+mov eax, esi
+mov edi, dword [ebp - 0x34]
+mov ecx, 1
+test al, al
+mov al, 1
+cmove esi, eax
+xor edx, edx
+mov eax, esi
+movzx esi, al
+mov eax, dword [ebp - 0x24]
+div esi
+test eax, eax
+sete bl
+test di, di
+sete dl
+movzx edi, di
+test bl, dl
+mov ebx, dword [ebp - 0x30]
+cmovne eax, ecx
+xor edx, edx
+add edi, eax
+add edi, edi
+imul esi, ebx, 0xfa00
+mov eax, esi
+div edi
+mov edx, dword [ebp - 0x1c]
+movzx edi, word [edx + 0x2489]
+xor edx, edx
+imul edi, edi, 0xc0
+mov esi, eax
+imul eax, ebx, 0x7d00
+div edi
+mov edx, dword [ebp - 0x1c]
+mov edi, 0x64
+imul eax, eax, 0x3e8
+lea ebx, [esi + eax]
+movzx esi, word [edx + 0x1902]
+xor edx, edx
+sub esi, dword [ebp - 0x2c]
+shr ebx, 5
+imul eax, esi, 0x3e8
+div edi
+mov di, 0xc8
+xor edx, edx
+mov esi, eax
+imul eax, dword [ebp - 0x2c], 0x3e8
+div edi
+test esi, esi
+cmove esi, ecx
+mov edi, ecx
+mov edx, 0x3a28
+test eax, eax
+cmovne edi, eax
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae52a ; call 0xfffae52a
+xor edx, edx
+mov ecx, eax
+mov eax, ebx
+div edi
+mov edi, 0xf
+add eax, eax
+cmp eax, 0xf
+cmovbe edi, eax
+mov eax, ebx
+xor edx, edx
+and edi, 0xf
+div esi
+and ecx, 0xfffe00ff
+mov esi, dword [ebp - 0x1c]
+mov edx, 0x1f
+shl edi, 8
+lea ebx, [eax + eax]
+mov eax, esi
+cmp ebx, 0x1f
+cmovbe edx, ebx
+or ecx, edi
+and edx, 0x1f
+shl edx, 0xc
+or ecx, edx
+mov edx, 0x3a28
+and ecx, 0xff0fffff
+or ecx, 0x800000
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x5f08
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5f08
+or ah, 1
+mov ecx, eax
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+lea esp, [ebp - 0xc]
+mov eax, esi
+pop ebx
+mov edx, 0xe1
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffa834b ; jmp 0xfffa834b
+
+fcn_fffb97c0: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov bl, cl
+sub esp, 0xb0
+mov esi, dword [ebp + 0x10]
+mov cl, byte [ebp + 0x14]
+mov dword [ebp - 0x74], eax
+mov dword [ebp - 0x6c], esi
+mov esi, dword [ebp + 0x20]
+mov byte [ebp - 0x8a], cl
+mov ecx, esi
+mov byte [ebp - 0x9b], cl
+mov cl, byte [ebp + 0x28]
+mov dword [ebp - 0x94], esi
+mov esi, dword [eax + 0x2443]
+mov byte [ebp - 0x8c], cl
+mov ecx, eax
+movzx eax, dl
+mov dword [ebp - 0x90], eax
+imul eax, eax, 0x13c3
+lea edi, [ecx + eax + 0x3756]
+mov eax, dword [edi + 0xc0]
+mov dword [ebp - 0x98], eax
+mov eax, dword [ecx + 0x188b]
+push 0
+push 0x36
+mov dword [ebp - 0x7c], eax
+lea eax, [ebp - 0x4e]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 4
+lea eax, [ebp - 0x5e]
+push eax
+call dword [esi + 0x60] ; ucall
+add esp, 0xc
+push 0xffff
+push 4
+lea eax, [ebp - 0x56]
+push eax
+call dword [esi + 0x60] ; ucall
+add esp, 0x10
+cmp dword [ebp - 0x7c], 1
+mov dword [ebp - 0x88], 0
+jne short loc_fffb9893 ; jne 0xfffb9893
+cmp byte [edi + 0x1390], 5
+mov al, byte [edi + 0x1268]
+je short loc_fffb9889 ; je 0xfffb9889
+cmp al, 5
+sete al
+movzx eax, al
+mov dword [ebp - 0x88], eax
+jmp short loc_fffb9893 ; jmp 0xfffb9893
+
+loc_fffb9889: ; not directly referenced
+mov dword [ebp - 0x88], 1
+
+loc_fffb9893: ; not directly referenced
+movzx eax, byte [ebp - 0x6c]
+mov esi, dword [ebp + 0xc]
+mov word [ebp - 0x6c], 0
+mov byte [ebp - 0x8b], 0
+mov edi, eax
+mov dword [ebp - 0xa0], eax
+movzx eax, byte [ebp - 0x94]
+mov word [ebp - 0x6e], 0xffff
+mov word [ebp - 0x70], 0
+imul eax, edi
+add edi, edi
+mov dword [ebp - 0xa4], edi
+lea eax, [esi + eax*2]
+mov esi, dword [ebp - 0x90]
+mov dword [ebp - 0x80], eax
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x84], eax
+mov eax, esi
+add eax, esi
+mov dword [ebp - 0xa8], eax
+movzx eax, bl
+mov dword [ebp - 0xac], eax
+
+loc_fffb98f5: ; not directly referenced
+mov al, byte [ebp - 0x8a]
+mov bl, byte [ebp - 0x8b]
+cmp bl, al
+je loc_fffb9ad4 ; je 0xfffb9ad4
+movzx eax, bl
+mov ebx, dword [ebp + 0xc]
+xor ecx, ecx
+lea ebx, [ebx + eax*2]
+xor eax, eax
+
+loc_fffb9916: ; not directly referenced
+cmp byte [ebp - 0x9b], al
+jbe short loc_fffb9943 ; jbe 0xfffb9943
+mov dx, word [ebx + ecx]
+cmp word [ebp + eax*2 - 0x5e], dx
+jae short loc_fffb992e ; jae 0xfffb992e
+mov word [ebp + eax*2 - 0x5e], dx
+
+loc_fffb992e: ; not directly referenced
+cmp word [ebp + eax*2 - 0x56], dx
+jbe short loc_fffb993a ; jbe 0xfffb993a
+mov word [ebp + eax*2 - 0x56], dx
+
+loc_fffb993a: ; not directly referenced
+inc eax
+add ecx, dword [ebp - 0xa4]
+jmp short loc_fffb9916 ; jmp 0xfffb9916
+
+loc_fffb9943: ; not directly referenced
+cmp dword [ebp + 0x24], 0
+jne loc_fffb9a87 ; jne 0xfffb9a87
+mov edi, dword [ebp - 0x84]
+xor esi, esi
+xor ebx, ebx
+mov eax, dword [ebp - 0x74]
+movsx edx, byte [edi + 8]
+call fcn_fffa6cfe ; call 0xfffa6cfe
+add edi, dword [ebp - 0xa8]
+mov byte [ebp - 0x89], 0
+mov byte [ebp - 0x78], 0
+mov word [ebp - 0x9a], ax
+
+loc_fffb997b: ; not directly referenced
+mov eax, dword [ebp - 0xac]
+bt eax, esi
+jae short loc_fffb9a00 ; jae 0xfffb9a00
+push eax
+mov edx, dword [ebp - 0x90]
+push eax
+mov eax, dword [ebp - 0x74]
+push 0
+push 1
+push 0
+push 0
+push 9
+lea ecx, [esi + esi]
+push 0
+call fcn_fffb887d ; call 0xfffb887d
+movzx edx, byte [edi + esi + 4]
+add esp, 0x20
+add byte [ebp - 0x78], al
+movzx ecx, byte [edx + ref_fffd58b8] ; movzx ecx, byte [edx - 0x2a748]
+movzx eax, byte [edi + esi]
+cmp dword [ebp - 0x98], 1
+mov word [ebp - 0x6c], cx
+movzx eax, byte [eax + ref_fffd58b8] ; movzx eax, byte [eax - 0x2a748]
+jne short loc_fffb99e0 ; jne 0xfffb99e0
+test cx, cx
+cmovne eax, ecx
+mov word [ebp - 0x6c], ax
+mov eax, 0x3fff
+jmp short loc_fffb99eb ; jmp 0xfffb99eb
+
+loc_fffb99e0: ; not directly referenced
+test ax, ax
+mov edx, 0x3fff
+cmove eax, edx
+
+loc_fffb99eb: ; not directly referenced
+mov ecx, dword [ebp - 0x6c]
+test cx, cx
+cmove ecx, eax
+add ebx, eax
+inc byte [ebp - 0x89]
+mov word [ebp - 0x6c], cx
+
+loc_fffb9a00: ; not directly referenced
+inc esi
+cmp esi, 2
+jne loc_fffb997b ; jne 0xfffb997b
+cmp byte [ebp - 0x89], 0
+je short loc_fffb9a32 ; je 0xfffb9a32
+movzx esi, byte [ebp - 0x89]
+movzx eax, bx
+cdq
+mov ebx, esi
+movzx ecx, bl
+idiv ecx
+mov ecx, esi
+mov ebx, eax
+movzx eax, byte [ebp - 0x78]
+div cl
+mov byte [ebp - 0x78], al
+
+loc_fffb9a32: ; not directly referenced
+lea eax, [ebx - 0x79]
+mov ecx, 0x1e
+cmp ax, 0x3f85
+mov eax, 0xf0
+cmovbe ebx, eax
+movzx eax, word [ebp - 0x6c]
+movzx ebx, bx
+lea edx, [ebp - 0x4e]
+lea esi, [ebp - 0x4e]
+push eax
+movzx eax, word [ebp - 0x9a]
+push ebx
+push eax
+movzx eax, byte [ebp - 0x78]
+push eax
+mov eax, dword [ebp - 0x74]
+call fcn_fffa6d61 ; call 0xfffa6d61
+mov ax, word [ebp - 0x1a]
+mov ecx, 0x36
+mov edi, dword [ebp - 0x80]
+add esp, 0x10
+mov word [edi], ax
+mov eax, dword [ebp - 0x84]
+lea edi, [eax + 0xd]
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+
+loc_fffb9a87: ; not directly referenced
+mov eax, dword [ebp - 0x80]
+cmp byte [ebp - 0x8a], 1
+mov ax, word [eax]
+je short loc_fffb9ab1 ; je 0xfffb9ab1
+mov edx, dword [ebp - 0x70]
+mov bx, word [ebp - 0x6e]
+cmp ax, dx
+cmovae edx, eax
+cmp bx, ax
+cmovbe eax, ebx
+mov word [ebp - 0x6e], ax
+mov eax, edx
+jmp short loc_fffb9ab7 ; jmp 0xfffb9ab7
+
+loc_fffb9ab1: ; not directly referenced
+mov word [ebp - 0x6e], 0
+
+loc_fffb9ab7: ; not directly referenced
+inc byte [ebp - 0x8b]
+add dword [ebp - 0x80], 2
+add dword [ebp - 0x84], 0x54e
+mov word [ebp - 0x70], ax
+jmp near loc_fffb98f5 ; jmp 0xfffb98f5
+
+loc_fffb9ad4: ; not directly referenced
+mov edi, dword [ebp - 0x94]
+mov al, 4
+mov word [ebp - 0x6c], 0x7fff
+mov word [ebp - 0x80], 0
+mov ebx, edi
+cmp bl, 4
+cmovbe eax, edi
+xor edi, edi
+mov byte [ebp - 0x78], al
+mov eax, dword [ebp - 0x88]
+xor eax, 1
+and eax, 1
+mov byte [ebp - 0x89], al
+
+loc_fffb9b07: ; not directly referenced
+mov eax, edi
+cmp byte [ebp - 0x78], al
+jbe loc_fffb9bd4 ; jbe 0xfffb9bd4
+mov si, word [ebp + edi*2 - 0x5e]
+add word [ebp - 0x80], si
+cmp byte [ebp - 0x8c], 6
+mov eax, dword [ebp + 0x18]
+sete dl
+cmp dword [ebp - 0x7c], 1
+mov cl, byte [eax + edi]
+sete al
+xor ebx, ebx
+test dl, al
+je short loc_fffb9b43 ; je 0xfffb9b43
+cmp cl, 1
+mov eax, 0x28
+cmove ebx, eax
+
+loc_fffb9b43: ; not directly referenced
+cmp byte [ebp - 0x8c], 8
+setne dl
+cmp dword [ebp - 0x7c], 1
+setne al
+or dl, al
+jne short loc_fffb9b6c ; jne 0xfffb9b6c
+cmp cl, 2
+setne al
+or al, byte [ebp - 0x89]
+mov eax, 0x50
+cmove ebx, eax
+
+loc_fffb9b6c: ; not directly referenced
+movzx eax, si
+mov esi, dword [ebp + 0x1c]
+cdq
+movzx esi, byte [esi + edi]
+idiv esi
+movzx esi, cl
+mov edx, esi
+xor ecx, ecx
+mov dword [ebp - 0x84], esi
+mov dword [ebp - 0x88], eax
+mov eax, dword [ebp - 0x74]
+call fcn_fffb13cf ; call 0xfffb13cf
+mov edx, dword [ebp - 0x84]
+mov ecx, 1
+movzx esi, ax
+mov eax, dword [ebp - 0x74]
+call fcn_fffb13cf ; call 0xfffb13cf
+mov edx, dword [ebp - 0x88]
+sub edx, esi
+imul edx, edx, 0x64
+movzx eax, ax
+add ebx, eax
+sub ebx, esi
+mov eax, edx
+cdq
+idiv ebx
+mov ebx, dword [ebp - 0x6c]
+cmp bx, ax
+cmovle eax, ebx
+inc edi
+mov word [ebp - 0x6c], ax
+jmp near loc_fffb9b07 ; jmp 0xfffb9b07
+
+loc_fffb9bd4: ; not directly referenced
+movzx eax, word [ebp - 0x80]
+mov ebx, 0x64
+movzx ecx, byte [ebp - 0x78]
+cdq
+idiv ecx
+mov dword [ebp - 0x74], eax
+movsx eax, word [ebp - 0x6c]
+imul eax, eax, 0x41
+cdq
+idiv ebx
+xor bl, bl
+movzx edi, ax
+cmp ax, 0x64
+jbe short loc_fffb9c04 ; jbe 0xfffb9c04
+lea ebx, [eax - 0x64]
+mov edi, 0x64
+
+loc_fffb9c04: ; not directly referenced
+imul ecx, dword [ebp - 0xa0]
+movzx ebx, bx
+mov eax, dword [ebp + 0xc]
+lea esi, [eax + ecx*2]
+xor ecx, ecx
+lea eax, [edi + ebx]
+mov dword [ebp - 0x7c], eax
+movzx eax, word [ebp - 0x6e]
+mov dword [ebp - 0x80], eax
+movzx eax, word [ebp - 0x70]
+mov dword [ebp - 0x84], eax
+
+loc_fffb9c2d: ; not directly referenced
+cmp byte [ebp - 0x8a], cl
+jbe short loc_fffb9c93 ; jbe 0xfffb9c93
+cmp word [ebp - 0x6c], 0
+jns short loc_fffb9c44 ; jns 0xfffb9c44
+mov word [esi + ecx*2], 1
+jmp short loc_fffb9c90 ; jmp 0xfffb9c90
+
+loc_fffb9c44: ; not directly referenced
+mov ax, word [ebp - 0x6e]
+cmp word [ebp - 0x70], ax
+je short loc_fffb9c68 ; je 0xfffb9c68
+movzx eax, word [esi + ecx*2]
+sub eax, dword [ebp - 0x80]
+imul eax, eax, 0x64
+cdq
+idiv dword [ebp - 0x84]
+mov edx, 0x64
+sub edx, eax
+jmp short loc_fffb9c6a ; jmp 0xfffb9c6a
+
+loc_fffb9c68: ; not directly referenced
+xor edx, edx
+
+loc_fffb9c6a: ; not directly referenced
+movzx edx, dx
+mov ebx, 0x64
+imul edx, dword [ebp - 0x7c]
+mov eax, ebx
+sub eax, edi
+mov dword [ebp - 0x78], eax
+mov eax, edx
+cdq
+idiv ebx
+add eax, dword [ebp - 0x78]
+imul eax, dword [ebp - 0x74]
+cdq
+idiv ebx
+mov word [esi + ecx*2], ax
+
+loc_fffb9c90: ; not directly referenced
+inc ecx
+jmp short loc_fffb9c2d ; jmp 0xfffb9c2d
+
+loc_fffb9c93: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffb9c9b: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3d0
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x5edc]
+mov dword [ebp - 0x344], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2443]
+push 0x20
+push 0x200
+mov edi, eax
+mov dword [ebp - 0x38c], eax
+lea eax, [ebp - 0x218]
+push eax
+mov eax, edi
+call dword [eax + 0x5c] ; ucall
+mov eax, dword [ebp + 8]
+add esp, 0x10
+mov al, byte [eax + 0x248d]
+mov byte [ebp - 0x3c8], al
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x248e]
+mov byte [ebp - 0x348], al
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 3
+jne loc_fffbb0bf ; jne 0xfffbb0bf
+mov eax, dword [eax + 0x5edc]
+lea edi, [ebp - 0x260]
+mov esi, ref_fffd58c0 ; mov esi, 0xfffd58c0
+mov ecx, 6
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea ebx, [ebp - 0x2a8]
+mov esi, 1
+mov dword [ebp - 0x33c], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2443]
+push edi
+push 0
+push 0x10
+push ebx
+lea edi, [ebp - 0x298]
+mov dword [ebp - 0x340], eax
+call dword [eax + 0x5c] ; ucall
+mov eax, dword [ebp + 8]
+add esp, 0xc
+lea edx, [ebp - 0x2c8]
+mov byte [ebp - 0x2a7], 1
+mov eax, dword [eax + 0x2443]
+push 0
+push 0xc
+push edx
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+
+loc_fffb9d76: ; not directly referenced
+movzx eax, byte [ebx]
+xor ecx, ecx
+mov dword [ebp - 0x344], eax
+
+loc_fffb9d81: ; not directly referenced
+mov eax, dword [ebp + ecx*4 - 0x2c8]
+mov edx, eax
+add eax, eax
+and edx, 0x8000
+movzx eax, ax
+shr edx, 0xf
+or eax, edx
+mov edx, esi
+shl edx, cl
+and edx, dword [ebp - 0x344]
+sar edx, cl
+or eax, edx
+mov dword [ebp + ecx*4 - 0x2c8], eax
+inc ecx
+cmp ecx, 3
+jne short loc_fffb9d81 ; jne 0xfffb9d81
+inc ebx
+cmp ebx, edi
+jne short loc_fffb9d76 ; jne 0xfffb9d76
+lea eax, [ebp - 0x2c8]
+lea ebx, [ebp - 0x2bc]
+
+loc_fffb9dc6: ; not directly referenced
+mov edx, dword [eax]
+add eax, 4
+mov ecx, edx
+add edx, edx
+and ecx, 0x8000
+movzx edx, dx
+shr ecx, 0xf
+or edx, ecx
+mov dword [eax - 4], edx
+cmp eax, ebx
+jne short loc_fffb9dc6 ; jne 0xfffb9dc6
+mov edi, dword [ebp - 0x33c]
+xor ebx, ebx
+add edi, 0x1c
+
+loc_fffb9def: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov esi, dword [ebp + 8]
+test byte [esi + eax + 0x381a], 1
+jne short loc_fffb9e21 ; jne 0xfffb9e21
+
+loc_fffb9e02: ; not directly referenced
+inc ebx
+add edi, 0xcc
+cmp ebx, 2
+jne short loc_fffb9def ; jne 0xfffb9def
+mov byte [ebp - 0x340], 0
+mov byte [ebp - 0x33c], 0
+jmp near loc_fffb9f6f ; jmp 0xfffb9f6f
+
+loc_fffb9e21: ; not directly referenced
+imul eax, ebx, 0x54a
+push esi
+mov esi, dword [ebp + 8]
+push 0xff
+push 0x40
+lea eax, [esi + eax + 0x1e69]
+push eax
+mov eax, dword [ebp - 0x340]
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+mov byte [ebp - 0x33c], 0
+
+loc_fffb9e4d: ; not directly referenced
+mov esi, dword [ebp + 8]
+mov al, byte [ebp - 0x33c]
+cmp al, byte [esi + 0x2488]
+jae short loc_fffb9e8a ; jae 0xfffb9e8a
+movzx ecx, byte [ebp - 0x33c]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+mov esi, dword [edi + ecx*4 + 0x28]
+call fcn_fffa720e ; call 0xfffa720e
+or esi, 0x60
+mov ecx, esi
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x33c]
+jmp short loc_fffb9e4d ; jmp 0xfffb9e4d
+
+loc_fffb9e8a: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, ebx
+mov esi, dword [edi]
+call fcn_fffa7288 ; call 0xfffa7288
+or esi, 0x1000008
+mov ecx, esi
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+sub esp, 0xc
+mov cl, bl
+mov edx, 1
+shl edx, cl
+mov ecx, 1
+push 0
+call fcn_fffd2c53 ; call 0xfffd2c53
+add esp, 0x10
+test eax, eax
+je loc_fffb9e02 ; je 0xfffb9e02
+jmp near loc_fffbb9fc ; jmp 0xfffbb9fc
+
+loc_fffb9ed8: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+test byte [edi + eax + 0x381a], 1
+je short loc_fffb9f26 ; je 0xfffb9f26
+sub esp, 0xc
+mov cl, bl
+push dword [ebp - 0x2c0]
+mov eax, 1
+push dword [ebp - 0x2c4]
+mov edx, ebx
+push dword [ebp - 0x2c8]
+shl eax, cl
+xor ecx, ecx
+or byte [ebp - 0x340], al
+lea eax, [ebp - 0x260]
+push 2
+push eax
+mov eax, edi
+call fcn_fffd2b18 ; call 0xfffd2b18
+add esp, 0x20
+
+loc_fffb9f26: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffb9ed8 ; jne 0xfffb9ed8
+movzx edx, byte [ebp - 0x340]
+xor edi, edi
+mov eax, dword [ebp + 8]
+call fcn_fffd2a2c ; call 0xfffd2a2c
+
+loc_fffb9f3d: ; not directly referenced
+imul eax, edi, 0x13c3
+mov esi, dword [ebp + 8]
+mov dword [ebp - 0x348], eax
+test byte [esi + eax + 0x381a], 1
+jne short loc_fffb9fb2 ; jne 0xfffb9fb2
+
+loc_fffb9f56: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffb9f3d ; jne 0xfffb9f3d
+inc byte [ebp - 0x33c]
+cmp byte [ebp - 0x33c], 8
+je loc_fffba085 ; je 0xfffba085
+
+loc_fffb9f6f: ; not directly referenced
+mov dl, byte [ebp - 0x33c]
+mov ebx, 1
+mov eax, ebx
+shr dl, 1
+movzx ecx, dl
+add ecx, 5
+shl eax, cl
+mov cl, dl
+shl ebx, cl
+mov cl, byte [ebp - 0x33c]
+xor edx, edx
+or eax, ebx
+mov ebx, edx
+and cl, 1
+cmove ebx, eax
+cmove eax, edx
+mov dword [ebp - 0x254], ebx
+xor ebx, ebx
+mov dword [ebp - 0x250], eax
+jmp near loc_fffb9ed8 ; jmp 0xfffb9ed8
+
+loc_fffb9fb2: ; not directly referenced
+imul eax, edi, 0x54a
+mov esi, dword [ebp + 8]
+xor ebx, ebx
+lea eax, [esi + eax + 0x196b]
+mov dword [ebp - 0x344], eax
+
+loc_fffb9fca: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp bl, byte [eax + 0x2488]
+jae short loc_fffba026 ; jae 0xfffba026
+mov ecx, dword [ebp + 8]
+movzx esi, bl
+mov edx, dword [ebp - 0x348]
+mov eax, dword [ebp - 0x344]
+cmp byte [ecx + edx + 0x49ba], 0x20
+mov al, byte [eax + esi + 0x4f6]
+jne short loc_fffba006 ; jne 0xfffba006
+test al, 2
+je short loc_fffba006 ; je 0xfffba006
+mov byte [ebp + esi - 0x2e8], 0
+jmp short loc_fffba023 ; jmp 0xfffba023
+
+loc_fffba006: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, esi
+mov edx, edi
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+mov byte [ebp + esi - 0x2e8], al
+
+loc_fffba023: ; not directly referenced
+inc ebx
+jmp short loc_fffb9fca ; jmp 0xfffb9fca
+
+loc_fffba026: ; not directly referenced
+xor edx, edx
+
+loc_fffba028: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dl, byte [eax + 0x2488]
+jae loc_fffb9f56 ; jae 0xfffb9f56
+movzx eax, dl
+mov al, byte [ebp + eax - 0x2e8]
+test al, al
+je short loc_fffba082 ; je 0xfffba082
+xor ebx, ebx
+xor ecx, ecx
+xor esi, esi
+
+loc_fffba04b: ; not directly referenced
+test al, 1
+je short loc_fffba05a ; je 0xfffba05a
+test esi, esi
+jne short loc_fffba05f ; jne 0xfffba05f
+movzx ebx, cl
+mov si, 1
+
+loc_fffba05a: ; not directly referenced
+inc ecx
+shr al, 1
+jne short loc_fffba04b ; jne 0xfffba04b
+
+loc_fffba05f: ; not directly referenced
+mov esi, dword [ebp - 0x344]
+movzx eax, dl
+lea ecx, [esi + eax*8]
+mov al, byte [esi + eax + 0x4f6]
+mov esi, dword [ebp - 0x33c]
+lea eax, [esi + eax*8]
+mov byte [ebx + ecx + 0x4fe], al
+
+loc_fffba082: ; not directly referenced
+inc edx
+jmp short loc_fffba028 ; jmp 0xfffba028
+
+loc_fffba085: ; not directly referenced
+mov eax, dword [ebp + 8]
+test byte [eax + 0x381a], 1
+jne short loc_fffba09f ; jne 0xfffba09f
+
+loc_fffba091: ; not directly referenced
+mov eax, dword [ebp + 8]
+test byte [eax + 0x4bdd], 1
+je short loc_fffba0e4 ; je 0xfffba0e4
+jmp short loc_fffba0c2 ; jmp 0xfffba0c2
+
+loc_fffba09f: ; not directly referenced
+mov eax, dword [ebp + 8]
+sub esp, 0xc
+mov ecx, 1
+push 2
+mov edx, 1
+call fcn_fffd2c53 ; call 0xfffd2c53
+add esp, 0x10
+test eax, eax
+je short loc_fffba091 ; je 0xfffba091
+jmp near loc_fffbb9fc ; jmp 0xfffbb9fc
+
+loc_fffba0c2: ; not directly referenced
+mov eax, dword [ebp + 8]
+sub esp, 0xc
+mov ecx, 1
+push 2
+mov edx, 2
+call fcn_fffd2c53 ; call 0xfffd2c53
+add esp, 0x10
+test eax, eax
+jne loc_fffbb9fc ; jne 0xfffbb9fc
+
+loc_fffba0e4: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov esi, dword [eax + 0x5edc]
+mov ebx, dword [eax + 0x2443]
+mov al, byte [eax + 0x248d]
+push ecx
+push 0x7f
+push 0x48
+mov byte [ebp - 0x34c], al
+lea eax, [ebp - 0x2a8]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x48
+lea eax, [ebp - 0x260]
+push eax
+call dword [ebx + 0x5c] ; ucall
+lea eax, [esi + 0x1c]
+add esp, 0x10
+mov dword [ebp - 0x340], eax
+mov esi, eax
+xor ebx, ebx
+
+loc_fffba12f: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffba1a9 ; jne 0xfffba1a9
+mov byte [ebp - 0x33c], 0
+
+loc_fffba149: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x33c]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffba186 ; jae 0xfffba186
+movzx ecx, byte [ebp - 0x33c]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+mov edi, dword [esi + ecx*4 + 0x28]
+call fcn_fffa720e ; call 0xfffa720e
+or edi, 0x60
+mov ecx, edi
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x33c]
+jmp short loc_fffba149 ; jmp 0xfffba149
+
+loc_fffba186: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, ebx
+mov edi, dword [esi]
+call fcn_fffa7288 ; call 0xfffa7288
+or edi, 0x1000008
+mov ecx, edi
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffba1a9: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+jne loc_fffba12f ; jne 0xfffba12f
+xor edi, edi
+
+loc_fffba1bb: ; not directly referenced
+mov ebx, 1
+mov ecx, edi
+shl ebx, cl
+test byte [ebp - 0x34c], bl
+jne short loc_fffba1df ; jne 0xfffba1df
+
+loc_fffba1cc: ; not directly referenced
+inc edi
+cmp edi, 4
+jne short loc_fffba1bb ; jne 0xfffba1bb
+mov esi, dword [ebp - 0x340]
+xor ebx, ebx
+jmp near loc_fffba2d9 ; jmp 0xfffba2d9
+
+loc_fffba1df: ; not directly referenced
+xor esi, esi
+
+loc_fffba1e1: ; not directly referenced
+imul eax, esi, 0x13c3
+mov ecx, dword [ebp + 8]
+mov byte [ebp - 0x33c], bl
+test byte [ecx + eax + 0x381a], bl
+je short loc_fffba241 ; je 0xfffba241
+mov eax, dword [ebp + 8]
+sub esp, 0xc
+mov ecx, esi
+mov edx, 1
+shl edx, cl
+mov ecx, ebx
+push 0
+call fcn_fffd2c53 ; call 0xfffd2c53
+add esp, 0x10
+test eax, eax
+jne loc_fffba7d0 ; jne 0xfffba7d0
+sub esp, 0xc
+mov eax, dword [ebp + 8]
+mov ecx, edi
+push 0
+mov edx, esi
+push 0x4000
+push 0x3000
+push 4
+push ref_fffd665c ; push 0xfffd665c
+call fcn_fffd2b18 ; call 0xfffd2b18
+add esp, 0x20
+
+loc_fffba241: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffba1e1 ; jne 0xfffba1e1
+push eax
+mov ecx, 0x7f
+push eax
+mov edx, edi
+lea eax, [ebp - 0x2a8]
+xor si, si
+push eax
+mov eax, dword [ebp + 8]
+push 2
+call fcn_fffd2f8e ; call 0xfffd2f8e
+xor ecx, ecx
+pop eax
+pop edx
+mov edx, edi
+lea eax, [ebp - 0x260]
+push eax
+mov eax, dword [ebp + 8]
+push 0xfffffffffffffffe
+call fcn_fffd2f8e ; call 0xfffd2f8e
+add esp, 0x10
+
+loc_fffba27e: ; not directly referenced
+imul eax, esi, 0x13c3
+mov ecx, dword [ebp + 8]
+mov dl, byte [ebp - 0x33c]
+test byte [ecx + eax + 0x381a], dl
+jne short loc_fffba2a1 ; jne 0xfffba2a1
+
+loc_fffba296: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffba27e ; jne 0xfffba27e
+jmp near loc_fffba1cc ; jmp 0xfffba1cc
+
+loc_fffba2a1: ; not directly referenced
+push eax
+push 1
+push 0x40
+push 1
+push 3
+push 4
+push esi
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp + 8]
+add esp, 0x14
+mov ecx, esi
+mov edx, 1
+shl edx, cl
+mov ecx, ebx
+push 2
+call fcn_fffd2c53 ; call 0xfffd2c53
+add esp, 0x10
+test eax, eax
+je short loc_fffba296 ; je 0xfffba296
+jmp near loc_fffba7d0 ; jmp 0xfffba7d0
+
+loc_fffba2d9: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x3756], 2
+je short loc_fffba369 ; je 0xfffba369
+
+loc_fffba2ec: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+jne short loc_fffba2d9 ; jne 0xfffba2d9
+mov eax, dword [ebp + 8]
+lea esi, [ebp - 0x2e8]
+lea ebx, [ebp - 0x2c8]
+mov edi, dword [eax + 0x2443]
+push ecx
+push 0x7f
+push 0x10
+push esi
+call dword [edi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+lea edx, [ebp - 0x308]
+push 0x10
+push edx
+mov dword [ebp - 0x33c], edx
+call dword [edi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x10
+push ebx
+call dword [edi + 0x5c] ; ucall
+mov edx, dword [ebp - 0x33c]
+lea eax, [ebp - 0x260]
+mov dword [ebp - 0x378], eax
+lea eax, [ebp - 0x2a8]
+add esp, 0x10
+mov dword [ebp - 0x368], eax
+xor edi, edi
+mov dword [ebp - 0x3a8], esi
+mov dword [ebp - 0x3b8], edx
+jmp short loc_fffba3c9 ; jmp 0xfffba3c9
+
+loc_fffba369: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [esi]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov byte [ebp - 0x33c], 0
+
+loc_fffba38b: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x33c]
+cmp al, byte [edi + 0x2488]
+jae loc_fffba2ec ; jae 0xfffba2ec
+movzx edi, byte [ebp - 0x33c]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+mov ecx, edi
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [esi + edi*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x33c]
+jmp short loc_fffba38b ; jmp 0xfffba38b
+
+loc_fffba3c9: ; not directly referenced
+imul eax, edi, 0x13c3
+mov esi, dword [ebp + 8]
+cmp dword [esi + eax + 0x3756], 2
+jne loc_fffba5cf ; jne 0xfffba5cf
+imul edx, edi, 0x54a
+mov dword [ebp - 0x344], 0
+lea esi, [esi + edx + 0x196b]
+mov dword [ebp - 0x358], esi
+mov esi, dword [ebp + 8]
+mov al, byte [esi + eax + 0x381a]
+mov byte [ebp - 0x354], al
+lea eax, [edi*4]
+mov dword [ebp - 0x38c], eax
+mov eax, dword [ebp - 0x368]
+mov dword [ebp - 0x350], eax
+mov eax, dword [ebp - 0x378]
+mov dword [ebp - 0x348], eax
+
+loc_fffba432: ; not directly referenced
+mov cl, byte [ebp - 0x344]
+mov eax, 1
+shl eax, cl
+test byte [ebp - 0x354], al
+je loc_fffba51a ; je 0xfffba51a
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x33c], 0
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x388], al
+mov eax, dword [ebp - 0x344]
+add eax, dword [ebp - 0x38c]
+add eax, eax
+lea esi, [ebp + eax - 0x2c8]
+mov dword [ebp - 0x390], esi
+mov esi, dword [ebp - 0x3b8]
+add esi, eax
+mov dword [ebp - 0x340], esi
+mov esi, dword [ebp - 0x3a8]
+add esi, eax
+
+loc_fffba495: ; not directly referenced
+xor eax, eax
+
+loc_fffba497: ; not directly referenced
+cmp byte [ebp - 0x388], al
+jbe short loc_fffba4df ; jbe 0xfffba4df
+mov edx, dword [ebp - 0x358]
+mov ecx, dword [ebp - 0x33c]
+movzx edx, byte [edx + ecx + 0x53e]
+bt edx, eax
+jae short loc_fffba4dc ; jae 0xfffba4dc
+mov edx, dword [ebp - 0x350]
+mov dl, byte [edx + eax]
+cmp byte [esi], dl
+jbe short loc_fffba4c7 ; jbe 0xfffba4c7
+mov byte [esi], dl
+
+loc_fffba4c7: ; not directly referenced
+mov edx, dword [ebp - 0x348]
+mov ecx, dword [ebp - 0x340]
+mov dl, byte [edx + eax]
+cmp byte [ecx], dl
+jae short loc_fffba4dc ; jae 0xfffba4dc
+mov byte [ecx], dl
+
+loc_fffba4dc: ; not directly referenced
+inc eax
+jmp short loc_fffba497 ; jmp 0xfffba497
+
+loc_fffba4df: ; not directly referenced
+movzx eax, byte [esi]
+inc esi
+mov ecx, dword [ebp - 0x33c]
+inc dword [ebp - 0x33c]
+mov edx, eax
+mov eax, dword [ebp - 0x340]
+inc dword [ebp - 0x340]
+movzx eax, byte [eax]
+add eax, edx
+mov edx, dword [ebp - 0x390]
+sar eax, 1
+cmp dword [ebp - 0x33c], 2
+mov byte [edx + ecx], al
+jne loc_fffba495 ; jne 0xfffba495
+
+loc_fffba51a: ; not directly referenced
+inc dword [ebp - 0x344]
+add dword [ebp - 0x348], 9
+add dword [ebp - 0x350], 9
+cmp dword [ebp - 0x344], 4
+jne loc_fffba432 ; jne 0xfffba432
+xor ecx, ecx
+xor edx, edx
+mov esi, 1
+
+loc_fffba544: ; not directly referenced
+mov eax, esi
+shl eax, cl
+test byte [ebp - 0x354], al
+je short loc_fffba561 ; je 0xfffba561
+mov al, byte [ebx + ecx*2 + 1]
+inc edx
+sub al, byte [ebx + ecx*2]
+mov byte [ebp + ecx - 0x328], al
+jmp short loc_fffba569 ; jmp 0xfffba569
+
+loc_fffba561: ; not directly referenced
+mov byte [ebp + ecx - 0x328], 0
+
+loc_fffba569: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffba544 ; jne 0xfffba544
+xor ecx, ecx
+test dl, dl
+je short loc_fffba58d ; je 0xfffba58d
+movsx ecx, byte [ebp - 0x328]
+movsx eax, byte [ebp - 0x327]
+add eax, ecx
+movzx ecx, dl
+cdq
+idiv ecx
+mov cl, al
+
+loc_fffba58d: ; not directly referenced
+mov dl, 2
+movsx ax, cl
+idiv dl
+movzx edx, byte [ebx]
+neg eax
+add eax, 0x40
+add ecx, eax
+mov byte [ebp + edi*2 - 0x330], al
+movzx eax, byte [ebx + 1]
+mov byte [ebp + edi*2 - 0x32f], cl
+add eax, edx
+movzx edx, byte [ebx + 2]
+sar eax, 1
+mov byte [ebp + edi*2 - 0x338], al
+movzx eax, byte [ebx + 3]
+add eax, edx
+sar eax, 1
+mov byte [ebp + edi*2 - 0x337], al
+
+loc_fffba5cf: ; not directly referenced
+inc edi
+add ebx, 8
+add dword [ebp - 0x378], 0x24
+add dword [ebp - 0x368], 0x24
+cmp edi, 2
+jne loc_fffba3c9 ; jne 0xfffba3c9
+mov eax, dword [ebp + 8]
+xor ebx, ebx
+mov dword [ebp - 0x344], 0
+lea esi, [eax + 0x3756]
+lea eax, [ebp - 0x330]
+mov dword [ebp - 0x350], eax
+mov eax, dword [ebp + 8]
+add eax, 0x196b
+mov dword [ebp - 0x340], eax
+lea eax, [ebp - 0x338]
+mov dword [ebp - 0x348], eax
+movzx eax, byte [ebp - 0x34c]
+mov dword [ebp - 0x33c], eax
+
+loc_fffba632: ; not directly referenced
+cmp dword [esi], 2
+jne loc_fffba78f ; jne 0xfffba78f
+xor edi, edi
+
+loc_fffba63d: ; not directly referenced
+mov eax, 1
+mov ecx, edi
+shl eax, cl
+test byte [esi + 0xc4], al
+je short loc_fffba66d ; je 0xfffba66d
+mov ecx, dword [ebp - 0x348]
+push edx
+push 1
+movzx edx, byte [ecx + edi]
+push edx
+push 1
+push eax
+push 4
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffba66d: ; not directly referenced
+inc edi
+cmp edi, 4
+jne short loc_fffba63d ; jne 0xfffba63d
+xor ecx, ecx
+
+loc_fffba675: ; not directly referenced
+mov eax, dword [ebp - 0x350]
+movzx edi, byte [eax + ecx]
+movzx eax, byte [esi + ecx + 0x241]
+sub edi, eax
+je loc_fffba785 ; je 0xfffba785
+push eax
+mov eax, 1
+push 1
+push edi
+shl eax, cl
+push eax
+push dword [ebp - 0x33c]
+mov dword [ebp - 0x344], ecx
+push 0
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+mov edx, dword [ebp - 0x340]
+add esp, 0x20
+mov ecx, dword [ebp - 0x344]
+mov al, byte [edx + 0x542]
+cmp byte [ecx + edx + 0x53e], al
+jne short loc_fffba719 ; jne 0xfffba719
+push eax
+push 1
+mov eax, dword [esi + 0x111]
+add eax, edi
+push eax
+push 1
+push dword [ebp - 0x33c]
+push 2
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 1
+mov eax, dword [esi + 0x109]
+add eax, edi
+push eax
+push 1
+push dword [ebp - 0x33c]
+push 3
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+mov ecx, dword [ebp - 0x344]
+add esp, 0x20
+
+loc_fffba719: ; not directly referenced
+mov edx, dword [ebp - 0x340]
+mov dword [ebp - 0x344], 1
+mov al, byte [edx + 0x543]
+cmp byte [ecx + edx + 0x53e], al
+jne short loc_fffba785 ; jne 0xfffba785
+push eax
+push 1
+mov eax, dword [esi + 0x115]
+mov dword [ebp - 0x34c], ecx
+add eax, edi
+push eax
+push 2
+push dword [ebp - 0x33c]
+push 2
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 1
+add edi, dword [esi + 0x11d]
+push edi
+push 2
+push dword [ebp - 0x33c]
+push 1
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+mov ecx, dword [ebp - 0x34c]
+add esp, 0x20
+
+loc_fffba785: ; not directly referenced
+inc ecx
+cmp ecx, 2
+jne loc_fffba675 ; jne 0xfffba675
+
+loc_fffba78f: ; not directly referenced
+inc ebx
+add esi, 0x13c3
+add dword [ebp - 0x350], 2
+add dword [ebp - 0x340], 0x54a
+add dword [ebp - 0x348], 2
+cmp ebx, 2
+jne loc_fffba632 ; jne 0xfffba632
+cmp dword [ebp - 0x344], 0
+je short loc_fffba7d8 ; je 0xfffba7d8
+sub esp, 0xc
+push dword [ebp + 8]
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+jmp short loc_fffba7d8 ; jmp 0xfffba7d8
+
+loc_fffba7d0: ; not directly referenced
+test eax, eax
+jne loc_fffbb9fc ; jne 0xfffbb9fc
+
+loc_fffba7d8: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ebx, dword [eax + 0x5edc]
+mov esi, dword [eax + 0x2443]
+mov al, byte [eax + 0x248d]
+push ecx
+push 0x7f
+push 0x48
+mov byte [ebp - 0x340], al
+lea eax, [ebp - 0x2a8]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x48
+lea eax, [ebp - 0x260]
+push eax
+call dword [esi + 0x5c] ; ucall
+lea eax, [ebx + 0x1c]
+add esp, 0x10
+mov dword [ebp - 0x348], eax
+mov esi, eax
+xor ebx, ebx
+
+loc_fffba823: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffba89d ; jne 0xfffba89d
+mov byte [ebp - 0x33c], 0
+
+loc_fffba83d: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x33c]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffba87a ; jae 0xfffba87a
+movzx ecx, byte [ebp - 0x33c]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+mov edi, dword [esi + ecx*4 + 0x28]
+call fcn_fffa720e ; call 0xfffa720e
+or edi, 0x60
+mov ecx, edi
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x33c]
+jmp short loc_fffba83d ; jmp 0xfffba83d
+
+loc_fffba87a: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, ebx
+mov edi, dword [esi]
+call fcn_fffa7288 ; call 0xfffa7288
+or edi, 0x1000008
+mov ecx, edi
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffba89d: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+jne loc_fffba823 ; jne 0xfffba823
+xor edi, edi
+
+loc_fffba8af: ; not directly referenced
+mov ebx, 1
+mov ecx, edi
+shl ebx, cl
+test byte [ebp - 0x340], bl
+jne short loc_fffba8d3 ; jne 0xfffba8d3
+
+loc_fffba8c0: ; not directly referenced
+inc edi
+cmp edi, 4
+jne short loc_fffba8af ; jne 0xfffba8af
+mov ebx, dword [ebp - 0x348]
+xor esi, esi
+jmp near loc_fffbaa02 ; jmp 0xfffbaa02
+
+loc_fffba8d3: ; not directly referenced
+xor esi, esi
+
+loc_fffba8d5: ; not directly referenced
+imul eax, esi, 0x13c3
+mov ecx, dword [ebp + 8]
+mov byte [ebp - 0x33c], bl
+test byte [ecx + eax + 0x381a], bl
+je short loc_fffba93b ; je 0xfffba93b
+mov eax, dword [ebp + 8]
+sub esp, 0xc
+mov ecx, esi
+mov edx, 1
+shl edx, cl
+mov ecx, ebx
+push 0
+call fcn_fffd2c53 ; call 0xfffd2c53
+add esp, 0x10
+mov dword [ebp - 0x344], eax
+test eax, eax
+jne loc_fffbb0b4 ; jne 0xfffbb0b4
+sub esp, 0xc
+mov eax, dword [ebp + 8]
+mov ecx, edi
+push 0
+mov edx, esi
+push 0x4000
+push 0x3000
+push 4
+push ref_fffd665c ; push 0xfffd665c
+call fcn_fffd2b18 ; call 0xfffd2b18
+add esp, 0x20
+
+loc_fffba93b: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffba8d5 ; jne 0xfffba8d5
+push eax
+mov ecx, 0x7f
+push eax
+mov edx, edi
+lea eax, [ebp - 0x2a8]
+xor si, si
+push eax
+mov eax, dword [ebp + 8]
+push 2
+call fcn_fffd2d89 ; call 0xfffd2d89
+xor ecx, ecx
+pop eax
+pop edx
+mov edx, edi
+lea eax, [ebp - 0x260]
+push eax
+mov eax, dword [ebp + 8]
+push 0xfffffffffffffffe
+call fcn_fffd2d89 ; call 0xfffd2d89
+add esp, 0x10
+
+loc_fffba978: ; not directly referenced
+imul eax, esi, 0x13c3
+mov ecx, dword [ebp + 8]
+mov dl, byte [ebp - 0x33c]
+test byte [ecx + eax + 0x381a], dl
+jne short loc_fffba99b ; jne 0xfffba99b
+
+loc_fffba990: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffba978 ; jne 0xfffba978
+jmp near loc_fffba8c0 ; jmp 0xfffba8c0
+
+loc_fffba99b: ; not directly referenced
+push eax
+push 1
+push 0x60
+push 3
+push ebx
+push 2
+push esi
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 1
+push 0x60
+push 1
+push ebx
+push 3
+push esi
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 1
+push 0x60
+push 2
+push ebx
+push 1
+push esi
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp + 8]
+add esp, 0x14
+mov ecx, esi
+mov edx, 1
+shl edx, cl
+mov ecx, ebx
+push 2
+call fcn_fffd2c53 ; call 0xfffd2c53
+add esp, 0x10
+mov dword [ebp - 0x344], eax
+test eax, eax
+je short loc_fffba990 ; je 0xfffba990
+jmp near loc_fffbb0b4 ; jmp 0xfffbb0b4
+
+loc_fffbaa02: ; not directly referenced
+imul eax, esi, 0x13c3
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x3756], 2
+je short loc_fffbaa69 ; je 0xfffbaa69
+
+loc_fffbaa15: ; not directly referenced
+inc esi
+add ebx, 0xcc
+cmp esi, 2
+jne short loc_fffbaa02 ; jne 0xfffbaa02
+mov eax, dword [ebp + 8]
+mov ebx, dword [eax + 0x2443]
+lea eax, [ebp - 0x2c8]
+push esi
+xor esi, esi
+push 0x7f
+push 4
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 4
+lea eax, [ebp - 0x2e8]
+push eax
+call dword [ebx + 0x5c] ; ucall
+lea eax, [ebp - 0x2a8]
+add esp, 0x10
+mov dword [ebp - 0x34c], eax
+lea eax, [ebp - 0x260]
+mov dword [ebp - 0x348], eax
+jmp short loc_fffbaac9 ; jmp 0xfffbaac9
+
+loc_fffbaa69: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, esi
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebx]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov byte [ebp - 0x33c], 0
+
+loc_fffbaa8b: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x33c]
+cmp al, byte [edi + 0x2488]
+jae loc_fffbaa15 ; jae 0xfffbaa15
+movzx edi, byte [ebp - 0x33c]
+mov edx, esi
+mov eax, dword [ebp + 8]
+mov ecx, edi
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebx + edi*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x33c]
+jmp short loc_fffbaa8b ; jmp 0xfffbaa8b
+
+loc_fffbaac9: ; not directly referenced
+imul eax, esi, 0x13c3
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x3756], 2
+jne loc_fffbabfc ; jne 0xfffbabfc
+mov al, byte [edi + eax + 0x381a]
+lea ecx, [ebp - 0x18]
+mov edi, dword [ebp - 0x348]
+mov dword [ebp - 0x33c], 0
+mov byte [ebp - 0x368], al
+imul eax, esi, 0x54a
+mov dword [ebp - 0x350], eax
+mov eax, dword [ebp - 0x34c]
+mov dword [ebp - 0x344], eax
+lea eax, [esi + esi]
+add eax, ecx
+mov dword [ebp - 0x378], eax
+
+loc_fffbab23: ; not directly referenced
+mov cl, byte [ebp - 0x33c]
+mov eax, 1
+shl eax, cl
+test byte [ebp - 0x368], al
+je short loc_fffbab4b ; je 0xfffbab4b
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x354], al
+jmp short loc_fffbab9c ; jmp 0xfffbab9c
+
+loc_fffbab4b: ; not directly referenced
+inc dword [ebp - 0x33c]
+add edi, 9
+add dword [ebp - 0x344], 9
+cmp dword [ebp - 0x33c], 4
+jne short loc_fffbab23 ; jne 0xfffbab23
+movzx edx, byte [ebp + esi*2 - 0x2c8]
+movzx eax, byte [ebp + esi*2 - 0x2e8]
+add eax, edx
+movzx edx, byte [ebp + esi*2 - 0x2c7]
+sar eax, 1
+mov byte [ebp + esi*2 - 0x308], al
+movzx eax, byte [ebp + esi*2 - 0x2e7]
+add eax, edx
+sar eax, 1
+mov byte [ebp + esi*2 - 0x307], al
+jmp short loc_fffbabfc ; jmp 0xfffbabfc
+
+loc_fffbab9c: ; not directly referenced
+cmp byte [ebp - 0x354], cl
+jbe short loc_fffbab4b ; jbe 0xfffbab4b
+mov edx, dword [ebp - 0x350]
+mov eax, dword [ebp + 8]
+mov ebx, dword [ebp - 0x344]
+movzx eax, byte [eax + edx + 0x1ead]
+mov dl, byte [ebx + ecx]
+sar eax, cl
+and eax, 1
+xor eax, 1
+add eax, dword [ebp - 0x378]
+mov bl, byte [eax - 0x2b0]
+cmp byte [eax - 0x2b0], dl
+cmovbe edx, ebx
+mov bl, byte [eax - 0x2d0]
+mov byte [eax - 0x2b0], dl
+mov dl, byte [edi + ecx]
+cmp byte [eax - 0x2d0], dl
+cmovae edx, ebx
+inc ecx
+mov byte [eax - 0x2d0], dl
+jmp short loc_fffbab9c ; jmp 0xfffbab9c
+
+loc_fffbabfc: ; not directly referenced
+inc esi
+add dword [ebp - 0x34c], 0x24
+add dword [ebp - 0x348], 0x24
+cmp esi, 2
+jne loc_fffbaac9 ; jne 0xfffbaac9
+movzx esi, byte [ebp - 0x340]
+xor ebx, ebx
+
+loc_fffbac1d: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffbac9f ; jne 0xfffbac9f
+movzx eax, byte [ebp + ebx*2 - 0x308]
+push ecx
+push 1
+push eax
+push 1
+push esi
+push 2
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+movzx eax, byte [ebp + ebx*2 - 0x308]
+add esp, 0x1c
+push 1
+push eax
+push 1
+push esi
+push 3
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+movzx eax, byte [ebp + ebx*2 - 0x307]
+add esp, 0x1c
+push 1
+push eax
+push 2
+push esi
+push 2
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+movzx eax, byte [ebp + ebx*2 - 0x307]
+add esp, 0x1c
+push 1
+push eax
+push 2
+push esi
+push 1
+push ebx
+push dword [ebp + 8]
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffbac9f: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffbac1d ; jne 0xfffbac1d
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x344], 0
+mov dword [ebp - 0x348], 0x4224
+add eax, 0x3756
+mov dword [ebp - 0x34c], eax
+mov eax, dword [ebp + 8]
+add eax, 0x196b
+mov dword [ebp - 0x340], eax
+
+loc_fffbacd9: ; not directly referenced
+mov eax, dword [ebp - 0x34c]
+cmp dword [eax], 2
+jne loc_fffbb079 ; jne 0xfffbb079
+xor ebx, ebx
+xor edi, edi
+mov byte [ebp - 0x350], 0
+xor ecx, ecx
+xor eax, eax
+
+loc_fffbacf7: ; not directly referenced
+mov esi, dword [ebp - 0x340]
+mov dl, byte [esi + eax + 0x4f6]
+cmp dl, 2
+je short loc_fffbad29 ; je 0xfffbad29
+ja short loc_fffbad17 ; ja 0xfffbad17
+mov esi, eax
+and esi, 7
+test dl, dl
+cmove ebx, esi
+jmp short loc_fffbad3b ; jmp 0xfffbad3b
+
+loc_fffbad17: ; not directly referenced
+cmp dl, 4
+je short loc_fffbad30 ; je 0xfffbad30
+mov esi, eax
+and esi, 7
+cmp dl, 6
+cmove ecx, esi
+jmp short loc_fffbad3b ; jmp 0xfffbad3b
+
+loc_fffbad29: ; not directly referenced
+mov edi, eax
+and edi, 7
+jmp short loc_fffbad3b ; jmp 0xfffbad3b
+
+loc_fffbad30: ; not directly referenced
+mov dl, al
+and edx, 7
+mov byte [ebp - 0x350], dl
+
+loc_fffbad3b: ; not directly referenced
+inc eax
+cmp eax, 8
+jne short loc_fffbacf7 ; jne 0xfffbacf7
+mov eax, edi
+mov edx, ebx
+shl eax, 0x1c
+xor esi, esi
+mov dword [ebp - 0x33c], eax
+movzx eax, cl
+xor edi, edi
+mov dword [ebp - 0x3cc], eax
+shl eax, 0x1c
+xor ebx, ebx
+mov dword [ebp - 0x354], eax
+mov eax, dword [ebp - 0x350]
+shl edx, 0x18
+or dword [ebp - 0x33c], edx
+shr edx, 0x18
+mov ecx, edx
+shl eax, 0x18
+or dword [ebp - 0x354], eax
+shr eax, 0x18
+mov dword [ebp - 0x388], eax
+mov al, byte [ebp - 0x33c]
+mov dword [ebp - 0x3d4], edx
+mov edx, dword [ebp - 0x340]
+mov byte [ebp - 0x378], 0
+mov byte [ebp - 0x3a8], 0
+and eax, 7
+mov byte [ebp - 0x368], al
+mov al, byte [ebp - 0x354]
+lea ecx, [edx + ecx*8]
+mov byte [ebp - 0x390], 0
+mov byte [ebp - 0x38c], 0
+mov byte [ebp - 0x358], 0
+and eax, 7
+mov byte [ebp - 0x350], al
+mov eax, dword [ebp - 0x33c]
+mov byte [ebp - 0x3c8], 0
+mov byte [ebp - 0x3b8], 0
+mov dword [ebp - 0x398], ecx
+shr eax, 0x1c
+lea eax, [edx + eax*8]
+mov dword [ebp - 0x394], eax
+movzx eax, byte [ebp - 0x388]
+lea eax, [edx + eax*8]
+mov dword [ebp - 0x3d0], eax
+mov eax, dword [ebp - 0x3cc]
+lea eax, [edx + eax*8]
+xor edx, edx
+mov dword [ebp - 0x3cc], eax
+xor eax, eax
+
+loc_fffbae25: ; not directly referenced
+mov ecx, dword [ebp - 0x398]
+mov cl, byte [ecx + edx + 0x4fe]
+cmp cl, 1
+je short loc_fffbae49 ; je 0xfffbae49
+jb short loc_fffbae41 ; jb 0xfffbae41
+cmp cl, 2
+cmove esi, eax
+jmp short loc_fffbae4f ; jmp 0xfffbae4f
+
+loc_fffbae41: ; not directly referenced
+mov byte [ebp - 0x368], al
+jmp short loc_fffbae4f ; jmp 0xfffbae4f
+
+loc_fffbae49: ; not directly referenced
+mov byte [ebp - 0x378], al
+
+loc_fffbae4f: ; not directly referenced
+mov ecx, dword [ebp - 0x394]
+mov cl, byte [ecx + edx + 0x4fe]
+cmp cl, 0x11
+je short loc_fffbae6e ; je 0xfffbae6e
+cmp cl, 0x12
+je short loc_fffbae76 ; je 0xfffbae76
+cmp cl, 0x10
+cmove edi, eax
+jmp short loc_fffbae7c ; jmp 0xfffbae7c
+
+loc_fffbae6e: ; not directly referenced
+mov byte [ebp - 0x3a8], al
+jmp short loc_fffbae7c ; jmp 0xfffbae7c
+
+loc_fffbae76: ; not directly referenced
+mov byte [ebp - 0x390], al
+
+loc_fffbae7c: ; not directly referenced
+mov ecx, dword [ebp - 0x3d0]
+mov cl, byte [ecx + edx + 0x4fe]
+cmp cl, 0x21
+je short loc_fffbaea7 ; je 0xfffbaea7
+cmp cl, 0x22
+je short loc_fffbaeaf ; je 0xfffbaeaf
+cmp cl, 0x20
+mov cl, byte [ebp - 0x350]
+cmove ecx, eax
+mov byte [ebp - 0x350], cl
+jmp short loc_fffbaeb5 ; jmp 0xfffbaeb5
+
+loc_fffbaea7: ; not directly referenced
+mov byte [ebp - 0x38c], al
+jmp short loc_fffbaeb5 ; jmp 0xfffbaeb5
+
+loc_fffbaeaf: ; not directly referenced
+mov byte [ebp - 0x358], al
+
+loc_fffbaeb5: ; not directly referenced
+mov ecx, dword [ebp - 0x3cc]
+mov cl, byte [ecx + edx + 0x4fe]
+cmp cl, 0x31
+je short loc_fffbaed4 ; je 0xfffbaed4
+cmp cl, 0x32
+je short loc_fffbaedc ; je 0xfffbaedc
+cmp cl, 0x30
+cmove ebx, eax
+jmp short loc_fffbaee2 ; jmp 0xfffbaee2
+
+loc_fffbaed4: ; not directly referenced
+mov byte [ebp - 0x3c8], al
+jmp short loc_fffbaee2 ; jmp 0xfffbaee2
+
+loc_fffbaedc: ; not directly referenced
+mov byte [ebp - 0x3b8], al
+
+loc_fffbaee2: ; not directly referenced
+inc eax
+inc edx
+and eax, 7
+cmp edx, 8
+jne loc_fffbae25 ; jne 0xfffbae25
+mov ecx, dword [ebp - 0x368]
+and esi, 7
+and edi, 7
+mov eax, dword [ebp - 0x378]
+shl esi, 8
+shl edi, 0xc
+mov edx, dword [ebp - 0x38c]
+and ecx, 7
+or ecx, dword [ebp - 0x33c]
+and eax, 7
+shl eax, 4
+and edx, 7
+shl edx, 4
+or ecx, eax
+mov eax, dword [ebp - 0x3a8]
+or ecx, esi
+mov esi, dword [ebp - 0x350]
+and ecx, 0xfff88fff
+or ecx, edi
+and eax, 7
+shl eax, 0x10
+and esi, 7
+or ecx, eax
+mov eax, dword [ebp - 0x390]
+and ecx, 0xff8fffff
+or esi, dword [ebp - 0x354]
+and eax, 7
+shl eax, 0x14
+or esi, edx
+mov edx, dword [ebp - 0x3c8]
+or ecx, eax
+mov eax, dword [ebp - 0x358]
+and edx, 7
+and eax, 7
+shl eax, 8
+or esi, eax
+mov eax, ebx
+and eax, 7
+and esi, 0xfff88fff
+shl eax, 0xc
+or esi, eax
+mov eax, dword [ebp - 0x3b8]
+shl edx, 0x10
+or esi, edx
+and esi, 0xff8fffff
+and eax, 7
+shl eax, 0x14
+or esi, eax
+mov eax, dword [ebp - 0x34c]
+cmp byte [eax + 0x1264], 0x20
+jne loc_fffbb03c ; jne 0xfffbb03c
+mov ebx, dword [ebp - 0x3d4]
+and ecx, 0x8fffffff
+and esi, 0x8fffffff
+shl ebx, 0x1c
+or ecx, ebx
+mov eax, ecx
+and ch, 0x8f
+and eax, 7
+shl eax, 0xc
+or ecx, eax
+mov eax, ecx
+and ecx, 0xfff8ffff
+shl eax, 0xc
+and eax, 0x70000
+or ecx, eax
+mov eax, ecx
+and ecx, 0xff8fffff
+shl eax, 0xc
+and eax, 0x700000
+or ecx, eax
+mov eax, dword [ebp - 0x388]
+shl eax, 0x1c
+or esi, eax
+mov eax, esi
+and esi, 0xffff8fff
+and eax, 7
+shl eax, 0xc
+or esi, eax
+mov eax, esi
+and esi, 0xfff8ffff
+shl eax, 0xc
+and eax, 0x70000
+or esi, eax
+mov eax, esi
+and esi, 0xff8fffff
+shl eax, 0xc
+and eax, 0x700000
+or esi, eax
+
+loc_fffbb03c: ; not directly referenced
+mov edi, dword [ebp - 0x348]
+mov ebx, dword [ebp + 8]
+mov eax, edi
+sub eax, 4
+cmp dword [ebx + 0x188b], 1
+lea edx, [edi + 4]
+cmovne edx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, edi
+mov ecx, esi
+lea edx, [edi + 8]
+mov edi, dword [ebp + 8]
+cmp dword [edi + 0x188b], 1
+cmovne edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbb079: ; not directly referenced
+mov eax, dword [ebp - 0x348]
+add dword [ebp - 0x34c], 0x13c3
+add dword [ebp - 0x340], 0x54a
+add eax, 0x400
+cmp eax, 0x4a24
+je short loc_fffbb0aa ; je 0xfffbb0aa
+mov dword [ebp - 0x348], eax
+jmp near loc_fffbacd9 ; jmp 0xfffbacd9
+
+loc_fffbb0aa: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov byte [eax + 0x247c], 1
+
+loc_fffbb0b4: ; not directly referenced
+mov eax, dword [ebp - 0x344]
+jmp near loc_fffbb9fc ; jmp 0xfffbb9fc
+
+loc_fffbb0bf: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edi, dword [ebp - 0x344]
+add eax, 0x3756
+add edi, 0x70
+mov ebx, eax
+mov dword [ebp - 0x3d0], edi
+mov esi, edi
+xor edi, edi
+mov dword [ebp - 0x3cc], eax
+
+loc_fffbb0e2: ; not directly referenced
+cmp dword [ebx], 2
+jne loc_fffbb17d ; jne 0xfffbb17d
+mov byte [ebp - 0x340], 0
+
+loc_fffbb0f2: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov cl, byte [ebp - 0x340]
+movzx eax, byte [eax + 0x2488]
+cmp cl, al
+jae short loc_fffbb16c ; jae 0xfffbb16c
+movzx eax, cl
+mov dword [ebp - 0x33c], 0
+mov dword [ebp - 0x34c], eax
+
+loc_fffbb119: ; not directly referenced
+mov cl, byte [ebp - 0x33c]
+mov eax, 1
+shl eax, cl
+test byte [ebx + 0xc4], al
+je short loc_fffbb155 ; je 0xfffbb155
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x18b2], 1
+jne short loc_fffbb155 ; jne 0xfffbb155
+push edx
+mov ecx, dword [ebp - 0x33c]
+mov edx, edi
+push 0x20
+push 5
+push dword [ebp - 0x34c]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffbb155: ; not directly referenced
+inc dword [ebp - 0x33c]
+cmp dword [ebp - 0x33c], 4
+jne short loc_fffbb119 ; jne 0xfffbb119
+inc byte [ebp - 0x340]
+jmp short loc_fffbb0f2 ; jmp 0xfffbb0f2
+
+loc_fffbb16c: ; not directly referenced
+push ecx
+push 0
+push eax
+mov eax, dword [ebp - 0x38c]
+push esi
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbb17d: ; not directly referenced
+inc edi
+add ebx, 0x13c3
+add esi, 0xcc
+cmp edi, 2
+jne loc_fffbb0e2 ; jne 0xfffbb0e2
+mov eax, dword [ebp + 8]
+movzx edx, byte [ebp - 0x348]
+call fcn_fffb27d5 ; call 0xfffb27d5
+mov eax, dword [ebp - 0x344]
+mov dword [ebp - 0x33c], 0
+add eax, 0x1c
+mov dword [ebp - 0x3b8], eax
+
+loc_fffbb1bb: ; not directly referenced
+mov edi, dword [ebp - 0x33c]
+mov eax, edi
+mov byte [ebp - 0x388], al
+cmp edi, 0x80
+je loc_fffbb85b ; je 0xfffbb85b
+mov edi, dword [ebp - 0x33c]
+mov eax, edi
+and eax, 0x7f
+mov ebx, eax
+mov ecx, eax
+mov edx, eax
+shl ebx, 0xe
+shl ecx, 0x15
+shl edx, 7
+or ecx, ebx
+or ecx, edx
+mov edx, 0x390c
+or ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+sub esp, 0xc
+push dword [ebp + 8]
+call fcn_fffc82f4 ; call 0xfffc82f4
+mov eax, edi
+add esp, 0x10
+shr al, 1
+movzx eax, al
+lea eax, [ebp + eax*8 - 0x218]
+mov dword [ebp - 0x378], eax
+mov dword [ebp - 0x390], 0
+mov dword [ebp - 0x358], 0
+
+loc_fffbb238: ; not directly referenced
+mov cl, byte [ebp - 0x358]
+mov dword [ebp - 0x340], 1
+shl dword [ebp - 0x340], cl
+mov al, byte [ebp - 0x340]
+test byte [ebp - 0x3c8], al
+jne short loc_fffbb284 ; jne 0xfffbb284
+
+loc_fffbb25c: ; not directly referenced
+inc dword [ebp - 0x358]
+inc dword [ebp - 0x378]
+add dword [ebp - 0x390], 4
+cmp dword [ebp - 0x358], 4
+jne short loc_fffbb238 ; jne 0xfffbb238
+add dword [ebp - 0x33c], 2
+jmp near loc_fffbb1bb ; jmp 0xfffbb1bb
+
+loc_fffbb284: ; not directly referenced
+xor ebx, ebx
+
+loc_fffbb286: ; not directly referenced
+mov edi, dword [ebp - 0x340]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+mov ecx, edi
+call fcn_fffaac43 ; call 0xfffaac43
+imul eax, ebx, 0x13c3
+mov esi, dword [ebp + 8]
+mov dword [ebp + ebx*4 - 0x338], 0
+mov edx, edi
+mov dword [ebp + ebx*4 - 0x330], 0
+test byte [esi + eax + 0x381a], dl
+je short loc_fffbb300 ; je 0xfffbb300
+mov ecx, dword [ebp - 0x340]
+mov eax, esi
+mov esi, ebx
+push edx
+push edx
+mov edx, ebx
+push 4
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+mov eax, dword [ebp + 8]
+shl esi, 0xa
+add esi, 0x4194
+mov edx, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, esi
+or eax, 0x80000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+
+loc_fffbb300: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffbb286 ; jne 0xfffbb286
+mov al, byte [ebp - 0x340]
+mov dword [ebp - 0x34c], 0xffffffe0
+mov byte [ebp - 0x344], al
+mov eax, dword [ebp + 8]
+movzx ecx, byte [eax + 0x2488]
+mov eax, 1
+shl eax, cl
+dec eax
+mov dword [ebp - 0x348], eax
+
+loc_fffbb334: ; not directly referenced
+push 1
+mov edi, dword [ebp - 0x34c]
+xor ebx, ebx
+push 0
+push 0
+push 0
+push 0
+mov eax, edi
+push 0
+push 0
+push 1
+push 0
+push edi
+push 1
+push dword [ebp + 8]
+mov byte [ebp - 0x350], al
+call fcn_fffcc900 ; call 0xfffcc900
+mov edi, dword [ebp - 0x3b8]
+add esp, 0x30
+
+loc_fffbb36a: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov ecx, dword [ebp + 8]
+xor esi, esi
+mov dl, byte [ebp - 0x344]
+test byte [ecx + eax + 0x381a], dl
+je short loc_fffbb3e3 ; je 0xfffbb3e3
+
+loc_fffbb384: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov eax, esi
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffbb3c2 ; jae 0xfffbb3c2
+mov eax, esi
+mov edx, ebx
+movzx eax, al
+inc esi
+mov ecx, eax
+mov dword [ebp - 0x354], eax
+mov eax, dword [ebp + 8]
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebp - 0x354]
+mov ecx, dword [edi + ecx*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp + 8]
+or ecx, 0x60
+call fcn_fffaeb7c ; call 0xfffaeb7c
+jmp short loc_fffbb384 ; jmp 0xfffbb384
+
+loc_fffbb3c2: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [edi]
+or ecx, 0x1000001
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbb3e3: ; not directly referenced
+inc ebx
+add edi, 0xcc
+cmp ebx, 2
+jne loc_fffbb36a ; jne 0xfffbb36a
+mov eax, dword [ebp + 8]
+xor bl, bl
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov eax, dword [ebp + 8]
+mov ecx, 5
+mov edx, 0x4800
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 2
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 8]
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov eax, dword [ebp + 8]
+mov edx, 2
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 8]
+mov ecx, 2
+mov edx, 0x4800
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbb443: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+mov dl, byte [ebp - 0x344]
+test byte [edi + eax + 0x381a], dl
+je short loc_fffbb4c5 ; je 0xfffbb4c5
+xor edi, edi
+
+loc_fffbb45d: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov eax, edi
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffbb4a2 ; jae 0xfffbb4a2
+mov eax, edi
+mov edx, ebx
+movzx ecx, al
+mov eax, dword [ebp + 8]
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 1
+mov ecx, edi
+shl edx, cl
+dec eax
+jne short loc_fffbb498 ; jne 0xfffbb498
+or dword [ebp + ebx*4 - 0x338], edx
+jmp short loc_fffbb49f ; jmp 0xfffbb49f
+
+loc_fffbb498: ; not directly referenced
+or dword [ebp + ebx*4 - 0x330], edx
+
+loc_fffbb49f: ; not directly referenced
+inc edi
+jmp short loc_fffbb45d ; jmp 0xfffbb45d
+
+loc_fffbb4a2: ; not directly referenced
+mov eax, dword [ebp - 0x348]
+cmp dword [ebp + ebx*4 - 0x338], eax
+jne short loc_fffbb4c5 ; jne 0xfffbb4c5
+mov edi, dword [ebp - 0x378]
+mov al, byte [ebp - 0x350]
+cmp byte [edi + ebx*4], al
+jle short loc_fffbb4c5 ; jle 0xfffbb4c5
+mov byte [edi + ebx*4], al
+
+loc_fffbb4c5: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffbb443 ; jne 0xfffbb443
+mov ebx, dword [ebp - 0x3b8]
+xor edi, edi
+
+loc_fffbb4d7: ; not directly referenced
+imul eax, edi, 0x13c3
+mov ecx, dword [ebp + 8]
+xor esi, esi
+mov dl, byte [ebp - 0x344]
+test byte [ecx + eax + 0x381a], dl
+je short loc_fffbb54e ; je 0xfffbb54e
+
+loc_fffbb4f1: ; not directly referenced
+mov edx, dword [ebp + 8]
+mov eax, esi
+cmp al, byte [edx + 0x2488]
+jae short loc_fffbb52c ; jae 0xfffbb52c
+mov eax, esi
+mov edx, edi
+movzx eax, al
+inc esi
+mov ecx, eax
+mov dword [ebp - 0x350], eax
+mov eax, dword [ebp + 8]
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebp - 0x350]
+mov ecx, dword [ebx + ecx*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+jmp short loc_fffbb4f1 ; jmp 0xfffbb4f1
+
+loc_fffbb52c: ; not directly referenced
+mov eax, edx
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, edi
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebx]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffbb54e: ; not directly referenced
+inc edi
+add ebx, 0xcc
+cmp edi, 2
+jne loc_fffbb4d7 ; jne 0xfffbb4d7
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x344]
+test byte [edi + 0x381a], al
+je short loc_fffbb58d ; je 0xfffbb58d
+mov eax, dword [ebp - 0x348]
+cmp dword [ebp - 0x338], eax
+jne loc_fffbb9e3 ; jne 0xfffbb9e3
+cmp dword [ebp - 0x330], eax
+jne loc_fffbb9e3 ; jne 0xfffbb9e3
+
+loc_fffbb58d: ; not directly referenced
+mov ebx, dword [ebp + 8]
+mov al, byte [ebp - 0x344]
+test byte [ebx + 0x4bdd], al
+je short loc_fffbb5bc ; je 0xfffbb5bc
+mov eax, dword [ebp - 0x348]
+cmp dword [ebp - 0x334], eax
+jne loc_fffbb9e3 ; jne 0xfffbb9e3
+cmp dword [ebp - 0x32c], eax
+jne loc_fffbb9e3 ; jne 0xfffbb9e3
+
+loc_fffbb5bc: ; not directly referenced
+mov eax, dword [ebp - 0x390]
+mov edx, dword [ebp - 0x33c]
+lea edi, [ebp + eax - 0x260]
+lea ebx, [ebp + eax - 0x2a8]
+mov dword [ebp - 0x350], edi
+mov edi, eax
+mov dword [ebp - 0x354], ebx
+lea ebx, [ebp + edi - 0x2e8]
+mov dword [ebp - 0x34c], ebx
+mov ebx, edi
+lea ebx, [ebp + ebx - 0x328]
+lea ecx, [edx - 2]
+mov dword [ebp - 0x368], ebx
+lea eax, [ebp + eax - 0x2c8]
+xor ebx, ebx
+lea edi, [ebp + edi - 0x308]
+mov dword [ebp - 0x3a8], ecx
+
+loc_fffbb619: ; not directly referenced
+imul edx, ebx, 0x13c3
+mov esi, dword [ebp + 8]
+mov cl, byte [ebp - 0x344]
+test byte [esi + edx + 0x381a], cl
+je loc_fffbb7c4 ; je 0xfffbb7c4
+mov esi, dword [ebp - 0x348]
+xor ecx, ecx
+cmp dword [ebp + ebx*4 - 0x338], esi
+jne short loc_fffbb652 ; jne 0xfffbb652
+xor ecx, ecx
+cmp dword [ebp + ebx*4 - 0x330], esi
+sete cl
+
+loc_fffbb652: ; not directly referenced
+cmp byte [ebp - 0x388], 0
+setne dl
+test dl, cl
+je short loc_fffbb67f ; je 0xfffbb67f
+mov ecx, dword [ebp - 0x378]
+movsx edx, byte [ecx + ebx*4]
+movsx ecx, byte [ecx + ebx*4 - 8]
+sub edx, ecx
+cmp edx, 0x10
+setle dl
+movzx edx, dl
+jmp near loc_fffbb70e ; jmp 0xfffbb70e
+
+loc_fffbb67f: ; not directly referenced
+cmp byte [ebp - 0x388], 0
+mov edx, ecx
+jne loc_fffbb70e ; jne 0xfffbb70e
+mov esi, dword [ebp - 0x368]
+test ecx, ecx
+je short loc_fffbb6d3 ; je 0xfffbb6d3
+mov dword [esi], 0
+mov esi, dword [ebp - 0x34c]
+mov dword [edi], 0
+mov dword [eax], 0
+mov dword [esi], 0
+mov esi, dword [ebp - 0x354]
+mov dword [esi], 0
+mov esi, dword [ebp - 0x350]
+mov dword [esi], 0
+jmp near loc_fffbb7c4 ; jmp 0xfffbb7c4
+
+loc_fffbb6d3: ; not directly referenced
+mov dword [esi], 0xfffffffe
+mov esi, dword [ebp - 0x34c]
+mov dword [edi], 0xfffffffe
+mov dword [eax], 0xfffffffe
+mov dword [esi], 0xfffffffe
+mov esi, dword [ebp - 0x354]
+mov dword [esi], 0xfffffffe
+mov esi, dword [ebp - 0x350]
+mov dword [esi], 0xfffffffe
+jmp near loc_fffbb7c4 ; jmp 0xfffbb7c4
+
+loc_fffbb70e: ; not directly referenced
+test edx, edx
+je loc_fffbb7c4 ; je 0xfffbb7c4
+mov esi, dword [ebp - 0x3a8]
+cmp dword [edi], esi
+jne short loc_fffbb728 ; jne 0xfffbb728
+mov esi, dword [ebp - 0x33c]
+mov dword [edi], esi
+
+loc_fffbb728: ; not directly referenced
+mov esi, dword [ebp - 0x3a8]
+cmp dword [eax], esi
+jne short loc_fffbb73c ; jne 0xfffbb73c
+mov esi, dword [ebp - 0x33c]
+mov dword [eax], esi
+jmp short loc_fffbb74c ; jmp 0xfffbb74c
+
+loc_fffbb73c: ; not directly referenced
+mov ecx, dword [ebp - 0x33c]
+mov esi, dword [ebp - 0x34c]
+mov dword [eax], ecx
+mov dword [esi], ecx
+
+loc_fffbb74c: ; not directly referenced
+cmp byte [ebp - 0x388], 0x7e
+jne short loc_fffbb772 ; jne 0xfffbb772
+mov esi, dword [ebp - 0x368]
+cmp dword [esi], 0
+jne short loc_fffbb772 ; jne 0xfffbb772
+mov edx, dword [edi]
+mov ecx, dword [ebp - 0x33c]
+cmp edx, ecx
+je short loc_fffbb772 ; je 0xfffbb772
+lea edx, [edx + ecx + 2]
+mov dword [eax], edx
+
+loc_fffbb772: ; not directly referenced
+mov edx, dword [ebp - 0x34c]
+mov esi, dword [eax]
+mov dword [ebp - 0x3d4], eax
+mov ecx, dword [ebp - 0x354]
+mov edx, dword [edx]
+mov eax, esi
+mov dword [ebp - 0x394], esi
+sub eax, edx
+mov dword [ebp - 0x398], edx
+mov edx, dword [ebp - 0x350]
+mov edx, dword [edx]
+sub edx, dword [ecx]
+cmp eax, edx
+mov eax, dword [ebp - 0x3d4]
+jle short loc_fffbb7c4 ; jle 0xfffbb7c4
+mov esi, ecx
+mov ecx, dword [ebp - 0x398]
+mov dword [esi], ecx
+mov esi, dword [ebp - 0x350]
+mov ecx, dword [ebp - 0x394]
+mov dword [esi], ecx
+
+loc_fffbb7c4: ; not directly referenced
+inc ebx
+add edi, 0x10
+add dword [ebp - 0x368], 0x10
+add eax, 0x10
+add dword [ebp - 0x34c], 0x10
+add dword [ebp - 0x354], 0x10
+add dword [ebp - 0x350], 0x10
+cmp ebx, 2
+jne loc_fffbb619 ; jne 0xfffbb619
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x340]
+test byte [edi + 0x381a], al
+je short loc_fffbb821 ; je 0xfffbb821
+mov edx, 0x4194
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x4194
+and eax, 0x7fffffff
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbb821: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x340]
+test byte [edi + 0x4bdd], al
+je loc_fffbb25c ; je 0xfffbb25c
+mov edx, 0x4594
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x4594
+and eax, 0x7fffffff
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffbb25c ; jmp 0xfffbb25c
+
+loc_fffbb85b: ; not directly referenced
+mov eax, dword [ebp - 0x3d0]
+xor di, di
+mov ebx, dword [ebp - 0x3cc]
+mov dword [ebp - 0x340], eax
+
+loc_fffbb870: ; not directly referenced
+cmp dword [ebx], 2
+jne loc_fffbb992 ; jne 0xfffbb992
+mov al, byte [ebx + 0xc4]
+xor ecx, ecx
+mov byte [ebp - 0x350], 0
+mov byte [ebp - 0x34c], 0
+mov byte [ebp - 0x348], 0
+mov byte [ebp - 0x354], al
+lea eax, [ebp - 0x2a8]
+add eax, edi
+mov byte [ebp - 0x344], 0
+mov dword [ebp - 0x368], eax
+
+loc_fffbb8b1: ; not directly referenced
+mov edx, 1
+mov al, cl
+shl edx, cl
+test byte [ebp - 0x354], dl
+je short loc_fffbb926 ; je 0xfffbb926
+mov esi, dword [ebp - 0x368]
+lea edx, [ebp - 0x260]
+add edx, edi
+mov esi, dword [esi + ecx*4]
+mov dword [ebp - 0x33c], esi
+mov esi, dword [edx + ecx*4]
+sub esi, dword [ebp - 0x33c]
+je loc_fffbb9dc ; je 0xfffbb9dc
+mov dl, 0x40
+cmp esi, 0x10
+jle short loc_fffbb8f9 ; jle 0xfffbb8f9
+mov dl, byte [ebp - 0x33c]
+sar esi, 1
+add edx, esi
+
+loc_fffbb8f9: ; not directly referenced
+and edx, 0x7f
+cmp al, 2
+je short loc_fffbb918 ; je 0xfffbb918
+cmp al, 3
+je short loc_fffbb920 ; je 0xfffbb920
+dec al
+je short loc_fffbb910 ; je 0xfffbb910
+mov byte [ebp - 0x344], dl
+jmp short loc_fffbb926 ; jmp 0xfffbb926
+
+loc_fffbb910: ; not directly referenced
+mov byte [ebp - 0x348], dl
+jmp short loc_fffbb926 ; jmp 0xfffbb926
+
+loc_fffbb918: ; not directly referenced
+mov byte [ebp - 0x34c], dl
+jmp short loc_fffbb926 ; jmp 0xfffbb926
+
+loc_fffbb920: ; not directly referenced
+mov byte [ebp - 0x350], dl
+
+loc_fffbb926: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffbb8b1 ; jne 0xfffbb8b1
+mov ecx, dword [ebp - 0x350]
+mov eax, dword [ebp - 0x34c]
+mov edx, dword [ebp - 0x348]
+and ecx, 0x7f
+and eax, 0x7f
+shl eax, 0xe
+and edx, 0x7f
+shl ecx, 0x15
+or ecx, eax
+mov eax, dword [ebp - 0x344]
+shl edx, 7
+or ecx, edx
+mov edx, edi
+shl edx, 4
+and eax, 0x7f
+add edx, 0x180c
+or ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+push eax
+mov eax, dword [ebp + 8]
+push 0
+movzx eax, byte [eax + 0x2488]
+push eax
+mov eax, dword [ebp - 0x38c]
+push dword [ebp - 0x340]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbb992: ; not directly referenced
+add edi, 0x10
+add ebx, 0x13c3
+add dword [ebp - 0x340], 0xcc
+cmp edi, 0x20
+jne loc_fffbb870 ; jne 0xfffbb870
+push 2
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push 1
+push dword [ebp + 8]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x24
+push dword [ebp + 8]
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+jmp short loc_fffbb9fc ; jmp 0xfffbb9fc
+
+loc_fffbb9dc: ; not directly referenced
+mov eax, 6
+jmp short loc_fffbb9fc ; jmp 0xfffbb9fc
+
+loc_fffbb9e3: ; not directly referenced
+add dword [ebp - 0x34c], 8
+cmp dword [ebp - 0x34c], 0x20
+jne loc_fffbb334 ; jne 0xfffbb334
+jmp near loc_fffbb5bc ; jmp 0xfffbb5bc
+
+loc_fffbb9fc: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbba04: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2bc
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x5edc]
+mov dword [ebp - 0x294], eax
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x248d]
+mov byte [ebp - 0x2a0], al
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x1887]
+mov dword [ebp - 0x284], eax
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x247b]
+mov byte [ebp - 0x2a4], al
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x2480]
+mov byte [eax + 0x247b], 0
+xor eax, eax
+cmp edx, 3
+sete al
+cmp eax, 1
+mov dword [ebp - 0x27c], eax
+sbb eax, eax
+xor ebx, ebx
+and eax, 0xfffffc00
+add eax, 0x800
+cmp edx, 2
+sete bl
+mov dword [ebp - 0x280], ebx
+jne short loc_fffbba9d ; jne 0xfffbba9d
+mov esi, dword [ebp + 8]
+mov dx, 0x800
+cmp dword [esi + 0x36d7], 0x536
+cmovae eax, edx
+
+loc_fffbba9d: ; not directly referenced
+mov esi, dword [ebp + 8]
+mov ecx, 0xf4240
+xor edi, edi
+movzx edx, word [esi + 0x2489]
+imul eax, edx
+xor edx, edx
+add eax, 0xf423f
+div ecx
+mov dword [ebp - 0x274], eax
+mov eax, dword [ebp - 0x294]
+add eax, 0x1c
+mov dword [ebp - 0x2ac], eax
+mov esi, eax
+
+loc_fffbbad1: ; not directly referenced
+imul eax, edi, 0x13c3
+mov ecx, dword [ebp + 8]
+cmp dword [ecx + eax + 0x3756], 2
+je short loc_fffbbb0c ; je 0xfffbbb0c
+
+loc_fffbbae4: ; not directly referenced
+inc edi
+add esi, 0xcc
+cmp edi, 2
+jne short loc_fffbbad1 ; jne 0xfffbbad1
+imul eax, dword [ebp - 0x274], 0xf
+mov dword [ebp - 0x270], 0
+mov dword [ebp - 0x298], eax
+jmp near loc_fffbbbae ; jmp 0xfffbbbae
+
+loc_fffbbb0c: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, edi
+mov ebx, dword [esi]
+call fcn_fffa7288 ; call 0xfffa7288
+and ebx, 0xff0fffff
+or ebx, 0x200000
+mov ecx, ebx
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov byte [ebp - 0x270], 0
+
+loc_fffbbb3c: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov al, byte [ebp - 0x270]
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffbbae4 ; jae 0xfffbbae4
+movzx ecx, byte [ebp - 0x270]
+mov edx, dword [ebp - 0x27c]
+mov ebx, dword [esi + ecx*4 + 0x28]
+or ebx, 0x20
+and ebx, 0xffffffbf
+mov eax, ebx
+or eax, 0x40000
+test edx, edx
+cmovne ebx, eax
+cmp dword [ebp - 0x280], 0
+je short loc_fffbbb90 ; je 0xfffbbb90
+mov edx, dword [ebp + 8]
+mov eax, ebx
+or eax, 0x40000
+cmp dword [edx + 0x36d7], 0x536
+cmovae ebx, eax
+
+loc_fffbbb90: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, edi
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, ebx
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x270]
+jmp short loc_fffbbb3c ; jmp 0xfffbbb3c
+
+loc_fffbbbae: ; not directly referenced
+mov cl, byte [ebp - 0x270]
+mov eax, 1
+mov esi, eax
+shl esi, cl
+mov ebx, esi
+mov dword [ebp - 0x278], esi
+mov byte [ebp - 0x28c], bl
+test byte [ebp - 0x2a0], bl
+jne short loc_fffbbbef ; jne 0xfffbbbef
+
+loc_fffbbbd3: ; not directly referenced
+inc dword [ebp - 0x270]
+cmp dword [ebp - 0x270], 4
+jne short loc_fffbbbae ; jne 0xfffbbbae
+mov esi, dword [ebp - 0x2ac]
+xor ebx, ebx
+jmp near loc_fffbc378 ; jmp 0xfffbc378
+
+loc_fffbbbef: ; not directly referenced
+mov esi, dword [ebp - 0x270]
+lea ecx, [esi + 2]
+mov edx, esi
+and ecx, 2
+shl eax, cl
+or eax, dword [ebp - 0x278]
+shr dl, 1
+movzx edx, dl
+mov byte [ebp - 0x29c], al
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x2a8], edx
+add eax, 0x3816
+mov dword [ebp - 0x274], eax
+imul eax, edx, 0x128
+mov edi, eax
+mov dword [ebp - 0x2b0], eax
+mov eax, esi
+mov esi, dword [ebp + 8]
+and eax, 1
+imul eax, eax, 0x18
+add eax, edi
+lea edi, [esi + eax + 0x49c3]
+xor esi, esi
+mov dword [ebp - 0x2b4], eax
+
+loc_fffbbc4e: ; not directly referenced
+mov ebx, dword [ebp - 0x278]
+mov ecx, dword [ebp - 0x274]
+mov byte [ebp - 0x290], bl
+test byte [ecx + 4], bl
+je loc_fffbbe21 ; je 0xfffbbe21
+cmp dword [ebp - 0x27c], 0
+je short loc_fffbbc96 ; je 0xfffbbc96
+push ecx
+mov ecx, dword [ebp - 0x270]
+mov edx, esi
+push 0
+mov ax, word [edi + 2]
+or al, 0x80
+movzx eax, ax
+push eax
+mov eax, dword [ebp + 8]
+push 2
+call fcn_fffaa505 ; call 0xfffaa505
+jmp near loc_fffbbda7 ; jmp 0xfffbbda7
+
+loc_fffbbc96: ; not directly referenced
+cmp dword [ebp - 0x280], 0
+je short loc_fffbbcfc ; je 0xfffbbcfc
+mov eax, dword [ebp + 8]
+mov edx, esi
+call fcn_fffa6c42 ; call 0xfffa6c42
+test eax, eax
+je loc_fffbccb7 ; je 0xfffbccb7
+movzx ecx, byte [eax]
+sub esp, 0xc
+mov ax, word [edi + 8]
+mov edx, dword [ebp + 8]
+push eax
+lea eax, [ebp - 0x26a]
+call fcn_fffa6cab ; call 0xfffa6cab
+mov ebx, dword [ebp - 0x278]
+pop eax
+movzx eax, word [ebp - 0x26a]
+pop edx
+mov edx, esi
+mov ecx, ebx
+push eax
+mov eax, dword [ebp + 8]
+push 5
+call fcn_fffafd52 ; call 0xfffafd52
+mov ax, word [edi]
+pop ecx
+mov ecx, ebx
+pop edx
+or al, 0x80
+movzx eax, ax
+push eax
+push 1
+jmp near loc_fffbbd9d ; jmp 0xfffbbd9d
+
+loc_fffbbcfc: ; not directly referenced
+mov ecx, dword [ebp - 0x2a8]
+mov edx, esi
+mov eax, dword [ebp + 8]
+mov bx, word [edi]
+call fcn_fffa69ea ; call 0xfffa69ea
+or bl, 0x80
+mov dword [ebp - 0x288], eax
+test eax, eax
+je loc_fffbccb7 ; je 0xfffbccb7
+mov eax, dword [ebp - 0x284]
+cmp eax, 0x306d0
+sete dl
+cmp eax, 0x40650
+sete al
+or dl, al
+je short loc_fffbbd5f ; je 0xfffbbd5f
+mov eax, dword [ebp - 0x288]
+sub esp, 0xc
+mov edx, dword [ebp + 8]
+movzx ecx, byte [eax]
+lea eax, [ebp - 0x26a]
+push ebx
+call fcn_fffa6bd1 ; call 0xfffa6bd1
+mov bx, word [ebp - 0x26a]
+add esp, 0x10
+
+loc_fffbbd5f: ; not directly referenced
+mov eax, dword [ebp - 0x274]
+cmp dword [eax], 2
+jne short loc_fffbbd8f ; jne 0xfffbbd8f
+mov eax, dword [ebp - 0x288]
+sub esp, 0xc
+mov edx, dword [ebp + 8]
+movzx ecx, byte [eax]
+lea eax, [ebp - 0x26a]
+push ebx
+call fcn_fffa6bd1 ; call 0xfffa6bd1
+mov bx, word [ebp - 0x26a]
+add esp, 0x10
+
+loc_fffbbd8f: ; not directly referenced
+mov ecx, dword [ebp - 0x278]
+movzx ebx, bx
+push eax
+push eax
+push ebx
+push 1
+
+loc_fffbbd9d: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, esi
+call fcn_fffafd52 ; call 0xfffafd52
+
+loc_fffbbda7: ; not directly referenced
+mov eax, dword [ebp - 0x274]
+add esp, 0x10
+mov bl, byte [ebp - 0x28c]
+cmp dword [eax], 2
+mov al, byte [ebp - 0x29c]
+cmove ebx, eax
+xor ecx, ecx
+cmp dword [ebp - 0x27c], 0
+je short loc_fffbbdd4 ; je 0xfffbbdd4
+mov ecx, 0x10001
+jmp short loc_fffbbe05 ; jmp 0xfffbbe05
+
+loc_fffbbdd4: ; not directly referenced
+mov eax, dword [ebp - 0x284]
+cmp eax, 0x40660
+sete dl
+cmp eax, 0x306c0
+sete al
+or dl, al
+jne short loc_fffbbdfa ; jne 0xfffbbdfa
+cmp dword [ebp - 0x284], 0x40670
+jne short loc_fffbbe05 ; jne 0xfffbbe05
+
+loc_fffbbdfa: ; not directly referenced
+mov ecx, ebx
+and ecx, 0xf
+shl ecx, 0x10
+or ecx, 0xf
+
+loc_fffbbe05: ; not directly referenced
+cmp dword [ebp - 0x280], 0
+jne short loc_fffbbe21 ; jne 0xfffbbe21
+mov eax, dword [ebp + 8]
+mov edx, esi
+shl edx, 0xa
+add edx, 0x4194
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbbe21: ; not directly referenced
+inc esi
+add edi, 0x13c3
+add dword [ebp - 0x274], 0x13c3
+cmp esi, 2
+jne loc_fffbbc4e ; jne 0xfffbbc4e
+mov eax, dword [ebp - 0x270]
+mov si, 0xc0
+and eax, 3
+mov dword [ebp - 0x29c], eax
+shl dword [ebp - 0x29c], 0x16
+
+loc_fffbbe55: ; not directly referenced
+mov dword [ebp - 0x274], 0
+
+loc_fffbbe5f: ; not directly referenced
+imul eax, dword [ebp - 0x274], 0x13c3
+mov edi, dword [ebp + 8]
+mov bl, byte [ebp - 0x290]
+test byte [edi + eax + 0x381a], bl
+jne short loc_fffbbe8f ; jne 0xfffbbe8f
+
+loc_fffbbe7b: ; not directly referenced
+inc dword [ebp - 0x274]
+cmp dword [ebp - 0x274], 2
+jne short loc_fffbbe5f ; jne 0xfffbbe5f
+jmp near loc_fffbbf14 ; jmp 0xfffbbf14
+
+loc_fffbbe8f: ; not directly referenced
+imul eax, dword [ebp - 0x274], 0xcc
+mov edi, dword [ebp - 0x294]
+mov byte [ebp - 0x288], 0
+mov ebx, dword [edi + eax + 0x1c]
+and ebx, 0xff0fff7d
+or ebx, 0x200082
+or ebx, dword [ebp - 0x29c]
+
+loc_fffbbebc: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x288]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffbbe7b ; jae 0xfffbbe7b
+movzx edi, byte [ebp - 0x288]
+mov ecx, dword [ebp - 0x270]
+push eax
+mov edx, dword [ebp - 0x274]
+mov eax, dword [ebp + 8]
+push esi
+push 1
+push edi
+call fcn_fffa73b0 ; call 0xfffa73b0
+mov edx, dword [ebp - 0x274]
+mov ecx, edi
+mov eax, dword [ebp + 8]
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, ebx
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+inc byte [ebp - 0x288]
+jmp short loc_fffbbebc ; jmp 0xfffbbebc
+
+loc_fffbbf14: ; not directly referenced
+mov word [ebp - 0x2a8], si
+cmp si, 0xc0
+jne short loc_fffbbf30 ; jne 0xfffbbf30
+mov edx, dword [ebp - 0x298]
+mov eax, dword [ebp + 8]
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffbbf30: ; not directly referenced
+mov eax, dword [ebp + 8]
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov eax, dword [ebp + 8]
+mov edx, dword [ebp - 0x298]
+call fcn_fffa834b ; call 0xfffa834b
+lea eax, [esi - 2]
+mov dword [ebp - 0x274], 0
+mov dword [ebp - 0x28c], eax
+
+loc_fffbbf59: ; not directly referenced
+imul eax, dword [ebp - 0x274], 0x13c3
+mov edi, dword [ebp + 8]
+mov bl, byte [ebp - 0x290]
+test byte [edi + eax + 0x381a], bl
+je loc_fffbc02a ; je 0xfffbc02a
+mov byte [ebp - 0x288], 0
+imul edi, dword [ebp - 0x274], 9
+jmp near loc_fffbc015 ; jmp 0xfffbc015
+
+loc_fffbbf8c: ; not directly referenced
+movzx ebx, byte [ebp - 0x288]
+mov edx, dword [ebp - 0x274]
+mov eax, dword [ebp + 8]
+mov ecx, ebx
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+and eax, 0x1ff
+cmp eax, 0xf
+setg al
+cmp word [ebp - 0x2a8], 0xc0
+movzx eax, al
+jne loc_fffbc083 ; jne 0xfffbc083
+add ebx, edi
+test eax, eax
+je short loc_fffbc042 ; je 0xfffbc042
+mov dword [ebp + ebx*4 - 0x180], 0xc0
+mov dword [ebp + ebx*4 - 0x1c8], 0xc0
+mov dword [ebp + ebx*4 - 0xf0], 0xc0
+mov dword [ebp + ebx*4 - 0x138], 0xc0
+mov dword [ebp + ebx*4 - 0x60], 0xc0
+mov dword [ebp + ebx*4 - 0xa8], 0xc0
+
+loc_fffbc00f: ; not directly referenced
+inc byte [ebp - 0x288]
+
+loc_fffbc015: ; not directly referenced
+mov ebx, dword [ebp + 8]
+mov al, byte [ebp - 0x288]
+cmp al, byte [ebx + 0x2488]
+jb loc_fffbbf8c ; jb 0xfffbbf8c
+
+loc_fffbc02a: ; not directly referenced
+inc dword [ebp - 0x274]
+cmp dword [ebp - 0x274], 2
+jne loc_fffbbf59 ; jne 0xfffbbf59
+jmp near loc_fffbc12e ; jmp 0xfffbc12e
+
+loc_fffbc042: ; not directly referenced
+mov dword [ebp + ebx*4 - 0x180], 0xfffffffe
+mov dword [ebp + ebx*4 - 0x1c8], 0xfffffffe
+mov dword [ebp + ebx*4 - 0xf0], 0xfffffffe
+mov dword [ebp + ebx*4 - 0x138], 0xfffffffe
+mov dword [ebp + ebx*4 - 0x60], 0xfffffffe
+mov dword [ebp + ebx*4 - 0xa8], 0xfffffffe
+jmp short loc_fffbc00f ; jmp 0xfffbc00f
+
+loc_fffbc083: ; not directly referenced
+test eax, eax
+je short loc_fffbc00f ; je 0xfffbc00f
+lea eax, [edi + ebx]
+mov ecx, dword [ebp - 0x28c]
+cmp dword [ebp + eax*4 - 0x180], ecx
+jne short loc_fffbc0a0 ; jne 0xfffbc0a0
+mov dword [ebp + eax*4 - 0x180], esi
+
+loc_fffbc0a0: ; not directly referenced
+lea eax, [edi + ebx]
+mov ecx, dword [ebp - 0x28c]
+cmp dword [ebp + eax*4 - 0xf0], ecx
+mov dword [ebp + eax*4 - 0xf0], esi
+je short loc_fffbc0c0 ; je 0xfffbc0c0
+mov dword [ebp + eax*4 - 0x138], esi
+
+loc_fffbc0c0: ; not directly referenced
+cmp esi, 0x13e
+jne short loc_fffbc0ec ; jne 0xfffbc0ec
+lea eax, [edi + ebx]
+cmp dword [ebp + eax*4 - 0x1c8], 0xc0
+jne short loc_fffbc0ec ; jne 0xfffbc0ec
+mov ecx, dword [ebp + eax*4 - 0x180]
+lea edx, [ecx + 0x80]
+mov dword [ebp + eax*4 - 0xf0], edx
+
+loc_fffbc0ec: ; not directly referenced
+lea ecx, [edi + ebx]
+mov edx, dword [ebp + ecx*4 - 0xf0]
+mov ebx, dword [ebp + ecx*4 - 0x138]
+mov eax, edx
+sub eax, ebx
+mov dword [ebp - 0x2b8], eax
+mov eax, dword [ebp + ecx*4 - 0x60]
+sub eax, dword [ebp + ecx*4 - 0xa8]
+cmp dword [ebp - 0x2b8], eax
+jle loc_fffbc00f ; jle 0xfffbc00f
+mov dword [ebp + ecx*4 - 0xa8], ebx
+mov dword [ebp + ecx*4 - 0x60], edx
+jmp near loc_fffbc00f ; jmp 0xfffbc00f
+
+loc_fffbc12e: ; not directly referenced
+add esi, 2
+cmp esi, 0x140
+jne loc_fffbbe55 ; jne 0xfffbbe55
+mov eax, dword [ebp + 8]
+mov esi, dword [ebp - 0x2b4]
+mov dword [ebp - 0x274], 0
+add eax, 0x3756
+mov dword [ebp - 0x28c], eax
+mov eax, dword [ebp + 8]
+lea eax, [eax + esi + 0x49cb]
+mov dword [ebp - 0x288], eax
+imul eax, dword [ebp - 0x270], 9
+mov dword [ebp - 0x2a8], eax
+
+loc_fffbc178: ; not directly referenced
+mov esi, dword [ebp - 0x28c]
+mov al, byte [ebp - 0x290]
+test byte [esi + 0xc4], al
+jne short loc_fffbc1b5 ; jne 0xfffbc1b5
+
+loc_fffbc18c: ; not directly referenced
+inc dword [ebp - 0x274]
+add dword [ebp - 0x28c], 0x13c3
+add dword [ebp - 0x288], 0x13c3
+cmp dword [ebp - 0x274], 2
+je loc_fffbbbd3 ; je 0xfffbbbd3
+jmp short loc_fffbc178 ; jmp 0xfffbc178
+
+loc_fffbc1b5: ; not directly referenced
+mov eax, dword [ebp - 0x28c]
+xor ecx, ecx
+mov esi, dword [ebp - 0x2b0]
+mov edx, dword [ebp - 0x274]
+mov al, byte [eax + esi + 0x1264]
+shl edx, 0xa
+add edx, 0x4194
+mov byte [ebp - 0x29c], al
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x27c], 0
+je short loc_fffbc216 ; je 0xfffbc216
+push eax
+mov eax, dword [ebp - 0x288]
+push 0
+mov ecx, dword [ebp - 0x270]
+mov edx, dword [ebp - 0x274]
+movzx eax, word [eax - 6]
+push eax
+mov eax, dword [ebp + 8]
+push 2
+call fcn_fffaa505 ; call 0xfffaa505
+jmp short loc_fffbc239 ; jmp 0xfffbc239
+
+loc_fffbc216: ; not directly referenced
+push eax
+mov ecx, dword [ebp - 0x278]
+push eax
+mov eax, dword [ebp - 0x288]
+mov edx, dword [ebp - 0x274]
+movzx eax, word [eax - 8]
+push eax
+mov eax, dword [ebp + 8]
+push 1
+call fcn_fffafd52 ; call 0xfffafd52
+
+loc_fffbc239: ; not directly referenced
+add esp, 0x10
+cmp dword [ebp - 0x280], 0
+je short loc_fffbc26a ; je 0xfffbc26a
+push eax
+mov ecx, dword [ebp - 0x278]
+push eax
+mov eax, dword [ebp - 0x288]
+mov edx, dword [ebp - 0x274]
+movzx eax, word [eax]
+push eax
+mov eax, dword [ebp + 8]
+push 5
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+
+loc_fffbc26a: ; not directly referenced
+imul esi, dword [ebp - 0x274], 9
+xor ebx, ebx
+
+loc_fffbc273: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp bl, byte [eax + 0x2488]
+jae loc_fffbc18c ; jae 0xfffbc18c
+movzx eax, bl
+lea ecx, [esi + eax]
+mov edx, dword [ebp + ecx*4 - 0xa8]
+mov ecx, dword [ebp + ecx*4 - 0x60]
+sub ecx, edx
+sub ecx, 0x21
+cmp ecx, 0x3e
+jbe short loc_fffbc2ad ; jbe 0xfffbc2ad
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x1965], 0
+jne loc_fffbccc1 ; jne 0xfffbccc1
+
+loc_fffbc2ad: ; not directly referenced
+cmp byte [ebp - 0x29c], 0x10
+jne short loc_fffbc303 ; jne 0xfffbc303
+test bl, 1
+je short loc_fffbc303 ; je 0xfffbc303
+lea ecx, [ebx - 1]
+movzx ecx, cl
+lea edi, [esi + ecx]
+mov edi, dword [ebp + edi*4 - 0xa8]
+add edi, 0x40
+cmp edx, edi
+jle short loc_fffbc2df ; jle 0xfffbc2df
+lea edi, [esi + eax]
+add edx, 0xffffff80
+mov dword [ebp + edi*4 - 0xa8], edx
+
+loc_fffbc2df: ; not directly referenced
+add ecx, esi
+lea edx, [esi + eax]
+mov ecx, dword [ebp + ecx*4 - 0xa8]
+mov edi, dword [ebp + edx*4 - 0xa8]
+sub ecx, 0x40
+cmp edi, ecx
+jge short loc_fffbc303 ; jge 0xfffbc303
+sub edi, 0xffffff80
+mov dword [ebp + edx*4 - 0xa8], edi
+
+loc_fffbc303: ; not directly referenced
+cmp dword [ebp - 0x284], 0x40650
+jne short loc_fffbc31a ; jne 0xfffbc31a
+lea edx, [esi + eax]
+add dword [ebp + edx*4 - 0xa8], 0x40
+
+loc_fffbc31a: ; not directly referenced
+lea edx, [esi + eax]
+mov ecx, dword [ebp + edx*4 - 0xa8]
+movzx edx, bl
+inc ebx
+add edx, dword [ebp - 0x2a8]
+add edx, edx
+add edx, dword [ebp - 0x28c]
+mov word [edx + 0x121], cx
+add ecx, 0x20
+mov word [edx + 0x169], cx
+mov ecx, dword [ebp - 0x270]
+push edi
+mov edx, dword [ebp - 0x274]
+push 0
+push 0xff
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa73b0 ; call 0xfffa73b0
+add esp, 0x10
+jmp near loc_fffbc273 ; jmp 0xfffbc273
+
+loc_fffbc36c: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+je short loc_fffbc3e7 ; je 0xfffbc3e7
+
+loc_fffbc378: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffbc36c ; jne 0xfffbc36c
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [esi]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov byte [ebp - 0x270], 0
+
+loc_fffbc3ad: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x270]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffbc36c ; jae 0xfffbc36c
+movzx edi, byte [ebp - 0x270]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+mov ecx, edi
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [esi + edi*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x270]
+jmp short loc_fffbc3ad ; jmp 0xfffbc3ad
+
+loc_fffbc3e7: ; not directly referenced
+cmp dword [ebp - 0x27c], 0
+je loc_fffbc568 ; je 0xfffbc568
+
+loc_fffbc3f4: ; not directly referenced
+mov esi, dword [ebp + 8]
+lea edi, [ebp - 0x1f4]
+mov ecx, 0xb
+mov al, byte [ebp - 0x2a4]
+mov byte [ebp - 0x25f], 0
+mov byte [ebp - 0x25e], 1
+mov byte [ebp - 0x25d], 0xff
+mov byte [esi + 0x247b], al
+xor eax, eax
+mov esi, ref_fffd58d8 ; mov esi, 0xfffd58d8
+rep stosd ; rep stosd dword es:[edi], eax
+lea edi, [ebp - 0x25a]
+mov eax, dword [ebp + 8]
+mov word [ebp - 0x1e6], 0x3ff
+mov word [ebp - 0x1ca], 1
+mov byte [ebp - 0x25c], 2
+mov ebx, dword [eax + 0x2443]
+lea eax, [ebp - 0x243]
+mov byte [ebp - 0x25b], 3
+mov cl, 7
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+lea edi, [ebp - 0x253]
+mov esi, ref_fffd58e0 ; mov esi, 0xfffd58e0
+mov byte [ebp - 0x243], 0
+mov byte [ebp - 0x242], 0
+mov byte [ebp - 0x241], 1
+mov byte [ebp - 0x240], 1
+mov byte [ebp - 0x23f], 1
+mov cl, 7
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+lea edi, [ebp - 0x220]
+mov esi, ref_fffd58e8 ; mov esi, 0xfffd58e8
+mov byte [ebp - 0x23e], 1
+mov byte [ebp - 0x23d], 0
+mov byte [ebp - 0x23c], 0
+mov byte [ebp - 0x23b], 0
+mov byte [ebp - 0x23a], 0xff
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x214]
+mov esi, ref_fffd58f4 ; mov esi, 0xfffd58f4
+mov byte [ebp - 0x239], 0xff
+mov byte [ebp - 0x238], 0
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x233]
+mov byte [ebp - 0x237], 0xc3
+mov byte [ebp - 0x236], 0x3c
+mov byte [ebp - 0x235], 0x3c
+mov byte [ebp - 0x234], 0xc3
+mov word [ebp - 0x22b], 1
+push esi
+push 8
+push eax
+push edi
+lea esi, [ebp - 0x23b]
+mov dword [ebp - 0x229], 0
+mov dword [ebp - 0x225], 3
+mov byte [ebp - 0x221], 0
+call dword [ebx + 0x58] ; ucall
+add esp, 0xc
+push 0
+push 8
+lea eax, [ebp - 0x24c]
+push eax
+call dword [ebx + 0x5c] ; ucall
+mov eax, dword [ebp + 8]
+add esp, 0x10
+cmp dword [eax + 0x2480], 3
+sete al
+xor ebx, ebx
+movzx eax, al
+mov dword [ebp - 0x2a4], eax
+jmp short loc_fffbc58d ; jmp 0xfffbc58d
+
+loc_fffbc568: ; not directly referenced
+cmp dword [ebp - 0x280], 0
+mov eax, dword [ebp + 8]
+je short loc_fffbc57b ; je 0xfffbc57b
+call fcn_fffac67c ; call 0xfffac67c
+jmp short loc_fffbc580 ; jmp 0xfffbc580
+
+loc_fffbc57b: ; not directly referenced
+call fcn_fffb1a87 ; call 0xfffb1a87
+
+loc_fffbc580: ; not directly referenced
+test eax, eax
+je loc_fffbc3f4 ; je 0xfffbc3f4
+jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5
+
+loc_fffbc58d: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, esi
+add esi, 2
+push ecx
+push ecx
+mov ecx, edi
+push ebx
+inc ebx
+push 8
+call fcn_fffa81d3 ; call 0xfffa81d3
+add esp, 0x10
+cmp ebx, 4
+jne short loc_fffbc58d ; jne 0xfffbc58d
+mov eax, dword [ebp + 8]
+lea edx, [ebp - 0x220]
+call fcn_fffa665e ; call 0xfffa665e
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x248d]
+mov byte [ebp - 0x2b8], al
+mov eax, dword [ebp + 8]
+movzx ecx, byte [eax + 0x2488]
+mov eax, 1
+shl eax, cl
+xor ecx, ecx
+dec eax
+mov word [ebp - 0x2a8], ax
+mov eax, dword [ebp + 8]
+movzx edx, byte [eax + 0x248e]
+lea eax, [ebp - 0x22b]
+push 0
+push 0
+push 0
+push eax
+push 0
+lea eax, [ebp - 0x1f4]
+push eax
+mov eax, dword [ebp + 8]
+push 4
+push 2
+call fcn_fffb20e5 ; call 0xfffb20e5
+mov eax, dword [ebp + 8]
+add esp, 0x20
+cmp dword [eax + 0x3756], 2
+jne short loc_fffbc62c ; jne 0xfffbc62c
+mov ecx, 0x8049
+mov edx, 0x4040
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbc62c: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+jne short loc_fffbc647 ; jne 0xfffbc647
+mov ecx, 0x8049
+mov edx, 0x4440
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbc647: ; not directly referenced
+mov eax, dword [ebp + 8]
+lea esi, [ebp - 0x24c]
+mov dword [ebp - 0x278], 0
+add eax, 0x3756
+mov dword [ebp - 0x2ac], eax
+mov dword [ebp - 0x2b0], eax
+
+loc_fffbc66b: ; not directly referenced
+mov cl, byte [ebp - 0x278]
+xor edx, edx
+mov dword [ebp - 0x27c], 1
+mov eax, dword [ebp + 8]
+shl dword [ebp - 0x27c], cl
+mov edi, dword [ebp - 0x27c]
+mov ecx, edi
+call fcn_fffaac43 ; call 0xfffaac43
+mov ecx, edi
+mov edx, 1
+mov byte [ebp - 0x266], 0
+mov word [ebp - 0x264], 0
+mov bl, al
+mov eax, dword [ebp + 8]
+call fcn_fffaac43 ; call 0xfffaac43
+mov byte [ebp - 0x265], 0
+mov word [ebp - 0x262], 0
+or eax, ebx
+mov ebx, edi
+test byte [ebp - 0x2b8], bl
+je loc_fffbc971 ; je 0xfffbc971
+mov edx, dword [ebp - 0x278]
+movzx eax, al
+mov dword [ebp - 0x274], 3
+mov dword [ebp - 0x290], 2
+mov dword [ebp - 0x2bc], eax
+mov edi, edx
+add edi, edx
+mov ecx, edi
+mov dword [ebp - 0x2b4], edi
+lea edi, [ebp - 0x25f]
+mov dword [ebp - 0x284], edi
+mov edi, edx
+and edx, 1
+imul ebx, edx, 0x18
+mov edx, edi
+shr dl, 1
+movzx edx, dl
+shl dword [ebp - 0x274], cl
+not dword [ebp - 0x274]
+shl dword [ebp - 0x290], cl
+lea edi, [edi + edi*8]
+mov dword [ebp - 0x29c], ebx
+imul ebx, edx, 0x128
+mov dword [ebp - 0x28c], edi
+mov dword [ebp - 0x298], ebx
+
+loc_fffbc74b: ; not directly referenced
+mov eax, dword [ebp - 0x2ac]
+xor ebx, ebx
+mov dword [ebp - 0x280], eax
+
+loc_fffbc759: ; not directly referenced
+mov edi, dword [ebp - 0x280]
+mov al, byte [ebp - 0x27c]
+test byte [edi + 0xc4], al
+jne loc_fffbc9df ; jne 0xfffbc9df
+
+loc_fffbc771: ; not directly referenced
+inc ebx
+add dword [ebp - 0x280], 0x13c3
+cmp ebx, 2
+jne short loc_fffbc759 ; jne 0xfffbc759
+mov al, byte [ebp - 0x27c]
+cmp dword [ebp - 0x2a4], 0
+mov byte [ebp - 0x294], al
+jne short loc_fffbc800 ; jne 0xfffbc800
+mov eax, dword [ebp + 8]
+xor bl, bl
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov eax, dword [ebp + 8]
+lea edi, [eax + 0x381a]
+
+loc_fffbc7a9: ; not directly referenced
+mov al, byte [ebp - 0x294]
+test byte [edi], al
+je short loc_fffbc7e7 ; je 0xfffbc7e7
+push eax
+mov ecx, dword [ebp - 0x298]
+mov edx, ebx
+push eax
+mov eax, dword [ebp - 0x29c]
+add eax, edi
+mov ax, word [eax + ecx + 0x11a7]
+mov ecx, dword [ebp - 0x27c]
+or ah, 1
+movzx eax, ax
+push eax
+mov eax, dword [ebp + 8]
+push 0
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+
+loc_fffbc7e7: ; not directly referenced
+inc ebx
+add edi, 0x13c3
+cmp ebx, 2
+jne short loc_fffbc7a9 ; jne 0xfffbc7a9
+mov eax, dword [ebp + 8]
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffbc800: ; not directly referenced
+lea edi, [ebp - 0x253]
+
+loc_fffbc806: ; not directly referenced
+push 0
+xor ebx, ebx
+push 0
+push 0
+push 0
+push 0
+push dword [ebp - 0x278]
+push 0
+push 1
+push 0
+movsx eax, byte [edi]
+push eax
+push 2
+push dword [ebp + 8]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x2c
+mov edx, dword [ebp - 0x2bc]
+push 0
+xor ecx, ecx
+push 1
+lea eax, [ebp - 0x25a]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb0f94 ; call 0xfffb0f94
+lea eax, [ebp - 0x206]
+add esp, 0x10
+mov dword [ebp - 0x288], eax
+mov dword [ebp - 0x280], 1
+
+loc_fffbc863: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edx, dword [ebp + 8]
+mov cl, byte [ebp - 0x294]
+test byte [edx + eax + 0x381a], cl
+je short loc_fffbc8e7 ; je 0xfffbc8e7
+mov eax, dword [ebp + 8]
+mov edx, ebx
+shl edx, 0xa
+add edx, 0x40ec
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp + 8]
+and eax, dword [ebp - 0x2a8]
+mov cl, byte [ecx + 0x2488]
+mov word [ebp - 0x270], ax
+mov ax, word [ebp + ebx*2 - 0x264]
+or word [ebp - 0x270], ax
+mov byte [ebp - 0x2a0], cl
+xor ecx, ecx
+
+loc_fffbc8bb: ; not directly referenced
+cmp byte [ebp - 0x2a0], cl
+ja loc_fffbcb02 ; ja 0xfffbcb02
+mov eax, dword [ebp - 0x2a8]
+cmp word [ebp + ebx*2 - 0x264], ax
+mov eax, 0
+cmove eax, dword [ebp - 0x280]
+mov dword [ebp - 0x280], eax
+
+loc_fffbc8e7: ; not directly referenced
+inc ebx
+add dword [ebp - 0x288], 9
+cmp ebx, 2
+jne loc_fffbc863 ; jne 0xfffbc863
+cmp dword [ebp - 0x280], 1
+jne loc_fffbcb38 ; jne 0xfffbcb38
+
+loc_fffbc905: ; not directly referenced
+lea eax, [ebp - 0x206]
+xor edi, edi
+mov dword [ebp - 0x2a0], eax
+mov eax, dword [ebp - 0x2b0]
+mov dword [ebp - 0x28c], eax
+mov eax, dword [ebp - 0x2ac]
+mov dword [ebp - 0x288], eax
+imul eax, dword [ebp - 0x278], 9
+mov dword [ebp - 0x2c8], eax
+
+loc_fffbc938: ; not directly referenced
+mov ebx, dword [ebp - 0x288]
+mov al, byte [ebp - 0x294]
+test byte [ebx + 0xc4], al
+jne loc_fffbcb68 ; jne 0xfffbcb68
+
+loc_fffbc950: ; not directly referenced
+inc edi
+add dword [ebp - 0x288], 0x13c3
+add dword [ebp - 0x28c], 0x13c3
+add dword [ebp - 0x2a0], 9
+cmp edi, 2
+jne short loc_fffbc938 ; jne 0xfffbc938
+
+loc_fffbc971: ; not directly referenced
+inc dword [ebp - 0x278]
+add dword [ebp - 0x2b0], 0x12
+cmp dword [ebp - 0x278], 4
+jne loc_fffbc66b ; jne 0xfffbc66b
+push eax
+mov ecx, 0x1010101
+push eax
+mov eax, dword [ebp + 8]
+xor edx, edx
+push 0
+push 8
+call fcn_fffa7fde ; call 0xfffa7fde
+mov eax, dword [ebp + 8]
+lea edx, [ebp - 0x214]
+call fcn_fffa665e ; call 0xfffa665e
+mov eax, dword [ebp + 8]
+add esp, 0x10
+mov edx, 0x3670
+cmp dword [eax + 0x188b], 1
+mov eax, 0x367c
+cmove edx, eax
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+call fcn_fffb0e8a ; call 0xfffb0e8a
+jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5
+
+loc_fffbc9df: ; not directly referenced
+mov eax, dword [ebp - 0x284]
+movsx eax, byte [eax]
+cmp al, 2
+jle short loc_fffbca0d ; jle 0xfffbca0d
+mov edx, dword [ebp - 0x274]
+sub eax, 2
+and edx, dword [esi + ebx*4]
+or edx, dword [ebp - 0x290]
+shl eax, 7
+mov word [ebp - 0x270], ax
+mov dword [esi + ebx*4], edx
+jmp short loc_fffbca4a ; jmp 0xfffbca4a
+
+loc_fffbca0d: ; not directly referenced
+test al, al
+jns short loc_fffbca2b ; jns 0xfffbca2b
+mov edi, dword [ebp - 0x274]
+mov word [ebp - 0x270], ax
+and dword [esi + ebx*4], edi
+shl word [ebp - 0x270], 7
+jmp short loc_fffbca4a ; jmp 0xfffbca4a
+
+loc_fffbca2b: ; not directly referenced
+mov cl, byte [ebp - 0x2b4]
+mov edx, dword [ebp - 0x274]
+and edx, dword [esi + ebx*4]
+mov word [ebp - 0x270], 0
+shl eax, cl
+or edx, eax
+mov dword [esi + ebx*4], edx
+
+loc_fffbca4a: ; not directly referenced
+mov eax, dword [ebp - 0x280]
+add eax, dword [ebp - 0x28c]
+mov byte [ebp - 0x288], 0
+mov dword [ebp - 0x294], eax
+
+loc_fffbca63: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov al, byte [ebp - 0x288]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffbcae8 ; jae 0xfffbcae8
+movzx ecx, byte [ebp - 0x288]
+mov eax, dword [ebp - 0x28c]
+mov edi, dword [ebp - 0x280]
+mov edx, dword [ebp - 0x294]
+lea eax, [ecx + eax + 0x90]
+movzx edi, word [edi + eax*2 + 1]
+movsx eax, word [ebp - 0x270]
+movzx edx, byte [ecx + edx + 0x24d]
+add edi, eax
+lea eax, [edi + 0x20]
+and edi, 0x1ff
+and eax, 0x1ff
+and edx, 0x3f
+shl edi, 9
+shl edx, 0x14
+or eax, edi
+or eax, edx
+push edx
+mov edx, ebx
+push eax
+mov eax, dword [ebp + 8]
+push 3
+push ecx
+mov ecx, dword [ebp - 0x278]
+call fcn_fffa73b0 ; call 0xfffa73b0
+add esp, 0x10
+inc byte [ebp - 0x288]
+jmp near loc_fffbca63 ; jmp 0xfffbca63
+
+loc_fffbcae8: ; not directly referenced
+mov ecx, dword [esi + ebx*4]
+mov edx, ebx
+mov eax, edi
+shl edx, 0xa
+add edx, 0x40d0
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffbc771 ; jmp 0xfffbc771
+
+loc_fffbcb02: ; not directly referenced
+mov edx, 1
+shl edx, cl
+test word [ebp - 0x270], dx
+jne short loc_fffbcb32 ; jne 0xfffbcb32
+or word [ebp + ebx*2 - 0x264], dx
+mov edx, dword [ebp - 0x284]
+mov eax, dword [ebp - 0x288]
+mov dl, byte [edx]
+add byte [ebp + ebx - 0x266], dl
+mov byte [eax + ecx], dl
+
+loc_fffbcb32: ; not directly referenced
+inc ecx
+jmp near loc_fffbc8bb ; jmp 0xfffbc8bb
+
+loc_fffbcb38: ; not directly referenced
+inc edi
+cmp edi, esi
+jne loc_fffbc806 ; jne 0xfffbc806
+inc dword [ebp - 0x284]
+lea eax, [ebp - 0x25a]
+cmp dword [ebp - 0x284], eax
+jne loc_fffbc74b ; jne 0xfffbc74b
+mov dword [ebp - 0x280], 0
+jmp near loc_fffbc905 ; jmp 0xfffbc905
+
+loc_fffbcb68: ; not directly referenced
+cmp dword [ebp - 0x280], 0
+jne short loc_fffbcb81 ; jne 0xfffbcb81
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x1965], 0
+jne loc_fffbccc1 ; jne 0xfffbccc1
+
+loc_fffbcb81: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x2488]
+mov bl, al
+mov byte [ebp - 0x2bc], al
+movsx eax, byte [ebp + edi - 0x266]
+mov dl, bl
+shr dl, 1
+movsx ecx, bl
+movzx edx, dl
+xor ebx, ebx
+add eax, edx
+cdq
+idiv ecx
+mov byte [ebp - 0x270], al
+
+loc_fffbcbb1: ; not directly referenced
+cmp byte [ebp - 0x270], 2
+jle short loc_fffbcbe2 ; jle 0xfffbcbe2
+mov eax, dword [ebp - 0x274]
+and eax, dword [esi + edi*4]
+or eax, dword [ebp - 0x290]
+mov dword [esi + edi*4], eax
+movsx eax, byte [ebp - 0x270]
+sub eax, 2
+shl eax, 7
+mov word [ebp - 0x284], ax
+jmp short loc_fffbcc33 ; jmp 0xfffbcc33
+
+loc_fffbcbe2: ; not directly referenced
+cmp byte [ebp - 0x270], 0
+jns short loc_fffbcc0d ; jns 0xfffbcc0d
+mov eax, dword [ebp - 0x274]
+and dword [esi + edi*4], eax
+movsx ax, byte [ebp - 0x270]
+mov word [ebp - 0x284], ax
+shl word [ebp - 0x284], 7
+jmp short loc_fffbcc33 ; jmp 0xfffbcc33
+
+loc_fffbcc0d: ; not directly referenced
+movsx eax, byte [ebp - 0x270]
+mov cl, byte [ebp - 0x2b4]
+mov edx, dword [ebp - 0x274]
+and edx, dword [esi + edi*4]
+mov word [ebp - 0x284], 0
+shl eax, cl
+or eax, edx
+mov dword [esi + edi*4], eax
+
+loc_fffbcc33: ; not directly referenced
+movsx ecx, word [ebp - 0x284]
+xor eax, eax
+movsx edx, byte [ebp - 0x270]
+mov dword [ebp - 0x2c0], ecx
+mov dword [ebp - 0x2c4], edx
+
+loc_fffbcc4f: ; not directly referenced
+cmp byte [ebp - 0x2bc], al
+jbe short loc_fffbcccb ; jbe 0xfffbcccb
+mov edx, dword [ebp - 0x2a0]
+mov ecx, dword [ebp - 0x28c]
+movsx edx, byte [edx + eax]
+sub edx, dword [ebp - 0x2c4]
+movzx ecx, word [ecx + eax*2 + 0x169]
+shl edx, 7
+add edx, dword [ebp - 0x2c0]
+add ecx, edx
+cmp ecx, 0x1bf
+jle short loc_fffbcc91 ; jle 0xfffbcc91
+inc ebx
+inc byte [ebp - 0x270]
+jmp short loc_fffbccae ; jmp 0xfffbccae
+
+loc_fffbcc91: ; not directly referenced
+mov ecx, dword [ebp - 0x28c]
+movzx ecx, word [ecx + eax*2 + 0x121]
+inc eax
+add edx, ecx
+cmp edx, 0x5f
+jg short loc_fffbcc4f ; jg 0xfffbcc4f
+dec byte [ebp - 0x270]
+inc ebx
+
+loc_fffbccae: ; not directly referenced
+cmp bl, 3
+jbe loc_fffbcbb1 ; jbe 0xfffbcbb1
+
+loc_fffbccb7: ; not directly referenced
+mov eax, 1
+jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5
+
+loc_fffbccc1: ; not directly referenced
+mov eax, 8
+jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5
+
+loc_fffbcccb: ; not directly referenced
+cmp bl, 3
+ja short loc_fffbccb7 ; ja 0xfffbccb7
+lea eax, [edi + edi*8]
+xor ebx, ebx
+lea ecx, [ebp - 0x18]
+add eax, ecx
+mov dword [ebp - 0x2c0], eax
+
+loc_fffbcce0: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp bl, byte [eax + 0x2488]
+jae short loc_fffbcd5b ; jae 0xfffbcd5b
+mov eax, dword [ebp - 0x2c8]
+movzx ecx, bl
+inc ebx
+lea edx, [ecx + eax]
+mov eax, dword [ebp - 0x2c0]
+add edx, edx
+add edx, dword [ebp - 0x288]
+movsx eax, byte [ecx + eax - 0x1ee]
+mov dword [ebp - 0x2bc], edx
+movsx edx, byte [ebp - 0x270]
+sub eax, edx
+movsx edx, word [ebp - 0x284]
+shl eax, 7
+add eax, edx
+mov edx, dword [ebp - 0x2bc]
+add word [edx + 0x169], ax
+add word [edx + 0x121], ax
+mov edx, edi
+push eax
+mov eax, dword [ebp + 8]
+push 0
+push 0xff
+push ecx
+mov ecx, dword [ebp - 0x278]
+call fcn_fffa73b0 ; call 0xfffa73b0
+add esp, 0x10
+jmp short loc_fffbcce0 ; jmp 0xfffbcce0
+
+loc_fffbcd5b: ; not directly referenced
+mov ecx, dword [esi + edi*4]
+mov edx, edi
+shl edx, 0xa
+add edx, 0x40d0
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x2a4], 0
+jne loc_fffbc950 ; jne 0xfffbc950
+mov eax, dword [ebp - 0x288]
+mov ebx, dword [ebp - 0x298]
+add eax, dword [ebp - 0x29c]
+push edx
+mov ecx, dword [ebp - 0x27c]
+push edx
+mov edx, edi
+mov ax, word [eax + ebx + 0x126b]
+or ah, 1
+movzx eax, ax
+push eax
+mov eax, dword [ebp + 8]
+push 0
+call fcn_fffafd52 ; call 0xfffafd52
+mov eax, dword [ebp + 8]
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+add esp, 0x10
+jmp near loc_fffbc950 ; jmp 0xfffbc950
+
+loc_fffbcdc5: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbcdcd: ; not directly referenced
+push ebp
+mov ecx, 3
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd58e8 ; mov esi, 0xfffd58e8
+push ebx
+sub esp, 0x13c0
+mov eax, dword [ebp + 8]
+lea edi, [ebp - 0x1360]
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0x1354]
+mov esi, ref_fffd58f4 ; mov esi, 0xfffd58f4
+mov byte [ebp - 0x1362], 0
+mov eax, dword [eax + 0x5edc]
+mov dword [ebp - 0x1384], eax
+mov eax, dword [ebp + 8]
+mov cl, 3
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov eax, dword [eax + 0x2443]
+mov edi, eax
+mov dword [ebp - 0x1394], eax
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x2480]
+xor eax, eax
+cmp edx, 1
+sete al
+mov dword [ebp - 0x1398], eax
+xor eax, eax
+cmp edx, 2
+sete al
+cmp edx, 3
+mov dword [ebp - 0x1370], eax
+mov dl, 0xaa
+mov al, 0x55
+cmovne eax, edx
+xor ebx, ebx
+mov byte [ebp - 0x1363], al
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x188b]
+push 1
+push 1
+mov dword [ebp - 0x139c], eax
+lea eax, [ebp - 0x1361]
+push eax
+mov eax, edi
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+
+loc_fffbce7a: ; not directly referenced
+push eax
+push eax
+mov eax, dword [ebp + 8]
+push ebx
+inc ebx
+push 1
+lea ecx, [ebp - 0x1362]
+lea edx, [ebp - 0x1363]
+call fcn_fffa81d3 ; call 0xfffa81d3
+add esp, 0x10
+cmp ebx, 4
+jne short loc_fffbce7a ; jne 0xfffbce7a
+mov eax, dword [ebp + 8]
+lea edx, [ebp - 0x1360]
+xor esi, esi
+call fcn_fffa665e ; call 0xfffa665e
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x248e]
+mov byte [ebp - 0x1374], al
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x248d]
+mov byte [ebp - 0x1375], al
+mov eax, dword [ebp + 8]
+add eax, 0x3756
+mov dword [ebp - 0x1388], eax
+mov edi, eax
+
+loc_fffbceda: ; not directly referenced
+cmp dword [edi], 2
+jne loc_fffbcfe7 ; jne 0xfffbcfe7
+cmp dword [ebp - 0x139c], 1
+jne short loc_fffbcf28 ; jne 0xfffbcf28
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, esi
+call fcn_fffa7288 ; call 0xfffa7288
+imul edx, esi, 0xcc
+mov ecx, dword [ebp - 0x1384]
+mov ecx, dword [ecx + edx + 0x1c]
+mov edx, eax
+mov eax, dword [ebp + 8]
+or ecx, 0x40000000
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 1
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffbcf28: ; not directly referenced
+xor ebx, ebx
+
+loc_fffbcf2a: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp bl, byte [eax + 0x2488]
+jae short loc_fffbcf8d ; jae 0xfffbcf8d
+movzx eax, bl
+mov dword [ebp - 0x136c], 0
+mov dword [ebp - 0x137c], eax
+
+loc_fffbcf48: ; not directly referenced
+mov cl, byte [ebp - 0x136c]
+mov eax, 1
+shl eax, cl
+test byte [edi + 0xc4], al
+je short loc_fffbcf7b ; je 0xfffbcf7b
+push eax
+mov ecx, dword [ebp - 0x136c]
+mov edx, esi
+push 0x20
+mov eax, dword [ebp + 8]
+push 5
+push dword [ebp - 0x137c]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffbcf7b: ; not directly referenced
+inc dword [ebp - 0x136c]
+cmp dword [ebp - 0x136c], 4
+jne short loc_fffbcf48 ; jne 0xfffbcf48
+inc ebx
+jmp short loc_fffbcf2a ; jmp 0xfffbcf2a
+
+loc_fffbcf8d: ; not directly referenced
+cmp dword [ebp - 0x1370], 0
+je short loc_fffbcfce ; je 0xfffbcfce
+mov eax, dword [ebp + 8]
+lea ebx, [esi*8 + 0x4980]
+mov edx, ebx
+call fcn_fffae548 ; call 0xfffae548
+mov dword [ebp + esi*8 - 0x1348], eax
+push eax
+push eax
+mov eax, dword [ebp + 8]
+push 0xfb73ea62
+push 0xd951c840
+mov dword [ebp + esi*8 - 0x1344], edx
+mov edx, ebx
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+
+loc_fffbcfce: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, esi
+shl edx, 0xa
+add edx, 0x4020
+call fcn_fffae52a ; call 0xfffae52a
+mov dword [ebp - 0x138c], eax
+
+loc_fffbcfe7: ; not directly referenced
+inc esi
+add edi, 0x13c3
+cmp esi, 2
+jne loc_fffbceda ; jne 0xfffbceda
+cmp dword [ebp - 0x1370], 0
+je short loc_fffbd01d ; je 0xfffbd01d
+or dword [ebp - 0x138c], 0x80
+mov edx, 0x4c20
+mov ecx, dword [ebp - 0x138c]
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffbd01d: ; not directly referenced
+movzx eax, byte [ebp - 0x1374]
+mov dword [ebp - 0x13a0], eax
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffb27d5 ; call 0xfffb27d5
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffbd04f ; jne 0xfffbd04f
+mov ecx, 0x8049
+mov edx, 0x4040
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbd04f: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+jne short loc_fffbd06a ; jne 0xfffbd06a
+mov ecx, 0x8049
+mov edx, 0x4440
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbd06a: ; not directly referenced
+movzx eax, byte [ebp - 0x1375]
+mov dword [ebp - 0x1374], 0
+mov dword [ebp - 0x1380], 0
+mov dword [ebp - 0x13c8], eax
+
+loc_fffbd08b: ; not directly referenced
+mov edi, dword [ebp - 0x1374]
+mov esi, dword [ebp - 0x13c8]
+mov eax, edi
+bt esi, edi
+mov byte [ebp - 0x13b8], al
+jae loc_fffbd61a ; jae 0xfffbd61a
+mov dword [ebp - 0x136c], 1
+mov ecx, edi
+xor ebx, ebx
+shl dword [ebp - 0x136c], cl
+mov al, byte [ebp - 0x136c]
+mov byte [ebp - 0x1375], al
+mov eax, edi
+mov edi, dword [ebp - 0x1388]
+shr al, 1
+movzx eax, al
+mov dword [ebp - 0x1390], eax
+mov eax, dword [ebp - 0x13b8]
+and eax, 1
+mov dword [ebp - 0x137c], eax
+
+loc_fffbd0ea: ; not directly referenced
