diff options
Diffstat (limited to 'src/soc/intel/broadwell/refcode/broadwell_mrc.asm')
-rw-r--r-- | src/soc/intel/broadwell/refcode/broadwell_mrc.asm | 61576 |
1 files changed, 30902 insertions, 30674 deletions
diff --git a/src/soc/intel/broadwell/refcode/broadwell_mrc.asm b/src/soc/intel/broadwell/refcode/broadwell_mrc.asm index 993424d67f..919d6e031a 100644 --- a/src/soc/intel/broadwell/refcode/broadwell_mrc.asm +++ b/src/soc/intel/broadwell/refcode/broadwell_mrc.asm @@ -1,10 +1,11 @@ ;; Generated with r2dumpbin (https://github.com/mytbk/r2dumpbin) ;; f va @ 0xfffa0000 -;; f fcn1 @ 0xfffa87da -;; f fcn2 @ 0xfffb7579 -;; f fcn3 @ 0xfffab07d -;; f fcn4 @ 0xfffb742b -;; f fcn5 @ 0xfffb7458 +;; f fcn1 @ 0xfffb00f4 +;; f fcn2 @ 0xfffb7fee +;; f fcn3 @ 0xfffb014c +;; f fcn4 @ 0xfffb7ea0 +;; f fcn5 @ 0xfffb7ecd +;; f fcn6 @ 0xfffd2c4f bits 32 extern mrc_printk @@ -44,11 +45,11 @@ je short loc_fffa0050 ; je 0xfffa0050 push edx push 0x16 push eax -push ref_fffd5f4a ; push 0xfffd5f4a -call mrc_printk ; call 0xfffb76e3 +push ref_fffd6246 ; push 0xfffd6246 +call mrc_printk ; call 0xfffb8212 add esp, 0x10 or eax, 0xffffffff -jmp near loc_fffa1e87 ; jmp 0xfffa1e87 +jmp near loc_fffa1e90 ; jmp 0xfffa1e90 loc_fffa0050: mov eax, dword [ebp + 8] @@ -58,7 +59,7 @@ push eax push eax push 0x270 push 0xff7d0004 -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f mov eax, dword [ebp + 8] add esp, 0x10 mov dword [0xff7d0004], 0xfeaddeaf @@ -68,8 +69,8 @@ jne short loc_fffa00af ; jne 0xfffa00af cmp dword [eax + 0x8f6], 0 je short loc_fffa00af ; je 0xfffa00af sub esp, 0xc -push ref_fffd5f6e ; push 0xfffd5f6e -call mrc_printk ; call 0xfffb76e3 +push ref_fffd626a ; push 0xfffd626a +call mrc_printk ; call 0xfffb8212 add esp, 0x10 mov dword [0xff7d0080], 0x11 jmp short loc_fffa00b9 ; jmp 0xfffa00b9 @@ -78,60 +79,60 @@ loc_fffa00af: mov dword [0xff7d0080], 6 loc_fffa00b9: -mov dword [0xff7d008c], ref_fffd65b0 ; mov dword [0xff7d008c], 0xfffd65b0 +mov dword [0xff7d008c], ref_fffd68ac ; mov dword [0xff7d008c], 0xfffd68ac mov dword [0xff7d0178], 1 -mov dword [0xff7d0028], fcn_fffc54ff ; mov dword [0xff7d0028], 0xfffc54ff -mov dword [0xff7d0030], fcn_fffa5c78 ; mov dword [0xff7d0030], 0xfffa5c78 -mov dword [0xff7d0034], fcn_fffa5c69 ; mov dword [0xff7d0034], 0xfffa5c69 -mov dword [0xff7d0038], fcn_fffa87da ; mov dword [0xff7d0038], 0xfffa87da -mov dword [0xff7d003c], fcn_fffb7579 ; mov dword [0xff7d003c], 0xfffb7579 -mov dword [0xff7d002c], fcn_fffab07d ; mov dword [0xff7d002c], 0xfffab07d -mov dword [0xff7d0020], fcn_fffc5451 ; mov dword [0xff7d0020], 0xfffc5451 -mov dword [0xff7d0054], fcn_fffb709f ; mov dword [0xff7d0054], 0xfffb709f -mov dword [0xff7d0058], fcn_fffab11d ; mov dword [0xff7d0058], 0xfffab11d -mov dword [0xff7d007c], fcn_fffa5c62 ; mov dword [0xff7d007c], 0xfffa5c62 +mov dword [0xff7d0028], fcn_fffc5b5d ; mov dword [0xff7d0028], 0xfffc5b5d +mov dword [0xff7d0030], fcn_fffa5cc0 ; mov dword [0xff7d0030], 0xfffa5cc0 +mov dword [0xff7d0034], fcn_fffa5cb1 ; mov dword [0xff7d0034], 0xfffa5cb1 +mov dword [0xff7d0038], fcn_fffb00f4 ; mov dword [0xff7d0038], 0xfffb00f4 +mov dword [0xff7d003c], fcn_fffb7fee ; mov dword [0xff7d003c], 0xfffb7fee +mov dword [0xff7d002c], fcn_fffb014c ; mov dword [0xff7d002c], 0xfffb014c +mov dword [0xff7d0020], fcn_fffc5aaf ; mov dword [0xff7d0020], 0xfffc5aaf +mov dword [0xff7d0054], fcn_fffb6341 ; mov dword [0xff7d0054], 0xfffb6341 +mov dword [0xff7d0058], fcn_fffb01f8 ; mov dword [0xff7d0058], 0xfffb01f8 +mov dword [0xff7d007c], fcn_fffa5caa ; mov dword [0xff7d007c], 0xfffa5caa mov dword [0xff7d0278], 0xff7d0008 mov dword [0xff7d0000], 0xff7d0278 -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0201 ; call 0xfffb0201 sub esp, 0xc mov eax, dword [eax] push 0 call dword [eax + 0x74] ; ucall mov edx, dword [0xff7d0278] add esp, 0x10 -mov dword [edx + 0x60], ref_fffd608c ; mov dword [edx + 0x60], 0xfffd608c +mov dword [edx + 0x60], ref_fffd6388 ; mov dword [edx + 0x60], 0xfffd6388 cmp eax, 0x80000014 je short loc_fffa017b ; je 0xfffa017b sub esp, 0xc -push ref_fffd6080 ; push 0xfffd6080 -call fcn_fffab5db ; call 0xfffab5db +push ref_fffd637c ; push 0xfffd637c +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 loc_fffa017b: sub esp, 0xc -push ref_fffd5f7e ; push 0xfffd5f7e -call mrc_printk ; call 0xfffb76e3 +push ref_fffd627a ; push 0xfffd627a +call mrc_printk ; call 0xfffb8212 mov esi, dword [0xff7d0084] -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff mov dword [esp], 0x5ac mov dword [ebp - 0x2c], eax -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je loc_fffa0efc ; je 0xfffa0efc +je loc_fffa0f05 ; je 0xfffa0f05 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x38], eax test eax, eax -je loc_fffa0efc ; je 0xfffa0efc +je loc_fffa0f05 ; je 0xfffa0f05 mov dword [eax], 0x80000010 xor edi, edi -mov dword [eax + 4], ref_fffd6584 ; mov dword [eax + 4], 0xfffd6584 +mov dword [eax + 4], ref_fffd6880 ; mov dword [eax + 4], 0xfffd6880 mov dword [eax + 8], ebx -mov byte [ebx], 0xb +mov byte [ebx], 0xc mov byte [ebx + 1], 0 mov dword [ebx + 4], 0xfed1c000 mov eax, dword [esi + 0x2a] @@ -164,7 +165,7 @@ or byte [ebx + 0x424], 0x40 mov byte [ebx + 0x43c], 1 loc_fffa0294: -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff cmp eax, 1 je short loc_fffa02a9 ; je 0xfffa02a9 cmp eax, 2 @@ -197,7 +198,7 @@ mov byte [ebx + 0x1a8], 1 loc_fffa02f2: mov dword [ebp - 0x30], edx -call fcn_fffb4984 ; call 0xfffb4984 +call fcn_fffb93ca ; call 0xfffb93ca mov edx, dword [ebp - 0x30] cmp dl, al jae short loc_fffa032a ; jae 0xfffa032a @@ -224,16 +225,16 @@ mov byte [ebx + 0x1a6], 0 mov byte [ebx + 0x1a7], 0 mov byte [ebx + 0x1a9], 1 push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax je short loc_fffa037e ; je 0xfffa037e sub esp, 0xc mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_fffd60ec ; mov dword [eax + 4], 0xfffd60ec -mov dword [eax + 8], ref_fffd6194 ; mov dword [eax + 8], 0xfffd6194 +mov dword [eax + 4], ref_fffd63e8 ; mov dword [eax + 4], 0xfffd63e8 +mov dword [eax + 8], ref_fffd6490 ; mov dword [eax + 8], 0xfffd6490 push eax -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 loc_fffa037e: @@ -241,7 +242,7 @@ mov dword [ebx + 0x1db], 1 xor edi, edi loc_fffa038a: -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff cmp eax, 1 je short loc_fffa03a1 ; je 0xfffa03a1 cmp eax, 2 @@ -301,9 +302,9 @@ mov byte [ebx + 0x38d], 4 push edi xor edi, edi push 4 -push ref_fffd6190 ; push 0xfffd6190 +push ref_fffd648c ; push 0xfffd648c push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc mov word [ebx + 0x36], 0x8086 mov word [ebx + 0x38], 0x7270 mov byte [ebx + 0x3b], 0 @@ -328,13 +329,13 @@ mov byte [ebx + 0x371], 0 mov word [ebx + 0x374], 0x12c mov byte [ebx + 0x372], 1 mov byte [ebx + 0x373], 0 -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff mov dword [ebp - 0x30], eax mov eax, dword [0xff7d0084] mov eax, dword [eax + 0x14] add eax, 0xf8002 mov dword [esp], eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 add esp, 0x10 mov byte [ebx + 0x284], 0 mov byte [ebx + 0x28c], 0 @@ -346,7 +347,7 @@ mov byte [ebx + 0x296], 1 loc_fffa057d: mov dword [ebp - 0x34], ecx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov ecx, dword [ebp - 0x34] movzx eax, al cmp edi, eax @@ -360,7 +361,7 @@ xor edi, edi loc_fffa059c: mov dword [ebp - 0x34], ecx -call fcn_fffb5b8d ; call 0xfffb5b8d +call fcn_fffb936a ; call 0xfffb936a mov ecx, dword [ebp - 0x34] movzx eax, al cmp edi, eax @@ -580,7 +581,7 @@ add edi, 8 loc_fffa09a6: mov dword [ebp - 0x30], edx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov edx, dword [ebp - 0x30] movzx eax, al cmp edx, eax @@ -618,11 +619,11 @@ je short loc_fffa0a2d ; je 0xfffa0a2d loc_fffa0a0e: cmp dword [esi + 0x10], 0 -je loc_fffa0bde ; je 0xfffa0bde +je loc_fffa0be7 ; je 0xfffa0be7 mov byte [ebx + 0x284], 1 xor edi, edi mov byte [ebx + 0x297], 1 -jmp near loc_fffa0ba0 ; jmp 0xfffa0ba0 +jmp near loc_fffa0ba9 ; jmp 0xfffa0ba9 loc_fffa0a2d: lea edi, [ebx + 0x2b3] @@ -644,7 +645,7 @@ add edi, 8 loc_fffa0a49: mov dword [ebp - 0x30], edx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov edx, dword [ebp - 0x30] movzx eax, al cmp edx, eax @@ -688,20 +689,20 @@ jne loc_fffa0a0e ; jne 0xfffa0a0e lea eax, [ecx + 0x63bf] mov word [ebp - 0x3c], ax lea eax, [ecx + 0x633f] -lea edi, [ebx + 0x2b2] +lea edi, [ebx + 0x2b3] mov dword [ebp - 0x30], 0 mov word [ebp - 0x40], ax loc_fffa0ac2: mov dword [ebp - 0x34], ecx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov ecx, dword [ebp - 0x34] movzx eax, al cmp dword [ebp - 0x30], eax jae loc_fffa0a0e ; jae 0xfffa0a0e cmp word [ebp - 0x3c], 6 -ja short loc_fffa0b0e ; ja 0xfffa0b0e -mov al, byte [edi + 4] +ja short loc_fffa0b0f ; ja 0xfffa0b0f +mov al, byte [edi + 3] mov dl, al cmp al, 3 mov byte [ebp - 0x34], al @@ -710,7 +711,7 @@ test dl, dl sete dl or al, dl je short loc_fffa0b02 ; je 0xfffa0b02 -cmp word [edi + 2], 0x70 +cmp word [edi + 1], 0x70 sbb eax, eax add eax, 6 jmp short loc_fffa0b0c ; jmp 0xfffa0b0c @@ -721,180 +722,179 @@ setne al add eax, 4 loc_fffa0b0c: -mov byte [edi], al +mov byte [edi - 1], al -loc_fffa0b0e: +loc_fffa0b0f: cmp word [ebp - 0x40], 2 setbe dl cmp cx, 0x9cc5 sete al or dl, al -je short loc_fffa0b25 ; je 0xfffa0b25 -mov byte [edi], 6 - -loc_fffa0b25: +jne short loc_fffa0b5c ; jne 0xfffa0b5c lea eax, [ecx + 0x633a] cmp ax, 1 setbe dl cmp cx, 0x9cc9 sete al or dl, al -je short loc_fffa0b55 ; je 0xfffa0b55 -cmp byte [edi + 4], 0 -jne short loc_fffa0b52 ; jne 0xfffa0b52 -cmp word [edi + 2], 0x70 -sbb eax, eax -add eax, 7 -mov byte [edi], al -jmp short loc_fffa0b55 ; jmp 0xfffa0b55 +jne short loc_fffa0b5c ; jne 0xfffa0b5c +cmp cx, 0x9cc8 +sete dl +cmp cx, 0x9cc4 +sete al +or dl, al +jne short loc_fffa0b5c ; jne 0xfffa0b5c +lea eax, [ecx + 0x6336] +cmp ax, 1 +ja short loc_fffa0b60 ; ja 0xfffa0b60 -loc_fffa0b52: -mov byte [edi], 6 +loc_fffa0b5c: +mov byte [edi - 1], 6 -loc_fffa0b55: -mov al, byte [edi + 4] +loc_fffa0b60: +mov al, byte [edi + 3] cmp al, 3 sete dl test al, al mov byte [ebp - 0x34], al sete al or al, dl -jne short loc_fffa0b6f ; jne 0xfffa0b6f +jne short loc_fffa0b7a ; jne 0xfffa0b7a cmp byte [ebp - 0x34], 7 -jne short loc_fffa0b7c ; jne 0xfffa0b7c +jne short loc_fffa0b87 ; jne 0xfffa0b87 -loc_fffa0b6f: -cmp word [edi + 2], 0x100 +loc_fffa0b7a: +cmp word [edi + 1], 0x100 sbb eax, eax add eax, 3 -jmp short loc_fffa0b8c ; jmp 0xfffa0b8c +jmp short loc_fffa0b97 ; jmp 0xfffa0b97 -loc_fffa0b7c: +loc_fffa0b87: cmp byte [ebp - 0x34], 2 -jne short loc_fffa0b91 ; jne 0xfffa0b91 -cmp word [edi + 2], 0x50 +jne short loc_fffa0b9b ; jne 0xfffa0b9b +cmp word [edi + 1], 0x50 sbb eax, eax add eax, 2 -loc_fffa0b8c: -mov byte [edi + 1], al -jmp short loc_fffa0b95 ; jmp 0xfffa0b95 +loc_fffa0b97: +mov byte [edi], al +jmp short loc_fffa0b9e ; jmp 0xfffa0b9e -loc_fffa0b91: -mov byte [edi + 1], 2 +loc_fffa0b9b: +mov byte [edi], 2 -loc_fffa0b95: +loc_fffa0b9e: inc dword [ebp - 0x30] add edi, 8 jmp near loc_fffa0ac2 ; jmp 0xfffa0ac2 -loc_fffa0ba0: -call fcn_fffb5bb6 ; call 0xfffb5bb6 +loc_fffa0ba9: +call fcn_fffb9393 ; call 0xfffb9393 movzx eax, al cmp edi, eax -jae short loc_fffa0bb7 ; jae 0xfffa0bb7 +jae short loc_fffa0bc0 ; jae 0xfffa0bc0 mov byte [ebx + edi + 0x298], 1 inc edi -jmp short loc_fffa0ba0 ; jmp 0xfffa0ba0 +jmp short loc_fffa0ba9 ; jmp 0xfffa0ba9 -loc_fffa0bb7: +loc_fffa0bc0: mov byte [ebx + 0x299], 0 xor edi, edi -loc_fffa0bc0: -call fcn_fffb5b8d ; call 0xfffb5b8d +loc_fffa0bc9: +call fcn_fffb936a ; call 0xfffb936a movzx eax, al cmp edi, eax -jae short loc_fffa0bd7 ; jae 0xfffa0bd7 +jae short loc_fffa0be0 ; jae 0xfffa0be0 mov byte [ebx + edi + 0x2a6], 1 inc edi -jmp short loc_fffa0bc0 ; jmp 0xfffa0bc0 +jmp short loc_fffa0bc9 ; jmp 0xfffa0bc9 -loc_fffa0bd7: +loc_fffa0be0: mov byte [ebx + 0x2a7], 0 -loc_fffa0bde: +loc_fffa0be7: xor edi, edi -loc_fffa0be0: -call fcn_fffb5b8d ; call 0xfffb5b8d +loc_fffa0be9: +call fcn_fffb936a ; call 0xfffb936a movzx eax, al cmp edi, eax -jae loc_fffa0cba ; jae 0xfffa0cba +jae loc_fffa0cc3 ; jae 0xfffa0cc3 mov dl, byte [esi + edi + 0xb2] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0c0e ; je 0xfffa0c0e +je short loc_fffa0c17 ; je 0xfffa0c17 mov byte [ebx + edi*8 + 0x57c], dl or eax, 1 -jmp short loc_fffa0c19 ; jmp 0xfffa0c19 +jmp short loc_fffa0c22 ; jmp 0xfffa0c22 -loc_fffa0c0e: +loc_fffa0c17: mov byte [ebx + edi*8 + 0x57c], 0 and eax, 0xfffffffe -loc_fffa0c19: +loc_fffa0c22: mov byte [ebx + edi*8 + 0x580], al mov dl, byte [esi + edi + 0xb8] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0c3e ; je 0xfffa0c3e +je short loc_fffa0c47 ; je 0xfffa0c47 mov byte [ebx + edi*8 + 0x57d], dl or eax, 2 -jmp short loc_fffa0c49 ; jmp 0xfffa0c49 +jmp short loc_fffa0c52 ; jmp 0xfffa0c52 -loc_fffa0c3e: +loc_fffa0c47: mov byte [ebx + edi*8 + 0x57d], 0 and eax, 0xfffffffd -loc_fffa0c49: +loc_fffa0c52: mov byte [ebx + edi*8 + 0x580], al mov dl, byte [esi + edi + 0xbe] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0c6e ; je 0xfffa0c6e +je short loc_fffa0c77 ; je 0xfffa0c77 mov byte [ebx + edi*8 + 0x57e], dl or eax, 4 -jmp short loc_fffa0c79 ; jmp 0xfffa0c79 +jmp short loc_fffa0c82 ; jmp 0xfffa0c82 -loc_fffa0c6e: +loc_fffa0c77: mov byte [ebx + edi*8 + 0x57e], 0 and eax, 0xfffffffb -loc_fffa0c79: +loc_fffa0c82: mov byte [ebx + edi*8 + 0x580], al mov dl, byte [esi + edi + 0xc4] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0ca2 ; je 0xfffa0ca2 +je short loc_fffa0cab ; je 0xfffa0cab lea edx, [edx + edx + 1] or eax, 8 mov byte [ebx + edi*8 + 0x57f], dl -jmp short loc_fffa0cad ; jmp 0xfffa0cad +jmp short loc_fffa0cb6 ; jmp 0xfffa0cb6 -loc_fffa0ca2: +loc_fffa0cab: mov byte [ebx + edi*8 + 0x57f], 0 and eax, 0xfffffff7 -loc_fffa0cad: +loc_fffa0cb6: mov byte [ebx + edi*8 + 0x580], al inc edi -jmp near loc_fffa0be0 ; jmp 0xfffa0be0 +jmp near loc_fffa0be9 ; jmp 0xfffa0be9 -loc_fffa0cba: +loc_fffa0cc3: mov al, byte [ebx + 0x40e] or eax, 3 and eax, 0xffffffc3 mov byte [ebx + 0x40e], al xor eax, eax -loc_fffa0cce: +loc_fffa0cd7: and byte [ebx + eax*8 + 0x554], 0xfc mov word [ebx + eax*8 + 0x558], 0 mov word [ebx + eax*8 + 0x55a], 0 inc eax cmp eax, 5 -jne short loc_fffa0cce ; jne 0xfffa0cce +jne short loc_fffa0cd7 ; jne 0xfffa0cd7 mov al, byte [ebx + 0x46a] xor edx, edx mov byte [ebx + 0x364], 1 @@ -912,46 +912,46 @@ mov byte [ebx + 0x46a], al mov byte [ebx + 0x37f], 0 mov byte [ebx + 0x256], 1 -loc_fffa0d5a: +loc_fffa0d63: mov dword [ebp - 0x30], edx -call fcn_fffb4984 ; call 0xfffb4984 +call fcn_fffb93ca ; call 0xfffb93ca mov edx, dword [ebp - 0x30] cmp dl, al -jae short loc_fffa0d77 ; jae 0xfffa0d77 +jae short loc_fffa0d80 ; jae 0xfffa0d80 movzx eax, dl inc edx imul eax, eax, 0x2c mov byte [ebx + eax + 0x58], 1 -jmp short loc_fffa0d5a ; jmp 0xfffa0d5a +jmp short loc_fffa0d63 ; jmp 0xfffa0d63 -loc_fffa0d77: +loc_fffa0d80: and byte [ebx + 0x45e], 0xf7 xor edx, edx -loc_fffa0d80: +loc_fffa0d89: mov dword [ebp - 0x30], edx -call fcn_fffb4984 ; call 0xfffb4984 +call fcn_fffb93ca ; call 0xfffb93ca mov edx, dword [ebp - 0x30] cmp dl, al -jae short loc_fffa0df1 ; jae 0xfffa0df1 +jae short loc_fffa0dfa ; jae 0xfffa0dfa cmp dword [ebp - 0x2c], 2 movzx eax, dl -jne short loc_fffa0dad ; jne 0xfffa0dad +jne short loc_fffa0db6 ; jne 0xfffa0db6 imul eax, eax, 0x2c lea eax, [ebx + eax + 0x50] mov word [eax + 0xa], 0x1003 mov word [eax + 0xc], 0x1003 -jmp short loc_fffa0dc6 ; jmp 0xfffa0dc6 +jmp short loc_fffa0dcf ; jmp 0xfffa0dcf -loc_fffa0dad: +loc_fffa0db6: cmp dword [ebp - 0x2c], 1 -jne short loc_fffa0dc6 ; jne 0xfffa0dc6 +jne short loc_fffa0dcf ; jne 0xfffa0dcf imul eax, eax, 0x2c lea eax, [ebx + eax + 0x50] mov word [eax + 0xa], 0x846 mov word [eax + 0xc], 0x846 -loc_fffa0dc6: +loc_fffa0dcf: movzx eax, dl inc edx imul eax, eax, 0x2c @@ -963,9 +963,9 @@ mov word [eax + 0x60], 0x3c mov byte [eax + 0x62], 2 mov byte [eax + 0x63], 2 mov word [eax + 0x64], 0x3c -jmp short loc_fffa0d80 ; jmp 0xfffa0d80 +jmp short loc_fffa0d89 ; jmp 0xfffa0d89 -loc_fffa0df1: +loc_fffa0dfa: mov al, byte [ebx + 0x446] or byte [ebx + 0x442], 7 and byte [ebx + 0x45e], 0xf9 @@ -976,7 +976,7 @@ mov al, byte [ebx + 0x486] mov dword [ebx + 0x44a], 0 mov dword [ebx + 0x44e], 2 mov dword [ebx + 0x452], 4 -and eax, 0xffffffc1 +and eax, 1 or eax, 0x32 mov byte [ebx + 0x486], al mov al, byte [ebx + 0x49e] @@ -989,91 +989,91 @@ mov byte [ebx + 0x49e], al xor eax, eax mov byte [ebx + 0x10], 0xdd -loc_fffa0e74: +loc_fffa0e7d: mov dword [ebx + eax*4 + 0x1ba], 0 inc eax cmp eax, 8 -jne short loc_fffa0e74 ; jne 0xfffa0e74 +jne short loc_fffa0e7d ; jne 0xfffa0e7d cmp dword [ebp - 0x2c], 2 lea eax, [ebx + 0x4de] lea esi, [ebx + 0x527] -jne short loc_fffa0ebf ; jne 0xfffa0ebf +jne short loc_fffa0ec8 ; jne 0xfffa0ec8 mov byte [ebx + 0x526], 5 push ecx push 0x28 -push ref_fffd6168 ; push 0xfffd6168 +push ref_fffd6464 ; push 0xfffd6464 push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc add esp, 0xc mov byte [ebx + 0x553], 9 push 0x24 -push ref_fffd6144 ; push 0xfffd6144 -jmp short loc_fffa0ee5 ; jmp 0xfffa0ee5 +push ref_fffd6440 ; push 0xfffd6440 +jmp short loc_fffa0eee ; jmp 0xfffa0eee -loc_fffa0ebf: +loc_fffa0ec8: mov byte [ebx + 0x526], 6 push edx push 0x30 -push ref_fffd6114 ; push 0xfffd6114 +push ref_fffd6410 ; push 0xfffd6410 push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc add esp, 0xc mov byte [ebx + 0x553], 6 push 0x18 -push ref_fffd60fc ; push 0xfffd60fc +push ref_fffd63f8 ; push 0xfffd63f8 -loc_fffa0ee5: +loc_fffa0eee: push esi -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc add esp, 0x10 sub esp, 0xc push dword [ebp - 0x38] -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa0efc: +loc_fffa0f05: sub esp, 0xc push 0x15 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov edi, eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x2c], eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 5 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x34], eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x30], eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0x1d -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0x13 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov esi, eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 mov edx, dword [ebp - 0x34] mov ecx, dword [ebp - 0x30] mov byte [edi], 0xa @@ -1105,27 +1105,27 @@ mov byte [ebx + 0xa], 0 mov byte [ebx + 0xb], 1 mov byte [ebx + 0xc], 0 mov byte [ebx + 0xd], 1 -call fcn_fffa6801 ; call 0xfffa6801 +call fcn_fffa67af ; call 0xfffa67af cmp eax, 0x40650 -jne short loc_fffa1033 ; jne 0xfffa1033 +jne short loc_fffa103c ; jne 0xfffa103c -loc_fffa1011: +loc_fffa101a: mov byte [ebx + 0xe], 1 -call fcn_fffa6801 ; call 0xfffa6801 +call fcn_fffa67af ; call 0xfffa67af mov byte [ebx + 0x10], 0 mov byte [ebx + 0x16], 1 cmp eax, 0x306d0 setne al lea eax, [eax + eax*4 + 0x6a] mov byte [ebx + 0xf], al -jmp short loc_fffa103f ; jmp 0xfffa103f +jmp short loc_fffa1048 ; jmp 0xfffa1048 -loc_fffa1033: -call fcn_fffa6801 ; call 0xfffa6801 +loc_fffa103c: +call fcn_fffa67af ; call 0xfffa67af cmp eax, 0x306d0 -je short loc_fffa1011 ; je 0xfffa1011 +je short loc_fffa101a ; je 0xfffa101a -loc_fffa103f: +loc_fffa1048: mov eax, dword [ebp - 0x2c] sub esp, 0xc mov byte [ebx + 0x17], 0x14 @@ -1145,100 +1145,100 @@ mov word [esi + 0xe], 0 mov word [esi + 0x10], 0 mov byte [esi + 0x12], 0 mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_fffd65c0 ; mov dword [eax + 4], 0xfffd65c0 +mov dword [eax + 4], ref_fffd68bc ; mov dword [eax + 4], 0xfffd68bc mov dword [eax + 8], edi push eax -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa10af: +loc_fffa10b8: sub esp, 0xc push 2 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_fffa10f2 ; je 0xfffa10f2 +je short loc_fffa10fb ; je 0xfffa10fb sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax -je short loc_fffa10f2 ; je 0xfffa10f2 +je short loc_fffa10fb ; je 0xfffa10fb sub esp, 0xc mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_fffd60dc ; mov dword [eax + 4], 0xfffd60dc +mov dword [eax + 4], ref_fffd63d8 ; mov dword [eax + 4], 0xfffd63d8 mov byte [ebx], 1 mov dword [eax + 8], ebx push eax -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa10f2: +loc_fffa10fb: sub esp, 0xc mov esi, dword [0xff7d0084] push 0x27 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x2c], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x30], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x36 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x3c], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0xd -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x40], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x102 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0xdc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov edi, eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x6b -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x54], eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 5 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x44], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x11 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x50], eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 lea eax, [esi + 0xce] mov dword [edi + 0xd0], eax lea eax, [esi + 0x8ce] @@ -1249,14 +1249,14 @@ push eax push 0 push 0x27 push dword [ebp - 0x2c] -call fcn_fffab0d1 ; call 0xfffab0d1 +call fcn_fffb01ac ; call 0xfffb01ac mov eax, dword [ebp - 0x30] mov ecx, dword [ebp - 0x2c] mov dword [eax], 0x80000010 mov dword [eax + 8], ecx -mov dword [eax + 4], ref_fffd661c ; mov dword [eax + 4], 0xfffd661c +mov dword [eax + 4], ref_fffd6918 ; mov dword [eax + 4], 0xfffd6918 mov byte [ecx], 0x13 -call fcn_fffa6801 ; call 0xfffa6801 +call fcn_fffa67af ; call 0xfffa67af add esp, 0x10 mov edx, dword [ebp - 0x50] cmp eax, 0x306d0 @@ -1269,7 +1269,7 @@ or al, cl mov byte [ebp - 0x48], cl mov ecx, dword [ebp - 0x54] mov byte [ebp - 0x49], al -je short loc_fffa1271 ; je 0xfffa1271 +je short loc_fffa127a ; je 0xfffa127a mov eax, dword [0xff7d0084] sub esp, 0xc mov dword [ebp - 0x54], edx @@ -1277,12 +1277,12 @@ mov dword [ebp - 0x50], ecx mov eax, dword [eax + 0x14] add eax, 0x10002 push eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 mov edx, dword [ebp - 0x54] add esp, 0x10 mov ecx, dword [ebp - 0x50] -loc_fffa1271: +loc_fffa127a: mov al, byte [esi + 0x42] mov dword [ebp - 0x54], edx mov edx, dword [ebp - 0x3c] @@ -1316,7 +1316,7 @@ mov dword [ecx + 1], edx mov edx, dword [ebp - 0x40] add eax, 3 mov word [edx + 2], ax -mov byte [edx + 4], 3 +mov byte [edx + 4], 1 mov byte [edx + 5], 1 mov byte [edx + 6], 0 mov byte [edx + 7], 1 @@ -1368,14 +1368,14 @@ mov byte [ebx + 0x72], 0 mov byte [ebx + 0x73], 0 mov byte [ebx + 0x74], 1 mov byte [ebp - 0x3c], al -jne short loc_fffa13d8 ; jne 0xfffa13d8 +jne short loc_fffa13e1 ; jne 0xfffa13e1 cmp byte [ebp - 0x34], 0 -je short loc_fffa13dc ; je 0xfffa13dc +je short loc_fffa13e5 ; je 0xfffa13e5 -loc_fffa13d8: +loc_fffa13e1: mov byte [ebx + 0x75], 0 -loc_fffa13dc: +loc_fffa13e5: mov al, byte [esi + 0x46] mov byte [ebx + 0x77], 1 mov byte [ebx + 0x78], 0 @@ -1435,15 +1435,15 @@ mov byte [ebx + 0xaf], 0 sete byte [ebx + 0xac] cmp byte [ebp - 0x3c], 0 mov byte [ebx + 0xb0], 0x30 -jne short loc_fffa155e ; jne 0xfffa155e +jne short loc_fffa1567 ; jne 0xfffa1567 cmp byte [ebp - 0x34], 0 -je short loc_fffa156c ; je 0xfffa156c +je short loc_fffa1575 ; je 0xfffa1575 -loc_fffa155e: +loc_fffa1567: mov byte [ebx + 0xb1], 1 mov byte [ebx + 0xb2], 0x40 -loc_fffa156c: +loc_fffa1575: mov byte [ebx + 0x101], 0xff mov byte [ebx + 0x2e], 1 mov byte [ebx + 0x2f], 0 @@ -1498,15 +1498,15 @@ mov byte [ebx + 0xf3], 1 mov byte [ebx + 0xc7], 0 mov al, byte [esi + 0x4a] mov byte [ebx + 0x57], al -jne short loc_fffa166a ; jne 0xfffa166a +jne short loc_fffa1673 ; jne 0xfffa1673 cmp byte [ebp - 0x34], 0 -jmp short loc_fffa1671 ; jmp 0xfffa1671 +jmp short loc_fffa167a ; jmp 0xfffa167a -loc_fffa166a: +loc_fffa1673: cmp dword [ebp - 0x38], 0x40650 -loc_fffa1671: -je short loc_fffa16f2 ; je 0xfffa16f2 +loc_fffa167a: +je short loc_fffa16fb ; je 0xfffa16fb mov byte [ebx + 0xfc], 0 mov byte [ebx + 0xd1], 0 mov dword [ebx + 0xd2], 0 @@ -1522,7 +1522,7 @@ mov dword [ebx + 0xf5], 0x320 mov word [ebx + 0xf9], 0x118 mov byte [ebx + 0xfb], 7 -loc_fffa16f2: +loc_fffa16fb: mov eax, dword [0xff7d0084] sub esp, 0xc mov dword [ebp - 0x40], edx @@ -1530,7 +1530,7 @@ mov dword [ebp - 0x3c], ecx mov eax, dword [eax + 0x14] add eax, 2 push eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 add esp, 0x10 mov edx, dword [ebp - 0x40] mov dword [ebp - 0x38], 1 @@ -1541,13 +1541,13 @@ mov word [ebp - 0x34], ax sete al or cl, al mov ecx, dword [ebp - 0x3c] -jne short loc_fffa175d ; jne 0xfffa175d +jne short loc_fffa1766 ; jne 0xfffa1766 cmp word [ebp - 0x34], 0xa0c sete al cmp word [ebp - 0x34], 0xd04 sete byte [ebp - 0x3c] or al, byte [ebp - 0x3c] -jne short loc_fffa175d ; jne 0xfffa175d +jne short loc_fffa1766 ; jne 0xfffa1766 mov eax, dword [ebp - 0x34] and eax, 0xffffffef cmp ax, 0x1604 @@ -1555,56 +1555,56 @@ sete al movzx eax, al mov dword [ebp - 0x38], eax -loc_fffa175d: +loc_fffa1766: mov al, byte [ebp - 0x38] mov word [ebx + 0xc8], 0xcf8 mov word [ebx + 0xca], 0xcfc mov byte [ebx + 0xcc], 0xaa mov byte [ebx + 0xc6], al -mov dword [edi], fcn_fffa5b74 ; mov dword [edi], 0xfffa5b74 -mov dword [edi + 4], fcn_fffb3f0f ; mov dword [edi + 4], 0xfffb3f0f -mov dword [edi + 8], fcn_fffaafc2 ; mov dword [edi + 8], 0xfffaafc2 -mov dword [edi + 0xc], fcn_fffa5b68 ; mov dword [edi + 0xc], 0xfffa5b68 -mov dword [edi + 0x10], fcn_fffb3f28 ; mov dword [edi + 0x10], 0xfffb3f28 -mov dword [edi + 0x14], fcn_fffaafda ; mov dword [edi + 0x14], 0xfffaafda -mov dword [edi + 0x18], fcn_fffb3cfc ; mov dword [edi + 0x18], 0xfffb3cfc -mov dword [edi + 0x1c], fcn_fffb3d06 ; mov dword [edi + 0x1c], 0xfffb3d06 -mov dword [edi + 0x20], fcn_fffb3d4e ; mov dword [edi + 0x20], 0xfffb3d4e -mov dword [edi + 0x24], fcn_fffb3dc0 ; mov dword [edi + 0x24], 0xfffb3dc0 -mov dword [edi + 0x28], fcn_fffb3db3 ; mov dword [edi + 0x28], 0xfffb3db3 -mov dword [edi + 0x2c], fcn_fffb3d20 ; mov dword [edi + 0x2c], 0xfffb3d20 -mov dword [edi + 0x30], fcn_fffb3d84 ; mov dword [edi + 0x30], 0xfffb3d84 -mov dword [edi + 0x34], fcn_fffa5bcf ; mov dword [edi + 0x34], 0xfffa5bcf -mov dword [edi + 0x38], fcn_fffab48f ; mov dword [edi + 0x38], 0xfffab48f -mov dword [edi + 0x3c], fcn_fffab4e0 ; mov dword [edi + 0x3c], 0xfffab4e0 -mov dword [edi + 0x40], fcn_fffab4b3 ; mov dword [edi + 0x40], 0xfffab4b3 -mov dword [edi + 0x44], fcn_fffb44dc ; mov dword [edi + 0x44], 0xfffb44dc -mov dword [edi + 0x48], fcn_fffc3868 ; mov dword [edi + 0x48], 0xfffc3868 -mov dword [edi + 0x4c], fcn_fffc3844 ; mov dword [edi + 0x4c], 0xfffc3844 -mov dword [edi + 0x50], fcn_fffb3ddc ; mov dword [edi + 0x50], 0xfffb3ddc -mov dword [edi + 0x54], fcn_fffb742b ; mov dword [edi + 0x54], 0xfffb742b -mov dword [edi + 0x58], fcn_fffab101 ; mov dword [edi + 0x58], 0xfffab101 -mov dword [edi + 0x5c], fcn_fffab0d1 ; mov dword [edi + 0x5c], 0xfffab0d1 -mov dword [edi + 0x60], fcn_fffa5c15 ; mov dword [edi + 0x60], 0xfffa5c15 -mov dword [edi + 0x64], fcn_fffa5bfd ; mov dword [edi + 0x64], 0xfffa5bfd -mov dword [edi + 0x68], fcn_fffab0f8 ; mov dword [edi + 0x68], 0xfffab0f8 -mov dword [edi + 0x6c], fcn_fffab0ef ; mov dword [edi + 0x6c], 0xfffab0ef -mov dword [edi + 0x70], fcn_fffa5c8a ; mov dword [edi + 0x70], 0xfffa5c8a +mov dword [edi], fcn_fffa5ba3 ; mov dword [edi], 0xfffa5ba3 +mov dword [edi + 4], fcn_fffb00a0 ; mov dword [edi + 4], 0xfffb00a0 +mov dword [edi + 8], fcn_fffb00dc ; mov dword [edi + 8], 0xfffb00dc +mov dword [edi + 0xc], fcn_fffa5b97 ; mov dword [edi + 0xc], 0xfffa5b97 +mov dword [edi + 0x10], fcn_fffb00b9 ; mov dword [edi + 0x10], 0xfffb00b9 +mov dword [edi + 0x14], fcn_fffb0086 ; mov dword [edi + 0x14], 0xfffb0086 +mov dword [edi + 0x18], fcn_fffb3e25 ; mov dword [edi + 0x18], 0xfffb3e25 +mov dword [edi + 0x1c], fcn_fffb3e49 ; mov dword [edi + 0x1c], 0xfffb3e49 +mov dword [edi + 0x20], fcn_fffb3fc4 ; mov dword [edi + 0x20], 0xfffb3fc4 +mov dword [edi + 0x24], fcn_fffb401c ; mov dword [edi + 0x24], 0xfffb401c +mov dword [edi + 0x28], fcn_fffb3e2f ; mov dword [edi + 0x28], 0xfffb3e2f +mov dword [edi + 0x2c], fcn_fffb3fa0 ; mov dword [edi + 0x2c], 0xfffb3fa0 +mov dword [edi + 0x30], fcn_fffb3ffa ; mov dword [edi + 0x30], 0xfffb3ffa +mov dword [edi + 0x34], fcn_fffa5bfe ; mov dword [edi + 0x34], 0xfffa5bfe +mov dword [edi + 0x38], fcn_fffb028b ; mov dword [edi + 0x38], 0xfffb028b +mov dword [edi + 0x3c], fcn_fffb045c ; mov dword [edi + 0x3c], 0xfffb045c +mov dword [edi + 0x40], fcn_fffb02af ; mov dword [edi + 0x40], 0xfffb02af +mov dword [edi + 0x44], fcn_fffb0481 ; mov dword [edi + 0x44], 0xfffb0481 +mov dword [edi + 0x48], fcn_fffc375d ; mov dword [edi + 0x48], 0xfffc375d +mov dword [edi + 0x4c], fcn_fffc3739 ; mov dword [edi + 0x4c], 0xfffc3739 +mov dword [edi + 0x50], fcn_fffb3e6d ; mov dword [edi + 0x50], 0xfffb3e6d +mov dword [edi + 0x54], fcn_fffb7ea0 ; mov dword [edi + 0x54], 0xfffb7ea0 +mov dword [edi + 0x58], fcn_fffb01dc ; mov dword [edi + 0x58], 0xfffb01dc +mov dword [edi + 0x5c], fcn_fffb01ac ; mov dword [edi + 0x5c], 0xfffb01ac +mov dword [edi + 0x60], fcn_fffa5c5d ; mov dword [edi + 0x60], 0xfffa5c5d +mov dword [edi + 0x64], fcn_fffa5c45 ; mov dword [edi + 0x64], 0xfffa5c45 +mov dword [edi + 0x68], fcn_fffb01d3 ; mov dword [edi + 0x68], 0xfffb01d3 +mov dword [edi + 0x6c], fcn_fffb01ca ; mov dword [edi + 0x6c], 0xfffb01ca +mov dword [edi + 0x70], fcn_fffa5cd2 ; mov dword [edi + 0x70], 0xfffa5cd2 mov eax, dword [ebp - 0x2c] -mov dword [edi + 0x74], fcn_fffab0c8 ; mov dword [edi + 0x74], 0xfffab0c8 -mov dword [edi + 0x78], fcn_fffb45e9 ; mov dword [edi + 0x78], 0xfffb45e9 -mov dword [edi + 0x7c], fcn_fffab039 ; mov dword [edi + 0x7c], 0xfffab039 -mov dword [edi + 0x80], fcn_fffb4ecf ; mov dword [edi + 0x80], 0xfffb4ecf -mov dword [edi + 0x84], fcn_fffb506c ; mov dword [edi + 0x84], 0xfffb506c -mov dword [edi + 0x88], fcn_fffa5bc8 ; mov dword [edi + 0x88], 0xfffa5bc8 -mov dword [edi + 0x8c], fcn_fffa5bc0 ; mov dword [edi + 0x8c], 0xfffa5bc0 -mov dword [edi + 0x90], fcn_fffa5b97 ; mov dword [edi + 0x90], 0xfffa5b97 -mov dword [edi + 0x94], fcn_fffb73dd ; mov dword [edi + 0x94], 0xfffb73dd -mov dword [edi + 0x98], fcn_fffab06a ; mov dword [edi + 0x98], 0xfffab06a -mov dword [edi + 0x9c], fcn_fffaaffb ; mov dword [edi + 0x9c], 0xfffaaffb -mov dword [edi + 0xa0], fcn_fffa5b8d ; mov dword [edi + 0xa0], 0xfffa5b8d -mov dword [edi + 0xa4], fcn_fffa5b7d ; mov dword [edi + 0xa4], 0xfffa5b7d -mov dword [edi + 0xa8], fcn_fffab06f ; mov dword [edi + 0xa8], 0xfffab06f +mov dword [edi + 0x74], fcn_fffb01a3 ; mov dword [edi + 0x74], 0xfffb01a3 +mov dword [edi + 0x78], fcn_fffb03bb ; mov dword [edi + 0x78], 0xfffb03bb +mov dword [edi + 0x7c], fcn_fffb0108 ; mov dword [edi + 0x7c], 0xfffb0108 +mov dword [edi + 0x80], fcn_fffb8075 ; mov dword [edi + 0x80], 0xfffb8075 +mov dword [edi + 0x84], fcn_fffb9af0 ; mov dword [edi + 0x84], 0xfffb9af0 +mov dword [edi + 0x88], fcn_fffa5bf7 ; mov dword [edi + 0x88], 0xfffa5bf7 +mov dword [edi + 0x8c], fcn_fffa5bef ; mov dword [edi + 0x8c], 0xfffa5bef +mov dword [edi + 0x90], fcn_fffa5bc6 ; mov dword [edi + 0x90], 0xfffa5bc6 +mov dword [edi + 0x94], fcn_fffb8fa9 ; mov dword [edi + 0x94], 0xfffb8fa9 +mov dword [edi + 0x98], fcn_fffb0139 ; mov dword [edi + 0x98], 0xfffb0139 +mov dword [edi + 0x9c], fcn_fffb4041 ; mov dword [edi + 0x9c], 0xfffb4041 +mov dword [edi + 0xa0], fcn_fffa5bbc ; mov dword [edi + 0xa0], 0xfffa5bbc +mov dword [edi + 0xa4], fcn_fffa5bac ; mov dword [edi + 0xa4], 0xfffa5bac +mov dword [edi + 0xa8], fcn_fffb013e ; mov dword [edi + 0xa8], 0xfffb013e mov dword [eax + 9], ebx mov dword [eax + 0x1e], edi xor eax, eax @@ -1639,13 +1639,13 @@ mov byte [ecx + 0x3f], 0xf mov byte [ecx + 0x42], 0x14 mov word [ecx + 0x50], 1 -loc_fffa1956: +loc_fffa195f: mov byte [ecx + eax + 9], 8 mov byte [ecx + eax + 0x19], 7 mov byte [ecx + eax + 0x29], 2 inc eax cmp eax, 0x10 -jne short loc_fffa1956 ; jne 0xfffa1956 +jne short loc_fffa195f ; jne 0xfffa195f mov eax, dword [ebp - 0x44] mov byte [ecx + 0x49], 0 mov byte [eax], 0 @@ -1653,11 +1653,11 @@ xor eax, eax mov byte [ecx + 0x52], 0 mov byte [ecx + 0x53], 0 -loc_fffa197f: +loc_fffa1988: mov byte [ecx + eax + 0x54], 8 inc eax cmp eax, 8 -jne short loc_fffa197f ; jne 0xfffa197f +jne short loc_fffa1988 ; jne 0xfffa1988 mov eax, dword [ebp - 0x2c] sub esp, 0xc mov dword [ecx + 0x44], 0 @@ -1678,22 +1678,22 @@ mov byte [eax + 0x22], 0 mov eax, dword [esi + 0x8f6] mov dword [ecx + 0x15], eax push dword [ebp - 0x30] -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa19ec: +loc_fffa19f5: sub esp, 0xc -push ref_fffd5f93 ; push 0xfffd5f93 -call mrc_printk ; call 0xfffb76e3 -mov dword [esp], ref_fffd6594 ; mov dword [esp], 0xfffd6594 -call fcn_fffab5db ; call 0xfffab5db +push ref_fffd628f ; push 0xfffd628f +call mrc_printk ; call 0xfffb8212 +mov dword [esp], ref_fffd6890 ; mov dword [esp], 0xfffd6890 +call fcn_fffb0585 ; call 0xfffb0585 mov dword [esp], 0x20 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_fffa1a74 ; je 0xfffa1a74 -mov dword [eax + 0x14], fcn_fffb4a59 ; mov dword [eax + 0x14], 0xfffb4a59 +je short loc_fffa1a7d ; je 0xfffa1a7d +mov dword [eax + 0x14], fcn_fffb4acb ; mov dword [eax + 0x14], 0xfffb4acb sub esp, 0xc mov dword [eax + 0xc], 0x53524549 mov dword [eax + 0x10], 0 @@ -1703,36 +1703,36 @@ lea edx, [eax + 0xf8000] add eax, 0xf80f0 mov dword [ebx + 0x1c], edx push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 mov dword [ebx], 0x80000010 -mov dword [ebx + 4], ref_fffd65a0 ; mov dword [ebx + 4], 0xfffd65a0 +mov dword [ebx + 4], ref_fffd689c ; mov dword [ebx + 4], 0xfffd689c and eax, 0xffffc000 mov dword [ebx + 0x18], eax lea eax, [ebx + 0x14] mov dword [ebx + 8], eax mov dword [esp], ebx -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa1a74: +loc_fffa1a7d: push ebx push ebx lea eax, [ebp - 0x1c] push eax push 0x11b -call fcn_fffab60f ; call 0xfffab60f +call fcn_fffb05b9 ; call 0xfffb05b9 add esp, 0x10 test eax, eax -jns short loc_fffa1a92 ; jns 0xfffa1a92 +jns short loc_fffa1a9b ; jns 0xfffa1a9b mov dword [ebp - 0x1c], 0 -loc_fffa1a92: +loc_fffa1a9b: mov ebx, dword [ebp - 0x1c] test ebx, ebx -je loc_fffa1b43 ; je 0xfffa1b43 +je loc_fffa1b4c ; je 0xfffa1b4c mov edx, ebx mov eax, 0xff7d0278 -call fcn_fffab505 ; call 0xfffab505 +call fcn_fffb04af ; call 0xfffb04af mov eax, dword [0xff7d0084] sub esp, 0xc mov edi, dword [eax + 0x14] @@ -1740,14 +1740,14 @@ mov eax, dword [ebx + 8] lea esi, [edi + 0xfb020] push esi mov dword [ebp - 0x2c], eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 pop edx pop ecx and eax, 0xffe0 or eax, dword [ebp - 0x2c] push eax push esi -call fcn_fffb3d84 ; call 0xfffb3d84 +call fcn_fffb3ffa ; call 0xfffb3ffa mov al, byte [edi + 0xfb004] or eax, 1 mov byte [edi + 0xfb004], al @@ -1765,12 +1765,12 @@ pop esi pop edi push 0xff push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 +call fcn_fffb4a42 ; call 0xfffb4a42 lea eax, [ebx + 0xc] add ebx, 0x38 mov dword [esp], eax -call fcn_fffab5db ; call 0xfffab5db -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0585 ; call 0xfffb0585 +call fcn_fffb0201 ; call 0xfffb0201 pop edx pop ecx mov edx, dword [eax] @@ -1779,24 +1779,24 @@ push eax call dword [edx + 0x24] ; ucall add esp, 0x10 -loc_fffa1b43: +loc_fffa1b4c: sub esp, 0xc -mov esi, ref_fffd65d0 ; mov esi, 0xfffd65d0 -push ref_fffd5fcb ; push 0xfffd5fcb -call mrc_printk ; call 0xfffb76e3 +mov esi, ref_fffd68cc ; mov esi, 0xfffd68cc +push ref_fffd62c7 ; push 0xfffd62c7 +call mrc_printk ; call 0xfffb8212 lea eax, [ebp - 0x24] push eax push 0 push 0 -push ref_fffd661c ; push 0xfffd661c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6918 ; push 0xfffd6918 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x1c mov ebx, dword [ebp - 0x24] lea eax, [ebp - 0x20] push eax push 0x73 push 4 -call fcn_fffab5ba ; call 0xfffab5ba +call fcn_fffb0564 ; call 0xfffb0564 mov eax, dword [ebp - 0x20] mov ecx, 4 lea edi, [eax + 8] @@ -1806,36 +1806,36 @@ pop edx pop ecx push 8 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f mov eax, dword [ebp - 0x20] pop esi pop edi add eax, 0x20 push 8 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f pop eax mov eax, dword [ebp - 0x20] pop edx add eax, 0x29 push 0x21 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f mov eax, dword [ebp - 0x20] add esp, 0x10 mov byte [eax + 0x28], 0 mov byte [eax + 0x71], 0 cmp byte [ebx], 1 -jbe short loc_fffa1bd2 ; jbe 0xfffa1bd2 +jbe short loc_fffa1bdb ; jbe 0xfffa1bdb mov edx, dword [ebx + 0xd] mov dl, byte [edx + 0x49] mov byte [eax + 0x4a], dl -jmp short loc_fffa1bd6 ; jmp 0xfffa1bd6 +jmp short loc_fffa1bdf ; jmp 0xfffa1bdf -loc_fffa1bd2: +loc_fffa1bdb: mov byte [eax + 0x4a], 0 -loc_fffa1bd6: +loc_fffa1bdf: mov edx, dword [ebx + 5] mov dl, byte [edx + 7] mov byte [eax + 0x72], dl @@ -1843,73 +1843,73 @@ lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_fffd65c0 ; push 0xfffd65c0 -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68bc ; push 0xfffd68bc +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [ebp - 0x1c] add esp, 0x10 mov edx, dword [eax + 9] cmp dword [edx + 4], 0 -je short loc_fffa1c29 ; je 0xfffa1c29 +je short loc_fffa1c32 ; je 0xfffa1c32 mov ebx, dword [ebp - 0x20] mov byte [ebx + 0x18], 1 mov edx, dword [eax + 1] cmp byte [edx], 0 -jns short loc_fffa1c29 ; jns 0xfffa1c29 +jns short loc_fffa1c32 ; jns 0xfffa1c32 push ecx push 0x14 mov eax, dword [eax + 9] mov eax, dword [eax + 4] push dword [eax + 0x1c] push dword [eax + 0x18] -call fcn_fffab0ef ; call 0xfffab0ef +call fcn_fffb01ca ; call 0xfffb01ca add esp, 0x10 mov byte [ebx + 0x19], al -loc_fffa1c29: +loc_fffa1c32: mov eax, dword [ebp - 0x20] mov byte [eax + 0x20], 2 mov edx, dword [ebp - 0x1c] mov ecx, dword [edx + 1] test byte [ecx], 0x10 -je short loc_fffa1c49 ; je 0xfffa1c49 +je short loc_fffa1c52 ; je 0xfffa1c52 mov edx, dword [edx + 9] mov edx, dword [edx] mov dl, byte [edx + 0x301] mov byte [eax + 0x21], dl -loc_fffa1c49: +loc_fffa1c52: sub esp, 0xc -push ref_fffd65e0 ; push 0xfffd65e0 -call fcn_fffab5db ; call 0xfffab5db -mov dword [esp], ref_fffd5faa ; mov dword [esp], 0xfffd5faa -call mrc_printk ; call 0xfffb76e3 +push ref_fffd68dc ; push 0xfffd68dc +call fcn_fffb0585 ; call 0xfffb0585 +mov dword [esp], ref_fffd62a6 ; mov dword [esp], 0xfffd62a6 +call mrc_printk ; call 0xfffb8212 mov dword [esp], 0x19 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_fffa1cea ; je 0xfffa1cea +je short loc_fffa1cf3 ; je 0xfffa1cf3 mov dword [eax], 0x4943524d lea eax, [eax + 0x14] mov dword [eax - 0x10], 0x80000020 lea esi, [ebx + 4] -mov dword [eax - 8], fcn_fffcd152 ; mov dword [eax - 8], 0xfffcd152 +mov dword [eax - 8], fcn_fffcdaba ; mov dword [eax - 8], 0xfffcdaba mov dword [eax - 4], 0 mov byte [eax + 4], 0 mov dword [eax], 0 push eax push 0 push 0 -push ref_fffd65fc ; push 0xfffd65fc -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68f8 ; push 0xfffd68f8 +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [ebx + 0x14] add esp, 0x10 test eax, eax -je short loc_fffa1cd9 ; je 0xfffa1cd9 +je short loc_fffa1ce2 ; je 0xfffa1ce2 test byte [eax + 1], 1 -je short loc_fffa1cd9 ; je 0xfffa1cd9 -mov dword [ebx + 8], ref_fffd65ec ; mov dword [ebx + 8], 0xfffd65ec -call fcn_fffab405 ; call 0xfffab405 +je short loc_fffa1ce2 ; je 0xfffa1ce2 +mov dword [ebx + 8], ref_fffd68e8 ; mov dword [ebx + 8], 0xfffd68e8 +call fcn_fffb0201 ; call 0xfffb0201 push edx push edx mov edx, dword [eax] @@ -1918,31 +1918,31 @@ push eax call dword [edx + 0x24] ; ucall add esp, 0x10 -loc_fffa1cd9: +loc_fffa1ce2: push edi push 0 push esi push 0xff7d0278 -call fcn_fffcd152 ; call 0xfffcd152 +call fcn_fffcdaba ; call 0xfffcdaba add esp, 0x10 -loc_fffa1cea: -call fcn_fffab5f3 ; call 0xfffab5f3 +loc_fffa1cf3: +call fcn_fffb059d ; call 0xfffb059d push ebx push ebx push eax -push ref_fffd660c ; push 0xfffd660c -call fcn_fffc5551 ; call 0xfffc5551 +push ref_fffd6908 ; push 0xfffd6908 +call fcn_fffc5baf ; call 0xfffc5baf add esp, 0x10 mov esi, eax test eax, eax -jne short loc_fffa1d21 ; jne 0xfffa1d21 +jne short loc_fffa1d2a ; jne 0xfffa1d2a mov eax, dword [ebp + 8] mov dword [eax + 0x906], 0 mov dword [eax + 0x902], 0 -jmp near loc_fffa1e75 ; jmp 0xfffa1e75 +jmp near loc_fffa1e7e ; jmp 0xfffa1e7e -loc_fffa1d21: +loc_fffa1d2a: mov eax, dword [eax + 0x20] mov ecx, dword [ebp + 8] mov byte [ebp - 0x2c], 0 @@ -1950,55 +1950,55 @@ mov dword [ecx + 0x906], eax lea eax, [esi + 0x20] mov dword [ecx + 0x902], eax mov byte [ecx + 0x90a], 0 -mov eax, dword [esi + 0x245b] +mov eax, dword [esi + 0x245c] mov dword [ebp - 0x34], eax lea eax, [esi + 0x1092] mov dword [ebp - 0x38], eax -loc_fffa1d53: +loc_fffa1d5c: mov al, byte [ebp - 0x2c] mov dword [ebp - 0x30], 0 add eax, eax -mov byte [ebp - 0x40], al +mov byte [ebp - 0x3c], al mov eax, dword [ebp - 0x38] lea edi, [eax + 0x25d] mov ecx, eax -loc_fffa1d6d: +loc_fffa1d76: mov edx, dword [ebp - 0x30] -mov al, byte [ebp - 0x40] +mov al, byte [ebp - 0x3c] mov byte [ebp - 0x44], dl add eax, edx cmp dword [ecx], 2 -mov byte [ebp - 0x3c], al -jne loc_fffa1e4b ; jne 0xfffa1e4b +mov byte [ebp - 0x40], al +jne loc_fffa1e54 ; jne 0xfffa1e54 mov eax, dword [ebp + 8] mov edx, dword [ebp + 8] movzx eax, byte [eax + 0x90a] imul eax, eax, 0x28 lea eax, [edx + eax + 0x900] -mov edx, dword [esi + 0x2498] +mov edx, dword [esi + 0x2499] mov dword [ebp - 0x48], eax lea ebx, [eax + 0xb] cmp edx, 2 -je short loc_fffa1dc5 ; je 0xfffa1dc5 +je short loc_fffa1dce ; je 0xfffa1dce cmp edx, 3 -je short loc_fffa1dcd ; je 0xfffa1dcd +je short loc_fffa1dd6 ; je 0xfffa1dd6 dec edx mov eax, 0xff mov edx, 0x18 cmove eax, edx mov word [ebx + 4], ax -jmp short loc_fffa1dd3 ; jmp 0xfffa1dd3 +jmp short loc_fffa1ddc ; jmp 0xfffa1ddc -loc_fffa1dc5: +loc_fffa1dce: mov word [ebx + 4], 0x1a -jmp short loc_fffa1dd3 ; jmp 0xfffa1dd3 +jmp short loc_fffa1ddc ; jmp 0xfffa1ddc -loc_fffa1dcd: +loc_fffa1dd6: mov word [ebx + 4], 0x1d -loc_fffa1dd3: +loc_fffa1ddc: mov eax, dword [esi + 0x1837] mov edx, dword [ebp - 0x48] mov dword [ebp - 0x48], ecx @@ -2011,7 +2011,7 @@ mov al, byte [ebp - 0x2c] mov byte [ebx + 9], al mov al, byte [ebp - 0x44] mov byte [ebx + 0xa], al -mov al, byte [ebp - 0x3c] +mov al, byte [ebp - 0x40] mov byte [ebx + 0xb], al lea eax, [ebx + 0x11] push ecx @@ -2039,25 +2039,25 @@ mov byte [ebx + 0x27], al mov eax, dword [ebp + 8] inc byte [eax + 0x90a] -loc_fffa1e4b: +loc_fffa1e54: inc dword [ebp - 0x30] add ecx, 0x128 add edi, 0x21 cmp dword [ebp - 0x30], 2 -jne loc_fffa1d6d ; jne 0xfffa1d6d +jne loc_fffa1d76 ; jne 0xfffa1d76 inc byte [ebp - 0x2c] add dword [ebp - 0x38], 0x433 cmp byte [ebp - 0x2c], 2 -jne loc_fffa1d53 ; jne 0xfffa1d53 +jne loc_fffa1d5c ; jne 0xfffa1d5c -loc_fffa1e75: +loc_fffa1e7e: sub esp, 0xc -push ref_fffd5fbf ; push 0xfffd5fbf -call mrc_printk ; call 0xfffb76e3 +push ref_fffd62bb ; push 0xfffd62bb +call mrc_printk ; call 0xfffb8212 add esp, 0x10 xor eax, eax -loc_fffa1e87: +loc_fffa1e90: lea esp, [ebp - 0xc] pop ebx pop esi @@ -2065,7 +2065,7 @@ pop edi pop ebp ret -fcn_fffa1e8f: +fcn_fffa1e98: push ebp mov ebp, esp push edi @@ -2073,187 +2073,197 @@ push esi mov esi, edx push ebx sub esp, 0x6214 -push 0x5ee4 -lea edi, [ebp - 0x5efc] +push 0x5ee5 +lea edi, [ebp - 0x5efd] push edi mov dword [ebp - 0x6208], ecx mov dword [ebp - 0x6204], eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f pop ebx pop eax -lea ebx, [ebp - 0x60c7] +lea ebx, [ebp - 0x60c8] push 0x1cb push ebx -call fcn_fffac673 ; call 0xfffac673 -lea eax, [ebp - 0x6173] +call fcn_fffb067f ; call 0xfffb067f +lea eax, [ebp - 0x6174] mov dword [ebp - 0x3ab9], eax -mov eax, dword [ref_fffd3288] ; mov eax, dword [0xfffd3288] -lea edx, [ebp - 0x61c0] +mov eax, dword [ref_fffd3578] ; mov eax, dword [0xfffd3578] +lea edx, [ebp - 0x61c1] mov dword [ebp - 0x20], ebx -mov dword [ebp - 0x60c3], edx +mov dword [ebp - 0x60c4], edx mov dword [ebp - 0x6200], edx -mov dword [ebp - 0x5efc], eax -lea eax, [ebp - 0x61e8] +mov dword [ebp - 0x5efd], eax +lea eax, [ebp - 0x61ec] push eax push 0 push 0 -push ref_fffd661c ; push 0xfffd661c -mov dword [ebp - 0x60c7], 0x1cb -mov dword [ebp - 0x5ef8], 0x5ee4 -mov dword [ebp - 0x5ef4], 0x1866 -mov dword [ebp - 0x468e], 0xbdd +push ref_fffd6918 ; push 0xfffd6918 +mov dword [ebp - 0x60c8], 0x1cb +mov dword [ebp - 0x5ef9], 0x5ee5 +mov dword [ebp - 0x5ef5], 0x1866 +mov dword [ebp - 0x468f], 0xbde mov dword [ebp - 0x3ab1], 0x3a91 -call fcn_fffab40f ; call 0xfffab40f -mov eax, dword [ebp - 0x61e8] +call fcn_fffb020b ; call 0xfffb020b +mov eax, dword [ebp - 0x61ec] add esp, 0x20 mov edx, dword [ebp - 0x3ab9] mov ecx, dword [eax + 9] mov ebx, dword [eax + 0x1e] mov dword [ebp - 0x61fc], edx -mov dword [ebx + 0xac], fcn_fffc6ea0 ; mov dword [ebx + 0xac], 0xfffc6ea0 -mov dword [ebx + 0xb0], fcn_fffc45f9 ; mov dword [ebx + 0xb0], 0xfffc45f9 -mov dword [ebx + 0xb4], fcn_fffac81d ; mov dword [ebx + 0xb4], 0xfffac81d -mov dword [ebx + 0xb8], fcn_fffc3bd3 ; mov dword [ebx + 0xb8], 0xfffc3bd3 -mov dword [ebx + 0xbc], fcn_fffcc900 ; mov dword [ebx + 0xbc], 0xfffcc900 -mov dword [ebx + 0xc0], fcn_fffac7e7 ; mov dword [ebx + 0xc0], 0xfffac7e7 -mov dword [ebx + 0xc4], fcn_fffa9178 ; mov dword [ebx + 0xc4], 0xfffa9178 -mov dword [ebx + 0xc8], fcn_fffcc4cb ; mov dword [ebx + 0xc8], 0xfffcc4cb -mov dword [ebx + 0xcc], fcn_fffa8c9b ; mov dword [ebx + 0xcc], 0xfffa8c9b -mov dword [ebp - 0x3ae1], eax +mov dword [ebx + 0xac], fcn_fffc8b09 ; mov dword [ebx + 0xac], 0xfffc8b09 +mov dword [ebx + 0xb0], fcn_fffce35b ; mov dword [ebx + 0xb0], 0xfffce35b +mov dword [ebx + 0xb4], fcn_fffb1612 ; mov dword [ebx + 0xb4], 0xfffb1612 +mov dword [ebx + 0xb8], fcn_fffc3ac8 ; mov dword [ebx + 0xb8], 0xfffc3ac8 +mov dword [ebx + 0xbc], fcn_fffcd268 ; mov dword [ebx + 0xbc], 0xfffcd268 +mov dword [ebx + 0xc0], fcn_fffb15dc ; mov dword [ebx + 0xc0], 0xfffb15dc +mov dword [ebx + 0xc4], fcn_fffabc7a ; mov dword [ebx + 0xc4], 0xfffabc7a +mov dword [ebx + 0xc8], fcn_fffcce33 ; mov dword [ebx + 0xc8], 0xfffcce33 +mov dword [ebx + 0xcc], fcn_fffab79d ; mov dword [ebx + 0xcc], 0xfffab79d +mov dword [ebp - 0x3ae2], eax mov ax, word [ecx + 0xc8] -mov word [ebp - 0x3ae5], ax +mov word [ebp - 0x3ae6], ax mov ax, word [ecx + 0xca] -mov word [ebp - 0x3ae3], ax -call fcn_fffa6801 ; call 0xfffa6801 +mov word [ebp - 0x3ae4], ax +call fcn_fffa67af ; call 0xfffa67af sub esp, 0xc -lea ecx, [ebp - 0x61c4] -push ecx lea ecx, [ebp - 0x61c8] push ecx lea ecx, [ebp - 0x61cc] push ecx -mov dword [ebp - 0x3aea], eax -lea eax, [ebp - 0x61d0] +lea ecx, [ebp - 0x61d0] +push ecx +mov dword [ebp - 0x3aeb], eax +lea eax, [ebp - 0x61d4] push eax push 1 -call fcn_fffd28d0 ; call 0xfffd28d0 +call fcn_fffd2bc2 ; call 0xfffd2bc2 add esp, 0x1c -mov eax, dword [ebp - 0x61d0] +mov eax, dword [ebp - 0x61d4] push 0xac push ebx push dword [ebp - 0x61fc] and eax, 0xf -mov byte [ebp - 0x3ae6], al +mov byte [ebp - 0x3ae7], al call dword [ebx + 0x58] ; ucall mov edx, dword [ebp - 0x6200] add esp, 0xc push 0x4d -push ref_fffd3238 ; push 0xfffd3238 +push ref_fffd3528 ; push 0xfffd3528 push edx -call dword [ebp - 0x611b] ; ucall -call fcn_fffab405 ; call 0xfffab405 +call dword [ebp - 0x611c] ; ucall +call fcn_fffb0201 ; call 0xfffb0201 pop edx pop ecx -lea ecx, [ebp - 0x61e0] +lea ecx, [ebp - 0x61e4] mov edx, dword [eax] push ecx push eax call dword [edx + 0x28] ; ucall add esp, 0x10 -cmp dword [ebp - 0x61e0], 0x11 -je short loc_fffa20a7 ; je 0xfffa20a7 -lea eax, [ebp - 0x61e4] +cmp dword [ebp - 0x61e4], 0x11 +je short loc_fffa20b0 ; je 0xfffa20b0 +lea eax, [ebp - 0x61e8] push ecx push eax -push 0x5efd +push 0x5efe push 4 -call fcn_fffab5ba ; call 0xfffab5ba +call fcn_fffb0564 ; call 0xfffb0564 add esp, 0x10 test eax, eax -js short loc_fffa20b1 ; js 0xfffa20b1 -mov ebx, dword [ebp - 0x61e4] +js short loc_fffa20ba ; js 0xfffa20ba +mov ebx, dword [ebp - 0x61e8] push eax push 0x10 -push ref_fffd660c ; push 0xfffd660c +push ref_fffd6908 ; push 0xfffd6908 lea eax, [ebx + 8] add ebx, 0x18 push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc pop eax pop edx -push 0x5ee5 +push 0x5ee6 push ebx -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f add esp, 0x10 -jmp short loc_fffa20b1 ; jmp 0xfffa20b1 +jmp short loc_fffa20ba ; jmp 0xfffa20ba -loc_fffa20a7: -mov dword [ebp - 0x61e4], 0 +loc_fffa20b0: +mov dword [ebp - 0x61e8], 0 -loc_fffa20b1: -mov eax, dword [ebp - 0x61e8] +loc_fffa20ba: +mov eax, dword [ebp - 0x61ec] mov edx, dword [eax + 9] mov eax, 5 cmp byte [edx + 0x55], 0 -jne short loc_fffa20c9 ; jne 0xfffa20c9 +jne short loc_fffa20d2 ; jne 0xfffa20d2 movzx eax, byte [edx + 0x2d] -loc_fffa20c9: -mov edx, dword [ebp - 0x61e0] -mov dword [ebp - 0x45fe], eax -mov dword [ebp - 0x4602], esi +loc_fffa20d2: +mov edx, dword [ebp - 0x61e4] +mov dword [ebp - 0x45ff], eax +mov dword [ebp - 0x4603], esi cmp edx, 0x11 -je short loc_fffa20eb ; je 0xfffa20eb -mov eax, dword [ebp - 0x61e4] +je short loc_fffa20f4 ; je 0xfffa20f4 +mov eax, dword [ebp - 0x61e8] add eax, 0x18 -jmp short loc_fffa20ed ; jmp 0xfffa20ed +jmp short loc_fffa20f6 ; jmp 0xfffa20f6 -loc_fffa20eb: +loc_fffa20f4: xor eax, eax -loc_fffa20ed: +loc_fffa20f6: push ecx push ecx push 0xdd00 push edi -mov dword [ebp - 0x460a], eax +mov dword [ebp - 0x460b], eax xor eax, eax cmp edx, 0x11 mov edx, 0xfbe8 cmovne eax, edx -mov dword [ebp - 0x4606], eax -call dword [ebp - 0x60df] ; ucall -lea edx, [ebp - 0x61c4] +mov dword [ebp - 0x4607], eax +call dword [ebp - 0x60e0] ; ucall +lea edx, [ebp - 0x61c8] mov edi, dword [ebp - 0x3ab9] mov dword [esp], edx -lea edx, [ebp - 0x61c8] -push edx lea edx, [ebp - 0x61cc] push edx -lea eax, [ebp - 0x61d0] +lea edx, [ebp - 0x61d0] +push edx +lea eax, [ebp - 0x61d4] push eax push 1 -mov byte [ebp - 0x61e9], 0 -call fcn_fffd28d0 ; call 0xfffd28d0 +mov byte [ebp - 0x61ed], 0 +call fcn_fffd2bc2 ; call 0xfffd2bc2 add esp, 0x20 -test byte [ebp - 0x61c8], 0x40 -je short loc_fffa21cf ; je 0xfffa21cf +test byte [ebp - 0x61cc], 0x40 +je loc_fffa21f6 ; je 0xfffa21f6 +mov edx, cr4 +mov eax, edx +or eax, 0x4000 +mov cr4, eax +xor eax, eax +mov ebx, eax +getsec +mov cr4, edx +test al, 1 +je short loc_fffa21f6 ; je 0xfffa21f6 sub esp, 0xc push 0x2e7 call dword [edi + 0xa0] ; ucall add esp, 0x10 test al, 6 -je short loc_fffa21cf ; je 0xfffa21cf -lea eax, [ebp - 0x61d4] +je short loc_fffa21f6 ; je 0xfffa21f6 +lea eax, [ebp - 0x61d8] mov ebx, 0x2ee push eax push 0 push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 -loc_fffa2184: +loc_fffa21ab: mov eax, dword [esi] mov eax, dword [eax + 0x60] push 0 @@ -2263,10 +2273,10 @@ push esi call dword [eax + 0x30] ; ucall add esp, 0x10 cmp al, 0xff -je short loc_fffa21bc ; je 0xfffa21bc +je short loc_fffa21e3 ; je 0xfffa21e3 test al, al -js loc_fffa2abe ; js 0xfffa2abe -mov eax, dword [ebp - 0x61d4] +js loc_fffa2ade ; js 0xfffa2ade +mov eax, dword [ebp - 0x61d8] push edx push 0x3e8 push eax @@ -2274,9 +2284,9 @@ push esi call dword [eax + 4] ; ucall add esp, 0x10 dec bx -jne short loc_fffa2184 ; jne 0xfffa2184 +jne short loc_fffa21ab ; jne 0xfffa21ab -loc_fffa21bc: +loc_fffa21e3: push ebx push 0 push 0 @@ -2284,10 +2294,10 @@ push 0x2e6 call dword [edi + 0xa4] ; ucall add esp, 0x10 -loc_fffa21cf: -cmp dword [ebp - 0x61e0], 0x11 +loc_fffa21f6: +cmp dword [ebp - 0x61e4], 0x11 mov dword [ebp - 0x6200], 2 -je short loc_fffa222d ; je 0xfffa222d +je short loc_fffa2254 ; je 0xfffa2254 mov ebx, dword [ebp - 0x3ab9] push 0xa0 push 0 @@ -2297,10 +2307,10 @@ call dword [ebx + 0x48] ; ucall pop edx pop ecx push eax -movzx eax, word [ebp - 0x3ae5] +movzx eax, word [ebp - 0x3ae6] push eax call dword [ebx + 0x14] ; ucall -movzx eax, word [ebp - 0x3ae3] +movzx eax, word [ebp - 0x3ae4] mov dword [esp], eax call dword [ebx + 8] ; ucall add esp, 0x10 @@ -2311,225 +2321,224 @@ sete al movzx eax, al mov dword [ebp - 0x6200], eax -loc_fffa222d: -mov eax, dword [ebp - 0x3aea] +loc_fffa2254: +mov eax, dword [ebp - 0x3aeb] cmp eax, 0x40650 -jne short loc_fffa2246 ; jne 0xfffa2246 -mov dword [ebp - 0x4675], 0x40650 -jmp short loc_fffa2274 ; jmp 0xfffa2274 +jne short loc_fffa226d ; jne 0xfffa226d +mov dword [ebp - 0x4676], 0x40650 +jmp short loc_fffa229b ; jmp 0xfffa229b -loc_fffa2246: +loc_fffa226d: cmp eax, 0x306c0 -jne short loc_fffa2263 ; jne 0xfffa2263 -mov dword [ebp - 0x4675], 0x306c0 -mov dword [ebp - 0x4671], 0 -jmp short loc_fffa22da ; jmp 0xfffa22da +jne short loc_fffa228a ; jne 0xfffa228a +mov dword [ebp - 0x4676], 0x306c0 +mov dword [ebp - 0x4672], 0 +jmp short loc_fffa2301 ; jmp 0xfffa2301 -loc_fffa2263: +loc_fffa228a: cmp eax, 0x40660 -jne short loc_fffa228d ; jne 0xfffa228d -mov dword [ebp - 0x4675], 0x40660 +jne short loc_fffa22b4 ; jne 0xfffa22b4 +mov dword [ebp - 0x4676], 0x40660 -loc_fffa2274: -mov dword [ebp - 0x4671], 0 -mov dword [ebp - 0x4679], 1 -jmp near loc_fffa231f ; jmp 0xfffa231f +loc_fffa229b: +mov dword [ebp - 0x4672], 0 +mov dword [ebp - 0x467a], 1 +jmp near loc_fffa2346 ; jmp 0xfffa2346 -loc_fffa228d: +loc_fffa22b4: cmp eax, 0x306d0 -jne short loc_fffa22f2 ; jne 0xfffa22f2 -mov al, byte [ebp - 0x3ae6] -mov dword [ebp - 0x4675], 0x306d0 -mov dword [ebp - 0x4671], 1 +jne short loc_fffa2319 ; jne 0xfffa2319 +mov al, byte [ebp - 0x3ae7] +mov dword [ebp - 0x4676], 0x306d0 +mov dword [ebp - 0x4672], 1 cmp al, 3 -je short loc_fffa22da ; je 0xfffa22da +je short loc_fffa2301 ; je 0xfffa2301 cmp al, 4 -jne short loc_fffa22e6 ; jne 0xfffa22e6 +jne short loc_fffa230d ; jne 0xfffa230d mov eax, dword [0xff7d0084] sub esp, 0xc mov eax, dword [eax + 0x14] add eax, 8 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 and eax, 0xf cmp eax, 9 sbb eax, eax add eax, 5 -jmp short loc_fffa2319 ; jmp 0xfffa2319 +jmp short loc_fffa2340 ; jmp 0xfffa2340 -loc_fffa22da: -mov dword [ebp - 0x4679], 3 -jmp short loc_fffa231f ; jmp 0xfffa231f +loc_fffa2301: +mov dword [ebp - 0x467a], 3 +jmp short loc_fffa2346 ; jmp 0xfffa2346 -loc_fffa22e6: -mov dword [ebp - 0x4679], 5 -jmp short loc_fffa231f ; jmp 0xfffa231f +loc_fffa230d: +mov dword [ebp - 0x467a], 5 +jmp short loc_fffa2346 ; jmp 0xfffa2346 -loc_fffa22f2: +loc_fffa2319: cmp eax, 0x40670 -jne short loc_fffa231f ; jne 0xfffa231f +jne short loc_fffa2346 ; jne 0xfffa2346 xor eax, eax -cmp byte [ebp - 0x3ae6], 0 -mov dword [ebp - 0x4675], 0x40670 -mov dword [ebp - 0x4671], 1 +cmp byte [ebp - 0x3ae7], 0 +mov dword [ebp - 0x4676], 0x40670 +mov dword [ebp - 0x4672], 1 setne al -loc_fffa2319: -mov dword [ebp - 0x4679], eax +loc_fffa2340: +mov dword [ebp - 0x467a], eax -loc_fffa231f: +loc_fffa2346: mov eax, dword [ebp - 0x6208] -mov dword [ebp - 0x61d0], 0 +mov dword [ebp - 0x61d4], 0 mov eax, dword [eax + 0x14] test eax, eax -jne short loc_fffa2347 ; jne 0xfffa2347 +jne short loc_fffa236e ; jne 0xfffa236e -loc_fffa2336: -mov eax, dword [ebp - 0x61e8] +loc_fffa235d: +mov eax, dword [ebp - 0x61ec] xor ebx, ebx mov edi, dword [eax + 0x15] test edi, edi -jne short loc_fffa2373 ; jne 0xfffa2373 -jmp short loc_fffa23a6 ; jmp 0xfffa23a6 +jne short loc_fffa239a ; jne 0xfffa239a +jmp short loc_fffa23cd ; jmp 0xfffa23cd -loc_fffa2347: +loc_fffa236e: test byte [eax + 1], 1 -je short loc_fffa2336 ; je 0xfffa2336 -lea eax, [ebp - 0x61d0] +je short loc_fffa235d ; je 0xfffa235d +lea eax, [ebp - 0x61d4] push eax push 0 push 0 -push ref_fffd65ec ; push 0xfffd65ec -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68e8 ; push 0xfffd68e8 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 test eax, eax -je short loc_fffa2336 ; je 0xfffa2336 +je short loc_fffa235d ; je 0xfffa235d -loc_fffa2369: +loc_fffa2390: mov eax, 0x8000000e -jmp near loc_fffa2b0c ; jmp 0xfffa2b0c +jmp near loc_fffa2b3b ; jmp 0xfffa2b3b -loc_fffa2373: -cmp dword [ebp - 0x61e0], 4 -je short loc_fffa23a6 ; je 0xfffa23a6 +loc_fffa239a: +cmp dword [ebp - 0x61e4], 4 +je short loc_fffa23cd ; je 0xfffa23cd lea eax, [edi + 8] mov edx, 0x185e -call fcn_fffc3dc3 ; call 0xfffc3dc3 +call fcn_fffc3cb8 ; call 0xfffc3cb8 cmp eax, dword [edi + 4] -jne short loc_fffa23a6 ; jne 0xfffa23a6 +jne short loc_fffa23cd ; jne 0xfffa23cd push eax mov eax, dword [esi] mov bl, 1 push 0x1866 push edi -lea edx, [ebp - 0x5ef4] +lea edx, [ebp - 0x5ef5] push edx call dword [eax + 0x50] ; ucall add esp, 0x10 -loc_fffa23a6: -cmp dword [ebp - 0x61e0], 0x11 -jne short loc_fffa23b3 ; jne 0xfffa23b3 +loc_fffa23cd: +cmp dword [ebp - 0x61e4], 0x11 +jne short loc_fffa23da ; jne 0xfffa23da test bl, bl -je short loc_fffa2369 ; je 0xfffa2369 +je short loc_fffa2390 ; je 0xfffa2390 -loc_fffa23b3: -lea eax, [ebp - 0x61dc] +loc_fffa23da: +lea eax, [ebp - 0x61e0] push eax push 0 push 0 -push ref_fffd6070 ; push 0xfffd6070 -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd636c ; push 0xfffd636c +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [ebp - 0x6200] add esp, 0x10 dec eax cmp eax, 1 -jbe short loc_fffa23fe ; jbe 0xfffa23fe +jbe short loc_fffa2425 ; jbe 0xfffa2425 push eax -lea eax, [ebp - 0x61e9] +lea eax, [ebp - 0x61ed] push eax -mov eax, dword [ebp - 0x61dc] +mov eax, dword [ebp - 0x61e0] push dword [ebp - 0x6204] push esi call dword [eax + 5] ; ucall add esp, 0x10 mov al, 0 -cmp byte [ebp - 0x61e9], 1 +cmp byte [ebp - 0x61ed], 1 cmove ebx, eax -loc_fffa23fe: +loc_fffa2425: mov eax, dword [ebp - 0x6200] dec eax cmp eax, 1 -jbe short loc_fffa2446 ; jbe 0xfffa2446 +jbe short loc_fffa2466 ; jbe 0xfffa2466 dec bl -jne loc_fffa2acb ; jne 0xfffa2acb -mov edx, dword [ebp - 0x61e8] +jne loc_fffa2aeb ; jne 0xfffa2aeb +mov edx, dword [ebp - 0x61ec] mov eax, dword [edx + 9] cmp byte [eax + 0x56], 0 -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb xor ecx, ecx -lea eax, [ebp - 0x5efc] -call fcn_fffb82ba ; call 0xfffb82ba +lea eax, [ebp - 0x5efd] +call fcn_fffb8de9 ; call 0xfffb8de9 test al, al -jne loc_fffa2acb ; jne 0xfffa2acb -mov dword [ebp - 0x61fc], 3 -jmp short loc_fffa24aa ; jmp 0xfffa24aa +jne loc_fffa2aeb ; jne 0xfffa2aeb +jmp near loc_fffa2b10 ; jmp 0xfffa2b10 -loc_fffa2446: -mov edx, dword [ebp - 0x61e8] +loc_fffa2466: +mov edx, dword [ebp - 0x61ec] mov eax, dword [edx + 1] mov eax, dword [eax + 4] -mov dword [ebp - 0x4637], eax +mov dword [ebp - 0x4638], eax test bl, bl -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb mov edi, dword [ebp - 0x6200] -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] mov ecx, edi -call fcn_fffb82ba ; call 0xfffb82ba +call fcn_fffb8de9 ; call 0xfffb8de9 dec al -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb dec edi mov dword [ebp - 0x61fc], 2 -jne short loc_fffa24aa ; jne 0xfffa24aa +jne short loc_fffa24ca ; jne 0xfffa24ca mov edx, 0x5d10 -lea eax, [ebp - 0x5efc] -call fcn_fffae548 ; call 0xfffae548 +lea eax, [ebp - 0x5efd] +call fcn_fffb333d ; call 0xfffb333d or edx, eax -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb mov dword [ebp - 0x61fc], 1 -loc_fffa24aa: -cmp dword [ebp - 0x4675], 0x306d0 -jne short loc_fffa24de ; jne 0xfffa24de +loc_fffa24ca: +cmp dword [ebp - 0x4676], 0x306d0 +jne short loc_fffa24fe ; jne 0xfffa24fe mov eax, dword [0xff7d0084] sub esp, 0xc mov eax, dword [eax + 0x14] add eax, 8 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 and eax, 0xf cmp eax, 7 -ja short loc_fffa24de ; ja 0xfffa24de -mov byte [ebp - 0x460f], 1 -jmp short loc_fffa24e5 ; jmp 0xfffa24e5 +ja short loc_fffa24fe ; ja 0xfffa24fe +mov byte [ebp - 0x4610], 1 +jmp short loc_fffa2505 ; jmp 0xfffa2505 -loc_fffa24de: -mov byte [ebp - 0x460f], 0 +loc_fffa24fe: +mov byte [ebp - 0x4610], 0 -loc_fffa24e5: -mov bl, byte [ebp - 0x460f] -call fcn_fffab5f3 ; call 0xfffab5f3 +loc_fffa2505: +mov bl, byte [ebp - 0x4610] +call fcn_fffb059d ; call 0xfffb059d push edi push edi push eax -push ref_fffd65d0 ; push 0xfffd65d0 -call fcn_fffc5551 ; call 0xfffc5551 +push ref_fffd68cc ; push 0xfffd68cc +call fcn_fffc5baf ; call 0xfffc5baf add esp, 0x10 test eax, eax -je short loc_fffa2520 ; je 0xfffa2520 +je short loc_fffa2540 ; je 0xfffa2540 movzx edi, byte [eax + 0x19] xor edx, edx cmp byte [eax + 0x18], 1 @@ -2538,59 +2547,59 @@ cmove edx, edi cmp byte [eax + 0x20], 1 cmove edx, ecx add ecx, edi -jmp short loc_fffa2524 ; jmp 0xfffa2524 +jmp short loc_fffa2544 ; jmp 0xfffa2544 -loc_fffa2520: +loc_fffa2540: xor edx, edx xor ecx, ecx -loc_fffa2524: +loc_fffa2544: cmp bl, 1 sbb cl, 0xff test cl, cl -je short loc_fffa253d ; je 0xfffa253d +je short loc_fffa255d ; je 0xfffa255d movzx ecx, cl -mov dword [ebp - 0x4617], ecx -mov dword [ebp - 0x4613], edx +mov dword [ebp - 0x4618], ecx +mov dword [ebp - 0x4614], edx -loc_fffa253d: +loc_fffa255d: push ebx mov edx, dword [ebp - 0x61fc] -push dword [ebp - 0x3aea] -push dword [ebp - 0x61e8] -mov eax, dword [ebp - 0x61e0] -lea ecx, [ebp - 0x5efc] +push dword [ebp - 0x3aeb] +push dword [ebp - 0x61ec] +mov eax, dword [ebp - 0x61e4] +lea ecx, [ebp - 0x5efd] push esi -call fcn_fffab673 ; call 0xfffab673 +call fcn_fffb0688 ; call 0xfffb0688 add esp, 0x10 -mov dword [ebp - 0x4627], 0 -mov dword [ebp - 0x4651], eax -mov eax, dword [ebp - 0x61d0] +mov dword [ebp - 0x4628], 0 +mov dword [ebp - 0x4652], eax +mov eax, dword [ebp - 0x61d4] test eax, eax -je short loc_fffa259e ; je 0xfffa259e -cmp dword [ebp - 0x61e0], 0x11 -je short loc_fffa259e ; je 0xfffa259e +je short loc_fffa25be ; je 0xfffa25be +cmp dword [ebp - 0x61e4], 0x11 +je short loc_fffa25be ; je 0xfffa25be sub esp, 0xc push eax call dword [eax + 1] ; ucall add esp, 0x10 cmp eax, 2 -jne short loc_fffa259e ; jne 0xfffa259e -mov byte [ebp - 0x3af5], 1 +jne short loc_fffa25be ; jne 0xfffa25be +mov byte [ebp - 0x3af6], 1 -loc_fffa259e: +loc_fffa25be: push ecx -mov eax, dword [ebp - 0x61dc] +mov eax, dword [ebp - 0x61e0] push ecx push dword [ebp - 0x6204] push esi call dword [eax + 1] ; ucall add esp, 0x10 -mov dword [ebp - 0x4627], eax +mov dword [ebp - 0x4628], eax -loc_fffa25b9: -cmp dword [ebp - 0x4651], 0 -jne short loc_fffa2623 ; jne 0xfffa2623 +loc_fffa25d9: +cmp dword [ebp - 0x4652], 0 +jne short loc_fffa2643 ; jne 0xfffa2643 mov ebx, dword [ebp - 0x3ab9] push 0xa0 push 0 @@ -2599,15 +2608,15 @@ push 0 call dword [ebx + 0x48] ; ucall mov edi, eax pop eax -movzx eax, word [ebp - 0x3ae5] +movzx eax, word [ebp - 0x3ae6] pop edx push edi push eax call dword [ebx + 0x14] ; ucall -movzx eax, word [ebp - 0x3ae3] +movzx eax, word [ebp - 0x3ae4] mov dword [esp], eax call dword [ebx + 8] ; ucall -movzx edx, word [ebp - 0x3ae5] +movzx edx, word [ebp - 0x3ae6] pop ecx mov dword [ebp - 0x6208], eax pop eax @@ -2619,22 +2628,22 @@ mov eax, dword [ebp - 0x6208] pop edx and eax, 0xff7f0000 push eax -movzx eax, word [ebp - 0x3ae3] +movzx eax, word [ebp - 0x3ae4] push eax call dword [ebx + 0x14] ; ucall add esp, 0x10 -loc_fffa2623: +loc_fffa2643: mov eax, dword [ebp - 0x3ab9] mov ebx, 1 push edi push 4 mov ecx, eax mov dword [ebp - 0x620c], eax -mov eax, dword [ebp - 0x4651] +mov eax, dword [ebp - 0x4652] mov dword [ebp - 0x2814], eax -mov eax, dword [ebp - 0x4671] -lea eax, [eax*4 + ref_fffd3230] ; lea eax, [eax*4 - 0x2cdd0] +mov eax, dword [ebp - 0x4672] +lea eax, [eax*4 + ref_fffd3520] ; lea eax, [eax*4 - 0x2cae0] push eax lea eax, [ebp - 0x282d] push eax @@ -2644,72 +2653,72 @@ add esp, 0x10 mov dl, 1 mov word [ebp - 0x6208], 0 -loc_fffa266d: +loc_fffa268d: mov eax, dword [ebp - 0x6208] -cmp ax, 0x40 +cmp ax, 0x41 lea ecx, [eax - 0x2300] setbe al mov word [ebp - 0x620e], cx test al, dl -je loc_fffa2795 ; je 0xfffa2795 +je loc_fffa27b5 ; je 0xfffa27b5 movzx eax, word [ebp - 0x6208] mov dl, 1 imul eax, eax, 0xc -cmp dword [eax + ref_fffd5c10], 0 ; cmp dword [eax - 0x2a3f0], 0 +cmp dword [eax + ref_fffd55c8], 0 ; cmp dword [eax - 0x2aa38], 0 mov dword [ebp - 0x6214], eax -lea edi, [eax + ref_fffd5c10] ; lea edi, [eax - 0x2a3f0] -je loc_fffa2789 ; je 0xfffa2789 +lea edi, [eax + ref_fffd55c8] ; lea edi, [eax - 0x2aa38] +je loc_fffa27a9 ; je 0xfffa27a9 mov al, byte [edi + 0xb] -cmp byte [ebp - 0x465e], al -jae loc_fffa2789 ; jae 0xfffa2789 -mov eax, dword [ebp - 0x465d] +cmp byte [ebp - 0x465f], al +jae loc_fffa27a9 ; jae 0xfffa27a9 +mov eax, dword [ebp - 0x465e] test eax, eax -jne short loc_fffa26d3 ; jne 0xfffa26d3 +jne short loc_fffa26f3 ; jne 0xfffa26f3 test byte [edi + 0xa], 0x10 -jmp short loc_fffa26de ; jmp 0xfffa26de +jmp short loc_fffa26fe ; jmp 0xfffa26fe -loc_fffa26d3: +loc_fffa26f3: dec eax -jne loc_fffa2789 ; jne 0xfffa2789 +jne loc_fffa27a9 ; jne 0xfffa27a9 test byte [edi + 0xa], 0x20 -loc_fffa26de: -je loc_fffa2789 ; je 0xfffa2789 +loc_fffa26fe: +je loc_fffa27a9 ; je 0xfffa27a9 mov eax, dword [ebp - 0x2814] cmp eax, 2 -jne short loc_fffa26f5 ; jne 0xfffa26f5 +jne short loc_fffa2715 ; jne 0xfffa2715 test byte [edi + 0xa], 8 -jmp short loc_fffa2709 ; jmp 0xfffa2709 +jmp short loc_fffa2729 ; jmp 0xfffa2729 -loc_fffa26f5: +loc_fffa2715: cmp eax, 3 -jne short loc_fffa2700 ; jne 0xfffa2700 +jne short loc_fffa2720 ; jne 0xfffa2720 test byte [edi + 0xa], 2 -jmp short loc_fffa2709 ; jmp 0xfffa2709 +jmp short loc_fffa2729 ; jmp 0xfffa2729 -loc_fffa2700: +loc_fffa2720: cmp eax, 1 -jne short loc_fffa270f ; jne 0xfffa270f +jne short loc_fffa272f ; jne 0xfffa272f test byte [edi + 0xa], 4 -loc_fffa2709: -jne short loc_fffa271b ; jne 0xfffa271b +loc_fffa2729: +jne short loc_fffa273b ; jne 0xfffa273b mov dl, 1 -jmp short loc_fffa2789 ; jmp 0xfffa2789 +jmp short loc_fffa27a9 ; jmp 0xfffa27a9 -loc_fffa270f: +loc_fffa272f: mov dl, 1 test eax, eax -jne short loc_fffa2789 ; jne 0xfffa2789 +jne short loc_fffa27a9 ; jne 0xfffa27a9 test byte [edi + 0xa], 1 -je short loc_fffa2789 ; je 0xfffa2789 +je short loc_fffa27a9 ; je 0xfffa27a9 -loc_fffa271b: +loc_fffa273b: mov edx, dword [edi + 6] cmp edx, 0x44 -jbe short loc_fffa2776 ; jbe 0xfffa2776 +jbe short loc_fffa2796 ; jbe 0xfffa2796 -loc_fffa2723: +loc_fffa2743: mov eax, dword [edi + 4] mov edi, dword [ebp - 0x620c] push ebx @@ -2718,116 +2727,116 @@ cmp ax, 0xffff cmove ax, word [ebp - 0x620e] movzx eax, ax push eax -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax call dword [edi + 0x94] ; ucall mov eax, edi call dword [eax + 0x54] ; ucall -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] mov dword [esp], eax mov eax, dword [ebp - 0x6214] -call dword [eax + ref_fffd5c10] ; ucall: call dword [eax - 0x2a3f0] +call dword [eax + ref_fffd55c8] ; ucall: call dword [eax - 0x2aa38] mov ebx, eax mov eax, edi call dword [eax + 0x54] ; ucall add esp, 0x10 test ebx, ebx sete dl -jmp short loc_fffa2789 ; jmp 0xfffa2789 +jmp short loc_fffa27a9 ; jmp 0xfffa27a9 -loc_fffa2776: +loc_fffa2796: xor ecx, ecx -lea eax, [ebp - 0x5efc] -call fcn_fffc3c0d ; call 0xfffc3c0d +lea eax, [ebp - 0x5efd] +call fcn_fffc3b02 ; call 0xfffc3b02 mov dl, 1 test eax, eax -je short loc_fffa2723 ; je 0xfffa2723 +je short loc_fffa2743 ; je 0xfffa2743 -loc_fffa2789: +loc_fffa27a9: inc word [ebp - 0x6208] -jmp near loc_fffa266d ; jmp 0xfffa266d +jmp near loc_fffa268d ; jmp 0xfffa268d -loc_fffa2795: +loc_fffa27b5: push ecx push ecx push ebx -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60cb] ; ucall +call dword [ebp - 0x60cc] ; ucall add esp, 0x10 cmp ebx, 0x17 -je loc_fffa28a9 ; je 0xfffa28a9 -ja short loc_fffa27c5 ; ja 0xfffa27c5 +je loc_fffa28c9 ; je 0xfffa28c9 +ja short loc_fffa27e5 ; ja 0xfffa27e5 test ebx, ebx -je loc_fffa2920 ; je 0xfffa2920 +je loc_fffa2940 ; je 0xfffa2940 cmp ebx, 0x16 -je short loc_fffa2832 ; je 0xfffa2832 -jmp near loc_fffa28f7 ; jmp 0xfffa28f7 +je short loc_fffa2852 ; je 0xfffa2852 +jmp near loc_fffa2917 ; jmp 0xfffa2917 -loc_fffa27c5: +loc_fffa27e5: cmp ebx, 0x18 -je loc_fffa2863 ; je 0xfffa2863 +je loc_fffa2883 ; je 0xfffa2883 cmp ebx, 0x1c -jne loc_fffa28f7 ; jne 0xfffa28f7 +jne loc_fffa2917 ; jne 0xfffa2917 push eax push eax push 0x3a91 lea eax, [ebp - 0x3ab1] push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f pop eax pop edx -lea eax, [ebp - 0x60c7] +lea eax, [ebp - 0x60c8] push 0x1cb push eax -call fcn_fffac673 ; call 0xfffac673 -lea eax, [ebp - 0x61c0] +call fcn_fffb067f ; call 0xfffb067f +lea eax, [ebp - 0x61c1] add esp, 0x10 mov dword [ebp - 0x3ab1], 0x3a91 -mov dword [ebp - 0x60c7], 0x1cb -mov dword [ebp - 0x60c3], eax +mov dword [ebp - 0x60c8], 0x1cb +mov dword [ebp - 0x60c4], eax mov byte [ebp - 0x3a6d], 1 -inc byte [ebp - 0x465e] -jmp near loc_fffa2920 ; jmp 0xfffa2920 +inc byte [ebp - 0x465f] +jmp near loc_fffa2940 ; jmp 0xfffa2940 -loc_fffa2832: +loc_fffa2852: sub esp, 0xc push 0 -lea ecx, [ebp - 0x61ea] -lea edx, [ebp - 0x61d4] -lea eax, [ebp - 0x5efc] -call fcn_fffa77b4 ; call 0xfffa77b4 +lea ecx, [ebp - 0x61ee] +lea edx, [ebp - 0x61d8] +lea eax, [ebp - 0x5efd] +call fcn_fffa7762 ; call 0xfffa7762 mov al, byte [ebp - 0x2815] add esp, 0x10 -cmp byte [ebp - 0x61ea], al -jae loc_fffa28f7 ; jae 0xfffa28f7 +cmp byte [ebp - 0x61ee], al +jae loc_fffa2917 ; jae 0xfffa2917 -loc_fffa2863: -cmp dword [ebp - 0x4651], 3 -jne short loc_fffa2898 ; jne 0xfffa2898 +loc_fffa2883: +cmp dword [ebp - 0x4652], 3 +jne short loc_fffa28b8 ; jne 0xfffa28b8 push eax -mov eax, dword [ebp - 0x61e0] +mov eax, dword [ebp - 0x61e4] xor edx, edx -push dword [ebp - 0x3aea] -push dword [ebp - 0x61e8] -lea ecx, [ebp - 0x5efc] +push dword [ebp - 0x3aeb] +push dword [ebp - 0x61ec] +lea ecx, [ebp - 0x5efd] push esi -call fcn_fffab673 ; call 0xfffab673 +call fcn_fffb0688 ; call 0xfffb0688 add esp, 0x10 -mov dword [ebp - 0x4651], eax -jmp short loc_fffa28a2 ; jmp 0xfffa28a2 +mov dword [ebp - 0x4652], eax +jmp short loc_fffa28c2 ; jmp 0xfffa28c2 -loc_fffa2898: -mov dword [ebp - 0x4651], 0 +loc_fffa28b8: +mov dword [ebp - 0x4652], 0 -loc_fffa28a2: +loc_fffa28c2: mov ebx, 0x18 -jmp short loc_fffa2920 ; jmp 0xfffa2920 +jmp short loc_fffa2940 ; jmp 0xfffa2940 -loc_fffa28a9: +loc_fffa28c9: sub esp, 0xc -mov eax, dword [ebp - 0x61dc] -push dword [ebp - 0x4627] +mov eax, dword [ebp - 0x61e0] +push dword [ebp - 0x4628] push dword [ebp - 0x27cb] push 1 push dword [ebp - 0x6204] @@ -2835,9 +2844,9 @@ push esi call dword [eax + 9] ; ucall add esp, 0x18 push 0xddfe -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60df] ; ucall +call dword [ebp - 0x60e0] ; ucall mov eax, dword [esi] pop ebx pop edi @@ -2850,11 +2859,11 @@ push esi call dword [eax + 0x58] ; ucall add esp, 0x20 -loc_fffa28f7: +loc_fffa2917: sub esp, 0xc -mov ebx, dword [ebp - 0x6167] +mov ebx, dword [ebp - 0x6168] push 0x80 -call dword [ebp - 0x6173] ; ucall +call dword [ebp - 0x6174] ; ucall pop edx pop ecx or eax, 0xffffff80 @@ -2862,201 +2871,205 @@ movzx eax, al push eax push 0x80 call ebx -jmp near loc_fffa2b04 ; jmp 0xfffa2b04 +jmp near loc_fffa2b33 ; jmp 0xfffa2b33 -loc_fffa2920: +loc_fffa2940: and ebx, 0xfffffffb cmp ebx, 0x18 -je loc_fffa25b9 ; je 0xfffa25b9 -mov eax, dword [ebp - 0x61d0] +je loc_fffa25d9 ; je 0xfffa25d9 +mov eax, dword [ebp - 0x61d4] test eax, eax -jne short loc_fffa293a ; jne 0xfffa293a +jne short loc_fffa295a ; jne 0xfffa295a -loc_fffa2936: +loc_fffa2956: xor edi, edi -jmp short loc_fffa294d ; jmp 0xfffa294d +jmp short loc_fffa296d ; jmp 0xfffa296d -loc_fffa293a: +loc_fffa295a: sub esp, 0xc push eax call dword [eax + 1] ; ucall add esp, 0x10 test eax, eax -je short loc_fffa2936 ; je 0xfffa2936 +je short loc_fffa2956 ; je 0xfffa2956 mov edi, 0xffffff80 -loc_fffa294d: +loc_fffa296d: cmp dword [ebp - 0x61fc], 0 sete bl cmp byte [ebp - 0x6200], 1 sete al test bl, al -je short loc_fffa296b ; je 0xfffa296b +je short loc_fffa298b ; je 0xfffa298b and edi, 0xfffffff0 or edi, 3 -loc_fffa296b: -cmp dword [ebp - 0x4627], 0x20 -ja short loc_fffa29b8 ; ja 0xfffa29b8 +loc_fffa298b: +cmp dword [ebp - 0x4628], 0x20 +ja short loc_fffa29d8 ; ja 0xfffa29d8 mov eax, dword [0xff7d0084] sub esp, 0xc mov eax, dword [eax + 0x14] add eax, 0xb0010 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 inc eax -je short loc_fffa29b8 ; je 0xfffa29b8 +je short loc_fffa29d8 ; je 0xfffa29d8 sub esp, 0xc mov eax, edi -push dword [ebp - 0x4627] +push dword [ebp - 0x4628] movzx edi, al push dword [ebp - 0x27cb] -mov eax, dword [ebp - 0x61dc] +mov eax, dword [ebp - 0x61e0] push edi push dword [ebp - 0x6204] push esi call dword [eax + 9] ; ucall add esp, 0x20 -loc_fffa29b8: -mov eax, dword [ebp - 0x61d0] +loc_fffa29d8: +mov eax, dword [ebp - 0x61d4] test eax, eax -je short loc_fffa2a0d ; je 0xfffa2a0d -mov edx, dword [ebp - 0x61e8] +je short loc_fffa2a2d ; je 0xfffa2a2d +mov edx, dword [ebp - 0x61ec] mov edx, dword [edx + 9] cmp byte [edx + 0x56], 0 -je short loc_fffa2a0d ; je 0xfffa2a0d +je short loc_fffa2a2d ; je 0xfffa2a2d sub esp, 0xc push eax call dword [eax + 1] ; ucall add esp, 0x10 cmp eax, 2 -jne short loc_fffa2a0d ; jne 0xfffa2a0d -cmp dword [ebp - 0x4651], 3 -je short loc_fffa2a0d ; je 0xfffa2a0d -lea eax, [ebp - 0x61d8] +jne short loc_fffa2a2d ; jne 0xfffa2a2d +cmp dword [ebp - 0x4652], 3 +je short loc_fffa2a2d ; je 0xfffa2a2d +lea eax, [ebp - 0x61dc] push eax push 0 push 0 -push ref_fffd65a0 ; push 0xfffd65a0 -call fcn_fffab40f ; call 0xfffab40f -mov eax, dword [ebp - 0x61d8] +push ref_fffd689c ; push 0xfffd689c +call fcn_fffb020b ; call 0xfffb020b +mov eax, dword [ebp - 0x61dc] pop ecx pop edi push 3 push eax call dword [eax] ; ucall -jmp short loc_fffa2a24 ; jmp 0xfffa2a24 +jmp short loc_fffa2a44 ; jmp 0xfffa2a44 -loc_fffa2a0d: -mov eax, dword [ebp - 0x61d0] +loc_fffa2a2d: +mov eax, dword [ebp - 0x61d4] test eax, eax -je short loc_fffa2a27 ; je 0xfffa2a27 +je short loc_fffa2a47 ; je 0xfffa2a47 push edx push edx -lea edx, [ebp - 0x61e0] +lea edx, [ebp - 0x61e4] push edx push eax call dword [eax + 5] ; ucall -loc_fffa2a24: +loc_fffa2a44: add esp, 0x10 -loc_fffa2a27: -cmp dword [ebp - 0x61e0], 0x11 -je short loc_fffa2aa6 ; je 0xfffa2aa6 +loc_fffa2a47: +cmp dword [ebp - 0x61e4], 0x11 +je short loc_fffa2ac6 ; je 0xfffa2ac6 cmp dword [ebp - 0x61fc], 3 sete al or al, bl -je short loc_fffa2a68 ; je 0xfffa2a68 +je short loc_fffa2a88 ; je 0xfffa2a88 xor eax, eax -loc_fffa2a40: +loc_fffa2a60: cmp eax, 0x1000 -je short loc_fffa2a4c ; je 0xfffa2a4c +je short loc_fffa2a6c ; je 0xfffa2a6c mov byte [eax], al inc eax -jmp short loc_fffa2a40 ; jmp 0xfffa2a40 +jmp short loc_fffa2a60 ; jmp 0xfffa2a60 -loc_fffa2a4c: +loc_fffa2a6c: mov edx, 0x14 -loc_fffa2a51: +loc_fffa2a71: xor eax, eax -loc_fffa2a53: +loc_fffa2a73: cmp eax, 0x1000 -je short loc_fffa2a65 ; je 0xfffa2a65 +je short loc_fffa2a85 ; je 0xfffa2a85 cmp byte [eax], al -jne loc_fffa2af0 ; jne 0xfffa2af0 +jne loc_fffa2b1f ; jne 0xfffa2b1f inc eax -jmp short loc_fffa2a53 ; jmp 0xfffa2a53 +jmp short loc_fffa2a73 ; jmp 0xfffa2a73 -loc_fffa2a65: +loc_fffa2a85: dec edx -jne short loc_fffa2a51 ; jne 0xfffa2a51 +jne short loc_fffa2a71 ; jne 0xfffa2a71 -loc_fffa2a68: +loc_fffa2a88: push ebx mov eax, dword [esi] -mov esi, dword [ebp - 0x61e4] -lea edx, [ebp - 0x5efc] -push 0x5ee4 +mov esi, dword [ebp - 0x61e8] +lea edx, [ebp - 0x5efd] +push 0x5ee5 push edx lea edx, [esi + 0x18] push edx mov dword [ebp - 0x3a9d], 0 call dword [eax + 0x50] ; ucall -mov eax, dword [ebp - 0x61e4] +mov eax, dword [ebp - 0x61e8] pop esi pop edi -add eax, 0x5efc +add eax, 0x5efd push 1 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f add esp, 0x10 -loc_fffa2aa6: +loc_fffa2ac6: push ecx push ecx push 0x55 -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60df] ; ucall +call dword [ebp - 0x60e0] ; ucall add esp, 0x10 xor eax, eax -jmp short loc_fffa2b0c ; jmp 0xfffa2b0c +jmp short loc_fffa2b3b ; jmp 0xfffa2b3b -loc_fffa2abe: +loc_fffa2ade: test al, 1 -je loc_fffa21cf ; je 0xfffa21cf -jmp near loc_fffa21bc ; jmp 0xfffa21bc +je loc_fffa21f6 ; je 0xfffa21f6 +jmp near loc_fffa21e3 ; jmp 0xfffa21e3 -loc_fffa2acb: +loc_fffa2aeb: push edx push edx push 0x1866 -lea eax, [ebp - 0x5ef4] +lea eax, [ebp - 0x5ef5] push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f add esp, 0x10 mov dword [ebp - 0x61fc], 0 -jmp near loc_fffa24aa ; jmp 0xfffa24aa +jmp near loc_fffa24ca ; jmp 0xfffa24ca -loc_fffa2af0: +loc_fffa2b10: +mov dword [ebp - 0x61fc], 3 +jmp near loc_fffa24ca ; jmp 0xfffa24ca + +loc_fffa2b1f: push eax push eax push 0xd5 -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60df] ; ucall +call dword [ebp - 0x60e0] ; ucall -loc_fffa2b04: +loc_fffa2b33: add esp, 0x10 mov eax, 0x80000007 -loc_fffa2b0c: +loc_fffa2b3b: lea esp, [ebp - 0xc] pop ebx pop esi @@ -3064,20 +3077,20 @@ pop edi pop ebp ret -fcn_fffa2b14: ; not directly referenced +fcn_fffa2b43: ; not directly referenced push ebp mov ecx, 9 mov ebp, esp push edi push esi -mov esi, ref_fffd3290 ; mov esi, 0xfffd3290 +mov esi, ref_fffd3580 ; mov esi, 0xfffd3580 push ebx sub esp, 0x100 mov eax, dword [ebp + 8] lea edi, [ebp - 0x31] mov byte [ebp - 0x45], 0x40 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov byte [ebp - 0x44], 0x60 mov byte [ebp - 0x43], 0x40 mov byte [ebp - 0x42], 0x40 @@ -3086,7 +3099,7 @@ mov eax, dword [ebp + 8] mov byte [ebp - 0x41], 0x40 mov byte [ebp - 0x40], 0x19 mov byte [ebp - 0x3f], 0x32 -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] mov eax, dword [eax + 0x18a7] mov byte [ebp - 0x3e], 0x14 mov byte [ebp - 0x3d], 0x14 @@ -3117,11 +3130,11 @@ mov dword [ebp - 0xe8], eax mov eax, dword [ebp + 8] mov eax, dword [eax + 0x188b] mov dword [ebp - 0x80], eax -mov eax, dword [ecx + esi*4 + 0x3735] +mov eax, dword [ecx + esi*4 + 0x3736] mov dword [ebp - 0x7c], eax movzx eax, byte [ecx + 0x2409] mov dword [ebp - 0x90], eax -mov al, byte [ecx + 0x3748] +mov al, byte [ecx + 0x3749] push 0 push 2 mov byte [ebp - 0xec], al @@ -3143,7 +3156,7 @@ lea eax, [ebp - 0x49] push eax call dword [ebx + 0x58] ; ucall mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] mov esi, dword [ebx + 0x14] push 0 push 0 @@ -3161,9 +3174,9 @@ movzx eax, word [eax + 0x2419] mov dword [esp], eax call dword [ebx + 8] ; ucall mov esi, dword [ebp + 8] -mov ebx, dword [esi + 0x2443] +mov ebx, dword [esi + 0x2444] shr eax, 0x10 -mov word [esi + 0x3752], ax +mov word [esi + 0x3753], ax mov esi, dword [ebx + 0x14] push 8 push 0 @@ -3185,96 +3198,96 @@ add esp, 0x10 cmp edi, 0x40660 sete dl cmp edi, 0x306c0 -mov byte [esi + 0x3754], al +mov byte [esi + 0x3755], al sete al or dl, al mov byte [ebp - 0x82], dl -je short loc_fffa2d11 ; je 0xfffa2d11 +je short loc_fffa2d40 ; je 0xfffa2d40 -loc_fffa2ccd: ; not directly referenced +loc_fffa2cfc: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffa2d03 ; jne 0xfffa2d03 +cmp dword [eax + 0x3757], 2 +jne short loc_fffa2d32 ; jne 0xfffa2d32 imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -lea eax, [edi + eax + 0x3756] +lea eax, [edi + eax + 0x3757] mov cx, word [eax + 0xa] movzx ebx, word [eax + 0xc] movzx edx, cx sub edx, ebx cmp edx, 4 -jle short loc_fffa2d03 ; jle 0xfffa2d03 +jle short loc_fffa2d32 ; jle 0xfffa2d32 sub ecx, 4 mov word [eax + 0xc], cx -loc_fffa2d03: ; not directly referenced +loc_fffa2d32: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -je short loc_fffa2d32 ; je 0xfffa2d32 -jmp short loc_fffa2d1d ; jmp 0xfffa2d1d +cmp dword [eax + 0x4b1a], 2 +je short loc_fffa2d61 ; je 0xfffa2d61 +jmp short loc_fffa2d4c ; jmp 0xfffa2d4c -loc_fffa2d11: ; not directly referenced +loc_fffa2d40: ; not directly referenced cmp dword [ebp - 0x8c], 0x40670 -je short loc_fffa2ccd ; je 0xfffa2ccd +je short loc_fffa2cfc ; je 0xfffa2cfc -loc_fffa2d1d: ; not directly referenced +loc_fffa2d4c: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3c -call fcn_fffc3c0d ; call 0xfffc3c0d +call fcn_fffc3b02 ; call 0xfffc3b02 test eax, eax -je short loc_fffa2d5e ; je 0xfffa2d5e -jmp short loc_fffa2dab ; jmp 0xfffa2dab +je short loc_fffa2d8d ; je 0xfffa2d8d +jmp short loc_fffa2dda ; jmp 0xfffa2dda -loc_fffa2d32: ; not directly referenced +loc_fffa2d61: ; not directly referenced imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -lea eax, [edi + eax + 0x4b19] +lea eax, [edi + eax + 0x4b1a] mov cx, word [eax + 0xa] movzx ebx, word [eax + 0xc] movzx edx, cx sub edx, ebx cmp edx, 4 -jle short loc_fffa2d1d ; jle 0xfffa2d1d +jle short loc_fffa2d4c ; jle 0xfffa2d4c sub ecx, 4 mov word [eax + 0xc], cx -jmp short loc_fffa2d1d ; jmp 0xfffa2d1d +jmp short loc_fffa2d4c ; jmp 0xfffa2d4c -loc_fffa2d5e: ; not directly referenced +loc_fffa2d8d: ; not directly referenced mov eax, dword [ebp + 8] sub esp, 0xc lea ecx, [ebp - 0x5b] lea edx, [ebp - 0x28] -mov edi, dword [eax + 0x2443] +mov edi, dword [eax + 0x2444] lea eax, [ebp - 0x58] push eax mov eax, dword [ebp + 8] -call fcn_fffa77b4 ; call 0xfffa77b4 +call fcn_fffa7762 ; call 0xfffa7762 add esp, 0x10 test eax, eax -je loc_fffa2e3d ; je 0xfffa2e3d +je loc_fffa2e6c ; je 0xfffa2e6c mov edi, dword [ebp + 8] -mov dword [edi + 0x36d7], eax +mov dword [edi + 0x36d8], eax mov eax, dword [ebp - 0x28] -mov dword [edi + 0x36df], eax +mov dword [edi + 0x36e0], eax mov eax, dword [ebp - 0x58] -mov dword [edi + 0x36e3], eax +mov dword [edi + 0x36e4], eax mov al, byte [ebp - 0x5b] -mov byte [edi + 0x36e7], al +mov byte [edi + 0x36e8], al -loc_fffa2dab: ; not directly referenced +loc_fffa2dda: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3d -call fcn_fffc3c0d ; call 0xfffc3c0d +call fcn_fffc3b02 ; call 0xfffc3b02 mov eax, dword [ebp + 8] xor edx, edx mov ecx, 0x7d0 mov edi, dword [ebp + 8] -mov eax, dword [eax + 0x36df] +mov eax, dword [eax + 0x36e0] div ecx -mov word [edi + 0x2489], ax -mov eax, dword [edi + 0x2480] +mov word [edi + 0x248a], ax +mov eax, dword [edi + 0x2481] cmp eax, 3 sete bl cmp eax, 2 @@ -3293,68 +3306,68 @@ sete al mov byte [ebp - 0x6c], al or al, bl mov byte [ebp - 0x84], al -jne loc_fffa2fd2 ; jne 0xfffa2fd2 +jne loc_fffa3001 ; jne 0xfffa3001 mov dword [ebp - 0x98], 0 -jmp near loc_fffa303e ; jmp 0xfffa303e +jmp near loc_fffa306d ; jmp 0xfffa306d -loc_fffa2e3d: ; not directly referenced +loc_fffa2e6c: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x36e8], 0 -jne loc_fffa2f5a ; jne 0xfffa2f5a +cmp dword [eax + 0x36e9], 0 +jne loc_fffa2f89 ; jne 0xfffa2f89 cmp dword [eax + 0x18a7], 1 -jne short loc_fffa2e6e ; jne 0xfffa2e6e +jne short loc_fffa2e9d ; jne 0xfffa2e9d mov al, byte [eax + 0x1876] test al, al -je short loc_fffa2e6e ; je 0xfffa2e6e +je short loc_fffa2e9d ; je 0xfffa2e9d mov esi, dword [ebp + 8] -mov byte [esi + 0x36e7], al -jmp near loc_fffa2f5a ; jmp 0xfffa2f5a +mov byte [esi + 0x36e8], al +jmp near loc_fffa2f89 ; jmp 0xfffa2f89 -loc_fffa2e6e: ; not directly referenced +loc_fffa2e9d: ; not directly referenced mov esi, dword [ebp + 8] mov eax, dword [ebp + 8] mov dword [ebp - 0x74], 0x3e8 -mov esi, dword [esi + 0x36d7] +mov esi, dword [esi + 0x36d8] mov eax, dword [eax + 0x187b] mov dword [ebp - 0x6c], esi mov esi, dword [ebp + 8] -mov ecx, dword [esi + 0x5edc] -mov esi, dword [esi + 0x2443] +mov ecx, dword [esi + 0x5edd] +mov esi, dword [esi + 0x2444] test eax, eax -je short loc_fffa2ea9 ; je 0xfffa2ea9 +je short loc_fffa2ed8 ; je 0xfffa2ed8 mov ebx, 0x186a0 xor edx, edx div ebx mov dword [ebp - 0x74], eax -loc_fffa2ea9: ; not directly referenced +loc_fffa2ed8: ; not directly referenced mov eax, dword [ebp + 8] cmp dword [eax + 0x1887], 0x306d0 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 cmp dword [eax + 0x1883], 4 -jbe short loc_fffa2f03 ; jbe 0xfffa2f03 +jbe short loc_fffa2f32 ; jbe 0xfffa2f32 cmp byte [eax + 0x2442], 1 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 cmp dword [eax + 0x1877], 2 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 cmp dword [ebp - 0x6c], 0x640 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 mov eax, dword [ecx + 0x1c6] test eax, eax -je short loc_fffa2f03 ; je 0xfffa2f03 +je short loc_fffa2f32 ; je 0xfffa2f32 cmp byte [ecx + 0x1ca], 0 -jne short loc_fffa2ef6 ; jne 0xfffa2ef6 +jne short loc_fffa2f25 ; jne 0xfffa2f25 cmp eax, 0x63f -jbe short loc_fffa2f03 ; jbe 0xfffa2f03 +jbe short loc_fffa2f32 ; jbe 0xfffa2f32 -loc_fffa2ef6: ; not directly referenced +loc_fffa2f25: ; not directly referenced mov eax, dword [ebp + 8] -mov dword [eax + 0x36e3], 1 +mov dword [eax + 0x36e4], 1 -loc_fffa2f03: ; not directly referenced +loc_fffa2f32: ; not directly referenced mov eax, dword [ebp + 8] mov ebx, 0x30d40 -cmp dword [eax + 0x36e3], 1 +cmp dword [eax + 0x36e4], 1 mov eax, 0x411ab cmovne ebx, eax xor edx, edx @@ -3379,24 +3392,24 @@ mov esi, dword [ebp + 8] add esp, 0x20 add eax, 0x1f4 div ecx -mov byte [esi + 0x36e7], al +mov byte [esi + 0x36e8], al -loc_fffa2f5a: ; not directly referenced +loc_fffa2f89: ; not directly referenced mov eax, dword [ebp + 8] -mov bl, byte [eax + 0x36e7] +mov bl, byte [eax + 0x36e8] lea eax, [ebx - 3] cmp al, 0xc -jbe short loc_fffa2f74 ; jbe 0xfffa2f74 +jbe short loc_fffa2fa3 ; jbe 0xfffa2fa3 -loc_fffa2f6a: ; not directly referenced +loc_fffa2f99: ; not directly referenced mov edx, 0x16 -jmp near loc_fffa5b40 ; jmp 0xfffa5b40 +jmp near loc_fffa5b6f ; jmp 0xfffa5b6f -loc_fffa2f74: ; not directly referenced +loc_fffa2fa3: ; not directly referenced mov eax, dword [ebp + 8] and ebx, 0xf mov edx, 0x5e00 -cmp dword [eax + 0x36e3], 0 +cmp dword [eax + 0x36e4], 0 setne al movzx eax, al shl eax, 4 @@ -3404,32 +3417,32 @@ or ebx, eax mov eax, dword [ebp + 8] or ebx, 0x80000000 mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 call dword [edi + 0x54] ; ucall lea esi, [eax + 0x2710] -loc_fffa2faa: ; not directly referenced +loc_fffa2fd9: ; not directly referenced shr ebx, 0x18 test bl, bl -jns loc_fffa5aca ; jns 0xfffa5aca +jns loc_fffa5af9 ; jns 0xfffa5af9 call dword [edi + 0x54] ; ucall cmp edx, 0 -ja short loc_fffa2f6a ; ja 0xfffa2f6a +ja short loc_fffa2f99 ; ja 0xfffa2f99 cmp eax, esi -jae short loc_fffa2f6a ; jae 0xfffa2f6a +jae short loc_fffa2f99 ; jae 0xfffa2f99 mov eax, dword [ebp + 8] mov edx, 0x5e00 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ebx, eax -jmp short loc_fffa2faa ; jmp 0xfffa2faa +jmp short loc_fffa2fd9 ; jmp 0xfffa2fd9 -loc_fffa2fd2: ; not directly referenced +loc_fffa3001: ; not directly referenced xor ecx, ecx cmp dword [ebp - 0x90], 0 sete cl shl ecx, 0xa cmp dword [ebp - 0x78], 0 -je short loc_fffa300a ; je 0xfffa300a +je short loc_fffa3039 ; je 0xfffa3039 mov eax, dword [ebp + 8] or ch, 8 mov al, byte [eax + 0x240c] @@ -3441,75 +3454,75 @@ and eax, 0xf shl eax, 0x10 or ecx, edx or ecx, eax -jmp short loc_fffa301c ; jmp 0xfffa301c +jmp short loc_fffa304b ; jmp 0xfffa304b -loc_fffa300a: ; not directly referenced +loc_fffa3039: ; not directly referenced mov edi, dword [ebp - 0xe0] mov eax, ecx or eax, 0x100000 test edi, edi cmovne ecx, eax -loc_fffa301c: ; not directly referenced +loc_fffa304b: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x2008 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 xor eax, eax cmp dword [ebp - 0x8c], 0x40670 setne al mov dword [ebp - 0x98], eax -loc_fffa303e: ; not directly referenced +loc_fffa306d: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x5034 -movzx ecx, byte [eax + 0x36cf] -movzx eax, byte [eax + 0x36d0] +movzx ecx, byte [eax + 0x36d0] +movzx eax, byte [eax + 0x36d1] shl ecx, 0x18 shl eax, 0x10 or ecx, eax mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x36d2] +movzx eax, byte [eax + 0x36d3] or ecx, eax mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x36d1] +movzx eax, byte [eax + 0x36d2] shl eax, 8 or ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x7c], 0x546 -ja short loc_fffa309c ; ja 0xfffa309c +ja short loc_fffa30cb ; ja 0xfffa30cb cmp dword [ebp - 0x7c], 0x4e2 mov byte [ebp - 0x74], 0 setbe byte [ebp - 0xd8] -jmp short loc_fffa30a7 ; jmp 0xfffa30a7 +jmp short loc_fffa30d6 ; jmp 0xfffa30d6 -loc_fffa309c: ; not directly referenced +loc_fffa30cb: ; not directly referenced mov byte [ebp - 0xd8], 0 mov byte [ebp - 0x74], 1 -loc_fffa30a7: ; not directly referenced +loc_fffa30d6: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa30d0 ; je 0xfffa30d0 +je short loc_fffa30ff ; je 0xfffa30ff mov edi, dword [ebp + 8] xor eax, eax cmp byte [edi + 0x240f], 0 -je short loc_fffa30c7 ; je 0xfffa30c7 +je short loc_fffa30f6 ; je 0xfffa30f6 xor eax, eax cmp dword [ebp - 0x7c], 0x5db setbe al -loc_fffa30c7: ; not directly referenced +loc_fffa30f6: ; not directly referenced mov edi, dword [ebp - 0x70] mov byte [edi + 0x1c5], al -loc_fffa30d0: ; not directly referenced +loc_fffa30ff: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x3918 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp + 8] -mov dl, byte [edi + 0x36e7] +mov dl, byte [edi + 0x36e8] and eax, 3 -cmp dword [edi + 0x36e3], 1 +cmp dword [edi + 0x36e4], 1 sbb ecx, ecx and ecx, 0xfffffffe add ecx, 6 @@ -3521,7 +3534,7 @@ xor edx, edx test cl, cl cmovns edx, ecx cmp byte [ebp - 0x81], 0 -je short loc_fffa3132 ; je 0xfffa3132 +je short loc_fffa3161 ; je 0xfffa3161 movzx ebx, byte [ebp - 0x74] cmp dl, 2 mov cl, 2 @@ -3530,55 +3543,55 @@ movzx eax, al movsx ecx, cl lea ebx, [ebx + ebx*2] add ecx, ebx -mov al, byte [eax + ecx*4 + ref_fffd32d4] ; mov al, byte [eax + ecx*4 - 0x2cd2c] -jmp short loc_fffa314e ; jmp 0xfffa314e +mov al, byte [eax + ecx*4 + ref_fffd35c4] ; mov al, byte [eax + ecx*4 - 0x2ca3c] +jmp short loc_fffa317d ; jmp 0xfffa317d -loc_fffa3132: ; not directly referenced +loc_fffa3161: ; not directly referenced cmp byte [ebp - 0x6c], 0 -jne short loc_fffa3156 ; jne 0xfffa3156 +jne short loc_fffa3185 ; jne 0xfffa3185 movzx ecx, byte [ebp - 0x74] movsx edx, dl movzx eax, al lea ecx, [ecx + ecx*4] add edx, ecx -mov al, byte [eax + edx*4 + ref_fffd32ac] ; mov al, byte [eax + edx*4 - 0x2cd54] +mov al, byte [eax + edx*4 + ref_fffd359c] ; mov al, byte [eax + edx*4 - 0x2ca64] -loc_fffa314e: ; not directly referenced +loc_fffa317d: ; not directly referenced mov byte [ebp - 0xc8], al -jmp short loc_fffa315d ; jmp 0xfffa315d +jmp short loc_fffa318c ; jmp 0xfffa318c -loc_fffa3156: ; not directly referenced +loc_fffa3185: ; not directly referenced mov byte [ebp - 0xc8], 4 -loc_fffa315d: ; not directly referenced +loc_fffa318c: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffa317e ; jne 0xfffa317e +cmp dword [eax + 0x3757], 2 +jne short loc_fffa31ad ; jne 0xfffa31ad imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -mov ax, word [edi + eax + 0x3760] +mov ax, word [edi + eax + 0x3761] mov byte [ebp - 0x5a], al -loc_fffa317e: ; not directly referenced +loc_fffa31ad: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffa319f ; jne 0xfffa319f +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffa31ce ; jne 0xfffa31ce imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -mov ax, word [edi + eax + 0x4b23] +mov ax, word [edi + eax + 0x4b24] mov byte [ebp - 0x59], al -loc_fffa319f: ; not directly referenced +loc_fffa31ce: ; not directly referenced mov eax, dword [ebp + 8] xor esi, esi mov byte [ebp - 0x83], 0 -lea edi, [eax + 0x381a] +lea edi, [eax + 0x381b] add eax, 0x1eaa mov dword [ebp - 0xe4], eax -loc_fffa31bc: ; not directly referenced +loc_fffa31eb: ; not directly referenced cmp dword [edi - 0xc4], 2 -jne loc_fffa3346 ; jne 0xfffa3346 +jne loc_fffa3375 ; jne 0xfffa3375 cmp dword [edi - 4], 2 mov ecx, esi mov ebx, dword [ebp + 8] @@ -3586,13 +3599,13 @@ sete al add byte [ebp - 0x83], al mov eax, 1 shl eax, cl -or byte [ebx + 0x248e], al +or byte [ebx + 0x248f], al mov al, byte [edi] -or byte [ebx + 0x248d], al +or byte [ebx + 0x248e], al mov cl, byte [edi] and ecx, 0xf cmp dword [ebp - 0x78], 0 -je short loc_fffa3215 ; je 0xfffa3215 +je short loc_fffa3244 ; je 0xfffa3244 mov ebx, dword [ebp - 0xe4] xor ecx, ecx cmp byte [ebx - 1], 0 @@ -3602,47 +3615,47 @@ or eax, 2 cmp byte [ebx], 0 cmovne ecx, eax -loc_fffa3215: ; not directly referenced +loc_fffa3244: ; not directly referenced mov eax, dword [ebp + 8] lea ebx, [esi + 0x18] shl ebx, 8 mov edx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 movzx eax, byte [edi] and eax, 0xf cmp byte [ebp - 0x81], 0 mov ecx, eax -je short loc_fffa3250 ; je 0xfffa3250 +je short loc_fffa327f ; je 0xfffa327f cmp dword [ebp - 0x78], 0 -je short loc_fffa324b ; je 0xfffa324b +je short loc_fffa327a ; je 0xfffa327a mov edx, dword [ebp + 8] or ecx, 0x20 cmp byte [edx + 0x240a], 0 -jne short loc_fffa3250 ; jne 0xfffa3250 +jne short loc_fffa327f ; jne 0xfffa327f -loc_fffa324b: ; not directly referenced +loc_fffa327a: ; not directly referenced or eax, 0x30 mov ecx, eax -loc_fffa3250: ; not directly referenced +loc_fffa327f: ; not directly referenced cmp byte [ebp - 0xec], 0 sete al and al, byte [ebp - 0x6c] mov byte [ebp - 0xf4], al -je short loc_fffa3268 ; je 0xfffa3268 +je short loc_fffa3297 ; je 0xfffa3297 or ecx, 0x40 -loc_fffa3268: ; not directly referenced +loc_fffa3297: ; not directly referenced lea eax, [ebx - 0x1800] mov dword [ebp - 0xf8], eax mov eax, dword [ebp + 8] lea edx, [ebx + 0x420] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov dl, byte [edi] mov ebx, edx and ebx, 0xf cmp dword [ebp - 0x78], 0 -je loc_fffa3317 ; je 0xfffa3317 +je loc_fffa3346 ; je 0xfffa3346 mov eax, dword [ebp + 8] lea ecx, [esi*4] xor ebx, ebx @@ -3653,7 +3666,7 @@ movzx ecx, dl and eax, 0xf mov dword [ebp - 0xfc], ecx -loc_fffa32be: ; not directly referenced +loc_fffa32ed: ; not directly referenced mov cl, byte [ebp - 0xa8] mov edx, dword [ebp - 0xfc] sar edx, cl @@ -3661,29 +3674,29 @@ xor ecx, ecx mov dword [ebp - 0x94], edx and dword [ebp - 0x94], 1 -loc_fffa32db: ; not directly referenced +loc_fffa330a: ; not directly referenced mov edx, eax shr edx, cl and edx, 1 cmp edx, dword [ebp - 0xa8] -jne short loc_fffa32ff ; jne 0xfffa32ff +jne short loc_fffa332e ; jne 0xfffa332e cmp dword [ebp - 0x94], 0 -je short loc_fffa32ff ; je 0xfffa32ff +je short loc_fffa332e ; je 0xfffa332e mov edx, 1 shl edx, cl or ebx, edx and ebx, 0xf -loc_fffa32ff: ; not directly referenced +loc_fffa332e: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffa32db ; jne 0xfffa32db +jne short loc_fffa330a ; jne 0xfffa330a inc dword [ebp - 0xa8] cmp dword [ebp - 0xa8], 4 -jne short loc_fffa32be ; jne 0xfffa32be +jne short loc_fffa32ed ; jne 0xfffa32ed and ebx, 0xf -loc_fffa3317: ; not directly referenced +loc_fffa3346: ; not directly referenced mov cl, byte [ebp - 0xf4] mov eax, ebx or eax, 0x40 @@ -3694,15 +3707,15 @@ mov eax, dword [ebp + 8] add edx, 0x1220 mov ecx, ebx and ebx, 0xf -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov byte [edi + 0xfce], bl -loc_fffa3346: ; not directly referenced +loc_fffa3375: ; not directly referenced inc esi add edi, 0x13c3 add dword [ebp - 0xe4], 0x54a cmp esi, 2 -jne loc_fffa31bc ; jne 0xfffa31bc +jne loc_fffa31eb ; jne 0xfffa31eb cmp dword [ebp - 0x80], 1 mov ebx, 0x3620 sbb eax, eax @@ -3714,30 +3727,30 @@ mov eax, dword [ebp - 0xa8] and eax, 0x1f mov dword [ebp - 0xec], eax -loc_fffa3390: ; not directly referenced +loc_fffa33bf: ; not directly referenced mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x248d] +movzx eax, byte [eax + 0x248e] bt eax, edi -jb short loc_fffa33ad ; jb 0xfffa33ad +jb short loc_fffa33dc ; jb 0xfffa33dc -loc_fffa339f: ; not directly referenced +loc_fffa33ce: ; not directly referenced inc edi add ebx, 4 cmp edi, 4 -jne short loc_fffa3390 ; jne 0xfffa3390 -jmp near loc_fffa34a4 ; jmp 0xfffa34a4 +jne short loc_fffa33bf ; jne 0xfffa33bf +jmp near loc_fffa34d3 ; jmp 0xfffa34d3 -loc_fffa33ad: ; not directly referenced +loc_fffa33dc: ; not directly referenced mov ecx, dword [ebp - 0xec] lea edx, [ebx - 0x20] mov eax, dword [ebp + 8] shl ecx, 0xf or ecx, 0x2004040 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] lea edx, [ebx - 0x10] mov ecx, 0x88888888 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, ebx cmp byte [ebp - 0x6c], 1 @@ -3745,25 +3758,25 @@ sbb esi, esi and esi, 0xf00000 add esi, 0x2c08060 mov ecx, esi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] lea edx, [ebx + 0x10] mov ecx, 0x88888888 shr esi, 0x14 and esi, 0x3f -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov ecx, dword [ebp + 8] imul eax, edi, 0x12 lea edx, [edi + edi*8] mov byte [ebp - 0xe4], 2 -lea eax, [ecx + eax + 0x3756] -lea edx, [ecx + edx + 0x3756] +lea eax, [ecx + eax + 0x3757] +lea edx, [ecx + edx + 0x3757] mov dword [ebp - 0x94], eax -loc_fffa342f: ; not directly referenced +loc_fffa345e: ; not directly referenced xor eax, eax -loc_fffa3431: ; not directly referenced +loc_fffa3460: ; not directly referenced mov ecx, dword [ebp - 0x94] mov word [ecx + eax*2 + 0x169], 0x60 mov word [ecx + eax*2 + 0x121], 0x40 @@ -3777,21 +3790,21 @@ mov byte [edx + eax + 0x106e], 0x20 mov byte [edx + eax + 0x1026], cl inc eax cmp eax, 9 -jne short loc_fffa3431 ; jne 0xfffa3431 +jne short loc_fffa3460 ; jne 0xfffa3460 add dword [ebp - 0x94], 0x13c3 add edx, 0x13c3 dec byte [ebp - 0xe4] -jne short loc_fffa342f ; jne 0xfffa342f -jmp near loc_fffa339f ; jmp 0xfffa339f +jne short loc_fffa345e ; jne 0xfffa345e +jmp near loc_fffa33ce ; jmp 0xfffa33ce -loc_fffa34a4: ; not directly referenced +loc_fffa34d3: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3648 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x88888888 -call fcn_fffaa226 ; call 0xfffaa226 +call fcn_fffac864 ; call 0xfffac864 mov eax, dword [ebp + 8] mov edx, 0x3670 cmp dword [eax + 0x188b], 1 @@ -3799,7 +3812,7 @@ mov eax, 0x367c cmove edx, eax mov eax, dword [ebp + 8] xor ecx, ecx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x365c cmp dword [eax + 0x188b], 1 @@ -3807,7 +3820,7 @@ mov eax, 0x3668 cmove edx, eax mov eax, dword [ebp + 8] xor ecx, ecx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov al, byte [ebp - 0x74] and eax, 1 mov edi, eax @@ -3821,7 +3834,7 @@ and eax, 1 shl eax, 0x1a or edi, eax cmp dword [ebp - 0x78], 0 -je short loc_fffa3551 ; je 0xfffa3551 +je short loc_fffa3580 ; je 0xfffa3580 mov bl, byte [ebp - 0x84] or edi, 0x10000000 mov eax, edi @@ -3830,7 +3843,7 @@ test bl, bl cmovne edi, eax or edi, 0x40000000 -loc_fffa3551: ; not directly referenced +loc_fffa3580: ; not directly referenced mov bl, byte [ebp - 0x82] mov eax, edi mov edx, 0x3674 @@ -3843,7 +3856,7 @@ cmp dword [eax + 0x188b], 1 mov eax, 0x3680 cmove edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] cmp byte [eax + 0x190a], 1 mov eax, dword [ebp - 0xc8] @@ -3855,16 +3868,16 @@ shl eax, 0xa or esi, eax or esi, 0x7efc010 cmp dword [ebp - 0x78], 0 -je short loc_fffa35c5 ; je 0xfffa35c5 +je short loc_fffa35f4 ; je 0xfffa35f4 cmp byte [ebp - 0x6c], 0 -je short loc_fffa35c5 ; je 0xfffa35c5 +je short loc_fffa35f4 ; je 0xfffa35f4 mov eax, dword [ebp + 8] movzx eax, byte [eax + 0x1922] and eax, 7 shl eax, 0x1b or esi, eax -loc_fffa35c5: ; not directly referenced +loc_fffa35f4: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x3660 mov ecx, esi @@ -3873,17 +3886,17 @@ mov eax, 0x366c cmove edx, eax mov eax, dword [ebp + 8] xor ebx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 cmp byte [ebp - 0x81], 0 -je short loc_fffa3603 ; je 0xfffa3603 +je short loc_fffa3632 ; je 0xfffa3632 cmp dword [ebp - 0x78], 1 sbb ebx, ebx and ebx, 0xfffffe80 add ebx, 0x3f180 -loc_fffa3603: ; not directly referenced +loc_fffa3632: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa3663 ; je 0xfffa3663 +je short loc_fffa3692 ; je 0xfffa3692 mov eax, ebx mov ecx, dword [ebp - 0x70] and eax, 0xe3fc01ff @@ -3899,37 +3912,37 @@ or eax, 0x80000 cmp byte [ecx + 0x240d], 0 cmovne ebx, eax cmp dword [ebp - 0x78], 0 -je short loc_fffa3651 ; je 0xfffa3651 +je short loc_fffa3680 ; je 0xfffa3680 or ebx, 0x180 -jmp short loc_fffa3663 ; jmp 0xfffa3663 +jmp short loc_fffa3692 ; jmp 0xfffa3692 -loc_fffa3651: ; not directly referenced +loc_fffa3680: ; not directly referenced mov ecx, dword [ebp - 0xe0] mov eax, ebx or eax, 0x300000 test ecx, ecx cmovne ebx, eax -loc_fffa3663: ; not directly referenced +loc_fffa3692: ; not directly referenced mov eax, dword [ebp - 0x70] mov dword [ebp - 0x74], 0 add eax, 0x1c mov dword [ebp - 0xc8], eax -loc_fffa3676: ; not directly referenced +loc_fffa36a5: ; not directly referenced imul eax, dword [ebp - 0x74], 0x13c3 mov ecx, dword [ebp + 8] -cmp dword [ecx + eax + 0x3756], 2 -je short loc_fffa36a2 ; je 0xfffa36a2 +cmp dword [ecx + eax + 0x3757], 2 +je short loc_fffa36d1 ; je 0xfffa36d1 -loc_fffa368a: ; not directly referenced +loc_fffa36b9: ; not directly referenced inc dword [ebp - 0x74] add dword [ebp - 0xc8], 0xcc cmp dword [ebp - 0x74], 2 -jne short loc_fffa3676 ; jne 0xfffa3676 -jmp near loc_fffa3762 ; jmp 0xfffa3762 +jne short loc_fffa36a5 ; jne 0xfffa36a5 +jmp near loc_fffa3791 ; jmp 0xfffa3791 -loc_fffa36a2: ; not directly referenced +loc_fffa36d1: ; not directly referenced mov eax, dword [ebp - 0xc8] mov byte [ebp - 0xa8], 0 mov dword [eax], edi @@ -3939,11 +3952,11 @@ lea eax, [eax + eax - 6] movzx eax, al mov dword [ebp - 0xf4], eax -loc_fffa36c6: ; not directly referenced +loc_fffa36f5: ; not directly referenced mov ecx, dword [ebp + 8] mov al, byte [ebp - 0xa8] -cmp al, byte [ecx + 0x2488] -jae short loc_fffa368a ; jae 0xfffa368a +cmp al, byte [ecx + 0x2489] +jae short loc_fffa36b9 ; jae 0xfffa36b9 movzx eax, byte [ebp - 0xa8] and ebx, 0xffffffe0 mov edx, dword [ebp - 0xc8] @@ -3956,13 +3969,13 @@ mov dword [ebp - 0xec], eax mov dword [eax + 4], esi mov eax, dword [ebp + 8] mov dword [ebp - 0x98], ecx -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebp - 0x98] mov dword [ebp - 0xe0], eax movzx eax, byte [ebp + ecx - 0x31] mov ecx, dword [ebp + 8] imul eax, dword [ebp - 0xf4] -movzx ecx, byte [ecx + 0x2488] +movzx ecx, byte [ecx + 0x2489] cdq idiv ecx mov edx, dword [ebp - 0xe0] @@ -3970,13 +3983,13 @@ and eax, 0x1f or ebx, eax mov eax, dword [ebp + 8] mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0xec] inc byte [ebp - 0xa8] mov dword [eax + 0x28], ebx -jmp near loc_fffa36c6 ; jmp 0xfffa36c6 +jmp near loc_fffa36f5 ; jmp 0xfffa36f5 -loc_fffa3762: ; not directly referenced +loc_fffa3791: ; not directly referenced mov edi, dword [ebp - 0x7c] mov eax, edi movzx ebx, di @@ -3993,57 +4006,57 @@ movzx eax, ax add eax, 0x4d8140 cmp byte [ebp - 0x81], 0 mov dword [ebp - 0x74], eax -je short loc_fffa37b4 ; je 0xfffa37b4 +je short loc_fffa37e3 ; je 0xfffa37e3 mov ecx, eax mov eax, dword [ebp + 8] mov edx, 0x366c -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa37b4: ; not directly referenced +loc_fffa37e3: ; not directly referenced cmp byte [ebp - 0x82], 0 -je short loc_fffa37cd ; je 0xfffa37cd +je short loc_fffa37fc ; je 0xfffa37fc mov ecx, dword [ebp - 0x74] mov edx, 0x306c mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa37cd: ; not directly referenced +loc_fffa37fc: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa3817 ; je 0xfffa3817 +je short loc_fffa3846 ; je 0xfffa3846 mov ecx, dword [ebp - 0x74] mov eax, dword [ebp - 0x8c] and ch, 0x3f cmp eax, 0x306d0 -je short loc_fffa3801 ; je 0xfffa3801 +je short loc_fffa3830 ; je 0xfffa3830 cmp dword [ebp - 0xe8], 0 setne dl cmp eax, 0x40670 sete al test dl, al -jne short loc_fffa3801 ; jne 0xfffa3801 +jne short loc_fffa3830 ; jne 0xfffa3830 or ch, 0x40 -jmp short loc_fffa3804 ; jmp 0xfffa3804 +jmp short loc_fffa3833 ; jmp 0xfffa3833 -loc_fffa3801: ; not directly referenced +loc_fffa3830: ; not directly referenced or ch, 0x50 -loc_fffa3804: ; not directly referenced +loc_fffa3833: ; not directly referenced mov dword [ebp - 0x74], ecx mov eax, dword [ebp + 8] mov edx, 0x3678 mov ecx, dword [ebp - 0x74] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa3817: ; not directly referenced +loc_fffa3846: ; not directly referenced mov eax, dword [ebp - 0x74] mov edx, 0x3a24 -mov esi, ref_fffd329c ; mov esi, 0xfffd329c +mov esi, ref_fffd358c ; mov esi, 0xfffd358c shl ebx, 7 lea edi, [ebp - 0x28] mov ecx, eax mov dword [ebp - 0xfc], eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov ecx, 4 mov byte [ebp - 0xa8], 0 @@ -4057,7 +4070,7 @@ sub ax, 0x3e8 mov word [ebp - 0xe8], ax mov eax, 0x3e8 -loc_fffa386d: ; not directly referenced +loc_fffa389c: ; not directly referenced mov edi, dword [ebp - 0xe8] mov ebx, esi xor edx, edx @@ -4067,7 +4080,7 @@ mov ebx, eax mov byte [ebp - 0x98], cl mov word [ebp - 0xf8], di -loc_fffa3891: ; not directly referenced +loc_fffa38c0: ; not directly referenced mov eax, dword [ebp - 0xf8] mov cl, dl sub ax, word [ebp + edx*2 - 0x28] @@ -4076,49 +4089,49 @@ sar di, 0xf xor eax, edi sub eax, edi cmp bx, ax -jg short loc_fffa38b7 ; jg 0xfffa38b7 +jg short loc_fffa38e6 ; jg 0xfffa38e6 mov cl, byte [ebp - 0x98] mov eax, ebx -jmp short loc_fffa38c3 ; jmp 0xfffa38c3 +jmp short loc_fffa38f2 ; jmp 0xfffa38f2 -loc_fffa38b7: ; not directly referenced +loc_fffa38e6: ; not directly referenced mov bl, byte [ebp - 0xe0] mov byte [ebp - 0xa8], bl -loc_fffa38c3: ; not directly referenced +loc_fffa38f2: ; not directly referenced inc edx cmp edx, 8 -je short loc_fffa38d3 ; je 0xfffa38d3 +je short loc_fffa3902 ; je 0xfffa3902 mov byte [ebp - 0x98], cl mov ebx, eax -jmp short loc_fffa3891 ; jmp 0xfffa3891 +jmp short loc_fffa38c0 ; jmp 0xfffa38c0 -loc_fffa38d3: ; not directly referenced +loc_fffa3902: ; not directly referenced inc esi cmp esi, 8 -jne short loc_fffa386d ; jne 0xfffa386d +jne short loc_fffa389c ; jne 0xfffa389c xor eax, eax cmp byte [ebp - 0x6c], 0 -je short loc_fffa38ea ; je 0xfffa38ea +je short loc_fffa3919 ; je 0xfffa3919 mov ax, 0xb40 xor edx, edx div dword [ebp - 0x7c] -loc_fffa38ea: ; not directly referenced +loc_fffa3919: ; not directly referenced cmp byte [ebp - 0x81], 0 -je short loc_fffa3901 ; je 0xfffa3901 +je short loc_fffa3930 ; je 0xfffa3930 mov edx, eax shl edx, 0x12 lea edi, [edx + 0x2051c] mov dword [ebp - 0x74], edi -loc_fffa3901: ; not directly referenced +loc_fffa3930: ; not directly referenced cmp byte [ebp - 0x82], 0 -jne short loc_fffa3914 ; jne 0xfffa3914 +jne short loc_fffa3943 ; jne 0xfffa3943 cmp byte [ebp - 0x6c], 0 -je loc_fffa399b ; je 0xfffa399b +je loc_fffa39ca ; je 0xfffa39ca -loc_fffa3914: ; not directly referenced +loc_fffa3943: ; not directly referenced mov edi, dword [ebp - 0xa8] shl eax, 0x12 lea ecx, [ecx + edi*8] @@ -4126,31 +4139,31 @@ movzx ecx, cl shl ecx, 0xc add ecx, eax cmp byte [ebp - 0x6c], 0 -je short loc_fffa3992 ; je 0xfffa3992 +je short loc_fffa39c1 ; je 0xfffa39c1 xor eax, eax xor ebx, ebx xor esi, esi -loc_fffa3934: ; not directly referenced +loc_fffa3963: ; not directly referenced mov edi, dword [ebp + 8] cmp dword [edi + eax + 0x1973], 0 -jne short loc_fffa394d ; jne 0xfffa394d +jne short loc_fffa397c ; jne 0xfffa397c cmp byte [edi + eax + 0x1be9], 1 adc bl, 0 inc esi -loc_fffa394d: ; not directly referenced +loc_fffa397c: ; not directly referenced mov edi, dword [ebp + 8] cmp dword [edi + eax + 0x1bea], 0 -jne short loc_fffa3966 ; jne 0xfffa3966 +jne short loc_fffa3995 ; jne 0xfffa3995 cmp byte [edi + eax + 0x1e60], 1 adc bl, 0 inc esi -loc_fffa3966: ; not directly referenced +loc_fffa3995: ; not directly referenced add eax, 0x54a cmp eax, 0xa94 -jne short loc_fffa3934 ; jne 0xfffa3934 +jne short loc_fffa3963 ; jne 0xfffa3963 mov eax, esi cmp al, bl sete al @@ -4160,48 +4173,48 @@ sbb edx, edx and edx, 4 lea eax, [edx + ecx + 0x518] mov dword [ebp - 0x74], eax -jmp short loc_fffa399f ; jmp 0xfffa399f +jmp short loc_fffa39ce ; jmp 0xfffa39ce -loc_fffa3992: ; not directly referenced +loc_fffa39c1: ; not directly referenced lea eax, [ecx + 0x53f] mov dword [ebp - 0x74], eax -loc_fffa399b: ; not directly referenced +loc_fffa39ca: ; not directly referenced xor ebx, ebx xor esi, esi -loc_fffa399f: ; not directly referenced +loc_fffa39ce: ; not directly referenced cmp byte [ebp - 0x81], 0 -je short loc_fffa39b8 ; je 0xfffa39b8 +je short loc_fffa39e7 ; je 0xfffa39e7 mov ecx, dword [ebp - 0x74] mov edx, 0xf68 mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa39b8: ; not directly referenced +loc_fffa39e7: ; not directly referenced cmp byte [ebp - 0x82], 0 -je short loc_fffa39d1 ; je 0xfffa39d1 +je short loc_fffa3a00 ; je 0xfffa3a00 mov ecx, dword [ebp - 0x74] mov edx, 0xf6c mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa39d1: ; not directly referenced +loc_fffa3a00: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa39e7 ; je 0xfffa39e7 +je short loc_fffa3a16 ; je 0xfffa3a16 mov ecx, dword [ebp - 0x74] mov edx, 0xf74 mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa39e7: ; not directly referenced +loc_fffa3a16: ; not directly referenced mov eax, dword [ebp - 0x94] mov cl, 3 and eax, 1 shl eax, 0x1a or eax, 0xe00000 cmp byte [ebp - 0x6c], 0 -je short loc_fffa3a12 ; je 0xfffa3a12 +je short loc_fffa3a41 ; je 0xfffa3a41 mov ecx, esi cmp cl, bl sete cl @@ -4209,7 +4222,7 @@ or ecx, dword [ebp - 0xdc] neg ecx add ecx, 3 -loc_fffa3a12: ; not directly referenced +loc_fffa3a41: ; not directly referenced mov ebx, ecx mov edx, 0x3678 and ebx, 3 @@ -4222,7 +4235,7 @@ mov eax, 0x3684 cmove edx, eax mov eax, dword [ebp + 8] xor edi, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp - 0x70] mov dword [eax + 0x14], ebx mov ebx, dword [ebp + 8] @@ -4231,9 +4244,9 @@ mov eax, dword [ebp - 0x94] and eax, 1 mov dword [ebp - 0xdc], eax -loc_fffa3a5a: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne loc_fffa3c8b ; jne 0xfffa3c8b +loc_fffa3a89: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne loc_fffa3cba ; jne 0xfffa3cba mov eax, dword [ebp - 0xdc] lea edx, [edi + 0x1810] mov ecx, dword [ebp - 0x78] @@ -4250,21 +4263,21 @@ test cl, cl cmovne esi, eax mov eax, dword [ebp + 8] mov ecx, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x6c], 0 mov dword [ebp - 0xa8], esi -je short loc_fffa3aba ; je 0xfffa3aba +je short loc_fffa3ae9 ; je 0xfffa3ae9 and esi, 0x7fffffbf mov dword [ebp - 0xa8], esi -loc_fffa3aba: ; not directly referenced +loc_fffa3ae9: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x190a], 0 -je short loc_fffa3ad6 ; je 0xfffa3ad6 +je short loc_fffa3b05 ; je 0xfffa3b05 or dword [ebp - 0xa8], 0x10000000 or esi, 0x10000000 -loc_fffa3ad6: ; not directly referenced +loc_fffa3b05: ; not directly referenced or esi, 0x18000 cmp dword [ebp - 0x80], 1 lea edx, [edi + 0x320c] @@ -4276,7 +4289,7 @@ shl eax, 0xd or esi, eax mov eax, dword [ebp + 8] mov ecx, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x74] lea edx, [edi + 0x121c] mov al, byte [ebp - 0x98] @@ -4285,7 +4298,7 @@ mov eax, dword [ebp + 8] mov ecx, esi and ecx, 0xffe1bfff or ecx, 0x120000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0xa8] lea edx, [edi + 0x1c1c] mov esi, dword [ebp - 0x80] @@ -4298,108 +4311,108 @@ test esi, esi cmove eax, ecx mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea edx, [edi + 0x3208] cmp byte [ebp - 0x84], 0 -je short loc_fffa3b85 ; je 0xfffa3b85 +je short loc_fffa3bb4 ; je 0xfffa3bb4 mov eax, dword [ebp + 8] mov ecx, 0xc183060 -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa3b9b ; jmp 0xfffa3b9b +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffa3bca ; jmp 0xfffa3bca -loc_fffa3b85: ; not directly referenced +loc_fffa3bb4: ; not directly referenced cmp byte [ebp - 0x82], 0 -je short loc_fffa3b9b ; je 0xfffa3b9b +je short loc_fffa3bca ; je 0xfffa3bca mov eax, dword [ebp + 8] mov ecx, 0x60 -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffa3b9b: ; not directly referenced +loc_fffa3bca: ; not directly referenced mov eax, dword [ebp + 8] lea edx, [edi + 0x1208] mov ecx, 0xc183060 -mov dword [ebx + 0x386f], 0x60 -mov dword [ebx + 0x3867], 0x60 -mov dword [ebx + 0x3873], 0x60 -mov dword [ebx + 0x386b], 0x60 -call fcn_fffae58c ; call 0xfffae58c +mov dword [ebx + 0x3870], 0x60 +mov dword [ebx + 0x3868], 0x60 +mov dword [ebx + 0x3874], 0x60 +mov dword [ebx + 0x386c], 0x60 +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] lea edx, [edi + 0x3418] mov ecx, 0x8102040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] lea edx, [edi + 0x180c] mov ecx, 0x8102040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx -mov byte [ebx + 0x3997], 0x40 -lea edx, [edi + 0x3204] -mov byte [ebx + 0x399b], 0x40 mov byte [ebx + 0x3998], 0x40 +lea edx, [edi + 0x3204] mov byte [ebx + 0x399c], 0x40 mov byte [ebx + 0x3999], 0x40 mov byte [ebx + 0x399d], 0x40 mov byte [ebx + 0x399a], 0x40 mov byte [ebx + 0x399e], 0x40 -call fcn_fffae58c ; call 0xfffae58c +mov byte [ebx + 0x399b], 0x40 +mov byte [ebx + 0x399f], 0x40 +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x6c], 0 -je short loc_fffa3c5a ; je 0xfffa3c5a +je short loc_fffa3c89 ; je 0xfffa3c89 mov eax, dword [ebp + 8] lea edx, [edi + 0x1204] xor ecx, ecx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa3c5a: ; not directly referenced +loc_fffa3c89: ; not directly referenced mov esi, dword [ebp - 0x74] lea edx, [edi + 0x3414] xor ecx, ecx mov eax, dword [ebp + 8] mov dword [esi + 0x68], 0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] lea edx, [edi + 0x1808] mov dword [esi + 0x6c], 0 xor ecx, ecx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa3c8b: ; not directly referenced +loc_fffa3cba: ; not directly referenced add edi, 0x100 add ebx, 0x13c3 add dword [ebp - 0x74], 0xcc cmp edi, 0x200 -jne loc_fffa3a5a ; jne 0xfffa3a5a +jne loc_fffa3a89 ; jne 0xfffa3a89 mov al, byte [ebp - 0xe4] mov edi, dword [ebp - 0x70] shl eax, 3 cmp byte [ebp - 0x83], 0 mov dword [edi + 0xc], 0 mov byte [edi + 0xc], al -je short loc_fffa3cd9 ; je 0xfffa3cd9 +je short loc_fffa3d08 ; je 0xfffa3d08 mov eax, dword [ebp + 8] cmp dword [eax + 0x187f], 1 -jne short loc_fffa3cd9 ; jne 0xfffa3cd9 +jne short loc_fffa3d08 ; jne 0xfffa3d08 mov byte [ebp - 0x35], 0x3c -loc_fffa3cd9: ; not directly referenced +loc_fffa3d08: ; not directly referenced cmp dword [ebp - 0x8c], 0x306d0 mov bl, byte [ebp - 0x81] sete al or bl, al -je short loc_fffa3d0c ; je 0xfffa3d0c +je short loc_fffa3d3b ; je 0xfffa3d3b mov eax, dword [ebp - 0x70] mov byte [ebp - 0x40], 0x28 mov byte [ebp - 0x36], 0x28 mov byte [ebp - 0x3c], 0x28 cmp byte [eax + 0x1c5], 0 -je short loc_fffa3d0c ; je 0xfffa3d0c +je short loc_fffa3d3b ; je 0xfffa3d3b mov byte [ebp - 0x35], 0x20 -loc_fffa3d0c: ; not directly referenced +loc_fffa3d3b: ; not directly referenced mov edi, 0xc xor ebx, ebx -loc_fffa3d13: ; not directly referenced +loc_fffa3d42: ; not directly referenced movzx ecx, byte [ebp + ebx - 0x40] movzx edx, byte [ebp + ebx - 0x36] movzx eax, byte [ebp + ebx - 0x45] @@ -4411,7 +4424,7 @@ add ecx, ecx cdq idiv ecx cmp bl, 1 -jne short loc_fffa3d76 ; jne 0xfffa3d76 +jne short loc_fffa3da5 ; jne 0xfffa3da5 mov esi, dword [ebp - 0x70] cmp ax, 0xfff0 mov ecx, 0xfffffff0 @@ -4432,9 +4445,9 @@ mov al, byte [esi + 0xe] and eax, 0xfffffff0 or eax, edx mov byte [esi + 0xe], al -jmp short loc_fffa3db3 ; jmp 0xfffa3db3 +jmp short loc_fffa3de2 ; jmp 0xfffa3de2 -loc_fffa3d76: ; not directly referenced +loc_fffa3da5: ; not directly referenced cmp ax, 0xfff8 mov esi, 0xfffffff8 cmovl eax, esi @@ -4442,7 +4455,7 @@ mov esi, 7 cmp ax, 7 cmovg eax, esi test bl, bl -jne short loc_fffa3da8 ; jne 0xfffa3da8 +jne short loc_fffa3dd7 ; jne 0xfffa3dd7 mov esi, dword [ebp - 0x70] and eax, 0xf shl eax, 3 @@ -4450,78 +4463,78 @@ mov dl, byte [esi + 0xd] and edx, 0xffffff87 or edx, eax mov byte [esi + 0xd], dl -jmp short loc_fffa3db3 ; jmp 0xfffa3db3 +jmp short loc_fffa3de2 ; jmp 0xfffa3de2 -loc_fffa3da8: ; not directly referenced +loc_fffa3dd7: ; not directly referenced mov esi, dword [ebp - 0x70] cwde mov ecx, edi shl eax, cl or dword [esi + 0xc], eax -loc_fffa3db3: ; not directly referenced +loc_fffa3de2: ; not directly referenced inc ebx add edi, 4 cmp ebx, 5 -jne loc_fffa3d13 ; jne 0xfffa3d13 +jne loc_fffa3d42 ; jne 0xfffa3d42 mov eax, dword [ebp - 0x70] mov edx, 0x3a14 mov ecx, dword [eax + 0xc] mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ebx, dword [ebp - 0x94] and ebx, 1 shl ebx, 0x19 and ebx, 0xfeffffff cmp byte [ebp - 0x6c], 0 -je short loc_fffa3dff ; je 0xfffa3dff +je short loc_fffa3e2e ; je 0xfffa3e2e mov eax, dword [ebp - 0xd8] or ebx, 0x20000000 and eax, 1 shl eax, 0x1a or ebx, eax -loc_fffa3dff: ; not directly referenced +loc_fffa3e2e: ; not directly referenced imul eax, dword [ebp - 0x88], 0x2e add eax, dword [ebp + 8] -cmp word [eax + 0x375e], 2 -jne short loc_fffa3e41 ; jne 0xfffa3e41 +cmp word [eax + 0x375f], 2 +jne short loc_fffa3e70 ; jne 0xfffa3e70 -loc_fffa3e13: ; not directly referenced +loc_fffa3e42: ; not directly referenced mov eax, 1 mov edx, 2 -loc_fffa3e1d: ; not directly referenced +loc_fffa3e4c: ; not directly referenced imul ecx, dword [ebp - 0x88], 0x2e add ecx, dword [ebp + 8] -mov word [ecx + 0x375e], dx +mov word [ecx + 0x375f], dx lea edx, [eax + 1] dec eax -mov word [ecx + 0x4b21], dx -jne short loc_fffa3e54 ; jne 0xfffa3e54 +mov word [ecx + 0x4b22], dx +jne short loc_fffa3e83 ; jne 0xfffa3e83 mov byte [ebp - 0x48], 0x59 -jmp short loc_fffa3e54 ; jmp 0xfffa3e54 +jmp short loc_fffa3e83 ; jmp 0xfffa3e83 -loc_fffa3e41: ; not directly referenced -cmp word [eax + 0x4b21], 2 -je short loc_fffa3e13 ; je 0xfffa3e13 +loc_fffa3e70: ; not directly referenced +cmp word [eax + 0x4b22], 2 +je short loc_fffa3e42 ; je 0xfffa3e42 xor eax, eax mov edx, 1 -jmp short loc_fffa3e1d ; jmp 0xfffa3e1d +jmp short loc_fffa3e4c ; jmp 0xfffa3e4c -loc_fffa3e54: ; not directly referenced +loc_fffa3e83: ; not directly referenced cmp dword [ebp - 0x78], 0 -je short loc_fffa3e5e ; je 0xfffa3e5e +je short loc_fffa3e8d ; je 0xfffa3e8d mov byte [ebp - 0x48], 0x3f -loc_fffa3e5e: ; not directly referenced +loc_fffa3e8d: ; not directly referenced mov eax, dword [ebp + 8] xor esi, esi mov edi, 5 -movzx eax, word [eax + 0x2489] +movzx eax, word [eax + 0x248a] mov dword [ebp - 0x74], eax -loc_fffa3e72: ; not directly referenced +loc_fffa3ea1: ; not directly referenced mov al, byte [ebp + esi - 0x49] movzx ecx, al shr al, 1 @@ -4534,36 +4547,36 @@ lea ecx, [esi + esi*4] cmp ax, 4 cmovbe eax, edi cmp ax, 0x10 -ja short loc_fffa3ea0 ; ja 0xfffa3ea0 +ja short loc_fffa3ecf ; ja 0xfffa3ecf mov dl, byte [ebp - 0x78] cmp dl, byte [ebp + esi - 0x51] -jae short loc_fffa3ea9 ; jae 0xfffa3ea9 +jae short loc_fffa3ed8 ; jae 0xfffa3ed8 -loc_fffa3ea0: ; not directly referenced +loc_fffa3ecf: ; not directly referenced shr ax, 1 movzx eax, ax dec eax -jmp short loc_fffa3eaf ; jmp 0xfffa3eaf +jmp short loc_fffa3ede ; jmp 0xfffa3ede -loc_fffa3ea9: ; not directly referenced +loc_fffa3ed8: ; not directly referenced movzx eax, ax add eax, 0xf -loc_fffa3eaf: ; not directly referenced +loc_fffa3ede: ; not directly referenced shl eax, cl inc esi add ebx, eax cmp esi, 4 -jne short loc_fffa3e72 ; jne 0xfffa3e72 +jne short loc_fffa3ea1 ; jne 0xfffa3ea1 mov eax, dword [ebp + 8] mov ecx, ebx mov edx, 0x3a18 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x70] xor ecx, ecx cmp dword [ebp - 0x80], 0 mov dword [eax + 0x10], ebx -jne loc_fffa3f93 ; jne 0xfffa3f93 +jne loc_fffa3fc2 ; jne 0xfffa3fc2 mov esi, dword [ebp - 0xc8] mov eax, esi lea ecx, [eax + 0x18] @@ -4572,9 +4585,9 @@ imul eax, ecx, 0x64 sub ecx, 0xf cdq idiv ecx -call fcn_fffaebb7 ; call 0xfffaebb7 +call fcn_fffb38ee ; call 0xfffb38ee mov edi, dword [ebp + 8] -movzx ebx, word [edi + 0x2489] +movzx ebx, word [edi + 0x248a] movzx edi, word [edi + 0x1902] movzx ecx, ax imul ecx, ecx, 0x7d0 @@ -4597,7 +4610,7 @@ imul eax, ecx, 0x64 sub ecx, 0xf cdq idiv ecx -call fcn_fffaebb7 ; call 0xfffaebb7 +call fcn_fffb38ee ; call 0xfffb38ee mov esi, eax mov eax, 0x7080 cdq @@ -4622,23 +4635,23 @@ shl eax, 6 and edx, 0x3f or ecx, eax or ecx, edx -jmp near loc_fffa4040 ; jmp 0xfffa4040 +jmp near loc_fffa406f ; jmp 0xfffa406f -loc_fffa3f93: ; not directly referenced +loc_fffa3fc2: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je loc_fffa4040 ; je 0xfffa4040 +je loc_fffa406f ; je 0xfffa406f mov eax, dword [ebp - 0x70] cmp byte [eax + 0x1c5], 0 -je short loc_fffa3fb8 ; je 0xfffa3fb8 +je short loc_fffa3fe7 ; je 0xfffa3fe7 mov eax, dword [ebp + 8] mov ecx, 1 xor edx, edx -call fcn_fffb9560 ; call 0xfffb9560 +call fcn_fffb7663 ; call 0xfffb7663 -loc_fffa3fb8: ; not directly referenced +loc_fffa3fe7: ; not directly referenced mov eax, dword [ebp + 8] mov esi, 0x7f -movzx ecx, word [eax + 0x2489] +movzx ecx, word [eax + 0x248a] mov eax, 0xafc8 cdq idiv ecx @@ -4679,13 +4692,13 @@ or ecx, esi and eax, 0x3f or ecx, eax -loc_fffa4040: ; not directly referenced +loc_fffa406f: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x3a1c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x2008 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp - 0x70] mov edx, 0x2008 and eax, 0xfffffc20 @@ -4693,115 +4706,115 @@ or eax, 0x316 mov ecx, eax mov dword [edi + 0x18], eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x2000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x2004 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x42a0 -movzx ecx, byte [eax + 0x381a] -call fcn_fffae566 ; call 0xfffae566 +movzx ecx, byte [eax + 0x381b] +call fcn_fffb335b ; call 0xfffb335b mov eax, dword [ebp + 8] mov edx, 0x46a0 -movzx ecx, byte [eax + 0x4bdd] -call fcn_fffae566 ; call 0xfffae566 +movzx ecx, byte [eax + 0x4bde] +call fcn_fffb335b ; call 0xfffb335b mov eax, dword [ebp + 8] mov edx, 0x3a20 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, 0x115 mov edx, 0x5f08 mov ebx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x96 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 cmp dword [ebp - 0x80], 0 -jne loc_fffa4235 ; jne 0xfffa4235 +jne loc_fffa4264 ; jne 0xfffa4264 mov eax, dword [ebp + 8] mov edx, 0x3644 and ebx, 0xf8ffffff -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3644 and eax, 0x8fffffff or eax, 0x20000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3700 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3700 and eax, 0xf8ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3810 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3810 and eax, 0xf8ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3904 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3904 and eax, 0xfc7fffff or eax, 0x1000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3a04 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a04 and eax, 0x8fffffff or eax, 0x20000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a08 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a08 and eax, 0xf8ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a0c -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a0c and eax, 0xf0ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a10 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a10 and eax, 0xf87fffff or eax, 0x1000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 or ebx, 0x2000000 -jmp short loc_fffa425d ; jmp 0xfffa425d +jmp short loc_fffa428c ; jmp 0xfffa428c -loc_fffa4235: ; not directly referenced +loc_fffa4264: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa425d ; je 0xfffa425d +je short loc_fffa428c ; je 0xfffa428c mov eax, dword [ebp - 0xf0] sub eax, 2 cmp eax, 2 @@ -4813,43 +4826,43 @@ and eax, 6 shl eax, 0x18 or ebx, eax -loc_fffa425d: ; not directly referenced +loc_fffa428c: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, ebx mov edx, 0x3a20 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x70] mov edx, 0x2008 mov ecx, dword [eax + 0x18] mov eax, dword [ebp + 8] or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a04 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f cmp dword [ebp - 0x80], 0 -jne short loc_fffa429f ; jne 0xfffa429f +jne short loc_fffa42ce ; jne 0xfffa42ce mov ecx, eax shr ecx, 9 and ecx, 0x3f -jmp short loc_fffa42ac ; jmp 0xfffa42ac +jmp short loc_fffa42db ; jmp 0xfffa42db -loc_fffa429f: ; not directly referenced +loc_fffa42ce: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa42b1 ; je 0xfffa42b1 +je short loc_fffa42e0 ; je 0xfffa42e0 mov edi, eax shr edi, 0x1a mov ecx, edi -loc_fffa42ac: ; not directly referenced +loc_fffa42db: ; not directly referenced and eax, 0x3f -jmp short loc_fffa42b5 ; jmp 0xfffa42b5 +jmp short loc_fffa42e4 ; jmp 0xfffa42e4 -loc_fffa42b1: ; not directly referenced +loc_fffa42e0: ; not directly referenced xor eax, eax xor ecx, ecx -loc_fffa42b5: ; not directly referenced +loc_fffa42e4: ; not directly referenced mov edi, dword [ebp - 0x70] sub ecx, eax mov eax, ecx @@ -4861,7 +4874,7 @@ or edx, eax mov ecx, edx or ch, 4 cmp byte [ebp - 0x6c], 0 -je short loc_fffa42f1 ; je 0xfffa42f1 +je short loc_fffa4320 ; je 0xfffa4320 mov ecx, edx xor eax, eax or ecx, 0x404 @@ -4870,14 +4883,14 @@ seta al and ecx, 0xfffffffe or ecx, eax -loc_fffa42f1: ; not directly referenced +loc_fffa4320: ; not directly referenced mov eax, dword [ebp - 0x70] mov edx, 0x3a14 mov dword [eax + 0xc], ecx mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x6c], 0 -je loc_fffa455a ; je 0xfffa455a +je loc_fffa4589 ; je 0xfffa4589 mov eax, dword [ebp + 8] mov edx, 0x3658 mov ecx, 0x80000000 @@ -4887,25 +4900,25 @@ mov eax, 0x3664 cmove edx, eax mov eax, dword [ebp + 8] xor ebx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, 0x2000000 mov edx, 0x3824 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, 0x2000000 mov edx, 0x3914 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, 0x2000000 mov edx, 0x3724 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3688 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa437e: ; not directly referenced +loc_fffa43ad: ; not directly referenced mov eax, ebx mov edi, esi and eax, 7 @@ -4916,26 +4929,26 @@ or edi, eax mov eax, dword [ebp + 8] mov ecx, edi mov esi, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, edi mov edx, 0xc8c cmp dword [ebp - 0x90], 0 -je short loc_fffa43b6 ; je 0xfffa43b6 +je short loc_fffa43e5 ; je 0xfffa43e5 mov edx, 0x58c -loc_fffa43b6: ; not directly referenced +loc_fffa43e5: ; not directly referenced mov eax, dword [ebp + 8] inc ebx and ebx, 7 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp bl, 6 -jne short loc_fffa437e ; jne 0xfffa437e +jne short loc_fffa43ad ; jne 0xfffa43ad and edi, 0xfffffe0f xor ebx, ebx mov esi, edi or esi, 0x80 -loc_fffa43d7: ; not directly referenced +loc_fffa4406: ; not directly referenced mov eax, ebx mov edi, esi and eax, 7 @@ -4945,28 +4958,28 @@ or edi, eax cmp dword [ebp - 0x90], 0 mov esi, edi mov ecx, edi -jne short loc_fffa440c ; jne 0xfffa440c +jne short loc_fffa443b ; jne 0xfffa443b mov eax, dword [ebp + 8] mov edx, 0x58c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, edi mov edx, 0x48c -jmp short loc_fffa4420 ; jmp 0xfffa4420 +jmp short loc_fffa444f ; jmp 0xfffa444f -loc_fffa440c: ; not directly referenced +loc_fffa443b: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x98c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, edi mov edx, 0x18c -loc_fffa4420: ; not directly referenced +loc_fffa444f: ; not directly referenced mov eax, dword [ebp + 8] inc ebx and ebx, 7 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp bl, 6 -jne short loc_fffa43d7 ; jne 0xfffa43d7 +jne short loc_fffa4406 ; jne 0xfffa4406 mov ebx, edi and edi, 0xffffe60f mov esi, edi @@ -4975,7 +4988,7 @@ shr ebx, 0x10 or esi, 0x40 and ebx, 1 -loc_fffa4446: ; not directly referenced +loc_fffa4475: ; not directly referenced mov eax, edi and esi, 0xffff0fff and eax, 7 @@ -4985,29 +4998,29 @@ or dword [ebp - 0x6c], eax mov esi, dword [ebp - 0x6c] cmp dword [ebp - 0x90], 0 mov ecx, esi -jne short loc_fffa447e ; jne 0xfffa447e +jne short loc_fffa44ad ; jne 0xfffa44ad mov eax, dword [ebp + 8] mov edx, 0x78c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x68c -jmp short loc_fffa4492 ; jmp 0xfffa4492 +jmp short loc_fffa44c1 ; jmp 0xfffa44c1 -loc_fffa447e: ; not directly referenced +loc_fffa44ad: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0xb8c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x38c -loc_fffa4492: ; not directly referenced +loc_fffa44c1: ; not directly referenced mov eax, dword [ebp + 8] inc edi and edi, 7 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, edi cmp al, 6 -jne short loc_fffa4446 ; jne 0xfffa4446 +jne short loc_fffa4475 ; jne 0xfffa4475 mov eax, dword [ebp - 0x6c] mov ecx, dword [ebp + 8] shr eax, 0x10 @@ -5021,25 +5034,25 @@ cmovne esi, eax cmp dword [ebp - 0x90], 0 mov edi, esi mov ecx, esi -jne short loc_fffa44e9 ; jne 0xfffa44e9 +jne short loc_fffa4518 ; jne 0xfffa4518 mov eax, dword [ebp + 8] mov edx, 0x38c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x88c -jmp short loc_fffa44fd ; jmp 0xfffa44fd +jmp short loc_fffa452c ; jmp 0xfffa452c -loc_fffa44e9: ; not directly referenced +loc_fffa4518: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0xa8c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x48c -loc_fffa44fd: ; not directly referenced +loc_fffa452c: ; not directly referenced mov eax, dword [ebp + 8] shr esi, 0x10 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, esi mov edx, 0x3920 and eax, 1 @@ -5047,7 +5060,7 @@ mov ecx, edi cmp al, 1 mov eax, dword [ebp + 8] sbb bl, 0xff -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, edi shr eax, 0x10 add bl, al @@ -5055,54 +5068,54 @@ setne dl cmp word [ebp - 0xf4], 0xf setbe al test dl, al -je short loc_fffa455a ; je 0xfffa455a +je short loc_fffa4589 ; je 0xfffa4589 mov eax, dword [ebp + 8] mov edx, 0x78 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3678 and eax, 0xffffffc0 lea ecx, [eax + 0x10] mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa455a: ; not directly referenced +loc_fffa4589: ; not directly referenced mov eax, dword [ebp - 0x7c] cmp eax, 0x4b0 -je short loc_fffa456e ; je 0xfffa456e +je short loc_fffa459d ; je 0xfffa459d cmp eax, 0x546 sete cl -jmp short loc_fffa4582 ; jmp 0xfffa4582 +jmp short loc_fffa45b1 ; jmp 0xfffa45b1 -loc_fffa456e: ; not directly referenced +loc_fffa459d: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 +cmp dword [eax + 0x2481], 2 sete cl lea ecx, [ecx*4 + 3] -loc_fffa4582: ; not directly referenced +loc_fffa45b1: ; not directly referenced mov eax, dword [ebp + 8] and ecx, 7 mov edx, 0x58a4 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov dword [ebp - 0x6c], 0 -mov eax, dword [eax + 0x2480] +mov eax, dword [eax + 0x2481] mov dword [ebp - 0x80], eax mov eax, dword [ebp + 8] -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x88], eax mov dword [ebp - 0x70], eax mov eax, dword [ebp + 8] -add eax, 0x244b +add eax, 0x244c mov dword [ebp - 0x78], eax -loc_fffa45c1: ; not directly referenced +loc_fffa45f0: ; not directly referenced mov eax, dword [ebp - 0x70] cmp dword [eax], 2 -jne loc_fffa502f ; jne 0xfffa502f +jne loc_fffa505e ; jne 0xfffa505e mov edi, dword [ebp + 8] imul eax, dword [ebp - 0x6c], 0xcc -mov edx, dword [edi + 0x5edc] +mov edx, dword [edi + 0x5edd] lea eax, [edx + eax + 0x1c] imul edx, dword [edi + 0x18a7], 0x2e mov edi, dword [ebp - 0x70] @@ -5173,8 +5186,8 @@ and ebx, 0xffffffc3 shl esi, 2 or ebx, esi mov byte [eax + 0x9f], bl -cmp dword [edi + 0x2480], 3 -jne short loc_fffa470b ; jne 0xfffa470b +cmp dword [edi + 0x2481], 3 +jne short loc_fffa473a ; jne 0xfffa473a movzx esi, word [edx + 0x1a] movzx ecx, word [edx + 0x1c] sub ecx, esi @@ -5186,10 +5199,10 @@ shl ecx, 6 or ebx, ecx mov byte [eax + 0x9f], bl -loc_fffa470b: ; not directly referenced +loc_fffa473a: ; not directly referenced mov edi, dword [ebp + 8] -cmp dword [edi + 0x2480], 2 -jne short loc_fffa473d ; jne 0xfffa473d +cmp dword [edi + 0x2481], 2 +jne short loc_fffa476c ; jne 0xfffa476c mov cx, word [edx + 0x22] mov dl, 0xf mov bl, cl @@ -5202,7 +5215,7 @@ and ecx, 0xffffffc3 or ecx, edx mov byte [eax + 0x9f], cl -loc_fffa473d: ; not directly referenced +loc_fffa476c: ; not directly referenced mov esi, dword [ebp - 0x6c] mov ecx, dword [eax + 0x9c] mov eax, dword [ebp + 8] @@ -5210,10 +5223,10 @@ mov edi, esi add edi, 0x10 shl edi, 0xa mov edx, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 imul eax, esi, 0xcc mov esi, dword [ebp + 8] -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] lea ecx, [edx + eax + 0x1c] imul eax, dword [esi + 0x18a7], 0x2e mov esi, dword [ebp - 0x70] @@ -5224,7 +5237,7 @@ mov dword [ebp - 0x7c], eax movzx eax, word [ebx + 8] sub dword [ebp - 0x7c], eax mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 +cmp dword [eax + 0x2481], 2 mov dword [ecx + 0xac], 0 mov dx, word [ebx + 8] sete byte [ebp - 0x90] @@ -5280,13 +5293,13 @@ and eax, 0xfffffffe or eax, edx mov byte [ecx + 0xae], al mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne loc_fffa493f ; jne 0xfffa493f +cmp dword [eax + 0x2481], 3 +jne loc_fffa496e ; jne 0xfffa496e cmp byte [eax + 0x240a], 0 -je short loc_fffa4888 ; je 0xfffa4888 +je short loc_fffa48b7 ; je 0xfffa48b7 or byte [ecx + 0xaf], 2 -loc_fffa4888: ; not directly referenced +loc_fffa48b7: ; not directly referenced mov dl, byte [ebp - 0x81] mov al, byte [ecx + 0xac] add edx, 0x1f @@ -5305,7 +5318,7 @@ or eax, 8 mov byte [ecx + 0xad], al mov eax, dword [ebp + 8] movzx esi, word [ebx + 8] -movzx eax, word [eax + 0x2489] +movzx eax, word [eax + 0x248a] dec esi add eax, eax mov ebx, eax @@ -5341,7 +5354,7 @@ shl eax, 3 or ebx, eax mov byte [ecx + 0xae], bl -loc_fffa493f: ; not directly referenced +loc_fffa496e: ; not directly referenced lea eax, [edi - 0x4000] mov ecx, dword [ecx + 0xac] mov dword [ebp - 0x74], eax @@ -5349,10 +5362,10 @@ lea eax, [edi + 0x14] mov edx, eax mov dword [ebp - 0x7c], eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov esi, dword [ebp + 8] mov edi, dword [ebp - 0x6c] -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] imul eax, edi, 0xcc imul ecx, dword [esi + 0x18a7], 0x2e lea eax, [edx + eax + 0x1c] @@ -5360,37 +5373,37 @@ imul edx, edi, 0x13c3 mov edi, dword [ebp - 0x78] lea edx, [ecx + edx + 0x1300] lea ecx, [edi + edx + 0xf] -mov edx, dword [esi + 0x2480] +mov edx, dword [esi + 0x2481] mov dword [eax + 0xa0], 0 -mov ebx, dword [esi + 0x36d7] +mov ebx, dword [esi + 0x36d8] cmp edx, 3 -jne short loc_fffa49c1 ; jne 0xfffa49c1 +jne short loc_fffa49f0 ; jne 0xfffa49f0 mov dl, 4 cmp ebx, 0x42b -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 cmp ebx, 0x536 sbb edx, edx add edx, 6 -jmp short loc_fffa49f7 ; jmp 0xfffa49f7 +jmp short loc_fffa4a26 ; jmp 0xfffa4a26 -loc_fffa49c1: ; not directly referenced +loc_fffa49f0: ; not directly referenced mov edx, 3 cmp ebx, 0x42b -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 mov dl, 4 cmp ebx, 0x640 -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 mov dl, 5 cmp ebx, 0x74b -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 mov dl, 6 cmp ebx, 0x960 -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 cmp ebx, 0xaf1 sbb edx, edx add edx, 8 -loc_fffa49f7: ; not directly referenced +loc_fffa4a26: ; not directly referenced cmp edx, 0xf mov ebx, 0xf mov edi, dword [ebp + 8] @@ -5401,15 +5414,15 @@ and edx, 0xfffffff0 or edx, ebx mov byte [eax + 0xa0], dl mov dl, byte [eax + 0xa3] -cmp dword [edi + 0x2480], 3 -jne short loc_fffa4a2d ; jne 0xfffa4a2d +cmp dword [edi + 0x2481], 3 +jne short loc_fffa4a5c ; jne 0xfffa4a5c and edx, 0x3f -jmp short loc_fffa4a30 ; jmp 0xfffa4a30 +jmp short loc_fffa4a5f ; jmp 0xfffa4a5f -loc_fffa4a2d: ; not directly referenced +loc_fffa4a5c: ; not directly referenced or edx, 0xffffffc0 -loc_fffa4a30: ; not directly referenced +loc_fffa4a5f: ; not directly referenced mov byte [eax + 0xa3], dl mov dx, word [ecx + 0xa] mov bl, 0xff @@ -5429,7 +5442,7 @@ or edx, ebx xor ebx, ebx or edx, 0x40 mov byte [eax + 0xa1], dl -cmp dword [edi + 0x2480], 3 +cmp dword [edi + 0x2481], 3 sete bl and edx, 0x7f add ebx, 6 @@ -5470,28 +5483,28 @@ mov ecx, dword [eax + 0xa0] mov eax, dword [ebp - 0x74] lea edx, [eax + 0x4004] mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edi, dword [ebp - 0x6c] mov esi, dword [ebp + 8] imul eax, edi, 0xcc -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] lea ebx, [edx + eax + 0x1c] imul edx, dword [esi + 0x18a7], 0x2e imul eax, edi, 0x13c3 mov edi, dword [ebp - 0x78] lea eax, [edx + eax + 0x1300] lea eax, [edi + eax + 0xf] -mov edi, dword [esi + 0x2480] +mov edi, dword [esi + 0x2481] mov dword [ebx + 0xa4], 0 cmp edi, 2 -jne short loc_fffa4b56 ; jne 0xfffa4b56 +jne short loc_fffa4b85 ; jne 0xfffa4b85 movzx edx, word [eax + 0x2c] -jmp short loc_fffa4b5a ; jmp 0xfffa4b5a +jmp short loc_fffa4b89 ; jmp 0xfffa4b89 -loc_fffa4b56: ; not directly referenced +loc_fffa4b85: ; not directly referenced movzx edx, word [eax + 0x28] -loc_fffa4b5a: ; not directly referenced +loc_fffa4b89: ; not directly referenced movzx ecx, word [eax + 8] lea edx, [edx + ecx + 6] mov ecx, 0x3f @@ -5506,15 +5519,15 @@ mov byte [ebx + 0xa4], dl movzx edx, word [eax + 8] movzx ecx, word [eax + 6] cmp edi, 3 -je short loc_fffa4b97 ; je 0xfffa4b97 +je short loc_fffa4bc6 ; je 0xfffa4bc6 sub edx, ecx add edx, 7 -jmp short loc_fffa4b9c ; jmp 0xfffa4b9c +jmp short loc_fffa4bcb ; jmp 0xfffa4bcb -loc_fffa4b97: ; not directly referenced +loc_fffa4bc6: ; not directly referenced mov edx, 8 -loc_fffa4b9c: ; not directly referenced +loc_fffa4bcb: ; not directly referenced cmp edx, 0xf mov ecx, 0xf cmovbe ecx, edx @@ -5533,14 +5546,14 @@ mov byte [ebx + 0xa5], dl mov edx, 7 or byte [ebx + 0xa6], 1 cmp edi, 3 -jne short loc_fffa4bf3 ; jne 0xfffa4bf3 +jne short loc_fffa4c22 ; jne 0xfffa4c22 mov edi, dword [ebp + 8] cmp byte [edi + 0x240a], 1 sbb edx, edx and edx, 0xfffffffe add edx, 9 -loc_fffa4bf3: ; not directly referenced +loc_fffa4c22: ; not directly referenced cmp edx, 0xf mov ecx, 0xf cmovbe ecx, edx @@ -5571,7 +5584,7 @@ or edx, eax mov eax, dword [ebp + 8] mov byte [ebx + 0xa7], dl mov edx, dword [ebp - 0x7c] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp - 0x74] mov dword [ebx + 0xac], eax movzx edx, byte [ebx + 0xad] @@ -5590,7 +5603,7 @@ mov byte [ebx + 0xa7], al mov eax, dword [ebp + 8] lea edx, [edi + 0x4008] mov ecx, dword [ebx + 0xa4] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0xa7] shr al, 7 movzx eax, al @@ -5606,11 +5619,11 @@ or ecx, edx or ecx, eax mov eax, dword [ebp + 8] lea edx, [edi + 0x40d0] -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b mov edi, dword [ebp - 0x6c] mov esi, dword [ebp + 8] imul eax, edi, 0xcc -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] lea ecx, [edx + eax + 0x1c] imul edx, dword [esi + 0x18a7], 0x2e imul eax, edi, 0x13c3 @@ -5618,42 +5631,42 @@ mov edi, dword [ebp - 0x78] lea eax, [edx + eax + 0x1300] lea esi, [edi + eax + 0xf] mov eax, dword [ebp + 8] -mov edi, dword [eax + 0x2480] +mov edi, dword [eax + 0x2481] mov dword [ecx + 0xa8], 0 -mov edx, dword [eax + 0x36d7] +mov edx, dword [eax + 0x36d8] mov eax, 0xa cmp edx, 0x320 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0xd cmp edx, 0x42b -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x10 cmp edx, 0x535 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x14 cmp edx, 0x640 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x17 cmp edx, 0x74b -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x1a cmp edx, 0x855 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x1d cmp edx, 0x960 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x20 cmp edx, 0xa6b -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x22 cmp edx, 0xaf0 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 cmp edx, 0xbb9 sbb eax, eax and eax, 0xfffffffd add eax, 0x27 -loc_fffa4d98: ; not directly referenced +loc_fffa4dc7: ; not directly referenced cmp eax, 0x3f mov edx, 0x3f cmovbe edx, eax @@ -5663,30 +5676,30 @@ and eax, 0xffffffc0 or eax, edx mov byte [ecx + 0xa8], al mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x36d7] +mov edx, dword [eax + 0x36d8] cmp edi, 3 -jne short loc_fffa4dd2 ; jne 0xfffa4dd2 +jne short loc_fffa4e01 ; jne 0xfffa4e01 cmp edx, 0x536 sbb eax, eax add eax, 6 -jmp short loc_fffa4df9 ; jmp 0xfffa4df9 +jmp short loc_fffa4e28 ; jmp 0xfffa4e28 -loc_fffa4dd2: ; not directly referenced +loc_fffa4e01: ; not directly referenced cmp edi, 2 -jne short loc_fffa4dee ; jne 0xfffa4dee +jne short loc_fffa4e1d ; jne 0xfffa4e1d mov eax, 5 cmp edx, 0x640 -jbe short loc_fffa4df9 ; jbe 0xfffa4df9 +jbe short loc_fffa4e28 ; jbe 0xfffa4e28 mov al, 6 cmp edx, 0x74b -jbe short loc_fffa4df9 ; jbe 0xfffa4df9 +jbe short loc_fffa4e28 ; jbe 0xfffa4e28 -loc_fffa4dee: ; not directly referenced +loc_fffa4e1d: ; not directly referenced cmp edx, 0x856 sbb eax, eax add eax, 8 -loc_fffa4df9: ; not directly referenced +loc_fffa4e28: ; not directly referenced cmp eax, 0xf mov edx, 0xf cmovbe edx, eax @@ -5703,36 +5716,36 @@ and eax, 0xfffffffc or eax, edx mov byte [ecx + 0xa9], al mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x36d7] +mov edx, dword [eax + 0x36d8] mov eax, 4 cmp edx, 0x320 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 5 cmp edx, 0x42b -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 6 cmp edx, 0x535 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 7 cmp edx, 0x640 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 8 cmp edx, 0x74b -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 0xa cmp edx, 0x855 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 0xb cmp edx, 0x960 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 0xc cmp edx, 0xaf0 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 cmp edx, 0xbb9 sbb eax, eax add eax, 0xe -loc_fffa4e98: ; not directly referenced +loc_fffa4ec7: ; not directly referenced cmp eax, 0xf mov edx, 0xf cmovbe edx, eax @@ -5746,20 +5759,20 @@ movzx eax, word [esi + 8] movzx ebx, word [esi + 6] mov esi, dword [ebp + 8] sub ebx, eax -cmp dword [esi + 0x36d7], 0x536 +cmp dword [esi + 0x36d8], 0x536 lea eax, [ebx + 8] -movzx esi, word [esi + 0x2489] +movzx esi, word [esi + 0x248a] lea edx, [ebx + 7] cmovb eax, edx cmp edi, 3 -jne short loc_fffa4ef6 ; jne 0xfffa4ef6 +jne short loc_fffa4f25 ; jne 0xfffa4f25 add esi, esi xor edx, edx lea eax, [esi + 0x157b] div esi lea eax, [ebx + eax + 6] -loc_fffa4ef6: ; not directly referenced +loc_fffa4f25: ; not directly referenced cmp eax, 0x1f mov edx, 0x1f cmovbe edx, eax @@ -5783,29 +5796,29 @@ mov eax, dword [ebp - 0x74] mov ecx, dword [ecx + 0xa8] lea edx, [eax + 0x400c] mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x80], 2 -jne loc_fffa502f ; jne 0xfffa502f +jne loc_fffa505e ; jne 0xfffa505e mov edi, dword [ebp + 8] imul eax, dword [ebp - 0x6c], 0xcc -mov edx, dword [edi + 0x5edc] +mov edx, dword [edi + 0x5edd] lea eax, [edx + eax + 0x1c] imul edx, dword [edi + 0x18a7], 0x2e mov edi, dword [ebp - 0x70] lea ecx, [edi + edx + 4] mov edi, dword [ebp + 8] mov dl, 4 -mov ebx, dword [edi + 0x36d7] +mov ebx, dword [edi + 0x36d8] cmp ebx, 0x535 -jbe short loc_fffa4faa ; jbe 0xfffa4faa +jbe short loc_fffa4fd9 ; jbe 0xfffa4fd9 mov dl, 5 cmp ebx, 0x74b -jbe short loc_fffa4faa ; jbe 0xfffa4faa +jbe short loc_fffa4fd9 ; jbe 0xfffa4fd9 cmp ebx, 0x961 sbb edx, edx add edx, 7 -loc_fffa4faa: ; not directly referenced +loc_fffa4fd9: ; not directly referenced and edx, 0xf mov bl, dl shl ebx, 4 @@ -5840,45 +5853,45 @@ mov edx, dword [ebp - 0x74] mov ecx, dword [eax + 0xb0] mov eax, dword [ebp + 8] add edx, 0x4018 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa502f: ; not directly referenced +loc_fffa505e: ; not directly referenced inc dword [ebp - 0x6c] add dword [ebp - 0x70], 0x13c3 cmp dword [ebp - 0x6c], 2 -jne loc_fffa45c1 ; jne 0xfffa45c1 +jne loc_fffa45f0 ; jne 0xfffa45f0 mov eax, dword [ebp + 8] mov edi, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] +mov edx, dword [eax + 0x5edd] xor eax, eax -cmp byte [edi + 0x381a], 0 -je short loc_fffa5064 ; je 0xfffa5064 -cmp dword [edi + 0x3816], 2 +cmp byte [edi + 0x381b], 0 +je short loc_fffa5093 ; je 0xfffa5093 +cmp dword [edi + 0x3817], 2 sete al -loc_fffa5064: ; not directly referenced +loc_fffa5093: ; not directly referenced mov edi, dword [ebp + 8] -cmp byte [edi + 0x4bdd], 0 -je short loc_fffa507f ; je 0xfffa507f +cmp byte [edi + 0x4bde], 0 +je short loc_fffa50ae ; je 0xfffa50ae mov cl, al or ecx, 2 -cmp dword [edi + 0x4bd9], 2 +cmp dword [edi + 0x4bda], 2 cmove eax, ecx -loc_fffa507f: ; not directly referenced +loc_fffa50ae: ; not directly referenced lea edi, [edx + 0xbc] movzx eax, al mov dword [ebp - 0x70], edi mov edi, dword [ebp + 8] mov dword [ebp - 0x6c], 0 mov dword [ebp - 0x74], eax -add edi, 0x4ae6 +add edi, 0x4ae7 -loc_fffa509e: ; not directly referenced +loc_fffa50cd: ; not directly referenced mov eax, dword [ebp - 0x74] mov esi, dword [ebp - 0x6c] bt eax, esi -jae loc_fffa5212 ; jae 0xfffa5212 +jae loc_fffa5241 ; jae 0xfffa5241 mov eax, dword [edi - 0x144] movzx ebx, byte [edi - 0x12cc] cmp eax, 3 @@ -5887,44 +5900,44 @@ cmp eax, 8 sete dl xor eax, eax or cl, dl -je short loc_fffa50e4 ; je 0xfffa50e4 +je short loc_fffa5113 ; je 0xfffa5113 mov eax, dword [ebp - 0xb8] mov al, byte [edi - 0x128] mov word [ebp - 0xb8], ax mov eax, 1 -loc_fffa50e4: ; not directly referenced +loc_fffa5113: ; not directly referenced mov edx, dword [edi - 0x1c] cmp edx, 8 sete cl cmp edx, 3 sete dl or cl, dl -jne short loc_fffa5100 ; jne 0xfffa5100 +jne short loc_fffa512f ; jne 0xfffa512f mov esi, 6 test eax, eax -je short loc_fffa5133 ; je 0xfffa5133 +je short loc_fffa5162 ; je 0xfffa5162 -loc_fffa5100: ; not directly referenced +loc_fffa512f: ; not directly referenced mov al, byte [edi] mov ecx, dword [ebp - 0xb8] mov ch, al mov word [ebp - 0xb8], cx mov al, cl cmp cl, 5 -je short loc_fffa5125 ; je 0xfffa5125 +je short loc_fffa5154 ; je 0xfffa5154 movzx edx, ch mov esi, 6 cmp dl, 5 -jne short loc_fffa5133 ; jne 0xfffa5133 +jne short loc_fffa5162 ; jne 0xfffa5162 -loc_fffa5125: ; not directly referenced +loc_fffa5154: ; not directly referenced mov ecx, dword [ebp - 0xb8] cmp ch, al setne al lea esi, [eax + 6] -loc_fffa5133: ; not directly referenced +loc_fffa5162: ; not directly referenced sub esp, 0xc mov eax, esi mov edx, dword [ebp - 0x6c] @@ -5936,11 +5949,11 @@ push 1 push eax mov eax, dword [ebp + 8] push 8 -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 mov eax, esi add esp, 0x20 cmp al, 7 -jne loc_fffa5212 ; jne 0xfffa5212 +jne loc_fffa5241 ; jne 0xfffa5241 mov eax, dword [ebp - 0x70] sub esp, 0xc mov edx, dword [ebp - 0x6c] @@ -5959,7 +5972,7 @@ mov eax, dword [ebp + 8] push 0 shr esi, 0x13 and esi, 0xf -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x14 mov edx, dword [ebp - 0x6c] push ebx @@ -5970,7 +5983,7 @@ lea eax, [esi + 1] push eax mov eax, dword [ebp + 8] push 1 -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 mov eax, dword [ebp - 0x70] add esp, 0x14 mov edx, dword [ebp - 0x6c] @@ -5986,7 +5999,7 @@ inc eax push eax mov eax, dword [ebp + 8] push 4 -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x14 mov eax, esi push ebx @@ -6002,7 +6015,7 @@ mov eax, dword [ebp + 8] push 5 shr esi, 0xe and esi, 0x1f -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x14 mov edx, dword [ebp - 0x6c] push ebx @@ -6013,144 +6026,144 @@ lea eax, [esi + 1] push eax mov eax, dword [ebp + 8] push 0xe -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x20 -loc_fffa5212: ; not directly referenced +loc_fffa5241: ; not directly referenced inc dword [ebp - 0x6c] add edi, 0x13c3 add dword [ebp - 0x70], 0xcc cmp dword [ebp - 0x6c], 2 -jne loc_fffa509e ; jne 0xfffa509e +jne loc_fffa50cd ; jne 0xfffa50cd mov edi, 0x4290 mov dword [ebp - 0x6c], 0 -loc_fffa5238: ; not directly referenced +loc_fffa5267: ; not directly referenced imul eax, dword [ebp - 0x6c], 0x13c3 mov esi, dword [ebp + 8] -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffa553b ; jne 0xfffa553b +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffa556a ; jne 0xfffa556a mov edx, dword [ebp - 0x6c] mov eax, esi -call fcn_fffae6fa ; call 0xfffae6fa +call fcn_fffb3431 ; call 0xfffb3431 mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x36d7] +mov ebx, dword [eax + 0x36d8] mov eax, dword [eax + 0x188b] mov dword [ebp - 0x70], eax mov eax, dword [ebp + 8] -mov ecx, dword [eax + 0x2480] +mov ecx, dword [eax + 0x2481] cmp ecx, 3 -jne short loc_fffa528d ; jne 0xfffa528d -movzx esi, word [eax + 0x2489] +jne short loc_fffa52bc ; jne 0xfffa52bc +movzx esi, word [eax + 0x248a] mov eax, 0x57e40 cdq add esi, esi idiv esi -jmp short loc_fffa52de ; jmp 0xfffa52de +jmp short loc_fffa530d ; jmp 0xfffa530d -loc_fffa528d: ; not directly referenced +loc_fffa52bc: ; not directly referenced cmp ecx, 2 -je short loc_fffa52d9 ; je 0xfffa52d9 +je short loc_fffa5308 ; je 0xfffa5308 mov eax, 0x100 cmp ebx, 0x640 -jbe short loc_fffa52de ; jbe 0xfffa52de +jbe short loc_fffa530d ; jbe 0xfffa530d mov al, 0x2b cmp ebx, 0x74b -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 mov al, 0x56 cmp ebx, 0x855 -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 mov al, 0x80 cmp ebx, 0x960 -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 mov al, 0xab cmp ebx, 0xa6b -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 cmp ebx, 0xb76 sbb eax, eax and eax, 0xffffffd6 add eax, 0x200 -jmp short loc_fffa52e6 ; jmp 0xfffa52e6 +jmp short loc_fffa5315 ; jmp 0xfffa5315 -loc_fffa52d9: ; not directly referenced +loc_fffa5308: ; not directly referenced mov eax, 0x200 -loc_fffa52de: ; not directly referenced +loc_fffa530d: ; not directly referenced cmp ebx, 0x320 -jbe short loc_fffa534b ; jbe 0xfffa534b +jbe short loc_fffa537a ; jbe 0xfffa537a -loc_fffa52e6: ; not directly referenced +loc_fffa5315: ; not directly referenced cmp ebx, 0x42b -jbe short loc_fffa5352 ; jbe 0xfffa5352 +jbe short loc_fffa5381 ; jbe 0xfffa5381 cmp ebx, 0x535 -jbe loc_fffa5b11 ; jbe 0xfffa5b11 +jbe loc_fffa5b40 ; jbe 0xfffa5b40 cmp ebx, 0x640 -jbe loc_fffa5b18 ; jbe 0xfffa5b18 +jbe loc_fffa5b47 ; jbe 0xfffa5b47 cmp ebx, 0x74b -jbe loc_fffa5b1f ; jbe 0xfffa5b1f +jbe loc_fffa5b4e ; jbe 0xfffa5b4e cmp ebx, 0x855 -jbe loc_fffa5b26 ; jbe 0xfffa5b26 +jbe loc_fffa5b55 ; jbe 0xfffa5b55 cmp ebx, 0x960 -jbe loc_fffa5b2d ; jbe 0xfffa5b2d +jbe loc_fffa5b5c ; jbe 0xfffa5b5c mov edx, 0xe cmp ebx, 0xaf0 -jbe loc_fffa53cc ; jbe 0xfffa53cc +jbe loc_fffa53fb ; jbe 0xfffa53fb cmp ebx, 0xbb9 sbb edx, edx add edx, 0x10 -jmp near loc_fffa53cc ; jmp 0xfffa53cc +jmp near loc_fffa53fb ; jmp 0xfffa53fb -loc_fffa534b: ; not directly referenced +loc_fffa537a: ; not directly referenced mov edx, 4 -jmp short loc_fffa5357 ; jmp 0xfffa5357 +jmp short loc_fffa5386 ; jmp 0xfffa5386 -loc_fffa5352: ; not directly referenced +loc_fffa5381: ; not directly referenced mov edx, 6 -loc_fffa5357: ; not directly referenced +loc_fffa5386: ; not directly referenced cmp ecx, 2 -je short loc_fffa53d1 ; je 0xfffa53d1 +je short loc_fffa5400 ; je 0xfffa5400 mov esi, 0xc cmp ebx, 0x42b -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 -loc_fffa5369: ; not directly referenced +loc_fffa5398: ; not directly referenced mov esi, 0xc cmp ebx, 0x640 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0xe cmp ebx, 0x74b -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x10 cmp ebx, 0x855 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x12 cmp ebx, 0x960 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 -loc_fffa539a: ; not directly referenced +loc_fffa53c9: ; not directly referenced mov esi, 0x14 cmp ebx, 0xa6b -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x15 cmp ebx, 0xaf0 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x16 cmp ebx, 0xb75 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 cmp ebx, 0xbb9 sbb esi, esi add esi, 0x18 -jmp short loc_fffa53d6 ; jmp 0xfffa53d6 +jmp short loc_fffa5405 ; jmp 0xfffa5405 -loc_fffa53cc: ; not directly referenced +loc_fffa53fb: ; not directly referenced cmp ecx, 2 -jne short loc_fffa539a ; jne 0xfffa539a +jne short loc_fffa53c9 ; jne 0xfffa53c9 -loc_fffa53d1: ; not directly referenced +loc_fffa5400: ; not directly referenced mov esi, 0x18 -loc_fffa53d6: ; not directly referenced +loc_fffa5405: ; not directly referenced cmp edx, 0xf mov ecx, 0xf cmova edx, ecx @@ -6164,25 +6177,25 @@ and ebx, 0x3ff shl ebx, 0x10 or edx, ebx cmp dword [ebp - 0x70], 0 -jne short loc_fffa5416 ; jne 0xfffa5416 +jne short loc_fffa5445 ; jne 0xfffa5445 sub esi, 8 cmp esi, 0xf cmovbe ecx, esi shl ecx, 0x1c -jmp short loc_fffa5425 ; jmp 0xfffa5425 +jmp short loc_fffa5454 ; jmp 0xfffa5454 -loc_fffa5416: ; not directly referenced +loc_fffa5445: ; not directly referenced inc esi mov ecx, 0x1f cmp esi, 0x1f cmovbe ecx, esi shl ecx, 0x1b -loc_fffa5425: ; not directly referenced +loc_fffa5454: ; not directly referenced mov eax, dword [ebp + 8] or ecx, edx lea edx, [edi + 0x14] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov eax, dword [eax + 0x188b] @@ -6191,48 +6204,48 @@ mov eax, dword [ebp + 8] mov eax, dword [eax + 0x1887] mov dword [ebp - 0x74], eax mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x2480] -mov edx, dword [eax + 0x36d7] +mov esi, dword [eax + 0x2481] +mov edx, dword [eax + 0x36d8] cmp esi, 3 -jne short loc_fffa5473 ; jne 0xfffa5473 -movzx ebx, word [eax + 0x2489] +jne short loc_fffa54a2 ; jne 0xfffa54a2 +movzx ebx, word [eax + 0x248a] mov eax, 0x15f90 cdq add ebx, ebx idiv ebx -jmp short loc_fffa54bd ; jmp 0xfffa54bd +jmp short loc_fffa54ec ; jmp 0xfffa54ec -loc_fffa5473: ; not directly referenced +loc_fffa54a2: ; not directly referenced mov eax, 0x80 cmp esi, 2 -je short loc_fffa54bd ; je 0xfffa54bd +je short loc_fffa54ec ; je 0xfffa54ec mov al, 0x40 cmp edx, 0x640 -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x4b cmp edx, 0x74b -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x56 cmp edx, 0x855 -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x60 cmp edx, 0x960 -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x6b cmp edx, 0xa6b -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec cmp edx, 0xb76 sbb eax, eax and eax, 0xfffffff6 sub eax, 0xffffff80 -loc_fffa54bd: ; not directly referenced +loc_fffa54ec: ; not directly referenced cmp dword [ebp - 0x70], 1 sete dl cmp dword [ebp - 0x74], 0x40650 sete bl or dl, bl -je short loc_fffa54fb ; je 0xfffa54fb +je short loc_fffa552a ; je 0xfffa552a cmp esi, 3 mov edx, 0x100 mov ecx, 0x80 @@ -6243,41 +6256,41 @@ cmovbe edx, eax and edx, 0x3ff shl edx, 0xa or ecx, edx -jmp short loc_fffa550c ; jmp 0xfffa550c +jmp short loc_fffa553b ; jmp 0xfffa553b -loc_fffa54fb: ; not directly referenced +loc_fffa552a: ; not directly referenced mov edx, 0xff cmp eax, 0xff mov cl, 0x80 cmovbe edx, eax mov ch, dl -loc_fffa550c: ; not directly referenced +loc_fffa553b: ; not directly referenced mov eax, dword [ebp + 8] mov edx, edi lea ebx, [edi + 4] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, ebx mov ecx, eax mov eax, dword [ebp + 8] mov cl, 0xff -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f -loc_fffa553b: ; not directly referenced +loc_fffa556a: ; not directly referenced inc dword [ebp - 0x6c] add edi, 0x400 cmp dword [ebp - 0x6c], 2 -jne loc_fffa5238 ; jne 0xfffa5238 +jne loc_fffa5267 ; jne 0xfffa5267 mov eax, dword [ebp + 8] mov ecx, 0x100000 mov esi, dword [eax + 0x1887] -cmp dword [eax + 0x2480], 3 +cmp dword [eax + 0x2481], 3 mov edi, dword [eax + 0x188b] sete al cmp esi, 0x306d0 @@ -6285,67 +6298,67 @@ sete bl cmp esi, 0x40650 sete dl or bl, dl -jne short loc_fffa558f ; jne 0xfffa558f +jne short loc_fffa55be ; jne 0xfffa55be cmp esi, 0x40670 sete dl test dl, al -je short loc_fffa55b0 ; je 0xfffa55b0 +je short loc_fffa55df ; je 0xfffa55df -loc_fffa558f: ; not directly referenced +loc_fffa55be: ; not directly referenced mov ecx, 0x102000 test al, al -je short loc_fffa55b0 ; je 0xfffa55b0 +je short loc_fffa55df ; je 0xfffa55df mov eax, dword [ebp + 8] cmp byte [eax + 0x240a], 1 sbb ecx, ecx and ecx, 0x2000 add ecx, 0x4100000 -loc_fffa55b0: ; not directly referenced +loc_fffa55df: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x4c20 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov ecx, 0x553c3038 mov edx, 0x4f8c -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -je short loc_fffa55e4 ; je 0xfffa55e4 +cmp dword [eax + 0x2481], 3 +je short loc_fffa5613 ; je 0xfffa5613 -loc_fffa55db: ; not directly referenced +loc_fffa560a: ; not directly referenced dec edi -jne loc_fffa568d ; jne 0xfffa568d -jmp short loc_fffa563c ; jmp 0xfffa563c +jne loc_fffa56bc ; jne 0xfffa56bc +jmp short loc_fffa566b ; jmp 0xfffa566b -loc_fffa55e4: ; not directly referenced +loc_fffa5613: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffa560f ; jne 0xfffa560f +cmp dword [eax + 0x3757], 2 +jne short loc_fffa563e ; jne 0xfffa563e mov edx, 0x4010 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4010 and eax, 0xfffffff0 or eax, 7 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa560f: ; not directly referenced +loc_fffa563e: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffa55db ; jne 0xfffa55db +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffa560a ; jne 0xfffa560a mov edx, 0x4410 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4410 and eax, 0xfffffff0 or eax, 7 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa55db ; jmp 0xfffa55db +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffa560a ; jmp 0xfffa560a -loc_fffa563c: ; not directly referenced +loc_fffa566b: ; not directly referenced mov edi, dword [ebp + 8] xor edx, edx mov ecx, 0x1ffff @@ -6355,86 +6368,86 @@ mov dx, word [edi + 0x1920] and ecx, 0x1ffff cmp byte [edi + 0x191b], 0 mov eax, ecx -je short loc_fffa5679 ; je 0xfffa5679 +je short loc_fffa56a8 ; je 0xfffa56a8 mov ecx, edx or ecx, 0x80000000 mov edx, ecx -loc_fffa5679: ; not directly referenced +loc_fffa56a8: ; not directly referenced push ecx push ecx push edx mov edx, 0x5028 push eax mov eax, dword [ebp + 8] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffa568d: ; not directly referenced +loc_fffa56bc: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3f xor esi, esi xor edi, edi -call fcn_fffc3c0d ; call 0xfffc3c0d +call fcn_fffc3b02 ; call 0xfffc3b02 mov eax, dword [ebp + 8] lea ecx, [ebp - 0x20] mov edx, dword [ebp - 0x88] mov eax, dword [eax + 0x188b] mov dword [ebp - 0x70], eax mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2480] +mov eax, dword [eax + 0x2481] mov dword [ebp - 0x74], eax lea eax, [ebp - 0x28] -loc_fffa56c4: ; not directly referenced +loc_fffa56f3: ; not directly referenced mov dword [eax], 0 cmp dword [edx], 2 -jne short loc_fffa56f1 ; jne 0xfffa56f1 +jne short loc_fffa5720 ; jne 0xfffa5720 cmp dword [edx + 0x1173], 2 -jne short loc_fffa56e0 ; jne 0xfffa56e0 +jne short loc_fffa570f ; jne 0xfffa570f mov ebx, dword [edx + 0x1254] mov dword [eax], ebx -loc_fffa56e0: ; not directly referenced +loc_fffa570f: ; not directly referenced cmp dword [edx + 0x129b], 2 -jne short loc_fffa56f1 ; jne 0xfffa56f1 +jne short loc_fffa5720 ; jne 0xfffa5720 mov ebx, dword [edx + 0x137c] add dword [eax], ebx -loc_fffa56f1: ; not directly referenced +loc_fffa5720: ; not directly referenced add eax, 4 add edx, 0x13c3 cmp eax, ecx -jne short loc_fffa56c4 ; jne 0xfffa56c4 +jne short loc_fffa56f3 ; jne 0xfffa56f3 mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x78], al mov eax, dword [ebp - 0x24] mov ebx, eax mov dword [ebp - 0x6c], eax mov eax, dword [ebp - 0x28] cmp ebx, eax -ja short loc_fffa5737 ; ja 0xfffa5737 +ja short loc_fffa5766 ; ja 0xfffa5766 mov eax, dword [ebp + 8] mov ebx, 4 -mov dword [eax + 0x381b], 0 -mov dword [eax + 0x4bde], 1 -jmp short loc_fffa5756 ; jmp 0xfffa5756 +mov dword [eax + 0x381c], 0 +mov dword [eax + 0x4bdf], 1 +jmp short loc_fffa5785 ; jmp 0xfffa5785 -loc_fffa5737: ; not directly referenced +loc_fffa5766: ; not directly referenced mov ecx, dword [ebp + 8] mov ebx, 1 mov dword [ebp - 0x6c], eax -mov dword [ecx + 0x381b], 1 -mov dword [ecx + 0x4bde], 0 +mov dword [ecx + 0x381c], 1 +mov dword [ecx + 0x4bdf], 0 -loc_fffa5756: ; not directly referenced +loc_fffa5785: ; not directly referenced mov eax, dword [ebp - 0x6c] mov edx, 0xff shr eax, 8 cmp dword [ebp - 0x70], 0 -jne short loc_fffa5788 ; jne 0xfffa5788 +jne short loc_fffa57b7 ; jne 0xfffa57b7 cmp eax, 0xff mov esi, edx cmovbe esi, eax @@ -6445,16 +6458,16 @@ movzx eax, al shl eax, 0x10 shl esi, 0x18 or esi, eax -jmp short loc_fffa5796 ; jmp 0xfffa5796 +jmp short loc_fffa57c5 ; jmp 0xfffa57c5 -loc_fffa5788: ; not directly referenced +loc_fffa57b7: ; not directly referenced cmp eax, 0xff cmovbe edx, eax mov eax, esi mov al, dl mov esi, eax -loc_fffa5796: ; not directly referenced +loc_fffa57c5: ; not directly referenced and ebx, 0xfffffbcf mov ecx, ebx mov ebx, dword [ebp - 0x74] @@ -6475,9 +6488,9 @@ mov eax, dword [ebp + 8] mov ebx, ecx mov al, byte [eax + 0x1917] test al, al -je loc_fffa5894 ; je 0xfffa5894 +je loc_fffa58c3 ; je 0xfffa58c3 cmp dword [ebp - 0x70], 0 -jne short loc_fffa5822 ; jne 0xfffa5822 +jne short loc_fffa5851 ; jne 0xfffa5851 mov edx, dword [ebp + 8] mov edi, 0x3fff mov eax, dword [ebp + 8] @@ -6493,28 +6506,28 @@ mov dl, byte [ebp - 0x70] cmovbe eax, edx and eax, 3 shl eax, 0x15 -jmp short loc_fffa588c ; jmp 0xfffa588c +jmp short loc_fffa58bb ; jmp 0xfffa58bb -loc_fffa5822: ; not directly referenced +loc_fffa5851: ; not directly referenced cmp al, 2 -jne short loc_fffa5849 ; jne 0xfffa5849 +jne short loc_fffa5878 ; jne 0xfffa5878 test dl, dl -je short loc_fffa5842 ; je 0xfffa5842 +je short loc_fffa5871 ; je 0xfffa5871 mov al, byte [ebp - 0x78] cmp al, 4 sete dl dec al sete al or dl, al -je short loc_fffa5842 ; je 0xfffa5842 +je short loc_fffa5871 ; je 0xfffa5871 mov edi, 0xd030c0 -jmp short loc_fffa5894 ; jmp 0xfffa5894 +jmp short loc_fffa58c3 ; jmp 0xfffa58c3 -loc_fffa5842: ; not directly referenced +loc_fffa5871: ; not directly referenced mov edi, 0x9030ce -jmp short loc_fffa5894 ; jmp 0xfffa5894 +jmp short loc_fffa58c3 ; jmp 0xfffa58c3 -loc_fffa5849: ; not directly referenced +loc_fffa5878: ; not directly referenced mov edx, dword [ebp + 8] mov edi, 0x3fff mov eax, dword [ebp + 8] @@ -6531,83 +6544,83 @@ cmovbe eax, edx and eax, 7 shl eax, 0x14 -loc_fffa588c: ; not directly referenced +loc_fffa58bb: ; not directly referenced or edi, 0x800000 or edi, eax -loc_fffa5894: ; not directly referenced +loc_fffa58c3: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x2402], 0 -je short loc_fffa58d8 ; je 0xfffa58d8 +je short loc_fffa5907 ; je 0xfffa5907 mov eax, dword [ebp - 0x24] cmp dword [ebp - 0x28], eax -jne short loc_fffa58ce ; jne 0xfffa58ce +jne short loc_fffa58fd ; jne 0xfffa58fd mov eax, dword [ebp - 0x6c] mov ebx, ecx or edi, 0x800000 or ebx, 0x40 and ebx, 0xfffffc7f -call fcn_fffaec34 ; call 0xfffaec34 +call fcn_fffb396b ; call 0xfffb396b sub eax, 9 and eax, 7 shl eax, 7 or ebx, eax -jmp short loc_fffa58d8 ; jmp 0xfffa58d8 +jmp short loc_fffa5907 ; jmp 0xfffa5907 -loc_fffa58ce: ; not directly referenced +loc_fffa58fd: ; not directly referenced mov eax, dword [ebp + 8] mov byte [eax + 0x2402], 0 -loc_fffa58d8: ; not directly referenced +loc_fffa5907: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, edi mov edx, 0x5024 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, ebx mov edx, 0x5000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, esi mov edx, 0x5014 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov dword [ebp - 0x6c], 0x5004 -lea ebx, [eax + 0x48c9] +lea ebx, [eax + 0x48ca] -loc_fffa5915: ; not directly referenced +loc_fffa5944: ; not directly referenced cmp dword [ebx - 0x1173], 2 mov esi, ebx -jne loc_fffa5aaf ; jne 0xfffa5aaf +jne loc_fffa5ade ; jne 0xfffa5ade xor edx, edx cmp dword [ebx], 2 -jne short loc_fffa5931 ; jne 0xfffa5931 +jne short loc_fffa5960 ; jne 0xfffa5960 mov edx, dword [ebx + 0xe1] -loc_fffa5931: ; not directly referenced +loc_fffa5960: ; not directly referenced cmp dword [ebx + 0x128], 2 lea eax, [ebx + 0x128] -jne short loc_fffa5948 ; jne 0xfffa5948 +jne short loc_fffa5977 ; jne 0xfffa5977 cmp dword [ebx + 0x209], edx -ja short loc_fffa594e ; ja 0xfffa594e +ja short loc_fffa597d ; ja 0xfffa597d -loc_fffa5948: ; not directly referenced +loc_fffa5977: ; not directly referenced mov edi, eax xor ecx, ecx -jmp short loc_fffa5957 ; jmp 0xfffa5957 +jmp short loc_fffa5986 ; jmp 0xfffa5986 -loc_fffa594e: ; not directly referenced +loc_fffa597d: ; not directly referenced mov ecx, 0x10000 mov edi, ebx mov esi, eax -loc_fffa5957: ; not directly referenced +loc_fffa5986: ; not directly referenced mov al, byte [esi + 0xed] mov byte [ebp - 0x70], al test al, al -je short loc_fffa59a6 ; je 0xfffa59a6 +je short loc_fffa59d5 ; je 0xfffa59d5 cmp dword [esi], 2 -jne short loc_fffa59a6 ; jne 0xfffa59a6 +jne short loc_fffa59d5 ; jne 0xfffa59d5 mov eax, dword [esi + 0xe1] mov edx, 0xff shr eax, 8 @@ -6626,13 +6639,13 @@ or ecx, edx shl eax, 0x13 or ecx, eax -loc_fffa59a6: ; not directly referenced +loc_fffa59d5: ; not directly referenced mov al, byte [edi + 0xed] mov byte [ebp - 0x70], al test al, al -je short loc_fffa59f5 ; je 0xfffa59f5 +je short loc_fffa5a24 ; je 0xfffa5a24 cmp dword [edi], 2 -jne short loc_fffa59f5 ; jne 0xfffa59f5 +jne short loc_fffa5a24 ; jne 0xfffa5a24 mov eax, dword [edi + 0xe1] mov edx, 0xff shr eax, 8 @@ -6651,7 +6664,7 @@ or ecx, eax shl edx, 0x14 or ecx, edx -loc_fffa59f5: ; not directly referenced +loc_fffa5a24: ; not directly referenced mov eax, dword [ebp + 8] mov eax, dword [eax + 0x1887] cmp eax, 0x306d0 @@ -6659,13 +6672,13 @@ sete dl cmp eax, 0x40650 sete al or dl, al -je short loc_fffa5a22 ; je 0xfffa5a22 +je short loc_fffa5a51 ; je 0xfffa5a51 lea eax, [ecx + ecx] and ecx, 0xffefffff and eax, 0x100000 or ecx, eax -loc_fffa5a22: ; not directly referenced +loc_fffa5a51: ; not directly referenced mov edi, dword [ebp + 8] mov eax, ecx or eax, 0x200000 @@ -6677,93 +6690,93 @@ or eax, 0x400000 cmp byte [edi + 0x1909], 0 cmovne ecx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne short loc_fffa5aaf ; jne 0xfffa5aaf +cmp dword [eax + 0x2481], 3 +jne short loc_fffa5ade ; jne 0xfffa5ade cmp dword [eax + 0x1887], 0x40650 -jne short loc_fffa5a7e ; jne 0xfffa5a7e +jne short loc_fffa5aad ; jne 0xfffa5aad xor ecx, ecx cmp byte [esi + 0xf1], 0x20 sete cl lea ecx, [ecx + ecx*2 + 0x200d00] -jmp short loc_fffa5a9b ; jmp 0xfffa5a9b +jmp short loc_fffa5aca ; jmp 0xfffa5aca -loc_fffa5a7e: ; not directly referenced +loc_fffa5aad: ; not directly referenced mov al, byte [esi + 0xf1] mov ecx, 0x401a00 cmp al, 0x10 -jne short loc_fffa5a91 ; jne 0xfffa5a91 +jne short loc_fffa5ac0 ; jne 0xfffa5ac0 mov cl, 5 -jmp short loc_fffa5a9b ; jmp 0xfffa5a9b +jmp short loc_fffa5aca ; jmp 0xfffa5aca -loc_fffa5a91: ; not directly referenced +loc_fffa5ac0: ; not directly referenced cmp al, 0x20 mov eax, 0x401a0a cmove ecx, eax -loc_fffa5a9b: ; not directly referenced +loc_fffa5aca: ; not directly referenced mov edx, dword [ebp - 0x6c] mov eax, dword [ebp + 8] shl edx, 8 sub edx, 0x4fc1f0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa5aaf: ; not directly referenced +loc_fffa5ade: ; not directly referenced add dword [ebp - 0x6c], 4 add ebx, 0x13c3 cmp dword [ebp - 0x6c], 0x500c -jne loc_fffa5915 ; jne 0xfffa5915 +jne loc_fffa5944 ; jne 0xfffa5944 xor edx, edx -jmp short loc_fffa5b40 ; jmp 0xfffa5b40 +jmp short loc_fffa5b6f ; jmp 0xfffa5b6f -loc_fffa5aca: ; not directly referenced +loc_fffa5af9: ; not directly referenced mov eax, dword [ebp + 8] -call fcn_fffa6828 ; call 0xfffa6828 +call fcn_fffa67d6 ; call 0xfffa67d6 mov edx, 0x12 test eax, eax -jne short loc_fffa5b40 ; jne 0xfffa5b40 +jne short loc_fffa5b6f ; jne 0xfffa5b6f sub esp, 0xc lea eax, [ebp - 0x58] push eax mov eax, dword [ebp + 8] lea edx, [ebp - 0x28] lea ecx, [ebp - 0x5b] -call fcn_fffa77b4 ; call 0xfffa77b4 +call fcn_fffa7762 ; call 0xfffa7762 mov edi, dword [ebp + 8] add esp, 0x10 mov edx, 0x16 -mov dword [edi + 0x36d7], eax -mov al, byte [edi + 0x36e7] +mov dword [edi + 0x36d8], eax +mov al, byte [edi + 0x36e8] cmp byte [ebp - 0x5b], al -jne short loc_fffa5b40 ; jne 0xfffa5b40 -jmp near loc_fffa2dab ; jmp 0xfffa2dab +jne short loc_fffa5b6f ; jne 0xfffa5b6f +jmp near loc_fffa2dda ; jmp 0xfffa2dda -loc_fffa5b11: ; not directly referenced +loc_fffa5b40: ; not directly referenced mov edx, 7 -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b18: ; not directly referenced +loc_fffa5b47: ; not directly referenced mov edx, 8 -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b1f: ; not directly referenced +loc_fffa5b4e: ; not directly referenced mov edx, 0xa -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b26: ; not directly referenced +loc_fffa5b55: ; not directly referenced mov edx, 0xb -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b2d: ; not directly referenced +loc_fffa5b5c: ; not directly referenced mov edx, 0xc -loc_fffa5b32: ; not directly referenced +loc_fffa5b61: ; not directly referenced cmp ecx, 2 -jne loc_fffa5369 ; jne 0xfffa5369 -jmp near loc_fffa53d1 ; jmp 0xfffa53d1 +jne loc_fffa5398 ; jne 0xfffa5398 +jmp near loc_fffa5400 ; jmp 0xfffa5400 -loc_fffa5b40: ; not directly referenced +loc_fffa5b6f: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -6772,28 +6785,28 @@ pop edi pop ebp ret -fcn_fffa5b4a: ; not directly referenced +fcn_fffa5b79: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_fffa5b54: ; not directly referenced +fcn_fffa5b83: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_fffa5b5e: ; not directly referenced +fcn_fffa5b8d: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_fffa5b68: ; not directly referenced +fcn_fffa5b97: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -6802,7 +6815,7 @@ out dx, al pop ebp ret -fcn_fffa5b74: ; not directly referenced +fcn_fffa5ba3: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 8] @@ -6810,7 +6823,7 @@ in al, dx pop ebp ret -fcn_fffa5b7d: ; not directly referenced +fcn_fffa5bac: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -6820,7 +6833,7 @@ wrmsr pop ebp ret -fcn_fffa5b8d: ; not directly referenced +fcn_fffa5bbc: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 8] @@ -6828,7 +6841,7 @@ rdmsr pop ebp ret -fcn_fffa5b97: ; not directly referenced +fcn_fffa5bc6: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -6836,87 +6849,94 @@ mov eax, dword [ebp + 8] cmp dword [ebp + 0xc], 0x41 mov edx, dword [eax + 0x241b] mov edx, dword [edx + 0x1e] -jne short loc_fffa5bbc ; jne 0xfffa5bbc +jne short loc_fffa5beb ; jne 0xfffa5beb sub esp, 0xc push eax call dword [edx + 0xcc] ; ucall add esp, 0x10 -loc_fffa5bbc: ; not directly referenced +loc_fffa5beb: ; not directly referenced xor eax, eax leave ret -fcn_fffa5bc0: ; not directly referenced +fcn_fffa5bef: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x14] pop ebp ret -fcn_fffa5bc8: ; not directly referenced +fcn_fffa5bf7: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffa5bcf: ; not directly referenced +fcn_fffa5bfe: ; not directly referenced push ebp mov ebp, esp -sub esp, 0x18 +push edi +sub esp, 0x1c mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x18], eax +mov dword [ebp - 0x10], 0 +mov dword [ebp - 0xc], 0 +mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x10] -mov dword [ebp - 0x14], eax +mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 8] -movq qword [ebp - 8], mm0 -movq mm0, qword [ebp - 0x18] -movq qword [eax], mm0 -movq mm0, qword [ebp - 8] +mov dword [ebp - 0x14], eax +movq qword [ebp - 0x10], mm0 +mov edi, dword [ebp - 0x14] +movq mm0, qword [ebp - 0x20] +movq qword [edi], mm0 +movq mm0, qword [ebp - 0x10] emms -mov eax, dword [ebp - 0x18] -mov edx, dword [ebp - 0x14] -leave +mov eax, dword [ebp - 0x20] +mov edx, dword [ebp - 0x1c] +add esp, 0x1c +pop edi +pop ebp ret -fcn_fffa5bfd: ; not directly referenced +fcn_fffa5c45: ; not directly referenced push ebp xor edx, edx mov ebp, esp mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0x10] -loc_fffa5c08: ; not directly referenced +loc_fffa5c50: ; not directly referenced cmp edx, dword [ebp + 0xc] -je short loc_fffa5c13 ; je 0xfffa5c13 +je short loc_fffa5c5b ; je 0xfffa5c5b mov dword [eax + edx*4], ecx inc edx -jmp short loc_fffa5c08 ; jmp 0xfffa5c08 +jmp short loc_fffa5c50 ; jmp 0xfffa5c50 -loc_fffa5c13: ; not directly referenced +loc_fffa5c5b: ; not directly referenced pop ebp ret -fcn_fffa5c15: ; not directly referenced +fcn_fffa5c5d: ; not directly referenced push ebp xor edx, edx mov ebp, esp mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0x10] -loc_fffa5c20: ; not directly referenced +loc_fffa5c68: ; not directly referenced cmp edx, dword [ebp + 0xc] -je short loc_fffa5c2c ; je 0xfffa5c2c +je short loc_fffa5c74 ; je 0xfffa5c74 mov word [eax + edx*2], cx inc edx -jmp short loc_fffa5c20 ; jmp 0xfffa5c20 +jmp short loc_fffa5c68 ; jmp 0xfffa5c68 -loc_fffa5c2c: ; not directly referenced +loc_fffa5c74: ; not directly referenced pop ebp ret -fcn_fffa5c2e: +fcn_fffa5c76: push ebp mov ebp, esp push esi @@ -6925,21 +6945,21 @@ push ebx mov ebx, dword [ebp + 0xc] add esi, ebx -loc_fffa5c3b: +loc_fffa5c83: cmp ebx, esi -je short loc_fffa5c58 ; je 0xfffa5c58 +je short loc_fffa5ca0 ; je 0xfffa5ca0 mov eax, dword [0xff7d0274] inc ebx movzx edx, byte [ebx - 1] test eax, eax -je short loc_fffa5c3b ; je 0xfffa5c3b +je short loc_fffa5c83 ; je 0xfffa5c83 sub esp, 0xc push edx call eax add esp, 0x10 -jmp short loc_fffa5c3b ; jmp 0xfffa5c3b +jmp short loc_fffa5c83 ; jmp 0xfffa5c83 -loc_fffa5c58: +loc_fffa5ca0: lea esp, [ebp - 8] or eax, 0xffffffff pop ebx @@ -6947,14 +6967,14 @@ pop esi pop ebp ret -fcn_fffa5c62: ; not directly referenced +fcn_fffa5caa: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffa5c69: ; not directly referenced +fcn_fffa5cb1: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -6963,7 +6983,7 @@ mov dword [0xff7d0080], eax xor eax, eax ret -fcn_fffa5c78: ; not directly referenced +fcn_fffa5cc0: ; not directly referenced push ebp mov edx, dword [0xff7d0080] mov ebp, esp @@ -6973,70 +6993,13 @@ xor eax, eax pop ebp ret -fcn_fffa5c8a: ; not directly referenced +fcn_fffa5cd2: ; not directly referenced push ebp mov ebp, esp pop ebp -jmp near loc_fffd2972 ; jmp 0xfffd2972 - -fcn_fffa5c93: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov ecx, dword [eax + 0x5edc] -lea edx, [ecx + 0x1b8] -xor ecx, ecx -mov dword [ebp + 8], edx -mov edx, 1 -pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 +jmp near loc_fffd2c64 ; jmp 0xfffd2c64 -fcn_fffa5cb5: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -lea ecx, [eax + 0x1c] -mov byte [eax + 0x247c], 1 -add edx, 0x1b8 -mov dword [edx], ecx -xor ecx, ecx -mov dword [ebp + 8], edx -xor edx, edx -pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 - -fcn_fffa5ce0: ; not directly referenced -push ebp -mov ebp, esp -sub esp, 8 -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -cmp byte [edx + 0x1c4], 1 -jne short loc_fffa5d04 ; jne 0xfffa5d04 -sub esp, 0xc -push eax -call fcn_fffa5cb5 ; call 0xfffa5cb5 -add esp, 0x10 - -loc_fffa5d04: ; not directly referenced -xor eax, eax -leave -ret - -fcn_fffa5d08: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov ecx, dword [eax + 0x5edc] -lea edx, [ecx + 0x1b8] -mov ecx, 1 -mov dword [ebp + 8], edx -mov edx, 1 -pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 - -fcn_fffa5d2d: ; not directly referenced +fcn_fffa5cdb: ; not directly referenced push ebp mov ebp, esp push edi @@ -7055,7 +7018,7 @@ mov byte [ebp - 0x5b0], bl mov dword [ebp - 0x5ec], ecx mov byte [ebp - 0x5e0], cl mov dword [ebp - 0x5f0], edi -mov edi, dword [eax + 0x2443] +mov edi, dword [eax + 0x2444] lea eax, [ebp - 0x590] push 1 push 5 @@ -7129,7 +7092,7 @@ mov dword [ebp - 0x5d0], eax add eax, 0x7fffffff mov dword [ebp - 0x604], eax -loc_fffa5e6f: ; not directly referenced +loc_fffa5e1d: ; not directly referenced movzx eax, byte [ebp - 0x5b0] mov ecx, dword [ebp - 0x5c0] mov dword [ebp - 0x5c8], 0 @@ -7154,22 +7117,22 @@ mov ecx, ebx mov dword [ebp - 0x5f8], eax shl ecx, 6 -loc_fffa5ed2: ; not directly referenced +loc_fffa5e80: ; not directly referenced mov esi, dword [ebp - 0x5c8] mov eax, esi mov byte [ebp - 0x5e8], al movzx eax, al cmp eax, dword [ebp - 0x5d0] -jge loc_fffa6035 ; jge 0xfffa6035 +jge loc_fffa5fe3 ; jge 0xfffa5fe3 mov esi, dword [ebp + 0x10] cmp byte [esi + ebx], 0 -jne short loc_fffa5f16 ; jne 0xfffa5f16 +jne short loc_fffa5ec4 ; jne 0xfffa5ec4 lea edx, [ecx + eax] mov dword [ebp + edx*4 - 0x518], 1 mov dword [ebp + ebx*4 - 0x568], 1 -jmp near loc_fffa6005 ; jmp 0xfffa6005 +jmp near loc_fffa5fb3 ; jmp 0xfffa5fb3 -loc_fffa5f16: ; not directly referenced +loc_fffa5ec4: ; not directly referenced mov dl, byte [ebp - 0x5e8] lea edi, [ecx + eax] mov dword [ebp - 0x5c4], edi @@ -7178,67 +7141,67 @@ adc byte [ebp - 0x5d9], 0 sub edx, dword [ebp - 0x5d4] mov esi, edx -loc_fffa5f37: ; not directly referenced +loc_fffa5ee5: ; not directly referenced mov dl, byte [ebp - 0x5d4] sub edx, dword [ebp - 0x5e8] mov edi, edx add edi, esi mov edx, edi cmp dl, byte [ebp - 0x5b0] -jae short loc_fffa5fa7 ; jae 0xfffa5fa7 +jae short loc_fffa5f55 ; jae 0xfffa5f55 mov edx, esi test dl, dl -jns short loc_fffa5f5f ; jns 0xfffa5f5f +jns short loc_fffa5f0d ; jns 0xfffa5f0d mov edi, dword [ebp - 0x5f4] -jmp short loc_fffa5f6f ; jmp 0xfffa5f6f +jmp short loc_fffa5f1d ; jmp 0xfffa5f1d -loc_fffa5f5f: ; not directly referenced +loc_fffa5f0d: ; not directly referenced mov edx, esi cmp dl, byte [ebp - 0x5e0] -jl short loc_fffa5f74 ; jl 0xfffa5f74 +jl short loc_fffa5f22 ; jl 0xfffa5f22 mov edi, dword [ebp - 0x5f8] -loc_fffa5f6f: ; not directly referenced +loc_fffa5f1d: ; not directly referenced movzx edi, word [edi] -jmp short loc_fffa5f97 ; jmp 0xfffa5f97 +jmp short loc_fffa5f45 ; jmp 0xfffa5f45 -loc_fffa5f74: ; not directly referenced +loc_fffa5f22: ; not directly referenced mov edx, esi movsx edi, dl cmp eax, edi -jne short loc_fffa5f87 ; jne 0xfffa5f87 +jne short loc_fffa5f35 ; jne 0xfffa5f35 mov edi, dword [ebp - 0x5b8] add edi, eax -jmp short loc_fffa5f8d ; jmp 0xfffa5f8d +jmp short loc_fffa5f3b ; jmp 0xfffa5f3b -loc_fffa5f87: ; not directly referenced +loc_fffa5f35: ; not directly referenced add edi, dword [ebp - 0x5b8] -loc_fffa5f8d: ; not directly referenced +loc_fffa5f3b: ; not directly referenced mov edx, dword [ebp - 0x5c0] movzx edi, word [edx + edi*2] -loc_fffa5f97: ; not directly referenced +loc_fffa5f45: ; not directly referenced mov edx, dword [ebp - 0x5c4] inc esi add dword [ebp + edx*4 - 0x518], edi -jmp short loc_fffa5f37 ; jmp 0xfffa5f37 +jmp short loc_fffa5ee5 ; jmp 0xfffa5ee5 -loc_fffa5fa7: ; not directly referenced +loc_fffa5f55: ; not directly referenced lea edx, [ecx + eax] mov edx, dword [ebp + edx*4 - 0x518] cmp dword [ebp + ebx*4 - 0x590], edx -jae short loc_fffa5fc1 ; jae 0xfffa5fc1 +jae short loc_fffa5f6f ; jae 0xfffa5f6f mov dword [ebp + ebx*4 - 0x590], edx -loc_fffa5fc1: ; not directly referenced +loc_fffa5f6f: ; not directly referenced cmp dword [ebp + ebx*4 - 0x568], edx -jbe short loc_fffa5fdb ; jbe 0xfffa5fdb +jbe short loc_fffa5f89 ; jbe 0xfffa5f89 lea esi, [ecx + eax] mov esi, dword [ebp + esi*4 - 0x518] mov dword [ebp + ebx*4 - 0x568], esi -loc_fffa5fdb: ; not directly referenced +loc_fffa5f89: ; not directly referenced movzx esi, byte [ebp - 0x5c8] mov edi, dword [ebp - 0x5c0] add esi, dword [ebp - 0x5b8] @@ -7248,7 +7211,7 @@ sub edx, esi imul edx, edx add dword [ebp + ebx*4 - 0x540], edx -loc_fffa6005: ; not directly referenced +loc_fffa5fb3: ; not directly referenced imul edx, ebx, 0x29 movzx edi, byte [ebp - 0x5b0] inc dword [ebp - 0x5c8] @@ -7259,14 +7222,14 @@ xor edx, edx div edi mov edi, dword [ebp - 0x5ac] mov dword [edi + esi*4 + 6], eax -jmp near loc_fffa5ed2 ; jmp 0xfffa5ed2 +jmp near loc_fffa5e80 ; jmp 0xfffa5e80 -loc_fffa6035: ; not directly referenced +loc_fffa5fe3: ; not directly referenced mov eax, dword [ebp + 0x10] mov al, byte [eax + ebx] mov byte [ebp - 0x5c8], al test al, al -je loc_fffa61bd ; je 0xfffa61bd +je loc_fffa616b ; je 0xfffa616b mov edx, dword [ebp + ebx*4 - 0x590] mov ecx, dword [ebp + ebx*4 - 0x568] mov eax, edx @@ -7281,37 +7244,37 @@ mov dword [ebp + ebx*4 - 0x554], eax mov eax, dword [ebp + ebx*4 - 0x540] div dword [ebp - 0x5d0] test eax, eax -jne short loc_fffa6094 ; jne 0xfffa6094 +jne short loc_fffa6042 ; jne 0xfffa6042 mov dword [ebp + ebx*4 - 0x540], 0 -jmp short loc_fffa6103 ; jmp 0xfffa6103 +jmp short loc_fffa60b1 ; jmp 0xfffa60b1 -loc_fffa6094: ; not directly referenced +loc_fffa6042: ; not directly referenced imul eax, eax, 0x64 xor esi, esi -call fcn_fffaebb7 ; call 0xfffaebb7 +call fcn_fffb38ee ; call 0xfffb38ee mov ecx, eax mov eax, 1 shr ecx, 1 -loc_fffa60a7: ; not directly referenced +loc_fffa6055: ; not directly referenced cmp ecx, 0x64 -jbe short loc_fffa60d2 ; jbe 0xfffa60d2 +jbe short loc_fffa6080 ; jbe 0xfffa6080 imul eax, eax, 0xa9e mov edi, 0xa xor edx, edx sub ecx, 0x64 div edi test esi, esi -je short loc_fffa60cb ; je 0xfffa60cb +je short loc_fffa6079 ; je 0xfffa6079 mov esi, 0x64 xor edx, edx div esi -loc_fffa60cb: ; not directly referenced +loc_fffa6079: ; not directly referenced mov esi, 1 -jmp short loc_fffa60a7 ; jmp 0xfffa60a7 +jmp short loc_fffa6055 ; jmp 0xfffa6055 -loc_fffa60d2: ; not directly referenced +loc_fffa6080: ; not directly referenced lea edx, [ecx*8 + 0x384] imul edx, ecx mov ecx, 0x3e8 @@ -7321,15 +7284,15 @@ mov eax, edx xor edx, edx div ecx test esi, esi -je short loc_fffa60fc ; je 0xfffa60fc +je short loc_fffa60aa ; je 0xfffa60aa mov cx, 0x64 xor edx, edx div ecx -loc_fffa60fc: ; not directly referenced +loc_fffa60aa: ; not directly referenced mov dword [ebp + ebx*4 - 0x540], eax -loc_fffa6103: ; not directly referenced +loc_fffa60b1: ; not directly referenced mov ecx, dword [ebp + ebx*4 - 0x590] xor edx, edx mov edi, dword [ebp + ebx*4 - 0x568] @@ -7340,11 +7303,11 @@ mov esi, eax mov dword [ebp + ebx*4 - 0x540], eax imul eax, dword [ebp - 0x5c4], 0x3e8 test esi, esi -je short loc_fffa613e ; je 0xfffa613e +je short loc_fffa60ec ; je 0xfffa60ec xor edx, edx div esi -loc_fffa613e: ; not directly referenced +loc_fffa60ec: ; not directly referenced mov edx, dword [ebp - 0x5ac] mov dword [ebp + ebx*4 - 0x52c], eax mov al, byte [ebp - 0x5c8] @@ -7377,23 +7340,23 @@ idiv esi mov edx, dword [ebp - 0x5ac] mov word [edx + ebx*2 + 0x6c], ax -loc_fffa61bd: ; not directly referenced +loc_fffa616b: ; not directly referenced mov eax, dword [ebp - 0x5fc] inc ebx add dword [ebp - 0x5b8], eax cmp ebx, 5 -jne loc_fffa5e6f ; jne 0xfffa5e6f +jne loc_fffa5e1d ; jne 0xfffa5e1d mov eax, 5 -loc_fffa61d8: ; not directly referenced +loc_fffa6186: ; not directly referenced dec eax -je short loc_fffa6205 ; je 0xfffa6205 +je short loc_fffa61b3 ; je 0xfffa61b3 xor edx, edx -loc_fffa61dd: ; not directly referenced +loc_fffa618b: ; not directly referenced movzx ecx, dl cmp ecx, eax -jge short loc_fffa61d8 ; jge 0xfffa61d8 +jge short loc_fffa6186 ; jge 0xfffa6186 shl ecx, 2 lea esi, [ebp - 0x57c] add esi, ecx @@ -7401,47 +7364,47 @@ lea ecx, [ebp + ecx - 0x578] mov ebx, dword [esi] mov edi, dword [ecx] cmp ebx, edi -jae short loc_fffa6202 ; jae 0xfffa6202 +jae short loc_fffa61b0 ; jae 0xfffa61b0 mov dword [esi], edi mov dword [ecx], ebx -loc_fffa6202: ; not directly referenced +loc_fffa61b0: ; not directly referenced inc edx -jmp short loc_fffa61dd ; jmp 0xfffa61dd +jmp short loc_fffa618b ; jmp 0xfffa618b -loc_fffa6205: ; not directly referenced +loc_fffa61b3: ; not directly referenced mov esi, dword [ebp - 0x56c] xor edi, edi xor ebx, ebx -loc_fffa620f: ; not directly referenced +loc_fffa61bd: ; not directly referenced cmp edi, 4 -je short loc_fffa621d ; je 0xfffa621d +je short loc_fffa61cb ; je 0xfffa61cb mov eax, dword [ebp + edi*4 - 0x57c] -jmp short loc_fffa621f ; jmp 0xfffa621f +jmp short loc_fffa61cd ; jmp 0xfffa61cd -loc_fffa621d: ; not directly referenced +loc_fffa61cb: ; not directly referenced mov eax, esi -loc_fffa621f: ; not directly referenced -call fcn_fffaec34 ; call 0xfffaec34 +loc_fffa61cd: ; not directly referenced +call fcn_fffb396b ; call 0xfffb396b inc edi add ebx, eax cmp edi, 5 -jne short loc_fffa620f ; jne 0xfffa620f +jne short loc_fffa61bd ; jne 0xfffa61bd add ebx, 0xb cmp bl, 0x40 -ja short loc_fffa6259 ; ja 0xfffa6259 +ja short loc_fffa6207 ; ja 0xfffa6207 -loc_fffa6234: ; not directly referenced +loc_fffa61e2: ; not directly referenced mov al, byte [ebp - 0x5ec] cmp byte [ebp - 0x600], 0 mov byte [ebp - 0x5c8], 0 mov byte [ebp - 0x5c0], al -je loc_fffa62f4 ; je 0xfffa62f4 -jmp near loc_fffa631f ; jmp 0xfffa631f +je loc_fffa62a2 ; je 0xfffa62a2 +jmp near loc_fffa62cd ; jmp 0xfffa62cd -loc_fffa6259: ; not directly referenced +loc_fffa6207: ; not directly referenced movzx ecx, byte [ebp - 0x5d9] movzx ebx, bl lea eax, [ecx + ebx - 0x41] @@ -7455,7 +7418,7 @@ shl edx, cl mov dword [ebp - 0x5b0], eax movzx eax, dl -loc_fffa6282: ; not directly referenced +loc_fffa6230: ; not directly referenced mov edx, dword [ebp + ebx*4 - 0x590] mov esi, dword [ebp - 0x5b0] add edx, eax @@ -7471,10 +7434,10 @@ sar edx, cl mov word [ebp + ebx*2 - 0x59a], dx xor edx, edx -loc_fffa62bd: ; not directly referenced +loc_fffa626b: ; not directly referenced movzx edi, dl cmp edi, dword [ebp - 0x5d0] -jge short loc_fffa62e9 ; jge 0xfffa62e9 +jge short loc_fffa6297 ; jge 0xfffa6297 add edi, dword [ebp - 0x5b8] inc edx mov cl, byte [ebp - 0x5b0] @@ -7482,26 +7445,26 @@ mov esi, dword [ebp + edi*4 - 0x518] add esi, eax shr esi, cl mov dword [ebp + edi*4 - 0x518], esi -jmp short loc_fffa62bd ; jmp 0xfffa62bd +jmp short loc_fffa626b ; jmp 0xfffa626b -loc_fffa62e9: ; not directly referenced +loc_fffa6297: ; not directly referenced inc ebx cmp ebx, 5 -jne short loc_fffa6282 ; jne 0xfffa6282 -jmp near loc_fffa6234 ; jmp 0xfffa6234 +jne short loc_fffa6230 ; jne 0xfffa6230 +jmp near loc_fffa61e2 ; jmp 0xfffa61e2 -loc_fffa62f4: ; not directly referenced +loc_fffa62a2: ; not directly referenced mov eax, dword [ebp - 0x5d8] cmp dword [ebp - 0x5d0], eax -jle short loc_fffa631f ; jle 0xfffa631f +jle short loc_fffa62cd ; jle 0xfffa62cd cmp byte [ebp - 0x5d4], 0 -je short loc_fffa631f ; je 0xfffa631f +je short loc_fffa62cd ; je 0xfffa62cd mov al, byte [ebp - 0x5ec] mov byte [ebp - 0x5c8], 1 dec eax mov byte [ebp - 0x5c0], al -loc_fffa631f: ; not directly referenced +loc_fffa62cd: ; not directly referenced mov al, byte [ebp - 0x5c8] xor esi, esi xor edi, edi @@ -7510,11 +7473,11 @@ mov dword [ebp - 0x5b8], 0xffffffff mov dword [ebp - 0x5b4], 0xffffffff mov byte [ebp - 0x5c4], al -loc_fffa634a: ; not directly referenced +loc_fffa62f8: ; not directly referenced mov al, byte [ebp - 0x5c0] mov cl, byte [ebp - 0x5c4] cmp cl, al -jae loc_fffa6500 ; jae 0xfffa6500 +jae loc_fffa64ae ; jae 0xfffa64ae movzx eax, cl xor ebx, ebx lea eax, [ebp + eax*4 - 0x518] @@ -7523,11 +7486,11 @@ mov dword [ebp - 0x5e8], 0 mov dword [ebp - 0x5e4], 0 mov dword [ebp - 0x5d4], 0xffffffff -loc_fffa638e: ; not directly referenced +loc_fffa633c: ; not directly referenced mov eax, dword [ebp + 0x10] mov byte [ebp - 0x5ec], bl cmp byte [eax + ebx], 0 -je loc_fffa645f ; je 0xfffa645f +je loc_fffa640d ; je 0xfffa640d mov ecx, dword [ebp - 0x5d8] mov eax, ebx shl eax, 8 @@ -7541,12 +7504,12 @@ cmovbe eax, ecx xor ecx, ecx mov dword [ebp - 0x5d4], eax -loc_fffa63dc: ; not directly referenced +loc_fffa638a: ; not directly referenced mov eax, dword [ebp + 0x10] cmp byte [eax + ecx], 0 -je short loc_fffa6425 ; je 0xfffa6425 +je short loc_fffa63d3 ; je 0xfffa63d3 cmp byte [ebp - 0x5ec], cl -je short loc_fffa6425 ; je 0xfffa6425 +je short loc_fffa63d3 ; je 0xfffa63d3 push eax mov eax, dword [ebp - 0x5bc] push dword [ebp + ecx*4 - 0x590] @@ -7559,10 +7522,10 @@ add esp, 0x10 mov dword [ebp - 0x5d0], eax mov dword [ebp - 0x5cc], edx -loc_fffa6425: ; not directly referenced +loc_fffa63d3: ; not directly referenced inc ecx cmp ecx, 5 -jne short loc_fffa63dc ; jne 0xfffa63dc +jne short loc_fffa638a ; jne 0xfffa638a mov ecx, dword [ebp - 0x5e0] push eax mov eax, dword [ebp - 0x5d8] @@ -7575,17 +7538,17 @@ add dword [ebp - 0x5e8], eax adc dword [ebp - 0x5e4], edx add esp, 0x10 -loc_fffa645f: ; not directly referenced +loc_fffa640d: ; not directly referenced inc ebx cmp ebx, 5 -jne loc_fffa638e ; jne 0xfffa638e +jne loc_fffa633c ; jne 0xfffa633c mov eax, 1 xor edx, edx xor ebx, ebx -loc_fffa6472: ; not directly referenced +loc_fffa6420: ; not directly referenced cmp bl, byte [ebp - 0x5d9] -je short loc_fffa6492 ; je 0xfffa6492 +je short loc_fffa6440 ; je 0xfffa6440 push ecx inc ebx push dword [ebp - 0x5d4] @@ -7594,45 +7557,45 @@ push eax mov eax, dword [ebp - 0x5bc] call dword [eax + 0x70] ; ucall add esp, 0x10 -jmp short loc_fffa6472 ; jmp 0xfffa6472 +jmp short loc_fffa6420 ; jmp 0xfffa6420 -loc_fffa6492: ; not directly referenced +loc_fffa6440: ; not directly referenced mov ecx, dword [ebp - 0x5e8] mov ebx, dword [ebp - 0x5e4] add ecx, eax adc ebx, edx cmp dword [ebp - 0x5b4], ebx -jb short loc_fffa64c0 ; jb 0xfffa64c0 -ja short loc_fffa64b4 ; ja 0xfffa64b4 +jb short loc_fffa646e ; jb 0xfffa646e +ja short loc_fffa6462 ; ja 0xfffa6462 cmp dword [ebp - 0x5b8], ecx -jbe short loc_fffa64c0 ; jbe 0xfffa64c0 +jbe short loc_fffa646e ; jbe 0xfffa646e -loc_fffa64b4: ; not directly referenced +loc_fffa6462: ; not directly referenced mov dword [ebp - 0x5b8], ecx mov dword [ebp - 0x5b4], ebx -loc_fffa64c0: ; not directly referenced +loc_fffa646e: ; not directly referenced cmp ebx, edi -ja short loc_fffa64ca ; ja 0xfffa64ca -jb short loc_fffa64da ; jb 0xfffa64da +ja short loc_fffa6478 ; ja 0xfffa6478 +jb short loc_fffa6488 ; jb 0xfffa6488 cmp ecx, esi -jbe short loc_fffa64da ; jbe 0xfffa64da +jbe short loc_fffa6488 ; jbe 0xfffa6488 -loc_fffa64ca: ; not directly referenced +loc_fffa6478: ; not directly referenced mov al, byte [ebp - 0x5c4] mov esi, ecx mov edi, ebx mov byte [ebp - 0x5b0], al -loc_fffa64da: ; not directly referenced +loc_fffa6488: ; not directly referenced movzx eax, byte [ebp - 0x5c4] mov edx, dword [ebp - 0x5ac] inc byte [ebp - 0x5c4] mov dword [edx + eax*8 + 0x8e], ecx mov dword [edx + eax*8 + 0x92], ebx -jmp near loc_fffa634a ; jmp 0xfffa634a +jmp near loc_fffa62f8 ; jmp 0xfffa62f8 -loc_fffa6500: ; not directly referenced +loc_fffa64ae: ; not directly referenced mov ebx, dword [ebp - 0x5bc] mov eax, dword [ebx + 0x74] push edx @@ -7673,34 +7636,34 @@ mov dword [eax + 0x86], ecx mov dword [eax + 0x8a], ebx mov eax, dword [ebp - 0x5f0] test al, al -je loc_fffa6656 ; je 0xfffa6656 +je loc_fffa6604 ; je 0xfffa6604 movzx ebx, byte [ebp - 0x5b0] movsx eax, al -jns short loc_fffa65be ; jns 0xfffa65be +jns short loc_fffa656c ; jns 0xfffa656c movzx edx, byte [ebp - 0x5c8] add ebx, eax mov esi, 1 cmp ebx, edx cmovl ebx, edx -jmp short loc_fffa65e5 ; jmp 0xfffa65e5 +jmp short loc_fffa6593 ; jmp 0xfffa6593 -loc_fffa65be: ; not directly referenced +loc_fffa656c: ; not directly referenced movzx edx, byte [ebp - 0x5c0] add ebx, eax cmp ebx, edx -jl short loc_fffa65d4 ; jl 0xfffa65d4 +jl short loc_fffa6582 ; jl 0xfffa6582 mov bl, byte [ebp - 0x5c0] dec ebx -jmp short loc_fffa65e0 ; jmp 0xfffa65e0 +jmp short loc_fffa658e ; jmp 0xfffa658e -loc_fffa65d4: ; not directly referenced +loc_fffa6582: ; not directly referenced mov bl, byte [ebp - 0x5f0] add ebx, dword [ebp - 0x5b0] -loc_fffa65e0: ; not directly referenced +loc_fffa658e: ; not directly referenced mov esi, 0xffffffff -loc_fffa65e5: ; not directly referenced +loc_fffa6593: ; not directly referenced mov ecx, dword [ebp - 0x5ac] push eax movzx eax, byte [ebp - 0x5b0] @@ -7717,29 +7680,29 @@ push eax call dword [edi + 0x74] ; ucall add esp, 0x20 -loc_fffa661f: ; not directly referenced +loc_fffa65cd: ; not directly referenced cmp bl, byte [ebp - 0x5b0] -je short loc_fffa6641 ; je 0xfffa6641 +je short loc_fffa65ef ; je 0xfffa65ef mov edi, dword [ebp - 0x5ac] movzx ecx, bl add ecx, 0x10 cmp dword [edi + ecx*8 + 0x12], edx -jb short loc_fffa6652 ; jb 0xfffa6652 -ja short loc_fffa6641 ; ja 0xfffa6641 +jb short loc_fffa6600 ; jb 0xfffa6600 +ja short loc_fffa65ef ; ja 0xfffa65ef cmp dword [edi + ecx*8 + 0xe], eax -jbe short loc_fffa6652 ; jbe 0xfffa6652 +jbe short loc_fffa6600 ; jbe 0xfffa6600 -loc_fffa6641: ; not directly referenced +loc_fffa65ef: ; not directly referenced mov eax, dword [ebp - 0x5ac] sub ebx, dword [ebp - 0x5b0] mov byte [eax + 2], bl -jmp short loc_fffa6656 ; jmp 0xfffa6656 +jmp short loc_fffa6604 ; jmp 0xfffa6604 -loc_fffa6652: ; not directly referenced +loc_fffa6600: ; not directly referenced add ebx, esi -jmp short loc_fffa661f ; jmp 0xfffa661f +jmp short loc_fffa65cd ; jmp 0xfffa65cd -loc_fffa6656: ; not directly referenced +loc_fffa6604: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -7747,7 +7710,7 @@ pop edi pop ebp ret -fcn_fffa665e: ; not directly referenced +fcn_fffa660c: ; not directly referenced push ebp mov ebp, esp push edi @@ -7756,20 +7719,20 @@ xor esi, esi push ebx sub esp, 0x1c mov dword [ebp - 0x20], eax -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x28], edx mov dword [ebp - 0x1c], eax -loc_fffa6677: ; not directly referenced +loc_fffa6625: ; not directly referenced mov eax, dword [ebp - 0x1c] cmp dword [eax], 2 -je short loc_fffa669c ; je 0xfffa669c +je short loc_fffa664a ; je 0xfffa664a -loc_fffa667f: ; not directly referenced +loc_fffa662d: ; not directly referenced add esi, 0x400 add dword [ebp - 0x1c], 0x13c3 cmp esi, 0x800 -jne short loc_fffa6677 ; jne 0xfffa6677 +jne short loc_fffa6625 ; jne 0xfffa6625 add esp, 0x1c pop ebx pop esi @@ -7777,28 +7740,28 @@ pop edi pop ebp ret -loc_fffa669c: ; not directly referenced +loc_fffa664a: ; not directly referenced mov edi, dword [ebp - 0x28] lea eax, [esi + 0x4060] mov dword [ebp - 0x24], eax lea ebx, [esi + 0x4054] sub edi, esi -loc_fffa66b0: ; not directly referenced +loc_fffa665e: ; not directly referenced mov ecx, dword [edi + ebx - 0x4054] mov edx, ebx mov eax, dword [ebp - 0x20] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [edi + ebx - 0x4054] lea edx, [ebx - 0xc] mov eax, dword [ebp - 0x20] add ebx, 4 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp ebx, dword [ebp - 0x24] -jne short loc_fffa66b0 ; jne 0xfffa66b0 -jmp short loc_fffa667f ; jmp 0xfffa667f +jne short loc_fffa665e ; jne 0xfffa665e +jmp short loc_fffa662d ; jmp 0xfffa662d -fcn_fffa66dd: ; not directly referenced +fcn_fffa668b: ; not directly referenced push ebp mov ebp, esp push edi @@ -7807,38 +7770,38 @@ push ebx sub esp, 0x10 mov dword [ebp - 0x18], eax cmp cl, 5 -ja short loc_fffa6700 ; ja 0xfffa6700 +ja short loc_fffa66ae ; ja 0xfffa66ae cmp cl, 4 -jae short loc_fffa671a ; jae 0xfffa671a +jae short loc_fffa66c8 ; jae 0xfffa66c8 lea eax, [ecx - 1] cmp al, 1 -ja loc_fffa67f4 ; ja 0xfffa67f4 -jmp short loc_fffa671a ; jmp 0xfffa671a +ja loc_fffa67a2 ; ja 0xfffa67a2 +jmp short loc_fffa66c8 ; jmp 0xfffa66c8 -loc_fffa6700: ; not directly referenced +loc_fffa66ae: ; not directly referenced cmp cl, 0x10 -jb loc_fffa67f4 ; jb 0xfffa67f4 +jb loc_fffa67a2 ; jb 0xfffa67a2 cmp cl, 0x11 -jbe short loc_fffa6721 ; jbe 0xfffa6721 +jbe short loc_fffa66cf ; jbe 0xfffa66cf lea eax, [ecx - 0x20] cmp al, 1 -jbe short loc_fffa6721 ; jbe 0xfffa6721 -jmp near loc_fffa67f4 ; jmp 0xfffa67f4 +jbe short loc_fffa66cf ; jbe 0xfffa66cf +jmp near loc_fffa67a2 ; jmp 0xfffa67a2 -loc_fffa671a: ; not directly referenced +loc_fffa66c8: ; not directly referenced mov