+mov ecx, dword [ebp - 0x136c]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+call fcn_fffaac43 ; call 0xfffaac43
+mov al, byte [ebp - 0x1375]
+test byte [edi + 0xc4], al
+je short loc_fffbd17f ; je 0xfffbd17f
+cmp dword [ebp - 0x1398], 0
+je short loc_fffbd117 ; je 0xfffbd117
+push ecx
+push ecx
+push 4
+jmp short loc_fffbd144 ; jmp 0xfffbd144
+
+loc_fffbd117: ; not directly referenced
+cmp dword [ebp - 0x1370], 0
+je short loc_fffbd159 ; je 0xfffbd159
+imul edx, dword [ebp - 0x137c], 0x18
+imul eax, dword [ebp - 0x1390], 0x128
+add eax, edx
+mov ax, word [edi + eax + 0x1271]
+push edx
+push edx
+or eax, 4
+movzx eax, ax
+push eax
+
+loc_fffbd144: ; not directly referenced
+mov ecx, dword [ebp - 0x136c]
+mov edx, ebx
+mov eax, dword [ebp + 8]
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+
+loc_fffbd159: ; not directly referenced
+mov esi, ebx
+mov eax, dword [ebp + 8]
+shl esi, 0xa
+add esi, 0x4194
+mov edx, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, esi
+or eax, 0x80000000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbd17f: ; not directly referenced
+inc ebx
+add edi, 0x13c3
+cmp ebx, 2
+jne loc_fffbd0ea ; jne 0xfffbd0ea
+mov dword [ebp - 0x137c], 0
+
+loc_fffbd199: ; not directly referenced
+push 1
+mov eax, dword [ebp - 0x137c]
+xor edi, edi
+push 0
+push 0
+push 0
+push 0
+sub eax, 0x20
+push 0
+push 0
+push 1
+push 0
+push eax
+push 1
+push dword [ebp + 8]
+call fcn_fffcc900 ; call 0xfffcc900
+mov eax, dword [ebp + 8]
+add esp, 0x2c
+mov edx, dword [ebp - 0x13a0]
+movzx ecx, byte [eax + 0x248b]
+lea eax, [ebp - 0x1361]
+push 0
+push 1
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+
+loc_fffbd1ea: ; not directly referenced
+imul eax, edi, 0x13c3
+mov esi, dword [ebp + 8]
+mov bl, byte [ebp - 0x1375]
+test byte [esi + eax + 0x381a], bl
+je loc_fffbd2de ; je 0xfffbd2de
+mov ebx, edi
+mov eax, esi
+shl ebx, 0xa
+lea edx, [ebx + 0x40e0]
+call fcn_fffae548 ; call 0xfffae548
+mov dword [ebp - 0x13a8], eax
+lea eax, [ebx + 0x40e8]
+xor ebx, ebx
+mov dword [ebp - 0x13bc], eax
+lea eax, [edi + edi*8]
+mov dword [ebp - 0x13a4], edx
+mov dword [ebp - 0x13c0], eax
+
+loc_fffbd23b: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp bl, byte [eax + 0x2488]
+jae loc_fffbd2de ; jae 0xfffbd2de
+cmp bl, 7
+ja short loc_fffbd273 ; ja 0xfffbd273
+push eax
+movzx eax, bl
+shl eax, 3
+push eax
+mov eax, dword [ebp - 0x1394]
+push dword [ebp - 0x13a4]
+push dword [ebp - 0x13a8]
+call dword [eax + 0x6c] ; ucall
+add esp, 0x10
+mov cl, al
+jmp short loc_fffbd283 ; jmp 0xfffbd283
+
+loc_fffbd273: ; not directly referenced
+mov edx, dword [ebp - 0x13bc]
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+mov cl, al
+
+loc_fffbd283: ; not directly referenced
+movzx eax, cl
+mov dword [ebp - 0x13c4], ecx
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov ecx, dword [ebp - 0x13c4]
+cmp dword [ebp - 0x1380], 0
+jne short loc_fffbd2ad ; jne 0xfffbd2ad
+xor edx, edx
+cmp al, 6
+setbe dl
+mov dword [ebp - 0x1380], edx
+
+loc_fffbd2ad: ; not directly referenced
+movzx esi, bl
+mov edx, 1
+test cl, cl
+je short loc_fffbd2c2 ; je 0xfffbd2c2
+xor edx, edx
+cmp al, 7
+sete dl
+add edx, edx
+
+loc_fffbd2c2: ; not directly referenced
+add esi, dword [ebp - 0x13c0]
+inc ebx
+shl esi, 6
+add esi, dword [ebp - 0x137c]
+mov dword [ebp + esi*4 - 0x1218], edx
+jmp near loc_fffbd23b ; jmp 0xfffbd23b
+
+loc_fffbd2de: ; not directly referenced
+inc edi
+cmp edi, 2
+jne loc_fffbd1ea ; jne 0xfffbd1ea
+mov eax, dword [ebp + 8]
+call fcn_fffb0e8a ; call 0xfffb0e8a
+inc dword [ebp - 0x137c]
+cmp dword [ebp - 0x137c], 0x40
+jne loc_fffbd199 ; jne 0xfffbd199
+mov eax, dword [ebp - 0x1384]
+xor di, di
+mov ebx, dword [ebp - 0x1388]
+lea esi, [eax + 0x70]
+mov eax, dword [ebp - 0x13b8]
+and eax, 1
+mov dword [ebp - 0x13b8], eax
+
+loc_fffbd324: ; not directly referenced
+mov al, byte [ebp - 0x1375]
+test byte [ebx + 0xc4], al
+je loc_fffbd3cb ; je 0xfffbd3cb
+mov eax, edi
+shl eax, 0xa
+add eax, 0x4194
+mov edx, eax
+mov dword [ebp - 0x137c], eax
+mov eax, dword [ebp + 8]
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, dword [ebp - 0x137c]
+and eax, 0x7fffffff
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x1398], 0
+je short loc_fffbd374 ; je 0xfffbd374
+push eax
+push eax
+push 0
+jmp short loc_fffbd39b ; jmp 0xfffbd39b
+
+loc_fffbd374: ; not directly referenced
+cmp dword [ebp - 0x1370], 0
+je short loc_fffbd3b0 ; je 0xfffbd3b0
+push eax
+push eax
+imul edx, dword [ebp - 0x13b8], 0x18
+imul eax, dword [ebp - 0x1390], 0x128
+add eax, edx
+movzx eax, word [ebx + eax + 0x1271]
+push eax
+
+loc_fffbd39b: ; not directly referenced
+mov ecx, dword [ebp - 0x136c]
+mov edx, edi
+mov eax, dword [ebp + 8]
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+
+loc_fffbd3b0: ; not directly referenced
+push eax
+mov eax, dword [ebp + 8]
+push 0
+movzx eax, byte [eax + 0x2488]
+push eax
+mov eax, dword [ebp - 0x1394]
+push esi
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbd3cb: ; not directly referenced
+inc edi
+add esi, 0xcc
+add ebx, 0x13c3
+cmp edi, 2
+jne loc_fffbd324 ; jne 0xfffbd324
+lea eax, [ebp - 0x1298]
+mov edx, 0xffffffe0
+mov dword [ebp - 0x13b8], eax
+
+loc_fffbd3f2: ; not directly referenced
+mov eax, dword [ebp + 8]
+lea ecx, [ebp - 0x12f0]
+lea edi, [ebp - 0x12a8]
+add eax, 0x381a
+mov dword [ebp - 0x1390], eax
+lea eax, [ebp - 0x1338]
+mov dword [ebp - 0x136c], eax
+lea eax, [ebp - 0x1260]
+mov dword [ebp - 0x137c], eax
+mov eax, dword [ebp - 0x13b8]
+mov dword [ebp - 0x13a8], eax
+lea eax, [edx - 1]
+mov dword [ebp - 0x13c4], eax
+
+loc_fffbd439: ; not directly referenced
+mov esi, dword [ebp - 0x1390]
+mov al, byte [ebp - 0x1375]
+test byte [esi], al
+je short loc_fffbd4af ; je 0xfffbd4af
+mov eax, dword [ebp + 8]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x13bc], al
+xor eax, eax
+jmp short loc_fffbd4a7 ; jmp 0xfffbd4a7
+
+loc_fffbd45c: ; not directly referenced
+mov ebx, eax
+mov esi, eax
+mov eax, dword [ebp - 0x13a8]
+shl ebx, 8
+mov ebx, dword [eax + ebx + 0x80]
+mov eax, dword [ebp - 0x1380]
+xor eax, 1
+cmp ebx, 2
+cmove ebx, eax
+cmp dl, 0xe0
+mov eax, esi
+jne loc_fffbd514 ; jne 0xfffbd514
+test ebx, ebx
+je short loc_fffbd4ea ; je 0xfffbd4ea
+mov dword [ecx + esi*4], edx
+mov esi, dword [ebp - 0x136c]
+mov dword [edi + eax*4], edx
+mov dword [esi + eax*4], edx
+mov esi, dword [ebp - 0x137c]
+mov dword [esi + eax*4], edx
+
+loc_fffbd4a6: ; not directly referenced
+inc eax
+
+loc_fffbd4a7: ; not directly referenced
+cmp byte [ebp - 0x13bc], al
+ja short loc_fffbd45c ; ja 0xfffbd45c
+
+loc_fffbd4af: ; not directly referenced
+add ecx, 0x24
+add edi, 0x24
+lea eax, [ebp - 0x12a8]
+add dword [ebp - 0x1390], 0x13c3
+add dword [ebp - 0x136c], 0x24
+add dword [ebp - 0x137c], 0x24
+add dword [ebp - 0x13a8], 0x900
+cmp ecx, eax
+jne loc_fffbd439 ; jne 0xfffbd439
+jmp near loc_fffbd56d ; jmp 0xfffbd56d
+
+loc_fffbd4ea: ; not directly referenced
+mov dword [ecx + esi*4], 0xffffffdf
+mov esi, dword [ebp - 0x136c]
+mov dword [edi + eax*4], 0xffffffdf
+mov dword [esi + eax*4], 0xffffffdf
+mov esi, dword [ebp - 0x137c]
+mov dword [esi + eax*4], 0xffffffdf
+jmp short loc_fffbd4a6 ; jmp 0xfffbd4a6
+
+loc_fffbd514: ; not directly referenced
+test ebx, ebx
+je short loc_fffbd4a6 ; je 0xfffbd4a6
+mov ebx, dword [ebp - 0x13c4]
+cmp dword [ecx + esi*4], ebx
+mov dword [ecx + esi*4], edx
+je short loc_fffbd52f ; je 0xfffbd52f
+mov esi, dword [ebp - 0x136c]
+mov dword [esi + eax*4], edx
+
+loc_fffbd52f: ; not directly referenced
+mov ebx, dword [ebp - 0x136c]
+mov esi, edx
+mov ebx, dword [ebx + eax*4]
+mov dword [ebp - 0x13c0], ebx
+sub esi, ebx
+mov ebx, dword [ebp - 0x137c]
+mov ebx, dword [ebx + eax*4]
+sub ebx, dword [edi + eax*4]
+cmp esi, ebx
+jle loc_fffbd4a6 ; jle 0xfffbd4a6
+mov esi, dword [ebp - 0x13c0]
+mov ebx, dword [ebp - 0x137c]
+mov dword [edi + eax*4], esi
+mov dword [ebx + eax*4], edx
+jmp near loc_fffbd4a6 ; jmp 0xfffbd4a6
+
+loc_fffbd56d: ; not directly referenced
+inc edx
+add dword [ebp - 0x13b8], 4
+cmp edx, 0x20
+jne loc_fffbd3f2 ; jne 0xfffbd3f2
+imul ecx, dword [ebp - 0x1374], 9
+xor edi, edi
+mov eax, dword [ebp - 0x1388]
+mov dword [ebp - 0x137c], ecx
+
+loc_fffbd593: ; not directly referenced
+mov bl, byte [ebp - 0x1375]
+test byte [eax + 0xc4], bl
+jne short loc_fffbd5ae ; jne 0xfffbd5ae
+
+loc_fffbd5a1: ; not directly referenced
+inc edi
+add eax, 0x13c3
+cmp edi, 2
+je short loc_fffbd61a ; je 0xfffbd61a
+jmp short loc_fffbd593 ; jmp 0xfffbd593
+
+loc_fffbd5ae: ; not directly referenced
+mov ebx, dword [ebp - 0x137c]
+xor edx, edx
+lea ecx, [eax + ebx]
+mov dword [ebp - 0x136c], ecx
+
+loc_fffbd5bf: ; not directly referenced
+mov ecx, dword [ebp + 8]
+cmp dl, byte [ecx + 0x2488]
+jae short loc_fffbd5a1 ; jae 0xfffbd5a1
+movzx ebx, dl
+lea esi, [edi + edi*8]
+add esi, ebx
+mov ecx, dword [ebp + esi*4 - 0x12a8]
+mov esi, dword [ebp + esi*4 - 0x1260]
+sub esi, ecx
+jne short loc_fffbd5f5 ; jne 0xfffbd5f5
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x1965], 0
+je short loc_fffbd600 ; je 0xfffbd600
+jmp near loc_fffbd79f ; jmp 0xfffbd79f
+
+loc_fffbd5f5: ; not directly referenced
+cmp esi, 0xc
+jle short loc_fffbd600 ; jle 0xfffbd600
+sar esi, 1
+add esi, ecx
+jmp short loc_fffbd602 ; jmp 0xfffbd602
+
+loc_fffbd600: ; not directly referenced
+xor esi, esi
+
+loc_fffbd602: ; not directly referenced
+add ebx, dword [ebp - 0x136c]
+inc edx
+lea ecx, [esi + 0x20]
+mov byte [ebx + 0x104a], cl
+mov byte [ebx + 0x106e], cl
+jmp short loc_fffbd5bf ; jmp 0xfffbd5bf
+
+loc_fffbd61a: ; not directly referenced
+inc dword [ebp - 0x1374]
+cmp dword [ebp - 0x1374], 4
+jne loc_fffbd08b ; jne 0xfffbd08b
+cmp dword [ebp - 0x1370], 0
+je short loc_fffbd69a ; je 0xfffbd69a
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffbd65d ; jne 0xfffbd65d
+push ebx
+mov edx, 0x4980
+push ebx
+push dword [ebp - 0x1344]
+push dword [ebp - 0x1348]
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+
+loc_fffbd65d: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+jne short loc_fffbd684 ; jne 0xfffbd684
+push ecx
+mov edx, 0x4988
+push ecx
+push dword [ebp - 0x133c]
+push dword [ebp - 0x1340]
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+
+loc_fffbd684: ; not directly referenced
+mov ecx, dword [ebp - 0x138c]
+mov edx, 0x4c20
+mov eax, dword [ebp + 8]
+and cl, 0x7f
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffbd69a: ; not directly referenced
+xor esi, esi
+
+loc_fffbd69c: ; not directly referenced
+mov eax, 1
+mov ecx, esi
+shl eax, cl
+xor ebx, ebx
+mov dword [ebp - 0x136c], eax
+
+loc_fffbd6ad: ; not directly referenced
+mov eax, esi
+test al, al
+sete dl
+cmp dword [ebp - 0x139c], 1
+sete al
+test dl, al
+je short loc_fffbd6f8 ; je 0xfffbd6f8
+mov eax, dword [ebp + 8]
+mov ecx, 0xff
+mov edx, ebx
+call fcn_fffa7288 ; call 0xfffa7288
+imul edx, ebx, 0xcc
+mov edi, dword [ebp - 0x1384]
+mov ecx, dword [edi + edx + 0x1c]
+mov edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp + 8]
+mov edx, 1
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffbd6f8: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edi, dword [ebp + 8]
+mov cl, byte [ebp - 0x136c]
+test byte [edi + eax + 0x381a], cl
+jne short loc_fffbd718 ; jne 0xfffbd718
+
+loc_fffbd710: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffbd6ad ; jne 0xfffbd6ad
+jmp short loc_fffbd747 ; jmp 0xfffbd747
+
+loc_fffbd718: ; not directly referenced
+xor edi, edi
+
+loc_fffbd71a: ; not directly referenced
+mov ecx, dword [ebp + 8]
+mov eax, edi
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffbd710 ; jae 0xfffbd710
+push edx
+mov eax, edi
+push 0
+movzx eax, al
+push 0xff
+mov ecx, esi
+push eax
+mov eax, dword [ebp + 8]
+mov edx, ebx
+inc edi
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+jmp short loc_fffbd71a ; jmp 0xfffbd71a
+
+loc_fffbd747: ; not directly referenced
+inc esi
+cmp esi, 4
+jne loc_fffbd69c ; jne 0xfffbd69c
+push eax
+mov ecx, 0x1010101
+push eax
+mov eax, dword [ebp + 8]
+xor edx, edx
+push 0
+push 8
+call fcn_fffa7fde ; call 0xfffa7fde
+mov eax, dword [ebp + 8]
+lea edx, [ebp - 0x1354]
+call fcn_fffa665e ; call 0xfffa665e
+push 2
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push 1
+push dword [ebp + 8]
+call fcn_fffcc900 ; call 0xfffcc900
+mov eax, dword [ebp + 8]
+add esp, 0x40
+call fcn_fffb0e8a ; call 0xfffb0e8a
+jmp short loc_fffbd7a4 ; jmp 0xfffbd7a4
+
+loc_fffbd79f: ; not directly referenced
+mov eax, 6
+
+loc_fffbd7a4: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbd7ac: ; not directly referenced
+push ebp
+mov ecx, 2
+mov ebp, esp
+sub esp, 0x10
+mov eax, dword [ebp + 8]
+movzx edx, byte [eax + 0x248e]
+push 0xa
+push 1
+call fcn_fffcd1ac ; call 0xfffcd1ac
+leave
+ret
+
+fcn_fffbd7cc: ; not directly referenced
+push ebp
+mov ecx, 1
+mov ebp, esp
+sub esp, 0x10
+mov eax, dword [ebp + 8]
+movzx edx, byte [eax + 0x248e]
+push 0xa
+push 1
+call fcn_fffcd1ac ; call 0xfffcd1ac
+leave
+ret
+
+fcn_fffbd7ec: ; not directly referenced
+push ebp
+mov ecx, 0xb
+mov ebp, esp
+sub esp, 0x10
+mov eax, dword [ebp + 8]
+movzx edx, byte [eax + 0x248e]
+push 0x11
+push 0
+call fcn_fffcd1ac ; call 0xfffcd1ac
+leave
+ret
+
+fcn_fffbd80c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov dword [ebp - 0x1c], eax
+mov eax, dword [eax + 0x5edc]
+mov dword [ebp - 0x20], edx
+mov byte [ebp - 0x2a], cl
+mov dword [ebp - 0x24], eax
+lea eax, [ecx - 1]
+cmp al, 1
+jbe short loc_fffbd835 ; jbe 0xfffbd835
+
+loc_fffbd82e: ; not directly referenced
+xor esi, esi
+jmp near loc_fffbdae8 ; jmp 0xfffbdae8
+
+loc_fffbd835: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+movzx ebx, cl
+dec cl
+mov edx, ebx
+mov ecx, 1
+movzx edi, byte [ebx + ref_fffd5f1c] ; movzx edi, byte [ebx - 0x2a0e4]
+sete byte [ebp - 0x28]
+add byte [ebp - 0x28], 8
+call fcn_fffb13cf ; call 0xfffb13cf
+mov edx, ebx
+mov ebx, dword [ebp - 0x1c]
+xor ecx, ecx
+imul edi, edi, 0x240
+movzx esi, ax
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+add edi, dword [ebp - 0x20]
+mov dword [ebp - 0x38], edi
+movzx eax, ax
+add eax, esi
+xor esi, esi
+mov dword [ebp - 0x30], eax
+mov eax, ebx
+add eax, 0x3756
+mov dword [ebp - 0x20], eax
+mov eax, dword [ebp - 0x24]
+sar dword [ebp - 0x30], 1
+mov dword [ebp - 0x24], 0
+add eax, 0x1c
+mov dword [ebp - 0x40], eax
+mov dword [ebp - 0x34], eax
+movzx eax, byte [ebp - 0x28]
+mov dword [ebp - 0x48], eax
+
+loc_fffbd8a6: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+cmp dword [eax], 2
+jne loc_fffbda64 ; jne 0xfffbda64
+imul eax, dword [ebp - 0x24], 9
+mov byte [ebp - 0x29], 0
+mov dword [ebp - 0x44], eax
+
+loc_fffbd8bd: ; not directly referenced
+mov ebx, dword [ebp - 0x1c]
+mov al, byte [ebp - 0x29]
+cmp al, byte [ebx + 0x2488]
+jae loc_fffbda64 ; jae 0xfffbda64
+mov edi, dword [ebp - 0x20]
+xor ecx, ecx
+mov dword [ebp - 0x28], 0xffffffff
+mov bl, byte [edi + 0xc4]
+mov edi, dword [ebp - 0x38]
+mov byte [ebp - 0x3c], bl
+movzx ebx, al
+mov eax, dword [ebp - 0x44]
+add eax, ebx
+lea edx, [edi + eax*8 + 4]
+
+loc_fffbd8f3: ; not directly referenced
+mov edi, 1
+shl edi, cl
+mov eax, edi
+test byte [ebp - 0x3c], al
+je short loc_fffbd911 ; je 0xfffbd911
+mov eax, dword [ebp - 0x28]
+mov edi, dword [edx]
+add edi, dword [edx - 4]
+cmp eax, edi
+cmovbe edi, eax
+mov dword [ebp - 0x28], edi
+
+loc_fffbd911: ; not directly referenced
+inc ecx
+add edx, 0x90
+cmp ecx, 4
+jne short loc_fffbd8f3 ; jne 0xfffbd8f3
+mov eax, dword [ebp - 0x30]
+cmp dword [ebp - 0x28], eax
+jbe loc_fffbda5c ; jbe 0xfffbda5c
+movzx edi, byte [ebp - 0x29]
+xor esi, esi
+
+loc_fffbd92f: ; not directly referenced
+mov edx, dword [ebp - 0x20]
+mov eax, 1
+mov ecx, esi
+shl eax, cl
+test byte [edx + 0xc4], al
+je short loc_fffbd964 ; je 0xfffbd964
+push 0
+push 0
+push 1
+push 0
+push edi
+push esi
+push dword [ebp - 0x24]
+push 0
+push 0
+push 0
+push dword [ebp - 0x48]
+push dword [ebp - 0x1c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+
+loc_fffbd964: ; not directly referenced
+inc esi
+cmp esi, 4
+jne short loc_fffbd92f ; jne 0xfffbd92f
+mov eax, dword [ebp - 0x20]
+movzx edi, byte [ebp - 0x29]
+mov dword [ebp - 0x28], 0
+lea esi, [eax + ebx + 0x104a]
+lea ebx, [ebx + ebx + 0x121]
+add ebx, eax
+lea eax, [edi*4]
+mov dword [ebp - 0x3c], eax
+
+loc_fffbd992: ; not directly referenced
+mov cl, byte [ebp - 0x28]
+mov eax, 1
+shl eax, cl
+mov ecx, dword [ebp - 0x20]
+test byte [ecx + 0xc4], al
+je loc_fffbda44 ; je 0xfffbda44
+cmp byte [ebp - 0x2a], 1
+jne short loc_fffbd9f0 ; jne 0xfffbd9f0
+mov al, byte [esi + 0x24]
+xor edx, edx
+lea ecx, [eax - 9]
+cmp al, 0xa
+mov al, cl
+cmovb eax, edx
+mov byte [esi + 0x24], al
+mov al, byte [esi]
+cmp al, 0xa
+lea ecx, [eax - 9]
+mov eax, dword [ebp - 0x1c]
+cmovae edx, ecx
+mov ecx, dword [ebp - 0x28]
+mov byte [esi], dl
+push edx
+mov edx, dword [ebp - 0x24]
+push 0
+push 0xff
+push edi
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+mov eax, 0x40000000
+jmp short loc_fffbda3a ; jmp 0xfffbda3a
+
+loc_fffbd9f0: ; not directly referenced
+mov dx, word [ebx + 0x48]
+mov eax, 0x1ff
+lea ecx, [edx + 9]
+cmp dx, 0x1f5
+mov edx, ecx
+cmova edx, eax
+mov word [ebx + 0x48], dx
+mov dx, word [ebx]
+cmp dx, 0x1f5
+lea ecx, [edx + 9]
+mov edx, dword [ebp - 0x24]
+cmovbe eax, ecx
+mov ecx, dword [ebp - 0x28]
+mov word [ebx], ax
+push eax
+mov eax, dword [ebp - 0x1c]
+push 0
+push 0xff
+push edi
+call fcn_fffa73b0 ; call 0xfffa73b0
+add esp, 0x10
+mov eax, 0x20000000
+
+loc_fffbda3a: ; not directly referenced
+mov edx, dword [ebp - 0x34]
+mov ecx, dword [ebp - 0x3c]
+or dword [edx + ecx + 0x28], eax
+
+loc_fffbda44: ; not directly referenced
+inc dword [ebp - 0x28]
+add esi, 9
+add ebx, 0x12
+cmp dword [ebp - 0x28], 4
+jne loc_fffbd992 ; jne 0xfffbd992
+mov esi, 1
+
+loc_fffbda5c: ; not directly referenced
+inc byte [ebp - 0x29]
+jmp near loc_fffbd8bd ; jmp 0xfffbd8bd
+
+loc_fffbda64: ; not directly referenced
+inc dword [ebp - 0x24]
+add dword [ebp - 0x20], 0x13c3
+add dword [ebp - 0x34], 0xcc
+cmp dword [ebp - 0x24], 2
+jne loc_fffbd8a6 ; jne 0xfffbd8a6
+test esi, esi
+je loc_fffbd82e ; je 0xfffbd82e
+mov edi, dword [ebp - 0x40]
+xor ebx, ebx
+
+loc_fffbda8c: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edx, dword [ebp - 0x1c]
+cmp dword [edx + eax + 0x3756], 2
+je short loc_fffbdaad ; je 0xfffbdaad
+
+loc_fffbda9f: ; not directly referenced
+inc ebx
+add edi, 0xcc
+cmp ebx, 2
+je short loc_fffbdae8 ; je 0xfffbdae8
+jmp short loc_fffbda8c ; jmp 0xfffbda8c
+
+loc_fffbdaad: ; not directly referenced
+mov byte [ebp - 0x20], 0
+
+loc_fffbdab1: ; not directly referenced
+mov ecx, dword [ebp - 0x1c]
+mov al, byte [ebp - 0x20]
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffbda9f ; jae 0xfffbda9f
+movzx eax, byte [ebp - 0x20]
+mov edx, ebx
+mov ecx, eax
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp - 0x1c]
+call fcn_fffa720e ; call 0xfffa720e
+mov edx, dword [ebp - 0x24]
+mov ecx, dword [edi + edx*4 + 0x28]
+mov edx, eax
+mov eax, dword [ebp - 0x1c]
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x20]
+jmp short loc_fffbdab1 ; jmp 0xfffbdab1
+
+loc_fffbdae8: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbdaf2: ; not directly referenced
+push ebp
+mov ecx, 0xa
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd5900 ; mov esi, 0xfffd5900
+push ebx
+sub esp, 0x6c
+mov ebx, dword [ebp + 8]
+lea edi, [ebp - 0x60]
+mov byte [ebp - 0x67], 4
+mov byte [ebp - 0x66], 1
+mov eax, dword [ebx + 0x1887]
+mov byte [ebp - 0x65], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 1
+cmp eax, 0x306d0
+sete dl
+cmp eax, 0x40650
+sete al
+or dl, al
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+je loc_fffbdbdd ; je 0xfffbdbdd
+mov cl, 1
+mov edx, 4
+mov eax, ebx
+mov esi, 4
+call fcn_fffb13cf ; call 0xfffb13cf
+mov edx, dword [ebp - 0x60]
+mov ecx, 1
+cmp ax, dx
+cmovae edx, eax
+mov eax, ebx
+mov word [ebp - 0x60], dx
+mov edx, 1
+call fcn_fffb13cf ; call 0xfffb13cf
+mov dx, word [ebp - 0x5e]
+mov byte [ebp - 0x69], 1
+cmp ax, dx
+cmovae edx, eax
+cmp dword [ebx + 0x188b], 1
+mov word [ebp - 0x5e], dx
+sete al
+lea eax, [eax + eax*4 + 7]
+movsx edi, al
+
+loc_fffbdb9b: ; not directly referenced
+mov al, byte [ebp - 0x69]
+test byte [ebx + 0x248d], al
+je short loc_fffbdbd7 ; je 0xfffbdbd7
+push eax
+mov ecx, 3
+push 0
+push 0
+push 0xf
+push edi
+push 0
+lea eax, [ebp - 0x60]
+push eax
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x67]
+push eax
+movzx eax, byte [ebp - 0x69]
+push 5
+lea edx, [ebp - 0x56]
+push eax
+mov eax, ebx
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+
+loc_fffbdbd7: ; not directly referenced
+shl byte [ebp - 0x69], 1
+dec esi
+jne short loc_fffbdb9b ; jne 0xfffbdb9b
+
+loc_fffbdbdd: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbdbe7: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x60
+mov ebx, dword [ebp + 8]
+mov byte [ebp - 0x67], 4
+lea esi, [ebp - 0x60]
+mov byte [ebp - 0x66], 1
+mov byte [ebp - 0x65], 1
+mov edi, dword [ebx + 0x2443]
+push 0
+push 8
+mov eax, dword [ebx + 0x5edc]
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 1
+add eax, 0x1bc
+push eax
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+call dword [edi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 5
+push esi
+call dword [edi + 0x60] ; ucall
+movzx edx, byte [ebp - 0x67]
+mov ecx, 1
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+movzx edx, byte [ebp - 0x66]
+mov ecx, 1
+mov word [ebp - 0x60], ax
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+add esp, 0x10
+cmp dword [ebx + 0x188b], 1
+mov word [ebp - 0x5e], ax
+jne short loc_fffbdc82 ; jne 0xfffbdc82
+mov eax, ebx
+call fcn_fffa9b8c ; call 0xfffa9b8c
+mov eax, 8
+mov edx, 0x2f
+add word [ebp - 0x5e], 0x28
+jmp short loc_fffbdc89 ; jmp 0xfffbdc89
+
+loc_fffbdc82: ; not directly referenced
+xor eax, eax
+mov edx, 7
+
+loc_fffbdc89: ; not directly referenced
+push ecx
+mov ecx, 3
+push 0
+push 0
+push 0xf
+push edx
+push eax
+push esi
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x67]
+push eax
+mov eax, ebx
+push 6
+lea edx, [ebp - 0x56]
+push 0xf
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x28
+mov eax, ebx
+push 0
+mov ecx, 3
+push 0xf
+push 0
+push 0
+push 0
+lea edx, [ebx + 0x2490]
+push 1
+call fcn_fffc0a2d ; call 0xfffc0a2d
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbdcd9: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x140
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0xe4], 1
+mov dword [ebp - 0xe0], 1
+mov eax, dword [edi + 0x2443]
+mov ebx, dword [edi + 0x5edc]
+mov esi, eax
+mov dword [ebp - 0x110], eax
+mov eax, dword [edi + 0x1887]
+mov dword [ebp - 0x108], eax
+mov eax, dword [edi + 0x1883]
+push 0
+push 0x10
+mov dword [ebp - 0x100], eax
+lea eax, [ebp - 0xc8]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 1
+push 3
+lea eax, [ebp - 0xee]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+cmp dword [edi + 0x2480], 2
+mov byte [ebp - 0xf1], 0xfc
+mov byte [ebp - 0xf0], 4
+mov byte [ebp - 0xef], 0
+jne loc_fffbe4d2 ; jne 0xfffbe4d2
+mov eax, dword [edi + 0x5edc]
+mov dword [ebp - 0x100], eax
+mov eax, dword [edi + 0x2443]
+mov esi, eax
+mov dword [ebp - 0x110], eax
+push eax
+push 0
+push 0x10
+lea eax, [ebp - 0xb8]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 1
+push 3
+lea eax, [ebp - 0xe8]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+xor eax, eax
+mov byte [ebp - 0xeb], 0xfc
+mov byte [ebp - 0xea], 4
+mov byte [ebp - 0xe9], 0
+
+loc_fffbddc8: ; not directly referenced
+mov byte [ebp + eax - 0xd4], al
+inc eax
+cmp eax, 9
+jne short loc_fffbddc8 ; jne 0xfffbddc8
+mov ecx, 1
+mov edx, 5
+mov eax, edi
+call fcn_fffb13cf ; call 0xfffb13cf
+xor ecx, ecx
+mov edx, 5
+lea ebx, [edi + 0x2b50]
+mov word [ebp - 0x138], ax
+mov eax, edi
+call fcn_fffb13cf ; call 0xfffb13cf
+sub esp, 0xc
+mov ecx, 0x11
+mov word [ebp - 0x13c], ax
+movzx eax, byte [edi + 0x248e]
+push 0
+mov edx, eax
+mov dword [ebp - 0x10c], eax
+mov eax, edi
+call fcn_fffb26ca ; call 0xfffb26ca
+mov al, byte [ebp - 0xe7]
+mov ecx, 2
+mov byte [ebp - 0x11c], al
+mov al, byte [ebp - 0xe8]
+add byte [ebp - 0x11c], al
+mov al, byte [ebp - 0xe6]
+add byte [ebp - 0x11c], al
+lea eax, [edi + 0x2490]
+mov dword [ebp - 0x140], eax
+mov edx, eax
+mov eax, edi
+call fcn_fffa66dd ; call 0xfffa66dd
+add esp, 0x10
+xor ecx, ecx
+
+loc_fffbde6b: ; not directly referenced
+mov eax, dword [ebp - 0x10c]
+mov dword [ebp + ecx*4 - 0xdc], 0
+bt eax, ecx
+jae short loc_fffbdea3 ; jae 0xfffbdea3
+mov eax, dword [ebx + 4]
+mov esi, 0x14
+xor edx, edx
+add eax, dword [ebx]
+div esi
+mov si, 0xc
+lea edx, [eax - 1]
+cmp edx, 0xb
+cmova eax, esi
+mov dword [ebp + ecx*4 - 0xdc], eax
+
+loc_fffbdea3: ; not directly referenced
+inc ecx
+add ebx, 0x48
+cmp ecx, 2
+jne short loc_fffbde6b ; jne 0xfffbde6b
+push eax
+push 0
+push 0x80
+lea eax, [ebp - 0x98]
+push eax
+mov eax, dword [ebp - 0x110]
+call dword [eax + 0x5c] ; ucall
+mov eax, dword [ebp - 0x100]
+add esp, 0x10
+mov dword [ebp - 0xfc], 0
+add eax, 0x70
+mov dword [ebp - 0x134], eax
+
+loc_fffbdee0: ; not directly referenced
+xor esi, esi
+
+loc_fffbdee2: ; not directly referenced
+mov eax, dword [ebp - 0x10c]
+bt eax, esi
+jb short loc_fffbdef7 ; jb 0xfffbdef7
+
+loc_fffbdeed: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffbdee2 ; jne 0xfffbdee2
+xor esi, esi
+jmp short loc_fffbdf4c ; jmp 0xfffbdf4c
+
+loc_fffbdef7: ; not directly referenced
+mov eax, dword [ebp - 0xfc]
+mov ecx, 0xc
+xor ebx, ebx
+movsx eax, byte [ebp + eax - 0xeb]
+imul eax, dword [ebp + esi*4 - 0xdc]
+cdq
+idiv ecx
+mov dword [ebp - 0x100], eax
+
+loc_fffbdf1d: ; not directly referenced
+cmp bl, byte [edi + 0x2488]
+jae short loc_fffbdeed ; jae 0xfffbdeed
+push 1
+movzx eax, bl
+push 0
+inc ebx
+push 1
+push 0
+push eax
+push 0
+push esi
+push 0
+push 0
+push dword [ebp - 0x100]
+push 2
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+jmp short loc_fffbdf1d ; jmp 0xfffbdf1d
+
+loc_fffbdf4c: ; not directly referenced
+mov eax, dword [ebp - 0x134]
+mov ecx, esi
+xor ebx, ebx
+mov dword [ebp - 0x100], 1
+shl dword [ebp - 0x100], cl
+mov dword [ebp - 0x108], eax
+mov byte [ebp - 0x104], 0
+
+loc_fffbdf73: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffbdfb5 ; jne 0xfffbdfb5
+mov ecx, dword [ebp - 0x100]
+mov edx, ebx
+mov eax, edi
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0x104], al
+push eax
+push 0
+movzx eax, byte [edi + 0x2488]
+push eax
+mov eax, dword [ebp - 0x110]
+push dword [ebp - 0x108]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbdfb5: ; not directly referenced
+inc ebx
+add dword [ebp - 0x108], 0xcc
+cmp ebx, 2
+jne short loc_fffbdf73 ; jne 0xfffbdf73
+push ecx
+mov edx, dword [ebp - 0x140]
+push ecx
+movzx ecx, byte [ebp - 0x104]
+lea eax, [ebp - 0xb8]
+push eax
+push 0x25
+lea eax, [ebp - 0xd4]
+push eax
+mov eax, edi
+push 5
+push 0
+push esi
+inc esi
+call fcn_fffd13ed ; call 0xfffd13ed
+add esp, 0x20
+cmp esi, 2
+jne loc_fffbdf4c ; jne 0xfffbdf4c
+lea eax, [ebp - 0xa8]
+xor esi, esi
+mov dword [ebp - 0x130], eax
+lea eax, [ebp - 0x98]
+mov dword [ebp - 0x128], eax
+
+loc_fffbe017: ; not directly referenced
+mov eax, dword [ebp - 0x10c]
+bt eax, esi
+jb short loc_fffbe03b ; jb 0xfffbe03b
+
+loc_fffbe022: ; not directly referenced
+inc esi
+add dword [ebp - 0x128], 0x40
+add dword [ebp - 0x130], 8
+cmp esi, 2
+jne short loc_fffbe017 ; jne 0xfffbe017
+jmp near loc_fffbe1ed ; jmp 0xfffbe1ed
+
+loc_fffbe03b: ; not directly referenced
+imul edx, esi, 0x13c3
+mov ebx, dword [ebp - 0x130]
+mov ecx, dword [ebp - 0x128]
+mov dword [ebp - 0x108], 0
+mov al, byte [edi + edx + 0x381a]
+lea edx, [edi + edx + 0x49c1]
+mov dword [ebp - 0x100], ebx
+mov dword [ebp - 0x12c], ecx
+mov dword [ebp - 0x120], edx
+mov byte [ebp - 0x141], al
+imul eax, esi, 0x48
+add eax, edi
+
+loc_fffbe082: ; not directly referenced
+mov cl, byte [ebp - 0x108]
+mov edx, 1
+shl edx, cl
+test byte [ebp - 0x141], dl
+jne short loc_fffbe0c5 ; jne 0xfffbe0c5
+
+loc_fffbe097: ; not directly referenced
+inc dword [ebp - 0x108]
+add eax, 0x90
+add dword [ebp - 0x120], 0x18
+add dword [ebp - 0x12c], 0x20
+add dword [ebp - 0x100], 4
+cmp dword [ebp - 0x108], 2
+jne short loc_fffbe082 ; jne 0xfffbe082
+jmp near loc_fffbe022 ; jmp 0xfffbe022
+
+loc_fffbe0c5: ; not directly referenced
+cmp byte [ebp - 0xfc], 0
+jne short loc_fffbe0da ; jne 0xfffbe0da
+mov ebx, dword [ebp - 0x100]
+mov dword [ebx], 0xffffffff
+
+loc_fffbe0da: ; not directly referenced
+mov dl, byte [edi + 0x2488]
+mov byte [ebp - 0x124], dl
+xor edx, edx
+
+loc_fffbe0e8: ; not directly referenced
+cmp byte [ebp - 0x124], dl
+jbe short loc_fffbe116 ; jbe 0xfffbe116
+mov ebx, dword [ebp - 0x100]
+mov ecx, dword [eax + edx*8 + 0x2914]
+cmp dword [eax + edx*8 + 0x2910], ecx
+cmovbe ecx, dword [eax + edx*8 + 0x2910]
+cmp ecx, dword [ebx]
+cmova ecx, dword [ebx]
+inc edx
+mov dword [ebx], ecx
+jmp short loc_fffbe0e8 ; jmp 0xfffbe0e8
+
+loc_fffbe116: ; not directly referenced
+xor edx, edx
+
+loc_fffbe118: ; not directly referenced
+mov ecx, dword [ebp - 0x120]
+movzx ecx, byte [ecx + edx + 0x10]
+test cl, cl
+je loc_fffbe097 ; je 0xfffbe097
+mov dword [ebp - 0x104], 0
+mov dword [ebp - 0x118], 0xffffffff
+mov dword [ebp - 0x114], 0xffffffff
+
+loc_fffbe149: ; not directly referenced
+mov bl, byte [ebp - 0x104]
+cmp byte [ebp - 0x124], bl
+jbe short loc_fffbe1ac ; jbe 0xfffbe1ac
+mov ebx, dword [ebp - 0x104]
+bt ecx, ebx
+jae short loc_fffbe1a4 ; jae 0xfffbe1a4
+mov dword [ebp - 0x148], edx
+mov edx, dword [ebp - 0x114]
+cmp edx, dword [eax + ebx*8 + 0x2910]
+cmova edx, dword [eax + ebx*8 + 0x2910]
+mov dword [ebp - 0x114], edx
+mov edx, dword [ebp - 0x118]
+cmp edx, dword [eax + ebx*8 + 0x2914]
+cmova edx, dword [eax + ebx*8 + 0x2914]
+mov dword [ebp - 0x118], edx
+mov edx, dword [ebp - 0x148]
+
+loc_fffbe1a4: ; not directly referenced
+inc dword [ebp - 0x104]
+jmp short loc_fffbe149 ; jmp 0xfffbe149
+
+loc_fffbe1ac: ; not directly referenced
+mov ecx, dword [ebp - 0xfc]
+movzx ebx, byte [ebp + ecx - 0xe8]
+mov ecx, dword [ebp - 0x118]
+sub ecx, dword [ebp - 0x114]
+mov dword [ebp - 0x104], ebx
+mov ebx, dword [ebp - 0x104]
+imul ebx, ecx
+mov ecx, dword [ebp - 0x12c]
+add dword [ecx + edx*4], ebx
+inc edx
+cmp edx, 8
+jne loc_fffbe118 ; jne 0xfffbe118
+jmp near loc_fffbe097 ; jmp 0xfffbe097
+
+loc_fffbe1ed: ; not directly referenced
+inc dword [ebp - 0xfc]
+cmp dword [ebp - 0xfc], 3
+jne loc_fffbdee0 ; jne 0xfffbdee0
+movzx edx, word [ebp - 0x138]
+movzx eax, word [ebp - 0x13c]
+mov dword [ebp - 0x120], edi
+mov dword [ebp - 0xfc], 0
+add eax, edx
+mov dword [ebp - 0x12c], eax
+movsx eax, byte [ebp - 0x11c]
+sar dword [ebp - 0x12c], 2
+imul esi, eax, 0xa
+imul eax, eax, 0x14
+mov dword [ebp - 0x138], esi
+mov dword [ebp - 0x13c], eax
+mov eax, dword [ebp - 0x134]
+mov dword [ebp - 0x130], eax
+lea eax, [edi + 0x49c1]
+mov dword [ebp - 0x114], eax
+lea eax, [ebp - 0xa8]
+mov dword [ebp - 0x11c], eax
+lea eax, [ebp - 0x98]
+mov dword [ebp - 0x124], eax
+
+loc_fffbe276: ; not directly referenced
+mov eax, dword [ebp - 0x10c]
+mov esi, dword [ebp - 0xfc]
+bt eax, esi
+jae loc_fffbe491 ; jae 0xfffbe491
+mov eax, dword [ebp - 0x114]
+mov dword [ebp - 0x100], 0
+lea esi, [eax - 0x126b]
+mov dword [ebp - 0x134], esi
+mov esi, dword [ebp - 0x120]
+mov dword [ebp - 0x108], eax
+mov dword [ebp - 0x128], esi
+mov esi, dword [ebp - 0x124]
+
+loc_fffbe2bf: ; not directly referenced
+mov ebx, dword [ebp - 0x114]
+mov cl, byte [ebp - 0x100]
+mov dword [ebp - 0x104], 1
+shl dword [ebp - 0x104], cl
+mov al, byte [ebp - 0x104]
+test byte [ebx - 0x11a7], al
+je loc_fffbe44d ; je 0xfffbe44d
+mov eax, dword [ebp - 0x108]
+mov ebx, dword [ebp - 0x11c]
+mov edx, dword [ebp - 0x100]
+mov ecx, dword [ebp - 0x12c]
+mov ax, word [eax + 0xc]
+or al, 0x80
+cmp dword [ebx + edx*4], ecx
+jbe short loc_fffbe33b ; jbe 0xfffbe33b
+imul edx, edx, 0x70
+mov ebx, dword [ebp - 0x134]
+and eax, 0xffffff80
+or eax, 0xd
+mov word [ebx + edx + 0x109f], ax
+mov ebx, dword [ebp - 0x108]
+mov word [ebx + 0xc], ax
+movzx eax, ax
+push edx
+push edx
+push eax
+push 6
+jmp short loc_fffbe397 ; jmp 0xfffbe397
+
+loc_fffbe33b: ; not directly referenced
+mov eax, dword [ebp - 0x108]
+xor ebx, ebx
+mov ecx, dword [ebp - 0x104]
+mov edx, dword [ebp - 0xfc]
+mov ax, word [eax + 6]
+mov word [ebp - 0x118], ax
+or word [ebp - 0x118], 0x10
+push eax
+push eax
+movzx eax, word [ebp - 0x118]
+push eax
+mov eax, edi
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+
+loc_fffbe378: ; not directly referenced
+mov eax, dword [ebp - 0x108]
+movzx ecx, byte [eax + ebx + 0x10]
+test cl, cl
+jne short loc_fffbe3b2 ; jne 0xfffbe3b2
+
+loc_fffbe387: ; not directly referenced
+mov eax, dword [ebp - 0x118]
+push ebx
+push ebx
+and eax, 0xffef
+push eax
+push 3
+
+loc_fffbe397: ; not directly referenced
+mov ecx, dword [ebp - 0x104]
+mov eax, edi
+mov edx, dword [ebp - 0xfc]
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+jmp near loc_fffbe44d ; jmp 0xfffbe44d
+
+loc_fffbe3b2: ; not directly referenced
+mov edx, dword [esi + ebx*4]
+mov dword [ebp - 0x140], ecx
+mov eax, edx
+sar eax, 0x1f
+or eax, 1
+movsx eax, al
+imul eax, dword [ebp - 0x138]
+add eax, edx
+cdq
+idiv dword [ebp - 0x13c]
+mov dword [esi + ebx*4], eax
+push 2
+push 0
+push 1
+push 0
+push ecx
+push dword [ebp - 0x100]
+push dword [ebp - 0xfc]
+push 0
+push 0
+push eax
+push 5
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+mov al, byte [edi + 0x2488]
+add esp, 0x30
+mov byte [ebp - 0x141], al
+xor eax, eax
+
+loc_fffbe40c: ; not directly referenced
+cmp byte [ebp - 0x141], al
+jbe short loc_fffbe43e ; jbe 0xfffbe43e
+mov edx, dword [ebp - 0x140]
+bt edx, eax
+jae short loc_fffbe43b ; jae 0xfffbe43b
+mov edx, dword [ebp - 0x128]
+imul ecx, dword [esi + ebx*4], 0xa
+add dword [edx + eax*8 + 0x2910], ecx
+imul ecx, dword [esi + ebx*4], 0xfffffff6
+add dword [edx + eax*8 + 0x2914], ecx
+
+loc_fffbe43b: ; not directly referenced
+inc eax
+jmp short loc_fffbe40c ; jmp 0xfffbe40c
+
+loc_fffbe43e: ; not directly referenced
+inc ebx
+cmp ebx, 8
+jne loc_fffbe378 ; jne 0xfffbe378
+jmp near loc_fffbe387 ; jmp 0xfffbe387
+
+loc_fffbe44d: ; not directly referenced
+inc dword [ebp - 0x100]
+add esi, 0x20
+add dword [ebp - 0x108], 0x18
+add dword [ebp - 0x128], 0x90
+cmp dword [ebp - 0x100], 2
+jne loc_fffbe2bf ; jne 0xfffbe2bf
+push ecx
+push 0
+movzx eax, byte [edi + 0x2488]
+push eax
+mov eax, dword [ebp - 0x110]
+push dword [ebp - 0x130]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbe491: ; not directly referenced
+inc dword [ebp - 0xfc]
+add dword [ebp - 0x130], 0xcc
+add dword [ebp - 0x114], 0x13c3
+add dword [ebp - 0x124], 0x40
+add dword [ebp - 0x120], 0x48
+add dword [ebp - 0x11c], 8
+cmp dword [ebp - 0xfc], 2
+jne loc_fffbe276 ; jne 0xfffbe276
+jmp near loc_fffbea01 ; jmp 0xfffbea01
+
+loc_fffbe4d2: ; not directly referenced
+mov ecx, 1
+mov edx, 5
+mov eax, edi
+call fcn_fffb13cf ; call 0xfffb13cf
+xor ecx, ecx
+mov edx, 5
+mov word [ebp - 0x118], ax
+mov eax, edi
+call fcn_fffb13cf ; call 0xfffb13cf
+mov word [ebp - 0x11c], ax
+mov al, byte [ebx + 0x15]
+shr al, 6
+movzx edx, al
+movzx eax, byte [ebx + 0x16]
+and eax, 0x1f
+shl eax, 2
+or eax, edx
+mov esi, eax
+mov dl, al
+or edx, 0xffffff80
+shr esi, 6
+cmove edx, eax
+mov byte [ebp - 0xeb], dl
+mov cl, byte [ebx + 0x14]
+movsx dx, dl
+movzx eax, byte [ebx + 0x15]
+lea edx, [edx + edx*4]
+shr cl, 7
+and eax, 0x3f
+movzx ecx, cl
+add eax, eax
+or eax, ecx
+mov esi, eax
+mov cl, al
+or ecx, 0xffffff80
+shr esi, 6
+cmove ecx, eax
+add edx, edx
+mov byte [ebp - 0xea], cl
+movsx cx, cl
+sub esp, 0xc
+mov word [ebp - 0xe8], dx
+movzx edx, byte [edi + 0x248e]
+lea ecx, [ecx + ecx*4]
+add ecx, ecx
+mov eax, edi
+mov word [ebp - 0xe6], cx
+mov ecx, 0x11
+push 0
+call fcn_fffb26ca ; call 0xfffb26ca
+mov al, byte [ebp - 0xed]
+lea esi, [edi + 0x3756]
+add esp, 0x10
+mov byte [ebp - 0xfc], 0
+mov byte [ebp - 0x10c], al
+mov al, byte [ebp - 0xee]
+add byte [ebp - 0x10c], al
+mov al, byte [ebp - 0xec]
+add byte [ebp - 0x10c], al
+lea eax, [ebx + 0x70]
+xor ebx, ebx
+mov dword [ebp - 0x128], eax
+mov dword [ebp - 0x104], eax
+
+loc_fffbe5cb: ; not directly referenced
+cmp dword [esi], 2
+jne short loc_fffbe603 ; jne 0xfffbe603
+movzx ecx, byte [esi + 0xc4]
+mov edx, ebx
+mov eax, edi
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0xfc], al
+push edx
+push 0
+movzx eax, byte [edi + 0x2488]
+push eax
+mov eax, dword [ebp - 0x110]
+push dword [ebp - 0x104]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbe603: ; not directly referenced
+inc ebx
+add esi, 0x13c3
+add dword [ebp - 0x104], 0xcc
+cmp ebx, 2
+jne short loc_fffbe5cb ; jne 0xfffbe5cb
+lea eax, [edi + 0x2490]
+mov ecx, 2
+mov dword [ebp - 0x114], eax
+mov edx, eax
+mov eax, edi
+call fcn_fffa66dd ; call 0xfffa66dd
+movzx eax, byte [ebp - 0xfc]
+lea ebx, [edi + 0x2b50]
+xor ecx, ecx
+mov dword [ebp - 0xfc], eax
+
+loc_fffbe648: ; not directly referenced
+mov eax, dword [ebp - 0xfc]
+mov dword [ebp + ecx*4 - 0xdc], 0
+bt eax, ecx
+jae short loc_fffbe680 ; jae 0xfffbe680
+mov eax, dword [ebx + 4]
+mov esi, 0x14
+xor edx, edx
+add eax, dword [ebx]
+div esi
+mov si, 0xc
+lea edx, [eax - 1]
+cmp edx, 0xb
+cmovbe esi, eax
+mov dword [ebp + ecx*4 - 0xdc], esi
+
+loc_fffbe680: ; not directly referenced
+inc ecx
+add ebx, 0x48
+cmp ecx, 2
+jne short loc_fffbe648 ; jne 0xfffbe648
+mov edx, dword [ebp - 0x114]
+mov cl, 5
+mov eax, edi
+call fcn_fffa66dd ; call 0xfffa66dd
+mov dword [ebp - 0xd4], 0
+mov dword [ebp - 0xb8], 0x7fffffff
+mov dword [ebp - 0xa8], 0x7fffffff
+mov dword [ebp - 0xd0], 0
+mov dword [ebp - 0xb4], 0x7fffffff
+mov dword [ebp - 0xa4], 0x7fffffff
+mov dword [ebp - 0x104], 0
+
+loc_fffbe6de: ; not directly referenced
+xor esi, esi
+
+loc_fffbe6e0: ; not directly referenced
+mov eax, dword [ebp - 0xfc]
+bt eax, esi
+jb short loc_fffbe724 ; jb 0xfffbe724
+
+loc_fffbe6eb: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffbe6e0 ; jne 0xfffbe6e0
+push eax
+mov edx, dword [ebp - 0x114]
+push eax
+mov ecx, dword [ebp - 0xfc]
+push 0
+lea eax, [ebp - 0xc8]
+push eax
+mov eax, edi
+push 0x36
+push 1
+push 5
+push 0
+call fcn_fffc6051 ; call 0xfffc6051
+lea edx, [edi + 0x2914]
+add esp, 0x20
+xor eax, eax
+jmp short loc_fffbe782 ; jmp 0xfffbe782
+
+loc_fffbe724: ; not directly referenced
+mov eax, dword [ebp - 0x104]
+mov ecx, 0xc
+xor ebx, ebx
+movsx eax, byte [ebp + eax - 0xf1]
+imul eax, dword [ebp + esi*4 - 0xdc]
+cdq
+idiv ecx
+mov dword [ebp - 0x120], eax
+
+loc_fffbe74a: ; not directly referenced
+cmp bl, byte [edi + 0x2488]
+jae short loc_fffbe6eb ; jae 0xfffbe6eb
+push 1
+movzx eax, bl
+push 0
+inc ebx
+push 1
+push 0
+push eax
+push 0
+push esi
+push 0
+push 0
+push dword [ebp - 0x120]
+push 2
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+jmp short loc_fffbe74a ; jmp 0xfffbe74a
+
+loc_fffbe779: ; not directly referenced
+inc eax
+add edx, 0x48
+cmp eax, 2
+je short loc_fffbe7d4 ; je 0xfffbe7d4
+
+loc_fffbe782: ; not directly referenced
+mov esi, dword [ebp - 0xfc]
+bt esi, eax
+jae short loc_fffbe779 ; jae 0xfffbe779
+mov ebx, dword [ebp - 0x104]
+mov ecx, dword [edx - 4]
+mov esi, dword [edx]
+movzx ebx, byte [ebp + ebx - 0xee]
+sub esi, ecx
+imul ebx, esi
+add dword [ebp + eax*4 - 0xd4], ebx
+mov ebx, dword [ebp + eax*4 - 0xb8]
+cmp ecx, ebx
+cmovg ecx, ebx
+mov dword [ebp + eax*4 - 0xb8], ecx
+mov ecx, dword [ebp + eax*4 - 0xa8]
+cmp dword [edx], ecx
+cmovle ecx, dword [edx]
+mov dword [ebp + eax*4 - 0xa8], ecx
+jmp short loc_fffbe779 ; jmp 0xfffbe779
+
+loc_fffbe7d4: ; not directly referenced
+inc dword [ebp - 0x104]
+cmp dword [ebp - 0x104], 3
+jne loc_fffbe6de ; jne 0xfffbe6de
+xor eax, eax
+xor ebx, ebx
+
+loc_fffbe7eb: ; not directly referenced
+movsx ecx, word [ebp + eax - 0xe8]
+mov edx, dword [ebp + eax*2 - 0xb8]
+sub edx, ecx
+cmovs edx, ebx
+add ecx, dword [ebp + eax*2 - 0xa8]
+mov dword [ebp + eax*2 - 0xb8], edx
+cmovs ecx, ebx
+cmp ecx, edx
+cmovle edx, ecx
+mov dword [ebp + eax*2 - 0xa8], ecx
+mov dword [ebp + eax*2 - 0x98], edx
+add eax, 2
+cmp eax, 4
+jne short loc_fffbe7eb ; jne 0xfffbe7eb
+movsx eax, byte [ebp - 0x10c]
+xor ebx, ebx
+movzx edx, word [ebp - 0x118]
+imul esi, eax, 0xa
+imul eax, eax, 0x14
+mov dword [ebp - 0x120], esi
+mov dword [ebp - 0x124], eax
+movzx eax, word [ebp - 0x11c]
+add eax, edx
+mov dword [ebp - 0x10c], eax
+lea eax, [edi + 0x2910]
+mov dword [ebp - 0x114], eax
+mov eax, dword [ebp - 0x128]
+sar dword [ebp - 0x10c], 2
+mov dword [ebp - 0x104], eax
+
+loc_fffbe87b: ; not directly referenced
+mov eax, dword [ebp - 0xfc]
+bt eax, ebx
+jae loc_fffbe9e6 ; jae 0xfffbe9e6
+mov edx, dword [ebp + ebx*4 - 0xd4]
+mov eax, edx
+sar eax, 0x1f
+or eax, 1
+movsx eax, al
+imul eax, dword [ebp - 0x120]
+add eax, edx
+cdq
+idiv dword [ebp - 0x124]
+cmp dword [ebp - 0x108], 0x306d0
+sete dl
+cmp dword [ebp - 0x100], 3
+mov dword [ebp + ebx*4 - 0xd4], eax
+seta al
+test al, dl
+jne short loc_fffbe8e9 ; jne 0xfffbe8e9
+cmp dword [ebp - 0x100], 0
+setne cl
+cmp dword [ebp - 0x108], 0x40670
+sete al
+test cl, al
+je short loc_fffbe914 ; je 0xfffbe914
+
+loc_fffbe8e9: ; not directly referenced
+mov eax, dword [ebp - 0x10c]
+cmp dword [ebp + ebx*4 - 0x98], eax
+jbe short loc_fffbe914 ; jbe 0xfffbe914
+movsx eax, byte [ebp + ebx - 0xeb]
+mov dword [ebp + ebx*4 - 0xe4], 0
+neg eax
+mov dword [ebp + ebx*4 - 0xd4], eax
+
+loc_fffbe914: ; not directly referenced
+mov eax, dword [ebp + ebx*4 - 0xe4]
+mov esi, dword [ebp - 0x104]
+mov byte [edi + ebx + 0x369d], al
+cmp byte [esi + 0x61], 0
+jle short loc_fffbe98b ; jle 0xfffbe98b
+cmp dword [ebp - 0x100], 3
+sete cl
+test cl, dl
+jne short loc_fffbe961 ; jne 0xfffbe961
+cmp dword [ebp - 0x100], 0
+sete cl
+cmp dword [ebp - 0x108], 0x40670
+sete byte [ebp - 0x118]
+xor edx, edx
+test byte [ebp - 0x118], cl
+je short loc_fffbe96a ; je 0xfffbe96a
+
+loc_fffbe961: ; not directly referenced
+mov esi, dword [ebp - 0x104]
+mov dl, byte [esi + 0x73]
+
+loc_fffbe96a: ; not directly referenced
+sub dl, byte [ebp + ebx - 0xeb]
+add edx, 3
+movsx esi, dl
+cmp dword [ebp + ebx*4 - 0xd4], esi
+jle short loc_fffbe98b ; jle 0xfffbe98b
+test eax, eax
+je short loc_fffbe98b ; je 0xfffbe98b
+mov dword [ebp + ebx*4 - 0xd4], esi
+
+loc_fffbe98b: ; not directly referenced
+mov eax, dword [ebp - 0xfc]
+lea ecx, [ebx + 1]
+push 2
+mov esi, dword [ebp + ebx*4 - 0xd4]
+sar eax, cl
+push eax
+push 1
+push 0
+push 7
+push 0
+push ebx
+push 0
+push 0
+push esi
+push 5
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+mov ecx, dword [ebp - 0x114]
+imul eax, esi, 0xa
+imul esi, esi, 0xfffffff6
+add esp, 0x2c
+add dword [ecx], eax
+add dword [ecx + 4], esi
+push 0
+movzx eax, byte [edi + 0x2488]
+push eax
+mov eax, dword [ebp - 0x110]
+push dword [ebp - 0x104]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbe9e6: ; not directly referenced
+inc ebx
+add dword [ebp - 0x114], 0x48
+add dword [ebp - 0x104], 0xcc
+cmp ebx, 2
+jne loc_fffbe87b ; jne 0xfffbe87b
+
+loc_fffbea01: ; not directly referenced
+push 2
+push 0
+push 1
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push 2
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+mov byte [edi + 0x247a], 0
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbea2f: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x230
+mov edi, dword [ebp + 8]
+mov eax, dword [edi + 0x5edc]
+mov dword [ebp - 0x1fc], eax
+mov eax, dword [edi + 0x2443]
+mov esi, eax
+mov dword [ebp - 0x218], eax
+mov eax, dword [edi + 0x188b]
+push 0
+push 0x10
+mov dword [ebp - 0x21c], eax
+lea eax, [ebp - 0x1d8]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x1dc]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x1b0
+lea eax, [ebp - 0x1c8]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+mov al, byte [edi + 0x2441]
+xor ecx, ecx
+mov byte [ebp - 0x1d9], 0
+mov byte [ebp - 0x1da], 0
+mov byte [ebp - 0x21d], al
+mov eax, dword [edi + 0x2480]
+mov dword [esp], edi
+cmp eax, 3
+sete cl
+cmp eax, 2
+mov ebx, ecx
+sete byte [ebp - 0x21e]
+mov dword [ebp - 0x208], ebx
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+cmp ebx, 1
+lea ecx, [edi + 0x2490]
+mov dword [ebp - 0x1f4], edi
+mov dword [ebp - 0x1f0], 0
+mov dword [ebp - 0x214], ecx
+mov dword [ebp - 0x200], eax
+sbb eax, eax
+and eax, 7
+add eax, 0xa
+movzx eax, al
+mov dword [ebp - 0x22c], eax
+
+loc_fffbeb18: ; not directly referenced
+mov eax, dword [ebp - 0x1fc]
+xor ebx, ebx
+mov cl, byte [ebp - 0x1f0]
+mov dword [ebp - 0x1ec], 1
+shl dword [ebp - 0x1ec], cl
+add eax, 0x70
+mov dword [ebp - 0x204], eax
+mov byte [ebp - 0x1f8], 0
+
+loc_fffbeb46: ; not directly referenced
+mov ecx, dword [ebp - 0x1ec]
+mov edx, ebx
+mov eax, edi
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0x1f8], al
+movzx eax, byte [ebp - 0x1f8]
+bt eax, ebx
+mov esi, eax
+jae short loc_fffbeb86 ; jae 0xfffbeb86
+push ecx
+push 0
+movzx eax, byte [edi + 0x2488]
+push eax
+mov eax, dword [ebp - 0x218]
+push dword [ebp - 0x204]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffbeb86: ; not directly referenced
+inc ebx
+add dword [ebp - 0x204], 0xcc
+cmp ebx, 2
+jne short loc_fffbeb46 ; jne 0xfffbeb46
+cmp byte [ebp - 0x1f8], 0
+je loc_fffbf0bc ; je 0xfffbf0bc
+sub esp, 0xc
+mov ecx, 0x11
+push 0
+mov edx, esi
+mov eax, edi
+xor bl, bl
+call fcn_fffb26ca ; call 0xfffb26ca
+add esp, 0x10
+
+loc_fffbebbb: ; not directly referenced
+mov dl, bl
+cmp bl, 3
+je short loc_fffbec24 ; je 0xfffbec24
+cmp bl, 1
+jne short loc_fffbebd0 ; jne 0xfffbebd0
+mov byte [edi + 0x248b], 9
+jmp short loc_fffbebdc ; jmp 0xfffbebdc
+
+loc_fffbebd0: ; not directly referenced
+cmp bl, 4
+jne short loc_fffbebdc ; jne 0xfffbebdc
+mov byte [edi + 0x248b], 0
+
+loc_fffbebdc: ; not directly referenced
+lea eax, [edx - 4]
+cmp al, 2
+sbb eax, eax
+and eax, 0x17
+add eax, 0x1f
+cmp dl, 5
+sete dl
+test byte [ebp - 0x21e], dl
+mov dl, 0x25
+lea ecx, [ebp - 0x1d8]
+cmovne eax, edx
+push edx
+movzx eax, al
+push edx
+mov edx, dword [ebp - 0x214]
+push 0
+push ecx
+mov ecx, esi
+push eax
+mov eax, edi
+push 1
+push ebx
+push dword [ebp - 0x1f0]
+call fcn_fffc6051 ; call 0xfffc6051
+add esp, 0x20
+
+loc_fffbec24: ; not directly referenced
+inc ebx
+cmp ebx, 7
+jne short loc_fffbebbb ; jne 0xfffbebbb
+mov ecx, dword [ebp - 0x22c]
+sub esp, 0xc
+mov edx, esi
+push 0
+mov eax, edi
+call fcn_fffb2759 ; call 0xfffb2759
+add esp, 0x10
+cmp dword [ebp - 0x208], 0
+je short loc_fffbec72 ; je 0xfffbec72
+push eax
+mov ecx, esi
+push 0
+xor edx, edx
+push 0
+push 0x20
+push 0
+lea eax, [ebp - 0x1da]
+push eax
+mov eax, edi
+push 0xff
+push dword [ebp - 0x1ec]
+call fcn_fffcfd43 ; call 0xfffcfd43
+jmp short loc_fffbec95 ; jmp 0xfffbec95
+
+loc_fffbec72: ; not directly referenced
+push 1
+mov ecx, esi
+push 1
+xor edx, edx
+lea eax, [ebp - 0x1dc]
+push eax
+mov eax, edi
+push 1
+push 0x40
+push 0xffffffffffffffc0
+push 3
+push 0xff
+call fcn_fffcf3cd ; call 0xfffcf3cd
+
+loc_fffbec95: ; not directly referenced
+add esp, 0x20
+cmp byte [ebp - 0x21d], 0
+sete dl
+cmp dword [ebp - 0x21c], 1
+sete al
+test dl, al
+jne loc_fffbed6c ; jne 0xfffbed6c
+
+loc_fffbecb4: ; not directly referenced
+push edx
+push 0
+push 0
+push 3
+push 0xff
+push 0
+push 0
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 0
+push 0
+push 3
+push 0xff
+push 0
+push 1
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x14
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+lea eax, [ebp - 0x1d8]
+mov edx, dword [ebp - 0x214]
+pop ecx
+mov ecx, esi
+pop ebx
+mov ebx, dword [ebp - 0x1f0]
+push 0
+push eax
+mov eax, edi
+push 0x36
+push 1
+push 0xd
+push ebx
+call fcn_fffc6051 ; call 0xfffc6051
+add esp, 0x14
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+lea edx, [ebp - 0x1c8]
+mov dword [ebp - 0x200], eax
+mov eax, edi
+call fcn_fffb8ffd ; call 0xfffb8ffd
+imul eax, ebx, 0xd8
+mov edx, ebx
+add edx, ebx
+add esp, 0x10
+lea ecx, [edi + ebx*4]
+add edx, edi
+mov dword [ebp - 0x210], ecx
+mov ecx, dword [ebp - 0x1f4]
+add eax, 0x281
+mov dword [ebp - 0x20c], edx
+mov dword [ebp - 0x1f8], 0
+mov dword [ebp - 0x228], eax
+jmp near loc_fffbef33 ; jmp 0xfffbef33
+
+loc_fffbed6c: ; not directly referenced
+xor ebx, ebx
+
+loc_fffbed6e: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffbedcb ; jne 0xfffbedcb
+push eax
+push 0
+push 0
+push 3
+push 0xff
+push 0
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+cmp byte [edi + 0x36c9], 2
+jne short loc_fffbedcb ; jne 0xfffbedcb
+mov ecx, dword [ebp - 0x1fc]
+imul eax, ebx, 0xcc
+mov edx, ebx
+push 0
+push 1
+movzx eax, byte [ecx + eax + 0xe2]
+mov ecx, 0xff
+push eax
+mov eax, edi
+push 1
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffbedcb: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffbed6e ; jne 0xfffbed6e
+sub esp, 0xc
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+cmp dword [ebp - 0x208], 0
+jne short loc_fffbee47 ; jne 0xfffbee47
+mov ecx, dword [ebp - 0x1f4]
+mov edx, 6
+mov eax, dword [ecx + 0x3210]
+mov dword [ecx + 0x3218], eax
+mov eax, dword [ecx + 0x3214]
+mov dword [ecx + 0x321c], eax
+mov eax, dword [ecx + 0x3258]
+mov dword [ecx + 0x3260], eax
+mov eax, dword [ecx + 0x325c]
+mov dword [ecx + 0x3264], eax
+lea eax, [ebp - 0x1dc]
+mov ecx, esi
+push 1
+push 1
+push eax
+mov eax, edi
+push 0
+push 0x40
+push 0xffffffffffffffc0
+push 3
+push 0xff
+call fcn_fffcf3cd ; call 0xfffcf3cd
+add esp, 0x20
+jmp short loc_fffbee56 ; jmp 0xfffbee56
+
+loc_fffbee47: ; not directly referenced
+mov ecx, dword [ebp - 0x1ec]
+mov edx, esi
+mov eax, edi
+call fcn_fffc93f9 ; call 0xfffc93f9
+
+loc_fffbee56: ; not directly referenced
+mov ebx, dword [ebp - 0x1f4]
+mov dword [ebp - 0x1f8], 0
+
+loc_fffbee66: ; not directly referenced
+imul eax, dword [ebp - 0x1f8], 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffbeee7 ; jne 0xfffbeee7
+mov eax, dword [ebx + 0x3218]
+cmp dword [ebx + 0x3210], eax
+cmovbe eax, dword [ebx + 0x3210]
+mov dword [ebx + 0x3210], eax
+mov eax, dword [ebx + 0x321c]
+cmp dword [ebx + 0x3214], eax
+cmovbe eax, dword [ebx + 0x3214]
+mov dword [ebx + 0x3214], eax
+cmp byte [edi + 0x36c9], 2
+jne short loc_fffbeee7 ; jne 0xfffbeee7
+mov edx, dword [ebp - 0x1f8]
+mov ecx, dword [ebp - 0x1fc]
+push 0
+push 1
+imul eax, edx, 0xcc
+movzx eax, byte [ecx + eax + 0xe2]
+mov ecx, 0xff
+neg eax
+push eax
+mov eax, edi
+push 1
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffbeee7: ; not directly referenced
+inc dword [ebp - 0x1f8]
+add ebx, 0x48
+cmp dword [ebp - 0x1f8], 2
+jne loc_fffbee66 ; jne 0xfffbee66
+jmp near loc_fffbecb4 ; jmp 0xfffbecb4
+
+loc_fffbef02: ; not directly referenced
+add dword [ebp - 0x1f8], 0x13c3
+add ecx, 0x48
+add dword [ebp - 0x210], 0x13c3
+add dword [ebp - 0x20c], 0x13c3
+cmp dword [ebp - 0x1f8], 0x2786
+je loc_fffbf0bc ; je 0xfffbf0bc
+
+loc_fffbef33: ; not directly referenced
+mov ebx, dword [ebp - 0x1f8]
+mov al, byte [ebp - 0x1ec]
+test byte [edi + ebx + 0x381a], al
+je short loc_fffbef02 ; je 0xfffbef02
+mov eax, dword [ebp - 0x1f8]
+mov ebx, 0xa
+xor edx, edx
+mov esi, 0xa
+mov byte [ebp - 0x204], 0
+lea eax, [edi + eax + 0x3756]
+mov dword [ebp - 0x224], eax
+mov eax, dword [ecx + 0x3210]
+div ebx
+mov ebx, dword [ebp - 0x210]
+xor edx, edx
+mov byte [ebx + 0x39c7], al
+mov eax, dword [ecx + 0x3214]
+div esi
+xor edx, edx
+mov byte [ebx + 0x39c8], al
+mov eax, dword [ecx + 0x3450]
+div esi
+xor edx, edx
+mov byte [ebx + 0x39ca], al
+mov eax, dword [ecx + 0x3454]
+div esi
+xor edx, edx
+mov byte [ebx + 0x39c9], al
+mov eax, dword [ecx + 0x2d90]
+mov ebx, dword [ebp - 0x20c]
+div esi
+xor edx, edx
+mov byte [ebx + 0x4757], al
+mov eax, dword [ecx + 0x2d94]
+div esi
+xor edx, edx
+mov byte [ebx + 0x4758], al
+mov eax, dword [ecx + 0x2fd0]
+div esi
+xor edx, edx
+mov byte [ebx + 0x475f], al
+mov eax, dword [ecx + 0x2fd4]
+div esi
+mov byte [ebx + 0x4760], al
+
+loc_fffbeff8: ; not directly referenced
+mov al, byte [ebp - 0x204]
+cmp al, byte [edi + 0x2488]
+jae loc_fffbef02 ; jae 0xfffbef02
+movzx ebx, al
+imul ebx, ebx, 0x18
+add ebx, dword [ebp - 0x228]
+add ebx, dword [ebp - 0x224]
+mov byte [ebp - 0x21f], 8
+
+loc_fffbf023: ; not directly referenced
+mov eax, dword [ecx + 0x26d0]
+mov esi, 0xa
+xor edx, edx
+add ebx, 3
+div esi
+xor edx, edx
+mov byte [ebx - 3], al
+mov eax, dword [ecx + 0x26d4]
+div esi
+xor edx, edx
+mov byte [ebx - 1], al
+mov eax, dword [ecx + 0x2b50]
+div esi
+xor edx, edx
+mov byte [ebx + 0x35d], al
+mov eax, dword [ecx + 0x2b54]
+div esi
+xor edx, edx
+mov byte [ebx + 0x35f], al
+mov eax, dword [ecx + 0x2490]
+div esi
+xor edx, edx
+mov byte [ebx + 0x6bf], al
+mov eax, dword [ecx + 0x2494]
+div esi
+xor edx, edx
+mov byte [ebx + 0x6bd], al
+mov eax, dword [ecx + 0x2910]
+div esi
+xor edx, edx
+mov byte [ebx + 0xa1f], al
+mov eax, dword [ecx + 0x2914]
+div esi
+mov byte [ebx + 0xa1d], al
+dec byte [ebp - 0x21f]
+jne loc_fffbf023 ; jne 0xfffbf023
+inc byte [ebp - 0x204]
+jmp near loc_fffbeff8 ; jmp 0xfffbeff8
+
+loc_fffbf0bc: ; not directly referenced
+inc dword [ebp - 0x1f0]
+add dword [ebp - 0x1f4], 0x90
+cmp dword [ebp - 0x1f0], 4
+jne loc_fffbeb18 ; jne 0xfffbeb18
+cmp dword [edi + 0x3756], 2
+jne short loc_fffbf0f0 ; jne 0xfffbf0f0
+xor ecx, ecx
+mov edx, 0x4198
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffbf0f0: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+jne short loc_fffbf107 ; jne 0xfffbf107
+xor ecx, ecx
+mov edx, 0x4598
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffbf107: ; not directly referenced
+mov eax, dword [ebp - 0x200]
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbf115: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+add esp, 0xffffff80
+mov ebx, dword [ebp + 8]
+lea edi, [ebp - 0x60]
+mov byte [ebp - 0x67], 5
+mov byte [ebp - 0x66], 2
+mov eax, dword [ebx + 0x5edc]
+mov byte [ebp - 0x65], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 1
+mov dword [ebp - 0x6c], eax
+mov al, byte [ebx + 0x248e]
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+mov byte [ebp - 0x6d], al
+mov eax, dword [ebx + 0x188b]
+mov dword [ebp - 0x74], eax
+mov eax, dword [ebx + 0x2443]
+push 0
+push 5
+push edi
+call dword [eax + 0x60] ; ucall
+movzx edx, byte [ebp - 0x67]
+mov ecx, 1
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+movzx edx, byte [ebp - 0x66]
+mov ecx, 1
+mov word [ebp - 0x60], ax
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+add esp, 0x10
+mov word [ebp - 0x5e], ax
+
+loc_fffbf196: ; not directly referenced
+mov eax, 1
+mov ecx, esi
+shl eax, cl
+test byte [ebx + 0x248d], al
+je short loc_fffbf1d2 ; je 0xfffbf1d2
+push edx
+mov ecx, 3
+push 2
+push 0
+push 0xf
+push 0xb
+push 0
+push edi
+lea edx, [ebp - 0x65]
+push edx
+push 2
+lea edx, [ebp - 0x67]
+push edx
+push 4
+push eax
+mov eax, ebx
+lea edx, [ebp - 0x56]
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+
+loc_fffbf1d2: ; not directly referenced
+inc esi
+cmp esi, 4
+jne short loc_fffbf196 ; jne 0xfffbf196
+push eax
+mov ecx, 3
+push eax
+mov eax, ebx
+push 0
+push 0xf
+push 0
+push 0
+push 0
+push 2
+lea edx, [ebx + 0x2490]
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+cmp dword [ebp - 0x74], 1
+jne loc_fffbf2df ; jne 0xfffbf2df
+lea eax, [ebx + 0x3756]
+mov edi, dword [ebp - 0x6c]
+mov dword [ebp - 0x78], eax
+movzx eax, byte [ebp - 0x6d]
+mov dword [ebp - 0x6c], 0
+add edi, 0x1c
+mov dword [ebp - 0x80], eax
+
+loc_fffbf222: ; not directly referenced
+mov eax, dword [ebp - 0x80]
+mov ecx, dword [ebp - 0x6c]
+bt eax, ecx
+jb short loc_fffbf248 ; jb 0xfffbf248
+
+loc_fffbf22d: ; not directly referenced
+inc dword [ebp - 0x6c]
+add edi, 0xcc
+add dword [ebp - 0x78], 0x13c3
+cmp dword [ebp - 0x6c], 2
+jne short loc_fffbf222 ; jne 0xfffbf222
+jmp near loc_fffbf2df ; jmp 0xfffbf2df
+
+loc_fffbf248: ; not directly referenced
+mov byte [ebp - 0x6d], 0
+
+loc_fffbf24c: ; not directly referenced
+mov al, byte [ebp - 0x6d]
+cmp al, byte [ebx + 0x2488]
+jae short loc_fffbf22d ; jae 0xfffbf22d
+mov edx, dword [ebp - 0x78]
+movzx esi, al
+mov byte [ebp - 0x74], 0
+mov cl, byte [edx + 0xc4]
+add esi, edx
+mov dword [ebp - 0x7c], esi
+mov byte [ebp - 0x6e], cl
+xor ecx, ecx
+
+loc_fffbf271: ; not directly referenced
+mov eax, 1
+shl eax, cl
+test byte [ebp - 0x6e], al
+je short loc_fffbf29d ; je 0xfffbf29d
+mov eax, dword [ebp - 0x7c]
+lea esi, [ecx + ecx*8]
+mov al, byte [eax + esi + 0x24d]
+mov dl, al
+and eax, 0xf
+shr dl, 4
+shl edx, 2
+cmp dl, al
+setne al
+or byte [ebp - 0x74], al
+
+loc_fffbf29d: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffbf271 ; jne 0xfffbf271
+cmp byte [ebx + 0x240e], 1
+je short loc_fffbf2b2 ; je 0xfffbf2b2
+cmp byte [ebp - 0x74], 1
+jne short loc_fffbf2d7 ; jne 0xfffbf2d7
+
+loc_fffbf2b2: ; not directly referenced
+movzx esi, byte [ebp - 0x6d]
+mov eax, ebx
+mov edx, dword [ebp - 0x6c]
+mov ecx, esi
+add esi, 8
+call fcn_fffa720e ; call 0xfffa720e
+or byte [edi + esi*4 + 0xb], 1
+mov ecx, dword [edi + esi*4 + 8]
+mov edx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffbf2d7: ; not directly referenced
+inc byte [ebp - 0x6d]
+jmp near loc_fffbf24c ; jmp 0xfffbf24c
+
+loc_fffbf2df: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbf2e9: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x540
+mov esi, dword [ebp + 0xc]
+mov ebx, dword [ebp + 8]
+lea edi, [ebp - 0x4fa]
+mov dword [ebp - 0x520], edx
+mov edx, dword [ebp + 0x14]
+mov dword [ebp - 0x51c], eax
+mov dword [ebp - 0x52c], esi
+mov esi, dword [ebp + 0x18]
+mov dword [ebp - 0x524], ecx
+mov ecx, 0xa
+mov dword [ebp - 0x538], edx
+mov dword [ebp - 0x528], ebx
+mov ebx, dword [ebp + 0x10]
+mov dword [ebp - 0x530], esi
+mov esi, dword [ebp + 0x20]
+mov byte [ebp - 0x507], 4
+mov byte [ebp - 0x506], 1
+mov byte [ebp - 0x505], 5
+mov eax, esi
+mov dword [ebp - 0x534], esi
+mov esi, ref_fffd590c ; mov esi, 0xfffd590c
+mov byte [ebp - 0x541], al
+lea eax, [ebp - 0x4f0]
+mov byte [ebp - 0x504], 2
+mov byte [ebp - 0x50b], 4
+mov byte [ebp - 0x50a], 1
+mov byte [ebp - 0x509], 5
+mov byte [ebp - 0x508], 2
+mov byte [ebp - 0x4ff], 1
+mov byte [ebp - 0x4fe], 2
+mov byte [ebp - 0x4fd], 0
+mov byte [ebp - 0x4fc], 0
+mov byte [ebp - 0x4fb], 0
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+mov edi, dword [ebp - 0x51c]
+mov dword [ebp - 0x503], 0
+mov esi, dword [edi + 0x2443]
+push 0xff
+push 0x4d8
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0xff
+push 0x54e
+push dword [ebp - 0x520]
+call dword [esi + 0x5c] ; ucall
+mov cl, byte [ebp - 0x524]
+mov al, byte [ebp - 0x528]
+and cl, byte [edi + 0x248e]
+and al, byte [edi + 0x248d]
+add esp, 0x10
+mov byte [ebp - 0x50d], 0
+mov edx, dword [ebp - 0x538]
+movzx esi, cl
+mov edi, eax
+xor eax, eax
+and cl, 1
+je short loc_fffbf439 ; je 0xfffbf439
+mov ecx, dword [ebp - 0x51c]
+mov eax, edi
+and al, byte [ecx + 0x381a]
+test al, al
+mov byte [ebp - 0x50d], al
+setne al
+
+loc_fffbf439: ; not directly referenced
+and esi, 2
+mov byte [ebp - 0x50c], 0
+je short loc_fffbf463 ; je 0xfffbf463
+mov esi, dword [ebp - 0x51c]
+mov ecx, edi
+and cl, byte [esi + 0x4bdd]
+mov esi, eax
+or esi, 2
+test cl, cl
+mov byte [ebp - 0x50c], cl
+cmovne eax, esi
+
+loc_fffbf463: ; not directly referenced
+mov cl, byte [ebx]
+movzx eax, al
+mov esi, dword [ebp - 0x520]
+mov dword [ebp - 0x524], eax
+mov byte [esi], cl
+mov cl, byte [edx]
+mov byte [esi + 4], cl
+mov cl, byte [ebx + 1]
+mov byte [esi + 1], cl
+mov cl, byte [edx + 1]
+mov byte [esi + 5], cl
+mov cl, byte [ebx + 2]
+mov byte [esi + 2], cl
+mov cl, byte [edx + 2]
+mov byte [esi + 6], cl
+mov cl, byte [ebx + 3]
+mov bl, byte [ebp - 0x530]
+mov byte [esi + 3], cl
+mov dl, byte [edx + 3]
+mov byte [esi + 8], bl
+mov byte [esi + 7], dl
+mov edx, eax
+movzx eax, byte [ebp - 0x52c]
+push ecx
+push ecx
+mov ecx, esi
+push 1
+push eax
+mov eax, dword [ebp - 0x51c]
+call fcn_fffb3a79 ; call 0xfffb3a79
+add esp, 0x10
+cmp dword [ebp + 0x24], 0
+je short loc_fffbf50e ; je 0xfffbf50e
+mov esi, dword [ebp - 0x51c]
+push ecx
+mov ecx, dword [ebp - 0x524]
+push 0
+push 0
+lea ebx, [esi + 0x2490]
+mov eax, esi
+push 0
+mov edx, ebx
+call fcn_fffc19af ; call 0xfffc19af
+mov ecx, dword [ebp - 0x524]
+pop eax
+mov eax, esi
+pop edx
+mov edx, ebx
+push 0
+push 0xf
+push 0
+push 0
+push 0
+push 1
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+
+loc_fffbf50e: ; not directly referenced
+cmp dword [ebp + 0x28], 0
+je short loc_fffbf547 ; je 0xfffbf547
+mov ebx, dword [ebp - 0x51c]
+sub esp, 0xc
+push ebx
+call fcn_fffbdcd9 ; call 0xfffbdcd9
+mov ecx, dword [ebp - 0x524]
+pop eax
+mov eax, ebx
+pop edx
+lea edx, [ebx + 0x2490]
+push 0
+push 0xf
+push 0
+push 0
+push 0
+push 2
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+
+loc_fffbf547: ; not directly referenced
+mov ebx, dword [ebp - 0x520]
+mov edx, edi
+xor ecx, ecx
+mov al, byte [ebp - 0x534]
+movzx edi, dl
+mov dword [ebp - 0x52c], edi
+mov byte [ebx + 0x539], al
+lea eax, [ebx + 0x534]
+mov dword [ebp - 0x538], eax
+mov eax, dword [ebp + 0x1c]
+lea ebx, [ebp - 0x507]
+mov dword [ebp - 0x530], eax
+xor eax, eax
+
+loc_fffbf583: ; not directly referenced
+mov dl, byte [ebp - 0x530]
+sub edx, dword [ebp + 0x1c]
+cmp dl, byte [ebp - 0x541]
+jae loc_fffbf9f9 ; jae 0xfffbf9f9
+mov edi, dword [ebp - 0x530]
+mov esi, dword [ebp - 0x538]
+mov dl, byte [edi]
+mov byte [esi], dl
+cmp byte [edi], 6
+ja loc_fffbf92d ; ja 0xfffbf92d
+movzx edx, byte [edi]
+jmp dword [edx*4 + ref_fffd5918] ; ujmp: jmp dword [edx*4 - 0x2a6e8]
+
+loc_fffbf5bb: ; not directly referenced
+push eax
+mov ecx, dword [ebp - 0x524]
+push 1
+push 0
+push 0xf
+push 0xc
+push 0xfffffffffffffff5
+lea eax, [ebp - 0x4fa]
+push eax
+lea eax, [ebp - 0x4ff]
+push eax
+mov eax, dword [ebp - 0x51c]
+push 2
+lea ebx, [ebp - 0x509]
+push ebx
+push 0
+push dword [ebp - 0x52c]
+lea esi, [ebp - 0x3f8]
+mov edx, esi
+call fcn_fffca96e ; call 0xfffca96e
+mov eax, dword [ebp - 0x520]
+mov ecx, 0x3e
+add esp, 0x30
+lea edi, [eax + 0x14f]
+mov eax, 1
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+mov cl, 2
+jmp near loc_fffbf92d ; jmp 0xfffbf92d
+
+loc_fffbf620: ; not directly referenced
+push eax
+mov ecx, dword [ebp - 0x524]
+push 0
+push 9
+push 0xf
+push 6
+push 0xfffffffffffffff6
+lea eax, [ebp - 0x4fa]
+push eax
+lea eax, [ebp - 0x4ff]
+push eax
+mov eax, dword [ebp - 0x51c]
+push 2
+lea ebx, [ebp - 0x50b]
+push ebx
+push 1
+push dword [ebp - 0x52c]
+lea esi, [ebp - 0x110]
+mov edx, esi
+call fcn_fffca96e ; call 0xfffca96e
+mov eax, dword [ebp - 0x520]
+mov ecx, 0x3e
+add esp, 0x30
+lea edi, [eax + 0x437]
+mov eax, 4
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+mov cl, 2
+jmp near loc_fffbf92d ; jmp 0xfffbf92d
+
+loc_fffbf685: ; not directly referenced
+lea eax, [ebp - 0x208]
+xor ebx, ebx
+mov dword [ebp - 0x534], eax
+
+loc_fffbf693: ; not directly referenced
+mov eax, dword [ebp - 0x52c]
+bt eax, ebx
+jb short loc_fffbf6bd ; jb 0xfffbf6bd
+
+loc_fffbf69e: ; not directly referenced
+inc ebx
+add dword [ebp - 0x534], 0x3e
+cmp ebx, 4
+jne short loc_fffbf693 ; jne 0xfffbf693
+mov cl, 2
+mov eax, 3
+lea ebx, [ebp - 0x509]
+jmp near loc_fffbf92d ; jmp 0xfffbf92d
+
+loc_fffbf6bd: ; not directly referenced
+push edi
+mov esi, dword [ebp - 0x534]
+mov cl, bl
+push 2
+push 0
+push 0xf
+push 0xb
+mov edx, esi
+push 0
+lea eax, [ebp - 0x4fa]
+push eax
+lea eax, [ebp - 0x4ff]
+push eax
+push 2
+lea eax, [ebp - 0x509]
+push eax
+mov eax, dword [ebp - 0x51c]
+push 4
+mov dword [ebp - 0x528], 1
+shl dword [ebp - 0x528], cl
+push dword [ebp - 0x528]
+mov ecx, dword [ebp - 0x524]
+call fcn_fffca96e ; call 0xfffca96e
+imul eax, ebx, 0x3e
+mov edi, dword [ebp - 0x520]
+mov ecx, 0x3e
+add esp, 0x30
+lea edx, [ebp - 0x4f0]
+lea edi, [edi + eax + 0x33f]
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+lea ecx, [ebp - 0x50d]
+lea edi, [ebp - 0x50b]
+
+loc_fffbf73e: ; not directly referenced
+movzx esi, byte [ecx]
+test dword [ebp - 0x528], esi
+je short loc_fffbf779 ; je 0xfffbf779
+mov si, word [edx + eax + 0x30c]
+cmp si, word [edx + 0x30c]
+jae short loc_fffbf761 ; jae 0xfffbf761
+mov word [edx + 0x30c], si
+
+loc_fffbf761: ; not directly referenced
+mov si, word [edx + eax + 0x310]
+cmp si, word [edx + 0x310]
+jae short loc_fffbf779 ; jae 0xfffbf779
+mov word [edx + 0x310], si
+
+loc_fffbf779: ; not directly referenced
+inc ecx
+add edx, 2
+cmp ecx, edi
+je loc_fffbf69e ; je 0xfffbf69e
+jmp short loc_fffbf73e ; jmp 0xfffbf73e
+
+loc_fffbf787: ; not directly referenced
+mov eax, dword [ebp - 0x51c]
+lea ebx, [ebp - 0x300]
+mov dword [ebp - 0x534], ebx
+cmp dword [eax + 0x188b], 1
+setne al
+xor ebx, ebx
+lea eax, [eax + eax + 0xc]
+movsx eax, al
+mov dword [ebp - 0x53c], eax
+
+loc_fffbf7b2: ; not directly referenced
+mov eax, dword [ebp - 0x52c]
+bt eax, ebx
+jb short loc_fffbf7dc ; jb 0xfffbf7dc
+
+loc_fffbf7bd: ; not directly referenced
+inc ebx
+add dword [ebp - 0x534], 0x3e
+cmp ebx, 4
+jne short loc_fffbf7b2 ; jne 0xfffbf7b2
+mov cl, 2
+mov eax, 2
+lea ebx, [ebp - 0x50b]
+jmp near loc_fffbf92d ; jmp 0xfffbf92d
+
+loc_fffbf7dc: ; not directly referenced
+push esi
+mov cl, bl
+mov esi, dword [ebp - 0x534]
+push 0
+push 9
+push 0xf
+push dword [ebp - 0x53c]
+mov edx, esi
+lea eax, [ebp - 0x4fa]
+mov dword [ebp - 0x528], 1
+shl dword [ebp - 0x528], cl
+push 0
+mov ecx, dword [ebp - 0x524]
+push eax
+lea eax, [ebp - 0x4ff]
+push eax
+push 2
+lea eax, [ebp - 0x50b]
+push eax
+mov eax, dword [ebp - 0x51c]
+push 5
+push dword [ebp - 0x528]
+call fcn_fffca96e ; call 0xfffca96e
+imul eax, ebx, 0x3e
+mov edi, dword [ebp - 0x520]
+mov ecx, 0x3e
+add esp, 0x30
+lea edx, [ebp - 0x4f0]
+lea edi, [edi + eax + 0x247]
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+lea ecx, [ebp - 0x50d]
+
+loc_fffbf85b: ; not directly referenced
+movzx esi, byte [ecx]
+test dword [ebp - 0x528], esi
+je short loc_fffbf896 ; je 0xfffbf896
+mov si, word [edx + eax + 0x214]
+cmp si, word [edx + 0x214]
+jae short loc_fffbf87e ; jae 0xfffbf87e
+mov word [edx + 0x214], si
+
+loc_fffbf87e: ; not directly referenced
+mov si, word [edx + eax + 0x218]
+cmp si, word [edx + 0x218]
+jae short loc_fffbf896 ; jae 0xfffbf896
+mov word [edx + 0x218], si
+
+loc_fffbf896: ; not directly referenced
+inc ecx
+add edx, 2
+lea edi, [ebp - 0x50b]
+cmp ecx, edi
+je loc_fffbf7bd ; je 0xfffbf7bd
+jmp short loc_fffbf85b ; jmp 0xfffbf85b
+
+loc_fffbf8aa: ; not directly referenced
+mov eax, dword [ebp - 0x51c]
+cmp dword [eax + 0x188b], 1
+jne short loc_fffbf8ca ; jne 0xfffbf8ca
+call fcn_fffa9b8c ; call 0xfffa9b8c
+mov edx, 0x2f
+mov eax, 8
+jmp short loc_fffbf8d1 ; jmp 0xfffbf8d1
+
+loc_fffbf8ca: ; not directly referenced
+mov edx, 7
+xor eax, eax
+
+loc_fffbf8d1: ; not directly referenced
+push ecx
+mov ecx, dword [ebp - 0x524]
+push 0
+push 9
+push 0xf
+push edx
+push eax
+lea eax, [ebp - 0x4fa]
+push eax
+lea eax, [ebp - 0x4ff]
+push eax
+mov eax, dword [ebp - 0x51c]
+push 2
+lea ebx, [ebp - 0x50b]
+push ebx
+push 6
+push dword [ebp - 0x52c]
+lea edx, [ebp - 0x4f0]
+lea esi, [ebp - 0x4f0]
+call fcn_fffca96e ; call 0xfffca96e
+mov eax, dword [ebp - 0x520]
+mov ecx, 0x3e
+add esp, 0x30
+lea edi, [eax + 0x57]
+xor eax, eax
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+mov cl, 2
+
+loc_fffbf92d: ; not directly referenced
+imul edi, eax, 0x7c
+mov dword [ebp - 0x528], 0
+mov dword [ebp - 0x53c], edi
+
+loc_fffbf940: ; not directly referenced
+mov edi, dword [ebp - 0x528]
+cmp byte [ebp + edi - 0x50d], 0
+je loc_fffbf9d5 ; je 0xfffbf9d5
+mov edi, dword [ebp - 0x53c]
+lea edx, [ebp - 0x4f0]
+add edi, dword [ebp - 0x528]
+add edi, edi
+add edi, edx
+mov dword [ebp - 0x540], edi
+xor edi, edi
+jmp short loc_fffbf9cf ; jmp 0xfffbf9cf
+
+loc_fffbf974: ; not directly referenced
+mov dl, byte [ebx + edi]
+xor esi, esi
+mov byte [ebp - 0x534], dl
+cmp dl, 0x21
+ja short loc_fffbf98e ; ja 0xfffbf98e
+movzx esi, dl
+movzx esi, byte [esi + ref_fffd5f1c] ; movzx esi, byte [esi - 0x2a0e4]
+
+loc_fffbf98e: ; not directly referenced
+mov edx, esi
+movzx esi, dl
+mov dl, byte [ebp - 0x534]
+mov dword [ebp - 0x548], eax
+mov eax, dword [ebp - 0x520]
+mov byte [ebp + esi - 0x503], dl
+mov edx, dword [ebp - 0x528]
+add esi, esi
+lea edx, [edx + esi + 0x20]
+mov esi, dword [ebp - 0x540]
+mov si, word [esi + edi*4 + 0x24]
+inc edi
+mov word [eax + edx*2 + 3], si
+mov eax, dword [ebp - 0x548]
+
+loc_fffbf9cf: ; not directly referenced
+mov edx, edi
+cmp cl, dl
+ja short loc_fffbf974 ; ja 0xfffbf974
+
+loc_fffbf9d5: ; not directly referenced
+inc dword [ebp - 0x528]
+cmp dword [ebp - 0x528], 2
+jne loc_fffbf940 ; jne 0xfffbf940
+inc dword [ebp - 0x530]
+inc dword [ebp - 0x538]
+jmp near loc_fffbf583 ; jmp 0xfffbf583
+
+loc_fffbf9f9: ; not directly referenced
+mov eax, dword [ebp - 0x520]
+lea ebx, [ebp - 0x503]
+mov dword [ebp - 0x524], ebx
+mov byte [ebp - 0x52c], 0
+mov byte [eax + 0x52f], 0
+mov dword [ebp - 0x528], eax
+
+loc_fffbfa1f: ; not directly referenced
+mov eax, dword [ebp - 0x524]
+mov bl, byte [eax]
+test bl, bl
+je loc_fffbfad2 ; je 0xfffbfad2
+mov ecx, dword [ebp - 0x520]
+xor esi, esi
+movzx eax, byte [ebp - 0x52c]
+mov edi, dword [ebp - 0x51c]
+mov byte [ecx + eax + 0x530], bl
+lea eax, [ecx + eax*4]
+inc byte [ecx + 0x52f]
+add edi, 0x49be
+mov dword [ebp - 0x530], eax
+movzx eax, bl
+mov dword [ebp - 0x534], eax
+
+loc_fffbfa69: ; not directly referenced
+cmp byte [ebp + esi - 0x50d], 0
+je short loc_fffbfac0 ; je 0xfffbfac0
+mov edx, dword [ebp - 0x534]
+mov ecx, 1
+mov eax, dword [ebp - 0x51c]
+call fcn_fffb13cf ; call 0xfffb13cf
+cmp bl, 2
+jne short loc_fffbfaa1 ; jne 0xfffbfaa1
+cmp byte [edi + 0x128], 5
+mov dl, byte [edi]
+je short loc_fffbfa9e ; je 0xfffbfa9e
+cmp dl, 5
+jne short loc_fffbfaa1 ; jne 0xfffbfaa1
+
+loc_fffbfa9e: ; not directly referenced
+add eax, 0x50
+
+loc_fffbfaa1: ; not directly referenced
+mov ecx, dword [ebp - 0x528]
+mov dx, word [ecx + esi*2 + 0x43]
+mov ecx, dword [ebp - 0x530]
+cmp dx, ax
+cmovbe eax, edx
+mov word [ecx + esi*2 + 0x53a], ax
+
+loc_fffbfac0: ; not directly referenced
+inc esi
+add edi, 0x13c3
+cmp esi, 2
+jne short loc_fffbfa69 ; jne 0xfffbfa69
+inc byte [ebp - 0x52c]
+
+loc_fffbfad2: ; not directly referenced
+inc dword [ebp - 0x524]
+add dword [ebp - 0x528], 4
+lea eax, [ebp - 0x4ff]
+cmp dword [ebp - 0x524], eax
+jne loc_fffbfa1f ; jne 0xfffbfa1f
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffbfaf9: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x57c
+mov ebx, dword [ebp + 0x10]
+cmp byte [eax + 0x248b], 1
+mov dword [ebp - 0x50c], eax
+mov dword [ebp - 0x574], ecx
+mov dword [ebp - 0x53c], ebx
+mov byte [ebp - 0x566], dl
+mov byte [ebp - 0x535], cl
+mov byte [ebp - 0x50e], bl
+jne short loc_fffbfb5b ; jne 0xfffbfb5b
+mov al, byte [eax + 0x248c]
+lea edx, [eax + 4]
+mov byte [ebp - 0x508], al
+mov byte [ebp - 0x507], al
+add eax, 2
+mov byte [ebp - 0x506], dl
+mov byte [ebp - 0x505], al
+jmp short loc_fffbfb77 ; jmp 0xfffbfb77
+
+loc_fffbfb5b: ; not directly referenced
+mov byte [ebp - 0x508], 1
+mov byte [ebp - 0x507], 1
+mov byte [ebp - 0x506], 1
+mov byte [ebp - 0x505], 1
+
+loc_fffbfb77: ; not directly referenced
+mov ebx, dword [ebp - 0x53c]
+mov al, bl
+shr al, 4
+inc eax
+mov byte [ebp - 0x520], al
+cmp bl, 9
+je short loc_fffbfbaa ; je 0xfffbfbaa
+cmp bl, 8
+je short loc_fffbfbba ; je 0xfffbfbba
+cmp bl, 0xa
+sete al
+mov byte [ebp - 0x50d], al
+shl eax, 2
+mov byte [ebp - 0x50f], al
+jmp short loc_fffbfbc8 ; jmp 0xfffbfbc8
+
+loc_fffbfbaa: ; not directly referenced
+mov byte [ebp - 0x50d], 1
+mov byte [ebp - 0x50f], 1
+jmp short loc_fffbfbc8 ; jmp 0xfffbfbc8
+
+loc_fffbfbba: ; not directly referenced
+mov byte [ebp - 0x50d], 1
+mov byte [ebp - 0x50f], 2
+
+loc_fffbfbc8: ; not directly referenced
+mov eax, dword [ebp - 0x53c]
+cmp al, 0x21
+sete dl
+cmp al, 0x11
+sete al
+or dl, al
+jne short loc_fffbfbef ; jne 0xfffbfbef
+cmp byte [ebp - 0x53c], 5
+mov dword [ebp - 0x52c], 0
+jne short loc_fffbfc01 ; jne 0xfffbfc01
+
+loc_fffbfbef: ; not directly referenced
+mov al, byte [ebp - 0x50d]
+xor eax, 1
+movzx eax, al
+mov dword [ebp - 0x52c], eax
+
+loc_fffbfc01: ; not directly referenced
+lea eax, [ebp - 0x4e0]
+xor edi, edi
+mov dword [ebp - 0x51c], eax
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x514], eax
+movzx eax, byte [ebp - 0x566]
+mov dword [ebp - 0x518], eax
+
+loc_fffbfc25: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+bt eax, edi
+jb short loc_fffbfc90 ; jb 0xfffbfc90
+
+loc_fffbfc30: ; not directly referenced
+inc edi
+add dword [ebp - 0x514], 0x48
+add dword [ebp - 0x51c], 0x24
+cmp edi, 2
+jne short loc_fffbfc25 ; jne 0xfffbfc25
+mov eax, dword [ebp - 0x518]
+mov byte [ebp - 0x510], 0
+mov dword [ebp - 0x514], 0
+sar eax, 1
+mov dword [ebp - 0x564], eax
+movzx eax, byte [ebp - 0x50d]
+and dword [ebp - 0x564], 1
+shl eax, 2
+mov dword [ebp - 0x560], eax
+movzx eax, byte [ebp - 0x520]
+mov dword [ebp - 0x57c], eax
+dec eax
+mov dword [ebp - 0x580], eax
+jmp short loc_fffbfcd3 ; jmp 0xfffbfcd3
+
+loc_fffbfc90: ; not directly referenced
+mov eax, dword [ebp - 0x50c]
+xor ecx, ecx
+mov esi, dword [ebp - 0x514]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x524], al
+
+loc_fffbfcaa: ; not directly referenced
+cmp byte [ebp - 0x524], cl
+jbe loc_fffbfc30 ; jbe 0xfffbfc30
+mov eax, dword [esi + 4]
+mov ebx, 0x14
+xor edx, edx
+add eax, dword [esi]
+add esi, 8
+div ebx
+mov ebx, dword [ebp - 0x51c]
+mov dword [ebx + ecx*4], eax
+inc ecx
+jmp short loc_fffbfcaa ; jmp 0xfffbfcaa
+
+loc_fffbfcd3: ; not directly referenced
+mov esi, dword [ebp - 0x514]
+mov eax, esi
+mov byte [ebp - 0x565], al
+lea eax, [esi + esi - 1]
+xor esi, esi
+mov dword [ebp - 0x540], eax
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x520], eax
+movzx eax, byte [ebp - 0x535]
+mov dword [ebp - 0x534], eax
+movzx eax, byte [ebp - 0x50f]
+mov dword [ebp - 0x558], eax
+
+loc_fffbfd10: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+bt eax, esi
+jae loc_fffbfe95 ; jae 0xfffbfe95
+lea eax, [esi + esi*8]
+lea edi, [ebp - 0x18]
+add edi, eax
+mov dword [ebp - 0x528], eax
+mov byte [ebp - 0x524], 0x7f
+mov byte [ebp - 0x51c], 0
+mov dword [ebp - 0x530], eax
+mov dword [ebp - 0x55c], edi
+jmp near loc_fffbfe7d ; jmp 0xfffbfe7d
+
+loc_fffbfd4c: ; not directly referenced
+movzx ebx, byte [ebp - 0x51c]
+mov eax, dword [ebp - 0x55c]
+movzx edi, byte [ebp - 0x50e]
+add eax, ebx
+mov byte [eax - 0x4da], 0
+mov byte [eax - 0x4ec], 0
+mov eax, dword [ebp - 0x530]
+lea ecx, [eax + ebx]
+mov eax, dword [ebp + ecx*4 - 0x4e0]
+shl ecx, 5
+lea edx, [eax - 2]
+mov dword [ebp + ecx - 0x498], edx
+lea ecx, [edi - 8]
+cmp cl, 1
+ja loc_fffbfeae ; ja 0xfffbfeae
+push 1
+push 0
+push 0
+push 0
+push ebx
+push dword [ebp - 0x534]
+imul edx, dword [ebp - 0x540]
+push esi
+push 0
+push 0
+push edx
+
+loc_fffbfdb5: ; not directly referenced
+push dword [ebp - 0x558]
+push dword [ebp - 0x50c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+
+loc_fffbfdc9: ; not directly referenced
+cmp byte [ebp - 0x50d], 0
+jne loc_fffbfedf ; jne 0xfffbfedf
+
+loc_fffbfdd6: ; not directly referenced
+cmp dword [ebp - 0x52c], 0
+je short loc_fffbfe11 ; je 0xfffbfe11
+add ebx, dword [ebp - 0x530]
+mov edi, dword [ebp - 0x524]
+shl ebx, 5
+mov eax, dword [ebp + ebx - 0x498]
+mov ecx, edi
+movzx edx, cl
+cmp eax, edx
+cmovb edi, eax
+mov eax, edi
+mov byte [ebp - 0x524], al
+movzx eax, al
+mov dword [ebp + ebx - 0x498], eax
+
+loc_fffbfe11: ; not directly referenced
+movzx eax, byte [ebp - 0x51c]
+mov edi, dword [ebp - 0x528]
+lea edx, [eax + edi]
+shl edx, 5
+lea ebx, [ebp + edx - 0x258]
+mov dword [ebp - 0x544], ebx
+mov ebx, dword [ebp - 0x520]
+shl eax, 4
+add eax, dword [ebp - 0x514]
+lea edi, [ebp + edx - 0x498]
+xor edx, edx
+lea eax, [ebx + eax*4]
+mov dword [ebp - 0x548], eax
+xor eax, eax
+
+loc_fffbfe54: ; not directly referenced
+mov ebx, dword [edi + edx]
+mov ecx, dword [ebp - 0x544]
+add edx, dword [ebp - 0x560]
+mov dword [ecx + eax], ebx
+mov ecx, dword [ebp - 0x548]
+mov dword [ecx + eax*2], ebx
+add eax, 4
+cmp eax, 0x20
+jne short loc_fffbfe54 ; jne 0xfffbfe54
+inc byte [ebp - 0x51c]
+
+loc_fffbfe7d: ; not directly referenced
+mov edi, dword [ebp - 0x50c]
+mov al, byte [ebp - 0x51c]
+cmp al, byte [edi + 0x2488]
+jb loc_fffbfd4c ; jb 0xfffbfd4c
+
+loc_fffbfe95: ; not directly referenced
+inc esi
+add dword [ebp - 0x520], 0x240
+cmp esi, 2
+jne loc_fffbfd10 ; jne 0xfffbfd10
+jmp near loc_fffc0080 ; jmp 0xfffc0080
+
+loc_fffbfeae: ; not directly referenced
+cmp byte [ebp - 0x50e], 0xa
+jne loc_fffbfdc9 ; jne 0xfffbfdc9
+push 1
+add eax, 2
+push 0
+push 0
+push 0
+push ebx
+push dword [ebp - 0x534]
+imul eax, dword [ebp - 0x540]
+push esi
+push 0
+push 0
+push eax
+jmp near loc_fffbfdb5 ; jmp 0xfffbfdb5
+
+loc_fffbfedf: ; not directly referenced
+movzx eax, byte [ebp - 0x51c]
+mov edi, dword [ebp - 0x520]
+mov edx, eax
+add eax, dword [ebp - 0x528]
+shl edx, 4
+add edx, dword [ebp - 0x514]
+shl eax, 5
+lea eax, [ebp + eax - 0x498]
+mov dword [ebp - 0x544], eax
+lea edi, [edi + edx*4]
+xor eax, eax
+
+loc_fffbff12: ; not directly referenced
+mov edx, dword [edi + eax*2]
+mov ecx, 0xf
+cmp edx, 0xf
+cmova edx, ecx
+mov ecx, dword [ebp - 0x544]
+mov dword [ecx + eax], edx
+add eax, 4
+cmp eax, 0x20
+jne short loc_fffbff12 ; jne 0xfffbff12
+jmp near loc_fffbfdd6 ; jmp 0xfffbfdd6
+
+loc_fffbff36: ; not directly referenced
+inc al
+je loc_fffc0675 ; je 0xfffc0675
+mov eax, dword [ebp - 0x50c]
+mov ecx, 4
+mov edx, 0x4800
+call fcn_fffae566 ; call 0xfffae566
+mov dword [ebp - 0x520], 0
+
+loc_fffbff5d: ; not directly referenced
+mov eax, dword [ebp - 0x57c]
+cmp dword [ebp - 0x520], eax
+jae loc_fffc000b ; jae 0xfffc000b
+mov al, byte [ebp - 0x510]
+xor ebx, ebx
+and eax, 1
+mov byte [ebp - 0x558], al
+
+loc_fffbff80: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+bt eax, ebx
+jb loc_fffc00fb ; jb 0xfffc00fb
+
+loc_fffbff8f: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffbff80 ; jne 0xfffbff80
+mov esi, dword [ebp - 0x50c]
+xor eax, eax
+mov edi, dword [ebp - 0x520]
+push edx
+mov edx, dword [ebp - 0x518]
+movzx ecx, byte [esi + 0x248b]
+test edi, edi
+push 0
+sete al
+push eax
+lea eax, [ebp - 0x508]
+push eax
+mov eax, esi
+call fcn_fffb0f94 ; call 0xfffb0f94
+mov eax, dword [ebp - 0x580]
+add esp, 0x10
+cmp edi, eax
+jae loc_fffc0298 ; jae 0xfffc0298
+mov eax, dword [ebp - 0x50c]
+xor edi, edi
+mov cl, 1
+mov al, byte [eax + 0x3748]
+mov byte [ebp - 0x51c], al
+
+loc_fffbffee: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+bt eax, edi
+jb loc_fffc0222 ; jb 0xfffc0222
+
+loc_fffbfffd: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffbffee ; jne 0xfffbffee
+test cl, cl
+je loc_fffc0298 ; je 0xfffc0298
+
+loc_fffc000b: ; not directly referenced
+lea eax, [ebp - 0x498]
+mov dword [ebp - 0x530], eax
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x534], 0
+mov dword [ebp - 0x51c], 0
+mov dword [ebp - 0x55c], eax
+movzx eax, byte [ebp - 0x535]
+mov dword [ebp - 0x578], eax
+
+loc_fffc0041: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+mov esi, dword [ebp - 0x51c]
+bt eax, esi
+jb loc_fffc02a3 ; jb 0xfffc02a3
+
+loc_fffc0056: ; not directly referenced
+inc dword [ebp - 0x51c]
+add dword [ebp - 0x530], 0x120
+add dword [ebp - 0x55c], 0x240
+add dword [ebp - 0x534], 9
+cmp dword [ebp - 0x51c], 2
+jne short loc_fffc0041 ; jne 0xfffc0041
+
+loc_fffc0080: ; not directly referenced
+mov al, 0xff
+test byte [ebp - 0x566], 1
+je short loc_fffc00b0 ; je 0xfffc00b0
+mov esi, dword [ebp - 0x50c]
+xor edx, edx
+mov cl, byte [esi + 0x2488]
+
+loc_fffc0099: ; not directly referenced
+cmp cl, dl
+jbe short loc_fffc00b0 ; jbe 0xfffc00b0
+mov bl, byte [ebp + edx - 0x504]
+and bl, byte [ebp + edx - 0x4f2]
+inc edx
+and eax, ebx
+jmp short loc_fffc0099 ; jmp 0xfffc0099
+
+loc_fffc00b0: ; not directly referenced
+cmp dword [ebp - 0x564], 0
+je loc_fffbff36 ; je 0xfffbff36
+mov edi, dword [ebp - 0x50c]
+lea esi, [ebp - 0x504]
+mov cl, byte [edi + 0x2488]
+lea edi, [ebp - 0x4f2]
+mov edx, edi
+mov byte [ebp - 0x51c], cl
+
+loc_fffc00dd: ; not directly referenced
+mov bl, dl
+mov ecx, edi
+inc esi
+sub ebx, ecx
+cmp bl, byte [ebp - 0x51c]
+jae loc_fffbff36 ; jae 0xfffbff36
+mov bl, byte [edx + 9]
+inc edx
+and bl, byte [esi + 8]
+and eax, ebx
+jmp short loc_fffc00dd ; jmp 0xfffc00dd
+
+loc_fffc00fb: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+lea ecx, [ebx + 1]
+mov byte [ebp - 0x51c], 0
+sar eax, cl
+mov dword [ebp - 0x528], eax
+lea eax, [ebx + ebx*8]
+mov dword [ebp - 0x530], eax
+
+loc_fffc011c: ; not directly referenced
+mov esi, dword [ebp - 0x50c]
+mov al, byte [ebp - 0x51c]
+cmp al, byte [esi + 0x2488]
+jae loc_fffbff8f ; jae 0xfffbff8f
+cmp byte [ebp - 0x50d], 0
+movzx eax, byte [ebp - 0x51c]
+je short loc_fffc01c3 ; je 0xfffc01c3
+add eax, dword [ebp - 0x530]
+xor ecx, ecx
+mov dl, byte [ebp - 0x565]
+shl eax, 5
+lea eax, [ebp + eax - 0x498]
+xor edx, 1
+mov dword [ebp - 0x524], eax
+xor eax, eax
+mov byte [ebp - 0x534], dl
+
+loc_fffc016d: ; not directly referenced
+cmp byte [ebp - 0x50e], 9
+sete dl
+test byte [ebp - 0x558], dl
+jne short loc_fffc0191 ; jne 0xfffc0191
+cmp byte [ebp - 0x50e], 9
+setne dl
+test byte [ebp - 0x534], dl
+je short loc_fffc01a1 ; je 0xfffc01a1
+
+loc_fffc0191: ; not directly referenced
+mov esi, dword [ebp - 0x524]
+mov edi, 0xf
+sub edi, dword [esi + ecx]
+jmp short loc_fffc01aa ; jmp 0xfffc01aa
+
+loc_fffc01a1: ; not directly referenced
+mov edi, dword [ebp - 0x524]
+mov edi, dword [edi + ecx]
+
+loc_fffc01aa: ; not directly referenced
+cmp edi, 0xf
+mov esi, 0xf
+cmovbe esi, edi
+shl esi, cl
+add ecx, 4
+or eax, esi
+cmp ecx, 0x20
+jne short loc_fffc016d ; jne 0xfffc016d
+jmp short loc_fffc01db ; jmp 0xfffc01db
+
+loc_fffc01c3: ; not directly referenced
+lea edx, [ebx + ebx*8]
+mov esi, dword [ebp - 0x540]
+add eax, edx
+shl eax, 5
+imul esi, dword [ebp + eax - 0x498]
+mov eax, esi
+
+loc_fffc01db: ; not directly referenced
+push 1
+movzx edx, byte [ebp - 0x51c]
+push dword [ebp - 0x528]
+push 0
+push 0
+push edx
+movzx edx, byte [ebp - 0x535]
+push edx
+push ebx
+push 0
+push dword [ebp - 0x520]
+push eax
+movzx eax, byte [ebp - 0x50e]
+push eax
+push dword [ebp - 0x50c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+inc byte [ebp - 0x51c]
+jmp near loc_fffc011c ; jmp 0xfffc011c
+
+loc_fffc0222: ; not directly referenced
+mov ebx, dword [ebp - 0x50c]
+mov esi, edi
+shl esi, 0xa
+lea edx, [esi + 0x40e0]
+mov dword [ebp - 0x528], ecx
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+lea edx, [esi + 0x40e4]
+mov dword [ebp - 0x524], eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x528]
+inc eax
+sete bl
+cmp dword [ebp - 0x524], 0xffffffff
+sete al
+and ebx, eax
+and ebx, ecx
+mov ecx, 1
+cmp byte [ebp - 0x51c], 0
+je short loc_fffc0291 ; je 0xfffc0291
+mov eax, dword [ebp - 0x50c]
+lea edx, [esi + 0x40e8]
+call fcn_fffae52a ; call 0xfffae52a
+xor ecx, ecx
+inc al
+sete cl
+
+loc_fffc0291: ; not directly referenced
+and ecx, ebx
+jmp near loc_fffbfffd ; jmp 0xfffbfffd
+
+loc_fffc0298: ; not directly referenced
+inc dword [ebp - 0x520]
+jmp near loc_fffbff5d ; jmp 0xfffbff5d
+
+loc_fffc02a3: ; not directly referenced
+mov esi, dword [ebp - 0x51c]
+mov edi, dword [ebp - 0x50c]
+mov ebx, esi
+shl ebx, 0xa
+mov eax, edi
+lea edx, [ebx + 0x40e0]
+call fcn_fffae52a ; call 0xfffae52a
+lea edx, [ebx + 0x40e4]
+mov dword [ebp - 0x56c], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+lea edx, [ebx + 0x40e8]
+mov dword [ebp - 0x570], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov byte [ebp - 0x538], 0xff
+mov byte [ebp - 0x537], 0xff
+mov byte [ebp - 0x524], 0
+mov byte [ebp - 0x567], al
+lea eax, [esi + esi*8]
+lea esi, [ebp - 0x18]
+add esi, eax
+mov dword [ebp - 0x548], eax
+mov dword [ebp - 0x520], esi
+
+loc_fffc0316: ; not directly referenced
+mov eax, dword [ebp - 0x50c]
+mov dl, byte [eax + 0x2488]
+cmp byte [ebp - 0x524], dl
+jae loc_fffc0602 ; jae 0xfffc0602
+movzx eax, byte [ebp - 0x524]
+cmp al, 3
+ja short loc_fffc0350 ; ja 0xfffc0350
+mov esi, dword [ebp - 0x56c]
+lea ecx, [eax*8]
+shr esi, cl
+mov dword [ebp - 0x558], esi
+jmp short loc_fffc037a ; jmp 0xfffc037a
+
+loc_fffc0350: ; not directly referenced
+mov bl, byte [ebp - 0x567]
+cmp byte [ebp - 0x524], 7
+mov byte [ebp - 0x558], bl
+ja short loc_fffc037a ; ja 0xfffc037a
+mov edi, dword [ebp - 0x570]
+lea ecx, [eax*8 - 0x20]
+shr edi, cl
+mov dword [ebp - 0x558], edi
+
+loc_fffc037a: ; not directly referenced
+mov esi, dword [ebp - 0x534]
+lea edi, [ebp - 0x498]
+xor ecx, ecx
+movzx ebx, byte [ebp - 0x524]
+lea edx, [eax + esi]
+shl edx, 5
+lea esi, [edi + edx]
+mov dword [ebp - 0x544], esi
+mov esi, dword [ebp - 0x55c]
+shl eax, 4
+add eax, dword [ebp - 0x514]
+lea edi, [esi + eax*4]
+mov eax, dword [ebp - 0x520]
+add eax, ebx
+
+loc_fffc03b8: ; not directly referenced
+mov edx, 1
+movzx esi, byte [eax - 0x4da]
+shl edx, cl
+mov dword [ebp - 0x528], edx
+mov dl, byte [eax - 0x4ec]
+mov byte [ebp - 0x536], dl
+and edx, esi
+test byte [ebp - 0x528], dl
+jne short loc_fffc0443 ; jne 0xfffc0443
+mov dl, byte [ebp - 0x528]
+test byte [ebp - 0x558], dl
+je short loc_fffc0421 ; je 0xfffc0421
+or esi, edx
+mov edx, esi
+mov esi, dword [ebp - 0x544]
+mov byte [eax - 0x4da], dl
+mov esi, dword [esi]
+cmp dword [edi + ecx*8], esi
+jb short loc_fffc0443 ; jb 0xfffc0443
+mov dl, byte [ebp - 0x528]
+dec esi
+mov dword [edi + ecx*8], esi
+not edx
+and dl, byte [ebp - 0x536]
+mov byte [eax - 0x4ec], dl
+jmp short loc_fffc0443 ; jmp 0xfffc0443
+
+loc_fffc0421: ; not directly referenced
+mov dl, byte [ebp - 0x528]
+mov esi, dword [ebp - 0x544]
+or dl, byte [ebp - 0x536]
+mov byte [eax - 0x4ec], dl
+mov edx, dword [esi]
+cmp dword [edi + ecx*8], edx
+jae short loc_fffc0443 ; jae 0xfffc0443
+mov dword [edi + ecx*8], edx
+
+loc_fffc0443: ; not directly referenced
+mov esi, dword [ebp - 0x560]
+inc ecx
+add dword [ebp - 0x544], esi
+cmp ecx, 8
+jne loc_fffc03b8 ; jne 0xfffc03b8
+cmp byte [ebp - 0x50e], 1
+mov al, 0xf
+jne short loc_fffc0488 ; jne 0xfffc0488
+push eax
+mov ecx, dword [ebp - 0x578]
+push 0xf
+mov edx, dword [ebp - 0x51c]
+push dword [ebp - 0x514]
+mov eax, dword [ebp - 0x50c]
+push ebx
+call fcn_fffaec68 ; call 0xfffaec68
+add esp, 0x10
+
+loc_fffc0488: ; not directly referenced
+cmp byte [ebp - 0x50d], 0
+je short loc_fffc04e9 ; je 0xfffc04e9
+mov edi, dword [ebp - 0x534]
+lea esi, [ebp - 0x498]
+xor ecx, ecx
+add edi, ebx
+shl edi, 5
+add edi, esi
+mov dword [ebp - 0x528], edi
+
+loc_fffc04ac: ; not directly referenced
+mov edi, dword [ebp - 0x528]
+mov edx, 1
+shl edx, cl
+mov esi, dword [edi + ecx*4]
+movzx edi, al
+cmp esi, edi
+jb short loc_fffc04d0 ; jb 0xfffc04d0
+mov edi, dword [ebp - 0x520]
+or byte [ebx + edi - 0x4da], dl
+
+loc_fffc04d0: ; not directly referenced
+test esi, esi
+jne short loc_fffc04e1 ; jne 0xfffc04e1
+mov edi, dword [ebp - 0x520]
+or byte [ebx + edi - 0x4ec], dl
+
+loc_fffc04e1: ; not directly referenced
+inc ecx
+cmp ecx, 8
+jne short loc_fffc04ac ; jne 0xfffc04ac
+jmp short loc_fffc0523 ; jmp 0xfffc0523
+
+loc_fffc04e9: ; not directly referenced
+mov edi, dword [ebp - 0x548]
+movzx eax, al
+lea edx, [edi + ebx]
+shl edx, 5
+mov edx, dword [ebp + edx - 0x498]
+cmp edx, eax
+jb short loc_fffc0511 ; jb 0xfffc0511
+mov eax, dword [ebp - 0x520]
+mov byte [ebx + eax - 0x4da], 0xff
+
+loc_fffc0511: ; not directly referenced
+test edx, edx
+jne short loc_fffc0523 ; jne 0xfffc0523
+mov eax, dword [ebp - 0x520]
+mov byte [ebx + eax - 0x4ec], 0xff
+
+loc_fffc0523: ; not directly referenced
+mov eax, dword [ebp - 0x520]
+lea edx, [eax + ebx]
+mov al, byte [edx - 0x4ec]
+mov dl, byte [edx - 0x4da]
+and byte [ebp - 0x537], al
+and byte [ebp - 0x538], dl
+cmp dword [ebp - 0x52c], 0
+jne loc_fffc05f7 ; jne 0xfffc05f7
+cmp byte [ebp - 0x50d], 0
+je short loc_fffc05b0 ; je 0xfffc05b0
+mov esi, dword [ebp - 0x534]
+lea edi, [ebp - 0x498]
+lea ecx, [ebx + esi]
+mov bl, dl
+shl ecx, 5
+and ebx, eax
+lea esi, [edi + ecx]
+mov byte [ebp - 0x528], bl
+lea edi, [ebp + ecx - 0x258]
+xor ecx, ecx
+
+loc_fffc0582: ; not directly referenced
+mov ebx, 1
+shl ebx, cl
+test byte [ebp - 0x528], bl
+jne short loc_fffc05a8 ; jne 0xfffc05a8
+test dl, bl
+jne short loc_fffc059a ; jne 0xfffc059a
+inc dword [esi + ecx*4]
+jmp short loc_fffc05a8 ; jmp 0xfffc05a8
+
+loc_fffc059a: ; not directly referenced
+test al, bl
+jne short loc_fffc05a8 ; jne 0xfffc05a8
+mov ebx, dword [edi + ecx*4]
+dec ebx
+mov dword [edi + ecx*4], ebx
+mov dword [esi + ecx*4], ebx
+
+loc_fffc05a8: ; not directly referenced
+inc ecx
+cmp ecx, 8
+jne short loc_fffc0582 ; jne 0xfffc0582
+jmp short loc_fffc05f7 ; jmp 0xfffc05f7
+
+loc_fffc05b0: ; not directly referenced
+mov cl, dl
+and ecx, eax
+inc cl
+je short loc_fffc05f7 ; je 0xfffc05f7
+inc dl
+je short loc_fffc05d0 ; je 0xfffc05d0
+mov eax, dword [ebp - 0x548]
+add eax, ebx
+shl eax, 5
+inc dword [ebp + eax - 0x498]
+jmp short loc_fffc05f7 ; jmp 0xfffc05f7
+
+loc_fffc05d0: ; not directly referenced
+inc al
+je short loc_fffc05f7 ; je 0xfffc05f7
+mov eax, dword [ebp - 0x548]
+add eax, ebx
+shl eax, 5
+mov esi, dword [ebp + eax - 0x258]
+lea edx, [esi - 1]
+mov dword [ebp + eax - 0x258], edx
+mov dword [ebp + eax - 0x498], edx
+
+loc_fffc05f7: ; not directly referenced
+inc byte [ebp - 0x524]
+jmp near loc_fffc0316 ; jmp 0xfffc0316
+
+loc_fffc0602: ; not directly referenced
+cmp dword [ebp - 0x52c], 1
+jne loc_fffc0056 ; jne 0xfffc0056
+mov al, byte [ebp - 0x537]
+mov edi, dword [ebp - 0x538]
+and eax, edi
+inc al
+je loc_fffc0056 ; je 0xfffc0056
+mov eax, edi
+inc al
+je short loc_fffc0637 ; je 0xfffc0637
+mov eax, dword [ebp - 0x530]
+inc dword [eax]
+
+loc_fffc0633: ; not directly referenced
+xor eax, eax
+jmp short loc_fffc065a ; jmp 0xfffc065a
+
+loc_fffc0637: ; not directly referenced
+imul ecx, dword [ebp - 0x51c], 0x120
+mov edi, dword [ebp - 0x530]
+mov eax, dword [ebp + ecx - 0x258]
+dec eax
+mov dword [ebp + ecx - 0x258], eax
+mov dword [edi], eax
+jmp short loc_fffc0633 ; jmp 0xfffc0633
+
+loc_fffc065a: ; not directly referenced
+cmp dl, al
+jbe loc_fffc0056 ; jbe 0xfffc0056
+mov esi, dword [ebp - 0x530]
+mov ecx, eax
+inc eax
+shl ecx, 5
+mov ebx, dword [esi]
+mov dword [esi + ecx], ebx
+jmp short loc_fffc065a ; jmp 0xfffc065a
+
+loc_fffc0675: ; not directly referenced
+cmp byte [ebp - 0x50d], 0
+jne loc_fffc0726 ; jne 0xfffc0726
+mov eax, dword [ebp + 8]
+xor edi, edi
+mov dword [ebp - 0x51c], eax
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x520], eax
+
+loc_fffc0696: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+bt eax, edi
+jb short loc_fffc06be ; jb 0xfffc06be
+
+loc_fffc06a1: ; not directly referenced
+inc edi
+add dword [ebp - 0x520], 0x48
+add dword [ebp - 0x51c], 0x240
+cmp edi, 2
+je loc_fffc07ef ; je 0xfffc07ef
+jmp short loc_fffc0696 ; jmp 0xfffc0696
+
+loc_fffc06be: ; not directly referenced
+xor ebx, ebx
+
+loc_fffc06c0: ; not directly referenced
+mov eax, dword [ebp - 0x50c]
+cmp bl, byte [eax + 0x2488]
+jae short loc_fffc06a1 ; jae 0xfffc06a1
+movzx ecx, bl
+mov esi, dword [ebp - 0x51c]
+xor edx, edx
+mov eax, ecx
+shl eax, 4
+add eax, dword [ebp - 0x514]
+mov dword [ebp - 0x524], ecx
+lea esi, [esi + eax*4]
+mov eax, 0x7f
+
+loc_fffc06f2: ; not directly referenced
+movzx ecx, al
+cmp ecx, dword [esi + edx]
+movzx ecx, byte [esi + edx]
+cmova eax, ecx
+add edx, 8
+cmp edx, 0x40
+jne short loc_fffc06f2 ; jne 0xfffc06f2
+mov esi, dword [ebp - 0x524]
+imul eax, eax, 0xa
+inc ebx
+mov ecx, esi
+add ecx, esi
+mov esi, dword [ebp - 0x520]
+add ecx, dword [ebp - 0x514]
+mov dword [esi + ecx*4], eax
+jmp short loc_fffc06c0 ; jmp 0xfffc06c0
+
+loc_fffc0726: ; not directly referenced
+mov al, byte [ebp - 0x510]
+xor edi, edi
+mov esi, dword [ebp + 8]
+and eax, 1
+mov byte [ebp - 0x520], al
+
+loc_fffc073a: ; not directly referenced
+mov eax, dword [ebp - 0x518]
+xor edx, edx
+bt eax, edi
+jb short loc_fffc07b2 ; jb 0xfffc07b2
+
+loc_fffc0747: ; not directly referenced
+inc edi
+add esi, 0x240
+cmp edi, 2
+jne short loc_fffc073a ; jne 0xfffc073a
+push 2
+movzx eax, byte [ebp - 0x535]
+push 0
+push 0
+push 0
+push 0
+push eax
+movzx eax, byte [ebp - 0x50f]
+push 0
+push 1
+push 0
+push 0
+push eax
+push dword [ebp - 0x50c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+jmp short loc_fffc07ef ; jmp 0xfffc07ef
+
+loc_fffc0785: ; not directly referenced
+cmp byte [ebp - 0x50e], 9
+sete bl
+test byte [ebp - 0x520], bl
+jne short loc_fffc07e2 ; jne 0xfffc07e2
+cmp byte [ebp - 0x50e], 9
+setne bl
+test byte [ebp - 0x51c], bl
+jne short loc_fffc07e2 ; jne 0xfffc07e2
+
+loc_fffc07a9: ; not directly referenced
+add eax, 8
+cmp eax, 0x40
+jne short loc_fffc0785 ; jne 0xfffc0785
+inc edx
+
+loc_fffc07b2: ; not directly referenced
+mov eax, dword [ebp - 0x50c]
+cmp dl, byte [eax + 0x2488]
+jae short loc_fffc0747 ; jae 0xfffc0747
+mov bl, byte [ebp - 0x565]
+movzx eax, dl
+shl eax, 4
+add eax, dword [ebp - 0x514]
+xor ebx, 1
+lea ecx, [esi + eax*4]
+xor eax, eax
+mov byte [ebp - 0x51c], bl
+jmp short loc_fffc0785 ; jmp 0xfffc0785
+
+loc_fffc07e2: ; not directly referenced
+mov ebx, 0xf
+sub ebx, dword [ecx + eax]
+mov dword [ecx + eax], ebx
+jmp short loc_fffc07a9 ; jmp 0xfffc07a9
+
+loc_fffc07ef: ; not directly referenced
+inc byte [ebp - 0x510]
+inc dword [ebp - 0x514]
+and byte [ebp - 0x510], 1
+cmp dword [ebp - 0x514], 2
+jne loc_fffbfcd3 ; jne 0xfffbfcd3
+push 2
+mov edx, 0
+push 0
+mov eax, 0x88888888
+push 0
+push 0
+push 0
+push dword [ebp - 0x574]
+cmp byte [ebp - 0x50d], 1
+push 0
+cmovne eax, edx
+push 1
+push 0
+push eax
+movzx eax, byte [ebp - 0x53c]
+push eax
+push dword [ebp - 0x50c]
+call fcn_fffcc900 ; call 0xfffcc900
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc0855: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, 0x36
+push ebx
+mov ebx, eax
+sub esp, 0x3c
+mov eax, dword [ebp + 8]
+cmp dword [ebx + 0x2480], 2
+mov dword [ebp - 0x28], edx
+mov dword [ebp - 0x24], eax
+mov byte [ebp - 0x2a], al
+mov eax, dword [ebx + 0x2443]
+mov dword [ebp - 0x38], eax
+jne short loc_fffc088c ; jne 0xfffc088c
+cmp byte [ebp - 0x24], 5
+mov al, 0x25
+cmove esi, eax
+
+loc_fffc088c: ; not directly referenced
+movzx eax, byte [ebp - 0x24]
+movzx edi, cl
+push ecx
+push ecx
+mov ecx, edi
+mov edx, eax
+mov dword [ebp - 0x1c], eax
+lea eax, [ebx + 0x2490]
+mov dword [ebp - 0x20], eax
+mov eax, 1
+shl eax, cl
+mov ecx, edx
+mov edx, dword [ebp - 0x20]
+movzx eax, al
+push eax
+mov eax, ebx
+push edi
+call fcn_fffa7e6c ; call 0xfffa7e6c
+add esp, 0x10
+test eax, eax
+jne loc_fffc0a25 ; jne 0xfffc0a25
+movzx eax, byte [ebp - 0x28]
+push edx
+push edx
+mov edx, dword [ebp - 0x20]
+push dword [ebp + 0x18]
+mov ecx, eax
+mov dword [ebp - 0x3c], eax
+mov eax, esi
+movzx esi, al
+mov eax, ebx
+push esi
+push dword [ebp + 0xc]
+push dword [ebp - 0x1c]
+push edi
+push edi
+call fcn_fffd13ed ; call 0xfffd13ed
+add esp, 0x20
+test eax, eax
+jne loc_fffc0a25 ; jne 0xfffc0a25
+mov ecx, dword [ebp - 0x1c]
+sub esp, 0xc
+mov eax, ebx
+mov edx, dword [ebp - 0x20]
+push edi
+call fcn_fffa7d98 ; call 0xfffa7d98
+add esp, 0x10
+test eax, eax
+jne loc_fffc0a25 ; jne 0xfffc0a25
+xor edx, edx
+cmp byte [ebp - 0x24], 0x21
+ja short loc_fffc0927 ; ja 0xfffc0927
+mov eax, dword [ebp - 0x1c]
+movzx edx, byte [eax + ref_fffd5f1c] ; movzx edx, byte [eax - 0x2a0e4]
+
+loc_fffc0927: ; not directly referenced
+imul esi, edx, 0x48
+xor eax, eax
+mov byte [ebp - 0x28], 0
+mov dword [ebp - 0x44], esi
+
+loc_fffc0933: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x28], 1
+setbe dl
+test cl, dl
+je loc_fffc0a25 ; je 0xfffc0a25
+mov al, byte [ebp - 0x28]
+movzx esi, al
+mov dword [ebp - 0x30], esi
+mov esi, dword [ebp - 0x3c]
+bt esi, eax
+jb short loc_fffc095f ; jb 0xfffc095f
+
+loc_fffc0958: ; not directly referenced
+xor eax, eax
+jmp near loc_fffc0a1d ; jmp 0xfffc0a1d
+
+loc_fffc095f: ; not directly referenced
+imul eax, dword [ebp - 0x30], 0x24
+mov esi, dword [ebp + 0x14]
+mov dword [ebp - 0x24], 0x18
+mov byte [ebp - 0x29], 0
+add esi, eax
+add eax, dword [ebp + 0x10]
+mov dword [ebp - 0x34], esi
+mov dword [ebp - 0x40], eax
+
+loc_fffc097c: ; not directly referenced
+mov al, byte [ebp - 0x29]
+cmp al, byte [ebx + 0x2488]
+jae short loc_fffc0958 ; jae 0xfffc0958
+imul edx, edi, 0x12
+movzx ecx, byte [ebp - 0x29]
+imul eax, dword [ebp - 0x30], 9
+add eax, edx
+mov edx, dword [ebp - 0x44]
+mov esi, eax
+add eax, ecx
+lea eax, [eax + edx + 8]
+add edx, esi
+mov eax, dword [ebx + eax*8 + 0x2454]
+lea edx, [ecx + edx + 8]
+mov esi, 0xa
+add eax, dword [ebx + edx*8 + 0x2450]
+xor edx, edx
+div esi
+mov edx, dword [ebp - 0x40]
+mov dword [edx + ecx*4], eax
+shr eax, 1
+mov edx, 0x18
+cmp eax, 0x18
+cmovbe edx, eax
+mov eax, dword [ebp - 0x34]
+cmp dword [ebp - 0x24], edx
+mov dword [eax + ecx*4], edx
+mov ecx, dword [ebp - 0x1c]
+mov eax, ebx
+cmovbe edx, dword [ebp - 0x24]
+sub esp, 0xc
+push edi
+mov dword [ebp - 0x24], edx
+mov edx, dword [ebp - 0x20]
+call fcn_fffa7d98 ; call 0xfffa7d98
+add esp, 0x10
+test eax, eax
+jne short loc_fffc0a1d ; jne 0xfffc0a1d
+cmp byte [ebp - 0x2a], 5
+jne short loc_fffc0a15 ; jne 0xfffc0a15
+push eax
+movzx eax, byte [ebx + 0x2488]
+push dword [ebp - 0x24]
+push eax
+mov eax, dword [ebp - 0x38]
+push dword [ebp - 0x34]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffc0a15: ; not directly referenced
+inc byte [ebp - 0x29]
+jmp near loc_fffc097c ; jmp 0xfffc097c
+
+loc_fffc0a1d: ; not directly referenced
+inc byte [ebp - 0x28]
+jmp near loc_fffc0933 ; jmp 0xfffc0933
+
+loc_fffc0a25: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc0a2d: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0xcfc
+mov edi, dword [ebp + 0x18]
+mov dword [ebp - 0xcc0], edx
+mov dl, byte [ebp + 0xc]
+mov esi, dword [ebp + 0x10]
+mov dword [ebp - 0xc88], ecx
+mov ecx, 7
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0xca0], edi
+mov edi, dword [ebp + 0x1c]
+mov byte [ebp - 0xcee], dl
+mov dl, byte [ebp + 0x14]
+mov dword [ebp - 0xc98], esi
+mov esi, ref_fffd5934 ; mov esi, 0xfffd5934
+mov dword [ebp - 0xc7c], eax
+mov dword [ebp - 0xca4], edi
+mov byte [ebp - 0xcef], dl
+mov edx, edi
+lea edi, [ebp - 0xc58]
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0xc3c]
+mov esi, ref_fffd5950 ; mov esi, 0xfffd5950
+mov byte [ebp - 0xc9a], bl
+mov byte [ebp - 0xc99], dl
+mov cl, 7
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+lea edi, [ebp - 0xc20]
+mov esi, ref_fffd596c ; mov esi, 0xfffd596c
+mov cl, 7
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov esi, dword [eax + 0x5edc]
+mov eax, dword [eax + 0x2443]
+mov dword [ebp - 0xce8], esi
+mov dword [ebp - 0xc84], eax
+lea eax, [ebx - 1]
+cmp al, 1
+ja loc_fffc199b ; ja 0xfffc199b
+push esi
+push 0
+push 0x10
+lea eax, [ebp - 0xc68]
+push eax
+mov eax, dword [ebp - 0xc84]
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+xor eax, eax
+
+loc_fffc0af6: ; not directly referenced
+mov byte [ebp + eax - 0xc71], al
+inc eax
+cmp eax, 9
+jne short loc_fffc0af6 ; jne 0xfffc0af6
+movzx eax, bl
+mov cl, byte [ebp - 0xca0]
+sub esp, 0xc
+mov al, byte [eax + ref_fffd5f1c] ; mov al, byte [eax - 0x2a0e4]
+mov edi, dword [ebp - 0xc7c]
+push 0
+dec ecx
+mov byte [ebp - 0xc80], al
+movzx eax, byte [ebp - 0xc88]
+movzx ecx, cl
+mov dword [ebp - 0xcec], eax
+mov edx, eax
+mov eax, edi
+call fcn_fffb26ca ; call 0xfffb26ca
+xor eax, eax
+add esp, 0x10
+mov byte [edi + 0x248b], 9
+mov edi, dword [ebp - 0xc98]
+cmp bl, 1
+cmove eax, edi
+mov byte [ebp - 0xc9c], al
+inc eax
+cmp byte [ebp - 0xca4], 0
+mov byte [ebp - 0xced], al
+jne short loc_fffc0b82 ; jne 0xfffc0b82
+push ecx
+push 0
+lea eax, [ebp - 0xc04]
+push 0x1c
+push eax
+mov eax, dword [ebp - 0xc84]
+call dword [eax + 0x5c] ; ucall
+jmp short loc_fffc0b9c ; jmp 0xfffc0b9c
+
+loc_fffc0b82: ; not directly referenced
+push edx
+push 0x1c
+lea eax, [ebp - 0xc20]
+push eax
+lea eax, [ebp - 0xc04]
+push eax
+mov eax, dword [ebp - 0xc84]
+call dword [eax + 0x58] ; ucall
+
+loc_fffc0b9c: ; not directly referenced
+add esp, 0x10
+xor edx, edx
+xor esi, esi
+xor eax, eax
+mov edi, 6
+
+loc_fffc0baa: ; not directly referenced
+movzx ecx, al
+add esi, dword [ebp + ecx*4 - 0xc58]
+add edx, dword [ebp + ecx*4 - 0xc3c]
+cmp byte [ebp - 0xc99], 0
+mov dword [ebp - 0xcd8], esi
+mov dword [ebp - 0xcdc], edx
+cmove eax, edi
+inc eax
+cmp al, 7
+jne short loc_fffc0baa ; jne 0xfffc0baa
+movzx eax, byte [ebp - 0xc80]
+cmp bl, 1
+sete byte [ebp - 0xc9b]
+add byte [ebp - 0xc9b], 8
+dec bl
+setne byte [ebp - 0xca0]
+imul eax, eax, 0x240
+add eax, dword [ebp - 0xcc0]
+add byte [ebp - 0xca0], 4
+mov dword [ebp - 0xcbc], eax
+movzx eax, byte [ebp - 0xc9a]
+mov dword [ebp - 0xc80], 0
+mov dword [ebp - 0xce4], eax
+movzx eax, byte [ebp - 0xca0]
+mov dword [ebp - 0xcb4], eax
+
+loc_fffc0c34: ; not directly referenced
+mov eax, dword [ebp - 0xce8]
+mov edi, 1
+xor ebx, ebx
+mov cl, byte [ebp - 0xc80]
+mov byte [ebp - 0xc98], 0
+add eax, 0x70
+shl edi, cl
+mov esi, eax
+mov dword [ebp - 0xcc8], eax
+
+loc_fffc0c5b: ; not directly referenced
+mov eax, dword [ebp - 0xcec]
+bt eax, ebx
+jae short loc_fffc0ca5 ; jae 0xfffc0ca5
+mov eax, dword [ebp - 0xc7c]
+mov ecx, edi
+mov edx, ebx
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0xc98], al
+movzx eax, byte [ebp - 0xc98]
+bt eax, ebx
+jae short loc_fffc0ca5 ; jae 0xfffc0ca5
+push eax
+mov eax, dword [ebp - 0xc7c]
+push 0
+movzx eax, byte [eax + 0x2488]
+push eax
+mov eax, dword [ebp - 0xc84]
+push esi
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffc0ca5: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+jne short loc_fffc0c5b ; jne 0xfffc0c5b
+cmp byte [ebp - 0xc98], 0
+jne short loc_fffc0d04 ; jne 0xfffc0d04
+
+loc_fffc0cba: ; not directly referenced
+inc dword [ebp - 0xc80]
+cmp dword [ebp - 0xc80], 4
+jne loc_fffc0c34 ; jne 0xfffc0c34
+mov edi, dword [ebp - 0xc7c]
+movzx eax, byte [ebp - 0xca0]
+mov byte [edi + 0x247a], 0
+push 2
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push eax
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+jmp near loc_fffc19a7 ; jmp 0xfffc19a7
+
+loc_fffc0d04: ; not directly referenced
+cmp byte [ebp - 0xcef], 1
+jne short loc_fffc0d3e ; jne 0xfffc0d3e
+push 0
+movzx eax, byte [ebp - 0xc9b]
+push 0
+push 1
+push 0
+push 0
+push dword [ebp - 0xc80]
+push 0
+push 1
+push 0
+push 0x88888888
+push eax
+push dword [ebp - 0xc7c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+
+loc_fffc0d3e: ; not directly referenced
+xor ebx, ebx
+cmp byte [ebp - 0xc99], 0
+je loc_fffc0e26 ; je 0xfffc0e26
+sub esp, 0xc
+movzx edx, byte [ebp - 0xc98]
+lea eax, [ebp - 0xc68]
+mov ecx, dword [ebp - 0xc80]
+push eax
+lea ebx, [ebp - 0xbe8]
+push ebx
+lea eax, [ebp - 0xba0]
+push eax
+lea eax, [ebp - 0xc71]
+push eax
+mov eax, dword [ebp - 0xc7c]
+push dword [ebp - 0xcb4]
+call fcn_fffc0855 ; call 0xfffc0855
+add esp, 0x20
+test eax, eax
+jne short loc_fffc0de8 ; jne 0xfffc0de8
+
+loc_fffc0d91: ; not directly referenced
+push eax
+mov ecx, dword [ebp - 0xce4]
+push eax
+mov edx, dword [ebp - 0xcc0]
+push edi
+mov edi, dword [ebp - 0xc80]
+mov eax, dword [ebp - 0xc7c]
+push edi
+call fcn_fffa7e6c ; call 0xfffa7e6c
+mov al, byte [ebp - 0xc98]
+add esp, 0x10
+mov dword [ebp - 0xcac], 0
+movzx ebx, al
+and eax, 2
+movzx eax, al
+mov dword [ebp - 0xca8], eax
+imul eax, edi, 0x12
+mov dword [ebp - 0xc88], ebx
+mov dword [ebp - 0xcc4], eax
+jmp near loc_fffc0feb ; jmp 0xfffc0feb
+
+loc_fffc0de8: ; not directly referenced
+mov esi, dword [ebp - 0xc7c]
+push eax
+push 0x18
+movzx eax, byte [esi + 0x2488]
+push eax
+push ebx
+mov ebx, dword [ebp - 0xc84]
+mov eax, ebx
+call dword [eax + 0x64] ; ucall
+add esp, 0xc
+push 0x18
+movzx eax, byte [esi + 0x2488]
+push eax
+lea eax, [ebp - 0xbc4]
+push eax
+mov eax, ebx
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+jmp near loc_fffc0d91 ; jmp 0xfffc0d91
+
+loc_fffc0e26: ; not directly referenced
+mov esi, dword [ebp - 0xc7c]
+push eax
+push 1
+movzx eax, byte [esi + 0x2488]
+push eax
+lea eax, [ebp - 0xba0]
+add eax, ebx
+push eax
+mov eax, dword [ebp - 0xc84]
+call dword [eax + 0x64] ; ucall
+add esp, 0xc
+push 1
+movzx eax, byte [esi + 0x2488]
+lea esi, [ebp - 0xbe8]
+push eax
+lea eax, [esi + ebx]
+add ebx, 0x24
+push eax
+mov eax, dword [ebp - 0xc84]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+cmp ebx, 0x48
+je loc_fffc0d91 ; je 0xfffc0d91
+jmp short loc_fffc0e26 ; jmp 0xfffc0e26
+
+loc_fffc0e7a: ; not directly referenced
+cmp byte [ebp - 0xc9c], 0
+jne loc_fffc100a ; jne 0xfffc100a
+
+loc_fffc0e87: ; not directly referenced
+xor ebx, ebx
+
+loc_fffc0e89: ; not directly referenced
+lea eax, [ebp - 0xbe8]
+xor edi, edi
+mov dword [ebp - 0xcb0], eax
+movzx eax, bl
+mov dword [ebp - 0xcd0], eax
+
+loc_fffc0ea0: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+bt eax, edi
+jb loc_fffc1065 ; jb 0xfffc1065
+
+loc_fffc0eaf: ; not directly referenced
+inc edi
+add dword [ebp - 0xcb0], 0x24
+cmp edi, 2
+jne short loc_fffc0ea0 ; jne 0xfffc0ea0
+push eax
+mov ecx, dword [ebp - 0xc88]
+push eax
+mov edx, dword [ebp - 0xcc0]
+lea eax, [ebp - 0xc68]
+push eax
+push 0x1f
+lea eax, [ebp - 0xc71]
+push eax
+mov eax, dword [ebp - 0xc80]
+push dword [ebp - 0xce4]
+push eax
+push eax
+mov eax, dword [ebp - 0xc7c]
+call fcn_fffd13ed ; call 0xfffd13ed
+movzx eax, bl
+add esp, 0x20
+mov dword [ebp - 0xce0], eax
+imul eax, eax, 0x12
+mov dword [ebp - 0xcb0], 0
+mov dword [ebp - 0xcfc], eax
+
+loc_fffc0f12: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+mov edi, dword [ebp - 0xcb0]
+bt eax, edi
+jb loc_fffc10f7 ; jb 0xfffc10f7
+
+loc_fffc0f27: ; not directly referenced
+inc dword [ebp - 0xcb0]
+cmp dword [ebp - 0xcb0], 2
+jne short loc_fffc0f12 ; jne 0xfffc0f12
+cmp byte [ebp - 0xc99], 0
+mov al, 7
+cmove ebx, eax
+inc ebx
+cmp bl, 6
+jbe loc_fffc0e89 ; jbe 0xfffc0e89
+mov eax, dword [ebp - 0xc7c]
+xor esi, esi
+add eax, 0x3756
+mov dword [ebp - 0xcb0], eax
+mov eax, dword [ebp - 0xcc8]
+mov dword [ebp - 0xcb8], eax
+imul eax, dword [ebp - 0xc80], 9
+mov dword [ebp - 0xcd4], eax
+
+loc_fffc0f78: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+bt eax, esi
+jae short loc_fffc0fcb ; jae 0xfffc0fcb
+mov eax, dword [ebp - 0xcb0]
+add eax, dword [ebp - 0xcd4]
+mov byte [ebp - 0xca4], 0
+mov dword [ebp - 0xcd0], eax
+
+loc_fffc0f9c: ; not directly referenced
+mov eax, dword [ebp - 0xc7c]
+movzx eax, byte [eax + 0x2488]
+cmp byte [ebp - 0xca4], al
+jb loc_fffc1253 ; jb 0xfffc1253
+push edx
+push 0
+push eax
+mov eax, dword [ebp - 0xc84]
+push dword [ebp - 0xcb8]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffc0fcb: ; not directly referenced
+inc esi
+add dword [ebp - 0xcb8], 0xcc
+add dword [ebp - 0xcb0], 0x13c3
+cmp esi, 2
+jne short loc_fffc0f78 ; jne 0xfffc0f78
+inc dword [ebp - 0xcac]
+
+loc_fffc0feb: ; not directly referenced
+mov ebx, dword [ebp - 0xcac]
+mov al, byte [ebp - 0xced]
+mov byte [ebp - 0xccc], bl
+cmp bl, al
+jb loc_fffc0e7a ; jb 0xfffc0e7a
+jmp near loc_fffc13ab ; jmp 0xfffc13ab
+
+loc_fffc100a: ; not directly referenced
+test byte [ebp - 0xc98], 1
+je short loc_fffc1033 ; je 0xfffc1033
+mov cl, byte [ebp - 0xcac]
+mov eax, 0x55
+mov edx, 0x409a
+shl eax, cl
+movzx ecx, al
+mov eax, dword [ebp - 0xc7c]
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffc1033: ; not directly referenced
+cmp dword [ebp - 0xca8], 0
+je loc_fffc0e87 ; je 0xfffc0e87
+mov cl, byte [ebp - 0xcac]
+mov eax, 0x55
+mov edx, 0x449a
+shl eax, cl
+movzx ecx, al
+mov eax, dword [ebp - 0xc7c]
+call fcn_fffae566 ; call 0xfffae566
+jmp near loc_fffc0e87 ; jmp 0xfffc0e87
+
+loc_fffc1065: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+lea ecx, [edi + 1]
+mov byte [ebp - 0xca4], 1
+sar eax, cl
+cmp byte [ebp - 0xca0], 4
+mov dword [ebp - 0xcb8], eax
+jne short loc_fffc1098 ; jne 0xfffc1098
+mov eax, dword [ebp - 0xc7c]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0xca4], al
+
+loc_fffc1098: ; not directly referenced
+xor esi, esi
+
+loc_fffc109a: ; not directly referenced
+mov eax, esi
+cmp byte [ebp - 0xca4], al
+jbe loc_fffc0eaf ; jbe 0xfffc0eaf
+push 0
+mov eax, dword [ebp - 0xcb0]
+push dword [ebp - 0xcb8]
+mov ecx, dword [ebp - 0xcd0]
+push 0
+push 0
+push esi
+push dword [ebp - 0xc80]
+push edi
+push 0
+push 0
+mov eax, dword [eax + esi*4]
+inc esi
+imul eax, dword [ebp + ecx*4 - 0xc04]
+mov ecx, 0x18
+cdq
+idiv ecx
+push eax
+push dword [ebp - 0xcb4]
+push dword [ebp - 0xc7c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+jmp short loc_fffc109a ; jmp 0xfffc109a
+
+loc_fffc10f7: ; not directly referenced
+imul eax, dword [ebp - 0xcb0], 9
+mov byte [ebp - 0xcb8], 0
+mov dword [ebp - 0xca4], eax
+mov eax, dword [ebp - 0xcfc]
+add eax, dword [ebp - 0xca4]
+mov dword [ebp - 0xcf8], eax
+
+loc_fffc111d: ; not directly referenced
+mov edx, dword [ebp - 0xc7c]
+mov al, byte [ebp - 0xcb8]
+cmp al, byte [edx + 0x2488]
+jae loc_fffc0f27 ; jae 0xfffc0f27
+mov eax, dword [ebp - 0xcc4]
+mov edi, dword [ebp - 0xca4]
+movzx ecx, byte [ebp - 0xcb8]
+mov esi, dword [ebp - 0xcbc]
+lea edx, [eax + edi]
+add edx, ecx
+lea eax, [esi + edx*8]
+mov esi, dword [esi + edx*8]
+mov dword [ebp - 0xcd0], eax
+mov eax, dword [eax + 4]
+mov dword [ebp - 0xcd4], esi
+mov edx, eax
+sub edx, esi
+mov dword [ebp - 0xcf4], edx
+test bl, bl
+jne short loc_fffc119a ; jne 0xfffc119a
+add eax, dword [ebp - 0xcd4]
+xor edx, edx
+lea esi, [edi + ecx]
+mov edi, 0xa
+mov dword [ebp + esi*4 - 0xb10], 0
+div edi
+mov dword [ebp + esi*4 - 0xb58], eax
+
+loc_fffc119a: ; not directly referenced
+mov eax, dword [ebp - 0xca4]
+lea esi, [eax + ecx]
+mov eax, dword [ebp - 0xce0]
+mov edi, esi
+mov esi, dword [ebp + esi*4 - 0xb58]
+mov edx, dword [ebp + edi*4 - 0xba0]
+imul esi, dword [ebp + eax*4 - 0xc3c]
+imul edx, dword [ebp + eax*4 - 0xc58]
+add edx, esi
+mov esi, dword [ebp - 0xcf8]
+imul edx, dword [ebp - 0xcf4]
+add dword [ebp + edi*4 - 0xb10], edx
+cmp dword [ebp + eax*4 - 0xc04], 0
+lea edx, [esi + ecx]
+mov esi, dword [ebp - 0xcd4]
+mov dword [ebp + edx*8 - 0x888], esi
+mov esi, dword [ebp - 0xcd0]
+mov esi, dword [esi + 4]
+mov dword [ebp + edx*8 - 0x884], esi
+jns short loc_fffc1248 ; jns 0xfffc1248
+cmp bl, 6
+je short loc_fffc1248 ; je 0xfffc1248
+cmp dword [ebp + eax*4 - 0xc00], 0
+jle short loc_fffc1248 ; jle 0xfffc1248
+mov eax, dword [ebp - 0xcc4]
+mov edx, dword [ebp - 0xca4]
+mov esi, dword [ebp + edi*8 - 0x888]
+add edx, eax
+mov eax, dword [ebp - 0xcbc]
+add ecx, edx
+mov dword [eax + ecx*8], esi
+mov ecx, dword [ebp - 0xcd0]
+mov eax, dword [ebp + edi*8 - 0x884]
+mov dword [ecx + 4], eax
+
+loc_fffc1248: ; not directly referenced
+inc byte [ebp - 0xcb8]
+jmp near loc_fffc111d ; jmp 0xfffc111d
+
+loc_fffc1253: ; not directly referenced
+movzx ebx, byte [ebp - 0xca4]
+lea ecx, [esi + esi*8]
+mov edi, dword [ebp - 0xcdc]
+mov eax, dword [ebp - 0xcd8]
+add ecx, ebx
+imul edi, dword [ebp + ecx*4 - 0xb58]
+imul eax, dword [ebp + ecx*4 - 0xba0]
+add edi, eax
+je loc_fffc19a2 ; je 0xfffc19a2
+mov edx, dword [ebp + ecx*4 - 0xb10]
+mov eax, edx
+sar eax, 0x1f
+or eax, 1
+movsx eax, al
+imul eax, edi
+imul edi, edi, 0x14
+imul eax, eax, 0xa
+add eax, edx
+cdq
+idiv edi
+cmp byte [ebp - 0xc9a], 1
+mov edi, eax
+mov dword [ebp + ecx*4 - 0xb10], eax
+jne short loc_fffc1310 ; jne 0xfffc1310
+cmp byte [ebp - 0xccc], 0
+jne short loc_fffc12cb ; jne 0xfffc12cb
+mov ecx, dword [ebp - 0xcd0]
+add byte [ebx + ecx + 0x104a], al
+
+loc_fffc12cb: ; not directly referenced
+cmp byte [ebp - 0xccc], 1
+sete dl
+cmp byte [ebp - 0xc9c], 0
+sete al
+or dl, al
+je short loc_fffc1345 ; je 0xfffc1345
+mov edx, dword [ebp - 0xcd0]
+mov eax, edi
+mov ecx, dword [ebp - 0xc80]
+add byte [ebx + edx + 0x106e], al
+mov edx, esi
+push eax
+mov eax, dword [ebp - 0xc7c]
+push 0
+push 0xff
+push ebx
+call fcn_fffa7499 ; call 0xfffa7499
+jmp short loc_fffc1342 ; jmp 0xfffc1342
+
+loc_fffc1310: ; not directly referenced
+mov eax, dword [ebp - 0xcd4]
+mov edx, esi
+mov ecx, dword [ebp - 0xcb0]
+add eax, ebx
+add word [ecx + eax*2 + 0x169], di
+mov eax, dword [ebp - 0xc7c]
+push ecx
+mov ecx, dword [ebp - 0xc80]
+push 0
+push 0xff
+push ebx
+call fcn_fffa73b0 ; call 0xfffa73b0
+
+loc_fffc1342: ; not directly referenced
+add esp, 0x10
+
+loc_fffc1345: ; not directly referenced
+imul edi, edi, 0xa
+xor ecx, ecx
+lea edx, [esi + esi*8]
+
+loc_fffc134d: ; not directly referenced
+movzx eax, cl
+imul eax, eax, 0x12
+add eax, edx
+add eax, ebx
+add dword [ebp + eax*8 - 0x888], edi
+sub dword [ebp + eax*8 - 0x884], edi
+mov al, 7
+cmp byte [ebp - 0xc99], 0
+cmove ecx, eax
+inc ecx
+cmp cl, 6
+jbe short loc_fffc134d ; jbe 0xfffc134d
+lea ecx, [esi + esi*8]
+mov edi, dword [ebp - 0xcbc]
+lea eax, [ecx + ebx]
+mov edx, dword [ebp + eax*8 - 0x888]
+add ecx, dword [ebp - 0xcc4]
+inc byte [ebp - 0xca4]
+add ebx, ecx
+mov dword [edi + ebx*8], edx
+mov eax, dword [ebp + eax*8 - 0x884]
+mov dword [edi + ebx*8 + 4], eax
+jmp near loc_fffc0f9c ; jmp 0xfffc0f9c
+
+loc_fffc13ab: ; not directly referenced
+cmp byte [ebp - 0xcee], 0
+je loc_fffc0cba ; je 0xfffc0cba
+cmp byte [ebp - 0xc99], 0
+jne short loc_fffc140e ; jne 0xfffc140e
+
+loc_fffc13c1: ; not directly referenced
+mov eax, dword [ebp - 0xc98]
+and eax, 1
+mov dword [ebp - 0xcb0], eax
+je short loc_fffc13e7 ; je 0xfffc13e7
+mov eax, dword [ebp - 0xc7c]
+mov ecx, 0xffff3001
+mov edx, 0x4098
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc13e7: ; not directly referenced
+cmp dword [ebp - 0xca8], 0
+je loc_fffc1493 ; je 0xfffc1493
+mov eax, dword [ebp - 0xc7c]
+mov ecx, 0xffff3001
+mov edx, 0x4498
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffc1493 ; jmp 0xfffc1493
+
+loc_fffc140e: ; not directly referenced
+sub esp, 0xc
+mov ecx, dword [ebp - 0xc80]
+lea eax, [ebp - 0xc68]
+mov edx, dword [ebp - 0xc88]
+push eax
+lea ebx, [ebp - 0xbe8]
+push ebx
+lea eax, [ebp - 0xba0]
+push eax
+lea eax, [ebp - 0xc71]
+push eax
+mov eax, dword [ebp - 0xc7c]
+push dword [ebp - 0xcb4]
+call fcn_fffc0855 ; call 0xfffc0855
+add esp, 0x20
+test eax, eax
+je loc_fffc13c1 ; je 0xfffc13c1
+push edi
+mov edi, dword [ebp - 0xc7c]
+push 0x18
+movzx eax, byte [edi + 0x2488]
+push eax
+push ebx
+mov ebx, dword [ebp - 0xc84]
+mov eax, ebx
+call dword [eax + 0x64] ; ucall
+add esp, 0xc
+push 0x18
+movzx eax, byte [edi + 0x2488]
+push eax
+lea eax, [ebp - 0xbc4]
+push eax
+mov eax, ebx
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+jmp near loc_fffc13c1 ; jmp 0xfffc13c1
+
+loc_fffc1493: ; not directly referenced
+movzx eax, byte [ebp - 0xc9b]
+mov byte [ebp - 0xc98], 0
+mov dword [ebp - 0xcd0], eax
+
+loc_fffc14a7: ; not directly referenced
+lea eax, [ebp - 0xbe8]
+xor ebx, ebx
+mov dword [ebp - 0xcac], eax
+movzx eax, byte [ebp - 0xc98]
+lea edi, [ebp - 0x498]
+mov dword [ebp - 0xcc4], eax
+
+loc_fffc14c8: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+bt eax, ebx
+jb loc_fffc1582 ; jb 0xfffc1582
+
+loc_fffc14d7: ; not directly referenced
+mov eax, dword [ebp - 0xc84]
+inc ebx
+push esi
+push 8
+push 0x90
+push edi
+add edi, 0x240
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+add dword [ebp - 0xcac], 0x24
+cmp ebx, 2
+jne short loc_fffc14c8 ; jne 0xfffc14c8
+movzx eax, byte [ebp - 0xc98]
+mov ebx, dword [ebp - 0xc7c]
+mov edx, dword [ebp - 0xc88]
+mov dword [ebp - 0xcd4], eax
+imul eax, eax, 0x90
+mov byte [ebx + 0x248c], 1
+push ecx
+mov ecx, dword [ebp - 0xc80]
+push dword [ebp - 0xcd0]
+lea eax, [ebp + eax - 0x888]
+push eax
+lea eax, [ebp - 0x498]
+push eax
+mov eax, ebx
+call fcn_fffbfaf9 ; call 0xfffbfaf9
+lea eax, [ebp - 0xac8]
+add esp, 0x10
+mov dword [ebp - 0xcac], eax
+lea eax, [ebp - 0xba0]
+xor ebx, ebx
+mov dword [ebp - 0xcc4], eax
+lea eax, [ebp - 0xb58]
+mov dword [ebp - 0xcb8], eax
+lea eax, [ebp - 0x498]
+mov dword [ebp - 0xccc], eax
+jmp near loc_fffc1640 ; jmp 0xfffc1640
+
+loc_fffc1582: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+lea ecx, [ebx + 1]
+mov byte [ebp - 0xca4], 1
+sar eax, cl
+cmp byte [ebp - 0xca0], 4
+mov dword [ebp - 0xcb8], eax
+jne short loc_fffc15b5 ; jne 0xfffc15b5
+mov eax, dword [ebp - 0xc7c]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0xca4], al
+
+loc_fffc15b5: ; not directly referenced
+xor esi, esi
+
+loc_fffc15b7: ; not directly referenced
+mov eax, esi
+cmp byte [ebp - 0xca4], al
+jbe loc_fffc14d7 ; jbe 0xfffc14d7
+push 0
+mov eax, dword [ebp - 0xcac]
+mov ecx, 0x18
+push dword [ebp - 0xcb8]
+mov edx, dword [ebp - 0xcc4]
+push 0
+push 0
+push esi
+push dword [ebp - 0xc80]
+push ebx
+push 0
+push 0
+mov eax, dword [eax + esi*4]
+inc esi
+imul eax, dword [ebp + edx*4 - 0xc04]
+cdq
+idiv ecx
+push eax
+push dword [ebp - 0xcb4]
+push dword [ebp - 0xc7c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+jmp short loc_fffc15b7 ; jmp 0xfffc15b7
+
+loc_fffc1614: ; not directly referenced
+inc ebx
+add dword [ebp - 0xcac], 0x120
+add dword [ebp - 0xccc], 0x240
+add dword [ebp - 0xcc4], 0x24
+add dword [ebp - 0xcb8], 0x24
+cmp ebx, 2
+je loc_fffc16f0 ; je 0xfffc16f0
+
+loc_fffc1640: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+bt eax, ebx
+jae short loc_fffc1614 ; jae 0xfffc1614
+mov eax, dword [ebp - 0xc7c]
+xor edx, edx
+mov esi, dword [ebp - 0xccc]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0xce0], al
+mov eax, dword [ebp - 0xcac]
+mov dword [ebp - 0xca4], eax
+
+loc_fffc1671: ; not directly referenced
+cmp byte [ebp - 0xce0], dl
+jbe short loc_fffc1614 ; jbe 0xfffc1614
+mov eax, dword [ebp - 0xcb8]
+mov edi, dword [ebp - 0xcd4]
+mov ecx, dword [eax + edx*4]
+mov eax, dword [ebp - 0xcc4]
+imul ecx, dword [ebp + edi*4 - 0xc3c]
+mov eax, dword [eax + edx*4]
+imul eax, dword [ebp + edi*4 - 0xc58]
+add eax, ecx
+mov dword [ebp - 0xcf4], eax
+xor eax, eax
+
+loc_fffc16ab: ; not directly referenced
+mov edi, dword [esi + eax*2 + 4]
+add edi, dword [esi + eax*2]
+sub edi, 0x10
+cmp byte [ebp - 0xc98], 0
+jne short loc_fffc16cb ; jne 0xfffc16cb
+mov ecx, dword [ebp - 0xca4]
+mov dword [ecx + eax], 0
+
+loc_fffc16cb: ; not directly referenced
+mov ecx, dword [ebp - 0xca4]
+imul edi, dword [ebp - 0xcf4]
+add dword [ecx + eax], edi
+add eax, 4
+cmp eax, 0x20
+jne short loc_fffc16ab ; jne 0xfffc16ab
+inc edx
+add esi, 0x40
+add dword [ebp - 0xca4], 0x20
+jmp short loc_fffc1671 ; jmp 0xfffc1671
+
+loc_fffc16f0: ; not directly referenced
+mov bl, byte [ebp - 0xc98]
+mov al, 7
+cmp byte [ebp - 0xc99], 0
+cmove ebx, eax
+mov byte [ebp - 0xc98], bl
+inc byte [ebp - 0xc98]
+cmp byte [ebp - 0xc98], 6
+jbe loc_fffc14a7 ; jbe 0xfffc14a7
+mov eax, dword [ebp - 0xc7c]
+xor edi, edi
+mov ebx, dword [ebp - 0xcc8]
+mov dword [ebp - 0xcac], 0
+add eax, 0x3756
+mov dword [ebp - 0xcb8], eax
+imul eax, dword [ebp - 0xc80], 0xd8
+mov dword [ebp - 0xcc4], ebx
+add eax, 0x282
+mov dword [ebp - 0xcf4], eax
+
+loc_fffc1759: ; not directly referenced
+mov eax, dword [ebp - 0xc88]
+bt eax, edi
+jae loc_fffc18f5 ; jae 0xfffc18f5
+mov eax, dword [ebp - 0xc7c]
+mov edx, edi
+mov ecx, 0xffff0001
+shl edx, 0xa
+add edx, 0x4098
+call fcn_fffae58c ; call 0xfffae58c
+lea eax, [edi + edi*8]
+mov byte [ebp - 0xc98], 0
+mov dword [ebp - 0xce0], eax
+
+loc_fffc1793: ; not directly referenced
+mov eax, dword [ebp - 0xc7c]
+movzx eax, byte [eax + 0x2488]
+cmp byte [ebp - 0xc98], al
+jae loc_fffc18df ; jae 0xfffc18df
+movzx eax, byte [ebp - 0xc98]
+mov edx, dword [ebp - 0xcdc]
+mov ebx, dword [ebp - 0xcd8]
+mov dword [ebp - 0xca4], 0
+mov esi, eax
+mov dword [ebp - 0xccc], eax
+mov eax, dword [ebp - 0xce0]
+add eax, esi
+imul ebx, dword [ebp + eax*4 - 0xba0]
+imul edx, dword [ebp + eax*4 - 0xb58]
+mov eax, 1
+add edx, ebx
+cmovne eax, edx
+xor ecx, ecx
+mov ebx, eax
+add ebx, eax
+mov dword [ebp - 0xcd4], ebx
+imul ebx, esi, 0x18
+add esi, dword [ebp - 0xcac]
+add ebx, dword [ebp - 0xcf4]
+add ebx, dword [ebp - 0xcb8]
+mov dword [ebp - 0xcc8], eax
+shl esi, 5
+lea eax, [ebp - 0xac8]
+add esi, eax
+
+loc_fffc1825: ; not directly referenced
+mov edx, dword [esi + ecx]
+mov eax, edx
+sar eax, 0x1f
+or eax, 1
+movsx eax, al
+imul eax, dword [ebp - 0xcc8]
+add eax, edx
+cdq
+idiv dword [ebp - 0xcd4]
+cmp byte [ebp - 0xc9a], 1
+jne short loc_fffc1851 ; jne 0xfffc1851
+movzx edx, byte [ebx]
+jmp short loc_fffc1858 ; jmp 0xfffc1858
+
+loc_fffc1851: ; not directly referenced
+movzx edx, byte [ebx + 0x360]
+
+loc_fffc1858: ; not directly referenced
+add eax, edx
+cmp eax, 0xf
+jle short loc_fffc1868 ; jle 0xfffc1868
+mov dword [esi + ecx], 0xf
+jmp short loc_fffc1875 ; jmp 0xfffc1875
+
+loc_fffc1868: ; not directly referenced
+test eax, eax
+mov edx, 0
+cmovs eax, edx
+mov dword [esi + ecx], eax
+
+loc_fffc1875: ; not directly referenced
+cmp byte [ebp - 0xc9a], 1
+mov eax, dword [esi + ecx]
+jne short loc_fffc1885 ; jne 0xfffc1885
+mov byte [ebx], al
+jmp short loc_fffc188b ; jmp 0xfffc188b
+
+loc_fffc1885: ; not directly referenced
+mov byte [ebx + 0x360], al
+
+loc_fffc188b: ; not directly referenced
+mov eax, dword [esi + ecx]
+add ebx, 3
+shl eax, cl
+add ecx, 4
+or dword [ebp - 0xca4], eax
+cmp ecx, 0x20
+jne short loc_fffc1825 ; jne 0xfffc1825
+push 0
+push 0
+push 0
+push 0
+push dword [ebp - 0xccc]
+push dword [ebp - 0xc80]
+push edi
+push 0
+push 0
+push dword [ebp - 0xca4]
+push dword [ebp - 0xcd0]
+push dword [ebp - 0xc7c]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+inc byte [ebp - 0xc98]
+jmp near loc_fffc1793 ; jmp 0xfffc1793
+
+loc_fffc18df: ; not directly referenced
+push edx
+push 0
+push eax
+mov eax, dword [ebp - 0xc84]
+push dword [ebp - 0xcc4]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffc18f5: ; not directly referenced
+inc edi
+add dword [ebp - 0xcc4], 0xcc
+add dword [ebp - 0xcac], 9
+add dword [ebp - 0xcb8], 0x13c3
+cmp edi, 2
+jne loc_fffc1759 ; jne 0xfffc1759
+cmp dword [ebp - 0xcb0], 0
+je short loc_fffc1938 ; je 0xfffc1938
+mov eax, dword [ebp - 0xc7c]
+mov ecx, 0xffff3001
+mov edx, 0x4098
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc1938: ; not directly referenced
+cmp dword [ebp - 0xca8], 0
+je short loc_fffc1956 ; je 0xfffc1956
+mov eax, dword [ebp - 0xc7c]
+mov ecx, 0xffff3001
+mov edx, 0x4498
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc1956: ; not directly referenced
+cmp dword [ebp - 0xcb0], 0
+je short loc_fffc1974 ; je 0xfffc1974
+mov eax, dword [ebp - 0xc7c]
+mov ecx, 0xffff0001
+mov edx, 0x4098
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc1974: ; not directly referenced
+cmp dword [ebp - 0xca8], 0
+je loc_fffc0cba ; je 0xfffc0cba
+mov eax, dword [ebp - 0xc7c]
+mov ecx, 0xffff0001
+mov edx, 0x4498
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffc0cba ; jmp 0xfffc0cba
+
+loc_fffc199b: ; not directly referenced
+mov eax, 2
+jmp short loc_fffc19a7 ; jmp 0xfffc19a7
+
+loc_fffc19a2: ; not directly referenced
+mov eax, 1
+
+loc_fffc19a7: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc19af: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1040
+mov edi, dword [eax + 0x5edc]
+mov dword [ebp - 0x101c], edx
+mov dl, byte [ebp + 0x10]
+mov dword [ebp - 0xffc], eax
+mov esi, dword [ebp + 8]
+mov dword [ebp - 0x1000], ecx
+mov ebx, dword [ebp + 0xc]
+mov byte [ebp - 0xff7], 0
+mov byte [ebp - 0x1008], dl
+mov edx, dword [eax + 0x2443]
+mov eax, dword [eax + 0x188b]
+push 0
+push 0x10
+mov dword [ebp - 0x102c], eax
+lea eax, [ebp - 0xfe8]
+push eax
+mov dword [ebp - 0x1038], esi
+mov byte [ebp - 0xff6], 0xf8
+mov byte [ebp - 0xff5], 8
+mov byte [ebp - 0xff4], 1
+mov byte [ebp - 0xff3], 1
+mov byte [ebp - 0xff2], 1
+mov dword [ebp - 0x1010], edx
+call dword [edx + 0x5c] ; ucall
+mov ecx, dword [ebp - 0x1000]
+add esp, 0x10
+xor eax, eax
+
+loc_fffc1a43: ; not directly referenced
+mov byte [ebp + eax - 0xff1], al
+inc eax
+cmp eax, 9
+jne short loc_fffc1a43 ; jne 0xfffc1a43
+mov eax, dword [ebp - 0xffc]
+sub esp, 0xc
+movzx edx, cl
+push 2
+mov ecx, 0xf
+call fcn_fffb26ca ; call 0xfffb26ca
+add esp, 0x10
+xor eax, eax
+mov byte [ebp - 0x1004], 0
+mov dl, 3
+
+loc_fffc1a76: ; not directly referenced
+movzx ecx, al
+mov cl, byte [ebp + ecx - 0xff4]
+add byte [ebp - 0x1004], cl
+cmp byte [ebp - 0x1008], 0
+cmove eax, edx
+inc eax
+cmp al, 2
+jbe short loc_fffc1a76 ; jbe 0xfffc1a76
+mov esi, dword [ebp - 0x1004]
+mov eax, esi
+test al, al
+mov al, 1
+cmove esi, eax
+dec bl
+mov eax, esi
+mov byte [ebp - 0x1004], al
+jne short loc_fffc1ad7 ; jne 0xfffc1ad7
+push 1
+push 0
+push 1
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0x88888888
+push 0xa
+push dword [ebp - 0xffc]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+
+loc_fffc1ad7: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+xor ebx, ebx
+mov byte [ebp - 0x1000], 0
+lea esi, [eax + 0x381a]
+lea eax, [edi + 0x70]
+mov dword [ebp - 0x1028], eax
+mov edi, eax
+
+loc_fffc1af7: ; not directly referenced
+movzx ecx, byte [esi]
+mov edx, ebx
+mov eax, dword [ebp - 0xffc]
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0x1000], al
+cmp dword [esi - 0xc4], 2
+jne short loc_fffc1b34 ; jne 0xfffc1b34
+mov eax, dword [ebp - 0xffc]
+push ecx
+push 0
+movzx eax, byte [eax + 0x2488]
+push eax
+mov eax, dword [ebp - 0x1010]
+push edi
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffc1b34: ; not directly referenced
+inc ebx
+add esi, 0x13c3
+add edi, 0xcc
+cmp ebx, 2
+jne short loc_fffc1af7 ; jne 0xfffc1af7
+mov eax, dword [ebp - 0xffc]
+mov ecx, 1
+push edx
+push edx
+push 0xf
+lea edi, [eax + 0x2490]
+push 0
+mov edx, edi
+mov dword [ebp - 0x1014], edi
+call fcn_fffa7e6c ; call 0xfffa7e6c
+movzx eax, byte [ebp - 0x1000]
+lea ecx, [ebp - 0xfd8]
+mov esi, dword [ebp - 0x101c]
+add esp, 0x10
+mov dword [ebp - 0x100c], 0
+mov dword [ebp - 0x1000], eax
+
+loc_fffc1b90: ; not directly referenced
+mov eax, dword [ebp - 0x1000]
+mov edi, dword [ebp - 0x100c]
+bt eax, edi
+jae short loc_fffc1bf5 ; jae 0xfffc1bf5
+mov eax, dword [ebp - 0xffc]
+xor edi, edi
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x1018], al
+jmp short loc_fffc1beb ; jmp 0xfffc1beb
+
+loc_fffc1bb7: ; not directly referenced
+cmp byte [ebp - 0x1008], 0
+je short loc_fffc1c2d ; je 0xfffc1c2d
+mov eax, dword [esi + edi*8 + 0x244]
+mov ebx, 0x14
+xor edx, edx
+add eax, dword [esi + edi*8 + 0x240]
+div ebx
+mov dword [ecx + edi*4], eax
+
+loc_fffc1bda: ; not directly referenced
+mov eax, dword [ecx + edi*4]
+dec eax
+cmp eax, 0xb
+jbe short loc_fffc1bea ; jbe 0xfffc1bea
+mov dword [ecx + edi*4], 0xc
+
+loc_fffc1bea: ; not directly referenced
+inc edi
+
+loc_fffc1beb: ; not directly referenced
+mov eax, edi
+cmp byte [ebp - 0x1018], al
+ja short loc_fffc1bb7 ; ja 0xfffc1bb7
+
+loc_fffc1bf5: ; not directly referenced
+inc dword [ebp - 0x100c]
+add ecx, 0x24
+add esi, 0x48
+cmp dword [ebp - 0x100c], 2
+jne short loc_fffc1b90 ; jne 0xfffc1b90
+push eax
+mov edx, dword [ebp - 0x1014]
+mov ecx, 4
+push eax
+mov eax, dword [ebp - 0xffc]
+xor edi, edi
+push 0xf
+push 0
+call fcn_fffa7e6c ; call 0xfffa7e6c
+add esp, 0x10
+jmp short loc_fffc1c36 ; jmp 0xfffc1c36
+
+loc_fffc1c2d: ; not directly referenced
+mov dword [ecx + edi*4], 1
+jmp short loc_fffc1bda ; jmp 0xfffc1bda
+
+loc_fffc1c36: ; not directly referenced
+mov eax, edi
+xor ebx, ebx
+movzx esi, al
+
+loc_fffc1c3d: ; not directly referenced
+mov eax, dword [ebp - 0x1000]
+bt eax, ebx
+jae short loc_fffc1c55 ; jae 0xfffc1c55
+lea eax, [ebx + ebx*8]
+xor ecx, ecx
+mov dword [ebp - 0x100c], eax
+jmp short loc_fffc1cc1 ; jmp 0xfffc1cc1
+
+loc_fffc1c55: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffc1c3d ; jne 0xfffc1c3d
+push eax
+mov ecx, dword [ebp - 0x1000]
+push eax
+mov edx, dword [ebp - 0x1014]
+lea eax, [ebp - 0xfe8]
+push eax
+push 0x36
+lea eax, [ebp - 0xff1]
+push eax
+mov eax, dword [ebp - 0xffc]
+push 4
+push 0xff
+push 0
+call fcn_fffd13ed ; call 0xfffd13ed
+mov eax, edi
+mov ebx, dword [ebp - 0x101c]
+movzx eax, al
+add esp, 0x20
+imul ecx, eax, 0x90
+lea edx, [ebp - 0xf90]
+mov dword [ebp - 0x100c], ebx
+xor ebx, ebx
+mov dword [ebp - 0x1034], eax
+lea esi, [ebp + ecx - 0xf48]
+jmp near loc_fffc1d55 ; jmp 0xfffc1d55
+
+loc_fffc1cc1: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+cmp cl, byte [eax + 0x2488]
+jae short loc_fffc1c55 ; jae 0xfffc1c55
+push 2
+mov edx, dword [ebp - 0x100c]
+movzx eax, cl
+push 0
+push 1
+push 0
+push eax
+add edx, eax
+movsx eax, byte [ebp + esi - 0xff7]
+imul eax, dword [ebp + edx*4 - 0xfd8]
+mov dword [ebp - 0x1018], ecx
+mov ecx, 0xc
+push 0
+push ebx
+cdq
+idiv ecx
+push 0
+push 0
+push eax
+push 1
+push dword [ebp - 0xffc]
+call fcn_fffcc900 ; call 0xfffcc900
+mov ecx, dword [ebp - 0x1018]
+add esp, 0x30
+inc ecx
+jmp short loc_fffc1cc1 ; jmp 0xfffc1cc1
+
+loc_fffc1d22: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x1030], al
+xor eax, eax
+
+loc_fffc1d36: ; not directly referenced
+cmp byte [ebp - 0x1030], al
+ja short loc_fffc1d62 ; ja 0xfffc1d62
+
+loc_fffc1d3e: ; not directly referenced
+inc ebx
+add edx, 0x24
+add esi, 0x48
+add dword [ebp - 0x100c], 0x48
+cmp ebx, 2
+je loc_fffc1ddb ; je 0xfffc1ddb
+
+loc_fffc1d55: ; not directly referenced
+mov eax, dword [ebp - 0x1000]
+bt eax, ebx
+jb short loc_fffc1d22 ; jb 0xfffc1d22
+jmp short loc_fffc1d3e ; jmp 0xfffc1d3e
+
+loc_fffc1d62: ; not directly referenced
+mov dword [ebp - 0x103c], edx
+mov edx, dword [ebp - 0x100c]
+mov ecx, dword [edx + eax*8 + 4]
+mov edx, dword [edx + eax*8]
+mov dword [ebp - 0x1018], ecx
+sub ecx, edx
+mov dword [ebp - 0x1024], ecx
+mov ecx, edi
+test cl, cl
+mov dword [ebp - 0x1020], edx
+mov edx, dword [ebp - 0x103c]
+jne short loc_fffc1d9c ; jne 0xfffc1d9c
+mov dword [edx + eax*4], 0
+
+loc_fffc1d9c: ; not directly referenced
+mov dword [ebp - 0x103c], eax
+mov eax, dword [ebp - 0x1034]
+movzx eax, byte [ebp + eax - 0xff4]
+imul eax, dword [ebp - 0x1024]
+mov ecx, eax
+mov eax, dword [ebp - 0x103c]
+add dword [edx + eax*4], ecx
+mov ecx, dword [ebp - 0x1020]
+mov dword [esi + eax*8], ecx
+mov ecx, dword [ebp - 0x1018]
+mov dword [esi + eax*8 + 4], ecx
+inc eax
+jmp near loc_fffc1d36 ; jmp 0xfffc1d36
+
+loc_fffc1ddb: ; not directly referenced
+cmp byte [ebp - 0x1008], 0
+mov al, 3
+cmove edi, eax
+inc edi
+mov eax, edi
+cmp al, 2
+jbe loc_fffc1c36 ; jbe 0xfffc1c36
+movsx eax, byte [ebp - 0x1004]
+mov dword [ebp - 0x1004], 0
+mov dword [ebp - 0x1018], eax
+imul eax, eax, 0x14
+mov dword [ebp - 0x1030], eax
+mov eax, dword [ebp - 0xffc]
+add eax, 0x3756
+mov dword [ebp - 0x1034], eax
+mov dword [ebp - 0x1014], eax
+mov eax, dword [ebp - 0x1028]
+mov dword [ebp - 0x1024], eax
+
+loc_fffc1e35: ; not directly referenced
+mov eax, dword [ebp - 0x1000]
+mov ebx, dword [ebp - 0x1004]
+bt eax, ebx
+jae loc_fffc1f9d ; jae 0xfffc1f9d
+lea eax, [ebx + ebx*8]
+mov byte [ebp - 0x100c], 0
+mov dword [ebp - 0x1020], eax
+
+loc_fffc1e5a: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+movzx eax, byte [eax + 0x2488]
+cmp byte [ebp - 0x100c], al
+jae loc_fffc1f62 ; jae 0xfffc1f62
+movzx ebx, byte [ebp - 0x100c]
+mov eax, dword [ebp - 0x1020]
+lea ecx, [eax + ebx]
+mov eax, dword [ebp + ecx*4 - 0xf90]
+cdq
+or edx, 1
+movsx edi, dl
+imul edi, dword [ebp - 0x1018]
+imul esi, edi, 0xa
+mov edi, dword [ebp - 0x1014]
+add eax, esi
+cdq
+idiv dword [ebp - 0x1030]
+mov dword [ebp + ecx*4 - 0xf90], eax
+cdq
+mov ecx, 2
+mov esi, eax
+idiv ecx
+add byte [edi + ebx + 0x101d], al
+xor edi, edi
+
+loc_fffc1ec4: ; not directly referenced
+mov edx, dword [ebp - 0x1014]
+mov eax, 1
+mov ecx, edi
+shl eax, cl
+test byte [edx + 0xc4], al
+je short loc_fffc1efa ; je 0xfffc1efa
+mov edx, dword [ebp - 0x1004]
+mov ecx, edi
+push eax
+mov eax, dword [ebp - 0xffc]
+push 0
+push 0xff
+push ebx
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffc1efa: ; not directly referenced
+inc edi
+cmp edi, 4
+jne short loc_fffc1ec4 ; jne 0xfffc1ec4
+imul edi, esi, 0xa
+xor ecx, ecx
+imul esi, esi, 0xfffffff6
+mov dl, 3
+
+loc_fffc1f0a: ; not directly referenced
+movzx eax, cl
+imul eax, eax, 0x12
+add eax, dword [ebp - 0x1020]
+add eax, ebx
+add dword [ebp + eax*8 - 0xf48], edi
+add dword [ebp + eax*8 - 0xf44], esi
+cmp byte [ebp - 0x1008], 0
+cmove ecx, edx
+inc ecx
+cmp cl, 2
+jbe short loc_fffc1f0a ; jbe 0xfffc1f0a
+add ebx, dword [ebp - 0x1020]
+mov edi, dword [ebp - 0x101c]
+inc byte [ebp - 0x100c]
+mov eax, dword [ebp + ebx*8 - 0xf48]
+mov dword [edi + ebx*8], eax
+mov eax, dword [ebp + ebx*8 - 0xf44]
+mov dword [edi + ebx*8 + 4], eax
+jmp near loc_fffc1e5a ; jmp 0xfffc1e5a
+
+loc_fffc1f62: ; not directly referenced
+push ebx
+push 0
+push eax
+mov eax, dword [ebp - 0x1010]
+push dword [ebp - 0x1024]
+call dword [eax + 0x64] ; ucall
+mov edx, dword [ebp - 0x1004]
+mov ecx, 1
+mov dword [esp], 0
+mov eax, dword [ebp - 0xffc]
+push 1
+push 0
+push 2
+push 0
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+
+loc_fffc1f9d: ; not directly referenced
+inc dword [ebp - 0x1004]
+add dword [ebp - 0x1024], 0xcc
+add dword [ebp - 0x1014], 0x13c3
+cmp dword [ebp - 0x1004], 2
+jne loc_fffc1e35 ; jne 0xfffc1e35
+cmp dword [ebp - 0x102c], 1
+sete dl
+cmp byte [ebp - 0x1038], 0
+setne cl
+mov al, cl
+and eax, edx
+xor eax, 1
+test al, cl
+je loc_fffc23fc ; je 0xfffc23fc
+cmp dl, 1
+sbb eax, eax
+mov dword [ebp - 0x100c], eax
+and byte [ebp - 0x100c], 0xfd
+add byte [ebp - 0x100c], 4
+test byte [ebp - 0x1000], 1
+je short loc_fffc201e ; je 0xfffc201e
+mov eax, dword [ebp - 0xffc]
+mov ecx, 0xffff3001
+mov edx, 0x4098
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc201e: ; not directly referenced
+test byte [ebp - 0x1000], 2
+je short loc_fffc203c ; je 0xfffc203c
+mov eax, dword [ebp - 0xffc]
+mov ecx, 0xffff3001
+mov edx, 0x4498
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc203c: ; not directly referenced
+mov byte [ebp - 0x1004], 0
+
+loc_fffc2043: ; not directly referenced
+movzx edi, byte [ebp - 0x1004]
+xor ebx, ebx
+
+loc_fffc204c: ; not directly referenced
+mov eax, dword [ebp - 0x1000]
+bt eax, ebx
+jb short loc_fffc208d ; jb 0xfffc208d
+
+loc_fffc2057: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffc204c ; jne 0xfffc204c
+movzx eax, byte [ebp - 0x1004]
+lea ebx, [ebp - 0xf48]
+mov dword [ebp - 0x1014], 0
+mov dword [ebp - 0x1030], eax
+imul eax, eax, 0x90
+add eax, ebx
+mov dword [ebp - 0x1038], eax
+jmp near loc_fffc215d ; jmp 0xfffc215d
+
+loc_fffc208d: ; not directly referenced
+lea eax, [ebx + ebx*8]
+xor ecx, ecx
+mov dword [ebp - 0x1014], eax
+mov dword [ebp - 0x101c], eax
+
+loc_fffc209e: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+cmp cl, byte [eax + 0x2488]
+jae short loc_fffc2057 ; jae 0xfffc2057
+mov eax, dword [ebp - 0x101c]
+movzx esi, cl
+mov dword [ebp - 0x1020], ecx
+mov ecx, 0xc
+push 1
+push 0
+lea edx, [eax + esi]
+movsx eax, byte [ebp + edi - 0xff7]
+imul eax, dword [ebp + edx*4 - 0xfd8]
+push 1
+push 0
+push esi
+cdq
+idiv ecx
+push 0
+push ebx
+push 0
+push 0
+push eax
+push 1
+push dword [ebp - 0xffc]
+call fcn_fffcc900 ; call 0xfffcc900
+mov ecx, dword [ebp - 0x1020]
+lea eax, [ebp - 0xd98]
+add esi, dword [ebp - 0x1014]
+add esp, 0x30
+shl esi, 6
+add esi, eax
+xor eax, eax
+
+loc_fffc2110: ; not directly referenced
+mov dword [esi + eax + 4], 8
+mov dword [esi + eax], 8
+add eax, 8
+cmp eax, 0x40
+jne short loc_fffc2110 ; jne 0xfffc2110
+inc ecx
+jmp near loc_fffc209e ; jmp 0xfffc209e
+
+loc_fffc212d: ; not directly referenced
+mov eax, dword [ebp - 0x1000]
+bt eax, edx
+jb short loc_fffc219d ; jb 0xfffc219d
+
+loc_fffc2138: ; not directly referenced
+inc edx
+add dword [ebp - 0x101c], 0x24
+cmp edx, 2
+jne short loc_fffc212d ; jne 0xfffc212d
+inc dword [ebp - 0x1014]
+mov al, byte [ebp - 0x1014]
+cmp byte [ebp - 0x100c], al
+jbe loc_fffc2233 ; jbe 0xfffc2233
+
+loc_fffc215d: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+lea esi, [ebp - 0xd98]
+mov edx, dword [ebp - 0x1000]
+mov byte [eax + 0x248c], 1
+push ecx
+push 0xa
+push dword [ebp - 0x1038]
+push esi
+mov esi, dword [ebp - 0x1014]
+mov ecx, esi
+call fcn_fffbfaf9 ; call 0xfffbfaf9
+lea eax, [esi + esi*8]
+add esp, 0x10
+mov dword [ebp - 0x101c], eax
+xor edx, edx
+jmp short loc_fffc212d ; jmp 0xfffc212d
+
+loc_fffc219d: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+xor ecx, ecx
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x102c], al
+lea eax, [edx + edx*8]
+mov dword [ebp - 0x1020], eax
+
+loc_fffc21ba: ; not directly referenced
+cmp cl, byte [ebp - 0x102c]
+je loc_fffc2138 ; je 0xfffc2138
+mov eax, dword [ebp - 0x1030]
+movzx ebx, cl
+movzx eax, byte [ebp + eax - 0xff4]
+mov dword [ebp - 0x1024], eax
+mov eax, dword [ebp - 0x1020]
+lea edi, [ebx + eax]
+add ebx, dword [ebp - 0x101c]
+lea eax, [ebp - 0xd98]
+shl edi, 6
+add edi, eax
+shl ebx, 5
+lea eax, [ebp - 0x918]
+add ebx, eax
+xor eax, eax
+
+loc_fffc2204: ; not directly referenced
+mov esi, dword [edi + eax*2 + 4]
+add esi, dword [edi + eax*2]
+sub esi, 0x10
+cmp byte [ebp - 0x1004], 0
+jne short loc_fffc221e ; jne 0xfffc221e
+mov dword [ebx + eax], 0
+
+loc_fffc221e: ; not directly referenced
+imul esi, dword [ebp - 0x1024]
+add dword [ebx + eax], esi
+add eax, 4
+cmp eax, 0x20
+jne short loc_fffc2204 ; jne 0xfffc2204
+inc ecx
+jmp short loc_fffc21ba ; jmp 0xfffc21ba
+
+loc_fffc2233: ; not directly referenced
+mov bl, byte [ebp - 0x1004]
+mov al, 3
+cmp byte [ebp - 0x1008], 0
+cmove ebx, eax
+mov byte [ebp - 0x1004], bl
+inc byte [ebp - 0x1004]
+cmp byte [ebp - 0x1004], 2
+jbe loc_fffc2043 ; jbe 0xfffc2043
+mov edi, dword [ebp - 0x1018]
+mov eax, edi
+add eax, edi
+xor edi, edi
+mov dword [ebp - 0x102c], eax
+mov eax, dword [ebp - 0x1034]
+mov dword [ebp - 0x1008], eax
+mov eax, dword [ebp - 0x1028]
+mov dword [ebp - 0x1024], eax
+
+loc_fffc2288: ; not directly referenced
+mov eax, dword [ebp - 0x1000]
+bt eax, edi
+jae loc_fffc23de ; jae 0xfffc23de
+imul eax, edi, 0x24
+mov dword [ebp - 0x1004], 0
+mov dword [ebp - 0x1020], eax
+
+loc_fffc22aa: ; not directly referenced
+imul eax, dword [ebp - 0x1004], 0xd8
+mov byte [ebp - 0x1014], 0
+add eax, 0x942
+mov dword [ebp - 0x1030], eax
+
+loc_fffc22c6: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+mov bl, byte [ebp - 0x1014]
+movzx eax, byte [eax + 0x2488]
+cmp bl, al
+jae loc_fffc23a9 ; jae 0xfffc23a9
+movzx eax, bl
+mov ebx, dword [ebp - 0x1020]
+xor ecx, ecx
+imul esi, eax, 0x18
+add esi, dword [ebp - 0x1030]
+add esi, dword [ebp - 0x1008]
+add ebx, eax
+shl ebx, 5
+lea edx, [ebp - 0x918]
+add ebx, edx
+mov dword [ebp - 0x101c], 0
+mov dword [ebp - 0x1028], eax
+
+loc_fffc2318: ; not directly referenced
+mov edx, dword [ebx + ecx]
+mov eax, edx
+sar eax, 0x1f
+or eax, 1
+movsx eax, al
+imul eax, dword [ebp - 0x1018]
+add eax, edx
+cdq
+idiv dword [ebp - 0x102c]
+movzx edx, byte [esi]
+add eax, edx
+cmp eax, 0xf
+jle short loc_fffc2349 ; jle 0xfffc2349
+mov dword [ebx + ecx], 0xf
+jmp short loc_fffc2356 ; jmp 0xfffc2356
+
+loc_fffc2349: ; not directly referenced
+test eax, eax
+mov edx, 0
+cmovs eax, edx
+mov dword [ebx + ecx], eax
+
+loc_fffc2356: ; not directly referenced
+mov eax, dword [ebx + ecx]
+add esi, 3
+mov byte [esi - 3], al
+shl eax, cl
+add ecx, 4
+or dword [ebp - 0x101c], eax
+cmp ecx, 0x20
+jne short loc_fffc2318 ; jne 0xfffc2318
+push 2
+push 0
+push 0
+push 0
+push dword [ebp - 0x1028]
+push dword [ebp - 0x1004]
+push edi
+push 0
+push 0
+push dword [ebp - 0x101c]
+push 0xa
+push dword [ebp - 0xffc]
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+inc byte [ebp - 0x1014]
+jmp near loc_fffc22c6 ; jmp 0xfffc22c6
+
+loc_fffc23a9: ; not directly referenced
+inc dword [ebp - 0x1004]
+mov dl, byte [ebp - 0x1004]
+add dword [ebp - 0x1020], 9
+cmp byte [ebp - 0x100c], dl
+ja loc_fffc22aa ; ja 0xfffc22aa
+push edx
+push 0
+push eax
+mov eax, dword [ebp - 0x1010]
+push dword [ebp - 0x1024]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffc23de: ; not directly referenced
+inc edi
+add dword [ebp - 0x1024], 0xcc
+add dword [ebp - 0x1008], 0x13c3
+cmp edi, 2
+jne loc_fffc2288 ; jne 0xfffc2288
+
+loc_fffc23fc: ; not directly referenced
+mov eax, dword [ebp - 0xffc]
+mov byte [eax + 0x247a], 0
+push 2
+push 0
+push 1
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push 1
+push eax
+call fcn_fffcc900 ; call 0xfffcc900
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc242d: ; not directly referenced
+push ebp
+mov ebp, esp
+push esi
+push ebx
+mov ebx, dword [ebp + 8]
+push edx
+movzx ecx, byte [ebx + 0x248e]
+lea esi, [ebx + 0x2490]
+mov eax, ebx
+push 0
+mov edx, esi
+push 1
+push 1
+call fcn_fffc19af ; call 0xfffc19af
+add esp, 0x10
+test eax, eax
+jne short loc_fffc2473 ; jne 0xfffc2473
+push eax
+movzx ecx, byte [ebx + 0x248e]
+mov edx, esi
+push 1
+mov eax, ebx
+push 0
+push 0
+call fcn_fffc19af ; call 0xfffc19af
+add esp, 0x10
+
+loc_fffc2473: ; not directly referenced
+lea esp, [ebp - 8]
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffc247a: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x40
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x3c], 0
+add eax, 0x3756
+mov dword [ebp - 0x2c], eax
+
+loc_fffc2497: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffc24cb ; ja 0xfffc24cb
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffc24cb ; jne 0xfffc24cb
+
+loc_fffc24ab: ; not directly referenced
+inc ecx
+add dword [ebp - 0x3c], 0x23
+add dword [ebp - 0x2c], 8
+cmp ecx, 4
+jne short loc_fffc2497 ; jne 0xfffc2497
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48dd
+jmp near loc_fffc2642 ; jmp 0xfffc2642
+
+loc_fffc24cb: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x28], 0
+add eax, 0x49bf
+mov dword [ebp - 0x40], eax
+imul eax, ecx, 0x2e
+mov dword [ebp - 0x44], eax
+mov eax, dword [ebp - 0x2c]
+mov dword [ebp - 0x30], eax
+mov eax, dword [ebp - 0x3c]
+lea esi, [eax + 0x18b]
+add eax, 0xbb
+mov dword [ebp - 0x48], esi
+mov dword [ebp - 0x4c], eax
+
+loc_fffc2505: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ebx, dword [ebp - 0x28]
+mov esi, dword [ebp - 0x40]
+mov dword [ebp - 0x24], 0
+lea ebx, [eax + ebx + 0x1973]
+
+loc_fffc251c: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffc2601 ; jne 0xfffc2601
+mov eax, dword [ebp - 0x44]
+mov edi, dword [ebp - 0x24]
+mov eax, dword [esi + eax - 0xf2]
+mov dword [ebp - 0x20], eax
+mov eax, dword [ebp - 0x30]
+mov edx, dword [eax + edi + 0xc9]
+mov eax, dword [eax + edi + 0xcd]
+mov dword [ebp - 0x34], edx
+mov dword [ebp - 0x38], eax
+cmp ecx, 1
+je short loc_fffc25a1 ; je 0xfffc25a1
+jb short loc_fffc25ad ; jb 0xfffc25ad
+cmp ecx, 3
+ja short loc_fffc25ad ; ja 0xfffc25ad
+cmp ecx, 2
+mov dl, byte [esi]
+jne short loc_fffc256c ; jne 0xfffc256c
+and dl, 1
+jne short loc_fffc2573 ; jne 0xfffc2573
+xor eax, eax
+jmp short loc_fffc25e9 ; jmp 0xfffc25e9
+
+loc_fffc256c: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffc25e9 ; je 0xfffc25e9
+
+loc_fffc2573: ; not directly referenced
+mov edx, dword [esi - 0x21]
+mov eax, dword [ebp - 0x4c]
+mov edi, dword [ebp - 0x48]
+and edx, 0xfffffffd
+add eax, ebx
+add edi, ebx
+dec edx
+cmovne eax, edi
+xor edi, edi
+cmp byte [esi + 1], 0x13
+movzx edx, byte [eax + 7]
+jne short loc_fffc2597 ; jne 0xfffc2597
+movsx edi, byte [eax + 0x1d]
+
+loc_fffc2597: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x20], 0
+je short loc_fffc25e9 ; je 0xfffc25e9
+jmp short loc_fffc25d3 ; jmp 0xfffc25d3
+
+loc_fffc25a1: ; not directly referenced
+movzx eax, word [ebx + 0x258]
+test ax, ax
+jne short loc_fffc25e9 ; jne 0xfffc25e9
+
+loc_fffc25ad: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x20], 0
+je short loc_fffc25e9 ; je 0xfffc25e9
+mov eax, dword [esi - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc25c8 ; jne 0xfffc25c8
+movzx edx, byte [ebx + 0x5a]
+movsx edi, byte [ebx + 0x6c]
+jmp short loc_fffc25d3 ; jmp 0xfffc25d3
+
+loc_fffc25c8: ; not directly referenced
+movzx edx, byte [ebx + 0x61]
+movsx edi, byte [ebx + 0xc2]
+
+loc_fffc25d3: ; not directly referenced
+imul edx, dword [ebp - 0x34]
+mov eax, dword [ebp - 0x20]
+imul edi, dword [ebp - 0x38]
+lea eax, [eax + edx - 1]
+xor edx, edx
+add eax, edi
+div dword [ebp - 0x20]
+
+loc_fffc25e9: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 0x14
+mov edi, 0x14
+cmova eax, edi
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffc2601: ; not directly referenced
+add dword [ebp - 0x24], 0x20
+add esi, 0x128
+add ebx, 0x277
+cmp dword [ebp - 0x24], 0x40
+jne loc_fffc251c ; jne 0xfffc251c
+add dword [ebp - 0x28], 0x54a
+add dword [ebp - 0x40], 0x13c3
+add dword [ebp - 0x30], 0x13c3
+cmp dword [ebp - 0x28], 0xa94
+jne loc_fffc2505 ; jne 0xfffc2505
+jmp near loc_fffc24ab ; jmp 0xfffc24ab
+
+loc_fffc2642: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffc2653 ; ja 0xfffc2653
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je short loc_fffc267d ; je 0xfffc267d
+
+loc_fffc2653: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffc267d: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffc2642 ; jne 0xfffc2642
+add esp, 0x40
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc2693: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x44
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x40], 0
+add eax, 0x3756
+mov dword [ebp - 0x30], eax
+
+loc_fffc26b0: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffc26e4 ; ja 0xfffc26e4
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffc26e4 ; jne 0xfffc26e4
+
+loc_fffc26c4: ; not directly referenced
+inc ecx
+add dword [ebp - 0x40], 0x23
+add dword [ebp - 0x30], 8
+cmp ecx, 4
+jne short loc_fffc26b0 ; jne 0xfffc26b0
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48db
+jmp near loc_fffc28c1 ; jmp 0xfffc28c1
+
+loc_fffc26e4: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x28], 0
+add eax, 0x49bf
+mov dword [ebp - 0x44], eax
+imul eax, ecx, 0x2e
+mov dword [ebp - 0x48], eax
+mov eax, dword [ebp - 0x30]
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp - 0x40]
+lea ebx, [eax + 0x18b]
+add eax, 0xbb
+mov dword [ebp - 0x4c], ebx
+mov dword [ebp - 0x50], eax
+
+loc_fffc271e: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ebx, dword [ebp - 0x28]
+mov dword [ebp - 0x2c], 0
+lea ebx, [eax + ebx + 0x1973]
+mov eax, dword [ebp - 0x44]
+mov dword [ebp - 0x20], eax
+
+loc_fffc2738: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+cmp dword [eax - 0xf6], 2
+jne loc_fffc287f ; jne 0xfffc287f
+mov edi, dword [ebp - 0x48]
+mov esi, dword [ebp - 0x2c]
+mov edx, dword [eax + edi - 0xf2]
+mov edi, dword [ebp - 0x34]
+mov dword [ebp - 0x24], edx
+mov edx, dword [edi + esi + 0xc9]
+mov edi, dword [edi + esi + 0xcd]
+mov dword [ebp - 0x38], edx
+mov dword [ebp - 0x3c], edi
+cmp ecx, 1
+je loc_fffc27fd ; je 0xfffc27fd
+jb loc_fffc2809 ; jb 0xfffc2809
+cmp ecx, 3
+ja loc_fffc2809 ; ja 0xfffc2809
+cmp ecx, 2
+mov dl, byte [eax]
+jne short loc_fffc279a ; jne 0xfffc279a
+and dl, 1
+jne short loc_fffc27a5 ; jne 0xfffc27a5
+xor eax, eax
+jmp near loc_fffc2865 ; jmp 0xfffc2865
+
+loc_fffc279a: ; not directly referenced
+xor eax, eax
+and dl, 2
+je loc_fffc2865 ; je 0xfffc2865
+
+loc_fffc27a5: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+mov esi, dword [ebp - 0x50]
+mov edx, dword [ebp - 0x4c]
+mov eax, dword [eax - 0x21]
+lea edi, [esi + ebx]
+add edx, ebx
+and eax, 0xfffffffd
+dec eax
+cmovne edi, edx
+xor edx, edx
+mov al, byte [edi + 9]
+shr al, 4
+movzx esi, al
+movzx eax, byte [edi + 0xb]
+shl esi, 8
+or esi, eax
+mov eax, dword [ebp - 0x20]
+cmp byte [eax + 1], 0x13
+jne short loc_fffc27de ; jne 0xfffc27de
+movsx edx, byte [edi + 0x1e]
+
+loc_fffc27de: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x24], 0
+je short loc_fffc2865 ; je 0xfffc2865
+mov edi, dword [ebp - 0x24]
+imul esi, dword [ebp - 0x38]
+imul edx, dword [ebp - 0x3c]
+lea eax, [edi + esi - 1]
+add eax, edx
+xor edx, edx
+div edi
+jmp short loc_fffc2865 ; jmp 0xfffc2865
+
+loc_fffc27fd: ; not directly referenced
+movzx eax, word [ebx + 0x256]
+test ax, ax
+jne short loc_fffc2865 ; jne 0xfffc2865
+
+loc_fffc2809: ; not directly referenced
+xor eax, eax
+cmp dword [ebp - 0x24], 0
+je short loc_fffc2865 ; je 0xfffc2865
+mov eax, dword [ebp - 0x20]
+mov eax, dword [eax - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc2835 ; jne 0xfffc2835
+mov al, byte [ebx + 0x5d]
+movsx edi, byte [ebx + 0x6e]
+shr al, 4
+movzx esi, al
+movzx eax, byte [ebx + 0x5f]
+shl esi, 8
+or esi, eax
+jmp short loc_fffc284e ; jmp 0xfffc284e
+
+loc_fffc2835: ; not directly referenced
+mov al, byte [ebx + 0x63]
+movsx edi, byte [ebx + 0xc0]
+shr al, 4
+movzx esi, al
+movzx eax, byte [ebx + 0x65]
+shl esi, 8
+or esi, eax
+
+loc_fffc284e: ; not directly referenced
+mov eax, dword [ebp - 0x24]
+xor edx, edx
+imul esi, dword [ebp - 0x38]
+imul edi, dword [ebp - 0x3c]
+lea esi, [eax + esi - 1]
+lea eax, [esi + edi]
+div dword [ebp - 0x24]
+
+loc_fffc2865: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 0xfff
+mov edi, 0xfff
+cmova eax, edi
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffc287f: ; not directly referenced
+add dword [ebp - 0x2c], 0x20
+add ebx, 0x277
+add dword [ebp - 0x20], 0x128
+cmp dword [ebp - 0x2c], 0x40
+jne loc_fffc2738 ; jne 0xfffc2738
+add dword [ebp - 0x28], 0x54a
+add dword [ebp - 0x44], 0x13c3
+add dword [ebp - 0x34], 0x13c3
+cmp dword [ebp - 0x28], 0xa94
+jne loc_fffc271e ; jne 0xfffc271e
+jmp near loc_fffc26c4 ; jmp 0xfffc26c4
+
+loc_fffc28c1: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffc28d2 ; ja 0xfffc28d2
+mov ebx, dword [ebp + 8]
+cmp byte [ebx + 0x3749], 0
+je short loc_fffc28fc ; je 0xfffc28fc
+
+loc_fffc28d2: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffc28fc: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffc28c1 ; jne 0xfffc28c1
+add esp, 0x44
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc2912: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov dword [ebp - 0x28], 0
+
+loc_fffc2924: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffc2954 ; ja 0xfffc2954
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffc2954 ; jne 0xfffc2954
+
+loc_fffc2938: ; not directly referenced
+inc ecx
+add dword [ebp - 0x28], 0x23
+cmp ecx, 4
+jne short loc_fffc2924 ; jne 0xfffc2924
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48d9
+jmp near loc_fffc2ac3 ; jmp 0xfffc2ac3
+
+loc_fffc2954: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+add eax, 0x49bf
+mov dword [ebp - 0x30], eax
+imul eax, ecx, 0x2e
+mov dword [ebp - 0x3c], eax
+lea eax, [ecx*8 - 0x1269]
+mov dword [ebp - 0x44], eax
+mov eax, dword [ebp - 0x28]
+add eax, 0x18b
+mov dword [ebp - 0x48], eax
+
+loc_fffc2989: ; not directly referenced
+mov eax, dword [ebp - 0x44]
+mov edi, dword [ebp - 0x30]
+mov ebx, dword [ebp - 0x20]
+mov dword [ebp - 0x24], 0
+add eax, edi
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp + 8]
+lea ebx, [eax + ebx + 0x1973]
+mov eax, dword [ebp - 0x28]
+add eax, 0xbb
+mov dword [ebp - 0x40], eax
+
+loc_fffc29b3: ; not directly referenced
+cmp dword [edi - 0xf6], 2
+jne loc_fffc2a89 ; jne 0xfffc2a89
+mov eax, dword [ebp - 0x3c]
+mov edx, dword [ebp - 0x24]
+mov esi, dword [edi + eax - 0xf2]
+mov eax, dword [ebp - 0x34]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x2c], eax
+cmp ecx, 1
+je short loc_fffc2a2c ; je 0xfffc2a2c
+jb short loc_fffc2a38 ; jb 0xfffc2a38
+cmp ecx, 3
+ja short loc_fffc2a38 ; ja 0xfffc2a38
+cmp ecx, 2
+mov dl, byte [edi]
+jne short loc_fffc29f6 ; jne 0xfffc29f6
+and dl, 1
+jne short loc_fffc29fd ; jne 0xfffc29fd
+xor eax, eax
+jmp short loc_fffc2a71 ; jmp 0xfffc2a71
+
+loc_fffc29f6: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffc2a71 ; je 0xfffc2a71
+
+loc_fffc29fd: ; not directly referenced
+mov eax, dword [ebp - 0x40]
+mov edx, dword [edi - 0x21]
+add eax, ebx
+mov dword [ebp - 0x38], eax
+mov eax, dword [ebp - 0x48]
+and edx, 0xfffffffd
+add eax, ebx
+dec edx
+cmove eax, dword [ebp - 0x38]
+mov dl, byte [eax + 9]
+movzx eax, byte [eax + 0xa]
+and edx, 0xf
+shl edx, 8
+or edx, eax
+xor eax, eax
+test esi, esi
+je short loc_fffc2a71 ; je 0xfffc2a71
+jmp short loc_fffc2a65 ; jmp 0xfffc2a65
+
+loc_fffc2a2c: ; not directly referenced
+movzx eax, word [ebx + 0x254]
+test ax, ax
+jne short loc_fffc2a71 ; jne 0xfffc2a71
+
+loc_fffc2a38: ; not directly referenced
+xor eax, eax
+test esi, esi
+je short loc_fffc2a71 ; je 0xfffc2a71
+mov eax, dword [edi - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc2a56 ; jne 0xfffc2a56
+mov dl, byte [ebx + 0x5d]
+movzx eax, byte [ebx + 0x5e]
+and edx, 0xf
+shl edx, 8
+jmp short loc_fffc2a63 ; jmp 0xfffc2a63
+
+loc_fffc2a56: ; not directly referenced
+mov dl, byte [ebx + 0x63]
+movzx eax, byte [ebx + 0x64]
+and edx, 0xf
+shl edx, 8
+
+loc_fffc2a63: ; not directly referenced
+or edx, eax
+
+loc_fffc2a65: ; not directly referenced
+imul edx, dword [ebp - 0x2c]
+lea eax, [esi + edx - 1]
+xor edx, edx
+div esi
+
+loc_fffc2a71: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 0x28
+mov esi, 0x28
+cmova eax, esi
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffc2a89: ; not directly referenced
+add dword [ebp - 0x24], 0x20
+add edi, 0x128
+add ebx, 0x277
+cmp dword [ebp - 0x24], 0x40
+jne loc_fffc29b3 ; jne 0xfffc29b3
+add dword [ebp - 0x20], 0x54a
+add dword [ebp - 0x30], 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffc2989 ; jne 0xfffc2989
+jmp near loc_fffc2938 ; jmp 0xfffc2938
+
+loc_fffc2ac3: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffc2ad4 ; ja 0xfffc2ad4
+mov ebx, dword [ebp + 8]
+cmp byte [ebx + 0x3749], 0
+je short loc_fffc2afe ; je 0xfffc2afe
+
+loc_fffc2ad4: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffc2afe: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffc2ac3 ; jne 0xfffc2ac3
+add esp, 0x3c
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc2b14: ; not directly referenced
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x30
+
+loc_fffc2b1f: ; not directly referenced
+lea eax, [ecx - 2]
+cmp eax, 1
+ja short loc_fffc2b4b ; ja 0xfffc2b4b
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffc2b4b ; jne 0xfffc2b4b
+
+loc_fffc2b33: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffc2b1f ; jne 0xfffc2b1f
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48d7
+jmp near loc_fffc2ca4 ; jmp 0xfffc2ca4
+
+loc_fffc2b4b: ; not directly referenced
+mov eax, dword [ebp + 8]
+lea esi, [ecx*8 - 0x1269]
+mov dword [ebp + ecx*4 - 0x1c], 0
+mov dword [ebp - 0x20], 0
+mov dword [ebp - 0x38], esi
+add eax, 0x49bf
+mov dword [ebp - 0x2c], eax
+imul eax, ecx, 0x2e
+mov dword [ebp - 0x30], eax
+imul eax, ecx, 0x23
+add eax, 0xbb
+mov dword [ebp - 0x3c], eax
+
+loc_fffc2b80: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+mov edi, dword [ebp - 0x2c]
+mov ebx, dword [ebp - 0x20]
+mov dword [ebp - 0x24], 0
+add eax, edi
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp + 8]
+lea ebx, [eax + ebx + 0x1973]
+
+loc_fffc2b9f: ; not directly referenced
+cmp dword [edi - 0xf6], 2
+jne loc_fffc2c6a ; jne 0xfffc2c6a
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x24]
+mov esi, dword [edi + eax - 0xf2]
+mov eax, dword [ebp - 0x34]
+mov eax, dword [eax + edx + 0xc9]
+mov dword [ebp - 0x28], eax
+cmp ecx, 1
+je short loc_fffc2c0d ; je 0xfffc2c0d
+jb short loc_fffc2c19 ; jb 0xfffc2c19
+cmp ecx, 3
+ja short loc_fffc2c19 ; ja 0xfffc2c19
+cmp ecx, 2
+mov dl, byte [edi]
+jne short loc_fffc2be2 ; jne 0xfffc2be2
+and dl, 1
+jne short loc_fffc2be9 ; jne 0xfffc2be9
+xor eax, eax
+jmp short loc_fffc2c52 ; jmp 0xfffc2c52
+
+loc_fffc2be2: ; not directly referenced
+xor eax, eax
+and dl, 2
+je short loc_fffc2c52 ; je 0xfffc2c52
+
+loc_fffc2be9: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+add eax, ebx
+mov dl, byte [eax + 0x12]
+movzx eax, byte [eax + 0x13]
+and edx, 0xf
+shl edx, 8
+or edx, eax
+xor eax, eax
+test esi, esi
+je short loc_fffc2c52 ; je 0xfffc2c52
+imul edx, dword [ebp - 0x28]
+lea eax, [esi + edx - 1]
+jmp short loc_fffc2c4e ; jmp 0xfffc2c4e
+
+loc_fffc2c0d: ; not directly referenced
+movzx eax, word [ebx + 0x252]
+test ax, ax
+jne short loc_fffc2c52 ; jne 0xfffc2c52
+
+loc_fffc2c19: ; not directly referenced
+xor eax, eax
+test esi, esi
+je short loc_fffc2c52 ; je 0xfffc2c52
+mov eax, dword [edi - 0x21]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc2c37 ; jne 0xfffc2c37
+mov al, byte [ebx + 0x64]
+movzx edx, byte [ebx + 0x65]
+and eax, 0xf
+shl eax, 8
+jmp short loc_fffc2c44 ; jmp 0xfffc2c44
+
+loc_fffc2c37: ; not directly referenced
+mov al, byte [ebx + 0x6c]
+movzx edx, byte [ebx + 0x6d]
+and eax, 0xf
+shl eax, 8
+
+loc_fffc2c44: ; not directly referenced
+or eax, edx
+imul eax, dword [ebp - 0x28]
+lea eax, [esi + eax - 1]
+
+loc_fffc2c4e: ; not directly referenced
+xor edx, edx
+div esi
+
+loc_fffc2c52: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x1c]
+cmp eax, 0x36
+mov esi, 0x36
+cmova eax, esi
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ecx*4 - 0x1c], eax
+
+loc_fffc2c6a: ; not directly referenced
+add dword [ebp - 0x24], 0x20
+add edi, 0x128
+add ebx, 0x277
+cmp dword [ebp - 0x24], 0x40
+jne loc_fffc2b9f ; jne 0xfffc2b9f
+add dword [ebp - 0x20], 0x54a
+add dword [ebp - 0x2c], 0x13c3
+cmp dword [ebp - 0x20], 0xa94
+jne loc_fffc2b80 ; jne 0xfffc2b80
+jmp near loc_fffc2b33 ; jmp 0xfffc2b33
+
+loc_fffc2ca4: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffc2cb5 ; ja 0xfffc2cb5
+mov edi, dword [ebp + 8]
+cmp byte [edi + 0x3749], 0
+je short loc_fffc2cdf ; je 0xfffc2cdf
+
+loc_fffc2cb5: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffc2cdf: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffc2ca4 ; jne 0xfffc2ca4
+add esp, 0x30
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc2cf5: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+xor ebx, ebx
+sub esp, 0x34
+mov dword [ebp - 0x20], 0xc
+
+loc_fffc2d07: ; not directly referenced
+lea eax, [ebx - 2]
+cmp eax, 1
+ja short loc_fffc2d1f ; ja 0xfffc2d1f
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x3749], 0
+je loc_fffc2f1e ; je 0xfffc2f1e
+
+loc_fffc2d1f: ; not directly referenced
+imul esi, ebx, 0x2e
+imul eax, eax, 0x23
+lea edi, [ebx*8 + 0x3756]
+mov dword [ebp + ebx*4 - 0x1c], 0
+mov dword [ebp - 0x34], esi
+mov dword [ebp - 0x24], 0
+mov dword [ebp - 0x40], edi
+mov dword [ebp - 0x30], eax
+
+loc_fffc2d44: ; not directly referenced
+mov edi, dword [ebp - 0x24]
+mov esi, dword [ebp - 0x40]
+mov dword [ebp - 0x28], 0
+imul eax, edi, 0x13c3
+imul edx, edi, 0x54a
+mov edi, dword [ebp + 8]
+lea ecx, [esi + eax]
+mov esi, dword [ebp + 8]
+add ecx, dword [ebp + 8]
+lea edi, [edi + edx + 0x1973]
+mov dword [ebp - 0x3c], ecx
+lea esi, [esi + eax + 0x49bf]
+
+loc_fffc2d7a: ; not directly referenced
+cmp dword [esi - 0xf6], 2
+jne loc_fffc2ef7 ; jne 0xfffc2ef7
+mov eax, dword [ebp - 0x34]
+mov edx, dword [ebp - 0x28]
+mov ecx, dword [esi + eax - 0xf2]
+mov eax, dword [ebp - 0x3c]
+mov eax, dword [eax + edx + 0xc9]
+mov edx, dword [esi - 0x21]
+mov dword [ebp - 0x38], eax
+mov eax, 0x12
+cmp edx, 2
+cmovne eax, dword [ebp - 0x20]
+mov dword [ebp - 0x20], eax
+cmp ebx, 1
+je short loc_fffc2e16 ; je 0xfffc2e16
+jb short loc_fffc2e26 ; jb 0xfffc2e26
+cmp ebx, 3
+ja short loc_fffc2e26 ; ja 0xfffc2e26
+mov al, byte [esi]
+cmp ebx, 2
+mov byte [ebp - 0x29], al
+jne short loc_fffc2dd4 ; jne 0xfffc2dd4
+test al, 1
+jne short loc_fffc2de0 ; jne 0xfffc2de0
+xor eax, eax
+jmp near loc_fffc2ee2 ; jmp 0xfffc2ee2
+
+loc_fffc2dd4: ; not directly referenced
+xor eax, eax
+test byte [ebp - 0x29], 2
+je loc_fffc2ee2 ; je 0xfffc2ee2
+
+loc_fffc2de0: ; not directly referenced
+and edx, 0xfffffffd
+mov eax, dword [ebp - 0x30]
+dec edx
+jne short loc_fffc2df3 ; jne 0xfffc2df3
+movzx edx, byte [edi + eax + 0x106]
+jmp short loc_fffc2dfb ; jmp 0xfffc2dfb
+
+loc_fffc2df3: ; not directly referenced
+movzx edx, byte [edi + eax + 0x1d6]
+
+loc_fffc2dfb: ; not directly referenced
+xor eax, eax
+test ecx, ecx
+je loc_fffc2ee2 ; je 0xfffc2ee2
+imul edx, dword [ebp - 0x38]
+lea eax, [ecx + edx - 1]
+xor edx, edx
+div ecx
+jmp near loc_fffc2ee2 ; jmp 0xfffc2ee2
+
+loc_fffc2e16: ; not directly referenced
+movzx eax, word [edi + 0x250]
+test ax, ax
+jne loc_fffc2ee2 ; jne 0xfffc2ee2
+
+loc_fffc2e26: ; not directly referenced
+cmp edx, 3
+jne short loc_fffc2e65 ; jne 0xfffc2e65
+mov eax, 9
+cmp ecx, 0x105944
+jbe loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 7
+cmp ecx, 0x16e360
+jbe loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 5
+cmp ecx, 0x1c9c38
+jbe loc_fffc2ee2 ; jbe 0xfffc2ee2
+cmp ecx, 0x2625a1
+sbb eax, eax
+and eax, 4
+jmp short loc_fffc2ee2 ; jmp 0xfffc2ee2
+
+loc_fffc2e65: ; not directly referenced
+cmp edx, 2
+jne short loc_fffc2ea2 ; jne 0xfffc2ea2
+mov eax, 0x12
+cmp ecx, 0xbbcce
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 0xc
+cmp ecx, 0xcb735
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 0xb
+cmp ecx, 0xe5010
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 0xa
+cmp ecx, 0x105944
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+cmp ecx, 0x1312d1
+sbb eax, eax
+and eax, 9
+jmp short loc_fffc2ee2 ; jmp 0xfffc2ee2
+
+loc_fffc2ea2: ; not directly referenced
+mov eax, 0xa
+cmp ecx, 0xe5010
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 9
+cmp ecx, 0x105944
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 8
+cmp ecx, 0x1312d0
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 7
+cmp ecx, 0x16e360
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+mov al, 6
+cmp ecx, 0x1c9c38
+jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2
+cmp ecx, 0x2625a1
+sbb eax, eax
+and eax, 5
+
+loc_fffc2ee2: ; not directly referenced
+mov edx, dword [ebp - 0x20]
+cmp eax, edx
+cmova eax, edx
+mov edx, dword [ebp + ebx*4 - 0x1c]
+cmp eax, edx
+cmovb eax, edx
+mov dword [ebp + ebx*4 - 0x1c], eax
+
+loc_fffc2ef7: ; not directly referenced
+add dword [ebp - 0x28], 0x20
+add esi, 0x128
+add edi, 0x277
+cmp dword [ebp - 0x28], 0x40
+jne loc_fffc2d7a ; jne 0xfffc2d7a
+inc dword [ebp - 0x24]
+cmp dword [ebp - 0x24], 2
+jne loc_fffc2d44 ; jne 0xfffc2d44
+
+loc_fffc2f1e: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne loc_fffc2d07 ; jne 0xfffc2d07
+mov eax, dword [ebp + 8]
+mov ecx, 0xfffffffe
+add eax, 0x48d5
+
+loc_fffc2f35: ; not directly referenced
+cmp ecx, 1
+ja short loc_fffc2f46 ; ja 0xfffc2f46
+mov ebx, dword [ebp + 8]
+cmp byte [ebx + 0x3749], 0
+je short loc_fffc2f70 ; je 0xfffc2f70
+
+loc_fffc2f46: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x14]
+mov word [eax], dx
+mov word [eax - 0x1173], dx
+mov word [eax + 0x128], dx
+mov word [eax + 0x13c3], dx
+mov word [eax + 0x250], dx
+mov word [eax + 0x14eb], dx
+
+loc_fffc2f70: ; not directly referenced
+inc ecx
+add eax, 0x2e
+cmp ecx, 2
+jne short loc_fffc2f35 ; jne 0xfffc2f35
+add esp, 0x34
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc2f86: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+sub esp, 0x24
+
+loc_fffc2f91: ; not directly referenced
+lea eax, [esi - 2]
+cmp eax, 1
+ja short loc_fffc2fb8 ; ja 0xfffc2fb8
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x3749], 0
+jne short loc_fffc2fb8 ; jne 0xfffc2fb8
+
+loc_fffc2fa5: ; not directly referenced
+inc esi
+cmp esi, 4
+jne short loc_fffc2f91 ; jne 0xfffc2f91
+add esp, 0x24
+mov eax, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffc2fb8: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov byte [ebp - 0x1f], 2
+add eax, 0x1973
+mov dword [ebp - 0x24], eax
+mov eax, dword [ebp + 8]
+add eax, 0x3756
+mov dword [ebp - 0x14], eax
+lea eax, [esi*8]
+mov dword [ebp - 0x28], eax
+lea eax, [esi + esi + 0xf8]
+mov dword [ebp - 0x2c], eax
+lea eax, [esi - 2]
+mov dword [ebp - 0x30], eax
+
+loc_fffc2fec: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov ecx, dword [ebp - 0x24]
+mov edi, dword [ebp - 0x28]
+mov dword [ebp - 0x10], 0
+add eax, ecx
+mov dword [ebp - 0x1c], eax
+mov eax, dword [ebp - 0x14]
+add edi, eax
+
+loc_fffc3006: ; not directly referenced
+mov eax, dword [ebp - 0x14]
+mov ebx, dword [ebp - 0x10]
+cmp dword [eax + ebx + 0x1173], 2
+jne loc_fffc317b ; jne 0xfffc317b
+cmp dword [ebp - 0x30], 1
+ja loc_fffc30e8 ; ja 0xfffc30e8
+cmp esi, 2
+mov al, byte [eax + ebx + 0x1269]
+jne short loc_fffc3034 ; jne 0xfffc3034
+test al, 1
+jmp short loc_fffc3036 ; jmp 0xfffc3036
+
+loc_fffc3034: ; not directly referenced
+test al, 2
+
+loc_fffc3036: ; not directly referenced
+je loc_fffc30cf ; je 0xfffc30cf
+mov eax, dword [ebp - 0x14]
+mov ebx, dword [ebp - 0x10]
+mov eax, dword [eax + ebx + 0x1248]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc3068 ; jne 0xfffc3068
+mov al, byte [ecx + 0x100]
+mov dl, al
+and eax, 0xf
+shr dl, 4
+mov byte [ebp - 0x18], al
+mov eax, dword [ebp - 0x1c]
+mov byte [ebp - 0x1d], dl
+jmp short loc_fffc3084 ; jmp 0xfffc3084
+
+loc_fffc3068: ; not directly referenced
+mov al, byte [ecx + 0x1d0]
+mov dl, al
+and eax, 0xf
+mov byte [ebp - 0x18], al
+mov eax, dword [ebp - 0x1c]
+shr dl, 4
+mov byte [ebp - 0x1d], dl
+add eax, 0xd0
+
+loc_fffc3084: ; not directly referenced
+mov bl, byte [eax]
+mov edx, dword [ebp - 0x10]
+mov byte [ebp - 0x1e], bl
+movzx ebx, byte [eax + 1]
+mov eax, dword [ebp - 0x14]
+cmp byte [eax + edx + 0x126a], 0x12
+mov eax, 0
+je short loc_fffc30bd ; je 0xfffc30bd
+cmp byte [ebp - 0x18], 0
+je short loc_fffc30bd ; je 0xfffc30bd
+movzx edx, byte [ebp - 0x1d]
+imul eax, edx, 0x3e8
+movzx edx, byte [ebp - 0x18]
+mov dword [ebp - 0x18], edx
+cdq
+idiv dword [ebp - 0x18]
+
+loc_fffc30bd: ; not directly referenced
+mov dword [edi + 0xcd], eax
+xor eax, eax
+test bl, bl
+je short loc_fffc3144 ; je 0xfffc3144
+movzx eax, byte [ebp - 0x1e]
+jmp short loc_fffc313b ; jmp 0xfffc313b
+
+loc_fffc30cf: ; not directly referenced
+mov dword [edi + 0xcd], 0
+mov dword [edi + 0xc9], 0
+jmp near loc_fffc317b ; jmp 0xfffc317b
+
+loc_fffc30e8: ; not directly referenced
+mov eax, dword [ebp - 0x14]
+mov ebx, dword [ebp - 0x10]
+mov eax, dword [eax + ebx + 0x1248]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc314c ; jne 0xfffc314c
+mov dl, byte [ecx + 0x51]
+movzx ebx, byte [ecx + 0x53]
+mov al, dl
+shr al, 4
+mov byte [ebp - 0x18], al
+mov al, byte [ecx + 0x52]
+mov byte [ebp - 0x1d], al
+xor eax, eax
+and dl, 0xf
+je short loc_fffc312b ; je 0xfffc312b
+movzx eax, byte [ebp - 0x18]
+movzx edx, dl
+mov dword [ebp - 0x18], edx
+imul eax, eax, 0x3e8
+cdq
+idiv dword [ebp - 0x18]
+
+loc_fffc312b: ; not directly referenced
+mov dword [edi + 0xcd], eax
+xor eax, eax
+test bl, bl
+je short loc_fffc3144 ; je 0xfffc3144
+movzx eax, byte [ebp - 0x1d]
+
+loc_fffc313b: ; not directly referenced
+imul eax, eax, 0xf4240
+cdq
+idiv ebx
+
+loc_fffc3144: ; not directly referenced
+mov dword [edi + 0xc9], eax
+jmp short loc_fffc317b ; jmp 0xfffc317b
+
+loc_fffc314c: ; not directly referenced
+mov al, byte [ecx + 0x59]
+shr al, 2
+and eax, 3
+cmp eax, 1
+sbb eax, eax
+and eax, 0x1e848
+mov dword [edi + 0xc9], eax
+mov al, byte [ecx + 0x59]
+and eax, 3
+cmp eax, 1
+sbb eax, eax
+and eax, 0x3e8
+mov dword [edi + 0xcd], eax
+
+loc_fffc317b: ; not directly referenced
+add dword [ebp - 0x10], 0x128
+add edi, 0x20
+add ecx, 0x277
+add dword [ebp - 0x1c], 0x277
+cmp dword [ebp - 0x10], 0x250
+jne loc_fffc3006 ; jne 0xfffc3006
+add dword [ebp - 0x24], 0x54a
+add dword [ebp - 0x14], 0x13c3
+dec byte [ebp - 0x1f]
+jne loc_fffc2fec ; jne 0xfffc2fec
+jmp near loc_fffc2fa5 ; jmp 0xfffc2fa5
+
+fcn_fffc31bb: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov ecx, dword [ebp + 0xc]
+mov edx, dword [eax + 0xd5]
+and edx, 0xfffffffd
+dec edx
+jne short loc_fffc31d5 ; jne 0xfffc31d5
+mov dl, byte [ecx + 0x29]
+jmp short loc_fffc31d8 ; jmp 0xfffc31d8
+
+loc_fffc31d5: ; not directly referenced
+mov dl, byte [ecx + 7]
+
+loc_fffc31d8: ; not directly referenced
+and edx, 0xf
+cmp edx, 8
+ja short loc_fffc3234 ; ja 0xfffc3234
+jmp dword [edx*4 + ref_fffd5988] ; ujmp: jmp dword [edx*4 - 0x2a678]
+
+loc_fffc31e7: ; not directly referenced
+mov byte [eax + 0xf4], 0
+jmp short loc_fffc31f7 ; jmp 0xfffc31f7
+
+loc_fffc31f0: ; not directly referenced
+mov byte [eax + 0xf4], 2
+
+loc_fffc31f7: ; not directly referenced
+mov eax, 1
+jmp short loc_fffc323d ; jmp 0xfffc323d
+
+loc_fffc31fe: ; not directly referenced
+mov byte [eax + 0xf4], 3
+jmp short loc_fffc31f7 ; jmp 0xfffc31f7
+
+loc_fffc3207: ; not directly referenced
+mov byte [eax + 0xf4], 4
+jmp short loc_fffc31f7 ; jmp 0xfffc31f7
+
+loc_fffc3210: ; not directly referenced
+mov byte [eax + 0xf4], 5
+jmp short loc_fffc31f7 ; jmp 0xfffc31f7
+
+loc_fffc3219: ; not directly referenced
+mov byte [eax + 0xf4], 6
+jmp short loc_fffc31f7 ; jmp 0xfffc31f7
+
+loc_fffc3222: ; not directly referenced
+mov byte [eax + 0xf4], 7
+jmp short loc_fffc31f7 ; jmp 0xfffc31f7
+
+loc_fffc322b: ; not directly referenced
+mov byte [eax + 0xf4], 8
+jmp short loc_fffc31f7 ; jmp 0xfffc31f7
+
+loc_fffc3234: ; not directly referenced
+mov byte [eax + 0xf4], 0
+xor eax, eax
+
+loc_fffc323d: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffc323f: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+push ebx
+mov edx, dword [ebp + 0xc]
+mov ebx, dword [ebp + 8]
+mov ecx, dword [eax + 0xd5]
+and ecx, 0xfffffffd
+dec ecx
+jne short loc_fffc32a9 ; jne 0xfffc32a9
+mov cl, byte [edx + 0x1f]
+shr cl, 7
+mov byte [eax + 0xd1], cl
+mov cl, byte [edx + 0x1f]
+shr cl, 3
+and ecx, 1
+mov byte [eax + 0xd2], cl
+xor ecx, ecx
+test byte [edx + 0x1f], 4
+je short loc_fffc3287 ; je 0xfffc3287
+xor ecx, ecx
+cmp byte [ebx + 0x18b7], 0
+setne cl
+
+loc_fffc3287: ; not directly referenced
+mov byte [eax + 0xd0], cl
+mov cl, byte [edx + 0x1f]
+shr cl, 1
+and ecx, 1
+mov byte [eax + 0xd4], cl
+mov dl, byte [edx + 0x1f]
+and edx, 1
+mov byte [eax + 0xd3], dl
+jmp short loc_fffc32cc ; jmp 0xfffc32cc
+
+loc_fffc32a9: ; not directly referenced
+mov byte [eax + 0xd1], 0
+mov byte [eax + 0xd2], 0
+mov byte [eax + 0xd0], 0
+mov byte [eax + 0xd4], 0
+mov byte [eax + 0xd3], 0
+
+loc_fffc32cc: ; not directly referenced
+xor edx, edx
+cmp byte [eax + 0xd0], 0
+jne short loc_fffc32ec ; jne 0xfffc32ec
+cmp byte [eax + 0xd3], 0
+je short loc_fffc32ec ; je 0xfffc32ec
+xor edx, edx
+cmp byte [ebx + 0x18b8], 0
+setne dl
+
+loc_fffc32ec: ; not directly referenced
+mov byte [eax + 0xcf], dl
+mov eax, 1
+pop ebx
+pop ebp
+ret
+
+fcn_fffc32fa: ; not directly referenced
+push ebp
+mov ebp, esp
+mov ecx, dword [ebp + 0x10]
+push ebx
+mov eax, dword [ebp + 0xc]
+mov ebx, dword [ecx + 0xd5]
+mov edx, ebx
+and edx, 0xfffffffd
+dec edx
+jne short loc_fffc3317 ; jne 0xfffc3317
+mov dl, byte [eax + 0x3f]
+jmp short loc_fffc331d ; jmp 0xfffc331d
+
+loc_fffc3317: ; not directly referenced
+mov dl, byte [eax + 0x83]
+
+loc_fffc331d: ; not directly referenced
+and edx, 1
+mov eax, 1
+mov byte [ecx + 0xce], dl
+cmp ebx, 2
+jne short loc_fffc3340 ; jne 0xfffc3340
+dec dl
+jne short loc_fffc3340 ; jne 0xfffc3340
+xor eax, eax
+cmp dword [ecx + 0xd9], 3
+sete al
+
+loc_fffc3340: ; not directly referenced
+pop ebx
+pop ebp
+ret
+
+fcn_fffc3343: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0x10]
+mov eax, dword [edx + 0xd5]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc336e ; jne 0xfffc336e
+mov eax, dword [ebp + 0xc]
+mov al, byte [eax + 8]
+shr al, 3
+and eax, 3
+dec al
+jne short loc_fffc336e ; jne 0xfffc336e
+mov byte [edx + 0xcc], 1
+jmp short loc_fffc3375 ; jmp 0xfffc3375
+
+loc_fffc336e: ; not directly referenced
+mov byte [edx + 0xcc], 0
+
+loc_fffc3375: ; not directly referenced
+mov eax, 1
+pop ebp
+ret
+
+fcn_fffc337c: ; not directly referenced
+push ebp
+mov ecx, 8
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd59ac ; mov esi, 0xfffd59ac
+push ebx
+sub esp, 0x20
+mov ebx, dword [ebp + 0x10]
+lea edi, [ebp - 0x2c]
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov dl, byte [ebx + 0xf1]
+test dl, dl
+je short loc_fffc33e6 ; je 0xfffc33e6
+mov al, byte [ebx + 0xf3]
+cmp al, 7
+ja short loc_fffc33e6 ; ja 0xfffc33e6
+movzx ecx, al
+movzx eax, byte [ebx + 0xf0]
+imul eax, dword [ebp + ecx*4 - 0x2c]
+movzx ecx, dl
+xor edx, edx
+div ecx
+movzx edx, byte [ebx + 0xed]
+imul eax, edx
+lea edx, [eax - 0x200]
+cmp edx, 0x3e00
+ja short loc_fffc33e6 ; ja 0xfffc33e6
+mov dword [ebx + 0xe1], eax
+mov eax, 1
+jmp short loc_fffc33f2 ; jmp 0xfffc33f2
+
+loc_fffc33e6: ; not directly referenced
+mov dword [ebx + 0xe1], 0
+xor eax, eax
+
+loc_fffc33f2: ; not directly referenced
+add esp, 0x20
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc33fa: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0x10]
+mov ecx, dword [ebp + 0xc]
+mov eax, dword [edx + 0xd5]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc3414 ; jne 0xfffc3414
+mov al, byte [ecx + 7]
+jmp short loc_fffc3417 ; jmp 0xfffc3417
+
+loc_fffc3414: ; not directly referenced
+mov al, byte [ecx + 0xc]
+
+loc_fffc3417: ; not directly referenced
+shr al, 3
+and eax, 7
+inc eax
+cmp al, 2
+ja short loc_fffc342f ; ja 0xfffc342f
+mov byte [edx + 0xed], al
+mov eax, 1
+jmp short loc_fffc3438 ; jmp 0xfffc3438
+
+loc_fffc342f: ; not directly referenced
+mov byte [edx + 0xed], 0
+xor eax, eax
+
+loc_fffc3438: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffc343a: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0x10]
+push esi
+mov eax, dword [ebp + 0xc]
+push ebx
+mov ecx, dword [edx + 0xd5]
+and ecx, 0xfffffffd
+dec ecx
+mov cl, byte [eax + 4]
+jne short loc_fffc3478 ; jne 0xfffc3478
+and ecx, 0xf
+mov byte [edx + 0xf3], cl
+test byte [eax + 4], 0x70
+jne short loc_fffc34c3 ; jne 0xfffc34c3
+mov byte [edx + 0xee], 8
+mov eax, 1
+mov byte [edx + 0xef], 0
+jmp short loc_fffc34c5 ; jmp 0xfffc34c5
+
+loc_fffc3478: ; not directly referenced
+and ecx, 0xf
+mov byte [edx + 0xf3], cl
+mov al, byte [eax + 4]
+mov cl, al
+shr cl, 4
+shr al, 6
+and ecx, 3
+mov esi, eax
+xor eax, eax
+cmp cl, 1
+ja short loc_fffc34aa ; ja 0xfffc34aa
+mov eax, 4
+shl eax, cl
+mov byte [edx + 0xee], al
+mov eax, 1
+
+loc_fffc34aa: ; not directly referenced
+lea ecx, [esi - 1]
+cmp cl, 1
+ja short loc_fffc34c3 ; ja 0xfffc34c3
+mov ebx, 1
+mov ecx, esi
+shl ebx, cl
+mov byte [edx + 0xef], bl
+jmp short loc_fffc34c5 ; jmp 0xfffc34c5
+
+loc_fffc34c3: ; not directly referenced
+xor eax, eax
+
+loc_fffc34c5: ; not directly referenced
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffc34c9: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0x10]
+mov ecx, dword [ebp + 0xc]
+mov eax, dword [edx + 0xd5]
+and eax, 0xfffffffd
+dec eax
+jne short loc_fffc34e3 ; jne 0xfffc34e3
+mov al, byte [ecx + 8]
+jmp short loc_fffc34e6 ; jmp 0xfffc34e6
+
+loc_fffc34e3: ; not directly referenced
+mov al, byte [ecx + 0xd]
+
+loc_fffc34e6: ; not directly referenced
+and eax, 7
+cmp al, 3
+jne short loc_fffc34fb ; jne 0xfffc34fb
+mov byte [edx + 0xf0], 0x40
+mov eax, 1
+jmp short loc_fffc3504 ; jmp 0xfffc3504
+
+loc_fffc34fb: ; not directly referenced
+mov byte [edx + 0xf0], 0
+xor eax, eax
+
+loc_fffc3504: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffc3506: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0xc]
+push ebx
+mov eax, dword [ebp + 8]
+mov ecx, dword [ebp + 0x10]
+mov dl, byte [edx + 5]
+mov eax, dword [eax + 0x1887]
+and edx, 7
+cmp dl, 2
+je short loc_fffc3567 ; je 0xfffc3567
+cmp dl, 3
+je short loc_fffc3592 ; je 0xfffc3592
+dec dl
+jne short loc_fffc35a4 ; jne 0xfffc35a4
+cmp eax, 0x40650
+je short loc_fffc355c ; je 0xfffc355c
+cmp eax, 0x40660
+sete bl
+cmp eax, 0x306c0
+sete dl
+or bl, dl
+jne short loc_fffc355c ; jne 0xfffc355c
+cmp eax, 0x40670
+sete bl
+cmp eax, 0x306d0
+sete dl
+or bl, dl
+je short loc_fffc356e ; je 0xfffc356e
+
+loc_fffc355c: ; not directly referenced
+mov word [ecx + 0xe9], 0x400
+jmp short loc_fffc358b ; jmp 0xfffc358b
+
+loc_fffc3567: ; not directly referenced
+cmp eax, 0x40650
+je short loc_fffc3582 ; je 0xfffc3582
+
+loc_fffc356e: ; not directly referenced
+cmp eax, 0x40670
+sete dl
+cmp eax, 0x306d0
+sete al
+or dl, al
+je short loc_fffc35a4 ; je 0xfffc35a4
+
+loc_fffc3582: ; not directly referenced
+mov word [ecx + 0xe9], 0x800
+
+loc_fffc358b: ; not directly referenced
+mov eax, 1
+jmp short loc_fffc35af ; jmp 0xfffc35af
+
+loc_fffc3592: ; not directly referenced
+cmp eax, 0x40650
+jne short loc_fffc35a4 ; jne 0xfffc35a4
+mov word [ecx + 0xe9], 0x1000
+jmp short loc_fffc358b ; jmp 0xfffc358b
+
+loc_fffc35a4: ; not directly referenced
+mov word [ecx + 0xe9], 0
+xor eax, eax
+
+loc_fffc35af: ; not directly referenced
+pop ebx
+pop ebp
+ret
+
+fcn_fffc35b2: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov edx, dword [ebp + 0x10]
+mov al, byte [eax + 5]
+shr al, 3
+and eax, 7
+cmp al, 4
+ja short loc_fffc3613 ; ja 0xfffc3613
+movzx eax, al
+jmp dword [eax*4 + ref_fffd59cc] ; ujmp: jmp dword [eax*4 - 0x2a634]
+
+loc_fffc35d2: ; not directly referenced
+mov dword [edx + 0xe5], 0x1000
+jmp short loc_fffc35e8 ; jmp 0xfffc35e8
+
+loc_fffc35de: ; not directly referenced
+mov dword [edx + 0xe5], 0x2000
+
+loc_fffc35e8: ; not directly referenced
+mov eax, 1
+jmp short loc_fffc361f ; jmp 0xfffc361f
+
+loc_fffc35ef: ; not directly referenced
+mov dword [edx + 0xe5], 0x4000
+jmp short loc_fffc35e8 ; jmp 0xfffc35e8
+
+loc_fffc35fb: ; not directly referenced
+mov dword [edx + 0xe5], 0x8000
+jmp short loc_fffc35e8 ; jmp 0xfffc35e8
+
+loc_fffc3607: ; not directly referenced
+mov dword [edx + 0xe5], 0x10000
+jmp short loc_fffc35e8 ; jmp 0xfffc35e8
+
+loc_fffc3613: ; not directly referenced
+mov dword [edx + 0xe5], 0
+xor eax, eax
+
+loc_fffc361f: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffc3621: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0x10]
+mov ecx, dword [ebp + 0xc]
+mov edx, dword [eax + 0xd5]
+and edx, 0xfffffffd
+dec edx
+jne short loc_fffc363b ; jne 0xfffc363b
+mov dl, byte [ecx + 7]
+jmp short loc_fffc363e ; jmp 0xfffc363e
+
+loc_fffc363b: ; not directly referenced
+mov dl, byte [ecx + 0xc]
+
+loc_fffc363e: ; not directly referenced
+and edx, 7
+mov byte [eax + 0xf2], dl
+mov dl, byte [eax + 0xf2]
+cmp dl, 2
+je short loc_fffc3664 ; je 0xfffc3664
+cmp dl, 3
+je short loc_fffc3672 ; je 0xfffc3672
+dec dl
+jne short loc_fffc367b ; jne 0xfffc367b
+mov byte [eax + 0xf1], 8
+jmp short loc_fffc366b ; jmp 0xfffc366b
+
+loc_fffc3664: ; not directly referenced
+mov byte [eax + 0xf1], 0x10
+
+loc_fffc366b: ; not directly referenced
+mov eax, 1
+jmp short loc_fffc3684 ; jmp 0xfffc3684
+
+loc_fffc3672: ; not directly referenced
+mov byte [eax + 0xf1], 0x20
+jmp short loc_fffc366b ; jmp 0xfffc366b
+
+loc_fffc367b: ; not directly referenced
+mov byte [eax + 0xf1], 0
+xor eax, eax
+
+loc_fffc3684: ; not directly referenced
+pop ebp
+ret
+
+fcn_fffc3686: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 1
+mov ebx, dword [ebp + 0xc]
+mov esi, dword [ebp + 8]
+mov edx, dword [ebp + 0x10]
+mov cl, byte [ebx + 6]
+mov eax, dword [esi + 0x1887]
+mov edi, dword [esi + 0x188b]
+mov byte [ebp - 0xd], cl
+mov cl, byte [ebx + 2]
+shr byte [ebp - 0xd], 1
+and byte [ebp - 0xd], 1
+cmp cl, 0xc
+je loc_fffc3749 ; je 0xfffc3749
+cmp cl, 0xf1
+je short loc_fffc370a ; je 0xfffc370a
+cmp cl, 0xb
+jne loc_fffc376a ; jne 0xfffc376a
+mov dword [edx + 0xd5], 1
+mov cl, byte [ebx + 3]
+add ebx, 0xb0
+and ecx, 0xf
+cmp eax, 0x306d0
+mov dword [edx + 0xd9], ecx
+sete cl
+cmp eax, 0x40650
+sete al
+or cl, al
+je loc_fffc3814 ; je 0xfffc3814
+cmp byte [ebp - 0xd], 0
+je short loc_fffc3780 ; je 0xfffc3780
+jmp near loc_fffc3814 ; jmp 0xfffc3814
+
+loc_fffc370a: ; not directly referenced
+cmp eax, 0x40650
+je short loc_fffc3728 ; je 0xfffc3728
+cmp eax, 0x40660
+sete cl
+cmp eax, 0x306c0
+sete al
+or cl, al
+jne short loc_fffc3728 ; jne 0xfffc3728
+dec edi
+jne short loc_fffc3749 ; jne 0xfffc3749
+
+loc_fffc3728: ; not directly referenced
+mov dword [edx + 0xd5], 3
+mov al, byte [ebx + 3]
+add ebx, 0xb0
+and eax, 0xf
+mov dword [edx + 0xd9], eax
+jmp near loc_fffc3814 ; jmp 0xfffc3814
+
+loc_fffc3749: ; not directly referenced
+mov dword [edx + 0xd5], 2
+mov al, byte [ebx + 3]
+add ebx, 0x180
+and eax, 0xf
+mov dword [edx + 0xd9], eax
+jmp near loc_fffc3814 ; jmp 0xfffc3814
+
+loc_fffc376a: ; not directly referenced
+mov dword [edx + 0xd5], 0
+xor ebx, ebx
+mov dword [edx + 0xd9], 0
+
+loc_fffc3780: ; not directly referenced
+xor eax, eax
+
+loc_fffc3782: ; not directly referenced
+mov byte [edx + 0xf6], 0
+test eax, eax
+je loc_fffc383c ; je 0xfffc383c
+cmp word [ebx], 0x4a0c
+mov eax, dword [esi + 0x18a7]
+jne short loc_fffc37bf ; jne 0xfffc37bf
+mov cl, byte [ebx + 3]
+and ecx, 0xfffffffe
+cmp cl, 0x12
+jne short loc_fffc37bf ; jne 0xfffc37bf
+cmp eax, 2
+jne short loc_fffc37b4 ; jne 0xfffc37b4
+test byte [ebx + 2], 1
+jmp short loc_fffc37bd ; jmp 0xfffc37bd
+
+loc_fffc37b4: ; not directly referenced
+cmp eax, 3
+jne short loc_fffc37cd ; jne 0xfffc37cd
+test byte [ebx + 2], 2
+
+loc_fffc37bd: ; not directly referenced
+jne short loc_fffc37cd ; jne 0xfffc37cd
+
+loc_fffc37bf: ; not directly referenced
+sub eax, 2
+cmp eax, 1
+seta al
+movzx eax, al
+jmp short loc_fffc37d9 ; jmp 0xfffc37d9
+
+loc_fffc37cd: ; not directly referenced
+or byte [esi + 0x3749], 1
+mov eax, 1
+
+loc_fffc37d9: ; not directly referenced
+cmp word [ebx], 0x4a0c
+jne short loc_fffc383c ; jne 0xfffc383c
+movzx edi, byte [ebx + 3]
+mov esi, edi
+and esi, 0xfffffffe
+mov ecx, esi
+cmp cl, 0x12
+jne short loc_fffc37f8 ; jne 0xfffc37f8
+mov ecx, edi
+mov byte [edx + 0xf7], cl
+
+loc_fffc37f8: ; not directly referenced
+test byte [ebx + 2], 1
+je short loc_fffc3805 ; je 0xfffc3805
+or byte [edx + 0xf6], 1
+
+loc_fffc3805: ; not directly referenced
+test byte [ebx + 2], 2
+je short loc_fffc383c ; je 0xfffc383c
+or byte [edx + 0xf6], 2
+jmp short loc_fffc383c ; jmp 0xfffc383c
+
+loc_fffc3814: ; not directly referenced
+mov eax, dword [edx + 0xd9]
+lea ecx, [eax - 2]
+xor eax, eax
+cmp ecx, 6
+ja loc_fffc3782 ; ja 0xfffc3782
+mov eax, 1
+shl eax, cl
+test al, 0x43
+setne al
+movzx eax, al
+jmp near loc_fffc3782 ; jmp 0xfffc3782
+
+loc_fffc383c: ; not directly referenced
+add esp, 1
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc3844: ; not directly referenced
+push ebp
+mov ebp, esp
+movzx eax, byte [ebp + 0x10]
+movzx edx, byte [ebp + 0x14]
+shl eax, 0xc
+add edx, eax
+movzx eax, byte [ebp + 0xc]
+shl eax, 0xf
+add edx, eax
+movzx eax, byte [ebp + 8]
+pop ebp
+shl eax, 0x14
+add eax, edx
+ret
+
+fcn_fffc3868: ; not directly referenced
+push ebp
+mov ebp, esp
+mov edx, dword [ebp + 0x10]
+movzx eax, byte [ebp + 0x14]
+and edx, 7
+shl edx, 8
+or eax, 0x80000000
+or eax, edx
+movzx edx, byte [ebp + 8]
+shl edx, 0x10
+or eax, edx
+movzx edx, byte [ebp + 0xc]
+pop ebp
+shl edx, 0xb
+movzx edx, dx
+or eax, edx
+ret
+
+fcn_fffc3896: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x1c], 0
+mov eax, dword [ebx + 0x2443]
+lea edi, [ebx + 0xfb9]
+mov dword [ebp - 0x20], eax
+mov al, byte [ebx + 0xfb8]
+mov byte [ebx + 0x3755], al
+mov eax, dword [ebx + 0xfb4]
+mov dword [ebx + 0x374e], eax
+
+loc_fffc38d0: ; not directly referenced
+imul esi, dword [ebp - 0x1c], 0x13c3
+xor edx, edx
+mov eax, dword [edi + 4]
+lea ecx, [ebx + esi + 0x3756]
+mov dword [ebx + esi + 0x3816], eax
+mov al, byte [edi + 8]
+mov byte [ebx + esi + 0x381a], al
+mov eax, dword [edi]
+mov dword [ebx + esi + 0x3756], eax
+
+loc_fffc38fd: ; not directly referenced
+push eax
+push 0x2e
+lea eax, [edi + edx + 9]
+push eax
+lea eax, [ecx + edx + 4]
+push eax
+mov eax, dword [ebp - 0x20]
+mov dword [ebp - 0x28], edx
+mov dword [ebp - 0x24], ecx
+call dword [eax + 0x58] ; ucall
+mov edx, dword [ebp - 0x28]
+add esp, 0x10
+mov ecx, dword [ebp - 0x24]
+add edx, 0x2e
+cmp edx, 0xb8
+jne short loc_fffc38fd ; jne 0xfffc38fd
+imul eax, dword [ebp - 0x1c], 0x54a
+lea esi, [ebx + esi + 0x48c9]
+mov dword [ebp - 0x24], esi
+lea edx, [edi + 0x313]
+mov byte [ebp - 0x29], 2
+lea esi, [ebx + eax + 0x1afb]
+lea eax, [edi + 0xc1]
+mov dword [ebp - 0x28], eax
+
+loc_fffc3955: ; not directly referenced
+mov eax, dword [ebp - 0x28]
+mov eax, dword [eax]
+lea ecx, [eax - 1]
+cmp ecx, 1
+ja short loc_fffc39d5 ; ja 0xfffc39d5
+push eax
+mov eax, dword [ebp - 0x20]
+push 0x128
+push dword [ebp - 0x28]
+push dword [ebp - 0x24]
+mov dword [ebp - 0x30], edx
+call dword [eax + 0x58] ; ucall
+mov edx, dword [ebp - 0x30]
+add esp, 0x10
+cmp byte [esi - 0x13e], 0xc
+jne short loc_fffc39a1 ; jne 0xfffc39a1
+mov cl, byte [edx - 2]
+mov eax, esi
+mov byte [esi - 0x13d], cl
+mov cl, byte [edx - 1]
+mov byte [esi - 0x133], cl
+mov ecx, 0x1d
+jmp short loc_fffc39be ; jmp 0xfffc39be
+
+loc_fffc39a1: ; not directly referenced
+mov al, byte [edx - 2]
+mov ecx, 0x1f
+mov byte [esi - 0x13d], al
+mov al, byte [edx - 1]
+mov byte [esi - 0x138], al
+lea eax, [esi - 0xcb]
+
+loc_fffc39be: ; not directly referenced
+sub esp, 4
+push ecx
+push edx
+push eax
+mov eax, dword [ebp - 0x20]
+mov dword [ebp - 0x30], edx
+call dword [eax + 0x58] ; ucall
+add esp, 0x10
+mov edx, dword [ebp - 0x30]
+jmp short loc_fffc39da ; jmp 0xfffc39da
+
+loc_fffc39d5: ; not directly referenced
+mov ecx, dword [ebp - 0x24]
+mov dword [ecx], eax
+
+loc_fffc39da: ; not directly referenced
+add dword [ebp - 0x28], 0x128
+add esi, 0x277
+add edx, 0x21
+add dword [ebp - 0x24], 0x128
+dec byte [ebp - 0x29]
+jne loc_fffc3955 ; jne 0xfffc3955
+inc dword [ebp - 0x1c]
+add edi, 0x433
+cmp dword [ebp - 0x1c], 2
+jne loc_fffc38d0 ; jne 0xfffc38d0
+mov eax, dword [ebx + 0x182c]
+xor ecx, ecx
+mov dword [ebx + 0x3735], eax
+mov eax, dword [ebx + 0x1830]
+mov dword [ebx + 0x3739], eax
+mov eax, dword [ebx + 0x1834]
+mov dword [ebx + 0x373d], eax
+mov eax, dword [ebx + 0x1838]
+mov dword [ebx + 0x3741], eax
+mov eax, dword [ebx + 0xfa4]
+mov dword [ebx + 0x1887], eax
+mov eax, dword [ebx + 0xfa0]
+mov dword [ebx + 0x1883], eax
+mov eax, dword [ebx + 0xfa8]
+mov dword [ebx + 0x188b], eax
+mov al, byte [ebx + 0x1842]
+mov byte [ebx + 0x190d], al
+mov eax, dword [ebx + 0x181f]
+mov dword [ebx + 0x36d7], eax
+mov eax, dword [ebx + 0x1823]
+mov dword [ebx + 0x36df], eax
+mov al, byte [ebx + 0x182b]
+mov byte [ebx + 0x36e7], al
+mov eax, dword [ebx + 0x1827]
+mov dword [ebx + 0x36e3], eax
+mov al, byte [ebx + 0x183c]
+mov byte [ebx + 0x3748], al
+mov eax, dword [ebx + 0x183d]
+mov dword [ebx + 0x2480], eax
+mov al, byte [ebx + 0x1841]
+mov byte [ebx + 0x3749], al
+mov al, byte [ebx + 0x184c]
+mov byte [ebx + 0x36ca], al
+mov eax, dword [ebx + 0x1843]
+mov dword [ebx + 0x36cb], eax
+mov eax, dword [ebx + 0x1847]
+mov dword [ebx + 0x1912], eax
+mov al, byte [ebx + 0x184b]
+mov byte [ebx + 0x1916], al
+mov al, byte [ebx + 0x184d]
+mov byte [ebx + 0x36a8], al
+
+loc_fffc3aff: ; not directly referenced
+mov eax, dword [ebx + ecx + 0x184e]
+mov edx, dword [ebx + ecx + 0x1852]
+mov dword [ebx + ecx + 0x36a9], eax
+mov dword [ebx + ecx + 0x36ad], edx
+add ecx, 8
+cmp ecx, 0x20
+jne short loc_fffc3aff ; jne 0xfffc3aff
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc3b2d: ; not directly referenced
+push ebp
+mov ebp, esp
+push ebx
+sub esp, 0x10
+mov ebx, dword [ebp + 8]
+mov al, byte [ebx + 0x18b1]
+mov ecx, dword [ebx + 0x18cd]
+mov byte [ebx + 0x2479], 0
+mov byte [ebx + 0x3748], al
+mov al, byte [ebx + 0x23ff]
+lea edx, [ecx + 0x18]
+mov byte [ebx + 0x3745], al
+mov eax, dword [ebx + 0x2443]
+push edx
+call dword [eax + 0x20] ; ucall
+add esp, 0x10
+mov edx, eax
+shr edx, 0x10
+test ax, ax
+jne short loc_fffc3b80 ; jne 0xfffc3b80
+cmp dx, 1
+jbe short loc_fffc3b80 ; jbe 0xfffc3b80
+mov al, dl
+jmp short loc_fffc3b86 ; jmp 0xfffc3b86
+
+loc_fffc3b80: ; not directly referenced
+mov al, byte [ebx + 0x2401]
+
+loc_fffc3b86: ; not directly referenced
+mov ecx, dword [ebx + 0x18cd]
+sub esp, 0xc
+mov byte [ebx + 0x3747], al
+mov eax, dword [ebx + 0x2443]
+lea edx, [ecx + 0x28]
+push edx
+call dword [eax + 0x20] ; ucall
+add esp, 0x10
+mov edx, eax
+shr edx, 0x10
+test ax, ax
+jne short loc_fffc3bb9 ; jne 0xfffc3bb9
+cmp dx, 1
+jbe short loc_fffc3bb9 ; jbe 0xfffc3bb9
+mov al, dl
+jmp short loc_fffc3bbf ; jmp 0xfffc3bbf
+
+loc_fffc3bb9: ; not directly referenced
+mov al, byte [ebx + 0x2400]
+
+loc_fffc3bbf: ; not directly referenced
+mov byte [ebx + 0x3746], al
+xor eax, eax
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffc3bcc: ; not directly referenced
+push ebp
+xor eax, eax
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffc3bd3: ; not directly referenced
+push ebp
+xor eax, eax
+mov ebp, esp
+pop ebp
+ret
+
+fcn_fffc3bda: ; not directly referenced
+push ebp
+and edx, 0xff00
+mov ebp, esp
+push ebx
+xor ebx, ebx
+sub esp, 8
+push 0xe
+push ebx
+push edx
+call dword [eax + 0x68] ; ucall
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffc3bf5: ; not directly referenced
+push ebp
+movzx ecx, dl
+mov ebp, esp
+push ebx
+xor ebx, ebx
+sub esp, 8
+push 0x16
+push ebx
+push ecx
+call dword [eax + 0x68] ; ucall
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffc3c0d:
+push ebp
+mov ebp, esp
+push esi
+push ebx
+mov esi, dword [eax + 0x2443]
+lea ebx, [edx - 0xd]
+mov ecx, dword [eax + 0x2480]
+cmp ebx, 0x36
+ja loc_fffc3dad ; ja 0xfffc3dad
+jmp dword [ebx*4 + ref_fffd59e0] ; ujmp: jmp dword [ebx*4 - 0x2a620]
+
+loc_fffc3c31:
+cmp ecx, 3
+je loc_fffc3dad ; je 0xfffc3dad
+mov bl, byte [eax + 0x2403]
+jmp short loc_fffc3c98 ; jmp 0xfffc3c98
+
+loc_fffc3c42:
+mov bl, byte [eax + 0x2403]
+jmp short loc_fffc3cc0 ; jmp 0xfffc3cc0
+
+loc_fffc3c4a:
+mov bl, byte [eax + 0x2403]
+jmp near loc_fffc3d09 ; jmp 0xfffc3d09
+
+loc_fffc3c55:
+mov bl, byte [eax + 0x2403]
+jmp near loc_fffc3d14 ; jmp 0xfffc3d14
+
+loc_fffc3c60:
+mov bl, byte [eax + 0x2403]
+jmp near loc_fffc3d87 ; jmp 0xfffc3d87
+
+loc_fffc3c6b:
+mov bl, byte [eax + 0x2403]
+jmp short loc_fffc3cdd ; jmp 0xfffc3cdd
+
+loc_fffc3c73:
+mov bl, byte [eax + 0x2403]
+jmp near loc_fffc3d1f ; jmp 0xfffc3d1f
+
+loc_fffc3c7e:
+movsx ebx, byte [eax + 0x2403]
+jmp near loc_fffc3d51 ; jmp 0xfffc3d51
+
+loc_fffc3c8a:
+cmp ecx, 2
+jmp near loc_fffc3d7c ; jmp 0xfffc3d7c
+
+loc_fffc3c92:
+mov bl, byte [eax + 0x2404]
+
+loc_fffc3c98:
+not ebx
+jmp near loc_fffc3d25 ; jmp 0xfffc3d25
+
+loc_fffc3c9f:
+mov bl, byte [eax + 0x2406]
+jmp short loc_fffc3cdd ; jmp 0xfffc3cdd
+
+loc_fffc3ca7:
+mov bl, byte [eax + 0x2406]
+jmp near loc_fffc3d87 ; jmp 0xfffc3d87
+
+loc_fffc3cb2:
+mov bl, byte [eax + 0x2406]
+jmp short loc_fffc3d14 ; jmp 0xfffc3d14
+
+loc_fffc3cba:
+mov bl, byte [eax + 0x2404]
+
+loc_fffc3cc0:
+shr bl, 1
+jmp short loc_fffc3d22 ; jmp 0xfffc3d22
+
+loc_fffc3cc4:
+mov bl, byte [eax + 0x2404]
+jmp short loc_fffc3d09 ; jmp 0xfffc3d09
+
+loc_fffc3ccc:
+mov bl, byte [eax + 0x2404]
+jmp near loc_fffc3d87 ; jmp 0xfffc3d87
+
+loc_fffc3cd7:
+mov bl, byte [eax + 0x2404]
+
+loc_fffc3cdd:
+shr bl, 5
+jmp short loc_fffc3d22 ; jmp 0xfffc3d22
+
+loc_fffc3ce2:
+mov bl, byte [eax + 0x2404]
+jmp short loc_fffc3d1f ; jmp 0xfffc3d1f
+
+loc_fffc3cea:
+movsx ebx, byte [eax + 0x2404]
+jmp short loc_fffc3d51 ; jmp 0xfffc3d51
+
+loc_fffc3cf3:
+mov bl, byte [eax + 0x2405]
+jmp short loc_fffc3c98 ; jmp 0xfffc3c98
+
+loc_fffc3cfb:
+mov bl, byte [eax + 0x2405]
+jmp short loc_fffc3cc0 ; jmp 0xfffc3cc0
+
+loc_fffc3d03:
+mov bl, byte [eax + 0x2405]
+
+loc_fffc3d09:
+shr bl, 2
+jmp short loc_fffc3d22 ; jmp 0xfffc3d22
+
+loc_fffc3d0e:
+mov bl, byte [eax + 0x2405]
+
+loc_fffc3d14:
+shr bl, 3
+jmp short loc_fffc3d22 ; jmp 0xfffc3d22
+
+loc_fffc3d19:
+mov bl, byte [eax + 0x2405]
+
+loc_fffc3d1f:
+shr bl, 6
+
+loc_fffc3d22:
+xor ebx, 1
+
+loc_fffc3d25:
+and ebx, 1
+jmp near loc_fffc3daf ; jmp 0xfffc3daf
+
+loc_fffc3d2d:
+mov ebx, 1
+test byte [eax + 0x2405], 0x20
+je short loc_fffc3daf ; je 0xfffc3daf
+cmp dword [eax + 0x188b], 0
+
+loc_fffc3d42:
+sete bl
+
+loc_fffc3d45:
+movzx ebx, bl
+jmp short loc_fffc3daf ; jmp 0xfffc3daf
+
+loc_fffc3d4a:
+movsx ebx, byte [eax + 0x2405]
+
+loc_fffc3d51:
+not ebx
+shr ebx, 0x1f
+jmp short loc_fffc3daf ; jmp 0xfffc3daf
+
+loc_fffc3d58:
+mov ebx, 1
+test byte [eax + 0x2406], 1
+je short loc_fffc3daf ; je 0xfffc3daf
+
+loc_fffc3d66:
+cmp ecx, 3
+jmp short loc_fffc3d42 ; jmp 0xfffc3d42
+
+loc_fffc3d6b:
+mov ebx, 1
+test byte [eax + 0x2404], 8
+je short loc_fffc3daf ; je 0xfffc3daf
+
+loc_fffc3d79:
+cmp ecx, 3
+
+loc_fffc3d7c:
+setne bl
+jmp short loc_fffc3d45 ; jmp 0xfffc3d45
+
+loc_fffc3d81:
+mov bl, byte [eax + 0x2405]
+
+loc_fffc3d87:
+shr bl, 4
+jmp short loc_fffc3d22 ; jmp 0xfffc3d22
+
+loc_fffc3d8c:
+mov bl, byte [eax + 0x2406]
+jmp near loc_fffc3cc0 ; jmp 0xfffc3cc0
+
+loc_fffc3d97:
+mov bl, byte [eax + 0x2406]
+jmp near loc_fffc3d09 ; jmp 0xfffc3d09
+
+loc_fffc3da2:
+mov bl, byte [eax + 0x2406]
+jmp near loc_fffc3d1f ; jmp 0xfffc3d1f
+
+loc_fffc3dad:
+xor ebx, ebx
+
+loc_fffc3daf:
+push ecx
+push 0
+push edx
+push eax
+call dword [esi + 0x90] ; ucall
+lea esp, [ebp - 8]
+or eax, ebx
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffc3dc3:
+push ebp
+xor ecx, ecx
+mov ebp, esp
+push esi
+push ebx
+sub esp, 0x400
+
+loc_fffc3dd0:
+mov ebx, ecx
+mov esi, 8
+
+loc_fffc3dd7:
+test bl, 1
+je short loc_fffc3de6 ; je 0xfffc3de6
+shr ebx, 1
+xor ebx, 0xedb88320
+jmp short loc_fffc3de8 ; jmp 0xfffc3de8
+
+loc_fffc3de6:
+shr ebx, 1
+
+loc_fffc3de8:
+dec esi
+jne short loc_fffc3dd7 ; jne 0xfffc3dd7
+mov dword [ebp + ecx*4 - 0x408], ebx
+inc ecx
+cmp ecx, 0x100
+jne short loc_fffc3dd0 ; jne 0xfffc3dd0
+or ecx, 0xffffffff
+xor ebx, ebx
+
+loc_fffc3e00:
+cmp ebx, edx
+je short loc_fffc3e1b ; je 0xfffc3e1b
+mov esi, ecx
+xor cl, byte [eax + ebx]
+inc ebx
+shr esi, 8
+movzx ecx, cl
+xor esi, dword [ebp + ecx*4 - 0x408]
+mov ecx, esi
+jmp short loc_fffc3e00 ; jmp 0xfffc3e00
+
+loc_fffc3e1b:
+add esp, 0x400
+mov eax, ecx
+pop ebx
+not eax
+pop esi
+pop ebp
+ret
+
+fcn_fffc3e29:
+cmp dword [eax + 0x39], 1
+jne loc_fffc3f07 ; jne 0xfffc3f07
+push ebp
+add eax, 0x369
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 5
+mov ebx, dword [edx + 9]
+mov dword [ebp - 0x10], eax
+mov byte [ebp - 0x11], 2
+
+loc_fffc3e4b:
+mov ecx, dword [ebp - 0x10]
+xor esi, esi
+
+loc_fffc3e50:
+movzx edi, byte [ebx + 0x10]
+mov word [ecx - 0x18], di
+mov di, word [ebx + 8]
+mov word [ecx - 0x16], di
+mov di, word [ebx + 0x20]
+mov word [ecx - 0x14], di
+mov di, word [ebx + 0x1e]
+mov word [ecx - 0x12], di
+mov di, word [ebx + 0xe]
+mov word [ecx - 0x10], di
+mov di, word [ebx + 0x1c]
+mov word [ecx - 0xe], di
+mov di, word [ebx + 0xa]
+mov word [ecx - 0xc], di
+mov di, word [ebx + 0x22]
+mov word [ecx - 0xa], di
+mov di, word [ebx + 0x14]
+mov word [ecx - 8], di
+mov di, word [ebx + 0xc]
+mov word [ecx - 2], di
+cmp byte [edx], 5
+jbe short loc_fffc3eae ; jbe 0xfffc3eae
+mov di, word [ebx + 0x68]
+mov word [ecx], di
+jmp short loc_fffc3eb3 ; jmp 0xfffc3eb3
+
+loc_fffc3eae:
+mov word [ecx], 0
+
+loc_fffc3eb3:
+mov di, word [ebx + 0x16]
+inc esi
+add ecx, 0x277
+mov eax, esi
+mov word [ecx - 0x275], di
+mov di, word [ebx + 0x1a]
+mov word [ecx - 0x26f], di
+mov di, word [ebx + 0x12]
+mov word [ecx - 0x26d], di
+mov di, word [ebx + 0x18]
+mov word [ecx - 0x26b], di
+cmp al, 2
+jne loc_fffc3e50 ; jne 0xfffc3e50
+add dword [ebp - 0x10], 0x54a
+dec byte [ebp - 0x11]
+jne loc_fffc3e4b ; jne 0xfffc3e4b
+add esp, 5
+pop ebx
+pop esi
+pop edi
+pop ebp
+
+loc_fffc3f07:
+ret
+
+fcn_fffc3f08: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov ebx, dword [ebp + 8]
+cmp dword [ebx + 0x1887], 0x306d0
+je short loc_fffc3f54 ; je 0xfffc3f54
+
+loc_fffc3f20: ; not directly referenced
+mov ecx, 0x14
+mov edx, 0x5f08
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebx + 0x3756], 2
+jne loc_fffc407f ; jne 0xfffc407f
+mov ecx, 0x3000
+mov edx, 0x48a8
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffc407f ; jmp 0xfffc407f
+
+loc_fffc3f54: ; not directly referenced
+cmp byte [ebx + 0x18ed], 0
+je short loc_fffc3f20 ; je 0xfffc3f20
+mov eax, dword [ebx + 0x36e8]
+sub eax, 2
+cmp eax, 1
+ja short loc_fffc3f20 ; ja 0xfffc3f20
+mov dl, 0x10
+
+loc_fffc3f6d: ; not directly referenced
+mov eax, ebx
+mov dword [ebp - 0x2c], edx
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov edx, dword [ebp - 0x2c]
+dec dl
+jne short loc_fffc3f6d ; jne 0xfffc3f6d
+cmp dword [ebx + 0x36e8], 3
+jne short loc_fffc3f20 ; jne 0xfffc3f20
+mov eax, dword [ebx + 0x2443]
+mov esi, dword [ebx + 0x5edc]
+push edi
+push 0
+push 0x10
+lea edi, [ebp - 0x28]
+push edi
+mov dword [ebp - 0x3c], eax
+call dword [eax + 0x5c] ; ucall
+lea eax, [ebx + 0x3756]
+add esp, 0x10
+mov dword [ebp - 0x30], eax
+lea eax, [esi + 0x70]
+mov dword [ebp - 0x34], eax
+lea eax, [ebx + 0x2490]
+mov dword [ebp - 0x2c], 0
+mov dword [ebp - 0x40], eax
+mov dword [ebp - 0x44], edi
+
+loc_fffc3fc7: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+cmp dword [eax], 2
+je short loc_fffc3feb ; je 0xfffc3feb
+
+loc_fffc3fcf: ; not directly referenced
+inc dword [ebp - 0x2c]
+add dword [ebp - 0x30], 0x13c3
+add dword [ebp - 0x34], 0xcc
+cmp dword [ebp - 0x2c], 2
+jne short loc_fffc3fc7 ; jne 0xfffc3fc7
+jmp near loc_fffc3f20 ; jmp 0xfffc3f20
+
+loc_fffc3feb: ; not directly referenced
+mov cl, byte [ebp - 0x2c]
+xor esi, esi
+xor edx, edx
+mov dword [ebp - 0x38], 1
+shl dword [ebp - 0x38], cl
+
+loc_fffc3ffc: ; not directly referenced
+mov edi, dword [ebp - 0x30]
+mov eax, 1
+mov ecx, esi
+shl eax, cl
+test byte [edi + 0xc4], al
+je short loc_fffc4074 ; je 0xfffc4074
+test edx, edx
+jne short loc_fffc4074 ; jne 0xfffc4074
+mov edx, dword [ebp - 0x2c]
+mov ecx, eax
+mov eax, ebx
+call fcn_fffaac43 ; call 0xfffaac43
+movzx edi, al
+test dword [ebp - 0x38], edi
+je short loc_fffc403f ; je 0xfffc403f
+push ecx
+push 0
+movzx eax, byte [ebx + 0x2488]
+push eax
+mov eax, dword [ebp - 0x3c]
+push dword [ebp - 0x34]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffc403f: ; not directly referenced
+sub esp, 0xc
+mov ecx, 0x11
+push 0
+mov edx, edi
+mov eax, ebx
+call fcn_fffb26ca ; call 0xfffb26ca
+mov ecx, edi
+pop eax
+mov eax, ebx
+pop edx
+mov edx, dword [ebp - 0x40]
+push 0
+push dword [ebp - 0x44]
+push 1
+push 1
+push 2
+push esi
+call fcn_fffc6051 ; call 0xfffc6051
+add esp, 0x20
+mov edx, 1
+
+loc_fffc4074: ; not directly referenced
+inc esi
+cmp esi, 4
+jne short loc_fffc3ffc ; jne 0xfffc3ffc
+jmp near loc_fffc3fcf ; jmp 0xfffc3fcf
+
+loc_fffc407f: ; not directly referenced
+cmp dword [ebx + 0x4b19], 2
+jne short loc_fffc4099 ; jne 0xfffc4099
+mov ecx, 0x3000
+mov edx, 0x48b0
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc4099: ; not directly referenced
+mov eax, ebx
+call fcn_fffae778 ; call 0xfffae778
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc40aa: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x60
+mov edi, dword [ebp + 8]
+mov eax, dword [edi + 0x5edc]
+mov esi, dword [edi + 0x188b]
+mov dword [ebp - 0x44], eax
+mov eax, dword [edi + 0x2443]