edi, 0xa -jmp short loc_fffa6726 ; jmp 0xfffa6726 +jmp short loc_fffa66d4 ; jmp 0xfffa66d4 -loc_fffa6721: ; not directly referenced +loc_fffa66cf: ; not directly referenced mov edi, 7 -loc_fffa6726: ; not directly referenced +loc_fffa66d4: ; not directly referenced xor ebx, ebx cmp cl, 0x21 -ja short loc_fffa6733 ; ja 0xfffa6733 -mov bl, byte [ecx + ref_fffd5f1c] ; mov bl, byte [ecx - 0x2a0e4] +ja short loc_fffa66e1 ; ja 0xfffa66e1 +mov bl, byte [ecx + ref_fffd58e0] ; mov bl, byte [ecx - 0x2a720] -loc_fffa6733: ; not directly referenced +loc_fffa66e1: ; not directly referenced cmp bl, 7 mov al, 7 cmovbe eax, ebx @@ -7846,54 +7809,54 @@ xor ebx, ebx movzx esi, al mov eax, dword [ebp - 0x18] imul esi, esi, 0x240 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x10], eax mov eax, edi add esi, edx movzx eax, al mov dword [ebp - 0x1c], eax -loc_fffa675b: ; not directly referenced +loc_fffa6709: ; not directly referenced mov eax, dword [ebp - 0x10] cmp dword [eax], 2 -jne short loc_fffa67dd ; jne 0xfffa67dd +jne short loc_fffa678b ; jne 0xfffa678b mov byte [ebp - 0x11], 0 -loc_fffa6767: ; not directly referenced +loc_fffa6715: ; not directly referenced mov edi, dword [ebp - 0x18] movzx eax, byte [ebp - 0x11] -cmp al, byte [edi + 0x2488] -jae short loc_fffa67b9 ; jae 0xfffa67b9 +cmp al, byte [edi + 0x2489] +jae short loc_fffa6767 ; jae 0xfffa6767 add eax, ebx xor ecx, ecx lea eax, [esi + eax*8] -loc_fffa677d: ; not directly referenced +loc_fffa672b: ; not directly referenced mov edi, dword [ebp - 0x10] mov edx, 1 shl edx, cl test byte [edi + 0xc4], dl -je short loc_fffa67ae ; je 0xfffa67ae +je short loc_fffa675c ; je 0xfffa675c imul edx, ecx, 0x90 mov edi, dword [eax + edx] cmp dword [esi + ebx*8], edi -jbe short loc_fffa67a0 ; jbe 0xfffa67a0 +jbe short loc_fffa674e ; jbe 0xfffa674e mov dword [esi + ebx*8], edi -loc_fffa67a0: ; not directly referenced +loc_fffa674e: ; not directly referenced mov edx, dword [eax + edx + 4] cmp dword [esi + ebx*8 + 4], edx -jbe short loc_fffa67ae ; jbe 0xfffa67ae +jbe short loc_fffa675c ; jbe 0xfffa675c mov dword [esi + ebx*8 + 4], edx -loc_fffa67ae: ; not directly referenced +loc_fffa675c: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffa677d ; jne 0xfffa677d +jne short loc_fffa672b ; jne 0xfffa672b inc byte [ebp - 0x11] -jmp short loc_fffa6767 ; jmp 0xfffa6767 +jmp short loc_fffa6715 ; jmp 0xfffa6715 -loc_fffa67b9: ; not directly referenced +loc_fffa6767: ; not directly referenced mov edi, dword [ebp - 0x1c] mov ecx, 0xa xor edx, edx @@ -7907,18 +7870,18 @@ imul eax, edi div ecx mov dword [esi + ebx*8 + 4], eax -loc_fffa67dd: ; not directly referenced +loc_fffa678b: ; not directly referenced add ebx, 9 add dword [ebp - 0x10], 0x13c3 cmp ebx, 0x12 -jne loc_fffa675b ; jne 0xfffa675b +jne loc_fffa6709 ; jne 0xfffa6709 xor eax, eax -jmp short loc_fffa67f9 ; jmp 0xfffa67f9 +jmp short loc_fffa67a7 ; jmp 0xfffa67a7 -loc_fffa67f4: ; not directly referenced +loc_fffa67a2: ; not directly referenced mov eax, 2 -loc_fffa67f9: ; not directly referenced +loc_fffa67a7: ; not directly referenced add esp, 0x10 pop ebx pop esi @@ -7926,7 +7889,7 @@ pop edi pop ebp ret -fcn_fffa6801: +fcn_fffa67af: push ebp mov ebp, esp sub esp, 0x24 @@ -7939,13 +7902,13 @@ push edx lea eax, [ebp - 0x18] push eax push 1 -call fcn_fffd28d0 ; call 0xfffd28d0 +call fcn_fffd2bc2 ; call 0xfffd2bc2 mov eax, dword [ebp - 0x18] leave and eax, 0xfff0ff0 ret -fcn_fffa6828: ; not directly referenced +fcn_fffa67d6: ; not directly referenced push ebp mov ebp, esp push edi @@ -7953,26 +7916,26 @@ push esi mov esi, eax push ebx sub esp, 0xc -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] call dword [ebx + 0x54] ; ucall lea edi, [eax + 0x2710] -loc_fffa6842: ; not directly referenced +loc_fffa67f0: ; not directly referenced mov edx, 0x5084 mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f test eax, 0x10000 -jne short loc_fffa6863 ; jne 0xfffa6863 +jne short loc_fffa6811 ; jne 0xfffa6811 call dword [ebx + 0x54] ; ucall cmp edi, eax -ja short loc_fffa6842 ; ja 0xfffa6842 +ja short loc_fffa67f0 ; ja 0xfffa67f0 mov eax, 0x12 -jmp short loc_fffa6865 ; jmp 0xfffa6865 +jmp short loc_fffa6813 ; jmp 0xfffa6813 -loc_fffa6863: ; not directly referenced +loc_fffa6811: ; not directly referenced xor eax, eax -loc_fffa6865: ; not directly referenced +loc_fffa6813: ; not directly referenced add esp, 0xc pop ebx pop esi @@ -7980,7 +7943,7 @@ pop edi pop ebp ret -fcn_fffa686d: ; not directly referenced +fcn_fffa681b: ; not directly referenced push ebp mov ebp, esp push edi @@ -7989,7 +7952,7 @@ push esi mov esi, ecx push ebx sub esp, 0x3c -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] mov dword [ebp - 0x30], edx call dword [ebx + 0x54] ; ucall lea ecx, [eax + 0x2710] @@ -8006,23 +7969,23 @@ mov dword [ebp - 0x38], eax add eax, 0x4214 mov dword [ebp - 0x2c], eax -loc_fffa68ae: ; not directly referenced +loc_fffa685c: ; not directly referenced mov edx, dword [ebp - 0x2c] mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, eax shr edx, 0x18 test dl, dl -jns short loc_fffa68d3 ; jns 0xfffa68d3 +jns short loc_fffa6881 ; jns 0xfffa6881 call dword [ebx + 0x54] ; ucall cmp dword [ebp - 0x34], eax -ja short loc_fffa68ae ; ja 0xfffa68ae +ja short loc_fffa685c ; ja 0xfffa685c -loc_fffa68c9: ; not directly referenced +loc_fffa6877: ; not directly referenced mov eax, 0x12 -jmp near loc_fffa69e2 ; jmp 0xfffa69e2 +jmp near loc_fffa6990 ; jmp 0xfffa6990 -loc_fffa68d3: ; not directly referenced +loc_fffa6881: ; not directly referenced mov al, byte [ebp + 8] and esi, 3 mov edx, dword [ebp - 0x2c] @@ -8032,23 +7995,23 @@ mov ecx, eax mov eax, edi or ecx, esi or ecx, 0x80000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 call dword [ebx + 0x54] ; ucall lea esi, [eax + 0x2710] -loc_fffa68fe: ; not directly referenced +loc_fffa68ac: ; not directly referenced mov edx, dword [ebp - 0x2c] mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f shr eax, 0x18 test al, al -jns short loc_fffa6918 ; jns 0xfffa6918 +jns short loc_fffa68c6 ; jns 0xfffa68c6 call dword [ebx + 0x54] ; ucall cmp esi, eax -ja short loc_fffa68fe ; ja 0xfffa68fe -jmp short loc_fffa68c9 ; jmp 0xfffa68c9 +ja short loc_fffa68ac ; ja 0xfffa68ac +jmp short loc_fffa6877 ; jmp 0xfffa6877 -loc_fffa6918: ; not directly referenced +loc_fffa68c6: ; not directly referenced mov esi, dword [ebp - 0x30] mov edx, dword [ebp - 0x38] imul eax, esi, 0x54a @@ -8057,46 +8020,46 @@ imul esi, esi, 0x13c3 lea eax, [edi + eax + 0x196b] mov dword [ebp - 0x2c], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f xor edx, edx mov dword [ebp - 0x3c], esi mov dword [ebp - 0x1c], eax xor eax, eax -loc_fffa694b: ; not directly referenced +loc_fffa68f9: ; not directly referenced mov ecx, dword [ebp - 0x3c] -cmp byte [edi + ecx + 0x49ba], 0x20 -je short loc_fffa6969 ; je 0xfffa6969 +cmp byte [edi + ecx + 0x49bb], 0x20 +je short loc_fffa6917 ; je 0xfffa6917 -loc_fffa6958: ; not directly referenced -movzx esi, byte [edi + 0x2488] +loc_fffa6906: ; not directly referenced +movzx esi, byte [edi + 0x2489] lea ebx, [eax + eax] mov dword [ebp - 0x30], esi xor esi, esi -jmp short loc_fffa698b ; jmp 0xfffa698b +jmp short loc_fffa6939 ; jmp 0xfffa6939 -loc_fffa6969: ; not directly referenced +loc_fffa6917: ; not directly referenced test al, 1 -je short loc_fffa6958 ; je 0xfffa6958 +je short loc_fffa6906 ; je 0xfffa6906 mov ebx, dword [ebp + 0xc] mov esi, edx mov cl, byte [ebx + eax - 1] mov byte [ebx + eax], cl -jmp short loc_fffa69d3 ; jmp 0xfffa69d3 +jmp short loc_fffa6981 ; jmp 0xfffa6981 -loc_fffa697b: ; not directly referenced +loc_fffa6929: ; not directly referenced mov ecx, dword [ebp - 0x2c] movzx ecx, byte [ecx + esi + 0x4f6] cmp ebx, ecx -je short loc_fffa6992 ; je 0xfffa6992 +je short loc_fffa6940 ; je 0xfffa6940 inc esi -loc_fffa698b: ; not directly referenced +loc_fffa6939: ; not directly referenced cmp esi, dword [ebp - 0x30] -jb short loc_fffa697b ; jb 0xfffa697b +jb short loc_fffa6929 ; jb 0xfffa6929 mov esi, edx -loc_fffa6992: ; not directly referenced +loc_fffa6940: ; not directly referenced mov ebx, eax xor edx, edx shl ebx, 4 @@ -8107,7 +8070,7 @@ mov ebx, dword [ebp - 0x2c] lea ecx, [ebx + esi*8] mov dword [ebp - 0x34], ecx -loc_fffa69ad: ; not directly referenced +loc_fffa695b: ; not directly referenced mov ebx, dword [ebp - 0x30] mov cl, dl sar ebx, cl @@ -8120,19 +8083,19 @@ shl ebx, cl mov ecx, dword [ebp + 0xc] or byte [ecx + eax], bl cmp edx, 8 -jne short loc_fffa69ad ; jne 0xfffa69ad +jne short loc_fffa695b ; jne 0xfffa695b -loc_fffa69d3: ; not directly referenced +loc_fffa6981: ; not directly referenced inc eax cmp eax, 4 -je short loc_fffa69e0 ; je 0xfffa69e0 +je short loc_fffa698e ; je 0xfffa698e mov edx, esi -jmp near loc_fffa694b ; jmp 0xfffa694b +jmp near loc_fffa68f9 ; jmp 0xfffa68f9 -loc_fffa69e0: ; not directly referenced +loc_fffa698e: ; not directly referenced xor al, al -loc_fffa69e2: ; not directly referenced +loc_fffa6990: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -8140,240 +8103,240 @@ pop edi pop ebp ret -fcn_fffa69ea: ; not directly referenced +fcn_fffa6998: ; not directly referenced imul edx, edx, 0x13c3 push ebp mov ebp, esp push esi mov esi, ecx -lea edx, [eax + edx + 0x3756] +lea edx, [eax + edx + 0x3757] push ebx mov ebx, eax mov eax, dword [edx + 0xc0] cmp eax, 1 -je short loc_fffa6a51 ; je 0xfffa6a51 +je short loc_fffa69ff ; je 0xfffa69ff cmp eax, 2 -jne short loc_fffa6a85 ; jne 0xfffa6a85 +jne short loc_fffa6a33 ; jne 0xfffa6a33 mov cl, byte [edx + 0x1260] cmp cl, 1 -jne short loc_fffa6a2b ; jne 0xfffa6a2b +jne short loc_fffa69d9 ; jne 0xfffa69d9 mov al, byte [edx + 0x1388] cmp al, 1 -je short loc_fffa6a71 ; je 0xfffa6a71 +je short loc_fffa6a1f ; je 0xfffa6a1f cmp al, 2 -jne short loc_fffa6a85 ; jne 0xfffa6a85 -jmp short loc_fffa6a8c ; jmp 0xfffa6a8c +jne short loc_fffa6a33 ; jne 0xfffa6a33 +jmp short loc_fffa6a3a ; jmp 0xfffa6a3a -loc_fffa6a2b: ; not directly referenced +loc_fffa69d9: ; not directly referenced xor eax, eax cmp cl, 2 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b mov dl, byte [edx + 0x1388] cmp dl, 1 -je short loc_fffa6a93 ; je 0xfffa6a93 +je short loc_fffa6a41 ; je 0xfffa6a41 cmp dl, 2 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b mov ecx, 5 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a51: ; not directly referenced +loc_fffa69ff: ; not directly referenced mov al, byte [edx + 0x1260] cmp al, 1 -je short loc_fffa6a9a ; je 0xfffa6a9a +je short loc_fffa6a48 ; je 0xfffa6a48 mov dl, byte [edx + 0x1388] cmp dl, 1 -je short loc_fffa6a9a ; je 0xfffa6a9a +je short loc_fffa6a48 ; je 0xfffa6a48 cmp al, 2 -je short loc_fffa6a9e ; je 0xfffa6a9e +je short loc_fffa6a4c ; je 0xfffa6a4c cmp dl, 2 -jne short loc_fffa6a85 ; jne 0xfffa6a85 -jmp short loc_fffa6a9e ; jmp 0xfffa6a9e +jne short loc_fffa6a33 ; jne 0xfffa6a33 +jmp short loc_fffa6a4c ; jmp 0xfffa6a4c -loc_fffa6a71: ; not directly referenced +loc_fffa6a1f: ; not directly referenced mov ecx, 2 -loc_fffa6a76: ; not directly referenced +loc_fffa6a24: ; not directly referenced cmp dword [ebx + 0x187f], 6 mov edx, dword [ebx + 0x1887] -jbe short loc_fffa6aa5 ; jbe 0xfffa6aa5 +jbe short loc_fffa6a53 ; jbe 0xfffa6a53 -loc_fffa6a85: ; not directly referenced +loc_fffa6a33: ; not directly referenced xor eax, eax -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6a8c: ; not directly referenced +loc_fffa6a3a: ; not directly referenced mov ecx, 3 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a93: ; not directly referenced +loc_fffa6a41: ; not directly referenced mov ecx, 4 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a9a: ; not directly referenced +loc_fffa6a48: ; not directly referenced xor ecx, ecx -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a9e: ; not directly referenced +loc_fffa6a4c: ; not directly referenced mov ecx, 1 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6aa5: ; not directly referenced +loc_fffa6a53: ; not directly referenced mov eax, dword [ebx + 0x187f] -jmp dword [eax*4 + ref_fffd32ec] ; ujmp: jmp dword [eax*4 - 0x2cd14] +jmp dword [eax*4 + ref_fffd35dc] ; ujmp: jmp dword [eax*4 - 0x2ca24] -loc_fffa6ab2: ; not directly referenced +loc_fffa6a60: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6ad6 ; jne 0xfffa6ad6 +jne short loc_fffa6a84 ; jne 0xfffa6a84 xor eax, eax cmp edx, 0x40670 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6ad6: ; not directly referenced +loc_fffa6a84: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd339c] ; lea eax, [ecx + ecx - 0x2cc64] -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd368c] ; lea eax, [ecx + ecx - 0x2c974] +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6ae7: ; not directly referenced +loc_fffa6a95: ; not directly referenced cmp edx, 0x306d0 sete bl cmp edx, 0x40650 sete al or bl, al -je short loc_fffa6b12 ; je 0xfffa6b12 +je short loc_fffa6ac0 ; je 0xfffa6ac0 cmp ecx, 1 -ja short loc_fffa6a85 ; ja 0xfffa6a85 +ja short loc_fffa6a33 ; ja 0xfffa6a33 add esi, esi add ecx, esi -lea eax, [ecx + ecx + ref_fffd3394] ; lea eax, [ecx + ecx - 0x2cc6c] -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd3684] ; lea eax, [ecx + ecx - 0x2c97c] +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6b12: ; not directly referenced +loc_fffa6ac0: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6b36 ; jne 0xfffa6b36 +jne short loc_fffa6ae4 ; jne 0xfffa6ae4 xor eax, eax cmp edx, 0x40670 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6b36: ; not directly referenced +loc_fffa6ae4: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd337c] ; lea eax, [ecx + ecx - 0x2cc84] -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd366c] ; lea eax, [ecx + ecx - 0x2c994] +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6b47: ; not directly referenced +loc_fffa6af5: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6b67 ; jne 0xfffa6b67 +jne short loc_fffa6b15 ; jne 0xfffa6b15 xor eax, eax cmp edx, 0x40670 -jne short loc_fffa6bcd ; jne 0xfffa6bcd +jne short loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6b67: ; not directly referenced +loc_fffa6b15: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd3364] ; lea eax, [ecx + ecx - 0x2cc9c] -jmp short loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd3654] ; lea eax, [ecx + ecx - 0x2c9ac] +jmp short loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6b75: ; not directly referenced +loc_fffa6b23: ; not directly referenced cmp edx, 0x306d0 sete bl cmp edx, 0x40650 sete al or bl, al -je short loc_fffa6ba1 ; je 0xfffa6ba1 +je short loc_fffa6b4f ; je 0xfffa6b4f cmp ecx, 1 -ja loc_fffa6a85 ; ja 0xfffa6a85 +ja loc_fffa6a33 ; ja 0xfffa6a33 add esi, esi add ecx, esi -lea eax, [ecx + ecx + ref_fffd33cc] ; lea eax, [ecx + ecx - 0x2cc34] -jmp short loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd36bc] ; lea eax, [ecx + ecx - 0x2c944] +jmp short loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6ba1: ; not directly referenced +loc_fffa6b4f: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6bc1 ; jne 0xfffa6bc1 +jne short loc_fffa6b6f ; jne 0xfffa6b6f xor eax, eax cmp edx, 0x40670 -jne short loc_fffa6bcd ; jne 0xfffa6bcd +jne short loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6bc1: ; not directly referenced +loc_fffa6b6f: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd33b4] ; lea eax, [ecx + ecx - 0x2cc4c] +lea eax, [ecx + ecx + ref_fffd36a4] ; lea eax, [ecx + ecx - 0x2c95c] -loc_fffa6bcd: ; not directly referenced +loc_fffa6b7b: ; not directly referenced pop ebx pop esi pop ebp ret -fcn_fffa6bd1: ; not directly referenced +fcn_fffa6b7f: ; not directly referenced push ebp mov ebp, esp push esi push ebx test cl, cl -je short loc_fffa6bf8 ; je 0xfffa6bf8 +je short loc_fffa6ba6 ; je 0xfffa6ba6 cmp cl, 0x3c -je short loc_fffa6bfc ; je 0xfffa6bfc +je short loc_fffa6baa ; je 0xfffa6baa cmp cl, 0x78 -je short loc_fffa6c02 ; je 0xfffa6c02 +je short loc_fffa6bb0 ; je 0xfffa6bb0 cmp cl, 0x28 -je short loc_fffa6c08 ; je 0xfffa6c08 +je short loc_fffa6bb6 ; je 0xfffa6bb6 cmp cl, 0x14 -je short loc_fffa6c10 ; je 0xfffa6c10 +je short loc_fffa6bbe ; je 0xfffa6bbe cmp cl, 0x1e mov cl, 1 setne bl -jmp short loc_fffa6c0c ; jmp 0xfffa6c0c +jmp short loc_fffa6bba ; jmp 0xfffa6bba -loc_fffa6bf8: ; not directly referenced +loc_fffa6ba6: ; not directly referenced xor ecx, ecx -jmp short loc_fffa6c12 ; jmp 0xfffa6c12 +jmp short loc_fffa6bc0 ; jmp 0xfffa6bc0 -loc_fffa6bfc: ; not directly referenced +loc_fffa6baa: ; not directly referenced xor ecx, ecx xor ebx, ebx -jmp short loc_fffa6c0c ; jmp 0xfffa6c0c +jmp short loc_fffa6bba ; jmp 0xfffa6bba -loc_fffa6c02: ; not directly referenced +loc_fffa6bb0: ; not directly referenced xor ecx, ecx mov bl, 1 -jmp short loc_fffa6c14 ; jmp 0xfffa6c14 +jmp short loc_fffa6bc2 ; jmp 0xfffa6bc2 -loc_fffa6c08: ; not directly referenced +loc_fffa6bb6: ; not directly referenced xor ecx, ecx mov bl, 1 -loc_fffa6c0c: ; not directly referenced +loc_fffa6bba: ; not directly referenced mov dl, 1 -jmp short loc_fffa6c16 ; jmp 0xfffa6c16 +jmp short loc_fffa6bc4 ; jmp 0xfffa6bc4 -loc_fffa6c10: ; not directly referenced +loc_fffa6bbe: ; not directly referenced mov cl, 1 -loc_fffa6c12: ; not directly referenced +loc_fffa6bc0: ; not directly referenced xor ebx, ebx -loc_fffa6c14: ; not directly referenced +loc_fffa6bc2: ; not directly referenced xor edx, edx -loc_fffa6c16: ; not directly referenced +loc_fffa6bc4: ; not directly referenced and edx, 1 and ebx, 1 lea esi, [edx*4] @@ -8392,97 +8355,97 @@ pop esi pop ebp ret -fcn_fffa6c42: ; not directly referenced +fcn_fffa6bf0: ; not directly referenced imul edx, edx, 0x13c3 push ebp mov ebp, esp -lea edx, [eax + edx + 0x3756] +lea edx, [eax + edx + 0x3757] mov cl, byte [edx + 0x1260] cmp cl, 1 -je short loc_fffa6c81 ; je 0xfffa6c81 +je short loc_fffa6c2f ; je 0xfffa6c2f mov dl, byte [edx + 0x1388] cmp dl, 1 -je short loc_fffa6c81 ; je 0xfffa6c81 +je short loc_fffa6c2f ; je 0xfffa6c2f cmp cl, 2 -je short loc_fffa6c85 ; je 0xfffa6c85 +je short loc_fffa6c33 ; je 0xfffa6c33 cmp dl, 2 -jne short loc_fffa6c7d ; jne 0xfffa6c7d -jmp short loc_fffa6c85 ; jmp 0xfffa6c85 +jne short loc_fffa6c2b ; jne 0xfffa6c2b +jmp short loc_fffa6c33 ; jmp 0xfffa6c33 -loc_fffa6c74: ; not directly referenced +loc_fffa6c22: ; not directly referenced cmp eax, 5 -je short loc_fffa6ca0 ; je 0xfffa6ca0 +je short loc_fffa6c4e ; je 0xfffa6c4e test eax, eax -je short loc_fffa6ca0 ; je 0xfffa6ca0 +je short loc_fffa6c4e ; je 0xfffa6c4e -loc_fffa6c7d: ; not directly referenced +loc_fffa6c2b: ; not directly referenced xor eax, eax -jmp short loc_fffa6ca9 ; jmp 0xfffa6ca9 +jmp short loc_fffa6c57 ; jmp 0xfffa6c57 -loc_fffa6c81: ; not directly referenced +loc_fffa6c2f: ; not directly referenced xor edx, edx -jmp short loc_fffa6c8a ; jmp 0xfffa6c8a +jmp short loc_fffa6c38 ; jmp 0xfffa6c38 -loc_fffa6c85: ; not directly referenced +loc_fffa6c33: ; not directly referenced mov edx, 1 -loc_fffa6c8a: ; not directly referenced +loc_fffa6c38: ; not directly referenced mov eax, dword [eax + 0x187f] cmp eax, 2 -jne short loc_fffa6c74 ; jne 0xfffa6c74 +jne short loc_fffa6c22 ; jne 0xfffa6c22 lea edx, [edx + edx*2] -lea eax, [edx + ref_fffd334c] ; lea eax, [edx - 0x2ccb4] -jmp short loc_fffa6ca9 ; jmp 0xfffa6ca9 +lea eax, [edx + ref_fffd363c] ; lea eax, [edx - 0x2c9c4] +jmp short loc_fffa6c57 ; jmp 0xfffa6c57 -loc_fffa6ca0: ; not directly referenced +loc_fffa6c4e: ; not directly referenced lea edx, [edx + edx*2] -lea eax, [edx + ref_fffd3358] ; lea eax, [edx - 0x2cca8] +lea eax, [edx + ref_fffd3648] ; lea eax, [edx - 0x2c9b8] -loc_fffa6ca9: ; not directly referenced +loc_fffa6c57: ; not directly referenced pop ebp ret -fcn_fffa6cab: ; not directly referenced +fcn_fffa6c59: ; not directly referenced push ebp mov ebp, esp cmp cl, 0x3c -je short loc_fffa6cdf ; je 0xfffa6cdf -ja short loc_fffa6cc8 ; ja 0xfffa6cc8 +je short loc_fffa6c8d ; je 0xfffa6c8d +ja short loc_fffa6c76 ; ja 0xfffa6c76 cmp cl, 0x28 -je short loc_fffa6ce3 ; je 0xfffa6ce3 +je short loc_fffa6c91 ; je 0xfffa6c91 mov dl, 5 cmp cl, 0x30 -je short loc_fffa6ce9 ; je 0xfffa6ce9 +je short loc_fffa6c97 ; je 0xfffa6c97 mov dl, 7 cmp cl, 0x22 -jmp short loc_fffa6cd9 ; jmp 0xfffa6cd9 +jmp short loc_fffa6c87 ; jmp 0xfffa6c87 -loc_fffa6cc8: ; not directly referenced +loc_fffa6c76: ; not directly referenced cmp cl, 0x78 -je short loc_fffa6ce7 ; je 0xfffa6ce7 +je short loc_fffa6c95 ; je 0xfffa6c95 mov dl, 4 cmp cl, 0xf0 -je short loc_fffa6ce9 ; je 0xfffa6ce9 +je short loc_fffa6c97 ; je 0xfffa6c97 mov dl, 6 cmp cl, 0x50 -loc_fffa6cd9: ; not directly referenced -je short loc_fffa6ce9 ; je 0xfffa6ce9 +loc_fffa6c87: ; not directly referenced +je short loc_fffa6c97 ; je 0xfffa6c97 xor edx, edx -jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9 +jmp short loc_fffa6c97 ; jmp 0xfffa6c97 -loc_fffa6cdf: ; not directly referenced +loc_fffa6c8d: ; not directly referenced mov dl, 1 -jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9 +jmp short loc_fffa6c97 ; jmp 0xfffa6c97 -loc_fffa6ce3: ; not directly referenced +loc_fffa6c91: ; not directly referenced mov dl, 3 -jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9 +jmp short loc_fffa6c97 ; jmp 0xfffa6c97 -loc_fffa6ce7: ; not directly referenced +loc_fffa6c95: ; not directly referenced mov dl, 2 -loc_fffa6ce9: ; not directly referenced +loc_fffa6c97: ; not directly referenced mov ecx, dword [ebp + 8] and edx, 7 shl edx, 6 @@ -8492,7 +8455,7 @@ or ecx, edx mov word [eax], cx ret -fcn_fffa6cfe: ; not directly referenced +fcn_fffa6cac: ; not directly referenced push ebp mov ebp, esp push edi @@ -8500,7 +8463,7 @@ push esi push ebx mov esi, dword [eax + 0x1887] movsx ebx, dl -mov edi, dword [eax + 0x5edc] +mov edi, dword [eax + 0x5edd] cmp esi, 0x306d0 sete al cmp esi, 0x40650 @@ -8511,7 +8474,7 @@ sbb ecx, ecx and ecx, 0xffffffce add ecx, 0x64 cmp byte [edi + 0x1c5], 0 -jne short loc_fffa6d4d ; jne 0xfffa6d4d +jne short loc_fffa6cfb ; jne 0xfffa6cfb movzx eax, cl add ebx, 0x30 imul eax, eax, 0x60 @@ -8519,23 +8482,23 @@ movzx ecx, cl cdq idiv ebx sub eax, ecx -jmp short loc_fffa6d5c ; jmp 0xfffa6d5c +jmp short loc_fffa6d0a ; jmp 0xfffa6d0a -loc_fffa6d4d: ; not directly referenced +loc_fffa6cfb: ; not directly referenced mov eax, 0x3200 lea ecx, [ebx + 0x20] cdq idiv ecx sub ax, 0xc8 -loc_fffa6d5c: ; not directly referenced +loc_fffa6d0a: ; not directly referenced pop ebx pop esi pop edi pop ebp ret -fcn_fffa6d61: ; not directly referenced +fcn_fffa6d0f: ; not directly referenced push ebp mov ebp, esp push edi @@ -8548,7 +8511,7 @@ mov edx, dword [eax + 0x18a7] mov dword [ebp - 0x38], ecx mov dword [ebp - 0x30], esi add esi, 0xf -mov ecx, dword [eax + edx*4 + 0x3735] +mov ecx, dword [eax + edx*4 + 0x3736] movzx eax, word [ebp + 0xc] mov dword [ebp - 0x14], esi mov ebx, eax @@ -8810,7 +8773,7 @@ pop edi pop ebp ret -fcn_fffa7047: ; not directly referenced +fcn_fffa6ff5: ; not directly referenced push ebp mov ebp, esp push edi @@ -8840,10 +8803,10 @@ movzx eax, bl dec eax mov dword [ebp - 0xb0], eax -loc_fffa70ac: ; not directly referenced +loc_fffa705a: ; not directly referenced mov al, byte [ebp - 0x97] cmp byte [ebp - 0x94], al -jae loc_fffa71dd ; jae 0xfffa71dd +jae loc_fffa718b ; jae 0xfffa718b mov edx, dword [ebp - 0x94] mov ecx, dword [ebp - 0xb0] mov dword [ebp - 0x90], 0 @@ -8859,15 +8822,15 @@ movzx eax, byte [ebp - 0x96] mov byte [ebp - 0x95], bl mov dword [ebp - 0xac], eax -loc_fffa7107: ; not directly referenced +loc_fffa70b5: ; not directly referenced mov al, byte [ebp - 0x95] xor ebx, ebx or al, byte [ebp - 0x90] -je short loc_fffa7123 ; je 0xfffa7123 +je short loc_fffa70d1 ; je 0xfffa70d1 mov bl, byte [ebp - 0xa6] add ebx, dword [ebp - 0x90] -loc_fffa7123: ; not directly referenced +loc_fffa70d1: ; not directly referenced mov al, byte [ebp - 0xa4] cmp bl, al setb dl @@ -8886,7 +8849,7 @@ mov byte [ebp - 0xa2], al movzx eax, bl mov dword [ebp - 0xa0], eax -loc_fffa7168: ; not directly referenced +loc_fffa7116: ; not directly referenced xor eax, eax test dl, dl cmovns eax, edx @@ -8906,31 +8869,31 @@ imul eax, esi add eax, dword [ebp - 0xa0] add cx, word [edi + eax*2] cmp dl, byte [ebp - 0xa2] -jne short loc_fffa7168 ; jne 0xfffa7168 +jne short loc_fffa7116 ; jne 0xfffa7116 inc dword [ebp - 0x90] cmp dword [ebp - 0x90], 3 -jne loc_fffa7107 ; jne 0xfffa7107 +jne loc_fffa70b5 ; jne 0xfffa70b5 mov eax, dword [ebp - 0x94] inc dword [ebp - 0x94] mov word [ebp + eax*2 - 0x8c], cx -jmp near loc_fffa70ac ; jmp 0xfffa70ac +jmp near loc_fffa705a ; jmp 0xfffa705a -loc_fffa71dd: ; not directly referenced +loc_fffa718b: ; not directly referenced movzx ebx, byte [ebp - 0xa5] xor ecx, ecx add ebx, 8 -loc_fffa71e9: ; not directly referenced +loc_fffa7197: ; not directly referenced cmp byte [ebp - 0x97], cl -jbe short loc_fffa7203 ; jbe 0xfffa7203 +jbe short loc_fffa71b1 ; jbe 0xfffa71b1 movzx eax, word [ebp + ecx*2 - 0x8c] cdq idiv ebx mov word [edi + ecx*2], ax inc ecx -jmp short loc_fffa71e9 ; jmp 0xfffa71e9 +jmp short loc_fffa7197 ; jmp 0xfffa7197 -loc_fffa7203: ; not directly referenced +loc_fffa71b1: ; not directly referenced add esp, 0xa4 pop ebx pop esi @@ -8938,26 +8901,26 @@ pop edi pop ebp ret -fcn_fffa720e: ; not directly referenced +fcn_fffa71bc: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3664 cmp dl, 1 -ja short loc_fffa7239 ; ja 0xfffa7239 +ja short loc_fffa71e7 ; ja 0xfffa71e7 cmp cl, 8 movzx edx, dl -jbe short loc_fffa722f ; jbe 0xfffa722f +jbe short loc_fffa71dd ; jbe 0xfffa71dd shl edx, 8 lea ebx, [edx + 0x3064] -jmp short loc_fffa7239 ; jmp 0xfffa7239 +jmp short loc_fffa71e7 ; jmp 0xfffa71e7 -loc_fffa722f: ; not directly referenced +loc_fffa71dd: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x64] -loc_fffa7239: ; not directly referenced +loc_fffa71e7: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -8966,26 +8929,26 @@ pop ebx pop ebp ret -fcn_fffa724b: ; not directly referenced +fcn_fffa71f9: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3660 cmp dl, 1 -ja short loc_fffa7276 ; ja 0xfffa7276 +ja short loc_fffa7224 ; ja 0xfffa7224 cmp cl, 8 movzx edx, dl -jbe short loc_fffa726c ; jbe 0xfffa726c +jbe short loc_fffa721a ; jbe 0xfffa721a shl edx, 8 lea ebx, [edx + 0x3060] -jmp short loc_fffa7276 ; jmp 0xfffa7276 +jmp short loc_fffa7224 ; jmp 0xfffa7224 -loc_fffa726c: ; not directly referenced +loc_fffa721a: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x60] -loc_fffa7276: ; not directly referenced +loc_fffa7224: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -8994,26 +8957,26 @@ pop ebx pop ebp ret -fcn_fffa7288: ; not directly referenced +fcn_fffa7236: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3674 cmp dl, 1 -ja short loc_fffa72b3 ; ja 0xfffa72b3 +ja short loc_fffa7261 ; ja 0xfffa7261 cmp cl, 8 movzx edx, dl -jbe short loc_fffa72a9 ; jbe 0xfffa72a9 +jbe short loc_fffa7257 ; jbe 0xfffa7257 shl edx, 8 lea ebx, [edx + 0x3074] -jmp short loc_fffa72b3 ; jmp 0xfffa72b3 +jmp short loc_fffa7261 ; jmp 0xfffa7261 -loc_fffa72a9: ; not directly referenced +loc_fffa7257: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x74] -loc_fffa72b3: ; not directly referenced +loc_fffa7261: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -9022,7 +8985,7 @@ pop ebx pop ebp ret -fcn_fffa72c5: ; not directly referenced +fcn_fffa7273: ; not directly referenced push ebp mov ebp, esp push edi @@ -9043,19 +9006,19 @@ cmp edx, 1 mov dword [ebp - 0x28], edi mov edi, dword [ebp + 0x18] mov dword [ebp - 0x2c], edi -mov edi, dword [esi + 0x2443] -je short loc_fffa730c ; je 0xfffa730c +mov edi, dword [esi + 0x2444] +je short loc_fffa72ba ; je 0xfffa72ba cmp edx, 2 -jne short loc_fffa7351 ; jne 0xfffa7351 +jne short loc_fffa72ff ; jne 0xfffa72ff lea edx, [eax*8 + 0x48f8] -jmp short loc_fffa7313 ; jmp 0xfffa7313 +jmp short loc_fffa72c1 ; jmp 0xfffa72c1 -loc_fffa730c: ; not directly referenced +loc_fffa72ba: ; not directly referenced lea edx, [eax*8 + 0x48d8] -loc_fffa7313: ; not directly referenced +loc_fffa72c1: ; not directly referenced mov eax, esi -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d xor ecx, ecx push eax and edx, 0x7000000 @@ -9068,29 +9031,29 @@ mov eax, dword [ebp - 0x1c] movzx ebx, bl lea edx, [eax*4 + 0x4930] mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f lea ecx, [ebx*4] add esp, 0x10 shr eax, cl mov bl, al and ebx, 3 -loc_fffa7351: ; not directly referenced +loc_fffa72ff: ; not directly referenced cmp dword [ebp - 0x20], 0 mov ecx, 0xff movzx edx, byte [ebp - 0x1c] -jne short loc_fffa7364 ; jne 0xfffa7364 +jne short loc_fffa7312 ; jne 0xfffa7312 movzx ecx, byte [ebp - 0x24] -loc_fffa7364: ; not directly referenced +loc_fffa7312: ; not directly referenced mov eax, esi and ebx, 3 -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 shl ebx, 0x16 mov edi, eax mov edx, eax mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x28] mov edx, dword [ebp - 0x2c] lea esp, [ebp - 0xc] @@ -9110,9 +9073,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -fcn_fffa73b0: ; not directly referenced +fcn_fffa735e: ; not directly referenced push ebp mov ebp, esp push edi @@ -9130,59 +9093,59 @@ mov dword [ebp - 0x24], ebx movzx esi, bl movzx ebx, cl cmp al, 3 -lea edi, [edi + edx + 0x3756] -jne short loc_fffa73e9 ; jne 0xfffa73e9 +lea edi, [edi + edx + 0x3757] +jne short loc_fffa7397 ; jne 0xfffa7397 mov ecx, dword [ebp + 0x10] -jmp short loc_fffa745c ; jmp 0xfffa745c +jmp short loc_fffa740a ; jmp 0xfffa740a -loc_fffa73e9: ; not directly referenced +loc_fffa7397: ; not directly referenced test al, al -jne short loc_fffa73f2 ; jne 0xfffa73f2 +jne short loc_fffa73a0 ; jne 0xfffa73a0 mov edx, dword [ebp + 0x10] -jmp short loc_fffa7401 ; jmp 0xfffa7401 +jmp short loc_fffa73af ; jmp 0xfffa73af -loc_fffa73f2: ; not directly referenced +loc_fffa73a0: ; not directly referenced lea edx, [ebx + ebx*8] lea edx, [edx + esi + 0xb0] mov dx, word [edi + edx*2 + 9] -loc_fffa7401: ; not directly referenced +loc_fffa73af: ; not directly referenced and dx, 0x1ff and edx, 0x1ff mov dword [ebp - 0x28], edx cmp al, 1 -jne short loc_fffa7418 ; jne 0xfffa7418 +jne short loc_fffa73c6 ; jne 0xfffa73c6 mov edx, dword [ebp + 0x10] -jmp short loc_fffa742b ; jmp 0xfffa742b +jmp short loc_fffa73d9 ; jmp 0xfffa73d9 -loc_fffa7418: ; not directly referenced +loc_fffa73c6: ; not directly referenced movzx edx, byte [ebp - 0x24] lea ecx, [ecx + ecx*8] lea edx, [edx + ecx + 0x90] mov dx, word [edi + edx*2 + 1] -loc_fffa742b: ; not directly referenced +loc_fffa73d9: ; not directly referenced and dx, 0x1ff and edx, 0x1ff shl edx, 9 or edx, dword [ebp - 0x28] cmp al, 2 -jne short loc_fffa7445 ; jne 0xfffa7445 +jne short loc_fffa73f3 ; jne 0xfffa73f3 mov cl, byte [ebp + 0x10] -jmp short loc_fffa7451 ; jmp 0xfffa7451 +jmp short loc_fffa73ff ; jmp 0xfffa73ff -loc_fffa7445: ; not directly referenced +loc_fffa73f3: ; not directly referenced lea eax, [ebx + ebx*8] add edi, eax mov cl, byte [edi + esi + 0x24d] -loc_fffa7451: ; not directly referenced +loc_fffa73ff: ; not directly referenced and ecx, 0x3f and ecx, 0x3f shl ecx, 0x14 or ecx, edx -loc_fffa745c: ; not directly referenced +loc_fffa740a: ; not directly referenced mov edi, dword [ebp - 0x20] mov eax, edi shl eax, 8 @@ -9191,7 +9154,7 @@ mov eax, esi shl eax, 9 add edx, eax mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc mov eax, dword [ebp - 0x1c] push 1 @@ -9201,7 +9164,7 @@ xor ecx, ecx push esi push 0 push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 lea esp, [ebp - 0xc] pop ebx @@ -9210,7 +9173,7 @@ pop edi pop ebp ret -fcn_fffa7499: ; not directly referenced +fcn_fffa7447: ; not directly referenced push ebp mov ebp, esp push edi @@ -9227,19 +9190,19 @@ movzx edi, dl imul edx, edi, 0x13c3 mov dword [ebp - 0x20], ebx mov dword [ebp - 0x30], edi -lea esi, [esi + edx + 0x3756] +lea esi, [esi + edx + 0x3757] test bl, bl -jne short loc_fffa74d2 ; jne 0xfffa74d2 +jne short loc_fffa7480 ; jne 0xfffa7480 mov ebx, dword [ebp - 0x1c] -jmp short loc_fffa74e4 ; jmp 0xfffa74e4 +jmp short loc_fffa7492 ; jmp 0xfffa7492 -loc_fffa74d2: ; not directly referenced +loc_fffa7480: ; not directly referenced movzx ebx, al lea edx, [ecx + ecx*8] lea edx, [ebx + edx + 0xd8] mov bx, word [esi + edx*2 + 1] -loc_fffa74e4: ; not directly referenced +loc_fffa7492: ; not directly referenced mov edx, dword [ebp - 0x20] and bx, 0x1ff movzx edi, al @@ -9249,17 +9212,17 @@ cmp dl, 5 sete byte [ebp - 0x31] and edx, 0xfffffffb dec dl -jne short loc_fffa750b ; jne 0xfffa750b +jne short loc_fffa74b9 ; jne 0xfffa74b9 mov dl, byte [ebp - 0x1c] -jmp short loc_fffa751a ; jmp 0xfffa751a +jmp short loc_fffa74c8 ; jmp 0xfffa74c8 -loc_fffa750b: ; not directly referenced +loc_fffa74b9: ; not directly referenced mov edi, dword [ebp - 0x2c] lea edx, [ecx + ecx*8] add edx, esi mov dl, byte [edx + edi + 0x104a] -loc_fffa751a: ; not directly referenced +loc_fffa74c8: ; not directly referenced and edx, 0x3f movzx edi, al and edx, 0x3f @@ -9267,16 +9230,16 @@ shl edx, 9 or edx, ebx movzx ebx, cl cmp byte [ebp - 0x20], 2 -jne short loc_fffa7536 ; jne 0xfffa7536 +jne short loc_fffa74e4 ; jne 0xfffa74e4 mov al, byte [ebp - 0x1c] -jmp short loc_fffa7542 ; jmp 0xfffa7542 +jmp short loc_fffa74f0 ; jmp 0xfffa74f0 -loc_fffa7536: ; not directly referenced +loc_fffa74e4: ; not directly referenced lea eax, [ebx + ebx*8] add eax, esi mov al, byte [eax + edi + 0x1026] -loc_fffa7542: ; not directly referenced +loc_fffa74f0: ; not directly referenced and eax, 0x1f and eax, 0x1f mov dword [ebp - 0x24], eax @@ -9286,29 +9249,29 @@ or dword [ebp - 0x24], edx cmp byte [ebp - 0x20], 3 sete dl or al, dl -je short loc_fffa7565 ; je 0xfffa7565 +je short loc_fffa7513 ; je 0xfffa7513 mov dl, byte [ebp - 0x1c] -jmp short loc_fffa7571 ; jmp 0xfffa7571 +jmp short loc_fffa751f ; jmp 0xfffa751f -loc_fffa7565: ; not directly referenced +loc_fffa7513: ; not directly referenced lea ecx, [ecx + ecx*8] add ecx, esi mov dl, byte [ecx + edi + 0x106e] -loc_fffa7571: ; not directly referenced +loc_fffa751f: ; not directly referenced and edx, 0x3f and edx, 0x3f shl edx, 0x14 or edx, dword [ebp - 0x24] cmp byte [ebp - 0x20], 4 -jne short loc_fffa7588 ; jne 0xfffa7588 +jne short loc_fffa7536 ; jne 0xfffa7536 mov cl, byte [ebp - 0x1c] -jmp short loc_fffa758f ; jmp 0xfffa758f +jmp short loc_fffa753d ; jmp 0xfffa753d -loc_fffa7588: ; not directly referenced +loc_fffa7536: ; not directly referenced mov cl, byte [esi + edi + 0x101d] -loc_fffa758f: ; not directly referenced +loc_fffa753d: ; not directly referenced mov edi, dword [ebp - 0x30] and ecx, 0x3f mov esi, dword [ebp - 0x2c] @@ -9323,7 +9286,7 @@ shl eax, 7 add edx, eax mov eax, dword [ebp - 0x28] shl edx, 2 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc mov eax, dword [ebp - 0x28] push 0 @@ -9333,7 +9296,7 @@ xor ecx, ecx push esi push 0 push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 lea esp, [ebp - 0xc] pop ebx @@ -9342,26 +9305,26 @@ pop edi pop ebp ret -fcn_fffa75da: ; not directly referenced +fcn_fffa7588: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3658 cmp dl, 1 -ja short loc_fffa7605 ; ja 0xfffa7605 +ja short loc_fffa75b3 ; ja 0xfffa75b3 cmp cl, 8 movzx edx, dl -jbe short loc_fffa75fb ; jbe 0xfffa75fb +jbe short loc_fffa75a9 ; jbe 0xfffa75a9 shl edx, 8 lea ebx, [edx + 0x3058] -jmp short loc_fffa7605 ; jmp 0xfffa7605 +jmp short loc_fffa75b3 ; jmp 0xfffa75b3 -loc_fffa75fb: ; not directly referenced +loc_fffa75a9: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x58] -loc_fffa7605: ; not directly referenced +loc_fffa75b3: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -9370,26 +9333,26 @@ pop ebx pop ebp ret -fcn_fffa7617: ; not directly referenced +fcn_fffa75c5: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3654 cmp dl, 1 -ja short loc_fffa7642 ; ja 0xfffa7642 +ja short loc_fffa75f0 ; ja 0xfffa75f0 cmp cl, 8 movzx edx, dl -jbe short loc_fffa7638 ; jbe 0xfffa7638 +jbe short loc_fffa75e6 ; jbe 0xfffa75e6 shl edx, 8 lea ebx, [edx + 0x3054] -jmp short loc_fffa7642 ; jmp 0xfffa7642 +jmp short loc_fffa75f0 ; jmp 0xfffa75f0 -loc_fffa7638: ; not directly referenced +loc_fffa75e6: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x54] -loc_fffa7642: ; not directly referenced +loc_fffa75f0: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -9398,7 +9361,7 @@ pop ebx pop ebp ret -fcn_fffa7654: ; not directly referenced +fcn_fffa7602: ; not directly referenced push ebp mov ebp, esp push edi @@ -9406,18 +9369,18 @@ push esi push ebx sub esp, 0x2c mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] mov dword [ebp - 0x30], eax mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 -lea edi, [eax + 0x3756] -jne short loc_fffa76d9 ; jne 0xfffa76d9 +cmp dword [eax + 0x2481], 2 +lea edi, [eax + 0x3757] +jne short loc_fffa7687 ; jne 0xfffa7687 xor esi, esi -loc_fffa767d: ; not directly referenced +loc_fffa762b: ; not directly referenced xor ebx, ebx -loc_fffa767f: ; not directly referenced +loc_fffa762d: ; not directly referenced push edx push 0 push 4 @@ -9433,28 +9396,28 @@ mov ax, word [edi + ebx*2 + 0x1283] inc ebx mov word [ebp - 0x1e], ax mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov ecx, dword [ebp - 0x20] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 cmp ebx, 7 -jne short loc_fffa767f ; jne 0xfffa767f +jne short loc_fffa762d ; jne 0xfffa762d inc esi add edi, 0x13c3 cmp esi, 2 -jne short loc_fffa767d ; jne 0xfffa767d -jmp near loc_fffa77aa ; jmp 0xfffa77aa +jne short loc_fffa762b ; jne 0xfffa762b +jmp near loc_fffa7758 ; jmp 0xfffa7758 -loc_fffa76d9: ; not directly referenced +loc_fffa7687: ; not directly referenced mov dword [ebp - 0x38], edi xor edi, edi -loc_fffa76de: ; not directly referenced +loc_fffa768c: ; not directly referenced mov dword [ebp - 0x2c], 0 -loc_fffa76e5: ; not directly referenced +loc_fffa7693: ; not directly referenced mov ebx, dword [ebp - 0x2c] xor edx, edx mov al, bl @@ -9487,37 +9450,37 @@ mov word [ebp - 0x20], ax mov ax, word [ebx + 0x126d] mov word [ebp - 0x1e], ax mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov ecx, dword [ebp - 0x20] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebx + 0x126f] add esp, 0x10 cmp byte [ebp - 0x31], 0 mov word [ebp + esi*2 - 0x20], ax -je short loc_fffa778c ; je 0xfffa778c +je short loc_fffa773a ; je 0xfffa773a mov cl, byte [ebp - 0x32] mov edx, edi mov eax, dword [ebp + 8] add ecx, 4 movzx ecx, cl -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov ecx, dword [ebp - 0x1c] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa778c: ; not directly referenced +loc_fffa773a: ; not directly referenced inc dword [ebp - 0x2c] cmp dword [ebp - 0x2c], 4 -jne loc_fffa76e5 ; jne 0xfffa76e5 +jne loc_fffa7693 ; jne 0xfffa7693 inc edi add dword [ebp - 0x38], 0x13c3 cmp edi, 2 -jne loc_fffa76de ; jne 0xfffa76de +jne loc_fffa768c ; jne 0xfffa768c -loc_fffa77aa: ; not directly referenced +loc_fffa7758: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -9526,7 +9489,7 @@ pop edi pop ebp ret -fcn_fffa77b4: +fcn_fffa7762: push ebp mov ebp, esp push edi @@ -9540,15 +9503,15 @@ mov eax, dword [ebp + 8] mov esi, ecx mov dword [ebp - 0x24], eax mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x5e04 mov dword [ebp - 0x1c], eax mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, eax mov dword [ebp - 0x20], eax test edi, edi -je short loc_fffa780e ; je 0xfffa780e +je short loc_fffa77bc ; je 0xfffa77bc mov ecx, dword [ebp - 0x1c] sub esp, 0xc and edx, 0xf @@ -9556,27 +9519,27 @@ push dword [ebx + 0x187b] mov eax, ebx shr ecx, 4 and ecx, 0xf -call fcn_fffaed31 ; call 0xfffaed31 +call fcn_fffb3a68 ; call 0xfffb3a68 add esp, 0x10 mov dword [edi], eax -loc_fffa780e: +loc_fffa77bc: test esi, esi -je short loc_fffa781a ; je 0xfffa781a +je short loc_fffa77c8 ; je 0xfffa77c8 mov al, byte [ebp - 0x20] and eax, 0xf mov byte [esi], al -loc_fffa781a: +loc_fffa77c8: mov esi, dword [ebp - 0x24] test esi, esi -je short loc_fffa782c ; je 0xfffa782c +je short loc_fffa77da ; je 0xfffa77da mov eax, dword [ebp - 0x1c] shr eax, 4 and eax, 0xf mov dword [esi], eax -loc_fffa782c: +loc_fffa77da: mov eax, dword [ebx + 0x187b] mov ecx, dword [ebp - 0x1c] mov edx, dword [ebp - 0x20] @@ -9590,9 +9553,9 @@ pop edi pop ebp shr ecx, 4 and ecx, 0xf -jmp near fcn_fffaefe1 ; jmp 0xfffaefe1 +jmp near fcn_fffb3d18 ; jmp 0xfffb3d18 -fcn_fffa7852: ; not directly referenced +fcn_fffa7800: ; not directly referenced push ebp xor edx, edx mov ebp, esp @@ -9606,7 +9569,7 @@ mov edi, dword [ebp + 8] push 0 lea ecx, [ebp - 0x45] mov eax, edi -call fcn_fffa77b4 ; call 0xfffa77b4 +call fcn_fffa7762 ; call 0xfffa7762 lea eax, [edi + 0x2407] add esp, 0x10 mov dword [ebp - 0x58], 0 @@ -9617,32 +9580,32 @@ mov dword [ebp - 0x80], 0 mov byte [ebp - 0x79], 0 mov dword [ebp - 0x94], eax -loc_fffa78a9: ; not directly referenced +loc_fffa7857: ; not directly referenced lea eax, [esi - 2] cmp eax, 1 -ja short loc_fffa78c7 ; ja 0xfffa78c7 -cmp byte [edi + 0x3749], 0 -je loc_fffa7d5e ; je 0xfffa7d5e +ja short loc_fffa7875 ; ja 0xfffa7875 +cmp byte [edi + 0x374a], 0 +je loc_fffa7d0c ; je 0xfffa7d0c mov dword [ebp - 0x70], 0 -jmp short loc_fffa78e2 ; jmp 0xfffa78e2 +jmp short loc_fffa7890 ; jmp 0xfffa7890 -loc_fffa78c7: ; not directly referenced +loc_fffa7875: ; not directly referenced mov dword [ebp - 0x70], 0 cmp esi, 1 -jne short loc_fffa78e2 ; jne 0xfffa78e2 +jne short loc_fffa7890 ; jne 0xfffa7890 xor eax, eax cmp dword [edi + 0x18a7], 1 sete al mov dword [ebp - 0x70], eax -loc_fffa78e2: ; not directly referenced +loc_fffa7890: ; not directly referenced mov al, byte [ebp - 0x45] -lea ecx, [edi + esi*8 + 0x3756] +lea ecx, [edi + esi*8 + 0x3757] mov dword [ebp - 0x78], ecx mov dword [ebp + esi*4 - 0x38], 0xffffffff mov dword [ebp + esi*4 - 0x28], 0 mov byte [ebp - 0x7a], al -lea eax, [edi + 0x49bf] +lea eax, [edi + 0x49c0] mov dword [ebp - 0x88], eax lea eax, [edi + 0x1973] mov dword [ebp - 0x74], eax @@ -9656,16 +9619,16 @@ add eax, 0xbb mov dword [ebp - 0x8c], ecx mov dword [ebp - 0x90], eax -loc_fffa7948: ; not directly referenced +loc_fffa78f6: ; not directly referenced mov eax, dword [ebp - 0x88] mov ecx, dword [ebp - 0x74] mov dword [ebp - 0x6c], 0 mov dword [ebp - 0x54], eax -loc_fffa795b: ; not directly referenced +loc_fffa7909: ; not directly referenced mov eax, dword [ebp - 0x54] cmp dword [eax - 0xf6], 2 -jne loc_fffa7b33 ; jne 0xfffa7b33 +jne loc_fffa7ae1 ; jne 0xfffa7ae1 mov ebx, dword [ebp - 0x84] mov edx, dword [ebp - 0x78] mov ebx, dword [eax + ebx - 0xf2] @@ -9676,81 +9639,81 @@ mov edx, dword [ebp - 0x78] mov edx, dword [edx + eax + 0xcd] mov dword [ebp - 0x68], edx cmp esi, 1 -je loc_fffa7a50 ; je 0xfffa7a50 -jb loc_fffa7a77 ; jb 0xfffa7a77 +je loc_fffa79fe ; je 0xfffa79fe +jb loc_fffa7a25 ; jb 0xfffa7a25 cmp esi, 3 -ja loc_fffa7a77 ; ja 0xfffa7a77 +ja loc_fffa7a25 ; ja 0xfffa7a25 mov eax, dword [ebp - 0x54] cmp esi, 2 mov al, byte [eax] -jne short loc_fffa79c7 ; jne 0xfffa79c7 +jne short loc_fffa7975 ; jne 0xfffa7975 test al, 1 -jne short loc_fffa79d6 ; jne 0xfffa79d6 +jne short loc_fffa7984 ; jne 0xfffa7984 mov dword [ebp - 0x4c], 0 -jmp near loc_fffa7b04 ; jmp 0xfffa7b04 +jmp near loc_fffa7ab2 ; jmp 0xfffa7ab2 -loc_fffa79c7: ; not directly referenced +loc_fffa7975: ; not directly referenced mov dword [ebp - 0x4c], 0 test al, 2 -je loc_fffa7b04 ; je 0xfffa7b04 +je loc_fffa7ab2 ; je 0xfffa7ab2 -loc_fffa79d6: ; not directly referenced +loc_fffa7984: ; not directly referenced mov eax, dword [ebp - 0x54] mov eax, dword [eax - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffa79fa ; jne 0xfffa79fa +jne short loc_fffa79a8 ; jne 0xfffa79a8 mov eax, dword [ebp - 0x90] mov dword [ebp - 0x60], 0x12 mov dword [ebp - 0x5c], 4 add eax, ecx -jmp short loc_fffa7a10 ; jmp 0xfffa7a10 +jmp short loc_fffa79be ; jmp 0xfffa79be -loc_fffa79fa: ; not directly referenced +loc_fffa79a8: ; not directly referenced mov eax, dword [ebp - 0x8c] mov dword [ebp - 0x60], 0x18 mov dword [ebp - 0x5c], 7 add eax, ecx -loc_fffa7a10: ; not directly referenced +loc_fffa79be: ; not directly referenced movzx edx, byte [eax + 2] mov dword [ebp - 0x50], 0 mov dword [ebp - 0x58], edx mov edx, dword [ebp - 0x54] cmp byte [edx + 1], 0x13 -jne short loc_fffa7a2e ; jne 0xfffa7a2e +jne short loc_fffa79dc ; jne 0xfffa79dc movsx edx, byte [eax + 0x1b] mov dword [ebp - 0x50], edx -loc_fffa7a2e: ; not directly referenced +loc_fffa79dc: ; not directly referenced mov ax, word [eax + 3] and eax, 0x7fff mov dword [ebp - 0x4c], eax xor eax, eax test ebx, ebx -je loc_fffa7af7 ; je 0xfffa7af7 +je loc_fffa7aa5 ; je 0xfffa7aa5 mov eax, dword [ebp - 0x64] imul eax, dword [ebp - 0x58] -jmp near loc_fffa7ae6 ; jmp 0xfffa7ae6 +jmp near loc_fffa7a94 ; jmp 0xfffa7a94 -loc_fffa7a50: ; not directly referenced +loc_fffa79fe: ; not directly referenced movzx edx, word [ecx + 0x24e] test dx, dx -je short loc_fffa7a77 ; je 0xfffa7a77 +je short loc_fffa7a25 ; je 0xfffa7a25 mov eax, dword [ebp - 0x24] mov dword [ebp - 0x4c], 0xffffffff mov byte [ebp - 0x79], 1 cmp edx, eax cmovae eax, edx mov dword [ebp - 0x24], eax -jmp near loc_fffa7b04 ; jmp 0xfffa7b04 +jmp near loc_fffa7ab2 ; jmp 0xfffa7ab2 -loc_fffa7a77: ; not directly referenced +loc_fffa7a25: ; not directly referenced mov eax, dword [ebp - 0x54] mov eax, dword [eax - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffa7aad ; jne 0xfffa7aad +jne short loc_fffa7a5b ; jne 0xfffa7a5b movzx eax, byte [ecx + 0x58] mov dword [ebp - 0x60], 0x12 mov dword [ebp - 0x5c], 4 @@ -9760,9 +9723,9 @@ mov dword [ebp - 0x50], eax mov ax, word [ecx + 0x56] and eax, 0x7fff mov dword [ebp - 0x4c], eax -jmp short loc_fffa7ad9 ; jmp 0xfffa7ad9 +jmp short loc_fffa7a87 ; jmp 0xfffa7a87 -loc_fffa7aad: ; not directly referenced +loc_fffa7a5b: ; not directly referenced movzx eax, byte [ecx + 0x60] mov dword [ebp - 0x60], 0x18 mov dword [ebp - 0x5c], 7 @@ -9773,14 +9736,14 @@ mov eax, dword [ecx + 0x5c] mov dword [ebp - 0x4c], eax and dword [ebp - 0x4c], 0x3ffff -loc_fffa7ad9: ; not directly referenced +loc_fffa7a87: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffa7af7 ; je 0xfffa7af7 +je short loc_fffa7aa5 ; je 0xfffa7aa5 mov eax, dword [ebp - 0x58] imul eax, dword [ebp - 0x64] -loc_fffa7ae6: ; not directly referenced +loc_fffa7a94: ; not directly referenced lea edx, [ebx + eax - 1] mov eax, dword [ebp - 0x68] imul eax, dword [ebp - 0x50] @@ -9788,71 +9751,71 @@ add eax, edx xor edx, edx div ebx -loc_fffa7af7: ; not directly referenced +loc_fffa7aa5: ; not directly referenced mov edx, dword [ebp + esi*4 - 0x28] cmp eax, edx cmovb eax, edx mov dword [ebp + esi*4 - 0x28], eax -loc_fffa7b04: ; not directly referenced +loc_fffa7ab2: ; not directly referenced cmp dword [edi + 0x1872], 0x535 -jbe short loc_fffa7b1c ; jbe 0xfffa7b1c -cmp dword [edi + 0x36d3], 0x535 -ja short loc_fffa7b2c ; ja 0xfffa7b2c +jbe short loc_fffa7aca ; jbe 0xfffa7aca +cmp dword [edi + 0x36d4], 0x535 +ja short loc_fffa7ada ; ja 0xfffa7ada -loc_fffa7b1c: ; not directly referenced +loc_fffa7aca: ; not directly referenced cmp byte [ebp - 0x7a], 5 mov eax, 0xffff cmova eax, dword [ebp - 0x4c] mov dword [ebp - 0x4c], eax -loc_fffa7b2c: ; not directly referenced +loc_fffa7ada: ; not directly referenced mov eax, dword [ebp - 0x4c] and dword [ebp + esi*4 - 0x38], eax -loc_fffa7b33: ; not directly referenced +loc_fffa7ae1: ; not directly referenced add dword [ebp - 0x6c], 0x20 add ecx, 0x277 add dword [ebp - 0x54], 0x128 cmp dword [ebp - 0x6c], 0x40 -jne loc_fffa795b ; jne 0xfffa795b +jne loc_fffa7909 ; jne 0xfffa7909 add dword [ebp - 0x74], 0x54a mov eax, dword [ebp - 0x94] add dword [ebp - 0x88], 0x13c3 add dword [ebp - 0x78], 0x13c3 cmp dword [ebp - 0x74], eax -jne loc_fffa7948 ; jne 0xfffa7948 +jne loc_fffa78f6 ; jne 0xfffa78f6 cmp esi, 1 seta cl test ebx, ebx sete al mov byte [ebp - 0x4c], cl test cl, al -jne loc_fffa7d5c ; jne 0xfffa7d5c -mov eax, dword [edi + 0x36e3] +jne loc_fffa7d0a ; jne 0xfffa7d0a +mov eax, dword [edi + 0x36e4] lea ecx, [ebp - 0x44] mov edx, ebx mov byte [ebp + esi - 0x3c], 0 -call fcn_fffaf08c ; call 0xfffaf08c +call fcn_fffb3dc3 ; call 0xfffb3dc3 cmp byte [ebp - 0x4c], 0 -je short loc_fffa7be4 ; je 0xfffa7be4 -cmp dword [edi + 0x36e3], 0 -jne short loc_fffa7be4 ; jne 0xfffa7be4 -cmp byte [edi + 0x247e], 0 -je short loc_fffa7be4 ; je 0xfffa7be4 +je short loc_fffa7b92 ; je 0xfffa7b92 +cmp dword [edi + 0x36e4], 0 +jne short loc_fffa7b92 ; jne 0xfffa7b92 +cmp byte [edi + 0x247f], 0 +je short loc_fffa7b92 ; je 0xfffa7b92 lea ecx, [ebp - 0x40] mov edx, ebx mov eax, 1 -call fcn_fffaf08c ; call 0xfffaf08c +call fcn_fffb3dc3 ; call 0xfffb3dc3 mov eax, dword [ebp - 0x40] cmp eax, dword [ebp - 0x44] -jle short loc_fffa7be4 ; jle 0xfffa7be4 +jle short loc_fffa7b92 ; jle 0xfffa7b92 mov dword [ebp - 0x44], eax cmp dword [edi + 0x18a7], esi -jne short loc_fffa7be4 ; jne 0xfffa7be4 -mov dword [edi + 0x36e3], 1 +jne short loc_fffa7b92 ; jne 0xfffa7b92 +mov dword [edi + 0x36e4], 1 -loc_fffa7be4: ; not directly referenced +loc_fffa7b92: ; not directly referenced mov al, byte [ebp - 0x70] mov byte [ebp - 0x4c], al mov eax, dword [ebp - 0x64] @@ -9865,138 +9828,138 @@ mov eax, dword [ebp - 0x84] add eax, edi mov dword [ebp - 0x70], eax -loc_fffa7c09: ; not directly referenced +loc_fffa7bb7: ; not directly referenced cmp byte [ebp + esi - 0x3c], 0 -jne loc_fffa7ccb ; jne 0xfffa7ccb +jne loc_fffa7c79 ; jne 0xfffa7c79 mov edx, dword [ebp + esi*4 - 0x28] cmp edx, dword [ebp - 0x60] -ja loc_fffa7ccb ; ja 0xfffa7ccb +ja loc_fffa7c79 ; ja 0xfffa7c79 cmp byte [ebp - 0x4c], 0 -jne short loc_fffa7c45 ; jne 0xfffa7c45 +jne short loc_fffa7bf3 ; jne 0xfffa7bf3 mov ecx, dword [ebp + esi*4 - 0x38] mov eax, edx sub eax, dword [ebp - 0x5c] bt ecx, eax -jae loc_fffa7cc1 ; jae 0xfffa7cc1 +jae loc_fffa7c6f ; jae 0xfffa7c6f mov eax, ebx imul eax, edx cmp eax, 0x1312d00 -ja short loc_fffa7cc1 ; ja 0xfffa7cc1 +ja short loc_fffa7c6f ; ja 0xfffa7c6f -loc_fffa7c45: ; not directly referenced +loc_fffa7bf3: ; not directly referenced mov byte [ebp + esi - 0x3c], 1 cmp esi, dword [edi + 0x18a7] -jne short loc_fffa7c5f ; jne 0xfffa7c5f -mov dword [edi + 0x36df], ebx +jne short loc_fffa7c0d ; jne 0xfffa7c0d +mov dword [edi + 0x36e0], ebx mov dword [ebp - 0x80], 1 -loc_fffa7c5f: ; not directly referenced +loc_fffa7c0d: ; not directly referenced mov eax, dword [ebp - 0x70] xor ecx, ecx -loc_fffa7c64: ; not directly referenced -cmp dword [edi + ecx + 0x48c9], 2 -jne short loc_fffa7c88 ; jne 0xfffa7c88 -mov word [eax + 0x48d3], dx -mov word [eax + 0x3760], dx -mov dword [eax + 0x48cd], ebx -mov dword [eax + 0x375a], ebx - -loc_fffa7c88: ; not directly referenced -cmp dword [edi + ecx + 0x49f1], 2 -jne short loc_fffa7cac ; jne 0xfffa7cac -mov word [eax + 0x49fb], dx -mov word [eax + 0x3760], dx -mov dword [eax + 0x49f5], ebx -mov dword [eax + 0x375a], ebx - -loc_fffa7cac: ; not directly referenced +loc_fffa7c12: ; not directly referenced +cmp dword [edi + ecx + 0x48ca], 2 +jne short loc_fffa7c36 ; jne 0xfffa7c36 +mov word [eax + 0x48d4], dx +mov word [eax + 0x3761], dx +mov dword [eax + 0x48ce], ebx +mov dword [eax + 0x375b], ebx + +loc_fffa7c36: ; not directly referenced +cmp dword [edi + ecx + 0x49f2], 2 +jne short loc_fffa7c5a ; jne 0xfffa7c5a +mov word [eax + 0x49fc], dx +mov word [eax + 0x3761], dx +mov dword [eax + 0x49f6], ebx +mov dword [eax + 0x375b], ebx + +loc_fffa7c5a: ; not directly referenced add ecx, 0x13c3 add eax, 0x13c3 cmp ecx, 0x2786 -jne short loc_fffa7c64 ; jne 0xfffa7c64 -jmp short loc_fffa7ccb ; jmp 0xfffa7ccb +jne short loc_fffa7c12 ; jne 0xfffa7c12 +jmp short loc_fffa7c79 ; jmp 0xfffa7c79 -loc_fffa7cc1: ; not directly referenced +loc_fffa7c6f: ; not directly referenced inc edx mov dword [ebp + esi*4 - 0x28], edx -jmp near loc_fffa7c09 ; jmp 0xfffa7c09 +jmp near loc_fffa7bb7 ; jmp 0xfffa7bb7 -loc_fffa7ccb: ; not directly referenced +loc_fffa7c79: ; not directly referenced cmp byte [ebp + esi - 0x3c], 0 -jne loc_fffa7d5e ; jne 0xfffa7d5e +jne loc_fffa7d0c ; jne 0xfffa7d0c cmp byte [ebp - 0x4c], 0 -je short loc_fffa7ceb ; je 0xfffa7ceb +je short loc_fffa7c99 ; je 0xfffa7c99 cmp byte [edi + 0x1876], 0 -jne short loc_fffa7d5e ; jne 0xfffa7d5e +jne short loc_fffa7d0c ; jne 0xfffa7d0c cmp byte [ebp - 0x79], 1 -je short loc_fffa7d5e ; je 0xfffa7d5e +je short loc_fffa7d0c ; je 0xfffa7d0c -loc_fffa7ceb: ; not directly referenced +loc_fffa7c99: ; not directly referenced mov eax, dword [ebp - 0x44] -loc_fffa7cee: ; not directly referenced +loc_fffa7c9c: ; not directly referenced dec eax test eax, eax -jle short loc_fffa7d57 ; jle 0xfffa7d57 +jle short loc_fffa7d05 ; jle 0xfffa7d05 lea edx, [eax + eax*8] -mov dl, byte [edx + ref_fffd34b8] ; mov dl, byte [edx - 0x2cb48] +mov dl, byte [edx + ref_fffd3804] ; mov dl, byte [edx - 0x2c7fc] cmp dl, 3 -jne short loc_fffa7d33 ; jne 0xfffa7d33 +jne short loc_fffa7ce1 ; jne 0xfffa7ce1 -loc_fffa7d01: ; not directly referenced +loc_fffa7caf: ; not directly referenced mov dword [ebp - 0x44], eax lea eax, [eax + eax*8] -mov ebx, dword [eax + ref_fffd34b0] ; mov ebx, dword [eax - 0x2cb50] +mov ebx, dword [eax + ref_fffd37fc] ; mov ebx, dword [eax - 0x2c804] lea ecx, [ebp - 0x44] -mov eax, dword [edi + 0x36e3] +mov eax, dword [edi + 0x36e4] mov edx, ebx -call fcn_fffaf08c ; call 0xfffaf08c +call fcn_fffb3dc3 ; call 0xfffb3dc3 xor eax, eax test ebx, ebx -je short loc_fffa7d51 ; je 0xfffa7d51 +je short loc_fffa7cff ; je 0xfffa7cff mov eax, dword [ebp - 0x54] xor edx, edx lea eax, [ebx + eax - 1] add eax, dword [ebp - 0x6c] div ebx -jmp short loc_fffa7d51 ; jmp 0xfffa7d51 +jmp short loc_fffa7cff ; jmp 0xfffa7cff -loc_fffa7d33: ; not directly referenced +loc_fffa7ce1: ; not directly referenced cmp dl, 1 -jne short loc_fffa7d41 ; jne 0xfffa7d41 -cmp dword [edi + 0x36e3], 0 -jmp short loc_fffa7d4d ; jmp 0xfffa7d4d +jne short loc_fffa7cef ; jne 0xfffa7cef +cmp dword [edi + 0x36e4], 0 +jmp short loc_fffa7cfb ; jmp 0xfffa7cfb -loc_fffa7d41: ; not directly referenced +loc_fffa7cef: ; not directly referenced cmp dl, 2 -jne short loc_fffa7cee ; jne 0xfffa7cee -cmp dword [edi + 0x36e3], 1 +jne short loc_fffa7c9c ; jne 0xfffa7c9c +cmp dword [edi + 0x36e4], 1 -loc_fffa7d4d: ; not directly referenced -jne short loc_fffa7cee ; jne 0xfffa7cee -jmp short loc_fffa7d01 ; jmp 0xfffa7d01 +loc_fffa7cfb: ; not directly referenced +jne short loc_fffa7c9c ; jne 0xfffa7c9c +jmp short loc_fffa7caf ; jmp 0xfffa7caf -loc_fffa7d51: ; not directly referenced +loc_fffa7cff: ; not directly referenced mov dword [ebp + esi*4 - 0x28], eax -jmp short loc_fffa7d8c ; jmp 0xfffa7d8c +jmp short loc_fffa7d3a ; jmp 0xfffa7d3a -loc_fffa7d57: ; not directly referenced +loc_fffa7d05: ; not directly referenced mov dword [ebp - 0x44], eax -jmp short loc_fffa7d8c ; jmp 0xfffa7d8c +jmp short loc_fffa7d3a ; jmp 0xfffa7d3a -loc_fffa7d5c: ; not directly referenced +loc_fffa7d0a: ; not directly referenced xor ebx, ebx -loc_fffa7d5e: ; not directly referenced +loc_fffa7d0c: ; not directly referenced inc esi cmp esi, 4 -jne loc_fffa78a9 ; jne 0xfffa78a9 -mov edx, dword [edi + 0x36df] +jne loc_fffa7857 ; jne 0xfffa7857 +mov edx, dword [edi + 0x36e0] xor ecx, ecx -mov eax, dword [edi + 0x36e3] -call fcn_fffaf08c ; call 0xfffaf08c -mov dword [edi + 0x36d7], eax +mov eax, dword [edi + 0x36e4] +call fcn_fffb3dc3 ; call 0xfffb3dc3 +mov dword [edi + 0x36d8], eax mov eax, dword [ebp - 0x80] lea esp, [ebp - 0xc] pop ebx @@ -10005,12 +9968,12 @@ pop edi pop ebp ret -loc_fffa7d8c: ; not directly referenced +loc_fffa7d3a: ; not directly referenced cmp dword [ebp - 0x44], 0 -jg loc_fffa7c09 ; jg 0xfffa7c09 -jmp short loc_fffa7d5e ; jmp 0xfffa7d5e +jg loc_fffa7bb7 ; jg 0xfffa7bb7 +jmp short loc_fffa7d0c ; jmp 0xfffa7d0c -fcn_fffa7d98: ; not directly referenced +fcn_fffa7d46: ; not directly referenced push ebp mov ebp, esp push edi @@ -10025,21 +9988,21 @@ cmp cl, 0x10 mov byte [ebp - 0xd], al sete al or bl, al -jne short loc_fffa7dce ; jne 0xfffa7dce +jne short loc_fffa7d7c ; jne 0xfffa7d7c cmp cl, 0x21 sete bl cmp cl, 0x11 sete al or bl, al -je loc_fffa7e62 ; je 0xfffa7e62 +je loc_fffa7e10 ; je 0xfffa7e10 -loc_fffa7dce: ; not directly referenced +loc_fffa7d7c: ; not directly referenced xor ebx, ebx cmp cl, 0x21 -ja short loc_fffa7ddc ; ja 0xfffa7ddc -movzx ebx, byte [ecx + ref_fffd5f1c] ; movzx ebx, byte [ecx - 0x2a0e4] +ja short loc_fffa7d8a ; ja 0xfffa7d8a +movzx ebx, byte [ecx + ref_fffd58e0] ; movzx ebx, byte [ecx - 0x2a720] -loc_fffa7ddc: ; not directly referenced +loc_fffa7d8a: ; not directly referenced cmp bl, 7 mov eax, 7 cmovbe eax, ebx @@ -10050,29 +10013,29 @@ movzx eax, byte [ebp - 0xd] imul eax, eax, 0x12 mov dword [ebp - 0x20], eax -loc_fffa7dfc: ; not directly referenced +loc_fffa7daa: ; not directly referenced imul eax, ebx, 0x13c3 mov esi, dword [ebp - 0x14] -cmp dword [esi + eax + 0x3756], 2 -je short loc_fffa7e17 ; je 0xfffa7e17 +cmp dword [esi + eax + 0x3757], 2 +je short loc_fffa7dc5 ; je 0xfffa7dc5 -loc_fffa7e0f: ; not directly referenced +loc_fffa7dbd: ; not directly referenced inc ebx cmp ebx, 2 -je short loc_fffa7e62 ; je 0xfffa7e62 -jmp short loc_fffa7dfc ; jmp 0xfffa7dfc +je short loc_fffa7e10 ; je 0xfffa7e10 +jmp short loc_fffa7daa ; jmp 0xfffa7daa -loc_fffa7e17: ; not directly referenced +loc_fffa7dc5: ; not directly referenced lea eax, [ebx + ebx*8] add eax, dword [ebp - 0x20] mov byte [ebp - 0xd], 0 mov dword [ebp - 0x1c], eax -loc_fffa7e24: ; not directly referenced +loc_fffa7dd2: ; not directly referenced mov esi, dword [ebp - 0x14] mov al, byte [ebp - 0xd] -cmp al, byte [esi + 0x2488] -jae short loc_fffa7e0f ; jae 0xfffa7e0f +cmp al, byte [esi + 0x2489] +jae short loc_fffa7dbd ; jae 0xfffa7dbd movzx ecx, byte [ebp - 0xd] mov esi, 0xa xor edx, edx @@ -10088,9 +10051,9 @@ mov ecx, dword [ebp - 0x18] imul eax, dword [ecx + 4], 0xf div esi mov dword [ecx + 4], eax -jmp short loc_fffa7e24 ; jmp 0xfffa7e24 +jmp short loc_fffa7dd2 ; jmp 0xfffa7dd2 -loc_fffa7e62: ; not directly referenced +loc_fffa7e10: ; not directly referenced add esp, 0x14 xor eax, eax pop ebx @@ -10099,7 +10062,7 @@ pop edi pop ebp ret -fcn_fffa7e6c: ; not directly referenced +fcn_fffa7e1a: ; not directly referenced push ebp mov ebp, esp push edi @@ -10111,66 +10074,66 @@ mov dword [ebp - 0x24], eax movzx eax, byte [ebp + 8] mov byte [ebp - 0x1b], bl cmp cl, 0xd -ja short loc_fffa7e9f ; ja 0xfffa7e9f +ja short loc_fffa7e4d ; ja 0xfffa7e4d cmp cl, 0xb -jae short loc_fffa7eba ; jae 0xfffa7eba +jae short loc_fffa7e68 ; jae 0xfffa7e68 cmp cl, 2 -jbe short loc_fffa7eba ; jbe 0xfffa7eba +jbe short loc_fffa7e68 ; jbe 0xfffa7e68 lea ebx, [ecx - 4] cmp bl, 1 -ja loc_fffa7fd1 ; ja 0xfffa7fd1 -jmp short loc_fffa7eba ; jmp 0xfffa7eba +ja loc_fffa7f7f ; ja 0xfffa7f7f +jmp short loc_fffa7e68 ; jmp 0xfffa7e68 -loc_fffa7e9f: ; not directly referenced +loc_fffa7e4d: ; not directly referenced cmp cl, 0x10 -jb loc_fffa7fd1 ; jb 0xfffa7fd1 +jb loc_fffa7f7f ; jb 0xfffa7f7f cmp cl, 0x11 -jbe short loc_fffa7ec0 ; jbe 0xfffa7ec0 +jbe short loc_fffa7e6e ; jbe 0xfffa7e6e lea ebx, [ecx - 0x20] cmp bl, 1 -jbe short loc_fffa7ec0 ; jbe 0xfffa7ec0 -jmp near loc_fffa7fd1 ; jmp 0xfffa7fd1 +jbe short loc_fffa7e6e ; jbe 0xfffa7e6e +jmp near loc_fffa7f7f ; jmp 0xfffa7f7f -loc_fffa7eba: ; not directly referenced +loc_fffa7e68: ; not directly referenced mov byte [ebp - 0x1a], 0xa -jmp short loc_fffa7ec4 ; jmp 0xfffa7ec4 +jmp short loc_fffa7e72 ; jmp 0xfffa7e72 -loc_fffa7ec0: ; not directly referenced +loc_fffa7e6e: ; not directly referenced mov byte [ebp - 0x1a], 7 -loc_fffa7ec4: ; not directly referenced +loc_fffa7e72: ; not directly referenced xor ebx, ebx cmp cl, 0x21 -ja short loc_fffa7ed2 ; ja 0xfffa7ed2 -movzx ebx, byte [ecx + ref_fffd5f1c] ; movzx ebx, byte [ecx - 0x2a0e4] +ja short loc_fffa7e80 ; ja 0xfffa7e80 +movzx ebx, byte [ecx + ref_fffd58e0] ; movzx ebx, byte [ecx - 0x2a720] -loc_fffa7ed2: ; not directly referenced +loc_fffa7e80: ; not directly referenced cmp bl, 7 mov ecx, 7 mov esi, dword [ebp - 0x24] cmovbe ecx, ebx imul ecx, ecx, 0x240 imul eax, eax, 0x12 -add esi, 0x3756 +add esi, 0x3757 mov dword [ebp - 0x14], esi lea edi, [edx + ecx] mov dword [ebp - 0x18], 0 mov dword [ebp - 0x34], eax -loc_fffa7eff: ; not directly referenced +loc_fffa7ead: ; not directly referenced mov eax, dword [ebp - 0x14] cmp dword [eax], 2 -je short loc_fffa7f1e ; je 0xfffa7f1e +je short loc_fffa7ecc ; je 0xfffa7ecc -loc_fffa7f07: ; not directly referenced +loc_fffa7eb5: ; not directly referenced inc dword [ebp - 0x18] add dword [ebp - 0x14], 0x13c3 cmp dword [ebp - 0x18], 2 -jne short loc_fffa7eff ; jne 0xfffa7eff +jne short loc_fffa7ead ; jne 0xfffa7ead xor eax, eax -jmp near loc_fffa7fd6 ; jmp 0xfffa7fd6 +jmp near loc_fffa7f84 ; jmp 0xfffa7f84 -loc_fffa7f1e: ; not directly referenced +loc_fffa7ecc: ; not directly referenced imul eax, dword [ebp - 0x18], 9 mov esi, dword [ebp - 0x34] mov byte [ebp - 0x19], 0 @@ -10180,11 +10143,11 @@ movzx eax, byte [ebp - 0x1a] mov dword [ebp - 0x28], esi mov dword [ebp - 0x30], eax -loc_fffa7f38: ; not directly referenced +loc_fffa7ee6: ; not directly referenced mov edx, dword [ebp - 0x24] mov al, byte [ebp - 0x19] -cmp al, byte [edx + 0x2488] -jae short loc_fffa7f07 ; jae 0xfffa7f07 +cmp al, byte [edx + 0x2489] +jae short loc_fffa7eb5 ; jae 0xfffa7eb5 movzx esi, al mov edx, dword [ebp - 0x2c] xor ecx, ecx @@ -10197,32 +10160,32 @@ mov dword [ebp - 0x10], ebx mov ebx, eax mov dword [ebp - 0x20], edx -loc_fffa7f63: ; not directly referenced +loc_fffa7f11: ; not directly referenced mov eax, dword [ebp - 0x14] mov edx, 1 shl edx, cl and dl, byte [eax + 0xc4] test byte [ebp - 0x1b], dl -je short loc_fffa7f9e ; je 0xfffa7f9e +je short loc_fffa7f4c ; je 0xfffa7f4c imul edx, ecx, 0x90 mov eax, dword [ebp - 0x20] mov eax, dword [eax + edx] cmp dword [edi + ebx*8], eax -jbe short loc_fffa7f8c ; jbe 0xfffa7f8c +jbe short loc_fffa7f3a ; jbe 0xfffa7f3a mov dword [edi + ebx*8], eax -loc_fffa7f8c: ; not directly referenced +loc_fffa7f3a: ; not directly referenced mov eax, dword [ebp - 0x20] mov edx, dword [eax + edx + 4] mov eax, dword [ebp - 0x10] cmp dword [eax + 4], edx -jbe short loc_fffa7f9e ; jbe 0xfffa7f9e +jbe short loc_fffa7f4c ; jbe 0xfffa7f4c mov dword [eax + 4], edx -loc_fffa7f9e: ; not directly referenced +loc_fffa7f4c: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffa7f63 ; jne 0xfffa7f63 +jne short loc_fffa7f11 ; jne 0xfffa7f11 add esi, dword [ebp - 0x28] mov cl, 0xa mov ebx, dword [ebp - 0x30] @@ -10238,12 +10201,12 @@ mov eax, ebx imul eax, dword [esi + 4] div ecx mov dword [esi + 4], eax -jmp near loc_fffa7f38 ; jmp 0xfffa7f38 +jmp near loc_fffa7ee6 ; jmp 0xfffa7ee6 -loc_fffa7fd1: ; not directly referenced +loc_fffa7f7f: ; not directly referenced mov eax, 2 -loc_fffa7fd6: ; not directly referenced +loc_fffa7f84: ; not directly referenced add esp, 0x28 pop ebx pop esi @@ -10251,7 +10214,7 @@ pop edi pop ebp ret -fcn_fffa7fde: ; not directly referenced +fcn_fffa7f8c: ; not directly referenced push ebp mov ebp, esp push edi @@ -10271,18 +10234,18 @@ mov byte [ebp - 0x39], 0xf0 mov dword [ebp - 0x54], 0 mov word [ebp - 0x6e], ax -loc_fffa8015: ; not directly referenced +loc_fffa7fc3: ; not directly referenced mov eax, dword [ebp - 0x54] mov bx, word [ebp - 0x6e] mov word [ebp - 0x68], ax cmp ax, bx -jae loc_fffa819d ; jae 0xfffa819d +jae loc_fffa814b ; jae 0xfffa814b mov eax, dword [ebp - 0x50] xor ecx, ecx or eax, dword [ebp - 0x4c] mov dword [ebp - 0x6c], eax -loc_fffa8034: ; not directly referenced +loc_fffa7fe2: ; not directly referenced mov esi, 1 mov ebx, dword [ebp - 0x4c] mov al, 1 @@ -10292,30 +10255,30 @@ setne dl and ebx, esi setne byte [ebp - 0x56] test byte [ebp - 0x56], dl -jne short loc_fffa8067 ; jne 0xfffa8067 +jne short loc_fffa8015 ; jne 0xfffa8015 test ebx, ebx sete bl xor eax, eax test bl, dl -jne short loc_fffa8067 ; jne 0xfffa8067 +jne short loc_fffa8015 ; jne 0xfffa8015 and esi, dword [ebp - 0x6c] cmp esi, 1 sbb eax, eax add eax, 3 -loc_fffa8067: ; not directly referenced +loc_fffa8015: ; not directly referenced movzx eax, al mov al, byte [ebp + eax - 0x3c] mov byte [ebp + ecx - 0x38], al inc ecx cmp ecx, 0x20 -jne short loc_fffa8034 ; jne 0xfffa8034 +jne short loc_fffa7fe2 ; jne 0xfffa7fe2 mov eax, dword [ebp - 0x68] xor esi, esi add eax, dword [ebp - 0x58] mov word [ebp - 0x56], ax -loc_fffa8084: ; not directly referenced +loc_fffa8032: ; not directly referenced mov ecx, esi mov eax, 1 shl eax, cl @@ -10324,34 +10287,34 @@ mov dword [ebp - 0x68], eax xor ecx, ecx mov edx, 1 -loc_fffa8099: ; not directly referenced +loc_fffa8047: ; not directly referenced mov al, byte [ebp - 0x68] test byte [ebp + ecx - 0x38], al -je short loc_fffa80a8 ; je 0xfffa80a8 +je short loc_fffa8056 ; je 0xfffa8056 mov eax, edx shl eax, cl or ebx, eax -loc_fffa80a8: ; not directly referenced +loc_fffa8056: ; not directly referenced inc ecx cmp ecx, 0x20 -jne short loc_fffa8099 ; jne 0xfffa8099 -cmp dword [edi + 0x3756], 2 +jne short loc_fffa8047 ; jne 0xfffa8047 +cmp dword [edi + 0x3757], 2 lea eax, [esi + 0x10000] mov dword [ebp - 0x68], eax -jne short loc_fffa8113 ; jne 0xfffa8113 +jne short loc_fffa80c1 ; jne 0xfffa80c1 mov ecx, ebx mov edx, 0x42dc mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, ebx mov edx, 0x42e0 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x68] mov edx, 0x42d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x56] mov ecx, 0xfff mov edx, 0x42d0 @@ -10360,23 +10323,23 @@ cmovbe ecx, eax mov eax, edi and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8113: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffa816f ; jne 0xfffa816f +loc_fffa80c1: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffa811d ; jne 0xfffa811d mov ecx, ebx mov edx, 0x46dc mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, ebx mov edx, 0x46e0 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x68] mov edx, 0x46d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x56] mov ecx, 0xfff mov edx, 0x46d0 @@ -10385,12 +10348,12 @@ cmovbe ecx, eax mov eax, edi and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa816f: ; not directly referenced +loc_fffa811d: ; not directly referenced inc esi cmp esi, 8 -jne loc_fffa8084 ; jne 0xfffa8084 +jne loc_fffa8032 ; jne 0xfffa8032 mov ebx, dword [ebp - 0x50] mov esi, dword [ebp - 0x4c] add dword [ebp - 0x50], ebx @@ -10402,25 +10365,25 @@ mov eax, esi shr eax, 0x1f inc dword [ebp - 0x54] or dword [ebp - 0x4c], eax -jmp near loc_fffa8015 ; jmp 0xfffa8015 +jmp near loc_fffa7fc3 ; jmp 0xfffa7fc3 -loc_fffa819d: ; not directly referenced -cmp dword [edi + 0x3756], 2 -jne short loc_fffa81b4 ; jne 0xfffa81b4 +loc_fffa814b: ; not directly referenced +cmp dword [edi + 0x3757], 2 +jne short loc_fffa8162 ; jne 0xfffa8162 xor ecx, ecx mov edx, 0x42d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa81b4: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffa81cb ; jne 0xfffa81cb +loc_fffa8162: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffa8179 ; jne 0xfffa8179 xor ecx, ecx mov edx, 0x46d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa81cb: ; not directly referenced +loc_fffa8179: ; not directly referenced add esp, 0x6c pop ebx pop esi @@ -10428,7 +10391,7 @@ pop edi pop ebp ret -fcn_fffa81d3: ; not directly referenced +fcn_fffa8181: ; not directly referenced push ebp mov ebp, esp push edi @@ -10444,19 +10407,19 @@ mov word [ebp - 0x22], ax movzx eax, byte [ebp + 8] mov dword [ebp - 0x34], eax -loc_fffa81f4: ; not directly referenced +loc_fffa81a2: ; not directly referenced mov dword [ebp - 0x20], 1 mov ecx, edi mov esi, 0x46dc shl dword [ebp - 0x20], cl -loc_fffa8205: ; not directly referenced +loc_fffa81b3: ; not directly referenced lea eax, [esi*8 - 0x236e0] xor ecx, ecx mov dword [ebp - 0x28], eax mov dword [ebp - 0x1c], 0 -loc_fffa8218: ; not directly referenced +loc_fffa81c6: ; not directly referenced mov eax, dword [ebp - 0x28] add eax, ecx cdq @@ -10467,41 +10430,41 @@ movzx eax, byte [eax + edx] mov edx, dword [ebp - 0x2c] movzx eax, byte [edx + eax] test dword [ebp - 0x20], eax -je short loc_fffa8241 ; je 0xfffa8241 +je short loc_fffa81ef ; je 0xfffa81ef mov eax, 1 shl eax, cl or dword [ebp - 0x1c], eax -loc_fffa8241: ; not directly referenced +loc_fffa81ef: ; not directly referenced inc ecx cmp ecx, 0x20 -jne short loc_fffa8218 ; jne 0xfffa8218 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffa8260 ; jne 0xfffa8260 +jne short loc_fffa81c6 ; jne 0xfffa81c6 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa820e ; jne 0xfffa820e mov ecx, dword [ebp - 0x1c] lea edx, [esi - 0x400] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8260: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffa8275 ; jne 0xfffa8275 +loc_fffa820e: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8223 ; jne 0xfffa8223 mov ecx, dword [ebp - 0x1c] mov edx, esi mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8275: ; not directly referenced +loc_fffa8223: ; not directly referenced add esi, 4 cmp esi, 0x46e4 -jne short loc_fffa8205 ; jne 0xfffa8205 -cmp dword [ebx + 0x3756], 2 +jne short loc_fffa81b3 ; jne 0xfffa81b3 +cmp dword [ebx + 0x3757], 2 lea esi, [edi + 0x10000] -jne short loc_fffa82c5 ; jne 0xfffa82c5 +jne short loc_fffa8273 ; jne 0xfffa8273 mov ecx, esi mov edx, 0x42d4 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x22] mov ecx, 0xfff mov edx, 0x42d0 @@ -10510,15 +10473,15 @@ cmovbe ecx, eax mov eax, ebx and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa82c5: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffa8304 ; jne 0xfffa8304 +loc_fffa8273: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa82b2 ; jne 0xfffa82b2 mov ecx, esi mov edx, 0x46d4 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x22] mov ecx, 0xfff mov edx, 0x46d0 @@ -10527,22 +10490,22 @@ cmovbe ecx, eax mov eax, ebx and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8304: ; not directly referenced +loc_fffa82b2: ; not directly referenced inc edi cmp edi, 8 -jne loc_fffa81f4 ; jne 0xfffa81f4 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffa8325 ; jne 0xfffa8325 +jne loc_fffa81a2 ; jne 0xfffa81a2 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa82d3 ; jne 0xfffa82d3 xor ecx, ecx mov edx, 0x42d4 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8325: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffa8343 ; jne 0xfffa8343 +loc_fffa82d3: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa82f1 ; jne 0xfffa82f1 add esp, 0x2c mov eax, ebx pop ebx @@ -10551,9 +10514,9 @@ pop esi mov edx, 0x46d4 pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -loc_fffa8343: ; not directly referenced +loc_fffa82f1: ; not directly referenced add esp, 0x2c pop ebx pop esi @@ -10561,7 +10524,7 @@ pop edi pop ebp ret -fcn_fffa834b: ; not directly referenced +fcn_fffa82f9: ; not directly referenced push ebp mov ebp, esp push edi @@ -10569,15 +10532,15 @@ mov edi, eax push esi push ebx sub esp, 0x2c -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] cmp edx, 0x4a -ja short loc_fffa836a ; ja 0xfffa836a +ja short loc_fffa8318 ; ja 0xfffa8318 lea ebx, [edx + 1] xor esi, esi shr ebx, 1 -jmp short loc_fffa83ab ; jmp 0xfffa83ab +jmp short loc_fffa8359 ; jmp 0xfffa8359 -loc_fffa836a: ; not directly referenced +loc_fffa8318: ; not directly referenced mov edi, dword [eax + 0x18d1] sub esp, 0xc mov dword [ebp - 0x2c], edx @@ -10590,34 +10553,34 @@ add edx, eax mov esi, eax mov dword [ebp - 0x1c], edx -loc_fffa838d: ; not directly referenced +loc_fffa833b: ; not directly referenced sub esp, 0xc push edi call dword [ebx + 0x20] ; ucall mov edx, dword [ebp - 0x1c] add esp, 0x10 cmp edx, esi -ja short loc_fffa83a2 ; ja 0xfffa83a2 +ja short loc_fffa8350 ; ja 0xfffa8350 cmp eax, esi -jae short loc_fffa838d ; jae 0xfffa838d +jae short loc_fffa833b ; jae 0xfffa833b -loc_fffa83a2: ; not directly referenced +loc_fffa8350: ; not directly referenced mov edx, dword [ebp - 0x1c] cmp eax, edx -jae short loc_fffa83c1 ; jae 0xfffa83c1 -jmp short loc_fffa838d ; jmp 0xfffa838d +jae short loc_fffa836f ; jae 0xfffa836f +jmp short loc_fffa833b ; jmp 0xfffa833b -loc_fffa83ab: ; not directly referenced +loc_fffa8359: ; not directly referenced cmp esi, ebx -je short loc_fffa83c1 ; je 0xfffa83c1 +je short loc_fffa836f ; je 0xfffa836f mov edx, 0x4ce0 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f inc esi mov dword [ebp - 0x1c], eax -jmp short loc_fffa83ab ; jmp 0xfffa83ab +jmp short loc_fffa8359 ; jmp 0xfffa8359 -loc_fffa83c1: ; not directly referenced +loc_fffa836f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -10625,7 +10588,7 @@ pop edi pop ebp ret -fcn_fffa83c9: ; not directly referenced +fcn_fffa8377: ; not directly referenced push ebp mov ebp, esp push edi @@ -10637,51 +10600,51 @@ mov eax, dword [ebp + 8] mov dword [ebp - 0x20], edx mov dword [ebp - 0x30], eax mov byte [ebp - 0x31], al -mov eax, dword [edi + 0x5edc] +mov eax, dword [edi + 0x5edd] mov dword [ebp - 0x1c], eax mov ebx, dword [eax + 0xc] mov esi, dword [eax + 0x10] cmp dl, 8 -ja loc_fffa850b ; ja 0xfffa850b -jmp dword [edx*4 + ref_fffd3308] ; ujmp: jmp dword [edx*4 - 0x2ccf8] +ja loc_fffa84b9 ; ja 0xfffa84b9 +jmp dword [edx*4 + ref_fffd35f8] ; ujmp: jmp dword [edx*4 - 0x2ca08] -loc_fffa83ff: ; not directly referenced +loc_fffa83ad: ; not directly referenced and ecx, 0x1f and ebx, 0xfff07bff shl ecx, 0xf -jmp short loc_fffa8416 ; jmp 0xfffa8416 +jmp short loc_fffa83c4 ; jmp 0xfffa83c4 -loc_fffa840d: ; not directly referenced +loc_fffa83bb: ; not directly referenced and ecx, 0xf and bh, 0x87 shl ecx, 0xb -loc_fffa8416: ; not directly referenced +loc_fffa83c4: ; not directly referenced or ebx, ecx -jmp near loc_fffa850b ; jmp 0xfffa850b +jmp near loc_fffa84b9 ; jmp 0xfffa84b9 -loc_fffa841d: ; not directly referenced +loc_fffa83cb: ; not directly referenced and ecx, 0xf and ebx, 0xf00fffff mov eax, ecx shl eax, 0x14 shl ecx, 0x18 or ebx, eax -jmp short loc_fffa8416 ; jmp 0xfffa8416 +jmp short loc_fffa83c4 ; jmp 0xfffa83c4 -loc_fffa8432: ; not directly referenced +loc_fffa83e0: ; not directly referenced shl ecx, 0x1c and ebx, 0xfffffff -jmp short loc_fffa8416 ; jmp 0xfffa8416 +jmp short loc_fffa83c4 ; jmp 0xfffa83c4 -loc_fffa843d: ; not directly referenced +loc_fffa83eb: ; not directly referenced mov eax, ecx and esi, 0xffffffe0 and eax, 0xf and ecx, 0x10 -jmp short loc_fffa8492 ; jmp 0xfffa8492 +jmp short loc_fffa8440 ; jmp 0xfffa8440 -loc_fffa844a: ; not directly referenced +loc_fffa83f8: ; not directly referenced mov eax, ecx and esi, 0xfffffc1f and eax, 0xf @@ -10697,9 +10660,9 @@ shl eax, 0xa or esi, edx and esi, 0xffff83ff shl ecx, 0xe -jmp short loc_fffa8492 ; jmp 0xfffa8492 +jmp short loc_fffa8440 ; jmp 0xfffa8440 -loc_fffa847b: ; not directly referenced +loc_fffa8429: ; not directly referenced mov eax, ecx and esi, 0xfff07fff and eax, 0xf @@ -10707,12 +10670,12 @@ shl ecx, 0xf shl eax, 0xf and ecx, 0x80000 -loc_fffa8492: ; not directly referenced +loc_fffa8440: ; not directly referenced or esi, eax or esi, ecx -jmp short loc_fffa850b ; jmp 0xfffa850b +jmp short loc_fffa84b9 ; jmp 0xfffa84b9 -loc_fffa8498: ; not directly referenced +loc_fffa8446: ; not directly referenced and ecx, 1 and ebx, 0xfffffff7 lea eax, [ecx*8] @@ -10724,7 +10687,7 @@ mov dword [ebp - 0x38], ecx add eax, 0x1c mov dword [ebp - 0x2c], eax -loc_fffa84bd: ; not directly referenced +loc_fffa846b: ; not directly referenced mov eax, dword [ebp - 0x2c] mov ecx, 0xff mov edx, dword [ebp - 0x28] @@ -10734,55 +10697,55 @@ mov eax, dword [ebp - 0x38] and dword [ebp - 0x24], 0xfbffffff or dword [ebp - 0x24], eax mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebp - 0x24] mov edx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 cmp byte [ebp - 0x31], 0 -je short loc_fffa84fb ; je 0xfffa84fb +je short loc_fffa84a9 ; je 0xfffa84a9 mov eax, dword [ebp - 0x2c] mov ecx, dword [ebp - 0x24] mov dword [eax], ecx -loc_fffa84fb: ; not directly referenced +loc_fffa84a9: ; not directly referenced inc dword [ebp - 0x28] add dword [ebp - 0x2c], 0xcc cmp dword [ebp - 0x28], 2 -jne short loc_fffa84bd ; jne 0xfffa84bd +jne short loc_fffa846b ; jne 0xfffa846b -loc_fffa850b: ; not directly referenced +loc_fffa84b9: ; not directly referenced mov ecx, ebx mov edx, 0x3a14 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x3a18 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x30], 0 -je short loc_fffa8536 ; je 0xfffa8536 +je short loc_fffa84e4 ; je 0xfffa84e4 mov eax, dword [ebp - 0x1c] mov dword [eax + 0xc], ebx mov dword [eax + 0x10], esi -loc_fffa8536: ; not directly referenced +loc_fffa84e4: ; not directly referenced mov ecx, 0x115 mov edx, 0x5f08 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x78 mov eax, edi -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 cmp byte [ebp - 0x20], 0 -jne loc_fffa8620 ; jne 0xfffa8620 +jne loc_fffa85ce ; jne 0xfffa85ce mov edx, 0x3a04 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f and eax, 0x3f lea edx, [eax - 0x10] cmp dl, 0x20 -jbe loc_fffa8636 ; jbe 0xfffa8636 +jbe loc_fffa85e4 ; jbe 0xfffa85e4 mov edx, ebx and ebx, 0xfffffff7 or edx, 8 @@ -10798,7 +10761,7 @@ mov byte [ebp - 0x24], al shl eax, 2 mov byte [ebp - 0x28], al -loc_fffa85a3: ; not directly referenced +loc_fffa8551: ; not directly referenced mov al, byte [esi + 3] mov ecx, 0xff add esi, 0xcc @@ -10807,18 +10770,18 @@ and eax, 0xfffffffb or eax, dword [ebp - 0x28] mov byte [esi - 0xc9], al mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [esi - 0xcc] mov edx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 inc dword [ebp - 0x20] cmp dword [ebp - 0x20], 2 -jne short loc_fffa85a3 ; jne 0xfffa85a3 +jne short loc_fffa8551 ; jne 0xfffa8551 mov ecx, ebx mov eax, edi mov edx, 0x3a14 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov esi, dword [ebp - 0x1c] mov ecx, 0x115 mov dl, byte [ebp - 0x24] @@ -10829,36 +10792,36 @@ or eax, edx mov edx, 0x5f08 mov byte [esi + 0xc], al mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x78 mov eax, edi -call fcn_fffa834b ; call 0xfffa834b -jmp short loc_fffa8636 ; jmp 0xfffa8636 +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp short loc_fffa85e4 ; jmp 0xfffa85e4 -loc_fffa8620: ; not directly referenced +loc_fffa85ce: ; not directly referenced mov al, byte [ebp - 0x20] dec eax cmp al, 7 -ja loc_fffa8702 ; ja 0xfffa8702 +ja loc_fffa86b0 ; ja 0xfffa86b0 movzx eax, al -jmp dword [eax*4 + ref_fffd332c] ; ujmp: jmp dword [eax*4 - 0x2ccd4] +jmp dword [eax*4 + ref_fffd361c] ; ujmp: jmp dword [eax*4 - 0x2c9e4] -loc_fffa8636: ; not directly referenced +loc_fffa85e4: ; not directly referenced mov edx, 0x3a04 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov esi, eax and esi, 0x3f cmp dword [edi + 0x188b], 0 -jne short loc_fffa8658 ; jne 0xfffa8658 +jne short loc_fffa8606 ; jne 0xfffa8606 shr eax, 9 and eax, 0x3f -jmp short loc_fffa865b ; jmp 0xfffa865b +jmp short loc_fffa8609 ; jmp 0xfffa8609 -loc_fffa8658: ; not directly referenced +loc_fffa8606: ; not directly referenced shr eax, 0x1a -loc_fffa865b: ; not directly referenced +loc_fffa8609: ; not directly referenced mov edx, esi and ebx, 0xfffffc0f sub eax, edx @@ -10869,69 +10832,69 @@ or ebx, eax mov eax, edi or bh, 4 mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x30], 0 -je short loc_fffa868a ; je 0xfffa868a +je short loc_fffa8638 ; je 0xfffa8638 mov eax, dword [ebp - 0x1c] mov dword [eax + 0xc], ebx -loc_fffa868a: ; not directly referenced +loc_fffa8638: ; not directly referenced mov eax, esi movzx esi, al -jmp short loc_fffa8704 ; jmp 0xfffa8704 +jmp short loc_fffa86b2 ; jmp 0xfffa86b2 -loc_fffa8691: ; not directly referenced +loc_fffa863f: ; not directly referenced mov edx, 0x3a00 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dl, al and edx, 0x3f cmp dword [edi + 0x188b], 0 -jne short loc_fffa86b0 ; jne 0xfffa86b0 +jne short loc_fffa865e ; jne 0xfffa865e shr eax, 0x1a -jmp short loc_fffa86b3 ; jmp 0xfffa86b3 +jmp short loc_fffa8661 ; jmp 0xfffa8661 -loc_fffa86b0: ; not directly referenced +loc_fffa865e: ; not directly referenced shr eax, 0x14 -loc_fffa86b3: ; not directly referenced +loc_fffa8661: ; not directly referenced and eax, 0x1f movzx edx, dl cmp byte [ebp - 0x20], 1 movzx esi, al cmove esi, edx -jmp short loc_fffa8704 ; jmp 0xfffa8704 +jmp short loc_fffa86b2 ; jmp 0xfffa86b2 -loc_fffa86c5: ; not directly referenced +loc_fffa8673: ; not directly referenced mov edx, 0x3a08 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov esi, eax and esi, 0x3f shr eax, 0xc cmp byte [ebp - 0x20], 2 -jne short loc_fffa8704 ; jne 0xfffa8704 -jmp short loc_fffa86fb ; jmp 0xfffa86fb +jne short loc_fffa86b2 ; jne 0xfffa86b2 +jmp short loc_fffa86a9 ; jmp 0xfffa86a9 -loc_fffa86e1: ; not directly referenced +loc_fffa868f: ; not directly referenced mov edx, 0x3a10 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov esi, eax and esi, 0x1f cmp byte [ebp - 0x20], 4 -jne short loc_fffa8704 ; jne 0xfffa8704 +jne short loc_fffa86b2 ; jne 0xfffa86b2 shr eax, 0xb -loc_fffa86fb: ; not directly referenced +loc_fffa86a9: ; not directly referenced mov esi, eax and esi, 0x3f -jmp short loc_fffa8704 ; jmp 0xfffa8704 +jmp short loc_fffa86b2 ; jmp 0xfffa86b2 -loc_fffa8702: ; not directly referenced +loc_fffa86b0: ; not directly referenced xor esi, esi -loc_fffa8704: ; not directly referenced +loc_fffa86b2: ; not directly referenced add esp, 0x2c mov eax, esi pop ebx @@ -10940,7 +10903,7 @@ pop edi pop ebp ret -fcn_fffa870e: ; not directly referenced +fcn_fffa86bc: ; not directly referenced push ebp mov ecx, 0x10200 mov ebp, esp @@ -10948,15 +10911,15 @@ push ebx mov ebx, eax push edx mov edx, 0x5060 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, ebx mov edx, 0xf pop ecx pop ebx pop ebp -jmp near fcn_fffa834b ; jmp 0xfffa834b +jmp near fcn_fffa82f9 ; jmp 0xfffa82f9 -fcn_fffa8733: ; not directly referenced +fcn_fffa86e1: ; not directly referenced push ebp mov ebp, esp push edi @@ -10973,15 +10936,15 @@ mov dword [ebp - 0x1c], eax mov eax, esi mov dword [ebp - 0x20], ecx imul edi, edi, 0x13c3 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x20] mov ebx, eax imul eax, ecx, 0x128 and ebx, 0xfffff8c0 lea eax, [eax + edi + 0x48b0] -lea edx, [esi + eax + 0x19] +lea edx, [esi + eax + 0x1a] cmp byte [edx + 0xcf], 1 -jne short loc_fffa879d ; jne 0xfffa879d +jne short loc_fffa874b ; jne 0xfffa874b mov edi, ebx mov eax, 1 shl eax, cl @@ -10992,11 +10955,11 @@ and edi, 3 shl edi, 6 or ebx, edi -loc_fffa879d: ; not directly referenced +loc_fffa874b: ; not directly referenced and byte [ebp + 8], 0x3f or ebx, dword [ebp + 8] cmp byte [edx + 0xce], 1 -jne short loc_fffa87c6 ; jne 0xfffa87c6 +jne short loc_fffa8774 ; jne 0xfffa8774 mov edx, ebx mov eax, 1 shl eax, cl @@ -11007,11 +10970,11 @@ and edx, 3 shl edx, 0xe or ebx, edx -loc_fffa87c6: ; not directly referenced +loc_fffa8774: ; not directly referenced mov edx, dword [ebp - 0x1c] mov ecx, ebx mov eax, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x1c pop ebx pop esi @@ -11019,18 +10982,3666 @@ pop edi pop ebp ret -fcn_fffa87da: -mov eax, dword [0xff7d0270] +fcn_fffa8788: ; not directly referenced push ebp mov ebp, esp -lea edx, [eax + 4] +push edi +push esi +push ebx +sub esp, 0x3c +mov eax, dword [ebp + 8] +mov esi, dword [eax + 0x188b] +mov ebx, dword [eax + 0x18a7] +mov al, byte [eax + 0x36ca] +test esi, esi +sete cl +test al, al +sete dl +test cl, dl +jne loc_fffa8a07 ; jne 0xfffa8a07 +dec esi +sete dl +dec al +sete al +test dl, al +jne loc_fffa8a07 ; jne 0xfffa8a07 +mov eax, dword [ebp + 8] +mov dword [ebp - 0x2c], 0 +lea edi, [eax + 0x3757] +imul eax, ebx, 0x2e +mov dword [ebp - 0x38], eax + +loc_fffa87df: ; not directly referenced +cmp dword [edi], 2 +jne loc_fffa89f4 ; jne 0xfffa89f4 +mov eax, dword [ebp - 0x38] +mov ecx, dword [ebp - 0x2c] +mov byte [ebp - 0x1c], 0 +mov byte [ebp - 0x1b], 2 +cmp word [edi + eax + 8], 2 +mov byte [ebp - 0x1a], 3 +mov byte [ebp - 0x19], 2 +sete al +movzx eax, al +add eax, eax +mov byte [ebp - 0x31], al +mov eax, dword [ebp + 8] +mov edx, dword [eax + 0x5edd] +imul eax, ecx, 0xcc +lea ebx, [edx + eax + 0x1c] +mov eax, dword [ebp + 8] +mov esi, dword [eax + 0x18a7] +mov eax, ecx +shl eax, 0xa +lea ecx, [eax + 0x4004] +mov dword [ebp - 0x30], eax +mov eax, dword [ebp + 8] +mov edx, ecx +mov dword [ebp - 0x48], ecx +imul esi, esi, 0x2e +call fcn_fffb331f ; call 0xfffb331f +add esi, edi +mov dword [ebx + 0xa0], eax +movzx eax, word [esi + 8] +mov dl, byte [ebp + eax - 0x1d] +mov al, byte [ebx + 0xa3] +shl edx, 6 +and eax, 0x3f +or eax, edx +mov edx, dword [ebp - 0x48] +mov byte [ebx + 0xa3], al +mov eax, dword [ebp + 8] +mov ecx, dword [ebx + 0xa0] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x30] +add eax, 0x400c +mov edx, eax +mov dword [ebp - 0x48], eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebx + 0xa8], eax +mov ax, word [esi + 8] +mov esi, dword [ebp + 8] +mov ecx, dword [esi + 0x2481] +mov edx, dword [esi + 0x36d8] +cmp ecx, 3 +jne short loc_fffa88be ; jne 0xfffa88be +cmp edx, 0x536 +sbb eax, eax +add eax, 6 +jmp short loc_fffa8908 ; jmp 0xfffa8908 + +loc_fffa88be: ; not directly referenced +cmp ecx, 2 +jne short loc_fffa88dc ; jne 0xfffa88dc +mov eax, 5 +cmp edx, 0x640 +jbe short loc_fffa8908 ; jbe 0xfffa8908 +mov al, 6 +cmp edx, 0x74b +jbe short loc_fffa8908 ; jbe 0xfffa8908 +jmp short loc_fffa88fd ; jmp 0xfffa88fd + +loc_fffa88dc: ; not directly referenced +cmp edx, 0x640 +ja short loc_fffa88ec ; ja 0xfffa88ec +movzx eax, al +add eax, 4 +jmp short loc_fffa8908 ; jmp 0xfffa8908 + +loc_fffa88ec: ; not directly referenced +cmp edx, 0x74b +ja short loc_fffa88fd ; ja 0xfffa88fd +cmp al, 3 +sbb eax, eax +add eax, 7 +jmp short loc_fffa8908 ; jmp 0xfffa8908 + +loc_fffa88fd: ; not directly referenced +cmp edx, 0x856 +sbb eax, eax +add eax, 8 + +loc_fffa8908: ; not directly referenced +cmp eax, 0xf +mov edx, 0xf +cmovbe edx, eax +mov al, byte [ebx + 0xa8] +xor esi, esi +mov cl, dl +shl ecx, 6 +shr edx, 2 +and eax, 0x3f +and edx, 3 +or eax, ecx +mov byte [ebx + 0xa8], al +mov al, byte [ebx + 0xa9] +and eax, 0xfffffffc +or eax, edx +mov byte [ebx + 0xa9], al +mov ecx, dword [ebx + 0xa8] +xor ebx, ebx +mov edx, dword [ebp - 0x48] +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebp - 0x31] +xor ecx, ecx +mov dl, byte [edi + 0xc4] +mov byte [ebp - 0x48], 0 +sub eax, 4 +test dl, 1 +je short loc_fffa897d ; je 0xfffa897d +mov cl, al +add cl, byte [edi + 0x1015] +mov byte [edi + 0x1015], cl +and ecx, 0x7f + +loc_fffa897d: ; not directly referenced +and dl, 2 +je short loc_fffa8995 ; je 0xfffa8995 +mov dl, al +add dl, byte [edi + 0x1016] +mov esi, edx +mov byte [edi + 0x1016], dl +and esi, 0x7f + +loc_fffa8995: ; not directly referenced +mov dl, byte [edi + 0xc4] +test dl, 4 +je short loc_fffa89b1 ; je 0xfffa89b1 +mov bl, al +add bl, byte [edi + 0x1017] +mov byte [edi + 0x1017], bl +and ebx, 0x7f + +loc_fffa89b1: ; not directly referenced +and dl, 8 +je short loc_fffa89c8 ; je 0xfffa89c8 +add al, byte [edi + 0x1018] +mov byte [edi + 0x1018], al +and eax, 0x7f +mov byte [ebp - 0x48], al + +loc_fffa89c8: ; not directly referenced +mov eax, dword [ebp - 0x48] +and esi, 0x7f +and ecx, 0x7f +shl esi, 8 +and ebx, 0x7f +mov edx, dword [ebp - 0x30] +shl ebx, 0x10 +or ecx, esi +or ecx, ebx +shl eax, 0x18 +or ecx, eax +mov eax, dword [ebp + 8] +add edx, 0x4024 +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa89f4: ; not directly referenced +inc dword [ebp - 0x2c] +add edi, 0x13c3 +cmp dword [ebp - 0x2c], 2 +jne loc_fffa87df ; jne 0xfffa87df + +loc_fffa8a07: ; not directly referenced +add esp, 0x3c +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffa8a11: ; not directly referenced +push ebp +mov ecx, 4 +mov ebp, esp +push edi +push esi +mov esi, ref_fffd36c4 ; mov esi, 0xfffd36c4 +push ebx +sub esp, 0x6c +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x54] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov byte [ebp - 0x5d], 0 +mov eax, dword [ebx + 0x2444] +mov dword [ebp - 0x5c], 0 +mov dword [ebp - 0x64], eax +lea eax, [ebx + 0x381b] + +loc_fffa8a46: ; not directly referenced +mov cl, byte [eax] +mov byte [ebp - 0x5e], cl +and cl, 1 +jne short loc_fffa8ab4 ; jne 0xfffa8ab4 + +loc_fffa8a50: ; not directly referenced +test byte [ebp - 0x5e], 4 +je loc_fffa8b07 ; je 0xfffa8b07 +movzx edx, word [eax + 0x12c0] +mov ecx, 1 +imul edx, dword [eax + 0x12bc] +movzx edi, byte [eax + 0x12c6] +movzx esi, byte [eax + 0x12c5] +shr edx, 0x14 +cmp byte [eax + 0x12c6], 0 +cmovne ecx, edi +movzx edi, byte [eax + 0x12c8] +imul edi, esi +imul edi, edx +movzx edx, byte [eax + 0x12ca] +imul edi, ecx +movzx edx, word [ebp + edx*2 - 0x54] +cmp edx, edi +mov edx, 1 +cmove edx, dword [ebp - 0x5c] +mov dword [ebp - 0x5c], edx +jmp short loc_fffa8b07 ; jmp 0xfffa8b07 + +loc_fffa8ab4: ; not directly referenced +movzx edx, word [eax + 0x1198] +imul edx, dword [eax + 0x1194] +movzx ecx, byte [eax + 0x119e] +movzx esi, byte [eax + 0x119d] +shr edx, 0x14 +test cl, cl +jne short loc_fffa8adc ; jne 0xfffa8adc +mov ecx, 1 + +loc_fffa8adc: ; not directly referenced +movzx edi, byte [eax + 0x11a0] +imul esi, edi +imul esi, edx +movzx edx, byte [eax + 0x11a2] +imul esi, ecx +movzx edx, word [ebp + edx*2 - 0x54] +cmp edx, esi +je loc_fffa8a50 ; je 0xfffa8a50 +mov dword [ebp - 0x5c], 1 + +loc_fffa8b07: ; not directly referenced +inc byte [ebp - 0x5d] +add eax, 0x13c3 +cmp byte [ebp - 0x5d], 2 +jne loc_fffa8a46 ; jne 0xfffa8a46 +cmp dword [ebp - 0x5c], 1 +je loc_fffa8c87 ; je 0xfffa8c87 +push edx +push 0 +push 0x2c +lea eax, [ebp - 0x44] +push eax +mov eax, dword [ebp - 0x64] +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp byte [ebx + 0x3749], 1 +mov dword [ebp - 0x58], 1 +je short loc_fffa8b49 ; je 0xfffa8b49 + +loc_fffa8b45: ; not directly referenced +xor esi, esi +jmp short loc_fffa8ba3 ; jmp 0xfffa8ba3 + +loc_fffa8b49: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa8b75 ; jne 0xfffa8b75 +mov edx, 0x5004 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5004 +mov ecx, eax +mov dword [ebp - 0x68], eax +and ecx, 0xfcffffff +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa8b75: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8b45 ; jne 0xfffa8b45 +mov edx, 0x5008 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5008 +mov ecx, eax +mov dword [ebp - 0x6c], eax +and ecx, 0xfcffffff +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffa8b45 ; jmp 0xfffa8b45 + +loc_fffa8ba3: ; not directly referenced +movzx eax, byte [ebx + 0x248e] +bt eax, esi +jb short loc_fffa8bbb ; jb 0xfffa8bbb + +loc_fffa8baf: ; not directly referenced +add esi, 2 +cmp esi, 4 +jne short loc_fffa8ba3 ; jne 0xfffa8ba3 +xor edi, edi +jmp short loc_fffa8c0a ; jmp 0xfffa8c0a + +loc_fffa8bbb: ; not directly referenced +push eax +mov ecx, esi +push eax +mov edi, 1 +lea eax, [ebp - 0x58] +push eax +mov eax, ebx +push 0 +lea edx, [ebp - 0x44] +call fcn_fffad0c1 ; call 0xfffad0c1 +mov ecx, esi +xor edx, edx +shl edi, cl +mov eax, ebx +mov ecx, edi +call fcn_fffad317 ; call 0xfffad317 +mov ecx, edi +mov edx, 1 +mov byte [ebp - 0x5c], al +mov eax, ebx +call fcn_fffad317 ; call 0xfffad317 +or eax, dword [ebp - 0x5c] +movzx edx, al +mov eax, ebx +call fcn_fffb33a7 ; call 0xfffb33a7 +add esp, 0x10 +mov edi, eax +test eax, eax +je short loc_fffa8baf ; je 0xfffa8baf + +loc_fffa8c0a: ; not directly referenced +cmp byte [ebx + 0x3749], 1 +jne short loc_fffa8c43 ; jne 0xfffa8c43 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa8c2b ; jne 0xfffa8c2b +mov ecx, dword [ebp - 0x68] +mov edx, 0x5004 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa8c2b: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8c43 ; jne 0xfffa8c43 +mov ecx, dword [ebp - 0x6c] +mov edx, 0x5008 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa8c43: ; not directly referenced +mov edx, 0x3c +mov eax, ebx +call fcn_fffa82f9 ; call 0xfffa82f9 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa8c69 ; jne 0xfffa8c69 +mov ecx, 0x3000 +mov edx, 0x48a8 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa8c69: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8c83 ; jne 0xfffa8c83 +mov ecx, 0x3000 +mov edx, 0x48b0 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa8c83: ; not directly referenced +test edi, edi +je short loc_fffa8c91 ; je 0xfffa8c91 + +loc_fffa8c87: ; not directly referenced +mov dword [ebx + 0x374b], 1 + +loc_fffa8c91: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffa8c9b: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x3c +mov edi, dword [ebp + 8] +mov eax, dword [edi + 0x2444] +cmp byte [edi + 0x190d], 0 +mov edx, dword [edi + 0x18a7] +mov esi, dword [edi + 0x2481] +mov dword [ebp - 0x30], eax +je loc_fffa9196 ; je 0xfffa9196 +cmp esi, 3 +sete al +mov byte [ebp - 0x2c], al +movzx eax, al +mov dword [ebp - 0x38], eax +mov eax, dword [edi + 0x36cc] +test eax, eax +je loc_fffa8e37 ; je 0xfffa8e37 +dec eax +jne loc_fffa9196 ; jne 0xfffa9196 +movzx ebx, byte [edi + 0x2480] +test ebx, ebx +sete al +or al, byte [ebp - 0x2c] +je short loc_fffa8d6f ; je 0xfffa8d6f +mov ecx, dword [ebp - 0x30] +xor eax, eax +cmp dword [edi + 0x188b], 1 +mov edx, dword [ecx + 0x80] +sete al +mov esi, eax +lea esi, [esi + esi + 0x18] +lea eax, [eax + eax + 0x17] +test edx, edx +je short loc_fffa8d6f ; je 0xfffa8d6f +lea ecx, [ebp - 0x20] +push ecx +lea ecx, [ebp - 0x1c] +push ecx +push eax +push 1 +call edx +mov al, byte [ebp - 0x19] +add esp, 0x10 +test al, al +js short loc_fffa8d6f ; js 0xfffa8d6f +or eax, 0xffffff80 +mov byte [ebp - 0x19], al +mov al, byte [ebp - 0x1c] +or eax, 1 +cmp dword [edi + 0x2481], 3 +mov byte [ebp - 0x1c], al +jne short loc_fffa8d59 ; jne 0xfffa8d59 +and eax, 0xfffffff1 +or eax, 8 +mov byte [ebp - 0x1c], al + +loc_fffa8d59: ; not directly referenced +lea eax, [ebp - 0x20] +push eax +mov eax, dword [ebp - 0x30] +push dword [ebp - 0x1c] +push esi +push 1 +call dword [eax + 0x84] ; ucall +add esp, 0x10 + +loc_fffa8d6f: ; not directly referenced +cmp ebx, 1 +mov edx, 0x64 +mov eax, 0x32 +cmove edx, eax +cmp dword [ebp - 0x38], 1 +jne short loc_fffa8da6 ; jne 0xfffa8da6 +mov edx, 0x5880 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5880 +and al, 0x7f +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x61 + +loc_fffa8da6: ; not directly referenced +mov cl, byte [ebp - 0x2c] +dec ebx +sete al +or cl, al +je loc_fffa9196 ; je 0xfffa9196 +movzx eax, dx +xor esi, esi +lea ebx, [edi + 0x4a08] +mov dword [ebp - 0x2c], eax + +loc_fffa8dc3: ; not directly referenced +cmp dword [ebx - 0x12b1], 2 +jne short loc_fffa8e1c ; jne 0xfffa8e1c +movzx eax, word [ebx - 0x129b] +mov ecx, 0x64 +imul eax, dword [ebp - 0x2c] +cdq +idiv ecx +cmp dword [ebx - 0x13e], 2 +mov word [ebx - 0x129b], ax +jne short loc_fffa8e04 ; jne 0xfffa8e04 +movzx eax, word [ebx - 0x128] +imul eax, dword [ebp - 0x2c] +cdq +idiv ecx +mov word [ebx - 0x128], ax + +loc_fffa8e04: ; not directly referenced +cmp dword [ebx - 0x16], 2 +jne short loc_fffa8e1c ; jne 0xfffa8e1c +movzx eax, word [ebx] +mov ecx, 0x64 +imul eax, dword [ebp - 0x2c] +cdq +idiv ecx +mov word [ebx], ax + +loc_fffa8e1c: ; not directly referenced +mov edx, esi +mov eax, edi +inc esi +add ebx, 0x13c3 +call fcn_fffb3431 ; call 0xfffb3431 +cmp esi, 2 +je loc_fffa9196 ; je 0xfffa9196 +jmp short loc_fffa8dc3 ; jmp 0xfffa8dc3 + +loc_fffa8e37: ; not directly referenced +cmp dword [edi + 0x36e9], 0 +je short loc_fffa8e4d ; je 0xfffa8e4d +cmp byte [edi + 0x1916], 0 +jne loc_fffa9196 ; jne 0xfffa9196 + +loc_fffa8e4d: ; not directly referenced +test byte [edi + 0x36cb], 0xf7 +je loc_fffa9196 ; je 0xfffa9196 +cmp dword [edi + 0x3757], 2 +mov dword [ebp - 0x40], 0 +mov dword [ebp - 0x44], 0 +mov dword [ebp - 0x34], 0 +je short loc_fffa8e8c ; je 0xfffa8e8c +cmp dword [edi + 0x4b1a], 2 +mov eax, 1 +jne loc_fffa8f2c ; jne 0xfffa8f2c +jmp short loc_fffa8e8e ; jmp 0xfffa8e8e + +loc_fffa8e8c: ; not directly referenced +xor eax, eax + +loc_fffa8e8e: ; not directly referenced +imul eax, eax, 0x13c3 +lea ecx, [edi + eax + 0x3757] +imul eax, edx, 0x2e +lea eax, [ecx + eax + 4] +movzx ecx, word [eax + 0x1a] +movzx edx, word [eax + 0x10] +movzx eax, word [eax + 0xc] +lea edx, [ecx + edx + 1] +mov cl, 0x7f +mov bl, dl +and ebx, 0x7f +cmp edx, 0x7f +cmovbe ecx, ebx +mov ebx, 0xa +imul eax, eax, 0xf +xor edx, edx +and ecx, 0x7f +div ebx +mov bl, 0x7f +cmp dl, 1 +mov edx, 0x4e44 +sbb eax, 0xffffffff +cmp eax, 0x7f +cmovbe ebx, eax +mov eax, edi +and ebx, 0x7f +shl ecx, 8 +or ecx, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa8ef0: ; not directly referenced +mov eax, dword [ebp - 0x30] +call dword [eax + 0x7c] ; ucall +mov ebx, eax +xor ax, ax +call fcn_fffb38d9 ; call 0xfffb38d9 +mov dl, al +movzx eax, bx +mov dword [ebp - 0x2c], edx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x2c] +test al, al +sete al +test dl, dl +sete dl +or al, dl +jne short loc_fffa8ef0 ; jne 0xfffa8ef0 +mov ecx, ebx +mov edx, 0x2bb8 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa8f2c: ; not directly referenced +cmp esi, 2 +je loc_fffa9196 ; je 0xfffa9196 +mov ecx, dword [edi + 0x1912] +mov eax, 0x800 +mov dl, 0xb + +loc_fffa8f42: ; not directly referenced +movzx ebx, dl +cmp ebx, ecx +lea eax, [eax + eax] +jae short loc_fffa8f4f ; jae 0xfffa8f4f +inc edx +jmp short loc_fffa8f42 ; jmp 0xfffa8f42 + +loc_fffa8f4f: ; not directly referenced +call fcn_fffb396b ; call 0xfffb396b +mov byte [ebp - 0x2c], 0x11 +sub byte [ebp - 0x2c], al +movzx eax, byte [ebp - 0x2c] +mov word [ebp - 0x48], ax + +loc_fffa8f63: ; not directly referenced +mov eax, dword [ebp - 0x30] +xor ebx, ebx +mov esi, 1 +call dword [eax + 0x7c] ; ucall +xor edx, edx +mov dword [ebp - 0x3c], eax + +loc_fffa8f75: ; not directly referenced +mov cl, dl +cmp bx, word [ebp - 0x48] +je short loc_fffa8f95 ; je 0xfffa8f95 +mov eax, esi +shl eax, cl +mov ecx, dword [ebp - 0x3c] +and ecx, eax +cmp ecx, 1 +sbb bx, 0xffff +inc edx +cmp edx, 0x10 +jne short loc_fffa8f75 ; jne 0xfffa8f75 +mov cl, 0x10 + +loc_fffa8f95: ; not directly referenced +mov ebx, 1 +shl ebx, cl +dec ebx +and ebx, dword [ebp - 0x3c] +movzx eax, bx +call fcn_fffb38d9 ; call 0xfffb38d9 +cmp al, byte [ebp - 0x2c] +jne short loc_fffa8f63 ; jne 0xfffa8f63 +mov edx, ebx +xor esi, esi +mov word [ebp - 0x40], bx +not edx + +loc_fffa8fb7: ; not directly referenced +mov ecx, esi +mov eax, 0xfffffffe +rol eax, cl +and eax, edx +movzx ecx, ax +mov edx, eax +mov word [ebp - 0x30], ax +mov eax, ecx +mov dword [ebp - 0x48], edx +mov dword [ebp - 0x3c], ecx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov ecx, dword [ebp - 0x3c] +mov edx, dword [ebp - 0x48] +cmp al, byte [ebp - 0x2c] +jne short loc_fffa900b ; jne 0xfffa900b + +loc_fffa8fe3: ; not directly referenced +shl ecx, 0x10 +mov eax, edi +mov edx, ecx +movzx ecx, word [ebp - 0x40] +xor esi, esi +or ebx, dword [ebp - 0x30] +or ecx, edx +mov edx, 0x4e38 +mov word [ebp - 0x3c], bx +not ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov word [ebp - 0x30], bx +jmp short loc_fffa9019 ; jmp 0xfffa9019 + +loc_fffa900b: ; not directly referenced +inc esi +cmp esi, 0x10 +jne short loc_fffa8fb7 ; jne 0xfffa8fb7 +jmp short loc_fffa8fe3 ; jmp 0xfffa8fe3 + +loc_fffa9013: ; not directly referenced +inc esi +cmp esi, 0x10 +je short loc_fffa9038 ; je 0xfffa9038 + +loc_fffa9019: ; not directly referenced +mov ebx, dword [ebp - 0x30] +mov edx, 0xfffffffe +mov ecx, esi +rol edx, cl +and ebx, edx +movzx eax, bx +mov word [ebp - 0x30], ax +call fcn_fffb38d9 ; call 0xfffb38d9 +cmp al, byte [ebp - 0x2c] +jne short loc_fffa9013 ; jne 0xfffa9013 + +loc_fffa9038: ; not directly referenced +mov word [ebp - 0x44], bx +xor esi, esi +or ebx, dword [ebp - 0x3c] +not ebx +jmp short loc_fffa9056 ; jmp 0xfffa9056 + +loc_fffa9045: ; not directly referenced +mov ecx, esi +mov eax, 0xfffffffe +rol eax, cl +inc esi +and ebx, eax +cmp esi, 0x10 +je short loc_fffa9063 ; je 0xfffa9063 + +loc_fffa9056: ; not directly referenced +movzx eax, bx +call fcn_fffb38d9 ; call 0xfffb38d9 +cmp al, byte [ebp - 0x2c] +jne short loc_fffa9045 ; jne 0xfffa9045 + +loc_fffa9063: ; not directly referenced +movzx ecx, word [ebp - 0x44] +shl ebx, 0x10 +mov edx, 0x4e3c +mov eax, edi +or ecx, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov dword [ebp - 0x2c], 0 + +loc_fffa907f: ; not directly referenced +imul esi, dword [ebp - 0x2c], 0x13c3 +cmp dword [edi + esi + 0x3757], 2 +jne loc_fffa9189 ; jne 0xfffa9189 +xor ebx, ebx +test byte [edi + esi + 0x381b], 1 +je short loc_fffa90f5 ; je 0xfffa90f5 +cmp dword [ebp - 0x38], 0 +jne short loc_fffa90c7 ; jne 0xfffa90c7 +imul eax, dword [ebp - 0x2c], 0x54a +mov ax, word [edi + eax + 0x1a4f] +cmp ax, 0xce00 +sete bl +cmp ax, 0xfe02 +sete al +or ebx, eax +jmp short loc_fffa90f5 ; jmp 0xfffa90f5 + +loc_fffa90c7: ; not directly referenced +push edx +xor ecx, ecx +push edx +mov edx, dword [ebp - 0x2c] +lea eax, [ebp - 0x1c] +push eax +mov eax, edi +push 5 +call fcn_fffa681b ; call 0xfffa681b +lea eax, [ebp - 0x1c] +add esp, 0x10 +mov cl, 1 + +loc_fffa90e3: ; not directly referenced +mov dl, byte [eax] +and edx, 0xfffffffd +dec dl +cmove ebx, ecx +inc eax +lea edx, [ebp - 0x18] +cmp eax, edx +jne short loc_fffa90e3 ; jne 0xfffa90e3 + +loc_fffa90f5: ; not directly referenced +test byte [edi + esi + 0x381b], 4 +je short loc_fffa915f ; je 0xfffa915f +cmp dword [ebp - 0x38], 0 +je short loc_fffa913b ; je 0xfffa913b +mov edx, dword [ebp - 0x2c] +mov ecx, 2 +push eax +push eax +lea eax, [ebp - 0x1c] +push eax +mov eax, edi +push 5 +call fcn_fffa681b ; call 0xfffa681b +lea eax, [ebp - 0x1c] +add esp, 0x10 +lea ecx, [ebp - 0x18] + +loc_fffa9125: ; not directly referenced +mov dl, byte [eax] +mov esi, ebx +or esi, 2 +and edx, 0xfffffffd +dec dl +cmove ebx, esi +inc eax +cmp eax, ecx +jne short loc_fffa9125 ; jne 0xfffa9125 +jmp short loc_fffa915f ; jmp 0xfffa915f + +loc_fffa913b: ; not directly referenced +imul eax, dword [ebp - 0x2c], 0x54a +mov ax, word [edi + eax + 0x1cc6] +cmp ax, 0xfe02 +sete dl +cmp ax, 0xce00 +sete al +or dl, al +je short loc_fffa915f ; je 0xfffa915f +or ebx, 2 + +loc_fffa915f: ; not directly referenced +and dword [ebp - 0x34], 0xffffff9f +and ebx, 3 +shl ebx, 5 +mov edx, dword [ebp - 0x2c] +mov eax, edi +or dword [ebp - 0x34], ebx +or dword [ebp - 0x34], 0x80000000 +mov ecx, dword [ebp - 0x34] +shl edx, 0xa +add edx, 0x4240 +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa9189: ; not directly referenced +inc dword [ebp - 0x2c] +cmp dword [ebp - 0x2c], 2 +jne loc_fffa907f ; jne 0xfffa907f + +loc_fffa9196: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffa91a0: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x6c +mov ebx, dword [ebp + 8] +mov dword [ebp - 0x68], 0 +mov dword [ebp - 0x4c], 0 +mov dword [ebp - 0x60], 0 +mov eax, dword [ebx + 0x2481] +mov dword [ebp - 0x58], eax +mov eax, dword [ebx + 0x1887] +mov dword [ebp - 0x6c], eax +mov eax, dword [ebx + 0x188b] +mov dword [ebp - 0x5c], eax +lea eax, [ebx + 0x3757] +mov dword [ebp - 0x50], eax +mov eax, dword [ebx + 0x5edd] +lea esi, [eax + 0x1c] + +loc_fffa91ee: ; not directly referenced +mov eax, dword [ebp - 0x50] +cmp dword [eax], 2 +jne loc_fffa93c2 ; jne 0xfffa93c2 +cmp dword [ebp - 0x5c], 1 +jne short loc_fffa9231 ; jne 0xfffa9231 +mov dl, byte [esi + 3] +mov ecx, 0xff +mov al, dl +and edx, 0xffffffbf +mov byte [esi + 3], dl +mov edx, dword [ebp - 0x4c] +shr al, 6 +and eax, 1 +mov byte [esi + 0xcb], al +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [esi] +mov edx, eax +mov eax, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffa9231: ; not directly referenced +cmp dword [ebp - 0x58], 3 +je loc_fffa9385 ; je 0xfffa9385 +mov eax, dword [ebp - 0x50] +mov dword [ebp - 0x54], 0 +mov dword [ebp - 0x64], eax + +loc_fffa9248: ; not directly referenced +mov ecx, dword [ebp - 0x54] +mov eax, 1 +mov dl, cl +shl eax, cl +mov ecx, dword [ebp - 0x50] +test byte [ecx + 0xc4], al +jne short loc_fffa9271 ; jne 0xfffa9271 + +loc_fffa925f: ; not directly referenced +inc dword [ebp - 0x54] +add dword [ebp - 0x64], 9 +cmp dword [ebp - 0x54], 4 +jne short loc_fffa9248 ; jne 0xfffa9248 +jmp near loc_fffa92f6 ; jmp 0xfffa92f6 + +loc_fffa9271: ; not directly referenced +cmp dword [ebp - 0x58], 2 +sete cl +cmp dword [ebp - 0x6c], 0x306d0 +sete al +test cl, al +je short loc_fffa925f ; je 0xfffa925f +mov eax, edx +shr dl, 1 +and eax, 1 +movzx edx, dl +imul eax, eax, 0x18 +imul edx, edx, 0x128 +add edx, eax +mov eax, dword [ebp - 0x50] +test word [eax + edx + 0x126f], 0x600 +je short loc_fffa925f ; je 0xfffa925f +xor edi, edi + +loc_fffa92ac: ; not directly referenced +mov eax, dword [ebp - 0x64] +mov edx, dword [ebp - 0x4c] +mov byte [eax + edi + 0x24d], 0x3f +mov eax, ebx +push ecx +mov ecx, dword [ebp - 0x54] +push 0x3f +push 2 +push edi +call fcn_fffa735e ; call 0xfffa735e +mov ecx, edi +mov eax, ebx +or byte [esi + edi*4 + 0x2a], 0x80 +mov edx, dword [ebp - 0x4c] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [esi + edi*4 + 0x28] +inc edi +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +add esp, 0x10 +cmp edi, 9 +jne short loc_fffa92ac ; jne 0xfffa92ac +jmp near loc_fffa925f ; jmp 0xfffa925f + +loc_fffa92f6: ; not directly referenced +cmp dword [ebp - 0x5c], 1 +jne loc_fffa9385 ; jne 0xfffa9385 +cmp dword [ebp - 0x68], 0 +jne short loc_fffa9385 ; jne 0xfffa9385 +mov eax, dword [esi + 0x28] +mov edx, 0x3a28 +mov edi, eax +mov dword [ebp - 0x68], eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov ecx, edi +mov edx, edi +shr ecx, 0x15 +and ecx, 1 +shr edx, 0x15 +and edx, 2 +and eax, 0xfffffffc +or eax, ecx +or eax, edx +mov edx, edi +mov edi, dword [ebp - 0x60] +shr edx, 9 +and eax, 0xff01ffff +and edx, 0xe0000 +or eax, edx +mov edx, 0x3a28 +or eax, 0x800000 +cmp dword [ebp - 0x58], 2 +mov ecx, eax +cmove edi, dword [ebp - 0x5c] +mov eax, ebx +mov dword [ebp - 0x60], edi +call fcn_fffb3381 ; call 0xfffb3381 +test edi, edi +je short loc_fffa9385 ; je 0xfffa9385 +mov edx, 0x5f09 +mov eax, ebx +mov ecx, 1 +call fcn_fffb335b ; call 0xfffb335b +mov edx, 0x96 +mov eax, ebx +call fcn_fffa82f9 ; call 0xfffa82f9 + +loc_fffa9385: ; not directly referenced +cmp byte [ebx + 0x3749], 1 +jne short loc_fffa93c2 ; jne 0xfffa93c2 +mov eax, dword [ebp - 0x4c] +lea edi, [eax*4 + 0x5004] +mov eax, ebx +mov edx, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +and eax, 0xfcffffff +or eax, 0x1000000 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x3c +mov eax, ebx +call fcn_fffa82f9 ; call 0xfffa82f9 + +loc_fffa93c2: ; not directly referenced +inc dword [ebp - 0x4c] +add esi, 0xcc +add dword [ebp - 0x50], 0x13c3 +cmp dword [ebp - 0x4c], 2 +jne loc_fffa91ee ; jne 0xfffa91ee +lea edi, [ebp - 0x3c] +mov esi, ref_fffd36d4 ; mov esi, 0xfffd36d4 +mov ecx, 9 +mov eax, ebx +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x48] +mov esi, ref_fffd36f8 ; mov esi, 0xfffd36f8 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov ecx, 0x1010101 +mov esi, 8 +push edx +push edx +xor edx, edx +push 0 +push 8 +call fcn_fffa7f8c ; call 0xfffa7f8c +lea edi, [ebp - 0x3c] +add esp, 0x10 + +loc_fffa9416: ; not directly referenced +push eax +mov ecx, 0x41041041 +push eax +mov eax, ebx +push esi +add esi, 6 +push 6 +mov edx, dword [edi] +add edi, 4 +call fcn_fffa7f8c ; call 0xfffa7f8c +add esp, 0x10 +cmp esi, 0x3e +jne short loc_fffa9416 ; jne 0xfffa9416 +lea edx, [ebp - 0x48] +mov eax, ebx +call fcn_fffa660c ; call 0xfffa660c +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa945b ; jne 0xfffa945b +mov ecx, 0xa010102 +mov edx, 0x4078 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa945b: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa9475 ; jne 0xfffa9475 +mov ecx, 0xa010102 +mov edx, 0x4478 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa9475: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffa947f: ; not directly referenced +push ebp +mov ebp, esp +push edi +movzx edi, dl +push esi +push ebx +sub esp, 0x4c +mov esi, dword [ebp + 0x14] +mov byte [ebp - 0x27], cl +mov cl, byte [ebp + 8] +mov ebx, dword [ebp + 0xc] +mov byte [ebp - 0x26], dl +mov edx, 0x4c31 +mov dword [ebp - 0x38], esi +imul esi, edi, 0x13c3 +mov byte [ebp - 0x48], cl +xor ecx, ecx +mov dword [ebp - 0x20], edi +mov byte [ebp - 0x34], bl +lea edi, [eax + esi + 0x3757] +mov dword [ebp - 0x1c], eax +call fcn_fffb335b ; call 0xfffb335b +cmp byte [edi + 0x1241], 1 +sete al +mov dl, al +mov cl, al +mov eax, dword [ebp - 0x20] +or edx, 2 +cmp byte [edi + 0x1369], 1 +cmove ecx, edx +shl eax, 0xa +mov edi, ecx +lea edx, [eax + 0x41bc] +xor ecx, ecx +mov dword [ebp - 0x2c], eax +mov eax, dword [ebp - 0x1c] +call fcn_fffb335b ; call 0xfffb335b +mov eax, ebx +and eax, 1 +lea edx, [eax + eax] +mov al, bl +and eax, 2 +and ebx, 4 +shr al, 1 +or eax, ebx +or eax, edx +mov ebx, eax +movzx eax, byte [ebp - 0x34] +add esi, dword [ebp - 0x1c] +shl ebx, 0x18 +mov dword [ebp - 0x30], ebx +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x25], 0 +mov dword [ebp - 0x4c], esi +mov dword [ebp - 0x34], eax + +loc_fffa952e: ; not directly referenced +mov cl, byte [ebp - 0x24] +mov ebx, 1 +mov esi, dword [ebp - 0x4c] +shl ebx, cl +mov al, bl +and al, byte [esi + 0x381b] +test byte [ebp - 0x27], al +je loc_fffa95d6 ; je 0xfffa95d6 +mov ecx, dword [ebp - 0x34] +xor edx, edx +mov esi, dword [ebp + 0x10] +and ecx, 0xf +shl ecx, 0x18 +mov eax, ecx +mov cl, byte [ebp - 0x24] +shr cl, 1 +movzx ecx, cl +mov si, word [esi + ecx*2] +mov ax, si +test byte [ebp - 0x24], 1 +je short loc_fffa9597 ; je 0xfffa9597 +inc ecx +test ecx, edi +je short loc_fffa9597 ; je 0xfffa9597 +mov edx, esi +and ax, 0x150 +and dx, 0xfe07 +and esi, 0xa8 +shr ax, 1 +add esi, esi +or eax, edx +or eax, esi +movzx eax, ax +add eax, dword [ebp - 0x30] +cdq + +loc_fffa9597: ; not directly referenced +mov esi, dword [ebp - 0x48] +mov ecx, edx +not ebx +or ecx, 0xf000000 +and ebx, 0xf +and ch, 0xf0 +and esi, 0xf +shl esi, 8 +or ecx, esi +and ecx, 0xfffffff0 +or ecx, ebx +mov ebx, dword [ebp - 0x2c] +mov edx, ecx +push ecx +push ecx +push edx +push eax +mov eax, dword [ebp - 0x1c] +lea ecx, [ebx + 0x41c0] +mov edx, ecx +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 +inc byte [ebp - 0x25] + +loc_fffa95d6: ; not directly referenced +inc dword [ebp - 0x24] +cmp dword [ebp - 0x24], 4 +jne loc_fffa952e ; jne 0xfffa952e +cmp byte [ebp - 0x25], 0 +jne short loc_fffa95f3 ; jne 0xfffa95f3 + +loc_fffa95e9: ; not directly referenced +mov eax, 1 +jmp near loc_fffa96c3 ; jmp 0xfffa96c3 + +loc_fffa95f3: ; not directly referenced +mov edi, dword [ebp - 0x38] +mov cl, 3 +mov edx, dword [ebp - 0x2c] +mov ebx, edi +mov eax, edi +mov edi, dword [ebp - 0x1c] +add edx, 0x419c +and eax, 7 +test bl, bl +cmovne ecx, eax +mov al, byte [ebp - 0x25] +and ecx, 7 +dec eax +and eax, 7 +shl eax, 0x10 +or ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x20] +lea ebx, [eax*8 + 0x48a8] +mov eax, edi +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +mov dword [ebp - 0x1c], edi +mov ecx, eax +mov esi, eax +and ch, 0xc7 +mov eax, edi +or ch, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x20] +mov ecx, 5 +mov eax, dword [ebp - 0x1c] +lea edi, [edx*4 + 0x48b8] +mov edx, edi +call fcn_fffb335b ; call 0xfffb335b + +loc_fffa9668: ; not directly referenced +mov eax, dword [ebp - 0x1c] +mov edx, 0x4804 +call fcn_fffb331f ; call 0xfffb331f +cmp byte [ebp - 0x26], 0 +jne short loc_fffa968e ; jne 0xfffa968e +test al, 1 +jne loc_fffa95e9 ; jne 0xfffa95e9 +shr eax, 0x10 +and eax, 1 +xor eax, 1 +jmp short loc_fffa96a1 ; jmp 0xfffa96a1 + +loc_fffa968e: ; not directly referenced +test al, 2 +jne loc_fffa95e9 ; jne 0xfffa95e9 +shr eax, 0x10 +shr al, 1 +xor eax, 1 +and eax, 1 + +loc_fffa96a1: ; not directly referenced +test al, al +jne short loc_fffa9668 ; jne 0xfffa9668 +mov edx, edi +mov edi, dword [ebp - 0x1c] +mov ecx, 4 +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b +mov eax, edi +mov ecx, esi +mov edx, ebx +call fcn_fffb3381 ; call 0xfffb3381 +xor eax, eax + +loc_fffa96c3: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffa96cb: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov esi, dword [ebp + 8] +mov ebx, dword [ebp + 0xc] +cmp cl, 3 +ja short loc_fffa96eb ; ja 0xfffa96eb +mov word [ebp - 0x1c], bx +mov word [ebp - 0x1a], 0 +jmp short loc_fffa96f5 ; jmp 0xfffa96f5 + +loc_fffa96eb: ; not directly referenced +mov word [ebp - 0x1c], 0 +mov word [ebp - 0x1a], bx + +loc_fffa96f5: ; not directly referenced +cmp dword [eax + 0x2481], 2 +movzx edi, dl +mov edx, esi +movzx ecx, cl +push 0 +movzx esi, dl +sete bl +mov dword [ebp - 0x2c], edi +lea edi, [ebp - 0x1c] +mov edx, dword [ebp - 0x2c] +push edi +shl ebx, 3 +push esi +movzx ebx, bl +push ebx +call fcn_fffa947f ; call 0xfffa947f +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffa972b: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0xe0 +mov esi, dword [ebp + 8] +mov edi, dword [ebp + 0x14] +mov byte [ebp - 0x9f], cl +mov ebx, dword [ebp + 0x10] +mov dword [ebp - 0x80], eax mov eax, dword [ebp + 0xc] -mov dword [eax], edx +mov ecx, esi +mov dword [ebp - 0xd8], esi +mov esi, ref_fffd3704 ; mov esi, 0xfffd3704 +mov dword [ebp - 0xac], edi +mov dword [ebp - 0xb8], edx +mov byte [ebp - 0xdc], dl +mov edx, edi +mov byte [ebp - 0xc8], cl +lea edi, [ebp - 0x50] +mov ecx, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x38] +mov esi, ref_fffd3710 ; mov esi, 0xfffd3710 +mov dword [ebp - 0x88], eax +mov byte [ebp - 0xa0], al +mov byte [ebp - 0x9d], dl +mov word [ebp - 0x7c], bx +mov word [ebp - 0x60], 0 +mov word [ebp - 0x5e], 2 +mov cl, 4 +mov word [ebp - 0x5c], 1 +mov word [ebp - 0x5a], 3 +mov word [ebp - 0x64], 0 +mov word [ebp - 0x62], 2 +mov byte [ebp - 0x6a], 1 +mov byte [ebp - 0x69], 2 +mov byte [ebp - 0x68], 3 +mov byte [ebp - 0x67], 0 +mov byte [ebp - 0x66], 2 +mov byte [ebp - 0x65], 3 +movzx edx, byte [ebp - 0xb8] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, dword [ebp - 0x80] +imul eax, edx, 0x13c3 +mov dword [ebp - 0x84], edx +mov esi, dword [edi + 0x5edd] +lea eax, [edi + eax + 0x3757] +mov dword [ebp - 0xa8], eax +imul eax, edx, 0xcc +mov ecx, esi +mov dword [ebp - 0xa4], esi +mov esi, dword [edi + 0x2444] +lea edx, [ecx + eax + 0x1c] +mov dword [ebp - 0x9c], edx +mov edx, dword [edi + 0x188b] +lea eax, [ebp - 0x50] +push 0xc +push eax +lea eax, [ebp - 0x44] +push eax +mov dword [ebp - 0x98], edx +call dword [esi + 0x58] ; ucall +add esp, 0xc +push 8 +lea eax, [ebp - 0x60] +push eax +lea eax, [ebp - 0x58] +push eax +call dword [esi + 0x58] ; ucall +mov eax, dword [edi + 0x2481] +add esp, 0xc +xor edx, edx +push 0x10 +cmp eax, 3 +sete dl +mov dword [ebp - 0xb4], edx +xor edx, edx +cmp eax, 2 +lea eax, [ebp - 0x38] +sete dl +push eax +lea eax, [ebp - 0x28] +mov dword [ebp - 0xb0], edx +push eax +call dword [esi + 0x58] ; ucall +mov ecx, dword [ebp - 0x88] +add esp, 0x10 +cmp cl, 3 +sete al +cmp cl, 1 +setbe dl +or dl, al +jne short loc_fffa98ac ; jne 0xfffa98ac +mov edx, ecx +cmp cl, 0x11 +sete cl +cmp dl, 2 +sete dl +or cl, dl +je loc_fffa995e ; je 0xfffa995e + +loc_fffa98ac: ; not directly referenced +mov ecx, dword [ebp - 0x88] +cmp cl, 1 +sbb esi, esi +and esi, 0x10 +add esi, 0xf +cmp cl, 1 +sbb edx, edx +and edx, 0xfffffff0 +sub edx, 0x10 +cmp bx, si +jg short loc_fffa98d5 ; jg 0xfffa98d5 +cmp dx, bx +mov esi, ebx +cmovge esi, edx + +loc_fffa98d5: ; not directly referenced +mov ebx, dword [ebp - 0x9c] +movzx ecx, byte [ebp - 0xd8] +cmp byte [ebp - 0x88], 0 +lea edi, [ebx + ecx*4] +mov ebx, dword [edi + 0x78] +jne loc_fffaa406 ; jne 0xfffaa406 +mov eax, esi +and ebx, 0xfffff000 +and eax, 0x3f +mov edx, eax +or ebx, eax +shl edx, 6 +or ebx, edx + +loc_fffa9909: ; not directly referenced +cmp byte [ebp - 0xb8], 1 +mov edx, 0x365c +jbe loc_fffaa459 ; jbe 0xfffaa459 + +loc_fffa991b: ; not directly referenced +mov ecx, dword [ebp - 0x80] +lea eax, [edx + 0xc] +cmp dword [ecx + 0x188b], 1 +mov ecx, ebx +cmove edx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0xac], 0 +je short loc_fffa9941 ; je 0xfffa9941 +mov dword [edi + 0x78], ebx + +loc_fffa9941: ; not directly referenced +mov eax, dword [ebp - 0xa4] +mov edx, 0x2008 +mov ecx, dword [eax + 0x18] +mov eax, dword [ebp - 0x80] +or ecx, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +mov word [ebp - 0x7c], si + +loc_fffa995e: ; not directly referenced +mov eax, dword [ebp - 0x88] +cmp al, 0x11 +sete cl +sub eax, 4 +cmp al, 1 +setbe al +or al, cl +mov byte [ebp - 0x9e], cl +je loc_fffa9b92 ; je 0xfffa9b92 +mov eax, dword [ebp - 0xa8] +xor edi, edi +lea esi, [eax + 0x24d] +imul eax, dword [ebp - 0x84], 0x13c3 +add eax, dword [ebp - 0x80] +mov dword [ebp - 0xe4], eax +movzx eax, byte [ebp - 0x9f] +mov dword [ebp - 0xe8], eax + +loc_fffa99ad: ; not directly referenced +mov ebx, dword [ebp - 0xe4] +mov eax, 1 +mov ecx, edi +shl eax, cl +test byte [ebx + 0x381b], al +je loc_fffa9b85 ; je 0xfffa9b85 +mov eax, dword [ebp - 0xe8] +bt eax, edi +jae loc_fffa9b85 ; jae 0xfffa9b85 +cmp byte [ebp - 0xa0], 4 +jne loc_fffa9a7c ; jne 0xfffa9a7c +cmp dword [ebp - 0x98], 0 +jne short loc_fffa99fe ; jne 0xfffa99fe +mov ebx, dword [ebp - 0x7c] +mov eax, 0xb +cmp bx, 0xb +cmovle eax, ebx +jmp short loc_fffa9a21 ; jmp 0xfffa9a21 + +loc_fffa99fe: ; not directly referenced +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9a25 ; jne 0xfffa9a25 +mov ecx, dword [ebp - 0x7c] +mov eax, 0xf +cmp cx, 0xf +cmovle eax, ecx +mov ecx, eax +or eax, 0x10 +test byte [esi], 0x10 +cmove eax, ecx + +loc_fffa9a21: ; not directly referenced +mov word [ebp - 0x7c], ax + +loc_fffa9a25: ; not directly referenced +mov ebx, dword [ebp - 0x7c] +mov eax, 0 +mov ecx, edi +push edx +mov edx, dword [ebp - 0x84] +test bx, bx +cmovns eax, ebx +movzx ebx, byte [ebp - 0xc8] +mov word [ebp - 0x7c], ax +or eax, 0x30 +mov word [ebp - 0xe0], ax +cwde +push eax +mov eax, dword [ebp - 0x80] +push 2 +push ebx +call fcn_fffa735e ; call 0xfffa735e +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je loc_fffa9b85 ; je 0xfffa9b85 +mov al, byte [ebp - 0xe0] +mov byte [esi + ebx], al +jmp near loc_fffa9b85 ; jmp 0xfffa9b85 + +loc_fffa9a7c: ; not directly referenced +cmp byte [ebp - 0xa0], 5 +jne loc_fffa9b3e ; jne 0xfffa9b3e +cmp dword [ebp - 0x98], 0 +jne short loc_fffa9ac9 ; jne 0xfffa9ac9 +cmp word [ebp - 0x7c], 0x13 +jg short loc_fffa9aad ; jg 0xfffa9aad +mov ecx, dword [ebp - 0x7c] +mov eax, 0 +test cx, cx +cmovns eax, ecx +mov word [ebp - 0x7c], ax +jmp short loc_fffa9ab3 ; jmp 0xfffa9ab3 + +loc_fffa9aad: ; not directly referenced +mov word [ebp - 0x7c], 0x13 + +loc_fffa9ab3: ; not directly referenced +mov eax, dword [ebp - 0x7c] +mov ecx, 5 +mov edx, eax +sar dx, 0xf +idiv cx +lea ebx, [edx + eax*8] +jmp short loc_fffa9afe ; jmp 0xfffa9afe + +loc_fffa9ac9: ; not directly referenced +xor ebx, ebx +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9afe ; jne 0xfffa9afe +mov eax, dword [ebp - 0x7c] +test ax, ax +jle short loc_fffa9afe ; jle 0xfffa9afe +movsx ebx, ax +mov eax, 0x10 +cmp bx, 0x10 +cmovle eax, ebx +mov word [ebp - 0x7c], ax +dec eax +mov ebx, eax +and eax, 3 +sar ebx, 2 +add eax, eax +lea ebx, [eax + ebx*8 + 1] + +loc_fffa9afe: ; not directly referenced +push eax +movzx eax, bl +mov edx, dword [ebp - 0x84] +push eax +movzx eax, byte [ebp - 0xc8] +mov ecx, edi +push 2 +push eax +mov dword [ebp - 0xe0], eax +mov eax, dword [ebp - 0x80] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffa9b85 ; je 0xfffa9b85 +mov eax, dword [ebp - 0xe0] +mov byte [esi + eax + 0xdd9], bl +jmp short loc_fffa9b85 ; jmp 0xfffa9b85 + +loc_fffa9b3e: ; not directly referenced +cmp byte [ebp - 0x9e], 0 +je short loc_fffa9b85 ; je 0xfffa9b85 +movzx ebx, byte [ebp - 0xc8] +mov ecx, edi +push eax +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +push 0 +push 0xff +push ebx +call fcn_fffa735e ; call 0xfffa735e +add esp, 0xc +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +mov ecx, edi +push 0 +push 0xff +push ebx +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 + +loc_fffa9b85: ; not directly referenced +inc edi +add esi, 9 +cmp edi, 4 +jne loc_fffa99ad ; jne 0xfffa99ad + +loc_fffa9b92: ; not directly referenced +cmp byte [ebp - 0x88], 6 +mov cl, byte [ebp - 0x9e] +sete al +or cl, al +je loc_fffa9cf1 ; je 0xfffa9cf1 +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9bc0 ; jne 0xfffa9bc0 +cmp word [ebp - 0x7c], 0x3f +jg loc_fffaa48b ; jg 0xfffaa48b +jmp short loc_fffa9bcb ; jmp 0xfffa9bcb + +loc_fffa9bc0: ; not directly referenced +cmp word [ebp - 0x7c], 7 +jg loc_fffaa496 ; jg 0xfffaa496 + +loc_fffa9bcb: ; not directly referenced +mov edi, dword [ebp - 0x7c] +mov edx, 0 +test di, di +cmovns edx, edi +mov word [ebp - 0x7c], dx + +loc_fffa9bdd: ; not directly referenced +movzx edi, byte [ebp - 0xd8] +mov ecx, dword [ebp - 0x9c] +mov dword [ebp - 0xc8], edi +lea edi, [ecx + edi*4] +mov ebx, dword [edi + 4] +mov esi, dword [edi + 0x28] +test al, al +je short loc_fffa9c3a ; je 0xfffa9c3a +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9c2c ; jne 0xfffa9c2c +mov ecx, dword [ebp - 0x7c] +and bh, 0xe3 +and esi, 0xe3ffffff +mov eax, ecx +sar ax, 3 +and eax, 7 +shl eax, 0xa +or ebx, eax +mov eax, ecx +and eax, 7 +shl eax, 0x1a +or esi, eax +jmp short loc_fffa9c3a ; jmp 0xfffa9c3a + +loc_fffa9c2c: ; not directly referenced +mov eax, dword [ebp - 0x7c] +and bh, 0xe3 +and eax, 7 +shl eax, 0xa +or ebx, eax + +loc_fffa9c3a: ; not directly referenced +mov ecx, dword [ebp - 0xc8] +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, ebx +mov edx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9c83 ; jne 0xfffa9c83 +mov ecx, dword [ebp - 0xc8] +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, esi +mov edx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa9c83: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffa9cf1 ; je 0xfffa9cf1 +cmp dword [ebp - 0x98], 1 +mov dword [edi + 4], ebx +jne short loc_fffa9cf1 ; jne 0xfffa9cf1 +mov ebx, dword [ebp - 0x80] +mov edx, 0x3a28 +mov dword [edi + 0x28], esi +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +movzx ecx, byte [ebx + 0x2489] +xor edx, edx +mov esi, eax +xor eax, eax + +loc_fffa9cb7: ; not directly referenced +cmp cl, dl +jbe short loc_fffa9cd0 ; jbe 0xfffa9cd0 +mov edi, dword [ebp - 0x9c] +mov bl, byte [edi + edx*4 + 0x2b] +inc edx +shr bl, 2 +and ebx, 7 +add eax, ebx +jmp short loc_fffa9cb7 ; jmp 0xfffa9cb7 + +loc_fffa9cd0: ; not directly referenced +xor edx, edx +and esi, 0xfff1ffff +div ecx +mov ecx, esi +mov edx, 0x3a28 +and eax, 7 +shl eax, 0x11 +or ecx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffa9cf1: ; not directly referenced +cmp byte [ebp - 0x88], 9 +je short loc_fffa9d10 ; je 0xfffa9d10 + +loc_fffa9cfa: ; not directly referenced +mov al, byte [ebp - 0x88] +sub eax, 7 +cmp al, 1 +ja loc_fffa9f84 ; ja 0xfffa9f84 +jmp near loc_fffa9fa3 ; jmp 0xfffa9fa3 + +loc_fffa9d10: ; not directly referenced +cmp dword [ebp - 0xb4], 0 +je loc_fffa9ddc ; je 0xfffa9ddc +mov edi, dword [ebp - 0x7c] +mov al, 2 +mov ecx, edi +mov ebx, edi +cmp cl, 2 +cmovbe eax, ebx +xor ebx, ebx +imul edx, dword [ebp - 0x84], 0x13c3 +movzx eax, al +add edx, dword [ebp - 0x80] +mov dword [ebp - 0xc8], eax +mov dword [ebp - 0x98], edx + +loc_fffa9d4a: ; not directly referenced +mov esi, dword [ebp - 0x98] +mov eax, 1 +mov cl, bl +mov dl, bl +shl eax, cl +test byte [esi + 0x381b], al +je short loc_fffa9dcd ; je 0xfffa9dcd +test byte [ebp - 0x9f], al +je short loc_fffa9dcd ; je 0xfffa9dcd +mov eax, edx +mov edi, dword [ebp - 0xa8] +shr dl, 1 +and eax, 1 +movzx edx, dl +imul edx, edx, 0x128 +imul eax, eax, 0x18 +lea eax, [eax + edx + 0x1260] +movzx edx, byte [ebp - 0xdc] +lea edi, [edi + eax + 0xb] +mov eax, dword [ebp - 0xc8] +movzx esi, byte [ebp + eax - 0x6a] +mov ax, word [edi + 6] +push ecx +mov ecx, ebx +push 0 +and eax, 0xfffffff0 +or esi, eax +movzx eax, si +push eax +mov eax, dword [ebp - 0x80] +push 3 +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffa9dcd ; je 0xfffa9dcd +mov word [edi + 6], si + +loc_fffa9dcd: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffa9d4a ; jne 0xfffa9d4a +jmp near loc_fffa9cfa ; jmp 0xfffa9cfa + +loc_fffa9ddc: ; not directly referenced +cmp dword [ebp - 0xb0], 1 +mov dword [ebp - 0x98], 0 +sbb ebx, ebx +xor eax, eax +and ebx, 0xffffffe4 +sub ebx, 7 +cmp byte [ebp - 0x7c], 0 +setne al +mov ax, word [ebp + eax*2 - 0x64] +mov word [ebp - 0xc8], ax +imul eax, dword [ebp - 0x84], 0x13c3 +add eax, dword [ebp - 0x80] +mov dword [ebp - 0xd8], eax + +loc_fffa9e1d: ; not directly referenced +mov edi, dword [ebp - 0x98] +mov eax, 1 +mov ecx, edi +mov edx, edi +shl eax, cl +mov ecx, dword [ebp - 0xd8] +test byte [ecx + 0x381b], al +je short loc_fffa9e9c ; je 0xfffa9e9c +test byte [ebp - 0x9f], al +je short loc_fffa9e9c ; je 0xfffa9e9c +mov ecx, edx +mov esi, dword [ebp - 0xa8] +shr dl, 1 +and ecx, 1 +movzx edx, dl +imul ecx, ecx, 0x18 +imul edx, edx, 0x128 +lea edx, [ecx + edx + 0x1260] +mov ecx, eax +mov eax, dword [ebp - 0x80] +lea edi, [esi + edx + 0xb] +mov esi, ebx +and si, word [edi + 2] +or esi, dword [ebp - 0xc8] +push edx +push edx +movzx edx, si +push edx +mov edx, dword [ebp - 0x84] +push 1 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffa9e9c ; je 0xfffa9e9c +mov word [edi + 2], si + +loc_fffa9e9c: ; not directly referenced +inc dword [ebp - 0x98] +cmp dword [ebp - 0x98], 4 +jne loc_fffa9e1d ; jne 0xfffa9e1d +jmp near loc_fffa9cfa ; jmp 0xfffa9cfa + +loc_fffa9eb4: ; not directly referenced +mov esi, dword [ebp - 0xb0] +mov dword [ebp - 0xb4], 0 +cmp esi, 1 +sbb eax, eax +mov dword [ebp - 0xd8], eax +add eax, 3 +and word [ebp - 0xd8], 0x4bc +sub word [ebp - 0xd8], 0x701 +cmp esi, 1 +mov esi, dword [ebp - 0x7c] +sbb ebx, ebx +mov dword [ebp - 0xc8], ebx +mov dword [ebp - 0x98], ebx +and byte [ebp - 0xc8], 0xfe +and byte [ebp - 0x98], 0xfa +mov edx, esi +sar dx, 4 +mov ecx, esi +add byte [ebp - 0xc8], 7 +add byte [ebp - 0x98], 8 +cmp byte [ebp - 0x88], 7 +cmovne edx, ecx +cmp al, dl +cmova eax, edx +movzx eax, al +mov dword [ebp - 0xdc], eax +imul eax, dword [ebp - 0x84], 0x13c3 +add eax, dword [ebp - 0x80] +mov dword [ebp - 0xe0], eax +mov eax, esi +and eax, 0xf +mov byte [ebp - 0xe4], al + +loc_fffa9f52: ; not directly referenced +mov edi, dword [ebp - 0xb4] +mov ebx, 1 +mov esi, dword [ebp - 0xe0] +mov ecx, edi +mov eax, edi +shl ebx, cl +test byte [esi + 0x381b], bl +jne loc_fffaa063 ; jne 0xfffaa063 + +loc_fffa9f75: ; not directly referenced +inc dword [ebp - 0xb4] +cmp dword [ebp - 0xb4], 4 +jne short loc_fffa9f52 ; jne 0xfffa9f52 + +loc_fffa9f84: ; not directly referenced +mov al, byte [ebp - 0x88] +sub eax, 0xa +cmp al, 1 +setbe al +or al, byte [ebp - 0x9e] +jne loc_fffaa151 ; jne 0xfffaa151 +jmp near loc_fffaa258 ; jmp 0xfffaa258 + +loc_fffa9fa3: ; not directly referenced +cmp dword [ebp - 0xb4], 0 +je loc_fffa9eb4 ; je 0xfffa9eb4 +mov ebx, dword [ebp - 0x7c] +mov al, 2 +cmp bl, 2 +cmovbe eax, ebx +xor ebx, ebx +imul esi, dword [ebp - 0x84], 0x13c3 +movzx eax, al +add esi, dword [ebp - 0x80] +mov dword [ebp - 0x84], eax +mov dword [ebp - 0x7c], esi + +loc_fffa9fd6: ; not directly referenced +mov edi, dword [ebp - 0x7c] +mov eax, 1 +mov cl, bl +mov dl, bl +shl eax, cl +test byte [edi + 0x381b], al +je short loc_fffaa054 ; je 0xfffaa054 +test byte [ebp - 0x9f], al +je short loc_fffaa054 ; je 0xfffaa054 +mov al, bl +and edx, 1 +mov ecx, dword [ebp - 0xa8] +shr al, 1 +mov esi, dword [ebp - 0x84] +movzx eax, al +imul edx, edx, 0x18 +imul eax, eax, 0x128 +movzx esi, byte [ebp + esi - 0x67] +add eax, edx +movzx edx, byte [ebp - 0xdc] +lea edi, [ecx + eax + 0x1260] +mov ax, word [edi + 0x19] +push ecx +mov ecx, ebx +push 0 +and eax, 0xfffffffc +or esi, eax +movzx eax, si +push eax +mov eax, dword [ebp - 0x80] +push 0xb +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffaa054 ; je 0xfffaa054 +mov word [edi + 0x19], si + +loc_fffaa054: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffa9fd6 ; jne 0xfffa9fd6 +jmp near loc_fffaa4a1 ; jmp 0xfffaa4a1 + +loc_fffaa063: ; not directly referenced +test byte [ebp - 0x9f], bl +je loc_fffa9f75 ; je 0xfffa9f75 +mov edx, eax +mov edi, dword [ebp - 0xa8] +mov ecx, ebx +shr al, 1 +and edx, 1 +movzx eax, al +imul edx, edx, 0x18 +imul eax, eax, 0x128 +lea eax, [edx + eax + 0x1260] +lea edi, [edi + eax + 0xb] +mov eax, dword [ebp - 0xdc] +mov si, word [ebp + eax*2 - 0x58] +mov ax, word [edi + 4] +push edx +push edx +mov edx, dword [ebp - 0x84] +shl esi, 9 +and ah, 0xf9 +or esi, eax +movzx eax, si +push eax +mov eax, dword [ebp - 0x80] +push 2 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffaa0d2 ; je 0xfffaa0d2 +mov word [edi + 4], si + +loc_fffaa0d2: ; not directly referenced +cmp byte [ebp - 0xa0], 8 +je loc_fffa9f75 ; je 0xfffa9f75 +mov esi, dword [ebp - 0xc8] +mov al, byte [ebp - 0xe4] +mov ecx, esi +cmp cl, al +cmova esi, eax +cmp dword [ebp - 0xb0], 0 +mov eax, esi +movzx eax, al +je short loc_fffaa107 ; je 0xfffaa107 +movzx eax, word [ebp + eax*2 - 0x28] +jmp short loc_fffaa10c ; jmp 0xfffaa10c + +loc_fffaa107: ; not directly referenced +movzx eax, word [ebp + eax*2 - 0x44] + +loc_fffaa10c: ; not directly referenced +mov cl, byte [ebp - 0x98] +mov esi, dword [ebp - 0xd8] +and si, word [edi + 2] +mov edx, dword [ebp - 0x84] +shl eax, cl +mov ecx, ebx +or esi, eax +push eax +push eax +movzx eax, si +push eax +mov eax, dword [ebp - 0x80] +push 1 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je loc_fffa9f75 ; je 0xfffa9f75 +mov word [edi + 2], si +jmp near loc_fffa9f75 ; jmp 0xfffa9f75 + +loc_fffaa151: ; not directly referenced +mov ecx, dword [ebp - 0x88] +cmp cl, 0xb +sete al +movzx edi, al +setne al +movzx eax, al +lea edi, [edi*8 + 7] +lea eax, [eax*8 - 0x10] +cmp word [ebp - 0x7c], di +jg short loc_fffaa183 ; jg 0xfffaa183 +mov edi, dword [ebp - 0x7c] +cmp ax, di +cmovge edi, eax + +loc_fffaa183: ; not directly referenced +mov eax, dword [ebp - 0x9c] +cmp byte [ebp - 0x88], 0xa +mov ebx, dword [eax + 0x4c] +mov esi, dword [eax + 0x50] +jne short loc_fffaa1b9 ; jne 0xfffaa1b9 +mov eax, edi +and ebx, 0xfffe01ff +and eax, 0xf +and esi, 0xfffe01ff +mov edx, eax +shl edx, 9 +shl eax, 0xd +or ebx, edx +or ebx, eax +or esi, edx +jmp short loc_fffaa1cf ; jmp 0xfffaa1cf + +loc_fffaa1b9: ; not directly referenced +cmp byte [ebp - 0x88], 0xb +jne short loc_fffaa1d1 ; jne 0xfffaa1d1 +mov eax, edi +and ebx, 0xffffffe0 +and eax, 0x1f +and esi, 0xffffffe0 +or ebx, eax + +loc_fffaa1cf: ; not directly referenced +or esi, eax + +loc_fffaa1d1: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffaa1e6 ; je 0xfffaa1e6 +mov eax, dword [ebp - 0x9c] +mov dword [eax + 0x4c], ebx +mov dword [eax + 0x50], esi + +loc_fffaa1e6: ; not directly referenced +mov eax, dword [ebp - 0x84] +mov ecx, ebx +shl eax, 8 +lea edx, [eax + 0x1404] +mov dword [ebp - 0x7c], eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x7c] +mov ecx, ebx +lea edx, [eax + 0x1a04] +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x7c] +mov ecx, ebx +mov ebx, dword [ebp - 0x80] +lea edx, [eax + 0x1204] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x7c] +mov ecx, esi +lea edx, [eax + 0x3414] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0xa4] +mov edx, 0x2008 +mov ecx, dword [eax + 0x18] +mov eax, ebx +or ecx, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +mov word [ebp - 0x7c], di + +loc_fffaa258: ; not directly referenced +cmp byte [ebp - 0x88], 0xf +mov al, byte [ebp - 0x9e] +sete dl +or al, dl +je loc_fffaa332 ; je 0xfffaa332 +mov ecx, dword [ebp - 0x7c] +mov eax, 0xfffffff8 +mov ebx, 7 +cmp cx, 0xfff8 +cmovge eax, ecx +cmp ax, 7 +cmovg eax, ebx +mov word [ebp - 0x7c], ax +mov eax, dword [ebp - 0xa4] +mov ebx, dword [eax + 0xc] +test dl, dl +je short loc_fffaa2e6 ; je 0xfffaa2e6 +cmp byte [ebp - 0xb8], 1 +jne short loc_fffaa2ce ; jne 0xfffaa2ce +mov eax, dword [ebp - 0x80] +cmp dword [eax + 0x3757], 2 +jne short loc_fffaa2ce ; jne 0xfffaa2ce +mov edx, 0x3a14 +call fcn_fffb331f ; call 0xfffb331f +mov esi, dword [ebp - 0x7c] +shr eax, 0x14 +and eax, 0xf +cmp si, ax +cmovge eax, esi +mov word [ebp - 0x7c], ax + +loc_fffaa2ce: ; not directly referenced +mov eax, dword [ebp - 0x7c] +and ebx, 0xf00fffff +and eax, 0xf +mov edx, eax +shl edx, 0x14 +shl eax, 0x18 +or ebx, edx +or ebx, eax + +loc_fffaa2e6: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffaa2f8 ; je 0xfffaa2f8 +mov eax, dword [ebp - 0xa4] +mov dword [eax + 0xc], ebx + +loc_fffaa2f8: ; not directly referenced +mov edi, dword [ebp - 0x80] +mov ecx, ebx +mov edx, 0x3a14 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +or ah, 1 +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x78 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 + +loc_fffaa332: ; not directly referenced +cmp byte [ebp - 0x88], 0xc +mov cl, byte [ebp - 0x9e] +sete al +or cl, al +je loc_fffaa4a1 ; je 0xfffaa4a1 +test al, al +je short loc_fffaa356 ; je 0xfffaa356 +mov bl, byte [ebp - 0x7c] +and ebx, 3 +jmp short loc_fffaa362 ; jmp 0xfffaa362 + +loc_fffaa356: ; not directly referenced +mov eax, dword [ebp - 0x9c] +mov bl, byte [eax + 0xb4] + +loc_fffaa362: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffaa377 ; je 0xfffaa377 +mov eax, dword [ebp - 0x9c] +mov byte [eax + 0xb4], bl + +loc_fffaa377: ; not directly referenced +mov esi, dword [ebp - 0x84] +and ebx, 3 +mov eax, dword [ebp - 0x80] +shl ebx, 0xd +shl esi, 8 +lea edi, [esi + 0x140c] +mov edx, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +lea edi, [esi + 0x1a0c] +add esi, 0x121c +and ah, 0x9f +or eax, ebx +mov ecx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x80] +mov edx, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +mov edi, dword [ebp - 0x80] +and ah, 0x9f +or eax, ebx +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, esi +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, esi +and ah, 0x9f +or eax, ebx +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0xa4] +mov edx, 0x2008 +mov ecx, dword [eax + 0x18] +mov eax, edi +or ecx, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffaa4a1 ; jmp 0xfffaa4a1 + +loc_fffaa406: ; not directly referenced +cmp byte [ebp - 0x88], 1 +jne short loc_fffaa426 ; jne 0xfffaa426 +mov eax, esi +and ebx, 0xffc00fff +and eax, 0x1f +mov edx, eax +shl edx, 0xc +shl eax, 0x11 +or ebx, edx +jmp short loc_fffaa452 ; jmp 0xfffaa452 + +loc_fffaa426: ; not directly referenced +test al, al +je short loc_fffaa43a ; je 0xfffaa43a +mov eax, esi +and ebx, 0xf83fffff +and eax, 0x1f +shl eax, 0x16 +jmp short loc_fffaa452 ; jmp 0xfffaa452 + +loc_fffaa43a: ; not directly referenced +cmp byte [ebp - 0x88], 2 +jne loc_fffa9909 ; jne 0xfffa9909 +mov eax, esi +and ebx, 0x7ffffff +shl eax, 0x1b + +loc_fffaa452: ; not directly referenced +or ebx, eax +jmp near loc_fffa9909 ; jmp 0xfffa9909 + +loc_fffaa459: ; not directly referenced +cmp byte [ebp - 0xd8], 8 +jbe short loc_fffaa476 ; jbe 0xfffaa476 +mov edx, dword [ebp - 0x84] +shl edx, 8 +add edx, 0x305c +jmp near loc_fffa991b ; jmp 0xfffa991b + +loc_fffaa476: ; not directly referenced +mov eax, dword [ebp - 0x84] +shl ecx, 9 +shl eax, 8 +lea edx, [eax + ecx + 0x5c] +jmp near loc_fffa991b ; jmp 0xfffa991b + +loc_fffaa48b: ; not directly referenced +mov word [ebp - 0x7c], 0x3f +jmp near loc_fffa9bdd ; jmp 0xfffa9bdd + +loc_fffaa496: ; not directly referenced +mov word [ebp - 0x7c], 7 +jmp near loc_fffa9bdd ; jmp 0xfffa9bdd + +loc_fffaa4a1: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffaa4a9: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +xor esi, esi +push ebx +mov ebx, eax +sub esp, 0x2c +mov edi, dword [eax + 0x2444] +call dword [edi + 0x54] ; ucall +add eax, 0x2710 +mov dword [ebp - 0x2c], eax + +loc_fffaa4c7: ; not directly referenced +imul eax, esi, 0x13c3 +mov dword [ebp + esi*4 - 0x28], 0 +cmp dword [ebx + eax + 0x3757], 2 +jne short loc_fffaa531 ; jne 0xfffaa531 +cmp dword [ebx + 0x188b], 0 +je short loc_fffaa531 ; je 0xfffaa531 +xor ecx, ecx +mov edx, esi +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov edx, eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebp + esi*4 - 0x20], eax +test eax, 0x1000000 +je short loc_fffaa531 ; je 0xfffaa531 +and eax, 0xfeffffff +mov ecx, 0xff +mov dword [ebp - 0x30], eax +mov edx, esi +mov eax, ebx +mov dword [ebp + esi*4 - 0x28], 1 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [ebp - 0x30] +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaa531: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffaa4c7 ; jne 0xfffaa4c7 +mov edx, 0x5030 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5030 +or eax, 0x800000 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaa556: ; not directly referenced +mov edx, 0x5030 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +shr eax, 0x10 +test al, al +jns short loc_fffaa578 ; jns 0xfffaa578 +call dword [edi + 0x54] ; ucall +cmp dword [ebp - 0x2c], eax +ja short loc_fffaa556 ; ja 0xfffaa556 +mov edi, 1 +jmp short loc_fffaa57a ; jmp 0xfffaa57a + +loc_fffaa578: ; not directly referenced +xor edi, edi + +loc_fffaa57a: ; not directly referenced +xor esi, esi + +loc_fffaa57c: ; not directly referenced +cmp dword [ebp + esi*4 - 0x28], 0 +je short loc_fffaa59e ; je 0xfffaa59e +mov ecx, 0xff +mov edx, esi +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [ebp + esi*4 - 0x20] +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaa59e: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffaa57c ; jne 0xfffaa57c +mov eax, edi +add esp, 0x2c +neg eax +pop ebx +and eax, 0x12 +pop esi +pop edi +pop ebp +ret + +fcn_fffaa5b3: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +push ebx +add esp, 0xffffff80 +mov al, byte [ebp + 0xc] +mov ebx, dword [edi + 0x2444] +push 1 +mov esi, dword [edi + 0x5edd] +push 8 +mov byte [ebp - 0x6a], al +mov eax, dword [edi + 0x188b] +mov dword [ebp - 0x64], edx +mov dword [ebp - 0x54], ecx +mov byte [ebp - 0x50], dl +mov dword [ebp - 0x78], eax +lea eax, [ebp - 0x38] +push eax +mov byte [ebp - 0x4e], cl +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 8 +lea eax, [ebp - 0x30] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 9 +push 8 +lea eax, [ebp - 0x28] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 2 +lea eax, [ebp - 0x20] +push eax +call dword [ebx + 0x64] ; ucall +add esp, 0x10 +cmp byte [ebp - 0x54], 1 +jne short loc_fffaa648 ; jne 0xfffaa648 +mov byte [ebp - 0x35], 0xa +mov byte [ebp - 0x36], 0x13 +mov byte [ebp - 0x37], 0x19 +mov byte [ebp - 0x38], 0x19 +mov byte [ebp - 0x2d], 0xa +mov byte [ebp - 0x2e], 0xa +mov byte [ebp - 0x25], 0x3f +mov byte [ebp - 0x26], 0x3f +jmp near loc_fffaa6d0 ; jmp 0xfffaa6d0 + +loc_fffaa648: ; not directly referenced +mov eax, dword [ebp - 0x54] +cmp al, 2 +je short loc_fffaa6ca ; je 0xfffaa6ca +cmp al, 5 +jne short loc_fffaa659 ; jne 0xfffaa659 + +loc_fffaa653: ; not directly referenced +mov byte [ebp - 0x4d], 8 +jmp short loc_fffaa6d4 ; jmp 0xfffaa6d4 + +loc_fffaa659: ; not directly referenced +mov eax, dword [ebp - 0x54] +cmp al, 6 +je short loc_fffaa6d0 ; je 0xfffaa6d0 +cmp al, 9 +jne short loc_fffaa68b ; jne 0xfffaa68b +mov ebx, dword [ebp - 0x64] +movzx eax, bl +and bl, 1 +je short loc_fffaa678 ; je 0xfffaa678 +mov edx, dword [esi + 0xbc] +mov dword [ebp - 0x20], edx + +loc_fffaa678: ; not directly referenced +mov byte [ebp - 0x4d], 2 +test al, 2 +je short loc_fffaa6d4 ; je 0xfffaa6d4 +mov eax, dword [esi + 0x188] +mov dword [ebp - 0x1c], eax +jmp short loc_fffaa6d4 ; jmp 0xfffaa6d4 + +loc_fffaa68b: ; not directly referenced +cmp byte [ebp - 0x54], 0xa +mov byte [ebp - 0x4d], 1 +jne short loc_fffaa6d4 ; jne 0xfffaa6d4 +mov eax, dword [ebp - 0x64] +movzx edx, al +test al, 1 +je short loc_fffaa6b1 ; je 0xfffaa6b1 +mov eax, dword [esi + 0xbc] +mov dword [ebp - 0x20], eax +shr eax, 0xf +and eax, 0xf +mov byte [ebp - 0x3a], al + +loc_fffaa6b1: ; not directly referenced +and dl, 2 +je short loc_fffaa653 ; je 0xfffaa653 +mov eax, dword [esi + 0x188] +mov dword [ebp - 0x1c], eax +shr eax, 0xf +and eax, 0xf +mov byte [ebp - 0x39], al +jmp short loc_fffaa653 ; jmp 0xfffaa653 + +loc_fffaa6ca: ; not directly referenced +mov byte [ebp - 0x4d], 7 +jmp short loc_fffaa6d4 ; jmp 0xfffaa6d4 + +loc_fffaa6d0: ; not directly referenced +mov byte [ebp - 0x4d], 4 + +loc_fffaa6d4: ; not directly referenced +movzx eax, byte [ebp - 0x50] +mov dword [ebp - 0x4c], 0 +mov byte [ebp - 0x69], 0 +mov dword [ebp - 0x68], eax +movzx eax, byte [ebp - 0x4d] +mov dword [ebp - 0x80], eax + +loc_fffaa6ed: ; not directly referenced +mov ebx, dword [ebp - 0x4c] +mov byte [ebp - 0x4f], bl +mov bl, byte [ebp + ebx - 0x38] +movzx eax, bl +dec eax +call fcn_fffb396b ; call 0xfffb396b +cmp bl, 0x1f +jbe short loc_fffaa74e ; jbe 0xfffaa74e +mov ebx, dword [ebp - 0x4c] +mov byte [ebp + ebx - 0x38], al + +loc_fffaa70c: ; not directly referenced +mov cl, byte [ebp - 0x4f] +mov dword [ebp - 0x58], 0x4004 +mov dword [ebp - 0x60], 0x4917 +mov al, cl +shl eax, 4 +add eax, ecx +cmp cl, 4 +movzx eax, al +mov dword [ebp - 0x7c], eax +sbb eax, eax +xor ebx, ebx +and eax, 0x1f +mov dword [ebp - 0x70], eax +mov al, cl +and eax, 3 +mov byte [ebp - 0x6b], al +add eax, 4 +or dword [ebp - 0x70], 0x80 +mov byte [ebp - 0x6c], al +jmp short loc_fffaa75a ; jmp 0xfffaa75a + +loc_fffaa74e: ; not directly referenced +mov eax, dword [ebp - 0x4c] +add ebx, 0x20 +mov byte [ebp + eax - 0x38], bl +jmp short loc_fffaa70c ; jmp 0xfffaa70c + +loc_fffaa75a: ; not directly referenced +mov eax, dword [ebp - 0x68] +bt eax, ebx +jae loc_fffaa916 ; jae 0xfffaa916 +mov eax, dword [ebp - 0x58] +lea edx, [eax + 0x94] +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +shr eax, 0xc +and eax, 1 +cmp byte [ebp - 0x4e], 1 +mov byte [ebp - 0x69], al +jne short loc_fffaa7f5 ; jne 0xfffaa7f5 +mov edx, dword [ebp - 0x4c] +mov dword [ebp - 0x5c], ebx +movzx ecx, byte [ebp + edx - 0x30] +movzx eax, byte [ebp + edx - 0x28] +mov dl, byte [ebp + edx - 0x38] +and ecx, 0x3f +and eax, 0x3f +shl eax, 0x10 +mov ebx, edx +shl ecx, 8 +and ebx, 0x1f +or ecx, eax +mov eax, dword [ebp - 0x58] +shr dl, 5 +or ecx, ebx +and edx, 1 +shl edx, 5 +or ecx, edx +lea edx, [eax + 0x1fc] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x4c] +mov eax, 1 +mov ecx, dword [ebp + 8] +mov ebx, dword [ebp - 0x5c] +movzx ecx, byte [ecx + edx] +lea edx, [ebx*4 + 0x4980] +shl eax, cl +cmp dword [ebp - 0x78], 1 +lea ecx, [edx + 0x20] +cmove edx, ecx +mov ecx, eax +jmp near loc_fffaa892 ; jmp 0xfffaa892 + +loc_fffaa7f5: ; not directly referenced +cmp byte [ebp - 0x4e], 2 +jne short loc_fffaa815 ; jne 0xfffaa815 +sub esp, 0xc +mov ecx, dword [ebp - 0x80] +mov edx, ebx +push dword [ebp - 0x4c] +mov eax, edi +call fcn_fffaca06 ; call 0xfffaca06 +add esp, 0x10 +jmp near loc_fffaa916 ; jmp 0xfffaa916 + +loc_fffaa815: ; not directly referenced +mov al, byte [ebp - 0x4e] +sub eax, 5 +cmp al, 1 +ja short loc_fffaa89b ; ja 0xfffaa89b +mov eax, dword [ebp - 0x60] +mov ecx, dword [ebp - 0x7c] +lea edx, [eax - 0x6c] +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b +cmp byte [ebp - 0x4e], 5 +jne short loc_fffaa84e ; jne 0xfffaa84e +mov cl, byte [ebp - 0x4f] +cmp cl, 7 +setne al +test cl, cl +setne cl +movzx ecx, cl +mov dword [ebp - 0x5c], ecx +and dword [ebp - 0x5c], eax +jmp short loc_fffaa85a ; jmp 0xfffaa85a + +loc_fffaa84e: ; not directly referenced xor eax, eax +test byte [ebp - 0x4f], 0xfd +setne al +mov dword [ebp - 0x5c], eax + +loc_fffaa85a: ; not directly referenced +mov edx, dword [ebp - 0x60] +mov eax, edx +sub eax, 7 +mov dword [ebp - 0x74], eax +mov al, byte [ebp - 0x5c] +lea ecx, [eax - 0x80] +mov eax, edi +movzx ecx, cl +call fcn_fffb335b ; call 0xfffb335b +mov edx, dword [ebp - 0x74] +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x5c] +mov edx, dword [ebp - 0x74] +sub ecx, 0xffffff80 +shl ecx, 0xc +and eax, 0xfff00fff +or ecx, eax + +loc_fffaa892: ; not directly referenced +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaa916 ; jmp 0xfffaa916 + +loc_fffaa89b: ; not directly referenced +cmp byte [ebp - 0x4e], 9 +jne short loc_fffaa8c6 ; jne 0xfffaa8c6 +cmp byte [ebp - 0x4f], 1 +mov al, byte [ebp + ebx*4 - 0x1f] +sbb edx, edx +add edx, 5 +and edx, 7 +and eax, 0xffffff8f +shl edx, 4 +or eax, edx +mov edx, dword [ebp - 0x58] +mov byte [ebp + ebx*4 - 0x1f], al +mov ecx, dword [ebp + ebx*4 - 0x20] +jmp short loc_fffaa892 ; jmp 0xfffaa892 + +loc_fffaa8c6: ; not directly referenced +cmp byte [ebp - 0x4e], 0xa +jne short loc_fffaa916 ; jne 0xfffaa916 +mov dl, byte [ebp - 0x6c] +mov al, byte [ebp + ebx*4 - 0x1f] +and edx, 7 +shl edx, 4 +and eax, 0xffffff8f +or eax, edx +mov byte [ebp + ebx*4 - 0x1f], al +mov al, byte [ebp - 0x6b] +add al, byte [ebp + ebx - 0x3a] +mov ecx, dword [ebp + ebx*4 - 0x20] +and eax, 0xf +shl eax, 0xf +and ecx, 0xfff87fff +or ecx, eax +mov eax, edi +mov dword [ebp + ebx*4 - 0x20], ecx +mov edx, dword [ebp - 0x58] +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp - 0x70] +mov eax, edi +mov edx, dword [ebp - 0x60] +call fcn_fffb335b ; call 0xfffb335b + +loc_fffaa916: ; not directly referenced +inc ebx +add dword [ebp - 0x60], 8 +add dword [ebp - 0x58], 0x400 +cmp ebx, 2 +jne loc_fffaa75a ; jne 0xfffaa75a +mov eax, edi +call fcn_fffaa4a9 ; call 0xfffaa4a9 +mov ecx, 1 +cmp byte [ebp - 0x4f], 0 +sete dl +cmp byte [ebp - 0x6a], 0 +setne al +test dl, al +mov eax, 5 +cmovne ecx, eax +mov edx, 0x4800 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaa95b: ; not directly referenced +mov edx, 0x4804 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov cl, byte [ebp - 0x50] +mov edx, eax +mov ebx, eax +shr edx, 0x10 +shr eax, 0x10 +and edx, 2 +and eax, 1 +or eax, edx +and eax, ecx +cmp al, cl +jne short loc_fffaa95b ; jne 0xfffaa95b +mov edx, ebx +mov al, bl +and edx, 2 +and eax, 1 +or eax, edx +test cl, al +je short loc_fffaa998 ; je 0xfffaa998 +cmp byte [ebp - 0x69], 0 +jne short loc_fffaa9e1 ; jne 0xfffaa9e1 + +loc_fffaa998: ; not directly referenced +inc dword [ebp - 0x4c] +mov al, byte [ebp - 0x4c] +cmp byte [ebp - 0x4d], al +ja loc_fffaa6ed ; ja 0xfffaa6ed +mov al, byte [ebp - 0x54] +sub eax, 9 +cmp al, 1 +ja short loc_fffaa9e1 ; ja 0xfffaa9e1 +test byte [ebp - 0x68], 1 +je short loc_fffaa9c9 ; je 0xfffaa9c9 +mov ecx, dword [esi + 0xbc] +mov edx, 0x4004 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaa9c9: ; not directly referenced +test byte [ebp - 0x68], 2 +je short loc_fffaa9e1 ; je 0xfffaa9e1 +mov ecx, dword [esi + 0x188] +mov edx, 0x4404 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaa9e1: ; not directly referenced +mov al, byte [ebp - 0x64] +lea esp, [ebp - 0xc] +and eax, ebx +pop ebx +pop esi +pop edi pop ebp ret -fcn_fffa87ee: ; not directly referenced +fcn_fffaa9ee: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +lea esi, [eax + 0x3757] +mov dword [ebp - 0x2c], eax +mov eax, dword [eax + 0x5edd] +mov byte [ebp - 0x1f], dl +mov dword [ebp - 0x28], esi +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x1c], eax +add eax, 0x1c +mov dword [ebp - 0x30], eax +movzx eax, dl +mov dword [ebp - 0x34], eax + +loc_fffaaa22: ; not directly referenced +mov eax, dword [ebp - 0x28] +cmp dword [eax], 2 +je short loc_fffaaa49 ; je 0xfffaaa49 + +loc_fffaaa2a: ; not directly referenced +inc dword [ebp - 0x24] +add dword [ebp - 0x28], 0x13c3 +add dword [ebp - 0x30], 0xcc +cmp dword [ebp - 0x24], 2 +jne short loc_fffaaa22 ; jne 0xfffaaa22 +add esp, 0x2c +pop ebx +pop esi +pop edi +pop ebp +ret + +loc_fffaaa49: ; not directly referenced +mov byte [ebp - 0x1c], 0 + +loc_fffaaa4d: ; not directly referenced +mov esi, dword [ebp - 0x2c] +mov cl, byte [ebp - 0x1c] +cmp cl, byte [esi + 0x2489] +jae short loc_fffaaa2a ; jae 0xfffaaa2a +mov esi, dword [ebp - 0x28] +movzx edx, cl +mov ebx, 0x200 +xor ecx, ecx +mov word [ebp - 0x1e], 0 +mov al, byte [esi + 0xc4] +lea esi, [esi + edx*2] + +loc_fffaaa77: ; not directly referenced +mov edi, 1 +shl edi, cl +mov edx, edi +test al, dl +je short loc_fffaaaa3 ; je 0xfffaaaa3 +imul edi, ecx, 0x12 +mov dx, word [ebp - 0x1e] +movzx edi, word [esi + edi + 0x1b1] +cmp dx, di +cmovb edx, edi +cmp bx, di +mov word [ebp - 0x1e], dx +cmova ebx, edi + +loc_fffaaaa3: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffaaa77 ; jne 0xfffaaa77 +mov eax, dword [ebp - 0x2c] +mov dx, word [ebp - 0x1e] +movzx ecx, word [eax + 0x248a] +mov eax, 0x13880 +shr dx, 6 +lea edi, [edx + 1] +xor edx, edx +movzx edi, di +div ecx +mov edx, 0x80 +mov ecx, dword [ebp - 0x34] +cmp eax, 0x7f +cmova edx, eax +mov al, 6 +sub ebx, edx +mov dl, 0xfc +shr ebx, 6 +sub bl, byte [ebp - 0x1f] +cmp bl, 6 +cmovle eax, ebx +mov ebx, 7 +cmp al, 0xfc +cmovge edx, eax +movsx eax, dl +sub edi, eax +lea eax, [edi + ecx - 1] +movzx ecx, byte [ebp - 0x1c] +mov edi, dword [ebp - 0x30] +cmp eax, 7 +cmovle ebx, eax +and edx, 0xf +mov esi, edx +shl edx, 5 +lea edi, [edi + ecx*4] +mov byte [ebp - 0x1e], dl +mov dl, byte [edi + 5] +and edx, 0x1f +or dl, byte [ebp - 0x1e] +mov byte [edi + 5], dl +mov edx, esi +shr dl, 3 +mov byte [ebp - 0x1e], dl +xor edx, edx +test ebx, ebx +cmovns edx, ebx +mov bl, dl +and ebx, 7 +lea edx, [ebx + ebx] +or dl, byte [ebp - 0x1e] +shl esi, 4 +or edx, esi +mov esi, dword [ebp - 0x2c] +mov byte [edi + 6], dl +mov dl, byte [edi + 7] +mov eax, esi +and edx, 0xfffffff8 +or edx, ebx +mov byte [edi + 7], dl +mov edx, dword [ebp - 0x24] +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [edi + 4] +mov edx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x1c] +jmp near loc_fffaaa4d ; jmp 0xfffaaa4d + +fcn_fffaab72: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, edx +push esi +push ebx +mov ebx, eax +sub esp, 0xc +mov eax, dword [eax + 0x5edd] +mov esi, dword [ebx + 0x1887] +mov dword [ebp - 0x14], edx +mov dword [ebp - 0x10], ecx +mov edx, dword [eax + 4] +xor eax, eax + +loc_fffaab96: ; not directly referenced +lea ecx, [edx + eax] +mov dword [ebp - 0x18], ecx +mov ecx, edi +cmp cl, byte [edx + eax] +jne short loc_fffaabb0 ; jne 0xfffaabb0 +mov eax, dword [ebp - 0x10] +mov edi, dword [ebp - 0x18] +mov ax, word [edi + eax*2 + 1] +jmp short loc_fffaabba ; jmp 0xfffaabba + +loc_fffaabb0: ; not directly referenced +add eax, 7 +cmp eax, 0x4d +jne short loc_fffaab96 ; jne 0xfffaab96 +xor al, al + +loc_fffaabba: ; not directly referenced +cmp esi, 0x306d0 +sete cl +cmp esi, 0x40650 +sete dl +or cl, dl +je short loc_fffaac15 ; je 0xfffaac15 +cmp dword [ebx + 0x2481], 1 +jne short loc_fffaac15 ; jne 0xfffaac15 +cmp byte [ebp - 0x14], 5 +sete cl +cmp byte [ebp - 0x10], 2 +setne dl +test cl, dl +je short loc_fffaac15 ; je 0xfffaac15 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffaabfd ; jne 0xfffaabfd +cmp byte [ebx + 0x49bf], 5 +je short loc_fffaac0f ; je 0xfffaac0f + +loc_fffaabfd: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffaac4e ; jne 0xfffaac4e +cmp byte [ebx + 0x5d82], 5 +jne short loc_fffaac4e ; jne 0xfffaac4e + +loc_fffaac0f: ; not directly referenced +add ax, 0xc8 +jmp short loc_fffaac4e ; jmp 0xfffaac4e + +loc_fffaac15: ; not directly referenced +cmp dword [ebx + 0x188b], 1 +jne short loc_fffaac4e ; jne 0xfffaac4e +cmp dword [ebx + 0x2481], 1 +jne short loc_fffaac4e ; jne 0xfffaac4e +mov edi, dword [ebp - 0x10] +cmp byte [ebp - 0x14], 0xc +mov ebx, edi +sete cl +cmp bl, 2 +setne dl +test cl, dl +je short loc_fffaac4e ; je 0xfffaac4e +dec bl +mov edx, 0x78 +mov ecx, 0x50 +cmovne edx, ecx +add eax, edx + +loc_fffaac4e: ; not directly referenced +add esp, 0xc +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffaac56: ; not directly referenced +push ebp +mov ecx, 3 +mov ebp, esp +push edi +push esi +mov esi, ref_fffd3720 ; mov esi, 0xfffd3720 +push ebx +mov ebx, eax +sub esp, 0xc0 +lea edi, [ebp - 0x80] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x74] +mov esi, ref_fffd372c ; mov esi, 0xfffd372c +mov dword [ebp - 0x8c], eax +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x68] +mov esi, ref_fffd3738 ; mov esi, 0xfffd3738 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x5c] +mov esi, ref_fffd3744 ; mov esi, 0xfffd3744 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x50] +mov esi, ref_fffd3750 ; mov esi, 0xfffd3750 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x44] +mov esi, ref_fffd375c ; mov esi, 0xfffd375c +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, dword [eax + 0x5edd] +mov edx, edi +mov dword [ebp - 0x9c], edi +mov edi, dword [eax + 0x2444] +mov al, byte [eax + 0x2489] +mov esi, edi +mov dword [ebp - 0xa0], edi +movzx edi, byte [ebx + 0x248f] +mov byte [ebp - 0x95], al +mov eax, edx +push 0 +add eax, 0x1bc +push 8 +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +mov edx, 0x3a1c +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x3a1c +mov ecx, eax +mov esi, eax +and ecx, 0xfffe003f +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, ebx +mov dword [ebp - 0x8c], ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +mov ebx, eax +mov eax, dword [ebp - 0x8c] +or bh, 1 +mov ecx, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x8c] +mov edx, 0x78 +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp - 0x8c] +mov edx, 0x3a00 +call fcn_fffb331f ; call 0xfffb331f +mov ecx, esi +mov esi, dword [ebp - 0x8c] +mov dword [ebp - 0x94], eax +mov eax, dword [ebp - 0x8c] +shr dword [ebp - 0x94], 0xf +and dword [ebp - 0x94], 0x1f +mov ax, word [eax + 0x1904] +shr ax, 7 +movzx edx, ax +mov eax, esi +mov dword [ebp - 0xa8], edx +mov edx, 0x3a1c +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, ebx +mov edx, 0x5f08 +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x78 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +mov edx, 0x2008 +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +add esp, 0x10 +test ah, 4 +mov eax, edi +je short loc_fffaade0 ; je 0xfffaade0 +cmp al, 3 +je short loc_fffaadf4 ; je 0xfffaadf4 +lea eax, [ebp - 0x74] +mov edx, eax +lea eax, [ebp - 0x68] +jmp short loc_fffaadec ; jmp 0xfffaadec + +loc_fffaade0: ; not directly referenced +cmp al, 3 +je short loc_fffaadf9 ; je 0xfffaadf9 +lea eax, [ebp - 0x50] +mov edx, eax +lea eax, [ebp - 0x44] + +loc_fffaadec: ; not directly referenced +and edi, 1 +cmovne eax, edx +jmp short loc_fffaadfc ; jmp 0xfffaadfc + +loc_fffaadf4: ; not directly referenced +lea eax, [ebp - 0x80] +jmp short loc_fffaadfc ; jmp 0xfffaadfc + +loc_fffaadf9: ; not directly referenced +lea eax, [ebp - 0x5c] + +loc_fffaadfc: ; not directly referenced +mov dword [ebp - 0x90], eax +mov eax, dword [ebp - 0x9c] +xor edi, edi +add eax, 0x1c +mov dword [ebp - 0xa4], eax +mov esi, eax + +loc_fffaae15: ; not directly referenced +imul eax, edi, 0x13c3 +mov edx, dword [ebp - 0x8c] +xor ebx, ebx +cmp dword [edx + eax + 0x3757], 2 +jne short loc_fffaae8f ; jne 0xfffaae8f + +loc_fffaae2d: ; not directly referenced +cmp byte [ebp - 0x95], bl +jbe short loc_fffaae69 ; jbe 0xfffaae69 +or byte [esi + ebx*4 + 0x28], 0x20 +mov ecx, ebx +mov eax, dword [esi + ebx*4 + 0x28] +mov edx, edi +inc ebx +mov dword [ebp - 0xac], eax +mov eax, dword [ebp - 0x8c] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0xac] +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaae2d ; jmp 0xfffaae2d + +loc_fffaae69: ; not directly referenced +mov eax, dword [ebp - 0x8c] +mov ecx, 0xff +mov edx, edi +mov ebx, dword [esi] +call fcn_fffa7236 ; call 0xfffa7236 +or bh, 1 +mov ecx, ebx +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffaae8f: ; not directly referenced +inc edi +add esi, 0xcc +cmp edi, 2 +jne loc_fffaae15 ; jne 0xfffaae15 +mov eax, dword [ebp - 0x90] +lea ebx, [ebp - 0x38] +inc eax +mov dword [ebp - 0xbc], eax +mov esi, eax + +loc_fffaaeb1: ; not directly referenced +mov edi, dword [ebp - 0x8c] +add ebx, 4 +add esi, 3 +movzx edx, byte [esi - 4] +movzx ecx, byte [esi - 3] +mov eax, edi +call fcn_fffa7588 ; call 0xfffa7588 +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebx - 4], eax +lea eax, [ebp - 0x28] +cmp ebx, eax +jne short loc_fffaaeb1 ; jne 0xfffaaeb1 +imul eax, dword [ebp - 0x94], 0x1f0 +mov ecx, 0x3e8 +imul eax, dword [ebp - 0xa8] +xor edx, edx +mov byte [ebp - 0xa8], 1 +div ecx +lea edi, [eax + 0x14a] +add eax, 0x226 +mov dword [ebp - 0xb8], eax +mov eax, dword [ebp - 0x9c] +mov dword [ebp - 0xb4], edi +add eax, 0x1bd +mov dword [ebp - 0xac], eax + +loc_fffaaf28: ; not directly referenced +mov eax, dword [ebp - 0xa4] +xor ebx, ebx +mov dword [ebp - 0x94], eax +mov eax, dword [ebp - 0xa8] +and eax, 7 +mov dword [ebp - 0x9c], eax + +loc_fffaaf45: ; not directly referenced +imul eax, ebx, 0x13c3 +mov edi, dword [ebp - 0x8c] +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffaaf7a ; je 0xfffaaf7a + +loc_fffaaf5b: ; not directly referenced +inc ebx +add dword [ebp - 0x94], 0xcc +cmp ebx, 2 +jne short loc_fffaaf45 ; jne 0xfffaaf45 +mov dword [ebp - 0x94], 0 +jmp near loc_fffab14f ; jmp 0xfffab14f + +loc_fffaaf7a: ; not directly referenced +xor esi, esi + +loc_fffaaf7c: ; not directly referenced +mov eax, esi +cmp byte [ebp - 0x95], al +jbe short loc_fffaaf5b ; jbe 0xfffaaf5b +mov eax, dword [ebp - 0x94] +mov ecx, esi +mov edx, ebx +mov edi, dword [eax + esi*4 + 4] +inc esi +mov eax, dword [ebp - 0x9c] +and edi, 0xffffe3ff +shl eax, 0xa +or edi, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, edi +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaaf7c ; jmp 0xfffaaf7c + +loc_fffaafc2: ; not directly referenced +imul eax, edi, 0x13c3 +mov edx, dword [ebp - 0x8c] +cmp dword [edx + eax + 0x3757], 2 +je loc_fffab18d ; je 0xfffab18d + +loc_fffaafdc: ; not directly referenced +inc edi +add dword [ebp - 0x9c], 0xcc +cmp edi, 2 +jne short loc_fffaafc2 ; jne 0xfffaafc2 +mov byte [ebp - 0x9c], 0 + +loc_fffaaff3: ; not directly referenced +mov esi, dword [ebp - 0x9c] +lea edi, [ebp - 0x28] +mov ebx, dword [ebp - 0x90] +and esi, 1 +shl esi, 0x1d +or esi, 0x2000000 + +loc_fffab00e: ; not directly referenced +movzx eax, byte [ebx + 2] +and esi, 0xefffffff +movzx ecx, byte [ebx + 1] +movzx edx, byte [ebx] +and eax, 1 +shl eax, 0x1c +or esi, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffa7588 ; call 0xfffa7588 +mov ecx, esi +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0xa0] +call dword [eax + 0x54] ; ucall +add eax, 0x3e8 +mov dword [ebp - 0xb0], eax + +loc_fffab055: ; not directly referenced +mov esi, dword [ebp - 0x8c] +movzx edx, byte [ebx] +movzx ecx, byte [ebx + 1] +mov eax, esi +call fcn_fffa7588 ; call 0xfffa7588 +mov edx, eax +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov esi, eax +test eax, 0x40000000 +jne loc_fffab1d2 ; jne 0xfffab1d2 +mov eax, dword [ebp - 0xa0] +call dword [eax + 0x54] ; ucall +cmp dword [ebp - 0xb0], eax +ja short loc_fffab055 ; ja 0xfffab055 + +loc_fffab090: ; not directly referenced +movzx ecx, byte [ebx + 1] +add edi, 4 +add ebx, 3 +movzx edx, byte [ebx - 3] +mov eax, dword [ebp - 0x8c] +call fcn_fffa7588 ; call 0xfffa7588 +xor ecx, ecx +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +lea eax, [ebp - 0x18] +cmp edi, eax +jne loc_fffab00e ; jne 0xfffab00e +inc byte [ebp - 0x9c] +cmp byte [ebp - 0x9c], 2 +jne loc_fffaaff3 ; jne 0xfffaaff3 +mov ecx, dword [ebp - 0x28] +mov ebx, dword [ebp - 0x1c] +mov edx, dword [ebp - 0x20] +mov eax, dword [ebp - 0x24] +mov esi, ecx +cmp ebx, ecx +cmovbe esi, ebx +cmp esi, edx +cmova esi, edx +cmp ebx, ecx +cmovae ecx, ebx +cmp ecx, edx +cmovae edx, ecx +cmp edx, eax +cmovb edx, eax +cmp esi, eax +cmovbe eax, esi +cmp dword [ebp - 0xb4], eax +jbe short loc_fffab11f ; jbe 0xfffab11f +mov cl, byte [ebp - 0x94] +mov eax, 1 +mov edi, dword [ebp - 0xac] +shl eax, cl +or byte [edi], al + +loc_fffab11f: ; not directly referenced +cmp dword [ebp - 0xb8], edx +jae short loc_fffab13c ; jae 0xfffab13c +mov cl, byte [ebp - 0x94] +mov eax, 1 +mov edi, dword [ebp - 0xac] +shl eax, cl +or byte [edi], al + +loc_fffab13c: ; not directly referenced +inc dword [ebp - 0x94] +cmp dword [ebp - 0x94], 8 +je loc_fffab1f0 ; je 0xfffab1f0 + +loc_fffab14f: ; not directly referenced +push eax +xor edi, edi +push 0 +push 4 +lea eax, [ebp - 0x28] +push eax +mov eax, dword [ebp - 0xa0] +call dword [eax + 0x64] ; ucall +mov eax, dword [ebp - 0xa4] +add esp, 0x10 +mov dword [ebp - 0x9c], eax +mov eax, dword [ebp - 0x94] +and eax, 7 +mov dword [ebp - 0xb0], eax +shl dword [ebp - 0xb0], 0x1a +jmp near loc_fffaafc2 ; jmp 0xfffaafc2 + +loc_fffab18d: ; not directly referenced +xor ebx, ebx + +loc_fffab18f: ; not directly referenced +cmp byte [ebp - 0x95], bl +jbe loc_fffaafdc ; jbe 0xfffaafdc +mov eax, dword [ebp - 0x9c] +mov ecx, ebx +mov edx, edi +mov esi, dword [eax + ebx*4 + 0x28] +inc ebx +mov eax, dword [ebp - 0x8c] +and esi, 0xe3ffffff +call fcn_fffa71bc ; call 0xfffa71bc +or esi, dword [ebp - 0xb0] +mov ecx, esi +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffab18f ; jmp 0xfffab18f + +loc_fffab1d2: ; not directly referenced +shr eax, 0xf +and eax, 0x3ff +add eax, dword [edi] +cmp byte [ebp - 0x9c], 1 +jne loc_fffab2df ; jne 0xfffab2df +shr eax, 1 +jmp near loc_fffab2df ; jmp 0xfffab2df + +loc_fffab1f0: ; not directly referenced +inc byte [ebp - 0xa8] +inc dword [ebp - 0xac] +and byte [ebp - 0xa8], 7 +jne loc_fffaaf28 ; jne 0xfffaaf28 +mov esi, dword [ebp - 0xa4] +xor edi, edi + +loc_fffab211: ; not directly referenced +imul eax, edi, 0x13c3 +mov ecx, dword [ebp - 0x8c] +xor ebx, ebx +cmp dword [ecx + eax + 0x3757], 2 +jne short loc_fffab296 ; jne 0xfffab296 + +loc_fffab229: ; not directly referenced +cmp byte [ebp - 0x95], bl +jbe short loc_fffab277 ; jbe 0xfffab277 +mov eax, dword [ebp - 0x8c] +mov ecx, ebx +mov edx, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [esi + ebx*4 + 4] +mov edx, eax +mov dword [ebp - 0x90], eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x90] +and byte [esi + ebx*4 + 0x28], 0xdf +mov ecx, dword [esi + ebx*4 + 0x28] +inc ebx +mov eax, dword [ebp - 0x8c] +add edx, 4 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffab229 ; jmp 0xfffab229 + +loc_fffab277: ; not directly referenced +mov ebx, dword [ebp - 0x8c] +mov ecx, 0xff +mov edx, edi +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [esi] +mov edx, eax +mov eax, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffab296: ; not directly referenced +inc edi +add esi, 0xcc +cmp edi, 2 +jne loc_fffab211 ; jne 0xfffab211 +mov esi, dword [ebp - 0xbc] +lea ebx, [ebp - 0x38] + +loc_fffab2af: ; not directly referenced +mov edi, dword [ebp - 0x8c] +add ebx, 4 +add esi, 3 +movzx ecx, byte [esi - 3] +movzx edx, byte [esi - 4] +mov eax, edi +call fcn_fffa7588 ; call 0xfffa7588 +mov ecx, dword [ebx - 4] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +lea eax, [ebp - 0x28] +cmp ebx, eax +jne short loc_fffab2af ; jne 0xfffab2af +jmp short loc_fffab2e6 ; jmp 0xfffab2e6 + +loc_fffab2df: ; not directly referenced +mov dword [edi], eax +jmp near loc_fffab090 ; jmp 0xfffab090 + +loc_fffab2e6: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffab2f0: ; not directly referenced push ebp mov ebp, esp push edi @@ -11039,7 +14650,7 @@ push ebx sub esp, 0x2c mov ebx, dword [ebp + 8] mov eax, dword [ebx + 0x18a7] -mov esi, dword [ebx + 0x2443] +mov esi, dword [ebx + 0x2444] mov edi, dword [ebx + 0x18c1] mov dword [ebp - 0x2c], eax mov eax, dword [ebx + 0x188b] @@ -11073,42 +14684,42 @@ mov edx, dword [ebp - 0x1c] add esp, 0x10 movzx ecx, dh test cl, 8 -jne short loc_fffa8889 ; jne 0xfffa8889 +jne short loc_fffab38b ; jne 0xfffab38b test al, 0x10 -je short loc_fffa8889 ; je 0xfffa8889 +je short loc_fffab38b ; je 0xfffab38b mov eax, dword [ebx + 0x188f] -mov dword [ebx + 0x246d], eax +mov dword [ebx + 0x246e], eax mov eax, dword [ebx + 0x1893] -mov dword [ebx + 0x2471], eax -jmp short loc_fffa889d ; jmp 0xfffa889d +mov dword [ebx + 0x2472], eax +jmp short loc_fffab39f ; jmp 0xfffab39f -loc_fffa8889: ; not directly referenced -mov dword [ebx + 0x246d], 0 -mov dword [ebx + 0x2471], 0 +loc_fffab38b: ; not directly referenced +mov dword [ebx + 0x246e], 0 +mov dword [ebx + 0x2472], 0 -loc_fffa889d: ; not directly referenced +loc_fffab39f: ; not directly referenced mov eax, edx shr eax, 0x13 and eax, 3 cmp eax, 1 -je short loc_fffa88c6 ; je 0xfffa88c6 +je short loc_fffab3c8 ; je 0xfffab3c8 cmp eax, 2 -je short loc_fffa88d2 ; je 0xfffa88d2 +je short loc_fffab3d4 ; je 0xfffab3d4 cmp eax, 1 sbb eax, eax and eax, 0x3e00 add eax, 0x200 -mov dword [ebx + 0x2484], eax -jmp short loc_fffa88dc ; jmp 0xfffa88dc +mov dword [ebx + 0x2485], eax +jmp short loc_fffab3de ; jmp 0xfffab3de -loc_fffa88c6: ; not directly referenced -mov dword [ebx + 0x2484], 0x2000 -jmp short loc_fffa88dc ; jmp 0xfffa88dc +loc_fffab3c8: ; not directly referenced +mov dword [ebx + 0x2485], 0x2000 +jmp short loc_fffab3de ; jmp 0xfffab3de -loc_fffa88d2: ; not directly referenced -mov dword [ebx + 0x2484], 0x800 +loc_fffab3d4: ; not directly referenced +mov dword [ebx + 0x2485], 0x800 -loc_fffa88dc: ; not directly referenced +loc_fffab3de: ; not directly referenced mov eax, ecx shl eax, 0x1b mov dword [ebp - 0x20], eax @@ -11120,7 +14731,7 @@ mov dword [ebp - 0x1c], eax sar dword [ebp - 0x1c], 0x1f add dword [ebp - 0x1c], 2 cmp byte [ebx + 0x241f], 1 -je short loc_fffa892b ; je 0xfffa892b +je short loc_fffab42d ; je 0xfffab42d mov eax, dword [ebx + 0x1887] cmp eax, 0x306d0 sete cl @@ -11130,12 +14741,12 @@ or cl, al mov eax, 1 cmove eax, dword [ebp - 0x1c] mov dword [ebp - 0x1c], eax -jmp short loc_fffa8932 ; jmp 0xfffa8932 +jmp short loc_fffab434 ; jmp 0xfffab434 -loc_fffa892b: ; not directly referenced +loc_fffab42d: ; not directly referenced mov dword [ebp - 0x1c], 1 -loc_fffa8932: ; not directly referenced +loc_fffab434: ; not directly referenced mov eax, edx shr eax, 0x10 and eax, 2 @@ -11147,275 +14758,275 @@ shr eax, 0x18 add word [ebp - 0x24], 2 and eax, 1 mov dword [ebp - 0x34], eax -je short loc_fffa8961 ; je 0xfffa8961 -mov byte [ebx + 0x3748], 1 +je short loc_fffab463 ; je 0xfffab463 +mov byte [ebx + 0x3749], 1 mov edi, 1 -jmp short loc_fffa8979 ; jmp 0xfffa8979 +jmp short loc_fffab47b ; jmp 0xfffab47b -loc_fffa8961: ; not directly referenced +loc_fffab463: ; not directly referenced xor eax, eax and edx, 0x2000000 -jne short loc_fffa8977 ; jne 0xfffa8977 +jne short loc_fffab479 ; jne 0xfffab479 xor eax, eax -cmp byte [ebx + 0x3748], 0 +cmp byte [ebx + 0x3749], 0 setne al -loc_fffa8977: ; not directly referenced +loc_fffab479: ; not directly referenced mov edi, eax -loc_fffa8979: ; not directly referenced +loc_fffab47b: ; not directly referenced imul esi, dword [ebp - 0x2c], 0x2e -lea eax, [ebx + 0x736b] -lea ecx, [ebx + 0x4be5] +lea eax, [ebx + 0x736c] +lea ecx, [ebx + 0x4be6] mov dword [ebp - 0x28], eax -loc_fffa898c: ; not directly referenced +loc_fffab48e: ; not directly referenced cmp dword [ecx - 0x148f], 2 -je short loc_fffa89d8 ; je 0xfffa89d8 +je short loc_fffab4da ; je 0xfffab4da -loc_fffa8995: ; not directly referenced +loc_fffab497: ; not directly referenced add ecx, 0x13c3 cmp ecx, dword [ebp - 0x28] -jne short loc_fffa898c ; jne 0xfffa898c -cmp byte [ebx + 0x3748], 1 +jne short loc_fffab48e ; jne 0xfffab48e +cmp byte [ebx + 0x3749], 1 mov edi, 2 -mov dword [ebx + 0x3711], 0 +mov dword [ebx + 0x3712], 0 mov dword [ebp - 0x24], 0 sete al xor esi, esi add eax, 8 xor ecx, ecx -mov byte [ebx + 0x2488], al -lea eax, [ebx + 0x3812] -jmp near loc_fffa8ad1 ; jmp 0xfffa8ad1 +mov byte [ebx + 0x2489], al +lea eax, [ebx + 0x3813] +jmp near loc_fffab5d3 ; jmp 0xfffab5d3 -loc_fffa89d8: ; not directly referenced +loc_fffab4da: ; not directly referenced cmp word [ebp - 0x24], 2 -je short loc_fffa8a05 ; je 0xfffa8a05 +je short loc_fffab507 ; je 0xfffab507 cmp dword [ebx + 0x18a7], 0 -jne short loc_fffa8a24 ; jne 0xfffa8a24 -mov eax, dword [ebx + 0x36d7] +jne short loc_fffab526 ; jne 0xfffab526 +mov eax, dword [ebx + 0x36d8] cmp eax, 0x74b -ja short loc_fffa8a05 ; ja 0xfffa8a05 +ja short loc_fffab507 ; ja 0xfffab507 cmp dword [ecx - 0x13cf], 1 -jbe short loc_fffa8a24 ; jbe 0xfffa8a24 +jbe short loc_fffab526 ; jbe 0xfffab526 cmp eax, 0x534 -jbe short loc_fffa8a24 ; jbe 0xfffa8a24 +jbe short loc_fffab526 ; jbe 0xfffab526 -loc_fffa8a05: ; not directly referenced +loc_fffab507: ; not directly referenced cmp word [ecx + esi - 0x1487], 2 mov eax, 2 cmovae ax, word [ecx + esi - 0x1487] mov word [ecx + esi - 0x1487], ax -loc_fffa8a24: ; not directly referenced +loc_fffab526: ; not directly referenced lea eax, [ecx - 0x250] -loc_fffa8a2a: ; not directly referenced +loc_fffab52c: ; not directly referenced cmp dword [eax - 0xcc], 2 -jne short loc_fffa8a81 ; jne 0xfffa8a81 +jne short loc_fffab583 ; jne 0xfffab583 mov dx, word [ecx + esi - 0x1487] mov word [eax + esi - 0xc4], dx cmp edi, 1 -jne short loc_fffa8a70 ; jne 0xfffa8a70 +jne short loc_fffab572 ; jne 0xfffab572 mov dl, byte [eax] test dl, dl -jne short loc_fffa8a60 ; jne 0xfffa8a60 +jne short loc_fffab562 ; jne 0xfffab562 cmp dword [ebp - 0x34], 1 -jne short loc_fffa8a73 ; jne 0xfffa8a73 +jne short loc_fffab575 ; jne 0xfffab575 mov dword [eax - 0xcc], 1 -jmp short loc_fffa8a81 ; jmp 0xfffa8a81 +jmp short loc_fffab583 ; jmp 0xfffab583 -loc_fffa8a60: ; not directly referenced +loc_fffab562: ; not directly referenced dec dl -jne short loc_fffa8a73 ; jne 0xfffa8a73 +jne short loc_fffab575 ; jne 0xfffab575 mov byte [eax], 1 mov dword [eax + 0x11], 9 -jmp short loc_fffa8a81 ; jmp 0xfffa8a81 +jmp short loc_fffab583 ; jmp 0xfffab583 -loc_fffa8a70: ; not directly referenced +loc_fffab572: ; not directly referenced mov byte [eax], 0 -loc_fffa8a73: ; not directly referenced +loc_fffab575: ; not directly referenced mov dword [eax + 0x11], 8 -mov byte [ebx + 0x3748], 0 +mov byte [ebx + 0x3749], 0 -loc_fffa8a81: ; not directly referenced +loc_fffab583: ; not directly referenced add eax, 0x128 cmp eax, ecx -jne short loc_fffa8a2a ; jne 0xfffa8a2a -jmp near loc_fffa8995 ; jmp 0xfffa8995 +jne short loc_fffab52c ; jne 0xfffab52c +jmp near loc_fffab497 ; jmp 0xfffab497 -loc_fffa8a8f: ; not directly referenced +loc_fffab591: ; not directly referenced xor edx, edx cmp dword [eax + 0x10b7], 2 -jne short loc_fffa8aa0 ; jne 0xfffa8aa0 +jne short loc_fffab5a2 ; jne 0xfffab5a2 mov edx, dword [eax + 0x1198] -loc_fffa8aa0: ; not directly referenced +loc_fffab5a2: ; not directly referenced cmp dword [eax + 0x11df], 2 -jne short loc_fffa8aaf ; jne 0xfffa8aaf +jne short loc_fffab5b1 ; jne 0xfffab5b1 add edx, dword [eax + 0x12c0] -loc_fffa8aaf: ; not directly referenced +loc_fffab5b1: ; not directly referenced mov dword [eax], edx cmp edx, dword [ebp - 0x24] -jbe short loc_fffa8adc ; jbe 0xfffa8adc +jbe short loc_fffab5de ; jbe 0xfffab5de mov edi, dword [eax + 4] mov ecx, esi mov dword [ebp - 0x24], edx -loc_fffa8abe: ; not directly referenced +loc_fffab5c0: ; not directly referenced mov edx, dword [eax] inc esi add eax, 0x13c3 -add dword [ebx + 0x3711], edx +add dword [ebx + 0x3712], edx cmp esi, 2 -je short loc_fffa8af9 ; je 0xfffa8af9 +je short loc_fffab5fb ; je 0xfffab5fb -loc_fffa8ad1: ; not directly referenced +loc_fffab5d3: ; not directly referenced cmp dword [eax - 0xbc], 2 -jne short loc_fffa8abe ; jne 0xfffa8abe -jmp short loc_fffa8a8f ; jmp 0xfffa8a8f +jne short loc_fffab5c0 ; jne 0xfffab5c0 +jmp short loc_fffab591 ; jmp 0xfffab591 -loc_fffa8adc: ; not directly referenced +loc_fffab5de: ; not directly referenced sete byte [ebp - 0x28] cmp dword [ebp - 0x1c], 1 sete dl test byte [ebp - 0x28], dl -je short loc_fffa8abe ; je 0xfffa8abe +je short loc_fffab5c0 ; je 0xfffab5c0 mov edx, dword [eax + 4] cmp edx, edi -jae short loc_fffa8abe ; jae 0xfffa8abe +jae short loc_fffab5c0 ; jae 0xfffab5c0 mov edi, edx mov ecx, esi -jmp short loc_fffa8abe ; jmp 0xfffa8abe +jmp short loc_fffab5c0 ; jmp 0xfffab5c0 -loc_fffa8af9: ; not directly referenced +loc_fffab5fb: ; not directly referenced cmp dword [ebp - 0x20], 1 -je short loc_fffa8b0b ; je 0xfffa8b0b +je short loc_fffab60d ; je 0xfffab60d -loc_fffa8aff: ; not directly referenced +loc_fffab601: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne loc_fffa8b9b ; jne 0xfffa8b9b -jmp short loc_fffa8b83 ; jmp 0xfffa8b83 +jne loc_fffab69d ; jne 0xfffab69d +jmp short loc_fffab685 ; jmp 0xfffab685 -loc_fffa8b0b: ; not directly referenced -lea eax, [ebx + 0x3756] +loc_fffab60d: ; not directly referenced +lea eax, [ebx + 0x3757] xor edx, edx -loc_fffa8b13: ; not directly referenced +loc_fffab615: ; not directly referenced mov esi, dword [eax] cmp edx, ecx -je short loc_fffa8b73 ; je 0xfffa8b73 +je short loc_fffab675 ; je 0xfffab675 cmp esi, 2 -jne short loc_fffa8b73 ; jne 0xfffa8b73 +jne short loc_fffab675 ; jne 0xfffab675 cmp dword [eax + 0x1173], 2 mov dword [eax], 1 mov byte [eax + 0xc4], 0 -jne short loc_fffa8b4f ; jne 0xfffa8b4f +jne short loc_fffab651 ; jne 0xfffab651 mov dword [eax + 0x1173], 1 mov byte [eax + 0x1260], 0 mov dword [eax + 0x1254], 0 -loc_fffa8b4f: ; not directly referenced +loc_fffab651: ; not directly referenced cmp dword [eax + 0x129b], 2 -jne short loc_fffa8b73 ; jne 0xfffa8b73 +jne short loc_fffab675 ; jne 0xfffab675 mov dword [eax + 0x129b], 1 mov byte [eax + 0x1388], 0 mov dword [eax + 0x137c], 0 -loc_fffa8b73: ; not directly referenced +loc_fffab675: ; not directly referenced inc edx add eax, 0x13c3 cmp edx, 2 -jne short loc_fffa8b13 ; jne 0xfffa8b13 -jmp near loc_fffa8aff ; jmp 0xfffa8aff +jne short loc_fffab615 ; jne 0xfffab615 +jmp near loc_fffab601 ; jmp 0xfffab601 -loc_fffa8b83: ; not directly referenced +loc_fffab685: ; not directly referenced xor eax, eax -loc_fffa8b85: ; not directly referenced -cmp dword [ebx + eax + 0x3756], 2 -je short loc_fffa8ba9 ; je 0xfffa8ba9 +loc_fffab687: ; not directly referenced +cmp dword [ebx + eax + 0x3757], 2 +je short loc_fffab6ab ; je 0xfffab6ab -loc_fffa8b8f: ; not directly referenced +loc_fffab691: ; not directly referenced add eax, 0x13c3 cmp eax, 0x2786 -jne short loc_fffa8b85 ; jne 0xfffa8b85 +jne short loc_fffab687 ; jne 0xfffab687 -loc_fffa8b9b: ; not directly referenced +loc_fffab69d: ; not directly referenced cmp byte [ebx + 0x190d], 0 -jne short loc_fffa8bde ; jne 0xfffa8bde -jmp near loc_fffa8c91 ; jmp 0xfffa8c91 +jne short loc_fffab6e0 ; jne 0xfffab6e0 +jmp near loc_fffab793 ; jmp 0xfffab793 -loc_fffa8ba9: ; not directly referenced -mov edx, dword [ebx + eax + 0x48c9] +loc_fffab6ab: ; not directly referenced +mov edx, dword [ebx + eax + 0x48ca] xor ecx, ecx cmp edx, 2 -jne short loc_fffa8bbe ; jne 0xfffa8bbe -mov ecx, dword [ebx + eax + 0x49aa] - -loc_fffa8bbe: ; not directly referenced -cmp dword [ebx + eax + 0x49f1], 2 -jne short loc_fffa8b8f ; jne 0xfffa8b8f -cmp dword [ebx + eax + 0x4ad2], ecx -ja short loc_fffa8c13 ; ja 0xfffa8c13 -mov dword [ebx + eax + 0x49f1], 1 -jmp short loc_fffa8b8f ; jmp 0xfffa8b8f - -loc_fffa8bde: ; not directly referenced +jne short loc_fffab6c0 ; jne 0xfffab6c0 +mov ecx, dword [ebx + eax + 0x49ab] + +loc_fffab6c0: ; not directly referenced +cmp dword [ebx + eax + 0x49f2], 2 +jne short loc_fffab691 ; jne 0xfffab691 +cmp dword [ebx + eax + 0x4ad3], ecx +ja short loc_fffab715 ; ja 0xfffab715 +mov dword [ebx + eax + 0x49f2], 1 +jmp short loc_fffab691 ; jmp 0xfffab691 + +loc_fffab6e0: ; not directly referenced mov eax, dword [ebx + 0x190e] -mov dword [ebx + 0x36cb], eax +mov dword [ebx + 0x36cc], eax test eax, eax -jne short loc_fffa8c2c ; jne 0xfffa8c2c +jne short loc_fffab72e ; jne 0xfffab72e cmp dword [ebp - 0x30], 0 -jne short loc_fffa8bfe ; jne 0xfffa8bfe -mov dword [ebx + 0x36cb], 1 +jne short loc_fffab700 ; jne 0xfffab700 +mov dword [ebx + 0x36cc], 1 -loc_fffa8bfe: ; not directly referenced -cmp byte [ebx + 0x36ca], 0 -jne short loc_fffa8c2c ; jne 0xfffa8c2c -mov dword [ebx + 0x36cb], 1 -jmp short loc_fffa8c2c ; jmp 0xfffa8c2c +loc_fffab700: ; not directly referenced +cmp byte [ebx + 0x36cb], 0 +jne short loc_fffab72e ; jne 0xfffab72e +mov dword [ebx + 0x36cc], 1 +jmp short loc_fffab72e ; jmp 0xfffab72e -loc_fffa8c13: ; not directly referenced +loc_fffab715: ; not directly referenced cmp edx, 2 -jne loc_fffa8b8f ; jne 0xfffa8b8f -mov dword [ebx + eax + 0x48c9], 1 -jmp near loc_fffa8b8f ; jmp 0xfffa8b8f - -loc_fffa8c2c: ; not directly referenced -cmp dword [ebx + 0x36cb], 1 -jne short loc_fffa8c91 ; jne 0xfffa8c91 -cmp dword [ebx + 0x374e], 2 -mov byte [ebx + 0x247f], 1 -jne short loc_fffa8c91 ; jne 0xfffa8c91 -lea eax, [ebx + 0x3756] -lea edx, [ebx + 0x5edc] - -loc_fffa8c51: ; not directly referenced +jne loc_fffab691 ; jne 0xfffab691 +mov dword [ebx + eax + 0x48ca], 1 +jmp near loc_fffab691 ; jmp 0xfffab691 + +loc_fffab72e: ; not directly referenced +cmp dword [ebx + 0x36cc], 1 +jne short loc_fffab793 ; jne 0xfffab793 +cmp dword [ebx + 0x374f], 2 +mov byte [ebx + 0x2480], 1 +jne short loc_fffab793 ; jne 0xfffab793 +lea eax, [ebx + 0x3757] +lea edx, [ebx + 0x5edd] + +loc_fffab753: ; not directly referenced cmp dword [eax], 2 -jne short loc_fffa8c88 ; jne 0xfffa8c88 +jne short loc_fffab78a ; jne 0xfffab78a cmp dword [eax + 0x1173], 2 -jne short loc_fffa8c6f ; jne 0xfffa8c6f +jne short loc_fffab771 ; jne 0xfffab771 cmp byte [eax + 0x1243], 0 -jne short loc_fffa8c6f ; jne 0xfffa8c6f -mov byte [ebx + 0x247f], 0 +jne short loc_fffab771 ; jne 0xfffab771 +mov byte [ebx + 0x2480], 0 -loc_fffa8c6f: ; not directly referenced +loc_fffab771: ; not directly referenced cmp dword [eax + 0x129b], 2 -jne short loc_fffa8c88 ; jne 0xfffa8c88 +jne short loc_fffab78a ; jne 0xfffab78a cmp byte [eax + 0x136b], 0 -jne short loc_fffa8c88 ; jne 0xfffa8c88 -mov byte [ebx + 0x247f], 0 +jne short loc_fffab78a ; jne 0xfffab78a +mov byte [ebx + 0x2480], 0 -loc_fffa8c88: ; not directly referenced +loc_fffab78a: ; not directly referenced add eax, 0x13c3 cmp eax, edx -jne short loc_fffa8c51 ; jne 0xfffa8c51 +jne short loc_fffab753 ; jne 0xfffab753 -loc_fffa8c91: ; not directly referenced +loc_fffab793: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -11424,7 +15035,7 @@ pop edi pop ebp ret -fcn_fffa8c9b: ; not directly referenced +fcn_fffab79d: ; not directly referenced push ebp mov ebp, esp push edi @@ -11432,24 +15043,24 @@ push esi push ebx sub esp, 0x1c mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x2480] +mov eax, dword [ebx + 0x2481] cmp byte [ebx + 0x192b], 0 mov dword [ebp - 0x1c], eax -je short loc_fffa8ceb ; je 0xfffa8ceb +je short loc_fffab7ed ; je 0xfffab7ed movzx ecx, byte [ebx + 0x192c] mov edx, 0x5884 mov eax, ebx and ecx, 7 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x192e] xor ecx, ecx mov cl, byte [ebx + 0x192d] mov edx, 0x5888 mov ch, al mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8ceb: ; not directly referenced +loc_fffab7ed: ; not directly referenced movzx ecx, byte [ebx + 0x1935] movzx edx, byte [ebx + 0x1936] movzx eax, byte [ebx + 0x1937] @@ -11483,46 +15094,46 @@ mov eax, ebx and edx, 0x7fff or esi, edx mov edx, 0x58e0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x58e4 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x193b] xor ecx, ecx mov edx, 0x5890 mov ch, al mov cl, byte [ebx + 0x193a] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x193d] xor ecx, ecx mov edx, 0x5894 mov ch, al mov cl, byte [ebx + 0x193c] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x193f] xor ecx, ecx mov edx, 0x5898 mov ch, al mov cl, byte [ebx + 0x193e] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x1941] xor ecx, ecx mov edx, 0x589c mov ch, al mov cl, byte [ebx + 0x1940] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x1943] xor ecx, ecx mov edx, 0x58d0 mov ch, al mov cl, byte [ebx + 0x1942] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x1945] xor ecx, ecx mov edx, 0x58d4 @@ -11530,28 +15141,28 @@ xor esi, esi mov ch, al mov cl, byte [ebx + 0x1944] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x1947] xor ecx, ecx mov edx, 0x58d8 mov ch, al mov cl, byte [ebx + 0x1946] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0x1949] xor ecx, ecx mov edx, 0x58dc mov ch, al mov cl, byte [ebx + 0x1948] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8e67: ; not directly referenced +loc_fffab969: ; not directly referenced imul eax, esi, 0x13c3 -cmp dword [ebx + eax + 0x3756], 2 -jne loc_fffa8f7a ; jne 0xfffa8f7a +cmp dword [ebx + eax + 0x3757], 2 +jne loc_fffaba7c ; jne 0xfffaba7c cmp byte [ebx + 0x192b], 0 -je loc_fffa8f3a ; je 0xfffa8f3a +je loc_fffaba3c ; je 0xfffaba3c movzx ecx, byte [ebx + esi*2 + 0x194b] mov edi, esi movzx eax, byte [ebx + esi*2 + 0x194a] @@ -11562,7 +15173,7 @@ and eax, 0x3f shl ecx, 8 or ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 movzx ecx, byte [ebx + esi*2 + 0x194f] lea edx, [edi + 0x42f0] movzx eax, byte [ebx + esi*2 + 0x194e] @@ -11571,65 +15182,65 @@ and eax, 0x3f shl ecx, 8 or ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + esi*2 + 0x1953] xor ecx, ecx lea edx, [edi + 0x42f4] mov ch, al mov cl, byte [ebx + esi*2 + 0x1952] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + esi*2 + 0x1957] xor ecx, ecx lea edx, [edi + 0x42f8] mov ch, al mov cl, byte [ebx + esi*2 + 0x1956] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + esi*2 + 0x195b] xor ecx, ecx lea edx, [edi + 0x42fc] mov ch, al mov cl, byte [ebx + esi*2 + 0x195a] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8f3a: ; not directly referenced +loc_fffaba3c: ; not directly referenced cmp dword [ebp - 0x1c], 3 -jne short loc_fffa8f55 ; jne 0xfffa8f55 +jne short loc_fffaba57 ; jne 0xfffaba57 movzx ecx, byte [ebx + 0x1963] and ecx, 1 shl ecx, 8 mov cl, byte [ebx + 0x1964] -jmp short loc_fffa8f68 ; jmp 0xfffa8f68 +jmp short loc_fffaba6a ; jmp 0xfffaba6a -loc_fffa8f55: ; not directly referenced +loc_fffaba57: ; not directly referenced movzx ecx, byte [ebx + 0x1961] and ecx, 1 shl ecx, 8 mov cl, byte [ebx + 0x1962] -loc_fffa8f68: ; not directly referenced +loc_fffaba6a: ; not directly referenced mov edx, esi mov eax, ebx shl edx, 0xa add edx, 0x4328 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8f7a: ; not directly referenced +loc_fffaba7c: ; not directly referenced inc esi cmp esi, 2 -jne loc_fffa8e67 ; jne 0xfffa8e67 +jne loc_fffab969 ; jne 0xfffab969 movzx ecx, byte [ebx + 0x195e] mov edx, 0x5060 mov eax, ebx and ecx, 1 shl ecx, 0x10 mov cx, word [ebx + 0x195f] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x5880 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f movzx ecx, byte [ebx + 0x1925] movzx edx, byte [ebx + 0x1924] and ecx, 1 @@ -11648,7 +15259,7 @@ shl ecx, 2 or eax, edx or eax, ecx cmp dword [ebp - 0x1c], 3 -jne short loc_fffa902d ; jne 0xfffa902d +jne short loc_fffabb2f ; jne 0xfffabb2f movzx edx, byte [ebx + 0x1927] and eax, 0xffffffbf and edx, 1 @@ -11656,29 +15267,29 @@ shl edx, 6 or eax, edx cmp byte [ebx + 0x190d], 0 mov ecx, eax -je short loc_fffa901a ; je 0xfffa901a -cmp dword [ebx + 0x36cb], 1 -je short loc_fffa9041 ; je 0xfffa9041 +je short loc_fffabb1c ; je 0xfffabb1c +cmp dword [ebx + 0x36cc], 1 +je short loc_fffabb43 ; je 0xfffabb43 -loc_fffa901a: ; not directly referenced +loc_fffabb1c: ; not directly referenced xor edx, edx cmp byte [ebx + 0x1929], 0 sete dl and al, 0x7f shl edx, 7 -jmp short loc_fffa903d ; jmp 0xfffa903d +jmp short loc_fffabb3f ; jmp 0xfffabb3f -loc_fffa902d: ; not directly referenced +loc_fffabb2f: ; not directly referenced movzx edx, byte [ebx + 0x1926] and eax, 0xffffffbf and edx, 1 shl edx, 6 -loc_fffa903d: ; not directly referenced +loc_fffabb3f: ; not directly referenced mov ecx, eax or ecx, edx -loc_fffa9041: ; not directly referenced +loc_fffabb43: ; not directly referenced add esp, 0x1c mov eax, ebx pop ebx @@ -11686,9 +15297,9 @@ mov edx, 0x5880 pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -fcn_fffa9054: ; not directly referenced +fcn_fffabb56: ; not directly referenced push ebp mov ebp, esp push edi @@ -11704,23 +15315,23 @@ mov dword [ebp - 0x24], esi mov byte [ebp - 0x19], 0 mov byte [ebp - 0x1a], bl mov bl, byte [ebp + 0x10] -lea eax, [edi + eax + 0x3756] +lea eax, [edi + eax + 0x3757] mov dword [ebp - 0x28], eax lea eax, [ecx + ecx*8] mov dword [ebp - 0x2c], ecx mov byte [ebp - 0x31], bl mov dword [ebp - 0x30], eax -loc_fffa9091: ; not directly referenced +loc_fffabb93: ; not directly referenced mov edi, dword [ebp - 0x20] mov al, byte [ebp - 0x19] -cmp al, byte [edi + 0x2488] -jae loc_fffa9170 ; jae 0xfffa9170 +cmp al, byte [edi + 0x2489] +jae loc_fffabc72 ; jae 0xfffabc72 mov al, byte [ebp - 0x19] mov esi, dword [ebp + 8] movzx edi, al bt esi, eax -jae loc_fffa9168 ; jae 0xfffa9168 +jae loc_fffabc6a ; jae 0xfffabc6a mov eax, dword [ebp - 0x30] lea ebx, [edi + eax] movsx ax, byte [ebp - 0x1a] @@ -11728,16 +15339,16 @@ add ebx, ebx add ebx, dword [ebp - 0x28] mov word [ebp - 0x1c], ax add ax, word [ebx + 0x1b1] -js short loc_fffa90e0 ; js 0xfffa90e0 +js short loc_fffabbe2 ; js 0xfffabbe2 mov esi, 0x1ff cmp ax, 0x1ff cmovbe esi, eax -jmp short loc_fffa90e2 ; jmp 0xfffa90e2 +jmp short loc_fffabbe4 ; jmp 0xfffabbe4 -loc_fffa90e0: ; not directly referenced +loc_fffabbe2: ; not directly referenced xor esi, esi -loc_fffa90e2: ; not directly referenced +loc_fffabbe4: ; not directly referenced push eax movzx eax, si mov ecx, dword [ebp - 0x2c] @@ -11746,7 +15357,7 @@ mov edx, dword [ebp - 0x24] mov eax, dword [ebp - 0x20] push 0 push edi -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 mov eax, dword [ebp - 0x28] add esp, 0xc add eax, dword [ebp - 0x30] @@ -11768,20 +15379,20 @@ push eax mov eax, dword [ebp - 0x20] push 3 push edi -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 cmp byte [ebp - 0x31], 0 -je short loc_fffa9168 ; je 0xfffa9168 +je short loc_fffabc6a ; je 0xfffabc6a mov eax, dword [ebp - 0x1c] add word [ebx + 0x121], ax add word [ebx + 0x169], ax mov word [ebx + 0x1b1], si -loc_fffa9168: ; not directly referenced +loc_fffabc6a: ; not directly referenced inc byte [ebp - 0x19] -jmp near loc_fffa9091 ; jmp 0xfffa9091 +jmp near loc_fffabb93 ; jmp 0xfffabb93 -loc_fffa9170: ; not directly referenced +loc_fffabc72: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -11789,7 +15400,7 @@ pop edi pop ebp ret -fcn_fffa9178: ; not directly referenced +fcn_fffabc7a: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -11815,12 +15426,12 @@ mov byte [ebp - 0x25], al movzx eax, byte [ebp + 0xc] mov dword [ebp - 0x20], eax imul eax, eax, 0x13c3 -cmp dword [edi + 0x2480], 3 +cmp dword [edi + 0x2481], 3 sete cl -lea esi, [edi + eax + 0x3756] +lea esi, [edi + eax + 0x3757] mov dword [ebp - 0x2c], ecx test dl, dl -je short loc_fffa9227 ; je 0xfffa9227 +je short loc_fffabd29 ; je 0xfffabd29 mov ecx, dword [ebp - 0x24] mov edi, 0x7f cmp ecx, 0x7f @@ -11829,28 +15440,28 @@ xor eax, eax test ecx, ecx cmovns eax, ecx cmp dl, 2 -je loc_fffa93cd ; je 0xfffa93cd -ja short loc_fffa91ff ; ja 0xfffa91ff +je loc_fffabecf ; je 0xfffabecf +ja short loc_fffabd01 ; ja 0xfffabd01 dec dl -je loc_fffa938c ; je 0xfffa938c -jmp near loc_fffa95bb ; jmp 0xfffa95bb +je loc_fffabe8e ; je 0xfffabe8e +jmp near loc_fffac0bd ; jmp 0xfffac0bd -loc_fffa91ff: ; not directly referenced +loc_fffabd01: ; not directly referenced cmp dl, 3 -je loc_fffa946a ; je 0xfffa946a +je loc_fffabf6c ; je 0xfffabf6c cmp dl, 4 -jne loc_fffa95bb ; jne 0xfffa95bb +jne loc_fffac0bd ; jne 0xfffac0bd cmp eax, 0x7f cmovg eax, edi movzx edi, byte [ebp - 0x34] xor edx, edx xor ebx, ebx mov dword [ebp - 0x24], edi -jmp near loc_fffa94ce ; jmp 0xfffa94ce +jmp near loc_fffabfd0 ; jmp 0xfffabfd0 -loc_fffa9227: ; not directly referenced +loc_fffabd29: ; not directly referenced cmp dword [ebp - 0x2c], 0 -je loc_fffa92fa ; je 0xfffa92fa +je loc_fffabdfc ; je 0xfffabdfc mov ecx, dword [ebp - 0x1c] xor ebx, ebx xor edi, edi @@ -11860,13 +15471,13 @@ add edx, ecx mov dword [ebp - 0x34], edx mov dword [ebp - 0x3c], eax -loc_fffa9249: ; not directly referenced +loc_fffabd4b: ; not directly referenced movzx edx, byte [ebp - 0x26] imul eax, ebx, 7 bt edx, ebx mov dword [ebp - 0x2c], eax movzx eax, byte [esi + ebx + 0x241] -jae loc_fffa92e7 ; jae 0xfffa92e7 +jae loc_fffabde9 ; jae 0xfffabde9 add eax, dword [ebp - 0x24] mov ecx, 0x80 cdq @@ -11875,10 +15486,10 @@ test dl, dl lea eax, [edx - 0x80] cmovns eax, edx cmp byte [ebp - 0x25], 0 -je short loc_fffa9284 ; je 0xfffa9284 +je short loc_fffabd86 ; je 0xfffabd86 mov byte [esi + ebx + 0x241], al -loc_fffa9284: ; not directly referenced +loc_fffabd86: ; not directly referenced mov cl, byte [ebp - 0x2c] movsx eax, al mov dword [ebp - 0x2c], 0 @@ -11890,13 +15501,13 @@ mov dword [ebp - 0x30], eax movzx eax, byte [ebp - 0x25] mov dword [ebp - 0x38], eax -loc_fffa92aa: ; not directly referenced +loc_fffabdac: ; not directly referenced mov cl, byte [ebp - 0x2c] mov eax, 1 shl eax, cl mov ecx, dword [ebp - 0x3c] -test byte [ecx + 0x381a], al -je short loc_fffa92dc ; je 0xfffa92dc +test byte [ecx + 0x381b], al +je short loc_fffabdde ; je 0xfffabdde movsx eax, byte [ebp - 0x24] push edx mov ecx, dword [ebp - 0x2c] @@ -11905,27 +15516,27 @@ mov edx, dword [ebp - 0x20] push eax mov eax, dword [ebp - 0x1c] push dword [ebp - 0x30] -call fcn_fffa9054 ; call 0xfffa9054 +call fcn_fffabb56 ; call 0xfffabb56 add esp, 0x10 -loc_fffa92dc: ; not directly referenced +loc_fffabdde: ; not directly referenced inc dword [ebp - 0x2c] cmp dword [ebp - 0x2c], 4 -jne short loc_fffa92aa ; jne 0xfffa92aa -jmp short loc_fffa92ee ; jmp 0xfffa92ee +jne short loc_fffabdac ; jne 0xfffabdac +jmp short loc_fffabdf0 ; jmp 0xfffabdf0 -loc_fffa92e7: ; not directly referenced +loc_fffabde9: ; not directly referenced mov cl, byte [ebp - 0x2c] shl eax, cl add edi, eax -loc_fffa92ee: ; not directly referenced +loc_fffabdf0: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffa9249 ; jne 0xfffa9249 -jmp short loc_fffa9379 ; jmp 0xfffa9379 +jne loc_fffabd4b ; jne 0xfffabd4b +jmp short loc_fffabe7b ; jmp 0xfffabe7b -loc_fffa92fa: ; not directly referenced +loc_fffabdfc: ; not directly referenced movzx eax, byte [ebp - 0x34] xor ebx, ebx xor edi, edi @@ -11933,13 +15544,13 @@ mov dword [ebp - 0x30], eax movzx eax, byte [ebp - 0x25] mov dword [ebp - 0x34], eax -loc_fffa930c: ; not directly referenced +loc_fffabe0e: ; not directly referenced mov edx, dword [ebp - 0x30] imul eax, ebx, 7 bt edx, ebx mov dword [ebp - 0x2c], eax movzx eax, byte [esi + ebx + 0x241] -jae short loc_fffa936c ; jae 0xfffa936c +jae short loc_fffabe6e ; jae 0xfffabe6e add eax, dword [ebp - 0x24] mov ecx, 0x80 cdq @@ -11948,10 +15559,10 @@ test dl, dl lea eax, [edx - 0x80] cmovns eax, edx cmp byte [ebp - 0x25], 0 -je short loc_fffa9342 ; je 0xfffa9342 +je short loc_fffabe44 ; je 0xfffabe44 mov byte [esi + ebx + 0x241], al -loc_fffa9342: ; not directly referenced +loc_fffabe44: ; not directly referenced mov cl, byte [ebp - 0x2c] movsx eax, al mov edx, dword [ebp - 0x20] @@ -11964,28 +15575,28 @@ push dword [ebp - 0x34] push eax mov eax, dword [ebp - 0x1c] push 0x1ff -call fcn_fffa9054 ; call 0xfffa9054 +call fcn_fffabb56 ; call 0xfffabb56 add esp, 0x10 -jmp short loc_fffa9373 ; jmp 0xfffa9373 +jmp short loc_fffabe75 ; jmp 0xfffabe75 -loc_fffa936c: ; not directly referenced +loc_fffabe6e: ; not directly referenced mov cl, byte [ebp - 0x2c] shl eax, cl add edi, eax -loc_fffa9373: ; not directly referenced +loc_fffabe75: ; not directly referenced inc ebx cmp ebx, 4 -jne short loc_fffa930c ; jne 0xfffa930c +jne short loc_fffabe0e ; jne 0xfffabe0e -loc_fffa9379: ; not directly referenced +loc_fffabe7b: ; not directly referenced mov edx, dword [ebp - 0x20] mov ecx, edi shl edx, 8 add edx, 0x180c -jmp near loc_fffa95ac ; jmp 0xfffa95ac +jmp near loc_fffac0ae ; jmp 0xfffac0ae -loc_fffa938c: ; not directly referenced +loc_fffabe8e: ; not directly referenced cmp eax, 0x7f mov edx, dword [ebp - 0x20] cmovle edi, eax @@ -11997,41 +15608,41 @@ or ecx, eax mov eax, dword [ebp - 0x1c] shl edx, 8 add edx, 0x1408 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x30], 0 -je loc_fffa95bb ; je 0xfffa95bb +je loc_fffac0bd ; je 0xfffac0bd mov dword [esi + 0x119], edi mov dword [esi + 0x11d], edi -jmp near loc_fffa95bb ; jmp 0xfffa95bb +jmp near loc_fffac0bd ; jmp 0xfffac0bd -loc_fffa93cd: ; not directly referenced +loc_fffabecf: ; not directly referenced cmp eax, 0x7f cmovle edi, eax cmp dword [ebp - 0x2c], 0 -je short loc_fffa940d ; je 0xfffa940d +je short loc_fffabf0f ; je 0xfffabf0f mov eax, edi test bl, 1 -jne short loc_fffa93e6 ; jne 0xfffa93e6 +jne short loc_fffabee8 ; jne 0xfffabee8 mov al, byte [esi + 0x111] -loc_fffa93e6: ; not directly referenced +loc_fffabee8: ; not directly referenced and eax, 0x7f and eax, 0x7f and bl, 2 -jne short loc_fffa93f8 ; jne 0xfffa93f8 +jne short loc_fffabefa ; jne 0xfffabefa movzx edi, byte [esi + 0x115] -loc_fffa93f8: ; not directly referenced +loc_fffabefa: ; not directly referenced and edi, 0x7f mov ebx, edi and ebx, 0x7f shl ebx, 7 or ebx, eax cmp byte [ebp - 0x30], 0 -jne short loc_fffa9441 ; jne 0xfffa9441 -jmp short loc_fffa9457 ; jmp 0xfffa9457 +jne short loc_fffabf43 ; jne 0xfffabf43 +jmp short loc_fffabf59 ; jmp 0xfffabf59 -loc_fffa940d: ; not directly referenced +loc_fffabf0f: ; not directly referenced mov eax, edi mov edx, dword [ebp - 0x20] and eax, 0x7f @@ -12042,13 +15653,13 @@ mov eax, dword [ebp - 0x1c] shl edx, 8 mov ecx, ebx add edx, 0x1208 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x30], 0 -je short loc_fffa9457 ; je 0xfffa9457 +je short loc_fffabf59 ; je 0xfffabf59 mov dword [esi + 0x109], edi mov dword [esi + 0x10d], edi -loc_fffa9441: ; not directly referenced +loc_fffabf43: ; not directly referenced mov eax, ebx and eax, 0x7f mov dword [esi + 0x111], eax @@ -12056,14 +15667,14 @@ mov eax, ebx shr eax, 7 mov dword [esi + 0x115], eax -loc_fffa9457: ; not directly referenced +loc_fffabf59: ; not directly referenced mov edx, dword [ebp - 0x20] mov ecx, ebx shl edx, 8 add edx, 0x1a08 -jmp near loc_fffa95ac ; jmp 0xfffa95ac +jmp near loc_fffac0ae ; jmp 0xfffac0ae -loc_fffa946a: ; not directly referenced +loc_fffabf6c: ; not directly referenced cmp eax, 0x7f mov edx, dword [ebp - 0x20] cmovle edi, eax @@ -12075,60 +15686,60 @@ or ecx, eax mov eax, dword [ebp - 0x1c] shl edx, 8 add edx, 0x1208 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x30], 0 -je loc_fffa95bb ; je 0xfffa95bb +je loc_fffac0bd ; je 0xfffac0bd mov dword [esi + 0x109], edi mov dword [esi + 0x10d], edi -jmp near loc_fffa95bb ; jmp 0xfffa95bb +jmp near loc_fffac0bd ; jmp 0xfffac0bd -loc_fffa94ab: ; not directly referenced +loc_fffabfad: ; not directly referenced imul ecx, edx, 7 mov edi, eax shl edi, cl add ebx, edi cmp byte [ebp - 0x25], 0 -je short loc_fffa94c8 ; je 0xfffa94c8 +je short loc_fffabfca ; je 0xfffabfca mov byte [esi + edx + 0x245], al mov byte [esi + edx + 0x249], al -loc_fffa94c8: ; not directly referenced +loc_fffabfca: ; not directly referenced inc edx cmp edx, 4 -je short loc_fffa94e7 ; je 0xfffa94e7 +je short loc_fffabfe9 ; je 0xfffabfe9 -loc_fffa94ce: ; not directly referenced +loc_fffabfd0: ; not directly referenced mov edi, dword [ebp - 0x24] bt edi, edx -jb short loc_fffa94ab ; jb 0xfffa94ab +jb short loc_fffabfad ; jb 0xfffabfad movzx edi, byte [esi + edx + 0x245] imul ecx, edx, 7 shl edi, cl add ebx, edi -jmp short loc_fffa94c8 ; jmp 0xfffa94c8 +jmp short loc_fffabfca ; jmp 0xfffabfca -loc_fffa94e7: ; not directly referenced +loc_fffabfe9: ; not directly referenced cmp dword [ebp - 0x2c], 0 -je short loc_fffa950e ; je 0xfffa950e +je short loc_fffac010 ; je 0xfffac010 mov eax, dword [ebp - 0x1c] cmp byte [eax + 0x240a], 0 -je short loc_fffa950e ; je 0xfffa950e +je short loc_fffac010 ; je 0xfffac010 movzx eax, byte [esi + 0x245] and ebx, 0xffe03fff and eax, 0x7f shl eax, 0xe or ebx, eax -loc_fffa950e: ; not directly referenced +loc_fffac010: ; not directly referenced mov eax, dword [ebp - 0x20] mov ecx, ebx shl eax, 8 mov dword [ebp - 0x24], eax lea edx, [eax + 0x1c18] mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x2c], 0 -je short loc_fffa959b ; je 0xfffa959b +je short loc_fffac09d ; je 0xfffac09d mov eax, dword [ebp - 0x1c] xor edi, edi mov ecx, dword [ebp - 0x20] @@ -12138,29 +15749,29 @@ shl ecx, 2 sar ebx, cl and ebx, 0xf -loc_fffa954b: ; not directly referenced +loc_fffac04d: ; not directly referenced xor edx, edx -loc_fffa954d: ; not directly referenced +loc_fffac04f: ; not directly referenced mov cl, dl mov eax, ebx shr eax, cl mov ecx, eax and ecx, 1 cmp ecx, edi -jne short loc_fffa956c ; jne 0xfffa956c +jne short loc_fffac06e ; jne 0xfffac06e movzx eax, byte [esi + edi + 0x249] imul ecx, edx, 7 shl eax, cl add dword [ebp - 0x20], eax -loc_fffa956c: ; not directly referenced +loc_fffac06e: ; not directly referenced inc edx cmp edx, 4 -jne short loc_fffa954d ; jne 0xfffa954d +jne short loc_fffac04f ; jne 0xfffac04f inc edi cmp edi, 4 -jne short loc_fffa954b ; jne 0xfffa954b +jne short loc_fffac04d ; jne 0xfffac04d mov eax, dword [ebp - 0x20] mov ecx, eax mov edx, eax @@ -12175,22 +15786,22 @@ shr edx, 1 shl edx, 0xe or ebx, edx -loc_fffa959b: ; not directly referenced +loc_fffac09d: ; not directly referenced mov edx, dword [ebp - 0x24] and ebx, 0xf01fffff mov ecx, ebx add edx, 0x1218 -loc_fffa95ac: ; not directly referenced +loc_fffac0ae: ; not directly referenced mov eax, dword [ebp - 0x1c] lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -loc_fffa95bb: ; not directly referenced +loc_fffac0bd: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -12198,7 +15809,7 @@ pop edi pop ebp ret -fcn_fffa95c3: ; not directly referenced +fcn_fffac0c5: ; not directly referenced push ebp mov ebp, esp push edi @@ -12206,9 +15817,9 @@ push esi push ebx sub esp, 0x2c mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x5edc] -mov edi, dword [ebx + 0x2443] -mov esi, dword [ebx + 0x36e3] +mov eax, dword [ebx + 0x5edd] +mov edi, dword [ebx + 0x2444] +mov esi, dword [ebx + 0x36e4] mov dword [ebp - 0x2c], eax mov eax, dword [ebx + 0x188b] mov dword [ebp - 0x20], esi @@ -12250,141 +15861,141 @@ and ecx, 7 dec edi cmp edi, 0x7ffffffd cmovbe esi, dword [ebx + 0x1872] -mov dword [ebx + 0x36e3], eax -mov dword [ebx + 0x36d3], esi +mov dword [ebx + 0x36e4], eax +mov dword [ebx + 0x36d4], esi and edx, 7 -je short loc_fffa968c ; je 0xfffa968c +je short loc_fffac18e ; je 0xfffac18e cmp eax, 2 -jne short loc_fffa9696 ; jne 0xfffa9696 +jne short loc_fffac198 ; jne 0xfffac198 cmp dword [ebp - 0x1c], 0 -jne short loc_fffa9696 ; jne 0xfffa9696 +jne short loc_fffac198 ; jne 0xfffac198 -loc_fffa968c: ; not directly referenced -mov dword [ebx + 0x36e3], 0 +loc_fffac18e: ; not directly referenced +mov dword [ebx + 0x36e4], 0 -loc_fffa9696: ; not directly referenced +loc_fffac198: ; not directly referenced cmp dword [ebp - 0x24], 0 -mov edi, dword [ebx + 0x36e3] -je short loc_fffa96bb ; je 0xfffa96bb +mov edi, dword [ebx + 0x36e4] +je short loc_fffac1bd ; je 0xfffac1bd test edx, edx -je short loc_fffa96f3 ; je 0xfffa96f3 -mov byte [ebx + 0x247e], 1 +je short loc_fffac1f5 ; je 0xfffac1f5 +mov byte [ebx + 0x247f], 1 mov edx, 7 mov dword [ebp - 0x28], 0 -jmp short loc_fffa96c7 ; jmp 0xfffa96c7 +jmp short loc_fffac1c9 ; jmp 0xfffac1c9 -loc_fffa96bb: ; not directly referenced +loc_fffac1bd: ; not directly referenced movzx eax, cl xor esi, esi mov dword [ebp - 0x28], eax test edx, edx -je short loc_fffa96e3 ; je 0xfffa96e3 +je short loc_fffac1e5 ; je 0xfffac1e5 -loc_fffa96c7: ; not directly referenced +loc_fffac1c9: ; not directly referenced sub esp, 0xc add edx, 6 push 0x5f5e100 mov ecx, 1 mov eax, ebx -call fcn_fffaefe1 ; call 0xfffaefe1 +call fcn_fffb3d18 ; call 0xfffb3d18 add esp, 0x10 mov esi, eax -loc_fffa96e3: ; not directly referenced +loc_fffac1e5: ; not directly referenced mov eax, dword [ebp - 0x28] test eax, eax -je short loc_fffa96f5 ; je 0xfffa96f5 +je short loc_fffac1f7 ; je 0xfffac1f7 mov edx, 0xb sub edx, eax -jmp short loc_fffa96fa ; jmp 0xfffa96fa +jmp short loc_fffac1fc ; jmp 0xfffac1fc -loc_fffa96f3: ; not directly referenced +loc_fffac1f5: ; not directly referenced xor esi, esi -loc_fffa96f5: ; not directly referenced +loc_fffac1f7: ; not directly referenced mov edx, 0xa -loc_fffa96fa: ; not directly referenced +loc_fffac1fc: ; not directly referenced sub esp, 0xc xor ecx, ecx push 0x5f5e100 mov eax, ebx -call fcn_fffaefe1 ; call 0xfffaefe1 +call fcn_fffb3d18 ; call 0xfffb3d18 mov ecx, dword [ebp - 0x2c] add esp, 0x10 mov dl, byte [ebp - 0x2d] mov dword [ecx + 0x1c6], esi mov byte [ecx + 0x1ca], dl cmp dword [ebx + 0x18a7], 0 -je short loc_fffa9745 ; je 0xfffa9745 +je short loc_fffac247 ; je 0xfffac247 cmp dword [ebp - 0x24], 0 -je short loc_fffa9737 ; je 0xfffa9737 +je short loc_fffac239 ; je 0xfffac239 cmp edi, 1 cmove eax, esi -jmp short loc_fffa9747 ; jmp 0xfffa9747 +jmp short loc_fffac249 ; jmp 0xfffac249 -loc_fffa9737: ; not directly referenced +loc_fffac239: ; not directly referenced xor edi, edi cmp esi, eax -jbe short loc_fffa9747 ; jbe 0xfffa9747 +jbe short loc_fffac249 ; jbe 0xfffac249 mov eax, esi mov di, 1 -jmp short loc_fffa9747 ; jmp 0xfffa9747 +jmp short loc_fffac249 ; jmp 0xfffac249 -loc_fffa9745: ; not directly referenced +loc_fffac247: ; not directly referenced xor edi, edi -loc_fffa9747: ; not directly referenced -cmp eax, dword [ebx + 0x36d3] -jae short loc_fffa976a ; jae 0xfffa976a +loc_fffac249: ; not directly referenced +cmp eax, dword [ebx + 0x36d4] +jae short loc_fffac26c ; jae 0xfffac26c cmp dword [ebx + 0x1877], 2 -mov dword [ebx + 0x36d3], eax -je short loc_fffa9764 ; je 0xfffa9764 +mov dword [ebx + 0x36d4], eax +je short loc_fffac266 ; je 0xfffac266 cmp dword [ebp - 0x1c], 0 -jne short loc_fffa976a ; jne 0xfffa976a +jne short loc_fffac26c ; jne 0xfffac26c -loc_fffa9764: ; not directly referenced -mov dword [ebx + 0x36e3], edi +loc_fffac266: ; not directly referenced +mov dword [ebx + 0x36e4], edi -loc_fffa976a: ; not directly referenced +loc_fffac26c: ; not directly referenced cmp dword [ebp - 0x20], 1 -jne short loc_fffa978e ; jne 0xfffa978e +jne short loc_fffac290 ; jne 0xfffac290 cmp dword [ebx + 0x1877], 2 -jne short loc_fffa978e ; jne 0xfffa978e +jne short loc_fffac290 ; jne 0xfffac290 cmp dword [ebx + 0x1887], 0x306d0 -jne short loc_fffa978e ; jne 0xfffa978e +jne short loc_fffac290 ; jne 0xfffac290 cmp dword [ebx + 0x1883], 4 -ja short loc_fffa9797 ; ja 0xfffa9797 +ja short loc_fffac299 ; ja 0xfffac299 -loc_fffa978e: ; not directly referenced -cmp dword [ebx + 0x36e3], 2 -jne short loc_fffa97a0 ; jne 0xfffa97a0 +loc_fffac290: ; not directly referenced +cmp dword [ebx + 0x36e4], 2 +jne short loc_fffac2a2 ; jne 0xfffac2a2 -loc_fffa9797: ; not directly referenced +loc_fffac299: ; not directly referenced mov eax, dword [ebp - 0x20] -mov dword [ebx + 0x36e3], eax +mov dword [ebx + 0x36e4], eax -loc_fffa97a0: ; not directly referenced -mov ecx, dword [ebx + 0x36d3] -mov edx, ref_fffd34b0 ; mov edx, 0xfffd34b0 +loc_fffac2a2: ; not directly referenced +mov ecx, dword [ebx + 0x36d4] +mov edx, ref_fffd37fc ; mov edx, 0xfffd37fc xor eax, eax -loc_fffa97ad: ; not directly referenced +loc_fffac2af: ; not directly referenced add edx, 9 cmp ecx, dword [edx - 5] -jne short loc_fffa97c0 ; jne 0xfffa97c0 +jne short loc_fffac2c2 ; jne 0xfffac2c2 lea eax, [eax + eax*8] -mov eax, dword [eax + ref_fffd34b0] ; mov eax, dword [eax - 0x2cb50] -jmp short loc_fffa97cb ; jmp 0xfffa97cb +mov eax, dword [eax + ref_fffd37fc] ; mov eax, dword [eax - 0x2c804] +jmp short loc_fffac2cd ; jmp 0xfffac2cd -loc_fffa97c0: ; not directly referenced +loc_fffac2c2: ; not directly referenced inc eax cmp eax, 0x15 -jne short loc_fffa97ad ; jne 0xfffa97ad +jne short loc_fffac2af ; jne 0xfffac2af mov eax, 0x2625a0 -loc_fffa97cb: ; not directly referenced -mov dword [ebx + 0x36db], eax +loc_fffac2cd: ; not directly referenced +mov dword [ebx + 0x36dc], eax lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -12393,7 +16004,7 @@ pop edi pop ebp ret -fcn_fffa97db: ; not directly referenced +fcn_fffac2dd: ; not directly referenced push ebp mov ebp, esp push edi @@ -12404,31 +16015,31 @@ mov eax, dword [ebp + 8] mov dword [ebp - 0x88], 0 mov dword [ebp - 0x94], 0 mov dword [ebp - 0x90], 0 -mov byte [eax + 0x36ca], 8 +mov byte [eax + 0x36cb], 8 add eax, 0x1973 mov dword [ebp - 0x9c], eax mov eax, dword [ebp + 8] mov dword [ebp - 0x7c], 0x17 mov dword [ebp - 0x80], eax -loc_fffa9827: ; not directly referenced +loc_fffac329: ; not directly referenced mov eax, dword [ebp - 0x80] xor ebx, ebx -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x8c], eax mov eax, dword [ebp - 0x9c] mov dword [ebp - 0x84], eax mov dword [ebp - 0x98], eax mov eax, dword [ebp - 0x88] -add eax, 0x48c9 +add eax, 0x48ca mov dword [ebp - 0xa0], eax -loc_fffa985a: ; not directly referenced +loc_fffac35c: ; not directly referenced mov eax, dword [ebp - 0x98] cmp dword [eax], 1 -ja loc_fffa99f8 ; ja 0xfffa99f8 +ja loc_fffac4fa ; ja 0xfffac4fa mov eax, dword [ebp - 0x84] -mov esi, ref_fffd33d4 ; mov esi, 0xfffd33d4 +mov esi, ref_fffd3768 ; mov esi, 0xfffd3768 mov ecx, 0xd lea edi, [ebp - 0x78] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] @@ -12437,27 +16048,27 @@ mov eax, dword [ebp - 0xa0] lea esi, [eax + ebx] mov eax, dword [ebp - 0x80] add esi, dword [ebp + 8] -mov dword [eax + ebx + 0x48c9], 3 +mov dword [eax + ebx + 0x48ca], 3 xor eax, eax -loc_fffa989d: ; not directly referenced +loc_fffac39f: ; not directly referenced inc eax cmp byte [edi + eax - 1], 0 -je short loc_fffa98ae ; je 0xfffa98ae +je short loc_fffac3b0 ; je 0xfffac3b0 xor edx, edx mov eax, 1 -jmp short loc_fffa98ba ; jmp 0xfffa98ba +jmp short loc_fffac3bc ; jmp 0xfffac3bc -loc_fffa98ae: ; not directly referenced +loc_fffac3b0: ; not directly referenced cmp eax, 0x200 -jne short loc_fffa989d ; jne 0xfffa989d -jmp near loc_fffa99f8 ; jmp 0xfffa99f8 +jne short loc_fffac39f ; jne 0xfffac39f +jmp near loc_fffac4fa ; jmp 0xfffac4fa -loc_fffa98ba: ; not directly referenced +loc_fffac3bc: ; not directly referenced cmp dl, 0xc setbe cl test cl, al -je short loc_fffa98e6 ; je 0xfffa98e6 +je short loc_fffac3e8 ; je 0xfffac3e8 push eax movzx eax, dl push esi @@ -12469,17 +16080,17 @@ mov edx, dword [ebp - 0xa4] add esp, 0x10 inc edx and eax, 1 -jmp short loc_fffa98ba ; jmp 0xfffa98ba +jmp short loc_fffac3bc ; jmp 0xfffac3bc -loc_fffa98e6: ; not directly referenced +loc_fffac3e8: ; not directly referenced test eax, eax mov eax, dword [ebp - 0x80] -jne short loc_fffa98fd ; jne 0xfffa98fd -mov dword [eax + ebx + 0x48c9], 1 -jmp near loc_fffa99f8 ; jmp 0xfffa99f8 +jne short loc_fffac3ff ; jne 0xfffac3ff +mov dword [eax + ebx + 0x48ca], 1 +jmp near loc_fffac4fa ; jmp 0xfffac4fa -loc_fffa98fd: ; not directly referenced -mov dword [eax + ebx + 0x48c9], 2 +loc_fffac3ff: ; not directly referenced +mov dword [eax + ebx + 0x48ca], 2 mov eax, dword [ebp - 0x84] mov al, byte [eax + 0x4a] cmp al, 0xf1 @@ -12487,96 +16098,96 @@ sete cl cmp al, 0xb sete dl or cl, dl -je short loc_fffa9931 ; je 0xfffa9931 +je short loc_fffac433 ; je 0xfffac433 mov eax, dword [ebp - 0x84] mov edx, 0xb add eax, 0xbd -jmp short loc_fffa994b ; jmp 0xfffa994b +jmp short loc_fffac44d ; jmp 0xfffac44d -loc_fffa9931: ; not directly referenced +loc_fffac433: ; not directly referenced cmp al, 0xc -jne short loc_fffa9947 ; jne 0xfffa9947 +jne short loc_fffac449 ; jne 0xfffac449 mov eax, dword [ebp - 0x84] mov edx, 9 add eax, 0x188 -jmp short loc_fffa994b ; jmp 0xfffa994b +jmp short loc_fffac44d ; jmp 0xfffac44d -loc_fffa9947: ; not directly referenced +loc_fffac449: ; not directly referenced xor edx, edx xor eax, eax -loc_fffa994b: ; not directly referenced +loc_fffac44d: ; not directly referenced mov edi, dword [ebp - 0x88] -lea ecx, [edi + ebx + 0x49b4] +lea ecx, [edi + ebx + 0x49b5] add ecx, dword [ebp + 8] -call fcn_fffaf03f ; call 0xfffaf03f +call fcn_fffb3d76 ; call 0xfffb3d76 mov eax, dword [ebp - 0x84] cmp dword [eax], 1 -jne short loc_fffa9979 ; jne 0xfffa9979 +jne short loc_fffac47b ; jne 0xfffac47b mov eax, dword [ebp - 0x80] -mov dword [eax + ebx + 0x48c9], 1 +mov dword [eax + ebx + 0x48ca], 1 -loc_fffa9979: ; not directly referenced +loc_fffac47b: ; not directly referenced mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2480] +mov eax, dword [eax + 0x2481] test eax, eax -jne short loc_fffa999e ; jne 0xfffa999e +jne short loc_fffac4a0 ; jne 0xfffac4a0 mov eax, dword [ebp - 0x8c] mov edi, dword [ebp + 8] mov eax, dword [eax + ebx + 0x1248] -mov dword [edi + 0x2480], eax -jmp short loc_fffa99b7 ; jmp 0xfffa99b7 +mov dword [edi + 0x2481], eax +jmp short loc_fffac4b9 ; jmp 0xfffac4b9 -loc_fffa999e: ; not directly referenced +loc_fffac4a0: ; not directly referenced mov esi, dword [ebp - 0x8c] cmp eax, dword [esi + ebx + 0x1248] mov eax, 0x1a cmove eax, dword [ebp - 0x7c] mov dword [ebp - 0x7c], eax -loc_fffa99b7: ; not directly referenced +loc_fffac4b9: ; not directly referenced cmp dword [ebp - 0x90], 0 mov eax, dword [ebp - 0x8c] -jne short loc_fffa99d5 ; jne 0xfffa99d5 +jne short loc_fffac4d7 ; jne 0xfffac4d7 mov eax, dword [eax + ebx + 0x124c] mov dword [ebp - 0x90], eax -jmp short loc_fffa99e8 ; jmp 0xfffa99e8 +jmp short loc_fffac4ea ; jmp 0xfffac4ea -loc_fffa99d5: ; not directly referenced +loc_fffac4d7: ; not directly referenced mov edi, dword [ebp - 0x90] cmp edi, dword [eax + ebx + 0x124c] -jne loc_fffa9b58 ; jne 0xfffa9b58 +jne loc_fffac65a ; jne 0xfffac65a -loc_fffa99e8: ; not directly referenced +loc_fffac4ea: ; not directly referenced cmp dword [ebp - 0x7c], 0x1a -je loc_fffa9b81 ; je 0xfffa9b81 +je loc_fffac683 ; je 0xfffac683 inc dword [ebp - 0x94] -loc_fffa99f8: ; not directly referenced +loc_fffac4fa: ; not directly referenced add ebx, 0x128 add dword [ebp - 0x98], 0x277 add dword [ebp - 0x84], 0x277 cmp ebx, 0x250 -jne loc_fffa985a ; jne 0xfffa985a +jne loc_fffac35c ; jne 0xfffac35c add dword [ebp - 0x88], 0x13c3 add dword [ebp - 0x9c], 0x54a add dword [ebp - 0x80], 0x13c3 cmp dword [ebp - 0x88], 0x2786 -jne loc_fffa9827 ; jne 0xfffa9827 +jne loc_fffac329 ; jne 0xfffac329 cmp dword [ebp - 0x94], 0 -je loc_fffa9b81 ; je 0xfffa9b81 +je loc_fffac683 ; je 0xfffac683 lea edi, [ebp - 0x78] -mov esi, ref_fffd3408 ; mov esi, 0xfffd3408 +mov esi, ref_fffd379c ; mov esi, 0xfffd379c mov ecx, 0x18 xor ebx, ebx rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov eax, 1 -loc_fffa9a6c: ; not directly referenced +loc_fffac56e: ; not directly referenced cmp bl, 0x17 setbe dl test dl, al -je short loc_fffa9a8c ; je 0xfffa9a8c +je short loc_fffac58e ; je 0xfffac58e sub esp, 0xc movzx eax, bl push dword [ebp + 8] @@ -12584,88 +16195,88 @@ inc ebx call dword [ebp + eax*4 - 0x78] ; ucall add esp, 0x10 and eax, 1 -jmp short loc_fffa9a6c ; jmp 0xfffa9a6c +jmp short loc_fffac56e ; jmp 0xfffac56e -loc_fffa9a8c: ; not directly referenced +loc_fffac58e: ; not directly referenced test eax, eax -je loc_fffa9b81 ; je 0xfffa9b81 +je loc_fffac683 ; je 0xfffac683 mov eax, dword [ebp + 8] mov esi, dword [ebp + 8] -mov byte [eax + 0x3748], 1 -add eax, 0x48c9 -add esi, 0x704f +mov byte [eax + 0x3749], 1 +add eax, 0x48ca +add esi, 0x7050 -loc_fffa9aac: ; not directly referenced +loc_fffac5ae: ; not directly referenced mov edx, eax xor ecx, ecx -loc_fffa9ab0: ; not directly referenced +loc_fffac5b2: ; not directly referenced mov edi, dword [edx] lea ebx, [edi - 1] cmp ebx, 1 -ja short loc_fffa9ac0 ; ja 0xfffa9ac0 +ja short loc_fffac5c2 ; ja 0xfffac5c2 inc dword [eax - 0x10b3] -loc_fffa9ac0: ; not directly referenced +loc_fffac5c2: ; not directly referenced cmp dword [edx], 2 -jne short loc_fffa9b16 ; jne 0xfffa9b16 +jne short loc_fffac618 ; jne 0xfffac618 mov bl, byte [edx + 0xed] cmp bl, 1 -je short loc_fffa9adb ; je 0xfffa9adb +je short loc_fffac5dd ; je 0xfffac5dd cmp bl, 2 sete bl lea ebx, [ebx + ebx*2] -jmp short loc_fffa9add ; jmp 0xfffa9add +jmp short loc_fffac5df ; jmp 0xfffac5df -loc_fffa9adb: ; not directly referenced +loc_fffac5dd: ; not directly referenced mov bl, 1 -loc_fffa9add: ; not directly referenced +loc_fffac5df: ; not directly referenced mov edi, dword [ebp + 8] movzx ebx, bl shl ebx, cl or byte [eax - 0x10af], bl mov bl, byte [edx + 0xcc] -and byte [edi + 0x3748], bl -mov bl, byte [edi + 0x36ca] +and byte [edi + 0x3749], bl +mov bl, byte [edi + 0x36cb] movzx edi, byte [edx + 0xf4] cmp byte [edx + 0xf4], bl cmovbe ebx, edi mov edi, dword [ebp + 8] -mov byte [edi + 0x36ca], bl +mov byte [edi + 0x36cb], bl -loc_fffa9b16: ; not directly referenced +loc_fffac618: ; not directly referenced add ecx, 2 add edx, 0x128 cmp ecx, 4 -jne short loc_fffa9ab0 ; jne 0xfffa9ab0 +jne short loc_fffac5b2 ; jne 0xfffac5b2 cmp dword [eax - 0x10b3], 0 -je short loc_fffa9b49 ; je 0xfffa9b49 +je short loc_fffac64b ; je 0xfffac64b cmp byte [eax - 0x10af], 0 -je short loc_fffa9b49 ; je 0xfffa9b49 +je short loc_fffac64b ; je 0xfffac64b mov ecx, dword [ebp + 8] -inc byte [ecx + 0x3755] +inc byte [ecx + 0x3756] mov dword [eax - 0x1173], 2 -loc_fffa9b49: ; not directly referenced +loc_fffac64b: ; not directly referenced add eax, 0x13c3 cmp eax, esi -jne loc_fffa9aac ; jne 0xfffa9aac -jmp short loc_fffa9b61 ; jmp 0xfffa9b61 +jne loc_fffac5ae ; jne 0xfffac5ae +jmp short loc_fffac663 ; jmp 0xfffac663 -loc_fffa9b58: ; not directly referenced +loc_fffac65a: ; not directly referenced mov dword [ebp - 0x7c], 0x1a -jmp short loc_fffa9b81 ; jmp 0xfffa9b81 +jmp short loc_fffac683 ; jmp 0xfffac683 -loc_fffa9b61: ; not directly referenced +loc_fffac663: ; not directly referenced mov eax, dword [ebp + 8] -cmp byte [eax + 0x3755], 0 -je short loc_fffa9b81 ; je 0xfffa9b81 +cmp byte [eax + 0x3756], 0 +je short loc_fffac683 ; je 0xfffac683 mov eax, dword [ebp + 8] mov dword [ebp - 0x7c], 0 -mov dword [eax + 0x374e], 2 +mov dword [eax + 0x374f], 2 -loc_fffa9b81: ; not directly referenced +loc_fffac683: ; not directly referenced mov eax, dword [ebp - 0x7c] lea esp, [ebp - 0xc] pop ebx @@ -12674,510 +16285,202 @@ pop edi pop ebp ret -fcn_fffa9b8c: ; not directly referenced +fcn_fffac68e: ; not directly referenced push ebp -mov ecx, 3 mov ebp, esp push edi push esi -mov esi, ref_fffd3468 ; mov esi, 0xfffd3468 -push ebx -mov ebx, eax -sub esp, 0xc0 -lea edi, [ebp - 0x80] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x74] -mov esi, ref_fffd3474 ; mov esi, 0xfffd3474 -mov dword [ebp - 0x8c], eax -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x68] -mov esi, ref_fffd3480 ; mov esi, 0xfffd3480 -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x5c] -mov esi, ref_fffd348c ; mov esi, 0xfffd348c -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x50] -mov esi, ref_fffd3498 ; mov esi, 0xfffd3498 -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x44] -mov esi, ref_fffd34a4 ; mov esi, 0xfffd34a4 -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [eax + 0x5edc] -mov edx, edi -mov dword [ebp - 0x9c], edi -mov edi, dword [eax + 0x2443] -mov al, byte [eax + 0x2488] -mov esi, edi -mov dword [ebp - 0xa0], edi -movzx edi, byte [ebx + 0x248e] -mov byte [ebp - 0x95], al -mov eax, edx -push 0 -add eax, 0x1bc -push 8 -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -mov edx, 0x3a1c -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x3a1c -mov ecx, eax mov esi, eax -and ecx, 0xfffe003f -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, ebx -mov dword [ebp - 0x8c], ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -mov ebx, eax -mov eax, dword [ebp - 0x8c] -or bh, 1 -mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x8c] -mov edx, 0x78 -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp - 0x8c] -mov edx, 0x3a00 -call fcn_fffae52a ; call 0xfffae52a -mov ecx, esi -mov esi, dword [ebp - 0x8c] -mov dword [ebp - 0x94], eax -mov eax, dword [ebp - 0x8c] -shr dword [ebp - 0x94], 0xf -and dword [ebp - 0x94], 0x1f -mov ax, word [eax + 0x1904] -shr ax, 7 -movzx edx, ax -mov eax, esi -mov dword [ebp - 0xa8], edx -mov edx, 0x3a1c -call fcn_fffae58c ; call 0xfffae58c -mov ecx, ebx -mov edx, 0x5f08 -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x78 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -mov edx, 0x2008 -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -add esp, 0x10 -test ah, 4 -mov eax, edi -je short loc_fffa9d16 ; je 0xfffa9d16 -cmp al, 3 -je short loc_fffa9d2a ; je 0xfffa9d2a -lea eax, [ebp - 0x74] -mov edx, eax -lea eax, [ebp - 0x68] -jmp short loc_fffa9d22 ; jmp 0xfffa9d22 - -loc_fffa9d16: ; not directly referenced -cmp al, 3 -je short loc_fffa9d2f ; je 0xfffa9d2f -lea eax, [ebp - 0x50] -mov edx, eax -lea eax, [ebp - 0x44] - -loc_fffa9d22: ; not directly referenced -and edi, 1 -cmovne eax, edx -jmp short loc_fffa9d32 ; jmp 0xfffa9d32 - -loc_fffa9d2a: ; not directly referenced -lea eax, [ebp - 0x80] -jmp short loc_fffa9d32 ; jmp 0xfffa9d32 - -loc_fffa9d2f: ; not directly referenced -lea eax, [ebp - 0x5c] +push ebx +movzx ebx, dl +sub esp, 0x2c +mov eax, dword [ebp + 0x10] +imul edx, ebx, 0x13c3 +cmp dword [ebp + 8], 0 +mov byte [ebp - 0x20], cl +mov dword [ebp - 0x2c], eax +mov cl, al +lea eax, [esi + edx + 0x3757] +mov dword [ebp - 0x1c], eax +je short loc_fffac6c6 ; je 0xfffac6c6 +mov al, byte [eax + 0xc4] +mov byte [ebp - 0x20], al -loc_fffa9d32: ; not directly referenced -mov dword [ebp - 0x90], eax -mov eax, dword [ebp - 0x9c] +loc_fffac6c6: ; not directly referenced +cmp dword [esi + 0x2481], 3 +sete byte [ebp - 0x24] xor edi, edi -add eax, 0x1c -mov dword [ebp - 0xa4], eax -mov esi, eax - -loc_fffa9d4b: ; not directly referenced -imul eax, edi, 0x13c3 -mov edx, dword [ebp - 0x8c] -xor ebx, ebx -cmp dword [edx + eax + 0x3756], 2 -jne short loc_fffa9dc5 ; jne 0xfffa9dc5 - -loc_fffa9d63: ; not directly referenced -cmp byte [ebp - 0x95], bl -jbe short loc_fffa9d9f ; jbe 0xfffa9d9f -or byte [esi + ebx*4 + 0x28], 0x20 -mov ecx, ebx -mov eax, dword [esi + ebx*4 + 0x28] -mov edx, edi -inc ebx -mov dword [ebp - 0xac], eax -mov eax, dword [ebp - 0x8c] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0xac] -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa9d63 ; jmp 0xfffa9d63 - -loc_fffa9d9f: ; not directly referenced -mov eax, dword [ebp - 0x8c] -mov ecx, 0xff -mov edx, edi -mov ebx, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 -or bh, 1 -mov ecx, ebx -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffa9dc5: ; not directly referenced -inc edi -add esi, 0xcc -cmp edi, 2 -jne loc_fffa9d4b ; jne 0xfffa9d4b -mov eax, dword [ebp - 0x90] -lea ebx, [ebp - 0x38] -inc eax -mov dword [ebp - 0xbc], eax -mov esi, eax - -loc_fffa9de7: ; not directly referenced -mov edi, dword [ebp - 0x8c] -add ebx, 4 -add esi, 3 -movzx edx, byte [esi - 4] -movzx ecx, byte [esi - 3] -mov eax, edi -call fcn_fffa75da ; call 0xfffa75da -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebx - 4], eax -lea eax, [ebp - 0x28] -cmp ebx, eax -jne short loc_fffa9de7 ; jne 0xfffa9de7 -imul eax, dword [ebp - 0x94], 0x1f0 -mov ecx, 0x3e8 -imul eax, dword [ebp - 0xa8] -xor edx, edx -mov byte [ebp - 0xa8], 1 -div ecx -lea edi, [eax + 0x14a] -add eax, 0x226 -mov dword [ebp - 0xb8], eax -mov eax, dword [ebp - 0x9c] -mov dword [ebp - 0xb4], edi -add eax, 0x1bd -mov dword [ebp - 0xac], eax - -loc_fffa9e5e: ; not directly referenced -mov eax, dword [ebp - 0xa4] -xor ebx, ebx -mov dword [ebp - 0x94], eax -mov eax, dword [ebp - 0xa8] -and eax, 7 -mov dword [ebp - 0x9c], eax - -loc_fffa9e7b: ; not directly referenced -imul eax, ebx, 0x13c3 -mov edi, dword [ebp - 0x8c] -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffa9eb0 ; je 0xfffa9eb0 - -loc_fffa9e91: ; not directly referenced -inc ebx -add dword [ebp - 0x94], 0xcc -cmp ebx, 2 -jne short loc_fffa9e7b ; jne 0xfffa9e7b -mov dword [ebp - 0x94], 0 -jmp near loc_fffaa085 ; jmp 0xfffaa085 - -loc_fffa9eb0: ; not directly referenced -xor esi, esi +imul edx, ebx, 0x13c3 +lea eax, [esi + edx] +mov dword [ebp - 0x30], eax +movzx eax, cl +mov dword [ebp - 0x28], eax -loc_fffa9eb2: ; not directly referenced -mov eax, esi -cmp byte [ebp - 0x95], al -jbe short loc_fffa9e91 ; jbe 0xfffa9e91 -mov eax, dword [ebp - 0x94] -mov ecx, esi -mov edx, ebx -mov edi, dword [eax + esi*4 + 4] -inc esi -mov eax, dword [ebp - 0x9c] -and edi, 0xffffe3ff -shl eax, 0xa -or edi, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffa724b ; call 0xfffa724b +loc_fffac6e5: ; not directly referenced +mov eax, dword [ebp - 0x30] +mov edx, 1 mov ecx, edi -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa9eb2 ; jmp 0xfffa9eb2 - -loc_fffa9ef8: ; not directly referenced -imul eax, edi, 0x13c3 -mov edx, dword [ebp - 0x8c] -cmp dword [edx + eax + 0x3756], 2 -je loc_fffaa0c3 ; je 0xfffaa0c3 - -loc_fffa9f12: ; not directly referenced -inc edi -add dword [ebp - 0x9c], 0xcc -cmp edi, 2 -jne short loc_fffa9ef8 ; jne 0xfffa9ef8 -mov byte [ebp - 0x9c], 0 - -loc_fffa9f29: ; not directly referenced -mov esi, dword [ebp - 0x9c] -lea edi, [ebp - 0x28] -mov ebx, dword [ebp - 0x90] -and esi, 1 -shl esi, 0x1d -or esi, 0x2000000 - -loc_fffa9f44: ; not directly referenced -movzx eax, byte [ebx + 2] -and esi, 0xefffffff -movzx ecx, byte [ebx + 1] -movzx edx, byte [ebx] -and eax, 1 -shl eax, 0x1c -or esi, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffa75da ; call 0xfffa75da -mov ecx, esi -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0xa0] -call dword [eax + 0x54] ; ucall -add eax, 0x3e8 -mov dword [ebp - 0xb0], eax - -loc_fffa9f8b: ; not directly referenced -mov esi, dword [ebp - 0x8c] -movzx edx, byte [ebx] -movzx ecx, byte [ebx + 1] -mov eax, esi -call fcn_fffa75da ; call 0xfffa75da -mov edx, eax -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov esi, eax -test eax, 0x40000000 -jne loc_fffaa108 ; jne 0xfffaa108 -mov eax, dword [ebp - 0xa0] -call dword [eax + 0x54] ; ucall -cmp dword [ebp - 0xb0], eax -ja short loc_fffa9f8b ; ja 0xfffa9f8b - -loc_fffa9fc6: ; not directly referenced -movzx ecx, byte [ebx + 1] -add edi, 4 -add ebx, 3 -movzx edx, byte [ebx - 3] -mov eax, dword [ebp - 0x8c] -call fcn_fffa75da ; call 0xfffa75da -xor ecx, ecx -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -lea eax, [ebp - 0x18] -cmp edi, eax -jne loc_fffa9f44 ; jne 0xfffa9f44 -inc byte [ebp - 0x9c] -cmp byte [ebp - 0x9c], 2 -jne loc_fffa9f29 ; jne 0xfffa9f29 -mov ecx, dword [ebp - 0x28] -mov ebx, dword [ebp - 0x1c] -mov edx, dword [ebp - 0x20] -mov eax, dword [ebp - 0x24] -mov esi, ecx -cmp ebx, ecx -cmovbe esi, ebx -cmp esi, edx -cmova esi, edx -cmp ebx, ecx -cmovae ecx, ebx -cmp ecx, edx -cmovae edx, ecx -cmp edx, eax -cmovb edx, eax -cmp esi, eax -cmovbe eax, esi -cmp dword [ebp - 0xb4], eax -jbe short loc_fffaa055 ; jbe 0xfffaa055 -mov cl, byte [ebp - 0x94] -mov eax, 1 -mov edi, dword [ebp - 0xac] -shl eax, cl -or byte [edi], al - -loc_fffaa055: ; not directly referenced -cmp dword [ebp - 0xb8], edx -jae short loc_fffaa072 ; jae 0xfffaa072 -mov cl, byte [ebp - 0x94] -mov eax, 1 -mov edi, dword [ebp - 0xac] -shl eax, cl -or byte [edi], al - -loc_fffaa072: ; not directly referenced -inc dword [ebp - 0x94] -cmp dword [ebp - 0x94], 8 -je loc_fffaa126 ; je 0xfffaa126 - -loc_fffaa085: ; not directly referenced +shl edx, cl +test byte [eax + 0x381b], dl +je short loc_fffac754 ; je 0xfffac754 +mov al, byte [ebp - 0x24] +cmp dword [ebp + 8], 0 +setne cl +xor eax, 1 +test cl, al +je short loc_fffac727 ; je 0xfffac727 push eax -xor edi, edi +push dword [ebp - 0x28] +push dword [ebp + 0xc] +mov dword [ebp - 0x34], edx +push edx +push edx push 0 -push 4 -lea eax, [ebp - 0x28] -push eax -mov eax, dword [ebp - 0xa0] -call dword [eax + 0x64] ; ucall -mov eax, dword [ebp - 0xa4] -add esp, 0x10 -mov dword [ebp - 0x9c], eax -mov eax, dword [ebp - 0x94] -and eax, 7 -mov dword [ebp - 0xb0], eax -shl dword [ebp - 0xb0], 0x1a -jmp near loc_fffa9ef8 ; jmp 0xfffa9ef8 - -loc_fffaa0c3: ; not directly referenced -xor ebx, ebx - -loc_fffaa0c5: ; not directly referenced -cmp byte [ebp - 0x95], bl -jbe loc_fffa9f12 ; jbe 0xfffa9f12 -mov eax, dword [ebp - 0x9c] -mov ecx, ebx -mov edx, edi -mov esi, dword [eax + ebx*4 + 0x28] -inc ebx -mov eax, dword [ebp - 0x8c] -and esi, 0xe3ffffff -call fcn_fffa720e ; call 0xfffa720e -or esi, dword [ebp - 0xb0] -mov ecx, esi -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaa0c5 ; jmp 0xfffaa0c5 - -loc_fffaa108: ; not directly referenced -shr eax, 0xf -and eax, 0x3ff -add eax, dword [edi] -cmp byte [ebp - 0x9c], 1 -jne loc_fffaa215 ; jne 0xfffaa215 -shr eax, 1 -jmp near loc_fffaa215 ; jmp 0xfffaa215 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +mov edx, dword [ebp - 0x34] +jmp short loc_fffac732 ; jmp 0xfffac732 -loc_fffaa126: ; not directly referenced -inc byte [ebp - 0xa8] -inc dword [ebp - 0xac] -and byte [ebp - 0xa8], 7 -jne loc_fffa9e5e ; jne 0xfffa9e5e -mov esi, dword [ebp - 0xa4] -xor edi, edi +loc_fffac727: ; not directly referenced +cmp dword [ebp + 8], 0 +jne short loc_fffac732 ; jne 0xfffac732 +test byte [ebp - 0x20], dl +je short loc_fffac754 ; je 0xfffac754 -loc_fffaa147: ; not directly referenced -imul eax, edi, 0x13c3 -mov ecx, dword [ebp - 0x8c] -xor ebx, ebx -cmp dword [ecx + eax + 0x3756], 2 -jne short loc_fffaa1cc ; jne 0xfffaa1cc +loc_fffac732: ; not directly referenced +mov eax, dword [ebp - 0x1c] +push ecx +push dword [ebp - 0x28] +movzx ecx, byte [eax + edi + 0x245] +add ecx, dword [ebp + 0xc] +push ecx +push 1 +push edx +push 4 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffaa15f: ; not directly referenced -cmp byte [ebp - 0x95], bl -jbe short loc_fffaa1ad ; jbe 0xfffaa1ad -mov eax, dword [ebp - 0x8c] -mov ecx, ebx -mov edx, edi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [esi + ebx*4 + 4] -mov edx, eax -mov dword [ebp - 0x90], eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x90] -and byte [esi + ebx*4 + 0x28], 0xdf -mov ecx, dword [esi + ebx*4 + 0x28] -inc ebx -mov eax, dword [ebp - 0x8c] -add edx, 4 -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaa15f ; jmp 0xfffaa15f +loc_fffac754: ; not directly referenced +inc edi +cmp edi, 4 +jne short loc_fffac6e5 ; jne 0xfffac6e5 +movzx edi, byte [ebp - 0x2c] +mov ecx, dword [ebp - 0x1c] +push edx +mov edx, dword [ebp + 0xc] +movzx eax, byte [ebp - 0x20] +push edi +add edx, dword [ecx + 0x111] +mov dword [ebp - 0x20], eax +push edx +push 1 +push eax +push 2 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +cmp byte [ebp - 0x24], 0 +je loc_fffac83c ; je 0xfffac83c +imul edx, ebx, 0x54a +xor eax, eax +lea ecx, [edx + 0xf0] +mov dword [ebp - 0x24], ecx -loc_fffaa1ad: ; not directly referenced -mov ebx, dword [ebp - 0x8c] -mov ecx, 0xff -mov edx, edi -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [esi] -mov edx, eax -mov eax, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffac79e: ; not directly referenced +cmp al, 1 +setbe cl +cmp dword [ebp + 8], 0 +setne dl +test cl, dl +je short loc_fffac7eb ; je 0xfffac7eb +mov ecx, dword [ebp - 0x24] +movzx edx, al +lea edx, [esi + edx + 0x186e] +cmp byte [edx + ecx + 0x54b], 0 +je short loc_fffac7e8 ; je 0xfffac7e8 +push ecx +mov edx, 1 +push edi +mov cl, al +push dword [ebp + 0xc] +shl edx, cl +mov dword [ebp - 0x28], eax +push edx +push 0 +push 0 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x28] +add esp, 0x20 -loc_fffaa1cc: ; not directly referenced -inc edi -add esi, 0xcc -cmp edi, 2 -jne loc_fffaa147 ; jne 0xfffaa147 -mov esi, dword [ebp - 0xbc] -lea ebx, [ebp - 0x38] +loc_fffac7e8: ; not directly referenced +inc eax +jmp short loc_fffac79e ; jmp 0xfffac79e -loc_fffaa1e5: ; not directly referenced -mov edi, dword [ebp - 0x8c] -add ebx, 4 -add esi, 3 -movzx ecx, byte [esi - 3] -movzx edx, byte [esi - 4] -mov eax, edi -call fcn_fffa75da ; call 0xfffa75da -mov ecx, dword [ebx - 4] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -lea eax, [ebp - 0x28] -cmp ebx, eax -jne short loc_fffaa1e5 ; jne 0xfffaa1e5 -jmp short loc_fffaa21c ; jmp 0xfffaa21c +loc_fffac7eb: ; not directly referenced +mov eax, dword [ebp - 0x1c] +push edx +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x109] +push edx +push 1 +push dword [ebp - 0x20] +push 3 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x1c] +add esp, 0x1c +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x115] +push edx +push 2 +push dword [ebp - 0x20] +push 2 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x1c] +add esp, 0x1c +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x11d] +push edx +push 2 +jmp short loc_fffac84d ; jmp 0xfffac84d -loc_fffaa215: ; not directly referenced -mov dword [edi], eax -jmp near loc_fffa9fc6 ; jmp 0xfffa9fc6 +loc_fffac83c: ; not directly referenced +push eax +mov eax, dword [ebp - 0x1c] +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x119] +push edx +push 1 -loc_fffaa21c: ; not directly referenced +loc_fffac84d: ; not directly referenced +push dword [ebp - 0x20] +push 1 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 lea esp, [ebp - 0xc] -xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffaa226: ; not directly referenced +fcn_fffac864: ; not directly referenced push ebp mov ebp, esp push edi @@ -13188,31 +16491,31 @@ sub esp, 0x1c mov eax, dword [eax + 0x188b] mov dword [ebp - 0x20], edx cmp eax, 1 -je short loc_fffaa252 ; je 0xfffaa252 +je short loc_fffac890 ; je 0xfffac890 sbb ebx, ebx mov esi, 0 mov byte [ebp - 0x1a], 1 and ebx, 0x364c -jmp short loc_fffaa260 ; jmp 0xfffaa260 +jmp short loc_fffac89e ; jmp 0xfffac89e -loc_fffaa252: ; not directly referenced +loc_fffac890: ; not directly referenced mov byte [ebp - 0x1a], 4 mov esi, 4 mov ebx, 0x3650 -loc_fffaa260: ; not directly referenced +loc_fffac89e: ; not directly referenced mov byte [ebp - 0x19], 0 -loc_fffaa264: ; not directly referenced +loc_fffac8a2: ; not directly referenced mov ecx, dword [ebp - 0x20] mov edx, ebx mov eax, edi add ebx, esi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov al, byte [ebp - 0x1a] inc byte [ebp - 0x19] cmp byte [ebp - 0x19], al -jb short loc_fffaa264 ; jb 0xfffaa264 +jb short loc_fffac8a2 ; jb 0xfffac8a2 add esp, 0x1c pop ebx pop esi @@ -13220,7 +16523,7 @@ pop edi pop ebp ret -fcn_fffaa285: ; not directly referenced +fcn_fffac8c3: ; not directly referenced push ebp mov ebp, esp push edi @@ -13230,7 +16533,7 @@ mov esi, eax push ebx sub esp, 0x2c mov eax, dword [ebp + 8] -mov ebx, dword [esi + 0x2443] +mov ebx, dword [esi + 0x2444] shl edi, 0xa mov dword [ebp - 0x20], ecx add edi, 0x4214 @@ -13243,22 +16546,22 @@ call dword [ebx + 0x54] ; ucall add eax, 0x2710 mov dword [ebp - 0x1c], eax -loc_fffaa2c1: ; not directly referenced +loc_fffac8ff: ; not directly referenced mov edx, edi mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f shr eax, 0x18 test al, al -jns short loc_fffaa2e0 ; jns 0xfffaa2e0 +jns short loc_fffac91e ; jns 0xfffac91e call dword [ebx + 0x54] ; ucall cmp dword [ebp - 0x1c], eax -ja short loc_fffaa2c1 ; ja 0xfffaa2c1 +ja short loc_fffac8ff ; ja 0xfffac8ff -loc_fffaa2d9: ; not directly referenced +loc_fffac917: ; not directly referenced mov eax, 0x12 -jmp short loc_fffaa340 ; jmp 0xfffaa340 +jmp short loc_fffac97e ; jmp 0xfffac97e -loc_fffaa2e0: ; not directly referenced +loc_fffac91e: ; not directly referenced mov ecx, dword [ebp - 0x28] mov edx, edi mov eax, dword [ebp - 0x24] @@ -13276,27 +16579,27 @@ shl eax, 0x15 or ecx, eax mov eax, esi or ecx, 0x80100000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 call dword [ebx + 0x54] ; ucall add eax, 0x2710 mov dword [ebp - 0x1c], eax -loc_fffaa324: ; not directly referenced +loc_fffac962: ; not directly referenced mov edx, edi mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f shr eax, 0x18 test al, al -jns short loc_fffaa33e ; jns 0xfffaa33e +jns short loc_fffac97c ; jns 0xfffac97c call dword [ebx + 0x54] ; ucall cmp dword [ebp - 0x1c], eax -ja short loc_fffaa324 ; ja 0xfffaa324 -jmp short loc_fffaa2d9 ; jmp 0xfffaa2d9 +ja short loc_fffac962 ; ja 0xfffac962 +jmp short loc_fffac917 ; jmp 0xfffac917 -loc_fffaa33e: ; not directly referenced +loc_fffac97c: ; not directly referenced xor eax, eax -loc_fffaa340: ; not directly referenced +loc_fffac97e: ; not directly referenced add esp, 0x2c pop ebx pop esi @@ -13304,7 +16607,7 @@ pop edi pop ebp ret -fcn_fffaa348: ; not directly referenced +fcn_fffac986: ; not directly referenced push ebp mov ebp, esp push edi @@ -13313,17 +16616,17 @@ push esi push ebx mov ebx, dword [ebp + 8] cmp ecx, edx -ja short loc_fffaa360 ; ja 0xfffaa360 +ja short loc_fffac99e ; ja 0xfffac99e inc edi inc dword [ebx + 0xc] imul eax, edi, 0xa -jmp short loc_fffaa3c3 ; jmp 0xfffaa3c3 +jmp short loc_fffaca01 ; jmp 0xfffaca01 -loc_fffaa360: ; not directly referenced +loc_fffac99e: ; not directly referenced mov esi, ecx sub esi, edx cmp ecx, 6 -ja short loc_fffaa38e ; ja 0xfffaa38e +ja short loc_fffac9cc ; ja 0xfffac9cc imul edi, eax, 0xa mov eax, 7 sub eax, ecx @@ -13335,47 +16638,47 @@ div esi cmp eax, 0xa cmovbe ecx, eax lea eax, [edi + ecx + 0x14] -jmp short loc_fffaa3c3 ; jmp 0xfffaa3c3 +jmp short loc_fffaca01 ; jmp 0xfffaca01 -loc_fffaa38e: ; not directly referenced +loc_fffac9cc: ; not directly referenced cmp edx, 7 -ja short loc_fffaa3ab ; ja 0xfffaa3ab +ja short loc_fffac9e9 ; ja 0xfffac9e9 inc dword [ebx + 4] test esi, esi -je short loc_fffaa3ad ; je 0xfffaa3ad +je short loc_fffac9eb ; je 0xfffac9eb mov eax, 7 inc edi sub eax, edx xor edx, edx imul eax, eax, 0xa div esi -jmp short loc_fffaa3be ; jmp 0xfffaa3be +jmp short loc_fffac9fc ; jmp 0xfffac9fc -loc_fffaa3ab: ; not directly referenced +loc_fffac9e9: ; not directly referenced inc dword [ebx] -loc_fffaa3ad: ; not directly referenced +loc_fffac9eb: ; not directly referenced cmp esi, edx cmovb esi, edx xor eax, eax test esi, esi -je short loc_fffaa3c3 ; je 0xfffaa3c3 +je short loc_fffaca01 ; je 0xfffaca01 mov al, 0x46 xor edx, edx div esi -loc_fffaa3be: ; not directly referenced +loc_fffac9fc: ; not directly referenced imul edi, edi, 0xa add eax, edi -loc_fffaa3c3: ; not directly referenced +loc_fffaca01: ; not directly referenced pop ebx pop esi pop edi pop ebp ret -fcn_fffaa3c8: ; not directly referenced +fcn_fffaca06: ; not directly referenced push ebp mov ebp, esp push edi @@ -13383,7 +16686,7 @@ push esi push ebx mov ebx, edx sub esp, 0x2c -mov esi, dword [eax + 0x2443] +mov esi, dword [eax + 0x2444] mov byte [ebp - 0x1b], cl mov cl, byte [ebp + 8] shl ebx, 0xa @@ -13392,12 +16695,12 @@ mov dword [ebp - 0x20], eax mov dword [ebp - 0x28], esi mov byte [ebp - 0x1c], cl xor ecx, ecx -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b lea eax, [ebx + 0x41c0] mov byte [ebp - 0x19], 0 mov dword [ebp - 0x34], eax -loc_fffaa405: ; not directly referenced +loc_fffaca43: ; not directly referenced mov cl, byte [ebp - 0x19] xor esi, esi xor edi, edi @@ -13411,40 +16714,40 @@ shr al, 1 and eax, 1 mov dword [ebp - 0x30], eax -loc_fffaa427: ; not directly referenced +loc_fffaca65: ; not directly referenced movzx eax, cl div byte [ebp - 0x1b] movzx edx, ah lea eax, [ecx + 0x15] cmp cl, 0x12 -ja short loc_fffaa441 ; ja 0xfffaa441 +ja short loc_fffaca7f ; ja 0xfffaca7f lea eax, [ecx + 8] cmp cl, 0x10 cmovb eax, ecx -loc_fffaa441: ; not directly referenced +loc_fffaca7f: ; not directly referenced cmp dl, byte [ebp - 0x1c] movzx eax, al mov edx, dword [ebp - 0x28] mov dword [ebp - 0x38], ecx mov edx, dword [edx + 0x68] mov dword [ebp - 0x24], edx -jne short loc_fffaa461 ; jne 0xfffaa461 +jne short loc_fffaca9f ; jne 0xfffaca9f push ecx xor edx, edx push eax movzx eax, byte [ebp - 0x1a] push edx push eax -jmp short loc_fffaa469 ; jmp 0xfffaa469 +jmp short loc_fffacaa7 ; jmp 0xfffacaa7 -loc_fffaa461: ; not directly referenced +loc_fffaca9f: ; not directly referenced push edx push eax push dword [ebp - 0x2c] push dword [ebp - 0x30] -loc_fffaa469: ; not directly referenced +loc_fffacaa7: ; not directly referenced mov eax, dword [ebp - 0x24] call eax mov ecx, dword [ebp - 0x38] @@ -13455,35 +16758,35 @@ or edx, edi mov esi, eax mov edi, edx cmp cl, 0x16 -jne short loc_fffaa427 ; jne 0xfffaa427 +jne short loc_fffaca65 ; jne 0xfffaca65 push eax push eax mov eax, dword [ebp - 0x20] push edx mov edx, dword [ebp - 0x34] push esi -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 inc byte [ebp - 0x19] cmp byte [ebp - 0x19], 8 -jne loc_fffaa405 ; jne 0xfffaa405 +jne loc_fffaca43 ; jne 0xfffaca43 mov edi, dword [ebp - 0x20] lea edx, [ebx + 0x41a0] mov ecx, 0x222 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea edx, [ebx + 0x41b0] mov eax, edi mov ecx, 0x6010102 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea edx, [ebx + 0x41a4] mov eax, edi mov ecx, 0xea1 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea edx, [ebx + 0x41a8] mov eax, edi mov ecx, 0xbeef -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea esp, [ebp - 0xc] mov eax, edi lea edx, [ebx + 0x41ac] @@ -13492,9 +16795,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -fcn_fffaa505: ; not directly referenced +fcn_fffacb43: ; not directly referenced push ebp mov ebp, esp push edi @@ -13503,7 +16806,7 @@ push esi mov esi, eax push ebx sub esp, 0x1c -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] mov dword [ebp - 0x20], ecx shl edi, 0xa add edi, 0x4214 @@ -13511,23 +16814,23 @@ call dword [ebx + 0x54] ; ucall add eax, 0x2710 mov dword [ebp - 0x1c], eax -loc_fffaa52f: ; not directly referenced +loc_fffacb6d: ; not directly referenced mov edx, edi mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, eax shr eax, 0x18 test al, al -jns short loc_fffaa550 ; jns 0xfffaa550 +jns short loc_fffacb8e ; jns 0xfffacb8e call dword [ebx + 0x54] ; ucall cmp dword [ebp - 0x1c], eax -ja short loc_fffaa52f ; ja 0xfffaa52f +ja short loc_fffacb6d ; ja 0xfffacb6d -loc_fffaa549: ; not directly referenced +loc_fffacb87: ; not directly referenced mov eax, 0x12 -jmp short loc_fffaa5ae ; jmp 0xfffaa5ae +jmp short loc_fffacbec ; jmp 0xfffacbec -loc_fffaa550: ; not directly referenced +loc_fffacb8e: ; not directly referenced mov cl, byte [ebp + 8] mov ch, byte [ebp + 0xc] mov edx, dword [ebp + 0x10] @@ -13543,27 +16846,27 @@ or ecx, eax mov edx, edi or ecx, 0x80000000 mov eax, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 call dword [ebx + 0x54] ; ucall add eax, 0x2710 mov dword [ebp - 0x1c], eax -loc_fffaa592: ; not directly referenced +loc_fffacbd0: ; not directly referenced mov edx, edi mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f shr eax, 0x18 test al, al -jns short loc_fffaa5ac ; jns 0xfffaa5ac +jns short loc_fffacbea ; jns 0xfffacbea call dword [ebx + 0x54] ; ucall cmp dword [ebp - 0x1c], eax -ja short loc_fffaa592 ; ja 0xfffaa592 -jmp short loc_fffaa549 ; jmp 0xfffaa549 +ja short loc_fffacbd0 ; ja 0xfffacbd0 +jmp short loc_fffacb87 ; jmp 0xfffacb87 -loc_fffaa5ac: ; not directly referenced +loc_fffacbea: ; not directly referenced xor eax, eax -loc_fffaa5ae: ; not directly referenced +loc_fffacbec: ; not directly referenced add esp, 0x1c pop ebx pop esi @@ -13571,7 +16874,64 @@ pop edi pop ebp ret -fcn_fffaa5b6: ; not directly referenced +fcn_fffacbf4: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x1c +mov edi, dword [ebp + 8] +cmp dword [edi + 0x2481], 3 +jne short loc_fffacc80 ; jne 0xfffacc80 +cmp byte [edi + 0x240a], 0 +je short loc_fffacc80 ; je 0xfffacc80 +movzx eax, byte [edi + 0x240b] +test al, al +je short loc_fffacc80 ; je 0xfffacc80 +mov edx, 3 +cmp ax, 3 +cmova eax, edx +mov word [ebp - 0x1e], ax +lea ebx, [edi + 0x49d0] +mov dword [ebp - 0x1c], 0 + +loc_fffacc3a: ; not directly referenced +cmp dword [ebx - 0x1279], 2 +jne short loc_fffacc71 ; jne 0xfffacc71 +test byte [ebx - 0x11b5], 1 +je short loc_fffacc71 ; je 0xfffacc71 +mov si, word [ebx] +xor ecx, ecx +push eax +mov edx, dword [ebp - 0x1c] +push 0 +and esi, 0xfffffffc +or si, word [ebp - 0x1e] +movzx eax, si +push eax +mov eax, edi +push 0xb +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +mov word [ebx], si + +loc_fffacc71: ; not directly referenced +inc dword [ebp - 0x1c] +add ebx, 0x13c3 +cmp dword [ebp - 0x1c], 2 +jne short loc_fffacc3a ; jne 0xfffacc3a + +loc_fffacc80: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffacc8a: ; not directly referenced push ebp mov ebp, esp push edi @@ -13581,7 +16941,7 @@ mov ebx, ecx sub esp, 0x4c mov edi, dword [ebp + 8] mov esi, dword [ebp + 0x18] -mov ecx, dword [eax + 0x2443] +mov ecx, dword [eax + 0x2444] mov dword [ebp - 0x1c], eax mov eax, dword [eax + 0x1887] mov dword [ebp - 0x44], edi @@ -13597,20 +16957,20 @@ mov edi, dword [ebp + 0x14] mov dword [ebp - 0x40], edi mov edi, dword [ebp + 0x20] cmp eax, 0x306d0 -je short loc_fffaa618 ; je 0xfffaa618 +je short loc_fffaccec ; je 0xfffaccec cmp eax, 0x40670 -je short loc_fffaa618 ; je 0xfffaa618 +je short loc_fffaccec ; je 0xfffaccec mov dword [ebp - 0x2c], 0x7f8 mov dword [ebp - 0x38], 0xff -jmp short loc_fffaa626 ; jmp 0xfffaa626 +jmp short loc_fffaccfa ; jmp 0xfffaccfa -loc_fffaa618: ; not directly referenced +loc_fffaccec: ; not directly referenced mov dword [ebp - 0x2c], 0xff8 mov dword [ebp - 0x38], 0x1ff -loc_fffaa626: ; not directly referenced +loc_fffaccfa: ; not directly referenced test ebx, ebx -je short loc_fffaa69e ; je 0xfffaa69e +je short loc_fffacd72 ; je 0xfffacd72 mov dword [ebp - 0x4c], esi push esi push 0x20 @@ -13652,14 +17012,14 @@ mov eax, dword [ebp - 0x28] push esi lea edx, [eax*8 + 0x48d8] mov eax, dword [ebp - 0x1c] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 mov esi, dword [ebp - 0x4c] add esp, 0x10 -loc_fffaa69e: ; not directly referenced +loc_fffacd72: ; not directly referenced mov eax, dword [ebp - 0x44] test eax, eax -je short loc_fffaa715 ; je 0xfffaa715 +je short loc_fffacde9 ; je 0xfffacde9 push edx mov ebx, dword [ebp - 0x24] push 0x20 @@ -13701,26 +17061,26 @@ mov eax, dword [ebp - 0x28] push esi lea edx, [eax*8 + 0x48e8] mov eax, dword [ebp - 0x1c] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 mov esi, dword [ebp - 0x44] add esp, 0x10 -loc_fffaa715: ; not directly referenced +loc_fffacde9: ; not directly referenced cmp dword [ebp - 0x30], 0 setne bl cmp dword [ebp - 0x34], 0 setne al mov byte [ebp - 0x2c], al or al, bl -jne short loc_fffaa73c ; jne 0xfffaa73c +jne short loc_ffface10 ; jne 0xffface10 test esi, esi setne dl test edi, edi setne al or dl, al -je loc_fffaa876 ; je 0xfffaa876 +je loc_fffacf4a ; je 0xfffacf4a -loc_fffaa73c: ; not directly referenced +loc_ffface10: ; not directly referenced mov ecx, dword [ebp - 0x28] xor eax, eax cmp dword [ebp - 0x30], 0 @@ -13730,15 +17090,15 @@ sete cl cmp dword [ebp - 0x34], 0 sete dl or cl, dl -jne short loc_fffaa7a1 ; jne 0xfffaa7a1 +jne short loc_ffface75 ; jne 0xffface75 test esi, esi sete cl test edi, edi sete dl or cl, dl -jne short loc_fffaa7a1 ; jne 0xfffaa7a1 +jne short loc_ffface75 ; jne 0xffface75 -loc_fffaa76b: ; not directly referenced +loc_ffface3f: ; not directly referenced mov ebx, dword [ebp - 0x30] and eax, 0xfffffff0 movzx edx, byte [ebx + 3] @@ -13757,18 +17117,18 @@ and ecx, 3 or eax, edx shl ecx, 6 or eax, ecx -jmp short loc_fffaa7b0 ; jmp 0xfffaa7b0 +jmp short loc_ffface84 ; jmp 0xffface84 -loc_fffaa7a1: ; not directly referenced +loc_ffface75: ; not directly referenced mov edx, dword [ebp - 0x24] mov eax, dword [ebp - 0x1c] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f test bl, bl -jne short loc_fffaa76b ; jne 0xfffaa76b +jne short loc_ffface3f ; jne 0xffface3f -loc_fffaa7b0: ; not directly referenced +loc_ffface84: ; not directly referenced cmp byte [ebp - 0x2c], 0 -je short loc_fffaa7f2 ; je 0xfffaa7f2 +je short loc_fffacec6 ; je 0xfffacec6 mov ebx, dword [ebp - 0x34] and eax, 0xfcffffff movzx ecx, byte [ebx + 3] @@ -13789,9 +17149,9 @@ shl ecx, 0x1b or eax, edx or eax, ecx -loc_fffaa7f2: ; not directly referenced +loc_fffacec6: ; not directly referenced test esi, esi -je short loc_fffaa82c ; je 0xfffaa82c +je short loc_fffacf00 ; je 0xfffacf00 movzx ecx, byte [esi + 3] and eax, 0xcfffffff movzx edx, byte [esi + 2] @@ -13810,9 +17170,9 @@ shl edx, 0x1e or eax, edx or eax, ecx -loc_fffaa82c: ; not directly referenced +loc_fffacf00: ; not directly referenced test edi, edi -je short loc_fffaa869 ; je 0xfffaa869 +je short loc_fffacf3d ; je 0xfffacf3d movzx ecx, byte [edi + 3] and eax, 0xffcf1fff movzx edx, byte [edi + 2] @@ -13832,13 +17192,13 @@ shl ecx, 0x17 or eax, edx or eax, ecx -loc_fffaa869: ; not directly referenced +loc_fffacf3d: ; not directly referenced mov ecx, eax mov edx, dword [ebp - 0x24] mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaa876: ; not directly referenced +loc_fffacf4a: ; not directly referenced mov edx, dword [ebp - 0x40] cmp dword [ebp - 0x20], 0 setne cl @@ -13846,7 +17206,7 @@ test edx, edx setne al mov byte [ebp - 0x24], al or al, cl -je loc_fffaa9e5 ; je 0xfffaa9e5 +je loc_fffad0b9 ; je 0xfffad0b9 mov eax, dword [ebp - 0x28] xor esi, esi xor ebx, ebx @@ -13856,34 +17216,34 @@ sete al test edx, edx sete dl or al, dl -jne short loc_fffaa8c3 ; jne 0xfffaa8c3 +jne short loc_fffacf97 ; jne 0xfffacf97 -loc_fffaa8ae: ; not directly referenced +loc_fffacf82: ; not directly referenced mov eax, dword [ebp - 0x20] mov eax, dword [eax] cmp eax, 0x1f -jbe short loc_fffaa8e1 ; jbe 0xfffaa8e1 +jbe short loc_fffacfb5 ; jbe 0xfffacfb5 dec eax -call fcn_fffaec34 ; call 0xfffaec34 +call fcn_fffb396b ; call 0xfffb396b movzx eax, al -jmp short loc_fffaa8e4 ; jmp 0xfffaa8e4 +jmp short loc_fffacfb8 ; jmp 0xfffacfb8 -loc_fffaa8c3: ; not directly referenced +loc_fffacf97: ; not directly referenced mov eax, dword [ebp - 0x1c] mov edx, edi mov dword [ebp - 0x28], ecx -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d mov ecx, dword [ebp - 0x28] mov esi, eax mov ebx, edx test cl, cl -je loc_fffaa990 ; je 0xfffaa990 -jmp short loc_fffaa8ae ; jmp 0xfffaa8ae +je loc_fffad064 ; je 0xfffad064 +jmp short loc_fffacf82 ; jmp 0xfffacf82 -loc_fffaa8e1: ; not directly referenced +loc_fffacfb5: ; not directly referenced sub eax, 0xffffff80 -loc_fffaa8e4: ; not directly referenced +loc_fffacfb8: ; not directly referenced mov edx, eax and ebx, 0x60ffffff and edx, 0x1f @@ -13896,12 +17256,12 @@ mov eax, dword [ebp - 0x20] mov edx, dword [eax + 4] lea eax, [edx + 0x80] cmp edx, 0x1f -jbe short loc_fffaa918 ; jbe 0xfffaa918 +jbe short loc_fffacfec ; jbe 0xfffacfec lea eax, [edx - 1] -call fcn_fffaec34 ; call 0xfffaec34 +call fcn_fffb396b ; call 0xfffb396b movzx eax, al -loc_fffaa918: ; not directly referenced +loc_fffacfec: ; not directly referenced mov edx, eax and ebx, 0xfff60fff and edx, 0x1f @@ -13914,12 +17274,12 @@ mov eax, dword [ebp - 0x20] mov edx, dword [eax + 8] lea eax, [edx + 0x20] cmp edx, 0xf -jbe short loc_fffaa94b ; jbe 0xfffaa94b +jbe short loc_fffad01f ; jbe 0xfffad01f lea eax, [edx - 1] -call fcn_fffaec34 ; call 0xfffaec34 +call fcn_fffb396b ; call 0xfffb396b movzx eax, al -loc_fffaa94b: ; not directly referenced +loc_fffad01f: ; not directly referenced mov edx, eax and ebx, 0xffffffd0 and edx, 0xf @@ -13930,12 +17290,12 @@ mov eax, dword [ebp - 0x20] mov edx, dword [eax + 0xc] lea eax, [edx + 0x80] cmp edx, 0x1f -jbe short loc_fffaa976 ; jbe 0xfffaa976 +jbe short loc_fffad04a ; jbe 0xfffad04a lea eax, [edx - 1] -call fcn_fffaec34 ; call 0xfffaec34 +call fcn_fffb396b ; call 0xfffb396b movzx eax, al -loc_fffaa976: ; not directly referenced +loc_fffad04a: ; not directly referenced mov edx, eax and esi, 0xfff60fff and edx, 0x1f @@ -13945,9 +17305,9 @@ or esi, edx and eax, 0x80000 or esi, eax -loc_fffaa990: ; not directly referenced +loc_fffad064: ; not directly referenced cmp byte [ebp - 0x24], 0 -je short loc_fffaa9ce ; je 0xfffaa9ce +je short loc_fffad0a2 ; je 0xfffad0a2 mov ecx, dword [ebp - 0x40] and ebx, 0xff8ffc3f and esi, 0xff807 @@ -13966,7 +17326,7 @@ shl eax, 0x14 or esi, eax or esi, edx -loc_fffaa9ce: ; not directly referenced +loc_fffad0a2: ; not directly referenced mov dword [ebp + 8], esi mov eax, dword [ebp - 0x1c] mov edx, edi @@ -13976,9 +17336,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_fffae7cf ; jmp 0xfffae7cf +jmp near fcn_fffb3506 ; jmp 0xfffb3506 -loc_fffaa9e5: ; not directly referenced +loc_fffad0b9: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -13986,7 +17346,7 @@ pop edi pop ebp ret -fcn_fffaa9ed: ; not directly referenced +fcn_fffad0c1: ; not directly referenced push ebp mov ebp, esp push edi @@ -14005,7 +17365,7 @@ mov dword [ebp - 0x3c], eax mov eax, dword [ebp + 0xc] mov dword [ebp - 0x1c], 0 cmp dword [eax], 1 -jne loc_fffaab38 ; jne 0xfffaab38 +jne loc_fffad20c ; jne 0xfffad20c mov dword [edx + 0x1c], 3 xor esi, esi mov word [edx + 0x2a], 0x20 @@ -14014,11 +17374,11 @@ mov word [edx + 0xe], 0x18 mov word [edx + 2], 1 mov word [edx + 0xa], 1 -loc_fffaaa54: ; not directly referenced +loc_fffad128: ; not directly referenced imul eax, esi, 0x13c3 mov ecx, dword [ebp - 0x2c] -cmp dword [ecx + eax + 0x3756], 2 -jne loc_fffaab25 ; jne 0xfffaab25 +cmp dword [ecx + eax + 0x3757], 2 +jne loc_fffad1f9 ; jne 0xfffad1f9 lea eax, [ebp - 0x1c] mov ecx, ebx push edx @@ -14036,7 +17396,7 @@ lea eax, [ebx + 0x10] push eax mov eax, dword [ebp - 0x2c] push 0 -call fcn_fffaa5b6 ; call 0xfffaa5b6 +call fcn_fffacc8a ; call 0xfffacc8a xor edx, edx mov eax, 0x1800 mov dword [ebp - 0x38], eax @@ -14055,55 +17415,55 @@ mov dword [ebp - 0x38], eax lea eax, [edx + 0x20] cmove edx, eax mov eax, dword [ebp - 0x2c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x2c] lea edx, [esi*8 + 0x48a8] push ecx push ecx push dword [ebp - 0x34] push dword [ebp - 0x38] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 mov eax, esi mov ecx, 0x20 shl eax, 0xa lea edx, [eax + 0x4200] mov dword [ebp - 0x38], eax mov eax, dword [ebp - 0x2c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x38] mov eax, dword [ebp - 0x2c] lea edx, [ecx + 0x4040] mov ecx, 0x8092 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -loc_fffaab25: ; not directly referenced +loc_fffad1f9: ; not directly referenced inc esi cmp esi, 2 -jne loc_fffaaa54 ; jne 0xfffaaa54 +jne loc_fffad128 ; jne 0xfffad128 mov eax, dword [ebp + 0xc] mov dword [eax], 0 -loc_fffaab38: ; not directly referenced +loc_fffad20c: ; not directly referenced mov esi, dword [ebp - 0x2c] -movzx eax, byte [esi + 0x248d] +movzx eax, byte [esi + 0x248e] bt eax, edi -jae loc_fffaac3b ; jae 0xfffaac3b +jae loc_fffad30f ; jae 0xfffad30f mov eax, edi shr eax, 1 imul eax, eax, 0x128 mov dword [ebp - 0x38], 0 -lea edi, [esi + eax + 0x49ae] +lea edi, [esi + eax + 0x49af] lea eax, [ebx + 0x14] mov dword [ebp - 0x40], eax movzx eax, byte [ebp - 0x2d] mov dword [ebp - 0x44], eax -loc_fffaab70: ; not directly referenced +loc_fffad244: ; not directly referenced imul eax, dword [ebp - 0x38], 0x13c3 mov esi, dword [ebp - 0x2c] -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffaac28 ; jne 0xfffaac28 +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffad2fc ; jne 0xfffad2fc mov ax, word [ebx + 0x2a] xor edx, edx lea ecx, [eax*8] @@ -14130,21 +17490,21 @@ lea eax, [ebx + 8] push 0 push eax mov eax, dword [ebp - 0x2c] -call fcn_fffaa5b6 ; call 0xfffaa5b6 +call fcn_fffacc8a ; call 0xfffacc8a add esp, 0x20 cmp byte [ebp - 0x2d], 0 -je short loc_fffaabe3 ; je 0xfffaabe3 +je short loc_fffad2b7 ; je 0xfffad2b7 mov eax, dword [ebp - 0x44] -jmp short loc_fffaabeb ; jmp 0xfffaabeb +jmp short loc_fffad2bf ; jmp 0xfffad2bf -loc_fffaabe3: ; not directly referenced +loc_fffad2b7: ; not directly referenced mov eax, dword [edi] shr eax, 0xa imul eax, esi -loc_fffaabeb: ; not directly referenced +loc_fffad2bf: ; not directly referenced dec eax -call fcn_fffaec34 ; call 0xfffaec34 +call fcn_fffb396b ; call 0xfffb396b imul esi, dword [ebp - 0x38], 0x28 lea edx, [esi + 0x4808] and eax, 0x7f @@ -14152,20 +17512,20 @@ mov dword [ebp - 0x3c], eax mov ecx, eax mov eax, dword [ebp - 0x2c] or ecx, 0x400000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x3c] lea edx, [esi + 0x480c] mov eax, dword [ebp - 0x2c] or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaac28: ; not directly referenced +loc_fffad2fc: ; not directly referenced inc dword [ebp - 0x38] add edi, 0x13c3 cmp dword [ebp - 0x38], 2 -jne loc_fffaab70 ; jne 0xfffaab70 +jne loc_fffad244 ; jne 0xfffad244 -loc_fffaac3b: ; not directly referenced +loc_fffad30f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -14173,7 +17533,7 @@ pop edi pop ebp ret -fcn_fffaac43: ; not directly referenced +fcn_fffad317: ; not directly referenced push ebp mov ebp, esp push edi @@ -14183,36 +17543,36 @@ push ebx mov ebx, eax imul eax, esi, 0x13c3 sub esp, 0x1c -and cl, byte [ebx + eax + 0x381a] +and cl, byte [ebx + eax + 0x381b] mov edi, ecx and edi, 0xf -jne short loc_fffaac95 ; jne 0xfffaac95 +jne short loc_fffad369 ; jne 0xfffad369 xor ecx, ecx mov eax, ebx lea edx, [esi*4 + 0x4930] lea esi, [esi*8 + 0x48a8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, esi mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, esi and ah, 0xf7 mov ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaad12 ; jmp 0xfffaad12 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffad3e6 ; jmp 0xfffad3e6 -loc_fffaac95: ; not directly referenced +loc_fffad369: ; not directly referenced movzx edx, cl xor eax, eax xor edi, edi mov byte [ebp - 0x19], 0 mov dword [ebp - 0x20], edx -loc_fffaaca3: ; not directly referenced +loc_fffad377: ; not directly referenced mov edx, dword [ebp - 0x20] bt edx, eax -jae short loc_fffaacbb ; jae 0xfffaacbb +jae short loc_fffad38f ; jae 0xfffad38f movzx ecx, byte [ebp - 0x19] mov edx, eax inc byte [ebp - 0x19] @@ -14220,14 +17580,14 @@ shl ecx, 2 shl edx, cl or edi, edx -loc_fffaacbb: ; not directly referenced +loc_fffad38f: ; not directly referenced inc eax cmp eax, 4 -jne short loc_fffaaca3 ; jne 0xfffaaca3 +jne short loc_fffad377 ; jne 0xfffad377 mov ecx, edi mov eax, ebx lea edx, [esi*4 + 0x4930] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov cl, byte [ebp - 0x19] lea edi, [esi*8] lea edx, [edi + 0x48ef] @@ -14235,20 +17595,20 @@ mov eax, ebx add edi, 0x48a8 dec ecx movzx ecx, cl -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b mov edx, edi mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, edi mov edi, 1 or ah, 8 mov ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi shl edi, cl -loc_fffaad12: ; not directly referenced +loc_fffad3e6: ; not directly referenced add esp, 0x1c mov eax, edi pop ebx @@ -14257,7 +17617,7 @@ pop edi pop ebp ret -fcn_fffaad1c: ; not directly referenced +fcn_fffad3f0: ; not directly referenced push ebp mov ebp, esp push edi @@ -14268,7 +17628,7 @@ mov ebx, dword [ebp + 8] mov dword [ebp - 0x50], 0 mov byte [ebp - 0x4c], 0 mov byte [ebp - 0x4b], 0 -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] mov byte [ebp - 0x4a], 1 mov byte [ebp - 0x49], 0 mov dword [ebp - 0x48], 0 @@ -14285,13 +17645,13 @@ mov byte [ebp - 0x52], 0 mov byte [ebp - 0x51], 0 call dword [eax + 0x5c] ; ucall add esp, 0x10 -cmp byte [ebx + 0x3748], 1 -je short loc_fffaad8a ; je 0xfffaad8a +cmp byte [ebx + 0x3749], 1 +je short loc_fffad45e ; je 0xfffad45e xor esi, esi cmp byte [ebx + 0x2407], 1 -jne loc_fffaafaa ; jne 0xfffaafaa +jne loc_fffad67e ; jne 0xfffad67e -loc_fffaad8a: ; not directly referenced +loc_fffad45e: ; not directly referenced push esi mov eax, ebx push esi @@ -14302,13 +17662,13 @@ lea ecx, [ebp - 0x51] lea edx, [ebp - 0x52] mov word [ebp - 0x1a], 1 mov word [ebp - 0x1c], 1 -call fcn_fffa81d3 ; call 0xfffa81d3 +call fcn_fffa8181 ; call 0xfffa8181 add esp, 0x10 -loc_fffaadae: ; not directly referenced +loc_fffad482: ; not directly referenced imul eax, esi, 0x13c3 -cmp dword [ebx + eax + 0x3756], 2 -jne loc_fffaae62 ; jne 0xfffaae62 +cmp dword [ebx + eax + 0x3757], 2 +jne loc_fffad536 ; jne 0xfffad536 lea eax, [ebp - 0x48] mov edx, esi push ecx @@ -14326,7 +17686,7 @@ push eax mov eax, ebx push 0 lea ecx, [ebp - 0x44] -call fcn_fffaa5b6 ; call 0xfffaa5b6 +call fcn_fffacc8a ; call 0xfffacc8a xor edx, edx mov eax, 0x1800 mov ecx, edx @@ -14342,7 +17702,7 @@ lea ecx, [esi*8 + 0x48a8] push eax mov edx, ecx mov eax, ebx -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 cmp dword [ebp - 0x5c], 1 lea edx, [esi*4 + 0x4980] @@ -14350,51 +17710,51 @@ lea eax, [edx + 0x20] cmove edx, eax xor ecx, ecx mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 imul edx, esi, 0x28 mov ecx, 0x400000 mov eax, ebx add edx, 0x4808 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, esi mov ecx, 0x20 shl edx, 0xa mov eax, ebx add edx, 0x4200 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaae62: ; not directly referenced +loc_fffad536: ; not directly referenced inc esi cmp esi, 2 -jne loc_fffaadae ; jne 0xfffaadae +jne loc_fffad482 ; jne 0xfffad482 mov dword [ebp - 0x5c], 0 -loc_fffaae73: ; not directly referenced -movzx eax, byte [ebx + 0x248d] +loc_fffad547: ; not directly referenced +movzx eax, byte [ebx + 0x248e] mov edi, dword [ebp - 0x5c] bt eax, edi -jb short loc_fffaae92 ; jb 0xfffaae92 +jb short loc_fffad566 ; jb 0xfffad566 -loc_fffaae82: ; not directly referenced +loc_fffad556: ; not directly referenced inc dword [ebp - 0x5c] cmp dword [ebp - 0x5c], 4 -jne short loc_fffaae73 ; jne 0xfffaae73 +jne short loc_fffad547 ; jne 0xfffad547 xor esi, esi -jmp near loc_fffaaf5e ; jmp 0xfffaaf5e +jmp near loc_fffad632 ; jmp 0xfffad632 -loc_fffaae92: ; not directly referenced +loc_fffad566: ; not directly referenced mov cl, byte [ebp - 0x5c] mov esi, 1 xor edx, edx mov eax, ebx shl esi, cl mov ecx, esi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov edx, 1 mov ecx, esi mov edi, eax mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov dl, byte [ebp - 0x5c] mov dword [ebp - 0x60], 0 shr dl, 1 @@ -14403,20 +17763,20 @@ imul edx, edx, 0x128 or eax, edi movzx eax, al mov dword [ebp - 0x64], eax -lea edi, [ebx + edx + 0x49ae] +lea edi, [ebx + edx + 0x49af] mov dword [ebp - 0x6c], edi -loc_fffaaede: ; not directly referenced +loc_fffad5b2: ; not directly referenced mov eax, dword [ebp - 0x60] xor esi, esi mov edi, dword [ebp - 0x6c] mov word [ebp - 0x42], ax mov word [ebp - 0x3a], ax -loc_fffaaeee: ; not directly referenced +loc_fffad5c2: ; not directly referenced mov eax, dword [ebp - 0x64] bt eax, esi -jae short loc_fffaaf34 ; jae 0xfffaaf34 +jae short loc_fffad608 ; jae 0xfffad608 mov eax, dword [edi] lea ecx, [ebp - 0x44] dec eax @@ -14439,44 +17799,44 @@ push 0 lea eax, [ebp - 0x3c] push eax mov eax, ebx -call fcn_fffaa5b6 ; call 0xfffaa5b6 +call fcn_fffacc8a ; call 0xfffacc8a add esp, 0x20 -loc_fffaaf34: ; not directly referenced +loc_fffad608: ; not directly referenced inc esi add edi, 0x13c3 cmp esi, 2 -jne short loc_fffaaeee ; jne 0xfffaaeee +jne short loc_fffad5c2 ; jne 0xfffad5c2 mov edx, dword [ebp - 0x64] mov eax, ebx -call fcn_fffae670 ; call 0xfffae670 +call fcn_fffb33a7 ; call 0xfffb33a7 mov esi, eax test eax, eax -jne short loc_fffaaf5e ; jne 0xfffaaf5e +jne short loc_fffad632 ; jne 0xfffad632 inc dword [ebp - 0x60] cmp dword [ebp - 0x60], 8 -jne short loc_fffaaede ; jne 0xfffaaede -jmp near loc_fffaae82 ; jmp 0xfffaae82 +jne short loc_fffad5b2 ; jne 0xfffad5b2 +jmp near loc_fffad556 ; jmp 0xfffad556 -loc_fffaaf5e: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaaf78 ; jne 0xfffaaf78 +loc_fffad632: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne short loc_fffad64c ; jne 0xfffad64c mov ecx, 0x3000 mov edx, 0x48a8 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaaf78: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaaf92 ; jne 0xfffaaf92 +loc_fffad64c: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffad666 ; jne 0xfffad666 mov ecx, 0x3000 mov edx, 0x48b0 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaaf92: ; not directly referenced +loc_fffad666: ; not directly referenced test esi, esi -je short loc_fffaafaa ; je 0xfffaafaa +je short loc_fffad67e ; je 0xfffad67e push eax push eax mov eax, dword [ebp - 0x68] @@ -14485,102 +17845,3645 @@ push ebx call dword [eax + 0x94] ; ucall add esp, 0x10 -loc_fffaafaa: ; not directly referenced +loc_fffad67e: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, esi +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffad688: ; not directly referenced +push ebp +movzx edx, dl +mov ebp, esp +push ebx +push ebx +cmp dword [eax + 0x2481], 2 +push 0 +push dword [ebp + 8] +sete bl +shl ebx, 3 +movzx ebx, bl +push ecx +mov ecx, 0xf +push ebx +call fcn_fffa947f ; call 0xfffa947f +mov ebx, dword [ebp - 4] +leave +ret + +fcn_fffad6b6: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +xor eax, eax +push ebx +lea esi, [edi + 0x374f] +sub esp, 0x3c +mov byte [ebp - 0x29], 0 +mov dword [ebp - 0x3c], esi + +loc_fffad6d0: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x29], 1 +setbe dl +test cl, dl +je loc_fffad819 ; je 0xfffad819 +movzx eax, byte [ebp - 0x29] +imul edx, eax, 0x13c3 +mov dword [ebp - 0x30], eax +lea eax, [edi + edx] +cmp dword [eax + 0x3757], 2 +jne loc_fffad80a ; jne 0xfffad80a +mov ebx, dword [ebp - 0x3c] +xor ecx, ecx +mov dword [ebp - 0x38], eax +lea esi, [ebx + edx + 8] +mov dword [ebp - 0x34], esi +mov esi, 1 + +loc_fffad715: ; not directly referenced +mov edx, dword [ebp - 0x38] +mov eax, 1 +mov bl, cl +shl eax, cl +test byte [edx + 0x381b], al +je loc_fffad7e6 ; je 0xfffad7e6 +cmp byte [edi + 0x247c], 0 +je short loc_fffad753 ; je 0xfffad753 +mov al, cl +mov esi, dword [ebp - 0x34] +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +mov si, word [esi + eax + 0x126d] +jmp near loc_fffad7dc ; jmp 0xfffad7dc + +loc_fffad753: ; not directly referenced +mov edx, dword [ebp - 0x30] +mov eax, edi +mov dword [ebp - 0x40], ecx +call fcn_fffa6bf0 ; call 0xfffa6bf0 +test eax, eax +je loc_fffad814 ; je 0xfffad814 +mov dl, byte [eax + 1] +xor eax, eax +mov ecx, dword [ebp - 0x40] +test dl, dl +je short loc_fffad7b4 ; je 0xfffad7b4 +cmp dl, 0x3c +je short loc_fffad79e ; je 0xfffad79e +cmp dl, 0x78 +je short loc_fffad7a2 ; je 0xfffad7a2 +cmp dl, 0x28 +je short loc_fffad7a6 ; je 0xfffad7a6 +cmp dl, 0xf0 +je short loc_fffad7aa ; je 0xfffad7aa +cmp dl, 0x30 +je short loc_fffad7ae ; je 0xfffad7ae +cmp dl, 0x50 +je short loc_fffad7b2 ; je 0xfffad7b2 +cmp dl, 0x22 +mov al, 7 +mov dl, 0 +cmovne eax, edx +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 + +loc_fffad79e: ; not directly referenced +mov al, 1 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 + +loc_fffad7a2: ; not directly referenced +mov al, 2 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 + +loc_fffad7a6: ; not directly referenced +mov al, 3 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 + +loc_fffad7aa: ; not directly referenced +mov al, 4 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 + +loc_fffad7ae: ; not directly referenced +mov al, 5 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 + +loc_fffad7b2: ; not directly referenced +mov al, 6 + +loc_fffad7b4: ; not directly referenced +shl eax, 8 +and si, 0xf8ff +or esi, eax +mov al, bl +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +add eax, dword [ebp - 0x34] +mov word [eax + 0x126d], si +mov word [eax + 0x1285], si + +loc_fffad7dc: ; not directly referenced +shr bl, 1 +movzx ebx, bl +mov word [ebp + ebx*2 - 0x1c], si + +loc_fffad7e6: ; not directly referenced +add ecx, 2 +cmp ecx, 4 +jne loc_fffad715 ; jne 0xfffad715 +mov edx, dword [ebp - 0x30] +sub esp, 0xc +mov cl, 1 +lea eax, [ebp - 0x1c] +push eax +mov eax, edi +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +jmp short loc_fffad80c ; jmp 0xfffad80c + +loc_fffad80a: ; not directly referenced +xor eax, eax + +loc_fffad80c: ; not directly referenced +inc byte [ebp - 0x29] +jmp near loc_fffad6d0 ; jmp 0xfffad6d0 + +loc_fffad814: ; not directly referenced +mov eax, 1 + +loc_fffad819: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffad821: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +sub esp, 0x3c +test dl, dl +setne bl +xor eax, eax +imul edi, dword [esi + 0x18a7], 0x2e +and ebx, 1 +lea edx, [esi + 0x374f] +shl ebx, 8 +mov byte [ebp - 0x2d], 0 +mov dword [ebp - 0x3c], edx +mov dword [ebp - 0x40], edi + +loc_fffad850: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x2d], 1 +setbe dl +test cl, dl +je loc_fffada27 ; je 0xfffada27 +movzx eax, byte [ebp - 0x2d] +mov dword [ebp - 0x34], eax +imul eax, eax, 0x13c3 +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffada11 ; jne 0xfffada11 +mov edx, dword [ebp - 0x3c] +lea eax, [edx + eax + 8] +mov dword [ebp - 0x2c], eax +add eax, dword [ebp - 0x40] +mov cx, word [eax + 0x2a] +add eax, 0x20 +movzx edi, word [eax - 0x16] +mov ax, word [eax + 8] +cmp cx, 0xc +setne dl +cmp cx, 0xa +mov word [ebp - 0x38], ax +setne al +test dl, al +je short loc_fffad8df ; je 0xfffad8df +cmp cx, 0x10 +setne dl +cmp cx, 0xe +setne al +test dl, al +je short loc_fffad8df ; je 0xfffad8df +cmp cx, 0x14 +setne dl +cmp cx, 0x12 +setne al +test dl, al +je short loc_fffad8df ; je 0xfffad8df +cmp cx, 0x18 +jne loc_fffada1b ; jne 0xfffada1b + +loc_fffad8df: ; not directly referenced +movzx eax, word [ebp - 0x38] +add eax, eax +mov edx, eax +mov dword [ebp - 0x38], eax +movzx eax, cx +cmp edx, eax +jne loc_fffada22 ; jne 0xfffada22 +cmp di, 0x10 +ja short loc_fffad904 ; ja 0xfffad904 +xor eax, eax +test di, 1 +jne short loc_fffad913 ; jne 0xfffad913 + +loc_fffad904: ; not directly referenced +mov eax, edi +and eax, 0xfffffffb +cmp ax, 0x12 +setne al +movzx eax, al + +loc_fffad913: ; not directly referenced +shl eax, 2 +and ebx, 0xfffffffb +or ebx, eax +cmp di, 0x10 +ja short loc_fffad939 ; ja 0xfffad939 +lea eax, [edi - 9] +mov edi, 2 +cdq +and ebx, 0xffffff8f +idiv edi +and eax, 7 +shl eax, 4 +or ebx, eax +jmp short loc_fffad94a ; jmp 0xfffad94a + +loc_fffad939: ; not directly referenced +sub edi, 2 +and ebx, 0xffffff8f +sar edi, 2 +and edi, 7 +shl edi, 4 +or ebx, edi + +loc_fffad94a: ; not directly referenced +cmp cx, 0x14 +ja loc_fffad9ff ; ja 0xfffad9ff +mov eax, dword [ebp - 0x38] +mov ecx, 2 +and bh, 0xf1 +sub eax, 0xa +cdq +idiv ecx +and eax, 7 +shl eax, 9 +or ebx, eax + +loc_fffad96d: ; not directly referenced +imul eax, dword [ebp - 0x34], 0x13c3 +test byte [esi + eax + 0x381b], 1 +je short loc_fffad9aa ; je 0xfffad9aa +cmp byte [esi + 0x247c], 0 +jne short loc_fffad99e ; jne 0xfffad99e +mov eax, dword [ebp - 0x2c] +mov word [eax + 0x126b], bx +mov word [eax + 0x1283], bx + +loc_fffad998: ; not directly referenced +mov word [ebp - 0x1c], bx +jmp short loc_fffad9aa ; jmp 0xfffad9aa + +loc_fffad99e: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov bx, word [eax + 0x126b] +jmp short loc_fffad998 ; jmp 0xfffad998 + +loc_fffad9aa: ; not directly referenced +imul eax, dword [ebp - 0x34], 0x13c3 +test byte [esi + eax + 0x381b], 4 +je short loc_fffad9e7 ; je 0xfffad9e7 +cmp byte [esi + 0x247c], 0 +jne short loc_fffad9db ; jne 0xfffad9db +mov eax, dword [ebp - 0x2c] +mov word [eax + 0x1393], bx +mov word [eax + 0x13ab], bx + +loc_fffad9d5: ; not directly referenced +mov word [ebp - 0x1a], bx +jmp short loc_fffad9e7 ; jmp 0xfffad9e7 + +loc_fffad9db: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov bx, word [eax + 0x1393] +jmp short loc_fffad9d5 ; jmp 0xfffad9d5 + +loc_fffad9e7: ; not directly referenced +mov edx, dword [ebp - 0x34] +sub esp, 0xc +xor ecx, ecx +lea eax, [ebp - 0x1c] +push eax +mov eax, esi +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +jmp short loc_fffada13 ; jmp 0xfffada13 + +loc_fffad9ff: ; not directly referenced +shl ecx, 7 +and bh, 0xf1 +and cx, 0xe00 +or ebx, ecx +jmp near loc_fffad96d ; jmp 0xfffad96d + +loc_fffada11: ; not directly referenced +xor eax, eax + +loc_fffada13: ; not directly referenced +inc byte [ebp - 0x2d] +jmp near loc_fffad850 ; jmp 0xfffad850 + +loc_fffada1b: ; not directly referenced +mov eax, 0xd +jmp short loc_fffada27 ; jmp 0xfffada27 + +loc_fffada22: ; not directly referenced +mov eax, 0x1d + +loc_fffada27: ; not directly referenced lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffada2f: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +mov ebx, 0x100 +sub esp, 0x90 +mov esi, dword [ebp + 8] +lea edx, [ebp - 0x44] +mov dword [ebp - 0x48], 1 +mov eax, dword [esi + 0x2444] +push 0 +push 0x2c +push edx +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp dword [esi + 0x3757], 2 +jne short loc_fffada93 ; jne 0xfffada93 +xor edi, edi + +loc_fffada69: ; not directly referenced +mov eax, edi +cmp al, byte [esi + 0x2489] +jae short loc_fffada93 ; jae 0xfffada93 +movzx eax, al +and ebx, 0xffffff80 +mov edx, eax +inc edi +and edx, 0x7f +or ebx, edx +mov ecx, ebx +lea edx, [eax*4 + 0x40f0] mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffada69 ; jmp 0xfffada69 + +loc_fffada93: ; not directly referenced +xor edi, edi +cmp dword [esi + 0x4b1a], 2 +je short loc_fffadaa9 ; je 0xfffadaa9 + +loc_fffada9e: ; not directly referenced +mov byte [ebp - 0x65], 0 +xor edi, edi +jmp near loc_fffadc40 ; jmp 0xfffadc40 + +loc_fffadaa9: ; not directly referenced +mov eax, edi +cmp al, byte [esi + 0x2489] +jae short loc_fffada9e ; jae 0xfffada9e +mov eax, edi +and ebx, 0xffffff80 +movzx eax, al +inc edi +mov edx, eax +and edx, 0x7f +or ebx, edx +mov ecx, ebx +lea edx, [eax*4 + 0x44f0] +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffadaa9 ; jmp 0xfffadaa9 + +loc_fffadad5: ; not directly referenced +mov cl, byte [ebp - 0x65] +xor edi, edi +mov dword [ebp - 0x5c], 1 +shl dword [ebp - 0x5c], cl +movzx eax, cl +mov dword [ebp - 0x7c], eax +mov al, byte [ebp - 0x5c] +test byte [esi + 0x248e], al +je loc_fffadc3d ; je 0xfffadc3d +mov ecx, dword [ebp - 0x5c] +xor edx, edx +mov eax, esi +call fcn_fffad317 ; call 0xfffad317 +mov ecx, dword [ebp - 0x5c] +mov edx, 1 +mov byte [ebp - 0x4a], 0 +mov bl, al +mov eax, esi +call fcn_fffad317 ; call 0xfffad317 +imul ecx, dword [ebp - 0x7c], 0x18 +mov byte [ebp - 0x49], 0 +mov dword [ebp - 0x80], 0 +mov dword [ebp - 0x8c], ecx +lea ecx, [esi + ecx + 0x49c2] +or eax, ebx +movzx eax, al +mov dword [ebp - 0x90], ecx +mov dword [ebp - 0x64], eax + +loc_fffadb44: ; not directly referenced +mov ecx, dword [ebp - 0x7c] +lea eax, [ebp - 0x48] +push ebx +push ebx +mov ebx, edi +push eax +mov eax, esi +push 1 +xor edi, edi +lea edx, [ebp - 0x44] +call fcn_fffad0c1 ; call 0xfffad0c1 +mov cl, byte [ebp - 0x80] +add esp, 0x10 +mov eax, dword [ebp - 0x90] +mov dword [ebp - 0x84], 1 +shl dword [ebp - 0x84], cl +mov dword [ebp - 0x60], eax + +loc_fffadb7c: ; not directly referenced +mov eax, dword [ebp - 0x64] +bt eax, edi +jb loc_fffadc59 ; jb 0xfffadc59 + +loc_fffadb88: ; not directly referenced +inc edi +add dword [ebp - 0x60], 0x13c3 +cmp edi, 2 +jne short loc_fffadb7c ; jne 0xfffadb7c +mov edx, dword [ebp - 0x64] +mov eax, esi +call fcn_fffb33a7 ; call 0xfffb33a7 +test eax, eax +mov edi, eax +lea eax, [esi + 0x49bb] +cmove edi, ebx +mov dword [ebp - 0x84], eax +mov eax, dword [ebp - 0x8c] +xor ebx, ebx +add eax, 7 +mov dword [ebp - 0x94], eax + +loc_fffadbc3: ; not directly referenced +mov eax, dword [ebp - 0x64] +bt eax, ebx +jae short loc_fffadbfc ; jae 0xfffadbfc +mov eax, ebx +shl eax, 0xa +add eax, 0x4114 +mov dword [ebp - 0x88], eax +mov byte [ebp - 0x60], 0 +mov byte [ebp - 0x78], 0 + +loc_fffadbe3: ; not directly referenced +mov al, byte [ebp - 0x78] +cmp al, byte [esi + 0x2489] +jb loc_fffadceb ; jb 0xfffadceb +cmp byte [ebp - 0x60], 0 +jne loc_fffadd2d ; jne 0xfffadd2d + +loc_fffadbfc: ; not directly referenced +inc ebx +add dword [ebp - 0x84], 0x13c3 +cmp ebx, 2 +jne short loc_fffadbc3 ; jne 0xfffadbc3 +inc dword [ebp - 0x80] +cmp dword [ebp - 0x80], 8 +jne loc_fffadb44 ; jne 0xfffadb44 +test byte [ebp - 0x64], 1 +je short loc_fffadc2b ; je 0xfffadc2b +cmp byte [ebp - 0x4a], 0xff +mov eax, 0x1f +cmovne edi, eax + +loc_fffadc2b: ; not directly referenced +test byte [ebp - 0x64], 2 +je short loc_fffadc3d ; je 0xfffadc3d +cmp byte [ebp - 0x49], 0xff +mov eax, 0x1f +cmovne edi, eax + +loc_fffadc3d: ; not directly referenced +inc byte [ebp - 0x65] + +loc_fffadc40: ; not directly referenced +test edi, edi +sete dl +cmp byte [ebp - 0x65], 1 +setbe al +test dl, al +jne loc_fffadad5 ; jne 0xfffadad5 +jmp near loc_fffadd8d ; jmp 0xfffadd8d + +loc_fffadc59: ; not directly referenced +cmp byte [ebp + edi - 0x4a], 0xff +je loc_fffadb88 ; je 0xfffadb88 +mov eax, dword [ebp - 0x60] +mov edx, edi +mov cx, word [eax + 6] +push eax +push eax +mov word [ebp - 0x78], cx +mov ecx, dword [ebp - 0x5c] +or word [ebp - 0x78], 0x10 +movzx eax, word [ebp - 0x78] +push eax +mov eax, esi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0xc +mov ecx, dword [ebp - 0x7c] +mov edx, edi +test eax, eax +cmovne ebx, eax +mov eax, dword [ebp - 0x60] +mov ax, word [eax] +push dword [ebp - 0x84] +and eax, 0xfffc +push 0 +or eax, 2 +push eax +mov eax, esi +call fcn_fffac8c3 ; call 0xfffac8c3 +pop edx +mov edx, edi +pop ecx +mov ecx, dword [ebp - 0x5c] +test eax, eax +cmovne ebx, eax +mov eax, dword [ebp - 0x78] +mov dword [ebp - 0x88], ebx +and eax, 0xffef +push eax +mov eax, esi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +mov ebx, eax +test eax, eax +cmove ebx, dword [ebp - 0x88] +jmp near loc_fffadb88 ; jmp 0xfffadb88 + +loc_fffadceb: ; not directly referenced +mov dl, byte [ebp - 0x78] +movzx eax, byte [ebp + ebx - 0x4a] +movzx ecx, dl +bt eax, edx +jb short loc_fffadd25 ; jb 0xfffadd25 +mov eax, dword [ebp - 0x88] +mov dword [ebp - 0x98], ecx +lea edx, [eax + ecx*4] +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x98] +test eax, eax +je short loc_fffadd25 ; je 0xfffadd25 +mov eax, 1 +shl eax, cl +or byte [ebp - 0x60], al + +loc_fffadd25: ; not directly referenced +inc byte [ebp - 0x78] +jmp near loc_fffadbe3 ; jmp 0xfffadbe3 + +loc_fffadd2d: ; not directly referenced +movzx eax, byte [ebp - 0x60] +call fcn_fffb38d9 ; call 0xfffb38d9 +mov ecx, dword [ebp - 0x84] +cmp byte [ecx], 8 +movzx eax, al +jne short loc_fffadd47 ; jne 0xfffadd47 +dec eax +jmp short loc_fffadd4a ; jmp 0xfffadd4a + +loc_fffadd47: ; not directly referenced +cmp eax, 2 + +loc_fffadd4a: ; not directly referenced +sete al +mov edx, dword [ebp - 0x94] +movzx eax, al +test eax, eax +mov eax, 0x1f +cmove edi, eax +mov al, byte [ebp - 0x60] +add edx, dword [ebp - 0x84] +or byte [ebp + ebx - 0x4a], al +xor eax, eax + +loc_fffadd6f: ; not directly referenced +cmp byte [edx + eax + 0x10], 0 +jne short loc_fffadd82 ; jne 0xfffadd82 +mov cl, byte [ebp - 0x60] +mov byte [edx + eax + 0x10], cl +jmp near loc_fffadbfc ; jmp 0xfffadbfc + +loc_fffadd82: ; not directly referenced +inc eax +cmp eax, 8 +jne short loc_fffadd6f ; jne 0xfffadd6f +jmp near loc_fffadbfc ; jmp 0xfffadbfc + +loc_fffadd8d: ; not directly referenced +mov cl, byte [esi + 0x247c] +xor edx, edx +mov eax, esi +mov byte [esi + 0x247c], 1 +mov dword [ebp - 0x5c], ecx +call fcn_fffad821 ; call 0xfffad821 +mov ecx, dword [ebp - 0x5c] +mov byte [esi + 0x247c], cl +test eax, eax +mov ebx, eax +mov eax, esi +cmove ebx, edi +call fcn_fffaa4a9 ; call 0xfffaa4a9 +lea esp, [ebp - 0xc] +mov eax, ebx pop ebx pop esi pop edi pop ebp ret -fcn_fffaafb4: ; not directly referenced +fcn_fffaddc7: ; not directly referenced push ebp +mov ebp, esp +push edi +push esi +push ebx +mov ebx, eax +lea esi, [ebx + 0x374f] +sub esp, 0x3c xor eax, eax +mov byte [ebp - 0x2b], 0 +mov dword [ebp - 0x40], esi + +loc_fffadde1: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x2b], 1 +setbe dl +test cl, dl +je loc_fffadf25 ; je 0xfffadf25 +movzx eax, byte [ebp - 0x2b] +imul edx, eax, 0x13c3 +mov dword [ebp - 0x34], eax +lea eax, [ebx + edx] +cmp dword [eax + 0x3757], 2 +jne loc_fffadf16 ; jne 0xfffadf16 +mov esi, dword [ebp - 0x40] +mov dword [ebp - 0x30], 0 +mov dword [ebp - 0x3c], eax +lea esi, [esi + edx + 8] +mov dword [ebp - 0x38], esi +xor esi, esi + +loc_fffade28: ; not directly referenced +mov edi, dword [ebp - 0x30] +mov eax, edi +mov ecx, edi +mov edi, dword [ebp - 0x3c] +mov byte [ebp - 0x2c], al +mov eax, 1 +shl eax, cl +test byte [edi + 0x381b], al +je loc_fffadeed ; je 0xfffadeed +cmp byte [ebx + 0x247c], 0 +je short loc_fffade6b ; je 0xfffade6b +mov al, cl +mov edx, dword [ebp - 0x38] +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +mov si, word [edx + eax + 0x126d] +jmp short loc_fffadee0 ; jmp 0xfffadee0 + +loc_fffade6b: ; not directly referenced +mov al, byte [ebp - 0x2c] +mov edx, dword [ebp - 0x34] +shr al, 1 +movzx edi, al +mov eax, ebx +mov ecx, edi +call fcn_fffa6998 ; call 0xfffa6998 +test eax, eax +je loc_fffadf20 ; je 0xfffadf20 +mov edx, dword [ebx + 0x1887] +cmp edx, 0x306d0 +sete cl +cmp edx, 0x40650 +sete dl +or cl, dl +je short loc_fffadeac ; je 0xfffadeac +cmp dword [ebx + 0x2481], 1 +je short loc_fffadeb2 ; je 0xfffadeb2 + +loc_fffadeac: ; not directly referenced +movzx ecx, byte [eax + 1] +jmp short loc_fffadeb4 ; jmp 0xfffadeb4 + +loc_fffadeb2: ; not directly referenced +xor ecx, ecx + +loc_fffadeb4: ; not directly referenced +sub esp, 0xc +mov edx, ebx +push esi +lea eax, [ebp - 0x2a] +call fcn_fffa6b7f ; call 0xfffa6b7f +imul edi, edi, 0x128 +mov si, word [ebp - 0x2a] +add edi, dword [ebp - 0x38] +add esp, 0x10 +mov word [edi + 0x126d], si +mov word [edi + 0x1285], si + +loc_fffadee0: ; not directly referenced +mov al, byte [ebp - 0x2c] +shr al, 1 +movzx eax, al +mov word [ebp + eax*2 - 0x1c], si + +loc_fffadeed: ; not directly referenced +add dword [ebp - 0x30], 2 +cmp dword [ebp - 0x30], 4 +jne loc_fffade28 ; jne 0xfffade28 +mov edx, dword [ebp - 0x34] +sub esp, 0xc +mov ecx, 1 +lea eax, [ebp - 0x1c] +push eax +mov eax, ebx +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +jmp short loc_fffadf18 ; jmp 0xfffadf18 + +loc_fffadf16: ; not directly referenced +xor eax, eax + +loc_fffadf18: ; not directly referenced +inc byte [ebp - 0x2b] +jmp near loc_fffadde1 ; jmp 0xfffadde1 + +loc_fffadf20: ; not directly referenced +mov eax, 1 + +loc_fffadf25: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffadf2d: ; not directly referenced +push ebp mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +sub esp, 0x3c +mov edi, dword [esi + 0x2481] +mov dword [ebp - 0x3c], ecx +mov dword [ebp - 0x38], edi +cmp ecx, 1 +je short loc_fffadf70 ; je 0xfffadf70 +jb short loc_fffadf60 ; jb 0xfffadf60 +cmp ecx, 2 +je short loc_fffadf67 ; je 0xfffadf67 +cmp ecx, 3 +jne loc_fffae060 ; jne 0xfffae060 +mov edi, 0xc3 +jmp short loc_fffadf6c ; jmp 0xfffadf6c + +loc_fffadf60: ; not directly referenced +mov edi, 0xff +jmp short loc_fffadf75 ; jmp 0xfffadf75 + +loc_fffadf67: ; not directly referenced +mov edi, 0x56 + +loc_fffadf6c: ; not directly referenced +xor eax, eax +jmp short loc_fffadf7a ; jmp 0xfffadf7a + +loc_fffadf70: ; not directly referenced +mov edi, 0xab + +loc_fffadf75: ; not directly referenced +mov eax, 0x400 + +loc_fffadf7a: ; not directly referenced +mov word [ebp - 0x1c], ax +movzx ecx, dl +xor ebx, ebx +mov word [ebp - 0x1a], ax +lea eax, [esi + 0x3757] +mov dword [ebp - 0x34], eax +xor eax, eax +mov byte [ebp - 0x2d], 1 +mov dword [ebp - 0x40], ecx + +loc_fffadf99: ; not directly referenced +mov ecx, dword [ebp - 0x34] +cmp dword [ecx], 2 +jne loc_fffae039 ; jne 0xfffae039 +mov ecx, dword [ebp - 0x40] +bt ecx, ebx +jae loc_fffae039 ; jae 0xfffae039 +lea edx, [ebx + 1] +bt ecx, edx +jb short loc_fffadfc8 ; jb 0xfffadfc8 +mov cl, byte [ebp - 0x2d] +mov dl, 7 +cmp dword [ebp - 0x3c], 2 +cmove ecx, edx +mov byte [ebp - 0x2d], cl + +loc_fffadfc8: ; not directly referenced +cmp dword [ebp - 0x38], 3 +jne short loc_fffae00a ; jne 0xfffae00a +mov dword [ebp - 0x2c], 0 + +loc_fffadfd5: ; not directly referenced +mov cl, byte [ebp - 0x2c] +mov edx, 1 +shl edx, cl +mov ecx, dword [ebp - 0x34] +test byte [ecx + 0xc4], dl +je short loc_fffadfff ; je 0xfffadfff +mov ecx, dword [ebp - 0x2c] +mov edx, ebx +push eax +mov eax, esi +push 0 +push edi +push 0xa +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 + +loc_fffadfff: ; not directly referenced +inc dword [ebp - 0x2c] +cmp dword [ebp - 0x2c], 4 +jne short loc_fffadfd5 ; jne 0xfffadfd5 +jmp short loc_fffae039 ; jmp 0xfffae039 + +loc_fffae00a: ; not directly referenced +cmp dword [ebp - 0x38], 2 +movzx eax, byte [ebp - 0x2d] +jne short loc_fffae01f ; jne 0xfffae01f +push eax +lea eax, [ebp - 0x1c] +push eax +push 0 +push 0xe +jmp short loc_fffae028 ; jmp 0xfffae028 + +loc_fffae01f: ; not directly referenced +push eax +lea eax, [ebp - 0x1c] +push eax +push 0 +push 6 + +loc_fffae028: ; not directly referenced +mov ecx, 0xf +mov edx, ebx +mov eax, esi +call fcn_fffa947f ; call 0xfffa947f +add esp, 0x10 + +loc_fffae039: ; not directly referenced +inc ebx +add dword [ebp - 0x34], 0x13c3 +cmp ebx, 2 +jne loc_fffadf99 ; jne 0xfffadf99 +cmp dword [ebp - 0x3c], 1 +mov ebx, eax +ja short loc_fffae065 ; ja 0xfffae065 +mov edx, 0x13 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp short loc_fffae065 ; jmp 0xfffae065 + +loc_fffae060: ; not directly referenced +mov ebx, 2 + +loc_fffae065: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, ebx +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffae06f: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +xor esi, esi +push ebx +sub esp, 0x4c +mov ebx, dword [ebp + 8] +mov byte [ebp - 0x28], 2 +mov byte [ebp - 0x27], 0x40 +mov byte [ebp - 0x26], 1 +mov byte [ebp - 0x25], 0x43 +mov byte [ebp - 0x24], 3 +mov byte [ebp - 0x23], 1 +mov byte [ebp - 0x22], 0xb +mov byte [ebp - 0x21], 3 +mov dword [ebp - 0x50], 0 + +loc_fffae0a4: ; not directly referenced +imul eax, esi, 0x13c3 +cmp dword [ebx + eax + 0x3757], 2 +jne short loc_fffae0ef ; jne 0xfffae0ef +mov edi, esi +mov eax, ebx +shl edi, 0xa +add edi, 0x4004 +mov edx, edi +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebp + esi*4 - 0x20], eax +mov al, byte [ebp + esi*4 - 0x1d] +test al, 0x20 +jne short loc_fffae0ef ; jne 0xfffae0ef +or eax, 0x20 +mov edx, edi +mov byte [ebp + esi*4 - 0x1d], al +mov ecx, dword [ebp + esi*4 - 0x20] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov dword [ebp - 0x50], 1 + +loc_fffae0ef: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffae0a4 ; jne 0xfffae0a4 +xor ecx, ecx +mov edx, 3 +mov eax, ebx +call fcn_fffadf2d ; call 0xfffadf2d +test eax, eax +jne loc_fffae328 ; jne 0xfffae328 +mov edx, dword [ebx + 0x36d8] +cmp edx, 0x320 +jbe short loc_fffae14b ; jbe 0xfffae14b +cmp edx, 0x42b +jbe short loc_fffae14f ; jbe 0xfffae14f +cmp edx, 0x4b0 +jbe short loc_fffae153 ; jbe 0xfffae153 +cmp edx, 0x535 +jbe short loc_fffae157 ; jbe 0xfffae157 +cmp edx, 0x640 +jbe short loc_fffae15b ; jbe 0xfffae15b +mov al, 0x16 +cmp edx, 0x74b +ja loc_fffae328 ; ja 0xfffae328 +mov al, 0x1c +jmp short loc_fffae15d ; jmp 0xfffae15d + +loc_fffae14b: ; not directly referenced +mov al, 0x14 +jmp short loc_fffae15d ; jmp 0xfffae15d + +loc_fffae14f: ; not directly referenced +mov al, 0x16 +jmp short loc_fffae15d ; jmp 0xfffae15d + +loc_fffae153: ; not directly referenced +mov al, 0x17 +jmp short loc_fffae15d ; jmp 0xfffae15d + +loc_fffae157: ; not directly referenced +mov al, 0x18 +jmp short loc_fffae15d ; jmp 0xfffae15d + +loc_fffae15b: ; not directly referenced +mov al, 0x1a + +loc_fffae15d: ; not directly referenced +mov byte [ebp - 0x27], al +lea eax, [ebx + 0x3757] +xor edi, edi +mov dword [ebp - 0x2c], eax + +loc_fffae16b: ; not directly referenced +mov eax, dword [ebp - 0x2c] +cmp dword [eax], 2 +jne loc_fffae307 ; jne 0xfffae307 +mov dword [ebp - 0x34], 0 + +loc_fffae17e: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov ecx, dword [ebp - 0x34] +mov al, byte [eax + 0xc4] +mov dl, cl +mov esi, eax +mov eax, 1 +shl eax, cl +mov ecx, esi +test cl, al +jne short loc_fffae1a9 ; jne 0xfffae1a9 + +loc_fffae19b: ; not directly referenced +inc dword [ebp - 0x34] +cmp dword [ebp - 0x34], 4 +jne short loc_fffae17e ; jne 0xfffae17e +jmp near loc_fffae29b ; jmp 0xfffae29b + +loc_fffae1a9: ; not directly referenced +cmp byte [ebp - 0x34], 0 +mov byte [ebp - 0x48], 0 +jne short loc_fffae1d3 ; jne 0xfffae1d3 +cmp byte [ebx + 0x240a], 0 +mov byte [ebp - 0x48], dl +je short loc_fffae1d3 ; je 0xfffae1d3 +mov eax, esi +and eax, 2 +cmp al, 1 +sbb eax, eax +mov dword [ebp - 0x48], eax +and byte [ebp - 0x48], 0xfc +add byte [ebp - 0x48], 7 + +loc_fffae1d3: ; not directly referenced +mov eax, edx +and eax, 1 +mov dword [ebp - 0x38], 0 +mov dword [ebp - 0x4c], eax + +loc_fffae1e2: ; not directly referenced +mov eax, dword [ebp - 0x38] +cmp byte [ebx + 0x247c], 0 +movzx edx, byte [ebp + eax*2 - 0x28] +je short loc_fffae21f ; je 0xfffae21f +cmp edx, 6 +ja short loc_fffae20c ; ja 0xfffae20c +imul eax, dword [ebp - 0x4c], 0xc +mov ecx, dword [ebp - 0x2c] +lea eax, [edx + eax + 0x930] +mov al, byte [ecx + eax*2 + 0xb] +jmp short loc_fffae21a ; jmp 0xfffae21a + +loc_fffae20c: ; not directly referenced +imul eax, dword [ebp - 0x4c], 0x18 +mov ecx, dword [ebp - 0x2c] +mov al, byte [ecx + eax + 0x1279] + +loc_fffae21a: ; not directly referenced +mov byte [ebp - 0x2d], al +jmp short loc_fffae269 ; jmp 0xfffae269 + +loc_fffae21f: ; not directly referenced +mov eax, dword [ebp - 0x38] +cmp eax, 3 +je short loc_fffae22d ; je 0xfffae22d +mov al, byte [ebp + eax*2 - 0x27] +jmp short loc_fffae230 ; jmp 0xfffae230 + +loc_fffae22d: ; not directly referenced +mov al, byte [ebp - 0x48] + +loc_fffae230: ; not directly referenced +mov byte [ebp - 0x2d], al +cmp edx, 6 +ja short loc_fffae251 ; ja 0xfffae251 +imul ecx, dword [ebp - 0x4c], 0xc +movzx esi, byte [ebp - 0x2d] +mov eax, dword [ebp - 0x2c] +lea ecx, [edx + ecx + 0x930] +mov word [eax + ecx*2 + 0xb], si +jmp short loc_fffae269 ; jmp 0xfffae269 + +loc_fffae251: ; not directly referenced +cmp edx, 0xb +jne short loc_fffae269 ; jne 0xfffae269 +imul ecx, dword [ebp - 0x4c], 0x18 +movzx esi, byte [ebp - 0x2d] +mov eax, dword [ebp - 0x2c] +mov word [eax + ecx + 0x1279], si + +loc_fffae269: ; not directly referenced +push eax +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x34] +push 0 +push eax +mov eax, ebx +push edx +mov edx, edi +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +test eax, eax +jne loc_fffae328 ; jne 0xfffae328 +inc dword [ebp - 0x38] +cmp dword [ebp - 0x38], 4 +jne loc_fffae1e2 ; jne 0xfffae1e2 +jmp near loc_fffae19b ; jmp 0xfffae19b + +loc_fffae29b: ; not directly referenced +cmp byte [ebx + 0x247e], 0 +jne short loc_fffae2e6 ; jne 0xfffae2e6 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffae2e6 ; jne 0xfffae2e6 +mov eax, edi +shl eax, 8 +add eax, 0x1c20 +mov edx, eax +mov esi, eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +cmp byte [ebx + 0x240a], 1 +sbb edx, edx +not edx +add edx, 3 +and eax, 0xffffffcf +and edx, 3 +shl edx, 4 +or eax, edx +mov edx, esi +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffae2e6: ; not directly referenced +cmp dword [ebp - 0x50], 0 +je short loc_fffae307 ; je 0xfffae307 +and byte [ebp + edi*4 - 0x1d], 0xdf +mov edx, edi +mov ecx, dword [ebp + edi*4 - 0x20] +shl edx, 0xa +mov eax, ebx +add edx, 0x4004 +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffae307: ; not directly referenced +inc edi +add dword [ebp - 0x2c], 0x13c3 +cmp edi, 2 +jne loc_fffae16b ; jne 0xfffae16b +mov byte [ebx + 0x247e], 1 +xor eax, eax +mov byte [ebx + 0x247c], 1 + +loc_fffae328: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffae330: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 8] +mov dword [ebp - 0x20], 0 +lea edi, [ebx + 0x3757] + +loc_fffae349: ; not directly referenced +cmp dword [edi], 2 +je short loc_fffae35f ; je 0xfffae35f + +loc_fffae34e: ; not directly referenced +inc dword [ebp - 0x20] +add edi, 0x13c3 +cmp dword [ebp - 0x20], 2 +jne short loc_fffae349 ; jne 0xfffae349 +jmp short loc_fffae3d2 ; jmp 0xfffae3d2 + +loc_fffae35f: ; not directly referenced +mov edx, dword [ebp - 0x20] +xor ecx, ecx +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov edx, eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, dword [ebp - 0x20] +mov ecx, 0xff +mov esi, eax +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +or esi, 0x100000 +mov dword [ebp - 0x1c], 0 +mov dword [ebp - 0x24], eax + +loc_fffae395: ; not directly referenced +mov cl, byte [ebp - 0x1c] +mov eax, 1 +shl eax, cl +test byte [edi + 0xc4], al +je short loc_fffae3c4 ; je 0xfffae3c4 +mov eax, dword [ebp - 0x1c] +and esi, 0xff3fffff +mov edx, dword [ebp - 0x24] +and eax, 3 +shl eax, 0x16 +or esi, eax +mov eax, ebx +mov ecx, esi +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffae3c4: ; not directly referenced +inc dword [ebp - 0x1c] +cmp dword [ebp - 0x1c], 4 +jne short loc_fffae395 ; jne 0xfffae395 +jmp near loc_fffae34e ; jmp 0xfffae34e + +loc_fffae3d2: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne short loc_fffae3ee ; jne 0xfffae3ee +movzx ecx, byte [ebx + 0x381b] +mov edx, 0x4192 +mov eax, ebx +call fcn_fffb335b ; call 0xfffb335b + +loc_fffae3ee: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffae40a ; jne 0xfffae40a +movzx ecx, byte [ebx + 0x4bde] +mov edx, 0x4592 +mov eax, ebx +call fcn_fffb335b ; call 0xfffb335b + +loc_fffae40a: ; not directly referenced +mov eax, ebx +mov ecx, 1 +mov edx, 3 +call fcn_fffadf2d ; call 0xfffadf2d +add esp, 0x1c +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffae425: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0xdc +mov edi, dword [ebp + 0x20] +mov byte [ebp - 0x51], cl +mov esi, dword [ebp + 8] +mov dword [ebp - 0x78], ecx +mov cl, byte [ebp + 0x14] +mov dword [ebp - 0x4c], eax +mov eax, dword [eax + 0x188b] +mov dword [ebp - 0x58], edi +mov edi, dword [ebp + 0x24] +mov ebx, esi +mov byte [ebp - 0xe8], cl +mov cl, byte [ebp + 0x1c] +mov dword [ebp - 0x60], eax +movzx eax, bx +dec eax +mov dword [ebp - 0x50], esi +mov esi, dword [ebp + 0xc] +mov byte [ebp - 0xad], dl +mov byte [ebp - 0x98], cl +mov dword [ebp - 0x5c], edi +mov dword [ebp - 0x45], 0 +mov dword [ebp - 0x41], 0 +mov dword [ebp - 0x3d], 0 +call fcn_fffb396b ; call 0xfffb396b +mov ecx, dword [ebp - 0x78] +lea edx, [esi + 1] +sub edx, eax +test dl, dl +setle bl +cmp cl, 4 +mov byte [ebp - 0x61], al +sete al +or bl, al +jne short loc_fffae4b4 ; jne 0xfffae4b4 +cmp cl, 5 +mov al, 1 +cmove edx, eax +jmp short loc_fffae4b6 ; jmp 0xfffae4b6 + +loc_fffae4b4: ; not directly referenced +mov dl, 1 + +loc_fffae4b6: ; not directly referenced +mov ebx, dword [ebp - 0x50] +lea ecx, [edx - 1] +movzx esi, byte [ebp - 0x61] +mov dword [ebp - 0x68], 1 +shl dword [ebp - 0x68], cl +mov al, bl +add eax, 0xffffff80 +cmp bx, 0x7f +cmova eax, esi +add ebx, ebx +mov byte [ebp - 0x88], al +lea eax, [ebx - 0x80] +mov byte [ebp - 0x78], al +cmp bx, 0x7f +jbe short loc_fffae4f8 ; jbe 0xfffae4f8 +movzx ebx, bx +lea eax, [ebx - 1] +call fcn_fffb396b ; call 0xfffb396b +mov byte [ebp - 0x78], al + +loc_fffae4f8: ; not directly referenced +mov eax, dword [ebp + 0x18] +mov bx, word [eax] +movzx eax, bx +dec eax +call fcn_fffb396b ; call 0xfffb396b +cmp bx, 0x1f +jbe short loc_fffae518 ; jbe 0xfffae518 +mov esi, dword [ebp + 0x18] +movzx eax, al +mov word [esi], ax +jmp short loc_fffae521 ; jmp 0xfffae521 + +loc_fffae518: ; not directly referenced +mov eax, dword [ebp + 0x18] +add ebx, 0x20 +mov word [eax], bx + +loc_fffae521: ; not directly referenced +cmp byte [ebp - 0x58], 0 +je short loc_fffae547 ; je 0xfffae547 +mov eax, dword [ebp - 0x4c] +mov edx, 0x4cb0 +call fcn_fffb331f ; call 0xfffb331f +mov edi, eax +mov eax, dword [ebp - 0x5c] +and di, 0xfff +add edi, 0x10 +cmp ax, di +cmovae edi, eax + +loc_fffae547: ; not directly referenced +cmp di, 0xff +mov eax, 0xff +cmova edi, eax +mov al, byte [ebp - 0x88] +mov word [ebp - 0xa8], di +mov dword [ebp - 0x50], 0x4960 +mov dword [ebp - 0x5c], 0x4040 +shr al, 7 +mov byte [ebp - 0xc8], al +mov al, byte [ebp - 0x78] +mov dword [ebp - 0x58], 0 +shr al, 7 +mov byte [ebp - 0xd8], al +mov eax, dword [ebp - 0x98] +and eax, 1 +mov dword [ebp - 0xb4], eax + +loc_fffae59a: ; not directly referenced +movzx eax, byte [ebp - 0xad] +mov esi, dword [ebp - 0x58] +mov dword [ebp - 0xac], eax +bt eax, esi +jb short loc_fffae5c0 ; jb 0xfffae5c0 +mov eax, dword [ebp - 0x50] +xor ecx, ecx +lea edx, [eax + eax - 0x4a18] +jmp near loc_fffae9a7 ; jmp 0xfffae9a7 + +loc_fffae5c0: ; not directly referenced +mov eax, dword [ebp - 0x5c] +movzx ecx, byte [ebp - 0xb4] +lea edx, [eax + 0x158] +mov eax, dword [ebp - 0x4c] +call fcn_fffb335b ; call 0xfffb335b +cmp byte [ebp - 0x98], 0 +je short loc_fffae5f9 ; je 0xfffae5f9 +mov edx, dword [ebp - 0x58] +sub esp, 0xc +mov ecx, 7 +mov eax, dword [ebp - 0x4c] +push 8 +call fcn_fffaca06 ; call 0xfffaca06 +add esp, 0x10 + +loc_fffae5f9: ; not directly referenced +cmp byte [ebp - 0x51], 5 +ja short loc_fffae611 ; ja 0xfffae611 +movzx eax, byte [ebp - 0x51] +mov dl, byte [eax + ref_fffd38f8] ; mov dl, byte [eax - 0x2c708] +mov al, byte [eax + ref_fffd38f0] ; mov al, byte [eax - 0x2c710] +jmp short loc_fffae615 ; jmp 0xfffae615 + +loc_fffae611: ; not directly referenced +xor eax, eax xor edx, edx + +loc_fffae615: ; not directly referenced +and edx, 7 +and eax, 7 +mov bl, byte [ebp - 0x51] +shl edx, 0x18 +xor edi, edi +mov ecx, dword [ebp - 0x50] +shl eax, 0x1c +or eax, edx +and ah, 0xcf +mov edx, eax +mov eax, dword [ebp - 0x4c] +or dh, 0x18 +cmp byte [eax + 0x247b], 0 +setne al +movzx eax, al +shl eax, 7 +or eax, edx +mov edx, eax +or edx, 0x20 +cmp bl, 6 +mov ebx, dword [ebp - 0x4c] +cmove eax, edx +mov esi, eax +mov eax, edi +and eax, 0xfffffc00 +or eax, 2 +mov edi, eax +cmp dword [ebp - 0x60], 1 +lea eax, [ecx + 0x20] +lea edx, [ecx + 0x40] +mov ecx, dword [ebp - 0x68] +cmovne edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, ebx +push ecx +push ecx +mov ecx, dword [ebp - 0x50] +push edi +push esi +lea edx, [ecx + ecx - 0x4a18] +call fcn_fffb3506 ; call 0xfffb3506 +mov ecx, dword [ebp - 0x50] +mov eax, ebx +lea edx, [ecx - 0xa8] +mov ecx, 4 +call fcn_fffb335b ; call 0xfffb335b +mov edx, dword [ebp - 0xc8] +add esp, 0x10 +mov eax, dword [ebp - 0x88] +mov esi, dword [ebp - 0x78] +mov ecx, dword [ebp - 0xd8] +and edx, 1 +mov bl, byte [ebp - 0x51] +shl edx, 7 +and eax, 0x7f +or eax, edx +mov edx, dword [ebp - 0xa8] +and esi, 0x7f +or eax, 0x8000000 +and ecx, 1 +shl ecx, 7 +and edx, 0x3fff +shl edx, 8 +or eax, edx +mov edx, eax +and edx, 0x83fff00 +or edx, esi +or edx, ecx +cmp bl, 4 +je short loc_fffae71d ; je 0xfffae71d +cmp bl, 5 +je short loc_fffae763 ; je 0xfffae763 +cmp bl, 3 +jne loc_fffae7a5 ; jne 0xfffae7a5 +mov dword [ebp - 0x38], edx +mov byte [ebp - 0x39], 1 +or byte [ebp - 0x36], 0xc0 +and byte [ebp - 0x35], 0xfc +jmp near loc_fffae7c7 ; jmp 0xfffae7c7 + +loc_fffae71d: ; not directly referenced +mov dword [ebp - 0x38], eax +mov cl, byte [ebp - 0x36] +and byte [ebp - 0x35], 0xfc +and ecx, 0x3f +or ecx, 0x40 +mov byte [ebp - 0x36], cl +mov ecx, 1 + +loc_fffae735: ; not directly referenced +mov dword [ebp + ecx*4 - 0x38], edx +mov bl, byte [ebp + ecx*4 - 0x36] +and byte [ebp + ecx*4 - 0x35], 0xfc +and ebx, 0x3f +or ebx, 0xffffff80 +mov byte [ebp + ecx*4 - 0x36], bl +inc ecx +cmp ecx, 7 +jne short loc_fffae735 ; jne 0xfffae735 +mov dword [ebp - 0x1c], eax +mov byte [ebp - 0x39], 0xff +and byte [ebp - 0x1a], 0x3f +and byte [ebp - 0x19], 0xfc +jmp short loc_fffae7c7 ; jmp 0xfffae7c7 + +loc_fffae763: ; not directly referenced +mov dword [ebp - 0x38], eax +mov cl, byte [ebp - 0x36] +mov dword [ebp - 0x34], edx +mov dword [ebp - 0x30], eax +mov dword [ebp - 0x2c], edx +and ecx, 0x3f +or ecx, 0x40 +mov byte [ebp - 0x36], cl +mov cl, byte [ebp - 0x32] +and byte [ebp - 0x35], 0xfc +and byte [ebp - 0x31], 0xfc +and byte [ebp - 0x2e], 0x3f +and ecx, 0x3f +or ecx, 0xffffff80 +mov byte [ebp - 0x32], cl +and byte [ebp - 0x2d], 0xfc +or byte [ebp - 0x2a], 0xc0 +and byte [ebp - 0x29], 0xfc +mov byte [ebp - 0x39], 0xf +jmp short loc_fffae7c7 ; jmp 0xfffae7c7 + +loc_fffae7a5: ; not directly referenced +mov dword [ebp - 0x38], eax +mov dl, byte [ebp - 0x36] +mov dword [ebp - 0x34], eax +and byte [ebp - 0x35], 0xfc +and byte [ebp - 0x32], 0x3f +and byte [ebp - 0x31], 0xfc +and edx, 0x3f +or edx, 0x40 +mov byte [ebp - 0x36], dl +mov byte [ebp - 0x39], 3 + +loc_fffae7c7: ; not directly referenced +imul eax, dword [ebp - 0x58], 0x28 +xor ebx, ebx +lea edi, [ebp - 0x39] +lea esi, [eax + 0x4808] +sub edi, eax + +loc_fffae7d8: ; not directly referenced +movzx eax, byte [ebp - 0x39] +bt eax, ebx +jb loc_fffae8ab ; jb 0xfffae8ab + +loc_fffae7e5: ; not directly referenced +lea eax, [ebp - 0x3d] +mov esi, dword [ebp - 0x4c] +push edx +mov ecx, dword [ebp + 0x10] +push eax +mov edx, dword [ebp - 0x58] +lea eax, [ebp - 0x41] +push eax +lea eax, [ebp - 0x45] +push eax +mov eax, dword [ebp + 0x10] +add eax, 0x24 +push eax +mov eax, dword [ebp + 0x10] +add eax, 0x14 +push eax +mov eax, dword [ebp + 0x10] +add eax, 0x10 +push eax +mov eax, dword [ebp + 0x10] +add eax, 8 +push eax +mov eax, esi +call fcn_fffacc8a ; call 0xfffacc8a +mov eax, dword [ebp + 0x18] +add esp, 0x20 +mov edi, dword [ebp + 0x18] +movzx ecx, byte [eax + 6] +movzx eax, byte [eax + 2] +mov dx, word [edi] +and ecx, 0x3f +and eax, 0x3f +shl eax, 8 +mov ebx, edx +shl ecx, 0x10 +and ebx, 0x1f +or ecx, eax +mov eax, dword [ebp - 0x5c] +shr dx, 5 +or ecx, ebx +and edx, 1 +shl edx, 5 +or ecx, edx +lea edx, [eax + 0x1c0] +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp + 0x18] +mov dl, byte [eax + 0xa] +cmp dl, 2 +sete al +cmp dl, 4 +sete dl +or eax, edx +cmp al, 1 +mov al, byte [ebp - 0x51] +sbb ecx, ecx +and ecx, 2 +movzx ecx, cl +sub eax, 4 +or ecx, 0x8090 +cmp al, 1 +ja short loc_fffae8ce ; ja 0xfffae8ce +mov al, byte [ebp - 0x61] +and ecx, 0xf8c0ffff +inc eax +and eax, 7 +shl eax, 0x18 +or ecx, eax +or ecx, 0x10000 +jmp short loc_fffae8ce ; jmp 0xfffae8ce + +loc_fffae8ab: ; not directly referenced +mov ecx, dword [edi + esi - 0x4807] +mov edx, esi +inc ebx +mov eax, dword [ebp - 0x4c] +add esi, 4 +call fcn_fffb3381 ; call 0xfffb3381 +cmp ebx, 8 +jne loc_fffae7d8 ; jne 0xfffae7d8 +jmp near loc_fffae7e5 ; jmp 0xfffae7e5 + +loc_fffae8ce: ; not directly referenced +mov edi, dword [ebp - 0x4c] +mov esi, dword [ebp - 0x5c] +mov eax, edi +mov edx, esi +call fcn_fffb3381 ; call 0xfffb3381 +xor ecx, ecx +mov eax, edi +lea edx, [esi + 0x44] +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp - 0xe8] +mov eax, edi +lea edx, [esi + 0x58] +and ecx, 3 +shl ecx, 0xc +or ecx, 0xffff0001 +call fcn_fffb3381 ; call 0xfffb3381 +lea edx, [esi + 0x98] +push eax +push eax +mov eax, edi +push 0 +push 0 +call fcn_fffb3506 ; call 0xfffb3506 +xor ecx, ecx +mov eax, edi +lea edx, [esi + 0x5c] +call fcn_fffb335b ; call 0xfffb335b +add esp, 0x10 +cmp byte [edi + 0x247b], 0 +je short loc_fffae9af ; je 0xfffae9af +mov eax, dword [ebp - 0x50] +mov ecx, 0xfc +lea edx, [eax - 8] +mov eax, dword [ebp - 0x4c] +call fcn_fffb335b ; call 0xfffb335b +cmp dword [ebp - 0x60], 1 +jne short loc_fffae95c ; jne 0xfffae95c +mov eax, dword [ebp - 0x50] +mov ecx, 0xff +lea edx, [eax - 7] +mov eax, dword [ebp - 0x4c] +call fcn_fffb335b ; call 0xfffb335b + +loc_fffae95c: ; not directly referenced +mov eax, dword [ebp - 0x4c] +movzx ebx, word [eax + 0x248a] +test bx, bx +je short loc_fffae97f ; je 0xfffae97f +mov eax, 0x9c40 +cdq +idiv ebx +mov ecx, eax +mov eax, 0x30d40 +cdq +idiv ebx +jmp short loc_fffae989 ; jmp 0xfffae989 + +loc_fffae97f: ; not directly referenced +mov eax, 0xff +mov ecx, 0xff + +loc_fffae989: ; not directly referenced +mov ebx, ecx +movzx ecx, cl +mov edx, dword [ebp - 0x50] +shl ebx, 8 +and ebx, 0xff00 +shl ecx, 0x10 +shl eax, 0x18 +or ecx, ebx +or ecx, eax +or ecx, 2 + +loc_fffae9a7: ; not directly referenced +mov eax, dword [ebp - 0x4c] +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffae9af: ; not directly referenced +inc dword [ebp - 0x58] +add dword [ebp - 0x5c], 0x400 +add dword [ebp - 0x50], 4 +cmp dword [ebp - 0x58], 2 +jne loc_fffae59a ; jne 0xfffae59a +mov edx, dword [ebp - 0xac] +mov ecx, 2 +mov eax, dword [ebp - 0x4c] +call fcn_fffadf2d ; call 0xfffadf2d +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffae9e2: ; not directly referenced +push ebp +movzx edx, dl +mov ebp, esp +push edi +push esi +mov esi, ecx +push ebx +mov ecx, 0xb +sub esp, 0x4c +mov ebx, eax +lea edi, [ebp - 0x44] +xor eax, eax +rep stosd ; rep stosd dword es:[edi], eax +lea eax, [ebp - 0x4f] +push 0 +push 0 +push 0 +push eax +movzx eax, byte [ebp + 8] +mov word [ebp - 0x36], 0x3ff +mov dword [ebp - 0x30], 0x20 +push eax +lea eax, [ebp - 0x44] +push eax +mov eax, ebx +push esi +push 0x80 +mov word [ebp - 0x20], 1 +mov word [ebp - 0x1a], 1 +mov word [ebp - 0x4f], 4 +mov dword [ebp - 0x4d], 0 +mov dword [ebp - 0x49], 7 +mov byte [ebp - 0x45], 0 +call fcn_fffae425 ; call 0xfffae425 +lea edx, [esi - 7] +add esp, 0x20 +mov al, 1 +test dl, dl +cmovg eax, edx +mov byte [ebx + 0x248d], al +mov byte [ebx + 0x248c], 0 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffaea71: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, ref_fffd38bc ; mov esi, 0xfffd38bc +push ebx +mov ebx, eax +sub esp, 0x5c +mov edi, dword [ebp + 8] +mov eax, edx +mov dword [ebp - 0x5c], edx +mov edx, dword [ebp + 0xc] +mov dword [ebp - 0x60], ecx +mov ecx, 0xb +mov word [ebp - 0x4f], 4 +mov dword [ebp - 0x64], edi +lea edi, [ebp - 0x44] +mov dword [ebp - 0x4d], 0 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov esi, 1 +mov dword [ebp - 0x49], 9 +mov byte [ebp - 0x45], 2 +test al, 1 +je short loc_fffaead8 ; je 0xfffaead8 +mov al, dl +and al, byte [ebx + 0x381b] +mov dword [ebp - 0x68], edx +movzx eax, al +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x68] +test al, al +cmovne esi, eax + +loc_fffaead8: ; not directly referenced +test byte [ebp - 0x5c], 2 +je short loc_fffaeaf3 ; je 0xfffaeaf3 +and dl, byte [ebx + 0x4bde] +movzx eax, dl +call fcn_fffb38d9 ; call 0xfffb38d9 +mov ecx, esi +cmp cl, al +cmovb esi, eax + +loc_fffaeaf3: ; not directly referenced +cmp dword [ebx + 0x2481], 1 +je short loc_fffaeb0e ; je 0xfffaeb0e +mov ecx, esi +mov al, 4 +cmp cl, 4 +cmovbe eax, esi +movzx eax, al +shl eax, 5 +jmp short loc_fffaeb13 ; jmp 0xfffaeb13 + +loc_fffaeb0e: ; not directly referenced +mov eax, 0x80 + +loc_fffaeb13: ; not directly referenced +push 0 +mov edi, dword [ebp - 0x60] +movzx eax, ax +push 0 +movzx edx, byte [ebp - 0x5c] +push 1 +lea ecx, [ebp - 0x4f] +push ecx +movzx ecx, byte [ebp - 0x64] +push ecx +lea ecx, [ebp - 0x44] +push ecx +xor ecx, ecx +push edi +push eax +mov eax, ebx +call fcn_fffae425 ; call 0xfffae425 +mov edx, edi +add esp, 0x20 +sub edx, 4 +mov al, 1 +test dl, dl +cmovg eax, edx +mov byte [ebx + 0x248d], al +mov byte [ebx + 0x248c], 2 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi pop ebp ret -fcn_fffaafbd: ; not directly referenced +fcn_fffaeb5f: ; not directly referenced push ebp +mov ecx, 0xb mov ebp, esp +push edi +push ebx +mov ebx, eax +lea edi, [ebp - 0x8c] +xor eax, eax +sub esp, 0x90 +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0x60] +mov word [ebp - 0x82], 0xf +mov word [ebp - 0x66], 1 +mov word [ebp - 0x97], 1 +mov dword [ebp - 0x95], 0 +mov dword [ebp - 0x91], 3 +mov cl, 0xb +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0x34] +mov word [ebp - 0x52], 0x3ff +mov dword [ebp - 0x4c], 0x20 +mov word [ebp - 0x3c], 1 +mov word [ebp - 0x36], 1 +mov byte [ebp - 0x8d], 0 +mov cl, 0xb +rep stosd ; rep stosd dword es:[edi], eax +mov eax, dword [ebx + 0x2481] +mov word [ebp - 0x32], 4 +mov word [ebp - 0x2a], 4 +cmp eax, 3 +je short loc_fffaebfb ; je 0xfffaebfb +dec eax +lea ecx, [ebp - 0x8c] +lea eax, [ebp - 0x60] +cmovne eax, ecx +jmp short loc_fffaebfe ; jmp 0xfffaebfe + +loc_fffaebfb: ; not directly referenced +lea eax, [ebp - 0x34] + +loc_fffaebfe: ; not directly referenced +push 0 +movzx edx, dl +push 0 +push 0 +lea ecx, [ebp - 0x97] +push ecx +mov ecx, 2 +push 0 +push eax +mov eax, ebx +push 0xa +push 0x80 +call fcn_fffae425 ; call 0xfffae425 +add esp, 0x20 +mov byte [ebx + 0x248d], 1 +mov byte [ebx + 0x248c], 0 +lea esp, [ebp - 8] +pop ebx +pop edi pop ebp ret -fcn_fffaafc2: ; not directly referenced +fcn_fffaec3c: ; not directly referenced push ebp +xor eax, eax mov ebp, esp +mov ecx, 0xb +push edi +push esi +push ebx +lea edi, [ebp - 0x1f4] +sub esp, 0x270 +rep stosd ; rep stosd dword es:[edi], eax +mov eax, dword [ebp + 8] +lea edx, [ebp - 0x217] +mov word [ebp - 0x1e6], 0x3ff +mov word [ebp - 0x1ca], 1 +mov word [ebp - 0x1ff], 0x20 +mov esi, dword [eax + 0x5edd] +mov al, byte [eax + 0x248f] +mov dword [ebp - 0x1fd], 0 +mov dword [ebp - 0x1f9], 9 +mov byte [ebp - 0x1f5], 0 +mov byte [ebp - 0x22c], al +mov eax, dword [ebp + 8] +mov al, byte [eax + 0x248e] +mov byte [ebp - 0x230], al +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x18a7] +mov dword [ebp - 0x234], eax +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x188b] +mov dword [ebp - 0x260], eax +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 2 +sete al +movzx eax, al +mov dword [ebp - 0x250], eax +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x2444] +push 1 +push 7 +push edx +call dword [eax + 0x5c] ; ucall +mov eax, dword [ebp + 8] +add esp, 0x10 +mov eax, dword [eax + 0x1887] +cmp eax, 0x40650 +je short loc_fffaed68 ; je 0xfffaed68 +ja short loc_fffaed18 ; ja 0xfffaed18 +cmp eax, 0x306d0 +jmp short loc_fffaed24 ; jmp 0xfffaed24 + +loc_fffaed18: ; not directly referenced +cmp eax, 0x40660 +je short loc_fffaed32 ; je 0xfffaed32 +cmp eax, 0x40670 + +loc_fffaed24: ; not directly referenced +jne short loc_fffaed4d ; jne 0xfffaed4d +mov dword [ebp - 0x248], 0x7f +jmp short loc_fffaed72 ; jmp 0xfffaed72 + +loc_fffaed32: ; not directly referenced +mov dword [ebp - 0x248], 0x3f +mov ebx, 0x19 +mov dword [ebp - 0x240], 0x14 +jmp short loc_fffaed81 ; jmp 0xfffaed81 + +loc_fffaed4d: ; not directly referenced +mov dword [ebp - 0x248], 0x3f +mov ebx, 0x15 +mov dword [ebp - 0x240], 0x10 +jmp short loc_fffaed81 ; jmp 0xfffaed81 + +loc_fffaed68: ; not directly referenced +mov dword [ebp - 0x248], 0x3f + +loc_fffaed72: ; not directly referenced +mov dword [ebp - 0x240], 0x12 +mov ebx, 0x17 + +loc_fffaed81: ; not directly referenced +push 8 +movzx edx, byte [ebp - 0x22c] +mov ecx, 2 +push 0 +push 0 +lea eax, [ebp - 0x1ff] +push eax +push 0 +lea eax, [ebp - 0x1f4] +push eax +mov eax, dword [ebp + 8] +push 7 +push 2 +shl ebx, 0x10 +call fcn_fffae425 ; call 0xfffae425 +lea eax, [esi + 0x1c] +add esp, 0x20 +mov dword [ebp - 0x264], eax +xor esi, esi +mov dword [ebp - 0x22c], eax +mov dword [ebp - 0x238], ebx + +loc_fffaedcc: ; not directly referenced +imul eax, esi, 0x13c3 +mov edi, dword [ebp + 8] +xor ebx, ebx +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffaee75 ; jne 0xfffaee75 + +loc_fffaede5: ; not directly referenced +mov eax, dword [ebp + 8] +cmp bl, byte [eax + 0x2489] +jae short loc_fffaee19 ; jae 0xfffaee19 +mov eax, dword [ebp + 8] +movzx edi, bl +mov edx, esi +mov ecx, edi +inc ebx +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0x22c] +mov ecx, dword [ecx + edi*4 + 0x28] +mov edx, eax +mov eax, dword [ebp + 8] +or ecx, 0x40 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaede5 ; jmp 0xfffaede5 + +loc_fffaee19: ; not directly referenced +mov ecx, 0xff +mov edx, esi +call fcn_fffa7236 ; call 0xfffa7236 +mov edi, eax +mov eax, dword [ebp - 0x22c] +mov ebx, dword [eax] +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 3 +jne short loc_fffaee4a ; jne 0xfffaee4a +and ebx, 0xefffffff +mov edx, edi +mov ecx, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffaee4a: ; not directly referenced +mov eax, dword [ebp + 8] +or ebx, 0x1000004 +mov edx, edi +mov ecx, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 +mov ecx, dword [ebp - 0x238] +mov edx, esi +mov eax, dword [ebp + 8] +shl edx, 0xa +add edx, 0x4028 +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaee75: ; not directly referenced +inc esi +add dword [ebp - 0x22c], 0xcc +cmp esi, 2 +jne loc_fffaedcc ; jne 0xfffaedcc +imul eax, dword [ebp - 0x234], 0x2e +mov dword [ebp - 0x22c], 0 +mov dword [ebp - 0x26c], eax +movzx eax, byte [ebp - 0x230] +mov dword [ebp - 0x274], eax +mov eax, dword [ebp + 8] +add eax, 0x3757 +mov dword [ebp - 0x234], eax + +loc_fffaeebb: ; not directly referenced +mov edi, dword [ebp - 0x22c] +mov esi, dword [ebp - 0x274] +mov eax, edi +bt esi, edi +jb short loc_fffaef02 ; jb 0xfffaef02 + +loc_fffaeece: ; not directly referenced +inc dword [ebp - 0x22c] +cmp dword [ebp - 0x22c], 4 +jne short loc_fffaeebb ; jne 0xfffaeebb +mov eax, dword [ebp + 8] +mov edi, dword [ebp - 0x264] +mov dword [ebp - 0x22c], 0 +add eax, 0x3757 +mov dword [ebp - 0x234], eax +mov esi, eax +jmp near loc_fffaf927 ; jmp 0xfffaf927 + +loc_fffaef02: ; not directly referenced +mov esi, dword [ebp - 0x22c] +and eax, 1 +mov dword [ebp - 0x23c], 1 +mov dword [ebp - 0x238], 0 +mov byte [ebp - 0x254], 0 +mov ecx, esi +shl dword [ebp - 0x23c], cl +mov bl, byte [ebp - 0x23c] +mov dword [ebp - 0x24c], eax +mov byte [ebp - 0x230], bl +mov ebx, esi +shr bl, 1 +movzx esi, bl +mov byte [ebp - 0x265], bl +mov ebx, dword [ebp - 0x234] +mov dword [ebp - 0x244], esi + +loc_fffaef59: ; not directly referenced +mov ecx, dword [ebp - 0x23c] +mov edx, dword [ebp - 0x238] +mov eax, dword [ebp + 8] +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x254], al +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +je loc_fffaf0b2 ; je 0xfffaf0b2 +mov eax, dword [ebp - 0x22c] +mov edx, 0 +mov byte [ebx + eax + 0x1011], 0 +mov eax, dword [ebp + 8] +movzx eax, byte [eax + 0x36e8] +cmp al, 1 +cmovbe eax, edx +cmp dword [ebp - 0x260], 1 +jne short loc_fffaefd1 ; jne 0xfffaefd1 +mov esi, dword [ebp + 8] +cmp dword [esi + 0x36e4], 1 +jne short loc_fffaefc7 ; jne 0xfffaefc7 +imul eax, eax, 0x64 +mov ecx, 0x85 +cdq +idiv ecx + +loc_fffaefc7: ; not directly referenced +cmp al, 2 +lea edx, [eax - 2] +mov al, 0 +cmovae eax, edx + +loc_fffaefd1: ; not directly referenced +mov esi, dword [ebp + 8] +cmp dword [esi + 0x2481], 3 +mov esi, dword [ebp - 0x26c] +movzx esi, word [ebx + esi + 0xa] +jne short loc_fffaf01d ; jne 0xfffaf01d +mov edi, dword [ebp + 8] +movzx edx, al +add esi, esi +mov ecx, 4 +movzx edi, word [edi + 0x248a] +add edi, edi +cmp al, 5 +cmovae ecx, edx +xor edx, edx +lea eax, [edi + 0x157b] +div edi +mov edi, dword [ebp - 0x240] +lea edx, [edi + eax + 1] +add esi, edx +add esi, ecx +jmp short loc_fffaf038 ; jmp 0xfffaf038 + +loc_fffaf01d: ; not directly referenced +add esi, esi +movzx ecx, al +cmp al, 5 +mov eax, dword [ebp - 0x240] +mov edx, 4 +cmovae edx, ecx +lea esi, [eax + esi + 5] +add esi, edx + +loc_fffaf038: ; not directly referenced +mov eax, dword [ebp - 0x248] +mov edi, dword [ebp - 0x22c] +cmp esi, eax +cmova esi, eax +mov eax, dword [ebp - 0x238] +mov ecx, esi +shl eax, 0xa +lea edx, [edi + eax + 0x4024] +mov eax, dword [ebp + 8] +call fcn_fffb335b ; call 0xfffb335b +mov eax, esi +cmp dword [ebp - 0x250], 0 +mov byte [ebx + edi + 0x1015], al +je short loc_fffaf0b2 ; je 0xfffaf0b2 +imul edx, dword [ebp - 0x24c], 0x18 +imul eax, dword [ebp - 0x244], 0x128 +mov ecx, dword [ebp - 0x23c] +add eax, edx +mov ax, word [ebx + eax + 0x1273] +push edx +push edx +mov edx, dword [ebp - 0x238] +or ah, 4 +movzx eax, ax +push eax +mov eax, dword [ebp + 8] +push 4 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 + +loc_fffaf0b2: ; not directly referenced +inc dword [ebp - 0x238] +add ebx, 0x13c3 +cmp dword [ebp - 0x238], 2 +jne loc_fffaef59 ; jne 0xfffaef59 +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x36d8] +cmp eax, 0x320 +je short loc_fffaf116 ; je 0xfffaf116 +cmp eax, 0x42b +ja short loc_fffaf12a ; ja 0xfffaf12a +mov eax, dword [ebp + 8] +mov esi, 0x198 +cmp dword [eax + 0x2481], 3 +mov eax, 0x158 +cmovne eax, esi +mov esi, 0x118 +mov word [ebp - 0x23c], ax +mov eax, 0xd8 +cmovne eax, esi +mov word [ebp - 0x238], ax +jmp short loc_fffaf13c ; jmp 0xfffaf13c + +loc_fffaf116: ; not directly referenced +mov word [ebp - 0x23c], 0x158 +mov word [ebp - 0x238], 0xd8 +jmp short loc_fffaf13c ; jmp 0xfffaf13c + +loc_fffaf12a: ; not directly referenced +mov word [ebp - 0x23c], 0x198 +mov word [ebp - 0x238], 0x118 + +loc_fffaf13c: ; not directly referenced +mov eax, dword [ebp - 0x238] +mov word [ebp - 0x244], ax +movzx eax, word [ebp - 0x23c] +sub eax, 8 +mov dword [ebp - 0x270], eax + +loc_fffaf159: ; not directly referenced +movzx edi, word [ebp - 0x244] +xor ebx, ebx + +loc_fffaf162: ; not directly referenced +imul eax, ebx, 0x13c3 +mov esi, dword [ebp + 8] +mov cl, byte [ebp - 0x230] +test byte [esi + eax + 0x381b], cl +je short loc_fffaf17e ; je 0xfffaf17e +xor esi, esi +jmp short loc_fffaf1c3 ; jmp 0xfffaf1c3 + +loc_fffaf17e: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffaf162 ; jne 0xfffaf162 +movzx eax, byte [ebp - 0x254] +xor ecx, ecx +xor esi, esi +push edi +push 0 +push 1 +mov edx, eax +mov dword [ebp - 0x258], eax +lea eax, [ebp - 0x217] +push eax +mov eax, dword [ebp + 8] +call fcn_fffaa5b3 ; call 0xfffaa5b3 +movzx ebx, word [ebp - 0x244] +add esp, 0x10 +lea eax, [ebx - 8] +mov dword [ebp - 0x25c], eax +jmp near loc_fffaf27a ; jmp 0xfffaf27a + +loc_fffaf1c3: ; not directly referenced +mov ecx, dword [ebp + 8] +mov eax, esi +cmp al, byte [ecx + 0x2489] +jae short loc_fffaf17e ; jae 0xfffaf17e +push eax +mov eax, esi +mov ecx, dword [ebp - 0x22c] +push edi +movzx eax, al +push 0 +mov edx, ebx +push eax +mov eax, dword [ebp + 8] +inc esi +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +jmp short loc_fffaf1c3 ; jmp 0xfffaf1c3 + +loc_fffaf1f0: ; not directly referenced +movzx edi, byte [ebp - 0x24c] +mov edx, esi +mov eax, dword [ebp + 8] +mov ecx, edi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x238] +cmp eax, 0x1f +seta al +movzx eax, al +cmp word [ebp - 0x244], cx +jne loc_fffaf2e4 ; jne 0xfffaf2e4 +test eax, eax +je short loc_fffaf29b ; je 0xfffaf29b +lea eax, [esi + esi*8] +add edi, eax +mov dword [ebp + edi*4 - 0x180], ebx +mov dword [ebp + edi*4 - 0x1c8], ebx +mov dword [ebp + edi*4 - 0xf0], ebx +mov dword [ebp + edi*4 - 0x138], ebx +mov dword [ebp + edi*4 - 0x60], ebx +mov dword [ebp + edi*4 - 0xa8], ebx + +loc_fffaf259: ; not directly referenced +inc byte [ebp - 0x24c] + +loc_fffaf25f: ; not directly referenced +mov edi, dword [ebp + 8] +mov al, byte [ebp - 0x24c] +cmp al, byte [edi + 0x2489] +jb short loc_fffaf1f0 ; jb 0xfffaf1f0 + +loc_fffaf270: ; not directly referenced +inc esi +cmp esi, 2 +je loc_fffaf3ab ; je 0xfffaf3ab + +loc_fffaf27a: ; not directly referenced +imul eax, esi, 0x13c3 +mov edi, dword [ebp + 8] +mov cl, byte [ebp - 0x230] +test byte [edi + eax + 0x381b], cl +je short loc_fffaf270 ; je 0xfffaf270 +mov byte [ebp - 0x24c], 0 +jmp short loc_fffaf25f ; jmp 0xfffaf25f + +loc_fffaf29b: ; not directly referenced +lea eax, [esi + esi*8] +add edi, eax +mov dword [ebp + edi*4 - 0x180], 0xfffffff8 +mov dword [ebp + edi*4 - 0x1c8], 0xfffffff8 +mov dword [ebp + edi*4 - 0xf0], 0xfffffff8 +mov dword [ebp + edi*4 - 0x138], 0xfffffff8 +mov dword [ebp + edi*4 - 0x60], 0xfffffff8 +mov dword [ebp + edi*4 - 0xa8], 0xfffffff8 +jmp near loc_fffaf259 ; jmp 0xfffaf259 + +loc_fffaf2e4: ; not directly referenced +test eax, eax +je loc_fffaf259 ; je 0xfffaf259 +lea eax, [esi + esi*8] +mov ecx, dword [ebp - 0x25c] +add eax, edi +cmp dword [ebp + eax*4 - 0x180], ecx +jne short loc_fffaf307 ; jne 0xfffaf307 +mov dword [ebp + eax*4 - 0x180], ebx + +loc_fffaf307: ; not directly referenced +lea eax, [esi + esi*8] +mov ecx, dword [ebp - 0x25c] +add eax, edi +cmp dword [ebp + eax*4 - 0xf0], ecx +mov dword [ebp + eax*4 - 0xf0], ebx +je short loc_fffaf329 ; je 0xfffaf329 +mov dword [ebp + eax*4 - 0x138], ebx + +loc_fffaf329: ; not directly referenced +cmp ebx, dword [ebp - 0x270] +jl short loc_fffaf378 ; jl 0xfffaf378 +lea eax, [esi + esi*8] +movzx edx, word [ebp - 0x238] +add eax, edi +mov ecx, dword [ebp + eax*4 - 0x1c8] +cmp ecx, edx +jne short loc_fffaf378 ; jne 0xfffaf378 +mov edx, dword [ebp + eax*4 - 0x180] +cmp edx, ebx +je short loc_fffaf378 ; je 0xfffaf378 +mov edi, ebx +sub edi, dword [ebp + eax*4 - 0x138] +mov dword [ebp + eax*4 - 0x60], edx +sub ecx, edi +sub ecx, 8 +mov dword [ebp + eax*4 - 0x1c8], ecx +mov dword [ebp + eax*4 - 0xa8], ecx +jmp near loc_fffaf259 ; jmp 0xfffaf259 + +loc_fffaf378: ; not directly referenced +lea eax, [esi + esi*8] +mov ecx, ebx +add edi, eax +mov edx, dword [ebp + edi*4 - 0x138] +mov eax, dword [ebp + edi*4 - 0x60] +sub eax, dword [ebp + edi*4 - 0xa8] +sub ecx, edx +cmp ecx, eax +jle loc_fffaf259 ; jle 0xfffaf259 +mov dword [ebp + edi*4 - 0xa8], edx +mov dword [ebp + edi*4 - 0x60], ebx +jmp near loc_fffaf259 ; jmp 0xfffaf259 + +loc_fffaf3ab: ; not directly referenced +add word [ebp - 0x244], 8 +mov eax, dword [ebp - 0x23c] +cmp word [ebp - 0x244], ax +jb loc_fffaf159 ; jb 0xfffaf159 +movzx eax, word [ebp - 0x23c] +xor edi, edi +mov ebx, dword [ebp - 0x234] +mov dword [ebp - 0x254], eax +imul eax, dword [ebp - 0x22c], 9 +mov dword [ebp - 0x25c], eax + +loc_fffaf3e8: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +jne short loc_fffaf459 ; jne 0xfffaf459 + +loc_fffaf3f6: ; not directly referenced +inc edi +add ebx, 0x13c3 +cmp edi, 2 +jne short loc_fffaf3e8 ; jne 0xfffaf3e8 +mov eax, dword [ebp + 8] +mov bl, byte [ebp - 0x265] +mov word [ebp - 0x220], 0x1ff +mov word [ebp - 0x21e], 0x1ff +movzx ecx, byte [eax + 0x2489] +mov eax, 1 +shl eax, cl +dec eax +mov word [ebp - 0x244], ax +lea eax, [ebx + ebx] +movzx eax, al +mov dword [ebp - 0x23c], eax +inc eax +mov dword [ebp - 0x238], eax +movzx eax, bl +add eax, 0x4028 +mov dword [ebp - 0x25c], eax +jmp near loc_fffaf572 ; jmp 0xfffaf572 + +loc_fffaf459: ; not directly referenced +lea eax, [edi + edi*8] +mov byte [ebp - 0x238], 0 +mov dword [ebp - 0x24c], eax + +loc_fffaf469: ; not directly referenced +mov esi, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [esi + 0x2489] +jae loc_fffaf3f6 ; jae 0xfffaf3f6 +movzx ecx, byte [ebp - 0x238] +mov eax, dword [ebp - 0x24c] +add eax, ecx +mov esi, dword [ebp + eax*4 - 0x60] +mov eax, dword [ebp + eax*4 - 0xa8] +mov dword [ebp - 0x23c], esi +mov dword [ebp - 0x244], eax +add eax, esi +mov esi, 2 +cdq +idiv esi +mov esi, dword [ebp - 0x23c] +sub esi, dword [ebp - 0x244] +cmp eax, dword [ebp - 0x254] +jle short loc_fffaf4d8 ; jle 0xfffaf4d8 mov edx, dword [ebp + 8] -in eax, dx +cmp byte [edx + 0x1965], 0 +je short loc_fffaf4d8 ; je 0xfffaf4d8 + +loc_fffaf4ce: ; not directly referenced +mov eax, 7 +jmp near loc_fffafdfb ; jmp 0xfffafdfb + +loc_fffaf4d8: ; not directly referenced +sub esi, 0x21 +cmp esi, 0x3e +jbe short loc_fffaf4ec ; jbe 0xfffaf4ec +mov esi, dword [ebp + 8] +cmp byte [esi + 0x1965], 0 +jne short loc_fffaf4ce ; jne 0xfffaf4ce + +loc_fffaf4ec: ; not directly referenced +mov esi, dword [ebp - 0x25c] +lea edx, [ecx + esi + 0xd8] +mov word [ebx + edx*2 + 1], ax +mov eax, dword [ebp + 8] +mov edx, edi +push esi +push 0 +push 0xff +push ecx +mov ecx, dword [ebp - 0x22c] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +inc byte [ebp - 0x238] +jmp near loc_fffaf469 ; jmp 0xfffaf469 + +loc_fffaf525: ; not directly referenced +push ebx +mov edx, dword [ebp - 0x258] +xor ecx, ecx +push 0 +xor ebx, ebx +push 1 +lea eax, [ebp - 0x217] +push eax +mov eax, dword [ebp + 8] +call fcn_fffaa5b3 ; call 0xfffaa5b3 +mov esi, dword [ebp - 0x234] +add esp, 0x10 + +loc_fffaf54c: ; not directly referenced +mov al, byte [ebp - 0x230] +xor edi, edi +mov word [ebp + ebx*2 - 0x220], 0 +test byte [esi + 0xc4], al +jne short loc_fffaf5b7 ; jne 0xfffaf5b7 + +loc_fffaf566: ; not directly referenced +inc ebx +add esi, 0x13c3 +cmp ebx, 2 +jne short loc_fffaf54c ; jne 0xfffaf54c + +loc_fffaf572: ; not directly referenced +cmp word [ebp - 0x220], 0 +je loc_fffaf6bf ; je 0xfffaf6bf +jmp short loc_fffaf525 ; jmp 0xfffaf525 + +loc_fffaf582: ; not directly referenced +mov eax, edi +mov edx, ebx +movzx ecx, al +mov eax, dword [ebp + 8] +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +and eax, 0x1ff +cmp eax, 0x1f +jle short loc_fffaf5b6 ; jle 0xfffaf5b6 +mov eax, 1 +mov ecx, edi +shl eax, cl +or word [ebp + ebx*2 - 0x220], ax + +loc_fffaf5b6: ; not directly referenced +inc edi + +loc_fffaf5b7: ; not directly referenced +mov ecx, dword [ebp + 8] +mov eax, edi +cmp al, byte [ecx + 0x2489] +jb short loc_fffaf582 ; jb 0xfffaf582 +mov dx, word [ebp + ebx*2 - 0x220] +cmp dx, word [ebp - 0x244] +je short loc_fffaf5ef ; je 0xfffaf5ef + +loc_fffaf5d5: ; not directly referenced +movzx eax, dx +xor edi, edi +mov dword [ebp - 0x24c], eax +imul eax, dword [ebp - 0x22c], 9 +mov dword [ebp - 0x254], eax +jmp short loc_fffaf65a ; jmp 0xfffaf65a + +loc_fffaf5ef: ; not directly referenced +mov eax, dword [ebp - 0x22c] +mov al, byte [esi + eax + 0x1011] +cmp al, 0xd +ja short loc_fffaf5d5 ; ja 0xfffaf5d5 +mov edi, dword [ebp - 0x22c] +add eax, 2 +mov edx, ebx +shl edx, 0xa +add edx, dword [ebp - 0x25c] +mov byte [esi + edi + 0x1011], al +mov eax, dword [ebp - 0x238] +movzx ecx, byte [esi + eax + 0x1011] +mov eax, dword [ebp - 0x23c] +shl ecx, 4 +add cl, byte [esi + eax + 0x1011] +mov eax, dword [ebp + 8] +movzx ecx, cl +call fcn_fffb335b ; call 0xfffb335b +jmp near loc_fffaf566 ; jmp 0xfffaf566 + +loc_fffaf649: ; not directly referenced +mov ecx, dword [ebp - 0x24c] +mov eax, edi +movzx eax, al +bt ecx, edi +jb short loc_fffaf66c ; jb 0xfffaf66c + +loc_fffaf659: ; not directly referenced +inc edi + +loc_fffaf65a: ; not directly referenced +mov ecx, dword [ebp + 8] +mov eax, edi +cmp al, byte [ecx + 0x2489] +jb short loc_fffaf649 ; jb 0xfffaf649 +jmp near loc_fffaf566 ; jmp 0xfffaf566 + +loc_fffaf66c: ; not directly referenced +mov ecx, dword [ebp - 0x254] +lea edx, [eax + ecx] +lea edx, [esi + edx*2] +mov cx, word [edx + 0x1b1] +cmp cx, 0x7f +jbe short loc_fffaf691 ; jbe 0xfffaf691 +add ecx, 0xffffff80 +mov word [edx + 0x1b1], cx +jmp short loc_fffaf6a1 ; jmp 0xfffaf6a1 + +loc_fffaf691: ; not directly referenced +mov ecx, dword [ebp + 8] +cmp byte [ecx + 0x1965], 0 +jne loc_fffaf4ce ; jne 0xfffaf4ce + +loc_fffaf6a1: ; not directly referenced +push ecx +mov ecx, dword [ebp - 0x22c] +mov edx, ebx +push 0 +push 0xff +push eax +mov eax, dword [ebp + 8] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +jmp short loc_fffaf659 ; jmp 0xfffaf659 + +loc_fffaf6bf: ; not directly referenced +cmp word [ebp - 0x21e], 0 +jne loc_fffaf525 ; jne 0xfffaf525 +mov ebx, dword [ebp - 0x234] +xor esi, esi +imul edi, dword [ebp - 0x22c], 9 + +loc_fffaf6dc: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +jne short loc_fffaf721 ; jne 0xfffaf721 + +loc_fffaf6ea: ; not directly referenced +inc esi +add ebx, 0x13c3 +cmp esi, 2 +jne short loc_fffaf6dc ; jne 0xfffaf6dc +imul eax, dword [ebp - 0x22c], 9 +mov word [ebp - 0x220], 0 +mov word [ebp - 0x21e], 0 +mov byte [ebp - 0x254], 0x40 +mov dword [ebp - 0x25c], eax +jmp near loc_fffaf7cd ; jmp 0xfffaf7cd + +loc_fffaf721: ; not directly referenced +mov byte [ebp - 0x238], 0 + +loc_fffaf728: ; not directly referenced +mov edx, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [edx + 0x2489] +jae short loc_fffaf6ea ; jae 0xfffaf6ea +movzx eax, byte [ebp - 0x238] +mov ecx, dword [ebp - 0x22c] +lea edx, [eax + edi] +add edx, edx +add word [ebx + edx + 0x1b1], 0x40 +push edx +mov edx, esi +push 0 +push 0xff +push eax +mov eax, dword [ebp + 8] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +inc byte [ebp - 0x238] +jmp short loc_fffaf728 ; jmp 0xfffaf728 + +loc_fffaf772: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [esi + 0xc4], al +je short loc_fffaf7ab ; je 0xfffaf7ab +mov byte [ebp - 0x238], 0 + +loc_fffaf787: ; not directly referenced +mov ecx, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [ecx + 0x2489] +jb short loc_fffaf7fe ; jb 0xfffaf7fe +mov eax, dword [ebp - 0x244] +cmp word [ebp + ebx*2 - 0x220], ax +mov al, 0 +cmovne edi, eax + +loc_fffaf7ab: ; not directly referenced +inc ebx +add esi, 0x13c3 +cmp ebx, 2 +jne short loc_fffaf772 ; jne 0xfffaf772 +mov eax, edi +test al, al +jne loc_fffaf8a8 ; jne 0xfffaf8a8 +dec byte [ebp - 0x254] +je loc_fffaf898 ; je 0xfffaf898 + +loc_fffaf7cd: ; not directly referenced +push eax +mov edx, dword [ebp - 0x258] +xor ecx, ecx +push 0 +xor ebx, ebx +push 1 +mov edi, 1 +lea eax, [ebp - 0x217] +push eax +mov eax, dword [ebp + 8] +call fcn_fffaa5b3 ; call 0xfffaa5b3 +add esp, 0x10 +mov esi, dword [ebp - 0x234] +jmp near loc_fffaf772 ; jmp 0xfffaf772 + +loc_fffaf7fe: ; not directly referenced +movzx eax, word [ebp + ebx*2 - 0x220] +mov cl, byte [ebp - 0x238] +mov word [ebp - 0x24c], ax +movzx edx, cl +bt eax, ecx +mov dword [ebp - 0x23c], edx +jb short loc_fffaf88d ; jb 0xfffaf88d +mov eax, dword [ebp + 8] +mov ecx, edx +mov edx, ebx +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +cmp eax, 0x1f +jbe short loc_fffaf859 ; jbe 0xfffaf859 +mov cl, byte [ebp - 0x23c] +mov eax, 1 +shl eax, cl +or eax, dword [ebp - 0x24c] +mov word [ebp + ebx*2 - 0x220], ax +jmp short loc_fffaf88d ; jmp 0xfffaf88d + +loc_fffaf859: ; not directly referenced +mov ecx, dword [ebp - 0x23c] +mov edx, dword [ebp - 0x25c] +mov eax, ecx +add eax, edx +mov edx, ebx +inc word [esi + eax*2 + 0x1b1] +push eax +mov eax, dword [ebp + 8] +push 0 +push 0xff +push ecx +mov ecx, dword [ebp - 0x22c] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 + +loc_fffaf88d: ; not directly referenced +inc byte [ebp - 0x238] +jmp near loc_fffaf787 ; jmp 0xfffaf787 + +loc_fffaf898: ; not directly referenced +mov eax, dword [ebp + 8] +cmp byte [eax + 0x1965], 0 +jne loc_fffaf4ce ; jne 0xfffaf4ce + +loc_fffaf8a8: ; not directly referenced +mov ebx, dword [ebp - 0x234] +xor esi, esi +imul edi, dword [ebp - 0x22c], 9 + +loc_fffaf8b7: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +jne short loc_fffaf8d6 ; jne 0xfffaf8d6 + +loc_fffaf8c5: ; not directly referenced +inc esi +add ebx, 0x13c3 +cmp esi, 2 +jne short loc_fffaf8b7 ; jne 0xfffaf8b7 +jmp near loc_fffaeece ; jmp 0xfffaeece + +loc_fffaf8d6: ; not directly referenced +mov byte [ebp - 0x238], 0 + +loc_fffaf8dd: ; not directly referenced +mov ecx, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [ecx + 0x2489] +jae short loc_fffaf8c5 ; jae 0xfffaf8c5 +movzx eax, byte [ebp - 0x238] +lea edx, [eax + edi] +add edx, edx +sub word [ebx + edx + 0x1b1], 0x40 +mov edx, esi +push ecx +mov ecx, dword [ebp - 0x22c] +push 0 +push 0xff +push eax +mov eax, dword [ebp + 8] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +inc byte [ebp - 0x238] +jmp short loc_fffaf8dd ; jmp 0xfffaf8dd + +loc_fffaf927: ; not directly referenced +cmp dword [esi], 2 +je short loc_fffaf966 ; je 0xfffaf966 + +loc_fffaf92c: ; not directly referenced +inc dword [ebp - 0x22c] +add esi, 0x13c3 +add edi, 0xcc +cmp dword [ebp - 0x22c], 2 +jne short loc_fffaf927 ; jne 0xfffaf927 +mov eax, dword [ebp + 8] +call fcn_fffaa4a9 ; call 0xfffaa4a9 +mov edi, dword [ebp - 0x234] +mov dword [ebp - 0x22c], 0 +mov ebx, eax +jmp near loc_fffafa4f ; jmp 0xfffafa4f + +loc_fffaf966: ; not directly referenced +mov edx, dword [ebp - 0x22c] +mov ecx, 0xff +mov eax, dword [ebp + 8] +call fcn_fffa7236 ; call 0xfffa7236 +mov ebx, dword [edi] +mov dword [ebp - 0x230], eax +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 3 +jne short loc_fffaf9a0 ; jne 0xfffaf9a0 +mov edx, dword [ebp - 0x230] +and ebx, 0xefffffff +mov ecx, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffaf9a0: ; not directly referenced +mov ecx, dword [edi] +xor ebx, ebx +mov edx, dword [ebp - 0x230] +mov eax, dword [ebp + 8] +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffaf9b2: ; not directly referenced +mov eax, dword [ebp + 8] +cmp bl, byte [eax + 0x2489] +jae short loc_fffaf9ed ; jae 0xfffaf9ed +movzx eax, bl +mov edx, dword [ebp - 0x22c] +inc ebx +mov ecx, eax +mov dword [ebp - 0x230], eax +mov eax, dword [ebp + 8] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0x230] +mov ecx, dword [edi + ecx*4 + 0x28] +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaf9b2 ; jmp 0xfffaf9b2 + +loc_fffaf9ed: ; not directly referenced +cmp dword [ebp - 0x250], 0 +je loc_fffaf92c ; je 0xfffaf92c +xor ebx, ebx + +loc_fffaf9fc: ; not directly referenced +mov eax, 1 +mov cl, bl +shl eax, cl +test byte [esi + 0xc4], al +je short loc_fffafa44 ; je 0xfffafa44 +push edx +mov ecx, ebx +push edx +mov dl, bl +shr dl, 1 +and ecx, 1 +movzx edx, dl +imul ecx, ecx, 0x18 +imul edx, edx, 0x128 +add edx, ecx +mov ecx, eax +mov eax, dword [ebp + 8] +movzx edx, word [esi + edx + 0x1273] +push edx +mov edx, dword [ebp - 0x22c] +push 4 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 + +loc_fffafa44: ; not directly referenced +inc ebx +cmp ebx, 4 +jne short loc_fffaf9fc ; jne 0xfffaf9fc +jmp near loc_fffaf92c ; jmp 0xfffaf92c + +loc_fffafa4f: ; not directly referenced +cmp dword [edi], 2 +jne loc_fffafde0 ; jne 0xfffafde0 +mov eax, dword [ebp + 8] +mov ebx, dword [eax + 0x2444] +lea eax, [ebp - 0x210] +push ecx +push 0xf000 +push 4 +push eax +call dword [ebx + 0x60] ; ucall +add esp, 0xc +push 0x1000 +push 4 +lea eax, [ebp - 0x208] +push eax +call dword [ebx + 0x60] ; ucall +add esp, 0xc +push 0 +push 4 +lea eax, [ebp - 0x21b] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0x10 +mov ebx, 2 +cmp dword [edi], 2 +jne loc_fffafde0 ; jne 0xfffafde0 +xor ecx, ecx +mov esi, 0x1000 +mov word [ebp - 0x230], 0xf000 + +loc_fffafab9: ; not directly referenced +mov ebx, 0xf +bt ebx, ecx +jae loc_fffafb5e ; jae 0xfffafb5e +mov edx, 1 +shl edx, cl +test byte [edi + 0xc4], dl +je loc_fffafb5e ; je 0xfffafb5e +mov ebx, dword [ebp + 8] +imul edx, ecx, 0x12 +mov bl, byte [ebx + 0x2489] +mov byte [ebp - 0x234], bl +lea ebx, [edi + edx] +xor edx, edx +mov eax, ebx + +loc_fffafaf3: ; not directly referenced +cmp byte [ebp - 0x234], dl +jbe short loc_fffafb35 ; jbe 0xfffafb35 +movzx ebx, byte [edi + ecx + 0x1011] +imul ebx, ebx, 0xffffffc0 +add bx, word [eax + edx*2 + 0x1b1] +cmp word [ebp + ecx*2 - 0x210], bx +jge short loc_fffafb20 ; jge 0xfffafb20 +mov word [ebp + ecx*2 - 0x210], bx + +loc_fffafb20: ; not directly referenced +cmp word [ebp + ecx*2 - 0x208], bx +jle short loc_fffafb32 ; jle 0xfffafb32 +mov word [ebp + ecx*2 - 0x208], bx + +loc_fffafb32: ; not directly referenced +inc edx +jmp short loc_fffafaf3 ; jmp 0xfffafaf3 + +loc_fffafb35: ; not directly referenced +mov eax, dword [ebp - 0x230] +mov dx, word [ebp + ecx*2 - 0x210] +cmp ax, dx +cmovge edx, eax +mov word [ebp - 0x230], dx +movsx edx, word [ebp + ecx*2 - 0x208] +cmp si, dx +cmovg esi, edx + +loc_fffafb5e: ; not directly referenced +inc ecx +cmp ecx, 4 +jne loc_fffafab9 ; jne 0xfffafab9 +movsx eax, word [ebp - 0x230] +mov cl, 2 +xor ebx, ebx +add eax, esi +xor esi, esi +cdq +idiv ecx +mov cl, 0x40 +neg eax +add eax, 0x160 +cdq +idiv ecx +mov dword [ebp - 0x240], eax +mov byte [ebp - 0x23c], al +cbw +mov word [ebp - 0x234], ax +shl word [ebp - 0x234], 6 + +loc_fffafba3: ; not directly referenced +mov eax, 0xf +bt eax, ebx +jae loc_fffafce6 ; jae 0xfffafce6 +mov al, 1 +mov cl, bl +shl eax, cl +test byte [edi + 0xc4], al +je loc_fffafce6 ; je 0xfffafce6 +mov al, byte [ebp - 0x23c] +mov byte [ebp + ebx - 0x21b], al +mov eax, dword [ebp - 0x234] +add ax, word [ebp + ebx*2 - 0x208] +cmp ax, 0x3f +jg short loc_fffafbfe ; jg 0xfffafbfe +movsx edx, ax +mov eax, 0x7f +sub eax, edx +sar eax, 6 +add eax, dword [ebp - 0x240] +mov byte [ebp + ebx - 0x21b], al + +loc_fffafbfe: ; not directly referenced +mov dl, byte [ebp + ebx - 0x21b] +movsx ax, dl +shl eax, 6 +add ax, word [ebp + ebx*2 - 0x210] +cwde +cmp eax, 0x1bf +jle short loc_fffafc2d ; jle 0xfffafc2d +sub eax, 0x180 +sar eax, 6 +sub edx, eax +mov byte [ebp + ebx - 0x21b], dl + +loc_fffafc2d: ; not directly referenced +mov al, byte [ebp + ebx - 0x21b] +mov ecx, esi +movsx ecx, cl +movsx edx, al +mov byte [ebp - 0x230], al +mov eax, edx +sub eax, ecx +mov cl, byte [ebp - 0x230] +sub ecx, 0xe +cmp eax, 0xf +mov al, byte [ebp - 0x230] +cmovge esi, ecx +mov ecx, esi +movsx ecx, cl +sub edx, ecx +test edx, edx +lea ecx, [eax - 1] +cmovle esi, ecx +sub al, byte [edi + ebx + 0x1011] +mov byte [ebp - 0x230], 0 +cbw +mov word [ebp - 0x238], ax +lea eax, [ebx + ebx*8] +shl word [ebp - 0x238], 6 +mov dword [ebp - 0x244], eax + +loc_fffafc92: ; not directly referenced +mov edx, dword [ebp + 8] +mov al, byte [ebp - 0x230] +cmp al, byte [edx + 0x2489] +jae short loc_fffafce6 ; jae 0xfffafce6 +movzx eax, byte [ebp - 0x230] +mov edx, dword [ebp - 0x244] +mov ecx, dword [ebp - 0x238] +add edx, eax +add edx, edx +add word [edi + edx + 0x1b1], cx +mov ecx, ebx +push edx +mov edx, dword [ebp - 0x22c] +push 0 +push 0xff +push eax +mov eax, dword [ebp + 8] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +inc byte [ebp - 0x230] +jmp short loc_fffafc92 ; jmp 0xfffafc92 + +loc_fffafce6: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffafba3 ; jne 0xfffafba3 +mov eax, dword [ebp - 0x22c] +mov ebx, esi +shl eax, 0xa +add eax, 0x4028 +mov dword [ebp - 0x234], eax +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +test bl, bl +jns short loc_fffafd34 ; jns 0xfffafd34 +mov edx, eax +mov ecx, esi +shr edx, 0x10 +neg ecx +and edx, 0x3f +movzx ecx, cl +cmp edx, ecx +mov ebx, 7 +mov edx, 0 +cmovge ebx, edx +jmp short loc_fffafd55 ; jmp 0xfffafd55 + +loc_fffafd34: ; not directly referenced +je short loc_fffafd53 ; je 0xfffafd53 +mov edx, eax +mov ebx, esi +shr edx, 0x10 +movsx ecx, bl +not edx +xor ebx, ebx +and edx, 0x3f +cmp ecx, edx +mov edx, 7 +cmovg ebx, edx +jmp short loc_fffafd55 ; jmp 0xfffafd55 + +loc_fffafd53: ; not directly referenced +xor ebx, ebx + +loc_fffafd55: ; not directly referenced +mov edx, eax +and eax, 0xffc00000 +shr edx, 0x10 +add edx, esi +and edx, 0x3f +mov ecx, edx +shl ecx, 0x10 +mov dword [ebp - 0x230], eax +or dword [ebp - 0x230], ecx +mov dword [edi + 0x1019], edx +xor edx, edx + +loc_fffafd7d: ; not directly referenced +mov eax, 0xf +bt eax, edx +jae short loc_fffafda7 ; jae 0xfffafda7 +mov al, 1 +mov cl, dl +shl eax, cl +test byte [edi + 0xc4], al +je short loc_fffafda7 ; je 0xfffafda7 +mov cl, byte [ebp + edx - 0x21b] +mov eax, esi +sub ecx, eax +mov byte [edi + edx + 0x1011], cl + +loc_fffafda7: ; not directly referenced +mov cl, byte [edi + edx + 0x1011] +mov eax, ecx +and eax, 0xf +lea ecx, [edx*4] +inc edx +shl eax, cl +or eax, dword [ebp - 0x230] +cmp edx, 4 +je short loc_fffafdd0 ; je 0xfffafdd0 +mov dword [ebp - 0x230], eax +jmp short loc_fffafd7d ; jmp 0xfffafd7d + +loc_fffafdd0: ; not directly referenced +mov ecx, eax +mov edx, dword [ebp - 0x234] +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffafde0: ; not directly referenced +inc dword [ebp - 0x22c] +add edi, 0x13c3 +cmp dword [ebp - 0x22c], 2 +jne loc_fffafa4f ; jne 0xfffafa4f +mov eax, ebx + +loc_fffafdfb: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffafe03: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, ecx +push esi +mov esi, eax +push ebx +sub esp, 0x50 +mov al, byte [ecx + 0x539] +push 0 +push 5 +mov bl, al +mov eax, dword [esi + 0x2444] +mov byte [ebp - 0x2d], dl +lea edx, [ebp - 0x1d] +push edx +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +mov al, 0 +cmp dword [ebp + 0xc], 0 +cmovne ebx, eax +xor eax, eax +mov byte [ebp - 0x2e], bl + +loc_fffafe3d: ; not directly referenced +cmp byte [ebp - 0x2e], al +jbe short loc_fffafe60 ; jbe 0xfffafe60 +movzx edx, byte [edi + eax + 0x534] +xor ecx, ecx +cmp dl, 5 +ja short loc_fffafe58 ; ja 0xfffafe58 +movzx ecx, byte [edx + ref_fffd38e8] ; movzx ecx, byte [edx - 0x2c718] + +loc_fffafe58: ; not directly referenced +mov byte [ebp + ecx - 0x1d], 1 +inc eax +jmp short loc_fffafe3d ; jmp 0xfffafe3d + +loc_fffafe60: ; not directly referenced +cmp dword [ebp + 8], 0 +jne short loc_fffafe7e ; jne 0xfffafe7e +movzx ecx, byte [edi + 8] +sub esp, 0xc +xor edx, edx +push 1 +mov eax, esi +call fcn_fffa8377 ; call 0xfffa8377 +add esp, 0x10 +mov dword [edi + 9], eax + +loc_fffafe7e: ; not directly referenced +lea eax, [esi + 0x3757] +mov ebx, edi +mov dword [ebp - 0x34], eax +movzx eax, byte [ebp - 0x2d] +mov dword [ebp - 0x2c], 0 +mov dword [ebp - 0x50], eax + +loc_fffafe97: ; not directly referenced +mov eax, dword [ebp - 0x34] +cmp dword [eax], 2 +je short loc_fffafeba ; je 0xfffafeba + +loc_fffafe9f: ; not directly referenced +inc dword [ebp - 0x2c] +add ebx, 2 +add dword [ebp - 0x34], 0x13c3 +cmp dword [ebp - 0x2c], 2 +jne short loc_fffafe97 ; jne 0xfffafe97 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +loc_fffafeba: ; not directly referenced +mov eax, dword [ebp - 0x50] +mov ecx, dword [ebp - 0x2c] +bt eax, ecx +jae short loc_fffafe9f ; jae 0xfffafe9f +mov eax, dword [ebp - 0x34] +mov byte [ebp - 0x2d], 1 +cmp dword [eax + 0xc0], 1 +jne short loc_fffafee4 ; jne 0xfffafee4 +mov al, byte [ebx + 4] +mov byte [ebp - 0x2d], 0 +mov byte [ebx], al +mov al, byte [ebx + 5] +mov byte [ebx + 1], al + +loc_fffafee4: ; not directly referenced +mov eax, dword [esi + 0x1887] +cmp eax, 0x306d0 +sete dl +cmp eax, 0x40650 +sete al +or dl, al +je short loc_fffaff0d ; je 0xfffaff0d +mov byte [ebx], 0 +mov byte [ebx + 1], 0 +mov byte [ebx + 5], 0 +mov byte [ebp - 0x2d], 1 + +loc_fffaff0d: ; not directly referenced +mov dl, byte [ebx + 4] +mov ecx, 3 +push 1 +mov al, dl +movzx edx, byte [ebx] +mul byte [ebp - 0x2d] +shl eax, 4 +add eax, edx +mov edx, dword [ebp - 0x2c] +movzx eax, ax +push eax +mov eax, esi +push 7 +push 0 +call fcn_fffa972b ; call 0xfffa972b +mov dl, byte [ebx + 5] +mov ecx, 0xc +mov al, byte [ebp - 0x2d] +push 1 +mul dl +movzx edx, byte [ebx + 1] +shl eax, 4 +add eax, edx +mov edx, dword [ebp - 0x2c] +movzx eax, ax +push eax +mov eax, esi +push 7 +push 0 +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x20 +cmp byte [ebp - 0x2e], 0 +je loc_fffafe9f ; je 0xfffafe9f +imul eax, dword [ebp - 0x2c], 9 +mov byte [ebp - 0x2d], 0 +mov dword [ebp - 0x4c], eax +mov dword [ebp - 0x48], eax + +loc_fffaff7b: ; not directly referenced +mov al, byte [ebp - 0x2d] +cmp al, byte [esi + 0x2489] +jae loc_fffafe9f ; jae 0xfffafe9f +cmp byte [ebp - 0x1d], 0 +je short loc_fffaffb8 ; je 0xfffaffb8 +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x48] +push 1 +lea edx, [eax + ecx + 0x28] +mov ecx, 0xf +movsx edx, word [edi + edx*2 + 7] +push edx +mov edx, dword [ebp - 0x2c] +push 6 +push eax +mov eax, esi +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 + +loc_fffaffb8: ; not directly referenced +cmp byte [ebp - 0x1c], 0 +je short loc_fffaffe9 ; je 0xfffaffe9 +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x48] +push 1 +lea edx, [eax + ecx + 0xa4] +mov ecx, 0xf +movsx edx, word [edi + edx*2 + 7] +push edx +mov edx, dword [ebp - 0x2c] +push 0 +push eax +mov eax, esi +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 + +loc_fffaffe9: ; not directly referenced +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x4c] +mov dword [ebp - 0x40], 0 +mov dword [ebp - 0x44], eax +lea edx, [eax + ecx] +lea edx, [edx + edx + 0x33f] +lea ecx, [edi + edx] +mov dword [ebp - 0x3c], ecx + +loc_fffb000a: ; not directly referenced +mov cl, byte [ebp - 0x40] +mov dword [ebp - 0x38], 1 +shl dword [ebp - 0x38], cl +mov ecx, dword [ebp - 0x34] +mov al, byte [ebp - 0x38] +test byte [ecx + 0xc4], al +je short loc_fffb0071 ; je 0xfffb0071 +cmp byte [ebp - 0x1b], 0 +je short loc_fffb004d ; je 0xfffb004d +mov eax, dword [ebp - 0x3c] +push 1 +mov ecx, dword [ebp - 0x38] +mov edx, dword [ebp - 0x2c] +movsx eax, word [eax - 0xf8] +push eax +mov eax, esi +push 5 +push dword [ebp - 0x44] +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 + +loc_fffb004d: ; not directly referenced +cmp byte [ebp - 0x1a], 0 +je short loc_fffb0071 ; je 0xfffb0071 +mov eax, dword [ebp - 0x3c] +push 1 +mov ecx, dword [ebp - 0x38] +mov edx, dword [ebp - 0x2c] +movsx eax, word [eax] +push eax +mov eax, esi +push 4 +push dword [ebp - 0x44] +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 + +loc_fffb0071: ; not directly referenced +inc dword [ebp - 0x40] +add dword [ebp - 0x3c], 0x3e +cmp dword [ebp - 0x40], 4 +jne short loc_fffb000a ; jne 0xfffb000a +inc byte [ebp - 0x2d] +jmp near loc_fffaff7b ; jmp 0xfffaff7b + +fcn_fffb0086: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0xc] +mov edx, dword [ebp + 8] +out dx, eax +pop ebp +ret + +fcn_fffb0092: ; not directly referenced +push ebp +xor eax, eax +mov ebp, esp +xor edx, edx +pop ebp +ret + +fcn_fffb009b: ; not directly referenced +push ebp +mov ebp, esp +pop ebp +ret + +fcn_fffb00a0: ; not directly referenced +push ebp +mov ebp, esp +mov edx, dword [ebp + 8] +in ax, dx pop ebp ret -fcn_fffaafcb: ; not directly referenced +fcn_fffb00aa: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_fffaafc2 ; jmp 0xfffaafc2 +jmp near fcn_fffb00a0 ; jmp 0xfffb00a0 -fcn_fffaafda: ; not directly referenced +fcn_fffb00b9: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] -out dx, eax +out dx, ax pop ebp ret -fcn_fffaafe6: ; not directly referenced +fcn_fffb00c6: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 0x18] +movzx eax, word [ebp + 0x18] mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_fffaafda ; jmp 0xfffaafda +jmp near fcn_fffb00b9 ; jmp 0xfffb00b9 -fcn_fffaaffb: ; not directly referenced +fcn_fffb00dc: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 8] -mov dl, al -mov cl, al -sar dl, 7 -and eax, 0x7f -sar cl, 7 -and edx, 2 -and ecx, 2 -add edx, 0x74 -add ecx, 0x75 -movzx edx, dl -out dx, al -movzx edx, cl -in al, dx +mov edx, dword [ebp + 8] +in eax, dx pop ebp ret -fcn_fffab024: ; not directly referenced +fcn_fffb00e5: ; not directly referenced push ebp mov ebp, esp -mov edx, dword [ebp + 0x10] -in al, dx +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax pop ebp -ret +jmp near fcn_fffb00dc ; jmp 0xfffb00dc -fcn_fffab02d: ; not directly referenced +fcn_fffb00f4: +mov eax, dword [0xff7d0270] push ebp mov ebp, esp -mov edx, dword [ebp + 0x10] -mov eax, dword [ebp + 0x18] -out dx, al +lea edx, [eax + 4] +mov eax, dword [ebp + 0xc] +mov dword [eax], edx +xor eax, eax pop ebp ret -fcn_fffab039: ; not directly referenced +fcn_fffb0108: ; not directly referenced push ebp mov edx, 0x186a0 mov ebp, esp @@ -14588,36 +21491,36 @@ xor eax, eax push ebx sub esp, 0x10 -loc_fffab047: ; not directly referenced +loc_fffb0116: ; not directly referenced test eax, eax sete bl test edx, edx setne cl test bl, cl -je short loc_fffab064 ; je 0xfffab064 +je short loc_fffb0133 ; je 0xfffb0133 clc -loc_fffab056: ; not directly referenced +loc_fffb0125: ; not directly referenced rdrand eax mov dword [ebp - 8], eax -jae short loc_fffab056 ; jae 0xfffab056 +jae short loc_fffb0125 ; jae 0xfffb0125 mov eax, dword [ebp - 8] dec edx -jmp short loc_fffab047 ; jmp 0xfffab047 +jmp short loc_fffb0116 ; jmp 0xfffb0116 -loc_fffab064: ; not directly referenced +loc_fffb0133: ; not directly referenced add esp, 0x10 pop ebx pop ebp ret -fcn_fffab06a: ; not directly referenced +fcn_fffb0139: ; not directly referenced push ebp mov ebp, esp pop ebp ret -fcn_fffab06f: ; not directly referenced +fcn_fffb013e: ; not directly referenced push ebp mov ebp, esp push eax @@ -14627,7 +21530,7 @@ pop eax pop ebp ret -fcn_fffab07d: +fcn_fffb014c: mov edx, dword [0xff7d026c] xor eax, eax push ebp @@ -14637,9 +21540,9 @@ push esi push ebx imul ebx, edx, 0xc -loc_fffab08e: +loc_fffb015d: cmp edx, 0x13 -ja short loc_fffab0be ; ja 0xfffab0be +ja short loc_fffb018d ; ja 0xfffb018d mov esi, dword [ebp + 0xc] inc edx mov ecx, 3 @@ -14651,331 +21554,99 @@ mov edi, dword [ebp + 0xc] mov ecx, dword [edi + eax] add eax, 0xc test ecx, ecx -jns short loc_fffab08e ; jns 0xfffab08e +jns short loc_fffb015d ; jns 0xfffb015d xor eax, eax -jmp short loc_fffab0c3 ; jmp 0xfffab0c3 +jmp short loc_fffb0192 ; jmp 0xfffb0192 -loc_fffab0be: +loc_fffb018d: mov eax, 0x80000009 -loc_fffab0c3: +loc_fffb0192: pop ebx pop esi pop edi pop ebp ret -fcn_fffab0c8: ; not directly referenced +fcn_fffb0197: ; not directly referenced push ebp mov ebp, esp +mov edx, dword [ebp + 0x10] +mov eax, dword [ebp + 0x18] +out dx, al pop ebp -jmp near loc_fffd2984 ; jmp 0xfffd2984 +ret -fcn_fffab0d1: +fcn_fffb01a3: ; not directly referenced +push ebp +mov ebp, esp +pop ebp +jmp near loc_fffd2c76 ; jmp 0xfffd2c76 + +fcn_fffb01ac: push ebp mov ebp, esp mov edx, dword [ebp + 0xc] mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0x10] test edx, edx -je short loc_fffab0ed ; je 0xfffab0ed +je short loc_fffb01c8 ; je 0xfffb01c8 movzx ecx, cl mov dword [ebp + 0x10], ecx pop ebp -jmp near loc_fffd2932 ; jmp 0xfffd2932 +jmp near loc_fffd2c24 ; jmp 0xfffd2c24 -loc_fffab0ed: +loc_fffb01c8: pop ebp ret -fcn_fffab0ef: +fcn_fffb01ca: push ebp mov ebp, esp pop ebp -jmp near loc_fffd2917 ; jmp 0xfffd2917 +jmp near loc_fffd2c09 ; jmp 0xfffd2c09 -fcn_fffab0f8: ; not directly referenced +fcn_fffb01d3: ; not directly referenced push ebp mov ebp, esp pop ebp -jmp near loc_fffd28fc ; jmp 0xfffd28fc +jmp near loc_fffd2bee ; jmp 0xfffd2bee -fcn_fffab101: +fcn_fffb01dc: push ebp mov ebp, esp mov ecx, dword [ebp + 0x10] mov eax, dword [ebp + 8] mov edx, dword [ebp + 0xc] test ecx, ecx -je short loc_fffab11b ; je 0xfffab11b +je short loc_fffb01f6 ; je 0xfffb01f6 cmp eax, edx -je short loc_fffab11b ; je 0xfffab11b +je short loc_fffb01f6 ; je 0xfffb01f6 pop ebp -jmp near loc_fffd2836 ; jmp 0xfffd2836 +jmp near loc_fffd2b28 ; jmp 0xfffd2b28 -loc_fffab11b: +loc_fffb01f6: pop ebp ret -fcn_fffab11d: ; not directly referenced +fcn_fffb01f8: ; not directly referenced push ebp mov ebp, esp pop ebp -jmp near fcn_fffab101 ; jmp 0xfffab101 - -fcn_fffab126: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x68], 0 -mov dword [ebp - 0x4c], 0 -mov dword [ebp - 0x60], 0 -mov eax, dword [ebx + 0x2480] -mov dword [ebp - 0x58], eax -mov eax, dword [ebx + 0x1887] -mov dword [ebp - 0x6c], eax -mov eax, dword [ebx + 0x188b] -mov dword [ebp - 0x5c], eax -lea eax, [ebx + 0x3756] -mov dword [ebp - 0x50], eax -mov eax, dword [ebx + 0x5edc] -lea esi, [eax + 0x1c] - -loc_fffab174: ; not directly referenced -mov eax, dword [ebp - 0x50] -cmp dword [eax], 2 -jne loc_fffab348 ; jne 0xfffab348 -cmp dword [ebp - 0x5c], 1 -jne short loc_fffab1b7 ; jne 0xfffab1b7 -mov dl, byte [esi + 3] -mov ecx, 0xff -mov al, dl -and edx, 0xffffffbf -mov byte [esi + 3], dl -mov edx, dword [ebp - 0x4c] -shr al, 6 -and eax, 1 -mov byte [esi + 0xcb], al -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [esi] -mov edx, eax -mov eax, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffab1b7: ; not directly referenced -cmp dword [ebp - 0x58], 3 -je loc_fffab30b ; je 0xfffab30b -mov eax, dword [ebp - 0x50] -mov dword [ebp - 0x54], 0 -mov dword [ebp - 0x64], eax - -loc_fffab1ce: ; not directly referenced -mov ecx, dword [ebp - 0x54] -mov eax, 1 -mov dl, cl -shl eax, cl -mov ecx, dword [ebp - 0x50] -test byte [ecx + 0xc4], al -jne short loc_fffab1f7 ; jne 0xfffab1f7 - -loc_fffab1e5: ; not directly referenced -inc dword [ebp - 0x54] -add dword [ebp - 0x64], 9 -cmp dword [ebp - 0x54], 4 -jne short loc_fffab1ce ; jne 0xfffab1ce -jmp near loc_fffab27c ; jmp 0xfffab27c - -loc_fffab1f7: ; not directly referenced -cmp dword [ebp - 0x58], 2 -sete cl -cmp dword [ebp - 0x6c], 0x306d0 -sete al -test cl, al -je short loc_fffab1e5 ; je 0xfffab1e5 -mov eax, edx -shr dl, 1 -and eax, 1 -movzx edx, dl -imul eax, eax, 0x18 -imul edx, edx, 0x128 -add edx, eax -mov eax, dword [ebp - 0x50] -test word [eax + edx + 0x126f], 0x600 -je short loc_fffab1e5 ; je 0xfffab1e5 -xor edi, edi - -loc_fffab232: ; not directly referenced -mov eax, dword [ebp - 0x64] -mov edx, dword [ebp - 0x4c] -mov byte [eax + edi + 0x24d], 0x3f -mov eax, ebx -push ecx -mov ecx, dword [ebp - 0x54] -push 0x3f -push 2 -push edi -call fcn_fffa73b0 ; call 0xfffa73b0 -mov ecx, edi -mov eax, ebx -or byte [esi + edi*4 + 0x2a], 0x80 -mov edx, dword [ebp - 0x4c] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [esi + edi*4 + 0x28] -inc edi -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -add esp, 0x10 -cmp edi, 9 -jne short loc_fffab232 ; jne 0xfffab232 -jmp near loc_fffab1e5 ; jmp 0xfffab1e5 - -loc_fffab27c: ; not directly referenced -cmp dword [ebp - 0x5c], 1 -jne loc_fffab30b ; jne 0xfffab30b -cmp dword [ebp - 0x68], 0 -jne short loc_fffab30b ; jne 0xfffab30b -mov eax, dword [esi + 0x28] -mov edx, 0x3a28 -mov edi, eax -mov dword [ebp - 0x68], eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov ecx, edi -mov edx, edi -shr ecx, 0x15 -and ecx, 1 -shr edx, 0x15 -and edx, 2 -and eax, 0xfffffffc -or eax, ecx -or eax, edx -mov edx, edi -mov edi, dword [ebp - 0x60] -shr edx, 9 -and eax, 0xff01ffff -and edx, 0xe0000 -or eax, edx -mov edx, 0x3a28 -or eax, 0x800000 -cmp dword [ebp - 0x58], 2 -mov ecx, eax -cmove edi, dword [ebp - 0x5c] -mov eax, ebx -mov dword [ebp - 0x60], edi -call fcn_fffae58c ; call 0xfffae58c -test edi, edi -je short loc_fffab30b ; je 0xfffab30b -mov edx, 0x5f09 -mov eax, ebx -mov ecx, 1 -call fcn_fffae566 ; call 0xfffae566 -mov edx, 0x96 -mov eax, ebx -call fcn_fffa834b ; call 0xfffa834b - -loc_fffab30b: ; not directly referenced -cmp byte [ebx + 0x3748], 1 -jne short loc_fffab348 ; jne 0xfffab348 -mov eax, dword [ebp - 0x4c] -lea edi, [eax*4 + 0x5004] -mov eax, ebx -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -and eax, 0xfcffffff -or eax, 0x1000000 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x3c -mov eax, ebx -call fcn_fffa834b ; call 0xfffa834b - -loc_fffab348: ; not directly referenced -inc dword [ebp - 0x4c] -add esi, 0xcc -add dword [ebp - 0x50], 0x13c3 -cmp dword [ebp - 0x4c], 2 -jne loc_fffab174 ; jne 0xfffab174 -lea edi, [ebp - 0x3c] -mov esi, ref_fffd3570 ; mov esi, 0xfffd3570 -mov ecx, 9 -mov eax, ebx -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x48] -mov esi, ref_fffd3594 ; mov esi, 0xfffd3594 -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov ecx, 0x1010101 -mov esi, 8 -push edx -push edx -xor edx, edx -push 0 -push 8 -call fcn_fffa7fde ; call 0xfffa7fde -lea edi, [ebp - 0x3c] -add esp, 0x10 - -loc_fffab39c: ; not directly referenced -push eax -mov ecx, 0x41041041 -push eax -mov eax, ebx -push esi -add esi, 6 -push 6 -mov edx, dword [edi] -add edi, 4 -call fcn_fffa7fde ; call 0xfffa7fde -add esp, 0x10 -cmp esi, 0x3e -jne short loc_fffab39c ; jne 0xfffab39c -lea edx, [ebp - 0x48] -mov eax, ebx -call fcn_fffa665e ; call 0xfffa665e -cmp dword [ebx + 0x3756], 2 -jne short loc_fffab3e1 ; jne 0xfffab3e1 -mov ecx, 0xa010102 -mov edx, 0x4078 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffab3e1: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffab3fb ; jne 0xfffab3fb -mov ecx, 0xa010102 -mov edx, 0x4478 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffab3fb: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +jmp near fcn_fffb01dc ; jmp 0xfffb01dc -fcn_fffab405: +fcn_fffb0201: push ebp mov eax, dword [0xff7d0000] mov ebp, esp pop ebp ret -fcn_fffab40f: +fcn_fffb020b: push ebp mov ebp, esp sub esp, 8 -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0201 ; call 0xfffb0201 sub esp, 0xc mov edx, dword [eax] push dword [ebp + 0x14] @@ -14987,7 +21658,7 @@ call dword [edx + 0x20] ; ucall leave ret -fcn_fffab430: ; not directly referenced +fcn_fffb022c: ; not directly referenced push ebp mov ebp, esp push edi @@ -15001,9 +21672,9 @@ lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_fffd662c ; push 0xfffd662c +push ref_fffd6928 ; push 0xfffd6928 mov dword [ebp - 0x2c], ecx -call fcn_fffab40f ; call 0xfffab40f +call fcn_fffb020b ; call 0xfffb020b add esp, 0xc mov edx, dword [ebp - 0x1c] push dword [ebp + 8] @@ -15024,10 +21695,10 @@ push edx call dword [edx] ; ucall add esp, 0x20 test esi, esi -je short loc_fffab484 ; je 0xfffab484 +je short loc_fffb0280 ; je 0xfffb0280 mov dword [esi], eax -loc_fffab484: ; not directly referenced +loc_fffb0280: ; not directly referenced mov eax, dword [ebp - 0x2c] lea esp, [ebp - 0xc] pop ebx @@ -15036,7 +21707,7 @@ pop edi pop ebp ret -fcn_fffab48f: ; not directly referenced +fcn_fffb028b: ; not directly referenced push ebp mov ecx, 1 mov ebp, esp @@ -15046,12 +21717,12 @@ mov edx, dword [ebp + 8] lea eax, [ebp - 9] push eax mov eax, 4 -call fcn_fffab430 ; call 0xfffab430 +call fcn_fffb022c ; call 0xfffb022c mov al, byte [ebp - 9] leave ret -fcn_fffab4b3: ; not directly referenced +fcn_fffb02af: ; not directly referenced push ebp mov ecx, 1 mov ebp, esp @@ -15064,13 +21735,183 @@ lea eax, [ebp - 9] mov byte [ebp - 9], bl push eax mov eax, 5 -call fcn_fffab430 ; call 0xfffab430 +call fcn_fffb022c ; call 0xfffb022c mov al, bl mov ebx, dword [ebp - 4] leave ret -fcn_fffab4e0: ; not directly referenced +fcn_fffb02dc: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +mov ebx, edx +sub esp, 0x2c +test ebx, ebx +setne al +cmp cx, 0x1ff +setbe bl +mov dword [ebp - 0x2c], edx +mov edx, dword [ebp + 8] +mov word [ebp - 0x2e], cx +mov dword [ebp - 0x1c], 0x80000007 +test al, bl +je loc_fffb03b0 ; je 0xfffb03b0 +mov edi, edx +movzx edx, dx +add edx, ecx +cmp edx, 0x1ff +jg loc_fffb03b0 ; jg 0xfffb03b0 +mov eax, dword [ebp - 0x2c] +add edi, eax +mov ebx, eax +mov eax, esi +movzx eax, al +mov word [ebp - 0x30], di +mov dword [ebp - 0x34], eax + +loc_fffb0335: ; not directly referenced +cmp word [ebp - 0x30], bx +je short loc_fffb03a9 ; je 0xfffb03a9 +mov ecx, dword [ebp + 0xc] +mov dx, word [ebp - 0x2e] +sub edx, dword [ebp - 0x2c] +movzx ecx, byte [ecx] +add edx, ebx +mov eax, edx +shr ax, 8 +cmp ax, cx +je short loc_fffb035e ; je 0xfffb035e +mov edi, dword [ebp + 0xc] +mov byte [edi], al +mov al, 1 +jmp short loc_fffb0360 ; jmp 0xfffb0360 + +loc_fffb035e: ; not directly referenced +xor eax, eax + +loc_fffb0360: ; not directly referenced +dec al +movzx esi, dl +jne short loc_fffb0385 ; jne 0xfffb0385 +mov eax, dword [ebp + 0xc] +cmp byte [eax], 1 +push edx +lea edx, [ebp - 0x1c] +sbb eax, eax +push edx +and eax, 0xfffffffe +push 0 +add eax, 0x6e +push eax +call fcn_fffb02af ; call 0xfffb02af +add esp, 0x10 + +loc_fffb0385: ; not directly referenced +shl esi, 8 +mov edi, ebx +push eax +inc ebx +or esi, dword [ebp - 0x34] +push eax +lea eax, [ebp - 0x1c] +push eax +push esi +call fcn_fffb028b ; call 0xfffb028b +add esp, 0x10 +mov byte [ebx - 1], al +cmp dword [ebp - 0x1c], 0 +je short loc_fffb0335 ; je 0xfffb0335 +mov byte [edi], 0 + +loc_fffb03a9: ; not directly referenced +mov dword [ebp - 0x1c], 0 + +loc_fffb03b0: ; not directly referenced +mov eax, dword [ebp - 0x1c] +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb03bb: ; not directly referenced +push ebp +mov ecx, 2 +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x34 +mov esi, dword [ebp + 0x10] +movzx eax, byte [ebp + 0xc] +lea edi, [ebp - 0x19] +push edi +push 1 +lea edx, [esi + 2] +mov byte [ebp - 0x19], 0xff +mov dword [ebp - 0x30], eax +call fcn_fffb02dc ; call 0xfffb02dc +add esp, 0x10 +mov esi, eax +test eax, eax +jne short loc_fffb044f ; jne 0xfffb044f +mov eax, dword [ebp + 0x18] +xor edx, edx +mov ecx, dword [ebp + 8] +mov dword [ebp - 0x2c], 1 +mov ebx, dword [ebp + 0x14] +shl dword [ebp - 0x2c], cl +mov ecx, 5 +div ecx +lea eax, [eax + eax*4] +add eax, ebx +mov dword [ebp - 0x34], eax + +loc_fffb0412: ; not directly referenced +cmp ebx, dword [ebp - 0x34] +je short loc_fffb044f ; je 0xfffb044f +movzx eax, byte [ebx + 4] +test dword [ebp - 0x2c], eax +je short loc_fffb044a ; je 0xfffb044a +push eax +mov edx, dword [ebp + 0x10] +push eax +movzx ecx, word [ebx] +push edi +mov ax, word [ebx + 2] +add edx, ecx +inc eax +sub ax, word [ebx] +movzx eax, ax +push eax +mov eax, dword [ebp - 0x30] +call fcn_fffb02dc ; call 0xfffb02dc +add esp, 0x10 +test eax, eax +je short loc_fffb044a ; je 0xfffb044a +mov esi, eax +jmp short loc_fffb044f ; jmp 0xfffb044f + +loc_fffb044a: ; not directly referenced +add ebx, 5 +jmp short loc_fffb0412 ; jmp 0xfffb0412 + +loc_fffb044f: ; not directly referenced +test esi, esi +sete al +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb045c: ; not directly referenced push ebp mov ecx, 2 mov ebp, esp @@ -15080,12 +21921,31 @@ mov edx, dword [ebp + 8] lea eax, [ebp - 0xa] push eax mov eax, 6 -call fcn_fffab430 ; call 0xfffab430 +call fcn_fffb022c ; call 0xfffb022c mov ax, word [ebp - 0xa] leave ret -fcn_fffab505: +fcn_fffb0481: ; not directly referenced +push ebp +mov ecx, 2 +mov ebp, esp +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 0xc] +push dword [ebp + 0x10] +mov edx, dword [ebp + 8] +lea eax, [ebp - 0xa] +mov word [ebp - 0xa], bx +push eax +mov eax, 7 +call fcn_fffb022c ; call 0xfffb022c +mov eax, ebx +mov ebx, dword [ebp - 4] +leave +ret + +fcn_fffb04af: push ebp mov ebp, esp push ebx @@ -15097,8 +21957,8 @@ mov dword [edx], 0x626d7370 push eax push 0 push 0 -push ref_fffd6584 ; push 0xfffd6584 -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6880 ; push 0xfffd6880 +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [ebp - 0xc] add esp, 0x10 movzx edx, word [eax + 0x388] @@ -15108,41 +21968,41 @@ mov dl, byte [eax - 1] mov dword [ebx + 0xce], eax lea eax, [ebx + 0x18] mov dword [ebx + 0xc], 0x80000010 -mov dword [ebx + 0x10], ref_fffd662c ; mov dword [ebx + 0x10], 0xfffd662c +mov dword [ebx + 0x10], ref_fffd6928 ; mov dword [ebx + 0x10], 0xfffd6928 mov byte [ebx + 0xcd], dl mov dword [ebx + 0x14], eax -mov dword [ebx + 0x18], fcn_fffb51f9 ; mov dword [ebx + 0x18], 0xfffb51f9 -mov dword [ebx + 0x1c], fcn_fffa5b5e ; mov dword [ebx + 0x1c], 0xfffa5b5e -mov dword [ebx + 0x20], fcn_fffa5b54 ; mov dword [ebx + 0x20], 0xfffa5b54 -mov dword [ebx + 0x24], fcn_fffa5b4a ; mov dword [ebx + 0x24], 0xfffa5b4a +mov dword [ebx + 0x18], fcn_fffb94a2 ; mov dword [ebx + 0x18], 0xfffb94a2 +mov dword [ebx + 0x1c], fcn_fffa5b8d ; mov dword [ebx + 0x1c], 0xfffa5b8d +mov dword [ebx + 0x20], fcn_fffa5b83 ; mov dword [ebx + 0x20], 0xfffa5b83 +mov dword [ebx + 0x24], fcn_fffa5b79 ; mov dword [ebx + 0x24], 0xfffa5b79 mov dword [ebx + 0x38], 0x80000020 -mov dword [ebx + 0x3c], ref_fffd65b0 ; mov dword [ebx + 0x3c], 0xfffd65b0 -mov dword [ebx + 0x40], fcn_fffab5a2 ; mov dword [ebx + 0x40], 0xfffab5a2 +mov dword [ebx + 0x3c], ref_fffd68ac ; mov dword [ebx + 0x3c], 0xfffd68ac +mov dword [ebx + 0x40], fcn_fffb054c ; mov dword [ebx + 0x40], 0xfffb054c mov byte [ebx + 0x44], 0 mov byte [ebx + 0xd2], 0 mov ebx, dword [ebp - 4] leave ret -fcn_fffab5a2: ; not directly referenced +fcn_fffb054c: ; not directly referenced push ebp mov ebp, esp sub esp, 8 mov eax, dword [ebp + 0xc] lea edx, [eax - 0x38] mov eax, dword [ebp + 8] -call fcn_fffab505 ; call 0xfffab505 +call fcn_fffb04af ; call 0xfffb04af xor eax, eax leave ret -fcn_fffab5ba: +fcn_fffb0564: push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 0xc] -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0201 ; call 0xfffb0201 movzx ebx, bx mov edx, dword [eax] push dword [ebp + 0x10] @@ -15154,11 +22014,11 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffab5db: +fcn_fffb0585: push ebp mov ebp, esp sub esp, 8 -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0201 ; call 0xfffb0201 push edx push edx mov edx, dword [eax] @@ -15168,11 +22028,11 @@ call dword [edx + 0x18] ; ucall leave ret -fcn_fffab5f3: +fcn_fffb059d: push ebp mov ebp, esp sub esp, 0x18 -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0201 ; call 0xfffb0201 lea ecx, [ebp - 0xc] push edx push edx @@ -15184,11 +22044,11 @@ mov eax, dword [ebp - 0xc] leave ret -fcn_fffab60f: +fcn_fffb05b9: push ebp mov ebp, esp sub esp, 8 -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0201 ; call 0xfffb0201 push edx mov edx, dword [eax] push dword [ebp + 0xc] @@ -15198,45 +22058,104 @@ call dword [edx + 0x4c] ; ucall leave ret -fcn_fffab629: ; not directly referenced +fcn_fffb05d3: ; not directly referenced push ebp mov ebp, esp +push edi +mov edi, edx push esi -mov esi, dword [ebp + 0xc] +mov esi, 1 push ebx +sub esp, 0x1c mov ebx, dword [ebp + 8] +lea ecx, [edx - 4] +cmp ecx, 3 +cmova esi, dword [ebp + 0x10] +and edi, 3 +mov dword [ebp - 0x1c], ebx +mov ebx, dword [ebp + 0xc] +cmp edi, 3 +sete cl +test al, al +sete dl +mov dword [ebp - 0x20], ebx +test cl, dl +jne short loc_fffb0672 ; jne 0xfffb0672 +mov ecx, 0xffff +xor ebx, ebx +test al, al +je short loc_fffb061b ; je 0xfffb061b +or ecx, 0xffffffff +xor ebx, ebx + +loc_fffb061b: ; not directly referenced +test esi, esi +jne short loc_fffb0636 ; jne 0xfffb0636 +cmp dword [ebp - 0x20], ebx +jb short loc_fffb0632 ; jb 0xfffb0632 +ja short loc_fffb062b ; ja 0xfffb062b +cmp dword [ebp - 0x1c], ecx + +loc_fffb0629: ; not directly referenced +jbe short loc_fffb0632 ; jbe 0xfffb0632 + +loc_fffb062b: ; not directly referenced +mov eax, 0x80000003 +jmp short loc_fffb0677 ; jmp 0xfffb0677 + +loc_fffb0632: ; not directly referenced +xor eax, eax +jmp short loc_fffb0677 ; jmp 0xfffb0677 + +loc_fffb0636: ; not directly referenced +push eax +push edi push ebx -call fcn_fffaafc2 ; call 0xfffaafc2 -mov dword [ebp + 8], ebx -pop edx -or eax, esi -mov dword [ebp + 0xc], eax -lea esp, [ebp - 8] +push ecx +call fcn_fffb01ca ; call 0xfffb01ca +lea ecx, [esi - 1] +add esp, 0x10 +cmp edx, 0 +ja short loc_fffb064e ; ja 0xfffb064e +cmp eax, ecx +jb short loc_fffb062b ; jb 0xfffb062b + +loc_fffb064e: ; not directly referenced +push ecx +push edi +xor edi, edi +sub eax, esi +sbb edx, edi +add eax, 1 +adc edx, 0 +push edx +push eax +call fcn_fffb01d3 ; call 0xfffb01d3 +add esp, 0x10 +cmp dword [ebp - 0x20], edx +ja short loc_fffb062b ; ja 0xfffb062b +jb short loc_fffb0632 ; jb 0xfffb0632 +cmp dword [ebp - 0x1c], eax +jmp short loc_fffb0629 ; jmp 0xfffb0629 + +loc_fffb0672: ; not directly referenced +mov eax, 0x80000002 + +loc_fffb0677: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi +pop edi pop ebp -jmp near fcn_fffaafda ; jmp 0xfffaafda +ret -fcn_fffab64e: ; not directly referenced +fcn_fffb067f: push ebp mov ebp, esp -push esi -mov esi, dword [ebp + 0xc] -push ebx -mov ebx, dword [ebp + 8] -push ebx -call fcn_fffaafc2 ; call 0xfffaafc2 -mov dword [ebp + 8], ebx -pop edx -and eax, esi -mov dword [ebp + 0xc], eax -lea esp, [ebp - 8] -pop ebx -pop esi pop ebp -jmp near fcn_fffaafda ; jmp 0xfffaafda +jmp near loc_fffd2b5e ; jmp 0xfffd2b5e -fcn_fffab673: +fcn_fffb0688: push ebp mov ebp, esp push edi @@ -15254,7 +22173,7 @@ mov esi, dword [edi + 9] mov dword [ebx + 0x18bd], 0x102 mov dword [ebx + 0x1877], 2 mov dword [ebp - 0x40], ecx -mov ecx, dword [ebx + 0x2443] +mov ecx, dword [ebx + 0x2444] mov dword [ebx + 0x18b9], esi mov byte [ebx + 0x1876], 0 mov dword [ebx + 0x18a3], 0 @@ -15263,33 +22182,33 @@ mov cl, byte [esi + 0xf2] mov byte [ebx + 0x2407], cl mov ecx, dword [esi + 4] cmp ecx, 2 -je short loc_fffab6eb ; je 0xfffab6eb +je short loc_fffb0700 ; je 0xfffb0700 cmp ecx, 3 -je short loc_fffab6f8 ; je 0xfffab6f8 +je short loc_fffb070d ; je 0xfffb070d dec ecx -jne short loc_fffab73a ; jne 0xfffab73a -jmp short loc_fffab70c ; jmp 0xfffab70c +jne short loc_fffb074f ; jne 0xfffb074f +jmp short loc_fffb0721 ; jmp 0xfffb0721 -loc_fffab6eb: +loc_fffb0700: cmp eax, 4 setne al movzx eax, al add eax, eax -jmp short loc_fffab704 ; jmp 0xfffab704 +jmp short loc_fffb0719 ; jmp 0xfffb0719 -loc_fffab6f8: +loc_fffb070d: cmp eax, 4 setne al movzx eax, al lea eax, [eax + eax*2] -loc_fffab704: +loc_fffb0719: mov dword [ebx + 0x18a7], eax -jmp short loc_fffab744 ; jmp 0xfffab744 +jmp short loc_fffb0759 ; jmp 0xfffb0759 -loc_fffab70c: +loc_fffb0721: cmp eax, 4 -je short loc_fffab73a ; je 0xfffab73a +je short loc_fffb074f ; je 0xfffb074f mov dword [ebx + 0x18a7], 1 movzx eax, byte [esi + 0x53] mov dword [ebx + 0x1877], eax @@ -15297,12 +22216,12 @@ mov al, byte [esi + 0x54] mov byte [ebx + 0x1876], al movzx eax, word [esi + 0x4c] mov dword [ebx + 0x18a3], eax -jmp short loc_fffab744 ; jmp 0xfffab744 +jmp short loc_fffb0759 ; jmp 0xfffb0759 -loc_fffab73a: +loc_fffb074f: mov dword [ebx + 0x18a7], 0 -loc_fffab744: +loc_fffb0759: mov eax, dword [edi + 1] mov eax, dword [eax + 4] mov dword [ebx + 0x18c5], eax @@ -15331,20 +22250,20 @@ mov dword [ebx + 0x18dd], eax sete al or cl, al mov eax, dword [edi + 5] -jne short loc_fffab7c4 ; jne 0xfffab7c4 +jne short loc_fffb07d9 ; jne 0xfffb07d9 cmp edx, 0x40660 -jne short loc_fffab7ca ; jne 0xfffab7ca +jne short loc_fffb07df ; jne 0xfffb07df -loc_fffab7c4: +loc_fffb07d9: movzx eax, word [eax + 2] -jmp short loc_fffab7d5 ; jmp 0xfffab7d5 +jmp short loc_fffb07ea ; jmp 0xfffb07ea -loc_fffab7ca: +loc_fffb07df: movzx ecx, word [eax + 2] mov eax, 1 shl eax, cl -loc_fffab7d5: +loc_fffb07ea: mov dword [ebx + 0x1893], eax mov eax, dword [edi + 5] movzx eax, byte [eax + 4] @@ -15526,7 +22445,7 @@ shl edx, 2 or eax, edx mov byte [ebx + 0x2406], al cmp byte [edi], 1 -jbe short loc_fffabaa2 ; jbe 0xfffabaa2 +jbe short loc_fffb0ab7 ; jbe 0xfffb0ab7 mov dl, byte [esi + 0x58] and eax, 0xfffffff7 and edx, 1 @@ -15544,17 +22463,17 @@ and eax, 0xffffffdf and edx, 1 shl edx, 5 or eax, edx -jmp short loc_fffabaa8 ; jmp 0xfffabaa8 +jmp short loc_fffb0abd ; jmp 0xfffb0abd -loc_fffabaa2: +loc_fffb0ab7: and eax, 0xffffffe7 or eax, 0x20 -loc_fffabaa8: +loc_fffb0abd: mov byte [ebx + 0x2406], al mov al, byte [ebx + 0x2405] cmp byte [edi], 3 -jbe short loc_fffabb0d ; jbe 0xfffabb0d +jbe short loc_fffb0b22 ; jbe 0xfffb0b22 mov dl, byte [esi + 0x5c] and eax, 0xfffffffd and edx, 1 @@ -15575,56 +22494,56 @@ mov al, byte [esi + 0x62] mov byte [ebx + 0x190b], al mov al, byte [esi + 0x63] mov byte [ebx + 0x190c], al -jmp short loc_fffabb47 ; jmp 0xfffabb47 +jmp short loc_fffb0b5c ; jmp 0xfffb0b5c -loc_fffabb0d: +loc_fffb0b22: or eax, 2 mov byte [ebx + 0x2405], al mov byte [ebx + 0x1906], 0xff -mov byte [ebx + 0x1907], 0x40 +mov byte [ebx + 0x1907], 0x80 mov byte [ebx + 0x1908], 1 mov byte [ebx + 0x1909], 1 -mov byte [ebx + 0x190a], 0 +mov byte [ebx + 0x190a], 1 mov byte [ebx + 0x190b], 7 mov byte [ebx + 0x190c], 0 -loc_fffabb47: +loc_fffb0b5c: cmp byte [edi], 4 -jbe short loc_fffabb72 ; jbe 0xfffabb72 +jbe short loc_fffb0b87 ; jbe 0xfffb0b87 mov eax, dword [esi + 0x64] mov edx, 0x5f5e100 cmp eax, 0x55d4a7f -jbe short loc_fffabb6a ; jbe 0xfffabb6a +jbe short loc_fffb0b7f ; jbe 0xfffb0b7f mov ecx, 0xf4240 xor edx, edx div ecx imul edx, eax, 0xf4240 -loc_fffabb6a: +loc_fffb0b7f: mov dword [ebx + 0x187b], edx -jmp short loc_fffabb7c ; jmp 0xfffabb7c +jmp short loc_fffb0b91 ; jmp 0xfffb0b91 -loc_fffabb72: +loc_fffb0b87: mov dword [ebx + 0x187b], 0x5f5e100 -loc_fffabb7c: +loc_fffb0b91: cmp byte [edi], 5 mov dl, byte [ebx + 0x2406] -jbe short loc_fffabb97 ; jbe 0xfffabb97 +jbe short loc_fffb0bac ; jbe 0xfffb0bac mov al, byte [esi + 0x6a] and edx, 0xffffffbf and eax, 1 shl eax, 6 or edx, eax -jmp short loc_fffabb9a ; jmp 0xfffabb9a +jmp short loc_fffb0baf ; jmp 0xfffb0baf -loc_fffabb97: +loc_fffb0bac: or edx, 0x40 -loc_fffabb9a: +loc_fffb0baf: mov byte [ebx + 0x2406], dl cmp byte [edi], 8 -jbe short loc_fffabbd3 ; jbe 0xfffabbd3 +jbe short loc_fffb0be8 ; jbe 0xfffb0be8 mov eax, dword [edi + 1] mov eax, dword [eax + 0x2b] shr eax, 0x14 @@ -15635,17 +22554,17 @@ mov ax, word [esi + 0x6e] mov word [ebx + 0x1918], ax mov al, byte [esi + 0x70] mov byte [ebx + 0x191a], al -jmp short loc_fffabbf4 ; jmp 0xfffabbf4 +jmp short loc_fffb0c09 ; jmp 0xfffb0c09 -loc_fffabbd3: +loc_fffb0be8: mov dword [ebx + 0x18e1], 4 mov byte [ebx + 0x1917], 2 mov word [ebx + 0x1918], 0x30ce mov byte [ebx + 0x191a], 1 -loc_fffabbf4: +loc_fffb0c09: cmp byte [edi], 9 -jbe loc_fffabef9 ; jbe 0xfffabef9 +jbe loc_fffb0f0e ; jbe 0xfffb0f0e mov al, byte [esi + 0x71] mov byte [ebx + 0x1923], al mov al, byte [esi + 0x72] @@ -15656,15 +22575,15 @@ mov al, byte [esi + 0x74] mov byte [ebx + 0x1926], al mov eax, dword [ebx + 0x1887] cmp eax, 0x40650 -je short loc_fffabc37 ; je 0xfffabc37 +je short loc_fffb0c4c ; je 0xfffb0c4c cmp dword [ebx + 0x188b], 1 -jne short loc_fffabc40 ; jne 0xfffabc40 +jne short loc_fffb0c55 ; jne 0xfffb0c55 -loc_fffabc37: +loc_fffb0c4c: mov dl, byte [esi + 0x75] mov byte [ebx + 0x1927], dl -loc_fffabc40: +loc_fffb0c55: mov dl, byte [esi + 0x76] mov byte [ebx + 0x1928], dl mov dl, byte [esi + 0x77] @@ -15778,32 +22697,32 @@ mov byte [ebx + 0x1961], dl mov dl, byte [esi + 0xb0] mov byte [ebx + 0x1962], dl cmp eax, 0x40650 -je short loc_fffabedc ; je 0xfffabedc +je short loc_fffb0ef1 ; je 0xfffb0ef1 cmp dword [ebx + 0x188b], 1 -jne loc_fffac030 ; jne 0xfffac030 +jne loc_fffb1045 ; jne 0xfffb1045 -loc_fffabedc: +loc_fffb0ef1: mov al, byte [esi + 0xb1] mov byte [ebx + 0x1963], al mov al, byte [esi + 0xb2] mov byte [ebx + 0x1964], al -jmp near loc_fffac030 ; jmp 0xfffac030 +jmp near loc_fffb1045 ; jmp 0xfffb1045 -loc_fffabef9: +loc_fffb0f0e: mov ecx, dword [ebx + 0x1887] mov byte [ebx + 0x1923], 0 mov byte [ebx + 0x1924], 0 mov byte [ebx + 0x1925], 0 mov byte [ebx + 0x1926], 1 cmp ecx, 0x40650 -je short loc_fffabf2c ; je 0xfffabf2c +je short loc_fffb0f41 ; je 0xfffb0f41 cmp dword [ebx + 0x188b], 1 -jne short loc_fffabf33 ; jne 0xfffabf33 +jne short loc_fffb0f48 ; jne 0xfffb0f48 -loc_fffabf2c: +loc_fffb0f41: mov byte [ebx + 0x1927], 0 -loc_fffabf33: +loc_fffb0f48: mov byte [ebx + 0x1928], 0 lea eax, [ebx + 0x193a] xor edx, edx @@ -15820,7 +22739,7 @@ mov byte [ebx + 0x1936], 0 mov byte [ebx + 0x1937], 0 mov word [ebx + 0x1938], 0 -loc_fffabf9a: +loc_fffb0faf: mov byte [ebx + edx + 0x192d], 0 inc edx add eax, 2 @@ -15843,55 +22762,55 @@ mov byte [eax + 0x17], 0 mov byte [eax + 0x1b], 0 mov byte [eax + 0x1f], 0 cmp edx, 2 -jne short loc_fffabf9a ; jne 0xfffabf9a +jne short loc_fffb0faf ; jne 0xfffb0faf mov byte [ebx + 0x195e], 1 mov word [ebx + 0x195f], 0x200 mov byte [ebx + 0x1961], 0 mov byte [ebx + 0x1962], 0x30 cmp ecx, 0x40650 -je short loc_fffac022 ; je 0xfffac022 +je short loc_fffb1037 ; je 0xfffb1037 cmp dword [ebx + 0x188b], 1 -jne short loc_fffac030 ; jne 0xfffac030 +jne short loc_fffb1045 ; jne 0xfffb1045 -loc_fffac022: +loc_fffb1037: mov byte [ebx + 0x1963], 1 mov byte [ebx + 0x1964], 0x40 -loc_fffac030: +loc_fffb1045: cmp byte [edi], 0xa -jbe short loc_fffac05b ; jbe 0xfffac05b +jbe short loc_fffb1070 ; jbe 0xfffb1070 mov al, byte [esi + 0xc2] mov byte [ebx + 0x18b7], al mov al, byte [esi + 0xc3] mov byte [ebx + 0x18b8], al mov al, byte [esi + 0xc4] mov byte [ebx + 0x2411], al -jmp short loc_fffac070 ; jmp 0xfffac070 +jmp short loc_fffb1085 ; jmp 0xfffb1085 -loc_fffac05b: +loc_fffb1070: mov byte [ebx + 0x18b7], 1 mov byte [ebx + 0x18b8], 1 mov byte [ebx + 0x2411], 0 -loc_fffac070: +loc_fffb1085: cmp byte [edi], 0xb mov al, byte [ebx + 0x2404] -jbe short loc_fffac08e ; jbe 0xfffac08e +jbe short loc_fffb10a3 ; jbe 0xfffb10a3 mov dl, byte [esi + 0xc5] and eax, 0xfffffff7 and edx, 1 shl edx, 3 or eax, edx -jmp short loc_fffac091 ; jmp 0xfffac091 +jmp short loc_fffb10a6 ; jmp 0xfffb10a6 -loc_fffac08e: +loc_fffb10a3: or eax, 8 -loc_fffac091: +loc_fffb10a6: mov byte [ebx + 0x2404], al mov cl, byte [ebx + 0x2405] cmp byte [edi], 0xe -jbe loc_fffac149 ; jbe 0xfffac149 +jbe loc_fffb115e ; jbe 0xfffb115e mov al, byte [esi + 0xf3] and ecx, 0xffffffef mov dl, cl @@ -15907,14 +22826,14 @@ mov byte [ebx + 0x190d], al mov al, byte [esi + 0xd1] mov byte [ebx + 0x2420], al -loc_fffac0e5: +loc_fffb10fa: mov eax, dword [esi + ecx + 0xd2] mov edx, dword [esi + ecx + 0xd6] mov dword [ebx + ecx + 0x2421], eax mov dword [ebx + ecx + 0x2425], edx add ecx, 8 cmp ecx, 0x20 -jne short loc_fffac0e5 ; jne 0xfffac0e5 +jne short loc_fffb10fa ; jne 0xfffb10fa mov al, byte [esi + 0xd0] mov byte [ebx + 0x240f], al mov al, byte [esi + 0xf4] @@ -15925,9 +22844,9 @@ mov ax, word [esi + 0xf9] mov word [ebx + 0x1920], ax mov al, byte [esi + 0xfb] mov byte [ebx + 0x1922], al -jmp short loc_fffac1a0 ; jmp 0xfffac1a0 +jmp short loc_fffb11b5 ; jmp 0xfffb11b5 -loc_fffac149: +loc_fffb115e: cmp dword [ebx + 0x188b], 1 mov al, cl mov byte [ebx + 0x1965], 1 @@ -15938,16 +22857,16 @@ shl edx, 4 or eax, edx mov byte [ebx + 0x2405], al mov byte [ebx + 0x2420], 0 -mov byte [ebx + 0x240f], 0 +mov byte [ebx + 0x240f], 1 mov byte [ebx + 0x191b], 1 mov dword [ebx + 0x191c], 0x320 mov word [ebx + 0x1920], 0x118 mov byte [ebx + 0x1922], 7 -loc_fffac1a0: +loc_fffb11b5: cmp byte [edi], 0xf mov dl, byte [ebx + 0x2405] -jbe short loc_fffac1ca ; jbe 0xfffac1ca +jbe short loc_fffb11df ; jbe 0xfffb11df mov al, byte [esi + 0xfc] and edx, 0xffffffdf mov byte [ebx + 0x2410], al @@ -15955,37 +22874,37 @@ mov al, byte [esi + 0xfd] and eax, 1 shl eax, 5 or edx, eax -jmp short loc_fffac1d4 ; jmp 0xfffac1d4 +jmp short loc_fffb11e9 ; jmp 0xfffb11e9 -loc_fffac1ca: +loc_fffb11df: mov byte [ebx + 0x2410], 0 and edx, 0xffffffdf -loc_fffac1d4: +loc_fffb11e9: mov byte [ebx + 0x2405], dl cmp byte [edi], 0x11 -jbe short loc_fffac207 ; jbe 0xfffac207 +jbe short loc_fffb121c ; jbe 0xfffb121c movzx eax, byte [esi + 0xfe] mov dword [ebx + 0x190e], eax movzx eax, byte [esi + 0xff] mov dword [ebx + 0x1912], eax mov al, byte [esi + 0x100] mov byte [ebx + 0x1916], al -jmp short loc_fffac222 ; jmp 0xfffac222 +jmp short loc_fffb1237 ; jmp 0xfffb1237 -loc_fffac207: +loc_fffb121c: mov dword [ebx + 0x190e], 0 mov dword [ebx + 0x1912], 0xe mov byte [ebx + 0x1916], 0 -loc_fffac222: +loc_fffb1237: cmp byte [edi], 0x12 mov byte [ebp - 0x45], 0xff -jbe short loc_fffac234 ; jbe 0xfffac234 +jbe short loc_fffb1249 ; jbe 0xfffb1249 mov al, byte [esi + 0x101] mov byte [ebp - 0x45], al -loc_fffac234: +loc_fffb1249: mov dword [ebx + 0x189f], 0 mov byte [ebx + 0x189e], 0 mov al, byte [esi + 0xc7] @@ -16003,25 +22922,25 @@ mov al, byte [edi + 0x22] mov byte [ebx + 0x2408], al mov eax, dword [ebx + 0x1887] cmp eax, 0x40650 -je short loc_fffac2a1 ; je 0xfffac2a1 +je short loc_fffb12b6 ; je 0xfffb12b6 cmp dword [ebx + 0x188b], 1 -jne loc_fffac354 ; jne 0xfffac354 +jne loc_fffb1369 ; jne 0xfffb1369 -loc_fffac2a1: +loc_fffb12b6: mov dl, byte [esi + 0x57] mov byte [ebx + 0x2409], dl cmp eax, 0x40670 -je short loc_fffac2b8 ; je 0xfffac2b8 +je short loc_fffb12cd ; je 0xfffb12cd mov byte [ebx + 0x240a], 0 -loc_fffac2b8: +loc_fffb12cd: cmp dword [ebx + 0x188b], 1 -jne loc_fffac354 ; jne 0xfffac354 +jne loc_fffb1369 ; jne 0xfffb1369 mov eax, dword [ebp - 0x30] mov byte [ebx + 0x240b], 0 mov eax, dword [eax + 0x80] test eax, eax -je short loc_fffac2ec ; je 0xfffac2ec +je short loc_fffb1301 ; je 0xfffb1301 lea edx, [ebp - 0x20] push edx lea edx, [ebp - 0x1c] @@ -16030,14 +22949,14 @@ push 0x1b push 1 call eax add esp, 0x10 -jmp short loc_fffac2f3 ; jmp 0xfffac2f3 +jmp short loc_fffb1308 ; jmp 0xfffb1308 -loc_fffac2ec: +loc_fffb1301: mov dword [ebp - 0x1c], 0 -loc_fffac2f3: +loc_fffb1308: cmp dword [ebp - 0x1c], 0 -je short loc_fffac344 ; je 0xfffac344 +je short loc_fffb1359 ; je 0xfffb1359 mov dx, word [ebp - 0x1a] mov ecx, 0xb xor eax, eax @@ -16045,7 +22964,7 @@ mov word [ebp - 0x2c], 0x4e20 and edx, 0xfff mov dword [ebp - 0x38], edx -loc_fffac313: +loc_fffb1328: mov edx, dword [ebp - 0x38] sar edx, cl mov dword [ebp - 0x34], edx @@ -16056,69 +22975,69 @@ cmovne eax, edx dec ecx shr word [ebp - 0x2c], 1 cmp ecx, 0xffffffff -jne short loc_fffac313 ; jne 0xfffac313 +jne short loc_fffb1328 ; jne 0xfffb1328 mov ecx, 0xa xor edx, edx div cx mov word [ebx + 0x1902], ax -jmp short loc_fffac34d ; jmp 0xfffac34d +jmp short loc_fffb1362 ; jmp 0xfffb1362 -loc_fffac344: +loc_fffb1359: mov word [ebx + 0x1902], 0x352 -loc_fffac34d: +loc_fffb1362: mov byte [ebx + 0x240d], 0 -loc_fffac354: +loc_fffb1369: movzx eax, byte [ebp - 0x44] lea ecx, [ebx + 0x19bb] mov byte [ebx + 0x196a], 0 mov dword [ebp - 0x2c], 0 mov dword [ebp - 0x50], eax -loc_fffac36f: +loc_fffb1384: mov edx, dword [ebp - 0x2c] mov al, byte [ebp - 0x45] mov byte [ebp - 0x34], dl cmp dl, al -je short loc_fffac3c9 ; je 0xfffac3c9 +je short loc_fffb13de ; je 0xfffb13de mov eax, dword [ebp - 0x2c] mov al, byte [esi + eax + 0x2a] cmp al, 2 -je short loc_fffac3a2 ; je 0xfffac3a2 +je short loc_fffb13b7 ; je 0xfffb13b7 cmp al, 3 -je short loc_fffac3c9 ; je 0xfffac3c9 +je short loc_fffb13de ; je 0xfffb13de dec al -jne short loc_fffac3ea ; jne 0xfffac3ea +jne short loc_fffb13ff ; jne 0xfffb13ff mov dword [ecx - 0x48], 1 mov dword [ecx + 0x22f], 0 -jmp short loc_fffac3b3 ; jmp 0xfffac3b3 +jmp short loc_fffb13c8 ; jmp 0xfffb13c8 -loc_fffac3a2: +loc_fffb13b7: mov dword [ecx - 0x48], 0 mov dword [ecx + 0x22f], 1 -loc_fffac3b3: +loc_fffb13c8: mov dword [ecx - 0x50], 2 inc byte [ebx + 0x196a] mov dword [ecx - 0x4c], 1 -jmp short loc_fffac40f ; jmp 0xfffac40f +jmp short loc_fffb1424 ; jmp 0xfffb1424 -loc_fffac3c9: +loc_fffb13de: mov dword [ecx - 0x48], 1 mov dword [ecx + 0x22f], 1 mov dword [ecx - 0x50], 1 mov dword [ecx - 0x4c], 0 -jmp short loc_fffac40f ; jmp 0xfffac40f +jmp short loc_fffb1424 ; jmp 0xfffb1424 -loc_fffac3ea: +loc_fffb13ff: mov dword [ecx - 0x48], 0 mov dword [ecx + 0x22f], 0 mov dword [ecx - 0x50], 2 inc byte [ebx + 0x196a] mov dword [ecx - 0x4c], 2 -loc_fffac40f: +loc_fffb1424: mov edx, dword [ebp - 0x40] push eax imul eax, dword [ebp - 0x2c], 0xc @@ -16154,7 +23073,7 @@ and eax, 7 mov byte [ebp - 0x46], al shl byte [ebp - 0x46], 4 -loc_fffac47a: +loc_fffb148f: mov dword [ebp - 0x54], ecx mov ecx, dword [ebp - 0x34] mov edx, dword [edi + 1] @@ -16169,7 +23088,7 @@ mov edx, dword [ebp - 0x30] mov byte [ecx + 0x22e], al push eax push 3 -push ref_fffd3620 ; push 0xfffd3620 +push ref_fffd3980 ; push 0xfffd3980 lea eax, [ecx - 4] push eax call dword [edx + 0x58] ; ucall @@ -16190,22 +23109,22 @@ mov byte [ecx + 0x47], al mov ecx, dword [ebp - 0x34] cmp dword [ecx - 0x48], 1 mov ecx, dword [ebp - 0x54] -ja short loc_fffac552 ; ja 0xfffac552 +ja short loc_fffb1567 ; ja 0xfffb1567 test dl, dl -je short loc_fffac523 ; je 0xfffac523 +je short loc_fffb1538 ; je 0xfffb1538 mov eax, dword [ebp - 0x44] cmp eax, 3 sete dl test eax, eax sete al or dl, al -je short loc_fffac552 ; je 0xfffac552 +je short loc_fffb1567 ; je 0xfffb1567 push edx movzx eax, byte [ebp - 0x48] push 0x41 -push ref_fffd35a0 ; push 0xfffd35a0 +push ref_fffd3900 ; push 0xfffd3900 push 0x3c -push ref_fffd35e4 ; push 0xfffd35e4 +push ref_fffd3944 ; push 0xfffd3944 push dword [ebp - 0x34] mov dword [ebp - 0x4c], ecx push eax @@ -16213,9 +23132,9 @@ mov eax, dword [ebp - 0x30] push dword [ebp - 0x50] call dword [eax + 0x78] ; ucall add esp, 0x20 -jmp short loc_fffac54f ; jmp 0xfffac54f +jmp short loc_fffb1564 ; jmp 0xfffb1564 -loc_fffac523: +loc_fffb1538: mov dword [ebp - 0x4c], ecx mov ecx, dword [ebp - 0x2c] push eax @@ -16232,297 +23151,48 @@ push dword [ebp - 0x34] call dword [eax + 0x58] ; ucall add esp, 0x10 -loc_fffac54f: +loc_fffb1564: mov ecx, dword [ebp - 0x4c] -loc_fffac552: +loc_fffb1567: inc dword [ebp - 0x38] add dword [ebp - 0x34], 0x277 cmp dword [ebp - 0x38], 2 -jne loc_fffac47a ; jne 0xfffac47a +jne loc_fffb148f ; jne 0xfffb148f inc dword [ebp - 0x2c] add ecx, 0x54a cmp dword [ebp - 0x2c], 2 -jne loc_fffac36f ; jne 0xfffac36f +jne loc_fffb1384 ; jne 0xfffb1384 mov eax, dword [ebp - 0x44] mov edx, edi cmp eax, 2 -je short loc_fffac59a ; je 0xfffac59a +je short loc_fffb15af ; je 0xfffb15af cmp eax, 3 -je short loc_fffac5a9 ; je 0xfffac5a9 +je short loc_fffb15be ; je 0xfffb15be dec eax mov eax, dword [ebp - 0x3c] -jne short loc_fffac5b8 ; jne 0xfffac5b8 -call fcn_fffc3e29 ; call 0xfffc3e29 +jne short loc_fffb15cd ; jne 0xfffb15cd +call fcn_fffc3d1e ; call 0xfffc3d1e mov eax, 1 -jmp short loc_fffac5bf ; jmp 0xfffac5bf +jmp short loc_fffb15d4 ; jmp 0xfffb15d4 -loc_fffac59a: +loc_fffb15af: mov eax, dword [ebp - 0x3c] -call fcn_fffc3e29 ; call 0xfffc3e29 +call fcn_fffc3d1e ; call 0xfffc3d1e mov eax, 2 -jmp short loc_fffac5bf ; jmp 0xfffac5bf +jmp short loc_fffb15d4 ; jmp 0xfffb15d4 -loc_fffac5a9: +loc_fffb15be: mov eax, dword [ebp - 0x3c] -call fcn_fffc3e29 ; call 0xfffc3e29 +call fcn_fffc3d1e ; call 0xfffc3d1e mov eax, 3 -jmp short loc_fffac5bf ; jmp 0xfffac5bf - -loc_fffac5b8: -call fcn_fffc3e29 ; call 0xfffc3e29 -xor eax, eax - -loc_fffac5bf: -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffac5c7: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, edx -push esi -mov esi, 1 -push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 8] -lea ecx, [edx - 4] -cmp ecx, 3 -cmova esi, dword [ebp + 0x10] -and edi, 3 -mov dword [ebp - 0x1c], ebx -mov ebx, dword [ebp + 0xc] -cmp edi, 3 -sete cl -test al, al -sete dl -mov dword [ebp - 0x20], ebx -test cl, dl -jne short loc_fffac666 ; jne 0xfffac666 -mov ecx, 0xffff -xor ebx, ebx -test al, al -je short loc_fffac60f ; je 0xfffac60f -or ecx, 0xffffffff -xor ebx, ebx - -loc_fffac60f: ; not directly referenced -test esi, esi -jne short loc_fffac62a ; jne 0xfffac62a -cmp dword [ebp - 0x20], ebx -jb short loc_fffac626 ; jb 0xfffac626 -ja short loc_fffac61f ; ja 0xfffac61f -cmp dword [ebp - 0x1c], ecx - -loc_fffac61d: ; not directly referenced -jbe short loc_fffac626 ; jbe 0xfffac626 - -loc_fffac61f: ; not directly referenced -mov eax, 0x80000003 -jmp short loc_fffac66b ; jmp 0xfffac66b - -loc_fffac626: ; not directly referenced -xor eax, eax -jmp short loc_fffac66b ; jmp 0xfffac66b - -loc_fffac62a: ; not directly referenced -push eax -push edi -push ebx -push ecx -call fcn_fffab0ef ; call 0xfffab0ef -lea ecx, [esi - 1] -add esp, 0x10 -cmp edx, 0 -ja short loc_fffac642 ; ja 0xfffac642 -cmp eax, ecx -jb short loc_fffac61f ; jb 0xfffac61f - -loc_fffac642: ; not directly referenced -push ecx -push edi -xor edi, edi -sub eax, esi -sbb edx, edi -add eax, 1 -adc edx, 0 -push edx -push eax -call fcn_fffab0f8 ; call 0xfffab0f8 -add esp, 0x10 -cmp dword [ebp - 0x20], edx -ja short loc_fffac61f ; ja 0xfffac61f -jb short loc_fffac626 ; jb 0xfffac626 -cmp dword [ebp - 0x1c], eax -jmp short loc_fffac61d ; jmp 0xfffac61d - -loc_fffac666: ; not directly referenced -mov eax, 0x80000002 - -loc_fffac66b: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffac673: -push ebp -mov ebp, esp -pop ebp -jmp near loc_fffd286c ; jmp 0xfffd286c - -fcn_fffac67c: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -xor eax, eax -push ebx -lea esi, [edi + 0x374e] -sub esp, 0x3c -mov byte [ebp - 0x29], 0 -mov dword [ebp - 0x3c], esi - -loc_fffac696: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x29], 1 -setbe dl -test cl, dl -je loc_fffac7df ; je 0xfffac7df -movzx eax, byte [ebp - 0x29] -imul edx, eax, 0x13c3 -mov dword [ebp - 0x30], eax -lea eax, [edi + edx] -cmp dword [eax + 0x3756], 2 -jne loc_fffac7d0 ; jne 0xfffac7d0 -mov ebx, dword [ebp - 0x3c] -xor ecx, ecx -mov dword [ebp - 0x38], eax -lea esi, [ebx + edx + 8] -mov dword [ebp - 0x34], esi -mov esi, 1 - -loc_fffac6db: ; not directly referenced -mov edx, dword [ebp - 0x38] -mov eax, 1 -mov bl, cl -shl eax, cl -test byte [edx + 0x381a], al -je loc_fffac7ac ; je 0xfffac7ac -cmp byte [edi + 0x247b], 0 -je short loc_fffac719 ; je 0xfffac719 -mov al, cl -mov esi, dword [ebp - 0x34] -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -mov si, word [esi + eax + 0x126d] -jmp near loc_fffac7a2 ; jmp 0xfffac7a2 - -loc_fffac719: ; not directly referenced -mov edx, dword [ebp - 0x30] -mov eax, edi -mov dword [ebp - 0x40], ecx -call fcn_fffa6c42 ; call 0xfffa6c42 -test eax, eax -je loc_fffac7da ; je 0xfffac7da -mov dl, byte [eax + 1] -xor eax, eax -mov ecx, dword [ebp - 0x40] -test dl, dl -je short loc_fffac77a ; je 0xfffac77a -cmp dl, 0x3c -je short loc_fffac764 ; je 0xfffac764 -cmp dl, 0x78 -je short loc_fffac768 ; je 0xfffac768 -cmp dl, 0x28 -je short loc_fffac76c ; je 0xfffac76c -cmp dl, 0xf0 -je short loc_fffac770 ; je 0xfffac770 -cmp dl, 0x30 -je short loc_fffac774 ; je 0xfffac774 -cmp dl, 0x50 -je short loc_fffac778 ; je 0xfffac778 -cmp dl, 0x22 -mov al, 7 -mov dl, 0 -cmovne eax, edx -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac764: ; not directly referenced -mov al, 1 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac768: ; not directly referenced -mov al, 2 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac76c: ; not directly referenced -mov al, 3 -jmp short loc_fffac77a ; jmp 0xfffac77a +jmp short loc_fffb15d4 ; jmp 0xfffb15d4 -loc_fffac770: ; not directly referenced -mov al, 4 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac774: ; not directly referenced -mov al, 5 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac778: ; not directly referenced -mov al, 6 - -loc_fffac77a: ; not directly referenced -shl eax, 8 -and si, 0xf8ff -or esi, eax -mov al, bl -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -add eax, dword [ebp - 0x34] -mov word [eax + 0x126d], si -mov word [eax + 0x1285], si - -loc_fffac7a2: ; not directly referenced -shr bl, 1 -movzx ebx, bl -mov word [ebp + ebx*2 - 0x1c], si - -loc_fffac7ac: ; not directly referenced -add ecx, 2 -cmp ecx, 4 -jne loc_fffac6db ; jne 0xfffac6db -mov edx, dword [ebp - 0x30] -sub esp, 0xc -mov cl, 1 -lea eax, [ebp - 0x1c] -push eax -mov eax, edi -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffac7d2 ; jmp 0xfffac7d2 - -loc_fffac7d0: ; not directly referenced +loc_fffb15cd: +call fcn_fffc3d1e ; call 0xfffc3d1e xor eax, eax -loc_fffac7d2: ; not directly referenced -inc byte [ebp - 0x29] -jmp near loc_fffac696 ; jmp 0xfffac696 - -loc_fffac7da: ; not directly referenced -mov eax, 1 - -loc_fffac7df: ; not directly referenced +loc_fffb15d4: lea esp, [ebp - 0xc] pop ebx pop esi @@ -16530,7 +23200,7 @@ pop edi pop ebp ret -fcn_fffac7e7: ; not directly referenced +fcn_fffb15dc: ; not directly referenced push ebp mov eax, 1 mov ebp, esp @@ -16548,21 +23218,21 @@ shl eax, cl lea ecx, [esi - 1] sar ebx, cl test ebx, ebx -je short loc_fffac815 ; je 0xfffac815 +je short loc_fffb160a ; je 0xfffb160a or eax, edx -jmp short loc_fffac819 ; jmp 0xfffac819 +jmp short loc_fffb160e ; jmp 0xfffb160e -loc_fffac815: ; not directly referenced +loc_fffb160a: ; not directly referenced not eax and eax, edx -loc_fffac819: ; not directly referenced +loc_fffb160e: ; not directly referenced pop ebx pop esi pop ebp ret -fcn_fffac81d: ; not directly referenced +fcn_fffb1612: ; not directly referenced push ebp mov ebp, esp movzx eax, byte [ebp + 0xc] @@ -16574,7 +23244,7 @@ sete al movzx eax, al ret -fcn_fffac83c: ; not directly referenced +fcn_fffb1631: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -16582,14 +23252,14 @@ mov ecx, dword [ebp + 0xc] mov edx, dword [eax + 0xd5] and edx, 0xfffffffd dec edx -jne short loc_fffac856 ; jne 0xfffac856 +jne short loc_fffb164b ; jne 0xfffb164b mov dl, byte [ecx + 0x3e] -jmp short loc_fffac85c ; jmp 0xfffac85c +jmp short loc_fffb1651 ; jmp 0xfffb1651 -loc_fffac856: ; not directly referenced +loc_fffb164b: ; not directly referenced mov dl, byte [ecx + 0x82] -loc_fffac85c: ; not directly referenced +loc_fffb1651: ; not directly referenced mov cl, dl and edx, 0x1f shr cl, 7 @@ -16601,7 +23271,7 @@ mov eax, 1 pop ebp ret -fcn_fffac879: ; not directly referenced +fcn_fffb166e: ; not directly referenced push ebp mov ebp, esp push edi @@ -16616,71 +23286,71 @@ mov dword [ebp - 0x2c], edi lea edi, [eax + 0x2407] mov dword [ebp - 0x48], edi -loc_fffac8a5: ; not directly referenced +loc_fffb169a: ; not directly referenced mov edi, dword [ebp - 0x20] mov edx, 0x4b0 lea ecx, [edi - 2] cmp ecx, 1 -ja short loc_fffac8d7 ; ja 0xfffac8d7 -cmp byte [eax + 0x3749], 0 -jne short loc_fffac8d5 ; jne 0xfffac8d5 +ja short loc_fffb16cc ; ja 0xfffb16cc +cmp byte [eax + 0x374a], 0 +jne short loc_fffb16ca ; jne 0xfffb16ca -loc_fffac8be: ; not directly referenced +loc_fffb16b3: ; not directly referenced inc dword [ebp - 0x20] add dword [ebp - 0x3c], 0x23 cmp dword [ebp - 0x20], 4 -jne short loc_fffac8a5 ; jne 0xfffac8a5 +jne short loc_fffb169a ; jne 0xfffb169a mov edx, 0xfffffffe -jmp near loc_fffacb46 ; jmp 0xfffacb46 +jmp near loc_fffb193b ; jmp 0xfffb193b -loc_fffac8d5: ; not directly referenced +loc_fffb16ca: ; not directly referenced xor edx, edx -loc_fffac8d7: ; not directly referenced +loc_fffb16cc: ; not directly referenced mov edi, dword [ebp - 0x20] mov dword [ebp + edi*4 - 0x1c], edx mov edi, dword [ebp - 0x3c] lea edx, [eax + 0x1973] mov dword [ebp - 0x30], edx -lea edx, [eax + 0x3756] +lea edx, [eax + 0x3757] mov dword [ebp - 0x28], edx lea ebx, [edi + 0x18b] add edi, 0xbb mov dword [ebp - 0x40], ebx mov dword [ebp - 0x44], edi -loc_fffac905: ; not directly referenced +loc_fffb16fa: ; not directly referenced mov edx, dword [ebp - 0x30] mov dword [ebp - 0x24], 0 mov dword [ebp - 0x38], edx -loc_fffac912: ; not directly referenced +loc_fffb1707: ; not directly referenced mov ebx, dword [ebp - 0x28] mov edi, dword [ebp - 0x24] cmp dword [ebx + edi + 0x1173], 2 -jne loc_fffacb0c ; jne 0xfffacb0c +jne loc_fffb1901 ; jne 0xfffb1901 mov edi, dword [ebp - 0x20] cmp edi, 1 -je loc_fffac9d2 ; je 0xfffac9d2 -jb loc_fffac9e0 ; jb 0xfffac9e0 +je loc_fffb17c7 ; je 0xfffb17c7 +jb loc_fffb17d5 ; jb 0xfffb17d5 cmp edi, 3 -ja loc_fffac9e0 ; ja 0xfffac9e0 +ja loc_fffb17d5 ; ja 0xfffb17d5 mov edx, ebx mov ebx, dword [ebp - 0x24] cmp edi, 2 mov dl, byte [edx + ebx + 0x1269] -jne short loc_fffac95f ; jne 0xfffac95f +jne short loc_fffb1754 ; jne 0xfffb1754 and dl, 1 -jne short loc_fffac96a ; jne 0xfffac96a +jne short loc_fffb175f ; jne 0xfffb175f xor di, di -jmp near loc_fffacafc ; jmp 0xfffacafc +jmp near loc_fffb18f1 ; jmp 0xfffb18f1 -loc_fffac95f: ; not directly referenced +loc_fffb1754: ; not directly referenced xor edi, edi and dl, 2 -je loc_fffacafc ; je 0xfffacafc +je loc_fffb18f1 ; je 0xfffb18f1 -loc_fffac96a: ; not directly referenced +loc_fffb175f: ; not directly referenced mov edi, dword [ebp - 0x28] mov edx, dword [ebp - 0x24] mov ecx, dword [ebp - 0x44] @@ -16709,21 +23379,21 @@ cmp edx, 0x4b0 cmovae ebx, edx cmp ebx, 0x672 cmovbe edi, ebx -jmp near loc_fffacafc ; jmp 0xfffacafc +jmp near loc_fffb18f1 ; jmp 0xfffb18f1 -loc_fffac9d2: ; not directly referenced +loc_fffb17c7: ; not directly referenced mov edi, dword [eax + 0x18a3] test edi, edi -jne loc_fffacafc ; jne 0xfffacafc +jne loc_fffb18f1 ; jne 