+mov ebx, eax
+mov dword [ebp - 0x48], eax
+mov eax, dword [edi + 0x1887]
+mov dword [ebp - 0x4c], eax
+mov eax, dword [edi + 0x1883]
+mov dword [ebp - 0x50], eax
+mov al, byte [edi + 0x248d]
+push 0
+push 0x10
+mov byte [ebp - 0x5b], al
+lea eax, [ebp - 0x28]
+push eax
+mov eax, ebx
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+cmp byte [edi + 0x36c9], 0
+jne short loc_fffc410e ; jne 0xfffc410e
+xor ebx, ebx
+test esi, esi
+je loc_fffc4551 ; je 0xfffc4551
+
+loc_fffc410e: ; not directly referenced
+cmp dword [edi + 0x2480], 3
+mov ecx, 0xa
+sete bl
+jne short loc_fffc4156 ; jne 0xfffc4156
+cmp dword [ebp - 0x50], 3
+sete dl
+cmp dword [ebp - 0x4c], 0x306d0
+sete al
+test dl, al
+jne loc_fffc453a ; jne 0xfffc453a
+cmp dword [ebp - 0x50], 0
+sete dl
+cmp dword [ebp - 0x4c], 0x40670
+sete al
+test dl, al
+jne loc_fffc453a ; jne 0xfffc453a
+mov ecx, 6
+
+loc_fffc4156: ; not directly referenced
+mov dword [ebp - 0x58], 0
+
+loc_fffc415d: ; not directly referenced
+mov eax, dword [ebp - 0x44]
+mov al, byte [eax + 0x14]
+and eax, 0x7f
+mov dl, al
+or edx, 0xffffff80
+test al, 0x40
+cmovne eax, edx
+cbw
+lea eax, [eax + eax*4]
+add eax, eax
+dec esi
+mov word [ebp - 0x5a], ax
+sete al
+test al, bl
+je loc_fffc428d ; je 0xfffc428d
+mov eax, dword [ebp - 0x44]
+lea ebx, [ebp - 0x34]
+mov dword [ebp - 0x40], 0
+lea esi, [eax + 0x1c]
+
+loc_fffc4197: ; not directly referenced
+cmp byte [esi + 0xb5], 0
+je short loc_fffc41b9 ; je 0xfffc41b9
+
+loc_fffc41a0: ; not directly referenced
+inc dword [ebp - 0x40]
+add esi, 0xcc
+cmp dword [ebp - 0x40], 2
+jne short loc_fffc4197 ; jne 0xfffc4197
+mov ecx, 0xa
+jmp near loc_fffc428d ; jmp 0xfffc428d
+
+loc_fffc41b9: ; not directly referenced
+imul eax, dword [ebp - 0x40], 0x13c3
+mov byte [esi + 0xb5], 0xff
+mov dword [ebp - 0x3c], 0
+mov dword [ebp - 0x60], eax
+
+loc_fffc41d1: ; not directly referenced
+mov cl, byte [ebp - 0x3c]
+mov eax, 1
+shl eax, cl
+mov ecx, dword [ebp - 0x60]
+test byte [edi + ecx + 0x381a], al
+jne short loc_fffc41f2 ; jne 0xfffc41f2
+
+loc_fffc41e7: ; not directly referenced
+inc dword [ebp - 0x3c]
+cmp dword [ebp - 0x3c], 4
+jne short loc_fffc41d1 ; jne 0xfffc41d1
+jmp short loc_fffc41a0 ; jmp 0xfffc41a0
+
+loc_fffc41f2: ; not directly referenced
+mov ecx, dword [ebp - 0x3c]
+mov edx, dword [ebp - 0x40]
+movzx eax, cl
+lea eax, [esi + eax*4 + 0xb6]
+mov dword [ebp - 0x54], eax
+push eax
+push eax
+mov eax, edi
+push ebx
+push 5
+call fcn_fffa686d ; call 0xfffa686d
+mov ecx, dword [ebp - 0x3c]
+pop eax
+pop edx
+mov edx, dword [ebp - 0x40]
+lea eax, [ebp - 0x30]
+push eax
+mov eax, edi
+push 6
+call fcn_fffa686d ; call 0xfffa686d
+mov edx, dword [ebp - 0x40]
+pop ecx
+pop eax
+mov ecx, dword [ebp - 0x3c]
+lea eax, [ebp - 0x2c]
+push eax
+mov eax, edi
+push 7
+call fcn_fffa686d ; call 0xfffa686d
+add esp, 0x10
+xor eax, eax
+
+loc_fffc4240: ; not directly referenced
+mov dl, byte [eax + ebx]
+mov ecx, dword [ebp - 0x54]
+mov byte [ecx + eax], dl
+mov dl, byte [eax + ebx]
+cmp dl, 1
+je short loc_fffc4258 ; je 0xfffc4258
+cmp dl, 3
+je short loc_fffc426d ; je 0xfffc426d
+jmp short loc_fffc4282 ; jmp 0xfffc4282
+
+loc_fffc4258: ; not directly referenced
+cmp byte [eax + ebp - 0x30], 1
+jne short loc_fffc426d ; jne 0xfffc426d
+cmp byte [ebp + eax - 0x2c], 0
+jne short loc_fffc426d ; jne 0xfffc426d
+mov byte [esi + 0xb5], 1
+
+loc_fffc426d: ; not directly referenced
+cmp byte [eax + ebp - 0x30], 0
+jne short loc_fffc4282 ; jne 0xfffc4282
+cmp byte [ebp + eax - 0x2c], 0
+jne short loc_fffc4282 ; jne 0xfffc4282
+mov byte [esi + 0xb5], 1
+
+loc_fffc4282: ; not directly referenced
+inc eax
+cmp eax, 4
+jne short loc_fffc4240 ; jne 0xfffc4240
+jmp near loc_fffc41e7 ; jmp 0xfffc41e7
+
+loc_fffc428d: ; not directly referenced
+movzx edx, byte [edi + 0x248e]
+sub esp, 0xc
+mov eax, edi
+push 0
+xor ebx, ebx
+call fcn_fffb2759 ; call 0xfffb2759
+mov eax, dword [ebp - 0x44]
+add esp, 0x10
+mov byte [ebp - 0x3c], 0
+lea esi, [eax + 0x70]
+
+loc_fffc42af: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edx, ebx
+movzx ecx, byte [edi + eax + 0x381a]
+mov eax, edi
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0x3c], al
+movzx ecx, byte [ebp - 0x3c]
+bt ecx, ebx
+jae short loc_fffc42ed ; jae 0xfffc42ed
+push edx
+push 0
+movzx eax, byte [edi + 0x2488]
+mov dword [ebp - 0x40], ecx
+push eax
+mov eax, dword [ebp - 0x48]
+push esi
+call dword [eax + 0x64] ; ucall
+mov ecx, dword [ebp - 0x40]
+add esp, 0x10
+
+loc_fffc42ed: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+jne short loc_fffc42af ; jne 0xfffc42af
+push eax
+push eax
+push 0
+lea eax, [ebp - 0x28]
+push eax
+mov eax, edi
+push 0x36
+push 0
+push 0xd
+lea edx, [edi + 0x2490]
+push 0
+call fcn_fffc6051 ; call 0xfffc6051
+add esp, 0x14
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+mov eax, dword [ebp - 0x58]
+add esp, 0x10
+movsx edx, word [ebp - 0x5a]
+xor ecx, ecx
+mov dword [ebp - 0x48], 0x3e8
+mov dword [ebp - 0x54], 0
+add eax, 0x1e
+mov dword [ebp - 0x40], 0x7fffffff
+sub eax, edx
+mov dword [ebp - 0x3c], 0x7fffffff
+
+loc_fffc434c: ; not directly referenced
+imul edx, ecx, 0x13c3
+cmp dword [edi + edx + 0x3756], 2
+jne short loc_fffc43a9 ; jne 0xfffc43a9
+imul edx, ecx, 0x48
+mov esi, dword [ebp - 0x3c]
+mov ebx, dword [edi + edx + 0x3450]
+mov edx, dword [edi + edx + 0x3454]
+cmp esi, ebx
+cmovle ebx, esi
+mov esi, dword [ebp - 0x40]
+mov dword [ebp - 0x3c], ebx
+mov ebx, dword [ebp - 0x44]
+cmp esi, edx
+cmovle edx, esi
+mov esi, dword [ebp - 0x48]
+mov dword [ebp - 0x40], edx
+imul edx, ecx, 0xcc
+cmp byte [ebx + edx + 0xd1], 0
+mov edx, 1
+cmovle edx, dword [ebp - 0x54]
+cmovg esi, eax
+mov dword [ebp - 0x48], esi
+mov dword [ebp - 0x54], edx
+
+loc_fffc43a9: ; not directly referenced
+inc ecx
+cmp ecx, 2
+jne short loc_fffc434c ; jne 0xfffc434c
+mov eax, dword [ebp - 0x40]
+sub eax, dword [ebp - 0x3c]
+cdq
+idiv ecx
+cmp dword [ebp - 0x50], 3
+seta dl
+cmp dword [ebp - 0x4c], 0x306d0
+mov dword [ebp - 0x44], eax
+sete al
+test dl, al
+jne short loc_fffc43ea ; jne 0xfffc43ea
+cmp dword [ebp - 0x50], 0
+mov ebx, 1
+setne dl
+cmp dword [ebp - 0x4c], 0x40670
+sete al
+test dl, al
+je short loc_fffc4449 ; je 0xfffc4449
+
+loc_fffc43ea: ; not directly referenced
+cmp dword [edi + 0x2480], 2
+mov ebx, 1
+je short loc_fffc4449 ; je 0xfffc4449
+movsx eax, word [ebp - 0x5a]
+mov ecx, 1
+mov edx, 0xd
+mov esi, eax
+mov dword [ebp - 0x4c], eax
+mov eax, edi
+call fcn_fffb13cf ; call 0xfffb13cf
+mov ecx, dword [ebp - 0x40]
+mov edx, esi
+add ecx, esi
+mov esi, 0
+cmovs ecx, esi
+mov esi, dword [ebp - 0x3c]
+sub esi, edx
+mov edx, esi
+mov esi, 0
+cmovs edx, esi
+cmp ecx, edx
+cmovle edx, ecx
+shr ax, 1
+movzx eax, ax
+cmp edx, eax
+jbe short loc_fffc4449 ; jbe 0xfffc4449
+mov eax, dword [ebp - 0x4c]
+xor bl, bl
+neg eax
+mov dword [ebp - 0x44], eax
+
+loc_fffc4449: ; not directly referenced
+mov eax, dword [ebp - 0x48]
+cmp dword [ebp - 0x44], eax
+mov byte [edi + 0x369f], bl
+setg al
+test byte [ebp - 0x54], al
+je short loc_fffc4469 ; je 0xfffc4469
+mov eax, dword [ebp - 0x48]
+test ebx, ebx
+cmove eax, dword [ebp - 0x44]
+mov dword [ebp - 0x44], eax
+
+loc_fffc4469: ; not directly referenced
+mov eax, dword [ebp - 0x44]
+mov ecx, 0xa
+push 0
+push 0
+push 0
+cdq
+idiv ecx
+push 0
+push eax
+push 1
+push 2
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x14
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+mov edx, 0xd
+xor ecx, ecx
+mov dword [ebp - 0x48], eax
+mov eax, edi
+call fcn_fffb13cf ; call 0xfffb13cf
+mov esi, dword [ebp - 0x40]
+add esp, 0x10
+mov ebx, dword [ebp - 0x3c]
+lea edx, [esi + ebx]
+shr ax, 1
+movzx eax, ax
+cmp edx, eax
+jb short loc_fffc44d0 ; jb 0xfffc44d0
+
+loc_fffc44b7: ; not directly referenced
+mov esi, dword [ebp - 0x44]
+lea eax, [edi + 0x3450]
+xor ecx, ecx
+mov ebx, dword [ebp - 0x40]
+mov edx, dword [ebp - 0x3c]
+sub ebx, esi
+add edx, esi
+mov esi, ebx
+jmp short loc_fffc44f4 ; jmp 0xfffc44f4
+
+loc_fffc44d0: ; not directly referenced
+cmp byte [edi + 0x1965], 0
+je short loc_fffc44b7 ; je 0xfffc44b7
+cmp dword [edi + 0x188b], 1
+mov ebx, 0xc
+jne short loc_fffc44b7 ; jne 0xfffc44b7
+jmp short loc_fffc4551 ; jmp 0xfffc4551
+
+loc_fffc44e9: ; not directly referenced
+inc ecx
+add eax, 0x90
+cmp ecx, 4
+je short loc_fffc4507 ; je 0xfffc4507
+
+loc_fffc44f4: ; not directly referenced
+mov ebx, 1
+shl ebx, cl
+test byte [ebp - 0x5b], bl
+je short loc_fffc44e9 ; je 0xfffc44e9
+mov dword [eax], edx
+mov dword [eax + 4], esi
+jmp short loc_fffc44e9 ; jmp 0xfffc44e9
+
+loc_fffc4507: ; not directly referenced
+cmp dword [edi + 0x3756], 2
+jne short loc_fffc451e ; jne 0xfffc451e
+xor cl, cl
+mov edx, 0x4198
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffc451e: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+mov ebx, dword [ebp - 0x48]
+jne short loc_fffc4551 ; jne 0xfffc4551
+xor ecx, ecx
+mov edx, 0x4598
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+jmp short loc_fffc4551 ; jmp 0xfffc4551
+
+loc_fffc453a: ; not directly referenced
+mov eax, dword [ebp - 0x44]
+mov ecx, 6
+imul eax, dword [eax + 0x1b4], 0xa
+mov dword [ebp - 0x58], eax
+jmp near loc_fffc415d ; jmp 0xfffc415d
+
+loc_fffc4551: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, ebx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc455b: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 8
+mov esi, dword [ebp + 8]
+mov ebx, dword [ebp + 0x14]
+mov dword [ebp - 0x10], esi
+mov esi, dword [ebp + 0xc]
+mov edi, ebx
+shr edi, 0x1d
+and edi, 1
+mov dword [ebp - 0x14], esi
+mov esi, dword [ebp + 0x10]
+cmp ax, di
+jne short loc_fffc45f0 ; jne 0xfffc45f0
+test dword [ebp + 0x18], 0x800
+jne short loc_fffc45d4 ; jne 0xfffc45d4
+mov eax, ebx
+shr eax, 0xc
+and eax, 1
+cmp dx, ax
+jne short loc_fffc45f0 ; jne 0xfffc45f0
+mov eax, ebx
+shr eax, 0xb
+and eax, 1
+cmp cx, ax
+jne short loc_fffc45f0 ; jne 0xfffc45f0
+mov edx, ebx
+shr edx, 8
+and edx, 7
+
+loc_fffc45ae: ; not directly referenced
+xor eax, eax
+cmp word [ebp - 0x10], dx
+jne short loc_fffc45f2 ; jne 0xfffc45f2
+mov edx, ebx
+shr edx, 0xd
+cmp word [ebp - 0x14], dx
+jne short loc_fffc45f2 ; jne 0xfffc45f2
+movzx ebx, bl
+and esi, 0xfffffff8
+shl ebx, 3
+xor eax, eax
+cmp si, bx
+sete al
+jmp short loc_fffc45f2 ; jmp 0xfffc45f2
+
+loc_fffc45d4: ; not directly referenced
+test dx, dx
+jne short loc_fffc45f0 ; jne 0xfffc45f0
+mov eax, ebx
+shr eax, 0xc
+and eax, 1
+cmp cx, ax
+jne short loc_fffc45f0 ; jne 0xfffc45f0
+mov edx, ebx
+shr edx, 8
+and edx, 0xf
+jmp short loc_fffc45ae ; jmp 0xfffc45ae
+
+loc_fffc45f0: ; not directly referenced
+xor eax, eax
+
+loc_fffc45f2: ; not directly referenced
+pop edx
+pop ecx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc45f9: ; not directly referenced
+push ebp
+xor eax, eax
+mov ebp, esp
+mov ecx, 8
+push edi
+mov edx, 0xcf8
+push esi
+push ebx
+lea edi, [ebp - 0xe8]
+sub esp, 0x198
+mov ebx, dword [ebp + 8]
+rep stosd ; rep stosd dword es:[edi], eax
+lea edi, [ebp - 0xf8]
+mov dword [ebp - 0xbc], fcn_fffaafc2 ; mov dword [ebp - 0xbc], 0xfffaafc2
+mov dword [ebp - 0xb0], fcn_fffaafda ; mov dword [ebp - 0xb0], 0xfffaafda
+mov dword [ebp - 0x5c], fcn_fffab0f8 ; mov dword [ebp - 0x5c], 0xfffab0f8
+mov dword [ebp - 0x58], fcn_fffab0ef ; mov dword [ebp - 0x58], 0xfffab0ef
+mov dword [ebp - 0xa4], fcn_fffb3d4e ; mov dword [ebp - 0xa4], 0xfffb3d4e
+mov cl, 4
+rep stosd ; rep stosd dword es:[edi], eax
+mov eax, 0x80000048
+mov dword [ebp - 0xa0], fcn_fffb3dc0 ; mov dword [ebp - 0xa0], 0xfffb3dc0
+mov dword [ebp - 0x7c], fcn_fffc3868 ; mov dword [ebp - 0x7c], 0xfffc3868
+mov dword [ebp - 0x78], fcn_fffc3844 ; mov dword [ebp - 0x78], 0xfffc3844
+out dx, eax
+push 0xcfc
+call fcn_fffaafc2 ; call 0xfffaafc2
+add esp, 0x10
+mov esi, eax
+test al, 1
+jne short loc_fffc468a ; jne 0xfffc468a
+
+loc_fffc4683: ; not directly referenced
+xor eax, eax
+jmp near loc_fffc5449 ; jmp 0xfffc5449
+
+loc_fffc468a: ; not directly referenced
+push 0x60
+mov edi, dword [ebp - 0xb0]
+push 0
+push 0
+push 0
+call dword [ebp - 0x7c] ; ucall
+pop edx
+pop ecx
+push eax
+push 0xcf8
+call edi
+mov dword [esp], 0xcfc
+call dword [ebp - 0xbc] ; ucall
+add esp, 0x10
+test al, 1
+je short loc_fffc4683 ; je 0xfffc4683
+and eax, 0xfffffff8
+mov edi, eax
+call fcn_fffa6801 ; call 0xfffa6801
+mov dword [ebp - 0x12c], 0
+cmp eax, 0x40660
+setne cl
+cmp eax, 0x306c0
+setne dl
+test cl, dl
+je short loc_fffc46f2 ; je 0xfffc46f2
+cmp eax, 0x40650
+setne al
+movzx eax, al
+mov dword [ebp - 0x12c], eax
+
+loc_fffc46f2: ; not directly referenced
+push 0xbc
+and esi, 0xfffffffe
+push 0
+push 0
+push 0
+call dword [ebp - 0x78] ; ucall
+add eax, edi
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+push 0x90
+push 0
+push 0
+push 0
+mov dword [ebp - 0x168], eax
+call dword [ebp - 0x78] ; ucall
+add esp, 0x14
+add eax, edi
+push eax
+call dword [ebp - 0xa0] ; ucall
+push 0x98
+push 0
+push 0
+push 0
+mov dword [ebp - 0x184], edx
+mov dword [ebp - 0x180], eax
+call dword [ebp - 0x78] ; ucall
+add esp, 0x14
+add edi, eax
+push edi
+call dword [ebp - 0xa0] ; ucall
+mov dword [ebp - 0x188], eax
+lea eax, [esi + 0x5024]
+mov dword [ebp - 0x18c], edx
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [ebp - 0x14c], eax
+lea eax, [esi + 0x5014]
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [ebp - 0x150], eax
+lea eax, [esi + 0x5000]
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [ebp - 0x114], eax
+lea eax, [esi + 0x5004]
+add esi, 0x5008
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [esp], esi
+mov edi, eax
+call dword [ebp - 0xa4] ; ucall
+mov cl, byte [ebx + 4]
+add esp, 0x10
+mov dx, word [ebx + 5]
+mov dword [ebp - 0x104], edi
+mov dword [ebp - 0xfc], 0
+mov byte [ebp - 0x110], cl
+mov cl, byte [ebx + 3]
+mov word [ebp - 0x12e], dx
+mov dx, word [ebx + 7]
+mov dword [ebp - 0x100], eax
+mov byte [ebp - 0x134], cl
+mov cl, byte [ebx + 2]
+mov word [ebp - 0x130], dx
+mov dl, byte [ebx + 1]
+mov al, cl
+or eax, edx
+mov byte [ebp - 0x151], cl
+test al, 0xfe
+je short loc_fffc481b ; je 0xfffc481b
+
+loc_fffc4814: ; not directly referenced
+xor eax, eax
+jmp near loc_fffc5449 ; jmp 0xfffc5449
+
+loc_fffc481b: ; not directly referenced
+movzx eax, dl
+movzx edx, byte [ebp - 0x151]
+mov esi, dword [ebp + eax*4 - 0x104]
+mov dword [ebp - 0x140], eax
+mov dword [ebp - 0x16c], 0
+mov eax, esi
+shr eax, 0x10
+and eax, 1
+xor eax, edx
+mov edx, esi
+movzx eax, ax
+test eax, eax
+mov dword [ebp - 0x148], eax
+mov dword [ebp - 0x170], eax
+lea eax, [ebp - 0xc4]
+je short loc_fffc4868 ; je 0xfffc4868
+call fcn_fffc3bda ; call 0xfffc3bda
+jmp short loc_fffc486d ; jmp 0xfffc486d
+
+loc_fffc4868: ; not directly referenced
+call fcn_fffc3bf5 ; call 0xfffc3bf5
+
+loc_fffc486d: ; not directly referenced
+mov dword [ebp - 0x124], edx
+mov edx, dword [ebp - 0x124]
+mov dword [ebp - 0x128], eax
+mov eax, dword [ebp - 0x128]
+mov edi, edx
+or edi, eax
+je short loc_fffc4814 ; je 0xfffc4814
+movzx eax, byte [ebp - 0x134]
+mov dword [ebp - 0x144], eax
+test al, 0xfe
+jne loc_fffc4814 ; jne 0xfffc4814
+cmp dword [ebp - 0x148], 0
+mov ebx, esi
+je short loc_fffc48b0 ; je 0xfffc48b0
+shr ebx, 0x12
+jmp short loc_fffc48b3 ; jmp 0xfffc48b3
+
+loc_fffc48b0: ; not directly referenced
+shr ebx, 0x11
+
+loc_fffc48b3: ; not directly referenced
+and ebx, 1
+cmp byte [ebp - 0x134], 0
+mov eax, ebx
+setne cl
+xor eax, 1
+mov byte [ebp - 0x152], cl
+test cl, al
+jne loc_fffc4814 ; jne 0xfffc4814
+cmp dword [ebp - 0x148], 0
+mov ecx, esi
+mov edx, dword [ebp - 0x114]
+lea eax, [ebp - 0xc4]
+je short loc_fffc48fe ; je 0xfffc48fe
+call fcn_fffb8408 ; call 0xfffb8408
+test esi, 0x100000
+mov word [ebp - 0x118], ax
+jmp short loc_fffc4910 ; jmp 0xfffc4910
+
+loc_fffc48fe: ; not directly referenced
+call fcn_fffb8396 ; call 0xfffb8396
+test esi, 0x80000
+mov word [ebp - 0x118], ax
+
+loc_fffc4910: ; not directly referenced
+je short loc_fffc4919 ; je 0xfffc4919
+mov eax, 0x10
+jmp short loc_fffc4930 ; jmp 0xfffc4930
+
+loc_fffc4919: ; not directly referenced
+mov eax, dword [ebp - 0x114]
+shr eax, 0xa
+and eax, 1
+cmp eax, 1
+sbb eax, eax
+and eax, 0xffffffe8
+add eax, 0x20
+
+loc_fffc4930: ; not directly referenced
+mov edi, dword [ebp - 0x114]
+shr edi, 0xb
+mov dword [ebp - 0x13c], edi
+movzx edi, byte [ebp - 0x110]
+and dword [ebp - 0x13c], 1
+cmp ax, 8
+sete dl
+mov byte [ebp - 0x120], dl
+and edx, dword [ebp - 0x13c]
+mov dword [ebp - 0x138], edi
+movzx eax, dl
+shl eax, 3
+or eax, 7
+not eax
+test edi, eax
+jne loc_fffc4814 ; jne 0xfffc4814
+push eax
+mov al, byte [ebp - 0x118]
+add eax, ebx
+add edx, eax
+movzx edx, dl
+push edx
+push dword [ebp - 0x124]
+push dword [ebp - 0x128]
+call dword [ebp - 0x58] ; ucall
+movzx edi, word [ebp - 0x130]
+add esp, 0x10
+mov dword [ebp - 0x160], eax
+neg eax
+mov dword [ebp - 0x15c], edx
+test eax, edi
+jne loc_fffc4814 ; jne 0xfffc4814
+movzx eax, word [ebp - 0x12e]
+mov cl, byte [ebp - 0x118]
+mov edx, eax
+mov dword [ebp - 0x174], eax
+mov eax, 1
+shl eax, cl
+dec eax
+movzx eax, ax
+not eax
+test edx, eax
+jne loc_fffc4814 ; jne 0xfffc4814
+mov eax, esi
+shr eax, 0x15
+mov dword [ebp - 0x178], eax
+and eax, 1
+mov dword [ebp - 0x158], eax
+mov eax, esi
+shr eax, 0x1a
+mov dword [ebp - 0x17c], eax
+and eax, 1
+mov dword [ebp - 0x164], eax
+mov eax, esi
+shr eax, 0x16
+mov dword [ebp - 0x128], eax
+and dword [ebp - 0x128], 1
+cmp dword [ebp - 0x13c], 0
+je loc_fffc4d7f ; je 0xfffc4d7f
+push eax
+mov eax, dword [ebp - 0x110]
+xor edx, edx
+push 8
+push edx
+and eax, 3
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 2
+mov dword [ebp - 0x190], eax
+mov al, byte [ebp - 0x110]
+mov dword [ebp - 0x194], edx
+xor edx, edx
+push edx
+and eax, 4
+movzx eax, al
+push eax
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x118], eax
+mov eax, dword [ebp - 0x190]
+or dword [ebp - 0x118], eax
+mov eax, dword [ebp - 0x194]
+mov dword [ebp - 0x13c], edx
+mov edx, dword [ebp - 0x5c]
+or dword [ebp - 0x13c], eax
+test byte [ebp - 0x164], bl
+je loc_fffc4b64 ; je 0xfffc4b64
+mov ecx, esi
+mov ebx, 1
+shr ecx, 0x1b
+and ecx, 7
+add ecx, 4
+shl ebx, cl
+dec ebx
+cmp byte [ebp - 0x120], 1
+push esi
+mov esi, dword [ebp - 0x144]
+sbb eax, eax
+add eax, 0xb
+push eax
+mov eax, dword [ebp - 0x130]
+shl esi, cl
+and eax, ebx
+movzx ebx, bx
+not ebx
+movzx eax, ax
+and ebx, edi
+or eax, esi
+add ebx, ebx
+or eax, ebx
+mov ebx, eax
+sar ebx, 0x1f
+push ebx
+push eax
+call edx
+add esp, 0xc
+push 7
+mov esi, eax
+mov al, byte [ebp - 0x110]
+mov ebx, edx
+xor edx, edx
+push edx
+and eax, 8
+movzx eax, al
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+or eax, esi
+or edx, ebx
+or eax, dword [ebp - 0x118]
+or edx, dword [ebp - 0x13c]
+cmp dword [ebp - 0x128], 0
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+je loc_fffc4d3e ; je 0xfffc4d3e
+cmp byte [ebp - 0x120], 0
+mov eax, dword [ebp - 0x58]
+jne loc_fffc4cc9 ; jne 0xfffc4cc9
+push ebx
+push 3
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+mov ecx, dword [ebp - 0x110]
+mov ebx, dword [ebp - 0x10c]
+mov edi, ebx
+and eax, 0x300
+xor eax, ecx
+mov esi, eax
+jmp near loc_fffc4d20 ; jmp 0xfffc4d20
+
+loc_fffc4b64: ; not directly referenced
+cmp byte [ebp - 0x120], 1
+sbb eax, eax
+test byte [ebp - 0x158], bl
+je loc_fffc4c25 ; je 0xfffc4c25
+add eax, 0xc
+xor ebx, ebx
+push ecx
+push eax
+push ebx
+push edi
+call edx
+add esp, 0xc
+push 0xa
+mov esi, eax
+movzx eax, byte [ebp - 0x134]
+mov ebx, edx
+xor edx, edx
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 8
+or esi, eax
+mov al, byte [ebp - 0x110]
+or ebx, edx
+xor edx, edx
+push edx
+or esi, dword [ebp - 0x118]
+and eax, 8
+movzx eax, al
+or ebx, dword [ebp - 0x13c]
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+or esi, eax
+or ebx, edx
+cmp dword [ebp - 0x128], 0
+mov dword [ebp - 0x110], esi
+mov dword [ebp - 0x10c], ebx
+je loc_fffc4d3e ; je 0xfffc4d3e
+cmp byte [ebp - 0x120], 0
+mov eax, dword [ebp - 0x58]
+je loc_fffc4cc9 ; je 0xfffc4cc9
+push esi
+push 5
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+mov ecx, dword [ebp - 0x110]
+mov ebx, dword [ebp - 0x10c]
+add esp, 0xc
+push 0xc
+mov edi, ebx
+and eax, 0xf00
+xor eax, ecx
+mov esi, eax
+jmp near loc_fffc4d25 ; jmp 0xfffc4d25
+
+loc_fffc4c25: ; not directly referenced
+add eax, 0xb
+push ebx
+xor ebx, ebx
+push eax
+push ebx
+push edi
+call edx
+add esp, 0xc
+push 7
+mov esi, eax
+mov al, byte [ebp - 0x110]
+mov ebx, edx
+xor edx, edx
+push edx
+and eax, 8
+movzx eax, al
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+or eax, esi
+or edx, ebx
+or eax, dword [ebp - 0x118]
+or edx, dword [ebp - 0x13c]
+cmp byte [ebp - 0x152], 0
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+je short loc_fffc4cb0 ; je 0xfffc4cb0
+cmp byte [ebp - 0x120], 1
+push ecx
+sbb eax, eax
+add eax, 0xb
+push eax
+push dword [ebp - 0x15c]
+push dword [ebp - 0x160]
+call dword [ebp - 0x5c] ; ucall
+mov ecx, dword [ebp - 0x110]
+mov ebx, dword [ebp - 0x10c]
+add esp, 0x10
+or eax, ecx
+or edx, ebx
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+
+loc_fffc4cb0: ; not directly referenced
+cmp dword [ebp - 0x128], 0
+je loc_fffc4d3e ; je 0xfffc4d3e
+cmp byte [ebp - 0x120], 0
+mov eax, dword [ebp - 0x58]
+je short loc_fffc4cf8 ; je 0xfffc4cf8
+
+loc_fffc4cc9: ; not directly referenced
+push edx
+push 4
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+mov ecx, dword [ebp - 0x110]
+mov ebx, dword [ebp - 0x10c]
+add esp, 0xc
+push 0xb
+mov edi, ebx
+and eax, 0x700
+xor eax, ecx
+mov esi, eax
+jmp short loc_fffc4d25 ; jmp 0xfffc4d25
+
+loc_fffc4cf8: ; not directly referenced
+push edi
+push 3
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+mov edx, dword [ebp - 0x110]
+mov ecx, dword [ebp - 0x10c]
+mov edi, ecx
+and eax, 0x300
+xor eax, edx
+mov esi, eax
+
+loc_fffc4d20: ; not directly referenced
+add esp, 0xc
+push 0xa
+
+loc_fffc4d25: ; not directly referenced
+push edi
+push esi
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x10c], edi
+and eax, 1
+xor eax, esi
+mov dword [ebp - 0x110], eax
+
+loc_fffc4d3e: ; not directly referenced
+mov cx, word [ebp - 0x12e]
+mov ebx, dword [ebp - 0x10c]
+shr cx, 2
+and ecx, 0x3ffe
+mov eax, ecx
+cdq
+mov eax, ecx
+mov dword [ebp - 0x120], ecx
+mov ecx, dword [ebp - 0x110]
+mov dword [ebp - 0x11c], edx
+or eax, ecx
+mov esi, eax
+mov eax, dword [ebp - 0x11c]
+or eax, ebx
+mov edi, eax
+jmp near loc_fffc4f98 ; jmp 0xfffc4f98
+
+loc_fffc4d7f: ; not directly referenced
+test byte [ebp - 0x164], bl
+je short loc_fffc4de3 ; je 0xfffc4de3
+mov ebx, esi
+mov eax, 1
+shr ebx, 0x1b
+and ebx, 7
+lea ecx, [ebx + 4]
+shl eax, cl
+mov ecx, eax
+dec ecx
+movzx eax, cx
+and ecx, dword [ebp - 0x130]
+not eax
+and eax, edi
+add eax, eax
+movzx ecx, cx
+push esi
+or eax, ecx
+push 0xa
+cdq
+push edx
+push eax
+call dword [ebp - 0x58] ; ucall
+lea ecx, [ebx + 0xe]
+mov ebx, dword [ebp - 0x144]
+shl ebx, cl
+mov ecx, dword [ebp - 0x138]
+shl ecx, 7
+or ebx, ecx
+mov edi, ebx
+or eax, ebx
+sar edi, 0x1f
+mov dword [ebp - 0x110], eax
+or edx, edi
+jmp near loc_fffc4eec ; jmp 0xfffc4eec
+
+loc_fffc4de3: ; not directly referenced
+test byte [ebp - 0x158], bl
+je loc_fffc4ea2 ; je 0xfffc4ea2
+push ebx
+xor edx, edx
+push 0xb
+push edx
+push edi
+xor edi, edi
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 9
+mov dword [ebp - 0x110], eax
+movzx eax, byte [ebp - 0x134]
+mov dword [ebp - 0x120], edx
+xor edx, edx
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+mov esi, dword [ebp - 0x138]
+add esp, 0xc
+push 8
+push edi
+push esi
+mov dword [ebp - 0x134], eax
+mov dword [ebp - 0x13c], edx
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 7
+push edi
+push esi
+mov ebx, eax
+call dword [ebp - 0x5c] ; ucall
+mov edi, dword [ebp - 0x134]
+and ebx, 0x400
+or edi, dword [ebp - 0x110]
+add esp, 0x10
+mov edx, edi
+or edx, ebx
+and eax, 0x180
+mov edi, edx
+or edi, eax
+mov eax, dword [ebp - 0x13c]
+or eax, dword [ebp - 0x120]
+cmp dword [ebp - 0x128], 0
+mov dword [ebp - 0x110], edi
+mov dword [ebp - 0x10c], eax
+je loc_fffc4f2f ; je 0xfffc4f2f
+mov ebx, dword [ebp - 0x110]
+push ecx
+mov esi, dword [ebp - 0x10c]
+push 4
+mov edi, ebx
+and edi, 0x7800
+jmp short loc_fffc4f15 ; jmp 0xfffc4f15
+
+loc_fffc4ea2: ; not directly referenced
+mov ebx, dword [ebp - 0x138]
+mov eax, edi
+shl eax, 0xa
+shl ebx, 7
+or ebx, eax
+mov eax, ebx
+sar eax, 0x1f
+cmp byte [ebp - 0x152], 0
+mov dword [ebp - 0x110], ebx
+mov dword [ebp - 0x10c], eax
+je short loc_fffc4ef5 ; je 0xfffc4ef5
+push edx
+push 0xa
+push dword [ebp - 0x15c]
+push dword [ebp - 0x160]
+call dword [ebp - 0x5c] ; ucall
+or edx, dword [ebp - 0x10c]
+or ebx, eax
+mov dword [ebp - 0x110], ebx
+
+loc_fffc4eec: ; not directly referenced
+mov dword [ebp - 0x10c], edx
+add esp, 0x10
+
+loc_fffc4ef5: ; not directly referenced
+cmp dword [ebp - 0x128], 0
+je short loc_fffc4f2f ; je 0xfffc4f2f
+mov ebx, dword [ebp - 0x110]
+mov esi, dword [ebp - 0x10c]
+push eax
+push 3
+mov edi, ebx
+and edi, 0x1c00
+
+loc_fffc4f15: ; not directly referenced
+xor edx, edx
+push edx
+push edi
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+xor eax, ebx
+xor edx, esi
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+
+loc_fffc4f2f: ; not directly referenced
+cmp word [ebp - 0x118], 9
+jne short loc_fffc4f4d ; jne 0xfffc4f4d
+push eax
+push 1
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+jmp short loc_fffc4f69 ; jmp 0xfffc4f69
+
+loc_fffc4f4d: ; not directly referenced
+cmp word [ebp - 0x118], 0xb
+jne short loc_fffc4f78 ; jne 0xfffc4f78
+push eax
+push 1
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x5c] ; ucall
+
+loc_fffc4f69: ; not directly referenced
+mov dword [ebp - 0x110], eax
+add esp, 0x10
+mov dword [ebp - 0x10c], edx
+
+loc_fffc4f78: ; not directly referenced
+mov ax, word [ebp - 0x12e]
+mov edx, dword [ebp - 0x110]
+mov ecx, dword [ebp - 0x10c]
+shr ax, 3
+movzx eax, ax
+or eax, edx
+mov edi, ecx
+mov esi, eax
+
+loc_fffc4f98: ; not directly referenced
+mov eax, dword [ebp - 0x140]
+mov ebx, dword [ebp + eax*4 - 0x104]
+lea eax, [ebp - 0xc4]
+mov edx, ebx
+call fcn_fffc3bf5 ; call 0xfffc3bf5
+mov dword [ebp - 0x110], eax
+lea eax, [ebp - 0xc4]
+mov dword [ebp - 0x10c], edx
+mov edx, ebx
+call fcn_fffc3bda ; call 0xfffc3bda
+mov ecx, dword [ebp - 0x17c]
+or ecx, dword [ebp - 0x178]
+and cl, 1
+je short loc_fffc5033 ; je 0xfffc5033
+cmp edi, edx
+ja short loc_fffc502d ; ja 0xfffc502d
+jb short loc_fffc4fe6 ; jb 0xfffc4fe6
+cmp esi, eax
+jae short loc_fffc502d ; jae 0xfffc502d
+
+loc_fffc4fe6: ; not directly referenced
+push eax
+push 1
+push edi
+push esi
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 9
+push dword [ebp - 0x16c]
+push dword [ebp - 0x170]
+mov ebx, edx
+mov dword [ebp - 0x110], eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+mov ecx, eax
+mov eax, esi
+and eax, 0x1ff
+or edx, ebx
+or ecx, eax
+mov eax, dword [ebp - 0x110]
+mov edi, edx
+and eax, 0xfffffc00
+or ecx, eax
+mov esi, ecx
+jmp short loc_fffc5048 ; jmp 0xfffc5048
+
+loc_fffc502d: ; not directly referenced
+add esi, eax
+adc edi, edx
+jmp short loc_fffc5048 ; jmp 0xfffc5048
+
+loc_fffc5033: ; not directly referenced
+cmp dword [ebp - 0x148], 0
+je short loc_fffc5048 ; je 0xfffc5048
+add esi, dword [ebp - 0x110]
+adc edi, dword [ebp - 0x10c]
+
+loc_fffc5048: ; not directly referenced
+mov ebx, dword [ebp - 0x114]
+mov eax, ebx
+and eax, 3
+cmp eax, dword [ebp - 0x140]
+push eax
+movzx eax, byte [ebp - 0x150]
+push 0x16
+setne byte [ebp - 0x110]
+xor edx, edx
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 2
+mov dword [ebp - 0x128], eax
+mov eax, dword [ebp - 0x150]
+mov dword [ebp - 0x118], edx
+xor edx, edx
+push edx
+and eax, 0xff000000
+push eax
+call dword [ebp - 0x5c] ; ucall
+mov ecx, ebx
+add esp, 0x10
+shr ecx, 6
+mov dword [ebp - 0x120], ecx
+and dword [ebp - 0x120], 1
+cmp dword [ebp - 0x12c], 1
+jne short loc_fffc50c0 ; jne 0xfffc50c0
+mov ebx, dword [ebp - 0x128]
+mov ecx, dword [ebp - 0x118]
+jmp short loc_fffc50c4 ; jmp 0xfffc50c4
+
+loc_fffc50c0: ; not directly referenced
+mov ebx, eax
+mov ecx, edx
+
+loc_fffc50c4: ; not directly referenced
+cmp dword [ebp - 0x120], 0
+je short loc_fffc510b ; je 0xfffc510b
+mov ebx, dword [ebp - 0x114]
+push eax
+shr ebx, 7
+and ebx, 7
+push ebx
+add ebx, 0x16
+push 0
+push 0x400000
+call dword [ebp - 0x5c] ; ucall
+movzx eax, byte [ebp - 0x110]
+add esp, 0xc
+push ebx
+xor edx, edx
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+mov ecx, eax
+mov ebx, edx
+or ecx, esi
+or ebx, edi
+mov eax, ecx
+mov edx, ebx
+jmp near loc_fffc51ca ; jmp 0xfffc51ca
+
+loc_fffc510b: ; not directly referenced
+cmp edi, ecx
+ja loc_fffc51ea ; ja 0xfffc51ea
+jb short loc_fffc511d ; jb 0xfffc511d
+cmp esi, ebx
+jae loc_fffc51ea ; jae 0xfffc51ea
+
+loc_fffc511d: ; not directly referenced
+push ebx
+push 1
+push edi
+push esi
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x120], eax
+mov dword [ebp - 0x11c], edx
+test dword [ebp - 0x14c], 0x800000
+je loc_fffc51cf ; je 0xfffc51cf
+mov edi, dword [ebp - 0x14c]
+push ecx
+mov esi, edi
+shr esi, 0x15
+and esi, 3
+push esi
+push edx
+push eax
+call dword [ebp - 0x58] ; ucall
+mov edx, dword [ebp - 0x11c]
+add esp, 0xc
+push esi
+push 0
+push 1
+mov ebx, eax
+mov eax, dword [ebp - 0x120]
+and ebx, 1
+mov dword [ebp - 0x120], edx
+or ebx, eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+xor ecx, ecx
+not eax
+not edx
+and dword [ebp - 0x120], edx
+mov edx, edi
+and ebx, eax
+and dx, 0x3fff
+and edx, ebx
+xor eax, eax
+movzx edx, dx
+
+loc_fffc519c: ; not directly referenced
+mov edi, edx
+sar edi, cl
+inc ecx
+xor eax, edi
+cmp ecx, 0xe
+jne short loc_fffc519c ; jne 0xfffc519c
+xor eax, dword [ebp - 0x110]
+xor edx, edx
+push edi
+push esi
+and eax, 1
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+mov esi, edx
+mov ecx, eax
+or esi, dword [ebp - 0x120]
+or ecx, ebx
+mov eax, ecx
+mov edx, esi
+
+loc_fffc51ca: ; not directly referenced
+add esp, 0x10
+jmp short loc_fffc5203 ; jmp 0xfffc5203
+
+loc_fffc51cf: ; not directly referenced
+movzx ecx, byte [ebp - 0x110]
+mov ebx, dword [ebp - 0x120]
+mov esi, dword [ebp - 0x11c]
+or ecx, ebx
+mov eax, ecx
+mov edx, esi
+jmp short loc_fffc5203 ; jmp 0xfffc5203
+
+loc_fffc51ea: ; not directly referenced
+cmp dword [ebp - 0x12c], 1
+jne short loc_fffc51ff ; jne 0xfffc51ff
+mov eax, dword [ebp - 0x128]
+mov edx, dword [ebp - 0x118]
+
+loc_fffc51ff: ; not directly referenced
+add eax, esi
+adc edx, edi
+
+loc_fffc5203: ; not directly referenced
+mov edi, dword [ebp - 0x180]
+push ecx
+push 6
+push edx
+and edi, 0xfff00000
+mov dword [ebp - 0x110], edi
+mov edi, dword [ebp - 0x184]
+push eax
+and edi, 0x7f
+mov dword [ebp - 0x10c], edi
+mov edi, dword [ebp - 0x188]
+or edi, 0xfffff
+mov dword [ebp - 0x120], edi
+mov edi, dword [ebp - 0x18c]
+and edi, 0x7f
+mov dword [ebp - 0x11c], edi
+mov edi, 1
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+cmp edx, dword [ebp - 0x10c]
+ja short loc_fffc5269 ; ja 0xfffc5269
+jb short loc_fffc5267 ; jb 0xfffc5267
+cmp eax, dword [ebp - 0x110]
+jae short loc_fffc5269 ; jae 0xfffc5269
+
+loc_fffc5267: ; not directly referenced
+xor edi, edi
+
+loc_fffc5269: ; not directly referenced
+mov esi, 1
+cmp edx, dword [ebp - 0x11c]
+jb short loc_fffc5282 ; jb 0xfffc5282
+ja short loc_fffc5280 ; ja 0xfffc5280
+cmp eax, dword [ebp - 0x120]
+jbe short loc_fffc5282 ; jbe 0xfffc5282
+
+loc_fffc5280: ; not directly referenced
+xor esi, esi
+
+loc_fffc5282: ; not directly referenced
+mov ecx, dword [ebp + 0xc]
+and edi, esi
+mov ebx, edi
+movzx edi, bl
+mov dword [ecx], eax
+mov dword [ecx + 4], edx
+test edi, edi
+jne loc_fffc5322 ; jne 0xfffc5322
+mov esi, dword [ebp - 0x10c]
+cmp dword [ebp - 0x11c], esi
+jb short loc_fffc5322 ; jb 0xfffc5322
+ja short loc_fffc52b7 ; ja 0xfffc52b7
+mov esi, dword [ebp - 0x110]
+cmp dword [ebp - 0x120], esi
+jbe short loc_fffc5322 ; jbe 0xfffc5322
+
+loc_fffc52b7: ; not directly referenced
+mov esi, dword [ebp - 0x168]
+xor ebx, ebx
+mov dword [ebp - 0x124], ebx
+and esi, 0xfff00000
+mov ecx, esi
+add ecx, dword [ebp - 0x120]
+adc ebx, dword [ebp - 0x11c]
+sub ecx, dword [ebp - 0x110]
+sbb ebx, dword [ebp - 0x10c]
+mov dword [ebp - 0x128], esi
+cmp edx, ebx
+ja short loc_fffc5322 ; ja 0xfffc5322
+jb short loc_fffc52f5 ; jb 0xfffc52f5
+cmp eax, ecx
+ja short loc_fffc5322 ; ja 0xfffc5322
+
+loc_fffc52f5: ; not directly referenced
+cmp edx, 0
+ja short loc_fffc52fe ; ja 0xfffc52fe
+cmp eax, esi
+jb short loc_fffc5322 ; jb 0xfffc5322
+
+loc_fffc52fe: ; not directly referenced
+mov ecx, dword [ebp - 0x110]
+sub ecx, dword [ebp - 0x128]
+mov ebx, dword [ebp - 0x10c]
+sbb ebx, dword [ebp - 0x124]
+add ecx, eax
+mov eax, dword [ebp + 0xc]
+adc ebx, edx
+mov dword [eax], ecx
+mov dword [eax + 4], ebx
+
+loc_fffc5322: ; not directly referenced
+cmp dword [ebp - 0x12c], 1
+jne loc_fffc541b ; jne 0xfffc541b
+lea ebx, [ebp - 0xe8]
+lea esi, [ebp - 0xc8]
+
+loc_fffc533b: ; not directly referenced
+push eax
+mov eax, dword [ebp + 0xc]
+mov edx, dword [eax + 4]
+mov eax, dword [eax]
+push dword [ebx + 4]
+push dword [ebx]
+mov ecx, edx
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+mov edx, eax
+push edi
+lea eax, [ebp - 0xc4]
+call fcn_fffb726f ; call 0xfffb726f
+add esp, 0x10
+test eax, eax
+jne loc_fffc4814 ; jne 0xfffc4814
+add ebx, 8
+cmp ebx, esi
+jne short loc_fffc533b ; jne 0xfffc533b
+movzx eax, byte [ebp - 0x151]
+xor ebx, ebx
+mov dword [ebp - 0x110], eax
+movzx eax, word [ebp - 0x130]
+mov dword [ebp - 0x120], eax
+
+loc_fffc5393: ; not directly referenced
+mov edi, dword [ebp + ebx*2 - 0xe4]
+mov esi, dword [ebp + ebx*2 - 0xe8]
+push ecx
+push 0x3f
+push edi
+push esi
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+test al, 1
+je short loc_fffc540f ; je 0xfffc540f
+sub esp, 0xc
+mov ecx, dword [ebp - 0x144]
+push dword [ebp - 0x114]
+push dword [ebp + ebx - 0xf8]
+push dword [ebp - 0x174]
+push dword [ebp - 0x120]
+push dword [ebp - 0x138]
+mov edx, dword [ebp - 0x110]
+mov eax, dword [ebp - 0x140]
+call fcn_fffc455b ; call 0xfffc455b
+add esp, 0x20
+test eax, eax
+je short loc_fffc540f ; je 0xfffc540f
+mov edx, dword [ebp + 0xc]
+mov eax, esi
+and eax, 0xffffffc0
+mov dword [edx], eax
+mov eax, edi
+and eax, 0x7f
+mov dword [edx + 4], eax
+push edx
+push 0x3e
+push edi
+push esi
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+jmp short loc_fffc541b ; jmp 0xfffc541b
+
+loc_fffc540f: ; not directly referenced
+add ebx, 4
+cmp ebx, 0x10
+jne loc_fffc5393 ; jne 0xfffc5393
+
+loc_fffc541b: ; not directly referenced
+mov eax, dword [ebp + 0xc]
+xor edx, edx
+mov ebx, dword [eax]
+mov esi, dword [eax + 4]
+push eax
+movzx eax, word [ebp - 0x12e]
+push 3
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+mov edi, dword [ebp + 0xc]
+add esp, 0x10
+mov dword [edi + 4], esi
+and eax, 0x3f
+or eax, ebx
+mov dword [edi], eax
+mov eax, 1
+
+loc_fffc5449: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc5451: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 0xc]
+
+loc_fffc545d: ; not directly referenced
+mov eax, dword [0xff7d0178]
+mov esi, 0xff7d0004
+xor edi, edi
+mov dword [ebp - 0x1c], eax
+
+loc_fffc546c: ; not directly referenced
+cmp edi, dword [ebp - 0x1c]
+je short loc_fffc548b ; je 0xfffc548b
+push ecx
+add esi, 0xc
+push ecx
+push dword [ebx + 4]
+push dword [esi + 0x7c]
+call fcn_fffb884e ; call 0xfffb884e
+add esp, 0x10
+test al, al
+jne short loc_fffc5498 ; jne 0xfffc5498
+inc edi
+jmp short loc_fffc546c ; jmp 0xfffc546c
+
+loc_fffc548b: ; not directly referenced
+cmp edi, 0x13
+ja short loc_fffc54f2 ; ja 0xfffc54f2
+lea eax, [edi + 1]
+mov dword [0xff7d0178], eax
+
+loc_fffc5498: ; not directly referenced
+imul edi, edi, 0xc
+mov ecx, 3
+mov esi, ebx
+add edi, 0xff7d0088
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov edi, 0xff7d017c
+xor esi, esi
+
+loc_fffc54b1: ; not directly referenced
+cmp esi, dword [0xff7d026c]
+jae short loc_fffc54e1 ; jae 0xfffc54e1
+push edx
+push edx
+push dword [ebx + 4]
+push dword [edi + 4]
+call fcn_fffb884e ; call 0xfffb884e
+add esp, 0x10
+test al, al
+je short loc_fffc54db ; je 0xfffc54db
+push eax
+push dword [ebx + 8]
+push edi
+push dword [ebp + 8]
+call dword [edi + 8] ; ucall
+add esp, 0x10
+
+loc_fffc54db: ; not directly referenced
+inc esi
+add edi, 0xc
+jmp short loc_fffc54b1 ; jmp 0xfffc54b1
+
+loc_fffc54e1: ; not directly referenced
+mov eax, dword [ebx]
+add ebx, 0xc
+test eax, eax
+jns loc_fffc545d ; jns 0xfffc545d
+xor eax, eax
+jmp short loc_fffc54f7 ; jmp 0xfffc54f7
+
+loc_fffc54f2: ; not directly referenced
+mov eax, 0x80000009
+
+loc_fffc54f7: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc54ff: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+xor edi, edi
+push esi
+push ebx
+mov ebx, 0xff7d0088
+sub esp, 0x1c
+mov eax, dword [0xff7d0178]
+mov dword [ebp - 0x1c], eax
+
+loc_fffc5517: ; not directly referenced
+cmp edi, dword [ebp - 0x1c]
+je short loc_fffc5544 ; je 0xfffc5544
+push eax
+mov esi, ebx
+push eax
+add ebx, 0xc
+push dword [ebx - 8]
+push dword [ebp + 0xc]
+call fcn_fffb884e ; call 0xfffb884e
+add esp, 0x10
+test al, al
+je short loc_fffc5541 ; je 0xfffc5541
+mov eax, dword [ebp + 0x18]
+mov edx, dword [esi + 8]
+mov dword [eax], edx
+xor eax, eax
+jmp short loc_fffc5549 ; jmp 0xfffc5549
+
+loc_fffc5541: ; not directly referenced
+inc edi
+jmp short loc_fffc5517 ; jmp 0xfffc5517
+
+loc_fffc5544: ; not directly referenced
+mov eax, 0x8000000e
+
+loc_fffc5549: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc5551:
+push ebp
+mov ebp, esp
+push ebx
+push edx
+mov ebx, dword [ebp + 0xc]
+
+loc_fffc5559:
+mov ax, word [ebx]
+cmp ax, 0xffff
+je short loc_fffc5570 ; je 0xfffc5570
+cmp ax, 4
+je short loc_fffc5574 ; je 0xfffc5574
+
+loc_fffc5568:
+movzx eax, word [ebx + 2]
+add ebx, eax
+jmp short loc_fffc5559 ; jmp 0xfffc5559
+
+loc_fffc5570:
+xor eax, eax
+jmp short loc_fffc558b ; jmp 0xfffc558b
+
+loc_fffc5574:
+push eax
+push eax
+lea eax, [ebx + 8]
+push eax
+push dword [ebp + 8]
+call fcn_fffb884e ; call 0xfffb884e
+add esp, 0x10
+test al, al
+je short loc_fffc5568 ; je 0xfffc5568
+mov eax, ebx
+
+loc_fffc558b:
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffc5590: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2c
+mov eax, dword [ebp + 0x10]
+mov dword [ebp - 0x2c], eax
+lea eax, [ebp - 0x20]
+push eax
+push 0
+push 0
+push ref_fffd60dc ; push 0xfffd60dc
+call fcn_fffab40f ; call 0xfffab40f
+lea eax, [ebp - 0x24]
+push eax
+push 0
+push 0
+push ref_fffd604c ; push 0xfffd604c
+call fcn_fffab40f ; call 0xfffab40f
+mov eax, dword [0xff7d0084]
+add esp, 0x14
+mov eax, dword [eax + 0x14]
+lea ebx, [eax + 0xb0040]
+push ebx
+mov dword [ebp - 0x30], eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+mov edx, eax
+shr edx, 0x10
+and edx, 0xf
+cmp dl, 2
+je loc_fffc57da ; je 0xfffc57da
+movzx edx, ah
+xor eax, eax
+and dl, 0xf0
+jne loc_fffc57dc ; jne 0xfffc57dc
+call fcn_fffb481e ; call 0xfffb481e
+cmp eax, 2
+je loc_fffc5699 ; je 0xfffc5699
+
+loc_fffc560d: ; not directly referenced
+mov eax, dword [0xff7d0084]
+sub esp, 0xc
+mov edi, dword [eax + 0x14]
+lea eax, [edi + 0x70]
+add edi, 0x74
+push eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+mov dword [esp], edi
+mov esi, eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+shr esi, 4
+mov ecx, dword [ebp - 0x2c]
+mov edi, dword [ebp - 0x30]
+shl eax, 0x1c
+add eax, esi
+shr eax, 0x10
+mov esi, eax
+or eax, 0x10800000
+or esi, 0x10000000
+test cl, cl
+cmovs esi, eax
+mov eax, ecx
+and eax, 0x7f
+add edi, 0xb004c
+shl eax, 0x18
+mov dword [esp], edi
+or esi, eax
+call fcn_fffb3d4e ; call 0xfffb3d4e
+pop eax
+pop edx
+push esi
+mov esi, 0x1389
+push edi
+call fcn_fffb3d84 ; call 0xfffb3d84
+mov eax, dword [ebp - 0x24]
+add esp, 0xc
+push 0x44c
+push eax
+push dword [ebp + 8]
+call dword [eax + 4] ; ucall
+mov dword [esp], ebx
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+jmp near loc_fffc57ba ; jmp 0xfffc57ba
+
+loc_fffc5699: ; not directly referenced
+mov eax, dword [0xfed70044]
+test al, 1
+je loc_fffc560d ; je 0xfffc560d
+mov eax, dword [ebp - 0x20]
+cmp byte [eax + 1], 0
+jne loc_fffc560d ; jne 0xfffc560d
+cmp byte [ebp - 0x2c], 1
+je loc_fffc560d ; je 0xfffc560d
+lea eax, [ebp - 0x1c]
+mov esi, ref_fffd668c ; mov esi, 0xfffd668c
+push ecx
+push eax
+push 0x20
+push 4
+call fcn_fffab5ba ; call 0xfffab5ba
+mov eax, dword [ebp - 0x1c]
+mov ecx, 4
+lea edi, [eax + 8]
+add eax, 0x18
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+pop esi
+pop edi
+push 8
+push eax
+call fcn_fffac673 ; call 0xfffac673
+call fcn_fffab5f3 ; call 0xfffab5f3
+pop edx
+pop ecx
+push eax
+push ref_fffd668c ; push 0xfffd668c
+call fcn_fffc5551 ; call 0xfffc5551
+add esp, 0x10
+mov edx, eax
+test eax, eax
+je loc_fffc560d ; je 0xfffc560d
+mov eax, dword [ebp + 0x14]
+mov esi, 0x166
+mov dword [edx + 0x1c], 0
+mov dword [edx + 0x18], eax
+
+loc_fffc571b: ; not directly referenced
+mov eax, dword [0xfed70044]
+test al, 2
+je short loc_fffc5756 ; je 0xfffc5756
+mov esi, dword [edx + 0x18]
+xor edi, edi
+mov dword [0xfed70080], esi
+mov dword [0xfed70084], edi
+mov dword [0xfed7000c], 3
+cmp dword [ebp + 0x18], 0x20
+jne short loc_fffc574f ; jne 0xfffc574f
+mov dword [0xfed70040], 0
+
+loc_fffc574f: ; not directly referenced
+mov esi, 0x48
+jmp short loc_fffc578e ; jmp 0xfffc578e
+
+loc_fffc5756: ; not directly referenced
+mov eax, dword [ebp - 0x24]
+mov dword [ebp - 0x34], edx
+push edx
+push 0x8c
+push eax
+push dword [ebp + 8]
+call dword [eax + 4] ; ucall
+mov edx, dword [ebp - 0x34]
+add esp, 0x10
+dec esi
+jne short loc_fffc571b ; jne 0xfffc571b
+jmp short loc_fffc574f ; jmp 0xfffc574f
+
+loc_fffc5774: ; not directly referenced
+mov eax, dword [ebp - 0x24]
+push edi
+push 0x8c
+push eax
+push dword [ebp + 8]
+call dword [eax + 4] ; ucall
+add esp, 0x10
+dec esi
+je loc_fffc560d ; je 0xfffc560d
+
+loc_fffc578e: ; not directly referenced
+mov eax, dword [0xfed7000c]
+test eax, eax
+jne short loc_fffc5774 ; jne 0xfffc5774
+jmp near loc_fffc560d ; jmp 0xfffc560d
+
+loc_fffc579c: ; not directly referenced
+dec esi
+je short loc_fffc57c4 ; je 0xfffc57c4
+mov eax, dword [ebp - 0x24]
+push ecx
+push 0x3e8
+push eax
+push dword [ebp + 8]
+call dword [eax + 4] ; ucall
+mov dword [esp], ebx
+call fcn_fffb3d4e ; call 0xfffb3d4e
+add esp, 0x10
+
+loc_fffc57ba: ; not directly referenced
+mov edx, eax
+shr edx, 0x18
+and dl, 0xf0
+je short loc_fffc579c ; je 0xfffc579c
+
+loc_fffc57c4: ; not directly referenced
+shr eax, 0x19
+push edx
+and eax, 7
+push edx
+push eax
+push dword [ebp + 8]
+call fcn_fffb8736 ; call 0xfffb8736
+add esp, 0x10
+jmp short loc_fffc57dc ; jmp 0xfffc57dc
+
+loc_fffc57da: ; not directly referenced
+xor eax, eax
+
+loc_fffc57dc: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc57e4: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x4c
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0x40], 0
+mov eax, dword [edi + 0x5edc]
+mov esi, dword [edi + 0x18a7]
+mov dword [ebp - 0x44], eax
+mov eax, dword [edi + 0x188b]
+mov dword [ebp - 0x34], eax
+mov al, byte [edi + 0x36c9]
+inc eax
+cmp byte [edi + 0x1965], 1
+mov byte [edi + 0x36c9], al
+jne short loc_fffc5831 ; jne 0xfffc5831
+xor ebx, ebx
+cmp dword [ebp - 0x34], 1
+sete bl
+mov dword [ebp - 0x40], ebx
+
+loc_fffc5831: ; not directly referenced
+cmp dword [edi + 0x2480], 3
+sete bl
+dec al
+movzx ecx, bl
+mov dword [ebp - 0x48], ecx
+mov ecx, 0xa
+jne short loc_fffc58c2 ; jne 0xfffc58c2
+cmp dword [ebp - 0x34], 1
+jne short loc_fffc58ac ; jne 0xfffc58ac
+cmp dword [edi + 0x3756], 2
+jne short loc_fffc587e ; jne 0xfffc587e
+cmp byte [edi + 0x190c], 0
+jne short loc_fffc587e ; jne 0xfffc587e
+mov eax, dword [ebp - 0x44]
+mov edx, 0x4004
+and byte [eax + 0xbf], 0xdf
+mov ecx, dword [eax + 0xbc]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc587e: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+jne short loc_fffc58ac ; jne 0xfffc58ac
+cmp byte [edi + 0x190c], 0
+jne short loc_fffc58ac ; jne 0xfffc58ac
+mov eax, dword [ebp - 0x44]
+mov edx, 0x4404
+and byte [eax + 0x18b], 0xdf
+mov ecx, dword [eax + 0x188]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc58ac: ; not directly referenced
+cmp dword [ebp - 0x34], 0
+sete dl
+xor eax, eax
+or dl, bl
+jne loc_fffc6049 ; jne 0xfffc6049
+mov ecx, 6
+
+loc_fffc58c2: ; not directly referenced
+mov al, byte [edi + 0x248d]
+sub esp, 0xc
+mov byte [ebp - 0x35], al
+movzx eax, byte [edi + 0x248e]
+push 1
+mov dword [ebp - 0x3c], eax
+mov edx, eax
+mov eax, edi
+call fcn_fffb2759 ; call 0xfffb2759
+add esp, 0x10
+cmp dword [ebp - 0x48], 0
+jne loc_fffc5bb3 ; jne 0xfffc5bb3
+cmp dword [edi + 0x3756], 2
+je short loc_fffc590b ; je 0xfffc590b
+cmp dword [edi + 0x4b19], 2
+mov al, 0x40
+jne short loc_fffc5928 ; jne 0xfffc5928
+mov eax, 1
+jmp short loc_fffc590d ; jmp 0xfffc590d
+
+loc_fffc590b: ; not directly referenced
+xor eax, eax
+
+loc_fffc590d: ; not directly referenced
+imul eax, eax, 0x13c3
+mov dl, 0x55
+imul esi, esi, 0x2e
+add esi, eax
+mov al, 0x40
+cmp word [edi + esi + 0x375e], 2
+cmove eax, edx
+
+loc_fffc5928: ; not directly referenced
+mov byte [ebp - 0x21], al
+lea esi, [edi + 0x381a]
+xor ebx, ebx
+mov byte [ebp - 0x22], al
+mov byte [ebp - 0x1f], 0x40
+mov byte [ebp - 0x20], 0x40
+
+loc_fffc593e: ; not directly referenced
+cmp dword [esi - 0xc4], 2
+jne short loc_fffc59b4 ; jne 0xfffc59b4
+push ecx
+push 1
+movzx eax, byte [esi + 0x17d]
+neg eax
+push eax
+push 1
+movzx eax, byte [esi]
+push eax
+push 0
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+movzx eax, byte [ebp + ebx - 0x22]
+add esp, 0x1c
+push 1
+push eax
+push 1
+movzx eax, byte [esi]
+push eax
+push 2
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+movzx eax, byte [ebp + ebx - 0x22]
+add esp, 0x1c
+push 1
+push eax
+push 1
+movzx eax, byte [esi]
+push eax
+push 1
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+movzx eax, byte [ebp + ebx - 0x20]
+add esp, 0x1c
+push 1
+push eax
+push 1
+movzx eax, byte [esi]
+push eax
+push 4
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffc59b4: ; not directly referenced
+inc ebx
+add esi, 0x13c3
+cmp ebx, 2
+jne loc_fffc593e ; jne 0xfffc593e
+movzx ebx, byte [ebp - 0x35]
+mov eax, edi
+push edx
+push edx
+xor edx, edx
+push 0
+push 1
+mov ecx, ebx
+call fcn_fffcf9c9 ; call 0xfffcf9c9
+mov cl, byte [ebp - 0x40]
+add esp, 0x10
+and ecx, 1
+mov byte [ebp - 0x2c], cl
+test eax, eax
+setne dl
+test cl, dl
+jne loc_fffc6049 ; jne 0xfffc6049
+cmp byte [edi + 0x36c9], 2
+je short loc_fffc5a0d ; je 0xfffc5a0d
+
+loc_fffc59fb: ; not directly referenced
+cmp byte [edi + 0x36c9], 2
+jne loc_fffc5ac2 ; jne 0xfffc5ac2
+jmp near loc_fffc5aa1 ; jmp 0xfffc5aa1
+
+loc_fffc5a0d: ; not directly referenced
+push eax
+mov edx, 2
+push eax
+mov ecx, ebx
+lea esi, [ebp - 0x22]
+mov eax, edi
+push esi
+push 1
+call fcn_fffcf9c9 ; call 0xfffcf9c9
+add esp, 0x10
+test eax, eax
+setne dl
+test byte [ebp - 0x2c], dl
+jne loc_fffc6049 ; jne 0xfffc6049
+push eax
+mov edx, 1
+push eax
+mov ecx, ebx
+push esi
+mov eax, edi
+push 1
+call fcn_fffcf9c9 ; call 0xfffcf9c9
+add esp, 0x10
+test eax, eax
+setne dl
+test byte [ebp - 0x2c], dl
+jne loc_fffc6049 ; jne 0xfffc6049
+xor ebx, ebx
+lea esi, [ebp - 0x20]
+
+loc_fffc5a5d: ; not directly referenced
+mov cl, bl
+mov eax, 1
+shl eax, cl
+mov cl, 0xc
+cmp bl, 2
+cmovne ecx, eax
+and cl, byte [ebp - 0x35]
+jne short loc_fffc5a7b ; jne 0xfffc5a7b
+
+loc_fffc5a73: ; not directly referenced
+inc ebx
+cmp ebx, 3
+jne short loc_fffc5a5d ; jne 0xfffc5a5d
+jmp short loc_fffc59fb ; jmp 0xfffc59fb
+
+loc_fffc5a7b: ; not directly referenced
+push eax
+mov edx, 4
+push eax
+movzx ecx, cl
+push esi
+mov eax, edi
+push 1
+call fcn_fffcf9c9 ; call 0xfffcf9c9
+add esp, 0x10
+test eax, eax
+setne dl
+test byte [ebp - 0x2c], dl
+je short loc_fffc5a73 ; je 0xfffc5a73
+jmp near loc_fffc6049 ; jmp 0xfffc6049
+
+loc_fffc5aa1: ; not directly referenced
+lea ebx, [edi + 0x3756]
+mov dword [ebp - 0x2c], 0
+
+loc_fffc5aae: ; not directly referenced
+cmp dword [ebx], 2
+je short loc_fffc5ae2 ; je 0xfffc5ae2
+
+loc_fffc5ab3: ; not directly referenced
+inc dword [ebp - 0x2c]
+add ebx, 0x13c3
+cmp dword [ebp - 0x2c], 2
+jne short loc_fffc5aae ; jne 0xfffc5aae
+
+loc_fffc5ac2: ; not directly referenced
+cmp dword [edi + 0x3756], 2
+jne loc_fffc5b8b ; jne 0xfffc5b8b
+xor ecx, ecx
+mov edx, 0x4198
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+jmp near loc_fffc5b8b ; jmp 0xfffc5b8b
+
+loc_fffc5ae2: ; not directly referenced
+mov eax, dword [ebx + 0x109]
+cmp dword [ebx + 0x111], eax
+cmovbe eax, dword [ebx + 0x111]
+cmp dword [ebp - 0x48], 0
+je short loc_fffc5b20 ; je 0xfffc5b20
+mov esi, dword [ebx + 0x115]
+cmp dword [ebx + 0x11d], esi
+cmovbe esi, dword [ebx + 0x11d]
+cmp esi, eax
+cmova esi, eax
+
+loc_fffc5b13: ; not directly referenced
+mov al, byte [ebx + 0xc4]
+xor ecx, ecx
+mov byte [ebp - 0x30], al
+jmp short loc_fffc5b2d ; jmp 0xfffc5b2d
+
+loc_fffc5b20: ; not directly referenced
+mov esi, dword [ebx + 0x119]
+cmp eax, esi
+cmovbe esi, eax
+jmp short loc_fffc5b13 ; jmp 0xfffc5b13
+
+loc_fffc5b2d: ; not directly referenced
+mov edx, 1
+shl edx, cl
+test byte [ebp - 0x30], dl
+je short loc_fffc5b53 ; je 0xfffc5b53
+movzx eax, byte [ebx + ecx + 0x249]
+movzx edx, byte [ebx + ecx + 0x245]
+cmp eax, edx
+cmovbe edx, eax
+cmp esi, edx
+cmova esi, edx
+
+loc_fffc5b53: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffc5b2d ; jne 0xfffc5b2d
+push 1
+mov edx, dword [ebp - 0x2c]
+mov eax, esi
+push 1
+neg eax
+push eax
+mov cl, 0xff
+push 1
+mov eax, edi
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+mov edx, dword [ebp - 0x44]
+mov ecx, esi
+imul eax, dword [ebp - 0x2c], 0xcc
+add esp, 0x10
+mov byte [edx + eax + 0xe2], cl
+jmp near loc_fffc5ab3 ; jmp 0xfffc5ab3
+
+loc_fffc5b8b: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+jne short loc_fffc5ba2 ; jne 0xfffc5ba2
+xor ecx, ecx
+mov edx, 0x4598
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc5ba2: ; not directly referenced
+sub esp, 0xc
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+jmp near loc_fffc6049 ; jmp 0xfffc6049
+
+loc_fffc5bb3: ; not directly referenced
+mov eax, dword [edi + 0x385f]
+mov edx, 3
+xor ebx, ebx
+mov ecx, dword [ebp - 0x3c]
+mov byte [ebp - 0x1e], al
+mov eax, dword [edi + 0x3867]
+mov byte [ebp - 0x1a], al
+mov eax, dword [edi + 0x4c22]
+mov byte [ebp - 0x1d], al
+mov eax, dword [edi + 0x4c2a]
+mov byte [ebp - 0x19], al
+movzx eax, byte [ebp - 0x35]
+mov esi, eax
+mov dword [ebp - 0x30], eax
+push eax
+push 1
+push 1
+push 0x14
+push 1
+lea eax, [ebp - 0x1e]
+push eax
+mov eax, edi
+push 1
+push esi
+call fcn_fffcfd43 ; call 0xfffcfd43
+add esp, 0x20
+mov dword [ebp - 0x2c], 0
+
+loc_fffc5c0b: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffc5c89 ; jne 0xfffc5c89
+imul ecx, ebx, 0x48
+mov esi, 0xa
+xor edx, edx
+mov eax, dword [edi + ecx + 0x3210]
+div esi
+xor edx, edx
+mov dword [ebp - 0x50], eax
+mov eax, dword [edi + ecx + 0x3214]
+mov ecx, 2
+div esi
+mov esi, dword [ebp - 0x50]
+mov edx, esi
+movsx edx, dl
+mov dword [ebp - 0x4c], eax
+movsx eax, byte [ebp - 0x4c]
+sub eax, edx
+cdq
+idiv ecx
+mov cl, byte [ebp - 0x4c]
+mov edx, 0xc
+add ecx, esi
+cmp cl, 0x11
+cmova edx, dword [ebp - 0x2c]
+mov dword [ebp - 0x2c], edx
+push edx
+push 1
+add al, byte [ebp + ebx - 0x1e]
+mov byte [ebp + ebx - 0x1e], al
+movzx eax, al
+push eax
+push 1
+push dword [ebp - 0x30]
+push 3
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffc5c89: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffc5c0b ; jne 0xfffc5c0b
+mov al, byte [ebp - 0x40]
+and eax, 1
+mov bl, al
+mov byte [ebp - 0x40], al
+mov eax, dword [ebp - 0x2c]
+test eax, eax
+setne dl
+test bl, dl
+jne loc_fffc6049 ; jne 0xfffc6049
+push eax
+mov ecx, dword [ebp - 0x3c]
+mov edx, 2
+push 1
+xor ebx, ebx
+push 1
+push 0x14
+push 1
+lea eax, [ebp - 0x1a]
+push eax
+mov eax, edi
+push 1
+push dword [ebp - 0x30]
+call fcn_fffcfd43 ; call 0xfffcfd43
+add esp, 0x20
+
+loc_fffc5cd4: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffc5d52 ; jne 0xfffc5d52
+imul ecx, ebx, 0x48
+mov esi, 0xa
+xor edx, edx
+mov eax, dword [edi + ecx + 0x3210]
+div esi
+xor edx, edx
+mov dword [ebp - 0x50], eax
+mov eax, dword [edi + ecx + 0x3214]
+mov ecx, 2
+div esi
+mov esi, dword [ebp - 0x50]
+mov edx, esi
+movsx edx, dl
+mov dword [ebp - 0x4c], eax
+movsx eax, byte [ebp - 0x4c]
+sub eax, edx
+cdq
+idiv ecx
+mov cl, byte [ebp - 0x4c]
+mov edx, 0xc
+add ecx, esi
+cmp cl, 0x11
+cmova edx, dword [ebp - 0x2c]
+push esi
+push 1
+mov dword [ebp - 0x2c], edx
+add al, byte [ebp + ebx - 0x1a]
+mov byte [ebp + ebx - 0x1a], al
+movzx eax, al
+push eax
+push 1
+push dword [ebp - 0x30]
+push 2
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffc5d52: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffc5cd4 ; jne 0xfffc5cd4
+mov eax, dword [ebp - 0x2c]
+test eax, eax
+setne dl
+test byte [ebp - 0x40], dl
+jne loc_fffc6049 ; jne 0xfffc6049
+mov eax, dword [edi + 0x386b]
+mov edx, 2
+xor bl, bl
+mov byte [ebp - 0x1a], al
+mov eax, dword [edi + 0x3873]
+mov byte [ebp - 0x1c], al
+mov eax, dword [edi + 0x4c2e]
+mov byte [ebp - 0x19], al
+mov eax, dword [edi + 0x4c36]
+push ecx
+mov ecx, dword [ebp - 0x3c]
+push 1
+push 1
+push 0x14
+push 1
+mov byte [ebp - 0x1b], al
+lea eax, [ebp - 0x1a]
+push eax
+mov eax, edi
+push 2
+push dword [ebp - 0x30]
+call fcn_fffcfd43 ; call 0xfffcfd43
+add esp, 0x20
+
+loc_fffc5db7: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffc5e35 ; jne 0xfffc5e35
+imul ecx, ebx, 0x48
+mov esi, 0xa
+xor edx, edx
+mov eax, dword [edi + ecx + 0x3210]
+div esi
+xor edx, edx
+mov dword [ebp - 0x50], eax
+mov eax, dword [edi + ecx + 0x3214]
+mov ecx, 2
+div esi
+mov esi, dword [ebp - 0x50]
+mov edx, esi
+movsx edx, dl
+mov dword [ebp - 0x4c], eax
+movsx eax, byte [ebp - 0x4c]
+sub eax, edx
+cdq
+idiv ecx
+mov cl, byte [ebp - 0x4c]
+mov edx, 0xc
+add ecx, esi
+cmp cl, 0x11
+cmova edx, dword [ebp - 0x2c]
+mov dword [ebp - 0x2c], edx
+push edx
+push 1
+add al, byte [ebp + ebx - 0x1a]
+mov byte [ebp + ebx - 0x1a], al
+movzx eax, al
+push eax
+push 2
+push dword [ebp - 0x30]
+push 2
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffc5e35: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffc5db7 ; jne 0xfffc5db7
+mov eax, dword [ebp - 0x2c]
+test eax, eax
+setne dl
+test byte [ebp - 0x40], dl
+jne loc_fffc6049 ; jne 0xfffc6049
+push eax
+mov ecx, dword [ebp - 0x3c]
+mov edx, 1
+push 1
+xor bl, bl
+push 1
+push 0x14
+push 1
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, edi
+push 2
+push dword [ebp - 0x30]
+call fcn_fffcfd43 ; call 0xfffcfd43
+add esp, 0x20
+
+loc_fffc5e76: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne short loc_fffc5ef4 ; jne 0xfffc5ef4
+imul ecx, ebx, 0x48
+mov esi, 0xa
+xor edx, edx
+mov eax, dword [edi + ecx + 0x3210]
+div esi
+xor edx, edx
+mov dword [ebp - 0x4c], eax
+mov eax, dword [edi + ecx + 0x3214]
+mov ecx, 2
+div esi
+mov esi, dword [ebp - 0x4c]
+mov edx, esi
+movsx edx, dl
+mov dword [ebp - 0x3c], eax
+movsx eax, byte [ebp - 0x3c]
+sub eax, edx
+cdq
+idiv ecx
+mov cl, byte [ebp - 0x3c]
+mov edx, 0xc
+add ecx, esi
+cmp cl, 0x11
+cmova edx, dword [ebp - 0x2c]
+push esi
+push 1
+mov dword [ebp - 0x2c], edx
+add al, byte [ebp + ebx - 0x1c]
+mov byte [ebp + ebx - 0x1c], al
+movzx eax, al
+push eax
+push 2
+push dword [ebp - 0x30]
+push 1
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffc5ef4: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffc5e76 ; jne 0xfffc5e76
+mov eax, dword [ebp - 0x2c]
+test eax, eax
+setne dl
+test byte [ebp - 0x40], dl
+jne loc_fffc6049 ; jne 0xfffc6049
+lea eax, [edi + 0x3756]
+mov bx, 0x4908
+mov dword [ebp - 0x2c], eax
+
+loc_fffc5f1c: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+cmp dword [eax], 2
+jne loc_fffc5fc5 ; jne 0xfffc5fc5
+xor ecx, ecx
+mov edx, ebx
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+xor eax, eax
+mov edx, 0x80080020
+mov ecx, eax
+or ecx, 0x80000
+and ecx, 0xfffff807
+or ecx, 8
+mov eax, ecx
+push ecx
+push ecx
+push edx
+lea esi, [ebx + ebx - 0x4900]
+push eax
+mov edx, esi
+mov eax, edi
+call fcn_fffae7cf ; call 0xfffae7cf
+mov edx, ebx
+mov ecx, 0x2c08
+shl edx, 8
+mov eax, edi
+sub edx, 0x48c668
+call fcn_fffae58c ; call 0xfffae58c
+lea edx, [ebx + 0x50]
+mov ecx, 0xff
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+add esp, 0x10
+cmp dword [ebp - 0x34], 1
+jne short loc_fffc5f9f ; jne 0xfffc5f9f
+lea edx, [ebx + 0x51]
+mov ecx, 0xff
+mov eax, edi
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffc5f9f: ; not directly referenced
+push ecx
+mov eax, edi
+push ecx
+push 0
+push 0
+lea edx, [esi - 0x38]
+call fcn_fffae7cf ; call 0xfffae7cf
+pop eax
+mov eax, edi
+pop edx
+lea edx, [esi - 0x28]
+push 0
+push 0x3f8
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+
+loc_fffc5fc5: ; not directly referenced
+add ebx, 4
+add dword [ebp - 0x2c], 0x13c3
+cmp ebx, 0x4910
+jne loc_fffc5f1c ; jne 0xfffc5f1c
+xor bx, bx
+lea esi, [ebp - 0x20]
+
+loc_fffc5fe1: ; not directly referenced
+mov eax, 1
+mov cl, bl
+shl eax, cl
+test byte [ebp - 0x35], al
+jne short loc_fffc5ffa ; jne 0xfffc5ffa
+
+loc_fffc5fef: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne short loc_fffc5fe1 ; jne 0xfffc5fe1
+jmp near loc_fffc59fb ; jmp 0xfffc59fb
+
+loc_fffc5ffa: ; not directly referenced
+test byte [edi + 0x381a], al
+jne short loc_fffc6008 ; jne 0xfffc6008
+mov byte [ebp - 0x20], 0
+jmp short loc_fffc6012 ; jmp 0xfffc6012
+
+loc_fffc6008: ; not directly referenced
+mov dl, byte [edi + ebx + 0x399b]
+mov byte [ebp - 0x20], dl
+
+loc_fffc6012: ; not directly referenced
+test byte [edi + 0x4bdd], al
+je short loc_fffc6026 ; je 0xfffc6026
+mov dl, byte [edi + ebx + 0x4d5e]
+mov byte [ebp - 0x1f], dl
+jmp short loc_fffc602a ; jmp 0xfffc602a
+
+loc_fffc6026: ; not directly referenced
+mov byte [ebp - 0x1f], 0
+
+loc_fffc602a: ; not directly referenced
+push edx
+mov ecx, eax
+push edx
+mov edx, 4
+push esi
+push eax
+mov eax, edi
+call fcn_fffcf9c9 ; call 0xfffcf9c9
+add esp, 0x10
+test eax, eax
+setne dl
+test byte [ebp - 0x40], dl
+je short loc_fffc5fef ; je 0xfffc5fef
+
+loc_fffc6049: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc6051: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0xdc
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x4c], ecx
+mov ebx, dword [ebp + 8]
+mov byte [ebp - 0x70], cl
+mov cl, byte [ebp + 0x10]
+mov dword [ebp - 0x50], edx
+xor edx, edx
+mov dword [ebp - 0x5c], eax
+mov byte [ebp - 0xc8], bl
+mov byte [ebp - 0xb1], cl
+mov cl, byte [ebp + 0x14]
+mov byte [ebp - 0x6d], al
+mov byte [ebp - 0x6f], cl
+mov ecx, dword [edi + 0x2443]
+mov dword [ebp - 0xb8], ecx
+cmp al, 0x21
+ja short loc_fffc60a5 ; ja 0xfffc60a5
+movzx eax, byte [ebp - 0x5c]
+mov dl, byte [eax + ref_fffd5f1c] ; mov dl, byte [eax - 0x2a0e4]
+
+loc_fffc60a5: ; not directly referenced
+mov eax, dword [edi + 0x188b]
+cmp byte [edi + 0x248b], 1
+mov esi, dword [edi + 0x2480]
+mov dword [ebp - 0x88], eax
+jne short loc_fffc60da ; jne 0xfffc60da
+mov al, byte [edi + 0x248c]
+lea ecx, [eax + 4]
+mov byte [ebp - 0x24], al
+mov byte [ebp - 0x23], al
+add eax, 2
+mov byte [ebp - 0x22], cl
+mov byte [ebp - 0x21], al
+jmp short loc_fffc60ea ; jmp 0xfffc60ea
+
+loc_fffc60da: ; not directly referenced
+mov byte [ebp - 0x24], 1
+mov byte [ebp - 0x23], 1
+mov byte [ebp - 0x22], 1
+mov byte [ebp - 0x21], 1
+
+loc_fffc60ea: ; not directly referenced
+mov eax, dword [ebp - 0x5c]
+mov dword [ebp - 0x9c], 1
+cmp al, 0x21
+sete cl
+cmp al, 0x11
+sete al
+or cl, al
+jne short loc_fffc6114 ; jne 0xfffc6114
+xor eax, eax
+cmp byte [ebp - 0x5c], 5
+sete al
+mov dword [ebp - 0x9c], eax
+
+loc_fffc6114: ; not directly referenced
+cmp byte [ebp - 0x5c], 0xd
+mov dword [ebp - 0x74], 0
+jne short loc_fffc613b ; jne 0xfffc613b
+movzx eax, byte [ebp - 0x4c]
+mov dword [ebp - 0x54], edx
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov edx, dword [ebp - 0x54]
+cmp al, 1
+seta al
+movzx eax, al
+mov dword [ebp - 0x74], eax
+
+loc_fffc613b: ; not directly referenced
+mov eax, 2
+cmp bl, 3
+ja loc_fffc6e98 ; ja 0xfffc6e98
+mov al, byte [ebp - 0x5c]
+movzx edx, dl
+mov dword [ebp - 0x68], 1
+mov dword [ebp - 0x7c], 0
+mov byte [ebp - 0x6e], 0
+shr al, 4
+inc eax
+mov byte [ebp - 0xa1], al
+xor eax, eax
+cmp esi, 3
+sete al
+cmp esi, 2
+mov dword [ebp - 0x8c], eax
+movzx eax, bl
+sete byte [ebp - 0xa2]
+mov cl, al
+imul edx, edx, 0x240
+mov dword [ebp - 0x64], eax
+imul eax, eax, 0x90
+add edx, dword [ebp - 0x50]
+shl dword [ebp - 0x68], cl
+shr bl, 1
+mov esi, eax
+movzx ebx, bl
+mov dword [ebp - 0xdc], eax
+movzx eax, byte [ebp - 0x4c]
+mov dword [ebp - 0x54], edx
+add edx, esi
+mov dword [ebp - 0xac], ebx
+mov dword [ebp - 0x94], edx
+mov dword [ebp - 0x6c], eax
+sar eax, 1
+mov dword [ebp - 0xa0], eax
+mov eax, dword [ebp - 0xc8]
+and dword [ebp - 0xa0], 1
+mov dword [ebp - 0x4c], 0
+and eax, 1
+mov dword [ebp - 0x84], 0
+mov byte [ebp - 0x58], 0
+mov dword [ebp - 0xe0], eax
+
+loc_fffc61f5: ; not directly referenced
+mov esi, dword [ebp - 0xb8]
+mov ebx, dword [ebp - 0x4c]
+push eax
+push 0
+push 4
+lea eax, [ebp - 0x28]
+push eax
+mov eax, esi
+mov byte [ebp - 0x80], bl
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x40]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+mov cl, byte [ebp - 0x6f]
+add esp, 0x10
+lea esi, [edi + 0x3756]
+mov dword [ebp - 0xa8], esi
+mov dword [ebp - 0x50], esi
+mov al, cl
+neg eax
+test bl, bl
+cmovne eax, ecx
+xor ebx, ebx
+mov byte [ebp - 0xb0], al
+mov eax, dword [ebp - 0x7c]
+add eax, dword [ebp - 0xdc]
+add eax, dword [ebp - 0x54]
+mov dword [ebp - 0x90], eax
+mov dword [ebp - 0x60], eax
+movzx eax, byte [ebp - 0x58]
+imul eax, eax, 0x12
+mov dword [ebp - 0xcc], eax
+
+loc_fffc6267: ; not directly referenced
+mov al, byte [ebp - 0x6f]
+mov byte [ebp + ebx - 0x3e], 0x7f
+mov dword [ebp + ebx*4 - 0x20], 0
+mov byte [ebp + ebx - 0x3a], 0
+mov byte [ebp + ebx - 0x42], al
+mov eax, dword [ebp - 0x6c]
+mov byte [ebp + ebx - 0x3c], 0
+bt eax, ebx
+jb short loc_fffc629e ; jb 0xfffc629e
+mov word [ebp + ebx*2 - 0x28], 1
+mov byte [ebp + ebx - 0x40], 1
+jmp near loc_fffc64cc ; jmp 0xfffc64cc
+
+loc_fffc629e: ; not directly referenced
+cmp byte [ebp - 0x6d], 1
+jne short loc_fffc62dd ; jne 0xfffc62dd
+mov al, byte [edi + 0x2488]
+xor esi, esi
+mov byte [ebp - 0x78], al
+
+loc_fffc62af: ; not directly referenced
+mov eax, esi
+cmp byte [ebp - 0x78], al
+jbe loc_fffc646d ; jbe 0xfffc646d
+push eax
+movzx eax, byte [ebp + ebx - 0x42]
+mov ecx, 0xff
+mov edx, ebx
+push eax
+mov eax, edi
+push dword [ebp - 0x4c]
+push esi
+inc esi
+call fcn_fffaec68 ; call 0xfffaec68
+add esp, 0x10
+mov byte [ebp + ebx - 0x42], al
+jmp short loc_fffc62af ; jmp 0xfffc62af
+
+loc_fffc62dd: ; not directly referenced
+cmp byte [ebp - 0x6d], 0xd
+je short loc_fffc62f9 ; je 0xfffc62f9
+cmp dword [ebp - 0x88], 1
+sete al
+test byte [ebp - 0x9c], al
+je loc_fffc637d ; je 0xfffc637d
+
+loc_fffc62f9: ; not directly referenced
+cmp byte [ebp - 0x6d], 0xd
+mov edx, dword [edi + 0x5edc]
+jne short loc_fffc630d ; jne 0xfffc630d
+mov al, byte [edx + 0x14]
+and eax, 0x7f
+jmp short loc_fffc6334 ; jmp 0xfffc6334
+
+loc_fffc630d: ; not directly referenced
+test bl, bl
+jne short loc_fffc6323 ; jne 0xfffc6323
+mov al, byte [edx + 0x15]
+movzx edx, byte [edx + 0x16]
+shr al, 6
+and edx, 0x1f
+shl edx, 2
+jmp short loc_fffc6332 ; jmp 0xfffc6332
+
+loc_fffc6323: ; not directly referenced
+mov al, byte [edx + 0x14]
+movzx edx, byte [edx + 0x15]
+shr al, 7
+and edx, 0x3f
+add edx, edx
+
+loc_fffc6332: ; not directly referenced
+or eax, edx
+
+loc_fffc6334: ; not directly referenced
+mov esi, dword [ebp - 0xb0]
+mov dl, al
+or edx, 0xffffff80
+test al, 0xc0
+cmovne eax, edx
+lea ecx, [eax + esi]
+mov esi, dword [ebp - 0x80]
+cmp cl, 0xca
+mov byte [ebp - 0x78], cl
+setl cl
+xor esi, 1
+mov edx, esi
+test dl, cl
+je short loc_fffc6361 ; je 0xfffc6361
+lea edx, [eax + 0x36]
+jmp short loc_fffc6374 ; jmp 0xfffc6374
+
+loc_fffc6361: ; not directly referenced
+cmp byte [ebp - 0x78], 0x36
+mov dl, byte [ebp - 0x6f]
+setg cl
+test byte [ebp - 0x4c], cl
+je short loc_fffc6374 ; je 0xfffc6374
+mov dl, 0x36
+sub edx, eax
+
+loc_fffc6374: ; not directly referenced
+mov byte [ebp + ebx - 0x42], dl
+jmp near loc_fffc646d ; jmp 0xfffc646d
+
+loc_fffc637d: ; not directly referenced
+cmp byte [ebp - 0x6d], 0xc
+jne loc_fffc646d ; jne 0xfffc646d
+cmp dword [ebp - 0x8c], 1
+mov ecx, dword [ebp - 0x50]
+sbb eax, eax
+mov dword [ebp - 0x78], eax
+mov esi, dword [ecx + 0x11d]
+mov eax, dword [ecx + 0x111]
+mov cl, byte [ecx + 0xc4]
+add byte [ebp - 0x78], 4
+cmp byte [ebp - 0x80], 0
+mov byte [ebp - 0x98], cl
+jne short loc_fffc6409 ; jne 0xfffc6409
+cmp eax, esi
+cmovae eax, esi
+xor ecx, ecx
+mov esi, 1
+
+loc_fffc63c4: ; not directly referenced
+mov edx, esi
+shl edx, cl
+test byte [ebp - 0x98], dl
+je short loc_fffc63df ; je 0xfffc63df
+mov edx, dword [ebp - 0x50]
+mov dl, byte [edx + ecx + 0x245]
+cmp al, dl
+cmova eax, edx
+
+loc_fffc63df: ; not directly referenced
+inc ecx
+cmp byte [ebp - 0x78], cl
+ja short loc_fffc63c4 ; ja 0xfffc63c4
+cmp dword [ebp - 0x8c], 0
+je short loc_fffc645e ; je 0xfffc645e
+mov esi, dword [ebp - 0x50]
+mov edx, dword [esi + 0x109]
+cmp al, dl
+cmovae eax, edx
+mov edx, dword [esi + 0x115]
+cmp al, dl
+cmovae eax, edx
+jmp short loc_fffc645e ; jmp 0xfffc645e
+
+loc_fffc6409: ; not directly referenced
+cmp eax, esi
+mov dl, al
+cmovbe edx, esi
+xor ecx, ecx
+mov esi, 1
+
+loc_fffc6417: ; not directly referenced
+mov eax, esi
+shl eax, cl
+test byte [ebp - 0x98], al
+je short loc_fffc6432 ; je 0xfffc6432
+mov eax, dword [ebp - 0x50]
+mov al, byte [eax + ecx + 0x245]
+cmp dl, al
+cmovb edx, eax
+
+loc_fffc6432: ; not directly referenced
+inc ecx
+cmp byte [ebp - 0x78], cl
+ja short loc_fffc6417 ; ja 0xfffc6417
+cmp dword [ebp - 0x8c], 0
+je short loc_fffc645a ; je 0xfffc645a
+mov esi, dword [ebp - 0x50]
+mov eax, dword [esi + 0x109]
+cmp dl, al
+cmovbe edx, eax
+mov eax, dword [esi + 0x115]
+cmp dl, al
+cmovbe edx, eax
+
+loc_fffc645a: ; not directly referenced
+mov al, 0x7f
+sub eax, edx
+
+loc_fffc645e: ; not directly referenced
+movzx esi, byte [ebp - 0x6f]
+mov ecx, esi
+cmp al, cl
+cmova eax, esi
+mov byte [ebp + ebx - 0x42], al
+
+loc_fffc646d: ; not directly referenced
+mov esi, dword [ebp - 0x60]
+mov ecx, 0xa
+xor edx, edx
+mov eax, dword [esi]
+div ecx
+mov dword [esi], eax
+movzx edx, byte [ebp + ebx - 0x42]
+cmp eax, edx
+jbe short loc_fffc6488 ; jbe 0xfffc6488
+mov dword [esi], edx
+
+loc_fffc6488: ; not directly referenced
+cmp dword [ebp - 0x74], 0
+je short loc_fffc64ab ; je 0xfffc64ab
+mov eax, dword [ebp - 0x60]
+mov esi, dword [ebp - 0x54]
+mov edx, dword [eax]
+imul eax, dword [ebp - 0x64], 0x24
+add eax, dword [ebp - 0xcc]
+add eax, dword [ebp - 0x4c]
+cmp dword [esi + eax*4], edx
+jbe short loc_fffc64ab ; jbe 0xfffc64ab
+mov dword [esi + eax*4], edx
+
+loc_fffc64ab: ; not directly referenced
+mov eax, dword [ebp - 0x60]
+mov edx, ebx
+xor ecx, ecx
+shl edx, 0xa
+add edx, 0x40f0
+mov eax, dword [eax]
+mov byte [ebp + ebx - 0x3a], al
+mov byte [ebp + ebx - 0x3c], al
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc64cc: ; not directly referenced
+inc ebx
+add dword [ebp - 0x60], 0x48
+add dword [ebp - 0x50], 0x13c3
+cmp ebx, 2
+jne loc_fffc6267 ; jne 0xfffc6267
+cmp dword [ebp - 0x74], 0
+jne short loc_fffc64f9 ; jne 0xfffc64f9
+
+loc_fffc64e7: ; not directly referenced
+mov eax, dword [ebp - 0x4c]
+lea eax, [eax + eax - 1]
+mov dword [ebp - 0xd8], eax
+jmp near loc_fffc66b2 ; jmp 0xfffc66b2
+
+loc_fffc64f9: ; not directly referenced
+test byte [ebp - 0x70], 1
+je short loc_fffc652a ; je 0xfffc652a
+movzx eax, byte [ebp - 0x58]
+imul edx, dword [ebp - 0x64], 0x24
+mov esi, dword [ebp - 0x54]
+mov ebx, dword [ebp - 0x94]
+imul eax, eax, 0x12
+mov ecx, dword [ebp - 0x7c]
+add eax, edx
+add eax, dword [ebp - 0x4c]
+mov edx, dword [esi + eax*4]
+mov dword [ebx + ecx], edx
+mov eax, dword [esi + eax*4]
+mov byte [ebp - 0x3a], al
+mov byte [ebp - 0x3c], al
+
+loc_fffc652a: ; not directly referenced
+cmp dword [ebp - 0xa0], 0
+je short loc_fffc64e7 ; je 0xfffc64e7
+movzx eax, byte [ebp - 0x58]
+imul edx, dword [ebp - 0x64], 0x24
+mov esi, dword [ebp - 0x54]
+mov ebx, dword [ebp - 0x94]
+imul eax, eax, 0x12
+mov ecx, dword [ebp - 0x7c]
+add eax, edx
+add eax, dword [ebp - 0x4c]
+mov edx, dword [esi + eax*4]
+mov dword [ebx + ecx + 0x48], edx
+mov eax, dword [esi + eax*4]
+mov byte [ebp - 0x39], al
+mov byte [ebp - 0x3b], al
+jmp short loc_fffc64e7 ; jmp 0xfffc64e7
+
+loc_fffc6561: ; not directly referenced
+cmp byte [ebp - 0x6d], 0xc
+jne loc_fffc67ac ; jne 0xfffc67ac
+mov eax, dword [ebp - 0x60]
+cmp byte [ebp - 0x6e], 0
+mov al, byte [eax + 0xc4]
+setne dl
+cmp dword [ebp + 0x1c], 0
+mov byte [ebp - 0x78], al
+setne al
+test dl, al
+jne loc_fffc66fa ; jne 0xfffc66fa
+
+loc_fffc658d: ; not directly referenced
+cmp dword [ebp - 0x88], 0
+movzx ecx, byte [ebp - 0x78]
+jne loc_fffc6795 ; jne 0xfffc6795
+push esi
+push 0
+push dword [ebp - 0x50]
+push 3
+push ecx
+push 0
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffc65b3: ; not directly referenced
+inc ebx
+add dword [ebp - 0x60], 0x13c3
+cmp ebx, 2
+je loc_fffc6648 ; je 0xfffc6648
+
+loc_fffc65c4: ; not directly referenced
+mov eax, dword [ebp - 0x6c]
+bt eax, ebx
+jae short loc_fffc65b3 ; jae 0xfffc65b3
+imul eax, ebx, 0x48
+mov ecx, dword [ebp - 0x90]
+mov esi, dword [ebp - 0xd8]
+imul esi, dword [ecx + eax]
+cmp byte [ebp - 0x6d], 0xd
+mov dword [ebp - 0x50], esi
+jne loc_fffc6561 ; jne 0xfffc6561
+cmp byte [ebp - 0x6e], 0
+setne dl
+cmp dword [ebp + 0x1c], 0
+setne al
+test dl, al
+je short loc_fffc661e ; je 0xfffc661e
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 2
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x14
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+
+loc_fffc661e: ; not directly referenced
+push 0
+push 0
+push 0
+push 0
+push dword [ebp - 0x50]
+push 0
+push 2
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x20
+cmp dword [ebp + 0x1c], 0
+jne short loc_fffc6648 ; jne 0xfffc6648
+sub esp, 0xc
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+
+loc_fffc6648: ; not directly referenced
+push eax
+xor eax, eax
+movzx ecx, byte [edi + 0x248b]
+cmp dword [ebp - 0x80], 0
+mov edx, dword [ebp - 0x6c]
+push 0
+sete al
+push eax
+lea eax, [ebp - 0x24]
+push eax
+mov eax, edi
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+mov byte [ebp - 0x6e], al
+movzx eax, al
+or dword [ebp - 0xb0], eax
+cmp byte [ebp - 0xb1], 0
+jne loc_fffc689e ; jne 0xfffc689e
+movzx eax, byte [ebp - 0xa1]
+dec eax
+cmp dword [ebp - 0x80], eax
+jae loc_fffc689e ; jae 0xfffc689e
+movzx eax, byte [ebp - 0x70]
+cmp dword [ebp - 0xb0], eax
+jne loc_fffc689e ; jne 0xfffc689e
+
+loc_fffc66a7: ; not directly referenced
+cmp word [ebp - 0x28], 0
+jne loc_fffc6c97 ; jne 0xfffc6c97
+
+loc_fffc66b2: ; not directly referenced
+mov ecx, 4
+mov edx, 0x4800
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov dword [ebp - 0xb0], 0
+mov dword [ebp - 0x80], 0
+
+loc_fffc66d4: ; not directly referenced
+movzx eax, byte [ebp - 0xa1]
+cmp dword [ebp - 0x80], eax
+jae short loc_fffc66a7 ; jae 0xfffc66a7
+mov eax, dword [ebp - 0xa8]
+xor ebx, ebx
+mov dword [ebp - 0x98], 0
+mov dword [ebp - 0x60], eax
+jmp near loc_fffc65c4 ; jmp 0xfffc65c4
+
+loc_fffc66fa: ; not directly referenced
+cmp dword [ebp - 0x98], 0
+jne loc_fffc658d ; jne 0xfffc658d
+cmp dword [ebp - 0x8c], 0
+jne short loc_fffc672b ; jne 0xfffc672b
+
+loc_fffc6710: ; not directly referenced
+sub esp, 0xc
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+mov dword [ebp - 0x98], 1
+jmp near loc_fffc658d ; jmp 0xfffc658d
+
+loc_fffc672b: ; not directly referenced
+movzx eax, byte [ebp - 0x6e]
+xor esi, esi
+mov dword [ebp - 0xcc], eax
+movzx eax, byte [ebp - 0x78]
+mov dword [ebp - 0x98], eax
+
+loc_fffc6741: ; not directly referenced
+mov eax, dword [ebp - 0xcc]
+bt eax, esi
+jae short loc_fffc678a ; jae 0xfffc678a
+cmp dword [ebp - 0x88], 0
+jne short loc_fffc6770 ; jne 0xfffc6770
+push eax
+push 0
+push 0
+push 3
+push dword [ebp - 0x98]
+push 0
+push esi
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+jmp short loc_fffc678a ; jmp 0xfffc678a
+
+loc_fffc6770: ; not directly referenced
+push 0
+mov ecx, dword [ebp - 0x98]
+mov edx, ebx
+push 0
+mov eax, edi
+push 0
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffc678a: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffc6741 ; jne 0xfffc6741
+jmp near loc_fffc6710 ; jmp 0xfffc6710
+
+loc_fffc6795: ; not directly referenced
+push 0
+mov edx, ebx
+push 0
+mov eax, edi
+push dword [ebp - 0x50]
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+jmp near loc_fffc6844 ; jmp 0xfffc6844
+
+loc_fffc67ac: ; not directly referenced
+mov eax, dword [ebp - 0x6c]
+lea ecx, [ebx + 1]
+sar eax, cl
+mov cl, byte [ebp - 0x6d]
+mov dword [ebp - 0x78], eax
+cmp cl, 5
+sete al
+test byte [ebp - 0xa2], al
+jne short loc_fffc67d2 ; jne 0xfffc67d2
+xor edx, edx
+movzx esi, cl
+jmp near loc_fffc6891 ; jmp 0xfffc6891
+
+loc_fffc67d2: ; not directly referenced
+imul edx, dword [ebp - 0xe0], 0x18
+imul eax, dword [ebp - 0xac], 0x128
+mov esi, dword [ebp - 0x60]
+mov ecx, dword [ebp - 0x68]
+add eax, edx
+lea esi, [esi + eax + 0x1266]
+mov ax, word [esi + 0xb]
+push edx
+push edx
+mov edx, ebx
+or eax, 0x10
+movzx eax, ax
+push eax
+mov eax, edi
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+push dword [ebp - 0x78]
+push 1
+push 0xff
+push dword [ebp - 0x68]
+push dword [ebp - 0x50]
+push 0
+push ebx
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+mov ax, word [esi + 0xb]
+add esp, 0x28
+mov ecx, dword [ebp - 0x68]
+mov edx, ebx
+and eax, 0xffef
+push eax
+mov eax, edi
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+mov dword [ebp - 0x84], eax
+
+loc_fffc6844: ; not directly referenced
+add esp, 0x10
+jmp near loc_fffc65b3 ; jmp 0xfffc65b3
+
+loc_fffc684c: ; not directly referenced
+push 1
+movzx eax, dl
+push dword [ebp - 0x78]
+mov dword [ebp - 0xcc], edx
+push 0
+push 0
+push eax
+push 0xff
+push ebx
+push 0
+push dword [ebp - 0x80]
+push dword [ebp - 0x50]
+push esi
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+cmp dword [ebp - 0x9c], 0
+mov dword [ebp - 0x84], eax
+jne loc_fffc65b3 ; jne 0xfffc65b3
+mov edx, dword [ebp - 0xcc]
+inc edx
+
+loc_fffc6891: ; not directly referenced
+cmp dl, byte [edi + 0x2488]
+jb short loc_fffc684c ; jb 0xfffc684c
+jmp near loc_fffc65b3 ; jmp 0xfffc65b3
+
+loc_fffc689e: ; not directly referenced
+mov eax, dword [ebp - 0x90]
+xor ebx, ebx
+mov dword [ebp - 0x98], eax
+jmp short loc_fffc68c6 ; jmp 0xfffc68c6
+
+loc_fffc68ae: ; not directly referenced
+cmp byte [ebp + ebx - 0x40], 1
+jne short loc_fffc68d0 ; jne 0xfffc68d0
+
+loc_fffc68b5: ; not directly referenced
+inc ebx
+add dword [ebp - 0x98], 0x48
+cmp ebx, 2
+je loc_fffc6bb5 ; je 0xfffc6bb5
+
+loc_fffc68c6: ; not directly referenced
+cmp word [ebp + ebx*2 - 0x28], 1
+mov al, bl
+je short loc_fffc68ae ; je 0xfffc68ae
+
+loc_fffc68d0: ; not directly referenced
+mov esi, dword [ebp - 0x6c]
+bt esi, ebx
+jae short loc_fffc68b5 ; jae 0xfffc68b5
+xor esi, esi
+mov edx, ebx
+cmp dword [ebp - 0x74], 0
+cmove esi, eax
+mov eax, esi
+shl edx, 0xa
+add edx, 0x4114
+mov byte [ebp - 0x58], al
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov esi, dword [ebp - 0x98]
+mov dl, byte [ebp + ebx - 0x3e]
+mov esi, dword [esi]
+mov ecx, esi
+sub ecx, edx
+and eax, 0x7fffff
+mov dword [ebp - 0x78], eax
+movzx eax, byte [ebp - 0x58]
+mov dword [ebp - 0x50], esi
+mov byte [ebp - 0x60], cl
+jne loc_fffc69cb ; jne 0xfffc69cb
+mov cl, byte [ebp - 0x50]
+cmp cl, byte [ebp + eax - 0x3c]
+jne short loc_fffc698c ; jne 0xfffc698c
+cmp byte [ebp - 0x60], 0
+jns short loc_fffc6951 ; jns 0xfffc6951
+cmp byte [ebp + eax - 0x3a], cl
+jne short loc_fffc6941 ; jne 0xfffc6941
+
+loc_fffc6935: ; not directly referenced
+mov al, byte [ebp - 0x50]
+mov byte [ebp + ebx - 0x3e], al
+jmp near loc_fffc6b19 ; jmp 0xfffc6b19
+
+loc_fffc6941: ; not directly referenced
+mov dword [ebp - 0x2c], 1
+
+loc_fffc6948: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+test eax, eax
+jne short loc_fffc6948 ; jne 0xfffc6948
+jmp short loc_fffc6935 ; jmp 0xfffc6935
+
+loc_fffc6951: ; not directly referenced
+cmp byte [ebp - 0x60], 1
+jne short loc_fffc696d ; jne 0xfffc696d
+mov eax, dword [ebp + ebx*4 - 0x20]
+shr eax, 8
+xor ah, ah
+mov dword [ebp + ebx*4 - 0x20], eax
+mov al, byte [ebp - 0x50]
+mov byte [ebx + ebp - 0x3e], al
+jmp short loc_fffc69b3 ; jmp 0xfffc69b3
+
+loc_fffc696d: ; not directly referenced
+xor eax, eax
+cmp byte [ebp - 0x60], 2
+je loc_fffc6a1d ; je 0xfffc6a1d
+mov dword [ebp - 0x30], 1
+
+loc_fffc6980: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+test eax, eax
+jne short loc_fffc6980 ; jne 0xfffc6980
+jmp near loc_fffc6b19 ; jmp 0xfffc6b19
+
+loc_fffc698c: ; not directly referenced
+mov cl, byte [ebp - 0x50]
+cmp cl, byte [ebp + eax - 0x3a]
+jne loc_fffc6b0b ; jne 0xfffc6b0b
+cmp word [ebp + ebx*2 - 0x28], 1
+je loc_fffc68b5 ; je 0xfffc68b5
+cmp byte [ebp - 0x60], 0xff
+jne short loc_fffc69bf ; jne 0xfffc69bf
+and dword [ebp + ebx*4 - 0x20], 0xffffff00
+
+loc_fffc69b3: ; not directly referenced
+mov word [ebp + ebx*2 - 0x28], 1
+jmp near loc_fffc6b19 ; jmp 0xfffc6b19
+
+loc_fffc69bf: ; not directly referenced
+mov al, byte [ebp - 0x50]
+mov byte [ebx + ebp - 0x3e], al
+jmp near loc_fffc6b02 ; jmp 0xfffc6b02
+
+loc_fffc69cb: ; not directly referenced
+mov cl, byte [ebp + eax - 0x3c]
+mov byte [ebp - 0xcc], cl
+cmp byte [ebp - 0x50], cl
+jne short loc_fffc6a3f ; jne 0xfffc6a3f
+cmp byte [ebp - 0x60], 2
+jle short loc_fffc69f3 ; jle 0xfffc69f3
+mov dword [ebp - 0x34], 1
+
+loc_fffc69e7: ; not directly referenced
+mov eax, dword [ebp - 0x34]
+test eax, eax
+jne short loc_fffc69e7 ; jne 0xfffc69e7
+jmp near loc_fffc6b19 ; jmp 0xfffc6b19
+
+loc_fffc69f3: ; not directly referenced
+mov eax, dword [ebp - 0x78]
+je short loc_fffc6a1d ; je 0xfffc6a1d
+call fcn_fffaebf8 ; call 0xfffaebf8
+mov edx, dword [ebp + ebx*4 - 0x20]
+mov byte [ebp + ebx - 0x40], 0
+and edx, 0xff00ffff
+movzx eax, al
+shl eax, 0x10
+or eax, edx
+mov dword [ebp + ebx*4 - 0x20], eax
+jmp near loc_fffc6b19 ; jmp 0xfffc6b19
+
+loc_fffc6a1d: ; not directly referenced
+call fcn_fffaebf8 ; call 0xfffaebf8
+mov edx, dword [ebp + ebx*4 - 0x20]
+mov byte [ebp + ebx - 0x40], 1
+and edx, 0xffffff
+shl eax, 0x18
+or eax, edx
+mov dword [ebp + ebx*4 - 0x20], eax
+jmp near loc_fffc6b19 ; jmp 0xfffc6b19
+
+loc_fffc6a3f: ; not directly referenced
+mov cl, byte [ebp - 0x50]
+cmp cl, byte [ebp + eax - 0x3a]
+jne loc_fffc6b0b ; jne 0xfffc6b0b
+inc dl
+je short loc_fffc6ac9 ; je 0xfffc6ac9
+cmp byte [ebp - 0x60], 0
+jg short loc_fffc6ac9 ; jg 0xfffc6ac9
+movsx eax, byte [ebp - 0x60]
+mov esi, eax
+mov eax, dword [ebp - 0x78]
+call fcn_fffaebf8 ; call 0xfffaebf8
+mov ecx, dword [ebp + ebx*4 - 0x20]
+mov edx, 1
+sub edx, esi
+shl edx, 3
+mov dword [ebp - 0xd4], ecx
+lea ecx, [edx + 0x1f]
+mov dword [ebp - 0xd0], eax
+mov eax, esi
+xor esi, esi
+cmp cl, 0x3e
+ja short loc_fffc6abb ; ja 0xfffc6abb
+mov esi, eax
+mov eax, 0xff
+lea ecx, [esi*8 + 8]
+movzx esi, byte [ebp - 0xd0]
+shl eax, cl
+not eax
+and eax, dword [ebp - 0xd4]
+shl esi, cl
+mov cl, dl
+or esi, eax
+test dl, dl
+jle short loc_fffc6ab7 ; jle 0xfffc6ab7
+shl esi, cl
+jmp short loc_fffc6abb ; jmp 0xfffc6abb
+
+loc_fffc6ab7: ; not directly referenced
+neg ecx
+shr esi, cl
+
+loc_fffc6abb: ; not directly referenced
+mov al, byte [ebp - 0x50]
+mov dword [ebp + ebx*4 - 0x20], esi
+dec eax
+mov byte [ebp + ebx - 0x3e], al
+jmp short loc_fffc6aec ; jmp 0xfffc6aec
+
+loc_fffc6ac9: ; not directly referenced
+mov eax, dword [ebp - 0x78]
+mov esi, dword [ebp + ebx*4 - 0x20]
+call fcn_fffaebf8 ; call 0xfffaebf8
+movzx edx, si
+and esi, 0xff0000
+shr esi, 8
+add esi, eax
+shl esi, 0x10
+or esi, edx
+mov dword [ebp + ebx*4 - 0x20], esi
+
+loc_fffc6aec: ; not directly referenced
+mov al, byte [ebp - 0xcc]
+cmp byte [ebp - 0x50], al
+jae short loc_fffc6afc ; jae 0xfffc6afc
+mov byte [ebp + ebx - 0x40], 1
+
+loc_fffc6afc: ; not directly referenced
+cmp byte [ebp - 0x60], 0
+jg short loc_fffc6b19 ; jg 0xfffc6b19
+
+loc_fffc6b02: ; not directly referenced
+mov word [ebp + ebx*2 - 0x28], 0
+jmp short loc_fffc6b19 ; jmp 0xfffc6b19
+
+loc_fffc6b0b: ; not directly referenced
+mov dword [ebp - 0x38], 1
+
+loc_fffc6b12: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+test eax, eax
+jne short loc_fffc6b12 ; jne 0xfffc6b12
+
+loc_fffc6b19: ; not directly referenced
+mov al, byte [ebp + ebx - 0x42]
+cmp byte [ebp - 0x50], al
+jne short loc_fffc6b27 ; jne 0xfffc6b27
+mov byte [ebp + ebx - 0x40], 1
+
+loc_fffc6b27: ; not directly referenced
+cmp dword [ebp - 0x78], 0
+jne short loc_fffc6b42 ; jne 0xfffc6b42
+cmp al, byte [ebp + ebx - 0x3e]
+jne short loc_fffc6b42 ; jne 0xfffc6b42
+cmp word [ebp + ebx*2 - 0x28], 1
+jne short loc_fffc6b42 ; jne 0xfffc6b42
+mov word [ebp + ebx*4 - 0x1e], 0xfffe
+
+loc_fffc6b42: ; not directly referenced
+cmp byte [ebp - 0x50], 0
+jne short loc_fffc6b66 ; jne 0xfffc6b66
+cmp dword [ebp - 0x78], 0
+mov word [ebp + ebx*2 - 0x28], 1
+je short loc_fffc6b66 ; je 0xfffc6b66
+mov byte [ebp + ebx - 0x40], 1
+mov byte [ebp + ebx - 0x3e], 0
+mov word [ebp + ebx*4 - 0x1e], 0x707
+
+loc_fffc6b66: ; not directly referenced
+cmp dword [ebp - 0x74], 0
+jne loc_fffc68b5 ; jne 0xfffc68b5
+cmp word [ebp + ebx*2 - 0x28], 1
+jne short loc_fffc6b9c ; jne 0xfffc6b9c
+cmp byte [ebp + ebx - 0x40], 1
+je loc_fffc68b5 ; je 0xfffc68b5
+mov al, byte [ebp + ebx - 0x3c]
+mov esi, dword [ebp - 0x98]
+inc eax
+mov byte [ebp + ebx - 0x3c], al
+movzx eax, al
+mov dword [esi], eax
+jmp near loc_fffc68b5 ; jmp 0xfffc68b5
+
+loc_fffc6b9c: ; not directly referenced
+mov al, byte [ebp + ebx - 0x3a]
+mov ecx, dword [ebp - 0x98]
+dec eax
+mov byte [ebp + ebx - 0x3a], al
+movzx eax, al
+mov dword [ecx], eax
+jmp near loc_fffc68b5 ; jmp 0xfffc68b5
+
+loc_fffc6bb5: ; not directly referenced
+cmp dword [ebp - 0x74], 0
+je loc_fffc6c8f ; je 0xfffc6c8f
+cmp word [ebp - 0x28], 1
+jne loc_fffc6c7b ; jne 0xfffc6c7b
+cmp word [ebp - 0x26], 1
+jne loc_fffc6c7b ; jne 0xfffc6c7b
+cmp byte [ebp - 0x40], 1
+jne short loc_fffc6be5 ; jne 0xfffc6be5
+cmp byte [ebp - 0x3f], 1
+je loc_fffc6c8f ; je 0xfffc6c8f
+
+loc_fffc6be5: ; not directly referenced
+movzx eax, byte [ebp - 0x58]
+mov bl, byte [ebp + eax - 0x3c]
+lea edx, [ebx + 1]
+mov byte [ebp + eax - 0x3c], dl
+
+loc_fffc6bf4: ; not directly referenced
+imul ecx, dword [ebp - 0x64], 0x24
+movzx edx, dl
+imul eax, eax, 0x12
+mov ebx, dword [ebp - 0x54]
+add eax, ecx
+add eax, dword [ebp - 0x4c]
+mov dword [ebx + eax*4], edx
+test byte [ebp - 0x70], 1
+je short loc_fffc6c3f ; je 0xfffc6c3f
+movzx eax, byte [ebp - 0x58]
+imul ecx, dword [ebp - 0x64], 0x24
+mov ebx, dword [ebp - 0x54]
+mov esi, dword [ebp - 0x7c]
+imul edx, eax, 0x12
+add edx, ecx
+add edx, dword [ebp - 0x4c]
+mov edx, dword [ebx + edx*4]
+mov ebx, dword [ebp - 0x94]
+mov dword [ebx + esi], edx
+mov dl, byte [ebp + eax - 0x3a]
+mov al, byte [ebp + eax - 0x3c]
+mov byte [ebp - 0x3a], dl
+mov byte [ebp - 0x3c], al
+
+loc_fffc6c3f: ; not directly referenced
+cmp dword [ebp - 0xa0], 0
+je short loc_fffc6c8f ; je 0xfffc6c8f
+movzx eax, byte [ebp - 0x58]
+imul ecx, dword [ebp - 0x64], 0x24
+mov ebx, dword [ebp - 0x94]
+mov esi, dword [ebp - 0x7c]
+imul edx, eax, 0x12
+add edx, ecx
+mov ecx, dword [ebp - 0x54]
+add edx, dword [ebp - 0x4c]
+mov edx, dword [ecx + edx*4]
+mov dword [ebx + esi + 0x48], edx
+mov dl, byte [ebp + eax - 0x3a]
+mov al, byte [ebp + eax - 0x3c]
+mov byte [ebp - 0x39], dl
+mov byte [ebp - 0x3b], al
+jmp short loc_fffc6c8f ; jmp 0xfffc6c8f
+
+loc_fffc6c7b: ; not directly referenced
+movzx eax, byte [ebp - 0x58]
+mov bl, byte [ebp + eax - 0x3a]
+lea edx, [ebx - 1]
+mov byte [ebp + eax - 0x3a], dl
+jmp near loc_fffc6bf4 ; jmp 0xfffc6bf4
+
+loc_fffc6c8f: ; not directly referenced
+inc dword [ebp - 0x80]
+jmp near loc_fffc66d4 ; jmp 0xfffc66d4
+
+loc_fffc6c97: ; not directly referenced
+cmp byte [ebp - 0x40], 0
+je loc_fffc66b2 ; je 0xfffc66b2
+cmp word [ebp - 0x26], 0
+je loc_fffc66b2 ; je 0xfffc66b2
+cmp byte [ebp - 0x3f], 0
+je loc_fffc66b2 ; je 0xfffc66b2
+xor ebx, ebx
+
+loc_fffc6cb8: ; not directly referenced
+mov eax, dword [ebp - 0x6c]
+bt eax, ebx
+jae short loc_fffc6d0d ; jae 0xfffc6d0d
+cmp byte [ebp - 0xb1], 0
+je short loc_fffc6cf9 ; je 0xfffc6cf9
+mov edx, dword [ebp + ebx*4 - 0x20]
+sub esp, 0xc
+movzx eax, byte [ebp + ebx - 0x3e]
+push dword [ebp + 0x18]
+mov ecx, edx
+shr edx, 0x10
+shr ecx, 0x18
+movzx edx, dl
+call fcn_fffaa348 ; call 0xfffaa348
+imul edx, ebx, 0x48
+mov ecx, dword [ebp - 0x90]
+add esp, 0x10
+mov dword [ecx + edx], eax
+jmp short loc_fffc6d0d ; jmp 0xfffc6d0d
+
+loc_fffc6cf9: ; not directly referenced
+movzx edx, byte [ebp + ebx - 0x3e]
+imul eax, ebx, 0x48
+mov esi, dword [ebp - 0x90]
+imul edx, edx, 0xa
+mov dword [esi + eax], edx
+
+loc_fffc6d0d: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffc6cb8 ; jne 0xfffc6cb8
+inc dword [ebp - 0x4c]
+add dword [ebp - 0x7c], 4
+cmp dword [ebp - 0x4c], 2
+jne loc_fffc61f5 ; jne 0xfffc61f5
+cmp byte [ebp - 0x5c], 0xd
+jne short loc_fffc6d46 ; jne 0xfffc6d46
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 2
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x20
+jmp near loc_fffc6e84 ; jmp 0xfffc6e84
+
+loc_fffc6d46: ; not directly referenced
+cmp byte [ebp - 0x5c], 0xc
+jne short loc_fffc6d9a ; jne 0xfffc6d9a
+xor ebx, ebx
+
+loc_fffc6d4e: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [ebp - 0x88], 0
+movzx ecx, byte [edi + eax + 0x381a]
+jne short loc_fffc6d7b ; jne 0xfffc6d7b
+push esi
+push 0
+push 0
+push 3
+push ecx
+push 0
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+jmp short loc_fffc6d8f ; jmp 0xfffc6d8f
+
+loc_fffc6d7b: ; not directly referenced
+push 0
+mov edx, ebx
+push 0
+mov eax, edi
+push 0
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffc6d8f: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffc6d4e ; jne 0xfffc6d4e
+jmp near loc_fffc6e84 ; jmp 0xfffc6e84
+
+loc_fffc6d9a: ; not directly referenced
+cmp byte [ebp - 0x5c], 5
+sete al
+test byte [ebp - 0xa2], al
+je loc_fffc6e5c ; je 0xfffc6e5c
+mov edx, dword [ebp - 0xc8]
+xor ebx, ebx
+mov eax, dword [ebp - 0xa8]
+and edx, 1
+mov dword [ebp - 0x4c], eax
+imul edx, edx, 0x18
+imul eax, dword [ebp - 0xac], 0x128
+add eax, edx
+mov dword [ebp - 0x58], eax
+
+loc_fffc6dd3: ; not directly referenced
+mov esi, dword [ebp - 0x6c]
+lea eax, [ebx + 1]
+mov cl, al
+mov edx, dword [ebp - 0x58]
+mov dword [ebp - 0x50], eax
+sar esi, cl
+mov ecx, dword [ebp - 0x4c]
+mov dword [ebp - 0x54], esi
+lea esi, [ecx + edx + 0x1266]
+mov ecx, dword [ebp - 0x68]
+mov ax, word [esi + 0xb]
+push edx
+push edx
+mov edx, ebx
+or eax, 0x10
+movzx eax, ax
+push eax
+mov eax, edi
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+push dword [ebp - 0x54]
+push 1
+push 0xff
+push dword [ebp - 0x68]
+push 0
+push 0
+push ebx
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+mov ax, word [esi + 0xb]
+add esp, 0x28
+mov ecx, dword [ebp - 0x68]
+mov edx, ebx
+and eax, 0xffef
+push eax
+mov eax, edi
+push 3
+call fcn_fffafd52 ; call 0xfffafd52
+mov ebx, dword [ebp - 0x50]
+add esp, 0x10
+add dword [ebp - 0x4c], 0x13c3
+mov dword [ebp - 0x84], eax
+cmp ebx, 2
+jne loc_fffc6dd3 ; jne 0xfffc6dd3
+jmp short loc_fffc6e84 ; jmp 0xfffc6e84
+
+loc_fffc6e5c: ; not directly referenced
+push 2
+movzx eax, byte [ebp - 0x5c]
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push eax
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+mov dword [ebp - 0x84], eax
+
+loc_fffc6e84: ; not directly referenced
+mov eax, edi
+xor ecx, ecx
+mov edx, 0x4cf0
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp - 0x84]
+
+loc_fffc6e98: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc6ea0: ; not directly referenced
+push ebp
+mov ecx, 8
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x178
+mov eax, dword [ebp + 8]
+lea edi, [ebp - 0xe8]
+mov edx, dword [ebp + 0xc]
+mov dword [ebp - 0xbc], fcn_fffaafc2 ; mov dword [ebp - 0xbc], 0xfffaafc2
+mov dword [ebp - 0xb0], fcn_fffaafda ; mov dword [ebp - 0xb0], 0xfffaafda
+mov dword [ebp - 0x130], eax
+xor eax, eax
+rep stosd ; rep stosd dword es:[edi], eax
+lea edi, [ebp - 0xf8]
+mov dword [ebp - 0x12c], edx
+mov edx, 0xcf8
+mov dword [ebp - 0x5c], fcn_fffab0f8 ; mov dword [ebp - 0x5c], 0xfffab0f8
+mov dword [ebp - 0x58], fcn_fffab0ef ; mov dword [ebp - 0x58], 0xfffab0ef
+mov dword [ebp - 0xa4], fcn_fffb3d4e ; mov dword [ebp - 0xa4], 0xfffb3d4e
+mov dword [ebp - 0xa0], fcn_fffb3dc0 ; mov dword [ebp - 0xa0], 0xfffb3dc0
+mov cl, 4
+rep stosd ; rep stosd dword es:[edi], eax
+mov eax, 0x80000048
+mov dword [ebp - 0x7c], fcn_fffc3868 ; mov dword [ebp - 0x7c], 0xfffc3868
+mov dword [ebp - 0x78], fcn_fffc3844 ; mov dword [ebp - 0x78], 0xfffc3844
+out dx, eax
+push 0xcfc
+call fcn_fffaafc2 ; call 0xfffaafc2
+add esp, 0x10
+mov ebx, eax
+test al, 1
+jne short loc_fffc6f40 ; jne 0xfffc6f40
+
+loc_fffc6f39: ; not directly referenced
+xor eax, eax
+jmp near loc_fffc82ec ; jmp 0xfffc82ec
+
+loc_fffc6f40: ; not directly referenced
+push 0x60
+mov esi, dword [ebp - 0xb0]
+push 0
+push 0
+push 0
+call dword [ebp - 0x7c] ; ucall
+pop edi
+pop edx
+push eax
+push 0xcf8
+call esi
+mov dword [esp], 0xcfc
+call dword [ebp - 0xbc] ; ucall
+add esp, 0x10
+test al, 1
+je short loc_fffc6f39 ; je 0xfffc6f39
+and eax, 0xfffffff8
+mov esi, eax
+call fcn_fffa6801 ; call 0xfffa6801
+mov dword [ebp - 0x144], 0
+cmp eax, 0x40660
+setne cl
+cmp eax, 0x306c0
+setne dl
+test cl, dl
+je short loc_fffc6fa8 ; je 0xfffc6fa8
+cmp eax, 0x40650
+setne al
+movzx eax, al
+mov dword [ebp - 0x144], eax
+
+loc_fffc6fa8: ; not directly referenced
+push 0xbc
+and ebx, 0xfffffffe
+push 0
+push 0
+push 0
+call dword [ebp - 0x78] ; ucall
+add eax, esi
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+push 0x90
+push 0
+push 0
+push 0
+mov dword [ebp - 0x160], eax
+call dword [ebp - 0x78] ; ucall
+add esp, 0x14
+add eax, esi
+push eax
+call dword [ebp - 0xa0] ; ucall
+push 0x98
+push 0
+push 0
+push 0
+mov dword [ebp - 0x150], edx
+mov dword [ebp - 0x138], eax
+call dword [ebp - 0x78] ; ucall
+add esp, 0x14
+add esi, eax
+push esi
+call dword [ebp - 0xa0] ; ucall
+mov edi, eax
+lea eax, [ebx + 0x5024]
+or edi, 0xfffff
+mov dword [ebp - 0x164], edx
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [ebp - 0x154], eax
+lea eax, [ebx + 0x5014]
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [ebp - 0x140], eax
+lea eax, [ebx + 0x5000]
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [ebp - 0x148], eax
+lea eax, [ebx + 0x5004]
+add ebx, 0x5008
+mov dword [esp], eax
+call dword [ebp - 0xa4] ; ucall
+mov dword [esp], ebx
+mov esi, eax
+call dword [ebp - 0xa4] ; ucall
+mov ecx, dword [ebp - 0x138]
+add esp, 0xc
+mov ebx, dword [ebp - 0x140]
+mov edx, dword [ebp - 0x164]
+push 0x16
+and ecx, 0xfff00000
+mov dword [ebp - 0x110], ecx
+mov ecx, dword [ebp - 0x150]
+mov dword [ebp - 0x138], edi
+xor edi, edi
+and edx, 0x7f
+push edi
+and ecx, 0x7f
+mov dword [ebp - 0x10c], ecx
+movzx ecx, bl
+push ecx
+mov dword [ebp - 0x104], esi
+mov esi, ecx
+mov dword [ebp - 0x100], eax
+mov dword [ebp - 0xfc], 0
+mov dword [ebp - 0x134], edx
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 0x16
+push edi
+mov edi, ebx
+push esi
+mov dword [ebp - 0x150], eax
+mov dword [ebp - 0x14c], edx
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+xor edx, edx
+push 0xe
+mov eax, ebx
+and eax, 0xff00
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+mov eax, ebx
+push 6
+and eax, 0xff0000
+xor edx, edx
+and edi, 0xff000000
+push edx
+push eax
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 2
+mov dword [ebp - 0x168], edx
+xor edx, edx
+push edx
+push edi
+mov dword [ebp - 0x164], eax
+call dword [ebp - 0x5c] ; ucall
+mov dword [ebp - 0x140], eax
+mov eax, dword [ebp - 0x148]
+mov dword [ebp - 0x13c], edx
+and eax, 1
+mov ebx, dword [ebp + eax*4 - 0x104]
+lea eax, [ebp - 0xc4]
+mov edx, ebx
+call fcn_fffc3bf5 ; call 0xfffc3bf5
+mov esi, eax
+mov edi, edx
+lea eax, [ebp - 0xc4]
+mov edx, ebx
+call fcn_fffc3bda ; call 0xfffc3bda
+add eax, esi
+adc edx, edi
+add esp, 0x10
+cmp dword [ebp - 0x144], 1
+jne short loc_fffc718e ; jne 0xfffc718e
+add eax, dword [ebp - 0x150]
+adc edx, dword [ebp - 0x14c]
+jmp short loc_fffc719a ; jmp 0xfffc719a
+
+loc_fffc718e: ; not directly referenced
+add eax, dword [ebp - 0x140]
+adc edx, dword [ebp - 0x13c]
+
+loc_fffc719a: ; not directly referenced
+mov esi, eax
+mov eax, dword [ebp - 0x10c]
+mov edi, edx
+cmp dword [ebp - 0x134], eax
+jb loc_fffc729e ; jb 0xfffc729e
+ja short loc_fffc71c4 ; ja 0xfffc71c4
+mov eax, dword [ebp - 0x110]
+cmp dword [ebp - 0x138], eax
+jbe loc_fffc729e ; jbe 0xfffc729e
+
+loc_fffc71c4: ; not directly referenced
+mov eax, dword [ebp - 0x160]
+mov cl, 1
+mov ebx, dword [ebp - 0x134]
+mov dword [ebp - 0x15c], 0
+and eax, 0xfff00000
+mov edx, eax
+mov dword [ebp - 0x160], eax
+cmp dword [ebp - 0x12c], ebx
+jb short loc_fffc7203 ; jb 0xfffc7203
+ja short loc_fffc7201 ; ja 0xfffc7201
+mov ebx, dword [ebp - 0x138]
+cmp dword [ebp - 0x130], ebx
+jbe short loc_fffc7203 ; jbe 0xfffc7203
+
+loc_fffc7201: ; not directly referenced
+xor ecx, ecx
+
+loc_fffc7203: ; not directly referenced
+mov eax, dword [ebp - 0x10c]
+mov bl, 1
+cmp dword [ebp - 0x12c], eax
+ja short loc_fffc7225 ; ja 0xfffc7225
+jb short loc_fffc7223 ; jb 0xfffc7223
+mov eax, dword [ebp - 0x110]
+cmp dword [ebp - 0x130], eax
+jae short loc_fffc7225 ; jae 0xfffc7225
+
+loc_fffc7223: ; not directly referenced
+xor ebx, ebx
+
+loc_fffc7225: ; not directly referenced
+test cl, bl
+je short loc_fffc724f ; je 0xfffc724f
+mov eax, dword [ebp - 0x160]
+mov edx, dword [ebp - 0x15c]
+sub eax, dword [ebp - 0x110]
+sbb edx, dword [ebp - 0x10c]
+add eax, dword [ebp - 0x130]
+adc edx, dword [ebp - 0x12c]
+jmp short loc_fffc72aa ; jmp 0xfffc72aa
+
+loc_fffc724f: ; not directly referenced
+cmp dword [ebp - 0x12c], 0
+ja short loc_fffc7260 ; ja 0xfffc7260
+cmp dword [ebp - 0x130], edx
+jb short loc_fffc729e ; jb 0xfffc729e
+
+loc_fffc7260: ; not directly referenced
+mov eax, dword [ebp - 0x160]
+mov edx, dword [ebp - 0x15c]
+add eax, dword [ebp - 0x138]
+adc edx, dword [ebp - 0x134]
+sub eax, dword [ebp - 0x110]
+sbb edx, dword [ebp - 0x10c]
+cmp dword [ebp - 0x12c], edx
+ja short loc_fffc729e ; ja 0xfffc729e
+jb loc_fffc826e ; jb 0xfffc826e
+cmp dword [ebp - 0x130], eax
+jbe loc_fffc826e ; jbe 0xfffc826e
+
+loc_fffc729e: ; not directly referenced
+mov eax, dword [ebp - 0x130]
+mov edx, dword [ebp - 0x12c]
+
+loc_fffc72aa: ; not directly referenced
+push ecx
+push 6
+push edx
+push eax
+call dword [ebp - 0x58] ; ucall
+mov ebx, dword [ebp - 0x148]
+add esp, 0x10
+shr ebx, 6
+and ebx, 1
+cmp dword [ebp - 0x144], 1
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+jne short loc_fffc72f7 ; jne 0xfffc72f7
+push edx
+push 1
+push dword [ebp - 0x14c]
+push dword [ebp - 0x150]
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x164], eax
+mov dword [ebp - 0x168], edx
+
+loc_fffc72f7: ; not directly referenced
+test ebx, ebx
+je short loc_fffc7360 ; je 0xfffc7360
+cmp dword [ebp - 0x10c], edi
+ja loc_fffc826e ; ja 0xfffc826e
+jb short loc_fffc7315 ; jb 0xfffc7315
+cmp dword [ebp - 0x110], esi
+jae loc_fffc826e ; jae 0xfffc826e
+
+loc_fffc7315: ; not directly referenced
+push eax
+mov eax, dword [ebp - 0x148]
+shr eax, 7
+and eax, 7
+push eax
+push 0
+push 0x400000
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+cmp dword [ebp - 0x10c], edx
+jb loc_fffc74a0 ; jb 0xfffc74a0
+ja short loc_fffc734a ; ja 0xfffc734a
+cmp dword [ebp - 0x110], eax
+jb loc_fffc74a0 ; jb 0xfffc74a0
+
+loc_fffc734a: ; not directly referenced
+sub dword [ebp - 0x110], eax
+mov edi, 1
+sbb dword [ebp - 0x10c], edx
+jmp near loc_fffc74a2 ; jmp 0xfffc74a2
+
+loc_fffc7360: ; not directly referenced
+mov eax, dword [ebp - 0x168]
+cmp dword [ebp - 0x10c], eax
+ja loc_fffc744d ; ja 0xfffc744d
+jb short loc_fffc7386 ; jb 0xfffc7386
+mov eax, dword [ebp - 0x164]
+cmp dword [ebp - 0x110], eax
+jae loc_fffc744d ; jae 0xfffc744d
+
+loc_fffc7386: ; not directly referenced
+test dword [ebp - 0x154], 0x800000
+je loc_fffc7421 ; je 0xfffc7421
+mov eax, dword [ebp - 0x154]
+mov edx, 1
+xor edi, edi
+mov esi, eax
+and ax, 0x3fff
+shr esi, 0x15
+and esi, 3
+mov ecx, esi
+shl edx, cl
+xor ecx, ecx
+or eax, edx
+and eax, dword [ebp - 0x110]
+movzx eax, ax
+
+loc_fffc73c0: ; not directly referenced
+mov edx, eax
+sar edx, cl
+inc ecx
+xor edi, edx
+cmp ecx, 0xe
+jne short loc_fffc73c0 ; jne 0xfffc73c0
+push eax
+and edi, 1
+push esi
+push 0
+push 1
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push esi
+mov ebx, eax
+mov ecx, edx
+mov eax, dword [ebp - 0x110]
+mov edx, dword [ebp - 0x10c]
+not ebx
+not ecx
+and ebx, eax
+and ecx, edx
+xor edx, edx
+mov dword [ebp - 0x138], ecx
+mov ecx, ebx
+and ecx, 1
+push edx
+push ecx
+call dword [ebp - 0x5c] ; ucall
+mov ecx, dword [ebp - 0x138]
+add esp, 0x10
+or ebx, eax
+or ecx, edx
+mov dword [ebp - 0x110], ebx
+mov dword [ebp - 0x10c], ecx
+jmp short loc_fffc742a ; jmp 0xfffc742a
+
+loc_fffc7421: ; not directly referenced
+mov edi, dword [ebp - 0x110]
+and edi, 1
+
+loc_fffc742a: ; not directly referenced
+push eax
+push 1
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+jmp short loc_fffc74a2 ; jmp 0xfffc74a2
+
+loc_fffc744d: ; not directly referenced
+cmp dword [ebp - 0x10c], edi
+ja loc_fffc826e ; ja 0xfffc826e
+jb short loc_fffc7467 ; jb 0xfffc7467
+cmp dword [ebp - 0x110], esi
+jae loc_fffc826e ; jae 0xfffc826e
+
+loc_fffc7467: ; not directly referenced
+cmp dword [ebp - 0x144], 1
+jne short loc_fffc7488 ; jne 0xfffc7488
+mov eax, dword [ebp - 0x150]
+mov edx, dword [ebp - 0x14c]
+mov dword [ebp - 0x140], eax
+mov dword [ebp - 0x13c], edx
+
+loc_fffc7488: ; not directly referenced
+mov eax, dword [ebp - 0x140]
+mov edx, dword [ebp - 0x13c]
+sub dword [ebp - 0x110], eax
+sbb dword [ebp - 0x10c], edx
+
+loc_fffc74a0: ; not directly referenced
+xor edi, edi
+
+loc_fffc74a2: ; not directly referenced
+mov eax, dword [ebp - 0x148]
+movzx edi, di
+lea ecx, [edi + edi]
+shr eax, cl
+and eax, 1
+mov word [ebp - 0x158], ax
+movzx eax, ax
+mov ebx, dword [ebp + eax*4 - 0x104]
+mov dword [ebp - 0x16c], eax
+lea eax, [ebp - 0xc4]
+mov edx, ebx
+call fcn_fffc3bf5 ; call 0xfffc3bf5
+mov dword [ebp - 0x138], eax
+lea eax, [ebp - 0xc4]
+mov dword [ebp - 0x134], edx
+mov edx, ebx
+call fcn_fffc3bda ; call 0xfffc3bda
+mov ecx, ebx
+shr ecx, 0x16
+mov dword [ebp - 0x150], ecx
+and dword [ebp - 0x150], 1
+mov dword [ebp - 0x140], eax
+mov eax, ebx
+shr eax, 0x15
+mov edi, eax
+mov dword [ebp - 0x13c], edx
+mov edx, ebx
+and edi, 1
+shr edx, 0x1a
+mov dword [ebp - 0x164], edi
+mov edi, edx
+or eax, edx
+and edi, 1