0xfffb18f1 -loc_fffac9e0: ; not directly referenced +loc_fffb17d5: ; not directly referenced mov edi, dword [ebp - 0x24] mov ebx, dword [ebp - 0x28] mov edx, dword [ebx + edi + 0x1248] mov edi, 0x4b0 and edx, 0xfffffffd dec edx -jne loc_fffacafc ; jne 0xfffacafc +jne loc_fffb18f1 ; jne 0xfffb18f1 mov edx, dword [ebp - 0x38] mov edi, dword [ebp - 0x2c] mov cl, byte [edx + 0x4e] @@ -16738,21 +23408,21 @@ mov byte [ebp - 0x32], cl and byte [ebp - 0x31], 1 and byte [ebp - 0x32], 1 cmp edi, 0x40650 -je short loc_fffaca56 ; je 0xfffaca56 +je short loc_fffb184b ; je 0xfffb184b cmp edi, 0x40660 sete bl cmp edi, 0x306c0 sete cl or bl, cl -jne short loc_fffaca56 ; jne 0xfffaca56 +jne short loc_fffb184b ; jne 0xfffb184b cmp edi, 0x40670 sete bl cmp edi, 0x306d0 sete cl or bl, cl -je short loc_fffaca9b ; je 0xfffaca9b +je short loc_fffb1890 ; je 0xfffb1890 -loc_fffaca56: ; not directly referenced +loc_fffb184b: ; not directly referenced mov bl, byte [ebp - 0x32] and esi, 0xfffffff9 mov cl, byte [ebp - 0x31] @@ -16772,22 +23442,22 @@ sbb edi, edi and edi, 0x96 add edi, 0x546 cmp dword [ebp - 0x2c], 0x40650 -jne short loc_fffacaa0 ; jne 0xfffacaa0 -jmp short loc_fffacab9 ; jmp 0xfffacab9 +jne short loc_fffb1895 ; jne 0xfffb1895 +jmp short loc_fffb18ae ; jmp 0xfffb18ae -loc_fffaca9b: ; not directly referenced +loc_fffb1890: ; not directly referenced mov edi, 0x5dc -loc_fffacaa0: ; not directly referenced +loc_fffb1895: ; not directly referenced mov ecx, dword [ebp - 0x2c] cmp ecx, 0x40670 sete bl cmp ecx, 0x306d0 sete cl or bl, cl -je short loc_fffacae7 ; je 0xfffacae7 +je short loc_fffb18dc ; je 0xfffb18dc -loc_fffacab9: ; not directly referenced +loc_fffb18ae: ; not directly referenced mov cl, byte [ebp - 0x32] and esi, 0xfffffff9 mov bl, byte [ebp - 0x31] @@ -16804,50 +23474,50 @@ mov edx, 0x4b0 test esi, 2 cmovne edi, edx -loc_fffacae7: ; not directly referenced +loc_fffb18dc: ; not directly referenced cmp dword [ebp - 0x20], 0 -jne short loc_fffacafc ; jne 0xfffacafc +jne short loc_fffb18f1 ; jne 0xfffb18f1 cmp dword [eax + 0x187f], 1 mov ebx, 0x5dc cmove edi, ebx -loc_fffacafc: ; not directly referenced +loc_fffb18f1: ; not directly referenced mov ebx, dword [ebp - 0x20] mov edx, dword [ebp + ebx*4 - 0x1c] cmp edi, edx cmovb edi, edx mov dword [ebp + ebx*4 - 0x1c], edi -loc_fffacb0c: ; not directly referenced +loc_fffb1901: ; not directly referenced add dword [ebp - 0x24], 0x128 add dword [ebp - 0x38], 0x277 cmp dword [ebp - 0x24], 0x250 -jne loc_fffac912 ; jne 0xfffac912 +jne loc_fffb1707 ; jne 0xfffb1707 add dword [ebp - 0x30], 0x54a mov edi, dword [ebp - 0x48] add dword [ebp - 0x28], 0x13c3 cmp dword [ebp - 0x30], edi -jne loc_fffac905 ; jne 0xfffac905 -jmp near loc_fffac8be ; jmp 0xfffac8be +jne loc_fffb16fa ; jne 0xfffb16fa +jmp near loc_fffb16b3 ; jmp 0xfffb16b3 -loc_fffacb46: ; not directly referenced +loc_fffb193b: ; not directly referenced cmp edx, 1 -ja short loc_fffacb54 ; ja 0xfffacb54 -cmp byte [eax + 0x3749], 0 -je short loc_fffacb7b ; je 0xfffacb7b +ja short loc_fffb1949 ; ja 0xfffb1949 +cmp byte [eax + 0x374a], 0 +je short loc_fffb1970 ; je 0xfffb1970 -loc_fffacb54: ; not directly referenced +loc_fffb1949: ; not directly referenced mov ecx, dword [ebp + edx*4 - 0x14] -mov dword [eax + edx*4 + 0x373d], ecx -mov dword [eax + edx*4 + 0x498d], ecx -mov dword [eax + edx*4 + 0x4ab5], ecx -mov dword [eax + edx*4 + 0x5d50], ecx -mov dword [eax + edx*4 + 0x5e78], ecx +mov dword [eax + edx*4 + 0x373e], ecx +mov dword [eax + edx*4 + 0x498e], ecx +mov dword [eax + edx*4 + 0x4ab6], ecx +mov dword [eax + edx*4 + 0x5d51], ecx +mov dword [eax + edx*4 + 0x5e79], ecx -loc_fffacb7b: ; not directly referenced +loc_fffb1970: ; not directly referenced inc edx cmp edx, 2 -jne short loc_fffacb46 ; jne 0xfffacb46 +jne short loc_fffb193b ; jne 0xfffb193b add esp, 0x3c mov eax, 1 pop ebx @@ -16856,7 +23526,7 @@ pop edi pop ebp ret -fcn_fffacb8e: ; not directly referenced +fcn_fffb1983: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -16866,25 +23536,25 @@ push ebx sub esp, 0x34 mov edi, dword [ebp + 8] -loc_fffacb9c: ; not directly referenced +loc_fffb1991: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffacbc3 ; ja 0xfffacbc3 -cmp byte [edi + 0x3749], 0 -jne short loc_fffacbc3 ; jne 0xfffacbc3 +ja short loc_fffb19b8 ; ja 0xfffb19b8 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb19b8 ; jne 0xfffb19b8 -loc_fffacbad: ; not directly referenced +loc_fffb19a2: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffacb9c ; jne 0xfffacb9c -lea eax, [edi + 0x48d1] +jne short loc_fffb1991 ; jne 0xfffb1991 +lea eax, [edi + 0x48d2] mov ecx, 0xfffffffe -jmp near loc_fffacd00 ; jmp 0xfffacd00 +jmp near loc_fffb1af5 ; jmp 0xfffb1af5 -loc_fffacbc3: ; not directly referenced +loc_fffb19b8: ; not directly referenced xor edx, edx cmp ecx, 1 -lea esi, [edi + 0x49bf] +lea esi, [edi + 0x49c0] setbe dl mov dword [ebp - 0x2c], esi imul eax, eax, 0x23 @@ -16896,7 +23566,7 @@ mov dword [ebp - 0x34], esi mov dword [ebp - 0x40], ebx mov dword [ebp - 0x30], eax -loc_fffacbf5: ; not directly referenced +loc_fffb19ea: ; not directly referenced mov eax, dword [ebp - 0x40] mov ebx, dword [ebp - 0x2c] mov dword [ebp - 0x28], 0 @@ -16905,9 +23575,9 @@ mov dword [ebp - 0x3c], eax mov eax, dword [ebp - 0x24] lea esi, [edi + eax + 0x1973] -loc_fffacc11: ; not directly referenced +loc_fffb1a06: ; not directly referenced cmp dword [ebx - 0xf6], 2 -jne loc_fffaccc6 ; jne 0xfffaccc6 +jne loc_fffb1abb ; jne 0xfffb1abb mov eax, dword [ebp - 0x34] mov edx, dword [ebp - 0x28] mov eax, dword [ebx + eax - 0xf2] @@ -16916,39 +23586,39 @@ mov eax, dword [ebp - 0x3c] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x38], eax cmp ecx, 1 -je short loc_fffacc9d ; je 0xfffacc9d -jb short loc_fffaccb4 ; jb 0xfffaccb4 +je short loc_fffb1a92 ; je 0xfffb1a92 +jb short loc_fffb1aa9 ; jb 0xfffb1aa9 cmp ecx, 3 -ja short loc_fffaccb4 ; ja 0xfffaccb4 +ja short loc_fffb1aa9 ; ja 0xfffb1aa9 cmp ecx, 2 mov dl, byte [ebx] -jne short loc_fffacc57 ; jne 0xfffacc57 +jne short loc_fffb1a4c ; jne 0xfffb1a4c and dl, 1 -jne short loc_fffacc5e ; jne 0xfffacc5e +jne short loc_fffb1a53 ; jne 0xfffb1a53 xor eax, eax -jmp short loc_fffaccb9 ; jmp 0xfffaccb9 +jmp short loc_fffb1aae ; jmp 0xfffb1aae -loc_fffacc57: ; not directly referenced +loc_fffb1a4c: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffaccb9 ; je 0xfffaccb9 +je short loc_fffb1aae ; je 0xfffb1aae -loc_fffacc5e: ; not directly referenced +loc_fffb1a53: ; not directly referenced mov eax, dword [ebx - 0x21] and eax, 0xfffffffd dec eax mov eax, dword [ebp - 0x30] -jne short loc_fffacc74 ; jne 0xfffacc74 +jne short loc_fffb1a69 ; jne 0xfffb1a69 movzx edx, byte [esi + eax + 0x118] -jmp short loc_fffacc7c ; jmp 0xfffacc7c +jmp short loc_fffb1a71 ; jmp 0xfffb1a71 -loc_fffacc74: ; not directly referenced +loc_fffb1a69: ; not directly referenced movzx edx, byte [esi + eax + 0x1e8] -loc_fffacc7c: ; not directly referenced +loc_fffb1a71: ; not directly referenced xor eax, eax cmp dword [ebp - 0x20], 0 -je short loc_fffaccb9 ; je 0xfffaccb9 +je short loc_fffb1aae ; je 0xfffb1aae imul edx, dword [ebp - 0x38] mov eax, dword [ebp - 0x20] lea eax, [eax + edx - 1] @@ -16956,46 +23626,46 @@ xor edx, edx div dword [ebp - 0x20] mov edx, 2 test eax, eax -jmp short loc_fffaccaf ; jmp 0xfffaccaf +jmp short loc_fffb1aa4 ; jmp 0xfffb1aa4 -loc_fffacc9d: ; not directly referenced +loc_fffb1a92: ; not directly referenced mov dx, word [esi + 0x24c] movzx eax, dx test dx, dx mov edx, 1 -loc_fffaccaf: ; not directly referenced +loc_fffb1aa4: ; not directly referenced cmove eax, edx -jmp short loc_fffaccb9 ; jmp 0xfffaccb9 +jmp short loc_fffb1aae ; jmp 0xfffb1aae -loc_fffaccb4: ; not directly referenced +loc_fffb1aa9: ; not directly referenced mov eax, 1 -loc_fffaccb9: ; not directly referenced +loc_fffb1aae: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffaccc6: ; not directly referenced +loc_fffb1abb: ; not directly referenced add dword [ebp - 0x28], 0x20 add ebx, 0x128 add esi, 0x277 cmp dword [ebp - 0x28], 0x40 -jne loc_fffacc11 ; jne 0xfffacc11 +jne loc_fffb1a06 ; jne 0xfffb1a06 add dword [ebp - 0x24], 0x54a add dword [ebp - 0x2c], 0x13c3 cmp dword [ebp - 0x24], 0xa94 -jne loc_fffacbf5 ; jne 0xfffacbf5 -jmp near loc_fffacbad ; jmp 0xfffacbad +jne loc_fffb19ea ; jne 0xfffb19ea +jmp near loc_fffb19a2 ; jmp 0xfffb19a2 -loc_fffacd00: ; not directly referenced +loc_fffb1af5: ; not directly referenced cmp ecx, 1 -ja short loc_fffacd0e ; ja 0xfffacd0e -cmp byte [edi + 0x3749], 0 -je short loc_fffacd38 ; je 0xfffacd38 +ja short loc_fffb1b03 ; ja 0xfffb1b03 +cmp byte [edi + 0x374a], 0 +je short loc_fffb1b2d ; je 0xfffb1b2d -loc_fffacd0e: ; not directly referenced +loc_fffb1b03: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -17004,11 +23674,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffacd38: ; not directly referenced +loc_fffb1b2d: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffacd00 ; jne 0xfffacd00 +jne short loc_fffb1af5 ; jne 0xfffb1af5 add esp, 0x34 mov eax, 1 pop ebx @@ -17017,7 +23687,7 @@ pop edi pop ebp ret -fcn_fffacd4e: ; not directly referenced +fcn_fffb1b43: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -17027,67 +23697,67 @@ push ebx sub esp, 0x24 mov edi, dword [ebp + 8] -loc_fffacd5c: ; not directly referenced +loc_fffb1b51: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffacd83 ; ja 0xfffacd83 -cmp byte [edi + 0x3749], 0 -jne short loc_fffacd83 ; jne 0xfffacd83 +ja short loc_fffb1b78 ; ja 0xfffb1b78 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb1b78 ; jne 0xfffb1b78 -loc_fffacd6d: ; not directly referenced +loc_fffb1b62: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffacd5c ; jne 0xfffacd5c -lea eax, [edi + 0x48f9] +jne short loc_fffb1b51 ; jne 0xfffb1b51 +lea eax, [edi + 0x48fa] mov ecx, 0xfffffffe -jmp near loc_ffface4e ; jmp 0xffface4e +jmp near loc_fffb1c43 ; jmp 0xfffb1c43 -loc_fffacd83: ; not directly referenced -lea eax, [edi + 0x48c9] +loc_fffb1b78: ; not directly referenced +lea eax, [edi + 0x48ca] mov dword [ebp - 0x28], eax imul eax, ecx, 0x2e mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 mov dword [ebp - 0x2c], eax -loc_fffacda1: ; not directly referenced +loc_fffb1b96: ; not directly referenced mov eax, dword [ebp - 0x20] mov ebx, dword [ebp - 0x28] mov dword [ebp - 0x24], 0 lea eax, [edi + eax + 0x196b] mov dword [ebp - 0x30], eax -loc_fffacdb8: ; not directly referenced +loc_fffb1bad: ; not directly referenced cmp dword [ebx], 2 -jne short loc_ffface18 ; jne 0xffface18 +jne short loc_fffb1c0d ; jne 0xfffb1c0d mov eax, dword [ebp - 0x2c] mov esi, dword [ebx + eax + 4] cmp ecx, 1 -je short loc_fffacdd4 ; je 0xfffacdd4 -jb short loc_fffacde7 ; jb 0xfffacde7 +je short loc_fffb1bc9 ; je 0xfffb1bc9 +jb short loc_fffb1bdc ; jb 0xfffb1bdc xor eax, eax cmp ecx, 3 -jbe short loc_ffface00 ; jbe 0xffface00 -jmp short loc_fffacde7 ; jmp 0xfffacde7 +jbe short loc_fffb1bf5 ; jbe 0xfffb1bf5 +jmp short loc_fffb1bdc ; jmp 0xfffb1bdc -loc_fffacdd4: ; not directly referenced +loc_fffb1bc9: ; not directly referenced mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x24] movzx eax, word [eax + edx + 0x27a] test ax, ax -jne short loc_ffface00 ; jne 0xffface00 +jne short loc_fffb1bf5 ; jne 0xfffb1bf5 -loc_fffacde7: ; not directly referenced +loc_fffb1bdc: ; not directly referenced xor eax, eax cmp dword [ebx + 0xd5], 2 -jne short loc_ffface00 ; jne 0xffface00 +jne short loc_fffb1bf5 ; jne 0xfffb1bf5 test esi, esi -je short loc_ffface00 ; je 0xffface00 +je short loc_fffb1bf5 ; je 0xfffb1bf5 lea eax, [esi + 0x26259f] xor edx, edx div esi -loc_ffface00: ; not directly referenced +loc_fffb1bf5: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 4 mov esi, 4 @@ -17096,24 +23766,24 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_ffface18: ; not directly referenced +loc_fffb1c0d: ; not directly referenced add dword [ebp - 0x24], 0x277 add ebx, 0x128 cmp dword [ebp - 0x24], 0x4ee -jne short loc_fffacdb8 ; jne 0xfffacdb8 +jne short loc_fffb1bad ; jne 0xfffb1bad add dword [ebp - 0x20], 0x54a add dword [ebp - 0x28], 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffacda1 ; jne 0xfffacda1 -jmp near loc_fffacd6d ; jmp 0xfffacd6d +jne loc_fffb1b96 ; jne 0xfffb1b96 +jmp near loc_fffb1b62 ; jmp 0xfffb1b62 -loc_ffface4e: ; not directly referenced +loc_fffb1c43: ; not directly referenced cmp ecx, 1 -ja short loc_ffface5c ; ja 0xffface5c -cmp byte [edi + 0x3749], 0 -je short loc_ffface86 ; je 0xffface86 +ja short loc_fffb1c51 ; ja 0xfffb1c51 +cmp byte [edi + 0x374a], 0 +je short loc_fffb1c7b ; je 0xfffb1c7b -loc_ffface5c: ; not directly referenced +loc_fffb1c51: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -17122,11 +23792,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_ffface86: ; not directly referenced +loc_fffb1c7b: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_ffface4e ; jne 0xffface4e +jne short loc_fffb1c43 ; jne 0xfffb1c43 add esp, 0x24 mov eax, 1 pop ebx @@ -17135,7 +23805,7 @@ pop edi pop ebp ret -fcn_ffface9c: ; not directly referenced +fcn_fffb1c91: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -17145,67 +23815,67 @@ push ebx sub esp, 0x24 mov edi, dword [ebp + 8] -loc_fffaceaa: ; not directly referenced +loc_fffb1c9f: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffaced1 ; ja 0xfffaced1 -cmp byte [edi + 0x3749], 0 -jne short loc_fffaced1 ; jne 0xfffaced1 +ja short loc_fffb1cc6 ; ja 0xfffb1cc6 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb1cc6 ; jne 0xfffb1cc6 -loc_fffacebb: ; not directly referenced +loc_fffb1cb0: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffaceaa ; jne 0xfffaceaa -lea eax, [edi + 0x48f7] +jne short loc_fffb1c9f ; jne 0xfffb1c9f +lea eax, [edi + 0x48f8] mov ecx, 0xfffffffe -jmp near loc_fffacf9c ; jmp 0xfffacf9c +jmp near loc_fffb1d91 ; jmp 0xfffb1d91 -loc_fffaced1: ; not directly referenced -lea eax, [edi + 0x48c9] +loc_fffb1cc6: ; not directly referenced +lea eax, [edi + 0x48ca] mov dword [ebp - 0x28], eax imul eax, ecx, 0x2e mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 mov dword [ebp - 0x2c], eax -loc_fffaceef: ; not directly referenced +loc_fffb1ce4: ; not directly referenced mov eax, dword [ebp - 0x20] mov ebx, dword [ebp - 0x28] mov dword [ebp - 0x24], 0 lea eax, [edi + eax + 0x196b] mov dword [ebp - 0x30], eax -loc_fffacf06: ; not directly referenced +loc_fffb1cfb: ; not directly referenced cmp dword [ebx], 2 -jne short loc_fffacf66 ; jne 0xfffacf66 +jne short loc_fffb1d5b ; jne 0xfffb1d5b mov eax, dword [ebp - 0x2c] mov esi, dword [ebx + eax + 4] cmp ecx, 1 -je short loc_fffacf22 ; je 0xfffacf22 -jb short loc_fffacf35 ; jb 0xfffacf35 +je short loc_fffb1d17 ; je 0xfffb1d17 +jb short loc_fffb1d2a ; jb 0xfffb1d2a xor eax, eax cmp ecx, 3 -jbe short loc_fffacf4e ; jbe 0xfffacf4e -jmp short loc_fffacf35 ; jmp 0xfffacf35 +jbe short loc_fffb1d43 ; jbe 0xfffb1d43 +jmp short loc_fffb1d2a ; jmp 0xfffb1d2a -loc_fffacf22: ; not directly referenced +loc_fffb1d17: ; not directly referenced mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x24] movzx eax, word [eax + edx + 0x27a] test ax, ax -jne short loc_fffacf4e ; jne 0xfffacf4e +jne short loc_fffb1d43 ; jne 0xfffb1d43 -loc_fffacf35: ; not directly referenced +loc_fffb1d2a: ; not directly referenced xor eax, eax cmp dword [ebx + 0xd5], 2 -jne short loc_fffacf4e ; jne 0xfffacf4e +jne short loc_fffb1d43 ; jne 0xfffb1d43 test esi, esi -je short loc_fffacf4e ; je 0xfffacf4e +je short loc_fffb1d43 ; je 0xfffb1d43 lea eax, [esi + 0x7270df] xor edx, edx div esi -loc_fffacf4e: ; not directly referenced +loc_fffb1d43: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 0xb mov esi, 0xb @@ -17214,24 +23884,24 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffacf66: ; not directly referenced +loc_fffb1d5b: ; not directly referenced add dword [ebp - 0x24], 0x277 add ebx, 0x128 cmp dword [ebp - 0x24], 0x4ee -jne short loc_fffacf06 ; jne 0xfffacf06 +jne short loc_fffb1cfb ; jne 0xfffb1cfb add dword [ebp - 0x20], 0x54a add dword [ebp - 0x28], 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffaceef ; jne 0xfffaceef -jmp near loc_fffacebb ; jmp 0xfffacebb +jne loc_fffb1ce4 ; jne 0xfffb1ce4 +jmp near loc_fffb1cb0 ; jmp 0xfffb1cb0 -loc_fffacf9c: ; not directly referenced +loc_fffb1d91: ; not directly referenced cmp ecx, 1 -ja short loc_fffacfaa ; ja 0xfffacfaa -cmp byte [edi + 0x3749], 0 -je short loc_fffacfd4 ; je 0xfffacfd4 +ja short loc_fffb1d9f ; ja 0xfffb1d9f +cmp byte [edi + 0x374a], 0 +je short loc_fffb1dc9 ; je 0xfffb1dc9 -loc_fffacfaa: ; not directly referenced +loc_fffb1d9f: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -17240,11 +23910,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffacfd4: ; not directly referenced +loc_fffb1dc9: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffacf9c ; jne 0xfffacf9c +jne short loc_fffb1d91 ; jne 0xfffb1d91 add esp, 0x24 mov eax, 1 pop ebx @@ -17253,7 +23923,7 @@ pop edi pop ebp ret -fcn_fffacfea: ; not directly referenced +fcn_fffb1ddf: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -17262,37 +23932,37 @@ push esi push ebx sub esp, 0x30 -loc_fffacff5: ; not directly referenced +loc_fffb1dea: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffad021 ; ja 0xfffad021 +ja short loc_fffb1e16 ; ja 0xfffb1e16 mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -jne short loc_fffad021 ; jne 0xfffad021 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb1e16 ; jne 0xfffb1e16 -loc_fffad009: ; not directly referenced +loc_fffb1dfe: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffacff5 ; jne 0xfffacff5 +jne short loc_fffb1dea ; jne 0xfffb1dea mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48f5 -jmp near loc_fffad142 ; jmp 0xfffad142 +add eax, 0x48f6 +jmp near loc_fffb1f37 ; jmp 0xfffb1f37 -loc_fffad021: ; not directly referenced +loc_fffb1e16: ; not directly referenced mov edi, dword [ebp + 8] imul esi, ecx, 0x2e imul eax, eax, 0x23 mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x24], 0 -lea ebx, [edi + 0x49bf] +lea ebx, [edi + 0x49c0] mov dword [ebp - 0x2c], ebx lea ebx, [ecx*8 - 0x1269] mov dword [ebp - 0x30], esi mov dword [ebp - 0x38], ebx mov dword [ebp - 0x3c], eax -loc_fffad052: ; not directly referenced +loc_fffb1e47: ; not directly referenced mov eax, dword [ebp - 0x38] mov esi, dword [ebp - 0x2c] mov edi, dword [ebp - 0x24] @@ -17302,9 +23972,9 @@ mov dword [ebp - 0x34], eax mov eax, dword [ebp + 8] lea edi, [eax + edi + 0x1973] -loc_fffad071: ; not directly referenced +loc_fffb1e66: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffad108 ; jne 0xfffad108 +jne loc_fffb1efd ; jne 0xfffb1efd mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x20] mov ebx, dword [esi + eax - 0xf2] @@ -17312,49 +23982,49 @@ mov eax, dword [ebp - 0x34] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x28], eax cmp ecx, 1 -je short loc_fffad0ce ; je 0xfffad0ce -jb short loc_fffad0da ; jb 0xfffad0da +je short loc_fffb1ec3 ; je 0xfffb1ec3 +jb short loc_fffb1ecf ; jb 0xfffb1ecf cmp ecx, 3 -ja short loc_fffad0da ; ja 0xfffad0da +ja short loc_fffb1ecf ; ja 0xfffb1ecf cmp ecx, 2 mov dl, byte [esi] -jne short loc_fffad0b4 ; jne 0xfffad0b4 +jne short loc_fffb1ea9 ; jne 0xfffb1ea9 and dl, 1 -jne short loc_fffad0bb ; jne 0xfffad0bb +jne short loc_fffb1eb0 ; jne 0xfffb1eb0 xor eax, eax -jmp short loc_fffad0f0 ; jmp 0xfffad0f0 +jmp short loc_fffb1ee5 ; jmp 0xfffb1ee5 -loc_fffad0b4: ; not directly referenced +loc_fffb1ea9: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffad0f0 ; je 0xfffad0f0 +je short loc_fffb1ee5 ; je 0xfffb1ee5 -loc_fffad0bb: ; not directly referenced +loc_fffb1eb0: ; not directly referenced mov eax, dword [ebp - 0x3c] movzx edx, byte [edi + eax + 0x115] xor eax, eax test ebx, ebx -je short loc_fffad0f0 ; je 0xfffad0f0 -jmp short loc_fffad0e4 ; jmp 0xfffad0e4 +je short loc_fffb1ee5 ; je 0xfffb1ee5 +jmp short loc_fffb1ed9 ; jmp 0xfffb1ed9 -loc_fffad0ce: ; not directly referenced +loc_fffb1ec3: ; not directly referenced movzx eax, word [edi + 0x270] test ax, ax -jne short loc_fffad0f0 ; jne 0xfffad0f0 +jne short loc_fffb1ee5 ; jne 0xfffb1ee5 -loc_fffad0da: ; not directly referenced +loc_fffb1ecf: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffad0f0 ; je 0xfffad0f0 +je short loc_fffb1ee5 ; je 0xfffb1ee5 movzx edx, byte [edi + 0x62] -loc_fffad0e4: ; not directly referenced +loc_fffb1ed9: ; not directly referenced imul edx, dword [ebp - 0x28] lea eax, [ebx + edx - 1] xor edx, edx div ebx -loc_fffad0f0: ; not directly referenced +loc_fffb1ee5: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 0xa mov ebx, 0xa @@ -17363,26 +24033,26 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffad108: ; not directly referenced +loc_fffb1efd: ; not directly referenced add dword [ebp - 0x20], 0x20 add esi, 0x128 add edi, 0x277 cmp dword [ebp - 0x20], 0x40 -jne loc_fffad071 ; jne 0xfffad071 +jne loc_fffb1e66 ; jne 0xfffb1e66 add dword [ebp - 0x24], 0x54a add dword [ebp - 0x2c], 0x13c3 cmp dword [ebp - 0x24], 0xa94 -jne loc_fffad052 ; jne 0xfffad052 -jmp near loc_fffad009 ; jmp 0xfffad009 +jne loc_fffb1e47 ; jne 0xfffb1e47 +jmp near loc_fffb1dfe ; jmp 0xfffb1dfe -loc_fffad142: ; not directly referenced +loc_fffb1f37: ; not directly referenced cmp ecx, 1 -ja short loc_fffad153 ; ja 0xfffad153 +ja short loc_fffb1f48 ; ja 0xfffb1f48 mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffad17d ; je 0xfffad17d +cmp byte [esi + 0x374a], 0 +je short loc_fffb1f72 ; je 0xfffb1f72 -loc_fffad153: ; not directly referenced +loc_fffb1f48: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -17391,11 +24061,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffad17d: ; not directly referenced +loc_fffb1f72: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffad142 ; jne 0xfffad142 +jne short loc_fffb1f37 ; jne 0xfffb1f37 add esp, 0x30 mov eax, 1 pop ebx @@ -17404,7 +24074,7 @@ pop edi pop ebp ret -fcn_fffad193: ; not directly referenced +fcn_fffb1f88: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -17414,25 +24084,25 @@ push ebx sub esp, 0x30 mov dword [ebp - 0x20], 0x10 -loc_fffad1a5: ; not directly referenced +loc_fffb1f9a: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffad1bd ; ja 0xfffad1bd +ja short loc_fffb1fb2 ; ja 0xfffb1fb2 mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je loc_fffad312 ; je 0xfffad312 +cmp byte [esi + 0x374a], 0 +je loc_fffb2107 ; je 0xfffb2107 -loc_fffad1bd: ; not directly referenced +loc_fffb1fb2: ; not directly referenced imul esi, ecx, 0x2e imul eax, eax, 0x23 -lea edi, [ecx*8 + 0x3756] +lea edi, [ecx*8 + 0x3757] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x30], esi mov dword [ebp - 0x24], 0 mov dword [ebp - 0x38], edi mov dword [ebp - 0x3c], eax -loc_fffad1e2: ; not directly referenced +loc_fffb1fd7: ; not directly referenced mov edi, dword [ebp - 0x24] mov esi, dword [ebp - 0x38] mov dword [ebp - 0x28], 0 @@ -17444,11 +24114,11 @@ mov esi, dword [ebp + 8] add ebx, dword [ebp + 8] lea edi, [edi + edx + 0x1973] mov dword [ebp - 0x34], ebx -lea esi, [esi + eax + 0x49bf] +lea esi, [esi + eax + 0x49c0] -loc_fffad218: ; not directly referenced +loc_fffb200d: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffad2eb ; jne 0xfffad2eb +jne loc_fffb20e0 ; jne 0xfffb20e0 mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x28] mov ebx, dword [esi + eax - 0xf2] @@ -17461,54 +24131,54 @@ cmp edx, 2 cmovne eax, dword [ebp - 0x20] mov dword [ebp - 0x20], eax cmp ecx, 1 -je short loc_fffad28f ; je 0xfffad28f -jb short loc_fffad29b ; jb 0xfffad29b +je short loc_fffb2084 ; je 0xfffb2084 +jb short loc_fffb2090 ; jb 0xfffb2090 cmp ecx, 3 -ja short loc_fffad29b ; ja 0xfffad29b +ja short loc_fffb2090 ; ja 0xfffb2090 cmp ecx, 2 mov dl, byte [esi] -jne short loc_fffad26d ; jne 0xfffad26d +jne short loc_fffb2062 ; jne 0xfffb2062 and dl, 1 -jne short loc_fffad274 ; jne 0xfffad274 +jne short loc_fffb2069 ; jne 0xfffb2069 xor eax, eax -jmp short loc_fffad2c9 ; jmp 0xfffad2c9 +jmp short loc_fffb20be ; jmp 0xfffb20be -loc_fffad26d: ; not directly referenced +loc_fffb2062: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffad2c9 ; je 0xfffad2c9 +je short loc_fffb20be ; je 0xfffb20be -loc_fffad274: ; not directly referenced +loc_fffb2069: ; not directly referenced mov eax, dword [ebp - 0x3c] movzx edx, byte [edi + eax + 0x109] xor eax, eax test ebx, ebx -je short loc_fffad2c9 ; je 0xfffad2c9 +je short loc_fffb20be ; je 0xfffb20be imul edx, dword [ebp - 0x2c] lea eax, [ebx + edx - 1] -jmp short loc_fffad2b2 ; jmp 0xfffad2b2 +jmp short loc_fffb20a7 ; jmp 0xfffb20a7 -loc_fffad28f: ; not directly referenced +loc_fffb2084: ; not directly referenced movzx eax, word [edi + 0x26e] test ax, ax -jne short loc_fffad2c9 ; jne 0xfffad2c9 +jne short loc_fffb20be ; jne 0xfffb20be -loc_fffad29b: ; not directly referenced +loc_fffb2090: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffad2c9 ; je 0xfffad2c9 +je short loc_fffb20be ; je 0xfffb20be movzx eax, byte [edi + 0x59] cmp edx, 2 -je short loc_fffad2b8 ; je 0xfffad2b8 +je short loc_fffb20ad ; je 0xfffb20ad imul eax, dword [ebp - 0x2c] lea eax, [ebx + eax - 1] -loc_fffad2b2: ; not directly referenced +loc_fffb20a7: ; not directly referenced xor edx, edx div ebx -jmp short loc_fffad2c9 ; jmp 0xfffad2c9 +jmp short loc_fffb20be ; jmp 0xfffb20be -loc_fffad2b8: ; not directly referenced +loc_fffb20ad: ; not directly referenced xor edx, edx mov eax, 0xe4e1c0 div ebx @@ -17516,51 +24186,51 @@ lea edx, [eax + 1] test al, 1 cmovne eax, edx -loc_fffad2c9: ; not directly referenced +loc_fffb20be: ; not directly referenced mov edx, eax and edx, 0xfffffff9 cmp edx, 9 -jne short loc_fffad2d6 ; jne 0xfffad2d6 +jne short loc_fffb20cb ; jne 0xfffb20cb inc eax -jmp short loc_fffad2de ; jmp 0xfffad2de +jmp short loc_fffb20d3 ; jmp 0xfffb20d3 -loc_fffad2d6: ; not directly referenced +loc_fffb20cb: ; not directly referenced mov ebx, dword [ebp - 0x20] cmp eax, ebx cmova eax, ebx -loc_fffad2de: ; not directly referenced +loc_fffb20d3: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffad2eb: ; not directly referenced +loc_fffb20e0: ; not directly referenced add dword [ebp - 0x28], 0x20 add esi, 0x128 add edi, 0x277 cmp dword [ebp - 0x28], 0x40 -jne loc_fffad218 ; jne 0xfffad218 +jne loc_fffb200d ; jne 0xfffb200d inc dword [ebp - 0x24] cmp dword [ebp - 0x24], 2 -jne loc_fffad1e2 ; jne 0xfffad1e2 +jne loc_fffb1fd7 ; jne 0xfffb1fd7 -loc_fffad312: ; not directly referenced +loc_fffb2107: ; not directly referenced inc ecx cmp ecx, 4 -jne loc_fffad1a5 ; jne 0xfffad1a5 +jne loc_fffb1f9a ; jne 0xfffb1f9a mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48f3 +add eax, 0x48f4 -loc_fffad329: ; not directly referenced +loc_fffb211e: ; not directly referenced cmp ecx, 1 -ja short loc_fffad33a ; ja 0xfffad33a +ja short loc_fffb212f ; ja 0xfffb212f mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffad364 ; je 0xfffad364 +cmp byte [edi + 0x374a], 0 +je short loc_fffb2159 ; je 0xfffb2159 -loc_fffad33a: ; not directly referenced +loc_fffb212f: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -17569,11 +24239,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffad364: ; not directly referenced +loc_fffb2159: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffad329 ; jne 0xfffad329 +jne short loc_fffb211e ; jne 0xfffb211e add esp, 0x30 mov eax, 1 pop ebx @@ -17582,7 +24252,7 @@ pop edi pop ebp ret -fcn_fffad37a: ; not directly referenced +fcn_fffb216f: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -17592,25 +24262,25 @@ push ebx sub esp, 0x30 mov dword [ebp - 0x20], 0xf -loc_fffad38c: ; not directly referenced +loc_fffb2181: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffad3a4 ; ja 0xfffad3a4 +ja short loc_fffb2199 ; ja 0xfffb2199 mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je loc_fffad4f8 ; je 0xfffad4f8 +cmp byte [esi + 0x374a], 0 +je loc_fffb22ed ; je 0xfffb22ed -loc_fffad3a4: ; not directly referenced +loc_fffb2199: ; not directly referenced imul esi, ecx, 0x2e imul eax, eax, 0x23 -lea edi, [ecx*8 + 0x3756] +lea edi, [ecx*8 + 0x3757] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x30], esi mov dword [ebp - 0x24], 0 mov dword [ebp - 0x38], edi mov dword [ebp - 0x3c], eax -loc_fffad3c9: ; not directly referenced +loc_fffb21be: ; not directly referenced mov edi, dword [ebp - 0x24] mov esi, dword [ebp - 0x38] mov dword [ebp - 0x28], 0 @@ -17622,11 +24292,11 @@ mov esi, dword [ebp + 8] add ebx, dword [ebp + 8] lea edi, [edi + edx + 0x1973] mov dword [ebp - 0x34], ebx -lea esi, [esi + eax + 0x49bf] +lea esi, [esi + eax + 0x49c0] -loc_fffad3ff: ; not directly referenced +loc_fffb21f4: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffad4d1 ; jne 0xfffad4d1 +jne loc_fffb22c6 ; jne 0xfffb22c6 mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x28] mov ebx, dword [esi + eax - 0xf2] @@ -17639,66 +24309,66 @@ cmp edx, 2 cmovne eax, dword [ebp - 0x20] mov dword [ebp - 0x20], eax cmp ecx, 1 -je short loc_fffad476 ; je 0xfffad476 -jb short loc_fffad482 ; jb 0xfffad482 +je short loc_fffb226b ; je 0xfffb226b +jb short loc_fffb2277 ; jb 0xfffb2277 cmp ecx, 3 -ja short loc_fffad482 ; ja 0xfffad482 +ja short loc_fffb2277 ; ja 0xfffb2277 cmp ecx, 2 mov dl, byte [esi] -jne short loc_fffad454 ; jne 0xfffad454 +jne short loc_fffb2249 ; jne 0xfffb2249 and dl, 1 -jne short loc_fffad45b ; jne 0xfffad45b +jne short loc_fffb2250 ; jne 0xfffb2250 xor eax, eax -jmp short loc_fffad4bc ; jmp 0xfffad4bc +jmp short loc_fffb22b1 ; jmp 0xfffb22b1 -loc_fffad454: ; not directly referenced +loc_fffb2249: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffad4bc ; je 0xfffad4bc +je short loc_fffb22b1 ; je 0xfffb22b1 -loc_fffad45b: ; not directly referenced +loc_fffb2250: ; not directly referenced mov eax, dword [ebp - 0x3c] movzx edx, byte [edi + eax + 0x111] xor eax, eax test ebx, ebx -je short loc_fffad4bc ; je 0xfffad4bc +je short loc_fffb22b1 ; je 0xfffb22b1 imul edx, dword [ebp - 0x2c] lea eax, [ebx + edx - 1] -jmp short loc_fffad499 ; jmp 0xfffad499 +jmp short loc_fffb228e ; jmp 0xfffb228e -loc_fffad476: ; not directly referenced +loc_fffb226b: ; not directly referenced movzx eax, word [edi + 0x26c] test ax, ax -jne short loc_fffad4bc ; jne 0xfffad4bc +jne short loc_fffb22b1 ; jne 0xfffb22b1 -loc_fffad482: ; not directly referenced +loc_fffb2277: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffad4bc ; je 0xfffad4bc +je short loc_fffb22b1 ; je 0xfffb22b1 movzx eax, byte [edi + 0x63] cmp edx, 2 -je short loc_fffad49f ; je 0xfffad49f +je short loc_fffb2294 ; je 0xfffb2294 imul eax, dword [ebp - 0x2c] lea eax, [ebx + eax - 1] -loc_fffad499: ; not directly referenced +loc_fffb228e: ; not directly referenced xor edx, edx div ebx -jmp short loc_fffad4bc ; jmp 0xfffad4bc +jmp short loc_fffb22b1 ; jmp 0xfffb22b1 -loc_fffad49f: ; not directly referenced +loc_fffb2294: ; not directly referenced mov eax, 0x7270e0 xor edx, edx div ebx mov ebx, eax mov eax, 5 cmp ebx, 4 -jbe short loc_fffad4bc ; jbe 0xfffad4bc +jbe short loc_fffb22b1 ; jbe 0xfffb22b1 cmp ebx, 0xb mov al, 0xc cmovne eax, ebx -loc_fffad4bc: ; not directly referenced +loc_fffb22b1: ; not directly referenced mov ebx, dword [ebp - 0x20] mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, ebx @@ -17707,32 +24377,32 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffad4d1: ; not directly referenced +loc_fffb22c6: ; not directly referenced add dword [ebp - 0x28], 0x20 add esi, 0x128 add edi, 0x277 cmp dword [ebp - 0x28], 0x40 -jne loc_fffad3ff ; jne 0xfffad3ff +jne loc_fffb21f4 ; jne 0xfffb21f4 inc dword [ebp - 0x24] cmp dword [ebp - 0x24], 2 -jne loc_fffad3c9 ; jne 0xfffad3c9 +jne loc_fffb21be ; jne 0xfffb21be -loc_fffad4f8: ; not directly referenced +loc_fffb22ed: ; not directly referenced inc ecx cmp ecx, 4 -jne loc_fffad38c ; jne 0xfffad38c +jne loc_fffb2181 ; jne 0xfffb2181 mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48f1 +add eax, 0x48f2 -loc_fffad50f: ; not directly referenced +loc_fffb2304: ; not directly referenced cmp ecx, 1 -ja short loc_fffad520 ; ja 0xfffad520 +ja short loc_fffb2315 ; ja 0xfffb2315 mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffad54a ; je 0xfffad54a +cmp byte [edi + 0x374a], 0 +je short loc_fffb233f ; je 0xfffb233f -loc_fffad520: ; not directly referenced +loc_fffb2315: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -17741,11 +24411,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffad54a: ; not directly referenced +loc_fffb233f: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffad50f ; jne 0xfffad50f +jne short loc_fffb2304 ; jne 0xfffb2304 add esp, 0x30 mov eax, 1 pop ebx @@ -17754,7 +24424,7 @@ pop edi pop ebp ret -fcn_fffad560: ; not directly referenced +fcn_fffb2355: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -17763,34 +24433,34 @@ push esi push ebx sub esp, 0x34 -loc_fffad56b: ; not directly referenced +loc_fffb2360: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffad597 ; ja 0xfffad597 +ja short loc_fffb238c ; ja 0xfffb238c mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffad597 ; jne 0xfffad597 +cmp byte [eax + 0x374a], 0 +jne short loc_fffb238c ; jne 0xfffb238c -loc_fffad57f: ; not directly referenced +loc_fffb2374: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffad56b ; jne 0xfffad56b +jne short loc_fffb2360 ; jne 0xfffb2360 mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48ef -jmp near loc_fffad6bc ; jmp 0xfffad6bc +add eax, 0x48f0 +jmp near loc_fffb24b1 ; jmp 0xfffb24b1 -loc_fffad597: ; not directly referenced +loc_fffb238c: ; not directly referenced mov eax, dword [ebp + 8] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 -lea edi, [eax + 0x3756] +lea edi, [eax + 0x3757] lea eax, [ecx*8] mov dword [ebp - 0x30], eax imul eax, ecx, 0x2e mov dword [ebp - 0x2c], eax -loc_fffad5bf: ; not directly referenced +loc_fffb23b4: ; not directly referenced mov eax, dword [ebp - 0x2c] xor esi, esi mov ebx, dword [ebp - 0x20] @@ -17802,9 +24472,9 @@ mov eax, dword [ebp - 0x30] add eax, edi mov dword [ebp - 0x28], eax -loc_fffad5de: ; not directly referenced +loc_fffb23d3: ; not directly referenced cmp dword [edi + esi + 0x1173], 2 -jne loc_fffad681 ; jne 0xfffad681 +jne loc_fffb2476 ; jne 0xfffb2476 mov eax, dword [ebp - 0x40] mov eax, dword [eax + esi + 0x1177] mov dword [ebp - 0x24], eax @@ -17814,28 +24484,28 @@ mov eax, dword [eax + 0xcd] mov dword [ebp - 0x34], edx mov dword [ebp - 0x38], eax cmp ecx, 1 -je short loc_fffad61e ; je 0xfffad61e -jb short loc_fffad62a ; jb 0xfffad62a +je short loc_fffb2413 ; je 0xfffb2413 +jb short loc_fffb241f ; jb 0xfffb241f xor eax, eax cmp ecx, 3 -jbe short loc_fffad669 ; jbe 0xfffad669 -jmp short loc_fffad62a ; jmp 0xfffad62a +jbe short loc_fffb245e ; jbe 0xfffb245e +jmp short loc_fffb241f ; jmp 0xfffb241f -loc_fffad61e: ; not directly referenced +loc_fffb2413: ; not directly referenced movzx eax, word [ebx + 0x26a] test ax, ax -jne short loc_fffad669 ; jne 0xfffad669 +jne short loc_fffb245e ; jne 0xfffb245e -loc_fffad62a: ; not directly referenced +loc_fffb241f: ; not directly referenced xor eax, eax cmp dword [edi + esi + 0x1248], 2 -jne short loc_fffad669 ; jne 0xfffad669 +jne short loc_fffb245e ; jne 0xfffb245e mov dl, byte [ebx + 0x6e] cmp dword [ebp - 0x24], 0 mov byte [ebp - 0x39], dl mov dl, byte [ebx + 0xbf] mov byte [ebp - 0x3a], dl -je short loc_fffad669 ; je 0xfffad669 +je short loc_fffb245e ; je 0xfffb245e movzx edx, byte [ebp - 0x39] imul edx, dword [ebp - 0x34] mov eax, dword [ebp - 0x24] @@ -17846,7 +24516,7 @@ add eax, edx xor edx, edx div dword [ebp - 0x24] -loc_fffad669: ; not directly referenced +loc_fffb245e: ; not directly referenced cmp eax, 0xa mov edx, 0xa cmova eax, edx @@ -17855,26 +24525,26 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffad681: ; not directly referenced +loc_fffb2476: ; not directly referenced add esi, 0x128 add ebx, 0x277 add dword [ebp - 0x28], 0x20 cmp esi, 0x250 -jne loc_fffad5de ; jne 0xfffad5de +jne loc_fffb23d3 ; jne 0xfffb23d3 add dword [ebp - 0x20], 0x54a add edi, 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffad5bf ; jne 0xfffad5bf -jmp near loc_fffad57f ; jmp 0xfffad57f +jne loc_fffb23b4 ; jne 0xfffb23b4 +jmp near loc_fffb2374 ; jmp 0xfffb2374 -loc_fffad6bc: ; not directly referenced +loc_fffb24b1: ; not directly referenced cmp ecx, 1 -ja short loc_fffad6cd ; ja 0xfffad6cd +ja short loc_fffb24c2 ; ja 0xfffb24c2 mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffad6f7 ; je 0xfffad6f7 +cmp byte [esi + 0x374a], 0 +je short loc_fffb24ec ; je 0xfffb24ec -loc_fffad6cd: ; not directly referenced +loc_fffb24c2: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -17883,11 +24553,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffad6f7: ; not directly referenced +loc_fffb24ec: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffad6bc ; jne 0xfffad6bc +jne short loc_fffb24b1 ; jne 0xfffb24b1 add esp, 0x34 mov eax, 1 pop ebx @@ -17896,7 +24566,7 @@ pop edi pop ebp ret -fcn_fffad70d: ; not directly referenced +fcn_fffb2502: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -17905,34 +24575,34 @@ push esi push ebx sub esp, 0x34 -loc_fffad718: ; not directly referenced +loc_fffb250d: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffad744 ; ja 0xfffad744 +ja short loc_fffb2539 ; ja 0xfffb2539 mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffad744 ; jne 0xfffad744 +cmp byte [eax + 0x374a], 0 +jne short loc_fffb2539 ; jne 0xfffb2539 -loc_fffad72c: ; not directly referenced +loc_fffb2521: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffad718 ; jne 0xfffad718 +jne short loc_fffb250d ; jne 0xfffb250d mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48ed -jmp near loc_fffad869 ; jmp 0xfffad869 +add eax, 0x48ee +jmp near loc_fffb265e ; jmp 0xfffb265e -loc_fffad744: ; not directly referenced +loc_fffb2539: ; not directly referenced mov eax, dword [ebp + 8] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 -lea edi, [eax + 0x3756] +lea edi, [eax + 0x3757] lea eax, [ecx*8] mov dword [ebp - 0x30], eax imul eax, ecx, 0x2e mov dword [ebp - 0x2c], eax -loc_fffad76c: ; not directly referenced +loc_fffb2561: ; not directly referenced mov eax, dword [ebp - 0x2c] xor esi, esi mov ebx, dword [ebp - 0x20] @@ -17944,9 +24614,9 @@ mov eax, dword [ebp - 0x30] add eax, edi mov dword [ebp - 0x28], eax -loc_fffad78b: ; not directly referenced +loc_fffb2580: ; not directly referenced cmp dword [edi + esi + 0x1173], 2 -jne loc_fffad82e ; jne 0xfffad82e +jne loc_fffb2623 ; jne 0xfffb2623 mov eax, dword [ebp - 0x40] mov eax, dword [eax + esi + 0x1177] mov dword [ebp - 0x24], eax @@ -17956,28 +24626,28 @@ mov eax, dword [eax + 0xcd] mov dword [ebp - 0x34], edx mov dword [ebp - 0x38], eax cmp ecx, 1 -je short loc_fffad7cb ; je 0xfffad7cb -jb short loc_fffad7d7 ; jb 0xfffad7d7 +je short loc_fffb25c0 ; je 0xfffb25c0 +jb short loc_fffb25cc ; jb 0xfffb25cc xor eax, eax cmp ecx, 3 -jbe short loc_fffad816 ; jbe 0xfffad816 -jmp short loc_fffad7d7 ; jmp 0xfffad7d7 +jbe short loc_fffb260b ; jbe 0xfffb260b +jmp short loc_fffb25cc ; jmp 0xfffb25cc -loc_fffad7cb: ; not directly referenced +loc_fffb25c0: ; not directly referenced movzx eax, word [ebx + 0x268] test ax, ax -jne short loc_fffad816 ; jne 0xfffad816 +jne short loc_fffb260b ; jne 0xfffb260b -loc_fffad7d7: ; not directly referenced +loc_fffb25cc: ; not directly referenced xor eax, eax cmp dword [edi + esi + 0x1248], 2 -jne short loc_fffad816 ; jne 0xfffad816 +jne short loc_fffb260b ; jne 0xfffb260b mov dl, byte [ebx + 0x6f] cmp dword [ebp - 0x24], 0 mov byte [ebp - 0x39], dl mov dl, byte [ebx + 0xbe] mov byte [ebp - 0x3a], dl -je short loc_fffad816 ; je 0xfffad816 +je short loc_fffb260b ; je 0xfffb260b movzx edx, byte [ebp - 0x39] imul edx, dword [ebp - 0x34] mov eax, dword [ebp - 0x24] @@ -17988,7 +24658,7 @@ add eax, edx xor edx, edx div dword [ebp - 0x24] -loc_fffad816: ; not directly referenced +loc_fffb260b: ; not directly referenced cmp eax, 0xf mov edx, 0xf cmova eax, edx @@ -17997,26 +24667,26 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffad82e: ; not directly referenced +loc_fffb2623: ; not directly referenced add esi, 0x128 add ebx, 0x277 add dword [ebp - 0x28], 0x20 cmp esi, 0x250 -jne loc_fffad78b ; jne 0xfffad78b +jne loc_fffb2580 ; jne 0xfffb2580 add dword [ebp - 0x20], 0x54a add edi, 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffad76c ; jne 0xfffad76c -jmp near loc_fffad72c ; jmp 0xfffad72c +jne loc_fffb2561 ; jne 0xfffb2561 +jmp near loc_fffb2521 ; jmp 0xfffb2521 -loc_fffad869: ; not directly referenced +loc_fffb265e: ; not directly referenced cmp ecx, 1 -ja short loc_fffad87a ; ja 0xfffad87a +ja short loc_fffb266f ; ja 0xfffb266f mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffad8a4 ; je 0xfffad8a4 +cmp byte [esi + 0x374a], 0 +je short loc_fffb2699 ; je 0xfffb2699 -loc_fffad87a: ; not directly referenced +loc_fffb266f: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -18025,11 +24695,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffad8a4: ; not directly referenced +loc_fffb2699: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffad869 ; jne 0xfffad869 +jne short loc_fffb265e ; jne 0xfffb265e add esp, 0x34 mov eax, 1 pop ebx @@ -18038,7 +24708,7 @@ pop edi pop ebp ret -fcn_fffad8ba: ; not directly referenced +fcn_fffb26af: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -18047,37 +24717,37 @@ push esi push ebx sub esp, 0x30 -loc_fffad8c5: ; not directly referenced +loc_fffb26ba: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffad8f1 ; ja 0xfffad8f1 +ja short loc_fffb26e6 ; ja 0xfffb26e6 mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -jne short loc_fffad8f1 ; jne 0xfffad8f1 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb26e6 ; jne 0xfffb26e6 -loc_fffad8d9: ; not directly referenced +loc_fffb26ce: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffad8c5 ; jne 0xfffad8c5 +jne short loc_fffb26ba ; jne 0xfffb26ba mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48eb -jmp near loc_fffada12 ; jmp 0xfffada12 +add eax, 0x48ec +jmp near loc_fffb2807 ; jmp 0xfffb2807 -loc_fffad8f1: ; not directly referenced +loc_fffb26e6: ; not directly referenced mov edi, dword [ebp + 8] imul esi, ecx, 0x2e imul eax, eax, 0x23 mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x24], 0 -lea ebx, [edi + 0x49bf] +lea ebx, [edi + 0x49c0] mov dword [ebp - 0x2c], ebx lea ebx, [ecx*8 - 0x1269] mov dword [ebp - 0x30], esi mov dword [ebp - 0x38], ebx mov dword [ebp - 0x3c], eax -loc_fffad922: ; not directly referenced +loc_fffb2717: ; not directly referenced mov eax, dword [ebp - 0x38] mov esi, dword [ebp - 0x2c] mov edi, dword [ebp - 0x24] @@ -18087,9 +24757,9 @@ mov dword [ebp - 0x34], eax mov eax, dword [ebp + 8] lea edi, [eax + edi + 0x1973] -loc_fffad941: ; not directly referenced +loc_fffb2736: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffad9d8 ; jne 0xfffad9d8 +jne loc_fffb27cd ; jne 0xfffb27cd mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x20] mov ebx, dword [esi + eax - 0xf2] @@ -18097,49 +24767,49 @@ mov eax, dword [ebp - 0x34] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x28], eax cmp ecx, 1 -je short loc_fffad99e ; je 0xfffad99e -jb short loc_fffad9aa ; jb 0xfffad9aa +je short loc_fffb2793 ; je 0xfffb2793 +jb short loc_fffb279f ; jb 0xfffb279f cmp ecx, 3 -ja short loc_fffad9aa ; ja 0xfffad9aa +ja short loc_fffb279f ; ja 0xfffb279f cmp ecx, 2 mov dl, byte [esi] -jne short loc_fffad984 ; jne 0xfffad984 +jne short loc_fffb2779 ; jne 0xfffb2779 and dl, 1 -jne short loc_fffad98b ; jne 0xfffad98b +jne short loc_fffb2780 ; jne 0xfffb2780 xor eax, eax -jmp short loc_fffad9c0 ; jmp 0xfffad9c0 +jmp short loc_fffb27b5 ; jmp 0xfffb27b5 -loc_fffad984: ; not directly referenced +loc_fffb2779: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffad9c0 ; je 0xfffad9c0 +je short loc_fffb27b5 ; je 0xfffb27b5 -loc_fffad98b: ; not directly referenced +loc_fffb2780: ; not directly referenced mov eax, dword [ebp - 0x3c] movzx edx, byte [edi + eax + 0x112] xor eax, eax test ebx, ebx -je short loc_fffad9c0 ; je 0xfffad9c0 -jmp short loc_fffad9b4 ; jmp 0xfffad9b4 +je short loc_fffb27b5 ; je 0xfffb27b5 +jmp short loc_fffb27a9 ; jmp 0xfffb27a9 -loc_fffad99e: ; not directly referenced +loc_fffb2793: ; not directly referenced movzx eax, word [edi + 0x266] test ax, ax -jne short loc_fffad9c0 ; jne 0xfffad9c0 +jne short loc_fffb27b5 ; jne 0xfffb27b5 -loc_fffad9aa: ; not directly referenced +loc_fffb279f: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffad9c0 ; je 0xfffad9c0 +je short loc_fffb27b5 ; je 0xfffb27b5 movzx edx, byte [edi + 0x5b] -loc_fffad9b4: ; not directly referenced +loc_fffb27a9: ; not directly referenced imul edx, dword [ebp - 0x28] lea eax, [ebx + edx - 1] xor edx, edx div ebx -loc_fffad9c0: ; not directly referenced +loc_fffb27b5: ; not directly referenced cmp dword [ebp + ecx*4 - 0x1c], 4 mov edx, 4 cmovae edx, dword [ebp + ecx*4 - 0x1c] @@ -18147,26 +24817,26 @@ cmp edx, eax cmovae eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffad9d8: ; not directly referenced +loc_fffb27cd: ; not directly referenced add dword [ebp - 0x20], 0x20 add esi, 0x128 add edi, 0x277 cmp dword [ebp - 0x20], 0x40 -jne loc_fffad941 ; jne 0xfffad941 +jne loc_fffb2736 ; jne 0xfffb2736 add dword [ebp - 0x24], 0x54a add dword [ebp - 0x2c], 0x13c3 cmp dword [ebp - 0x24], 0xa94 -jne loc_fffad922 ; jne 0xfffad922 -jmp near loc_fffad8d9 ; jmp 0xfffad8d9 +jne loc_fffb2717 ; jne 0xfffb2717 +jmp near loc_fffb26ce ; jmp 0xfffb26ce -loc_fffada12: ; not directly referenced +loc_fffb2807: ; not directly referenced cmp ecx, 1 -ja short loc_fffada23 ; ja 0xfffada23 +ja short loc_fffb2818 ; ja 0xfffb2818 mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffada4d ; je 0xfffada4d +cmp byte [esi + 0x374a], 0 +je short loc_fffb2842 ; je 0xfffb2842 -loc_fffada23: ; not directly referenced +loc_fffb2818: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -18175,11 +24845,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffada4d: ; not directly referenced +loc_fffb2842: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffada12 ; jne 0xfffada12 +jne short loc_fffb2807 ; jne 0xfffb2807 add esp, 0x30 mov eax, 1 pop ebx @@ -18188,7 +24858,7 @@ pop edi pop ebp ret -fcn_fffada63: ; not directly referenced +fcn_fffb2858: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -18198,18 +24868,18 @@ push ebx sub esp, 0x38 mov edi, dword [ebp + 8] mov byte [ebp - 0x1d], 0 -lea eax, [edi + 0x3756] +lea eax, [edi + 0x3757] mov dword [ebp - 0x40], eax -loc_fffada7e: ; not directly referenced +loc_fffb2873: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffada93 ; ja 0xfffada93 -cmp byte [edi + 0x3749], 0 -je loc_fffadbac ; je 0xfffadbac +ja short loc_fffb2888 ; ja 0xfffb2888 +cmp byte [edi + 0x374a], 0 +je loc_fffb29a1 ; je 0xfffb29a1 -loc_fffada93: ; not directly referenced -lea eax, [edi + 0x48c9] +loc_fffb2888: ; not directly referenced +lea eax, [edi + 0x48ca] mov dword [ebp - 0x3c], eax imul eax, ecx, 0x2e mov dword [ebp + ecx*4 - 0x1c], 0 @@ -18218,18 +24888,18 @@ mov dword [ebp - 0x38], eax mov eax, dword [ebp - 0x40] mov dword [ebp - 0x34], eax -loc_fffadab7: ; not directly referenced +loc_fffb28ac: ; not directly referenced mov eax, dword [ebp - 0x28] mov ebx, dword [ebp - 0x3c] mov dword [ebp - 0x2c], 0 lea eax, [edi + eax + 0x1973] mov dword [ebp - 0x30], eax -loc_fffadace: ; not directly referenced +loc_fffb28c3: ; not directly referenced cmp dword [ebx], 2 -jne loc_fffadb6f ; jne 0xfffadb6f +jne loc_fffb2964 ; jne 0xfffb2964 cmp dword [ebx + 0xd5], 3 -jne loc_fffadb6f ; jne 0xfffadb6f +jne loc_fffb2964 ; jne 0xfffb2964 mov eax, dword [ebp - 0x38] mov esi, dword [ebp - 0x2c] mov eax, dword [ebx + eax + 4] @@ -18239,15 +24909,15 @@ mov edx, dword [eax + esi + 0xc9] mov eax, dword [eax + esi + 0xcd] mov dword [ebp - 0x44], eax cmp ecx, 1 -jne short loc_fffadb19 ; jne 0xfffadb19 +jne short loc_fffb290e ; jne 0xfffb290e mov eax, dword [ebp - 0x30] movzx eax, word [eax + 0x264] test ax, ax -jne short loc_fffadb3f ; jne 0xfffadb3f +jne short loc_fffb2934 ; jne 0xfffb2934 -loc_fffadb19: ; not directly referenced +loc_fffb290e: ; not directly referenced cmp dword [ebp - 0x24], 0 -je short loc_fffadb62 ; je 0xfffadb62 +je short loc_fffb2957 ; je 0xfffb2957 mov esi, dword [ebp - 0x30] movzx eax, byte [esi + 0x6f] imul edx, eax @@ -18259,57 +24929,57 @@ add eax, edx xor edx, edx div dword [ebp - 0x24] -loc_fffadb3f: ; not directly referenced +loc_fffb2934: ; not directly referenced cmp eax, 3 -jbe short loc_fffadb62 ; jbe 0xfffadb62 +jbe short loc_fffb2957 ; jbe 0xfffb2957 mov esi, dword [ebp - 0x38] movzx edx, word [ebx + esi + 0x1e] mov esi, eax sub esi, edx cmp esi, 3 -ja short loc_fffadb62 ; ja 0xfffadb62 +ja short loc_fffb2957 ; ja 0xfffb2957 mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffadb62: ; not directly referenced +loc_fffb2957: ; not directly referenced mov dl, byte [ebp - 0x1d] mov al, 1 test dl, dl cmove edx, eax mov byte [ebp - 0x1d], dl -loc_fffadb6f: ; not directly referenced +loc_fffb2964: ; not directly referenced add dword [ebp - 0x2c], 0x20 add ebx, 0x128 add dword [ebp - 0x30], 0x277 cmp dword [ebp - 0x2c], 0x40 -jne loc_fffadace ; jne 0xfffadace +jne loc_fffb28c3 ; jne 0xfffb28c3 add dword [ebp - 0x28], 0x54a add dword [ebp - 0x3c], 0x13c3 add dword [ebp - 0x34], 0x13c3 cmp dword [ebp - 0x28], 0xa94 -jne loc_fffadab7 ; jne 0xfffadab7 +jne loc_fffb28ac ; jne 0xfffb28ac -loc_fffadbac: ; not directly referenced +loc_fffb29a1: ; not directly referenced inc ecx add dword [ebp - 0x40], 8 cmp ecx, 4 -jne loc_fffada7e ; jne 0xfffada7e +jne loc_fffb2873 ; jne 0xfffb2873 mov al, byte [ebp - 0x1d] test al, al -je short loc_fffadc0d ; je 0xfffadc0d -lea eax, [edi + 0x48e9] +je short loc_fffb2a02 ; je 0xfffb2a02 +lea eax, [edi + 0x48ea] mov ecx, 0xfffffffe -loc_fffadbcc: ; not directly referenced +loc_fffb29c1: ; not directly referenced cmp ecx, 1 -ja short loc_fffadbda ; ja 0xfffadbda -cmp byte [edi + 0x3749], 0 -je short loc_fffadc04 ; je 0xfffadc04 +ja short loc_fffb29cf ; ja 0xfffb29cf +cmp byte [edi + 0x374a], 0 +je short loc_fffb29f9 ; je 0xfffb29f9 -loc_fffadbda: ; not directly referenced +loc_fffb29cf: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -18318,13 +24988,13 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffadc04: ; not directly referenced +loc_fffb29f9: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffadbcc ; jne 0xfffadbcc +jne short loc_fffb29c1 ; jne 0xfffb29c1 -loc_fffadc0d: ; not directly referenced +loc_fffb2a02: ; not directly referenced add esp, 0x38 mov eax, 1 pop ebx @@ -18333,7 +25003,7 @@ pop edi pop ebp ret -fcn_fffadc1a: ; not directly referenced +fcn_fffb2a0f: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -18343,33 +25013,33 @@ push ebx sub esp, 0x40 mov eax, dword [ebp + 8] mov dword [ebp - 0x3c], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x2c], eax -loc_fffadc37: ; not directly referenced +loc_fffb2a2c: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffadc6b ; ja 0xfffadc6b +ja short loc_fffb2a60 ; ja 0xfffb2a60 mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffadc6b ; jne 0xfffadc6b +cmp byte [eax + 0x374a], 0 +jne short loc_fffb2a60 ; jne 0xfffb2a60 -loc_fffadc4b: ; not directly referenced +loc_fffb2a40: ; not directly referenced inc ecx add dword [ebp - 0x3c], 0x23 add dword [ebp - 0x2c], 8 cmp ecx, 4 -jne short loc_fffadc37 ; jne 0xfffadc37 +jne short loc_fffb2a2c ; jne 0xfffb2a2c mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48e7 -jmp near loc_fffaddd7 ; jmp 0xfffaddd7 +add eax, 0x48e8 +jmp near loc_fffb2bcc ; jmp 0xfffb2bcc -loc_fffadc6b: ; not directly referenced +loc_fffb2a60: ; not directly referenced mov eax, dword [ebp + 8] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x28], 0 -add eax, 0x49bf +add eax, 0x49c0 mov dword [ebp - 0x40], eax imul eax, ecx, 0x2e mov dword [ebp - 0x44], eax @@ -18381,16 +25051,16 @@ add eax, 0xbb mov dword [ebp - 0x48], esi mov dword [ebp - 0x4c], eax -loc_fffadca5: ; not directly referenced +loc_fffb2a9a: ; not directly referenced mov eax, dword [ebp + 8] mov ebx, dword [ebp - 0x28] mov esi, dword [ebp - 0x40] mov dword [ebp - 0x24], 0 lea ebx, [eax + ebx + 0x1973] -loc_fffadcbc: ; not directly referenced +loc_fffb2ab1: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffadd96 ; jne 0xfffadd96 +jne loc_fffb2b8b ; jne 0xfffb2b8b mov eax, dword [ebp - 0x44] mov edi, dword [ebp - 0x24] mov eax, dword [esi + eax - 0xf2] @@ -18401,24 +25071,24 @@ mov eax, dword [eax + edi + 0xcd] mov dword [ebp - 0x34], edx mov dword [ebp - 0x38], eax cmp ecx, 1 -je short loc_fffadd41 ; je 0xfffadd41 -jb short loc_fffadd4d ; jb 0xfffadd4d +je short loc_fffb2b36 ; je 0xfffb2b36 +jb short loc_fffb2b42 ; jb 0xfffb2b42 cmp ecx, 3 -ja short loc_fffadd4d ; ja 0xfffadd4d +ja short loc_fffb2b42 ; ja 0xfffb2b42 cmp ecx, 2 mov dl, byte [esi] -jne short loc_fffadd0c ; jne 0xfffadd0c +jne short loc_fffb2b01 ; jne 0xfffb2b01 and dl, 1 -jne short loc_fffadd13 ; jne 0xfffadd13 +jne short loc_fffb2b08 ; jne 0xfffb2b08 xor eax, eax -jmp short loc_fffadd89 ; jmp 0xfffadd89 +jmp short loc_fffb2b7e ; jmp 0xfffb2b7e -loc_fffadd0c: ; not directly referenced +loc_fffb2b01: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffadd89 ; je 0xfffadd89 +je short loc_fffb2b7e ; je 0xfffb2b7e -loc_fffadd13: ; not directly referenced +loc_fffb2b08: ; not directly referenced mov edx, dword [esi - 0x21] mov eax, dword [ebp - 0x4c] mov edi, dword [ebp - 0x48] @@ -18430,37 +25100,37 @@ cmovne eax, edi xor edi, edi cmp byte [esi + 1], 0x13 movzx edx, byte [eax + 6] -jne short loc_fffadd37 ; jne 0xfffadd37 +jne short loc_fffb2b2c ; jne 0xfffb2b2c movsx edi, byte [eax + 0x1c] -loc_fffadd37: ; not directly referenced +loc_fffb2b2c: ; not directly referenced xor eax, eax cmp dword [ebp - 0x20], 0 -je short loc_fffadd89 ; je 0xfffadd89 -jmp short loc_fffadd73 ; jmp 0xfffadd73 +je short loc_fffb2b7e ; je 0xfffb2b7e +jmp short loc_fffb2b68 ; jmp 0xfffb2b68 -loc_fffadd41: ; not directly referenced +loc_fffb2b36: ; not directly referenced movzx eax, word [ebx + 0x262] test ax, ax -jne short loc_fffadd89 ; jne 0xfffadd89 +jne short loc_fffb2b7e ; jne 0xfffb2b7e -loc_fffadd4d: ; not directly referenced +loc_fffb2b42: ; not directly referenced xor eax, eax cmp dword [ebp - 0x20], 0 -je short loc_fffadd89 ; je 0xfffadd89 +je short loc_fffb2b7e ; je 0xfffb2b7e mov eax, dword [esi - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffadd68 ; jne 0xfffadd68 +jne short loc_fffb2b5d ; jne 0xfffb2b5d movzx edx, byte [ebx + 0x5c] movsx edi, byte [ebx + 0x6d] -jmp short loc_fffadd73 ; jmp 0xfffadd73 +jmp short loc_fffb2b68 ; jmp 0xfffb2b68 -loc_fffadd68: ; not directly referenced +loc_fffb2b5d: ; not directly referenced movzx edx, byte [ebx + 0x62] movsx edi, byte [ebx + 0xc1] -loc_fffadd73: ; not directly referenced +loc_fffb2b68: ; not directly referenced imul edx, dword [ebp - 0x34] mov eax, dword [ebp - 0x20] imul edi, dword [ebp - 0x38] @@ -18469,33 +25139,33 @@ xor edx, edx add eax, edi div dword [ebp - 0x20] -loc_fffadd89: ; not directly referenced +loc_fffb2b7e: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffadd96: ; not directly referenced +loc_fffb2b8b: ; not directly referenced add dword [ebp - 0x24], 0x20 add esi, 0x128 add ebx, 0x277 cmp dword [ebp - 0x24], 0x40 -jne loc_fffadcbc ; jne 0xfffadcbc +jne loc_fffb2ab1 ; jne 0xfffb2ab1 add dword [ebp - 0x28], 0x54a add dword [ebp - 0x40], 0x13c3 add dword [ebp - 0x30], 0x13c3 cmp dword [ebp - 0x28], 0xa94 -jne loc_fffadca5 ; jne 0xfffadca5 -jmp near loc_fffadc4b ; jmp 0xfffadc4b +jne loc_fffb2a9a ; jne 0xfffb2a9a +jmp near loc_fffb2a40 ; jmp 0xfffb2a40 -loc_fffaddd7: ; not directly referenced +loc_fffb2bcc: ; not directly referenced cmp ecx, 1 -ja short loc_fffadde8 ; ja 0xfffadde8 +ja short loc_fffb2bdd ; ja 0xfffb2bdd mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffade12 ; je 0xfffade12 +cmp byte [esi + 0x374a], 0 +je short loc_fffb2c07 ; je 0xfffb2c07 -loc_fffadde8: ; not directly referenced +loc_fffb2bdd: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -18504,11 +25174,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffade12: ; not directly referenced +loc_fffb2c07: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffaddd7 ; jne 0xfffaddd7 +jne short loc_fffb2bcc ; jne 0xfffb2bcc add esp, 0x40 mov eax, 1 pop ebx @@ -18517,7 +25187,7 @@ pop edi pop ebp ret -fcn_fffade28: ; not directly referenced +fcn_fffb2c1d: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -18527,23 +25197,23 @@ push ebx sub esp, 0x30 mov esi, dword [ebp + 8] -loc_fffade36: ; not directly referenced +loc_fffb2c2b: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffade5d ; ja 0xfffade5d -cmp byte [esi + 0x3749], 0 -jne short loc_fffade5d ; jne 0xfffade5d +ja short loc_fffb2c52 ; ja 0xfffb2c52 +cmp byte [esi + 0x374a], 0 +jne short loc_fffb2c52 ; jne 0xfffb2c52 -loc_fffade47: ; not directly referenced +loc_fffb2c3c: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffade36 ; jne 0xfffade36 -lea eax, [esi + 0x48e5] +jne short loc_fffb2c2b ; jne 0xfffb2c2b +lea eax, [esi + 0x48e6] mov ecx, 0xfffffffe -jmp near loc_fffadf55 ; jmp 0xfffadf55 +jmp near loc_fffb2d4a ; jmp 0xfffb2d4a -loc_fffade5d: ; not directly referenced -lea eax, [esi + 0x48c9] +loc_fffb2c52: ; not directly referenced +lea eax, [esi + 0x48ca] mov dword [ebp - 0x2c], eax imul eax, ecx, 0x2e mov dword [ebp + ecx*4 - 0x1c], 0 @@ -18552,7 +25222,7 @@ mov dword [ebp - 0x30], eax lea eax, [ecx*8 - 0x1173] mov dword [ebp - 0x3c], eax -loc_fffade85: ; not directly referenced +loc_fffb2c7a: ; not directly referenced mov eax, dword [ebp - 0x3c] mov ebx, dword [ebp - 0x2c] mov dword [ebp - 0x28], 0 @@ -18561,9 +25231,9 @@ mov dword [ebp - 0x38], eax mov eax, dword [ebp - 0x20] lea edi, [esi + eax + 0x1973] -loc_fffadea1: ; not directly referenced +loc_fffb2c96: ; not directly referenced cmp dword [ebx], 2 -jne short loc_fffadf1b ; jne 0xfffadf1b +jne short loc_fffb2d10 ; jne 0xfffb2d10 mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x28] mov eax, dword [ebx + eax + 4] @@ -18572,32 +25242,32 @@ mov eax, dword [ebp - 0x38] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x34], eax cmp ecx, 1 -je short loc_fffaded0 ; je 0xfffaded0 -jb short loc_fffadedc ; jb 0xfffadedc +je short loc_fffb2cc5 ; je 0xfffb2cc5 +jb short loc_fffb2cd1 ; jb 0xfffb2cd1 xor eax, eax cmp ecx, 3 -jbe short loc_fffadf01 ; jbe 0xfffadf01 -jmp short loc_fffadedc ; jmp 0xfffadedc +jbe short loc_fffb2cf6 ; jbe 0xfffb2cf6 +jmp short loc_fffb2cd1 ; jmp 0xfffb2cd1 -loc_fffaded0: ; not directly referenced +loc_fffb2cc5: ; not directly referenced movzx eax, word [edi + 0x260] test ax, ax -jne short loc_fffadf01 ; jne 0xfffadf01 +jne short loc_fffb2cf6 ; jne 0xfffb2cf6 -loc_fffadedc: ; not directly referenced +loc_fffb2cd1: ; not directly referenced xor eax, eax cmp dword [ebx + 0xd5], 2 -jne short loc_fffadf01 ; jne 0xfffadf01 +jne short loc_fffb2cf6 ; jne 0xfffb2cf6 cmp dword [ebp - 0x24], 0 movzx edx, word [edi + 0x6a] -je short loc_fffadf01 ; je 0xfffadf01 +je short loc_fffb2cf6 ; je 0xfffb2cf6 imul edx, dword [ebp - 0x34] mov eax, dword [ebp - 0x24] lea eax, [eax + edx - 1] xor edx, edx div dword [ebp - 0x24] -loc_fffadf01: ; not directly referenced +loc_fffb2cf6: ; not directly referenced cmp eax, 0x1ff mov edx, 0x1ff cmova eax, edx @@ -18606,25 +25276,25 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffadf1b: ; not directly referenced +loc_fffb2d10: ; not directly referenced add dword [ebp - 0x28], 0x20 add ebx, 0x128 add edi, 0x277 cmp dword [ebp - 0x28], 0x40 -jne loc_fffadea1 ; jne 0xfffadea1 +jne loc_fffb2c96 ; jne 0xfffb2c96 add dword [ebp - 0x20], 0x54a add dword [ebp - 0x2c], 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffade85 ; jne 0xfffade85 -jmp near loc_fffade47 ; jmp 0xfffade47 +jne loc_fffb2c7a ; jne 0xfffb2c7a +jmp near loc_fffb2c3c ; jmp 0xfffb2c3c -loc_fffadf55: ; not directly referenced +loc_fffb2d4a: ; not directly referenced cmp ecx, 1 -ja short loc_fffadf63 ; ja 0xfffadf63 -cmp byte [esi + 0x3749], 0 -je short loc_fffadf8d ; je 0xfffadf8d +ja short loc_fffb2d58 ; ja 0xfffb2d58 +cmp byte [esi + 0x374a], 0 +je short loc_fffb2d82 ; je 0xfffb2d82 -loc_fffadf63: ; not directly referenced +loc_fffb2d58: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -18633,11 +25303,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffadf8d: ; not directly referenced +loc_fffb2d82: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffadf55 ; jne 0xfffadf55 +jne short loc_fffb2d4a ; jne 0xfffb2d4a add esp, 0x30 mov eax, 1 pop ebx @@ -18646,7 +25316,7 @@ pop edi pop ebp ret -fcn_fffadfa3: ; not directly referenced +fcn_fffb2d98: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -18656,23 +25326,23 @@ push ebx sub esp, 0x30 mov esi, dword [ebp + 8] -loc_fffadfb1: ; not directly referenced +loc_fffb2da6: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffadfd8 ; ja 0xfffadfd8 -cmp byte [esi + 0x3749], 0 -jne short loc_fffadfd8 ; jne 0xfffadfd8 +ja short loc_fffb2dcd ; ja 0xfffb2dcd +cmp byte [esi + 0x374a], 0 +jne short loc_fffb2dcd ; jne 0xfffb2dcd -loc_fffadfc2: ; not directly referenced +loc_fffb2db7: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffadfb1 ; jne 0xfffadfb1 -lea eax, [esi + 0x48e3] +jne short loc_fffb2da6 ; jne 0xfffb2da6 +lea eax, [esi + 0x48e4] mov ecx, 0xfffffffe -jmp near loc_fffae0d0 ; jmp 0xfffae0d0 +jmp near loc_fffb2ec5 ; jmp 0xfffb2ec5 -loc_fffadfd8: ; not directly referenced -lea eax, [esi + 0x48c9] +loc_fffb2dcd: ; not directly referenced +lea eax, [esi + 0x48ca] mov dword [ebp - 0x2c], eax imul eax, ecx, 0x2e mov dword [ebp + ecx*4 - 0x1c], 0 @@ -18681,7 +25351,7 @@ mov dword [ebp - 0x30], eax lea eax, [ecx*8 - 0x1173] mov dword [ebp - 0x3c], eax -loc_fffae000: ; not directly referenced +loc_fffb2df5: ; not directly referenced mov eax, dword [ebp - 0x3c] mov ebx, dword [ebp - 0x2c] mov dword [ebp - 0x28], 0 @@ -18690,9 +25360,9 @@ mov dword [ebp - 0x38], eax mov eax, dword [ebp - 0x20] lea edi, [esi + eax + 0x1973] -loc_fffae01c: ; not directly referenced +loc_fffb2e11: ; not directly referenced cmp dword [ebx], 2 -jne short loc_fffae096 ; jne 0xfffae096 +jne short loc_fffb2e8b ; jne 0xfffb2e8b mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x28] mov eax, dword [ebx + eax + 4] @@ -18701,32 +25371,32 @@ mov eax, dword [ebp - 0x38] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x34], eax cmp ecx, 1 -je short loc_fffae04b ; je 0xfffae04b -jb short loc_fffae057 ; jb 0xfffae057 +je short loc_fffb2e40 ; je 0xfffb2e40 +jb short loc_fffb2e4c ; jb 0xfffb2e4c xor eax, eax cmp ecx, 3 -jbe short loc_fffae07c ; jbe 0xfffae07c -jmp short loc_fffae057 ; jmp 0xfffae057 +jbe short loc_fffb2e71 ; jbe 0xfffb2e71 +jmp short loc_fffb2e4c ; jmp 0xfffb2e4c -loc_fffae04b: ; not directly referenced +loc_fffb2e40: ; not directly referenced movzx eax, word [edi + 0x25e] test ax, ax -jne short loc_fffae07c ; jne 0xfffae07c +jne short loc_fffb2e71 ; jne 0xfffb2e71 -loc_fffae057: ; not directly referenced +loc_fffb2e4c: ; not directly referenced xor eax, eax cmp dword [ebx + 0xd5], 2 -jne short loc_fffae07c ; jne 0xfffae07c +jne short loc_fffb2e71 ; jne 0xfffb2e71 cmp dword [ebp - 0x24], 0 movzx edx, word [edi + 0x68] -je short loc_fffae07c ; je 0xfffae07c +je short loc_fffb2e71 ; je 0xfffb2e71 imul edx, dword [ebp - 0x34] mov eax, dword [ebp - 0x24] lea eax, [eax + edx - 1] xor edx, edx div dword [ebp - 0x24] -loc_fffae07c: ; not directly referenced +loc_fffb2e71: ; not directly referenced cmp eax, 0x1ff mov edx, 0x1ff cmova eax, edx @@ -18735,25 +25405,25 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffae096: ; not directly referenced +loc_fffb2e8b: ; not directly referenced add dword [ebp - 0x28], 0x20 add ebx, 0x128 add edi, 0x277 cmp dword [ebp - 0x28], 0x40 -jne loc_fffae01c ; jne 0xfffae01c +jne loc_fffb2e11 ; jne 0xfffb2e11 add dword [ebp - 0x20], 0x54a add dword [ebp - 0x2c], 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffae000 ; jne 0xfffae000 -jmp near loc_fffadfc2 ; jmp 0xfffadfc2 +jne loc_fffb2df5 ; jne 0xfffb2df5 +jmp near loc_fffb2db7 ; jmp 0xfffb2db7 -loc_fffae0d0: ; not directly referenced +loc_fffb2ec5: ; not directly referenced cmp ecx, 1 -ja short loc_fffae0de ; ja 0xfffae0de -cmp byte [esi + 0x3749], 0 -je short loc_fffae108 ; je 0xfffae108 +ja short loc_fffb2ed3 ; ja 0xfffb2ed3 +cmp byte [esi + 0x374a], 0 +je short loc_fffb2efd ; je 0xfffb2efd -loc_fffae0de: ; not directly referenced +loc_fffb2ed3: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -18762,11 +25432,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffae108: ; not directly referenced +loc_fffb2efd: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffae0d0 ; jne 0xfffae0d0 +jne short loc_fffb2ec5 ; jne 0xfffb2ec5 add esp, 0x30 mov eax, 1 pop ebx @@ -18775,7 +25445,7 @@ pop edi pop ebp ret -fcn_fffae11e: ; not directly referenced +fcn_fffb2f13: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -18784,37 +25454,37 @@ push esi push ebx sub esp, 0x30 -loc_fffae129: ; not directly referenced +loc_fffb2f1e: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffae155 ; ja 0xfffae155 +ja short loc_fffb2f4a ; ja 0xfffb2f4a mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -jne short loc_fffae155 ; jne 0xfffae155 +cmp byte [ebx + 0x374a], 0 +jne short loc_fffb2f4a ; jne 0xfffb2f4a -loc_fffae13d: ; not directly referenced +loc_fffb2f32: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffae129 ; jne 0xfffae129 +jne short loc_fffb2f1e ; jne 0xfffb2f1e mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48e1 -jmp near loc_fffae29a ; jmp 0xfffae29a +add eax, 0x48e2 +jmp near loc_fffb308f ; jmp 0xfffb308f -loc_fffae155: ; not directly referenced +loc_fffb2f4a: ; not directly referenced mov ebx, dword [ebp + 8] imul eax, eax, 0x23 lea esi, [ecx*8 - 0x1269] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 -lea edi, [ebx + 0x49bf] +lea edi, [ebx + 0x49c0] mov dword [ebp - 0x2c], edi imul edi, ecx, 0x2e mov dword [ebp - 0x3c], esi mov dword [ebp - 0x30], eax mov dword [ebp - 0x34], edi -loc_fffae186: ; not directly referenced +loc_fffb2f7b: ; not directly referenced mov eax, dword [ebp - 0x3c] mov esi, dword [ebp - 0x2c] mov ebx, dword [ebp - 0x20] @@ -18824,9 +25494,9 @@ mov dword [ebp - 0x38], eax mov eax, dword [ebp + 8] lea edi, [eax + ebx + 0x1973] -loc_fffae1a5: ; not directly referenced +loc_fffb2f9a: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffae260 ; jne 0xfffae260 +jne loc_fffb3055 ; jne 0xfffb3055 mov eax, dword [ebp - 0x34] mov edx, dword [ebp - 0x24] mov ebx, dword [esi + eax - 0xf2] @@ -18834,67 +25504,67 @@ mov eax, dword [ebp - 0x38] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x28], eax cmp ecx, 1 -je short loc_fffae215 ; je 0xfffae215 -jb short loc_fffae221 ; jb 0xfffae221 +je short loc_fffb300a ; je 0xfffb300a +jb short loc_fffb3016 ; jb 0xfffb3016 cmp ecx, 3 -ja short loc_fffae221 ; ja 0xfffae221 +ja short loc_fffb3016 ; ja 0xfffb3016 cmp ecx, 2 mov dl, byte [esi] -jne short loc_fffae1e8 ; jne 0xfffae1e8 +jne short loc_fffb2fdd ; jne 0xfffb2fdd and dl, 1 -jne short loc_fffae1ef ; jne 0xfffae1ef +jne short loc_fffb2fe4 ; jne 0xfffb2fe4 xor eax, eax -jmp short loc_fffae246 ; jmp 0xfffae246 +jmp short loc_fffb303b ; jmp 0xfffb303b -loc_fffae1e8: ; not directly referenced +loc_fffb2fdd: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffae246 ; je 0xfffae246 +je short loc_fffb303b ; je 0xfffb303b -loc_fffae1ef: ; not directly referenced +loc_fffb2fe4: ; not directly referenced mov eax, dword [esi - 0x21] and eax, 0xfffffffd dec eax mov eax, dword [ebp - 0x30] -jne short loc_fffae205 ; jne 0xfffae205 +jne short loc_fffb2ffa ; jne 0xfffb2ffa movzx edx, word [edi + eax + 0x10f] -jmp short loc_fffae20d ; jmp 0xfffae20d +jmp short loc_fffb3002 ; jmp 0xfffb3002 -loc_fffae205: ; not directly referenced +loc_fffb2ffa: ; not directly referenced movzx edx, word [edi + eax + 0x1df] -loc_fffae20d: ; not directly referenced +loc_fffb3002: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffae246 ; je 0xfffae246 -jmp short loc_fffae23a ; jmp 0xfffae23a +je short loc_fffb303b ; je 0xfffb303b +jmp short loc_fffb302f ; jmp 0xfffb302f -loc_fffae215: ; not directly referenced +loc_fffb300a: ; not directly referenced movzx eax, word [edi + 0x25c] test ax, ax -jne short loc_fffae246 ; jne 0xfffae246 +jne short loc_fffb303b ; jne 0xfffb303b -loc_fffae221: ; not directly referenced +loc_fffb3016: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffae246 ; je 0xfffae246 +je short loc_fffb303b ; je 0xfffb303b mov eax, dword [esi - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffae236 ; jne 0xfffae236 +jne short loc_fffb302b ; jne 0xfffb302b movzx edx, word [edi + 0x60] -jmp short loc_fffae23a ; jmp 0xfffae23a +jmp short loc_fffb302f ; jmp 0xfffb302f -loc_fffae236: ; not directly referenced +loc_fffb302b: ; not directly referenced movzx edx, word [edi + 0x66] -loc_fffae23a: ; not directly referenced +loc_fffb302f: ; not directly referenced imul edx, dword [ebp - 0x28] lea eax, [ebx + edx - 1] xor edx, edx div ebx -loc_fffae246: ; not directly referenced +loc_fffb303b: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 0x1ff mov ebx, 0x1ff @@ -18903,26 +25573,26 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffae260: ; not directly referenced +loc_fffb3055: ; not directly referenced add dword [ebp - 0x24], 0x20 add esi, 0x128 add edi, 0x277 cmp dword [ebp - 0x24], 0x40 -jne loc_fffae1a5 ; jne 0xfffae1a5 +jne loc_fffb2f9a ; jne 0xfffb2f9a add dword [ebp - 0x20], 0x54a add dword [ebp - 0x2c], 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffae186 ; jne 0xfffae186 -jmp near loc_fffae13d ; jmp 0xfffae13d +jne loc_fffb2f7b ; jne 0xfffb2f7b +jmp near loc_fffb2f32 ; jmp 0xfffb2f32 -loc_fffae29a: ; not directly referenced +loc_fffb308f: ; not directly referenced cmp ecx, 1 -ja short loc_fffae2ab ; ja 0xfffae2ab +ja short loc_fffb30a0 ; ja 0xfffb30a0 mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffae2d5 ; je 0xfffae2d5 +cmp byte [edi + 0x374a], 0 +je short loc_fffb30ca ; je 0xfffb30ca -loc_fffae2ab: ; not directly referenced +loc_fffb30a0: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -18931,11 +25601,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffae2d5: ; not directly referenced +loc_fffb30ca: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffae29a ; jne 0xfffae29a +jne short loc_fffb308f ; jne 0xfffb308f add esp, 0x30 mov eax, 1 pop ebx @@ -18944,7 +25614,7 @@ pop edi pop ebp ret -fcn_fffae2eb: ; not directly referenced +fcn_fffb30e0: ; not directly referenced push ebp mov ebp, esp push edi @@ -18953,40 +25623,40 @@ push esi push ebx sub esp, 0x4c mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] mov dword [ebp - 0x44], eax -loc_fffae302: ; not directly referenced +loc_fffb30f7: ; not directly referenced lea eax, [edi - 2] cmp eax, 1 -ja short loc_fffae32e ; ja 0xfffae32e +ja short loc_fffb3123 ; ja 0xfffb3123 mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -jne short loc_fffae32e ; jne 0xfffae32e +cmp byte [ebx + 0x374a], 0 +jne short loc_fffb3123 ; jne 0xfffb3123 -loc_fffae316: ; not directly referenced +loc_fffb310b: ; not directly referenced inc edi cmp edi, 4 -jne short loc_fffae302 ; jne 0xfffae302 +jne short loc_fffb30f7 ; jne 0xfffb30f7 mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48df -jmp near loc_fffae4d9 ; jmp 0xfffae4d9 +add eax, 0x48e0 +jmp near loc_fffb32ce ; jmp 0xfffb32ce -loc_fffae32e: ; not directly referenced +loc_fffb3123: ; not directly referenced mov ebx, dword [ebp + 8] imul eax, eax, 0x23 lea esi, [edi*8 - 0x1269] mov dword [ebp + edi*4 - 0x28], 0 mov dword [ebp - 0x34], 0 -add ebx, 0x49bf +add ebx, 0x49c0 mov dword [ebp - 0x3c], ebx imul ebx, edi, 0x2e mov dword [ebp - 0x54], esi mov dword [ebp - 0x40], eax mov dword [ebp - 0x48], ebx -loc_fffae35f: ; not directly referenced +loc_fffb3154: ; not directly referenced mov eax, dword [ebp - 0x54] mov esi, dword [ebp - 0x3c] mov ebx, dword [ebp - 0x34] @@ -18997,9 +25667,9 @@ mov eax, dword [ebp + 8] lea eax, [eax + ebx + 0x1973] mov dword [ebp - 0x30], eax -loc_fffae381: ; not directly referenced +loc_fffb3176: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffae49e ; jne 0xfffae49e +jne loc_fffb3293 ; jne 0xfffb3293 mov eax, dword [ebp - 0x48] mov ebx, dword [ebp - 0x38] mov eax, dword [esi + eax - 0xf2] @@ -19007,40 +25677,40 @@ mov dword [ebp - 0x2c], eax mov eax, dword [ebp - 0x50] mov ecx, dword [eax + ebx + 0xc9] cmp edi, 1 -je loc_fffae446 ; je 0xfffae446 -jb loc_fffae455 ; jb 0xfffae455 +je loc_fffb323b ; je 0xfffb323b +jb loc_fffb324a ; jb 0xfffb324a cmp edi, 3 -ja loc_fffae455 ; ja 0xfffae455 +ja loc_fffb324a ; ja 0xfffb324a cmp edi, 2 mov dl, byte [esi] -jne short loc_fffae3d3 ; jne 0xfffae3d3 +jne short loc_fffb31c8 ; jne 0xfffb31c8 and dl, 1 -jne short loc_fffae3de ; jne 0xfffae3de +jne short loc_fffb31d3 ; jne 0xfffb31d3 xor eax, eax -jmp near loc_fffae484 ; jmp 0xfffae484 +jmp near loc_fffb3279 ; jmp 0xfffb3279 -loc_fffae3d3: ; not directly referenced +loc_fffb31c8: ; not directly referenced xor eax, eax and dl, 2 -je loc_fffae484 ; je 0xfffae484 +je loc_fffb3279 ; je 0xfffb3279 -loc_fffae3de: ; not directly referenced +loc_fffb31d3: ; not directly referenced mov eax, dword [esi - 0x21] mov ebx, dword [ebp - 0x40] and eax, 0xfffffffd dec eax mov eax, dword [ebp - 0x30] -jne short loc_fffae3f7 ; jne 0xfffae3f7 +jne short loc_fffb31ec ; jne 0xfffb31ec movzx edx, word [eax + ebx + 0x10d] -jmp short loc_fffae3ff ; jmp 0xfffae3ff +jmp short loc_fffb31f4 ; jmp 0xfffb31f4 -loc_fffae3f7: ; not directly referenced +loc_fffb31ec: ; not directly referenced movzx edx, word [eax + ebx + 0x1dd] -loc_fffae3ff: ; not directly referenced +loc_fffb31f4: ; not directly referenced xor eax, eax cmp dword [ebp - 0x2c], 0 -je short loc_fffae484 ; je 0xfffae484 +je short loc_fffb3279 ; je 0xfffb3279 mov eax, dword [ebp - 0x44] imul edx, edx, 0x3e8 mov ebx, dword [eax + 0x74] @@ -19067,18 +25737,18 @@ push edx push eax call ebx add esp, 0x20 -jmp short loc_fffae484 ; jmp 0xfffae484 +jmp short loc_fffb3279 ; jmp 0xfffb3279 -loc_fffae446: ; not directly referenced +loc_fffb323b: ; not directly referenced mov eax, dword [ebp - 0x30] movzx eax, word [eax + 0x25a] test ax, ax -jne short loc_fffae484 ; jne 0xfffae484 +jne short loc_fffb3279 ; jne 0xfffb3279 -loc_fffae455: ; not directly referenced +loc_fffb324a: ; not directly referenced xor eax, eax cmp dword [ebp - 0x2c], 0 -je short loc_fffae484 ; je 0xfffae484 +je short loc_fffb3279 ; je 0xfffb3279 cmp dword [esi - 0x21], 3 mov eax, 0x3b8260 mov ebx, 0x7704c0 @@ -19092,7 +25762,7 @@ mov ecx, eax lea eax, [ebx + eax - 1] div ecx -loc_fffae484: ; not directly referenced +loc_fffb3279: ; not directly referenced cmp eax, 0xffff mov edx, 0xffff cmovbe edx, eax @@ -19101,26 +25771,26 @@ cmp edx, eax cmovb edx, eax mov dword [ebp + edi*4 - 0x28], edx -loc_fffae49e: ; not directly referenced +loc_fffb3293: ; not directly referenced add dword [ebp - 0x38], 0x20 add esi, 0x128 add dword [ebp - 0x30], 0x277 cmp dword [ebp - 0x38], 0x40 -jne loc_fffae381 ; jne 0xfffae381 +jne loc_fffb3176 ; jne 0xfffb3176 add dword [ebp - 0x34], 0x54a add dword [ebp - 0x3c], 0x13c3 cmp dword [ebp - 0x34], 0xa94 -jne loc_fffae35f ; jne 0xfffae35f -jmp near loc_fffae316 ; jmp 0xfffae316 +jne loc_fffb3154 ; jne 0xfffb3154 +jmp near loc_fffb310b ; jmp 0xfffb310b -loc_fffae4d9: ; not directly referenced +loc_fffb32ce: ; not directly referenced cmp ecx, 1 -ja short loc_fffae4ea ; ja 0xfffae4ea +ja short loc_fffb32df ; ja 0xfffb32df mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffae514 ; je 0xfffae514 +cmp byte [esi + 0x374a], 0 +je short loc_fffb3309 ; je 0xfffb3309 -loc_fffae4ea: ; not directly referenced +loc_fffb32df: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x20] mov word [eax], dx mov word [eax - 0x1173], dx @@ -19129,11 +25799,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffae514: ; not directly referenced +loc_fffb3309: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffae4d9 ; jne 0xfffae4d9 +jne short loc_fffb32ce ; jne 0xfffb32ce lea esp, [ebp - 0xc] mov eax, 1 pop ebx @@ -19142,37 +25812,37 @@ pop edi pop ebp ret -fcn_fffae52a: +fcn_fffb331f: push ebp mov ebp, esp sub esp, 0x14 -mov ecx, dword [eax + 0x2443] +mov ecx, dword [eax + 0x2444] add edx, dword [eax + 0x18c5] -inc dword [eax + 0x36a4] +inc dword [eax + 0x36a5] push edx call dword [ecx + 0x20] ; ucall leave ret -fcn_fffae548: +fcn_fffb333d: push ebp mov ebp, esp sub esp, 0x14 -mov ecx, dword [eax + 0x2443] +mov ecx, dword [eax + 0x2444] add edx, dword [eax + 0x18c5] -inc dword [eax + 0x36a4] +inc dword [eax + 0x36a5] push edx call dword [ecx + 0x24] ; ucall leave ret -fcn_fffae566: ; not directly referenced +fcn_fffb335b: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0xc -mov ebx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] +mov ebx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] push ecx add edx, dword [eax + 0x18c5] push edx @@ -19182,13 +25852,13 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffae58c: ; not directly referenced +fcn_fffb3381: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0xc -mov ebx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] +mov ebx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] push ecx add edx, dword [eax + 0x18c5] push edx @@ -19198,92 +25868,7 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffae5b2: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, ref_fffd363c ; mov ebx, 0xfffd363c -sub esp, 0x1c -mov edi, dword [ebp + 8] -mov dword [ebp - 0x20], eax -mov eax, dword [eax + 0x188b] -mov byte [ebp - 0x21], cl -mov dword [ebp - 0x28], edx -mov esi, dword [edi] -mov dword [ebp - 0x1c], eax - -loc_fffae5d7: ; not directly referenced -mov al, byte [ebx + 4] -and eax, 1 -cmp eax, dword [ebp - 0x28] -jne short loc_fffae62b ; jne 0xfffae62b -movzx edi, word [ebx] -sub edi, esi - -loc_fffae5e7: ; not directly referenced -movzx eax, word [ebx + 2] -lea edx, [esi + edi] -cmp edx, eax -ja short loc_fffae62b ; ja 0xfffae62b -cmp dword [ebp - 0x1c], 0 -jne short loc_fffae5fe ; jne 0xfffae5fe -test byte [ebx + 4], 2 -jmp short loc_fffae608 ; jmp 0xfffae608 - -loc_fffae5fe: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffae626 ; jne 0xfffae626 -test byte [ebx + 4], 4 - -loc_fffae608: ; not directly referenced -je short loc_fffae626 ; je 0xfffae626 -cmp byte [ebp - 0x21], 1 -jne short loc_fffae61c ; jne 0xfffae61c -mov eax, dword [ebp - 0x20] -call fcn_fffae52a ; call 0xfffae52a -mov dword [esi], eax -jmp short loc_fffae626 ; jmp 0xfffae626 - -loc_fffae61c: ; not directly referenced -mov ecx, dword [esi] -mov eax, dword [ebp - 0x20] -call fcn_fffae58c ; call 0xfffae58c - -loc_fffae626: ; not directly referenced -add esi, 4 -jmp short loc_fffae5e7 ; jmp 0xfffae5e7 - -loc_fffae62b: ; not directly referenced -add ebx, 5 -cmp ebx, ref_fffd3e70 ; cmp ebx, 0xfffd3e70 -jne short loc_fffae5d7 ; jne 0xfffae5d7 -mov eax, dword [ebp + 8] -mov dword [eax], esi -add esp, 0x1c -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffae645: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -lea ecx, [eax + 0x1c] -mov dword [edx + 0x1b8], ecx -add edx, 0x1b8 -mov ecx, 1 -mov dword [ebp + 8], edx -xor edx, edx -pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 - -fcn_fffae670: ; not directly referenced +fcn_fffb33a7: ; not directly referenced push ebp mov ebp, esp push edi @@ -19291,7 +25876,7 @@ push esi push ebx mov ebx, eax sub esp, 0x1c -mov esi, dword [ebx + 0x2443] +mov esi, dword [ebx + 0x2444] mov dword [ebp - 0x24], edx mov byte [ebp - 0x1d], dl call dword [esi + 0x54] ; ucall @@ -19300,12 +25885,12 @@ mov edx, 0x4800 add eax, 0x2710 mov dword [ebp - 0x1c], eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffae6a3: ; not directly referenced +loc_fffb33da: ; not directly referenced mov edx, 0x4804 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov cl, byte [ebp - 0x1d] mov edx, eax mov edi, eax @@ -19316,17 +25901,17 @@ and eax, 1 or eax, edx and eax, ecx cmp al, cl -jne short loc_fffae6ce ; jne 0xfffae6ce +jne short loc_fffb3405 ; jne 0xfffb3405 xor eax, eax -jmp short loc_fffae6db ; jmp 0xfffae6db +jmp short loc_fffb3412 ; jmp 0xfffb3412 -loc_fffae6ce: ; not directly referenced +loc_fffb3405: ; not directly referenced call dword [esi + 0x54] ; ucall cmp dword [ebp - 0x1c], eax -ja short loc_fffae6a3 ; ja 0xfffae6a3 +ja short loc_fffb33da ; ja 0xfffb33da mov eax, 0x12 -loc_fffae6db: ; not directly referenced +loc_fffb3412: ; not directly referenced mov edx, edi mov ecx, edi and edx, 2 @@ -19342,7 +25927,7 @@ pop edi pop ebp ret -fcn_fffae6fa: ; not directly referenced +fcn_fffb3431: ; not directly referenced push ebp mov ebp, esp push edi @@ -19356,7 +25941,7 @@ mov dword [ebp - 0x1c], edx imul edx, dword [eax + 0x18a7], 0x2e imul eax, dword [ebp - 0x1c], 0x13c3 lea eax, [edx + eax + 0x3740] -lea edx, [ebx + eax + 0x1a] +lea edx, [ebx + eax + 0x1b] movzx eax, word [edx + 0x12] cmp word [edx + 0x14], 0x1ff cmovbe di, word [edx + 0x14] @@ -19381,9 +25966,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -fcn_fffae778: ; not directly referenced +fcn_fffb34af: ; not directly referenced mov dl, byte [eax + 0x1907] push ebp mov ebp, esp @@ -19399,13 +25984,13 @@ sete bl cmp cl, 1 setbe dl or bl, dl -jne short loc_fffae7ba ; jne 0xfffae7ba +jne short loc_fffb34f1 ; jne 0xfffb34f1 xor ecx, ecx -cmp dword [eax + 0x2480], 3 +cmp dword [eax + 0x2481], 3 setne cl lea ecx, [ecx*4 + 2] -loc_fffae7ba: ; not directly referenced +loc_fffb34f1: ; not directly referenced and ecx, 0xf mov edx, 0x4cb0 shl ecx, 0xc @@ -19413,14 +25998,14 @@ pop ebx or ecx, esi pop esi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -fcn_fffae7cf: ; not directly referenced +fcn_fffb3506: ; not directly referenced push ebp mov ebp, esp sub esp, 0xc -mov ecx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] +mov ecx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] push dword [ebp + 0xc] push dword [ebp + 8] add edx, dword [eax + 0x18c5] @@ -19430,7 +26015,7 @@ add esp, 0x10 leave ret -fcn_fffae7f6: ; not directly referenced +fcn_fffb352d: ; not directly referenced push ebp mov ebp, esp push edi @@ -19438,27 +26023,27 @@ push esi push ebx sub esp, 0x2c mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] cmp dword [ebx + 0x188b], 1 mov dword [ebp - 0x24], eax -je loc_fffae9e4 ; je 0xfffae9e4 +je loc_fffb371b ; je 0xfffb371b -loc_fffae818: ; not directly referenced +loc_fffb354f: ; not directly referenced mov edx, 0x5030 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x5030 or al, 0x89 mov ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, 0x8f mov edx, 0x50fc mov eax, ebx -mov esi, dword [ebx + 0x2443] -call fcn_fffae58c ; call 0xfffae58c +mov esi, dword [ebx + 0x2444] +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebx + 0x18b5], 0 -je loc_fffaeac9 ; je 0xfffaeac9 +je loc_fffb3800 ; je 0xfffb3800 mov edi, dword [ebx + 0x18c1] push 0xa0 push 0 @@ -19604,7 +26189,7 @@ push edi call dword [esi + 0x30] ; ucall mov edx, 0x5880 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f movzx edx, byte [ebx + 0x192a] and edx, 1 shl edx, 5 @@ -19613,27 +26198,27 @@ or eax, edx mov edx, 0x5880 mov ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -jmp near loc_fffaeac9 ; jmp 0xfffaeac9 +jmp near loc_fffb3800 ; jmp 0xfffb3800 -loc_fffae9e4: ; not directly referenced -cmp byte [ebx + 0x36a8], 0 -je loc_fffae818 ; je 0xfffae818 -cmp byte [ebx + 0x3704], 0 -je short loc_fffaea2e ; je 0xfffaea2e +loc_fffb371b: ; not directly referenced +cmp byte [ebx + 0x36a9], 0 +je loc_fffb354f ; je 0xfffb354f +cmp byte [ebx + 0x3705], 0 +je short loc_fffb3765 ; je 0xfffb3765 push eax mov esi, dword [ebp - 0x24] xor edx, edx push 0x14 -mov eax, dword [ebx + 0x3711] +mov eax, dword [ebx + 0x3712] push edx push eax call dword [esi + 0x68] ; ucall add esp, 0xc push 0x14 mov dword [ebp - 0x28], eax -mov eax, dword [ebx + 0x3705] +mov eax, dword [ebx + 0x3706] mov dword [ebp - 0x2c], edx xor edx, edx push edx @@ -19642,50 +26227,50 @@ call dword [esi + 0x68] ; ucall add esp, 0x10 mov ecx, eax mov edi, edx -jmp short loc_fffaea40 ; jmp 0xfffaea40 +jmp short loc_fffb3777 ; jmp 0xfffb3777 -loc_fffaea2e: ; not directly referenced +loc_fffb3765: ; not directly referenced xor ecx, ecx xor edi, edi mov dword [ebp - 0x28], 0 mov dword [ebp - 0x2c], 0 -loc_fffaea40: ; not directly referenced +loc_fffb3777: ; not directly referenced xor esi, esi -loc_fffaea42: ; not directly referenced -movzx eax, byte [ebx + 0x36a8] +loc_fffb3779: ; not directly referenced +movzx eax, byte [ebx + 0x36a9] cmp esi, eax -jae loc_fffae818 ; jae 0xfffae818 -mov eax, dword [ebx + esi*8 + 0x36a9] -mov edx, dword [ebx + esi*8 + 0x36ad] -cmp byte [ebx + 0x3704], 0 +jae loc_fffb354f ; jae 0xfffb354f +mov eax, dword [ebx + esi*8 + 0x36aa] +mov edx, dword [ebx + esi*8 + 0x36ae] +cmp byte [ebx + 0x3705], 0 mov dword [ebp - 0x20], eax mov dword [ebp - 0x1c], edx -je short loc_fffaea8e ; je 0xfffaea8e +je short loc_fffb37c5 ; je 0xfffb37c5 cmp edx, dword [ebp - 0x2c] -ja short loc_fffaea8e ; ja 0xfffaea8e -jb short loc_fffaea7a ; jb 0xfffaea7a +ja short loc_fffb37c5 ; ja 0xfffb37c5 +jb short loc_fffb37b1 ; jb 0xfffb37b1 cmp eax, dword [ebp - 0x28] -jae short loc_fffaea8e ; jae 0xfffaea8e +jae short loc_fffb37c5 ; jae 0xfffb37c5 -loc_fffaea7a: ; not directly referenced +loc_fffb37b1: ; not directly referenced cmp edx, edi -jb short loc_fffaea8e ; jb 0xfffaea8e -ja short loc_fffaea84 ; ja 0xfffaea84 +jb short loc_fffb37c5 ; jb 0xfffb37c5 +ja short loc_fffb37bb ; ja 0xfffb37bb cmp eax, ecx -jb short loc_fffaea8e ; jb 0xfffaea8e +jb short loc_fffb37c5 ; jb 0xfffb37c5 -loc_fffaea84: ; not directly referenced +loc_fffb37bb: ; not directly referenced mov eax, dword [ebp - 0x1c] or eax, 0x40000000 -jmp short loc_fffaea96 ; jmp 0xfffaea96 +jmp short loc_fffb37cd ; jmp 0xfffb37cd -loc_fffaea8e: ; not directly referenced +loc_fffb37c5: ; not directly referenced mov eax, dword [ebp - 0x1c] and eax, 0xbfffffff -loc_fffaea96: ; not directly referenced +loc_fffb37cd: ; not directly referenced mov dword [ebp - 0x1c], eax mov eax, dword [ebp - 0x1c] lea edx, [esi*8 + 0x50b0] @@ -19698,33 +26283,33 @@ push eax mov eax, ebx push dword [ebp - 0x1c] push dword [ebp - 0x20] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 mov ecx, dword [ebp - 0x30] -jmp near loc_fffaea42 ; jmp 0xfffaea42 +jmp near loc_fffb3779 ; jmp 0xfffb3779 -loc_fffaeac9: ; not directly referenced +loc_fffb3800: ; not directly referenced mov eax, dword [ebp - 0x24] call dword [eax + 0x54] ; ucall lea esi, [eax + 0x2710] -loc_fffaead5: ; not directly referenced +loc_fffb380c: ; not directly referenced mov edx, 0x5030 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f test al, 0x20 -jne short loc_fffaeaf6 ; jne 0xfffaeaf6 +jne short loc_fffb382d ; jne 0xfffb382d mov eax, dword [ebp - 0x24] call dword [eax + 0x54] ; ucall cmp esi, eax -ja short loc_fffaead5 ; ja 0xfffaead5 +ja short loc_fffb380c ; ja 0xfffb380c mov eax, 1 -jmp short loc_fffaeb74 ; jmp 0xfffaeb74 +jmp short loc_fffb38ab ; jmp 0xfffb38ab -loc_fffaeaf6: ; not directly referenced +loc_fffb382d: ; not directly referenced xor eax, eax cmp dword [ebx + 0x1887], 0x306d0 -je short loc_fffaeb30 ; je 0xfffaeb30 +je short loc_fffb3867 ; je 0xfffb3867 mov ecx, eax mov edx, 0x14000000 and ecx, 0xe00fffff @@ -19734,9 +26319,9 @@ and ecx, 0xfff00fff or ecx, 0x24000 and ecx, 0xfffff00f or ecx, 0x4f -jmp short loc_fffaeb5d ; jmp 0xfffaeb5d +jmp short loc_fffb3894 ; jmp 0xfffb3894 -loc_fffaeb30: ; not directly referenced +loc_fffb3867: ; not directly referenced mov ecx, eax mov edx, 0x14000000 and ecx, 0xe00fffff @@ -19747,7 +26332,7 @@ or ecx, 0x5a000 and ecx, 0xfffff00f or ecx, 0x32f -loc_fffaeb5d: ; not directly referenced +loc_fffb3894: ; not directly referenced mov eax, ecx push ecx push ecx @@ -19755,11 +26340,11 @@ push edx mov edx, 0x5d10 push eax mov eax, ebx -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 xor eax, eax -loc_fffaeb74: ; not directly referenced +loc_fffb38ab: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -19767,13 +26352,13 @@ pop edi pop ebp ret -fcn_fffaeb7c: ; not directly referenced +fcn_fffb38b3: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0xc -mov ebx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] +mov ebx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] push ecx add edx, dword [eax + 0x18c5] push edx @@ -19783,41 +26368,41 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffaeba2: ; not directly referenced +fcn_fffb38d9: ; not directly referenced push ebp mov edx, eax mov ebp, esp xor eax, eax -loc_fffaeba9: ; not directly referenced +loc_fffb38e0: ; not directly referenced test edx, edx -je short loc_fffaebb5 ; je 0xfffaebb5 +je short loc_fffb38ec ; je 0xfffb38ec lea ecx, [edx - 1] inc eax and edx, ecx -jmp short loc_fffaeba9 ; jmp 0xfffaeba9 +jmp short loc_fffb38e0 ; jmp 0xfffb38e0 -loc_fffaebb5: ; not directly referenced +loc_fffb38ec: ; not directly referenced pop ebp ret -fcn_fffaebb7: ; not directly referenced +fcn_fffb38ee: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp push ebx mov ebx, 0xa9e -loc_fffaebc2: ; not directly referenced +loc_fffb38f9: ; not directly referenced cmp eax, 0x10f -jbe short loc_fffaebd8 ; jbe 0xfffaebd8 +jbe short loc_fffb390f ; jbe 0xfffb390f imul eax, eax, 0x3e8 xor edx, edx add ecx, 0x64 div ebx -jmp short loc_fffaebc2 ; jmp 0xfffaebc2 +jmp short loc_fffb38f9 ; jmp 0xfffb38f9 -loc_fffaebd8: ; not directly referenced +loc_fffb390f: ; not directly referenced imul edx, eax, 0xfffffff0 mov ebx, 0x2710 add edx, 0x2d3a @@ -19830,29 +26415,29 @@ pop ebp add eax, ecx ret -fcn_fffaebf8: ; not directly referenced +fcn_fffb392f: ; not directly referenced push ebp mov ecx, 0x12 mov ebp, esp xor edx, edx push edi push esi -mov esi, ref_fffd3628 ; mov esi, 0xfffd3628 +mov esi, ref_fffd3988 ; mov esi, 0xfffd3988 sub esp, 0x20 lea edi, [ebp - 0x1a] rep movsb ; rep movsb byte es:[edi], byte ptr [esi] lea ecx, [eax + eax] -loc_fffaec14: ; not directly referenced +loc_fffb394b: ; not directly referenced cmp eax, 8 -jbe short loc_fffaec26 ; jbe 0xfffaec26 +jbe short loc_fffb395d ; jbe 0xfffb395d mov ecx, eax add edx, 0xa shr ecx, 2 shr eax, 3 -jmp short loc_fffaec14 ; jmp 0xfffaec14 +jmp short loc_fffb394b ; jmp 0xfffb394b -loc_fffaec26: ; not directly referenced +loc_fffb395d: ; not directly referenced movzx eax, byte [ebp + ecx - 0x1a] add esp, 0x20 pop esi @@ -19861,9 +26446,9 @@ pop ebp add eax, edx ret -fcn_fffaec34: ; not directly referenced +fcn_fffb396b: ; not directly referenced cmp eax, 0xffffffff -je short loc_fffaec5c ; je 0xfffaec5c +je short loc_fffb3993 ; je 0xfffb3993 push ebp xor ecx, ecx mov ebp, esp @@ -19873,7 +26458,7 @@ push esi push ebx mov ebx, 1 -loc_fffaec48: ; not directly referenced +loc_fffb397f: ; not directly referenced mov edi, ebx shl edi, cl lea esi, [ecx + 1] @@ -19881,15 +26466,15 @@ test edi, eax cmovne edx, esi inc ecx cmp ecx, 0x20 -jne short loc_fffaec48 ; jne 0xfffaec48 -jmp short loc_fffaec61 ; jmp 0xfffaec61 +jne short loc_fffb397f ; jne 0xfffb397f +jmp short loc_fffb3998 ; jmp 0xfffb3998 -loc_fffaec5c: ; not directly referenced +loc_fffb3993: ; not directly referenced xor edx, edx mov al, dl ret -loc_fffaec61: ; not directly referenced +loc_fffb3998: ; not directly referenced pop ebx mov al, dl pop esi @@ -19897,7 +26482,7 @@ pop edi pop ebp ret -fcn_fffaec68: ; not directly referenced +fcn_fffb399f: ; not directly referenced push ebp mov ebp, esp push edi @@ -19910,33 +26495,33 @@ mov bl, byte [ebp + 0xc] mov byte [ebp - 0xf], bl mov bl, byte [ebp + 0x10] cmp cl, 0xff -je short loc_fffaec8d ; je 0xfffaec8d +je short loc_fffb39c4 ; je 0xfffb39c4 lea edi, [ecx + 1] mov byte [ebp - 0xd], cl -jmp short loc_fffaec96 ; jmp 0xfffaec96 +jmp short loc_fffb39cd ; jmp 0xfffb39cd -loc_fffaec8d: ; not directly referenced +loc_fffb39c4: ; not directly referenced mov edi, 4 mov byte [ebp - 0xd], 0 -loc_fffaec96: ; not directly referenced +loc_fffb39cd: ; not directly referenced imul edx, edx, 0x13c3 -lea esi, [eax + edx + 0x3756] +lea esi, [eax + edx + 0x3757] add eax, edx mov dword [ebp - 0x14], esi mov dword [ebp - 0x1c], eax -loc_fffaecab: ; not directly referenced +loc_fffb39e2: ; not directly referenced mov eax, edi cmp byte [ebp - 0xd], al -jae short loc_fffaed27 ; jae 0xfffaed27 +jae short loc_fffb3a5e ; jae 0xfffb3a5e mov cl, byte [ebp - 0xd] mov eax, 1 mov esi, dword [ebp - 0x1c] movzx edx, cl shl eax, cl -test byte [esi + 0x381a], al -je short loc_fffaed22 ; je 0xfffaed22 +test byte [esi + 0x381b], al +je short loc_fffb3a59 ; je 0xfffb3a59 movzx eax, byte [ebp - 0xe] lea edx, [edx + edx*8] add edx, dword [ebp - 0x14] @@ -19944,39 +26529,39 @@ add eax, edx cmp byte [ebp - 0xf], 0 mov dl, byte [eax + 0x104a] mov al, byte [eax + 0x106e] -jne short loc_fffaecf4 ; jne 0xfffaecf4 +jne short loc_fffb3a2b ; jne 0xfffb3a2b cmp al, dl cmova eax, edx cmp bl, al cmova ebx, eax -jmp short loc_fffaed22 ; jmp 0xfffaed22 +jmp short loc_fffb3a59 ; jmp 0xfffb3a59 -loc_fffaecf4: ; not directly referenced +loc_fffb3a2b: ; not directly referenced movzx ecx, dl movzx esi, bl mov dword [ebp - 0x18], ecx mov ecx, 0x3f sub ecx, dword [ebp - 0x18] cmp esi, ecx -jle short loc_fffaed0d ; jle 0xfffaed0d +jle short loc_fffb3a44 ; jle 0xfffb3a44 mov bl, 0x3f sub ebx, edx -loc_fffaed0d: ; not directly referenced +loc_fffb3a44: ; not directly referenced movzx esi, al mov edx, 0x3f movzx ecx, bl sub edx, esi cmp ecx, edx -jle short loc_fffaed22 ; jle 0xfffaed22 +jle short loc_fffb3a59 ; jle 0xfffb3a59 mov bl, 0x3f sub ebx, eax -loc_fffaed22: ; not directly referenced +loc_fffb3a59: ; not directly referenced inc byte [ebp - 0xd] -jmp short loc_fffaecab ; jmp 0xfffaecab +jmp short loc_fffb39e2 ; jmp 0xfffb39e2 -loc_fffaed27: ; not directly referenced +loc_fffb3a5e: ; not directly referenced add esp, 0x10 mov al, bl pop ebx @@ -19985,7 +26570,7 @@ pop edi pop ebp ret -fcn_fffaed31: +fcn_fffb3a68: push ebp mov ebp, esp push edi @@ -19994,7 +26579,7 @@ push ebx mov ebx, edx sub esp, 0x10 mov edi, dword [ebp + 8] -mov esi, dword [eax + 0x2443] +mov esi, dword [eax + 0x2444] mov eax, 0x5f5e100 test edi, edi cmovne eax, edi @@ -20019,7 +26604,7 @@ add esp, 0x10 xor ecx, ecx mov ebx, edx or ebx, eax -je short loc_fffaed9b ; je 0xfffaed9b +je short loc_fffb3ad2 ; je 0xfffb3ad2 sub esp, 0xc push 0 push edx @@ -20030,7 +26615,7 @@ call dword [esi + 0x74] ; ucall add esp, 0x20 mov ecx, eax -loc_fffaed9b: +loc_fffb3ad2: lea esp, [ebp - 0xc] mov eax, ecx pop ebx @@ -20039,7 +26624,7 @@ pop edi pop ebp ret -fcn_fffaeda5: ; not directly referenced +fcn_fffb3adc: ; not directly referenced push ebp mov ebp, esp push edi @@ -20048,29 +26633,29 @@ xor esi, esi push ebx sub esp, 0x4c mov ebx, dword [ebp + 8] -lea eax, [ebx + 0x3756] +lea eax, [ebx + 0x3757] mov dword [ebp - 0x4c], eax lea eax, [ebx + 0x2407] mov dword [ebp - 0x58], eax -loc_fffaedc5: ; not directly referenced +loc_fffb3afc: ; not directly referenced lea eax, [esi - 2] cmp eax, 1 -ja short loc_fffaedf0 ; ja 0xfffaedf0 -cmp byte [ebx + 0x3749], 0 -jne short loc_fffaedf0 ; jne 0xfffaedf0 +ja short loc_fffb3b27 ; ja 0xfffb3b27 +cmp byte [ebx + 0x374a], 0 +jne short loc_fffb3b27 ; jne 0xfffb3b27 -loc_fffaedd6: ; not directly referenced +loc_fffb3b0d: ; not directly referenced inc esi add dword [ebp - 0x4c], 8 cmp esi, 4 -jne short loc_fffaedc5 ; jne 0xfffaedc5 -lea eax, [ebx + 0x48cd] +jne short loc_fffb3afc ; jne 0xfffb3afc +lea eax, [ebx + 0x48ce] mov ecx, 0xfffffffe -jmp near loc_fffaef89 ; jmp 0xfffaef89 +jmp near loc_fffb3cc0 ; jmp 0xfffb3cc0 -loc_fffaedf0: ; not directly referenced -lea eax, [ebx + 0x49bf] +loc_fffb3b27: ; not directly referenced +lea eax, [ebx + 0x49c0] mov edi, dword [ebp - 0x4c] mov dword [ebp - 0x44], eax lea eax, [ebx + 0x1973] @@ -20083,16 +26668,16 @@ add eax, 0xbb mov dword [ebp - 0x50], edi mov dword [ebp - 0x54], eax -loc_fffaee24: ; not directly referenced +loc_fffb3b5b: ; not directly referenced mov eax, dword [ebp - 0x44] mov edi, dword [ebp - 0x34] mov dword [ebp - 0x38], 0 mov dword [ebp - 0x2c], eax -loc_fffaee34: ; not directly referenced +loc_fffb3b6b: ; not directly referenced mov eax, dword [ebp - 0x2c] cmp dword [eax - 0xf6], 2 -jne loc_fffaef48 ; jne 0xfffaef48 +jne loc_fffb3c7f ; jne 0xfffb3c7f mov eax, dword [ebp - 0x48] mov ecx, dword [ebp - 0x38] mov edx, dword [eax + ecx + 0xc9] @@ -20100,25 +26685,25 @@ mov eax, dword [eax + ecx + 0xcd] mov dword [ebp - 0x3c], edx mov dword [ebp - 0x40], eax cmp esi, 1 -je short loc_fffaeed2 ; je 0xfffaeed2 -jb loc_fffaef03 ; jb 0xfffaef03 +je short loc_fffb3c09 ; je 0xfffb3c09 +jb loc_fffb3c3a ; jb 0xfffb3c3a cmp esi, 3 -ja loc_fffaef03 ; ja 0xfffaef03 +ja loc_fffb3c3a ; ja 0xfffb3c3a mov eax, dword [ebp - 0x2c] cmp esi, 2 mov dl, byte [eax] -jne short loc_fffaee88 ; jne 0xfffaee88 +jne short loc_fffb3bbf ; jne 0xfffb3bbf and dl, 1 -jne short loc_fffaee93 ; jne 0xfffaee93 +jne short loc_fffb3bca ; jne 0xfffb3bca xor eax, eax -jmp near loc_fffaef3b ; jmp 0xfffaef3b +jmp near loc_fffb3c72 ; jmp 0xfffb3c72 -loc_fffaee88: ; not directly referenced +loc_fffb3bbf: ; not directly referenced xor eax, eax and dl, 2 -je loc_fffaef3b ; je 0xfffaef3b +je loc_fffb3c72 ; je 0xfffb3c72 -loc_fffaee93: ; not directly referenced +loc_fffb3bca: ; not directly referenced mov eax, dword [ebp - 0x2c] mov ecx, dword [ebp - 0x54] mov edx, dword [eax - 0x21] @@ -20133,82 +26718,82 @@ xor edx, edx cmp byte [eax + 1], 0x13 mov dword [ebp - 0x30], ecx movzx ecx, byte [ecx + 1] -jne short loc_fffaeec4 ; jne 0xfffaeec4 +jne short loc_fffb3bfb ; jne 0xfffb3bfb mov eax, dword [ebp - 0x30] movsx edx, byte [eax + 0x1a] -loc_fffaeec4: ; not directly referenced +loc_fffb3bfb: ; not directly referenced mov eax, dword [ebp - 0x40] imul ecx, dword [ebp - 0x3c] imul eax, edx add eax, ecx -jmp short loc_fffaef2e ; jmp 0xfffaef2e +jmp short loc_fffb3c65 ; jmp 0xfffb3c65 -loc_fffaeed2: ; not directly referenced +loc_fffb3c09: ; not directly referenced movzx edx, byte [ebx + 0x1876] test dl, dl -je short loc_fffaef03 ; je 0xfffaef03 +je short loc_fffb3c3a ; je 0xfffb3c3a sub esp, 0xc -mov ecx, dword [ebx + 0x36e3] +mov ecx, dword [ebx + 0x36e4] mov eax, ebx push dword [ebx + 0x187b] -call fcn_fffaed31 ; call 0xfffaed31 -mov edx, dword [ebx + 0x36db] +call fcn_fffb3a68 ; call 0xfffb3a68 +mov edx, dword [ebx + 0x36dc] add esp, 0x10 cmp eax, edx cmovb eax, edx -jmp short loc_fffaef3b ; jmp 0xfffaef3b +jmp short loc_fffb3c72 ; jmp 0xfffb3c72 -loc_fffaef03: ; not directly referenced +loc_fffb3c3a: ; not directly referenced mov eax, dword [ebp - 0x2c] mov eax, dword [eax - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffaef19 ; jne 0xfffaef19 +jne short loc_fffb3c50 ; jne 0xfffb3c50 movzx eax, byte [edi + 0x54] movsx edx, byte [edi + 0x6a] -jmp short loc_fffaef24 ; jmp 0xfffaef24 +jmp short loc_fffb3c5b ; jmp 0xfffb3c5b -loc_fffaef19: ; not directly referenced +loc_fffb3c50: ; not directly referenced movzx eax, byte [edi + 0x5a] movsx edx, byte [edi + 0xc5] -loc_fffaef24: ; not directly referenced +loc_fffb3c5b: ; not directly referenced imul eax, dword [ebp - 0x3c] imul edx, dword [ebp - 0x40] add eax, edx -loc_fffaef2e: ; not directly referenced -cmp eax, dword [ebx + 0x36db] -cmovb eax, dword [ebx + 0x36db] +loc_fffb3c65: ; not directly referenced +cmp eax, dword [ebx + 0x36dc] +cmovb eax, dword [ebx + 0x36dc] -loc_fffaef3b: ; not directly referenced +loc_fffb3c72: ; not directly referenced mov edx, dword [ebp + esi*4 - 0x28] cmp eax, edx cmovb eax, edx mov dword [ebp + esi*4 - 0x28], eax -loc_fffaef48: ; not directly referenced +loc_fffb3c7f: ; not directly referenced add dword [ebp - 0x38], 0x20 add edi, 0x277 add dword [ebp - 0x2c], 0x128 cmp dword [ebp - 0x38], 0x40 -jne loc_fffaee34 ; jne 0xfffaee34 +jne loc_fffb3b6b ; jne 0xfffb3b6b add dword [ebp - 0x34], 0x54a mov eax, dword [ebp - 0x58] add dword [ebp - 0x44], 0x13c3 add dword [ebp - 0x48], 0x13c3 cmp dword [ebp - 0x34], eax -jne loc_fffaee24 ; jne 0xfffaee24 -jmp near loc_fffaedd6 ; jmp 0xfffaedd6 +jne loc_fffb3b5b ; jne 0xfffb3b5b +jmp near loc_fffb3b0d ; jmp 0xfffb3b0d -loc_fffaef89: ; not directly referenced +loc_fffb3cc0: ; not directly referenced cmp ecx, 1 -ja short loc_fffaef97 ; ja 0xfffaef97 -cmp byte [ebx + 0x3749], 0 -je short loc_fffaefbb ; je 0xfffaefbb +ja short loc_fffb3cce ; ja 0xfffb3cce +cmp byte [ebx + 0x374a], 0 +je short loc_fffb3cf2 ; je 0xfffb3cf2 -loc_fffaef97: ; not directly referenced +loc_fffb3cce: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x20] mov dword [eax], edx mov dword [eax - 0x1173], edx @@ -20217,14 +26802,14 @@ mov dword [eax + 0x13c3], edx mov dword [eax + 0x250], edx mov dword [eax + 0x14eb], edx -loc_fffaefbb: ; not directly referenced +loc_fffb3cf2: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffaef89 ; jne 0xfffaef89 +jne short loc_fffb3cc0 ; jne 0xfffb3cc0 mov eax, dword [ebx + 0x18a7] mov eax, dword [ebp + eax*4 - 0x28] -mov dword [ebx + 0x36df], eax +mov dword [ebx + 0x36e0], eax lea esp, [ebp - 0xc] mov eax, 1 pop ebx @@ -20233,7 +26818,7 @@ pop edi pop ebp ret -fcn_fffaefe1: +fcn_fffb3d18: push ebp mov ebp, esp push edi @@ -20242,7 +26827,7 @@ push ebx mov ebx, 0x5f5e100 sub esp, 0x10 mov edi, dword [ebp + 8] -mov esi, dword [eax + 0x2443] +mov esi, dword [eax + 0x2444] mov eax, 0xbebc200 test edi, edi cmovne ebx, edi @@ -20270,7 +26855,7 @@ pop edi pop ebp ret -fcn_fffaf03f: +fcn_fffb3d76: push ebp mov ebp, esp push edi @@ -20281,16 +26866,16 @@ xor ebx, ebx sub esp, 8 mov dword [ebp - 0x14], eax -loc_fffaf04f: +loc_fffb3d86: cmp esi, edx -je short loc_fffaf07d ; je 0xfffaf07d +je short loc_fffb3db4 ; je 0xfffb3db4 mov eax, dword [ebp - 0x14] mov byte [ebp - 0xd], 8 movzx edi, byte [eax + esi] shl edi, 8 xor ebx, edi -loc_fffaf063: +loc_fffb3d9a: lea edi, [ebx + ebx] mov eax, edi xor eax, 0x1021 @@ -20298,11 +26883,11 @@ and bh, 0x80 mov ebx, eax cmove ebx, edi dec byte [ebp - 0xd] -jne short loc_fffaf063 ; jne 0xfffaf063 +jne short loc_fffb3d9a ; jne 0xfffb3d9a inc esi -jmp short loc_fffaf04f ; jmp 0xfffaf04f +jmp short loc_fffb3d86 ; jmp 0xfffb3d86 -loc_fffaf07d: +loc_fffb3db4: mov word [ecx], bx mov eax, 1 pop edx @@ -20313,7 +26898,7 @@ pop edi pop ebp ret -fcn_fffaf08c: ; not directly referenced +fcn_fffb3dc3: ; not directly referenced push ebp mov ebp, esp push edi @@ -20321,6529 +26906,58 @@ mov edi, ecx push esi mov esi, eax push ebx -mov eax, ref_fffd34b0 ; mov eax, 0xfffd34b0 +mov eax, ref_fffd37fc ; mov eax, 0xfffd37fc xor ebx, ebx -loc_fffaf09d: ; not directly referenced +loc_fffb3dd4: ; not directly referenced cmp edx, dword [eax] -ja short loc_fffaf0b1 ; ja 0xfffaf0b1 +ja short loc_fffb3de8 ; ja 0xfffb3de8 cmp edx, dword [eax + 9] -jbe short loc_fffaf0b1 ; jbe 0xfffaf0b1 +jbe short loc_fffb3de8 ; jbe 0xfffb3de8 lea eax, [ebx + ebx*8] -mov eax, dword [eax + ref_fffd34b4] ; mov eax, dword [eax - 0x2cb4c] -jmp short loc_fffaf0bc ; jmp 0xfffaf0bc +mov eax, dword [eax + ref_fffd3800] ; mov eax, dword [eax - 0x2c800] +jmp short loc_fffb3df3 ; jmp 0xfffb3df3 -loc_fffaf0b1: ; not directly referenced +loc_fffb3de8: ; not directly referenced inc ebx add eax, 9 cmp ebx, 0x14 -jne short loc_fffaf09d ; jne 0xfffaf09d +jne short loc_fffb3dd4 ; jne 0xfffb3dd4 xor eax, eax -loc_fffaf0bc: ; not directly referenced +loc_fffb3df3: ; not directly referenced mov ecx, esi mov edx, 1 shl edx, cl lea ecx, [ebx + ebx*8] -add ecx, ref_fffd34b0 ; add ecx, 0xfffd34b0 -jmp short loc_fffaf0df ; jmp 0xfffaf0df +add ecx, ref_fffd37fc ; add ecx, 0xfffd37fc +jmp short loc_fffb3e16 ; jmp 0xfffb3e16 -loc_fffaf0d0: ; not directly referenced +loc_fffb3e07: ; not directly referenced movzx esi, byte [ecx + 8] sub ecx, 9 test esi, edx -jne short loc_fffaf0e3 ; jne 0xfffaf0e3 +jne short loc_fffb3e1a ; jne 0xfffb3e1a mov eax, dword [ecx + 4] dec ebx -loc_fffaf0df: ; not directly referenced +loc_fffb3e16: ; not directly referenced test ebx, ebx -jne short loc_fffaf0d0 ; jne 0xfffaf0d0 +jne short loc_fffb3e07 ; jne 0xfffb3e07 -loc_fffaf0e3: ; not directly referenced +loc_fffb3e1a: ; not directly referenced test edi, edi -je short loc_fffaf0e9 ; je 0xfffaf0e9 +je short loc_fffb3e20 ; je 0xfffb3e20 mov dword [edi], ebx -loc_fffaf0e9: ; not directly referenced +loc_fffb3e20: ; not directly referenced pop ebx pop esi pop edi pop ebp ret -fcn_fffaf0ee: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x3c -mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x188b] -mov ebx, dword [eax + 0x18a7] -mov al, byte [eax + 0x36c9] -test esi, esi -sete cl -test al, al -sete dl -test cl, dl -jne loc_fffaf36d ; jne 0xfffaf36d -dec esi -sete dl -dec al -sete al -test dl, al -jne loc_fffaf36d ; jne 0xfffaf36d -mov eax, dword [ebp + 8] -mov dword [ebp - 0x2c], 0 -lea edi, [eax + 0x3756] -imul eax, ebx, 0x2e -mov dword [ebp - 0x38], eax - -loc_fffaf145: ; not directly referenced -cmp dword [edi], 2 -jne loc_fffaf35a ; jne 0xfffaf35a -mov eax, dword [ebp - 0x38] -mov ecx, dword [ebp - 0x2c] -mov byte [ebp - 0x1c], 0 -mov byte [ebp - 0x1b], 2 -cmp word [edi + eax + 8], 2 -mov byte [ebp - 0x1a], 3 -mov byte [ebp - 0x19], 2 -sete al -movzx eax, al -add eax, eax -mov byte [ebp - 0x31], al -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -imul eax, ecx, 0xcc -lea ebx, [edx + eax + 0x1c] -mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x18a7] -mov eax, ecx -shl eax, 0xa -lea ecx, [eax + 0x4004] -mov dword [ebp - 0x30], eax -mov eax, dword [ebp + 8] -mov edx, ecx -mov dword [ebp - 0x48], ecx -imul esi, esi, 0x2e -call fcn_fffae52a ; call 0xfffae52a -add esi, edi -mov dword [ebx + 0xa0], eax -movzx eax, word [esi + 8] -mov dl, byte [ebp + eax - 0x1d] -mov al, byte [ebx + 0xa3] -shl edx, 6 -and eax, 0x3f -or eax, edx -mov edx, dword [ebp - 0x48] -mov byte [ebx + 0xa3], al -mov eax, dword [ebp + 8] -mov ecx, dword [ebx + 0xa0] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x30] -add eax, 0x400c -mov edx, eax -mov dword [ebp - 0x48], eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebx + 0xa8], eax -mov ax, word [esi + 8] -mov esi, dword [ebp + 8] -mov ecx, dword [esi + 0x2480] -mov edx, dword [esi + 0x36d7] -cmp ecx, 3 -jne short loc_fffaf224 ; jne 0xfffaf224 -cmp edx, 0x536 -sbb eax, eax -add eax, 6 -jmp short loc_fffaf26e ; jmp 0xfffaf26e - -loc_fffaf224: ; not directly referenced -cmp ecx, 2 -jne short loc_fffaf242 ; jne 0xfffaf242 -mov eax, 5 -cmp edx, 0x640 -jbe short loc_fffaf26e ; jbe 0xfffaf26e -mov al, 6 -cmp edx, 0x74b -jbe short loc_fffaf26e ; jbe 0xfffaf26e -jmp short loc_fffaf263 ; jmp 0xfffaf263 - -loc_fffaf242: ; not directly referenced -cmp edx, 0x640 -ja short loc_fffaf252 ; ja 0xfffaf252 -movzx eax, al -add eax, 4 -jmp short loc_fffaf26e ; jmp 0xfffaf26e - -loc_fffaf252: ; not directly referenced -cmp edx, 0x74b -ja short loc_fffaf263 ; ja 0xfffaf263 -cmp al, 3 -sbb eax, eax -add eax, 7 -jmp short loc_fffaf26e ; jmp 0xfffaf26e - -loc_fffaf263: ; not directly referenced -cmp edx, 0x856 -sbb eax, eax -add eax, 8 - -loc_fffaf26e: ; not directly referenced -cmp eax, 0xf -mov edx, 0xf -cmovbe edx, eax -mov al, byte [ebx + 0xa8] -xor esi, esi -mov cl, dl -shl ecx, 6 -shr edx, 2 -and eax, 0x3f -and edx, 3 -or eax, ecx -mov byte [ebx + 0xa8], al -mov al, byte [ebx + 0xa9] -and eax, 0xfffffffc -or eax, edx -mov byte [ebx + 0xa9], al -mov ecx, dword [ebx + 0xa8] -xor ebx, ebx -mov edx, dword [ebp - 0x48] -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebp - 0x31] -xor ecx, ecx -mov dl, byte [edi + 0xc4] -mov byte [ebp - 0x48], 0 -sub eax, 4 -test dl, 1 -je short loc_fffaf2e3 ; je 0xfffaf2e3 -mov cl, al -add cl, byte [edi + 0x1015] -mov byte [edi + 0x1015], cl -and ecx, 0x7f - -loc_fffaf2e3: ; not directly referenced -and dl, 2 -je short loc_fffaf2fb ; je 0xfffaf2fb -mov dl, al -add dl, byte [edi + 0x1016] -mov esi, edx -mov byte [edi + 0x1016], dl -and esi, 0x7f - -loc_fffaf2fb: ; not directly referenced -mov dl, byte [edi + 0xc4] -test dl, 4 -je short loc_fffaf317 ; je 0xfffaf317 -mov bl, al -add bl, byte [edi + 0x1017] -mov byte [edi + 0x1017], bl -and ebx, 0x7f - -loc_fffaf317: ; not directly referenced -and dl, 8 -je short loc_fffaf32e ; je 0xfffaf32e -add al, byte [edi + 0x1018] -mov byte [edi + 0x1018], al -and eax, 0x7f -mov byte [ebp - 0x48], al - -loc_fffaf32e: ; not directly referenced -mov eax, dword [ebp - 0x48] -and esi, 0x7f -and ecx, 0x7f -shl esi, 8 -and ebx, 0x7f -mov edx, dword [ebp - 0x30] -shl ebx, 0x10 -or ecx, esi -or ecx, ebx -shl eax, 0x18 -or ecx, eax -mov eax, dword [ebp + 8] -add edx, 0x4024 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf35a: ; not directly referenced -inc dword [ebp - 0x2c] -add edi, 0x13c3 -cmp dword [ebp - 0x2c], 2 -jne loc_fffaf145 ; jne 0xfffaf145 - -loc_fffaf36d: ; not directly referenced -add esp, 0x3c -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffaf377: ; not directly referenced -push ebp -mov ecx, 4 -mov ebp, esp -push edi -push esi -mov esi, ref_fffd3e70 ; mov esi, 0xfffd3e70 -push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x54] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov byte [ebp - 0x5d], 0 -mov eax, dword [ebx + 0x2443] -mov dword [ebp - 0x5c], 0 -mov dword [ebp - 0x64], eax -lea eax, [ebx + 0x381a] - -loc_fffaf3ac: ; not directly referenced -mov cl, byte [eax] -mov byte [ebp - 0x5e], cl -and cl, 1 -jne short loc_fffaf41a ; jne 0xfffaf41a - -loc_fffaf3b6: ; not directly referenced -test byte [ebp - 0x5e], 4 -je loc_fffaf46d ; je 0xfffaf46d -movzx edx, word [eax + 0x12c0] -mov ecx, 1 -imul edx, dword [eax + 0x12bc] -movzx edi, byte [eax + 0x12c6] -movzx esi, byte [eax + 0x12c5] -shr edx, 0x14 -cmp byte [eax + 0x12c6], 0 -cmovne ecx, edi -movzx edi, byte [eax + 0x12c8] -imul edi, esi -imul edi, edx -movzx edx, byte [eax + 0x12ca] -imul edi, ecx -movzx edx, word [ebp + edx*2 - 0x54] -cmp edx, edi -mov edx, 1 -cmove edx, dword [ebp - 0x5c] -mov dword [ebp - 0x5c], edx -jmp short loc_fffaf46d ; jmp 0xfffaf46d - -loc_fffaf41a: ; not directly referenced -movzx edx, word [eax + 0x1198] -imul edx, dword [eax + 0x1194] -movzx ecx, byte [eax + 0x119e] -movzx esi, byte [eax + 0x119d] -shr edx, 0x14 -test cl, cl -jne short loc_fffaf442 ; jne 0xfffaf442 -mov ecx, 1 - -loc_fffaf442: ; not directly referenced -movzx edi, byte [eax + 0x11a0] -imul esi, edi -imul esi, edx -movzx edx, byte [eax + 0x11a2] -imul esi, ecx -movzx edx, word [ebp + edx*2 - 0x54] -cmp edx, esi -je loc_fffaf3b6 ; je 0xfffaf3b6 -mov dword [ebp - 0x5c], 1 - -loc_fffaf46d: ; not directly referenced -inc byte [ebp - 0x5d] -add eax, 0x13c3 -cmp byte [ebp - 0x5d], 2 -jne loc_fffaf3ac ; jne 0xfffaf3ac -cmp dword [ebp - 0x5c], 1 -je loc_fffaf5ed ; je 0xfffaf5ed -push edx -push 0 -push 0x2c -lea eax, [ebp - 0x44] -push eax -mov eax, dword [ebp - 0x64] -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -cmp byte [ebx + 0x3748], 1 -mov dword [ebp - 0x58], 1 -je short loc_fffaf4af ; je 0xfffaf4af - -loc_fffaf4ab: ; not directly referenced -xor esi, esi -jmp short loc_fffaf509 ; jmp 0xfffaf509 - -loc_fffaf4af: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaf4db ; jne 0xfffaf4db -mov edx, 0x5004 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5004 -mov ecx, eax -mov dword [ebp - 0x68], eax -and ecx, 0xfcffffff -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf4db: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaf4ab ; jne 0xfffaf4ab -mov edx, 0x5008 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5008 -mov ecx, eax -mov dword [ebp - 0x6c], eax -and ecx, 0xfcffffff -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaf4ab ; jmp 0xfffaf4ab - -loc_fffaf509: ; not directly referenced -movzx eax, byte [ebx + 0x248d] -bt eax, esi -jb short loc_fffaf521 ; jb 0xfffaf521 - -loc_fffaf515: ; not directly referenced -add esi, 2 -cmp esi, 4 -jne short loc_fffaf509 ; jne 0xfffaf509 -xor edi, edi -jmp short loc_fffaf570 ; jmp 0xfffaf570 - -loc_fffaf521: ; not directly referenced -push eax -mov ecx, esi -push eax -mov edi, 1 -lea eax, [ebp - 0x58] -push eax -mov eax, ebx -push 0 -lea edx, [ebp - 0x44] -call fcn_fffaa9ed ; call 0xfffaa9ed -mov ecx, esi -xor edx, edx -shl edi, cl -mov eax, ebx -mov ecx, edi -call fcn_fffaac43 ; call 0xfffaac43 -mov ecx, edi -mov edx, 1 -mov byte [ebp - 0x5c], al -mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 -or eax, dword [ebp - 0x5c] -movzx edx, al -mov eax, ebx -call fcn_fffae670 ; call 0xfffae670 -add esp, 0x10 -mov edi, eax -test eax, eax -je short loc_fffaf515 ; je 0xfffaf515 - -loc_fffaf570: ; not directly referenced -cmp byte [ebx + 0x3748], 1 -jne short loc_fffaf5a9 ; jne 0xfffaf5a9 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaf591 ; jne 0xfffaf591 -mov ecx, dword [ebp - 0x68] -mov edx, 0x5004 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf591: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaf5a9 ; jne 0xfffaf5a9 -mov ecx, dword [ebp - 0x6c] -mov edx, 0x5008 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf5a9: ; not directly referenced -mov edx, 0x3c -mov eax, ebx -call fcn_fffa834b ; call 0xfffa834b -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaf5cf ; jne 0xfffaf5cf -mov ecx, 0x3000 -mov edx, 0x48a8 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf5cf: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaf5e9 ; jne 0xfffaf5e9 -mov ecx, 0x3000 -mov edx, 0x48b0 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf5e9: ; not directly referenced -test edi, edi -je short loc_fffaf5f7 ; je 0xfffaf5f7 - -loc_fffaf5ed: ; not directly referenced -mov dword [ebx + 0x374a], 1 - -loc_fffaf5f7: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffaf601: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x3c -mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x2443] -cmp byte [edi + 0x190d], 0 -mov edx, dword [edi + 0x18a7] -mov esi, dword [edi + 0x2480] -mov dword [ebp - 0x30], eax -je loc_fffafafc ; je 0xfffafafc -cmp esi, 3 -sete al -mov byte [ebp - 0x2c], al -movzx eax, al -mov dword [ebp - 0x38], eax -mov eax, dword [edi + 0x36cb] -test eax, eax -je loc_fffaf79d ; je 0xfffaf79d -dec eax -jne loc_fffafafc ; jne 0xfffafafc -movzx ebx, byte [edi + 0x247f] -test ebx, ebx -sete al -or al, byte [ebp - 0x2c] -je short loc_fffaf6d5 ; je 0xfffaf6d5 -mov ecx, dword [ebp - 0x30] -xor eax, eax -cmp dword [edi + 0x188b], 1 -mov edx, dword [ecx + 0x80] -sete al -mov esi, eax -lea esi, [esi + esi + 0x18] -lea eax, [eax + eax + 0x17] -test edx, edx -je short loc_fffaf6d5 ; je 0xfffaf6d5 -lea ecx, [ebp - 0x20] -push ecx -lea ecx, [ebp - 0x1c] -push ecx -push eax -push 1 -call edx -mov al, byte [ebp - 0x19] -add esp, 0x10 -test al, al -js short loc_fffaf6d5 ; js 0xfffaf6d5 -or eax, 0xffffff80 -mov byte [ebp - 0x19], al -mov al, byte [ebp - 0x1c] -or eax, 1 -cmp dword [edi + 0x2480], 3 -mov byte [ebp - 0x1c], al -jne short loc_fffaf6bf ; jne 0xfffaf6bf -and eax, 0xfffffff1 -or eax, 8 -mov byte [ebp - 0x1c], al - -loc_fffaf6bf: ; not directly referenced -lea eax, [ebp - 0x20] -push eax -mov eax, dword [ebp - 0x30] -push dword [ebp - 0x1c] -push esi -push 1 -call dword [eax + 0x84] ; ucall -add esp, 0x10 - -loc_fffaf6d5: ; not directly referenced -cmp ebx, 1 -mov edx, 0x64 -mov eax, 0x32 -cmove edx, eax -cmp dword [ebp - 0x38], 1 -jne short loc_fffaf70c ; jne 0xfffaf70c -mov edx, 0x5880 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5880 -and al, 0x7f -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x61 - -loc_fffaf70c: ; not directly referenced -mov cl, byte [ebp - 0x2c] -dec ebx -sete al -or cl, al -je loc_fffafafc ; je 0xfffafafc -movzx eax, dx -xor esi, esi -lea ebx, [edi + 0x4a07] -mov dword [ebp - 0x2c], eax - -loc_fffaf729: ; not directly referenced -cmp dword [ebx - 0x12b1], 2 -jne short loc_fffaf782 ; jne 0xfffaf782 -movzx eax, word [ebx - 0x129b] -mov ecx, 0x64 -imul eax, dword [ebp - 0x2c] -cdq -idiv ecx -cmp dword [ebx - 0x13e], 2 -mov word [ebx - 0x129b], ax -jne short loc_fffaf76a ; jne 0xfffaf76a -movzx eax, word [ebx - 0x128] -imul eax, dword [ebp - 0x2c] -cdq -idiv ecx -mov word [ebx - 0x128], ax - -loc_fffaf76a: ; not directly referenced -cmp dword [ebx - 0x16], 2 -jne short loc_fffaf782 ; jne 0xfffaf782 -movzx eax, word [ebx] -mov ecx, 0x64 -imul eax, dword [ebp - 0x2c] -cdq -idiv ecx -mov word [ebx], ax - -loc_fffaf782: ; not directly referenced -mov edx, esi -mov eax, edi -inc esi -add ebx, 0x13c3 -call fcn_fffae6fa ; call 0xfffae6fa -cmp esi, 2 -je loc_fffafafc ; je 0xfffafafc -jmp short loc_fffaf729 ; jmp 0xfffaf729 - -loc_fffaf79d: ; not directly referenced -cmp dword [edi + 0x36e8], 0 -je short loc_fffaf7b3 ; je 0xfffaf7b3 -cmp byte [edi + 0x1916], 0 -jne loc_fffafafc ; jne 0xfffafafc - -loc_fffaf7b3: ; not directly referenced -test byte [edi + 0x36ca], 0xf7 -je loc_fffafafc ; je 0xfffafafc -cmp dword [edi + 0x3756], 2 -mov dword [ebp - 0x40], 0 -mov dword [ebp - 0x44], 0 -mov dword [ebp - 0x34], 0 -je short loc_fffaf7f2 ; je 0xfffaf7f2 -cmp dword [edi + 0x4b19], 2 -mov eax, 1 -jne loc_fffaf892 ; jne 0xfffaf892 -jmp short loc_fffaf7f4 ; jmp 0xfffaf7f4 - -loc_fffaf7f2: ; not directly referenced -xor eax, eax - -loc_fffaf7f4: ; not directly referenced -imul eax, eax, 0x13c3 -lea ecx, [edi + eax + 0x3756] -imul eax, edx, 0x2e -lea eax, [ecx + eax + 4] -movzx ecx, word [eax + 0x1a] -movzx edx, word [eax + 0x10] -movzx eax, word [eax + 0xc] -lea edx, [ecx + edx + 1] -mov cl, 0x7f -mov bl, dl -and ebx, 0x7f -cmp edx, 0x7f -cmovbe ecx, ebx -mov ebx, 0xa -imul eax, eax, 0xf -xor edx, edx -and ecx, 0x7f -div ebx -mov bl, 0x7f -cmp dl, 1 -mov edx, 0x4e44 -sbb eax, 0xffffffff -cmp eax, 0x7f -cmovbe ebx, eax -mov eax, edi -and ebx, 0x7f -shl ecx, 8 -or ecx, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf856: ; not directly referenced -mov eax, dword [ebp - 0x30] -call dword [eax + 0x7c] ; ucall -mov ebx, eax -xor ax, ax -call fcn_fffaeba2 ; call 0xfffaeba2 -mov dl, al -movzx eax, bx -mov dword [ebp - 0x2c], edx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov edx, dword [ebp - 0x2c] -test al, al -sete al -test dl, dl -sete dl -or al, dl -jne short loc_fffaf856 ; jne 0xfffaf856 -mov ecx, ebx -mov edx, 0x2bb8 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf892: ; not directly referenced -cmp esi, 2 -je loc_fffafafc ; je 0xfffafafc -mov ecx, dword [edi + 0x1912] -mov eax, 0x800 -mov dl, 0xb - -loc_fffaf8a8: ; not directly referenced -movzx ebx, dl -cmp ebx, ecx -lea eax, [eax + eax] -jae short loc_fffaf8b5 ; jae 0xfffaf8b5 -inc edx -jmp short loc_fffaf8a8 ; jmp 0xfffaf8a8 - -loc_fffaf8b5: ; not directly referenced -call fcn_fffaec34 ; call 0xfffaec34 -mov byte [ebp - 0x2c], 0x11 -sub byte [ebp - 0x2c], al -movzx eax, byte [ebp - 0x2c] -mov word [ebp - 0x48], ax - -loc_fffaf8c9: ; not directly referenced -mov eax, dword [ebp - 0x30] -xor ebx, ebx -mov esi, 1 -call dword [eax + 0x7c] ; ucall -xor edx, edx -mov dword [ebp - 0x3c], eax - -loc_fffaf8db: ; not directly referenced -mov cl, dl -cmp bx, word [ebp - 0x48] -je short loc_fffaf8fb ; je 0xfffaf8fb -mov eax, esi -shl eax, cl -mov ecx, dword [ebp - 0x3c] -and ecx, eax -cmp ecx, 1 -sbb bx, 0xffff -inc edx -cmp edx, 0x10 -jne short loc_fffaf8db ; jne 0xfffaf8db -mov cl, 0x10 - -loc_fffaf8fb: ; not directly referenced -mov ebx, 1 -shl ebx, cl -dec ebx -and ebx, dword [ebp - 0x3c] -movzx eax, bx -call fcn_fffaeba2 ; call 0xfffaeba2 -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf8c9 ; jne 0xfffaf8c9 -mov edx, ebx -xor esi, esi -mov word [ebp - 0x40], bx -not edx - -loc_fffaf91d: ; not directly referenced -mov ecx, esi -mov eax, 0xfffffffe -rol eax, cl -and eax, edx -movzx ecx, ax -mov edx, eax -mov word [ebp - 0x30], ax -mov eax, ecx -mov dword [ebp - 0x48], edx -mov dword [ebp - 0x3c], ecx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov ecx, dword [ebp - 0x3c] -mov edx, dword [ebp - 0x48] -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf971 ; jne 0xfffaf971 - -loc_fffaf949: ; not directly referenced -shl ecx, 0x10 -mov eax, edi -mov edx, ecx -movzx ecx, word [ebp - 0x40] -xor esi, esi -or ebx, dword [ebp - 0x30] -or ecx, edx -mov edx, 0x4e38 -mov word [ebp - 0x3c], bx -not ebx -call fcn_fffae58c ; call 0xfffae58c -mov word [ebp - 0x30], bx -jmp short loc_fffaf97f ; jmp 0xfffaf97f - -loc_fffaf971: ; not directly referenced -inc esi -cmp esi, 0x10 -jne short loc_fffaf91d ; jne 0xfffaf91d -jmp short loc_fffaf949 ; jmp 0xfffaf949 - -loc_fffaf979: ; not directly referenced -inc esi -cmp esi, 0x10 -je short loc_fffaf99e ; je 0xfffaf99e - -loc_fffaf97f: ; not directly referenced -mov ebx, dword [ebp - 0x30] -mov edx, 0xfffffffe -mov ecx, esi -rol edx, cl -and ebx, edx -movzx eax, bx -mov word [ebp - 0x30], ax -call fcn_fffaeba2 ; call 0xfffaeba2 -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf979 ; jne 0xfffaf979 - -loc_fffaf99e: ; not directly referenced -mov word [ebp - 0x44], bx -xor esi, esi -or ebx, dword [ebp - 0x3c] -not ebx -jmp short loc_fffaf9bc ; jmp 0xfffaf9bc - -loc_fffaf9ab: ; not directly referenced -mov ecx, esi -mov eax, 0xfffffffe -rol eax, cl -inc esi -and ebx, eax -cmp esi, 0x10 -je short loc_fffaf9c9 ; je 0xfffaf9c9 - -loc_fffaf9bc: ; not directly referenced -movzx eax, bx -call fcn_fffaeba2 ; call 0xfffaeba2 -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf9ab ; jne 0xfffaf9ab - -loc_fffaf9c9: ; not directly referenced -movzx ecx, word [ebp - 0x44] -shl ebx, 0x10 -mov edx, 0x4e3c -mov eax, edi -or ecx, ebx -call fcn_fffae58c ; call 0xfffae58c -mov dword [ebp - 0x2c], 0 - -loc_fffaf9e5: ; not directly referenced -imul esi, dword [ebp - 0x2c], 0x13c3 -cmp dword [edi + esi + 0x3756], 2 -jne loc_fffafaef ; jne 0xfffafaef -xor ebx, ebx -test byte [edi + esi + 0x381a], 1 -je short loc_fffafa5b ; je 0xfffafa5b -cmp dword [ebp - 0x38], 0 -jne short loc_fffafa2d ; jne 0xfffafa2d -imul eax, dword [ebp - 0x2c], 0x54a -mov ax, word [edi + eax + 0x1a4f] -cmp ax, 0xce00 -sete bl -cmp ax, 0xfe02 -sete al -or ebx, eax -jmp short loc_fffafa5b ; jmp 0xfffafa5b - -loc_fffafa2d: ; not directly referenced -push edx -xor ecx, ecx -push edx -mov edx, dword [ebp - 0x2c] -lea eax, [ebp - 0x1c] -push eax -mov eax, edi -push 5 -call fcn_fffa686d ; call 0xfffa686d -lea eax, [ebp - 0x1c] -add esp, 0x10 -mov cl, 1 - -loc_fffafa49: ; not directly referenced -mov dl, byte [eax] -and edx, 0xfffffffd -dec dl -cmove ebx, ecx -inc eax -lea edx, [ebp - 0x18] -cmp eax, edx -jne short loc_fffafa49 ; jne 0xfffafa49 - -loc_fffafa5b: ; not directly referenced -test byte [edi + esi + 0x381a], 4 -je short loc_fffafac5 ; je 0xfffafac5 -cmp dword [ebp - 0x38], 0 -je short loc_fffafaa1 ; je 0xfffafaa1 -mov edx, dword [ebp - 0x2c] -mov ecx, 2 -push eax -push eax -lea eax, [ebp - 0x1c] -push eax -mov eax, edi -push 5 -call fcn_fffa686d ; call 0xfffa686d -lea eax, [ebp - 0x1c] -add esp, 0x10 -lea ecx, [ebp - 0x18] - -loc_fffafa8b: ; not directly referenced -mov dl, byte [eax] -mov esi, ebx -or esi, 2 -and edx, 0xfffffffd -dec dl -cmove ebx, esi -inc eax -cmp eax, ecx -jne short loc_fffafa8b ; jne 0xfffafa8b -jmp short loc_fffafac5 ; jmp 0xfffafac5 - -loc_fffafaa1: ; not directly referenced -imul eax, dword [ebp - 0x2c], 0x54a -mov ax, word [edi + eax + 0x1cc6] -cmp ax, 0xfe02 -sete dl -cmp ax, 0xce00 -sete al -or dl, al -je short loc_fffafac5 ; je 0xfffafac5 -or ebx, 2 - -loc_fffafac5: ; not directly referenced -and dword [ebp - 0x34], 0xffffff9f -and ebx, 3 -shl ebx, 5 -mov edx, dword [ebp - 0x2c] -mov eax, edi -or dword [ebp - 0x34], ebx -or dword [ebp - 0x34], 0x80000000 -mov ecx, dword [ebp - 0x34] -shl edx, 0xa -add edx, 0x4240 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffafaef: ; not directly referenced -inc dword [ebp - 0x2c] -cmp dword [ebp - 0x2c], 2 -jne loc_fffaf9e5 ; jne 0xfffaf9e5 - -loc_fffafafc: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffafb06: ; not directly referenced -push ebp -mov ebp, esp -push edi -movzx edi, dl -push esi -push ebx -sub esp, 0x4c -mov esi, dword [ebp + 0x14] -mov byte [ebp - 0x27], cl -mov cl, byte [ebp + 8] -mov ebx, dword [ebp + 0xc] -mov byte [ebp - 0x26], dl -mov edx, 0x4c31 -mov dword [ebp - 0x38], esi -imul esi, edi, 0x13c3 -mov byte [ebp - 0x48], cl -xor ecx, ecx -mov dword [ebp - 0x20], edi -mov byte [ebp - 0x34], bl -lea edi, [eax + esi + 0x3756] -mov dword [ebp - 0x1c], eax -call fcn_fffae566 ; call 0xfffae566 -cmp byte [edi + 0x1241], 1 -sete al -mov dl, al -mov cl, al -mov eax, dword [ebp - 0x20] -or edx, 2 -cmp byte [edi + 0x1369], 1 -cmove ecx, edx -shl eax, 0xa -mov edi, ecx -lea edx, [eax + 0x41bc] -xor ecx, ecx -mov dword [ebp - 0x2c], eax -mov eax, dword [ebp - 0x1c] -call fcn_fffae566 ; call 0xfffae566 -mov eax, ebx -and eax, 1 -lea edx, [eax + eax] -mov al, bl -and eax, 2 -and ebx, 4 -shr al, 1 -or eax, ebx -or eax, edx -mov ebx, eax -movzx eax, byte [ebp - 0x34] -add esi, dword [ebp - 0x1c] -shl ebx, 0x18 -mov dword [ebp - 0x30], ebx -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x25], 0 -mov dword [ebp - 0x4c], esi -mov dword [ebp - 0x34], eax - -loc_fffafbb5: ; not directly referenced -mov cl, byte [ebp - 0x24] -mov ebx, 1 -mov esi, dword [ebp - 0x4c] -shl ebx, cl -mov al, bl -and al, byte [esi + 0x381a] -test byte [ebp - 0x27], al -je loc_fffafc5d ; je 0xfffafc5d -mov ecx, dword [ebp - 0x34] -xor edx, edx -mov esi, dword [ebp + 0x10] -and ecx, 0xf -shl ecx, 0x18 -mov eax, ecx -mov cl, byte [ebp - 0x24] -shr cl, 1 -movzx ecx, cl -mov si, word [esi + ecx*2] -mov ax, si -test byte [ebp - 0x24], 1 -je short loc_fffafc1e ; je 0xfffafc1e -inc ecx -test ecx, edi -je short loc_fffafc1e ; je 0xfffafc1e -mov edx, esi -and ax, 0x150 -and dx, 0xfe07 -and esi, 0xa8 -shr ax, 1 -add esi, esi -or eax, edx -or eax, esi -movzx eax, ax -add eax, dword [ebp - 0x30] -cdq - -loc_fffafc1e: ; not directly referenced -mov esi, dword [ebp - 0x48] -mov ecx, edx -not ebx -or ecx, 0xf000000 -and ebx, 0xf -and ch, 0xf0 -and esi, 0xf -shl esi, 8 -or ecx, esi -and ecx, 0xfffffff0 -or ecx, ebx -mov ebx, dword [ebp - 0x2c] -mov edx, ecx -push ecx -push ecx -push edx -push eax -mov eax, dword [ebp - 0x1c] -lea ecx, [ebx + 0x41c0] -mov edx, ecx -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 -inc byte [ebp - 0x25] - -loc_fffafc5d: ; not directly referenced -inc dword [ebp - 0x24] -cmp dword [ebp - 0x24], 4 -jne loc_fffafbb5 ; jne 0xfffafbb5 -cmp byte [ebp - 0x25], 0 -jne short loc_fffafc7a ; jne 0xfffafc7a - -loc_fffafc70: ; not directly referenced -mov eax, 1 -jmp near loc_fffafd4a ; jmp 0xfffafd4a - -loc_fffafc7a: ; not directly referenced -mov edi, dword [ebp - 0x38] -mov cl, 3 -mov edx, dword [ebp - 0x2c] -mov ebx, edi -mov eax, edi -mov edi, dword [ebp - 0x1c] -add edx, 0x419c -and eax, 7 -test bl, bl -cmovne ecx, eax -mov al, byte [ebp - 0x25] -and ecx, 7 -dec eax -and eax, 7 -shl eax, 0x10 -or ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x20] -lea ebx, [eax*8 + 0x48a8] -mov eax, edi -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -mov dword [ebp - 0x1c], edi -mov ecx, eax -mov esi, eax -and ch, 0xc7 -mov eax, edi -or ch, 0x20 -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x20] -mov ecx, 5 -mov eax, dword [ebp - 0x1c] -lea edi, [edx*4 + 0x48b8] -mov edx, edi -call fcn_fffae566 ; call 0xfffae566 - -loc_fffafcef: ; not directly referenced -mov eax, dword [ebp - 0x1c] -mov edx, 0x4804 -call fcn_fffae52a ; call 0xfffae52a -cmp byte [ebp - 0x26], 0 -jne short loc_fffafd15 ; jne 0xfffafd15 -test al, 1 -jne loc_fffafc70 ; jne 0xfffafc70 -shr eax, 0x10 -and eax, 1 -xor eax, 1 -jmp short loc_fffafd28 ; jmp 0xfffafd28 - -loc_fffafd15: ; not directly referenced -test al, 2 -jne loc_fffafc70 ; jne 0xfffafc70 -shr eax, 0x10 -shr al, 1 -xor eax, 1 -and eax, 1 - -loc_fffafd28: ; not directly referenced -test al, al -jne short loc_fffafcef ; jne 0xfffafcef -mov edx, edi -mov edi, dword [ebp - 0x1c] -mov ecx, 4 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -mov eax, edi -mov ecx, esi -mov edx, ebx -call fcn_fffae58c ; call 0xfffae58c -xor eax, eax - -loc_fffafd4a: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffafd52: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2c -mov esi, dword [ebp + 8] -mov ebx, dword [ebp + 0xc] -cmp cl, 3 -ja short loc_fffafd72 ; ja 0xfffafd72 -mov word [ebp - 0x1c], bx -mov word [ebp - 0x1a], 0 -jmp short loc_fffafd7c ; jmp 0xfffafd7c - -loc_fffafd72: ; not directly referenced -mov word [ebp - 0x1c], 0 -mov word [ebp - 0x1a], bx - -loc_fffafd7c: ; not directly referenced -cmp dword [eax + 0x2480], 2 -movzx edi, dl -mov edx, esi -movzx ecx, cl -push 0 -movzx esi, dl -sete bl -mov dword [ebp - 0x2c], edi -lea edi, [ebp - 0x1c] -mov edx, dword [ebp - 0x2c] -push edi -shl ebx, 3 -push esi -movzx ebx, bl -push ebx -call fcn_fffafb06 ; call 0xfffafb06 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffafdb2: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0xe0 -mov esi, dword [ebp + 8] -mov edi, dword [ebp + 0x14] -mov byte [ebp - 0x9f], cl -mov ebx, dword [ebp + 0x10] -mov dword [ebp - 0x80], eax -mov eax, dword [ebp + 0xc] -mov ecx, esi -mov dword [ebp - 0xd8], esi -mov esi, ref_fffd3e80 ; mov esi, 0xfffd3e80 -mov dword [ebp - 0xac], edi -mov dword [ebp - 0xb8], edx -mov byte [ebp - 0xdc], dl -mov edx, edi -mov byte [ebp - 0xc8], cl -lea edi, [ebp - 0x50] -mov ecx, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x38] -mov esi, ref_fffd3e8c ; mov esi, 0xfffd3e8c -mov dword [ebp - 0x88], eax -mov byte [ebp - 0xa0], al -mov byte [ebp - 0x9d], dl -mov word [ebp - 0x7c], bx -mov word [ebp - 0x60], 0 -mov word [ebp - 0x5e], 2 -mov cl, 4 -mov word [ebp - 0x5c], 1 -mov word [ebp - 0x5a], 3 -mov word [ebp - 0x64], 0 -mov word [ebp - 0x62], 2 -mov byte [ebp - 0x6a], 1 -mov byte [ebp - 0x69], 2 -mov byte [ebp - 0x68], 3 -mov byte [ebp - 0x67], 0 -mov byte [ebp - 0x66], 2 -mov byte [ebp - 0x65], 3 -movzx edx, byte [ebp - 0xb8] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [ebp - 0x80] -imul eax, edx, 0x13c3 -mov dword [ebp - 0x84], edx -mov esi, dword [edi + 0x5edc] -lea eax, [edi + eax + 0x3756] -mov dword [ebp - 0xa8], eax -imul eax, edx, 0xcc -mov ecx, esi -mov dword [ebp - 0xa4], esi -mov esi, dword [edi + 0x2443] -lea edx, [ecx + eax + 0x1c] -mov dword [ebp - 0x9c], edx -mov edx, dword [edi + 0x188b] -lea eax, [ebp - 0x50] -push 0xc -push eax -lea eax, [ebp - 0x44] -push eax -mov dword [ebp - 0x98], edx -call dword [esi + 0x58] ; ucall -add esp, 0xc -push 8 -lea eax, [ebp - 0x60] -push eax -lea eax, [ebp - 0x58] -push eax -call dword [esi + 0x58] ; ucall -mov eax, dword [edi + 0x2480] -add esp, 0xc -xor edx, edx -push 0x10 -cmp eax, 3 -sete dl -mov dword [ebp - 0xb4], edx -xor edx, edx -cmp eax, 2 -lea eax, [ebp - 0x38] -sete dl -push eax -lea eax, [ebp - 0x28] -mov dword [ebp - 0xb0], edx -push eax -call dword [esi + 0x58] ; ucall -mov ecx, dword [ebp - 0x88] -add esp, 0x10 -cmp cl, 3 -sete al -cmp cl, 1 -setbe dl -or dl, al -jne short loc_fffaff33 ; jne 0xfffaff33 -mov edx, ecx -cmp cl, 0x11 -sete cl -cmp dl, 2 -sete dl -or cl, dl -je loc_fffaffe5 ; je 0xfffaffe5 - -loc_fffaff33: ; not directly referenced -mov ecx, dword [ebp - 0x88] -cmp cl, 1 -sbb esi, esi -and esi, 0x10 -add esi, 0xf -cmp cl, 1 -sbb edx, edx -and edx, 0xfffffff0 -sub edx, 0x10 -cmp bx, si -jg short loc_fffaff5c ; jg 0xfffaff5c -cmp dx, bx -mov esi, ebx -cmovge esi, edx - -loc_fffaff5c: ; not directly referenced -mov ebx, dword [ebp - 0x9c] -movzx ecx, byte [ebp - 0xd8] -cmp byte [ebp - 0x88], 0 -lea edi, [ebx + ecx*4] -mov ebx, dword [edi + 0x78] -jne loc_fffb0a8d ; jne 0xfffb0a8d -mov eax, esi -and ebx, 0xfffff000 -and eax, 0x3f -mov edx, eax -or ebx, eax -shl edx, 6 -or ebx, edx - -loc_fffaff90: ; not directly referenced -cmp byte [ebp - 0xb8], 1 -mov edx, 0x365c -jbe loc_fffb0ae0 ; jbe 0xfffb0ae0 - -loc_fffaffa2: ; not directly referenced -mov ecx, dword [ebp - 0x80] -lea eax, [edx + 0xc] -cmp dword [ecx + 0x188b], 1 -mov ecx, ebx -cmove edx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0xac], 0 -je short loc_fffaffc8 ; je 0xfffaffc8 -mov dword [edi + 0x78], ebx - -loc_fffaffc8: ; not directly referenced -mov eax, dword [ebp - 0xa4] -mov edx, 0x2008 -mov ecx, dword [eax + 0x18] -mov eax, dword [ebp - 0x80] -or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c -mov word [ebp - 0x7c], si - -loc_fffaffe5: ; not directly referenced -mov eax, dword [ebp - 0x88] -cmp al, 0x11 -sete cl -sub eax, 4 -cmp al, 1 -setbe al -or al, cl -mov byte [ebp - 0x9e], cl -je loc_fffb0219 ; je 0xfffb0219 -mov eax, dword [ebp - 0xa8] -xor edi, edi -lea esi, [eax + 0x24d] -imul eax, dword [ebp - 0x84], 0x13c3 -add eax, dword [ebp - 0x80] -mov dword [ebp - 0xe4], eax -movzx eax, byte [ebp - 0x9f] -mov dword [ebp - 0xe8], eax - -loc_fffb0034: ; not directly referenced -mov ebx, dword [ebp - 0xe4] -mov eax, 1 -mov ecx, edi -shl eax, cl -test byte [ebx + 0x381a], al -je loc_fffb020c ; je 0xfffb020c -mov eax, dword [ebp - 0xe8] -bt eax, edi -jae loc_fffb020c ; jae 0xfffb020c -cmp byte [ebp - 0xa0], 4 -jne loc_fffb0103 ; jne 0xfffb0103 -cmp dword [ebp - 0x98], 0 -jne short loc_fffb0085 ; jne 0xfffb0085 -mov ebx, dword [ebp - 0x7c] -mov eax, 0xb -cmp bx, 0xb -cmovle eax, ebx -jmp short loc_fffb00a8 ; jmp 0xfffb00a8 - -loc_fffb0085: ; not directly referenced -cmp dword [ebp - 0x98], 1 -jne short loc_fffb00ac ; jne 0xfffb00ac -mov ecx, dword [ebp - 0x7c] -mov eax, 0xf -cmp cx, 0xf -cmovle eax, ecx -mov ecx, eax -or eax, 0x10 -test byte [esi], 0x10 -cmove eax, ecx - -loc_fffb00a8: ; not directly referenced -mov word [ebp - 0x7c], ax - -loc_fffb00ac: ; not directly referenced -mov ebx, dword [ebp - 0x7c] -mov eax, 0 -mov ecx, edi -push edx -mov edx, dword [ebp - 0x84] -test bx, bx -cmovns eax, ebx -movzx ebx, byte [ebp - 0xc8] -mov word [ebp - 0x7c], ax -or eax, 0x30 -mov word [ebp - 0xe0], ax -cwde -push eax -mov eax, dword [ebp - 0x80] -push 2 -push ebx -call fcn_fffa73b0 ; call 0xfffa73b0 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je loc_fffb020c ; je 0xfffb020c -mov al, byte [ebp - 0xe0] -mov byte [esi + ebx], al -jmp near loc_fffb020c ; jmp 0xfffb020c - -loc_fffb0103: ; not directly referenced -cmp byte [ebp - 0xa0], 5 -jne loc_fffb01c5 ; jne 0xfffb01c5 -cmp dword [ebp - 0x98], 0 -jne short loc_fffb0150 ; jne 0xfffb0150 -cmp word [ebp - 0x7c], 0x13 -jg short loc_fffb0134 ; jg 0xfffb0134 -mov ecx, dword [ebp - 0x7c] -mov eax, 0 -test cx, cx -cmovns eax, ecx -mov word [ebp - 0x7c], ax -jmp short loc_fffb013a ; jmp 0xfffb013a - -loc_fffb0134: ; not directly referenced -mov word [ebp - 0x7c], 0x13 - -loc_fffb013a: ; not directly referenced -mov eax, dword [ebp - 0x7c] -mov ecx, 5 -mov edx, eax -sar dx, 0xf -idiv cx -lea ebx, [edx + eax*8] -jmp short loc_fffb0185 ; jmp 0xfffb0185 - -loc_fffb0150: ; not directly referenced -xor ebx, ebx -cmp dword [ebp - 0x98], 1 -jne short loc_fffb0185 ; jne 0xfffb0185 -mov eax, dword [ebp - 0x7c] -test ax, ax -jle short loc_fffb0185 ; jle 0xfffb0185 -movsx ebx, ax -mov eax, 0x10 -cmp bx, 0x10 -cmovle eax, ebx -mov word [ebp - 0x7c], ax -dec eax -mov ebx, eax -and eax, 3 -sar ebx, 2 -add eax, eax -lea ebx, [eax + ebx*8 + 1] - -loc_fffb0185: ; not directly referenced -push eax -movzx eax, bl -mov edx, dword [ebp - 0x84] -push eax -movzx eax, byte [ebp - 0xc8] -mov ecx, edi -push 2 -push eax -mov dword [ebp - 0xe0], eax -mov eax, dword [ebp - 0x80] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb020c ; je 0xfffb020c -mov eax, dword [ebp - 0xe0] -mov byte [esi + eax + 0xdd9], bl -jmp short loc_fffb020c ; jmp 0xfffb020c - -loc_fffb01c5: ; not directly referenced -cmp byte [ebp - 0x9e], 0 -je short loc_fffb020c ; je 0xfffb020c -movzx ebx, byte [ebp - 0xc8] -mov ecx, edi -push eax -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -push 0 -push 0xff -push ebx -call fcn_fffa73b0 ; call 0xfffa73b0 -add esp, 0xc -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -mov ecx, edi -push 0 -push 0xff -push ebx -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 - -loc_fffb020c: ; not directly referenced -inc edi -add esi, 9 -cmp edi, 4 -jne loc_fffb0034 ; jne 0xfffb0034 - -loc_fffb0219: ; not directly referenced -cmp byte [ebp - 0x88], 6 -mov cl, byte [ebp - 0x9e] -sete al -or cl, al -je loc_fffb0378 ; je 0xfffb0378 -cmp dword [ebp - 0x98], 1 -jne short loc_fffb0247 ; jne 0xfffb0247 -cmp word [ebp - 0x7c], 0x3f -jg loc_fffb0b12 ; jg 0xfffb0b12 -jmp short loc_fffb0252 ; jmp 0xfffb0252 - -loc_fffb0247: ; not directly referenced -cmp word [ebp - 0x7c], 7 -jg loc_fffb0b1d ; jg 0xfffb0b1d - -loc_fffb0252: ; not directly referenced -mov edi, dword [ebp - 0x7c] -mov edx, 0 -test di, di -cmovns edx, edi -mov word [ebp - 0x7c], dx - -loc_fffb0264: ; not directly referenced -movzx edi, byte [ebp - 0xd8] -mov ecx, dword [ebp - 0x9c] -mov dword [ebp - 0xc8], edi -lea edi, [ecx + edi*4] -mov ebx, dword [edi + 4] -mov esi, dword [edi + 0x28] -test al, al -je short loc_fffb02c1 ; je 0xfffb02c1 -cmp dword [ebp - 0x98], 1 -jne short loc_fffb02b3 ; jne 0xfffb02b3 -mov ecx, dword [ebp - 0x7c] -and bh, 0xe3 -and esi, 0xe3ffffff -mov eax, ecx -sar ax, 3 -and eax, 7 -shl eax, 0xa -or ebx, eax -mov eax, ecx -and eax, 7 -shl eax, 0x1a -or esi, eax -jmp short loc_fffb02c1 ; jmp 0xfffb02c1 - -loc_fffb02b3: ; not directly referenced -mov eax, dword [ebp - 0x7c] -and bh, 0xe3 -and eax, 7 -shl eax, 0xa -or ebx, eax - -loc_fffb02c1: ; not directly referenced -mov ecx, dword [ebp - 0xc8] -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -call fcn_fffa724b ; call 0xfffa724b -mov ecx, ebx -mov edx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x98], 1 -jne short loc_fffb030a ; jne 0xfffb030a -mov ecx, dword [ebp - 0xc8] -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, esi -mov edx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb030a: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb0378 ; je 0xfffb0378 -cmp dword [ebp - 0x98], 1 -mov dword [edi + 4], ebx -jne short loc_fffb0378 ; jne 0xfffb0378 -mov ebx, dword [ebp - 0x80] -mov edx, 0x3a28 -mov dword [edi + 0x28], esi -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -movzx ecx, byte [ebx + 0x2488] -xor edx, edx -mov esi, eax -xor eax, eax - -loc_fffb033e: ; not directly referenced -cmp cl, dl -jbe short loc_fffb0357 ; jbe 0xfffb0357 -mov edi, dword [ebp - 0x9c] -mov bl, byte [edi + edx*4 + 0x2b] -inc edx -shr bl, 2 -and ebx, 7 -add eax, ebx -jmp short loc_fffb033e ; jmp 0xfffb033e - -loc_fffb0357: ; not directly referenced -xor edx, edx -and esi, 0xfff1ffff -div ecx -mov ecx, esi -mov edx, 0x3a28 -and eax, 7 -shl eax, 0x11 -or ecx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb0378: ; not directly referenced -cmp byte [ebp - 0x88], 9 -je short loc_fffb0397 ; je 0xfffb0397 - -loc_fffb0381: ; not directly referenced -mov al, byte [ebp - 0x88] -sub eax, 7 -cmp al, 1 -ja loc_fffb060b ; ja 0xfffb060b -jmp near loc_fffb062a ; jmp 0xfffb062a - -loc_fffb0397: ; not directly referenced -cmp dword [ebp - 0xb4], 0 -je loc_fffb0463 ; je 0xfffb0463 -mov edi, dword [ebp - 0x7c] -mov al, 2 -mov ecx, edi -mov ebx, edi -cmp cl, 2 -cmovbe eax, ebx -xor ebx, ebx -imul edx, dword [ebp - 0x84], 0x13c3 -movzx eax, al -add edx, dword [ebp - 0x80] -mov dword [ebp - 0xc8], eax -mov dword [ebp - 0x98], edx - -loc_fffb03d1: ; not directly referenced -mov esi, dword [ebp - 0x98] -mov eax, 1 -mov cl, bl -mov dl, bl -shl eax, cl -test byte [esi + 0x381a], al -je short loc_fffb0454 ; je 0xfffb0454 -test byte [ebp - 0x9f], al -je short loc_fffb0454 ; je 0xfffb0454 -mov eax, edx -mov edi, dword [ebp - 0xa8] -shr dl, 1 -and eax, 1 -movzx edx, dl -imul edx, edx, 0x128 -imul eax, eax, 0x18 -lea eax, [eax + edx + 0x1260] -movzx edx, byte [ebp - 0xdc] -lea edi, [edi + eax + 0xb] -mov eax, dword [ebp - 0xc8] -movzx esi, byte [ebp + eax - 0x6a] -mov ax, word [edi + 6] -push ecx -mov ecx, ebx -push 0 -and eax, 0xfffffff0 -or esi, eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 3 -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb0454 ; je 0xfffb0454 -mov word [edi + 6], si - -loc_fffb0454: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffb03d1 ; jne 0xfffb03d1 -jmp near loc_fffb0381 ; jmp 0xfffb0381 - -loc_fffb0463: ; not directly referenced -cmp dword [ebp - 0xb0], 1 -mov dword [ebp - 0x98], 0 -sbb ebx, ebx -xor eax, eax -and ebx, 0xffffffe4 -sub ebx, 7 -cmp byte [ebp - 0x7c], 0 -setne al -mov ax, word [ebp + eax*2 - 0x64] -mov word [ebp - 0xc8], ax -imul eax, dword [ebp - 0x84], 0x13c3 -add eax, dword [ebp - 0x80] -mov dword [ebp - 0xd8], eax - -loc_fffb04a4: ; not directly referenced -mov edi, dword [ebp - 0x98] -mov eax, 1 -mov ecx, edi -mov edx, edi -shl eax, cl -mov ecx, dword [ebp - 0xd8] -test byte [ecx + 0x381a], al -je short loc_fffb0523 ; je 0xfffb0523 -test byte [ebp - 0x9f], al -je short loc_fffb0523 ; je 0xfffb0523 -mov ecx, edx -mov esi, dword [ebp - 0xa8] -shr dl, 1 -and ecx, 1 -movzx edx, dl -imul ecx, ecx, 0x18 -imul edx, edx, 0x128 -lea edx, [ecx + edx + 0x1260] -mov ecx, eax -mov eax, dword [ebp - 0x80] -lea edi, [esi + edx + 0xb] -mov esi, ebx -and si, word [edi + 2] -or esi, dword [ebp - 0xc8] -push edx -push edx -movzx edx, si -push edx -mov edx, dword [ebp - 0x84] -push 1 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb0523 ; je 0xfffb0523 -mov word [edi + 2], si - -loc_fffb0523: ; not directly referenced -inc dword [ebp - 0x98] -cmp dword [ebp - 0x98], 4 -jne loc_fffb04a4 ; jne 0xfffb04a4 -jmp near loc_fffb0381 ; jmp 0xfffb0381 - -loc_fffb053b: ; not directly referenced -mov esi, dword [ebp - 0xb0] -mov dword [ebp - 0xb4], 0 -cmp esi, 1 -sbb eax, eax -mov dword [ebp - 0xd8], eax -add eax, 3 -and word [ebp - 0xd8], 0x4bc -sub word [ebp - 0xd8], 0x701 -cmp esi, 1 -mov esi, dword [ebp - 0x7c] -sbb ebx, ebx -mov dword [ebp - 0xc8], ebx -mov dword [ebp - 0x98], ebx -and byte [ebp - 0xc8], 0xfe -and byte [ebp - 0x98], 0xfa -mov edx, esi -sar dx, 4 -mov ecx, esi -add byte [ebp - 0xc8], 7 -add byte [ebp - 0x98], 8 -cmp byte [ebp - 0x88], 7 -cmovne edx, ecx -cmp al, dl -cmova eax, edx -movzx eax, al -mov dword [ebp - 0xdc], eax -imul eax, dword [ebp - 0x84], 0x13c3 -add eax, dword [ebp - 0x80] -mov dword [ebp - 0xe0], eax -mov eax, esi -and eax, 0xf -mov byte [ebp - 0xe4], al - -loc_fffb05d9: ; not directly referenced -mov edi, dword [ebp - 0xb4] -mov ebx, 1 -mov esi, dword [ebp - 0xe0] -mov ecx, edi -mov eax, edi -shl ebx, cl -test byte [esi + 0x381a], bl -jne loc_fffb06ea ; jne 0xfffb06ea - -loc_fffb05fc: ; not directly referenced -inc dword [ebp - 0xb4] -cmp dword [ebp - 0xb4], 4 -jne short loc_fffb05d9 ; jne 0xfffb05d9 - -loc_fffb060b: ; not directly referenced -mov al, byte [ebp - 0x88] -sub eax, 0xa -cmp al, 1 -setbe al -or al, byte [ebp - 0x9e] -jne loc_fffb07d8 ; jne 0xfffb07d8 -jmp near loc_fffb08df ; jmp 0xfffb08df - -loc_fffb062a: ; not directly referenced -cmp dword [ebp - 0xb4], 0 -je loc_fffb053b ; je 0xfffb053b -mov ebx, dword [ebp - 0x7c] -mov al, 2 -cmp bl, 2 -cmovbe eax, ebx -xor ebx, ebx -imul esi, dword [ebp - 0x84], 0x13c3 -movzx eax, al -add esi, dword [ebp - 0x80] -mov dword [ebp - 0x84], eax -mov dword [ebp - 0x7c], esi - -loc_fffb065d: ; not directly referenced -mov edi, dword [ebp - 0x7c] -mov eax, 1 -mov cl, bl -mov dl, bl -shl eax, cl -test byte [edi + 0x381a], al -je short loc_fffb06db ; je 0xfffb06db -test byte [ebp - 0x9f], al -je short loc_fffb06db ; je 0xfffb06db -mov al, bl -and edx, 1 -mov ecx, dword [ebp - 0xa8] -shr al, 1 -mov esi, dword [ebp - 0x84] -movzx eax, al -imul edx, edx, 0x18 -imul eax, eax, 0x128 -movzx esi, byte [ebp + esi - 0x67] -add eax, edx -movzx edx, byte [ebp - 0xdc] -lea edi, [ecx + eax + 0x1260] -mov ax, word [edi + 0x19] -push ecx -mov ecx, ebx -push 0 -and eax, 0xfffffffc -or esi, eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 0xb -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb06db ; je 0xfffb06db -mov word [edi + 0x19], si - -loc_fffb06db: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffb065d ; jne 0xfffb065d -jmp near loc_fffb0b28 ; jmp 0xfffb0b28 - -loc_fffb06ea: ; not directly referenced -test byte [ebp - 0x9f], bl -je loc_fffb05fc ; je 0xfffb05fc -mov edx, eax -mov edi, dword [ebp - 0xa8] -mov ecx, ebx -shr al, 1 -and edx, 1 -movzx eax, al -imul edx, edx, 0x18 -imul eax, eax, 0x128 -lea eax, [edx + eax + 0x1260] -lea edi, [edi + eax + 0xb] -mov eax, dword [ebp - 0xdc] -mov si, word [ebp + eax*2 - 0x58] -mov ax, word [edi + 4] -push edx -push edx -mov edx, dword [ebp - 0x84] -shl esi, 9 -and ah, 0xf9 -or esi, eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 2 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb0759 ; je 0xfffb0759 -mov word [edi + 4], si - -loc_fffb0759: ; not directly referenced -cmp byte [ebp - 0xa0], 8 -je loc_fffb05fc ; je 0xfffb05fc -mov esi, dword [ebp - 0xc8] -mov al, byte [ebp - 0xe4] -mov ecx, esi -cmp cl, al -cmova esi, eax -cmp dword [ebp - 0xb0], 0 -mov eax, esi -movzx eax, al -je short loc_fffb078e ; je 0xfffb078e -movzx eax, word [ebp + eax*2 - 0x28] -jmp short loc_fffb0793 ; jmp 0xfffb0793 - -loc_fffb078e: ; not directly referenced -movzx eax, word [ebp + eax*2 - 0x44] - -loc_fffb0793: ; not directly referenced -mov cl, byte [ebp - 0x98] -mov esi, dword [ebp - 0xd8] -and si, word [edi + 2] -mov edx, dword [ebp - 0x84] -shl eax, cl -mov ecx, ebx -or esi, eax -push eax -push eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 1 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je loc_fffb05fc ; je 0xfffb05fc -mov word [edi + 2], si -jmp near loc_fffb05fc ; jmp 0xfffb05fc - -loc_fffb07d8: ; not directly referenced -mov ecx, dword [ebp - 0x88] -cmp cl, 0xb -sete al -movzx edi, al -setne al -movzx eax, al -lea edi, [edi*8 + 7] -lea eax, [eax*8 - 0x10] -cmp word [ebp - 0x7c], di -jg short loc_fffb080a ; jg 0xfffb080a -mov edi, dword [ebp - 0x7c] -cmp ax, di -cmovge edi, eax - -loc_fffb080a: ; not directly referenced -mov eax, dword [ebp - 0x9c] -cmp byte [ebp - 0x88], 0xa -mov ebx, dword [eax + 0x4c] -mov esi, dword [eax + 0x50] -jne short loc_fffb0840 ; jne 0xfffb0840 -mov eax, edi -and ebx, 0xfffe01ff -and eax, 0xf -and esi, 0xfffe01ff -mov edx, eax -shl edx, 9 -shl eax, 0xd -or ebx, edx -or ebx, eax -or esi, edx -jmp short loc_fffb0856 ; jmp 0xfffb0856 - -loc_fffb0840: ; not directly referenced -cmp byte [ebp - 0x88], 0xb -jne short loc_fffb0858 ; jne 0xfffb0858 -mov eax, edi -and ebx, 0xffffffe0 -and eax, 0x1f -and esi, 0xffffffe0 -or ebx, eax - -loc_fffb0856: ; not directly referenced -or esi, eax - -loc_fffb0858: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb086d ; je 0xfffb086d -mov eax, dword [ebp - 0x9c] -mov dword [eax + 0x4c], ebx -mov dword [eax + 0x50], esi - -loc_fffb086d: ; not directly referenced -mov eax, dword [ebp - 0x84] -mov ecx, ebx -shl eax, 8 -lea edx, [eax + 0x1404] -mov dword [ebp - 0x7c], eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x7c] -mov ecx, ebx -lea edx, [eax + 0x1a04] -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x7c] -mov ecx, ebx -mov ebx, dword [ebp - 0x80] -lea edx, [eax + 0x1204] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x7c] -mov ecx, esi -lea edx, [eax + 0x3414] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0xa4] -mov edx, 0x2008 -mov ecx, dword [eax + 0x18] -mov eax, ebx -or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c -mov word [ebp - 0x7c], di - -loc_fffb08df: ; not directly referenced -cmp byte [ebp - 0x88], 0xf -mov al, byte [ebp - 0x9e] -sete dl -or al, dl -je loc_fffb09b9 ; je 0xfffb09b9 -mov ecx, dword [ebp - 0x7c] -mov eax, 0xfffffff8 -mov ebx, 7 -cmp cx, 0xfff8 -cmovge eax, ecx -cmp ax, 7 -cmovg eax, ebx -mov word [ebp - 0x7c], ax -mov eax, dword [ebp - 0xa4] -mov ebx, dword [eax + 0xc] -test dl, dl -je short loc_fffb096d ; je 0xfffb096d -cmp byte [ebp - 0xb8], 1 -jne short loc_fffb0955 ; jne 0xfffb0955 -mov eax, dword [ebp - 0x80] -cmp dword [eax + 0x3756], 2 -jne short loc_fffb0955 ; jne 0xfffb0955 -mov edx, 0x3a14 -call fcn_fffae52a ; call 0xfffae52a -mov esi, dword [ebp - 0x7c] -shr eax, 0x14 -and eax, 0xf -cmp si, ax -cmovge eax, esi -mov word [ebp - 0x7c], ax - -loc_fffb0955: ; not directly referenced -mov eax, dword [ebp - 0x7c] -and ebx, 0xf00fffff -and eax, 0xf -mov edx, eax -shl edx, 0x14 -shl eax, 0x18 -or ebx, edx -or ebx, eax - -loc_fffb096d: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb097f ; je 0xfffb097f -mov eax, dword [ebp - 0xa4] -mov dword [eax + 0xc], ebx - -loc_fffb097f: ; not directly referenced -mov edi, dword [ebp - 0x80] -mov ecx, ebx -mov edx, 0x3a14 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -or ah, 1 -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x78 -mov eax, edi -call fcn_fffa834b ; call 0xfffa834b - -loc_fffb09b9: ; not directly referenced -cmp byte [ebp - 0x88], 0xc -mov cl, byte [ebp - 0x9e] -sete al -or cl, al -je loc_fffb0b28 ; je 0xfffb0b28 -test al, al -je short loc_fffb09dd ; je 0xfffb09dd -mov bl, byte [ebp - 0x7c] -and ebx, 3 -jmp short loc_fffb09e9 ; jmp 0xfffb09e9 - -loc_fffb09dd: ; not directly referenced -mov eax, dword [ebp - 0x9c] -mov bl, byte [eax + 0xb4] - -loc_fffb09e9: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb09fe ; je 0xfffb09fe -mov eax, dword [ebp - 0x9c] -mov byte [eax + 0xb4], bl - -loc_fffb09fe: ; not directly referenced -mov esi, dword [ebp - 0x84] -and ebx, 3 -mov eax, dword [ebp - 0x80] -shl ebx, 0xd -shl esi, 8 -lea edi, [esi + 0x140c] -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -lea edi, [esi + 0x1a0c] -add esi, 0x121c -and ah, 0x9f -or eax, ebx -mov ecx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x80] -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -mov edi, dword [ebp - 0x80] -and ah, 0x9f -or eax, ebx -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, esi -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, esi -and ah, 0x9f -or eax, ebx -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0xa4] -mov edx, 0x2008 -mov ecx, dword [eax + 0x18] -mov eax, edi -or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffb0b28 ; jmp 0xfffb0b28 - -loc_fffb0a8d: ; not directly referenced -cmp byte [ebp - 0x88], 1 -jne short loc_fffb0aad ; jne 0xfffb0aad -mov eax, esi -and ebx, 0xffc00fff -and eax, 0x1f -mov edx, eax -shl edx, 0xc -shl eax, 0x11 -or ebx, edx -jmp short loc_fffb0ad9 ; jmp 0xfffb0ad9 - -loc_fffb0aad: ; not directly referenced -test al, al -je short loc_fffb0ac1 ; je 0xfffb0ac1 -mov eax, esi -and ebx, 0xf83fffff -and eax, 0x1f -shl eax, 0x16 -jmp short loc_fffb0ad9 ; jmp 0xfffb0ad9 - -loc_fffb0ac1: ; not directly referenced -cmp byte [ebp - 0x88], 2 -jne loc_fffaff90 ; jne 0xfffaff90 -mov eax, esi -and ebx, 0x7ffffff -shl eax, 0x1b - -loc_fffb0ad9: ; not directly referenced -or ebx, eax -jmp near loc_fffaff90 ; jmp 0xfffaff90 - -loc_fffb0ae0: ; not directly referenced -cmp byte [ebp - 0xd8], 8 -jbe short loc_fffb0afd ; jbe 0xfffb0afd -mov edx, dword [ebp - 0x84] -shl edx, 8 -add edx, 0x305c -jmp near loc_fffaffa2 ; jmp 0xfffaffa2 - -loc_fffb0afd: ; not directly referenced -mov eax, dword [ebp - 0x84] -shl ecx, 9 -shl eax, 8 -lea edx, [eax + ecx + 0x5c] -jmp near loc_fffaffa2 ; jmp 0xfffaffa2 - -loc_fffb0b12: ; not directly referenced -mov word [ebp - 0x7c], 0x3f -jmp near loc_fffb0264 ; jmp 0xfffb0264 - -loc_fffb0b1d: ; not directly referenced -mov word [ebp - 0x7c], 7 -jmp near loc_fffb0264 ; jmp 0xfffb0264 - -loc_fffb0b28: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb0b30: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2c -lea esi, [eax + 0x3756] -mov dword [ebp - 0x2c], eax -mov eax, dword [eax + 0x5edc] -mov byte [ebp - 0x1f], dl -mov dword [ebp - 0x28], esi -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x1c], eax -add eax, 0x1c -mov dword [ebp - 0x30], eax -movzx eax, dl -mov dword [ebp - 0x34], eax - -loc_fffb0b64: ; not directly referenced -mov eax, dword [ebp - 0x28] -cmp dword [eax], 2 -je short loc_fffb0b8b ; je 0xfffb0b8b - -loc_fffb0b6c: ; not directly referenced -inc dword [ebp - 0x24] -add dword [ebp - 0x28], 0x13c3 -add dword [ebp - 0x30], 0xcc -cmp dword [ebp - 0x24], 2 -jne short loc_fffb0b64 ; jne 0xfffb0b64 -add esp, 0x2c -pop ebx -pop esi -pop edi -pop ebp -ret - -loc_fffb0b8b: ; not directly referenced -mov byte [ebp - 0x1c], 0 - -loc_fffb0b8f: ; not directly referenced -mov esi, dword [ebp - 0x2c] -mov cl, byte [ebp - 0x1c] -cmp cl, byte [esi + 0x2488] -jae short loc_fffb0b6c ; jae 0xfffb0b6c -mov esi, dword [ebp - 0x28] -movzx edx, cl -mov ebx, 0x200 -xor ecx, ecx -mov word [ebp - 0x1e], 0 -mov al, byte [esi + 0xc4] -lea esi, [esi + edx*2] - -loc_fffb0bb9: ; not directly referenced -mov edi, 1 -shl edi, cl -mov edx, edi -test al, dl -je short loc_fffb0be5 ; je 0xfffb0be5 -imul edi, ecx, 0x12 -mov dx, word [ebp - 0x1e] -movzx edi, word [esi + edi + 0x1b1] -cmp dx, di -cmovb edx, edi -cmp bx, di -mov word [ebp - 0x1e], dx -cmova ebx, edi - -loc_fffb0be5: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffb0bb9 ; jne 0xfffb0bb9 -mov eax, dword [ebp - 0x2c] -mov dx, word [ebp - 0x1e] -movzx ecx, word [eax + 0x2489] -mov eax, 0x13880 -shr dx, 6 -lea edi, [edx + 1] -xor edx, edx -movzx edi, di -div ecx -mov edx, 0x80 -mov ecx, dword [ebp - 0x34] -cmp eax, 0x7f -cmova edx, eax -mov al, 6 -sub ebx, edx -mov dl, 0xfc -shr ebx, 6 -sub bl, byte [ebp - 0x1f] -cmp bl, 6 -cmovle eax, ebx -mov ebx, 7 -cmp al, 0xfc -cmovge edx, eax -movsx eax, dl -sub edi, eax -lea eax, [edi + ecx - 1] -movzx ecx, byte [ebp - 0x1c] -mov edi, dword [ebp - 0x30] -cmp eax, 7 -cmovle ebx, eax -and edx, 0xf -mov esi, edx -shl edx, 5 -lea edi, [edi + ecx*4] -mov byte [ebp - 0x1e], dl -mov dl, byte [edi + 5] -and edx, 0x1f -or dl, byte [ebp - 0x1e] -mov byte [edi + 5], dl -mov edx, esi -shr dl, 3 -mov byte [ebp - 0x1e], dl -xor edx, edx -test ebx, ebx -cmovns edx, ebx -mov bl, dl -and ebx, 7 -lea edx, [ebx + ebx] -or dl, byte [ebp - 0x1e] -shl esi, 4 -or edx, esi -mov esi, dword [ebp - 0x2c] -mov byte [edi + 6], dl -mov dl, byte [edi + 7] -mov eax, esi -and edx, 0xfffffff8 -or edx, ebx -mov byte [edi + 7], dl -mov edx, dword [ebp - 0x24] -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [edi + 4] -mov edx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x1c] -jmp near loc_fffb0b8f ; jmp 0xfffb0b8f - -fcn_fffb0cb4: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -movzx ebx, dl -sub esp, 0x2c -mov eax, dword [ebp + 0x10] -imul edx, ebx, 0x13c3 -cmp dword [ebp + 8], 0 -mov byte [ebp - 0x20], cl -mov dword [ebp - 0x2c], eax -mov cl, al -lea eax, [esi + edx + 0x3756] -mov dword [ebp - 0x1c], eax -je short loc_fffb0cec ; je 0xfffb0cec -mov al, byte [eax + 0xc4] -mov byte [ebp - 0x20], al - -loc_fffb0cec: ; not directly referenced -cmp dword [esi + 0x2480], 3 -sete byte [ebp - 0x24] -xor edi, edi -imul edx, ebx, 0x13c3 -lea eax, [esi + edx] -mov dword [ebp - 0x30], eax -movzx eax, cl -mov dword [ebp - 0x28], eax - -loc_fffb0d0b: ; not directly referenced -mov eax, dword [ebp - 0x30] -mov edx, 1 -mov ecx, edi -shl edx, cl -test byte [eax + 0x381a], dl -je short loc_fffb0d7a ; je 0xfffb0d7a -mov al, byte [ebp - 0x24] -cmp dword [ebp + 8], 0 -setne cl -xor eax, 1 -test cl, al -je short loc_fffb0d4d ; je 0xfffb0d4d -push eax -push dword [ebp - 0x28] -push dword [ebp + 0xc] -mov dword [ebp - 0x34], edx -push edx -push edx -push 0 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -mov edx, dword [ebp - 0x34] -jmp short loc_fffb0d58 ; jmp 0xfffb0d58 - -loc_fffb0d4d: ; not directly referenced -cmp dword [ebp + 8], 0 -jne short loc_fffb0d58 ; jne 0xfffb0d58 -test byte [ebp - 0x20], dl -je short loc_fffb0d7a ; je 0xfffb0d7a - -loc_fffb0d58: ; not directly referenced -mov eax, dword [ebp - 0x1c] -push ecx -push dword [ebp - 0x28] -movzx ecx, byte [eax + edi + 0x245] -add ecx, dword [ebp + 0xc] -push ecx -push 1 -push edx -push 4 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 - -loc_fffb0d7a: ; not directly referenced -inc edi -cmp edi, 4 -jne short loc_fffb0d0b ; jne 0xfffb0d0b -movzx edi, byte [ebp - 0x2c] -mov ecx, dword [ebp - 0x1c] -push edx -mov edx, dword [ebp + 0xc] -movzx eax, byte [ebp - 0x20] -push edi -add edx, dword [ecx + 0x111] -mov dword [ebp - 0x20], eax -push edx -push 1 -push eax -push 2 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -cmp byte [ebp - 0x24], 0 -je loc_fffb0e62 ; je 0xfffb0e62 -imul edx, ebx, 0x54a -xor eax, eax -lea ecx, [edx + 0xf0] -mov dword [ebp - 0x24], ecx - -loc_fffb0dc4: ; not directly referenced -cmp al, 1 -setbe cl -cmp dword [ebp + 8], 0 -setne dl -test cl, dl -je short loc_fffb0e11 ; je 0xfffb0e11 -mov ecx, dword [ebp - 0x24] -movzx edx, al -lea edx, [esi + edx + 0x186e] -cmp byte [edx + ecx + 0x54b], 0 -je short loc_fffb0e0e ; je 0xfffb0e0e -push ecx -mov edx, 1 -push edi -mov cl, al -push dword [ebp + 0xc] -shl edx, cl -mov dword [ebp - 0x28], eax -push edx -push 0 -push 0 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x28] -add esp, 0x20 - -loc_fffb0e0e: ; not directly referenced -inc eax -jmp short loc_fffb0dc4 ; jmp 0xfffb0dc4 - -loc_fffb0e11: ; not directly referenced -mov eax, dword [ebp - 0x1c] -push edx -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x109] -push edx -push 1 -push dword [ebp - 0x20] -push 3 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x1c] -add esp, 0x1c -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x115] -push edx -push 2 -push dword [ebp - 0x20] -push 2 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x1c] -add esp, 0x1c -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x11d] -push edx -push 2 -jmp short loc_fffb0e73 ; jmp 0xfffb0e73 - -loc_fffb0e62: ; not directly referenced -push eax -mov eax, dword [ebp - 0x1c] -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x119] -push edx -push 1 - -loc_fffb0e73: ; not directly referenced -push dword [ebp - 0x20] -push 1 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb0e8a: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -xor esi, esi -push ebx -mov ebx, eax -sub esp, 0x2c -mov edi, dword [eax + 0x2443] -call dword [edi + 0x54] ; ucall -add eax, 0x2710 -mov dword [ebp - 0x2c], eax - -loc_fffb0ea8: ; not directly referenced -imul eax, esi, 0x13c3 -mov dword [ebp + esi*4 - 0x28], 0 -cmp dword [ebx + eax + 0x3756], 2 -jne short loc_fffb0f12 ; jne 0xfffb0f12 -cmp dword [ebx + 0x188b], 0 -je short loc_fffb0f12 ; je 0xfffb0f12 -xor ecx, ecx -mov edx, esi -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov edx, eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebp + esi*4 - 0x20], eax -test eax, 0x1000000 -je short loc_fffb0f12 ; je 0xfffb0f12 -and eax, 0xfeffffff -mov ecx, 0xff -mov dword [ebp - 0x30], eax -mov edx, esi -mov eax, ebx -mov dword [ebp + esi*4 - 0x28], 1 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebp - 0x30] -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb0f12: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffb0ea8 ; jne 0xfffb0ea8 -mov edx, 0x5030 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5030 -or eax, 0x800000 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb0f37: ; not directly referenced -mov edx, 0x5030 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -shr eax, 0x10 -test al, al -jns short loc_fffb0f59 ; jns 0xfffb0f59 -call dword [edi + 0x54] ; ucall -cmp dword [ebp - 0x2c], eax -ja short loc_fffb0f37 ; ja 0xfffb0f37 -mov edi, 1 -jmp short loc_fffb0f5b ; jmp 0xfffb0f5b - -loc_fffb0f59: ; not directly referenced -xor edi, edi - -loc_fffb0f5b: ; not directly referenced -xor esi, esi - -loc_fffb0f5d: ; not directly referenced -cmp dword [ebp + esi*4 - 0x28], 0 -je short loc_fffb0f7f ; je 0xfffb0f7f -mov ecx, 0xff -mov edx, esi -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebp + esi*4 - 0x20] -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb0f7f: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffb0f5d ; jne 0xfffb0f5d -mov eax, edi -add esp, 0x2c -neg eax -pop ebx -and eax, 0x12 -pop esi -pop edi -pop ebp -ret - -fcn_fffb0f94: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -push ebx -add esp, 0xffffff80 -mov al, byte [ebp + 0xc] -mov ebx, dword [edi + 0x2443] -push 1 -mov esi, dword [edi + 0x5edc] -push 8 -mov byte [ebp - 0x6a], al -mov eax, dword [edi + 0x188b] -mov dword [ebp - 0x64], edx -mov dword [ebp - 0x54], ecx -mov byte [ebp - 0x50], dl -mov dword [ebp - 0x78], eax -lea eax, [ebp - 0x38] -push eax -mov byte [ebp - 0x4e], cl -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 8 -lea eax, [ebp - 0x30] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 9 -push 8 -lea eax, [ebp - 0x28] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x20] -push eax -call dword [ebx + 0x64] ; ucall -add esp, 0x10 -cmp byte [ebp - 0x54], 1 -jne short loc_fffb1029 ; jne 0xfffb1029 -mov byte [ebp - 0x35], 0xa -mov byte [ebp - 0x36], 0x13 -mov byte [ebp - 0x37], 0x19 -mov byte [ebp - 0x38], 0x19 -mov byte [ebp - 0x2d], 0xa -mov byte [ebp - 0x2e], 0xa -mov byte [ebp - 0x25], 0x3f -mov byte [ebp - 0x26], 0x3f -jmp near loc_fffb10b1 ; jmp 0xfffb10b1 - -loc_fffb1029: ; not directly referenced -mov eax, dword [ebp - 0x54] -cmp al, 2 -je short loc_fffb10ab ; je 0xfffb10ab -cmp al, 5 -jne short loc_fffb103a ; jne 0xfffb103a - -loc_fffb1034: ; not directly referenced -mov byte [ebp - 0x4d], 8 -jmp short loc_fffb10b5 ; jmp 0xfffb10b5 - -loc_fffb103a: ; not directly referenced -mov eax, dword [ebp - 0x54] -cmp al, 6 -je short loc_fffb10b1 ; je 0xfffb10b1 -cmp al, 9 -jne short loc_fffb106c ; jne 0xfffb106c -mov ebx, dword [ebp - 0x64] -movzx eax, bl -and bl, 1 -je short loc_fffb1059 ; je 0xfffb1059 -mov edx, dword [esi + 0xbc] -mov dword [ebp - 0x20], edx - -loc_fffb1059: ; not directly referenced -mov byte [ebp - 0x4d], 2 -test al, 2 -je short loc_fffb10b5 ; je 0xfffb10b5 -mov eax, dword [esi + 0x188] -mov dword [ebp - 0x1c], eax -jmp short loc_fffb10b5 ; jmp 0xfffb10b5 - -loc_fffb106c: ; not directly referenced -cmp byte [ebp - 0x54], 0xa -mov byte [ebp - 0x4d], 1 -jne short loc_fffb10b5 ; jne 0xfffb10b5 -mov eax, dword [ebp - 0x64] -movzx edx, al -test al, 1 -je short loc_fffb1092 ; je 0xfffb1092 -mov eax, dword [esi + 0xbc] -mov dword [ebp - 0x20], eax -shr eax, 0xf -and eax, 0xf -mov byte [ebp - 0x3a], al - -loc_fffb1092: ; not directly referenced -and dl, 2 -je short loc_fffb1034 ; je 0xfffb1034 -mov eax, dword [esi + 0x188] -mov dword [ebp - 0x1c], eax -shr eax, 0xf -and eax, 0xf -mov byte [ebp - 0x39], al -jmp short loc_fffb1034 ; jmp 0xfffb1034 - -loc_fffb10ab: ; not directly referenced -mov byte [ebp - 0x4d], 7 -jmp short loc_fffb10b5 ; jmp 0xfffb10b5 - -loc_fffb10b1: ; not directly referenced -mov byte [ebp - 0x4d], 4 - -loc_fffb10b5: ; not directly referenced -movzx eax, byte [ebp - 0x50] -mov dword [ebp - 0x4c], 0 -mov byte [ebp - 0x69], 0 -mov dword [ebp - 0x68], eax -movzx eax, byte [ebp - 0x4d] -mov dword [ebp - 0x80], eax - -loc_fffb10ce: ; not directly referenced -mov ebx, dword [ebp - 0x4c] -mov byte [ebp - 0x4f], bl -mov bl, byte [ebp + ebx - 0x38] -movzx eax, bl -dec eax -call fcn_fffaec34 ; call 0xfffaec34 -cmp bl, 0x1f -jbe short loc_fffb112f ; jbe 0xfffb112f -mov ebx, dword [ebp - 0x4c] -mov byte [ebp + ebx - 0x38], al - -loc_fffb10ed: ; not directly referenced -mov cl, byte [ebp - 0x4f] -mov dword [ebp - 0x58], 0x4004 -mov dword [ebp - 0x60], 0x4917 -mov al, cl -shl eax, 4 -add eax, ecx -cmp cl, 4 -movzx eax, al -mov dword [ebp - 0x7c], eax -sbb eax, eax -xor ebx, ebx -and eax, 0x1f -mov dword [ebp - 0x70], eax -mov al, cl -and eax, 3 -mov byte [ebp - 0x6b], al -add eax, 4 -or dword [ebp - 0x70], 0x80 -mov byte [ebp - 0x6c], al -jmp short loc_fffb113b ; jmp 0xfffb113b - -loc_fffb112f: ; not directly referenced -mov eax, dword [ebp - 0x4c] -add ebx, 0x20 -mov byte [ebp + eax - 0x38], bl -jmp short loc_fffb10ed ; jmp 0xfffb10ed - -loc_fffb113b: ; not directly referenced -mov eax, dword [ebp - 0x68] -bt eax, ebx -jae loc_fffb12f7 ; jae 0xfffb12f7 -mov eax, dword [ebp - 0x58] -lea edx, [eax + 0x94] -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -shr eax, 0xc -and eax, 1 -cmp byte [ebp - 0x4e], 1 -mov byte [ebp - 0x69], al -jne short loc_fffb11d6 ; jne 0xfffb11d6 -mov edx, dword [ebp - 0x4c] -mov dword [ebp - 0x5c], ebx -movzx ecx, byte [ebp + edx - 0x30] -movzx eax, byte [ebp + edx - 0x28] -mov dl, byte [ebp + edx - 0x38] -and ecx, 0x3f -and eax, 0x3f -shl eax, 0x10 -mov ebx, edx -shl ecx, 8 -and ebx, 0x1f -or ecx, eax -mov eax, dword [ebp - 0x58] -shr dl, 5 -or ecx, ebx -and edx, 1 -shl edx, 5 -or ecx, edx -lea edx, [eax + 0x1fc] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x4c] -mov eax, 1 -mov ecx, dword [ebp + 8] -mov ebx, dword [ebp - 0x5c] -movzx ecx, byte [ecx + edx] -lea edx, [ebx*4 + 0x4980] -shl eax, cl -cmp dword [ebp - 0x78], 1 -lea ecx, [edx + 0x20] -cmove edx, ecx -mov ecx, eax -jmp near loc_fffb1273 ; jmp 0xfffb1273 - -loc_fffb11d6: ; not directly referenced -cmp byte [ebp - 0x4e], 2 -jne short loc_fffb11f6 ; jne 0xfffb11f6 -sub esp, 0xc -mov ecx, dword [ebp - 0x80] -mov edx, ebx -push dword [ebp - 0x4c] -mov eax, edi -call fcn_fffaa3c8 ; call 0xfffaa3c8 -add esp, 0x10 -jmp near loc_fffb12f7 ; jmp 0xfffb12f7 - -loc_fffb11f6: ; not directly referenced -mov al, byte [ebp - 0x4e] -sub eax, 5 -cmp al, 1 -ja short loc_fffb127c ; ja 0xfffb127c -mov eax, dword [ebp - 0x60] -mov ecx, dword [ebp - 0x7c] -lea edx, [eax - 0x6c] -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -cmp byte [ebp - 0x4e], 5 -jne short loc_fffb122f ; jne 0xfffb122f -mov cl, byte [ebp - 0x4f] -cmp cl, 7 -setne al -test cl, cl -setne cl -movzx ecx, cl -mov dword [ebp - 0x5c], ecx -and dword [ebp - 0x5c], eax -jmp short loc_fffb123b ; jmp 0xfffb123b - -loc_fffb122f: ; not directly referenced -xor eax, eax -test byte [ebp - 0x4f], 0xfd -setne al -mov dword [ebp - 0x5c], eax - -loc_fffb123b: ; not directly referenced -mov edx, dword [ebp - 0x60] -mov eax, edx -sub eax, 7 -mov dword [ebp - 0x74], eax -mov al, byte [ebp - 0x5c] -lea ecx, [eax - 0x80] -mov eax, edi -movzx ecx, cl -call fcn_fffae566 ; call 0xfffae566 -mov edx, dword [ebp - 0x74] -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x5c] -mov edx, dword [ebp - 0x74] -sub ecx, 0xffffff80 -shl ecx, 0xc -and eax, 0xfff00fff -or ecx, eax - -loc_fffb1273: ; not directly referenced -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb12f7 ; jmp 0xfffb12f7 - -loc_fffb127c: ; not directly referenced -cmp byte [ebp - 0x4e], 9 -jne short loc_fffb12a7 ; jne 0xfffb12a7 -cmp byte [ebp - 0x4f], 1 -mov al, byte [ebp + ebx*4 - 0x1f] -sbb edx, edx -add edx, 5 -and edx, 7 -and eax, 0xffffff8f -shl edx, 4 -or eax, edx -mov edx, dword [ebp - 0x58] -mov byte [ebp + ebx*4 - 0x1f], al -mov ecx, dword [ebp + ebx*4 - 0x20] -jmp short loc_fffb1273 ; jmp 0xfffb1273 - -loc_fffb12a7: ; not directly referenced -cmp byte [ebp - 0x4e], 0xa -jne short loc_fffb12f7 ; jne 0xfffb12f7 -mov dl, byte [ebp - 0x6c] -mov al, byte [ebp + ebx*4 - 0x1f] -and edx, 7 -shl edx, 4 -and eax, 0xffffff8f -or eax, edx -mov byte [ebp + ebx*4 - 0x1f], al -mov al, byte [ebp - 0x6b] -add al, byte [ebp + ebx - 0x3a] -mov ecx, dword [ebp + ebx*4 - 0x20] -and eax, 0xf -shl eax, 0xf -and ecx, 0xfff87fff -or ecx, eax -mov eax, edi -mov dword [ebp + ebx*4 - 0x20], ecx -mov edx, dword [ebp - 0x58] -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp - 0x70] -mov eax, edi -mov edx, dword [ebp - 0x60] -call fcn_fffae566 ; call 0xfffae566 - -loc_fffb12f7: ; not directly referenced -inc ebx -add dword [ebp - 0x60], 8 -add dword [ebp - 0x58], 0x400 -cmp ebx, 2 -jne loc_fffb113b ; jne 0xfffb113b -mov eax, edi -call fcn_fffb0e8a ; call 0xfffb0e8a -mov ecx, 1 -cmp byte [ebp - 0x4f], 0 -sete dl -cmp byte [ebp - 0x6a], 0 -setne al -test dl, al -mov eax, 5 -cmovne ecx, eax -mov edx, 0x4800 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb133c: ; not directly referenced -mov edx, 0x4804 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov cl, byte [ebp - 0x50] -mov edx, eax -mov ebx, eax -shr edx, 0x10 -shr eax, 0x10 -and edx, 2 -and eax, 1 -or eax, edx -and eax, ecx -cmp al, cl -jne short loc_fffb133c ; jne 0xfffb133c -mov edx, ebx -mov al, bl -and edx, 2 -and eax, 1 -or eax, edx -test cl, al -je short loc_fffb1379 ; je 0xfffb1379 -cmp byte [ebp - 0x69], 0 -jne short loc_fffb13c2 ; jne 0xfffb13c2 - -loc_fffb1379: ; not directly referenced -inc dword [ebp - 0x4c] -mov al, byte [ebp - 0x4c] -cmp byte [ebp - 0x4d], al -ja loc_fffb10ce ; ja 0xfffb10ce -mov al, byte [ebp - 0x54] -sub eax, 9 -cmp al, 1 -ja short loc_fffb13c2 ; ja 0xfffb13c2 -test byte [ebp - 0x68], 1 -je short loc_fffb13aa ; je 0xfffb13aa -mov ecx, dword [esi + 0xbc] -mov edx, 0x4004 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb13aa: ; not directly referenced -test byte [ebp - 0x68], 2 -je short loc_fffb13c2 ; je 0xfffb13c2 -mov ecx, dword [esi + 0x188] -mov edx, 0x4404 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb13c2: ; not directly referenced -mov al, byte [ebp - 0x64] -lea esp, [ebp - 0xc] -and eax, ebx -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb13cf: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, edx -push esi -push ebx -mov ebx, eax -sub esp, 0xc -mov eax, dword [eax + 0x5edc] -mov esi, dword [ebx + 0x1887] -mov dword [ebp - 0x14], edx -mov dword [ebp - 0x10], ecx -mov edx, dword [eax + 4] -xor eax, eax - -loc_fffb13f3: ; not directly referenced -lea ecx, [edx + eax] -mov dword [ebp - 0x18], ecx -mov ecx, edi -cmp cl, byte [edx + eax] -jne short loc_fffb140d ; jne 0xfffb140d -mov eax, dword [ebp - 0x10] -mov edi, dword [ebp - 0x18] -mov ax, word [edi + eax*2 + 1] -jmp short loc_fffb1417 ; jmp 0xfffb1417 - -loc_fffb140d: ; not directly referenced -add eax, 7 -cmp eax, 0x4d -jne short loc_fffb13f3 ; jne 0xfffb13f3 -xor al, al - -loc_fffb1417: ; not directly referenced -cmp esi, 0x306d0 -sete cl -cmp esi, 0x40650 -sete dl -or cl, dl -je short loc_fffb1472 ; je 0xfffb1472 -cmp dword [ebx + 0x2480], 1 -jne short loc_fffb1472 ; jne 0xfffb1472 -cmp byte [ebp - 0x14], 5 -sete cl -cmp byte [ebp - 0x10], 2 -setne dl -test cl, dl -je short loc_fffb1472 ; je 0xfffb1472 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffb145a ; jne 0xfffb145a -cmp byte [ebx + 0x49be], 5 -je short loc_fffb146c ; je 0xfffb146c - -loc_fffb145a: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffb14ab ; jne 0xfffb14ab -cmp byte [ebx + 0x5d81], 5 -jne short loc_fffb14ab ; jne 0xfffb14ab - -loc_fffb146c: ; not directly referenced -add ax, 0xc8 -jmp short loc_fffb14ab ; jmp 0xfffb14ab - -loc_fffb1472: ; not directly referenced -cmp dword [ebx + 0x188b], 1 -jne short loc_fffb14ab ; jne 0xfffb14ab -cmp dword [ebx + 0x2480], 1 -jne short loc_fffb14ab ; jne 0xfffb14ab -mov edi, dword [ebp - 0x10] -cmp byte [ebp - 0x14], 0xc -mov ebx, edi -sete cl -cmp bl, 2 -setne dl -test cl, dl -je short loc_fffb14ab ; je 0xfffb14ab -dec bl -mov edx, 0x78 -mov ecx, 0x50 -cmovne edx, ecx -add eax, edx - -loc_fffb14ab: ; not directly referenced -add esp, 0xc -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb14b3: ; not directly referenced -push ebp -movzx edx, dl -mov ebp, esp -push ebx -push ebx -cmp dword [eax + 0x2480], 2 -push 0 -push dword [ebp + 8] -sete bl -shl ebx, 3 -movzx ebx, bl -push ecx -mov ecx, 0xf -push ebx -call fcn_fffafb06 ; call 0xfffafb06 -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffb14e1: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -sub esp, 0x3c -test dl, dl -setne bl -xor eax, eax -imul edi, dword [esi + 0x18a7], 0x2e -and ebx, 1 -lea edx, [esi + 0x374e] -shl ebx, 8 -mov byte [ebp - 0x2d], 0 -mov dword [ebp - 0x3c], edx -mov dword [ebp - 0x40], edi - -loc_fffb1510: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x2d], 1 -setbe dl -test cl, dl -je loc_fffb16e7 ; je 0xfffb16e7 -movzx eax, byte [ebp - 0x2d] -mov dword [ebp - 0x34], eax -imul eax, eax, 0x13c3 -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffb16d1 ; jne 0xfffb16d1 -mov edx, dword [ebp - 0x3c] -lea eax, [edx + eax + 8] -mov dword [ebp - 0x2c], eax -add eax, dword [ebp - 0x40] -mov cx, word [eax + 0x2a] -add eax, 0x20 -movzx edi, word [eax - 0x16] -mov ax, word [eax + 8] -cmp cx, 0xc -setne dl -cmp cx, 0xa -mov word [ebp - 0x38], ax -setne al -test dl, al -je short loc_fffb159f ; je 0xfffb159f -cmp cx, 0x10 -setne dl -cmp cx, 0xe -setne al -test dl, al -je short loc_fffb159f ; je 0xfffb159f -cmp cx, 0x14 -setne dl -cmp cx, 0x12 -setne al -test dl, al -je short loc_fffb159f ; je 0xfffb159f -cmp cx, 0x18 -jne loc_fffb16db ; jne 0xfffb16db - -loc_fffb159f: ; not directly referenced -movzx eax, word [ebp - 0x38] -add eax, eax -mov edx, eax -mov dword [ebp - 0x38], eax -movzx eax, cx -cmp edx, eax -jne loc_fffb16e2 ; jne 0xfffb16e2 -cmp di, 0x10 -ja short loc_fffb15c4 ; ja 0xfffb15c4 -xor eax, eax -test di, 1 -jne short loc_fffb15d3 ; jne 0xfffb15d3 - -loc_fffb15c4: ; not directly referenced -mov eax, edi -and eax, 0xfffffffb -cmp ax, 0x12 -setne al -movzx eax, al - -loc_fffb15d3: ; not directly referenced -shl eax, 2 -and ebx, 0xfffffffb -or ebx, eax -cmp di, 0x10 -ja short loc_fffb15f9 ; ja 0xfffb15f9 -lea eax, [edi - 9] -mov edi, 2 -cdq -and ebx, 0xffffff8f -idiv edi -and eax, 7 -shl eax, 4 -or ebx, eax -jmp short loc_fffb160a ; jmp 0xfffb160a - -loc_fffb15f9: ; not directly referenced -sub edi, 2 -and ebx, 0xffffff8f -sar edi, 2 -and edi, 7 -shl edi, 4 -or ebx, edi - -loc_fffb160a: ; not directly referenced -cmp cx, 0x14 -ja loc_fffb16bf ; ja 0xfffb16bf -mov eax, dword [ebp - 0x38] -mov ecx, 2 -and bh, 0xf1 -sub eax, 0xa -cdq -idiv ecx -and eax, 7 -shl eax, 9 -or ebx, eax - -loc_fffb162d: ; not directly referenced -imul eax, dword [ebp - 0x34], 0x13c3 -test byte [esi + eax + 0x381a], 1 -je short loc_fffb166a ; je 0xfffb166a -cmp byte [esi + 0x247b], 0 -jne short loc_fffb165e ; jne 0xfffb165e -mov eax, dword [ebp - 0x2c] -mov word [eax + 0x126b], bx -mov word [eax + 0x1283], bx - -loc_fffb1658: ; not directly referenced -mov word [ebp - 0x1c], bx -jmp short loc_fffb166a ; jmp 0xfffb166a - -loc_fffb165e: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov bx, word [eax + 0x126b] -jmp short loc_fffb1658 ; jmp 0xfffb1658 - -loc_fffb166a: ; not directly referenced -imul eax, dword [ebp - 0x34], 0x13c3 -test byte [esi + eax + 0x381a], 4 -je short loc_fffb16a7 ; je 0xfffb16a7 -cmp byte [esi + 0x247b], 0 -jne short loc_fffb169b ; jne 0xfffb169b -mov eax, dword [ebp - 0x2c] -mov word [eax + 0x1393], bx -mov word [eax + 0x13ab], bx - -loc_fffb1695: ; not directly referenced -mov word [ebp - 0x1a], bx -jmp short loc_fffb16a7 ; jmp 0xfffb16a7 - -loc_fffb169b: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov bx, word [eax + 0x1393] -jmp short loc_fffb1695 ; jmp 0xfffb1695 - -loc_fffb16a7: ; not directly referenced -mov edx, dword [ebp - 0x34] -sub esp, 0xc -xor ecx, ecx -lea eax, [ebp - 0x1c] -push eax -mov eax, esi -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffb16d3 ; jmp 0xfffb16d3 - -loc_fffb16bf: ; not directly referenced -shl ecx, 7 -and bh, 0xf1 -and cx, 0xe00 -or ebx, ecx -jmp near loc_fffb162d ; jmp 0xfffb162d - -loc_fffb16d1: ; not directly referenced -xor eax, eax - -loc_fffb16d3: ; not directly referenced -inc byte [ebp - 0x2d] -jmp near loc_fffb1510 ; jmp 0xfffb1510 - -loc_fffb16db: ; not directly referenced -mov eax, 0xd -jmp short loc_fffb16e7 ; jmp 0xfffb16e7 - -loc_fffb16e2: ; not directly referenced -mov eax, 0x1d - -loc_fffb16e7: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb16ef: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, 0x100 -sub esp, 0x90 -mov esi, dword [ebp + 8] -lea edx, [ebp - 0x44] -mov dword [ebp - 0x48], 1 -mov eax, dword [esi + 0x2443] -push 0 -push 0x2c -push edx -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -cmp dword [esi + 0x3756], 2 -jne short loc_fffb1753 ; jne 0xfffb1753 -xor edi, edi - -loc_fffb1729: ; not directly referenced -mov eax, edi -cmp al, byte [esi + 0x2488] -jae short loc_fffb1753 ; jae 0xfffb1753 -movzx eax, al -and ebx, 0xffffff80 -mov edx, eax -inc edi -and edx, 0x7f -or ebx, edx -mov ecx, ebx -lea edx, [eax*4 + 0x40f0] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb1729 ; jmp 0xfffb1729 - -loc_fffb1753: ; not directly referenced -xor edi, edi -cmp dword [esi + 0x4b19], 2 -je short loc_fffb1769 ; je 0xfffb1769 - -loc_fffb175e: ; not directly referenced -mov byte [ebp - 0x65], 0 -xor edi, edi -jmp near loc_fffb1900 ; jmp 0xfffb1900 - -loc_fffb1769: ; not directly referenced -mov eax, edi -cmp al, byte [esi + 0x2488] -jae short loc_fffb175e ; jae 0xfffb175e -mov eax, edi -and ebx, 0xffffff80 -movzx eax, al -inc edi -mov edx, eax -and edx, 0x7f -or ebx, edx -mov ecx, ebx -lea edx, [eax*4 + 0x44f0] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb1769 ; jmp 0xfffb1769 - -loc_fffb1795: ; not directly referenced -mov cl, byte [ebp - 0x65] -xor edi, edi -mov dword [ebp - 0x5c], 1 -shl dword [ebp - 0x5c], cl -movzx eax, cl -mov dword [ebp - 0x7c], eax -mov al, byte [ebp - 0x5c] -test byte [esi + 0x248d], al -je loc_fffb18fd ; je 0xfffb18fd -mov ecx, dword [ebp - 0x5c] -xor edx, edx -mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 -mov ecx, dword [ebp - 0x5c] -mov edx, 1 -mov byte [ebp - 0x4a], 0 -mov bl, al -mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 -imul ecx, dword [ebp - 0x7c], 0x18 -mov byte [ebp - 0x49], 0 -mov dword [ebp - 0x80], 0 -mov dword [ebp - 0x8c], ecx -lea ecx, [esi + ecx + 0x49c1] -or eax, ebx -movzx eax, al -mov dword [ebp - 0x90], ecx -mov dword [ebp - 0x64], eax - -loc_fffb1804: ; not directly referenced -mov ecx, dword [ebp - 0x7c] -lea eax, [ebp - 0x48] -push ebx -push ebx -mov ebx, edi -push eax -mov eax, esi -push 1 -xor edi, edi -lea edx, [ebp - 0x44] -call fcn_fffaa9ed ; call 0xfffaa9ed -mov cl, byte [ebp - 0x80] -add esp, 0x10 -mov eax, dword [ebp - 0x90] -mov dword [ebp - 0x84], 1 -shl dword [ebp - 0x84], cl -mov dword [ebp - 0x60], eax - -loc_fffb183c: ; not directly referenced -mov eax, dword [ebp - 0x64] -bt eax, edi -jb loc_fffb1919 ; jb 0xfffb1919 - -loc_fffb1848: ; not directly referenced -inc edi -add dword [ebp - 0x60], 0x13c3 -cmp edi, 2 -jne short loc_fffb183c ; jne 0xfffb183c -mov edx, dword [ebp - 0x64] -mov eax, esi -call fcn_fffae670 ; call 0xfffae670 -test eax, eax -mov edi, eax -lea eax, [esi + 0x49ba] -cmove edi, ebx -mov dword [ebp - 0x84], eax -mov eax, dword [ebp - 0x8c] -xor ebx, ebx -add eax, 7 -mov dword [ebp - 0x94], eax - -loc_fffb1883: ; not directly referenced -mov eax, dword [ebp - 0x64] -bt eax, ebx -jae short loc_fffb18bc ; jae 0xfffb18bc -mov eax, ebx -shl eax, 0xa -add eax, 0x4114 -mov dword [ebp - 0x88], eax -mov byte [ebp - 0x60], 0 -mov byte [ebp - 0x78], 0 - -loc_fffb18a3: ; not directly referenced -mov al, byte [ebp - 0x78] -cmp al, byte [esi + 0x2488] -jb loc_fffb19ab ; jb 0xfffb19ab -cmp byte [ebp - 0x60], 0 -jne loc_fffb19ed ; jne 0xfffb19ed - -loc_fffb18bc: ; not directly referenced -inc ebx -add dword [ebp - 0x84], 0x13c3 -cmp ebx, 2 -jne short loc_fffb1883 ; jne 0xfffb1883 -inc dword [ebp - 0x80] -cmp dword [ebp - 0x80], 8 -jne loc_fffb1804 ; jne 0xfffb1804 -test byte [ebp - 0x64], 1 -je short loc_fffb18eb ; je 0xfffb18eb -cmp byte [ebp - 0x4a], 0xff -mov eax, 0x1f -cmovne edi, eax - -loc_fffb18eb: ; not directly referenced -test byte [ebp - 0x64], 2 -je short loc_fffb18fd ; je 0xfffb18fd -cmp byte [ebp - 0x49], 0xff -mov eax, 0x1f -cmovne edi, eax - -loc_fffb18fd: ; not directly referenced -inc byte [ebp - 0x65] - -loc_fffb1900: ; not directly referenced -test edi, edi -sete dl -cmp byte [ebp - 0x65], 1 -setbe al -test dl, al -jne loc_fffb1795 ; jne 0xfffb1795 -jmp near loc_fffb1a4d ; jmp 0xfffb1a4d - -loc_fffb1919: ; not directly referenced -cmp byte [ebp + edi - 0x4a], 0xff -je loc_fffb1848 ; je 0xfffb1848 -mov eax, dword [ebp - 0x60] -mov edx, edi -mov cx, word [eax + 6] -push eax -push eax -mov word [ebp - 0x78], cx -mov ecx, dword [ebp - 0x5c] -or word [ebp - 0x78], 0x10 -movzx eax, word [ebp - 0x78] -push eax -mov eax, esi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0xc -mov ecx, dword [ebp - 0x7c] -mov edx, edi -test eax, eax -cmovne ebx, eax -mov eax, dword [ebp - 0x60] -mov ax, word [eax] -push dword [ebp - 0x84] -and eax, 0xfffc -push 0 -or eax, 2 -push eax -mov eax, esi -call fcn_fffaa285 ; call 0xfffaa285 -pop edx -mov edx, edi -pop ecx -mov ecx, dword [ebp - 0x5c] -test eax, eax -cmovne ebx, eax -mov eax, dword [ebp - 0x78] -mov dword [ebp - 0x88], ebx -and eax, 0xffef -push eax -mov eax, esi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -mov ebx, eax -test eax, eax -cmove ebx, dword [ebp - 0x88] -jmp near loc_fffb1848 ; jmp 0xfffb1848 - -loc_fffb19ab: ; not directly referenced -mov dl, byte [ebp - 0x78] -movzx eax, byte [ebp + ebx - 0x4a] -movzx ecx, dl -bt eax, edx -jb short loc_fffb19e5 ; jb 0xfffb19e5 -mov eax, dword [ebp - 0x88] -mov dword [ebp - 0x98], ecx -lea edx, [eax + ecx*4] -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x98] -test eax, eax -je short loc_fffb19e5 ; je 0xfffb19e5 -mov eax, 1 -shl eax, cl -or byte [ebp - 0x60], al - -loc_fffb19e5: ; not directly referenced -inc byte [ebp - 0x78] -jmp near loc_fffb18a3 ; jmp 0xfffb18a3 - -loc_fffb19ed: ; not directly referenced -movzx eax, byte [ebp - 0x60] -call fcn_fffaeba2 ; call 0xfffaeba2 -mov ecx, dword [ebp - 0x84] -cmp byte [ecx], 8 -movzx eax, al -jne short loc_fffb1a07 ; jne 0xfffb1a07 -dec eax -jmp short loc_fffb1a0a ; jmp 0xfffb1a0a - -loc_fffb1a07: ; not directly referenced -cmp eax, 2 - -loc_fffb1a0a: ; not directly referenced -sete al -mov edx, dword [ebp - 0x94] -movzx eax, al -test eax, eax -mov eax, 0x1f -cmove edi, eax -mov al, byte [ebp - 0x60] -add edx, dword [ebp - 0x84] -or byte [ebp + ebx - 0x4a], al -xor eax, eax - -loc_fffb1a2f: ; not directly referenced -cmp byte [edx + eax + 0x10], 0 -jne short loc_fffb1a42 ; jne 0xfffb1a42 -mov cl, byte [ebp - 0x60] -mov byte [edx + eax + 0x10], cl -jmp near loc_fffb18bc ; jmp 0xfffb18bc - -loc_fffb1a42: ; not directly referenced -inc eax -cmp eax, 8 -jne short loc_fffb1a2f ; jne 0xfffb1a2f -jmp near loc_fffb18bc ; jmp 0xfffb18bc - -loc_fffb1a4d: ; not directly referenced -mov cl, byte [esi + 0x247b] -xor edx, edx -mov eax, esi -mov byte [esi + 0x247b], 1 -mov dword [ebp - 0x5c], ecx -call fcn_fffb14e1 ; call 0xfffb14e1 -mov ecx, dword [ebp - 0x5c] -mov byte [esi + 0x247b], cl -test eax, eax -mov ebx, eax -mov eax, esi -cmove ebx, edi -call fcn_fffb0e8a ; call 0xfffb0e8a -lea esp, [ebp - 0xc] -mov eax, ebx -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb1a87: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, eax -lea esi, [ebx + 0x374e] -sub esp, 0x3c -xor eax, eax -mov byte [ebp - 0x2b], 0 -mov dword [ebp - 0x40], esi - -loc_fffb1aa1: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x2b], 1 -setbe dl -test cl, dl -je loc_fffb1be5 ; je 0xfffb1be5 -movzx eax, byte [ebp - 0x2b] -imul edx, eax, 0x13c3 -mov dword [ebp - 0x34], eax -lea eax, [ebx + edx] -cmp dword [eax + 0x3756], 2 -jne loc_fffb1bd6 ; jne 0xfffb1bd6 -mov esi, dword [ebp - 0x40] -mov dword [ebp - 0x30], 0 -mov dword [ebp - 0x3c], eax -lea esi, [esi + edx + 8] -mov dword [ebp - 0x38], esi -xor esi, esi - -loc_fffb1ae8: ; not directly referenced -mov edi, dword [ebp - 0x30] -mov eax, edi -mov ecx, edi -mov edi, dword [ebp - 0x3c] -mov byte [ebp - 0x2c], al -mov eax, 1 -shl eax, cl -test byte [edi + 0x381a], al -je loc_fffb1bad ; je 0xfffb1bad -cmp byte [ebx + 0x247b], 0 -je short loc_fffb1b2b ; je 0xfffb1b2b -mov al, cl -mov edx, dword [ebp - 0x38] -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -mov si, word [edx + eax + 0x126d] -jmp short loc_fffb1ba0 ; jmp 0xfffb1ba0 - -loc_fffb1b2b: ; not directly referenced -mov al, byte [ebp - 0x2c] -mov edx, dword [ebp - 0x34] -shr al, 1 -movzx edi, al -mov eax, ebx -mov ecx, edi -call fcn_fffa69ea ; call 0xfffa69ea -test eax, eax -je loc_fffb1be0 ; je 0xfffb1be0 -mov edx, dword [ebx + 0x1887] -cmp edx, 0x306d0 -sete cl -cmp edx, 0x40650 -sete dl -or cl, dl -je short loc_fffb1b6c ; je 0xfffb1b6c -cmp dword [ebx + 0x2480], 1 -je short loc_fffb1b72 ; je 0xfffb1b72 - -loc_fffb1b6c: ; not directly referenced -movzx ecx, byte [eax + 1] -jmp short loc_fffb1b74 ; jmp 0xfffb1b74 - -loc_fffb1b72: ; not directly referenced -xor ecx, ecx - -loc_fffb1b74: ; not directly referenced -sub esp, 0xc -mov edx, ebx -push esi -lea eax, [ebp - 0x2a] -call fcn_fffa6bd1 ; call 0xfffa6bd1 -imul edi, edi, 0x128 -mov si, word [ebp - 0x2a] -add edi, dword [ebp - 0x38] -add esp, 0x10 -mov word [edi + 0x126d], si -mov word [edi + 0x1285], si - -loc_fffb1ba0: ; not directly referenced -mov al, byte [ebp - 0x2c] -shr al, 1 -movzx eax, al -mov word [ebp + eax*2 - 0x1c], si - -loc_fffb1bad: ; not directly referenced -add dword [ebp - 0x30], 2 -cmp dword [ebp - 0x30], 4 -jne loc_fffb1ae8 ; jne 0xfffb1ae8 -mov edx, dword [ebp - 0x34] -sub esp, 0xc -mov ecx, 1 -lea eax, [ebp - 0x1c] -push eax -mov eax, ebx -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffb1bd8 ; jmp 0xfffb1bd8 - -loc_fffb1bd6: ; not directly referenced -xor eax, eax - -loc_fffb1bd8: ; not directly referenced -inc byte [ebp - 0x2b] -jmp near loc_fffb1aa1 ; jmp 0xfffb1aa1 - -loc_fffb1be0: ; not directly referenced -mov eax, 1 - -loc_fffb1be5: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb1bed: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -sub esp, 0x3c -mov edi, dword [esi + 0x2480] -mov dword [ebp - 0x3c], ecx -mov dword [ebp - 0x38], edi -cmp ecx, 1 -je short loc_fffb1c30 ; je 0xfffb1c30 -jb short loc_fffb1c20 ; jb 0xfffb1c20 -cmp ecx, 2 -je short loc_fffb1c27 ; je 0xfffb1c27 -cmp ecx, 3 -jne loc_fffb1d20 ; jne 0xfffb1d20 -mov edi, 0xc3 -jmp short loc_fffb1c2c ; jmp 0xfffb1c2c - -loc_fffb1c20: ; not directly referenced -mov edi, 0xff -jmp short loc_fffb1c35 ; jmp 0xfffb1c35 - -loc_fffb1c27: ; not directly referenced -mov edi, 0x56 - -loc_fffb1c2c: ; not directly referenced -xor eax, eax -jmp short loc_fffb1c3a ; jmp 0xfffb1c3a - -loc_fffb1c30: ; not directly referenced -mov edi, 0xab - -loc_fffb1c35: ; not directly referenced -mov eax, 0x400 - -loc_fffb1c3a: ; not directly referenced -mov word [ebp - 0x1c], ax -movzx ecx, dl -xor ebx, ebx -mov word [ebp - 0x1a], ax -lea eax, [esi + 0x3756] -mov dword [ebp - 0x34], eax -xor eax, eax -mov byte [ebp - 0x2d], 1 -mov dword [ebp - 0x40], ecx - -loc_fffb1c59: ; not directly referenced -mov ecx, dword [ebp - 0x34] -cmp dword [ecx], 2 -jne loc_fffb1cf9 ; jne 0xfffb1cf9 -mov ecx, dword [ebp - 0x40] -bt ecx, ebx -jae loc_fffb1cf9 ; jae 0xfffb1cf9 -lea edx, [ebx + 1] -bt ecx, edx -jb short loc_fffb1c88 ; jb 0xfffb1c88 -mov cl, byte [ebp - 0x2d] -mov dl, 7 -cmp dword [ebp - 0x3c], 2 -cmove ecx, edx -mov byte [ebp - 0x2d], cl - -loc_fffb1c88: ; not directly referenced -cmp dword [ebp - 0x38], 3 -jne short loc_fffb1cca ; jne 0xfffb1cca -mov dword [ebp - 0x2c], 0 - -loc_fffb1c95: ; not directly referenced -mov cl, byte [ebp - 0x2c] -mov edx, 1 -shl edx, cl -mov ecx, dword [ebp - 0x34] -test byte [ecx + 0xc4], dl -je short loc_fffb1cbf ; je 0xfffb1cbf -mov ecx, dword [ebp - 0x2c] -mov edx, ebx -push eax -mov eax, esi -push 0 -push edi -push 0xa -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 - -loc_fffb1cbf: ; not directly referenced -inc dword [ebp - 0x2c] -cmp dword [ebp - 0x2c], 4 -jne short loc_fffb1c95 ; jne 0xfffb1c95 -jmp short loc_fffb1cf9 ; jmp 0xfffb1cf9 - -loc_fffb1cca: ; not directly referenced -cmp dword [ebp - 0x38], 2 -movzx eax, byte [ebp - 0x2d] -jne short loc_fffb1cdf ; jne 0xfffb1cdf -push eax -lea eax, [ebp - 0x1c] -push eax -push 0 -push 0xe -jmp short loc_fffb1ce8 ; jmp 0xfffb1ce8 - -loc_fffb1cdf: ; not directly referenced -push eax -lea eax, [ebp - 0x1c] -push eax -push 0 -push 6 - -loc_fffb1ce8: ; not directly referenced -mov ecx, 0xf -mov edx, ebx -mov eax, esi -call fcn_fffafb06 ; call 0xfffafb06 -add esp, 0x10 - -loc_fffb1cf9: ; not directly referenced -inc ebx -add dword [ebp - 0x34], 0x13c3 -cmp ebx, 2 -jne loc_fffb1c59 ; jne 0xfffb1c59 -cmp dword [ebp - 0x3c], 1 -mov ebx, eax -ja short loc_fffb1d25 ; ja 0xfffb1d25 -mov edx, 0x13 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -jmp short loc_fffb1d25 ; jmp 0xfffb1d25 - -loc_fffb1d20: ; not directly referenced -mov ebx, 2 - -loc_fffb1d25: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, ebx -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb1d2f: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -xor esi, esi -push ebx -sub esp, 0x4c -mov ebx, dword [ebp + 8] -mov byte [ebp - 0x28], 2 -mov byte [ebp - 0x27], 0x40 -mov byte [ebp - 0x26], 1 -mov byte [ebp - 0x25], 0x43 -mov byte [ebp - 0x24], 3 -mov byte [ebp - 0x23], 1 -mov byte [ebp - 0x22], 0xb -mov byte [ebp - 0x21], 3 -mov dword [ebp - 0x50], 0 - -loc_fffb1d64: ; not directly referenced -imul eax, esi, 0x13c3 -cmp dword [ebx + eax + 0x3756], 2 -jne short loc_fffb1daf ; jne 0xfffb1daf -mov edi, esi -mov eax, ebx -shl edi, 0xa -add edi, 0x4004 -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebp + esi*4 - 0x20], eax -mov al, byte [ebp + esi*4 - 0x1d] -test al, 0x20 -jne short loc_fffb1daf ; jne 0xfffb1daf -or eax, 0x20 -mov edx, edi -mov byte [ebp + esi*4 - 0x1d], al -mov ecx, dword [ebp + esi*4 - 0x20] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov dword [ebp - 0x50], 1 - -loc_fffb1daf: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffb1d64 ; jne 0xfffb1d64 -xor ecx, ecx -mov edx, 3 -mov eax, ebx -call fcn_fffb1bed ; call 0xfffb1bed -test eax, eax -jne loc_fffb1fe8 ; jne 0xfffb1fe8 -mov edx, dword [ebx + 0x36d7] -cmp edx, 0x320 -jbe short loc_fffb1e0b ; jbe 0xfffb1e0b -cmp edx, 0x42b -jbe short loc_fffb1e0f ; jbe 0xfffb1e0f -cmp edx, 0x4b0 -jbe short loc_fffb1e13 ; jbe 0xfffb1e13 -cmp edx, 0x535 -jbe short loc_fffb1e17 ; jbe 0xfffb1e17 -cmp edx, 0x640 -jbe short loc_fffb1e1b ; jbe 0xfffb1e1b -mov al, 0x16 -cmp edx, 0x74b -ja loc_fffb1fe8 ; ja 0xfffb1fe8 -mov al, 0x1c -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d - -loc_fffb1e0b: ; not directly referenced -mov al, 0x14 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d - -loc_fffb1e0f: ; not directly referenced -mov al, 0x16 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d - -loc_fffb1e13: ; not directly referenced -mov al, 0x17 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d - -loc_fffb1e17: ; not directly referenced -mov al, 0x18 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d - -loc_fffb1e1b: ; not directly referenced -mov al, 0x1a - -loc_fffb1e1d: ; not directly referenced -mov byte [ebp - 0x27], al -lea eax, [ebx + 0x3756] -xor edi, edi -mov dword [ebp - 0x2c], eax - -loc_fffb1e2b: ; not directly referenced -mov eax, dword [ebp - 0x2c] -cmp dword [eax], 2 -jne loc_fffb1fc7 ; jne 0xfffb1fc7 -mov dword [ebp - 0x34], 0 - -loc_fffb1e3e: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov ecx, dword [ebp - 0x34] -mov al, byte [eax + 0xc4] -mov dl, cl -mov esi, eax -mov eax, 1 -shl eax, cl -mov ecx, esi -test cl, al -jne short loc_fffb1e69 ; jne 0xfffb1e69 - -loc_fffb1e5b: ; not directly referenced -inc dword [ebp - 0x34] -cmp dword [ebp - 0x34], 4 -jne short loc_fffb1e3e ; jne 0xfffb1e3e -jmp near loc_fffb1f5b ; jmp 0xfffb1f5b - -loc_fffb1e69: ; not directly referenced -cmp byte [ebp - 0x34], 0 -mov byte [ebp - 0x48], 0 -jne short loc_fffb1e93 ; jne 0xfffb1e93 -cmp byte [ebx + 0x240a], 0 -mov byte [ebp - 0x48], dl -je short loc_fffb1e93 ; je 0xfffb1e93 -mov eax, esi -and eax, 2 -cmp al, 1 -sbb eax, eax -mov dword [ebp - 0x48], eax -and byte [ebp - 0x48], 0xfc -add byte [ebp - 0x48], 7 - -loc_fffb1e93: ; not directly referenced -mov eax, edx -and eax, 1 -mov dword [ebp - 0x38], 0 -mov dword [ebp - 0x4c], eax - -loc_fffb1ea2: ; not directly referenced -mov eax, dword [ebp - 0x38] -cmp byte [ebx + 0x247b], 0 -movzx edx, byte [ebp + eax*2 - 0x28] -je short loc_fffb1edf ; je 0xfffb1edf -cmp edx, 6 -ja short loc_fffb1ecc ; ja 0xfffb1ecc -imul eax, dword [ebp - 0x4c], 0xc -mov ecx, dword [ebp - 0x2c] -lea eax, [edx + eax + 0x930] -mov al, byte [ecx + eax*2 + 0xb] -jmp short loc_fffb1eda ; jmp 0xfffb1eda - -loc_fffb1ecc: ; not directly referenced -imul eax, dword [ebp - 0x4c], 0x18 -mov ecx, dword [ebp - 0x2c] -mov al, byte [ecx + eax + 0x1279] - -loc_fffb1eda: ; not directly referenced -mov byte [ebp - 0x2d], al -jmp short loc_fffb1f29 ; jmp 0xfffb1f29 - -loc_fffb1edf: ; not directly referenced -mov eax, dword [ebp - 0x38] -cmp eax, 3 -je short loc_fffb1eed ; je 0xfffb1eed -mov al, byte [ebp + eax*2 - 0x27] -jmp short loc_fffb1ef0 ; jmp 0xfffb1ef0 - -loc_fffb1eed: ; not directly referenced -mov al, byte [ebp - 0x48] - -loc_fffb1ef0: ; not directly referenced -mov byte [ebp - 0x2d], al -cmp edx, 6 -ja short loc_fffb1f11 ; ja 0xfffb1f11 -imul ecx, dword [ebp - 0x4c], 0xc -movzx esi, byte [ebp - 0x2d] -mov eax, dword [ebp - 0x2c] -lea ecx, [edx + ecx + 0x930] -mov word [eax + ecx*2 + 0xb], si -jmp short loc_fffb1f29 ; jmp 0xfffb1f29 - -loc_fffb1f11: ; not directly referenced -cmp edx, 0xb -jne short loc_fffb1f29 ; jne 0xfffb1f29 -imul ecx, dword [ebp - 0x4c], 0x18 -movzx esi, byte [ebp - 0x2d] -mov eax, dword [ebp - 0x2c] -mov word [eax + ecx + 0x1279], si - -loc_fffb1f29: ; not directly referenced -push eax -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x34] -push 0 -push eax -mov eax, ebx -push edx -mov edx, edi -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -test eax, eax -jne loc_fffb1fe8 ; jne 0xfffb1fe8 -inc dword [ebp - 0x38] -cmp dword [ebp - 0x38], 4 -jne loc_fffb1ea2 ; jne 0xfffb1ea2 -jmp near loc_fffb1e5b ; jmp 0xfffb1e5b - -loc_fffb1f5b: ; not directly referenced -cmp byte [ebx + 0x247d], 0 -jne short loc_fffb1fa6 ; jne 0xfffb1fa6 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffb1fa6 ; jne 0xfffb1fa6 -mov eax, edi -shl eax, 8 -add eax, 0x1c20 -mov edx, eax -mov esi, eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -cmp byte [ebx + 0x240a], 1 -sbb edx, edx -not edx -add edx, 3 -and eax, 0xffffffcf -and edx, 3 -shl edx, 4 -or eax, edx -mov edx, esi -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb1fa6: ; not directly referenced -cmp dword [ebp - 0x50], 0 -je short loc_fffb1fc7 ; je 0xfffb1fc7 -and byte [ebp + edi*4 - 0x1d], 0xdf -mov edx, edi -mov ecx, dword [ebp + edi*4 - 0x20] -shl edx, 0xa -mov eax, ebx -add edx, 0x4004 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb1fc7: ; not directly referenced -inc edi -add dword [ebp - 0x2c], 0x13c3 -cmp edi, 2 -jne loc_fffb1e2b ; jne 0xfffb1e2b -mov byte [ebx + 0x247d], 1 -xor eax, eax -mov byte [ebx + 0x247b], 1 - -loc_fffb1fe8: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb1ff0: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x20], 0 -lea edi, [ebx + 0x3756] - -loc_fffb2009: ; not directly referenced -cmp dword [edi], 2 -je short loc_fffb201f ; je 0xfffb201f - -loc_fffb200e: ; not directly referenced -inc dword [ebp - 0x20] -add edi, 0x13c3 -cmp dword [ebp - 0x20], 2 -jne short loc_fffb2009 ; jne 0xfffb2009 -jmp short loc_fffb2092 ; jmp 0xfffb2092 - -loc_fffb201f: ; not directly referenced -mov edx, dword [ebp - 0x20] -xor ecx, ecx -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov edx, eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, dword [ebp - 0x20] -mov ecx, 0xff -mov esi, eax -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -or esi, 0x100000 -mov dword [ebp - 0x1c], 0 -mov dword [ebp - 0x24], eax - -loc_fffb2055: ; not directly referenced -mov cl, byte [ebp - 0x1c] -mov eax, 1 -shl eax, cl -test byte [edi + 0xc4], al -je short loc_fffb2084 ; je 0xfffb2084 -mov eax, dword [ebp - 0x1c] -and esi, 0xff3fffff -mov edx, dword [ebp - 0x24] -and eax, 3 -shl eax, 0x16 -or esi, eax -mov eax, ebx -mov ecx, esi -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffb2084: ; not directly referenced -inc dword [ebp - 0x1c] -cmp dword [ebp - 0x1c], 4 -jne short loc_fffb2055 ; jne 0xfffb2055 -jmp near loc_fffb200e ; jmp 0xfffb200e - -loc_fffb2092: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne short loc_fffb20ae ; jne 0xfffb20ae -movzx ecx, byte [ebx + 0x381a] -mov edx, 0x4192 -mov eax, ebx -call fcn_fffae566 ; call 0xfffae566 - -loc_fffb20ae: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffb20ca ; jne 0xfffb20ca -movzx ecx, byte [ebx + 0x4bdd] -mov edx, 0x4592 -mov eax, ebx -call fcn_fffae566 ; call 0xfffae566 - -loc_fffb20ca: ; not directly referenced -mov eax, ebx -mov ecx, 1 -mov edx, 3 -call fcn_fffb1bed ; call 0xfffb1bed -add esp, 0x1c -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb20e5: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0xdc -mov edi, dword [ebp + 0x20] -mov byte [ebp - 0x51], cl -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x5c], ecx -mov cl, byte [ebp + 0x14] -mov dword [ebp - 0x4c], eax -mov eax, dword [eax + 0x188b] -mov dword [ebp - 0x50], edi -mov edi, dword [ebp + 0x24] -mov byte [ebp - 0xad], dl -mov esi, dword [ebp + 0xc] -mov byte [ebp - 0xe8], cl -mov cl, byte [ebp + 0x1c] -mov dword [ebp - 0x60], eax -movzx eax, bx -dec eax -mov dword [ebp - 0x58], edi -inc esi -mov byte [ebp - 0x98], cl -mov word [ebp - 0xb0], bx -mov dword [ebp - 0x45], 0 -mov dword [ebp - 0x41], 0 -mov dword [ebp - 0x3d], 0 -call fcn_fffaec34 ; call 0xfffaec34 -mov ecx, esi -sub ecx, eax -test cl, cl -mov esi, ecx -mov ecx, dword [ebp - 0x5c] -setle dl -mov byte [ebp - 0x61], al -cmp cl, 4 -sete al -or dl, al -jne short loc_fffb2178 ; jne 0xfffb2178 -cmp cl, 5 -mov al, 1 -cmove esi, eax -jmp short loc_fffb217d ; jmp 0xfffb217d - -loc_fffb2178: ; not directly referenced -mov esi, 1 - -loc_fffb217d: ; not directly referenced -lea ecx, [esi - 1] -movzx esi, byte [ebp - 0x61] -lea eax, [ebx - 0x80] -mov dword [ebp - 0x68], 1 -shl dword [ebp - 0x68], cl -cmp bx, 0x7f -cmova eax, esi -add ebx, ebx -mov byte [ebp - 0x88], al -lea eax, [ebx - 0x80] -mov byte [ebp - 0x78], al -cmp bx, 0x7f -jbe short loc_fffb21ba ; jbe 0xfffb21ba -movzx ebx, bx -lea eax, [ebx - 1] -call fcn_fffaec34 ; call 0xfffaec34 -mov byte [ebp - 0x78], al - -loc_fffb21ba: ; not directly referenced -mov eax, dword [ebp + 0x18] -mov bx, word [eax] -movzx eax, bx -dec eax -call fcn_fffaec34 ; call 0xfffaec34 -cmp bx, 0x1f -jbe short loc_fffb21da ; jbe 0xfffb21da -mov esi, dword [ebp + 0x18] -movzx eax, al -mov word [esi], ax -jmp short loc_fffb21e3 ; jmp 0xfffb21e3 - -loc_fffb21da: ; not directly referenced -mov eax, dword [ebp + 0x18] -add ebx, 0x20 -mov word [eax], bx - -loc_fffb21e3: ; not directly referenced -cmp byte [ebp - 0x50], 0 -je short loc_fffb2209 ; je 0xfffb2209 -mov eax, dword [ebp - 0x4c] -mov edx, 0x4cb0 -call fcn_fffae52a ; call 0xfffae52a -mov edi, eax -mov eax, dword [ebp - 0x58] -and di, 0xfff -add edi, 0x10 -cmp ax, di -cmovae edi, eax - -loc_fffb2209: ; not directly referenced -cmp di, 0xff -mov eax, 0xff -cmova edi, eax -mov al, byte [ebp - 0x88] -mov word [ebp - 0xa8], di -mov dword [ebp - 0x50], 0x4960 -mov dword [ebp - 0x5c], 0x4040 -shr al, 7 -mov byte [ebp - 0xc8], al -mov al, byte [ebp - 0x78] -mov dword [ebp - 0x58], 0 -shr al, 7 -mov byte [ebp - 0xd8], al -mov eax, dword [ebp - 0x98] -and eax, 1 -mov dword [ebp - 0xb4], eax - -loc_fffb225c: ; not directly referenced -movzx eax, byte [ebp - 0xad] -mov esi, dword [ebp - 0x58] -mov dword [ebp - 0xac], eax -bt eax, esi -jb short loc_fffb2282 ; jb 0xfffb2282 -mov eax, dword [ebp - 0x50] -xor ecx, ecx -lea edx, [eax + eax - 0x4a18] -jmp near loc_fffb268f ; jmp 0xfffb268f - -loc_fffb2282: ; not directly referenced -mov eax, dword [ebp - 0x5c] -movzx ecx, byte [ebp - 0xb4] -lea edx, [eax + 0x158] -mov eax, dword [ebp - 0x4c] -call fcn_fffae566 ; call 0xfffae566 -cmp byte [ebp - 0x98], 0 -je short loc_fffb22bb ; je 0xfffb22bb -mov edx, dword [ebp - 0x58] -sub esp, 0xc -mov ecx, 7 -mov eax, dword [ebp - 0x4c] -push 8 -call fcn_fffaa3c8 ; call 0xfffaa3c8 -add esp, 0x10 - -loc_fffb22bb: ; not directly referenced -cmp byte [ebp - 0x51], 5 -ja short loc_fffb22d3 ; ja 0xfffb22d3 -movzx eax, byte [ebp - 0x51] -mov dl, byte [eax + ref_fffd3ed8] ; mov dl, byte [eax - 0x2c128] -mov al, byte [eax + ref_fffd3ed0] ; mov al, byte [eax - 0x2c130] -jmp short loc_fffb22d7 ; jmp 0xfffb22d7 - -loc_fffb22d3: ; not directly referenced -xor eax, eax -xor edx, edx - -loc_fffb22d7: ; not directly referenced -and edx, 7 -and eax, 7 -mov bl, byte [ebp - 0x51] -shl edx, 0x18 -xor edi, edi -mov ecx, dword [ebp - 0x50] -shl eax, 0x1c -or eax, edx -and ah, 0xcf -mov edx, eax -mov eax, dword [ebp - 0x4c] -or dh, 0x18 -cmp byte [eax + 0x247a], 0 -setne al -movzx eax, al -shl eax, 7 -or eax, edx -mov edx, eax -or edx, 0x20 -cmp bl, 6 -mov ebx, dword [ebp - 0x4c] -cmove eax, edx -mov esi, eax -mov eax, edi -and eax, 0xfffffc00 -or eax, 2 -mov edi, eax -cmp dword [ebp - 0x60], 1 -lea eax, [ecx + 0x20] -lea edx, [ecx + 0x40] -mov ecx, dword [ebp - 0x68] -cmovne edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, ebx -push ecx -push ecx -mov ecx, dword [ebp - 0x50] -push edi -push esi -lea edx, [ecx + ecx - 0x4a18] -call fcn_fffae7cf ; call 0xfffae7cf -mov ecx, dword [ebp - 0x50] -mov eax, ebx -lea edx, [ecx - 0xa8] -mov ecx, 4 -call fcn_fffae566 ; call 0xfffae566 -mov edx, dword [ebp - 0xc8] -add esp, 0x10 -mov eax, dword [ebp - 0x88] -mov esi, dword [ebp - 0x78] -mov ecx, dword [ebp - 0xd8] -and edx, 1 -mov bl, byte [ebp - 0x51] -shl edx, 7 -and eax, 0x7f -or eax, edx -mov edx, dword [ebp - 0xa8] -and esi, 0x7f -or eax, 0x8000000 -and ecx, 1 -shl ecx, 7 -and edx, 0x3fff -shl edx, 8 -or eax, edx -mov edx, eax -and edx, 0x83fff00 -or edx, esi -or edx, ecx -mov ecx, eax -or ecx, 0x4000000 -and ecx, 0xf7ffffff -cmp bl, 4 -je short loc_fffb23ed ; je 0xfffb23ed -cmp bl, 5 -je short loc_fffb2433 ; je 0xfffb2433 -cmp bl, 3 -jne loc_fffb2475 ; jne 0xfffb2475 -mov dword [ebp - 0x38], edx -mov byte [ebp - 0x39], 1 -or byte [ebp - 0x36], 0xc0 -and byte [ebp - 0x35], 0xfc -jmp near loc_fffb24af ; jmp 0xfffb24af - -loc_fffb23ed: ; not directly referenced -mov dword [ebp - 0x38], eax -mov cl, byte [ebp - 0x36] -and byte [ebp - 0x35], 0xfc -and ecx, 0x3f -or ecx, 0x40 -mov byte [ebp - 0x36], cl -mov ecx, 1 - -loc_fffb2405: ; not directly referenced -mov dword [ebp + ecx*4 - 0x38], edx -mov bl, byte [ebp + ecx*4 - 0x36] -and byte [ebp + ecx*4 - 0x35], 0xfc -and ebx, 0x3f -or ebx, 0xffffff80 -mov byte [ebp + ecx*4 - 0x36], bl -inc ecx -cmp ecx, 7 -jne short loc_fffb2405 ; jne 0xfffb2405 -mov dword [ebp - 0x1c], eax -mov byte [ebp - 0x39], 0xff -and byte [ebp - 0x1a], 0x3f -and byte [ebp - 0x19], 0xfc -jmp short loc_fffb24af ; jmp 0xfffb24af - -loc_fffb2433: ; not directly referenced -mov dword [ebp - 0x38], eax -mov cl, byte [ebp - 0x36] -mov dword [ebp - 0x34], edx -mov dword [ebp - 0x30], eax -mov dword [ebp - 0x2c], edx -and ecx, 0x3f -or ecx, 0x40 -mov byte [ebp - 0x36], cl -mov cl, byte [ebp - 0x32] -and byte [ebp - 0x35], 0xfc -and byte [ebp - 0x31], 0xfc -and byte [ebp - 0x2e], 0x3f -and ecx, 0x3f -or ecx, 0xffffff80 -mov byte [ebp - 0x32], cl -and byte [ebp - 0x2d], 0xfc -or byte [ebp - 0x2a], 0xc0 -and byte [ebp - 0x29], 0xfc -mov byte [ebp - 0x39], 0xf -jmp short loc_fffb24af ; jmp 0xfffb24af - -loc_fffb2475: ; not directly referenced -mov esi, dword [ebp + 0x18] -cmp byte [esi + 0xa], 2 -jne short loc_fffb248d ; jne 0xfffb248d -cmp word [ebp - 0xb0], 8 -jne short loc_fffb248d ; jne 0xfffb248d -mov dword [ebp - 0x38], ecx -jmp short loc_fffb2490 ; jmp 0xfffb2490 - -loc_fffb248d: ; not directly referenced -mov dword [ebp - 0x38], eax - -loc_fffb2490: ; not directly referenced -mov dl, byte [ebp - 0x36] -mov dword [ebp - 0x34], eax -and byte [ebp - 0x35], 0xfc -and byte [ebp - 0x32], 0x3f -and byte [ebp - 0x31], 0xfc -and edx, 0x3f -or edx, 0x40 -mov byte [ebp - 0x36], dl -mov byte [ebp - 0x39], 3 - -loc_fffb24af: ; not directly referenced -imul eax, dword [ebp - 0x58], 0x28 -xor ebx, ebx -lea edi, [ebp - 0x39] -lea esi, [eax + 0x4808] -sub edi, eax - -loc_fffb24c0: ; not directly referenced -movzx eax, byte [ebp - 0x39] -bt eax, ebx -jb loc_fffb2593 ; jb 0xfffb2593 - -loc_fffb24cd: ; not directly referenced -lea eax, [ebp - 0x3d] -mov esi, dword [ebp - 0x4c] -push edx -mov ecx, dword [ebp + 0x10] -push eax -mov edx, dword [ebp - 0x58] -lea eax, [ebp - 0x41] -push eax -lea eax, [ebp - 0x45] -push eax -mov eax, dword [ebp + 0x10] -add eax, 0x24 -push eax -mov eax, dword [ebp + 0x10] -add eax, 0x14 -push eax -mov eax, dword [ebp + 0x10] -add eax, 0x10 -push eax -mov eax, dword [ebp + 0x10] -add eax, 8 -push eax -mov eax, esi -call fcn_fffaa5b6 ; call 0xfffaa5b6 -mov eax, dword [ebp + 0x18] -add esp, 0x20 -mov edi, dword [ebp + 0x18] -movzx ecx, byte [eax + 6] -movzx eax, byte [eax + 2] -mov dx, word [edi] -and ecx, 0x3f -and eax, 0x3f -shl eax, 8 -mov ebx, edx -shl ecx, 0x10 -and ebx, 0x1f -or ecx, eax -mov eax, dword [ebp - 0x5c] -shr dx, 5 -or ecx, ebx -and edx, 1 -shl edx, 5 -or ecx, edx -lea edx, [eax + 0x1c0] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp + 0x18] -mov dl, byte [eax + 0xa] -cmp dl, 2 -sete al -cmp dl, 4 -sete dl -or eax, edx -cmp al, 1 -mov al, byte [ebp - 0x51] -sbb ecx, ecx -and ecx, 2 -movzx ecx, cl -sub eax, 4 -or ecx, 0x8090 -cmp al, 1 -ja short loc_fffb25b6 ; ja 0xfffb25b6 -mov al, byte [ebp - 0x61] -and ecx, 0xf8c0ffff -inc eax -and eax, 7 -shl eax, 0x18 -or ecx, eax -or ecx, 0x10000 -jmp short loc_fffb25b6 ; jmp 0xfffb25b6 - -loc_fffb2593: ; not directly referenced -mov ecx, dword [edi + esi - 0x4807] -mov edx, esi -inc ebx -mov eax, dword [ebp - 0x4c] -add esi, 4 -call fcn_fffae58c ; call 0xfffae58c -cmp ebx, 8 -jne loc_fffb24c0 ; jne 0xfffb24c0 -jmp near loc_fffb24cd ; jmp 0xfffb24cd - -loc_fffb25b6: ; not directly referenced -mov edi, dword [ebp - 0x4c] -mov esi, dword [ebp - 0x5c] -mov eax, edi -mov edx, esi -call fcn_fffae58c ; call 0xfffae58c -xor ecx, ecx -mov eax, edi -lea edx, [esi + 0x44] -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp - 0xe8] -mov eax, edi -lea edx, [esi + 0x58] -and ecx, 3 -shl ecx, 0xc -or ecx, 0xffff0001 -call fcn_fffae58c ; call 0xfffae58c -lea edx, [esi + 0x98] -push eax -push eax -mov eax, edi -push 0 -push 0 -call fcn_fffae7cf ; call 0xfffae7cf -xor ecx, ecx -mov eax, edi -lea edx, [esi + 0x5c] -call fcn_fffae566 ; call 0xfffae566 -add esp, 0x10 -cmp byte [edi + 0x247a], 0 -je short loc_fffb2697 ; je 0xfffb2697 -mov eax, dword [ebp - 0x50] -mov ecx, 0xfc -lea edx, [eax - 8] -mov eax, dword [ebp - 0x4c] -call fcn_fffae566 ; call 0xfffae566 -cmp dword [ebp - 0x60], 1 -jne short loc_fffb2644 ; jne 0xfffb2644 -mov eax, dword [ebp - 0x50] -mov ecx, 0xff -lea edx, [eax - 7] -mov eax, dword [ebp - 0x4c] -call fcn_fffae566 ; call 0xfffae566 - -loc_fffb2644: ; not directly referenced -mov eax, dword [ebp - 0x4c] -movzx ebx, word [eax + 0x2489] -test bx, bx -je short loc_fffb2667 ; je 0xfffb2667 -mov eax, 0x9c40 -cdq -idiv ebx -mov ecx, eax -mov eax, 0x30d40 -cdq -idiv ebx -jmp short loc_fffb2671 ; jmp 0xfffb2671 - -loc_fffb2667: ; not directly referenced -mov eax, 0xff -mov ecx, 0xff - -loc_fffb2671: ; not directly referenced -mov ebx, ecx -movzx ecx, cl -mov edx, dword [ebp - 0x50] -shl ebx, 8 -and ebx, 0xff00 -shl ecx, 0x10 -shl eax, 0x18 -or ecx, ebx -or ecx, eax -or ecx, 2 - -loc_fffb268f: ; not directly referenced -mov eax, dword [ebp - 0x4c] -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb2697: ; not directly referenced -inc dword [ebp - 0x58] -add dword [ebp - 0x5c], 0x400 -add dword [ebp - 0x50], 4 -cmp dword [ebp - 0x58], 2 -jne loc_fffb225c ; jne 0xfffb225c -mov edx, dword [ebp - 0xac] -mov ecx, 2 -mov eax, dword [ebp - 0x4c] -call fcn_fffb1bed ; call 0xfffb1bed -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb26ca: ; not directly referenced -push ebp -movzx edx, dl -mov ebp, esp -push edi -push esi -mov esi, ecx -push ebx -mov ecx, 0xb -sub esp, 0x4c -mov ebx, eax -lea edi, [ebp - 0x44] -xor eax, eax -rep stosd ; rep stosd dword es:[edi], eax -lea eax, [ebp - 0x4f] -push 0 -push 0 -push 0 -push eax -movzx eax, byte [ebp + 8] -mov word [ebp - 0x36], 0x3ff -mov dword [ebp - 0x30], 0x20 -push eax -lea eax, [ebp - 0x44] -push eax -mov eax, ebx -push esi -push 0x80 -mov word [ebp - 0x20], 1 -mov word [ebp - 0x1a], 1 -mov word [ebp - 0x4f], 4 -mov dword [ebp - 0x4d], 0 -mov dword [ebp - 0x49], 7 -mov byte [ebp - 0x45], 0 -call fcn_fffb20e5 ; call 0xfffb20e5 -lea edx, [esi - 7] -add esp, 0x20 -mov al, 1 -test dl, dl -cmovg eax, edx -mov byte [ebx + 0x248c], al -mov byte [ebx + 0x248b], 0 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb2759: ; not directly referenced -push ebp -movzx edx, dl -mov ebp, esp -push edi -push esi -mov esi, ref_fffd3e9c ; mov esi, 0xfffd3e9c -push ebx -mov ebx, eax -sub esp, 0x5c -lea edi, [ebp - 0x44] -mov dword [ebp - 0x5c], ecx -mov ecx, 0xb -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea eax, [ebp - 0x4f] -mov esi, dword [ebp - 0x5c] -push 0 -push 0 -push 1 -push eax -movzx eax, byte [ebp + 8] -mov word [ebp - 0x4f], 4 -mov dword [ebp - 0x4d], 0 -push eax -lea eax, [ebp - 0x44] -push eax -mov eax, ebx -push esi -push 8 -mov dword [ebp - 0x49], 9 -mov byte [ebp - 0x45], 2 -call fcn_fffb20e5 ; call 0xfffb20e5 -mov edx, esi -add esp, 0x20 -sub edx, 4 -mov al, 1 -test dl, dl -cmovg eax, edx -mov byte [ebx + 0x248c], al -mov byte [ebx + 0x248b], 2 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb27d5: ; not directly referenced -push ebp -mov ecx, 0xb -mov ebp, esp -push edi -push ebx -mov ebx, eax -lea edi, [ebp - 0x8c] -xor eax, eax -sub esp, 0x90 -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0x60] -mov word [ebp - 0x82], 0xf -mov word [ebp - 0x66], 1 -mov word [ebp - 0x97], 1 -mov dword [ebp - 0x95], 0 -mov dword [ebp - 0x91], 3 -mov cl, 0xb -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0x34] -mov word [ebp - 0x52], 0x3ff -mov dword [ebp - 0x4c], 0x20 -mov word [ebp - 0x3c], 1 -mov word [ebp - 0x36], 1 -mov byte [ebp - 0x8d], 0 -mov cl, 0xb -rep stosd ; rep stosd dword es:[edi], eax -mov eax, dword [ebx + 0x2480] -mov word [ebp - 0x32], 4 -mov word [ebp - 0x2a], 4 -cmp eax, 3 -je short loc_fffb2871 ; je 0xfffb2871 -dec eax -lea ecx, [ebp - 0x8c] -lea eax, [ebp - 0x60] -cmovne eax, ecx -jmp short loc_fffb2874 ; jmp 0xfffb2874 - -loc_fffb2871: ; not directly referenced -lea eax, [ebp - 0x34] - -loc_fffb2874: ; not directly referenced -push 0 -movzx edx, dl -push 0 -push 0 -lea ecx, [ebp - 0x97] -push ecx -mov ecx, 2 -push 0 -push eax -mov eax, ebx -push 0xa -push 0x80 -call fcn_fffb20e5 ; call 0xfffb20e5 -add esp, 0x20 -mov byte [ebx + 0x248c], 1 -mov byte [ebx + 0x248b], 0 -lea esp, [ebp - 8] -pop ebx -pop edi -pop ebp -ret - -fcn_fffb28b2: ; not directly referenced -push ebp -xor eax, eax -mov ebp, esp -mov ecx, 0xb -push edi -push esi -push ebx -lea edi, [ebp - 0x1f4] -sub esp, 0x270 -rep stosd ; rep stosd dword es:[edi], eax -mov eax, dword [ebp + 8] -lea edx, [ebp - 0x217] -mov word [ebp - 0x1e6], 0x3ff -mov word [ebp - 0x1ca], 1 -mov word [ebp - 0x1ff], 0x20 -mov esi, dword [eax + 0x5edc] -mov al, byte [eax + 0x248e] -mov dword [ebp - 0x1fd], 0 -mov dword [ebp - 0x1f9], 9 -mov byte [ebp - 0x1f5], 0 -mov byte [ebp - 0x22c], al -mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] -mov byte [ebp - 0x230], al -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x18a7] -mov dword [ebp - 0x234], eax -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x188b] -mov dword [ebp - 0x260], eax -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 -sete al -movzx eax, al -mov dword [ebp - 0x250], eax -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] -push 1 -push 7 -push edx -call dword [eax + 0x5c] ; ucall -mov eax, dword [ebp + 8] -add esp, 0x10 -mov eax, dword [eax + 0x1887] -cmp eax, 0x40650 -je short loc_fffb29de ; je 0xfffb29de -ja short loc_fffb298e ; ja 0xfffb298e -cmp eax, 0x306d0 -jmp short loc_fffb299a ; jmp 0xfffb299a - -loc_fffb298e: ; not directly referenced -cmp eax, 0x40660 -je short loc_fffb29a8 ; je 0xfffb29a8 -cmp eax, 0x40670 - -loc_fffb299a: ; not directly referenced -jne short loc_fffb29c3 ; jne 0xfffb29c3 -mov dword [ebp - 0x248], 0x7f -jmp short loc_fffb29e8 ; jmp 0xfffb29e8 - -loc_fffb29a8: ; not directly referenced -mov dword [ebp - 0x248], 0x3f -mov ebx, 0x19 -mov dword [ebp - 0x240], 0x14 -jmp short loc_fffb29f7 ; jmp 0xfffb29f7 - -loc_fffb29c3: ; not directly referenced -mov dword [ebp - 0x248], 0x3f -mov ebx, 0x15 -mov dword [ebp - 0x240], 0x10 -jmp short loc_fffb29f7 ; jmp 0xfffb29f7 - -loc_fffb29de: ; not directly referenced -mov dword [ebp - 0x248], 0x3f - -loc_fffb29e8: ; not directly referenced -mov dword [ebp - 0x240], 0x12 -mov ebx, 0x17 - -loc_fffb29f7: ; not directly referenced -push 8 -movzx edx, byte [ebp - 0x22c] -mov ecx, 2 -push 0 -push 0 -lea eax, [ebp - 0x1ff] -push eax -push 0 -lea eax, [ebp - 0x1f4] -push eax -mov eax, dword [ebp + 8] -push 7 -push 2 -shl ebx, 0x10 -call fcn_fffb20e5 ; call 0xfffb20e5 -lea eax, [esi + 0x1c] -add esp, 0x20 -mov dword [ebp - 0x264], eax -xor esi, esi -mov dword [ebp - 0x22c], eax -mov dword [ebp - 0x238], ebx - -loc_fffb2a42: ; not directly referenced -imul eax, esi, 0x13c3 -mov edi, dword [ebp + 8] -xor ebx, ebx -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffb2aeb ; jne 0xfffb2aeb - -loc_fffb2a5b: ; not directly referenced -mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffb2a8f ; jae 0xfffb2a8f -mov eax, dword [ebp + 8] -movzx edi, bl -mov edx, esi -mov ecx, edi -inc ebx -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0x22c] -mov ecx, dword [ecx + edi*4 + 0x28] -mov edx, eax -mov eax, dword [ebp + 8] -or ecx, 0x40 -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb2a5b ; jmp 0xfffb2a5b - -loc_fffb2a8f: ; not directly referenced -mov ecx, 0xff -mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 -mov edi, eax -mov eax, dword [ebp - 0x22c] -mov ebx, dword [eax] -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne short loc_fffb2ac0 ; jne 0xfffb2ac0 -and ebx, 0xefffffff -mov edx, edi -mov ecx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffb2ac0: ; not directly referenced -mov eax, dword [ebp + 8] -or ebx, 0x1000004 -mov edx, edi -mov ecx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c -mov ecx, dword [ebp - 0x238] -mov edx, esi -mov eax, dword [ebp + 8] -shl edx, 0xa -add edx, 0x4028 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb2aeb: ; not directly referenced -inc esi -add dword [ebp - 0x22c], 0xcc -cmp esi, 2 -jne loc_fffb2a42 ; jne 0xfffb2a42 -imul eax, dword [ebp - 0x234], 0x2e -mov dword [ebp - 0x22c], 0 -mov dword [ebp - 0x26c], eax -movzx eax, byte [ebp - 0x230] -mov dword [ebp - 0x274], eax -mov eax, dword [ebp + 8] -add eax, 0x3756 -mov dword [ebp - 0x234], eax - -loc_fffb2b31: ; not directly referenced -mov edi, dword [ebp - 0x22c] -mov esi, dword [ebp - 0x274] -mov eax, edi -bt esi, edi -jb short loc_fffb2b78 ; jb 0xfffb2b78 - -loc_fffb2b44: ; not directly referenced -inc dword [ebp - 0x22c] -cmp dword [ebp - 0x22c], 4 -jne short loc_fffb2b31 ; jne 0xfffb2b31 -mov eax, dword [ebp + 8] -mov edi, dword [ebp - 0x264] -mov dword [ebp - 0x22c], 0 -add eax, 0x3756 -mov dword [ebp - 0x234], eax -mov esi, eax -jmp near loc_fffb359d ; jmp 0xfffb359d - -loc_fffb2b78: ; not directly referenced -mov esi, dword [ebp - 0x22c] -and eax, 1 -mov dword [ebp - 0x23c], 1 -mov dword [ebp - 0x238], 0 -mov byte [ebp - 0x254], 0 -mov ecx, esi -shl dword [ebp - 0x23c], cl -mov bl, byte [ebp - 0x23c] -mov dword [ebp - 0x24c], eax -mov byte [ebp - 0x230], bl -mov ebx, esi -shr bl, 1 -movzx esi, bl -mov byte [ebp - 0x265], bl -mov ebx, dword [ebp - 0x234] -mov dword [ebp - 0x244], esi - -loc_fffb2bcf: ; not directly referenced -mov ecx, dword [ebp - 0x23c] -mov edx, dword [ebp - 0x238] -mov eax, dword [ebp + 8] -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x254], al -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -je loc_fffb2d28 ; je 0xfffb2d28 -mov eax, dword [ebp - 0x22c] -mov edx, 0 -mov byte [ebx + eax + 0x1011], 0 -mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x36e7] -cmp al, 1 -cmovbe eax, edx -cmp dword [ebp - 0x260], 1 -jne short loc_fffb2c47 ; jne 0xfffb2c47 -mov esi, dword [ebp + 8] -cmp dword [esi + 0x36e3], 1 -jne short loc_fffb2c3d ; jne 0xfffb2c3d -imul eax, eax, 0x64 -mov ecx, 0x85 -cdq -idiv ecx - -loc_fffb2c3d: ; not directly referenced -cmp al, 2 -lea edx, [eax - 2] -mov al, 0 -cmovae eax, edx - -loc_fffb2c47: ; not directly referenced -mov esi, dword [ebp + 8] -cmp dword [esi + 0x2480], 3 -mov esi, dword [ebp - 0x26c] -movzx esi, word [ebx + esi + 0xa] -jne short loc_fffb2c93 ; jne 0xfffb2c93 -mov edi, dword [ebp + 8] -movzx edx, al -add esi, esi -mov ecx, 4 -movzx edi, word [edi + 0x2489] -add edi, edi -cmp al, 5 -cmovae ecx, edx -xor edx, edx -lea eax, [edi + 0x157b] -div edi -mov edi, dword [ebp - 0x240] -lea edx, [edi + eax + 1] -add esi, edx -add esi, ecx -jmp short loc_fffb2cae ; jmp 0xfffb2cae - -loc_fffb2c93: ; not directly referenced -add esi, esi -movzx ecx, al -cmp al, 5 -mov eax, dword [ebp - 0x240] -mov edx, 4 -cmovae edx, ecx -lea esi, [eax + esi + 5] -add esi, edx - -loc_fffb2cae: ; not directly referenced -mov eax, dword [ebp - 0x248] -mov edi, dword [ebp - 0x22c] -cmp esi, eax -cmova esi, eax -mov eax, dword [ebp - 0x238] -mov ecx, esi -shl eax, 0xa -lea edx, [edi + eax + 0x4024] -mov eax, dword [ebp + 8] -call fcn_fffae566 ; call 0xfffae566 -mov eax, esi -cmp dword [ebp - 0x250], 0 -mov byte [ebx + edi + 0x1015], al -je short loc_fffb2d28 ; je 0xfffb2d28 -imul edx, dword [ebp - 0x24c], 0x18 -imul eax, dword [ebp - 0x244], 0x128 -mov ecx, dword [ebp - 0x23c] -add eax, edx -mov ax, word [ebx + eax + 0x1273] -push edx -push edx -mov edx, dword [ebp - 0x238] -or ah, 4 -movzx eax, ax -push eax -mov eax, dword [ebp + 8] -push 4 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 - -loc_fffb2d28: ; not directly referenced -inc dword [ebp - 0x238] -add ebx, 0x13c3 -cmp dword [ebp - 0x238], 2 -jne loc_fffb2bcf ; jne 0xfffb2bcf -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x36d7] -cmp eax, 0x320 -je short loc_fffb2d8c ; je 0xfffb2d8c -cmp eax, 0x42b -ja short loc_fffb2da0 ; ja 0xfffb2da0 -mov eax, dword [ebp + 8] -mov esi, 0x198 -cmp dword [eax + 0x2480], 3 -mov eax, 0x158 -cmovne eax, esi -mov esi, 0x118 -mov word [ebp - 0x23c], ax -mov eax, 0xd8 -cmovne eax, esi -mov word [ebp - 0x238], ax -jmp short loc_fffb2db2 ; jmp 0xfffb2db2 - -loc_fffb2d8c: ; not directly referenced -mov word [ebp - 0x23c], 0x158 -mov word [ebp - 0x238], 0xd8 -jmp short loc_fffb2db2 ; jmp 0xfffb2db2 - -loc_fffb2da0: ; not directly referenced -mov word [ebp - 0x23c], 0x198 -mov word [ebp - 0x238], 0x118 - -loc_fffb2db2: ; not directly referenced -mov eax, dword [ebp - 0x238] -mov word [ebp - 0x244], ax -movzx eax, word [ebp - 0x23c] -sub eax, 8 -mov dword [ebp - 0x270], eax - -loc_fffb2dcf: ; not directly referenced -movzx edi, word [ebp - 0x244] -xor ebx, ebx - -loc_fffb2dd8: ; not directly referenced -imul eax, ebx, 0x13c3 -mov esi, dword [ebp + 8] -mov cl, byte [ebp - 0x230] -test byte [esi + eax + 0x381a], cl -je short loc_fffb2df4 ; je 0xfffb2df4 -xor esi, esi -jmp short loc_fffb2e39 ; jmp 0xfffb2e39 - -loc_fffb2df4: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffb2dd8 ; jne 0xfffb2dd8 -movzx eax, byte [ebp - 0x254] -xor ecx, ecx -xor esi, esi -push edi -push 0 -push 1 -mov edx, eax -mov dword [ebp - 0x258], eax -lea eax, [ebp - 0x217] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 -movzx ebx, word [ebp - 0x244] -add esp, 0x10 -lea eax, [ebx - 8] -mov dword [ebp - 0x25c], eax -jmp near loc_fffb2ef0 ; jmp 0xfffb2ef0 - -loc_fffb2e39: ; not directly referenced -mov ecx, dword [ebp + 8] -mov eax, esi -cmp al, byte [ecx + 0x2488] -jae short loc_fffb2df4 ; jae 0xfffb2df4 -push eax -mov eax, esi -mov ecx, dword [ebp - 0x22c] -push edi -movzx eax, al -push 0 -mov edx, ebx -push eax -mov eax, dword [ebp + 8] -inc esi -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -jmp short loc_fffb2e39 ; jmp 0xfffb2e39 - -loc_fffb2e66: ; not directly referenced -movzx edi, byte [ebp - 0x24c] -mov edx, esi -mov eax, dword [ebp + 8] -mov ecx, edi -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x238] -cmp eax, 0x1f -seta al -movzx eax, al -cmp word [ebp - 0x244], cx -jne loc_fffb2f5a ; jne 0xfffb2f5a -test eax, eax -je short loc_fffb2f11 ; je 0xfffb2f11 -lea eax, [esi + esi*8] -add edi, eax -mov dword [ebp + edi*4 - 0x180], ebx -mov dword [ebp + edi*4 - 0x1c8], ebx -mov dword [ebp + edi*4 - 0xf0], ebx -mov dword [ebp + edi*4 - 0x138], ebx -mov dword [ebp + edi*4 - 0x60], ebx -mov dword [ebp + edi*4 - 0xa8], ebx - -loc_fffb2ecf: ; not directly referenced -inc byte [ebp - 0x24c] - -loc_fffb2ed5: ; not directly referenced -mov edi, dword [ebp + 8] -mov al, byte [ebp - 0x24c] -cmp al, byte [edi + 0x2488] -jb short loc_fffb2e66 ; jb 0xfffb2e66 - -loc_fffb2ee6: ; not directly referenced -inc esi -cmp esi, 2 -je loc_fffb3021 ; je 0xfffb3021 - -loc_fffb2ef0: ; not directly referenced -imul eax, esi, 0x13c3 -mov edi, dword [ebp + 8] -mov cl, byte [ebp - 0x230] -test byte [edi + eax + 0x381a], cl -je short loc_fffb2ee6 ; je 0xfffb2ee6 -mov byte [ebp - 0x24c], 0 -jmp short loc_fffb2ed5 ; jmp 0xfffb2ed5 - -loc_fffb2f11: ; not directly referenced -lea eax, [esi + esi*8] -add edi, eax -mov dword [ebp + edi*4 - 0x180], 0xfffffff8 -mov dword [ebp + edi*4 - 0x1c8], 0xfffffff8 -mov dword [ebp + edi*4 - 0xf0], 0xfffffff8 -mov dword [ebp + edi*4 - 0x138], 0xfffffff8 -mov dword [ebp + edi*4 - 0x60], 0xfffffff8 -mov dword [ebp + edi*4 - 0xa8], 0xfffffff8 -jmp near loc_fffb2ecf ; jmp 0xfffb2ecf - -loc_fffb2f5a: ; not directly referenced -test eax, eax -je loc_fffb2ecf ; je 0xfffb2ecf -lea eax, [esi + esi*8] -mov ecx, dword [ebp - 0x25c] -add eax, edi -cmp dword [ebp + eax*4 - 0x180], ecx -jne short loc_fffb2f7d ; jne 0xfffb2f7d -mov dword [ebp + eax*4 - 0x180], ebx - -loc_fffb2f7d: ; not directly referenced -lea eax, [esi + esi*8] -mov ecx, dword [ebp - 0x25c] -add eax, edi -cmp dword [ebp + eax*4 - 0xf0], ecx -mov dword [ebp + eax*4 - 0xf0], ebx -je short loc_fffb2f9f ; je 0xfffb2f9f -mov dword [ebp + eax*4 - 0x138], ebx - -loc_fffb2f9f: ; not directly referenced -cmp ebx, dword [ebp - 0x270] -jl short loc_fffb2fee ; jl 0xfffb2fee -lea eax, [esi + esi*8] -movzx edx, word [ebp - 0x238] -add eax, edi -mov ecx, dword [ebp + eax*4 - 0x1c8] -cmp ecx, edx -jne short loc_fffb2fee ; jne 0xfffb2fee -mov edx, dword [ebp + eax*4 - 0x180] -cmp edx, ebx -je short loc_fffb2fee ; je 0xfffb2fee -mov edi, ebx -sub edi, dword [ebp + eax*4 - 0x138] -mov dword [ebp + eax*4 - 0x60], edx -sub ecx, edi -sub ecx, 8 -mov dword [ebp + eax*4 - 0x1c8], ecx -mov dword [ebp + eax*4 - 0xa8], ecx -jmp near loc_fffb2ecf ; jmp 0xfffb2ecf - -loc_fffb2fee: ; not directly referenced -lea eax, [esi + esi*8] -mov ecx, ebx -add edi, eax -mov edx, dword [ebp + edi*4 - 0x138] -mov eax, dword [ebp + edi*4 - 0x60] -sub eax, dword [ebp + edi*4 - 0xa8] -sub ecx, edx -cmp ecx, eax -jle loc_fffb2ecf ; jle 0xfffb2ecf -mov dword [ebp + edi*4 - 0xa8], edx -mov dword [ebp + edi*4 - 0x60], ebx -jmp near loc_fffb2ecf ; jmp 0xfffb2ecf - -loc_fffb3021: ; not directly referenced -add word [ebp - 0x244], 8 -mov eax, dword [ebp - 0x23c] -cmp word [ebp - 0x244], ax -jb loc_fffb2dcf ; jb 0xfffb2dcf -movzx eax, word [ebp - 0x23c] -xor edi, edi -mov ebx, dword [ebp - 0x234] -mov dword [ebp - 0x254], eax -imul eax, dword [ebp - 0x22c], 9 -mov dword [ebp - 0x25c], eax - -loc_fffb305e: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -jne short loc_fffb30cf ; jne 0xfffb30cf - -loc_fffb306c: ; not directly referenced -inc edi -add ebx, 0x13c3 -cmp edi, 2 -jne short loc_fffb305e ; jne 0xfffb305e -mov eax, dword [ebp + 8] -mov bl, byte [ebp - 0x265] -mov word [ebp - 0x220], 0x1ff -mov word [ebp - 0x21e], 0x1ff -movzx ecx, byte [eax + 0x2488] -mov eax, 1 -shl eax, cl -dec eax -mov word [ebp - 0x244], ax -lea eax, [ebx + ebx] -movzx eax, al -mov dword [ebp - 0x23c], eax -inc eax -mov dword [ebp - 0x238], eax -movzx eax, bl -add eax, 0x4028 -mov dword [ebp - 0x25c], eax -jmp near loc_fffb31e8 ; jmp 0xfffb31e8 - -loc_fffb30cf: ; not directly referenced -lea eax, [edi + edi*8] -mov byte [ebp - 0x238], 0 -mov dword [ebp - 0x24c], eax - -loc_fffb30df: ; not directly referenced -mov esi, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [esi + 0x2488] -jae loc_fffb306c ; jae 0xfffb306c -movzx ecx, byte [ebp - 0x238] -mov eax, dword [ebp - 0x24c] -add eax, ecx -mov esi, dword [ebp + eax*4 - 0x60] -mov eax, dword [ebp + eax*4 - 0xa8] -mov dword [ebp - 0x23c], esi -mov dword [ebp - 0x244], eax -add eax, esi -mov esi, 2 -cdq -idiv esi -mov esi, dword [ebp - 0x23c] -sub esi, dword [ebp - 0x244] -cmp eax, dword [ebp - 0x254] -jle short loc_fffb314e ; jle 0xfffb314e -mov edx, dword [ebp + 8] -cmp byte [edx + 0x1965], 0 -je short loc_fffb314e ; je 0xfffb314e - -loc_fffb3144: ; not directly referenced -mov eax, 7 -jmp near loc_fffb3a71 ; jmp 0xfffb3a71 - -loc_fffb314e: ; not directly referenced -sub esi, 0x21 -cmp esi, 0x3e -jbe short loc_fffb3162 ; jbe 0xfffb3162 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x1965], 0 -jne short loc_fffb3144 ; jne 0xfffb3144 - -loc_fffb3162: ; not directly referenced -mov esi, dword [ebp - 0x25c] -lea edx, [ecx + esi + 0xd8] -mov word [ebx + edx*2 + 1], ax -mov eax, dword [ebp + 8] -mov edx, edi -push esi -push 0 -push 0xff -push ecx -mov ecx, dword [ebp - 0x22c] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -inc byte [ebp - 0x238] -jmp near loc_fffb30df ; jmp 0xfffb30df - -loc_fffb319b: ; not directly referenced -push ebx -mov edx, dword [ebp - 0x258] -xor ecx, ecx -push 0 -xor ebx, ebx -push 1 -lea eax, [ebp - 0x217] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 -mov esi, dword [ebp - 0x234] -add esp, 0x10 - -loc_fffb31c2: ; not directly referenced -mov al, byte [ebp - 0x230] -xor edi, edi -mov word [ebp + ebx*2 - 0x220], 0 -test byte [esi + 0xc4], al -jne short loc_fffb322d ; jne 0xfffb322d - -loc_fffb31dc: ; not directly referenced -inc ebx -add esi, 0x13c3 -cmp ebx, 2 -jne short loc_fffb31c2 ; jne 0xfffb31c2 - -loc_fffb31e8: ; not directly referenced -cmp word [ebp - 0x220], 0 -je loc_fffb3335 ; je 0xfffb3335 -jmp short loc_fffb319b ; jmp 0xfffb319b - -loc_fffb31f8: ; not directly referenced -mov eax, edi -mov edx, ebx -movzx ecx, al -mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -and eax, 0x1ff -cmp eax, 0x1f -jle short loc_fffb322c ; jle 0xfffb322c -mov eax, 1 -mov ecx, edi -shl eax, cl -or word [ebp + ebx*2 - 0x220], ax - -loc_fffb322c: ; not directly referenced -inc edi - -loc_fffb322d: ; not directly referenced -mov ecx, dword [ebp + 8] -mov eax, edi -cmp al, byte [ecx + 0x2488] -jb short loc_fffb31f8 ; jb 0xfffb31f8 -mov dx, word [ebp + ebx*2 - 0x220] -cmp dx, word [ebp - 0x244] -je short loc_fffb3265 ; je 0xfffb3265 - -loc_fffb324b: ; not directly referenced -movzx eax, dx -xor edi, edi -mov dword [ebp - 0x24c], eax -imul eax, dword [ebp - 0x22c], 9 -mov dword [ebp - 0x254], eax -jmp short loc_fffb32d0 ; jmp 0xfffb32d0 - -loc_fffb3265: ; not directly referenced -mov eax, dword [ebp - 0x22c] -mov al, byte [esi + eax + 0x1011] -cmp al, 0xd -ja short loc_fffb324b ; ja 0xfffb324b -mov edi, dword [ebp - 0x22c] -add eax, 2 -mov edx, ebx -shl edx, 0xa -add edx, dword [ebp - 0x25c] -mov byte [esi + edi + 0x1011], al -mov eax, dword [ebp - 0x238] -movzx ecx, byte [esi + eax + 0x1011] -mov eax, dword [ebp - 0x23c] -shl ecx, 4 -add cl, byte [esi + eax + 0x1011] -mov eax, dword [ebp + 8] -movzx ecx, cl -call fcn_fffae566 ; call 0xfffae566 -jmp near loc_fffb31dc ; jmp 0xfffb31dc - -loc_fffb32bf: ; not directly referenced -mov ecx, dword [ebp - 0x24c] -mov eax, edi -movzx eax, al -bt ecx, edi -jb short loc_fffb32e2 ; jb 0xfffb32e2 - -loc_fffb32cf: ; not directly referenced -inc edi - -loc_fffb32d0: ; not directly referenced -mov ecx, dword [ebp + 8] -mov eax, edi -cmp al, byte [ecx + 0x2488] -jb short loc_fffb32bf ; jb 0xfffb32bf -jmp near loc_fffb31dc ; jmp 0xfffb31dc - -loc_fffb32e2: ; not directly referenced -mov ecx, dword [ebp - 0x254] -lea edx, [eax + ecx] -lea edx, [esi + edx*2] -mov cx, word [edx + 0x1b1] -cmp cx, 0x7f -jbe short loc_fffb3307 ; jbe 0xfffb3307 -add ecx, 0xffffff80 -mov word [edx + 0x1b1], cx -jmp short loc_fffb3317 ; jmp 0xfffb3317 - -loc_fffb3307: ; not directly referenced -mov ecx, dword [ebp + 8] -cmp byte [ecx + 0x1965], 0 -jne loc_fffb3144 ; jne 0xfffb3144 - -loc_fffb3317: ; not directly referenced -push ecx -mov ecx, dword [ebp - 0x22c] -mov edx, ebx -push 0 -push 0xff -push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -jmp short loc_fffb32cf ; jmp 0xfffb32cf - -loc_fffb3335: ; not directly referenced -cmp word [ebp - 0x21e], 0 -jne loc_fffb319b ; jne 0xfffb319b -mov ebx, dword [ebp - 0x234] -xor esi, esi -imul edi, dword [ebp - 0x22c], 9 - -loc_fffb3352: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -jne short loc_fffb3397 ; jne 0xfffb3397 - -loc_fffb3360: ; not directly referenced -inc esi -add ebx, 0x13c3 -cmp esi, 2 -jne short loc_fffb3352 ; jne 0xfffb3352 -imul eax, dword [ebp - 0x22c], 9 -mov word [ebp - 0x220], 0 -mov word [ebp - 0x21e], 0 -mov byte [ebp - 0x254], 0x40 -mov dword [ebp - 0x25c], eax -jmp near loc_fffb3443 ; jmp 0xfffb3443 - -loc_fffb3397: ; not directly referenced -mov byte [ebp - 0x238], 0 - -loc_fffb339e: ; not directly referenced -mov edx, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [edx + 0x2488] -jae short loc_fffb3360 ; jae 0xfffb3360 -movzx eax, byte [ebp - 0x238] -mov ecx, dword [ebp - 0x22c] -lea edx, [eax + edi] -add edx, edx -add word [ebx + edx + 0x1b1], 0x40 -push edx -mov edx, esi -push 0 -push 0xff -push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -inc byte [ebp - 0x238] -jmp short loc_fffb339e ; jmp 0xfffb339e - -loc_fffb33e8: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [esi + 0xc4], al -je short loc_fffb3421 ; je 0xfffb3421 -mov byte [ebp - 0x238], 0 - -loc_fffb33fd: ; not directly referenced -mov ecx, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [ecx + 0x2488] -jb short loc_fffb3474 ; jb 0xfffb3474 -mov eax, dword [ebp - 0x244] -cmp word [ebp + ebx*2 - 0x220], ax -mov al, 0 -cmovne edi, eax - -loc_fffb3421: ; not directly referenced -inc ebx -add esi, 0x13c3 -cmp ebx, 2 -jne short loc_fffb33e8 ; jne 0xfffb33e8 -mov eax, edi -test al, al -jne loc_fffb351e ; jne 0xfffb351e -dec byte [ebp - 0x254] -je loc_fffb350e ; je 0xfffb350e - -loc_fffb3443: ; not directly referenced -push eax -mov edx, dword [ebp - 0x258] -xor ecx, ecx -push 0 -xor ebx, ebx -push 1 -mov edi, 1 -lea eax, [ebp - 0x217] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 -add esp, 0x10 -mov esi, dword [ebp - 0x234] -jmp near loc_fffb33e8 ; jmp 0xfffb33e8 - -loc_fffb3474: ; not directly referenced -movzx eax, word [ebp + ebx*2 - 0x220] -mov cl, byte [ebp - 0x238] -mov word [ebp - 0x24c], ax -movzx edx, cl -bt eax, ecx -mov dword [ebp - 0x23c], edx -jb short loc_fffb3503 ; jb 0xfffb3503 -mov eax, dword [ebp + 8] -mov ecx, edx -mov edx, ebx -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -cmp eax, 0x1f -jbe short loc_fffb34cf ; jbe 0xfffb34cf -mov cl, byte [ebp - 0x23c] -mov eax, 1 -shl eax, cl -or eax, dword [ebp - 0x24c] -mov word [ebp + ebx*2 - 0x220], ax -jmp short loc_fffb3503 ; jmp 0xfffb3503 - -loc_fffb34cf: ; not directly referenced -mov ecx, dword [ebp - 0x23c] -mov edx, dword [ebp - 0x25c] -mov eax, ecx -add eax, edx -mov edx, ebx -inc word [esi + eax*2 + 0x1b1] -push eax -mov eax, dword [ebp + 8] -push 0 -push 0xff -push ecx -mov ecx, dword [ebp - 0x22c] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 - -loc_fffb3503: ; not directly referenced -inc byte [ebp - 0x238] -jmp near loc_fffb33fd ; jmp 0xfffb33fd - -loc_fffb350e: ; not directly referenced -mov eax, dword [ebp + 8] -cmp byte [eax + 0x1965], 0 -jne loc_fffb3144 ; jne 0xfffb3144 - -loc_fffb351e: ; not directly referenced -mov ebx, dword [ebp - 0x234] -xor esi, esi -imul edi, dword [ebp - 0x22c], 9 - -loc_fffb352d: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -jne short loc_fffb354c ; jne 0xfffb354c - -loc_fffb353b: ; not directly referenced -inc esi -add ebx, 0x13c3 -cmp esi, 2 -jne short loc_fffb352d ; jne 0xfffb352d -jmp near loc_fffb2b44 ; jmp 0xfffb2b44 - -loc_fffb354c: ; not directly referenced -mov byte [ebp - 0x238], 0 - -loc_fffb3553: ; not directly referenced -mov ecx, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [ecx + 0x2488] -jae short loc_fffb353b ; jae 0xfffb353b -movzx eax, byte [ebp - 0x238] -lea edx, [eax + edi] -add edx, edx -sub word [ebx + edx + 0x1b1], 0x40 -mov edx, esi -push ecx -mov ecx, dword [ebp - 0x22c] -push 0 -push 0xff -push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -inc byte [ebp - 0x238] -jmp short loc_fffb3553 ; jmp 0xfffb3553 - -loc_fffb359d: ; not directly referenced -cmp dword [esi], 2 -je short loc_fffb35dc ; je 0xfffb35dc - -loc_fffb35a2: ; not directly referenced -inc dword [ebp - 0x22c] -add esi, 0x13c3 -add edi, 0xcc -cmp dword [ebp - 0x22c], 2 -jne short loc_fffb359d ; jne 0xfffb359d -mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a -mov edi, dword [ebp - 0x234] -mov dword [ebp - 0x22c], 0 -mov ebx, eax -jmp near loc_fffb36c5 ; jmp 0xfffb36c5 - -loc_fffb35dc: ; not directly referenced -mov edx, dword [ebp - 0x22c] -mov ecx, 0xff -mov eax, dword [ebp + 8] -call fcn_fffa7288 ; call 0xfffa7288 -mov ebx, dword [edi] -mov dword [ebp - 0x230], eax -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne short loc_fffb3616 ; jne 0xfffb3616 -mov edx, dword [ebp - 0x230] -and ebx, 0xefffffff -mov ecx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffb3616: ; not directly referenced -mov ecx, dword [edi] -xor ebx, ebx -mov edx, dword [ebp - 0x230] -mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffb3628: ; not directly referenced -mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffb3663 ; jae 0xfffb3663 -movzx eax, bl -mov edx, dword [ebp - 0x22c] -inc ebx -mov ecx, eax -mov dword [ebp - 0x230], eax -mov eax, dword [ebp + 8] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0x230] -mov ecx, dword [edi + ecx*4 + 0x28] -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb3628 ; jmp 0xfffb3628 - -loc_fffb3663: ; not directly referenced -cmp dword [ebp - 0x250], 0 -je loc_fffb35a2 ; je 0xfffb35a2 -xor ebx, ebx - -loc_fffb3672: ; not directly referenced -mov eax, 1 -mov cl, bl -shl eax, cl -test byte [esi + 0xc4], al -je short loc_fffb36ba ; je 0xfffb36ba -push edx -mov ecx, ebx -push edx -mov dl, bl -shr dl, 1 -and ecx, 1 -movzx edx, dl -imul ecx, ecx, 0x18 -imul edx, edx, 0x128 -add edx, ecx -mov ecx, eax -mov eax, dword [ebp + 8] -movzx edx, word [esi + edx + 0x1273] -push edx -mov edx, dword [ebp - 0x22c] -push 4 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 - -loc_fffb36ba: ; not directly referenced -inc ebx -cmp ebx, 4 -jne short loc_fffb3672 ; jne 0xfffb3672 -jmp near loc_fffb35a2 ; jmp 0xfffb35a2 - -loc_fffb36c5: ; not directly referenced -cmp dword [edi], 2 -jne loc_fffb3a56 ; jne 0xfffb3a56 -mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x2443] -lea eax, [ebp - 0x210] -push ecx -push 0xf000 -push 4 -push eax -call dword [ebx + 0x60] ; ucall -add esp, 0xc -push 0x1000 -push 4 -lea eax, [ebp - 0x208] -push eax -call dword [ebx + 0x60] ; ucall -add esp, 0xc -push 0 -push 4 -lea eax, [ebp - 0x21b] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0x10 -mov ebx, 2 -cmp dword [edi], 2 -jne loc_fffb3a56 ; jne 0xfffb3a56 -xor ecx, ecx -mov esi, 0x1000 -mov word [ebp - 0x230], 0xf000 - -loc_fffb372f: ; not directly referenced -mov ebx, 0xf -bt ebx, ecx -jae loc_fffb37d4 ; jae 0xfffb37d4 -mov edx, 1 -shl edx, cl -test byte [edi + 0xc4], dl -je loc_fffb37d4 ; je 0xfffb37d4 -mov ebx, dword [ebp + 8] -imul edx, ecx, 0x12 -mov bl, byte [ebx + 0x2488] -mov byte [ebp - 0x234], bl -lea ebx, [edi + edx] -xor edx, edx -mov eax, ebx - -loc_fffb3769: ; not directly referenced -cmp byte [ebp - 0x234], dl -jbe short loc_fffb37ab ; jbe 0xfffb37ab -movzx ebx, byte [edi + ecx + 0x1011] -imul ebx, ebx, 0xffffffc0 -add bx, word [eax + edx*2 + 0x1b1] -cmp word [ebp + ecx*2 - 0x210], bx -jge short loc_fffb3796 ; jge 0xfffb3796 -mov word [ebp + ecx*2 - 0x210], bx - -loc_fffb3796: ; not directly referenced -cmp word [ebp + ecx*2 - 0x208], bx -jle short loc_fffb37a8 ; jle 0xfffb37a8 -mov word [ebp + ecx*2 - 0x208], bx - -loc_fffb37a8: ; not directly referenced -inc edx -jmp short loc_fffb3769 ; jmp 0xfffb3769 - -loc_fffb37ab: ; not directly referenced -mov eax, dword [ebp - 0x230] -mov dx, word [ebp + ecx*2 - 0x210] -cmp ax, dx -cmovge edx, eax -mov word [ebp - 0x230], dx -movsx edx, word [ebp + ecx*2 - 0x208] -cmp si, dx -cmovg esi, edx - -loc_fffb37d4: ; not directly referenced -inc ecx -cmp ecx, 4 -jne loc_fffb372f ; jne 0xfffb372f -movsx eax, word [ebp - 0x230] -mov cl, 2 -xor ebx, ebx -add eax, esi -xor esi, esi -cdq -idiv ecx -mov cl, 0x40 -neg eax -add eax, 0x160 -cdq -idiv ecx -mov dword [ebp - 0x240], eax -mov byte [ebp - 0x23c], al -cbw -mov word [ebp - 0x234], ax -shl word [ebp - 0x234], 6 - -loc_fffb3819: ; not directly referenced -mov eax, 0xf -bt eax, ebx -jae loc_fffb395c ; jae 0xfffb395c -mov al, 1 -mov cl, bl -shl eax, cl -test byte [edi + 0xc4], al -je loc_fffb395c ; je 0xfffb395c -mov al, byte [ebp - 0x23c] -mov byte [ebp + ebx - 0x21b], al -mov eax, dword [ebp - 0x234] -add ax, word [ebp + ebx*2 - 0x208] -cmp ax, 0x3f -jg short loc_fffb3874 ; jg 0xfffb3874 -movsx edx, ax -mov eax, 0x7f -sub eax, edx -sar eax, 6 -add eax, dword [ebp - 0x240] -mov byte [ebp + ebx - 0x21b], al - -loc_fffb3874: ; not directly referenced -mov dl, byte [ebp + ebx - 0x21b] -movsx ax, dl -shl eax, 6 -add ax, word [ebp + ebx*2 - 0x210] -cwde -cmp eax, 0x1bf -jle short loc_fffb38a3 ; jle 0xfffb38a3 -sub eax, 0x180 -sar eax, 6 -sub edx, eax -mov byte [ebp + ebx - 0x21b], dl - -loc_fffb38a3: ; not directly referenced -mov al, byte [ebp + ebx - 0x21b] -mov ecx, esi -movsx ecx, cl -movsx edx, al -mov byte [ebp - 0x230], al -mov eax, edx -sub eax, ecx -mov cl, byte [ebp - 0x230] -sub ecx, 0xe -cmp eax, 0xf -mov al, byte [ebp - 0x230] -cmovge esi, ecx -mov ecx, esi -movsx ecx, cl -sub edx, ecx -test edx, edx -lea ecx, [eax - 1] -cmovle esi, ecx -sub al, byte [edi + ebx + 0x1011] -mov byte [ebp - 0x230], 0 -cbw -mov word [ebp - 0x238], ax -lea eax, [ebx + ebx*8] -shl word [ebp - 0x238], 6 -mov dword [ebp - 0x244], eax - -loc_fffb3908: ; not directly referenced -mov edx, dword [ebp + 8] -mov al, byte [ebp - 0x230] -cmp al, byte [edx + 0x2488] -jae short loc_fffb395c ; jae 0xfffb395c -movzx eax, byte [ebp - 0x230] -mov edx, dword [ebp - 0x244] -mov ecx, dword [ebp - 0x238] -add edx, eax -add edx, edx -add word [edi + edx + 0x1b1], cx -mov ecx, ebx -push edx -mov edx, dword [ebp - 0x22c] -push 0 -push 0xff -push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -inc byte [ebp - 0x230] -jmp short loc_fffb3908 ; jmp 0xfffb3908 - -loc_fffb395c: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffb3819 ; jne 0xfffb3819 -mov eax, dword [ebp - 0x22c] -mov ebx, esi -shl eax, 0xa -add eax, 0x4028 -mov dword [ebp - 0x234], eax -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -test bl, bl -jns short loc_fffb39aa ; jns 0xfffb39aa -mov edx, eax -mov ecx, esi -shr edx, 0x10 -neg ecx -and edx, 0x3f -movzx ecx, cl -cmp edx, ecx -mov ebx, 7 -mov edx, 0 -cmovge ebx, edx -jmp short loc_fffb39cb ; jmp 0xfffb39cb - -loc_fffb39aa: ; not directly referenced -je short loc_fffb39c9 ; je 0xfffb39c9 -mov edx, eax -mov ebx, esi -shr edx, 0x10 -movsx ecx, bl -not edx -xor ebx, ebx -and edx, 0x3f -cmp ecx, edx -mov edx, 7 -cmovg ebx, edx -jmp short loc_fffb39cb ; jmp 0xfffb39cb - -loc_fffb39c9: ; not directly referenced -xor ebx, ebx - -loc_fffb39cb: ; not directly referenced -mov edx, eax -and eax, 0xffc00000 -shr edx, 0x10 -add edx, esi -and edx, 0x3f -mov ecx, edx -shl ecx, 0x10 -mov dword [ebp - 0x230], eax -or dword [ebp - 0x230], ecx -mov dword [edi + 0x1019], edx -xor edx, edx - -loc_fffb39f3: ; not directly referenced -mov eax, 0xf -bt eax, edx -jae short loc_fffb3a1d ; jae 0xfffb3a1d -mov al, 1 -mov cl, dl -shl eax, cl -test byte [edi + 0xc4], al -je short loc_fffb3a1d ; je 0xfffb3a1d -mov cl, byte [ebp + edx - 0x21b] -mov eax, esi -sub ecx, eax -mov byte [edi + edx + 0x1011], cl - -loc_fffb3a1d: ; not directly referenced -mov cl, byte [edi + edx + 0x1011] -mov eax, ecx -and eax, 0xf -lea ecx, [edx*4] -inc edx -shl eax, cl -or eax, dword [ebp - 0x230] -cmp edx, 4 -je short loc_fffb3a46 ; je 0xfffb3a46 -mov dword [ebp - 0x230], eax -jmp short loc_fffb39f3 ; jmp 0xfffb39f3 - -loc_fffb3a46: ; not directly referenced -mov ecx, eax -mov edx, dword [ebp - 0x234] -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb3a56: ; not directly referenced -inc dword [ebp - 0x22c] -add edi, 0x13c3 -cmp dword [ebp - 0x22c], 2 -jne loc_fffb36c5 ; jne 0xfffb36c5 -mov eax, ebx - -loc_fffb3a71: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb3a79: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, ecx -push esi -mov esi, eax -push ebx -sub esp, 0x50 -mov al, byte [ecx + 0x539] -push 0 -push 5 -mov bl, al -mov eax, dword [esi + 0x2443] -mov byte [ebp - 0x2d], dl -lea edx, [ebp - 0x1d] -push edx -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -mov al, 0 -cmp dword [ebp + 0xc], 0 -cmovne ebx, eax -xor eax, eax -mov byte [ebp - 0x2e], bl - -loc_fffb3ab3: ; not directly referenced -cmp byte [ebp - 0x2e], al -jbe short loc_fffb3ad6 ; jbe 0xfffb3ad6 -movzx edx, byte [edi + eax + 0x534] -xor ecx, ecx -cmp dl, 5 -ja short loc_fffb3ace ; ja 0xfffb3ace -movzx ecx, byte [edx + ref_fffd3ec8] ; movzx ecx, byte [edx - 0x2c138] - -loc_fffb3ace: ; not directly referenced -mov byte [ebp + ecx - 0x1d], 1 -inc eax -jmp short loc_fffb3ab3 ; jmp 0xfffb3ab3 - -loc_fffb3ad6: ; not directly referenced -cmp dword [ebp + 8], 0 -jne short loc_fffb3af4 ; jne 0xfffb3af4 -movzx ecx, byte [edi + 8] -sub esp, 0xc -xor edx, edx -push 1 -mov eax, esi -call fcn_fffa83c9 ; call 0xfffa83c9 -add esp, 0x10 -mov dword [edi + 9], eax - -loc_fffb3af4: ; not directly referenced -lea eax, [esi + 0x3756] -mov ebx, edi -mov dword [ebp - 0x34], eax -movzx eax, byte [ebp - 0x2d] -mov dword [ebp - 0x2c], 0 -mov dword [ebp - 0x50], eax - -loc_fffb3b0d: ; not directly referenced -mov eax, dword [ebp - 0x34] -cmp dword [eax], 2 -je short loc_fffb3b30 ; je 0xfffb3b30 - -loc_fffb3b15: ; not directly referenced -inc dword [ebp - 0x2c] -add ebx, 2 -add dword [ebp - 0x34], 0x13c3 -cmp dword [ebp - 0x2c], 2 -jne short loc_fffb3b0d ; jne 0xfffb3b0d -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -loc_fffb3b30: ; not directly referenced -mov eax, dword [ebp - 0x50] -mov ecx, dword [ebp - 0x2c] -bt eax, ecx -jae short loc_fffb3b15 ; jae 0xfffb3b15 -mov eax, dword [ebp - 0x34] -mov byte [ebp - 0x2d], 1 -cmp dword [eax + 0xc0], 1 -jne short loc_fffb3b5a ; jne 0xfffb3b5a -mov al, byte [ebx + 4] -mov byte [ebp - 0x2d], 0 -mov byte [ebx], al -mov al, byte [ebx + 5] -mov byte [ebx + 1], al - -loc_fffb3b5a: ; not directly referenced -mov eax, dword [esi + 0x1887] -cmp eax, 0x306d0 -sete dl -cmp eax, 0x40650 -sete al -or dl, al -je short loc_fffb3b83 ; je 0xfffb3b83 -mov byte [ebx], 0 -mov byte [ebx + 1], 0 -mov byte [ebx + 5], 0 -mov byte [ebp - 0x2d], 1 - -loc_fffb3b83: ; not directly referenced -mov dl, byte [ebx + 4] -mov ecx, 3 -push 1 -mov al, dl -movzx edx, byte [ebx] -mul byte [ebp - 0x2d] -shl eax, 4 -add eax, edx -mov edx, dword [ebp - 0x2c] -movzx eax, ax -push eax -mov eax, esi -push 7 -push 0 -call fcn_fffafdb2 ; call 0xfffafdb2 -mov dl, byte [ebx + 5] -mov ecx, 0xc -mov al, byte [ebp - 0x2d] -push 1 -mul dl -movzx edx, byte [ebx + 1] -shl eax, 4 -add eax, edx -mov edx, dword [ebp - 0x2c] -movzx eax, ax -push eax -mov eax, esi -push 7 -push 0 -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x20 -cmp byte [ebp - 0x2e], 0 -je loc_fffb3b15 ; je 0xfffb3b15 -imul eax, dword [ebp - 0x2c], 9 -mov byte [ebp - 0x2d], 0 -mov dword [ebp - 0x4c], eax -mov dword [ebp - 0x48], eax - -loc_fffb3bf1: ; not directly referenced -mov al, byte [ebp - 0x2d] -cmp al, byte [esi + 0x2488] -jae loc_fffb3b15 ; jae 0xfffb3b15 -cmp byte [ebp - 0x1d], 0 -je short loc_fffb3c2e ; je 0xfffb3c2e -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x48] -push 1 -lea edx, [eax + ecx + 0x28] -mov ecx, 0xf -movsx edx, word [edi + edx*2 + 7] -push edx -mov edx, dword [ebp - 0x2c] -push 6 -push eax -mov eax, esi -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 - -loc_fffb3c2e: ; not directly referenced -cmp byte [ebp - 0x1c], 0 -je short loc_fffb3c5f ; je 0xfffb3c5f -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x48] -push 1 -lea edx, [eax + ecx + 0xa4] -mov ecx, 0xf -movsx edx, word [edi + edx*2 + 7] -push edx -mov edx, dword [ebp - 0x2c] -push 0 -push eax -mov eax, esi -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 - -loc_fffb3c5f: ; not directly referenced -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x4c] -mov dword [ebp - 0x40], 0 -mov dword [ebp - 0x44], eax -lea edx, [eax + ecx] -lea edx, [edx + edx + 0x33f] -lea ecx, [edi + edx] -mov dword [ebp - 0x3c], ecx - -loc_fffb3c80: ; not directly referenced -mov cl, byte [ebp - 0x40] -mov dword [ebp - 0x38], 1 -shl dword [ebp - 0x38], cl -mov ecx, dword [ebp - 0x34] -mov al, byte [ebp - 0x38] -test byte [ecx + 0xc4], al -je short loc_fffb3ce7 ; je 0xfffb3ce7 -cmp byte [ebp - 0x1b], 0 -je short loc_fffb3cc3 ; je 0xfffb3cc3 -mov eax, dword [ebp - 0x3c] -push 1 -mov ecx, dword [ebp - 0x38] -mov edx, dword [ebp - 0x2c] -movsx eax, word [eax - 0xf8] -push eax -mov eax, esi -push 5 -push dword [ebp - 0x44] -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 - -loc_fffb3cc3: ; not directly referenced -cmp byte [ebp - 0x1a], 0 -je short loc_fffb3ce7 ; je 0xfffb3ce7 -mov eax, dword [ebp - 0x3c] -push 1 -mov ecx, dword [ebp - 0x38] -mov edx, dword [ebp - 0x2c] -movsx eax, word [eax] -push eax -mov eax, esi -push 4 -push dword [ebp - 0x44] -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 - -loc_fffb3ce7: ; not directly referenced -inc dword [ebp - 0x40] -add dword [ebp - 0x3c], 0x3e -cmp dword [ebp - 0x40], 4 -jne short loc_fffb3c80 ; jne 0xfffb3c80 -inc byte [ebp - 0x2d] -jmp near loc_fffb3bf1 ; jmp 0xfffb3bf1 - -fcn_fffb3cfc: ; not directly referenced +fcn_fffb3e25: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -26851,132 +26965,49 @@ mov al, byte [eax] pop ebp ret -fcn_fffb3d06: -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov ax, word [eax] -pop ebp -ret - -fcn_fffb3d11: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3d06 ; jmp 0xfffb3d06 - -fcn_fffb3d20: ; not directly referenced +fcn_fffb3e2f: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] -mov word [edx], ax +mov byte [edx], al pop ebp ret -fcn_fffb3d2e: ; not directly referenced +fcn_fffb3e3c: ; not directly referenced push ebp mov ebp, esp -movzx eax, word [ebp + 0x18] -mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3d20 ; jmp 0xfffb3d20 - -fcn_fffb3d44: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov al, byte [eax] +mov edx, dword [ebp + 0x18] +mov byte [eax], dl pop ebp ret -fcn_fffb3d4e: +fcn_fffb3e49: push ebp mov ebp, esp mov eax, dword [ebp + 8] -mov eax, dword [eax] -pop ebp -ret - -fcn_fffb3d58: -mov eax, dword [0xff7d0084] -push ebp -mov ebp, esp -mov eax, dword [eax + 0x14] -add eax, 0xfb020 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -leave -and eax, 0xffe0 -ret - -fcn_fffb3d75: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3d4e ; jmp 0xfffb3d4e - -fcn_fffb3d84: -push ebp -mov ebp, esp -mov eax, dword [ebp + 0xc] -mov edx, dword [ebp + 8] -mov dword [edx], eax +mov ax, word [eax] pop ebp ret -fcn_fffb3d91: ; not directly referenced +fcn_fffb3e54: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 0x18] -mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_fffb3d84 ; jmp 0xfffb3d84 +jmp near fcn_fffb3e49 ; jmp 0xfffb3e49 -fcn_fffb3da6: ; not directly referenced +fcn_fffb3e63: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] -mov edx, dword [ebp + 0x18] -mov byte [eax], dl -pop ebp -ret - -fcn_fffb3db3: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0xc] -mov edx, dword [ebp + 8] -mov byte [edx], al -pop ebp -ret - -fcn_fffb3dc0: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov edx, dword [eax + 4] -mov eax, dword [eax] +mov al, byte [eax] pop ebp ret -fcn_fffb3dcd: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3dc0 ; jmp 0xfffb3dc0 - -fcn_fffb3ddc: ; not directly referenced +fcn_fffb3e6d: ; not directly referenced push ebp mov ecx, 0xfffff mov ebp, esp @@ -26987,23 +27018,23 @@ mov esi, dword [ebp + 0x1c] push ebx mov ebx, dword [ebp + 8] -loc_fffb3df0: ; not directly referenced +loc_fffb3e81: ; not directly referenced mov al, 0xa mov edx, 0x70 out dx, al mov dl, 0x71 in al, dx test al, al -jns short loc_fffb3e04 ; jns 0xfffb3e04 +jns short loc_fffb3e95 ; jns 0xfffb3e95 dec ecx -jne short loc_fffb3df0 ; jne 0xfffb3df0 -jmp short loc_fffb3e08 ; jmp 0xfffb3e08 +jne short loc_fffb3e81 ; jne 0xfffb3e81 +jmp short loc_fffb3e99 ; jmp 0xfffb3e99 -loc_fffb3e04: ; not directly referenced +loc_fffb3e95: ; not directly referenced test ecx, ecx -jne short loc_fffb3e39 ; jne 0xfffb3e39 +jne short loc_fffb3eca ; jne 0xfffb3eca -loc_fffb3e08: ; not directly referenced +loc_fffb3e99: ; not directly referenced mov edx, 0x70 mov al, 0xb out dx, al @@ -27033,7 +27064,7 @@ mov al, 2 mov dl, 0x71 out dx, al -loc_fffb3e39: ; not directly referenced +loc_fffb3eca: ; not directly referenced mov edx, 0x70 xor eax, eax out dx, al @@ -27130,115 +27161,128 @@ pop edi pop ebp ret -fcn_fffb3f0f: ; not directly referenced +fcn_fffb3fa0: ; not directly referenced push ebp mov ebp, esp +mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] -in ax, dx +mov word [edx], ax pop ebp ret -fcn_fffb3f19: ; not directly referenced +fcn_fffb3fae: ; not directly referenced push ebp mov ebp, esp +movzx eax, word [ebp + 0x18] +mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_fffb3f0f ; jmp 0xfffb3f0f +jmp near fcn_fffb3fa0 ; jmp 0xfffb3fa0 -fcn_fffb3f28: ; not directly referenced +fcn_fffb3fc4: +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov eax, dword [eax] +pop ebp +ret + +fcn_fffb3fce: +mov eax, dword [0xff7d0084] +push ebp +mov ebp, esp +mov eax, dword [eax + 0x14] +add eax, 0xfb020 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +leave +and eax, 0xffe0 +ret + +fcn_fffb3feb: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb3fc4 ; jmp 0xfffb3fc4 + +fcn_fffb3ffa: push ebp mov ebp, esp mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] -out dx, ax +mov dword [edx], eax pop ebp ret -fcn_fffb3f35: ; not directly referenced +fcn_fffb4007: ; not directly referenced push ebp mov ebp, esp -movzx eax, word [ebp + 0x18] +mov eax, dword [ebp + 0x18] mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_fffb3f28 ; jmp 0xfffb3f28 +jmp near fcn_fffb3ffa ; jmp 0xfffb3ffa -fcn_fffb3f4b: ; not directly referenced +fcn_fffb401c: ; not directly referenced push ebp mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x1c -mov eax, dword [0xff7d0084] -mov edi, dword [eax + 0x14] -lea esi, [edi + 0xb0044] -add edi, 0xb0040 -push esi -call fcn_fffb3d4e ; call 0xfffb3d4e -push edi -mov ebx, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -pop ecx -pop edi -mov edx, eax -shr edx, 0x10 -and edx, 0xf -cmp dl, 2 -jne short loc_fffb3f89 ; jne 0xfffb3f89 - -loc_fffb3f85: ; not directly referenced -xor eax, eax -jmp short loc_fffb3fe4 ; jmp 0xfffb3fe4 - -loc_fffb3f89: ; not directly referenced -movzx eax, ah -test al, 0xf0 -jne short loc_fffb3f85 ; jne 0xfffb3f85 -lea eax, [ebp - 0x1c] -xor edi, edi -push eax -push 0 -push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f -add esp, 0x10 +mov eax, dword [ebp + 8] +mov edx, dword [eax + 4] +mov eax, dword [eax] +pop ebp +ret -loc_fffb3fa7: ; not directly referenced -test ebx, 0x10000 -jne short loc_fffb3fd7 ; jne 0xfffb3fd7 -cmp edi, 0x1388 -je short loc_fffb3f85 ; je 0xfffb3f85 -mov eax, dword [ebp - 0x1c] -inc edi -push edx -push 0x3e8 -push eax -push dword [ebp + 8] -call dword [eax + 4] ; ucall -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -add esp, 0x10 -mov ebx, eax -jmp short loc_fffb3fa7 ; jmp 0xfffb3fa7 +fcn_fffb4029: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb401c ; jmp 0xfffb401c -loc_fffb3fd7: ; not directly referenced -cmp edi, 0x1388 -je short loc_fffb3f85 ; je 0xfffb3f85 -mov eax, ebx -and eax, 0x3f +fcn_fffb4038: ; not directly referenced +push ebp +mov ebp, esp +mov edx, dword [ebp + 0x10] +in al, dx +pop ebp +ret -loc_fffb3fe4: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi +fcn_fffb4041: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov dl, al +mov cl, al +sar dl, 7 +and eax, 0x7f +sar cl, 7 +and edx, 2 +and ecx, 2 +add edx, 0x74 +add ecx, 0x75 +movzx edx, dl +out dx, al +movzx edx, cl +in al, dx pop ebp ret -fcn_fffb3fec: ; not directly referenced +fcn_fffb406a: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x18] +mov dword [ebp + 0xc], eax +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb0086 ; jmp 0xfffb0086 + +fcn_fffb407f: ; not directly referenced push ebp mov ebp, esp push edi @@ -27246,7 +27290,7 @@ mov edi, eax push esi push ebx sub esp, 0x5c -mov edi, dword [edi + 0x5edc] +mov edi, dword [edi + 0x5edd] mov dword [ebp - 0x3c], eax mov eax, edx mov dword [ebp - 0x4c], edx @@ -27258,47 +27302,47 @@ xor edi, edi cmp dl, 2 sete byte [ebp - 0x46] test al, 0xfd -jne short loc_fffb404c ; jne 0xfffb404c +jne short loc_fffb40df ; jne 0xfffb40df mov eax, dword [ebp - 0x3c] mov edx, 0x3a00 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x3c] mov dl, al and edx, 0x3f cmp dword [ecx + 0x188b], 0 -jne short loc_fffb4041 ; jne 0xfffb4041 +jne short loc_fffb40d4 ; jne 0xfffb40d4 shr eax, 0x1a -jmp short loc_fffb4044 ; jmp 0xfffb4044 +jmp short loc_fffb40d7 ; jmp 0xfffb40d7 -loc_fffb4041: ; not directly referenced +loc_fffb40d4: ; not directly referenced shr eax, 0x14 -loc_fffb4044: ; not directly referenced +loc_fffb40d7: ; not directly referenced and eax, 0x1f mov byte [ebp - 0x3d], al -jmp short loc_fffb406b ; jmp 0xfffb406b +jmp short loc_fffb40fe ; jmp 0xfffb40fe -loc_fffb404c: ; not directly referenced +loc_fffb40df: ; not directly referenced mov al, byte [ebp - 0x4c] sub eax, 0xa cmp al, 1 -ja short loc_fffb4065 ; ja 0xfffb4065 +ja short loc_fffb40f8 ; ja 0xfffb40f8 mov eax, dword [ebp - 0x3c] mov edx, 0x3a08 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, eax -loc_fffb4065: ; not directly referenced +loc_fffb40f8: ; not directly referenced mov byte [ebp - 0x3d], 0 xor edx, edx -loc_fffb406b: ; not directly referenced +loc_fffb40fe: ; not directly referenced mov eax, dword [ebp - 0x4c] cmp al, 0xb -ja loc_fffb415f ; ja 0xfffb415f -jmp dword [eax*4 + ref_fffd3ee0] ; ujmp: jmp dword [eax*4 - 0x2c120] +ja loc_fffb41f2 ; ja 0xfffb41f2 +jmp dword [eax*4 + ref_fffd399c] ; ujmp: jmp dword [eax*4 - 0x2c664] -loc_fffb407d: ; not directly referenced +loc_fffb4110: ; not directly referenced shr esi, 0xb and esi, 0xf mov eax, esi @@ -27311,15 +27355,15 @@ mov byte [ebp - 0x44], 0 mov byte [ebp - 0x40], 0xf8 mov byte [ebp - 0x45], 7 mov byte [ebp - 0x3f], 1 -jmp near loc_fffb4175 ; jmp 0xfffb4175 +jmp near loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb40ab: ; not directly referenced +loc_fffb413e: ; not directly referenced mov eax, dword [ebp - 0x3c] mov edx, 0x3a04 shr esi, 0xf and esi, 0x1f mov edi, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov byte [ebp - 0x44], 0 mov byte [ebp - 0x40], 0xf0 mov byte [ebp - 0x45], 0xf @@ -27329,9 +27373,9 @@ mov eax, esi or eax, 0xffffffe0 test esi, 0x10 cmovne edi, eax -jmp near loc_fffb4171 ; jmp 0xfffb4171 +jmp near loc_fffb4204 ; jmp 0xfffb4204 -loc_fffb40e5: ; not directly referenced +loc_fffb4178: ; not directly referenced mov eax, ebx mov edi, ebx shr eax, 4 @@ -27341,9 +27385,9 @@ mov byte [ebp - 0x44], al mov byte [ebp - 0x40], 4 mov byte [ebp - 0x45], 0xf mov byte [ebp - 0x3f], 5 -jmp short loc_fffb4175 ; jmp 0xfffb4175 +jmp short loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb4103: ; not directly referenced +loc_fffb4196: ; not directly referenced shr edi, 0xc mov eax, edi shr esi, 0x14 @@ -27359,9 +27403,9 @@ mov byte [ebp - 0x44], 0 mov byte [ebp - 0x40], 0xf8 mov byte [ebp - 0x45], 7 mov byte [ebp - 0x3f], 2 -jmp short loc_fffb4175 ; jmp 0xfffb4175 +jmp short loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb4136: ; not directly referenced +loc_fffb41c9: ; not directly referenced mov eax, edi and eax, 0x3f mov byte [ebp - 0x3d], al @@ -27375,26 +27419,26 @@ and edi, 0xf mov byte [ebp - 0x40], 4 mov byte [ebp - 0x45], 0xf mov byte [ebp - 0x3f], 6 -jmp short loc_fffb4175 ; jmp 0xfffb4175 +jmp short loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb415f: ; not directly referenced +loc_fffb41f2: ; not directly referenced mov byte [ebp - 0x44], 0 xor edi, edi mov byte [ebp - 0x40], 0 mov byte [ebp - 0x45], 0 mov byte [ebp - 0x3d], 0 -loc_fffb4171: ; not directly referenced +loc_fffb4204: ; not directly referenced mov byte [ebp - 0x3f], 0 -loc_fffb4175: ; not directly referenced +loc_fffb4208: ; not directly referenced mov eax, dword [ebp - 0x3c] xor ebx, ebx xor esi, esi mov ecx, dword [ebp - 0x58] mov byte [ebp - 0x47], 0 mov word [ebp - 0x58], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x54], eax lea eax, [ebp - 0x2a] add ecx, 0x1c @@ -27403,13 +27447,13 @@ mov al, byte [ebp - 0x3e] sub eax, 0xa mov byte [ebp - 0x5e], al -loc_fffb41a3: ; not directly referenced +loc_fffb4236: ; not directly referenced mov eax, dword [ebp - 0x54] cmp dword [eax], 2 -jne loc_fffb4269 ; jne 0xfffb4269 +jne loc_fffb42fc ; jne 0xfffb42fc mov eax, dword [ebp - 0x3c] mov edx, dword [ecx + 0x4c] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x5d], al mov eax, edx shr eax, 9 @@ -27420,51 +27464,51 @@ xor edx, edx and eax, 0x1f mov byte [ebp - 0x48], al -loc_fffb41d3: ; not directly referenced +loc_fffb4266: ; not directly referenced cmp byte [ebp - 0x5d], dl -jbe loc_fffb4266 ; jbe 0xfffb4266 +jbe loc_fffb42f9 ; jbe 0xfffb42f9 cmp byte [ebp - 0x3e], 0 mov eax, dword [ecx + edx*4 + 0x78] -jne short loc_fffb41ef ; jne 0xfffb41ef +jne short loc_fffb4282 ; jne 0xfffb4282 mov esi, eax mov bl, 6 and esi, 0x3f -jmp short loc_fffb4229 ; jmp 0xfffb4229 +jmp short loc_fffb42bc ; jmp 0xfffb42bc -loc_fffb41ef: ; not directly referenced +loc_fffb4282: ; not directly referenced cmp byte [ebp - 0x3e], 1 -jne short loc_fffb41ff ; jne 0xfffb41ff +jne short loc_fffb4292 ; jne 0xfffb4292 shr eax, 0xc mov esi, eax and esi, 0x1f -jmp short loc_fffb420a ; jmp 0xfffb420a +jmp short loc_fffb429d ; jmp 0xfffb429d -loc_fffb41ff: ; not directly referenced +loc_fffb4292: ; not directly referenced cmp byte [ebp - 0x46], 0 -je short loc_fffb420e ; je 0xfffb420e +je short loc_fffb42a1 ; je 0xfffb42a1 shr eax, 0x1b mov esi, eax -loc_fffb420a: ; not directly referenced +loc_fffb429d: ; not directly referenced mov bl, 5 -jmp short loc_fffb4229 ; jmp 0xfffb4229 +jmp short loc_fffb42bc ; jmp 0xfffb42bc -loc_fffb420e: ; not directly referenced +loc_fffb42a1: ; not directly referenced mov al, byte [ebp - 0x3e] cmp al, 0xa -je short loc_fffb4224 ; je 0xfffb4224 +je short loc_fffb42b7 ; je 0xfffb42b7 cmp al, 0xb mov al, byte [ebp - 0x48] cmove esi, eax mov al, 5 cmove ebx, eax -jmp short loc_fffb4229 ; jmp 0xfffb4229 +jmp short loc_fffb42bc ; jmp 0xfffb42bc -loc_fffb4224: ; not directly referenced +loc_fffb42b7: ; not directly referenced mov esi, dword [ebp - 0x5c] mov bl, 4 -loc_fffb4229: ; not directly referenced +loc_fffb42bc: ; not directly referenced push eax movzx eax, bl push 8 @@ -27474,7 +27518,7 @@ movzx eax, al push eax mov dword [ebp - 0x68], edx mov dword [ebp - 0x64], ecx -call fcn_fffac7e7 ; call 0xfffac7e7 +call fcn_fffb15dc ; call 0xfffb15dc mov edx, dword [ebp - 0x68] add esp, 0x10 movsx cx, al @@ -27485,18 +27529,18 @@ mov byte [ecx + edx], al inc edx mov ecx, dword [ebp - 0x64] cmp byte [ebp - 0x5e], 2 -ja loc_fffb41d3 ; ja 0xfffb41d3 +ja loc_fffb4266 ; ja 0xfffb4266 -loc_fffb4266: ; not directly referenced +loc_fffb42f9: ; not directly referenced inc byte [ebp - 0x47] -loc_fffb4269: ; not directly referenced +loc_fffb42fc: ; not directly referenced add dword [ebp - 0x50], 9 add ecx, 0xcc add dword [ebp - 0x54], 0x13c3 lea eax, [ebp - 0x18] cmp dword [ebp - 0x50], eax -jne loc_fffb41a3 ; jne 0xfffb41a3 +jne loc_fffb4236 ; jne 0xfffb4236 movsx ebx, word [ebp - 0x58] movzx ecx, byte [ebp - 0x47] mov eax, ebx @@ -27506,34 +27550,34 @@ cmp byte [ebp - 0x4c], 2 mov byte [ebp - 0x54], al movsx eax, al mov dword [ebp - 0x50], ebx -ja short loc_fffb42c6 ; ja 0xfffb42c6 +ja short loc_fffb4359 ; ja 0xfffb4359 mov esi, dword [ebp - 0x3c] imul eax, ecx mov ebx, 2 -movzx esi, byte [esi + 0x2488] +movzx esi, byte [esi + 0x2489] imul eax, esi imul ecx, esi cdq idiv ebx add eax, dword [ebp - 0x50] -jmp short loc_fffb42d4 ; jmp 0xfffb42d4 +jmp short loc_fffb4367 ; jmp 0xfffb4367 -loc_fffb42c6: ; not directly referenced +loc_fffb4359: ; not directly referenced imul eax, ecx mov esi, 2 cdq idiv esi add eax, dword [ebp - 0x50] -loc_fffb42d4: ; not directly referenced +loc_fffb4367: ; not directly referenced cdq idiv ecx test ax, ax -jne short loc_fffb42e5 ; jne 0xfffb42e5 +jne short loc_fffb4378 ; jne 0xfffb4378 movzx eax, byte [ebp - 0x3d] -jmp near loc_fffb447c ; jmp 0xfffb447c +jmp near loc_fffb450f ; jmp 0xfffb450f -loc_fffb42e5: ; not directly referenced +loc_fffb4378: ; not directly referenced movsx eax, al cdq mov ecx, edx @@ -27544,10 +27588,10 @@ mov byte [ebp - 0x47], cl sete dl or dl, byte [ebp - 0x46] mov byte [ebp - 0x58], dl -je short loc_fffb4304 ; je 0xfffb4304 +je short loc_fffb4397 ; je 0xfffb4397 neg byte [ebp - 0x54] -loc_fffb4304: ; not directly referenced +loc_fffb4397: ; not directly referenced mov bl, byte [ebp - 0x54] mov dl, byte [ebp - 0x3d] mov esi, dword [ebp - 0x44] @@ -27560,13 +27604,13 @@ mov ebx, edi mov byte [ebp - 0x4c], bl mov dword [ebp - 0x5c], eax -loc_fffb4322: ; not directly referenced +loc_fffb43b5: ; not directly referenced mov al, byte [ebp - 0x50] mov bl, 1 mov byte [ebp - 0x3d], al lea eax, [edx - 3] cmp al, 0x39 -ja short loc_fffb4344 ; ja 0xfffb4344 +ja short loc_fffb43d7 ; ja 0xfffb43d7 mov al, byte [ebp - 0x45] mov cl, byte [ebp - 0x50] cmp cl, al @@ -27575,9 +27619,9 @@ cmp byte [ebp - 0x40], cl setg al or ebx, eax -loc_fffb4344: ; not directly referenced +loc_fffb43d7: ; not directly referenced cmp byte [ebp - 0x58], 0 -je short loc_fffb435f ; je 0xfffb435f +je short loc_fffb43f2 ; je 0xfffb43f2 mov cl, byte [ebp - 0x50] mov al, 0 cmp cl, 0x10 @@ -27587,15 +27631,15 @@ shl eax, 4 add eax, ecx mov byte [ebp - 0x3d], al -loc_fffb435f: ; not directly referenced +loc_fffb43f2: ; not directly referenced test bl, bl -jne short loc_fffb43a8 ; jne 0xfffb43a8 +jne short loc_fffb443b ; jne 0xfffb443b movsx ecx, byte [ebp - 0x3d] sub esp, 0xc movzx edx, byte [ebp - 0x3f] mov eax, dword [ebp - 0x3c] push 0 -call fcn_fffa83c9 ; call 0xfffa83c9 +call fcn_fffa8377 ; call 0xfffa8377 mov ecx, dword [ebp - 0x5c] add esp, 0x10 mov dl, al @@ -27606,64 +27650,64 @@ sar ecx, 0x1f xor eax, ecx sub eax, ecx cmp al, byte [ebp - 0x47] -jae short loc_fffb43a8 ; jae 0xfffb43a8 +jae short loc_fffb443b ; jae 0xfffb443b cmp al, byte [ebp - 0x46] -jae short loc_fffb43aa ; jae 0xfffb43aa +jae short loc_fffb443d ; jae 0xfffb443d mov cl, byte [ebp - 0x3d] test al, al sete bl mov byte [ebp - 0x46], al mov byte [ebp - 0x4c], cl -jmp short loc_fffb43aa ; jmp 0xfffb43aa +jmp short loc_fffb443d ; jmp 0xfffb443d -loc_fffb43a8: ; not directly referenced +loc_fffb443b: ; not directly referenced mov bl, 1 -loc_fffb43aa: ; not directly referenced +loc_fffb443d: ; not directly referenced mov al, byte [ebp - 0x54] add byte [ebp - 0x50], al test bl, bl -je loc_fffb4322 ; je 0xfffb4322 +je loc_fffb43b5 ; je 0xfffb43b5 mov bl, byte [ebp - 0x4c] mov eax, edi movzx edx, byte [ebp - 0x3f] cmp bl, al -je loc_fffb4452 ; je 0xfffb4452 +je loc_fffb44e5 ; je 0xfffb44e5 mov eax, dword [ebp - 0x3c] sub esp, 0xc movzx ecx, bl push 1 xor ebx, ebx -call fcn_fffa83c9 ; call 0xfffa83c9 +call fcn_fffa8377 ; call 0xfffa8377 movzx esi, byte [ebp - 0x3e] add esp, 0x10 mov byte [ebp - 0x3f], al movzx edi, al -loc_fffb43e8: ; not directly referenced +loc_fffb447b: ; not directly referenced imul eax, ebx, 0x13c3 mov edx, dword [ebp - 0x3c] -cmp dword [edx + eax + 0x3756], 2 -je short loc_fffb4403 ; je 0xfffb4403 +cmp dword [edx + eax + 0x3757], 2 +je short loc_fffb4496 ; je 0xfffb4496 -loc_fffb43fb: ; not directly referenced +loc_fffb448e: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffb43e8 ; jne 0xfffb43e8 -jmp short loc_fffb4478 ; jmp 0xfffb4478 +jne short loc_fffb447b ; jne 0xfffb447b +jmp short loc_fffb450b ; jmp 0xfffb450b -loc_fffb4403: ; not directly referenced +loc_fffb4496: ; not directly referenced lea eax, [ebx + ebx*8] lea edx, [ebp - 0x18] add eax, edx mov byte [ebp - 0x3d], 0 mov dword [ebp - 0x44], eax -loc_fffb4412: ; not directly referenced +loc_fffb44a5: ; not directly referenced mov edx, dword [ebp - 0x3c] mov al, byte [ebp - 0x3d] -cmp al, byte [edx + 0x2488] -jae short loc_fffb43fb ; jae 0xfffb43fb +cmp al, byte [edx + 0x2489] +jae short loc_fffb448e ; jae 0xfffb448e movzx edx, byte [ebp - 0x3d] xor ecx, ecx mov eax, dword [ebp - 0x44] @@ -27676,35 +27720,35 @@ mov eax, dword [ebp - 0x3c] push esi push edx mov edx, ebx -call fcn_fffafdb2 ; call 0xfffafdb2 +call fcn_fffa972b ; call 0xfffa972b mov al, byte [ebp - 0x3e] add esp, 0x10 sub eax, 0xa cmp al, 2 -jbe short loc_fffb43fb ; jbe 0xfffb43fb +jbe short loc_fffb448e ; jbe 0xfffb448e inc byte [ebp - 0x3d] -jmp short loc_fffb4412 ; jmp 0xfffb4412 +jmp short loc_fffb44a5 ; jmp 0xfffb44a5 -loc_fffb4452: ; not directly referenced +loc_fffb44e5: ; not directly referenced cmp byte [ebp - 0x58], 0 -je short loc_fffb4461 ; je 0xfffb4461 +je short loc_fffb44f4 ; je 0xfffb44f4 mov al, byte [ebp - 0x44] shl eax, 4 add byte [ebp - 0x4c], al -loc_fffb4461: ; not directly referenced +loc_fffb44f4: ; not directly referenced movzx ecx, byte [ebp - 0x4c] sub esp, 0xc mov eax, dword [ebp - 0x3c] push 1 -call fcn_fffa83c9 ; call 0xfffa83c9 +call fcn_fffa8377 ; call 0xfffa8377 add esp, 0x10 mov byte [ebp - 0x3f], al -loc_fffb4478: ; not directly referenced +loc_fffb450b: ; not directly referenced movzx eax, byte [ebp - 0x3f] -loc_fffb447c: ; not directly referenced +loc_fffb450f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -27712,7 +27756,7 @@ pop edi pop ebp ret -fcn_fffb4484: ; not directly referenced +fcn_fffb4517: ; not directly referenced push ebp mov ebp, esp push edi @@ -27726,23 +27770,23 @@ mov byte [ebp - 0x1a], 1 lea edi, [ebp - 0x18] mov byte [ebp - 0x19], 2 -loc_fffb44a2: ; not directly referenced +loc_fffb4535: ; not directly referenced movzx edx, byte [esi] mov eax, ebx inc esi -call fcn_fffb3fec ; call 0xfffb3fec +call fcn_fffb407f ; call 0xfffb407f cmp esi, edi -jne short loc_fffb44a2 ; jne 0xfffb44a2 +jne short loc_fffb4535 ; jne 0xfffb4535 cmp dword [ebx + 0x188b], 1 -jne short loc_fffb44d2 ; jne 0xfffb44d2 +jne short loc_fffb4565 ; jne 0xfffb4565 mov edx, 0xa mov eax, ebx -call fcn_fffb3fec ; call 0xfffb3fec +call fcn_fffb407f ; call 0xfffb407f mov edx, 0xb mov eax, ebx -call fcn_fffb3fec ; call 0xfffb3fec +call fcn_fffb407f ; call 0xfffb407f -loc_fffb44d2: ; not directly referenced +loc_fffb4565: ; not directly referenced add esp, 0x1c xor eax, eax pop ebx @@ -27751,116 +27795,96 @@ pop edi pop ebp ret -fcn_fffb44dc: ; not directly referenced +fcn_fffb456f: ; not directly referenced push ebp -mov ecx, 2 +mov eax, 0x80000002 mov ebp, esp +push edi +push esi push ebx sub esp, 0x1c -mov ebx, dword [ebp + 0xc] -push dword [ebp + 0x10] -mov edx, dword [ebp + 8] -lea eax, [ebp - 0xa] -mov word [ebp - 0xa], bx +mov ebx, dword [ebp + 0x20] +mov ecx, dword [ebp + 0x10] +mov esi, dword [ebp + 0x14] +mov edi, dword [ebp + 0x18] +test ebx, ebx +je loc_fffb464a ; je 0xfffb464a +cmp ecx, 0xb +ja loc_fffb464a ; ja 0xfffb464a push eax -mov eax, 7 -call fcn_fffab430 ; call 0xfffab430 -mov eax, ebx -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffb450a: ; not directly referenced -push ebp -mov ebp, esp +mov edx, ecx +push dword [ebp + 0x1c] +mov eax, 1 +mov dword [ebp - 0x1c], ecx push edi push esi -mov esi, eax -push ebx -mov ebx, edx -sub esp, 0x2c -test ebx, ebx -setne al -cmp cx, 0x1ff -setbe bl -mov dword [ebp - 0x2c], edx -mov edx, dword [ebp + 8] -mov word [ebp - 0x2e], cx -mov dword [ebp - 0x1c], 0x80000007 -test al, bl -je loc_fffb45de ; je 0xfffb45de -mov edi, edx -movzx edx, dx -add edx, ecx -cmp edx, 0x1ff -jg loc_fffb45de ; jg 0xfffb45de -mov eax, dword [ebp - 0x2c] -add edi, eax -mov ebx, eax -mov eax, esi -movzx eax, al -mov word [ebp - 0x30], di -mov dword [ebp - 0x34], eax +call fcn_fffb05d3 ; call 0xfffb05d3 +add esp, 0x10 +mov ecx, dword [ebp - 0x1c] +test eax, eax +js loc_fffb464a ; js 0xfffb464a +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x1e], al +mov eax, ecx +and eax, 3 +mov dword [ebp - 0x1c], eax +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] +dec eax +test ebx, eax +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] +sete byte [ebp - 0x1d] +mov dword [ebp - 0x28], eax -loc_fffb4563: ; not directly referenced -cmp word [ebp - 0x30], bx -je short loc_fffb45d7 ; je 0xfffb45d7 -mov ecx, dword [ebp + 0xc] -mov dx, word [ebp - 0x2e] -sub edx, dword [ebp - 0x2c] -movzx ecx, byte [ecx] -add edx, ebx -mov eax, edx -shr ax, 8 -cmp ax, cx -je short loc_fffb458c ; je 0xfffb458c -mov edi, dword [ebp + 0xc] -mov byte [edi], al -mov al, 1 -jmp short loc_fffb458e ; jmp 0xfffb458e +loc_fffb45ed: ; not directly referenced +cmp dword [ebp + 0x1c], 0 +je short loc_fffb4648 ; je 0xfffb4648 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffb45ff ; jne 0xfffb45ff +mov al, byte [esi] +mov byte [ebx], al +jmp short loc_fffb4637 ; jmp 0xfffb4637 -loc_fffb458c: ; not directly referenced -xor eax, eax +loc_fffb45ff: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffb4613 ; jne 0xfffb4613 +sub esp, 0xc +push esi +call fcn_fffb3e49 ; call 0xfffb3e49 +mov word [ebx], ax +jmp short loc_fffb4634 ; jmp 0xfffb4634 -loc_fffb458e: ; not directly referenced -dec al -movzx esi, dl -jne short loc_fffb45b3 ; jne 0xfffb45b3 -mov eax, dword [ebp + 0xc] -cmp byte [eax], 1 -push edx -lea edx, [ebp - 0x1c] -sbb eax, eax -push edx -and eax, 0xfffffffe -push 0 -add eax, 0x6e -push eax -call fcn_fffab4b3 ; call 0xfffab4b3 -add esp, 0x10 +loc_fffb4613: ; not directly referenced +cmp dword [ebp - 0x1c], 2 +jne short loc_fffb4626 ; jne 0xfffb4626 +sub esp, 0xc +push esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [ebx], eax +jmp short loc_fffb4634 ; jmp 0xfffb4634 -loc_fffb45b3: ; not directly referenced -shl esi, 8 -mov edi, ebx -push eax -inc ebx -or esi, dword [ebp - 0x34] -push eax -lea eax, [ebp - 0x1c] -push eax +loc_fffb4626: ; not directly referenced +sub esp, 0xc push esi -call fcn_fffab48f ; call 0xfffab48f +call fcn_fffb401c ; call 0xfffb401c +mov dword [ebx], eax +mov dword [ebx + 4], edx + +loc_fffb4634: ; not directly referenced add esp, 0x10 -mov byte [ebx - 1], al -cmp dword [ebp - 0x1c], 0 -je short loc_fffb4563 ; je 0xfffb4563 -mov byte [edi], 0 -loc_fffb45d7: ; not directly referenced -mov dword [ebp - 0x1c], 0 +loc_fffb4637: ; not directly referenced +movzx eax, byte [ebp - 0x1e] +add esi, dword [ebp - 0x28] +adc edi, dword [ebp - 0x24] +dec dword [ebp + 0x1c] +add ebx, eax +jmp short loc_fffb45ed ; jmp 0xfffb45ed -loc_fffb45de: ; not directly referenced -mov eax, dword [ebp - 0x1c] +loc_fffb4648: ; not directly referenced +xor eax, eax + +loc_fffb464a: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -27868,185 +27892,361 @@ pop edi pop ebp ret -fcn_fffb45e9: ; not directly referenced +fcn_fffb4652: ; not directly referenced push ebp -mov ecx, 2 +movzx edx, dl mov ebp, esp push edi push esi -push ebx -sub esp, 0x34 -mov esi, dword [ebp + 0x10] -movzx eax, byte [ebp + 0xc] -lea edi, [ebp - 0x19] -push edi -push 1 -lea edx, [esi + 2] -mov byte [ebp - 0x19], 0xff -mov dword [ebp - 0x30], eax -call fcn_fffb450a ; call 0xfffb450a -add esp, 0x10 mov esi, eax -test eax, eax -jne short loc_fffb467d ; jne 0xfffb467d -mov eax, dword [ebp + 0x18] -xor edx, edx -mov ecx, dword [ebp + 8] -mov dword [ebp - 0x2c], 1 -mov ebx, dword [ebp + 0x14] -shl dword [ebp - 0x2c], cl -mov ecx, 5 -div ecx -lea eax, [eax + eax*4] +push ebx +sub esp, 0x2c +mov ebx, dword [ebp + 0x10] +mov eax, dword [ebp + 8] +mov dword [ebp - 0x24], ecx +mov edi, dword [esi + 0x5edd] +mov dword [ebp - 0x1c], ebx +mov byte [ebp - 0x2b], bl +mov bl, byte [ebp + 0x18] +mov ecx, eax +mov eax, dword [ebp + 0xc] +mov byte [ebp - 0x2c], bl +imul ebx, edx, 0xcc +mov byte [ebp - 0x20], al +lea ebx, [edi + ebx + 0x1c] +cmp cl, 0xe +ja loc_fffb4a3a ; ja 0xfffb4a3a +movzx edi, cl +jmp dword [edi*4 + ref_fffd39cc] ; ujmp: jmp dword [edi*4 - 0x2c634] + +loc_fffb46a0: ; not directly referenced +mov edi, dword [ebx + 0xa0] +and eax, 0xf +shl eax, 0xf +and edi, 0xfff87fff +jmp near loc_fffb49e6 ; jmp 0xfffb49e6 + +loc_fffb46b7: ; not directly referenced +mov edi, dword [ebx + 0xa0] +and eax, 0xf +shl eax, 0x13 +and edi, 0xff87ffff +jmp near loc_fffb49e6 ; jmp 0xfffb49e6 + +loc_fffb46ce: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 0x11 +and edi, 0xffe1ffff +jmp short loc_fffb474a ; jmp 0xfffb474a + +loc_fffb46e2: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 0x15 +and edi, 0xfe1fffff +jmp short loc_fffb474a ; jmp 0xfffb474a + +loc_fffb46f6: ; not directly referenced +mov edi, dword [ebx + 0xa8] +and eax, 0x1f +shl eax, 0x13 +and edi, 0xff07ffff +jmp near loc_fffb4a1a ; jmp 0xfffb4a1a + +loc_fffb470d: ; not directly referenced +mov edi, dword [ebx + 0xa8] +and eax, 0x1f +shl eax, 0x18 +and edi, 0xe0ffffff +jmp near loc_fffb4a1a ; jmp 0xfffb4a1a + +loc_fffb4724: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 6 +and edi, 0xfffffc3f +jmp short loc_fffb474a ; jmp 0xfffb474a + +loc_fffb4738: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 0xa +and edi, 0xffffc3ff + +loc_fffb474a: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x4008 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xa4], edi +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb4773: ; not directly referenced +mov edi, dword [ebx + 0xac] +sub eax, 6 +and eax, 3 +shl eax, 0x11 +and edi, 0xfff9ffff +jmp short loc_fffb47b6 ; jmp 0xfffb47b6 + +loc_fffb478a: ; not directly referenced +sub eax, 6 +mov edi, dword [ebx + 0xac] +cmp dword [esi + 0x2481], 3 +jne short loc_fffb47aa ; jne 0xfffb47aa +and eax, 7 +and edi, 0xffc7ffff +shl eax, 0x13 +jmp short loc_fffb47b6 ; jmp 0xfffb47b6 + +loc_fffb47aa: ; not directly referenced +and eax, 3 +and edi, 0xffe7ffff +shl eax, 0x13 + +loc_fffb47b6: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x4014 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xac], edi +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb47df: ; not directly referenced +movzx ecx, byte [ebp - 0x24] +lea edi, [ebx + ecx*4] +mov ebx, dword [edi + 4] +mov dword [ebp - 0x24], edi +mov dword [ebp - 0x20], ebx +shr ebx, 0xd +and ebx, 0xf +mov edi, ebx +or edi, 0xfffffff0 +test bl, 8 +cmovne ebx, edi +add eax, ebx +mov bl, 6 +cmp al, 6 +cmovle ebx, eax +mov al, 0xfc +cmp bl, 0xfc +cmovge eax, ebx +mov ebx, dword [ebp - 0x20] +and eax, 0xf +mov edi, eax +shl edi, 0xd +and ebx, 0xff0e1fff +shl eax, 0x14 +or ebx, edi +or ebx, eax +mov eax, esi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, ebx +mov edx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov eax, dword [ebp - 0x24] +mov dword [eax + 4], ebx +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb4850: ; not directly referenced +movzx ecx, byte [ebp - 0x24] +lea edi, [ebx + ecx*4] +mov ebx, dword [edi + 4] +mov dword [ebp - 0x20], ebx +shr ebx, 0x11 +and ebx, 7 add eax, ebx +mov bl, 7 +cmp al, 7 +cmovle ebx, eax +xor eax, eax +test bl, bl +cmovns eax, ebx +and eax, 7 +mov ebx, eax +shl ebx, 0x11 +mov dword [ebp - 0x24], ebx +mov ebx, dword [ebp - 0x20] +shl eax, 0x18 +and ebx, 0xf8f1ffff +or ebx, dword [ebp - 0x24] +or ebx, eax +mov eax, esi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, ebx +mov edx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov dword [edi + 4], ebx +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb48b3: ; not directly referenced +imul eax, edx, 0x13c3 +xor edi, edi +shl edx, 0xa +lea eax, [esi + eax + 0x3757] +mov dword [ebp - 0x24], eax +lea eax, [edx + 0x4028] +mov dword [ebp - 0x30], eax +lea eax, [edx + 0x4024] +mov dword [ebp - 0x28], eax +mov eax, dword [ebp - 0x20] +and eax, 0x7f +mov dword [ebp - 0x1c], eax + +loc_fffb48e3: ; not directly referenced +mov eax, edi +mov byte [ebp - 0x2a], al +movzx eax, byte [ebp - 0x2c] +bt eax, edi +jae loc_fffb49c8 ; jae 0xfffb49c8 +mov ecx, dword [ebp - 0x24] +mov al, byte [ebp - 0x20] +add al, byte [ecx + edi + 0x1011] +sub al, byte [ecx + edi + 0x1015] +mov byte [ebp - 0x29], al +js loc_fffb49c8 ; js 0xfffb49c8 +mov edx, dword [ebp - 0x30] +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov edx, dword [ebp - 0x28] mov dword [ebp - 0x34], eax +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov dl, byte [ebp - 0x2a] +mov ecx, dword [ebp - 0x34] +cmp dl, 2 +mov ebx, eax +movzx eax, byte [ebp - 0x29] +je short loc_fffb4966 ; je 0xfffb4966 +and eax, 0xf +cmp dl, 3 +je short loc_fffb497f ; je 0xfffb497f +dec dl +je short loc_fffb4953 ; je 0xfffb4953 +and ecx, 0xfffffff0 +and ebx, 0xffffff80 +or ecx, eax +or ebx, dword [ebp - 0x1c] +jmp short loc_fffb4995 ; jmp 0xfffb4995 -loc_fffb4640: ; not directly referenced -cmp ebx, dword [ebp - 0x34] -je short loc_fffb467d ; je 0xfffb467d -movzx eax, byte [ebx + 4] -test dword [ebp - 0x2c], eax -je short loc_fffb4678 ; je 0xfffb4678 -push eax -mov edx, dword [ebp + 0x10] -push eax -movzx ecx, word [ebx] -push edi -mov ax, word [ebx + 2] -add edx, ecx -inc eax -sub ax, word [ebx] -movzx eax, ax -push eax -mov eax, dword [ebp - 0x30] -call fcn_fffb450a ; call 0xfffb450a -add esp, 0x10 -test eax, eax -je short loc_fffb4678 ; je 0xfffb4678 -mov esi, eax -jmp short loc_fffb467d ; jmp 0xfffb467d +loc_fffb4953: ; not directly referenced +shl eax, 4 +and cl, 0xf +or ecx, eax +mov eax, dword [ebp - 0x1c] +and bh, 0x80 +shl eax, 8 +jmp short loc_fffb4993 ; jmp 0xfffb4993 -loc_fffb4678: ; not directly referenced -add ebx, 5 -jmp short loc_fffb4640 ; jmp 0xfffb4640 +loc_fffb4966: ; not directly referenced +and eax, 0xf +and ch, 0xf0 +shl eax, 8 +and ebx, 0xff80ffff +or ecx, eax +mov eax, dword [ebp - 0x1c] +shl eax, 0x10 +jmp short loc_fffb4993 ; jmp 0xfffb4993 -loc_fffb467d: ; not directly referenced -test esi, esi -sete al -lea esp, [ebp - 0xc] +loc_fffb497f: ; not directly referenced +shl eax, 0xc +and ch, 0xf +or ecx, eax +mov eax, dword [ebp - 0x1c] +and ebx, 0x80ffffff +shl eax, 0x18 + +loc_fffb4993: ; not directly referenced +or ebx, eax + +loc_fffb4995: ; not directly referenced +mov edx, dword [ebp - 0x30] +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x28] +mov ecx, ebx +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x2b], 0 +je short loc_fffb49c8 ; je 0xfffb49c8 +mov ecx, dword [ebp - 0x24] +mov al, byte [ebp - 0x20] +mov byte [ecx + edi + 0x1015], al +mov al, byte [ebp - 0x29] +mov byte [ecx + edi + 0x1011], al + +loc_fffb49c8: ; not directly referenced +inc edi +cmp edi, 4 +jne loc_fffb48e3 ; jne 0xfffb48e3 +jmp short loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb49d4: ; not directly referenced +mov edi, dword [ebx + 0xa0] +and eax, 7 +shl eax, 0xc +and edi, 0xffff8fff + +loc_fffb49e6: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x4004 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je short loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xa0], edi +jmp short loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb4a08: ; not directly referenced +mov edi, dword [ebx + 0xa8] +and eax, 0x1f +shl eax, 0xe +and edi, 0xfff83fff + +loc_fffb4a1a: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x400c +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je short loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xa8], edi + +loc_fffb4a3a: ; not directly referenced +add esp, 0x2c pop ebx pop esi pop edi pop ebp ret -fcn_fffb468a: -mov eax, dword [0xff7d0084] -push ebp -mov ebp, esp -push ebx -mov eax, dword [eax + 0x14] -add eax, 0xf8002 -push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -mov ecx, eax -mov edx, eax -and cl, 0x7d -pop eax -mov eax, 1 -cmp cx, 0x8c44 -je loc_fffb47e4 ; je 0xfffb47e4 -cmp dx, 0x8c4c -sete bl -cmp dx, 0x8c4a -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c50 -sete bl -cmp dx, 0x8c4e -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c42 -sete bl -cmp dx, 0x8c5c -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c4f -sete bl -cmp dx, 0x8c49 -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c41 -sete bl -cmp dx, 0x8c4b -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c58 -je loc_fffb47e4 ; je 0xfffb47e4 -cmp dx, 0x8c54 -sete bl -cmp dx, 0x8c52 -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c56 -je loc_fffb47e4 ; je 0xfffb47e4 -lea ecx, [edx + 0x63bf] -cmp cx, 6 -jbe short loc_fffb47e4 ; jbe 0xfffb47e4 -cmp dx, 0x8cc5 -sete bl -cmp dx, 0x8cc3 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -lea ecx, [edx + 0x733f] -cmp cx, 1 -jbe short loc_fffb47e4 ; jbe 0xfffb47e4 -lea eax, [edx + 0x633f] -cmp ax, 2 -mov eax, 2 -setbe bl -cmp dx, 0x9cc5 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -lea ecx, [edx + 0x633a] -cmp cx, 1 -setbe bl -cmp dx, 0x9cc9 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x9cc8 -sete bl -cmp dx, 0x9cc4 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -add dx, 0x6336 -cmp dx, 2 -sbb eax, eax -add eax, 3 - -loc_fffb47e4: -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffb47e9: +fcn_fffb4a42: push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_fffb3d58 ; call 0xfffb3d58 +call fcn_fffb3fce ; call 0xfffb3fce mov ecx, esi movzx esi, cl lea edx, [eax + esi] @@ -28057,12 +28257,12 @@ pop esi pop ebp ret -fcn_fffb4808: ; not directly referenced +fcn_fffb4a61: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, dword [ebp + 8] -call fcn_fffb3d58 ; call 0xfffb3d58 +call fcn_fffb3fce ; call 0xfffb3fce movzx ebx, bl lea edx, [eax + ebx] in al, dx @@ -28070,388 +28270,223 @@ pop ebx pop ebp ret -fcn_fffb481e: -mov eax, dword [0xff7d0084] +fcn_fffb4a77: ; not directly referenced push ebp mov ebp, esp -push ebx -mov eax, dword [eax + 0x14] -add eax, 0xf8002 -push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -mov ecx, eax -mov edx, eax -and cl, 0x7d -pop eax -mov eax, 1 -cmp cx, 0x8c44 -je loc_fffb497f ; je 0xfffb497f -cmp dx, 0x8c4c -sete bl -cmp dx, 0x8c4a -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c50 -sete bl -cmp dx, 0x8c4e -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c42 -sete bl -cmp dx, 0x8c5c -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c4f -sete bl -cmp dx, 0x8c49 -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c41 -sete bl -cmp dx, 0x8c4b -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c58 -je loc_fffb497f ; je 0xfffb497f -cmp dx, 0x8c54 -sete bl -cmp dx, 0x8c52 -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c56 -je loc_fffb497f ; je 0xfffb497f -cmp dx, 0x8cc5 -sete bl -cmp dx, 0x8cc3 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -lea eax, [edx + 0x733f] -cmp ax, 1 -jbe short loc_fffb497a ; jbe 0xfffb497a -lea ecx, [edx + 0x63bf] -mov eax, 2 -cmp cx, 6 -jbe short loc_fffb497f ; jbe 0xfffb497f -lea ecx, [edx + 0x633f] -cmp cx, 2 -setbe bl -cmp dx, 0x9cc5 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -lea ecx, [edx + 0x633a] -cmp cx, 1 -setbe bl -cmp dx, 0x9cc9 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x9cc8 -sete bl -cmp dx, 0x9cc4 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -add dx, 0x6336 -cmp dx, 2 -sbb eax, eax -add eax, 3 -jmp short loc_fffb497f ; jmp 0xfffb497f - -loc_fffb497a: -mov eax, 1 - -loc_fffb497f: -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffb4984: -push ebp -mov ebp, esp -call fcn_fffb481e ; call 0xfffb481e -cmp eax, 1 -je short loc_fffb499d ; je 0xfffb499d -xor edx, edx -cmp eax, 2 -mov al, 6 -cmove edx, eax -jmp short loc_fffb499f ; jmp 0xfffb499f - -loc_fffb499d: -mov dl, 8 - -loc_fffb499f: -mov al, dl -pop ebp -ret - -fcn_fffb49a3: ; not directly referenced -push ebp -mov ebp, esp -push edi push esi +mov esi, dword [ebp + 0xc] push ebx -sub esp, 0x1c -mov eax, dword [0xff7d0084] -mov eax, dword [eax + 0x14] -add eax, 0xf8040 -push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -mov esi, eax -and esi, 0xfffc -push eax -add esi, 8 -push eax -push esi -call fcn_fffaafc2 ; call 0xfffaafc2 -mov ecx, 0x64 -xor edx, edx -add esp, 0x10 -mov ebx, eax -imul eax, dword [ebp + 8], 0x166 -and ebx, 0xffffff -div ecx -lea edi, [ebx + eax + 1] -mov ecx, edi -and edi, 0xffffff -shr ecx, 0x18 - -loc_fffb49fc: ; not directly referenced -test ecx, ecx -setne dl -cmp edi, ebx -seta al -or al, dl -je short loc_fffb4a34 ; je 0xfffb4a34 +mov ebx, dword [ebp + 8] sub esp, 0xc -push esi -mov dword [ebp - 0x20], edx -mov dword [ebp - 0x1c], ecx -call fcn_fffaafc2 ; call 0xfffaafc2 +push ebx +call fcn_fffb00dc ; call 0xfffb00dc add esp, 0x10 -mov ecx, dword [ebp - 0x1c] -mov edx, dword [ebp - 0x20] -and eax, 0xffffff -cmp eax, ebx -jae short loc_fffb4a30 ; jae 0xfffb4a30 -test dl, dl -je short loc_fffb4a34 ; je 0xfffb4a34 -dec ecx - -loc_fffb4a30: ; not directly referenced -mov ebx, eax -jmp short loc_fffb49fc ; jmp 0xfffb49fc - -loc_fffb4a34: ; not directly referenced -lea esp, [ebp - 0xc] +mov dword [ebp + 8], ebx +or eax, esi +mov dword [ebp + 0xc], eax +lea esp, [ebp - 8] pop ebx pop esi -pop edi pop ebp -ret +jmp near fcn_fffb0086 ; jmp 0xfffb0086 -fcn_fffb4a3c: ; not directly referenced +fcn_fffb4aa1: ; not directly referenced push ebp mov ebp, esp -sub esp, 8 -mov eax, dword [ebp + 0x10] -test eax, eax -je short loc_fffb4a55 ; je 0xfffb4a55 +push esi +mov esi, dword [ebp + 0xc] +push ebx +mov ebx, dword [ebp + 8] sub esp, 0xc -push eax -call fcn_fffb49a3 ; call 0xfffb49a3 +push ebx +call fcn_fffb00dc ; call 0xfffb00dc add esp, 0x10 +mov dword [ebp + 8], ebx +and eax, esi +mov dword [ebp + 0xc], eax +lea esp, [ebp - 8] +pop ebx +pop esi +pop ebp +jmp near fcn_fffb0086 ; jmp 0xfffb0086 -loc_fffb4a55: ; not directly referenced -xor eax, eax -leave -ret - -fcn_fffb4a59: ; not directly referenced +fcn_fffb4acb: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -mov ebx, 1 -sub esp, 0x38 +sub esp, 0x2c mov eax, dword [ebp + 8] lea esi, [eax - 8] mov edi, dword [esi + 0x10] lea eax, [edi + 2] push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -add esp, 0x10 +call fcn_fffb3e49 ; call 0xfffb3e49 +pop ebx +mov ebx, 1 mov edx, eax and dl, 0x7d cmp dx, 0x8c44 -je loc_fffb4ba6 ; je 0xfffb4ba6 +je loc_fffb4c16 ; je 0xfffb4c16 cmp ax, 0x8c4c sete cl cmp ax, 0x8c4a sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c50 sete cl cmp ax, 0x8c4e sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c42 sete cl cmp ax, 0x8c5c sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c4f sete cl cmp ax, 0x8c49 sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c41 sete cl cmp ax, 0x8c4b sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c58 -je loc_fffb4ba6 ; je 0xfffb4ba6 +je loc_fffb4c16 ; je 0xfffb4c16 cmp ax, 0x8c54 sete cl cmp ax, 0x8c52 sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c56 -je loc_fffb4ba6 ; je 0xfffb4ba6 +je loc_fffb4c16 ; je 0xfffb4c16 cmp ax, 0x8cc5 sete cl cmp ax, 0x8cc3 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 lea edx, [eax + 0x733f] cmp dx, 1 -jbe short loc_fffb4ba1 ; jbe 0xfffb4ba1 +jbe short loc_fffb4c11 ; jbe 0xfffb4c11 lea edx, [eax + 0x63bf] mov bl, 2 cmp dx, 6 -jbe short loc_fffb4ba6 ; jbe 0xfffb4ba6 +jbe short loc_fffb4c16 ; jbe 0xfffb4c16 lea edx, [eax + 0x633f] cmp dx, 2 setbe cl cmp ax, 0x9cc5 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 lea edx, [eax + 0x633a] cmp dx, 1 setbe cl cmp ax, 0x9cc9 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x9cc8 sete cl cmp ax, 0x9cc4 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 add ax, 0x6336 cmp ax, 2 sbb ebx, ebx add ebx, 3 -jmp short loc_fffb4ba6 ; jmp 0xfffb4ba6 +jmp short loc_fffb4c16 ; jmp 0xfffb4c16 -loc_fffb4ba1: ; not directly referenced +loc_fffb4c11: ; not directly referenced mov ebx, 1 -loc_fffb4ba6: ; not directly referenced +loc_fffb4c16: ; not directly referenced mov eax, dword [esi + 0xc] -sub esp, 0xc mov dword [ebp - 0x2c], eax lea eax, [edi + 0x40] push eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 mov esi, eax lea eax, [edi + 0x48] -mov dword [esp], eax -call fcn_fffb3d06 ; call 0xfffb3d06 -add esp, 0x10 +push eax +call fcn_fffb3e49 ; call 0xfffb3e49 cmp dword [ebp + 0xc], 5 -ja loc_fffb4e16 ; ja 0xfffb4e16 +pop edx +pop ecx +ja loc_fffb4e80 ; ja 0xfffb4e80 mov edx, dword [ebp + 0xc] -jmp dword [edx*4 + ref_fffd3f10] ; ujmp: jmp dword [edx*4 - 0x2c0f0] +jmp dword [edx*4 + ref_fffd3a08] ; ujmp: jmp dword [edx*4 - 0x2c5f8] -loc_fffb4bdc: ; not directly referenced +loc_fffb4c46: ; not directly referenced mov edx, 0xcf9 xor eax, eax out dx, al mov bl, 4 -jmp near loc_fffb4d98 ; jmp 0xfffb4d98 +jmp near loc_fffb4e02 ; jmp 0xfffb4e02 -loc_fffb4beb: ; not directly referenced +loc_fffb4c55: ; not directly referenced mov edx, 0xcf9 mov al, 2 out dx, al mov bl, 6 -jmp near loc_fffb4d98 ; jmp 0xfffb4d98 +jmp near loc_fffb4e02 ; jmp 0xfffb4e02 -loc_fffb4bfa: ; not directly referenced +loc_fffb4c64: ; not directly referenced and esi, 0xfffffffc mov al, byte [edi + 0x44] or eax, 0xffffff80 mov byte [edi + 0x44], al cmp ebx, 2 movzx esi, si -jne short loc_fffb4c20 ; jne 0xfffb4c20 +jne short loc_fffb4c8a ; jne 0xfffb4c8a push eax push eax push 0 lea eax, [esi + 0x9c] push eax -call fcn_fffaafda ; call 0xfffaafda -jmp short loc_fffb4c3d ; jmp 0xfffb4c3d +call fcn_fffb0086 ; call 0xfffb0086 +jmp short loc_fffb4ca7 ; jmp 0xfffb4ca7 -loc_fffb4c20: ; not directly referenced +loc_fffb4c8a: ; not directly referenced dec ebx -jne short loc_fffb4c40 ; jne 0xfffb4c40 +jne short loc_fffb4caa ; jne 0xfffb4caa push ecx push ecx push 0 lea eax, [esi + 0x28] push eax -call fcn_fffb3f28 ; call 0xfffb3f28 +call fcn_fffb00b9 ; call 0xfffb00b9 lea eax, [esi + 0x2c] pop ebx pop edi push 0 push eax -call fcn_fffb3f28 ; call 0xfffb3f28 +call fcn_fffb00b9 ; call 0xfffb00b9 -loc_fffb4c3d: ; not directly referenced +loc_fffb4ca7: ; not directly referenced add esp, 0x10 -loc_fffb4c40: ; not directly referenced +loc_fffb4caa: ; not directly referenced push ecx push ecx push 0x100 lea eax, [esi + 0x34] add esi, 4 push eax -call fcn_fffb3f28 ; call 0xfffb3f28 +call fcn_fffb00b9 ; call 0xfffb00b9 mov dword [esp], esi -call fcn_fffaafc2 ; call 0xfffaafc2 +call fcn_fffb00dc ; call 0xfffb00dc pop edi mov ebx, eax and bh, 0xc3 @@ -28461,17 +28496,17 @@ or ah, 0x1c or bh, 0x3c push eax push esi -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 pop eax pop edx push ebx push esi -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 add esp, 0x10 xor ecx, ecx -jmp near loc_fffb4e1b ; jmp 0xfffb4e1b +jmp near loc_fffb4e85 ; jmp 0xfffb4e85 -loc_fffb4c84: ; not directly referenced +loc_fffb4cee: ; not directly referenced mov esi, eax push edx and esi, 0xfffc @@ -28480,139 +28515,139 @@ push 0 lea eax, [esi + 0x60] push eax mov dword [ebp - 0x30], eax -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 pop ecx pop eax lea eax, [esi + 0x64] push 0 push eax -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 pop eax pop edx lea eax, [esi + 0x68] push 0 push eax -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 mov eax, dword [ebp + 0xc] add esp, 0x10 sub eax, 4 cmp eax, 1 -ja loc_fffb4d96 ; ja 0xfffb4d96 +ja loc_fffb4e00 ; ja 0xfffb4e00 sub esp, 0xc add edi, 0xac push edi -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 pop edx pop ecx or eax, 0x100000 push eax push edi -call fcn_fffb3d84 ; call 0xfffb3d84 +call fcn_fffb3ffa ; call 0xfffb3ffa add esp, 0x10 cmp dword [ebp + 0xc], 5 -jne loc_fffb4d96 ; jne 0xfffb4d96 +jne loc_fffb4e00 ; jne 0xfffb4e00 mov eax, dword [ebp - 0x2c] sub esp, 0xc add eax, 0x332c push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 test al, 3 -jne loc_fffb4d96 ; jne 0xfffb4d96 +jne loc_fffb4e00 ; jne 0xfffb4e00 mov eax, dword [ebp - 0x2c] sub esp, 0xc add eax, 0x3330 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 test ah, 0xc0 -jne short loc_fffb4d96 ; jne 0xfffb4d96 +jne short loc_fffb4e00 ; jne 0xfffb4e00 cmp ebx, 1 -jne short loc_fffb4d55 ; jne 0xfffb4d55 +jne short loc_fffb4dbf ; jne 0xfffb4dbf push eax push eax push 0x40000000 push esi -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 pop eax pop edx lea eax, [esi + 4] add esi, 0xc push 0xbfffffff push eax -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 pop ecx pop ebx push 0xbfffffff -jmp short loc_fffb4d7b ; jmp 0xfffb4d7b +jmp short loc_fffb4de5 ; jmp 0xfffb4de5 -loc_fffb4d55: ; not directly referenced +loc_fffb4dbf: ; not directly referenced cmp ebx, 2 -jne short loc_fffb4d84 ; jne 0xfffb4d84 +jne short loc_fffb4dee ; jne 0xfffb4dee push edx add esi, 0x1f0 push edx push 1 push esi -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 pop ecx pop ebx push 0xfffffffffffffffb push esi -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 pop edi pop eax push 0x7fffffff -loc_fffb4d7b: ; not directly referenced +loc_fffb4de5: ; not directly referenced push esi -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 add esp, 0x10 -loc_fffb4d84: ; not directly referenced +loc_fffb4dee: ; not directly referenced push eax push eax push 0x40000000 push dword [ebp - 0x30] -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 add esp, 0x10 -loc_fffb4d96: ; not directly referenced +loc_fffb4e00: ; not directly referenced mov bl, 0xe -loc_fffb4d98: ; not directly referenced +loc_fffb4e02: ; not directly referenced mov eax, dword [ebp + 0xc] sub eax, 4 cmp eax, 1 -jbe short loc_fffb4daa ; jbe 0xfffb4daa +jbe short loc_fffb4e14 ; jbe 0xfffb4e14 -loc_fffb4da3: ; not directly referenced +loc_fffb4e0d: ; not directly referenced xor esi, esi lea edi, [ebp - 0x1c] -jmp short loc_fffb4dc8 ; jmp 0xfffb4dc8 +jmp short loc_fffb4e32 ; jmp 0xfffb4e32 -loc_fffb4daa: ; not directly referenced +loc_fffb4e14: ; not directly referenced push 0 push 0 push 0 -push ref_fffd65b0 ; push 0xfffd65b0 -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68ac ; push 0xfffd68ac +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 test eax, eax -jne short loc_fffb4da3 ; jne 0xfffb4da3 +jne short loc_fffb4e0d ; jne 0xfffb4e0d mov ecx, 0x80000003 -jmp short loc_fffb4e1b ; jmp 0xfffb4e1b +jmp short loc_fffb4e85 ; jmp 0xfffb4e85 -loc_fffb4dc8: ; not directly referenced +loc_fffb4e32: ; not directly referenced push edi push 0 push esi -push ref_fffd663c ; push 0xfffd663c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6938 ; push 0xfffd6938 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 mov edx, eax test eax, eax -jne short loc_fffb4df3 ; jne 0xfffb4df3 +jne short loc_fffb4e5d ; jne 0xfffb4e5d mov dword [ebp - 0x2c], eax mov eax, dword [ebp - 0x1c] sub esp, 0xc @@ -28621,26 +28656,26 @@ call dword [eax] ; ucall mov edx, dword [ebp - 0x2c] add esp, 0x10 -loc_fffb4df3: ; not directly referenced +loc_fffb4e5d: ; not directly referenced inc esi cmp edx, 0x8000000e -jne short loc_fffb4dc8 ; jne 0xfffb4dc8 +jne short loc_fffb4e32 ; jne 0xfffb4e32 xor ecx, ecx mov edx, 0xcf9 mov al, bl out dx, al mov dword [ebp - 0x1c], 0 -loc_fffb4e0d: ; not directly referenced +loc_fffb4e77: ; not directly referenced mov eax, dword [ebp - 0x1c] test eax, eax -je short loc_fffb4e0d ; je 0xfffb4e0d -jmp short loc_fffb4e1b ; jmp 0xfffb4e1b +je short loc_fffb4e77 ; je 0xfffb4e77 +jmp short loc_fffb4e85 ; jmp 0xfffb4e85 -loc_fffb4e16: ; not directly referenced +loc_fffb4e80: ; not directly referenced mov ecx, 0x80000002 -loc_fffb4e1b: ; not directly referenced +loc_fffb4e85: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ecx pop ebx @@ -28649,1391 +28684,7 @@ pop edi pop ebp ret -fcn_fffb4e25: ; not directly referenced -push ebp -mov al, 1 -mov ebp, esp -push edi -push esi -push ebx -xor ebx, ebx -sub esp, 0x2c -lea esi, [ebp - 0x28] -lea edi, [ebp - 0x20] - -loc_fffb4e38: ; not directly referenced -cmp dword [ebp + 8], 1 -je short loc_fffb4e63 ; je 0xfffb4e63 -cmp dword [ebp + 8], 2 -jne short loc_fffb4e8d ; jne 0xfffb4e8d -mov ecx, 0x150 -rdmsr -mov dword [ebp - 0x28], eax -push eax -push 8 -push esi -push edi -mov dword [ebp - 0x24], edx -call fcn_fffab101 ; call 0xfffab101 -mov al, byte [ebp - 0x19] -shr al, 7 -jmp short loc_fffb4e8a ; jmp 0xfffb4e8a - -loc_fffb4e63: ; not directly referenced -mov eax, dword [0xff7d0084] -sub esp, 0xc -mov eax, dword [eax + 0x14] -add eax, 0x48 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -and eax, 0xfffffffe -add eax, 0x5da4 -mov dword [esp], eax -call fcn_fffb3d4e ; call 0xfffb3d4e -shr eax, 0x1f - -loc_fffb4e8a: ; not directly referenced -add esp, 0x10 - -loc_fffb4e8d: ; not directly referenced -sub esp, 0xc -inc ebx -push 1 -mov dword [ebp - 0x2c], eax -call fcn_fffb49a3 ; call 0xfffb49a3 -mov eax, dword [ebp - 0x2c] -add esp, 0x10 -mov dl, al -and edx, 1 -cmp bx, 0x3e7 -setbe cl -test dl, cl -jne short loc_fffb4e38 ; jne 0xfffb4e38 -cmp bx, 0x3e8 -sete al -and eax, edx -shl eax, 0x1f -lea esp, [ebp - 0xc] -sar eax, 0x1f -pop ebx -and eax, 0x80000012 -pop esi -pop edi -pop ebp -ret - -fcn_fffb4ecf: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x38 -mov edi, dword [ebp + 8] -push edi -call fcn_fffb4e25 ; call 0xfffb4e25 -add esp, 0x10 -mov ebx, eax -test eax, eax -js loc_fffb505b ; js 0xfffb505b -cmp edi, 1 -je short loc_fffb4f01 ; je 0xfffb4f01 -cmp edi, 2 -je loc_fffb4fa4 ; je 0xfffb4fa4 -jmp near loc_fffb505f ; jmp 0xfffb505f - -loc_fffb4f01: ; not directly referenced -mov eax, dword [ebp + 0xc] -sub esp, 0xc -mov dword [ebp - 0x20], eax -mov eax, dword [0xff7d0084] -or byte [ebp - 0x1d], 0x80 -mov eax, dword [eax + 0x14] -add eax, 0x48 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov edi, eax -pop eax -and edi, 0xfffffffe -pop edx -push dword [ebp - 0x20] -lea esi, [edi + 0x5da4] -add edi, 0x5da0 -push esi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov dword [esp], 1 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov dword [ebp - 0x20], eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], 0xa -mov dword [ebp - 0x1c], eax -call fcn_fffb49a3 ; call 0xfffb49a3 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov edx, dword [ebp - 0x20] -add esp, 0x10 -cmp edx, esi -je short loc_fffb4f94 ; je 0xfffb4f94 -cmp dword [ebp - 0x1c], eax -je short loc_fffb4f94 ; je 0xfffb4f94 - -loc_fffb4f8a: ; not directly referenced -mov eax, 0x80000002 -jmp near loc_fffb5064 ; jmp 0xfffb5064 - -loc_fffb4f94: ; not directly referenced -mov eax, dword [ebp + 0x14] -mov dword [eax], edx -lea eax, [ebp - 0x1c] -push ecx -push 4 -jmp near loc_fffb504f ; jmp 0xfffb504f - -loc_fffb4fa4: ; not directly referenced -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp + 0x10] -mov eax, dword [eax] -push edx -push 8 -or byte [ebp - 0x21], 0x80 -mov dword [ebp - 0x28], eax -lea eax, [ebp - 0x28] -push eax -lea eax, [ebp - 0x30] -push eax -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x30] -mov ecx, 0x150 -mov edx, dword [ebp - 0x2c] -wrmsr -mov dword [esp], 2 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x28] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov dword [esp], 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x20] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x1c] -add esp, 0x10 -cmp dword [ebp - 0x24], eax -je short loc_fffb5040 ; je 0xfffb5040 -mov eax, dword [ebp - 0x20] -cmp dword [ebp - 0x28], eax -jne loc_fffb4f8a ; jne 0xfffb4f8a - -loc_fffb5040: ; not directly referenced -movzx eax, byte [ebp - 0x24] -mov edx, dword [ebp + 0x14] -mov dword [edx], eax -push eax -push 4 -lea eax, [ebp - 0x28] - -loc_fffb504f: ; not directly referenced -push eax -push dword [ebp + 0x10] -call fcn_fffab101 ; call 0xfffab101 -add esp, 0x10 - -loc_fffb505b: ; not directly referenced -mov eax, ebx -jmp short loc_fffb5064 ; jmp 0xfffb5064 - -loc_fffb505f: ; not directly referenced -mov eax, 0x80000003 - -loc_fffb5064: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb506c: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x48 -mov esi, dword [ebp + 8] -push esi -call fcn_fffb4e25 ; call 0xfffb4e25 -add esp, 0x10 -mov ebx, eax -test eax, eax -js loc_fffb51e8 ; js 0xfffb51e8 -cmp esi, 1 -je short loc_fffb509e ; je 0xfffb509e -cmp esi, 2 -je loc_fffb5145 ; je 0xfffb5145 -jmp near loc_fffb51ec ; jmp 0xfffb51ec - -loc_fffb509e: ; not directly referenced -mov eax, dword [0xff7d0084] -sub esp, 0xc -mov eax, dword [eax + 0x14] -add eax, 0x48 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -pop edx -pop ecx -push dword [ebp + 0x10] -mov esi, eax -and esi, 0xfffffffe -lea edi, [esi + 0x5da0] -add esi, 0x5da4 -push edi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov eax, dword [ebp + 0xc] -pop edx -pop ecx -or eax, 0x80000000 -push eax -push esi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov dword [esp], 1 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov dword [ebp - 0x40], eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], 0xa -mov dword [ebp - 0x3c], eax -call fcn_fffb49a3 ; call 0xfffb49a3 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov ecx, dword [ebp - 0x40] -add esp, 0x10 -cmp ecx, esi -je short loc_fffb5138 ; je 0xfffb5138 -cmp dword [ebp - 0x3c], eax -je short loc_fffb5138 ; je 0xfffb5138 - -loc_fffb512e: ; not directly referenced -mov eax, 0x80000002 -jmp near loc_fffb51f1 ; jmp 0xfffb51f1 - -loc_fffb5138: ; not directly referenced -mov eax, dword [ebp + 0x14] -movzx ecx, cl -mov dword [eax], ecx -jmp near loc_fffb51e8 ; jmp 0xfffb51e8 - -loc_fffb5145: ; not directly referenced -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp + 0x10] -or byte [ebp - 0x21], 0x80 -mov dword [ebp - 0x28], eax -push eax -push 8 -lea eax, [ebp - 0x28] -push eax -lea eax, [ebp - 0x30] -push eax -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x30] -mov ecx, 0x150 -mov edx, dword [ebp - 0x2c] -wrmsr -mov dword [esp], 2 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x28] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov dword [esp], 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x20] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x1c] -add esp, 0x10 -cmp dword [ebp - 0x24], eax -je short loc_fffb51df ; je 0xfffb51df -mov eax, dword [ebp - 0x20] -cmp dword [ebp - 0x28], eax -jne loc_fffb512e ; jne 0xfffb512e - -loc_fffb51df: ; not directly referenced -movzx eax, byte [ebp - 0x24] -mov edx, dword [ebp + 0x14] -mov dword [edx], eax - -loc_fffb51e8: ; not directly referenced -mov eax, ebx -jmp short loc_fffb51f1 ; jmp 0xfffb51f1 - -loc_fffb51ec: ; not directly referenced -mov eax, 0x80000003 - -loc_fffb51f1: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb51f9: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2c -mov bl, byte [ebp + 0xc] -mov al, byte [ebp + 0x18] -mov edi, dword [ebp + 0x1c] -and ebx, 0x7f -cmp dword [ebp + 0x14], 1 -mov byte [ebp - 0x1f], al -jbe short loc_fffb5230 ; jbe 0xfffb5230 -test edi, edi -mov esi, 0x80000002 -sete dl -cmp dword [ebp + 0x20], 0 -sete al -or dl, al -jne loc_fffb5793 ; jne 0xfffb5793 - -loc_fffb5230: ; not directly referenced -sub esp, 0xc -mov esi, 0x80000012 -push 0 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, 0x40 -jne loc_fffb5793 ; jne 0xfffb5793 -test al, 1 -je short loc_fffb5264 ; je 0xfffb5264 -push edi -push edi -push 0xff -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -jmp near loc_fffb5793 ; jmp 0xfffb5793 - -loc_fffb5264: ; not directly referenced -push esi -movzx eax, al -push esi -push eax -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -lea eax, [ebx + ebx + 1] -add esp, 0x10 -mov byte [ebp - 0x1c], al -dec eax -mov byte [ebp - 0x1d], al -mov eax, dword [ebp + 0x14] -mov dword [ebp - 0x24], 3 -mov byte [ebp - 0x1e], 0 -and eax, 0xfffffffd -mov dword [ebp - 0x2c], eax - -loc_fffb5293: ; not directly referenced -mov al, byte [ebp + 0x10] -cmp dword [ebp + 0x14], 0xb -mov byte [ebp - 0x20], al -ja loc_fffb5454 ; ja 0xfffb5454 -mov eax, dword [ebp + 0x14] -jmp dword [eax*4 + ref_fffd3f28] ; ujmp: jmp dword [eax*4 - 0x2c0d8] - -loc_fffb52ad: ; not directly referenced -mov dl, byte [ebp - 0x1d] -jmp short loc_fffb52b5 ; jmp 0xfffb52b5 - -loc_fffb52b2: ; not directly referenced -mov dl, byte [ebp - 0x1c] - -loc_fffb52b5: ; not directly referenced -cmp byte [ebp - 0x1f], 1 -je loc_fffb5446 ; je 0xfffb5446 -xor esi, esi -jmp near loc_fffb5440 ; jmp 0xfffb5440 - -loc_fffb52c6: ; not directly referenced -mov eax, dword [ebp + 0x20] -mov dl, byte [ebp - 0x1d] -mov al, byte [eax] -mov byte [ebp - 0x20], al -jmp short loc_fffb52d6 ; jmp 0xfffb52d6 - -loc_fffb52d3: ; not directly referenced -mov dl, byte [ebp - 0x1c] - -loc_fffb52d6: ; not directly referenced -cmp dword [edi], 1 -mov esi, 4 -mov dword [edi], 1 -sbb ebx, ebx -and ebx, 0x80000005 -jmp near loc_fffb5409 ; jmp 0xfffb5409 - -loc_fffb52f1: ; not directly referenced -mov eax, dword [ebp + 0x20] -push ecx -push ecx -movzx eax, byte [eax] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -mov dl, byte [ebp - 0x1d] -mov dword [edi], 1 -jmp short loc_fffb5312 ; jmp 0xfffb5312 - -loc_fffb530f: ; not directly referenced -mov dl, byte [ebp - 0x1c] - -loc_fffb5312: ; not directly referenced -mov eax, dword [edi] -test eax, eax -je loc_fffb554f ; je 0xfffb554f -cmp eax, 1 -je loc_fffb543b ; je 0xfffb543b -cmp eax, 0x100 -ja loc_fffb5454 ; ja 0xfffb5454 -cmp byte [ebp - 0x1f], 1 -je loc_fffb5446 ; je 0xfffb5446 -mov esi, 0x18 -jmp near loc_fffb5440 ; jmp 0xfffb5440 - -loc_fffb5344: ; not directly referenced -cmp dword [edi], 2 -mov dl, byte [ebp - 0x1c] -mov dword [edi], 2 -sbb ebx, ebx -and ebx, 0x80000005 -jmp short loc_fffb5392 ; jmp 0xfffb5392 - -loc_fffb535a: ; not directly referenced -push eax -push eax -mov eax, dword [ebp + 0x20] -movzx eax, byte [eax + 1] -push eax -push 6 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop eax -mov eax, dword [ebp + 0x20] -pop edx -movzx eax, byte [eax] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -mov dl, byte [ebp - 0x1d] -cmp dword [edi], 2 -mov dword [edi], 2 -sbb ebx, ebx -and ebx, 0x80000005 - -loc_fffb5392: ; not directly referenced -mov esi, 0xc -jmp short loc_fffb5409 ; jmp 0xfffb5409 - -loc_fffb5399: ; not directly referenced -push eax -push eax -movzx eax, byte [edi] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov al, byte [edi] -add esp, 0x10 -mov dl, byte [ebp - 0x1d] -mov byte [ebp - 0x1e], al -jmp short loc_fffb53b6 ; jmp 0xfffb53b6 - -loc_fffb53b3: ; not directly referenced -mov dl, byte [ebp - 0x1c] - -loc_fffb53b6: ; not directly referenced -mov eax, dword [edi] -dec eax -cmp eax, 0x1f -ja loc_fffb5454 ; ja 0xfffb5454 -mov esi, 0x14 -jmp near loc_fffb5450 ; jmp 0xfffb5450 - -loc_fffb53cc: ; not directly referenced -mov eax, dword [ebp + 0x20] -push ebx -push ebx -movzx eax, byte [eax + 1] -push eax -push 6 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop esi -mov esi, 0x10 -pop eax -mov eax, dword [ebp + 0x20] -movzx eax, byte [eax] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -mov dl, byte [ebp - 0x1c] -cmp dword [edi], 2 -mov dword [edi], 2 -sbb ebx, ebx -and ebx, 0x80000005 - -loc_fffb5409: ; not directly referenced -xor eax, eax -test ebx, ebx -jns short loc_fffb545e ; jns 0xfffb545e -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5414: ; not directly referenced -mov eax, dword [edi] -dec eax -cmp eax, 0x1f -ja short loc_fffb5454 ; ja 0xfffb5454 -push ecx -mov esi, 0x1c -push ecx -movzx eax, byte [edi] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov al, byte [edi] -add esp, 0x10 -mov dl, byte [ebp - 0x1c] -mov byte [ebp - 0x1e], al -jmp short loc_fffb5450 ; jmp 0xfffb5450 - -loc_fffb543b: ; not directly referenced -mov esi, 8 - -loc_fffb5440: ; not directly referenced -xor eax, eax - -loc_fffb5442: ; not directly referenced -xor ebx, ebx -jmp short loc_fffb545e ; jmp 0xfffb545e - -loc_fffb5446: ; not directly referenced -mov ebx, 0x80000003 -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5450: ; not directly referenced -mov al, 2 -jmp short loc_fffb5442 ; jmp 0xfffb5442 - -loc_fffb5454: ; not directly referenced -mov ebx, 0x80000002 -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb545e: ; not directly referenced -mov cl, al -or ecx, 1 -cmp byte [ebp - 0x1f], 1 -mov dword [ebp - 0x28], edx -push edx -cmove eax, ecx -push edx -movzx eax, al -push eax -push 0xd -call fcn_fffb47e9 ; call 0xfffb47e9 -mov dword [esp], 2 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -mov edx, dword [ebp - 0x28] -cmp dword [ebp - 0x2c], 9 -je short loc_fffb54ae ; je 0xfffb54ae - -loc_fffb5492: ; not directly referenced -push ecx -movzx edx, dl -push ecx -push edx -push 4 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -movzx eax, byte [ebp - 0x20] -cmp dword [ebp + 0x14], 4 -jne short loc_fffb54eb ; jne 0xfffb54eb -jmp short loc_fffb54df ; jmp 0xfffb54df - -loc_fffb54ae: ; not directly referenced -movzx ecx, byte [ebp - 0x1e] -xor eax, eax -mov dword [ebp - 0x28], ecx - -loc_fffb54b7: ; not directly referenced -cmp eax, dword [ebp - 0x28] -jae short loc_fffb5492 ; jae 0xfffb5492 -mov ecx, dword [ebp + 0x20] -mov dword [ebp - 0x34], edx -push edx -push edx -movzx ecx, byte [ecx + eax] -mov dword [ebp - 0x30], eax -push ecx -push 7 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov eax, dword [ebp - 0x30] -add esp, 0x10 -mov edx, dword [ebp - 0x34] -inc eax -jmp short loc_fffb54b7 ; jmp 0xfffb54b7 - -loc_fffb54df: ; not directly referenced -cmp dword [edi], 1 -jbe short loc_fffb54eb ; jbe 0xfffb54eb -push ecx -push ecx -push eax -push 6 -jmp short loc_fffb54f0 ; jmp 0xfffb54f0 - -loc_fffb54eb: ; not directly referenced -push edx -push edx -push eax -push 3 - -loc_fffb54f0: ; not directly referenced -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -lea eax, [esi + 0x40] -mov esi, 0x186a0 -movzx eax, al -push ecx -push ecx -push eax -push 2 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 - -loc_fffb5510: ; not directly referenced -sub esp, 0xc -push 0 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, 0x8e -jne loc_fffb55fa ; jne 0xfffb55fa -sub esp, 0xc -push 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -add esp, 0x10 -dec esi -jne short loc_fffb5510 ; jne 0xfffb5510 -jmp near loc_fffb55f3 ; jmp 0xfffb55f3 - -loc_fffb553a: ; not directly referenced -sub esp, 0xc -push 5 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, al -jne loc_fffb5750 ; jne 0xfffb5750 - -loc_fffb554f: ; not directly referenced -mov ebx, 0x80000005 -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5559: ; not directly referenced -cmp dword [edi], 1 -jbe loc_fffb56de ; jbe 0xfffb56de -xor esi, esi - -loc_fffb5564: ; not directly referenced -cmp esi, dword [edi] -jae loc_fffb561b ; jae 0xfffb561b -sub esp, 0xc -push 7 -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -add esp, 0x10 -mov byte [ecx + esi], al -mov eax, dword [edi] -lea edx, [eax - 2] -cmp esi, edx -jne loc_fffb56b9 ; jne 0xfffb56b9 -sub esp, 0xc -push 2 -call fcn_fffb4808 ; call 0xfffb4808 -pop edx -pop ecx -or eax, 0x20 -movzx eax, al - -loc_fffb559e: ; not directly referenced -push eax -push 2 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 - -loc_fffb55a9: ; not directly referenced -push eax -push eax -push 0x80 -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov eax, dword [edi] -add esp, 0x10 -dec eax -cmp esi, eax -jae loc_fffb56d8 ; jae 0xfffb56d8 -mov dword [ebp - 0x1c], 0x64 - -loc_fffb55cc: ; not directly referenced -sub esp, 0xc -push 0 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, al -js loc_fffb56d8 ; js 0xfffb56d8 -sub esp, 0xc -push 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -add esp, 0x10 -dec dword [ebp - 0x1c] -jne short loc_fffb55cc ; jne 0xfffb55cc - -loc_fffb55f3: ; not directly referenced -mov ebx, 0x80000012 -jmp short loc_fffb561b ; jmp 0xfffb561b - -loc_fffb55fa: ; not directly referenced -test al, 4 -je short loc_fffb5649 ; je 0xfffb5649 -sub esp, 0xc -push 0xc -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -and eax, 1 -cmp al, 1 -sbb ebx, ebx -and ebx, 0xffffffec -sub ebx, 0x7fffffe5 - -loc_fffb561b: ; not directly referenced -push eax -push eax -push 0xff -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop edx -pop ecx -push 1 -push 0xc -call fcn_fffb47e9 ; call 0xfffb47e9 -pop esi -mov esi, ebx -pop edi -push 0 -push 0xd -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -jmp near loc_fffb5793 ; jmp 0xfffb5793 - -loc_fffb5649: ; not directly referenced -test al, 8 -je short loc_fffb568e ; je 0xfffb568e -push ebx -push ebx -push 8 -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop esi -pop eax -push 0xff -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop eax -pop edx -push 1 -push 0xc -call fcn_fffb47e9 ; call 0xfffb47e9 -mov dword [esp], 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -add esp, 0x10 -dec dword [ebp - 0x24] -je loc_fffb5789 ; je 0xfffb5789 -jmp near loc_fffb5293 ; jmp 0xfffb5293 - -loc_fffb568e: ; not directly referenced -mov eax, dword [ebp + 0x14] -sub eax, 2 -cmp eax, 9 -ja short loc_fffb561b ; ja 0xfffb561b -jmp dword [eax*4 + ref_fffd3f58] ; ujmp: jmp dword [eax*4 - 0x2c0a8] - -loc_fffb56a0: ; not directly referenced -sub esp, 0xc -push 6 -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -mov byte [ecx + 1], al -mov dword [esp], 5 -jmp short loc_fffb56e3 ; jmp 0xfffb56e3 - -loc_fffb56b9: ; not directly referenced -dec eax -cmp esi, eax -jne loc_fffb55a9 ; jne 0xfffb55a9 -sub esp, 0xc -push 2 -call fcn_fffb4808 ; call 0xfffb4808 -pop edx -pop ecx -and eax, 0xdf -jmp near loc_fffb559e ; jmp 0xfffb559e - -loc_fffb56d8: ; not directly referenced -inc esi -jmp near loc_fffb5564 ; jmp 0xfffb5564 - -loc_fffb56de: ; not directly referenced -sub esp, 0xc -push 5 - -loc_fffb56e3: ; not directly referenced -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -mov byte [ecx], al -jmp short loc_fffb56fd ; jmp 0xfffb56fd - -loc_fffb56ef: ; not directly referenced -push eax -push eax -push 0x80 -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 - -loc_fffb56fd: ; not directly referenced -add esp, 0x10 -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5705: ; not directly referenced -sub esp, 0xc -xor esi, esi -push 5 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -movzx edx, al -mov al, 1 -cmp dword [edi], edx -jb short loc_fffb573f ; jb 0xfffb573f - -loc_fffb571d: ; not directly referenced -cmp esi, edx -jae short loc_fffb573d ; jae 0xfffb573d -sub esp, 0xc -push 7 -mov dword [ebp - 0x1c], edx -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -add esp, 0x10 -mov edx, dword [ebp - 0x1c] -mov byte [ecx + esi], al -inc esi -jmp short loc_fffb571d ; jmp 0xfffb571d - -loc_fffb573d: ; not directly referenced -xor eax, eax - -loc_fffb573f: ; not directly referenced -test al, al -mov eax, 0x80000005 -mov dword [edi], edx -cmovne ebx, eax -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5750: ; not directly referenced -movzx edx, byte [edi] -movzx ecx, al -lea eax, [edx + ecx] -cmp eax, 0x20 -jg short loc_fffb5789 ; jg 0xfffb5789 -xor esi, esi -mov edx, ecx - -loc_fffb5762: ; not directly referenced -cmp esi, edx -jae short loc_fffb5782 ; jae 0xfffb5782 -sub esp, 0xc -push 7 -mov dword [ebp - 0x1c], edx -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -add esp, 0x10 -mov edx, dword [ebp - 0x1c] -mov byte [ecx + esi], al -inc esi -jmp short loc_fffb5762 ; jmp 0xfffb5762 - -loc_fffb5782: ; not directly referenced -mov dword [edi], edx -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5789: ; not directly referenced -mov ebx, 0x80000007 -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5793: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, esi -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb579d: ; not directly referenced -push ebp -movzx edx, dl -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -sub esp, 0x2c -mov ebx, dword [ebp + 0x10] -mov eax, dword [ebp + 8] -mov dword [ebp - 0x24], ecx -mov edi, dword [esi + 0x5edc] -mov dword [ebp - 0x1c], ebx -mov byte [ebp - 0x2b], bl -mov bl, byte [ebp + 0x18] -mov ecx, eax -mov eax, dword [ebp + 0xc] -mov byte [ebp - 0x2c], bl -imul ebx, edx, 0xcc -mov byte [ebp - 0x20], al -lea ebx, [edi + ebx + 0x1c] -cmp cl, 0xe -ja loc_fffb5b85 ; ja 0xfffb5b85 -movzx edi, cl -jmp dword [edi*4 + ref_fffd3f80] ; ujmp: jmp dword [edi*4 - 0x2c080] - -loc_fffb57eb: ; not directly referenced -mov edi, dword [ebx + 0xa0] -and eax, 0xf -shl eax, 0xf -and edi, 0xfff87fff -jmp near loc_fffb5b31 ; jmp 0xfffb5b31 - -loc_fffb5802: ; not directly referenced -mov edi, dword [ebx + 0xa0] -and eax, 0xf -shl eax, 0x13 -and edi, 0xff87ffff -jmp near loc_fffb5b31 ; jmp 0xfffb5b31 - -loc_fffb5819: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 0x11 -and edi, 0xffe1ffff -jmp short loc_fffb5895 ; jmp 0xfffb5895 - -loc_fffb582d: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 0x15 -and edi, 0xfe1fffff -jmp short loc_fffb5895 ; jmp 0xfffb5895 - -loc_fffb5841: ; not directly referenced -mov edi, dword [ebx + 0xa8] -and eax, 0x1f -shl eax, 0x13 -and edi, 0xff07ffff -jmp near loc_fffb5b65 ; jmp 0xfffb5b65 - -loc_fffb5858: ; not directly referenced -mov edi, dword [ebx + 0xa8] -and eax, 0x1f -shl eax, 0x18 -and edi, 0xe0ffffff -jmp near loc_fffb5b65 ; jmp 0xfffb5b65 - -loc_fffb586f: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 6 -and edi, 0xfffffc3f -jmp short loc_fffb5895 ; jmp 0xfffb5895 - -loc_fffb5883: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 0xa -and edi, 0xffffc3ff - -loc_fffb5895: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x4008 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xa4], edi -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 - -loc_fffb58be: ; not directly referenced -mov edi, dword [ebx + 0xac] -sub eax, 6 -and eax, 3 -shl eax, 0x11 -and edi, 0xfff9ffff -jmp short loc_fffb5901 ; jmp 0xfffb5901 - -loc_fffb58d5: ; not directly referenced -sub eax, 6 -mov edi, dword [ebx + 0xac] -cmp dword [esi + 0x2480], 3 -jne short loc_fffb58f5 ; jne 0xfffb58f5 -and eax, 7 -and edi, 0xffc7ffff -shl eax, 0x13 -jmp short loc_fffb5901 ; jmp 0xfffb5901 - -loc_fffb58f5: ; not directly referenced -and eax, 3 -and edi, 0xffe7ffff -shl eax, 0x13 - -loc_fffb5901: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x4014 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xac], edi -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 - -loc_fffb592a: ; not directly referenced -movzx ecx, byte [ebp - 0x24] -lea edi, [ebx + ecx*4] -mov ebx, dword [edi + 4] -mov dword [ebp - 0x24], edi -mov dword [ebp - 0x20], ebx -shr ebx, 0xd -and ebx, 0xf -mov edi, ebx -or edi, 0xfffffff0 -test bl, 8 -cmovne ebx, edi -add eax, ebx -mov bl, 6 -cmp al, 6 -cmovle ebx, eax -mov al, 0xfc -cmp bl, 0xfc -cmovge eax, ebx -mov ebx, dword [ebp - 0x20] -and eax, 0xf -mov edi, eax -shl edi, 0xd -and ebx, 0xff0e1fff -shl eax, 0x14 -or ebx, edi -or ebx, eax -mov eax, esi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, ebx -mov edx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov eax, dword [ebp - 0x24] -mov dword [eax + 4], ebx -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 - -loc_fffb599b: ; not directly referenced -movzx ecx, byte [ebp - 0x24] -lea edi, [ebx + ecx*4] -mov ebx, dword [edi + 4] -mov dword [ebp - 0x20], ebx -shr ebx, 0x11 -and ebx, 7 -add eax, ebx -mov bl, 7 -cmp al, 7 -cmovle ebx, eax -xor eax, eax -test bl, bl -cmovns eax, ebx -and eax, 7 -mov ebx, eax -shl ebx, 0x11 -mov dword [ebp - 0x24], ebx -mov ebx, dword [ebp - 0x20] -shl eax, 0x18 -and ebx, 0xf8f1ffff -or ebx, dword [ebp - 0x24] -or ebx, eax -mov eax, esi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, ebx -mov edx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov dword [edi + 4], ebx -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 - -loc_fffb59fe: ; not directly referenced -imul eax, edx, 0x13c3 -xor edi, edi -shl edx, 0xa -lea eax, [esi + eax + 0x3756] -mov dword [ebp - 0x24], eax -lea eax, [edx + 0x4028] -mov dword [ebp - 0x30], eax -lea eax, [edx + 0x4024] -mov dword [ebp - 0x28], eax -mov eax, dword [ebp - 0x20] -and eax, 0x7f -mov dword [ebp - 0x1c], eax - -loc_fffb5a2e: ; not directly referenced -mov eax, edi -mov byte [ebp - 0x2a], al -movzx eax, byte [ebp - 0x2c] -bt eax, edi -jae loc_fffb5b13 ; jae 0xfffb5b13 -mov ecx, dword [ebp - 0x24] -mov al, byte [ebp - 0x20] -add al, byte [ecx + edi + 0x1011] -sub al, byte [ecx + edi + 0x1015] -mov byte [ebp - 0x29], al -js loc_fffb5b13 ; js 0xfffb5b13 -mov edx, dword [ebp - 0x30] -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov edx, dword [ebp - 0x28] -mov dword [ebp - 0x34], eax -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov dl, byte [ebp - 0x2a] -mov ecx, dword [ebp - 0x34] -cmp dl, 2 -mov ebx, eax -movzx eax, byte [ebp - 0x29] -je short loc_fffb5ab1 ; je 0xfffb5ab1 -and eax, 0xf -cmp dl, 3 -je short loc_fffb5aca ; je 0xfffb5aca -dec dl -je short loc_fffb5a9e ; je 0xfffb5a9e -and ecx, 0xfffffff0 -and ebx, 0xffffff80 -or ecx, eax -or ebx, dword [ebp - 0x1c] -jmp short loc_fffb5ae0 ; jmp 0xfffb5ae0 - -loc_fffb5a9e: ; not directly referenced -shl eax, 4 -and cl, 0xf -or ecx, eax -mov eax, dword [ebp - 0x1c] -and bh, 0x80 -shl eax, 8 -jmp short loc_fffb5ade ; jmp 0xfffb5ade - -loc_fffb5ab1: ; not directly referenced -and eax, 0xf -and ch, 0xf0 -shl eax, 8 -and ebx, 0xff80ffff -or ecx, eax -mov eax, dword [ebp - 0x1c] -shl eax, 0x10 -jmp short loc_fffb5ade ; jmp 0xfffb5ade - -loc_fffb5aca: ; not directly referenced -shl eax, 0xc -and ch, 0xf -or ecx, eax -mov eax, dword [ebp - 0x1c] -and ebx, 0x80ffffff -shl eax, 0x18 - -loc_fffb5ade: ; not directly referenced -or ebx, eax - -loc_fffb5ae0: ; not directly referenced -mov edx, dword [ebp - 0x30] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x28] -mov ecx, ebx -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x2b], 0 -je short loc_fffb5b13 ; je 0xfffb5b13 -mov ecx, dword [ebp - 0x24] -mov al, byte [ebp - 0x20] -mov byte [ecx + edi + 0x1015], al -mov al, byte [ebp - 0x29] -mov byte [ecx + edi + 0x1011], al - -loc_fffb5b13: ; not directly referenced -inc edi -cmp edi, 4 -jne loc_fffb5a2e ; jne 0xfffb5a2e -jmp short loc_fffb5b85 ; jmp 0xfffb5b85 - -loc_fffb5b1f: ; not directly referenced -mov edi, dword [ebx + 0xa0] -and eax, 7 -shl eax, 0xc -and edi, 0xffff8fff - -loc_fffb5b31: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x4004 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je short loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xa0], edi -jmp short loc_fffb5b85 ; jmp 0xfffb5b85 - -loc_fffb5b53: ; not directly referenced -mov edi, dword [ebx + 0xa8] -and eax, 0x1f -shl eax, 0xe -and edi, 0xfff83fff - -loc_fffb5b65: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x400c -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je short loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xa8], edi - -loc_fffb5b85: ; not directly referenced -add esp, 0x2c -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb5b8d: -push ebp -mov ebp, esp -sub esp, 8 -call fcn_fffb468a ; call 0xfffb468a -cmp eax, 1 -jne short loc_fffb5bab ; jne 0xfffb5bab -call fcn_fffb481e ; call 0xfffb481e -cmp eax, 1 -jne short loc_fffb5bab ; jne 0xfffb5bab -mov al, 6 -jmp short loc_fffb5bb4 ; jmp 0xfffb5bb4 - -loc_fffb5bab: -cmp eax, 2 -sete al -shl eax, 2 - -loc_fffb5bb4: -leave -ret - -fcn_fffb5bb6: -push ebp -mov ebp, esp -sub esp, 8 -call fcn_fffb468a ; call 0xfffb468a -cmp eax, 1 -jne short loc_fffb5bdf ; jne 0xfffb5bdf -call fcn_fffb481e ; call 0xfffb481e -cmp eax, 1 -je short loc_fffb5bdb ; je 0xfffb5bdb -cmp eax, 2 -sete dl -shl edx, 3 -jmp short loc_fffb5be9 ; jmp 0xfffb5be9 - -loc_fffb5bdb: -mov dl, 0xe -jmp short loc_fffb5be9 ; jmp 0xfffb5be9 - -loc_fffb5bdf: -cmp eax, 2 -mov dl, 0xa -mov al, 0 -cmovne edx, eax - -loc_fffb5be9: -mov al, dl -leave -ret - -fcn_fffb5bed: ; not directly referenced +fcn_fffb4e8f: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -30043,18 +28694,18 @@ push esi push ebx sub esp, 0xac mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x5edc] +mov eax, dword [edi + 0x5edd] mov esi, eax mov dword [ebp - 0x90], eax -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] mov dword [ebp - 0x7c], eax mov eax, dword [edi + 0x1887] mov dword [ebp - 0x78], eax mov eax, dword [edi + 0x188b] mov dword [ebp - 0x6c], eax mov eax, edi -call fcn_fffc3c0d ; call 0xfffc3c0d -lea eax, [edi + 0x3756] +call fcn_fffc3b02 ; call 0xfffc3b02 +lea eax, [edi + 0x3757] mov ecx, eax mov dword [ebp - 0x80], eax mov eax, esi @@ -30064,16 +28715,16 @@ mov dword [ebp - 0x8c], eax mov ebx, eax mov dword [ebp - 0x70], ecx -loc_fffb5c50: ; not directly referenced +loc_fffb4ef2: ; not directly referenced mov eax, dword [ebp - 0x70] cmp dword [eax], 2 -jne loc_fffb5e14 ; jne 0xfffb5e14 +jne loc_fffb50b6 ; jne 0xfffb50b6 cmp dword [ebp - 0x6c], 1 -je short loc_fffb5c9f ; je 0xfffb5c9f +je short loc_fffb4f41 ; je 0xfffb4f41 -loc_fffb5c62: ; not directly referenced +loc_fffb4f04: ; not directly referenced cmp byte [edi + 0x18b4], 1 -jne loc_fffb5d3d ; jne 0xfffb5d3d +jne loc_fffb4fdf ; jne 0xfffb4fdf mov eax, dword [ebp - 0x7c] call dword [eax + 0x7c] ; ucall mov edx, dword [ebp - 0x6c] @@ -30086,10 +28737,10 @@ dec edx cmovne ecx, eax mov eax, edi lea edx, [esi*4 + 0x2000] -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffb5d3d ; jmp 0xfffb5d3d +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffb4fdf ; jmp 0xfffb4fdf -loc_fffb5c9f: ; not directly referenced +loc_fffb4f41: ; not directly referenced mov dl, byte [ebx + 0xcb] mov ecx, 0xff mov al, byte [ebx + 3] @@ -30100,30 +28751,30 @@ or eax, edx mov edx, esi mov byte [ebx + 3], al mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebx] mov edx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 cmp byte [ebx + 0xcb], 0 -je short loc_fffb5c62 ; je 0xfffb5c62 +je short loc_fffb4f04 ; je 0xfffb4f04 mov byte [ebp - 0x74], 0 -loc_fffb5cdc: ; not directly referenced +loc_fffb4f7e: ; not directly referenced mov al, byte [ebp - 0x74] -cmp al, byte [edi + 0x2488] -jae loc_fffb5c62 ; jae 0xfffb5c62 +cmp al, byte [edi + 0x2489] +jae loc_fffb4f04 ; jae 0xfffb4f04 movzx ecx, byte [ebp - 0x74] xor edx, edx mov al, byte [ebx + ecx*4 + 6] shr al, 1 and eax, 7 cmp al, 2 -jbe short loc_fffb5d04 ; jbe 0xfffb5d04 +jbe short loc_fffb4fa6 ; jbe 0xfffb4fa6 lea edx, [eax - 1] and edx, 7 -loc_fffb5d04: ; not directly referenced +loc_fffb4fa6: ; not directly referenced mov al, byte [ebx + ecx*4 + 6] and edx, 7 add edx, edx @@ -30134,26 +28785,26 @@ mov byte [ebx + ecx*4 + 6], al mov eax, dword [ebx + ecx*4 + 4] mov dword [ebp - 0x84], eax mov eax, edi -call fcn_fffa724b ; call 0xfffa724b +call fcn_fffa71f9 ; call 0xfffa71f9 mov ecx, dword [ebp - 0x84] mov edx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x74] -jmp short loc_fffb5cdc ; jmp 0xfffb5cdc +jmp short loc_fffb4f7e ; jmp 0xfffb4f7e -loc_fffb5d3d: ; not directly referenced +loc_fffb4fdf: ; not directly referenced imul eax, dword [edi + 0x18a7], 0x2e mov ecx, dword [ebp - 0x70] cmp word [ecx + eax + 8], 1 -jne short loc_fffb5d8a ; jne 0xfffb5d8a +jne short loc_fffb502c ; jne 0xfffb502c mov eax, esi shl eax, 0xa add eax, 0x4010 mov edx, eax mov dword [ebp - 0x74], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dl, byte [edi + 0x190b] mov ecx, edx shr dl, 1 @@ -30166,99 +28817,99 @@ or eax, edx mov edx, dword [ebp - 0x74] mov ecx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb5d8a: ; not directly referenced +loc_fffb502c: ; not directly referenced cmp byte [edi + 0x190c], 0 -jne short loc_fffb5db8 ; jne 0xfffb5db8 +jne short loc_fffb505a ; jne 0xfffb505a cmp dword [ebp - 0x6c], 0 -jne short loc_fffb5db8 ; jne 0xfffb5db8 +jne short loc_fffb505a ; jne 0xfffb505a and byte [ebx + 0xa3], 0xdf mov edx, esi mov ecx, dword [ebx + 0xa0] shl edx, 0xa mov eax, edi add edx, 0x4004 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb5db8: ; not directly referenced +loc_fffb505a: ; not directly referenced lea edx, [esi*8 + 0x48a8] mov ecx, 0x3000 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x70] mov edx, esi shl edx, 0xa add edx, 0x42a0 movzx ecx, byte [eax + 0xc4] mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -cmp byte [edi + 0x3748], 1 -jne short loc_fffb5e14 ; jne 0xfffb5e14 +call fcn_fffb335b ; call 0xfffb335b +cmp byte [edi + 0x3749], 1 +jne short loc_fffb50b6 ; jne 0xfffb50b6 lea eax, [esi*4 + 0x5004] mov edx, eax mov dword [ebp - 0x74], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, dword [ebp - 0x74] or eax, 0x3000000 mov ecx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb5e14: ; not directly referenced +loc_fffb50b6: ; not directly referenced inc esi add ebx, 0xcc add dword [ebp - 0x70], 0x13c3 cmp esi, 2 -jne loc_fffb5c50 ; jne 0xfffb5c50 +jne loc_fffb4ef2 ; jne 0xfffb4ef2 xor eax, eax -cmp dword [edi + 0x2480], 3 +cmp dword [edi + 0x2481], 3 sete al mov dword [ebp - 0x84], eax test byte [edi + 0x2406], 1 -je short loc_fffb5e4a ; je 0xfffb5e4a +je short loc_fffb50ec ; je 0xfffb50ec test eax, eax -je short loc_fffb5e53 ; je 0xfffb5e53 +je short loc_fffb50f5 ; je 0xfffb50f5 -loc_fffb5e4a: ; not directly referenced +loc_fffb50ec: ; not directly referenced xor edx, edx mov eax, edi -call fcn_fffb0b30 ; call 0xfffb0b30 +call fcn_fffaa9ee ; call 0xfffaa9ee -loc_fffb5e53: ; not directly referenced +loc_fffb50f5: ; not directly referenced mov eax, dword [ebp - 0x78] cmp eax, 0x40660 sete dl cmp eax, 0x306c0 sete al or dl, al -jne short loc_fffb5e85 ; jne 0xfffb5e85 +jne short loc_fffb5127 ; jne 0xfffb5127 -loc_fffb5e6a: ; not directly referenced -mov eax, dword [edi + 0x5edc] +loc_fffb510c: ; not directly referenced +mov eax, dword [edi + 0x5edd] mov dword [ebp - 0x7c], 0 lea esi, [eax + 0x1c] mov eax, dword [ebp - 0x80] mov dword [ebp - 0x74], eax -jmp near loc_fffb5f7b ; jmp 0xfffb5f7b +jmp near loc_fffb521d ; jmp 0xfffb521d -loc_fffb5e85: ; not directly referenced -mov eax, dword [edi + 0x5edc] +loc_fffb5127: ; not directly referenced +mov eax, dword [edi + 0x5edd] mov dword [ebp - 0x70], 0 lea ebx, [eax + 0x1c] -loc_fffb5e95: ; not directly referenced +loc_fffb5137: ; not directly referenced imul eax, dword [ebp - 0x70], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffb5f49 ; jne 0xfffb5f49 -mov al, byte [edi + 0x2488] +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffb51eb ; jne 0xfffb51eb +mov al, byte [edi + 0x2489] mov byte [ebp - 0x7c], al xor eax, eax -loc_fffb5eb5: ; not directly referenced +loc_fffb5157: ; not directly referenced cmp byte [ebp - 0x7c], al -jbe short loc_fffb5f1e ; jbe 0xfffb5f1e +jbe short loc_fffb51c0 ; jbe 0xfffb51c0 mov dl, byte [ebx + eax*4 + 5] movzx ecx, byte [ebx + eax*4 + 6] shr dl, 5 @@ -30287,22 +28938,22 @@ movzx esi, byte [ebx + eax*4 + 7] add edx, dword [ebp - 0x74] and esi, 7 cmp edx, 6 -jg short loc_fffb5f22 ; jg 0xfffb5f22 +jg short loc_fffb51c4 ; jg 0xfffb51c4 movsx ecx, cl inc eax add ecx, esi cmp ecx, 6 -jle short loc_fffb5eb5 ; jle 0xfffb5eb5 -jmp short loc_fffb5f22 ; jmp 0xfffb5f22 +jle short loc_fffb5157 ; jle 0xfffb5157 +jmp short loc_fffb51c4 ; jmp 0xfffb51c4 -loc_fffb5f1e: ; not directly referenced +loc_fffb51c0: ; not directly referenced xor edx, edx -jmp short loc_fffb5f24 ; jmp 0xfffb5f24 +jmp short loc_fffb51c6 ; jmp 0xfffb51c6 -loc_fffb5f22: ; not directly referenced +loc_fffb51c4: ; not directly referenced mov dl, 1 -loc_fffb5f24: ; not directly referenced +loc_fffb51c6: ; not directly referenced mov al, byte [ebx + 1] mov ecx, 0xff and eax, 0xfffffffe @@ -30310,36 +28961,36 @@ or eax, edx mov edx, dword [ebp - 0x70] mov byte [ebx + 1], al mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebx] mov edx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffb5f49: ; not directly referenced +loc_fffb51eb: ; not directly referenced inc dword [ebp - 0x70] add ebx, 0xcc cmp dword [ebp - 0x70], 2 -je loc_fffb5e6a ; je 0xfffb5e6a -jmp near loc_fffb5e95 ; jmp 0xfffb5e95 +je loc_fffb510c ; je 0xfffb510c +jmp near loc_fffb5137 ; jmp 0xfffb5137 -loc_fffb5f61: ; not directly referenced +loc_fffb5203: ; not directly referenced inc dword [ebp - 0x7c] add esi, 0xcc add dword [ebp - 0x74], 0x13c3 cmp dword [ebp - 0x7c], 2 -je loc_fffb6031 ; je 0xfffb6031 +je loc_fffb52d3 ; je 0xfffb52d3 -loc_fffb5f7b: ; not directly referenced +loc_fffb521d: ; not directly referenced mov eax, dword [ebp - 0x74] cmp dword [eax], 2 -jne short loc_fffb5f61 ; jne 0xfffb5f61 +jne short loc_fffb5203 ; jne 0xfffb5203 mov byte [ebp - 0x70], 0 -loc_fffb5f87: ; not directly referenced +loc_fffb5229: ; not directly referenced movzx eax, byte [ebp - 0x70] -cmp al, byte [edi + 0x2488] -jae short loc_fffb5f61 ; jae 0xfffb5f61 +cmp al, byte [edi + 0x2489] +jae short loc_fffb5203 ; jae 0xfffb5203 mov ecx, dword [ebp - 0x74] mov bl, byte [ecx + 0xc4] lea eax, [ecx + eax + 0x104a] @@ -30348,11 +28999,11 @@ mov dword [ebp - 0x88], eax xor eax, eax mov byte [ebp - 0x98], bl -loc_fffb5fb3: ; not directly referenced +loc_fffb5255: ; not directly referenced mov edx, 1 shl edx, cl test byte [ebp - 0x98], dl -je short loc_fffb5fe3 ; je 0xfffb5fe3 +je short loc_fffb5285 ; je 0xfffb5285 mov ebx, dword [ebp - 0x88] mov dl, byte [ebx] mov byte [ebp - 0x94], dl @@ -30363,11 +29014,11 @@ cmovae edx, ebx cmp al, dl cmovb eax, edx -loc_fffb5fe3: ; not directly referenced +loc_fffb5285: ; not directly referenced inc ecx add dword [ebp - 0x88], 9 cmp ecx, 4 -jne short loc_fffb5fb3 ; jne 0xfffb5fb3 +jne short loc_fffb5255 ; jne 0xfffb5255 movzx ebx, byte [ebp - 0x70] shr al, 3 not eax @@ -30381,16 +29032,16 @@ or edx, eax mov eax, edi mov byte [esi + ebx*4 + 5], dl mov edx, dword [ebp - 0x7c] -call fcn_fffa724b ; call 0xfffa724b +call fcn_fffa71f9 ; call 0xfffa71f9 mov ecx, dword [esi + ebx*4 + 4] mov edx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x70] -jmp near loc_fffb5f87 ; jmp 0xfffb5f87 +jmp near loc_fffb5229 ; jmp 0xfffb5229 -loc_fffb6031: ; not directly referenced -movzx ecx, word [edi + 0x2489] +loc_fffb52d3: ; not directly referenced +movzx ecx, word [edi + 0x248a] mov eax, ecx shr ax, 1 movzx eax, ax @@ -30399,24 +29050,24 @@ cdq idiv ecx mov ecx, 7 cmp eax, 7 -ja short loc_fffb6061 ; ja 0xfffb6061 +ja short loc_fffb5303 ; ja 0xfffb5303 xor cl, cl cmp eax, 2 -jbe short loc_fffb6061 ; jbe 0xfffb6061 +jbe short loc_fffb5303 ; jbe 0xfffb5303 mov cl, 4 cmp eax, 3 cmovne ecx, eax -loc_fffb6061: ; not directly referenced +loc_fffb5303: ; not directly referenced cmp dword [ebp - 0x6c], 1 -jne short loc_fffb6079 ; jne 0xfffb6079 +jne short loc_fffb531b ; jne 0xfffb531b -loc_fffb6067: ; not directly referenced +loc_fffb5309: ; not directly referenced cmp dword [ebp - 0x78], 0x40650 -jne loc_fffb6125 ; jne 0xfffb6125 -jmp near loc_fffb6132 ; jmp 0xfffb6132 +jne loc_fffb53c7 ; jne 0xfffb53c7 +jmp near loc_fffb53d4 ; jmp 0xfffb53d4 -loc_fffb6079: ; not directly referenced +loc_fffb531b: ; not directly referenced and ecx, 7 xor esi, esi mov ebx, dword [ebp - 0x8c] @@ -30426,79 +29077,79 @@ mov dword [ebp - 0x70], 0 cmove esi, ecx mov byte [ebp - 0x7c], al -loc_fffb609f: ; not directly referenced +loc_fffb5341: ; not directly referenced imul eax, dword [ebp - 0x70], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffb60c1 ; je 0xfffb60c1 +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffb5363 ; je 0xfffb5363 -loc_fffb60b0: ; not directly referenced +loc_fffb5352: ; not directly referenced inc dword [ebp - 0x70] add ebx, 0xcc cmp dword [ebp - 0x70], 2 -jne short loc_fffb609f ; jne 0xfffb609f -jmp short loc_fffb6067 ; jmp 0xfffb6067 +jne short loc_fffb5341 ; jne 0xfffb5341 +jmp short loc_fffb5309 ; jmp 0xfffb5309 -loc_fffb60c1: ; not directly referenced +loc_fffb5363: ; not directly referenced mov byte [ebp - 0x6c], 0 -loc_fffb60c5: ; not directly referenced +loc_fffb5367: ; not directly referenced mov al, byte [ebp - 0x6c] -cmp al, byte [edi + 0x2488] -jae short loc_fffb60b0 ; jae 0xfffb60b0 +cmp al, byte [edi + 0x2489] +jae short loc_fffb5352 ; jae 0xfffb5352 cmp dword [ebp - 0x78], 0x40650 movzx edx, byte [ebp - 0x6c] -jne short loc_fffb60ef ; jne 0xfffb60ef +jne short loc_fffb5391 ; jne 0xfffb5391 mov al, byte [ebx + edx*4 + 7] lea ecx, [esi*8] and eax, 0xffffffc7 or eax, ecx -jmp short loc_fffb60f9 ; jmp 0xfffb60f9 +jmp short loc_fffb539b ; jmp 0xfffb539b -loc_fffb60ef: ; not directly referenced +loc_fffb5391: ; not directly referenced mov al, byte [ebx + edx*4 + 7] and eax, 0xffffffc7 or eax, dword [ebp - 0x7c] -loc_fffb60f9: ; not directly referenced +loc_fffb539b: ; not directly referenced mov byte [ebx + edx*4 + 7], al movzx eax, byte [ebp - 0x6c] mov edx, dword [ebp - 0x70] mov ecx, eax mov dword [ebp - 0x74], eax mov eax, edi -call fcn_fffa724b ; call 0xfffa724b +call fcn_fffa71f9 ; call 0xfffa71f9 mov ecx, dword [ebp - 0x74] mov ecx, dword [ebx + ecx*4 + 4] mov edx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x6c] -jmp short loc_fffb60c5 ; jmp 0xfffb60c5 +jmp short loc_fffb5367 ; jmp 0xfffb5367 -loc_fffb6125: ; not directly referenced +loc_fffb53c7: ; not directly referenced cmp dword [edi + 0x188b], 1 -jne loc_fffb6434 ; jne 0xfffb6434 +jne loc_fffb56d6 ; jne 0xfffb56d6 -loc_fffb6132: ; not directly referenced +loc_fffb53d4: ; not directly referenced mov eax, dword [ebp - 0x80] mov esi, dword [ebp - 0x8c] mov dword [ebp - 0x74], 0 mov dword [ebp - 0x78], eax -loc_fffb6145: ; not directly referenced +loc_fffb53e7: ; not directly referenced mov eax, dword [ebp - 0x78] cmp dword [eax], 2 -je short loc_fffb6168 ; je 0xfffb6168 +je short loc_fffb540a ; je 0xfffb540a -loc_fffb614d: ; not directly referenced +loc_fffb53ef: ; not directly referenced inc dword [ebp - 0x74] add esi, 0xcc add dword [ebp - 0x78], 0x13c3 cmp dword [ebp - 0x74], 2 -jne short loc_fffb6145 ; jne 0xfffb6145 -jmp near loc_fffb62d1 ; jmp 0xfffb62d1 +jne short loc_fffb53e7 ; jne 0xfffb53e7 +jmp near loc_fffb5573 ; jmp 0xfffb5573 -loc_fffb6168: ; not directly referenced +loc_fffb540a: ; not directly referenced mov ebx, dword [ebp - 0x78] xor ecx, ecx mov al, byte [ebx + 0xc4] @@ -30506,18 +29157,18 @@ mov dword [ebp - 0x70], ebx xor ebx, ebx mov byte [ebp - 0x80], al -loc_fffb617b: ; not directly referenced +loc_fffb541d: ; not directly referenced mov edx, 1 shl edx, cl test byte [ebp - 0x80], dl -je short loc_fffb61bd ; je 0xfffb61bd -mov al, byte [edi + 0x2488] +je short loc_fffb545f ; je 0xfffb545f +mov al, byte [edi + 0x2489] xor edx, edx mov byte [ebp - 0x7c], al -loc_fffb6192: ; not directly referenced +loc_fffb5434: ; not directly referenced cmp byte [ebp - 0x7c], dl -jbe short loc_fffb61bd ; jbe 0xfffb61bd +jbe short loc_fffb545f ; jbe 0xfffb545f mov eax, dword [ebp - 0x70] mov ax, word [eax + edx*2 + 0x1b1] mov word [ebp - 0x6c], ax @@ -30528,30 +29179,30 @@ mov al, byte [ebp - 0x6c] cmova eax, ebx inc edx mov bl, al -jmp short loc_fffb6192 ; jmp 0xfffb6192 +jmp short loc_fffb5434 ; jmp 0xfffb5434 -loc_fffb61bd: ; not directly referenced +loc_fffb545f: ; not directly referenced inc ecx add dword [ebp - 0x70], 0x12 cmp ecx, 4 -jne short loc_fffb617b ; jne 0xfffb617b +jne short loc_fffb541d ; jne 0xfffb541d cmp dword [ebp - 0x84], 0 mov al, 1 -je short loc_fffb61df ; je 0xfffb61df -movzx ecx, word [edi + 0x2489] +je short loc_fffb5481 ; je 0xfffb5481 +movzx ecx, word [edi + 0x248a] lea eax, [ecx + 0x3f] cdq idiv ecx -loc_fffb61df: ; not directly referenced +loc_fffb5481: ; not directly referenced mov byte [ebp - 0x70], 0 lea eax, [ebx + eax*2 + 0xf] mov byte [ebp - 0x6c], al -loc_fffb61ea: ; not directly referenced +loc_fffb548c: ; not directly referenced mov al, byte [ebp - 0x70] -cmp al, byte [edi + 0x2488] -jae loc_fffb614d ; jae 0xfffb614d +cmp al, byte [edi + 0x2489] +jae loc_fffb53ef ; jae 0xfffb53ef movzx ecx, byte [ebp - 0x70] mov bl, 0x1f mov al, byte [esi + ecx*4 + 7] @@ -30579,7 +29230,7 @@ cmove ebx, eax shr dl, 1 and edx, 7 test byte [esi + 3], 0x40 -je short loc_fffb6271 ; je 0xfffb6271 +je short loc_fffb5513 ; je 0xfffb5513 lea eax, [ecx + 8] mov bl, byte [ebp - 0x6c] mov dl, byte [esi + eax*4 + 9] @@ -30591,9 +29242,9 @@ shl eax, 3 or eax, edx cmp bl, al cmovae eax, ebx -jmp short loc_fffb6283 ; jmp 0xfffb6283 +jmp short loc_fffb5525 ; jmp 0xfffb5525 -loc_fffb6271: ; not directly referenced +loc_fffb5513: ; not directly referenced lea eax, [edx + ebx + 0xe] mov bl, 0x1f cmp al, 0x1f @@ -30602,7 +29253,7 @@ cmovg eax, ebx cmp al, 0x11 cmovl eax, edx -loc_fffb6283: ; not directly referenced +loc_fffb5525: ; not directly referenced and eax, 0x1f mov dl, al lea ebx, [ecx + 8] @@ -30620,31 +29271,31 @@ or edx, eax mov eax, edi mov byte [esi + ebx*4 + 0xa], dl mov edx, dword [ebp - 0x74] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [esi + ebx*4 + 8] mov edx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x70] -jmp near loc_fffb61ea ; jmp 0xfffb61ea +jmp near loc_fffb548c ; jmp 0xfffb548c -loc_fffb62d1: ; not directly referenced -mov eax, dword [edi + 0x2443] +loc_fffb5573: ; not directly referenced +mov eax, dword [edi + 0x2444] cmp byte [edi + 0x2402], 0 -mov ebx, dword [edi + 0x5edc] +mov ebx, dword [edi + 0x5edd] mov dword [ebp - 0x74], eax -je loc_fffb6434 ; je 0xfffb6434 +je loc_fffb56d6 ; je 0xfffb56d6 mov edx, 0x4024 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x40d0 mov dword [ebp - 0x78], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4ca4 mov dword [ebp - 0x7c], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dl, byte [ebx + 0xc8] movzx ecx, byte [ebx + 0xc9] mov esi, edx @@ -30668,9 +29319,9 @@ movzx esi, dl mov dl, byte [ebx + 0xc3] mov dword [ebp - 0x6c], esi shr dl, 7 -cmp dword [edi + 0x2480], 1 +cmp dword [edi + 0x2481], 1 movzx esi, dl -jne short loc_fffb638c ; jne 0xfffb638c +jne short loc_fffb562e ; jne 0xfffb562e mov edx, dword [ebp - 0x70] xor ecx, ecx add edx, dword [ebp - 0x6c] @@ -30678,18 +29329,18 @@ sub edx, esi cmp edx, 5 sete cl -loc_fffb638c: ; not directly referenced +loc_fffb562e: ; not directly referenced mov bl, al mov edx, 1 and ebx, 3 cmp bl, 2 -jne short loc_fffb63a3 ; jne 0xfffb63a3 +jne short loc_fffb5645 ; jne 0xfffb5645 shr eax, 4 mov edx, eax and edx, 7 -loc_fffb63a3: ; not directly referenced -mov al, byte [edi + 0x381a] +loc_fffb5645: ; not directly referenced +mov al, byte [edi + 0x381b] add esi, esi add ecx, ecx mov byte [ebp - 0x70], al @@ -30705,13 +29356,13 @@ xor edx, edx mov dword [ebp - 0x6c], eax xor eax, eax -loc_fffb63d0: ; not directly referenced +loc_fffb5672: ; not directly referenced mov cl, al mov esi, 1 shl esi, cl mov ecx, esi test byte [ebp - 0x70], cl -je short loc_fffb6416 ; je 0xfffb6416 +je short loc_fffb56b8 ; je 0xfffb56b8 mov ebx, dword [ebp - 0x78] lea esi, [eax*8] mov ecx, esi @@ -30733,10 +29384,10 @@ mov cl, byte [ebp - 0x80] shl esi, cl or edx, esi -loc_fffb6416: ; not directly referenced +loc_fffb56b8: ; not directly referenced inc eax cmp eax, 4 -jne short loc_fffb63d0 ; jne 0xfffb63d0 +jne short loc_fffb5672 ; jne 0xfffb5672 push ebx push ebx push edx @@ -30747,25 +29398,25 @@ mov eax, dword [ebp - 0x74] call dword [eax + 0x30] ; ucall add esp, 0x10 -loc_fffb6434: ; not directly referenced +loc_fffb56d6: ; not directly referenced mov ecx, 0x14 mov edx, 0x5f08 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov esi, dword [ebp - 0x90] -mov dl, byte [edi + 0x369d] +mov dl, byte [edi + 0x369e] mov al, byte [esi + 0x16] shl edx, 7 and eax, 0x7f or eax, edx mov byte [esi + 0x16], al -mov dl, byte [edi + 0x369e] +mov dl, byte [edi + 0x369f] and eax, 0xffffffbf and edx, 1 shl edx, 6 or eax, edx mov byte [esi + 0x16], al -mov dl, byte [edi + 0x369f] +mov dl, byte [edi + 0x36a0] and eax, 0xffffffdf and edx, 1 shl edx, 5 @@ -30777,89 +29428,89 @@ mov eax, 0xf84 cmp dword [edi + 0x188b], 1 cmove edx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov ebx, dword [edi + 0x5edc] -cmp dword [edi + 0x3756], 2 -jne short loc_fffb6508 ; jne 0xfffb6508 -cmp dword [edi + 0x36d7], 0x74a -ja short loc_fffb64f4 ; ja 0xfffb64f4 - -loc_fffb64c0: ; not directly referenced -cmp dword [edi + 0x36d7], 0x854 -ja short loc_fffb64e0 ; ja 0xfffb64e0 - -loc_fffb64cc: ; not directly referenced +call fcn_fffb38b3 ; call 0xfffb38b3 +mov ebx, dword [edi + 0x5edd] +cmp dword [edi + 0x3757], 2 +jne short loc_fffb57aa ; jne 0xfffb57aa +cmp dword [edi + 0x36d8], 0x74a +ja short loc_fffb5796 ; ja 0xfffb5796 + +loc_fffb5762: ; not directly referenced +cmp dword [edi + 0x36d8], 0x854 +ja short loc_fffb5782 ; ja 0xfffb5782 + +loc_fffb576e: ; not directly referenced mov ecx, dword [ebx + 0xc8] mov edx, 0x4014 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb6508 ; jmp 0xfffb6508 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffb57aa ; jmp 0xfffb57aa -loc_fffb64e0: ; not directly referenced +loc_fffb5782: ; not directly referenced mov al, byte [ebx + 0xc9] and eax, 0xffffffcf or eax, 0x20 mov byte [ebx + 0xc9], al -jmp short loc_fffb64cc ; jmp 0xfffb64cc +jmp short loc_fffb576e ; jmp 0xfffb576e -loc_fffb64f4: ; not directly referenced +loc_fffb5796: ; not directly referenced mov al, byte [ebx + 0xc9] and eax, 0xfffffff3 or eax, 8 mov byte [ebx + 0xc9], al -jmp short loc_fffb64c0 ; jmp 0xfffb64c0 +jmp short loc_fffb5762 ; jmp 0xfffb5762 -loc_fffb6508: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffb655f ; jne 0xfffb655f -cmp dword [edi + 0x36d7], 0x74a -jbe short loc_fffb652f ; jbe 0xfffb652f +loc_fffb57aa: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffb5801 ; jne 0xfffb5801 +cmp dword [edi + 0x36d8], 0x74a +jbe short loc_fffb57d1 ; jbe 0xfffb57d1 mov al, byte [ebx + 0x195] and eax, 0xfffffff3 or eax, 8 mov byte [ebx + 0x195], al -loc_fffb652f: ; not directly referenced -cmp dword [edi + 0x36d7], 0x854 -jbe short loc_fffb654d ; jbe 0xfffb654d +loc_fffb57d1: ; not directly referenced +cmp dword [edi + 0x36d8], 0x854 +jbe short loc_fffb57ef ; jbe 0xfffb57ef mov al, byte [ebx + 0x195] and eax, 0xffffffcf or eax, 0x20 mov byte [ebx + 0x195], al -loc_fffb654d: ; not directly referenced +loc_fffb57ef: ; not directly referenced mov ecx, dword [ebx + 0x194] mov edx, 0x4414 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb655f: ; not directly referenced +loc_fffb5801: ; not directly referenced mov eax, edi -call fcn_fffae778 ; call 0xfffae778 +call fcn_fffb34af ; call 0xfffb34af mov edx, 0x501c mov eax, edi cmp byte [edi + 0x190a], 1 sbb ecx, ecx and ecx, 0x40000000 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, edi -call fcn_fffa870e ; call 0xfffa870e +call fcn_fffa86bc ; call 0xfffa86bc lea ecx, [edi + 0x18b5] mov edx, 0x41 mov eax, edi -call fcn_fffc3c0d ; call 0xfffc3c0d +call fcn_fffc3b02 ; call 0xfffc3b02 cmp byte [edi + 0x192b], 0 -jne loc_fffb6c2c ; jne 0xfffb6c2c -mov ebx, dword [edi + 0x2443] +jne loc_fffb5ece ; jne 0xfffb5ece +mov ebx, dword [edi + 0x2444] lea eax, [ebp - 0x40] push ecx push 0 push 8 push eax -mov dword [ebp - 0x50], ref_fffd4088 ; mov dword [ebp - 0x50], 0xfffd4088 -mov dword [ebp - 0x4c], ref_fffd4038 ; mov dword [ebp - 0x4c], 0xfffd4038 -mov dword [ebp - 0x48], ref_fffd3fd8 ; mov dword [ebp - 0x48], 0xfffd3fd8 -mov dword [ebp - 0x44], ref_fffd3fcc ; mov dword [ebp - 0x44], 0xfffd3fcc +mov dword [ebp - 0x50], ref_fffd3aec ; mov dword [ebp - 0x50], 0xfffd3aec +mov dword [ebp - 0x4c], ref_fffd3a9c ; mov dword [ebp - 0x4c], 0xfffd3a9c +mov dword [ebp - 0x48], ref_fffd3a3c ; mov dword [ebp - 0x48], 0xfffd3a3c +mov dword [ebp - 0x44], ref_fffd3a30 ; mov dword [ebp - 0x44], 0xfffd3a30 mov dword [ebp - 0xb8], 0 call dword [ebx + 0x5c] ; ucall add esp, 0xc @@ -30899,22 +29550,22 @@ lea eax, [ebp - 0x54] push eax call dword [ebx + 0x5c] ; ucall add esp, 0x10 -cmp dword [edi + 0x2480], 3 -jne short loc_fffb6650 ; jne 0xfffb6650 +cmp dword [edi + 0x2481], 3 +jne short loc_fffb58f2 ; jne 0xfffb58f2 mov word [ebp - 0x5c], 8 mov word [ebp - 0x5a], 1 -jmp short loc_fffb665c ; jmp 0xfffb665c +jmp short loc_fffb58fe ; jmp 0xfffb58fe -loc_fffb6650: ; not directly referenced +loc_fffb58f2: ; not directly referenced mov word [ebp - 0x5c], 0x228 mov word [ebp - 0x5a], 7 -loc_fffb665c: ; not directly referenced +loc_fffb58fe: ; not directly referenced mov eax, dword [edi + 0x18a7] mov dword [ebp - 0xb0], eax dec eax -je loc_fffb6c2c ; je 0xfffb6c2c -lea eax, [edi + 0x48c9] +je loc_fffb5ece ; je 0xfffb5ece +lea eax, [edi + 0x48ca] mov dword [ebp - 0x7c], eax lea eax, [ebp - 0x58] mov dword [ebp - 0x90], eax @@ -30932,42 +29583,42 @@ lea eax, [ebp - 0x54] mov dword [ebp - 0x80], eax mov byte [ebp - 0x74], 0xff -loc_fffb66b8: ; not directly referenced +loc_fffb595a: ; not directly referenced mov eax, dword [ebp - 0x7c] cmp dword [eax - 0x1173], 2 -jne loc_fffb69e0 ; jne 0xfffb69e0 +jne loc_fffb5c82 ; jne 0xfffb5c82 mov dword [ebp - 0x6c], eax mov dword [ebp - 0x78], 0 -loc_fffb66d2: ; not directly referenced +loc_fffb5974: ; not directly referenced mov eax, dword [ebp - 0x6c] cmp dword [eax], 2 -jne loc_fffb69cc ; jne 0xfffb69cc +jne loc_fffb5c6e ; jne 0xfffb5c6e mov eax, dword [ebp - 0xb0] -mov eax, dword [edi + eax*4 + 0x3735] +mov eax, dword [edi + eax*4 + 0x3736] cmp eax, 0x546 -je short loc_fffb6713 ; je 0xfffb6713 +je short loc_fffb59b5 ; je 0xfffb59b5 cmp eax, 0x5dc -je short loc_fffb671a ; je 0xfffb671a +je short loc_fffb59bc ; je 0xfffb59bc cmp eax, 0x4b0 setne cl movzx eax, cl movzx ebx, cl lea eax, [eax + eax*2 + 1] mov dword [ebp - 0x84], ebx -jmp short loc_fffb6729 ; jmp 0xfffb6729 +jmp short loc_fffb59cb ; jmp 0xfffb59cb -loc_fffb6713: ; not directly referenced +loc_fffb59b5: ; not directly referenced mov eax, 2 -jmp short loc_fffb671f ; jmp 0xfffb671f +jmp short loc_fffb59c1 ; jmp 0xfffb59c1 -loc_fffb671a: ; not directly referenced +loc_fffb59bc: ; not directly referenced mov eax, 3 -loc_fffb671f: ; not directly referenced +loc_fffb59c1: ; not directly referenced mov dword [ebp - 0x84], 0 -loc_fffb6729: ; not directly referenced +loc_fffb59cb: ; not directly referenced mov esi, dword [ebp - 0x6c] and eax, 0xfffffe0f movzx ebx, byte [esi + 0xcc] @@ -30993,49 +29644,49 @@ movzx ecx, byte [ebx - 0x10b3] and ecx, 3 shl ecx, 0xf or eax, ecx -mov ecx, dword [edi + 0x36d7] +mov ecx, dword [edi + 0x36d8] cmp ecx, 0x640 -je short loc_fffb67db ; je 0xfffb67db -ja short loc_fffb67b3 ; ja 0xfffb67b3 +je short loc_fffb5a7d ; je 0xfffb5a7d +ja short loc_fffb5a55 ; ja 0xfffb5a55 cmp ecx, 0x42b -je short loc_fffb67cf ; je 0xfffb67cf +je short loc_fffb5a71 ; je 0xfffb5a71 cmp ecx, 0x535 -jne short loc_fffb67f3 ; jne 0xfffb67f3 +jne short loc_fffb5a95 ; jne 0xfffb5a95 and eax, 0xffe1ffff or eax, 0xa0000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb67b3: ; not directly referenced +loc_fffb5a55: ; not directly referenced cmp ecx, 0x74b -je short loc_fffb67e7 ; je 0xfffb67e7 +je short loc_fffb5a89 ; je 0xfffb5a89 cmp ecx, 0x855 -jne short loc_fffb67f3 ; jne 0xfffb67f3 +jne short loc_fffb5a95 ; jne 0xfffb5a95 and eax, 0xffe1ffff or eax, 0x160000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb67cf: ; not directly referenced +loc_fffb5a71: ; not directly referenced and eax, 0xffe1ffff or eax, 0x60000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb67db: ; not directly referenced +loc_fffb5a7d: ; not directly referenced and eax, 0xffe1ffff or eax, 0xe0000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb67e7: ; not directly referenced +loc_fffb5a89: ; not directly referenced and eax, 0xffe1ffff or eax, 0x120000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb67f3: ; not directly referenced +loc_fffb5a95: ; not directly referenced mov dword [ebp - 0x84], 1 -loc_fffb67fd: ; not directly referenced +loc_fffb5a9f: ; not directly referenced mov esi, dword [ebp - 0x6c] and eax, 0xff1fffff -mov ebx, dword [edi + 0x2480] +mov ebx, dword [edi + 0x2481] mov dword [ebp - 0x70], 0 movzx ecx, byte [esi + 0xf3] mov dword [ebp - 0xb4], ebx @@ -31048,21 +29699,21 @@ cmp ebx, 3 cmove eax, ecx xor ebx, ebx -loc_fffb6837: ; not directly referenced +loc_fffb5ad9: ; not directly referenced mov edx, dword [ebp - 0x70] mov byte [ebp - 0xa9], dl test dl, dl -jne short loc_fffb6853 ; jne 0xfffb6853 +jne short loc_fffb5af5 ; jne 0xfffb5af5 cmp dword [ebp - 0x84], 0 -jne loc_fffb69bf ; jne 0xfffb69bf -jmp short loc_fffb6860 ; jmp 0xfffb6860 +jne loc_fffb5c61 ; jne 0xfffb5c61 +jmp short loc_fffb5b02 ; jmp 0xfffb5b02 -loc_fffb6853: ; not directly referenced +loc_fffb5af5: ; not directly referenced test ebx, ebx -jne loc_fffb69ba ; jne 0xfffb69ba +jne loc_fffb5c5c ; jne 0xfffb5c5c and eax, 0xff0001ff -loc_fffb6860: ; not directly referenced +loc_fffb5b02: ; not directly referenced mov ecx, dword [ebp - 0x70] xor esi, esi movzx ecx, word [ebp + ecx*2 - 0x5c] @@ -31070,22 +29721,22 @@ mov word [ebp - 0xac], cx dec ecx mov dword [ebp - 0xa8], ecx -loc_fffb6878: ; not directly referenced +loc_fffb5b1a: ; not directly referenced cmp word [ebp - 0xac], si -jbe loc_fffb69bf ; jbe 0xfffb69bf +jbe loc_fffb5c61 ; jbe 0xfffb5c61 cmp dword [ebp - 0xb4], 3 -jne loc_fffb6930 ; jne 0xfffb6930 +jne loc_fffb5bd2 ; jne 0xfffb5bd2 mov edx, dword [ebp - 0x70] imul ecx, esi, 0xc add ecx, dword [ebp + edx*4 - 0x48] cmp eax, dword [ecx] -jne short loc_fffb6910 ; jne 0xfffb6910 +jne short loc_fffb5bb2 ; jne 0xfffb5bb2 -loc_fffb68a0: ; not directly referenced +loc_fffb5b42: ; not directly referenced mov bl, byte [ecx + 5] mov esi, dword [ebp - 0x78] mov edx, dword [ebp - 0x88] -cmp byte [edi + 0x3755], 1 +cmp byte [edi + 0x3756], 1 mov byte [edx + esi], bl mov edx, dword [ebp - 0x98] mov bl, byte [ecx + 6] @@ -31111,24 +29762,24 @@ mov bl, byte [ebp - 0x74] cmp bl, dl cmovbe edx, ebx mov bl, dl -jmp near loc_fffb699c ; jmp 0xfffb699c +jmp near loc_fffb5c3e ; jmp 0xfffb5c3e -loc_fffb6910: ; not directly referenced +loc_fffb5bb2: ; not directly referenced cmp byte [ebp - 0xa9], 1 -jne loc_fffb69b4 ; jne 0xfffb69b4 +jne loc_fffb5c56 ; jne 0xfffb5c56 mov edx, dword [ebp - 0xa8] cmp esi, edx -jne loc_fffb69b4 ; jne 0xfffb69b4 -jmp near loc_fffb68a0 ; jmp 0xfffb68a0 +jne loc_fffb5c56 ; jne 0xfffb5c56 +jmp near loc_fffb5b42 ; jmp 0xfffb5b42 -loc_fffb6930: ; not directly referenced +loc_fffb5bd2: ; not directly referenced mov edx, dword [ebp - 0x70] imul ecx, esi, 0xb add ecx, dword [ebp + edx*4 - 0x50] cmp eax, dword [ecx] -jne short loc_fffb69a1 ; jne 0xfffb69a1 +jne short loc_fffb5c43 ; jne 0xfffb5c43 -loc_fffb693e: ; not directly referenced +loc_fffb5be0: ; not directly referenced mov bl, byte [ecx + 5] mov esi, dword [ebp - 0x78] mov edx, dword [ebp - 0x88] @@ -31156,36 +29807,36 @@ cmp cl, bl cmova ecx, ebx mov bl, cl -loc_fffb699c: ; not directly referenced +loc_fffb5c3e: ; not directly referenced mov byte [ebp - 0x74], bl -jmp short loc_fffb69ba ; jmp 0xfffb69ba +jmp short loc_fffb5c5c ; jmp 0xfffb5c5c -loc_fffb69a1: ; not directly referenced +loc_fffb5c43: ; not directly referenced cmp byte [ebp - 0xa9], 1 -jne short loc_fffb69b4 ; jne 0xfffb69b4 +jne short loc_fffb5c56 ; jne 0xfffb5c56 mov edx, dword [ebp - 0xa8] cmp esi, edx -je short loc_fffb693e ; je 0xfffb693e +je short loc_fffb5be0 ; je 0xfffb5be0 -loc_fffb69b4: ; not directly referenced +loc_fffb5c56: ; not directly referenced inc esi -jmp near loc_fffb6878 ; jmp 0xfffb6878 +jmp near loc_fffb5b1a ; jmp 0xfffb5b1a -loc_fffb69ba: ; not directly referenced +loc_fffb5c5c: ; not directly referenced mov ebx, 1 -loc_fffb69bf: ; not directly referenced +loc_fffb5c61: ; not directly referenced inc dword [ebp - 0x70] cmp dword [ebp - 0x70], 2 -jne loc_fffb6837 ; jne 0xfffb6837 +jne loc_fffb5ad9 ; jne 0xfffb5ad9 -loc_fffb69cc: ; not directly referenced +loc_fffb5c6e: ; not directly referenced inc dword [ebp - 0x78] add dword [ebp - 0x6c], 0x128 cmp dword [ebp - 0x78], 2 -jne loc_fffb66d2 ; jne 0xfffb66d2 +jne loc_fffb5974 ; jne 0xfffb5974 -loc_fffb69e0: ; not directly referenced +loc_fffb5c82: ; not directly referenced add dword [ebp - 0x80], 2 add dword [ebp - 0x7c], 0x13c3 add dword [ebp - 0x88], 4 @@ -31196,7 +29847,7 @@ add dword [ebp - 0xa4], 4 add dword [ebp - 0x90], 2 lea eax, [ebp - 0x50] cmp dword [ebp - 0x80], eax -jne loc_fffb66b8 ; jne 0xfffb66b8 +jne loc_fffb595a ; jne 0xfffb595a lea eax, [ebp - 0x58] mov esi, 0x42f8 mov dword [ebp - 0x8c], eax @@ -31213,22 +29864,22 @@ mov dword [ebp - 0x70], edi lea ebx, [ebp - 0x54] mov dword [ebp - 0x78], eax -loc_fffb6a59: ; not directly referenced +loc_fffb5cfb: ; not directly referenced mov eax, dword [ebp - 0x70] -cmp dword [eax + 0x3756], 2 -jne loc_fffb6bc1 ; jne 0xfffb6bc1 +cmp dword [eax + 0x3757], 2 +jne loc_fffb5e63 ; jne 0xfffb5e63 xor eax, eax -loc_fffb6a6b: ; not directly referenced +loc_fffb5d0d: ; not directly referenced imul edx, eax, 0x128 mov ecx, dword [ebp - 0x70] -cmp dword [ecx + edx + 0x48c9], 2 -jne loc_fffb6b29 ; jne 0xfffb6b29 +cmp dword [ecx + edx + 0x48ca], 2 +jne loc_fffb5dcb ; jne 0xfffb5dcb mov ecx, dword [ebp - 0x8c] mov cl, byte [ecx + eax] sub cl, byte [ebp - 0x74] mov byte [ebp - 0x6c], cl -je loc_fffb6b29 ; je 0xfffb6b29 +je loc_fffb5dcb ; je 0xfffb5dcb mov ecx, dword [ebp - 0x78] movzx edx, byte [ecx + eax] mov dword [ebp - 0x90], ecx @@ -31270,68 +29921,68 @@ sar edx, cl mov ecx, dword [ebp - 0x90] mov byte [ecx + eax], dl -loc_fffb6b29: ; not directly referenced +loc_fffb5dcb: ; not directly referenced inc eax cmp eax, 2 -jne loc_fffb6a6b ; jne 0xfffb6a6b +jne loc_fffb5d0d ; jne 0xfffb5d0d mov eax, dword [ebp - 0x70] -cmp dword [eax + 0x3816], 1 -ja short loc_fffb6b4b ; ja 0xfffb6b4b +cmp dword [eax + 0x3817], 1 +ja short loc_fffb5ded ; ja 0xfffb5ded mov al, byte [ebx] mov dl, byte [ebx + 1] cmp dl, al cmovae eax, edx -jmp short loc_fffb6b6a ; jmp 0xfffb6b6a +jmp short loc_fffb5e0c ; jmp 0xfffb5e0c -loc_fffb6b4b: ; not directly referenced +loc_fffb5ded: ; not directly referenced movzx edx, byte [ebx] movzx eax, byte [ebx + 1] cmp dl, al -je short loc_fffb6b71 ; je 0xfffb6b71 +je short loc_fffb5e13 ; je 0xfffb5e13 lea eax, [edx + eax + 1] sar eax, 1 cmp al, 0xf7 -ja short loc_fffb6b6e ; ja 0xfffb6b6e +ja short loc_fffb5e10 ; ja 0xfffb5e10 test al, 7 -je short loc_fffb6b6a ; je 0xfffb6b6a +je short loc_fffb5e0c ; je 0xfffb5e0c and eax, 0xfffffff8 add eax, 8 -loc_fffb6b6a: ; not directly referenced +loc_fffb5e0c: ; not directly referenced mov byte [ebx], al -jmp short loc_fffb6b71 ; jmp 0xfffb6b71 +jmp short loc_fffb5e13 ; jmp 0xfffb5e13 -loc_fffb6b6e: ; not directly referenced +loc_fffb5e10: ; not directly referenced mov byte [ebx], 0xf8 -loc_fffb6b71: ; not directly referenced +loc_fffb5e13: ; not directly referenced mov eax, dword [ebp - 0x78] mov edx, esi mov ecx, dword [eax] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x88] lea edx, [esi + 4] mov ecx, dword [eax] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x80] lea edx, [esi - 4] mov ecx, dword [eax] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x84] lea edx, [esi - 8] mov ecx, dword [eax] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x7c] lea edx, [esi - 0xc] mov ecx, dword [eax] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb6bc1: ; not directly referenced +loc_fffb5e63: ; not directly referenced add esi, 0x400 add ebx, 2 add dword [ebp - 0x70], 0x13c3 @@ -31342,7 +29993,7 @@ add dword [ebp - 0x84], 4 add dword [ebp - 0x7c], 4 add dword [ebp - 0x8c], 2 cmp esi, 0x4af8 -jne loc_fffb6a59 ; jne 0xfffb6a59 +jne loc_fffb5cfb ; jne 0xfffb5cfb mov eax, dword [ebp - 0xb8] mov edx, 0x5888 mov al, byte [ebp - 0x54] @@ -31351,28 +30002,28 @@ mov al, byte [ebp - 0x52] mov bh, al mov eax, edi mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 movzx ecx, byte [ebp - 0x74] mov edx, 0x5884 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb6c2c: ; not directly referenced +loc_fffb5ece: ; not directly referenced cmp dword [edi + 0x188b], 1 -jne loc_fffb6efc ; jne 0xfffb6efc +jne loc_fffb619e ; jne 0xfffb619e movzx eax, byte [edi + 0x2420] mov byte [ebp - 0x6c], al test al, al -je loc_fffb6eb3 ; je 0xfffb6eb3 -mov esi, dword [edi + 0x2443] +je loc_fffb6155 ; je 0xfffb6155 +mov esi, dword [edi + 0x2444] cmp al, 4 -ja loc_fffb6ded ; ja 0xfffb6ded +ja loc_fffb608f ; ja 0xfffb608f shl eax, 3 push edx push eax lea eax, [edi + 0x2421] push eax -lea eax, [edi + 0x36a9] +lea eax, [edi + 0x36aa] push eax call dword [esi + 0x58] ; ucall mov cl, byte [ebp - 0x6c] @@ -31383,146 +30034,146 @@ dec eax mov byte [ebp - 0x70], al xor eax, eax -loc_fffb6c82: ; not directly referenced -and dword [edi + eax*8 + 0x36a9], 0xffffffc0 -and dword [edi + eax*8 + 0x36ad], 0x7f +loc_fffb5f24: ; not directly referenced +and dword [edi + eax*8 + 0x36aa], 0xffffffc0 +and dword [edi + eax*8 + 0x36ae], 0x7f inc eax cmp byte [ebp - 0x6c], al -ja short loc_fffb6c82 ; ja 0xfffb6c82 +ja short loc_fffb5f24 ; ja 0xfffb5f24 mov al, byte [ebp - 0x6c] xor ecx, ecx mov byte [ebp - 0x74], 0 dec eax mov byte [ebp - 0x78], al -loc_fffb6ca5: ; not directly referenced +loc_fffb5f47: ; not directly referenced cmp cl, byte [ebp - 0x78] -jae short loc_fffb6d06 ; jae 0xfffb6d06 +jae short loc_fffb5fa8 ; jae 0xfffb5fa8 lea eax, [ecx + 1] mov byte [ebp - 0x7c], al -loc_fffb6cb0: ; not directly referenced +loc_fffb5f52: ; not directly referenced cmp al, byte [ebp - 0x6c] -jae short loc_fffb6d00 ; jae 0xfffb6d00 +jae short loc_fffb5fa2 ; jae 0xfffb5fa2 lea esi, [ecx + 0x24a] movzx ebx, al -mov edx, dword [edi + esi*8 + 0x2459] +mov edx, dword [edi + esi*8 + 0x245a] add ebx, 0x24a mov dword [ebp - 0x80], edx -mov edx, dword [edi + ebx*8 + 0x245d] -cmp dword [edi + esi*8 + 0x245d], edx -jne short loc_fffb6cfd ; jne 0xfffb6cfd +mov edx, dword [edi + ebx*8 + 0x245e] +cmp dword [edi + esi*8 + 0x245e], edx +jne short loc_fffb5f9f ; jne 0xfffb5f9f mov esi, dword [ebp - 0x80] -cmp esi, dword [edi + ebx*8 + 0x2459] -jne short loc_fffb6cfd ; jne 0xfffb6cfd +cmp esi, dword [edi + ebx*8 + 0x245a] +jne short loc_fffb5f9f ; jne 0xfffb5f9f mov eax, 1 shl eax, cl mov ecx, eax not ecx inc byte [ebp - 0x74] and byte [ebp - 0x70], cl -jmp short loc_fffb6d00 ; jmp 0xfffb6d00 +jmp short loc_fffb5fa2 ; jmp 0xfffb5fa2 -loc_fffb6cfd: ; not directly referenced +loc_fffb5f9f: ; not directly referenced inc eax -jmp short loc_fffb6cb0 ; jmp 0xfffb6cb0 +jmp short loc_fffb5f52 ; jmp 0xfffb5f52 -loc_fffb6d00: ; not directly referenced +loc_fffb5fa2: ; not directly referenced movzx ecx, byte [ebp - 0x7c] -jmp short loc_fffb6ca5 ; jmp 0xfffb6ca5 +jmp short loc_fffb5f47 ; jmp 0xfffb5f47 -loc_fffb6d06: ; not directly referenced +loc_fffb5fa8: ; not directly referenced xor ebx, ebx -loc_fffb6d08: ; not directly referenced +loc_fffb5faa: ; not directly referenced movzx eax, byte [ebp - 0x70] bt eax, ebx -jae short loc_fffb6d6a ; jae 0xfffb6d6a +jae short loc_fffb600c ; jae 0xfffb600c push esi -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] push 0x14 -push dword [edi + ebx*8 + 0x36ad] -push dword [edi + ebx*8 + 0x36a9] +push dword [edi + ebx*8 + 0x36ae] +push dword [edi + ebx*8 + 0x36aa] call dword [eax + 0x6c] ; ucall -mov ecx, dword [edi + 0x370d] +mov ecx, dword [edi + 0x370e] add esp, 0x10 mov dword [ebp - 0x7c], ecx mov esi, edx -mov edx, dword [edi + 0x36f0] +mov edx, dword [edi + 0x36f1] cmp esi, 0 -ja short loc_fffb6d48 ; ja 0xfffb6d48 +ja short loc_fffb5fea ; ja 0xfffb5fea cmp eax, edx -jb short loc_fffb6d6a ; jb 0xfffb6d6a +jb short loc_fffb600c ; jb 0xfffb600c -loc_fffb6d48: ; not directly referenced +loc_fffb5fea: ; not directly referenced cmp esi, 0 -ja short loc_fffb6d58 ; ja 0xfffb6d58 +ja short loc_fffb5ffa ; ja 0xfffb5ffa cmp eax, 0xfff -jbe loc_fffb6ebc ; jbe 0xfffb6ebc +jbe loc_fffb615e ; jbe 0xfffb615e -loc_fffb6d58: ; not directly referenced +loc_fffb5ffa: ; not directly referenced cmp esi, 0 -ja loc_fffb6ebc ; ja 0xfffb6ebc +ja loc_fffb615e ; ja 0xfffb615e cmp eax, dword [ebp - 0x7c] -jae loc_fffb6ebc ; jae 0xfffb6ebc +jae loc_fffb615e ; jae 0xfffb615e -loc_fffb6d6a: ; not directly referenced +loc_fffb600c: ; not directly referenced inc ebx cmp byte [ebp - 0x6c], bl -ja short loc_fffb6d08 ; ja 0xfffb6d08 +ja short loc_fffb5faa ; ja 0xfffb5faa mov esi, dword [ebp - 0x74] mov al, byte [ebp - 0x6c] mov ebx, esi sub eax, ebx -mov byte [edi + 0x36a8], al +mov byte [edi + 0x36a9], al test bl, bl -je loc_fffb6efc ; je 0xfffb6efc +je loc_fffb619e ; je 0xfffb619e test al, al -je loc_fffb6efc ; je 0xfffb6efc +je loc_fffb619e ; je 0xfffb619e xor eax, eax -loc_fffb6d92: ; not directly referenced +loc_fffb6034: ; not directly referenced mov dl, al cmp al, byte [ebp - 0x78] -jae loc_fffb6efc ; jae 0xfffb6efc +jae loc_fffb619e ; jae 0xfffb619e movzx esi, byte [ebp - 0x70] bt esi, eax -jb short loc_fffb6dea ; jb 0xfffb6dea +jb short loc_fffb608c ; jb 0xfffb608c -loc_fffb6da6: ; not directly referenced +loc_fffb6048: ; not directly referenced inc edx cmp dl, byte [ebp - 0x6c] -jae short loc_fffb6dea ; jae 0xfffb6dea +jae short loc_fffb608c ; jae 0xfffb608c bt esi, edx movzx ecx, dl -jae short loc_fffb6da6 ; jae 0xfffb6da6 -mov esi, dword [edi + ecx*8 + 0x36ad] +jae short loc_fffb6048 ; jae 0xfffb6048 +mov esi, dword [edi + ecx*8 + 0x36ae] mov edx, 1 -mov ebx, dword [edi + ecx*8 + 0x36a9] +mov ebx, dword [edi + ecx*8 + 0x36aa] shl edx, cl mov cl, al not edx -mov dword [edi + eax*8 + 0x36ad], esi +mov dword [edi + eax*8 + 0x36ae], esi mov esi, 1 shl esi, cl mov ecx, esi or byte [ebp - 0x70], cl and byte [ebp - 0x70], dl -mov dword [edi + eax*8 + 0x36a9], ebx +mov dword [edi + eax*8 + 0x36aa], ebx -loc_fffb6dea: ; not directly referenced +loc_fffb608c: ; not directly referenced inc eax -jmp short loc_fffb6d92 ; jmp 0xfffb6d92 +jmp short loc_fffb6034 ; jmp 0xfffb6034 -loc_fffb6ded: ; not directly referenced +loc_fffb608f: ; not directly referenced mov al, byte [ebp - 0x6c] mov bl, 4 sub eax, 4 cmp al, 4 cmovbe ebx, eax -mov eax, dword [edi + 0x370d] +mov eax, dword [edi + 0x370e] xor edx, edx -mov byte [edi + 0x36a8], bl +mov byte [edi + 0x36a9], bl push ecx push 0x14 push edx @@ -31543,7 +30194,7 @@ add esp, 0x10 mov dword [ebp - 0x6c], 0 mov dword [ebp - 0x78], eax -loc_fffb6e38: ; not directly referenced +loc_fffb60da: ; not directly referenced mov ebx, dword [esi + 0x68] call dword [esi + 0x7c] ; ucall and eax, dword [ebp - 0x78] @@ -31562,57 +30213,57 @@ and eax, dword [ebp - 0x74] mov dword [ebp - 0x9c], edx or eax, ebx mov dword [ebp - 0xa0], eax -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] push 0x14 push dword [ebp - 0x9c] push dword [ebp - 0xa0] call dword [eax + 0x6c] ; ucall -mov ebx, dword [edi + 0x370d] -mov ecx, dword [edi + 0x36f0] +mov ebx, dword [edi + 0x370e] +mov ecx, dword [edi + 0x36f1] add esp, 0x10 mov dword [ebp - 0x7c], ebx cmp edx, 0 -ja short loc_fffb6e9b ; ja 0xfffb6e9b +ja short loc_fffb613d ; ja 0xfffb613d cmp eax, ecx -jb short loc_fffb6ed0 ; jb 0xfffb6ed0 +jb short loc_fffb6172 ; jb 0xfffb6172 -loc_fffb6e9b: ; not directly referenced +loc_fffb613d: ; not directly referenced cmp edx, 0 -ja short loc_fffb6ea7 ; ja 0xfffb6ea7 +ja short loc_fffb6149 ; ja 0xfffb6149 cmp eax, 0xfff -jbe short loc_fffb6e38 ; jbe 0xfffb6e38 +jbe short loc_fffb60da ; jbe 0xfffb60da -loc_fffb6ea7: ; not directly referenced +loc_fffb6149: ; not directly referenced cmp edx, 0 -ja short loc_fffb6e38 ; ja 0xfffb6e38 +ja short loc_fffb60da ; ja 0xfffb60da cmp eax, dword [ebp - 0x7c] -jb short loc_fffb6ed0 ; jb 0xfffb6ed0 -jmp short loc_fffb6e38 ; jmp 0xfffb6e38 +jb short loc_fffb6172 ; jb 0xfffb6172 +jmp short loc_fffb60da ; jmp 0xfffb60da -loc_fffb6eb3: ; not directly referenced -mov byte [edi + 0x36a8], 0 -jmp short loc_fffb6efc ; jmp 0xfffb6efc +loc_fffb6155: ; not directly referenced +mov byte [edi + 0x36a9], 0 +jmp short loc_fffb619e ; jmp 0xfffb619e -loc_fffb6ebc: ; not directly referenced +loc_fffb615e: ; not directly referenced mov eax, 0xfffffffe mov cl, bl rol eax, cl inc byte [ebp - 0x74] and byte [ebp - 0x70], al -jmp near loc_fffb6d6a ; jmp 0xfffb6d6a +jmp near loc_fffb600c ; jmp 0xfffb600c -loc_fffb6ed0: ; not directly referenced +loc_fffb6172: ; not directly referenced mov ebx, dword [ebp - 0x6c] mov eax, dword [ebp - 0xa0] mov edx, dword [ebp - 0x9c] inc dword [ebp - 0x6c] -mov dword [edi + ebx*8 + 0x36a9], eax +mov dword [edi + ebx*8 + 0x36aa], eax mov al, byte [ebp - 0x6c] -mov dword [edi + ebx*8 + 0x36ad], edx +mov dword [edi + ebx*8 + 0x36ae], edx cmp byte [ebp - 0x70], al -ja loc_fffb6e38 ; ja 0xfffb6e38 +ja loc_fffb60da ; ja 0xfffb60da -loc_fffb6efc: ; not directly referenced +loc_fffb619e: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -31621,7 +30272,7 @@ pop edi pop ebp ret -fcn_fffb6f06: ; not directly referenced +fcn_fffb61a8: ; not directly referenced push ebp mov eax, 0x80000002 mov ebp, esp @@ -31634,9 +30285,9 @@ mov ecx, dword [ebp + 0x10] mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0x18] test ebx, ebx -je loc_fffb6fca ; je 0xfffb6fca +je loc_fffb626d ; je 0xfffb626d cmp ecx, 0xb -ja loc_fffb6fca ; ja 0xfffb6fca +ja loc_fffb626d ; ja 0xfffb626d push eax mov edx, ecx push dword [ebp + 0x1c] @@ -31644,69 +30295,66 @@ xor eax, eax mov dword [ebp - 0x1c], ecx push edi push esi -call fcn_fffac5c7 ; call 0xfffac5c7 +call fcn_fffb05d3 ; call 0xfffb05d3 add esp, 0x10 mov ecx, dword [ebp - 0x1c] test eax, eax -js short loc_fffb6fca ; js 0xfffb6fca -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] +js short loc_fffb626d ; js 0xfffb626d +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] mov dword [ebp - 0x24], 0 mov byte [ebp - 0x1e], al mov eax, ecx and eax, 3 mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] dec eax test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] sete byte [ebp - 0x1d] mov dword [ebp - 0x28], eax -loc_fffb6f7d: ; not directly referenced +loc_fffb621f: ; not directly referenced cmp dword [ebp + 0x1c], 0 -je short loc_fffb6fc8 ; je 0xfffb6fc8 +je short loc_fffb626b ; je 0xfffb626b cmp dword [ebp - 0x1c], 0 -jne short loc_fffb6f90 ; jne 0xfffb6f90 -mov al, byte [ebx] +jne short loc_fffb6232 ; jne 0xfffb6232 mov edx, esi -out dx, al -jmp short loc_fffb6fb7 ; jmp 0xfffb6fb7 +in al, dx +mov byte [ebx], al +jmp short loc_fffb625a ; jmp 0xfffb625a -loc_fffb6f90: ; not directly referenced +loc_fffb6232: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_fffb6fa4 ; jne 0xfffb6fa4 -movzx eax, word [ebx] -push edx -push edx -push eax +jne short loc_fffb6246 ; jne 0xfffb6246 +sub esp, 0xc push esi -call fcn_fffb3f28 ; call 0xfffb3f28 -jmp short loc_fffb6fb4 ; jmp 0xfffb6fb4 +call fcn_fffb00a0 ; call 0xfffb00a0 +mov word [ebx], ax +jmp short loc_fffb6257 ; jmp 0xfffb6257 -loc_fffb6fa4: ; not directly referenced +loc_fffb6246: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_fffb6fb7 ; jne 0xfffb6fb7 -push eax -push eax -push dword [ebx] +jne short loc_fffb625a ; jne 0xfffb625a +sub esp, 0xc push esi -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb00dc ; call 0xfffb00dc +mov dword [ebx], eax -loc_fffb6fb4: ; not directly referenced +loc_fffb6257: ; not directly referenced add esp, 0x10 -loc_fffb6fb7: ; not directly referenced +loc_fffb625a: ; not directly referenced movzx eax, byte [ebp - 0x1e] add esi, dword [ebp - 0x28] adc edi, dword [ebp - 0x24] dec dword [ebp + 0x1c] add ebx, eax -jmp short loc_fffb6f7d ; jmp 0xfffb6f7d +jmp short loc_fffb621f ; jmp 0xfffb621f -loc_fffb6fc8: ; not directly referenced +loc_fffb626b: ; not directly referenced xor eax, eax -loc_fffb6fca: ; not directly referenced +loc_fffb626d: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -31714,7 +30362,7 @@ pop edi pop ebp ret -fcn_fffb6fd2: ; not directly referenced +fcn_fffb6275: ; not directly referenced push ebp mov eax, 0x80000002 mov ebp, esp @@ -31727,9 +30375,9 @@ mov ecx, dword [ebp + 0x10] mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0x18] test ebx, ebx -je loc_fffb7097 ; je 0xfffb7097 +je loc_fffb6339 ; je 0xfffb6339 cmp ecx, 0xb -ja loc_fffb7097 ; ja 0xfffb7097 +ja loc_fffb6339 ; ja 0xfffb6339 push eax mov edx, ecx push dword [ebp + 0x1c] @@ -31737,66 +30385,69 @@ xor eax, eax mov dword [ebp - 0x1c], ecx push edi push esi -call fcn_fffac5c7 ; call 0xfffac5c7 +call fcn_fffb05d3 ; call 0xfffb05d3 add esp, 0x10 mov ecx, dword [ebp - 0x1c] test eax, eax -js short loc_fffb7097 ; js 0xfffb7097 -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] +js short loc_fffb6339 ; js 0xfffb6339 +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] mov dword [ebp - 0x24], 0 mov byte [ebp - 0x1e], al mov eax, ecx and eax, 3 mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] dec eax test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] sete byte [ebp - 0x1d] mov dword [ebp - 0x28], eax -loc_fffb7049: ; not directly referenced +loc_fffb62ec: ; not directly referenced cmp dword [ebp + 0x1c], 0 -je short loc_fffb7095 ; je 0xfffb7095 +je short loc_fffb6337 ; je 0xfffb6337 cmp dword [ebp - 0x1c], 0 -jne short loc_fffb705c ; jne 0xfffb705c +jne short loc_fffb62ff ; jne 0xfffb62ff +mov al, byte [ebx] mov edx, esi -in al, dx -mov byte [ebx], al -jmp short loc_fffb7084 ; jmp 0xfffb7084 +out dx, al +jmp short loc_fffb6326 ; jmp 0xfffb6326 -loc_fffb705c: ; not directly referenced +loc_fffb62ff: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_fffb7070 ; jne 0xfffb7070 -sub esp, 0xc +jne short loc_fffb6313 ; jne 0xfffb6313 +movzx eax, word [ebx] +push edx +push edx +push eax push esi -call fcn_fffb3f0f ; call 0xfffb3f0f -mov word [ebx], ax -jmp short loc_fffb7081 ; jmp 0xfffb7081 +call fcn_fffb00b9 ; call 0xfffb00b9 +jmp short loc_fffb6323 ; jmp 0xfffb6323 -loc_fffb7070: ; not directly referenced +loc_fffb6313: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_fffb7084 ; jne 0xfffb7084 -sub esp, 0xc +jne short loc_fffb6326 ; jne 0xfffb6326 +push eax +push eax +push dword [ebx] push esi -call fcn_fffaafc2 ; call 0xfffaafc2 -mov dword [ebx], eax +call fcn_fffb0086 ; call 0xfffb0086 -loc_fffb7081: ; not directly referenced +loc_fffb6323: ; not directly referenced add esp, 0x10 -loc_fffb7084: ; not directly referenced +loc_fffb6326: ; not directly referenced movzx eax, byte [ebp - 0x1e] add esi, dword [ebp - 0x28] adc edi, dword [ebp - 0x24] dec dword [ebp + 0x1c] add ebx, eax -jmp short loc_fffb7049 ; jmp 0xfffb7049 +jmp short loc_fffb62ec ; jmp 0xfffb62ec -loc_fffb7095: ; not directly referenced +loc_fffb6337: ; not directly referenced xor eax, eax -loc_fffb7097: ; not directly referenced +loc_fffb6339: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -31804,7 +30455,7 @@ pop edi pop ebp ret -fcn_fffb709f: ; not directly referenced +fcn_fffb6341: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -31813,39 +30464,39 @@ mov eax, dword [ebp + 0xc] add eax, 3 and eax, 0xfffffffc test edx, edx -jne short loc_fffb70c4 ; jne 0xfffb70c4 +jne short loc_fffb6366 ; jne 0xfffb6366 mov dword [0xff7d77ac], 0xff7d027c -jmp short loc_fffb70ea ; jmp 0xfffb70ea +jmp short loc_fffb638c ; jmp 0xfffb638c -loc_fffb70c4: ; not directly referenced +loc_fffb6366: ; not directly referenced mov ecx, dword [0xff7d77ac] cmp dword [ecx + edx], 0x900ddea1 -je short loc_fffb70ea ; je 0xfffb70ea +je short loc_fffb638c ; je 0xfffb638c push eax push 0x3d -push ref_fffd3fbc ; push 0xfffd3fbc -push ref_fffd5fdd ; push 0xfffd5fdd -call mrc_printk ; call 0xfffb76e3 +push ref_fffd3a20 ; push 0xfffd3a20 +push ref_fffd62d9 ; push 0xfffd62d9 +call mrc_printk ; call 0xfffb8212 add esp, 0x10 -loc_fffb70e8: ; not directly referenced -jmp short loc_fffb70e8 ; jmp 0xfffb70e8 +loc_fffb638a: ; not directly referenced +jmp short loc_fffb638a ; jmp 0xfffb638a -loc_fffb70ea: ; not directly referenced +loc_fffb638c: ; not directly referenced lea ecx, [eax + edx] cmp ecx, 0x752c -jbe short loc_fffb710c ; jbe 0xfffb710c +jbe short loc_fffb63ae ; jbe 0xfffb63ae push eax push 0x4b -push ref_fffd3fbc ; push 0xfffd3fbc -push ref_fffd5ffd ; push 0xfffd5ffd -call mrc_printk ; call 0xfffb76e3 +push ref_fffd3a20 ; push 0xfffd3a20 +push ref_fffd62f9 ; push 0xfffd62f9 +call mrc_printk ; call 0xfffb8212 add esp, 0x10 -loc_fffb710a: ; not directly referenced -jmp short loc_fffb710a ; jmp 0xfffb710a +loc_fffb63ac: ; not directly referenced +jmp short loc_fffb63ac ; jmp 0xfffb63ac -loc_fffb710c: ; not directly referenced +loc_fffb63ae: ; not directly referenced mov eax, dword [0xff7d77ac] mov dword [0xff7d77b0], ecx mov dword [eax + ecx], 0x900ddea1 @@ -31856,7 +30507,7 @@ mov dword [ecx], edx leave ret -fcn_fffb7129: ; not directly referenced +fcn_fffb63cb: ; not directly referenced push ebp mov ebp, esp push edi @@ -31865,25 +30516,25 @@ push ebx sub esp, 0x2c mov dword [ebp - 0x30], edx mov dword [ebp - 0x1c], 0 -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff mov dword [ebp - 0x2c], eax lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_fffd664c ; push 0xfffd664c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6948 ; push 0xfffd6948 +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [0xff7d0084] mov esi, dword [eax + 0x14] lea edi, [esi + 0xf80ac] mov dword [esp], edi -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 pop edx pop ecx and eax, 0xffebffff push eax push edi -call fcn_fffb3d84 ; call 0xfffb3d84 +call fcn_fffb3ffa ; call 0xfffb3ffa mov edx, 0xcf9 in al, dx mov ecx, dword [ebp - 0x30] @@ -31891,96 +30542,96 @@ mov bl, al add esp, 0x10 and ebx, 0xfffffff1 cmp cl, 6 -jne short loc_fffb71d7 ; jne 0xfffb71d7 +jne short loc_fffb6479 ; jne 0xfffb6479 sub esp, 0xc add esi, 0xf8048 push esi -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 mov esi, eax and esi, 0xfffffffe cmp dword [ebp - 0x2c], 1 -jne short loc_fffb71f2 ; jne 0xfffb71f2 +jne short loc_fffb6494 ; jne 0xfffb6494 push eax push eax push 0x40000000 push esi -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 pop eax pop edx lea eax, [esi + 4] push 0xbfffffff push eax -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 pop ecx pop eax lea eax, [esi + 0xc] push 0xbfffffff push eax -jmp short loc_fffb7223 ; jmp 0xfffb7223 +jmp short loc_fffb64c5 ; jmp 0xfffb64c5 -loc_fffb71d7: ; not directly referenced +loc_fffb6479: ; not directly referenced cmp cl, 1 -je short loc_fffb71ed ; je 0xfffb71ed +je short loc_fffb648f ; je 0xfffb648f cmp cl, 2 -jne short loc_fffb7257 ; jne 0xfffb7257 +jne short loc_fffb64f9 ; jne 0xfffb64f9 mov eax, dword [ebp - 0x1c] sub esp, 0xc push 2 call dword [eax] ; ucall -jmp short loc_fffb7251 ; jmp 0xfffb7251 +jmp short loc_fffb64f3 ; jmp 0xfffb64f3 -loc_fffb71ed: ; not directly referenced +loc_fffb648f: ; not directly referenced or ebx, 6 -jmp short loc_fffb7257 ; jmp 0xfffb7257 +jmp short loc_fffb64f9 ; jmp 0xfffb64f9 -loc_fffb71f2: ; not directly referenced +loc_fffb6494: ; not directly referenced cmp dword [ebp - 0x2c], 2 -jne short loc_fffb722b ; jne 0xfffb722b +jne short loc_fffb64cd ; jne 0xfffb64cd push eax push eax push 1 lea edx, [esi + 0x1f0] push edx mov dword [ebp - 0x2c], edx -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 pop eax pop edx mov edx, dword [ebp - 0x2c] push 0xfffffffffffffffb push edx -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 mov edx, dword [ebp - 0x2c] pop ecx pop eax push 0x7fffffff push edx -loc_fffb7223: ; not directly referenced -call fcn_fffab64e ; call 0xfffab64e +loc_fffb64c5: ; not directly referenced +call fcn_fffb4aa1 ; call 0xfffb4aa1 add esp, 0x10 -loc_fffb722b: ; not directly referenced +loc_fffb64cd: ; not directly referenced push eax add esi, 0x60 push eax push 0x40000000 push esi -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 mov dword [esp], edi -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 pop edx pop ecx or eax, 0x100000 push eax push edi -call fcn_fffb3d84 ; call 0xfffb3d84 +call fcn_fffb3ffa ; call 0xfffb3ffa -loc_fffb7251: ; not directly referenced +loc_fffb64f3: ; not directly referenced or ebx, 0xe add esp, 0x10 -loc_fffb7257: ; not directly referenced +loc_fffb64f9: ; not directly referenced mov eax, dword [ebp - 0x1c] call dword [eax + 0xc] ; ucall mov edx, 0xcf9 @@ -31994,7 +30645,7 @@ pop edi pop ebp ret -fcn_fffb726f: ; not directly referenced +fcn_fffb6511: ; not directly referenced push ebp mov ebp, esp push edi @@ -32012,7 +30663,7 @@ mov dword [ebp - 0x20], ecx call dword [eax + 0x6c] ; ucall add esp, 0x10 test al, 1 -je short loc_fffb72d1 ; je 0xfffb72d1 +je short loc_fffb6573 ; je 0xfffb6573 mov eax, dword [ebp - 0x1c] mov edx, esi and edx, 0xffffffc0 @@ -32024,9 +30675,9 @@ mov dword [ebp - 0x1c], eax mov eax, edi and eax, 0x7f cmp dword [ebp - 0x1c], eax -jne short loc_fffb72d1 ; jne 0xfffb72d1 +jne short loc_fffb6573 ; jne 0xfffb6573 cmp ecx, edx -jne short loc_fffb72d1 ; jne 0xfffb72d1 +jne short loc_fffb6573 ; jne 0xfffb6573 push eax push 0x3e push edi @@ -32037,1505 +30688,12 @@ and eax, 1 cmp dword [ebp + 8], eax sete al movzx eax, al -jmp short loc_fffb72d3 ; jmp 0xfffb72d3 - -loc_fffb72d1: ; not directly referenced -xor eax, eax - -loc_fffb72d3: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb72db: -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -push ebx -mov ebx, edx -sub esp, 0x1c - -loc_fffb72e8: -test ebx, ebx -jle short loc_fffb7315 ; jle 0xfffb7315 -cmp ebx, 0x10 -mov esi, 0x10 -cmovle esi, ebx -push eax -push esi -push edi -push dword [ecx] -mov dword [ebp - 0x1c], ecx -call fcn_fffa5c2e ; call 0xfffa5c2e -mov ecx, dword [ebp - 0x1c] -add esp, 0x10 -mov dword [ecx], eax -test eax, eax -jne short loc_fffb7319 ; jne 0xfffb7319 -or eax, 0xffffffff -jmp short loc_fffb731d ; jmp 0xfffb731d - -loc_fffb7315: -xor eax, eax -jmp short loc_fffb731d ; jmp 0xfffb731d - -loc_fffb7319: -sub ebx, esi -jmp short loc_fffb72e8 ; jmp 0xfffb72e8 - -loc_fffb731d: -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb7325: -push ebp -mov ebp, esp -push edi -mov edi, ecx -push esi -mov esi, edx -push ebx -mov ebx, eax -sub esp, 0xc -test edx, edx -jne short loc_fffb734a ; jne 0xfffb734a - -loc_fffb7338: -test edi, edi -setne dl -cmp dword [ebp + 8], 0 -setne al -test dl, al -je short loc_fffb7377 ; je 0xfffb7377 -jmp short loc_fffb735f ; jmp 0xfffb735f - -loc_fffb734a: -mov ecx, eax -mov eax, ref_fffd5854 ; mov eax, 0xfffd5854 -call fcn_fffb72db ; call 0xfffb72db -test eax, eax -jns short loc_fffb7338 ; jns 0xfffb7338 - -loc_fffb735a: -or eax, 0xffffffff -jmp short loc_fffb73d5 ; jmp 0xfffb73d5 - -loc_fffb735f: -push edx -push dword [ebp + 8] -push edi -push dword [ebx] -call fcn_fffa5c2e ; call 0xfffa5c2e -add esp, 0x10 -mov dword [ebx], eax -test eax, eax -je short loc_fffb735a ; je 0xfffb735a -add esi, dword [ebp + 8] - -loc_fffb7377: -cmp dword [ebp + 0xc], 0 -jne short loc_fffb7388 ; jne 0xfffb7388 - -loc_fffb737d: -add esi, dword [ebp + 0xc] -cmp dword [ebp + 0x14], 0 -je short loc_fffb73b4 ; je 0xfffb73b4 -jmp short loc_fffb739d ; jmp 0xfffb739d - -loc_fffb7388: -mov edx, dword [ebp + 0xc] -mov ecx, ebx -mov eax, ref_fffd5840 ; mov eax, 0xfffd5840 -call fcn_fffb72db ; call 0xfffb72db -test eax, eax -jns short loc_fffb737d ; jns 0xfffb737d -jmp short loc_fffb735a ; jmp 0xfffb735a - -loc_fffb739d: -push eax -push dword [ebp + 0x14] -push dword [ebp + 0x10] -push dword [ebx] -call fcn_fffa5c2e ; call 0xfffa5c2e -add esp, 0x10 -mov dword [ebx], eax -test eax, eax -je short loc_fffb735a ; je 0xfffb735a - -loc_fffb73b4: -add esi, dword [ebp + 0x14] -cmp dword [ebp + 0x18], 0 -je short loc_fffb73d0 ; je 0xfffb73d0 -mov edx, dword [ebp + 0x18] -mov ecx, ebx -mov eax, ref_fffd5854 ; mov eax, 0xfffd5854 -call fcn_fffb72db ; call 0xfffb72db -test eax, eax -js short loc_fffb735a ; js 0xfffb735a - -loc_fffb73d0: -mov eax, dword [ebp + 0x18] -add eax, esi - -loc_fffb73d5: -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb73dd: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0xc] -mov edx, dword [ebp + 8] -push edi -push esi -push ebx -mov esi, eax -mov word [edx + 0x2467], ax -mov edx, 0x80 -out dx, ax -mov edi, 0x48 -mov ebx, 0x74 - -loc_fffb7403: ; not directly referenced -mov eax, edi -mov edx, ebx -out dx, al -mov edx, 0x75 -in al, dx -movzx ecx, al -mov edx, ebx -mov al, 0x49 -out dx, al -mov edx, 0x75 -in al, dx -shl eax, 8 -or eax, ecx -cmp si, ax -je short loc_fffb7403 ; je 0xfffb7403 -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb742b: -mov ecx, 0xce -rdmsr -movzx ecx, ah -xor edx, edx -imul ecx, ecx, 0x186a0 -xor eax, eax -test ecx, ecx -je short loc_fffb7457 ; je 0xfffb7457 -push ebp -mov ebp, esp -sub esp, 0xc -rdtsc -push ecx -push edx -push eax -call fcn_fffd289e ; call 0xfffd289e -add esp, 0x10 -leave - -loc_fffb7457: -ret - -fcn_fffb7458: -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2c -mov ebx, dword [ebp + 8] -mov esi, dword [ebx + 0x2443] -mov edi, dword [ebx + 0x18c1] -push 0xe4 -push 0 -push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add edi, eax -mov dword [esp], edi -add edi, 4 -call dword [esi + 0x20] ; ucall -mov dword [esp], edi -mov dword [ebp - 0x2c], eax -call dword [esi + 0x20] ; ucall -add esp, 0x10 -mov edx, dword [ebp - 0x2c] -cmp eax, dword [ebx + 0x14] -jne short loc_fffb74a2 ; jne 0xfffb74a2 -cmp edx, dword [ebx + 0x10] -je short loc_fffb74ac ; je 0xfffb74ac - -loc_fffb74a2: -mov eax, 0x18 -jmp near loc_fffb7571 ; jmp 0xfffb7571 - -loc_fffb74ac: -lea eax, [ebx + 0x1165] -xor esi, esi -mov dword [ebp - 0x30], eax - -loc_fffb74b7: -lea eax, [ebx + esi + 0x196b] -xor edi, edi -mov dword [ebp - 0x34], eax -mov eax, dword [ebp - 0x30] -mov dword [ebp - 0x2c], eax -lea eax, [esi + 0x1afb] -mov dword [ebp - 0x38], eax - -loc_fffb74d2: -mov eax, dword [ebp - 0x34] -cmp dword [eax + edi + 8], 1 -jne short loc_fffb74e4 ; jne 0xfffb74e4 -mov word [ebp - 0x1a], 0 -jmp short loc_fffb752a ; jmp 0xfffb752a - -loc_fffb74e4: -lea eax, [ebx + edi] -mov al, byte [esi + eax + 0x19bd] -cmp al, 0xf1 -sete cl -cmp al, 0xb -sete dl -or cl, dl -je short loc_fffb750c ; je 0xfffb750c -lea eax, [edi + esi + 0x1a30] -mov edx, 0xb -add eax, ebx -jmp short loc_fffb7522 ; jmp 0xfffb7522 - -loc_fffb750c: -cmp al, 0xc -jne short loc_fffb751e ; jne 0xfffb751e -mov eax, dword [ebp - 0x38] -mov edx, 9 -add eax, edi -add eax, ebx -jmp short loc_fffb7522 ; jmp 0xfffb7522 - -loc_fffb751e: -xor edx, edx -xor eax, eax - -loc_fffb7522: -lea ecx, [ebp - 0x1a] -call fcn_fffaf03f ; call 0xfffaf03f - -loc_fffb752a: -mov eax, dword [ebp - 0x2c] -mov ax, word [eax] -cmp word [ebp - 0x1a], ax -jne loc_fffb74a2 ; jne 0xfffb74a2 -add edi, 0x277 -add dword [ebp - 0x2c], 0x128 -cmp edi, 0x4ee -jne short loc_fffb74d2 ; jne 0xfffb74d2 -add esi, 0x54a -add dword [ebp - 0x30], 0x433 -cmp esi, 0xa94 -jne loc_fffb74b7 ; jne 0xfffb74b7 -mov byte [ebx + 0x247b], 1 -xor eax, eax - -loc_fffb7571: -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb7579: -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x34 -mov edi, dword [ebp + 0x10] -mov edx, dword [ebp + 0xc] -lea eax, [ebp - 0x1c] -push eax -mov ebx, dword [ebp + 0x14] -movzx esi, di -lea eax, [esi + 0xc] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab60f ; call 0xfffab60f -add esp, 0x10 -mov edx, dword [ebp - 0x2c] -test eax, eax -jns short loc_fffb75af ; jns 0xfffb75af -mov dword [ebp - 0x1c], 0 - -loc_fffb75af: -mov eax, dword [ebp - 0x1c] -test eax, eax -je short loc_fffb75f3 ; je 0xfffb75f3 -lea ecx, [eax + 4] -mov dword [ebx], ecx -mov word [eax + 4], dx -mov edx, dword [ebx] -mov word [edx + 2], di -mov edx, dword [ebx] -mov dword [edx + 4], 0 -add esi, dword [ebx] -mov word [esi], 0xffff -mov word [esi + 2], 8 -mov dword [esi + 4], 0 -mov edx, dword [0xff7d0270] -mov dword [eax], edx -mov dword [0xff7d0270], eax -xor eax, eax -jmp short loc_fffb75f8 ; jmp 0xfffb75f8 - -loc_fffb75f3: -mov eax, 0x80000009 - -loc_fffb75f8: -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb7600: ; not directly referenced -push ebp -mov eax, 0x80000002 -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 0x20] -mov ecx, dword [ebp + 0x10] -mov esi, dword [ebp + 0x14] -mov edi, dword [ebp + 0x18] -test ebx, ebx -je loc_fffb76db ; je 0xfffb76db -cmp ecx, 0xb -ja loc_fffb76db ; ja 0xfffb76db -push eax -mov edx, ecx -push dword [ebp + 0x1c] -mov eax, 1 -mov dword [ebp - 0x1c], ecx -push edi -push esi -call fcn_fffac5c7 ; call 0xfffac5c7 -add esp, 0x10 -mov ecx, dword [ebp - 0x1c] -test eax, eax -js loc_fffb76db ; js 0xfffb76db -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x1e], al -mov eax, ecx -and eax, 3 -mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] -dec eax -test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] -sete byte [ebp - 0x1d] -mov dword [ebp - 0x28], eax - -loc_fffb767e: ; not directly referenced -cmp dword [ebp + 0x1c], 0 -je short loc_fffb76d9 ; je 0xfffb76d9 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffb7690 ; jne 0xfffb7690 -mov al, byte [esi] -mov byte [ebx], al -jmp short loc_fffb76c8 ; jmp 0xfffb76c8 - -loc_fffb7690: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffb76a4 ; jne 0xfffb76a4 -sub esp, 0xc -push esi -call fcn_fffb3d06 ; call 0xfffb3d06 -mov word [ebx], ax -jmp short loc_fffb76c5 ; jmp 0xfffb76c5 - -loc_fffb76a4: ; not directly referenced -cmp dword [ebp - 0x1c], 2 -jne short loc_fffb76b7 ; jne 0xfffb76b7 -sub esp, 0xc -push esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [ebx], eax -jmp short loc_fffb76c5 ; jmp 0xfffb76c5 - -loc_fffb76b7: ; not directly referenced -sub esp, 0xc -push esi -call fcn_fffb3dc0 ; call 0xfffb3dc0 -mov dword [ebx], eax -mov dword [ebx + 4], edx - -loc_fffb76c5: ; not directly referenced -add esp, 0x10 - -loc_fffb76c8: ; not directly referenced -movzx eax, byte [ebp - 0x1e] -add esi, dword [ebp - 0x28] -adc edi, dword [ebp - 0x24] -dec dword [ebp + 0x1c] -add ebx, eax -jmp short loc_fffb767e ; jmp 0xfffb767e - -loc_fffb76d9: ; not directly referenced -xor eax, eax - -loc_fffb76db: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -mrc_printk_: -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0xfc -mov ecx, dword [ebp + 8] -lea ebx, [ebp + 0xc] -mov dword [ebp - 0xa8], ebx -mov dword [ebp - 0xa4], 0 -test ecx, ecx -je short loc_fffb7757 ; je 0xfffb7757 -mov dword [ebp - 0xf8], 0 -mov dword [ebp - 0xe4], 0 -jmp short loc_fffb776c ; jmp 0xfffb776c - -loc_fffb771f: -cmp dl, 0x2a -jne loc_fffb77c0 ; jne 0xfffb77c0 -mov ecx, dword [ebx] -lea eax, [ebx + 4] -mov dword [ebp - 0xe0], ecx -test ecx, ecx -jns short loc_fffb7744 ; jns 0xfffb7744 -neg dword [ebp - 0xe0] -or dword [ebp - 0xc4], 4 - -loc_fffb7744: -inc edi -mov ebx, eax - -loc_fffb7747: -cmp dword [ebp - 0xe0], 0x1f4 -jle loc_fffb7818 ; jle 0xfffb7818 - -loc_fffb7757: -or eax, 0xffffffff -jmp near loc_fffb82b2 ; jmp 0xfffb82b2 - -loc_fffb775f: -mov edi, esi -sub edi, ecx -jne short loc_fffb778a ; jne 0xfffb778a - -loc_fffb7765: -cmp byte [esi], 0 -jne short loc_fffb77ad ; jne 0xfffb77ad -mov ecx, esi - -loc_fffb776c: -cmp byte [ecx], 0 -je loc_fffb8277 ; je 0xfffb8277 -mov esi, ecx - -loc_fffb7777: -mov al, byte [esi] -cmp al, 0x25 -setne dl -test al, al -setne al -test dl, al -je short loc_fffb775f ; je 0xfffb775f -inc esi -jmp short loc_fffb7777 ; jmp 0xfffb7777 - -loc_fffb778a: -push eax -push edi -push ecx -push dword [ebp - 0xa4] -call fcn_fffa5c2e ; call 0xfffa5c2e -add esp, 0x10 -mov dword [ebp - 0xa4], eax -test eax, eax -je short loc_fffb7757 ; je 0xfffb7757 -add dword [ebp - 0xe4], edi -jmp short loc_fffb7765 ; jmp 0xfffb7765 - -loc_fffb77ad: -lea edi, [esi + 1] -mov dword [ebp - 0xc4], 0 - -loc_fffb77ba: -mov dl, byte [edi] -test dl, dl -jne short loc_fffb77cc ; jne 0xfffb77cc - -loc_fffb77c0: -mov dword [ebp - 0xe0], 0 -jmp short loc_fffb7808 ; jmp 0xfffb7808 - -loc_fffb77cc: -mov eax, ref_fffd58b0 ; mov eax, 0xfffd58b0 - -loc_fffb77d1: -mov cl, byte [eax] -cmp cl, dl -je loc_fffb827f ; je 0xfffb827f -test cl, cl -je loc_fffb771f ; je 0xfffb771f -inc eax -jmp short loc_fffb77d1 ; jmp 0xfffb77d1 - -loc_fffb77e6: -cmp dword [ebp - 0xe0], 0x1f3 -jg loc_fffb7747 ; jg 0xfffb7747 -imul edx, dword [ebp - 0xe0], 0xa -inc edi -lea eax, [edx + eax - 0x30] -mov dword [ebp - 0xe0], eax - -loc_fffb7808: -movsx eax, byte [edi] -lea edx, [eax - 0x30] -cmp dl, 9 -jbe short loc_fffb77e6 ; jbe 0xfffb77e6 -jmp near loc_fffb7747 ; jmp 0xfffb7747 - -loc_fffb7818: -cmp byte [edi], 0x2e -mov dword [ebp - 0xd0], 0xffffffff -jne short loc_fffb7891 ; jne 0xfffb7891 -cmp byte [edi + 1], 0x2a -je short loc_fffb783a ; je 0xfffb783a -inc edi -mov dword [ebp - 0xd0], 0 -jmp short loc_fffb7876 ; jmp 0xfffb7876 - -loc_fffb783a: -mov ecx, dword [ebx] -lea eax, [ebx + 4] -mov dword [ebp - 0xd0], ecx -cmp ecx, 0x1f4 -jg loc_fffb7757 ; jg 0xfffb7757 -add edi, 2 -mov ebx, eax -jmp short loc_fffb7891 ; jmp 0xfffb7891 - -loc_fffb7858: -cmp dword [ebp - 0xd0], 0x1f3 -jg short loc_fffb7881 ; jg 0xfffb7881 -imul edx, dword [ebp - 0xd0], 0xa -inc edi -lea eax, [edx + eax - 0x30] -mov dword [ebp - 0xd0], eax - -loc_fffb7876: -movsx eax, byte [edi] -lea edx, [eax - 0x30] -cmp dl, 9 -jbe short loc_fffb7858 ; jbe 0xfffb7858 - -loc_fffb7881: -cmp dword [ebp - 0xd0], 0x1f4 -jg loc_fffb7757 ; jg 0xfffb7757 - -loc_fffb7891: -cmp byte [edi], 0x3a -mov dword [ebp - 0xc0], 0 -jne short loc_fffb7903 ; jne 0xfffb7903 -cmp byte [edi + 1], 0x2a -jne short loc_fffb78ea ; jne 0xfffb78ea -mov esi, dword [ebx] -lea eax, [ebx + 4] -mov dword [ebp - 0xc0], esi -test esi, esi -js short loc_fffb78bf ; js 0xfffb78bf -cmp esi, 0x24 -jle short loc_fffb78c9 ; jle 0xfffb78c9 -jmp near loc_fffb7757 ; jmp 0xfffb7757 - -loc_fffb78bf: -mov dword [ebp - 0xc0], 0 - -loc_fffb78c9: -add edi, 2 -mov ebx, eax -jmp short loc_fffb7903 ; jmp 0xfffb7903 - -loc_fffb78d0: -cmp dword [ebp - 0xc0], 0x23 -jg short loc_fffb78f6 ; jg 0xfffb78f6 -imul ecx, dword [ebp - 0xc0], 0xa -lea eax, [ecx + eax - 0x30] -mov dword [ebp - 0xc0], eax - -loc_fffb78ea: -inc edi -movsx eax, byte [edi] -lea edx, [eax - 0x30] -cmp dl, 9 -jbe short loc_fffb78d0 ; jbe 0xfffb78d0 - -loc_fffb78f6: -cmp dword [ebp - 0xc0], 0x24 -jg loc_fffb7757 ; jg 0xfffb7757 - -loc_fffb7903: -cmp byte [edi], 0x5b -mov dword [ebp - 0xd8], 0 -jne short loc_fffb793b ; jne 0xfffb793b -lea eax, [edi + 1] -not edi -mov dword [ebp - 0xf8], eax - -loc_fffb791d: -mov dl, byte [eax] -lea esi, [edi + eax] -mov dword [ebp - 0xd8], esi -mov esi, eax -test dl, dl -je loc_fffb7757 ; je 0xfffb7757 -inc eax -cmp dl, 0x5d -jne short loc_fffb791d ; jne 0xfffb791d -lea edi, [esi + 1] - -loc_fffb793b: -mov al, byte [edi] -mov esi, ref_fffd6023 ; mov esi, 0xfffd6023 -test al, al -je short loc_fffb7973 ; je 0xfffb7973 - -loc_fffb7946: -mov dl, byte [esi] -cmp dl, al -je short loc_fffb7957 ; je 0xfffb7957 -test dl, dl -je short loc_fffb7953 ; je 0xfffb7953 -inc esi -jmp short loc_fffb7946 ; jmp 0xfffb7946 - -loc_fffb7953: -xor eax, eax -jmp short loc_fffb7973 ; jmp 0xfffb7973 - -loc_fffb7957: -mov dl, byte [edi + 1] -lea esi, [edi + 1] -test dl, dl -je loc_fffb8297 ; je 0xfffb8297 -cmp dl, al -jne loc_fffb8297 ; jne 0xfffb8297 -or eax, 1 -add edi, 2 - -loc_fffb7973: -mov dl, byte [edi] -test dl, dl -jne short loc_fffb7983 ; jne 0xfffb7983 -mov ecx, dword [ebx] -add ebx, 4 -jmp near loc_fffb776c ; jmp 0xfffb776c - -loc_fffb7983: -mov byte [ebp - 0xc8], 0 -cmp dl, 0x43 -jne short loc_fffb79a5 ; jne 0xfffb79a5 -mov cl, byte [edi + 1] -lea esi, [edi + 1] -mov byte [ebp - 0xc8], cl -test cl, cl -je loc_fffb7757 ; je 0xfffb7757 -mov edi, esi - -loc_fffb79a5: -mov byte [ebp - 0xab], dl -cmp dl, 0x6e -jne short loc_fffb7a06 ; jne 0xfffb7a06 -mov edx, dword [ebx] -test edx, edx -je loc_fffb82ab ; je 0xfffb82ab -cmp al, 0x68 -jne short loc_fffb79cc ; jne 0xfffb79cc -mov eax, dword [ebp - 0xe4] -mov word [edx], ax -jmp near loc_fffb82ab ; jmp 0xfffb82ab - -loc_fffb79cc: -cmp al, 0x69 -jne short loc_fffb79dd ; jne 0xfffb79dd -mov al, byte [ebp - 0xe4] -mov byte [edx], al -jmp near loc_fffb82ab ; jmp 0xfffb82ab - -loc_fffb79dd: -cmp al, 0x6c -je short loc_fffb79f9 ; je 0xfffb79f9 -cmp al, 0x6a -jne short loc_fffb79f9 ; jne 0xfffb79f9 -mov eax, dword [ebp - 0xe4] -mov dword [edx + 4], 0 -mov dword [edx], eax -jmp near loc_fffb82ab ; jmp 0xfffb82ab - -loc_fffb79f9: -mov eax, dword [ebp - 0xe4] -mov dword [edx], eax -jmp near loc_fffb82ab ; jmp 0xfffb82ab - -loc_fffb7a06: -cmp dl, 0x25 -jne short loc_fffb7a34 ; jne 0xfffb7a34 -sub esp, 0xc -xor ecx, ecx -push 0 -xor edx, edx -push 1 -lea eax, [ebp - 0xab] -push eax -push 0 -push 0 -lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 -add esp, 0x20 -jmp near loc_fffb8261 ; jmp 0xfffb8261 - -loc_fffb7a34: -mov esi, edx -and esi, 0xffffffdf -mov ecx, esi -cmp cl, 0x43 -jne short loc_fffb7ab9 ; jne 0xfffb7ab9 -cmp dl, 0x63 -jne short loc_fffb7a52 ; jne 0xfffb7a52 -mov eax, dword [ebx] -add ebx, 4 -mov byte [ebp - 0x9a], al -jmp short loc_fffb7a5e ; jmp 0xfffb7a5e - -loc_fffb7a52: -mov al, byte [ebp - 0xc8] -mov byte [ebp - 0x9a], al - -loc_fffb7a5e: -mov esi, dword [ebp - 0xd0] -mov eax, 1 -test esi, esi -cmovs esi, eax -test esi, esi -cmovg eax, esi -xor esi, esi -mov dword [ebp - 0xc0], eax - -loc_fffb7a7b: -sub esp, 0xc -xor ecx, ecx -push 0 -xor edx, edx -push 1 -lea eax, [ebp - 0x9a] -push eax -push 0 -push 0 -lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 -add esp, 0x20 -cmp eax, 0xffffffff -je loc_fffb7757 ; je 0xfffb7757 -add esi, eax -dec dword [ebp - 0xc0] -jne short loc_fffb7a7b ; jne 0xfffb7a7b -mov eax, esi -jmp near loc_fffb8261 ; jmp 0xfffb8261 - -loc_fffb7ab9: -cmp dl, 0x73 -jne loc_fffb7b51 ; jne 0xfffb7b51 -lea eax, [ebx + 4] -mov edx, ref_fffd602a ; mov edx, 0xfffd602a -mov dword [ebp - 0xc0], eax -mov eax, dword [ebx] -test eax, eax -cmove eax, edx -mov ecx, eax - -loc_fffb7ad9: -cmp byte [ecx], 0 -je short loc_fffb7ae1 ; je 0xfffb7ae1 -inc ecx -jmp short loc_fffb7ad9 ; jmp 0xfffb7ad9 - -loc_fffb7ae1: -mov ebx, dword [ebp - 0xd0] -sub ecx, eax -test ebx, ebx -js short loc_fffb7af2 ; js 0xfffb7af2 -cmp ecx, ebx -cmovg ecx, ebx - -loc_fffb7af2: -mov esi, dword [ebp - 0xe0] -xor edx, edx -mov ebx, esi -sub ebx, ecx -cmp ecx, esi -mov esi, dword [ebp - 0xc4] -cmovl edx, ebx -xor ebx, ebx -and esi, 4 -je short loc_fffb7b14 ; je 0xfffb7b14 -mov ebx, edx -xor edx, edx - -loc_fffb7b14: -test byte [ebp - 0xc4], 0x40 -je short loc_fffb7b2c ; je 0xfffb7b2c -add ebx, edx -xor edx, edx -test esi, esi -sete dl -add edx, ebx -sar edx, 1 -sub ebx, edx - -loc_fffb7b2c: -sub esp, 0xc -push ebx -push ecx -xor ecx, ecx -push eax -push 0 -push 0 -lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 -add esp, 0x20 -mov ebx, dword [ebp - 0xc0] -jmp near loc_fffb8261 ; jmp 0xfffb8261 - -loc_fffb7b51: -cmp dl, 0x70 -jne short loc_fffb7b7d ; jne 0xfffb7b7d -mov byte [ebp - 0xab], 0x58 -xor eax, eax -mov dword [ebp - 0xd0], 8 -mov dword [ebp - 0xe0], 8 -mov dword [ebp - 0xc4], 0x28 - -loc_fffb7b7d: -mov dl, byte [ebp - 0xab] -cmp dl, 0x69 -sete cl -cmp dl, 0x64 -mov byte [ebp - 0xd4], dl -sete dl -or dl, cl -mov byte [ebp - 0xe8], cl -jne short loc_fffb7baa ; jne 0xfffb7baa -xor esi, esi -cmp byte [ebp - 0xd4], 0x49 -jne short loc_fffb7bd9 ; jne 0xfffb7bd9 - -loc_fffb7baa: -mov dl, byte [ebp - 0xd4] -mov esi, 0xa -and dword [ebp - 0xc4], 0xfffffff7 -or dword [ebp - 0xc4], 0x80 -and edx, 0xffffffdf -cmp dl, 0x49 -jne short loc_fffb7bd9 ; jne 0xfffb7bd9 -mov ecx, dword [ebp - 0xc0] -test ecx, ecx -cmovne esi, ecx - -loc_fffb7bd9: -mov dl, byte [ebp - 0xd4] -and edx, 0xffffffdf -cmp dl, 0x58 -sete cl -test cl, cl -mov byte [ebp - 0xcc], cl -mov ecx, 0x10 -cmovne esi, ecx -cmp dl, 0x55 -jne short loc_fffb7c0d ; jne 0xfffb7c0d -mov ecx, dword [ebp - 0xc0] -mov esi, 0xa -test ecx, ecx -cmovne esi, ecx - -loc_fffb7c0d: -mov cl, byte [ebp - 0xd4] -cmp cl, 0x6f -je short loc_fffb7c27 ; je 0xfffb7c27 -cmp cl, 0x62 -je short loc_fffb7c2e ; je 0xfffb7c2e -cmp esi, 1 -ja short loc_fffb7c33 ; ja 0xfffb7c33 -jmp near loc_fffb7757 ; jmp 0xfffb7757 - -loc_fffb7c27: -mov esi, 8 -jmp short loc_fffb7c33 ; jmp 0xfffb7c33 - -loc_fffb7c2e: -mov esi, 2 - -loc_fffb7c33: -test byte [ebp - 0xc4], 0x80 -je loc_fffb7cf8 ; je 0xfffb7cf8 -cmp al, 0x6c -jne short loc_fffb7c49 ; jne 0xfffb7c49 -lea eax, [ebx + 4] -jmp short loc_fffb7c50 ; jmp 0xfffb7c50 - -loc_fffb7c49: -cmp al, 0x6a -jne short loc_fffb7c5a ; jne 0xfffb7c5a -lea eax, [ebx + 8] - -loc_fffb7c50: -mov dword [ebp - 0xc8], eax - -loc_fffb7c56: -mov edx, dword [ebx] -jmp short loc_fffb7c7e ; jmp 0xfffb7c7e - -loc_fffb7c5a: -lea edx, [ebx + 4] -cmp al, 0x7a -mov dword [ebp - 0xc8], edx -je short loc_fffb7c56 ; je 0xfffb7c56 -mov edx, dword [ebx] -cmp al, 0x74 -je short loc_fffb7c7e ; je 0xfffb7c7e -cmp al, 0x68 -jne short loc_fffb7c76 ; jne 0xfffb7c76 -movsx edx, dx -jmp short loc_fffb7c7e ; jmp 0xfffb7c7e - -loc_fffb7c76: -movsx ecx, dl -cmp al, 0x69 -cmove edx, ecx - -loc_fffb7c7e: -mov ecx, edx -sar ecx, 0x1f -mov eax, ecx -xor eax, edx -sub eax, ecx -mov dword [ebp - 0xc0], eax -sar eax, 0x1f -mov dword [ebp - 0xbc], eax -test edx, edx -jns short loc_fffb7ca5 ; jns 0xfffb7ca5 -mov byte [ebp - 0xaa], 0x2d -jmp short loc_fffb7ccb ; jmp 0xfffb7ccb - -loc_fffb7ca5: -test byte [ebp - 0xc4], 2 -je short loc_fffb7cb7 ; je 0xfffb7cb7 -mov byte [ebp - 0xaa], 0x2b -jmp short loc_fffb7ccb ; jmp 0xfffb7ccb - -loc_fffb7cb7: -mov eax, dword [ebp - 0xc4] -and eax, 1 -neg eax -and eax, 0x20 -mov byte [ebp - 0xaa], al - -loc_fffb7ccb: -cmp byte [ebp - 0xaa], 0 -mov dword [ebp - 0xdc], 0 -je loc_fffb7d9c ; je 0xfffb7d9c -or dword [ebp - 0xc4], 8 -mov dword [ebp - 0xdc], 1 -jmp near loc_fffb7d9c ; jmp 0xfffb7d9c - -loc_fffb7cf8: -cmp al, 0x6c -jne short loc_fffb7d0b ; jne 0xfffb7d0b -lea eax, [ebx + 4] -xor edx, edx -mov dword [ebp - 0xc8], eax -mov eax, dword [ebx] -jmp short loc_fffb7d1d ; jmp 0xfffb7d1d - -loc_fffb7d0b: -cmp al, 0x6a -jne short loc_fffb7d2b ; jne 0xfffb7d2b -lea eax, [ebx + 8] -mov edx, dword [ebx + 4] -mov dword [ebp - 0xc8], eax -mov eax, dword [ebx] - -loc_fffb7d1d: -mov dword [ebp - 0xc0], eax -mov dword [ebp - 0xbc], edx -jmp short loc_fffb7d8b ; jmp 0xfffb7d8b - -loc_fffb7d2b: -lea edx, [ebx + 4] -cmp al, 0x7a -mov dword [ebp - 0xc8], edx -je short loc_fffb7d3c ; je 0xfffb7d3c -cmp al, 0x74 -jne short loc_fffb7d4f ; jne 0xfffb7d4f - -loc_fffb7d3c: -mov eax, dword [ebx] -mov dword [ebp - 0xc0], eax -sar eax, 0x1f -mov dword [ebp - 0xbc], eax -jmp short loc_fffb7d8b ; jmp 0xfffb7d8b - -loc_fffb7d4f: -mov edx, dword [ebx] -mov dword [ebp - 0xbc], 0 -mov dword [ebp - 0xc0], edx -cmp al, 0x68 -jne short loc_fffb7d70 ; jne 0xfffb7d70 -movzx edx, dx -mov dword [ebp - 0xc0], edx -jmp short loc_fffb7d81 ; jmp 0xfffb7d81 - -loc_fffb7d70: -cmp al, 0x69 -jne short loc_fffb7d8b ; jne 0xfffb7d8b -movzx eax, byte [ebp - 0xc0] -mov dword [ebp - 0xc0], eax - -loc_fffb7d81: -mov dword [ebp - 0xbc], 0 - -loc_fffb7d8b: -mov byte [ebp - 0xaa], 0x30 -mov dword [ebp - 0xdc], 0 - -loc_fffb7d9c: -mov eax, dword [ebp - 0xc0] -mov edx, dword [ebp - 0xbc] -mov ebx, eax -or ebx, edx -setne al -cmp byte [ebp - 0xd4], 0x6f -sete dl -test al, dl -mov edx, 1 -cmove edx, dword [ebp - 0xdc] -cmp byte [ebp - 0xcc], 0 -mov dword [ebp - 0xdc], edx -jne short loc_fffb7ddf ; jne 0xfffb7ddf -cmp byte [ebp - 0xd4], 0x62 -jne short loc_fffb7e0d ; jne 0xfffb7e0d - -loc_fffb7ddf: -test byte [ebp - 0xc4], 0x20 -jne short loc_fffb7df4 ; jne 0xfffb7df4 -test al, al -je short loc_fffb7e0d ; je 0xfffb7e0d -mov al, byte [ebp - 0xd4] -jmp short loc_fffb7dfd ; jmp 0xfffb7dfd - -loc_fffb7df4: -mov al, byte [ebp - 0xd4] -or eax, 0x20 - -loc_fffb7dfd: -mov byte [ebp - 0xa9], al -mov dword [ebp - 0xdc], 2 - -loc_fffb7e0d: -test byte [ebp - 0xc4], 8 -je short loc_fffb7e24 ; je 0xfffb7e24 -lea eax, [ebp - 0xaa] -mov dword [ebp - 0xf4], eax -jmp short loc_fffb7e38 ; jmp 0xfffb7e38 - -loc_fffb7e24: -mov dword [ebp - 0xf4], 0 -mov dword [ebp - 0xdc], 0 - -loc_fffb7e38: -cmp esi, 0xa -jne short loc_fffb7ea3 ; jne 0xfffb7ea3 -mov dword [ebp - 0xcc], 0 -lea ebx, [ebp - 0xa0] - -loc_fffb7e4d: -mov edx, dword [ebp - 0xbc] -mov eax, dword [ebp - 0xc0] -mov esi, edx -or esi, eax -je loc_fffb7ff0 ; je 0xfffb7ff0 -push ebx -push 0xa -push dword [ebp - 0xbc] -push dword [ebp - 0xc0] -call fcn_fffd28b3 ; call 0xfffd28b3 -mov esi, dword [ebp - 0xa0] -add esp, 0x10 -inc dword [ebp - 0xcc] -mov dword [ebp - 0xc0], eax -mov eax, dword [ebp - 0xcc] -mov dword [ebp - 0xbc], edx -lea edx, [esi + 0x30] -neg eax -mov byte [eax + ebp - 0x18], dl -jmp short loc_fffb7e4d ; jmp 0xfffb7e4d - -loc_fffb7ea3: -cmp byte [ebp - 0xd4], 0x75 -sete byte [ebp - 0xec] -cmp esi, 8 -sete dl -cmp esi, 2 -sete al -or al, dl -jne short loc_fffb7ee1 ; jne 0xfffb7ee1 -cmp esi, 0x10 -je short loc_fffb7ee1 ; je 0xfffb7ee1 -mov bl, byte [ebp - 0xec] -mov dword [ebp - 0xcc], 0 -or ebx, dword [ebp - 0xe8] -jmp near loc_fffb7f83 ; jmp 0xfffb7f83 - -loc_fffb7ee1: -lea eax, [esi - 1] -cmp esi, 0x10 -je short loc_fffb7ef6 ; je 0xfffb7ef6 -cmp dl, 1 -sbb ecx, ecx -and ecx, 0xfffffffe -add ecx, 3 -jmp short loc_fffb7efb ; jmp 0xfffb7efb - -loc_fffb7ef6: -mov ecx, 4 - -loc_fffb7efb: -mov dword [ebp - 0xcc], 0 - -loc_fffb7f05: -mov esi, dword [ebp - 0xbc] -mov ebx, dword [ebp - 0xc0] -mov edx, esi -or edx, ebx -je loc_fffb7ff0 ; je 0xfffb7ff0 -mov edx, dword [ebp - 0xc0] -and edx, eax -cmp byte [ebp - 0xd4], 0x78 -mov bl, byte [edx + ref_fffd5868] ; mov bl, byte [edx - 0x2a798] -sete dl -or dl, byte [ebp - 0xe8] -jne short loc_fffb7f44 ; jne 0xfffb7f44 -cmp byte [ebp - 0xec], 0 -je short loc_fffb7f47 ; je 0xfffb7f47 - -loc_fffb7f44: -or ebx, 0x20 - -loc_fffb7f47: -inc dword [ebp - 0xcc] -mov edx, dword [ebp - 0xcc] -mov esi, dword [ebp - 0xbc] -neg edx -mov byte [edx + ebp - 0x18], bl -mov ebx, dword [ebp - 0xc0] -xor edx, edx -shrd ebx, esi, cl -shr esi, cl -test cl, 0x20 -cmovne ebx, esi -cmovne esi, edx -mov dword [ebp - 0xc0], ebx -mov dword [ebp - 0xbc], esi -jmp short loc_fffb7f05 ; jmp 0xfffb7f05 - -loc_fffb7f83: -mov edx, dword [ebp - 0xbc] -mov eax, dword [ebp - 0xc0] -mov ecx, edx -or ecx, eax -je short loc_fffb7ff0 ; je 0xfffb7ff0 -push eax -push esi -push dword [ebp - 0xbc] -push dword [ebp - 0xc0] -call fcn_fffd2889 ; call 0xfffd2889 -add esp, 0xc -push esi -push dword [ebp - 0xbc] -push dword [ebp - 0xc0] -mov al, byte [eax + ref_fffd5868] ; mov al, byte [eax - 0x2a798] -mov dl, al -or edx, 0x20 -test bl, bl -cmovne eax, edx -inc dword [ebp - 0xcc] -mov edx, dword [ebp - 0xcc] -neg edx -mov byte [edx + ebp - 0x18], al -call fcn_fffd289e ; call 0xfffd289e -add esp, 0x10 -mov dword [ebp - 0xc0], eax -mov dword [ebp - 0xbc], edx -jmp short loc_fffb7f83 ; jmp 0xfffb7f83 - -loc_fffb7ff0: -cmp dword [ebp - 0xd8], 0 -mov dword [ebp - 0xf0], 0 -je loc_fffb819b ; je 0xfffb819b -mov ebx, dword [ebp - 0xf8] -mov esi, dword [ebp - 0xd8] -mov eax, dword [ebp - 0xcc] -mov dword [ebp - 0xc0], 0x82 -mov byte [ebp - 0xec], 0 -lea ebx, [ebx + esi - 1] -sub dword [ebp - 0xc0], eax -mov dword [ebp - 0xe8], eax -xor eax, eax -mov dword [ebp - 0xd4], ebx - -loc_fffb8042: -cmp dword [ebp - 0xe8], 0 -je loc_fffb819b ; je 0xfffb819b -cmp dword [ebp - 0xd8], 0 -je loc_fffb829e ; je 0xfffb829e -mov esi, dword [ebp - 0xd4] -mov al, byte [esi] -cmp al, 0x2d -je loc_fffb819b ; je 0xfffb819b -cmp al, 0x2a -je short loc_fffb808e ; je 0xfffb808e -mov ebx, dword [ebp - 0xd8] -xor eax, eax -mov dword [ebp - 0xec], 1 -sub esi, ebx -mov edx, ebx -mov dword [ebp - 0x100], esi -jmp short loc_fffb80e1 ; jmp 0xfffb80e1 - -loc_fffb808e: -mov eax, dword [ebp - 0xc8] -lea ebx, [eax + 4] -mov eax, dword [eax] -test eax, eax -js loc_fffb8195 ; js 0xfffb8195 -mov ecx, dword [ebp - 0xd4] -mov edx, dword [ebp - 0xd8] -mov dword [ebp - 0xc8], ebx -dec ecx -dec edx -jne short loc_fffb8108 ; jne 0xfffb8108 -jmp near loc_fffb819b ; jmp 0xfffb819b - -loc_fffb80bc: -movsx esi, byte [ebp - 0xf9] -mov ecx, dword [ebp - 0xec] -sub esi, 0x30 -imul esi, ecx -add eax, esi -imul esi, ecx, 0xa -mov dword [ebp - 0xec], esi -dec edx -je loc_fffb819b ; je 0xfffb819b - -loc_fffb80e1: -mov ebx, dword [ebp - 0x100] -mov ecx, edx -sub ecx, dword [ebp - 0xd8] -add ecx, dword [ebp - 0xd4] -mov bl, byte [ebx + edx] -lea esi, [ebx - 0x30] -mov byte [ebp - 0xf9], bl -mov ebx, esi -cmp bl, 9 -jbe short loc_fffb80bc ; jbe 0xfffb80bc - -loc_fffb8108: -mov bl, byte [ecx] -lea esi, [ecx - 1] -mov dword [ebp - 0xd4], esi -mov byte [ebp - 0xec], bl -lea ebx, [edx - 1] -mov dword [ebp - 0xd8], ebx -test eax, eax -je short loc_fffb8186 ; je 0xfffb8186 - -loc_fffb8126: -mov esi, dword [ebp - 0xe8] -cmp esi, eax -jle short loc_fffb819b ; jle 0xfffb819b -lea ecx, [ebp - 0x9a] -sub esi, eax -add ecx, dword [ebp - 0xc0] -xor edx, edx - -loc_fffb8140: -cmp edx, esi -je short loc_fffb814e ; je 0xfffb814e -mov bl, byte [ecx + edx] -mov byte [ecx + edx - 1], bl -inc edx -jmp short loc_fffb8140 ; jmp 0xfffb8140 - -loc_fffb814e: -mov ecx, dword [ebp - 0xe8] -dec dword [ebp - 0xc0] -add ecx, dword [ebp - 0xc0] -mov bl, byte [ebp - 0xec] -inc dword [ebp - 0xcc] -sub ecx, eax -inc dword [ebp - 0xf0] -mov byte [ebp + ecx - 0x9a], bl -mov dword [ebp - 0xe8], edx -jmp near loc_fffb8042 ; jmp 0xfffb8042 - -loc_fffb8186: -cmp dword [ebp - 0xd8], 0 -jne loc_fffb8042 ; jne 0xfffb8042 -jmp short loc_fffb819b ; jmp 0xfffb819b - -loc_fffb8195: -mov dword [ebp - 0xc8], ebx - -loc_fffb819b: -cmp dword [ebp - 0xd0], 0 -js short loc_fffb81ad ; js 0xfffb81ad -and dword [ebp - 0xc4], 0xffffffef -jmp short loc_fffb81b7 ; jmp 0xfffb81b7 +jmp short loc_fffb6575 ; jmp 0xfffb6575 -loc_fffb81ad: -mov dword [ebp - 0xd0], 1 - -loc_fffb81b7: -mov esi, dword [ebp - 0xcc] -mov eax, dword [ebp - 0xd0] -add eax, dword [ebp - 0xf0] -cmp eax, esi -cmovl eax, esi -mov esi, dword [ebp - 0xe0] -xor edx, edx -mov ebx, eax -mov eax, dword [ebp - 0xdc] -mov ecx, esi -add eax, ebx -sub ecx, eax -cmp eax, esi -cmovl edx, ecx -mov ecx, dword [ebp - 0xc4] +loc_fffb6573: ; not directly referenced xor eax, eax -and ecx, 4 -je short loc_fffb81fa ; je 0xfffb81fa -mov eax, edx -xor edx, edx -loc_fffb81fa: -test byte [ebp - 0xc4], 0x40 -je short loc_fffb8212 ; je 0xfffb8212 -add eax, edx -xor edx, edx -test ecx, ecx -sete dl -add edx, eax -sar edx, 1 -sub eax, edx - -loc_fffb8212: -sub ebx, dword [ebp - 0xcc] -mov ecx, ebx -test byte [ebp - 0xc4], 0x10 -je short loc_fffb8227 ; je 0xfffb8227 -add ecx, edx -xor edx, edx - -loc_fffb8227: -mov esi, dword [ebp - 0xcc] -sub esp, 0xc -push eax -lea eax, [ebp - 0x9a] -sub eax, esi -push esi -add eax, 0x82 -push eax -push ecx -mov ecx, dword [ebp - 0xf4] -push dword [ebp - 0xdc] -lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 -mov ebx, dword [ebp - 0xc8] -add esp, 0x20 - -loc_fffb8261: -test eax, eax -js loc_fffb7757 ; js 0xfffb7757 - -loc_fffb8269: -add dword [ebp - 0xe4], eax -lea ecx, [edi + 1] -jmp near loc_fffb776c ; jmp 0xfffb776c - -loc_fffb8277: -mov eax, dword [ebp - 0xe4] -jmp short loc_fffb82b2 ; jmp 0xfffb82b2 - -loc_fffb827f: -sub eax, ref_fffd58b0 ; sub eax, 0xfffd58b0 -inc edi -mov eax, dword [eax*4 + ref_fffd5890] ; mov eax, dword [eax*4 - 0x2a770] -or dword [ebp - 0xc4], eax -jmp near loc_fffb77ba ; jmp 0xfffb77ba - -loc_fffb8297: -mov edi, esi -jmp near loc_fffb7973 ; jmp 0xfffb7973 - -loc_fffb829e: -test eax, eax -jne loc_fffb8126 ; jne 0xfffb8126 -jmp near loc_fffb819b ; jmp 0xfffb819b - -loc_fffb82ab: -add ebx, 4 -xor eax, eax -jmp short loc_fffb8269 ; jmp 0xfffb8269 - -loc_fffb82b2: +loc_fffb6575: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -33543,211 +30701,7 @@ pop edi pop ebp ret -fcn_fffb82ba: -push ebp -mov ebp, esp -push edi -mov edi, ecx -push esi -push ebx -mov ebx, eax -sub esp, 0x20 -mov esi, dword [edx + 9] -mov edx, dword [ebx + 0x188b] -mov eax, dword [eax + 0x2443] -push 4 -lea edx, [edx*4 + ref_fffd3230] ; lea edx, [edx*4 - 0x2cdd0] -push edx -lea edx, [ebp - 0x1c] -push edx -call dword [eax + 0x58] ; ucall -mov al, byte [ebx + 0xfac] -add esp, 0x10 -cmp byte [ebp - 0x1c], al -mov al, 1 -jne short loc_fffb8350 ; jne 0xfffb8350 -mov cl, byte [ebx + 0xfad] -cmp byte [ebp - 0x1b], cl -jne short loc_fffb8350 ; jne 0xfffb8350 -mov cl, byte [ebx + 0xfae] -cmp byte [ebp - 0x1a], cl -jne short loc_fffb8350 ; jne 0xfffb8350 -mov cl, byte [ebx + 0xfaf] -cmp byte [ebp - 0x19], cl -jne short loc_fffb8350 ; jne 0xfffb8350 -mov ecx, dword [ebx + 0xfa4] -cmp dword [ebx + 0x1887], ecx -jne short loc_fffb8350 ; jne 0xfffb8350 -mov ecx, dword [ebx + 0xfa0] -cmp dword [ebx + 0x1883], ecx -jne short loc_fffb8350 ; jne 0xfffb8350 -xor eax, eax -cmp edi, 2 -je short loc_fffb8350 ; je 0xfffb8350 -mov edx, 0x102 -mov eax, esi -call fcn_fffc3dc3 ; call 0xfffc3dc3 -cmp eax, dword [ebx + 0xfb0] -setne al - -loc_fffb8350: -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb8358: -push ebp -mov ebp, esp -push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 8] -lea eax, [ebp - 0xc] -push eax -push ebx -call fcn_fffab60f ; call 0xfffab60f -add esp, 0x10 -test eax, eax -jns short loc_fffb837a ; jns 0xfffb837a -mov dword [ebp - 0xc], 0 - -loc_fffb837a: -mov eax, dword [ebp - 0xc] -test eax, eax -je short loc_fffb838f ; je 0xfffb838f -push edx -push edx -push ebx -push eax -call fcn_fffac673 ; call 0xfffac673 -add esp, 0x10 -jmp short loc_fffb8391 ; jmp 0xfffb8391 - -loc_fffb838f: -xor eax, eax - -loc_fffb8391: -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffb8396: ; not directly referenced -and dh, 4 -je short loc_fffb83fa ; je 0xfffb83fa -push ebp -mov edx, ecx -mov ebp, esp -push edi -push esi -mov esi, ecx -shr edx, 0x13 -push ebx -and edx, 1 -sub esp, 0xc -cmp edx, 1 -mov edi, dword [eax + 0x68] -mov edx, ecx -sbb ebx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 -shr esi, 0x11 -and ebx, 0x10 -and esi, 1 -add ebx, 0x10 -push ecx -push esi -push edx -push eax -call edi -add esp, 0x10 -cmp bx, 0x10 -jne short loc_fffb83e9 ; jne 0xfffb83e9 -xor eax, 0x1000000 -or eax, edx -cmp eax, 1 -sbb eax, eax -add eax, 0xb -jmp short loc_fffb8400 ; jmp 0xfffb8400 - -loc_fffb83e9: ; not directly referenced -xor eax, 0x800000 -or eax, edx -cmp eax, 1 -sbb eax, eax -add eax, 0xa -jmp short loc_fffb8400 ; jmp 0xfffb8400 - -loc_fffb83fa: ; not directly referenced -mov eax, 0xa -ret - -loc_fffb8400: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb8408: ; not directly referenced -and dh, 4 -je short loc_fffb846c ; je 0xfffb846c -push ebp -mov edx, ecx -mov ebp, esp -push edi -push esi -mov esi, ecx -shr edx, 0x14 -push ebx -and edx, 1 -sub esp, 0xc -cmp edx, 1 -mov edi, dword [eax + 0x68] -mov edx, ecx -sbb ebx, ebx -call fcn_fffc3bda ; call 0xfffc3bda -shr esi, 0x12 -and ebx, 0x10 -and esi, 1 -add ebx, 0x10 -push ecx -push esi -push edx -push eax -call edi -add esp, 0x10 -cmp bx, 0x10 -jne short loc_fffb845b ; jne 0xfffb845b -xor eax, 0x1000000 -or eax, edx -cmp eax, 1 -sbb eax, eax -add eax, 0xb -jmp short loc_fffb8472 ; jmp 0xfffb8472 - -loc_fffb845b: ; not directly referenced -xor eax, 0x800000 -or eax, edx -cmp eax, 1 -sbb eax, eax -add eax, 0xa -jmp short loc_fffb8472 ; jmp 0xfffb8472 - -loc_fffb846c: ; not directly referenced -mov eax, 0xa -ret - -loc_fffb8472: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb847a: ; not directly referenced +fcn_fffb657d: ; not directly referenced push ebp mov ebp, esp push edi @@ -33756,29 +30710,29 @@ push ebx sub esp, 0x2c mov ebx, dword [ebp + 8] mov dword [ebp - 0x1c], 0 -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] lea esi, [ebx + 0xfb9] mov dword [ebp - 0x20], eax lea eax, [ebx + 0x10] mov dword [ebp - 0x2c], eax -mov al, byte [ebx + 0x3755] +mov al, byte [ebx + 0x3756] mov byte [ebx + 0xfb8], al -mov eax, dword [ebx + 0x374e] +mov eax, dword [ebx + 0x374f] mov dword [ebx + 0xfb4], eax -loc_fffb84ba: ; not directly referenced +loc_fffb65bd: ; not directly referenced imul eax, dword [ebp - 0x1c], 0x13c3 xor edi, edi -mov edx, dword [ebx + eax + 0x3816] -lea ecx, [ebx + eax + 0x3756] +mov edx, dword [ebx + eax + 0x3817] +lea ecx, [ebx + eax + 0x3757] mov dword [ebp - 0x28], ecx mov dword [esi + 4], edx -mov dl, byte [ebx + eax + 0x381a] +mov dl, byte [ebx + eax + 0x381b] mov byte [esi + 8], dl -mov eax, dword [ebx + eax + 0x3756] +mov eax, dword [ebx + eax + 0x3757] mov dword [esi], eax -loc_fffb84ea: ; not directly referenced +loc_fffb65ed: ; not directly referenced mov eax, dword [ebp - 0x28] push edx push 0x2e @@ -33791,13 +30745,13 @@ mov eax, dword [ebp - 0x20] call dword [eax + 0x58] ; ucall add esp, 0x10 cmp edi, 0xb8 -jne short loc_fffb84ea ; jne 0xfffb84ea +jne short loc_fffb65ed ; jne 0xfffb65ed imul eax, dword [ebp - 0x1c], 0x54a lea edx, [esi + 0x313] mov dword [ebp - 0x24], 0 lea edi, [ebx + eax + 0x19bb] -loc_fffb8529: ; not directly referenced +loc_fffb662c: ; not directly referenced mov ecx, dword [ebp - 0x24] mov dword [ebp - 0x30], edx mov edx, dword [ebp - 0x28] @@ -33814,20 +30768,20 @@ add esp, 0x10 mov edx, dword [ebp - 0x30] cmp byte [edi + 2], 0xc mov byte [edx - 2], al -jne short loc_fffb8573 ; jne 0xfffb8573 +jne short loc_fffb6676 ; jne 0xfffb6676 mov al, byte [edi + 0xd] mov ecx, 0x1d mov byte [edx - 1], al lea eax, [edi + 0x140] -jmp short loc_fffb8581 ; jmp 0xfffb8581 +jmp short loc_fffb6684 ; jmp 0xfffb6684 -loc_fffb8573: ; not directly referenced +loc_fffb6676: ; not directly referenced mov al, byte [edi + 8] mov ecx, 0x1f mov byte [edx - 1], al lea eax, [edi + 0x75] -loc_fffb8581: ; not directly referenced +loc_fffb6684: ; not directly referenced sub esp, 4 add edi, 0x277 push ecx @@ -33841,24 +30795,24 @@ add esp, 0x10 add dword [ebp - 0x24], 0x128 add edx, 0x21 cmp dword [ebp - 0x24], 0x250 -jne loc_fffb8529 ; jne 0xfffb8529 +jne loc_fffb662c ; jne 0xfffb662c inc dword [ebp - 0x1c] add esi, 0x433 cmp dword [ebp - 0x1c], 2 -jne loc_fffb84ba ; jne 0xfffb84ba -mov eax, dword [ebx + 0x3735] +jne loc_fffb65bd ; jne 0xfffb65bd +mov eax, dword [ebx + 0x3736] mov dword [ebx + 0x182c], eax -mov eax, dword [ebx + 0x3739] +mov eax, dword [ebx + 0x373a] mov dword [ebx + 0x1830], eax -mov eax, dword [ebx + 0x373d] +mov eax, dword [ebx + 0x373e] mov dword [ebx + 0x1834], eax -mov eax, dword [ebx + 0x3741] +mov eax, dword [ebx + 0x3742] mov dword [ebx + 0x1838], eax push eax -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] push 4 mov edx, dword [ebx + 0x188b] -lea edx, [edx*4 + ref_fffd3230] ; lea edx, [edx*4 - 0x2cdd0] +lea edx, [edx*4 + ref_fffd3520] ; lea edx, [edx*4 - 0x2cae0] push edx lea edx, [ebx + 0xfac] push edx @@ -33873,46 +30827,46 @@ mov eax, dword [ebx + 0x188b] mov dword [ebx + 0xfa8], eax mov al, byte [ebx + 0x190d] mov byte [ebx + 0x1842], al -mov eax, dword [ebx + 0x36d7] +mov eax, dword [ebx + 0x36d8] mov dword [ebx + 0x181f], eax -mov eax, dword [ebx + 0x36df] +mov eax, dword [ebx + 0x36e0] mov dword [ebx + 0x1823], eax -mov al, byte [ebx + 0x36e7] +mov al, byte [ebx + 0x36e8] mov byte [ebx + 0x182b], al -mov eax, dword [ebx + 0x36e3] +mov eax, dword [ebx + 0x36e4] mov dword [ebx + 0x1827], eax -mov al, byte [ebx + 0x3748] +mov al, byte [ebx + 0x3749] mov byte [ebx + 0x183c], al -mov eax, dword [ebx + 0x2480] +mov eax, dword [ebx + 0x2481] mov dword [ebx + 0x183d], eax -mov al, byte [ebx + 0x3749] +mov al, byte [ebx + 0x374a] mov byte [ebx + 0x1841], al -mov al, byte [ebx + 0x36ca] +mov al, byte [ebx + 0x36cb] mov byte [ebx + 0x184c], al -mov al, byte [ebx + 0x36a8] +mov al, byte [ebx + 0x36a9] mov byte [ebx + 0x184d], al -mov eax, dword [ebx + 0x36cb] +mov eax, dword [ebx + 0x36cc] mov dword [ebx + 0x1843], eax mov eax, dword [ebx + 0x1912] mov dword [ebx + 0x1847], eax mov al, byte [ebx + 0x1916] mov byte [ebx + 0x184b], al -loc_fffb86dc: ; not directly referenced -mov eax, dword [ebx + ecx*8 + 0x36a9] -mov edx, dword [ebx + ecx*8 + 0x36ad] +loc_fffb67df: ; not directly referenced +mov eax, dword [ebx + ecx*8 + 0x36aa] +mov edx, dword [ebx + ecx*8 + 0x36ae] mov dword [ebx + ecx*8 + 0x184e], eax mov dword [ebx + ecx*8 + 0x1852], edx inc ecx cmp ecx, 4 -jne short loc_fffb86dc ; jne 0xfffb86dc +jne short loc_fffb67df ; jne 0xfffb67df mov edx, dword [ebx + 0x18bd] mov eax, dword [ebx + 0x18b9] -call fcn_fffc3dc3 ; call 0xfffc3dc3 +call fcn_fffc3cb8 ; call 0xfffc3cb8 mov edx, 0x185e mov dword [ebx + 0xfb0], eax mov eax, dword [ebp - 0x2c] -call fcn_fffc3dc3 ; call 0xfffc3dc3 +call fcn_fffc3cb8 ; call 0xfffc3cb8 mov dword [ebx + 8], 0x1866 mov dword [ebx + 0xc], eax lea esp, [ebp - 0xc] @@ -33923,7 +30877,7 @@ pop edi pop ebp ret -fcn_fffb8736: ; not directly referenced +fcn_fffb6839: ; not directly referenced mov eax, dword [0xff7d0084] push ebp mov ebp, esp @@ -33935,29 +30889,29 @@ mov ebx, dword [ebp + 0xc] sub esp, 0xc add eax, 0xb0048 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 cmp bl, 2 -je short loc_fffb876f ; je 0xfffb876f +je short loc_fffb6872 ; je 0xfffb6872 cmp bl, 6 -je short loc_fffb8776 ; je 0xfffb8776 +je short loc_fffb6879 ; je 0xfffb6879 dec bl -jne short loc_fffb8782 ; jne 0xfffb8782 +jne short loc_fffb6885 ; jne 0xfffb6885 mov edx, 1 -jmp short loc_fffb877b ; jmp 0xfffb877b +jmp short loc_fffb687e ; jmp 0xfffb687e -loc_fffb876f: ; not directly referenced +loc_fffb6872: ; not directly referenced mov edx, 2 -jmp short loc_fffb877b ; jmp 0xfffb877b +jmp short loc_fffb687e ; jmp 0xfffb687e -loc_fffb8776: ; not directly referenced +loc_fffb6879: ; not directly referenced mov edx, 6 -loc_fffb877b: ; not directly referenced +loc_fffb687e: ; not directly referenced mov eax, esi -call fcn_fffb7129 ; call 0xfffb7129 +call fcn_fffb63cb ; call 0xfffb63cb -loc_fffb8782: ; not directly referenced +loc_fffb6885: ; not directly referenced lea esp, [ebp - 8] xor eax, eax pop ebx @@ -33965,7 +30919,7 @@ pop esi pop ebp ret -fcn_fffb878b: ; not directly referenced +fcn_fffb688e: ; not directly referenced push ebp mov ebp, esp push edi @@ -33976,23 +30930,23 @@ mov eax, dword [0xff7d0084] mov edi, dword [eax + 0x14] add edi, 0xb0048 push edi -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 mov ebx, eax lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x20 xor ecx, ecx mov esi, eax -loc_fffb87c3: ; not directly referenced +loc_fffb68c6: ; not directly referenced test bh, 1 -jne short loc_fffb87f3 ; jne 0xfffb87f3 +jne short loc_fffb68f6 ; jne 0xfffb68f6 cmp ecx, 0x32 -je short loc_fffb883e ; je 0xfffb883e +je short loc_fffb6941 ; je 0xfffb6941 mov eax, dword [ebp - 0x1c] push ebx push 0x3e8 @@ -34001,48 +30955,48 @@ push dword [ebp + 8] mov dword [ebp - 0x2c], ecx call dword [eax + 4] ; ucall mov dword [esp], edi -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 mov ecx, dword [ebp - 0x2c] add esp, 0x10 inc ecx mov ebx, eax -jmp short loc_fffb87c3 ; jmp 0xfffb87c3 +jmp short loc_fffb68c6 ; jmp 0xfffb68c6 -loc_fffb87f3: ; not directly referenced +loc_fffb68f6: ; not directly referenced cmp ecx, 0x32 -je short loc_fffb883e ; je 0xfffb883e +je short loc_fffb6941 ; je 0xfffb6941 mov edi, ebx test bl, bl -jns short loc_fffb8835 ; jns 0xfffb8835 +jns short loc_fffb6938 ; jns 0xfffb6938 mov eax, dword [0xff7d0084] sub esp, 0xc mov ebx, dword [eax + 0x14] add ebx, 0xf80a2 push ebx -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 pop edx pop ecx and eax, 0xff7f push eax push ebx -call fcn_fffb3d20 ; call 0xfffb3d20 +call fcn_fffb3fa0 ; call 0xfffb3fa0 mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffb7129 ; call 0xfffb7129 +call fcn_fffb63cb ; call 0xfffb63cb add esp, 0x10 mov esi, eax -loc_fffb8835: ; not directly referenced +loc_fffb6938: ; not directly referenced mov eax, edi and eax, 0xffffff90 cmp al, 0x10 -jne short loc_fffb8844 ; jne 0xfffb8844 +jne short loc_fffb6947 ; jne 0xfffb6947 -loc_fffb883e: ; not directly referenced +loc_fffb6941: ; not directly referenced mov eax, dword [ebp + 0x10] mov byte [eax], 1 -loc_fffb8844: ; not directly referenced +loc_fffb6947: ; not directly referenced lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -34051,7 +31005,7 @@ pop edi pop ebp ret -fcn_fffb884e: +fcn_fffb6951: push ebp mov ebp, esp mov ecx, dword [ebp + 8] @@ -34074,7 +31028,7 @@ pop ebx pop ebp ret -fcn_fffb887d: ; not directly referenced +fcn_fffb6980: ; not directly referenced push ebp mov ebp, esp push edi @@ -34112,7 +31066,7 @@ mov byte [ebp - 0x20], 0x76 mov byte [ebp - 0x1f], 0x70 mov byte [ebp - 0x1e], 0x6c mov byte [ebp - 0x1d], 0x67 -mov eax, dword [esi + 0x5edc] +mov eax, dword [esi + 0x5edd] mov byte [ebp - 0x1c], 0x64 mov byte [ebp - 0x1b], 0x61 mov byte [ebp - 0x1a], 0x5f @@ -34128,12 +31082,12 @@ lea eax, [edx + eax + 0x1c] mov dl, 0x19 mov dword [ebp - 0x44], eax mov eax, dword [esi + 0x18a7] -mov eax, dword [esi + eax*4 + 0x3735] +mov eax, dword [esi + eax*4 + 0x3736] mov dword [ebp - 0x48], eax mov eax, dword [esi + 0x188b] mov dword [ebp - 0x70], eax xor eax, eax -cmp dword [esi + 0x2480], 3 +cmp dword [esi + 0x2481], 3 sete al cmp cl, 0xc mov dword [ebp - 0x64], eax @@ -34141,90 +31095,90 @@ mov al, 0x4b cmovne edx, eax cmp dword [ebp + 0x1c], 0 mov byte [ebp - 0x75], dl -je short loc_fffb897e ; je 0xfffb897e +je short loc_fffb6a81 ; je 0xfffb6a81 mov eax, dword [ebp + 0x1c] cmp dword [eax], 0 setne al movzx eax, al mov dword [ebp - 0x4c], eax -jmp short loc_fffb89a3 ; jmp 0xfffb89a3 +jmp short loc_fffb6aa6 ; jmp 0xfffb6aa6 -loc_fffb897e: ; not directly referenced +loc_fffb6a81: ; not directly referenced mov eax, dword [ebp - 0x3c] cmp al, 0xc sete dl cmp al, 0xa sete al or dl, al -je short loc_fffb8996 ; je 0xfffb8996 +je short loc_fffb6a99 ; je 0xfffb6a99 -loc_fffb898f: ; not directly referenced +loc_fffb6a92: ; not directly referenced xor eax, eax -jmp near loc_fffb8ff5 ; jmp 0xfffb8ff5 +jmp near loc_fffb70f8 ; jmp 0xfffb70f8 -loc_fffb8996: ; not directly referenced +loc_fffb6a99: ; not directly referenced cmp byte [ebp - 0x3c], 0xf -je short loc_fffb898f ; je 0xfffb898f +je short loc_fffb6a92 ; je 0xfffb6a92 mov dword [ebp - 0x4c], 0 -loc_fffb89a3: ; not directly referenced +loc_fffb6aa6: ; not directly referenced cmp dword [ebp - 0x64], 0 -jne short loc_fffb89eb ; jne 0xfffb89eb +jne short loc_fffb6aee ; jne 0xfffb6aee mov edx, dword [ebp - 0x60] imul eax, edx, 0x54a imul edx, edx, 0x13c3 lea eax, [esi + eax + 0x196b] -mov dl, byte [esi + edx + 0x381a] +mov dl, byte [esi + edx + 0x381b] test dl, 1 -je short loc_fffb89d4 ; je 0xfffb89d4 +je short loc_fffb6ad7 ; je 0xfffb6ad7 cmp byte [eax + 0x27e], 0 -je short loc_fffb89fb ; je 0xfffb89fb +je short loc_fffb6afe ; je 0xfffb6afe -loc_fffb89d4: ; not directly referenced +loc_fffb6ad7: ; not directly referenced and dl, 4 -je short loc_fffb8a04 ; je 0xfffb8a04 +je short loc_fffb6b07 ; je 0xfffb6b07 cmp byte [eax + 0x4f5], 1 sbb eax, eax mov dword [ebp - 0x54], eax add dword [ebp - 0x54], 0x24 -jmp short loc_fffb8a0b ; jmp 0xfffb8a0b +jmp short loc_fffb6b0e ; jmp 0xfffb6b0e -loc_fffb89eb: ; not directly referenced +loc_fffb6aee: ; not directly referenced mov dword [ebp - 0x54], 0x50 mov dword [ebp - 0x50], 0x37 -jmp short loc_fffb8a12 ; jmp 0xfffb8a12 +jmp short loc_fffb6b15 ; jmp 0xfffb6b15 -loc_fffb89fb: ; not directly referenced +loc_fffb6afe: ; not directly referenced mov dword [ebp - 0x54], 0x23 -jmp short loc_fffb8a0b ; jmp 0xfffb8a0b +jmp short loc_fffb6b0e ; jmp 0xfffb6b0e -loc_fffb8a04: ; not directly referenced +loc_fffb6b07: ; not directly referenced mov dword [ebp - 0x54], 0x24 -loc_fffb8a0b: ; not directly referenced +loc_fffb6b0e: ; not directly referenced mov dword [ebp - 0x50], 0x23 -loc_fffb8a12: ; not directly referenced +loc_fffb6b15: ; not directly referenced cmp byte [ebp - 0x3c], 2 -ja loc_fffb8b08 ; ja 0xfffb8b08 +ja loc_fffb6c0b ; ja 0xfffb6c0b movzx eax, byte [ebp - 0x6c] mov edx, dword [ebp - 0x44] cmp byte [ebp - 0x3c], 1 mov eax, dword [edx + eax*4 + 0x78] mov dword [ebp - 0x5c], eax -jne short loc_fffb8a44 ; jne 0xfffb8a44 +jne short loc_fffb6b47 ; jne 0xfffb6b47 mov edx, 0x3a04 mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dword [ebp - 0x74], eax -jmp near loc_fffb8b12 ; jmp 0xfffb8b12 +jmp near loc_fffb6c15 ; jmp 0xfffb6c15 -loc_fffb8a44: ; not directly referenced +loc_fffb6b47: ; not directly referenced mov edx, 0x3a00 mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f cmp byte [ebp - 0x3c], 0 -jne loc_fffb8b08 ; jne 0xfffb8b08 +jne loc_fffb6c0b ; jne 0xfffb6c0b mov ebx, dword [ebp - 0x58] mov edx, dword [ebx + 0xc] shr edx, 0xb @@ -34234,7 +31188,7 @@ and dl, 8 lea ebx, [ecx - 0x10] cmovne ecx, ebx cmp dword [ebp + 0x18], 0 -je short loc_fffb8a90 ; je 0xfffb8a90 +je short loc_fffb6b93 ; je 0xfffb6b93 mov edi, dword [ebp - 0x5c] and eax, 0x3f mov byte [ebp - 0x40], al @@ -34245,7 +31199,7 @@ lea edx, [eax - 0x40] cmovne eax, edx mov edi, eax -loc_fffb8a90: ; not directly referenced +loc_fffb6b93: ; not directly referenced cmp dword [ebp - 0x70], 1 movsx ecx, cl mov edx, dword [esi + 0x1887] @@ -34285,13 +31239,13 @@ add ebx, edx cdq idiv ebx mov ecx, eax -jmp near loc_fffb8c02 ; jmp 0xfffb8c02 +jmp near loc_fffb6d05 ; jmp 0xfffb6d05 -loc_fffb8b08: ; not directly referenced +loc_fffb6c0b: ; not directly referenced cmp byte [ebp - 0x3c], 1 -jne loc_fffb8bab ; jne 0xfffb8bab +jne loc_fffb6cae ; jne 0xfffb6cae -loc_fffb8b12: ; not directly referenced +loc_fffb6c15: ; not directly referenced mov eax, dword [ebp - 0x58] mov ecx, dword [eax + 0xc] mov eax, ecx @@ -34309,7 +31263,7 @@ add ebx, 0xa and cl, 0x10 cmove edx, eax cmp dword [ebp + 0x18], 0 -je short loc_fffb8b65 ; je 0xfffb8b65 +je short loc_fffb6c68 ; je 0xfffb6c68 mov al, byte [ebp - 0x74] mov edi, dword [ebp - 0x5c] and eax, 0x3f @@ -34322,7 +31276,7 @@ lea ecx, [eax - 0x20] cmovne eax, ecx mov edi, eax -loc_fffb8b65: ; not directly referenced +loc_fffb6c68: ; not directly referenced mov cl, byte [ebp - 0x40] mov al, 1 movsx edx, dl @@ -34331,7 +31285,7 @@ test cl, cl cmove ecx, eax mov eax, esi mov byte [ebp - 0x40], cl -call fcn_fffa6cfe ; call 0xfffa6cfe +call fcn_fffa6cac ; call 0xfffa6cac mov dl, byte [ebp - 0x64] xor edx, 1 movzx edx, dl @@ -34347,13 +31301,13 @@ movzx eax, ax cdq idiv ebx mov ecx, eax -jmp near loc_fffb8ca4 ; jmp 0xfffb8ca4 +jmp near loc_fffb6da7 ; jmp 0xfffb6da7 -loc_fffb8bab: ; not directly referenced +loc_fffb6cae: ; not directly referenced cmp byte [ebp - 0x3c], 2 -jne short loc_fffb8bd7 ; jne 0xfffb8bd7 +jne short loc_fffb6cda ; jne 0xfffb6cda cmp dword [ebp + 0x18], 0 -je short loc_fffb8bca ; je 0xfffb8bca +je short loc_fffb6ccd ; je 0xfffb6ccd mov edi, dword [ebp - 0x5c] shr edi, 0x1b mov eax, edi @@ -34362,38 +31316,38 @@ lea ecx, [edi - 0x20] test al, al cmovne edi, ecx -loc_fffb8bca: ; not directly referenced +loc_fffb6ccd: ; not directly referenced mov eax, edi movsx ecx, al add ecx, 0x32 -jmp near loc_fffb8ca4 ; jmp 0xfffb8ca4 +jmp near loc_fffb6da7 ; jmp 0xfffb6da7 -loc_fffb8bd7: ; not directly referenced +loc_fffb6cda: ; not directly referenced cmp byte [ebp - 0x3c], 4 -jne short loc_fffb8be5 ; jne 0xfffb8be5 +jne short loc_fffb6ce8 ; jne 0xfffb6ce8 movsx ecx, bl -jmp near loc_fffb8dec ; jmp 0xfffb8dec +jmp near loc_fffb6eef ; jmp 0xfffb6eef -loc_fffb8be5: ; not directly referenced +loc_fffb6ce8: ; not directly referenced cmp byte [ebp - 0x3c], 5 -jne short loc_fffb8c00 ; jne 0xfffb8c00 +jne short loc_fffb6d03 ; jne 0xfffb6d03 movsx ax, bl idiv byte [ebp - 0x76] movsx eax, al lea ecx, [eax + eax*4] add ecx, 0x64 -jmp near loc_fffb8dec ; jmp 0xfffb8dec +jmp near loc_fffb6eef ; jmp 0xfffb6eef -loc_fffb8c00: ; not directly referenced +loc_fffb6d03: ; not directly referenced xor ecx, ecx -loc_fffb8c02: ; not directly referenced +loc_fffb6d05: ; not directly referenced cmp byte [ebp - 0x3c], 9 -jne loc_fffb8ca4 ; jne 0xfffb8ca4 +jne loc_fffb6da7 ; jne 0xfffb6da7 cmp dword [ebp + 0x18], 0 -je short loc_fffb8c67 ; je 0xfffb8c67 +je short loc_fffb6d6a ; je 0xfffb6d6a cmp byte [ebp - 0x68], 3 -ja loc_fffb898f ; ja 0xfffb898f +ja loc_fffb6a92 ; ja 0xfffb6a92 mov ecx, dword [ebp - 0x68] imul eax, dword [ebp - 0x60], 0x13c3 mov edx, ecx @@ -34401,27 +31355,27 @@ and edx, 1 shr ecx, 1 imul edx, edx, 0x18 imul ecx, ecx, 0x128 -lea eax, [esi + eax + 0x3756] +lea eax, [esi + eax + 0x3757] add edx, ecx cmp dword [ebp - 0x64], 0 -je short loc_fffb8c55 ; je 0xfffb8c55 +je short loc_fffb6d58 ; je 0xfffb6d58 mov cx, word [eax + edx + 0x1271] lea edi, [ecx - 1] and edi, 0xf -jmp short loc_fffb8c6d ; jmp 0xfffb8c6d +jmp short loc_fffb6d70 ; jmp 0xfffb6d70 -loc_fffb8c55: ; not directly referenced +loc_fffb6d58: ; not directly referenced mov cx, word [eax + edx + 0x126d] shr cx, 1 mov edi, ecx and edi, 1 -jmp short loc_fffb8c8d ; jmp 0xfffb8c8d +jmp short loc_fffb6d90 ; jmp 0xfffb6d90 -loc_fffb8c67: ; not directly referenced +loc_fffb6d6a: ; not directly referenced cmp dword [ebp - 0x64], 0 -je short loc_fffb8c84 ; je 0xfffb8c84 +je short loc_fffb6d87 ; je 0xfffb6d87 -loc_fffb8c6d: ; not directly referenced +loc_fffb6d70: ; not directly referenced mov eax, edi mov ebx, 7 cmp al, 6 @@ -34430,40 +31384,40 @@ cmovg edi, eax mov eax, edi movsx eax, al sub ebx, eax -jmp short loc_fffb8c95 ; jmp 0xfffb8c95 +jmp short loc_fffb6d98 ; jmp 0xfffb6d98 -loc_fffb8c84: ; not directly referenced +loc_fffb6d87: ; not directly referenced mov eax, edi cmp al, 0xfa mov al, 0xfb cmovle edi, eax -loc_fffb8c8d: ; not directly referenced +loc_fffb6d90: ; not directly referenced mov eax, edi movsx ebx, al add ebx, 6 -loc_fffb8c95: ; not directly referenced +loc_fffb6d98: ; not directly referenced mov eax, 0xf0 cdq idiv ebx mov ecx, eax -jmp near loc_fffb8dec ; jmp 0xfffb8dec +jmp near loc_fffb6eef ; jmp 0xfffb6eef -loc_fffb8ca4: ; not directly referenced +loc_fffb6da7: ; not directly referenced cmp byte [ebp - 0x3c], 6 -jne loc_fffb8dec ; jne 0xfffb8dec +jne loc_fffb6eef ; jne 0xfffb6eef mov edx, 0x3918 mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov dl, byte [esi + 0x36e7] +call fcn_fffb331f ; call 0xfffb331f +mov dl, byte [esi + 0x36e8] and eax, 3 -cmp dword [esi + 0x36e3], 1 +cmp dword [esi + 0x36e4], 1 sbb ebx, ebx and ebx, 0xfffffffe add ebx, 6 cmp dword [esi + 0x188b], 0 -jne loc_fffb8d81 ; jne 0xfffb8d81 +jne loc_fffb6e84 ; jne 0xfffb6e84 cmp dword [ebp - 0x48], 0x546 movzx eax, al seta cl @@ -34476,23 +31430,23 @@ test bl, bl movzx ecx, cl cmovns edx, ebx cmp dword [esi + 0x1887], 0x40650 -jne short loc_fffb8d26 ; jne 0xfffb8d26 +jne short loc_fffb6e29 ; jne 0xfffb6e29 cmp dl, 2 mov bl, 2 cmovle ebx, edx movsx ebx, bl lea ecx, [ecx + ecx*2] add ecx, ebx -movzx ebx, byte [eax + ecx*4 + ref_fffd32d4] ; movzx ebx, byte [eax + ecx*4 - 0x2cd2c] -jmp short loc_fffb8d36 ; jmp 0xfffb8d36 +movzx ebx, byte [eax + ecx*4 + ref_fffd35c4] ; movzx ebx, byte [eax + ecx*4 - 0x2ca3c] +jmp short loc_fffb6e39 ; jmp 0xfffb6e39 -loc_fffb8d26: ; not directly referenced +loc_fffb6e29: ; not directly referenced movsx edx, dl lea ecx, [ecx + ecx*4] add edx, ecx -movzx ebx, byte [eax + edx*4 + ref_fffd32ac] ; movzx ebx, byte [eax + edx*4 - 0x2cd54] +movzx ebx, byte [eax + edx*4 + ref_fffd359c] ; movzx ebx, byte [eax + edx*4 - 0x2ca64] -loc_fffb8d36: ; not directly referenced +loc_fffb6e39: ; not directly referenced imul eax, dword [ebp - 0x48], 0x4b0 mov ecx, 0x3e8 xor edx, edx @@ -34502,7 +31456,7 @@ add eax, 0x520 div ecx cmp dword [ebp + 0x18], 0 mov ecx, eax -je short loc_fffb8d6d ; je 0xfffb8d6d +je short loc_fffb6e70 ; je 0xfffb6e70 movzx eax, byte [ebp - 0x6c] mov edi, dword [ebp - 0x44] movzx edi, byte [edi + eax*4 + 5] @@ -34511,22 +31465,22 @@ shr al, 2 mov edi, eax and edi, 7 -loc_fffb8d6d: ; not directly referenced +loc_fffb6e70: ; not directly referenced mov eax, edi movzx ebx, byte [ebp + ebx - 0x30] movsx eax, al movzx eax, byte [ebp + eax - 0x30] imul eax, ecx -jmp short loc_fffb8de5 ; jmp 0xfffb8de5 +jmp short loc_fffb6ee8 ; jmp 0xfffb6ee8 -loc_fffb8d81: ; not directly referenced +loc_fffb6e84: ; not directly referenced imul eax, dword [ebp - 0x48], 0x5fa xor edx, edx mov ecx, 0x3e8 div ecx cmp dword [ebp + 0x18], 0 lea edx, [eax + 0x4cc] -je short loc_fffb8dbc ; je 0xfffb8dbc +je short loc_fffb6ebf ; je 0xfffb6ebf movzx eax, byte [ebp - 0x6c] mov ecx, dword [ebp - 0x44] movzx edi, byte [ecx + eax*4 + 5] @@ -34536,15 +31490,15 @@ mov edi, ebx mov bl, byte [ecx + eax*4 + 0x2b] and edi, 7 shr bl, 2 -jmp short loc_fffb8dc5 ; jmp 0xfffb8dc5 +jmp short loc_fffb6ec8 ; jmp 0xfffb6ec8 -loc_fffb8dbc: ; not directly referenced +loc_fffb6ebf: ; not directly referenced mov eax, edi mov ebx, edi shr al, 3 mov edi, eax -loc_fffb8dc5: ; not directly referenced +loc_fffb6ec8: ; not directly referenced and ebx, 7 mov eax, edi movzx ebx, bl @@ -34555,12 +31509,12 @@ movzx eax, byte [ebp + eax - 0x28] imul eax, ecx imul eax, edx -loc_fffb8de5: ; not directly referenced +loc_fffb6ee8: ; not directly referenced xor edx, edx div ebx movzx ecx, ax -loc_fffb8dec: ; not directly referenced +loc_fffb6eef: ; not directly referenced mov eax, dword [ebp - 0x3c] cmp al, 0xa sete bl @@ -34569,35 +31523,35 @@ sete al mov byte [ebp - 0x64], al or al, bl mov byte [ebp - 0x5c], bl -jne short loc_fffb8e0f ; jne 0xfffb8e0f +jne short loc_fffb6f12 ; jne 0xfffb6f12 cmp byte [ebp - 0x3c], 0xf -jne loc_fffb8fb2 ; jne 0xfffb8fb2 -jmp short loc_fffb8e36 ; jmp 0xfffb8e36 +jne loc_fffb70b5 ; jne 0xfffb70b5 +jmp short loc_fffb6f39 ; jmp 0xfffb6f39 -loc_fffb8e0f: ; not directly referenced +loc_fffb6f12: ; not directly referenced cmp byte [ebp - 0x3c], 0xf -je short loc_fffb8e36 ; je 0xfffb8e36 +je short loc_fffb6f39 ; je 0xfffb6f39 mov eax, dword [ebp - 0x58] cmp dword [ebp - 0x4c], 0 mov ecx, dword [eax + 0xc] -je short loc_fffb8e26 ; je 0xfffb8e26 +je short loc_fffb6f29 ; je 0xfffb6f29 shr ecx, 0x18 -jmp short loc_fffb8e29 ; jmp 0xfffb8e29 +jmp short loc_fffb6f2c ; jmp 0xfffb6f2c -loc_fffb8e26: ; not directly referenced +loc_fffb6f29: ; not directly referenced shr ecx, 0x14 -loc_fffb8e29: ; not directly referenced +loc_fffb6f2c: ; not directly referenced and ecx, 0xf test cl, 8 -je short loc_fffb8e38 ; je 0xfffb8e38 +je short loc_fffb6f3b ; je 0xfffb6f3b sub ecx, 0x10 -jmp short loc_fffb8e38 ; jmp 0xfffb8e38 +jmp short loc_fffb6f3b ; jmp 0xfffb6f3b -loc_fffb8e36: ; not directly referenced +loc_fffb6f39: ; not directly referenced mov ecx, edi -loc_fffb8e38: ; not directly referenced +loc_fffb6f3b: ; not directly referenced movsx ecx, cl xor edx, edx add ecx, 0x20 @@ -34612,24 +31566,24 @@ sete al xor edx, edx mov byte [ebp - 0x68], al or al, bl -je short loc_fffb8ed5 ; je 0xfffb8ed5 +je short loc_fffb6fd8 ; je 0xfffb6fd8 cmp dword [ebp - 0x4c], 0 -je short loc_fffb8e7e ; je 0xfffb8e7e +je short loc_fffb6f81 ; je 0xfffb6f81 mov edx, 0x3a0c mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp - 0x44] mov edx, dword [edi + 0x50] -jmp short loc_fffb8e90 ; jmp 0xfffb8e90 +jmp short loc_fffb6f93 ; jmp 0xfffb6f93 -loc_fffb8e7e: ; not directly referenced +loc_fffb6f81: ; not directly referenced mov edx, 0x3a08 mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp - 0x44] mov edx, dword [edi + 0x4c] -loc_fffb8e90: ; not directly referenced +loc_fffb6f93: ; not directly referenced shr edx, 9 shr eax, 0xc mov edi, edx @@ -34637,26 +31591,26 @@ and eax, 0x3f and edi, 0xf mov byte [ebp - 0x40], al test edi, 8 -je short loc_fffb8eac ; je 0xfffb8eac +je short loc_fffb6faf ; je 0xfffb6faf sub edi, 0x10 -loc_fffb8eac: ; not directly referenced +loc_fffb6faf: ; not directly referenced xor edx, edx test bl, bl -je short loc_fffb8ed5 ; je 0xfffb8ed5 +je short loc_fffb6fd8 ; je 0xfffb6fd8 cmp byte [ebp - 0x64], 0 -je short loc_fffb8ed5 ; je 0xfffb8ed5 +je short loc_fffb6fd8 ; je 0xfffb6fd8 mov edx, dword [ebp - 0x60] mov eax, esi shl edx, 8 add edx, 0x140c -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, edi shr eax, 0xd mov edi, eax and edi, 3 -loc_fffb8ed5: ; not directly referenced +loc_fffb6fd8: ; not directly referenced movsx ecx, byte [ebp - 0x40] mov eax, dword [ebp - 0x58] mov bl, byte [ebp - 0x68] @@ -34665,7 +31619,7 @@ imul eax, ecx or bl, byte [ebp - 0x5c] mov ebx, edi movsx ebx, bl -je short loc_fffb8f18 ; je 0xfffb8f18 +je short loc_fffb701b ; je 0xfffb701b add ecx, ebx xor edx, edx mov esi, dword [ebp - 0x50] @@ -34681,9 +31635,9 @@ mov eax, dword [ebp - 0x54] add eax, ebx cmp dword [ebp - 0x4c], 0 cmovne esi, eax -jmp short loc_fffb8f38 ; jmp 0xfffb8f38 +jmp short loc_fffb703b ; jmp 0xfffb703b -loc_fffb8f18: ; not directly referenced +loc_fffb701b: ; not directly referenced movsx edx, dl mov esi, dword [ebp - 0x50] add ecx, edx @@ -34698,7 +31652,7 @@ add esi, eax mov eax, dword [ebp + 0x1c] mov dword [eax], ebx -loc_fffb8f38: ; not directly referenced +loc_fffb703b: ; not directly referenced imul eax, dword [ebp - 0x48], 0x3e8 add esi, esi xor edx, edx @@ -34742,12 +31696,12 @@ div esi mov esi, dword [ebp + 0x1c] mov dword [esi + 8], eax -loc_fffb8fb2: ; not directly referenced +loc_fffb70b5: ; not directly referenced cmp byte [ebp - 0x3c], 0xb mov eax, ecx -jne short loc_fffb8ff5 ; jne 0xfffb8ff5 +jne short loc_fffb70f8 ; jne 0xfffb70f8 cmp dword [ebp + 0x18], 0 -je short loc_fffb8fed ; je 0xfffb8fed +je short loc_fffb70f0 ; je 0xfffb70f0 mov eax, dword [ebp - 0x44] mov eax, dword [eax + 0x4c] mov dword [ebp - 0x3c], eax @@ -34755,23 +31709,23 @@ mov cl, byte [ebp - 0x3c] and ecx, 0x1f cmp dword [ebp - 0x4c], 0 mov edi, ecx -je short loc_fffb8fe2 ; je 0xfffb8fe2 +je short loc_fffb70e5 ; je 0xfffb70e5 mov eax, dword [ebp - 0x44] mov ecx, dword [eax + 0x50] mov edi, ecx and edi, 0x1f -loc_fffb8fe2: ; not directly referenced +loc_fffb70e5: ; not directly referenced test edi, 0x10 -je short loc_fffb8fed ; je 0xfffb8fed +je short loc_fffb70f0 ; je 0xfffb70f0 sub edi, 0x20 -loc_fffb8fed: ; not directly referenced +loc_fffb70f0: ; not directly referenced mov eax, edi movsx eax, al add eax, 0x32 -loc_fffb8ff5: ; not directly referenced +loc_fffb70f8: ; not directly referenced add esp, 0x6c pop ebx pop esi @@ -34779,7 +31733,7 @@ pop edi pop ebp ret -fcn_fffb8ffd: ; not directly referenced +fcn_fffb7100: ; not directly referenced push ebp mov ebp, esp push edi @@ -34819,46 +31773,46 @@ mov dword [ebp - 0x50], 0 mov dword [ebp - 0x6c], 0 mov byte [ebp - 0x76], 0 -loc_fffb909d: ; not directly referenced +loc_fffb71a0: ; not directly referenced mov eax, dword [ebp - 0x48] mov esi, edi mov dword [ebp - 0x54], 0 mov word [ebp - 0x4a], 0 mov word [ebp - 0x56], 0 -add eax, 0x3756 +add eax, 0x3757 mov word [ebp - 0x4c], 0 mov dword [ebp - 0x70], 0 mov dword [ebp - 0x94], eax -loc_fffb90cd: ; not directly referenced +loc_fffb71d0: ; not directly referenced mov ecx, dword [ebp - 0x48] mov al, byte [ebp - 0x54] -mov edx, dword [ecx + 0x3816] +mov edx, dword [ecx + 0x3817] mov cl, al mov dword [ebp - 0x90], edx mov edx, 1 shl edx, cl mov ecx, dword [ebp - 0x48] -test byte [ecx + 0x381a], dl -je loc_fffb93e9 ; je 0xfffb93e9 -cmp dword [ebx + 0x2480], 3 -jne short loc_fffb9140 ; jne 0xfffb9140 +test byte [ecx + 0x381b], dl +je loc_fffb74ec ; je 0xfffb74ec +cmp dword [ebx + 0x2481], 3 +jne short loc_fffb7243 ; jne 0xfffb7243 cmp al, 1 -ja loc_fffb9474 ; ja 0xfffb9474 +ja loc_fffb7577 ; ja 0xfffb7577 imul eax, dword [ebp - 0x54], 0x18 mov word [ebp - 0x40], 0x3fff -mov dx, word [ecx + eax + 0x49c7] +mov dx, word [ecx + eax + 0x49c8] and edx, 3 mov cl, byte [ebp + edx - 0x32] mov byte [ebp - 0x75], cl mov ecx, dword [ebp - 0x48] -mov ax, word [ecx + eax + 0x49cf] +mov ax, word [ecx + eax + 0x49d0] and eax, 3 movzx eax, byte [ebp + eax - 0x2e] mov word [ebp - 0x68], ax -jmp near loc_fffb91c6 ; jmp 0xfffb91c6 +jmp near loc_fffb72c9 ; jmp 0xfffb72c9 -loc_fffb9140: ; not directly referenced +loc_fffb7243: ; not directly referenced mov dl, al and eax, 1 shr dl, 1 @@ -34899,15 +31853,15 @@ and eax, 3 movzx eax, byte [ebp + eax - 0x35] mov word [ebp - 0x68], ax -loc_fffb91c6: ; not directly referenced +loc_fffb72c9: ; not directly referenced cmp dword [ebp - 0x70], 0 -jne loc_fffb934b ; jne 0xfffb934b +jne loc_fffb744e ; jne 0xfffb744e mov byte [ebp - 0x70], 0 -loc_fffb91d4: ; not directly referenced -movzx ecx, byte [ebx + 0x2488] +loc_fffb72d7: ; not directly referenced +movzx ecx, byte [ebx + 0x2489] cmp byte [ebp - 0x70], cl -jae short loc_fffb9258 ; jae 0xfffb9258 +jae short loc_fffb735b ; jae 0xfffb735b push edx movzx eax, byte [ebp - 0x70] xor ecx, ecx @@ -34921,7 +31875,7 @@ push 0 push eax mov dword [ebp - 0x74], eax mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 add esp, 0x18 mov edx, dword [ebp - 0x3c] push 0 @@ -34933,7 +31887,7 @@ push 1 push dword [ebp - 0x74] add word [ebp - 0x56], ax mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 add esp, 0x18 mov edx, dword [ebp - 0x3c] push 0 @@ -34945,15 +31899,15 @@ push 6 push dword [ebp - 0x74] add word [ebp - 0x4c], ax mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 xor edx, edx add esp, 0x20 inc byte [ebp - 0x70] div word [ebp - 0x88] add word [ebp - 0x4a], ax -jmp near loc_fffb91d4 ; jmp 0xfffb91d4 +jmp near loc_fffb72d7 ; jmp 0xfffb72d7 -loc_fffb9258: ; not directly referenced +loc_fffb735b: ; not directly referenced movzx eax, word [ebp - 0x56] mov dword [ebp - 0x70], 1 cdq @@ -34968,14 +31922,14 @@ cdq idiv ecx cmp dword [ebp - 0x8c], 1 mov word [ebp - 0x4a], ax -jne loc_fffb934b ; jne 0xfffb934b +jne loc_fffb744e ; jne 0xfffb744e push eax mov edx, dword [ebp - 0x3c] xor ecx, ecx push eax lea eax, [ebp - 0x24] push eax -movzx eax, byte [ebx + 0x2488] +movzx eax, byte [ebx + 0x2489] push 1 push 0 push 0 @@ -34983,7 +31937,7 @@ push 0xa push eax mov eax, ebx mov dword [ebp - 0x24], 0 -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 mov eax, dword [ebp - 0x20] add esp, 0x18 mov edx, dword [ebp - 0x3c] @@ -34993,7 +31947,7 @@ mov eax, dword [ebp - 0x1c] mov dword [edi + 0x24], eax lea eax, [ebp - 0x24] push eax -movzx eax, byte [ebx + 0x2488] +movzx eax, byte [ebx + 0x2489] push 1 push 0 push 0 @@ -35001,7 +31955,7 @@ push 0xc push eax mov eax, ebx mov dword [ebp - 0x24], 0 -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 mov eax, dword [ebp - 0x20] add esp, 0x18 add dword [edi + 0x20], eax @@ -35011,7 +31965,7 @@ add dword [edi + 0x24], eax lea eax, [ebp - 0x24] mov edx, dword [ebp - 0x3c] push eax -movzx eax, byte [ebx + 0x2488] +movzx eax, byte [ebx + 0x2489] push 1 push 0 push 0 @@ -35019,7 +31973,7 @@ push 0xa push eax mov eax, ebx mov dword [ebp - 0x24], 1 -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 mov eax, dword [ebp - 0x20] add esp, 0x20 mov dword [edi + 0x28], eax @@ -35034,24 +31988,24 @@ mov eax, dword [ebp - 0x8c] mov dword [edi + 0x2c], edx mov dword [ebp - 0x70], eax -loc_fffb934b: ; not directly referenced +loc_fffb744e: ; not directly referenced cmp dword [ebp - 0x90], 1 -jne short loc_fffb936b ; jne 0xfffb936b +jne short loc_fffb746e ; jne 0xfffb746e mov eax, dword [ebp - 0x68] test ax, ax cmove ax, word [ebp - 0x40] mov word [ebp - 0x40], 0x3fff mov word [ebp - 0x68], ax -jmp short loc_fffb937d ; jmp 0xfffb937d +jmp short loc_fffb7480 ; jmp 0xfffb7480 -loc_fffb936b: ; not directly referenced +loc_fffb746e: ; not directly referenced mov ecx, dword [ebp - 0x40] mov eax, 0x3fff test cx, cx cmovne eax, ecx mov word [ebp - 0x40], ax -loc_fffb937d: ; not directly referenced +loc_fffb7480: ; not directly referenced movzx eax, word [ebp - 0x68] movzx edx, word [ebp - 0x40] movzx ecx, word [ebp - 0x56] @@ -35066,7 +32020,7 @@ push eax movzx eax, byte [ebp - 0x75] push eax mov eax, ebx -call fcn_fffa6d61 ; call 0xfffa6d61 +call fcn_fffa6d0f ; call 0xfffa6d0f mov ax, word [ebp - 0x4a] add esp, 0x10 add word [esi + 0x30], ax @@ -35089,16 +32043,16 @@ add dword [ebp - 0x50], eax mov eax, dword [esi + 0x18] add dword [ebp - 0x50], eax -loc_fffb93e9: ; not directly referenced +loc_fffb74ec: ; not directly referenced inc dword [ebp - 0x54] add esi, 0x36 cmp dword [ebp - 0x54], 4 -jne loc_fffb90cd ; jne 0xfffb90cd +jne loc_fffb71d0 ; jne 0xfffb71d0 inc dword [ebp - 0x3c] add edi, 0xd8 add dword [ebp - 0x48], 0x13c3 cmp dword [ebp - 0x3c], 2 -jne loc_fffb909d ; jne 0xfffb909d +jne loc_fffb71a0 ; jne 0xfffb71a0 movzx edi, byte [ebp - 0x76] movzx esi, word [ebp - 0x4a] mov eax, edi @@ -35114,21 +32068,21 @@ xor edx, edx add esi, eax mov eax, dword [ebp - 0x50] div ecx -cmp byte [ebx + 0x3690], 0 -jne short loc_fffb945c ; jne 0xfffb945c -mov word [ebx + 0x3693], ax +cmp byte [ebx + 0x3691], 0 +jne short loc_fffb755f ; jne 0xfffb755f +mov word [ebx + 0x3694], ax mov eax, dword [ebp - 0x44] -mov word [ebx + 0x3691], si -mov word [ebx + 0x3695], ax -jmp short loc_fffb9474 ; jmp 0xfffb9474 +mov word [ebx + 0x3692], si +mov word [ebx + 0x3696], ax +jmp short loc_fffb7577 ; jmp 0xfffb7577 -loc_fffb945c: ; not directly referenced -mov word [ebx + 0x3699], ax +loc_fffb755f: ; not directly referenced +mov word [ebx + 0x369a], ax mov eax, dword [ebp - 0x44] -mov word [ebx + 0x3697], si -mov word [ebx + 0x369b], ax +mov word [ebx + 0x3698], si +mov word [ebx + 0x369c], ax -loc_fffb9474: ; not directly referenced +loc_fffb7577: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -35136,7 +32090,7 @@ pop edi pop ebp ret -fcn_fffb947c: ; not directly referenced +fcn_fffb757f: ; not directly referenced push ebp mov ebp, esp push edi @@ -35145,22 +32099,22 @@ push ebx sub esp, 0x1c0 mov ebx, dword [ebp + 8] lea esi, [ebp - 0x1c8] -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] push 0 push 0x1b0 push esi call dword [eax + 0x5c] ; ucall mov edx, esi mov eax, ebx -call fcn_fffb8ffd ; call 0xfffb8ffd +call fcn_fffb7100 ; call 0xfffb7100 add esp, 0x10 -cmp byte [ebx + 0x3690], 0 -je loc_fffb954f ; je 0xfffb954f -mov dx, word [ebx + 0x3691] +cmp byte [ebx + 0x3691], 0 +je loc_fffb7652 ; je 0xfffb7652 +mov dx, word [ebx + 0x3692] xor ecx, ecx -movzx eax, word [ebx + 0x3697] +movzx eax, word [ebx + 0x3698] cmp dx, ax -jbe short loc_fffb94e2 ; jbe 0xfffb94e2 +jbe short loc_fffb75e5 ; jbe 0xfffb75e5 movzx ecx, dx xor edx, edx mov edi, ecx @@ -35170,12 +32124,12 @@ shl eax, 8 div ecx mov cl, al -loc_fffb94e2: ; not directly referenced -mov dx, word [ebx + 0x3693] +loc_fffb75e5: ; not directly referenced +mov dx, word [ebx + 0x3694] xor esi, esi -movzx eax, word [ebx + 0x3699] +movzx eax, word [ebx + 0x369a] cmp dx, ax -jbe short loc_fffb9509 ; jbe 0xfffb9509 +jbe short loc_fffb760c ; jbe 0xfffb760c movzx esi, dx xor edx, edx mov edi, esi @@ -35185,19 +32139,19 @@ shl eax, 8 div esi mov esi, eax -loc_fffb9509: ; not directly referenced -movzx edi, word [ebx + 0x3695] +loc_fffb760c: ; not directly referenced +movzx edi, word [ebx + 0x3696] xor eax, eax -movzx edx, word [ebx + 0x369b] +movzx edx, word [ebx + 0x369c] cmp di, dx -jbe short loc_fffb9529 ; jbe 0xfffb9529 +jbe short loc_fffb762c ; jbe 0xfffb762c mov eax, edi sub eax, edx xor edx, edx shl eax, 8 div edi -loc_fffb9529: ; not directly referenced +loc_fffb762c: ; not directly referenced xor edx, edx mov dl, cl mov ecx, esi @@ -35209,13 +32163,13 @@ shl eax, 0x10 and ecx, 0xff00ffff or ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb9556 ; jmp 0xfffb9556 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffb7659 ; jmp 0xfffb7659 -loc_fffb954f: ; not directly referenced -mov byte [ebx + 0x3690], 1 +loc_fffb7652: ; not directly referenced +mov byte [ebx + 0x3691], 1 -loc_fffb9556: ; not directly referenced +loc_fffb7659: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -35224,7 +32178,7 @@ pop edi pop ebp ret -fcn_fffb9560: ; not directly referenced +fcn_fffb7663: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -35236,10 +32190,10 @@ mov ebx, eax sub esp, 0x34 mov dword [ebp - 0x1c], eax mov eax, dword [eax + 0x18a7] -lea edi, [ebx + 0x3756] +lea edi, [ebx + 0x3757] mov byte [ebp - 0x1d], dl -mov edx, dword [ebx + 0x2480] -mov eax, dword [ebx + eax*4 + 0x3735] +mov edx, dword [ebx + 0x2481] +mov eax, dword [ebx + eax*4 + 0x3736] push 0 push 1 push 0 @@ -35252,24 +32206,24 @@ mov dword [ebp - 0x28], edx xor edx, edx mov dword [ebp - 0x2c], eax mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 add esp, 0x20 mov byte [ebp - 0x1e], 2 mov dword [ebp - 0x24], 0 mov dword [ebp - 0x34], eax -loc_fffb95bf: ; not directly referenced +loc_fffb76c2: ; not directly referenced cmp dword [edi], 2 -jne loc_fffb9676 ; jne 0xfffb9676 +jne loc_fffb7779 ; jne 0xfffb7779 mov al, byte [edi + 0xc4] xor ecx, ecx mov byte [ebp - 0x1f], al -loc_fffb95d3: ; not directly referenced +loc_fffb76d6: ; not directly referenced mov eax, 1 shl eax, cl test byte [ebp - 0x1f], al -je loc_fffb966a ; je 0xfffb966a +je loc_fffb776d ; je 0xfffb776d mov al, cl inc esi shr al, 1 @@ -35277,33 +32231,33 @@ movzx eax, al imul eax, eax, 0x128 cmp dword [ebp - 0x28], 3 lea eax, [edi + eax + 0x126b] -jne short loc_fffb961d ; jne 0xfffb961d +jne short loc_fffb7720 ; jne 0xfffb7720 cmp byte [ebp - 0x1d], 0 mov ebx, 7 -je short loc_fffb965e ; je 0xfffb965e +je short loc_fffb7761 ; je 0xfffb7761 movzx eax, word [eax + 6] dec eax and eax, 0xf sub ebx, eax mov eax, 1 cmove ebx, eax -jmp short loc_fffb965e ; jmp 0xfffb965e +jmp short loc_fffb7761 ; jmp 0xfffb7761 -loc_fffb961d: ; not directly referenced +loc_fffb7720: ; not directly referenced cmp dword [ebp - 0x28], 2 -jne short loc_fffb9639 ; jne 0xfffb9639 +jne short loc_fffb773c ; jne 0xfffb773c cmp byte [ebp - 0x1d], 0 mov ebx, 7 -je short loc_fffb965e ; je 0xfffb965e +je short loc_fffb7761 ; je 0xfffb7761 movzx eax, word [eax + 2] and eax, 6 sub ebx, eax -jmp short loc_fffb965e ; jmp 0xfffb965e +jmp short loc_fffb7761 ; jmp 0xfffb7761 -loc_fffb9639: ; not directly referenced +loc_fffb773c: ; not directly referenced cmp byte [ebp - 0x1d], 0 mov ebx, 6 -je short loc_fffb965e ; je 0xfffb965e +je short loc_fffb7761 ; je 0xfffb7761 mov bx, word [eax + 2] mov eax, ebx shr ax, 5 @@ -35314,21 +32268,21 @@ and ebx, 1 or ebx, eax add ebx, 6 -loc_fffb965e: ; not directly referenced +loc_fffb7761: ; not directly referenced mov eax, 0xf0 xor edx, edx div ebx add dword [ebp - 0x24], eax -loc_fffb966a: ; not directly referenced +loc_fffb776d: ; not directly referenced add ecx, 2 cmp ecx, 4 -jne loc_fffb95d3 ; jne 0xfffb95d3 +jne loc_fffb76d6 ; jne 0xfffb76d6 -loc_fffb9676: ; not directly referenced +loc_fffb7779: ; not directly referenced add edi, 0x13c3 dec byte [ebp - 0x1e] -jne loc_fffb95bf ; jne 0xfffb95bf +jne loc_fffb76c2 ; jne 0xfffb76c2 mov eax, esi mov edi, dword [ebp - 0x34] mov ecx, 1 @@ -35355,7 +32309,7 @@ imul esi, ebx, 0xfa00 mov eax, esi div edi mov edx, dword [ebp - 0x1c] -movzx edi, word [edx + 0x2489] +movzx edi, word [edx + 0x248a] xor edx, edx imul edi, edi, 0xc0 mov esi, eax @@ -35383,7 +32337,7 @@ mov edx, 0x3a28 test eax, eax cmovne edi, eax mov eax, dword [ebp - 0x1c] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f xor edx, edx mov ecx, eax mov eax, ebx @@ -35411,15 +32365,15 @@ or ecx, edx mov edx, 0x3a28 and ecx, 0xff0fffff or ecx, 0x800000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x5f08 mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x5f08 or ah, 1 mov ecx, eax mov eax, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -35427,9 +32381,9 @@ mov edx, 0xe1 pop esi pop edi pop ebp -jmp near fcn_fffa834b ; jmp 0xfffa834b +jmp near fcn_fffa82f9 ; jmp 0xfffa82f9 -fcn_fffb97c0: ; not directly referenced +fcn_fffb78c3: ; not directly referenced push ebp mov ebp, esp push edi @@ -35447,13 +32401,13 @@ mov ecx, esi mov byte [ebp - 0x9b], cl mov cl, byte [ebp + 0x28] mov dword [ebp - 0x94], esi -mov esi, dword [eax + 0x2443] +mov esi, dword [eax + 0x2444] mov byte [ebp - 0x8c], cl mov ecx, eax movzx eax, dl mov dword [ebp - 0x90], eax imul eax, eax, 0x13c3 -lea edi, [ecx + eax + 0x3756] +lea edi, [ecx + eax + 0x3757] mov eax, dword [edi + 0xc0] mov dword [ebp - 0x98], eax mov eax, dword [ecx + 0x188b] @@ -35478,20 +32432,20 @@ call dword [esi + 0x60] ; ucall add esp, 0x10 cmp dword [ebp - 0x7c], 1 mov dword [ebp - 0x88], 0 -jne short loc_fffb9893 ; jne 0xfffb9893 +jne short loc_fffb7996 ; jne 0xfffb7996 cmp byte [edi + 0x1390], 5 mov al, byte [edi + 0x1268] -je short loc_fffb9889 ; je 0xfffb9889 +je short loc_fffb798c ; je 0xfffb798c cmp al, 5 sete al movzx eax, al mov dword [ebp - 0x88], eax -jmp short loc_fffb9893 ; jmp 0xfffb9893 +jmp short loc_fffb7996 ; jmp 0xfffb7996 -loc_fffb9889: ; not directly referenced +loc_fffb798c: ; not directly referenced mov dword [ebp - 0x88], 1 -loc_fffb9893: ; not directly referenced +loc_fffb7996: ; not directly referenced movzx eax, byte [ebp - 0x6c] mov esi, dword [ebp + 0xc] mov word [ebp - 0x6c], 0 @@ -35515,53 +32469,53 @@ mov dword [ebp - 0xa8], eax movzx eax, bl mov dword [ebp - 0xac], eax -loc_fffb98f5: ; not directly referenced +loc_fffb79f8: ; not directly referenced mov al, byte [ebp - 0x8a] mov bl, byte [ebp - 0x8b] cmp bl, al -je loc_fffb9ad4 ; je 0xfffb9ad4 +je loc_fffb7bd7 ; je 0xfffb7bd7 movzx eax, bl mov ebx, dword [ebp + 0xc] xor ecx, ecx lea ebx, [ebx + eax*2] xor eax, eax -loc_fffb9916: ; not directly referenced +loc_fffb7a19: ; not directly referenced cmp byte [ebp - 0x9b], al -jbe short loc_fffb9943 ; jbe 0xfffb9943 +jbe short loc_fffb7a46 ; jbe 0xfffb7a46 mov dx, word [ebx + ecx] cmp word [ebp + eax*2 - 0x5e], dx -jae short loc_fffb992e ; jae 0xfffb992e +jae short loc_fffb7a31 ; jae 0xfffb7a31 mov word [ebp + eax*2 - 0x5e], dx -loc_fffb992e: ; not directly referenced +loc_fffb7a31: ; not directly referenced cmp word [ebp + eax*2 - 0x56], dx -jbe short loc_fffb993a ; jbe 0xfffb993a +jbe short loc_fffb7a3d ; jbe 0xfffb7a3d mov word [ebp + eax*2 - 0x56], dx -loc_fffb993a: ; not directly referenced +loc_fffb7a3d: ; not directly referenced inc eax add ecx, dword [ebp - 0xa4] -jmp short loc_fffb9916 ; jmp 0xfffb9916 +jmp short loc_fffb7a19 ; jmp 0xfffb7a19 -loc_fffb9943: ; not directly referenced +loc_fffb7a46: ; not directly referenced cmp dword [ebp + 0x24], 0 -jne loc_fffb9a87 ; jne 0xfffb9a87 +jne loc_fffb7b8a ; jne 0xfffb7b8a mov edi, dword [ebp - 0x84] xor esi, esi xor ebx, ebx mov eax, dword [ebp - 0x74] movsx edx, byte [edi + 8] -call fcn_fffa6cfe ; call 0xfffa6cfe +call fcn_fffa6cac ; call 0xfffa6cac add edi, dword [ebp - 0xa8] mov byte [ebp - 0x89], 0 mov byte [ebp - 0x78], 0 mov word [ebp - 0x9a], ax -loc_fffb997b: ; not directly referenced +loc_fffb7a7e: ; not directly referenced mov eax, dword [ebp - 0xac] bt eax, esi -jae short loc_fffb9a00 ; jae 0xfffb9a00 +jae short loc_fffb7b03 ; jae 0xfffb7b03 push eax mov edx, dword [ebp - 0x90] push eax @@ -35573,28 +32527,28 @@ push 0 push 9 lea ecx, [esi + esi] push 0 -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 movzx edx, byte [edi + esi + 4] add esp, 0x20 add byte [ebp - 0x78], al -movzx ecx, byte [edx + ref_fffd58b8] ; movzx ecx, byte [edx - 0x2a748] +movzx ecx, byte [edx + ref_fffd52a4] ; movzx ecx, byte [edx - 0x2ad5c] movzx eax, byte [edi + esi] cmp dword [ebp - 0x98], 1 mov word [ebp - 0x6c], cx -movzx eax, byte [eax + ref_fffd58b8] ; movzx eax, byte [eax - 0x2a748] -jne short loc_fffb99e0 ; jne 0xfffb99e0 +movzx eax, byte [eax + ref_fffd52a4] ; movzx eax, byte [eax - 0x2ad5c] +jne short loc_fffb7ae3 ; jne 0xfffb7ae3 test cx, cx cmovne eax, ecx mov word [ebp - 0x6c], ax mov eax, 0x3fff -jmp short loc_fffb99eb ; jmp 0xfffb99eb +jmp short loc_fffb7aee ; jmp 0xfffb7aee -loc_fffb99e0: ; not directly referenced +loc_fffb7ae3: ; not directly referenced test ax, ax mov edx, 0x3fff cmove eax, edx -loc_fffb99eb: ; not directly referenced +loc_fffb7aee: ; not directly referenced mov ecx, dword [ebp - 0x6c] test cx, cx cmove ecx, eax @@ -35602,12 +32556,12 @@ add ebx, eax inc byte [ebp - 0x89] mov word [ebp - 0x6c], cx -loc_fffb9a00: ; not directly referenced +loc_fffb7b03: ; not directly referenced inc esi cmp esi, 2 -jne loc_fffb997b ; jne 0xfffb997b +jne loc_fffb7a7e ; jne 0xfffb7a7e cmp byte [ebp - 0x89], 0 -je short loc_fffb9a32 ; je 0xfffb9a32 +je short loc_fffb7b35 ; je 0xfffb7b35 movzx esi, byte [ebp - 0x89] movzx eax, bx cdq @@ -35620,7 +32574,7 @@ movzx eax, byte [ebp - 0x78] div cl mov byte [ebp - 0x78], al -loc_fffb9a32: ; not directly referenced +loc_fffb7b35: ; not directly referenced lea eax, [ebx - 0x79] mov ecx, 0x1e cmp ax, 0x3f85 @@ -35637,7 +32591,7 @@ push eax movzx eax, byte [ebp - 0x78] push eax mov eax, dword [ebp - 0x74] -call fcn_fffa6d61 ; call 0xfffa6d61 +call fcn_fffa6d0f ; call 0xfffa6d0f mov ax, word [ebp - 0x1a] mov ecx, 0x36 mov edi, dword [ebp - 0x80] @@ -35647,11 +32601,11 @@ mov eax, dword [ebp - 0x84] lea edi, [eax + 0xd] rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -loc_fffb9a87: ; not directly referenced +loc_fffb7b8a: ; not directly referenced mov eax, dword [ebp - 0x80] cmp byte [ebp - 0x8a], 1 mov ax, word [eax] -je short loc_fffb9ab1 ; je 0xfffb9ab1 +je short loc_fffb7bb4 ; je 0xfffb7bb4 mov edx, dword [ebp - 0x70] mov bx, word [ebp - 0x6e] cmp ax, dx @@ -35660,19 +32614,19 @@ cmp bx, ax cmovbe eax, ebx mov word [ebp - 0x6e], ax mov eax, edx -jmp short loc_fffb9ab7 ; jmp 0xfffb9ab7 +jmp short loc_fffb7bba ; jmp 0xfffb7bba -loc_fffb9ab1: ; not directly referenced +loc_fffb7bb4: ; not directly referenced mov word [ebp - 0x6e], 0 -loc_fffb9ab7: ; not directly referenced +loc_fffb7bba: ; not directly referenced inc byte [ebp - 0x8b] add dword [ebp - 0x80], 2 add dword [ebp - 0x84], 0x54e mov word [ebp - 0x70], ax -jmp near loc_fffb98f5 ; jmp 0xfffb98f5 +jmp near loc_fffb79f8 ; jmp 0xfffb79f8 -loc_fffb9ad4: ; not directly referenced +loc_fffb7bd7: ; not directly referenced mov edi, dword [ebp - 0x94] mov al, 4 mov word [ebp - 0x6c], 0x7fff @@ -35687,10 +32641,10 @@ xor eax, 1 and eax, 1 mov byte [ebp - 0x89], al -loc_fffb9b07: ; not directly referenced +loc_fffb7c0a: ; not directly referenced mov eax, edi cmp byte [ebp - 0x78], al -jbe loc_fffb9bd4 ; jbe 0xfffb9bd4 +jbe loc_fffb7cd7 ; jbe 0xfffb7cd7 mov si, word [ebp + edi*2 - 0x5e] add word [ebp - 0x80], si cmp byte [ebp - 0x8c], 6 @@ -35701,25 +32655,25 @@ mov cl, byte [eax + edi] sete al xor ebx, ebx test dl, al -je short loc_fffb9b43 ; je 0xfffb9b43 +je short loc_fffb7c46 ; je 0xfffb7c46 cmp cl, 1 mov eax, 0x28 cmove ebx, eax -loc_fffb9b43: ; not directly referenced +loc_fffb7c46: ; not directly referenced cmp byte [ebp - 0x8c], 8 setne dl cmp dword [ebp - 0x7c], 1 setne al or dl, al -jne short loc_fffb9b6c ; jne 0xfffb9b6c +jne short loc_fffb7c6f ; jne 0xfffb7c6f cmp cl, 2 setne al or al, byte [ebp - 0x89] mov eax, 0x50 cmove ebx, eax -loc_fffb9b6c: ; not directly referenced +loc_fffb7c6f: ; not directly referenced movzx eax, si mov esi, dword [ebp + 0x1c] cdq @@ -35731,12 +32685,12 @@ xor ecx, ecx mov dword [ebp - 0x84], esi mov dword [ebp - 0x88], eax mov eax, dword [ebp - 0x74] -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov edx, dword [ebp - 0x84] mov ecx, 1 movzx esi, ax mov eax, dword [ebp - 0x74] -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov edx, dword [ebp - 0x88] sub edx, esi imul edx, edx, 0x64 @@ -35751,9 +32705,9 @@ cmp bx, ax cmovle eax, ebx inc edi mov word [ebp - 0x6c], ax -jmp near loc_fffb9b07 ; jmp 0xfffb9b07 +jmp near loc_fffb7c0a ; jmp 0xfffb7c0a -loc_fffb9bd4: ; not directly referenced +loc_fffb7cd7: ; not directly referenced movzx eax, word [ebp - 0x80] mov ebx, 0x64 movzx ecx, byte [ebp - 0x78] @@ -35767,11 +32721,11 @@ idiv ebx xor bl, bl movzx edi, ax cmp ax, 0x64 -jbe short loc_fffb9c04 ; jbe 0xfffb9c04 +jbe short loc_fffb7d07 ; jbe 0xfffb7d07 lea ebx, [eax - 0x64] mov edi, 0x64 -loc_fffb9c04: ; not directly referenced +loc_fffb7d07: ; not directly referenced imul ecx, dword [ebp - 0xa0] movzx ebx, bx mov eax, dword [ebp + 0xc] @@ -35784,18 +32738,18 @@ mov dword [ebp - 0x80], eax movzx eax, word [ebp - 0x70] mov dword [ebp - 0x84], eax -loc_fffb9c2d: ; not directly referenced +loc_fffb7d30: ; not directly referenced cmp byte [ebp - 0x8a], cl -jbe short loc_fffb9c93 ; jbe 0xfffb9c93 +jbe short loc_fffb7d96 ; jbe 0xfffb7d96 cmp word [ebp - 0x6c], 0 -jns short loc_fffb9c44 ; jns 0xfffb9c44 +jns short loc_fffb7d47 ; jns 0xfffb7d47 mov word [esi + ecx*2], 1 -jmp short loc_fffb9c90 ; jmp 0xfffb9c90 +jmp short loc_fffb7d93 ; jmp 0xfffb7d93 -loc_fffb9c44: ; not directly referenced +loc_fffb7d47: ; not directly referenced mov ax, word [ebp - 0x6e] cmp word [ebp - 0x70], ax -je short loc_fffb9c68 ; je 0xfffb9c68 +je short loc_fffb7d6b ; je 0xfffb7d6b movzx eax, word [esi + ecx*2] sub eax, dword [ebp - 0x80] imul eax, eax, 0x64 @@ -35803,12 +32757,12 @@ cdq idiv dword [ebp - 0x84] mov edx, 0x64 sub edx, eax -jmp short loc_fffb9c6a ; jmp 0xfffb9c6a +jmp short loc_fffb7d6d ; jmp 0xfffb7d6d -loc_fffb9c68: ; not directly referenced +loc_fffb7d6b: ; not directly referenced xor edx, edx -loc_fffb9c6a: ; not directly referenced +loc_fffb7d6d: ; not directly referenced movzx edx, dx mov ebx, 0x64 imul edx, dword [ebp - 0x7c] @@ -35824,11 +32778,2177 @@ cdq idiv ebx mov word [esi + ecx*2], ax -loc_fffb9c90: ; not directly referenced +loc_fffb7d93: ; not directly referenced inc ecx -jmp short loc_fffb9c2d ; jmp 0xfffb9c2d +jmp short loc_fffb7d30 ; jmp 0xfffb7d30 + +loc_fffb7d96: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb7d9e: +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +push ebx +mov ebx, edx +sub esp, 0x1c + +loc_fffb7dab: +test ebx, ebx +jle short loc_fffb7dd8 ; jle 0xfffb7dd8 +cmp ebx, 0x10 +mov esi, 0x10 +cmovle esi, ebx +push eax +push esi +push edi +push dword [ecx] +mov dword [ebp - 0x1c], ecx +call fcn_fffa5c76 ; call 0xfffa5c76 +mov ecx, dword [ebp - 0x1c] +add esp, 0x10 +mov dword [ecx], eax +test eax, eax +jne short loc_fffb7ddc ; jne 0xfffb7ddc +or eax, 0xffffffff +jmp short loc_fffb7de0 ; jmp 0xfffb7de0 + +loc_fffb7dd8: +xor eax, eax +jmp short loc_fffb7de0 ; jmp 0xfffb7de0 + +loc_fffb7ddc: +sub ebx, esi +jmp short loc_fffb7dab ; jmp 0xfffb7dab + +loc_fffb7de0: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb7de8: +push ebp +mov ebp, esp +push edi +mov edi, ecx +push esi +mov esi, edx +push ebx +mov ebx, eax +sub esp, 0xc +test edx, edx +jne short loc_fffb7e0d ; jne 0xfffb7e0d + +loc_fffb7dfb: +test edi, edi +setne dl +cmp dword [ebp + 8], 0 +setne al +test dl, al +je short loc_fffb7e3a ; je 0xfffb7e3a +jmp short loc_fffb7e22 ; jmp 0xfffb7e22 + +loc_fffb7e0d: +mov ecx, eax +mov eax, ref_fffd52c0 ; mov eax, 0xfffd52c0 +call fcn_fffb7d9e ; call 0xfffb7d9e +test eax, eax +jns short loc_fffb7dfb ; jns 0xfffb7dfb + +loc_fffb7e1d: +or eax, 0xffffffff +jmp short loc_fffb7e98 ; jmp 0xfffb7e98 + +loc_fffb7e22: +push edx +push dword [ebp + 8] +push edi +push dword [ebx] +call fcn_fffa5c76 ; call 0xfffa5c76 +add esp, 0x10 +mov dword [ebx], eax +test eax, eax +je short loc_fffb7e1d ; je 0xfffb7e1d +add esi, dword [ebp + 8] + +loc_fffb7e3a: +cmp dword [ebp + 0xc], 0 +jne short loc_fffb7e4b ; jne 0xfffb7e4b + +loc_fffb7e40: +add esi, dword [ebp + 0xc] +cmp dword [ebp + 0x14], 0 +je short loc_fffb7e77 ; je 0xfffb7e77 +jmp short loc_fffb7e60 ; jmp 0xfffb7e60 + +loc_fffb7e4b: +mov edx, dword [ebp + 0xc] +mov ecx, ebx +mov eax, ref_fffd52ac ; mov eax, 0xfffd52ac +call fcn_fffb7d9e ; call 0xfffb7d9e +test eax, eax +jns short loc_fffb7e40 ; jns 0xfffb7e40 +jmp short loc_fffb7e1d ; jmp 0xfffb7e1d + +loc_fffb7e60: +push eax +push dword [ebp + 0x14] +push dword [ebp + 0x10] +push dword [ebx] +call fcn_fffa5c76 ; call 0xfffa5c76 +add esp, 0x10 +mov dword [ebx], eax +test eax, eax +je short loc_fffb7e1d ; je 0xfffb7e1d + +loc_fffb7e77: +add esi, dword [ebp + 0x14] +cmp dword [ebp + 0x18], 0 +je short loc_fffb7e93 ; je 0xfffb7e93 +mov edx, dword [ebp + 0x18] +mov ecx, ebx +mov eax, ref_fffd52c0 ; mov eax, 0xfffd52c0 +call fcn_fffb7d9e ; call 0xfffb7d9e +test eax, eax +js short loc_fffb7e1d ; js 0xfffb7e1d + +loc_fffb7e93: +mov eax, dword [ebp + 0x18] +add eax, esi + +loc_fffb7e98: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb7ea0: +mov ecx, 0xce +rdmsr +movzx ecx, ah +xor edx, edx +imul ecx, ecx, 0x186a0 +xor eax, eax +test ecx, ecx +je short loc_fffb7ecc ; je 0xfffb7ecc +push ebp +mov ebp, esp +sub esp, 0xc +rdtsc +push ecx +push edx +push eax +call fcn_fffd2b90 ; call 0xfffd2b90 +add esp, 0x10 +leave + +loc_fffb7ecc: +ret + +fcn_fffb7ecd: +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov ebx, dword [ebp + 8] +mov esi, dword [ebx + 0x2444] +mov edi, dword [ebx + 0x18c1] +push 0xe4 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add edi, eax +mov dword [esp], edi +add edi, 4 +call dword [esi + 0x20] ; ucall +mov dword [esp], edi +mov dword [ebp - 0x2c], eax +call dword [esi + 0x20] ; ucall +add esp, 0x10 +mov edx, dword [ebp - 0x2c] +cmp eax, dword [ebx + 0x14] +jne short loc_fffb7f17 ; jne 0xfffb7f17 +cmp edx, dword [ebx + 0x10] +je short loc_fffb7f21 ; je 0xfffb7f21 + +loc_fffb7f17: +mov eax, 0x18 +jmp near loc_fffb7fe6 ; jmp 0xfffb7fe6 + +loc_fffb7f21: +lea eax, [ebx + 0x1165] +xor esi, esi +mov dword [ebp - 0x30], eax + +loc_fffb7f2c: +lea eax, [ebx + esi + 0x196b] +xor edi, edi +mov dword [ebp - 0x34], eax +mov eax, dword [ebp - 0x30] +mov dword [ebp - 0x2c], eax +lea eax, [esi + 0x1afb] +mov dword [ebp - 0x38], eax + +loc_fffb7f47: +mov eax, dword [ebp - 0x34] +cmp dword [eax + edi + 8], 1 +jne short loc_fffb7f59 ; jne 0xfffb7f59 +mov word [ebp - 0x1a], 0 +jmp short loc_fffb7f9f ; jmp 0xfffb7f9f + +loc_fffb7f59: +lea eax, [ebx + edi] +mov al, byte [esi + eax + 0x19bd] +cmp al, 0xf1 +sete cl +cmp al, 0xb +sete dl +or cl, dl +je short loc_fffb7f81 ; je 0xfffb7f81 +lea eax, [edi + esi + 0x1a30] +mov edx, 0xb +add eax, ebx +jmp short loc_fffb7f97 ; jmp 0xfffb7f97 + +loc_fffb7f81: +cmp al, 0xc +jne short loc_fffb7f93 ; jne 0xfffb7f93 +mov eax, dword [ebp - 0x38] +mov edx, 9 +add eax, edi +add eax, ebx +jmp short loc_fffb7f97 ; jmp 0xfffb7f97 + +loc_fffb7f93: +xor edx, edx +xor eax, eax + +loc_fffb7f97: +lea ecx, [ebp - 0x1a] +call fcn_fffb3d76 ; call 0xfffb3d76 + +loc_fffb7f9f: +mov eax, dword [ebp - 0x2c] +mov ax, word [eax] +cmp word [ebp - 0x1a], ax +jne loc_fffb7f17 ; jne 0xfffb7f17 +add edi, 0x277 +add dword [ebp - 0x2c], 0x128 +cmp edi, 0x4ee +jne short loc_fffb7f47 ; jne 0xfffb7f47 +add esi, 0x54a +add dword [ebp - 0x30], 0x433 +cmp esi, 0xa94 +jne loc_fffb7f2c ; jne 0xfffb7f2c +mov byte [ebx + 0x247c], 1 +xor eax, eax + +loc_fffb7fe6: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb7fee: +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x34 +mov edi, dword [ebp + 0x10] +mov edx, dword [ebp + 0xc] +lea eax, [ebp - 0x1c] +push eax +mov ebx, dword [ebp + 0x14] +movzx esi, di +lea eax, [esi + 0xc] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb05b9 ; call 0xfffb05b9 +add esp, 0x10 +mov edx, dword [ebp - 0x2c] +test eax, eax +jns short loc_fffb8024 ; jns 0xfffb8024 +mov dword [ebp - 0x1c], 0 + +loc_fffb8024: +mov eax, dword [ebp - 0x1c] +test eax, eax +je short loc_fffb8068 ; je 0xfffb8068 +lea ecx, [eax + 4] +mov dword [ebx], ecx +mov word [eax + 4], dx +mov edx, dword [ebx] +mov word [edx + 2], di +mov edx, dword [ebx] +mov dword [edx + 4], 0 +add esi, dword [ebx] +mov word [esi], 0xffff +mov word [esi + 2], 8 +mov dword [esi + 4], 0 +mov edx, dword [0xff7d0270] +mov dword [eax], edx +mov dword [0xff7d0270], eax +xor eax, eax +jmp short loc_fffb806d ; jmp 0xfffb806d + +loc_fffb8068: +mov eax, 0x80000009 + +loc_fffb806d: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb8075: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x38 +mov edi, dword [ebp + 8] +push edi +call fcn_fffb9a46 ; call 0xfffb9a46 +add esp, 0x10 +mov ebx, eax +test eax, eax +js loc_fffb8201 ; js 0xfffb8201 +cmp edi, 1 +je short loc_fffb80a7 ; je 0xfffb80a7 +cmp edi, 2 +je loc_fffb814a ; je 0xfffb814a +jmp near loc_fffb8205 ; jmp 0xfffb8205 + +loc_fffb80a7: ; not directly referenced +mov eax, dword [ebp + 0xc] +sub esp, 0xc +mov dword [ebp - 0x20], eax +mov eax, dword [0xff7d0084] +or byte [ebp - 0x1d], 0x80 +mov eax, dword [eax + 0x14] +add eax, 0x48 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov edi, eax +pop eax +and edi, 0xfffffffe +pop edx +push dword [ebp - 0x20] +lea esi, [edi + 0x5da4] +add edi, 0x5da0 +push esi +call fcn_fffb3ffa ; call 0xfffb3ffa +mov dword [esp], 1 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov dword [ebp - 0x20], eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], 0xa +mov dword [ebp - 0x1c], eax +call fcn_fffb93ec ; call 0xfffb93ec +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov esi, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov edx, dword [ebp - 0x20] +add esp, 0x10 +cmp edx, esi +je short loc_fffb813a ; je 0xfffb813a +cmp dword [ebp - 0x1c], eax +je short loc_fffb813a ; je 0xfffb813a + +loc_fffb8130: ; not directly referenced +mov eax, 0x80000002 +jmp near loc_fffb820a ; jmp 0xfffb820a + +loc_fffb813a: ; not directly referenced +mov eax, dword [ebp + 0x14] +mov dword [eax], edx +lea eax, [ebp - 0x1c] +push ecx +push 4 +jmp near loc_fffb81f5 ; jmp 0xfffb81f5 + +loc_fffb814a: ; not directly referenced +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp + 0x10] +mov eax, dword [eax] +push edx +push 8 +or byte [ebp - 0x21], 0x80 +mov dword [ebp - 0x28], eax +lea eax, [ebp - 0x28] +push eax +lea eax, [ebp - 0x30] +push eax +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x30] +mov ecx, 0x150 +mov edx, dword [ebp - 0x2c] +wrmsr +mov dword [esp], 2 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] +push eax +lea eax, [ebp - 0x28] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov dword [esp], 0xa +call fcn_fffb93ec ; call 0xfffb93ec +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] +push eax +lea eax, [ebp - 0x20] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x1c] +add esp, 0x10 +cmp dword [ebp - 0x24], eax +je short loc_fffb81e6 ; je 0xfffb81e6 +mov eax, dword [ebp - 0x20] +cmp dword [ebp - 0x28], eax +jne loc_fffb8130 ; jne 0xfffb8130 + +loc_fffb81e6: ; not directly referenced +movzx eax, byte [ebp - 0x24] +mov edx, dword [ebp + 0x14] +mov dword [edx], eax +push eax +push 4 +lea eax, [ebp - 0x28] + +loc_fffb81f5: ; not directly referenced +push eax +push dword [ebp + 0x10] +call fcn_fffb01dc ; call 0xfffb01dc +add esp, 0x10 + +loc_fffb8201: ; not directly referenced +mov eax, ebx +jmp short loc_fffb820a ; jmp 0xfffb820a + +loc_fffb8205: ; not directly referenced +mov eax, 0x80000003 + +loc_fffb820a: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +mrc_printk_: +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0xfc +mov ecx, dword [ebp + 8] +lea ebx, [ebp + 0xc] +mov dword [ebp - 0xa8], ebx +mov dword [ebp - 0xa4], 0 +test ecx, ecx +je short loc_fffb8286 ; je 0xfffb8286 +mov dword [ebp - 0xf8], 0 +mov dword [ebp - 0xe4], 0 +jmp short loc_fffb829b ; jmp 0xfffb829b + +loc_fffb824e: +cmp dl, 0x2a +jne loc_fffb82ef ; jne 0xfffb82ef +mov ecx, dword [ebx] +lea eax, [ebx + 4] +mov dword [ebp - 0xe0], ecx +test ecx, ecx +jns short loc_fffb8273 ; jns 0xfffb8273 +neg dword [ebp - 0xe0] +or dword [ebp - 0xc4], 4 + +loc_fffb8273: +inc edi +mov ebx, eax + +loc_fffb8276: +cmp dword [ebp - 0xe0], 0x1f4 +jle loc_fffb8347 ; jle 0xfffb8347 + +loc_fffb8286: +or eax, 0xffffffff +jmp near loc_fffb8de1 ; jmp 0xfffb8de1 + +loc_fffb828e: +mov edi, esi +sub edi, ecx +jne short loc_fffb82b9 ; jne 0xfffb82b9 + +loc_fffb8294: +cmp byte [esi], 0 +jne short loc_fffb82dc ; jne 0xfffb82dc +mov ecx, esi + +loc_fffb829b: +cmp byte [ecx], 0 +je loc_fffb8da6 ; je 0xfffb8da6 +mov esi, ecx + +loc_fffb82a6: +mov al, byte [esi] +cmp al, 0x25 +setne dl +test al, al +setne al +test dl, al +je short loc_fffb828e ; je 0xfffb828e +inc esi +jmp short loc_fffb82a6 ; jmp 0xfffb82a6 + +loc_fffb82b9: +push eax +push edi +push ecx +push dword [ebp - 0xa4] +call fcn_fffa5c76 ; call 0xfffa5c76 +add esp, 0x10 +mov dword [ebp - 0xa4], eax +test eax, eax +je short loc_fffb8286 ; je 0xfffb8286 +add dword [ebp - 0xe4], edi +jmp short loc_fffb8294 ; jmp 0xfffb8294 + +loc_fffb82dc: +lea edi, [esi + 1] +mov dword [ebp - 0xc4], 0 + +loc_fffb82e9: +mov dl, byte [edi] +test dl, dl +jne short loc_fffb82fb ; jne 0xfffb82fb + +loc_fffb82ef: +mov dword [ebp - 0xe0], 0 +jmp short loc_fffb8337 ; jmp 0xfffb8337 + +loc_fffb82fb: +mov eax, ref_fffd531c ; mov eax, 0xfffd531c + +loc_fffb8300: +mov cl, byte [eax] +cmp cl, dl +je loc_fffb8dae ; je 0xfffb8dae +test cl, cl +je loc_fffb824e ; je 0xfffb824e +inc eax +jmp short loc_fffb8300 ; jmp 0xfffb8300 + +loc_fffb8315: +cmp dword [ebp - 0xe0], 0x1f3 +jg loc_fffb8276 ; jg 0xfffb8276 +imul edx, dword [ebp - 0xe0], 0xa +inc edi +lea eax, [edx + eax - 0x30] +mov dword [ebp - 0xe0], eax + +loc_fffb8337: +movsx eax, byte [edi] +lea edx, [eax - 0x30] +cmp dl, 9 +jbe short loc_fffb8315 ; jbe 0xfffb8315 +jmp near loc_fffb8276 ; jmp 0xfffb8276 + +loc_fffb8347: +cmp byte [edi], 0x2e +mov dword [ebp - 0xd0], 0xffffffff +jne short loc_fffb83c0 ; jne 0xfffb83c0 +cmp byte [edi + 1], 0x2a +je short loc_fffb8369 ; je 0xfffb8369 +inc edi +mov dword [ebp - 0xd0], 0 +jmp short loc_fffb83a5 ; jmp 0xfffb83a5 + +loc_fffb8369: +mov ecx, dword [ebx] +lea eax, [ebx + 4] +mov dword [ebp - 0xd0], ecx +cmp ecx, 0x1f4 +jg loc_fffb8286 ; jg 0xfffb8286 +add edi, 2 +mov ebx, eax +jmp short loc_fffb83c0 ; jmp 0xfffb83c0 + +loc_fffb8387: +cmp dword [ebp - 0xd0], 0x1f3 +jg short loc_fffb83b0 ; jg 0xfffb83b0 +imul edx, dword [ebp - 0xd0], 0xa +inc edi +lea eax, [edx + eax - 0x30] +mov dword [ebp - 0xd0], eax + +loc_fffb83a5: +movsx eax, byte [edi] +lea edx, [eax - 0x30] +cmp dl, 9 +jbe short loc_fffb8387 ; jbe 0xfffb8387 + +loc_fffb83b0: +cmp dword [ebp - 0xd0], 0x1f4 +jg loc_fffb8286 ; jg 0xfffb8286 + +loc_fffb83c0: +cmp byte [edi], 0x3a +mov dword [ebp - 0xc0], 0 +jne short loc_fffb8432 ; jne 0xfffb8432 +cmp byte [edi + 1], 0x2a +jne short loc_fffb8419 ; jne 0xfffb8419 +mov esi, dword [ebx] +lea eax, [ebx + 4] +mov dword [ebp - 0xc0], esi +test esi, esi +js short loc_fffb83ee ; js 0xfffb83ee +cmp esi, 0x24 +jle short loc_fffb83f8 ; jle 0xfffb83f8 +jmp near loc_fffb8286 ; jmp 0xfffb8286 + +loc_fffb83ee: +mov dword [ebp - 0xc0], 0 + +loc_fffb83f8: +add edi, 2 +mov ebx, eax +jmp short loc_fffb8432 ; jmp 0xfffb8432 + +loc_fffb83ff: +cmp dword [ebp - 0xc0], 0x23 +jg short loc_fffb8425 ; jg 0xfffb8425 +imul ecx, dword [ebp - 0xc0], 0xa +lea eax, [ecx + eax - 0x30] +mov dword [ebp - 0xc0], eax + +loc_fffb8419: +inc edi +movsx eax, byte [edi] +lea edx, [eax - 0x30] +cmp dl, 9 +jbe short loc_fffb83ff ; jbe 0xfffb83ff + +loc_fffb8425: +cmp dword [ebp - 0xc0], 0x24 +jg loc_fffb8286 ; jg 0xfffb8286 + +loc_fffb8432: +cmp byte [edi], 0x5b +mov dword [ebp - 0xd8], 0 +jne short loc_fffb846a ; jne 0xfffb846a +lea eax, [edi + 1] +not edi +mov dword [ebp - 0xf8], eax + +loc_fffb844c: +mov dl, byte [eax] +lea esi, [edi + eax] +mov dword [ebp - 0xd8], esi +mov esi, eax +test dl, dl +je loc_fffb8286 ; je 0xfffb8286 +inc eax +cmp dl, 0x5d +jne short loc_fffb844c ; jne 0xfffb844c +lea edi, [esi + 1] + +loc_fffb846a: +mov al, byte [edi] +mov esi, ref_fffd631f ; mov esi, 0xfffd631f +test al, al +je short loc_fffb84a2 ; je 0xfffb84a2 + +loc_fffb8475: +mov dl, byte [esi] +cmp dl, al +je short loc_fffb8486 ; je 0xfffb8486 +test dl, dl +je short loc_fffb8482 ; je 0xfffb8482 +inc esi +jmp short loc_fffb8475 ; jmp 0xfffb8475 + +loc_fffb8482: +xor eax, eax +jmp short loc_fffb84a2 ; jmp 0xfffb84a2 + +loc_fffb8486: +mov dl, byte [edi + 1] +lea esi, [edi + 1] +test dl, dl +je loc_fffb8dc6 ; je 0xfffb8dc6 +cmp dl, al +jne loc_fffb8dc6 ; jne 0xfffb8dc6 +or eax, 1 +add edi, 2 + +loc_fffb84a2: +mov dl, byte [edi] +test dl, dl +jne short loc_fffb84b2 ; jne 0xfffb84b2 +mov ecx, dword [ebx] +add ebx, 4 +jmp near loc_fffb829b ; jmp 0xfffb829b + +loc_fffb84b2: +mov byte [ebp - 0xc8], 0 +cmp dl, 0x43 +jne short loc_fffb84d4 ; jne 0xfffb84d4 +mov cl, byte [edi + 1] +lea esi, [edi + 1] +mov byte [ebp - 0xc8], cl +test cl, cl +je loc_fffb8286 ; je 0xfffb8286 +mov edi, esi + +loc_fffb84d4: +mov byte [ebp - 0xab], dl +cmp dl, 0x6e +jne short loc_fffb8535 ; jne 0xfffb8535 +mov edx, dword [ebx] +test edx, edx +je loc_fffb8dda ; je 0xfffb8dda +cmp al, 0x68 +jne short loc_fffb84fb ; jne 0xfffb84fb +mov eax, dword [ebp - 0xe4] +mov word [edx], ax +jmp near loc_fffb8dda ; jmp 0xfffb8dda + +loc_fffb84fb: +cmp al, 0x69 +jne short loc_fffb850c ; jne 0xfffb850c +mov al, byte [ebp - 0xe4] +mov byte [edx], al +jmp near loc_fffb8dda ; jmp 0xfffb8dda + +loc_fffb850c: +cmp al, 0x6c +je short loc_fffb8528 ; je 0xfffb8528 +cmp al, 0x6a +jne short loc_fffb8528 ; jne 0xfffb8528 +mov eax, dword [ebp - 0xe4] +mov dword [edx + 4], 0 +mov dword [edx], eax +jmp near loc_fffb8dda ; jmp 0xfffb8dda + +loc_fffb8528: +mov eax, dword [ebp - 0xe4] +mov dword [edx], eax +jmp near loc_fffb8dda ; jmp 0xfffb8dda + +loc_fffb8535: +cmp dl, 0x25 +jne short loc_fffb8563 ; jne 0xfffb8563 +sub esp, 0xc +xor ecx, ecx +push 0 +xor edx, edx +push 1 +lea eax, [ebp - 0xab] +push eax +push 0 +push 0 +lea eax, [ebp - 0xa4] +call fcn_fffb7de8 ; call 0xfffb7de8 +add esp, 0x20 +jmp near loc_fffb8d90 ; jmp 0xfffb8d90 + +loc_fffb8563: +mov esi, edx +and esi, 0xffffffdf +mov ecx, esi +cmp cl, 0x43 +jne short loc_fffb85e8 ; jne 0xfffb85e8 +cmp dl, 0x63 +jne short loc_fffb8581 ; jne 0xfffb8581 +mov eax, dword [ebx] +add ebx, 4 +mov byte [ebp - 0x9a], al +jmp short loc_fffb858d ; jmp 0xfffb858d + +loc_fffb8581: +mov al, byte [ebp - 0xc8] +mov byte [ebp - 0x9a], al + +loc_fffb858d: +mov esi, dword [ebp - 0xd0] +mov eax, 1 +test esi, esi +cmovs esi, eax +test esi, esi +cmovg eax, esi +xor esi, esi +mov dword [ebp - 0xc0], eax + +loc_fffb85aa: +sub esp, 0xc +xor ecx, ecx +push 0 +xor edx, edx +push 1 +lea eax, [ebp - 0x9a] +push eax +push 0 +push 0 +lea eax, [ebp - 0xa4] +call fcn_fffb7de8 ; call 0xfffb7de8 +add esp, 0x20 +cmp eax, 0xffffffff +je loc_fffb8286 ; je 0xfffb8286 +add esi, eax +dec dword [ebp - 0xc0] +jne short loc_fffb85aa ; jne 0xfffb85aa +mov eax, esi +jmp near loc_fffb8d90 ; jmp 0xfffb8d90 + +loc_fffb85e8: +cmp dl, 0x73 +jne loc_fffb8680 ; jne 0xfffb8680 +lea eax, [ebx + 4] +mov edx, ref_fffd6326 ; mov edx, 0xfffd6326 +mov dword [ebp - 0xc0], eax +mov eax, dword [ebx] +test eax, eax +cmove eax, edx +mov ecx, eax + +loc_fffb8608: +cmp byte [ecx], 0 +je short loc_fffb8610 ; je 0xfffb8610 +inc ecx +jmp short loc_fffb8608 ; jmp 0xfffb8608 + +loc_fffb8610: +mov ebx, dword [ebp - 0xd0] +sub ecx, eax +test ebx, ebx +js short loc_fffb8621 ; js 0xfffb8621 +cmp ecx, ebx +cmovg ecx, ebx + +loc_fffb8621: +mov esi, dword [ebp - 0xe0] +xor edx, edx +mov ebx, esi +sub ebx, ecx +cmp ecx, esi +mov esi, dword [ebp - 0xc4] +cmovl edx, ebx +xor ebx, ebx +and esi, 4 +je short loc_fffb8643 ; je 0xfffb8643 +mov ebx, edx +xor edx, edx + +loc_fffb8643: +test byte [ebp - 0xc4], 0x40 +je short loc_fffb865b ; je 0xfffb865b +add ebx, edx +xor edx, edx +test esi, esi +sete dl +add edx, ebx +sar edx, 1 +sub ebx, edx + +loc_fffb865b: +sub esp, 0xc +push ebx +push ecx +xor ecx, ecx +push eax +push 0 +push 0 +lea eax, [ebp - 0xa4] +call fcn_fffb7de8 ; call 0xfffb7de8 +add esp, 0x20 +mov ebx, dword [ebp - 0xc0] +jmp near loc_fffb8d90 ; jmp 0xfffb8d90 + +loc_fffb8680: +cmp dl, 0x70 +jne short loc_fffb86ac ; jne 0xfffb86ac +mov byte [ebp - 0xab], 0x58 +xor eax, eax +mov dword [ebp - 0xd0], 8 +mov dword [ebp - 0xe0], 8 +mov dword [ebp - 0xc4], 0x28 + +loc_fffb86ac: +mov dl, byte [ebp - 0xab] +cmp dl, 0x69 +sete cl +cmp dl, 0x64 +mov byte [ebp - 0xd4], dl +sete dl +or dl, cl +mov byte [ebp - 0xe8], cl +jne short loc_fffb86d9 ; jne 0xfffb86d9 +xor esi, esi +cmp byte [ebp - 0xd4], 0x49 +jne short loc_fffb8708 ; jne 0xfffb8708 + +loc_fffb86d9: +mov dl, byte [ebp - 0xd4] +mov esi, 0xa +and dword [ebp - 0xc4], 0xfffffff7 +or dword [ebp - 0xc4], 0x80 +and edx, 0xffffffdf +cmp dl, 0x49 +jne short loc_fffb8708 ; jne 0xfffb8708 +mov ecx, dword [ebp - 0xc0] +test ecx, ecx +cmovne esi, ecx + +loc_fffb8708: +mov dl, byte [ebp - 0xd4] +and edx, 0xffffffdf +cmp dl, 0x58 +sete cl +test cl, cl +mov byte [ebp - 0xcc], cl +mov ecx, 0x10 +cmovne esi, ecx +cmp dl, 0x55 +jne short loc_fffb873c ; jne 0xfffb873c +mov ecx, dword [ebp - 0xc0] +mov esi, 0xa +test ecx, ecx +cmovne esi, ecx + +loc_fffb873c: +mov cl, byte [ebp - 0xd4] +cmp cl, 0x6f +je short loc_fffb8756 ; je 0xfffb8756 +cmp cl, 0x62 +je short loc_fffb875d ; je 0xfffb875d +cmp esi, 1 +ja short loc_fffb8762 ; ja 0xfffb8762 +jmp near loc_fffb8286 ; jmp 0xfffb8286 + +loc_fffb8756: +mov esi, 8 +jmp short loc_fffb8762 ; jmp 0xfffb8762 + +loc_fffb875d: +mov esi, 2 + +loc_fffb8762: +test byte [ebp - 0xc4], 0x80 +je loc_fffb8827 ; je 0xfffb8827 +cmp al, 0x6c +jne short loc_fffb8778 ; jne 0xfffb8778 +lea eax, [ebx + 4] +jmp short loc_fffb877f ; jmp 0xfffb877f + +loc_fffb8778: +cmp al, 0x6a +jne short loc_fffb8789 ; jne 0xfffb8789 +lea eax, [ebx + 8] + +loc_fffb877f: +mov dword [ebp - 0xc8], eax + +loc_fffb8785: +mov edx, dword [ebx] +jmp short loc_fffb87ad ; jmp 0xfffb87ad + +loc_fffb8789: +lea edx, [ebx + 4] +cmp al, 0x7a +mov dword [ebp - 0xc8], edx +je short loc_fffb8785 ; je 0xfffb8785 +mov edx, dword [ebx] +cmp al, 0x74 +je short loc_fffb87ad ; je 0xfffb87ad +cmp al, 0x68 +jne short loc_fffb87a5 ; jne 0xfffb87a5 +movsx edx, dx +jmp short loc_fffb87ad ; jmp 0xfffb87ad + +loc_fffb87a5: +movsx ecx, dl +cmp al, 0x69 +cmove edx, ecx + +loc_fffb87ad: +mov ecx, edx +sar ecx, 0x1f +mov eax, ecx +xor eax, edx +sub eax, ecx +mov dword [ebp - 0xc0], eax +sar eax, 0x1f +mov dword [ebp - 0xbc], eax +test edx, edx +jns short loc_fffb87d4 ; jns 0xfffb87d4 +mov byte [ebp - 0xaa], 0x2d +jmp short loc_fffb87fa ; jmp 0xfffb87fa + +loc_fffb87d4: +test byte [ebp - 0xc4], 2 +je short loc_fffb87e6 ; je 0xfffb87e6 +mov byte [ebp - 0xaa], 0x2b +jmp short loc_fffb87fa ; jmp 0xfffb87fa + +loc_fffb87e6: +mov eax, dword [ebp - 0xc4] +and eax, 1 +neg eax +and eax, 0x20 +mov byte [ebp - 0xaa], al + +loc_fffb87fa: +cmp byte [ebp - 0xaa], 0 +mov dword [ebp - 0xdc], 0 +je loc_fffb88cb ; je 0xfffb88cb +or dword [ebp - 0xc4], 8 +mov dword [ebp - 0xdc], 1 +jmp near loc_fffb88cb ; jmp 0xfffb88cb + +loc_fffb8827: +cmp al, 0x6c +jne short loc_fffb883a ; jne 0xfffb883a +lea eax, [ebx + 4] +xor edx, edx +mov dword [ebp - 0xc8], eax +mov eax, dword [ebx] +jmp short loc_fffb884c ; jmp 0xfffb884c + +loc_fffb883a: +cmp al, 0x6a +jne short loc_fffb885a ; jne 0xfffb885a +lea eax, [ebx + 8] +mov edx, dword [ebx + 4] +mov dword [ebp - 0xc8], eax +mov eax, dword [ebx] + +loc_fffb884c: +mov dword [ebp - 0xc0], eax +mov dword [ebp - 0xbc], edx +jmp short loc_fffb88ba ; jmp 0xfffb88ba + +loc_fffb885a: +lea edx, [ebx + 4] +cmp al, 0x7a +mov dword [ebp - 0xc8], edx +je short loc_fffb886b ; je 0xfffb886b +cmp al, 0x74 +jne short loc_fffb887e ; jne 0xfffb887e + +loc_fffb886b: +mov eax, dword [ebx] +mov dword [ebp - 0xc0], eax +sar eax, 0x1f +mov dword [ebp - 0xbc], eax +jmp short loc_fffb88ba ; jmp 0xfffb88ba + +loc_fffb887e: +mov edx, dword [ebx] +mov dword [ebp - 0xbc], 0 +mov dword [ebp - 0xc0], edx +cmp al, 0x68 +jne short loc_fffb889f ; jne 0xfffb889f +movzx edx, dx +mov dword [ebp - 0xc0], edx +jmp short loc_fffb88b0 ; jmp 0xfffb88b0 + +loc_fffb889f: +cmp al, 0x69 +jne short loc_fffb88ba ; jne 0xfffb88ba +movzx eax, byte [ebp - 0xc0] +mov dword [ebp - 0xc0], eax + +loc_fffb88b0: +mov dword [ebp - 0xbc], 0 + +loc_fffb88ba: +mov byte [ebp - 0xaa], 0x30 +mov dword [ebp - 0xdc], 0 + +loc_fffb88cb: +mov eax, dword [ebp - 0xc0] +mov edx, dword [ebp - 0xbc] +mov ebx, eax +or ebx, edx +setne al +cmp byte [ebp - 0xd4], 0x6f +sete dl +test al, dl +mov edx, 1 +cmove edx, dword [ebp - 0xdc] +cmp byte [ebp - 0xcc], 0 +mov dword [ebp - 0xdc], edx +jne short loc_fffb890e ; jne 0xfffb890e +cmp byte [ebp - 0xd4], 0x62 +jne short loc_fffb893c ; jne 0xfffb893c + +loc_fffb890e: +test byte [ebp - 0xc4], 0x20 +jne short loc_fffb8923 ; jne 0xfffb8923 +test al, al +je short loc_fffb893c ; je 0xfffb893c +mov al, byte [ebp - 0xd4] +jmp short loc_fffb892c ; jmp 0xfffb892c + +loc_fffb8923: +mov al, byte [ebp - 0xd4] +or eax, 0x20 + +loc_fffb892c: +mov byte [ebp - 0xa9], al +mov dword [ebp - 0xdc], 2 + +loc_fffb893c: +test byte [ebp - 0xc4], 8 +je short loc_fffb8953 ; je 0xfffb8953 +lea eax, [ebp - 0xaa] +mov dword [ebp - 0xf4], eax +jmp short loc_fffb8967 ; jmp 0xfffb8967 + +loc_fffb8953: +mov dword [ebp - 0xf4], 0 +mov dword [ebp - 0xdc], 0 + +loc_fffb8967: +cmp esi, 0xa +jne short loc_fffb89d2 ; jne 0xfffb89d2 +mov dword [ebp - 0xcc], 0 +lea ebx, [ebp - 0xa0] + +loc_fffb897c: +mov edx, dword [ebp - 0xbc] +mov eax, dword [ebp - 0xc0] +mov esi, edx +or esi, eax +je loc_fffb8b1f ; je 0xfffb8b1f +push ebx +push 0xa +push dword [ebp - 0xbc] +push dword [ebp - 0xc0] +call fcn_fffd2ba5 ; call 0xfffd2ba5 +mov esi, dword [ebp - 0xa0] +add esp, 0x10 +inc dword [ebp - 0xcc] +mov dword [ebp - 0xc0], eax +mov eax, dword [ebp - 0xcc] +mov dword [ebp - 0xbc], edx +lea edx, [esi + 0x30] +neg eax +mov byte [eax + ebp - 0x18], dl +jmp short loc_fffb897c ; jmp 0xfffb897c + +loc_fffb89d2: +cmp byte [ebp - 0xd4], 0x75 +sete byte [ebp - 0xec] +cmp esi, 8 +sete dl +cmp esi, 2 +sete al +or al, dl +jne short loc_fffb8a10 ; jne 0xfffb8a10 +cmp esi, 0x10 +je short loc_fffb8a10 ; je 0xfffb8a10 +mov bl, byte [ebp - 0xec] +mov dword [ebp - 0xcc], 0 +or ebx, dword [ebp - 0xe8] +jmp near loc_fffb8ab2 ; jmp 0xfffb8ab2 + +loc_fffb8a10: +lea eax, [esi - 1] +cmp esi, 0x10 +je short loc_fffb8a25 ; je 0xfffb8a25 +cmp dl, 1 +sbb ecx, ecx +and ecx, 0xfffffffe +add ecx, 3 +jmp short loc_fffb8a2a ; jmp 0xfffb8a2a + +loc_fffb8a25: +mov ecx, 4 + +loc_fffb8a2a: +mov dword [ebp - 0xcc], 0 + +loc_fffb8a34: +mov esi, dword [ebp - 0xbc] +mov ebx, dword [ebp - 0xc0] +mov edx, esi +or edx, ebx +je loc_fffb8b1f ; je 0xfffb8b1f +mov edx, dword [ebp - 0xc0] +and edx, eax +cmp byte [ebp - 0xd4], 0x78 +mov bl, byte [edx + ref_fffd52d4] ; mov bl, byte [edx - 0x2ad2c] +sete dl +or dl, byte [ebp - 0xe8] +jne short loc_fffb8a73 ; jne 0xfffb8a73 +cmp byte [ebp - 0xec], 0 +je short loc_fffb8a76 ; je 0xfffb8a76 + +loc_fffb8a73: +or ebx, 0x20 + +loc_fffb8a76: +inc dword [ebp - 0xcc] +mov edx, dword [ebp - 0xcc] +mov esi, dword [ebp - 0xbc] +neg edx +mov byte [edx + ebp - 0x18], bl +mov ebx, dword [ebp - 0xc0] +xor edx, edx +shrd ebx, esi, cl +shr esi, cl +test cl, 0x20 +cmovne ebx, esi +cmovne esi, edx +mov dword [ebp - 0xc0], ebx +mov dword [ebp - 0xbc], esi +jmp short loc_fffb8a34 ; jmp 0xfffb8a34 + +loc_fffb8ab2: +mov edx, dword [ebp - 0xbc] +mov eax, dword [ebp - 0xc0] +mov ecx, edx +or ecx, eax +je short loc_fffb8b1f ; je 0xfffb8b1f +push eax +push esi +push dword [ebp - 0xbc] +push dword [ebp - 0xc0] +call fcn_fffd2b7b ; call 0xfffd2b7b +add esp, 0xc +push esi +push dword [ebp - 0xbc] +push dword [ebp - 0xc0] +mov al, byte [eax + ref_fffd52d4] ; mov al, byte [eax - 0x2ad2c] +mov dl, al +or edx, 0x20 +test bl, bl +cmovne eax, edx +inc dword [ebp - 0xcc] +mov edx, dword [ebp - 0xcc] +neg edx +mov byte [edx + ebp - 0x18], al +call fcn_fffd2b90 ; call 0xfffd2b90 +add esp, 0x10 +mov dword [ebp - 0xc0], eax +mov dword [ebp - 0xbc], edx +jmp short loc_fffb8ab2 ; jmp 0xfffb8ab2 + +loc_fffb8b1f: +cmp dword [ebp - 0xd8], 0 +mov dword [ebp - 0xf0], 0 +je loc_fffb8cca ; je 0xfffb8cca +mov ebx, dword [ebp - 0xf8] +mov esi, dword [ebp - 0xd8] +mov eax, dword [ebp - 0xcc] +mov dword [ebp - 0xc0], 0x82 +mov byte [ebp - 0xec], 0 +lea ebx, [ebx + esi - 1] +sub dword [ebp - 0xc0], eax +mov dword [ebp - 0xe8], eax +xor eax, eax +mov dword [ebp - 0xd4], ebx + +loc_fffb8b71: +cmp dword [ebp - 0xe8], 0 +je loc_fffb8cca ; je 0xfffb8cca +cmp dword [ebp - 0xd8], 0 +je loc_fffb8dcd ; je 0xfffb8dcd +mov esi, dword [ebp - 0xd4] +mov al, byte [esi] +cmp al, 0x2d +je loc_fffb8cca ; je 0xfffb8cca +cmp al, 0x2a +je short loc_fffb8bbd ; je 0xfffb8bbd +mov ebx, dword [ebp - 0xd8] +xor eax, eax +mov dword [ebp - 0xec], 1 +sub esi, ebx +mov edx, ebx +mov dword [ebp - 0x100], esi +jmp short loc_fffb8c10 ; jmp 0xfffb8c10 + +loc_fffb8bbd: +mov eax, dword [ebp - 0xc8] +lea ebx, [eax + 4] +mov eax, dword [eax] +test eax, eax +js loc_fffb8cc4 ; js 0xfffb8cc4 +mov ecx, dword [ebp - 0xd4] +mov edx, dword [ebp - 0xd8] +mov dword [ebp - 0xc8], ebx +dec ecx +dec edx +jne short loc_fffb8c37 ; jne 0xfffb8c37 +jmp near loc_fffb8cca ; jmp 0xfffb8cca + +loc_fffb8beb: +movsx esi, byte [ebp - 0xf9] +mov ecx, dword [ebp - 0xec] +sub esi, 0x30 +imul esi, ecx +add eax, esi +imul esi, ecx, 0xa +mov dword [ebp - 0xec], esi +dec edx +je loc_fffb8cca ; je 0xfffb8cca + +loc_fffb8c10: +mov ebx, dword [ebp - 0x100] +mov ecx, edx +sub ecx, dword [ebp - 0xd8] +add ecx, dword [ebp - 0xd4] +mov bl, byte [ebx + edx] +lea esi, [ebx - 0x30] +mov byte [ebp - 0xf9], bl +mov ebx, esi +cmp bl, 9 +jbe short loc_fffb8beb ; jbe 0xfffb8beb + +loc_fffb8c37: +mov bl, byte [ecx] +lea esi, [ecx - 1] +mov dword [ebp - 0xd4], esi +mov byte [ebp - 0xec], bl +lea ebx, [edx - 1] +mov dword [ebp - 0xd8], ebx +test eax, eax +je short loc_fffb8cb5 ; je 0xfffb8cb5 + +loc_fffb8c55: +mov esi, dword [ebp - 0xe8] +cmp esi, eax +jle short loc_fffb8cca ; jle 0xfffb8cca +lea ecx, [ebp - 0x9a] +sub esi, eax +add ecx, dword [ebp - 0xc0] +xor edx, edx + +loc_fffb8c6f: +cmp edx, esi +je short loc_fffb8c7d ; je 0xfffb8c7d +mov bl, byte [ecx + edx] +mov byte [ecx + edx - 1], bl +inc edx +jmp short loc_fffb8c6f ; jmp 0xfffb8c6f + +loc_fffb8c7d: +mov ecx, dword [ebp - 0xe8] +dec dword [ebp - 0xc0] +add ecx, dword [ebp - 0xc0] +mov bl, byte [ebp - 0xec] +inc dword [ebp - 0xcc] +sub ecx, eax +inc dword [ebp - 0xf0] +mov byte [ebp + ecx - 0x9a], bl +mov dword [ebp - 0xe8], edx +jmp near loc_fffb8b71 ; jmp 0xfffb8b71 + +loc_fffb8cb5: +cmp dword [ebp - 0xd8], 0 +jne loc_fffb8b71 ; jne 0xfffb8b71 +jmp short loc_fffb8cca ; jmp 0xfffb8cca + +loc_fffb8cc4: +mov dword [ebp - 0xc8], ebx + +loc_fffb8cca: +cmp dword [ebp - 0xd0], 0 +js short loc_fffb8cdc ; js 0xfffb8cdc +and dword [ebp - 0xc4], 0xffffffef +jmp short loc_fffb8ce6 ; jmp 0xfffb8ce6 + +loc_fffb8cdc: +mov dword [ebp - 0xd0], 1 + +loc_fffb8ce6: +mov esi, dword [ebp - 0xcc] +mov eax, dword [ebp - 0xd0] +add eax, dword [ebp - 0xf0] +cmp eax, esi +cmovl eax, esi +mov esi, dword [ebp - 0xe0] +xor edx, edx +mov ebx, eax +mov eax, dword [ebp - 0xdc] +mov ecx, esi +add eax, ebx +sub ecx, eax +cmp eax, esi +cmovl edx, ecx +mov ecx, dword [ebp - 0xc4] +xor eax, eax +and ecx, 4 +je short loc_fffb8d29 ; je 0xfffb8d29 +mov eax, edx +xor edx, edx + +loc_fffb8d29: +test byte [ebp - 0xc4], 0x40 +je short loc_fffb8d41 ; je 0xfffb8d41 +add eax, edx +xor edx, edx +test ecx, ecx +sete dl +add edx, eax +sar edx, 1 +sub eax, edx + +loc_fffb8d41: +sub ebx, dword [ebp - 0xcc] +mov ecx, ebx +test byte [ebp - 0xc4], 0x10 +je short loc_fffb8d56 ; je 0xfffb8d56 +add ecx, edx +xor edx, edx + +loc_fffb8d56: +mov esi, dword [ebp - 0xcc] +sub esp, 0xc +push eax +lea eax, [ebp - 0x9a] +sub eax, esi +push esi +add eax, 0x82 +push eax +push ecx +mov ecx, dword [ebp - 0xf4] +push dword [ebp - 0xdc] +lea eax, [ebp - 0xa4] +call fcn_fffb7de8 ; call 0xfffb7de8 +mov ebx, dword [ebp - 0xc8] +add esp, 0x20 + +loc_fffb8d90: +test eax, eax +js loc_fffb8286 ; js 0xfffb8286 + +loc_fffb8d98: +add dword [ebp - 0xe4], eax +lea ecx, [edi + 1] +jmp near loc_fffb829b ; jmp 0xfffb829b + +loc_fffb8da6: +mov eax, dword [ebp - 0xe4] +jmp short loc_fffb8de1 ; jmp 0xfffb8de1 + +loc_fffb8dae: +sub eax, ref_fffd531c ; sub eax, 0xfffd531c +inc edi +mov eax, dword [eax*4 + ref_fffd52fc] ; mov eax, dword [eax*4 - 0x2ad04] +or dword [ebp - 0xc4], eax +jmp near loc_fffb82e9 ; jmp 0xfffb82e9 + +loc_fffb8dc6: +mov edi, esi +jmp near loc_fffb84a2 ; jmp 0xfffb84a2 + +loc_fffb8dcd: +test eax, eax +jne loc_fffb8c55 ; jne 0xfffb8c55 +jmp near loc_fffb8cca ; jmp 0xfffb8cca + +loc_fffb8dda: +add ebx, 4 +xor eax, eax +jmp short loc_fffb8d98 ; jmp 0xfffb8d98 + +loc_fffb8de1: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb8de9: +push ebp +mov ebp, esp +push edi +mov edi, ecx +push esi +push ebx +mov ebx, eax +sub esp, 0x20 +mov esi, dword [edx + 9] +mov edx, dword [ebx + 0x188b] +mov eax, dword [eax + 0x2444] +push 4 +lea edx, [edx*4 + ref_fffd3520] ; lea edx, [edx*4 - 0x2cae0] +push edx +lea edx, [ebp - 0x1c] +push edx +call dword [eax + 0x58] ; ucall +mov al, byte [ebx + 0xfac] +add esp, 0x10 +cmp byte [ebp - 0x1c], al +mov al, 1 +jne short loc_fffb8e7f ; jne 0xfffb8e7f +mov cl, byte [ebx + 0xfad] +cmp byte [ebp - 0x1b], cl +jne short loc_fffb8e7f ; jne 0xfffb8e7f +mov cl, byte [ebx + 0xfae] +cmp byte [ebp - 0x1a], cl +jne short loc_fffb8e7f ; jne 0xfffb8e7f +mov cl, byte [ebx + 0xfaf] +cmp byte [ebp - 0x19], cl +jne short loc_fffb8e7f ; jne 0xfffb8e7f +mov ecx, dword [ebx + 0xfa4] +cmp dword [ebx + 0x1887], ecx +jne short loc_fffb8e7f ; jne 0xfffb8e7f +mov ecx, dword [ebx + 0xfa0] +cmp dword [ebx + 0x1883], ecx +jne short loc_fffb8e7f ; jne 0xfffb8e7f +xor eax, eax +cmp edi, 2 +je short loc_fffb8e7f ; je 0xfffb8e7f +mov edx, 0x102 +mov eax, esi +call fcn_fffc3cb8 ; call 0xfffc3cb8 +cmp eax, dword [ebx + 0xfb0] +setne al + +loc_fffb8e7f: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb8e87: +push ebp +mov ebp, esp +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 8] +lea eax, [ebp - 0xc] +push eax +push ebx +call fcn_fffb05b9 ; call 0xfffb05b9 +add esp, 0x10 +test eax, eax +jns short loc_fffb8ea9 ; jns 0xfffb8ea9 +mov dword [ebp - 0xc], 0 + +loc_fffb8ea9: +mov eax, dword [ebp - 0xc] +test eax, eax +je short loc_fffb8ebe ; je 0xfffb8ebe +push edx +push edx +push ebx +push eax +call fcn_fffb067f ; call 0xfffb067f +add esp, 0x10 +jmp short loc_fffb8ec0 ; jmp 0xfffb8ec0 + +loc_fffb8ebe: +xor eax, eax + +loc_fffb8ec0: +mov ebx, dword [ebp - 4] +leave +ret + +fcn_fffb8ec5: ; not directly referenced +and dh, 4 +je short loc_fffb8f29 ; je 0xfffb8f29 +push ebp +mov edx, ecx +mov ebp, esp +push edi +push esi +mov esi, ecx +shr edx, 0x14 +push ebx +and edx, 1 +sub esp, 0xc +cmp edx, 1 +mov edi, dword [eax + 0x68] +mov edx, ecx +sbb ebx, ebx +call fcn_fffc3acf ; call 0xfffc3acf +shr esi, 0x12 +and ebx, 0x10 +and esi, 1 +add ebx, 0x10 +push ecx +push esi +push edx +push eax +call edi +add esp, 0x10 +cmp bx, 0x10 +jne short loc_fffb8f18 ; jne 0xfffb8f18 +xor eax, 0x1000000 +or eax, edx +cmp eax, 1 +sbb eax, eax +add eax, 0xb +jmp short loc_fffb8f2f ; jmp 0xfffb8f2f + +loc_fffb8f18: ; not directly referenced +xor eax, 0x800000 +or eax, edx +cmp eax, 1 +sbb eax, eax +add eax, 0xa +jmp short loc_fffb8f2f ; jmp 0xfffb8f2f + +loc_fffb8f29: ; not directly referenced +mov eax, 0xa +ret + +loc_fffb8f2f: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb8f37: ; not directly referenced +and dh, 4 +je short loc_fffb8f9b ; je 0xfffb8f9b +push ebp +mov edx, ecx +mov ebp, esp +push edi +push esi +mov esi, ecx +shr edx, 0x13 +push ebx +and edx, 1 +sub esp, 0xc +cmp edx, 1 +mov edi, dword [eax + 0x68] +mov edx, ecx +sbb ebx, ebx +call fcn_fffc3aea ; call 0xfffc3aea +shr esi, 0x11 +and ebx, 0x10 +and esi, 1 +add ebx, 0x10 +push ecx +push esi +push edx +push eax +call edi +add esp, 0x10 +cmp bx, 0x10 +jne short loc_fffb8f8a ; jne 0xfffb8f8a +xor eax, 0x1000000 +or eax, edx +cmp eax, 1 +sbb eax, eax +add eax, 0xb +jmp short loc_fffb8fa1 ; jmp 0xfffb8fa1 + +loc_fffb8f8a: ; not directly referenced +xor eax, 0x800000 +or eax, edx +cmp eax, 1 +sbb eax, eax +add eax, 0xa +jmp short loc_fffb8fa1 ; jmp 0xfffb8fa1 + +loc_fffb8f9b: ; not directly referenced +mov eax, 0xa +ret + +loc_fffb8fa1: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb8fa9: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0xc] +mov edx, dword [ebp + 8] +push edi +push esi +push ebx +mov esi, eax +mov word [edx + 0x2468], ax +mov edx, 0x80 +out dx, ax +mov edi, 0x48 +mov ebx, 0x74 + +loc_fffb8fcf: ; not directly referenced +mov eax, edi +mov edx, ebx +out dx, al +mov edx, 0x75 +in al, dx +movzx ecx, al +mov edx, ebx +mov al, 0x49 +out dx, al +mov edx, 0x75 +in al, dx +shl eax, 8 +or eax, ecx +cmp si, ax +je short loc_fffb8fcf ; je 0xfffb8fcf +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb8ff7: +push ebp +mov ebp, esp +push ebx +sub esp, 0x10 +mov eax, dword [0xff7d0084] +mov eax, dword [eax + 0x14] +add eax, 0xf8002 +push eax +call fcn_fffb3e49 ; call 0xfffb3e49 +add esp, 0x10 +mov ecx, eax +mov edx, eax +and cl, 0x7d +mov eax, 1 +cmp cx, 0x8c44 +je loc_fffb9156 ; je 0xfffb9156 +cmp dx, 0x8c4c +sete bl +cmp dx, 0x8c4a +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c50 +sete bl +cmp dx, 0x8c4e +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c42 +sete bl +cmp dx, 0x8c5c +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c4f +sete bl +cmp dx, 0x8c49 +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c41 +sete bl +cmp dx, 0x8c4b +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c58 +je loc_fffb9156 ; je 0xfffb9156 +cmp dx, 0x8c54 +sete bl +cmp dx, 0x8c52 +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c56 +je loc_fffb9156 ; je 0xfffb9156 +lea ecx, [edx + 0x63bf] +cmp cx, 6 +jbe short loc_fffb9156 ; jbe 0xfffb9156 +cmp dx, 0x8cc5 +sete bl +cmp dx, 0x8cc3 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +lea ecx, [edx + 0x733f] +cmp cx, 1 +jbe short loc_fffb9156 ; jbe 0xfffb9156 +lea eax, [edx + 0x633f] +cmp ax, 2 +mov eax, 2 +setbe bl +cmp dx, 0x9cc5 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +lea ecx, [edx + 0x633a] +cmp cx, 1 +setbe bl +cmp dx, 0x9cc9 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x9cc8 +sete bl +cmp dx, 0x9cc4 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +add dx, 0x6336 +cmp dx, 2 +sbb eax, eax +add eax, 3 + +loc_fffb9156: +mov ebx, dword [ebp - 4] +leave +ret + +fcn_fffb915b: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x28 +mov eax, dword [0xff7d0084] +mov edi, dword [eax + 0x14] +lea esi, [edi + 0xb0044] +add edi, 0xb0040 +push esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov ebx, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +add esp, 0x10 +mov edx, eax +shr edx, 0x10 +and edx, 0xf +cmp dl, 2 +jne short loc_fffb919c ; jne 0xfffb919c + +loc_fffb9198: ; not directly referenced +xor eax, eax +jmp short loc_fffb91f7 ; jmp 0xfffb91f7 + +loc_fffb919c: ; not directly referenced +movzx eax, ah +test al, 0xf0 +jne short loc_fffb9198 ; jne 0xfffb9198 +lea eax, [ebp - 0x1c] +xor edi, edi +push eax +push 0 +push 0 +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b +add esp, 0x10 + +loc_fffb91ba: ; not directly referenced +test ebx, 0x10000 +jne short loc_fffb91ea ; jne 0xfffb91ea +cmp edi, 0x1388 +je short loc_fffb9198 ; je 0xfffb9198 +mov eax, dword [ebp - 0x1c] +inc edi +push edx +push 0x3e8 +push eax +push dword [ebp + 8] +call dword [eax + 4] ; ucall +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +add esp, 0x10 +mov ebx, eax +jmp short loc_fffb91ba ; jmp 0xfffb91ba + +loc_fffb91ea: ; not directly referenced +cmp edi, 0x1388 +je short loc_fffb9198 ; je 0xfffb9198 +mov eax, ebx +and eax, 0x3f + +loc_fffb91f7: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb91ff: +push ebp +mov ebp, esp +push ebx +sub esp, 0x10 +mov eax, dword [0xff7d0084] +mov eax, dword [eax + 0x14] +add eax, 0xf8002 +push eax +call fcn_fffb3e49 ; call 0xfffb3e49 +add esp, 0x10 +mov ecx, eax +mov edx, eax +and cl, 0x7d +mov eax, 1 +cmp cx, 0x8c44 +je loc_fffb9365 ; je 0xfffb9365 +cmp dx, 0x8c4c +sete bl +cmp dx, 0x8c4a +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c50 +sete bl +cmp dx, 0x8c4e +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c42 +sete bl +cmp dx, 0x8c5c +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c4f +sete bl +cmp dx, 0x8c49 +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c41 +sete bl +cmp dx, 0x8c4b +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c58 +je loc_fffb9365 ; je 0xfffb9365 +cmp dx, 0x8c54 +sete bl +cmp dx, 0x8c52 +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c56 +je loc_fffb9365 ; je 0xfffb9365 +cmp dx, 0x8cc5 +sete bl +cmp dx, 0x8cc3 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +lea eax, [edx + 0x733f] +cmp ax, 1 +jbe short loc_fffb9360 ; jbe 0xfffb9360 +lea ecx, [edx + 0x63bf] +mov eax, 2 +cmp cx, 6 +jbe short loc_fffb9365 ; jbe 0xfffb9365 +lea ecx, [edx + 0x633f] +cmp cx, 2 +setbe bl +cmp dx, 0x9cc5 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +lea ecx, [edx + 0x633a] +cmp cx, 1 +setbe bl +cmp dx, 0x9cc9 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x9cc8 +sete bl +cmp dx, 0x9cc4 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +add dx, 0x6336 +cmp dx, 2 +sbb eax, eax +add eax, 3 +jmp short loc_fffb9365 ; jmp 0xfffb9365 + +loc_fffb9360: +mov eax, 1 + +loc_fffb9365: +mov ebx, dword [ebp - 4] +leave +ret + +fcn_fffb936a: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb8ff7 ; call 0xfffb8ff7 +cmp eax, 1 +jne short loc_fffb9388 ; jne 0xfffb9388 +call fcn_fffb91ff ; call 0xfffb91ff +cmp eax, 1 +jne short loc_fffb9388 ; jne 0xfffb9388 +mov al, 6 +jmp short loc_fffb9391 ; jmp 0xfffb9391 + +loc_fffb9388: +cmp eax, 2 +sete al +shl eax, 2 + +loc_fffb9391: +leave +ret + +fcn_fffb9393: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb8ff7 ; call 0xfffb8ff7 +cmp eax, 1 +jne short loc_fffb93bc ; jne 0xfffb93bc +call fcn_fffb91ff ; call 0xfffb91ff +cmp eax, 1 +je short loc_fffb93b8 ; je 0xfffb93b8 +cmp eax, 2 +sete dl +shl edx, 3 +jmp short loc_fffb93c6 ; jmp 0xfffb93c6 + +loc_fffb93b8: +mov dl, 0xe +jmp short loc_fffb93c6 ; jmp 0xfffb93c6 + +loc_fffb93bc: +cmp eax, 2 +mov dl, 0xa +mov al, 0 +cmovne edx, eax + +loc_fffb93c6: +mov al, dl +leave +ret + +fcn_fffb93ca: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb91ff ; call 0xfffb91ff +cmp eax, 1 +je short loc_fffb93e6 ; je 0xfffb93e6 +xor edx, edx +cmp eax, 2 +mov al, 6 +cmove edx, eax +jmp short loc_fffb93e8 ; jmp 0xfffb93e8 + +loc_fffb93e6: +mov dl, 8 + +loc_fffb93e8: +mov al, dl +leave +ret + +fcn_fffb93ec: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x28 +mov eax, dword [0xff7d0084] +mov eax, dword [eax + 0x14] +add eax, 0xf8040 +push eax +call fcn_fffb3e49 ; call 0xfffb3e49 +mov esi, eax +and esi, 0xfffc +add esi, 8 +mov dword [esp], esi +call fcn_fffb00dc ; call 0xfffb00dc +mov ecx, 0x64 +xor edx, edx +add esp, 0x10 +mov ebx, eax +imul eax, dword [ebp + 8], 0x166 +and ebx, 0xffffff +div ecx +lea edi, [ebx + eax + 1] +mov ecx, edi +and edi, 0xffffff +shr ecx, 0x18 + +loc_fffb9445: ; not directly referenced +test ecx, ecx +setne dl +cmp edi, ebx +seta al +or al, dl +je short loc_fffb947d ; je 0xfffb947d +sub esp, 0xc +push esi +mov dword [ebp - 0x20], edx +mov dword [ebp - 0x1c], ecx +call fcn_fffb00dc ; call 0xfffb00dc +add esp, 0x10 +mov ecx, dword [ebp - 0x1c] +mov edx, dword [ebp - 0x20] +and eax, 0xffffff +cmp eax, ebx +jae short loc_fffb9479 ; jae 0xfffb9479 +test dl, dl +je short loc_fffb947d ; je 0xfffb947d +dec ecx -loc_fffb9c93: ; not directly referenced +loc_fffb9479: ; not directly referenced +mov ebx, eax +jmp short loc_fffb9445 ; jmp 0xfffb9445 + +loc_fffb947d: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -35836,7 +34956,855 @@ pop edi pop ebp ret -fcn_fffb9c9b: ; not directly referenced +fcn_fffb9485: ; not directly referenced +push ebp +mov ebp, esp +sub esp, 8 +mov eax, dword [ebp + 0x10] +test eax, eax +je short loc_fffb949e ; je 0xfffb949e +sub esp, 0xc +push eax +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 + +loc_fffb949e: ; not directly referenced +xor eax, eax +leave +ret + +fcn_fffb94a2: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov bl, byte [ebp + 0xc] +mov al, byte [ebp + 0x18] +mov edi, dword [ebp + 0x1c] +and ebx, 0x7f +cmp dword [ebp + 0x14], 1 +mov byte [ebp - 0x1f], al +jbe short loc_fffb94d9 ; jbe 0xfffb94d9 +test edi, edi +mov esi, 0x80000002 +sete dl +cmp dword [ebp + 0x20], 0 +sete al +or dl, al +jne loc_fffb9a3c ; jne 0xfffb9a3c + +loc_fffb94d9: ; not directly referenced +sub esp, 0xc +mov esi, 0x80000012 +push 0 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, 0x40 +jne loc_fffb9a3c ; jne 0xfffb9a3c +test al, 1 +je short loc_fffb950d ; je 0xfffb950d +push edi +push edi +push 0xff +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +jmp near loc_fffb9a3c ; jmp 0xfffb9a3c + +loc_fffb950d: ; not directly referenced +push esi +movzx eax, al +push esi +push eax +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +lea eax, [ebx + ebx + 1] +add esp, 0x10 +mov byte [ebp - 0x1c], al +dec eax +mov byte [ebp - 0x1d], al +mov eax, dword [ebp + 0x14] +mov dword [ebp - 0x24], 3 +mov byte [ebp - 0x1e], 0 +and eax, 0xfffffffd +mov dword [ebp - 0x2c], eax + +loc_fffb953c: ; not directly referenced +mov al, byte [ebp + 0x10] +cmp dword [ebp + 0x14], 0xb +mov byte [ebp - 0x20], al +ja loc_fffb96fd ; ja 0xfffb96fd +mov eax, dword [ebp + 0x14] +jmp dword [eax*4 + ref_fffd5324] ; ujmp: jmp dword [eax*4 - 0x2acdc] + +loc_fffb9556: ; not directly referenced +mov dl, byte [ebp - 0x1d] +jmp short loc_fffb955e ; jmp 0xfffb955e + +loc_fffb955b: ; not directly referenced +mov dl, byte [ebp - 0x1c] + +loc_fffb955e: ; not directly referenced +cmp byte [ebp - 0x1f], 1 +je loc_fffb96ef ; je 0xfffb96ef +xor esi, esi +jmp near loc_fffb96e9 ; jmp 0xfffb96e9 + +loc_fffb956f: ; not directly referenced +mov eax, dword [ebp + 0x20] +mov dl, byte [ebp - 0x1d] +mov al, byte [eax] +mov byte [ebp - 0x20], al +jmp short loc_fffb957f ; jmp 0xfffb957f + +loc_fffb957c: ; not directly referenced +mov dl, byte [ebp - 0x1c] + +loc_fffb957f: ; not directly referenced +cmp dword [edi], 1 +mov esi, 4 +mov dword [edi], 1 +sbb ebx, ebx +and ebx, 0x80000005 +jmp near loc_fffb96b2 ; jmp 0xfffb96b2 + +loc_fffb959a: ; not directly referenced +mov eax, dword [ebp + 0x20] +push ecx +push ecx +movzx eax, byte [eax] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +mov dl, byte [ebp - 0x1d] +mov dword [edi], 1 +jmp short loc_fffb95bb ; jmp 0xfffb95bb + +loc_fffb95b8: ; not directly referenced +mov dl, byte [ebp - 0x1c] + +loc_fffb95bb: ; not directly referenced +mov eax, dword [edi] +test eax, eax +je loc_fffb97f8 ; je 0xfffb97f8 +cmp eax, 1 +je loc_fffb96e4 ; je 0xfffb96e4 +cmp eax, 0x100 +ja loc_fffb96fd ; ja 0xfffb96fd +cmp byte [ebp - 0x1f], 1 +je loc_fffb96ef ; je 0xfffb96ef +mov esi, 0x18 +jmp near loc_fffb96e9 ; jmp 0xfffb96e9 + +loc_fffb95ed: ; not directly referenced +cmp dword [edi], 2 +mov dl, byte [ebp - 0x1c] +mov dword [edi], 2 +sbb ebx, ebx +and ebx, 0x80000005 +jmp short loc_fffb963b ; jmp 0xfffb963b + +loc_fffb9603: ; not directly referenced +push eax +push eax +mov eax, dword [ebp + 0x20] +movzx eax, byte [eax + 1] +push eax +push 6 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop eax +mov eax, dword [ebp + 0x20] +pop edx +movzx eax, byte [eax] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +mov dl, byte [ebp - 0x1d] +cmp dword [edi], 2 +mov dword [edi], 2 +sbb ebx, ebx +and ebx, 0x80000005 + +loc_fffb963b: ; not directly referenced +mov esi, 0xc +jmp short loc_fffb96b2 ; jmp 0xfffb96b2 + +loc_fffb9642: ; not directly referenced +push eax +push eax +movzx eax, byte [edi] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov al, byte [edi] +add esp, 0x10 +mov dl, byte [ebp - 0x1d] +mov byte [ebp - 0x1e], al +jmp short loc_fffb965f ; jmp 0xfffb965f + +loc_fffb965c: ; not directly referenced +mov dl, byte [ebp - 0x1c] + +loc_fffb965f: ; not directly referenced +mov eax, dword [edi] +dec eax +cmp eax, 0x1f +ja loc_fffb96fd ; ja 0xfffb96fd +mov esi, 0x14 +jmp near loc_fffb96f9 ; jmp 0xfffb96f9 + +loc_fffb9675: ; not directly referenced +mov eax, dword [ebp + 0x20] +push ebx +push ebx +movzx eax, byte [eax + 1] +push eax +push 6 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop esi +mov esi, 0x10 +pop eax +mov eax, dword [ebp + 0x20] +movzx eax, byte [eax] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +mov dl, byte [ebp - 0x1c] +cmp dword [edi], 2 +mov dword [edi], 2 +sbb ebx, ebx +and ebx, 0x80000005 + +loc_fffb96b2: ; not directly referenced +xor eax, eax +test ebx, ebx +jns short loc_fffb9707 ; jns 0xfffb9707 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb96bd: ; not directly referenced +mov eax, dword [edi] +dec eax +cmp eax, 0x1f +ja short loc_fffb96fd ; ja 0xfffb96fd +push ecx +mov esi, 0x1c +push ecx +movzx eax, byte [edi] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov al, byte [edi] +add esp, 0x10 +mov dl, byte [ebp - 0x1c] +mov byte [ebp - 0x1e], al +jmp short loc_fffb96f9 ; jmp 0xfffb96f9 + +loc_fffb96e4: ; not directly referenced +mov esi, 8 + +loc_fffb96e9: ; not directly referenced +xor eax, eax + +loc_fffb96eb: ; not directly referenced +xor ebx, ebx +jmp short loc_fffb9707 ; jmp 0xfffb9707 + +loc_fffb96ef: ; not directly referenced +mov ebx, 0x80000003 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb96f9: ; not directly referenced +mov al, 2 +jmp short loc_fffb96eb ; jmp 0xfffb96eb + +loc_fffb96fd: ; not directly referenced +mov ebx, 0x80000002 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb9707: ; not directly referenced +mov cl, al +or ecx, 1 +cmp byte [ebp - 0x1f], 1 +mov dword [ebp - 0x28], edx +push edx +cmove eax, ecx +push edx +movzx eax, al +push eax +push 0xd +call fcn_fffb4a42 ; call 0xfffb4a42 +mov dword [esp], 2 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +mov edx, dword [ebp - 0x28] +cmp dword [ebp - 0x2c], 9 +je short loc_fffb9757 ; je 0xfffb9757 + +loc_fffb973b: ; not directly referenced +push ecx +movzx edx, dl +push ecx +push edx +push 4 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +movzx eax, byte [ebp - 0x20] +cmp dword [ebp + 0x14], 4 +jne short loc_fffb9794 ; jne 0xfffb9794 +jmp short loc_fffb9788 ; jmp 0xfffb9788 + +loc_fffb9757: ; not directly referenced +movzx ecx, byte [ebp - 0x1e] +xor eax, eax +mov dword [ebp - 0x28], ecx + +loc_fffb9760: ; not directly referenced +cmp eax, dword [ebp - 0x28] +jae short loc_fffb973b ; jae 0xfffb973b +mov ecx, dword [ebp + 0x20] +mov dword [ebp - 0x34], edx +push edx +push edx +movzx ecx, byte [ecx + eax] +mov dword [ebp - 0x30], eax +push ecx +push 7 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov eax, dword [ebp - 0x30] +add esp, 0x10 +mov edx, dword [ebp - 0x34] +inc eax +jmp short loc_fffb9760 ; jmp 0xfffb9760 + +loc_fffb9788: ; not directly referenced +cmp dword [edi], 1 +jbe short loc_fffb9794 ; jbe 0xfffb9794 +push ecx +push ecx +push eax +push 6 +jmp short loc_fffb9799 ; jmp 0xfffb9799 + +loc_fffb9794: ; not directly referenced +push edx +push edx +push eax +push 3 + +loc_fffb9799: ; not directly referenced +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +lea eax, [esi + 0x40] +mov esi, 0x186a0 +movzx eax, al +push ecx +push ecx +push eax +push 2 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 + +loc_fffb97b9: ; not directly referenced +sub esp, 0xc +push 0 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, 0x8e +jne loc_fffb98a3 ; jne 0xfffb98a3 +sub esp, 0xc +push 0xa +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 +dec esi +jne short loc_fffb97b9 ; jne 0xfffb97b9 +jmp near loc_fffb989c ; jmp 0xfffb989c + +loc_fffb97e3: ; not directly referenced +sub esp, 0xc +push 5 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, al +jne loc_fffb99f9 ; jne 0xfffb99f9 + +loc_fffb97f8: ; not directly referenced +mov ebx, 0x80000005 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb9802: ; not directly referenced +cmp dword [edi], 1 +jbe loc_fffb9987 ; jbe 0xfffb9987 +xor esi, esi + +loc_fffb980d: ; not directly referenced +cmp esi, dword [edi] +jae loc_fffb98c4 ; jae 0xfffb98c4 +sub esp, 0xc +push 7 +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +add esp, 0x10 +mov byte [ecx + esi], al +mov eax, dword [edi] +lea edx, [eax - 2] +cmp esi, edx +jne loc_fffb9962 ; jne 0xfffb9962 +sub esp, 0xc +push 2 +call fcn_fffb4a61 ; call 0xfffb4a61 +pop edx +pop ecx +or eax, 0x20 +movzx eax, al + +loc_fffb9847: ; not directly referenced +push eax +push 2 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 + +loc_fffb9852: ; not directly referenced +push eax +push eax +push 0x80 +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov eax, dword [edi] +add esp, 0x10 +dec eax +cmp esi, eax +jae loc_fffb9981 ; jae 0xfffb9981 +mov dword [ebp - 0x1c], 0x64 + +loc_fffb9875: ; not directly referenced +sub esp, 0xc +push 0 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, al +js loc_fffb9981 ; js 0xfffb9981 +sub esp, 0xc +push 0xa +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 +dec dword [ebp - 0x1c] +jne short loc_fffb9875 ; jne 0xfffb9875 + +loc_fffb989c: ; not directly referenced +mov ebx, 0x80000012 +jmp short loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb98a3: ; not directly referenced +test al, 4 +je short loc_fffb98f2 ; je 0xfffb98f2 +sub esp, 0xc +push 0xc +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +and eax, 1 +cmp al, 1 +sbb ebx, ebx +and ebx, 0xffffffec +sub ebx, 0x7fffffe5 + +loc_fffb98c4: ; not directly referenced +push eax +push eax +push 0xff +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop edx +pop ecx +push 1 +push 0xc +call fcn_fffb4a42 ; call 0xfffb4a42 +pop esi +mov esi, ebx +pop edi +push 0 +push 0xd +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +jmp near loc_fffb9a3c ; jmp 0xfffb9a3c + +loc_fffb98f2: ; not directly referenced +test al, 8 +je short loc_fffb9937 ; je 0xfffb9937 +push ebx +push ebx +push 8 +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop esi +pop eax +push 0xff +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop eax +pop edx +push 1 +push 0xc +call fcn_fffb4a42 ; call 0xfffb4a42 +mov dword [esp], 0xa +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 +dec dword [ebp - 0x24] +je loc_fffb9a32 ; je 0xfffb9a32 +jmp near loc_fffb953c ; jmp 0xfffb953c + +loc_fffb9937: ; not directly referenced +mov eax, dword [ebp + 0x14] +sub eax, 2 +cmp eax, 9 +ja short loc_fffb98c4 ; ja 0xfffb98c4 +jmp dword [eax*4 + ref_fffd5354] ; ujmp: jmp dword [eax*4 - 0x2acac] + +loc_fffb9949: ; not directly referenced +sub esp, 0xc +push 6 +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +mov byte [ecx + 1], al +mov dword [esp], 5 +jmp short loc_fffb998c ; jmp 0xfffb998c + +loc_fffb9962: ; not directly referenced +dec eax +cmp esi, eax +jne loc_fffb9852 ; jne 0xfffb9852 +sub esp, 0xc +push 2 +call fcn_fffb4a61 ; call 0xfffb4a61 +pop edx +pop ecx +and eax, 0xdf +jmp near loc_fffb9847 ; jmp 0xfffb9847 + +loc_fffb9981: ; not directly referenced +inc esi +jmp near loc_fffb980d ; jmp 0xfffb980d + +loc_fffb9987: ; not directly referenced +sub esp, 0xc +push 5 + +loc_fffb998c: ; not directly referenced +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +mov byte [ecx], al +jmp short loc_fffb99a6 ; jmp 0xfffb99a6 + +loc_fffb9998: ; not directly referenced +push eax +push eax +push 0x80 +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 + +loc_fffb99a6: ; not directly referenced +add esp, 0x10 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb99ae: ; not directly referenced +sub esp, 0xc +xor esi, esi +push 5 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +movzx edx, al +mov al, 1 +cmp dword [edi], edx +jb short loc_fffb99e8 ; jb 0xfffb99e8 + +loc_fffb99c6: ; not directly referenced +cmp esi, edx +jae short loc_fffb99e6 ; jae 0xfffb99e6 +sub esp, 0xc +push 7 +mov dword [ebp - 0x1c], edx +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +add esp, 0x10 +mov edx, dword [ebp - 0x1c] +mov byte [ecx + esi], al +inc esi +jmp short loc_fffb99c6 ; jmp 0xfffb99c6 + +loc_fffb99e6: ; not directly referenced +xor eax, eax + +loc_fffb99e8: ; not directly referenced +test al, al +mov eax, 0x80000005 +mov dword [edi], edx +cmovne ebx, eax +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb99f9: ; not directly referenced +movzx edx, byte [edi] +movzx ecx, al +lea eax, [edx + ecx] +cmp eax, 0x20 +jg short loc_fffb9a32 ; jg 0xfffb9a32 +xor esi, esi +mov edx, ecx + +loc_fffb9a0b: ; not directly referenced +cmp esi, edx +jae short loc_fffb9a2b ; jae 0xfffb9a2b +sub esp, 0xc +push 7 +mov dword [ebp - 0x1c], edx +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +add esp, 0x10 +mov edx, dword [ebp - 0x1c] +mov byte [ecx + esi], al +inc esi +jmp short loc_fffb9a0b ; jmp 0xfffb9a0b + +loc_fffb9a2b: ; not directly referenced +mov dword [edi], edx +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb9a32: ; not directly referenced +mov ebx, 0x80000007 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb9a3c: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, esi +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb9a46: ; not directly referenced +push ebp +mov al, 1 +mov ebp, esp +push edi +push esi +push ebx +xor ebx, ebx +sub esp, 0x2c +lea esi, [ebp - 0x28] +lea edi, [ebp - 0x20] + +loc_fffb9a59: ; not directly referenced +cmp dword [ebp + 8], 1 +je short loc_fffb9a84 ; je 0xfffb9a84 +cmp dword [ebp + 8], 2 +jne short loc_fffb9aae ; jne 0xfffb9aae +mov ecx, 0x150 +rdmsr +mov dword [ebp - 0x28], eax +push eax +push 8 +push esi +push edi +mov dword [ebp - 0x24], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov al, byte [ebp - 0x19] +shr al, 7 +jmp short loc_fffb9aab ; jmp 0xfffb9aab + +loc_fffb9a84: ; not directly referenced +mov eax, dword [0xff7d0084] +sub esp, 0xc +mov eax, dword [eax + 0x14] +add eax, 0x48 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +and eax, 0xfffffffe +add eax, 0x5da4 +mov dword [esp], eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +shr eax, 0x1f + +loc_fffb9aab: ; not directly referenced +add esp, 0x10 + +loc_fffb9aae: ; not directly referenced +sub esp, 0xc +inc ebx +push 1 +mov dword [ebp - 0x2c], eax +call fcn_fffb93ec ; call 0xfffb93ec +mov eax, dword [ebp - 0x2c] +add esp, 0x10 +mov dl, al +and edx, 1 +cmp bx, 0x3e7 +setbe cl +test dl, cl +jne short loc_fffb9a59 ; jne 0xfffb9a59 +cmp bx, 0x3e8 +sete al +and eax, edx +shl eax, 0x1f +lea esp, [ebp - 0xc] +sar eax, 0x1f +pop ebx +and eax, 0x80000012 +pop esi +pop edi +pop ebp +ret + +fcn_fffb9af0: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x48 +mov esi, dword [ebp + 8] +push esi +call fcn_fffb9a46 ; call 0xfffb9a46 +add esp, 0x10 +mov ebx, eax +test eax, eax +js loc_fffb9c6c ; js 0xfffb9c6c +cmp esi, 1 +je short loc_fffb9b22 ; je 0xfffb9b22 +cmp esi, 2 +je loc_fffb9bc9 ; je 0xfffb9bc9 +jmp near loc_fffb9c70 ; jmp 0xfffb9c70 + +loc_fffb9b22: ; not directly referenced +mov eax, dword [0xff7d0084] +sub esp, 0xc +mov eax, dword [eax + 0x14] +add eax, 0x48 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +pop edx +pop ecx +push dword [ebp + 0x10] +mov esi, eax +and esi, 0xfffffffe +lea edi, [esi + 0x5da0] +add esi, 0x5da4 +push edi +call fcn_fffb3ffa ; call 0xfffb3ffa +mov eax, dword [ebp + 0xc] +pop edx +pop ecx +or eax, 0x80000000 +push eax +push esi +call fcn_fffb3ffa ; call 0xfffb3ffa +mov dword [esp], 1 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov dword [ebp - 0x40], eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], 0xa +mov dword [ebp - 0x3c], eax +call fcn_fffb93ec ; call 0xfffb93ec +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov esi, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov ecx, dword [ebp - 0x40] +add esp, 0x10 +cmp ecx, esi +je short loc_fffb9bbc ; je 0xfffb9bbc +cmp dword [ebp - 0x3c], eax +je short loc_fffb9bbc ; je 0xfffb9bbc + +loc_fffb9bb2: ; not directly referenced +mov eax, 0x80000002 +jmp near loc_fffb9c75 ; jmp 0xfffb9c75 + +loc_fffb9bbc: ; not directly referenced +mov eax, dword [ebp + 0x14] +movzx ecx, cl +mov dword [eax], ecx +jmp near loc_fffb9c6c ; jmp 0xfffb9c6c + +loc_fffb9bc9: ; not directly referenced +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp + 0x10] +or byte [ebp - 0x21], 0x80 +mov dword [ebp - 0x28], eax +push eax +push 8 +lea eax, [ebp - 0x28] +push eax +lea eax, [ebp - 0x30] +push eax +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x30] +mov ecx, 0x150 +mov edx, dword [ebp - 0x2c] +wrmsr +mov dword [esp], 2 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] +push eax +lea eax, [ebp - 0x28] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov dword [esp], 0xa +call fcn_fffb93ec ; call 0xfffb93ec +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] +push eax +lea eax, [ebp - 0x20] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x1c] +add esp, 0x10 +cmp dword [ebp - 0x24], eax +je short loc_fffb9c63 ; je 0xfffb9c63 +mov eax, dword [ebp - 0x20] +cmp dword [ebp - 0x28], eax +jne loc_fffb9bb2 ; jne 0xfffb9bb2 + +loc_fffb9c63: ; not directly referenced +movzx eax, byte [ebp - 0x24] +mov edx, dword [ebp + 0x14] +mov dword [edx], eax + +loc_fffb9c6c: ; not directly referenced +mov eax, ebx +jmp short loc_fffb9c75 ; jmp 0xfffb9c75 + +loc_fffb9c70: ; not directly referenced +mov eax, 0x80000003 + +loc_fffb9c75: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb9c7d: ; not directly referenced push ebp mov ebp, esp push edi @@ -35844,10 +35812,10 @@ push esi push ebx sub esp, 0x3d0 mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov dword [ebp - 0x344], eax mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] push 0x20 push 0x200 mov edi, eax @@ -35858,24 +35826,24 @@ mov eax, edi call dword [eax + 0x5c] ; ucall mov eax, dword [ebp + 8] add esp, 0x10 -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x3c8], al mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248e] +mov al, byte [eax + 0x248f] mov byte [ebp - 0x348], al mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne loc_fffbb0bf ; jne 0xfffbb0bf -mov eax, dword [eax + 0x5edc] +cmp dword [eax + 0x2481], 3 +jne loc_fffbb0a1 ; jne 0xfffbb0a1 +mov eax, dword [eax + 0x5edd] lea edi, [ebp - 0x260] -mov esi, ref_fffd58c0 ; mov esi, 0xfffd58c0 +mov esi, ref_fffd537c ; mov esi, 0xfffd537c mov ecx, 6 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] lea ebx, [ebp - 0x2a8] mov esi, 1 mov dword [ebp - 0x33c], eax mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] push edi push 0 push 0x10 @@ -35887,19 +35855,19 @@ mov eax, dword [ebp + 8] add esp, 0xc lea edx, [ebp - 0x2c8] mov byte [ebp - 0x2a7], 1 -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] push 0 push 0xc push edx call dword [eax + 0x5c] ; ucall add esp, 0x10 -loc_fffb9d76: ; not directly referenced +loc_fffb9d58: ; not directly referenced movzx eax, byte [ebx] xor ecx, ecx mov dword [ebp - 0x344], eax -loc_fffb9d81: ; not directly referenced +loc_fffb9d63: ; not directly referenced mov eax, dword [ebp + ecx*4 - 0x2c8] mov edx, eax add eax, eax @@ -35915,14 +35883,14 @@ or eax, edx mov dword [ebp + ecx*4 - 0x2c8], eax inc ecx cmp ecx, 3 -jne short loc_fffb9d81 ; jne 0xfffb9d81 +jne short loc_fffb9d63 ; jne 0xfffb9d63 inc ebx cmp ebx, edi -jne short loc_fffb9d76 ; jne 0xfffb9d76 +jne short loc_fffb9d58 ; jne 0xfffb9d58 lea eax, [ebp - 0x2c8] lea ebx, [ebp - 0x2bc] -loc_fffb9dc6: ; not directly referenced +loc_fffb9da8: ; not directly referenced mov edx, dword [eax] add eax, 4 mov ecx, edx @@ -35933,27 +35901,27 @@ shr ecx, 0xf or edx, ecx mov dword [eax - 4], edx cmp eax, ebx -jne short loc_fffb9dc6 ; jne 0xfffb9dc6 +jne short loc_fffb9da8 ; jne 0xfffb9da8 mov edi, dword [ebp - 0x33c] xor ebx, ebx add edi, 0x1c -loc_fffb9def: ; not directly referenced +loc_fffb9dd1: ; not directly referenced imul eax, ebx, 0x13c3 mov esi, dword [ebp + 8] -test byte [esi + eax + 0x381a], 1 -jne short loc_fffb9e21 ; jne 0xfffb9e21 +test byte [esi + eax + 0x381b], 1 +jne short loc_fffb9e03 ; jne 0xfffb9e03 -loc_fffb9e02: ; not directly referenced +loc_fffb9de4: ; not directly referenced inc ebx add edi, 0xcc cmp ebx, 2 -jne short loc_fffb9def ; jne 0xfffb9def +jne short loc_fffb9dd1 ; jne 0xfffb9dd1 mov byte [ebp - 0x340], 0 mov byte [ebp - 0x33c], 0 -jmp near loc_fffb9f6f ; jmp 0xfffb9f6f +jmp near loc_fffb9f51 ; jmp 0xfffb9f51 -loc_fffb9e21: ; not directly referenced +loc_fffb9e03: ; not directly referenced imul eax, ebx, 0x54a push esi mov esi, dword [ebp + 8] @@ -35966,35 +35934,35 @@ call dword [eax + 0x5c] ; ucall add esp, 0x10 mov byte [ebp - 0x33c], 0 -loc_fffb9e4d: ; not directly referenced +loc_fffb9e2f: ; not directly referenced mov esi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [esi + 0x2488] -jae short loc_fffb9e8a ; jae 0xfffb9e8a +cmp al, byte [esi + 0x2489] +jae short loc_fffb9e6c ; jae 0xfffb9e6c movzx ecx, byte [ebp - 0x33c] mov edx, ebx mov eax, dword [ebp + 8] mov esi, dword [edi + ecx*4 + 0x28] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc or esi, 0x60 mov ecx, esi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffb9e4d ; jmp 0xfffb9e4d +jmp short loc_fffb9e2f ; jmp 0xfffb9e2f -loc_fffb9e8a: ; not directly referenced +loc_fffb9e6c: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx mov esi, dword [edi] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 or esi, 0x1000008 mov ecx, esi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] sub esp, 0xc mov cl, bl @@ -36002,17 +35970,17 @@ mov edx, 1 shl edx, cl mov ecx, 1 push 0 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 test eax, eax -je loc_fffb9e02 ; je 0xfffb9e02 -jmp near loc_fffbb9fc ; jmp 0xfffbb9fc +je loc_fffb9de4 ; je 0xfffb9de4 +jmp near loc_fffbb9de ; jmp 0xfffbb9de -loc_fffb9ed8: ; not directly referenced +loc_fffb9eba: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -test byte [edi + eax + 0x381a], 1 -je short loc_fffb9f26 ; je 0xfffb9f26 +test byte [edi + eax + 0x381b], 1 +je short loc_fffb9f08 ; je 0xfffb9f08 sub esp, 0xc mov cl, bl push dword [ebp - 0x2c0] @@ -36027,34 +35995,34 @@ lea eax, [ebp - 0x260] push 2 push eax mov eax, edi -call fcn_fffd2b18 ; call 0xfffd2b18 +call fcn_fffd2e0a ; call 0xfffd2e0a add esp, 0x20 -loc_fffb9f26: ; not directly referenced +loc_fffb9f08: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffb9ed8 ; jne 0xfffb9ed8 +jne short loc_fffb9eba ; jne 0xfffb9eba movzx edx, byte [ebp - 0x340] xor edi, edi mov eax, dword [ebp + 8] -call fcn_fffd2a2c ; call 0xfffd2a2c +call fcn_fffd2d1e ; call 0xfffd2d1e -loc_fffb9f3d: ; not directly referenced +loc_fffb9f1f: ; not directly referenced imul eax, edi, 0x13c3 mov esi, dword [ebp + 8] mov dword [ebp - 0x348], eax -test byte [esi + eax + 0x381a], 1 -jne short loc_fffb9fb2 ; jne 0xfffb9fb2 +test byte [esi + eax + 0x381b], 1 +jne short loc_fffb9f94 ; jne 0xfffb9f94 -loc_fffb9f56: ; not directly referenced +loc_fffb9f38: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffb9f3d ; jne 0xfffb9f3d +jne short loc_fffb9f1f ; jne 0xfffb9f1f inc byte [ebp - 0x33c] cmp byte [ebp - 0x33c], 8 -je loc_fffba085 ; je 0xfffba085 +je loc_fffba067 ; je 0xfffba067 -loc_fffb9f6f: ; not directly referenced +loc_fffb9f51: ; not directly referenced mov dl, byte [ebp - 0x33c] mov ebx, 1 mov eax, ebx @@ -36074,74 +36042,74 @@ cmove eax, edx mov dword [ebp - 0x254], ebx xor ebx, ebx mov dword [ebp - 0x250], eax -jmp near loc_fffb9ed8 ; jmp 0xfffb9ed8 +jmp near loc_fffb9eba ; jmp 0xfffb9eba -loc_fffb9fb2: ; not directly referenced +loc_fffb9f94: ; not directly referenced imul eax, edi, 0x54a mov esi, dword [ebp + 8] xor ebx, ebx lea eax, [esi + eax + 0x196b] mov dword [ebp - 0x344], eax -loc_fffb9fca: ; not directly referenced +loc_fffb9fac: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffba026 ; jae 0xfffba026 +cmp bl, byte [eax + 0x2489] +jae short loc_fffba008 ; jae 0xfffba008 mov ecx, dword [ebp + 8] movzx esi, bl mov edx, dword [ebp - 0x348] mov eax, dword [ebp - 0x344] -cmp byte [ecx + edx + 0x49ba], 0x20 +cmp byte [ecx + edx + 0x49bb], 0x20 mov al, byte [eax + esi + 0x4f6] -jne short loc_fffba006 ; jne 0xfffba006 +jne short loc_fffb9fe8 ; jne 0xfffb9fe8 test al, 2 -je short loc_fffba006 ; je 0xfffba006 +je short loc_fffb9fe8 ; je 0xfffb9fe8 mov byte [ebp + esi - 0x2e8], 0 -jmp short loc_fffba023 ; jmp 0xfffba023 +jmp short loc_fffba005 ; jmp 0xfffba005 -loc_fffba006: ; not directly referenced +loc_fffb9fe8: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, esi mov edx, edi -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov byte [ebp + esi - 0x2e8], al -loc_fffba023: ; not directly referenced +loc_fffba005: ; not directly referenced inc ebx -jmp short loc_fffb9fca ; jmp 0xfffb9fca +jmp short loc_fffb9fac ; jmp 0xfffb9fac -loc_fffba026: ; not directly referenced +loc_fffba008: ; not directly referenced xor edx, edx -loc_fffba028: ; not directly referenced +loc_fffba00a: ; not directly referenced mov eax, dword [ebp + 8] -cmp dl, byte [eax + 0x2488] -jae loc_fffb9f56 ; jae 0xfffb9f56 +cmp dl, byte [eax + 0x2489] +jae loc_fffb9f38 ; jae 0xfffb9f38 movzx eax, dl mov al, byte [ebp + eax - 0x2e8] test al, al -je short loc_fffba082 ; je 0xfffba082 +je short loc_fffba064 ; je 0xfffba064 xor ebx, ebx xor ecx, ecx xor esi, esi -loc_fffba04b: ; not directly referenced +loc_fffba02d: ; not directly referenced test al, 1 -je short loc_fffba05a ; je 0xfffba05a +je short loc_fffba03c ; je 0xfffba03c test esi, esi -jne short loc_fffba05f ; jne 0xfffba05f +jne short loc_fffba041 ; jne 0xfffba041 movzx ebx, cl mov si, 1 -loc_fffba05a: ; not directly referenced +loc_fffba03c: ; not directly referenced inc ecx shr al, 1 -jne short loc_fffba04b ; jne 0xfffba04b +jne short loc_fffba02d ; jne 0xfffba02d -loc_fffba05f: ; not directly referenced +loc_fffba041: ; not directly referenced mov esi, dword [ebp - 0x344] movzx eax, dl lea ecx, [esi + eax*8] @@ -36150,49 +36118,49 @@ mov esi, dword [ebp - 0x33c] lea eax, [esi + eax*8] mov byte [ebx + ecx + 0x4fe], al -loc_fffba082: ; not directly referenced +loc_fffba064: ; not directly referenced inc edx -jmp short loc_fffba028 ; jmp 0xfffba028 +jmp short loc_fffba00a ; jmp 0xfffba00a -loc_fffba085: ; not directly referenced +loc_fffba067: ; not directly referenced mov eax, dword [ebp + 8] -test byte [eax + 0x381a], 1 -jne short loc_fffba09f ; jne 0xfffba09f +test byte [eax + 0x381b], 1 +jne short loc_fffba081 ; jne 0xfffba081 -loc_fffba091: ; not directly referenced +loc_fffba073: ; not directly referenced mov eax, dword [ebp + 8] -test byte [eax + 0x4bdd], 1 -je short loc_fffba0e4 ; je 0xfffba0e4 -jmp short loc_fffba0c2 ; jmp 0xfffba0c2 +test byte [eax + 0x4bde], 1 +je short loc_fffba0c6 ; je 0xfffba0c6 +jmp short loc_fffba0a4 ; jmp 0xfffba0a4 -loc_fffba09f: ; not directly referenced +loc_fffba081: ; not directly referenced mov eax, dword [ebp + 8] sub esp, 0xc mov ecx, 1 push 2 mov edx, 1 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 test eax, eax -je short loc_fffba091 ; je 0xfffba091 -jmp near loc_fffbb9fc ; jmp 0xfffbb9fc +je short loc_fffba073 ; je 0xfffba073 +jmp near loc_fffbb9de ; jmp 0xfffbb9de -loc_fffba0c2: ; not directly referenced +loc_fffba0a4: ; not directly referenced mov eax, dword [ebp + 8] sub esp, 0xc mov ecx, 1 push 2 mov edx, 2 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 test eax, eax -jne loc_fffbb9fc ; jne 0xfffbb9fc +jne loc_fffbb9de ; jne 0xfffbb9de -loc_fffba0e4: ; not directly referenced +loc_fffba0c6: ; not directly referenced mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x5edc] -mov ebx, dword [eax + 0x2443] -mov al, byte [eax + 0x248d] +mov esi, dword [eax + 0x5edd] +mov ebx, dword [eax + 0x2444] +mov al, byte [eax + 0x248e] push ecx push 0x7f push 0x48 @@ -36212,74 +36180,74 @@ mov dword [ebp - 0x340], eax mov esi, eax xor ebx, ebx -loc_fffba12f: ; not directly referenced +loc_fffba111: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffba1a9 ; jne 0xfffba1a9 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffba18b ; jne 0xfffba18b mov byte [ebp - 0x33c], 0 -loc_fffba149: ; not directly referenced +loc_fffba12b: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae short loc_fffba186 ; jae 0xfffba186 +cmp al, byte [edi + 0x2489] +jae short loc_fffba168 ; jae 0xfffba168 movzx ecx, byte [ebp - 0x33c] mov edx, ebx mov eax, dword [ebp + 8] mov edi, dword [esi + ecx*4 + 0x28] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc or edi, 0x60 mov ecx, edi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffba149 ; jmp 0xfffba149 +jmp short loc_fffba12b ; jmp 0xfffba12b -loc_fffba186: ; not directly referenced +loc_fffba168: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx mov edi, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 or edi, 0x1000008 mov ecx, edi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffba1a9: ; not directly referenced +loc_fffba18b: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -jne loc_fffba12f ; jne 0xfffba12f +jne loc_fffba111 ; jne 0xfffba111 xor edi, edi -loc_fffba1bb: ; not directly referenced +loc_fffba19d: ; not directly referenced mov ebx, 1 mov ecx, edi shl ebx, cl test byte [ebp - 0x34c], bl -jne short loc_fffba1df ; jne 0xfffba1df +jne short loc_fffba1c1 ; jne 0xfffba1c1 -loc_fffba1cc: ; not directly referenced +loc_fffba1ae: ; not directly referenced inc edi cmp edi, 4 -jne short loc_fffba1bb ; jne 0xfffba1bb +jne short loc_fffba19d ; jne 0xfffba19d mov esi, dword [ebp - 0x340] xor ebx, ebx -jmp near loc_fffba2d9 ; jmp 0xfffba2d9 +jmp near loc_fffba2bb ; jmp 0xfffba2bb -loc_fffba1df: ; not directly referenced +loc_fffba1c1: ; not directly referenced xor esi, esi -loc_fffba1e1: ; not directly referenced +loc_fffba1c3: ; not directly referenced imul eax, esi, 0x13c3 mov ecx, dword [ebp + 8] mov byte [ebp - 0x33c], bl -test byte [ecx + eax + 0x381a], bl -je short loc_fffba241 ; je 0xfffba241 +test byte [ecx + eax + 0x381b], bl +je short loc_fffba223 ; je 0xfffba223 mov eax, dword [ebp + 8] sub esp, 0xc mov ecx, esi @@ -36287,10 +36255,10 @@ mov edx, 1 shl edx, cl mov ecx, ebx push 0 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 test eax, eax -jne loc_fffba7d0 ; jne 0xfffba7d0 +jne loc_fffba7b2 ; jne 0xfffba7b2 sub esp, 0xc mov eax, dword [ebp + 8] mov ecx, edi @@ -36299,14 +36267,14 @@ mov edx, esi push 0x4000 push 0x3000 push 4 -push ref_fffd665c ; push 0xfffd665c -call fcn_fffd2b18 ; call 0xfffd2b18 +push ref_fffd6958 ; push 0xfffd6958 +call fcn_fffd2e0a ; call 0xfffd2e0a add esp, 0x20 -loc_fffba241: ; not directly referenced +loc_fffba223: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffba1e1 ; jne 0xfffba1e1 +jne short loc_fffba1c3 ; jne 0xfffba1c3 push eax mov ecx, 0x7f push eax @@ -36316,7 +36284,7 @@ xor si, si push eax mov eax, dword [ebp + 8] push 2 -call fcn_fffd2f8e ; call 0xfffd2f8e +call fcn_fffd3280 ; call 0xfffd3280 xor ecx, ecx pop eax pop edx @@ -36325,23 +36293,23 @@ lea eax, [ebp - 0x260] push eax mov eax, dword [ebp + 8] push 0xfffffffffffffffe -call fcn_fffd2f8e ; call 0xfffd2f8e +call fcn_fffd3280 ; call 0xfffd3280 add esp, 0x10 -loc_fffba27e: ; not directly referenced +loc_fffba260: ; not directly referenced imul eax, esi, 0x13c3 mov ecx, dword [ebp + 8] mov dl, byte [ebp - 0x33c] -test byte [ecx + eax + 0x381a], dl -jne short loc_fffba2a1 ; jne 0xfffba2a1 +test byte [ecx + eax + 0x381b], dl +jne short loc_fffba283 ; jne 0xfffba283 -loc_fffba296: ; not directly referenced +loc_fffba278: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffba27e ; jne 0xfffba27e -jmp near loc_fffba1cc ; jmp 0xfffba1cc +jne short loc_fffba260 ; jne 0xfffba260 +jmp near loc_fffba1ae ; jmp 0xfffba1ae -loc_fffba2a1: ; not directly referenced +loc_fffba283: ; not directly referenced push eax push 1 push 0x40 @@ -36350,7 +36318,7 @@ push 3 push 4 push esi push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov eax, dword [ebp + 8] add esp, 0x14 mov ecx, esi @@ -36358,27 +36326,27 @@ mov edx, 1 shl edx, cl mov ecx, ebx push 2 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 test eax, eax -je short loc_fffba296 ; je 0xfffba296 -jmp near loc_fffba7d0 ; jmp 0xfffba7d0 +je short loc_fffba278 ; je 0xfffba278 +jmp near loc_fffba7b2 ; jmp 0xfffba7b2 -loc_fffba2d9: ; not directly referenced +loc_fffba2bb: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffba369 ; je 0xfffba369 +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffba34b ; je 0xfffba34b -loc_fffba2ec: ; not directly referenced +loc_fffba2ce: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -jne short loc_fffba2d9 ; jne 0xfffba2d9 +jne short loc_fffba2bb ; jne 0xfffba2bb mov eax, dword [ebp + 8] lea esi, [ebp - 0x2e8] lea ebx, [ebp - 0x2c8] -mov edi, dword [eax + 0x2443] +mov edi, dword [eax + 0x2444] push ecx push 0x7f push 0x10 @@ -36405,47 +36373,47 @@ mov dword [ebp - 0x368], eax xor edi, edi mov dword [ebp - 0x3a8], esi mov dword [ebp - 0x3b8], edx -jmp short loc_fffba3c9 ; jmp 0xfffba3c9 +jmp short loc_fffba3ab ; jmp 0xfffba3ab -loc_fffba369: ; not directly referenced +loc_fffba34b: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [esi] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x33c], 0 -loc_fffba38b: ; not directly referenced +loc_fffba36d: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae loc_fffba2ec ; jae 0xfffba2ec +cmp al, byte [edi + 0x2489] +jae loc_fffba2ce ; jae 0xfffba2ce movzx edi, byte [ebp - 0x33c] mov edx, ebx mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [esi + edi*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffba38b ; jmp 0xfffba38b +jmp short loc_fffba36d ; jmp 0xfffba36d -loc_fffba3c9: ; not directly referenced +loc_fffba3ab: ; not directly referenced imul eax, edi, 0x13c3 mov esi, dword [ebp + 8] -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffba5cf ; jne 0xfffba5cf +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffba5b1 ; jne 0xfffba5b1 imul edx, edi, 0x54a mov dword [ebp - 0x344], 0 lea esi, [esi + edx + 0x196b] mov dword [ebp - 0x358], esi mov esi, dword [ebp + 8] -mov al, byte [esi + eax + 0x381a] +mov al, byte [esi + eax + 0x381b] mov byte [ebp - 0x354], al lea eax, [edi*4] mov dword [ebp - 0x38c], eax @@ -36454,15 +36422,15 @@ mov dword [ebp - 0x350], eax mov eax, dword [ebp - 0x378] mov dword [ebp - 0x348], eax -loc_fffba432: ; not directly referenced +loc_fffba414: ; not directly referenced mov cl, byte [ebp - 0x344] mov eax, 1 shl eax, cl test byte [ebp - 0x354], al -je loc_fffba51a ; je 0xfffba51a +je loc_fffba4fc ; je 0xfffba4fc mov eax, dword [ebp + 8] mov dword [ebp - 0x33c], 0 -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x388], al mov eax, dword [ebp - 0x344] add eax, dword [ebp - 0x38c] @@ -36475,36 +36443,36 @@ mov dword [ebp - 0x340], esi mov esi, dword [ebp - 0x3a8] add esi, eax -loc_fffba495: ; not directly referenced +loc_fffba477: ; not directly referenced xor eax, eax -loc_fffba497: ; not directly referenced +loc_fffba479: ; not directly referenced cmp byte [ebp - 0x388], al -jbe short loc_fffba4df ; jbe 0xfffba4df +jbe short loc_fffba4c1 ; jbe 0xfffba4c1 mov edx, dword [ebp - 0x358] mov ecx, dword [ebp - 0x33c] movzx edx, byte [edx + ecx + 0x53e] bt edx, eax -jae short loc_fffba4dc ; jae 0xfffba4dc +jae short loc_fffba4be ; jae 0xfffba4be mov edx, dword [ebp - 0x350] mov dl, byte [edx + eax] cmp byte [esi], dl -jbe short loc_fffba4c7 ; jbe 0xfffba4c7 +jbe short loc_fffba4a9 ; jbe 0xfffba4a9 mov byte [esi], dl -loc_fffba4c7: ; not directly referenced +loc_fffba4a9: ; not directly referenced mov edx, dword [ebp - 0x348] mov ecx, dword [ebp - 0x340] mov dl, byte [edx + eax] cmp byte [ecx], dl -jae short loc_fffba4dc ; jae 0xfffba4dc +jae short loc_fffba4be ; jae 0xfffba4be mov byte [ecx], dl -loc_fffba4dc: ; not directly referenced +loc_fffba4be: ; not directly referenced inc eax -jmp short loc_fffba497 ; jmp 0xfffba497 +jmp short loc_fffba479 ; jmp 0xfffba479 -loc_fffba4df: ; not directly referenced +loc_fffba4c1: ; not directly referenced movzx eax, byte [esi] inc esi mov ecx, dword [ebp - 0x33c] @@ -36518,39 +36486,39 @@ mov edx, dword [ebp - 0x390] sar eax, 1 cmp dword [ebp - 0x33c], 2 mov byte [edx + ecx], al -jne loc_fffba495 ; jne 0xfffba495 +jne loc_fffba477 ; jne 0xfffba477 -loc_fffba51a: ; not directly referenced +loc_fffba4fc: ; not directly referenced inc dword [ebp - 0x344] add dword [ebp - 0x348], 9 add dword [ebp - 0x350], 9 cmp dword [ebp - 0x344], 4 -jne loc_fffba432 ; jne 0xfffba432 +jne loc_fffba414 ; jne 0xfffba414 xor ecx, ecx xor edx, edx mov esi, 1 -loc_fffba544: ; not directly referenced +loc_fffba526: ; not directly referenced mov eax, esi shl eax, cl test byte [ebp - 0x354], al -je short loc_fffba561 ; je 0xfffba561 +je short loc_fffba543 ; je 0xfffba543 mov al, byte [ebx + ecx*2 + 1] inc edx sub al, byte [ebx + ecx*2] mov byte [ebp + ecx - 0x328], al -jmp short loc_fffba569 ; jmp 0xfffba569 +jmp short loc_fffba54b ; jmp 0xfffba54b -loc_fffba561: ; not directly referenced +loc_fffba543: ; not directly referenced mov byte [ebp + ecx - 0x328], 0 -loc_fffba569: ; not directly referenced +loc_fffba54b: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffba544 ; jne 0xfffba544 +jne short loc_fffba526 ; jne 0xfffba526 xor ecx, ecx test dl, dl -je short loc_fffba58d ; je 0xfffba58d +je short loc_fffba56f ; je 0xfffba56f movsx ecx, byte [ebp - 0x328] movsx eax, byte [ebp - 0x327] add eax, ecx @@ -36559,7 +36527,7 @@ cdq idiv ecx mov cl, al -loc_fffba58d: ; not directly referenced +loc_fffba56f: ; not directly referenced mov dl, 2 movsx ax, cl idiv dl @@ -36579,17 +36547,17 @@ add eax, edx sar eax, 1 mov byte [ebp + edi*2 - 0x337], al -loc_fffba5cf: ; not directly referenced +loc_fffba5b1: ; not directly referenced inc edi add ebx, 8 add dword [ebp - 0x378], 0x24 add dword [ebp - 0x368], 0x24 cmp edi, 2 -jne loc_fffba3c9 ; jne 0xfffba3c9 +jne loc_fffba3ab ; jne 0xfffba3ab mov eax, dword [ebp + 8] xor ebx, ebx mov dword [ebp - 0x344], 0 -lea esi, [eax + 0x3756] +lea esi, [eax + 0x3757] lea eax, [ebp - 0x330] mov dword [ebp - 0x350], eax mov eax, dword [ebp + 8] @@ -36600,17 +36568,17 @@ mov dword [ebp - 0x348], eax movzx eax, byte [ebp - 0x34c] mov dword [ebp - 0x33c], eax -loc_fffba632: ; not directly referenced +loc_fffba614: ; not directly referenced cmp dword [esi], 2 -jne loc_fffba78f ; jne 0xfffba78f +jne loc_fffba771 ; jne 0xfffba771 xor edi, edi -loc_fffba63d: ; not directly referenced +loc_fffba61f: ; not directly referenced mov eax, 1 mov ecx, edi shl eax, cl test byte [esi + 0xc4], al -je short loc_fffba66d ; je 0xfffba66d +je short loc_fffba64f ; je 0xfffba64f mov ecx, dword [ebp - 0x348] push edx push 1 @@ -36621,21 +36589,21 @@ push eax push 4 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffba66d: ; not directly referenced +loc_fffba64f: ; not directly referenced inc edi cmp edi, 4 -jne short loc_fffba63d ; jne 0xfffba63d +jne short loc_fffba61f ; jne 0xfffba61f xor ecx, ecx -loc_fffba675: ; not directly referenced +loc_fffba657: ; not directly referenced mov eax, dword [ebp - 0x350] movzx edi, byte [eax + ecx] movzx eax, byte [esi + ecx + 0x241] sub edi, eax -je loc_fffba785 ; je 0xfffba785 +je loc_fffba767 ; je 0xfffba767 push eax mov eax, 1 push 1 @@ -36647,13 +36615,13 @@ mov dword [ebp - 0x344], ecx push 0 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov edx, dword [ebp - 0x340] add esp, 0x20 mov ecx, dword [ebp - 0x344] mov al, byte [edx + 0x542] cmp byte [ecx + edx + 0x53e], al -jne short loc_fffba719 ; jne 0xfffba719 +jne short loc_fffba6fb ; jne 0xfffba6fb push eax push 1 mov eax, dword [esi + 0x111] @@ -36664,7 +36632,7 @@ push dword [ebp - 0x33c] push 2 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 mov eax, dword [esi + 0x109] @@ -36675,16 +36643,16 @@ push dword [ebp - 0x33c] push 3 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov ecx, dword [ebp - 0x344] add esp, 0x20 -loc_fffba719: ; not directly referenced +loc_fffba6fb: ; not directly referenced mov edx, dword [ebp - 0x340] mov dword [ebp - 0x344], 1 mov al, byte [edx + 0x543] cmp byte [ecx + edx + 0x53e], al -jne short loc_fffba785 ; jne 0xfffba785 +jne short loc_fffba767 ; jne 0xfffba767 push eax push 1 mov eax, dword [esi + 0x115] @@ -36696,7 +36664,7 @@ push dword [ebp - 0x33c] push 2 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 add edi, dword [esi + 0x11d] @@ -36706,40 +36674,40 @@ push dword [ebp - 0x33c] push 1 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov ecx, dword [ebp - 0x34c] add esp, 0x20 -loc_fffba785: ; not directly referenced +loc_fffba767: ; not directly referenced inc ecx cmp ecx, 2 -jne loc_fffba675 ; jne 0xfffba675 +jne loc_fffba657 ; jne 0xfffba657 -loc_fffba78f: ; not directly referenced +loc_fffba771: ; not directly referenced inc ebx add esi, 0x13c3 add dword [ebp - 0x350], 2 add dword [ebp - 0x340], 0x54a add dword [ebp - 0x348], 2 cmp ebx, 2 -jne loc_fffba632 ; jne 0xfffba632 +jne loc_fffba614 ; jne 0xfffba614 cmp dword [ebp - 0x344], 0 -je short loc_fffba7d8 ; je 0xfffba7d8 +je short loc_fffba7ba ; je 0xfffba7ba sub esp, 0xc push dword [ebp + 8] -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp short loc_fffba7d8 ; jmp 0xfffba7d8 +jmp short loc_fffba7ba ; jmp 0xfffba7ba -loc_fffba7d0: ; not directly referenced +loc_fffba7b2: ; not directly referenced test eax, eax -jne loc_fffbb9fc ; jne 0xfffbb9fc +jne loc_fffbb9de ; jne 0xfffbb9de -loc_fffba7d8: ; not directly referenced +loc_fffba7ba: ; not directly referenced mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x5edc] -mov esi, dword [eax + 0x2443] -mov al, byte [eax + 0x248d] +mov ebx, dword [eax + 0x5edd] +mov esi, dword [eax + 0x2444] +mov al, byte [eax + 0x248e] push ecx push 0x7f push 0x48 @@ -36759,74 +36727,74 @@ mov dword [ebp - 0x348], eax mov esi, eax xor ebx, ebx -loc_fffba823: ; not directly referenced +loc_fffba805: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffba89d ; jne 0xfffba89d +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffba87f ; jne 0xfffba87f mov byte [ebp - 0x33c], 0 -loc_fffba83d: ; not directly referenced +loc_fffba81f: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae short loc_fffba87a ; jae 0xfffba87a +cmp al, byte [edi + 0x2489] +jae short loc_fffba85c ; jae 0xfffba85c movzx ecx, byte [ebp - 0x33c] mov edx, ebx mov eax, dword [ebp + 8] mov edi, dword [esi + ecx*4 + 0x28] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc or edi, 0x60 mov ecx, edi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffba83d ; jmp 0xfffba83d +jmp short loc_fffba81f ; jmp 0xfffba81f -loc_fffba87a: ; not directly referenced +loc_fffba85c: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx mov edi, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 or edi, 0x1000008 mov ecx, edi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffba89d: ; not directly referenced +loc_fffba87f: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -jne loc_fffba823 ; jne 0xfffba823 +jne loc_fffba805 ; jne 0xfffba805 xor edi, edi -loc_fffba8af: ; not directly referenced +loc_fffba891: ; not directly referenced mov ebx, 1 mov ecx, edi shl ebx, cl test byte [ebp - 0x340], bl -jne short loc_fffba8d3 ; jne 0xfffba8d3 +jne short loc_fffba8b5 ; jne 0xfffba8b5 -loc_fffba8c0: ; not directly referenced +loc_fffba8a2: ; not directly referenced inc edi cmp edi, 4 -jne short loc_fffba8af ; jne 0xfffba8af +jne short loc_fffba891 ; jne 0xfffba891 mov ebx, dword [ebp - 0x348] xor esi, esi -jmp near loc_fffbaa02 ; jmp 0xfffbaa02 +jmp near loc_fffba9e4 ; jmp 0xfffba9e4 -loc_fffba8d3: ; not directly referenced +loc_fffba8b5: ; not directly referenced xor esi, esi -loc_fffba8d5: ; not directly referenced +loc_fffba8b7: ; not directly referenced imul eax, esi, 0x13c3 mov ecx, dword [ebp + 8] mov byte [ebp - 0x33c], bl -test byte [ecx + eax + 0x381a], bl -je short loc_fffba93b ; je 0xfffba93b +test byte [ecx + eax + 0x381b], bl +je short loc_fffba91d ; je 0xfffba91d mov eax, dword [ebp + 8] sub esp, 0xc mov ecx, esi @@ -36834,11 +36802,11 @@ mov edx, 1 shl edx, cl mov ecx, ebx push 0 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 mov dword [ebp - 0x344], eax test eax, eax -jne loc_fffbb0b4 ; jne 0xfffbb0b4 +jne loc_fffbb096 ; jne 0xfffbb096 sub esp, 0xc mov eax, dword [ebp + 8] mov ecx, edi @@ -36847,14 +36815,14 @@ mov edx, esi push 0x4000 push 0x3000 push 4 -push ref_fffd665c ; push 0xfffd665c -call fcn_fffd2b18 ; call 0xfffd2b18 +push ref_fffd6958 ; push 0xfffd6958 +call fcn_fffd2e0a ; call 0xfffd2e0a add esp, 0x20 -loc_fffba93b: ; not directly referenced +loc_fffba91d: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffba8d5 ; jne 0xfffba8d5 +jne short loc_fffba8b7 ; jne 0xfffba8b7 push eax mov ecx, 0x7f push eax @@ -36864,7 +36832,7 @@ xor si, si push eax mov eax, dword [ebp + 8] push 2 -call fcn_fffd2d89 ; call 0xfffd2d89 +call fcn_fffd2f45 ; call 0xfffd2f45 xor ecx, ecx pop eax pop edx @@ -36873,23 +36841,23 @@ lea eax, [ebp - 0x260] push eax mov eax, dword [ebp + 8] push 0xfffffffffffffffe -call fcn_fffd2d89 ; call 0xfffd2d89 +call fcn_fffd2f45 ; call 0xfffd2f45 add esp, 0x10 -loc_fffba978: ; not directly referenced +loc_fffba95a: ; not directly referenced imul eax, esi, 0x13c3 mov ecx, dword [ebp + 8] mov dl, byte [ebp - 0x33c] -test byte [ecx + eax + 0x381a], dl -jne short loc_fffba99b ; jne 0xfffba99b +test byte [ecx + eax + 0x381b], dl +jne short loc_fffba97d ; jne 0xfffba97d -loc_fffba990: ; not directly referenced +loc_fffba972: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffba978 ; jne 0xfffba978 -jmp near loc_fffba8c0 ; jmp 0xfffba8c0 +jne short loc_fffba95a ; jne 0xfffba95a +jmp near loc_fffba8a2 ; jmp 0xfffba8a2 -loc_fffba99b: ; not directly referenced +loc_fffba97d: ; not directly referenced push eax push 1 push 0x60 @@ -36898,7 +36866,7 @@ push ebx push 2 push esi push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 push 0x60 @@ -36907,7 +36875,7 @@ push ebx push 3 push esi push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 push 0x60 @@ -36916,7 +36884,7 @@ push ebx push 1 push esi push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov eax, dword [ebp + 8] add esp, 0x14 mov ecx, esi @@ -36924,26 +36892,26 @@ mov edx, 1 shl edx, cl mov ecx, ebx push 2 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 mov dword [ebp - 0x344], eax test eax, eax -je short loc_fffba990 ; je 0xfffba990 -jmp near loc_fffbb0b4 ; jmp 0xfffbb0b4 +je short loc_fffba972 ; je 0xfffba972 +jmp near loc_fffbb096 ; jmp 0xfffbb096 -loc_fffbaa02: ; not directly referenced +loc_fffba9e4: ; not directly referenced imul eax, esi, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffbaa69 ; je 0xfffbaa69 +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffbaa4b ; je 0xfffbaa4b -loc_fffbaa15: ; not directly referenced +loc_fffba9f7: ; not directly referenced inc esi add ebx, 0xcc cmp esi, 2 -jne short loc_fffbaa02 ; jne 0xfffbaa02 +jne short loc_fffba9e4 ; jne 0xfffba9e4 mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] lea eax, [ebp - 0x2c8] push esi xor esi, esi @@ -36962,42 +36930,42 @@ add esp, 0x10 mov dword [ebp - 0x34c], eax lea eax, [ebp - 0x260] mov dword [ebp - 0x348], eax -jmp short loc_fffbaac9 ; jmp 0xfffbaac9 +jmp short loc_fffbaaab ; jmp 0xfffbaaab -loc_fffbaa69: ; not directly referenced +loc_fffbaa4b: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebx] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x33c], 0 -loc_fffbaa8b: ; not directly referenced +loc_fffbaa6d: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae loc_fffbaa15 ; jae 0xfffbaa15 +cmp al, byte [edi + 0x2489] +jae loc_fffba9f7 ; jae 0xfffba9f7 movzx edi, byte [ebp - 0x33c] mov edx, esi mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebx + edi*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffbaa8b ; jmp 0xfffbaa8b +jmp short loc_fffbaa6d ; jmp 0xfffbaa6d -loc_fffbaac9: ; not directly referenced +loc_fffbaaab: ; not directly referenced imul eax, esi, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffbabfc ; jne 0xfffbabfc -mov al, byte [edi + eax + 0x381a] +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffbabde ; jne 0xfffbabde +mov al, byte [edi + eax + 0x381b] lea ecx, [ebp - 0x18] mov edi, dword [ebp - 0x348] mov dword [ebp - 0x33c], 0 @@ -37010,24 +36978,24 @@ lea eax, [esi + esi] add eax, ecx mov dword [ebp - 0x378], eax -loc_fffbab23: ; not directly referenced +loc_fffbab05: ; not directly referenced mov cl, byte [ebp - 0x33c] mov eax, 1 shl eax, cl test byte [ebp - 0x368], al -je short loc_fffbab4b ; je 0xfffbab4b +je short loc_fffbab2d ; je 0xfffbab2d mov eax, dword [ebp + 8] xor ecx, ecx -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x354], al -jmp short loc_fffbab9c ; jmp 0xfffbab9c +jmp short loc_fffbab7e ; jmp 0xfffbab7e -loc_fffbab4b: ; not directly referenced +loc_fffbab2d: ; not directly referenced inc dword [ebp - 0x33c] add edi, 9 add dword [ebp - 0x344], 9 cmp dword [ebp - 0x33c], 4 -jne short loc_fffbab23 ; jne 0xfffbab23 +jne short loc_fffbab05 ; jne 0xfffbab05 movzx edx, byte [ebp + esi*2 - 0x2c8] movzx eax, byte [ebp + esi*2 - 0x2e8] add eax, edx @@ -37038,11 +37006,11 @@ movzx eax, byte [ebp + esi*2 - 0x2e7] add eax, edx sar eax, 1 mov byte [ebp + esi*2 - 0x307], al -jmp short loc_fffbabfc ; jmp 0xfffbabfc +jmp short loc_fffbabde ; jmp 0xfffbabde -loc_fffbab9c: ; not directly referenced +loc_fffbab7e: ; not directly referenced cmp byte [ebp - 0x354], cl -jbe short loc_fffbab4b ; jbe 0xfffbab4b +jbe short loc_fffbab2d ; jbe 0xfffbab2d mov edx, dword [ebp - 0x350] mov eax, dword [ebp + 8] mov ebx, dword [ebp - 0x344] @@ -37062,22 +37030,22 @@ cmp byte [eax - 0x2d0], dl cmovae edx, ebx inc ecx mov byte [eax - 0x2d0], dl -jmp short loc_fffbab9c ; jmp 0xfffbab9c +jmp short loc_fffbab7e ; jmp 0xfffbab7e -loc_fffbabfc: ; not directly referenced +loc_fffbabde: ; not directly referenced inc esi add dword [ebp - 0x34c], 0x24 add dword [ebp - 0x348], 0x24 cmp esi, 2 -jne loc_fffbaac9 ; jne 0xfffbaac9 +jne loc_fffbaaab ; jne 0xfffbaaab movzx esi, byte [ebp - 0x340] xor ebx, ebx -loc_fffbac1d: ; not directly referenced +loc_fffbabff: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbac9f ; jne 0xfffbac9f +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffbac81 ; jne 0xfffbac81 movzx eax, byte [ebp + ebx*2 - 0x308] push ecx push 1 @@ -37087,7 +37055,7 @@ push esi push 2 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx*2 - 0x308] add esp, 0x1c push 1 @@ -37097,7 +37065,7 @@ push esi push 3 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx*2 - 0x307] add esp, 0x1c push 1 @@ -37107,7 +37075,7 @@ push esi push 2 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx*2 - 0x307] add esp, 0x1c push 1 @@ -37117,67 +37085,67 @@ push esi push 1 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffbac9f: ; not directly referenced +loc_fffbac81: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffbac1d ; jne 0xfffbac1d +jne loc_fffbabff ; jne 0xfffbabff mov eax, dword [ebp + 8] mov dword [ebp - 0x344], 0 mov dword [ebp - 0x348], 0x4224 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x34c], eax mov eax, dword [ebp + 8] add eax, 0x196b mov dword [ebp - 0x340], eax -loc_fffbacd9: ; not directly referenced +loc_fffbacbb: ; not directly referenced mov eax, dword [ebp - 0x34c] cmp dword [eax], 2 -jne loc_fffbb079 ; jne 0xfffbb079 +jne loc_fffbb05b ; jne 0xfffbb05b xor ebx, ebx xor edi, edi mov byte [ebp - 0x350], 0 xor ecx, ecx xor eax, eax -loc_fffbacf7: ; not directly referenced +loc_fffbacd9: ; not directly referenced mov esi, dword [ebp - 0x340] mov dl, byte [esi + eax + 0x4f6] cmp dl, 2 -je short loc_fffbad29 ; je 0xfffbad29 -ja short loc_fffbad17 ; ja 0xfffbad17 +je short loc_fffbad0b ; je 0xfffbad0b +ja short loc_fffbacf9 ; ja 0xfffbacf9 mov esi, eax and esi, 7 test dl, dl cmove ebx, esi -jmp short loc_fffbad3b ; jmp 0xfffbad3b +jmp short loc_fffbad1d ; jmp 0xfffbad1d -loc_fffbad17: ; not directly referenced +loc_fffbacf9: ; not directly referenced cmp dl, 4 -je short loc_fffbad30 ; je 0xfffbad30 +je short loc_fffbad12 ; je 0xfffbad12 mov esi, eax and esi, 7 cmp dl, 6 cmove ecx, esi -jmp short loc_fffbad3b ; jmp 0xfffbad3b +jmp short loc_fffbad1d ; jmp 0xfffbad1d -loc_fffbad29: ; not directly referenced +loc_fffbad0b: ; not directly referenced mov edi, eax and edi, 7 -jmp short loc_fffbad3b ; jmp 0xfffbad3b +jmp short loc_fffbad1d ; jmp 0xfffbad1d -loc_fffbad30: ; not directly referenced +loc_fffbad12: ; not directly referenced mov dl, al and edx, 7 mov byte [ebp - 0x350], dl -loc_fffbad3b: ; not directly referenced +loc_fffbad1d: ; not directly referenced inc eax cmp eax, 8 -jne short loc_fffbacf7 ; jne 0xfffbacf7 +jne short loc_fffbacd9 ; jne 0xfffbacd9 mov eax, edi mov edx, ebx shl eax, 0x1c @@ -37228,85 +37196,85 @@ xor edx, edx mov dword [ebp - 0x3cc], eax xor eax, eax -loc_fffbae25: ; not directly referenced +loc_fffbae07: ; not directly referenced mov ecx, dword [ebp - 0x398] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 1 -je short loc_fffbae49 ; je 0xfffbae49 -jb short loc_fffbae41 ; jb 0xfffbae41 +je short loc_fffbae2b ; je 0xfffbae2b +jb short loc_fffbae23 ; jb 0xfffbae23 cmp cl, 2 cmove esi, eax -jmp short loc_fffbae4f ; jmp 0xfffbae4f +jmp short loc_fffbae31 ; jmp 0xfffbae31 -loc_fffbae41: ; not directly referenced +loc_fffbae23: ; not directly referenced mov byte [ebp - 0x368], al -jmp short loc_fffbae4f ; jmp 0xfffbae4f +jmp short loc_fffbae31 ; jmp 0xfffbae31 -loc_fffbae49: ; not directly referenced +loc_fffbae2b: ; not directly referenced mov byte [ebp - 0x378], al -loc_fffbae4f: ; not directly referenced +loc_fffbae31: ; not directly referenced mov ecx, dword [ebp - 0x394] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 0x11 -je short loc_fffbae6e ; je 0xfffbae6e +je short loc_fffbae50 ; je 0xfffbae50 cmp cl, 0x12 -je short loc_fffbae76 ; je 0xfffbae76 +je short loc_fffbae58 ; je 0xfffbae58 cmp cl, 0x10 cmove edi, eax -jmp short loc_fffbae7c ; jmp 0xfffbae7c +jmp short loc_fffbae5e ; jmp 0xfffbae5e -loc_fffbae6e: ; not directly referenced +loc_fffbae50: ; not directly referenced mov byte [ebp - 0x3a8], al -jmp short loc_fffbae7c ; jmp 0xfffbae7c +jmp short loc_fffbae5e ; jmp 0xfffbae5e -loc_fffbae76: ; not directly referenced +loc_fffbae58: ; not directly referenced mov byte [ebp - 0x390], al -loc_fffbae7c: ; not directly referenced +loc_fffbae5e: ; not directly referenced mov ecx, dword [ebp - 0x3d0] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 0x21 -je short loc_fffbaea7 ; je 0xfffbaea7 +je short loc_fffbae89 ; je 0xfffbae89 cmp cl, 0x22 -je short loc_fffbaeaf ; je 0xfffbaeaf +je short loc_fffbae91 ; je 0xfffbae91 cmp cl, 0x20 mov cl, byte [ebp - 0x350] cmove ecx, eax mov byte [ebp - 0x350], cl -jmp short loc_fffbaeb5 ; jmp 0xfffbaeb5 +jmp short loc_fffbae97 ; jmp 0xfffbae97 -loc_fffbaea7: ; not directly referenced +loc_fffbae89: ; not directly referenced mov byte [ebp - 0x38c], al -jmp short loc_fffbaeb5 ; jmp 0xfffbaeb5 +jmp short loc_fffbae97 ; jmp 0xfffbae97 -loc_fffbaeaf: ; not directly referenced +loc_fffbae91: ; not directly referenced mov byte [ebp - 0x358], al -loc_fffbaeb5: ; not directly referenced +loc_fffbae97: ; not directly referenced mov ecx, dword [ebp - 0x3cc] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 0x31 -je short loc_fffbaed4 ; je 0xfffbaed4 +je short loc_fffbaeb6 ; je 0xfffbaeb6 cmp cl, 0x32 -je short loc_fffbaedc ; je 0xfffbaedc +je short loc_fffbaebe ; je 0xfffbaebe cmp cl, 0x30 cmove ebx, eax -jmp short loc_fffbaee2 ; jmp 0xfffbaee2 +jmp short loc_fffbaec4 ; jmp 0xfffbaec4 -loc_fffbaed4: ; not directly referenced +loc_fffbaeb6: ; not directly referenced mov byte [ebp - 0x3c8], al -jmp short loc_fffbaee2 ; jmp 0xfffbaee2 +jmp short loc_fffbaec4 ; jmp 0xfffbaec4 -loc_fffbaedc: ; not directly referenced +loc_fffbaebe: ; not directly referenced mov byte [ebp - 0x3b8], al -loc_fffbaee2: ; not directly referenced +loc_fffbaec4: ; not directly referenced inc eax inc edx and eax, 7 cmp edx, 8 -jne loc_fffbae25 ; jne 0xfffbae25 +jne loc_fffbae07 ; jne 0xfffbae07 mov ecx, dword [ebp - 0x368] and esi, 7 and edi, 7 @@ -37357,7 +37325,7 @@ shl eax, 0x14 or esi, eax mov eax, dword [ebp - 0x34c] cmp byte [eax + 0x1264], 0x20 -jne loc_fffbb03c ; jne 0xfffbb03c +jne loc_fffbb01e ; jne 0xfffbb01e mov ebx, dword [ebp - 0x3d4] and ecx, 0x8fffffff and esi, 0x8fffffff @@ -37397,7 +37365,7 @@ shl eax, 0xc and eax, 0x700000 or esi, eax -loc_fffbb03c: ; not directly referenced +loc_fffbb01e: ; not directly referenced mov edi, dword [ebp - 0x348] mov ebx, dword [ebp + 8] mov eax, edi @@ -37406,7 +37374,7 @@ cmp dword [ebx + 0x188b], 1 lea edx, [edi + 4] cmovne edx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, edi mov ecx, esi lea edx, [edi + 8] @@ -37414,30 +37382,30 @@ mov edi, dword [ebp + 8] cmp dword [edi + 0x188b], 1 cmovne edx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb079: ; not directly referenced +loc_fffbb05b: ; not directly referenced mov eax, dword [ebp - 0x348] add dword [ebp - 0x34c], 0x13c3 add dword [ebp - 0x340], 0x54a add eax, 0x400 cmp eax, 0x4a24 -je short loc_fffbb0aa ; je 0xfffbb0aa +je short loc_fffbb08c ; je 0xfffbb08c mov dword [ebp - 0x348], eax -jmp near loc_fffbacd9 ; jmp 0xfffbacd9 +jmp near loc_fffbacbb ; jmp 0xfffbacbb -loc_fffbb0aa: ; not directly referenced +loc_fffbb08c: ; not directly referenced mov eax, dword [ebp + 8] -mov byte [eax + 0x247c], 1 +mov byte [eax + 0x247d], 1 -loc_fffbb0b4: ; not directly referenced +loc_fffbb096: ; not directly referenced mov eax, dword [ebp - 0x344] -jmp near loc_fffbb9fc ; jmp 0xfffbb9fc +jmp near loc_fffbb9de ; jmp 0xfffbb9de -loc_fffbb0bf: ; not directly referenced +loc_fffbb0a1: ; not directly referenced mov eax, dword [ebp + 8] mov edi, dword [ebp - 0x344] -add eax, 0x3756 +add eax, 0x3757 add edi, 0x70 mov ebx, eax mov dword [ebp - 0x3d0], edi @@ -37445,47 +37413,47 @@ mov esi, edi xor edi, edi mov dword [ebp - 0x3cc], eax -loc_fffbb0e2: ; not directly referenced +loc_fffbb0c4: ; not directly referenced cmp dword [ebx], 2 -jne loc_fffbb17d ; jne 0xfffbb17d +jne loc_fffbb15f ; jne 0xfffbb15f mov byte [ebp - 0x340], 0 -loc_fffbb0f2: ; not directly referenced +loc_fffbb0d4: ; not directly referenced mov eax, dword [ebp + 8] mov cl, byte [ebp - 0x340] -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] cmp cl, al -jae short loc_fffbb16c ; jae 0xfffbb16c +jae short loc_fffbb14e ; jae 0xfffbb14e movzx eax, cl mov dword [ebp - 0x33c], 0 mov dword [ebp - 0x34c], eax -loc_fffbb119: ; not directly referenced +loc_fffbb0fb: ; not directly referenced mov cl, byte [ebp - 0x33c] mov eax, 1 shl eax, cl test byte [ebx + 0xc4], al -je short loc_fffbb155 ; je 0xfffbb155 +je short loc_fffbb137 ; je 0xfffbb137 mov eax, dword [ebp + 8] cmp byte [eax + 0x18b2], 1 -jne short loc_fffbb155 ; jne 0xfffbb155 +jne short loc_fffbb137 ; jne 0xfffbb137 push edx mov ecx, dword [ebp - 0x33c] mov edx, edi push 0x20 push 5 push dword [ebp - 0x34c] -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -loc_fffbb155: ; not directly referenced +loc_fffbb137: ; not directly referenced inc dword [ebp - 0x33c] cmp dword [ebp - 0x33c], 4 -jne short loc_fffbb119 ; jne 0xfffbb119 +jne short loc_fffbb0fb ; jne 0xfffbb0fb inc byte [ebp - 0x340] -jmp short loc_fffbb0f2 ; jmp 0xfffbb0f2 +jmp short loc_fffbb0d4 ; jmp 0xfffbb0d4 -loc_fffbb16c: ; not directly referenced +loc_fffbb14e: ; not directly referenced push ecx push 0 push eax @@ -37494,26 +37462,26 @@ push esi call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffbb17d: ; not directly referenced +loc_fffbb15f: ; not directly referenced inc edi add ebx, 0x13c3 add esi, 0xcc cmp edi, 2 -jne loc_fffbb0e2 ; jne 0xfffbb0e2 +jne loc_fffbb0c4 ; jne 0xfffbb0c4 mov eax, dword [ebp + 8] movzx edx, byte [ebp - 0x348] -call fcn_fffb27d5 ; call 0xfffb27d5 +call fcn_fffaeb5f ; call 0xfffaeb5f mov eax, dword [ebp - 0x344] mov dword [ebp - 0x33c], 0 add eax, 0x1c mov dword [ebp - 0x3b8], eax -loc_fffbb1bb: ; not directly referenced +loc_fffbb19d: ; not directly referenced mov edi, dword [ebp - 0x33c] mov eax, edi mov byte [ebp - 0x388], al cmp edi, 0x80 -je loc_fffbb85b ; je 0xfffbb85b +je loc_fffbb83d ; je 0xfffbb83d mov edi, dword [ebp - 0x33c] mov eax, edi and eax, 0x7f @@ -37528,10 +37496,10 @@ or ecx, edx mov edx, 0x390c or ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 sub esp, 0xc push dword [ebp + 8] -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d mov eax, edi add esp, 0x10 shr al, 1 @@ -37541,39 +37509,39 @@ mov dword [ebp - 0x378], eax mov dword [ebp - 0x390], 0 mov dword [ebp - 0x358], 0 -loc_fffbb238: ; not directly referenced +loc_fffbb21a: ; not directly referenced mov cl, byte [ebp - 0x358] mov dword [ebp - 0x340], 1 shl dword [ebp - 0x340], cl mov al, byte [ebp - 0x340] test byte [ebp - 0x3c8], al -jne short loc_fffbb284 ; jne 0xfffbb284 +jne short loc_fffbb266 ; jne 0xfffbb266 -loc_fffbb25c: ; not directly referenced +loc_fffbb23e: ; not directly referenced inc dword [ebp - 0x358] inc dword [ebp - 0x378] add dword [ebp - 0x390], 4 cmp dword [ebp - 0x358], 4 -jne short loc_fffbb238 ; jne 0xfffbb238 +jne short loc_fffbb21a ; jne 0xfffbb21a add dword [ebp - 0x33c], 2 -jmp near loc_fffbb1bb ; jmp 0xfffbb1bb +jmp near loc_fffbb19d ; jmp 0xfffbb19d -loc_fffbb284: ; not directly referenced +loc_fffbb266: ; not directly referenced xor ebx, ebx -loc_fffbb286: ; not directly referenced +loc_fffbb268: ; not directly referenced mov edi, dword [ebp - 0x340] mov edx, ebx mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 imul eax, ebx, 0x13c3 mov esi, dword [ebp + 8] mov dword [ebp + ebx*4 - 0x338], 0 mov edx, edi mov dword [ebp + ebx*4 - 0x330], 0 -test byte [esi + eax + 0x381a], dl -je short loc_fffbb300 ; je 0xfffbb300 +test byte [esi + eax + 0x381b], dl +je short loc_fffbb2e2 ; je 0xfffbb2e2 mov ecx, dword [ebp - 0x340] mov eax, esi mov esi, ebx @@ -37582,34 +37550,34 @@ push edx mov edx, ebx push 4 push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov eax, dword [ebp + 8] shl esi, 0xa add esi, 0x4194 mov edx, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, esi or eax, 0x80000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -loc_fffbb300: ; not directly referenced +loc_fffbb2e2: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffbb286 ; jne 0xfffbb286 +jne short loc_fffbb268 ; jne 0xfffbb268 mov al, byte [ebp - 0x340] mov dword [ebp - 0x34c], 0xffffffe0 mov byte [ebp - 0x344], al mov eax, dword [ebp + 8] -movzx ecx, byte [eax + 0x2488] +movzx ecx, byte [eax + 0x2489] mov eax, 1 shl eax, cl dec eax mov dword [ebp - 0x348], eax -loc_fffbb334: ; not directly referenced +loc_fffbb316: ; not directly referenced push 1 mov edi, dword [ebp - 0x34c] xor ebx, ebx @@ -37626,23 +37594,23 @@ push edi push 1 push dword [ebp + 8] mov byte [ebp - 0x350], al -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov edi, dword [ebp - 0x3b8] add esp, 0x30 -loc_fffbb36a: ; not directly referenced +loc_fffbb34c: ; not directly referenced imul eax, ebx, 0x13c3 mov ecx, dword [ebp + 8] xor esi, esi mov dl, byte [ebp - 0x344] -test byte [ecx + eax + 0x381a], dl -je short loc_fffbb3e3 ; je 0xfffbb3e3 +test byte [ecx + eax + 0x381b], dl +je short loc_fffbb3c5 ; je 0xfffbb3c5 -loc_fffbb384: ; not directly referenced +loc_fffbb366: ; not directly referenced mov ecx, dword [ebp + 8] mov eax, esi -cmp al, byte [ecx + 0x2488] -jae short loc_fffbb3c2 ; jae 0xfffbb3c2 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbb3a4 ; jae 0xfffbb3a4 mov eax, esi mov edx, ebx movzx eax, al @@ -37650,117 +37618,117 @@ inc esi mov ecx, eax mov dword [ebp - 0x354], eax mov eax, dword [ebp + 8] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebp - 0x354] mov ecx, dword [edi + ecx*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] or ecx, 0x60 -call fcn_fffaeb7c ; call 0xfffaeb7c -jmp short loc_fffbb384 ; jmp 0xfffbb384 +call fcn_fffb38b3 ; call 0xfffb38b3 +jmp short loc_fffbb366 ; jmp 0xfffbb366 -loc_fffbb3c2: ; not directly referenced +loc_fffbb3a4: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [edi] or ecx, 0x1000001 mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb3e3: ; not directly referenced +loc_fffbb3c5: ; not directly referenced inc ebx add edi, 0xcc cmp ebx, 2 -jne loc_fffbb36a ; jne 0xfffbb36a +jne loc_fffbb34c ; jne 0xfffbb34c mov eax, dword [ebp + 8] xor bl, bl -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov ecx, 5 mov edx, 0x4800 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 2 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov edx, 2 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] mov ecx, 2 mov edx, 0x4800 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb443: ; not directly referenced +loc_fffbb425: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] mov dl, byte [ebp - 0x344] -test byte [edi + eax + 0x381a], dl -je short loc_fffbb4c5 ; je 0xfffbb4c5 +test byte [edi + eax + 0x381b], dl +je short loc_fffbb4a7 ; je 0xfffbb4a7 xor edi, edi -loc_fffbb45d: ; not directly referenced +loc_fffbb43f: ; not directly referenced mov ecx, dword [ebp + 8] mov eax, edi -cmp al, byte [ecx + 0x2488] -jae short loc_fffbb4a2 ; jae 0xfffbb4a2 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbb484 ; jae 0xfffbb484 mov eax, edi mov edx, ebx movzx ecx, al mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 1 mov ecx, edi shl edx, cl dec eax -jne short loc_fffbb498 ; jne 0xfffbb498 +jne short loc_fffbb47a ; jne 0xfffbb47a or dword [ebp + ebx*4 - 0x338], edx -jmp short loc_fffbb49f ; jmp 0xfffbb49f +jmp short loc_fffbb481 ; jmp 0xfffbb481 -loc_fffbb498: ; not directly referenced +loc_fffbb47a: ; not directly referenced or dword [ebp + ebx*4 - 0x330], edx -loc_fffbb49f: ; not directly referenced +loc_fffbb481: ; not directly referenced inc edi -jmp short loc_fffbb45d ; jmp 0xfffbb45d +jmp short loc_fffbb43f ; jmp 0xfffbb43f -loc_fffbb4a2: ; not directly referenced +loc_fffbb484: ; not directly referenced mov eax, dword [ebp - 0x348] cmp dword [ebp + ebx*4 - 0x338], eax -jne short loc_fffbb4c5 ; jne 0xfffbb4c5 +jne short loc_fffbb4a7 ; jne 0xfffbb4a7 mov edi, dword [ebp - 0x378] mov al, byte [ebp - 0x350] cmp byte [edi + ebx*4], al -jle short loc_fffbb4c5 ; jle 0xfffbb4c5 +jle short loc_fffbb4a7 ; jle 0xfffbb4a7 mov byte [edi + ebx*4], al -loc_fffbb4c5: ; not directly referenced +loc_fffbb4a7: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffbb443 ; jne 0xfffbb443 +jne loc_fffbb425 ; jne 0xfffbb425 mov ebx, dword [ebp - 0x3b8] xor edi, edi -loc_fffbb4d7: ; not directly referenced +loc_fffbb4b9: ; not directly referenced imul eax, edi, 0x13c3 mov ecx, dword [ebp + 8] xor esi, esi mov dl, byte [ebp - 0x344] -test byte [ecx + eax + 0x381a], dl -je short loc_fffbb54e ; je 0xfffbb54e +test byte [ecx + eax + 0x381b], dl +je short loc_fffbb530 ; je 0xfffbb530 -loc_fffbb4f1: ; not directly referenced +loc_fffbb4d3: ; not directly referenced mov edx, dword [ebp + 8] mov eax, esi -cmp al, byte [edx + 0x2488] -jae short loc_fffbb52c ; jae 0xfffbb52c +cmp al, byte [edx + 0x2489] +jae short loc_fffbb50e ; jae 0xfffbb50e mov eax, esi mov edx, edi movzx eax, al @@ -37768,53 +37736,53 @@ inc esi mov ecx, eax mov dword [ebp - 0x350], eax mov eax, dword [ebp + 8] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebp - 0x350] mov ecx, dword [ebx + ecx*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffbb4f1 ; jmp 0xfffbb4f1 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffbb4d3 ; jmp 0xfffbb4d3 -loc_fffbb52c: ; not directly referenced +loc_fffbb50e: ; not directly referenced mov eax, edx -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebx] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffbb54e: ; not directly referenced +loc_fffbb530: ; not directly referenced inc edi add ebx, 0xcc cmp edi, 2 -jne loc_fffbb4d7 ; jne 0xfffbb4d7 +jne loc_fffbb4b9 ; jne 0xfffbb4b9 mov edi, dword [ebp + 8] mov al, byte [ebp - 0x344] -test byte [edi + 0x381a], al -je short loc_fffbb58d ; je 0xfffbb58d +test byte [edi + 0x381b], al +je short loc_fffbb56f ; je 0xfffbb56f mov eax, dword [ebp - 0x348] cmp dword [ebp - 0x338], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 cmp dword [ebp - 0x330], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 -loc_fffbb58d: ; not directly referenced +loc_fffbb56f: ; not directly referenced mov ebx, dword [ebp + 8] mov al, byte [ebp - 0x344] -test byte [ebx + 0x4bdd], al -je short loc_fffbb5bc ; je 0xfffbb5bc +test byte [ebx + 0x4bde], al +je short loc_fffbb59e ; je 0xfffbb59e mov eax, dword [ebp - 0x348] cmp dword [ebp - 0x334], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 cmp dword [ebp - 0x32c], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 -loc_fffbb5bc: ; not directly referenced +loc_fffbb59e: ; not directly referenced mov eax, dword [ebp - 0x390] mov edx, dword [ebp - 0x33c] lea edi, [ebp + eax - 0x260] @@ -37833,25 +37801,25 @@ xor ebx, ebx lea edi, [ebp + edi - 0x308] mov dword [ebp - 0x3a8], ecx -loc_fffbb619: ; not directly referenced +loc_fffbb5fb: ; not directly referenced imul edx, ebx, 0x13c3 mov esi, dword [ebp + 8] mov cl, byte [ebp - 0x344] -test byte [esi + edx + 0x381a], cl -je loc_fffbb7c4 ; je 0xfffbb7c4 +test byte [esi + edx + 0x381b], cl +je loc_fffbb7a6 ; je 0xfffbb7a6 mov esi, dword [ebp - 0x348] xor ecx, ecx cmp dword [ebp + ebx*4 - 0x338], esi -jne short loc_fffbb652 ; jne 0xfffbb652 +jne short loc_fffbb634 ; jne 0xfffbb634 xor ecx, ecx cmp dword [ebp + ebx*4 - 0x330], esi sete cl -loc_fffbb652: ; not directly referenced +loc_fffbb634: ; not directly referenced cmp byte [ebp - 0x388], 0 setne dl test dl, cl -je short loc_fffbb67f ; je 0xfffbb67f +je short loc_fffbb661 ; je 0xfffbb661 mov ecx, dword [ebp - 0x378] movsx edx, byte [ecx + ebx*4] movsx ecx, byte [ecx + ebx*4 - 8] @@ -37859,15 +37827,15 @@ sub edx, ecx cmp edx, 0x10 setle dl movzx edx, dl -jmp near loc_fffbb70e ; jmp 0xfffbb70e +jmp near loc_fffbb6f0 ; jmp 0xfffbb6f0 -loc_fffbb67f: ; not directly referenced +loc_fffbb661: ; not directly referenced cmp byte [ebp - 0x388], 0 mov edx, ecx -jne loc_fffbb70e ; jne 0xfffbb70e +jne loc_fffbb6f0 ; jne 0xfffbb6f0 mov esi, dword [ebp - 0x368] test ecx, ecx -je short loc_fffbb6d3 ; je 0xfffbb6d3 +je short loc_fffbb6b5 ; je 0xfffbb6b5 mov dword [esi], 0 mov esi, dword [ebp - 0x34c] mov dword [edi], 0 @@ -37877,9 +37845,9 @@ mov esi, dword [ebp - 0x354] mov dword [esi], 0 mov esi, dword [ebp - 0x350] mov dword [esi], 0 -jmp near loc_fffbb7c4 ; jmp 0xfffbb7c4 +jmp near loc_fffbb7a6 ; jmp 0xfffbb7a6 -loc_fffbb6d3: ; not directly referenced +loc_fffbb6b5: ; not directly referenced mov dword [esi], 0xfffffffe mov esi, dword [ebp - 0x34c] mov dword [edi], 0xfffffffe @@ -37889,45 +37857,45 @@ mov esi, dword [ebp - 0x354] mov dword [esi], 0xfffffffe mov esi, dword [ebp - 0x350] mov dword [esi], 0xfffffffe -jmp near loc_fffbb7c4 ; jmp 0xfffbb7c4 +jmp near loc_fffbb7a6 ; jmp 0xfffbb7a6 -loc_fffbb70e: ; not directly referenced +loc_fffbb6f0: ; not directly referenced test edx, edx -je loc_fffbb7c4 ; je 0xfffbb7c4 +je loc_fffbb7a6 ; je 0xfffbb7a6 mov esi, dword [ebp - 0x3a8] cmp dword [edi], esi -jne short loc_fffbb728 ; jne 0xfffbb728 +jne short loc_fffbb70a ; jne 0xfffbb70a mov esi, dword [ebp - 0x33c] mov dword [edi], esi -loc_fffbb728: ; not directly referenced +loc_fffbb70a: ; not directly referenced mov esi, dword [ebp - 0x3a8] cmp dword [eax], esi -jne short loc_fffbb73c ; jne 0xfffbb73c +jne short loc_fffbb71e ; jne 0xfffbb71e mov esi, dword [ebp - 0x33c] mov dword [eax], esi -jmp short loc_fffbb74c ; jmp 0xfffbb74c +jmp short loc_fffbb72e ; jmp 0xfffbb72e -loc_fffbb73c: ; not directly referenced +loc_fffbb71e: ; not directly referenced mov ecx, dword [ebp - 0x33c] mov esi, dword [ebp - 0x34c] mov dword [eax], ecx mov dword [esi], ecx -loc_fffbb74c: ; not directly referenced +loc_fffbb72e: ; not directly referenced cmp byte [ebp - 0x388], 0x7e -jne short loc_fffbb772 ; jne 0xfffbb772 +jne short loc_fffbb754 ; jne 0xfffbb754 mov esi, dword [ebp - 0x368] cmp dword [esi], 0 -jne short loc_fffbb772 ; jne 0xfffbb772 +jne short loc_fffbb754 ; jne 0xfffbb754 mov edx, dword [edi] mov ecx, dword [ebp - 0x33c] cmp edx, ecx -je short loc_fffbb772 ; je 0xfffbb772 +je short loc_fffbb754 ; je 0xfffbb754 lea edx, [edx + ecx + 2] mov dword [eax], edx -loc_fffbb772: ; not directly referenced +loc_fffbb754: ; not directly referenced mov edx, dword [ebp - 0x34c] mov esi, dword [eax] mov dword [ebp - 0x3d4], eax @@ -37942,7 +37910,7 @@ mov edx, dword [edx] sub edx, dword [ecx] cmp eax, edx mov eax, dword [ebp - 0x3d4] -jle short loc_fffbb7c4 ; jle 0xfffbb7c4 +jle short loc_fffbb7a6 ; jle 0xfffbb7a6 mov esi, ecx mov ecx, dword [ebp - 0x398] mov dword [esi], ecx @@ -37950,7 +37918,7 @@ mov esi, dword [ebp - 0x350] mov ecx, dword [ebp - 0x394] mov dword [esi], ecx -loc_fffbb7c4: ; not directly referenced +loc_fffbb7a6: ; not directly referenced inc ebx add edi, 0x10 add dword [ebp - 0x368], 0x10 @@ -37959,44 +37927,44 @@ add dword [ebp - 0x34c], 0x10 add dword [ebp - 0x354], 0x10 add dword [ebp - 0x350], 0x10 cmp ebx, 2 -jne loc_fffbb619 ; jne 0xfffbb619 +jne loc_fffbb5fb ; jne 0xfffbb5fb mov edi, dword [ebp + 8] mov al, byte [ebp - 0x340] -test byte [edi + 0x381a], al -je short loc_fffbb821 ; je 0xfffbb821 +test byte [edi + 0x381b], al +je short loc_fffbb803 ; je 0xfffbb803 mov edx, 0x4194 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4194 and eax, 0x7fffffff mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb821: ; not directly referenced +loc_fffbb803: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x340] -test byte [edi + 0x4bdd], al -je loc_fffbb25c ; je 0xfffbb25c +test byte [edi + 0x4bde], al +je loc_fffbb23e ; je 0xfffbb23e mov edx, 0x4594 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4594 and eax, 0x7fffffff mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffbb25c ; jmp 0xfffbb25c +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbb23e ; jmp 0xfffbb23e -loc_fffbb85b: ; not directly referenced +loc_fffbb83d: ; not directly referenced mov eax, dword [ebp - 0x3d0] xor di, di mov ebx, dword [ebp - 0x3cc] mov dword [ebp - 0x340], eax -loc_fffbb870: ; not directly referenced +loc_fffbb852: ; not directly referenced cmp dword [ebx], 2 -jne loc_fffbb992 ; jne 0xfffbb992 +jne loc_fffbb974 ; jne 0xfffbb974 mov al, byte [ebx + 0xc4] xor ecx, ecx mov byte [ebp - 0x350], 0 @@ -38008,12 +37976,12 @@ add eax, edi mov byte [ebp - 0x344], 0 mov dword [ebp - 0x368], eax -loc_fffbb8b1: ; not directly referenced +loc_fffbb893: ; not directly referenced mov edx, 1 mov al, cl shl edx, cl test byte [ebp - 0x354], dl -je short loc_fffbb926 ; je 0xfffbb926 +je short loc_fffbb908 ; je 0xfffbb908 mov esi, dword [ebp - 0x368] lea edx, [ebp - 0x260] add edx, edi @@ -38021,40 +37989,40 @@ mov esi, dword [esi + ecx*4] mov dword [ebp - 0x33c], esi mov esi, dword [edx + ecx*4] sub esi, dword [ebp - 0x33c] -je loc_fffbb9dc ; je 0xfffbb9dc +je loc_fffbb9be ; je 0xfffbb9be mov dl, 0x40 cmp esi, 0x10 -jle short loc_fffbb8f9 ; jle 0xfffbb8f9 +jle short loc_fffbb8db ; jle 0xfffbb8db mov dl, byte [ebp - 0x33c] sar esi, 1 add edx, esi -loc_fffbb8f9: ; not directly referenced +loc_fffbb8db: ; not directly referenced and edx, 0x7f cmp al, 2 -je short loc_fffbb918 ; je 0xfffbb918 +je short loc_fffbb8fa ; je 0xfffbb8fa cmp al, 3 -je short loc_fffbb920 ; je 0xfffbb920 +je short loc_fffbb902 ; je 0xfffbb902 dec al -je short loc_fffbb910 ; je 0xfffbb910 +je short loc_fffbb8f2 ; je 0xfffbb8f2 mov byte [ebp - 0x344], dl -jmp short loc_fffbb926 ; jmp 0xfffbb926 +jmp short loc_fffbb908 ; jmp 0xfffbb908 -loc_fffbb910: ; not directly referenced +loc_fffbb8f2: ; not directly referenced mov byte [ebp - 0x348], dl -jmp short loc_fffbb926 ; jmp 0xfffbb926 +jmp short loc_fffbb908 ; jmp 0xfffbb908 -loc_fffbb918: ; not directly referenced +loc_fffbb8fa: ; not directly referenced mov byte [ebp - 0x34c], dl -jmp