+mov dword [ebp - 0x168], edi
+test al, 1
+je loc_fffc75fd ; je 0xfffc75fd
+push eax
+push 1
+push dword [ebp - 0x13c]
+push dword [ebp - 0x140]
+call dword [ebp - 0x5c] ; ucall
+add esp, 0x10
+cmp dword [ebp - 0x10c], edx
+ja short loc_fffc75b1 ; ja 0xfffc75b1
+jb short loc_fffc755f ; jb 0xfffc755f
+cmp dword [ebp - 0x110], eax
+jae short loc_fffc75b1 ; jae 0xfffc75b1
+
+loc_fffc755f: ; not directly referenced
+push eax
+push 9
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 1
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov esi, eax
+call dword [ebp - 0x58] ; ucall
+mov ecx, dword [ebp - 0x110]
+and esi, 1
+add esp, 0x10
+and ecx, 0x1ff
+and eax, 0xfffffe00
+or eax, ecx
+mov dword [ebp - 0x110], eax
+mov dword [ebp - 0x10c], edx
+jmp near loc_fffc766e ; jmp 0xfffc766e
+
+loc_fffc75b1: ; not directly referenced
+mov eax, dword [ebp - 0x140]
+mov edx, dword [ebp - 0x13c]
+add eax, dword [ebp - 0x138]
+adc edx, dword [ebp - 0x134]
+cmp dword [ebp - 0x10c], edx
+ja loc_fffc826e ; ja 0xfffc826e
+jb short loc_fffc75e3 ; jb 0xfffc75e3
+cmp dword [ebp - 0x110], eax
+jae loc_fffc826e ; jae 0xfffc826e
+
+loc_fffc75e3: ; not directly referenced
+mov eax, dword [ebp - 0x140]
+mov edx, dword [ebp - 0x13c]
+sub dword [ebp - 0x110], eax
+sbb dword [ebp - 0x10c], edx
+jmp short loc_fffc766c ; jmp 0xfffc766c
+
+loc_fffc75fd: ; not directly referenced
+mov eax, dword [ebp - 0x134]
+cmp dword [ebp - 0x10c], eax
+jb short loc_fffc766c ; jb 0xfffc766c
+ja short loc_fffc761b ; ja 0xfffc761b
+mov eax, dword [ebp - 0x138]
+cmp dword [ebp - 0x110], eax
+jb short loc_fffc766c ; jb 0xfffc766c
+
+loc_fffc761b: ; not directly referenced
+mov eax, dword [ebp - 0x140]
+mov edx, dword [ebp - 0x13c]
+add eax, dword [ebp - 0x138]
+adc edx, dword [ebp - 0x134]
+cmp dword [ebp - 0x10c], edx
+ja loc_fffc826e ; ja 0xfffc826e
+jb short loc_fffc764d ; jb 0xfffc764d
+cmp dword [ebp - 0x110], eax
+jae loc_fffc826e ; jae 0xfffc826e
+
+loc_fffc764d: ; not directly referenced
+mov eax, dword [ebp - 0x138]
+mov esi, 1
+mov edx, dword [ebp - 0x134]
+sub dword [ebp - 0x110], eax
+sbb dword [ebp - 0x10c], edx
+jmp short loc_fffc766e ; jmp 0xfffc766e
+
+loc_fffc766c: ; not directly referenced
+xor esi, esi
+
+loc_fffc766e: ; not directly referenced
+mov eax, dword [ebp - 0x148]
+shr eax, 0xa
+mov dword [ebp - 0x154], eax
+mov eax, ebx
+shr eax, 0x10
+and eax, 1
+mov word [ebp - 0x118], ax
+and dword [ebp - 0x154], 1
+xor word [ebp - 0x118], si
+test si, si
+je short loc_fffc76d9 ; je 0xfffc76d9
+mov edx, dword [ebp - 0x148]
+mov eax, ebx
+mov ecx, ebx
+shr eax, 0x12
+mov edi, dword [ebp - 0x140]
+mov dword [ebp - 0x138], eax
+lea eax, [ebp - 0xc4]
+and dword [ebp - 0x138], 1
+call fcn_fffb8408 ; call 0xfffb8408
+test ebx, 0x100000
+mov word [ebp - 0x116], ax
+jmp short loc_fffc7711 ; jmp 0xfffc7711
+
+loc_fffc76d9: ; not directly referenced
+mov edx, dword [ebp - 0x148]
+mov eax, ebx
+mov ecx, ebx
+shr eax, 0x11
+mov edi, dword [ebp - 0x138]
+mov dword [ebp - 0x138], eax
+lea eax, [ebp - 0xc4]
+and dword [ebp - 0x138], 1
+call fcn_fffb8396 ; call 0xfffb8396
+test ebx, 0x80000
+mov word [ebp - 0x116], ax
+
+loc_fffc7711: ; not directly referenced
+je short loc_fffc771a ; je 0xfffc771a
+mov esi, 0x10
+jmp short loc_fffc7729 ; jmp 0xfffc7729
+
+loc_fffc771a: ; not directly referenced
+cmp dword [ebp - 0x154], 1
+sbb esi, esi
+and esi, 0xffffffe8
+add esi, 0x20
+
+loc_fffc7729: ; not directly referenced
+mov eax, dword [ebp - 0x148]
+shr eax, 0xb
+mov dword [ebp - 0x140], eax
+and dword [ebp - 0x140], 1
+cmp dword [ebp - 0x144], 1
+jne short loc_fffc7762 ; jne 0xfffc7762
+mov eax, dword [ebp - 0x110]
+mov edx, eax
+shr dx, 1
+cmp dword [ebp - 0x140], 0
+cmovne eax, edx
+shl eax, 3
+jmp short loc_fffc779a ; jmp 0xfffc779a
+
+loc_fffc7762: ; not directly referenced
+push eax
+push 3
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x5c] ; ucall
+add esp, 0xc
+push 3
+push dword [ebp - 0x12c]
+push dword [ebp - 0x130]
+mov dword [ebp - 0x160], eax
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 7
+or eax, dword [ebp - 0x160]
+
+loc_fffc779a: ; not directly referenced
+mov cl, byte [ebp - 0x116]
+mov edx, 1
+shl edx, cl
+lea ecx, [edx - 1]
+mov word [ebp - 0x160], cx
+and word [ebp - 0x160], ax
+mov eax, dword [ebp - 0x160]
+cmp dword [ebp - 0x140], 0
+mov word [ebp - 0x156], ax
+je loc_fffc7cd6 ; je 0xfffc7cd6
+push ecx
+push 8
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+mov ecx, dword [ebp - 0x110]
+xor edx, edx
+add esp, 0xc
+push 2
+and ecx, 1
+push edx
+push ecx
+mov dword [ebp - 0x114], eax
+call dword [ebp - 0x5c] ; ucall
+mov ecx, dword [ebp - 0x114]
+add esp, 0x10
+and ecx, 3
+mov word [ebp - 0x114], cx
+or word [ebp - 0x114], ax
+mov al, byte [ebp - 0x168]
+test byte [ebp - 0x138], al
+mov eax, dword [ebp - 0x58]
+je loc_fffc7a04 ; je 0xfffc7a04
+shr ebx, 0x1b
+and ebx, 7
+cmp si, 8
+jne loc_fffc794a ; jne 0xfffc794a
+push edx
+push 7
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+add esp, 0x10
+mov esi, eax
+and esi, 8
+or esi, dword [ebp - 0x114]
+cmp dword [ebp - 0x150], 0
+jne short loc_fffc786f ; jne 0xfffc786f
+mov word [ebp - 0x114], si
+jmp short loc_fffc78dd ; jmp 0xfffc78dd
+
+loc_fffc786f: ; not directly referenced
+push eax
+push 0xc
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 9
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov dword [ebp - 0x114], eax
+call dword [ebp - 0x58] ; ucall
+mov ecx, dword [ebp - 0x114]
+add esp, 0xc
+push 0xb
+push dword [ebp - 0x10c]
+and ecx, 3
+mov word [ebp - 0x114], cx
+and eax, 4
+push dword [ebp - 0x110]
+xor word [ebp - 0x114], ax
+xor word [ebp - 0x114], si
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 8
+xor word [ebp - 0x114], ax
+
+loc_fffc78dd: ; not directly referenced
+lea eax, [ebx + 0xf]
+movzx ebx, bx
+push ecx
+movzx eax, al
+push eax
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 0xb
+push dword [ebp - 0x10c]
+and eax, 1
+push dword [ebp - 0x110]
+mov word [ebp - 0x116], ax
+call dword [ebp - 0x58] ; ucall
+lea ecx, [ebx + 4]
+mov edx, 1
+shl edx, cl
+dec edx
+mov ecx, edx
+not ecx
+mov esi, eax
+and edx, eax
+shr si, 1
+mov eax, edi
+mov word [ebp - 0x128], si
+shr eax, 0xc
+and word [ebp - 0x128], cx
+or word [ebp - 0x128], dx
+jmp near loc_fffc79f4 ; jmp 0xfffc79f4
+
+loc_fffc794a: ; not directly referenced
+cmp dword [ebp - 0x150], 0
+je short loc_fffc798c ; je 0xfffc798c
+push edx
+push 0xb
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+add esp, 0xc
+push 8
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov esi, eax
+call dword [ebp - 0x58] ; ucall
+and esi, 3
+add esp, 0x10
+and eax, 4
+xor esi, eax
+xor word [ebp - 0x114], si
+
+loc_fffc798c: ; not directly referenced
+lea eax, [ebx + 0xe]
+movzx ebx, bx
+push esi
+movzx eax, al
+push eax
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 0xa
+push dword [ebp - 0x10c]
+and eax, 1
+push dword [ebp - 0x110]
+mov word [ebp - 0x116], ax
+call dword [ebp - 0x58] ; ucall
+lea ecx, [ebx + 4]
+mov edx, 1
+shl edx, cl
+dec edx
+mov ecx, edx
+not ecx
+mov esi, eax
+and edx, eax
+shr si, 1
+mov eax, edi
+mov word [ebp - 0x128], si
+shr eax, 0xb
+and word [ebp - 0x128], cx
+or word [ebp - 0x128], dx
+
+loc_fffc79f4: ; not directly referenced
+dec eax
+
+loc_fffc79f5: ; not directly referenced
+and word [ebp - 0x128], ax
+
+loc_fffc79fc: ; not directly referenced
+add esp, 0x10
+jmp near loc_fffc8107 ; jmp 0xfffc8107
+
+loc_fffc7a04: ; not directly referenced
+mov cl, byte [ebp - 0x164]
+test byte [ebp - 0x138], cl
+je loc_fffc7b71 ; je 0xfffc7b71
+push ecx
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+add esp, 0x10
+and eax, 1
+cmp si, 8
+mov word [ebp - 0x116], ax
+mov eax, dword [ebp - 0x58]
+jne loc_fffc7aed ; jne 0xfffc7aed
+push edx
+push 8
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+add esp, 0x10
+and eax, 8
+or word [ebp - 0x114], ax
+cmp dword [ebp - 0x150], 0
+je short loc_fffc7ad6 ; je 0xfffc7ad6
+push eax
+push 0xd
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov ebx, eax
+call dword [ebp - 0x58] ; ucall
+and ebx, 3
+mov esi, dword [ebp - 0x10c]
+add esp, 0xc
+push 0xd
+push esi
+and eax, 4
+xor ebx, eax
+xor word [ebp - 0x114], bx
+mov ebx, dword [ebp - 0x110]
+push ebx
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 0xf
+push esi
+push ebx
+and eax, 8
+xor word [ebp - 0x114], ax
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 1
+xor word [ebp - 0x116], ax
+
+loc_fffc7ad6: ; not directly referenced
+push esi
+push 0xc
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+shr edi, 0xc
+jmp short loc_fffc7b62 ; jmp 0xfffc7b62
+
+loc_fffc7aed: ; not directly referenced
+cmp dword [ebp - 0x150], 0
+je short loc_fffc7b4d ; je 0xfffc7b4d
+push ebx
+push 0xc
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+add esp, 0xc
+push 9
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov ebx, eax
+call dword [ebp - 0x58] ; ucall
+and ebx, 3
+add esp, 0xc
+push 0xe
+push dword [ebp - 0x10c]
+and eax, 4
+push dword [ebp - 0x110]
+xor ebx, eax
+xor word [ebp - 0x114], bx
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 1
+xor word [ebp - 0x116], ax
+
+loc_fffc7b4d: ; not directly referenced
+push ecx
+push 0xb
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+shr edi, 0xb
+
+loc_fffc7b62: ; not directly referenced
+lea edi, [edi - 1]
+mov word [ebp - 0x128], di
+jmp near loc_fffc79f5 ; jmp 0xfffc79f5
+
+loc_fffc7b71: ; not directly referenced
+mov edx, edi
+shr edx, 1
+test dword [ebp - 0x110], edx
+setne dl
+mov ecx, edx
+and ecx, dword [ebp - 0x138]
+mov word [ebp - 0x116], cx
+cmp si, 8
+jne loc_fffc7c68 ; jne 0xfffc7c68
+push edx
+push 7
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+add esp, 0x10
+mov ebx, eax
+and ebx, 8
+or ebx, dword [ebp - 0x114]
+cmp dword [ebp - 0x150], 0
+jne short loc_fffc7bc8 ; jne 0xfffc7bc8
+mov word [ebp - 0x114], bx
+jmp short loc_fffc7c2c ; jmp 0xfffc7c2c
+
+loc_fffc7bc8: ; not directly referenced
+push eax
+push 0xc
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 9
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov esi, eax
+call dword [ebp - 0x58] ; ucall
+and esi, 3
+mov word [ebp - 0x114], si
+add esp, 0xc
+push 0xb
+push dword [ebp - 0x10c]
+and eax, 4
+push dword [ebp - 0x110]
+xor word [ebp - 0x114], ax
+xor word [ebp - 0x114], bx
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 8
+xor word [ebp - 0x114], ax
+
+loc_fffc7c2c: ; not directly referenced
+push esi
+push 0xb
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+xor edx, edx
+add esp, 0xc
+mov ebx, eax
+mov eax, dword [ebp - 0x138]
+add eax, 0xb
+push eax
+push edx
+push edi
+call dword [ebp - 0x58] ; ucall
+dec eax
+mov word [ebp - 0x128], ax
+and word [ebp - 0x128], bx
+jmp near loc_fffc79fc ; jmp 0xfffc79fc
+
+loc_fffc7c68: ; not directly referenced
+cmp dword [ebp - 0x150], 0
+je short loc_fffc7caa ; je 0xfffc7caa
+push ebx
+push 0xb
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call eax
+add esp, 0xc
+push 8
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov ebx, eax
+call dword [ebp - 0x58] ; ucall
+and ebx, 3
+add esp, 0x10
+and eax, 4
+xor ebx, eax
+xor word [ebp - 0x114], bx
+
+loc_fffc7caa: ; not directly referenced
+push ecx
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+mov ecx, dword [ebp - 0x138]
+add ecx, 0xa
+shr edi, cl
+lea esi, [edi - 1]
+mov word [ebp - 0x128], si
+jmp near loc_fffc79f5 ; jmp 0xfffc79f5
+
+loc_fffc7cd6: ; not directly referenced
+cmp word [ebp - 0x116], 9
+jne short loc_fffc7d0d ; jne 0xfffc7d0d
+push edx
+push 1
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x5c] ; ucall
+mov ecx, dword [ebp - 0x144]
+add esp, 0x10
+dec ecx
+mov dword [ebp - 0x110], eax
+lea eax, [edi + edi]
+mov dword [ebp - 0x10c], edx
+jmp short loc_fffc7d43 ; jmp 0xfffc7d43
+
+loc_fffc7d0d: ; not directly referenced
+cmp word [ebp - 0x116], 0xb
+jne short loc_fffc7d46 ; jne 0xfffc7d46
+push eax
+push 1
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x110], eax
+mov eax, edi
+shr eax, 1
+cmp dword [ebp - 0x144], 1
+mov dword [ebp - 0x10c], edx
+
+loc_fffc7d43: ; not directly referenced
+cmove edi, eax
+
+loc_fffc7d46: ; not directly referenced
+mov al, byte [ebp - 0x168]
+test byte [ebp - 0x138], al
+je loc_fffc7e1d ; je 0xfffc7e1d
+shr ebx, 0x1b
+and ebx, 7
+push eax
+lea eax, [ebx + 0xe]
+movzx eax, al
+push eax
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 7
+push dword [ebp - 0x10c]
+and eax, 1
+push dword [ebp - 0x110]
+mov word [ebp - 0x116], ax
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 7
+cmp dword [ebp - 0x150], 0
+mov word [ebp - 0x114], ax
+je short loc_fffc7dc8 ; je 0xfffc7dc8
+push eax
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 7
+xor word [ebp - 0x114], ax
+
+loc_fffc7dc8: ; not directly referenced
+push eax
+movzx ebx, bx
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+lea ecx, [ebx + 4]
+mov edx, 1
+shl edx, cl
+lea ecx, [edx - 1]
+mov ebx, ecx
+add esp, 0x10
+not ebx
+mov edx, eax
+and eax, ecx
+shr dx, 1
+and edx, ebx
+or edx, eax
+mov al, byte [ebp - 0x144]
+lea ecx, [eax + 0xa]
+mov eax, edi
+shr eax, cl
+dec eax
+mov word [ebp - 0x128], ax
+and word [ebp - 0x128], dx
+jmp near loc_fffc8107 ; jmp 0xfffc8107
+
+loc_fffc7e1d: ; not directly referenced
+mov al, byte [ebp - 0x164]
+test byte [ebp - 0x138], al
+je loc_fffc7ef8 ; je 0xfffc7ef8
+cmp dword [ebp - 0x150], 0
+je short loc_fffc7e62 ; je 0xfffc7e62
+mov esi, dword [ebp - 0x10c]
+mov ebx, dword [ebp - 0x110]
+push eax
+push 4
+push esi
+push ebx
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x10c], esi
+and eax, 0x780
+xor eax, ebx
+mov dword [ebp - 0x110], eax
+
+loc_fffc7e62: ; not directly referenced
+mov esi, dword [ebp - 0x10c]
+mov ebx, dword [ebp - 0x110]
+push eax
+push 9
+push esi
+push ebx
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 8
+push esi
+push ebx
+mov dword [ebp - 0x110], ebx
+and eax, 1
+mov word [ebp - 0x116], ax
+mov dword [ebp - 0x10c], esi
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+push 7
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+mov ebx, eax
+call dword [ebp - 0x58] ; ucall
+add esp, 0xc
+and ebx, 4
+push 0xb
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+and eax, 3
+mov word [ebp - 0x114], ax
+or word [ebp - 0x114], bx
+call dword [ebp - 0x58] ; ucall
+mov cl, byte [ebp - 0x144]
+add esp, 0x10
+add ecx, 0xa
+shr edi, cl
+lea edi, [edi - 1]
+mov word [ebp - 0x128], di
+and word [ebp - 0x128], ax
+jmp near loc_fffc8107 ; jmp 0xfffc8107
+
+loc_fffc7ef8: ; not directly referenced
+cmp dword [ebp - 0x144], 1
+jne loc_fffc7f9a ; jne 0xfffc7f9a
+mov ecx, dword [ebp - 0x110]
+mov eax, edi
+shr eax, 1
+mov ebx, dword [ebp - 0x10c]
+push esi
+push 7
+test ecx, eax
+setne al
+and eax, dword [ebp - 0x138]
+push ebx
+push ecx
+mov word [ebp - 0x116], ax
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 7
+cmp dword [ebp - 0x150], 0
+mov word [ebp - 0x114], ax
+je short loc_fffc7f64 ; je 0xfffc7f64
+push ebx
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 7
+xor word [ebp - 0x114], ax
+
+loc_fffc7f64: ; not directly referenced
+push ecx
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+mov ecx, dword [ebp - 0x138]
+add esp, 0x10
+add ecx, 0xa
+shr edi, cl
+lea esi, [edi - 1]
+mov word [ebp - 0x128], si
+and word [ebp - 0x128], ax
+jmp near loc_fffc8114 ; jmp 0xfffc8114
+
+loc_fffc7f9a: ; not directly referenced
+cmp dword [ebp - 0x138], 0
+je loc_fffc8089 ; je 0xfffc8089
+mov al, byte [ebp - 0x154]
+and eax, 1
+cmp word [ebp - 0x116], 0xb
+sete dl
+test dl, al
+je short loc_fffc7fdf ; je 0xfffc7fdf
+cmp edi, 0x4000000
+je short loc_fffc7fda ; je 0xfffc7fda
+cmp edi, 0x8000000
+jne loc_fffc8257 ; jne 0xfffc8257
+mov edi, 0x4000000
+jmp short loc_fffc7fdf ; jmp 0xfffc7fdf
+
+loc_fffc7fda: ; not directly referenced
+mov edi, 0x2000000
+
+loc_fffc7fdf: ; not directly referenced
+cmp word [ebp - 0x116], 9
+sete dl
+test dl, al
+je short loc_fffc7ffb ; je 0xfffc7ffb
+cmp edi, 0x1000000
+je short loc_fffc805d ; je 0xfffc805d
+jmp near loc_fffc8257 ; jmp 0xfffc8257
+
+loc_fffc7ffb: ; not directly referenced
+cmp edi, 0x2000000
+je short loc_fffc805d ; je 0xfffc805d
+ja short loc_fffc8025 ; ja 0xfffc8025
+cmp edi, 0x800000
+je short loc_fffc8045 ; je 0xfffc8045
+cmp edi, 0x1000000
+jne loc_fffc8257 ; jne 0xfffc8257
+mov eax, 0x17
+mov esi, 0x7ffc00
+jmp short loc_fffc8067 ; jmp 0xfffc8067
+
+loc_fffc8025: ; not directly referenced
+cmp edi, 0x4000000
+je short loc_fffc8051 ; je 0xfffc8051
+cmp edi, 0x8000000
+jne loc_fffc8257 ; jne 0xfffc8257
+mov eax, 0x1a
+mov esi, 0x3fffc00
+jmp short loc_fffc8067 ; jmp 0xfffc8067
+
+loc_fffc8045: ; not directly referenced
+mov eax, 0x16
+mov esi, 0x3ffc00
+jmp short loc_fffc8067 ; jmp 0xfffc8067
+
+loc_fffc8051: ; not directly referenced
+mov eax, 0x19
+mov esi, 0x1fffc00
+jmp short loc_fffc8067 ; jmp 0xfffc8067
+
+loc_fffc805d: ; not directly referenced
+mov eax, 0x18
+mov esi, 0xfffc00
+
+loc_fffc8067: ; not directly referenced
+push edx
+xor ebx, ebx
+push eax
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 1
+mov word [ebp - 0x116], ax
+jmp short loc_fffc809a ; jmp 0xfffc809a
+
+loc_fffc8089: ; not directly referenced
+mov word [ebp - 0x116], 0
+mov esi, 0xfffffc00
+or ebx, 0xffffffff
+
+loc_fffc809a: ; not directly referenced
+push eax
+push 7
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 7
+cmp dword [ebp - 0x150], 0
+mov word [ebp - 0x114], ax
+je short loc_fffc80e1 ; je 0xfffc80e1
+push edi
+push 0xa
+push dword [ebp - 0x10c]
+push dword [ebp - 0x110]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+and eax, 7
+xor word [ebp - 0x114], ax
+
+loc_fffc80e1: ; not directly referenced
+mov edi, dword [ebp - 0x10c]
+mov ecx, esi
+mov esi, dword [ebp - 0x110]
+and edi, ebx
+push ebx
+and ecx, esi
+push 0xa
+push edi
+push ecx
+call dword [ebp - 0x58] ; ucall
+mov word [ebp - 0x128], ax
+jmp near loc_fffc8252 ; jmp 0xfffc8252
+
+loc_fffc8107: ; not directly referenced
+cmp dword [ebp - 0x144], 1
+jne loc_fffc8262 ; jne 0xfffc8262
+
+loc_fffc8114: ; not directly referenced
+movzx esi, word [ebp - 0x116]
+xor ebx, ebx
+movzx edi, word [ebp - 0x118]
+
+loc_fffc8124: ; not directly referenced
+push ecx
+push 0x3f
+push dword [ebp + ebx*2 - 0xe4]
+push dword [ebp + ebx*2 - 0xe8]
+call dword [ebp - 0x58] ; ucall
+add esp, 0x10
+test al, 1
+je short loc_fffc8181 ; je 0xfffc8181
+sub esp, 0xc
+movzx eax, word [ebp - 0x160]
+mov ecx, esi
+push dword [ebp - 0x148]
+mov edx, edi
+push dword [ebp + ebx - 0xf8]
+push eax
+movzx eax, word [ebp - 0x128]
+push eax
+movzx eax, word [ebp - 0x114]
+push eax
+mov eax, dword [ebp - 0x16c]
+call fcn_fffc455b ; call 0xfffc455b
+add esp, 0x20
+test eax, eax
+jne loc_fffc826e ; jne 0xfffc826e
+
+loc_fffc8181: ; not directly referenced
+add ebx, 4
+cmp ebx, 0x10
+jne short loc_fffc8124 ; jne 0xfffc8124
+xor bl, bl
+
+loc_fffc818b: ; not directly referenced
+push edx
+mov ecx, dword [ebp - 0x12c]
+push dword [ebp + ebx*8 - 0xe4]
+push dword [ebp + ebx*8 - 0xe8]
+mov edx, dword [ebp - 0x130]
+lea eax, [ebp - 0xc4]
+push 0
+call fcn_fffb726f ; call 0xfffb726f
+add esp, 0x10
+test eax, eax
+je short loc_fffc822c ; je 0xfffc822c
+mov eax, dword [ebp + ebx*4 - 0xf8]
+mov edx, eax
+shr edx, 0x1d
+mov esi, edx
+mov edx, eax
+and esi, 1
+shr edx, 0xc
+cmp dword [ebp - 0x140], 0
+mov word [ebp - 0x158], si
+jne loc_fffc82c1 ; jne 0xfffc82c1
+mov edi, edx
+mov edx, eax
+and edi, 1
+shr edx, 0xb
+mov word [ebp - 0x118], di
+mov esi, edx
+mov edi, eax
+and esi, 1
+shr edi, 8
+mov word [ebp - 0x116], si
+mov esi, edi
+and esi, 7
+mov word [ebp - 0x114], si
+
+loc_fffc8212: ; not directly referenced
+mov edi, eax
+movzx eax, al
+shr edi, 0xd
+shl eax, 3
+mov dword [ebp - 0x128], edi
+mov word [ebp - 0x156], ax
+jmp short loc_fffc8236 ; jmp 0xfffc8236
+
+loc_fffc822c: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne loc_fffc818b ; jne 0xfffc818b
+
+loc_fffc8236: ; not directly referenced
+push eax
+push 3
+push dword [ebp - 0x12c]
+push dword [ebp - 0x130]
+call dword [ebp - 0x58] ; ucall
+and eax, 7
+or word [ebp - 0x156], ax
+
+loc_fffc8252: ; not directly referenced
+add esp, 0x10
+jmp short loc_fffc8262 ; jmp 0xfffc8262
+
+loc_fffc8257: ; not directly referenced
+mov word [ebp - 0x116], 0
+jmp short loc_fffc8278 ; jmp 0xfffc8278
+
+loc_fffc8262: ; not directly referenced
+mov dword [ebp - 0x140], 1
+jmp short loc_fffc8278 ; jmp 0xfffc8278
+
+loc_fffc826e: ; not directly referenced
+mov dword [ebp - 0x140], 0
+
+loc_fffc8278: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+mov ecx, dword [ebp - 0x128]
+mov si, word [ebp - 0x156]
+mov byte [eax], 0
+mov edi, eax
+mov al, byte [ebp - 0x158]
+mov word [edi + 7], cx
+mov word [edi + 5], si
+mov byte [edi + 1], al
+mov al, byte [ebp - 0x118]
+mov byte [edi + 2], al
+mov al, byte [ebp - 0x116]
+mov byte [edi + 3], al
+mov al, byte [ebp - 0x114]
+mov byte [edi + 4], al
+mov al, byte [ebp - 0x140]
+jmp short loc_fffc82ec ; jmp 0xfffc82ec
+
+loc_fffc82c1: ; not directly referenced
+mov esi, edx
+mov edi, eax
+and esi, 1
+shr edi, 8
+mov word [ebp - 0x116], si
+mov esi, edi
+and esi, 0xf
+mov word [ebp - 0x114], si
+mov word [ebp - 0x118], 0
+jmp near loc_fffc8212 ; jmp 0xfffc8212
+
+loc_fffc82ec: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc82f4: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x4c
+mov eax, dword [ebp + 8]
+call fcn_fffb0e8a ; call 0xfffb0e8a
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+call fcn_fffa6828 ; call 0xfffa6828
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+mov ecx, 0xf
+mov edx, 0x4d94
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 3
+jne loc_fffc849f ; jne 0xfffc849f
+mov ecx, 0xf
+mov edx, 0x4d90
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 0x5030
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5030
+or eax, 0x400000
+mov ecx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 1
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffc839d ; jne 0xfffc839d
+movzx ecx, byte [eax + 0x47e8]
+mov edx, 0x4192
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffc839d: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+jne short loc_fffc83ba ; jne 0xfffc83ba
+movzx ecx, byte [eax + 0x5bab]
+mov edx, 0x4592
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffc83ba: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0xbb8
+xor ebx, ebx
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 8]
+lea edi, [eax + 0x3756]
+
+loc_fffc83d2: ; not directly referenced
+cmp dword [edi], 2
+je short loc_fffc83f4 ; je 0xfffc83f4
+
+loc_fffc83d7: ; not directly referenced
+inc ebx
+add edi, 0x13c3
+cmp ebx, 2
+jne short loc_fffc83d2 ; jne 0xfffc83d2
+mov eax, dword [ebp + 8]
+mov edx, 0x96
+xor esi, esi
+call fcn_fffa834b ; call 0xfffa834b
+jmp short loc_fffc8471 ; jmp 0xfffc8471
+
+loc_fffc83f4: ; not directly referenced
+mov dword [ebp - 0x30], 0
+
+loc_fffc83fb: ; not directly referenced
+mov cl, byte [ebp - 0x30]
+mov eax, 1
+shl eax, cl
+test byte [edi + 0xc4], al
+jne short loc_fffc8418 ; jne 0xfffc8418
+
+loc_fffc840d: ; not directly referenced
+inc dword [ebp - 0x30]
+cmp dword [ebp - 0x30], 4
+jne short loc_fffc83fb ; jne 0xfffc83fb
+jmp short loc_fffc83d7 ; jmp 0xfffc83d7
+
+loc_fffc8418: ; not directly referenced
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x247c], 0
+je short loc_fffc8451 ; je 0xfffc8451
+push 0
+mov ecx, eax
+mov eax, dword [ebp + 8]
+lea esi, [ebp - 0x24]
+mov edx, ebx
+push esi
+push 0
+push 7
+mov dword [ebp - 0x24], 0x8600
+call fcn_fffafb06 ; call 0xfffafb06
+mov eax, dword [ebp + 8]
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+add esp, 0x10
+
+loc_fffc8451: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, ebx
+push ecx
+mov ecx, dword [ebp - 0x30]
+push 1
+push 0xfc
+push 0x3f
+call fcn_fffaa505 ; call 0xfffaa505
+add esp, 0x10
+mov esi, eax
+test eax, eax
+je short loc_fffc840d ; je 0xfffc840d
+
+loc_fffc8471: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x247c], 0
+je short loc_fffc848b ; je 0xfffc848b
+sub esp, 0xc
+push eax
+call fcn_fffb1d2f ; call 0xfffb1d2f
+add esp, 0x10
+mov esi, eax
+
+loc_fffc848b: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x4d94
+call fcn_fffaeb7c ; call 0xfffaeb7c
+jmp near loc_fffc9120 ; jmp 0xfffc9120
+
+loc_fffc849f: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, dword [eax + 0x1887]
+mov esi, dword [eax + 0x2443]
+cmp edx, 0x306d0
+sete al
+cmp edx, 0x40650
+sete dl
+or eax, edx
+movzx eax, al
+mov dword [ebp - 0x34], eax
+mov edi, eax
+mov eax, dword [ebp + 8]
+mov ebx, dword [eax + 0x18c1]
+push 0xf0
+push 0
+push 0x1f
+push 0
+call dword [esi + 0x4c] ; ucall
+add ebx, eax
+mov dword [esp], ebx
+xor ebx, ebx
+call dword [esi + 0x20] ; ucall
+add esp, 0x10
+mov dword [ebp - 0x30], eax
+and dword [ebp - 0x30], 0xfffffffe
+test edi, edi
+je short loc_fffc851b ; je 0xfffc851b
+mov eax, dword [ebp - 0x30]
+sub esp, 0xc
+lea edi, [eax + 0x333c]
+push edi
+call dword [esi + 0x20] ; ucall
+mov ebx, eax
+pop eax
+or ebx, 0x4000000
+pop edx
+push ebx
+push edi
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+
+loc_fffc851b: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, 0x102
+mov edx, 0x5030
+mov edi, 0x102
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov ecx, 0xf
+mov edx, 0x4d90
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x34], 0
+je short loc_fffc8564 ; je 0xfffc8564
+push eax
+and ebx, 0xfbffffff
+push eax
+mov eax, dword [ebp - 0x30]
+push ebx
+add eax, 0x333c
+push eax
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+jmp short loc_fffc8585 ; jmp 0xfffc8585
+
+loc_fffc8564: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x5030
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5030
+mov edi, eax
+mov eax, dword [ebp + 8]
+and edi, 0xfffffffd
+mov ecx, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc8585: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0xc8
+mov ecx, dword [ebp + 8]
+mov eax, dword [eax + 0x18a7]
+mov ecx, dword [ecx + eax*4 + 0x3735]
+test ecx, ecx
+je loc_fffc8636 ; je 0xfffc8636
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x2479], 0
+jne loc_fffc8636 ; jne 0xfffc8636
+mov edx, dword [eax + 0x2443]
+mov dword [ebp - 0x3c], ecx
+push ecx
+movzx eax, byte [eax + 0x187f]
+mov dword [ebp - 0x38], edx
+push eax
+mov eax, dword [ebp + 8]
+movzx eax, byte [eax + 0x18b0]
+push eax
+mov eax, dword [ebp + 8]
+push dword [eax + 0x18c1]
+call dword [edx + 0x88] ; ucall
+mov ecx, dword [ebp - 0x3c]
+add esp, 0x10
+cmp ecx, eax
+je short loc_fffc861a ; je 0xfffc861a
+mov eax, dword [ebp + 8]
+push ecx
+mov edx, dword [ebp - 0x38]
+movzx eax, byte [eax + 0x187f]
+push eax
+mov eax, dword [ebp + 8]
+movzx eax, byte [eax + 0x18b0]
+push eax
+mov eax, dword [ebp + 8]
+push dword [eax + 0x18c1]
+call dword [edx + 0x8c] ; ucall
+add esp, 0x10
+
+loc_fffc861a: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x18ee]
+mov dword [ebp - 0x38], eax
+lea edx, [eax + 0xc8]
+mov eax, dword [ebp + 8]
+mov byte [eax + 0x2479], 1
+
+loc_fffc8636: ; not directly referenced
+imul edx, edx, 0xf
+mov eax, dword [ebp + 8]
+call fcn_fffa834b ; call 0xfffa834b
+cmp dword [ebp - 0x34], 0
+je short loc_fffc8661 ; je 0xfffc8661
+push eax
+or ebx, 0x4000000
+push eax
+mov eax, dword [ebp - 0x30]
+push ebx
+add eax, 0x333c
+push eax
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+jmp short loc_fffc8673 ; jmp 0xfffc8673
+
+loc_fffc8661: ; not directly referenced
+mov eax, dword [ebp + 8]
+or edi, 2
+mov edx, 0x5030
+mov ecx, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc8673: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 0x1d4c
+or edi, 0x400000
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 8]
+mov ecx, edi
+mov edx, 0x5030
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp + 8]
+mov edx, 1
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x3756], 2
+jne short loc_fffc86bf ; jne 0xfffc86bf
+movzx ecx, byte [eax + 0x381a]
+mov edx, 0x4192
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffc86bf: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x4b19], 2
+jne short loc_fffc86dc ; jne 0xfffc86dc
+movzx ecx, byte [eax + 0x4bdd]
+mov edx, 0x4592
+call fcn_fffae566 ; call 0xfffae566
+
+loc_fffc86dc: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov edx, 1
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 8]
+cmp dword [eax + 0x2480], 2
+jne loc_fffc8ce3 ; jne 0xfffc8ce3
+mov edi, dword [eax + 0x36d7]
+xor eax, eax
+cmp edi, 0x640
+jbe short loc_fffc8714 ; jbe 0xfffc8714
+cmp edi, 0x961
+sbb eax, eax
+add eax, 2
+
+loc_fffc8714: ; not directly referenced
+mov esi, dword [ebp + 8]
+cmp al, 3
+mov bl, 3
+cmovbe ebx, eax
+xor eax, eax
+and ebx, 3
+shl ebx, 9
+add esi, 0x374e
+mov byte [ebp - 0x30], 0
+mov dword [ebp - 0x34], esi
+
+loc_fffc8733: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x30], 1
+setbe dl
+test cl, dl
+je loc_fffc87f6 ; je 0xfffc87f6
+movzx edx, byte [ebp - 0x30]
+xor eax, eax
+mov ecx, dword [ebp + 8]
+imul esi, edx, 0x13c3
+add ecx, esi
+cmp dword [ecx + 0x3756], 2
+jne loc_fffc87ee ; jne 0xfffc87ee
+mov eax, dword [ebp - 0x34]
+lea eax, [eax + esi + 8]
+test byte [ecx + 0x381a], 1
+je short loc_fffc879e ; je 0xfffc879e
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x247b], 0
+jne short loc_fffc8795 ; jne 0xfffc8795
+mov word [eax + 0x1271], bx
+mov word [eax + 0x1289], bx
+
+loc_fffc878f: ; not directly referenced
+mov word [ebp - 0x24], bx
+jmp short loc_fffc879e ; jmp 0xfffc879e
+
+loc_fffc8795: ; not directly referenced
+mov bx, word [eax + 0x1271]
+jmp short loc_fffc878f ; jmp 0xfffc878f
+
+loc_fffc879e: ; not directly referenced
+imul ecx, edx, 0x13c3
+mov esi, dword [ebp + 8]
+test byte [esi + ecx + 0x381a], 4
+je short loc_fffc87d7 ; je 0xfffc87d7
+cmp byte [esi + 0x247b], 0
+jne short loc_fffc87ce ; jne 0xfffc87ce
+mov word [eax + 0x1399], bx
+mov word [eax + 0x13b1], bx
+
+loc_fffc87c8: ; not directly referenced
+mov word [ebp - 0x22], bx
+jmp short loc_fffc87d7 ; jmp 0xfffc87d7
+
+loc_fffc87ce: ; not directly referenced
+mov bx, word [eax + 0x1399]
+jmp short loc_fffc87c8 ; jmp 0xfffc87c8
+
+loc_fffc87d7: ; not directly referenced
+sub esp, 0xc
+mov ecx, 3
+lea eax, [ebp - 0x24]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+
+loc_fffc87ee: ; not directly referenced
+inc byte [ebp - 0x30]
+jmp near loc_fffc8733 ; jmp 0xfffc8733
+
+loc_fffc87f6: ; not directly referenced
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+mov bl, 4
+movzx eax, byte [eax + 0x247d]
+mov dword [ebp - 0x34], eax
+cmp edi, 0x535
+jbe short loc_fffc882c ; jbe 0xfffc882c
+mov bl, 5
+cmp edi, 0x74b
+jbe short loc_fffc882c ; jbe 0xfffc882c
+cmp edi, 0x961
+sbb ebx, ebx
+add ebx, 7
+
+loc_fffc882c: ; not directly referenced
+sub ebx, 4
+mov al, 3
+cmp bl, 3
+cmova ebx, eax
+mov eax, dword [ebp + 8]
+xor esi, esi
+and ebx, 7
+shl ebx, 0xa
+or bl, 0x8d
+mov byte [ebp - 0x30], 0
+lea edi, [eax + 0x374e]
+
+loc_fffc884f: ; not directly referenced
+test esi, esi
+sete dl
+cmp byte [ebp - 0x30], 1
+setbe al
+test dl, al
+je loc_fffc891d ; je 0xfffc891d
+movzx edx, byte [ebp - 0x30]
+xor esi, esi
+mov ecx, dword [ebp + 8]
+imul eax, edx, 0x13c3
+add ecx, eax
+cmp dword [ecx + 0x3756], 2
+jne loc_fffc8915 ; jne 0xfffc8915
+lea eax, [edi + eax + 8]
+test byte [ecx + 0x381a], 1
+je short loc_fffc88bd ; je 0xfffc88bd
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x247b], 0
+je short loc_fffc88a7 ; je 0xfffc88a7
+
+loc_fffc889a: ; not directly referenced
+mov bx, word [eax + 0x1277]
+
+loc_fffc88a1: ; not directly referenced
+mov word [ebp - 0x24], bx
+jmp short loc_fffc88bd ; jmp 0xfffc88bd
+
+loc_fffc88a7: ; not directly referenced
+cmp dword [ebp - 0x34], 0
+jne short loc_fffc889a ; jne 0xfffc889a
+mov word [eax + 0x1277], bx
+mov word [eax + 0x128f], bx
+jmp short loc_fffc88a1 ; jmp 0xfffc88a1
+
+loc_fffc88bd: ; not directly referenced
+imul ecx, edx, 0x13c3
+mov esi, dword [ebp + 8]
+test byte [esi + ecx + 0x381a], 4
+je short loc_fffc88fc ; je 0xfffc88fc
+cmp byte [esi + 0x247b], 0
+je short loc_fffc88e6 ; je 0xfffc88e6
+
+loc_fffc88d9: ; not directly referenced
+mov bx, word [eax + 0x139f]
+
+loc_fffc88e0: ; not directly referenced
+mov word [ebp - 0x22], bx
+jmp short loc_fffc88fc ; jmp 0xfffc88fc
+
+loc_fffc88e6: ; not directly referenced
+cmp dword [ebp - 0x34], 0
+jne short loc_fffc88d9 ; jne 0xfffc88d9
+mov word [eax + 0x139f], bx
+mov word [eax + 0x13b7], bx
+jmp short loc_fffc88e0 ; jmp 0xfffc88e0
+
+loc_fffc88fc: ; not directly referenced
+sub esp, 0xc
+mov ecx, 6
+lea eax, [ebp - 0x24]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+mov esi, eax
+
+loc_fffc8915: ; not directly referenced
+inc byte [ebp - 0x30]
+jmp near loc_fffc884f ; jmp 0xfffc884f
+
+loc_fffc891d: ; not directly referenced
+mov dword [ebp - 0x38], esi
+test esi, esi
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+mov ebx, 0x20
+mov byte [ebp - 0x30], 0
+add eax, 0x374e
+mov dword [ebp - 0x40], eax
+
+loc_fffc893c: ; not directly referenced
+test esi, esi
+sete dl
+cmp byte [ebp - 0x30], 1
+setbe al
+test dl, al
+je loc_fffc8a13 ; je 0xfffc8a13
+movzx eax, byte [ebp - 0x30]
+imul edx, eax, 0x13c3
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp + 8]
+add eax, edx
+cmp dword [eax + 0x3756], 2
+jne loc_fffc8a08 ; jne 0xfffc8a08
+mov edi, dword [ebp - 0x40]
+mov dword [ebp - 0x3c], eax
+lea esi, [edi + edx + 0x127d]
+xor edi, edi
+
+loc_fffc897e: ; not directly referenced
+mov ecx, edi
+mov eax, 1
+shl eax, cl
+mov ecx, dword [ebp - 0x3c]
+test byte [ecx + 0x381a], al
+je short loc_fffc89dc ; je 0xfffc89dc
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x247b], 0
+je short loc_fffc89a3 ; je 0xfffc89a3
+mov bx, word [esi]
+jmp short loc_fffc89d7 ; jmp 0xfffc89d7
+
+loc_fffc89a3: ; not directly referenced
+mov edx, dword [ebp - 0x34]
+mov eax, dword [ebp + 8]
+call fcn_fffa6c42 ; call 0xfffa6c42
+test eax, eax
+je loc_fffc8ec5 ; je 0xfffc8ec5
+movzx ecx, byte [eax + 2]
+sub esp, 0xc
+mov edx, dword [ebp + 8]
+lea eax, [ebp - 0x2a]
+push ebx
+call fcn_fffa6cab ; call 0xfffa6cab
+mov bx, word [ebp - 0x2a]
+add esp, 0x10
+mov word [esi], bx
+mov word [esi + 0x18], bx
+
+loc_fffc89d7: ; not directly referenced
+mov word [ebp + edi - 0x24], bx
+
+loc_fffc89dc: ; not directly referenced
+add edi, 2
+add esi, 0x128
+cmp edi, 4
+jne short loc_fffc897e ; jne 0xfffc897e
+sub esp, 0xc
+mov edx, dword [ebp - 0x34]
+mov ecx, 5
+lea eax, [ebp - 0x24]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+mov esi, eax
+jmp short loc_fffc8a0b ; jmp 0xfffc8a0b
+
+loc_fffc8a08: ; not directly referenced
+mov esi, dword [ebp - 0x38]
+
+loc_fffc8a0b: ; not directly referenced
+inc byte [ebp - 0x30]
+jmp near loc_fffc893c ; jmp 0xfffc893c
+
+loc_fffc8a13: ; not directly referenced
+test esi, esi
+jne loc_fffc9116 ; jne 0xfffc9116
+mov edi, dword [ebp + 8]
+xor ebx, ebx
+xor eax, eax
+mov byte [ebp - 0x30], 0
+add edi, 0x374e
+
+loc_fffc8a2c: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x30], 1
+setbe dl
+test cl, dl
+je loc_fffc8aec ; je 0xfffc8aec
+movzx edx, byte [ebp - 0x30]
+xor eax, eax
+mov ecx, dword [ebp + 8]
+imul esi, edx, 0x13c3
+add ecx, esi
+cmp dword [ecx + 0x3756], 2
+jne loc_fffc8ae4 ; jne 0xfffc8ae4
+lea eax, [edi + esi + 8]
+test byte [ecx + 0x381a], 1
+je short loc_fffc8a94 ; je 0xfffc8a94
+mov esi, dword [ebp + 8]
+cmp byte [esi + 0x247b], 0
+jne short loc_fffc8a8b ; jne 0xfffc8a8b
+mov word [eax + 0x1273], bx
+mov word [eax + 0x128b], bx
+
+loc_fffc8a85: ; not directly referenced
+mov word [ebp - 0x24], bx
+jmp short loc_fffc8a94 ; jmp 0xfffc8a94
+
+loc_fffc8a8b: ; not directly referenced
+mov bx, word [eax + 0x1273]
+jmp short loc_fffc8a85 ; jmp 0xfffc8a85
+
+loc_fffc8a94: ; not directly referenced
+imul ecx, edx, 0x13c3
+mov esi, dword [ebp + 8]
+test byte [esi + ecx + 0x381a], 4
+je short loc_fffc8acd ; je 0xfffc8acd
+cmp byte [esi + 0x247b], 0
+jne short loc_fffc8ac4 ; jne 0xfffc8ac4
+mov word [eax + 0x139b], bx
+mov word [eax + 0x13b3], bx
+
+loc_fffc8abe: ; not directly referenced
+mov word [ebp - 0x22], bx
+jmp short loc_fffc8acd ; jmp 0xfffc8acd
+
+loc_fffc8ac4: ; not directly referenced
+mov bx, word [eax + 0x139b]
+jmp short loc_fffc8abe ; jmp 0xfffc8abe
+
+loc_fffc8acd: ; not directly referenced
+sub esp, 0xc
+mov ecx, 4
+lea eax, [ebp - 0x24]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+
+loc_fffc8ae4: ; not directly referenced
+inc byte [ebp - 0x30]
+jmp near loc_fffc8a2c ; jmp 0xfffc8a2c
+
+loc_fffc8aec: ; not directly referenced
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+mov byte [ebp - 0x30], 0
+add eax, 0x374e
+mov dword [ebp - 0x48], eax
+mov eax, dword [ebp + 8]
+imul eax, dword [eax + 0x18a7], 0x2e
+mov dword [ebp - 0x4c], eax
+
+loc_fffc8b12: ; not directly referenced
+test esi, esi
+sete dl
+cmp byte [ebp - 0x30], 1
+setbe al
+test dl, al
+je loc_fffc8c8a ; je 0xfffc8c8a
+movzx eax, byte [ebp - 0x30]
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0x38], eax
+imul eax, eax, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne loc_fffc8c80 ; jne 0xfffc8c80
+mov edi, dword [ebp - 0x48]
+lea edi, [edi + eax + 8]
+mov eax, dword [ebp - 0x4c]
+movzx eax, word [edi + eax + 0xc]
+cmp ax, 0xc
+ja short loc_fffc8b5e ; ja 0xfffc8b5e
+sub eax, 9
+jmp short loc_fffc8b6c ; jmp 0xfffc8b6c
+
+loc_fffc8b5e: ; not directly referenced
+sub eax, 0xe
+mov ecx, 2
+cdq
+idiv ecx
+or eax, 4
+
+loc_fffc8b6c: ; not directly referenced
+and eax, 7
+lea ebx, [eax*8]
+imul eax, dword [ebp - 0x38], 0x13c3
+add eax, dword [ebp + 8]
+mov dword [ebp - 0x3c], 0
+mov dword [ebp - 0x40], eax
+movzx eax, byte [ebp - 0x30]
+mov dword [ebp - 0x44], eax
+
+loc_fffc8b91: ; not directly referenced
+mov esi, dword [ebp - 0x3c]
+mov eax, esi
+mov ecx, esi
+mov byte [ebp - 0x34], al
+mov eax, 1
+shl eax, cl
+mov ecx, dword [ebp - 0x40]
+test byte [ecx + 0x381a], al
+je loc_fffc8c54 ; je 0xfffc8c54
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x247b], 0
+je short loc_fffc8bd4 ; je 0xfffc8bd4
+mov eax, esi
+shr al, 1
+movzx eax, al
+imul eax, eax, 0x128
+mov bx, word [edi + eax + 0x126f]
+jmp short loc_fffc8c47 ; jmp 0xfffc8c47
+
+loc_fffc8bd4: ; not directly referenced
+mov edx, dword [ebp - 0x38]
+mov eax, dword [ebp + 8]
+call fcn_fffa6c42 ; call 0xfffa6c42
+test eax, eax
+je loc_fffc8ec5 ; je 0xfffc8ec5
+mov dl, byte [eax]
+cmp dl, 0x78
+je short loc_fffc8c08 ; je 0xfffc8c08
+ja short loc_fffc8bf7 ; ja 0xfffc8bf7
+mov al, 4
+cmp dl, 0x50
+jmp short loc_fffc8c02 ; jmp 0xfffc8c02
+
+loc_fffc8bf7: ; not directly referenced
+mov al, 2
+cmp dl, 0xf0
+je short loc_fffc8c0a ; je 0xfffc8c0a
+mov al, 3
+inc dl
+
+loc_fffc8c02: ; not directly referenced
+je short loc_fffc8c0a ; je 0xfffc8c0a
+xor eax, eax
+jmp short loc_fffc8c0a ; jmp 0xfffc8c0a
+
+loc_fffc8c08: ; not directly referenced
+mov al, 1
+
+loc_fffc8c0a: ; not directly referenced
+shl eax, 9
+and bh, 0xf1
+mov edx, dword [ebp - 0x44]
+or ebx, eax
+mov al, byte [ebp - 0x34]
+sub esp, 0xc
+shr al, 1
+movzx esi, al
+movzx eax, bx
+mov ecx, esi
+imul esi, esi, 0x128
+push eax
+mov eax, dword [ebp + 8]
+add esi, edi
+call fcn_fffa8733 ; call 0xfffa8733
+add esp, 0x10
+mov word [esi + 0x126f], bx
+mov word [esi + 0x1287], bx
+
+loc_fffc8c47: ; not directly referenced
+mov al, byte [ebp - 0x34]
+shr al, 1
+movzx eax, al
+mov word [ebp + eax*2 - 0x24], bx
+
+loc_fffc8c54: ; not directly referenced
+add dword [ebp - 0x3c], 2
+cmp dword [ebp - 0x3c], 4
+jne loc_fffc8b91 ; jne 0xfffc8b91
+sub esp, 0xc
+mov edx, dword [ebp - 0x38]
+mov ecx, 2
+lea eax, [ebp - 0x24]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+mov esi, eax
+jmp short loc_fffc8c82 ; jmp 0xfffc8c82
+
+loc_fffc8c80: ; not directly referenced
+xor esi, esi
+
+loc_fffc8c82: ; not directly referenced
+inc byte [ebp - 0x30]
+jmp near loc_fffc8b12 ; jmp 0xfffc8b12
+
+loc_fffc8c8a: ; not directly referenced
+test esi, esi
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+call fcn_fffac67c ; call 0xfffac67c
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+mov edx, 1
+call fcn_fffb14e1 ; call 0xfffb14e1
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 3
+call fcn_fffb1bed ; call 0xfffb1bed
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+mov byte [eax + 0x247d], 1
+jmp near loc_fffc9116 ; jmp 0xfffc9116
+
+loc_fffc8ce3: ; not directly referenced
+mov edi, dword [ebp + 8]
+xor eax, eax
+mov byte [ebp - 0x30], 0
+add edi, 0x374e
+mov dword [ebp - 0x4c], edi
+mov edi, dword [ebp + 8]
+imul edi, dword [edi + 0x18a7], 0x2e
+mov dword [ebp - 0x50], edi
+
+loc_fffc8d02: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x30], 1
+setbe dl
+test cl, dl
+je loc_fffc8eb2 ; je 0xfffc8eb2
+movzx eax, byte [ebp - 0x30]
+imul edx, eax, 0x13c3
+mov dword [ebp - 0x34], eax
+mov eax, dword [ebp + 8]
+add eax, edx
+cmp dword [eax + 0x3756], 2
+jne loc_fffc8ea8 ; jne 0xfffc8ea8
+mov edi, dword [ebp - 0x4c]
+mov dword [ebp - 0x44], eax
+mov eax, dword [ebp - 0x34]
+lea esi, [edi + edx + 8]
+mov edi, dword [ebp - 0x50]
+mov dword [ebp - 0x48], eax
+mov di, word [esi + edi + 0xc]
+mov word [ebp - 0x38], di
+mov edi, dword [ebp - 0x38]
+mov dword [ebp - 0x38], 0
+lea ebx, [edi - 5]
+and ebx, 7
+shl ebx, 3
+
+loc_fffc8d64: ; not directly referenced
+mov edi, dword [ebp - 0x38]
+mov eax, edi
+mov ecx, edi
+mov edi, dword [ebp - 0x44]
+mov byte [ebp - 0x3c], al
+mov eax, 1
+shl eax, cl
+test byte [edi + 0x381a], al
+je loc_fffc8e7e ; je 0xfffc8e7e
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x247b], 0
+je short loc_fffc8daa ; je 0xfffc8daa
+mov al, cl
+shr al, 1
+movzx eax, al
+imul eax, eax, 0x128
+mov bx, word [esi + eax + 0x126f]
+jmp near loc_fffc8e71 ; jmp 0xfffc8e71
+
+loc_fffc8daa: ; not directly referenced
+mov al, byte [ebp - 0x3c]
+shr al, 1
+movzx edi, al
+mov byte [ebp - 0x40], al
+imul eax, edi, 0x128
+cmp byte [esi + eax + 0x1243], 1
+jne short loc_fffc8de3 ; jne 0xfffc8de3
+mov eax, dword [ebp + 8]
+cmp byte [eax + 0x190d], 0
+je short loc_fffc8df8 ; je 0xfffc8df8
+cmp dword [eax + 0x36cb], 1
+jne short loc_fffc8df8 ; jne 0xfffc8df8
+cmp byte [eax + 0x247f], 1
+je short loc_fffc8df8 ; je 0xfffc8df8
+
+loc_fffc8de3: ; not directly referenced
+imul eax, edi, 0x128
+cmp byte [esi + eax + 0x1242], 1
+sete al
+xor edx, edx
+jmp short loc_fffc8dfc ; jmp 0xfffc8dfc
+
+loc_fffc8df8: ; not directly referenced
+xor eax, eax
+mov dl, 1
+
+loc_fffc8dfc: ; not directly referenced
+and edx, 1
+and bl, 0x3f
+shl edx, 6
+and eax, 1
+shl eax, 7
+or ebx, edx
+mov edx, dword [ebp - 0x34]
+or ebx, eax
+mov eax, dword [ebp + 8]
+mov ecx, edi
+call fcn_fffa69ea ; call 0xfffa69ea
+test eax, eax
+je loc_fffc8ec5 ; je 0xfffc8ec5
+movzx eax, byte [eax]
+xor edx, edx
+cmp al, 0x78
+ja short loc_fffc8e37 ; ja 0xfffc8e37
+mov cl, 0x3c
+div cl
+test ah, 0x3f
+cmove edx, eax
+
+loc_fffc8e37: ; not directly referenced
+and edx, 3
+and bh, 0xf9
+movzx ecx, byte [ebp - 0x40]
+shl edx, 9
+sub esp, 0xc
+or ebx, edx
+mov edx, dword [ebp - 0x48]
+movzx eax, bx
+imul edi, edi, 0x128
+push eax
+mov eax, dword [ebp + 8]
+add edi, esi
+call fcn_fffa8733 ; call 0xfffa8733
+add esp, 0x10
+mov word [edi + 0x126f], bx
+mov word [edi + 0x1287], bx
+
+loc_fffc8e71: ; not directly referenced
+mov al, byte [ebp - 0x3c]
+shr al, 1
+movzx eax, al
+mov word [ebp + eax*2 - 0x24], bx
+
+loc_fffc8e7e: ; not directly referenced
+add dword [ebp - 0x38], 2
+cmp dword [ebp - 0x38], 4
+jne loc_fffc8d64 ; jne 0xfffc8d64
+sub esp, 0xc
+mov edx, dword [ebp - 0x34]
+mov ecx, 2
+lea eax, [ebp - 0x24]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+jmp short loc_fffc8eaa ; jmp 0xfffc8eaa
+
+loc_fffc8ea8: ; not directly referenced
+xor eax, eax
+
+loc_fffc8eaa: ; not directly referenced
+inc byte [ebp - 0x30]
+jmp near loc_fffc8d02 ; jmp 0xfffc8d02
+
+loc_fffc8eb2: ; not directly referenced
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+xor eax, eax
+xor ebx, ebx
+lea edi, [ebp - 0x24]
+jmp short loc_fffc8f07 ; jmp 0xfffc8f07
+
+loc_fffc8ec5: ; not directly referenced
+mov esi, 1
+jmp near loc_fffc9116 ; jmp 0xfffc9116
+
+loc_fffc8ecf: ; not directly referenced
+movzx edx, bl
+mov esi, dword [ebp + 8]
+xor eax, eax
+imul ecx, edx, 0x13c3
+cmp dword [esi + ecx + 0x3756], 2
+jne short loc_fffc8f06 ; jne 0xfffc8f06
+sub esp, 0xc
+mov ecx, 3
+push edi
+mov eax, esi
+mov word [ebp - 0x24], 0
+mov word [ebp - 0x22], 0
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+
+loc_fffc8f06: ; not directly referenced
+inc ebx
+
+loc_fffc8f07: ; not directly referenced
+test eax, eax
+sete cl
+cmp bl, 1
+setbe dl
+test cl, dl
+jne short loc_fffc8ecf ; jne 0xfffc8ecf
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+call fcn_fffb1a87 ; call 0xfffb1a87
+mov esi, eax
+test eax, eax
+jne loc_fffc9116 ; jne 0xfffc9116
+lea edi, [ebp - 0x24]
+mov esi, ref_fffd5abc ; mov esi, 0xfffd5abc
+mov ecx, 3
+mov ebx, 0x100
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov edi, dword [ebp + 8]
+xor eax, eax
+mov byte [ebp - 0x34], 0
+add edi, 0x374e
+mov dword [ebp - 0x3c], edi
+mov edi, dword [ebp + 8]
+imul edi, dword [edi + 0x18a7], 0x2e
+mov dword [ebp - 0x40], edi
+
+loc_fffc8f65: ; not directly referenced
+test eax, eax
+sete cl
+cmp byte [ebp - 0x34], 1
+setbe dl
+test cl, dl
+je loc_fffc90e3 ; je 0xfffc90e3
+movzx eax, byte [ebp - 0x34]
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0x38], eax
+imul eax, eax, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne loc_fffc90d9 ; jne 0xfffc90d9
+mov edi, dword [ebp - 0x3c]
+lea edi, [edi + eax + 8]
+mov eax, dword [ebp - 0x40]
+add eax, edi
+mov cx, word [eax + 0xa]
+movzx eax, word [eax + 0x2a]
+mov word [ebp - 0x30], cx
+cmp ax, 4
+jbe loc_fffc90eb ; jbe 0xfffc90eb
+cmp ax, 0xa
+setne cl
+cmp ax, 8
+seta dl
+test cl, dl
+je short loc_fffc8fe0 ; je 0xfffc8fe0
+mov edx, eax
+and edx, 0xfffffffd
+cmp dx, 0xc
+je short loc_fffc8fe0 ; je 0xfffc8fe0
+cmp ax, 0x10
+jne loc_fffc90eb ; jne 0xfffc90eb
+
+loc_fffc8fe0: ; not directly referenced
+mov esi, dword [ebp - 0x30]
+movzx eax, byte [ebp + eax - 0x29]
+cmp si, 0xc
+sbb ecx, ecx
+and ebx, 0xffffff8b
+mov esi, ebx
+mov bl, byte [ebp - 0x30]
+mov edx, ecx
+and edx, 0xfffffff8
+and eax, 7
+add edx, 0xc
+lea ecx, [ecx*4 + 4]
+sub ebx, edx
+and ecx, 4
+mov dl, bl
+or esi, ecx
+and edx, 7
+shl edx, 4
+or esi, edx
+shl eax, 9
+and si, 0xf1ff
+or esi, eax
+mov eax, dword [ebp + 8]
+mov ebx, esi
+mov al, byte [eax + 0x1906]
+cmp al, 6
+setne cl
+cmp al, 1
+seta dl
+and bh, 0xef
+test cl, dl
+jne short loc_fffc904c ; jne 0xfffc904c
+cmp al, 1
+setbe al
+and eax, 1
+shl eax, 0xc
+or ebx, eax
+
+loc_fffc904c: ; not directly referenced
+imul eax, dword [ebp - 0x38], 0x13c3
+mov esi, dword [ebp + 8]
+test byte [esi + eax + 0x381a], 1
+je short loc_fffc9086 ; je 0xfffc9086
+cmp byte [esi + 0x247b], 0
+jne short loc_fffc907d ; jne 0xfffc907d
+mov word [edi + 0x126b], bx
+mov word [edi + 0x1283], bx
+
+loc_fffc9077: ; not directly referenced
+mov word [ebp - 0x28], bx
+jmp short loc_fffc9086 ; jmp 0xfffc9086
+
+loc_fffc907d: ; not directly referenced
+mov bx, word [edi + 0x126b]
+jmp short loc_fffc9077 ; jmp 0xfffc9077
+
+loc_fffc9086: ; not directly referenced
+imul eax, dword [ebp - 0x38], 0x13c3
+mov ecx, dword [ebp + 8]
+test byte [ecx + eax + 0x381a], 4
+je short loc_fffc90c0 ; je 0xfffc90c0
+cmp byte [ecx + 0x247b], 0
+jne short loc_fffc90b7 ; jne 0xfffc90b7
+mov word [edi + 0x1393], bx
+mov word [edi + 0x13ab], bx
+
+loc_fffc90b1: ; not directly referenced
+mov word [ebp - 0x26], bx
+jmp short loc_fffc90c0 ; jmp 0xfffc90c0
+
+loc_fffc90b7: ; not directly referenced
+mov bx, word [edi + 0x1393]
+jmp short loc_fffc90b1 ; jmp 0xfffc90b1
+
+loc_fffc90c0: ; not directly referenced
+sub esp, 0xc
+mov edx, dword [ebp - 0x38]
+xor ecx, ecx
+lea eax, [ebp - 0x28]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb14b3 ; call 0xfffb14b3
+add esp, 0x10
+jmp short loc_fffc90db ; jmp 0xfffc90db
+
+loc_fffc90d9: ; not directly referenced
+xor eax, eax
+
+loc_fffc90db: ; not directly referenced
+inc byte [ebp - 0x34]
+jmp near loc_fffc8f65 ; jmp 0xfffc8f65
+
+loc_fffc90e3: ; not directly referenced
+mov esi, eax
+test eax, eax
+jne short loc_fffc9116 ; jne 0xfffc9116
+jmp short loc_fffc90f2 ; jmp 0xfffc90f2
+
+loc_fffc90eb: ; not directly referenced
+mov esi, 0xd
+jmp short loc_fffc9116 ; jmp 0xfffc9116
+
+loc_fffc90f2: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 3
+call fcn_fffb1bed ; call 0xfffb1bed
+mov esi, eax
+test eax, eax
+jne short loc_fffc9116 ; jne 0xfffc9116
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+mov edx, 0x4d94
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffc9116: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov byte [eax + 0x247b], 1
+
+loc_fffc9120: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc912a: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+mov esi, edx
+push ebx
+sub esp, 0x50
+mov eax, dword [ebp + 8]
+push 1
+push 7
+mov dword [ebp - 0x48], eax
+mov eax, dword [edi + 0x2443]
+mov byte [ebp - 0x49], dl
+lea edx, [ebp - 0x27]
+push edx
+mov byte [ebp - 0x4b], cl
+call dword [eax + 0x5c] ; ucall
+mov ecx, esi
+add esp, 0x10
+movzx esi, cl
+xor eax, eax
+lea edx, [edi + 0x3756]
+mov dword [ebp - 0x40], esi
+
+loc_fffc9167: ; not directly referenced
+mov esi, dword [ebp - 0x40]
+bt esi, eax
+jae loc_fffc9234 ; jae 0xfffc9234
+mov esi, dword [edx + 0x109]
+mov ecx, dword [edx + 0x111]
+mov dword [ebp + eax*4 - 0x20], 0
+mov dword [ebp - 0x3c], esi
+mov ebx, esi
+mov esi, dword [edx + 0x11d]
+cmp byte [edx + 0x11d], bl
+mov bl, byte [ebp - 0x3c]
+cmovg esi, ebx
+mov ebx, esi
+cmp bl, cl
+cmovg esi, ecx
+mov ebx, esi
+cmp bl, byte [edx + 0x115]
+mov bl, byte [edx + 0x115]
+cmovg esi, ebx
+mov ebx, esi
+mov esi, dword [edx + 0x11d]
+mov byte [ebp + eax - 0x2f], bl
+mov bl, byte [ebp - 0x3c]
+cmp byte [edx + 0x11d], bl
+cmovge ebx, esi
+mov esi, dword [edx + 0x115]
+cmp bl, cl
+cmovl ebx, ecx
+mov cl, byte [edx + 0xc4]
+cmp bl, byte [edx + 0x115]
+cmovl ebx, esi
+mov byte [ebp - 0x44], cl
+xor ecx, ecx
+mov byte [ebp + eax - 0x2d], bl
+
+loc_fffc91f1: ; not directly referenced
+mov ebx, 1
+shl ebx, cl
+test byte [ebp - 0x44], bl
+je short loc_fffc922c ; je 0xfffc922c
+mov bl, byte [edx + ecx + 0x245]
+movzx esi, byte [ebp + eax - 0x2f]
+cmp bl, byte [ebp + eax - 0x2f]
+mov byte [ebp - 0x3c], bl
+cmovle esi, ebx
+mov ebx, esi
+movzx esi, byte [ebp + eax - 0x2d]
+mov byte [ebp + eax - 0x2f], bl
+mov bl, byte [ebp - 0x3c]
+cmp bl, byte [ebp + eax - 0x2d]
+cmovl ebx, esi
+mov byte [ebp + eax - 0x2d], bl
+
+loc_fffc922c: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffc91f1 ; jne 0xfffc91f1
+jmp short loc_fffc9246 ; jmp 0xfffc9246
+
+loc_fffc9234: ; not directly referenced
+mov dword [ebp + eax*4 - 0x20], 1
+mov byte [ebp + eax - 0x2f], 0
+mov byte [ebp + eax - 0x2d], 0x7f
+
+loc_fffc9246: ; not directly referenced
+inc eax
+add edx, 0x13c3
+cmp eax, 2
+jne loc_fffc9167 ; jne 0xfffc9167
+cmp byte [ebp - 0x48], 0
+je short loc_fffc9281 ; je 0xfffc9281
+mov dl, byte [ebp - 0x2d]
+mov al, 0x5f
+cmp byte [ebp - 0x2d], 0x5f
+mov dword [ebp - 0x3c], 1
+cmovl edx, eax
+mov byte [ebp - 0x2b], dl
+mov dl, byte [ebp - 0x2c]
+cmp byte [ebp - 0x2c], 0x5f
+cmovge eax, edx
+mov byte [ebp - 0x2a], al
+jmp short loc_fffc92a4 ; jmp 0xfffc92a4
+
+loc_fffc9281: ; not directly referenced
+mov dl, byte [ebp - 0x2f]
+mov al, 0x20
+cmp byte [ebp - 0x2f], 0x20
+mov dword [ebp - 0x3c], 0xffffffff
+cmovg edx, eax
+mov byte [ebp - 0x2b], dl
+mov dl, byte [ebp - 0x2e]
+cmp byte [ebp - 0x2e], 0x20
+cmovle eax, edx
+mov byte [ebp - 0x2a], al
+
+loc_fffc92a4: ; not directly referenced
+mov al, byte [ebp - 0x2b]
+mov dword [ebp - 0x44], 0
+mov byte [ebp - 0x29], al
+mov al, byte [ebp - 0x2a]
+mov byte [ebp - 0x28], al
+mov eax, dword [ebp - 0x40]
+sar eax, 1
+mov dword [ebp - 0x48], eax
+mov al, byte [ebp - 0x49]
+and dword [ebp - 0x48], 1
+and eax, 1
+mov byte [ebp - 0x4c], al
+
+loc_fffc92cc: ; not directly referenced
+mov eax, dword [ebp - 0x3c]
+xor ebx, ebx
+add dword [ebp - 0x44], eax
+
+loc_fffc92d4: ; not directly referenced
+mov eax, dword [ebp - 0x40]
+bt eax, ebx
+jae short loc_fffc930b ; jae 0xfffc930b
+mov al, byte [ebp - 0x3c]
+mov edx, ebx
+add byte [ebp + ebx - 0x2b], al
+imul eax, ebx, 0x13c3
+mov cl, byte [ebp - 0x4b]
+and cl, byte [edi + eax + 0x381a]
+mov eax, edi
+push 0
+push 0
+push dword [ebp - 0x44]
+movzx ecx, cl
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffc930b: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffc92d4 ; jne 0xfffc92d4
+sub esp, 0xc
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0xc
+movzx ecx, byte [edi + 0x248b]
+mov edx, dword [ebp - 0x40]
+lea eax, [ebp - 0x27]
+push 0
+push 1
+push eax
+mov eax, edi
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+xor ecx, ecx
+mov byte [ebp - 0x4a], al
+
+loc_fffc933e: ; not directly referenced
+mov eax, 1
+shl eax, cl
+test byte [ebp - 0x49], al
+je short loc_fffc93c0 ; je 0xfffc93c0
+cmp dword [ebp + ecx*4 - 0x20], 0
+jne short loc_fffc93c0 ; jne 0xfffc93c0
+test byte [ebp - 0x4a], al
+je short loc_fffc9389 ; je 0xfffc9389
+mov bl, byte [ebp + ecx - 0x2b]
+mov dl, byte [ebp + ecx - 0x29]
+mov dword [ebp + ecx*4 - 0x20], 1
+movsx eax, bl
+sub eax, dword [ebp - 0x3c]
+movsx esi, dl
+cmp eax, esi
+jns short loc_fffc937c ; jns 0xfffc937c
+mov al, byte [ebp - 0x3c]
+add eax, edx
+sub eax, ebx
+jmp short loc_fffc9383 ; jmp 0xfffc9383
+
+loc_fffc937c: ; not directly referenced
+mov al, bl
+sub eax, dword [ebp - 0x3c]
+sub eax, edx
+
+loc_fffc9383: ; not directly referenced
+mov esi, dword [ebp + 0xc]
+mov byte [esi + ecx], al
+
+loc_fffc9389: ; not directly referenced
+mov al, byte [ebp + ecx - 0x2b]
+cmp al, 0x7f
+sete bl
+test al, al
+sete dl
+or bl, dl
+je short loc_fffc93c0 ; je 0xfffc93c0
+mov bl, byte [ebp + ecx - 0x29]
+movsx edx, al
+movsx esi, byte [ebp + ecx - 0x29]
+mov dword [ebp + ecx*4 - 0x20], 1
+sub ebx, eax
+sub al, byte [ebp + ecx - 0x29]
+cmp edx, esi
+cmovns ebx, eax
+mov eax, dword [ebp + 0xc]
+mov byte [eax + ecx], bl
+
+loc_fffc93c0: ; not directly referenced
+inc ecx
+cmp ecx, 2
+jne loc_fffc933e ; jne 0xfffc933e
+cmp byte [ebp - 0x4c], 0
+mov al, 1
+je short loc_fffc93d9 ; je 0xfffc93d9
+cmp dword [ebp - 0x20], 0
+setne al
+
+loc_fffc93d9: ; not directly referenced
+cmp dword [ebp - 0x48], 0
+je short loc_fffc93e9 ; je 0xfffc93e9
+cmp dword [ebp - 0x1c], 0
+je loc_fffc92cc ; je 0xfffc92cc
+
+loc_fffc93e9: ; not directly referenced
+test al, al
+je loc_fffc92cc ; je 0xfffc92cc
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc93f9: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x30
+mov edi, dword [ebx + 0x2443]
+movzx eax, cl
+push 0
+push 4
+lea esi, [ebp - 0x1a]
+push esi
+mov byte [ebp - 0x31], dl
+mov byte [ebp - 0x30], cl
+mov dword [ebp - 0x2c], eax
+call dword [edi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 4
+lea eax, [ebp - 0x1c]
+push eax
+call dword [edi + 0x5c] ; ucall
+mov ecx, dword [ebp - 0x2c]
+xor edx, edx
+mov eax, ebx
+call fcn_fffaac43 ; call 0xfffaac43
+mov ecx, dword [ebp - 0x2c]
+mov edx, 1
+mov edi, eax
+mov eax, ebx
+call fcn_fffaac43 ; call 0xfffaac43
+pop ecx
+mov ecx, dword [ebp - 0x2c]
+or eax, edi
+movzx edi, al
+pop eax
+mov edx, edi
+mov eax, ebx
+push esi
+xor esi, esi
+push 0
+call fcn_fffc912a ; call 0xfffc912a
+add esp, 0x10
+
+loc_fffc9467: ; not directly referenced
+bt edi, esi
+jae short loc_fffc9493 ; jae 0xfffc9493
+imul eax, esi, 0x13c3
+mov cl, byte [ebp - 0x30]
+mov edx, esi
+and cl, byte [ebx + eax + 0x381a]
+mov eax, ebx
+push 0
+push 0
+push 0
+movzx ecx, cl
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffc9493: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffc9467 ; jne 0xfffc9467
+sub esp, 0xc
+xor si, si
+push ebx
+call fcn_fffc82f4 ; call 0xfffc82f4
+mov ecx, dword [ebp - 0x2c]
+pop eax
+pop edx
+mov edx, edi
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, ebx
+push 1
+call fcn_fffc912a ; call 0xfffc912a
+add esp, 0x10
+
+loc_fffc94bc: ; not directly referenced
+bt edi, esi
+jae short loc_fffc94e8 ; jae 0xfffc94e8
+imul eax, esi, 0x13c3
+mov cl, byte [ebp - 0x30]
+mov edx, esi
+and cl, byte [ebx + eax + 0x381a]
+mov eax, ebx
+push 0
+push 0
+push 0
+movzx ecx, cl
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffc94e8: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffc94bc ; jne 0xfffc94bc
+sub esp, 0xc
+xor edi, edi
+push ebx
+call fcn_fffc82f4 ; call 0xfffc82f4
+movzx eax, byte [ebp - 0x31]
+lea esi, [ebx + 0x3218]
+add esp, 0x10
+mov dword [ebp - 0x30], eax
+
+loc_fffc9509: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+bt eax, edi
+jb short loc_fffc9522 ; jb 0xfffc9522
+
+loc_fffc9511: ; not directly referenced
+inc edi
+add esi, 0x48
+cmp edi, 2
+jne short loc_fffc9509 ; jne 0xfffc9509
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffc9522: ; not directly referenced
+push 0
+mov ecx, dword [ebp - 0x2c]
+mov edx, edi
+push 0
+mov eax, ebx
+push 0
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+movzx edx, byte [ebp + edi - 0x1c]
+add esp, 0x10
+movzx eax, byte [ebp + edi - 0x1a]
+imul edx, edx, 0xa
+imul eax, eax, 0xa
+mov dword [esi], edx
+mov dword [esi + 4], eax
+mov dword [esi + 0x90], edx
+mov dword [esi + 0x94], eax
+mov dword [esi + 0x120], edx
+mov dword [esi + 0x124], eax
+mov dword [esi + 0x1b0], edx
+mov dword [esi + 0x1b4], eax
+jmp short loc_fffc9511 ; jmp 0xfffc9511
+
+fcn_fffc9574: ; not directly referenced
+push ebp
+mov eax, 0x80000002
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x1c
+mov ebx, dword [ebp + 0x20]
+mov ecx, dword [ebp + 0x10]
+mov esi, dword [ebp + 0x14]
+mov edi, dword [ebp + 0x18]
+test ebx, ebx
+je loc_fffc964a ; je 0xfffc964a
+cmp ecx, 0xb
+ja loc_fffc964a ; ja 0xfffc964a
+push eax
+mov edx, ecx
+push dword [ebp + 0x1c]
+mov eax, 1
+mov dword [ebp - 0x1c], ecx
+push edi
+push esi
+call fcn_fffac5c7 ; call 0xfffac5c7
+add esp, 0x10
+mov ecx, dword [ebp - 0x1c]
+test eax, eax
+js loc_fffc964a ; js 0xfffc964a
+mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538]
+mov dword [ebp - 0x24], 0
+mov byte [ebp - 0x1e], al
+mov eax, ecx
+and eax, 3
+mov dword [ebp - 0x1c], eax
+movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c]
+dec eax
+test ebx, eax
+movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c]
+sete byte [ebp - 0x1d]
+mov dword [ebp - 0x28], eax
+
+loc_fffc95f2: ; not directly referenced
+cmp dword [ebp + 0x1c], 0
+je short loc_fffc9648 ; je 0xfffc9648
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffc9604 ; jne 0xfffc9604
+mov dl, byte [ebx]
+mov byte [esi], dl
+jmp short loc_fffc9637 ; jmp 0xfffc9637
+
+loc_fffc9604: ; not directly referenced
+cmp dword [ebp - 0x1c], 1
+jne short loc_fffc9618 ; jne 0xfffc9618
+movzx eax, word [ebx]
+push edx
+push edx
+push eax
+push esi
+call fcn_fffb3d20 ; call 0xfffb3d20
+jmp short loc_fffc9628 ; jmp 0xfffc9628
+
+loc_fffc9618: ; not directly referenced
+cmp dword [ebp - 0x1c], 2
+jne short loc_fffc962d ; jne 0xfffc962d
+push eax
+push eax
+push dword [ebx]
+push esi
+call fcn_fffb3d84 ; call 0xfffb3d84
+
+loc_fffc9628: ; not directly referenced
+add esp, 0x10
+jmp short loc_fffc9637 ; jmp 0xfffc9637
+
+loc_fffc962d: ; not directly referenced
+mov eax, dword [ebx]
+mov edx, dword [ebx + 4]
+mov dword [esi], eax
+mov dword [esi + 4], edx
+
+loc_fffc9637: ; not directly referenced
+movzx eax, byte [ebp - 0x1e]
+add esi, dword [ebp - 0x28]
+adc edi, dword [ebp - 0x24]
+dec dword [ebp + 0x1c]
+add ebx, eax
+jmp short loc_fffc95f2 ; jmp 0xfffc95f2
+
+loc_fffc9648: ; not directly referenced
+xor eax, eax
+
+loc_fffc964a: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffc9652: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x2cc
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0x264], 1
+mov eax, dword [edi + 0x5edc]
+mov edx, dword [edi + 0x2480]
+mov dword [ebp - 0x260], eax
+mov eax, dword [edi + 0x2443]
+cmp edx, 3
+mov dword [ebp - 0x2a8], eax
+sete al
+movzx ebx, al
+mov dword [ebp - 0x28c], ebx
+mov ebx, dword [edi + 0x1887]
+mov esi, ebx
+mov dword [ebp - 0x2b0], ebx
+mov ebx, dword [edi + 0x1883]
+mov ecx, ebx
+mov dword [ebp - 0x290], ebx
+mov ebx, dword [edi + 0x188b]
+mov dword [ebp - 0x294], ebx
+xor ebx, ebx
+cmp edx, 2
+sete bl
+cmp esi, 0x306d0
+mov dword [ebp - 0x2b4], ebx
+sete bl
+cmp ecx, 3
+setbe dl
+mov byte [ebp - 0x27b], bl
+test bl, dl
+jne short loc_fffc9703 ; jne 0xfffc9703
+test ecx, ecx
+sete dl
+xor ebx, ebx
+cmp esi, 0x40670
+sete bl
+mov dword [ebp - 0x264], ebx
+and dword [ebp - 0x264], edx
+
+loc_fffc9703: ; not directly referenced
+and al, byte [ebp - 0x27b]
+cmp dword [ebp - 0x294], 1
+movzx eax, al
+mov dword [ebp - 0x2b8], eax
+mov eax, dword [ebp - 0x260]
+movzx eax, byte [eax + 0x1c5]
+mov dword [ebp - 0x298], eax
+movzx eax, byte [edi + 0x1965]
+mov dword [ebp - 0x288], eax
+jne short loc_fffc9780 ; jne 0xfffc9780
+cmp dword [ebp - 0x290], 4
+mov byte [ebp - 0x27a], 0x10
+mov byte [ebp - 0x280], 0xf0
+setbe al
+test byte [ebp - 0x27b], al
+mov byte [ebp - 0x279], 4
+je short loc_fffc9795 ; je 0xfffc9795
+cmp dword [edi + 0x36d7], 0x640
+mov eax, 0
+cmovbe eax, dword [ebp - 0x288]
+mov dword [ebp - 0x288], eax
+jmp short loc_fffc9795 ; jmp 0xfffc9795
+
+loc_fffc9780: ; not directly referenced
+mov byte [ebp - 0x27a], 8
+mov byte [ebp - 0x280], 0xf8
+mov byte [ebp - 0x279], 1
+
+loc_fffc9795: ; not directly referenced
+mov eax, dword [ebp - 0x260]
+xor esi, esi
+add eax, 0x1c
+mov dword [ebp - 0x2a0], eax
+mov dword [ebp - 0x268], eax
+
+loc_fffc97ac: ; not directly referenced
+imul eax, esi, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+je short loc_fffc97ce ; je 0xfffc97ce
+
+loc_fffc97bc: ; not directly referenced
+inc esi
+add dword [ebp - 0x268], 0xcc
+cmp esi, 2
+jne short loc_fffc97ac ; jne 0xfffc97ac
+jmp short loc_fffc9837 ; jmp 0xfffc9837
+
+loc_fffc97ce: ; not directly referenced
+mov byte [ebp - 0x25c], 0
+
+loc_fffc97d5: ; not directly referenced
+mov al, byte [ebp - 0x25c]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffc97bc ; jae 0xfffc97bc
+movzx ecx, byte [ebp - 0x25c]
+mov eax, dword [ebp - 0x268]
+mov edx, dword [ebp - 0x298]
+mov ebx, dword [eax + ecx*4 + 0x28]
+or ebx, 0x60
+mov eax, ebx
+and eax, 0xffbfffff
+test edx, edx
+mov edx, dword [ebp - 0x2b4]
+cmovne ebx, eax
+mov eax, ebx
+and eax, 0xffdfffff
+test edx, edx
+mov edx, esi
+cmovne ebx, eax
+mov eax, edi
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, ebx
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0x25c]
+jmp short loc_fffc97d5 ; jmp 0xfffc97d5
+
+loc_fffc9837: ; not directly referenced
+cmp dword [ebp - 0x298], 0
+je short loc_fffc9894 ; je 0xfffc9894
+mov edx, 0x3a28
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3a28
+mov dword [ebp - 0x2ac], eax
+mov eax, edi
+and dword [ebp - 0x2ac], 0xfffffffd
+mov ecx, dword [ebp - 0x2ac]
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x5f08
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5f08
+or ah, 1
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x96
+mov eax, edi
+call fcn_fffa834b ; call 0xfffa834b
+
+loc_fffc9894: ; not directly referenced
+movzx eax, byte [ebp - 0x280]
+mov dword [ebp - 0x278], 1
+mov dword [ebp - 0x26c], 0
+mov dword [ebp - 0x2c8], eax
+
+loc_fffc98b5: ; not directly referenced
+mov ebx, dword [ebp - 0x278]
+mov byte [ebp - 0x270], bl
+test bl, bl
+je short loc_fffc98db ; je 0xfffc98db
+cmp dword [ebp - 0x294], 0
+sete al
+or al, byte [ebp - 0x264]
+jne loc_fffca060 ; jne 0xfffca060
+
+loc_fffc98db: ; not directly referenced
+mov esi, dword [ebp - 0x2a8]
+push eax
+push 0
+push 0x24
+lea eax, [ebp - 0x1c8]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x24
+lea eax, [ebp - 0x1ec]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push dword [ebp - 0x2c8]
+lea eax, [ebp - 0x234]
+push 0x12
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0xff
+push 0x12
+lea eax, [ebp - 0x210]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x12
+lea eax, [ebp - 0x222]
+push eax
+mov eax, esi
+call dword [eax + 0x5c] ; ucall
+lea eax, [edi + 0x3756]
+add esp, 0x10
+mov dword [ebp - 0x274], eax
+mov esi, eax
+mov dword [ebp - 0x268], 0
+
+loc_fffc9960: ; not directly referenced
+cmp dword [esi], 2
+je short loc_fffc999c ; je 0xfffc999c
+
+loc_fffc9965: ; not directly referenced
+inc dword [ebp - 0x268]
+add esi, 0x13c3
+cmp dword [ebp - 0x268], 2
+jne short loc_fffc9960 ; jne 0xfffc9960
+mov al, byte [ebp - 0x280]
+mov byte [ebp - 0x29c], 0
+mov byte [ebp - 0x25c], al
+imul eax, dword [ebp - 0x278], 0x12
+mov dword [ebp - 0x2c0], eax
+jmp short loc_fffc9a0c ; jmp 0xfffc9a0c
+
+loc_fffc999c: ; not directly referenced
+xor ebx, ebx
+
+loc_fffc999e: ; not directly referenced
+cmp bl, byte [edi + 0x2488]
+jae short loc_fffc9965 ; jae 0xfffc9965
+movzx eax, bl
+mov dword [ebp - 0x26c], eax
+mov byte [esi + eax + 0x101d], 0
+mov dword [ebp - 0x25c], 0
+
+loc_fffc99c1: ; not directly referenced
+mov cl, byte [ebp - 0x25c]
+mov eax, 1
+shl eax, cl
+test byte [esi + 0xc4], al
+je short loc_fffc99fa ; je 0xfffc99fa
+push eax
+mov ecx, dword [ebp - 0x25c]
+mov eax, edi
+push 0
+mov edx, dword [ebp - 0x268]
+push 0xff
+push dword [ebp - 0x26c]
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffc99fa: ; not directly referenced
+inc dword [ebp - 0x25c]
+cmp dword [ebp - 0x25c], 4
+jne short loc_fffc99c1 ; jne 0xfffc99c1
+inc ebx
+jmp short loc_fffc999e ; jmp 0xfffc999e
+
+loc_fffc9a0c: ; not directly referenced
+cmp byte [ebp - 0x270], 0
+jne short loc_fffc9a42 ; jne 0xfffc9a42
+push 0
+movsx eax, byte [ebp - 0x25c]
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push eax
+push 4
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+mov dword [ebp - 0x26c], eax
+jmp short loc_fffc9a96 ; jmp 0xfffc9a96
+
+loc_fffc9a42: ; not directly referenced
+push 0
+mov bl, byte [ebp - 0x25c]
+push 0
+push 0
+push 0
+push 0
+and ebx, 1
+push 0
+movzx eax, bl
+push 0
+push 1
+push 0
+push eax
+push 4
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+mov esi, dword [ebp - 0x25c]
+mov dl, 2
+add esp, 0x30
+mov dword [ebp - 0x26c], eax
+mov eax, esi
+cbw
+idiv dl
+mov edx, esi
+shr dl, 7
+mov byte [ebp - 0x29c], al
+test bl, dl
+je short loc_fffc9a96 ; je 0xfffc9a96
+dec eax
+mov byte [ebp - 0x29c], al
+
+loc_fffc9a96: ; not directly referenced
+mov eax, edi
+or edx, 0xffffffff
+call fcn_fffaa226 ; call 0xfffaa226
+mov eax, dword [ebp - 0x274]
+mov dword [ebp - 0x268], 0
+mov dword [ebp - 0x284], eax
+
+loc_fffc9ab6: ; not directly referenced
+mov eax, dword [ebp - 0x284]
+cmp dword [eax], 2
+jne loc_fffc9c1d ; jne 0xfffc9c1d
+cmp byte [ebp - 0x270], 1
+je short loc_fffc9b2c ; je 0xfffc9b2c
+
+loc_fffc9ace: ; not directly referenced
+mov esi, dword [ebp - 0x268]
+mov ecx, 0xff
+mov ebx, dword [ebp - 0x260]
+imul eax, esi, 0xcc
+mov edx, esi
+mov ebx, dword [ebx + eax + 0x1c]
+mov eax, edi
+call fcn_fffa7288 ; call 0xfffa7288
+and ebx, 0xfe0ffff7
+or ebx, 0x1100008
+mov ecx, ebx
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, edi
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+lea eax, [esi + esi*8]
+lea esi, [ebp - 0x18]
+add eax, esi
+mov byte [ebp - 0x2a4], 0
+mov dword [ebp - 0x2bc], eax
+jmp short loc_fffc9b9d ; jmp 0xfffc9b9d
+
+loc_fffc9b2c: ; not directly referenced
+mov byte [ebp - 0x2a4], 0
+
+loc_fffc9b33: ; not directly referenced
+mov al, byte [ebp - 0x2a4]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffc9ace ; jae 0xfffc9ace
+mov ebx, dword [ebp - 0x284]
+movzx esi, byte [ebp - 0x2a4]
+mov al, byte [ebp - 0x29c]
+mov byte [ebx + esi + 0x101d], al
+xor ebx, ebx
+
+loc_fffc9b5d: ; not directly referenced
+mov cl, bl
+mov eax, 1
+shl eax, cl
+mov ecx, dword [ebp - 0x284]
+test byte [ecx + 0xc4], al
+je short loc_fffc9b8f ; je 0xfffc9b8f
+mov edx, dword [ebp - 0x268]
+mov ecx, ebx
+push eax
+mov eax, edi
+push 0
+push 0xff
+push esi
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffc9b8f: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne short loc_fffc9b5d ; jne 0xfffc9b5d
+inc byte [ebp - 0x2a4]
+jmp short loc_fffc9b33 ; jmp 0xfffc9b33
+
+loc_fffc9b9d: ; not directly referenced
+mov al, byte [ebp - 0x2a4]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffc9bfd ; jae 0xfffc9bfd
+movzx esi, byte [ebp - 0x2a4]
+mov eax, edi
+mov edx, dword [ebp - 0x268]
+mov ecx, esi
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+movzx edx, al
+movzx eax, dx
+mov dword [ebp - 0x2c4], edx
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov edx, dword [ebp - 0x2c4]
+add esi, dword [ebp - 0x2bc]
+inc byte [ebp - 0x2a4]
+and byte [esi - 0x1f8], dl
+neg eax
+mov byte [esi - 0x22e], al
+jmp short loc_fffc9b9d ; jmp 0xfffc9b9d
+
+loc_fffc9bfd: ; not directly referenced
+mov edx, dword [ebp - 0x268]
+mov ecx, 0xff
+mov eax, edi
+and ebx, 0xfffffff7
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, ebx
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffc9c1d: ; not directly referenced
+inc dword [ebp - 0x268]
+add dword [ebp - 0x284], 0x13c3
+cmp dword [ebp - 0x268], 2
+jne loc_fffc9ab6 ; jne 0xfffc9ab6
+mov eax, edi
+mov edx, 0x11111111
+call fcn_fffaa226 ; call 0xfffaa226
+mov eax, dword [ebp - 0x274]
+xor esi, esi
+mov dword [ebp - 0x2a4], eax
+
+loc_fffc9c54: ; not directly referenced
+mov eax, dword [ebp - 0x2a4]
+cmp dword [eax], 2
+jne loc_fffc9dce ; jne 0xfffc9dce
+mov ebx, dword [ebp - 0x260]
+imul eax, esi, 0xcc
+mov ecx, 0xff
+mov edx, esi
+mov eax, dword [ebx + eax + 0x1c]
+lea ebx, [ebp - 0x18]
+mov dword [ebp - 0x268], eax
+mov eax, edi
+and dword [ebp - 0x268], 0xfe0ffff7
+or dword [ebp - 0x268], 0x1100008
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [ebp - 0x268]
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, edi
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+lea eax, [esi + esi*8]
+add ebx, eax
+mov byte [ebp - 0x284], 0
+mov dword [ebp - 0x2bc], eax
+mov dword [ebp - 0x2c4], ebx
+
+loc_fffc9cd1: ; not directly referenced
+mov al, byte [ebp - 0x284]
+cmp al, byte [edi + 0x2488]
+jae loc_fffc9dac ; jae 0xfffc9dac
+movzx ebx, byte [ebp - 0x284]
+mov edx, esi
+mov eax, edi
+mov ecx, ebx
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+movzx ecx, al
+movzx eax, cx
+mov dword [ebp - 0x2cc], ecx
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov ecx, dword [ebp - 0x2c4]
+lea edx, [ecx + ebx]
+mov ecx, dword [ebp - 0x2cc]
+or byte [edx - 0x20a], cl
+add al, byte [edx - 0x22e]
+mov byte [edx - 0x22e], al
+cmp al, byte [edx - 0x21c]
+jle short loc_fffc9d81 ; jle 0xfffc9d81
+mov byte [edx - 0x21c], al
+mov eax, dword [ebp - 0x2c0]
+lea ecx, [ebp - 0x18]
+add eax, dword [ebp - 0x2bc]
+add eax, ecx
+mov cl, byte [ebp - 0x25c]
+add eax, ebx
+cmp byte [ebp - 0x270], 0
+mov byte [eax - 0x1b0], cl
+mov byte [eax - 0x1d4], cl
+jne short loc_fffc9da1 ; jne 0xfffc9da1
+mov ecx, dword [ebp - 0x2a4]
+mov al, byte [ebp - 0x25c]
+mov byte [ecx + ebx + 0x101d], al
+jmp short loc_fffc9da1 ; jmp 0xfffc9da1
+
+loc_fffc9d81: ; not directly referenced
+jne short loc_fffc9da1 ; jne 0xfffc9da1
+mov eax, dword [ebp - 0x2c0]
+lea ecx, [ebp - 0x18]
+add eax, dword [ebp - 0x2bc]
+add eax, ecx
+mov cl, byte [ebp - 0x25c]
+mov byte [ebx + eax - 0x1b0], cl
+
+loc_fffc9da1: ; not directly referenced
+inc byte [ebp - 0x284]
+jmp near loc_fffc9cd1 ; jmp 0xfffc9cd1
+
+loc_fffc9dac: ; not directly referenced
+mov ecx, 0xff
+mov edx, esi
+mov ebx, dword [ebp - 0x268]
+mov eax, edi
+call fcn_fffa7288 ; call 0xfffa7288
+and ebx, 0xfffffff7
+mov ecx, ebx
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffc9dce: ; not directly referenced
+inc esi
+add dword [ebp - 0x2a4], 0x13c3
+cmp esi, 2
+jne loc_fffc9c54 ; jne 0xfffc9c54
+inc byte [ebp - 0x25c]
+mov al, byte [ebp - 0x27a]
+cmp byte [ebp - 0x25c], al
+jle loc_fffc9a0c ; jle 0xfffc9a0c
+push 0
+xor ebx, ebx
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push 4
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+mov eax, dword [ebp - 0x274]
+add esp, 0x30
+mov dword [ebp - 0x25c], eax
+imul eax, dword [ebp - 0x278], 0x12
+mov dword [ebp - 0x2a4], eax
+
+loc_fffc9e34: ; not directly referenced
+mov eax, dword [ebp - 0x25c]
+mov dword [ebp + ebx*4 - 0x250], 0
+cmp dword [eax], 2
+je short loc_fffc9e5f ; je 0xfffc9e5f
+
+loc_fffc9e4a: ; not directly referenced
+inc ebx
+add dword [ebp - 0x25c], 0x13c3
+cmp ebx, 2
+jne short loc_fffc9e34 ; jne 0xfffc9e34
+jmp near loc_fffc9fa4 ; jmp 0xfffc9fa4
+
+loc_fffc9e5f: ; not directly referenced
+lea eax, [ebx + ebx*8]
+lea esi, [ebp - 0x18]
+add esi, eax
+mov byte [ebp - 0x284], 0
+mov dword [ebp - 0x29c], eax
+mov dword [ebp - 0x2bc], esi
+
+loc_fffc9e7a: ; not directly referenced
+mov al, byte [ebp - 0x284]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffc9e4a ; jae 0xfffc9e4a
+mov ecx, dword [ebp - 0x2a4]
+lea eax, [ebp - 0x18]
+add ecx, dword [ebp - 0x29c]
+movzx esi, byte [ebp - 0x284]
+add ecx, eax
+add ecx, esi
+mov dl, byte [ecx - 0x1d4]
+mov al, byte [ecx - 0x1b0]
+sub eax, edx
+mov byte [ecx - 0x168], al
+mov cl, 2
+cbw
+idiv cl
+add eax, edx
+cmp dword [ebp - 0x264], 0
+mov dl, al
+je short loc_fffc9efd ; je 0xfffc9efd
+mov ecx, dword [ebp - 0x2bc]
+mov byte [esi + ecx - 0x1e6], al
+movsx eax, al
+push 0
+push 0
+push 0
+push 0
+push esi
+push 0xff
+push ebx
+push 0
+push 0
+push eax
+push 4
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+jmp near loc_fffc9f99 ; jmp 0xfffc9f99
+
+loc_fffc9efd: ; not directly referenced
+cmp byte [ebp - 0x270], 0
+jne short loc_fffc9f13 ; jne 0xfffc9f13
+lea eax, [edx - 1]
+test dl, dl
+lea ecx, [edx + 1]
+cmovns eax, ecx
+mov dl, al
+
+loc_fffc9f13: ; not directly referenced
+movsx eax, dl
+mov cl, 2
+add dword [ebp + ebx*4 - 0x250], eax
+movsx ax, dl
+idiv cl
+mov ecx, dword [ebp - 0x25c]
+mov edx, dword [ebp - 0x2a4]
+add edx, dword [ebp - 0x29c]
+mov dword [ebp - 0x268], 0
+mov byte [ecx + esi + 0x101d], al
+lea ecx, [ebp - 0x18]
+add edx, ecx
+mov byte [esi + edx - 0x18c], al
+
+loc_fffc9f54: ; not directly referenced
+mov cl, byte [ebp - 0x268]
+mov eax, 1
+mov edx, dword [ebp - 0x25c]
+shl eax, cl
+test byte [edx + 0xc4], al
+je short loc_fffc9f8a ; je 0xfffc9f8a
+push ecx
+mov ecx, dword [ebp - 0x268]
+mov edx, ebx
+push 0
+mov eax, edi
+push 0xff
+push esi
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffc9f8a: ; not directly referenced
+inc dword [ebp - 0x268]
+cmp dword [ebp - 0x268], 4
+jne short loc_fffc9f54 ; jne 0xfffc9f54
+
+loc_fffc9f99: ; not directly referenced
+inc byte [ebp - 0x284]
+jmp near loc_fffc9e7a ; jmp 0xfffc9e7a
+
+loc_fffc9fa4: ; not directly referenced
+cmp dword [ebp - 0x294], 0
+sete al
+or al, byte [ebp - 0x264]
+jne loc_fffca060 ; jne 0xfffca060
+cmp byte [ebp - 0x270], 1
+je loc_fffca060 ; je 0xfffca060
+lea edx, [ebp - 0x180]
+lea ecx, [ebp - 0x1a4]
+
+loc_fffc9fd3: ; not directly referenced
+mov eax, dword [ebp - 0x274]
+cmp dword [eax], 2
+jne short loc_fffca042 ; jne 0xfffca042
+mov al, byte [edi + 0x2488]
+mov byte [ebp - 0x25c], al
+xor eax, eax
+
+loc_fffc9fec: ; not directly referenced
+cmp byte [ebp - 0x25c], al
+jbe short loc_fffca042 ; jbe 0xfffca042
+cmp dword [ebp - 0x288], 0
+je short loc_fffca03f ; je 0xfffca03f
+movsx esi, byte [edx + eax + 0x12]
+movsx ebx, byte [edx + eax]
+sub ebx, esi
+mov esi, ebx
+sar esi, 0x1f
+xor ebx, esi
+sub ebx, esi
+cmp ebx, 4
+jle short loc_fffca03f ; jle 0xfffca03f
+movsx esi, byte [ecx + eax + 0x12]
+movsx ebx, byte [ecx + eax]
+sub ebx, esi
+mov esi, ebx
+sar esi, 0x1f
+xor ebx, esi
+sub ebx, esi
+mov esi, 5
+cmp ebx, 3
+cmovl esi, dword [ebp - 0x26c]
+mov dword [ebp - 0x26c], esi
+
+loc_fffca03f: ; not directly referenced
+inc eax
+jmp short loc_fffc9fec ; jmp 0xfffc9fec
+
+loc_fffca042: ; not directly referenced
+add edx, 9
+add ecx, 9
+lea eax, [ebp - 0x16e]
+add dword [ebp - 0x274], 0x13c3
+cmp edx, eax
+jne loc_fffc9fd3 ; jne 0xfffc9fd3
+
+loc_fffca060: ; not directly referenced
+dec dword [ebp - 0x278]
+cmp dword [ebp - 0x278], 0xffffffff
+jne loc_fffc98b5 ; jne 0xfffc98b5
+cmp dword [ebp - 0x294], 1
+jne loc_fffca197 ; jne 0xfffca197
+cmp dword [ebp - 0x26c], 5
+mov eax, 5
+sete cl
+cmp dword [ebp - 0x288], 0
+setne dl
+test cl, dl
+jne loc_fffca879 ; jne 0xfffca879
+cmp dword [ebp - 0x290], 3
+seta al
+test byte [ebp - 0x27b], al
+jne short loc_fffca0ce ; jne 0xfffca0ce
+cmp dword [ebp - 0x290], 0
+setne dl
+cmp dword [ebp - 0x2b0], 0x40670
+sete al
+test dl, al
+je short loc_fffca140 ; je 0xfffca140
+
+loc_fffca0ce: ; not directly referenced
+mov eax, dword [ebp - 0x250]
+movzx ecx, byte [edi + 0x2488]
+add eax, dword [ebp - 0x24c]
+add ecx, ecx
+cdq
+idiv ecx
+mov dword [ebp - 0x250], eax
+
+loc_fffca0ec: ; not directly referenced
+cmp dword [edi + 0x3756], 2
+mov eax, dword [ebp - 0x250]
+jne short loc_fffca107 ; jne 0xfffca107
+mov ebx, dword [ebp - 0x260]
+mov dword [ebx + 0xe3], eax
+
+loc_fffca107: ; not directly referenced
+cmp dword [edi + 0x4b19], 2
+jne short loc_fffca11c ; jne 0xfffca11c
+mov ebx, dword [ebp - 0x260]
+mov dword [ebx + 0x1af], eax
+
+loc_fffca11c: ; not directly referenced
+mov ebx, dword [ebp - 0x260]
+cmp dword [ebp - 0x28c], 0
+mov dword [ebx + 0x1b4], eax
+mov ebx, eax
+je short loc_fffca14c ; je 0xfffca14c
+mov ebx, 3
+cmp eax, 3
+cmovle ebx, eax
+jmp short loc_fffca14c ; jmp 0xfffca14c
+
+loc_fffca140: ; not directly referenced
+mov dword [ebp - 0x250], 0xfffffff0
+jmp short loc_fffca0ec ; jmp 0xfffca0ec
+
+loc_fffca14c: ; not directly referenced
+push 1
+push 0
+push 0
+push 0xff
+push ebx
+push 1
+push 0
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x20
+push 1
+push 0
+push 0
+push 0xff
+push ebx
+push 1
+push 1
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x20
+push 0
+push 0
+push 0
+push 0xff
+push ebx
+push 1
+push 2
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x20
+
+loc_fffca197: ; not directly referenced
+mov eax, dword [ebp - 0x2a8]
+lea ebx, [ebp - 0x15c]
+push edx
+push 0
+push 0xa2
+push ebx
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+mov eax, dword [ebp - 0x2a8]
+push 0
+push 0xa2
+lea esi, [ebp - 0xba]
+push esi
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+cmp dword [ebp - 0x28c], 1
+mov dword [ebp - 0x260], 1
+mov dword [ebp - 0x288], esi
+sbb eax, eax
+mov dword [ebp - 0x26c], eax
+add byte [ebp - 0x26c], 9
+mov dword [ebp - 0x290], ebx
+
+loc_fffca1f8: ; not directly referenced
+mov al, byte [ebp - 0x260]
+xor ecx, ecx
+xor edx, edx
+mov byte [ebp - 0x278], al
+
+loc_fffca208: ; not directly referenced
+mov eax, dword [ebp - 0x260]
+shl eax, cl
+add ecx, 4
+add edx, eax
+cmp ecx, 0x20
+jne short loc_fffca208 ; jne 0xfffca208
+mov eax, edi
+call fcn_fffaa226 ; call 0xfffaa226
+mov eax, dword [ebp - 0x2a0]
+mov dword [ebp - 0x25c], 0
+mov dword [ebp - 0x270], eax
+mov eax, dword [ebp - 0x260]
+and eax, 0xf
+mov dword [ebp - 0x280], eax
+shl dword [ebp - 0x280], 9
+
+loc_fffca24d: ; not directly referenced
+imul eax, dword [ebp - 0x25c], 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne loc_fffca428 ; jne 0xfffca428
+cmp dword [ebp - 0x28c], 0
+jne short loc_fffca2c2 ; jne 0xfffca2c2
+
+loc_fffca26e: ; not directly referenced
+mov eax, dword [ebp - 0x270]
+mov ecx, 0xff
+mov esi, dword [ebp - 0x25c]
+mov ebx, dword [eax]
+mov eax, edi
+mov edx, esi
+call fcn_fffa7288 ; call 0xfffa7288
+and ebx, 0xfe0ffff7
+or ebx, 0x1100008
+mov ecx, ebx
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, edi
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+imul eax, esi, 0x51
+mov byte [ebp - 0x268], 0
+mov dword [ebp - 0x284], eax
+jmp near loc_fffca39e ; jmp 0xfffca39e
+
+loc_fffca2c2: ; not directly referenced
+mov byte [ebp - 0x268], 0
+
+loc_fffca2c9: ; not directly referenced
+mov al, byte [ebp - 0x268]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffca26e ; jae 0xfffca26e
+movzx esi, byte [ebp - 0x268]
+mov eax, dword [ebp - 0x270]
+mov ecx, dword [ebp - 0x298]
+mov edx, dword [ebp - 0x25c]
+lea eax, [eax + esi*4]
+mov dword [ebp - 0x274], eax
+mov eax, dword [eax + 0x28]
+and ah, 0xe1
+or eax, dword [ebp - 0x280]
+or eax, 0x60
+mov ebx, eax
+and eax, 0xfffffe7f
+and ebx, 0xffbffe7f
+test ecx, ecx
+mov ecx, dword [ebp - 0x2b4]
+cmove ebx, eax
+mov eax, ebx
+and eax, 0xffdfffff
+test ecx, ecx
+mov ecx, esi
+cmovne ebx, eax
+mov eax, edi
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, ebx
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x2b8], 0
+je short loc_fffca370 ; je 0xfffca370
+mov edx, dword [ebp - 0x25c]
+mov ecx, esi
+mov eax, edi
+call fcn_fffa724b ; call 0xfffa724b
+mov esi, dword [ebp - 0x274]
+mov ecx, dword [esi + 4]
+mov edx, eax
+mov eax, edi
+and ecx, 0xc7ffffff
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffca370: ; not directly referenced
+inc byte [ebp - 0x268]
+jmp near loc_fffca2c9 ; jmp 0xfffca2c9
+
+loc_fffca37b: ; not directly referenced
+mov eax, dword [ebp - 0x274]
+bt eax, edx
+jae short loc_fffca3f7 ; jae 0xfffca3f7
+mov al, byte [ebp - 0x278]
+mov byte [ecx + edx], al
+
+loc_fffca38f: ; not directly referenced
+inc edx
+cmp byte [ebp - 0x26c], dl
+ja short loc_fffca37b ; ja 0xfffca37b
+inc byte [ebp - 0x268]
+
+loc_fffca39e: ; not directly referenced
+mov al, byte [ebp - 0x268]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffca408 ; jae 0xfffca408
+movzx esi, byte [ebp - 0x268]
+mov eax, edi
+mov edx, dword [ebp - 0x25c]
+mov ecx, esi
+call fcn_fffa7617 ; call 0xfffa7617
+lea esi, [esi + esi*8]
+mov edx, eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+xor edx, edx
+add esi, dword [ebp - 0x284]
+mov dword [ebp - 0x274], eax
+mov eax, dword [ebp - 0x288]
+and dword [ebp - 0x274], 0x1ff
+lea ecx, [eax + esi]
+add esi, dword [ebp - 0x290]
+jmp short loc_fffca37b ; jmp 0xfffca37b
+
+loc_fffca3f7: ; not directly referenced
+cmp byte [esi + edx], 0
+jne short loc_fffca38f ; jne 0xfffca38f
+mov al, byte [ebp - 0x278]
+mov byte [esi + edx], al
+jmp short loc_fffca38f ; jmp 0xfffca38f
+
+loc_fffca408: ; not directly referenced
+mov edx, dword [ebp - 0x25c]
+mov ecx, 0xff
+mov eax, edi
+and ebx, 0xfffffff7
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, ebx
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffca428: ; not directly referenced
+inc dword [ebp - 0x25c]
+add dword [ebp - 0x270], 0xcc
+cmp dword [ebp - 0x25c], 2
+jne loc_fffca24d ; jne 0xfffca24d
+inc dword [ebp - 0x260]
+cmp dword [ebp - 0x260], 0x10
+jne loc_fffca1f8 ; jne 0xfffca1f8
+mov ebx, dword [ebp - 0x2a0]
+lea eax, [edi + 0x3756]
+mov dword [ebp - 0x280], eax
+mov dword [ebp - 0x260], eax
+mov dword [ebp - 0x25c], 0
+mov dword [ebp - 0x278], ebx
+
+loc_fffca480: ; not directly referenced
+mov eax, dword [ebp - 0x260]
+cmp dword [eax], 2
+je short loc_fffca4b3 ; je 0xfffca4b3
+
+loc_fffca48b: ; not directly referenced
+inc dword [ebp - 0x25c]
+add dword [ebp - 0x260], 0x13c3
+add dword [ebp - 0x278], 0xcc
+cmp dword [ebp - 0x25c], 2
+jne short loc_fffca480 ; jne 0xfffca480
+jmp near loc_fffca660 ; jmp 0xfffca660
+
+loc_fffca4b3: ; not directly referenced
+mov esi, dword [ebp - 0x25c]
+mov byte [ebp - 0x268], 0
+mov eax, esi
+imul esi, esi, 0x51
+shl eax, 8
+mov dword [ebp - 0x29c], eax
+add eax, 0x4c
+mov dword [ebp - 0x288], eax
+mov dword [ebp - 0x284], esi
+
+loc_fffca4dd: ; not directly referenced
+movzx eax, byte [ebp - 0x268]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffca48b ; jae 0xfffca48b
+mov esi, eax
+mov dword [ebp - 0x270], eax
+lea eax, [eax + eax*8]
+add eax, dword [ebp - 0x284]
+lea ebx, [ebp - 0x15c]
+lea edx, [ebp - 0xba]
+add ebx, eax
+add eax, edx
+mov dword [ebp - 0x294], eax
+imul eax, esi, 0x18
+mov dword [ebp - 0x2a4], ebx
+xor ebx, ebx
+mov dword [ebp - 0x274], 0
+mov dword [ebp - 0x290], eax
+
+loc_fffca52e: ; not directly referenced
+mov eax, dword [ebp - 0x2a4]
+mov dl, byte [eax + ebx]
+mov eax, dword [ebp - 0x294]
+movsx ecx, byte [eax + ebx]
+mov al, 0xf
+test dl, dl
+je short loc_fffca55a ; je 0xfffca55a
+xor eax, eax
+test cl, cl
+je short loc_fffca55a ; je 0xfffca55a
+movsx eax, dl
+mov esi, 2
+add eax, ecx
+cdq
+idiv esi
+
+loc_fffca55a: ; not directly referenced
+cmp dword [ebp - 0x28c], 0
+je short loc_fffca5ba ; je 0xfffca5ba
+cmp bl, 8
+jne short loc_fffca5ba ; jne 0xfffca5ba
+mov dl, 0xf
+cmp al, 6
+jg short loc_fffca574 ; jg 0xfffca574
+lea edx, [eax + 8]
+and edx, 0xf
+
+loc_fffca574: ; not directly referenced
+mov eax, dword [ebp - 0x270]
+and edx, 0xf
+mov esi, dword [ebp - 0x278]
+add edx, edx
+lea ecx, [eax + 8]
+mov al, byte [esi + ecx*4 + 9]
+and eax, 0xffffffe1
+or eax, edx
+mov byte [esi + ecx*4 + 9], al
+
+loc_fffca595: ; not directly referenced
+mov eax, dword [ebp - 0x270]
+mov ebx, dword [ebp - 0x288]
+mov esi, dword [ebp - 0x29c]
+shl eax, 9
+add ebx, eax
+mov dword [ebp - 0x270], ebx
+lea esi, [esi + eax + 0x50]
+xor ebx, ebx
+jmp short loc_fffca604 ; jmp 0xfffca604
+
+loc_fffca5ba: ; not directly referenced
+mov edx, eax
+lea esi, [ebx + ebx*2]
+and edx, 0xf
+add esi, dword [ebp - 0x290]
+add esi, dword [ebp - 0x260]
+lea ecx, [ebx*4]
+shl edx, cl
+add dword [ebp - 0x274], edx
+xor edx, edx
+
+loc_fffca5df: ; not directly referenced
+imul ecx, edx, 0xd8
+inc edx
+mov byte [esi + ecx + 0x942], al
+cmp byte [ebp - 0x279], dl
+ja short loc_fffca5df ; ja 0xfffca5df
+inc ebx
+cmp byte [ebp - 0x26c], bl
+ja loc_fffca52e ; ja 0xfffca52e
+jmp short loc_fffca595 ; jmp 0xfffca595
+
+loc_fffca604: ; not directly referenced
+mov eax, dword [edi + 0x188b]
+mov edx, dword [ebp - 0x270]
+test eax, eax
+je short loc_fffca61a ; je 0xfffca61a
+xor edx, edx
+dec eax
+cmove edx, esi
+
+loc_fffca61a: ; not directly referenced
+mov ecx, dword [ebp - 0x274]
+mov eax, edi
+inc ebx
+add esi, 4
+call fcn_fffae58c ; call 0xfffae58c
+cmp bl, byte [ebp - 0x279]
+jb short loc_fffca604 ; jb 0xfffca604
+sub esp, 0xc
+mov edx, dword [ebp - 0x25c]
+mov ecx, 1
+push 0
+mov eax, edi
+push 1
+push 0
+push 0
+push 0
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+inc byte [ebp - 0x268]
+jmp near loc_fffca4dd ; jmp 0xfffca4dd
+
+loc_fffca660: ; not directly referenced
+cmp dword [ebp - 0x264], 0
+jne short loc_fffca6b9 ; jne 0xfffca6b9
+
+loc_fffca669: ; not directly referenced
+cmp dword [ebp - 0x298], 0
+je loc_fffca7b3 ; je 0xfffca7b3
+mov ecx, dword [ebp - 0x2ac]
+mov eax, edi
+mov edx, 0x3a28
+or ecx, 2
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x5f08
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x5f08
+or ah, 1
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0xe1
+mov eax, edi
+call fcn_fffa834b ; call 0xfffa834b
+jmp near loc_fffca7b3 ; jmp 0xfffca7b3
+
+loc_fffca6b9: ; not directly referenced
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push 4
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+mov ebx, dword [ebp - 0x280]
+add esp, 0x30
+mov dword [ebp - 0x260], 0
+
+loc_fffca6e8: ; not directly referenced
+cmp dword [ebx], 2
+je short loc_fffca708 ; je 0xfffca708
+
+loc_fffca6ed: ; not directly referenced
+inc dword [ebp - 0x260]
+add ebx, 0x13c3
+cmp dword [ebp - 0x260], 2
+je loc_fffca669 ; je 0xfffca669
+jmp short loc_fffca6e8 ; jmp 0xfffca6e8
+
+loc_fffca708: ; not directly referenced
+imul eax, dword [ebp - 0x260], 9
+lea esi, [ebp - 0x18]
+mov byte [ebp - 0x264], 0
+add eax, esi
+mov dword [ebp - 0x268], eax
+
+loc_fffca721: ; not directly referenced
+mov al, byte [ebp - 0x264]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffca6ed ; jae 0xfffca6ed
+movzx esi, byte [ebp - 0x264]
+mov eax, dword [ebp - 0x268]
+mov dword [ebp - 0x25c], 0
+mov dl, byte [esi + eax - 0x1e6]
+test dl, dl
+lea eax, [edx - 1]
+lea ecx, [edx + 1]
+mov dl, 2
+cmovns eax, ecx
+cbw
+idiv dl
+mov byte [ebx + esi + 0x101d], al
+
+loc_fffca765: ; not directly referenced
+mov cl, byte [ebp - 0x25c]
+mov eax, 1
+shl eax, cl
+test byte [ebx + 0xc4], al
+je short loc_fffca799 ; je 0xfffca799
+mov ecx, dword [ebp - 0x25c]
+push eax
+mov edx, dword [ebp - 0x260]
+mov eax, edi
+push 0
+push 0xff
+push esi
+call fcn_fffa7499 ; call 0xfffa7499
+add esp, 0x10
+
+loc_fffca799: ; not directly referenced
+inc dword [ebp - 0x25c]
+cmp dword [ebp - 0x25c], 4
+jne short loc_fffca765 ; jne 0xfffca765
+inc byte [ebp - 0x264]
+jmp near loc_fffca721 ; jmp 0xfffca721
+
+loc_fffca7b3: ; not directly referenced
+mov esi, dword [ebp - 0x2a0]
+xor ebx, ebx
+
+loc_fffca7bb: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [edi + eax + 0x3756], 2
+jne loc_fffca862 ; jne 0xfffca862
+mov byte [ebp - 0x25c], 0
+
+loc_fffca7d6: ; not directly referenced
+mov al, byte [ebp - 0x25c]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffca849 ; jae 0xfffca849
+movzx eax, byte [ebp - 0x25c]
+mov edx, ebx
+mov ecx, eax
+mov dword [ebp - 0x260], eax
+mov eax, edi
+call fcn_fffa720e ; call 0xfffa720e
+mov ecx, dword [ebp - 0x260]
+lea ecx, [esi + ecx*4]
+mov dword [ebp - 0x264], ecx
+mov ecx, dword [ecx + 0x28]
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x2b8], 0
+je short loc_fffca841 ; je 0xfffca841
+mov ecx, dword [ebp - 0x260]
+mov edx, ebx
+mov eax, edi
+call fcn_fffa724b ; call 0xfffa724b
+mov ecx, dword [ebp - 0x264]
+mov ecx, dword [ecx + 4]
+mov edx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffca841: ; not directly referenced
+inc byte [ebp - 0x25c]
+jmp short loc_fffca7d6 ; jmp 0xfffca7d6
+
+loc_fffca849: ; not directly referenced
+mov ecx, 0xff
+mov edx, ebx
+mov eax, edi
+call fcn_fffa7288 ; call 0xfffa7288
+mov ecx, dword [esi]
+mov edx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffca862: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+jne loc_fffca7bb ; jne 0xfffca7bb
+mov eax, edi
+call fcn_fffb0e8a ; call 0xfffb0e8a
+
+loc_fffca879: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffca881: ; not directly referenced
+push ebp
+mov ebp, esp
+push esi
+push ebx
+mov ebx, dword [ebp + 8]
+push edx
+push edx
+movzx ecx, byte [ebx + 0x248e]
+lea esi, [ebx + 0x2490]
+mov eax, ebx
+push 0
+mov edx, esi
+push 0xf
+push 1
+push 0
+push 1
+push 2
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+test eax, eax
+jne short loc_fffca8f5 ; jne 0xfffca8f5
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffca8d4 ; jne 0xfffca8d4
+cmp dword [ebx + 0x2480], 1
+jne short loc_fffca8d4 ; jne 0xfffca8d4
+mov ecx, 2
+mov edx, esi
+mov eax, ebx
+call fcn_fffbd80c ; call 0xfffbd80c
+
+loc_fffca8d4: ; not directly referenced
+push eax
+mov edx, esi
+push eax
+movzx ecx, byte [ebx + 0x248e]
+mov eax, ebx
+push 1
+push 0xf
+push 0
+push 0
+push 0
+push 2
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+
+loc_fffca8f5: ; not directly referenced
+lea esp, [ebp - 8]
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffca8fc: ; not directly referenced
+push ebp
+mov ebp, esp
+push esi
+push ebx
+mov ebx, dword [ebp + 8]
+push edx
+push edx
+movzx ecx, byte [ebx + 0x248e]
+lea esi, [ebx + 0x2490]
+mov eax, ebx
+push 0
+mov edx, esi
+push 0xf
+push 1
+push 0
+push 1
+push 1
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+test eax, eax
+jne short loc_fffca967 ; jne 0xfffca967
+cmp dword [ebx + 0x188b], 1
+jne short loc_fffca946 ; jne 0xfffca946
+mov ecx, 1
+mov edx, esi
+mov eax, ebx
+call fcn_fffbd80c ; call 0xfffbd80c
+
+loc_fffca946: ; not directly referenced
+push eax
+mov edx, esi
+push eax
+movzx ecx, byte [ebx + 0x248e]
+mov eax, ebx
+push 1
+push 0xf
+push 0
+push 1
+push 0
+push 1
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+
+loc_fffca967: ; not directly referenced
+lea esp, [ebp - 8]
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffca96e: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0xad10
+mov esi, dword [ebp + 0x20]
+mov ebx, dword [ebp + 0x24]
+mov dword [ebp - 0xacb4], edx
+mov dl, byte [ebp + 0x14]
+mov dword [ebp - 0xac88], ecx
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0xacb0], esi
+mov dword [ebp - 0xacac], ebx
+mov ebx, dword [ebp + 0x28]
+mov byte [ebp - 0xace6], dl
+mov edx, esi
+mov esi, dword [edi + 0x5edc]
+mov byte [ebp - 0xac90], dl
+mov dl, byte [ebp - 0xacac]
+mov dword [ebp - 0xac98], eax
+mov ecx, ebx
+mov byte [ebp - 0xac8c], al
+mov byte [ebp - 0xaca1], dl
+mov dl, cl
+mov ecx, dword [edi + 0x2480]
+mov dword [ebp - 0xaca0], edx
+mov dl, byte [ebp + 0x30]
+mov dword [ebp - 0xac94], ebx
+mov ebx, dword [ebp + 0x2c]
+mov dword [ebp - 0xaca8], esi
+mov esi, dword [edi + 0x2443]
+mov dword [ebp - 0xacc4], ecx
+mov byte [ebp - 0xad09], dl
+mov edx, dword [edi + 0x188b]
+mov dword [ebp - 0xacc0], edx
+dec edx
+sete dl
+cmp al, 6
+sete al
+mov byte [ebp - 0xacbb], dl
+mov byte [ebp - 0xace7], al
+and eax, edx
+movzx eax, al
+mov dword [ebp - 0xacc8], eax
+mov al, byte [ebp - 0xac88]
+and al, byte [edi + 0x248e]
+push 0
+push 0x5ab4
+mov byte [ebp - 0xac88], al
+mov eax, dword [ebp + 8]
+and al, byte [edi + 0x248d]
+mov byte [ebp - 0xac9c], al
+lea eax, [ebp - 0x5acc]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0xff
+push 0x3e
+push dword [ebp - 0xacb4]
+call dword [esi + 0x5c] ; ucall
+lea eax, [ebp - 0xabcc]
+add esp, 0xc
+push 0
+push 0x280
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x80
+lea eax, [ebp - 0xac4c]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x680
+lea eax, [ebp - 0xa94c]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0xac75]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x10
+lea eax, [ebp - 0xac5c]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0xac73]
+push eax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x4800
+lea eax, [ebp - 0xa2cc]
+push eax
+call dword [esi + 0x5c] ; ucall
+mov edx, dword [ebp - 0xaca0]
+add esp, 0x10
+xor eax, eax
+
+loc_fffcab02: ; not directly referenced
+mov byte [ebp + eax - 0xac71], al
+inc eax
+cmp eax, 9
+jne short loc_fffcab02 ; jne 0xfffcab02
+mov byte [edi + 0x247a], 0
+cmp bl, 9
+jne short loc_fffcab24 ; jne 0xfffcab24
+mov dl, byte [ebp - 0xac94]
+dec edx
+jmp short loc_fffcab33 ; jmp 0xfffcab33
+
+loc_fffcab24: ; not directly referenced
+mov al, byte [ebp - 0xac94]
+sub eax, 3
+cmp bl, 0xa
+cmove edx, eax
+
+loc_fffcab33: ; not directly referenced
+mov ecx, dword [ebp - 0xac98]
+mov al, cl
+sub eax, 0xa
+cmp cl, 0xf
+sete cl
+cmp al, 2
+mov byte [ebp - 0xacbc], al
+setbe al
+or al, cl
+mov byte [ebp - 0xac94], cl
+movzx ecx, dl
+movzx edx, byte [ebp - 0xac88]
+je short loc_fffcab7e ; je 0xfffcab7e
+sub esp, 0xc
+mov eax, edi
+push 0
+call fcn_fffb2759 ; call 0xfffb2759
+add esp, 0x10
+mov dword [ebp - 0xacf0], 1
+jmp short loc_fffcab97 ; jmp 0xfffcab97
+
+loc_fffcab7e: ; not directly referenced
+sub esp, 0xc
+mov eax, edi
+push 0
+call fcn_fffb26ca ; call 0xfffb26ca
+add esp, 0x10
+mov dword [ebp - 0xacf0], 0
+
+loc_fffcab97: ; not directly referenced
+test bl, bl
+je short loc_fffcaba1 ; je 0xfffcaba1
+mov byte [edi + 0x248b], bl
+
+loc_fffcaba1: ; not directly referenced
+mov eax, dword [ebp - 0xaca8]
+xor ebx, ebx
+mov byte [ebp - 0xaca3], 0
+add eax, 0x70
+mov dword [ebp - 0xaca0], eax
+movzx eax, byte [ebp - 0xac88]
+mov dword [ebp - 0xac88], eax
+
+loc_fffcabc6: ; not directly referenced
+mov eax, dword [ebp - 0xac88]
+bt eax, ebx
+jae short loc_fffcac14 ; jae 0xfffcac14
+imul eax, ebx, 0x13c3
+mov cl, byte [ebp - 0xac9c]
+mov edx, ebx
+and cl, byte [edi + eax + 0x381a]
+mov eax, edi
+mov byte [ebp + ebx - 0xac75], cl
+movzx ecx, cl
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0xaca3], al
+push eax
+movzx eax, byte [edi + 0x2488]
+push 0
+push eax
+push dword [ebp - 0xaca0]
+call dword [esi + 0x5c] ; ucall
+add esp, 0x10
+
+loc_fffcac14: ; not directly referenced
+inc ebx
+add dword [ebp - 0xaca0], 0xcc
+cmp ebx, 2
+jne short loc_fffcabc6 ; jne 0xfffcabc6
+cmp byte [ebp - 0xaca3], 0
+je loc_fffcbd35 ; je 0xfffcbd35
+movzx esi, byte [ebp - 0xac9c]
+xor eax, eax
+mov dword [ebp - 0xacec], esi
+
+loc_fffcac40: ; not directly referenced
+mov esi, dword [ebp - 0xacec]
+mov byte [ebp - 0xaca4], al
+bt esi, eax
+jb short loc_fffcac5e ; jb 0xfffcac5e
+inc eax
+cmp eax, 4
+jne short loc_fffcac40 ; jne 0xfffcac40
+mov byte [ebp - 0xaca4], 0
+
+loc_fffcac5e: ; not directly referenced
+mov ecx, dword [ebp - 0xac98]
+mov al, byte [edi + 0x2488]
+mov bl, al
+mov al, cl
+sub eax, 7
+cmp al, 5
+mov byte [ebp - 0xace8], al
+setbe al
+or al, byte [ebp - 0xac94]
+mov al, 1
+cmovne ebx, eax
+mov eax, ecx
+cmp cl, 3
+sete cl
+cmp al, 1
+setbe dl
+mov eax, 1
+or cl, dl
+mov byte [ebp - 0xaca2], bl
+jne short loc_fffcacaf ; jne 0xfffcacaf
+xor eax, eax
+cmp byte [ebp - 0xac98], 2
+sete al
+
+loc_fffcacaf: ; not directly referenced
+mov dword [ebp - 0xaccc], eax
+xor eax, 1
+test byte [ebp - 0xacbb], al
+je short loc_fffcacd9 ; je 0xfffcacd9
+cmp byte [ebp - 0xacbc], 1
+setbe al
+or eax, dword [ebp - 0xac94]
+movzx eax, al
+mov dword [ebp - 0xaccc], eax
+
+loc_fffcacd9: ; not directly referenced
+cmp dword [ebp - 0xaccc], 0
+mov byte [ebp - 0xac88], 0
+je loc_fffcae2f ; je 0xfffcae2f
+xor esi, esi
+xor ebx, ebx
+cmp byte [ebp - 0xac98], 1
+jne short loc_fffcad17 ; jne 0xfffcad17
+mov edx, 0x3a04
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+cmp dword [ebp - 0xacc0], 0
+mov esi, eax
+je loc_fffcadb4 ; je 0xfffcadb4
+jmp short loc_fffcad4e ; jmp 0xfffcad4e
+
+loc_fffcad17: ; not directly referenced
+mov edx, 0x3a00
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+cmp dword [ebp - 0xacc0], 0
+mov ebx, eax
+jne short loc_fffcad4e ; jne 0xfffcad4e
+mov ecx, dword [ebp - 0xac98]
+cmp cl, 2
+je short loc_fffcad44 ; je 0xfffcad44
+cmp cl, 3
+je short loc_fffcad49 ; je 0xfffcad49
+test cl, cl
+jne short loc_fffcadbd ; jne 0xfffcadbd
+jmp short loc_fffcadb4 ; jmp 0xfffcadb4
+
+loc_fffcad44: ; not directly referenced
+shr eax, 0x1a
+jmp short loc_fffcad93 ; jmp 0xfffcad93
+
+loc_fffcad49: ; not directly referenced
+shr eax, 0x14
+jmp short loc_fffcadb4 ; jmp 0xfffcadb4
+
+loc_fffcad4e: ; not directly referenced
+mov edx, 0x3a08
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, 0x3a0c
+mov dword [ebp - 0xac88], eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov eax, dword [ebp - 0xac98]
+cmp al, 0xf
+ja short loc_fffcadc1 ; ja 0xfffcadc1
+movzx eax, al
+mov ecx, dword [ebp - 0xac88]
+jmp dword [eax*4 + ref_fffd5ae0] ; ujmp: jmp dword [eax*4 - 0x2a520]
+
+loc_fffcad86: ; not directly referenced
+mov al, bl
+jmp short loc_fffcadb4 ; jmp 0xfffcadb4
+
+loc_fffcad8a: ; not directly referenced
+mov eax, esi
+jmp short loc_fffcadb4 ; jmp 0xfffcadb4
+
+loc_fffcad8e: ; not directly referenced
+shr ebx, 0x14
+mov al, bl
+
+loc_fffcad93: ; not directly referenced
+and eax, 0x1f
+mov byte [ebp - 0xac88], al
+mov al, 0x1f
+jmp short loc_fffcadca ; jmp 0xfffcadca
+
+loc_fffcada0: ; not directly referenced
+shr ebx, 0x1a
+mov dword [ebp - 0xac88], ebx
+jmp short loc_fffcadbd ; jmp 0xfffcadbd
+
+loc_fffcadab: ; not directly referenced
+mov eax, ecx
+shr eax, 0xc
+jmp short loc_fffcadb4 ; jmp 0xfffcadb4
+
+loc_fffcadb2: ; not directly referenced
+mov al, cl
+
+loc_fffcadb4: ; not directly referenced
+and eax, 0x3f
+mov byte [ebp - 0xac88], al
+
+loc_fffcadbd: ; not directly referenced
+mov al, 0x3f
+jmp short loc_fffcadca ; jmp 0xfffcadca
+
+loc_fffcadc1: ; not directly referenced
+mov al, 0x3f
+mov byte [ebp - 0xac88], 0
+
+loc_fffcadca: ; not directly referenced
+cmp byte [ebp - 0xac98], 0xa
+sete dl
+or dl, byte [ebp - 0xac94]
+jne short loc_fffcae01 ; jne 0xfffcae01
+mov esi, dword [ebp - 0xacb0]
+mov bl, byte [ebp - 0xac88]
+mov ecx, esi
+lea edx, [ebx + ecx - 3]
+mov bl, byte [ebp - 0xac90]
+sub ecx, edx
+test dl, dl
+cmovs ebx, ecx
+mov byte [ebp - 0xac90], bl
+
+loc_fffcae01: ; not directly referenced
+movzx esi, byte [ebp - 0xaca1]
+sub eax, 3
+sub eax, dword [ebp - 0xac88]
+cmp al, byte [ebp - 0xacac]
+cmovs esi, eax
+mov eax, esi
+mov esi, dword [ebp - 0xac90]
+mov ebx, esi
+cmp al, bl
+cmovl eax, esi
+mov byte [ebp - 0xaca1], al
+
+loc_fffcae2f: ; not directly referenced
+mov eax, dword [ebp + 0x1c]
+mov dword [ebp - 0xace4], eax
+movzx eax, byte [ebp - 0xaca4]
+imul esi, eax, 0x90
+mov dword [ebp - 0xacd8], eax
+mov dword [ebp - 0xad08], esi
+add esi, 4
+mov dword [ebp - 0xad00], esi
+mov esi, dword [ebp + 0x10]
+mov dword [ebp - 0xacb8], esi
+movzx esi, byte [ebp - 0xace6]
+mov word [ebp - 0xacba], si
+
+loc_fffcae71: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+mov esi, dword [ebp - 0xacb8]
+mov word [ebp - 0xad04], ax
+sub esi, eax
+cmp si, word [ebp - 0xacba]
+jae loc_fffcb350 ; jae 0xfffcb350
+mov eax, dword [ebp - 0xacb8]
+mov al, byte [eax]
+mov cl, al
+mov byte [ebp - 0xac98], al
+movzx eax, al
+mov ebx, eax
+mov dword [ebp - 0xacb0], eax
+xor eax, eax
+cmp cl, 0x21
+ja short loc_fffcaeb9 ; ja 0xfffcaeb9
+movzx eax, byte [ebx + ref_fffd5f1c] ; movzx eax, byte [ebx - 0x2a0e4]
+
+loc_fffcaeb9: ; not directly referenced
+cmp al, 8
+mov ebx, 8
+cmovbe ebx, eax
+mov al, byte [ebp - 0xac98]
+sub eax, 0xc
+mov byte [ebp - 0xacdc], al
+cmp al, 1
+jbe short loc_fffcaefa ; jbe 0xfffcaefa
+push eax
+mov ecx, dword [ebp - 0xacb0]
+push eax
+mov eax, edi
+push dword [ebp - 0xacec]
+push dword [ebp - 0xacd8]
+lea edx, [edi + 0x2490]
+call fcn_fffa7e6c ; call 0xfffa7e6c
+add esp, 0x10
+
+loc_fffcaefa: ; not directly referenced
+cmp dword [ebp - 0xacc4], 2
+jne short loc_fffcaf27 ; jne 0xfffcaf27
+mov al, byte [ebp - 0xac98]
+mov byte [ebp - 0xac9c], 0x25
+cmp al, 0x11
+sete dl
+cmp al, 5
+sete al
+or dl, al
+jne short loc_fffcaf83 ; jne 0xfffcaf83
+cmp byte [ebp - 0xac98], 0x21
+je short loc_fffcaf83 ; je 0xfffcaf83
+
+loc_fffcaf27: ; not directly referenced
+mov al, byte [ebp - 0xac98]
+mov byte [ebp - 0xac9c], 0x36
+cmp al, 0x10
+sete dl
+cmp al, 4
+sete al
+or dl, al
+jne short loc_fffcaf83 ; jne 0xfffcaf83
+mov al, byte [ebp - 0xac98]
+cmp al, 5
+sete dl
+cmp al, 0x20
+sete al
+or dl, al
+jne short loc_fffcaf83 ; jne 0xfffcaf83
+mov al, byte [ebp - 0xac98]
+cmp al, 0x21
+sete dl
+cmp al, 0x11
+sete al
+or dl, al
+jne short loc_fffcaf83 ; jne 0xfffcaf83
+mov al, byte [ebp - 0xac98]
+cmp al, 0xd
+je short loc_fffcaf83 ; je 0xfffcaf83
+cmp al, 0xc
+mov cl, 0x1f
+mov al, 0x40
+cmove ecx, eax
+mov byte [ebp - 0xac9c], cl
+
+loc_fffcaf83: ; not directly referenced
+mov eax, dword [ebp - 0xace4]
+mov ecx, 0x14
+xor edx, edx
+movzx esi, si
+mov ax, word [eax]
+div cx
+mov cl, byte [ebp - 0xac9c]
+movzx edx, cl
+cmp dx, ax
+cmova ecx, eax
+imul ebx, ebx, 0x240
+lea eax, [edi + 0x2490]
+mov dword [ebp - 0xace0], eax
+mov byte [ebp - 0xac9c], cl
+add eax, ebx
+add eax, dword [ebp - 0xad00]
+add ebx, dword [ebp - 0xad08]
+mov dword [ebp - 0xad04], eax
+imul eax, esi, 0x1200
+mov dword [ebp - 0xacf8], ebx
+mov dword [ebp - 0xacfc], eax
+movsx eax, byte [ebp - 0xac90]
+mov byte [ebp - 0xaca0], al
+mov dword [ebp - 0xad10], eax
+movzx eax, byte [ebp - 0xaca3]
+mov dword [ebp - 0xacac], eax
+
+loc_fffcb006: ; not directly referenced
+mov al, byte [ebp - 0xaca0]
+cmp byte [ebp - 0xaca1], al
+jl loc_fffcb33e ; jl 0xfffcb33e
+movsx eax, byte [ebp - 0xaca0]
+mov dword [ebp - 0xacd0], eax
+mov eax, dword [ebp - 0xad10]
+sub dword [ebp - 0xacd0], eax
+cmp dword [ebp - 0xacc8], 0
+jne short loc_fffcb04d ; jne 0xfffcb04d
+
+loc_fffcb03a: ; not directly referenced
+movsx ax, byte [ebp - 0xaca0]
+xor ebx, ebx
+mov word [ebp - 0xacf4], ax
+jmp short loc_fffcb0a4 ; jmp 0xfffcb0a4
+
+loc_fffcb04d: ; not directly referenced
+movsx ax, byte [ebp - 0xaca0]
+mov dl, 8
+mov esi, dword [ebp - 0xaca8]
+idiv dl
+movsx ecx, ah
+mov dl, al
+cmp cl, 1
+movsx eax, al
+setle bl
+test dl, dl
+mov al, byte [esi + eax + 0x1bc]
+sete dl
+test bl, dl
+jne loc_fffcb333 ; jne 0xfffcb333
+mov edx, 1
+shl edx, cl
+test al, dl
+je short loc_fffcb03a ; je 0xfffcb03a
+jmp near loc_fffcb333 ; jmp 0xfffcb333
+
+loc_fffcb091: ; not directly referenced
+cmp byte [ebp - 0xacbb], 0
+jne short loc_fffcb113 ; jne 0xfffcb113
+
+loc_fffcb09a: ; not directly referenced
+inc ebx
+cmp ebx, 2
+je loc_fffcb14a ; je 0xfffcb14a
+
+loc_fffcb0a4: ; not directly referenced
+mov eax, dword [ebp - 0xacac]
+bt eax, ebx
+jae short loc_fffcb09a ; jae 0xfffcb09a
+xor eax, eax
+cmp byte [ebp - 0xac8c], 7
+jne short loc_fffcb0d0 ; jne 0xfffcb0d0
+imul edx, ebx, 0x13c3
+cmp dword [edi + edx + 0x3816], 2
+mov edx, 0x20
+cmove eax, edx
+
+loc_fffcb0d0: ; not directly referenced
+xor esi, esi
+mov word [ebp - 0xacd4], ax
+
+loc_fffcb0d9: ; not directly referenced
+mov eax, esi
+cmp byte [ebp - 0xaca2], al
+jbe short loc_fffcb091 ; jbe 0xfffcb091
+mov eax, dword [ebp - 0xacf4]
+mov edx, ebx
+add eax, dword [ebp - 0xacd4]
+push 0
+movzx ecx, byte [ebp + ebx - 0xac75]
+cwde
+push eax
+movzx eax, byte [ebp - 0xac8c]
+push eax
+mov eax, edi
+push esi
+inc esi
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x10
+jmp short loc_fffcb0d9 ; jmp 0xfffcb0d9
+
+loc_fffcb113: ; not directly referenced
+mov al, byte [ebp - 0xac8c]
+and eax, 0xfffffff7
+dec al
+jne loc_fffcb09a ; jne 0xfffcb09a
+mov eax, dword [ebp - 0xaca8]
+cmp byte [eax + 0x1c5], 0
+je loc_fffcb09a ; je 0xfffcb09a
+xor ecx, ecx
+mov edx, 1
+mov eax, edi
+call fcn_fffb9560 ; call 0xfffb9560
+jmp near loc_fffcb09a ; jmp 0xfffcb09a
+
+loc_fffcb14a: ; not directly referenced
+cmp byte [ebp - 0xacdc], 1
+ja loc_fffcb1ec ; ja 0xfffcb1ec
+cmp dword [ebp - 0xacc4], 3
+je short loc_fffcb1a5 ; je 0xfffcb1a5
+
+loc_fffcb160: ; not directly referenced
+push eax
+mov ecx, dword [ebp - 0xacac]
+push eax
+mov edx, dword [ebp - 0xace0]
+push 1
+lea eax, [ebp - 0xac5c]
+push eax
+movzx eax, byte [ebp - 0xac9c]
+push eax
+mov eax, edi
+push 0
+push dword [ebp - 0xacb0]
+push dword [ebp - 0xacd8]
+call fcn_fffc6051 ; call 0xfffc6051
+add esp, 0x14
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+jmp near loc_fffcb228 ; jmp 0xfffcb228
+
+loc_fffcb1a5: ; not directly referenced
+mov eax, dword [ebp - 0xad04]
+xor edx, edx
+xor ecx, ecx
+
+loc_fffcb1af: ; not directly referenced
+cmp dword [edi + edx + 0x3756], 2
+jne short loc_fffcb1d5 ; jne 0xfffcb1d5
+mov ebx, dword [eax - 4]
+cmp ebx, 0x29
+lea esi, [ebx - 0x28]
+mov ebx, dword [eax]
+cmovb esi, ecx
+mov dword [eax - 4], esi
+cmp ebx, 0x29
+lea esi, [ebx - 0x28]
+cmovb esi, ecx
+mov dword [eax], esi
+
+loc_fffcb1d5: ; not directly referenced
+add edx, 0x13c3
+add eax, 0x48
+cmp edx, 0x2786
+je loc_fffcb160 ; je 0xfffcb160
+jmp short loc_fffcb1af ; jmp 0xfffcb1af
+
+loc_fffcb1ec: ; not directly referenced
+push eax
+mov ecx, dword [ebp - 0xacac]
+push eax
+mov edx, dword [ebp - 0xace0]
+lea eax, [ebp - 0xac5c]
+push eax
+movzx eax, byte [ebp - 0xac9c]
+push eax
+lea eax, [ebp - 0xac71]
+push eax
+mov eax, dword [ebp - 0xacd8]
+push dword [ebp - 0xacb0]
+push eax
+push eax
+mov eax, edi
+call fcn_fffd13ed ; call 0xfffd13ed
+add esp, 0x20
+
+loc_fffcb228: ; not directly referenced
+movsx eax, byte [ebp - 0xacd0]
+xor ecx, ecx
+mov esi, dword [ebp - 0xacfc]
+imul eax, eax, 0x48
+lea eax, [esi + eax + 4]
+lea eax, [ebp + eax - 0xa2cc]
+mov dword [ebp - 0xacd4], eax
+
+loc_fffcb24b: ; not directly referenced
+mov eax, dword [ebp - 0xacac]
+bt eax, ecx
+jae loc_fffcb322 ; jae 0xfffcb322
+imul esi, ecx, 0x48
+mov eax, dword [ebp - 0xacd4]
+add esi, dword [ebp - 0xacf8]
+lea ebx, [eax - 4]
+add esi, edi
+
+loc_fffcb26e: ; not directly referenced
+mov al, byte [edi + 0x2488]
+mov word [ebp - 0xacd0], 0xffff
+mov byte [ebp - 0xacf4], al
+xor eax, eax
+
+loc_fffcb285: ; not directly referenced
+cmp byte [ebp - 0xacf4], al
+jbe short loc_fffcb2c0 ; jbe 0xfffcb2c0
+mov edx, dword [esi + eax*8 + 0x2490]
+mov word [ebx + eax*4], dx
+mov edx, dword [ebp - 0xacd0]
+cmp dx, word [esi + eax*8 + 0x2490]
+cmova dx, word [esi + eax*8 + 0x2490]
+inc eax
+cmp byte [ebp - 0xacdc], 1
+mov word [ebp - 0xacd0], dx
+ja short loc_fffcb285 ; ja 0xfffcb285
+
+loc_fffcb2c0: ; not directly referenced
+cmp byte [ebp - 0xaca2], 1
+jne short loc_fffcb2d2 ; jne 0xfffcb2d2
+mov eax, dword [ebp - 0xacd0]
+mov word [ebx], ax
+
+loc_fffcb2d2: ; not directly referenced
+cmp byte [ebp - 0xac94], 0
+je short loc_fffcb310 ; je 0xfffcb310
+mov al, byte [ebp - 0xac98]
+cmp al, 0xc
+je short loc_fffcb2ee ; je 0xfffcb2ee
+cmp al, 0xd
+jne short loc_fffcb310 ; jne 0xfffcb310
+jmp near loc_fffcbd2b ; jmp 0xfffcbd2b
+
+loc_fffcb2ee: ; not directly referenced
+mov eax, 0x8c
+
+loc_fffcb2f3: ; not directly referenced
+cmp word [ebx], ax
+ja short loc_fffcb310 ; ja 0xfffcb310
+sub esp, 0xc
+push edi
+mov dword [ebp - 0xacd0], ecx
+call fcn_fffc82f4 ; call 0xfffc82f4
+mov ecx, dword [ebp - 0xacd0]
+add esp, 0x10
+
+loc_fffcb310: ; not directly referenced
+add ebx, 2
+add esi, 4
+cmp ebx, dword [ebp - 0xacd4]
+jne loc_fffcb26e ; jne 0xfffcb26e
+
+loc_fffcb322: ; not directly referenced
+inc ecx
+add dword [ebp - 0xacd4], 0x24
+cmp ecx, 2
+jne loc_fffcb24b ; jne 0xfffcb24b
+
+loc_fffcb333: ; not directly referenced
+inc byte [ebp - 0xaca0]
+jmp near loc_fffcb006 ; jmp 0xfffcb006
+
+loc_fffcb33e: ; not directly referenced
+add dword [ebp - 0xace4], 2
+inc dword [ebp - 0xacb8]
+jmp near loc_fffcae71 ; jmp 0xfffcae71
+
+loc_fffcb350: ; not directly referenced
+movsx esi, byte [ebp - 0xaca1]
+movsx eax, byte [ebp - 0xac90]
+mov dword [ebp - 0xac98], 0
+mov dword [ebp - 0xacd4], esi
+sub dword [ebp - 0xacd4], eax
+mov esi, dword [ebp - 0xacd4]
+mov dword [ebp - 0xacd0], eax
+mov eax, esi
+mov byte [ebp - 0xad00], al
+inc eax
+mov byte [ebp - 0xacac], al
+lea eax, [ebp - 0x5acc]
+mov dword [ebp - 0xacf8], eax
+lea eax, [edi + 0x3756]
+mov dword [ebp - 0xacb0], eax
+mov eax, dword [ebp - 0xacb4]
+mov dword [ebp - 0xace0], eax
+movzx eax, byte [ebp - 0xace6]
+mov dword [ebp - 0xad08], eax
+shl eax, 6
+mov dword [ebp - 0xacdc], eax
+
+loc_fffcb3c9: ; not directly referenced
+movzx eax, byte [ebp - 0xaca3]
+mov esi, dword [ebp - 0xac98]
+mov dword [ebp - 0xace4], eax
+bt eax, esi
+jae loc_fffcbabc ; jae 0xfffcbabc
+mov eax, dword [ebp - 0xacf8]
+mov dword [ebp - 0xac9c], 0
+mov dword [ebp - 0xacec], eax
+
+loc_fffcb3fb: ; not directly referenced
+mov al, byte [ebp - 0xac9c]
+cmp byte [ebp - 0xaca2], al
+jbe loc_fffcbabc ; jbe 0xfffcbabc
+imul eax, dword [ebp - 0xac98], 9
+mov word [ebp - 0xacd8], 0
+mov dword [ebp - 0xacfc], eax
+
+loc_fffcb423: ; not directly referenced
+mov ax, word [ebp - 0xacba]
+mov esi, dword [ebp - 0xacd8]
+cmp si, ax
+jae loc_fffcb5de ; jae 0xfffcb5de
+mov al, byte [ebp - 0xac90]
+movzx ebx, si
+mov byte [ebp - 0xaca0], al
+mov eax, ebx
+shl eax, 6
+mov dword [ebp - 0xacb8], eax
+
+loc_fffcb453: ; not directly referenced
+mov al, byte [ebp - 0xaca0]
+cmp byte [ebp - 0xaca1], al
+jl loc_fffcb5d2 ; jl 0xfffcb5d2
+mov al, byte [ebp - 0xaca0]
+sub eax, dword [ebp - 0xacd0]
+movsx esi, al
+mov eax, dword [ebp - 0xacb8]
+add eax, esi
+cmp dword [ebp - 0xacc8], 0
+mov word [ebp + eax*2 - 0xabcc], 0
+je short loc_fffcb4df ; je 0xfffcb4df
+movsx ax, byte [ebp - 0xaca0]
+mov dl, 8
+mov ecx, dword [ebp - 0xaca8]
+idiv dl
+mov byte [ebp - 0xace6], ah
+mov dl, al
+movsx eax, al
+cmp byte [ebp - 0xace6], 1
+mov al, byte [ecx + eax + 0x1bc]
+setle cl
+test dl, dl
+sete dl
+test cl, dl
+jne loc_fffcb5c7 ; jne 0xfffcb5c7
+mov cl, byte [ebp - 0xace6]
+mov edx, 1
+shl edx, cl
+test al, dl
+jne loc_fffcb5c7 ; jne 0xfffcb5c7
+
+loc_fffcb4df: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+mov al, byte [eax + ebx]
+lea edx, [eax - 4]
+cmp dl, 1
+setbe cl
+cmp al, 0x21
+sete dl
+or cl, dl
+jne short loc_fffcb503 ; jne 0xfffcb503
+cmp al, 0x20
+je short loc_fffcb503 ; je 0xfffcb503
+cmp al, 0xd
+jne loc_fffcb587 ; jne 0xfffcb587
+
+loc_fffcb503: ; not directly referenced
+mov eax, dword [ebp + 0x18]
+imul ecx, esi, 0x12
+movzx edx, byte [eax + ebx]
+imul eax, ebx, 0x480
+add eax, ecx
+mov ecx, edx
+add eax, dword [ebp - 0xacfc]
+add eax, dword [ebp - 0xac9c]
+imul cx, word [ebp + eax*4 - 0xa2ca]
+imul edx, dword [ebp + eax*4 - 0xa2cc]
+mov word [ebp - 0xace6], dx
+mov eax, edx
+mov edx, ecx
+sub dx, word [ebp - 0xace6]
+add eax, ecx
+add eax, eax
+mov word [ebp - 0xacf4], dx
+mov edx, eax
+sub eax, dword [ebp - 0xacf4]
+add edx, dword [ebp - 0xacf4]
+cmp cx, word [ebp - 0xace6]
+mov ecx, 2
+cmovbe eax, edx
+mov edx, eax
+sar dx, 0xf
+idiv cx
+add esi, dword [ebp - 0xacb8]
+mov word [ebp + esi*2 - 0xabcc], ax
+jmp short loc_fffcb5c7 ; jmp 0xfffcb5c7
+
+loc_fffcb587: ; not directly referenced
+mov ecx, dword [ebp + 0x18]
+mov eax, dword [ebp - 0xacb8]
+movzx edx, byte [ecx + ebx]
+imul ecx, ebx, 0x480
+add eax, esi
+imul esi, esi, 0x12
+add esi, ecx
+add esi, dword [ebp - 0xacfc]
+add esi, dword [ebp - 0xac9c]
+movzx ecx, word [ebp + esi*4 - 0xa2ca]
+add ecx, dword [ebp + esi*4 - 0xa2cc]
+imul ecx, edx
+mov word [ebp + eax*2 - 0xabcc], cx
+
+loc_fffcb5c7: ; not directly referenced
+inc byte [ebp - 0xaca0]
+jmp near loc_fffcb453 ; jmp 0xfffcb453
+
+loc_fffcb5d2: ; not directly referenced
+inc word [ebp - 0xacd8]
+jmp near loc_fffcb423 ; jmp 0xfffcb423
+
+loc_fffcb5de: ; not directly referenced
+cmp byte [ebp - 0xac8c], 0xc
+mov byte [ebp - 0xaca0], 1
+sete bl
+cmp byte [ebp - 0xace8], 2
+mov byte [ebp - 0xace6], bl
+setbe al
+or al, bl
+jne loc_fffcb73c ; jne 0xfffcb73c
+cmp byte [ebp - 0xace7], 0
+je short loc_fffcb666 ; je 0xfffcb666
+cmp byte [ebp - 0xacbb], 0
+mov byte [ebp - 0xaca0], 3
+je loc_fffcb73c ; je 0xfffcb73c
+mov al, byte [ebp - 0xaca1]
+push ecx
+push ecx
+mov ecx, 8
+push 3
+lea ebx, [eax + 1]
+sub ebx, dword [ebp - 0xac90]
+push 0
+lea eax, [ebp - 0xabcc]
+movzx ebx, bl
+mov edx, ebx
+call fcn_fffa7047 ; call 0xfffa7047
+mov ecx, 8
+mov edx, ebx
+pop esi
+pop eax
+lea eax, [ebp - 0xab4c]
+push 3
+push 0
+jmp near loc_fffcb6eb ; jmp 0xfffcb6eb
+
+loc_fffcb666: ; not directly referenced
+cmp byte [ebp - 0xac8c], 5
+jne loc_fffcb6fc ; jne 0xfffcb6fc
+cmp dword [ebp - 0xacc0], 0
+je short loc_fffcb68e ; je 0xfffcb68e
+movzx eax, byte [ebp - 0xacd4]
+mov ebx, 1
+xor ecx, ecx
+mov dl, 4
+jmp short loc_fffcb69b ; jmp 0xfffcb69b
+
+loc_fffcb68e: ; not directly referenced
+movzx eax, byte [ebp - 0xacac]
+xor ebx, ebx
+mov cl, 2
+mov dl, 5
+
+loc_fffcb69b: ; not directly referenced
+movzx esi, cl
+movzx ecx, dl
+mov dword [ebp - 0xaca0], esi
+mov edx, eax
+push esi
+push esi
+push 1
+push dword [ebp - 0xaca0]
+lea esi, [ebp - 0xabcc]
+lea eax, [ebx + ebx]
+add eax, esi
+mov esi, edx
+mov dword [ebp - 0xacb8], ecx
+call fcn_fffa7047 ; call 0xfffa7047
+mov ecx, dword [ebp - 0xacb8]
+pop eax
+pop edx
+mov edx, esi
+lea eax, [ebp + ebx - 0xabcc]
+lea eax, [eax + ebx + 0x80]
+push 1
+push dword [ebp - 0xaca0]
+
+loc_fffcb6eb: ; not directly referenced
+call fcn_fffa7047 ; call 0xfffa7047
+add esp, 0x10
+mov byte [ebp - 0xaca0], 1
+jmp short loc_fffcb73c ; jmp 0xfffcb73c
+
+loc_fffcb6fc: ; not directly referenced
+cmp byte [ebp - 0xac8c], 0xa
+mov byte [ebp - 0xaca0], 5
+sete al
+or al, byte [ebp - 0xac94]
+jne short loc_fffcb73c ; jne 0xfffcb73c
+cmp byte [ebp - 0xacac], 6
+mov byte [ebp - 0xaca0], 7
+jg short loc_fffcb73c ; jg 0xfffcb73c
+mov al, byte [ebp - 0xad00]
+mov esi, dword [ebp - 0xacac]
+test al, al
+cmove eax, esi
+mov byte [ebp - 0xaca0], al
+
+loc_fffcb73c: ; not directly referenced
+mov dword [ebp - 0xacd8], 0
+
+loc_fffcb746: ; not directly referenced
+movsx ebx, byte [ebp - 0xacd8]
+movsx esi, byte [ebp - 0xacac]
+movzx eax, byte [ebp - 0xac8c]
+cmp ebx, esi
+mov dword [ebp - 0xacb8], eax
+jge loc_fffcb9c9 ; jge 0xfffcb9c9
+movsx eax, byte [ebp - 0xac88]
+push edx
+push edx
+mov edx, dword [ebp - 0xac98]
+mov ecx, eax
+mov dword [ebp - 0xacf4], eax
+mov al, byte [ebp - 0xac90]
+add eax, dword [ebp - 0xacd8]
+mov dword [ebp - 0xac68], 0
+movsx esi, al
+lea eax, [ebp - 0xac68]
+push eax
+mov eax, edi
+push 0
+push ecx
+xor ecx, ecx
+push esi
+push dword [ebp - 0xacb8]
+push dword [ebp - 0xac9c]
+call fcn_fffb887d ; call 0xfffb887d
+add esp, 0x20
+cmp byte [ebp - 0xac8c], 0xa
+mov word [ebp + ebx*2 - 0xac4c], ax
+sete al
+mov byte [ebp - 0xacfc], al
+or al, byte [ebp - 0xace6]
+jne short loc_fffcb7e5 ; jne 0xfffcb7e5
+cmp byte [ebp - 0xac94], 0
+je short loc_fffcb811 ; je 0xfffcb811
+
+loc_fffcb7e5: ; not directly referenced
+imul eax, ebx, 0x1a
+mov edx, dword [ebp - 0xac68]
+lea ecx, [ebp - 0x18]
+add eax, ecx
+mov ecx, dword [ebp - 0xac64]
+mov dword [eax - 0xa91e], edx
+mov dword [eax - 0xa932], ecx
+mov ecx, dword [ebp - 0xac60]
+mov dword [eax - 0xa92e], ecx
+
+loc_fffcb811: ; not directly referenced
+cmp byte [ebp - 0xacbc], 1
+setbe al
+or al, byte [ebp - 0xac94]
+je short loc_fffcb8a0 ; je 0xfffcb8a0
+push eax
+mov edx, dword [ebp - 0xac98]
+xor ecx, ecx
+push eax
+lea eax, [ebp - 0xac68]
+push eax
+mov eax, edi
+push 0
+push dword [ebp - 0xacf4]
+mov dword [ebp - 0xac68], 1
+push esi
+push dword [ebp - 0xacb8]
+push dword [ebp - 0xac9c]
+imul esi, ebx, 0x1a
+call fcn_fffb887d ; call 0xfffb887d
+add esp, 0x20
+lea ecx, [ebp - 0x18]
+lea edx, [ecx + esi]
+mov word [ebp + esi - 0xa94c], ax
+mov al, byte [ebp - 0xacfc]
+or al, byte [ebp - 0xac94]
+je short loc_fffcb8a0 ; je 0xfffcb8a0
+mov eax, dword [ebp - 0xac64]
+mov dword [edx - 0xa92a], eax
+mov eax, dword [ebp - 0xac60]
+mov dword [edx - 0xa926], eax
+mov eax, dword [ebp - 0xac68]
+mov dword [edx - 0xa922], eax
+
+loc_fffcb8a0: ; not directly referenced
+imul edx, ebx, 0x1a
+mov ax, word [ebp + ebx*2 - 0xac4c]
+mov esi, dword [ebp - 0xacdc]
+mov ecx, eax
+add cx, word [ebp + edx - 0xa94c]
+cmp dword [ebp - 0xacc8], 0
+lea edx, [esi + ebx]
+mov word [ebp + edx*2 - 0xabcc], cx
+je short loc_fffcb8e1 ; je 0xfffcb8e1
+mov esi, 0x3e8
+xor edx, edx
+div si
+mov word [ebp + ebx*2 - 0xac4c], ax
+
+loc_fffcb8e1: ; not directly referenced
+mov al, byte [ebp - 0xac8c]
+test al, al
+sete dl
+cmp al, 9
+sete al
+or dl, al
+jne short loc_fffcb8fe ; jne 0xfffcb8fe
+cmp byte [ebp - 0xac8c], 1
+jne short loc_fffcb91a ; jne 0xfffcb91a
+
+loc_fffcb8fe: ; not directly referenced
+mov eax, dword [ebp - 0xacdc]
+movzx ecx, cx
+lea esi, [eax + ebx]
+mov eax, 0xdb88
+cdq
+idiv ecx
+mov word [ebp + esi*2 - 0xabcc], ax
+
+loc_fffcb91a: ; not directly referenced
+cmp byte [ebp - 0xac8c], 4
+jne loc_fffcb9be ; jne 0xfffcb9be
+mov eax, dword [ebp - 0xacb0]
+cmp dword [eax + 0xc0], 1
+jne loc_fffcb9be ; jne 0xfffcb9be
+movzx edx, byte [eax + 0xc4]
+xor eax, eax
+
+loc_fffcb943: ; not directly referenced
+bt edx, eax
+jb short loc_fffcb950 ; jb 0xfffcb950
+inc eax
+cmp eax, 4
+jne short loc_fffcb943 ; jne 0xfffcb943
+jmp short loc_fffcb956 ; jmp 0xfffcb956
+
+loc_fffcb950: ; not directly referenced
+mov byte [ebp - 0xaca4], al
+
+loc_fffcb956: ; not directly referenced
+cmp dword [ebp - 0xacc4], 3
+jne short loc_fffcb971 ; jne 0xfffcb971
+
+loc_fffcb95f: ; not directly referenced
+add ebx, dword [ebp - 0xacdc]
+mov word [ebp + ebx*2 - 0xabcc], 1
+jmp short loc_fffcb9be ; jmp 0xfffcb9be
+
+loc_fffcb971: ; not directly referenced
+mov al, byte [ebp - 0xaca4]
+mov esi, dword [ebp - 0xacb0]
+mov edx, eax
+shr al, 1
+and edx, 1
+movzx eax, al
+imul edx, edx, 0x18
+imul eax, eax, 0x128
+add eax, edx
+mov ax, word [esi + eax + 0x126d]
+mov ecx, eax
+mov edx, eax
+shr cx, 9
+shr dx, 6
+and ecx, 1
+and edx, 1
+shl ecx, 2
+add edx, edx
+shr ax, 2
+or edx, ecx
+and eax, 1
+or dl, al
+je short loc_fffcb95f ; je 0xfffcb95f
+
+loc_fffcb9be: ; not directly referenced
+inc dword [ebp - 0xacd8]
+jmp near loc_fffcb746 ; jmp 0xfffcb746
+
+loc_fffcb9c9: ; not directly referenced
+sub esp, 0xc
+mov edx, dword [ebp - 0xac98]
+push dword [ebp - 0xacb8]
+movzx eax, byte [ebp - 0xacac]
+lea ebx, [ebp - 0xabcc]
+movzx ecx, byte [ebp + edx - 0xac75]
+push 1
+push dword [ebp - 0xad08]
+push dword [ebp + 0x18]
+push dword [ebp + 0x10]
+push eax
+mov eax, edi
+push 0x40
+push ebx
+push 0
+call fcn_fffb97c0 ; call 0xfffb97c0
+movsx eax, byte [ebp - 0xad09]
+add esp, 0x2c
+mov ecx, ebx
+push eax
+movzx eax, byte [ebp - 0xaca0]
+push dword [ebp + 0x1c]
+push dword [ebp - 0xacf0]
+push eax
+mov eax, edi
+push dword [ebp + 0x18]
+push esi
+mov esi, dword [ebp - 0xacec]
+push 0x40
+mov edx, esi
+call fcn_fffa5d2d ; call 0xfffa5d2d
+movsx bx, byte [esi + 2]
+add esp, 0x20
+add bx, word [esi]
+xor edx, edx
+cmp byte [ebp - 0xac8c], 7
+jne short loc_fffcba66 ; jne 0xfffcba66
+mov eax, dword [ebp - 0xacb0]
+cmp dword [eax + 0xc0], 2
+mov eax, 0x20
+cmove edx, eax
+
+loc_fffcba66: ; not directly referenced
+movsx ax, byte [ebp - 0xac90]
+push 1
+mov esi, dword [ebp - 0xac9c]
+sub eax, edx
+mov edx, dword [ebp - 0xac98]
+add ebx, eax
+movsx eax, bx
+push eax
+mov eax, edi
+push dword [ebp - 0xacb8]
+movzx ecx, byte [ebp + edx - 0xac75]
+push esi
+call fcn_fffafdb2 ; call 0xfffafdb2
+mov ecx, dword [ebp - 0xace0]
+add esp, 0x10
+inc dword [ebp - 0xac9c]
+add dword [ebp - 0xacec], 0x50a
+mov word [ecx + esi*2], bx
+jmp near loc_fffcb3fb ; jmp 0xfffcb3fb
+
+loc_fffcbabc: ; not directly referenced
+inc dword [ebp - 0xac98]
+add dword [ebp - 0xacf8], 0x2d5a
+add dword [ebp - 0xace0], 0x12
+add dword [ebp - 0xacb0], 0x13c3
+cmp dword [ebp - 0xac98], 2
+jne loc_fffcb3c9 ; jne 0xfffcb3c9
+cmp dword [ebp - 0xaccc], 0
+je short loc_fffcbb0b ; je 0xfffcbb0b
+mov eax, dword [ebp - 0xaca8]
+mov edx, 0x2008
+mov ecx, dword [eax + 0x18]
+mov eax, edi
+or ecx, 0x20
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffcbb0b: ; not directly referenced
+lea eax, [edi + 0x2490]
+xor esi, esi
+mov dword [ebp - 0xac94], eax
+
+loc_fffcbb19: ; not directly referenced
+mov eax, dword [ebp - 0xacb4]
+cmp word [ebp - 0xacba], si
+jbe loc_fffcbc10 ; jbe 0xfffcbc10
+mov dword [ebp - 0xac88], eax
+imul eax, esi, 0x480
+xor edx, edx
+mov dword [ebp - 0xac90], eax
+
+loc_fffcbb40: ; not directly referenced
+mov eax, dword [ebp - 0xace4]
+bt eax, edx
+jb short loc_fffcbb77 ; jb 0xfffcbb77
+
+loc_fffcbb4b: ; not directly referenced
+inc edx
+add dword [ebp - 0xac88], 0x12
+cmp edx, 2
+jne short loc_fffcbb40 ; jne 0xfffcbb40
+mov eax, dword [ebp + 0x10]
+sub esp, 0xc
+mov edx, dword [ebp - 0xac94]
+movzx ecx, byte [eax + esi]
+mov eax, edi
+inc esi
+push 0
+call fcn_fffa7d98 ; call 0xfffa7d98
+add esp, 0x10
+jmp short loc_fffcbb19 ; jmp 0xfffcbb19
+
+loc_fffcbb77: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+xor ebx, ebx
+movzx eax, byte [eax + esi]
+cmp al, 0x21
+ja short loc_fffcbb8b ; ja 0xfffcbb8b
+movzx ebx, byte [eax + ref_fffd5f1c] ; movzx ebx, byte [eax - 0x2a0e4]
+
+loc_fffcbb8b: ; not directly referenced
+imul ebx, ebx, 0x240
+imul eax, edx, 0x48
+add eax, ebx
+add eax, edi
+lea ebx, [edx + edx*8]
+mov ecx, eax
+mov dword [ebp - 0xac8c], ebx
+xor eax, eax
+
+loc_fffcbba5: ; not directly referenced
+cmp byte [ebp - 0xaca2], al
+jbe short loc_fffcbb4b ; jbe 0xfffcbb4b
+mov ebx, dword [ebp - 0xac88]
+movsx ebx, word [ebx + eax*2]
+sub ebx, dword [ebp - 0xacd0]
+imul ebx, ebx, 0x12
+add ebx, dword [ebp - 0xac90]
+add ebx, dword [ebp - 0xac8c]
+add ebx, eax
+movzx ebx, word [ebp + ebx*4 - 0xa2cc]
+mov dword [ecx + eax*8 + 0x2490], ebx
+mov ebx, dword [ebp - 0xac88]
+movsx ebx, word [ebx + eax*2]
+sub ebx, dword [ebp - 0xacd0]
+imul ebx, ebx, 0x12
+add ebx, dword [ebp - 0xac90]
+add ebx, dword [ebp - 0xac8c]
+add ebx, eax
+movzx ebx, word [ebp + ebx*4 - 0xa2ca]
+mov dword [ecx + eax*8 + 0x2494], ebx
+inc eax
+jmp short loc_fffcbba5 ; jmp 0xfffcbba5
+
+loc_fffcbc10: ; not directly referenced
+mov esi, dword [ebp + 0x10]
+add eax, 0x24
+mov byte [eax + 0x18], 4
+mov dword [ebp - 0xac90], eax
+
+loc_fffcbc20: ; not directly referenced
+mov ecx, esi
+sub ecx, dword [ebp - 0xad04]
+cmp cx, word [ebp - 0xacba]
+jae loc_fffcbd22 ; jae 0xfffcbd22
+movzx edx, byte [esi]
+xor eax, eax
+cmp dl, 0x21
+ja short loc_fffcbc46 ; ja 0xfffcbc46
+movzx eax, byte [edx + ref_fffd5f1c] ; movzx eax, byte [edx - 0x2a0e4]
+
+loc_fffcbc46: ; not directly referenced
+mov ebx, dword [ebp - 0xacb4]
+movzx ecx, cx
+imul eax, eax, 0x240
+mov dword [ebp - 0xac88], 0
+lea ebx, [ebx + ecx*2]
+mov dword [ebp - 0xac94], ebx
+mov ebx, dword [ebp - 0xac90]
+add eax, edi
+mov dword [ebp - 0xac8c], ebx
+
+loc_fffcbc76: ; not directly referenced
+mov ecx, dword [ebp - 0xace4]
+mov edx, dword [ebp - 0xac88]
+bt ecx, edx
+jae short loc_fffcbcf8 ; jae 0xfffcbcf8
+xor edx, edx
+
+loc_fffcbc89: ; not directly referenced
+cmp dl, byte [ebp - 0xaca2]
+jae short loc_fffcbce6 ; jae 0xfffcbce6
+test dl, dl
+jne short loc_fffcbca3 ; jne 0xfffcbca3
+mov ecx, dword [eax + 0x2490]
+add ecx, dword [eax + 0x2494]
+jmp short loc_fffcbcda ; jmp 0xfffcbcda
+
+loc_fffcbca3: ; not directly referenced
+mov ecx, dword [eax + edx*8 + 0x2494]
+mov ebx, dword [eax + edx*8 + 0x2490]
+mov dword [ebp - 0xac9c], eax
+mov eax, dword [ebp - 0xac8c]
+mov dword [ebp - 0xac98], ecx
+add ecx, ebx
+movzx eax, word [eax]
+cmp eax, ecx
+mov eax, dword [ebp - 0xac9c]
+jbe short loc_fffcbce3 ; jbe 0xfffcbce3
+mov ecx, ebx
+add ecx, dword [ebp - 0xac98]
+
+loc_fffcbcda: ; not directly referenced
+mov ebx, dword [ebp - 0xac8c]
+mov word [ebx], cx
+
+loc_fffcbce3: ; not directly referenced
+inc edx
+jmp short loc_fffcbc89 ; jmp 0xfffcbc89
+
+loc_fffcbce6: ; not directly referenced
+mov dl, byte [esi]
+mov ecx, dword [ebp - 0xac94]
+mov ebx, dword [ebp - 0xac88]
+mov byte [ecx + ebx + 0x34], dl
+
+loc_fffcbcf8: ; not directly referenced
+inc dword [ebp - 0xac88]
+add eax, 0x48
+add dword [ebp - 0xac8c], 2
+cmp dword [ebp - 0xac88], 2
+jne loc_fffcbc76 ; jne 0xfffcbc76
+add dword [ebp - 0xac90], 4
+inc esi
+jmp near loc_fffcbc20 ; jmp 0xfffcbc20
+
+loc_fffcbd22: ; not directly referenced
+mov byte [edi + 0x247a], 0
+jmp short loc_fffcbd35 ; jmp 0xfffcbd35
+
+loc_fffcbd2b: ; not directly referenced
+mov eax, 0xdc
+jmp near loc_fffcb2f3 ; jmp 0xfffcb2f3
+
+loc_fffcbd35: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcbd3d: ; not directly referenced
+push ebp
+mov ebp, esp
+push esi
+push ebx
+sub esp, 0x54
+mov ebx, dword [ebp + 8]
+lea esi, [ebp - 0x50]
+mov byte [ebp - 0x57], 4
+mov byte [ebp - 0x56], 1
+mov eax, dword [ebx + 0x2443]
+push 0
+push 5
+push esi
+mov byte [ebp - 0x55], 1
+mov byte [ebp - 0x54], 2
+mov byte [ebp - 0x53], 1
+mov byte [ebp - 0x52], 0
+mov byte [ebp - 0x51], 0
+call dword [eax + 0x60] ; ucall
+movzx edx, byte [ebp - 0x57]
+mov ecx, 1
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+movzx edx, byte [ebp - 0x56]
+mov ecx, 1
+mov word [ebp - 0x50], ax
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+add esp, 0x10
+cmp dword [ebx + 0x2480], 3
+mov word [ebp - 0x4e], ax
+jne short loc_fffcbdd5 ; jne 0xfffcbdd5
+push eax
+mov ecx, 3
+push 0
+push 0
+push 0xf
+push 2
+push 0
+push esi
+lea eax, [ebp - 0x55]
+push eax
+push 2
+lea eax, [ebp - 0x57]
+push eax
+mov eax, ebx
+push 9
+push 0xf
+lea edx, [ebp - 0x46]
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+
+loc_fffcbdd5: ; not directly referenced
+lea esp, [ebp - 8]
+xor eax, eax
+pop ebx
+pop esi
+pop ebp
+ret
+
+fcn_fffcbdde: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+add esp, 0xffffff80
+mov edi, dword [ebp + 8]
+lea edx, [ebp - 0x60]
+mov byte [ebp - 0x6f], 4
+mov byte [ebp - 0x6e], 1
+mov eax, dword [edi + 0x2443]
+mov ebx, dword [edi + 0x1887]
+mov esi, dword [edi + 0x5edc]
+push 0
+push 5
+push edx
+mov byte [ebp - 0x6a], 1
+mov byte [ebp - 0x69], 2
+mov byte [ebp - 0x68], 1
+mov byte [ebp - 0x67], 0
+mov byte [ebp - 0x66], 0
+mov byte [ebp - 0x6d], 4
+mov byte [ebp - 0x6c], 1
+mov byte [ebp - 0x6b], 0xb
+mov byte [ebp - 0x65], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 2
+mov byte [ebp - 0x62], 1
+mov byte [ebp - 0x61], 0
+call dword [eax + 0x60] ; ucall
+mov edx, 0x3a04
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+add esp, 0x10
+mov edx, dword [edi + 0x2480]
+and eax, 0x3f
+cmp ebx, 0x306d0
+mov byte [ebp - 0x88], al
+sete al
+cmp ebx, 0x40650
+sete cl
+or al, cl
+je short loc_fffcbe8f ; je 0xfffcbe8f
+cmp edx, 3
+je short loc_fffcbeb2 ; je 0xfffcbeb2
+mov byte [ebp - 0x85], 9
+mov byte [ebp - 0x7e], 0x1e
+mov word [ebp - 0x80], 0xe6
+jmp short loc_fffcbea0 ; jmp 0xfffcbea0
+
+loc_fffcbe8f: ; not directly referenced
+mov byte [ebp - 0x85], 9
+mov byte [ebp - 0x7e], 0x1e
+mov word [ebp - 0x80], 0xb4
+
+loc_fffcbea0: ; not directly referenced
+lea eax, [ebp - 0x6a]
+mov dword [ebp - 0x84], eax
+lea eax, [ebp - 0x6f]
+mov byte [ebp - 0x7d], 2
+jmp short loc_fffcbed3 ; jmp 0xfffcbed3
+
+loc_fffcbeb2: ; not directly referenced
+lea eax, [ebp - 0x65]
+mov dword [ebp - 0x84], eax
+lea eax, [ebp - 0x6d]
+mov byte [ebp - 0x85], 0xa
+mov byte [ebp - 0x7e], 0x50
+mov word [ebp - 0x80], 0xe6
+mov byte [ebp - 0x7d], 3
+
+loc_fffcbed3: ; not directly referenced
+mov dword [ebp - 0x7c], eax
+xor ebx, ebx
+
+loc_fffcbed8: ; not directly referenced
+mov eax, dword [ebp - 0x7c]
+mov ecx, 1
+movzx edx, byte [eax + ebx]
+mov eax, edi
+call fcn_fffb13cf ; call 0xfffb13cf
+mov word [ebp + ebx*2 - 0x60], ax
+inc ebx
+cmp byte [ebp - 0x7d], bl
+ja short loc_fffcbed8 ; ja 0xfffcbed8
+mov ecx, dword [esi + 0xc]
+mov esi, ecx
+shr ecx, 0xf
+mov al, cl
+and eax, 0x1f
+shr esi, 3
+and esi, 1
+and cl, 0x10
+lea edx, [eax - 0x20]
+cmove edx, eax
+mov eax, edi
+movsx edx, dl
+call fcn_fffa6cfe ; call 0xfffa6cfe
+movzx ecx, byte [ebp - 0x88]
+mov edx, esi
+xor edx, 1
+movzx esi, dl
+shl esi, 4
+mov ebx, eax
+movzx eax, dl
+shl eax, 4
+xor edx, edx
+add eax, ecx
+imul ebx, eax
+movzx eax, byte [ebp - 0x88]
+mov word [ebp - 0x88], ax
+mov eax, ebx
+div word [ebp - 0x80]
+mov ecx, eax
+movzx eax, bx
+movzx ebx, byte [ebp - 0x7e]
+cdq
+sub ecx, esi
+sub ecx, dword [ebp - 0x88]
+idiv ebx
+mov dl, 0xf0
+sub eax, esi
+sub eax, dword [ebp - 0x88]
+cmp cx, 0xfff1
+cmovge edx, ecx
+movsx ecx, dl
+add edx, 0x17
+movsx esi, al
+lea ebx, [ecx + 0x17]
+cmp esi, ebx
+cmovg eax, edx
+push edx
+movzx edx, byte [ebp - 0x85]
+cmp al, 0xf
+push 0
+push edx
+mov dl, 0xf
+cmovle edx, eax
+push 0x11
+movsx edx, dl
+push edx
+push ecx
+mov ecx, 3
+lea eax, [ebp - 0x60]
+push eax
+movzx eax, byte [ebp - 0x7d]
+push dword [ebp - 0x84]
+lea edx, [ebp - 0x56]
+push eax
+mov eax, edi
+push dword [ebp - 0x7c]
+push 1
+push 0xf
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x28
+mov eax, edi
+push 0
+mov ecx, 3
+push 0x11
+push 0
+push 0
+push 0
+lea edx, [edi + 0x2490]
+push 1
+call fcn_fffc0a2d ; call 0xfffc0a2d
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcbfee: ; not directly referenced
+push ebp
+mov ecx, 0xa
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd5b20 ; mov esi, 0xfffd5b20
+push ebx
+sub esp, 0x7c
+mov eax, dword [ebp + 8]
+lea edi, [ebp - 0x60]
+mov byte [ebp - 0x6e], 4
+lea ebx, [ebp - 0x60]
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+mov byte [ebp - 0x6d], 1
+lea esi, [eax + 0x3756]
+mov byte [ebp - 0x6c], 5
+mov byte [ebp - 0x6b], 2
+mov byte [ebp - 0x70], 5
+mov byte [ebp - 0x6f], 2
+mov byte [ebp - 0x6a], 1
+mov byte [ebp - 0x69], 2
+mov byte [ebp - 0x68], 1
+mov byte [ebp - 0x67], 2
+mov byte [ebp - 0x66], 0
+mov byte [ebp - 0x65], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 0
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+mov dword [ebp - 0x7c], 0
+
+loc_fffcc059: ; not directly referenced
+cmp dword [esi], 2
+jne loc_fffcc10d ; jne 0xfffcc10d
+mov cl, byte [ebp - 0x7c]
+mov edi, 1
+shl edi, cl
+cmp dword [esi + 0xc0], 2
+jne short loc_fffcc0e3 ; jne 0xfffcc0e3
+push edx
+mov ecx, edi
+push 0
+push 0
+push 0xf
+push 4
+push 1
+push ebx
+lea eax, [ebp - 0x6a]
+push eax
+push 4
+lea eax, [ebp - 0x6e]
+push eax
+mov eax, dword [ebp + 8]
+push 7
+push 0xf
+lea edx, [ebp - 0x56]
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x2c
+mov ecx, edi
+push 0
+push 0
+push 0xf
+push 2
+push 1
+push ebx
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x70]
+push eax
+mov eax, dword [ebp + 8]
+push 8
+push 3
+lea edx, [ebp - 0x56]
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x2c
+push 0
+push 0
+push 0xf
+push 2
+push 1
+push ebx
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x70]
+push eax
+push 8
+push 0xc
+jmp short loc_fffcc0fd ; jmp 0xfffcc0fd
+
+loc_fffcc0e3: ; not directly referenced
+push eax
+push 0
+push 0
+push 0xf
+push 2
+push 0
+push ebx
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x70]
+push eax
+push 7
+push 0xf
+
+loc_fffcc0fd: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov ecx, edi
+lea edx, [ebp - 0x56]
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+
+loc_fffcc10d: ; not directly referenced
+inc dword [ebp - 0x7c]
+add esi, 0x13c3
+cmp dword [ebp - 0x7c], 2
+jne loc_fffcc059 ; jne 0xfffcc059
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcc12a: ; not directly referenced
+push ebp
+mov ecx, 0xa
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd5b2c ; mov esi, 0xfffd5b2c
+push ebx
+sub esp, 0x5c
+mov ebx, dword [ebp + 8]
+lea edi, [ebp - 0x60]
+mov byte [ebp - 0x67], 5
+mov byte [ebp - 0x66], 2
+mov eax, dword [ebx + 0x1887]
+mov byte [ebp - 0x65], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 0
+cmp eax, 0x306d0
+sete dl
+cmp eax, 0x40650
+sete al
+or dl, al
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+je short loc_fffcc1e4 ; je 0xfffcc1e4
+mov cl, 1
+mov edx, 5
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+mov edx, dword [ebp - 0x60]
+mov ecx, 1
+cmp ax, dx
+cmovae edx, eax
+mov eax, ebx
+mov word [ebp - 0x60], dx
+mov edx, 2
+call fcn_fffb13cf ; call 0xfffb13cf
+mov dx, word [ebp - 0x5e]
+mov ecx, 3
+cmp ax, dx
+cmovae edx, eax
+push eax
+push 0
+push 0
+push 0xf
+push 8
+push 0xfffffffffffffff1
+lea eax, [ebp - 0x60]
+push eax
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x67]
+push eax
+mov eax, ebx
+push 2
+push 0xf
+mov word [ebp - 0x5e], dx
+lea edx, [ebp - 0x56]
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+
+loc_fffcc1e4: ; not directly referenced
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcc1ee: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x6c
+mov ebx, dword [ebp + 8]
+mov byte [ebp - 0x67], 0xd
+mov byte [ebp - 0x66], 0xc
+mov byte [ebp - 0x65], 1
+cmp dword [ebx + 0x188b], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 1
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+jne loc_fffcc2f7 ; jne 0xfffcc2f7
+movzx esi, byte [ebx + 0x248e]
+lea ecx, [ebp - 0x60]
+movzx edi, byte [ebx + 0x248d]
+push eax
+mov eax, dword [ebx + 0x2443]
+push 0
+push 5
+push ecx
+call dword [eax + 0x60] ; ucall
+movzx edx, byte [ebp - 0x67]
+mov ecx, 1
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+movzx edx, byte [ebp - 0x66]
+mov ecx, 1
+mov word [ebp - 0x60], ax
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+add esp, 0xc
+mov ecx, edi
+push 0
+push 0
+push 0xf
+push 0
+push 0xfffffffffffffff8
+lea edi, [ebp - 0x67]
+mov word [ebp - 0x5e], ax
+mov eax, esi
+lea esi, [ebp - 0x60]
+push esi
+lea esi, [ebp - 0x65]
+push esi
+push 2
+push edi
+push 0xf
+push ecx
+lea edx, [ebp - 0x56]
+mov dword [ebp - 0x6c], ecx
+mov ecx, eax
+mov dword [ebp - 0x70], eax
+mov eax, ebx
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+mov edx, 0x3a08
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, eax
+shr edx, 0x12
+shr eax, 0xc
+and edx, 0x3f
+and eax, 0x3f
+cmp dl, al
+push ecx
+cmovle eax, edx
+mov ecx, dword [ebp - 0x70]
+mov dl, 5
+push 0
+sub edx, eax
+push 0
+cmp dl, 0xf8
+mov al, 0xf8
+push 0xf
+cmovge eax, edx
+push 0
+movsx eax, al
+push eax
+mov eax, ebx
+lea edx, [ebp - 0x60]
+push edx
+push esi
+push 2
+push edi
+push 0xa
+push dword [ebp - 0x6c]
+lea edx, [ebp - 0x56]
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+
+loc_fffcc2f7: ; not directly referenced
+sub esp, 0xc
+push ebx
+call fcn_fffc82f4 ; call 0xfffc82f4
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcc30a: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x6c
+mov ebx, dword [ebp + 8]
+mov byte [ebp - 0x67], 0xd
+mov byte [ebp - 0x66], 0xc
+mov byte [ebp - 0x65], 1
+cmp dword [ebx + 0x188b], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 1
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+jne short loc_fffcc3b3 ; jne 0xfffcc3b3
+movzx eax, byte [ebx + 0x248d]
+lea esi, [ebp - 0x60]
+movzx edi, byte [ebx + 0x248e]
+mov dword [ebp - 0x6c], eax
+push eax
+mov eax, dword [ebx + 0x2443]
+push 0
+push 5
+push esi
+call dword [eax + 0x60] ; ucall
+movzx edx, byte [ebp - 0x67]
+mov ecx, 1
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+movzx edx, byte [ebp - 0x66]
+mov ecx, 1
+mov word [ebp - 0x60], ax
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+add esp, 0xc
+mov ecx, edi
+push 0
+push 0
+push 0xf
+push 3
+push 0
+push esi
+lea edx, [ebp - 0x56]
+mov word [ebp - 0x5e], ax
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x67]
+push eax
+mov eax, dword [ebp - 0x6c]
+push 0xc
+push eax
+mov eax, ebx
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+
+loc_fffcc3b3: ; not directly referenced
+sub esp, 0xc
+push ebx
+call fcn_fffc82f4 ; call 0xfffc82f4
+lea esp, [ebp - 0xc]
+xor eax, eax
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcc3c6: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, ecx
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x70
+mov eax, dword [eax + 0x2443]
+push 0
+push 5
+lea esi, [ebp - 0x60]
+push esi
+mov dword [ebp - 0x6c], edx
+mov byte [ebp - 0x67], 5
+mov byte [ebp - 0x66], 2
+mov byte [ebp - 0x65], 1
+mov byte [ebp - 0x64], 2
+mov byte [ebp - 0x63], 1
+mov byte [ebp - 0x62], 0
+mov byte [ebp - 0x61], 0
+call dword [eax + 0x60] ; ucall
+movzx edx, byte [ebp - 0x67]
+mov ecx, 1
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+movzx edx, byte [ebp - 0x66]
+mov ecx, 1
+mov word [ebp - 0x60], ax
+mov eax, ebx
+call fcn_fffb13cf ; call 0xfffb13cf
+add esp, 0xc
+movzx ecx, byte [ebp - 0x6c]
+cmp dword [ebx + 0x188b], 1
+push 1
+push 0
+push 0xf
+push 0xa
+lea edx, [ebp - 0x56]
+mov word [ebp - 0x5e], ax
+sbb eax, eax
+and eax, 4
+sub eax, 0x11
+movsx eax, al
+push eax
+push esi
+lea eax, [ebp - 0x65]
+push eax
+push 2
+lea eax, [ebp - 0x67]
+push eax
+mov eax, ebx
+push 0
+push 0xf
+call fcn_fffca96e ; call 0xfffca96e
+add esp, 0x30
+xor eax, eax
+cmp dword [ebp + 8], 0
+je short loc_fffcc493 ; je 0xfffcc493
+push eax
+mov ecx, 3
+push eax
+mov eax, ebx
+push 0
+push edi
+push 0
+push 0
+push 0
+push 2
+lea edx, [ebx + 0x2490]
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+
+loc_fffcc493: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcc49b: ; not directly referenced
+push ebp
+mov ecx, 0xf
+mov ebp, esp
+mov edx, 3
+mov eax, dword [ebp + 8]
+mov dword [ebp + 8], 1
+pop ebp
+jmp near fcn_fffcc3c6 ; jmp 0xfffcc3c6
+
+fcn_fffcc4b8: ; not directly referenced
+push ebp
+mov ebp, esp
+mov ecx, dword [ebp + 0x10]
+mov eax, dword [ebp + 0x18]
+mov edx, dword [ebp + 0x1c]
+mov dword [ecx], eax
+mov dword [ecx + 4], edx
+pop ebp
+ret
+
+fcn_fffcc4cb: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x3c
+mov eax, dword [ebp + 0x14]
+mov ebx, dword [ebp + 0xc]
+mov edi, dword [ebp + 8]
+mov edx, dword [ebp + 0x10]
+mov dword [ebp - 0x2c], eax
+mov eax, dword [ebp + 0x20]
+mov dword [ebp - 0x24], ebx
+mov byte [ebp - 0x32], bl
+mov byte [ebp - 0x31], dl
+mov dword [ebp - 0x3c], eax
+mov eax, dword [ebp + 0x24]
+mov dword [ebp - 0x40], eax
+mov al, byte [ebp + 0x18]
+mov byte [ebp - 0x33], al
+mov al, byte [ebp + 0x1c]
+mov byte [ebp - 0x34], al
+mov eax, dword [edi + 0x5edc]
+cmp bl, 1
+ja loc_fffcc70e ; ja 0xfffcc70e
+cmp dword [edi + 0x2480], 2
+jne loc_fffcc70e ; jne 0xfffcc70e
+movzx eax, byte [ebp - 0x24]
+mov dword [ebp - 0x1c], 0
+mov dword [ebp - 0x38], eax
+imul eax, eax, 0x13c3
+lea ebx, [edi + eax + 0x3756]
+add eax, edi
+mov dword [ebp - 0x48], eax
+
+loc_fffcc540: ; not directly referenced
+mov cl, byte [ebp - 0x1c]
+mov edx, 1
+shl edx, cl
+test byte [ebp - 0x33], dl
+je loc_fffcc6f7 ; je 0xfffcc6f7
+mov eax, dword [ebp - 0x48]
+test byte [eax + 0x381a], dl
+je loc_fffcc6f7 ; je 0xfffcc6f7
+mov esi, dword [ebp - 0x1c]
+imul eax, esi, 0x18
+mov dword [ebp - 0x30], eax
+mov ax, word [ebx + eax + 0x1277]
+mov word [ebp - 0x28], ax
+or word [ebp - 0x28], 0x80
+mov eax, dword [ebp - 0x28]
+cmp dword [ebp - 0x3c], 0
+mov word [ebp - 0x20], ax
+je loc_fffcc666 ; je 0xfffcc666
+movzx eax, byte [ebp - 0x34]
+imul esi, esi, 0x70
+mov dword [ebp - 0x28], 0
+mov dword [ebp - 0x30], eax
+movzx eax, byte [ebp - 0x32]
+add esi, ebx
+mov dword [ebp - 0x44], eax
+
+loc_fffcc5a8: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+mov edx, dword [ebp - 0x28]
+bt eax, edx
+jae loc_fffcc651 ; jae 0xfffcc651
+mov cx, word [esi + 0x109f]
+mov al, cl
+and ecx, 0x3f
+and eax, 0x7f
+mov dl, al
+or edx, 0xffffffc0
+test al, 0x60
+cmove edx, ecx
+lea eax, [edx - 0xd]
+cmp dl, 0xc
+jg short loc_fffcc5e3 ; jg 0xfffcc5e3
+xor eax, eax
+cmp dl, 0xe4
+lea ecx, [edx + 0x1b]
+cmovle eax, ecx
+
+loc_fffcc5e3: ; not directly referenced
+add eax, dword [ebp - 0x2c]
+cmp al, 0x25
+jg short loc_fffcc5f4 ; jg 0xfffcc5f4
+cmp al, 0xdb
+jl short loc_fffcc5fb ; jl 0xfffcc5fb
+test al, al
+jns short loc_fffcc5f6 ; jns 0xfffcc5f6
+jmp short loc_fffcc5fd ; jmp 0xfffcc5fd
+
+loc_fffcc5f4: ; not directly referenced
+mov al, 0x25
+
+loc_fffcc5f6: ; not directly referenced
+add eax, 0xd
+jmp short loc_fffcc600 ; jmp 0xfffcc600
+
+loc_fffcc5fb: ; not directly referenced
+mov al, 0xdb
+
+loc_fffcc5fd: ; not directly referenced
+sub eax, 0x1b
+
+loc_fffcc600: ; not directly referenced
+and eax, 0x7f
+mov cl, byte [ebp - 0x28]
+mov dl, al
+and eax, 0x3f
+shr dl, 6
+and word [ebp - 0x20], 0xff80
+and edx, 1
+shl edx, 6
+or word [ebp - 0x20], dx
+or word [ebp - 0x20], ax
+mov eax, 1
+push edx
+mov edx, dword [ebp - 0x44]
+shl eax, cl
+mov ecx, dword [ebp - 0x1c]
+push eax
+movzx eax, word [ebp - 0x20]
+push 6
+push eax
+mov eax, edi
+call fcn_fffaa285 ; call 0xfffaa285
+add esp, 0x10
+cmp byte [ebp - 0x31], 0
+je short loc_fffcc651 ; je 0xfffcc651
+mov eax, dword [ebp - 0x20]
+mov word [esi + 0x109f], ax
+
+loc_fffcc651: ; not directly referenced
+inc dword [ebp - 0x28]
+add esi, 0xe
+cmp dword [ebp - 0x28], 8
+jne loc_fffcc5a8 ; jne 0xfffcc5a8
+jmp near loc_fffcc6f7 ; jmp 0xfffcc6f7
+
+loc_fffcc666: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+mov si, word [ebx + eax + 0x1277]
+mov ecx, esi
+and esi, 0x3f
+and ecx, 0x7f
+mov al, cl
+or eax, 0xffffffc0
+and cl, 0x60
+cmove eax, esi
+lea ecx, [eax - 0xd]
+cmp al, 0xc
+jg short loc_fffcc695 ; jg 0xfffcc695
+xor ecx, ecx
+cmp al, 0xe4
+lea esi, [eax + 0x1b]
+cmovle ecx, esi
+
+loc_fffcc695: ; not directly referenced
+add ecx, dword [ebp - 0x2c]
+cmp cl, 0x25
+jg short loc_fffcc6a8 ; jg 0xfffcc6a8
+cmp cl, 0xdb
+jl short loc_fffcc6af ; jl 0xfffcc6af
+test cl, cl
+js short loc_fffcc6b1 ; js 0xfffcc6b1
+jmp short loc_fffcc6aa ; jmp 0xfffcc6aa
+
+loc_fffcc6a8: ; not directly referenced
+mov cl, 0x25
+
+loc_fffcc6aa: ; not directly referenced
+add ecx, 0xd
+jmp short loc_fffcc6b4 ; jmp 0xfffcc6b4
+
+loc_fffcc6af: ; not directly referenced
+mov cl, 0xdb
+
+loc_fffcc6b1: ; not directly referenced
+sub ecx, 0x1b
+
+loc_fffcc6b4: ; not directly referenced
+and ecx, 0x7f
+mov esi, dword [ebp - 0x28]
+mov al, cl
+and ecx, 0x3f
+shr al, 6
+and eax, 1
+shl eax, 6
+and esi, 0xffffff80
+or esi, eax
+or esi, ecx
+mov ecx, edx
+mov edx, dword [ebp - 0x38]
+push eax
+push eax
+movzx eax, si
+push eax
+mov eax, edi
+push 6
+call fcn_fffafd52 ; call 0xfffafd52
+add esp, 0x10
+cmp byte [ebp - 0x31], 0
+je short loc_fffcc6f7 ; je 0xfffcc6f7
+mov eax, dword [ebp - 0x30]
+mov word [ebx + eax + 0x1277], si
+
+loc_fffcc6f7: ; not directly referenced
+inc dword [ebp - 0x1c]
+cmp dword [ebp - 0x1c], 2
+jne loc_fffcc540 ; jne 0xfffcc540
+mov ebx, 0x40000000
+jmp near loc_fffcc866 ; jmp 0xfffcc866
+
+loc_fffcc70e: ; not directly referenced
+mov ebx, dword [ebp - 0x24]
+cmp bl, 1
+je short loc_fffcc73b ; je 0xfffcc73b
+jb short loc_fffcc729 ; jb 0xfffcc729
+cmp bl, 2
+jne loc_fffcc8f8 ; jne 0xfffcc8f8
+mov cl, byte [eax + 0x14]
+and ecx, 0x7f
+jmp short loc_fffcc74c ; jmp 0xfffcc74c
+
+loc_fffcc729: ; not directly referenced
+movzx ebx, byte [eax + 0x16]
+mov cl, byte [eax + 0x15]
+and ebx, 0x1f
+shr cl, 6
+shl ebx, 2
+jmp short loc_fffcc74a ; jmp 0xfffcc74a
+
+loc_fffcc73b: ; not directly referenced
+movzx ebx, byte [eax + 0x15]
+mov cl, byte [eax + 0x14]
+and ebx, 0x3f
+shr cl, 7
+add ebx, ebx
+
+loc_fffcc74a: ; not directly referenced
+or ecx, ebx
+
+loc_fffcc74c: ; not directly referenced
+mov bl, cl
+mov esi, 0xffffffca
+or ebx, 0xffffff80
+test cl, 0xc0
+cmovne ecx, ebx
+mov ebx, 0x36
+movsx ecx, cl
+add ecx, dword [ebp - 0x2c]
+cmp ecx, 0xffffffca
+cmovge esi, ecx
+cmp esi, 0x36
+cmovle ebx, esi
+test dl, dl
+je short loc_fffcc7e6 ; je 0xfffcc7e6
+mov edx, dword [ebp - 0x24]
+cmp dl, 1
+je short loc_fffcc7c1 ; je 0xfffcc7c1
+jb short loc_fffcc79c ; jb 0xfffcc79c
+cmp dl, 2
+jne loc_fffcc8f8 ; jne 0xfffcc8f8
+mov dl, byte [eax + 0x14]
+mov cl, bl
+and ecx, 0x7f
+and edx, 0xffffff80
+or edx, ecx
+mov byte [eax + 0x14], dl
+jmp short loc_fffcc7e6 ; jmp 0xfffcc7e6
+
+loc_fffcc79c: ; not directly referenced
+mov dl, byte [eax + 0x15]
+mov cl, bl
+shl ecx, 6
+and edx, 0x3f
+or edx, ecx
+mov ecx, ebx
+mov byte [eax + 0x15], dl
+mov dl, byte [eax + 0x16]
+shr ecx, 2
+and ecx, 0x1f
+and edx, 0xffffffe0
+or edx, ecx
+mov byte [eax + 0x16], dl
+jmp short loc_fffcc7e6 ; jmp 0xfffcc7e6
+
+loc_fffcc7c1: ; not directly referenced
+mov dl, byte [eax + 0x14]
+mov ecx, ebx
+and ecx, 1
+shl ecx, 7
+and edx, 0x7f
+or edx, ecx
+mov ecx, ebx
+mov byte [eax + 0x14], dl
+mov dl, byte [eax + 0x15]
+shr ecx, 1
+and ecx, 0x3f
+and edx, 0xffffffc0
+or edx, ecx
+mov byte [eax + 0x15], dl
+
+loc_fffcc7e6: ; not directly referenced
+cmp dword [edi + 0x188b], 1
+mov eax, 0xf84
+mov edx, 0xf78
+cmove edx, eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, dword [ebp - 0x24]
+cmp dl, 1
+je short loc_fffcc837 ; je 0xfffcc837
+jb short loc_fffcc823 ; jb 0xfffcc823
+cmp dl, 2
+jne loc_fffcc8f8 ; jne 0xfffcc8f8
+and ebx, 0x7f
+and eax, 0xffffff80
+or eax, ebx
+mov ebx, 0x20000000
+jmp short loc_fffcc849 ; jmp 0xfffcc849
+
+loc_fffcc823: ; not directly referenced
+and ebx, 0x7f
+and eax, 0xffe03fff
+shl ebx, 0xe
+or eax, ebx
+mov ebx, 0x40000000
+jmp short loc_fffcc849 ; jmp 0xfffcc849
+
+loc_fffcc837: ; not directly referenced
+and ebx, 0x7f
+and eax, 0xffffc07f
+shl ebx, 7
+or eax, ebx
+mov ebx, 0x80000000
+
+loc_fffcc849: ; not directly referenced
+cmp dword [edi + 0x188b], 1
+mov ecx, 0xf84
+mov edx, 0xf78
+cmove edx, ecx
+mov ecx, eax
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+
+loc_fffcc866: ; not directly referenced
+cmp byte [ebp - 0x40], 0
+jne loc_fffcc8f8 ; jne 0xfffcc8f8
+cmp dword [edi + 0x2480], 2
+jne short loc_fffcc884 ; jne 0xfffcc884
+cmp byte [ebp - 0x24], 1
+mov edx, 3
+jbe short loc_fffcc8ce ; jbe 0xfffcc8ce
+
+loc_fffcc884: ; not directly referenced
+cmp dword [edi + 0x188b], 1
+mov cl, 0x4b
+mov byte [ebp - 0x1c], 0
+sete al
+mov esi, eax
+mov al, 0x32
+lea esi, [esi + esi*4 + 5]
+cmovne ecx, eax
+
+loc_fffcc89f: ; not directly referenced
+cmp dword [edi + 0x188b], 1
+mov eax, 0xf84
+mov edx, 0xf78
+mov dword [ebp - 0x20], ecx
+cmove edx, eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov ecx, dword [ebp - 0x20]
+and eax, ebx
+cmp eax, ebx
+jne short loc_fffcc8dc ; jne 0xfffcc8dc
+
+loc_fffcc8c6: ; not directly referenced
+mov eax, esi
+movzx esi, al
+imul edx, esi, 0xf
+
+loc_fffcc8ce: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, edi
+pop ebx
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffa834b ; jmp 0xfffa834b
+
+loc_fffcc8dc: ; not directly referenced
+mov edx, 0xf
+mov eax, edi
+mov dword [ebp - 0x20], ecx
+call fcn_fffa834b ; call 0xfffa834b
+mov ecx, dword [ebp - 0x20]
+inc byte [ebp - 0x1c]
+cmp byte [ebp - 0x1c], cl
+jb short loc_fffcc89f ; jb 0xfffcc89f
+jmp short loc_fffcc8c6 ; jmp 0xfffcc8c6
+
+loc_fffcc8f8: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcc900: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x4c
+mov eax, dword [ebp + 0x18]
+mov esi, dword [ebp + 0x20]
+mov edi, dword [ebp + 0x2c]
+mov ecx, dword [ebp + 0xc]
+mov dword [ebp - 0x30], eax
+mov ebx, dword [ebp + 0x1c]
+mov byte [ebp - 0x2b], al
+mov eax, esi
+mov edx, dword [ebp + 0x24]
+mov byte [ebp - 0x48], al
+mov eax, edi
+mov byte [ebp - 0x29], al
+mov al, byte [ebp + 0x30]
+cmp cl, 6
+mov dword [ebp - 0x40], ebx
+mov byte [ebp - 0x2c], bl
+sete bl
+cmp cl, 3
+mov dword [ebp - 0x20], esi
+mov byte [ebp - 0x50], al
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x44], edx
+mov dword [ebp - 0x34], edi
+mov byte [ebp - 0x49], dl
+mov eax, dword [eax + 0x5edc]
+mov byte [ebp - 0x2a], bl
+mov dword [ebp - 0x38], eax
+setbe al
+or al, bl
+jne short loc_fffcc98e ; jne 0xfffcc98e
+lea eax, [ecx - 8]
+cmp al, 2
+jbe short loc_fffcc992 ; jbe 0xfffcc992
+mov eax, dword [ebp + 8]
+mov bl, 0x36
+cmp dword [eax + 0x2480], 2
+jne short loc_fffcc998 ; jne 0xfffcc998
+cmp cl, 0x11
+sete dl
+cmp cl, 5
+sete al
+or dl, al
+jne short loc_fffcc996 ; jne 0xfffcc996
+cmp cl, 0x21
+jne short loc_fffcc998 ; jne 0xfffcc998
+jmp short loc_fffcc9a9 ; jmp 0xfffcc9a9
+
+loc_fffcc98e: ; not directly referenced
+mov bl, 0x1f
+jmp short loc_fffcc998 ; jmp 0xfffcc998
+
+loc_fffcc992: ; not directly referenced
+mov bl, 0xff
+jmp short loc_fffcc998 ; jmp 0xfffcc998
+
+loc_fffcc996: ; not directly referenced
+mov bl, 0x25
+
+loc_fffcc998: ; not directly referenced
+cmp cl, 0x1f
+ja short loc_fffcc9ab ; ja 0xfffcc9ab
+mov eax, dword [ebp + 0x14]
+lea esi, [eax + eax - 1]
+mov eax, dword [ebp + 0x10]
+jmp short loc_fffcc9d6 ; jmp 0xfffcc9d6
+
+loc_fffcc9a9: ; not directly referenced
+mov bl, 0x25
+
+loc_fffcc9ab: ; not directly referenced
+imul esi, dword [ebp + 0x14], 3
+mov edi, 2
+lea eax, [esi - 5]
+imul eax, dword [ebp + 0x14]
+cdq
+idiv edi
+cmp dword [ebp + 0x14], 0
+mov esi, eax
+mov eax, dword [ebp + 0x10]
+mov dword [ebp - 0x1c], eax
+jne short loc_fffcc9d9 ; jne 0xfffcc9d9
+lea eax, [eax + eax*4]
+mov di, 4
+cdq
+idiv edi
+
+loc_fffcc9d6: ; not directly referenced
+mov dword [ebp - 0x1c], eax
+
+loc_fffcc9d9: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+mov edi, 3
+imul eax, esi
+movzx esi, bl
+cdq
+idiv edi
+cmp dword [ebp - 0x1c], esi
+jg short loc_fffcc9f9 ; jg 0xfffcc9f9
+mov edi, dword [ebp - 0x1c]
+neg esi
+cmp edi, esi
+cmovge esi, edi
+
+loc_fffcc9f9: ; not directly referenced
+mov ebx, dword [ebp - 0x20]
+cmp eax, 0xffffffe1
+mov edx, 0xffffffe1
+cmovge edx, eax
+mov edi, 0x1f
+cmp edx, 0x1f
+cmovle edi, edx
+xor eax, eax
+mov edx, dword [ebp + 8]
+cmp bl, 0xff
+cmovne eax, ebx
+mov byte [ebp - 0x24], al
+movzx eax, byte [ebp - 0x40]
+mov ebx, eax
+mov dword [ebp - 0x20], eax
+imul eax, eax, 0x13c3
+lea eax, [edx + eax + 0x3756]
+mov dword [ebp - 0x28], eax
+movzx eax, byte [ebp - 0x44]
+mov edx, eax
+mov dword [ebp - 0x1c], eax
+imul eax, ebx, 0xcc
+mov ebx, dword [ebp - 0x38]
+lea eax, [ebx + eax + 0x1c]
+lea eax, [eax + edx*4]
+mov dword [ebp - 0x3c], eax
+mov ebx, dword [eax + 0x54]
+cmp cl, 0x21
+ja loc_fffccfba ; ja 0xfffccfba
+movzx eax, cl
+jmp dword [eax*4 + ref_fffd5b38] ; ujmp: jmp dword [eax*4 - 0x2a4c8]
+
+loc_fffcca6b: ; not directly referenced
+and esi, 0x3f
+and ebx, 0xffffffc0
+jmp near loc_fffccc11 ; jmp 0xfffccc11
+
+loc_fffcca76: ; not directly referenced
+and esi, 0x3f
+and ebx, 0xfffff03f
+shl esi, 6
+jmp near loc_fffccc11 ; jmp 0xfffccc11
+
+loc_fffcca87: ; not directly referenced
+and esi, 0x3f
+and ebx, 0xfffc0fff
+shl esi, 0xc
+jmp near loc_fffccc11 ; jmp 0xfffccc11
+
+loc_fffcca98: ; not directly referenced
+and esi, 0x3f
+and ebx, 0xff03ffff
+shl esi, 0x12
+jmp near loc_fffccc11 ; jmp 0xfffccc11
+
+loc_fffccaa9: ; not directly referenced
+and esi, 0x7f
+and ebx, 0x80ffffff
+shl esi, 0x18
+jmp near loc_fffccc11 ; jmp 0xfffccc11
+
+loc_fffccaba: ; not directly referenced
+mov ebx, dword [ebp - 0x20]
+mov eax, dword [ebp + 8]
+shl ebx, 0xa
+add ebx, 0x4028
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+cmp esi, 0
+mov edi, eax
+mov eax, dword [ebp - 0x28]
+mov eax, dword [eax + 0x1019]
+jle short loc_fffccae7 ; jle 0xfffccae7
+lea esi, [esi + esi - 0x10]
+dec eax
+jmp short loc_fffccaee ; jmp 0xfffccaee
+
+loc_fffccae7: ; not directly referenced
+je short loc_fffccaee ; je 0xfffccaee
+lea esi, [esi + esi + 0x10]
+inc eax
+
+loc_fffccaee: ; not directly referenced
+movzx ecx, byte [ebp - 0x24]
+and eax, 0x3f
+and edi, 0xffc0ffff
+mov edx, dword [ebp - 0x1c]
+shl eax, 0x10
+or edi, eax
+lea eax, [ecx + ecx*8]
+lea eax, [edx + eax + 0xd8]
+mov edx, dword [ebp - 0x28]
+movzx eax, word [edx + eax*2 + 1]
+push edx
+add esi, eax
+mov eax, 0x1ff
+cmp esi, 0x1ff
+cmovle eax, esi
+xor edx, edx
+test eax, eax
+cmovns edx, eax
+mov eax, dword [ebp + 8]
+push edx
+mov edx, dword [ebp - 0x20]
+push 0
+push dword [ebp - 0x1c]
+call fcn_fffa7499 ; call 0xfffa7499
+mov eax, dword [ebp + 8]
+mov ecx, edi
+mov edx, ebx
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffccb52: ; not directly referenced
+movzx eax, byte [ebp - 0x50]
+xor ebx, ebx
+mov dword [ebp - 0x28], eax
+movzx eax, byte [ebp - 0x48]
+mov dword [ebp - 0x48], eax
+
+loc_fffccb62: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov edx, dword [ebp + 8]
+cmp dword [edx + eax + 0x3756], 2
+jne short loc_fffccbb1 ; jne 0xfffccbb1
+cmp byte [ebp - 0x2c], bl
+sete dl
+cmp byte [ebp - 0x2b], 1
+sete al
+or dl, al
+je short loc_fffccbb1 ; je 0xfffccbb1
+push dword [ebp - 0x28]
+xor eax, eax
+cmp byte [ebp - 0x49], 0
+mov dword [ebp - 0x50], ecx
+setne al
+push eax
+movzx eax, byte [ebp - 0x29]
+push dword [ebp - 0x1c]
+push dword [ebp - 0x48]
+push esi
+push eax
+push ebx
+push dword [ebp + 8]
+call fcn_fffcc4cb ; call 0xfffcc4cb
+mov ecx, dword [ebp - 0x50]
+add esp, 0x20
+
+loc_fffccbb1: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffccb62 ; jne 0xfffccb62
+cmp cl, 0x21
+sete dl
+cmp cl, 0x11
+sete al
+or dl, al
+je loc_fffcd148 ; je 0xfffcd148
+mov eax, dword [ebp - 0x3c]
+mov ebx, dword [eax + 0x54]
+mov eax, edi
+and eax, 0x3f
+shl eax, 0xc
+and ebx, 0xfffc0fff
+jmp short loc_fffccbf7 ; jmp 0xfffccbf7
+
+loc_fffccbe1: ; not directly referenced
+and esi, 0x7f
+mov eax, edi
+shl esi, 0x18
+and ebx, 0x80fff03f
+and eax, 0x3f
+or ebx, esi
+shl eax, 6
+
+loc_fffccbf7: ; not directly referenced
+or ebx, eax
+jmp near loc_fffccfc4 ; jmp 0xfffccfc4
+
+loc_fffccbfe: ; not directly referenced
+and esi, 0x3f
+and ebx, 0xff000fff
+mov eax, esi
+shl eax, 0xc
+shl esi, 0x12
+or ebx, eax
+
+loc_fffccc11: ; not directly referenced
+or ebx, esi
+jmp near loc_fffccfc4 ; jmp 0xfffccfc4
+
+loc_fffccc18: ; not directly referenced
+cmp byte [ebp - 0x30], 0
+movzx ebx, byte [ebp - 0x24]
+je loc_fffcccca ; je 0xfffcccca
+mov eax, dword [ebp + 8]
+lea edx, [ebx*4 + 0x3630]
+xor edi, edi
+mov ecx, dword [ebp + 0x10]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+imul eax, ebx, 0xd8
+mov dword [ebp - 0x20], eax
+
+loc_fffccc43: ; not directly referenced
+sub esp, 0xc
+mov eax, dword [ebp + 8]
+mov ecx, 1
+push 1
+mov edx, edi
+push 0
+push 0
+push dword [ebp + 0x34]
+push ebx
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+cmp byte [ebp - 0x29], 0
+jne short loc_fffccc73 ; jne 0xfffccc73
+
+loc_fffccc68: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffccc43 ; jne 0xfffccc43
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffccc73: ; not directly referenced
+imul eax, edi, 0x13c3
+add eax, dword [ebp - 0x20]
+mov byte [ebp - 0x1c], 0
+mov dword [ebp - 0x24], eax
+
+loc_fffccc83: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov cl, byte [ebp - 0x1c]
+cmp cl, byte [eax + 0x2488]
+jae short loc_fffccc68 ; jae 0xfffccc68
+movzx esi, cl
+imul esi, esi, 0x18
+add esi, dword [ebp - 0x24]
+add esi, eax
+xor eax, eax
+mov dword [ebp - 0x28], esi
+
+loc_fffccca1: ; not directly referenced
+mov esi, dword [ebp + 0x10]
+lea ecx, [eax*4]
+lea edx, [eax + eax*2]
+inc eax
+sar esi, cl
+mov ecx, esi
+mov esi, dword [ebp - 0x28]
+and ecx, 0xf
+mov byte [esi + edx + 0x3d38], cl
+cmp eax, 8
+jne short loc_fffccca1 ; jne 0xfffccca1
+inc byte [ebp - 0x1c]
+jmp short loc_fffccc83 ; jmp 0xfffccc83
+
+loc_fffcccca: ; not directly referenced
+mov edi, dword [ebp - 0x1c]
+mov esi, dword [ebp - 0x20]
+mov ecx, dword [ebp + 0x10]
+mov eax, edi
+shl eax, 7
+lea edx, [eax + ebx + 0xc]
+mov eax, esi
+shl eax, 6
+add edx, eax
+mov eax, dword [ebp + 8]
+shl edx, 2
+call fcn_fffae58c ; call 0xfffae58c
+sub esp, 0xc
+mov eax, dword [ebp + 8]
+push 1
+xor ecx, ecx
+push 0
+mov edx, esi
+push edi
+push dword [ebp + 0x34]
+push ebx
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+cmp byte [ebp - 0x34], 0
+je loc_fffcd148 ; je 0xfffcd148
+imul eax, dword [ebp - 0x1c], 0x18
+xor ecx, ecx
+imul ebx, ebx, 0xd8
+add ebx, eax
+xor eax, eax
+add ebx, dword [ebp - 0x28]
+
+loc_fffccd26: ; not directly referenced
+mov edx, dword [ebp + 0x10]
+sar edx, cl
+add ecx, 4
+and edx, 0xf
+mov byte [ebx + eax + 0x5e2], dl
+add eax, 3
+cmp ecx, 0x20
+jne short loc_fffccd26 ; jne 0xfffccd26
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffccd45: ; not directly referenced
+cmp byte [ebp - 0x30], 0
+movzx ebx, byte [ebp - 0x24]
+je loc_fffccdf7 ; je 0xfffccdf7
+mov eax, dword [ebp + 8]
+lea edx, [ebx*4 + 0x3610]
+xor edi, edi
+mov ecx, dword [ebp + 0x10]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+imul eax, ebx, 0xd8
+mov dword [ebp - 0x24], eax
+
+loc_fffccd70: ; not directly referenced
+sub esp, 0xc
+mov eax, dword [ebp + 8]
+mov ecx, 1
+push 0
+mov edx, edi
+push 1
+push 0
+push dword [ebp + 0x34]
+push ebx
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+cmp byte [ebp - 0x29], 0
+jne short loc_fffccda0 ; jne 0xfffccda0
+
+loc_fffccd95: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffccd70 ; jne 0xfffccd70
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffccda0: ; not directly referenced
+imul eax, edi, 0x13c3
+add eax, dword [ebp - 0x24]
+mov byte [ebp - 0x1c], 0
+mov dword [ebp - 0x20], eax
+
+loc_fffccdb0: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov cl, byte [ebp - 0x1c]
+cmp cl, byte [eax + 0x2488]
+jae short loc_fffccd95 ; jae 0xfffccd95
+movzx esi, cl
+imul esi, esi, 0x18
+add esi, dword [ebp - 0x20]
+add esi, eax
+xor eax, eax
+mov dword [ebp - 0x28], esi
+
+loc_fffccdce: ; not directly referenced
+mov esi, dword [ebp + 0x10]
+lea ecx, [eax*4]
+lea edx, [eax + eax*2]
+inc eax
+sar esi, cl
+mov ecx, esi
+mov esi, dword [ebp - 0x28]
+and ecx, 0xf
+mov byte [esi + edx + 0x39d8], cl
+cmp eax, 8
+jne short loc_fffccdce ; jne 0xfffccdce
+inc byte [ebp - 0x1c]
+jmp short loc_fffccdb0 ; jmp 0xfffccdb0
+
+loc_fffccdf7: ; not directly referenced
+mov edi, dword [ebp - 0x1c]
+mov esi, dword [ebp - 0x20]
+mov ecx, dword [ebp + 0x10]
+mov eax, edi
+shl eax, 7
+lea edx, [eax + ebx + 4]
+mov eax, esi
+shl eax, 6
+add edx, eax
+mov eax, dword [ebp + 8]
+shl edx, 2
+call fcn_fffae58c ; call 0xfffae58c
+sub esp, 0xc
+mov eax, dword [ebp + 8]
+push 0
+xor ecx, ecx
+push 1
+mov edx, esi
+push edi
+push dword [ebp + 0x34]
+push ebx
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+cmp byte [ebp - 0x34], 0
+je loc_fffcd148 ; je 0xfffcd148
+imul eax, dword [ebp - 0x1c], 0x18
+xor ecx, ecx
+imul ebx, ebx, 0xd8
+add ebx, eax
+xor eax, eax
+add ebx, dword [ebp - 0x28]
+
+loc_fffcce53: ; not directly referenced
+mov edx, dword [ebp + 0x10]
+sar edx, cl
+add ecx, 4
+and edx, 0xf
+mov byte [ebx + eax + 0x282], dl
+add eax, 3
+cmp ecx, 0x20
+jne short loc_fffcce53 ; jne 0xfffcce53
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffcce72: ; not directly referenced
+cmp byte [ebp - 0x30], 0
+movzx edi, byte [ebp - 0x24]
+je loc_fffccf1d ; je 0xfffccf1d
+mov eax, dword [ebp + 8]
+xor ebx, ebx
+mov edx, dword [ebp + 0x10]
+call fcn_fffaa226 ; call 0xfffaa226
+imul eax, edi, 0xd8
+mov dword [ebp - 0x20], eax
+
+loc_fffcce96: ; not directly referenced
+sub esp, 0xc
+mov eax, dword [ebp + 8]
+mov ecx, 1
+push 0
+mov edx, ebx
+push 1
+push 0
+push dword [ebp + 0x34]
+push edi
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+cmp byte [ebp - 0x29], 0
+jne short loc_fffccec6 ; jne 0xfffccec6
+
+loc_fffccebb: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffcce96 ; jne 0xfffcce96
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffccec6: ; not directly referenced
+imul eax, ebx, 0x13c3
+add eax, dword [ebp - 0x20]
+mov byte [ebp - 0x1c], 0
+mov dword [ebp - 0x24], eax
+
+loc_fffcced6: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov cl, byte [ebp - 0x1c]
+cmp cl, byte [eax + 0x2488]
+jae short loc_fffccebb ; jae 0xfffccebb
+movzx esi, cl
+imul esi, esi, 0x18
+add esi, dword [ebp - 0x24]
+add esi, eax
+xor eax, eax
+mov dword [ebp - 0x28], esi
+
+loc_fffccef4: ; not directly referenced
+mov esi, dword [ebp + 0x10]
+lea ecx, [eax*4]
+lea edx, [eax + eax*2]
+inc eax
+sar esi, cl
+mov ecx, esi
+mov esi, dword [ebp - 0x28]
+and ecx, 0xf
+mov byte [esi + edx + 0x4098], cl
+cmp eax, 8
+jne short loc_fffccef4 ; jne 0xfffccef4
+inc byte [ebp - 0x1c]
+jmp short loc_fffcced6 ; jmp 0xfffcced6
+
+loc_fffccf1d: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x188b]
+test eax, eax
+jne short loc_fffccf3c ; jne 0xfffccf3c
+mov edx, dword [ebp - 0x20]
+mov eax, dword [ebp - 0x1c]
+shl edx, 8
+shl eax, 9
+lea edx, [edx + eax + 0x4c]
+jmp short loc_fffccf55 ; jmp 0xfffccf55
+
+loc_fffccf3c: ; not directly referenced
+dec eax
+jne short loc_fffccf53 ; jne 0xfffccf53
+mov eax, dword [ebp - 0x20]
+shl eax, 8
+lea edx, [eax + edi*4 + 0x50]
+mov eax, dword [ebp - 0x1c]
+shl eax, 9
+add edx, eax
+jmp short loc_fffccf55 ; jmp 0xfffccf55
+
+loc_fffccf53: ; not directly referenced
+xor edx, edx
+
+loc_fffccf55: ; not directly referenced
+mov ecx, dword [ebp + 0x10]
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+sub esp, 0xc
+mov edx, dword [ebp - 0x20]
+push 0
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+push 1
+push dword [ebp - 0x1c]
+push dword [ebp + 0x34]
+push edi
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+cmp byte [ebp - 0x34], 0
+je loc_fffcd148 ; je 0xfffcd148
+imul eax, dword [ebp - 0x1c], 0x18
+xor ecx, ecx
+imul edx, edi, 0xd8
+add edx, eax
+xor eax, eax
+add edx, dword [ebp - 0x28]
+
+loc_fffccf9b: ; not directly referenced
+mov ebx, dword [ebp + 0x10]
+sar ebx, cl
+add ecx, 4
+and ebx, 0xf
+mov byte [edx + eax + 0x942], bl
+add eax, 3
+cmp ecx, 0x20
+jne short loc_fffccf9b ; jne 0xfffccf9b
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffccfba: ; not directly referenced
+mov eax, 2
+jmp near loc_fffcd14a ; jmp 0xfffcd14a
+
+loc_fffccfc4: ; not directly referenced
+test cl, cl
+sete dl
+cmp cl, 0xb
+sete al
+or dl, al
+jne short loc_fffcd01d ; jne 0xfffcd01d
+cmp cl, 4
+sete dl
+cmp cl, 1
+sete al
+or dl, al
+jne short loc_fffcd01d ; jne 0xfffcd01d
+cmp cl, 0x20
+sete dl
+cmp cl, 0x10
+sete al
+or dl, al
+jne short loc_fffcd01d ; jne 0xfffcd01d
+mov dl, byte [ebp - 0x2a]
+lea eax, [ecx - 2]
+cmp al, 1
+setbe al
+or dl, al
+jne short loc_fffcd014 ; jne 0xfffcd014
+cmp cl, 0x21
+sete al
+cmp cl, 0x11
+mov esi, eax
+sete al
+or esi, eax
+jmp short loc_fffcd019 ; jmp 0xfffcd019
+
+loc_fffcd014: ; not directly referenced
+mov esi, 1
+
+loc_fffcd019: ; not directly referenced
+xor edi, edi
+jmp short loc_fffcd024 ; jmp 0xfffcd024
+
+loc_fffcd01d: ; not directly referenced
+xor esi, esi
+mov edi, 1
+
+loc_fffcd024: ; not directly referenced
+cmp byte [ebp - 0x30], 0
+mov edx, 0x3670
+je loc_fffcd0d4 ; je 0xfffcd0d4
+mov eax, dword [ebp + 8]
+mov ecx, ebx
+cmp dword [eax + 0x188b], 1
+mov eax, 0x367c
+cmove edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffaeb7c ; call 0xfffaeb7c
+mov eax, dword [ebp - 0x38]
+mov dword [ebp - 0x1c], 0
+add eax, 0x1c
+mov dword [ebp - 0x20], eax
+mov eax, esi
+movzx esi, al
+mov eax, edi
+movzx edi, al
+
+loc_fffcd069: ; not directly referenced
+imul eax, dword [ebp - 0x1c], 0x13c3
+mov ecx, dword [ebp + 8]
+cmp dword [ecx + eax + 0x3756], 2
+je short loc_fffcd092 ; je 0xfffcd092
+
+loc_fffcd07d: ; not directly referenced
+inc dword [ebp - 0x1c]
+add dword [ebp - 0x20], 0xcc
+cmp dword [ebp - 0x1c], 2
+jne short loc_fffcd069 ; jne 0xfffcd069
+jmp near loc_fffcd148 ; jmp 0xfffcd148
+
+loc_fffcd092: ; not directly referenced
+sub esp, 0xc
+movzx eax, byte [ebp - 0x24]
+mov ecx, 1
+push esi
+mov edx, dword [ebp - 0x1c]
+push edi
+push 0
+push dword [ebp + 0x34]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+xor eax, eax
+
+loc_fffcd0b6: ; not directly referenced
+mov ecx, dword [ebp + 8]
+cmp al, byte [ecx + 0x2488]
+jae short loc_fffcd07d ; jae 0xfffcd07d
+cmp byte [ebp - 0x29], 0
+je short loc_fffcd0d1 ; je 0xfffcd0d1
+mov ecx, dword [ebp - 0x20]
+movzx edx, al
+mov dword [ecx + edx*4 + 0x54], ebx
+
+loc_fffcd0d1: ; not directly referenced
+inc eax
+jmp short loc_fffcd0b6 ; jmp 0xfffcd0b6
+
+loc_fffcd0d4: ; not directly referenced
+cmp byte [ebp - 0x40], 1
+ja short loc_fffcd0f8 ; ja 0xfffcd0f8
+mov edx, dword [ebp - 0x20]
+shl edx, 8
+cmp byte [ebp - 0x44], 8
+jbe short loc_fffcd0ee ; jbe 0xfffcd0ee
+add edx, 0x3070
+jmp short loc_fffcd0f8 ; jmp 0xfffcd0f8
+
+loc_fffcd0ee: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+shl eax, 9
+lea edx, [edx + eax + 0x70]
+
+loc_fffcd0f8: ; not directly referenced
+mov ecx, dword [ebp + 8]
+lea eax, [edx + 0xc]
+cmp dword [ecx + 0x188b], 1
+mov ecx, ebx
+cmove edx, eax
+mov eax, dword [ebp + 8]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, esi
+sub esp, 0xc
+movzx esi, al
+mov eax, edi
+mov edx, dword [ebp - 0x20]
+push esi
+movzx edi, al
+movzx eax, byte [ebp - 0x24]
+push edi
+xor ecx, ecx
+push dword [ebp - 0x1c]
+push dword [ebp + 0x34]
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffa72c5 ; call 0xfffa72c5
+add esp, 0x20
+cmp byte [ebp - 0x34], 0
+je short loc_fffcd148 ; je 0xfffcd148
+mov eax, dword [ebp - 0x3c]
+mov dword [eax + 0x54], ebx
+
+loc_fffcd148: ; not directly referenced
+xor eax, eax
+
+loc_fffcd14a: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcd152:
+push ebp
+mov ebp, esp
+push ebx
+sub esp, 0x14
+mov eax, dword [ebp + 0xc]
+lea ebx, [eax - 4]
+cmp byte [ebx + 0x18], 1
+je short loc_fffcd1a5 ; je 0xfffcd1a5
+mov eax, dword [ebx + 0x14]
+test eax, eax
+jne short loc_fffcd17f ; jne 0xfffcd17f
+
+loc_fffcd16c:
+mov eax, dword [ebx + 0x10]
+mov ecx, ebx
+mov edx, dword [ebp + 8]
+mov byte [ebx + 0x18], 1
+call fcn_fffa1e8f ; call 0xfffa1e8f
+jmp short loc_fffcd1a7 ; jmp 0xfffcd1a7
+
+loc_fffcd17f:
+test byte [eax + 1], 1
+je short loc_fffcd16c ; je 0xfffcd16c
+lea eax, [ebp - 0xc]
+push eax
+push 0
+push 0
+push ref_fffd65ec ; push 0xfffd65ec
+call fcn_fffab40f ; call 0xfffab40f
+add esp, 0x10
+test eax, eax
+je short loc_fffcd16c ; je 0xfffcd16c
+mov eax, 0x80000006
+jmp short loc_fffcd1a7 ; jmp 0xfffcd1a7
+
+loc_fffcd1a5:
+xor eax, eax
+
+loc_fffcd1a7:
+mov ebx, dword [ebp - 4]
+leave
+ret
+
+fcn_fffcd1ac: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x190
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0x14c], edx
+mov edx, dword [esi + 0x5edc]
+lea eax, [ebp - 0x13f]
+push 1
+mov edi, dword [ebp + 0xc]
+push 7
+push eax
+mov dword [ebp - 0x180], edx
+mov edx, dword [esi + 0x2443]
+mov dword [ebp - 0x16c], ecx
+mov byte [ebp - 0x151], cl
+mov dword [ebp - 0x184], edx
+call dword [edx + 0x5c] ; ucall
+mov eax, dword [ebp - 0x16c]
+add esp, 0x10
+mov edx, dword [ebp - 0x14c]
+cmp al, 0xb
+setne cl
+dec eax
+cmp al, 1
+seta al
+test cl, al
+mov byte [ebp - 0x152], cl
+jne loc_fffcd946 ; jne 0xfffcd946
+cmp byte [ebp - 0x16c], 0xb
+movzx edx, dl
+jne short loc_fffcd25f ; jne 0xfffcd25f
+sub esp, 0xc
+mov eax, esi
+lea ecx, [edi - 3]
+push 0
+movzx ecx, cl
+call fcn_fffb26ca ; call 0xfffb26ca
+add esp, 0x10
+dec bl
+mov byte [esi + 0x248b], 0xa
+je short loc_fffcd258 ; je 0xfffcd258
+
+loc_fffcd24c: ; not directly referenced
+mov dword [ebp - 0x158], 0
+jmp short loc_fffcd2ac ; jmp 0xfffcd2ac
+
+loc_fffcd258: ; not directly referenced
+mov eax, 8
+jmp short loc_fffcd285 ; jmp 0xfffcd285
+
+loc_fffcd25f: ; not directly referenced
+sub esp, 0xc
+mov eax, edi
+movzx ecx, al
+mov eax, esi
+push 0
+call fcn_fffb26ca ; call 0xfffb26ca
+add esp, 0x10
+dec bl
+jne short loc_fffcd24c ; jne 0xfffcd24c
+cmp byte [ebp - 0x16c], 1
+jne short loc_fffcd258 ; jne 0xfffcd258
+mov eax, 9
+
+loc_fffcd285: ; not directly referenced
+push 1
+push 0
+push 1
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0x88888888
+push eax
+push esi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+mov dword [ebp - 0x158], eax
+
+loc_fffcd2ac: ; not directly referenced
+lea eax, [esi + 0x3756]
+mov dword [ebp - 0x178], eax
+movzx eax, byte [ebp - 0x151]
+mov dword [ebp - 0x150], 0
+mov dword [ebp - 0x164], 0
+mov dword [ebp - 0x17c], eax
+
+loc_fffcd2d9: ; not directly referenced
+mov edi, dword [ebp - 0x180]
+xor ebx, ebx
+mov eax, dword [ebp - 0x150]
+mov dword [ebp - 0x170], 1
+mov byte [ebp - 0x15c], 0
+add edi, 0x70
+mov cl, al
+mov dword [ebp - 0x160], edi
+mov edi, dword [ebp - 0x178]
+lea eax, [eax + eax*8]
+shl dword [ebp - 0x170], cl
+mov dword [ebp - 0x174], eax
+
+loc_fffcd318: ; not directly referenced
+mov ecx, dword [ebp - 0x170]
+mov edx, ebx
+mov eax, esi
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0x15c], al
+movzx eax, byte [ebp - 0x15c]
+bt eax, ebx
+mov dword [ebp - 0x168], eax
+jae loc_fffcd434 ; jae 0xfffcd434
+mov eax, dword [ebp - 0x174]
+mov byte [ebp - 0x14c], 0
+add eax, edi
+mov dword [ebp - 0x188], eax
+
+loc_fffcd358: ; not directly referenced
+movzx eax, byte [esi + 0x2488]
+cmp byte [ebp - 0x14c], al
+jb short loc_fffcd396 ; jb 0xfffcd396
+
+loc_fffcd367: ; not directly referenced
+push edx
+push 0
+push eax
+mov eax, dword [ebp - 0x184]
+push dword [ebp - 0x160]
+call dword [eax + 0x64] ; ucall
+mov edx, ebx
+xor ecx, ecx
+shl edx, 0xa
+mov eax, esi
+add edx, 0x40f0
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+jmp near loc_fffcd434 ; jmp 0xfffcd434
+
+loc_fffcd396: ; not directly referenced
+cmp byte [ebp - 0x152], 0
+je short loc_fffcd367 ; je 0xfffcd367
+cmp byte [ebp - 0x151], 1
+jne short loc_fffcd3e0 ; jne 0xfffcd3e0
+movzx eax, byte [ebp - 0x14c]
+mov ecx, dword [ebp - 0x188]
+lea edx, [ecx + eax]
+mov ecx, dword [ebp - 0x150]
+mov byte [edx + 0x104a], 0x20
+mov byte [edx + 0x106e], 0x20
+push edx
+mov edx, ebx
+push 0
+push 0xff
+push eax
+mov eax, esi
+call fcn_fffa7499 ; call 0xfffa7499
+jmp short loc_fffcd426 ; jmp 0xfffcd426
+
+loc_fffcd3e0: ; not directly referenced
+cmp byte [ebp - 0x151], 2
+jne short loc_fffcd429 ; jne 0xfffcd429
+movzx eax, byte [ebp - 0x14c]
+mov ecx, dword [ebp - 0x174]
+lea edx, [eax + ecx]
+add edx, edx
+add edx, edi
+mov cx, word [edx + 0x121]
+add ecx, 0x20
+mov word [edx + 0x169], cx
+mov edx, ebx
+push ecx
+mov ecx, dword [ebp - 0x150]
+push 0
+push 0xff
+push eax
+mov eax, esi
+call fcn_fffa73b0 ; call 0xfffa73b0
+
+loc_fffcd426: ; not directly referenced
+add esp, 0x10
+
+loc_fffcd429: ; not directly referenced
+inc byte [ebp - 0x14c]
+jmp near loc_fffcd358 ; jmp 0xfffcd358
+
+loc_fffcd434: ; not directly referenced
+inc ebx
+add edi, 0x13c3
+add dword [ebp - 0x160], 0xcc
+cmp ebx, 2
+jne loc_fffcd318 ; jne 0xfffcd318
+cmp byte [ebp - 0x15c], 0
+je loc_fffcd91b ; je 0xfffcd91b
+mov edi, 0xffffffe1
+
+loc_fffcd460: ; not directly referenced
+cmp byte [ebp - 0x151], 0xb
+jne short loc_fffcd4ba ; jne 0xfffcd4ba
+xor ebx, ebx
+
+loc_fffcd46b: ; not directly referenced
+mov eax, dword [ebp - 0x168]
+bt eax, ebx
+jb short loc_fffcd47e ; jb 0xfffcd47e
+
+loc_fffcd476: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffcd46b ; jne 0xfffcd46b
+jmp short loc_fffcd4dc ; jmp 0xfffcd4dc
+
+loc_fffcd47e: ; not directly referenced
+xor edx, edx
+
+loc_fffcd480: ; not directly referenced
+cmp dl, byte [esi + 0x2488]
+jae short loc_fffcd476 ; jae 0xfffcd476
+push 1
+movzx eax, dl
+push 0
+push 0
+push 0
+push eax
+push dword [ebp - 0x150]
+mov dword [ebp - 0x14c], edx
+push ebx
+push 0
+push 0
+push edi
+push 0xb
+push esi
+call fcn_fffcc900 ; call 0xfffcc900
+mov edx, dword [ebp - 0x14c]
+add esp, 0x30
+inc edx
+jmp short loc_fffcd480 ; jmp 0xfffcd480
+
+loc_fffcd4ba: ; not directly referenced
+push 1
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push edi
+push dword [ebp - 0x17c]
+push esi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+
+loc_fffcd4dc: ; not directly referenced
+movzx ecx, byte [esi + 0x248b]
+lea eax, [ebp - 0x13f]
+push ebx
+mov edx, dword [ebp - 0x168]
+push 0
+push 1
+push eax
+mov eax, esi
+call fcn_fffb0f94 ; call 0xfffb0f94
+lea eax, [ebp - 0x60]
+add esp, 0x10
+mov dword [ebp - 0x14c], eax
+lea eax, [ebp - 0xa8]
+mov dword [ebp - 0x158], eax
+lea eax, [ebp - 0x138]
+mov dword [ebp - 0x15c], eax
+lea eax, [edi - 1]
+lea ebx, [ebp - 0xf0]
+mov dword [ebp - 0x160], 0
+mov dword [ebp - 0x190], eax
+
+loc_fffcd539: ; not directly referenced
+mov eax, dword [ebp - 0x168]
+mov ecx, dword [ebp - 0x160]
+bt eax, ecx
+jb short loc_fffcd576 ; jb 0xfffcd576
+
+loc_fffcd54a: ; not directly referenced
+inc dword [ebp - 0x160]
+add ebx, 0x24
+add dword [ebp - 0x14c], 0x24
+add dword [ebp - 0x158], 0x24
+add dword [ebp - 0x15c], 0x24
+cmp dword [ebp - 0x160], 2
+jne short loc_fffcd539 ; jne 0xfffcd539
+jmp near loc_fffcd689 ; jmp 0xfffcd689
+
+loc_fffcd576: ; not directly referenced
+mov edx, dword [ebp - 0x160]
+mov eax, esi
+shl edx, 0xa
+add edx, 0x40ec
+call fcn_fffae52a ; call 0xfffae52a
+mov cl, byte [esi + 0x2488]
+mov byte [ebp - 0x170], cl
+xor ecx, ecx
+movzx eax, ax
+mov dword [ebp - 0x18c], eax
+
+loc_fffcd5a3: ; not directly referenced
+cmp byte [ebp - 0x170], cl
+jbe short loc_fffcd54a ; jbe 0xfffcd54a
+mov eax, dword [ebp - 0x18c]
+sar eax, cl
+and eax, 1
+xor eax, 1
+cmp edi, 0xffffffe1
+jne short loc_fffcd61f ; jne 0xfffcd61f
+test eax, eax
+mov eax, dword [ebp - 0x14c]
+je short loc_fffcd5f5 ; je 0xfffcd5f5
+mov dword [eax + ecx*4], 0xffffffe1
+mov eax, dword [ebp - 0x158]
+mov dword [ebx + ecx*4], 0xffffffe1
+mov dword [eax + ecx*4], 0xffffffe1
+mov eax, dword [ebp - 0x15c]
+mov dword [eax + ecx*4], 0xffffffe1
+jmp near loc_fffcd683 ; jmp 0xfffcd683
+
+loc_fffcd5f5: ; not directly referenced
+mov dword [eax + ecx*4], 0xffffffdf
+mov eax, dword [ebp - 0x158]
+mov dword [ebx + ecx*4], 0xffffffdf
+mov dword [eax + ecx*4], 0xffffffdf
+mov eax, dword [ebp - 0x15c]
+mov dword [eax + ecx*4], 0xffffffdf
+jmp short loc_fffcd683 ; jmp 0xfffcd683
+
+loc_fffcd61f: ; not directly referenced
+test eax, eax
+je short loc_fffcd683 ; je 0xfffcd683
+mov eax, dword [ebp - 0x190]
+cmp dword [ebx + ecx*4], eax
+je short loc_fffcd637 ; je 0xfffcd637
+mov eax, dword [ebp - 0x15c]
+mov dword [eax + ecx*4], edi
+
+loc_fffcd637: ; not directly referenced
+mov eax, dword [ebp - 0x15c]
+mov dword [ebx + ecx*4], edi
+mov eax, dword [eax + ecx*4]
+mov edx, eax
+mov dword [ebp - 0x174], eax
+mov eax, edi
+sub eax, edx
+mov edx, dword [ebp - 0x158]
+mov dword [ebp - 0x188], eax
+mov eax, dword [ebp - 0x14c]
+mov eax, dword [eax + ecx*4]
+sub eax, dword [edx + ecx*4]
+cmp dword [ebp - 0x188], eax
+jle short loc_fffcd683 ; jle 0xfffcd683
+mov eax, edx
+mov edx, dword [ebp - 0x174]
+mov dword [eax + ecx*4], edx
+mov eax, dword [ebp - 0x14c]
+mov dword [eax + ecx*4], edi
+
+loc_fffcd683: ; not directly referenced
+inc ecx
+jmp near loc_fffcd5a3 ; jmp 0xfffcd5a3
+
+loc_fffcd689: ; not directly referenced
+inc edi
+cmp edi, 0x20
+jne loc_fffcd460 ; jne 0xfffcd460
+push 2
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push dword [ebp - 0x17c]
+push esi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+mov dword [ebp - 0x14c], 0
+mov dword [ebp - 0x158], eax
+mov eax, dword [ebp - 0x178]
+mov dword [ebp - 0x15c], eax
+mov eax, dword [ebp - 0x150]
+lea ebx, [eax + eax*8]
+imul eax, eax, 0x12
+mov dword [ebp - 0x170], ebx
+mov dword [ebp - 0x174], eax
+
+loc_fffcd6ea: ; not directly referenced
+mov eax, dword [ebp - 0x168]
+mov ebx, dword [ebp - 0x14c]
+bt eax, ebx
+jae loc_fffcd8fe ; jae 0xfffcd8fe
+mov eax, dword [ebp - 0x170]
+add eax, dword [ebp - 0x15c]
+mov byte [ebp - 0x160], 0
+mov dword [ebp - 0x188], eax
+
+loc_fffcd718: ; not directly referenced
+mov al, byte [ebp - 0x160]
+cmp al, byte [esi + 0x2488]
+jae loc_fffcd8b8 ; jae 0xfffcd8b8
+movzx eax, byte [ebp - 0x160]
+imul edx, dword [ebp - 0x14c], 9
+add edx, eax
+mov ebx, dword [ebp + edx*4 - 0x60]
+mov edx, dword [ebp + edx*4 - 0xa8]
+mov ecx, ebx
+sub ecx, edx
+cmp ecx, 7
+jg short loc_fffcd769 ; jg 0xfffcd769
+cmp byte [esi + 0x1965], 0
+mov ecx, 9
+cmove ecx, dword [ebp - 0x158]
+mov dword [ebp - 0x158], ecx
+jmp short loc_fffcd773 ; jmp 0xfffcd773
+
+loc_fffcd769: ; not directly referenced
+sar ecx, 1
+add ecx, edx
+mov dword [ebp - 0x164], ecx
+
+loc_fffcd773: ; not directly referenced
+imul edi, edx, 0xfffffff6
+imul ecx, edx, 0xa
+test edx, edx
+cmovs ecx, edi
+imul edx, ebx, 0xa
+imul edi, ebx, 0xfffffff6
+test ebx, ebx
+cmovs edx, edi
+cmp byte [ebp - 0x151], 1
+jne short loc_fffcd7d1 ; jne 0xfffcd7d1
+imul ebx, dword [ebp - 0x14c], 9
+add ebx, dword [ebp - 0x174]
+mov edi, dword [ebp - 0x188]
+lea ebx, [eax + ebx + 0x50]
+mov dword [esi + ebx*8 + 0x2450], ecx
+mov ecx, dword [ebp - 0x164]
+mov dword [esi + ebx*8 + 0x2454], edx
+lea edx, [edi + eax]
+add byte [edx + 0x104a], cl
+add byte [edx + 0x106e], cl
+jmp near loc_fffcd88e ; jmp 0xfffcd88e
+
+loc_fffcd7d1: ; not directly referenced
+cmp byte [ebp - 0x151], 2
+jne short loc_fffcd83d ; jne 0xfffcd83d
+imul ebx, dword [ebp - 0x14c], 9
+add ebx, dword [ebp - 0x174]
+mov edi, dword [ebp - 0x164]
+lea ebx, [eax + ebx + 0xe0]
+mov dword [esi + ebx*8 + 0x2454], edx
+movzx edx, byte [ebp - 0x160]
+mov dword [esi + ebx*8 + 0x2450], ecx
+mov ebx, dword [ebp - 0x15c]
+add edx, dword [ebp - 0x170]
+add edx, edx
+add word [ebx + edx + 0x169], di
+push ecx
+mov edx, dword [ebp - 0x14c]
+mov ecx, dword [ebp - 0x150]
+push 0
+push 0xff
+push eax
+mov eax, esi
+call fcn_fffa73b0 ; call 0xfffa73b0
+jmp short loc_fffcd8aa ; jmp 0xfffcd8aa
+
+loc_fffcd83d: ; not directly referenced
+cmp byte [ebp - 0x151], 0xb
+jne short loc_fffcd8ad ; jne 0xfffcd8ad
+imul ebx, dword [ebp - 0x14c], 9
+add ebx, dword [ebp - 0x174]
+mov edi, dword [ebp - 0x164]
+lea ebx, [eax + ebx + 0x128]
+mov dword [esi + ebx*8 + 0x2454], edx
+movzx edx, byte [ebp - 0x160]
+mov dword [esi + ebx*8 + 0x2450], ecx
+lea ecx, [edi + edi]
+mov edi, dword [ebp - 0x15c]
+add edx, dword [ebp - 0x170]
+add edx, edx
+add word [edi + edx + 0x1b1], cx
+
+loc_fffcd88e: ; not directly referenced
+mov ecx, dword [ebp - 0x150]
+push edx
+mov edx, dword [ebp - 0x14c]
+push 0
+push 0xff
+push eax
+mov eax, esi
+call fcn_fffa7499 ; call 0xfffa7499
+
+loc_fffcd8aa: ; not directly referenced
+add esp, 0x10
+
+loc_fffcd8ad: ; not directly referenced
+inc byte [ebp - 0x160]
+jmp near loc_fffcd718 ; jmp 0xfffcd718
+
+loc_fffcd8b8: ; not directly referenced
+cmp byte [ebp - 0x151], 0xb
+jne short loc_fffcd8fe ; jne 0xfffcd8fe
+mov ebx, dword [ebp - 0x14c]
+mov eax, esi
+shl ebx, 0xa
+add ebx, 0x4028
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edi, dword [ebp - 0x15c]
+movzx edx, byte [edi + 0x1019]
+and eax, 0xffc0ffff
+and edx, 0x3f
+shl edx, 0x10
+or eax, edx
+mov edx, ebx
+mov ecx, eax
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffcd8fe: ; not directly referenced
+inc dword [ebp - 0x14c]
+add dword [ebp - 0x15c], 0x13c3
+cmp dword [ebp - 0x14c], 2
+jne loc_fffcd6ea ; jne 0xfffcd6ea
+
+loc_fffcd91b: ; not directly referenced
+inc dword [ebp - 0x150]
+cmp dword [ebp - 0x150], 4
+jne loc_fffcd2d9 ; jne 0xfffcd2d9
+cmp byte [ebp - 0x16c], 0xb
+mov ebx, dword [ebp - 0x158]
+jne short loc_fffcd94b ; jne 0xfffcd94b
+mov eax, esi
+call fcn_fffb0e8a ; call 0xfffb0e8a
+jmp short loc_fffcd94b ; jmp 0xfffcd94b
+
+loc_fffcd946: ; not directly referenced
+mov ebx, 2
+
+loc_fffcd94b: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, ebx
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcd955: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+xor ebx, ebx
+sub esp, 0x2c
+mov eax, dword [eax + 0x2480]
+mov dword [ebp - 0x2c], ecx
+lea edi, [esi + 0x3756]
+mov byte [ebp - 0x25], dl
+mov dword [ebp - 0x24], eax
+
+loc_fffcd977: ; not directly referenced
+cmp dword [edi], 2
+jne loc_fffcda73 ; jne 0xfffcda73
+mov dl, byte [ebp - 0x25]
+and dl, byte [edi + 0xc4]
+je loc_fffcda73 ; je 0xfffcda73
+mov eax, dword [ebp - 0x2c]
+movzx ecx, dl
+mov dword [ebp - 0x20], ecx
+movzx eax, byte [eax + ebx]
+push edx
+push 0
+push eax
+push 3
+push ecx
+push 0
+push ebx
+push esi
+mov dword [ebp - 0x1c], eax
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+xor edx, edx
+
+loc_fffcd9b4: ; not directly referenced
+mov eax, dword [ebp - 0x20]
+bt eax, edx
+jae short loc_fffcd9c9 ; jae 0xfffcd9c9
+movzx edx, byte [edi + edx + 0x245]
+add edx, dword [ebp - 0x1c]
+jmp short loc_fffcd9d1 ; jmp 0xfffcd9d1
+
+loc_fffcd9c9: ; not directly referenced
+inc edx
+cmp edx, 4
+jne short loc_fffcd9b4 ; jne 0xfffcd9b4
+xor dl, dl
+
+loc_fffcd9d1: ; not directly referenced
+push ecx
+push 0
+push edx
+push 1
+push dword [ebp - 0x20]
+push 4
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+mov edx, dword [ebp - 0x1c]
+push 0
+add edx, dword [edi + 0x111]
+push edx
+push 1
+push dword [ebp - 0x20]
+push 2
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+mov edx, dword [ebp - 0x1c]
+push 0
+add edx, dword [edi + 0x119]
+push edx
+push 1
+push dword [ebp - 0x20]
+push 1
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+cmp dword [ebp - 0x24], 3
+jne short loc_fffcda55 ; jne 0xfffcda55
+mov eax, dword [ebp - 0x1c]
+add dword [edi + 0x111], eax
+push edx
+push 0
+mov edx, dword [edi + 0x115]
+add edx, eax
+push edx
+push 2
+push dword [ebp - 0x20]
+push 2
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+mov edx, dword [ebp - 0x1c]
+add esp, 0x20
+sub dword [edi + 0x111], edx
+
+loc_fffcda55: ; not directly referenced
+mov edx, dword [ebp - 0x1c]
+push eax
+push 0
+add edx, dword [edi + 0x109]
+push edx
+push 1
+push dword [ebp - 0x20]
+push 3
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffcda73: ; not directly referenced
+inc ebx
+add edi, 0x13c3
+cmp ebx, 2
+jne loc_fffcd977 ; jne 0xfffcd977
+sub esp, 0xc
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcda94: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, edx
+sub esp, 0x3d0
+mov edi, dword [ebp + 0xc]
+mov dword [ebp - 0x3cc], ecx
+mov ecx, dword [ebp + 0x14]
+mov byte [ebp - 0x38e], dl
+mov dl, byte [ebp + 8]
+mov esi, dword [ebp + 0x10]
+mov dword [ebp - 0x34c], eax
+xor eax, eax
+cmp bl, 0xc
+mov dword [ebp - 0x37c], ecx
+mov ecx, dword [ebp + 0x24]
+mov dword [ebp - 0x374], edi
+mov byte [ebp - 0x3a4], dl
+mov edx, edi
+lea edi, [ebp - 0x2e0]
+mov dword [ebp - 0x380], ecx
+mov ecx, dword [ebp + 0x2c]
+mov byte [ebp - 0x34d], dl
+mov edx, esi
+mov byte [ebp - 0x364], dl
+mov dl, byte [ebp + 0x20]
+mov dword [ebp - 0x378], esi
+mov esi, ref_fffd5bc0 ; mov esi, 0xfffd5bc0
+mov dword [ebp - 0x384], ecx
+mov ecx, 0xb
+rep stosd ; rep stosd dword es:[edi], eax
+lea edi, [ebp - 0x321]
+mov byte [ebp - 0x38f], dl
+mov dl, byte [ebp + 0x28]
+mov word [ebp - 0x2d8], 7
+mov word [ebp - 0x2d2], 0x3ff
+mov word [ebp - 0x2bc], 1
+mov byte [ebp - 0x34e], dl
+mov cl, 0xd
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+lea edi, [ebp - 0x302]
+mov esi, ref_fffd5bd0 ; mov esi, 0xfffd5bd0
+mov word [ebp - 0x2b6], 1
+mov cl, 4
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov eax, dword [ebp - 0x34c]
+lea edi, [ebp - 0x288]
+mov esi, ref_fffd5be0 ; mov esi, 0xfffd5be0
+mov byte [ebp - 0x33e], 0
+mov byte [ebp - 0x33d], 0
+mov word [ebp - 0x32c], 0
+mov dword [ebp - 0x32a], 0
+mov cl, 0xc
+rep movsd ; rep movsd dword es:[edi], dword ptr [esi]
+mov edi, dword [eax + 0x2443]
+mov esi, 0xa
+mov al, 0x14
+cmovne esi, eax
+push 0
+mov eax, esi
+push 2
+mov byte [ebp - 0x3b6], al
+lea eax, [ebp - 0x33a]
+push eax
+mov dword [ebp - 0x326], 7
+mov byte [ebp - 0x322], 0
+call dword [edi + 0x60] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x33c]
+push eax
+call dword [edi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x10
+lea eax, [ebp - 0x314]
+push eax
+call dword [edi + 0x5c] ; ucall
+add esp, 0xc
+push 0x2c
+lea eax, [ebp - 0x2e0]
+push eax
+lea eax, [ebp - 0x2b4]
+push eax
+call dword [edi + 0x58] ; ucall
+add esp, 0x10
+xor eax, eax
+
+loc_fffcdc0a: ; not directly referenced
+mov byte [ebp + eax - 0x335], al
+inc eax
+cmp eax, 9
+jne short loc_fffcdc0a ; jne 0xfffcdc0a
+cmp bl, 0xc
+sete al
+mov byte [ebp - 0x34f], al
+movzx eax, al
+mov dword [ebp - 0x354], eax
+lea eax, [ebx - 8]
+cmp al, 1
+setbe dl
+cmp bl, 0xb
+sete al
+or dl, al
+mov dword [ebp - 0x35c], 1
+jne short loc_fffcdc56 ; jne 0xfffcdc56
+xor eax, eax
+cmp bl, 0xa
+sete al
+mov dword [ebp - 0x35c], eax
+
+loc_fffcdc56: ; not directly referenced
+mov al, byte [ebp - 0x33d]
+mov esi, dword [ebp - 0x34c]
+movzx ecx, byte [ebp - 0x38e]
+mov dword [ebp - 0x358], 0
+mov byte [ebp - 0x360], al
+mov al, byte [ebp - 0x33e]
+add esi, 0x381a
+mov dword [ebp - 0x388], ecx
+
+loc_fffcdc8b: ; not directly referenced
+mov cl, byte [esi]
+test cl, cl
+je loc_fffcdd4f ; je 0xfffcdd4f
+mov dl, cl
+and edx, 0xc
+cmp dl, 0xc
+je short loc_fffcdcb5 ; je 0xfffcdcb5
+mov dl, cl
+and edx, 3
+cmp dl, 3
+sete dl
+movzx edx, dl
+mov dword [ebp - 0x370], edx
+jmp short loc_fffcdcbf ; jmp 0xfffcdcbf
+
+loc_fffcdcb5: ; not directly referenced
+mov dword [ebp - 0x370], 1
+
+loc_fffcdcbf: ; not directly referenced
+test byte [ebp - 0x34e], cl
+je loc_fffcdd4f ; je 0xfffcdd4f
+mov cl, byte [ebp - 0x358]
+mov edx, 1
+shl edx, cl
+mov ecx, dword [ebp - 0x388]
+mov dword [ebp - 0x368], edx
+mov cl, byte [ebp + ecx - 0x321]
+mov byte [ebp - 0x36c], cl
+and cl, 2
+je short loc_fffcdd11 ; je 0xfffcdd11
+mov cl, byte [ebp - 0x360]
+mov dl, byte [ebp - 0x368]
+or edx, ecx
+cmp dword [esi - 4], 2
+cmove ecx, edx
+mov byte [ebp - 0x360], cl
+
+loc_fffcdd11: ; not directly referenced
+test byte [ebp - 0x36c], 1
+je short loc_fffcdd23 ; je 0xfffcdd23
+cmp dword [ebp - 0x370], 0
+jne short loc_fffcdd2c ; jne 0xfffcdd2c
+
+loc_fffcdd23: ; not directly referenced
+cmp dword [ebp - 0x354], 0
+je short loc_fffcdd32 ; je 0xfffcdd32
+
+loc_fffcdd2c: ; not directly referenced
+or eax, dword [ebp - 0x368]
+
+loc_fffcdd32: ; not directly referenced
+cmp dword [ebp - 0x35c], 0
+je short loc_fffcdd4f ; je 0xfffcdd4f
+mov edx, dword [ebp - 0x358]
+movzx ecx, al
+bt ecx, edx
+jb short loc_fffcdd4f ; jb 0xfffcdd4f
+or eax, dword [ebp - 0x368]
+
+loc_fffcdd4f: ; not directly referenced
+inc dword [ebp - 0x358]
+add esi, 0x13c3
+cmp dword [ebp - 0x358], 2
+jne loc_fffcdc8b ; jne 0xfffcdc8b
+mov dl, byte [ebp - 0x360]
+mov cl, byte [ebp - 0x374]
+cmp byte [ebp - 0x378], cl
+mov byte [ebp - 0x33e], al
+mov byte [ebp - 0x33d], dl
+setle cl
+or al, dl
+mov byte [ebp - 0x358], al
+sete al
+or cl, al
+je short loc_fffcdda2 ; je 0xfffcdda2
+
+loc_fffcdd98: ; not directly referenced
+mov eax, 1
+jmp near loc_fffceaf5 ; jmp 0xfffceaf5
+
+loc_fffcdda2: ; not directly referenced
+mov eax, dword [ebp - 0x34c]
+mov byte [eax + 0x248b], 3
+lea eax, [ebx - 6]
+cmp al, 1
+ja short loc_fffcddd1 ; ja 0xfffcddd1
+mov eax, dword [ebp - 0x34c]
+mov edx, 1
+mov ecx, 4
+mov byte [eax + 0x248b], 5
+mov al, 0xd
+jmp short loc_fffcddf3 ; jmp 0xfffcddf3
+
+loc_fffcddd1: ; not directly referenced
+cmp dword [ebp - 0x35c], 0
+je short loc_fffcddfa ; je 0xfffcddfa
+mov eax, dword [ebp - 0x34c]
+mov edx, 1
+mov ecx, 5
+mov byte [eax + 0x248b], 6
+mov al, 0xd
+
+loc_fffcddf3: ; not directly referenced
+mov esi, 0x80
+jmp short loc_fffcde1c ; jmp 0xfffcde1c
+
+loc_fffcddfa: ; not directly referenced
+cmp byte [ebp - 0x34f], 1
+sbb eax, eax
+xor edx, edx
+and eax, 0xfffffffd
+xor ecx, ecx
+add eax, 0x10
+cmp byte [ebp - 0x34f], 1
+sbb esi, esi
+and esi, 0x7c
+add esi, 4
+
+loc_fffcde1c: ; not directly referenced
+movzx eax, al
+movzx esi, si
+mov dword [ebp - 0x35c], ebx
+mov ebx, dword [ebp - 0x34c]
+mov word [ebp - 0x32c], ax
+movzx eax, byte [ebp - 0x37c]
+mov dword [ebp - 0x2a0], edx
+mov dword [ebp - 0x294], edx
+mov bl, byte [ebx + 0x248b]
+mov edx, eax
+movzx eax, byte [ebp - 0x358]
+push 0
+push 0
+push 0
+mov byte [ebp - 0x322], bl
+mov ebx, eax
+mov dword [ebp - 0x3a0], eax
+lea eax, [ebp - 0x32c]
+push eax
+push 0
+lea eax, [ebp - 0x2b4]
+push eax
+push edx
+push esi
+mov dword [ebp - 0x358], edx
+mov edx, ebx
+mov ebx, dword [ebp - 0x34c]
+mov eax, ebx
+call fcn_fffb20e5 ; call 0xfffb20e5
+add esp, 0x20
+lea eax, [esi - 1]
+mov esi, ebx
+call fcn_fffaec34 ; call 0xfffaec34
+mov cl, byte [ebp - 0x358]
+mov edx, 1
+sub ecx, eax
+mov eax, edx
+shl eax, cl
+mov ecx, eax
+mov al, 1
+test cl, cl
+cmovg eax, ecx
+mov byte [ebx + 0x248c], al
+mov ebx, dword [ebp - 0x35c]
+movzx ecx, byte [esi + 0x2488]
+mov dword [ebp - 0x35c], 0
+lea eax, [ebx - 0xa]
+cmp al, 1
+mov byte [ebp - 0x3b5], al
+setbe al
+movzx eax, al
+shl edx, cl
+cmp bl, 0xa
+mov bl, byte [ebp - 0x364]
+mov dword [ebp - 0x38c], eax
+lea eax, [edx - 1]
+mov dl, byte [ebp - 0x34d]
+mov word [ebp - 0x3a2], ax
+sete al
+lea eax, [eax + eax - 1]
+mov cl, al
+mov byte [ebp - 0x358], al
+mov al, byte [ebp - 0x378]
+cmove eax, edx
+mov dl, al
+mov byte [ebp - 0x34d], al
+mov al, byte [ebp - 0x374]
+cmove eax, ebx
+add esi, 0x3756
+mov byte [ebp - 0x364], al
+mov al, byte [ebp - 0x384]
+imul eax, ecx
+sub edx, eax
+mov byte [ebp - 0x350], al
+movzx eax, dl
+mov dword [ebp - 0x36c], eax
+
+loc_fffcdf57: ; not directly referenced
+cmp dword [esi], 2
+je short loc_fffcdfce ; je 0xfffcdfce
+
+loc_fffcdf5c: ; not directly referenced
+add dword [ebp - 0x35c], 9
+add esi, 0x13c3
+cmp dword [ebp - 0x35c], 0x12
+jne short loc_fffcdf57 ; jne 0xfffcdf57
+movzx eax, byte [ebp - 0x380]
+movzx edi, byte [ebp - 0x38e]
+mov dword [ebp - 0x37c], 0
+mov dword [ebp - 0x3b0], eax
+imul eax, eax, 0x90
+mov dword [ebp - 0x398], edi
+movzx edi, byte [ebp - 0x34e]
+mov dword [ebp - 0x3c4], eax
+mov al, byte [ebp - 0x364]
+mov dword [ebp - 0x39c], edi
+mov byte [ebp - 0x36c], al
+mov al, byte [ebp - 0x34d]
+mov byte [ebp - 0x374], al
+xor eax, eax
+jmp near loc_fffce1f4 ; jmp 0xfffce1f4
+
+loc_fffcdfce: ; not directly referenced
+mov ebx, dword [ebp - 0x34c]
+push ecx
+push dword [ebp - 0x36c]
+movzx eax, byte [ebx + 0x2488]
+push eax
+mov eax, dword [ebp - 0x35c]
+lea eax, [ebp + eax - 0x2f2]
+push eax
+call dword [edi + 0x5c] ; ucall
+mov al, byte [ebx + 0x2488]
+add esp, 0x10
+xor edx, edx
+mov byte [ebp - 0x368], al
+
+loc_fffce005: ; not directly referenced
+cmp dl, byte [ebp - 0x368]
+je loc_fffcdf5c ; je 0xfffcdf5c
+movzx ecx, dl
+add ecx, dword [ebp - 0x35c]
+lea eax, [ebp - 0x258]
+mov byte [ebp - 0x360], 0
+add ecx, ecx
+add ecx, eax
+xor eax, eax
+
+loc_fffce02d: ; not directly referenced
+mov bl, byte [ebp - 0x3a4]
+cmp byte [ebp - 0x360], bl
+je short loc_fffce07b ; je 0xfffce07b
+mov bl, byte [ebp - 0x38f]
+test bl, bl
+je short loc_fffce06e ; je 0xfffce06e
+mov word [ecx + eax], 0x500
+cmp bl, 1
+jbe short loc_fffce057 ; jbe 0xfffce057
+mov word [ecx + eax + 0x24], 0x500
+
+loc_fffce057: ; not directly referenced
+cmp byte [ebp - 0x38f], 1
+mov word [ecx + eax + 0x48], 0x500
+jbe short loc_fffce06e ; jbe 0xfffce06e
+mov word [ecx + eax + 0x6c], 0x500
+
+loc_fffce06e: ; not directly referenced
+inc byte [ebp - 0x360]
+add eax, 0x90
+jmp short loc_fffce02d ; jmp 0xfffce02d
+
+loc_fffce07b: ; not directly referenced
+inc edx
+jmp short loc_fffce005 ; jmp 0xfffce005
+
+loc_fffce07e: ; not directly referenced
+test al, al
+jne loc_fffce210 ; jne 0xfffce210
+mov al, byte [ebp - 0x34d]
+sub eax, dword [ebp - 0x374]
+imul eax, dword [ebp - 0x358]
+mov byte [ebp - 0x38d], al
+dec al
+sete al
+test byte [ebp - 0x34f], al
+je short loc_fffce0d0 ; je 0xfffce0d0
+mov al, byte [ebp - 0x36c]
+add ecx, dword [ebp - 0x374]
+neg byte [ebp - 0x358]
+mov byte [ebp - 0x374], dl
+mov byte [ebp - 0x34d], al
+mov byte [ebp - 0x36c], cl
+
+loc_fffce0d0: ; not directly referenced
+movzx eax, byte [ebp - 0x34d]
+xor esi, esi
+mov edi, eax
+shl edi, 0x18
+mov dword [ebp - 0x360], edi
+mov edi, 0x48dc
+mov dword [ebp - 0x368], eax
+
+loc_fffce0ef: ; not directly referenced
+imul eax, esi, 0x13c3
+mov ebx, dword [ebp - 0x34c]
+mov al, byte [ebx + eax + 0x381a]
+mov ebx, dword [ebp - 0x3a0]
+bt ebx, esi
+jb loc_fffce23a ; jb 0xfffce23a
+
+loc_fffce111: ; not directly referenced
+inc esi
+add edi, 8
+cmp esi, 2
+jne short loc_fffce0ef ; jne 0xfffce0ef
+mov al, byte [ebp - 0x34d]
+sub eax, dword [ebp - 0x358]
+mov dword [ebp - 0x3a8], 0
+mov dword [ebp - 0x368], 0
+mov byte [ebp - 0x390], al
+mov al, byte [ebp - 0x350]
+sub byte [ebp - 0x390], al
+
+loc_fffce14c: ; not directly referenced
+mov eax, dword [ebp - 0x368]
+movzx eax, byte [ebp + eax - 0x33e]
+mov byte [ebp - 0x3a3], al
+test al, al
+je loc_fffce98f ; je 0xfffce98f
+mov dword [ebp - 0x35c], eax
+xor esi, esi
+imul eax, dword [ebp - 0x368], 6
+mov dword [ebp - 0x364], eax
+
+loc_fffce17d: ; not directly referenced
+mov eax, dword [ebp - 0x35c]
+bt eax, esi
+jb loc_fffce35a ; jb 0xfffce35a
+
+loc_fffce18c: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffce17d ; jne 0xfffce17d
+mov eax, dword [ebp - 0x35c]
+mov byte [ebp - 0x360], 0
+and eax, 2
+mov dword [ebp - 0x3b4], eax
+mov eax, dword [ebp + 0x1c]
+mov dword [ebp - 0x394], eax
+
+loc_fffce1b1: ; not directly referenced
+mov al, byte [ebp - 0x394]
+sub eax, dword [ebp + 0x1c]
+mov byte [ebp - 0x364], al
+cmp al, byte [ebp - 0x38f]
+jae short loc_fffce1d5 ; jae 0xfffce1d5
+cmp byte [ebp - 0x360], 0
+je loc_fffce40a ; je 0xfffce40a
+
+loc_fffce1d5: ; not directly referenced
+cmp dword [ebp - 0x368], 1
+jne loc_fffce99b ; jne 0xfffce99b
+
+loc_fffce1e2: ; not directly referenced
+mov al, byte [ebp - 0x358]
+add byte [ebp - 0x34d], al
+mov al, byte [ebp - 0x360]
+
+loc_fffce1f4: ; not directly referenced
+mov edi, dword [ebp - 0x358]
+mov dl, byte [ebp - 0x36c]
+mov ecx, edi
+add edx, edi
+cmp byte [ebp - 0x34d], dl
+jne loc_fffce07e ; jne 0xfffce07e
+
+loc_fffce210: ; not directly referenced
+cmp dword [ebp - 0x354], 1
+jne loc_fffce9be ; jne 0xfffce9be
+mov al, byte [ebp - 0x374]
+add eax, dword [ebp - 0x358]
+neg byte [ebp - 0x358]
+mov byte [ebp - 0x36c], al
+jmp near loc_fffce9be ; jmp 0xfffce9be
+
+loc_fffce23a: ; not directly referenced
+and al, byte [ebp - 0x34e]
+mov byte [ebp - 0x364], al
+je loc_fffce111 ; je 0xfffce111
+mov ebx, dword [ebp - 0x34c]
+mov edx, edi
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, edi
+mov dword [ebp - 0x34c], ebx
+xor al, al
+or eax, dword [ebp - 0x398]
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x34c]
+lea ebx, [edi - 4]
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, ebx
+lea ebx, [edi + 0x10]
+and eax, 0xffffff
+or eax, dword [ebp - 0x360]
+mov ecx, eax
+mov eax, dword [ebp - 0x34c]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x34c]
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, ebx
+lea ebx, [edi + 0xc]
+xor al, al
+or eax, dword [ebp - 0x398]
+mov ecx, eax
+mov eax, dword [ebp - 0x34c]
+call fcn_fffae58c ; call 0xfffae58c
+mov eax, dword [ebp - 0x34c]
+mov edx, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, ebx
+and eax, 0xffffff
+or eax, dword [ebp - 0x360]
+mov ecx, eax
+mov eax, dword [ebp - 0x34c]
+call fcn_fffae58c ; call 0xfffae58c
+cmp dword [ebp - 0x38c], 0
+mov byte [ebp - 0x35c], 1
+je short loc_fffce311 ; je 0xfffce311
+mov eax, dword [ebp - 0x34c]
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x35c], al
+
+loc_fffce311: ; not directly referenced
+movzx eax, byte [ebp - 0x364]
+xor ebx, ebx
+mov dword [ebp - 0x364], eax
+
+loc_fffce320: ; not directly referenced
+cmp byte [ebp - 0x35c], bl
+jbe loc_fffce111 ; jbe 0xfffce111
+sub esp, 0xc
+mov eax, dword [ebp - 0x34c]
+mov ecx, ebx
+push dword [ebp - 0x364]
+mov edx, esi
+inc ebx
+push 0
+push 0
+push dword [ebp - 0x368]
+push dword [ebp - 0x398]
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x20
+jmp short loc_fffce320 ; jmp 0xfffce320
+
+loc_fffce35a: ; not directly referenced
+imul eax, esi, 0x13c3
+mov edi, dword [ebp - 0x34c]
+mov dl, byte [ebp - 0x34e]
+and dl, byte [edi + eax + 0x381a]
+je loc_fffce18c ; je 0xfffce18c
+cmp dword [ebp - 0x354], 0
+mov eax, 0x3210
+jne short loc_fffce3a4 ; jne 0xfffce3a4
+movzx ecx, dl
+movzx ecx, byte [ebp + ecx - 0x302]
+cmp cl, 0xf
+je short loc_fffce3a4 ; je 0xfffce3a4
+add ecx, dword [ebp - 0x364]
+mov eax, dword [ebp + ecx*4 - 0x288]
+
+loc_fffce3a4: ; not directly referenced
+mov dword [ebp - 0x360], 0
+xor ebx, ebx
+movzx edx, dl
+
+loc_fffce3b3: ; not directly referenced
+test eax, eax
+je short loc_fffce3d9 ; je 0xfffce3d9
+mov cl, al
+and ecx, 0xf
+shr eax, 4
+bt edx, ecx
+movzx edi, cl
+jae short loc_fffce3b3 ; jae 0xfffce3b3
+lea ecx, [ebx*4]
+inc ebx
+shl edi, cl
+or dword [ebp - 0x360], edi
+jmp short loc_fffce3b3 ; jmp 0xfffce3b3
+
+loc_fffce3d9: ; not directly referenced
+mov edi, dword [ebp - 0x34c]
+lea edx, [esi*4 + 0x4930]
+dec ebx
+mov ecx, dword [ebp - 0x360]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+movzx ecx, bl
+mov eax, edi
+lea edx, [esi*8 + 0x48ef]
+call fcn_fffae566 ; call 0xfffae566
+jmp near loc_fffce18c ; jmp 0xfffce18c
+
+loc_fffce40a: ; not directly referenced
+mov eax, dword [ebp - 0x394]
+cmp dword [ebp - 0x354], 0
+mov bl, byte [eax]
+je short loc_fffce45e ; je 0xfffce45e
+mov edi, dword [ebp - 0x360]
+lea ecx, [ebp - 0x33c]
+test byte [ebp - 0x3a3], 1
+mov edx, dword [ebp - 0x39c]
+mov eax, edi
+cmovne eax, ebx
+cmp dword [ebp - 0x3b4], 0
+mov byte [ebp - 0x33c], al
+mov eax, edi
+cmovne eax, ebx
+mov byte [ebp - 0x33b], al
+mov eax, dword [ebp - 0x34c]
+call fcn_fffcd955 ; call 0xfffcd955
+jmp short loc_fffce4ce ; jmp 0xfffce4ce
+
+loc_fffce45e: ; not directly referenced
+cmp byte [ebp - 0x368], 1
+movzx eax, bl
+jne short loc_fffce497 ; jne 0xfffce497
+mov esi, dword [ebp - 0x35c]
+sub esp, 0xc
+mov ecx, 3
+mov edi, dword [ebp - 0x34c]
+neg ebx
+push eax
+mov edx, esi
+mov eax, edi
+call fcn_fffcfce5 ; call 0xfffcfce5
+movzx eax, bl
+mov ecx, 0xc
+mov dword [esp], eax
+jmp short loc_fffce4c2 ; jmp 0xfffce4c2
+
+loc_fffce497: ; not directly referenced
+mov esi, dword [ebp - 0x35c]
+sub esp, 0xc
+mov ecx, 5
+mov edi, dword [ebp - 0x34c]
+neg ebx
+push eax
+mov edx, esi
+mov eax, edi
+call fcn_fffcfce5 ; call 0xfffcfce5
+movzx eax, bl
+mov ecx, 0xa
+mov dword [esp], eax
+
+loc_fffce4c2: ; not directly referenced
+mov edx, esi
+mov eax, edi
+call fcn_fffcfce5 ; call 0xfffcfce5
+add esp, 0x10
+
+loc_fffce4ce: ; not directly referenced
+movzx ebx, byte [ebp - 0x364]
+mov dword [ebp - 0x388], 0