short loc_fffbb926 ; jmp 0xfffbb926 +jmp short loc_fffbb908 ; jmp 0xfffbb908 -loc_fffbb920: ; not directly referenced +loc_fffbb902: ; not directly referenced mov byte [ebp - 0x350], dl -loc_fffbb926: ; not directly referenced +loc_fffbb908: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffbb8b1 ; jne 0xfffbb8b1 +jne short loc_fffbb893 ; jne 0xfffbb893 mov ecx, dword [ebp - 0x350] mov eax, dword [ebp - 0x34c] mov edx, dword [ebp - 0x348] @@ -38073,23 +38041,23 @@ and eax, 0x7f add edx, 0x180c or ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 push eax mov eax, dword [ebp + 8] push 0 -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] push eax mov eax, dword [ebp - 0x38c] push dword [ebp - 0x340] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffbb992: ; not directly referenced +loc_fffbb974: ; not directly referenced add edi, 0x10 add ebx, 0x13c3 add dword [ebp - 0x340], 0xcc cmp edi, 0x20 -jne loc_fffbb870 ; jne 0xfffbb870 +jne loc_fffbb852 ; jne 0xfffbb852 push 2 push 0 push 0 @@ -38102,24 +38070,24 @@ push 0 push 0 push 1 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x24 push dword [ebp + 8] -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp short loc_fffbb9fc ; jmp 0xfffbb9fc +jmp short loc_fffbb9de ; jmp 0xfffbb9de -loc_fffbb9dc: ; not directly referenced +loc_fffbb9be: ; not directly referenced mov eax, 6 -jmp short loc_fffbb9fc ; jmp 0xfffbb9fc +jmp short loc_fffbb9de ; jmp 0xfffbb9de -loc_fffbb9e3: ; not directly referenced +loc_fffbb9c5: ; not directly referenced add dword [ebp - 0x34c], 8 cmp dword [ebp - 0x34c], 0x20 -jne loc_fffbb334 ; jne 0xfffbb334 -jmp near loc_fffbb5bc ; jmp 0xfffbb5bc +jne loc_fffbb316 ; jne 0xfffbb316 +jmp near loc_fffbb59e ; jmp 0xfffbb59e -loc_fffbb9fc: ; not directly referenced +loc_fffbb9de: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -38127,7 +38095,7 @@ pop edi pop ebp ret -fcn_fffbba04: ; not directly referenced +fcn_fffbb9e6: ; not directly referenced push ebp mov ebp, esp push edi @@ -38135,20 +38103,20 @@ push esi push ebx sub esp, 0x2bc mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov dword [ebp - 0x294], eax mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x2a0], al mov eax, dword [ebp + 8] mov eax, dword [eax + 0x1887] mov dword [ebp - 0x284], eax mov eax, dword [ebp + 8] -mov al, byte [eax + 0x247b] +mov al, byte [eax + 0x247c] mov byte [ebp - 0x2a4], al mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x2480] -mov byte [eax + 0x247b], 0 +mov edx, dword [eax + 0x2481] +mov byte [eax + 0x247c], 0 xor eax, eax cmp edx, 3 sete al @@ -38161,17 +38129,17 @@ add eax, 0x800 cmp edx, 2 sete bl mov dword [ebp - 0x280], ebx -jne short loc_fffbba9d ; jne 0xfffbba9d +jne short loc_fffbba7f ; jne 0xfffbba7f mov esi, dword [ebp + 8] mov dx, 0x800 -cmp dword [esi + 0x36d7], 0x536 +cmp dword [esi + 0x36d8], 0x536 cmovae eax, edx -loc_fffbba9d: ; not directly referenced +loc_fffbba7f: ; not directly referenced mov esi, dword [ebp + 8] mov ecx, 0xf4240 xor edi, edi -movzx edx, word [esi + 0x2489] +movzx edx, word [esi + 0x248a] imul eax, edx xor edx, edx add eax, 0xf423f @@ -38182,41 +38150,41 @@ add eax, 0x1c mov dword [ebp - 0x2ac], eax mov esi, eax -loc_fffbbad1: ; not directly referenced +loc_fffbbab3: ; not directly referenced imul eax, edi, 0x13c3 mov ecx, dword [ebp + 8] -cmp dword [ecx + eax + 0x3756], 2 -je short loc_fffbbb0c ; je 0xfffbbb0c +cmp dword [ecx + eax + 0x3757], 2 +je short loc_fffbbaee ; je 0xfffbbaee -loc_fffbbae4: ; not directly referenced +loc_fffbbac6: ; not directly referenced inc edi add esi, 0xcc cmp edi, 2 -jne short loc_fffbbad1 ; jne 0xfffbbad1 +jne short loc_fffbbab3 ; jne 0xfffbbab3 imul eax, dword [ebp - 0x274], 0xf mov dword [ebp - 0x270], 0 mov dword [ebp - 0x298], eax -jmp near loc_fffbbbae ; jmp 0xfffbbbae +jmp near loc_fffbbb90 ; jmp 0xfffbbb90 -loc_fffbbb0c: ; not directly referenced +loc_fffbbaee: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, edi mov ebx, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 and ebx, 0xff0fffff or ebx, 0x200000 mov ecx, ebx mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x270], 0 -loc_fffbbb3c: ; not directly referenced +loc_fffbbb1e: ; not directly referenced mov ecx, dword [ebp + 8] mov al, byte [ebp - 0x270] -cmp al, byte [ecx + 0x2488] -jae short loc_fffbbae4 ; jae 0xfffbbae4 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbbac6 ; jae 0xfffbbac6 movzx ecx, byte [ebp - 0x270] mov edx, dword [ebp - 0x27c] mov ebx, dword [esi + ecx*4 + 0x28] @@ -38227,25 +38195,25 @@ or eax, 0x40000 test edx, edx cmovne ebx, eax cmp dword [ebp - 0x280], 0 -je short loc_fffbbb90 ; je 0xfffbbb90 +je short loc_fffbbb72 ; je 0xfffbbb72 mov edx, dword [ebp + 8] mov eax, ebx or eax, 0x40000 -cmp dword [edx + 0x36d7], 0x536 +cmp dword [edx + 0x36d8], 0x536 cmovae ebx, eax -loc_fffbbb90: ; not directly referenced +loc_fffbbb72: ; not directly referenced mov eax, dword [ebp + 8] mov edx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, ebx mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x270] -jmp short loc_fffbbb3c ; jmp 0xfffbbb3c +jmp short loc_fffbbb1e ; jmp 0xfffbbb1e -loc_fffbbbae: ; not directly referenced +loc_fffbbb90: ; not directly referenced mov cl, byte [ebp - 0x270] mov eax, 1 mov esi, eax @@ -38254,17 +38222,17 @@ mov ebx, esi mov dword [ebp - 0x278], esi mov byte [ebp - 0x28c], bl test byte [ebp - 0x2a0], bl -jne short loc_fffbbbef ; jne 0xfffbbbef +jne short loc_fffbbbd1 ; jne 0xfffbbbd1 -loc_fffbbbd3: ; not directly referenced +loc_fffbbbb5: ; not directly referenced inc dword [ebp - 0x270] cmp dword [ebp - 0x270], 4 -jne short loc_fffbbbae ; jne 0xfffbbbae +jne short loc_fffbbb90 ; jne 0xfffbbb90 mov esi, dword [ebp - 0x2ac] xor ebx, ebx -jmp near loc_fffbc378 ; jmp 0xfffbc378 +jmp near loc_fffbc35a ; jmp 0xfffbc35a -loc_fffbbbef: ; not directly referenced +loc_fffbbbd1: ; not directly referenced mov esi, dword [ebp - 0x270] lea ecx, [esi + 2] mov edx, esi @@ -38276,7 +38244,7 @@ movzx edx, dl mov byte [ebp - 0x29c], al mov eax, dword [ebp + 8] mov dword [ebp - 0x2a8], edx -add eax, 0x3816 +add eax, 0x3817 mov dword [ebp - 0x274], eax imul eax, edx, 0x128 mov edi, eax @@ -38286,18 +38254,18 @@ mov esi, dword [ebp + 8] and eax, 1 imul eax, eax, 0x18 add eax, edi -lea edi, [esi + eax + 0x49c3] +lea edi, [esi + eax + 0x49c4] xor esi, esi mov dword [ebp - 0x2b4], eax -loc_fffbbc4e: ; not directly referenced +loc_fffbbc30: ; not directly referenced mov ebx, dword [ebp - 0x278] mov ecx, dword [ebp - 0x274] mov byte [ebp - 0x290], bl test byte [ecx + 4], bl -je loc_fffbbe21 ; je 0xfffbbe21 +je loc_fffbbe03 ; je 0xfffbbe03 cmp dword [ebp - 0x27c], 0 -je short loc_fffbbc96 ; je 0xfffbbc96 +je short loc_fffbbc78 ; je 0xfffbbc78 push ecx mov ecx, dword [ebp - 0x270] mov edx, esi @@ -38308,24 +38276,24 @@ movzx eax, ax push eax mov eax, dword [ebp + 8] push 2 -call fcn_fffaa505 ; call 0xfffaa505 -jmp near loc_fffbbda7 ; jmp 0xfffbbda7 +call fcn_fffacb43 ; call 0xfffacb43 +jmp near loc_fffbbd89 ; jmp 0xfffbbd89 -loc_fffbbc96: ; not directly referenced +loc_fffbbc78: ; not directly referenced cmp dword [ebp - 0x280], 0 -je short loc_fffbbcfc ; je 0xfffbbcfc +je short loc_fffbbcde ; je 0xfffbbcde mov eax, dword [ebp + 8] mov edx, esi -call fcn_fffa6c42 ; call 0xfffa6c42 +call fcn_fffa6bf0 ; call 0xfffa6bf0 test eax, eax -je loc_fffbccb7 ; je 0xfffbccb7 +je loc_fffbcc99 ; je 0xfffbcc99 movzx ecx, byte [eax] sub esp, 0xc mov ax, word [edi + 8] mov edx, dword [ebp + 8] push eax lea eax, [ebp - 0x26a] -call fcn_fffa6cab ; call 0xfffa6cab +call fcn_fffa6c59 ; call 0xfffa6c59 mov ebx, dword [ebp - 0x278] pop eax movzx eax, word [ebp - 0x26a] @@ -38335,7 +38303,7 @@ mov ecx, ebx push eax mov eax, dword [ebp + 8] push 5 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov ax, word [edi] pop ecx mov ecx, ebx @@ -38344,50 +38312,50 @@ or al, 0x80 movzx eax, ax push eax push 1 -jmp near loc_fffbbd9d ; jmp 0xfffbbd9d +jmp near loc_fffbbd7f ; jmp 0xfffbbd7f -loc_fffbbcfc: ; not directly referenced +loc_fffbbcde: ; not directly referenced mov ecx, dword [ebp - 0x2a8] mov edx, esi mov eax, dword [ebp + 8] mov bx, word [edi] -call fcn_fffa69ea ; call 0xfffa69ea +call fcn_fffa6998 ; call 0xfffa6998 or bl, 0x80 mov dword [ebp - 0x288], eax test eax, eax -je loc_fffbccb7 ; je 0xfffbccb7 +je loc_fffbcc99 ; je 0xfffbcc99 mov eax, dword [ebp - 0x284] cmp eax, 0x306d0 sete dl cmp eax, 0x40650 sete al or dl, al -je short loc_fffbbd5f ; je 0xfffbbd5f +je short loc_fffbbd41 ; je 0xfffbbd41 mov eax, dword [ebp - 0x288] sub esp, 0xc mov edx, dword [ebp + 8] movzx ecx, byte [eax] lea eax, [ebp - 0x26a] push ebx -call fcn_fffa6bd1 ; call 0xfffa6bd1 +call fcn_fffa6b7f ; call 0xfffa6b7f mov bx, word [ebp - 0x26a] add esp, 0x10 -loc_fffbbd5f: ; not directly referenced +loc_fffbbd41: ; not directly referenced mov eax, dword [ebp - 0x274] cmp dword [eax], 2 -jne short loc_fffbbd8f ; jne 0xfffbbd8f +jne short loc_fffbbd71 ; jne 0xfffbbd71 mov eax, dword [ebp - 0x288] sub esp, 0xc mov edx, dword [ebp + 8] movzx ecx, byte [eax] lea eax, [ebp - 0x26a] push ebx -call fcn_fffa6bd1 ; call 0xfffa6bd1 +call fcn_fffa6b7f ; call 0xfffa6b7f mov bx, word [ebp - 0x26a] add esp, 0x10 -loc_fffbbd8f: ; not directly referenced +loc_fffbbd71: ; not directly referenced mov ecx, dword [ebp - 0x278] movzx ebx, bx push eax @@ -38395,12 +38363,12 @@ push eax push ebx push 1 -loc_fffbbd9d: ; not directly referenced +loc_fffbbd7f: ; not directly referenced mov eax, dword [ebp + 8] mov edx, esi -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb -loc_fffbbda7: ; not directly referenced +loc_fffbbd89: ; not directly referenced mov eax, dword [ebp - 0x274] add esp, 0x10 mov bl, byte [ebp - 0x28c] @@ -38409,65 +38377,65 @@ mov al, byte [ebp - 0x29c] cmove ebx, eax xor ecx, ecx cmp dword [ebp - 0x27c], 0 -je short loc_fffbbdd4 ; je 0xfffbbdd4 +je short loc_fffbbdb6 ; je 0xfffbbdb6 mov ecx, 0x10001 -jmp short loc_fffbbe05 ; jmp 0xfffbbe05 +jmp short loc_fffbbde7 ; jmp 0xfffbbde7 -loc_fffbbdd4: ; not directly referenced +loc_fffbbdb6: ; not directly referenced mov eax, dword [ebp - 0x284] cmp eax, 0x40660 sete dl cmp eax, 0x306c0 sete al or dl, al -jne short loc_fffbbdfa ; jne 0xfffbbdfa +jne short loc_fffbbddc ; jne 0xfffbbddc cmp dword [ebp - 0x284], 0x40670 -jne short loc_fffbbe05 ; jne 0xfffbbe05 +jne short loc_fffbbde7 ; jne 0xfffbbde7 -loc_fffbbdfa: ; not directly referenced +loc_fffbbddc: ; not directly referenced mov ecx, ebx and ecx, 0xf shl ecx, 0x10 or ecx, 0xf -loc_fffbbe05: ; not directly referenced +loc_fffbbde7: ; not directly referenced cmp dword [ebp - 0x280], 0 -jne short loc_fffbbe21 ; jne 0xfffbbe21 +jne short loc_fffbbe03 ; jne 0xfffbbe03 mov eax, dword [ebp + 8] mov edx, esi shl edx, 0xa add edx, 0x4194 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbbe21: ; not directly referenced +loc_fffbbe03: ; not directly referenced inc esi add edi, 0x13c3 add dword [ebp - 0x274], 0x13c3 cmp esi, 2 -jne loc_fffbbc4e ; jne 0xfffbbc4e +jne loc_fffbbc30 ; jne 0xfffbbc30 mov eax, dword [ebp - 0x270] mov si, 0xc0 and eax, 3 mov dword [ebp - 0x29c], eax shl dword [ebp - 0x29c], 0x16 -loc_fffbbe55: ; not directly referenced +loc_fffbbe37: ; not directly referenced mov dword [ebp - 0x274], 0 -loc_fffbbe5f: ; not directly referenced +loc_fffbbe41: ; not directly referenced imul eax, dword [ebp - 0x274], 0x13c3 mov edi, dword [ebp + 8] mov bl, byte [ebp - 0x290] -test byte [edi + eax + 0x381a], bl -jne short loc_fffbbe8f ; jne 0xfffbbe8f +test byte [edi + eax + 0x381b], bl +jne short loc_fffbbe71 ; jne 0xfffbbe71 -loc_fffbbe7b: ; not directly referenced +loc_fffbbe5d: ; not directly referenced inc dword [ebp - 0x274] cmp dword [ebp - 0x274], 2 -jne short loc_fffbbe5f ; jne 0xfffbbe5f -jmp near loc_fffbbf14 ; jmp 0xfffbbf14 +jne short loc_fffbbe41 ; jne 0xfffbbe41 +jmp near loc_fffbbef6 ; jmp 0xfffbbef6 -loc_fffbbe8f: ; not directly referenced +loc_fffbbe71: ; not directly referenced imul eax, dword [ebp - 0x274], 0xcc mov edi, dword [ebp - 0x294] mov byte [ebp - 0x288], 0 @@ -38476,11 +38444,11 @@ and ebx, 0xff0fff7d or ebx, 0x200082 or ebx, dword [ebp - 0x29c] -loc_fffbbebc: ; not directly referenced +loc_fffbbe9e: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x288] -cmp al, byte [edi + 0x2488] -jae short loc_fffbbe7b ; jae 0xfffbbe7b +cmp al, byte [edi + 0x2489] +jae short loc_fffbbe5d ; jae 0xfffbbe5d movzx edi, byte [ebp - 0x288] mov ecx, dword [ebp - 0x270] push eax @@ -38489,65 +38457,65 @@ mov eax, dword [ebp + 8] push esi push 1 push edi -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e mov edx, dword [ebp - 0x274] mov ecx, edi mov eax, dword [ebp + 8] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, ebx mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 inc byte [ebp - 0x288] -jmp short loc_fffbbebc ; jmp 0xfffbbebc +jmp short loc_fffbbe9e ; jmp 0xfffbbe9e -loc_fffbbf14: ; not directly referenced +loc_fffbbef6: ; not directly referenced mov word [ebp - 0x2a8], si cmp si, 0xc0 -jne short loc_fffbbf30 ; jne 0xfffbbf30 +jne short loc_fffbbf12 ; jne 0xfffbbf12 mov edx, dword [ebp - 0x298] mov eax, dword [ebp + 8] -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbbf30: ; not directly referenced +loc_fffbbf12: ; not directly referenced mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov edx, dword [ebp - 0x298] -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 lea eax, [esi - 2] mov dword [ebp - 0x274], 0 mov dword [ebp - 0x28c], eax -loc_fffbbf59: ; not directly referenced +loc_fffbbf3b: ; not directly referenced imul eax, dword [ebp - 0x274], 0x13c3 mov edi, dword [ebp + 8] mov bl, byte [ebp - 0x290] -test byte [edi + eax + 0x381a], bl -je loc_fffbc02a ; je 0xfffbc02a +test byte [edi + eax + 0x381b], bl +je loc_fffbc00c ; je 0xfffbc00c mov byte [ebp - 0x288], 0 imul edi, dword [ebp - 0x274], 9 -jmp near loc_fffbc015 ; jmp 0xfffbc015 +jmp near loc_fffbbff7 ; jmp 0xfffbbff7 -loc_fffbbf8c: ; not directly referenced +loc_fffbbf6e: ; not directly referenced movzx ebx, byte [ebp - 0x288] mov edx, dword [ebp - 0x274] mov eax, dword [ebp + 8] mov ecx, ebx -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f and eax, 0x1ff cmp eax, 0xf setg al cmp word [ebp - 0x2a8], 0xc0 movzx eax, al -jne loc_fffbc083 ; jne 0xfffbc083 +jne loc_fffbc065 ; jne 0xfffbc065 add ebx, edi test eax, eax -je short loc_fffbc042 ; je 0xfffbc042 +je short loc_fffbc024 ; je 0xfffbc024 mov dword [ebp + ebx*4 - 0x180], 0xc0 mov dword [ebp + ebx*4 - 0x1c8], 0xc0 mov dword [ebp + ebx*4 - 0xf0], 0xc0 @@ -38555,58 +38523,58 @@ mov dword [ebp + ebx*4 - 0x138], 0xc0 mov dword [ebp + ebx*4 - 0x60], 0xc0 mov dword [ebp + ebx*4 - 0xa8], 0xc0 -loc_fffbc00f: ; not directly referenced +loc_fffbbff1: ; not directly referenced inc byte [ebp - 0x288] -loc_fffbc015: ; not directly referenced +loc_fffbbff7: ; not directly referenced mov ebx, dword [ebp + 8] mov al, byte [ebp - 0x288] -cmp al, byte [ebx + 0x2488] -jb loc_fffbbf8c ; jb 0xfffbbf8c +cmp al, byte [ebx + 0x2489] +jb loc_fffbbf6e ; jb 0xfffbbf6e -loc_fffbc02a: ; not directly referenced +loc_fffbc00c: ; not directly referenced inc dword [ebp - 0x274] cmp dword [ebp - 0x274], 2 -jne loc_fffbbf59 ; jne 0xfffbbf59 -jmp near loc_fffbc12e ; jmp 0xfffbc12e +jne loc_fffbbf3b ; jne 0xfffbbf3b +jmp near loc_fffbc110 ; jmp 0xfffbc110 -loc_fffbc042: ; not directly referenced +loc_fffbc024: ; not directly referenced mov dword [ebp + ebx*4 - 0x180], 0xfffffffe mov dword [ebp + ebx*4 - 0x1c8], 0xfffffffe mov dword [ebp + ebx*4 - 0xf0], 0xfffffffe mov dword [ebp + ebx*4 - 0x138], 0xfffffffe mov dword [ebp + ebx*4 - 0x60], 0xfffffffe mov dword [ebp + ebx*4 - 0xa8], 0xfffffffe -jmp short loc_fffbc00f ; jmp 0xfffbc00f +jmp short loc_fffbbff1 ; jmp 0xfffbbff1 -loc_fffbc083: ; not directly referenced +loc_fffbc065: ; not directly referenced test eax, eax -je short loc_fffbc00f ; je 0xfffbc00f +je short loc_fffbbff1 ; je 0xfffbbff1 lea eax, [edi + ebx] mov ecx, dword [ebp - 0x28c] cmp dword [ebp + eax*4 - 0x180], ecx -jne short loc_fffbc0a0 ; jne 0xfffbc0a0 +jne short loc_fffbc082 ; jne 0xfffbc082 mov dword [ebp + eax*4 - 0x180], esi -loc_fffbc0a0: ; not directly referenced +loc_fffbc082: ; not directly referenced lea eax, [edi + ebx] mov ecx, dword [ebp - 0x28c] cmp dword [ebp + eax*4 - 0xf0], ecx mov dword [ebp + eax*4 - 0xf0], esi -je short loc_fffbc0c0 ; je 0xfffbc0c0 +je short loc_fffbc0a2 ; je 0xfffbc0a2 mov dword [ebp + eax*4 - 0x138], esi -loc_fffbc0c0: ; not directly referenced +loc_fffbc0a2: ; not directly referenced cmp esi, 0x13e -jne short loc_fffbc0ec ; jne 0xfffbc0ec +jne short loc_fffbc0ce ; jne 0xfffbc0ce lea eax, [edi + ebx] cmp dword [ebp + eax*4 - 0x1c8], 0xc0 -jne short loc_fffbc0ec ; jne 0xfffbc0ec +jne short loc_fffbc0ce ; jne 0xfffbc0ce mov ecx, dword [ebp + eax*4 - 0x180] lea edx, [ecx + 0x80] mov dword [ebp + eax*4 - 0xf0], edx -loc_fffbc0ec: ; not directly referenced +loc_fffbc0ce: ; not directly referenced lea ecx, [edi + ebx] mov edx, dword [ebp + ecx*4 - 0xf0] mov ebx, dword [ebp + ecx*4 - 0x138] @@ -38616,41 +38584,41 @@ mov dword [ebp - 0x2b8], eax mov eax, dword [ebp + ecx*4 - 0x60] sub eax, dword [ebp + ecx*4 - 0xa8] cmp dword [ebp - 0x2b8], eax -jle loc_fffbc00f ; jle 0xfffbc00f +jle loc_fffbbff1 ; jle 0xfffbbff1 mov dword [ebp + ecx*4 - 0xa8], ebx mov dword [ebp + ecx*4 - 0x60], edx -jmp near loc_fffbc00f ; jmp 0xfffbc00f +jmp near loc_fffbbff1 ; jmp 0xfffbbff1 -loc_fffbc12e: ; not directly referenced +loc_fffbc110: ; not directly referenced add esi, 2 cmp esi, 0x140 -jne loc_fffbbe55 ; jne 0xfffbbe55 +jne loc_fffbbe37 ; jne 0xfffbbe37 mov eax, dword [ebp + 8] mov esi, dword [ebp - 0x2b4] mov dword [ebp - 0x274], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x28c], eax mov eax, dword [ebp + 8] -lea eax, [eax + esi + 0x49cb] +lea eax, [eax + esi + 0x49cc] mov dword [ebp - 0x288], eax imul eax, dword [ebp - 0x270], 9 mov dword [ebp - 0x2a8], eax -loc_fffbc178: ; not directly referenced +loc_fffbc15a: ; not directly referenced mov esi, dword [ebp - 0x28c] mov al, byte [ebp - 0x290] test byte [esi + 0xc4], al -jne short loc_fffbc1b5 ; jne 0xfffbc1b5 +jne short loc_fffbc197 ; jne 0xfffbc197 -loc_fffbc18c: ; not directly referenced +loc_fffbc16e: ; not directly referenced inc dword [ebp - 0x274] add dword [ebp - 0x28c], 0x13c3 add dword [ebp - 0x288], 0x13c3 cmp dword [ebp - 0x274], 2 -je loc_fffbbbd3 ; je 0xfffbbbd3 -jmp short loc_fffbc178 ; jmp 0xfffbc178 +je loc_fffbbbb5 ; je 0xfffbbbb5 +jmp short loc_fffbc15a ; jmp 0xfffbc15a -loc_fffbc1b5: ; not directly referenced +loc_fffbc197: ; not directly referenced mov eax, dword [ebp - 0x28c] xor ecx, ecx mov esi, dword [ebp - 0x2b0] @@ -38660,9 +38628,9 @@ shl edx, 0xa add edx, 0x4194 mov byte [ebp - 0x29c], al mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x27c], 0 -je short loc_fffbc216 ; je 0xfffbc216 +je short loc_fffbc1f8 ; je 0xfffbc1f8 push eax mov eax, dword [ebp - 0x288] push 0 @@ -38672,10 +38640,10 @@ movzx eax, word [eax - 6] push eax mov eax, dword [ebp + 8] push 2 -call fcn_fffaa505 ; call 0xfffaa505 -jmp short loc_fffbc239 ; jmp 0xfffbc239 +call fcn_fffacb43 ; call 0xfffacb43 +jmp short loc_fffbc21b ; jmp 0xfffbc21b -loc_fffbc216: ; not directly referenced +loc_fffbc1f8: ; not directly referenced push eax mov ecx, dword [ebp - 0x278] push eax @@ -38685,12 +38653,12 @@ movzx eax, word [eax - 8] push eax mov eax, dword [ebp + 8] push 1 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb -loc_fffbc239: ; not directly referenced +loc_fffbc21b: ; not directly referenced add esp, 0x10 cmp dword [ebp - 0x280], 0 -je short loc_fffbc26a ; je 0xfffbc26a +je short loc_fffbc24c ; je 0xfffbc24c push eax mov ecx, dword [ebp - 0x278] push eax @@ -38700,17 +38668,17 @@ movzx eax, word [eax] push eax mov eax, dword [ebp + 8] push 5 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbc26a: ; not directly referenced +loc_fffbc24c: ; not directly referenced imul esi, dword [ebp - 0x274], 9 xor ebx, ebx -loc_fffbc273: ; not directly referenced +loc_fffbc255: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae loc_fffbc18c ; jae 0xfffbc18c +cmp bl, byte [eax + 0x2489] +jae loc_fffbc16e ; jae 0xfffbc16e movzx eax, bl lea ecx, [esi + eax] mov edx, dword [ebp + ecx*4 - 0xa8] @@ -38718,45 +38686,45 @@ mov ecx, dword [ebp + ecx*4 - 0x60] sub ecx, edx sub ecx, 0x21 cmp ecx, 0x3e -jbe short loc_fffbc2ad ; jbe 0xfffbc2ad +jbe short loc_fffbc28f ; jbe 0xfffbc28f mov edi, dword [ebp + 8] cmp byte [edi + 0x1965], 0 -jne loc_fffbccc1 ; jne 0xfffbccc1 +jne loc_fffbcca3 ; jne 0xfffbcca3 -loc_fffbc2ad: ; not directly referenced +loc_fffbc28f: ; not directly referenced cmp byte [ebp - 0x29c], 0x10 -jne short loc_fffbc303 ; jne 0xfffbc303 +jne short loc_fffbc2e5 ; jne 0xfffbc2e5 test bl, 1 -je short loc_fffbc303 ; je 0xfffbc303 +je short loc_fffbc2e5 ; je 0xfffbc2e5 lea ecx, [ebx - 1] movzx ecx, cl lea edi, [esi + ecx] mov edi, dword [ebp + edi*4 - 0xa8] add edi, 0x40 cmp edx, edi -jle short loc_fffbc2df ; jle 0xfffbc2df +jle short loc_fffbc2c1 ; jle 0xfffbc2c1 lea edi, [esi + eax] add edx, 0xffffff80 mov dword [ebp + edi*4 - 0xa8], edx -loc_fffbc2df: ; not directly referenced +loc_fffbc2c1: ; not directly referenced add ecx, esi lea edx, [esi + eax] mov ecx, dword [ebp + ecx*4 - 0xa8] mov edi, dword [ebp + edx*4 - 0xa8] sub ecx, 0x40 cmp edi, ecx -jge short loc_fffbc303 ; jge 0xfffbc303 +jge short loc_fffbc2e5 ; jge 0xfffbc2e5 sub edi, 0xffffff80 mov dword [ebp + edx*4 - 0xa8], edi -loc_fffbc303: ; not directly referenced +loc_fffbc2e5: ; not directly referenced cmp dword [ebp - 0x284], 0x40650 -jne short loc_fffbc31a ; jne 0xfffbc31a +jne short loc_fffbc2fc ; jne 0xfffbc2fc lea edx, [esi + eax] add dword [ebp + edx*4 - 0xa8], 0x40 -loc_fffbc31a: ; not directly referenced +loc_fffbc2fc: ; not directly referenced lea edx, [esi + eax] mov ecx, dword [ebp + edx*4 - 0xa8] movzx edx, bl @@ -38774,53 +38742,53 @@ push 0 push 0xff push eax mov eax, dword [ebp + 8] -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 -jmp near loc_fffbc273 ; jmp 0xfffbc273 +jmp near loc_fffbc255 ; jmp 0xfffbc255 -loc_fffbc36c: ; not directly referenced +loc_fffbc34e: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -je short loc_fffbc3e7 ; je 0xfffbc3e7 +je short loc_fffbc3c9 ; je 0xfffbc3c9 -loc_fffbc378: ; not directly referenced +loc_fffbc35a: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbc36c ; jne 0xfffbc36c +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffbc34e ; jne 0xfffbc34e mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [esi] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x270], 0 -loc_fffbc3ad: ; not directly referenced +loc_fffbc38f: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x270] -cmp al, byte [edi + 0x2488] -jae short loc_fffbc36c ; jae 0xfffbc36c +cmp al, byte [edi + 0x2489] +jae short loc_fffbc34e ; jae 0xfffbc34e movzx edi, byte [ebp - 0x270] mov edx, ebx mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [esi + edi*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x270] -jmp short loc_fffbc3ad ; jmp 0xfffbc3ad +jmp short loc_fffbc38f ; jmp 0xfffbc38f -loc_fffbc3e7: ; not directly referenced +loc_fffbc3c9: ; not directly referenced cmp dword [ebp - 0x27c], 0 -je loc_fffbc568 ; je 0xfffbc568 +je loc_fffbc54a ; je 0xfffbc54a -loc_fffbc3f4: ; not directly referenced +loc_fffbc3d6: ; not directly referenced mov esi, dword [ebp + 8] lea edi, [ebp - 0x1f4] mov ecx, 0xb @@ -38828,22 +38796,22 @@ mov al, byte [ebp - 0x2a4] mov byte [ebp - 0x25f], 0 mov byte [ebp - 0x25e], 1 mov byte [ebp - 0x25d], 0xff -mov byte [esi + 0x247b], al +mov byte [esi + 0x247c], al xor eax, eax -mov esi, ref_fffd58d8 ; mov esi, 0xfffd58d8 +mov esi, ref_fffd5394 ; mov esi, 0xfffd5394 rep stosd ; rep stosd dword es:[edi], eax lea edi, [ebp - 0x25a] mov eax, dword [ebp + 8] mov word [ebp - 0x1e6], 0x3ff mov word [ebp - 0x1ca], 1 mov byte [ebp - 0x25c], 2 -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] lea eax, [ebp - 0x243] mov byte [ebp - 0x25b], 3 mov cl, 7 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] lea edi, [ebp - 0x253] -mov esi, ref_fffd58e0 ; mov esi, 0xfffd58e0 +mov esi, ref_fffd539c ; mov esi, 0xfffd539c mov byte [ebp - 0x243], 0 mov byte [ebp - 0x242], 0 mov byte [ebp - 0x241], 1 @@ -38852,7 +38820,7 @@ mov byte [ebp - 0x23f], 1 mov cl, 7 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] lea edi, [ebp - 0x220] -mov esi, ref_fffd58e8 ; mov esi, 0xfffd58e8 +mov esi, ref_fffd53a4 ; mov esi, 0xfffd53a4 mov byte [ebp - 0x23e], 1 mov byte [ebp - 0x23d], 0 mov byte [ebp - 0x23c], 0 @@ -38861,7 +38829,7 @@ mov byte [ebp - 0x23a], 0xff mov cl, 3 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] lea edi, [ebp - 0x214] -mov esi, ref_fffd58f4 ; mov esi, 0xfffd58f4 +mov esi, ref_fffd53b0 ; mov esi, 0xfffd53b0 mov byte [ebp - 0x239], 0xff mov byte [ebp - 0x238], 0 mov cl, 3 @@ -38889,29 +38857,29 @@ push eax call dword [ebx + 0x5c] ; ucall mov eax, dword [ebp + 8] add esp, 0x10 -cmp dword [eax + 0x2480], 3 +cmp dword [eax + 0x2481], 3 sete al xor ebx, ebx movzx eax, al mov dword [ebp - 0x2a4], eax -jmp short loc_fffbc58d ; jmp 0xfffbc58d +jmp short loc_fffbc56f ; jmp 0xfffbc56f -loc_fffbc568: ; not directly referenced +loc_fffbc54a: ; not directly referenced cmp dword [ebp - 0x280], 0 mov eax, dword [ebp + 8] -je short loc_fffbc57b ; je 0xfffbc57b -call fcn_fffac67c ; call 0xfffac67c -jmp short loc_fffbc580 ; jmp 0xfffbc580 +je short loc_fffbc55d ; je 0xfffbc55d +call fcn_fffad6b6 ; call 0xfffad6b6 +jmp short loc_fffbc562 ; jmp 0xfffbc562 -loc_fffbc57b: ; not directly referenced -call fcn_fffb1a87 ; call 0xfffb1a87 +loc_fffbc55d: ; not directly referenced +call fcn_fffaddc7 ; call 0xfffaddc7 -loc_fffbc580: ; not directly referenced +loc_fffbc562: ; not directly referenced test eax, eax -je loc_fffbc3f4 ; je 0xfffbc3f4 -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +je loc_fffbc3d6 ; je 0xfffbc3d6 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbc58d: ; not directly referenced +loc_fffbc56f: ; not directly referenced mov eax, dword [ebp + 8] mov edx, esi add esi, 2 @@ -38921,25 +38889,25 @@ mov ecx, edi push ebx inc ebx push 8 -call fcn_fffa81d3 ; call 0xfffa81d3 +call fcn_fffa8181 ; call 0xfffa8181 add esp, 0x10 cmp ebx, 4 -jne short loc_fffbc58d ; jne 0xfffbc58d +jne short loc_fffbc56f ; jne 0xfffbc56f mov eax, dword [ebp + 8] lea edx, [ebp - 0x220] -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x2b8], al mov eax, dword [ebp + 8] -movzx ecx, byte [eax + 0x2488] +movzx ecx, byte [eax + 0x2489] mov eax, 1 shl eax, cl xor ecx, ecx dec eax mov word [ebp - 0x2a8], ax mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] lea eax, [ebp - 0x22b] push 0 push 0 @@ -38951,32 +38919,32 @@ push eax mov eax, dword [ebp + 8] push 4 push 2 -call fcn_fffb20e5 ; call 0xfffb20e5 +call fcn_fffae425 ; call 0xfffae425 mov eax, dword [ebp + 8] add esp, 0x20 -cmp dword [eax + 0x3756], 2 -jne short loc_fffbc62c ; jne 0xfffbc62c +cmp dword [eax + 0x3757], 2 +jne short loc_fffbc60e ; jne 0xfffbc60e mov ecx, 0x8049 mov edx, 0x4040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbc62c: ; not directly referenced +loc_fffbc60e: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffbc647 ; jne 0xfffbc647 +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffbc629 ; jne 0xfffbc629 mov ecx, 0x8049 mov edx, 0x4440 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbc647: ; not directly referenced +loc_fffbc629: ; not directly referenced mov eax, dword [ebp + 8] lea esi, [ebp - 0x24c] mov dword [ebp - 0x278], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x2ac], eax mov dword [ebp - 0x2b0], eax -loc_fffbc66b: ; not directly referenced +loc_fffbc64d: ; not directly referenced mov cl, byte [ebp - 0x278] xor edx, edx mov dword [ebp - 0x27c], 1 @@ -38984,20 +38952,20 @@ mov eax, dword [ebp + 8] shl dword [ebp - 0x27c], cl mov edi, dword [ebp - 0x27c] mov ecx, edi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov ecx, edi mov edx, 1 mov byte [ebp - 0x266], 0 mov word [ebp - 0x264], 0 mov bl, al mov eax, dword [ebp + 8] -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov byte [ebp - 0x265], 0 mov word [ebp - 0x262], 0 or eax, ebx mov ebx, edi test byte [ebp - 0x2b8], bl -je loc_fffbc971 ; je 0xfffbc971 +je loc_fffbc953 ; je 0xfffbc953 mov edx, dword [ebp - 0x278] movzx eax, al mov dword [ebp - 0x274], 3 @@ -39024,36 +38992,36 @@ imul ebx, edx, 0x128 mov dword [ebp - 0x28c], edi mov dword [ebp - 0x298], ebx -loc_fffbc74b: ; not directly referenced +loc_fffbc72d: ; not directly referenced mov eax, dword [ebp - 0x2ac] xor ebx, ebx mov dword [ebp - 0x280], eax -loc_fffbc759: ; not directly referenced +loc_fffbc73b: ; not directly referenced mov edi, dword [ebp - 0x280] mov al, byte [ebp - 0x27c] test byte [edi + 0xc4], al -jne loc_fffbc9df ; jne 0xfffbc9df +jne loc_fffbc9c1 ; jne 0xfffbc9c1 -loc_fffbc771: ; not directly referenced +loc_fffbc753: ; not directly referenced inc ebx add dword [ebp - 0x280], 0x13c3 cmp ebx, 2 -jne short loc_fffbc759 ; jne 0xfffbc759 +jne short loc_fffbc73b ; jne 0xfffbc73b mov al, byte [ebp - 0x27c] cmp dword [ebp - 0x2a4], 0 mov byte [ebp - 0x294], al -jne short loc_fffbc800 ; jne 0xfffbc800 +jne short loc_fffbc7e2 ; jne 0xfffbc7e2 mov eax, dword [ebp + 8] xor bl, bl -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] -lea edi, [eax + 0x381a] +lea edi, [eax + 0x381b] -loc_fffbc7a9: ; not directly referenced +loc_fffbc78b: ; not directly referenced mov al, byte [ebp - 0x294] test byte [edi], al -je short loc_fffbc7e7 ; je 0xfffbc7e7 +je short loc_fffbc7c9 ; je 0xfffbc7c9 push eax mov ecx, dword [ebp - 0x298] mov edx, ebx @@ -39067,22 +39035,22 @@ movzx eax, ax push eax mov eax, dword [ebp + 8] push 0 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbc7e7: ; not directly referenced +loc_fffbc7c9: ; not directly referenced inc ebx add edi, 0x13c3 cmp ebx, 2 -jne short loc_fffbc7a9 ; jne 0xfffbc7a9 +jne short loc_fffbc78b ; jne 0xfffbc78b mov eax, dword [ebp + 8] mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbc800: ; not directly referenced +loc_fffbc7e2: ; not directly referenced lea edi, [ebp - 0x253] -loc_fffbc806: ; not directly referenced +loc_fffbc7e8: ; not directly referenced push 0 xor ebx, ebx push 0 @@ -39097,7 +39065,7 @@ movsx eax, byte [edi] push eax push 2 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x2c mov edx, dword [ebp - 0x2bc] push 0 @@ -39106,50 +39074,50 @@ push 1 lea eax, [ebp - 0x25a] push eax mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 lea eax, [ebp - 0x206] add esp, 0x10 mov dword [ebp - 0x288], eax mov dword [ebp - 0x280], 1 -loc_fffbc863: ; not directly referenced +loc_fffbc845: ; not directly referenced imul eax, ebx, 0x13c3 mov edx, dword [ebp + 8] mov cl, byte [ebp - 0x294] -test byte [edx + eax + 0x381a], cl -je short loc_fffbc8e7 ; je 0xfffbc8e7 +test byte [edx + eax + 0x381b], cl +je short loc_fffbc8c9 ; je 0xfffbc8c9 mov eax, dword [ebp + 8] mov edx, ebx shl edx, 0xa add edx, 0x40ec -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp + 8] and eax, dword [ebp - 0x2a8] -mov cl, byte [ecx + 0x2488] +mov cl, byte [ecx + 0x2489] mov word [ebp - 0x270], ax mov ax, word [ebp + ebx*2 - 0x264] or word [ebp - 0x270], ax mov byte [ebp - 0x2a0], cl xor ecx, ecx -loc_fffbc8bb: ; not directly referenced +loc_fffbc89d: ; not directly referenced cmp byte [ebp - 0x2a0], cl -ja loc_fffbcb02 ; ja 0xfffbcb02 +ja loc_fffbcae4 ; ja 0xfffbcae4 mov eax, dword [ebp - 0x2a8] cmp word [ebp + ebx*2 - 0x264], ax mov eax, 0 cmove eax, dword [ebp - 0x280] mov dword [ebp - 0x280], eax -loc_fffbc8e7: ; not directly referenced +loc_fffbc8c9: ; not directly referenced inc ebx add dword [ebp - 0x288], 9 cmp ebx, 2 -jne loc_fffbc863 ; jne 0xfffbc863 +jne loc_fffbc845 ; jne 0xfffbc845 cmp dword [ebp - 0x280], 1 -jne loc_fffbcb38 ; jne 0xfffbcb38 +jne loc_fffbcb1a ; jne 0xfffbcb1a -loc_fffbc905: ; not directly referenced +loc_fffbc8e7: ; not directly referenced lea eax, [ebp - 0x206] xor edi, edi mov dword [ebp - 0x2a0], eax @@ -39160,25 +39128,25 @@ mov dword [ebp - 0x288], eax imul eax, dword [ebp - 0x278], 9 mov dword [ebp - 0x2c8], eax -loc_fffbc938: ; not directly referenced +loc_fffbc91a: ; not directly referenced mov ebx, dword [ebp - 0x288] mov al, byte [ebp - 0x294] test byte [ebx + 0xc4], al -jne loc_fffbcb68 ; jne 0xfffbcb68 +jne loc_fffbcb4a ; jne 0xfffbcb4a -loc_fffbc950: ; not directly referenced +loc_fffbc932: ; not directly referenced inc edi add dword [ebp - 0x288], 0x13c3 add dword [ebp - 0x28c], 0x13c3 add dword [ebp - 0x2a0], 9 cmp edi, 2 -jne short loc_fffbc938 ; jne 0xfffbc938 +jne short loc_fffbc91a ; jne 0xfffbc91a -loc_fffbc971: ; not directly referenced +loc_fffbc953: ; not directly referenced inc dword [ebp - 0x278] add dword [ebp - 0x2b0], 0x12 cmp dword [ebp - 0x278], 4 -jne loc_fffbc66b ; jne 0xfffbc66b +jne loc_fffbc64d ; jne 0xfffbc64d push eax mov ecx, 0x1010101 push eax @@ -39186,10 +39154,10 @@ mov eax, dword [ebp + 8] xor edx, edx push 0 push 8 -call fcn_fffa7fde ; call 0xfffa7fde +call fcn_fffa7f8c ; call 0xfffa7f8c mov eax, dword [ebp + 8] lea edx, [ebp - 0x214] -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c mov eax, dword [ebp + 8] add esp, 0x10 mov edx, 0x3670 @@ -39198,16 +39166,16 @@ mov eax, 0x367c cmove edx, eax mov eax, dword [ebp + 8] xor ecx, ecx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +call fcn_fffaa4a9 ; call 0xfffaa4a9 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbc9df: ; not directly referenced +loc_fffbc9c1: ; not directly referenced mov eax, dword [ebp - 0x284] movsx eax, byte [eax] cmp al, 2 -jle short loc_fffbca0d ; jle 0xfffbca0d +jle short loc_fffbc9ef ; jle 0xfffbc9ef mov edx, dword [ebp - 0x274] sub eax, 2 and edx, dword [esi + ebx*4] @@ -39215,18 +39183,18 @@ or edx, dword [ebp - 0x290] shl eax, 7 mov word [ebp - 0x270], ax mov dword [esi + ebx*4], edx -jmp short loc_fffbca4a ; jmp 0xfffbca4a +jmp short loc_fffbca2c ; jmp 0xfffbca2c -loc_fffbca0d: ; not directly referenced +loc_fffbc9ef: ; not directly referenced test al, al -jns short loc_fffbca2b ; jns 0xfffbca2b +jns short loc_fffbca0d ; jns 0xfffbca0d mov edi, dword [ebp - 0x274] mov word [ebp - 0x270], ax and dword [esi + ebx*4], edi shl word [ebp - 0x270], 7 -jmp short loc_fffbca4a ; jmp 0xfffbca4a +jmp short loc_fffbca2c ; jmp 0xfffbca2c -loc_fffbca2b: ; not directly referenced +loc_fffbca0d: ; not directly referenced mov cl, byte [ebp - 0x2b4] mov edx, dword [ebp - 0x274] and edx, dword [esi + ebx*4] @@ -39235,17 +39203,17 @@ shl eax, cl or edx, eax mov dword [esi + ebx*4], edx -loc_fffbca4a: ; not directly referenced +loc_fffbca2c: ; not directly referenced mov eax, dword [ebp - 0x280] add eax, dword [ebp - 0x28c] mov byte [ebp - 0x288], 0 mov dword [ebp - 0x294], eax -loc_fffbca63: ; not directly referenced +loc_fffbca45: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x288] -cmp al, byte [edi + 0x2488] -jae short loc_fffbcae8 ; jae 0xfffbcae8 +cmp al, byte [edi + 0x2489] +jae short loc_fffbcaca ; jae 0xfffbcaca movzx ecx, byte [ebp - 0x288] mov eax, dword [ebp - 0x28c] mov edi, dword [ebp - 0x280] @@ -39270,25 +39238,25 @@ mov eax, dword [ebp + 8] push 3 push ecx mov ecx, dword [ebp - 0x278] -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 inc byte [ebp - 0x288] -jmp near loc_fffbca63 ; jmp 0xfffbca63 +jmp near loc_fffbca45 ; jmp 0xfffbca45 -loc_fffbcae8: ; not directly referenced +loc_fffbcaca: ; not directly referenced mov ecx, dword [esi + ebx*4] mov edx, ebx mov eax, edi shl edx, 0xa add edx, 0x40d0 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffbc771 ; jmp 0xfffbc771 +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbc753 ; jmp 0xfffbc753 -loc_fffbcb02: ; not directly referenced +loc_fffbcae4: ; not directly referenced mov edx, 1 shl edx, cl test word [ebp - 0x270], dx -jne short loc_fffbcb32 ; jne 0xfffbcb32 +jne short loc_fffbcb14 ; jne 0xfffbcb14 or word [ebp + ebx*2 - 0x264], dx mov edx, dword [ebp - 0x284] mov eax, dword [ebp - 0x288] @@ -39296,31 +39264,31 @@ mov dl, byte [edx] add byte [ebp + ebx - 0x266], dl mov byte [eax + ecx], dl -loc_fffbcb32: ; not directly referenced +loc_fffbcb14: ; not directly referenced inc ecx -jmp near loc_fffbc8bb ; jmp 0xfffbc8bb +jmp near loc_fffbc89d ; jmp 0xfffbc89d -loc_fffbcb38: ; not directly referenced +loc_fffbcb1a: ; not directly referenced inc edi cmp edi, esi -jne loc_fffbc806 ; jne 0xfffbc806 +jne loc_fffbc7e8 ; jne 0xfffbc7e8 inc dword [ebp - 0x284] lea eax, [ebp - 0x25a] cmp dword [ebp - 0x284], eax -jne loc_fffbc74b ; jne 0xfffbc74b +jne loc_fffbc72d ; jne 0xfffbc72d mov dword [ebp - 0x280], 0 -jmp near loc_fffbc905 ; jmp 0xfffbc905 +jmp near loc_fffbc8e7 ; jmp 0xfffbc8e7 -loc_fffbcb68: ; not directly referenced +loc_fffbcb4a: ; not directly referenced cmp dword [ebp - 0x280], 0 -jne short loc_fffbcb81 ; jne 0xfffbcb81 +jne short loc_fffbcb63 ; jne 0xfffbcb63 mov eax, dword [ebp + 8] cmp byte [eax + 0x1965], 0 -jne loc_fffbccc1 ; jne 0xfffbccc1 +jne loc_fffbcca3 ; jne 0xfffbcca3 -loc_fffbcb81: ; not directly referenced +loc_fffbcb63: ; not directly referenced mov eax, dword [ebp + 8] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov bl, al mov byte [ebp - 0x2bc], al movsx eax, byte [ebp + edi - 0x266] @@ -39334,9 +39302,9 @@ cdq idiv ecx mov byte [ebp - 0x270], al -loc_fffbcbb1: ; not directly referenced +loc_fffbcb93: ; not directly referenced cmp byte [ebp - 0x270], 2 -jle short loc_fffbcbe2 ; jle 0xfffbcbe2 +jle short loc_fffbcbc4 ; jle 0xfffbcbc4 mov eax, dword [ebp - 0x274] and eax, dword [esi + edi*4] or eax, dword [ebp - 0x290] @@ -39345,19 +39313,19 @@ movsx eax, byte [ebp - 0x270] sub eax, 2 shl eax, 7 mov word [ebp - 0x284], ax -jmp short loc_fffbcc33 ; jmp 0xfffbcc33 +jmp short loc_fffbcc15 ; jmp 0xfffbcc15 -loc_fffbcbe2: ; not directly referenced +loc_fffbcbc4: ; not directly referenced cmp byte [ebp - 0x270], 0 -jns short loc_fffbcc0d ; jns 0xfffbcc0d +jns short loc_fffbcbef ; jns 0xfffbcbef mov eax, dword [ebp - 0x274] and dword [esi + edi*4], eax movsx ax, byte [ebp - 0x270] mov word [ebp - 0x284], ax shl word [ebp - 0x284], 7 -jmp short loc_fffbcc33 ; jmp 0xfffbcc33 +jmp short loc_fffbcc15 ; jmp 0xfffbcc15 -loc_fffbcc0d: ; not directly referenced +loc_fffbcbef: ; not directly referenced movsx eax, byte [ebp - 0x270] mov cl, byte [ebp - 0x2b4] mov edx, dword [ebp - 0x274] @@ -39367,16 +39335,16 @@ shl eax, cl or eax, edx mov dword [esi + edi*4], eax -loc_fffbcc33: ; not directly referenced +loc_fffbcc15: ; not directly referenced movsx ecx, word [ebp - 0x284] xor eax, eax movsx edx, byte [ebp - 0x270] mov dword [ebp - 0x2c0], ecx mov dword [ebp - 0x2c4], edx -loc_fffbcc4f: ; not directly referenced +loc_fffbcc31: ; not directly referenced cmp byte [ebp - 0x2bc], al -jbe short loc_fffbcccb ; jbe 0xfffbcccb +jbe short loc_fffbccad ; jbe 0xfffbccad mov edx, dword [ebp - 0x2a0] mov ecx, dword [ebp - 0x28c] movsx edx, byte [edx + eax] @@ -39386,46 +39354,46 @@ shl edx, 7 add edx, dword [ebp - 0x2c0] add ecx, edx cmp ecx, 0x1bf -jle short loc_fffbcc91 ; jle 0xfffbcc91 +jle short loc_fffbcc73 ; jle 0xfffbcc73 inc ebx inc byte [ebp - 0x270] -jmp short loc_fffbccae ; jmp 0xfffbccae +jmp short loc_fffbcc90 ; jmp 0xfffbcc90 -loc_fffbcc91: ; not directly referenced +loc_fffbcc73: ; not directly referenced mov ecx, dword [ebp - 0x28c] movzx ecx, word [ecx + eax*2 + 0x121] inc eax add edx, ecx cmp edx, 0x5f -jg short loc_fffbcc4f ; jg 0xfffbcc4f +jg short loc_fffbcc31 ; jg 0xfffbcc31 dec byte [ebp - 0x270] inc ebx -loc_fffbccae: ; not directly referenced +loc_fffbcc90: ; not directly referenced cmp bl, 3 -jbe loc_fffbcbb1 ; jbe 0xfffbcbb1 +jbe loc_fffbcb93 ; jbe 0xfffbcb93 -loc_fffbccb7: ; not directly referenced +loc_fffbcc99: ; not directly referenced mov eax, 1 -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbccc1: ; not directly referenced +loc_fffbcca3: ; not directly referenced mov eax, 8 -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbcccb: ; not directly referenced +loc_fffbccad: ; not directly referenced cmp bl, 3 -ja short loc_fffbccb7 ; ja 0xfffbccb7 +ja short loc_fffbcc99 ; ja 0xfffbcc99 lea eax, [edi + edi*8] xor ebx, ebx lea ecx, [ebp - 0x18] add eax, ecx mov dword [ebp - 0x2c0], eax -loc_fffbcce0: ; not directly referenced +loc_fffbccc2: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffbcd5b ; jae 0xfffbcd5b +cmp bl, byte [eax + 0x2489] +jae short loc_fffbcd3d ; jae 0xfffbcd3d mov eax, dword [ebp - 0x2c8] movzx ecx, bl inc ebx @@ -39450,18 +39418,18 @@ push 0 push 0xff push ecx mov ecx, dword [ebp - 0x278] -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 -jmp short loc_fffbcce0 ; jmp 0xfffbcce0 +jmp short loc_fffbccc2 ; jmp 0xfffbccc2 -loc_fffbcd5b: ; not directly referenced +loc_fffbcd3d: ; not directly referenced mov ecx, dword [esi + edi*4] mov edx, edi shl edx, 0xa add edx, 0x40d0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x2a4], 0 -jne loc_fffbc950 ; jne 0xfffbc950 +jne loc_fffbc932 ; jne 0xfffbc932 mov eax, dword [ebp - 0x288] mov ebx, dword [ebp - 0x298] add eax, dword [ebp - 0x29c] @@ -39475,14 +39443,14 @@ movzx eax, ax push eax mov eax, dword [ebp + 8] push 0 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov eax, dword [ebp + 8] mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 add esp, 0x10 -jmp near loc_fffbc950 ; jmp 0xfffbc950 +jmp near loc_fffbc932 ; jmp 0xfffbc932 -loc_fffbcdc5: ; not directly referenced +loc_fffbcda7: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -39490,31 +39458,31 @@ pop edi pop ebp ret -fcn_fffbcdcd: ; not directly referenced +fcn_fffbcdaf: ; not directly referenced push ebp mov ecx, 3 mov ebp, esp push edi push esi -mov esi, ref_fffd58e8 ; mov esi, 0xfffd58e8 +mov esi, ref_fffd53a4 ; mov esi, 0xfffd53a4 push ebx sub esp, 0x13c0 mov eax, dword [ebp + 8] lea edi, [ebp - 0x1360] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] lea edi, [ebp - 0x1354] -mov esi, ref_fffd58f4 ; mov esi, 0xfffd58f4 +mov esi, ref_fffd53b0 ; mov esi, 0xfffd53b0 mov byte [ebp - 0x1362], 0 -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov dword [ebp - 0x1384], eax mov eax, dword [ebp + 8] mov cl, 3 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] mov edi, eax mov dword [ebp - 0x1394], eax mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x2480] +mov edx, dword [eax + 0x2481] xor eax, eax cmp edx, 1 sete al @@ -39540,7 +39508,7 @@ mov eax, edi call dword [eax + 0x5c] ; ucall add esp, 0x10 -loc_fffbce7a: ; not directly referenced +loc_fffbce5c: ; not directly referenced push eax push eax mov eax, dword [ebp + 8] @@ -39549,62 +39517,62 @@ inc ebx push 1 lea ecx, [ebp - 0x1362] lea edx, [ebp - 0x1363] -call fcn_fffa81d3 ; call 0xfffa81d3 +call fcn_fffa8181 ; call 0xfffa8181 add esp, 0x10 cmp ebx, 4 -jne short loc_fffbce7a ; jne 0xfffbce7a +jne short loc_fffbce5c ; jne 0xfffbce5c mov eax, dword [ebp + 8] lea edx, [ebp - 0x1360] xor esi, esi -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248e] +mov al, byte [eax + 0x248f] mov byte [ebp - 0x1374], al mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x1375], al mov eax, dword [ebp + 8] -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x1388], eax mov edi, eax -loc_fffbceda: ; not directly referenced +loc_fffbcebc: ; not directly referenced cmp dword [edi], 2 -jne loc_fffbcfe7 ; jne 0xfffbcfe7 +jne loc_fffbcfc9 ; jne 0xfffbcfc9 cmp dword [ebp - 0x139c], 1 -jne short loc_fffbcf28 ; jne 0xfffbcf28 +jne short loc_fffbcf0a ; jne 0xfffbcf0a mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 imul edx, esi, 0xcc mov ecx, dword [ebp - 0x1384] mov ecx, dword [ecx + edx + 0x1c] mov edx, eax mov eax, dword [ebp + 8] or ecx, 0x40000000 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbcf28: ; not directly referenced +loc_fffbcf0a: ; not directly referenced xor ebx, ebx -loc_fffbcf2a: ; not directly referenced +loc_fffbcf0c: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffbcf8d ; jae 0xfffbcf8d +cmp bl, byte [eax + 0x2489] +jae short loc_fffbcf6f ; jae 0xfffbcf6f movzx eax, bl mov dword [ebp - 0x136c], 0 mov dword [ebp - 0x137c], eax -loc_fffbcf48: ; not directly referenced +loc_fffbcf2a: ; not directly referenced mov cl, byte [ebp - 0x136c] mov eax, 1 shl eax, cl test byte [edi + 0xc4], al -je short loc_fffbcf7b ; je 0xfffbcf7b +je short loc_fffbcf5d ; je 0xfffbcf5d push eax mov ecx, dword [ebp - 0x136c] mov edx, esi @@ -39612,23 +39580,23 @@ push 0x20 mov eax, dword [ebp + 8] push 5 push dword [ebp - 0x137c] -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -loc_fffbcf7b: ; not directly referenced +loc_fffbcf5d: ; not directly referenced inc dword [ebp - 0x136c] cmp dword [ebp - 0x136c], 4 -jne short loc_fffbcf48 ; jne 0xfffbcf48 +jne short loc_fffbcf2a ; jne 0xfffbcf2a inc ebx -jmp short loc_fffbcf2a ; jmp 0xfffbcf2a +jmp short loc_fffbcf0c ; jmp 0xfffbcf0c -loc_fffbcf8d: ; not directly referenced +loc_fffbcf6f: ; not directly referenced cmp dword [ebp - 0x1370], 0 -je short loc_fffbcfce ; je 0xfffbcfce +je short loc_fffbcfb0 ; je 0xfffbcfb0 mov eax, dword [ebp + 8] lea ebx, [esi*8 + 0x4980] mov edx, ebx -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d mov dword [ebp + esi*8 - 0x1348], eax push eax push eax @@ -39637,64 +39605,64 @@ push 0xfb73ea62 push 0xd951c840 mov dword [ebp + esi*8 - 0x1344], edx mov edx, ebx -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffbcfce: ; not directly referenced +loc_fffbcfb0: ; not directly referenced mov eax, dword [ebp + 8] mov edx, esi shl edx, 0xa add edx, 0x4020 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dword [ebp - 0x138c], eax -loc_fffbcfe7: ; not directly referenced +loc_fffbcfc9: ; not directly referenced inc esi add edi, 0x13c3 cmp esi, 2 -jne loc_fffbceda ; jne 0xfffbceda +jne loc_fffbcebc ; jne 0xfffbcebc cmp dword [ebp - 0x1370], 0 -je short loc_fffbd01d ; je 0xfffbd01d +je short loc_fffbcfff ; je 0xfffbcfff or dword [ebp - 0x138c], 0x80 mov edx, 0x4c20 mov ecx, dword [ebp - 0x138c] mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffbd01d: ; not directly referenced +loc_fffbcfff: ; not directly referenced movzx eax, byte [ebp - 0x1374] mov dword [ebp - 0x13a0], eax mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffb27d5 ; call 0xfffb27d5 +call fcn_fffaeb5f ; call 0xfffaeb5f mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffbd04f ; jne 0xfffbd04f +cmp dword [eax + 0x3757], 2 +jne short loc_fffbd031 ; jne 0xfffbd031 mov ecx, 0x8049 mov edx, 0x4040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbd04f: ; not directly referenced +loc_fffbd031: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffbd06a ; jne 0xfffbd06a +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffbd04c ; jne 0xfffbd04c mov ecx, 0x8049 mov edx, 0x4440 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbd06a: ; not directly referenced +loc_fffbd04c: ; not directly referenced movzx eax, byte [ebp - 0x1375] mov dword [ebp - 0x1374], 0 mov dword [ebp - 0x1380], 0 mov dword [ebp - 0x13c8], eax -loc_fffbd08b: ; not directly referenced +loc_fffbd06d: ; not directly referenced mov edi, dword [ebp - 0x1374] mov esi, dword [ebp - 0x13c8] mov eax, edi bt esi, edi mov byte [ebp - 0x13b8], al -jae loc_fffbd61a ; jae 0xfffbd61a +jae loc_fffbd5fc ; jae 0xfffbd5fc mov dword [ebp - 0x136c], 1 mov ecx, edi xor ebx, ebx @@ -39710,24 +39678,24 @@ mov eax, dword [ebp - 0x13b8] and eax, 1 mov dword [ebp - 0x137c], eax -loc_fffbd0ea: ; not directly referenced +loc_fffbd0cc: ; not directly referenced mov ecx, dword [ebp - 0x136c] mov edx, ebx mov eax, dword [ebp + 8] -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov al, byte [ebp - 0x1375] test byte [edi + 0xc4], al -je short loc_fffbd17f ; je 0xfffbd17f +je short loc_fffbd161 ; je 0xfffbd161 cmp dword [ebp - 0x1398], 0 -je short loc_fffbd117 ; je 0xfffbd117 +je short loc_fffbd0f9 ; je 0xfffbd0f9 push ecx push ecx push 4 -jmp short loc_fffbd144 ; jmp 0xfffbd144 +jmp short loc_fffbd126 ; jmp 0xfffbd126 -loc_fffbd117: ; not directly referenced +loc_fffbd0f9: ; not directly referenced cmp dword [ebp - 0x1370], 0 -je short loc_fffbd159 ; je 0xfffbd159 +je short loc_fffbd13b ; je 0xfffbd13b imul edx, dword [ebp - 0x137c], 0x18 imul eax, dword [ebp - 0x1390], 0x128 add eax, edx @@ -39738,35 +39706,35 @@ or eax, 4 movzx eax, ax push eax -loc_fffbd144: ; not directly referenced +loc_fffbd126: ; not directly referenced mov ecx, dword [ebp - 0x136c] mov edx, ebx mov eax, dword [ebp + 8] push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbd159: ; not directly referenced +loc_fffbd13b: ; not directly referenced mov esi, ebx mov eax, dword [ebp + 8] shl esi, 0xa add esi, 0x4194 mov edx, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, esi or eax, 0x80000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbd17f: ; not directly referenced +loc_fffbd161: ; not directly referenced inc ebx add edi, 0x13c3 cmp ebx, 2 -jne loc_fffbd0ea ; jne 0xfffbd0ea +jne loc_fffbd0cc ; jne 0xfffbd0cc mov dword [ebp - 0x137c], 0 -loc_fffbd199: ; not directly referenced +loc_fffbd17b: ; not directly referenced push 1 mov eax, dword [ebp - 0x137c] xor edi, edi @@ -39782,30 +39750,30 @@ push 0 push eax push 1 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov eax, dword [ebp + 8] add esp, 0x2c mov edx, dword [ebp - 0x13a0] -movzx ecx, byte [eax + 0x248b] +movzx ecx, byte [eax + 0x248c] lea eax, [ebp - 0x1361] push 0 push 1 push eax mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 -loc_fffbd1ea: ; not directly referenced +loc_fffbd1cc: ; not directly referenced imul eax, edi, 0x13c3 mov esi, dword [ebp + 8] mov bl, byte [ebp - 0x1375] -test byte [esi + eax + 0x381a], bl -je loc_fffbd2de ; je 0xfffbd2de +test byte [esi + eax + 0x381b], bl +je loc_fffbd2c0 ; je 0xfffbd2c0 mov ebx, edi mov eax, esi shl ebx, 0xa lea edx, [ebx + 0x40e0] -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d mov dword [ebp - 0x13a8], eax lea eax, [ebx + 0x40e8] xor ebx, ebx @@ -39814,12 +39782,12 @@ lea eax, [edi + edi*8] mov dword [ebp - 0x13a4], edx mov dword [ebp - 0x13c0], eax -loc_fffbd23b: ; not directly referenced +loc_fffbd21d: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae loc_fffbd2de ; jae 0xfffbd2de +cmp bl, byte [eax + 0x2489] +jae loc_fffbd2c0 ; jae 0xfffbd2c0 cmp bl, 7 -ja short loc_fffbd273 ; ja 0xfffbd273 +ja short loc_fffbd255 ; ja 0xfffbd255 push eax movzx eax, bl shl eax, 3 @@ -39830,53 +39798,53 @@ push dword [ebp - 0x13a8] call dword [eax + 0x6c] ; ucall add esp, 0x10 mov cl, al -jmp short loc_fffbd283 ; jmp 0xfffbd283 +jmp short loc_fffbd265 ; jmp 0xfffbd265 -loc_fffbd273: ; not directly referenced +loc_fffbd255: ; not directly referenced mov edx, dword [ebp - 0x13bc] mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov cl, al -loc_fffbd283: ; not directly referenced +loc_fffbd265: ; not directly referenced movzx eax, cl mov dword [ebp - 0x13c4], ecx -call fcn_fffaeba2 ; call 0xfffaeba2 +call fcn_fffb38d9 ; call 0xfffb38d9 mov ecx, dword [ebp - 0x13c4] cmp dword [ebp - 0x1380], 0 -jne short loc_fffbd2ad ; jne 0xfffbd2ad +jne short loc_fffbd28f ; jne 0xfffbd28f xor edx, edx cmp al, 6 setbe dl mov dword [ebp - 0x1380], edx -loc_fffbd2ad: ; not directly referenced +loc_fffbd28f: ; not directly referenced movzx esi, bl mov edx, 1 test cl, cl -je short loc_fffbd2c2 ; je 0xfffbd2c2 +je short loc_fffbd2a4 ; je 0xfffbd2a4 xor edx, edx cmp al, 7 sete dl add edx, edx -loc_fffbd2c2: ; not directly referenced +loc_fffbd2a4: ; not directly referenced add esi, dword [ebp - 0x13c0] inc ebx shl esi, 6 add esi, dword [ebp - 0x137c] mov dword [ebp + esi*4 - 0x1218], edx -jmp near loc_fffbd23b ; jmp 0xfffbd23b +jmp near loc_fffbd21d ; jmp 0xfffbd21d -loc_fffbd2de: ; not directly referenced +loc_fffbd2c0: ; not directly referenced inc edi cmp edi, 2 -jne loc_fffbd1ea ; jne 0xfffbd1ea +jne loc_fffbd1cc ; jne 0xfffbd1cc mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 inc dword [ebp - 0x137c] cmp dword [ebp - 0x137c], 0x40 -jne loc_fffbd199 ; jne 0xfffbd199 +jne loc_fffbd17b ; jne 0xfffbd17b mov eax, dword [ebp - 0x1384] xor di, di mov ebx, dword [ebp - 0x1388] @@ -39885,32 +39853,32 @@ mov eax, dword [ebp - 0x13b8] and eax, 1 mov dword [ebp - 0x13b8], eax -loc_fffbd324: ; not directly referenced +loc_fffbd306: ; not directly referenced mov al, byte [ebp - 0x1375] test byte [ebx + 0xc4], al -je loc_fffbd3cb ; je 0xfffbd3cb +je loc_fffbd3ad ; je 0xfffbd3ad mov eax, edi shl eax, 0xa add eax, 0x4194 mov edx, eax mov dword [ebp - 0x137c], eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, dword [ebp - 0x137c] and eax, 0x7fffffff mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x1398], 0 -je short loc_fffbd374 ; je 0xfffbd374 +je short loc_fffbd356 ; je 0xfffbd356 push eax push eax push 0 -jmp short loc_fffbd39b ; jmp 0xfffbd39b +jmp short loc_fffbd37d ; jmp 0xfffbd37d -loc_fffbd374: ; not directly referenced +loc_fffbd356: ; not directly referenced cmp dword [ebp - 0x1370], 0 -je short loc_fffbd3b0 ; je 0xfffbd3b0 +je short loc_fffbd392 ; je 0xfffbd392 push eax push eax imul edx, dword [ebp - 0x13b8], 0x18 @@ -39919,40 +39887,40 @@ add eax, edx movzx eax, word [ebx + eax + 0x1271] push eax -loc_fffbd39b: ; not directly referenced +loc_fffbd37d: ; not directly referenced mov ecx, dword [ebp - 0x136c] mov edx, edi mov eax, dword [ebp + 8] push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbd3b0: ; not directly referenced +loc_fffbd392: ; not directly referenced push eax mov eax, dword [ebp + 8] push 0 -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] push eax mov eax, dword [ebp - 0x1394] push esi call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffbd3cb: ; not directly referenced +loc_fffbd3ad: ; not directly referenced inc edi add esi, 0xcc add ebx, 0x13c3 cmp edi, 2 -jne loc_fffbd324 ; jne 0xfffbd324 +jne loc_fffbd306 ; jne 0xfffbd306 lea eax, [ebp - 0x1298] mov edx, 0xffffffe0 mov dword [ebp - 0x13b8], eax -loc_fffbd3f2: ; not directly referenced +loc_fffbd3d4: ; not directly referenced mov eax, dword [ebp + 8] lea ecx, [ebp - 0x12f0] lea edi, [ebp - 0x12a8] -add eax, 0x381a +add eax, 0x381b mov dword [ebp - 0x1390], eax lea eax, [ebp - 0x1338] mov dword [ebp - 0x136c], eax @@ -39963,18 +39931,18 @@ mov dword [ebp - 0x13a8], eax lea eax, [edx - 1] mov dword [ebp - 0x13c4], eax -loc_fffbd439: ; not directly referenced +loc_fffbd41b: ; not directly referenced mov esi, dword [ebp - 0x1390] mov al, byte [ebp - 0x1375] test byte [esi], al -je short loc_fffbd4af ; je 0xfffbd4af +je short loc_fffbd491 ; je 0xfffbd491 mov eax, dword [ebp + 8] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x13bc], al xor eax, eax -jmp short loc_fffbd4a7 ; jmp 0xfffbd4a7 +jmp short loc_fffbd489 ; jmp 0xfffbd489 -loc_fffbd45c: ; not directly referenced +loc_fffbd43e: ; not directly referenced mov ebx, eax mov esi, eax mov eax, dword [ebp - 0x13a8] @@ -39986,9 +39954,9 @@ cmp ebx, 2 cmove ebx, eax cmp dl, 0xe0 mov eax, esi -jne loc_fffbd514 ; jne 0xfffbd514 +jne loc_fffbd4f6 ; jne 0xfffbd4f6 test ebx, ebx -je short loc_fffbd4ea ; je 0xfffbd4ea +je short loc_fffbd4cc ; je 0xfffbd4cc mov dword [ecx + esi*4], edx mov esi, dword [ebp - 0x136c] mov dword [edi + eax*4], edx @@ -39996,14 +39964,14 @@ mov dword [esi + eax*4], edx mov esi, dword [ebp - 0x137c] mov dword [esi + eax*4], edx -loc_fffbd4a6: ; not directly referenced +loc_fffbd488: ; not directly referenced inc eax -loc_fffbd4a7: ; not directly referenced +loc_fffbd489: ; not directly referenced cmp byte [ebp - 0x13bc], al -ja short loc_fffbd45c ; ja 0xfffbd45c +ja short loc_fffbd43e ; ja 0xfffbd43e -loc_fffbd4af: ; not directly referenced +loc_fffbd491: ; not directly referenced add ecx, 0x24 add edi, 0x24 lea eax, [ebp - 0x12a8] @@ -40012,29 +39980,29 @@ add dword [ebp - 0x136c], 0x24 add dword [ebp - 0x137c], 0x24 add dword [ebp - 0x13a8], 0x900 cmp ecx, eax -jne loc_fffbd439 ; jne 0xfffbd439 -jmp near loc_fffbd56d ; jmp 0xfffbd56d +jne loc_fffbd41b ; jne 0xfffbd41b +jmp near loc_fffbd54f ; jmp 0xfffbd54f -loc_fffbd4ea: ; not directly referenced +loc_fffbd4cc: ; not directly referenced mov dword [ecx + esi*4], 0xffffffdf mov esi, dword [ebp - 0x136c] mov dword [edi + eax*4], 0xffffffdf mov dword [esi + eax*4], 0xffffffdf mov esi, dword [ebp - 0x137c] mov dword [esi + eax*4], 0xffffffdf -jmp short loc_fffbd4a6 ; jmp 0xfffbd4a6 +jmp short loc_fffbd488 ; jmp 0xfffbd488 -loc_fffbd514: ; not directly referenced +loc_fffbd4f6: ; not directly referenced test ebx, ebx -je short loc_fffbd4a6 ; je 0xfffbd4a6 +je short loc_fffbd488 ; je 0xfffbd488 mov ebx, dword [ebp - 0x13c4] cmp dword [ecx + esi*4], ebx mov dword [ecx + esi*4], edx -je short loc_fffbd52f ; je 0xfffbd52f +je short loc_fffbd511 ; je 0xfffbd511 mov esi, dword [ebp - 0x136c] mov dword [esi + eax*4], edx -loc_fffbd52f: ; not directly referenced +loc_fffbd511: ; not directly referenced mov ebx, dword [ebp - 0x136c] mov esi, edx mov ebx, dword [ebx + eax*4] @@ -40044,164 +40012,164 @@ mov ebx, dword [ebp - 0x137c] mov ebx, dword [ebx + eax*4] sub ebx, dword [edi + eax*4] cmp esi, ebx -jle loc_fffbd4a6 ; jle 0xfffbd4a6 +jle loc_fffbd488 ; jle 0xfffbd488 mov esi, dword [ebp - 0x13c0] mov ebx, dword [ebp - 0x137c] mov dword [edi + eax*4], esi mov dword [ebx + eax*4], edx -jmp near loc_fffbd4a6 ; jmp 0xfffbd4a6 +jmp near loc_fffbd488 ; jmp 0xfffbd488 -loc_fffbd56d: ; not directly referenced +loc_fffbd54f: ; not directly referenced inc edx add dword [ebp - 0x13b8], 4 cmp edx, 0x20 -jne loc_fffbd3f2 ; jne 0xfffbd3f2 +jne loc_fffbd3d4 ; jne 0xfffbd3d4 imul ecx, dword [ebp - 0x1374], 9 xor edi, edi mov eax, dword [ebp - 0x1388] mov dword [ebp - 0x137c], ecx -loc_fffbd593: ; not directly referenced +loc_fffbd575: ; not directly referenced mov bl, byte [ebp - 0x1375] test byte [eax + 0xc4], bl -jne short loc_fffbd5ae ; jne 0xfffbd5ae +jne short loc_fffbd590 ; jne 0xfffbd590 -loc_fffbd5a1: ; not directly referenced +loc_fffbd583: ; not directly referenced inc edi add eax, 0x13c3 cmp edi, 2 -je short loc_fffbd61a ; je 0xfffbd61a -jmp short loc_fffbd593 ; jmp 0xfffbd593 +je short loc_fffbd5fc ; je 0xfffbd5fc +jmp short loc_fffbd575 ; jmp 0xfffbd575 -loc_fffbd5ae: ; not directly referenced +loc_fffbd590: ; not directly referenced mov ebx, dword [ebp - 0x137c] xor edx, edx lea ecx, [eax + ebx] mov dword [ebp - 0x136c], ecx -loc_fffbd5bf: ; not directly referenced +loc_fffbd5a1: ; not directly referenced mov ecx, dword [ebp + 8] -cmp dl, byte [ecx + 0x2488] -jae short loc_fffbd5a1 ; jae 0xfffbd5a1 +cmp dl, byte [ecx + 0x2489] +jae short loc_fffbd583 ; jae 0xfffbd583 movzx ebx, dl lea esi, [edi + edi*8] add esi, ebx mov ecx, dword [ebp + esi*4 - 0x12a8] mov esi, dword [ebp + esi*4 - 0x1260] sub esi, ecx -jne short loc_fffbd5f5 ; jne 0xfffbd5f5 +jne short loc_fffbd5d7 ; jne 0xfffbd5d7 mov esi, dword [ebp + 8] cmp byte [esi + 0x1965], 0 -je short loc_fffbd600 ; je 0xfffbd600 -jmp near loc_fffbd79f ; jmp 0xfffbd79f +je short loc_fffbd5e2 ; je 0xfffbd5e2 +jmp near loc_fffbd781 ; jmp 0xfffbd781 -loc_fffbd5f5: ; not directly referenced +loc_fffbd5d7: ; not directly referenced cmp esi, 0xc -jle short loc_fffbd600 ; jle 0xfffbd600 +jle short loc_fffbd5e2 ; jle 0xfffbd5e2 sar esi, 1 add esi, ecx -jmp short loc_fffbd602 ; jmp 0xfffbd602 +jmp short loc_fffbd5e4 ; jmp 0xfffbd5e4 -loc_fffbd600: ; not directly referenced +loc_fffbd5e2: ; not directly referenced xor esi, esi -loc_fffbd602: ; not directly referenced +loc_fffbd5e4: ; not directly referenced add ebx, dword [ebp - 0x136c] inc edx lea ecx, [esi + 0x20] mov byte [ebx + 0x104a], cl mov byte [ebx + 0x106e], cl -jmp short loc_fffbd5bf ; jmp 0xfffbd5bf +jmp short loc_fffbd5a1 ; jmp 0xfffbd5a1 -loc_fffbd61a: ; not directly referenced +loc_fffbd5fc: ; not directly referenced inc dword [ebp - 0x1374] cmp dword [ebp - 0x1374], 4 -jne loc_fffbd08b ; jne 0xfffbd08b +jne loc_fffbd06d ; jne 0xfffbd06d cmp dword [ebp - 0x1370], 0 -je short loc_fffbd69a ; je 0xfffbd69a +je short loc_fffbd67c ; je 0xfffbd67c mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffbd65d ; jne 0xfffbd65d +cmp dword [eax + 0x3757], 2 +jne short loc_fffbd63f ; jne 0xfffbd63f push ebx mov edx, 0x4980 push ebx push dword [ebp - 0x1344] push dword [ebp - 0x1348] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffbd65d: ; not directly referenced +loc_fffbd63f: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffbd684 ; jne 0xfffbd684 +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffbd666 ; jne 0xfffbd666 push ecx mov edx, 0x4988 push ecx push dword [ebp - 0x133c] push dword [ebp - 0x1340] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffbd684: ; not directly referenced +loc_fffbd666: ; not directly referenced mov ecx, dword [ebp - 0x138c] mov edx, 0x4c20 mov eax, dword [ebp + 8] and cl, 0x7f -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffbd69a: ; not directly referenced +loc_fffbd67c: ; not directly referenced xor esi, esi -loc_fffbd69c: ; not directly referenced +loc_fffbd67e: ; not directly referenced mov eax, 1 mov ecx, esi shl eax, cl xor ebx, ebx mov dword [ebp - 0x136c], eax -loc_fffbd6ad: ; not directly referenced +loc_fffbd68f: ; not directly referenced mov eax, esi test al, al sete dl cmp dword [ebp - 0x139c], 1 sete al test dl, al -je short loc_fffbd6f8 ; je 0xfffbd6f8 +je short loc_fffbd6da ; je 0xfffbd6da mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 imul edx, ebx, 0xcc mov edi, dword [ebp - 0x1384] mov ecx, dword [edi + edx + 0x1c] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbd6f8: ; not directly referenced +loc_fffbd6da: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] mov cl, byte [ebp - 0x136c] -test byte [edi + eax + 0x381a], cl -jne short loc_fffbd718 ; jne 0xfffbd718 +test byte [edi + eax + 0x381b], cl +jne short loc_fffbd6fa ; jne 0xfffbd6fa -loc_fffbd710: ; not directly referenced +loc_fffbd6f2: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffbd6ad ; jne 0xfffbd6ad -jmp short loc_fffbd747 ; jmp 0xfffbd747 +jne short loc_fffbd68f ; jne 0xfffbd68f +jmp short loc_fffbd729 ; jmp 0xfffbd729 -loc_fffbd718: ; not directly referenced +loc_fffbd6fa: ; not directly referenced xor edi, edi -loc_fffbd71a: ; not directly referenced +loc_fffbd6fc: ; not directly referenced mov ecx, dword [ebp + 8] mov eax, edi -cmp al, byte [ecx + 0x2488] -jae short loc_fffbd710 ; jae 0xfffbd710 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbd6f2 ; jae 0xfffbd6f2 push edx mov eax, edi push 0 @@ -40212,14 +40180,14 @@ push eax mov eax, dword [ebp + 8] mov edx, ebx inc edi -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -jmp short loc_fffbd71a ; jmp 0xfffbd71a +jmp short loc_fffbd6fc ; jmp 0xfffbd6fc -loc_fffbd747: ; not directly referenced +loc_fffbd729: ; not directly referenced inc esi cmp esi, 4 -jne loc_fffbd69c ; jne 0xfffbd69c +jne loc_fffbd67e ; jne 0xfffbd67e push eax mov ecx, 0x1010101 push eax @@ -40227,10 +40195,10 @@ mov eax, dword [ebp + 8] xor edx, edx push 0 push 8 -call fcn_fffa7fde ; call 0xfffa7fde +call fcn_fffa7f8c ; call 0xfffa7f8c mov eax, dword [ebp + 8] lea edx, [ebp - 0x1354] -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c push 2 push 0 push 0 @@ -40243,16 +40211,16 @@ push 0 push 0 push 1 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov eax, dword [ebp + 8] add esp, 0x40 -call fcn_fffb0e8a ; call 0xfffb0e8a -jmp short loc_fffbd7a4 ; jmp 0xfffbd7a4 +call fcn_fffaa4a9 ; call 0xfffaa4a9 +jmp short loc_fffbd786 ; jmp 0xfffbd786 -loc_fffbd79f: ; not directly referenced +loc_fffbd781: ; not directly referenced mov eax, 6 -loc_fffbd7a4: ; not directly referenced +loc_fffbd786: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -40260,46 +40228,46 @@ pop edi pop ebp ret -fcn_fffbd7ac: ; not directly referenced +fcn_fffbd78e: ; not directly referenced push ebp mov ecx, 2 mov ebp, esp sub esp, 0x10 mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] push 0xa push 1 -call fcn_fffcd1ac ; call 0xfffcd1ac +call fcn_fffcdb14 ; call 0xfffcdb14 leave ret -fcn_fffbd7cc: ; not directly referenced +fcn_fffbd7ae: ; not directly referenced push ebp mov ecx, 1 mov ebp, esp sub esp, 0x10 mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] push 0xa push 1 -call fcn_fffcd1ac ; call 0xfffcd1ac +call fcn_fffcdb14 ; call 0xfffcdb14 leave ret -fcn_fffbd7ec: ; not directly referenced +fcn_fffbd7ce: ; not directly referenced push ebp mov ecx, 0xb mov ebp, esp sub esp, 0x10 mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] push 0x11 push 0 -call fcn_fffcd1ac ; call 0xfffcd1ac +call fcn_fffcdb14 ; call 0xfffcdb14 leave ret -fcn_fffbd80c: ; not directly referenced +fcn_fffbd7ee: ; not directly referenced push ebp mov ebp, esp push edi @@ -40307,35 +40275,35 @@ push esi push ebx sub esp, 0x3c mov dword [ebp - 0x1c], eax -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov dword [ebp - 0x20], edx mov byte [ebp - 0x2a], cl mov dword [ebp - 0x24], eax lea eax, [ecx - 1] cmp al, 1 -jbe short loc_fffbd835 ; jbe 0xfffbd835 +jbe short loc_fffbd817 ; jbe 0xfffbd817 -loc_fffbd82e: ; not directly referenced +loc_fffbd810: ; not directly referenced xor esi, esi -jmp near loc_fffbdae8 ; jmp 0xfffbdae8 +jmp near loc_fffbdaca ; jmp 0xfffbdaca -loc_fffbd835: ; not directly referenced +loc_fffbd817: ; not directly referenced mov eax, dword [ebp - 0x1c] movzx ebx, cl dec cl mov edx, ebx mov ecx, 1 -movzx edi, byte [ebx + ref_fffd5f1c] ; movzx edi, byte [ebx - 0x2a0e4] +movzx edi, byte [ebx + ref_fffd58e0] ; movzx edi, byte [ebx - 0x2a720] sete byte [ebp - 0x28] add byte [ebp - 0x28], 8 -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov edx, ebx mov ebx, dword [ebp - 0x1c] xor ecx, ecx imul edi, edi, 0x240 movzx esi, ax mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 add edi, dword [ebp - 0x20] mov dword [ebp - 0x38], edi movzx eax, ax @@ -40343,7 +40311,7 @@ add eax, esi xor esi, esi mov dword [ebp - 0x30], eax mov eax, ebx -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x20], eax mov eax, dword [ebp - 0x24] sar dword [ebp - 0x30], 1 @@ -40354,19 +40322,19 @@ mov dword [ebp - 0x34], eax movzx eax, byte [ebp - 0x28] mov dword [ebp - 0x48], eax -loc_fffbd8a6: ; not directly referenced +loc_fffbd888: ; not directly referenced mov eax, dword [ebp - 0x20] cmp dword [eax], 2 -jne loc_fffbda64 ; jne 0xfffbda64 +jne loc_fffbda46 ; jne 0xfffbda46 imul eax, dword [ebp - 0x24], 9 mov byte [ebp - 0x29], 0 mov dword [ebp - 0x44], eax -loc_fffbd8bd: ; not directly referenced +loc_fffbd89f: ; not directly referenced mov ebx, dword [ebp - 0x1c] mov al, byte [ebp - 0x29] -cmp al, byte [ebx + 0x2488] -jae loc_fffbda64 ; jae 0xfffbda64 +cmp al, byte [ebx + 0x2489] +jae loc_fffbda46 ; jae 0xfffbda46 mov edi, dword [ebp - 0x20] xor ecx, ecx mov dword [ebp - 0x28], 0xffffffff @@ -40378,12 +40346,12 @@ mov eax, dword [ebp - 0x44] add eax, ebx lea edx, [edi + eax*8 + 4] -loc_fffbd8f3: ; not directly referenced +loc_fffbd8d5: ; not directly referenced mov edi, 1 shl edi, cl mov eax, edi test byte [ebp - 0x3c], al -je short loc_fffbd911 ; je 0xfffbd911 +je short loc_fffbd8f3 ; je 0xfffbd8f3 mov eax, dword [ebp - 0x28] mov edi, dword [edx] add edi, dword [edx - 4] @@ -40391,24 +40359,24 @@ cmp eax, edi cmovbe edi, eax mov dword [ebp - 0x28], edi -loc_fffbd911: ; not directly referenced +loc_fffbd8f3: ; not directly referenced inc ecx add edx, 0x90 cmp ecx, 4 -jne short loc_fffbd8f3 ; jne 0xfffbd8f3 +jne short loc_fffbd8d5 ; jne 0xfffbd8d5 mov eax, dword [ebp - 0x30] cmp dword [ebp - 0x28], eax -jbe loc_fffbda5c ; jbe 0xfffbda5c +jbe loc_fffbda3e ; jbe 0xfffbda3e movzx edi, byte [ebp - 0x29] xor esi, esi -loc_fffbd92f: ; not directly referenced +loc_fffbd911: ; not directly referenced mov edx, dword [ebp - 0x20] mov eax, 1 mov ecx, esi shl eax, cl test byte [edx + 0xc4], al -je short loc_fffbd964 ; je 0xfffbd964 +je short loc_fffbd946 ; je 0xfffbd946 push 0 push 0 push 1 @@ -40421,13 +40389,13 @@ push 0 push 0 push dword [ebp - 0x48] push dword [ebp - 0x1c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -loc_fffbd964: ; not directly referenced +loc_fffbd946: ; not directly referenced inc esi cmp esi, 4 -jne short loc_fffbd92f ; jne 0xfffbd92f +jne short loc_fffbd911 ; jne 0xfffbd911 mov eax, dword [ebp - 0x20] movzx edi, byte [ebp - 0x29] mov dword [ebp - 0x28], 0 @@ -40437,15 +40405,15 @@ add ebx, eax lea eax, [edi*4] mov dword [ebp - 0x3c], eax -loc_fffbd992: ; not directly referenced +loc_fffbd974: ; not directly referenced mov cl, byte [ebp - 0x28] mov eax, 1 shl eax, cl mov ecx, dword [ebp - 0x20] test byte [ecx + 0xc4], al -je loc_fffbda44 ; je 0xfffbda44 +je loc_fffbda26 ; je 0xfffbda26 cmp byte [ebp - 0x2a], 1 -jne short loc_fffbd9f0 ; jne 0xfffbd9f0 +jne short loc_fffbd9d2 ; jne 0xfffbd9d2 mov al, byte [esi + 0x24] xor edx, edx lea ecx, [eax - 9] @@ -40465,12 +40433,12 @@ mov edx, dword [ebp - 0x24] push 0 push 0xff push edi -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 mov eax, 0x40000000 -jmp short loc_fffbda3a ; jmp 0xfffbda3a +jmp short loc_fffbda1c ; jmp 0xfffbda1c -loc_fffbd9f0: ; not directly referenced +loc_fffbd9d2: ; not directly referenced mov dx, word [ebx + 0x48] mov eax, 0x1ff lea ecx, [edx + 9] @@ -40490,2446 +40458,83 @@ mov eax, dword [ebp - 0x1c] push 0 push 0xff push edi -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 mov eax, 0x20000000 -loc_fffbda3a: ; not directly referenced +loc_fffbda1c: ; not directly referenced mov edx, dword [ebp - 0x34] mov ecx, dword [ebp - 0x3c] or dword [edx + ecx + 0x28], eax -loc_fffbda44: ; not directly referenced +loc_fffbda26: ; not directly referenced inc dword [ebp - 0x28] add esi, 9 add ebx, 0x12 cmp dword [ebp - 0x28], 4 -jne loc_fffbd992 ; jne 0xfffbd992 +jne loc_fffbd974 ; jne 0xfffbd974 mov esi, 1 -loc_fffbda5c: ; not directly referenced +loc_fffbda3e: ; not directly referenced inc byte [ebp - 0x29] -jmp near loc_fffbd8bd ; jmp 0xfffbd8bd +jmp near loc_fffbd89f ; jmp 0xfffbd89f -loc_fffbda64: ; not directly referenced +loc_fffbda46: ; not directly referenced inc dword [ebp - 0x24] add dword [ebp - 0x20], 0x13c3 add dword [ebp - 0x34], 0xcc cmp dword [ebp - 0x24], 2 -jne loc_fffbd8a6 ; jne 0xfffbd8a6 +jne loc_fffbd888 ; jne 0xfffbd888 test esi, esi -je loc_fffbd82e ; je 0xfffbd82e +je loc_fffbd810 ; je 0xfffbd810 mov edi, dword [ebp - 0x40] xor ebx, ebx -loc_fffbda8c: ; not directly referenced +loc_fffbda6e: ; not directly referenced imul eax, ebx, 0x13c3 mov edx, dword [ebp - 0x1c] -cmp dword [edx + eax + 0x3756], 2 -je short loc_fffbdaad ; je 0xfffbdaad +cmp dword [edx + eax + 0x3757], 2 +je short loc_fffbda8f ; je 0xfffbda8f -loc_fffbda9f: ; not directly referenced +loc_fffbda81: ; not directly referenced inc ebx add edi, 0xcc cmp ebx, 2 -je short loc_fffbdae8 ; je 0xfffbdae8 -jmp short loc_fffbda8c ; jmp 0xfffbda8c +je short loc_fffbdaca ; je 0xfffbdaca +jmp short loc_fffbda6e ; jmp 0xfffbda6e -loc_fffbdaad: ; not directly referenced +loc_fffbda8f: ; not directly referenced mov byte [ebp - 0x20], 0 -loc_fffbdab1: ; not directly referenced +loc_fffbda93: ; not directly referenced mov ecx, dword [ebp - 0x1c] mov al, byte [ebp - 0x20] -cmp al, byte [ecx + 0x2488] -jae short loc_fffbda9f ; jae 0xfffbda9f +cmp al, byte [ecx + 0x2489] +jae short loc_fffbda81 ; jae 0xfffbda81 movzx eax, byte [ebp - 0x20] mov edx, ebx mov ecx, eax mov dword [ebp - 0x24], eax mov eax, dword [ebp - 0x1c] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov edx, dword [ebp - 0x24] mov ecx, dword [edi + edx*4 + 0x28] mov edx, eax mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x20] -jmp short loc_fffbdab1 ; jmp 0xfffbdab1 - -loc_fffbdae8: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, esi -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffbdaf2: ; not directly referenced -push ebp -mov ecx, 0xa -mov ebp, esp -push edi -push esi -mov esi, ref_fffd5900 ; mov esi, 0xfffd5900 -push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x60] -mov byte [ebp - 0x67], 4 -mov byte [ebp - 0x66], 1 -mov eax, dword [ebx + 0x1887] -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -cmp eax, 0x306d0 -sete dl -cmp eax, 0x40650 -sete al -or dl, al -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -je loc_fffbdbdd ; je 0xfffbdbdd -mov cl, 1 -mov edx, 4 -mov eax, ebx -mov esi, 4 -call fcn_fffb13cf ; call 0xfffb13cf -mov edx, dword [ebp - 0x60] -mov ecx, 1 -cmp ax, dx -cmovae edx, eax -mov eax, ebx -mov word [ebp - 0x60], dx -mov edx, 1 -call fcn_fffb13cf ; call 0xfffb13cf -mov dx, word [ebp - 0x5e] -mov byte [ebp - 0x69], 1 -cmp ax, dx -cmovae edx, eax -cmp dword [ebx + 0x188b], 1 -mov word [ebp - 0x5e], dx -sete al -lea eax, [eax + eax*4 + 7] -movsx edi, al - -loc_fffbdb9b: ; not directly referenced -mov al, byte [ebp - 0x69] -test byte [ebx + 0x248d], al -je short loc_fffbdbd7 ; je 0xfffbdbd7 -push eax -mov ecx, 3 -push 0 -push 0 -push 0xf -push edi -push 0 -lea eax, [ebp - 0x60] -push eax -lea eax, [ebp - 0x65] -push eax -push 2 -lea eax, [ebp - 0x67] -push eax -movzx eax, byte [ebp - 0x69] -push 5 -lea edx, [ebp - 0x56] -push eax -mov eax, ebx -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 - -loc_fffbdbd7: ; not directly referenced -shl byte [ebp - 0x69], 1 -dec esi -jne short loc_fffbdb9b ; jne 0xfffbdb9b - -loc_fffbdbdd: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffbdbe7: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x60 -mov ebx, dword [ebp + 8] -mov byte [ebp - 0x67], 4 -lea esi, [ebp - 0x60] -mov byte [ebp - 0x66], 1 -mov byte [ebp - 0x65], 1 -mov edi, dword [ebx + 0x2443] -push 0 -push 8 -mov eax, dword [ebx + 0x5edc] -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -add eax, 0x1bc -push eax -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -call dword [edi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 5 -push esi -call dword [edi + 0x60] ; ucall -movzx edx, byte [ebp - 0x67] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x66] -mov ecx, 1 -mov word [ebp - 0x60], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -add esp, 0x10 -cmp dword [ebx + 0x188b], 1 -mov word [ebp - 0x5e], ax -jne short loc_fffbdc82 ; jne 0xfffbdc82 -mov eax, ebx -call fcn_fffa9b8c ; call 0xfffa9b8c -mov eax, 8 -mov edx, 0x2f -add word [ebp - 0x5e], 0x28 -jmp short loc_fffbdc89 ; jmp 0xfffbdc89 - -loc_fffbdc82: ; not directly referenced -xor eax, eax -mov edx, 7 - -loc_fffbdc89: ; not directly referenced -push ecx -mov ecx, 3 -push 0 -push 0 -push 0xf -push edx -push eax -push esi -lea eax, [ebp - 0x65] -push eax -push 2 -lea eax, [ebp - 0x67] -push eax -mov eax, ebx -push 6 -lea edx, [ebp - 0x56] -push 0xf -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x28 -mov eax, ebx -push 0 -mov ecx, 3 -push 0xf -push 0 -push 0 -push 0 -lea edx, [ebx + 0x2490] -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffbdcd9: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x140 -mov edi, dword [ebp + 8] -mov dword [ebp - 0xe4], 1 -mov dword [ebp - 0xe0], 1 -mov eax, dword [edi + 0x2443] -mov ebx, dword [edi + 0x5edc] -mov esi, eax -mov dword [ebp - 0x110], eax -mov eax, dword [edi + 0x1887] -mov dword [ebp - 0x108], eax -mov eax, dword [edi + 0x1883] -push 0 -push 0x10 -mov dword [ebp - 0x100], eax -lea eax, [ebp - 0xc8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 1 -push 3 -lea eax, [ebp - 0xee] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -cmp dword [edi + 0x2480], 2 -mov byte [ebp - 0xf1], 0xfc -mov byte [ebp - 0xf0], 4 -mov byte [ebp - 0xef], 0 -jne loc_fffbe4d2 ; jne 0xfffbe4d2 -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x100], eax -mov eax, dword [edi + 0x2443] -mov esi, eax -mov dword [ebp - 0x110], eax -push eax -push 0 -push 0x10 -lea eax, [ebp - 0xb8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 1 -push 3 -lea eax, [ebp - 0xe8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -xor eax, eax -mov byte [ebp - 0xeb], 0xfc -mov byte [ebp - 0xea], 4 -mov byte [ebp - 0xe9], 0 - -loc_fffbddc8: ; not directly referenced -mov byte [ebp + eax - 0xd4], al -inc eax -cmp eax, 9 -jne short loc_fffbddc8 ; jne 0xfffbddc8 -mov ecx, 1 -mov edx, 5 -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -xor ecx, ecx -mov edx, 5 -lea ebx, [edi + 0x2b50] -mov word [ebp - 0x138], ax -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -sub esp, 0xc -mov ecx, 0x11 -mov word [ebp - 0x13c], ax -movzx eax, byte [edi + 0x248e] -push 0 -mov edx, eax -mov dword [ebp - 0x10c], eax -mov eax, edi -call fcn_fffb26ca ; call 0xfffb26ca -mov al, byte [ebp - 0xe7] -mov ecx, 2 -mov byte [ebp - 0x11c], al -mov al, byte [ebp - 0xe8] -add byte [ebp - 0x11c], al -mov al, byte [ebp - 0xe6] -add byte [ebp - 0x11c], al -lea eax, [edi + 0x2490] -mov dword [ebp - 0x140], eax -mov edx, eax -mov eax, edi -call fcn_fffa66dd ; call 0xfffa66dd -add esp, 0x10 -xor ecx, ecx - -loc_fffbde6b: ; not directly referenced -mov eax, dword [ebp - 0x10c] -mov dword [ebp + ecx*4 - 0xdc], 0 -bt eax, ecx -jae short loc_fffbdea3 ; jae 0xfffbdea3 -mov eax, dword [ebx + 4] -mov esi, 0x14 -xor edx, edx -add eax, dword [ebx] -div esi -mov si, 0xc -lea edx, [eax - 1] -cmp edx, 0xb -cmova eax, esi -mov dword [ebp + ecx*4 - 0xdc], eax - -loc_fffbdea3: ; not directly referenced -inc ecx -add ebx, 0x48 -cmp ecx, 2 -jne short loc_fffbde6b ; jne 0xfffbde6b -push eax -push 0 -push 0x80 -lea eax, [ebp - 0x98] -push eax -mov eax, dword [ebp - 0x110] -call dword [eax + 0x5c] ; ucall -mov eax, dword [ebp - 0x100] -add esp, 0x10 -mov dword [ebp - 0xfc], 0 -add eax, 0x70 -mov dword [ebp - 0x134], eax - -loc_fffbdee0: ; not directly referenced -xor esi, esi - -loc_fffbdee2: ; not directly referenced -mov eax, dword [ebp - 0x10c] -bt eax, esi -jb short loc_fffbdef7 ; jb 0xfffbdef7 - -loc_fffbdeed: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffbdee2 ; jne 0xfffbdee2 -xor esi, esi -jmp short loc_fffbdf4c ; jmp 0xfffbdf4c - -loc_fffbdef7: ; not directly referenced -mov eax, dword [ebp - 0xfc] -mov ecx, 0xc -xor ebx, ebx -movsx eax, byte [ebp + eax - 0xeb] -imul eax, dword [ebp + esi*4 - 0xdc] -cdq -idiv ecx -mov dword [ebp - 0x100], eax - -loc_fffbdf1d: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffbdeed ; jae 0xfffbdeed -push 1 -movzx eax, bl -push 0 -inc ebx -push 1 -push 0 -push eax -push 0 -push esi -push 0 -push 0 -push dword [ebp - 0x100] -push 2 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp short loc_fffbdf1d ; jmp 0xfffbdf1d - -loc_fffbdf4c: ; not directly referenced -mov eax, dword [ebp - 0x134] -mov ecx, esi -xor ebx, ebx -mov dword [ebp - 0x100], 1 -shl dword [ebp - 0x100], cl -mov dword [ebp - 0x108], eax -mov byte [ebp - 0x104], 0 - -loc_fffbdf73: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbdfb5 ; jne 0xfffbdfb5 -mov ecx, dword [ebp - 0x100] -mov edx, ebx -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x104], al -push eax -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x108] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffbdfb5: ; not directly referenced -inc ebx -add dword [ebp - 0x108], 0xcc -cmp ebx, 2 -jne short loc_fffbdf73 ; jne 0xfffbdf73 -push ecx -mov edx, dword [ebp - 0x140] -push ecx -movzx ecx, byte [ebp - 0x104] -lea eax, [ebp - 0xb8] -push eax -push 0x25 -lea eax, [ebp - 0xd4] -push eax -mov eax, edi -push 5 -push 0 -push esi -inc esi -call fcn_fffd13ed ; call 0xfffd13ed -add esp, 0x20 -cmp esi, 2 -jne loc_fffbdf4c ; jne 0xfffbdf4c -lea eax, [ebp - 0xa8] -xor esi, esi -mov dword [ebp - 0x130], eax -lea eax, [ebp - 0x98] -mov dword [ebp - 0x128], eax - -loc_fffbe017: ; not directly referenced -mov eax, dword [ebp - 0x10c] -bt eax, esi -jb short loc_fffbe03b ; jb 0xfffbe03b - -loc_fffbe022: ; not directly referenced -inc esi -add dword [ebp - 0x128], 0x40 -add dword [ebp - 0x130], 8 -cmp esi, 2 -jne short loc_fffbe017 ; jne 0xfffbe017 -jmp near loc_fffbe1ed ; jmp 0xfffbe1ed - -loc_fffbe03b: ; not directly referenced -imul edx, esi, 0x13c3 -mov ebx, dword [ebp - 0x130] -mov ecx, dword [ebp - 0x128] -mov dword [ebp - 0x108], 0 -mov al, byte [edi + edx + 0x381a] -lea edx, [edi + edx + 0x49c1] -mov dword [ebp - 0x100], ebx -mov dword [ebp - 0x12c], ecx -mov dword [ebp - 0x120], edx -mov byte [ebp - 0x141], al -imul eax, esi, 0x48 -add eax, edi - -loc_fffbe082: ; not directly referenced -mov cl, byte [ebp - 0x108] -mov edx, 1 -shl edx, cl -test byte [ebp - 0x141], dl -jne short loc_fffbe0c5 ; jne 0xfffbe0c5 - -loc_fffbe097: ; not directly referenced -inc dword [ebp - 0x108] -add eax, 0x90 -add dword [ebp - 0x120], 0x18 -add dword [ebp - 0x12c], 0x20 -add dword [ebp - 0x100], 4 -cmp dword [ebp - 0x108], 2 -jne short loc_fffbe082 ; jne 0xfffbe082 -jmp near loc_fffbe022 ; jmp 0xfffbe022 - -loc_fffbe0c5: ; not directly referenced -cmp byte [ebp - 0xfc], 0 -jne short loc_fffbe0da ; jne 0xfffbe0da -mov ebx, dword [ebp - 0x100] -mov dword [ebx], 0xffffffff - -loc_fffbe0da: ; not directly referenced -mov dl, byte [edi + 0x2488] -mov byte [ebp - 0x124], dl -xor edx, edx - -loc_fffbe0e8: ; not directly referenced -cmp byte [ebp - 0x124], dl -jbe short loc_fffbe116 ; jbe 0xfffbe116 -mov ebx, dword [ebp - 0x100] -mov ecx, dword [eax + edx*8 + 0x2914] -cmp dword [eax + edx*8 + 0x2910], ecx -cmovbe ecx, dword [eax + edx*8 + 0x2910] -cmp ecx, dword [ebx] -cmova ecx, dword [ebx] -inc edx -mov dword [ebx], ecx -jmp short loc_fffbe0e8 ; jmp 0xfffbe0e8 - -loc_fffbe116: ; not directly referenced -xor edx, edx - -loc_fffbe118: ; not directly referenced -mov ecx, dword [ebp - 0x120] -movzx ecx, byte [ecx + edx + 0x10] -test cl, cl -je loc_fffbe097 ; je 0xfffbe097 -mov dword [ebp - 0x104], 0 -mov dword [ebp - 0x118], 0xffffffff -mov dword [ebp - 0x114], 0xffffffff - -loc_fffbe149: ; not directly referenced -mov bl, byte [ebp - 0x104] -cmp byte [ebp - 0x124], bl -jbe short loc_fffbe1ac ; jbe 0xfffbe1ac -mov ebx, dword [ebp - 0x104] -bt ecx, ebx -jae short loc_fffbe1a4 ; jae 0xfffbe1a4 -mov dword [ebp - 0x148], edx -mov edx, dword [ebp - 0x114] -cmp edx, dword [eax + ebx*8 + 0x2910] -cmova edx, dword [eax + ebx*8 + 0x2910] -mov dword [ebp - 0x114], edx -mov edx, dword [ebp - 0x118] -cmp edx, dword [eax + ebx*8 + 0x2914] -cmova edx, dword [eax + ebx*8 + 0x2914] -mov dword [ebp - 0x118], edx -mov edx, dword [ebp - 0x148] - -loc_fffbe1a4: ; not directly referenced -inc dword [ebp - 0x104] -jmp short loc_fffbe149 ; jmp 0xfffbe149 - -loc_fffbe1ac: ; not directly referenced -mov ecx, dword [ebp - 0xfc] -movzx ebx, byte [ebp + ecx - 0xe8] -mov ecx, dword [ebp - 0x118] -sub ecx, dword [ebp - 0x114] -mov dword [ebp - 0x104], ebx -mov ebx, dword [ebp - 0x104] -imul ebx, ecx -mov ecx, dword [ebp - 0x12c] -add dword [ecx + edx*4], ebx -inc edx -cmp edx, 8 -jne loc_fffbe118 ; jne 0xfffbe118 -jmp near loc_fffbe097 ; jmp 0xfffbe097 - -loc_fffbe1ed: ; not directly referenced -inc dword [ebp - 0xfc] -cmp dword [ebp - 0xfc], 3 -jne loc_fffbdee0 ; jne 0xfffbdee0 -movzx edx, word [ebp - 0x138] -movzx eax, word [ebp - 0x13c] -mov dword [ebp - 0x120], edi -mov dword [ebp - 0xfc], 0 -add eax, edx -mov dword [ebp - 0x12c], eax -movsx eax, byte [ebp - 0x11c] -sar dword [ebp - 0x12c], 2 -imul esi, eax, 0xa -imul eax, eax, 0x14 -mov dword [ebp - 0x138], esi -mov dword [ebp - 0x13c], eax -mov eax, dword [ebp - 0x134] -mov dword [ebp - 0x130], eax -lea eax, [edi + 0x49c1] -mov dword [ebp - 0x114], eax -lea eax, [ebp - 0xa8] -mov dword [ebp - 0x11c], eax -lea eax, [ebp - 0x98] -mov dword [ebp - 0x124], eax - -loc_fffbe276: ; not directly referenced -mov eax, dword [ebp - 0x10c] -mov esi, dword [ebp - 0xfc] -bt eax, esi -jae loc_fffbe491 ; jae 0xfffbe491 -mov eax, dword [ebp - 0x114] -mov dword [ebp - 0x100], 0 -lea esi, [eax - 0x126b] -mov dword [ebp - 0x134], esi -mov esi, dword [ebp - 0x120] -mov dword [ebp - 0x108], eax -mov dword [ebp - 0x128], esi -mov esi, dword [ebp - 0x124] - -loc_fffbe2bf: ; not directly referenced -mov ebx, dword [ebp - 0x114] -mov cl, byte [ebp - 0x100] -mov dword [ebp - 0x104], 1 -shl dword [ebp - 0x104], cl -mov al, byte [ebp - 0x104] -test byte [ebx - 0x11a7], al -je loc_fffbe44d ; je 0xfffbe44d -mov eax, dword [ebp - 0x108] -mov ebx, dword [ebp - 0x11c] -mov edx, dword [ebp - 0x100] -mov ecx, dword [ebp - 0x12c] -mov ax, word [eax + 0xc] -or al, 0x80 -cmp dword [ebx + edx*4], ecx -jbe short loc_fffbe33b ; jbe 0xfffbe33b -imul edx, edx, 0x70 -mov ebx, dword [ebp - 0x134] -and eax, 0xffffff80 -or eax, 0xd -mov word [ebx + edx + 0x109f], ax -mov ebx, dword [ebp - 0x108] -mov word [ebx + 0xc], ax -movzx eax, ax -push edx -push edx -push eax -push 6 -jmp short loc_fffbe397 ; jmp 0xfffbe397 - -loc_fffbe33b: ; not directly referenced -mov eax, dword [ebp - 0x108] -xor ebx, ebx -mov ecx, dword [ebp - 0x104] -mov edx, dword [ebp - 0xfc] -mov ax, word [eax + 6] -mov word [ebp - 0x118], ax -or word [ebp - 0x118], 0x10 -push eax -push eax -movzx eax, word [ebp - 0x118] -push eax -mov eax, edi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 - -loc_fffbe378: ; not directly referenced -mov eax, dword [ebp - 0x108] -movzx ecx, byte [eax + ebx + 0x10] -test cl, cl -jne short loc_fffbe3b2 ; jne 0xfffbe3b2 - -loc_fffbe387: ; not directly referenced -mov eax, dword [ebp - 0x118] -push ebx -push ebx -and eax, 0xffef -push eax -push 3 - -loc_fffbe397: ; not directly referenced -mov ecx, dword [ebp - 0x104] -mov eax, edi -mov edx, dword [ebp - 0xfc] -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -jmp near loc_fffbe44d ; jmp 0xfffbe44d - -loc_fffbe3b2: ; not directly referenced -mov edx, dword [esi + ebx*4] -mov dword [ebp - 0x140], ecx -mov eax, edx -sar eax, 0x1f -or eax, 1 -movsx eax, al -imul eax, dword [ebp - 0x138] -add eax, edx -cdq -idiv dword [ebp - 0x13c] -mov dword [esi + ebx*4], eax -push 2 -push 0 -push 1 -push 0 -push ecx -push dword [ebp - 0x100] -push dword [ebp - 0xfc] -push 0 -push 0 -push eax -push 5 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov al, byte [edi + 0x2488] -add esp, 0x30 -mov byte [ebp - 0x141], al -xor eax, eax - -loc_fffbe40c: ; not directly referenced -cmp byte [ebp - 0x141], al -jbe short loc_fffbe43e ; jbe 0xfffbe43e -mov edx, dword [ebp - 0x140] -bt edx, eax -jae short loc_fffbe43b ; jae 0xfffbe43b -mov edx, dword [ebp - 0x128] -imul ecx, dword [esi + ebx*4], 0xa -add dword [edx + eax*8 + 0x2910], ecx -imul ecx, dword [esi + ebx*4], 0xfffffff6 -add dword [edx + eax*8 + 0x2914], ecx - -loc_fffbe43b: ; not directly referenced -inc eax -jmp short loc_fffbe40c ; jmp 0xfffbe40c - -loc_fffbe43e: ; not directly referenced -inc ebx -cmp ebx, 8 -jne loc_fffbe378 ; jne 0xfffbe378 -jmp near loc_fffbe387 ; jmp 0xfffbe387 - -loc_fffbe44d: ; not directly referenced -inc dword [ebp - 0x100] -add esi, 0x20 -add dword [ebp - 0x108], 0x18 -add dword [ebp - 0x128], 0x90 -cmp dword [ebp - 0x100], 2 -jne loc_fffbe2bf ; jne 0xfffbe2bf -push ecx -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x130] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffbe491: ; not directly referenced -inc dword [ebp - 0xfc] -add dword [ebp - 0x130], 0xcc -add dword [ebp - 0x114], 0x13c3 -add dword [ebp - 0x124], 0x40 -add dword [ebp - 0x120], 0x48 -add dword [ebp - 0x11c], 8 -cmp dword [ebp - 0xfc], 2 -jne loc_fffbe276 ; jne 0xfffbe276 -jmp near loc_fffbea01 ; jmp 0xfffbea01 - -loc_fffbe4d2: ; not directly referenced -mov ecx, 1 -mov edx, 5 -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -xor ecx, ecx -mov edx, 5 -mov word [ebp - 0x118], ax -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -mov word [ebp - 0x11c], ax -mov al, byte [ebx + 0x15] -shr al, 6 -movzx edx, al -movzx eax, byte [ebx + 0x16] -and eax, 0x1f -shl eax, 2 -or eax, edx -mov esi, eax -mov dl, al -or edx, 0xffffff80 -shr esi, 6 -cmove edx, eax -mov byte [ebp - 0xeb], dl -mov cl, byte [ebx + 0x14] -movsx dx, dl -movzx eax, byte [ebx + 0x15] -lea edx, [edx + edx*4] -shr cl, 7 -and eax, 0x3f -movzx ecx, cl -add eax, eax -or eax, ecx -mov esi, eax -mov cl, al -or ecx, 0xffffff80 -shr esi, 6 -cmove ecx, eax -add edx, edx -mov byte [ebp - 0xea], cl -movsx cx, cl -sub esp, 0xc -mov word [ebp - 0xe8], dx -movzx edx, byte [edi + 0x248e] -lea ecx, [ecx + ecx*4] -add ecx, ecx -mov eax, edi -mov word [ebp - 0xe6], cx -mov ecx, 0x11 -push 0 -call fcn_fffb26ca ; call 0xfffb26ca -mov al, byte [ebp - 0xed] -lea esi, [edi + 0x3756] -add esp, 0x10 -mov byte [ebp - 0xfc], 0 -mov byte [ebp - 0x10c], al -mov al, byte [ebp - 0xee] -add byte [ebp - 0x10c], al -mov al, byte [ebp - 0xec] -add byte [ebp - 0x10c], al -lea eax, [ebx + 0x70] -xor ebx, ebx -mov dword [ebp - 0x128], eax -mov dword [ebp - 0x104], eax - -loc_fffbe5cb: ; not directly referenced -cmp dword [esi], 2 -jne short loc_fffbe603 ; jne 0xfffbe603 -movzx ecx, byte [esi + 0xc4] -mov edx, ebx -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0xfc], al -push edx -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x104] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffbe603: ; not directly referenced -inc ebx -add esi, 0x13c3 -add dword [ebp - 0x104], 0xcc -cmp ebx, 2 -jne short loc_fffbe5cb ; jne 0xfffbe5cb -lea eax, [edi + 0x2490] -mov ecx, 2 -mov dword [ebp - 0x114], eax -mov edx, eax -mov eax, edi -call fcn_fffa66dd ; call 0xfffa66dd -movzx eax, byte [ebp - 0xfc] -lea ebx, [edi + 0x2b50] -xor ecx, ecx -mov dword [ebp - 0xfc], eax - -loc_fffbe648: ; not directly referenced -mov eax, dword [ebp - 0xfc] -mov dword [ebp + ecx*4 - 0xdc], 0 -bt eax, ecx -jae short loc_fffbe680 ; jae 0xfffbe680 -mov eax, dword [ebx + 4] -mov esi, 0x14 -xor edx, edx -add eax, dword [ebx] -div esi -mov si, 0xc -lea edx, [eax - 1] -cmp edx, 0xb -cmovbe esi, eax -mov dword [ebp + ecx*4 - 0xdc], esi - -loc_fffbe680: ; not directly referenced -inc ecx -add ebx, 0x48 -cmp ecx, 2 -jne short loc_fffbe648 ; jne 0xfffbe648 -mov edx, dword [ebp - 0x114] -mov cl, 5 -mov eax, edi -call fcn_fffa66dd ; call 0xfffa66dd -mov dword [ebp - 0xd4], 0 -mov dword [ebp - 0xb8], 0x7fffffff -mov dword [ebp - 0xa8], 0x7fffffff -mov dword [ebp - 0xd0], 0 -mov dword [ebp - 0xb4], 0x7fffffff -mov dword [ebp - 0xa4], 0x7fffffff -mov dword [ebp - 0x104], 0 - -loc_fffbe6de: ; not directly referenced -xor esi, esi - -loc_fffbe6e0: ; not directly referenced -mov eax, dword [ebp - 0xfc] -bt eax, esi -jb short loc_fffbe724 ; jb 0xfffbe724 - -loc_fffbe6eb: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffbe6e0 ; jne 0xfffbe6e0 -push eax -mov edx, dword [ebp - 0x114] -push eax -mov ecx, dword [ebp - 0xfc] -push 0 -lea eax, [ebp - 0xc8] -push eax -mov eax, edi -push 0x36 -push 1 -push 5 -push 0 -call fcn_fffc6051 ; call 0xfffc6051 -lea edx, [edi + 0x2914] -add esp, 0x20 -xor eax, eax -jmp short loc_fffbe782 ; jmp 0xfffbe782 - -loc_fffbe724: ; not directly referenced -mov eax, dword [ebp - 0x104] -mov ecx, 0xc -xor ebx, ebx -movsx eax, byte [ebp + eax - 0xf1] -imul eax, dword [ebp + esi*4 - 0xdc] -cdq -idiv ecx -mov dword [ebp - 0x120], eax - -loc_fffbe74a: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffbe6eb ; jae 0xfffbe6eb -push 1 -movzx eax, bl -push 0 -inc ebx -push 1 -push 0 -push eax -push 0 -push esi -push 0 -push 0 -push dword [ebp - 0x120] -push 2 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp short loc_fffbe74a ; jmp 0xfffbe74a - -loc_fffbe779: ; not directly referenced -inc eax -add edx, 0x48 -cmp eax, 2 -je short loc_fffbe7d4 ; je 0xfffbe7d4 - -loc_fffbe782: ; not directly referenced -mov esi, dword [ebp - 0xfc] -bt esi, eax -jae short loc_fffbe779 ; jae 0xfffbe779 -mov ebx, dword [ebp - 0x104] -mov ecx, dword [edx - 4] -mov esi, dword [edx] -movzx ebx, byte [ebp + ebx - 0xee] -sub esi, ecx -imul ebx, esi -add dword [ebp + eax*4 - 0xd4], ebx -mov ebx, dword [ebp + eax*4 - 0xb8] -cmp ecx, ebx -cmovg ecx, ebx -mov dword [ebp + eax*4 - 0xb8], ecx -mov ecx, dword [ebp + eax*4 - 0xa8] -cmp dword [edx], ecx -cmovle ecx, dword [edx] -mov dword [ebp + eax*4 - 0xa8], ecx -jmp short loc_fffbe779 ; jmp 0xfffbe779 - -loc_fffbe7d4: ; not directly referenced -inc dword [ebp - 0x104] -cmp dword [ebp - 0x104], 3 -jne loc_fffbe6de ; jne 0xfffbe6de -xor eax, eax -xor ebx, ebx - -loc_fffbe7eb: ; not directly referenced -movsx ecx, word [ebp + eax - 0xe8] -mov edx, dword [ebp + eax*2 - 0xb8] -sub edx, ecx -cmovs edx, ebx -add ecx, dword [ebp + eax*2 - 0xa8] -mov dword [ebp + eax*2 - 0xb8], edx -cmovs ecx, ebx -cmp ecx, edx -cmovle edx, ecx -mov dword [ebp + eax*2 - 0xa8], ecx -mov dword [ebp + eax*2 - 0x98], edx -add eax, 2 -cmp eax, 4 -jne short loc_fffbe7eb ; jne 0xfffbe7eb -movsx eax, byte [ebp - 0x10c] -xor ebx, ebx -movzx edx, word [ebp - 0x118] -imul esi, eax, 0xa -imul eax, eax, 0x14 -mov dword [ebp - 0x120], esi -mov dword [ebp - 0x124], eax -movzx eax, word [ebp - 0x11c] -add eax, edx -mov dword [ebp - 0x10c], eax -lea eax, [edi + 0x2910] -mov dword [ebp - 0x114], eax -mov eax, dword [ebp - 0x128] -sar dword [ebp - 0x10c], 2 -mov dword [ebp - 0x104], eax - -loc_fffbe87b: ; not directly referenced -mov eax, dword [ebp - 0xfc] -bt eax, ebx -jae loc_fffbe9e6 ; jae 0xfffbe9e6 -mov edx, dword [ebp + ebx*4 - 0xd4] -mov eax, edx -sar eax, 0x1f -or eax, 1 -movsx eax, al -imul eax, dword [ebp - 0x120] -add eax, edx -cdq -idiv dword [ebp - 0x124] -cmp dword [ebp - 0x108], 0x306d0 -sete dl -cmp dword [ebp - 0x100], 3 -mov dword [ebp + ebx*4 - 0xd4], eax -seta al -test al, dl -jne short loc_fffbe8e9 ; jne 0xfffbe8e9 -cmp dword [ebp - 0x100], 0 -setne cl -cmp dword [ebp - 0x108], 0x40670 -sete al -test cl, al -je short loc_fffbe914 ; je 0xfffbe914 - -loc_fffbe8e9: ; not directly referenced -mov eax, dword [ebp - 0x10c] -cmp dword [ebp + ebx*4 - 0x98], eax -jbe short loc_fffbe914 ; jbe 0xfffbe914 -movsx eax, byte [ebp + ebx - 0xeb] -mov dword [ebp + ebx*4 - 0xe4], 0 -neg eax -mov dword [ebp + ebx*4 - 0xd4], eax - -loc_fffbe914: ; not directly referenced -mov eax, dword [ebp + ebx*4 - 0xe4] -mov esi, dword [ebp - 0x104] -mov byte [edi + ebx + 0x369d], al -cmp byte [esi + 0x61], 0 -jle short loc_fffbe98b ; jle 0xfffbe98b -cmp dword [ebp - 0x100], 3 -sete cl -test cl, dl -jne short loc_fffbe961 ; jne 0xfffbe961 -cmp dword [ebp - 0x100], 0 -sete cl -cmp dword [ebp - 0x108], 0x40670 -sete byte [ebp - 0x118] -xor edx, edx -test byte [ebp - 0x118], cl -je short loc_fffbe96a ; je 0xfffbe96a - -loc_fffbe961: ; not directly referenced -mov esi, dword [ebp - 0x104] -mov dl, byte [esi + 0x73] - -loc_fffbe96a: ; not directly referenced -sub dl, byte [ebp + ebx - 0xeb] -add edx, 3 -movsx esi, dl -cmp dword [ebp + ebx*4 - 0xd4], esi -jle short loc_fffbe98b ; jle 0xfffbe98b -test eax, eax -je short loc_fffbe98b ; je 0xfffbe98b -mov dword [ebp + ebx*4 - 0xd4], esi - -loc_fffbe98b: ; not directly referenced -mov eax, dword [ebp - 0xfc] -lea ecx, [ebx + 1] -push 2 -mov esi, dword [ebp + ebx*4 - 0xd4] -sar eax, cl -push eax -push 1 -push 0 -push 7 -push 0 -push ebx -push 0 -push 0 -push esi -push 5 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov ecx, dword [ebp - 0x114] -imul eax, esi, 0xa -imul esi, esi, 0xfffffff6 -add esp, 0x2c -add dword [ecx], eax -add dword [ecx + 4], esi -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x104] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffbe9e6: ; not directly referenced -inc ebx -add dword [ebp - 0x114], 0x48 -add dword [ebp - 0x104], 0xcc -cmp ebx, 2 -jne loc_fffbe87b ; jne 0xfffbe87b - -loc_fffbea01: ; not directly referenced -push 2 -push 0 -push 1 -push 0 -push 0 -push 0 -push 0 -push 1 -push 0 -push 0 -push 2 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov byte [edi + 0x247a], 0 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffbea2f: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x230 -mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x1fc], eax -mov eax, dword [edi + 0x2443] -mov esi, eax -mov dword [ebp - 0x218], eax -mov eax, dword [edi + 0x188b] -push 0 -push 0x10 -mov dword [ebp - 0x21c], eax -lea eax, [ebp - 0x1d8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x1dc] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x1b0 -lea eax, [ebp - 0x1c8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -mov al, byte [edi + 0x2441] -xor ecx, ecx -mov byte [ebp - 0x1d9], 0 -mov byte [ebp - 0x1da], 0 -mov byte [ebp - 0x21d], al -mov eax, dword [edi + 0x2480] -mov dword [esp], edi -cmp eax, 3 -sete cl -cmp eax, 2 -mov ebx, ecx -sete byte [ebp - 0x21e] -mov dword [ebp - 0x208], ebx -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -cmp ebx, 1 -lea ecx, [edi + 0x2490] -mov dword [ebp - 0x1f4], edi -mov dword [ebp - 0x1f0], 0 -mov dword [ebp - 0x214], ecx -mov dword [ebp - 0x200], eax -sbb eax, eax -and eax, 7 -add eax, 0xa -movzx eax, al -mov dword [ebp - 0x22c], eax - -loc_fffbeb18: ; not directly referenced -mov eax, dword [ebp - 0x1fc] -xor ebx, ebx -mov cl, byte [ebp - 0x1f0] -mov dword [ebp - 0x1ec], 1 -shl dword [ebp - 0x1ec], cl -add eax, 0x70 -mov dword [ebp - 0x204], eax -mov byte [ebp - 0x1f8], 0 - -loc_fffbeb46: ; not directly referenced -mov ecx, dword [ebp - 0x1ec] -mov edx, ebx -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x1f8], al -movzx eax, byte [ebp - 0x1f8] -bt eax, ebx -mov esi, eax -jae short loc_fffbeb86 ; jae 0xfffbeb86 -push ecx -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x218] -push dword [ebp - 0x204] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffbeb86: ; not directly referenced -inc ebx -add dword [ebp - 0x204], 0xcc -cmp ebx, 2 -jne short loc_fffbeb46 ; jne 0xfffbeb46 -cmp byte [ebp - 0x1f8], 0 -je loc_fffbf0bc ; je 0xfffbf0bc -sub esp, 0xc -mov ecx, 0x11 -push 0 -mov edx, esi -mov eax, edi -xor bl, bl -call fcn_fffb26ca ; call 0xfffb26ca -add esp, 0x10 - -loc_fffbebbb: ; not directly referenced -mov dl, bl -cmp bl, 3 -je short loc_fffbec24 ; je 0xfffbec24 -cmp bl, 1 -jne short loc_fffbebd0 ; jne 0xfffbebd0 -mov byte [edi + 0x248b], 9 -jmp short loc_fffbebdc ; jmp 0xfffbebdc - -loc_fffbebd0: ; not directly referenced -cmp bl, 4 -jne short loc_fffbebdc ; jne 0xfffbebdc -mov byte [edi + 0x248b], 0 - -loc_fffbebdc: ; not directly referenced -lea eax, [edx - 4] -cmp al, 2 -sbb eax, eax -and eax, 0x17 -add eax, 0x1f -cmp dl, 5 -sete dl -test byte [ebp - 0x21e], dl -mov dl, 0x25 -lea ecx, [ebp - 0x1d8] -cmovne eax, edx -push edx -movzx eax, al -push edx -mov edx, dword [ebp - 0x214] -push 0 -push ecx -mov ecx, esi -push eax -mov eax, edi -push 1 -push ebx -push dword [ebp - 0x1f0] -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x20 - -loc_fffbec24: ; not directly referenced -inc ebx -cmp ebx, 7 -jne short loc_fffbebbb ; jne 0xfffbebbb -mov ecx, dword [ebp - 0x22c] -sub esp, 0xc -mov edx, esi -push 0 -mov eax, edi -call fcn_fffb2759 ; call 0xfffb2759 -add esp, 0x10 -cmp dword [ebp - 0x208], 0 -je short loc_fffbec72 ; je 0xfffbec72 -push eax -mov ecx, esi -push 0 -xor edx, edx -push 0 -push 0x20 -push 0 -lea eax, [ebp - 0x1da] -push eax -mov eax, edi -push 0xff -push dword [ebp - 0x1ec] -call fcn_fffcfd43 ; call 0xfffcfd43 -jmp short loc_fffbec95 ; jmp 0xfffbec95 - -loc_fffbec72: ; not directly referenced -push 1 -mov ecx, esi -push 1 -xor edx, edx -lea eax, [ebp - 0x1dc] -push eax -mov eax, edi -push 1 -push 0x40 -push 0xffffffffffffffc0 -push 3 -push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd - -loc_fffbec95: ; not directly referenced -add esp, 0x20 -cmp byte [ebp - 0x21d], 0 -sete dl -cmp dword [ebp - 0x21c], 1 -sete al -test dl, al -jne loc_fffbed6c ; jne 0xfffbed6c - -loc_fffbecb4: ; not directly referenced -push edx -push 0 -push 0 -push 3 -push 0xff -push 0 -push 0 -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c -push 0 -push 0 -push 3 -push 0xff -push 0 -push 1 -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x14 -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -lea eax, [ebp - 0x1d8] -mov edx, dword [ebp - 0x214] -pop ecx -mov ecx, esi -pop ebx -mov ebx, dword [ebp - 0x1f0] -push 0 -push eax -mov eax, edi -push 0x36 -push 1 -push 0xd -push ebx -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x14 -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -lea edx, [ebp - 0x1c8] -mov dword [ebp - 0x200], eax -mov eax, edi -call fcn_fffb8ffd ; call 0xfffb8ffd -imul eax, ebx, 0xd8 -mov edx, ebx -add edx, ebx -add esp, 0x10 -lea ecx, [edi + ebx*4] -add edx, edi -mov dword [ebp - 0x210], ecx -mov ecx, dword [ebp - 0x1f4] -add eax, 0x281 -mov dword [ebp - 0x20c], edx -mov dword [ebp - 0x1f8], 0 -mov dword [ebp - 0x228], eax -jmp near loc_fffbef33 ; jmp 0xfffbef33 - -loc_fffbed6c: ; not directly referenced -xor ebx, ebx - -loc_fffbed6e: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbedcb ; jne 0xfffbedcb -push eax -push 0 -push 0 -push 3 -push 0xff -push 0 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -cmp byte [edi + 0x36c9], 2 -jne short loc_fffbedcb ; jne 0xfffbedcb -mov ecx, dword [ebp - 0x1fc] -imul eax, ebx, 0xcc -mov edx, ebx -push 0 -push 1 -movzx eax, byte [ecx + eax + 0xe2] -mov ecx, 0xff -push eax -mov eax, edi -push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -add esp, 0x10 - -loc_fffbedcb: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffbed6e ; jne 0xfffbed6e -sub esp, 0xc -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -cmp dword [ebp - 0x208], 0 -jne short loc_fffbee47 ; jne 0xfffbee47 -mov ecx, dword [ebp - 0x1f4] -mov edx, 6 -mov eax, dword [ecx + 0x3210] -mov dword [ecx + 0x3218], eax -mov eax, dword [ecx + 0x3214] -mov dword [ecx + 0x321c], eax -mov eax, dword [ecx + 0x3258] -mov dword [ecx + 0x3260], eax -mov eax, dword [ecx + 0x325c] -mov dword [ecx + 0x3264], eax -lea eax, [ebp - 0x1dc] -mov ecx, esi -push 1 -push 1 -push eax -mov eax, edi -push 0 -push 0x40 -push 0xffffffffffffffc0 -push 3 -push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd -add esp, 0x20 -jmp short loc_fffbee56 ; jmp 0xfffbee56 - -loc_fffbee47: ; not directly referenced -mov ecx, dword [ebp - 0x1ec] -mov edx, esi -mov eax, edi -call fcn_fffc93f9 ; call 0xfffc93f9 - -loc_fffbee56: ; not directly referenced -mov ebx, dword [ebp - 0x1f4] -mov dword [ebp - 0x1f8], 0 - -loc_fffbee66: ; not directly referenced -imul eax, dword [ebp - 0x1f8], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbeee7 ; jne 0xfffbeee7 -mov eax, dword [ebx + 0x3218] -cmp dword [ebx + 0x3210], eax -cmovbe eax, dword [ebx + 0x3210] -mov dword [ebx + 0x3210], eax -mov eax, dword [ebx + 0x321c] -cmp dword [ebx + 0x3214], eax -cmovbe eax, dword [ebx + 0x3214] -mov dword [ebx + 0x3214], eax -cmp byte [edi + 0x36c9], 2 -jne short loc_fffbeee7 ; jne 0xfffbeee7 -mov edx, dword [ebp - 0x1f8] -mov ecx, dword [ebp - 0x1fc] -push 0 -push 1 -imul eax, edx, 0xcc -movzx eax, byte [ecx + eax + 0xe2] -mov ecx, 0xff -neg eax -push eax -mov eax, edi -push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -add esp, 0x10 - -loc_fffbeee7: ; not directly referenced -inc dword [ebp - 0x1f8] -add ebx, 0x48 -cmp dword [ebp - 0x1f8], 2 -jne loc_fffbee66 ; jne 0xfffbee66 -jmp near loc_fffbecb4 ; jmp 0xfffbecb4 - -loc_fffbef02: ; not directly referenced -add dword [ebp - 0x1f8], 0x13c3 -add ecx, 0x48 -add dword [ebp - 0x210], 0x13c3 -add dword [ebp - 0x20c], 0x13c3 -cmp dword [ebp - 0x1f8], 0x2786 -je loc_fffbf0bc ; je 0xfffbf0bc - -loc_fffbef33: ; not directly referenced -mov ebx, dword [ebp - 0x1f8] -mov al, byte [ebp - 0x1ec] -test byte [edi + ebx + 0x381a], al -je short loc_fffbef02 ; je 0xfffbef02 -mov eax, dword [ebp - 0x1f8] -mov ebx, 0xa -xor edx, edx -mov esi, 0xa -mov byte [ebp - 0x204], 0 -lea eax, [edi + eax + 0x3756] -mov dword [ebp - 0x224], eax -mov eax, dword [ecx + 0x3210] -div ebx -mov ebx, dword [ebp - 0x210] -xor edx, edx -mov byte [ebx + 0x39c7], al -mov eax, dword [ecx + 0x3214] -div esi -xor edx, edx -mov byte [ebx + 0x39c8], al -mov eax, dword [ecx + 0x3450] -div esi -xor edx, edx -mov byte [ebx + 0x39ca], al -mov eax, dword [ecx + 0x3454] -div esi -xor edx, edx -mov byte [ebx + 0x39c9], al -mov eax, dword [ecx + 0x2d90] -mov ebx, dword [ebp - 0x20c] -div esi -xor edx, edx -mov byte [ebx + 0x4757], al -mov eax, dword [ecx + 0x2d94] -div esi -xor edx, edx -mov byte [ebx + 0x4758], al -mov eax, dword [ecx + 0x2fd0] -div esi -xor edx, edx -mov byte [ebx + 0x475f], al -mov eax, dword [ecx + 0x2fd4] -div esi -mov byte [ebx + 0x4760], al - -loc_fffbeff8: ; not directly referenced -mov al, byte [ebp - 0x204] -cmp al, byte [edi + 0x2488] -jae loc_fffbef02 ; jae 0xfffbef02 -movzx ebx, al -imul ebx, ebx, 0x18 -add ebx, dword [ebp - 0x228] -add ebx, dword [ebp - 0x224] -mov byte [ebp - 0x21f], 8 +jmp short loc_fffbda93 ; jmp 0xfffbda93 -loc_fffbf023: ; not directly referenced -mov eax, dword [ecx + 0x26d0] -mov esi, 0xa -xor edx, edx -add ebx, 3 -div esi -xor edx, edx -mov byte [ebx - 3], al -mov eax, dword [ecx + 0x26d4] -div esi -xor edx, edx -mov byte [ebx - 1], al -mov eax, dword [ecx + 0x2b50] -div esi -xor edx, edx -mov byte [ebx + 0x35d], al -mov eax, dword [ecx + 0x2b54] -div esi -xor edx, edx -mov byte [ebx + 0x35f], al -mov eax, dword [ecx + 0x2490] -div esi -xor edx, edx -mov byte [ebx + 0x6bf], al -mov eax, dword [ecx + 0x2494] -div esi -xor edx, edx -mov byte [ebx + 0x6bd], al -mov eax, dword [ecx + 0x2910] -div esi -xor edx, edx -mov byte [ebx + 0xa1f], al -mov eax, dword [ecx + 0x2914] -div esi -mov byte [ebx + 0xa1d], al -dec byte [ebp - 0x21f] -jne loc_fffbf023 ; jne 0xfffbf023 -inc byte [ebp - 0x204] -jmp near loc_fffbeff8 ; jmp 0xfffbeff8 - -loc_fffbf0bc: ; not directly referenced -inc dword [ebp - 0x1f0] -add dword [ebp - 0x1f4], 0x90 -cmp dword [ebp - 0x1f0], 4 -jne loc_fffbeb18 ; jne 0xfffbeb18 -cmp dword [edi + 0x3756], 2 -jne short loc_fffbf0f0 ; jne 0xfffbf0f0 -xor ecx, ecx -mov edx, 0x4198 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 - -loc_fffbf0f0: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffbf107 ; jne 0xfffbf107 -xor ecx, ecx -mov edx, 0x4598 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 - -loc_fffbf107: ; not directly referenced -mov eax, dword [ebp - 0x200] +loc_fffbdaca: ; not directly referenced lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffbf115: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -xor esi, esi -push ebx -add esp, 0xffffff80 -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x60] -mov byte [ebp - 0x67], 5 -mov byte [ebp - 0x66], 2 -mov eax, dword [ebx + 0x5edc] -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -mov dword [ebp - 0x6c], eax -mov al, byte [ebx + 0x248e] -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -mov byte [ebp - 0x6d], al -mov eax, dword [ebx + 0x188b] -mov dword [ebp - 0x74], eax -mov eax, dword [ebx + 0x2443] -push 0 -push 5 -push edi -call dword [eax + 0x60] ; ucall -movzx edx, byte [ebp - 0x67] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x66] -mov ecx, 1 -mov word [ebp - 0x60], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -add esp, 0x10 -mov word [ebp - 0x5e], ax - -loc_fffbf196: ; not directly referenced -mov eax, 1 -mov ecx, esi -shl eax, cl -test byte [ebx + 0x248d], al -je short loc_fffbf1d2 ; je 0xfffbf1d2 -push edx -mov ecx, 3 -push 2 -push 0 -push 0xf -push 0xb -push 0 -push edi -lea edx, [ebp - 0x65] -push edx -push 2 -lea edx, [ebp - 0x67] -push edx -push 4 -push eax -mov eax, ebx -lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 - -loc_fffbf1d2: ; not directly referenced -inc esi -cmp esi, 4 -jne short loc_fffbf196 ; jne 0xfffbf196 -push eax -mov ecx, 3 -push eax -mov eax, ebx -push 0 -push 0xf -push 0 -push 0 -push 0 -push 2 -lea edx, [ebx + 0x2490] -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 -cmp dword [ebp - 0x74], 1 -jne loc_fffbf2df ; jne 0xfffbf2df -lea eax, [ebx + 0x3756] -mov edi, dword [ebp - 0x6c] -mov dword [ebp - 0x78], eax -movzx eax, byte [ebp - 0x6d] -mov dword [ebp - 0x6c], 0 -add edi, 0x1c -mov dword [ebp - 0x80], eax - -loc_fffbf222: ; not directly referenced -mov eax, dword [ebp - 0x80] -mov ecx, dword [ebp - 0x6c] -bt eax, ecx -jb short loc_fffbf248 ; jb 0xfffbf248 - -loc_fffbf22d: ; not directly referenced -inc dword [ebp - 0x6c] -add edi, 0xcc -add dword [ebp - 0x78], 0x13c3 -cmp dword [ebp - 0x6c], 2 -jne short loc_fffbf222 ; jne 0xfffbf222 -jmp near loc_fffbf2df ; jmp 0xfffbf2df - -loc_fffbf248: ; not directly referenced -mov byte [ebp - 0x6d], 0 - -loc_fffbf24c: ; not directly referenced -mov al, byte [ebp - 0x6d] -cmp al, byte [ebx + 0x2488] -jae short loc_fffbf22d ; jae 0xfffbf22d -mov edx, dword [ebp - 0x78] -movzx esi, al -mov byte [ebp - 0x74], 0 -mov cl, byte [edx + 0xc4] -add esi, edx -mov dword [ebp - 0x7c], esi -mov byte [ebp - 0x6e], cl -xor ecx, ecx - -loc_fffbf271: ; not directly referenced -mov eax, 1 -shl eax, cl -test byte [ebp - 0x6e], al -je short loc_fffbf29d ; je 0xfffbf29d -mov eax, dword [ebp - 0x7c] -lea esi, [ecx + ecx*8] -mov al, byte [eax + esi + 0x24d] -mov dl, al -and eax, 0xf -shr dl, 4 -shl edx, 2 -cmp dl, al -setne al -or byte [ebp - 0x74], al - -loc_fffbf29d: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffbf271 ; jne 0xfffbf271 -cmp byte [ebx + 0x240e], 1 -je short loc_fffbf2b2 ; je 0xfffbf2b2 -cmp byte [ebp - 0x74], 1 -jne short loc_fffbf2d7 ; jne 0xfffbf2d7 - -loc_fffbf2b2: ; not directly referenced -movzx esi, byte [ebp - 0x6d] -mov eax, ebx -mov edx, dword [ebp - 0x6c] -mov ecx, esi -add esi, 8 -call fcn_fffa720e ; call 0xfffa720e -or byte [edi + esi*4 + 0xb], 1 -mov ecx, dword [edi + esi*4 + 8] -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffbf2d7: ; not directly referenced -inc byte [ebp - 0x6d] -jmp near loc_fffbf24c ; jmp 0xfffbf24c - -loc_fffbf2df: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffbf2e9: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x540 -mov esi, dword [ebp + 0xc] -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x4fa] -mov dword [ebp - 0x520], edx -mov edx, dword [ebp + 0x14] -mov dword [ebp - 0x51c], eax -mov dword [ebp - 0x52c], esi -mov esi, dword [ebp + 0x18] -mov dword [ebp - 0x524], ecx -mov ecx, 0xa -mov dword [ebp - 0x538], edx -mov dword [ebp - 0x528], ebx -mov ebx, dword [ebp + 0x10] -mov dword [ebp - 0x530], esi -mov esi, dword [ebp + 0x20] -mov byte [ebp - 0x507], 4 -mov byte [ebp - 0x506], 1 -mov byte [ebp - 0x505], 5 -mov eax, esi -mov dword [ebp - 0x534], esi -mov esi, ref_fffd590c ; mov esi, 0xfffd590c -mov byte [ebp - 0x541], al -lea eax, [ebp - 0x4f0] -mov byte [ebp - 0x504], 2 -mov byte [ebp - 0x50b], 4 -mov byte [ebp - 0x50a], 1 -mov byte [ebp - 0x509], 5 -mov byte [ebp - 0x508], 2 -mov byte [ebp - 0x4ff], 1 -mov byte [ebp - 0x4fe], 2 -mov byte [ebp - 0x4fd], 0 -mov byte [ebp - 0x4fc], 0 -mov byte [ebp - 0x4fb], 0 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov edi, dword [ebp - 0x51c] -mov dword [ebp - 0x503], 0 -mov esi, dword [edi + 0x2443] -push 0xff -push 0x4d8 -push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0xff -push 0x54e -push dword [ebp - 0x520] -call dword [esi + 0x5c] ; ucall -mov cl, byte [ebp - 0x524] -mov al, byte [ebp - 0x528] -and cl, byte [edi + 0x248e] -and al, byte [edi + 0x248d] -add esp, 0x10 -mov byte [ebp - 0x50d], 0 -mov edx, dword [ebp - 0x538] -movzx esi, cl -mov edi, eax -xor eax, eax -and cl, 1 -je short loc_fffbf439 ; je 0xfffbf439 -mov ecx, dword [ebp - 0x51c] -mov eax, edi -and al, byte [ecx + 0x381a] -test al, al -mov byte [ebp - 0x50d], al -setne al - -loc_fffbf439: ; not directly referenced -and esi, 2 -mov byte [ebp - 0x50c], 0 -je short loc_fffbf463 ; je 0xfffbf463 -mov esi, dword [ebp - 0x51c] -mov ecx, edi -and cl, byte [esi + 0x4bdd] -mov esi, eax -or esi, 2 -test cl, cl -mov byte [ebp - 0x50c], cl -cmovne eax, esi - -loc_fffbf463: ; not directly referenced -mov cl, byte [ebx] -movzx eax, al -mov esi, dword [ebp - 0x520] -mov dword [ebp - 0x524], eax -mov byte [esi], cl -mov cl, byte [edx] -mov byte [esi + 4], cl -mov cl, byte [ebx + 1] -mov byte [esi + 1], cl -mov cl, byte [edx + 1] -mov byte [esi + 5], cl -mov cl, byte [ebx + 2] -mov byte [esi + 2], cl -mov cl, byte [edx + 2] -mov byte [esi + 6], cl -mov cl, byte [ebx + 3] -mov bl, byte [ebp - 0x530] -mov byte [esi + 3], cl -mov dl, byte [edx + 3] -mov byte [esi + 8], bl -mov byte [esi + 7], dl -mov edx, eax -movzx eax, byte [ebp - 0x52c] -push ecx -push ecx -mov ecx, esi -push 1 -push eax -mov eax, dword [ebp - 0x51c] -call fcn_fffb3a79 ; call 0xfffb3a79 -add esp, 0x10 -cmp dword [ebp + 0x24], 0 -je short loc_fffbf50e ; je 0xfffbf50e -mov esi, dword [ebp - 0x51c] -push ecx -mov ecx, dword [ebp - 0x524] -push 0 -push 0 -lea ebx, [esi + 0x2490] mov eax, esi -push 0 -mov edx, ebx -call fcn_fffc19af ; call 0xfffc19af -mov ecx, dword [ebp - 0x524] -pop eax -mov eax, esi -pop edx -mov edx, ebx -push 0 -push 0xf -push 0 -push 0 -push 0 -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 - -loc_fffbf50e: ; not directly referenced -cmp dword [ebp + 0x28], 0 -je short loc_fffbf547 ; je 0xfffbf547 -mov ebx, dword [ebp - 0x51c] -sub esp, 0xc -push ebx -call fcn_fffbdcd9 ; call 0xfffbdcd9 -mov ecx, dword [ebp - 0x524] -pop eax -mov eax, ebx -pop edx -lea edx, [ebx + 0x2490] -push 0 -push 0xf -push 0 -push 0 -push 0 -push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 - -loc_fffbf547: ; not directly referenced -mov ebx, dword [ebp - 0x520] -mov edx, edi -xor ecx, ecx -mov al, byte [ebp - 0x534] -movzx edi, dl -mov dword [ebp - 0x52c], edi -mov byte [ebx + 0x539], al -lea eax, [ebx + 0x534] -mov dword [ebp - 0x538], eax -mov eax, dword [ebp + 0x1c] -lea ebx, [ebp - 0x507] -mov dword [ebp - 0x530], eax -xor eax, eax - -loc_fffbf583: ; not directly referenced -mov dl, byte [ebp - 0x530] -sub edx, dword [ebp + 0x1c] -cmp dl, byte [ebp - 0x541] -jae loc_fffbf9f9 ; jae 0xfffbf9f9 -mov edi, dword [ebp - 0x530] -mov esi, dword [ebp - 0x538] -mov dl, byte [edi] -mov byte [esi], dl -cmp byte [edi], 6 -ja loc_fffbf92d ; ja 0xfffbf92d -movzx edx, byte [edi] -jmp dword [edx*4 + ref_fffd5918] ; ujmp: jmp dword [edx*4 - 0x2a6e8] - -loc_fffbf5bb: ; not directly referenced -push eax -mov ecx, dword [ebp - 0x524] -push 1 -push 0 -push 0xf -push 0xc -push 0xfffffffffffffff5 -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -mov eax, dword [ebp - 0x51c] -push 2 -lea ebx, [ebp - 0x509] -push ebx -push 0 -push dword [ebp - 0x52c] -lea esi, [ebp - 0x3f8] -mov edx, esi -call fcn_fffca96e ; call 0xfffca96e -mov eax, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edi, [eax + 0x14f] -mov eax, 1 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov cl, 2 -jmp near loc_fffbf92d ; jmp 0xfffbf92d - -loc_fffbf620: ; not directly referenced -push eax -mov ecx, dword [ebp - 0x524] -push 0 -push 9 -push 0xf -push 6 -push 0xfffffffffffffff6 -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -mov eax, dword [ebp - 0x51c] -push 2 -lea ebx, [ebp - 0x50b] -push ebx -push 1 -push dword [ebp - 0x52c] -lea esi, [ebp - 0x110] -mov edx, esi -call fcn_fffca96e ; call 0xfffca96e -mov eax, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edi, [eax + 0x437] -mov eax, 4 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov cl, 2 -jmp near loc_fffbf92d ; jmp 0xfffbf92d - -loc_fffbf685: ; not directly referenced -lea eax, [ebp - 0x208] -xor ebx, ebx -mov dword [ebp - 0x534], eax - -loc_fffbf693: ; not directly referenced -mov eax, dword [ebp - 0x52c] -bt eax, ebx -jb short loc_fffbf6bd ; jb 0xfffbf6bd - -loc_fffbf69e: ; not directly referenced -inc ebx -add dword [ebp - 0x534], 0x3e -cmp ebx, 4 -jne short loc_fffbf693 ; jne 0xfffbf693 -mov cl, 2 -mov eax, 3 -lea ebx, [ebp - 0x509] -jmp near loc_fffbf92d ; jmp 0xfffbf92d - -loc_fffbf6bd: ; not directly referenced -push edi -mov esi, dword [ebp - 0x534] -mov cl, bl -push 2 -push 0 -push 0xf -push 0xb -mov edx, esi -push 0 -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -push 2 -lea eax, [ebp - 0x509] -push eax -mov eax, dword [ebp - 0x51c] -push 4 -mov dword [ebp - 0x528], 1 -shl dword [ebp - 0x528], cl -push dword [ebp - 0x528] -mov ecx, dword [ebp - 0x524] -call fcn_fffca96e ; call 0xfffca96e -imul eax, ebx, 0x3e -mov edi, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edx, [ebp - 0x4f0] -lea edi, [edi + eax + 0x33f] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -lea ecx, [ebp - 0x50d] -lea edi, [ebp - 0x50b] - -loc_fffbf73e: ; not directly referenced -movzx esi, byte [ecx] -test dword [ebp - 0x528], esi -je short loc_fffbf779 ; je 0xfffbf779 -mov si, word [edx + eax + 0x30c] -cmp si, word [edx + 0x30c] -jae short loc_fffbf761 ; jae 0xfffbf761 -mov word [edx + 0x30c], si - -loc_fffbf761: ; not directly referenced -mov si, word [edx + eax + 0x310] -cmp si, word [edx + 0x310] -jae short loc_fffbf779 ; jae 0xfffbf779 -mov word [edx + 0x310], si - -loc_fffbf779: ; not directly referenced -inc ecx -add edx, 2 -cmp ecx, edi -je loc_fffbf69e ; je 0xfffbf69e -jmp short loc_fffbf73e ; jmp 0xfffbf73e - -loc_fffbf787: ; not directly referenced -mov eax, dword [ebp - 0x51c] -lea ebx, [ebp - 0x300] -mov dword [ebp - 0x534], ebx -cmp dword [eax + 0x188b], 1 -setne al -xor ebx, ebx -lea eax, [eax + eax + 0xc] -movsx eax, al -mov dword [ebp - 0x53c], eax - -loc_fffbf7b2: ; not directly referenced -mov eax, dword [ebp - 0x52c] -bt eax, ebx -jb short loc_fffbf7dc ; jb 0xfffbf7dc - -loc_fffbf7bd: ; not directly referenced -inc ebx -add dword [ebp - 0x534], 0x3e -cmp ebx, 4 -jne short loc_fffbf7b2 ; jne 0xfffbf7b2 -mov cl, 2 -mov eax, 2 -lea ebx, [ebp - 0x50b] -jmp near loc_fffbf92d ; jmp 0xfffbf92d - -loc_fffbf7dc: ; not directly referenced -push esi -mov cl, bl -mov esi, dword [ebp - 0x534] -push 0 -push 9 -push 0xf -push dword [ebp - 0x53c] -mov edx, esi -lea eax, [ebp - 0x4fa] -mov dword [ebp - 0x528], 1 -shl dword [ebp - 0x528], cl -push 0 -mov ecx, dword [ebp - 0x524] -push eax -lea eax, [ebp - 0x4ff] -push eax -push 2 -lea eax, [ebp - 0x50b] -push eax -mov eax, dword [ebp - 0x51c] -push 5 -push dword [ebp - 0x528] -call fcn_fffca96e ; call 0xfffca96e -imul eax, ebx, 0x3e -mov edi, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edx, [ebp - 0x4f0] -lea edi, [edi + eax + 0x247] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -lea ecx, [ebp - 0x50d] - -loc_fffbf85b: ; not directly referenced -movzx esi, byte [ecx] -test dword [ebp - 0x528], esi -je short loc_fffbf896 ; je 0xfffbf896 -mov si, word [edx + eax + 0x214] -cmp si, word [edx + 0x214] -jae short loc_fffbf87e ; jae 0xfffbf87e -mov word [edx + 0x214], si - -loc_fffbf87e: ; not directly referenced -mov si, word [edx + eax + 0x218] -cmp si, word [edx + 0x218] -jae short loc_fffbf896 ; jae 0xfffbf896 -mov word [edx + 0x218], si - -loc_fffbf896: ; not directly referenced -inc ecx -add edx, 2 -lea edi, [ebp - 0x50b] -cmp ecx, edi -je loc_fffbf7bd ; je 0xfffbf7bd -jmp short loc_fffbf85b ; jmp 0xfffbf85b - -loc_fffbf8aa: ; not directly referenced -mov eax, dword [ebp - 0x51c] -cmp dword [eax + 0x188b], 1 -jne short loc_fffbf8ca ; jne 0xfffbf8ca -call fcn_fffa9b8c ; call 0xfffa9b8c -mov edx, 0x2f -mov eax, 8 -jmp short loc_fffbf8d1 ; jmp 0xfffbf8d1 - -loc_fffbf8ca: ; not directly referenced -mov edx, 7 -xor eax, eax - -loc_fffbf8d1: ; not directly referenced -push ecx -mov ecx, dword [ebp - 0x524] -push 0 -push 9 -push 0xf -push edx -push eax -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -mov eax, dword [ebp - 0x51c] -push 2 -lea ebx, [ebp - 0x50b] -push ebx -push 6 -push dword [ebp - 0x52c] -lea edx, [ebp - 0x4f0] -lea esi, [ebp - 0x4f0] -call fcn_fffca96e ; call 0xfffca96e -mov eax, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edi, [eax + 0x57] -xor eax, eax -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov cl, 2 - -loc_fffbf92d: ; not directly referenced -imul edi, eax, 0x7c -mov dword [ebp - 0x528], 0 -mov dword [ebp - 0x53c], edi - -loc_fffbf940: ; not directly referenced -mov edi, dword [ebp - 0x528] -cmp byte [ebp + edi - 0x50d], 0 -je loc_fffbf9d5 ; je 0xfffbf9d5 -mov edi, dword [ebp - 0x53c] -lea edx, [ebp - 0x4f0] -add edi, dword [ebp - 0x528] -add edi, edi -add edi, edx -mov dword [ebp - 0x540], edi -xor edi, edi -jmp short loc_fffbf9cf ; jmp 0xfffbf9cf - -loc_fffbf974: ; not directly referenced -mov dl, byte [ebx + edi] -xor esi, esi -mov byte [ebp - 0x534], dl -cmp dl, 0x21 -ja short loc_fffbf98e ; ja 0xfffbf98e -movzx esi, dl -movzx esi, byte [esi + ref_fffd5f1c] ; movzx esi, byte [esi - 0x2a0e4] - -loc_fffbf98e: ; not directly referenced -mov edx, esi -movzx esi, dl -mov dl, byte [ebp - 0x534] -mov dword [ebp - 0x548], eax -mov eax, dword [ebp - 0x520] -mov byte [ebp + esi - 0x503], dl -mov edx, dword [ebp - 0x528] -add esi, esi -lea edx, [edx + esi + 0x20] -mov esi, dword [ebp - 0x540] -mov si, word [esi + edi*4 + 0x24] -inc edi -mov word [eax + edx*2 + 3], si -mov eax, dword [ebp - 0x548] - -loc_fffbf9cf: ; not directly referenced -mov edx, edi -cmp cl, dl -ja short loc_fffbf974 ; ja 0xfffbf974 - -loc_fffbf9d5: ; not directly referenced -inc dword [ebp - 0x528] -cmp dword [ebp - 0x528], 2 -jne loc_fffbf940 ; jne 0xfffbf940 -inc dword [ebp - 0x530] -inc dword [ebp - 0x538] -jmp near loc_fffbf583 ; jmp 0xfffbf583 - -loc_fffbf9f9: ; not directly referenced -mov eax, dword [ebp - 0x520] -lea ebx, [ebp - 0x503] -mov dword [ebp - 0x524], ebx -mov byte [ebp - 0x52c], 0 -mov byte [eax + 0x52f], 0 -mov dword [ebp - 0x528], eax - -loc_fffbfa1f: ; not directly referenced -mov eax, dword [ebp - 0x524] -mov bl, byte [eax] -test bl, bl -je loc_fffbfad2 ; je 0xfffbfad2 -mov ecx, dword [ebp - 0x520] -xor esi, esi -movzx eax, byte [ebp - 0x52c] -mov edi, dword [ebp - 0x51c] -mov byte [ecx + eax + 0x530], bl -lea eax, [ecx + eax*4] -inc byte [ecx + 0x52f] -add edi, 0x49be -mov dword [ebp - 0x530], eax -movzx eax, bl -mov dword [ebp - 0x534], eax - -loc_fffbfa69: ; not directly referenced -cmp byte [ebp + esi - 0x50d], 0 -je short loc_fffbfac0 ; je 0xfffbfac0 -mov edx, dword [ebp - 0x534] -mov ecx, 1 -mov eax, dword [ebp - 0x51c] -call fcn_fffb13cf ; call 0xfffb13cf -cmp bl, 2 -jne short loc_fffbfaa1 ; jne 0xfffbfaa1 -cmp byte [edi + 0x128], 5 -mov dl, byte [edi] -je short loc_fffbfa9e ; je 0xfffbfa9e -cmp dl, 5 -jne short loc_fffbfaa1 ; jne 0xfffbfaa1 - -loc_fffbfa9e: ; not directly referenced -add eax, 0x50 - -loc_fffbfaa1: ; not directly referenced -mov ecx, dword [ebp - 0x528] -mov dx, word [ecx + esi*2 + 0x43] -mov ecx, dword [ebp - 0x530] -cmp dx, ax -cmovbe eax, edx -mov word [ecx + esi*2 + 0x53a], ax - -loc_fffbfac0: ; not directly referenced -inc esi -add edi, 0x13c3 -cmp esi, 2 -jne short loc_fffbfa69 ; jne 0xfffbfa69 -inc byte [ebp - 0x52c] - -loc_fffbfad2: ; not directly referenced -inc dword [ebp - 0x524] -add dword [ebp - 0x528], 4 -lea eax, [ebp - 0x4ff] -cmp dword [ebp - 0x524], eax -jne loc_fffbfa1f ; jne 0xfffbfa1f -lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffbfaf9: ; not directly referenced +fcn_fffbdad4: ; not directly referenced push ebp mov ebp, esp push edi @@ -42937,74 +40542,74 @@ push esi push ebx sub esp, 0x57c mov ebx, dword [ebp + 0x10] -cmp byte [eax + 0x248b], 1 +cmp byte [eax + 0x248c], 1 mov dword [ebp - 0x50c], eax mov dword [ebp - 0x574], ecx mov dword [ebp - 0x53c], ebx mov byte [ebp - 0x566], dl mov byte [ebp - 0x535], cl mov byte [ebp - 0x50e], bl -jne short loc_fffbfb5b ; jne 0xfffbfb5b -mov al, byte [eax + 0x248c] +jne short loc_fffbdb36 ; jne 0xfffbdb36 +mov al, byte [eax + 0x248d] lea edx, [eax + 4] mov byte [ebp - 0x508], al mov byte [ebp - 0x507], al add eax, 2 mov byte [ebp - 0x506], dl mov byte [ebp - 0x505], al -jmp short loc_fffbfb77 ; jmp 0xfffbfb77 +jmp short loc_fffbdb52 ; jmp 0xfffbdb52 -loc_fffbfb5b: ; not directly referenced +loc_fffbdb36: ; not directly referenced mov byte [ebp - 0x508], 1 mov byte [ebp - 0x507], 1 mov byte [ebp - 0x506], 1 mov byte [ebp - 0x505], 1 -loc_fffbfb77: ; not directly referenced +loc_fffbdb52: ; not directly referenced mov ebx, dword [ebp - 0x53c] mov al, bl shr al, 4 inc eax mov byte [ebp - 0x520], al cmp bl, 9 -je short loc_fffbfbaa ; je 0xfffbfbaa +je short loc_fffbdb85 ; je 0xfffbdb85 cmp bl, 8 -je short loc_fffbfbba ; je 0xfffbfbba +je short loc_fffbdb95 ; je 0xfffbdb95 cmp bl, 0xa sete al mov byte [ebp - 0x50d], al shl eax, 2 mov byte [ebp - 0x50f], al -jmp short loc_fffbfbc8 ; jmp 0xfffbfbc8 +jmp short loc_fffbdba3 ; jmp 0xfffbdba3 -loc_fffbfbaa: ; not directly referenced +loc_fffbdb85: ; not directly referenced mov byte [ebp - 0x50d], 1 mov byte [ebp - 0x50f], 1 -jmp short loc_fffbfbc8 ; jmp 0xfffbfbc8 +jmp short loc_fffbdba3 ; jmp 0xfffbdba3 -loc_fffbfbba: ; not directly referenced +loc_fffbdb95: ; not directly referenced mov byte [ebp - 0x50d], 1 mov byte [ebp - 0x50f], 2 -loc_fffbfbc8: ; not directly referenced +loc_fffbdba3: ; not directly referenced mov eax, dword [ebp - 0x53c] cmp al, 0x21 sete dl cmp al, 0x11 sete al or dl, al -jne short loc_fffbfbef ; jne 0xfffbfbef +jne short loc_fffbdbca ; jne 0xfffbdbca cmp byte [ebp - 0x53c], 5 mov dword [ebp - 0x52c], 0 -jne short loc_fffbfc01 ; jne 0xfffbfc01 +jne short loc_fffbdbdc ; jne 0xfffbdbdc -loc_fffbfbef: ; not directly referenced +loc_fffbdbca: ; not directly referenced mov al, byte [ebp - 0x50d] xor eax, 1 movzx eax, al mov dword [ebp - 0x52c], eax -loc_fffbfc01: ; not directly referenced +loc_fffbdbdc: ; not directly referenced lea eax, [ebp - 0x4e0] xor edi, edi mov dword [ebp - 0x51c], eax @@ -43013,17 +40618,17 @@ mov dword [ebp - 0x514], eax movzx eax, byte [ebp - 0x566] mov dword [ebp - 0x518], eax -loc_fffbfc25: ; not directly referenced +loc_fffbdc00: ; not directly referenced mov eax, dword [ebp - 0x518] bt eax, edi -jb short loc_fffbfc90 ; jb 0xfffbfc90 +jb short loc_fffbdc6b ; jb 0xfffbdc6b -loc_fffbfc30: ; not directly referenced +loc_fffbdc0b: ; not directly referenced inc edi add dword [ebp - 0x514], 0x48 add dword [ebp - 0x51c], 0x24 cmp edi, 2 -jne short loc_fffbfc25 ; jne 0xfffbfc25 +jne short loc_fffbdc00 ; jne 0xfffbdc00 mov eax, dword [ebp - 0x518] mov byte [ebp - 0x510], 0 mov dword [ebp - 0x514], 0 @@ -43037,18 +40642,18 @@ movzx eax, byte [ebp - 0x520] mov dword [ebp - 0x57c], eax dec eax mov dword [ebp - 0x580], eax -jmp short loc_fffbfcd3 ; jmp 0xfffbfcd3 +jmp short loc_fffbdcae ; jmp 0xfffbdcae -loc_fffbfc90: ; not directly referenced +loc_fffbdc6b: ; not directly referenced mov eax, dword [ebp - 0x50c] xor ecx, ecx mov esi, dword [ebp - 0x514] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x524], al -loc_fffbfcaa: ; not directly referenced +loc_fffbdc85: ; not directly referenced cmp byte [ebp - 0x524], cl -jbe loc_fffbfc30 ; jbe 0xfffbfc30 +jbe loc_fffbdc0b ; jbe 0xfffbdc0b mov eax, dword [esi + 4] mov ebx, 0x14 xor edx, edx @@ -43058,9 +40663,9 @@ div ebx mov ebx, dword [ebp - 0x51c] mov dword [ebx + ecx*4], eax inc ecx -jmp short loc_fffbfcaa ; jmp 0xfffbfcaa +jmp short loc_fffbdc85 ; jmp 0xfffbdc85 -loc_fffbfcd3: ; not directly referenced +loc_fffbdcae: ; not directly referenced mov esi, dword [ebp - 0x514] mov eax, esi mov byte [ebp - 0x565], al @@ -43074,10 +40679,10 @@ mov dword [ebp - 0x534], eax movzx eax, byte [ebp - 0x50f] mov dword [ebp - 0x558], eax -loc_fffbfd10: ; not directly referenced +loc_fffbdceb: ; not directly referenced mov eax, dword [ebp - 0x518] bt eax, esi -jae loc_fffbfe95 ; jae 0xfffbfe95 +jae loc_fffbde70 ; jae 0xfffbde70 lea eax, [esi + esi*8] lea edi, [ebp - 0x18] add edi, eax @@ -43086,9 +40691,9 @@ mov byte [ebp - 0x524], 0x7f mov byte [ebp - 0x51c], 0 mov dword [ebp - 0x530], eax mov dword [ebp - 0x55c], edi -jmp near loc_fffbfe7d ; jmp 0xfffbfe7d +jmp near loc_fffbde58 ; jmp 0xfffbde58 -loc_fffbfd4c: ; not directly referenced +loc_fffbdd27: ; not directly referenced movzx ebx, byte [ebp - 0x51c] mov eax, dword [ebp - 0x55c] movzx edi, byte [ebp - 0x50e] @@ -43103,7 +40708,7 @@ lea edx, [eax - 2] mov dword [ebp + ecx - 0x498], edx lea ecx, [edi - 8] cmp cl, 1 -ja loc_fffbfeae ; ja 0xfffbfeae +ja loc_fffbde89 ; ja 0xfffbde89 push 1 push 0 push 0 @@ -43116,19 +40721,19 @@ push 0 push 0 push edx -loc_fffbfdb5: ; not directly referenced +loc_fffbdd90: ; not directly referenced push dword [ebp - 0x558] push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -loc_fffbfdc9: ; not directly referenced +loc_fffbdda4: ; not directly referenced cmp byte [ebp - 0x50d], 0 -jne loc_fffbfedf ; jne 0xfffbfedf +jne loc_fffbdeba ; jne 0xfffbdeba -loc_fffbfdd6: ; not directly referenced +loc_fffbddb1: ; not directly referenced cmp dword [ebp - 0x52c], 0 -je short loc_fffbfe11 ; je 0xfffbfe11 +je short loc_fffbddec ; je 0xfffbddec add ebx, dword [ebp - 0x530] mov edi, dword [ebp - 0x524] shl ebx, 5 @@ -43142,7 +40747,7 @@ mov byte [ebp - 0x524], al movzx eax, al mov dword [ebp + ebx - 0x498], eax -loc_fffbfe11: ; not directly referenced +loc_fffbddec: ; not directly referenced movzx eax, byte [ebp - 0x51c] mov edi, dword [ebp - 0x528] lea edx, [eax + edi] @@ -43158,7 +40763,7 @@ lea eax, [ebx + eax*4] mov dword [ebp - 0x548], eax xor eax, eax -loc_fffbfe54: ; not directly referenced +loc_fffbde2f: ; not directly referenced mov ebx, dword [edi + edx] mov ecx, dword [ebp - 0x544] add edx, dword [ebp - 0x560] @@ -43167,25 +40772,25 @@ mov ecx, dword [ebp - 0x548] mov dword [ecx + eax*2], ebx add eax, 4 cmp eax, 0x20 -jne short loc_fffbfe54 ; jne 0xfffbfe54 +jne short loc_fffbde2f ; jne 0xfffbde2f inc byte [ebp - 0x51c] -loc_fffbfe7d: ; not directly referenced +loc_fffbde58: ; not directly referenced mov edi, dword [ebp - 0x50c] mov al, byte [ebp - 0x51c] -cmp al, byte [edi + 0x2488] -jb loc_fffbfd4c ; jb 0xfffbfd4c +cmp al, byte [edi + 0x2489] +jb loc_fffbdd27 ; jb 0xfffbdd27 -loc_fffbfe95: ; not directly referenced +loc_fffbde70: ; not directly referenced inc esi add dword [ebp - 0x520], 0x240 cmp esi, 2 -jne loc_fffbfd10 ; jne 0xfffbfd10 -jmp near loc_fffc0080 ; jmp 0xfffc0080 +jne loc_fffbdceb ; jne 0xfffbdceb +jmp near loc_fffbe05b ; jmp 0xfffbe05b -loc_fffbfeae: ; not directly referenced +loc_fffbde89: ; not directly referenced cmp byte [ebp - 0x50e], 0xa -jne loc_fffbfdc9 ; jne 0xfffbfdc9 +jne loc_fffbdda4 ; jne 0xfffbdda4 push 1 add eax, 2 push 0 @@ -43198,9 +40803,9 @@ push esi push 0 push 0 push eax -jmp near loc_fffbfdb5 ; jmp 0xfffbfdb5 +jmp near loc_fffbdd90 ; jmp 0xfffbdd90 -loc_fffbfedf: ; not directly referenced +loc_fffbdeba: ; not directly referenced movzx eax, byte [ebp - 0x51c] mov edi, dword [ebp - 0x520] mov edx, eax @@ -43213,7 +40818,7 @@ mov dword [ebp - 0x544], eax lea edi, [edi + edx*4] xor eax, eax -loc_fffbff12: ; not directly referenced +loc_fffbdeed: ; not directly referenced mov edx, dword [edi + eax*2] mov ecx, 0xf cmp edx, 0xf @@ -43222,42 +40827,42 @@ mov ecx, dword [ebp - 0x544] mov dword [ecx + eax], edx add eax, 4 cmp eax, 0x20 -jne short loc_fffbff12 ; jne 0xfffbff12 -jmp near loc_fffbfdd6 ; jmp 0xfffbfdd6 +jne short loc_fffbdeed ; jne 0xfffbdeed +jmp near loc_fffbddb1 ; jmp 0xfffbddb1 -loc_fffbff36: ; not directly referenced +loc_fffbdf11: ; not directly referenced inc al -je loc_fffc0675 ; je 0xfffc0675 +je loc_fffbe650 ; je 0xfffbe650 mov eax, dword [ebp - 0x50c] mov ecx, 4 mov edx, 0x4800 -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b mov dword [ebp - 0x520], 0 -loc_fffbff5d: ; not directly referenced +loc_fffbdf38: ; not directly referenced mov eax, dword [ebp - 0x57c] cmp dword [ebp - 0x520], eax -jae loc_fffc000b ; jae 0xfffc000b +jae loc_fffbdfe6 ; jae 0xfffbdfe6 mov al, byte [ebp - 0x510] xor ebx, ebx and eax, 1 mov byte [ebp - 0x558], al -loc_fffbff80: ; not directly referenced +loc_fffbdf5b: ; not directly referenced mov eax, dword [ebp - 0x518] bt eax, ebx -jb loc_fffc00fb ; jb 0xfffc00fb +jb loc_fffbe0d6 ; jb 0xfffbe0d6 -loc_fffbff8f: ; not directly referenced +loc_fffbdf6a: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffbff80 ; jne 0xfffbff80 +jne short loc_fffbdf5b ; jne 0xfffbdf5b mov esi, dword [ebp - 0x50c] xor eax, eax mov edi, dword [ebp - 0x520] push edx mov edx, dword [ebp - 0x518] -movzx ecx, byte [esi + 0x248b] +movzx ecx, byte [esi + 0x248c] test edi, edi push 0 sete al @@ -43265,30 +40870,30 @@ push eax lea eax, [ebp - 0x508] push eax mov eax, esi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 mov eax, dword [ebp - 0x580] add esp, 0x10 cmp edi, eax -jae loc_fffc0298 ; jae 0xfffc0298 +jae loc_fffbe273 ; jae 0xfffbe273 mov eax, dword [ebp - 0x50c] xor edi, edi mov cl, 1 -mov al, byte [eax + 0x3748] +mov al, byte [eax + 0x3749] mov byte [ebp - 0x51c], al -loc_fffbffee: ; not directly referenced +loc_fffbdfc9: ; not directly referenced mov eax, dword [ebp - 0x518] bt eax, edi -jb loc_fffc0222 ; jb 0xfffc0222 +jb loc_fffbe1fd ; jb 0xfffbe1fd -loc_fffbfffd: ; not directly referenced +loc_fffbdfd8: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffbffee ; jne 0xfffbffee +jne short loc_fffbdfc9 ; jne 0xfffbdfc9 test cl, cl -je loc_fffc0298 ; je 0xfffc0298 +je loc_fffbe273 ; je 0xfffbe273 -loc_fffc000b: ; not directly referenced +loc_fffbdfe6: ; not directly referenced lea eax, [ebp - 0x498] mov dword [ebp - 0x530], eax mov eax, dword [ebp + 8] @@ -43298,61 +40903,61 @@ mov dword [ebp - 0x55c], eax movzx eax, byte [ebp - 0x535] mov dword [ebp - 0x578], eax -loc_fffc0041: ; not directly referenced +loc_fffbe01c: ; not directly referenced mov eax, dword [ebp - 0x518] mov esi, dword [ebp - 0x51c] bt eax, esi -jb loc_fffc02a3 ; jb 0xfffc02a3 +jb loc_fffbe27e ; jb 0xfffbe27e -loc_fffc0056: ; not directly referenced +loc_fffbe031: ; not directly referenced inc dword [ebp - 0x51c] add dword [ebp - 0x530], 0x120 add dword [ebp - 0x55c], 0x240 add dword [ebp - 0x534], 9 cmp dword [ebp - 0x51c], 2 -jne short loc_fffc0041 ; jne 0xfffc0041 +jne short loc_fffbe01c ; jne 0xfffbe01c -loc_fffc0080: ; not directly referenced +loc_fffbe05b: ; not directly referenced mov al, 0xff test byte [ebp - 0x566], 1 -je short loc_fffc00b0 ; je 0xfffc00b0 +je short loc_fffbe08b ; je 0xfffbe08b mov esi, dword [ebp - 0x50c] xor edx, edx -mov cl, byte [esi + 0x2488] +mov cl, byte [esi + 0x2489] -loc_fffc0099: ; not directly referenced +loc_fffbe074: ; not directly referenced cmp cl, dl -jbe short loc_fffc00b0 ; jbe 0xfffc00b0 +jbe short loc_fffbe08b ; jbe 0xfffbe08b mov bl, byte [ebp + edx - 0x504] and bl, byte [ebp + edx - 0x4f2] inc edx and eax, ebx -jmp short loc_fffc0099 ; jmp 0xfffc0099 +jmp short loc_fffbe074 ; jmp 0xfffbe074 -loc_fffc00b0: ; not directly referenced +loc_fffbe08b: ; not directly referenced cmp dword [ebp - 0x564], 0 -je loc_fffbff36 ; je 0xfffbff36 +je loc_fffbdf11 ; je 0xfffbdf11 mov edi, dword [ebp - 0x50c] lea esi, [ebp - 0x504] -mov cl, byte [edi + 0x2488] +mov cl, byte [edi + 0x2489] lea edi, [ebp - 0x4f2] mov edx, edi mov byte [ebp - 0x51c], cl -loc_fffc00dd: ; not directly referenced +loc_fffbe0b8: ; not directly referenced mov bl, dl mov ecx, edi inc esi sub ebx, ecx cmp bl, byte [ebp - 0x51c] -jae loc_fffbff36 ; jae 0xfffbff36 +jae loc_fffbdf11 ; jae 0xfffbdf11 mov bl, byte [edx + 9] inc edx and bl, byte [esi + 8] and eax, ebx -jmp short loc_fffc00dd ; jmp 0xfffc00dd +jmp short loc_fffbe0b8 ; jmp 0xfffbe0b8 -loc_fffc00fb: ; not directly referenced +loc_fffbe0d6: ; not directly referenced mov eax, dword [ebp - 0x518] lea ecx, [ebx + 1] mov byte [ebp - 0x51c], 0 @@ -43361,14 +40966,14 @@ mov dword [ebp - 0x528], eax lea eax, [ebx + ebx*8] mov dword [ebp - 0x530], eax -loc_fffc011c: ; not directly referenced +loc_fffbe0f7: ; not directly referenced mov esi, dword [ebp - 0x50c] mov al, byte [ebp - 0x51c] -cmp al, byte [esi + 0x2488] -jae loc_fffbff8f ; jae 0xfffbff8f +cmp al, byte [esi + 0x2489] +jae loc_fffbdf6a ; jae 0xfffbdf6a cmp byte [ebp - 0x50d], 0 movzx eax, byte [ebp - 0x51c] -je short loc_fffc01c3 ; je 0xfffc01c3 +je short loc_fffbe19e ; je 0xfffbe19e add eax, dword [ebp - 0x530] xor ecx, ecx mov dl, byte [ebp - 0x565] @@ -43379,27 +40984,27 @@ mov dword [ebp - 0x524], eax xor eax, eax mov byte [ebp - 0x534], dl -loc_fffc016d: ; not directly referenced +loc_fffbe148: ; not directly referenced cmp byte [ebp - 0x50e], 9 sete dl test byte [ebp - 0x558], dl -jne short loc_fffc0191 ; jne 0xfffc0191 +jne short loc_fffbe16c ; jne 0xfffbe16c cmp byte [ebp - 0x50e], 9 setne dl test byte [ebp - 0x534], dl -je short loc_fffc01a1 ; je 0xfffc01a1 +je short loc_fffbe17c ; je 0xfffbe17c -loc_fffc0191: ; not directly referenced +loc_fffbe16c: ; not directly referenced mov esi, dword [ebp - 0x524] mov edi, 0xf sub edi, dword [esi + ecx] -jmp short loc_fffc01aa ; jmp 0xfffc01aa +jmp short loc_fffbe185 ; jmp 0xfffbe185 -loc_fffc01a1: ; not directly referenced +loc_fffbe17c: ; not directly referenced mov edi, dword [ebp - 0x524] mov edi, dword [edi + ecx] -loc_fffc01aa: ; not directly referenced +loc_fffbe185: ; not directly referenced cmp edi, 0xf mov esi, 0xf cmovbe esi, edi @@ -43407,10 +41012,10 @@ shl esi, cl add ecx, 4 or eax, esi cmp ecx, 0x20 -jne short loc_fffc016d ; jne 0xfffc016d -jmp short loc_fffc01db ; jmp 0xfffc01db +jne short loc_fffbe148 ; jne 0xfffbe148 +jmp short loc_fffbe1b6 ; jmp 0xfffbe1b6 -loc_fffc01c3: ; not directly referenced +loc_fffbe19e: ; not directly referenced lea edx, [ebx + ebx*8] mov esi, dword [ebp - 0x540] add eax, edx @@ -43418,7 +41023,7 @@ shl eax, 5 imul esi, dword [ebp + eax - 0x498] mov eax, esi -loc_fffc01db: ; not directly referenced +loc_fffbe1b6: ; not directly referenced push 1 movzx edx, byte [ebp - 0x51c] push dword [ebp - 0x528] @@ -43434,23 +41039,23 @@ push eax movzx eax, byte [ebp - 0x50e] push eax push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 inc byte [ebp - 0x51c] -jmp near loc_fffc011c ; jmp 0xfffc011c +jmp near loc_fffbe0f7 ; jmp 0xfffbe0f7 -loc_fffc0222: ; not directly referenced +loc_fffbe1fd: ; not directly referenced mov ebx, dword [ebp - 0x50c] mov esi, edi shl esi, 0xa lea edx, [esi + 0x40e0] mov dword [ebp - 0x528], ecx mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f lea edx, [esi + 0x40e4] mov dword [ebp - 0x524], eax mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x528] inc eax sete bl @@ -43460,38 +41065,38 @@ and ebx, eax and ebx, ecx mov ecx, 1 cmp byte [ebp - 0x51c], 0 -je short loc_fffc0291 ; je 0xfffc0291 +je short loc_fffbe26c ; je 0xfffbe26c mov eax, dword [ebp - 0x50c] lea edx, [esi + 0x40e8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f xor ecx, ecx inc al sete cl -loc_fffc0291: ; not directly referenced +loc_fffbe26c: ; not directly referenced and ecx, ebx -jmp near loc_fffbfffd ; jmp 0xfffbfffd +jmp near loc_fffbdfd8 ; jmp 0xfffbdfd8 -loc_fffc0298: ; not directly referenced +loc_fffbe273: ; not directly referenced inc dword [ebp - 0x520] -jmp near loc_fffbff5d ; jmp 0xfffbff5d +jmp near loc_fffbdf38 ; jmp 0xfffbdf38 -loc_fffc02a3: ; not directly referenced +loc_fffbe27e: ; not directly referenced mov esi, dword [ebp - 0x51c] mov edi, dword [ebp - 0x50c] mov ebx, esi shl ebx, 0xa mov eax, edi lea edx, [ebx + 0x40e0] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f lea edx, [ebx + 0x40e4] mov dword [ebp - 0x56c], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f lea edx, [ebx + 0x40e8] mov dword [ebp - 0x570], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov byte [ebp - 0x538], 0xff mov byte [ebp - 0x537], 0xff mov byte [ebp - 0x524], 0 @@ -43502,31 +41107,31 @@ add esi, eax mov dword [ebp - 0x548], eax mov dword [ebp - 0x520], esi -loc_fffc0316: ; not directly referenced +loc_fffbe2f1: ; not directly referenced mov eax, dword [ebp - 0x50c] -mov dl, byte [eax + 0x2488] +mov dl, byte [eax + 0x2489] cmp byte [ebp - 0x524], dl -jae loc_fffc0602 ; jae 0xfffc0602 +jae loc_fffbe5dd ; jae 0xfffbe5dd movzx eax, byte [ebp - 0x524] cmp al, 3 -ja short loc_fffc0350 ; ja 0xfffc0350 +ja short loc_fffbe32b ; ja 0xfffbe32b mov esi, dword [ebp - 0x56c] lea ecx, [eax*8] shr esi, cl mov dword [ebp - 0x558], esi -jmp short loc_fffc037a ; jmp 0xfffc037a +jmp short loc_fffbe355 ; jmp 0xfffbe355 -loc_fffc0350: ; not directly referenced +loc_fffbe32b: ; not directly referenced mov bl, byte [ebp - 0x567] cmp byte [ebp - 0x524], 7 mov byte [ebp - 0x558], bl -ja short loc_fffc037a ; ja 0xfffc037a +ja short loc_fffbe355 ; ja 0xfffbe355 mov edi, dword [ebp - 0x570] lea ecx, [eax*8 - 0x20] shr edi, cl mov dword [ebp - 0x558], edi -loc_fffc037a: ; not directly referenced +loc_fffbe355: ; not directly referenced mov esi, dword [ebp - 0x534] lea edi, [ebp - 0x498] xor ecx, ecx @@ -43542,7 +41147,7 @@ lea edi, [esi + eax*4] mov eax, dword [ebp - 0x520] add eax, ebx -loc_fffc03b8: ; not directly referenced +loc_fffbe393: ; not directly referenced mov edx, 1 movzx esi, byte [eax - 0x4da] shl edx, cl @@ -43551,44 +41156,44 @@ mov dl, byte [eax - 0x4ec] mov byte [ebp - 0x536], dl and edx, esi test byte [ebp - 0x528], dl -jne short loc_fffc0443 ; jne 0xfffc0443 +jne short loc_fffbe41e ; jne 0xfffbe41e mov dl, byte [ebp - 0x528] test byte [ebp - 0x558], dl -je short loc_fffc0421 ; je 0xfffc0421 +je short loc_fffbe3fc ; je 0xfffbe3fc or esi, edx mov edx, esi mov esi, dword [ebp - 0x544] mov byte [eax - 0x4da], dl mov esi, dword [esi] cmp dword [edi + ecx*8], esi -jb short loc_fffc0443 ; jb 0xfffc0443 +jb short loc_fffbe41e ; jb 0xfffbe41e mov dl, byte [ebp - 0x528] dec esi mov dword [edi + ecx*8], esi not edx and dl, byte [ebp - 0x536] mov byte [eax - 0x4ec], dl -jmp short loc_fffc0443 ; jmp 0xfffc0443 +jmp short loc_fffbe41e ; jmp 0xfffbe41e -loc_fffc0421: ; not directly referenced +loc_fffbe3fc: ; not directly referenced mov dl, byte [ebp - 0x528] mov esi, dword [ebp - 0x544] or dl, byte [ebp - 0x536] mov byte [eax - 0x4ec], dl mov edx, dword [esi] cmp dword [edi + ecx*8], edx -jae short loc_fffc0443 ; jae 0xfffc0443 +jae short loc_fffbe41e ; jae 0xfffbe41e mov dword [edi + ecx*8], edx -loc_fffc0443: ; not directly referenced +loc_fffbe41e: ; not directly referenced mov esi, dword [ebp - 0x560] inc ecx add dword [ebp - 0x544], esi cmp ecx, 8 -jne loc_fffc03b8 ; jne 0xfffc03b8 +jne loc_fffbe393 ; jne 0xfffbe393 cmp byte [ebp - 0x50e], 1 mov al, 0xf -jne short loc_fffc0488 ; jne 0xfffc0488 +jne short loc_fffbe463 ; jne 0xfffbe463 push eax mov ecx, dword [ebp - 0x578] push 0xf @@ -43596,12 +41201,12 @@ mov edx, dword [ebp - 0x51c] push dword [ebp - 0x514] mov eax, dword [ebp - 0x50c] push ebx -call fcn_fffaec68 ; call 0xfffaec68 +call fcn_fffb399f ; call 0xfffb399f add esp, 0x10 -loc_fffc0488: ; not directly referenced +loc_fffbe463: ; not directly referenced cmp byte [ebp - 0x50d], 0 -je short loc_fffc04e9 ; je 0xfffc04e9 +je short loc_fffbe4c4 ; je 0xfffbe4c4 mov edi, dword [ebp - 0x534] lea esi, [ebp - 0x498] xor ecx, ecx @@ -43610,47 +41215,47 @@ shl edi, 5 add edi, esi mov dword [ebp - 0x528], edi -loc_fffc04ac: ; not directly referenced +loc_fffbe487: ; not directly referenced mov edi, dword [ebp - 0x528] mov edx, 1 shl edx, cl mov esi, dword [edi + ecx*4] movzx edi, al cmp esi, edi -jb short loc_fffc04d0 ; jb 0xfffc04d0 +jb short loc_fffbe4ab ; jb 0xfffbe4ab mov edi, dword [ebp - 0x520] or byte [ebx + edi - 0x4da], dl -loc_fffc04d0: ; not directly referenced +loc_fffbe4ab: ; not directly referenced test esi, esi -jne short loc_fffc04e1 ; jne 0xfffc04e1 +jne short loc_fffbe4bc ; jne 0xfffbe4bc mov edi, dword [ebp - 0x520] or byte [ebx + edi - 0x4ec], dl -loc_fffc04e1: ; not directly referenced +loc_fffbe4bc: ; not directly referenced inc ecx cmp ecx, 8 -jne short loc_fffc04ac ; jne 0xfffc04ac -jmp short loc_fffc0523 ; jmp 0xfffc0523 +jne short loc_fffbe487 ; jne 0xfffbe487 +jmp short loc_fffbe4fe ; jmp 0xfffbe4fe -loc_fffc04e9: ; not directly referenced +loc_fffbe4c4: ; not directly referenced mov edi, dword [ebp - 0x548] movzx eax, al lea edx, [edi + ebx] shl edx, 5 mov edx, dword [ebp + edx - 0x498] cmp edx, eax -jb short loc_fffc0511 ; jb 0xfffc0511 +jb short loc_fffbe4ec ; jb 0xfffbe4ec mov eax, dword [ebp - 0x520] mov byte [ebx + eax - 0x4da], 0xff -loc_fffc0511: ; not directly referenced +loc_fffbe4ec: ; not directly referenced test edx, edx -jne short loc_fffc0523 ; jne 0xfffc0523 +jne short loc_fffbe4fe ; jne 0xfffbe4fe mov eax, dword [ebp - 0x520] mov byte [ebx + eax - 0x4ec], 0xff -loc_fffc0523: ; not directly referenced +loc_fffbe4fe: ; not directly referenced mov eax, dword [ebp - 0x520] lea edx, [eax + ebx] mov al, byte [edx - 0x4ec] @@ -43658,9 +41263,9 @@ mov dl, byte [edx - 0x4da] and byte [ebp - 0x537], al and byte [ebp - 0x538], dl cmp dword [ebp - 0x52c], 0 -jne loc_fffc05f7 ; jne 0xfffc05f7 +jne loc_fffbe5d2 ; jne 0xfffbe5d2 cmp byte [ebp - 0x50d], 0 -je short loc_fffc05b0 ; je 0xfffc05b0 +je short loc_fffbe58b ; je 0xfffbe58b mov esi, dword [ebp - 0x534] lea edi, [ebp - 0x498] lea ecx, [ebx + esi] @@ -43672,46 +41277,46 @@ mov byte [ebp - 0x528], bl lea edi, [ebp + ecx - 0x258] xor ecx, ecx -loc_fffc0582: ; not directly referenced +loc_fffbe55d: ; not directly referenced mov ebx, 1 shl ebx, cl test byte [ebp - 0x528], bl -jne short loc_fffc05a8 ; jne 0xfffc05a8 +jne short loc_fffbe583 ; jne 0xfffbe583 test dl, bl -jne short loc_fffc059a ; jne 0xfffc059a +jne short loc_fffbe575 ; jne 0xfffbe575 inc dword [esi + ecx*4] -jmp short loc_fffc05a8 ; jmp 0xfffc05a8 +jmp short loc_fffbe583 ; jmp 0xfffbe583 -loc_fffc059a: ; not directly referenced +loc_fffbe575: ; not directly referenced test al, bl -jne short loc_fffc05a8 ; jne 0xfffc05a8 +jne short loc_fffbe583 ; jne 0xfffbe583 mov ebx, dword [edi + ecx*4] dec ebx mov dword [edi + ecx*4], ebx mov dword [esi + ecx*4], ebx -loc_fffc05a8: ; not directly referenced +loc_fffbe583: ; not directly referenced inc ecx cmp ecx, 8 -jne short loc_fffc0582 ; jne 0xfffc0582 -jmp short loc_fffc05f7 ; jmp 0xfffc05f7 +jne short loc_fffbe55d ; jne 0xfffbe55d +jmp short loc_fffbe5d2 ; jmp 0xfffbe5d2 -loc_fffc05b0: ; not directly referenced +loc_fffbe58b: ; not directly referenced mov cl, dl and ecx, eax inc cl -je short loc_fffc05f7 ; je 0xfffc05f7 +je short loc_fffbe5d2 ; je 0xfffbe5d2 inc dl -je short loc_fffc05d0 ; je 0xfffc05d0 +je short loc_fffbe5ab ; je 0xfffbe5ab mov eax, dword [ebp - 0x548] add eax, ebx shl eax, 5 inc dword [ebp + eax - 0x498] -jmp short loc_fffc05f7 ; jmp 0xfffc05f7 +jmp short loc_fffbe5d2 ; jmp 0xfffbe5d2 -loc_fffc05d0: ; not directly referenced +loc_fffbe5ab: ; not directly referenced inc al -je short loc_fffc05f7 ; je 0xfffc05f7 +je short loc_fffbe5d2 ; je 0xfffbe5d2 mov eax, dword [ebp - 0x548] add eax, ebx shl eax, 5 @@ -43720,77 +41325,77 @@ lea edx, [esi - 1] mov dword [ebp + eax - 0x258], edx mov dword [ebp + eax - 0x498], edx -loc_fffc05f7: ; not directly referenced +loc_fffbe5d2: ; not directly referenced inc byte [ebp - 0x524] -jmp near loc_fffc0316 ; jmp 0xfffc0316 +jmp near loc_fffbe2f1 ; jmp 0xfffbe2f1 -loc_fffc0602: ; not directly referenced +loc_fffbe5dd: ; not directly referenced cmp dword [ebp - 0x52c], 1 -jne loc_fffc0056 ; jne 0xfffc0056 +jne loc_fffbe031 ; jne 0xfffbe031 mov al, byte [ebp - 0x537] mov edi, dword [ebp - 0x538] and eax, edi inc al -je loc_fffc0056 ; je 0xfffc0056 +je loc_fffbe031 ; je 0xfffbe031 mov eax, edi inc al -je short loc_fffc0637 ; je 0xfffc0637 +je short loc_fffbe612 ; je 0xfffbe612 mov eax, dword [ebp - 0x530] inc dword [eax] -loc_fffc0633: ; not directly referenced +loc_fffbe60e: ; not directly referenced xor eax, eax -jmp short loc_fffc065a ; jmp 0xfffc065a +jmp short loc_fffbe635 ; jmp 0xfffbe635 -loc_fffc0637: ; not directly referenced +loc_fffbe612: ; not directly referenced imul ecx, dword [ebp - 0x51c], 0x120 mov edi, dword [ebp - 0x530] mov eax, dword [ebp + ecx - 0x258] dec eax mov dword [ebp + ecx - 0x258], eax mov dword [edi], eax -jmp short loc_fffc0633 ; jmp 0xfffc0633 +jmp short loc_fffbe60e ; jmp 0xfffbe60e -loc_fffc065a: ; not directly referenced +loc_fffbe635: ; not directly referenced cmp dl, al -jbe loc_fffc0056 ; jbe 0xfffc0056 +jbe loc_fffbe031 ; jbe 0xfffbe031 mov esi, dword [ebp - 0x530] mov ecx, eax inc eax shl ecx, 5 mov ebx, dword [esi] mov dword [esi + ecx], ebx -jmp short loc_fffc065a ; jmp 0xfffc065a +jmp short loc_fffbe635 ; jmp 0xfffbe635 -loc_fffc0675: ; not directly referenced +loc_fffbe650: ; not directly referenced cmp byte [ebp - 0x50d], 0 -jne loc_fffc0726 ; jne 0xfffc0726 +jne loc_fffbe701 ; jne 0xfffbe701 mov eax, dword [ebp + 8] xor edi, edi mov dword [ebp - 0x51c], eax mov eax, dword [ebp + 0xc] mov dword [ebp - 0x520], eax -loc_fffc0696: ; not directly referenced +loc_fffbe671: ; not directly referenced mov eax, dword [ebp - 0x518] bt eax, edi -jb short loc_fffc06be ; jb 0xfffc06be +jb short loc_fffbe699 ; jb 0xfffbe699 -loc_fffc06a1: ; not directly referenced +loc_fffbe67c: ; not directly referenced inc edi add dword [ebp - 0x520], 0x48 add dword [ebp - 0x51c], 0x240 cmp edi, 2 -je loc_fffc07ef ; je 0xfffc07ef -jmp short loc_fffc0696 ; jmp 0xfffc0696 +je loc_fffbe7ca ; je 0xfffbe7ca +jmp short loc_fffbe671 ; jmp 0xfffbe671 -loc_fffc06be: ; not directly referenced +loc_fffbe699: ; not directly referenced xor ebx, ebx -loc_fffc06c0: ; not directly referenced +loc_fffbe69b: ; not directly referenced mov eax, dword [ebp - 0x50c] -cmp bl, byte [eax + 0x2488] -jae short loc_fffc06a1 ; jae 0xfffc06a1 +cmp bl, byte [eax + 0x2489] +jae short loc_fffbe67c ; jae 0xfffbe67c movzx ecx, bl mov esi, dword [ebp - 0x51c] xor edx, edx @@ -43801,14 +41406,14 @@ mov dword [ebp - 0x524], ecx lea esi, [esi + eax*4] mov eax, 0x7f -loc_fffc06f2: ; not directly referenced +loc_fffbe6cd: ; not directly referenced movzx ecx, al cmp ecx, dword [esi + edx] movzx ecx, byte [esi + edx] cmova eax, ecx add edx, 8 cmp edx, 0x40 -jne short loc_fffc06f2 ; jne 0xfffc06f2 +jne short loc_fffbe6cd ; jne 0xfffbe6cd mov esi, dword [ebp - 0x524] imul eax, eax, 0xa inc ebx @@ -43817,26 +41422,26 @@ add ecx, esi mov esi, dword [ebp - 0x520] add ecx, dword [ebp - 0x514] mov dword [esi + ecx*4], eax -jmp short loc_fffc06c0 ; jmp 0xfffc06c0 +jmp short loc_fffbe69b ; jmp 0xfffbe69b -loc_fffc0726: ; not directly referenced +loc_fffbe701: ; not directly referenced mov al, byte [ebp - 0x510] xor edi, edi mov esi, dword [ebp + 8] and eax, 1 mov byte [ebp - 0x520], al -loc_fffc073a: ; not directly referenced +loc_fffbe715: ; not directly referenced mov eax, dword [ebp - 0x518] xor edx, edx bt eax, edi -jb short loc_fffc07b2 ; jb 0xfffc07b2 +jb short loc_fffbe78d ; jb 0xfffbe78d -loc_fffc0747: ; not directly referenced +loc_fffbe722: ; not directly referenced inc edi add esi, 0x240 cmp edi, 2 -jne short loc_fffc073a ; jne 0xfffc073a +jne short loc_fffbe715 ; jne 0xfffbe715 push 2 movzx eax, byte [ebp - 0x535] push 0 @@ -43851,30 +41456,30 @@ push 0 push 0 push eax push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -jmp short loc_fffc07ef ; jmp 0xfffc07ef +jmp short loc_fffbe7ca ; jmp 0xfffbe7ca -loc_fffc0785: ; not directly referenced +loc_fffbe760: ; not directly referenced cmp byte [ebp - 0x50e], 9 sete bl test byte [ebp - 0x520], bl -jne short loc_fffc07e2 ; jne 0xfffc07e2 +jne short loc_fffbe7bd ; jne 0xfffbe7bd cmp byte [ebp - 0x50e], 9 setne bl test byte [ebp - 0x51c], bl -jne short loc_fffc07e2 ; jne 0xfffc07e2 +jne short loc_fffbe7bd ; jne 0xfffbe7bd -loc_fffc07a9: ; not directly referenced +loc_fffbe784: ; not directly referenced add eax, 8 cmp eax, 0x40 -jne short loc_fffc0785 ; jne 0xfffc0785 +jne short loc_fffbe760 ; jne 0xfffbe760 inc edx -loc_fffc07b2: ; not directly referenced +loc_fffbe78d: ; not directly referenced mov eax, dword [ebp - 0x50c] -cmp dl, byte [eax + 0x2488] -jae short loc_fffc0747 ; jae 0xfffc0747 +cmp dl, byte [eax + 0x2489] +jae short loc_fffbe722 ; jae 0xfffbe722 mov bl, byte [ebp - 0x565] movzx eax, dl shl eax, 4 @@ -43883,20 +41488,20 @@ xor ebx, 1 lea ecx, [esi + eax*4] xor eax, eax mov byte [ebp - 0x51c], bl -jmp short loc_fffc0785 ; jmp 0xfffc0785 +jmp short loc_fffbe760 ; jmp 0xfffbe760 -loc_fffc07e2: ; not directly referenced +loc_fffbe7bd: ; not directly referenced mov ebx, 0xf sub ebx, dword [ecx + eax] mov dword [ecx + eax], ebx -jmp short loc_fffc07a9 ; jmp 0xfffc07a9 +jmp short loc_fffbe784 ; jmp 0xfffbe784 -loc_fffc07ef: ; not directly referenced +loc_fffbe7ca: ; not directly referenced inc byte [ebp - 0x510] inc dword [ebp - 0x514] and byte [ebp - 0x510], 1 cmp dword [ebp - 0x514], 2 -jne loc_fffbfcd3 ; jne 0xfffbfcd3 +jne loc_fffbdcae ; jne 0xfffbdcae push 2 mov edx, 0 push 0 @@ -43914,7 +41519,7 @@ push eax movzx eax, byte [ebp - 0x53c] push eax push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 lea esp, [ebp - 0xc] pop ebx pop esi @@ -43922,7 +41527,7 @@ pop edi pop ebp ret -fcn_fffc0855: ; not directly referenced +fcn_fffbe830: ; not directly referenced push ebp mov ebp, esp push edi @@ -43932,18 +41537,18 @@ push ebx mov ebx, eax sub esp, 0x3c mov eax, dword [ebp + 8] -cmp dword [ebx + 0x2480], 2 +cmp dword [ebx + 0x2481], 2 mov dword [ebp - 0x28], edx mov dword [ebp - 0x24], eax mov byte [ebp - 0x2a], al -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] mov dword [ebp - 0x38], eax -jne short loc_fffc088c ; jne 0xfffc088c +jne short loc_fffbe867 ; jne 0xfffbe867 cmp byte [ebp - 0x24], 5 mov al, 0x25 cmove esi, eax -loc_fffc088c: ; not directly referenced +loc_fffbe867: ; not directly referenced movzx eax, byte [ebp - 0x24] movzx edi, cl push ecx @@ -43951,7 +41556,7 @@ push ecx mov ecx, edi mov edx, eax mov dword [ebp - 0x1c], eax -lea eax, [ebx + 0x2490] +lea eax, [ebx + 0x2491] mov dword [ebp - 0x20], eax mov eax, 1 shl eax, cl @@ -43961,10 +41566,10 @@ movzx eax, al push eax mov eax, ebx push edi -call fcn_fffa7e6c ; call 0xfffa7e6c +call fcn_fffa7e1a ; call 0xfffa7e1a add esp, 0x10 test eax, eax -jne loc_fffc0a25 ; jne 0xfffc0a25 +jne loc_fffbea00 ; jne 0xfffbea00 movzx eax, byte [ebp - 0x28] push edx push edx @@ -43980,50 +41585,50 @@ push dword [ebp + 0xc] push dword [ebp - 0x1c] push edi push edi -call fcn_fffd13ed ; call 0xfffd13ed +call fcn_fffd16df ; call 0xfffd16df add esp, 0x20 test eax, eax -jne loc_fffc0a25 ; jne 0xfffc0a25 +jne loc_fffbea00 ; jne 0xfffbea00 mov ecx, dword [ebp - 0x1c] sub esp, 0xc mov eax, ebx mov edx, dword [ebp - 0x20] push edi -call fcn_fffa7d98 ; call 0xfffa7d98 +call fcn_fffa7d46 ; call 0xfffa7d46 add esp, 0x10 test eax, eax -jne loc_fffc0a25 ; jne 0xfffc0a25 +jne loc_fffbea00 ; jne 0xfffbea00 xor edx, edx cmp byte [ebp - 0x24], 0x21 -ja short loc_fffc0927 ; ja 0xfffc0927 +ja short loc_fffbe902 ; ja 0xfffbe902 mov eax, dword [ebp - 0x1c] -movzx edx, byte [eax + ref_fffd5f1c] ; movzx edx, byte [eax - 0x2a0e4] +movzx edx, byte [eax + ref_fffd58e0] ; movzx edx, byte [eax - 0x2a720] -loc_fffc0927: ; not directly referenced +loc_fffbe902: ; not directly referenced imul esi, edx, 0x48 xor eax, eax mov byte [ebp - 0x28], 0 mov dword [ebp - 0x44], esi -loc_fffc0933: ; not directly referenced +loc_fffbe90e: ; not directly referenced test eax, eax sete cl cmp byte [ebp - 0x28], 1 setbe dl test cl, dl -je loc_fffc0a25 ; je 0xfffc0a25 +je loc_fffbea00 ; je 0xfffbea00 mov al, byte [ebp - 0x28] movzx esi, al mov dword [ebp - 0x30], esi mov esi, dword [ebp - 0x3c] bt esi, eax -jb short loc_fffc095f ; jb 0xfffc095f +jb short loc_fffbe93a ; jb 0xfffbe93a -loc_fffc0958: ; not directly referenced +loc_fffbe933: ; not directly referenced xor eax, eax -jmp near loc_fffc0a1d ; jmp 0xfffc0a1d +jmp near loc_fffbe9f8 ; jmp 0xfffbe9f8 -loc_fffc095f: ; not directly referenced +loc_fffbe93a: ; not directly referenced imul eax, dword [ebp - 0x30], 0x24 mov esi, dword [ebp + 0x14] mov dword [ebp - 0x24], 0x18 @@ -44033,10 +41638,10 @@ add eax, dword [ebp + 0x10] mov dword [ebp - 0x34], esi mov dword [ebp - 0x40], eax -loc_fffc097c: ; not directly referenced +loc_fffbe957: ; not directly referenced mov al, byte [ebp - 0x29] -cmp al, byte [ebx + 0x2488] -jae short loc_fffc0958 ; jae 0xfffc0958 +cmp al, byte [ebx + 0x2489] +jae short loc_fffbe933 ; jae 0xfffbe933 imul edx, edi, 0x12 movzx ecx, byte [ebp - 0x29] imul eax, dword [ebp - 0x30], 9 @@ -44046,10 +41651,10 @@ mov esi, eax add eax, ecx lea eax, [eax + edx + 8] add edx, esi -mov eax, dword [ebx + eax*8 + 0x2454] +mov eax, dword [ebx + eax*8 + 0x2455] lea edx, [ecx + edx + 8] mov esi, 0xa -add eax, dword [ebx + edx*8 + 0x2450] +add eax, dword [ebx + edx*8 + 0x2451] xor edx, edx div esi mov edx, dword [ebp - 0x40] @@ -44068,14 +41673,14 @@ sub esp, 0xc push edi mov dword [ebp - 0x24], edx mov edx, dword [ebp - 0x20] -call fcn_fffa7d98 ; call 0xfffa7d98 +call fcn_fffa7d46 ; call 0xfffa7d46 add esp, 0x10 test eax, eax -jne short loc_fffc0a1d ; jne 0xfffc0a1d +jne short loc_fffbe9f8 ; jne 0xfffbe9f8 cmp byte [ebp - 0x2a], 5 -jne short loc_fffc0a15 ; jne 0xfffc0a15 +jne short loc_fffbe9f0 ; jne 0xfffbe9f0 push eax -movzx eax, byte [ebx + 0x2488] +movzx eax, byte [ebx + 0x2489] push dword [ebp - 0x24] push eax mov eax, dword [ebp - 0x38] @@ -44083,15 +41688,15 @@ push dword [ebp - 0x34] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc0a15: ; not directly referenced +loc_fffbe9f0: ; not directly referenced inc byte [ebp - 0x29] -jmp near loc_fffc097c ; jmp 0xfffc097c +jmp near loc_fffbe957 ; jmp 0xfffbe957 -loc_fffc0a1d: ; not directly referenced +loc_fffbe9f8: ; not directly referenced inc byte [ebp - 0x28] -jmp near loc_fffc0933 ; jmp 0xfffc0933 +jmp near loc_fffbe90e ; jmp 0xfffbe90e -loc_fffc0a25: ; not directly referenced +loc_fffbea00: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -44099,7 +41704,7 @@ pop edi pop ebp ret -fcn_fffc0a2d: ; not directly referenced +fcn_fffbea08: ; not directly referenced push ebp mov ebp, esp push edi @@ -44118,7 +41723,7 @@ mov edi, dword [ebp + 0x1c] mov byte [ebp - 0xcee], dl mov dl, byte [ebp + 0x14] mov dword [ebp - 0xc98], esi -mov esi, ref_fffd5934 ; mov esi, 0xfffd5934 +mov esi, ref_fffd53bc ; mov esi, 0xfffd53bc mov dword [ebp - 0xc7c], eax mov dword [ebp - 0xca4], edi mov byte [ebp - 0xcef], dl @@ -44126,22 +41731,22 @@ mov edx, edi lea edi, [ebp - 0xc58] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] lea edi, [ebp - 0xc3c] -mov esi, ref_fffd5950 ; mov esi, 0xfffd5950 +mov esi, ref_fffd53d8 ; mov esi, 0xfffd53d8 mov byte [ebp - 0xc9a], bl mov byte [ebp - 0xc99], dl mov cl, 7 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] lea edi, [ebp - 0xc20] -mov esi, ref_fffd596c ; mov esi, 0xfffd596c +mov esi, ref_fffd53f4 ; mov esi, 0xfffd53f4 mov cl, 7 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov esi, dword [eax + 0x5edc] -mov eax, dword [eax + 0x2443] +mov esi, dword [eax + 0x5edd] +mov eax, dword [eax + 0x2444] mov dword [ebp - 0xce8], esi mov dword [ebp - 0xc84], eax lea eax, [ebx - 1] cmp al, 1 -ja loc_fffc199b ; ja 0xfffc199b +ja loc_fffbf976 ; ja 0xfffbf976 push esi push 0 push 0x10 @@ -44152,15 +41757,15 @@ call dword [eax + 0x5c] ; ucall add esp, 0x10 xor eax, eax -loc_fffc0af6: ; not directly referenced +loc_fffbead1: ; not directly referenced mov byte [ebp + eax - 0xc71], al inc eax cmp eax, 9 -jne short loc_fffc0af6 ; jne 0xfffc0af6 +jne short loc_fffbead1 ; jne 0xfffbead1 movzx eax, bl mov cl, byte [ebp - 0xca0] sub esp, 0xc -mov al, byte [eax + ref_fffd5f1c] ; mov al, byte [eax - 0x2a0e4] +mov al, byte [eax + ref_fffd58e0] ; mov al, byte [eax - 0x2a720] mov edi, dword [ebp - 0xc7c] push 0 dec ecx @@ -44170,10 +41775,10 @@ movzx ecx, cl mov dword [ebp - 0xcec], eax mov edx, eax mov eax, edi -call fcn_fffb26ca ; call 0xfffb26ca +call fcn_fffae9e2 ; call 0xfffae9e2 xor eax, eax add esp, 0x10 -mov byte [edi + 0x248b], 9 +mov byte [edi + 0x248c], 9 mov edi, dword [ebp - 0xc98] cmp bl, 1 cmove eax, edi @@ -44181,7 +41786,7 @@ mov byte [ebp - 0xc9c], al inc eax cmp byte [ebp - 0xca4], 0 mov byte [ebp - 0xced], al -jne short loc_fffc0b82 ; jne 0xfffc0b82 +jne short loc_fffbeb5d ; jne 0xfffbeb5d push ecx push 0 lea eax, [ebp - 0xc04] @@ -44189,9 +41794,9 @@ push 0x1c push eax mov eax, dword [ebp - 0xc84] call dword [eax + 0x5c] ; ucall -jmp short loc_fffc0b9c ; jmp 0xfffc0b9c +jmp short loc_fffbeb77 ; jmp 0xfffbeb77 -loc_fffc0b82: ; not directly referenced +loc_fffbeb5d: ; not directly referenced push edx push 0x1c lea eax, [ebp - 0xc20] @@ -44201,14 +41806,14 @@ push eax mov eax, dword [ebp - 0xc84] call dword [eax + 0x58] ; ucall -loc_fffc0b9c: ; not directly referenced +loc_fffbeb77: ; not directly referenced add esp, 0x10 xor edx, edx xor esi, esi xor eax, eax mov edi, 6 -loc_fffc0baa: ; not directly referenced +loc_fffbeb85: ; not directly referenced movzx ecx, al add esi, dword [ebp + ecx*4 - 0xc58] add edx, dword [ebp + ecx*4 - 0xc3c] @@ -44218,7 +41823,7 @@ mov dword [ebp - 0xcdc], edx cmove eax, edi inc eax cmp al, 7 -jne short loc_fffc0baa ; jne 0xfffc0baa +jne short loc_fffbeb85 ; jne 0xfffbeb85 movzx eax, byte [ebp - 0xc80] cmp bl, 1 sete byte [ebp - 0xc9b] @@ -44235,7 +41840,7 @@ mov dword [ebp - 0xce4], eax movzx eax, byte [ebp - 0xca0] mov dword [ebp - 0xcb4], eax -loc_fffc0c34: ; not directly referenced +loc_fffbec0f: ; not directly referenced mov eax, dword [ebp - 0xce8] mov edi, 1 xor ebx, ebx @@ -44246,43 +41851,43 @@ shl edi, cl mov esi, eax mov dword [ebp - 0xcc8], eax -loc_fffc0c5b: ; not directly referenced +loc_fffbec36: ; not directly referenced mov eax, dword [ebp - 0xcec] bt eax, ebx -jae short loc_fffc0ca5 ; jae 0xfffc0ca5 +jae short loc_fffbec80 ; jae 0xfffbec80 mov eax, dword [ebp - 0xc7c] mov ecx, edi mov edx, ebx -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 or byte [ebp - 0xc98], al movzx eax, byte [ebp - 0xc98] bt eax, ebx -jae short loc_fffc0ca5 ; jae 0xfffc0ca5 +jae short loc_fffbec80 ; jae 0xfffbec80 push eax mov eax, dword [ebp - 0xc7c] push 0 -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] push eax mov eax, dword [ebp - 0xc84] push esi call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc0ca5: ; not directly referenced +loc_fffbec80: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -jne short loc_fffc0c5b ; jne 0xfffc0c5b +jne short loc_fffbec36 ; jne 0xfffbec36 cmp byte [ebp - 0xc98], 0 -jne short loc_fffc0d04 ; jne 0xfffc0d04 +jne short loc_fffbecdf ; jne 0xfffbecdf -loc_fffc0cba: ; not directly referenced +loc_fffbec95: ; not directly referenced inc dword [ebp - 0xc80] cmp dword [ebp - 0xc80], 4 -jne loc_fffc0c34 ; jne 0xfffc0c34 +jne loc_fffbec0f ; jne 0xfffbec0f mov edi, dword [ebp - 0xc7c] movzx eax, byte [ebp - 0xca0] -mov byte [edi + 0x247a], 0 +mov byte [edi + 0x247b], 0 push 2 push 0 push 0 @@ -44295,13 +41900,13 @@ push 0 push 0 push eax push edi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -jmp near loc_fffc19a7 ; jmp 0xfffc19a7 +jmp near loc_fffbf982 ; jmp 0xfffbf982 -loc_fffc0d04: ; not directly referenced +loc_fffbecdf: ; not directly referenced cmp byte [ebp - 0xcef], 1 -jne short loc_fffc0d3e ; jne 0xfffc0d3e +jne short loc_fffbed19 ; jne 0xfffbed19 push 0 movzx eax, byte [ebp - 0xc9b] push 0 @@ -44315,13 +41920,13 @@ push 0 push 0x88888888 push eax push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -loc_fffc0d3e: ; not directly referenced +loc_fffbed19: ; not directly referenced xor ebx, ebx cmp byte [ebp - 0xc99], 0 -je loc_fffc0e26 ; je 0xfffc0e26 +je loc_fffbee01 ; je 0xfffbee01 sub esp, 0xc movzx edx, byte [ebp - 0xc98] lea eax, [ebp - 0xc68] @@ -44335,12 +41940,12 @@ lea eax, [ebp - 0xc71] push eax mov eax, dword [ebp - 0xc7c] push dword [ebp - 0xcb4] -call fcn_fffc0855 ; call 0xfffc0855 +call fcn_fffbe830 ; call 0xfffbe830 add esp, 0x20 test eax, eax -jne short loc_fffc0de8 ; jne 0xfffc0de8 +jne short loc_fffbedc3 ; jne 0xfffbedc3 -loc_fffc0d91: ; not directly referenced +loc_fffbed6c: ; not directly referenced push eax mov ecx, dword [ebp - 0xce4] push eax @@ -44349,7 +41954,7 @@ push edi mov edi, dword [ebp - 0xc80] mov eax, dword [ebp - 0xc7c] push edi -call fcn_fffa7e6c ; call 0xfffa7e6c +call fcn_fffa7e1a ; call 0xfffa7e1a mov al, byte [ebp - 0xc98] add esp, 0x10 mov dword [ebp - 0xcac], 0 @@ -44360,13 +41965,13 @@ mov dword [ebp - 0xca8], eax imul eax, edi, 0x12 mov dword [ebp - 0xc88], ebx mov dword [ebp - 0xcc4], eax -jmp near loc_fffc0feb ; jmp 0xfffc0feb +jmp near loc_fffbefc6 ; jmp 0xfffbefc6 -loc_fffc0de8: ; not directly referenced +loc_fffbedc3: ; not directly referenced mov esi, dword [ebp - 0xc7c] push eax push 0x18 -movzx eax, byte [esi + 0x2488] +movzx eax, byte [esi + 0x2489] push eax push ebx mov ebx, dword [ebp - 0xc84] @@ -44374,20 +41979,20 @@ mov eax, ebx call dword [eax + 0x64] ; ucall add esp, 0xc push 0x18 -movzx eax, byte [esi + 0x2488] +movzx eax, byte [esi + 0x2489] push eax lea eax, [ebp - 0xbc4] push eax mov eax, ebx call dword [eax + 0x64] ; ucall add esp, 0x10 -jmp near loc_fffc0d91 ; jmp 0xfffc0d91 +jmp near loc_fffbed6c ; jmp 0xfffbed6c -loc_fffc0e26: ; not directly referenced +loc_fffbee01: ; not directly referenced mov esi, dword [ebp - 0xc7c] push eax push 1 -movzx eax, byte [esi + 0x2488] +movzx eax, byte [esi + 0x2489] push eax lea eax, [ebp - 0xba0] add eax, ebx @@ -44396,7 +42001,7 @@ mov eax, dword [ebp - 0xc84] call dword [eax + 0x64] ; ucall add esp, 0xc push 1 -movzx eax, byte [esi + 0x2488] +movzx eax, byte [esi + 0x2489] lea esi, [ebp - 0xbe8] push eax lea eax, [esi + ebx] @@ -44406,33 +42011,33 @@ mov eax, dword [ebp - 0xc84] call dword [eax + 0x64] ; ucall add esp, 0x10 cmp ebx, 0x48 -je loc_fffc0d91 ; je 0xfffc0d91 -jmp short loc_fffc0e26 ; jmp 0xfffc0e26 +je loc_fffbed6c ; je 0xfffbed6c +jmp short loc_fffbee01 ; jmp 0xfffbee01 -loc_fffc0e7a: ; not directly referenced +loc_fffbee55: ; not directly referenced cmp byte [ebp - 0xc9c], 0 -jne loc_fffc100a ; jne 0xfffc100a +jne loc_fffbefe5 ; jne 0xfffbefe5 -loc_fffc0e87: ; not directly referenced +loc_fffbee62: ; not directly referenced xor ebx, ebx -loc_fffc0e89: ; not directly referenced +loc_fffbee64: ; not directly referenced lea eax, [ebp - 0xbe8] xor edi, edi mov dword [ebp - 0xcb0], eax movzx eax, bl mov dword [ebp - 0xcd0], eax -loc_fffc0ea0: ; not directly referenced +loc_fffbee7b: ; not directly referenced mov eax, dword [ebp - 0xc88] bt eax, edi -jb loc_fffc1065 ; jb 0xfffc1065 +jb loc_fffbf040 ; jb 0xfffbf040 -loc_fffc0eaf: ; not directly referenced +loc_fffbee8a: ; not directly referenced inc edi add dword [ebp - 0xcb0], 0x24 cmp edi, 2 -jne short loc_fffc0ea0 ; jne 0xfffc0ea0 +jne short loc_fffbee7b ; jne 0xfffbee7b push eax mov ecx, dword [ebp - 0xc88] push eax @@ -44447,7 +42052,7 @@ push dword [ebp - 0xce4] push eax push eax mov eax, dword [ebp - 0xc7c] -call fcn_fffd13ed ; call 0xfffd13ed +call fcn_fffd16df ; call 0xfffd16df movzx eax, bl add esp, 0x20 mov dword [ebp - 0xce0], eax @@ -44455,45 +42060,45 @@ imul eax, eax, 0x12 mov dword [ebp - 0xcb0], 0 mov dword [ebp - 0xcfc], eax -loc_fffc0f12: ; not directly referenced +loc_fffbeeed: ; not directly referenced mov eax, dword [ebp - 0xc88] mov edi, dword [ebp - 0xcb0] bt eax, edi -jb loc_fffc10f7 ; jb 0xfffc10f7 +jb loc_fffbf0d2 ; jb 0xfffbf0d2 -loc_fffc0f27: ; not directly referenced +loc_fffbef02: ; not directly referenced inc dword [ebp - 0xcb0] cmp dword [ebp - 0xcb0], 2 -jne short loc_fffc0f12 ; jne 0xfffc0f12 +jne short loc_fffbeeed ; jne 0xfffbeeed cmp byte [ebp - 0xc99], 0 mov al, 7 cmove ebx, eax inc ebx cmp bl, 6 -jbe loc_fffc0e89 ; jbe 0xfffc0e89 +jbe loc_fffbee64 ; jbe 0xfffbee64 mov eax, dword [ebp - 0xc7c] xor esi, esi -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0xcb0], eax mov eax, dword [ebp - 0xcc8] mov dword [ebp - 0xcb8], eax imul eax, dword [ebp - 0xc80], 9 mov dword [ebp - 0xcd4], eax -loc_fffc0f78: ; not directly referenced +loc_fffbef53: ; not directly referenced mov eax, dword [ebp - 0xc88] bt eax, esi -jae short loc_fffc0fcb ; jae 0xfffc0fcb +jae short loc_fffbefa6 ; jae 0xfffbefa6 mov eax, dword [ebp - 0xcb0] add eax, dword [ebp - 0xcd4] mov byte [ebp - 0xca4], 0 mov dword [ebp - 0xcd0], eax -loc_fffc0f9c: ; not directly referenced +loc_fffbef77: ; not directly referenced mov eax, dword [ebp - 0xc7c] -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] cmp byte [ebp - 0xca4], al -jb loc_fffc1253 ; jb 0xfffc1253 +jb loc_fffbf22e ; jb 0xfffbf22e push edx push 0 push eax @@ -44502,64 +42107,64 @@ push dword [ebp - 0xcb8] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc0fcb: ; not directly referenced +loc_fffbefa6: ; not directly referenced inc esi add dword [ebp - 0xcb8], 0xcc add dword [ebp - 0xcb0], 0x13c3 cmp esi, 2 -jne short loc_fffc0f78 ; jne 0xfffc0f78 +jne short loc_fffbef53 ; jne 0xfffbef53 inc dword [ebp - 0xcac] -loc_fffc0feb: ; not directly referenced +loc_fffbefc6: ; not directly referenced mov ebx, dword [ebp - 0xcac] mov al, byte [ebp - 0xced] mov byte [ebp - 0xccc], bl cmp bl, al -jb loc_fffc0e7a ; jb 0xfffc0e7a -jmp near loc_fffc13ab ; jmp 0xfffc13ab +jb loc_fffbee55 ; jb 0xfffbee55 +jmp near loc_fffbf386 ; jmp 0xfffbf386 -loc_fffc100a: ; not directly referenced +loc_fffbefe5: ; not directly referenced test byte [ebp - 0xc98], 1 -je short loc_fffc1033 ; je 0xfffc1033 +je short loc_fffbf00e ; je 0xfffbf00e mov cl, byte [ebp - 0xcac] mov eax, 0x55 mov edx, 0x409a shl eax, cl movzx ecx, al mov eax, dword [ebp - 0xc7c] -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc1033: ; not directly referenced +loc_fffbf00e: ; not directly referenced cmp dword [ebp - 0xca8], 0 -je loc_fffc0e87 ; je 0xfffc0e87 +je loc_fffbee62 ; je 0xfffbee62 mov cl, byte [ebp - 0xcac] mov eax, 0x55 mov edx, 0x449a shl eax, cl movzx ecx, al mov eax, dword [ebp - 0xc7c] -call fcn_fffae566 ; call 0xfffae566 -jmp near loc_fffc0e87 ; jmp 0xfffc0e87 +call fcn_fffb335b ; call 0xfffb335b +jmp near loc_fffbee62 ; jmp 0xfffbee62 -loc_fffc1065: ; not directly referenced +loc_fffbf040: ; not directly referenced mov eax, dword [ebp - 0xc88] lea ecx, [edi + 1] mov byte [ebp - 0xca4], 1 sar eax, cl cmp byte [ebp - 0xca0], 4 mov dword [ebp - 0xcb8], eax -jne short loc_fffc1098 ; jne 0xfffc1098 +jne short loc_fffbf073 ; jne 0xfffbf073 mov eax, dword [ebp - 0xc7c] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0xca4], al -loc_fffc1098: ; not directly referenced +loc_fffbf073: ; not directly referenced xor esi, esi -loc_fffc109a: ; not directly referenced +loc_fffbf075: ; not directly referenced mov eax, esi cmp byte [ebp - 0xca4], al -jbe loc_fffc0eaf ; jbe 0xfffc0eaf +jbe loc_fffbee8a ; jbe 0xfffbee8a push 0 mov eax, dword [ebp - 0xcb0] push dword [ebp - 0xcb8] @@ -44580,11 +42185,11 @@ idiv ecx push eax push dword [ebp - 0xcb4] push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -jmp short loc_fffc109a ; jmp 0xfffc109a +jmp short loc_fffbf075 ; jmp 0xfffbf075 -loc_fffc10f7: ; not directly referenced +loc_fffbf0d2: ; not directly referenced imul eax, dword [ebp - 0xcb0], 9 mov byte [ebp - 0xcb8], 0 mov dword [ebp - 0xca4], eax @@ -44592,11 +42197,11 @@ mov eax, dword [ebp - 0xcfc] add eax, dword [ebp - 0xca4] mov dword [ebp - 0xcf8], eax -loc_fffc111d: ; not directly referenced +loc_fffbf0f8: ; not directly referenced mov edx, dword [ebp - 0xc7c] mov al, byte [ebp - 0xcb8] -cmp al, byte [edx + 0x2488] -jae loc_fffc0f27 ; jae 0xfffc0f27 +cmp al, byte [edx + 0x2489] +jae loc_fffbef02 ; jae 0xfffbef02 mov eax, dword [ebp - 0xcc4] mov edi, dword [ebp - 0xca4] movzx ecx, byte [ebp - 0xcb8] @@ -44612,7 +42217,7 @@ mov edx, eax sub edx, esi mov dword [ebp - 0xcf4], edx test bl, bl -jne short loc_fffc119a ; jne 0xfffc119a +jne short loc_fffbf175 ; jne 0xfffbf175 add eax, dword [ebp - 0xcd4] xor edx, edx lea esi, [edi + ecx] @@ -44621,7 +42226,7 @@ mov dword [ebp + esi*4 - 0xb10], 0 div edi mov dword [ebp + esi*4 - 0xb58], eax -loc_fffc119a: ; not directly referenced +loc_fffbf175: ; not directly referenced mov eax, dword [ebp - 0xca4] lea esi, [eax + ecx] mov eax, dword [ebp - 0xce0] @@ -44641,11 +42246,11 @@ mov dword [ebp + edx*8 - 0x888], esi mov esi, dword [ebp - 0xcd0] mov esi, dword [esi + 4] mov dword [ebp + edx*8 - 0x884], esi -jns short loc_fffc1248 ; jns 0xfffc1248 +jns short loc_fffbf223 ; jns 0xfffbf223 cmp bl, 6 -je short loc_fffc1248 ; je 0xfffc1248 +je short loc_fffbf223 ; je 0xfffbf223 cmp dword [ebp + eax*4 - 0xc00], 0 -jle short loc_fffc1248 ; jle 0xfffc1248 +jle short loc_fffbf223 ; jle 0xfffbf223 mov eax, dword [ebp - 0xcc4] mov edx, dword [ebp - 0xca4] mov esi, dword [ebp + edi*8 - 0x888] @@ -44657,11 +42262,11 @@ mov ecx, dword [ebp - 0xcd0] mov eax, dword [ebp + edi*8 - 0x884] mov dword [ecx + 4], eax -loc_fffc1248: ; not directly referenced +loc_fffbf223: ; not directly referenced inc byte [ebp - 0xcb8] -jmp near loc_fffc111d ; jmp 0xfffc111d +jmp near loc_fffbf0f8 ; jmp 0xfffbf0f8 -loc_fffc1253: ; not directly referenced +loc_fffbf22e: ; not directly referenced movzx ebx, byte [ebp - 0xca4] lea ecx, [esi + esi*8] mov edi, dword [ebp - 0xcdc] @@ -44670,7 +42275,7 @@ add ecx, ebx imul edi, dword [ebp + ecx*4 - 0xb58] imul eax, dword [ebp + ecx*4 - 0xba0] add edi, eax -je loc_fffc19a2 ; je 0xfffc19a2 +je loc_fffbf97d ; je 0xfffbf97d mov edx, dword [ebp + ecx*4 - 0xb10] mov eax, edx sar eax, 0x1f @@ -44685,19 +42290,19 @@ idiv edi cmp byte [ebp - 0xc9a], 1 mov edi, eax mov dword [ebp + ecx*4 - 0xb10], eax -jne short loc_fffc1310 ; jne 0xfffc1310 +jne short loc_fffbf2eb ; jne 0xfffbf2eb cmp byte [ebp - 0xccc], 0 -jne short loc_fffc12cb ; jne 0xfffc12cb +jne short loc_fffbf2a6 ; jne 0xfffbf2a6 mov ecx, dword [ebp - 0xcd0] add byte [ebx + ecx + 0x104a], al -loc_fffc12cb: ; not directly referenced +loc_fffbf2a6: ; not directly referenced cmp byte [ebp - 0xccc], 1 sete dl cmp byte [ebp - 0xc9c], 0 sete al or dl, al -je short loc_fffc1345 ; je 0xfffc1345 +je short loc_fffbf320 ; je 0xfffbf320 mov edx, dword [ebp - 0xcd0] mov eax, edi mov ecx, dword [ebp - 0xc80] @@ -44708,10 +42313,10 @@ mov eax, dword [ebp - 0xc7c] push 0 push 0xff push ebx -call fcn_fffa7499 ; call 0xfffa7499 -jmp short loc_fffc1342 ; jmp 0xfffc1342 +call fcn_fffa7447 ; call 0xfffa7447 +jmp short loc_fffbf31d ; jmp 0xfffbf31d -loc_fffc1310: ; not directly referenced +loc_fffbf2eb: ; not directly referenced mov eax, dword [ebp - 0xcd4] mov edx, esi mov ecx, dword [ebp - 0xcb0] @@ -44723,17 +42328,17 @@ mov ecx, dword [ebp - 0xc80] push 0 push 0xff push ebx -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e -loc_fffc1342: ; not directly referenced +loc_fffbf31d: ; not directly referenced add esp, 0x10 -loc_fffc1345: ; not directly referenced +loc_fffbf320: ; not directly referenced imul edi, edi, 0xa xor ecx, ecx lea edx, [esi + esi*8] -loc_fffc134d: ; not directly referenced +loc_fffbf328: ; not directly referenced movzx eax, cl imul eax, eax, 0x12 add eax, edx @@ -44745,7 +42350,7 @@ cmp byte [ebp - 0xc99], 0 cmove ecx, eax inc ecx cmp cl, 6 -jbe short loc_fffc134d ; jbe 0xfffc134d +jbe short loc_fffbf328 ; jbe 0xfffbf328 lea ecx, [esi + esi*8] mov edi, dword [ebp - 0xcbc] lea eax, [ecx + ebx] @@ -44756,34 +42361,34 @@ add ebx, ecx mov dword [edi + ebx*8], edx mov eax, dword [ebp + eax*8 - 0x884] mov dword [edi + ebx*8 + 4], eax -jmp near loc_fffc0f9c ; jmp 0xfffc0f9c +jmp near loc_fffbef77 ; jmp 0xfffbef77 -loc_fffc13ab: ; not directly referenced +loc_fffbf386: ; not directly referenced cmp byte [ebp - 0xcee], 0 -je loc_fffc0cba ; je 0xfffc0cba +je loc_fffbec95 ; je 0xfffbec95 cmp byte [ebp - 0xc99], 0 -jne short loc_fffc140e ; jne 0xfffc140e +jne short loc_fffbf3e9 ; jne 0xfffbf3e9 -loc_fffc13c1: ; not directly referenced +loc_fffbf39c: ; not directly referenced mov eax, dword [ebp - 0xc98] and eax, 1 mov dword [ebp - 0xcb0], eax -je short loc_fffc13e7 ; je 0xfffc13e7 +je short loc_fffbf3c2 ; je 0xfffbf3c2 mov eax, dword [ebp - 0xc7c] mov ecx, 0xffff3001 mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc13e7: ; not directly referenced +loc_fffbf3c2: ; not directly referenced cmp dword [ebp - 0xca8], 0 -je loc_fffc1493 ; je 0xfffc1493 +je loc_fffbf46e ; je 0xfffbf46e mov eax, dword [ebp - 0xc7c] mov ecx, 0xffff3001 mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc1493 ; jmp 0xfffc1493 +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbf46e ; jmp 0xfffbf46e -loc_fffc140e: ; not directly referenced +loc_fffbf3e9: ; not directly referenced sub esp, 0xc mov ecx, dword [ebp - 0xc80] lea eax, [ebp - 0xc68] @@ -44797,14 +42402,14 @@ lea eax, [ebp - 0xc71] push eax mov eax, dword [ebp - 0xc7c] push dword [ebp - 0xcb4] -call fcn_fffc0855 ; call 0xfffc0855 +call fcn_fffbe830 ; call 0xfffbe830 add esp, 0x20 test eax, eax -je loc_fffc13c1 ; je 0xfffc13c1 +je loc_fffbf39c ; je 0xfffbf39c push edi mov edi, dword [ebp - 0xc7c] push 0x18 -movzx eax, byte [edi + 0x2488] +movzx eax, byte [edi + 0x2489] push eax push ebx mov ebx, dword [ebp - 0xc84] @@ -44812,21 +42417,21 @@ mov eax, ebx call dword [eax + 0x64] ; ucall add esp, 0xc push 0x18 -movzx eax, byte [edi + 0x2488] +movzx eax, byte [edi + 0x2489] push eax lea eax, [ebp - 0xbc4] push eax mov eax, ebx call dword [eax + 0x64] ; ucall add esp, 0x10 -jmp near loc_fffc13c1 ; jmp 0xfffc13c1 +jmp near loc_fffbf39c ; jmp 0xfffbf39c -loc_fffc1493: ; not directly referenced +loc_fffbf46e: ; not directly referenced movzx eax, byte [ebp - 0xc9b] mov byte [ebp - 0xc98], 0 mov dword [ebp - 0xcd0], eax -loc_fffc14a7: ; not directly referenced +loc_fffbf482: ; not directly referenced lea eax, [ebp - 0xbe8] xor ebx, ebx mov dword [ebp - 0xcac], eax @@ -44834,12 +42439,12 @@ movzx eax, byte [ebp - 0xc98] lea edi, [ebp - 0x498] mov dword [ebp - 0xcc4], eax -loc_fffc14c8: ; not directly referenced +loc_fffbf4a3: ; not directly referenced mov eax, dword [ebp - 0xc88] bt eax, ebx -jb loc_fffc1582 ; jb 0xfffc1582 +jb loc_fffbf55d ; jb 0xfffbf55d -loc_fffc14d7: ; not directly referenced +loc_fffbf4b2: ; not directly referenced mov eax, dword [ebp - 0xc84] inc ebx push esi @@ -44851,13 +42456,13 @@ call dword [eax + 0x64] ; ucall add esp, 0x10 add dword [ebp - 0xcac], 0x24 cmp ebx, 2 -jne short loc_fffc14c8 ; jne 0xfffc14c8 +jne short loc_fffbf4a3 ; jne 0xfffbf4a3 movzx eax, byte [ebp - 0xc98] mov ebx, dword [ebp - 0xc7c] mov edx, dword [ebp - 0xc88] mov dword [ebp - 0xcd4], eax imul eax, eax, 0x90 -mov byte [ebx + 0x248c], 1 +mov byte [ebx + 0x248d], 1 push ecx mov ecx, dword [ebp - 0xc80] push dword [ebp - 0xcd0] @@ -44866,7 +42471,7 @@ push eax lea eax, [ebp - 0x498] push eax mov eax, ebx -call fcn_fffbfaf9 ; call 0xfffbfaf9 +call fcn_fffbdad4 ; call 0xfffbdad4 lea eax, [ebp - 0xac8] add esp, 0x10 mov dword [ebp - 0xcac], eax @@ -44877,27 +42482,27 @@ lea eax, [ebp - 0xb58] mov dword [ebp - 0xcb8], eax lea eax, [ebp - 0x498] mov dword [ebp - 0xccc], eax -jmp near loc_fffc1640 ; jmp 0xfffc1640 +jmp near loc_fffbf61b ; jmp 0xfffbf61b -loc_fffc1582: ; not directly referenced +loc_fffbf55d: ; not directly referenced mov eax, dword [ebp - 0xc88] lea ecx, [ebx + 1] mov byte [ebp - 0xca4], 1 sar eax, cl cmp byte [ebp - 0xca0], 4 mov dword [ebp - 0xcb8], eax -jne short loc_fffc15b5 ; jne 0xfffc15b5 +jne short loc_fffbf590 ; jne 0xfffbf590 mov eax, dword [ebp - 0xc7c] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0xca4], al -loc_fffc15b5: ; not directly referenced +loc_fffbf590: ; not directly referenced xor esi, esi -loc_fffc15b7: ; not directly referenced +loc_fffbf592: ; not directly referenced mov eax, esi cmp byte [ebp - 0xca4], al -jbe loc_fffc14d7 ; jbe 0xfffc14d7 +jbe loc_fffbf4b2 ; jbe 0xfffbf4b2 push 0 mov eax, dword [ebp - 0xcac] mov ecx, 0x18 @@ -44918,34 +42523,34 @@ idiv ecx push eax push dword [ebp - 0xcb4] push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -jmp short loc_fffc15b7 ; jmp 0xfffc15b7 +jmp short loc_fffbf592 ; jmp 0xfffbf592 -loc_fffc1614: ; not directly referenced +loc_fffbf5ef: ; not directly referenced inc ebx add dword [ebp - 0xcac], 0x120 add dword [ebp - 0xccc], 0x240 add dword [ebp - 0xcc4], 0x24 add dword [ebp - 0xcb8], 0x24 cmp ebx, 2 -je loc_fffc16f0 ; je 0xfffc16f0 +je loc_fffbf6cb ; je 0xfffbf6cb -loc_fffc1640: ; not directly referenced +loc_fffbf61b: ; not directly referenced mov eax, dword [ebp - 0xc88] bt eax, ebx -jae short loc_fffc1614 ; jae 0xfffc1614 +jae short loc_fffbf5ef ; jae 0xfffbf5ef mov eax, dword [ebp - 0xc7c] xor edx, edx mov esi, dword [ebp - 0xccc] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0xce0], al mov eax, dword [ebp - 0xcac] mov dword [ebp - 0xca4], eax -loc_fffc1671: ; not directly referenced +loc_fffbf64c: ; not directly referenced cmp byte [ebp - 0xce0], dl -jbe short loc_fffc1614 ; jbe 0xfffc1614 +jbe short loc_fffbf5ef ; jbe 0xfffbf5ef mov eax, dword [ebp - 0xcb8] mov edi, dword [ebp - 0xcd4] mov ecx, dword [eax + edx*4] @@ -44957,28 +42562,28 @@ add eax, ecx mov dword [ebp - 0xcf4], eax xor eax, eax -loc_fffc16ab: ; not directly referenced +loc_fffbf686: ; not directly referenced mov edi, dword [esi + eax*2 + 4] add edi, dword [esi + eax*2] sub edi, 0x10 cmp byte [ebp - 0xc98], 0 -jne short loc_fffc16cb ; jne 0xfffc16cb +jne short loc_fffbf6a6 ; jne 0xfffbf6a6 mov ecx, dword [ebp - 0xca4] mov dword [ecx + eax], 0 -loc_fffc16cb: ; not directly referenced +loc_fffbf6a6: ; not directly referenced mov ecx, dword [ebp - 0xca4] imul edi, dword [ebp - 0xcf4] add dword [ecx + eax], edi add eax, 4 cmp eax, 0x20 -jne short loc_fffc16ab ; jne 0xfffc16ab +jne short loc_fffbf686 ; jne 0xfffbf686 inc edx add esi, 0x40 add dword [ebp - 0xca4], 0x20 -jmp short loc_fffc1671 ; jmp 0xfffc1671 +jmp short loc_fffbf64c ; jmp 0xfffbf64c -loc_fffc16f0: ; not directly referenced +loc_fffbf6cb: ; not directly referenced mov bl, byte [ebp - 0xc98] mov al, 7 cmp byte [ebp - 0xc99], 0 @@ -44986,37 +42591,37 @@ cmove ebx, eax mov byte [ebp - 0xc98], bl inc byte [ebp - 0xc98] cmp byte [ebp - 0xc98], 6 -jbe loc_fffc14a7 ; jbe 0xfffc14a7 +jbe loc_fffbf482 ; jbe 0xfffbf482 mov eax, dword [ebp - 0xc7c] xor edi, edi mov ebx, dword [ebp - 0xcc8] mov dword [ebp - 0xcac], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0xcb8], eax imul eax, dword [ebp - 0xc80], 0xd8 mov dword [ebp - 0xcc4], ebx add eax, 0x282 mov dword [ebp - 0xcf4], eax -loc_fffc1759: ; not directly referenced +loc_fffbf734: ; not directly referenced mov eax, dword [ebp - 0xc88] bt eax, edi -jae loc_fffc18f5 ; jae 0xfffc18f5 +jae loc_fffbf8d0 ; jae 0xfffbf8d0 mov eax, dword [ebp - 0xc7c] mov edx, edi mov ecx, 0xffff0001 shl edx, 0xa add edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea eax, [edi + edi*8] mov byte [ebp - 0xc98], 0 mov dword [ebp - 0xce0], eax -loc_fffc1793: ; not directly referenced +loc_fffbf76e: ; not directly referenced mov eax, dword [ebp - 0xc7c] -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] cmp byte [ebp - 0xc98], al -jae loc_fffc18df ; jae 0xfffc18df +jae loc_fffbf8ba ; jae 0xfffbf8ba movzx eax, byte [ebp - 0xc98] mov edx, dword [ebp - 0xcdc] mov ebx, dword [ebp - 0xcd8] @@ -45043,7 +42648,7 @@ shl esi, 5 lea eax, [ebp - 0xac8] add esi, eax -loc_fffc1825: ; not directly referenced +loc_fffbf800: ; not directly referenced mov edx, dword [esi + ecx] mov eax, edx sar eax, 0x1f @@ -45054,44 +42659,44 @@ add eax, edx cdq idiv dword [ebp - 0xcd4] cmp byte [ebp - 0xc9a], 1 -jne short loc_fffc1851 ; jne 0xfffc1851 +jne short loc_fffbf82c ; jne 0xfffbf82c movzx edx, byte [ebx] -jmp short loc_fffc1858 ; jmp 0xfffc1858 +jmp short loc_fffbf833 ; jmp 0xfffbf833 -loc_fffc1851: ; not directly referenced +loc_fffbf82c: ; not directly referenced movzx edx, byte [ebx + 0x360] -loc_fffc1858: ; not directly referenced +loc_fffbf833: ; not directly referenced add eax, edx cmp eax, 0xf -jle short loc_fffc1868 ; jle 0xfffc1868 +jle short loc_fffbf843 ; jle 0xfffbf843 mov dword [esi + ecx], 0xf -jmp short loc_fffc1875 ; jmp 0xfffc1875 +jmp short loc_fffbf850 ; jmp 0xfffbf850 -loc_fffc1868: ; not directly referenced +loc_fffbf843: ; not directly referenced test eax, eax mov edx, 0 cmovs eax, edx mov dword [esi + ecx], eax -loc_fffc1875: ; not directly referenced +loc_fffbf850: ; not directly referenced cmp byte [ebp - 0xc9a], 1 mov eax, dword [esi + ecx] -jne short loc_fffc1885 ; jne 0xfffc1885 +jne short loc_fffbf860 ; jne 0xfffbf860 mov byte [ebx], al -jmp short loc_fffc188b ; jmp 0xfffc188b +jmp short loc_fffbf866 ; jmp 0xfffbf866 -loc_fffc1885: ; not directly referenced +loc_fffbf860: ; not directly referenced mov byte [ebx + 0x360], al -loc_fffc188b: ; not directly referenced +loc_fffbf866: ; not directly referenced mov eax, dword [esi + ecx] add ebx, 3 shl eax, cl add ecx, 4 or dword [ebp - 0xca4], eax cmp ecx, 0x20 -jne short loc_fffc1825 ; jne 0xfffc1825 +jne short loc_fffbf800 ; jne 0xfffbf800 push 0 push 0 push 0 @@ -45104,12 +42709,12 @@ push 0 push dword [ebp - 0xca4] push dword [ebp - 0xcd0] push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 inc byte [ebp - 0xc98] -jmp near loc_fffc1793 ; jmp 0xfffc1793 +jmp near loc_fffbf76e ; jmp 0xfffbf76e -loc_fffc18df: ; not directly referenced +loc_fffbf8ba: ; not directly referenced push edx push 0 push eax @@ -45118,53 +42723,53 @@ push dword [ebp - 0xcc4] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc18f5: ; not directly referenced +loc_fffbf8d0: ; not directly referenced inc edi add dword [ebp - 0xcc4], 0xcc add dword [ebp - 0xcac], 9 add dword [ebp - 0xcb8], 0x13c3 cmp edi, 2 -jne loc_fffc1759 ; jne 0xfffc1759 +jne loc_fffbf734 ; jne 0xfffbf734 cmp dword [ebp - 0xcb0], 0 -je short loc_fffc1938 ; je 0xfffc1938 +je short loc_fffbf913 ; je 0xfffbf913 mov eax, dword [ebp - 0xc7c] mov ecx, 0xffff3001 mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc1938: ; not directly referenced +loc_fffbf913: ; not directly referenced cmp dword [ebp - 0xca8], 0 -je short loc_fffc1956 ; je 0xfffc1956 +je short loc_fffbf931 ; je 0xfffbf931 mov eax, dword [ebp - 0xc7c] mov ecx, 0xffff3001 mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc1956: ; not directly referenced +loc_fffbf931: ; not directly referenced cmp dword [ebp - 0xcb0], 0 -je short loc_fffc1974 ; je 0xfffc1974 +je short loc_fffbf94f ; je 0xfffbf94f mov eax, dword [ebp - 0xc7c] mov ecx, 0xffff0001 mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc1974: ; not directly referenced +loc_fffbf94f: ; not directly referenced cmp dword [ebp - 0xca8], 0 -je loc_fffc0cba ; je 0xfffc0cba +je loc_fffbec95 ; je 0xfffbec95 mov eax, dword [ebp - 0xc7c] mov ecx, 0xffff0001 mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc0cba ; jmp 0xfffc0cba +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbec95 ; jmp 0xfffbec95 -loc_fffc199b: ; not directly referenced +loc_fffbf976: ; not directly referenced mov eax, 2 -jmp short loc_fffc19a7 ; jmp 0xfffc19a7 +jmp short loc_fffbf982 ; jmp 0xfffbf982 -loc_fffc19a2: ; not directly referenced +loc_fffbf97d: ; not directly referenced mov eax, 1 -loc_fffc19a7: ; not directly referenced +loc_fffbf982: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -45172,14 +42777,14 @@ pop edi pop ebp ret -fcn_fffc19af: ; not directly referenced +fcn_fffbf98a: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x1040 -mov edi, dword [eax + 0x5edc] +mov edi, dword [eax + 0x5edd] mov dword [ebp - 0x101c], edx mov dl, byte [ebp + 0x10] mov dword [ebp - 0xffc], eax @@ -45188,7 +42793,7 @@ mov dword [ebp - 0x1000], ecx mov ebx, dword [ebp + 0xc] mov byte [ebp - 0xff7], 0 mov byte [ebp - 0x1008], dl -mov edx, dword [eax + 0x2443] +mov edx, dword [eax + 0x2444] mov eax, dword [eax + 0x188b] push 0 push 0x10 @@ -45207,23 +42812,23 @@ mov ecx, dword [ebp - 0x1000] add esp, 0x10 xor eax, eax -loc_fffc1a43: ; not directly referenced +loc_fffbfa1e: ; not directly referenced mov byte [ebp + eax - 0xff1], al inc eax cmp eax, 9 -jne short loc_fffc1a43 ; jne 0xfffc1a43 +jne short loc_fffbfa1e ; jne 0xfffbfa1e mov eax, dword [ebp - 0xffc] sub esp, 0xc movzx edx, cl push 2 mov ecx, 0xf -call fcn_fffb26ca ; call 0xfffb26ca +call fcn_fffae9e2 ; call 0xfffae9e2 add esp, 0x10 xor eax, eax mov byte [ebp - 0x1004], 0 mov dl, 3 -loc_fffc1a76: ; not directly referenced +loc_fffbfa51: ; not directly referenced movzx ecx, al mov cl, byte [ebp + ecx - 0xff4] add byte [ebp - 0x1004], cl @@ -45231,7 +42836,7 @@ cmp byte [ebp - 0x1008], 0 cmove eax, edx inc eax cmp al, 2 -jbe short loc_fffc1a76 ; jbe 0xfffc1a76 +jbe short loc_fffbfa51 ; jbe 0xfffbfa51 mov esi, dword [ebp - 0x1004] mov eax, esi test al, al @@ -45240,7 +42845,7 @@ cmove esi, eax dec bl mov eax, esi mov byte [ebp - 0x1004], al -jne short loc_fffc1ad7 ; jne 0xfffc1ad7 +jne short loc_fffbfab2 ; jne 0xfffbfab2 push 1 push 0 push 1 @@ -45253,52 +42858,52 @@ push 0 push 0x88888888 push 0xa push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -loc_fffc1ad7: ; not directly referenced +loc_fffbfab2: ; not directly referenced mov eax, dword [ebp - 0xffc] xor ebx, ebx mov byte [ebp - 0x1000], 0 -lea esi, [eax + 0x381a] +lea esi, [eax + 0x381b] lea eax, [edi + 0x70] mov dword [ebp - 0x1028], eax mov edi, eax -loc_fffc1af7: ; not directly referenced +loc_fffbfad2: ; not directly referenced movzx ecx, byte [esi] mov edx, ebx mov eax, dword [ebp - 0xffc] -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 or byte [ebp - 0x1000], al cmp dword [esi - 0xc4], 2 -jne short loc_fffc1b34 ; jne 0xfffc1b34 +jne short loc_fffbfb0f ; jne 0xfffbfb0f mov eax, dword [ebp - 0xffc] push ecx push 0 -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] push eax mov eax, dword [ebp - 0x1010] push edi call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc1b34: ; not directly referenced +loc_fffbfb0f: ; not directly referenced inc ebx add esi, 0x13c3 add edi, 0xcc cmp ebx, 2 -jne short loc_fffc1af7 ; jne 0xfffc1af7 +jne short loc_fffbfad2 ; jne 0xfffbfad2 mov eax, dword [ebp - 0xffc] mov ecx, 1 push edx push edx push 0xf -lea edi, [eax + 0x2490] +lea edi, [eax + 0x2491] push 0 mov edx, edi mov dword [ebp - 0x1014], edi -call fcn_fffa7e6c ; call 0xfffa7e6c +call fcn_fffa7e1a ; call 0xfffa7e1a movzx eax, byte [ebp - 0x1000] lea ecx, [ebp - 0xfd8] mov esi, dword [ebp - 0x101c] @@ -45306,20 +42911,20 @@ add esp, 0x10 mov dword [ebp - 0x100c], 0 mov dword [ebp - 0x1000], eax -loc_fffc1b90: ; not directly referenced +loc_fffbfb6b: ; not directly referenced mov eax, dword [ebp - 0x1000] mov edi, dword [ebp - 0x100c] bt eax, edi -jae short loc_fffc1bf5 ; jae 0xfffc1bf5 +jae short loc_fffbfbd0 ; jae 0xfffbfbd0 mov eax, dword [ebp - 0xffc] xor edi, edi -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x1018], al -jmp short loc_fffc1beb ; jmp 0xfffc1beb +jmp short loc_fffbfbc6 ; jmp 0xfffbfbc6 -loc_fffc1bb7: ; not directly referenced +loc_fffbfb92: ; not directly referenced cmp byte [ebp - 0x1008], 0 -je short loc_fffc1c2d ; je 0xfffc1c2d +je short loc_fffbfc08 ; je 0xfffbfc08 mov eax, dword [esi + edi*8 + 0x244] mov ebx, 0x14 xor edx, edx @@ -45327,27 +42932,27 @@ add eax, dword [esi + edi*8 + 0x240] div ebx mov dword [ecx + edi*4], eax -loc_fffc1bda: ; not directly referenced +loc_fffbfbb5: ; not directly referenced mov eax, dword [ecx + edi*4] dec eax cmp eax, 0xb -jbe short loc_fffc1bea ; jbe 0xfffc1bea +jbe short loc_fffbfbc5 ; jbe 0xfffbfbc5 mov dword [ecx + edi*4], 0xc -loc_fffc1bea: ; not directly referenced +loc_fffbfbc5: ; not directly referenced inc edi -loc_fffc1beb: ; not directly referenced +loc_fffbfbc6: ; not directly referenced mov eax, edi cmp byte [ebp - 0x1018], al -ja short loc_fffc1bb7 ; ja 0xfffc1bb7 +ja short loc_fffbfb92 ; ja 0xfffbfb92 -loc_fffc1bf5: ; not directly referenced +loc_fffbfbd0: ; not directly referenced inc dword [ebp - 0x100c] add ecx, 0x24 add esi, 0x48 cmp dword [ebp - 0x100c], 2 -jne short loc_fffc1b90 ; jne 0xfffc1b90 +jne short loc_fffbfb6b ; jne 0xfffbfb6b push eax mov edx, dword [ebp - 0x1014] mov ecx, 4 @@ -45356,32 +42961,32 @@ mov eax, dword [ebp - 0xffc] xor edi, edi push 0xf push 0 -call fcn_fffa7e6c ; call 0xfffa7e6c +call fcn_fffa7e1a ; call 0xfffa7e1a add esp, 0x10 -jmp short loc_fffc1c36 ; jmp 0xfffc1c36 +jmp short loc_fffbfc11 ; jmp 0xfffbfc11 -loc_fffc1c2d: ; not directly referenced +loc_fffbfc08: ; not directly referenced mov dword [ecx + edi*4], 1 -jmp short loc_fffc1bda ; jmp 0xfffc1bda +jmp short loc_fffbfbb5 ; jmp 0xfffbfbb5 -loc_fffc1c36: ; not directly referenced +loc_fffbfc11: ; not directly referenced mov eax, edi xor ebx, ebx movzx esi, al -loc_fffc1c3d: ; not directly referenced +loc_fffbfc18: ; not directly referenced mov eax, dword [ebp - 0x1000] bt eax, ebx -jae short loc_fffc1c55 ; jae 0xfffc1c55 +jae short loc_fffbfc30 ; jae 0xfffbfc30 lea eax, [ebx + ebx*8] xor ecx, ecx mov dword [ebp - 0x100c], eax -jmp short loc_fffc1cc1 ; jmp 0xfffc1cc1 +jmp short loc_fffbfc9c ; jmp 0xfffbfc9c -loc_fffc1c55: ; not directly referenced +loc_fffbfc30: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffc1c3d ; jne 0xfffc1c3d +jne short loc_fffbfc18 ; jne 0xfffbfc18 push eax mov ecx, dword [ebp - 0x1000] push eax @@ -45395,7 +43000,7 @@ mov eax, dword [ebp - 0xffc] push 4 push 0xff push 0 -call fcn_fffd13ed ; call 0xfffd13ed +call fcn_fffd16df ; call 0xfffd16df mov eax, edi mov ebx, dword [ebp - 0x101c] movzx eax, al @@ -45406,12 +43011,12 @@ mov dword [ebp - 0x100c], ebx xor ebx, ebx mov dword [ebp - 0x1034], eax lea esi, [ebp + ecx - 0xf48] -jmp near loc_fffc1d55 ; jmp 0xfffc1d55 +jmp near loc_fffbfd30 ; jmp 0xfffbfd30 -loc_fffc1cc1: ; not directly referenced +loc_fffbfc9c: ; not directly referenced mov eax, dword [ebp - 0xffc] -cmp cl, byte [eax + 0x2488] -jae short loc_fffc1c55 ; jae 0xfffc1c55 +cmp cl, byte [eax + 0x2489] +jae short loc_fffbfc30 ; jae 0xfffbfc30 push 2 mov edx, dword [ebp - 0x100c] movzx eax, cl @@ -45433,37 +43038,37 @@ push 0 push eax push 1 push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov ecx, dword [ebp - 0x1018] add esp, 0x30 inc ecx -jmp short loc_fffc1cc1 ; jmp 0xfffc1cc1 +jmp short loc_fffbfc9c ; jmp 0xfffbfc9c -loc_fffc1d22: ; not directly referenced +loc_fffbfcfd: ; not directly referenced mov eax, dword [ebp - 0xffc] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x1030], al xor eax, eax -loc_fffc1d36: ; not directly referenced +loc_fffbfd11: ; not directly referenced cmp byte [ebp - 0x1030], al -ja short loc_fffc1d62 ; ja 0xfffc1d62 +ja short loc_fffbfd3d ; ja 0xfffbfd3d -loc_fffc1d3e: ; not directly referenced +loc_fffbfd19: ; not directly referenced inc ebx add edx, 0x24 add esi, 0x48 add dword [ebp - 0x100c], 0x48 cmp ebx, 2 -je loc_fffc1ddb ; je 0xfffc1ddb +je loc_fffbfdb6 ; je 0xfffbfdb6 -loc_fffc1d55: ; not directly referenced +loc_fffbfd30: ; not directly referenced mov eax, dword [ebp - 0x1000] bt eax, ebx -jb short loc_fffc1d22 ; jb 0xfffc1d22 -jmp short loc_fffc1d3e ; jmp 0xfffc1d3e +jb short loc_fffbfcfd ; jb 0xfffbfcfd +jmp short loc_fffbfd19 ; jmp 0xfffbfd19 -loc_fffc1d62: ; not directly referenced +loc_fffbfd3d: ; not directly referenced mov dword [ebp - 0x103c], edx mov edx, dword [ebp - 0x100c] mov ecx, dword [edx + eax*8 + 4] @@ -45475,10 +43080,10 @@ mov ecx, edi test cl, cl mov dword [ebp - 0x1020], edx mov edx, dword [ebp - 0x103c] -jne short loc_fffc1d9c ; jne 0xfffc1d9c +jne short loc_fffbfd77 ; jne 