+imul ebx, ebx, 0x24
+add ebx, dword [ebp - 0x3a8]
+mov dword [ebp - 0x3c8], ebx
+
+loc_fffce4ee: ; not directly referenced
+mov al, byte [ebp - 0x388]
+cmp byte [ebp - 0x3a4], al
+jbe loc_fffce935 ; jbe 0xfffce935
+mov eax, dword [ebp - 0x3cc]
+mov edi, dword [ebp - 0x388]
+mov bl, byte [eax + edi]
+test bl, bl
+je loc_fffcdd98 ; je 0xfffcdd98
+movzx eax, bl
+mov dword [ebp - 0x378], eax
+mov byte [ebp - 0x370], 0
+cmp bl, 0x21
+ja short loc_fffce538 ; ja 0xfffce538
+mov al, byte [eax + ref_fffd5f1c] ; mov al, byte [eax - 0x2a0e4]
+mov byte [ebp - 0x370], al
+
+loc_fffce538: ; not directly referenced
+mov esi, dword [ebp - 0x34c]
+xor ecx, ecx
+mov edx, dword [ebp - 0x378]
+mov eax, esi
+call fcn_fffb13cf ; call 0xfffb13cf
+cmp dword [esi + 0x2480], 2
+mov word [ebp - 0x3b8], ax
+jne short loc_fffce572 ; jne 0xfffce572
+cmp bl, 0x11
+sete dl
+cmp bl, 5
+sete al
+or dl, al
+jne short loc_fffce5ac ; jne 0xfffce5ac
+cmp bl, 0x21
+je short loc_fffce5ac ; je 0xfffce5ac
+
+loc_fffce572: ; not directly referenced
+cmp bl, 0x10
+sete dl
+cmp bl, 4
+sete al
+or dl, al
+jne short loc_fffce5b0 ; jne 0xfffce5b0
+cmp bl, 5
+sete dl
+cmp bl, 0x20
+sete al
+or dl, al
+jne short loc_fffce5b0 ; jne 0xfffce5b0
+cmp bl, 0x21
+sete al
+cmp bl, 0x11
+sete dl
+or eax, edx
+cmp al, 1
+sbb ebx, ebx
+and ebx, 0xffffffe9
+add ebx, 0x36
+jmp short loc_fffce5b2 ; jmp 0xfffce5b2
+
+loc_fffce5ac: ; not directly referenced
+mov bl, 0x25
+jmp short loc_fffce5b2 ; jmp 0xfffce5b2
+
+loc_fffce5b0: ; not directly referenced
+mov bl, 0x36
+
+loc_fffce5b2: ; not directly referenced
+xor eax, eax
+mov dl, 1
+
+loc_fffce5b6: ; not directly referenced
+mov esi, dword [ebp - 0x35c]
+bt esi, eax
+jae short loc_fffce60f ; jae 0xfffce60f
+imul esi, eax, 0x13c3
+mov edi, dword [ebp - 0x34c]
+mov cl, byte [ebp - 0x34e]
+test byte [edi + esi + 0x381a], cl
+je short loc_fffce60f ; je 0xfffce60f
+cmp byte [ebp - 0x3b5], 2
+ja short loc_fffce5fe ; ja 0xfffce5fe
+mov di, word [ebp - 0x3a2]
+cmp word [ebp + eax*2 - 0x33a], di
+mov edi, 0
+cmovne edx, edi
+jmp short loc_fffce60f ; jmp 0xfffce60f
+
+loc_fffce5fe: ; not directly referenced
+cmp word [ebp + eax*2 - 0x33a], 0
+mov edi, 0
+cmove edx, edi
+
+loc_fffce60f: ; not directly referenced
+inc eax
+cmp eax, 2
+jne short loc_fffce5b6 ; jne 0xfffce5b6
+test dl, dl
+jne loc_fffce92e ; jne 0xfffce92e
+mov edi, dword [ebp - 0x34c]
+mov ecx, dword [ebp - 0x378]
+push edx
+push edx
+mov eax, edi
+add eax, 0x2490
+push 0xf
+mov edx, eax
+push 0
+mov esi, eax
+mov dword [ebp - 0x3bc], eax
+mov eax, edi
+call fcn_fffa7e6c ; call 0xfffa7e6c
+add esp, 0x10
+test eax, eax
+jne loc_fffceaf5 ; jne 0xfffceaf5
+push eax
+movzx ebx, bl
+mov ecx, dword [ebp - 0x35c]
+push eax
+mov edx, esi
+lea eax, [ebp - 0x314]
+push eax
+push ebx
+lea eax, [ebp - 0x335]
+push eax
+mov eax, edi
+push dword [ebp - 0x378]
+push 0xff
+push dword [ebp - 0x3b0]
+call fcn_fffd13ed ; call 0xfffd13ed
+add esp, 0x20
+mov dword [ebp - 0x37c], eax
+test eax, eax
+jne loc_fffceaef ; jne 0xfffceaef
+imul eax, dword [ebp - 0x388], 0x90
+mov esi, 0x64
+add eax, dword [ebp - 0x3c8]
+mov bl, byte [ebp - 0x370]
+lea edi, [ebp - 0x2f2]
+mov dword [ebp - 0x364], edi
+lea eax, [ebp + eax - 0x258]
+mov dword [ebp - 0x384], eax
+movzx eax, byte [ebp - 0x3b6]
+movzx edi, bl
+imul edi, edi, 0x240
+add edi, dword [ebp + 0x18]
+add edi, dword [ebp - 0x3c4]
+sub esi, eax
+mov byte [ebp - 0x380], 1
+mov dword [ebp - 0x3d4], esi
+mov dword [ebp - 0x3ac], edi
+xor edi, edi
+
+loc_fffce6fb: ; not directly referenced
+imul eax, edi, 0x13c3
+mov esi, dword [ebp - 0x34c]
+mov al, byte [esi + eax + 0x381a]
+mov esi, dword [ebp - 0x35c]
+bt esi, edi
+jae loc_fffce8d2 ; jae 0xfffce8d2
+test byte [ebp - 0x34e], al
+je loc_fffce8d2 ; je 0xfffce8d2
+mov eax, dword [ebp - 0x34c]
+xor ecx, ecx
+mov al, byte [eax + 0x2488]
+mov byte [ebp - 0x3bf], al
+
+loc_fffce73d: ; not directly referenced
+cmp byte [ebp - 0x3bf], cl
+jbe loc_fffce8d2 ; jbe 0xfffce8d2
+mov eax, dword [ebp - 0x3ac]
+mov dword [ebp - 0x370], 1
+shl dword [ebp - 0x370], cl
+movzx ebx, word [eax + ecx*8 + 4]
+movzx edx, word [eax + ecx*8]
+mov esi, ebx
+lea eax, [ebx + edx]
+sub esi, edx
+add eax, eax
+mov word [ebp - 0x3be], ax
+sub eax, esi
+add si, word [ebp - 0x3be]
+cmp bx, dx
+mov ebx, dword [ebp - 0x370]
+cmovbe eax, esi
+mov si, word [ebp + edi*2 - 0x33a]
+and bx, si
+mov word [ebp - 0x3be], bx
+je short loc_fffce7ae ; je 0xfffce7ae
+cmp dword [ebp - 0x354], 0
+je loc_fffce8cc ; je 0xfffce8cc
+
+loc_fffce7ae: ; not directly referenced
+mov edx, eax
+mov ebx, 2
+sar dx, 0xf
+idiv bx
+cmp ax, word [ebp - 0x3b8]
+jae short loc_fffce806 ; jae 0xfffce806
+cmp dword [ebp - 0x354], 1
+jne loc_fffce862 ; jne 0xfffce862
+cmp byte [ebp - 0x38d], 0
+mov byte [ebp - 0x380], 0
+jne loc_fffce8cc ; jne 0xfffce8cc
+mov ax, word [ebp - 0x3a2]
+mov word [ebp + edi*2 - 0x33a], ax
+mov al, byte [ebp - 0x38d]
+mov byte [ebp - 0x380], al
+jmp near loc_fffce8cc ; jmp 0xfffce8cc
+
+loc_fffce806: ; not directly referenced
+cmp byte [ebp - 0x38d], 0
+jne short loc_fffce828 ; jne 0xfffce828
+mov esi, dword [ebp - 0x384]
+cmp word [esi + ecx*2], ax
+jbe loc_fffce8cc ; jbe 0xfffce8cc
+mov word [esi + ecx*2], ax
+jmp near loc_fffce8cc ; jmp 0xfffce8cc
+
+loc_fffce828: ; not directly referenced
+movzx eax, ax
+mov ebx, 0x64
+mov dword [ebp - 0x3d0], eax
+mov eax, dword [ebp - 0x384]
+movzx eax, word [eax + ecx*2]
+imul eax, dword [ebp - 0x3d4]
+cdq
+idiv ebx
+cmp dword [ebp - 0x3d0], eax
+jge short loc_fffce87e ; jge 0xfffce87e
+cmp dword [ebp - 0x354], 0
+mov byte [ebp - 0x380], 0
+jne short loc_fffce8cc ; jne 0xfffce8cc
+
+loc_fffce862: ; not directly referenced
+or esi, dword [ebp - 0x370]
+mov al, byte [ebp - 0x390]
+mov word [ebp + edi*2 - 0x33a], si
+mov esi, dword [ebp - 0x364]
+jmp short loc_fffce8c9 ; jmp 0xfffce8c9
+
+loc_fffce87e: ; not directly referenced
+cmp dword [ebp - 0x354], 1
+jne short loc_fffce8b7 ; jne 0xfffce8b7
+mov ebx, dword [ebp - 0x370]
+cmp word [ebp - 0x3be], bx
+je short loc_fffce8cc ; je 0xfffce8cc
+mov al, byte [ebp - 0x34d]
+or esi, ebx
+mov edx, dword [ebp - 0x364]
+sub eax, dword [ebp - 0x350]
+mov word [ebp + edi*2 - 0x33a], si
+mov byte [edx + ecx], al
+jmp short loc_fffce8cc ; jmp 0xfffce8cc
+
+loc_fffce8b7: ; not directly referenced
+mov al, byte [ebp - 0x34d]
+mov esi, dword [ebp - 0x364]
+sub eax, dword [ebp - 0x350]
+
+loc_fffce8c9: ; not directly referenced
+mov byte [esi + ecx], al
+
+loc_fffce8cc: ; not directly referenced
+inc ecx
+jmp near loc_fffce73d ; jmp 0xfffce73d
+
+loc_fffce8d2: ; not directly referenced
+inc edi
+add dword [ebp - 0x384], 0x12
+add dword [ebp - 0x364], 9
+add dword [ebp - 0x3ac], 0x48
+cmp edi, 2
+jne loc_fffce6fb ; jne 0xfffce6fb
+cmp byte [ebp - 0x380], 0
+je short loc_fffce923 ; je 0xfffce923
+sub esp, 0xc
+mov ecx, dword [ebp - 0x378]
+push dword [ebp - 0x3b0]
+mov edx, dword [ebp - 0x3bc]
+mov eax, dword [ebp - 0x34c]
+call fcn_fffa7d98 ; call 0xfffa7d98
+add esp, 0x10
+mov dword [ebp - 0x37c], eax
+
+loc_fffce923: ; not directly referenced
+inc dword [ebp - 0x388]
+jmp near loc_fffce4ee ; jmp 0xfffce4ee
+
+loc_fffce92e: ; not directly referenced
+mov byte [ebp - 0x360], 1
+
+loc_fffce935: ; not directly referenced
+cmp dword [ebp - 0x354], 0
+je short loc_fffce965 ; je 0xfffce965
+mov edx, dword [ebp - 0x39c]
+lea ecx, [ebp - 0x33c]
+mov eax, dword [ebp - 0x34c]
+mov byte [ebp - 0x33c], 0
+mov byte [ebp - 0x33b], 0
+call fcn_fffcd955 ; call 0xfffcd955
+jmp short loc_fffce984 ; jmp 0xfffce984
+
+loc_fffce965: ; not directly referenced
+mov ecx, dword [ebp - 0x39c]
+sub esp, 0xc
+mov edx, dword [ebp - 0x35c]
+mov eax, dword [ebp - 0x34c]
+push 0
+call fcn_fffcfce5 ; call 0xfffcfce5
+add esp, 0x10
+
+loc_fffce984: ; not directly referenced
+inc dword [ebp - 0x394]
+jmp near loc_fffce1b1 ; jmp 0xfffce1b1
+
+loc_fffce98f: ; not directly referenced
+mov byte [ebp - 0x360], 0
+jmp near loc_fffce1d5 ; jmp 0xfffce1d5
+
+loc_fffce99b: ; not directly referenced
+add dword [ebp - 0x3a8], 0x48
+cmp byte [ebp - 0x360], 0
+jne loc_fffce1e2 ; jne 0xfffce1e2
+mov dword [ebp - 0x368], 1
+jmp near loc_fffce14c ; jmp 0xfffce14c
+
+loc_fffce9be: ; not directly referenced
+movzx eax, byte [ebp - 0x38e]
+xor esi, esi
+mov dword [ebp - 0x35c], eax
+
+loc_fffce9cd: ; not directly referenced
+mov eax, dword [ebp - 0x3a0]
+bt eax, esi
+jae loc_fffceae5 ; jae 0xfffceae5
+imul eax, esi, 0x13c3
+mov edi, dword [ebp - 0x34c]
+mov bl, byte [ebp - 0x34e]
+and bl, byte [edi + eax + 0x381a]
+mov byte [ebp - 0x354], bl
+je loc_fffceae5 ; je 0xfffceae5
+movzx ebx, byte [ebp - 0x36c]
+lea edi, [esi + esi*8]
+lea eax, [ebp - 0x18]
+mov byte [ebp - 0x34d], 0
+add edi, eax
+
+loc_fffcea17: ; not directly referenced
+mov ecx, dword [ebp - 0x34c]
+mov al, byte [ebp - 0x34d]
+cmp al, byte [ecx + 0x2488]
+jae loc_fffceab4 ; jae 0xfffceab4
+cmp byte [ebp - 0x358], 1
+jne short loc_fffcea4e ; jne 0xfffcea4e
+movzx eax, byte [ebp - 0x34d]
+movzx eax, byte [eax + edi - 0x2da]
+cmp bl, al
+cmovg ebx, eax
+jmp short loc_fffcea6b ; jmp 0xfffcea6b
+
+loc_fffcea4e: ; not directly referenced
+cmp byte [ebp - 0x358], 0xff
+jne short loc_fffcea6b ; jne 0xfffcea6b
+movzx eax, byte [ebp - 0x34d]
+movzx eax, byte [eax + edi - 0x2da]
+cmp bl, al
+cmovl ebx, eax
+
+loc_fffcea6b: ; not directly referenced
+cmp dword [ebp - 0x38c], 0
+je short loc_fffceaa9 ; je 0xfffceaa9
+movzx eax, byte [ebp - 0x354]
+sub esp, 0xc
+mov edx, esi
+movzx ecx, byte [ebp - 0x34d]
+push eax
+push 1
+push 1
+movzx eax, byte [ecx + edi - 0x2da]
+push eax
+mov eax, dword [ebp - 0x34c]
+push dword [ebp - 0x35c]
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x20
+
+loc_fffceaa9: ; not directly referenced
+inc byte [ebp - 0x34d]
+jmp near loc_fffcea17 ; jmp 0xfffcea17
+
+loc_fffceab4: ; not directly referenced
+cmp dword [ebp - 0x38c], 0
+jne short loc_fffceae5 ; jne 0xfffceae5
+movzx eax, byte [ebp - 0x354]
+sub esp, 0xc
+xor ecx, ecx
+mov edx, esi
+push eax
+mov eax, dword [ebp - 0x34c]
+push 1
+push 1
+push ebx
+push dword [ebp - 0x35c]
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x20
+
+loc_fffceae5: ; not directly referenced
+inc esi
+cmp esi, 2
+jne loc_fffce9cd ; jne 0xfffce9cd
+
+loc_fffceaef: ; not directly referenced
+mov eax, dword [ebp - 0x37c]
+
+loc_fffceaf5: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffceafd: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+xor ebx, ebx
+sub esp, 0x2c
+mov eax, dword [ebp + 8]
+mov byte [ebp - 0x1c], 4
+mov byte [ebp - 0x1b], 1
+mov byte [ebp - 0x1a], 5
+mov eax, dword [eax + 0x5edc]
+mov byte [ebp - 0x19], 2
+mov byte [ebp - 0x22], 4
+mov byte [ebp - 0x21], 1
+lea edx, [eax + 0x1c]
+xor eax, eax
+mov byte [ebp - 0x20], 5
+mov byte [ebp - 0x1f], 2
+mov byte [ebp - 0x1e], 0xf9
+mov byte [ebp - 0x1d], 7
+mov dword [ebp - 0x30], 0
+mov dword [ebp - 0x2c], 0
+
+loc_fffceb4c: ; not directly referenced
+mov edi, dword [ebp + 8]
+mov cl, byte [edi + eax + 0x381a]
+test cl, cl
+je short loc_fffcebb4 ; je 0xfffcebb4
+cmp dword [ebp - 0x2c], 0
+mov ebx, 1
+jne short loc_fffceb72 ; jne 0xfffceb72
+xor ebx, ebx
+cmp dword [edi + eax + 0x3816], 2
+sete bl
+
+loc_fffceb72: ; not directly referenced
+cmp dword [ebp - 0x30], 0
+mov edi, 1
+mov dword [ebp - 0x2c], ebx
+jne short loc_fffceb99 ; jne 0xfffceb99
+mov esi, ecx
+and esi, 0xc
+mov ebx, esi
+cmp bl, 0xc
+je short loc_fffceb99 ; je 0xfffceb99
+and ecx, 3
+xor ebx, ebx
+cmp cl, 3
+sete bl
+mov edi, ebx
+
+loc_fffceb99: ; not directly referenced
+movzx ecx, byte [edx + 0xa5]
+mov bl, byte [edx + 0xa4]
+mov dword [ebp - 0x30], edi
+and ecx, 3
+shr bl, 6
+shl ecx, 2
+or ebx, ecx
+
+loc_fffcebb4: ; not directly referenced
+add eax, 0x13c3
+add edx, 0xcc
+cmp eax, 0x2786
+jne short loc_fffceb4c ; jne 0xfffceb4c
+mov eax, dword [ebp + 8]
+mov edx, 1
+lea edi, [ebp - 0x1e]
+call fcn_fffb0b30 ; call 0xfffb0b30
+mov eax, dword [ebp + 8]
+mov edx, 0xa
+lea esi, [eax + 0x2490]
+push ecx
+push ecx
+push 1
+push 0xf
+push 0
+push 2
+push edi
+push esi
+push 0xc
+push 3
+push 0
+push 2
+lea ecx, [ebp - 0x22]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x28
+mov eax, dword [ebp + 8]
+push 1
+mov edx, 0xb
+push 0xf
+push 0
+push 2
+push edi
+push esi
+push 0xc
+push 0
+push 0xfffffffffffffffe
+push 2
+lea ecx, [ebp - 0x22]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x30
+cmp dword [ebp - 0x2c], 0
+je short loc_fffceca9 ; je 0xfffceca9
+push edx
+mov eax, dword [ebp + 8]
+push edx
+mov edx, 1
+push 0
+push 0xf
+push 0
+push 2
+push edi
+push esi
+push 0xc
+push 7
+push 6
+push 2
+lea ecx, [ebp - 0x22]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x28
+mov eax, dword [ebp + 8]
+push 0
+mov edx, 3
+push 0xf
+push 0
+push 2
+push edi
+push esi
+push 0xc
+push 8
+push 7
+push 2
+lea ecx, [ebp - 0x20]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x28
+mov edx, 7
+push 0
+push 0xf
+push 0
+push 2
+push edi
+push esi
+lea eax, [ebx + 1]
+push 0xc
+movsx eax, al
+push eax
+lea eax, [ebx - 1]
+movsx eax, al
+push eax
+mov eax, dword [ebp + 8]
+push 4
+lea ecx, [ebp - 0x1c]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x30
+
+loc_fffceca9: ; not directly referenced
+cmp dword [ebp - 0x30], 0
+je short loc_fffced28 ; je 0xfffced28
+push eax
+xor edx, edx
+push eax
+mov eax, dword [ebp + 8]
+push 0
+push 0xf
+push 0
+push 2
+lea edi, [ebp - 0x1e]
+push edi
+push esi
+push 0xc
+push 7
+push 6
+push 2
+lea ecx, [ebp - 0x22]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x28
+mov eax, dword [ebp + 8]
+push 0
+mov edx, 2
+push 0xf
+push 0
+push 2
+push edi
+push esi
+push 0xc
+push 8
+push 7
+push 2
+lea ecx, [ebp - 0x20]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x28
+mov edx, 6
+push 0
+push 0xf
+push 0
+push 2
+push edi
+push esi
+lea eax, [ebx + 1]
+dec ebx
+push 0xc
+movsx eax, al
+push eax
+mov eax, dword [ebp + 8]
+movsx ebx, bl
+push ebx
+push 4
+lea ecx, [ebp - 0x1c]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x30
+
+loc_fffced28: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffced30: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+xor ebx, ebx
+sub esp, 0x3c
+mov edi, dword [ebp + 8]
+mov byte [ebp - 0x1a], 1
+mov byte [ebp - 0x19], 0x19
+mov dword [ebp - 0x38], 0
+mov eax, dword [edi + 0x5edc]
+mov dword [ebp - 0x30], eax
+
+loc_fffced56: ; not directly referenced
+mov esi, 1
+mov cl, bl
+shl esi, cl
+mov eax, esi
+test byte [edi + 0x248d], al
+je loc_fffcee06 ; je 0xfffcee06
+test byte [edi + 0x381a], al
+je short loc_fffced95 ; je 0xfffced95
+mov cl, byte [edi + ebx + 0x4767]
+mov dl, 0xf
+movsx eax, byte [edi + ebx + 0x476b]
+cmp cl, 0xf
+cmovbe edx, ecx
+mov cl, al
+mov byte [ebp - 0x29], dl
+sub ecx, edx
+jmp short loc_fffced9d ; jmp 0xfffced9d
+
+loc_fffced95: ; not directly referenced
+mov byte [ebp - 0x29], 0xf
+xor eax, eax
+xor ecx, ecx
+
+loc_fffced9d: ; not directly referenced
+mov edx, esi
+test byte [edi + 0x4bdd], dl
+je short loc_fffcedc7 ; je 0xfffcedc7
+movsx ecx, byte [edi + ebx + 0x5b2e]
+mov dl, byte [ebp - 0x29]
+cmp al, cl
+cmovb eax, ecx
+mov cl, byte [edi + ebx + 0x5b2a]
+cmp dl, cl
+cmova edx, ecx
+mov cl, al
+sub ecx, edx
+
+loc_fffcedc7: ; not directly referenced
+mov dl, 0
+test cl, cl
+cmovs ecx, edx
+push edx
+movzx ecx, cl
+push edx
+push 0
+push esi
+push ebx
+push 1
+lea esi, [ebp - 0x19]
+push esi
+lea edx, [edi + 0x2490]
+push edx
+mov edx, 0xc
+push 0xa
+push eax
+mov eax, edi
+push ecx
+push 1
+lea ecx, [ebp - 0x1a]
+call fcn_fffcda94 ; call 0xfffcda94
+add esp, 0x30
+mov dword [ebp - 0x38], eax
+dec eax
+je loc_fffcef18 ; je 0xfffcef18
+
+loc_fffcee06: ; not directly referenced
+inc ebx
+cmp ebx, 4
+jne loc_fffced56 ; jne 0xfffced56
+mov esi, dword [ebp - 0x30]
+lea ebx, [edi + 0x3756]
+mov dword [ebp - 0x34], 0
+add esi, 0x1c
+
+loc_fffcee23: ; not directly referenced
+cmp dword [ebx], 2
+je short loc_fffcee45 ; je 0xfffcee45
+
+loc_fffcee28: ; not directly referenced
+inc dword [ebp - 0x34]
+add ebx, 0x13c3
+add esi, 0xcc
+cmp dword [ebp - 0x34], 2
+jne short loc_fffcee23 ; jne 0xfffcee23
+mov eax, dword [ebp - 0x38]
+jmp near loc_fffcef1d ; jmp 0xfffcef1d
+
+loc_fffcee45: ; not directly referenced
+mov al, byte [esi + 0xa1]
+movzx edx, byte [esi + 0xa2]
+mov byte [ebp - 0x29], 0
+shr al, 7
+and edx, 7
+movzx eax, al
+add edx, edx
+or edx, eax
+mov al, byte [esi + 0xa2]
+shr al, 3
+and eax, 0xf
+cmp al, dl
+cmovb eax, edx
+xor edx, edx
+lea eax, [eax + eax - 8]
+test al, al
+cmovns edx, eax
+mov al, byte [ebx + 0xc4]
+xor ecx, ecx
+mov byte [ebp - 0x2a], dl
+mov byte [ebp - 0x30], al
+
+loc_fffcee8d: ; not directly referenced
+mov edx, 1
+shl edx, cl
+test byte [ebp - 0x30], dl
+je short loc_fffceeab ; je 0xfffceeab
+mov al, byte [ebp - 0x29]
+mov dl, byte [ebx + ecx + 0x1015]
+cmp al, dl
+cmovb eax, edx
+mov byte [ebp - 0x29], al
+
+loc_fffceeab: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffcee8d ; jne 0xfffcee8d
+mov al, byte [ebp - 0x29]
+sub al, byte [ebp - 0x2a]
+mov dword [ebp - 0x30], 0
+movzx eax, al
+mov dword [ebp - 0x3c], eax
+
+loc_fffceec4: ; not directly referenced
+mov cl, byte [ebp - 0x30]
+mov eax, 1
+shl eax, cl
+test byte [ebx + 0xc4], al
+je short loc_fffcef0a ; je 0xfffcef0a
+mov ecx, dword [ebp - 0x30]
+mov dl, byte [ebp - 0x29]
+sub dl, byte [ebx + ecx + 0x1015]
+movsx ecx, byte [ebp - 0x2a]
+movzx edx, dl
+cmp edx, ecx
+jle short loc_fffcef0a ; jle 0xfffcef0a
+sub esp, 0xc
+mov edx, dword [ebp - 0x34]
+xor ecx, ecx
+push eax
+mov eax, edi
+push 0
+push 1
+push dword [ebp - 0x3c]
+push 0xc
+call fcn_fffb579d ; call 0xfffb579d
+add esp, 0x20
+
+loc_fffcef0a: ; not directly referenced
+inc dword [ebp - 0x30]
+cmp dword [ebp - 0x30], 4
+jne short loc_fffceec4 ; jne 0xfffceec4
+jmp near loc_fffcee28 ; jmp 0xfffcee28
+
+loc_fffcef18: ; not directly referenced
+mov eax, 0x19
+
+loc_fffcef1d: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcef25: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x40
+mov al, byte [ebp + 8]
+mov edi, dword [ebp + 0xc]
+mov ebx, dword [ebp + 0x18]
+mov byte [ebp - 0x41], dl
+mov edx, dword [esi + 0x2443]
+push 0
+push 2
+mov byte [ebp - 0x33], al
+mov eax, edi
+mov byte [ebp - 0x34], al
+lea eax, [ebp - 0x23]
+push eax
+mov byte [ebp - 0x32], cl
+mov dword [ebp - 0x30], ecx
+mov dword [ebp - 0x2c], edx
+mov byte [ebp - 0x42], bl
+call dword [edx + 0x5c] ; ucall
+add esp, 0xc
+mov edx, dword [ebp - 0x2c]
+push 1
+push 7
+lea eax, [ebp - 0x1f]
+push eax
+call dword [edx + 0x5c] ; ucall
+add esp, 0x10
+mov ecx, dword [ebp - 0x30]
+cmp dword [esi + 0x188b], 1
+mov dword [ebp - 0x2c], 0
+jne short loc_fffcefbc ; jne 0xfffcefbc
+xor eax, eax
+cmp dword [esi + 0x2480], 3
+sete al
+mov dword [ebp - 0x2c], eax
+jne short loc_fffcefbc ; jne 0xfffcefbc
+test bl, bl
+je short loc_fffcefa2 ; je 0xfffcefa2
+mov eax, dword [ebp + 0x10]
+jmp short loc_fffcefa5 ; jmp 0xfffcefa5
+
+loc_fffcefa2: ; not directly referenced
+mov eax, dword [ebp + 0x14]
+
+loc_fffcefa5: ; not directly referenced
+mov al, byte [eax]
+mov byte [ebp - 0x21], al
+test bl, bl
+jne short loc_fffcefb3 ; jne 0xfffcefb3
+mov eax, dword [ebp + 0x14]
+jmp short loc_fffcefb6 ; jmp 0xfffcefb6
+
+loc_fffcefb3: ; not directly referenced
+mov eax, dword [ebp + 0x10]
+
+loc_fffcefb6: ; not directly referenced
+mov al, byte [eax + 1]
+mov byte [ebp - 0x20], al
+
+loc_fffcefbc: ; not directly referenced
+movzx eax, cl
+mov dword [ebp - 0x38], eax
+sar eax, 1
+mov dword [ebp - 0x40], eax
+movzx eax, byte [ebp - 0x42]
+shr edi, 1
+mov dword [ebp - 0x30], edi
+and dword [ebp - 0x40], 1
+and dword [ebp - 0x30], 1
+mov dword [ebp - 0x48], eax
+movzx eax, byte [ebp - 0x41]
+mov dword [ebp - 0x3c], eax
+
+loc_fffcefe2: ; not directly referenced
+xor edi, edi
+
+loc_fffcefe4: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+bt eax, edi
+jb short loc_fffceff4 ; jb 0xfffceff4
+
+loc_fffcefec: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffcefe4 ; jne 0xfffcefe4
+jmp short loc_fffcf061 ; jmp 0xfffcf061
+
+loc_fffceff4: ; not directly referenced
+mov eax, dword [ebp + 0x14]
+mov bl, byte [ebp - 0x33]
+movzx edx, byte [eax + edi]
+mov eax, dword [ebp + 0x10]
+movzx eax, byte [eax + edi]
+add eax, edx
+imul edx, edi, 0x13c3
+add eax, dword [ebp - 0x48]
+sar eax, 1
+mov byte [ebp + edi - 0x23], al
+and bl, byte [esi + edx + 0x381a]
+test byte [ebp - 0x34], 1
+je short loc_fffcf03d ; je 0xfffcf03d
+push edx
+movzx eax, al
+push 0
+push eax
+movzx eax, bl
+push 1
+push eax
+push dword [ebp - 0x3c]
+push edi
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffcf03d: ; not directly referenced
+cmp dword [ebp - 0x30], 0
+je short loc_fffcefec ; je 0xfffcefec
+push eax
+movzx eax, byte [ebp + edi - 0x23]
+movzx ebx, bl
+push 0
+push eax
+push 2
+push ebx
+push dword [ebp - 0x3c]
+push edi
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+jmp short loc_fffcefec ; jmp 0xfffcefec
+
+loc_fffcf061: ; not directly referenced
+cmp dword [ebp - 0x2c], 0
+jne short loc_fffcf073 ; jne 0xfffcf073
+sub esp, 0xc
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+
+loc_fffcf073: ; not directly referenced
+xor ebx, ebx
+mov byte [ebp - 0x31], 0
+lea edi, [ebp - 0x1f]
+
+loc_fffcf07c: ; not directly referenced
+mov eax, dword [ebp + 0x1c]
+push 0
+push 0
+push 0
+push 0
+movsx eax, byte [eax + ebx]
+push eax
+push 0
+push 2
+push esi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x1c
+movzx ecx, byte [esi + 0x248b]
+mov edx, dword [ebp - 0x38]
+mov eax, esi
+push 0
+push 1
+push edi
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+or byte [ebp - 0x31], al
+mov al, byte [ebp - 0x32]
+cmp byte [ebp - 0x31], al
+jne short loc_fffcf0da ; jne 0xfffcf0da
+
+loc_fffcf0bd: ; not directly referenced
+cmp byte [ebp - 0x31], 0
+setne al
+test byte [ebp - 0x2c], al
+je loc_fffcf154 ; je 0xfffcf154
+mov al, byte [ebp - 0x34]
+xor edi, edi
+and eax, 1
+mov byte [ebp - 0x43], al
+jmp short loc_fffcf0e2 ; jmp 0xfffcf0e2
+
+loc_fffcf0da: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffcf07c ; jne 0xfffcf07c
+jmp short loc_fffcf0bd ; jmp 0xfffcf0bd
+
+loc_fffcf0e2: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+bt eax, edi
+jb short loc_fffcf0fe ; jb 0xfffcf0fe
+
+loc_fffcf0ea: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffcf0e2 ; jne 0xfffcf0e2
+sub esp, 0xc
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+jmp short loc_fffcf154 ; jmp 0xfffcf154
+
+loc_fffcf0fe: ; not directly referenced
+imul edx, edi, 0x13c3
+mov bl, byte [ebp - 0x33]
+and bl, byte [esi + edx + 0x381a]
+cmp byte [ebp - 0x43], 0
+je short loc_fffcf130 ; je 0xfffcf130
+movzx edx, byte [ebp + edi - 0x21]
+push eax
+push 0
+push edx
+movzx edx, bl
+push 1
+push edx
+push dword [ebp - 0x3c]
+push edi
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffcf130: ; not directly referenced
+cmp dword [ebp - 0x30], 0
+je short loc_fffcf0ea ; je 0xfffcf0ea
+movzx edx, byte [ebp + edi - 0x21]
+movzx ebx, bl
+push ecx
+push 0
+push edx
+push 2
+push ebx
+push dword [ebp - 0x3c]
+push edi
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+jmp short loc_fffcf0ea ; jmp 0xfffcf0ea
+
+loc_fffcf154: ; not directly referenced
+xor ecx, ecx
+mov eax, 1
+
+loc_fffcf15b: ; not directly referenced
+mov edx, eax
+shl edx, cl
+test byte [ebp - 0x32], dl
+je short loc_fffcf1a4 ; je 0xfffcf1a4
+mov ebx, dword [ebp + 0x10]
+mov edi, dword [ebp + 0x14]
+mov bl, byte [ebx + ecx]
+cmp byte [edi + ecx], bl
+jbe short loc_fffcf1a4 ; jbe 0xfffcf1a4
+and dl, byte [ebp - 0x31]
+cmp byte [ebp - 0x42], 0
+je short loc_fffcf18d ; je 0xfffcf18d
+test dl, dl
+mov dl, byte [ebp + ecx - 0x23]
+je short loc_fffcf188 ; je 0xfffcf188
+dec edx
+mov ebx, edi
+jmp short loc_fffcf1a1 ; jmp 0xfffcf1a1
+
+loc_fffcf188: ; not directly referenced
+mov ebx, dword [ebp + 0x10]
+jmp short loc_fffcf1a1 ; jmp 0xfffcf1a1
+
+loc_fffcf18d: ; not directly referenced
+test dl, dl
+mov dl, byte [ebp + ecx - 0x23]
+je short loc_fffcf19e ; je 0xfffcf19e
+mov edi, dword [ebp + 0x10]
+inc edx
+mov byte [edi + ecx], dl
+jmp short loc_fffcf1a4 ; jmp 0xfffcf1a4
+
+loc_fffcf19e: ; not directly referenced
+mov ebx, dword [ebp + 0x14]
+
+loc_fffcf1a1: ; not directly referenced
+mov byte [ebx + ecx], dl
+
+loc_fffcf1a4: ; not directly referenced
+inc ecx
+cmp ecx, 2
+jne short loc_fffcf15b ; jne 0xfffcf15b
+mov al, 1
+test byte [ebp - 0x32], 1
+je short loc_fffcf1bf ; je 0xfffcf1bf
+mov eax, dword [ebp + 0x10]
+mov ecx, dword [ebp + 0x14]
+mov al, byte [eax]
+cmp byte [ecx], al
+setbe al
+
+loc_fffcf1bf: ; not directly referenced
+cmp dword [ebp - 0x40], 0
+je short loc_fffcf1d7 ; je 0xfffcf1d7
+mov ecx, dword [ebp + 0x10]
+mov edi, dword [ebp + 0x14]
+mov cl, byte [ecx + 1]
+cmp byte [edi + 1], cl
+ja loc_fffcefe2 ; ja 0xfffcefe2
+
+loc_fffcf1d7: ; not directly referenced
+test al, al
+je loc_fffcefe2 ; je 0xfffcefe2
+push 0
+xor edi, edi
+push 0
+push 0
+push 0
+push 0
+push 0
+push 2
+push esi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x20
+cmp dword [ebp - 0x2c], 0
+jne short loc_fffcf20f ; jne 0xfffcf20f
+
+loc_fffcf1fe: ; not directly referenced
+sub esp, 0xc
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffcf20f: ; not directly referenced
+mov al, byte [ebp - 0x34]
+and eax, 1
+mov byte [ebp - 0x31], al
+movzx eax, byte [ebp - 0x41]
+mov dword [ebp - 0x2c], eax
+
+loc_fffcf21f: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+bt eax, edi
+jb short loc_fffcf22f ; jb 0xfffcf22f
+
+loc_fffcf227: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffcf21f ; jne 0xfffcf21f
+jmp short loc_fffcf1fe ; jmp 0xfffcf1fe
+
+loc_fffcf22f: ; not directly referenced
+imul edx, edi, 0x13c3
+mov bl, byte [ebp - 0x33]
+and bl, byte [esi + edx + 0x381a]
+cmp byte [ebp - 0x31], 0
+je short loc_fffcf261 ; je 0xfffcf261
+push edx
+movzx edx, byte [ebp + edi - 0x21]
+push 0
+push edx
+movzx edx, bl
+push 1
+push edx
+push dword [ebp - 0x2c]
+push edi
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffcf261: ; not directly referenced
+cmp dword [ebp - 0x30], 0
+je short loc_fffcf227 ; je 0xfffcf227
+movzx edx, byte [ebp + edi - 0x21]
+movzx ebx, bl
+push eax
+push 0
+push edx
+push 2
+push ebx
+push dword [ebp - 0x2c]
+push edi
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+jmp short loc_fffcf227 ; jmp 0xfffcf227
+
+fcn_fffcf285: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+xor ebx, ebx
+sub esp, 0x40
+mov al, byte [ebp + 8]
+push 1
+movzx edi, byte [ebp + 0xc]
+push 7
+mov byte [ebp - 0x31], al
+mov eax, dword [ebp + 0x14]
+mov byte [ebp - 0x2a], dl
+lea edx, [ebp - 0x27]
+push edx
+mov word [ebp - 0x2c], ax
+mov eax, dword [ebp + 0x18]
+mov byte [ebp - 0x29], cl
+mov dword [ebp - 0x1c], 0
+mov dword [ebp - 0x20], 0
+mov word [ebp - 0x34], ax
+mov eax, dword [esi + 0x2443]
+call dword [eax + 0x5c] ; ucall
+movzx eax, byte [ebp - 0x29]
+add esp, 0x10
+mov dword [ebp - 0x3c], edi
+mov dword [ebp - 0x30], eax
+
+loc_fffcf2dc: ; not directly referenced
+movsx eax, bx
+xor edi, edi
+mov dword [ebp - 0x38], eax
+
+loc_fffcf2e4: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+bt eax, edi
+jae short loc_fffcf318 ; jae 0xfffcf318
+cmp dword [ebp + edi*4 - 0x20], 0
+jne short loc_fffcf318 ; jne 0xfffcf318
+mov eax, dword [ebp + 0x10]
+push edx
+push 0
+movzx edx, byte [eax + edi]
+add edx, dword [ebp - 0x38]
+push edx
+movzx edx, byte [ebp - 0x31]
+push dword [ebp - 0x3c]
+push edx
+movzx edx, byte [ebp - 0x2a]
+push edx
+push edi
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffcf318: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffcf2e4 ; jne 0xfffcf2e4
+cmp dword [ebp + 0x20], 0
+jne short loc_fffcf330 ; jne 0xfffcf330
+sub esp, 0xc
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+
+loc_fffcf330: ; not directly referenced
+mov edx, dword [ebp - 0x30]
+push eax
+movzx ecx, byte [esi + 0x248b]
+push 0
+push 1
+lea eax, [ebp - 0x27]
+push eax
+mov eax, esi
+call fcn_fffb0f94 ; call 0xfffb0f94
+mov dl, bl
+add esp, 0x10
+neg edx
+test bx, bx
+cmovns edx, ebx
+test byte [ebp - 0x29], 1
+je short loc_fffcf375 ; je 0xfffcf375
+cmp dword [ebp - 0x20], 0
+jne short loc_fffcf375 ; jne 0xfffcf375
+test al, 1
+je short loc_fffcf370 ; je 0xfffcf370
+mov dword [ebp - 0x20], 1
+jmp short loc_fffcf375 ; jmp 0xfffcf375
+
+loc_fffcf370: ; not directly referenced
+mov ecx, dword [ebp + 0x1c]
+mov byte [ecx], dl
+
+loc_fffcf375: ; not directly referenced
+test byte [ebp - 0x29], 2
+je short loc_fffcf394 ; je 0xfffcf394
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffcf394 ; jne 0xfffcf394
+test al, 2
+jne short loc_fffcf38d ; jne 0xfffcf38d
+mov eax, dword [ebp + 0x1c]
+mov byte [eax + 1], dl
+jmp short loc_fffcf394 ; jmp 0xfffcf394
+
+loc_fffcf38d: ; not directly referenced
+mov dword [ebp - 0x1c], 1
+
+loc_fffcf394: ; not directly referenced
+mov eax, dword [ebp - 0x34]
+add ebx, eax
+test ax, ax
+jle short loc_fffcf3a7 ; jle 0xfffcf3a7
+cmp bx, word [ebp - 0x2c]
+setg al
+jmp short loc_fffcf3ae ; jmp 0xfffcf3ae
+
+loc_fffcf3a7: ; not directly referenced
+cmp bx, word [ebp - 0x2c]
+setl al
+
+loc_fffcf3ae: ; not directly referenced
+cmp dword [ebp - 0x20], 0
+movzx eax, al
+je short loc_fffcf3bd ; je 0xfffcf3bd
+cmp dword [ebp - 0x1c], 0
+jne short loc_fffcf3c5 ; jne 0xfffcf3c5
+
+loc_fffcf3bd: ; not directly referenced
+test eax, eax
+je loc_fffcf2dc ; je 0xfffcf2dc
+
+loc_fffcf3c5: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcf3cd: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+mov esi, edx
+push ebx
+sub esp, 0x90
+mov eax, dword [ebp + 0x10]
+push 1
+push 7
+mov ebx, eax
+mov dword [ebp - 0x78], eax
+mov al, byte [ebp + 8]
+mov byte [ebp - 0x89], bl
+mov ebx, dword [edi + 0x2443]
+mov dword [ebp - 0x88], edx
+mov byte [ebp - 0x69], dl
+mov byte [ebp - 0x6a], al
+mov al, byte [ebp + 0xc]
+mov byte [ebp - 0x68], cl
+mov byte [ebp - 0x74], al
+mov al, byte [ebp + 0x14]
+mov byte [ebp - 0x7c], al
+mov al, byte [ebp + 0x18]
+mov byte [ebp - 0x8a], al
+lea eax, [ebp - 0x4f]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x53]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x51]
+push eax
+call dword [ebx + 0x5c] ; ucall
+xor eax, eax
+add esp, 0x10
+cmp dword [edi + 0x2480], 3
+sete al
+mov dword [ebp - 0x60], eax
+mov eax, esi
+cmp al, 6
+je short loc_fffcf489 ; je 0xfffcf489
+
+loc_fffcf457: ; not directly referenced
+cmp dword [ebp - 0x60], 1
+sbb eax, eax
+mov dword [ebp - 0x60], eax
+movsx ax, byte [ebp - 0x78]
+and byte [ebp - 0x60], 4
+add byte [ebp - 0x60], 2
+mov word [ebp - 0x6c], ax
+mov word [ebp - 0x64], ax
+mov al, byte [ebp - 0x7c]
+sub eax, dword [ebp - 0x60]
+movzx eax, al
+mov dword [ebp - 0x94], eax
+jmp near loc_fffcf604 ; jmp 0xfffcf604
+
+loc_fffcf489: ; not directly referenced
+movzx esi, byte [ebp - 0x68]
+lea eax, [edi + 0x3756]
+mov dword [ebp - 0x5c], eax
+xor eax, eax
+mov dword [ebp - 0x70], esi
+
+loc_fffcf49b: ; not directly referenced
+mov esi, dword [ebp - 0x70]
+bt esi, eax
+jae loc_fffcf567 ; jae 0xfffcf567
+mov esi, dword [ebp - 0x5c]
+mov ebx, dword [esi + 0x111]
+mov ecx, dword [esi + 0x11d]
+cmp bl, cl
+mov esi, ecx
+cmovl esi, ebx
+cmp cl, bl
+mov edx, esi
+mov esi, dword [ebp - 0x5c]
+cmovbe ecx, ebx
+mov byte [ebp + eax - 0x53], dl
+mov byte [ebp + eax - 0x51], cl
+xor ecx, ecx
+mov dl, byte [esi + 0xc4]
+mov byte [ebp - 0x64], dl
+
+loc_fffcf4da: ; not directly referenced
+mov ebx, 1
+shl ebx, cl
+test byte [ebp - 0x64], bl
+je short loc_fffcf512 ; je 0xfffcf512
+mov esi, dword [ebp - 0x5c]
+mov bl, byte [esi + ecx + 0x245]
+movzx esi, byte [ebp + eax - 0x53]
+cmp bl, byte [ebp + eax - 0x53]
+cmovle esi, ebx
+mov edx, esi
+movzx esi, byte [ebp + eax - 0x51]
+cmp bl, byte [ebp + eax - 0x51]
+mov byte [ebp + eax - 0x53], dl
+cmovb ebx, esi
+mov byte [ebp + eax - 0x51], bl
+
+loc_fffcf512: ; not directly referenced
+inc ecx
+cmp ecx, 4
+jne short loc_fffcf4da ; jne 0xfffcf4da
+cmp dword [ebp - 0x60], 0
+je short loc_fffcf559 ; je 0xfffcf559
+mov ecx, dword [ebp - 0x5c]
+mov esi, dword [ecx + 0x109]
+mov ecx, dword [ecx + 0x115]
+mov edx, esi
+mov ebx, esi
+cmp cl, dl
+mov dl, byte [ebp + eax - 0x53]
+cmovl ebx, ecx
+cmp bl, byte [ebp + eax - 0x53]
+cmovg ebx, edx
+mov edx, esi
+mov byte [ebp + eax - 0x53], bl
+mov bl, byte [ebp + eax - 0x51]
+cmp bl, dl
+cmovbe ebx, esi
+cmp bl, cl
+cmovbe ebx, ecx
+mov byte [ebp + eax - 0x51], bl
+
+loc_fffcf559: ; not directly referenced
+mov cl, 0x7f
+neg byte [ebp + eax - 0x53]
+sub cl, byte [ebp + eax - 0x51]
+mov byte [ebp + eax - 0x51], cl
+
+loc_fffcf567: ; not directly referenced
+inc eax
+add dword [ebp - 0x5c], 0x13c3
+cmp eax, 2
+jne loc_fffcf49b ; jne 0xfffcf49b
+jmp near loc_fffcf457 ; jmp 0xfffcf457
+
+loc_fffcf57d: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+bt eax, ebx
+jb loc_fffcf62c ; jb 0xfffcf62c
+
+loc_fffcf589: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffcf57d ; jne 0xfffcf57d
+sub esp, 0xc
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+cmp dword [ebp + 0x24], 0
+je loc_fffcf67f ; je 0xfffcf67f
+movzx ecx, byte [edi + 0x248b]
+push eax
+mov edx, dword [ebp - 0x70]
+push 0
+push 1
+lea eax, [ebp - 0x4f]
+push eax
+mov eax, edi
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+mov byte [ebp - 0x5c], al
+
+loc_fffcf5c5: ; not directly referenced
+cmp byte [ebp - 0x69], 6
+je loc_fffcf6d8 ; je 0xfffcf6d8
+
+loc_fffcf5cf: ; not directly referenced
+movzx eax, byte [ebp - 0x60]
+mov edx, esi
+xor ecx, ecx
+sub edx, eax
+mov dword [ebp - 0x70], eax
+movsx eax, byte [ebp - 0x89]
+mov dword [ebp - 0x80], edx
+
+loc_fffcf5e6: ; not directly referenced
+mov edx, 1
+shl edx, cl
+test byte [ebp - 0x68], dl
+jne loc_fffcf712 ; jne 0xfffcf712
+
+loc_fffcf5f6: ; not directly referenced
+inc ecx
+cmp ecx, 2
+jne short loc_fffcf5e6 ; jne 0xfffcf5e6
+movzx eax, byte [ebp - 0x60]
+add word [ebp - 0x64], ax
+
+loc_fffcf604: ; not directly referenced
+movzx eax, byte [ebp - 0x7c]
+movsx esi, word [ebp - 0x64]
+mov dword [ebp - 0x5c], eax
+cmp esi, eax
+jg loc_fffcf7f0 ; jg 0xfffcf7f0
+movzx eax, byte [ebp - 0x68]
+xor ebx, ebx
+mov dword [ebp - 0x70], eax
+movzx eax, byte [ebp - 0x74]
+mov dword [ebp - 0x5c], eax
+jmp near loc_fffcf57d ; jmp 0xfffcf57d
+
+loc_fffcf62c: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov cl, byte [ebp - 0x6a]
+and cl, byte [edi + eax + 0x381a]
+movzx eax, byte [ebp - 0x69]
+movzx ecx, cl
+cmp al, 6
+je short loc_fffcf65f ; je 0xfffcf65f
+push edx
+push 0
+push esi
+push dword [ebp - 0x5c]
+push ecx
+push eax
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+jmp near loc_fffcf589 ; jmp 0xfffcf589
+
+loc_fffcf65f: ; not directly referenced
+xor eax, eax
+mov edx, ebx
+cmp dword [ebp + 0x20], 0
+sete al
+push eax
+mov eax, edi
+push 0
+push esi
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+jmp near loc_fffcf589 ; jmp 0xfffcf589
+
+loc_fffcf67f: ; not directly referenced
+xor ebx, ebx
+mov byte [ebp - 0x5c], 0
+
+loc_fffcf685: ; not directly referenced
+mov eax, dword [ebp + 0x1c]
+push 0
+push 0
+push 0
+push 0
+movsx eax, byte [eax + ebx]
+push eax
+push 0
+push 2
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x1c
+movzx ecx, byte [edi + 0x248b]
+mov edx, dword [ebp - 0x70]
+lea eax, [ebp - 0x4f]
+push 0
+push 1
+push eax
+mov eax, edi
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+or byte [ebp - 0x5c], al
+mov al, byte [ebp - 0x68]
+cmp byte [ebp - 0x5c], al
+je loc_fffcf5c5 ; je 0xfffcf5c5
+inc ebx
+cmp ebx, 2
+jne short loc_fffcf685 ; jne 0xfffcf685
+jmp near loc_fffcf5c5 ; jmp 0xfffcf5c5
+
+loc_fffcf6d8: ; not directly referenced
+movsx ax, byte [ebp - 0x53]
+cmp word [ebp - 0x64], ax
+jge short loc_fffcf6e9 ; jge 0xfffcf6e9
+
+loc_fffcf6e3: ; not directly referenced
+or byte [ebp - 0x5c], 1
+jmp short loc_fffcf6f1 ; jmp 0xfffcf6f1
+
+loc_fffcf6e9: ; not directly referenced
+movzx eax, byte [ebp - 0x51]
+cmp esi, eax
+jg short loc_fffcf6e3 ; jg 0xfffcf6e3
+
+loc_fffcf6f1: ; not directly referenced
+movsx ax, byte [ebp - 0x52]
+cmp word [ebp - 0x64], ax
+jge short loc_fffcf705 ; jge 0xfffcf705
+
+loc_fffcf6fc: ; not directly referenced
+or byte [ebp - 0x5c], 2
+jmp near loc_fffcf5cf ; jmp 0xfffcf5cf
+
+loc_fffcf705: ; not directly referenced
+movzx eax, byte [ebp - 0x50]
+cmp esi, eax
+jg short loc_fffcf6fc ; jg 0xfffcf6fc
+jmp near loc_fffcf5cf ; jmp 0xfffcf5cf
+
+loc_fffcf712: ; not directly referenced
+test byte [ebp - 0x5c], dl
+mov ebx, dword [ebp - 0x6c]
+sete dl
+movzx edx, dl
+cmp word [ebp - 0x64], bx
+jne short loc_fffcf767 ; jne 0xfffcf767
+test edx, edx
+je short loc_fffcf745 ; je 0xfffcf745
+mov dword [ebp + ecx*4 - 0x20], eax
+mov dword [ebp + ecx*4 - 0x28], eax
+mov dword [ebp + ecx*4 - 0x30], eax
+mov dword [ebp + ecx*4 - 0x38], eax
+mov dword [ebp + ecx*4 - 0x40], eax
+mov dword [ebp + ecx*4 - 0x48], eax
+jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6
+
+loc_fffcf745: ; not directly referenced
+mov edx, eax
+sub edx, dword [ebp - 0x70]
+mov dword [ebp + ecx*4 - 0x20], edx
+mov dword [ebp + ecx*4 - 0x28], edx
+mov dword [ebp + ecx*4 - 0x30], edx
+mov dword [ebp + ecx*4 - 0x38], edx
+mov dword [ebp + ecx*4 - 0x40], edx
+mov dword [ebp + ecx*4 - 0x48], edx
+jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6
+
+loc_fffcf767: ; not directly referenced
+test edx, edx
+je loc_fffcf5f6 ; je 0xfffcf5f6
+mov ebx, dword [ebp - 0x80]
+cmp dword [ebp + ecx*4 - 0x40], ebx
+jne short loc_fffcf77c ; jne 0xfffcf77c
+mov dword [ebp + ecx*4 - 0x40], esi
+
+loc_fffcf77c: ; not directly referenced
+mov ebx, dword [ebp - 0x80]
+cmp dword [ebp + ecx*4 - 0x30], ebx
+mov dword [ebp + ecx*4 - 0x30], esi
+je short loc_fffcf78d ; je 0xfffcf78d
+mov dword [ebp + ecx*4 - 0x38], esi
+
+loc_fffcf78d: ; not directly referenced
+cmp esi, dword [ebp - 0x94]
+jl short loc_fffcf7b3 ; jl 0xfffcf7b3
+cmp dword [ebp + ecx*4 - 0x48], eax
+jne short loc_fffcf7b3 ; jne 0xfffcf7b3
+cmp byte [ebp - 0x8a], 0
+je short loc_fffcf7b3 ; je 0xfffcf7b3
+mov edx, dword [ebp + ecx*4 - 0x40]
+sub edx, eax
+add edx, dword [ebp - 0x70]
+add edx, esi
+mov dword [ebp + ecx*4 - 0x30], edx
+
+loc_fffcf7b3: ; not directly referenced
+mov edx, dword [ebp + ecx*4 - 0x30]
+mov ebx, dword [ebp + ecx*4 - 0x38]
+mov dword [ebp - 0x84], edx
+sub edx, ebx
+mov dword [ebp - 0x90], edx
+mov edx, dword [ebp + ecx*4 - 0x20]
+sub edx, dword [ebp + ecx*4 - 0x28]
+cmp dword [ebp - 0x90], edx
+jle loc_fffcf5f6 ; jle 0xfffcf5f6
+mov dword [ebp + ecx*4 - 0x28], ebx
+mov ebx, dword [ebp - 0x84]
+mov dword [ebp + ecx*4 - 0x20], ebx
+jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6
+
+loc_fffcf7f0: ; not directly referenced
+movzx eax, byte [ebp - 0x60]
+mov ecx, 2
+xor ebx, ebx
+mov esi, dword [ebp - 0x5c]
+lea eax, [eax + eax*2]
+mov dword [ebp - 0x7c], eax
+movsx eax, byte [ebp - 0x78]
+add esi, eax
+mov dword [ebp - 0x78], eax
+mov eax, esi
+cdq
+idiv ecx
+mov dword [ebp - 0x70], eax
+movzx eax, byte [ebp - 0x68]
+mov dword [ebp - 0x68], eax
+movzx eax, byte [ebp - 0x74]
+mov dword [ebp - 0x74], eax
+
+loc_fffcf823: ; not directly referenced
+mov eax, dword [ebp - 0x68]
+bt eax, ebx
+jb short loc_fffcf837 ; jb 0xfffcf837
+
+loc_fffcf82b: ; not directly referenced
+inc ebx
+cmp ebx, 2
+je loc_fffcf90e ; je 0xfffcf90e
+jmp short loc_fffcf823 ; jmp 0xfffcf823
+
+loc_fffcf837: ; not directly referenced
+mov esi, dword [ebp + ebx*4 - 0x20]
+mov eax, dword [ebp + ebx*4 - 0x28]
+mov ecx, esi
+mov dword [ebp - 0x60], eax
+sub ecx, eax
+cmp ecx, dword [ebp - 0x7c]
+jl short loc_fffcf855 ; jl 0xfffcf855
+mov edx, dword [ebp - 0x5c]
+sub edx, dword [ebp - 0x78]
+cmp ecx, edx
+jl short loc_fffcf86c ; jl 0xfffcf86c
+
+loc_fffcf855: ; not directly referenced
+cmp byte [edi + 0x1965], 0
+je short loc_fffcf87b ; je 0xfffcf87b
+cmp dword [edi + 0x188b], 1
+jne short loc_fffcf87b ; jne 0xfffcf87b
+jmp near loc_fffcf9bc ; jmp 0xfffcf9bc
+
+loc_fffcf86c: ; not directly referenced
+mov eax, dword [ebp - 0x60]
+mov ecx, 2
+add eax, esi
+cdq
+idiv ecx
+jmp short loc_fffcf87e ; jmp 0xfffcf87e
+
+loc_fffcf87b: ; not directly referenced
+mov eax, dword [ebp - 0x70]
+
+loc_fffcf87e: ; not directly referenced
+imul edx, ebx, 0x13c3
+mov cl, byte [ebp - 0x6a]
+and cl, byte [edi + edx + 0x381a]
+cmp dword [ebp + 0x20], 0
+mov byte [ebp - 0x64], cl
+jne short loc_fffcf8ba ; jne 0xfffcf8ba
+mov dl, byte [ebp - 0x69]
+cmp dl, 6
+je short loc_fffcf8ba ; je 0xfffcf8ba
+sub esp, 4
+push 1
+push eax
+movzx eax, cl
+push dword [ebp - 0x74]
+push eax
+movzx eax, dl
+push eax
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffcf8ba: ; not directly referenced
+mov edx, dword [ebp - 0x60]
+movzx ecx, byte [ebp - 0x64]
+mov eax, edx
+sar eax, 0x1f
+xor edx, eax
+sub edx, eax
+imul eax, edx, 0xa
+imul edx, ebx, 0x48
+mov dword [ebp - 0x64], ecx
+mov dword [ebp - 0x60], eax
+mov eax, esi
+sar eax, 0x1f
+add edx, edi
+xor esi, eax
+sub esi, eax
+xor eax, eax
+imul esi, esi, 0xa
+
+loc_fffcf8e6: ; not directly referenced
+mov ecx, dword [ebp - 0x64]
+bt ecx, eax
+jae short loc_fffcf8fd ; jae 0xfffcf8fd
+mov ecx, dword [ebp - 0x60]
+mov dword [edx + 0x3214], esi
+mov dword [edx + 0x3210], ecx
+
+loc_fffcf8fd: ; not directly referenced
+inc eax
+add edx, 0x90
+cmp eax, 4
+jne short loc_fffcf8e6 ; jne 0xfffcf8e6
+jmp near loc_fffcf82b ; jmp 0xfffcf82b
+
+loc_fffcf90e: ; not directly referenced
+cmp dword [ebp + 0x24], 0
+jne short loc_fffcf92b ; jne 0xfffcf92b
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 2
+push edi
+call fcn_fffcc4cb ; call 0xfffcc4cb
+add esp, 0x20
+
+loc_fffcf92b: ; not directly referenced
+cmp byte [ebp - 0x88], 6
+je short loc_fffcf942 ; je 0xfffcf942
+
+loc_fffcf934: ; not directly referenced
+sub esp, 0xc
+push edi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+jmp short loc_fffcf9c1 ; jmp 0xfffcf9c1
+
+loc_fffcf942: ; not directly referenced
+xor ebx, ebx
+
+loc_fffcf944: ; not directly referenced
+mov eax, dword [ebp - 0x68]
+bt eax, ebx
+jb short loc_fffcf954 ; jb 0xfffcf954
+
+loc_fffcf94c: ; not directly referenced
+inc ebx
+cmp ebx, 2
+je short loc_fffcf934 ; je 0xfffcf934
+jmp short loc_fffcf944 ; jmp 0xfffcf944
+
+loc_fffcf954: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov dl, byte [ebp - 0x6a]
+and dl, byte [edi + eax + 0x381a]
+xor eax, eax
+cmp dword [ebp + 0x20], 0
+movzx esi, dl
+mov edx, ebx
+sete al
+mov ecx, esi
+push eax
+mov eax, edi
+push 0
+push 0
+push 0
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+imul eax, ebx, 0x48
+add esp, 0x10
+xor edx, edx
+add eax, edi
+
+loc_fffcf98c: ; not directly referenced
+bt esi, edx
+jae short loc_fffcf9af ; jae 0xfffcf9af
+mov ecx, dword [eax + 0x3210]
+mov dword [ebp - 0x5c], ecx
+mov ecx, dword [eax + 0x3214]
+mov dword [eax + 0x3210], ecx
+mov ecx, dword [ebp - 0x5c]
+mov dword [eax + 0x3214], ecx
+
+loc_fffcf9af: ; not directly referenced
+inc edx
+add eax, 0x90
+cmp edx, 4
+jne short loc_fffcf98c ; jne 0xfffcf98c
+jmp short loc_fffcf94c ; jmp 0xfffcf94c
+
+loc_fffcf9bc: ; not directly referenced
+mov eax, 0xc
+
+loc_fffcf9c1: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcf9c9: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x40
+mov edi, dword [ebp + 8]
+mov dword [ebp - 0x2c], eax
+mov dword [ebp - 0x44], ecx
+mov byte [ebp - 0x3d], cl
+mov esi, edi
+mov ebx, esi
+mov esi, eax
+mov byte [ebp - 0x3e], bl
+mov ebx, dword [eax + 0x2443]
+lea eax, [ebp - 0x24]
+push 0
+push 2
+push eax
+mov dword [ebp - 0x3c], edx
+mov dword [ebp - 0x38], edi
+mov edi, dword [ebp + 0xc]
+mov byte [ebp - 0x1a], 0xf8
+mov byte [ebp - 0x19], 8
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x22]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0x10
+cmp byte [ebp - 0x3c], 0
+setne cl
+cmp dword [esi + 0x2480], 3
+mov byte [ebp - 0x30], cl
+sete al
+test cl, al
+je short loc_fffcfa69 ; je 0xfffcfa69
+mov al, byte [edi]
+xor ecx, ecx
+lea edx, [eax - 0x20]
+cmp al, 0x21
+cmovb edx, ecx
+cmp al, 0x5e
+lea ebx, [eax + 0x20]
+mov al, byte [edi + 1]
+mov byte [ebp - 0x1e], dl
+mov dl, 0x7f
+cmova ebx, edx
+mov byte [ebp - 0x1c], bl
+cmp al, 0x21
+lea ebx, [eax - 0x20]
+cmovae ecx, ebx
+cmp al, 0x5e
+mov byte [ebp - 0x1d], cl
+lea ecx, [eax + 0x20]
+cmovbe edx, ecx
+mov byte [ebp - 0x1b], dl
+jmp short loc_fffcfa86 ; jmp 0xfffcfa86
+
+loc_fffcfa69: ; not directly referenced
+push eax
+push 0
+push 2
+lea eax, [ebp - 0x1e]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0x7f
+push 2
+lea eax, [ebp - 0x1c]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0x10
+
+loc_fffcfa86: ; not directly referenced
+test edi, edi
+mov eax, 1
+sete dl
+test byte [ebp - 0x30], dl
+jne loc_fffcfcdd ; jne 0xfffcfcdd
+movzx esi, byte [ebp - 0x3d]
+xor ebx, ebx
+mov byte [ebp - 0x34], 0
+
+loc_fffcfaa3: ; not directly referenced
+mov eax, dword [ebp - 0x2c]
+mov ecx, esi
+mov edx, ebx
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0x34], al
+cmp byte [ebp - 0x30], 0
+je short loc_fffcfabf ; je 0xfffcfabf
+mov al, byte [edi + ebx]
+mov byte [ebp + ebx - 0x20], al
+
+loc_fffcfabf: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffcfaa3 ; jne 0xfffcfaa3
+cmp byte [ebp - 0x3c], 0
+jne loc_fffcfbe2 ; jne 0xfffcfbe2
+mov eax, dword [ebp - 0x2c]
+cmp dword [eax + 0x188b], 0
+je short loc_fffcfae5 ; je 0xfffcfae5
+mov al, byte [ebp - 0x44]
+and eax, 5
+cmp al, 5
+je short loc_fffcfb15 ; je 0xfffcfb15
+
+loc_fffcfae5: ; not directly referenced
+push 0
+movzx ecx, byte [ebp - 0x34]
+xor edx, edx
+push 0
+lea eax, [ebp - 0x1a]
+push eax
+movzx eax, byte [ebp - 0x1c]
+push 1
+push eax
+movsx eax, byte [ebp - 0x1e]
+push eax
+movzx eax, byte [ebp - 0x38]
+push eax
+mov eax, dword [ebp - 0x2c]
+push esi
+call fcn_fffcf3cd ; call 0xfffcf3cd
+add esp, 0x20
+jmp near loc_fffcfcdd ; jmp 0xfffcfcdd
+
+loc_fffcfb15: ; not directly referenced
+movzx edi, byte [ebp - 0x3e]
+xor eax, eax
+mov dword [ebp - 0x30], 0
+mov dword [ebp - 0x38], edi
+
+loc_fffcfb25: ; not directly referenced
+mov cl, byte [ebp - 0x30]
+mov ebx, 3
+xor esi, esi
+mov edi, dword [ebp - 0x2c]
+shl ebx, cl
+mov byte [ebp - 0x34], bl
+add edi, 0x3756
+
+loc_fffcfb3d: ; not directly referenced
+cmp dword [edi], 2
+jne short loc_fffcfb77 ; jne 0xfffcfb77
+cmp byte [ebp - 0x34], 3
+mov ecx, 0x40
+mov dword [ebp - 0x3c], eax
+mov edx, 0xffffffc0
+push eax
+push 1
+cmove edx, ecx
+push edx
+push 1
+mov dl, byte [edi + 0xc4]
+and edx, 0xc
+push edx
+push 0
+push esi
+push dword [ebp - 0x2c]
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp - 0x3c]
+add esp, 0x20
+
+loc_fffcfb77: ; not directly referenced
+inc esi
+add edi, 0x13c3
+cmp esi, 2
+jne short loc_fffcfb3d ; jne 0xfffcfb3d
+test byte [ebp - 0x3d], bl
+je short loc_fffcfbcf ; je 0xfffcfbcf
+mov edi, dword [ebp - 0x2c]
+mov ecx, ebx
+xor edx, edx
+mov eax, edi
+call fcn_fffaac43 ; call 0xfffaac43
+mov ecx, ebx
+mov edx, 1
+mov esi, eax
+mov eax, edi
+call fcn_fffaac43 ; call 0xfffaac43
+xor edx, edx
+push 0
+push 0
+or eax, esi
+movzx ecx, al
+lea eax, [ebp - 0x1a]
+push eax
+movzx eax, byte [ebp - 0x1c]
+push 1
+push eax
+movsx eax, byte [ebp - 0x1e]
+push eax
+mov eax, edi
+push dword [ebp - 0x38]
+push ebx
+call fcn_fffcf3cd ; call 0xfffcf3cd
+add esp, 0x20
+
+loc_fffcfbcf: ; not directly referenced
+add dword [ebp - 0x30], 2
+cmp dword [ebp - 0x30], 4
+je loc_fffcfcdd ; je 0xfffcfcdd
+jmp near loc_fffcfb25 ; jmp 0xfffcfb25
+
+loc_fffcfbe2: ; not directly referenced
+movzx eax, byte [ebp - 0x38]
+push ebx
+push ebx
+lea ebx, [ebp - 0x1a]
+mov edx, eax
+mov dword [ebp - 0x30], eax
+movzx eax, byte [ebp - 0x34]
+push ebx
+push 0
+lea ebx, [ebp - 0x20]
+mov ecx, eax
+mov dword [ebp - 0x38], eax
+movzx eax, byte [ebp - 0x3c]
+push ebx
+mov dword [ebp - 0x3c], eax
+lea eax, [ebp - 0x1e]
+push eax
+mov eax, dword [ebp - 0x2c]
+push edx
+mov edx, dword [ebp - 0x3c]
+push esi
+call fcn_fffcef25 ; call 0xfffcef25
+mov al, byte [ebp - 0x20]
+add esp, 0x18
+lea edx, [ebp - 0x1a]
+mov ecx, dword [ebp - 0x38]
+mov byte [ebp - 0x24], al
+mov al, byte [ebp - 0x1f]
+mov byte [ebp - 0x23], al
+mov al, byte [edi]
+mov byte [ebp - 0x20], al
+mov al, byte [edi + 1]
+push edx
+mov edx, dword [ebp - 0x3c]
+push 1
+mov byte [ebp - 0x1f], al
+lea eax, [ebp - 0x1c]
+push eax
+mov eax, dword [ebp - 0x2c]
+push ebx
+push dword [ebp - 0x30]
+push esi
+xor esi, esi
+call fcn_fffcef25 ; call 0xfffcef25
+mov al, byte [ebp - 0x20]
+add esp, 0x20
+mov dword [ebp - 0x34], 0
+mov byte [ebp - 0x22], al
+mov al, byte [ebp - 0x1f]
+mov byte [ebp - 0x21], al
+
+loc_fffcfc67: ; not directly referenced
+mov eax, dword [ebp - 0x38]
+bt eax, esi
+jae short loc_fffcfcd4 ; jae 0xfffcfcd4
+mov ebx, dword [ebp - 0x2c]
+imul eax, esi, 0x13c3
+mov cl, byte [ebp - 0x3d]
+movzx edx, byte [ebp + esi - 0x22]
+and cl, byte [ebx + eax + 0x381a]
+mov bl, dl
+mov byte [ebp - 0x44], cl
+movzx ecx, byte [ebp + esi - 0x24]
+sub ebx, ecx
+cmp dl, 0x7f
+jne short loc_fffcfca1 ; jne 0xfffcfca1
+test cl, cl
+jne short loc_fffcfca1 ; jne 0xfffcfca1
+mov al, byte [edi + esi]
+jmp short loc_fffcfcb6 ; jmp 0xfffcfcb6
+
+loc_fffcfca1: ; not directly referenced
+lea eax, [ecx + edx + 1]
+mov edx, 0xc
+shr eax, 1
+cmp bl, 0x11
+cmova edx, dword [ebp - 0x34]
+mov dword [ebp - 0x34], edx
+
+loc_fffcfcb6: ; not directly referenced
+push edx
+movzx eax, al
+push 1
+push eax
+movzx eax, byte [ebp - 0x44]
+push dword [ebp - 0x30]
+push eax
+push dword [ebp - 0x3c]
+push esi
+push dword [ebp - 0x2c]
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffcfcd4: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffcfc67 ; jne 0xfffcfc67
+mov eax, dword [ebp - 0x34]
+
+loc_fffcfcdd: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffcfce5: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, edx
+push esi
+mov esi, eax
+push ebx
+xor ebx, ebx
+sub esp, 0x1c
+mov byte [ebp - 0x19], cl
+movzx ecx, byte [ebp + 8]
+
+loc_fffcfcfb: ; not directly referenced
+bt edi, ebx
+jae short loc_fffcfd2e ; jae 0xfffcfd2e
+imul eax, ebx, 0x13c3
+mov dl, byte [ebp - 0x19]
+and dl, byte [esi + eax + 0x381a]
+movzx eax, dl
+je short loc_fffcfd2e ; je 0xfffcfd2e
+push edx
+push 0
+push ecx
+push 3
+push eax
+push 0
+push ebx
+push esi
+mov dword [ebp - 0x20], ecx
+call fcn_fffa9178 ; call 0xfffa9178
+mov ecx, dword [ebp - 0x20]
+add esp, 0x20
+
+loc_fffcfd2e: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffcfcfb ; jne 0xfffcfcfb
+mov dword [ebp + 8], esi
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+jmp near fcn_fffc82f4 ; jmp 0xfffc82f4
+
+fcn_fffcfd43: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x3c
+mov edi, dword [ebp + 0xc]
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x2c], ecx
+mov esi, dword [ebx + 0x2443]
+mov dword [ebp - 0x30], edx
+mov edx, dword [ebp + 0x18]
+mov ecx, edi
+inc cl
+mov dword [ebp - 0x3c], eax
+mov eax, dword [ebp + 0x14]
+je short loc_fffcfd80 ; je 0xfffcfd80
+movsx cx, dl
+movzx edx, dl
+mov word [ebp - 0x34], cx
+neg word [ebp - 0x34]
+jmp short loc_fffcfd8b ; jmp 0xfffcfd8b
+
+loc_fffcfd80: ; not directly referenced
+mov edx, 0x20
+mov word [ebp - 0x34], 0xffe0
+
+loc_fffcfd8b: ; not directly referenced
+push ecx
+movzx eax, al
+push 0
+inc eax
+lea ecx, [ebp - 0x1c]
+push 2
+push ecx
+mov dword [ebp - 0x44], edx
+mov dword [ebp - 0x40], ecx
+mov word [ebp - 0x36], ax
+call dword [esi + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0x1a]
+push eax
+call dword [esi + 0x5c] ; ucall
+movzx ecx, byte [ebp - 0x2c]
+add esp, 0xc
+movzx edx, byte [ebp - 0x30]
+mov eax, edi
+push dword [ebp + 0x1c]
+movzx edi, al
+movzx eax, word [ebp - 0x36]
+mov dword [ebp - 0x2c], ecx
+mov ecx, dword [ebp - 0x40]
+mov dword [ebp - 0x30], edx
+mov edx, dword [ebp - 0x44]
+movzx esi, byte [ebp - 0x3c]
+push ecx
+mov ecx, dword [ebp - 0x2c]
+push eax
+movsx edx, dx
+push edx
+mov edx, dword [ebp - 0x30]
+mov eax, ebx
+push dword [ebp + 0x10]
+push edi
+push esi
+call fcn_fffcf285 ; call 0xfffcf285
+add esp, 0x20
+cmp dword [ebp + 0x1c], 0
+je short loc_fffcfe37 ; je 0xfffcfe37
+xor eax, eax
+
+loc_fffcfdfd: ; not directly referenced
+mov ecx, dword [ebp - 0x2c]
+bt ecx, eax
+jae short loc_fffcfe25 ; jae 0xfffcfe25
+mov ecx, dword [ebp + 0x10]
+push edx
+push 0
+movzx edx, byte [ecx + eax]
+mov dword [ebp - 0x3c], eax
+push edx
+push edi
+push esi
+push dword [ebp - 0x30]
+push eax
+push ebx
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp - 0x3c]
+add esp, 0x20
+
+loc_fffcfe25: ; not directly referenced
+inc eax
+cmp eax, 2
+jne short loc_fffcfdfd ; jne 0xfffcfdfd
+sub esp, 0xc
+push ebx
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+
+loc_fffcfe37: ; not directly referenced
+push ecx
+mov edx, dword [ebp - 0x30]
+push dword [ebp + 0x1c]
+lea eax, [ebp - 0x1a]
+mov ecx, dword [ebp - 0x2c]
+push eax
+mov ax, word [ebp - 0x36]
+neg eax
+cwde
+push eax
+movsx eax, word [ebp - 0x34]
+push eax
+mov eax, ebx
+push dword [ebp + 0x10]
+push edi
+push esi
+call fcn_fffcf285 ; call 0xfffcf285
+add esp, 0x20
+cmp dword [ebp + 0x1c], 0
+je short loc_fffcfea3 ; je 0xfffcfea3
+xor eax, eax
+
+loc_fffcfe69: ; not directly referenced
+mov ecx, dword [ebp - 0x2c]
+bt ecx, eax
+jae short loc_fffcfe91 ; jae 0xfffcfe91
+push edx
+mov edx, dword [ebp + 0x10]
+push 0
+mov dword [ebp - 0x34], eax
+movzx edx, byte [edx + eax]
+push edx
+push edi
+push esi
+push dword [ebp - 0x30]
+push eax
+push ebx
+call fcn_fffa9178 ; call 0xfffa9178
+mov eax, dword [ebp - 0x34]
+add esp, 0x20
+
+loc_fffcfe91: ; not directly referenced
+inc eax
+cmp eax, 2
+jne short loc_fffcfe69 ; jne 0xfffcfe69
+sub esp, 0xc
+push ebx
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+
+loc_fffcfea3: ; not directly referenced
+xor eax, eax
+
+loc_fffcfea5: ; not directly referenced
+mov edi, dword [ebp - 0x2c]
+bt edi, eax
+jb short loc_fffcfebe ; jb 0xfffcfebe
+
+loc_fffcfead: ; not directly referenced
+inc eax
+add ebx, 0x48
+cmp eax, 2
+jne short loc_fffcfea5 ; jne 0xfffcfea5
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffcfebe: ; not directly referenced
+mov ecx, ebx
+xor edx, edx
+
+loc_fffcfec2: ; not directly referenced
+bt esi, edx
+jae short loc_fffcfee3 ; jae 0xfffcfee3
+movzx edi, byte [ebp + eax - 0x1a]
+imul edi, edi, 0xa
+mov dword [ecx + 0x3210], edi
+movzx edi, byte [ebp + eax - 0x1c]
+imul edi, edi, 0xa
+mov dword [ecx + 0x3214], edi
+
+loc_fffcfee3: ; not directly referenced
+inc edx
+add ecx, 0x90
+cmp edx, 4
+jne short loc_fffcfec2 ; jne 0xfffcfec2
+jmp short loc_fffcfead ; jmp 0xfffcfead
+
+fcn_fffcfef1: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0xfc
+mov esi, dword [ebp + 8]
+mov dword [ebp - 0xd4], 0
+mov eax, dword [esi + 0x2443]
+mov dword [ebp - 0xd8], eax
+mov eax, dword [esi + 0x5edc]
+mov dword [ebp - 0xdc], eax
+lea eax, [esi + 0x2490]
+mov dword [ebp - 0xe0], eax
+mov eax, dword [esi + 0x188b]
+mov dword [ebp - 0xe4], eax
+mov al, byte [esi + 0x2441]
+mov byte [ebp - 0xf9], al
+test byte [esi + 0x2405], 0x20
+je short loc_fffcff61 ; je 0xfffcff61
+xor eax, eax
+cmp dword [ebp - 0xe4], 1
+sete al
+mov dword [ebp - 0xd4], eax
+
+loc_fffcff61: ; not directly referenced
+cmp dword [esi + 0x2480], 3
+mov edi, dword [ebp - 0xd8]
+push ebx
+sete al
+push 0
+push 0x10
+lea ebx, [ebp - 0xa8]
+mov byte [ebp - 0xfa], al
+movzx eax, al
+mov dword [ebp - 0xcc], eax
+mov eax, edi
+push ebx
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0xb0]
+push eax
+mov eax, edi
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+mov eax, edi
+push 0xff
+lea edx, [ebp - 0x98]
+push 0x80
+push edx
+mov dword [ebp - 0xbc], edx
+call dword [eax + 0x5c] ; ucall
+add esp, 0x10
+mov edx, dword [ebp - 0xbc]
+cmp dword [ebp - 0xcc], 1
+mov byte [ebp - 0xad], 0
+mov byte [ebp - 0xae], 0
+sbb eax, eax
+and eax, 7
+add eax, 0xa
+cmp dword [ebp - 0xd4], 1
+movzx eax, al
+mov dword [ebp - 0xf8], edx
+mov dword [ebp - 0xec], edx
+sbb edi, edi
+mov dword [ebp - 0xc8], edi
+mov edi, esi
+and dword [ebp - 0xc8], 0xfffffff8
+add dword [ebp - 0xc8], 0xd
+mov dword [ebp - 0xc4], 0
+mov dword [ebp - 0xc0], 0
+mov dword [ebp - 0xf4], ebx
+mov dword [ebp - 0x100], eax
+
+loc_fffd0037: ; not directly referenced
+mov eax, dword [ebp - 0xdc]
+xor ebx, ebx
+mov cl, byte [ebp - 0xc4]
+mov dword [ebp - 0xd0], 1
+shl dword [ebp - 0xd0], cl
+add eax, 0x70
+mov dword [ebp - 0xf0], eax
+mov byte [ebp - 0xe8], 0
+
+loc_fffd0065: ; not directly referenced
+mov ecx, dword [ebp - 0xd0]
+mov edx, ebx
+mov eax, esi
+call fcn_fffaac43 ; call 0xfffaac43
+or byte [ebp - 0xe8], al
+movzx eax, byte [ebp - 0xe8]
+bt eax, ebx
+mov dword [ebp - 0xbc], eax
+jae short loc_fffd00a9 ; jae 0xfffd00a9
+push ecx
+push 0
+movzx eax, byte [esi + 0x2488]
+push eax
+mov eax, dword [ebp - 0xd8]
+push dword [ebp - 0xf0]
+call dword [eax + 0x64] ; ucall
+add esp, 0x10
+
+loc_fffd00a9: ; not directly referenced
+inc ebx
+add dword [ebp - 0xf0], 0xcc
+cmp ebx, 2
+jne short loc_fffd0065 ; jne 0xfffd0065
+cmp byte [ebp - 0xe8], 0
+je loc_fffd03c2 ; je 0xfffd03c2
+mov edx, dword [ebp - 0xbc]
+sub esp, 0xc
+mov ecx, 0x11
+push 0
+mov eax, esi
+mov bl, 1
+call fcn_fffb26ca ; call 0xfffb26ca
+add esp, 0x10
+
+loc_fffd00e2: ; not directly referenced
+cmp ebx, 3
+je short loc_fffd0142 ; je 0xfffd0142
+cmp ebx, 1
+jne short loc_fffd00f5 ; jne 0xfffd00f5
+mov byte [esi + 0x248b], 9
+jmp short loc_fffd0101 ; jmp 0xfffd0101
+
+loc_fffd00f5: ; not directly referenced
+cmp ebx, 4
+jne short loc_fffd0101 ; jne 0xfffd0101
+mov byte [esi + 0x248b], 0
+
+loc_fffd0101: ; not directly referenced
+lea eax, [ebx - 4]
+mov ecx, dword [ebp - 0xbc]
+push edx
+cmp eax, 2
+push edx
+sbb eax, eax
+mov edx, dword [ebp - 0xe0]
+push 0
+and eax, 0x17
+push dword [ebp - 0xf4]
+add eax, 0x1f
+movzx eax, al
+push eax
+mov eax, esi
+push 1
+push ebx
+push dword [ebp - 0xc4]
+call fcn_fffc6051 ; call 0xfffc6051
+add esp, 0x20
+mov dword [ebp - 0xc0], eax
+
+loc_fffd0142: ; not directly referenced
+inc ebx
+cmp ebx, 6
+jne short loc_fffd00e2 ; jne 0xfffd00e2
+cmp dword [ebp - 0xd4], 0
+je loc_fffd03c2 ; je 0xfffd03c2
+mov ecx, dword [ebp - 0x100]
+sub esp, 0xc
+mov eax, esi
+mov edx, dword [ebp - 0xbc]
+push 0
+call fcn_fffb2759 ; call 0xfffb2759
+add esp, 0x10
+cmp dword [ebp - 0xcc], 0
+je short loc_fffd01a5 ; je 0xfffd01a5
+push eax
+mov ecx, dword [ebp - 0xbc]
+xor edx, edx
+push 0
+push 0
+push 0x20
+push 0
+lea eax, [ebp - 0xae]
+push eax
+mov eax, esi
+push 0xff
+push dword [ebp - 0xd0]
+call fcn_fffcfd43 ; call 0xfffcfd43
+jmp short loc_fffd01f5 ; jmp 0xfffd01f5
+
+loc_fffd01a5: ; not directly referenced
+push 1
+mov ecx, dword [ebp - 0xbc]
+xor edx, edx
+push 1
+lea eax, [ebp - 0xb0]
+push eax
+mov eax, esi
+push 1
+push 0x40
+push 0xffffffffffffffc0
+push 3
+push 0xff
+call fcn_fffcf3cd ; call 0xfffcf3cd
+mov ebx, dword [ebp - 0xec]
+mov eax, dword [edi + 0x3210]
+mov dword [ebx], eax
+mov eax, dword [edi + 0x3214]
+mov dword [ebx + 4], eax
+mov eax, dword [edi + 0x3258]
+mov dword [ebx + 0x10], eax
+mov eax, dword [edi + 0x325c]
+mov dword [ebx + 0x14], eax
+
+loc_fffd01f5: ; not directly referenced
+add esp, 0x20
+cmp byte [ebp - 0xf9], 0
+je short loc_fffd0278 ; je 0xfffd0278
+
+loc_fffd0201: ; not directly referenced
+push ecx
+push 0
+push 0
+push 3
+push 0xff
+push 0
+push 0
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 0
+push 0
+push 3
+push 0xff
+push 0
+push 1
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x14
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+mov ecx, dword [ebp - 0xbc]
+pop ebx
+pop eax
+mov eax, esi
+mov edx, dword [ebp - 0xe0]
+push 0
+push dword [ebp - 0xf4]
+push 0x36
+push 0
+push 0xd
+push dword [ebp - 0xc4]
+call fcn_fffc6051 ; call 0xfffc6051
+add esp, 0x14
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+mov dword [ebp - 0xc0], eax
+jmp near loc_fffd03c2 ; jmp 0xfffd03c2
+
+loc_fffd0278: ; not directly referenced
+xor ebx, ebx
+
+loc_fffd027a: ; not directly referenced
+imul eax, ebx, 0x13c3
+cmp dword [esi + eax + 0x3756], 2
+jne short loc_fffd02ce ; jne 0xfffd02ce
+push edx
+push 0
+push 0
+push 3
+push 0xff
+push 0
+push ebx
+push esi
+call fcn_fffa9178 ; call 0xfffa9178
+mov ecx, dword [ebp - 0xdc]
+imul eax, ebx, 0xcc
+add esp, 0x20
+mov edx, ebx
+push 0
+push 1
+movzx eax, byte [ecx + eax + 0xe2]
+mov ecx, 0xff
+push eax
+mov eax, esi
+push 1
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+
+loc_fffd02ce: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffd027a ; jne 0xfffd027a
+sub esp, 0xc
+push esi
+call fcn_fffc82f4 ; call 0xfffc82f4
+add esp, 0x10
+cmp dword [ebp - 0xcc], 0
+je short loc_fffd0316 ; je 0xfffd0316
+mov ecx, dword [ebp - 0xd0]
+mov eax, esi
+mov edx, dword [ebp - 0xbc]
+call fcn_fffc93f9 ; call 0xfffc93f9
+
+loc_fffd02fc: ; not directly referenced
+mov eax, dword [ebp - 0xec]
+mov ebx, edi
+mov dword [ebp - 0xc0], 0
+mov dword [ebp - 0xd0], eax
+jmp short loc_fffd0362 ; jmp 0xfffd0362
+
+loc_fffd0316: ; not directly referenced
+push 1
+mov ecx, dword [ebp - 0xbc]
+mov edx, 6
+push 1
+lea eax, [ebp - 0xb0]
+push eax
+mov eax, esi
+push 0
+push 0x40
+push 0xffffffffffffffc0
+push 3
+push 0xff
+call fcn_fffcf3cd ; call 0xfffcf3cd
+add esp, 0x20
+jmp short loc_fffd02fc ; jmp 0xfffd02fc
+
+loc_fffd0345: ; not directly referenced
+inc dword [ebp - 0xc0]
+add ebx, 0x48
+add dword [ebp - 0xd0], 0x10
+cmp dword [ebp - 0xc0], 2
+je loc_fffd0201 ; je 0xfffd0201
+
+loc_fffd0362: ; not directly referenced
+imul eax, dword [ebp - 0xc0], 0x13c3
+cmp dword [esi + eax + 0x3756], 2
+jne short loc_fffd0345 ; jne 0xfffd0345
+mov eax, dword [ebx + 0x3210]
+mov edx, dword [ebp - 0xd0]
+mov ecx, dword [ebp - 0xdc]
+mov dword [edx + 8], eax
+mov eax, dword [ebx + 0x3214]
+mov dword [edx + 0xc], eax
+mov edx, dword [ebp - 0xc0]
+push 0
+push 1
+imul eax, edx, 0xcc
+movzx eax, byte [ecx + eax + 0xe2]
+mov ecx, 0xff
+neg eax
+push eax
+mov eax, esi
+push 1
+call fcn_fffb0cb4 ; call 0xfffb0cb4
+add esp, 0x10
+jmp short loc_fffd0345 ; jmp 0xfffd0345
+
+loc_fffd03c2: ; not directly referenced
+inc dword [ebp - 0xc4]
+add edi, 0x90
+add dword [ebp - 0xec], 0x20
+cmp dword [ebp - 0xc4], 4
+jne loc_fffd0037 ; jne 0xfffd0037
+cmp dword [ebp - 0xcc], 0
+jne short loc_fffd0439 ; jne 0xfffd0439
+mov eax, dword [ebp - 0xf8]
+lea edx, [esi + 0x3210]
+lea ebx, [ebp - 0x18]
+
+loc_fffd03fa: ; not directly referenced
+mov ecx, dword [eax]
+cmp dword [eax + 8], ecx
+cmovbe ecx, dword [eax + 8]
+mov dword [edx], ecx
+mov ecx, dword [eax + 4]
+cmp dword [eax + 0xc], ecx
+cmovbe ecx, dword [eax + 0xc]
+mov dword [edx + 4], ecx
+mov ecx, dword [eax + 0x18]
+cmp dword [eax + 0x10], ecx
+cmovbe ecx, dword [eax + 0x10]
+mov dword [edx + 0x48], ecx
+mov ecx, dword [eax + 0x1c]
+cmp dword [eax + 0x14], ecx
+cmovbe ecx, dword [eax + 0x14]
+add eax, 0x20
+add edx, 0x90
+mov dword [edx - 0x44], ecx
+cmp eax, ebx
+jne short loc_fffd03fa ; jne 0xfffd03fa
+
+loc_fffd0439: ; not directly referenced
+mov dword [ebp - 0xcc], 0
+xor edi, edi
+mov dword [ebp - 0xd0], 0
+mov byte [ebp - 0xc4], 0
+
+loc_fffd0456: ; not directly referenced
+mov byte [ebp - 0xbc], 0
+
+loc_fffd045d: ; not directly referenced
+mov cl, byte [ebp - 0xc4]
+mov eax, 1
+movzx edx, byte [ebp - 0xbc]
+movzx ebx, cl
+shl eax, cl
+imul ecx, edx, 0x13c3
+test byte [esi + ecx + 0x381a], al
+je loc_fffd0601 ; je 0xfffd0601
+imul ebx, ebx, 0x90
+imul edx, edx, 0x48
+mov dword [ebp - 0xd4], edi
+lea eax, [ebx + edx]
+mov ebx, 1
+mov dword [ebp - 0xe8], eax
+
+loc_fffd04a4: ; not directly referenced
+lea eax, [ebx - 6]
+cmp eax, 5
+setbe dl
+cmp ebx, 3
+sete al
+or dl, al
+jne loc_fffd05de ; jne 0xfffd05de
+mov ecx, 2
+mov edx, ebx
+movzx edi, byte [ebx + ref_fffd5f1c] ; movzx edi, byte [ebx - 0x2a0e4]
+mov eax, esi
+call fcn_fffb13cf ; call 0xfffb13cf
+mov ecx, 0xa
+xor edx, edx
+imul edi, edi, 0x240
+div cx
+mov word [ebp - 0xec], ax
+push eax
+push 0xffff
+push 2
+lea eax, [ebp - 0xac]
+push eax
+mov eax, dword [ebp - 0xd8]
+call dword [eax + 0x60] ; ucall
+lea eax, [ebx - 0xc]
+add esp, 0x10
+add edi, dword [ebp - 0xe0]
+xor ecx, ecx
+add edi, dword [ebp - 0xe8]
+mov dword [ebp - 0xf0], eax
+mov dword [ebp - 0xdc], edi
+
+loc_fffd051f: ; not directly referenced
+mov eax, dword [ebp - 0xdc]
+xor edx, edx
+mov edi, 0xa
+mov eax, dword [eax + ecx*2]
+div di
+mov dx, word [ecx + ebp - 0xac]
+cmp ax, dx
+cmovbe edx, eax
+mov word [ecx + ebp - 0xac], dx
+cmp ax, word [ebp - 0xec]
+ja short loc_fffd05ac ; ja 0xfffd05ac
+cmp ebx, 4
+sete dl
+cmp ebx, 1
+sete al
+or dl, al
+jne short loc_fffd058c ; jne 0xfffd058c
+cmp ebx, 5
+sete dl
+cmp ebx, 2
+sete al
+or dl, al
+jne short loc_fffd0598 ; jne 0xfffd0598
+cmp dword [ebp - 0xf0], 1
+mov eax, 1
+cmova eax, dword [ebp - 0xcc]
+mov dword [ebp - 0xcc], eax
+jmp short loc_fffd05a2 ; jmp 0xfffd05a2
+
+loc_fffd058c: ; not directly referenced
+mov dword [ebp - 0xd0], 1
+jmp short loc_fffd05a2 ; jmp 0xfffd05a2
+
+loc_fffd0598: ; not directly referenced
+mov dword [ebp - 0xd4], 1
+
+loc_fffd05a2: ; not directly referenced
+mov dword [ebp - 0xc0], 0x1c
+
+loc_fffd05ac: ; not directly referenced
+add ecx, 2
+cmp ecx, 4
+jne loc_fffd051f ; jne 0xfffd051f
+mov eax, dword [ebp - 0xd0]
+mov edi, dword [ebp - 0xd4]
+dec eax
+jne short loc_fffd05de ; jne 0xfffd05de
+cmp edi, 1
+jne short loc_fffd05de ; jne 0xfffd05de
+cmp dword [ebp - 0xcc], 1
+je short loc_fffd05f3 ; je 0xfffd05f3
+cmp dword [ebp - 0xe4], 0
+je short loc_fffd05f3 ; je 0xfffd05f3
+
+loc_fffd05de: ; not directly referenced
+inc ebx
+cmp ebx, dword [ebp - 0xc8]
+jbe loc_fffd04a4 ; jbe 0xfffd04a4
+mov edi, dword [ebp - 0xd4]
+jmp short loc_fffd0601 ; jmp 0xfffd0601
+
+loc_fffd05f3: ; not directly referenced
+mov byte [ebp - 0xc4], 4
+mov byte [ebp - 0xbc], 2
+
+loc_fffd0601: ; not directly referenced
+inc byte [ebp - 0xbc]
+cmp byte [ebp - 0xbc], 1
+jbe loc_fffd045d ; jbe 0xfffd045d
+inc byte [ebp - 0xc4]
+cmp byte [ebp - 0xc4], 3
+jbe loc_fffd0456 ; jbe 0xfffd0456
+cmp dword [ebp - 0xc0], 0x1c
+jne loc_fffd079e ; jne 0xfffd079e
+mov dl, byte [ebp - 0xfa]
+xor edx, 1
+cmp dword [ebp - 0xe4], 1
+sete al
+test dl, al
+jne short loc_fffd0655 ; jne 0xfffd0655
+
+loc_fffd064b: ; not directly referenced
+mov eax, 1
+jmp near loc_fffd06e5 ; jmp 0xfffd06e5
+
+loc_fffd0655: ; not directly referenced
+lea eax, [esi + 0x3756]
+mov ebx, 0x4020
+mov dword [ebp - 0xc4], eax
+
+loc_fffd0666: ; not directly referenced
+mov eax, dword [ebp - 0xc4]
+cmp dword [eax], 2
+jne short loc_fffd06ae ; jne 0xfffd06ae
+mov edx, ebx
+mov eax, esi
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, ebx
+mov dword [ebp - 0xbc], eax
+mov eax, esi
+or dword [ebp - 0xbc], 0x40000000
+mov ecx, dword [ebp - 0xbc]
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp - 0xbc]
+mov edx, ebx
+mov eax, esi
+and ecx, 0xbfffffff
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffd06ae: ; not directly referenced
+add ebx, 0x400
+add dword [ebp - 0xc4], 0x13c3
+cmp ebx, 0x4820
+jne short loc_fffd0666 ; jne 0xfffd0666
+jmp short loc_fffd064b ; jmp 0xfffd064b
+
+loc_fffd06c8: ; not directly referenced
+cmp eax, 4
+sete cl
+cmp eax, 1
+sete dl
+or cl, dl
+je short loc_fffd06ee ; je 0xfffd06ee
+
+loc_fffd06d8: ; not directly referenced
+inc eax
+cmp eax, dword [ebp - 0xc8]
+ja loc_fffd079e ; ja 0xfffd079e
+
+loc_fffd06e5: ; not directly referenced
+cmp dword [ebp - 0xd0], 0
+je short loc_fffd06c8 ; je 0xfffd06c8
+
+loc_fffd06ee: ; not directly referenced
+test edi, edi
+jne short loc_fffd0702 ; jne 0xfffd0702
+cmp eax, 5
+sete cl
+cmp eax, 2
+sete dl
+or cl, dl
+jne short loc_fffd06d8 ; jne 0xfffd06d8
+
+loc_fffd0702: ; not directly referenced
+cmp dword [ebp - 0xcc], 0
+jne short loc_fffd0713 ; jne 0xfffd0713
+lea edx, [eax - 0xc]
+cmp edx, 1
+jbe short loc_fffd06d8 ; jbe 0xfffd06d8
+
+loc_fffd0713: ; not directly referenced
+cmp eax, 3
+je short loc_fffd06d8 ; je 0xfffd06d8
+lea edx, [eax - 6]
+cmp edx, 5
+jbe short loc_fffd06d8 ; jbe 0xfffd06d8
+mov dword [ebp - 0xbc], 0
+mov byte [ebp - 0xd4], al
+
+loc_fffd0730: ; not directly referenced
+mov ecx, dword [esi + 0x5edc]
+mov ecx, dword [ecx + 4]
+mov dword [ebp - 0xc4], ecx
+mov ebx, ecx
+xor ecx, ecx
+
+loc_fffd0743: ; not directly referenced
+mov dl, byte [ebp - 0xd4]
+cmp dl, byte [ebx]
+jne short loc_fffd075a ; jne 0xfffd075a
+mov edx, dword [ebp - 0xbc]
+movzx ebx, word [ebx + edx*2 + 1]
+jmp short loc_fffd0765 ; jmp 0xfffd0765
+
+loc_fffd075a: ; not directly referenced
+inc ecx
+add ebx, 7
+cmp ecx, 0xb
+jne short loc_fffd0743 ; jne 0xfffd0743
+xor ebx, ebx
+
+loc_fffd0765: ; not directly referenced
+add ebx, 0x28
+mov edx, 0xffff
+imul ecx, ecx, 7
+add ecx, dword [ebp - 0xc4]
+cmp ebx, 0xffff
+cmovg ebx, edx
+mov edx, dword [ebp - 0xbc]
+inc dword [ebp - 0xbc]
+cmp dword [ebp - 0xbc], 2
+mov word [ecx + edx*2 + 1], bx
+jne short loc_fffd0730 ; jne 0xfffd0730
+jmp near loc_fffd06d8 ; jmp 0xfffd06d8
+
+loc_fffd079e: ; not directly referenced
+mov eax, dword [ebp - 0xc0]
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffd07ac: ; not directly referenced
+push ebp
+mov ecx, 0xa
+mov ebp, esp
+push edi
+push esi
+mov esi, ref_fffd5f40 ; mov esi, 0xfffd5f40
+push ebx
+sub esp, 0xe0f0
+mov eax, dword [ebp + 8]
+lea edi, [ebp - 0xe044]
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+mov byte [ebp - 0xe06e], 6
+mov eax, dword [eax + 0x5edc]
+mov byte [ebp - 0xe069], 0
+mov byte [ebp - 0xe068], 4
+mov byte [ebp - 0xe065], 6
+mov edi, eax
+mov dword [ebp - 0xe0e0], eax
+mov eax, dword [ebp + 8]
+mov byte [ebp - 0xe064], 0
+mov byte [ebp - 0xe063], 4
+mov byte [ebp - 0xe056], 1
+mov ebx, dword [eax + 0x2443]
+movzx eax, byte [eax + 0x2488]
+mov byte [ebp - 0xe055], 1
+mov byte [ebp - 0xe054], 1
+mov byte [ebp - 0xe053], 1
+mov dword [ebp - 0xe0d0], eax
+mov eax, dword [ebp + 8]
+mov byte [ebp - 0xe052], 1
+mov byte [ebp - 0xe051], 1
+mov byte [ebp - 0xe050], 1
+mov esi, dword [eax + 0x1887]
+mov eax, dword [eax + 0x188b]
+mov byte [ebp - 0xe04f], 1
+mov byte [ebp - 0xe04e], 0
+mov byte [ebp - 0xe04d], 0
+mov byte [ebp - 0xe067], 6
+mov byte [ebp - 0xe066], 5
+mov dword [ebp - 0xe088], eax
+mov eax, dword [ebp + 8]
+mov eax, dword [eax + 0x2480]
+push 0
+push 0x50a
+mov dword [ebp - 0xe0e4], eax
+lea eax, [ebp - 0xdea0]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0xd97e
+lea eax, [ebp - 0xd996]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 0x19a
+lea eax, [ebp - 0xe03a]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 2
+lea eax, [ebp - 0xe06d]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 8
+lea eax, [ebp - 0xe04c]
+push eax
+call dword [ebx + 0x5c] ; ucall
+add esp, 0x10
+cmp esi, 0x306d0
+sete bl
+cmp esi, 0x40650
+sete al
+or ebx, eax
+mov al, bl
+xor eax, 1
+cmp byte [edi + 0x1c5], 1
+mov byte [ebp - 0xe0ba], al
+mov eax, edi
+mov word [ebp - 0xe07a], 0
+sbb edi, edi
+not edi
+and edi, 0x10
+cmp byte [eax + 0x1c5], 1
+mov eax, dword [ebp + 8]
+mov byte [ebp - 0xe07c], 0
+sbb esi, esi
+mov dword [ebp - 0xe0b8], esi
+mov al, byte [eax + 0x248e]
+mov dword [ebp - 0xe098], esi
+and byte [ebp - 0xe0b8], 0xe
+and byte [ebp - 0xe098], 0xfc
+add byte [ebp - 0xe0b8], 2
+add byte [ebp - 0xe098], 6
+mov byte [ebp - 0xe0b9], al
+mov eax, dword [ebp + 8]
+and byte [ebp - 0xe0b9], 3
+movzx esi, byte [ebp - 0xe0b9]
+mov dword [ebp - 0xe0a8], 0
+mov al, byte [eax + 0x248d]
+mov dword [ebp - 0xe0a0], 0
+mov dword [ebp - 0xe080], esi
+mov byte [ebp - 0xe0c0], al
+mov eax, dword [ebp + 8]
+and byte [ebp - 0xe0c0], 0xf
+lea edx, [eax + 0x39b5]
+xor eax, eax
+
+loc_fffd09b9: ; not directly referenced
+mov esi, dword [ebp - 0xe080]
+bt esi, eax
+jae loc_fffd0a91 ; jae 0xfffd0a91
+cmp dword [edx - 0x19f], 2
+lea ecx, [eax*4]
+jne short loc_fffd09f3 ; jne 0xfffd09f3
+mov esi, 3
+shl esi, cl
+mov ecx, esi
+mov dword [ebp - 0xe0a0], 1
+or byte [ebp - 0xe07c], cl
+jmp short loc_fffd0a0c ; jmp 0xfffd0a0c
+
+loc_fffd09f3: ; not directly referenced
+mov esi, 1
+shl esi, cl
+mov ecx, esi
+or byte [ebp - 0xe07c], cl
+mov dword [ebp - 0xe0a8], 1
+
+loc_fffd0a0c: ; not directly referenced
+mov esi, dword [ebp + 8]
+mov cl, byte [ebp - 0xe0c0]
+and cl, byte [edx - 0x19b]
+mov esi, dword [esi + 0x2480]
+mov byte [ebp + eax - 0xe06d], cl
+cmp esi, 3
+setne cl
+add ecx, ecx
+cmp dword [ebp - 0xe088], 1
+mov byte [ebp + eax*2 - 0xe062], cl
+jne short loc_fffd0a5d ; jne 0xfffd0a5d
+mov cl, byte [edx - 0x12]
+and ecx, 0x30
+cmp cl, 0x30
+mov ecx, 3
+cmovne cx, word [ebp - 0xe07a]
+mov word [ebp - 0xe07a], cx
+
+loc_fffd0a5d: ; not directly referenced
+cmp esi, 3
+setne cl
+add ecx, ecx
+cmp dword [ebp - 0xe088], 1
+mov byte [ebp + eax*2 - 0xe061], cl
+jne short loc_fffd0a91 ; jne 0xfffd0a91
+mov cl, byte [edx]
+mov esi, 3
+and ecx, 0x30
+cmp cl, 0x30
+cmovne si, word [ebp - 0xe07a]
+mov word [ebp - 0xe07a], si
+
+loc_fffd0a91: ; not directly referenced
+inc eax
+add edx, 0x13c3
+cmp eax, 2
+jne loc_fffd09b9 ; jne 0xfffd09b9
+cmp dword [ebp - 0xe0a0], 0
+jne short loc_fffd0ac8 ; jne 0xfffd0ac8
+test bl, bl
+je short loc_fffd0aea ; je 0xfffd0aea
+mov eax, dword [ebp + 8]
+test byte [eax + 0x2404], 0x20
+lea eax, [ebp - 0xe051]
+mov dword [ebp - 0xe0a4], eax
+jne short loc_fffd0b05 ; jne 0xfffd0b05
+jmp short loc_fffd0af6 ; jmp 0xfffd0af6
+
+loc_fffd0ac8: ; not directly referenced
+lea eax, [ebp - 0xe056]
+mov dword [ebp - 0xe0a4], eax
+lea esi, [ebp - 0xe065]
+mov byte [ebp - 0xe09c], 3
+mov byte [ebp - 0xe07b], 2
+jmp short loc_fffd0b19 ; jmp 0xfffd0b19
+
+loc_fffd0aea: ; not directly referenced
+lea eax, [ebp - 0xe051]
+mov dword [ebp - 0xe0a4], eax
+
+loc_fffd0af6: ; not directly referenced
+mov byte [ebp - 0xe09c], 1
+lea esi, [ebp - 0xe06e]
+jmp short loc_fffd0b12 ; jmp 0xfffd0b12
+
+loc_fffd0b05: ; not directly referenced
+mov byte [ebp - 0xe09c], 2
+lea esi, [ebp - 0xe067]
+
+loc_fffd0b12: ; not directly referenced
+mov byte [ebp - 0xe07b], 1
+
+loc_fffd0b19: ; not directly referenced
+cmp dword [ebp - 0xe088], 0
+je short loc_fffd0b41 ; je 0xfffd0b41
+mov dx, word [ebp - 0xe07a]
+mov ebx, dword [ebp - 0xe088]
+mov eax, edx
+add eax, 0xc
+dec ebx
+cmovne eax, edx
+mov word [ebp - 0xe07a], ax
+jmp short loc_fffd0b4a ; jmp 0xfffd0b4a
+
+loc_fffd0b41: ; not directly referenced
+mov word [ebp - 0xe07a], 0xc
+
+loc_fffd0b4a: ; not directly referenced
+lea eax, [edi - 0x10]
+mov byte [ebp - 0xe0bc], al
+movzx eax, byte [ebp - 0xe098]
+mov byte [ebp - 0xe084], 0
+mov byte [ebp - 0xe0c8], 0
+mov dword [ebp - 0xe0f4], eax
+movzx eax, byte [ebp - 0xe0ba]
+mov dword [ebp - 0xe0dc], eax
+
+loc_fffd0b7b: ; not directly referenced
+movsx eax, byte [ebp - 0xe0c8]
+cmp eax, dword [ebp - 0xe0f4]
+jge loc_fffd0d6d ; jge 0xfffd0d6d
+movzx eax, byte [ebp - 0xe07b]
+xor edi, edi
+add eax, dword [ebp - 0xe0dc]
+mov dword [ebp - 0xe0d8], eax
+
+loc_fffd0ba3: ; not directly referenced
+mov bl, byte [ebp - 0xe0ba]
+mov al, bl
+add eax, edi
+mov dl, al
+mov byte [ebp - 0xe0bb], al
+movsx eax, al
+cmp eax, dword [ebp - 0xe0d8]
+jge loc_fffd0d56 ; jge 0xfffd0d56
+mov al, dl
+add eax, 2
+mov byte [ebp - 0xe0e5], al
+mov al, bl
+lea eax, [eax + edi - 1]
+mov byte [ebp - 0xe098], al
+movsx eax, word [ebp - 0xe07a]
+mov dword [ebp - 0xe0ec], eax
+movzx eax, byte [ebp - 0xe09c]
+mov dword [ebp - 0xe0f0], eax
+
+loc_fffd0bf5: ; not directly referenced
+movsx eax, byte [ebp - 0xe098]
+cmp eax, dword [ebp - 0xe0d8]
+je loc_fffd0d38 ; je 0xfffd0d38
+cmp eax, dword [ebp - 0xe0dc]
+jl loc_fffd0d38 ; jl 0xfffd0d38
+cmp byte [ebp - 0xe098], 1
+mov dword [ebp - 0xe0cc], 0
+sete dl
+cmp byte [ebp - 0xe0bb], 1
+sete al
+or dl, al
+je short loc_fffd0c42 ; je 0xfffd0c42
+mov eax, dword [ebp - 0xe0a0]
+mov dword [ebp - 0xe0cc], eax
+
+loc_fffd0c42: ; not directly referenced
+xor ebx, ebx
+
+loc_fffd0c44: ; not directly referenced
+mov eax, dword [ebp - 0xe080]
+bt eax, ebx
+jb short loc_fffd0c57 ; jb 0xfffd0c57
+
+loc_fffd0c4f: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffd0c44 ; jne 0xfffd0c44
+jmp short loc_fffd0cd2 ; jmp 0xfffd0cd2
+
+loc_fffd0c57: ; not directly referenced
+mov al, byte [ebp - 0xe0bb]
+mov byte [ebp - 0xe0c4], 0
+mov byte [ebp + ebx*2 - 0xe05e], al
+mov al, byte [ebp - 0xe098]
+mov byte [ebp + ebx*2 - 0xe05d], al
+
+loc_fffd0c78: ; not directly referenced
+movzx eax, byte [ebp - 0xe0c4]
+mov dword [ebp - 0xe0d4], eax
+cmp eax, dword [ebp - 0xe0d0]
+jae short loc_fffd0c4f ; jae 0xfffd0c4f
+push 1
+mov eax, dword [ebp + 8]
+xor ecx, ecx
+push 0
+mov edx, ebx
+push 0
+push dword [ebp - 0xe0d4]
+call fcn_fffafdb2 ; call 0xfffafdb2
+movzx ecx, byte [ebp + ebx - 0xe06d]
+mov edx, ebx
+push 1
+mov eax, dword [ebp + 8]
+push dword [ebp - 0xe0ec]
+push 4
+push dword [ebp - 0xe0d4]
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x20
+inc byte [ebp - 0xe0c4]
+jmp short loc_fffd0c78 ; jmp 0xfffd0c78
+
+loc_fffd0cd2: ; not directly referenced
+cmp byte [ebp - 0xe084], 0x28
+ja short loc_fffd0d38 ; ja 0xfffd0d38
+movzx eax, byte [ebp - 0xe084]
+sub esp, 0xc
+push 0
+mov ecx, dword [ebp - 0xe080]
+push dword [ebp - 0xe0cc]
+push dword [ebp - 0xe0f0]
+imul eax, eax, 0x54e
+push esi
+lea edx, [ebp + eax - 0xd996]
+movsx eax, byte [ebp - 0xe0bc]
+push eax
+lea eax, [ebp - 0xe062]
+push eax
+lea eax, [ebp - 0xe05e]
+push eax
+movzx eax, byte [ebp - 0xe0c0]
+push 0
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffbf2e9 ; call 0xfffbf2e9
+add esp, 0x30
+inc byte [ebp - 0xe084]
+
+loc_fffd0d38: ; not directly referenced
+inc byte [ebp - 0xe098]
+mov al, byte [ebp - 0xe0e5]
+cmp byte [ebp - 0xe098], al
+jne loc_fffd0bf5 ; jne 0xfffd0bf5
+inc edi
+jmp near loc_fffd0ba3 ; jmp 0xfffd0ba3
+
+loc_fffd0d56: ; not directly referenced
+mov al, byte [ebp - 0xe0b8]
+inc byte [ebp - 0xe0c8]
+add byte [ebp - 0xe0bc], al
+jmp near loc_fffd0b7b ; jmp 0xfffd0b7b
+
+loc_fffd0d6d: ; not directly referenced
+movzx eax, byte [ebp - 0xe07c]
+xor ebx, ebx
+mov dword [ebp - 0xe09c], eax
+movzx eax, byte [ebp - 0xe084]
+mov dword [ebp - 0xe0b8], eax
+
+loc_fffd0d89: ; not directly referenced
+mov eax, dword [ebp - 0xe080]
+mov byte [ebp + ebx - 0xe06b], 0
+bt eax, ebx
+jae loc_fffd0efc ; jae 0xfffd0efc
+mov al, byte [ebp - 0xd467]
+mov byte [ebp - 0xe098], 0
+mov byte [ebp - 0xe07b], al
+
+loc_fffd0db3: ; not directly referenced
+mov edi, dword [ebp - 0xe098]
+mov al, byte [ebp - 0xe084]
+mov edx, edi
+cmp dl, al
+je short loc_fffd0e08 ; je 0xfffd0e08
+movzx ecx, dl
+imul esi, ecx, 0x2a7
+add ecx, ecx
+lea eax, [ebp - 0xd996]
+add esi, ebx
+add esi, esi
+add esi, eax
+lea eax, [ebp - 0xe03a]
+add ecx, eax
+xor eax, eax
+
+loc_fffd0de6: ; not directly referenced
+cmp byte [ebp - 0xe07b], al
+jbe short loc_fffd0e00 ; jbe 0xfffd0e00
+imul edi, eax, 0x52
+mov dx, word [esi + eax*4 + 0x53a]
+inc eax
+mov word [ecx + edi], dx
+jmp short loc_fffd0de6 ; jmp 0xfffd0de6
+
+loc_fffd0e00: ; not directly referenced
+inc byte [ebp - 0xe098]
+jmp short loc_fffd0db3 ; jmp 0xfffd0db3
+
+loc_fffd0e08: ; not directly referenced
+mov eax, dword [ebp - 0xe09c]
+lea ecx, [ebx*4]
+sub esp, 0xc
+mov edi, dword [ebp - 0xe0a4]
+lea esi, [ebp - 0xe03a]
+mov edx, ebx
+push 7
+push 0
+sar eax, cl
+mov ecx, eax
+movzx eax, byte [ebp - 0xd467]
+push eax
+push edi
+lea eax, [ebp - 0xd466]
+push eax
+push dword [ebp - 0xe0b8]
+lea eax, [ebp - 0xd996]
+push 0x29
+push esi
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb97c0 ; call 0xfffb97c0
+add esp, 0x2c
+mov ecx, esi
+push 0
+lea eax, [ebp - 0xe044]
+push eax
+movsx eax, byte [ebp - 0xe084]
+push 1
+push 1
+push edi
+push eax
+mov eax, dword [ebp + 8]
+push 0x29
+lea edx, [ebp - 0xdea0]
+call fcn_fffa5d2d ; call 0xfffa5d2d
+movsx di, byte [ebp - 0xde9e]
+lea eax, [ebp - 0xd996]
+add edi, dword [ebp - 0xdea0]
+mov cl, bl
+mov edx, 1
+add esp, 0x18
+shl edx, cl
+movsx edi, di
+imul esi, edi, 0x54e
+imul edi, edi, 0x2a7
+push 0
+push 0
+add eax, esi
+mov ecx, eax
+mov eax, dword [ebp + 8]
+add edi, ebx
+call fcn_fffb3a79 ; call 0xfffb3a79
+mov al, byte [ebp + edi*2 - 0xd996]
+add esp, 0x10
+mov byte [ebp + ebx*2 - 0xe05a], al
+mov al, byte [ebp + edi*2 - 0xd995]
+mov byte [ebp + ebx*2 - 0xe059], al
+lea eax, [ebp + esi - 0xd996]
+mov dl, byte [eax + 8]
+mov eax, dword [eax + 9]
+mov byte [ebp + ebx - 0xe06b], dl
+mov dword [ebp + ebx*4 - 0xe04c], eax
+
+loc_fffd0efc: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffd0d89 ; jne 0xfffd0d89
+test byte [ebp - 0xe080], 1
+je short loc_fffd0f1f ; je 0xfffd0f1f
+mov al, byte [ebp - 0xe06b]
+mov bl, 1
+mov byte [ebp - 0xe084], al
+jmp short loc_fffd0f28 ; jmp 0xfffd0f28
+
+loc_fffd0f1f: ; not directly referenced
+mov byte [ebp - 0xe084], 0
+xor ebx, ebx
+
+loc_fffd0f28: ; not directly referenced
+mov eax, dword [ebp - 0xe080]
+shr eax, 1
+je short loc_fffd0f41 ; je 0xfffd0f41
+mov al, byte [ebp - 0xe06a]
+inc ebx
+add byte [ebp - 0xe084], al
+jmp short loc_fffd0f47 ; jmp 0xfffd0f47
+
+loc_fffd0f41: ; not directly referenced
+test bl, bl
+je short loc_fffd0f5a ; je 0xfffd0f5a
+mov bl, 1
+
+loc_fffd0f47: ; not directly referenced
+movsx eax, byte [ebp - 0xe084]
+movzx ecx, bl
+cdq
+idiv ecx
+mov byte [ebp - 0xe084], al
+
+loc_fffd0f5a: ; not directly referenced
+movzx ecx, byte [ebp - 0xe084]
+sub esp, 0xc
+xor edx, edx
+mov eax, dword [ebp + 8]
+push 1
+call fcn_fffa83c9 ; call 0xfffa83c9
+add esp, 0x10
+mov edi, eax
+cmp bl, 2
+je short loc_fffd0fd2 ; je 0xfffd0fd2
+
+loc_fffd0f7a: ; not directly referenced
+mov eax, dword [ebp + 8]
+mov esi, dword [ebp - 0xe080]
+push edx
+push 0
+add eax, 0x2490
+mov edx, eax
+mov edi, eax
+mov dword [ebp - 0xe0b8], eax
+mov eax, dword [ebp + 8]
+mov ecx, esi
+push 0
+push 0
+call fcn_fffc19af ; call 0xfffc19af
+mov eax, dword [ebp + 8]
+mov edx, edi
+pop ecx
+mov ecx, esi
+pop ebx
+push 0
+push 0xf
+push 0
+push 0
+push 0
+push 1
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+cmp dword [ebp - 0xe0e4], 3
+jne loc_fffd105e ; jne 0xfffd105e
+jmp near loc_fffd110a ; jmp 0xfffd110a
+
+loc_fffd0fd2: ; not directly referenced
+mov esi, dword [ebp - 0xe0e0]
+xor ebx, ebx
+add esi, 0x1c
+
+loc_fffd0fdd: ; not directly referenced
+mov eax, dword [ebp - 0xe080]
+bt eax, ebx
+jb short loc_fffd0ff6 ; jb 0xfffd0ff6
+
+loc_fffd0fe8: ; not directly referenced
+inc ebx
+add esi, 0xcc
+cmp ebx, 2
+jne short loc_fffd0fdd ; jne 0xfffd0fdd
+jmp short loc_fffd0f7a ; jmp 0xfffd0f7a
+
+loc_fffd0ff6: ; not directly referenced
+sub dword [ebp + ebx*4 - 0xe04c], edi
+mov byte [ebp - 0xe098], 0
+
+loc_fffd1004: ; not directly referenced
+mov edx, dword [ebp + 8]
+mov al, byte [ebp - 0xe098]
+cmp al, byte [edx + 0x2488]
+jae short loc_fffd0fe8 ; jae 0xfffd0fe8
+movzx edx, byte [ebp - 0xe098]
+push 1
+lea eax, [edx + 0x1c]
+mov cl, byte [esi + eax*4 + 9]
+movzx eax, byte [esi + eax*4 + 0xa]
+shr cl, 4
+and eax, 1
+movzx ecx, cl
+shl eax, 4
+or eax, ecx
+mov ecx, 0xf
+add eax, dword [ebp + ebx*4 - 0xe04c]
+cwde
+push eax
+mov eax, dword [ebp + 8]
+push 1
+push edx
+mov edx, ebx
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x10
+inc byte [ebp - 0xe098]
+jmp short loc_fffd1004 ; jmp 0xfffd1004
+
+loc_fffd105e: ; not directly referenced
+mov eax, dword [ebp + 8]
+cmp dword [ebp - 0xe0a8], 0
+mov byte [ebp - 0xe07b], 1
+mov al, byte [eax + 0x2411]
+sete dl
+test byte [ebp - 0xe0a0], dl
+jne short loc_fffd1092 ; jne 0xfffd1092
+test al, al
+mov edi, 1
+cmove edi, eax
+mov eax, edi
+mov byte [ebp - 0xe07b], al
+
+loc_fffd1092: ; not directly referenced
+lea eax, [ebp - 0xe062]
+mov dword [ebp - 0xe09c], eax
+movsx eax, byte [ebp - 0xe084]
+mov dword [ebp - 0xe098], 0
+mov dword [ebp - 0xe0c8], eax
+
+loc_fffd10b5: ; not directly referenced
+mov eax, dword [ebp - 0xe098]
+mov ebx, 3
+mov ecx, eax
+add ecx, eax
+mov eax, dword [ebp + 8]
+shl ebx, cl
+test byte [eax + 0x248d], bl
+jne short loc_fffd1143 ; jne 0xfffd1143
+
+loc_fffd10d1: ; not directly referenced
+inc dword [ebp - 0xe098]
+inc dword [ebp - 0xe09c]
+cmp dword [ebp - 0xe098], 2
+jne short loc_fffd10b5 ; jne 0xfffd10b5
+movsx edi, word [ebp - 0xe07a]
+xor ebx, ebx
+
+loc_fffd10ef: ; not directly referenced
+mov eax, dword [ebp + 8]
+xor esi, esi
+movzx eax, byte [eax + 0x248e]
+bt eax, ebx
+jb loc_fffd1379 ; jb 0xfffd1379
+
+loc_fffd1104: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffd10ef ; jne 0xfffd10ef
+
+loc_fffd110a: ; not directly referenced
+mov eax, dword [ebp + 8]
+sub esp, 0xc
+xor ecx, ecx
+movzx edx, byte [eax + 0x248e]
+push 0
+call fcn_fffcc3c6 ; call 0xfffcc3c6
+add esp, 0x10
+cmp dword [ebp - 0xe088], 0
+jne loc_fffd13a8 ; jne 0xfffd13a8
+sub esp, 0xc
+push dword [ebp + 8]
+call fcn_fffbdcd9 ; call 0xfffbdcd9
+add esp, 0x10
+jmp near loc_fffd13a8 ; jmp 0xfffd13a8
+
+loc_fffd1143: ; not directly referenced
+test byte [ebp - 0xe06d], bl
+setne al
+mov dl, al
+or edx, 2
+test byte [ebp - 0xe06c], bl
+cmovne eax, edx
+xor esi, esi
+and al, byte [ebp - 0xe0b9]
+lea edx, [ebp - 0xd996]
+mov edi, edx
+movzx eax, al
+mov dword [ebp - 0xe0a4], eax
+
+loc_fffd1173: ; not directly referenced
+mov al, byte [ebp - 0xe07b]
+sub esp, 0xc
+mov edx, dword [ebp - 0xe09c]
+mov ecx, dword [ebp - 0xe0a4]
+add eax, esi
+test al, al
+mov byte [edx], al
+mov byte [edx + 2], al
+sete al
+mov edx, edi
+and eax, dword [ebp - 0xe0a8]
+add edi, 0x54e
+push eax
+push 0
+push 2
+lea eax, [ebp - 0xe069]
+push eax
+push dword [ebp - 0xe0c8]
+lea eax, [ebp - 0xe062]
+push eax
+lea eax, [ebp - 0xe05a]
+push eax
+mov eax, dword [ebp + 8]
+push 1
+push ebx
+call fcn_fffbf2e9 ; call 0xfffbf2e9
+lea eax, [esi + 1]
+inc esi
+mov byte [ebp - 0xe0a0], al
+mov al, byte [ebp - 0xe07b]
+add esp, 0x30
+add eax, esi
+cmp al, 2
+jbe short loc_fffd1173 ; jbe 0xfffd1173
+movsx eax, byte [ebp - 0xe0a0]
+mov cl, byte [ebp - 0xe098]
+mov dword [ebp - 0xe084], 1
+shl dword [ebp - 0xe084], cl
+movzx ebx, al
+mov dword [ebp - 0xe080], 0
+mov dword [ebp - 0xe0c0], ebx
+mov dword [ebp - 0xe0c4], eax
+
+loc_fffd121c: ; not directly referenced
+mov eax, dword [ebp - 0xe0a4]
+mov edx, dword [ebp - 0xe080]
+bt eax, edx
+jae loc_fffd1361 ; jae 0xfffd1361
+mov al, byte [ebp - 0xd467]
+xor edx, edx
+mov byte [ebp - 0xe07c], al
+
+loc_fffd123f: ; not directly referenced
+movzx ecx, dl
+imul ebx, ecx, 0x2a7
+add ecx, ecx
+add ebx, dword [ebp - 0xe080]
+lea eax, [ebp - 0xd996]
+add ebx, ebx
+add ebx, eax
+lea eax, [ebp - 0xe03a]
+add ecx, eax
+xor eax, eax
+
+loc_fffd1264: ; not directly referenced
+cmp byte [ebp - 0xe07c], al
+jbe short loc_fffd127e ; jbe 0xfffd127e
+imul esi, eax, 0x52
+mov di, word [ebx + eax*4 + 0x53a]
+inc eax
+mov word [ecx + esi], di
+jmp short loc_fffd1264 ; jmp 0xfffd1264
+
+loc_fffd127e: ; not directly referenced
+inc edx
+cmp dl, byte [ebp - 0xe0a0]
+jne short loc_fffd123f ; jne 0xfffd123f
+movzx eax, byte [ebp - 0xd467]
+sub esp, 0xc
+push 8
+mov ecx, dword [ebp - 0xe084]
+push 0
+mov edx, dword [ebp - 0xe080]
+lea ebx, [ebp - 0xe051]
+push eax
+push ebx
+lea eax, [ebp - 0xd466]
+push eax
+push dword [ebp - 0xe0c0]
+lea esi, [ebp - 0xe03a]
+lea eax, [ebp - 0xd996]
+lea edi, [ebp - 0xd996]
+push 0x29
+push esi
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffb97c0 ; call 0xfffb97c0
+add esp, 0x2c
+mov ecx, esi
+push 0
+lea eax, [ebp - 0xe044]
+push eax
+mov eax, dword [ebp + 8]
+push 1
+push 1
+push ebx
+push dword [ebp - 0xe0c4]
+lea edx, [ebp - 0xdea0]
+push 0x29
+call fcn_fffa5d2d ; call 0xfffa5d2d
+movsx si, byte [ebp - 0xde9e]
+add esp, 0x18
+add esi, dword [ebp - 0xdea0]
+mov edx, 1
+push 0
+push 1
+movsx esi, si
+imul eax, esi, 0x54e
+imul esi, esi, 0x2a7
+lea ebx, [edi + eax]
+mov edi, dword [ebp - 0xe080]
+mov eax, dword [ebp + 8]
+mov ecx, edi
+add esi, edi
+shl edx, cl
+mov ecx, ebx
+call fcn_fffb3a79 ; call 0xfffb3a79
+add esi, esi
+mov edx, edi
+lea eax, [ebp - 0x18]
+mov edi, dword [ebp - 0xe09c]
+add esp, 0x10
+add esi, eax
+mov eax, dword [ebp - 0xe098]
+mov al, byte [eax + esi - 0xd97a]
+mov byte [edi + edx*2], al
+
+loc_fffd1361: ; not directly referenced
+inc dword [ebp - 0xe080]
+cmp dword [ebp - 0xe080], 2
+jne loc_fffd121c ; jne 0xfffd121c
+jmp near loc_fffd10d1 ; jmp 0xfffd10d1
+
+loc_fffd1379: ; not directly referenced
+mov eax, esi
+movzx eax, al
+cmp eax, dword [ebp - 0xe0d0]
+jae loc_fffd1104 ; jae 0xfffd1104
+push 1
+movzx ecx, byte [ebp + ebx - 0xe06d]
+mov edx, ebx
+push edi
+inc esi
+push 4
+push eax
+mov eax, dword [ebp + 8]
+call fcn_fffafdb2 ; call 0xfffafdb2
+add esp, 0x10
+jmp short loc_fffd1379 ; jmp 0xfffd1379
+
+loc_fffd13a8: ; not directly referenced
+push eax
+mov edx, dword [ebp - 0xe0b8]
+push eax
+mov eax, dword [ebp + 8]
+movzx ecx, byte [eax + 0x248e]
+push 0
+push 0xf
+push 0
+push 0
+push 0
+push 2
+call fcn_fffc0a2d ; call 0xfffc0a2d
+add esp, 0x20
+cmp dword [ebp - 0xe088], 1
+jne short loc_fffd13e5 ; jne 0xfffd13e5
+sub esp, 0xc
+push dword [ebp + 8]
+call fcn_fffbdcd9 ; call 0xfffbdcd9
+add esp, 0x10
+
+loc_fffd13e5: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffd13ed: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+push ebx
+sub esp, 0x10c
+mov eax, dword [ebp + 0x10]
+mov byte [ebp - 0xfa], cl
+mov cl, byte [ebp + 0xc]
+mov ebx, dword [ebp + 8]
+mov dword [ebp - 0xbc], edx
+mov dword [ebp - 0xe4], eax
+mov byte [ebp - 0xd4], cl
+mov ecx, eax
+mov byte [ebp - 0xeb], al
+mov al, byte [ebp + 0x18]
+mov byte [ebp - 0xec], bl
+mov byte [ebp - 0xd3], al
+mov eax, dword [edi + 0x2443]
+mov dword [ebp - 0xf8], eax
+mov al, cl
+shr al, 4
+inc eax
+mov byte [ebp - 0xf9], al
+xor eax, eax
+cmp cl, 0x21
+ja short loc_fffd1460 ; ja 0xfffd1460
+movzx eax, byte [ebp - 0xe4]
+movzx eax, byte [eax + ref_fffd5f1c] ; movzx eax, byte [eax - 0x2a0e4]
+
+loc_fffd1460: ; not directly referenced
+mov ecx, dword [ebp - 0xe4]
+mov dword [ebp - 0xd8], 1
+cmp cl, 0x21
+sete dl
+cmp cl, 0x11
+sete cl
+or dl, cl
+jne short loc_fffd1492 ; jne 0xfffd1492
+xor ecx, ecx
+cmp byte [ebp - 0xe4], 5
+sete cl
+mov dword [ebp - 0xd8], ecx
+
+loc_fffd1492: ; not directly referenced
+movzx ecx, byte [edi + 0x2488]
+mov esi, 1
+shl esi, cl
+dec esi
+cmp byte [edi + 0x248b], 1
+mov word [ebp - 0xea], si
+jne short loc_fffd151e ; jne 0xfffd151e
+mov cl, byte [edi + 0x248c]
+lea esi, [ecx + 4]
+mov byte [ebp - 0x9a], cl
+mov edx, esi
+mov byte [ebp - 0x99], cl
+add ecx, 2
+mov byte [ebp - 0x98], dl
+mov byte [ebp - 0x97], cl
+
+loc_fffd14d7: ; not directly referenced
+imul eax, eax, 0x240
+movzx ebx, bl
+add eax, dword [ebp - 0xbc]
+mov dword [ebp - 0xc4], 0
+mov byte [ebp - 0xd2], 0
+mov dword [ebp - 0xc8], eax
+imul eax, ebx, 0x24
+mov dword [ebp - 0x110], eax
+movzx eax, byte [ebp - 0xec]
+mov dword [ebp - 0x118], eax
+imul eax, eax, 0x12
+mov dword [ebp - 0xd0], eax
+jmp short loc_fffd1559 ; jmp 0xfffd1559
+
+loc_fffd151e: ; not directly referenced
+mov byte [ebp - 0x9a], 1
+mov byte [ebp - 0x99], 1
+mov byte [ebp - 0x98], 1
+mov byte [ebp - 0x97], 1
+jmp short loc_fffd14d7 ; jmp 0xfffd14d7
+
+loc_fffd153c: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne loc_fffd1f38 ; jne 0xfffd1f38
+inc dword [ebp - 0xc4]
+cmp dword [ebp - 0xc4], 2
+je loc_fffd1fc4 ; je 0xfffd1fc4
+
+loc_fffd1559: ; not directly referenced
+mov ebx, dword [ebp - 0xf8]
+lea eax, [ebp - 0xa2]
+xor esi, esi
+push ecx
+push 0
+push 4
+push eax
+mov eax, ebx
+call dword [eax + 0x5c] ; ucall
+add esp, 0xc
+push 0
+push 4
+lea eax, [ebp - 0x9e]
+push eax
+mov eax, ebx
+call dword [eax + 0x5c] ; ucall
+lea eax, [ebp - 0x72]
+add esp, 0x10
+mov dword [ebp - 0xbc], eax
+
+loc_fffd1591: ; not directly referenced
+movzx eax, byte [ebp - 0xfa]
+bt eax, esi
+mov dword [ebp - 0xe0], eax
+jb short loc_fffd15bf ; jb 0xfffd15bf
+mov ax, word [ebp - 0xea]
+mov word [ebp + esi*2 - 0xa2], ax
+mov word [ebp + esi*2 - 0x9e], ax
+jmp near loc_fffd1766 ; jmp 0xfffd1766
+
+loc_fffd15bf: ; not directly referenced
+mov eax, dword [ebp - 0xbc]
+mov byte [ebp - 0xc0], 0
+mov byte [eax], 0x7f
+mov eax, esi
+shl eax, 0xa
+add eax, 0x40f0
+mov dword [ebp - 0xf0], eax
+lea eax, [esi + esi*8]
+mov dword [ebp - 0xe8], eax
+
+loc_fffd15e8: ; not directly referenced
+mov al, byte [ebp - 0xc0]
+cmp al, byte [edi + 0x2488]
+jae loc_fffd171e ; jae 0xfffd171e
+movzx eax, byte [ebp - 0xc0]
+lea ecx, [ebp - 0x18]
+mov ebx, eax
+mov dword [ebp - 0xcc], eax
+lea eax, [esi + esi*8]
+lea edx, [ecx + eax]
+add eax, ebx
+mov dword [ebp + eax*4 - 0x60], 0
+movzx eax, byte [ebp - 0xd3]
+cmp byte [ebp - 0xeb], 1
+mov byte [ebx + edx - 0x7e], 0x7f
+mov byte [ebp - 0xd1], al
+jne short loc_fffd1659 ; jne 0xfffd1659
+push edx
+movzx ecx, byte [ebp - 0xd4]
+mov edx, esi
+push eax
+mov eax, edi
+push dword [ebp - 0xc4]
+push ebx
+call fcn_fffaec68 ; call 0xfffaec68
+add esp, 0x10
+mov byte [ebp - 0xd1], al
+
+loc_fffd1659: ; not directly referenced
+lea eax, [esi + esi*8]
+xor edx, edx
+mov dword [ebp - 0xdc], eax
+mov eax, dword [ebp - 0xd0]
+mov ecx, 0xa
+mov ebx, dword [ebp - 0xdc]
+add ebx, eax
+mov eax, dword [ebp - 0xc8]
+add ebx, dword [ebp - 0xcc]
+add ebx, ebx
+add ebx, dword [ebp - 0xc4]
+mov eax, dword [eax + ebx*4]
+div ecx
+movzx edx, byte [ebp - 0xd1]
+cmp eax, edx
+cmova eax, edx
+mov edx, dword [ebp - 0xc8]
+cmp dword [ebp - 0xd8], 1
+mov dword [edx + ebx*4], eax
+jne short loc_fffd16d2 ; jne 0xfffd16d2
+mov ebx, dword [ebp - 0xbc]
+movzx edx, byte [ebx]
+cmp eax, edx
+jae short loc_fffd16e9 ; jae 0xfffd16e9
+mov ebx, dword [ebp - 0xe8]
+mov byte [ebp + ebx - 0x84], al
+mov ebx, dword [ebp - 0xbc]
+mov byte [ebx], al
+jmp short loc_fffd16e9 ; jmp 0xfffd16e9
+
+loc_fffd16d2: ; not directly referenced
+mov ecx, dword [ebp - 0xdc]
+lea ebx, [ebp - 0x18]
+add ecx, ebx
+add ecx, dword [ebp - 0xcc]
+mov byte [ecx - 0x6c], al
+mov byte [ecx - 0x5a], al
+
+loc_fffd16e9: ; not directly referenced
+movzx eax, byte [ebp - 0xc0]
+mov ebx, dword [ebp + 0x14]
+movzx ecx, byte [ebx + eax]
+mov eax, dword [ebp - 0xf0]
+mov ebx, dword [ebp - 0xcc]
+and ecx, 0x7f
+or ch, 1
+lea edx, [eax + ebx*4]
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+inc byte [ebp - 0xc0]
+jmp near loc_fffd15e8 ; jmp 0xfffd15e8
+
+loc_fffd171e: ; not directly referenced
+cmp dword [ebp - 0xd8], 1
+jne short loc_fffd1766 ; jne 0xfffd1766
+lea edx, [esi + esi*8]
+xor eax, eax
+add edx, dword [ebp - 0xd0]
+mov dword [ebp - 0xc0], edx
+
+loc_fffd1738: ; not directly referenced
+cmp al, byte [edi + 0x2488]
+jae short loc_fffd1766 ; jae 0xfffd1766
+mov ebx, dword [ebp - 0xbc]
+movzx ecx, al
+inc eax
+add ecx, dword [ebp - 0xc0]
+mov edx, dword [ebp - 0xc8]
+movzx ebx, byte [ebx]
+add ecx, ecx
+add ecx, dword [ebp - 0xc4]
+mov dword [edx + ecx*4], ebx
+jmp short loc_fffd1738 ; jmp 0xfffd1738
+
+loc_fffd1766: ; not directly referenced
+inc esi
+add dword [ebp - 0xbc], 9
+cmp esi, 2
+jne loc_fffd1591 ; jne 0xfffd1591
+mov eax, dword [ebp - 0xc4]
+lea esi, [eax + eax - 1]
+mov dword [ebp - 0x114], esi
+mov esi, dword [ebp - 0xc8]
+add eax, dword [ebp - 0x110]
+lea eax, [esi + eax*4]
+mov dword [ebp - 0xf0], eax
+
+loc_fffd179c: ; not directly referenced
+mov ecx, 4
+mov edx, 0x4800
+mov eax, edi
+xor esi, esi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffd17af: ; not directly referenced
+movzx eax, byte [ebp - 0xf9]
+cmp esi, eax
+jae loc_fffd1883 ; jae 0xfffd1883
+xor ebx, ebx
+
+loc_fffd17c0: ; not directly referenced
+mov eax, dword [ebp - 0xe0]
+bt eax, ebx
+jb short loc_fffd17fd ; jb 0xfffd17fd
+
+loc_fffd17cb: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffd17c0 ; jne 0xfffd17c0
+xor eax, eax
+mov edx, dword [ebp - 0xe0]
+test esi, esi
+push ecx
+movzx ecx, byte [edi + 0x248b]
+sete al
+push 0
+inc esi
+push eax
+lea eax, [ebp - 0x9a]
+push eax
+mov eax, edi
+call fcn_fffb0f94 ; call 0xfffb0f94
+add esp, 0x10
+jmp short loc_fffd17af ; jmp 0xfffd17af
+
+loc_fffd17fd: ; not directly referenced
+mov eax, dword [ebp - 0xe0]
+lea ecx, [ebx + 1]
+xor edx, edx
+sar eax, cl
+mov dword [ebp - 0xbc], eax
+
+loc_fffd1810: ; not directly referenced
+cmp dl, byte [edi + 0x2488]
+jae short loc_fffd17cb ; jae 0xfffd17cb
+push 1
+movzx eax, dl
+push dword [ebp - 0xbc]
+lea ecx, [ebx + ebx*8]
+add ecx, dword [ebp - 0xd0]
+mov dword [ebp - 0xc0], edx
+mov edx, dword [ebp - 0xc8]
+push 0
+push 0
+push eax
+add eax, ecx
+mov ecx, dword [ebp - 0x114]
+push dword [ebp - 0x118]
+add eax, eax
+add eax, dword [ebp - 0xc4]
+push ebx
+push 0
+push esi
+imul ecx, dword [edx + eax*4]
+movzx eax, byte [ebp - 0xeb]
+push ecx
+push eax
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+mov edx, dword [ebp - 0xc0]
+cmp dword [ebp - 0xd8], 0
+jne loc_fffd17cb ; jne 0xfffd17cb
+inc edx
+jmp short loc_fffd1810 ; jmp 0xfffd1810
+
+loc_fffd1883: ; not directly referenced
+xor esi, esi
+
+loc_fffd1885: ; not directly referenced
+mov eax, dword [ebp - 0xe0]
+bt eax, esi
+jae loc_fffd1edf ; jae 0xfffd1edf
+mov eax, esi
+shl eax, 0xa
+add eax, 0x4114
+mov dword [ebp - 0x10c], eax
+mov byte [ebp - 0xe8], 0
+
+loc_fffd18ab: ; not directly referenced
+mov al, byte [ebp - 0xe8]
+cmp al, byte [edi + 0x2488]
+jae loc_fffd1e18 ; jae 0xfffd1e18
+mov cl, byte [ebp - 0xe8]
+movzx eax, cl
+mov dword [ebp - 0xbc], eax
+mov eax, 1
+shl eax, cl
+mov ebx, eax
+mov dword [ebp - 0xc0], eax
+mov ax, word [ebp + esi*2 - 0x9e]
+and ax, word [ebp + esi*2 - 0xa2]
+test bx, ax
+jne loc_fffd1e0d ; jne 0xfffd1e0d
+xor eax, eax
+mov bl, cl
+mov edx, dword [ebp - 0x10c]
+cmp dword [ebp - 0xd8], 1
+cmovne eax, ebx
+mov ebx, dword [ebp - 0xbc]
+mov byte [ebp - 0xd2], al
+mov eax, edi
+lea edx, [edx + ebx*4]
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, dword [ebp - 0xd0]
+lea ebx, [esi + esi*8]
+mov ecx, dword [ebp - 0xbc]
+add edx, ebx
+add edx, ecx
+mov dword [ebp - 0xdc], eax
+mov eax, dword [ebp - 0xc8]
+add edx, edx
+add edx, dword [ebp - 0xc4]
+mov edx, dword [eax + edx*4]
+lea eax, [ebp - 0x18]
+add eax, ebx
+add ecx, eax
+mov dword [ebp - 0xf4], eax
+mov al, byte [ecx - 0x7e]
+mov dword [ebp - 0xcc], edx
+mov byte [ebp - 0x100], al
+sub edx, eax
+mov eax, dword [ebp - 0xdc]
+mov byte [ebp - 0xd1], dl
+mov edx, dword [ebp - 0xf4]
+and eax, 0x7fffff
+mov dword [ebp - 0xdc], eax
+movzx eax, byte [ebp - 0xd2]
+jne loc_fffd1abc ; jne 0xfffd1abc
+add edx, eax
+mov al, byte [ebp - 0xcc]
+cmp al, byte [edx - 0x6c]
+jne loc_fffd1a4e ; jne 0xfffd1a4e
+cmp byte [ebp - 0xd1], 0
+jns short loc_fffd19e2 ; jns 0xfffd19e2
+cmp byte [edx - 0x5a], al
+jne short loc_fffd19cc ; jne 0xfffd19cc
+
+loc_fffd19af: ; not directly referenced
+lea ebx, [ebp - 0x18]
+mov ecx, dword [ebp - 0xbc]
+lea eax, [esi + esi*8]
+add eax, ebx
+mov bl, byte [ebp - 0xcc]
+mov byte [ecx + eax - 0x7e], bl
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd19cc: ; not directly referenced
+mov dword [ebp - 0xa8], 1
+
+loc_fffd19d6: ; not directly referenced
+mov eax, dword [ebp - 0xa8]
+test eax, eax
+jne short loc_fffd19d6 ; jne 0xfffd19d6
+jmp short loc_fffd19af ; jmp 0xfffd19af
+
+loc_fffd19e2: ; not directly referenced
+cmp byte [ebp - 0xd1], 1
+jne short loc_fffd1a1a ; jne 0xfffd1a1a
+add ebx, dword [ebp - 0xbc]
+mov eax, dword [ebp + ebx*4 - 0x60]
+shr eax, 8
+xor ah, ah
+mov dword [ebp + ebx*4 - 0x60], eax
+mov al, byte [ebp - 0xcc]
+mov byte [ecx - 0x7e], al
+mov eax, dword [ebp - 0xc0]
+or word [ebp + esi*2 - 0xa2], ax
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1a1a: ; not directly referenced
+cmp byte [ebp - 0xd1], 2
+jne short loc_fffd1a35 ; jne 0xfffd1a35
+xor eax, eax
+call fcn_fffaebf8 ; call 0xfffaebf8
+add ebx, dword [ebp - 0xbc]
+jmp near loc_fffd1b3b ; jmp 0xfffd1b3b
+
+loc_fffd1a35: ; not directly referenced
+mov dword [ebp - 0xac], 1
+
+loc_fffd1a3f: ; not directly referenced
+mov eax, dword [ebp - 0xac]
+test eax, eax
+jne short loc_fffd1a3f ; jne 0xfffd1a3f
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1a4e: ; not directly referenced
+mov al, byte [ebp - 0xcc]
+cmp al, byte [edx - 0x5a]
+jne loc_fffd1c91 ; jne 0xfffd1c91
+mov ax, word [ebp + esi*2 - 0xa2]
+test word [ebp - 0xc0], ax
+jne loc_fffd1e0d ; jne 0xfffd1e0d
+cmp byte [ebp - 0xd1], 0xff
+jne short loc_fffd1a9c ; jne 0xfffd1a9c
+add ebx, dword [ebp - 0xbc]
+or eax, dword [ebp - 0xc0]
+and dword [ebp + ebx*4 - 0x60], 0xffffff00
+mov word [ebp + esi*2 - 0xa2], ax
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1a9c: ; not directly referenced
+mov edx, dword [ebp - 0xc0]
+mov bl, byte [ebp - 0xcc]
+not edx
+and edx, eax
+mov byte [ecx - 0x7e], bl
+mov word [ebp + esi*2 - 0xa2], dx
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1abc: ; not directly referenced
+add edx, eax
+mov al, byte [edx - 0x6c]
+mov byte [ebp - 0xf4], al
+cmp byte [ebp - 0xcc], al
+jne loc_fffd1b61 ; jne 0xfffd1b61
+cmp byte [ebp - 0xd1], 2
+jle short loc_fffd1af5 ; jle 0xfffd1af5
+mov dword [ebp - 0xb0], 1
+
+loc_fffd1ae6: ; not directly referenced
+mov eax, dword [ebp - 0xb0]
+test eax, eax
+jne short loc_fffd1ae6 ; jne 0xfffd1ae6
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1af5: ; not directly referenced
+mov eax, dword [ebp - 0xbc]
+lea ebx, [ebx + eax]
+mov eax, dword [ebp - 0xdc]
+je short loc_fffd1b36 ; je 0xfffd1b36
+call fcn_fffaebf8 ; call 0xfffaebf8
+mov edx, dword [ebp + ebx*4 - 0x60]
+and edx, 0xff00ffff
+movzx eax, al
+shl eax, 0x10
+or eax, edx
+mov dword [ebp + ebx*4 - 0x60], eax
+mov eax, dword [ebp - 0xc0]
+not eax
+and word [ebp + esi*2 - 0x9e], ax
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1b36: ; not directly referenced
+call fcn_fffaebf8 ; call 0xfffaebf8
+
+loc_fffd1b3b: ; not directly referenced
+mov edx, dword [ebp + ebx*4 - 0x60]
+shl eax, 0x18
+and edx, 0xffffff
+or eax, edx
+mov dword [ebp + ebx*4 - 0x60], eax
+mov eax, dword [ebp - 0xc0]
+or word [ebp + esi*2 - 0x9e], ax
+jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1b61: ; not directly referenced
+mov al, byte [ebp - 0xcc]
+cmp al, byte [edx - 0x5a]
+jne loc_fffd1c91 ; jne 0xfffd1c91
+cmp byte [ebp - 0x100], 0xff
+je loc_fffd1c27 ; je 0xfffd1c27
+cmp byte [ebp - 0xd1], 0
+jg loc_fffd1c27 ; jg 0xfffd1c27
+movsx eax, byte [ebp - 0xd1]
+mov dword [ebp - 0x100], eax
+mov eax, dword [ebp - 0xdc]
+call fcn_fffaebf8 ; call 0xfffaebf8
+mov edx, 1
+add ebx, dword [ebp - 0xbc]
+mov ebx, dword [ebp + ebx*4 - 0x60]
+mov dword [ebp - 0x104], eax
+mov eax, dword [ebp - 0x100]
+mov dword [ebp - 0x108], ebx
+xor ebx, ebx
+sub edx, eax
+shl edx, 3
+lea ecx, [edx + 0x1f]
+cmp cl, 0x3e
+ja short loc_fffd1c03 ; ja 0xfffd1c03
+mov cl, al
+movzx ebx, byte [ebp - 0x104]
+mov eax, 0xff
+lea ecx, [ecx*8 + 8]
+shl eax, cl
+not eax
+and eax, dword [ebp - 0x108]
+shl ebx, cl
+mov cl, dl
+or ebx, eax
+test dl, dl
+jle short loc_fffd1bff ; jle 0xfffd1bff
+shl ebx, cl
+jmp short loc_fffd1c03 ; jmp 0xfffd1c03
+
+loc_fffd1bff: ; not directly referenced
+neg ecx
+shr ebx, cl
+
+loc_fffd1c03: ; not directly referenced
+mov ecx, dword [ebp - 0xbc]
+lea eax, [esi + esi*8]
+lea edx, [eax + ecx]
+mov dword [ebp + edx*4 - 0x60], ebx
+lea ebx, [ebp - 0x18]
+add eax, ebx
+mov bl, byte [ebp - 0xcc]
+lea edx, [ebx - 1]
+mov byte [ecx + eax - 0x7e], dl
+jmp short loc_fffd1c5a ; jmp 0xfffd1c5a
+
+loc_fffd1c27: ; not directly referenced
+mov ebx, dword [ebp - 0xbc]
+lea eax, [esi + esi*8]
+lea edx, [eax + ebx]
+mov eax, dword [ebp - 0xdc]
+mov ebx, dword [ebp + edx*4 - 0x60]
+mov dword [ebp - 0x100], edx
+call fcn_fffaebf8 ; call 0xfffaebf8
+mov edx, dword [ebp - 0x100]
+movzx ebx, bx
+shl eax, 0x10
+or eax, ebx
+mov dword [ebp + edx*4 - 0x60], eax
+
+loc_fffd1c5a: ; not directly referenced
+mov al, byte [ebp - 0xf4]
+cmp byte [ebp - 0xcc], al
+jae short loc_fffd1c76 ; jae 0xfffd1c76
+mov eax, dword [ebp - 0xc0]
+or word [ebp + esi*2 - 0x9e], ax
+
+loc_fffd1c76: ; not directly referenced
+cmp byte [ebp - 0xd1], 0
+jg short loc_fffd1ca5 ; jg 0xfffd1ca5
+mov eax, dword [ebp - 0xc0]
+not eax
+and word [ebp + esi*2 - 0xa2], ax
+jmp short loc_fffd1ca5 ; jmp 0xfffd1ca5
+
+loc_fffd1c91: ; not directly referenced
+mov dword [ebp - 0xb4], 1
+
+loc_fffd1c9b: ; not directly referenced
+mov eax, dword [ebp - 0xb4]
+test eax, eax
+jne short loc_fffd1c9b ; jne 0xfffd1c9b
+
+loc_fffd1ca5: ; not directly referenced
+cmp byte [ebp - 0xeb], 1
+movzx eax, byte [ebp - 0xd3]
+jne short loc_fffd1cd6 ; jne 0xfffd1cd6
+push edx
+movzx ecx, byte [ebp - 0xd4]
+mov edx, esi
+push eax
+mov eax, edi
+push dword [ebp - 0xc4]
+push dword [ebp - 0xbc]
+call fcn_fffaec68 ; call 0xfffaec68
+add esp, 0x10
+
+loc_fffd1cd6: ; not directly referenced
+cmp byte [ebp - 0xcc], al
+jne short loc_fffd1cec ; jne 0xfffd1cec
+mov ebx, dword [ebp - 0xc0]
+or word [ebp + esi*2 - 0x9e], bx
+
+loc_fffd1cec: ; not directly referenced
+cmp dword [ebp - 0xdc], 0
+jne short loc_fffd1d23 ; jne 0xfffd1d23
+lea ebx, [ebp - 0x18]
+lea edx, [esi + esi*8]
+lea ecx, [ebx + edx]
+mov ebx, dword [ebp - 0xbc]
+cmp al, byte [ebx + ecx - 0x7e]
+jne short loc_fffd1d23 ; jne 0xfffd1d23
+mov eax, dword [ebp - 0xc0]
+test word [ebp + esi*2 - 0xa2], ax
+je short loc_fffd1d23 ; je 0xfffd1d23
+add edx, ebx
+mov word [ebp + edx*4 - 0x5e], 0xfffe
+
+loc_fffd1d23: ; not directly referenced
+cmp byte [ebp - 0xcc], 0
+jne short loc_fffd1d68 ; jne 0xfffd1d68
+mov eax, dword [ebp - 0xc0]
+or word [ebp + esi*2 - 0xa2], ax
+cmp dword [ebp - 0xdc], 0
+je short loc_fffd1d68 ; je 0xfffd1d68
+lea ebx, [ebp - 0x18]
+or word [ebp + esi*2 - 0x9e], ax
+lea eax, [esi + esi*8]
+lea edx, [ebx + eax]
+mov ebx, dword [ebp - 0xbc]
+add eax, ebx
+mov byte [ebx + edx - 0x7e], 0
+mov word [ebp + eax*4 - 0x5e], 0x707
+
+loc_fffd1d68: ; not directly referenced
+cmp dword [ebp - 0xd8], 0
+jne loc_fffd1e0d ; jne 0xfffd1e0d
+mov cx, word [ebp + esi*2 - 0x9e]
+mov dx, word [ebp + esi*2 - 0xa2]
+mov eax, ecx
+and eax, edx
+test word [ebp - 0xc0], ax
+jne short loc_fffd1e0d ; jne 0xfffd1e0d
+cmp dword [ebp - 0xdc], 0
+movzx eax, byte [ebp - 0xd2]
+jne short loc_fffd1dc1 ; jne 0xfffd1dc1
+test word [ebp - 0xc0], cx
+jne short loc_fffd1db6 ; jne 0xfffd1db6
+lea ecx, [esi + esi*8]
+lea ebx, [ebp - 0x18]
+lea edx, [ebx + ecx]
+jmp short loc_fffd1de0 ; jmp 0xfffd1de0
+
+loc_fffd1db6: ; not directly referenced
+lea ecx, [esi + esi*8]
+lea ebx, [ebp - 0x18]
+lea edx, [ebx + ecx]
+jmp short loc_fffd1dd3 ; jmp 0xfffd1dd3
+
+loc_fffd1dc1: ; not directly referenced
+test word [ebp - 0xc0], dx
+lea ecx, [esi + esi*8]
+lea ebx, [ebp - 0x18]
+lea edx, [ebx + ecx]
+jne short loc_fffd1de0 ; jne 0xfffd1de0
+
+loc_fffd1dd3: ; not directly referenced
+add eax, edx
+mov bl, byte [eax - 0x5a]
+lea edx, [ebx - 1]
+mov byte [eax - 0x5a], dl
+jmp short loc_fffd1deb ; jmp 0xfffd1deb
+
+loc_fffd1de0: ; not directly referenced
+add eax, edx
+mov bl, byte [eax - 0x6c]
+lea edx, [ebx + 1]
+mov byte [eax - 0x6c], dl
+
+loc_fffd1deb: ; not directly referenced
+mov eax, dword [ebp - 0xd0]
+movzx edx, dl
+add eax, ecx
+mov ecx, dword [ebp - 0xc8]
+add eax, dword [ebp - 0xbc]
+add eax, eax
+add eax, dword [ebp - 0xc4]
+mov dword [ecx + eax*4], edx
+
+loc_fffd1e0d: ; not directly referenced
+inc byte [ebp - 0xe8]
+jmp near loc_fffd18ab ; jmp 0xfffd18ab
+
+loc_fffd1e18: ; not directly referenced
+cmp dword [ebp - 0xd8], 1
+jne loc_fffd1edf ; jne 0xfffd1edf
+mov ax, word [ebp + esi*2 - 0xa2]
+mov bx, word [ebp - 0xea]
+mov edx, eax
+and dx, word [ebp + esi*2 - 0x9e]
+cmp dx, bx
+je loc_fffd1edf ; je 0xfffd1edf
+lea edx, [esi + esi*8]
+lea ecx, [ebp - 0x18]
+add edx, ecx
+cmp ax, bx
+movzx eax, byte [ebp - 0xd2]
+je short loc_fffd1e8f ; je 0xfffd1e8f
+add eax, edx
+mov ebx, dword [ebp - 0xf0]
+mov cl, byte [eax - 0x5a]
+dec ecx
+mov byte [eax - 0x5a], cl
+imul eax, esi, 0x48
+movzx ecx, cl
+mov dword [ebx + eax], ecx
+
+loc_fffd1e73: ; not directly referenced
+imul eax, esi, 0x48
+lea ebx, [esi + esi*8]
+add ebx, dword [ebp - 0xd0]
+mov dword [ebp - 0xbc], eax
+xor eax, eax
+mov dword [ebp - 0xc0], ebx
+jmp short loc_fffd1ea9 ; jmp 0xfffd1ea9
+
+loc_fffd1e8f: ; not directly referenced
+add edx, eax
+mov ecx, dword [ebp - 0xf0]
+mov al, byte [edx - 0x6c]
+inc eax
+mov byte [edx - 0x6c], al
+imul edx, esi, 0x48
+movzx eax, al
+mov dword [ecx + edx], eax
+jmp short loc_fffd1e73 ; jmp 0xfffd1e73
+
+loc_fffd1ea9: ; not directly referenced
+cmp al, byte [edi + 0x2488]
+jae short loc_fffd1edf ; jae 0xfffd1edf
+mov ebx, dword [ebp - 0xbc]
+mov edx, dword [ebp - 0xf0]
+mov edx, dword [edx + ebx]
+mov ebx, dword [ebp - 0xc8]
+mov ecx, edx
+movzx edx, al
+add edx, dword [ebp - 0xc0]
+inc eax
+add edx, edx
+add edx, dword [ebp - 0xc4]
+mov dword [ebx + edx*4], ecx
+jmp short loc_fffd1ea9 ; jmp 0xfffd1ea9
+
+loc_fffd1edf: ; not directly referenced
+inc esi
+cmp esi, 2
+jne loc_fffd1885 ; jne 0xfffd1885
+mov si, word [ebp - 0xea]
+mov eax, esi
+and ax, word [ebp - 0xa2]
+cmp ax, si
+jne loc_fffd179c ; jne 0xfffd179c
+mov eax, esi
+and ax, word [ebp - 0x9e]
+cmp ax, si
+jne loc_fffd179c ; jne 0xfffd179c
+mov eax, esi
+and eax, dword [ebp - 0xa0]
+cmp ax, si
+jne loc_fffd179c ; jne 0xfffd179c
+mov eax, esi
+and eax, dword [ebp - 0x9c]
+cmp ax, si
+jne loc_fffd179c ; jne 0xfffd179c
+xor ebx, ebx
+
+loc_fffd1f38: ; not directly referenced
+mov eax, dword [ebp - 0xe0]
+bt eax, ebx
+jae loc_fffd153c ; jae 0xfffd153c
+mov byte [ebp - 0xbc], 0
+
+loc_fffd1f4e: ; not directly referenced
+mov al, byte [ebp - 0xbc]
+cmp al, byte [edi + 0x2488]
+jae loc_fffd153c ; jae 0xfffd153c
+movzx esi, byte [ebp - 0xbc]
+lea eax, [ebx + ebx*8]
+sub esp, 0xc
+mov dword [ebp - 0xc0], eax
+add eax, esi
+mov edx, dword [ebp + eax*4 - 0x60]
+lea eax, [ebp - 0x18]
+add eax, dword [ebp - 0xc0]
+movzx eax, byte [esi + eax - 0x7e]
+mov ecx, edx
+push dword [ebp + 0x1c]
+shr edx, 0x10
+shr ecx, 0x18
+movzx edx, dl
+call fcn_fffaa348 ; call 0xfffaa348
+mov edx, dword [ebp - 0xc0]
+add esp, 0x10
+add edx, dword [ebp - 0xd0]
+mov ecx, dword [ebp - 0xc8]
+inc byte [ebp - 0xbc]
+add esi, edx
+add esi, esi
+add esi, dword [ebp - 0xc4]
+mov dword [ecx + esi*4], eax
+jmp short loc_fffd1f4e ; jmp 0xfffd1f4e
+
+loc_fffd1fc4: ; not directly referenced
+cmp byte [ebp - 0xe4], 0xb
+je short loc_fffd1ffb ; je 0xfffd1ffb
+
+loc_fffd1fcd: ; not directly referenced
+push 2
+movzx eax, byte [ebp - 0xe4]
+xor ebx, ebx
+push 0
+push 0
+push 0
+push 0
+push 0
+push 0
+push 1
+push 0
+push 0
+push eax
+push edi
+call fcn_fffcc900 ; call 0xfffcc900
+add esp, 0x30
+mov esi, eax
+jmp near loc_fffd20a3 ; jmp 0xfffd20a3
+
+loc_fffd1ffb: ; not directly referenced
+movzx eax, byte [ebp - 0xec]
+xor ebx, ebx
+mov dword [ebp - 0xc4], eax
+
+loc_fffd200a: ; not directly referenced
+mov eax, dword [ebp - 0xe0]
+bt eax, ebx
+jb short loc_fffd201d ; jb 0xfffd201d
+
+loc_fffd2015: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffd200a ; jne 0xfffd200a
+jmp short loc_fffd1fcd ; jmp 0xfffd1fcd
+
+loc_fffd201d: ; not directly referenced
+mov eax, ebx
+imul esi, ebx, 0x13c3
+shl eax, 0xa
+add eax, 0x4028
+mov dword [ebp - 0xc0], eax
+mov byte [ebp - 0xbc], 0
+
+loc_fffd203a: ; not directly referenced
+mov al, byte [ebp - 0xbc]
+cmp al, byte [edi + 0x2488]
+jae short loc_fffd2015 ; jae 0xfffd2015
+push eax
+movzx eax, byte [ebp - 0xbc]
+mov edx, ebx
+mov ecx, dword [ebp - 0xc4]
+push 0
+push 0xff
+push eax
+mov eax, edi
+call fcn_fffa7499 ; call 0xfffa7499
+mov edx, dword [ebp - 0xc0]
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+movzx edx, byte [edi + esi + 0x476f]
+and edx, 0x3f
+shl edx, 0x10
+and eax, 0xffc0ffff
+or eax, edx
+mov edx, dword [ebp - 0xc0]
+mov ecx, eax
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+add esp, 0x10
+inc byte [ebp - 0xbc]
+jmp short loc_fffd203a ; jmp 0xfffd203a
+
+loc_fffd20a3: ; not directly referenced
+cmp bl, byte [edi + 0x2488]
+jae short loc_fffd20c1 ; jae 0xfffd20c1
+movzx eax, bl
+xor ecx, ecx
+lea edx, [eax*4 + 0x4cf0]
+mov eax, edi
+call fcn_fffaeb7c ; call 0xfffaeb7c
+inc ebx
+jmp short loc_fffd20a3 ; jmp 0xfffd20a3
+
+loc_fffd20c1: ; not directly referenced
+lea esp, [ebp - 0xc]
+mov eax, esi
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffd20cb: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+sub esp, 0x4c
+mov ebx, dword [ebp + 8]
+mov eax, dword [ebx + 0x2443]
+lea ecx, [ebx + 0x5f98]
+movzx esi, byte [ebx + 0x18ed]
+mov dword [ebx + 0x3711], 0
+mov dword [ebp - 0x3c], eax
+mov eax, dword [ebx + 0x188b]
+mov dword [ebp - 0x40], eax
+lea eax, [ebx + 0x3812]
+
+loc_fffd2106: ; not directly referenced
+cmp dword [eax - 0xbc], 2
+mov dword [eax], 0
+jne short loc_fffd214a ; jne 0xfffd214a
+cmp dword [eax + 0x10b7], 2
+jne short loc_fffd2126 ; jne 0xfffd2126
+mov edx, dword [eax + 0x1198]
+mov dword [eax], edx
+
+loc_fffd2126: ; not directly referenced
+cmp dword [eax + 0x11df], 2
+jne short loc_fffd2137 ; jne 0xfffd2137
+mov edx, dword [eax + 0x12c0]
+add dword [eax], edx
+
+loc_fffd2137: ; not directly referenced
+mov edx, dword [ebx + 0x2484]
+cmp dword [eax], edx
+cmovbe edx, dword [eax]
+mov dword [eax], edx
+add dword [ebx + 0x3711], edx
+
+loc_fffd214a: ; not directly referenced
+add eax, 0x13c3
+cmp eax, ecx
+jne short loc_fffd2106 ; jne 0xfffd2106
+mov edi, dword [ebx + 0x3711]
+mov eax, dword [ebx + 0x18d9]
+mov ecx, edi
+sub ecx, dword [ebx + 0x18d5]
+cmp byte [ebx + 0x2402], 0
+mov dword [ebx + 0x36ec], ecx
+je short loc_fffd218c ; je 0xfffd218c
+cmp edi, 0x1000
+ja short loc_fffd218c ; ja 0xfffd218c
+shr edi, 1
+mov edx, 0x1000
+sub edx, edi
+cmp eax, edx
+cmovb eax, edx
+
+loc_fffd218c: ; not directly referenced
+mov edx, 0x1000
+sub edx, eax
+cmp edx, ecx
+cmovbe ecx, edx
+mov dword [ebx + 0x36f0], ecx
+test esi, esi
+je short loc_fffd21cc ; je 0xfffd21cc
+mov eax, dword [ebx + 0x3812]
+mov edx, dword [ebx + 0x4bd5]
+cmp eax, edx
+je short loc_fffd21cc ; je 0xfffd21cc
+test eax, eax
+je short loc_fffd21cc ; je 0xfffd21cc
+test edx, edx
+je short loc_fffd21cc ; je 0xfffd21cc
+cmp edx, eax
+cmova edx, eax
+add edx, edx
+cmp ecx, edx
+cmovbe edx, ecx
+mov dword [ebx + 0x36f0], edx
+
+loc_fffd21cc: ; not directly referenced
+mov eax, dword [ebx + 0x36f0]
+sub eax, dword [ebx + 0x246d]
+mov edi, dword [ebx + 0x18c1]
+mov dword [ebx + 0x36f4], eax
+sub eax, dword [ebx + 0x2471]
+mov dword [ebx + 0x36f8], eax
+mov eax, dword [ebp - 0x3c]
+push 0x50
+push 0
+push 0
+push 0
+call dword [eax + 0x4c] ; ucall
+add edi, eax
+mov eax, dword [ebp - 0x3c]
+mov dword [esp], edi
+call dword [eax + 0x20] ; ucall
+add esp, 0x10
+mov ecx, dword [ebx + 0x246d]
+cmp dword [ebp - 0x40], 0
+jne short loc_fffd2275 ; jne 0xfffd2275
+xor edx, edx
+cmp byte [ebx + 0x18b3], 1
+sete dl
+and ah, 0xbc
+mov edi, edx
+mov edx, 3
+shl edi, 0xe
+cmp dword [ebx + 0x2471], 3
+cmovbe edx, dword [ebx + 0x2471]
+or eax, edi
+and edx, 3
+shl edx, 8
+or eax, edx
+cmp ecx, 0x400
+jne short loc_fffd2257 ; jne 0xfffd2257
+and al, 7
+or al, 0x88
+jmp short loc_fffd22b9 ; jmp 0xfffd22b9
+
+loc_fffd2257: ; not directly referenced
+mov dl, 0x1f
+cmp ecx, 0x3ff
+ja short loc_fffd2269 ; ja 0xfffd2269
+shr ecx, 5
+mov dl, cl
+and edx, 0x1f
+
+loc_fffd2269: ; not directly referenced
+and edx, 0x1f
+and al, 7
+shl edx, 3
+or eax, edx
+jmp short loc_fffd22b9 ; jmp 0xfffd22b9
+
+loc_fffd2275: ; not directly referenced
+xor edx, edx
+mov edi, dword [ebx + 0x2471]
+cmp byte [ebx + 0x18b3], 1
+sete dl
+and eax, 0xfffffffb
+shl edx, 2
+or eax, edx
+mov dl, 3
+cmp edi, 7
+ja short loc_fffd229d ; ja 0xfffd229d
+shr edi, 1
+mov edx, edi
+and edx, 3
+
+loc_fffd229d: ; not directly referenced
+and edx, 3
+and al, 0x3f
+shl edx, 6
+mov edi, ecx
+or eax, edx
+mov dl, 0xff
+shr edi, 5
+cmp ecx, 0x1fff
+cmovbe edx, edi
+mov ah, dl
+
+loc_fffd22b9: ; not directly referenced
+mov ecx, dword [ebx + 0x36f8]
+mov dword [ebx + 0x36fc], eax
+mov eax, dword [ebx + 0x18dd]
+mov edx, dword [ebx + 0x18e5]
+mov dword [ebp - 0x40], ecx
+sub dword [ebp - 0x40], eax
+neg eax
+and eax, dword [ebp - 0x40]
+mov dword [ebx + 0x372d], edx
+mov dword [ebx + 0x3700], eax
+test esi, esi
+jne short loc_fffd2312 ; jne 0xfffd2312
+
+loc_fffd22ec: ; not directly referenced
+mov eax, dword [ebp - 0x40]
+sub eax, dword [ebx + 0x3700]
+je loc_fffd23fb ; je 0xfffd23fb
+sub dword [ebx + 0x36f8], eax
+sub dword [ebx + 0x36f4], eax
+sub dword [ebx + 0x36f0], eax
+jmp near loc_fffd23fb ; jmp 0xfffd23fb
+
+loc_fffd2312: ; not directly referenced
+or edx, 0xffffffff
+sub edx, dword [ebx + 0x18e9]
+mov dword [ebp - 0x4c], 0
+lea esi, [ebp - 0x2a]
+mov dword [ebp - 0x48], 0
+add eax, edx
+shl eax, 0x14
+mov dword [ebp - 0x50], eax
+
+loc_fffd2334: ; not directly referenced
+mov ecx, dword [ebp - 0x48]
+imul eax, ecx, 0x13c3
+mov byte [ebp - 0x44], cl
+cmp dword [ebx + eax + 0x3756], 2
+jne loc_fffd23e6 ; jne 0xfffd23e6
+
+loc_fffd234e: ; not directly referenced
+push eax
+push esi
+push dword [ebp - 0x4c]
+push dword [ebp - 0x50]
+call fcn_fffc6ea0 ; call 0xfffc6ea0
+mov al, byte [ebp - 0x44]
+add dword [ebp - 0x50], 0x40
+adc dword [ebp - 0x4c], 0
+add esp, 0x10
+cmp byte [esi + 1], al
+jne short loc_fffd234e ; jne 0xfffd234e
+mov ax, word [esi + 7]
+movzx ecx, byte [esi + 5]
+mov edx, eax
+movzx edi, ah
+movzx eax, byte [esi + 3]
+shl edx, 0x18
+shl ecx, 3
+or ecx, edx
+movzx edx, byte [esi + 4]
+and eax, 7
+shl eax, 0x18
+and edx, 0xf
+shl edx, 0x10
+or edi, edx
+or edi, eax
+cmp byte [ebp - 0x44], 1
+lea edx, [ebp - 0x30]
+push edx
+sbb eax, eax
+not eax
+and eax, 0x200
+push ecx
+or eax, 0x1e
+push eax
+mov eax, dword [ebp - 0x3c]
+push 1
+call dword [eax + 0x84] ; ucall
+add esp, 0x10
+cmp byte [ebp - 0x44], 1
+lea ecx, [ebp - 0x30]
+push ecx
+sbb eax, eax
+and eax, 0xfffffe00
+add eax, 0x300
+push edi
+or eax, 0x1e
+push eax
+mov eax, dword [ebp - 0x3c]
+push 1
+call dword [eax + 0x84] ; ucall
+add esp, 0x10
+
+loc_fffd23e6: ; not directly referenced
+inc dword [ebp - 0x48]
+add esi, 9
+cmp dword [ebp - 0x48], 2
+jne loc_fffd2334 ; jne 0xfffd2334
+jmp near loc_fffd22ec ; jmp 0xfffd22ec
+
+loc_fffd23fb: ; not directly referenced
+cmp byte [ebx + 0x18b6], 0
+mov eax, dword [ebx + 0x36ec]
+je short loc_fffd2446 ; je 0xfffd2446
+mov ecx, dword [ebx + 0x36f0]
+cmp eax, ecx
+jbe short loc_fffd2446 ; jbe 0xfffd2446
+mov edx, 0x1000
+cmp eax, 0x1000
+mov esi, edx
+cmovbe edx, eax
+cmovae esi, eax
+add edx, esi
+sub edx, ecx
+mov dword [ebx + 0x370d], edx
+dec edx
+mov byte [ebx + 0x3704], 1
+mov dword [ebx + 0x3705], esi
+mov dword [ebx + 0x3709], edx
+jmp short loc_fffd2453 ; jmp 0xfffd2453
+
+loc_fffd2446: ; not directly referenced
+mov byte [ebx + 0x3704], 0
+mov dword [ebx + 0x370d], eax
+
+loc_fffd2453: ; not directly referenced
+cmp byte [ebx + 0x3745], 0
+je short loc_fffd24bf ; je 0xfffd24bf
+cmp byte [ebx + 0x2402], 0
+je short loc_fffd247b ; je 0xfffd247b
+cmp dword [ebx + 0x3711], 0x1000
+mov edx, eax
+ja short loc_fffd2487 ; ja 0xfffd2487
+mov edx, dword [ebx + 0x370d]
+jmp short loc_fffd2487 ; jmp 0xfffd2487
+
+loc_fffd247b: ; not directly referenced
+mov edx, dword [ebx + 0x3700]
+sub edx, dword [ebx + 0x18e5]
+
+loc_fffd2487: ; not directly referenced
+movzx ecx, byte [ebx + 0x3747]
+shl ecx, 3
+mov dword [ebx + 0x3721], ecx
+not ecx
+add edx, ecx
+movzx ecx, byte [ebx + 0x3746]
+and edx, 0xffffffc0
+mov dword [ebx + 0x371d], edx
+shl ecx, 3
+sub edx, ecx
+sub edx, 0x40
+mov dword [ebx + 0x3729], ecx
+mov dword [ebx + 0x3725], edx
+
+loc_fffd24bf: ; not directly referenced
+mov dword [ebx + 0x3715], eax
+mov eax, dword [ebx + 0x18d5]
+mov edx, dword [ebx + 0x3711]
+mov esi, dword [ebx + 0x2443]
+mov dword [ebx + 0x3719], eax
+mov eax, dword [ebx + 0x18cd]
+mov dword [ebp - 0x40], eax
+mov eax, dword [ebx + 0x18c1]
+push 0xa0
+push 0
+push 0
+mov edi, eax
+mov dword [ebp - 0x3c], eax
+mov eax, edx
+shr edx, 0xc
+and edx, 0x7f
+shl eax, 0x14
+push 0
+mov dword [ebp - 0x48], edx
+mov dword [ebp - 0x44], eax
+call dword [esi + 0x4c] ; ucall
+pop ecx
+mov dword [ebp - 0x3c], edi
+lea edi, [eax + edi]
+pop eax
+push dword [ebp - 0x44]
+push edi
+call dword [esi + 0x30] ; ucall
+lea ecx, [edi + 4]
+pop eax
+pop edx
+mov edx, dword [ebp - 0x48]
+push edx
+push ecx
+call dword [esi + 0x30] ; ucall
+movzx edi, word [ebx + 0x36f0]
+push 0xbc
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+shl edi, 0x14
+add esp, 0x18
+push edi
+mov edi, dword [ebp - 0x3c]
+add eax, edi
+push eax
+call dword [esi + 0x30] ; ucall
+mov edx, dword [ebx + 0x370d]
+push 0xa8
+push 0
+push 0
+mov eax, edx
+shr edx, 0xc
+and edx, 0x7f
+shl eax, 0x14
+mov dword [ebp - 0x48], edx
+push 0
+mov dword [ebp - 0x44], eax
+call dword [esi + 0x4c] ; ucall
+add esp, 0x18
+push dword [ebp - 0x44]
+lea edi, [eax + edi]
+push edi
+call dword [esi + 0x30] ; ucall
+mov edx, dword [ebp - 0x48]
+pop ecx
+pop eax
+lea ecx, [edi + 4]
+push edx
+push ecx
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+cmp byte [ebx + 0x3704], 0
+je loc_fffd2626 ; je 0xfffd2626
+mov edx, dword [ebx + 0x3705]
+push 0x90
+push 0
+push 0
+mov eax, edx
+shr edx, 0xc
+and edx, 0x7f
+shl eax, 0x14
+push 0
+mov dword [ebp - 0x48], edx
+mov dword [ebp - 0x44], eax
+call dword [esi + 0x4c] ; ucall
+mov ecx, dword [ebp - 0x3c]
+lea edi, [eax + ecx]
+pop eax
+pop edx
+push dword [ebp - 0x44]
+push edi
+call dword [esi + 0x30] ; ucall
+mov edx, dword [ebp - 0x48]
+pop ecx
+pop eax
+lea ecx, [edi + 4]
+push edx
+push ecx
+call dword [esi + 0x30] ; ucall
+mov edx, dword [ebx + 0x3709]
+push 0x98
+push 0
+push 0
+mov eax, edx
+shr edx, 0xc
+and edx, 0x7f
+shl eax, 0x14
+mov dword [ebp - 0x48], edx
+push 0
+mov dword [ebp - 0x44], eax
+call dword [esi + 0x4c] ; ucall
+mov ecx, dword [ebp - 0x3c]
+add esp, 0x18
+push dword [ebp - 0x44]
+lea edi, [eax + ecx]
+push edi
+call dword [esi + 0x30] ; ucall
+lea ecx, [edi + 4]
+pop eax
+pop edx
+mov edx, dword [ebp - 0x48]
+push edx
+push ecx
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+
+loc_fffd2626: ; not directly referenced
+push 0xb8
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+movzx edx, word [ebx + 0x3700]
+pop edi
+pop ecx
+add eax, dword [ebp - 0x3c]
+shl edx, 0x14
+push edx
+push eax
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+cmp dword [ebx + 0x372d], 0
+je short loc_fffd2689 ; je 0xfffd2689
+push 0x5c
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+mov ecx, dword [ebp - 0x3c]
+lea edi, [eax + ecx]
+mov dword [esp], edi
+call dword [esi + 0x20] ; ucall
+movzx edx, byte [ebx + 0x372d]
+shl edx, 4
+and eax, 0xfffff00f
+or eax, edx
+pop edx
+or eax, 4
+pop ecx
+push eax
+push edi
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+
+loc_fffd2689: ; not directly referenced
+push 0xb0
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+movzx edx, word [ebx + 0x36f4]
+pop ecx
+pop edi
+mov edi, dword [ebp - 0x3c]
+shl edx, 0x14
+push edx
+add eax, edi
+push eax
+call dword [esi + 0x30] ; ucall
+push 0xb4
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+movzx edx, word [ebx + 0x36f8]
+add esp, 0x18
+shl edx, 0x14
+push edx
+add eax, edi
+push eax
+call dword [esi + 0x30] ; ucall
+mov eax, dword [ebx + 0x3719]
+add esp, 0x10
+test eax, eax
+je loc_fffd2764 ; je 0xfffd2764
+mov edi, 0x80000
+sub edi, eax
+push 0x78
+mov edx, edi
+push 0
+shl edx, 0x14
+push 0
+or dh, 8
+push 0
+shr edi, 0xc
+mov dword [ebp - 0x44], edx
+and edi, 0x7f
+call dword [esi + 0x4c] ; ucall
+mov ecx, dword [ebp - 0x3c]
+add ecx, eax
+pop eax
+pop edx
+mov edx, dword [ebp - 0x44]
+mov dword [ebp - 0x44], ecx
+push edx
+push ecx
+call dword [esi + 0x30] ; ucall
+pop ecx
+mov ecx, dword [ebp - 0x44]
+pop eax
+add ecx, 4
+push edi
+push ecx
+call dword [esi + 0x30] ; ucall
+mov edx, dword [ebx + 0x3715]
+push 0x70
+push 0
+push 0
+mov eax, edx
+shr edx, 0xc
+and edx, 0x7f
+shl eax, 0x14
+mov dword [ebp - 0x48], edx
+push 0
+mov dword [ebp - 0x44], eax
+call dword [esi + 0x4c] ; ucall
+mov ecx, dword [ebp - 0x3c]
+add esp, 0x18
+push dword [ebp - 0x44]
+lea edi, [eax + ecx]
+push edi
+call dword [esi + 0x30] ; ucall
+lea ecx, [edi + 4]
+pop eax
+pop edx
+mov edx, dword [ebp - 0x48]
+push edx
+push ecx
+call dword [esi + 0x30] ; ucall
+add esp, 0x10
+
+loc_fffd2764: ; not directly referenced
+push 0x50
+push 0
+push 0
+push 0
+call dword [esi + 0x4c] ; ucall
+pop edx
+pop ecx
+push dword [ebx + 0x36fc]
+add eax, dword [ebp - 0x3c]
+push eax
+call dword [esi + 0x30] ; ucall
+mov edx, dword [ebx + 0x371d]
+pop edi
+pop eax
+mov eax, dword [ebx + 0x3721]
+mov edi, dword [ebp - 0x40]
+add eax, edx
+shr eax, 3
+shr edx, 3
+shl eax, 0x10
+or eax, edx
+push eax
+mov eax, edi
+add eax, 0x18
+push eax
+call dword [esi + 0x30] ; ucall
+pop eax
+mov eax, dword [ebx + 0x371d]
+pop edx
+shl eax, 0xe
+push eax
+mov eax, edi
+add eax, 0x10
+push eax
+call dword [esi + 0x30] ; ucall
+pop ecx
+pop eax
+mov eax, dword [ebx + 0x371d]
+and eax, 0x40000
+shr eax, 0x12
+push eax
+mov eax, edi
+add eax, 0x14
+push eax
+call dword [esi + 0x30] ; ucall
+mov edx, dword [ebx + 0x3725]
+pop eax
+mov eax, dword [ebx + 0x3729]
+pop ecx
+add eax, edx
+shr eax, 3
+shr edx, 3
+shl eax, 0x10
+or eax, edx
+push eax
+mov eax, edi
+add eax, 0x28
+push eax
+call dword [esi + 0x30] ; ucall
+pop eax
+mov eax, dword [ebx + 0x3725]
+pop edx
+shl eax, 0xe
+push eax
+mov eax, edi
+add eax, 0x20
+push eax
+call dword [esi + 0x30] ; ucall
+pop ecx
+pop eax
+mov eax, dword [ebx + 0x3725]
+and eax, 0x40000
+shr eax, 0x12
+or eax, 4
+push eax
+mov eax, edi
+add eax, 0x24
+push eax
+call dword [esi + 0x30] ; ucall
+xor eax, eax
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffd2836:
+push esi
+push edi
+mov esi, dword [esp + 0x10]
+mov edi, dword [esp + 0xc]
+mov edx, dword [esp + 0x14]
+cmp edi, esi
+je short loc_fffd2865 ; je 0xfffd2865
+cmp edx, 0
+je short loc_fffd2865 ; je 0xfffd2865
+lea eax, [esi + edx - 1]
+cmp esi, edi
+jae short loc_fffd2860 ; jae 0xfffd2860
+cmp eax, edi
+jb short loc_fffd2860 ; jb 0xfffd2860
+mov esi, eax
+lea edi, [edi + edx - 1]
+std
+
+loc_fffd2860:
+mov ecx, edx
+rep movsb ; rep movsb byte es:[edi], byte ptr [esi]
+cld
+
+loc_fffd2865:
+mov eax, dword [esp + 0xc]
+pop edi
+pop esi
+ret
+
+loc_fffd286c:
+push edi
+xor eax, eax
+mov edi, dword [esp + 8]
+mov ecx, dword [esp + 0xc]
+mov edx, ecx
+shr ecx, 2
+and edx, 3
+push edi
+rep stosd ; rep stosd dword es:[edi], eax
+mov ecx, edx
+rep stosb ; rep stosb byte es:[edi], al
+pop eax
+pop edi
+ret
+
+fcn_fffd2889:
+mov eax, dword [esp + 8]
+mov ecx, dword [esp + 0xc]
+xor edx, edx
+div ecx
+mov eax, dword [esp + 4]
+div ecx
+mov eax, edx
+ret
+
+fcn_fffd289e:
+mov eax, dword [esp + 8]
+mov ecx, dword [esp + 0xc]
+xor edx, edx
+div ecx
+push eax
+mov eax, dword [esp + 8]
+div ecx
+pop edx
+ret
+
+fcn_fffd28b3:
+mov ecx, dword [esp + 0xc]
+mov eax, dword [esp + 8]
+xor edx, edx
+div ecx
+push eax
+mov eax, dword [esp + 8]
+div ecx
+mov ecx, dword [esp + 0x14]
+jecxz loc_fffd28ce ; jecxz 0xfffd28ce
+mov dword [ecx], edx
+
+loc_fffd28ce:
+pop edx
+ret
+
+fcn_fffd28d0:
+push ebx
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+cpuid
+push ecx
+mov ecx, dword [ebp + 0x10]
+jecxz loc_fffd28e1 ; jecxz 0xfffd28e1
+mov dword [ecx], eax
+
+loc_fffd28e1:
+mov ecx, dword [ebp + 0x14]
+jecxz loc_fffd28e8 ; jecxz 0xfffd28e8
+mov dword [ecx], ebx
+
+loc_fffd28e8:
+mov ecx, dword [ebp + 0x18]
+jecxz loc_fffd28ef ; jecxz 0xfffd28ef
+pop dword [ecx]
+
+loc_fffd28ef:
+mov ecx, dword [ebp + 0x1c]
+jecxz loc_fffd28f6 ; jecxz 0xfffd28f6
+mov dword [ecx], edx
+
+loc_fffd28f6:
+mov eax, dword [ebp + 0xc]
+leave
+pop ebx
+ret
+
+loc_fffd28fc: ; not directly referenced
+mov cl, byte [esp + 0xc]
+xor eax, eax
+mov edx, dword [esp + 4]
+test cl, 0x20
+cmove eax, edx
+cmove edx, dword [esp + 8]
+shld edx, eax, cl
+shl eax, cl
+ret
+
+loc_fffd2917:
+mov cl, byte [esp + 0xc]
+xor edx, edx
+mov eax, dword [esp + 8]
+test cl, 0x20
+cmove edx, eax
+cmove eax, dword [esp + 4]
+shrd eax, edx, cl
+shr edx, cl
+ret
+
+loc_fffd2932:
+push edi
+mov ecx, dword [esp + 0xc]
+mov al, byte [esp + 0x10]
+mov ah, al
+shrd edx, eax, 0x10
+shld eax, edx, 0x10
+mov edx, ecx
+mov edi, dword [esp + 8]
+shr ecx, 2
+rep stosd ; rep stosd dword es:[edi], eax
+mov ecx, edx
+and ecx, 3
+rep stosb ; rep stosb byte es:[edi], al
+mov eax, dword [esp + 8]
+pop edi
+ret
+
+loc_fffd295d:
+db 0x57
+db 0x8b
+db 0x44
+dd 0x7c8b1024
+dd 0x4c8b0824
+dd 0xabf30c24
+dd 0x0824448b
+db 0x5f
+db 0xc3
+
+loc_fffd2972: ; not directly referenced
+mov ecx, dword [esp + 0xc]
+mov eax, ecx
+imul ecx, dword [esp + 8]
+mul dword [esp + 4]
+add edx, ecx
+ret
+
+loc_fffd2984: ; not directly referenced
+mov ecx, dword [esp + 0x10]
+test ecx, ecx
+jne short loc_fffd299f ; jne 0xfffd299f
+mov ecx, dword [esp + 0x14]
+jecxz loc_fffd299a ; jecxz 0xfffd299a
+and dword [ecx + 4], 0
+mov dword [esp + 0x10], ecx
+
+loc_fffd299a: ; not directly referenced
+jmp near fcn_fffd28b3 ; jmp 0xfffd28b3
+
+loc_fffd299f: ; not directly referenced
+push ebx
+push esi
+push edi
+mov edx, dword [esp + 0x14]
+mov eax, dword [esp + 0x10]
+mov edi, edx
+mov esi, eax
+mov ebx, dword [esp + 0x18]
+
+loc_fffd29b2: ; not directly referenced
+shr edx, 1
+rcr eax, 1
+shrd ebx, ecx, 1
+shr ecx, 1
+jne short loc_fffd29b2 ; jne 0xfffd29b2
+div ebx
+mov ebx, eax
+mov ecx, dword [esp + 0x1c]
+mul dword [esp + 0x18]
+imul ecx, ebx
+add edx, ecx
+mov ecx, dword [esp + 0x20]
+jb short loc_fffd29df ; jb 0xfffd29df
+cmp edi, edx
+ja short loc_fffd29ea ; ja 0xfffd29ea
+jb short loc_fffd29df ; jb 0xfffd29df
+cmp esi, eax
+jae short loc_fffd29ea ; jae 0xfffd29ea
+
+loc_fffd29df: ; not directly referenced
+dec ebx
+jecxz loc_fffd29f5 ; jecxz 0xfffd29f5
+sub eax, dword [esp + 0x18]
+sbb edx, dword [esp + 0x1c]
+
+loc_fffd29ea: ; not directly referenced
+jecxz loc_fffd29f5 ; jecxz 0xfffd29f5
+sub esi, eax
+sbb edi, edx
+mov dword [ecx], esi
+mov dword [ecx + 4], edi
+
+loc_fffd29f5: ; not directly referenced
+mov eax, ebx
+xor edx, edx
+pop edi
+pop esi
+pop ebx
+ret
+
+loc_fffd29fd:
+db 0x53
+
+fcn_fffd29fe: ; not directly referenced
+push ebp
+mov ebp, esp
+mov eax, dword [ebp + 0xc]
+mov ecx, dword [ebp + 0x10]
+cpuid
+push ecx
+mov ecx, dword [ebp + 0x14]
+jecxz loc_fffd2a11 ; jecxz 0xfffd2a11
+mov dword [ecx], eax
+
+loc_fffd2a11: ; not directly referenced
+mov ecx, dword [ebp + 0x18]
+jecxz loc_fffd2a18 ; jecxz 0xfffd2a18
+mov dword [ecx], ebx
+
+loc_fffd2a18: ; not directly referenced
+mov ecx, dword [ebp + 0x20]
+jecxz loc_fffd2a1f ; jecxz 0xfffd2a1f
+mov dword [ecx], edx
+
+loc_fffd2a1f: ; not directly referenced
+mov ecx, dword [ebp + 0x1c]
+jecxz loc_fffd2a26 ; jecxz 0xfffd2a26
+pop dword [ecx]
+
+loc_fffd2a26: ; not directly referenced
+mov eax, dword [ebp + 0xc]
+leave
+pop ebx
+ret
+
+fcn_fffd2a2c: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+xor esi, esi
+push ebx
+mov ebx, eax
+sub esp, 0x1c
+mov dword [ebp - 0x1c], edx
+
+loc_fffd2a3c: ; not directly referenced
+lea eax, [esi*8 + 0x48a8]
+mov dword [ebp - 0x20], eax
+mov edx, eax
+mov eax, ebx
+call fcn_fffae548 ; call 0xfffae548
+mov edi, dword [ebp - 0x1c]
+bt edi, esi
+mov ecx, eax
+jae short loc_fffd2a61 ; jae 0xfffd2a61
+and ch, 0xcf
+or ch, 0x18
+jmp short loc_fffd2a64 ; jmp 0xfffd2a64
+
+loc_fffd2a61: ; not directly referenced
+and ch, 0xf7
+
+loc_fffd2a64: ; not directly referenced
+push edi
+mov eax, ebx
+push edi
+inc esi
+push edx
+mov edx, dword [ebp - 0x20]
+push ecx
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+cmp esi, 2
+jne short loc_fffd2a3c ; jne 0xfffd2a3c
+mov ecx, 2
+mov edx, 0x4d98
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, 1
+mov edx, 0x4800
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x4800
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+xor ecx, ecx
+mov edx, 0x4d98
+mov esi, eax
+mov eax, ebx
+and esi, 0xfffffffe
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, esi
+mov edx, 0x4800
+or ecx, 2
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 0x4800
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+xor esi, esi
+
+loc_fffd2adb: ; not directly referenced
+mov eax, dword [ebp - 0x1c]
+bt eax, esi
+jae short loc_fffd2b0a ; jae 0xfffd2b0a
+lea edi, [esi*8 + 0x48a8]
+mov eax, ebx
+mov edx, edi
+call fcn_fffae548 ; call 0xfffae548
+mov ecx, eax
+and ch, 0xf7
+mov eax, ecx
+push ecx
+push ecx
+push edx
+mov edx, edi
+push eax
+mov eax, ebx
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+
+loc_fffd2b0a: ; not directly referenced
+inc esi
+cmp esi, 2
+jne short loc_fffd2adb ; jne 0xfffd2adb
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffd2b18: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, edx
+shl esi, 0xa
+push ebx
+mov ebx, eax
+lea edi, [esi + 0x41a0]
+sub esp, 0x2c
+mov edx, edi
+mov byte [ebp - 0x29], cl
+call fcn_fffae52a ; call 0xfffae52a
+mov edx, edi
+and eax, 0xfffffccc
+or eax, 0x111
+mov ecx, eax
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp + 0x10]
+lea edx, [esi + 0x41a4]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp + 0x14]
+lea edx, [esi + 0x41a8]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, dword [ebp + 0x18]
+lea edx, [esi + 0x41ac]
+mov eax, ebx
+call fcn_fffae58c ; call 0xfffae58c
+lea edx, [esi + 0x41bc]
+mov eax, ebx
+xor ecx, ecx
+call fcn_fffae58c ; call 0xfffae58c
+lea eax, [esi + 0x41c0]
+mov dword [ebp - 0x28], eax
+mov eax, dword [ebp + 8]
+mov dword [ebp - 0x20], 0
+mov dword [ebp - 0x1c], 0
+mov dword [ebp - 0x24], 0
+lea esi, [eax + 4]
+
+loc_fffd2bb0: ; not directly referenced
+mov eax, dword [ebp - 0x24]
+cmp eax, dword [ebp + 0xc]
+je loc_fffd2c4b ; je 0xfffd2c4b
+mov ecx, dword [esi - 4]
+add esi, 0xc
+movzx eax, byte [esi - 0xc]
+mov edx, ecx
+mov edi, ecx
+and edx, 0x7c
+or ah, 0x80
+shl edx, 6
+and edi, 1
+or eax, edx
+mov edx, ecx
+and edx, 2
+add edi, edi
+shr edx, 1
+and ecx, 0x380
+or edx, edi
+mov edi, dword [esi - 0xc]
+shl ecx, 0x11
+or edx, 4
+shl edx, 8
+and edi, 0x300
+shl edi, 5
+or eax, edi
+mov word [ebp - 0x20], ax
+mov eax, dword [ebp - 0x20]
+and eax, 0xf0ffffff
+or eax, ecx
+mov cl, byte [ebp - 0x29]
+mov dword [ebp - 0x20], eax
+mov eax, dword [ebp - 0x1c]
+and ah, 0xf0
+or eax, edx
+mov edx, dword [esi - 8]
+and eax, 0xfffffff0
+shl edx, cl
+not edx
+and edx, 0xf
+or eax, edx
+mov edx, dword [ebp - 0x28]
+mov dword [ebp - 0x1c], eax
+push eax
+push eax
+mov eax, ebx
+push dword [ebp - 0x1c]
+push dword [ebp - 0x20]
+call fcn_fffae7cf ; call 0xfffae7cf
+add esp, 0x10
+inc dword [ebp - 0x24]
+jmp near loc_fffd2bb0 ; jmp 0xfffd2bb0
+
+loc_fffd2c4b: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffd2c53: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+mov esi, eax
+push ebx
+sub esp, 0x2c
+cmp dword [ebp + 8], 1
+je short loc_fffd2c90 ; je 0xfffd2c90
+jb short loc_fffd2c80 ; jb 0xfffd2c80
+cmp dword [ebp + 8], 2
+jne loc_fffd2d7c ; jne 0xfffd2d7c
+mov dword [ebp - 0x24], 0xa8
+mov dword [ebp - 0x20], 0x2a
+jmp short loc_fffd2c9e ; jmp 0xfffd2c9e
+
+loc_fffd2c80: ; not directly referenced
+mov dword [ebp - 0x24], 0xa4
+mov dword [ebp - 0x20], 0x29
+jmp short loc_fffd2c9e ; jmp 0xfffd2c9e
+
+loc_fffd2c90: ; not directly referenced
+mov dword [ebp - 0x24], 0xc0
+mov dword [ebp - 0x20], 0x30
+
+loc_fffd2c9e: ; not directly referenced
+lea eax, [esi + 0x381a]
+xor ebx, ebx
+mov dword [ebp - 0x28], eax
+movzx eax, dl
+mov dword [ebp - 0x30], eax
+movzx eax, cl
+mov dword [ebp - 0x34], eax
+
+loc_fffd2cb5: ; not directly referenced
+mov eax, dword [ebp - 0x30]
+bt eax, ebx
+jae loc_fffd2d67 ; jae 0xfffd2d67
+mov eax, dword [ebp - 0x28]
+movzx edi, byte [eax + 0xfce]
+mov eax, ebx
+shl eax, 0xa
+add eax, 0x4190
+mov edx, eax
+and edi, 0xf
+shl edi, 0x10
+or edi, 0xf
+mov dword [ebp - 0x2c], eax
+mov ecx, edi
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+mov edx, 1
+mov eax, esi
+call fcn_fffa834b ; call 0xfffa834b
+mov dword [ebp - 0x1c], 0
+
+loc_fffd2cff: ; not directly referenced
+mov cl, byte [ebp - 0x1c]
+mov eax, 1
+mov edx, dword [ebp - 0x28]
+shl eax, cl
+test byte [edx], al
+jne short loc_fffd2d1b ; jne 0xfffd2d1b
+
+loc_fffd2d10: ; not directly referenced
+inc dword [ebp - 0x1c]
+cmp dword [ebp - 0x1c], 4
+jne short loc_fffd2cff ; jne 0xfffd2cff
+jmp short loc_fffd2d43 ; jmp 0xfffd2d43
+
+loc_fffd2d1b: ; not directly referenced
+mov eax, dword [ebp - 0x34]
+mov edx, dword [ebp - 0x1c]
+bt eax, edx
+jae short loc_fffd2d10 ; jae 0xfffd2d10
+push eax
+mov ecx, edx
+push 1
+mov edx, ebx
+push dword [ebp - 0x24]
+mov eax, esi
+push dword [ebp - 0x20]
+call fcn_fffaa505 ; call 0xfffaa505
+add esp, 0x10
+test eax, eax
+je short loc_fffd2d10 ; je 0xfffd2d10
+jmp short loc_fffd2d81 ; jmp 0xfffd2d81
+
+loc_fffd2d43: ; not directly referenced
+cmp dword [ebp + 8], 2
+je short loc_fffd2d67 ; je 0xfffd2d67
+mov edx, 1
+mov eax, esi
+call fcn_fffa834b ; call 0xfffa834b
+mov edx, dword [ebp - 0x2c]
+and edi, 0xfff0ffff
+mov ecx, edi
+mov eax, esi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffd2d67: ; not directly referenced
+inc ebx
+add dword [ebp - 0x28], 0x13c3
+cmp ebx, 2
+jne loc_fffd2cb5 ; jne 0xfffd2cb5
+xor eax, eax
+jmp short loc_fffd2d81 ; jmp 0xfffd2d81
+
+loc_fffd2d7c: ; not directly referenced
+mov eax, 1
+
+loc_fffd2d81: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffd2d89: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+push esi
+push ebx
+mov ebx, eax
+sub esp, 0x50
+mov al, byte [ebp + 8]
+push 0
+push 2
+mov byte [ebp - 0x34], al
+mov eax, dword [ebx + 0x2443]
+mov byte [ebp - 0x33], cl
+lea ecx, [ebp - 0x1a]
+push ecx
+mov dword [ebp - 0x2c], edx
+call dword [eax + 0x5c] ; ucall
+mov edx, dword [ebp - 0x2c]
+add esp, 0x10
+mov byte [ebp - 0x2c], 0x60
+movzx eax, dl
+mov edi, eax
+mov ecx, edi
+mov dword [ebp - 0x48], eax
+mov eax, 1
+shl eax, cl
+test byte [ebx + 0x381a], al
+mov byte [ebp - 0x32], al
+setne dl
+mov cl, dl
+or ecx, 2
+test byte [ebx + 0x4bdd], al
+movzx eax, al
+mov dword [ebp - 0x38], eax
+cmovne edx, ecx
+movzx eax, dl
+mov dword [ebp - 0x50], eax
+
+loc_fffd2df2: ; not directly referenced
+movzx esi, byte [ebp - 0x2c]
+xor edi, edi
+
+loc_fffd2df8: ; not directly referenced
+imul eax, edi, 0x13c3
+mov cl, byte [ebp - 0x32]
+test byte [ebx + eax + 0x381a], cl
+je short loc_fffd2e47 ; je 0xfffd2e47
+push eax
+push 0
+push esi
+push 3
+push dword [ebp - 0x38]
+push 1
+push edi
+push ebx
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 0
+push esi
+push 3
+push dword [ebp - 0x38]
+push 2
+push edi
+push ebx
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x1c
+push 0
+push esi
+push 3
+push dword [ebp - 0x38]
+push 3
+push edi
+push ebx
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffd2e47: ; not directly referenced
+inc edi
+cmp edi, 2
+jne short loc_fffd2df8 ; jne 0xfffd2df8
+mov edx, dword [ebp - 0x50]
+mov eax, ebx
+xor esi, esi
+call fcn_fffd2a2c ; call 0xfffd2a2c
+mov eax, ebx
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+mov edi, dword [ebp + 0xc]
+imul eax, dword [ebp - 0x48], 9
+mov dword [ebp - 0x4c], eax
+
+loc_fffd2e6f: ; not directly referenced
+imul eax, esi, 0x13c3
+mov dword [ebp - 0x40], eax
+mov ecx, eax
+mov al, byte [ebp - 0x32]
+test byte [ebx + ecx + 0x381a], al
+jne short loc_fffd2e90 ; jne 0xfffd2e90
+mov byte [ebp + esi - 0x1a], 0xff
+jmp near loc_fffd2f40 ; jmp 0xfffd2f40
+
+loc_fffd2e90: ; not directly referenced
+cmp byte [ebp + esi - 0x1a], 0xff
+je loc_fffd2f40 ; je 0xfffd2f40
+imul eax, esi, 0x54a
+mov byte [ebp - 0x31], 0
+lea eax, [ebx + eax + 0x196b]
+mov dword [ebp - 0x44], eax
+
+loc_fffd2eaf: ; not directly referenced
+mov al, byte [ebp - 0x31]
+cmp al, byte [ebx + 0x2488]
+jae loc_fffd2f40 ; jae 0xfffd2f40
+mov cl, byte [ebp - 0x31]
+mov edx, dword [ebp - 0x40]
+mov dword [ebp - 0x30], 1
+shl dword [ebp - 0x30], cl
+movzx eax, cl
+mov ecx, dword [ebp - 0x44]
+cmp byte [ebx + edx + 0x49ba], 0x20
+mov dword [ebp - 0x3c], eax
+mov al, byte [ecx + eax + 0x4f6]
+jne short loc_fffd2ef5 ; jne 0xfffd2ef5
+test al, 2
+je short loc_fffd2ef5 ; je 0xfffd2ef5
+mov al, byte [ebp - 0x30]
+or byte [ebp + esi - 0x1a], al
+jmp short loc_fffd2f38 ; jmp 0xfffd2f38
+
+loc_fffd2ef5: ; not directly referenced
+mov ecx, dword [ebp - 0x3c]
+mov edx, esi
+mov eax, ebx
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, ebx
+call fcn_fffae52a ; call 0xfffae52a
+mov dl, byte [ebp + esi - 0x1a]
+test byte [ebp - 0x30], dl
+jne short loc_fffd2f38 ; jne 0xfffd2f38
+movzx eax, al
+mov dword [ebp - 0x54], edx
+call fcn_fffaeba2 ; call 0xfffaeba2
+cmp al, 4
+je short loc_fffd2f38 ; je 0xfffd2f38
+mov eax, dword [ebp - 0x3c]
+mov cl, byte [ebp - 0x2c]
+mov edx, dword [ebp - 0x54]
+add eax, dword [ebp - 0x4c]
+or edx, dword [ebp - 0x30]
+mov byte [edi + eax], cl
+mov byte [esi + ebp - 0x1a], dl
+
+loc_fffd2f38: ; not directly referenced
+inc byte [ebp - 0x31]
+jmp near loc_fffd2eaf ; jmp 0xfffd2eaf
+
+loc_fffd2f40: ; not directly referenced
+inc esi
+add edi, 0x24
+cmp esi, 2
+jne loc_fffd2e6f ; jne 0xfffd2e6f
+cmp byte [ebp - 0x1a], 0xff
+jne short loc_fffd2f59 ; jne 0xfffd2f59
+cmp byte [ebp - 0x19], 0xff
+je short loc_fffd2f86 ; je 0xfffd2f86
+
+loc_fffd2f59: ; not directly referenced
+mov al, byte [ebp - 0x34]
+add byte [ebp - 0x2c], al
+test al, al
+jle short loc_fffd2f6e ; jle 0xfffd2f6e
+mov al, byte [ebp - 0x33]
+cmp byte [ebp - 0x2c], al
+seta al
+jmp short loc_fffd2f7b ; jmp 0xfffd2f7b
+
+loc_fffd2f6e: ; not directly referenced
+movzx eax, byte [ebp - 0x33]
+movsx edx, byte [ebp - 0x2c]
+cmp edx, eax
+setl al
+
+loc_fffd2f7b: ; not directly referenced
+movzx eax, al
+test eax, eax
+je loc_fffd2df2 ; je 0xfffd2df2
+
+loc_fffd2f86: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+fcn_fffd2f8e: ; not directly referenced
+push ebp
+mov ebp, esp
+push edi
+mov edi, eax
+push esi
+mov esi, ecx
+push ebx
+mov ebx, edx
+sub esp, 0x70
+mov al, byte [ebp + 8]
+push 0
+push 2
+lea edx, [ebp - 0x2c]
+mov byte [ebp - 0x53], al
+mov eax, dword [edi + 0x2443]
+mov byte [ebp - 0x52], cl
+push edx
+call dword [eax + 0x5c] ; ucall
+movzx ecx, bl
+mov eax, 1
+shl eax, cl
+add esp, 0x10
+mov byte [ebp - 0x3e], al
+movzx eax, al
+mov dword [ebp - 0x50], eax
+lea eax, [ecx + ecx*8]
+mov dword [ebp - 0x60], eax
+mov eax, esi
+movzx eax, al
+mov byte [ebp - 0x40], 0
+mov byte [ebp - 0x3d], 0x40
+mov dword [ebp - 0x64], eax
+
+loc_fffd2fe3: ; not directly referenced
+movzx esi, byte [ebp - 0x3d]
+xor ebx, ebx
+
+loc_fffd2fe9: ; not directly referenced
+imul eax, ebx, 0x13c3
+mov dl, byte [ebp - 0x3e]
+test byte [edi + eax + 0x381a], dl
+je short loc_fffd3010 ; je 0xfffd3010
+push eax
+push 0
+push esi
+push 1
+push dword [ebp - 0x50]
+push 4
+push ebx
+push edi
+call fcn_fffa9178 ; call 0xfffa9178
+add esp, 0x20
+
+loc_fffd3010: ; not directly referenced
+inc ebx
+cmp ebx, 2
+jne short loc_fffd2fe9 ; jne 0xfffd2fe9
+mov dword [ebp - 0x3c], 0
+
+loc_fffd301d: ; not directly referenced
+mov al, byte [ebp - 0x3e]
+test byte [edi + 0x381a], al
+je short loc_fffd3069 ; je 0xfffd3069
+or byte [ebp - 0x40], 1
+mov edx, 0x41a4
+cmp dword [ebp - 0x3c], 1
+mov eax, edi
+sbb ecx, ecx
+and ecx, 0xffffc000
+add ecx, 0x7000
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, 0x4000
+mov edx, 0x41a8
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+xor ecx, ecx
+mov edx, 0x41ac
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffd3069: ; not directly referenced
+mov al, byte [ebp - 0x3e]
+test byte [edi + 0x4bdd], al
+je short loc_fffd30b5 ; je 0xfffd30b5
+or byte [ebp - 0x40], 2
+mov edx, 0x45a4
+cmp dword [ebp - 0x3c], 1
+mov eax, edi
+sbb ecx, ecx
+and ecx, 0xffffc000
+add ecx, 0x7000
+call fcn_fffae58c ; call 0xfffae58c
+mov ecx, 0x4000
+mov edx, 0x45a8
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+xor ecx, ecx
+mov edx, 0x45ac
+mov eax, edi
+call fcn_fffae58c ; call 0xfffae58c
+
+loc_fffd30b5: ; not directly referenced
+movzx edx, byte [ebp - 0x40]
+mov eax, edi
+xor esi, esi
+call fcn_fffd2a2c ; call 0xfffd2a2c
+mov eax, edi
+mov edx, 0xf
+call fcn_fffa834b ; call 0xfffa834b
+mov eax, dword [ebp + 0xc]
+mov dword [ebp - 0x48], eax
+
+loc_fffd30d4: ; not directly referenced
+imul eax, esi, 0x13c3
+mov dword [ebp - 0x5c], eax
+mov ebx, eax
+mov al, byte [ebp - 0x3e]
+test byte [edi + ebx + 0x381a], al
+jne short loc_fffd30f5 ; jne 0xfffd30f5
+mov byte [ebp + esi - 0x2c], 0xff
+jmp near loc_fffd31d4 ; jmp 0xfffd31d4
+
+loc_fffd30f5: ; not directly referenced
+cmp byte [ebp + esi - 0x2c], 0xff
+je loc_fffd31d4 ; je 0xfffd31d4
+imul eax, esi, 0x54a
+lea ebx, [ebp - 0x18]
+mov byte [ebp - 0x3f], 0
+lea eax, [edi + eax + 0x196b]
+mov dword [ebp - 0x58], eax
+lea eax, [esi + esi*8]
+add eax, ebx
+mov dword [ebp - 0x4c], eax
+
+loc_fffd311f: ; not directly referenced
+mov al, byte [ebp - 0x3f]
+cmp al, byte [edi + 0x2488]
+jae loc_fffd31d4 ; jae 0xfffd31d4
+mov edx, dword [ebp - 0x5c]
+mov cl, byte [ebp - 0x3f]
+mov eax, dword [ebp - 0x58]
+mov dword [ebp - 0x44], 1
+shl dword [ebp - 0x44], cl
+cmp byte [edi + edx + 0x49ba], 0x20
+movzx ebx, cl
+mov al, byte [eax + ebx + 0x4f6]
+jne short loc_fffd3162 ; jne 0xfffd3162
+test al, 2
+je short loc_fffd3162 ; je 0xfffd3162
+mov al, byte [ebp - 0x44]
+or byte [ebp + esi - 0x2c], al
+jmp short loc_fffd31cc ; jmp 0xfffd31cc
+
+loc_fffd3162: ; not directly referenced
+mov ecx, ebx
+mov edx, esi
+mov eax, edi
+call fcn_fffa7617 ; call 0xfffa7617
+mov edx, eax
+mov eax, edi
+call fcn_fffae52a ; call 0xfffae52a
+mov cl, byte [ebp + esi - 0x2c]
+test byte [ebp - 0x44], cl
+jne short loc_fffd31cc ; jne 0xfffd31cc
+cmp dword [ebp - 0x3c], 0
+movzx edx, al
+jne short loc_fffd3191 ; jne 0xfffd3191
+mov eax, dword [ebp - 0x4c]
+mov byte [ebx + eax - 0x12], dl
+jmp short loc_fffd31cc ; jmp 0xfffd31cc
+
+loc_fffd3191: ; not directly referenced
+mov eax, dword [ebp - 0x4c]
+mov dword [ebp - 0x6c], ecx
+mov dword [ebp - 0x68], edx
+mov al, byte [ebx + eax - 0x12]
+mov byte [ebp - 0x51], al
+mov eax, edx
+call fcn_fffaeba2 ; call 0xfffaeba2
+mov edx, dword [ebp - 0x68]
+mov ecx, dword [ebp - 0x6c]
+cmp al, 4
+jne short loc_fffd31b7 ; jne 0xfffd31b7
+cmp byte [ebp - 0x51], dl
+jne short loc_fffd31cc ; jne 0xfffd31cc
+
+loc_fffd31b7: ; not directly referenced
+mov eax, dword [ebp - 0x60]
+mov edx, dword [ebp - 0x48]
+or ecx, dword [ebp - 0x44]
+add eax, ebx
+mov bl, byte [ebp - 0x3d]
+mov byte [ebp + esi - 0x2c], cl
+mov byte [edx + eax], bl
+
+loc_fffd31cc: ; not directly referenced
+inc byte [ebp - 0x3f]
+jmp near loc_fffd311f ; jmp 0xfffd311f
+
+loc_fffd31d4: ; not directly referenced
+inc esi
+add dword [ebp - 0x48], 0x24
+cmp esi, 2
+jne loc_fffd30d4 ; jne 0xfffd30d4
+inc dword [ebp - 0x3c]
+cmp dword [ebp - 0x3c], 2
+jne loc_fffd301d ; jne 0xfffd301d
+cmp byte [ebp - 0x2c], 0xff
+jne short loc_fffd31fb ; jne 0xfffd31fb
+cmp byte [ebp - 0x2b], 0xff
+je short loc_fffd3225 ; je 0xfffd3225
+
+loc_fffd31fb: ; not directly referenced
+mov al, byte [ebp - 0x53]
+add byte [ebp - 0x3d], al
+test al, al
+jle short loc_fffd3210 ; jle 0xfffd3210
+mov al, byte [ebp - 0x52]
+cmp byte [ebp - 0x3d], al
+seta al
+jmp short loc_fffd321a ; jmp 0xfffd321a
+
+loc_fffd3210: ; not directly referenced
+movsx eax, byte [ebp - 0x3d]
+cmp eax, dword [ebp - 0x64]
+setl al
+
+loc_fffd321a: ; not directly referenced
+movzx eax, al
+test eax, eax
+je loc_fffd2fe3 ; je 0xfffd2fe3
+
+loc_fffd3225: ; not directly referenced
+lea esp, [ebp - 0xc]
+pop ebx
+pop esi
+pop edi
+pop ebp
+ret
+
+loc_fffd322d:
+db 0x66
+db 0x90
+db 0x90
+
+ref_fffd3230:
+dd 0x00000801
+dd 0x01000402
+
+ref_fffd3238:
+dd 0x4000f001
+dd 0x02005a01
+dd 0x011800dc
+dd 0x9004005a
+dd 0xa0020801
+dd 0x01900500
+dd 0x00a00208
+dd 0xe000f010
+dd 0x11000001
+dd 0x01e000f0
+dd 0xc0200000
+dd 0x00018000
+dd 0x00c02100
+dd 0x00000180
+dd 0x2200be0b
+dd 0x0c000001
+dd 0x01900118
+dd 0x080d008c
+dd 0xbe028002
+dd 0x00000000
+
+ref_fffd3288:
+dd 0x4443524d
+dd 0x90906600
+
+ref_fffd3290:
+dd 0x05010400
+dd 0x07030602
+dd 0x00000008
+
+ref_fffd329c:
+dd 0xff830000
+dd 0xffe1ffc2
+dd 0x007d00fa
+dd 0x001f003e
+
+ref_fffd32ac:
+dd 0x02030304
+dd 0x02030404
+dd 0x03030405
+dd 0x03040405
+dd 0x03040405
+dd 0x02030304
+dd 0x02030404
+dd 0x03030405
+dd 0x03040405
+dd 0x03030404
+
+ref_fffd32d4:
+dd 0x05060605
+dd 0x05060605
+dd 0x06060604
+dd 0x05060607
+dd 0x05060607
+dd 0x06060607
+
+ref_fffd32ec:
+dd loc_fffa6b75
+dd loc_fffa6ab2
+dd loc_fffa6ae7
+dd loc_fffa6b47
+dd loc_fffa6a85
+dd loc_fffa6b75
+dd loc_fffa6b75
+
+ref_fffd3308:
+dd loc_fffa83ff
+dd loc_fffa840d
+dd loc_fffa841d
+dd loc_fffa850b
+dd loc_fffa8432
+dd loc_fffa843d
+dd loc_fffa844a
+dd loc_fffa847b
+dd loc_fffa8498
+
+ref_fffd332c:
+dd loc_fffa8691
+dd loc_fffa86c5
+dd loc_fffa8702
+dd loc_fffa86e1
+dd loc_fffa8691
+dd loc_fffa86c5
+dd loc_fffa86e1
+dd loc_fffa8636
+
+ref_fffd334c:
+dd 0x50f00050
+dd 0x0000f000
+dd 0x00000000
+
+ref_fffd3358:
+dd 0x50f00050
+dd 0x0000f000
+dd 0x00000000
+
+ref_fffd3364:
+dd 0x3c3c3c3c
+dd 0x283c283c
+dd 0x283c283c
+dd 0x3c3c3c3c
+dd 0x283c283c
+dd 0x283c283c
+
+ref_fffd337c:
+dd 0x3c3c3c3c
+dd 0x1e3c1e3c
+dd 0x1e3c1e3c
+dd 0x3c3c3c3c
+dd 0x1e3c1e3c
+dd 0x1e3c1e3c
+
+ref_fffd3394:
+dd 0x00780078
+dd 0x00000000
+
+ref_fffd339c:
+dd 0x003c003c
+dd 0x1e3c1e3c
+dd 0x1e3c1e3c
+dd 0x003c003c
+dd 0x1e3c1e3c
+dd 0x1e3c1e3c
+
+ref_fffd33b4:
+dd 0x28002800
+dd 0x1e3c1e3c
+dd 0x1e3c1e3c
+dd 0x28002800
+dd 0x1e3c1e3c
+dd 0x1e3c1e3c
+
+ref_fffd33cc:
+dd 0x00780078
+dd 0x00000000
+
+ref_fffd33d4:
+dd fcn_fffc3686
+dd fcn_fffc3621
+dd fcn_fffc34c9
+dd fcn_fffc33fa
+dd fcn_fffc343a
+dd fcn_fffc337c
+dd fcn_fffc35b2
+dd fcn_fffc3506
+dd fcn_fffc3343
+dd fcn_fffc32fa
+dd fcn_fffc323f
+dd fcn_fffc31bb
+dd fcn_fffac83c
+
+ref_fffd3408:
+dd fcn_fffc2f86
+dd fcn_fffaeda5
+dd fcn_fffa7852
+dd fcn_fffc2cf5
+dd fcn_fffc2912
+dd fcn_fffc2693
+dd fcn_fffc247a
+dd fcn_fffae2eb
+dd fcn_fffae11e
+dd fcn_fffadc1a
+dd fcn_fffada63
+dd fcn_fffc2b14
+dd fcn_fffad8ba
+dd fcn_fffad37a
+dd fcn_fffad193
+dd fcn_fffacfea
+dd fcn_fffadfa3
+dd fcn_fffade28
+dd fcn_fffad70d
+dd fcn_fffad560
+dd fcn_ffface9c
+dd fcn_fffacd4e
+dd fcn_fffacb8e
+dd fcn_fffac879
+
+ref_fffd3468:
+dd 0x00000000
+dd 0x00010105
+dd 0x01050100
+
+ref_fffd3474:
+dd 0x00000000
+dd 0x04000101
+dd 0x01050000
+
+ref_fffd3480:
+dd 0x01000001
+dd 0x04010101
+dd 0x01050100
+
+ref_fffd348c:
+dd 0x00000000
+dd 0x04000103
+dd 0x01070000
+
+ref_fffd3498:
+dd 0x00000000
+dd 0x04000003
+dd 0x00070000
+
+ref_fffd34a4:
+dd 0x00010000
+dd 0x04000103
+dd 0x01070001
+
+ref_fffd34b0:
+dd 0xffffffff
+
+ref_fffd34b4:
+dd 0x7fffffff
+
+ref_fffd34b8:
+dd 0x2625a000
+dd 0x00032000
+dd 0x84800300
+dd 0x03e8001e
+dd 0x38020000
+dd 0x2b001c9c
+dd 0x01000004
+dd 0x00196e6a
+dd 0x000004b0
+dd 0x16e36002
+dd 0x00053500
+dd 0xcc5b0100
+dd 0x05780015
+dd 0xd0020000
+dd 0x40001312
+dd 0x03000006
+dd 0x0010f447
+dd 0x00000708
+dd 0x10594402
+dd 0x00074b00
+dd 0x42400100
+dd 0x07d0000f
+dd 0x10020000
+dd 0x55000e50
+dd 0x01000008
+dd 0x000ddf22
+dd 0x00000898
+dd 0x0cb73502
+dd 0x00096000
+dd 0xbcce0300
+dd 0x0a28000b
+dd 0xb0020000
+dd 0x6b000b71
+dd 0x0100000a
+dd 0x000ae62d
+dd 0x00000af0
+dd 0x0a675a02
+dd 0x000b7500
+dd 0x2c2a0100
+dd 0x0bb8000a
+dd 0x68020000
+dd 0x80000989
+dd 0x0300000c
+dd 0x00000000
+dd 0x00000000
+dd 0x90906600
+
+ref_fffd3570:
+dd 0x86186186
+dd 0x18618618
+dd 0x30c30c30
+dd 0xa28a28a2
+dd 0x8a28a28a
+dd 0x14514514
+dd 0x28a28a28
+dd 0x92492492
+dd 0x24924924
+
+ref_fffd3594:
+dd 0x00a10ca1
+dd 0x00ef0d08
+dd 0x00ad0a1e
+
+ref_fffd35a0:
+dd 0x00010000
+dd 0x02000201
+dd 0x00030900
+dd 0x7801001f
+dd 0x01007d00
+dd 0x01480140
+dd 0x5c014909
+dd 0x00200101
+dd 0x7e010077
+dd 0x0100ff00
+dd 0x017f015d
+dd 0x83018001
+dd 0x01840101
+dd 0x89010188
+dd 0x0101a701
+dd 0x01ca01ac
+dd 0x00000001
+
+ref_fffd35e4:
+dd 0x00010000
+dd 0x02000201
+dd 0x00030900
+dd 0x3c010029
+dd 0x01003f00
+dd 0x007f0075
+dd 0x91008009
+dd 0x00270100
+dd 0x4001003b
+dd 0x01007d00
+dd 0x00b300b0
+dd 0xb800b401
+dd 0x00b90100
+dd 0xdc0100d7
+dd 0x0100fa00
+
+ref_fffd3620:
+dd 0x20445053
+dd 0x90906600
+
+ref_fffd3628:
+dd 0x02010000
+dd 0x06050403
+dd 0x08080707
+dd 0x0a090909
+dd 0x00000a0a
+
+ref_fffd363c:
+dd 0x003c0000
+dd 0x48004806
+dd 0x004c0600
+dd 0x5002004c
+dd 0x04005000
+dd 0x00540054
+dd 0x58005806
+dd 0x005c0400
+dd 0x6006005c
+dd 0x06006000
+dd 0x00640064
+dd 0x60006002
+dd 0x00640700
+dd 0x68030064
+dd 0x06006800
+dd 0x0070006c
+dd 0x78007407
+dd 0x00740600
+dd 0x7c070074
+dd 0x04008c00
+dd 0x00800080
+dd 0x3c010005
+dd 0x01480601
+dd 0x4c060148
+dd 0x02014c01
+dd 0x01500150
+dd 0x54015404
+dd 0x01580601
+dd 0x5c040158
+dd 0x06015c01
+dd 0x01600160
+dd 0x64016406
+dd 0x01600201
+dd 0x64070160
+dd 0x03016401
+dd 0x01680168
+dd 0x70016c06
+dd 0x01740701
+dd 0x74060178
+dd 0x07017401
+dd 0x018c017c
+dd 0x80018004
+dd 0x02000501
+dd 0x4806023c
+dd 0x06024802
+dd 0x024c024c
+dd 0x50025002
+dd 0x02540402
+dd 0x58060254
+dd 0x04025802
+dd 0x025c025c
+dd 0x60026006
+dd 0x02640602
+dd 0x60020264
+dd 0x07026002
+dd 0x02640264
+dd 0x68026803
+dd 0x026c0602
+dd 0x74070270
+dd 0x06027802
+dd 0x02740274
+dd 0x8c027c07
+dd 0x02800402
+dd 0x00050280
+dd 0x06033c03
+dd 0x03480348
+dd 0x4c034c06
+dd 0x03500203
+dd 0x54040350
+dd 0x06035403
+dd 0x03580358
+dd 0x5c035c04
+dd 0x03600603
+dd 0x64060360
+dd 0x02036403
+dd 0x03600360
+dd 0x64036407
+dd 0x03680303
+dd 0x6c060368
+dd 0x07037003
+dd 0x03780374
+dd 0x74037406
+dd 0x037c0703
+dd 0x8004038c
+dd 0x05038003
+dd 0x043c0400
+dd 0x48044806
+dd 0x044c0604
+dd 0x5002044c
+dd 0x04045004
+dd 0x04540454
+dd 0x58045806
+dd 0x045c0404
+dd 0x6006045c
+dd 0x06046004
+dd 0x04640464
+dd 0x60046002
+dd 0x04640704
+dd 0x68030464
+dd 0x06046804
+dd 0x0470046c
+dd 0x78047407
+dd 0x04740604
+dd 0x7c070474
+dd 0x04048c04
+dd 0x04800480
+dd 0x3c050005
+dd 0x05480605
+dd 0x4c060548
+dd 0x02054c05
+dd 0x05500550
+dd 0x54055404
+dd 0x05580605
+dd 0x5c040558
+dd 0x06055c05
+dd 0x05600560
+dd 0x64056406
+dd 0x05600205
+dd 0x64070560
+dd 0x03056405
+dd 0x05680568
+dd 0x70056c06
+dd 0x05740705
+dd 0x74060578
+dd 0x07057405
+dd 0x058c057c
+dd 0x80058004
+dd 0x06000505
+dd 0x4806063c
+dd 0x06064806
+dd 0x064c064c
+dd 0x50065002
+dd 0x06540406
+dd 0x58060654
+dd 0x04065806
+dd 0x065c065c
+dd 0x60066006
+dd 0x06640606
+dd 0x60020664
+dd 0x07066006
+dd 0x06640664
+dd 0x68066803
+dd 0x066c0606
+dd 0x74070670
+dd 0x06067806
+dd 0x06740674
+dd 0x8c067c07
+dd 0x06800406
+dd 0x00050680
+dd 0x06073c07
+dd 0x07480748
+dd 0x4c074c06
+dd 0x07500207
+dd 0x54040750
+dd 0x06075407
+dd 0x07580758
+dd 0x5c075c04
+dd 0x07600607
+dd 0x64060760
+dd 0x02076407
+dd 0x07600760
+dd 0x64076407
+dd 0x07680307
+dd 0x6c060768
+dd 0x07077007
+dd 0x07780774
+dd 0x74077406
+dd 0x077c0707
+dd 0x8004078c
+dd 0x05078007
+dd 0x083c0800
+dd 0x48084806
+dd 0x084c0608
+dd 0x5002084c
+dd 0x04085008
+dd 0x08540854
+dd 0x58085806
+dd 0x085c0408
+dd 0x6006085c
+dd 0x06086008
+dd 0x08640864
+dd 0x60086002
+dd 0x08640708
+dd 0x68030864
+dd 0x06086808
+dd 0x0870086c
+dd 0x78087407
+dd 0x08740608
+dd 0x7c070874
+dd 0x04088c08
+dd 0x08800880
+dd 0x3c090005
+dd 0x09480609
+dd 0x4c060948
+dd 0x02094c09
+dd 0x09500950
+dd 0x54095404
+dd 0x09580609
+dd 0x5c040958
+dd 0x06095c09
+dd 0x09600960
+dd 0x64096406
+dd 0x09600209
+dd 0x64070960
+dd 0x03096409
+dd 0x09680968
+dd 0x70096c06
+dd 0x09740709
+dd 0x74060978
+dd 0x07097409
+dd 0x098c097c
+dd 0x80098004
+dd 0x0a000509
+dd 0x48060a3c
+dd 0x060a480a
+dd 0x0a4c0a4c
+dd 0x500a5002
+dd 0x0a54040a
+dd 0x58060a54
+dd 0x040a580a
+dd 0x0a5c0a5c
+dd 0x600a6006
+dd 0x0a64060a
+dd 0x60020a64
+dd 0x070a600a
+dd 0x0a640a64
+dd 0x680a6803
+dd 0x0a6c060a
+dd 0x74070a70
+dd 0x060a780a
+dd 0x0a740a74
+dd 0x8c0a7c07
+dd 0x0a80040a
+dd 0x00050a80
+dd 0x060b3c0b
+dd 0x0b480b48
+dd 0x4c0b4c06
+dd 0x0b50020b
+dd 0x54040b50
+dd 0x060b540b
+dd 0x0b580b58
+dd 0x5c0b5c04
+dd 0x0b60060b
+dd 0x64060b60
+dd 0x020b640b
+dd 0x0b600b60
+dd 0x640b6407
+dd 0x0b68030b
+dd 0x6c060b68
+dd 0x070b700b
+dd 0x0b780b74
+dd 0x740b7406
+dd 0x0b7c070b
+dd 0x80040b8c
+dd 0x050b800b
+dd 0x0c3c0c00
+dd 0x480c4806
+dd 0x0c4c060c
+dd 0x50020c4c
+dd 0x040c500c
+dd 0x0c540c54
+dd 0x580c5806
+dd 0x0c5c040c
+dd 0x60060c5c
+dd 0x060c600c
+dd 0x0c640c64
+dd 0x600c6002
+dd 0x0c64070c
+dd 0x68030c64
+dd 0x060c680c
+dd 0x0c700c6c
+dd 0x780c7407
+dd 0x0c74060c
+dd 0x7c070c74
+dd 0x040c8c0c
+dd 0x0c800c80
+dd 0x3c0d0005
+dd 0x0d48060d
+dd 0x4c060d48
+dd 0x020d4c0d
+dd 0x0d500d50
+dd 0x540d5404
+dd 0x0d58060d
+dd 0x5c040d58
+dd 0x060d5c0d
+dd 0x0d600d60
+dd 0x640d6406
+dd 0x0d60020d
+dd 0x64070d60
+dd 0x030d640d
+dd 0x0d680d68
+dd 0x700d6c06
+dd 0x0d74070d
+dd 0x74060d78
+dd 0x070d740d
+dd 0x0d8c0d7c
+dd 0x800d8004
+dd 0x0e00050d
+dd 0x48060e3c
+dd 0x060e480e
+dd 0x0e4c0e4c
+dd 0x500e5002
+dd 0x0e54040e
+dd 0x58060e54
+dd 0x040e580e
+dd 0x0e5c0e5c
+dd 0x600e6006
+dd 0x0e64060e
+dd 0x60020e64
+dd 0x070e600e
+dd 0x0e640e64
+dd 0x680e6803
+dd 0x0e6c060e
+dd 0x74070e70
+dd 0x060e780e
+dd 0x0e740e74
+dd 0x8c0e7c07
+dd 0x0e80040e
+dd 0x00050e80
+dd 0x060f3c0f
+dd 0x0f480f48
+dd 0x4c0f4c06
+dd 0x0f50020f
+dd 0x54040f50
+dd 0x060f540f
+dd 0x0f580f58
+dd 0x5c0f5c04
+dd 0x0f60060f
+dd 0x64060f60
+dd 0x020f640f
+dd 0x0f600f60
+dd 0x640f6407
+dd 0x0f68030f
+dd 0x6c060f68
+dd 0x070f700f
+dd 0x0f780f74
+dd 0x740f7406
+dd 0x0f7c070f
+dd 0x80040f8c
+dd 0x050f800f
+dd 0x0f840f84
+dd 0x3c100005
+dd 0x10480610
+dd 0x4c061048
+dd 0x02104c10
+dd 0x10501050
+dd 0x54105404
+dd 0x10580610
+dd 0x5c041058
+dd 0x06105c10
+dd 0x10601060
+dd 0x64106406
+dd 0x10600210
+dd 0x64071060
+dd 0x03106410
+dd 0x10681068
+dd 0x70106c06
+dd 0x10740710
+dd 0x74061078
+dd 0x07107410
+dd 0x108c107c
+dd 0x80108004
+dd 0x11000510
+dd 0x4806113c
+dd 0x06114811
+dd 0x114c114c
+dd 0x50115002
+dd 0x11540411
+dd 0x58061154
+dd 0x04115811
+dd 0x115c115c
+dd 0x60116006
+dd 0x11640611
+dd 0x60021164
+dd 0x07116011
+dd 0x11641164
+dd 0x68116803
+dd 0x116c0611
+dd 0x74071170
+dd 0x06117811
+dd 0x11741174
+dd 0x8c117c07
+dd 0x11800411
+dd 0x04051180
+dd 0x06120812
+dd 0x121c1214
+dd 0x20122006
+dd 0x13040412
+dd 0x14061308
+dd 0x06131c13
+dd 0x13201320
+dd 0x0c140404
+dd 0x15040614
+dd 0x0006150c
+dd 0x04180018
+dd 0x18101808
+dd 0x18181806
+dd 0x18200418
+dd 0x00041820
+dd 0x04190019
+dd 0x19101908
+dd 0x18191806
+dd 0x19200419
+dd 0x04041920
+dd 0x061a0c1a
+dd 0x1b0c1b04
+dd 0x1c1c1406
+dd 0x1c20061c
+dd 0x14041c20
+dd 0x061d1c1d
+dd 0x1d201d20
+dd 0x04200004
+dd 0x20080720
+dd 0xb8062008
+dd 0x022bb82b
+dd 0x36783678
+dd 0x283a0004
+dd 0x3a2c063a
+dd 0x30043a2c
+dd 0x043a343a
+dd 0x40044000
+dd 0x04400406
+dd 0x40080740
+dd 0x1006400c
+dd 0x07401440
+dd 0x40184018
+dd 0x20402005
+dd 0x40240740
+dd 0x2c064028
+dd 0x04403840
+dd 0x40ac40a4
+dd 0xcc40b404
+dd 0x40d00440
+dd 0xd40640d0
+dd 0x0440d440
+dd 0x42104210
+dd 0x24422004
+dd 0x42280642
+dd 0x8c044244
+dd 0x04429042
+dd 0x42944294
+dd 0x98429806
+dd 0x429c0442
+dd 0xa006429c
+dd 0x0742a042
+dd 0x42ac42a4
+dd 0xe842e405
+dd 0x42ec0542
+dd 0x280742fc
+dd 0x07432843
+dd 0x43744340
+dd 0x90438c05
+dd 0x44000643
+dd 0x04064404
+dd 0x07440444
+dd 0x440c4408
+dd 0x14441006
+dd 0x44180744
+dd 0x20054418
+dd 0x07442044
+dd 0x44284424
+dd 0x38442c06
+dd 0x44a40444
+dd 0xb40444ac
+dd 0x0444cc44
+dd 0x44d044d0
+dd 0xd444d406
+dd 0x46100444
+dd 0x20044610
+dd 0x06462446
+dd 0x46444628
+dd 0x90468c04
+dd 0x46940446
+dd 0x98064694
+dd 0x04469846
+dd 0x469c469c
+dd 0xa046a006
+dd 0x46a40746
+dd 0xe40546ac
+dd 0x0546e846
+dd 0x46fc46ec
+dd 0x28472807
+dd 0x47400747
+dd 0x8c054774
+dd 0x06479047
+dd 0x48c048a8
+dd 0xf448d802
+dd 0x49080248
+dd 0x6802491c
+dd 0x04496849
+dd 0x498c4980
+dd 0x444e3802
+dd 0x5000024e
+dd 0x04065000
+dd 0x07500850
+dd 0x5018500c
+dd 0x1c501c06
+dd 0x50200750
+dd 0x38065034
+dd 0x02503c50
+dd 0x50585040
+dd 0x5c505c06
+dd 0x50600250
+dd 0x64075060
+dd 0x02507c50
+dd 0x50845080
+dd 0x8c508806
+dd 0x50900250
+dd 0x98065094
+dd 0x02509c50
+dd 0x50a450a0
+dd 0xac50a806
+dd 0x50b00250
+dd 0xd00650cc
+dd 0x0250dc50
+dd 0x58805880
+dd 0x88588407
+dd 0x588c0758
+dd 0x9005588c
+dd 0x07589c58
+dd 0x58a458a4
+dd 0xdc58d006
+dd 0x58e00758
+dd 0xb80758e4
+dd 0x0759b859
+
+ref_fffd3e70:
+dd 0x02000100
+dd 0x08000400
+dd 0x20001000
+dd 0x80004000
+
+ref_fffd3e80:
+dd 0x00100000
+dd 0x00110001
+dd 0x00800081
+
+ref_fffd3e8c:
+dd 0x00010000
+dd 0x00030002
+dd 0x00050004
+dd 0x00070006
+
+ref_fffd3e9c:
+dd 0x00000000
+dd 0x00000000
+dd 0x00070000
+dd 0x03ff07ff
+dd 0x00000000
+dd 0x00000020
+dd 0x00000003
+dd 0x00000003
+dd 0x00000000
+dd 0x00010001
+dd 0x00350049
+
+ref_fffd3ec8:
+dd 0x00000401
+dd 0x00000203
+
+ref_fffd3ed0:
+dd 0x00010001
+dd 0x00000307
+
+ref_fffd3ed8:
+dd 0x00010000
+dd 0x90660000
+
+ref_fffd3ee0:
+dd loc_fffb407d
+dd loc_fffb40ab
+dd loc_fffb40e5
+dd loc_fffb415f
+dd loc_fffb415f
+dd loc_fffb415f
+dd loc_fffb415f
+dd loc_fffb415f
+dd loc_fffb415f
+dd loc_fffb415f
+dd loc_fffb4103
+dd loc_fffb4136
+
+ref_fffd3f10:
+dd loc_fffb4beb
+dd loc_fffb4bdc
+dd loc_fffb4bfa
+dd loc_fffb4c84
+dd loc_fffb4c84
+dd loc_fffb4c84
+
+ref_fffd3f28:
+dd loc_fffb52b2
+dd loc_fffb52ad
+dd loc_fffb52d3
+dd loc_fffb52c6
+dd loc_fffb530f
+dd loc_fffb52f1
+dd loc_fffb5344
+dd loc_fffb535a
+dd loc_fffb53b3
+dd loc_fffb5399
+dd loc_fffb53cc
+dd loc_fffb5414
+
+ref_fffd3f58:
+dd loc_fffb56de
+dd loc_fffb561b
+dd loc_fffb5559
+dd loc_fffb561b
+dd loc_fffb56a0
+dd loc_fffb561b
+dd loc_fffb5705
+dd loc_fffb56ef
+dd loc_fffb56a0
+dd loc_fffb553a
+
+ref_fffd3f80:
+dd loc_fffb57eb
+dd loc_fffb5802
+dd loc_fffb5819
+dd loc_fffb582d
+dd loc_fffb5841
+dd loc_fffb5858
+dd loc_fffb586f
+dd loc_fffb5883
+dd loc_fffb58be
+dd loc_fffb58d5
+dd loc_fffb592a
+dd loc_fffb599b
+dd loc_fffb59fe
+dd loc_fffb5b1f
+dd loc_fffb5b53
+
+ref_fffd3fbc:
+db 'CbAllocatePool',0x00,0x00
+
+ref_fffd3fcc:
+dd 0x00000000
+dd 0xe0566b04
+dd 0x060a0302
+
+ref_fffd3fd8:
+dd 0x008a2601
+dd 0xee84a905
+dd 0x03060402
+dd 0x008a1601
+dd 0xee4c9105
+dd 0x03050402
+dd 0x008e2601
+dd 0xe979a305
+dd 0x04070302
+dd 0x008e1601
+dd 0xe94a8b05
+dd 0x03060302
+dd 0x008a2401
+dd 0xe0566b04
+dd 0x05090302
+dd 0x008a1401
+dd 0xe03d5f04
+dd 0x04080302
+dd 0x008e2401
+dd 0xdb4f6704
+dd 0x060a0302
+dd 0x008e1401
+dd 0xdb385b04
+dd 0x05090302
+
+ref_fffd4038:
+dd 0x00000062
+dd 0x44ab8703
+dd 0x42220805
+dd 0x03000000
+dd 0x0544c19f
+dd 0x00522008
+dd 0xda030000
+dd 0x09054df2
+dd 0x0000631e
+dd 0xefc50300
+dd 0x341008cd
+dd 0x00000043
+dd 0x67877202
+dd 0x53340804
+dd 0x02000000
+dd 0x0573a398
+dd 0x00003109
+dd 0x98020000
+dd 0x090573a3
+dd 0x00000034
+
+ref_fffd4088:
+dd 0x00669263
+dd 0x82ca6a04
+dd 0x63081009
+dd 0x030066a2
+dd 0x05408934
+dd 0x92630b07
+dd 0x78040086
+dd 0x130b86d6
+dd 0x86a26309
+dd 0x8f3b0300
+dd 0x0e090642
+dd 0x00669463
+dd 0x7cb05b04
+dd 0x63070b05
+dd 0x040066a4
+dd 0x057af758
+dd 0x94630909
+dd 0x66040086
+dd 0x0d0681b9
+dd 0x86a46308
+dd 0x80320300
+dd 0x09050340
+dd 0x00671263
+dd 0x40ca9f03
+dd 0x63110705
+dd 0x03006722
+dd 0x053fca9e
+dd 0x12631807
+dd 0xa6030087
+dd 0x090642d0
+dd 0x87226313
+dd 0xd0a50300
+dd 0x1a080641
+dd 0x00671463
+dd 0x3dbd9803
+dd 0x630f0503
+dd 0x03006724
+dd 0x033dbd97
+dd 0x14631204
+dd 0x9d030087
+dd 0x060340c2
+dd 0x87246310
+dd 0xc19c0300
+dd 0x1405033f
+dd 0x006a9263
+dd 0x88b36604
+dd 0x630a0e08
+dd 0x04006aa2
+dd 0x0886b164
+dd 0x92630d0c
+dd 0x7404008a
+dd 0x110a8bbf
+dd 0x8aa2630b
+dd 0xbd720400
+dd 0x0f0f0a89
+dd 0x006a9463
+dd 0x7c9a5704
+dd 0x63080a04
+dd 0x04006aa4
+dd 0x047a9855
+dd 0x94630a08
+dd 0x6204008a
+dd 0x0b0580a3
+dd 0x8aa46309
+dd 0xa1600400
+dd 0x0b09057e
+dd 0x006b1263
+dd 0x43ab8803
+dd 0x63140704
+dd 0x03006b22
+dd 0x0443aa87
+dd 0x12631a06
+dd 0x8f03008b
+dd 0x080545b1
+dd 0x8b226315
+dd 0xb08f0300
+dd 0x1d070544
+dd 0x006b1463
+dd 0x3d9e8103
+dd 0x63100402
+dd 0x03006b24
+dd 0x023d9e80
+dd 0x14631504
+dd 0x8603008b
+dd 0x05033fa3
+dd 0x8b246311
+dd 0xa2850300
+dd 0x1504033f
+dd 0x006e9263
+dd 0x90fd7204
+dd 0x630c0d07
+dd 0x04006ea2
+dd 0x078efb71
+dd 0x92630f0b
+dd 0x4003008e
+dd 0x08054a85
+dd 0x8ea2630e
+dd 0x843f0300
+dd 0x12070549
+dd 0x006e9463
+dd 0x7ee46204
+dd 0x630a0904
+dd 0x04006ea4
+dd 0x047ce361
+dd 0x94630c07
+dd 0x6c04008e
+dd 0x0a0582ed
+dd 0x8ea4630b
+dd 0xeb6b0400
+dd 0x0d080580
+dd 0x006f1263
+dd 0x47ce8e03
+dd 0x63170604
+dd 0x03006f22
+dd 0x0447cd8e
+dd 0x12632006
+dd 0x9503008f
+dd 0x070549d4
+dd 0x8f226319
+dd 0xd3950300
+dd 0x23070548
+dd 0x006f1463
+dd 0x3ec18603
+dd 0x63130402
+dd 0x03006f24
+dd 0x023ec186
+dd 0x14631603
+dd 0x8c03008f
+dd 0x040340c6
+dd 0x8f246314
+dd 0xc58b0300
+dd 0x1a040340
+dd 0x00729263
+dd 0x9ce66f04
+dd 0x630e0c07
+dd 0x040072a2
+dd 0x079be46d
+dd 0x9263120b
+dd 0x7c040092
+dd 0x0e089ff1
+dd 0x92a2630f
+dd 0xf07b0400
+dd 0x140d089d
+dd 0x00729463
+dd 0x83ce5f04
+dd 0x630b0804
+dd 0x040072a4
+dd 0x0482cc5e
+dd 0x94630d06
+dd 0x69040092
+dd 0x090587d6
+dd 0x92a4630c
+dd 0xd5680400
+dd 0x0e070586
+dd 0x00731263
+dd 0x4eb78103
+dd 0x631a0604
+dd 0x03007322
+dd 0x044db680
+dd 0x12632105
+dd 0x87030093
+dd 0x07044fbd
+dd 0x9322631c
+dd 0xbc870300
+dd 0x2506044f
+dd 0x00731463
+dd 0x41ab7903
+dd 0x63150402
+dd 0x03007324
+dd 0x0241aa78
+dd 0x14631903
+dd 0x7e030093
+dd 0x040343af
+dd 0x93246316
+dd 0xaf7d0300
+dd 0x1d040343
+dd 0x00769263
+dd 0xa6d46c04
+dd 0x630f0b06
+dd 0x040076a2
+dd 0x06a4d36b
+dd 0x9263130a
+dd 0x7a040096
+dd 0x0d08a8e0
+dd 0x96a26311
+dd 0xde790400
+dd 0x160c08a7
+dd 0x00769463
+dd 0x87bd5c04
+dd 0x630c0703
+dd 0x040076a4
+dd 0x0385bb5b
+dd 0x94630e06
+dd 0x66040096
+dd 0x08048ac5
+dd 0x96a4630d
+dd 0xc3650400
+dd 0x10070489
+dd 0x00771263
+dd 0x52a67603
+dd 0x631a0503
+dd 0x03007722
+dd 0x0352a576
+dd 0x12632405
+dd 0x7d030097
+dd 0x060454ab
+dd 0x9722631d
+dd 0xab7d0300
+dd 0x29060453
+dd 0x00771463
+dd 0x439a6e03
+dd 0x63150302
+dd 0x03007724
+dd 0x02439a6e
+dd 0x14631b03
+dd 0x73030097
+dd 0x0402459e
+dd 0x97246318
+dd 0x9d730300
+dd 0x1c030244
+dd 0x00669243
+dd 0x82c97704
+dd 0x43091009
+dd 0x040066a2
+dd 0x097fc775
+dd 0x92430c0e
+dd 0x85040086
+dd 0x130b86d6
+dd 0x86a2430a
+dd 0xd3830400
+dd 0x0d110b83
+dd 0x00669443
+dd 0x7cb06804
+dd 0x43070b05
+dd 0x040066a4
+dd 0x057aae66
+dd 0x94430909
+dd 0x73040086
+dd 0x0d0681b9
+dd 0x86a44308
+dd 0xb7710400
+dd 0x0a0a067e
+dd 0x00671243
+dd 0x40e8bd03
+dd 0x43130705
+dd 0x03006722
+dd 0x053fe8bd
+dd 0x12431a07
+dd 0xc4030087
+dd 0x090642ef
+dd 0x87224315
+dd 0xeec30300
+dd 0x1c080641
+dd 0x00671443
+dd 0x3ddcb603
+dd 0x43110503
+dd 0x03006724
+dd 0x033ddbb5
+dd 0x14431404
+dd 0xbb030087
+dd 0x060340e0
+dd 0x87244312
+dd 0xdfbb0300
+dd 0x1605033f
+dd 0x006a9243
+dd 0x88b27104
+dd 0x430a0e08
+dd 0x04006aa2
+dd 0x0886b16f
+dd 0x92430d0c
+dd 0x7f04008a
+dd 0x110a8bbf
+dd 0x8aa2430b
+dd 0xbd7d0400
+dd 0x0f0f0a89
+dd 0x006a9443
+dd 0x7c9a6204
+dd 0x43080a04
+dd 0x04006aa4
+dd 0x047a9860
+dd 0x94430a08
+dd 0x6d04008a
+dd 0x0b0580a3
+dd 0x8aa44309
+dd 0xa16b0400
+dd 0x0b09057e
+dd 0x006b1243
+dd 0x43c3a003
+dd 0x43150704
+dd 0x03006b22
+dd 0x0443c2a0
+dd 0x12431c06
+dd 0xa703008b
+dd 0x080545c9
+dd 0x8b224317
+dd 0xc8a70300
+dd 0x1f070544
+dd 0x006b1443
+dd 0x3db69903
+dd 0x43110402
+dd 0x03006b24
+dd 0x023db698
+dd 0x14431604
+dd 0x9e03008b
+dd 0x05033fbb
+dd 0x8b244313
+dd 0xba9e0300
+dd 0x1704033f
+dd 0x006e9243
+dd 0x90d27904
+dd 0x430c0d07
+dd 0x04006ea2
+dd 0x078ed077
+dd 0x92430f0b
+dd 0x8704008e
+dd 0x0f0993de
+dd 0x8ea2430d
+dd 0xdc850400
+dd 0x110d0991
+dd 0x006e9443
+dd 0x7eba6904
+dd 0x430a0804
+dd 0x04006ea4
+dd 0x047cb867
+dd 0x94430c07
+dd 0x7304008e
+dd 0x0a0581c2
+dd 0x8ea4430b
+dd 0xc0720400
+dd 0x0d080580
+dd 0x006f1243
+dd 0x47ba8e03
+dd 0x43170604
+dd 0x03006f22
+dd 0x0447ba8e
+dd 0x12432006
+dd 0x9503008f
+dd 0x070549c0
+dd 0x8f224319
+dd 0xc0940300
+dd 0x23070548
+dd 0x006f1443
+dd 0x3eae8603
+dd 0x43130402
+dd 0x03006f24
+dd 0x023eae86
+dd 0x14431603
+dd 0x8b03008f
+dd 0x040340b2
+dd 0x8f244314
+dd 0xb28b0300
+dd 0x1a040340
+dd 0x00729243
+dd 0x9cc17504
+dd 0x430e0c07
+dd 0x040072a2
+dd 0x079bbf73
+dd 0x9243120b
+dd 0x82040092
+dd 0x0e089fcc
+dd 0x92a2430f
+dd 0xcb810400
+dd 0x140c089d
+dd 0x00729443
+dd 0x83a96504
+dd 0x430b0804
+dd 0x040072a4
+dd 0x0482a864
+dd 0x94430d06
+dd 0x6f040092
+dd 0x090587b1
+dd 0x92a4430c
+dd 0xb06e0400
+dd 0x0e070586
+dd 0x00731243
+dd 0x4ea68003
+dd 0x431a0604
+dd 0x03007322
+dd 0x044da680
+dd 0x12432105
+dd 0x87030093
+dd 0x07044fac
+dd 0x9322431c
+dd 0xab870300
+dd 0x2506044f
+dd 0x00731443
+dd 0x419a7803
+dd 0x43150402
+dd 0x03007324
+dd 0x02419a78
+dd 0x14431903
+dd 0x7d030093
+dd 0x0403439e
+dd 0x93244316
+dd 0x9e7d0300
+dd 0x1d040343
+dd 0x00769243
+dd 0xa5b47204
+dd 0x430f0b06
+dd 0x040076a2
+dd 0x06a4b370
+dd 0x9243140a
+dd 0x7f040096
+dd 0x0d08a8c0
+dd 0x96a24311
+dd 0xbe7e0400
+dd 0x160c08a7
+dd 0x00769443
+dd 0x879d6104
+dd 0x430c0703
+dd 0x040076a4
+dd 0x03859b60
+dd 0x94430e06
+dd 0x6b040096
+dd 0x08048aa4
+dd 0x96a4430d
+dd 0xa36a0400
+dd 0x10070489
+dd 0x00771243
+dd 0x52977603
+dd 0x431a0503
+dd 0x03007722
+dd 0x03529776
+dd 0x12432405
+dd 0x7d030097
+dd 0x0604549d
+dd 0x9722431d
+dd 0x9c7c0300
+dd 0x29060453
+dd 0x00771443
+dd 0x438b6e03
+dd 0x43150302
+dd 0x03007724
+dd 0x02438b6d
+dd 0x14431b03
+dd 0x73030097
+dd 0x0402458f
+dd 0x97244318
+dd 0x8f720300
+dd 0x1c030244
+dd 0x00669253
+dd 0x91e28504
+dd 0x5308120a
+dd 0x040066a2
+dd 0x0a8fdf83
+dd 0x92530b0f
+dd 0x95040086
+dd 0x150d96f0
+dd 0x86a25309
+dd 0xed920400
+dd 0x0d130d93
+dd 0x00669453
+dd 0x9acf7e04
+dd 0x53060c06
+dd 0x040066a4
+dd 0x0698cc7b
+dd 0x9453080a
+dd 0x8b040086
+dd 0x0e07a0da
+dd 0x86a45307
+dd 0xd7890400
+dd 0x0a0c079d
+dd 0x00671253
+dd 0x248c7702
+dd 0x530f0403
+dd 0x02006722
+dd 0x03248c76
+dd 0x12531704
+dd 0x7b020087
+dd 0x05042590
+dd 0x87225311
+dd 0x8f7a0200
+dd 0x1b050425
+dd 0x00671453
+dd 0x26877502
+dd 0x530d0302
+dd 0x02006724
+dd 0x02268774
+dd 0x14531303
+dd 0x78020087
+dd 0x0302288a
+dd 0x8724530d
+dd 0x8a780200
+dd 0x13030227
+dd 0x006a9253
+dd 0x98c87e04
+dd 0x53091009
+dd 0x04006aa2
+dd 0x0996c67c
+dd 0x92530d0e
+dd 0x8e04008a
+dd 0x120b9cd6
+dd 0x8aa2530a
+dd 0xd48c0400
+dd 0x0e100b9a
+dd 0x006a9453
+dd 0x9ab67704
+dd 0x53070b05
+dd 0x04006aa4
+dd 0x0598b475
+dd 0x94530a09
+dd 0x8404008a
+dd 0x0c079fc0
+dd 0x8aa45308
+dd 0xbe820400
+dd 0x0a0a079d
+dd 0x006b1253
+dd 0x26928302
+dd 0x53130403
+dd 0x02006b22
+dd 0x03269282
+dd 0x12531d04
+dd 0x8702008b
+dd 0x05032796
+dd 0x8b225316
+dd 0x95860200
+dd 0x1d040327
+dd 0x006b1453
+dd 0x268e8102
+dd 0x53110302
+dd 0x02006b24
+dd 0x02268d80
+dd 0x14531302
+dd 0x8402008b
+dd 0x03022890
+dd 0x8b245311
+dd 0x90840200
+dd 0x18030227
+dd 0x006e9253
+dd 0xa1b87a04
+dd 0x530a0e08
+dd 0x04006ea2
+dd 0x08a0b679
+dd 0x92530e0c
+dd 0x8a04008e
+dd 0x100aa5c5
+dd 0x8ea2530b
+dd 0xc4880400
+dd 0x100f0aa3
+dd 0x006e9453
+dd 0x9ca67104
+dd 0x53080a05
+dd 0x04006ea4
+dd 0x059aa470
+dd 0x94530b08
+dd 0x7e04008e
+dd 0x0b06a1b0
+dd 0x8ea45309
+dd 0xae7c0400
+dd 0x0c09069f
+dd 0x006f1253
+dd 0x50fce203
+dd 0x53140704
+dd 0x03006f22
+dd 0x0450fbe1
+dd 0x12531c06
+dd 0x7502008f
+dd 0x04032982
+dd 0x8f225316
+dd 0x81750200
+dd 0x22040329
+dd 0x006f1453
+dd 0x4ef3dd03
+dd 0x53100403
+dd 0x03006f24
+dd 0x034df2dd
+dd 0x14531604
+dd 0xe403008f
+dd 0x050350f8
+dd 0x8f245312
+dd 0xf7e30300
+dd 0x19050350
+dd 0x00729253
+dd 0xafac7704
+dd 0x530b0d07
+dd 0x040072a2
+dd 0x07aeab76
+dd 0x9253100c
+dd 0x86040092
+dd 0x0f09b2b9
+dd 0x92a2530d
+dd 0xb8850400
+dd 0x120e09b1
+dd 0x00729453
+dd 0xa39a6f04
+dd 0x53090904
+dd 0x040072a4
+dd 0x04a2996d
+dd 0x94530c07
+dd 0x7b040092
+dd 0x0a05a8a5
+dd 0x92a4530a
+dd 0xa37a0400
+dd 0x0e0905a7
+dd 0x00731253
+dd 0x57dfc903
+dd 0x53150604
+dd 0x03007322
+dd 0x0457dfc8
+dd 0x12532006
+dd 0xd0030093
+dd 0x070559e6
+dd 0x93225317
+dd 0xe5d00300
+dd 0x24070558
+dd 0x00731453
+dd 0x51d6c503
+dd 0x53120402
+dd 0x03007324
+dd 0x0251d6c4
+dd 0x14531904
+dd 0xcb030093
+dd 0x050354db
+dd 0x93245314
+dd 0xdbcb0300
+dd 0x19040353
+dd 0x00769253
+dd 0xbaa47504
+dd 0x530d0c07
+dd 0x040076a2
+dd 0x07b9a274
+dd 0x9253120b
+dd 0x84040096
+dd 0x0e09bcb0
+dd 0x96a2530e
+dd 0xaf830400
+dd 0x140d09bb
+dd 0x00769453
+dd 0xa7926c04
+dd 0x530a0804
+dd 0x040076a4
+dd 0x04a6916a
+dd 0x94530d07
+dd 0x78040096
+dd 0x0905ac9c
+dd 0x96a4530b
+dd 0x9b770400
+dd 0x0e0805ab
+dd 0x00771253
+dd 0x5dcab603
+dd 0x53180604
+dd 0x03007722
+dd 0x045cc9b6
+dd 0x12532406
+dd 0xbe030097
+dd 0x07055ed0
+dd 0x9722531a
+dd 0xd0bd0300
+dd 0x2406055e
+dd 0x00771453
+dd 0x53c1b103
+dd 0x53130402
+dd 0x03007724
+dd 0x0253c1b1
+dd 0x14531703
+dd 0xb8030097
+dd 0x040356c6
+dd 0x97245314
+dd 0xc6b70300
+dd 0x1c040355
+dd 0x00669262
+dd 0x69a35604
+dd 0x62070d07
+dd 0x040066a2
+dd 0x0767dd54
+dd 0x9262090b
+dd 0x61040086
+dd 0x10096cad
+dd 0x86a26208
+dd 0xe75f0400
+dd 0x0b0e096a
+dd 0x00669462
+dd 0x658f4a04
+dd 0x62060904
+dd 0x040066a4
+dd 0x0463c948
+dd 0x94620707
+dd 0x53040086
+dd 0x0a056996
+dd 0x86a46206
+dd 0xd0510400
+dd 0x08080567
+dd 0x00671262
+dd 0x34a48103
+dd 0x620e0604
+dd 0x03006722
+dd 0x0433a380
+dd 0x12621406
+dd 0x87030087
+dd 0x070536a9
+dd 0x87226210
+dd 0xa8860300
+dd 0x16070535
+dd 0x00671462
+dd 0x329a7b03
+dd 0x620c0402
+dd 0x03006724
+dd 0x0231997a
+dd 0x14620e03
+dd 0x7f030087
+dd 0x0503349d
+dd 0x8724620d
+dd 0x9d7f0300
+dd 0x10040333
+dd 0x006a9262
+dd 0x6e915304
+dd 0x62080c06
+dd 0x04006aa2
+dd 0x066d8f51
+dd 0x92620b0a
+dd 0x5e04008a
+dd 0x0e08719b
+dd 0x8aa26209
+dd 0x995c0400
+dd 0x0c0c086f
+dd 0x006a9462
+dd 0xc9f98d05
+dd 0x62060f07
+dd 0x05006aa4
+dd 0x07c5f68a
+dd 0x9462080c
+dd 0x4f04008a
+dd 0x09046884
+dd 0x8aa46207
+dd 0x824e0400
+dd 0x09070466
+dd 0x006b1262
+dd 0x378a6e03
+dd 0x620f0503
+dd 0x03006b22
+dd 0x03368a6e
+dd 0x12621605
+dd 0x7403008b
+dd 0x0604388f
+dd 0x8b226211
+dd 0x8f740300
+dd 0x18060438
+dd 0x006b1462
+dd 0x32806803
+dd 0x620e0402
+dd 0x04006b24
+dd 0x0462ffcf
+dd 0x14621006
+dd 0x6d03008b
+dd 0x04023484
+dd 0x8b24620e
+dd 0x836c0300
+dd 0x13040233
+dd 0x006e9262
+dd 0x75cd5d04
+dd 0x620a0b06
+dd 0x04006ea2
+dd 0x0673cb5b
+dd 0x92620d09
+dd 0x6804008e
+dd 0x0c0777d6
+dd 0x8ea2620b
+dd 0xd5660400
+dd 0x0e0b0776
+dd 0x006e9462
+dd 0x66b95004
+dd 0x62080703
+dd 0x04006ea4
+dd 0x0365b84e
+dd 0x94620a06
+dd 0x5804008e
+dd 0x080469c0
+dd 0x8ea46209
+dd 0xbe570400
+dd 0x0b070468
+dd 0x006f1262
+dd 0x3aa77303
+dd 0x62130503
+dd 0x03006f22
+dd 0x033aa673
+dd 0x12621a05
+dd 0x7903008f
+dd 0x06043bab
+dd 0x8f226215
+dd 0xab790300
+dd 0x1b05043b
+dd 0x006f1462
+dd 0x339d6d03
+dd 0x620f0302
+dd 0x03006f24
+dd 0x02329c6d
+dd 0x14621403
+dd 0x7103008f
+dd 0x040234a0
+dd 0x8f246211
+dd 0xa0710300
+dd 0x14030234
+dd 0x00729262
+dd 0x7fba5a04
+dd 0x620b0a05
+dd 0x040072a2
+dd 0x057eb959
+dd 0x92620f09
+dd 0x65040092
+dd 0x0b0781c3
+dd 0x92a2620c
+dd 0xc2640400
+dd 0x100a0780
+dd 0x00729462
+dd 0x6ba74d04
+dd 0x62090603
+dd 0x040072a4
+dd 0x0369a64c
+dd 0x94620a05
+dd 0x55040092
+dd 0x07046ead
+dd 0x92a46209
+dd 0xac540400
+dd 0x0c06046c
+dd 0x00731262
+dd 0x3f946803
+dd 0x62150503
+dd 0x03007322
+dd 0x033f9468
+dd 0x12621b04
+dd 0x6e030093
+dd 0x05044099
+dd 0x93226216
+dd 0x986d0300
+dd 0x1e050440
+dd 0x00731462
+dd 0x358a6203
+dd 0x62110302
+dd 0x03007324
+dd 0x02358a62
+dd 0x14621603
+dd 0x66030093
+dd 0x0302378e
+dd 0x93246211
+dd 0x8d660300
+dd 0x17030236
+dd 0x00769262
+dd 0x86ac5804
+dd 0x620c0905
+dd 0x040076a2
+dd 0x0585ab57
+dd 0x92621008
+dd 0x63040096
+dd 0x0b0688b5
+dd 0x96a2620e
+dd 0xb4620400
+dd 0x120a0687
+dd 0x00769462
+dd 0x6d994a04
+dd 0x620a0603
+dd 0x040076a4
+dd 0x036c9849
+dd 0x94620c05
+dd 0x53040096
+dd 0x0704709f
+dd 0x96a4620b
+dd 0x9e520400
+dd 0x0d06046f
+dd 0x00771262
+dd 0x43866003
+dd 0x62160403
+dd 0x03007722
+dd 0x03438660
+dd 0x12621d04
+dd 0x65030097
+dd 0x0503448b
+dd 0x97226218
+dd 0x8b650300
+dd 0x22050344
+dd 0x00771462
+dd 0x6cf9b204
+dd 0x62110503
+dd 0x04007724
+dd 0x036cf8b1
+dd 0x14621605
+dd 0xba040097
+dd 0x06046fff
+dd 0x97246213
+dd 0xffb90400
+dd 0x1705046f
+dd 0x00669242
+dd 0x69a36304
+dd 0x42070d07
+dd 0x040066a2
+dd 0x0767a161
+dd 0x9242090b
+dd 0x6e040086
+dd 0x10096cad
+dd 0x86a24208
+dd 0xab6c0400
+dd 0x0b0e096a
+dd 0x00669442
+dd 0x658f5704
+dd 0x42060904
+dd 0x040066a4
+dd 0x04638d55
+dd 0x94420707
+dd 0x5f040086
+dd 0x0a056896
+dd 0x86a44206
+dd 0x945d0400
+dd 0x08080567
+dd 0x00671242
+dd 0x34bc9903
+dd 0x42100604
+dd 0x03006722
+dd 0x0433bc99
+dd 0x12421606
+dd 0x9f030087
+dd 0x070536c1
+dd 0x87224211
+dd 0xc19e0300
+dd 0x18070535
+dd 0x00671442
+dd 0x32b29303
+dd 0x420d0402
+dd 0x03006724
+dd 0x0231b193
+dd 0x14420f03
+dd 0x98030087
+dd 0x050334b6
+dd 0x8724420f
+dd 0xb5970300
+dd 0x12040333
+dd 0x006a9242
+dd 0x6e915d04
+dd 0x42080c06
+dd 0x04006aa2
+dd 0x066d8f5b
+dd 0x92420b0a
+dd 0x6804008a
+dd 0x0e08719b
+dd 0x8aa24209
+dd 0x99670400
+dd 0x0d0c086f
+dd 0x006a9442
+dd 0xc8f9a205
+dd 0x42070f07
+dd 0x05006aa4
+dd 0x07c5f69e
+dd 0x9442080c
+dd 0x5a04008a
+dd 0x09046884
+dd 0x8aa44207
+dd 0x82580400
+dd 0x09070466
+dd 0x006b1242
+dd 0x379e8203
+dd 0x42110503
+dd 0x03006b22
+dd 0x03369d81
+dd 0x12421705
+dd 0x8803008b
+dd 0x060438a3
+dd 0x8b224212
+dd 0xa2870300
+dd 0x1a060438
+dd 0x006b1442
+dd 0x32947c03
+dd 0x420e0302
+dd 0x03006b24
+dd 0x0231937b
+dd 0x14421203
+dd 0x8003008b
+dd 0x04023497
+dd 0x8b24420f
+dd 0x97800300
+dd 0x14040233
+dd 0x006e9242
+dd 0x74aa6304
+dd 0x420a0b06
+dd 0x04006ea2
+dd 0x0673a962
+dd 0x92420d09
+dd 0x6f04008e
+dd 0x0c0777b4
+dd 0x8ea2420b
+dd 0xb26d0400
+dd 0x0f0b0776
+dd 0x006e9442
+dd 0x66965604
+dd 0x42080703
+dd 0x04006ea4
+dd 0x03649555
+dd 0x94420a06
+dd 0x5f04008e
+dd 0x0804699d
+dd 0x8ea44209
+dd 0x9c5d0400
+dd 0x0b070468
+dd 0x006f1242
+dd 0x3a977303
+dd 0x42130503
+dd 0x03006f22
+dd 0x033a9673
+dd 0x12421a05
+dd 0x7903008f
+dd 0x06043b9c
+dd 0x8f224215
+dd 0x9b780300
+dd 0x1b05043b
+dd 0x006f1442
+dd 0x338d6d03
+dd 0x420f0302
+dd 0x03006f24
+dd 0x02328d6c
+dd 0x14421403
+dd 0x7103008f
+dd 0x04023490
+dd 0x8f244211
+dd 0x90700300
+dd 0x14030234
+dd 0x00729242
+dd 0x7f9c6004
+dd 0x420b0a05
+dd 0x040072a2
+dd 0x057e9b5f
+dd 0x92420f09
+dd 0x6b040092
+dd 0x0b0781a6
+dd 0x92a2420c
+dd 0xa56a0400
+dd 0x100a0780
+dd 0x00729442
+dd 0x6a895304
+dd 0x42090603
+dd 0x040072a4
+dd 0x03698852
+dd 0x94420b05
+dd 0x5b040092
+dd 0x07046d90
+dd 0x92a4420a
+dd 0x8f5a0400
+dd 0x0c06046c
+dd 0x00731242
+dd 0x3f876803
+dd 0x42150503
+dd 0x03007322
+dd 0x033f8668
+dd 0x12421a04
+dd 0x6d030093
+dd 0x0504408b
+dd 0x93224216
+dd 0x8b6d0300
+dd 0x1e050440
+dd 0x00731442
+dd 0x6af9c304
+dd 0x42100503
+dd 0x04007324
+dd 0x0369f9c2
+dd 0x14421405
+dd 0x66030093
+dd 0x03023780
+dd 0x93244211
+dd 0xffca0400
+dd 0x1606046c
+dd 0x00769242
+dd 0x86925d04
+dd 0x420c0905
+dd 0x040076a2
+dd 0x0585915c
+dd 0x92421008
+dd 0x68040096
+dd 0x0b06889b
+dd 0x96a2420e
+dd 0x9a670400
+dd 0x120a0687
+dd 0x00769442
+dd 0xdafd9f05
+dd 0x420a0b05
+dd 0x050076a4
+dd 0x05d8fb9d
+dd 0x94420b09
+dd 0x58040096
+dd 0x07047085
+dd 0x96a4420b
+dd 0x84570400
+dd 0x0d06046f
+dd 0x00771242
+dd 0x85f4bf04
+dd 0x42150805
+dd 0x04007722
+dd 0x0585f4be
+dd 0x12421d08
+dd 0xca040097
+dd 0x0a0687fe
+dd 0x97224218
+dd 0xfdc90400
+dd 0x20090687
+dd 0x00771442
+dd 0x6ce1b104
+dd 0x42110503
+dd 0x04007724
+dd 0x036ce1b1
+dd 0x14421605
+dd 0xb9040097
+dd 0x06046fe8
+dd 0x97244213
+dd 0xe7b90400
+dd 0x1705046f
+dd 0x00669252
+dd 0x76b76e04
+dd 0x52060e08
+dd 0x040066a2
+dd 0x0874b56c
+dd 0x9252090c
+dd 0x7b040086
+dd 0x110a79c2
+dd 0x86a25207
+dd 0xc0790400
+dd 0x0a0f0a77
+dd 0x00669452
+dd 0x7da76804
+dd 0x52050a05
+dd 0x040066a4
+dd 0x057ba566
+dd 0x94520708
+dd 0x73040086
+dd 0x0c0681b0
+dd 0x86a45206
+dd 0xaf710400
+dd 0x080a067f
+dd 0x00671252
+dd 0x3ae3c003
+dd 0x520d0704
+dd 0x03006722
+dd 0x043ae2bf
+dd 0x12521206
+dd 0xc6030087
+dd 0x08053ce8
+dd 0x8722520e
+dd 0xe8c60300
+dd 0x1407053b
+dd 0x00671452
+dd 0x3edbbd03
+dd 0x520a0403
+dd 0x03006724
+dd 0x033ddabc
+dd 0x14520e04
+dd 0xc2030087
+dd 0x050340df
+dd 0x8724520b
+dd 0xdfc20300
+dd 0x10050340
+dd 0x006a9252
+dd 0x7ba26804
+dd 0x52070d07
+dd 0x04006aa2
+dd 0x077aa166
+dd 0x92520a0b
+dd 0x7504008a
+dd 0x0f097eae
+dd 0x8aa25208
+dd 0xac730400
+dd 0x0c0d097d
+dd 0x006a9452
+dd 0x7d936204
+dd 0x52060904
+dd 0x04006aa4
+dd 0x047b9261
+dd 0x94520807
+dd 0x6d04008a
+dd 0x0a05819c
+dd 0x8aa45207
+dd 0x9a6b0400
+dd 0x0908057f
+dd 0x006b1252
+dd 0x3dedd303
+dd 0x520f0604
+dd 0x03006b22
+dd 0x043decd3
+dd 0x12521405
+dd 0xda03008b
+dd 0x07053ff2
+dd 0x8b225210
+dd 0xf2d90300
+dd 0x1907053e
+dd 0x006b1452
+dd 0x3ee5d003
+dd 0x520d0402
+dd 0x03006b24
+dd 0x023de5d0
+dd 0x14521104
+dd 0xd603008b
+dd 0x050340e9
+dd 0x8b24520e
+dd 0xe9d50300
+dd 0x12040340
+dd 0x006e9252
+dd 0x83956404
+dd 0x52080b06
+dd 0x04006ea2
+dd 0x06819463
+dd 0x92520b0a
+dd 0x7104008e
+dd 0x0d0885a0
+dd 0x8ea25209
+dd 0x9f700400
+dd 0x0d0c0884
+dd 0x006e9452
+dd 0x7e865d04
+dd 0x52070804
+dd 0x04006ea4
+dd 0x047d855c
+dd 0x94520907
+dd 0x6804008e
+dd 0x0905828f
+dd 0x8ea45207
+dd 0x8d660400
+dd 0x0a080581
+dd 0x006f1252
+dd 0x41ccb703
+dd 0x52100503
+dd 0x03006f22
+dd 0x0341ccb7
+dd 0x12521705
+dd 0xbd03008f
+dd 0x060442d2
+dd 0x8f225211
+dd 0xd1bd0300
+dd 0x1a060442
+dd 0x006f1452
+dd 0x3fc5b303
+dd 0x520e0402
+dd 0x03006f24
+dd 0x023fc4b3
+dd 0x14521103
+dd 0xb903008f
+dd 0x040341c9
+dd 0x8f24520e
+dd 0xc9b80300
+dd 0x14040341
+dd 0x00729252
+dd 0x8e8c6204
+dd 0x520a0b06
+dd 0x040072a2
+dd 0x068d8a61
+dd 0x92520d0a
+dd 0x6e040092
+dd 0x0c089096
+dd 0x92a2520a
+dd 0x956d0400
+dd 0x0f0b088f
+dd 0x00729452
+dd 0x847d5b04
+dd 0x52080704
+dd 0x040072a4
+dd 0x04837c5a
+dd 0x94520a06
+dd 0x65040092
+dd 0x08058885
+dd 0x92a45208
+dd 0x84640400
+dd 0x0b070587
+dd 0x00731252
+dd 0x47b5a303
+dd 0x52120503
+dd 0x03007322
+dd 0x0347b5a2
+dd 0x12521a05
+dd 0xa9030093
+dd 0x060448ba
+dd 0x93225214
+dd 0xbaa90300
+dd 0x1e060448
+dd 0x00731452
+dd 0x42ae9f03
+dd 0x520e0302
+dd 0x03007324
+dd 0x0242ad9f
+dd 0x14521303
+dd 0xa4030093
+dd 0x040344b2
+dd 0x93245210
+dd 0xb2a40300
+dd 0x17040344
+dd 0x00769252
+dd 0x97856004
+dd 0x520b0a06
+dd 0x040076a2
+dd 0x0696845f
+dd 0x92520e09
+dd 0x6c040096
+dd 0x0c07998f
+dd 0x96a2520c
+dd 0x8e6b0400
+dd 0x110b0798
+dd 0x00769452
+dd 0x88765804
+dd 0x52090703
+dd 0x040076a4
+dd 0x03877557
+dd 0x94520b06
+dd 0x62040096
+dd 0x08048b7e
+dd 0x96a45209
+dd 0x7d610400
+dd 0x0c07048a
+dd 0x00771252
+dd 0x4ba49403
+dd 0x52140503
+dd 0x03007722
+dd 0x034ba393
+dd 0x12521e05
+dd 0x9a030097
+dd 0x06044ca9
+dd 0x97225216
+dd 0xa8990300
+dd 0x1e05044c
+dd 0x00771452
+dd 0x449c9003
+dd 0x520f0302
+dd 0x03007724
+dd 0x02439c8f
+dd 0x14521503
+dd 0x95030097
+dd 0x040245a0
+dd 0x97245211
+dd 0xa0950300
+dd 0x16030245
+dd 0x0046a263
+dd 0xccad5a03
+dd 0x63170e08
+dd 0x03004692
+dd 0x08cd8a5b
+dd 0x22631110
+dd 0xc5030047
+dd 0x0e08cbee
+dd 0x4712632b
+dd 0xefc50300
+dd 0x1e0f08cc
+dd 0x0046a243
+dd 0xcc886103
+dd 0x43170e08
+dd 0x03004692
+dd 0x08cd8a62
+dd 0x22431110
+dd 0x72020047
+dd 0x07046686
+dd 0x4712432c
+dd 0x87720200
+dd 0x20080466
+dd 0x0046a253
+dd 0xe5996d03
+dd 0x53171009
+dd 0x03004692
+dd 0x09e69a6e
+dd 0x22531011
+dd 0x8c020047
+dd 0x080573a0
+dd 0x4712532b
+dd 0xa18c0200
+dd 0x1b080573
+dd 0x0046a463
+dd 0x62974003
+dd 0x630e0805
+dd 0x04004694
+dd 0x09c5e783
+dd 0x24630a12
+dd 0xab030047
+dd 0x080561d8
+dd 0x4714631b
+dd 0xd9ac0300
+dd 0x14080562
+dd 0x0046a443
+dd 0xc3e48e04
+dd 0x430e1009
+dd 0x04004694
+dd 0x09c5e690
+dd 0x24430b12
+dd 0xc9030047
+dd 0x080561f6
+dd 0x4714431d
+dd 0xf7ca0300
+dd 0x15080562
+dd 0x0046a453
+dd 0x7a885703
+dd 0x530f0a06
+dd 0x03004694
+dd 0x067b8a58
+dd 0x24530a0b
+dd 0x81020047
+dd 0x05033d98
+dd 0x4714531c
+dd 0x98810200
+dd 0x1205033d
+dd 0x004aa263
+dd 0xa8765803
+dd 0x631a0d08
+dd 0x03004a92
+dd 0x08a97759
+dd 0x2263130e
+dd 0xad03004b
+dd 0x0c08a8c8
+dd 0x4b12632e
+dd 0xc8ad0300
+dd 0x200d08a9
+dd 0x004aa243
+dd 0xa8765d03
+dd 0x431a0d08
+dd 0x03004a92
+dd 0x08a9775e
+dd 0x2243130e
+dd 0xc503004b
+dd 0x0c08a8e0
+dd 0x4b12432f
+dd 0xe0c50300
+dd 0x220d08a9
+dd 0x004aa253
+dd 0xbd856803
+dd 0x53190e08
+dd 0x03004a92
+dd 0x08be8669
+dd 0x2253110f
+dd 0x9702004b
+dd 0x07045fa3
+dd 0x4b125330
+dd 0xa3980200
+dd 0x1e07045f
+dd 0x004aa463
+dd 0xc7ca8304
+dd 0x63100e08
+dd 0x04004a94
+dd 0x08c9cc85
+dd 0x24630c10
+dd 0x9703004b
+dd 0x070463b6
+dd 0x4b14631e
+dd 0xb7970300
+dd 0x16070464
+dd 0x004aa443
+dd 0xc7ca8e04
+dd 0x43100e08
+dd 0x04004a94
+dd 0x08c9cb8f
+dd 0x24430c10
+dd 0xaf03004b
+dd 0x070463cf
+dd 0x4b144320
+dd 0xcfb00300
+dd 0x17070464
+dd 0x004aa453
+dd 0xf8f2ae04
+dd 0x53101009
+dd 0x04004a94
+dd 0x09faf4b0
+dd 0x24530c12
+dd 0x8f02004b
+dd 0x04033e9d
+dd 0x4b14531f
+dd 0x9d8f0200
+dd 0x1705033f
+dd 0x004ea263
+dd 0x94975d03
+dd 0x631c0b06
+dd 0x03004e92
+dd 0x0695985e
+dd 0x2263150c
+dd 0xb203004f
+dd 0x0b0693e7
+dd 0x4f126334
+dd 0xe7b30300
+dd 0x230b0694
+dd 0x004ea243
+dd 0x94826003
+dd 0x431d0b06
+dd 0x03004e92
+dd 0x06958361
+dd 0x2243150c
+dd 0xb203004f
+dd 0x0b0693d3
+dd 0x4f124334
+dd 0xd4b20300
+dd 0x230b0694
+dd 0x004ea253
+dd 0xa6786503
+dd 0x531a0c07
+dd 0x03004e92
+dd 0x07a77966
+dd 0x2253120d
+dd 0x8502004f
+dd 0x0604538c
+dd 0x4f125331
+dd 0x8c860200
+dd 0x1f060453
+dd 0x004ea463
+dd 0x60884703
+dd 0x63120604
+dd 0x03004e94
+dd 0x04618948
+dd 0x24630e07
+dd 0x9c03004f
+dd 0x060460d8
+dd 0x4f146322
+dd 0xd89d0300
+dd 0x19060460
+dd 0x004ea443
+dd 0xc0e59404
+dd 0x43120c07
+dd 0x04004e94
+dd 0x07c1e796
+dd 0x24430e0e
+dd 0x9c03004f
+dd 0x060460c4
+dd 0x4f144322
+dd 0xc59c0300
+dd 0x19060460
+dd 0x004ea453
+dd 0xefdda704
+dd 0x53110e08
+dd 0x04004e94
+dd 0x08f0dea9
+dd 0x24530d10
+dd 0x7d02004f
+dd 0x04023c88
+dd 0x4f145324
+dd 0x887d0200
+dd 0x1804023c
+
+ref_fffd5840:
+db '0000000000000000',0x00,0x00,0x00,0x00
+
+ref_fffd5854:
+db ' ',0x00,0x00,0x00,0x00
+
+ref_fffd5868:
+db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ',0x00,0x00,0x00,0x00
+
+ref_fffd5890:
+dd 0x00000001
+dd 0x00000002
+dd 0x00000004
+dd 0x00000008
+dd 0x00000010
+dd 0x00000020
+dd 0x00000040
+dd 0x00000000
+
+ref_fffd58b0:
+db ' +-#0!^',0x00
+
+ref_fffd58b8:
+dd 0x283c7800
+dd 0x9066141e
+
+ref_fffd58c0:
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00000001
+dd 0x00000000
+dd 0x00000001
+
+ref_fffd58d8:
+dd 0x01010101
+dd 0x00010101
+
+ref_fffd58e0:
+dd 0xfb0af600
+dd 0x000ff105
+
+ref_fffd58e8:
+dd 0x00aaaaaa
+dd 0x00cccccc
+dd 0x00f0f0f0
+
+ref_fffd58f4:
+dd 0x00a10ca1
+dd 0x00ef0d08
+dd 0x00ad0a1e
+
+ref_fffd5900:
+dd 0x05000500
+dd 0x00000000
+dd 0x00000000
+
+ref_fffd590c:
+dd 0x08c009b0
+dd 0x00000000
+dd 0x00000000
+
+ref_fffd5918:
+dd loc_fffbf5bb
+dd loc_fffbf620
+dd loc_fffbf92d
+dd loc_fffbf92d
+dd loc_fffbf685
+dd loc_fffbf787
+dd loc_fffbf8aa
+
+ref_fffd5934:
+dd 0x00000006
+dd 0x00000002
+dd 0x00000001
+dd 0x00000000
+dd 0x00000002
+dd 0x00000001
+dd 0x00000000
+
+ref_fffd5950:
+dd 0x00000000
+dd 0x00000001
+dd 0x00000002
+dd 0x00000003
+dd 0x00000001
+dd 0x00000002
+dd 0x00000003
+
+ref_fffd596c:
+dd 0x00000000
+dd 0xfffffffa
+dd 0xfffffff4
+dd 0xffffffee
+dd 0x00000006
+dd 0x0000000c
+dd 0x00000012
+
+ref_fffd5988:
+dd loc_fffc31e7
+dd loc_fffc3222
+dd loc_fffc3219
+dd loc_fffc3210
+dd loc_fffc3207
+dd loc_fffc31fe
+dd loc_fffc31f0
+dd loc_fffc3234
+dd loc_fffc322b
+
+ref_fffd59ac:
+dd 0x00000020
+dd 0x00000040
+dd 0x00000080
+dd 0x00000100
+dd 0x00000200
+dd 0x00000400
+dd 0x00000800
+dd 0x00001000
+
+ref_fffd59cc:
+dd loc_fffc35d2
+dd loc_fffc35de
+dd loc_fffc35ef
+dd loc_fffc35fb
+dd loc_fffc3607
+
+ref_fffd59e0:
+dd loc_fffc3c31
+dd loc_fffc3d79
+dd loc_fffc3c42
+dd loc_fffc3c4a
+dd loc_fffc3c55
+dd loc_fffc3c60
+dd loc_fffc3c6b
+dd loc_fffc3c73
+dd loc_fffc3c7e
+dd loc_fffc3c8a
+dd loc_fffc3c9f
+dd loc_fffc3c92
+dd loc_fffc3cb2
+dd loc_fffc3cba
+dd loc_fffc3ca7
+dd loc_fffc3cc4
+dd loc_fffc3ccc
+dd loc_fffc3cd7
+dd loc_fffc3ce2
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3cea
+dd loc_fffc3cf3
+dd loc_fffc3cfb
+dd loc_fffc3d03
+dd loc_fffc3d0e
+dd loc_fffc3d19
+dd loc_fffc3d2d
+dd loc_fffc3d2d
+dd loc_fffc3d2d
+dd loc_fffc3d2d
+dd loc_fffc3d2d
+dd loc_fffc3d4a
+dd loc_fffc3d58
+dd loc_fffc3d6b
+dd loc_fffc3dad
+dd loc_fffc3d8c
+dd loc_fffc3d97
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3da2
+dd loc_fffc3dad
+dd loc_fffc3d66
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3dad
+dd loc_fffc3d81
+
+ref_fffd5abc:
+dd 0x04030201
+dd 0x06000500
+dd 0x00000700
+
+ref_fffd5ac8:
+dd 0x08040201
+dd 0x08040201
+dd 0x00000000
+
+ref_fffd5ad4:
+dd 0x08040201
+dd 0x00000000
+dd 0x08040201
+
+ref_fffd5ae0:
+dd loc_fffcad86
+dd loc_fffcad8a
+dd loc_fffcad8e
+dd loc_fffcada0
+dd loc_fffcadc1
+dd loc_fffcadc1
+dd loc_fffcadc1
+dd loc_fffcadc1
+dd loc_fffcadc1
+dd loc_fffcadc1
+dd loc_fffcadab
+dd loc_fffcadb2
+dd loc_fffcadc1
+dd loc_fffcadc1
+dd loc_fffcadc1
+dd loc_fffcadab
+
+ref_fffd5b20:
+dd 0x08c009b0
+dd 0x08c009b0
+dd 0x00000000
+
+ref_fffd5b2c:
+dd 0x08c009b0
+dd 0x00000000
+dd 0x90660000
+
+ref_fffd5b38:
+dd loc_fffcca6b
+dd loc_fffcca76
+dd loc_fffcca87
+dd loc_fffcca98
+dd loc_fffccaa9
+dd loc_fffccb52
+dd loc_fffccbfe
+dd loc_fffccfba
+dd loc_fffccc18
+dd loc_fffccd45
+dd loc_fffcce72
+dd loc_fffccaba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccbe1
+dd loc_fffccb52
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccfba
+dd loc_fffccbe1
+dd loc_fffccb52
+
+ref_fffd5bc0:
+dd 0x02010201
+dd 0x02010201
+dd 0x03030303
+dd 0x00000000
+
+ref_fffd5bd0:
+dd 0x040f0f0f
+dd 0x010f030f
+dd 0x0f0f0f0f
+dd 0x000f0205
+
+ref_fffd5be0:
+dd 0x32320101
+dd 0x20101010
+dd 0x23232320
+dd 0x00000020
+dd 0x00000010
+dd 0x00000023
+dd 0x21303120
+dd 0x00002120
+dd 0x00003020
+dd 0x00000020
+dd 0x00000000
+dd 0x00000000
+
+ref_fffd5c10:
+dd fcn_fffb7458
+dd 0x0000dd1b
+dd 0xff320000
+dd fcn_fffc3896
+dd 0x0001dd1c
+dd 0xff3e0000
+dd fcn_fffc3bcc
+dd 0x0004dd1e
+dd 0xff3f0000
+dd fcn_fffa95c3
+dd 0x0005dd1f
+dd 0xff3f0000
+dd fcn_fffa97db
+dd 0x0003dd20
+dd 0xff310000
+dd fcn_fffc3b2d
+dd 0x0006dd21
+dd 0xff3f0000
+dd fcn_fffa87ee
+dd 0x0007dd22
+dd 0xff3f0000
+dd fcn_fffa2b14
+dd 0x0008dd23
+dd 0xff3f0000
+dd fcn_fffd20cb
+dd 0x0009dd24
+dd 0xff3f0000
+dd fcn_fffc82f4
+dd 0x000add26
+dd 0xff310000
+dd fcn_fffab126
+dd 0x000bdd27
+dd 0xff330000
+dd fcn_fffc9652
+dd 0x000fdd29
+dd 0xff310000
+dd fcn_fffb9c9b
+dd 0x000ddd28
+dd 0xff310000
+dd fcn_fffb1d2f
+dd 0x000edd25
+dd 0xff310000
+dd fcn_fffb28b2
+dd 0x0011dd2b
+dd 0xff310000
+dd fcn_fffbcdcd
+dd 0x0010dd2a
+dd 0xff310000
+dd fcn_fffbba04
+dd 0x0012dd2c
+dd 0xff310000
+dd fcn_fffbd7ac
+dd 0x0014dd2e
+dd 0xff310000
+dd fcn_fffbd7cc
+dd 0x0015dd2f
+dd 0xff310000
+dd fcn_fffb16ef
+dd 0x0016dd4a
+dd 0xff310000
+dd fcn_fffc40aa
+dd 0x0024dd3a
+dd 0xff310000
+dd fcn_fffaf0ee
+dd 0x0038dd3d
+dd 0xff310000
+dd fcn_fffc57e4
+dd 0x0027dd3e
+dd 0xff310000
+dd fcn_fffb947c
+dd 0x0021dd49
+dd 0xff310000
+dd fcn_fffcbd3d
+dd 0x0017dd46
+dd 0xff310000
+dd fcn_fffd07ac
+dd 0x0018dd30
+dd 0xff310000
+dd fcn_fffcbfee
+dd 0x0019dd30
+dd 0xff310000
+dd fcn_fffcc49b
+dd 0x001add32
+dd 0xff310000
+dd fcn_fffbf115
+dd 0x001cdd33
+dd 0xff310000
+dd fcn_fffcbdde
+dd 0x001ddd35
+dd 0xff310000
+dd fcn_fffcc12a
+dd 0x001bdd45
+dd 0xff310000
+dd fcn_fffbdbe7
+dd 0x001fdd37
+dd 0xff310000
+dd fcn_fffbdaf2
+dd 0x001edd36
+dd 0xff310000
+dd fcn_fffcc1ee
+dd 0x0028dd4b
+dd 0xff310000
+dd fcn_fffcc30a
+dd 0x0029dd4c
+dd 0xff310000
+dd fcn_fffb4484
+dd 0x0020dd41
+dd 0xff310000
+dd fcn_fffaf0ee
+dd 0x0038dd3d
+dd 0xff310000
+dd fcn_fffc57e4
+dd 0x0027dd3e
+dd 0xff310000
+dd fcn_fffc40aa
+dd 0x0024dd3a
+dd 0xff310000
+dd fcn_fffbdcd9
+dd 0x0025dd3b
+dd 0xff310000
+dd fcn_fffc242d
+dd 0x0026dd3c
+dd 0xff310000
+dd fcn_fffca881
+dd 0x0022dd38
+dd 0xff310000
+dd fcn_fffca8fc
+dd 0x0023dd39
+dd 0xff310000
+dd fcn_fffbd7ec
+dd 0x002fdd47
+dd 0xff310000
+dd fcn_fffced30
+dd 0x002ddd3f
+dd 0xff310000
+dd fcn_fffceafd
+dd 0x002edd40
+dd 0xff310000
+dd fcn_fffcfef1
+dd 0x0043dd58
+dd 0x01310000
+dd fcn_fffbea2f
+dd 0x0031dd44
+dd 0xff310000
+dd fcn_fffb947c
+dd 0x0021dd49
+dd 0xff310000
+dd fcn_fffa7654
+dd 0x0045dd48
+dd 0xff310000
+dd fcn_fffae645
+dd 0x0030dd42
+dd 0xff310000
+dd fcn_fffa5ce0
+dd 0x0044dd7f
+dd 0xff310000
+dd fcn_fffb5bed
+dd 0x0039dd50
+dd 0xff310000
+dd fcn_fffa5d08
+dd 0x0030dd42
+dd 0xff310000
+dd fcn_fffb847a
+dd 0x0030dd42
+dd 0xff310000
+dd fcn_fffa5cb5
+dd 0x0033dd43
+dd 0xff3e0000
+dd fcn_fffc82f4
+dd 0x000add26
+dd 0xff320000
+dd fcn_fffa5ce0
+dd 0x0044dd7f
+dd 0xff360000
+dd fcn_fffa5c93
+dd 0x0033dd43
+dd 0xff3e0000
+dd fcn_fffaf601
+dd 0x003add51
+dd 0xff3f0000
+dd fcn_fffb1ff0
+dd 0x0034dd70
+dd 0xff3c0000
+dd fcn_fffc3f08
+dd 0x0035dd71
+dd 0xff3e0000
+dd fcn_fffaf377
+dd 0x0036dd5b
+dd 0xff310000
+dd fcn_fffaad1c
+dd 0x0037dd5c
+dd 0xff330000
+dd fcn_fffae7f6
+dd 0x003bdd5d
+dd 0xff3f0000
+
+ref_fffd5f1c:
+dd 0x00030104
+dd 0x00050200
+dd 0x04000000
+dd 0x00000706
+dd 0x00000200
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x90660200
+
+ref_fffd5f40:
+dd 0x0bb80bb8
+dd 0x00000000
+db 0x00
+db 0x00
+
+ref_fffd5f4a:
+db 'Invalid PEI data version, %d != %d',0x0a,0x00
+
+ref_fffd5f6e:
+db 'MRC: S3 Resume',0x0a,0x00
+
+ref_fffd5f7e:
+db 'Initializing Policy',0x0a,0x00
+
+ref_fffd5f93:
+db 'Installing common PPI',0x0a,0x00
+
+ref_fffd5faa:
+db 'Initializing Memory',0x0a,0x00
+
+ref_fffd5fbf:
+db 'MRC: Done.',0x0a,0x00
+
+ref_fffd5fcb:
+db 'MRC: Starting...',0x0a,0x00
+
+ref_fffd5fdd:
+db '%s:%d pool cookie corrupted...',0x0a,0x00
+
+ref_fffd5ffd:
+db '%s:%d failed to allocate %d bytes...',0x0a,0x00
+
+ref_fffd6023:
+db 'hljztL',0x00
+
+ref_fffd602a:
+db '(null)',0x00,0x00,0x00,0x00
+
+ref_fffd6034:
+dd 0xe6af1f7b
+dd 0x46dafc3f
+dd 0xb4a328a8
+dd 0x8242a457
+
+ref_fffd6044:
+dd 0x00000000
+dd fcn_fffb4a3c
+
+ref_fffd604c:
+dd 0x1f4c6f90
+dd 0x48d8b06b
+dd 0xe5ba01a2
+dd 0x567dcdf1
+
+ref_fffd605c:
+dd 0xfb3f4b01
+dd 0xfb878bff
+dd 0xfc5590ff
+dd 0xfb8736ff
+dd 0x000000ff
+
+ref_fffd6070:
+dd 0x794a0deb
+dd 0x4e7bc971
+dd 0xbfd0f28a
+dd 0x9826ca3c
+
+ref_fffd6080:
+dd 0x80000010
+dd ref_fffd6034
+dd 0x00000000
+
+ref_fffd608c:
+dd fcn_fffb7600
+dd fcn_fffc9574
+dd fcn_fffb6fd2
+dd fcn_fffb6f06
+dd fcn_fffab024
+dd fcn_fffb3f19
+dd fcn_fffaafcb
+dd fcn_fffaafb4
+dd fcn_fffab02d
+dd fcn_fffb3f35
+dd fcn_fffaafe6
+dd fcn_fffaafbd
+dd fcn_fffb3d44
+dd fcn_fffb3d11
+dd fcn_fffb3d75
+dd fcn_fffb3dcd
+dd fcn_fffb3da6
+dd fcn_fffb3d2e
+dd fcn_fffb3d91
+dd fcn_fffcc4b8
+
+ref_fffd60dc:
+dd 0x98191174
+dd 0x41060b26
+dd 0x45d002af
+dd 0x2b05e851
+
+ref_fffd60ec:
+dd 0xaf4a1998
+dd 0x45454949
+dd 0xe7c14c9c
+dd 0x56e042c0
+
+ref_fffd60fc:
+dd 0x02353140
+dd 0x20373144
+dd 0x32103146
+dd 0x32163148
+dd 0x3250314c
+dd 0x76543150
+
+ref_fffd6114:
+dd 0x00003100
+dd 0x03203200
+dd 0x00003108
+dd 0x00000001
+dd 0x0000310c
+dd 0x43214321
+dd 0x00003110
+dd 0x00000001
+dd 0x00003114
+dd 0x00000001
+dd 0x00003118
+dd 0x00000001
+
+ref_fffd6144:
+dd 0x02353140
+dd 0x20373144
+dd 0x32103146
+dd 0x32163148
+dd 0x3250314c
+dd 0x76543150
+dd 0x00063158
+dd 0x55443164
+dd 0x00073168
+
+ref_fffd6168:
+dd 0x00003100
+dd 0x03203200
+dd 0x00003108
+dd 0x00000001
+dd 0x0000310c
+dd 0x43214321
+dd 0x00003110
+dd 0x00000001
+dd 0x00003118
+dd 0x00000001
+
+ref_fffd6190:
+dd 0xa6a4a2a0
+
+ref_fffd6194:
+dd 0x422b8086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x422c8086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x42388086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x42398086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00828086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00858086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00838086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00848086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00868086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00878086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00888086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00898086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x008f8086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00908086
+dd 0x02ffffff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08ae8086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08af8086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08968086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08978086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08858086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08868086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08948086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08958086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08928086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08938086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08908086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08918086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08878086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08888086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x088e8086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x088f8086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08b58086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08b68086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x08b38086
+dd 0x028002ff
+dd 0x01540003
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b38086
+dd 0x028002ff
+dd 0x01580002
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b48086
+dd 0x028002ff
+dd 0x01540003
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b48086
+dd 0x028002ff
+dd 0x01580002
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b18086
+dd 0x028002ff
+dd 0x01540003
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b18086
+dd 0x028002ff
+dd 0x01580002
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b28086
+dd 0x028002ff
+dd 0x01540003
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b28086
+dd 0x028002ff
+dd 0x01580002
+dd 0x00000003
+dd 0x00000000
+dd 0x00000000
+dd 0x08b08086
+dd 0x028002ff
+dd 0x00000001
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+
+ref_fffd6584:
+dd 0x50031131
+dd 0x43ef4f24
+dd 0x3773afb7
+dd 0xac0ef794
+
+ref_fffd6594:
+dd 0x80000010
+dd ref_fffd604c
+dd ref_fffd6044
+
+ref_fffd65a0:
+dd 0x433e0f9f
+dd 0x410a05ae
+dd 0x29bfc3a0
+dd 0xac25cb8e
+
+ref_fffd65b0:
+dd 0xf894643d
+dd 0x42d1c449
+dd 0xbd85a88e
+dd 0xde5bc6d8
+
+ref_fffd65c0:
+dd 0xf8d5438e
+dd 0x481d26e1
+dd 0xd6303cb6
+dd 0x20a4f4ef
+
+ref_fffd65d0:
+dd 0x4c10d934
+dd 0x45a438e6
+dd 0x792a249a
+dd 0x7fcb3db9
+
+ref_fffd65e0:
+dd 0x80000010
+dd ref_fffd6070
+dd ref_fffd605c
+
+ref_fffd65ec:
+dd 0x3d0e663a
+dd 0x4489dc72
+dd 0x9ee4c587
+dd 0x52a473e7
+
+ref_fffd65fc:
+dd 0x3e14d361
+dd 0x42e4c7d7
+dd 0xebb907ae
+dd 0x2aed9648
+
+ref_fffd660c:
+dd 0x87f22dcb
+dd 0x41057304
+dd 0x71317cbb
+dd 0x3bc2cc43
+
+ref_fffd661c:
+dd 0x573eaf99
+dd 0x46b5f445
+dd 0x4abcd5a5
+dd 0xf3983593
+
+ref_fffd662c:
+dd 0x9ca93627
+dd 0x4324b65b
+dd 0xb4c002a2
+dd 0x43457661
+
+ref_fffd663c:
+dd 0x17865dc0
+dd 0x4da80b8b
+dd 0x467c428b
+dd 0x4dca5cb8
+
+ref_fffd664c:
+dd 0xf38d1338
+dd 0x4fb6af7a
+dd 0x9c1adb91
+dd 0x0d578321
+
+ref_fffd665c:
+dd 0x00000000
+dd 0x00000000
+dd 0x00000000
+dd 0x000003ff
+dd 0x000003ff
+dd 0x00000000
+dd 0x000002aa
+dd 0x000002aa
+dd 0x00000001
+dd 0x00000155
+dd 0x00000155
+dd 0x00000001
+
+ref_fffd668c:
+dd 0x1e94f097
+dd 0x40895acd
+dd 0xa5b9e3b2
+dd 0x0ca779c8
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 18:29:30 +0000