0xfffbfd77 mov dword [edx + eax*4], 0 -loc_fffc1d9c: ; not directly referenced +loc_fffbfd77: ; not directly referenced mov dword [ebp - 0x103c], eax mov eax, dword [ebp - 0x1034] movzx eax, byte [ebp + eax - 0xff4] @@ -45491,42 +43096,42 @@ mov dword [esi + eax*8], ecx mov ecx, dword [ebp - 0x1018] mov dword [esi + eax*8 + 4], ecx inc eax -jmp near loc_fffc1d36 ; jmp 0xfffc1d36 +jmp near loc_fffbfd11 ; jmp 0xfffbfd11 -loc_fffc1ddb: ; not directly referenced +loc_fffbfdb6: ; not directly referenced cmp byte [ebp - 0x1008], 0 mov al, 3 cmove edi, eax inc edi mov eax, edi cmp al, 2 -jbe loc_fffc1c36 ; jbe 0xfffc1c36 +jbe loc_fffbfc11 ; jbe 0xfffbfc11 movsx eax, byte [ebp - 0x1004] mov dword [ebp - 0x1004], 0 mov dword [ebp - 0x1018], eax imul eax, eax, 0x14 mov dword [ebp - 0x1030], eax mov eax, dword [ebp - 0xffc] -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x1034], eax mov dword [ebp - 0x1014], eax mov eax, dword [ebp - 0x1028] mov dword [ebp - 0x1024], eax -loc_fffc1e35: ; not directly referenced +loc_fffbfe10: ; not directly referenced mov eax, dword [ebp - 0x1000] mov ebx, dword [ebp - 0x1004] bt eax, ebx -jae loc_fffc1f9d ; jae 0xfffc1f9d +jae loc_fffbff78 ; jae 0xfffbff78 lea eax, [ebx + ebx*8] mov byte [ebp - 0x100c], 0 mov dword [ebp - 0x1020], eax -loc_fffc1e5a: ; not directly referenced +loc_fffbfe35: ; not directly referenced mov eax, dword [ebp - 0xffc] -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] cmp byte [ebp - 0x100c], al -jae loc_fffc1f62 ; jae 0xfffc1f62 +jae loc_fffbff3d ; jae 0xfffbff3d movzx ebx, byte [ebp - 0x100c] mov eax, dword [ebp - 0x1020] lea ecx, [eax + ebx] @@ -45548,13 +43153,13 @@ idiv ecx add byte [edi + ebx + 0x101d], al xor edi, edi -loc_fffc1ec4: ; not directly referenced +loc_fffbfe9f: ; not directly referenced mov edx, dword [ebp - 0x1014] mov eax, 1 mov ecx, edi shl eax, cl test byte [edx + 0xc4], al -je short loc_fffc1efa ; je 0xfffc1efa +je short loc_fffbfed5 ; je 0xfffbfed5 mov edx, dword [ebp - 0x1004] mov ecx, edi push eax @@ -45562,19 +43167,19 @@ mov eax, dword [ebp - 0xffc] push 0 push 0xff push ebx -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -loc_fffc1efa: ; not directly referenced +loc_fffbfed5: ; not directly referenced inc edi cmp edi, 4 -jne short loc_fffc1ec4 ; jne 0xfffc1ec4 +jne short loc_fffbfe9f ; jne 0xfffbfe9f imul edi, esi, 0xa xor ecx, ecx imul esi, esi, 0xfffffff6 mov dl, 3 -loc_fffc1f0a: ; not directly referenced +loc_fffbfee5: ; not directly referenced movzx eax, cl imul eax, eax, 0x12 add eax, dword [ebp - 0x1020] @@ -45585,7 +43190,7 @@ cmp byte [ebp - 0x1008], 0 cmove ecx, edx inc ecx cmp cl, 2 -jbe short loc_fffc1f0a ; jbe 0xfffc1f0a +jbe short loc_fffbfee5 ; jbe 0xfffbfee5 add ebx, dword [ebp - 0x1020] mov edi, dword [ebp - 0x101c] inc byte [ebp - 0x100c] @@ -45593,9 +43198,9 @@ mov eax, dword [ebp + ebx*8 - 0xf48] mov dword [edi + ebx*8], eax mov eax, dword [ebp + ebx*8 - 0xf44] mov dword [edi + ebx*8 + 4], eax -jmp near loc_fffc1e5a ; jmp 0xfffc1e5a +jmp near loc_fffbfe35 ; jmp 0xfffbfe35 -loc_fffc1f62: ; not directly referenced +loc_fffbff3d: ; not directly referenced push ebx push 0 push eax @@ -45610,15 +43215,15 @@ push 1 push 0 push 2 push 0 -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 -loc_fffc1f9d: ; not directly referenced +loc_fffbff78: ; not directly referenced inc dword [ebp - 0x1004] add dword [ebp - 0x1024], 0xcc add dword [ebp - 0x1014], 0x13c3 cmp dword [ebp - 0x1004], 2 -jne loc_fffc1e35 ; jne 0xfffc1e35 +jne loc_fffbfe10 ; jne 0xfffbfe10 cmp dword [ebp - 0x102c], 1 sete dl cmp byte [ebp - 0x1038], 0 @@ -45627,43 +43232,43 @@ mov al, cl and eax, edx xor eax, 1 test al, cl -je loc_fffc23fc ; je 0xfffc23fc +je loc_fffc03d7 ; je 0xfffc03d7 cmp dl, 1 sbb eax, eax mov dword [ebp - 0x100c], eax and byte [ebp - 0x100c], 0xfd add byte [ebp - 0x100c], 4 test byte [ebp - 0x1000], 1 -je short loc_fffc201e ; je 0xfffc201e +je short loc_fffbfff9 ; je 0xfffbfff9 mov eax, dword [ebp - 0xffc] mov ecx, 0xffff3001 mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc201e: ; not directly referenced +loc_fffbfff9: ; not directly referenced test byte [ebp - 0x1000], 2 -je short loc_fffc203c ; je 0xfffc203c +je short loc_fffc0017 ; je 0xfffc0017 mov eax, dword [ebp - 0xffc] mov ecx, 0xffff3001 mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc203c: ; not directly referenced +loc_fffc0017: ; not directly referenced mov byte [ebp - 0x1004], 0 -loc_fffc2043: ; not directly referenced +loc_fffc001e: ; not directly referenced movzx edi, byte [ebp - 0x1004] xor ebx, ebx -loc_fffc204c: ; not directly referenced +loc_fffc0027: ; not directly referenced mov eax, dword [ebp - 0x1000] bt eax, ebx -jb short loc_fffc208d ; jb 0xfffc208d +jb short loc_fffc0068 ; jb 0xfffc0068 -loc_fffc2057: ; not directly referenced +loc_fffc0032: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffc204c ; jne 0xfffc204c +jne short loc_fffc0027 ; jne 0xfffc0027 movzx eax, byte [ebp - 0x1004] lea ebx, [ebp - 0xf48] mov dword [ebp - 0x1014], 0 @@ -45671,18 +43276,18 @@ mov dword [ebp - 0x1030], eax imul eax, eax, 0x90 add eax, ebx mov dword [ebp - 0x1038], eax -jmp near loc_fffc215d ; jmp 0xfffc215d +jmp near loc_fffc0138 ; jmp 0xfffc0138 -loc_fffc208d: ; not directly referenced +loc_fffc0068: ; not directly referenced lea eax, [ebx + ebx*8] xor ecx, ecx mov dword [ebp - 0x1014], eax mov dword [ebp - 0x101c], eax -loc_fffc209e: ; not directly referenced +loc_fffc0079: ; not directly referenced mov eax, dword [ebp - 0xffc] -cmp cl, byte [eax + 0x2488] -jae short loc_fffc2057 ; jae 0xfffc2057 +cmp cl, byte [eax + 0x2489] +jae short loc_fffc0032 ; jae 0xfffc0032 mov eax, dword [ebp - 0x101c] movzx esi, cl mov dword [ebp - 0x1020], ecx @@ -45704,7 +43309,7 @@ push 0 push eax push 1 push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov ecx, dword [ebp - 0x1020] lea eax, [ebp - 0xd98] add esi, dword [ebp - 0x1014] @@ -45713,59 +43318,59 @@ shl esi, 6 add esi, eax xor eax, eax -loc_fffc2110: ; not directly referenced +loc_fffc00eb: ; not directly referenced mov dword [esi + eax + 4], 8 mov dword [esi + eax], 8 add eax, 8 cmp eax, 0x40 -jne short loc_fffc2110 ; jne 0xfffc2110 +jne short loc_fffc00eb ; jne 0xfffc00eb inc ecx -jmp near loc_fffc209e ; jmp 0xfffc209e +jmp near loc_fffc0079 ; jmp 0xfffc0079 -loc_fffc212d: ; not directly referenced +loc_fffc0108: ; not directly referenced mov eax, dword [ebp - 0x1000] bt eax, edx -jb short loc_fffc219d ; jb 0xfffc219d +jb short loc_fffc0178 ; jb 0xfffc0178 -loc_fffc2138: ; not directly referenced +loc_fffc0113: ; not directly referenced inc edx add dword [ebp - 0x101c], 0x24 cmp edx, 2 -jne short loc_fffc212d ; jne 0xfffc212d +jne short loc_fffc0108 ; jne 0xfffc0108 inc dword [ebp - 0x1014] mov al, byte [ebp - 0x1014] cmp byte [ebp - 0x100c], al -jbe loc_fffc2233 ; jbe 0xfffc2233 +jbe loc_fffc020e ; jbe 0xfffc020e -loc_fffc215d: ; not directly referenced +loc_fffc0138: ; not directly referenced mov eax, dword [ebp - 0xffc] lea esi, [ebp - 0xd98] mov edx, dword [ebp - 0x1000] -mov byte [eax + 0x248c], 1 +mov byte [eax + 0x248d], 1 push ecx push 0xa push dword [ebp - 0x1038] push esi mov esi, dword [ebp - 0x1014] mov ecx, esi -call fcn_fffbfaf9 ; call 0xfffbfaf9 +call fcn_fffbdad4 ; call 0xfffbdad4 lea eax, [esi + esi*8] add esp, 0x10 mov dword [ebp - 0x101c], eax xor edx, edx -jmp short loc_fffc212d ; jmp 0xfffc212d +jmp short loc_fffc0108 ; jmp 0xfffc0108 -loc_fffc219d: ; not directly referenced +loc_fffc0178: ; not directly referenced mov eax, dword [ebp - 0xffc] xor ecx, ecx -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x102c], al lea eax, [edx + edx*8] mov dword [ebp - 0x1020], eax -loc_fffc21ba: ; not directly referenced +loc_fffc0195: ; not directly referenced cmp cl, byte [ebp - 0x102c] -je loc_fffc2138 ; je 0xfffc2138 +je loc_fffc0113 ; je 0xfffc0113 mov eax, dword [ebp - 0x1030] movzx ebx, cl movzx eax, byte [ebp + eax - 0xff4] @@ -45781,24 +43386,24 @@ lea eax, [ebp - 0x918] add ebx, eax xor eax, eax -loc_fffc2204: ; not directly referenced +loc_fffc01df: ; not directly referenced mov esi, dword [edi + eax*2 + 4] add esi, dword [edi + eax*2] sub esi, 0x10 cmp byte [ebp - 0x1004], 0 -jne short loc_fffc221e ; jne 0xfffc221e +jne short loc_fffc01f9 ; jne 0xfffc01f9 mov dword [ebx + eax], 0 -loc_fffc221e: ; not directly referenced +loc_fffc01f9: ; not directly referenced imul esi, dword [ebp - 0x1024] add dword [ebx + eax], esi add eax, 4 cmp eax, 0x20 -jne short loc_fffc2204 ; jne 0xfffc2204 +jne short loc_fffc01df ; jne 0xfffc01df inc ecx -jmp short loc_fffc21ba ; jmp 0xfffc21ba +jmp short loc_fffc0195 ; jmp 0xfffc0195 -loc_fffc2233: ; not directly referenced +loc_fffc020e: ; not directly referenced mov bl, byte [ebp - 0x1004] mov al, 3 cmp byte [ebp - 0x1008], 0 @@ -45806,7 +43411,7 @@ cmove ebx, eax mov byte [ebp - 0x1004], bl inc byte [ebp - 0x1004] cmp byte [ebp - 0x1004], 2 -jbe loc_fffc2043 ; jbe 0xfffc2043 +jbe loc_fffc001e ; jbe 0xfffc001e mov edi, dword [ebp - 0x1018] mov eax, edi add eax, edi @@ -45817,26 +43422,26 @@ mov dword [ebp - 0x1008], eax mov eax, dword [ebp - 0x1028] mov dword [ebp - 0x1024], eax -loc_fffc2288: ; not directly referenced +loc_fffc0263: ; not directly referenced mov eax, dword [ebp - 0x1000] bt eax, edi -jae loc_fffc23de ; jae 0xfffc23de +jae loc_fffc03b9 ; jae 0xfffc03b9 imul eax, edi, 0x24 mov dword [ebp - 0x1004], 0 mov dword [ebp - 0x1020], eax -loc_fffc22aa: ; not directly referenced +loc_fffc0285: ; not directly referenced imul eax, dword [ebp - 0x1004], 0xd8 mov byte [ebp - 0x1014], 0 add eax, 0x942 mov dword [ebp - 0x1030], eax -loc_fffc22c6: ; not directly referenced +loc_fffc02a1: ; not directly referenced mov eax, dword [ebp - 0xffc] mov bl, byte [ebp - 0x1014] -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] cmp bl, al -jae loc_fffc23a9 ; jae 0xfffc23a9 +jae loc_fffc0384 ; jae 0xfffc0384 movzx eax, bl mov ebx, dword [ebp - 0x1020] xor ecx, ecx @@ -45850,7 +43455,7 @@ add ebx, edx mov dword [ebp - 0x101c], 0 mov dword [ebp - 0x1028], eax -loc_fffc2318: ; not directly referenced +loc_fffc02f3: ; not directly referenced mov edx, dword [ebx + ecx] mov eax, edx sar eax, 0x1f @@ -45863,17 +43468,17 @@ idiv dword [ebp - 0x102c] movzx edx, byte [esi] add eax, edx cmp eax, 0xf -jle short loc_fffc2349 ; jle 0xfffc2349 +jle short loc_fffc0324 ; jle 0xfffc0324 mov dword [ebx + ecx], 0xf -jmp short loc_fffc2356 ; jmp 0xfffc2356 +jmp short loc_fffc0331 ; jmp 0xfffc0331 -loc_fffc2349: ; not directly referenced +loc_fffc0324: ; not directly referenced test eax, eax mov edx, 0 cmovs eax, edx mov dword [ebx + ecx], eax -loc_fffc2356: ; not directly referenced +loc_fffc0331: ; not directly referenced mov eax, dword [ebx + ecx] add esi, 3 mov byte [esi - 3], al @@ -45881,7 +43486,7 @@ shl eax, cl add ecx, 4 or dword [ebp - 0x101c], eax cmp ecx, 0x20 -jne short loc_fffc2318 ; jne 0xfffc2318 +jne short loc_fffc02f3 ; jne 0xfffc02f3 push 2 push 0 push 0 @@ -45894,17 +43499,17 @@ push 0 push dword [ebp - 0x101c] push 0xa push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 inc byte [ebp - 0x1014] -jmp near loc_fffc22c6 ; jmp 0xfffc22c6 +jmp near loc_fffc02a1 ; jmp 0xfffc02a1 -loc_fffc23a9: ; not directly referenced +loc_fffc0384: ; not directly referenced inc dword [ebp - 0x1004] mov dl, byte [ebp - 0x1004] add dword [ebp - 0x1020], 9 cmp byte [ebp - 0x100c], dl -ja loc_fffc22aa ; ja 0xfffc22aa +ja loc_fffc0285 ; ja 0xfffc0285 push edx push 0 push eax @@ -45913,16 +43518,16 @@ push dword [ebp - 0x1024] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc23de: ; not directly referenced +loc_fffc03b9: ; not directly referenced inc edi add dword [ebp - 0x1024], 0xcc add dword [ebp - 0x1008], 0x13c3 cmp edi, 2 -jne loc_fffc2288 ; jne 0xfffc2288 +jne loc_fffc0263 ; jne 0xfffc0263 -loc_fffc23fc: ; not directly referenced +loc_fffc03d7: ; not directly referenced mov eax, dword [ebp - 0xffc] -mov byte [eax + 0x247a], 0 +mov byte [eax + 0x247b], 0 push 2 push 0 push 1 @@ -45935,7 +43540,7 @@ push 0 push 0 push 1 push eax -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 lea esp, [ebp - 0xc] pop ebx pop esi @@ -45943,42 +43548,2318 @@ pop edi pop ebp ret -fcn_fffc242d: ; not directly referenced +fcn_fffc0408: ; not directly referenced push ebp mov ebp, esp push esi push ebx mov ebx, dword [ebp + 8] push edx -movzx ecx, byte [ebx + 0x248e] -lea esi, [ebx + 0x2490] +movzx ecx, byte [ebx + 0x248f] +lea esi, [ebx + 0x2491] mov eax, ebx push 0 mov edx, esi push 1 push 1 -call fcn_fffc19af ; call 0xfffc19af +call fcn_fffbf98a ; call 0xfffbf98a add esp, 0x10 test eax, eax -jne short loc_fffc2473 ; jne 0xfffc2473 +jne short loc_fffc044e ; jne 0xfffc044e push eax -movzx ecx, byte [ebx + 0x248e] +movzx ecx, byte [ebx + 0x248f] mov edx, esi push 1 mov eax, ebx push 0 push 0 -call fcn_fffc19af ; call 0xfffc19af +call fcn_fffbf98a ; call 0xfffbf98a add esp, 0x10 -loc_fffc2473: ; not directly referenced +loc_fffc044e: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_fffc247a: ; not directly referenced +fcn_fffc0455: ; not directly referenced +push ebp +mov ecx, 0xa +mov ebp, esp +push edi +push esi +mov esi, ref_fffd5410 ; mov esi, 0xfffd5410 +push ebx +sub esp, 0x6c +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x60] +mov byte [ebp - 0x67], 4 +mov byte [ebp - 0x66], 1 +mov eax, dword [ebx + 0x1887] +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +cmp eax, 0x306d0 +sete dl +cmp eax, 0x40650 +sete al +or dl, al +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +je loc_fffc0540 ; je 0xfffc0540 +mov cl, 1 +mov edx, 4 +mov eax, ebx +mov esi, 4 +call fcn_fffaab72 ; call 0xfffaab72 +mov edx, dword [ebp - 0x60] +mov ecx, 1 +cmp ax, dx +cmovae edx, eax +mov eax, ebx +mov word [ebp - 0x60], dx +mov edx, 1 +call fcn_fffaab72 ; call 0xfffaab72 +mov dx, word [ebp - 0x5e] +mov byte [ebp - 0x69], 1 +cmp ax, dx +cmovae edx, eax +cmp dword [ebx + 0x188b], 1 +mov word [ebp - 0x5e], dx +sete al +lea eax, [eax + eax*4 + 7] +movsx edi, al + +loc_fffc04fe: ; not directly referenced +mov al, byte [ebp - 0x69] +test byte [ebx + 0x248e], al +je short loc_fffc053a ; je 0xfffc053a +push eax +mov ecx, 3 +push 0 +push 0 +push 0xf +push edi +push 0 +lea eax, [ebp - 0x60] +push eax +lea eax, [ebp - 0x65] +push eax +push 2 +lea eax, [ebp - 0x67] +push eax +movzx eax, byte [ebp - 0x69] +push 5 +lea edx, [ebp - 0x56] +push eax +mov eax, ebx +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 + +loc_fffc053a: ; not directly referenced +shl byte [ebp - 0x69], 1 +dec esi +jne short loc_fffc04fe ; jne 0xfffc04fe + +loc_fffc0540: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc054a: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x140 +mov edi, dword [ebp + 8] +mov dword [ebp - 0xe4], 1 +mov dword [ebp - 0xe0], 1 +mov eax, dword [edi + 0x2444] +mov ebx, dword [edi + 0x5edd] +mov esi, eax +mov dword [ebp - 0x110], eax +mov eax, dword [edi + 0x1887] +mov dword [ebp - 0x108], eax +mov eax, dword [edi + 0x1883] +push 0 +push 0x10 +mov dword [ebp - 0x100], eax +lea eax, [ebp - 0xc8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 1 +push 3 +lea eax, [ebp - 0xee] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp dword [edi + 0x2481], 2 +mov byte [ebp - 0xf1], 0xfc +mov byte [ebp - 0xf0], 4 +mov byte [ebp - 0xef], 0 +jne loc_fffc0d43 ; jne 0xfffc0d43 +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x100], eax +mov eax, dword [edi + 0x2444] +mov esi, eax +mov dword [ebp - 0x110], eax +push eax +push 0 +push 0x10 +lea eax, [ebp - 0xb8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 1 +push 3 +lea eax, [ebp - 0xe8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +xor eax, eax +mov byte [ebp - 0xeb], 0xfc +mov byte [ebp - 0xea], 4 +mov byte [ebp - 0xe9], 0 + +loc_fffc0639: ; not directly referenced +mov byte [ebp + eax - 0xd4], al +inc eax +cmp eax, 9 +jne short loc_fffc0639 ; jne 0xfffc0639 +mov ecx, 1 +mov edx, 5 +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 +xor ecx, ecx +mov edx, 5 +lea ebx, [edi + 0x2b51] +mov word [ebp - 0x138], ax +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 +sub esp, 0xc +mov ecx, 0x11 +mov word [ebp - 0x13c], ax +movzx eax, byte [edi + 0x248f] +push 0 +mov edx, eax +mov dword [ebp - 0x10c], eax +mov eax, edi +call fcn_fffae9e2 ; call 0xfffae9e2 +mov al, byte [ebp - 0xe7] +mov ecx, 2 +mov byte [ebp - 0x11c], al +mov al, byte [ebp - 0xe8] +add byte [ebp - 0x11c], al +mov al, byte [ebp - 0xe6] +add byte [ebp - 0x11c], al +lea eax, [edi + 0x2491] +mov dword [ebp - 0x140], eax +mov edx, eax +mov eax, edi +call fcn_fffa668b ; call 0xfffa668b +add esp, 0x10 +xor ecx, ecx + +loc_fffc06dc: ; not directly referenced +mov eax, dword [ebp - 0x10c] +mov dword [ebp + ecx*4 - 0xdc], 0 +bt eax, ecx +jae short loc_fffc0714 ; jae 0xfffc0714 +mov eax, dword [ebx + 4] +mov esi, 0x14 +xor edx, edx +add eax, dword [ebx] +div esi +mov si, 0xc +lea edx, [eax - 1] +cmp edx, 0xb +cmova eax, esi +mov dword [ebp + ecx*4 - 0xdc], eax + +loc_fffc0714: ; not directly referenced +inc ecx +add ebx, 0x48 +cmp ecx, 2 +jne short loc_fffc06dc ; jne 0xfffc06dc +push eax +push 0 +push 0x80 +lea eax, [ebp - 0x98] +push eax +mov eax, dword [ebp - 0x110] +call dword [eax + 0x5c] ; ucall +mov eax, dword [ebp - 0x100] +add esp, 0x10 +mov dword [ebp - 0xfc], 0 +add eax, 0x70 +mov dword [ebp - 0x134], eax + +loc_fffc0751: ; not directly referenced +xor esi, esi + +loc_fffc0753: ; not directly referenced +mov eax, dword [ebp - 0x10c] +bt eax, esi +jb short loc_fffc0768 ; jb 0xfffc0768 + +loc_fffc075e: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffc0753 ; jne 0xfffc0753 +xor esi, esi +jmp short loc_fffc07bd ; jmp 0xfffc07bd + +loc_fffc0768: ; not directly referenced +mov eax, dword [ebp - 0xfc] +mov ecx, 0xc +xor ebx, ebx +movsx eax, byte [ebp + eax - 0xeb] +imul eax, dword [ebp + esi*4 - 0xdc] +cdq +idiv ecx +mov dword [ebp - 0x100], eax + +loc_fffc078e: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffc075e ; jae 0xfffc075e +push 1 +movzx eax, bl +push 0 +inc ebx +push 1 +push 0 +push eax +push 0 +push esi +push 0 +push 0 +push dword [ebp - 0x100] +push 2 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +jmp short loc_fffc078e ; jmp 0xfffc078e + +loc_fffc07bd: ; not directly referenced +mov eax, dword [ebp - 0x134] +mov ecx, esi +xor ebx, ebx +mov dword [ebp - 0x100], 1 +shl dword [ebp - 0x100], cl +mov dword [ebp - 0x108], eax +mov byte [ebp - 0x104], 0 + +loc_fffc07e4: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc0826 ; jne 0xfffc0826 +mov ecx, dword [ebp - 0x100] +mov edx, ebx +mov eax, edi +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x104], al +push eax +push 0 +movzx eax, byte [edi + 0x2489] +push eax +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x108] +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffc0826: ; not directly referenced +inc ebx +add dword [ebp - 0x108], 0xcc +cmp ebx, 2 +jne short loc_fffc07e4 ; jne 0xfffc07e4 +push ecx +mov edx, dword [ebp - 0x140] +push ecx +movzx ecx, byte [ebp - 0x104] +lea eax, [ebp - 0xb8] +push eax +push 0x25 +lea eax, [ebp - 0xd4] +push eax +mov eax, edi +push 5 +push 0 +push esi +inc esi +call fcn_fffd16df ; call 0xfffd16df +add esp, 0x20 +cmp esi, 2 +jne loc_fffc07bd ; jne 0xfffc07bd +lea eax, [ebp - 0xa8] +xor esi, esi +mov dword [ebp - 0x130], eax +lea eax, [ebp - 0x98] +mov dword [ebp - 0x128], eax + +loc_fffc0888: ; not directly referenced +mov eax, dword [ebp - 0x10c] +bt eax, esi +jb short loc_fffc08ac ; jb 0xfffc08ac + +loc_fffc0893: ; not directly referenced +inc esi +add dword [ebp - 0x128], 0x40 +add dword [ebp - 0x130], 8 +cmp esi, 2 +jne short loc_fffc0888 ; jne 0xfffc0888 +jmp near loc_fffc0a5e ; jmp 0xfffc0a5e + +loc_fffc08ac: ; not directly referenced +imul edx, esi, 0x13c3 +mov ebx, dword [ebp - 0x130] +mov ecx, dword [ebp - 0x128] +mov dword [ebp - 0x108], 0 +mov al, byte [edi + edx + 0x381b] +lea edx, [edi + edx + 0x49c2] +mov dword [ebp - 0x100], ebx +mov dword [ebp - 0x12c], ecx +mov dword [ebp - 0x120], edx +mov byte [ebp - 0x141], al +imul eax, esi, 0x48 +add eax, edi + +loc_fffc08f3: ; not directly referenced +mov cl, byte [ebp - 0x108] +mov edx, 1 +shl edx, cl +test byte [ebp - 0x141], dl +jne short loc_fffc0936 ; jne 0xfffc0936 + +loc_fffc0908: ; not directly referenced +inc dword [ebp - 0x108] +add eax, 0x90 +add dword [ebp - 0x120], 0x18 +add dword [ebp - 0x12c], 0x20 +add dword [ebp - 0x100], 4 +cmp dword [ebp - 0x108], 2 +jne short loc_fffc08f3 ; jne 0xfffc08f3 +jmp near loc_fffc0893 ; jmp 0xfffc0893 + +loc_fffc0936: ; not directly referenced +cmp byte [ebp - 0xfc], 0 +jne short loc_fffc094b ; jne 0xfffc094b +mov ebx, dword [ebp - 0x100] +mov dword [ebx], 0xffffffff + +loc_fffc094b: ; not directly referenced +mov dl, byte [edi + 0x2489] +mov byte [ebp - 0x124], dl +xor edx, edx + +loc_fffc0959: ; not directly referenced +cmp byte [ebp - 0x124], dl +jbe short loc_fffc0987 ; jbe 0xfffc0987 +mov ebx, dword [ebp - 0x100] +mov ecx, dword [eax + edx*8 + 0x2915] +cmp dword [eax + edx*8 + 0x2911], ecx +cmovbe ecx, dword [eax + edx*8 + 0x2911] +cmp ecx, dword [ebx] +cmova ecx, dword [ebx] +inc edx +mov dword [ebx], ecx +jmp short loc_fffc0959 ; jmp 0xfffc0959 + +loc_fffc0987: ; not directly referenced +xor edx, edx + +loc_fffc0989: ; not directly referenced +mov ecx, dword [ebp - 0x120] +movzx ecx, byte [ecx + edx + 0x10] +test cl, cl +je loc_fffc0908 ; je 0xfffc0908 +mov dword [ebp - 0x104], 0 +mov dword [ebp - 0x118], 0xffffffff +mov dword [ebp - 0x114], 0xffffffff + +loc_fffc09ba: ; not directly referenced +mov bl, byte [ebp - 0x104] +cmp byte [ebp - 0x124], bl +jbe short loc_fffc0a1d ; jbe 0xfffc0a1d +mov ebx, dword [ebp - 0x104] +bt ecx, ebx +jae short loc_fffc0a15 ; jae 0xfffc0a15 +mov dword [ebp - 0x148], edx +mov edx, dword [ebp - 0x114] +cmp edx, dword [eax + ebx*8 + 0x2911] +cmova edx, dword [eax + ebx*8 + 0x2911] +mov dword [ebp - 0x114], edx +mov edx, dword [ebp - 0x118] +cmp edx, dword [eax + ebx*8 + 0x2915] +cmova edx, dword [eax + ebx*8 + 0x2915] +mov dword [ebp - 0x118], edx +mov edx, dword [ebp - 0x148] + +loc_fffc0a15: ; not directly referenced +inc dword [ebp - 0x104] +jmp short loc_fffc09ba ; jmp 0xfffc09ba + +loc_fffc0a1d: ; not directly referenced +mov ecx, dword [ebp - 0xfc] +movzx ebx, byte [ebp + ecx - 0xe8] +mov ecx, dword [ebp - 0x118] +sub ecx, dword [ebp - 0x114] +mov dword [ebp - 0x104], ebx +mov ebx, dword [ebp - 0x104] +imul ebx, ecx +mov ecx, dword [ebp - 0x12c] +add dword [ecx + edx*4], ebx +inc edx +cmp edx, 8 +jne loc_fffc0989 ; jne 0xfffc0989 +jmp near loc_fffc0908 ; jmp 0xfffc0908 + +loc_fffc0a5e: ; not directly referenced +inc dword [ebp - 0xfc] +cmp dword [ebp - 0xfc], 3 +jne loc_fffc0751 ; jne 0xfffc0751 +movzx edx, word [ebp - 0x138] +movzx eax, word [ebp - 0x13c] +mov dword [ebp - 0x120], edi +mov dword [ebp - 0xfc], 0 +add eax, edx +mov dword [ebp - 0x12c], eax +movsx eax, byte [ebp - 0x11c] +sar dword [ebp - 0x12c], 2 +imul esi, eax, 0xa +imul eax, eax, 0x14 +mov dword [ebp - 0x138], esi +mov dword [ebp - 0x13c], eax +mov eax, dword [ebp - 0x134] +mov dword [ebp - 0x130], eax +lea eax, [edi + 0x49c2] +mov dword [ebp - 0x114], eax +lea eax, [ebp - 0xa8] +mov dword [ebp - 0x11c], eax +lea eax, [ebp - 0x98] +mov dword [ebp - 0x124], eax + +loc_fffc0ae7: ; not directly referenced +mov eax, dword [ebp - 0x10c] +mov esi, dword [ebp - 0xfc] +bt eax, esi +jae loc_fffc0d02 ; jae 0xfffc0d02 +mov eax, dword [ebp - 0x114] +mov dword [ebp - 0x100], 0 +lea esi, [eax - 0x126b] +mov dword [ebp - 0x134], esi +mov esi, dword [ebp - 0x120] +mov dword [ebp - 0x108], eax +mov dword [ebp - 0x128], esi +mov esi, dword [ebp - 0x124] + +loc_fffc0b30: ; not directly referenced +mov ebx, dword [ebp - 0x114] +mov cl, byte [ebp - 0x100] +mov dword [ebp - 0x104], 1 +shl dword [ebp - 0x104], cl +mov al, byte [ebp - 0x104] +test byte [ebx - 0x11a7], al +je loc_fffc0cbe ; je 0xfffc0cbe +mov eax, dword [ebp - 0x108] +mov ebx, dword [ebp - 0x11c] +mov edx, dword [ebp - 0x100] +mov ecx, dword [ebp - 0x12c] +mov ax, word [eax + 0xc] +or al, 0x80 +cmp dword [ebx + edx*4], ecx +jbe short loc_fffc0bac ; jbe 0xfffc0bac +imul edx, edx, 0x70 +mov ebx, dword [ebp - 0x134] +and eax, 0xffffff80 +or eax, 0xd +mov word [ebx + edx + 0x109f], ax +mov ebx, dword [ebp - 0x108] +mov word [ebx + 0xc], ax +movzx eax, ax +push edx +push edx +push eax +push 6 +jmp short loc_fffc0c08 ; jmp 0xfffc0c08 + +loc_fffc0bac: ; not directly referenced +mov eax, dword [ebp - 0x108] +xor ebx, ebx +mov ecx, dword [ebp - 0x104] +mov edx, dword [ebp - 0xfc] +mov ax, word [eax + 6] +mov word [ebp - 0x118], ax +or word [ebp - 0x118], 0x10 +push eax +push eax +movzx eax, word [ebp - 0x118] +push eax +mov eax, edi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 + +loc_fffc0be9: ; not directly referenced +mov eax, dword [ebp - 0x108] +movzx ecx, byte [eax + ebx + 0x10] +test cl, cl +jne short loc_fffc0c23 ; jne 0xfffc0c23 + +loc_fffc0bf8: ; not directly referenced +mov eax, dword [ebp - 0x118] +push ebx +push ebx +and eax, 0xffef +push eax +push 3 + +loc_fffc0c08: ; not directly referenced +mov ecx, dword [ebp - 0x104] +mov eax, edi +mov edx, dword [ebp - 0xfc] +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +jmp near loc_fffc0cbe ; jmp 0xfffc0cbe + +loc_fffc0c23: ; not directly referenced +mov edx, dword [esi + ebx*4] +mov dword [ebp - 0x140], ecx +mov eax, edx +sar eax, 0x1f +or eax, 1 +movsx eax, al +imul eax, dword [ebp - 0x138] +add eax, edx +cdq +idiv dword [ebp - 0x13c] +mov dword [esi + ebx*4], eax +push 2 +push 0 +push 1 +push 0 +push ecx +push dword [ebp - 0x100] +push dword [ebp - 0xfc] +push 0 +push 0 +push eax +push 5 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov al, byte [edi + 0x2489] +add esp, 0x30 +mov byte [ebp - 0x141], al +xor eax, eax + +loc_fffc0c7d: ; not directly referenced +cmp byte [ebp - 0x141], al +jbe short loc_fffc0caf ; jbe 0xfffc0caf +mov edx, dword [ebp - 0x140] +bt edx, eax +jae short loc_fffc0cac ; jae 0xfffc0cac +mov edx, dword [ebp - 0x128] +imul ecx, dword [esi + ebx*4], 0xa +add dword [edx + eax*8 + 0x2911], ecx +imul ecx, dword [esi + ebx*4], 0xfffffff6 +add dword [edx + eax*8 + 0x2915], ecx + +loc_fffc0cac: ; not directly referenced +inc eax +jmp short loc_fffc0c7d ; jmp 0xfffc0c7d + +loc_fffc0caf: ; not directly referenced +inc ebx +cmp ebx, 8 +jne loc_fffc0be9 ; jne 0xfffc0be9 +jmp near loc_fffc0bf8 ; jmp 0xfffc0bf8 + +loc_fffc0cbe: ; not directly referenced +inc dword [ebp - 0x100] +add esi, 0x20 +add dword [ebp - 0x108], 0x18 +add dword [ebp - 0x128], 0x90 +cmp dword [ebp - 0x100], 2 +jne loc_fffc0b30 ; jne 0xfffc0b30 +push ecx +push 0 +movzx eax, byte [edi + 0x2489] +push eax +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x130] +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffc0d02: ; not directly referenced +inc dword [ebp - 0xfc] +add dword [ebp - 0x130], 0xcc +add dword [ebp - 0x114], 0x13c3 +add dword [ebp - 0x124], 0x40 +add dword [ebp - 0x120], 0x48 +add dword [ebp - 0x11c], 8 +cmp dword [ebp - 0xfc], 2 +jne loc_fffc0ae7 ; jne 0xfffc0ae7 +jmp near loc_fffc1272 ; jmp 0xfffc1272 + +loc_fffc0d43: ; not directly referenced +mov ecx, 1 +mov edx, 5 +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 +xor ecx, ecx +mov edx, 5 +mov word [ebp - 0x118], ax +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 +mov word [ebp - 0x11c], ax +mov al, byte [ebx + 0x15] +shr al, 6 +movzx edx, al +movzx eax, byte [ebx + 0x16] +and eax, 0x1f +shl eax, 2 +or eax, edx +mov esi, eax +mov dl, al +or edx, 0xffffff80 +shr esi, 6 +cmove edx, eax +mov byte [ebp - 0xeb], dl +mov cl, byte [ebx + 0x14] +movsx dx, dl +movzx eax, byte [ebx + 0x15] +lea edx, [edx + edx*4] +shr cl, 7 +and eax, 0x3f +movzx ecx, cl +add eax, eax +or eax, ecx +mov esi, eax +mov cl, al +or ecx, 0xffffff80 +shr esi, 6 +cmove ecx, eax +add edx, edx +mov byte [ebp - 0xea], cl +movsx cx, cl +sub esp, 0xc +mov word [ebp - 0xe8], dx +movzx edx, byte [edi + 0x248f] +lea ecx, [ecx + ecx*4] +add ecx, ecx +mov eax, edi +mov word [ebp - 0xe6], cx +mov ecx, 0x11 +push 0 +call fcn_fffae9e2 ; call 0xfffae9e2 +mov al, byte [ebp - 0xed] +lea esi, [edi + 0x3757] +add esp, 0x10 +mov byte [ebp - 0xfc], 0 +mov byte [ebp - 0x10c], al +mov al, byte [ebp - 0xee] +add byte [ebp - 0x10c], al +mov al, byte [ebp - 0xec] +add byte [ebp - 0x10c], al +lea eax, [ebx + 0x70] +xor ebx, ebx +mov dword [ebp - 0x128], eax +mov dword [ebp - 0x104], eax + +loc_fffc0e3c: ; not directly referenced +cmp dword [esi], 2 +jne short loc_fffc0e74 ; jne 0xfffc0e74 +movzx ecx, byte [esi + 0xc4] +mov edx, ebx +mov eax, edi +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0xfc], al +push edx +push 0 +movzx eax, byte [edi + 0x2489] +push eax +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x104] +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffc0e74: ; not directly referenced +inc ebx +add esi, 0x13c3 +add dword [ebp - 0x104], 0xcc +cmp ebx, 2 +jne short loc_fffc0e3c ; jne 0xfffc0e3c +lea eax, [edi + 0x2491] +mov ecx, 2 +mov dword [ebp - 0x114], eax +mov edx, eax +mov eax, edi +call fcn_fffa668b ; call 0xfffa668b +movzx eax, byte [ebp - 0xfc] +lea ebx, [edi + 0x2b51] +xor ecx, ecx +mov dword [ebp - 0xfc], eax + +loc_fffc0eb9: ; not directly referenced +mov eax, dword [ebp - 0xfc] +mov dword [ebp + ecx*4 - 0xdc], 0 +bt eax, ecx +jae short loc_fffc0ef1 ; jae 0xfffc0ef1 +mov eax, dword [ebx + 4] +mov esi, 0x14 +xor edx, edx +add eax, dword [ebx] +div esi +mov si, 0xc +lea edx, [eax - 1] +cmp edx, 0xb +cmovbe esi, eax +mov dword [ebp + ecx*4 - 0xdc], esi + +loc_fffc0ef1: ; not directly referenced +inc ecx +add ebx, 0x48 +cmp ecx, 2 +jne short loc_fffc0eb9 ; jne 0xfffc0eb9 +mov edx, dword [ebp - 0x114] +mov cl, 5 +mov eax, edi +call fcn_fffa668b ; call 0xfffa668b +mov dword [ebp - 0xd4], 0 +mov dword [ebp - 0xb8], 0x7fffffff +mov dword [ebp - 0xa8], 0x7fffffff +mov dword [ebp - 0xd0], 0 +mov dword [ebp - 0xb4], 0x7fffffff +mov dword [ebp - 0xa4], 0x7fffffff +mov dword [ebp - 0x104], 0 + +loc_fffc0f4f: ; not directly referenced +xor esi, esi + +loc_fffc0f51: ; not directly referenced +mov eax, dword [ebp - 0xfc] +bt eax, esi +jb short loc_fffc0f95 ; jb 0xfffc0f95 + +loc_fffc0f5c: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffc0f51 ; jne 0xfffc0f51 +push eax +mov edx, dword [ebp - 0x114] +push eax +mov ecx, dword [ebp - 0xfc] +push 0 +lea eax, [ebp - 0xc8] +push eax +mov eax, edi +push 0x36 +push 1 +push 5 +push 0 +call fcn_fffc66ae ; call 0xfffc66ae +lea edx, [edi + 0x2915] +add esp, 0x20 +xor eax, eax +jmp short loc_fffc0ff3 ; jmp 0xfffc0ff3 + +loc_fffc0f95: ; not directly referenced +mov eax, dword [ebp - 0x104] +mov ecx, 0xc +xor ebx, ebx +movsx eax, byte [ebp + eax - 0xf1] +imul eax, dword [ebp + esi*4 - 0xdc] +cdq +idiv ecx +mov dword [ebp - 0x120], eax + +loc_fffc0fbb: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffc0f5c ; jae 0xfffc0f5c +push 1 +movzx eax, bl +push 0 +inc ebx +push 1 +push 0 +push eax +push 0 +push esi +push 0 +push 0 +push dword [ebp - 0x120] +push 2 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +jmp short loc_fffc0fbb ; jmp 0xfffc0fbb + +loc_fffc0fea: ; not directly referenced +inc eax +add edx, 0x48 +cmp eax, 2 +je short loc_fffc1045 ; je 0xfffc1045 + +loc_fffc0ff3: ; not directly referenced +mov esi, dword [ebp - 0xfc] +bt esi, eax +jae short loc_fffc0fea ; jae 0xfffc0fea +mov ebx, dword [ebp - 0x104] +mov ecx, dword [edx - 4] +mov esi, dword [edx] +movzx ebx, byte [ebp + ebx - 0xee] +sub esi, ecx +imul ebx, esi +add dword [ebp + eax*4 - 0xd4], ebx +mov ebx, dword [ebp + eax*4 - 0xb8] +cmp ecx, ebx +cmovg ecx, ebx +mov dword [ebp + eax*4 - 0xb8], ecx +mov ecx, dword [ebp + eax*4 - 0xa8] +cmp dword [edx], ecx +cmovle ecx, dword [edx] +mov dword [ebp + eax*4 - 0xa8], ecx +jmp short loc_fffc0fea ; jmp 0xfffc0fea + +loc_fffc1045: ; not directly referenced +inc dword [ebp - 0x104] +cmp dword [ebp - 0x104], 3 +jne loc_fffc0f4f ; jne 0xfffc0f4f +xor eax, eax +xor ebx, ebx + +loc_fffc105c: ; not directly referenced +movsx ecx, word [ebp + eax - 0xe8] +mov edx, dword [ebp + eax*2 - 0xb8] +sub edx, ecx +cmovs edx, ebx +add ecx, dword [ebp + eax*2 - 0xa8] +mov dword [ebp + eax*2 - 0xb8], edx +cmovs ecx, ebx +cmp ecx, edx +cmovle edx, ecx +mov dword [ebp + eax*2 - 0xa8], ecx +mov dword [ebp + eax*2 - 0x98], edx +add eax, 2 +cmp eax, 4 +jne short loc_fffc105c ; jne 0xfffc105c +movsx eax, byte [ebp - 0x10c] +xor ebx, ebx +movzx edx, word [ebp - 0x118] +imul esi, eax, 0xa +imul eax, eax, 0x14 +mov dword [ebp - 0x120], esi +mov dword [ebp - 0x124], eax +movzx eax, word [ebp - 0x11c] +add eax, edx +mov dword [ebp - 0x10c], eax +lea eax, [edi + 0x2911] +mov dword [ebp - 0x114], eax +mov eax, dword [ebp - 0x128] +sar dword [ebp - 0x10c], 2 +mov dword [ebp - 0x104], eax + +loc_fffc10ec: ; not directly referenced +mov eax, dword [ebp - 0xfc] +bt eax, ebx +jae loc_fffc1257 ; jae 0xfffc1257 +mov edx, dword [ebp + ebx*4 - 0xd4] +mov eax, edx +sar eax, 0x1f +or eax, 1 +movsx eax, al +imul eax, dword [ebp - 0x120] +add eax, edx +cdq +idiv dword [ebp - 0x124] +cmp dword [ebp - 0x108], 0x306d0 +sete dl +cmp dword [ebp - 0x100], 3 +mov dword [ebp + ebx*4 - 0xd4], eax +seta al +test al, dl +jne short loc_fffc115a ; jne 0xfffc115a +cmp dword [ebp - 0x100], 0 +setne cl +cmp dword [ebp - 0x108], 0x40670 +sete al +test cl, al +je short loc_fffc1185 ; je 0xfffc1185 + +loc_fffc115a: ; not directly referenced +mov eax, dword [ebp - 0x10c] +cmp dword [ebp + ebx*4 - 0x98], eax +jbe short loc_fffc1185 ; jbe 0xfffc1185 +movsx eax, byte [ebp + ebx - 0xeb] +mov dword [ebp + ebx*4 - 0xe4], 0 +neg eax +mov dword [ebp + ebx*4 - 0xd4], eax + +loc_fffc1185: ; not directly referenced +mov eax, dword [ebp + ebx*4 - 0xe4] +mov esi, dword [ebp - 0x104] +mov byte [edi + ebx + 0x369e], al +cmp byte [esi + 0x61], 0 +jle short loc_fffc11fc ; jle 0xfffc11fc +cmp dword [ebp - 0x100], 3 +sete cl +test cl, dl +jne short loc_fffc11d2 ; jne 0xfffc11d2 +cmp dword [ebp - 0x100], 0 +sete cl +cmp dword [ebp - 0x108], 0x40670 +sete byte [ebp - 0x118] +xor edx, edx +test byte [ebp - 0x118], cl +je short loc_fffc11db ; je 0xfffc11db + +loc_fffc11d2: ; not directly referenced +mov esi, dword [ebp - 0x104] +mov dl, byte [esi + 0x73] + +loc_fffc11db: ; not directly referenced +sub dl, byte [ebp + ebx - 0xeb] +add edx, 3 +movsx esi, dl +cmp dword [ebp + ebx*4 - 0xd4], esi +jle short loc_fffc11fc ; jle 0xfffc11fc +test eax, eax +je short loc_fffc11fc ; je 0xfffc11fc +mov dword [ebp + ebx*4 - 0xd4], esi + +loc_fffc11fc: ; not directly referenced +mov eax, dword [ebp - 0xfc] +lea ecx, [ebx + 1] +push 2 +mov esi, dword [ebp + ebx*4 - 0xd4] +sar eax, cl +push eax +push 1 +push 0 +push 7 +push 0 +push ebx +push 0 +push 0 +push esi +push 5 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov ecx, dword [ebp - 0x114] +imul eax, esi, 0xa +imul esi, esi, 0xfffffff6 +add esp, 0x2c +add dword [ecx], eax +add dword [ecx + 4], esi +push 0 +movzx eax, byte [edi + 0x2489] +push eax +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x104] +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffc1257: ; not directly referenced +inc ebx +add dword [ebp - 0x114], 0x48 +add dword [ebp - 0x104], 0xcc +cmp ebx, 2 +jne loc_fffc10ec ; jne 0xfffc10ec + +loc_fffc1272: ; not directly referenced +push 2 +push 0 +push 1 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0 +push 2 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov byte [edi + 0x247b], 0 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc12a0: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x230 +mov edi, dword [ebp + 8] +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x1fc], eax +mov eax, dword [edi + 0x2444] +mov esi, eax +mov dword [ebp - 0x21c], eax +mov eax, dword [edi + 0x188b] +push 0 +push 0x10 +mov dword [ebp - 0x220], eax +lea eax, [ebp - 0x1d8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 2 +lea eax, [ebp - 0x1dc] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x1b0 +lea eax, [ebp - 0x1c8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +mov al, byte [edi + 0x2441] +xor ecx, ecx +mov byte [ebp - 0x1d9], 0 +mov byte [ebp - 0x1da], 0 +mov byte [ebp - 0x216], al +mov eax, dword [edi + 0x2481] +mov dword [esp], edi +cmp eax, 3 +sete cl +cmp eax, 2 +mov ebx, ecx +sete byte [ebp - 0x217] +mov dword [ebp - 0x208], ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +cmp ebx, 1 +lea ecx, [edi + 0x2491] +mov dword [ebp - 0x1f8], edi +mov dword [ebp - 0x1f0], 0 +mov dword [ebp - 0x214], ecx +mov dword [ebp - 0x200], eax +sbb eax, eax +and eax, 7 +add eax, 0xa +movzx eax, al +mov dword [ebp - 0x22c], eax + +loc_fffc1389: ; not directly referenced +mov eax, dword [ebp - 0x1fc] +xor ebx, ebx +mov cl, byte [ebp - 0x1f0] +mov dword [ebp - 0x1ec], 1 +shl dword [ebp - 0x1ec], cl +add eax, 0x70 +mov dword [ebp - 0x204], eax +mov byte [ebp - 0x1f4], 0 + +loc_fffc13b7: ; not directly referenced +mov ecx, dword [ebp - 0x1ec] +mov edx, ebx +mov eax, edi +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x1f4], al +movzx eax, byte [ebp - 0x1f4] +bt eax, ebx +mov esi, eax +jae short loc_fffc13f7 ; jae 0xfffc13f7 +push ecx +push 0 +movzx eax, byte [edi + 0x2489] +push eax +mov eax, dword [ebp - 0x21c] +push dword [ebp - 0x204] +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffc13f7: ; not directly referenced +inc ebx +add dword [ebp - 0x204], 0xcc +cmp ebx, 2 +jne short loc_fffc13b7 ; jne 0xfffc13b7 +cmp byte [ebp - 0x1f4], 0 +je loc_fffc1932 ; je 0xfffc1932 +sub esp, 0xc +mov ecx, 0x11 +push 0 +mov edx, esi +mov eax, edi +xor bl, bl +call fcn_fffae9e2 ; call 0xfffae9e2 +add esp, 0x10 + +loc_fffc142c: ; not directly referenced +mov dl, bl +cmp bl, 3 +je short loc_fffc1495 ; je 0xfffc1495 +cmp bl, 1 +jne short loc_fffc1441 ; jne 0xfffc1441 +mov byte [edi + 0x248c], 9 +jmp short loc_fffc144d ; jmp 0xfffc144d + +loc_fffc1441: ; not directly referenced +cmp bl, 4 +jne short loc_fffc144d ; jne 0xfffc144d +mov byte [edi + 0x248c], 0 + +loc_fffc144d: ; not directly referenced +lea eax, [edx - 4] +cmp al, 2 +sbb eax, eax +and eax, 0x17 +add eax, 0x1f +cmp dl, 5 +sete dl +test byte [ebp - 0x217], dl +mov dl, 0x25 +lea ecx, [ebp - 0x1d8] +cmovne eax, edx +push edx +movzx eax, al +push edx +mov edx, dword [ebp - 0x214] +push 0 +push ecx +mov ecx, esi +push eax +mov eax, edi +push 1 +push ebx +push dword [ebp - 0x1f0] +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x20 + +loc_fffc1495: ; not directly referenced +inc ebx +cmp ebx, 7 +jne short loc_fffc142c ; jne 0xfffc142c +push eax +mov ecx, dword [ebp - 0x22c] +mov edx, esi +push eax +mov eax, edi +push dword [ebp - 0x1ec] +push 0 +call fcn_fffaea71 ; call 0xfffaea71 +add esp, 0x10 +cmp dword [ebp - 0x208], 0 +je short loc_fffc14e8 ; je 0xfffc14e8 +push eax +mov ecx, esi +push 0 +xor edx, edx +push 0 +push 0x20 +push 0 +lea eax, [ebp - 0x1da] +push eax +mov eax, edi +push 0xff +push dword [ebp - 0x1ec] +call fcn_fffcffd1 ; call 0xfffcffd1 +jmp short loc_fffc150b ; jmp 0xfffc150b + +loc_fffc14e8: ; not directly referenced +push 1 +mov ecx, esi +push 1 +xor edx, edx +lea eax, [ebp - 0x1dc] +push eax +mov eax, edi +push 1 +push 0x40 +push 0xffffffffffffffc0 +push 3 +push 0xff +call fcn_fffcf65b ; call 0xfffcf65b + +loc_fffc150b: ; not directly referenced +add esp, 0x20 +cmp byte [ebp - 0x216], 0 +sete dl +cmp dword [ebp - 0x220], 1 +sete al +test dl, al +jne loc_fffc15e2 ; jne 0xfffc15e2 + +loc_fffc152a: ; not directly referenced +push edx +push 0 +push 0 +push 3 +push 0xff +push 0 +push 0 +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c +push 0 +push 0 +push 3 +push 0xff +push 0 +push 1 +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +lea eax, [ebp - 0x1d8] +mov edx, dword [ebp - 0x214] +pop ecx +mov ecx, esi +pop ebx +mov ebx, dword [ebp - 0x1f0] +push 0 +push eax +mov eax, edi +push 0x36 +push 1 +push 0xd +push ebx +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +lea edx, [ebp - 0x1c8] +mov dword [ebp - 0x200], eax +mov eax, edi +call fcn_fffb7100 ; call 0xfffb7100 +imul eax, ebx, 0xd8 +mov edx, ebx +add edx, ebx +add esp, 0x10 +lea ecx, [edi + ebx*4] +add edx, edi +mov dword [ebp - 0x210], ecx +mov ecx, dword [ebp - 0x1f8] +add eax, 0x281 +mov dword [ebp - 0x20c], edx +mov dword [ebp - 0x1f4], 0 +mov dword [ebp - 0x228], eax +jmp near loc_fffc17a9 ; jmp 0xfffc17a9 + +loc_fffc15e2: ; not directly referenced +xor ebx, ebx + +loc_fffc15e4: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc1641 ; jne 0xfffc1641 +push eax +push 0 +push 0 +push 3 +push 0xff +push 0 +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +cmp byte [edi + 0x36ca], 2 +jne short loc_fffc1641 ; jne 0xfffc1641 +mov ecx, dword [ebp - 0x1fc] +imul eax, ebx, 0xcc +mov edx, ebx +push 0 +push 1 +movzx eax, byte [ecx + eax + 0xe2] +mov ecx, 0xff +push eax +mov eax, edi +push 1 +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 + +loc_fffc1641: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffc15e4 ; jne 0xfffc15e4 +sub esp, 0xc +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +cmp dword [ebp - 0x208], 0 +jne short loc_fffc16bd ; jne 0xfffc16bd +mov ecx, dword [ebp - 0x1f8] +mov edx, 6 +mov eax, dword [ecx + 0x3211] +mov dword [ecx + 0x3219], eax +mov eax, dword [ecx + 0x3215] +mov dword [ecx + 0x321d], eax +mov eax, dword [ecx + 0x3259] +mov dword [ecx + 0x3261], eax +mov eax, dword [ecx + 0x325d] +mov dword [ecx + 0x3265], eax +lea eax, [ebp - 0x1dc] +mov ecx, esi +push 1 +push 1 +push eax +mov eax, edi +push 0 +push 0x40 +push 0xffffffffffffffc0 +push 3 +push 0xff +call fcn_fffcf65b ; call 0xfffcf65b +add esp, 0x20 +jmp short loc_fffc16cc ; jmp 0xfffc16cc + +loc_fffc16bd: ; not directly referenced +mov ecx, dword [ebp - 0x1ec] +mov edx, esi +mov eax, edi +call fcn_fffcb062 ; call 0xfffcb062 + +loc_fffc16cc: ; not directly referenced +mov ebx, dword [ebp - 0x1f8] +mov dword [ebp - 0x1f4], 0 + +loc_fffc16dc: ; not directly referenced +imul eax, dword [ebp - 0x1f4], 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc175d ; jne 0xfffc175d +mov eax, dword [ebx + 0x3219] +cmp dword [ebx + 0x3211], eax +cmovbe eax, dword [ebx + 0x3211] +mov dword [ebx + 0x3211], eax +mov eax, dword [ebx + 0x321d] +cmp dword [ebx + 0x3215], eax +cmovbe eax, dword [ebx + 0x3215] +mov dword [ebx + 0x3215], eax +cmp byte [edi + 0x36ca], 2 +jne short loc_fffc175d ; jne 0xfffc175d +mov edx, dword [ebp - 0x1f4] +mov ecx, dword [ebp - 0x1fc] +push 0 +push 1 +imul eax, edx, 0xcc +movzx eax, byte [ecx + eax + 0xe2] +mov ecx, 0xff +neg eax +push eax +mov eax, edi +push 1 +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 + +loc_fffc175d: ; not directly referenced +inc dword [ebp - 0x1f4] +add ebx, 0x48 +cmp dword [ebp - 0x1f4], 2 +jne loc_fffc16dc ; jne 0xfffc16dc +jmp near loc_fffc152a ; jmp 0xfffc152a + +loc_fffc1778: ; not directly referenced +add dword [ebp - 0x1f4], 0x13c3 +add ecx, 0x48 +add dword [ebp - 0x210], 0x13c3 +add dword [ebp - 0x20c], 0x13c3 +cmp dword [ebp - 0x1f4], 0x2786 +je loc_fffc1932 ; je 0xfffc1932 + +loc_fffc17a9: ; not directly referenced +mov ebx, dword [ebp - 0x1f4] +mov al, byte [ebp - 0x1ec] +test byte [edi + ebx + 0x381b], al +je short loc_fffc1778 ; je 0xfffc1778 +mov eax, dword [ebp - 0x1f4] +mov ebx, 0xa +xor edx, edx +mov esi, 0xa +mov byte [ebp - 0x204], 0 +lea eax, [edi + eax + 0x3757] +mov dword [ebp - 0x224], eax +mov eax, dword [ecx + 0x3211] +div ebx +mov ebx, dword [ebp - 0x210] +xor edx, edx +mov byte [ebx + 0x39c8], al +mov eax, dword [ecx + 0x3215] +div esi +xor edx, edx +mov byte [ebx + 0x39c9], al +mov eax, dword [ecx + 0x3451] +div esi +xor edx, edx +mov byte [ebx + 0x39cb], al +mov eax, dword [ecx + 0x3455] +div esi +xor edx, edx +mov byte [ebx + 0x39ca], al +mov eax, dword [ecx + 0x2d91] +mov ebx, dword [ebp - 0x20c] +div esi +xor edx, edx +mov byte [ebx + 0x4758], al +mov eax, dword [ecx + 0x2d95] +div esi +xor edx, edx +mov byte [ebx + 0x4759], al +mov eax, dword [ecx + 0x2fd1] +div esi +xor edx, edx +mov byte [ebx + 0x4760], al +mov eax, dword [ecx + 0x2fd5] +div esi +mov byte [ebx + 0x4761], al + +loc_fffc186e: ; not directly referenced +mov al, byte [ebp - 0x204] +cmp al, byte [edi + 0x2489] +jae loc_fffc1778 ; jae 0xfffc1778 +movzx ebx, al +imul ebx, ebx, 0x18 +add ebx, dword [ebp - 0x228] +add ebx, dword [ebp - 0x224] +mov byte [ebp - 0x215], 8 + +loc_fffc1899: ; not directly referenced +mov eax, dword [ecx + 0x26d1] +mov esi, 0xa +xor edx, edx +add ebx, 3 +div esi +xor edx, edx +mov byte [ebx - 3], al +mov eax, dword [ecx + 0x26d5] +div esi +xor edx, edx +mov byte [ebx - 1], al +mov eax, dword [ecx + 0x2b51] +div esi +xor edx, edx +mov byte [ebx + 0x35d], al +mov eax, dword [ecx + 0x2b55] +div esi +xor edx, edx +mov byte [ebx + 0x35f], al +mov eax, dword [ecx + 0x2491] +div esi +xor edx, edx +mov byte [ebx + 0x6bf], al +mov eax, dword [ecx + 0x2495] +div esi +xor edx, edx +mov byte [ebx + 0x6bd], al +mov eax, dword [ecx + 0x2911] +div esi +xor edx, edx +mov byte [ebx + 0xa1f], al +mov eax, dword [ecx + 0x2915] +div esi +mov byte [ebx + 0xa1d], al +dec byte [ebp - 0x215] +jne loc_fffc1899 ; jne 0xfffc1899 +inc byte [ebp - 0x204] +jmp near loc_fffc186e ; jmp 0xfffc186e + +loc_fffc1932: ; not directly referenced +inc dword [ebp - 0x1f0] +add dword [ebp - 0x1f8], 0x90 +cmp dword [ebp - 0x1f0], 4 +jne loc_fffc1389 ; jne 0xfffc1389 +cmp dword [edi + 0x3757], 2 +jne short loc_fffc1966 ; jne 0xfffc1966 +xor ecx, ecx +mov edx, 0x4198 +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b + +loc_fffc1966: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc197d ; jne 0xfffc197d +xor ecx, ecx +mov edx, 0x4598 +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b + +loc_fffc197d: ; not directly referenced +mov eax, dword [ebp - 0x200] +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc198b: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +xor esi, esi +push ebx +add esp, 0xffffff80 +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x60] +mov byte [ebp - 0x67], 5 +mov byte [ebp - 0x66], 2 +mov eax, dword [ebx + 0x5edd] +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +mov dword [ebp - 0x6c], eax +mov al, byte [ebx + 0x248f] +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +mov byte [ebp - 0x6d], al +mov eax, dword [ebx + 0x188b] +mov dword [ebp - 0x74], eax +mov eax, dword [ebx + 0x2444] +push 0 +push 5 +push edi +call dword [eax + 0x60] ; ucall +movzx edx, byte [ebp - 0x67] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x66] +mov ecx, 1 +mov word [ebp - 0x60], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +add esp, 0x10 +mov word [ebp - 0x5e], ax + +loc_fffc1a0c: ; not directly referenced +mov eax, 1 +mov ecx, esi +shl eax, cl +test byte [ebx + 0x248e], al +je short loc_fffc1a48 ; je 0xfffc1a48 +push edx +mov ecx, 3 +push 2 +push 0 +push 0xf +push 0xb +push 0 +push edi +lea edx, [ebp - 0x65] +push edx +push 2 +lea edx, [ebp - 0x67] +push edx +push 4 +push eax +mov eax, ebx +lea edx, [ebp - 0x56] +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 + +loc_fffc1a48: ; not directly referenced +inc esi +cmp esi, 4 +jne short loc_fffc1a0c ; jne 0xfffc1a0c +push eax +mov ecx, 3 +push eax +mov eax, ebx +push 0 +push 0xf +push 0 +push 0 +push 0 +push 2 +lea edx, [ebx + 0x2491] +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 +cmp dword [ebp - 0x74], 1 +jne loc_fffc1b55 ; jne 0xfffc1b55 +lea eax, [ebx + 0x3757] +mov edi, dword [ebp - 0x6c] +mov dword [ebp - 0x78], eax +movzx eax, byte [ebp - 0x6d] +mov dword [ebp - 0x6c], 0 +add edi, 0x1c +mov dword [ebp - 0x80], eax + +loc_fffc1a98: ; not directly referenced +mov eax, dword [ebp - 0x80] +mov ecx, dword [ebp - 0x6c] +bt eax, ecx +jb short loc_fffc1abe ; jb 0xfffc1abe + +loc_fffc1aa3: ; not directly referenced +inc dword [ebp - 0x6c] +add edi, 0xcc +add dword [ebp - 0x78], 0x13c3 +cmp dword [ebp - 0x6c], 2 +jne short loc_fffc1a98 ; jne 0xfffc1a98 +jmp near loc_fffc1b55 ; jmp 0xfffc1b55 + +loc_fffc1abe: ; not directly referenced +mov byte [ebp - 0x6d], 0 + +loc_fffc1ac2: ; not directly referenced +mov al, byte [ebp - 0x6d] +cmp al, byte [ebx + 0x2489] +jae short loc_fffc1aa3 ; jae 0xfffc1aa3 +mov edx, dword [ebp - 0x78] +movzx esi, al +mov byte [ebp - 0x74], 0 +mov cl, byte [edx + 0xc4] +add esi, edx +mov dword [ebp - 0x7c], esi +mov byte [ebp - 0x6e], cl +xor ecx, ecx + +loc_fffc1ae7: ; not directly referenced +mov eax, 1 +shl eax, cl +test byte [ebp - 0x6e], al +je short loc_fffc1b13 ; je 0xfffc1b13 +mov eax, dword [ebp - 0x7c] +lea esi, [ecx + ecx*8] +mov al, byte [eax + esi + 0x24d] +mov dl, al +and eax, 0xf +shr dl, 4 +shl edx, 2 +cmp dl, al +setne al +or byte [ebp - 0x74], al + +loc_fffc1b13: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc1ae7 ; jne 0xfffc1ae7 +cmp byte [ebx + 0x240e], 1 +je short loc_fffc1b28 ; je 0xfffc1b28 +cmp byte [ebp - 0x74], 1 +jne short loc_fffc1b4d ; jne 0xfffc1b4d + +loc_fffc1b28: ; not directly referenced +movzx esi, byte [ebp - 0x6d] +mov eax, ebx +mov edx, dword [ebp - 0x6c] +mov ecx, esi +add esi, 8 +call fcn_fffa71bc ; call 0xfffa71bc +or byte [edi + esi*4 + 0xb], 1 +mov ecx, dword [edi + esi*4 + 8] +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffc1b4d: ; not directly referenced +inc byte [ebp - 0x6d] +jmp near loc_fffc1ac2 ; jmp 0xfffc1ac2 + +loc_fffc1b55: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc1b5f: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x540 +mov esi, dword [ebp + 0xc] +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x4fa] +mov dword [ebp - 0x520], edx +mov edx, dword [ebp + 0x14] +mov dword [ebp - 0x51c], eax +mov dword [ebp - 0x52c], esi +mov esi, dword [ebp + 0x18] +mov dword [ebp - 0x524], ecx +mov ecx, 0xa +mov dword [ebp - 0x538], edx +mov dword [ebp - 0x528], ebx +mov ebx, dword [ebp + 0x10] +mov dword [ebp - 0x530], esi +mov esi, dword [ebp + 0x20] +mov byte [ebp - 0x507], 4 +mov byte [ebp - 0x506], 1 +mov byte [ebp - 0x505], 5 +mov eax, esi +mov dword [ebp - 0x534], esi +mov esi, ref_fffd541c ; mov esi, 0xfffd541c +mov byte [ebp - 0x541], al +lea eax, [ebp - 0x4f0] +mov byte [ebp - 0x504], 2 +mov byte [ebp - 0x50b], 4 +mov byte [ebp - 0x50a], 1 +mov byte [ebp - 0x509], 5 +mov byte [ebp - 0x508], 2 +mov byte [ebp - 0x4ff], 1 +mov byte [ebp - 0x4fe], 2 +mov byte [ebp - 0x4fd], 0 +mov byte [ebp - 0x4fc], 0 +mov byte [ebp - 0x4fb], 0 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov edi, dword [ebp - 0x51c] +mov dword [ebp - 0x503], 0 +mov esi, dword [edi + 0x2444] +push 0xff +push 0x4d8 +push eax +call dword [esi + 0x5c] ; ucall +add esp, 0xc +push 0xff +push 0x54e +push dword [ebp - 0x520] +call dword [esi + 0x5c] ; ucall +mov cl, byte [ebp - 0x524] +mov al, byte [ebp - 0x528] +and cl, byte [edi + 0x248f] +and al, byte [edi + 0x248e] +add esp, 0x10 +mov byte [ebp - 0x50d], 0 +mov edx, dword [ebp - 0x538] +movzx esi, cl +mov edi, eax +xor eax, eax +and cl, 1 +je short loc_fffc1caf ; je 0xfffc1caf +mov ecx, dword [ebp - 0x51c] +mov eax, edi +and al, byte [ecx + 0x381b] +test al, al +mov byte [ebp - 0x50d], al +setne al + +loc_fffc1caf: ; not directly referenced +and esi, 2 +mov byte [ebp - 0x50c], 0 +je short loc_fffc1cd9 ; je 0xfffc1cd9 +mov esi, dword [ebp - 0x51c] +mov ecx, edi +and cl, byte [esi + 0x4bde] +mov esi, eax +or esi, 2 +test cl, cl +mov byte [ebp - 0x50c], cl +cmovne eax, esi + +loc_fffc1cd9: ; not directly referenced +mov cl, byte [ebx] +movzx eax, al +mov esi, dword [ebp - 0x520] +mov dword [ebp - 0x524], eax +mov byte [esi], cl +mov cl, byte [edx] +mov byte [esi + 4], cl +mov cl, byte [ebx + 1] +mov byte [esi + 1], cl +mov cl, byte [edx + 1] +mov byte [esi + 5], cl +mov cl, byte [ebx + 2] +mov byte [esi + 2], cl +mov cl, byte [edx + 2] +mov byte [esi + 6], cl +mov cl, byte [ebx + 3] +mov bl, byte [ebp - 0x530] +mov byte [esi + 3], cl +mov dl, byte [edx + 3] +mov byte [esi + 8], bl +mov byte [esi + 7], dl +mov edx, eax +movzx eax, byte [ebp - 0x52c] +push ecx +push ecx +mov ecx, esi +push 1 +push eax +mov eax, dword [ebp - 0x51c] +call fcn_fffafe03 ; call 0xfffafe03 +add esp, 0x10 +cmp dword [ebp + 0x24], 0 +je short loc_fffc1d84 ; je 0xfffc1d84 +mov esi, dword [ebp - 0x51c] +push ecx +mov ecx, dword [ebp - 0x524] +push 0 +push 0 +lea ebx, [esi + 0x2491] +mov eax, esi +push 0 +mov edx, ebx +call fcn_fffbf98a ; call 0xfffbf98a +mov ecx, dword [ebp - 0x524] +pop eax +mov eax, esi +pop edx +mov edx, ebx +push 0 +push 0xf +push 0 +push 0 +push 0 +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 + +loc_fffc1d84: ; not directly referenced +cmp dword [ebp + 0x28], 0 +je short loc_fffc1dbd ; je 0xfffc1dbd +mov ebx, dword [ebp - 0x51c] +sub esp, 0xc +push ebx +call fcn_fffc054a ; call 0xfffc054a +mov ecx, dword [ebp - 0x524] +pop eax +mov eax, ebx +pop edx +lea edx, [ebx + 0x2491] +push 0 +push 0xf +push 0 +push 0 +push 0 +push 2 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 + +loc_fffc1dbd: ; not directly referenced +mov ebx, dword [ebp - 0x520] +mov edx, edi +xor ecx, ecx +mov al, byte [ebp - 0x534] +movzx edi, dl +mov dword [ebp - 0x52c], edi +mov byte [ebx + 0x539], al +lea eax, [ebx + 0x534] +mov dword [ebp - 0x538], eax +mov eax, dword [ebp + 0x1c] +lea ebx, [ebp - 0x507] +mov dword [ebp - 0x530], eax +xor eax, eax + +loc_fffc1df9: ; not directly referenced +mov dl, byte [ebp - 0x530] +sub edx, dword [ebp + 0x1c] +cmp dl, byte [ebp - 0x541] +jae loc_fffc226f ; jae 0xfffc226f +mov edi, dword [ebp - 0x530] +mov esi, dword [ebp - 0x538] +mov dl, byte [edi] +mov byte [esi], dl +cmp byte [edi], 6 +ja loc_fffc21a3 ; ja 0xfffc21a3 +movzx edx, byte [edi] +jmp dword [edx*4 + ref_fffd5428] ; ujmp: jmp dword [edx*4 - 0x2abd8] + +loc_fffc1e31: ; not directly referenced +push eax +mov ecx, dword [ebp - 0x524] +push 1 +push 0 +push 0xf +push 0xc +push 0xfffffffffffffff5 +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +mov eax, dword [ebp - 0x51c] +push 2 +lea ebx, [ebp - 0x509] +push ebx +push 0 +push dword [ebp - 0x52c] +lea esi, [ebp - 0x3f8] +mov edx, esi +call fcn_fffcb1dd ; call 0xfffcb1dd +mov eax, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edi, [eax + 0x14f] +mov eax, 1 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov cl, 2 +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 + +loc_fffc1e96: ; not directly referenced +push eax +mov ecx, dword [ebp - 0x524] +push 0 +push 9 +push 0xf +push 6 +push 0xfffffffffffffff6 +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +mov eax, dword [ebp - 0x51c] +push 2 +lea ebx, [ebp - 0x50b] +push ebx +push 1 +push dword [ebp - 0x52c] +lea esi, [ebp - 0x110] +mov edx, esi +call fcn_fffcb1dd ; call 0xfffcb1dd +mov eax, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edi, [eax + 0x437] +mov eax, 4 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov cl, 2 +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 + +loc_fffc1efb: ; not directly referenced +lea eax, [ebp - 0x208] +xor ebx, ebx +mov dword [ebp - 0x534], eax + +loc_fffc1f09: ; not directly referenced +mov eax, dword [ebp - 0x52c] +bt eax, ebx +jb short loc_fffc1f33 ; jb 0xfffc1f33 + +loc_fffc1f14: ; not directly referenced +inc ebx +add dword [ebp - 0x534], 0x3e +cmp ebx, 4 +jne short loc_fffc1f09 ; jne 0xfffc1f09 +mov cl, 2 +mov eax, 3 +lea ebx, [ebp - 0x509] +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 + +loc_fffc1f33: ; not directly referenced +push edi +mov esi, dword [ebp - 0x534] +mov cl, bl +push 2 +push 0 +push 0xf +push 0xb +mov edx, esi +push 0 +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +push 2 +lea eax, [ebp - 0x509] +push eax +mov eax, dword [ebp - 0x51c] +push 4 +mov dword [ebp - 0x528], 1 +shl dword [ebp - 0x528], cl +push dword [ebp - 0x528] +mov ecx, dword [ebp - 0x524] +call fcn_fffcb1dd ; call 0xfffcb1dd +imul eax, ebx, 0x3e +mov edi, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edx, [ebp - 0x4f0] +lea edi, [edi + eax + 0x33f] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +lea ecx, [ebp - 0x50d] +lea edi, [ebp - 0x50b] + +loc_fffc1fb4: ; not directly referenced +movzx esi, byte [ecx] +test dword [ebp - 0x528], esi +je short loc_fffc1fef ; je 0xfffc1fef +mov si, word [edx + eax + 0x30c] +cmp si, word [edx + 0x30c] +jae short loc_fffc1fd7 ; jae 0xfffc1fd7 +mov word [edx + 0x30c], si + +loc_fffc1fd7: ; not directly referenced +mov si, word [edx + eax + 0x310] +cmp si, word [edx + 0x310] +jae short loc_fffc1fef ; jae 0xfffc1fef +mov word [edx + 0x310], si + +loc_fffc1fef: ; not directly referenced +inc ecx +add edx, 2 +cmp ecx, edi +je loc_fffc1f14 ; je 0xfffc1f14 +jmp short loc_fffc1fb4 ; jmp 0xfffc1fb4 + +loc_fffc1ffd: ; not directly referenced +mov eax, dword [ebp - 0x51c] +lea ebx, [ebp - 0x300] +mov dword [ebp - 0x534], ebx +cmp dword [eax + 0x188b], 1 +setne al +xor ebx, ebx +lea eax, [eax + eax + 0xc] +movsx eax, al +mov dword [ebp - 0x53c], eax + +loc_fffc2028: ; not directly referenced +mov eax, dword [ebp - 0x52c] +bt eax, ebx +jb short loc_fffc2052 ; jb 0xfffc2052 + +loc_fffc2033: ; not directly referenced +inc ebx +add dword [ebp - 0x534], 0x3e +cmp ebx, 4 +jne short loc_fffc2028 ; jne 0xfffc2028 +mov cl, 2 +mov eax, 2 +lea ebx, [ebp - 0x50b] +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 + +loc_fffc2052: ; not directly referenced +push esi +mov cl, bl +mov esi, dword [ebp - 0x534] +push 0 +push 9 +push 0xf +push dword [ebp - 0x53c] +mov edx, esi +lea eax, [ebp - 0x4fa] +mov dword [ebp - 0x528], 1 +shl dword [ebp - 0x528], cl +push 0 +mov ecx, dword [ebp - 0x524] +push eax +lea eax, [ebp - 0x4ff] +push eax +push 2 +lea eax, [ebp - 0x50b] +push eax +mov eax, dword [ebp - 0x51c] +push 5 +push dword [ebp - 0x528] +call fcn_fffcb1dd ; call 0xfffcb1dd +imul eax, ebx, 0x3e +mov edi, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edx, [ebp - 0x4f0] +lea edi, [edi + eax + 0x247] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +lea ecx, [ebp - 0x50d] + +loc_fffc20d1: ; not directly referenced +movzx esi, byte [ecx] +test dword [ebp - 0x528], esi +je short loc_fffc210c ; je 0xfffc210c +mov si, word [edx + eax + 0x214] +cmp si, word [edx + 0x214] +jae short loc_fffc20f4 ; jae 0xfffc20f4 +mov word [edx + 0x214], si + +loc_fffc20f4: ; not directly referenced +mov si, word [edx + eax + 0x218] +cmp si, word [edx + 0x218] +jae short loc_fffc210c ; jae 0xfffc210c +mov word [edx + 0x218], si + +loc_fffc210c: ; not directly referenced +inc ecx +add edx, 2 +lea edi, [ebp - 0x50b] +cmp ecx, edi +je loc_fffc2033 ; je 0xfffc2033 +jmp short loc_fffc20d1 ; jmp 0xfffc20d1 + +loc_fffc2120: ; not directly referenced +mov eax, dword [ebp - 0x51c] +cmp dword [eax + 0x188b], 1 +jne short loc_fffc2140 ; jne 0xfffc2140 +call fcn_fffaac56 ; call 0xfffaac56 +mov edx, 0x2f +mov eax, 8 +jmp short loc_fffc2147 ; jmp 0xfffc2147 + +loc_fffc2140: ; not directly referenced +mov edx, 7 +xor eax, eax + +loc_fffc2147: ; not directly referenced +push ecx +mov ecx, dword [ebp - 0x524] +push 0 +push 9 +push 0xf +push edx +push eax +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +mov eax, dword [ebp - 0x51c] +push 2 +lea ebx, [ebp - 0x50b] +push ebx +push 6 +push dword [ebp - 0x52c] +lea edx, [ebp - 0x4f0] +lea esi, [ebp - 0x4f0] +call fcn_fffcb1dd ; call 0xfffcb1dd +mov eax, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edi, [eax + 0x57] +xor eax, eax +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov cl, 2 + +loc_fffc21a3: ; not directly referenced +imul edi, eax, 0x7c +mov dword [ebp - 0x528], 0 +mov dword [ebp - 0x53c], edi + +loc_fffc21b6: ; not directly referenced +mov edi, dword [ebp - 0x528] +cmp byte [ebp + edi - 0x50d], 0 +je loc_fffc224b ; je 0xfffc224b +mov edi, dword [ebp - 0x53c] +lea edx, [ebp - 0x4f0] +add edi, dword [ebp - 0x528] +add edi, edi +add edi, edx +mov dword [ebp - 0x540], edi +xor edi, edi +jmp short loc_fffc2245 ; jmp 0xfffc2245 + +loc_fffc21ea: ; not directly referenced +mov dl, byte [ebx + edi] +xor esi, esi +mov byte [ebp - 0x534], dl +cmp dl, 0x21 +ja short loc_fffc2204 ; ja 0xfffc2204 +movzx esi, dl +movzx esi, byte [esi + ref_fffd58e0] ; movzx esi, byte [esi - 0x2a720] + +loc_fffc2204: ; not directly referenced +mov edx, esi +movzx esi, dl +mov dl, byte [ebp - 0x534] +mov dword [ebp - 0x548], eax +mov eax, dword [ebp - 0x520] +mov byte [ebp + esi - 0x503], dl +mov edx, dword [ebp - 0x528] +add esi, esi +lea edx, [edx + esi + 0x20] +mov esi, dword [ebp - 0x540] +mov si, word [esi + edi*4 + 0x24] +inc edi +mov word [eax + edx*2 + 3], si +mov eax, dword [ebp - 0x548] + +loc_fffc2245: ; not directly referenced +mov edx, edi +cmp cl, dl +ja short loc_fffc21ea ; ja 0xfffc21ea + +loc_fffc224b: ; not directly referenced +inc dword [ebp - 0x528] +cmp dword [ebp - 0x528], 2 +jne loc_fffc21b6 ; jne 0xfffc21b6 +inc dword [ebp - 0x530] +inc dword [ebp - 0x538] +jmp near loc_fffc1df9 ; jmp 0xfffc1df9 + +loc_fffc226f: ; not directly referenced +mov eax, dword [ebp - 0x520] +lea ebx, [ebp - 0x503] +mov dword [ebp - 0x524], ebx +mov byte [ebp - 0x52c], 0 +mov byte [eax + 0x52f], 0 +mov dword [ebp - 0x528], eax + +loc_fffc2295: ; not directly referenced +mov eax, dword [ebp - 0x524] +mov bl, byte [eax] +test bl, bl +je loc_fffc2348 ; je 0xfffc2348 +mov ecx, dword [ebp - 0x520] +xor esi, esi +movzx eax, byte [ebp - 0x52c] +mov edi, dword [ebp - 0x51c] +mov byte [ecx + eax + 0x530], bl +lea eax, [ecx + eax*4] +inc byte [ecx + 0x52f] +add edi, 0x49bf +mov dword [ebp - 0x530], eax +movzx eax, bl +mov dword [ebp - 0x534], eax + +loc_fffc22df: ; not directly referenced +cmp byte [ebp + esi - 0x50d], 0 +je short loc_fffc2336 ; je 0xfffc2336 +mov edx, dword [ebp - 0x534] +mov ecx, 1 +mov eax, dword [ebp - 0x51c] +call fcn_fffaab72 ; call 0xfffaab72 +cmp bl, 2 +jne short loc_fffc2317 ; jne 0xfffc2317 +cmp byte [edi + 0x128], 5 +mov dl, byte [edi] +je short loc_fffc2314 ; je 0xfffc2314 +cmp dl, 5 +jne short loc_fffc2317 ; jne 0xfffc2317 + +loc_fffc2314: ; not directly referenced +add eax, 0x50 + +loc_fffc2317: ; not directly referenced +mov ecx, dword [ebp - 0x528] +mov dx, word [ecx + esi*2 + 0x43] +mov ecx, dword [ebp - 0x530] +cmp dx, ax +cmovbe eax, edx +mov word [ecx + esi*2 + 0x53a], ax + +loc_fffc2336: ; not directly referenced +inc esi +add edi, 0x13c3 +cmp esi, 2 +jne short loc_fffc22df ; jne 0xfffc22df +inc byte [ebp - 0x52c] + +loc_fffc2348: ; not directly referenced +inc dword [ebp - 0x524] +add dword [ebp - 0x528], 4 +lea eax, [ebp - 0x4ff] +cmp dword [ebp - 0x524], eax +jne loc_fffc2295 ; jne 0xfffc2295 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc236f: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -45988,33 +45869,33 @@ push ebx sub esp, 0x40 mov eax, dword [ebp + 8] mov dword [ebp - 0x3c], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x2c], eax -loc_fffc2497: ; not directly referenced +loc_fffc238c: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffc24cb ; ja 0xfffc24cb +ja short loc_fffc23c0 ; ja 0xfffc23c0 mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc24cb ; jne 0xfffc24cb +cmp byte [eax + 0x374a], 0 +jne short loc_fffc23c0 ; jne 0xfffc23c0 -loc_fffc24ab: ; not directly referenced +loc_fffc23a0: ; not directly referenced inc ecx add dword [ebp - 0x3c], 0x23 add dword [ebp - 0x2c], 8 cmp ecx, 4 -jne short loc_fffc2497 ; jne 0xfffc2497 +jne short loc_fffc238c ; jne 0xfffc238c mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48dd -jmp near loc_fffc2642 ; jmp 0xfffc2642 +add eax, 0x48de +jmp near loc_fffc2537 ; jmp 0xfffc2537 -loc_fffc24cb: ; not directly referenced +loc_fffc23c0: ; not directly referenced mov eax, dword [ebp + 8] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x28], 0 -add eax, 0x49bf +add eax, 0x49c0 mov dword [ebp - 0x40], eax imul eax, ecx, 0x2e mov dword [ebp - 0x44], eax @@ -46026,16 +45907,16 @@ add eax, 0xbb mov dword [ebp - 0x48], esi mov dword [ebp - 0x4c], eax -loc_fffc2505: ; not directly referenced +loc_fffc23fa: ; not directly referenced mov eax, dword [ebp + 8] mov ebx, dword [ebp - 0x28] mov esi, dword [ebp - 0x40] mov dword [ebp - 0x24], 0 lea ebx, [eax + ebx + 0x1973] -loc_fffc251c: ; not directly referenced +loc_fffc2411: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffc2601 ; jne 0xfffc2601 +jne loc_fffc24f6 ; jne 0xfffc24f6 mov eax, dword [ebp - 0x44] mov edi, dword [ebp - 0x24] mov eax, dword [esi + eax - 0xf2] @@ -46046,24 +45927,24 @@ mov eax, dword [eax + edi + 0xcd] mov dword [ebp - 0x34], edx mov dword [ebp - 0x38], eax cmp ecx, 1 -je short loc_fffc25a1 ; je 0xfffc25a1 -jb short loc_fffc25ad ; jb 0xfffc25ad +je short loc_fffc2496 ; je 0xfffc2496 +jb short loc_fffc24a2 ; jb 0xfffc24a2 cmp ecx, 3 -ja short loc_fffc25ad ; ja 0xfffc25ad +ja short loc_fffc24a2 ; ja 0xfffc24a2 cmp ecx, 2 mov dl, byte [esi] -jne short loc_fffc256c ; jne 0xfffc256c +jne short loc_fffc2461 ; jne 0xfffc2461 and dl, 1 -jne short loc_fffc2573 ; jne 0xfffc2573 +jne short loc_fffc2468 ; jne 0xfffc2468 xor eax, eax -jmp short loc_fffc25e9 ; jmp 0xfffc25e9 +jmp short loc_fffc24de ; jmp 0xfffc24de -loc_fffc256c: ; not directly referenced +loc_fffc2461: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffc25e9 ; je 0xfffc25e9 +je short loc_fffc24de ; je 0xfffc24de -loc_fffc2573: ; not directly referenced +loc_fffc2468: ; not directly referenced mov edx, dword [esi - 0x21] mov eax, dword [ebp - 0x4c] mov edi, dword [ebp - 0x48] @@ -46075,37 +45956,37 @@ cmovne eax, edi xor edi, edi cmp byte [esi + 1], 0x13 movzx edx, byte [eax + 7] -jne short loc_fffc2597 ; jne 0xfffc2597 +jne short loc_fffc248c ; jne 0xfffc248c movsx edi, byte [eax + 0x1d] -loc_fffc2597: ; not directly referenced +loc_fffc248c: ; not directly referenced xor eax, eax cmp dword [ebp - 0x20], 0 -je short loc_fffc25e9 ; je 0xfffc25e9 -jmp short loc_fffc25d3 ; jmp 0xfffc25d3 +je short loc_fffc24de ; je 0xfffc24de +jmp short loc_fffc24c8 ; jmp 0xfffc24c8 -loc_fffc25a1: ; not directly referenced +loc_fffc2496: ; not directly referenced movzx eax, word [ebx + 0x258] test ax, ax -jne short loc_fffc25e9 ; jne 0xfffc25e9 +jne short loc_fffc24de ; jne 0xfffc24de -loc_fffc25ad: ; not directly referenced +loc_fffc24a2: ; not directly referenced xor eax, eax cmp dword [ebp - 0x20], 0 -je short loc_fffc25e9 ; je 0xfffc25e9 +je short loc_fffc24de ; je 0xfffc24de mov eax, dword [esi - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffc25c8 ; jne 0xfffc25c8 +jne short loc_fffc24bd ; jne 0xfffc24bd movzx edx, byte [ebx + 0x5a] movsx edi, byte [ebx + 0x6c] -jmp short loc_fffc25d3 ; jmp 0xfffc25d3 +jmp short loc_fffc24c8 ; jmp 0xfffc24c8 -loc_fffc25c8: ; not directly referenced +loc_fffc24bd: ; not directly referenced movzx edx, byte [ebx + 0x61] movsx edi, byte [ebx + 0xc2] -loc_fffc25d3: ; not directly referenced +loc_fffc24c8: ; not directly referenced imul edx, dword [ebp - 0x34] mov eax, dword [ebp - 0x20] imul edi, dword [ebp - 0x38] @@ -46114,7 +45995,7 @@ xor edx, edx add eax, edi div dword [ebp - 0x20] -loc_fffc25e9: ; not directly referenced +loc_fffc24de: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 0x14 mov edi, 0x14 @@ -46123,27 +46004,27 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffc2601: ; not directly referenced +loc_fffc24f6: ; not directly referenced add dword [ebp - 0x24], 0x20 add esi, 0x128 add ebx, 0x277 cmp dword [ebp - 0x24], 0x40 -jne loc_fffc251c ; jne 0xfffc251c +jne loc_fffc2411 ; jne 0xfffc2411 add dword [ebp - 0x28], 0x54a add dword [ebp - 0x40], 0x13c3 add dword [ebp - 0x30], 0x13c3 cmp dword [ebp - 0x28], 0xa94 -jne loc_fffc2505 ; jne 0xfffc2505 -jmp near loc_fffc24ab ; jmp 0xfffc24ab +jne loc_fffc23fa ; jne 0xfffc23fa +jmp near loc_fffc23a0 ; jmp 0xfffc23a0 -loc_fffc2642: ; not directly referenced +loc_fffc2537: ; not directly referenced cmp ecx, 1 -ja short loc_fffc2653 ; ja 0xfffc2653 +ja short loc_fffc2548 ; ja 0xfffc2548 mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffc267d ; je 0xfffc267d +cmp byte [esi + 0x374a], 0 +je short loc_fffc2572 ; je 0xfffc2572 -loc_fffc2653: ; not directly referenced +loc_fffc2548: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -46152,11 +46033,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffc267d: ; not directly referenced +loc_fffc2572: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffc2642 ; jne 0xfffc2642 +jne short loc_fffc2537 ; jne 0xfffc2537 add esp, 0x40 mov eax, 1 pop ebx @@ -46165,7 +46046,7 @@ pop edi pop ebp ret -fcn_fffc2693: ; not directly referenced +fcn_fffc2588: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -46175,33 +46056,33 @@ push ebx sub esp, 0x44 mov eax, dword [ebp + 8] mov dword [ebp - 0x40], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x30], eax -loc_fffc26b0: ; not directly referenced +loc_fffc25a5: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffc26e4 ; ja 0xfffc26e4 +ja short loc_fffc25d9 ; ja 0xfffc25d9 mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc26e4 ; jne 0xfffc26e4 +cmp byte [eax + 0x374a], 0 +jne short loc_fffc25d9 ; jne 0xfffc25d9 -loc_fffc26c4: ; not directly referenced +loc_fffc25b9: ; not directly referenced inc ecx add dword [ebp - 0x40], 0x23 add dword [ebp - 0x30], 8 cmp ecx, 4 -jne short loc_fffc26b0 ; jne 0xfffc26b0 +jne short loc_fffc25a5 ; jne 0xfffc25a5 mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48db -jmp near loc_fffc28c1 ; jmp 0xfffc28c1 +add eax, 0x48dc +jmp near loc_fffc27b6 ; jmp 0xfffc27b6 -loc_fffc26e4: ; not directly referenced +loc_fffc25d9: ; not directly referenced mov eax, dword [ebp + 8] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x28], 0 -add eax, 0x49bf +add eax, 0x49c0 mov dword [ebp - 0x44], eax imul eax, ecx, 0x2e mov dword [ebp - 0x48], eax @@ -46213,7 +46094,7 @@ add eax, 0xbb mov dword [ebp - 0x4c], ebx mov dword [ebp - 0x50], eax -loc_fffc271e: ; not directly referenced +loc_fffc2613: ; not directly referenced mov eax, dword [ebp + 8] mov ebx, dword [ebp - 0x28] mov dword [ebp - 0x2c], 0 @@ -46221,10 +46102,10 @@ lea ebx, [eax + ebx + 0x1973] mov eax, dword [ebp - 0x44] mov dword [ebp - 0x20], eax -loc_fffc2738: ; not directly referenced +loc_fffc262d: ; not directly referenced mov eax, dword [ebp - 0x20] cmp dword [eax - 0xf6], 2 -jne loc_fffc287f ; jne 0xfffc287f +jne loc_fffc2774 ; jne 0xfffc2774 mov edi, dword [ebp - 0x48] mov esi, dword [ebp - 0x2c] mov edx, dword [eax + edi - 0xf2] @@ -46235,24 +46116,24 @@ mov edi, dword [edi + esi + 0xcd] mov dword [ebp - 0x38], edx mov dword [ebp - 0x3c], edi cmp ecx, 1 -je loc_fffc27fd ; je 0xfffc27fd -jb loc_fffc2809 ; jb 0xfffc2809 +je loc_fffc26f2 ; je 0xfffc26f2 +jb loc_fffc26fe ; jb 0xfffc26fe cmp ecx, 3 -ja loc_fffc2809 ; ja 0xfffc2809 +ja loc_fffc26fe ; ja 0xfffc26fe cmp ecx, 2 mov dl, byte [eax] -jne short loc_fffc279a ; jne 0xfffc279a +jne short loc_fffc268f ; jne 0xfffc268f and dl, 1 -jne short loc_fffc27a5 ; jne 0xfffc27a5 +jne short loc_fffc269a ; jne 0xfffc269a xor eax, eax -jmp near loc_fffc2865 ; jmp 0xfffc2865 +jmp near loc_fffc275a ; jmp 0xfffc275a -loc_fffc279a: ; not directly referenced +loc_fffc268f: ; not directly referenced xor eax, eax and dl, 2 -je loc_fffc2865 ; je 0xfffc2865 +je loc_fffc275a ; je 0xfffc275a -loc_fffc27a5: ; not directly referenced +loc_fffc269a: ; not directly referenced mov eax, dword [ebp - 0x20] mov esi, dword [ebp - 0x50] mov edx, dword [ebp - 0x4c] @@ -46271,13 +46152,13 @@ shl esi, 8 or esi, eax mov eax, dword [ebp - 0x20] cmp byte [eax + 1], 0x13 -jne short loc_fffc27de ; jne 0xfffc27de +jne short loc_fffc26d3 ; jne 0xfffc26d3 movsx edx, byte [edi + 0x1e] -loc_fffc27de: ; not directly referenced +loc_fffc26d3: ; not directly referenced xor eax, eax cmp dword [ebp - 0x24], 0 -je short loc_fffc2865 ; je 0xfffc2865 +je short loc_fffc275a ; je 0xfffc275a mov edi, dword [ebp - 0x24] imul esi, dword [ebp - 0x38] imul edx, dword [ebp - 0x3c] @@ -46285,22 +46166,22 @@ lea eax, [edi + esi - 1] add eax, edx xor edx, edx div edi -jmp short loc_fffc2865 ; jmp 0xfffc2865 +jmp short loc_fffc275a ; jmp 0xfffc275a -loc_fffc27fd: ; not directly referenced +loc_fffc26f2: ; not directly referenced movzx eax, word [ebx + 0x256] test ax, ax -jne short loc_fffc2865 ; jne 0xfffc2865 +jne short loc_fffc275a ; jne 0xfffc275a -loc_fffc2809: ; not directly referenced +loc_fffc26fe: ; not directly referenced xor eax, eax cmp dword [ebp - 0x24], 0 -je short loc_fffc2865 ; je 0xfffc2865 +je short loc_fffc275a ; je 0xfffc275a mov eax, dword [ebp - 0x20] mov eax, dword [eax - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffc2835 ; jne 0xfffc2835 +jne short loc_fffc272a ; jne 0xfffc272a mov al, byte [ebx + 0x5d] movsx edi, byte [ebx + 0x6e] shr al, 4 @@ -46308,9 +46189,9 @@ movzx esi, al movzx eax, byte [ebx + 0x5f] shl esi, 8 or esi, eax -jmp short loc_fffc284e ; jmp 0xfffc284e +jmp short loc_fffc2743 ; jmp 0xfffc2743 -loc_fffc2835: ; not directly referenced +loc_fffc272a: ; not directly referenced mov al, byte [ebx + 0x63] movsx edi, byte [ebx + 0xc0] shr al, 4 @@ -46319,7 +46200,7 @@ movzx eax, byte [ebx + 0x65] shl esi, 8 or esi, eax -loc_fffc284e: ; not directly referenced +loc_fffc2743: ; not directly referenced mov eax, dword [ebp - 0x24] xor edx, edx imul esi, dword [ebp - 0x38] @@ -46328,7 +46209,7 @@ lea esi, [eax + esi - 1] lea eax, [esi + edi] div dword [ebp - 0x24] -loc_fffc2865: ; not directly referenced +loc_fffc275a: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 0xfff mov edi, 0xfff @@ -46337,27 +46218,27 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffc287f: ; not directly referenced +loc_fffc2774: ; not directly referenced add dword [ebp - 0x2c], 0x20 add ebx, 0x277 add dword [ebp - 0x20], 0x128 cmp dword [ebp - 0x2c], 0x40 -jne loc_fffc2738 ; jne 0xfffc2738 +jne loc_fffc262d ; jne 0xfffc262d add dword [ebp - 0x28], 0x54a add dword [ebp - 0x44], 0x13c3 add dword [ebp - 0x34], 0x13c3 cmp dword [ebp - 0x28], 0xa94 -jne loc_fffc271e ; jne 0xfffc271e -jmp near loc_fffc26c4 ; jmp 0xfffc26c4 +jne loc_fffc2613 ; jne 0xfffc2613 +jmp near loc_fffc25b9 ; jmp 0xfffc25b9 -loc_fffc28c1: ; not directly referenced +loc_fffc27b6: ; not directly referenced cmp ecx, 1 -ja short loc_fffc28d2 ; ja 0xfffc28d2 +ja short loc_fffc27c7 ; ja 0xfffc27c7 mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -je short loc_fffc28fc ; je 0xfffc28fc +cmp byte [ebx + 0x374a], 0 +je short loc_fffc27f1 ; je 0xfffc27f1 -loc_fffc28d2: ; not directly referenced +loc_fffc27c7: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -46366,11 +46247,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffc28fc: ; not directly referenced +loc_fffc27f1: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffc28c1 ; jne 0xfffc28c1 +jne short loc_fffc27b6 ; jne 0xfffc27b6 add esp, 0x44 mov eax, 1 pop ebx @@ -46379,7 +46260,7 @@ pop edi pop ebp ret -fcn_fffc2912: ; not directly referenced +fcn_fffc2807: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -46389,29 +46270,29 @@ push ebx sub esp, 0x3c mov dword [ebp - 0x28], 0 -loc_fffc2924: ; not directly referenced +loc_fffc2819: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffc2954 ; ja 0xfffc2954 +ja short loc_fffc2849 ; ja 0xfffc2849 mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc2954 ; jne 0xfffc2954 +cmp byte [eax + 0x374a], 0 +jne short loc_fffc2849 ; jne 0xfffc2849 -loc_fffc2938: ; not directly referenced +loc_fffc282d: ; not directly referenced inc ecx add dword [ebp - 0x28], 0x23 cmp ecx, 4 -jne short loc_fffc2924 ; jne 0xfffc2924 +jne short loc_fffc2819 ; jne 0xfffc2819 mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48d9 -jmp near loc_fffc2ac3 ; jmp 0xfffc2ac3 +add eax, 0x48da +jmp near loc_fffc29b8 ; jmp 0xfffc29b8 -loc_fffc2954: ; not directly referenced +loc_fffc2849: ; not directly referenced mov eax, dword [ebp + 8] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 -add eax, 0x49bf +add eax, 0x49c0 mov dword [ebp - 0x30], eax imul eax, ecx, 0x2e mov dword [ebp - 0x3c], eax @@ -46421,7 +46302,7 @@ mov eax, dword [ebp - 0x28] add eax, 0x18b mov dword [ebp - 0x48], eax -loc_fffc2989: ; not directly referenced +loc_fffc287e: ; not directly referenced mov eax, dword [ebp - 0x44] mov edi, dword [ebp - 0x30] mov ebx, dword [ebp - 0x20] @@ -46434,9 +46315,9 @@ mov eax, dword [ebp - 0x28] add eax, 0xbb mov dword [ebp - 0x40], eax -loc_fffc29b3: ; not directly referenced +loc_fffc28a8: ; not directly referenced cmp dword [edi - 0xf6], 2 -jne loc_fffc2a89 ; jne 0xfffc2a89 +jne loc_fffc297e ; jne 0xfffc297e mov eax, dword [ebp - 0x3c] mov edx, dword [ebp - 0x24] mov esi, dword [edi + eax - 0xf2] @@ -46444,24 +46325,24 @@ mov eax, dword [ebp - 0x34] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x2c], eax cmp ecx, 1 -je short loc_fffc2a2c ; je 0xfffc2a2c -jb short loc_fffc2a38 ; jb 0xfffc2a38 +je short loc_fffc2921 ; je 0xfffc2921 +jb short loc_fffc292d ; jb 0xfffc292d cmp ecx, 3 -ja short loc_fffc2a38 ; ja 0xfffc2a38 +ja short loc_fffc292d ; ja 0xfffc292d cmp ecx, 2 mov dl, byte [edi] -jne short loc_fffc29f6 ; jne 0xfffc29f6 +jne short loc_fffc28eb ; jne 0xfffc28eb and dl, 1 -jne short loc_fffc29fd ; jne 0xfffc29fd +jne short loc_fffc28f2 ; jne 0xfffc28f2 xor eax, eax -jmp short loc_fffc2a71 ; jmp 0xfffc2a71 +jmp short loc_fffc2966 ; jmp 0xfffc2966 -loc_fffc29f6: ; not directly referenced +loc_fffc28eb: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffc2a71 ; je 0xfffc2a71 +je short loc_fffc2966 ; je 0xfffc2966 -loc_fffc29fd: ; not directly referenced +loc_fffc28f2: ; not directly referenced mov eax, dword [ebp - 0x40] mov edx, dword [edi - 0x21] add eax, ebx @@ -46478,44 +46359,44 @@ shl edx, 8 or edx, eax xor eax, eax test esi, esi -je short loc_fffc2a71 ; je 0xfffc2a71 -jmp short loc_fffc2a65 ; jmp 0xfffc2a65 +je short loc_fffc2966 ; je 0xfffc2966 +jmp short loc_fffc295a ; jmp 0xfffc295a -loc_fffc2a2c: ; not directly referenced +loc_fffc2921: ; not directly referenced movzx eax, word [ebx + 0x254] test ax, ax -jne short loc_fffc2a71 ; jne 0xfffc2a71 +jne short loc_fffc2966 ; jne 0xfffc2966 -loc_fffc2a38: ; not directly referenced +loc_fffc292d: ; not directly referenced xor eax, eax test esi, esi -je short loc_fffc2a71 ; je 0xfffc2a71 +je short loc_fffc2966 ; je 0xfffc2966 mov eax, dword [edi - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffc2a56 ; jne 0xfffc2a56 +jne short loc_fffc294b ; jne 0xfffc294b mov dl, byte [ebx + 0x5d] movzx eax, byte [ebx + 0x5e] and edx, 0xf shl edx, 8 -jmp short loc_fffc2a63 ; jmp 0xfffc2a63 +jmp short loc_fffc2958 ; jmp 0xfffc2958 -loc_fffc2a56: ; not directly referenced +loc_fffc294b: ; not directly referenced mov dl, byte [ebx + 0x63] movzx eax, byte [ebx + 0x64] and edx, 0xf shl edx, 8 -loc_fffc2a63: ; not directly referenced +loc_fffc2958: ; not directly referenced or edx, eax -loc_fffc2a65: ; not directly referenced +loc_fffc295a: ; not directly referenced imul edx, dword [ebp - 0x2c] lea eax, [esi + edx - 1] xor edx, edx div esi -loc_fffc2a71: ; not directly referenced +loc_fffc2966: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 0x28 mov esi, 0x28 @@ -46524,26 +46405,26 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffc2a89: ; not directly referenced +loc_fffc297e: ; not directly referenced add dword [ebp - 0x24], 0x20 add edi, 0x128 add ebx, 0x277 cmp dword [ebp - 0x24], 0x40 -jne loc_fffc29b3 ; jne 0xfffc29b3 +jne loc_fffc28a8 ; jne 0xfffc28a8 add dword [ebp - 0x20], 0x54a add dword [ebp - 0x30], 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffc2989 ; jne 0xfffc2989 -jmp near loc_fffc2938 ; jmp 0xfffc2938 +jne loc_fffc287e ; jne 0xfffc287e +jmp near loc_fffc282d ; jmp 0xfffc282d -loc_fffc2ac3: ; not directly referenced +loc_fffc29b8: ; not directly referenced cmp ecx, 1 -ja short loc_fffc2ad4 ; ja 0xfffc2ad4 +ja short loc_fffc29c9 ; ja 0xfffc29c9 mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -je short loc_fffc2afe ; je 0xfffc2afe +cmp byte [ebx + 0x374a], 0 +je short loc_fffc29f3 ; je 0xfffc29f3 -loc_fffc2ad4: ; not directly referenced +loc_fffc29c9: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -46552,11 +46433,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffc2afe: ; not directly referenced +loc_fffc29f3: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffc2ac3 ; jne 0xfffc2ac3 +jne short loc_fffc29b8 ; jne 0xfffc29b8 add esp, 0x3c mov eax, 1 pop ebx @@ -46565,7 +46446,7 @@ pop edi pop ebp ret -fcn_fffc2b14: ; not directly referenced +fcn_fffc2a09: ; not directly referenced push ebp xor ecx, ecx mov ebp, esp @@ -46574,30 +46455,30 @@ push esi push ebx sub esp, 0x30 -loc_fffc2b1f: ; not directly referenced +loc_fffc2a14: ; not directly referenced lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffc2b4b ; ja 0xfffc2b4b +ja short loc_fffc2a40 ; ja 0xfffc2a40 mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc2b4b ; jne 0xfffc2b4b +cmp byte [eax + 0x374a], 0 +jne short loc_fffc2a40 ; jne 0xfffc2a40 -loc_fffc2b33: ; not directly referenced +loc_fffc2a28: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffc2b1f ; jne 0xfffc2b1f +jne short loc_fffc2a14 ; jne 0xfffc2a14 mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48d7 -jmp near loc_fffc2ca4 ; jmp 0xfffc2ca4 +add eax, 0x48d8 +jmp near loc_fffc2b99 ; jmp 0xfffc2b99 -loc_fffc2b4b: ; not directly referenced +loc_fffc2a40: ; not directly referenced mov eax, dword [ebp + 8] lea esi, [ecx*8 - 0x1269] mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 mov dword [ebp - 0x38], esi -add eax, 0x49bf +add eax, 0x49c0 mov dword [ebp - 0x2c], eax imul eax, ecx, 0x2e mov dword [ebp - 0x30], eax @@ -46605,7 +46486,7 @@ imul eax, ecx, 0x23 add eax, 0xbb mov dword [ebp - 0x3c], eax -loc_fffc2b80: ; not directly referenced +loc_fffc2a75: ; not directly referenced mov eax, dword [ebp - 0x38] mov edi, dword [ebp - 0x2c] mov ebx, dword [ebp - 0x20] @@ -46615,9 +46496,9 @@ mov dword [ebp - 0x34], eax mov eax, dword [ebp + 8] lea ebx, [eax + ebx + 0x1973] -loc_fffc2b9f: ; not directly referenced +loc_fffc2a94: ; not directly referenced cmp dword [edi - 0xf6], 2 -jne loc_fffc2c6a ; jne 0xfffc2c6a +jne loc_fffc2b5f ; jne 0xfffc2b5f mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x24] mov esi, dword [edi + eax - 0xf2] @@ -46625,24 +46506,24 @@ mov eax, dword [ebp - 0x34] mov eax, dword [eax + edx + 0xc9] mov dword [ebp - 0x28], eax cmp ecx, 1 -je short loc_fffc2c0d ; je 0xfffc2c0d -jb short loc_fffc2c19 ; jb 0xfffc2c19 +je short loc_fffc2b02 ; je 0xfffc2b02 +jb short loc_fffc2b0e ; jb 0xfffc2b0e cmp ecx, 3 -ja short loc_fffc2c19 ; ja 0xfffc2c19 +ja short loc_fffc2b0e ; ja 0xfffc2b0e cmp ecx, 2 mov dl, byte [edi] -jne short loc_fffc2be2 ; jne 0xfffc2be2 +jne short loc_fffc2ad7 ; jne 0xfffc2ad7 and dl, 1 -jne short loc_fffc2be9 ; jne 0xfffc2be9 +jne short loc_fffc2ade ; jne 0xfffc2ade xor eax, eax -jmp short loc_fffc2c52 ; jmp 0xfffc2c52 +jmp short loc_fffc2b47 ; jmp 0xfffc2b47 -loc_fffc2be2: ; not directly referenced +loc_fffc2ad7: ; not directly referenced xor eax, eax and dl, 2 -je short loc_fffc2c52 ; je 0xfffc2c52 +je short loc_fffc2b47 ; je 0xfffc2b47 -loc_fffc2be9: ; not directly referenced +loc_fffc2ade: ; not directly referenced mov eax, dword [ebp - 0x3c] add eax, ebx mov dl, byte [eax + 0x12] @@ -46652,46 +46533,46 @@ shl edx, 8 or edx, eax xor eax, eax test esi, esi -je short loc_fffc2c52 ; je 0xfffc2c52 +je short loc_fffc2b47 ; je 0xfffc2b47 imul edx, dword [ebp - 0x28] lea eax, [esi + edx - 1] -jmp short loc_fffc2c4e ; jmp 0xfffc2c4e +jmp short loc_fffc2b43 ; jmp 0xfffc2b43 -loc_fffc2c0d: ; not directly referenced +loc_fffc2b02: ; not directly referenced movzx eax, word [ebx + 0x252] test ax, ax -jne short loc_fffc2c52 ; jne 0xfffc2c52 +jne short loc_fffc2b47 ; jne 0xfffc2b47 -loc_fffc2c19: ; not directly referenced +loc_fffc2b0e: ; not directly referenced xor eax, eax test esi, esi -je short loc_fffc2c52 ; je 0xfffc2c52 +je short loc_fffc2b47 ; je 0xfffc2b47 mov eax, dword [edi - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffc2c37 ; jne 0xfffc2c37 +jne short loc_fffc2b2c ; jne 0xfffc2b2c mov al, byte [ebx + 0x64] movzx edx, byte [ebx + 0x65] and eax, 0xf shl eax, 8 -jmp short loc_fffc2c44 ; jmp 0xfffc2c44 +jmp short loc_fffc2b39 ; jmp 0xfffc2b39 -loc_fffc2c37: ; not directly referenced +loc_fffc2b2c: ; not directly referenced mov al, byte [ebx + 0x6c] movzx edx, byte [ebx + 0x6d] and eax, 0xf shl eax, 8 -loc_fffc2c44: ; not directly referenced +loc_fffc2b39: ; not directly referenced or eax, edx imul eax, dword [ebp - 0x28] lea eax, [esi + eax - 1] -loc_fffc2c4e: ; not directly referenced +loc_fffc2b43: ; not directly referenced xor edx, edx div esi -loc_fffc2c52: ; not directly referenced +loc_fffc2b47: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] cmp eax, 0x36 mov esi, 0x36 @@ -46700,26 +46581,26 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffc2c6a: ; not directly referenced +loc_fffc2b5f: ; not directly referenced add dword [ebp - 0x24], 0x20 add edi, 0x128 add ebx, 0x277 cmp dword [ebp - 0x24], 0x40 -jne loc_fffc2b9f ; jne 0xfffc2b9f +jne loc_fffc2a94 ; jne 0xfffc2a94 add dword [ebp - 0x20], 0x54a add dword [ebp - 0x2c], 0x13c3 cmp dword [ebp - 0x20], 0xa94 -jne loc_fffc2b80 ; jne 0xfffc2b80 -jmp near loc_fffc2b33 ; jmp 0xfffc2b33 +jne loc_fffc2a75 ; jne 0xfffc2a75 +jmp near loc_fffc2a28 ; jmp 0xfffc2a28 -loc_fffc2ca4: ; not directly referenced +loc_fffc2b99: ; not directly referenced cmp ecx, 1 -ja short loc_fffc2cb5 ; ja 0xfffc2cb5 +ja short loc_fffc2baa ; ja 0xfffc2baa mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffc2cdf ; je 0xfffc2cdf +cmp byte [edi + 0x374a], 0 +je short loc_fffc2bd4 ; je 0xfffc2bd4 -loc_fffc2cb5: ; not directly referenced +loc_fffc2baa: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -46728,11 +46609,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffc2cdf: ; not directly referenced +loc_fffc2bd4: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffc2ca4 ; jne 0xfffc2ca4 +jne short loc_fffc2b99 ; jne 0xfffc2b99 add esp, 0x30 mov eax, 1 pop ebx @@ -46741,7 +46622,7 @@ pop edi pop ebp ret -fcn_fffc2cf5: ; not directly referenced +fcn_fffc2bea: ; not directly referenced push ebp mov ebp, esp push edi @@ -46751,25 +46632,25 @@ xor ebx, ebx sub esp, 0x34 mov dword [ebp - 0x20], 0xc -loc_fffc2d07: ; not directly referenced +loc_fffc2bfc: ; not directly referenced lea eax, [ebx - 2] cmp eax, 1 -ja short loc_fffc2d1f ; ja 0xfffc2d1f +ja short loc_fffc2c14 ; ja 0xfffc2c14 mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je loc_fffc2f1e ; je 0xfffc2f1e +cmp byte [esi + 0x374a], 0 +je loc_fffc2e13 ; je 0xfffc2e13 -loc_fffc2d1f: ; not directly referenced +loc_fffc2c14: ; not directly referenced imul esi, ebx, 0x2e imul eax, eax, 0x23 -lea edi, [ebx*8 + 0x3756] +lea edi, [ebx*8 + 0x3757] mov dword [ebp + ebx*4 - 0x1c], 0 mov dword [ebp - 0x34], esi mov dword [ebp - 0x24], 0 mov dword [ebp - 0x40], edi mov dword [ebp - 0x30], eax -loc_fffc2d44: ; not directly referenced +loc_fffc2c39: ; not directly referenced mov edi, dword [ebp - 0x24] mov esi, dword [ebp - 0x40] mov dword [ebp - 0x28], 0 @@ -46781,11 +46662,11 @@ mov esi, dword [ebp + 8] add ecx, dword [ebp + 8] lea edi, [edi + edx + 0x1973] mov dword [ebp - 0x3c], ecx -lea esi, [esi + eax + 0x49bf] +lea esi, [esi + eax + 0x49c0] -loc_fffc2d7a: ; not directly referenced +loc_fffc2c6f: ; not directly referenced cmp dword [esi - 0xf6], 2 -jne loc_fffc2ef7 ; jne 0xfffc2ef7 +jne loc_fffc2dec ; jne 0xfffc2dec mov eax, dword [ebp - 0x34] mov edx, dword [ebp - 0x28] mov ecx, dword [esi + eax - 0xf2] @@ -46798,108 +46679,108 @@ cmp edx, 2 cmovne eax, dword [ebp - 0x20] mov dword [ebp - 0x20], eax cmp ebx, 1 -je short loc_fffc2e16 ; je 0xfffc2e16 -jb short loc_fffc2e26 ; jb 0xfffc2e26 +je short loc_fffc2d0b ; je 0xfffc2d0b +jb short loc_fffc2d1b ; jb 0xfffc2d1b cmp ebx, 3 -ja short loc_fffc2e26 ; ja 0xfffc2e26 +ja short loc_fffc2d1b ; ja 0xfffc2d1b mov al, byte [esi] cmp ebx, 2 mov byte [ebp - 0x29], al -jne short loc_fffc2dd4 ; jne 0xfffc2dd4 +jne short loc_fffc2cc9 ; jne 0xfffc2cc9 test al, 1 -jne short loc_fffc2de0 ; jne 0xfffc2de0 +jne short loc_fffc2cd5 ; jne 0xfffc2cd5 xor eax, eax -jmp near loc_fffc2ee2 ; jmp 0xfffc2ee2 +jmp near loc_fffc2dd7 ; jmp 0xfffc2dd7 -loc_fffc2dd4: ; not directly referenced +loc_fffc2cc9: ; not directly referenced xor eax, eax test byte [ebp - 0x29], 2 -je loc_fffc2ee2 ; je 0xfffc2ee2 +je loc_fffc2dd7 ; je 0xfffc2dd7 -loc_fffc2de0: ; not directly referenced +loc_fffc2cd5: ; not directly referenced and edx, 0xfffffffd mov eax, dword [ebp - 0x30] dec edx -jne short loc_fffc2df3 ; jne 0xfffc2df3 +jne short loc_fffc2ce8 ; jne 0xfffc2ce8 movzx edx, byte [edi + eax + 0x106] -jmp short loc_fffc2dfb ; jmp 0xfffc2dfb +jmp short loc_fffc2cf0 ; jmp 0xfffc2cf0 -loc_fffc2df3: ; not directly referenced +loc_fffc2ce8: ; not directly referenced movzx edx, byte [edi + eax + 0x1d6] -loc_fffc2dfb: ; not directly referenced +loc_fffc2cf0: ; not directly referenced xor eax, eax test ecx, ecx -je loc_fffc2ee2 ; je 0xfffc2ee2 +je loc_fffc2dd7 ; je 0xfffc2dd7 imul edx, dword [ebp - 0x38] lea eax, [ecx + edx - 1] xor edx, edx div ecx -jmp near loc_fffc2ee2 ; jmp 0xfffc2ee2 +jmp near loc_fffc2dd7 ; jmp 0xfffc2dd7 -loc_fffc2e16: ; not directly referenced +loc_fffc2d0b: ; not directly referenced movzx eax, word [edi + 0x250] test ax, ax -jne loc_fffc2ee2 ; jne 0xfffc2ee2 +jne loc_fffc2dd7 ; jne 0xfffc2dd7 -loc_fffc2e26: ; not directly referenced +loc_fffc2d1b: ; not directly referenced cmp edx, 3 -jne short loc_fffc2e65 ; jne 0xfffc2e65 +jne short loc_fffc2d5a ; jne 0xfffc2d5a mov eax, 9 cmp ecx, 0x105944 -jbe loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 7 cmp ecx, 0x16e360 -jbe loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 5 cmp ecx, 0x1c9c38 -jbe loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe loc_fffc2dd7 ; jbe 0xfffc2dd7 cmp ecx, 0x2625a1 sbb eax, eax and eax, 4 -jmp short loc_fffc2ee2 ; jmp 0xfffc2ee2 +jmp short loc_fffc2dd7 ; jmp 0xfffc2dd7 -loc_fffc2e65: ; not directly referenced +loc_fffc2d5a: ; not directly referenced cmp edx, 2 -jne short loc_fffc2ea2 ; jne 0xfffc2ea2 +jne short loc_fffc2d97 ; jne 0xfffc2d97 mov eax, 0x12 cmp ecx, 0xbbcce -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 0xc cmp ecx, 0xcb735 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 0xb cmp ecx, 0xe5010 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 0xa cmp ecx, 0x105944 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 cmp ecx, 0x1312d1 sbb eax, eax and eax, 9 -jmp short loc_fffc2ee2 ; jmp 0xfffc2ee2 +jmp short loc_fffc2dd7 ; jmp 0xfffc2dd7 -loc_fffc2ea2: ; not directly referenced +loc_fffc2d97: ; not directly referenced mov eax, 0xa cmp ecx, 0xe5010 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 9 cmp ecx, 0x105944 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 8 cmp ecx, 0x1312d0 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 7 cmp ecx, 0x16e360 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 mov al, 6 cmp ecx, 0x1c9c38 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 cmp ecx, 0x2625a1 sbb eax, eax and eax, 5 -loc_fffc2ee2: ; not directly referenced +loc_fffc2dd7: ; not directly referenced mov edx, dword [ebp - 0x20] cmp eax, edx cmova eax, edx @@ -46908,32 +46789,32 @@ cmp eax, edx cmovb eax, edx mov dword [ebp + ebx*4 - 0x1c], eax -loc_fffc2ef7: ; not directly referenced +loc_fffc2dec: ; not directly referenced add dword [ebp - 0x28], 0x20 add esi, 0x128 add edi, 0x277 cmp dword [ebp - 0x28], 0x40 -jne loc_fffc2d7a ; jne 0xfffc2d7a +jne loc_fffc2c6f ; jne 0xfffc2c6f inc dword [ebp - 0x24] cmp dword [ebp - 0x24], 2 -jne loc_fffc2d44 ; jne 0xfffc2d44 +jne loc_fffc2c39 ; jne 0xfffc2c39 -loc_fffc2f1e: ; not directly referenced +loc_fffc2e13: ; not directly referenced inc ebx cmp ebx, 4 -jne loc_fffc2d07 ; jne 0xfffc2d07 +jne loc_fffc2bfc ; jne 0xfffc2bfc mov eax, dword [ebp + 8] mov ecx, 0xfffffffe -add eax, 0x48d5 +add eax, 0x48d6 -loc_fffc2f35: ; not directly referenced +loc_fffc2e2a: ; not directly referenced cmp ecx, 1 -ja short loc_fffc2f46 ; ja 0xfffc2f46 +ja short loc_fffc2e3b ; ja 0xfffc2e3b mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -je short loc_fffc2f70 ; je 0xfffc2f70 +cmp byte [ebx + 0x374a], 0 +je short loc_fffc2e65 ; je 0xfffc2e65 -loc_fffc2f46: ; not directly referenced +loc_fffc2e3b: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -46942,11 +46823,11 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffc2f70: ; not directly referenced +loc_fffc2e65: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffc2f35 ; jne 0xfffc2f35 +jne short loc_fffc2e2a ; jne 0xfffc2e2a add esp, 0x34 mov eax, 1 pop ebx @@ -46955,7 +46836,7 @@ pop edi pop ebp ret -fcn_fffc2f86: ; not directly referenced +fcn_fffc2e7b: ; not directly referenced push ebp mov ebp, esp push edi @@ -46964,18 +46845,18 @@ xor esi, esi push ebx sub esp, 0x24 -loc_fffc2f91: ; not directly referenced +loc_fffc2e86: ; not directly referenced lea eax, [esi - 2] cmp eax, 1 -ja short loc_fffc2fb8 ; ja 0xfffc2fb8 +ja short loc_fffc2ead ; ja 0xfffc2ead mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc2fb8 ; jne 0xfffc2fb8 +cmp byte [eax + 0x374a], 0 +jne short loc_fffc2ead ; jne 0xfffc2ead -loc_fffc2fa5: ; not directly referenced +loc_fffc2e9a: ; not directly referenced inc esi cmp esi, 4 -jne short loc_fffc2f91 ; jne 0xfffc2f91 +jne short loc_fffc2e86 ; jne 0xfffc2e86 add esp, 0x24 mov eax, 1 pop ebx @@ -46984,13 +46865,13 @@ pop edi pop ebp ret -loc_fffc2fb8: ; not directly referenced +loc_fffc2ead: ; not directly referenced mov eax, dword [ebp + 8] mov byte [ebp - 0x1f], 2 add eax, 0x1973 mov dword [ebp - 0x24], eax mov eax, dword [ebp + 8] -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x14], eax lea eax, [esi*8] mov dword [ebp - 0x28], eax @@ -46999,7 +46880,7 @@ mov dword [ebp - 0x2c], eax lea eax, [esi - 2] mov dword [ebp - 0x30], eax -loc_fffc2fec: ; not directly referenced +loc_fffc2ee1: ; not directly referenced mov eax, dword [ebp - 0x2c] mov ecx, dword [ebp - 0x24] mov edi, dword [ebp - 0x28] @@ -47009,30 +46890,30 @@ mov dword [ebp - 0x1c], eax mov eax, dword [ebp - 0x14] add edi, eax -loc_fffc3006: ; not directly referenced +loc_fffc2efb: ; not directly referenced mov eax, dword [ebp - 0x14] mov ebx, dword [ebp - 0x10] cmp dword [eax + ebx + 0x1173], 2 -jne loc_fffc317b ; jne 0xfffc317b +jne loc_fffc3070 ; jne 0xfffc3070 cmp dword [ebp - 0x30], 1 -ja loc_fffc30e8 ; ja 0xfffc30e8 +ja loc_fffc2fdd ; ja 0xfffc2fdd cmp esi, 2 mov al, byte [eax + ebx + 0x1269] -jne short loc_fffc3034 ; jne 0xfffc3034 +jne short loc_fffc2f29 ; jne 0xfffc2f29 test al, 1 -jmp short loc_fffc3036 ; jmp 0xfffc3036 +jmp short loc_fffc2f2b ; jmp 0xfffc2f2b -loc_fffc3034: ; not directly referenced +loc_fffc2f29: ; not directly referenced test al, 2 -loc_fffc3036: ; not directly referenced -je loc_fffc30cf ; je 0xfffc30cf +loc_fffc2f2b: ; not directly referenced +je loc_fffc2fc4 ; je 0xfffc2fc4 mov eax, dword [ebp - 0x14] mov ebx, dword [ebp - 0x10] mov eax, dword [eax + ebx + 0x1248] and eax, 0xfffffffd dec eax -jne short loc_fffc3068 ; jne 0xfffc3068 +jne short loc_fffc2f5d ; jne 0xfffc2f5d mov al, byte [ecx + 0x100] mov dl, al and eax, 0xf @@ -47040,9 +46921,9 @@ shr dl, 4 mov byte [ebp - 0x18], al mov eax, dword [ebp - 0x1c] mov byte [ebp - 0x1d], dl -jmp short loc_fffc3084 ; jmp 0xfffc3084 +jmp short loc_fffc2f79 ; jmp 0xfffc2f79 -loc_fffc3068: ; not directly referenced +loc_fffc2f5d: ; not directly referenced mov al, byte [ecx + 0x1d0] mov dl, al and eax, 0xf @@ -47052,7 +46933,7 @@ shr dl, 4 mov byte [ebp - 0x1d], dl add eax, 0xd0 -loc_fffc3084: ; not directly referenced +loc_fffc2f79: ; not directly referenced mov bl, byte [eax] mov edx, dword [ebp - 0x10] mov byte [ebp - 0x1e], bl @@ -47060,9 +46941,9 @@ movzx ebx, byte [eax + 1] mov eax, dword [ebp - 0x14] cmp byte [eax + edx + 0x126a], 0x12 mov eax, 0 -je short loc_fffc30bd ; je 0xfffc30bd +je short loc_fffc2fb2 ; je 0xfffc2fb2 cmp byte [ebp - 0x18], 0 -je short loc_fffc30bd ; je 0xfffc30bd +je short loc_fffc2fb2 ; je 0xfffc2fb2 movzx edx, byte [ebp - 0x1d] imul eax, edx, 0x3e8 movzx edx, byte [ebp - 0x18] @@ -47070,26 +46951,26 @@ mov dword [ebp - 0x18], edx cdq idiv dword [ebp - 0x18] -loc_fffc30bd: ; not directly referenced +loc_fffc2fb2: ; not directly referenced mov dword [edi + 0xcd], eax xor eax, eax test bl, bl -je short loc_fffc3144 ; je 0xfffc3144 +je short loc_fffc3039 ; je 0xfffc3039 movzx eax, byte [ebp - 0x1e] -jmp short loc_fffc313b ; jmp 0xfffc313b +jmp short loc_fffc3030 ; jmp 0xfffc3030 -loc_fffc30cf: ; not directly referenced +loc_fffc2fc4: ; not directly referenced mov dword [edi + 0xcd], 0 mov dword [edi + 0xc9], 0 -jmp near loc_fffc317b ; jmp 0xfffc317b +jmp near loc_fffc3070 ; jmp 0xfffc3070 -loc_fffc30e8: ; not directly referenced +loc_fffc2fdd: ; not directly referenced mov eax, dword [ebp - 0x14] mov ebx, dword [ebp - 0x10] mov eax, dword [eax + ebx + 0x1248] and eax, 0xfffffffd dec eax -jne short loc_fffc314c ; jne 0xfffc314c +jne short loc_fffc3041 ; jne 0xfffc3041 mov dl, byte [ecx + 0x51] movzx ebx, byte [ecx + 0x53] mov al, dl @@ -47099,7 +46980,7 @@ mov al, byte [ecx + 0x52] mov byte [ebp - 0x1d], al xor eax, eax and dl, 0xf -je short loc_fffc312b ; je 0xfffc312b +je short loc_fffc3020 ; je 0xfffc3020 movzx eax, byte [ebp - 0x18] movzx edx, dl mov dword [ebp - 0x18], edx @@ -47107,23 +46988,23 @@ imul eax, eax, 0x3e8 cdq idiv dword [ebp - 0x18] -loc_fffc312b: ; not directly referenced +loc_fffc3020: ; not directly referenced mov dword [edi + 0xcd], eax xor eax, eax test bl, bl -je short loc_fffc3144 ; je 0xfffc3144 +je short loc_fffc3039 ; je 0xfffc3039 movzx eax, byte [ebp - 0x1d] -loc_fffc313b: ; not directly referenced +loc_fffc3030: ; not directly referenced imul eax, eax, 0xf4240 cdq idiv ebx -loc_fffc3144: ; not directly referenced +loc_fffc3039: ; not directly referenced mov dword [edi + 0xc9], eax -jmp short loc_fffc317b ; jmp 0xfffc317b +jmp short loc_fffc3070 ; jmp 0xfffc3070 -loc_fffc314c: ; not directly referenced +loc_fffc3041: ; not directly referenced mov al, byte [ecx + 0x59] shr al, 2 and eax, 3 @@ -47138,20 +47019,20 @@ sbb eax, eax and eax, 0x3e8 mov dword [edi + 0xcd], eax -loc_fffc317b: ; not directly referenced +loc_fffc3070: ; not directly referenced add dword [ebp - 0x10], 0x128 add edi, 0x20 add ecx, 0x277 add dword [ebp - 0x1c], 0x277 cmp dword [ebp - 0x10], 0x250 -jne loc_fffc3006 ; jne 0xfffc3006 +jne loc_fffc2efb ; jne 0xfffc2efb add dword [ebp - 0x24], 0x54a add dword [ebp - 0x14], 0x13c3 dec byte [ebp - 0x1f] -jne loc_fffc2fec ; jne 0xfffc2fec -jmp near loc_fffc2fa5 ; jmp 0xfffc2fa5 +jne loc_fffc2ee1 ; jne 0xfffc2ee1 +jmp near loc_fffc2e9a ; jmp 0xfffc2e9a -fcn_fffc31bb: ; not directly referenced +fcn_fffc30b0: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -47159,63 +47040,63 @@ mov ecx, dword [ebp + 0xc] mov edx, dword [eax + 0xd5] and edx, 0xfffffffd dec edx -jne short loc_fffc31d5 ; jne 0xfffc31d5 +jne short loc_fffc30ca ; jne 0xfffc30ca mov dl, byte [ecx + 0x29] -jmp short loc_fffc31d8 ; jmp 0xfffc31d8 +jmp short loc_fffc30cd ; jmp 0xfffc30cd -loc_fffc31d5: ; not directly referenced +loc_fffc30ca: ; not directly referenced mov dl, byte [ecx + 7] -loc_fffc31d8: ; not directly referenced +loc_fffc30cd: ; not directly referenced and edx, 0xf cmp edx, 8 -ja short loc_fffc3234 ; ja 0xfffc3234 -jmp dword [edx*4 + ref_fffd5988] ; ujmp: jmp dword [edx*4 - 0x2a678] +ja short loc_fffc3129 ; ja 0xfffc3129 +jmp dword [edx*4 + ref_fffd5444] ; ujmp: jmp dword [edx*4 - 0x2abbc] -loc_fffc31e7: ; not directly referenced +loc_fffc30dc: ; not directly referenced mov byte [eax + 0xf4], 0 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc31f0: ; not directly referenced +loc_fffc30e5: ; not directly referenced mov byte [eax + 0xf4], 2 -loc_fffc31f7: ; not directly referenced +loc_fffc30ec: ; not directly referenced mov eax, 1 -jmp short loc_fffc323d ; jmp 0xfffc323d +jmp short loc_fffc3132 ; jmp 0xfffc3132 -loc_fffc31fe: ; not directly referenced +loc_fffc30f3: ; not directly referenced mov byte [eax + 0xf4], 3 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3207: ; not directly referenced +loc_fffc30fc: ; not directly referenced mov byte [eax + 0xf4], 4 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3210: ; not directly referenced +loc_fffc3105: ; not directly referenced mov byte [eax + 0xf4], 5 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3219: ; not directly referenced +loc_fffc310e: ; not directly referenced mov byte [eax + 0xf4], 6 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3222: ; not directly referenced +loc_fffc3117: ; not directly referenced mov byte [eax + 0xf4], 7 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc322b: ; not directly referenced +loc_fffc3120: ; not directly referenced mov byte [eax + 0xf4], 8 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3234: ; not directly referenced +loc_fffc3129: ; not directly referenced mov byte [eax + 0xf4], 0 xor eax, eax -loc_fffc323d: ; not directly referenced +loc_fffc3132: ; not directly referenced pop ebp ret -fcn_fffc323f: ; not directly referenced +fcn_fffc3134: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -47225,7 +47106,7 @@ mov ebx, dword [ebp + 8] mov ecx, dword [eax + 0xd5] and ecx, 0xfffffffd dec ecx -jne short loc_fffc32a9 ; jne 0xfffc32a9 +jne short loc_fffc319e ; jne 0xfffc319e mov cl, byte [edx + 0x1f] shr cl, 7 mov byte [eax + 0xd1], cl @@ -47235,12 +47116,12 @@ and ecx, 1 mov byte [eax + 0xd2], cl xor ecx, ecx test byte [edx + 0x1f], 4 -je short loc_fffc3287 ; je 0xfffc3287 +je short loc_fffc317c ; je 0xfffc317c xor ecx, ecx cmp byte [ebx + 0x18b7], 0 setne cl -loc_fffc3287: ; not directly referenced +loc_fffc317c: ; not directly referenced mov byte [eax + 0xd0], cl mov cl, byte [edx + 0x1f] shr cl, 1 @@ -47249,33 +47130,33 @@ mov byte [eax + 0xd4], cl mov dl, byte [edx + 0x1f] and edx, 1 mov byte [eax + 0xd3], dl -jmp short loc_fffc32cc ; jmp 0xfffc32cc +jmp short loc_fffc31c1 ; jmp 0xfffc31c1 -loc_fffc32a9: ; not directly referenced +loc_fffc319e: ; not directly referenced mov byte [eax + 0xd1], 0 mov byte [eax + 0xd2], 0 mov byte [eax + 0xd0], 0 mov byte [eax + 0xd4], 0 mov byte [eax + 0xd3], 0 -loc_fffc32cc: ; not directly referenced +loc_fffc31c1: ; not directly referenced xor edx, edx cmp byte [eax + 0xd0], 0 -jne short loc_fffc32ec ; jne 0xfffc32ec +jne short loc_fffc31e1 ; jne 0xfffc31e1 cmp byte [eax + 0xd3], 0 -je short loc_fffc32ec ; je 0xfffc32ec +je short loc_fffc31e1 ; je 0xfffc31e1 xor edx, edx cmp byte [ebx + 0x18b8], 0 setne dl -loc_fffc32ec: ; not directly referenced +loc_fffc31e1: ; not directly referenced mov byte [eax + 0xcf], dl mov eax, 1 pop ebx pop ebp ret -fcn_fffc32fa: ; not directly referenced +fcn_fffc31ef: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 0x10] @@ -47285,62 +47166,62 @@ mov ebx, dword [ecx + 0xd5] mov edx, ebx and edx, 0xfffffffd dec edx -jne short loc_fffc3317 ; jne 0xfffc3317 +jne short loc_fffc320c ; jne 0xfffc320c mov dl, byte [eax + 0x3f] -jmp short loc_fffc331d ; jmp 0xfffc331d +jmp short loc_fffc3212 ; jmp 0xfffc3212 -loc_fffc3317: ; not directly referenced +loc_fffc320c: ; not directly referenced mov dl, byte [eax + 0x83] -loc_fffc331d: ; not directly referenced +loc_fffc3212: ; not directly referenced and edx, 1 mov eax, 1 mov byte [ecx + 0xce], dl cmp ebx, 2 -jne short loc_fffc3340 ; jne 0xfffc3340 +jne short loc_fffc3235 ; jne 0xfffc3235 dec dl -jne short loc_fffc3340 ; jne 0xfffc3340 +jne short loc_fffc3235 ; jne 0xfffc3235 xor eax, eax cmp dword [ecx + 0xd9], 3 sete al -loc_fffc3340: ; not directly referenced +loc_fffc3235: ; not directly referenced pop ebx pop ebp ret -fcn_fffc3343: ; not directly referenced +fcn_fffc3238: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] mov eax, dword [edx + 0xd5] and eax, 0xfffffffd dec eax -jne short loc_fffc336e ; jne 0xfffc336e +jne short loc_fffc3263 ; jne 0xfffc3263 mov eax, dword [ebp + 0xc] mov al, byte [eax + 8] shr al, 3 and eax, 3 dec al -jne short loc_fffc336e ; jne 0xfffc336e +jne short loc_fffc3263 ; jne 0xfffc3263 mov byte [edx + 0xcc], 1 -jmp short loc_fffc3375 ; jmp 0xfffc3375 +jmp short loc_fffc326a ; jmp 0xfffc326a -loc_fffc336e: ; not directly referenced +loc_fffc3263: ; not directly referenced mov byte [edx + 0xcc], 0 -loc_fffc3375: ; not directly referenced +loc_fffc326a: ; not directly referenced mov eax, 1 pop ebp ret -fcn_fffc337c: ; not directly referenced +fcn_fffc3271: ; not directly referenced push ebp mov ecx, 8 mov ebp, esp push edi push esi -mov esi, ref_fffd59ac ; mov esi, 0xfffd59ac +mov esi, ref_fffd5468 ; mov esi, 0xfffd5468 push ebx sub esp, 0x20 mov ebx, dword [ebp + 0x10] @@ -47348,10 +47229,10 @@ lea edi, [ebp - 0x2c] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov dl, byte [ebx + 0xf1] test dl, dl -je short loc_fffc33e6 ; je 0xfffc33e6 +je short loc_fffc32db ; je 0xfffc32db mov al, byte [ebx + 0xf3] cmp al, 7 -ja short loc_fffc33e6 ; ja 0xfffc33e6 +ja short loc_fffc32db ; ja 0xfffc32db movzx ecx, al movzx eax, byte [ebx + 0xf0] imul eax, dword [ebp + ecx*4 - 0x2c] @@ -47362,16 +47243,16 @@ movzx edx, byte [ebx + 0xed] imul eax, edx lea edx, [eax - 0x200] cmp edx, 0x3e00 -ja short loc_fffc33e6 ; ja 0xfffc33e6 +ja short loc_fffc32db ; ja 0xfffc32db mov dword [ebx + 0xe1], eax mov eax, 1 -jmp short loc_fffc33f2 ; jmp 0xfffc33f2 +jmp short loc_fffc32e7 ; jmp 0xfffc32e7 -loc_fffc33e6: ; not directly referenced +loc_fffc32db: ; not directly referenced mov dword [ebx + 0xe1], 0 xor eax, eax -loc_fffc33f2: ; not directly referenced +loc_fffc32e7: ; not directly referenced add esp, 0x20 pop ebx pop esi @@ -47379,7 +47260,7 @@ pop edi pop ebp ret -fcn_fffc33fa: ; not directly referenced +fcn_fffc32ef: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47387,32 +47268,32 @@ mov ecx, dword [ebp + 0xc] mov eax, dword [edx + 0xd5] and eax, 0xfffffffd dec eax -jne short loc_fffc3414 ; jne 0xfffc3414 +jne short loc_fffc3309 ; jne 0xfffc3309 mov al, byte [ecx + 7] -jmp short loc_fffc3417 ; jmp 0xfffc3417 +jmp short loc_fffc330c ; jmp 0xfffc330c -loc_fffc3414: ; not directly referenced +loc_fffc3309: ; not directly referenced mov al, byte [ecx + 0xc] -loc_fffc3417: ; not directly referenced +loc_fffc330c: ; not directly referenced shr al, 3 and eax, 7 inc eax cmp al, 2 -ja short loc_fffc342f ; ja 0xfffc342f +ja short loc_fffc3324 ; ja 0xfffc3324 mov byte [edx + 0xed], al mov eax, 1 -jmp short loc_fffc3438 ; jmp 0xfffc3438 +jmp short loc_fffc332d ; jmp 0xfffc332d -loc_fffc342f: ; not directly referenced +loc_fffc3324: ; not directly referenced mov byte [edx + 0xed], 0 xor eax, eax -loc_fffc3438: ; not directly referenced +loc_fffc332d: ; not directly referenced pop ebp ret -fcn_fffc343a: ; not directly referenced +fcn_fffc332f: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47423,17 +47304,17 @@ mov ecx, dword [edx + 0xd5] and ecx, 0xfffffffd dec ecx mov cl, byte [eax + 4] -jne short loc_fffc3478 ; jne 0xfffc3478 +jne short loc_fffc336d ; jne 0xfffc336d and ecx, 0xf mov byte [edx + 0xf3], cl test byte [eax + 4], 0x70 -jne short loc_fffc34c3 ; jne 0xfffc34c3 +jne short loc_fffc33b8 ; jne 0xfffc33b8 mov byte [edx + 0xee], 8 mov eax, 1 mov byte [edx + 0xef], 0 -jmp short loc_fffc34c5 ; jmp 0xfffc34c5 +jmp short loc_fffc33ba ; jmp 0xfffc33ba -loc_fffc3478: ; not directly referenced +loc_fffc336d: ; not directly referenced and ecx, 0xf mov byte [edx + 0xf3], cl mov al, byte [eax + 4] @@ -47444,32 +47325,32 @@ and ecx, 3 mov esi, eax xor eax, eax cmp cl, 1 -ja short loc_fffc34aa ; ja 0xfffc34aa +ja short loc_fffc339f ; ja 0xfffc339f mov eax, 4 shl eax, cl mov byte [edx + 0xee], al mov eax, 1 -loc_fffc34aa: ; not directly referenced +loc_fffc339f: ; not directly referenced lea ecx, [esi - 1] cmp cl, 1 -ja short loc_fffc34c3 ; ja 0xfffc34c3 +ja short loc_fffc33b8 ; ja 0xfffc33b8 mov ebx, 1 mov ecx, esi shl ebx, cl mov byte [edx + 0xef], bl -jmp short loc_fffc34c5 ; jmp 0xfffc34c5 +jmp short loc_fffc33ba ; jmp 0xfffc33ba -loc_fffc34c3: ; not directly referenced +loc_fffc33b8: ; not directly referenced xor eax, eax -loc_fffc34c5: ; not directly referenced +loc_fffc33ba: ; not directly referenced pop ebx pop esi pop ebp ret -fcn_fffc34c9: ; not directly referenced +fcn_fffc33be: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47477,30 +47358,30 @@ mov ecx, dword [ebp + 0xc] mov eax, dword [edx + 0xd5] and eax, 0xfffffffd dec eax -jne short loc_fffc34e3 ; jne 0xfffc34e3 +jne short loc_fffc33d8 ; jne 0xfffc33d8 mov al, byte [ecx + 8] -jmp short loc_fffc34e6 ; jmp 0xfffc34e6 +jmp short loc_fffc33db ; jmp 0xfffc33db -loc_fffc34e3: ; not directly referenced +loc_fffc33d8: ; not directly referenced mov al, byte [ecx + 0xd] -loc_fffc34e6: ; not directly referenced +loc_fffc33db: ; not directly referenced and eax, 7 cmp al, 3 -jne short loc_fffc34fb ; jne 0xfffc34fb +jne short loc_fffc33f0 ; jne 0xfffc33f0 mov byte [edx + 0xf0], 0x40 mov eax, 1 -jmp short loc_fffc3504 ; jmp 0xfffc3504 +jmp short loc_fffc33f9 ; jmp 0xfffc33f9 -loc_fffc34fb: ; not directly referenced +loc_fffc33f0: ; not directly referenced mov byte [edx + 0xf0], 0 xor eax, eax -loc_fffc3504: ; not directly referenced +loc_fffc33f9: ; not directly referenced pop ebp ret -fcn_fffc3506: ; not directly referenced +fcn_fffc33fb: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0xc] @@ -47511,65 +47392,65 @@ mov dl, byte [edx + 5] mov eax, dword [eax + 0x1887] and edx, 7 cmp dl, 2 -je short loc_fffc3567 ; je 0xfffc3567 +je short loc_fffc345c ; je 0xfffc345c cmp dl, 3 -je short loc_fffc3592 ; je 0xfffc3592 +je short loc_fffc3487 ; je 0xfffc3487 dec dl -jne short loc_fffc35a4 ; jne 0xfffc35a4 +jne short loc_fffc3499 ; jne 0xfffc3499 cmp eax, 0x40650 -je short loc_fffc355c ; je 0xfffc355c +je short loc_fffc3451 ; je 0xfffc3451 cmp eax, 0x40660 sete bl cmp eax, 0x306c0 sete dl or bl, dl -jne short loc_fffc355c ; jne 0xfffc355c +jne short loc_fffc3451 ; jne 0xfffc3451 cmp eax, 0x40670 sete bl cmp eax, 0x306d0 sete dl or bl, dl -je short loc_fffc356e ; je 0xfffc356e +je short loc_fffc3463 ; je 0xfffc3463 -loc_fffc355c: ; not directly referenced +loc_fffc3451: ; not directly referenced mov word [ecx + 0xe9], 0x400 -jmp short loc_fffc358b ; jmp 0xfffc358b +jmp short loc_fffc3480 ; jmp 0xfffc3480 -loc_fffc3567: ; not directly referenced +loc_fffc345c: ; not directly referenced cmp eax, 0x40650 -je short loc_fffc3582 ; je 0xfffc3582 +je short loc_fffc3477 ; je 0xfffc3477 -loc_fffc356e: ; not directly referenced +loc_fffc3463: ; not directly referenced cmp eax, 0x40670 sete dl cmp eax, 0x306d0 sete al or dl, al -je short loc_fffc35a4 ; je 0xfffc35a4 +je short loc_fffc3499 ; je 0xfffc3499 -loc_fffc3582: ; not directly referenced +loc_fffc3477: ; not directly referenced mov word [ecx + 0xe9], 0x800 -loc_fffc358b: ; not directly referenced +loc_fffc3480: ; not directly referenced mov eax, 1 -jmp short loc_fffc35af ; jmp 0xfffc35af +jmp short loc_fffc34a4 ; jmp 0xfffc34a4 -loc_fffc3592: ; not directly referenced +loc_fffc3487: ; not directly referenced cmp eax, 0x40650 -jne short loc_fffc35a4 ; jne 0xfffc35a4 +jne short loc_fffc3499 ; jne 0xfffc3499 mov word [ecx + 0xe9], 0x1000 -jmp short loc_fffc358b ; jmp 0xfffc358b +jmp short loc_fffc3480 ; jmp 0xfffc3480 -loc_fffc35a4: ; not directly referenced +loc_fffc3499: ; not directly referenced mov word [ecx + 0xe9], 0 xor eax, eax -loc_fffc35af: ; not directly referenced +loc_fffc34a4: ; not directly referenced pop ebx pop ebp ret -fcn_fffc35b2: ; not directly referenced +fcn_fffc34a7: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -47578,42 +47459,42 @@ mov al, byte [eax + 5] shr al, 3 and eax, 7 cmp al, 4 -ja short loc_fffc3613 ; ja 0xfffc3613 +ja short loc_fffc3508 ; ja 0xfffc3508 movzx eax, al -jmp dword [eax*4 + ref_fffd59cc] ; ujmp: jmp dword [eax*4 - 0x2a634] +jmp dword [eax*4 + ref_fffd5488] ; ujmp: jmp dword [eax*4 - 0x2ab78] -loc_fffc35d2: ; not directly referenced +loc_fffc34c7: ; not directly referenced mov dword [edx + 0xe5], 0x1000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc35de: ; not directly referenced +loc_fffc34d3: ; not directly referenced mov dword [edx + 0xe5], 0x2000 -loc_fffc35e8: ; not directly referenced +loc_fffc34dd: ; not directly referenced mov eax, 1 -jmp short loc_fffc361f ; jmp 0xfffc361f +jmp short loc_fffc3514 ; jmp 0xfffc3514 -loc_fffc35ef: ; not directly referenced +loc_fffc34e4: ; not directly referenced mov dword [edx + 0xe5], 0x4000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc35fb: ; not directly referenced +loc_fffc34f0: ; not directly referenced mov dword [edx + 0xe5], 0x8000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc3607: ; not directly referenced +loc_fffc34fc: ; not directly referenced mov dword [edx + 0xe5], 0x10000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc3613: ; not directly referenced +loc_fffc3508: ; not directly referenced mov dword [edx + 0xe5], 0 xor eax, eax -loc_fffc361f: ; not directly referenced +loc_fffc3514: ; not directly referenced pop ebp ret -fcn_fffc3621: ; not directly referenced +fcn_fffc3516: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -47621,46 +47502,46 @@ mov ecx, dword [ebp + 0xc] mov edx, dword [eax + 0xd5] and edx, 0xfffffffd dec edx -jne short loc_fffc363b ; jne 0xfffc363b +jne short loc_fffc3530 ; jne 0xfffc3530 mov dl, byte [ecx + 7] -jmp short loc_fffc363e ; jmp 0xfffc363e +jmp short loc_fffc3533 ; jmp 0xfffc3533 -loc_fffc363b: ; not directly referenced +loc_fffc3530: ; not directly referenced mov dl, byte [ecx + 0xc] -loc_fffc363e: ; not directly referenced +loc_fffc3533: ; not directly referenced and edx, 7 mov byte [eax + 0xf2], dl mov dl, byte [eax + 0xf2] cmp dl, 2 -je short loc_fffc3664 ; je 0xfffc3664 +je short loc_fffc3559 ; je 0xfffc3559 cmp dl, 3 -je short loc_fffc3672 ; je 0xfffc3672 +je short loc_fffc3567 ; je 0xfffc3567 dec dl -jne short loc_fffc367b ; jne 0xfffc367b +jne short loc_fffc3570 ; jne 0xfffc3570 mov byte [eax + 0xf1], 8 -jmp short loc_fffc366b ; jmp 0xfffc366b +jmp short loc_fffc3560 ; jmp 0xfffc3560 -loc_fffc3664: ; not directly referenced +loc_fffc3559: ; not directly referenced mov byte [eax + 0xf1], 0x10 -loc_fffc366b: ; not directly referenced +loc_fffc3560: ; not directly referenced mov eax, 1 -jmp short loc_fffc3684 ; jmp 0xfffc3684 +jmp short loc_fffc3579 ; jmp 0xfffc3579 -loc_fffc3672: ; not directly referenced +loc_fffc3567: ; not directly referenced mov byte [eax + 0xf1], 0x20 -jmp short loc_fffc366b ; jmp 0xfffc366b +jmp short loc_fffc3560 ; jmp 0xfffc3560 -loc_fffc367b: ; not directly referenced +loc_fffc3570: ; not directly referenced mov byte [eax + 0xf1], 0 xor eax, eax -loc_fffc3684: ; not directly referenced +loc_fffc3579: ; not directly referenced pop ebp ret -fcn_fffc3686: ; not directly referenced +fcn_fffc357b: ; not directly referenced push ebp mov ebp, esp push edi @@ -47678,11 +47559,11 @@ mov cl, byte [ebx + 2] shr byte [ebp - 0xd], 1 and byte [ebp - 0xd], 1 cmp cl, 0xc -je loc_fffc3749 ; je 0xfffc3749 +je loc_fffc363e ; je 0xfffc363e cmp cl, 0xf1 -je short loc_fffc370a ; je 0xfffc370a +je short loc_fffc35ff ; je 0xfffc35ff cmp cl, 0xb -jne loc_fffc376a ; jne 0xfffc376a +jne loc_fffc365f ; jne 0xfffc365f mov dword [edx + 0xd5], 1 mov cl, byte [ebx + 3] add ebx, 0xb0 @@ -47693,119 +47574,119 @@ sete cl cmp eax, 0x40650 sete al or cl, al -je loc_fffc3814 ; je 0xfffc3814 +je loc_fffc3709 ; je 0xfffc3709 cmp byte [ebp - 0xd], 0 -je short loc_fffc3780 ; je 0xfffc3780 -jmp near loc_fffc3814 ; jmp 0xfffc3814 +je short loc_fffc3675 ; je 0xfffc3675 +jmp near loc_fffc3709 ; jmp 0xfffc3709 -loc_fffc370a: ; not directly referenced +loc_fffc35ff: ; not directly referenced cmp eax, 0x40650 -je short loc_fffc3728 ; je 0xfffc3728 +je short loc_fffc361d ; je 0xfffc361d cmp eax, 0x40660 sete cl cmp eax, 0x306c0 sete al or cl, al -jne short loc_fffc3728 ; jne 0xfffc3728 +jne short loc_fffc361d ; jne 0xfffc361d dec edi -jne short loc_fffc3749 ; jne 0xfffc3749 +jne short loc_fffc363e ; jne 0xfffc363e -loc_fffc3728: ; not directly referenced +loc_fffc361d: ; not directly referenced mov dword [edx + 0xd5], 3 mov al, byte [ebx + 3] add ebx, 0xb0 and eax, 0xf mov dword [edx + 0xd9], eax -jmp near loc_fffc3814 ; jmp 0xfffc3814 +jmp near loc_fffc3709 ; jmp 0xfffc3709 -loc_fffc3749: ; not directly referenced +loc_fffc363e: ; not directly referenced mov dword [edx + 0xd5], 2 mov al, byte [ebx + 3] add ebx, 0x180 and eax, 0xf mov dword [edx + 0xd9], eax -jmp near loc_fffc3814 ; jmp 0xfffc3814 +jmp near loc_fffc3709 ; jmp 0xfffc3709 -loc_fffc376a: ; not directly referenced +loc_fffc365f: ; not directly referenced mov dword [edx + 0xd5], 0 xor ebx, ebx mov dword [edx + 0xd9], 0 -loc_fffc3780: ; not directly referenced +loc_fffc3675: ; not directly referenced xor eax, eax -loc_fffc3782: ; not directly referenced +loc_fffc3677: ; not directly referenced mov byte [edx + 0xf6], 0 test eax, eax -je loc_fffc383c ; je 0xfffc383c +je loc_fffc3731 ; je 0xfffc3731 cmp word [ebx], 0x4a0c mov eax, dword [esi + 0x18a7] -jne short loc_fffc37bf ; jne 0xfffc37bf +jne short loc_fffc36b4 ; jne 0xfffc36b4 mov cl, byte [ebx + 3] and ecx, 0xfffffffe cmp cl, 0x12 -jne short loc_fffc37bf ; jne 0xfffc37bf +jne short loc_fffc36b4 ; jne 0xfffc36b4 cmp eax, 2 -jne short loc_fffc37b4 ; jne 0xfffc37b4 +jne short loc_fffc36a9 ; jne 0xfffc36a9 test byte [ebx + 2], 1 -jmp short loc_fffc37bd ; jmp 0xfffc37bd +jmp short loc_fffc36b2 ; jmp 0xfffc36b2 -loc_fffc37b4: ; not directly referenced +loc_fffc36a9: ; not directly referenced cmp eax, 3 -jne short loc_fffc37cd ; jne 0xfffc37cd +jne short loc_fffc36c2 ; jne 0xfffc36c2 test byte [ebx + 2], 2 -loc_fffc37bd: ; not directly referenced -jne short loc_fffc37cd ; jne 0xfffc37cd +loc_fffc36b2: ; not directly referenced +jne short loc_fffc36c2 ; jne 0xfffc36c2 -loc_fffc37bf: ; not directly referenced +loc_fffc36b4: ; not directly referenced sub eax, 2 cmp eax, 1 seta al movzx eax, al -jmp short loc_fffc37d9 ; jmp 0xfffc37d9 +jmp short loc_fffc36ce ; jmp 0xfffc36ce -loc_fffc37cd: ; not directly referenced -or byte [esi + 0x3749], 1 +loc_fffc36c2: ; not directly referenced +or byte [esi + 0x374a], 1 mov eax, 1 -loc_fffc37d9: ; not directly referenced +loc_fffc36ce: ; not directly referenced cmp word [ebx], 0x4a0c -jne short loc_fffc383c ; jne 0xfffc383c +jne short loc_fffc3731 ; jne 0xfffc3731 movzx edi, byte [ebx + 3] mov esi, edi and esi, 0xfffffffe mov ecx, esi cmp cl, 0x12 -jne short loc_fffc37f8 ; jne 0xfffc37f8 +jne short loc_fffc36ed ; jne 0xfffc36ed mov ecx, edi mov byte [edx + 0xf7], cl -loc_fffc37f8: ; not directly referenced +loc_fffc36ed: ; not directly referenced test byte [ebx + 2], 1 -je short loc_fffc3805 ; je 0xfffc3805 +je short loc_fffc36fa ; je 0xfffc36fa or byte [edx + 0xf6], 1 -loc_fffc3805: ; not directly referenced +loc_fffc36fa: ; not directly referenced test byte [ebx + 2], 2 -je short loc_fffc383c ; je 0xfffc383c +je short loc_fffc3731 ; je 0xfffc3731 or byte [edx + 0xf6], 2 -jmp short loc_fffc383c ; jmp 0xfffc383c +jmp short loc_fffc3731 ; jmp 0xfffc3731 -loc_fffc3814: ; not directly referenced +loc_fffc3709: ; not directly referenced mov eax, dword [edx + 0xd9] lea ecx, [eax - 2] xor eax, eax cmp ecx, 6 -ja loc_fffc3782 ; ja 0xfffc3782 +ja loc_fffc3677 ; ja 0xfffc3677 mov eax, 1 shl eax, cl test al, 0x43 setne al movzx eax, al -jmp near loc_fffc3782 ; jmp 0xfffc3782 +jmp near loc_fffc3677 ; jmp 0xfffc3677 -loc_fffc383c: ; not directly referenced +loc_fffc3731: ; not directly referenced add esp, 1 pop ebx pop esi @@ -47813,7 +47694,7 @@ pop edi pop ebp ret -fcn_fffc3844: ; not directly referenced +fcn_fffc3739: ; not directly referenced push ebp mov ebp, esp movzx eax, byte [ebp + 0x10] @@ -47829,7 +47710,7 @@ shl eax, 0x14 add eax, edx ret -fcn_fffc3868: ; not directly referenced +fcn_fffc375d: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47848,7 +47729,7 @@ movzx edx, dx or eax, edx ret -fcn_fffc3896: ; not directly referenced +fcn_fffc378b: ; not directly referenced push ebp mov ebp, esp push edi @@ -47857,26 +47738,26 @@ push ebx sub esp, 0x2c mov ebx, dword [ebp + 8] mov dword [ebp - 0x1c], 0 -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] lea edi, [ebx + 0xfb9] mov dword [ebp - 0x20], eax mov al, byte [ebx + 0xfb8] -mov byte [ebx + 0x3755], al +mov byte [ebx + 0x3756], al mov eax, dword [ebx + 0xfb4] -mov dword [ebx + 0x374e], eax +mov dword [ebx + 0x374f], eax -loc_fffc38d0: ; not directly referenced +loc_fffc37c5: ; not directly referenced imul esi, dword [ebp - 0x1c], 0x13c3 xor edx, edx mov eax, dword [edi + 4] -lea ecx, [ebx + esi + 0x3756] -mov dword [ebx + esi + 0x3816], eax +lea ecx, [ebx + esi + 0x3757] +mov dword [ebx + esi + 0x3817], eax mov al, byte [edi + 8] -mov byte [ebx + esi + 0x381a], al +mov byte [ebx + esi + 0x381b], al mov eax, dword [edi] -mov dword [ebx + esi + 0x3756], eax +mov dword [ebx + esi + 0x3757], eax -loc_fffc38fd: ; not directly referenced +loc_fffc37f2: ; not directly referenced push eax push 0x2e lea eax, [edi + edx + 9] @@ -47892,9 +47773,9 @@ add esp, 0x10 mov ecx, dword [ebp - 0x24] add edx, 0x2e cmp edx, 0xb8 -jne short loc_fffc38fd ; jne 0xfffc38fd +jne short loc_fffc37f2 ; jne 0xfffc37f2 imul eax, dword [ebp - 0x1c], 0x54a -lea esi, [ebx + esi + 0x48c9] +lea esi, [ebx + esi + 0x48ca] mov dword [ebp - 0x24], esi lea edx, [edi + 0x313] mov byte [ebp - 0x29], 2 @@ -47902,12 +47783,12 @@ lea esi, [ebx + eax + 0x1afb] lea eax, [edi + 0xc1] mov dword [ebp - 0x28], eax -loc_fffc3955: ; not directly referenced +loc_fffc384a: ; not directly referenced mov eax, dword [ebp - 0x28] mov eax, dword [eax] lea ecx, [eax - 1] cmp ecx, 1 -ja short loc_fffc39d5 ; ja 0xfffc39d5 +ja short loc_fffc38ca ; ja 0xfffc38ca push eax mov eax, dword [ebp - 0x20] push 0x128 @@ -47918,16 +47799,16 @@ call dword [eax + 0x58] ; ucall mov edx, dword [ebp - 0x30] add esp, 0x10 cmp byte [esi - 0x13e], 0xc -jne short loc_fffc39a1 ; jne 0xfffc39a1 +jne short loc_fffc3896 ; jne 0xfffc3896 mov cl, byte [edx - 2] mov eax, esi mov byte [esi - 0x13d], cl mov cl, byte [edx - 1] mov byte [esi - 0x133], cl mov ecx, 0x1d -jmp short loc_fffc39be ; jmp 0xfffc39be +jmp short loc_fffc38b3 ; jmp 0xfffc38b3 -loc_fffc39a1: ; not directly referenced +loc_fffc3896: ; not directly referenced mov al, byte [edx - 2] mov ecx, 0x1f mov byte [esi - 0x13d], al @@ -47935,7 +47816,7 @@ mov al, byte [edx - 1] mov byte [esi - 0x138], al lea eax, [esi - 0xcb] -loc_fffc39be: ; not directly referenced +loc_fffc38b3: ; not directly referenced sub esp, 4 push ecx push edx @@ -47945,32 +47826,32 @@ mov dword [ebp - 0x30], edx call dword [eax + 0x58] ; ucall add esp, 0x10 mov edx, dword [ebp - 0x30] -jmp short loc_fffc39da ; jmp 0xfffc39da +jmp short loc_fffc38cf ; jmp 0xfffc38cf -loc_fffc39d5: ; not directly referenced +loc_fffc38ca: ; not directly referenced mov ecx, dword [ebp - 0x24] mov dword [ecx], eax -loc_fffc39da: ; not directly referenced +loc_fffc38cf: ; not directly referenced add dword [ebp - 0x28], 0x128 add esi, 0x277 add edx, 0x21 add dword [ebp - 0x24], 0x128 dec byte [ebp - 0x29] -jne loc_fffc3955 ; jne 0xfffc3955 +jne loc_fffc384a ; jne 0xfffc384a inc dword [ebp - 0x1c] add edi, 0x433 cmp dword [ebp - 0x1c], 2 -jne loc_fffc38d0 ; jne 0xfffc38d0 +jne loc_fffc37c5 ; jne 0xfffc37c5 mov eax, dword [ebx + 0x182c] xor ecx, ecx -mov dword [ebx + 0x3735], eax +mov dword [ebx + 0x3736], eax mov eax, dword [ebx + 0x1830] -mov dword [ebx + 0x3739], eax +mov dword [ebx + 0x373a], eax mov eax, dword [ebx + 0x1834] -mov dword [ebx + 0x373d], eax +mov dword [ebx + 0x373e], eax mov eax, dword [ebx + 0x1838] -mov dword [ebx + 0x3741], eax +mov dword [ebx + 0x3742], eax mov eax, dword [ebx + 0xfa4] mov dword [ebx + 0x1887], eax mov eax, dword [ebx + 0xfa0] @@ -47980,38 +47861,38 @@ mov dword [ebx + 0x188b], eax mov al, byte [ebx + 0x1842] mov byte [ebx + 0x190d], al mov eax, dword [ebx + 0x181f] -mov dword [ebx + 0x36d7], eax +mov dword [ebx + 0x36d8], eax mov eax, dword [ebx + 0x1823] -mov dword [ebx + 0x36df], eax +mov dword [ebx + 0x36e0], eax mov al, byte [ebx + 0x182b] -mov byte [ebx + 0x36e7], al +mov byte [ebx + 0x36e8], al mov eax, dword [ebx + 0x1827] -mov dword [ebx + 0x36e3], eax +mov dword [ebx + 0x36e4], eax mov al, byte [ebx + 0x183c] -mov byte [ebx + 0x3748], al +mov byte [ebx + 0x3749], al mov eax, dword [ebx + 0x183d] -mov dword [ebx + 0x2480], eax +mov dword [ebx + 0x2481], eax mov al, byte [ebx + 0x1841] -mov byte [ebx + 0x3749], al +mov byte [ebx + 0x374a], al mov al, byte [ebx + 0x184c] -mov byte [ebx + 0x36ca], al +mov byte [ebx + 0x36cb], al mov eax, dword [ebx + 0x1843] -mov dword [ebx + 0x36cb], eax +mov dword [ebx + 0x36cc], eax mov eax, dword [ebx + 0x1847] mov dword [ebx + 0x1912], eax mov al, byte [ebx + 0x184b] mov byte [ebx + 0x1916], al mov al, byte [ebx + 0x184d] -mov byte [ebx + 0x36a8], al +mov byte [ebx + 0x36a9], al -loc_fffc3aff: ; not directly referenced +loc_fffc39f4: ; not directly referenced mov eax, dword [ebx + ecx + 0x184e] mov edx, dword [ebx + ecx + 0x1852] -mov dword [ebx + ecx + 0x36a9], eax -mov dword [ebx + ecx + 0x36ad], edx +mov dword [ebx + ecx + 0x36aa], eax +mov dword [ebx + ecx + 0x36ae], edx add ecx, 8 cmp ecx, 0x20 -jne short loc_fffc3aff ; jne 0xfffc3aff +jne short loc_fffc39f4 ; jne 0xfffc39f4 lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -48020,7 +47901,7 @@ pop edi pop ebp ret -fcn_fffc3b2d: ; not directly referenced +fcn_fffc3a22: ; not directly referenced push ebp mov ebp, esp push ebx @@ -48028,32 +47909,32 @@ sub esp, 0x10 mov ebx, dword [ebp + 8] mov al, byte [ebx + 0x18b1] mov ecx, dword [ebx + 0x18cd] -mov byte [ebx + 0x2479], 0 -mov byte [ebx + 0x3748], al +mov byte [ebx + 0x247a], 0 +mov byte [ebx + 0x3749], al mov al, byte [ebx + 0x23ff] lea edx, [ecx + 0x18] -mov byte [ebx + 0x3745], al -mov eax, dword [ebx + 0x2443] +mov byte [ebx + 0x3746], al +mov eax, dword [ebx + 0x2444] push edx call dword [eax + 0x20] ; ucall add esp, 0x10 mov edx, eax shr edx, 0x10 test ax, ax -jne short loc_fffc3b80 ; jne 0xfffc3b80 +jne short loc_fffc3a75 ; jne 0xfffc3a75 cmp dx, 1 -jbe short loc_fffc3b80 ; jbe 0xfffc3b80 +jbe short loc_fffc3a75 ; jbe 0xfffc3a75 mov al, dl -jmp short loc_fffc3b86 ; jmp 0xfffc3b86 +jmp short loc_fffc3a7b ; jmp 0xfffc3a7b -loc_fffc3b80: ; not directly referenced +loc_fffc3a75: ; not directly referenced mov al, byte [ebx + 0x2401] -loc_fffc3b86: ; not directly referenced +loc_fffc3a7b: ; not directly referenced mov ecx, dword [ebx + 0x18cd] sub esp, 0xc -mov byte [ebx + 0x3747], al -mov eax, dword [ebx + 0x2443] +mov byte [ebx + 0x3748], al +mov eax, dword [ebx + 0x2444] lea edx, [ecx + 0x28] push edx call dword [eax + 0x20] ; ucall @@ -48061,37 +47942,37 @@ add esp, 0x10 mov edx, eax shr edx, 0x10 test ax, ax -jne short loc_fffc3bb9 ; jne 0xfffc3bb9 +jne short loc_fffc3aae ; jne 0xfffc3aae cmp dx, 1 -jbe short loc_fffc3bb9 ; jbe 0xfffc3bb9 +jbe short loc_fffc3aae ; jbe 0xfffc3aae mov al, dl -jmp short loc_fffc3bbf ; jmp 0xfffc3bbf +jmp short loc_fffc3ab4 ; jmp 0xfffc3ab4 -loc_fffc3bb9: ; not directly referenced +loc_fffc3aae: ; not directly referenced mov al, byte [ebx + 0x2400] -loc_fffc3bbf: ; not directly referenced -mov byte [ebx + 0x3746], al +loc_fffc3ab4: ; not directly referenced +mov byte [ebx + 0x3747], al xor eax, eax mov ebx, dword [ebp - 4] leave ret -fcn_fffc3bcc: ; not directly referenced +fcn_fffc3ac1: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffc3bd3: ; not directly referenced +fcn_fffc3ac8: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffc3bda: ; not directly referenced +fcn_fffc3acf: ; not directly referenced push ebp and edx, 0xff00 mov ebp, esp @@ -48106,7 +47987,7 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffc3bf5: ; not directly referenced +fcn_fffc3aea: ; not directly referenced push ebp movzx ecx, dl mov ebp, esp @@ -48121,205 +48002,205 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffc3c0d: +fcn_fffc3b02: push ebp mov ebp, esp push esi push ebx -mov esi, dword [eax + 0x2443] +mov esi, dword [eax + 0x2444] lea ebx, [edx - 0xd] -mov ecx, dword [eax + 0x2480] +mov ecx, dword [eax + 0x2481] cmp ebx, 0x36 -ja loc_fffc3dad ; ja 0xfffc3dad -jmp dword [ebx*4 + ref_fffd59e0] ; ujmp: jmp dword [ebx*4 - 0x2a620] +ja loc_fffc3ca2 ; ja 0xfffc3ca2 +jmp dword [ebx*4 + ref_fffd549c] ; ujmp: jmp dword [ebx*4 - 0x2ab64] -loc_fffc3c31: +loc_fffc3b26: cmp ecx, 3 -je loc_fffc3dad ; je 0xfffc3dad +je loc_fffc3ca2 ; je 0xfffc3ca2 mov bl, byte [eax + 0x2403] -jmp short loc_fffc3c98 ; jmp 0xfffc3c98 +jmp short loc_fffc3b8d ; jmp 0xfffc3b8d -loc_fffc3c42: +loc_fffc3b37: mov bl, byte [eax + 0x2403] -jmp short loc_fffc3cc0 ; jmp 0xfffc3cc0 +jmp short loc_fffc3bb5 ; jmp 0xfffc3bb5 -loc_fffc3c4a: +loc_fffc3b3f: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d09 ; jmp 0xfffc3d09 +jmp near loc_fffc3bfe ; jmp 0xfffc3bfe -loc_fffc3c55: +loc_fffc3b4a: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d14 ; jmp 0xfffc3d14 +jmp near loc_fffc3c09 ; jmp 0xfffc3c09 -loc_fffc3c60: +loc_fffc3b55: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d87 ; jmp 0xfffc3d87 +jmp near loc_fffc3c7c ; jmp 0xfffc3c7c -loc_fffc3c6b: +loc_fffc3b60: mov bl, byte [eax + 0x2403] -jmp short loc_fffc3cdd ; jmp 0xfffc3cdd +jmp short loc_fffc3bd2 ; jmp 0xfffc3bd2 -loc_fffc3c73: +loc_fffc3b68: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d1f ; jmp 0xfffc3d1f +jmp near loc_fffc3c14 ; jmp 0xfffc3c14 -loc_fffc3c7e: +loc_fffc3b73: movsx ebx, byte [eax + 0x2403] -jmp near loc_fffc3d51 ; jmp 0xfffc3d51 +jmp near loc_fffc3c46 ; jmp 0xfffc3c46 -loc_fffc3c8a: +loc_fffc3b7f: cmp ecx, 2 -jmp near loc_fffc3d7c ; jmp 0xfffc3d7c +jmp near loc_fffc3c71 ; jmp 0xfffc3c71 -loc_fffc3c92: +loc_fffc3b87: mov bl, byte [eax + 0x2404] -loc_fffc3c98: +loc_fffc3b8d: not ebx -jmp near loc_fffc3d25 ; jmp 0xfffc3d25 +jmp near loc_fffc3c1a ; jmp 0xfffc3c1a -loc_fffc3c9f: +loc_fffc3b94: mov bl, byte [eax + 0x2406] -jmp short loc_fffc3cdd ; jmp 0xfffc3cdd +jmp short loc_fffc3bd2 ; jmp 0xfffc3bd2 -loc_fffc3ca7: +loc_fffc3b9c: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3d87 ; jmp 0xfffc3d87 +jmp near loc_fffc3c7c ; jmp 0xfffc3c7c -loc_fffc3cb2: +loc_fffc3ba7: mov bl, byte [eax + 0x2406] -jmp short loc_fffc3d14 ; jmp 0xfffc3d14 +jmp short loc_fffc3c09 ; jmp 0xfffc3c09 -loc_fffc3cba: +loc_fffc3baf: mov bl, byte [eax + 0x2404] -loc_fffc3cc0: +loc_fffc3bb5: shr bl, 1 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3cc4: +loc_fffc3bb9: mov bl, byte [eax + 0x2404] -jmp short loc_fffc3d09 ; jmp 0xfffc3d09 +jmp short loc_fffc3bfe ; jmp 0xfffc3bfe -loc_fffc3ccc: +loc_fffc3bc1: mov bl, byte [eax + 0x2404] -jmp near loc_fffc3d87 ; jmp 0xfffc3d87 +jmp near loc_fffc3c7c ; jmp 0xfffc3c7c -loc_fffc3cd7: +loc_fffc3bcc: mov bl, byte [eax + 0x2404] -loc_fffc3cdd: +loc_fffc3bd2: shr bl, 5 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3ce2: +loc_fffc3bd7: mov bl, byte [eax + 0x2404] -jmp short loc_fffc3d1f ; jmp 0xfffc3d1f +jmp short loc_fffc3c14 ; jmp 0xfffc3c14 -loc_fffc3cea: +loc_fffc3bdf: movsx ebx, byte [eax + 0x2404] -jmp short loc_fffc3d51 ; jmp 0xfffc3d51 +jmp short loc_fffc3c46 ; jmp 0xfffc3c46 -loc_fffc3cf3: +loc_fffc3be8: mov bl, byte [eax + 0x2405] -jmp short loc_fffc3c98 ; jmp 0xfffc3c98 +jmp short loc_fffc3b8d ; jmp 0xfffc3b8d -loc_fffc3cfb: +loc_fffc3bf0: mov bl, byte [eax + 0x2405] -jmp short loc_fffc3cc0 ; jmp 0xfffc3cc0 +jmp short loc_fffc3bb5 ; jmp 0xfffc3bb5 -loc_fffc3d03: +loc_fffc3bf8: mov bl, byte [eax + 0x2405] -loc_fffc3d09: +loc_fffc3bfe: shr bl, 2 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3d0e: +loc_fffc3c03: mov bl, byte [eax + 0x2405] -loc_fffc3d14: +loc_fffc3c09: shr bl, 3 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3d19: +loc_fffc3c0e: mov bl, byte [eax + 0x2405] -loc_fffc3d1f: +loc_fffc3c14: shr bl, 6 -loc_fffc3d22: +loc_fffc3c17: xor ebx, 1 -loc_fffc3d25: +loc_fffc3c1a: and ebx, 1 -jmp near loc_fffc3daf ; jmp 0xfffc3daf +jmp near loc_fffc3ca4 ; jmp 0xfffc3ca4 -loc_fffc3d2d: +loc_fffc3c22: mov ebx, 1 test byte [eax + 0x2405], 0x20 -je short loc_fffc3daf ; je 0xfffc3daf +je short loc_fffc3ca4 ; je 0xfffc3ca4 cmp dword [eax + 0x188b], 0 -loc_fffc3d42: +loc_fffc3c37: sete bl -loc_fffc3d45: +loc_fffc3c3a: movzx ebx, bl -jmp short loc_fffc3daf ; jmp 0xfffc3daf +jmp short loc_fffc3ca4 ; jmp 0xfffc3ca4 -loc_fffc3d4a: +loc_fffc3c3f: movsx ebx, byte [eax + 0x2405] -loc_fffc3d51: +loc_fffc3c46: not ebx shr ebx, 0x1f -jmp short loc_fffc3daf ; jmp 0xfffc3daf +jmp short loc_fffc3ca4 ; jmp 0xfffc3ca4 -loc_fffc3d58: +loc_fffc3c4d: mov ebx, 1 test byte [eax + 0x2406], 1 -je short loc_fffc3daf ; je 0xfffc3daf +je short loc_fffc3ca4 ; je 0xfffc3ca4 -loc_fffc3d66: +loc_fffc3c5b: cmp ecx, 3 -jmp short loc_fffc3d42 ; jmp 0xfffc3d42 +jmp short loc_fffc3c37 ; jmp 0xfffc3c37 -loc_fffc3d6b: +loc_fffc3c60: mov ebx, 1 test byte [eax + 0x2404], 8 -je short loc_fffc3daf ; je 0xfffc3daf +je short loc_fffc3ca4 ; je 0xfffc3ca4 -loc_fffc3d79: +loc_fffc3c6e: cmp ecx, 3 -loc_fffc3d7c: +loc_fffc3c71: setne bl -jmp short loc_fffc3d45 ; jmp 0xfffc3d45 +jmp short loc_fffc3c3a ; jmp 0xfffc3c3a -loc_fffc3d81: +loc_fffc3c76: mov bl, byte [eax + 0x2405] -loc_fffc3d87: +loc_fffc3c7c: shr bl, 4 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3d8c: +loc_fffc3c81: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3cc0 ; jmp 0xfffc3cc0 +jmp near loc_fffc3bb5 ; jmp 0xfffc3bb5 -loc_fffc3d97: +loc_fffc3c8c: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3d09 ; jmp 0xfffc3d09 +jmp near loc_fffc3bfe ; jmp 0xfffc3bfe -loc_fffc3da2: +loc_fffc3c97: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3d1f ; jmp 0xfffc3d1f +jmp near loc_fffc3c14 ; jmp 0xfffc3c14 -loc_fffc3dad: +loc_fffc3ca2: xor ebx, ebx -loc_fffc3daf: +loc_fffc3ca4: push ecx push 0 push edx @@ -48332,7 +48213,7 @@ pop esi pop ebp ret -fcn_fffc3dc3: +fcn_fffc3cb8: push ebp xor ecx, ecx mov ebp, esp @@ -48340,33 +48221,33 @@ push esi push ebx sub esp, 0x400 -loc_fffc3dd0: +loc_fffc3cc5: mov ebx, ecx mov esi, 8 -loc_fffc3dd7: +loc_fffc3ccc: test bl, 1 -je short loc_fffc3de6 ; je 0xfffc3de6 +je short loc_fffc3cdb ; je 0xfffc3cdb shr ebx, 1 xor ebx, 0xedb88320 -jmp short loc_fffc3de8 ; jmp 0xfffc3de8 +jmp short loc_fffc3cdd ; jmp 0xfffc3cdd -loc_fffc3de6: +loc_fffc3cdb: shr ebx, 1 -loc_fffc3de8: +loc_fffc3cdd: dec esi -jne short loc_fffc3dd7 ; jne 0xfffc3dd7 +jne short loc_fffc3ccc ; jne 0xfffc3ccc mov dword [ebp + ecx*4 - 0x408], ebx inc ecx cmp ecx, 0x100 -jne short loc_fffc3dd0 ; jne 0xfffc3dd0 +jne short loc_fffc3cc5 ; jne 0xfffc3cc5 or ecx, 0xffffffff xor ebx, ebx -loc_fffc3e00: +loc_fffc3cf5: cmp ebx, edx -je short loc_fffc3e1b ; je 0xfffc3e1b +je short loc_fffc3d10 ; je 0xfffc3d10 mov esi, ecx xor cl, byte [eax + ebx] inc ebx @@ -48374,9 +48255,9 @@ shr esi, 8 movzx ecx, cl xor esi, dword [ebp + ecx*4 - 0x408] mov ecx, esi -jmp short loc_fffc3e00 ; jmp 0xfffc3e00 +jmp short loc_fffc3cf5 ; jmp 0xfffc3cf5 -loc_fffc3e1b: +loc_fffc3d10: add esp, 0x400 mov eax, ecx pop ebx @@ -48385,9 +48266,9 @@ pop esi pop ebp ret -fcn_fffc3e29: +fcn_fffc3d1e: cmp dword [eax + 0x39], 1 -jne loc_fffc3f07 ; jne 0xfffc3f07 +jne loc_fffc3dfc ; jne 0xfffc3dfc push ebp add eax, 0x369 mov ebp, esp @@ -48399,11 +48280,11 @@ mov ebx, dword [edx + 9] mov dword [ebp - 0x10], eax mov byte [ebp - 0x11], 2 -loc_fffc3e4b: +loc_fffc3d40: mov ecx, dword [ebp - 0x10] xor esi, esi -loc_fffc3e50: +loc_fffc3d45: movzx edi, byte [ebx + 0x10] mov word [ecx - 0x18], di mov di, word [ebx + 8] @@ -48425,15 +48306,15 @@ mov word [ecx - 8], di mov di, word [ebx + 0xc] mov word [ecx - 2], di cmp byte [edx], 5 -jbe short loc_fffc3eae ; jbe 0xfffc3eae +jbe short loc_fffc3da3 ; jbe 0xfffc3da3 mov di, word [ebx + 0x68] mov word [ecx], di -jmp short loc_fffc3eb3 ; jmp 0xfffc3eb3 +jmp short loc_fffc3da8 ; jmp 0xfffc3da8 -loc_fffc3eae: +loc_fffc3da3: mov word [ecx], 0 -loc_fffc3eb3: +loc_fffc3da8: mov di, word [ebx + 0x16] inc esi add ecx, 0x277 @@ -48446,20 +48327,1683 @@ mov word [ecx - 0x26d], di mov di, word [ebx + 0x18] mov word [ecx - 0x26b], di cmp al, 2 -jne loc_fffc3e50 ; jne 0xfffc3e50 +jne loc_fffc3d45 ; jne 0xfffc3d45 add dword [ebp - 0x10], 0x54a dec byte [ebp - 0x11] -jne loc_fffc3e4b ; jne 0xfffc3e4b +jne loc_fffc3d40 ; jne 0xfffc3d40 add esp, 5 pop ebx pop esi pop edi pop ebp -loc_fffc3f07: +loc_fffc3dfc: +ret + +fcn_fffc3dfd: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +xor ebx, ebx +sub esp, 0x2c +mov eax, dword [eax + 0x2481] +mov dword [ebp - 0x2c], ecx +lea edi, [esi + 0x3757] +mov byte [ebp - 0x25], dl +mov dword [ebp - 0x24], eax + +loc_fffc3e1f: ; not directly referenced +cmp dword [edi], 2 +jne loc_fffc3f1b ; jne 0xfffc3f1b +mov dl, byte [ebp - 0x25] +and dl, byte [edi + 0xc4] +je loc_fffc3f1b ; je 0xfffc3f1b +mov eax, dword [ebp - 0x2c] +movzx ecx, dl +mov dword [ebp - 0x20], ecx +movzx eax, byte [eax + ebx] +push edx +push 0 +push eax +push 3 +push ecx +push 0 +push ebx +push esi +mov dword [ebp - 0x1c], eax +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +xor edx, edx + +loc_fffc3e5c: ; not directly referenced +mov eax, dword [ebp - 0x20] +bt eax, edx +jae short loc_fffc3e71 ; jae 0xfffc3e71 +movzx edx, byte [edi + edx + 0x245] +add edx, dword [ebp - 0x1c] +jmp short loc_fffc3e79 ; jmp 0xfffc3e79 + +loc_fffc3e71: ; not directly referenced +inc edx +cmp edx, 4 +jne short loc_fffc3e5c ; jne 0xfffc3e5c +xor dl, dl + +loc_fffc3e79: ; not directly referenced +push ecx +push 0 +push edx +push 1 +push dword [ebp - 0x20] +push 4 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c +mov edx, dword [ebp - 0x1c] +push 0 +add edx, dword [edi + 0x111] +push edx +push 1 +push dword [ebp - 0x20] +push 2 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c +mov edx, dword [ebp - 0x1c] +push 0 +add edx, dword [edi + 0x119] +push edx +push 1 +push dword [ebp - 0x20] +push 1 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +cmp dword [ebp - 0x24], 3 +jne short loc_fffc3efd ; jne 0xfffc3efd +mov eax, dword [ebp - 0x1c] +add dword [edi + 0x111], eax +push edx +push 0 +mov edx, dword [edi + 0x115] +add edx, eax +push edx +push 2 +push dword [ebp - 0x20] +push 2 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov edx, dword [ebp - 0x1c] +add esp, 0x20 +sub dword [edi + 0x111], edx + +loc_fffc3efd: ; not directly referenced +mov edx, dword [ebp - 0x1c] +push eax +push 0 +add edx, dword [edi + 0x109] +push edx +push 1 +push dword [ebp - 0x20] +push 3 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 + +loc_fffc3f1b: ; not directly referenced +inc ebx +add edi, 0x13c3 +cmp ebx, 2 +jne loc_fffc3e1f ; jne 0xfffc3e1f +sub esp, 0xc +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp ret -fcn_fffc3f08: ; not directly referenced +fcn_fffc3f3c: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +mov ebx, edx +sub esp, 0x3d0 +mov edi, dword [ebp + 0xc] +mov dword [ebp - 0x3cc], ecx +mov ecx, dword [ebp + 0x14] +mov byte [ebp - 0x38e], dl +mov dl, byte [ebp + 8] +mov esi, dword [ebp + 0x10] +mov dword [ebp - 0x34c], eax +xor eax, eax +cmp bl, 0xc +mov dword [ebp - 0x37c], ecx +mov ecx, dword [ebp + 0x24] +mov dword [ebp - 0x374], edi +mov byte [ebp - 0x3a4], dl +mov edx, edi +lea edi, [ebp - 0x2e0] +mov dword [ebp - 0x380], ecx +mov ecx, dword [ebp + 0x2c] +mov byte [ebp - 0x34d], dl +mov edx, esi +mov byte [ebp - 0x364], dl +mov dl, byte [ebp + 0x20] +mov dword [ebp - 0x378], esi +mov esi, ref_fffd5578 ; mov esi, 0xfffd5578 +mov dword [ebp - 0x384], ecx +mov ecx, 0xb +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0x321] +mov byte [ebp - 0x38f], dl +mov dl, byte [ebp + 0x28] +mov word [ebp - 0x2d8], 7 +mov word [ebp - 0x2d2], 0x3ff +mov word [ebp - 0x2bc], 1 +mov byte [ebp - 0x34e], dl +mov cl, 0xd +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +lea edi, [ebp - 0x302] +mov esi, ref_fffd5588 ; mov esi, 0xfffd5588 +mov word [ebp - 0x2b6], 1 +mov cl, 4 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov eax, dword [ebp - 0x34c] +lea edi, [ebp - 0x288] +mov esi, ref_fffd5598 ; mov esi, 0xfffd5598 +mov byte [ebp - 0x33e], 0 +mov byte [ebp - 0x33d], 0 +mov word [ebp - 0x32c], 0 +mov dword [ebp - 0x32a], 0 +mov cl, 0xc +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, dword [eax + 0x2444] +mov esi, 0xa +mov al, 0x14 +cmovne esi, eax +push 0 +mov eax, esi +push 2 +mov byte [ebp - 0x3b6], al +lea eax, [ebp - 0x33a] +push eax +mov dword [ebp - 0x326], 7 +mov byte [ebp - 0x322], 0 +call dword [edi + 0x60] ; ucall +add esp, 0xc +push 0 +push 2 +lea eax, [ebp - 0x33c] +push eax +call dword [edi + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x10 +lea eax, [ebp - 0x314] +push eax +call dword [edi + 0x5c] ; ucall +add esp, 0xc +push 0x2c +lea eax, [ebp - 0x2e0] +push eax +lea eax, [ebp - 0x2b4] +push eax +call dword [edi + 0x58] ; ucall +add esp, 0x10 +xor eax, eax + +loc_fffc40b2: ; not directly referenced +mov byte [ebp + eax - 0x335], al +inc eax +cmp eax, 9 +jne short loc_fffc40b2 ; jne 0xfffc40b2 +cmp bl, 0xc +sete al +mov byte [ebp - 0x34f], al +movzx eax, al +mov dword [ebp - 0x354], eax +lea eax, [ebx - 8] +cmp al, 1 +setbe dl +cmp bl, 0xb +sete al +or dl, al +mov dword [ebp - 0x35c], 1 +jne short loc_fffc40fe ; jne 0xfffc40fe +xor eax, eax +cmp bl, 0xa +sete al +mov dword [ebp - 0x35c], eax + +loc_fffc40fe: ; not directly referenced +mov al, byte [ebp - 0x33d] +mov esi, dword [ebp - 0x34c] +movzx ecx, byte [ebp - 0x38e] +mov dword [ebp - 0x358], 0 +mov byte [ebp - 0x360], al +mov al, byte [ebp - 0x33e] +add esi, 0x381b +mov dword [ebp - 0x388], ecx + +loc_fffc4133: ; not directly referenced +mov cl, byte [esi] +test cl, cl +je loc_fffc41f7 ; je 0xfffc41f7 +mov dl, cl +and edx, 0xc +cmp dl, 0xc +je short loc_fffc415d ; je 0xfffc415d +mov dl, cl +and edx, 3 +cmp dl, 3 +sete dl +movzx edx, dl +mov dword [ebp - 0x370], edx +jmp short loc_fffc4167 ; jmp 0xfffc4167 + +loc_fffc415d: ; not directly referenced +mov dword [ebp - 0x370], 1 + +loc_fffc4167: ; not directly referenced +test byte [ebp - 0x34e], cl +je loc_fffc41f7 ; je 0xfffc41f7 +mov cl, byte [ebp - 0x358] +mov edx, 1 +shl edx, cl +mov ecx, dword [ebp - 0x388] +mov dword [ebp - 0x368], edx +mov cl, byte [ebp + ecx - 0x321] +mov byte [ebp - 0x36c], cl +and cl, 2 +je short loc_fffc41b9 ; je 0xfffc41b9 +mov cl, byte [ebp - 0x360] +mov dl, byte [ebp - 0x368] +or edx, ecx +cmp dword [esi - 4], 2 +cmove ecx, edx +mov byte [ebp - 0x360], cl + +loc_fffc41b9: ; not directly referenced +test byte [ebp - 0x36c], 1 +je short loc_fffc41cb ; je 0xfffc41cb +cmp dword [ebp - 0x370], 0 +jne short loc_fffc41d4 ; jne 0xfffc41d4 + +loc_fffc41cb: ; not directly referenced +cmp dword [ebp - 0x354], 0 +je short loc_fffc41da ; je 0xfffc41da + +loc_fffc41d4: ; not directly referenced +or eax, dword [ebp - 0x368] + +loc_fffc41da: ; not directly referenced +cmp dword [ebp - 0x35c], 0 +je short loc_fffc41f7 ; je 0xfffc41f7 +mov edx, dword [ebp - 0x358] +movzx ecx, al +bt ecx, edx +jb short loc_fffc41f7 ; jb 0xfffc41f7 +or eax, dword [ebp - 0x368] + +loc_fffc41f7: ; not directly referenced +inc dword [ebp - 0x358] +add esi, 0x13c3 +cmp dword [ebp - 0x358], 2 +jne loc_fffc4133 ; jne 0xfffc4133 +mov dl, byte [ebp - 0x360] +mov cl, byte [ebp - 0x374] +cmp byte [ebp - 0x378], cl +mov byte [ebp - 0x33e], al +mov byte [ebp - 0x33d], dl +setle cl +or al, dl +mov byte [ebp - 0x358], al +sete al +or cl, al +je short loc_fffc424a ; je 0xfffc424a + +loc_fffc4240: ; not directly referenced +mov eax, 1 +jmp near loc_fffc4f9d ; jmp 0xfffc4f9d + +loc_fffc424a: ; not directly referenced +mov eax, dword [ebp - 0x34c] +mov byte [eax + 0x248c], 3 +lea eax, [ebx - 6] +cmp al, 1 +ja short loc_fffc4279 ; ja 0xfffc4279 +mov eax, dword [ebp - 0x34c] +mov edx, 1 +mov ecx, 4 +mov byte [eax + 0x248c], 5 +mov al, 0xd +jmp short loc_fffc429b ; jmp 0xfffc429b + +loc_fffc4279: ; not directly referenced +cmp dword [ebp - 0x35c], 0 +je short loc_fffc42a2 ; je 0xfffc42a2 +mov eax, dword [ebp - 0x34c] +mov edx, 1 +mov ecx, 5 +mov byte [eax + 0x248c], 6 +mov al, 0xd + +loc_fffc429b: ; not directly referenced +mov esi, 0x80 +jmp short loc_fffc42c4 ; jmp 0xfffc42c4 + +loc_fffc42a2: ; not directly referenced +cmp byte [ebp - 0x34f], 1 +sbb eax, eax +xor edx, edx +and eax, 0xfffffffd +xor ecx, ecx +add eax, 0x10 +cmp byte [ebp - 0x34f], 1 +sbb esi, esi +and esi, 0x7c +add esi, 4 + +loc_fffc42c4: ; not directly referenced +movzx eax, al +movzx esi, si +mov dword [ebp - 0x35c], ebx +mov ebx, dword [ebp - 0x34c] +mov word [ebp - 0x32c], ax +movzx eax, byte [ebp - 0x37c] +mov dword [ebp - 0x2a0], edx +mov dword [ebp - 0x294], edx +mov bl, byte [ebx + 0x248c] +mov edx, eax +movzx eax, byte [ebp - 0x358] +push 0 +push 0 +push 0 +mov byte [ebp - 0x322], bl +mov ebx, eax +mov dword [ebp - 0x3a0], eax +lea eax, [ebp - 0x32c] +push eax +push 0 +lea eax, [ebp - 0x2b4] +push eax +push edx +push esi +mov dword [ebp - 0x358], edx +mov edx, ebx +mov ebx, dword [ebp - 0x34c] +mov eax, ebx +call fcn_fffae425 ; call 0xfffae425 +add esp, 0x20 +lea eax, [esi - 1] +mov esi, ebx +call fcn_fffb396b ; call 0xfffb396b +mov cl, byte [ebp - 0x358] +mov edx, 1 +sub ecx, eax +mov eax, edx +shl eax, cl +mov ecx, eax +mov al, 1 +test cl, cl +cmovg eax, ecx +mov byte [ebx + 0x248d], al +mov ebx, dword [ebp - 0x35c] +movzx ecx, byte [esi + 0x2489] +mov dword [ebp - 0x35c], 0 +lea eax, [ebx - 0xa] +cmp al, 1 +mov byte [ebp - 0x3b5], al +setbe al +movzx eax, al +shl edx, cl +cmp bl, 0xa +mov bl, byte [ebp - 0x364] +mov dword [ebp - 0x38c], eax +lea eax, [edx - 1] +mov dl, byte [ebp - 0x34d] +mov word [ebp - 0x3a2], ax +sete al +lea eax, [eax + eax - 1] +mov cl, al +mov byte [ebp - 0x358], al +mov al, byte [ebp - 0x378] +cmove eax, edx +mov dl, al +mov byte [ebp - 0x34d], al +mov al, byte [ebp - 0x374] +cmove eax, ebx +add esi, 0x3757 +mov byte [ebp - 0x364], al +mov al, byte [ebp - 0x384] +imul eax, ecx +sub edx, eax +mov byte [ebp - 0x350], al +movzx eax, dl +mov dword [ebp - 0x36c], eax + +loc_fffc43ff: ; not directly referenced +cmp dword [esi], 2 +je short loc_fffc4476 ; je 0xfffc4476 + +loc_fffc4404: ; not directly referenced +add dword [ebp - 0x35c], 9 +add esi, 0x13c3 +cmp dword [ebp - 0x35c], 0x12 +jne short loc_fffc43ff ; jne 0xfffc43ff +movzx eax, byte [ebp - 0x380] +movzx edi, byte [ebp - 0x38e] +mov dword [ebp - 0x37c], 0 +mov dword [ebp - 0x3b0], eax +imul eax, eax, 0x90 +mov dword [ebp - 0x398], edi +movzx edi, byte [ebp - 0x34e] +mov dword [ebp - 0x3c4], eax +mov al, byte [ebp - 0x364] +mov dword [ebp - 0x39c], edi +mov byte [ebp - 0x36c], al +mov al, byte [ebp - 0x34d] +mov byte [ebp - 0x374], al +xor eax, eax +jmp near loc_fffc469c ; jmp 0xfffc469c + +loc_fffc4476: ; not directly referenced +mov ebx, dword [ebp - 0x34c] +push ecx +push dword [ebp - 0x36c] +movzx eax, byte [ebx + 0x2489] +push eax +mov eax, dword [ebp - 0x35c] +lea eax, [ebp + eax - 0x2f2] +push eax +call dword [edi + 0x5c] ; ucall +mov al, byte [ebx + 0x2489] +add esp, 0x10 +xor edx, edx +mov byte [ebp - 0x368], al + +loc_fffc44ad: ; not directly referenced +cmp dl, byte [ebp - 0x368] +je loc_fffc4404 ; je 0xfffc4404 +movzx ecx, dl +add ecx, dword [ebp - 0x35c] +lea eax, [ebp - 0x258] +mov byte [ebp - 0x360], 0 +add ecx, ecx +add ecx, eax +xor eax, eax + +loc_fffc44d5: ; not directly referenced +mov bl, byte [ebp - 0x3a4] +cmp byte [ebp - 0x360], bl +je short loc_fffc4523 ; je 0xfffc4523 +mov bl, byte [ebp - 0x38f] +test bl, bl +je short loc_fffc4516 ; je 0xfffc4516 +mov word [ecx + eax], 0x500 +cmp bl, 1 +jbe short loc_fffc44ff ; jbe 0xfffc44ff +mov word [ecx + eax + 0x24], 0x500 + +loc_fffc44ff: ; not directly referenced +cmp byte [ebp - 0x38f], 1 +mov word [ecx + eax + 0x48], 0x500 +jbe short loc_fffc4516 ; jbe 0xfffc4516 +mov word [ecx + eax + 0x6c], 0x500 + +loc_fffc4516: ; not directly referenced +inc byte [ebp - 0x360] +add eax, 0x90 +jmp short loc_fffc44d5 ; jmp 0xfffc44d5 + +loc_fffc4523: ; not directly referenced +inc edx +jmp short loc_fffc44ad ; jmp 0xfffc44ad + +loc_fffc4526: ; not directly referenced +test al, al +jne loc_fffc46b8 ; jne 0xfffc46b8 +mov al, byte [ebp - 0x34d] +sub eax, dword [ebp - 0x374] +imul eax, dword [ebp - 0x358] +mov byte [ebp - 0x38d], al +dec al +sete al +test byte [ebp - 0x34f], al +je short loc_fffc4578 ; je 0xfffc4578 +mov al, byte [ebp - 0x36c] +add ecx, dword [ebp - 0x374] +neg byte [ebp - 0x358] +mov byte [ebp - 0x374], dl +mov byte [ebp - 0x34d], al +mov byte [ebp - 0x36c], cl + +loc_fffc4578: ; not directly referenced +movzx eax, byte [ebp - 0x34d] +xor esi, esi +mov edi, eax +shl edi, 0x18 +mov dword [ebp - 0x360], edi +mov edi, 0x48dc +mov dword [ebp - 0x368], eax + +loc_fffc4597: ; not directly referenced +imul eax, esi, 0x13c3 +mov ebx, dword [ebp - 0x34c] +mov al, byte [ebx + eax + 0x381b] +mov ebx, dword [ebp - 0x3a0] +bt ebx, esi +jb loc_fffc46e2 ; jb 0xfffc46e2 + +loc_fffc45b9: ; not directly referenced +inc esi +add edi, 8 +cmp esi, 2 +jne short loc_fffc4597 ; jne 0xfffc4597 +mov al, byte [ebp - 0x34d] +sub eax, dword [ebp - 0x358] +mov dword [ebp - 0x3a8], 0 +mov dword [ebp - 0x368], 0 +mov byte [ebp - 0x390], al +mov al, byte [ebp - 0x350] +sub byte [ebp - 0x390], al + +loc_fffc45f4: ; not directly referenced +mov eax, dword [ebp - 0x368] +movzx eax, byte [ebp + eax - 0x33e] +mov byte [ebp - 0x3a3], al +test al, al +je loc_fffc4e37 ; je 0xfffc4e37 +mov dword [ebp - 0x35c], eax +xor esi, esi +imul eax, dword [ebp - 0x368], 6 +mov dword [ebp - 0x364], eax + +loc_fffc4625: ; not directly referenced +mov eax, dword [ebp - 0x35c] +bt eax, esi +jb loc_fffc4802 ; jb 0xfffc4802 + +loc_fffc4634: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffc4625 ; jne 0xfffc4625 +mov eax, dword [ebp - 0x35c] +mov byte [ebp - 0x360], 0 +and eax, 2 +mov dword [ebp - 0x3b4], eax +mov eax, dword [ebp + 0x1c] +mov dword [ebp - 0x394], eax + +loc_fffc4659: ; not directly referenced +mov al, byte [ebp - 0x394] +sub eax, dword [ebp + 0x1c] +mov byte [ebp - 0x364], al +cmp al, byte [ebp - 0x38f] +jae short loc_fffc467d ; jae 0xfffc467d +cmp byte [ebp - 0x360], 0 +je loc_fffc48b2 ; je 0xfffc48b2 + +loc_fffc467d: ; not directly referenced +cmp dword [ebp - 0x368], 1 +jne loc_fffc4e43 ; jne 0xfffc4e43 + +loc_fffc468a: ; not directly referenced +mov al, byte [ebp - 0x358] +add byte [ebp - 0x34d], al +mov al, byte [ebp - 0x360] + +loc_fffc469c: ; not directly referenced +mov edi, dword [ebp - 0x358] +mov dl, byte [ebp - 0x36c] +mov ecx, edi +add edx, edi +cmp byte [ebp - 0x34d], dl +jne loc_fffc4526 ; jne 0xfffc4526 + +loc_fffc46b8: ; not directly referenced +cmp dword [ebp - 0x354], 1 +jne loc_fffc4e66 ; jne 0xfffc4e66 +mov al, byte [ebp - 0x374] +add eax, dword [ebp - 0x358] +neg byte [ebp - 0x358] +mov byte [ebp - 0x36c], al +jmp near loc_fffc4e66 ; jmp 0xfffc4e66 + +loc_fffc46e2: ; not directly referenced +and al, byte [ebp - 0x34e] +mov byte [ebp - 0x364], al +je loc_fffc45b9 ; je 0xfffc45b9 +mov ebx, dword [ebp - 0x34c] +mov edx, edi +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +mov dword [ebp - 0x34c], ebx +xor al, al +or eax, dword [ebp - 0x398] +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x34c] +lea ebx, [edi - 4] +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +lea ebx, [edi + 0x10] +and eax, 0xffffff +or eax, dword [ebp - 0x360] +mov ecx, eax +mov eax, dword [ebp - 0x34c] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x34c] +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +lea ebx, [edi + 0xc] +xor al, al +or eax, dword [ebp - 0x398] +mov ecx, eax +mov eax, dword [ebp - 0x34c] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x34c] +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +and eax, 0xffffff +or eax, dword [ebp - 0x360] +mov ecx, eax +mov eax, dword [ebp - 0x34c] +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x38c], 0 +mov byte [ebp - 0x35c], 1 +je short loc_fffc47b9 ; je 0xfffc47b9 +mov eax, dword [ebp - 0x34c] +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x35c], al + +loc_fffc47b9: ; not directly referenced +movzx eax, byte [ebp - 0x364] +xor ebx, ebx +mov dword [ebp - 0x364], eax + +loc_fffc47c8: ; not directly referenced +cmp byte [ebp - 0x35c], bl +jbe loc_fffc45b9 ; jbe 0xfffc45b9 +sub esp, 0xc +mov eax, dword [ebp - 0x34c] +mov ecx, ebx +push dword [ebp - 0x364] +mov edx, esi +inc ebx +push 0 +push 0 +push dword [ebp - 0x368] +push dword [ebp - 0x398] +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 +jmp short loc_fffc47c8 ; jmp 0xfffc47c8 + +loc_fffc4802: ; not directly referenced +imul eax, esi, 0x13c3 +mov edi, dword [ebp - 0x34c] +mov dl, byte [ebp - 0x34e] +and dl, byte [edi + eax + 0x381b] +je loc_fffc4634 ; je 0xfffc4634 +cmp dword [ebp - 0x354], 0 +mov eax, 0x3210 +jne short loc_fffc484c ; jne 0xfffc484c +movzx ecx, dl +movzx ecx, byte [ebp + ecx - 0x302] +cmp cl, 0xf +je short loc_fffc484c ; je 0xfffc484c +add ecx, dword [ebp - 0x364] +mov eax, dword [ebp + ecx*4 - 0x288] + +loc_fffc484c: ; not directly referenced +mov dword [ebp - 0x360], 0 +xor ebx, ebx +movzx edx, dl + +loc_fffc485b: ; not directly referenced +test eax, eax +je short loc_fffc4881 ; je 0xfffc4881 +mov cl, al +and ecx, 0xf +shr eax, 4 +bt edx, ecx +movzx edi, cl +jae short loc_fffc485b ; jae 0xfffc485b +lea ecx, [ebx*4] +inc ebx +shl edi, cl +or dword [ebp - 0x360], edi +jmp short loc_fffc485b ; jmp 0xfffc485b + +loc_fffc4881: ; not directly referenced +mov edi, dword [ebp - 0x34c] +lea edx, [esi*4 + 0x4930] +dec ebx +mov ecx, dword [ebp - 0x360] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +movzx ecx, bl +mov eax, edi +lea edx, [esi*8 + 0x48ef] +call fcn_fffb335b ; call 0xfffb335b +jmp near loc_fffc4634 ; jmp 0xfffc4634 + +loc_fffc48b2: ; not directly referenced +mov eax, dword [ebp - 0x394] +cmp dword [ebp - 0x354], 0 +mov bl, byte [eax] +je short loc_fffc4906 ; je 0xfffc4906 +mov edi, dword [ebp - 0x360] +lea ecx, [ebp - 0x33c] +test byte [ebp - 0x3a3], 1 +mov edx, dword [ebp - 0x39c] +mov eax, edi +cmovne eax, ebx +cmp dword [ebp - 0x3b4], 0 +mov byte [ebp - 0x33c], al +mov eax, edi +cmovne eax, ebx +mov byte [ebp - 0x33b], al +mov eax, dword [ebp - 0x34c] +call fcn_fffc3dfd ; call 0xfffc3dfd +jmp short loc_fffc4976 ; jmp 0xfffc4976 + +loc_fffc4906: ; not directly referenced +cmp byte [ebp - 0x368], 1 +movzx eax, bl +jne short loc_fffc493f ; jne 0xfffc493f +mov esi, dword [ebp - 0x35c] +sub esp, 0xc +mov ecx, 3 +mov edi, dword [ebp - 0x34c] +neg ebx +push eax +mov edx, esi +mov eax, edi +call fcn_fffcff73 ; call 0xfffcff73 +movzx eax, bl +mov ecx, 0xc +mov dword [esp], eax +jmp short loc_fffc496a ; jmp 0xfffc496a + +loc_fffc493f: ; not directly referenced +mov esi, dword [ebp - 0x35c] +sub esp, 0xc +mov ecx, 5 +mov edi, dword [ebp - 0x34c] +neg ebx +push eax +mov edx, esi +mov eax, edi +call fcn_fffcff73 ; call 0xfffcff73 +movzx eax, bl +mov ecx, 0xa +mov dword [esp], eax + +loc_fffc496a: ; not directly referenced +mov edx, esi +mov eax, edi +call fcn_fffcff73 ; call 0xfffcff73 +add esp, 0x10 + +loc_fffc4976: ; not directly referenced +movzx ebx, byte [ebp - 0x364] +mov dword [ebp - 0x388], 0 +imul ebx, ebx, 0x24 +add ebx, dword [ebp - 0x3a8] +mov dword [ebp - 0x3c8], ebx + +loc_fffc4996: ; not directly referenced +mov al, byte [ebp - 0x388] +cmp byte [ebp - 0x3a4], al +jbe loc_fffc4ddd ; jbe 0xfffc4ddd +mov eax, dword [ebp - 0x3cc] +mov edi, dword [ebp - 0x388] +mov bl, byte [eax + edi] +test bl, bl +je loc_fffc4240 ; je 0xfffc4240 +movzx eax, bl +mov dword [ebp - 0x378], eax +mov byte [ebp - 0x370], 0 +cmp bl, 0x21 +ja short loc_fffc49e0 ; ja 0xfffc49e0 +mov al, byte [eax + ref_fffd58e0] ; mov al, byte [eax - 0x2a720] +mov byte [ebp - 0x370], al + +loc_fffc49e0: ; not directly referenced +mov esi, dword [ebp - 0x34c] +xor ecx, ecx +mov edx, dword [ebp - 0x378] +mov eax, esi +call fcn_fffaab72 ; call 0xfffaab72 +cmp dword [esi + 0x2481], 2 +mov word [ebp - 0x3b8], ax +jne short loc_fffc4a1a ; jne 0xfffc4a1a +cmp bl, 0x11 +sete dl +cmp bl, 5 +sete al +or dl, al +jne short loc_fffc4a54 ; jne 0xfffc4a54 +cmp bl, 0x21 +je short loc_fffc4a54 ; je 0xfffc4a54 + +loc_fffc4a1a: ; not directly referenced +cmp bl, 0x10 +sete dl +cmp bl, 4 +sete al +or dl, al +jne short loc_fffc4a58 ; jne 0xfffc4a58 +cmp bl, 5 +sete dl +cmp bl, 0x20 +sete al +or dl, al +jne short loc_fffc4a58 ; jne 0xfffc4a58 +cmp bl, 0x21 +sete al +cmp bl, 0x11 +sete dl +or eax, edx +cmp al, 1 +sbb ebx, ebx +and ebx, 0xffffffe9 +add ebx, 0x36 +jmp short loc_fffc4a5a ; jmp 0xfffc4a5a + +loc_fffc4a54: ; not directly referenced +mov bl, 0x25 +jmp short loc_fffc4a5a ; jmp 0xfffc4a5a + +loc_fffc4a58: ; not directly referenced +mov bl, 0x36 + +loc_fffc4a5a: ; not directly referenced +xor eax, eax +mov dl, 1 + +loc_fffc4a5e: ; not directly referenced +mov esi, dword [ebp - 0x35c] +bt esi, eax +jae short loc_fffc4ab7 ; jae 0xfffc4ab7 +imul esi, eax, 0x13c3 +mov edi, dword [ebp - 0x34c] +mov cl, byte [ebp - 0x34e] +test byte [edi + esi + 0x381b], cl +je short loc_fffc4ab7 ; je 0xfffc4ab7 +cmp byte [ebp - 0x3b5], 2 +ja short loc_fffc4aa6 ; ja 0xfffc4aa6 +mov di, word [ebp - 0x3a2] +cmp word [ebp + eax*2 - 0x33a], di +mov edi, 0 +cmovne edx, edi +jmp short loc_fffc4ab7 ; jmp 0xfffc4ab7 + +loc_fffc4aa6: ; not directly referenced +cmp word [ebp + eax*2 - 0x33a], 0 +mov edi, 0 +cmove edx, edi + +loc_fffc4ab7: ; not directly referenced +inc eax +cmp eax, 2 +jne short loc_fffc4a5e ; jne 0xfffc4a5e +test dl, dl +jne loc_fffc4dd6 ; jne 0xfffc4dd6 +mov edi, dword [ebp - 0x34c] +mov ecx, dword [ebp - 0x378] +push edx +push edx +mov eax, edi +add eax, 0x2491 +push 0xf +mov edx, eax +push 0 +mov esi, eax +mov dword [ebp - 0x3bc], eax +mov eax, edi +call fcn_fffa7e1a ; call 0xfffa7e1a +add esp, 0x10 +test eax, eax +jne loc_fffc4f9d ; jne 0xfffc4f9d +push eax +movzx ebx, bl +mov ecx, dword [ebp - 0x35c] +push eax +mov edx, esi +lea eax, [ebp - 0x314] +push eax +push ebx +lea eax, [ebp - 0x335] +push eax +mov eax, edi +push dword [ebp - 0x378] +push 0xff +push dword [ebp - 0x3b0] +call fcn_fffd16df ; call 0xfffd16df +add esp, 0x20 +mov dword [ebp - 0x37c], eax +test eax, eax +jne loc_fffc4f97 ; jne 0xfffc4f97 +imul eax, dword [ebp - 0x388], 0x90 +mov esi, 0x64 +add eax, dword [ebp - 0x3c8] +mov bl, byte [ebp - 0x370] +lea edi, [ebp - 0x2f2] +mov dword [ebp - 0x364], edi +lea eax, [ebp + eax - 0x258] +mov dword [ebp - 0x384], eax +movzx eax, byte [ebp - 0x3b6] +movzx edi, bl +imul edi, edi, 0x240 +add edi, dword [ebp + 0x18] +add edi, dword [ebp - 0x3c4] +sub esi, eax +mov byte [ebp - 0x380], 1 +mov dword [ebp - 0x3d4], esi +mov dword [ebp - 0x3ac], edi +xor edi, edi + +loc_fffc4ba3: ; not directly referenced +imul eax, edi, 0x13c3 +mov esi, dword [ebp - 0x34c] +mov al, byte [esi + eax + 0x381b] +mov esi, dword [ebp - 0x35c] +bt esi, edi +jae loc_fffc4d7a ; jae 0xfffc4d7a +test byte [ebp - 0x34e], al +je loc_fffc4d7a ; je 0xfffc4d7a +mov eax, dword [ebp - 0x34c] +xor ecx, ecx +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x3bf], al + +loc_fffc4be5: ; not directly referenced +cmp byte [ebp - 0x3bf], cl +jbe loc_fffc4d7a ; jbe 0xfffc4d7a +mov eax, dword [ebp - 0x3ac] +mov dword [ebp - 0x370], 1 +shl dword [ebp - 0x370], cl +movzx ebx, word [eax + ecx*8 + 4] +movzx edx, word [eax + ecx*8] +mov esi, ebx +lea eax, [ebx + edx] +sub esi, edx +add eax, eax +mov word [ebp - 0x3be], ax +sub eax, esi +add si, word [ebp - 0x3be] +cmp bx, dx +mov ebx, dword [ebp - 0x370] +cmovbe eax, esi +mov si, word [ebp + edi*2 - 0x33a] +and bx, si +mov word [ebp - 0x3be], bx +je short loc_fffc4c56 ; je 0xfffc4c56 +cmp dword [ebp - 0x354], 0 +je loc_fffc4d74 ; je 0xfffc4d74 + +loc_fffc4c56: ; not directly referenced +mov edx, eax +mov ebx, 2 +sar dx, 0xf +idiv bx +cmp ax, word [ebp - 0x3b8] +jae short loc_fffc4cae ; jae 0xfffc4cae +cmp dword [ebp - 0x354], 1 +jne loc_fffc4d0a ; jne 0xfffc4d0a +cmp byte [ebp - 0x38d], 0 +mov byte [ebp - 0x380], 0 +jne loc_fffc4d74 ; jne 0xfffc4d74 +mov ax, word [ebp - 0x3a2] +mov word [ebp + edi*2 - 0x33a], ax +mov al, byte [ebp - 0x38d] +mov byte [ebp - 0x380], al +jmp near loc_fffc4d74 ; jmp 0xfffc4d74 + +loc_fffc4cae: ; not directly referenced +cmp byte [ebp - 0x38d], 0 +jne short loc_fffc4cd0 ; jne 0xfffc4cd0 +mov esi, dword [ebp - 0x384] +cmp word [esi + ecx*2], ax +jbe loc_fffc4d74 ; jbe 0xfffc4d74 +mov word [esi + ecx*2], ax +jmp near loc_fffc4d74 ; jmp 0xfffc4d74 + +loc_fffc4cd0: ; not directly referenced +movzx eax, ax +mov ebx, 0x64 +mov dword [ebp - 0x3d0], eax +mov eax, dword [ebp - 0x384] +movzx eax, word [eax + ecx*2] +imul eax, dword [ebp - 0x3d4] +cdq +idiv ebx +cmp dword [ebp - 0x3d0], eax +jge short loc_fffc4d26 ; jge 0xfffc4d26 +cmp dword [ebp - 0x354], 0 +mov byte [ebp - 0x380], 0 +jne short loc_fffc4d74 ; jne 0xfffc4d74 + +loc_fffc4d0a: ; not directly referenced +or esi, dword [ebp - 0x370] +mov al, byte [ebp - 0x390] +mov word [ebp + edi*2 - 0x33a], si +mov esi, dword [ebp - 0x364] +jmp short loc_fffc4d71 ; jmp 0xfffc4d71 + +loc_fffc4d26: ; not directly referenced +cmp dword [ebp - 0x354], 1 +jne short loc_fffc4d5f ; jne 0xfffc4d5f +mov ebx, dword [ebp - 0x370] +cmp word [ebp - 0x3be], bx +je short loc_fffc4d74 ; je 0xfffc4d74 +mov al, byte [ebp - 0x34d] +or esi, ebx +mov edx, dword [ebp - 0x364] +sub eax, dword [ebp - 0x350] +mov word [ebp + edi*2 - 0x33a], si +mov byte [edx + ecx], al +jmp short loc_fffc4d74 ; jmp 0xfffc4d74 + +loc_fffc4d5f: ; not directly referenced +mov al, byte [ebp - 0x34d] +mov esi, dword [ebp - 0x364] +sub eax, dword [ebp - 0x350] + +loc_fffc4d71: ; not directly referenced +mov byte [esi + ecx], al + +loc_fffc4d74: ; not directly referenced +inc ecx +jmp near loc_fffc4be5 ; jmp 0xfffc4be5 + +loc_fffc4d7a: ; not directly referenced +inc edi +add dword [ebp - 0x384], 0x12 +add dword [ebp - 0x364], 9 +add dword [ebp - 0x3ac], 0x48 +cmp edi, 2 +jne loc_fffc4ba3 ; jne 0xfffc4ba3 +cmp byte [ebp - 0x380], 0 +je short loc_fffc4dcb ; je 0xfffc4dcb +sub esp, 0xc +mov ecx, dword [ebp - 0x378] +push dword [ebp - 0x3b0] +mov edx, dword [ebp - 0x3bc] +mov eax, dword [ebp - 0x34c] +call fcn_fffa7d46 ; call 0xfffa7d46 +add esp, 0x10 +mov dword [ebp - 0x37c], eax + +loc_fffc4dcb: ; not directly referenced +inc dword [ebp - 0x388] +jmp near loc_fffc4996 ; jmp 0xfffc4996 + +loc_fffc4dd6: ; not directly referenced +mov byte [ebp - 0x360], 1 + +loc_fffc4ddd: ; not directly referenced +cmp dword [ebp - 0x354], 0 +je short loc_fffc4e0d ; je 0xfffc4e0d +mov edx, dword [ebp - 0x39c] +lea ecx, [ebp - 0x33c] +mov eax, dword [ebp - 0x34c] +mov byte [ebp - 0x33c], 0 +mov byte [ebp - 0x33b], 0 +call fcn_fffc3dfd ; call 0xfffc3dfd +jmp short loc_fffc4e2c ; jmp 0xfffc4e2c + +loc_fffc4e0d: ; not directly referenced +mov ecx, dword [ebp - 0x39c] +sub esp, 0xc +mov edx, dword [ebp - 0x35c] +mov eax, dword [ebp - 0x34c] +push 0 +call fcn_fffcff73 ; call 0xfffcff73 +add esp, 0x10 + +loc_fffc4e2c: ; not directly referenced +inc dword [ebp - 0x394] +jmp near loc_fffc4659 ; jmp 0xfffc4659 + +loc_fffc4e37: ; not directly referenced +mov byte [ebp - 0x360], 0 +jmp near loc_fffc467d ; jmp 0xfffc467d + +loc_fffc4e43: ; not directly referenced +add dword [ebp - 0x3a8], 0x48 +cmp byte [ebp - 0x360], 0 +jne loc_fffc468a ; jne 0xfffc468a +mov dword [ebp - 0x368], 1 +jmp near loc_fffc45f4 ; jmp 0xfffc45f4 + +loc_fffc4e66: ; not directly referenced +movzx eax, byte [ebp - 0x38e] +xor esi, esi +mov dword [ebp - 0x35c], eax + +loc_fffc4e75: ; not directly referenced +mov eax, dword [ebp - 0x3a0] +bt eax, esi +jae loc_fffc4f8d ; jae 0xfffc4f8d +imul eax, esi, 0x13c3 +mov edi, dword [ebp - 0x34c] +mov bl, byte [ebp - 0x34e] +and bl, byte [edi + eax + 0x381b] +mov byte [ebp - 0x354], bl +je loc_fffc4f8d ; je 0xfffc4f8d +movzx ebx, byte [ebp - 0x36c] +lea edi, [esi + esi*8] +lea eax, [ebp - 0x18] +mov byte [ebp - 0x34d], 0 +add edi, eax + +loc_fffc4ebf: ; not directly referenced +mov ecx, dword [ebp - 0x34c] +mov al, byte [ebp - 0x34d] +cmp al, byte [ecx + 0x2489] +jae loc_fffc4f5c ; jae 0xfffc4f5c +cmp byte [ebp - 0x358], 1 +jne short loc_fffc4ef6 ; jne 0xfffc4ef6 +movzx eax, byte [ebp - 0x34d] +movzx eax, byte [eax + edi - 0x2da] +cmp bl, al +cmovg ebx, eax +jmp short loc_fffc4f13 ; jmp 0xfffc4f13 + +loc_fffc4ef6: ; not directly referenced +cmp byte [ebp - 0x358], 0xff +jne short loc_fffc4f13 ; jne 0xfffc4f13 +movzx eax, byte [ebp - 0x34d] +movzx eax, byte [eax + edi - 0x2da] +cmp bl, al +cmovl ebx, eax + +loc_fffc4f13: ; not directly referenced +cmp dword [ebp - 0x38c], 0 +je short loc_fffc4f51 ; je 0xfffc4f51 +movzx eax, byte [ebp - 0x354] +sub esp, 0xc +mov edx, esi +movzx ecx, byte [ebp - 0x34d] +push eax +push 1 +push 1 +movzx eax, byte [ecx + edi - 0x2da] +push eax +mov eax, dword [ebp - 0x34c] +push dword [ebp - 0x35c] +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 + +loc_fffc4f51: ; not directly referenced +inc byte [ebp - 0x34d] +jmp near loc_fffc4ebf ; jmp 0xfffc4ebf + +loc_fffc4f5c: ; not directly referenced +cmp dword [ebp - 0x38c], 0 +jne short loc_fffc4f8d ; jne 0xfffc4f8d +movzx eax, byte [ebp - 0x354] +sub esp, 0xc +xor ecx, ecx +mov edx, esi +push eax +mov eax, dword [ebp - 0x34c] +push 1 +push 1 +push ebx +push dword [ebp - 0x35c] +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 + +loc_fffc4f8d: ; not directly referenced +inc esi +cmp esi, 2 +jne loc_fffc4e75 ; jne 0xfffc4e75 + +loc_fffc4f97: ; not directly referenced +mov eax, dword [ebp - 0x37c] + +loc_fffc4f9d: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc4fa5: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +xor ebx, ebx +sub esp, 0x2c +mov eax, dword [ebp + 8] +mov byte [ebp - 0x1c], 4 +mov byte [ebp - 0x1b], 1 +mov byte [ebp - 0x1a], 5 +mov eax, dword [eax + 0x5edd] +mov byte [ebp - 0x19], 2 +mov byte [ebp - 0x22], 4 +mov byte [ebp - 0x21], 1 +lea edx, [eax + 0x1c] +xor eax, eax +mov byte [ebp - 0x20], 5 +mov byte [ebp - 0x1f], 2 +mov byte [ebp - 0x1e], 0xf9 +mov byte [ebp - 0x1d], 7 +mov dword [ebp - 0x30], 0 +mov dword [ebp - 0x2c], 0 + +loc_fffc4ff4: ; not directly referenced +mov edi, dword [ebp + 8] +mov cl, byte [edi + eax + 0x381b] +test cl, cl +je short loc_fffc505c ; je 0xfffc505c +cmp dword [ebp - 0x2c], 0 +mov ebx, 1 +jne short loc_fffc501a ; jne 0xfffc501a +xor ebx, ebx +cmp dword [edi + eax + 0x3817], 2 +sete bl + +loc_fffc501a: ; not directly referenced +cmp dword [ebp - 0x30], 0 +mov edi, 1 +mov dword [ebp - 0x2c], ebx +jne short loc_fffc5041 ; jne 0xfffc5041 +mov esi, ecx +and esi, 0xc +mov ebx, esi +cmp bl, 0xc +je short loc_fffc5041 ; je 0xfffc5041 +and ecx, 3 +xor ebx, ebx +cmp cl, 3 +sete bl +mov edi, ebx + +loc_fffc5041: ; not directly referenced +movzx ecx, byte [edx + 0xa5] +mov bl, byte [edx + 0xa4] +mov dword [ebp - 0x30], edi +and ecx, 3 +shr bl, 6 +shl ecx, 2 +or ebx, ecx + +loc_fffc505c: ; not directly referenced +add eax, 0x13c3 +add edx, 0xcc +cmp eax, 0x2786 +jne short loc_fffc4ff4 ; jne 0xfffc4ff4 +mov eax, dword [ebp + 8] +mov edx, 1 +lea edi, [ebp - 0x1e] +call fcn_fffaa9ee ; call 0xfffaa9ee +mov eax, dword [ebp + 8] +mov edx, 0xa +lea esi, [eax + 0x2491] +push ecx +push ecx +push 1 +push 0xf +push 0 +push 2 +push edi +push esi +push 0xc +push 3 +push 0 +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov eax, dword [ebp + 8] +push 1 +mov edx, 0xb +push 0xf +push 0 +push 2 +push edi +push esi +push 0xc +push 0 +push 0xfffffffffffffffe +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 +cmp dword [ebp - 0x2c], 0 +je short loc_fffc5151 ; je 0xfffc5151 +push edx +mov eax, dword [ebp + 8] +push edx +mov edx, 1 +push 0 +push 0xf +push 0 +push 2 +push edi +push esi +push 0xc +push 7 +push 6 +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov eax, dword [ebp + 8] +push 0 +mov edx, 3 +push 0xf +push 0 +push 2 +push edi +push esi +push 0xc +push 8 +push 7 +push 2 +lea ecx, [ebp - 0x20] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov edx, 7 +push 0 +push 0xf +push 0 +push 2 +push edi +push esi +lea eax, [ebx + 1] +push 0xc +movsx eax, al +push eax +lea eax, [ebx - 1] +movsx eax, al +push eax +mov eax, dword [ebp + 8] +push 4 +lea ecx, [ebp - 0x1c] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 + +loc_fffc5151: ; not directly referenced +cmp dword [ebp - 0x30], 0 +je short loc_fffc51d0 ; je 0xfffc51d0 +push eax +xor edx, edx +push eax +mov eax, dword [ebp + 8] +push 0 +push 0xf +push 0 +push 2 +lea edi, [ebp - 0x1e] +push edi +push esi +push 0xc +push 7 +push 6 +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov eax, dword [ebp + 8] +push 0 +mov edx, 2 +push 0xf +push 0 +push 2 +push edi +push esi +push 0xc +push 8 +push 7 +push 2 +lea ecx, [ebp - 0x20] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov edx, 6 +push 0 +push 0xf +push 0 +push 2 +push edi +push esi +lea eax, [ebx + 1] +dec ebx +push 0xc +movsx eax, al +push eax +mov eax, dword [ebp + 8] +movsx ebx, bl +push ebx +push 4 +lea ecx, [ebp - 0x1c] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 + +loc_fffc51d0: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc51d8: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +xor ebx, ebx +sub esp, 0x3c +mov edi, dword [ebp + 8] +mov byte [ebp - 0x1a], 1 +mov byte [ebp - 0x19], 0x19 +mov dword [ebp - 0x38], 0 +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x30], eax + +loc_fffc51fe: ; not directly referenced +mov esi, 1 +mov cl, bl +shl esi, cl +mov eax, esi +test byte [edi + 0x248e], al +je loc_fffc52ae ; je 0xfffc52ae +test byte [edi + 0x381b], al +je short loc_fffc523d ; je 0xfffc523d +mov cl, byte [edi + ebx + 0x4768] +mov dl, 0xf +movsx eax, byte [edi + ebx + 0x476c] +cmp cl, 0xf +cmovbe edx, ecx +mov cl, al +mov byte [ebp - 0x29], dl +sub ecx, edx +jmp short loc_fffc5245 ; jmp 0xfffc5245 + +loc_fffc523d: ; not directly referenced +mov byte [ebp - 0x29], 0xf +xor eax, eax +xor ecx, ecx + +loc_fffc5245: ; not directly referenced +mov edx, esi +test byte [edi + 0x4bde], dl +je short loc_fffc526f ; je 0xfffc526f +movsx ecx, byte [edi + ebx + 0x5b2f] +mov dl, byte [ebp - 0x29] +cmp al, cl +cmovb eax, ecx +mov cl, byte [edi + ebx + 0x5b2b] +cmp dl, cl +cmova edx, ecx +mov cl, al +sub ecx, edx + +loc_fffc526f: ; not directly referenced +mov dl, 0 +test cl, cl +cmovs ecx, edx +push edx +movzx ecx, cl +push edx +push 0 +push esi +push ebx +push 1 +lea esi, [ebp - 0x19] +push esi +lea edx, [edi + 0x2491] +push edx +mov edx, 0xc +push 0xa +push eax +mov eax, edi +push ecx +push 1 +lea ecx, [ebp - 0x1a] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 +mov dword [ebp - 0x38], eax +dec eax +je loc_fffc53c0 ; je 0xfffc53c0 + +loc_fffc52ae: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffc51fe ; jne 0xfffc51fe +mov esi, dword [ebp - 0x30] +lea ebx, [edi + 0x3757] +mov dword [ebp - 0x34], 0 +add esi, 0x1c + +loc_fffc52cb: ; not directly referenced +cmp dword [ebx], 2 +je short loc_fffc52ed ; je 0xfffc52ed + +loc_fffc52d0: ; not directly referenced +inc dword [ebp - 0x34] +add ebx, 0x13c3 +add esi, 0xcc +cmp dword [ebp - 0x34], 2 +jne short loc_fffc52cb ; jne 0xfffc52cb +mov eax, dword [ebp - 0x38] +jmp near loc_fffc53c5 ; jmp 0xfffc53c5 + +loc_fffc52ed: ; not directly referenced +mov al, byte [esi + 0xa1] +movzx edx, byte [esi + 0xa2] +mov byte [ebp - 0x29], 0 +shr al, 7 +and edx, 7 +movzx eax, al +add edx, edx +or edx, eax +mov al, byte [esi + 0xa2] +shr al, 3 +and eax, 0xf +cmp al, dl +cmovb eax, edx +xor edx, edx +lea eax, [eax + eax - 8] +test al, al +cmovns edx, eax +mov al, byte [ebx + 0xc4] +xor ecx, ecx +mov byte [ebp - 0x2a], dl +mov byte [ebp - 0x30], al + +loc_fffc5335: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x30], dl +je short loc_fffc5353 ; je 0xfffc5353 +mov al, byte [ebp - 0x29] +mov dl, byte [ebx + ecx + 0x1015] +cmp al, dl +cmovb eax, edx +mov byte [ebp - 0x29], al + +loc_fffc5353: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc5335 ; jne 0xfffc5335 +mov al, byte [ebp - 0x29] +sub al, byte [ebp - 0x2a] +mov dword [ebp - 0x30], 0 +movzx eax, al +mov dword [ebp - 0x3c], eax + +loc_fffc536c: ; not directly referenced +mov cl, byte [ebp - 0x30] +mov eax, 1 +shl eax, cl +test byte [ebx + 0xc4], al +je short loc_fffc53b2 ; je 0xfffc53b2 +mov ecx, dword [ebp - 0x30] +mov dl, byte [ebp - 0x29] +sub dl, byte [ebx + ecx + 0x1015] +movsx ecx, byte [ebp - 0x2a] +movzx edx, dl +cmp edx, ecx +jle short loc_fffc53b2 ; jle 0xfffc53b2 +sub esp, 0xc +mov edx, dword [ebp - 0x34] +xor ecx, ecx +push eax +mov eax, edi +push 0 +push 1 +push dword [ebp - 0x3c] +push 0xc +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 + +loc_fffc53b2: ; not directly referenced +inc dword [ebp - 0x30] +cmp dword [ebp - 0x30], 4 +jne short loc_fffc536c ; jne 0xfffc536c +jmp near loc_fffc52d0 ; jmp 0xfffc52d0 + +loc_fffc53c0: ; not directly referenced +mov eax, 0x19 + +loc_fffc53c5: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc53cd: ; not directly referenced push ebp mov ebp, esp push edi @@ -48468,41 +50012,41 @@ push ebx sub esp, 0x3c mov ebx, dword [ebp + 8] cmp dword [ebx + 0x1887], 0x306d0 -je short loc_fffc3f54 ; je 0xfffc3f54 +je short loc_fffc5419 ; je 0xfffc5419 -loc_fffc3f20: ; not directly referenced +loc_fffc53e5: ; not directly referenced mov ecx, 0x14 mov edx, 0x5f08 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebx + 0x3756], 2 -jne loc_fffc407f ; jne 0xfffc407f +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebx + 0x3757], 2 +jne loc_fffc5544 ; jne 0xfffc5544 mov ecx, 0x3000 mov edx, 0x48a8 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc407f ; jmp 0xfffc407f +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffc5544 ; jmp 0xfffc5544 -loc_fffc3f54: ; not directly referenced +loc_fffc5419: ; not directly referenced cmp byte [ebx + 0x18ed], 0 -je short loc_fffc3f20 ; je 0xfffc3f20 -mov eax, dword [ebx + 0x36e8] +je short loc_fffc53e5 ; je 0xfffc53e5 +mov eax, dword [ebx + 0x36e9] sub eax, 2 cmp eax, 1 -ja short loc_fffc3f20 ; ja 0xfffc3f20 +ja short loc_fffc53e5 ; ja 0xfffc53e5 mov dl, 0x10 -loc_fffc3f6d: ; not directly referenced +loc_fffc5432: ; not directly referenced mov eax, ebx mov dword [ebp - 0x2c], edx -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov edx, dword [ebp - 0x2c] dec dl -jne short loc_fffc3f6d ; jne 0xfffc3f6d -cmp dword [ebx + 0x36e8], 3 -jne short loc_fffc3f20 ; jne 0xfffc3f20 -mov eax, dword [ebx + 0x2443] -mov esi, dword [ebx + 0x5edc] +jne short loc_fffc5432 ; jne 0xfffc5432 +cmp dword [ebx + 0x36e9], 3 +jne short loc_fffc53e5 ; jne 0xfffc53e5 +mov eax, dword [ebx + 0x2444] +mov esi, dword [ebx + 0x5edd] push edi push 0 push 0x10 @@ -48510,68 +50054,68 @@ lea edi, [ebp - 0x28] push edi mov dword [ebp - 0x3c], eax call dword [eax + 0x5c] ; ucall -lea eax, [ebx + 0x3756] +lea eax, [ebx + 0x3757] add esp, 0x10 mov dword [ebp - 0x30], eax lea eax, [esi + 0x70] mov dword [ebp - 0x34], eax -lea eax, [ebx + 0x2490] +lea eax, [ebx + 0x2491] mov dword [ebp - 0x2c], 0 mov dword [ebp - 0x40], eax mov dword [ebp - 0x44], edi -loc_fffc3fc7: ; not directly referenced +loc_fffc548c: ; not directly referenced mov eax, dword [ebp - 0x30] cmp dword [eax], 2 -je short loc_fffc3feb ; je 0xfffc3feb +je short loc_fffc54b0 ; je 0xfffc54b0 -loc_fffc3fcf: ; not directly referenced +loc_fffc5494: ; not directly referenced inc dword [ebp - 0x2c] add dword [ebp - 0x30], 0x13c3 add dword [ebp - 0x34], 0xcc cmp dword [ebp - 0x2c], 2 -jne short loc_fffc3fc7 ; jne 0xfffc3fc7 -jmp near loc_fffc3f20 ; jmp 0xfffc3f20 +jne short loc_fffc548c ; jne 0xfffc548c +jmp near loc_fffc53e5 ; jmp 0xfffc53e5 -loc_fffc3feb: ; not directly referenced +loc_fffc54b0: ; not directly referenced mov cl, byte [ebp - 0x2c] xor esi, esi xor edx, edx mov dword [ebp - 0x38], 1 shl dword [ebp - 0x38], cl -loc_fffc3ffc: ; not directly referenced +loc_fffc54c1: ; not directly referenced mov edi, dword [ebp - 0x30] mov eax, 1 mov ecx, esi shl eax, cl test byte [edi + 0xc4], al -je short loc_fffc4074 ; je 0xfffc4074 +je short loc_fffc5539 ; je 0xfffc5539 test edx, edx -jne short loc_fffc4074 ; jne 0xfffc4074 +jne short loc_fffc5539 ; jne 0xfffc5539 mov edx, dword [ebp - 0x2c] mov ecx, eax mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 movzx edi, al test dword [ebp - 0x38], edi -je short loc_fffc403f ; je 0xfffc403f +je short loc_fffc5504 ; je 0xfffc5504 push ecx push 0 -movzx eax, byte [ebx + 0x2488] +movzx eax, byte [ebx + 0x2489] push eax mov eax, dword [ebp - 0x3c] push dword [ebp - 0x34] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc403f: ; not directly referenced +loc_fffc5504: ; not directly referenced sub esp, 0xc mov ecx, 0x11 push 0 mov edx, edi mov eax, ebx -call fcn_fffb26ca ; call 0xfffb26ca +call fcn_fffae9e2 ; call 0xfffae9e2 mov ecx, edi pop eax mov eax, ebx @@ -48583,27 +50127,27 @@ push 1 push 1 push 2 push esi -call fcn_fffc6051 ; call 0xfffc6051 +call fcn_fffc66ae ; call 0xfffc66ae add esp, 0x20 mov edx, 1 -loc_fffc4074: ; not directly referenced +loc_fffc5539: ; not directly referenced inc esi cmp esi, 4 -jne short loc_fffc3ffc ; jne 0xfffc3ffc -jmp near loc_fffc3fcf ; jmp 0xfffc3fcf +jne short loc_fffc54c1 ; jne 0xfffc54c1 +jmp near loc_fffc5494 ; jmp 0xfffc5494 -loc_fffc407f: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffc4099 ; jne 0xfffc4099 +loc_fffc5544: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffc555e ; jne 0xfffc555e mov ecx, 0x3000 mov edx, 0x48b0 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc4099: ; not directly referenced +loc_fffc555e: ; not directly referenced mov eax, ebx -call fcn_fffae778 ; call 0xfffae778 +call fcn_fffb34af ; call 0xfffb34af lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -48612,7 +50156,7 @@ pop edi pop ebp ret -fcn_fffc40aa: ; not directly referenced +fcn_fffc556f: ; not directly referenced push ebp mov ebp, esp push edi @@ -48620,118 +50164,118 @@ push esi push ebx sub esp, 0x60 mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x5edc] +mov eax, dword [edi + 0x5edd] mov esi, dword [edi + 0x188b] mov dword [ebp - 0x44], eax -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] mov ebx, eax -mov dword [ebp - 0x48], eax +mov dword [ebp - 0x54], eax mov eax, dword [edi + 0x1887] mov dword [ebp - 0x4c], eax mov eax, dword [edi + 0x1883] mov dword [ebp - 0x50], eax -mov al, byte [edi + 0x248d] +mov al, byte [edi + 0x248e] push 0 push 0x10 -mov byte [ebp - 0x5b], al +mov byte [ebp - 0x63], al lea eax, [ebp - 0x28] push eax mov eax, ebx call dword [eax + 0x5c] ; ucall add esp, 0x10 -cmp byte [edi + 0x36c9], 0 -jne short loc_fffc410e ; jne 0xfffc410e +cmp byte [edi + 0x36ca], 0 +jne short loc_fffc55d3 ; jne 0xfffc55d3 xor ebx, ebx test esi, esi -je loc_fffc4551 ; je 0xfffc4551 +je loc_fffc5aa5 ; je 0xfffc5aa5 -loc_fffc410e: ; not directly referenced -cmp dword [edi + 0x2480], 3 -mov ecx, 0xa +loc_fffc55d3: ; not directly referenced +cmp dword [edi + 0x2481], 3 +mov dl, 0xa sete bl -jne short loc_fffc4156 ; jne 0xfffc4156 +jne short loc_fffc5615 ; jne 0xfffc5615 cmp dword [ebp - 0x50], 3 sete dl cmp dword [ebp - 0x4c], 0x306d0 sete al test dl, al -jne loc_fffc453a ; jne 0xfffc453a +jne loc_fffc5a91 ; jne 0xfffc5a91 cmp dword [ebp - 0x50], 0 sete dl cmp dword [ebp - 0x4c], 0x40670 sete al test dl, al -jne loc_fffc453a ; jne 0xfffc453a -mov ecx, 6 +jne loc_fffc5a91 ; jne 0xfffc5a91 +mov dl, 6 -loc_fffc4156: ; not directly referenced +loc_fffc5615: ; not directly referenced mov dword [ebp - 0x58], 0 -loc_fffc415d: ; not directly referenced +loc_fffc561c: ; not directly referenced mov eax, dword [ebp - 0x44] mov al, byte [eax + 0x14] and eax, 0x7f -mov dl, al -or edx, 0xffffff80 +mov cl, al +or ecx, 0xffffff80 test al, 0x40 -cmovne eax, edx +cmovne eax, ecx cbw lea eax, [eax + eax*4] add eax, eax dec esi -mov word [ebp - 0x5a], ax +mov word [ebp - 0x62], ax sete al test al, bl -je loc_fffc428d ; je 0xfffc428d +je loc_fffc5749 ; je 0xfffc5749 mov eax, dword [ebp - 0x44] lea ebx, [ebp - 0x34] mov dword [ebp - 0x40], 0 lea esi, [eax + 0x1c] -loc_fffc4197: ; not directly referenced +loc_fffc5656: ; not directly referenced cmp byte [esi + 0xb5], 0 -je short loc_fffc41b9 ; je 0xfffc41b9 +je short loc_fffc5675 ; je 0xfffc5675 -loc_fffc41a0: ; not directly referenced +loc_fffc565f: ; not directly referenced inc dword [ebp - 0x40] add esi, 0xcc cmp dword [ebp - 0x40], 2 -jne short loc_fffc4197 ; jne 0xfffc4197 -mov ecx, 0xa -jmp near loc_fffc428d ; jmp 0xfffc428d +jne short loc_fffc5656 ; jne 0xfffc5656 +mov dl, 0xa +jmp near loc_fffc5749 ; jmp 0xfffc5749 -loc_fffc41b9: ; not directly referenced +loc_fffc5675: ; not directly referenced imul eax, dword [ebp - 0x40], 0x13c3 mov byte [esi + 0xb5], 0xff mov dword [ebp - 0x3c], 0 -mov dword [ebp - 0x60], eax +mov dword [ebp - 0x5c], eax -loc_fffc41d1: ; not directly referenced +loc_fffc568d: ; not directly referenced mov cl, byte [ebp - 0x3c] mov eax, 1 shl eax, cl -mov ecx, dword [ebp - 0x60] -test byte [edi + ecx + 0x381a], al -jne short loc_fffc41f2 ; jne 0xfffc41f2 +mov ecx, dword [ebp - 0x5c] +test byte [edi + ecx + 0x381b], al +jne short loc_fffc56ae ; jne 0xfffc56ae -loc_fffc41e7: ; not directly referenced +loc_fffc56a3: ; not directly referenced inc dword [ebp - 0x3c] cmp dword [ebp - 0x3c], 4 -jne short loc_fffc41d1 ; jne 0xfffc41d1 -jmp short loc_fffc41a0 ; jmp 0xfffc41a0 +jne short loc_fffc568d ; jne 0xfffc568d +jmp short loc_fffc565f ; jmp 0xfffc565f -loc_fffc41f2: ; not directly referenced +loc_fffc56ae: ; not directly referenced mov ecx, dword [ebp - 0x3c] mov edx, dword [ebp - 0x40] movzx eax, cl lea eax, [esi + eax*4 + 0xb6] -mov dword [ebp - 0x54], eax +mov dword [ebp - 0x48], eax push eax push eax mov eax, edi push ebx push 5 -call fcn_fffa686d ; call 0xfffa686d +call fcn_fffa681b ; call 0xfffa681b mov ecx, dword [ebp - 0x3c] pop eax pop edx @@ -48740,7 +50284,7 @@ lea eax, [ebp - 0x30] push eax mov eax, edi push 6 -call fcn_fffa686d ; call 0xfffa686d +call fcn_fffa681b ; call 0xfffa681b mov edx, dword [ebp - 0x40] pop ecx pop eax @@ -48749,135 +50293,185 @@ lea eax, [ebp - 0x2c] push eax mov eax, edi push 7 -call fcn_fffa686d ; call 0xfffa686d +call fcn_fffa681b ; call 0xfffa681b add esp, 0x10 xor eax, eax -loc_fffc4240: ; not directly referenced +loc_fffc56fc: ; not directly referenced mov dl, byte [eax + ebx] -mov ecx, dword [ebp - 0x54] +mov ecx, dword [ebp - 0x48] mov byte [ecx + eax], dl mov dl, byte [eax + ebx] cmp dl, 1 -je short loc_fffc4258 ; je 0xfffc4258 +je short loc_fffc5714 ; je 0xfffc5714 cmp dl, 3 -je short loc_fffc426d ; je 0xfffc426d -jmp short loc_fffc4282 ; jmp 0xfffc4282 +je short loc_fffc5729 ; je 0xfffc5729 +jmp short loc_fffc573e ; jmp 0xfffc573e -loc_fffc4258: ; not directly referenced +loc_fffc5714: ; not directly referenced cmp byte [eax + ebp - 0x30], 1 -jne short loc_fffc426d ; jne 0xfffc426d +jne short loc_fffc5729 ; jne 0xfffc5729 cmp byte [ebp + eax - 0x2c], 0 -jne short loc_fffc426d ; jne 0xfffc426d +jne short loc_fffc5729 ; jne 0xfffc5729 mov byte [esi + 0xb5], 1 -loc_fffc426d: ; not directly referenced +loc_fffc5729: ; not directly referenced cmp byte [eax + ebp - 0x30], 0 -jne short loc_fffc4282 ; jne 0xfffc4282 +jne short loc_fffc573e ; jne 0xfffc573e cmp byte [ebp + eax - 0x2c], 0 -jne short loc_fffc4282 ; jne 0xfffc4282 +jne short loc_fffc573e ; jne 0xfffc573e mov byte [esi + 0xb5], 1 -loc_fffc4282: ; not directly referenced +loc_fffc573e: ; not directly referenced inc eax cmp eax, 4 -jne short loc_fffc4240 ; jne 0xfffc4240 -jmp near loc_fffc41e7 ; jmp 0xfffc41e7 +jne short loc_fffc56fc ; jne 0xfffc56fc +jmp near loc_fffc56a3 ; jmp 0xfffc56a3 -loc_fffc428d: ; not directly referenced -movzx edx, byte [edi + 0x248e] -sub esp, 0xc -mov eax, edi -push 0 -xor ebx, ebx -call fcn_fffb2759 ; call 0xfffb2759 +loc_fffc5749: ; not directly referenced +movzx eax, dl +xor esi, esi +mov dword [ebp - 0x60], eax +lea eax, [edi + 0x2491] +mov dword [ebp - 0x68], eax + +loc_fffc575a: ; not directly referenced mov eax, dword [ebp - 0x44] -add esp, 0x10 -mov byte [ebp - 0x3c], 0 -lea esi, [eax + 0x70] +mov ecx, esi +xor ebx, ebx +mov dword [ebp - 0x3c], 1 +shl dword [ebp - 0x3c], cl +add eax, 0x70 +mov dword [ebp - 0x48], eax +mov byte [ebp - 0x40], 0 -loc_fffc42af: ; not directly referenced -imul eax, ebx, 0x13c3 +loc_fffc5775: ; not directly referenced +mov ecx, dword [ebp - 0x3c] mov edx, ebx -movzx ecx, byte [edi + eax + 0x381a] mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x3c], al -movzx ecx, byte [ebp - 0x3c] -bt ecx, ebx -jae short loc_fffc42ed ; jae 0xfffc42ed -push edx +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x40], al +movzx eax, byte [ebp - 0x40] +bt eax, ebx +mov dword [ebp - 0x5c], eax +jae short loc_fffc57a7 ; jae 0xfffc57a7 +push eax push 0 -movzx eax, byte [edi + 0x2488] -mov dword [ebp - 0x40], ecx +movzx eax, byte [edi + 0x2489] push eax -mov eax, dword [ebp - 0x48] -push esi +mov eax, dword [ebp - 0x54] +push dword [ebp - 0x48] call dword [eax + 0x64] ; ucall -mov ecx, dword [ebp - 0x40] add esp, 0x10 -loc_fffc42ed: ; not directly referenced +loc_fffc57a7: ; not directly referenced inc ebx -add esi, 0xcc +add dword [ebp - 0x48], 0xcc cmp ebx, 2 -jne short loc_fffc42af ; jne 0xfffc42af +jne short loc_fffc5775 ; jne 0xfffc5775 +cmp byte [ebp - 0x40], 0 +je short loc_fffc57f7 ; je 0xfffc57f7 push eax +mov ebx, dword [ebp - 0x5c] push eax +mov ecx, dword [ebp - 0x60] +mov eax, edi +push dword [ebp - 0x3c] +mov edx, ebx push 0 +call fcn_fffaea71 ; call 0xfffaea71 lea eax, [ebp - 0x28] +pop edx +pop ecx +mov ecx, ebx +mov edx, dword [ebp - 0x68] +push 0 push eax mov eax, edi push 0x36 push 0 push 0xd -lea edx, [edi + 0x2490] -push 0 -call fcn_fffc6051 ; call 0xfffc6051 +push esi +call fcn_fffc66ae ; call 0xfffc66ae add esp, 0x14 push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -mov eax, dword [ebp - 0x58] +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -movsx edx, word [ebp - 0x5a] -xor ecx, ecx + +loc_fffc57f7: ; not directly referenced +inc esi +cmp esi, 4 +jne loc_fffc575a ; jne 0xfffc575a +mov eax, dword [ebp - 0x44] +mov dword [ebp - 0x5c], edi +mov dword [ebp - 0x44], 0 mov dword [ebp - 0x48], 0x3e8 +add eax, 0xd1 +mov dword [ebp - 0x60], eax +mov eax, dword [ebp - 0x58] mov dword [ebp - 0x54], 0 -add eax, 0x1e mov dword [ebp - 0x40], 0x7fffffff -sub eax, edx mov dword [ebp - 0x3c], 0x7fffffff +add eax, 0x1e +mov dword [ebp - 0x68], eax +movsx eax, word [ebp - 0x62] +sub dword [ebp - 0x68], eax + +loc_fffc5842: ; not directly referenced +mov eax, dword [ebp - 0x44] +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffc58ea ; jne 0xfffc58ea +mov al, byte [edi + eax + 0x381b] +mov edx, 0x7fffffff +mov esi, dword [ebp - 0x5c] +mov dword [ebp - 0x58], 0 +mov byte [ebp - 0x64], al +mov eax, 0x7fffffff + +loc_fffc5871: ; not directly referenced +mov cl, byte [ebp - 0x58] +mov ebx, 1 +shl ebx, cl +test byte [ebp - 0x64], bl +je short loc_fffc589a ; je 0xfffc589a +cmp edx, dword [esi + 0x3451] +cmovg edx, dword [esi + 0x3451] +cmp eax, dword [esi + 0x3455] +cmovg eax, dword [esi + 0x3455] -loc_fffc434c: ; not directly referenced -imul edx, ecx, 0x13c3 -cmp dword [edi + edx + 0x3756], 2 -jne short loc_fffc43a9 ; jne 0xfffc43a9 -imul edx, ecx, 0x48 +loc_fffc589a: ; not directly referenced +inc dword [ebp - 0x58] +add esi, 0x90 +cmp dword [ebp - 0x58], 4 +jne short loc_fffc5871 ; jne 0xfffc5871 mov esi, dword [ebp - 0x3c] -mov ebx, dword [edi + edx + 0x3450] -mov edx, dword [edi + edx + 0x3454] -cmp esi, ebx -cmovle ebx, esi -mov esi, dword [ebp - 0x40] -mov dword [ebp - 0x3c], ebx -mov ebx, dword [ebp - 0x44] +mov ecx, dword [ebp - 0x48] cmp esi, edx -cmovle edx, esi -mov esi, dword [ebp - 0x48] -mov dword [ebp - 0x40], edx -imul edx, ecx, 0xcc -cmp byte [ebx + edx + 0xd1], 0 -mov edx, 1 -cmovle edx, dword [ebp - 0x54] +cmovg esi, edx +mov dword [ebp - 0x3c], esi +mov esi, dword [ebp - 0x40] +cmp esi, eax cmovg esi, eax -mov dword [ebp - 0x48], esi -mov dword [ebp - 0x54], edx +mov dword [ebp - 0x40], esi +mov esi, dword [ebp - 0x5c] +mov dword [esi + 0x3455], eax +mov eax, dword [ebp - 0x60] +mov dword [esi + 0x3451], edx +cmp byte [eax], 0 +mov eax, 1 +cmovg ecx, dword [ebp - 0x68] +cmovle eax, dword [ebp - 0x54] +mov dword [ebp - 0x48], ecx +mov dword [ebp - 0x54], eax -loc_fffc43a9: ; not directly referenced -inc ecx -cmp ecx, 2 -jne short loc_fffc434c ; jne 0xfffc434c +loc_fffc58ea: ; not directly referenced +add dword [ebp - 0x44], 0x13c3 +add dword [ebp - 0x5c], 0x48 +add dword [ebp - 0x60], 0xcc +cmp dword [ebp - 0x44], 0x2786 +jne loc_fffc5842 ; jne 0xfffc5842 mov eax, dword [ebp - 0x40] +mov ecx, 2 sub eax, dword [ebp - 0x3c] cdq idiv ecx @@ -48887,60 +50481,57 @@ cmp dword [ebp - 0x4c], 0x306d0 mov dword [ebp - 0x44], eax sete al test dl, al -jne short loc_fffc43ea ; jne 0xfffc43ea +jne short loc_fffc5949 ; jne 0xfffc5949 cmp dword [ebp - 0x50], 0 -mov ebx, 1 +mov esi, 1 setne dl cmp dword [ebp - 0x4c], 0x40670 sete al test dl, al -je short loc_fffc4449 ; je 0xfffc4449 +je short loc_fffc59a3 ; je 0xfffc59a3 -loc_fffc43ea: ; not directly referenced -cmp dword [edi + 0x2480], 2 -mov ebx, 1 -je short loc_fffc4449 ; je 0xfffc4449 -movsx eax, word [ebp - 0x5a] +loc_fffc5949: ; not directly referenced +cmp dword [edi + 0x2481], 2 +mov esi, 1 +je short loc_fffc59a3 ; je 0xfffc59a3 mov ecx, 1 mov edx, 0xd -mov esi, eax -mov dword [ebp - 0x4c], eax +movsx ebx, word [ebp - 0x62] mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov ecx, dword [ebp - 0x40] -mov edx, esi -add ecx, esi -mov esi, 0 -cmovs ecx, esi -mov esi, dword [ebp - 0x3c] -sub esi, edx -mov edx, esi -mov esi, 0 -cmovs edx, esi +mov edx, 0 +add ecx, ebx +cmovs ecx, edx +mov edx, dword [ebp - 0x3c] +mov word [ebp - 0x4c], ax +mov eax, 0 +sub edx, ebx +cmovs edx, eax cmp ecx, edx cmovle edx, ecx -shr ax, 1 -movzx eax, ax +shr word [ebp - 0x4c], 1 +movzx eax, word [ebp - 0x4c] cmp edx, eax -jbe short loc_fffc4449 ; jbe 0xfffc4449 -mov eax, dword [ebp - 0x4c] -xor bl, bl -neg eax -mov dword [ebp - 0x44], eax +jbe short loc_fffc59a3 ; jbe 0xfffc59a3 +neg ebx +xor si, si +mov dword [ebp - 0x44], ebx -loc_fffc4449: ; not directly referenced +loc_fffc59a3: ; not directly referenced +mov eax, esi +mov byte [edi + 0x36a0], al mov eax, dword [ebp - 0x48] cmp dword [ebp - 0x44], eax -mov byte [edi + 0x369f], bl setg al test byte [ebp - 0x54], al -je short loc_fffc4469 ; je 0xfffc4469 +je short loc_fffc59c5 ; je 0xfffc59c5 mov eax, dword [ebp - 0x48] -test ebx, ebx +test esi, esi cmove eax, dword [ebp - 0x44] mov dword [ebp - 0x44], eax -loc_fffc4469: ; not directly referenced +loc_fffc59c5: ; not directly referenced mov eax, dword [ebp - 0x44] mov ecx, 0xa push 0 @@ -48953,84 +50544,82 @@ push eax push 1 push 2 push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x14 push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d mov edx, 0xd xor ecx, ecx mov dword [ebp - 0x48], eax mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -mov esi, dword [ebp - 0x40] +call fcn_fffaab72 ; call 0xfffaab72 +mov edx, dword [ebp - 0x40] add esp, 0x10 -mov ebx, dword [ebp - 0x3c] -lea edx, [esi + ebx] +add edx, dword [ebp - 0x3c] shr ax, 1 movzx eax, ax cmp edx, eax -jb short loc_fffc44d0 ; jb 0xfffc44d0 +jb short loc_fffc5a27 ; jb 0xfffc5a27 -loc_fffc44b7: ; not directly referenced -mov esi, dword [ebp - 0x44] -lea eax, [edi + 0x3450] +loc_fffc5a10: ; not directly referenced +mov edx, dword [ebp - 0x44] +lea eax, [edi + 0x3451] xor ecx, ecx -mov ebx, dword [ebp - 0x40] -mov edx, dword [ebp - 0x3c] -sub ebx, esi -add edx, esi -mov esi, ebx -jmp short loc_fffc44f4 ; jmp 0xfffc44f4 +mov ebx, dword [ebp - 0x3c] +mov esi, dword [ebp - 0x40] +add ebx, edx +sub esi, edx +jmp short loc_fffc5a4b ; jmp 0xfffc5a4b -loc_fffc44d0: ; not directly referenced +loc_fffc5a27: ; not directly referenced cmp byte [edi + 0x1965], 0 -je short loc_fffc44b7 ; je 0xfffc44b7 +je short loc_fffc5a10 ; je 0xfffc5a10 cmp dword [edi + 0x188b], 1 mov ebx, 0xc -jne short loc_fffc44b7 ; jne 0xfffc44b7 -jmp short loc_fffc4551 ; jmp 0xfffc4551 +jne short loc_fffc5a10 ; jne 0xfffc5a10 +jmp short loc_fffc5aa5 ; jmp 0xfffc5aa5 -loc_fffc44e9: ; not directly referenced +loc_fffc5a40: ; not directly referenced inc ecx add eax, 0x90 cmp ecx, 4 -je short loc_fffc4507 ; je 0xfffc4507 +je short loc_fffc5a5e ; je 0xfffc5a5e -loc_fffc44f4: ; not directly referenced -mov ebx, 1 -shl ebx, cl -test byte [ebp - 0x5b], bl -je short loc_fffc44e9 ; je 0xfffc44e9 -mov dword [eax], edx +loc_fffc5a4b: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x63], dl +je short loc_fffc5a40 ; je 0xfffc5a40 +mov dword [eax], ebx mov dword [eax + 4], esi -jmp short loc_fffc44e9 ; jmp 0xfffc44e9 +jmp short loc_fffc5a40 ; jmp 0xfffc5a40 -loc_fffc4507: ; not directly referenced -cmp dword [edi + 0x3756], 2 -jne short loc_fffc451e ; jne 0xfffc451e +loc_fffc5a5e: ; not directly referenced +cmp dword [edi + 0x3757], 2 +jne short loc_fffc5a75 ; jne 0xfffc5a75 xor cl, cl mov edx, 0x4198 mov eax, edi -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc451e: ; not directly referenced -cmp dword [edi + 0x4b19], 2 +loc_fffc5a75: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 mov ebx, dword [ebp - 0x48] -jne short loc_fffc4551 ; jne 0xfffc4551 +jne short loc_fffc5aa5 ; jne 0xfffc5aa5 xor ecx, ecx mov edx, 0x4598 mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -jmp short loc_fffc4551 ; jmp 0xfffc4551 +call fcn_fffb335b ; call 0xfffb335b +jmp short loc_fffc5aa5 ; jmp 0xfffc5aa5 -loc_fffc453a: ; not directly referenced +loc_fffc5a91: ; not directly referenced mov eax, dword [ebp - 0x44] -mov ecx, 6 +mov dl, 6 imul eax, dword [eax + 0x1b4], 0xa mov dword [ebp - 0x58], eax -jmp near loc_fffc415d ; jmp 0xfffc415d +jmp near loc_fffc561c ; jmp 0xfffc561c -loc_fffc4551: ; not directly referenced +loc_fffc5aa5: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -49039,1218 +50628,7 @@ pop edi pop ebp ret -fcn_fffc455b: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 8 -mov esi, dword [ebp + 8] -mov ebx, dword [ebp + 0x14] -mov dword [ebp - 0x10], esi -mov esi, dword [ebp + 0xc] -mov edi, ebx -shr edi, 0x1d -and edi, 1 -mov dword [ebp - 0x14], esi -mov esi, dword [ebp + 0x10] -cmp ax, di -jne short loc_fffc45f0 ; jne 0xfffc45f0 -test dword [ebp + 0x18], 0x800 -jne short loc_fffc45d4 ; jne 0xfffc45d4 -mov eax, ebx -shr eax, 0xc -and eax, 1 -cmp dx, ax -jne short loc_fffc45f0 ; jne 0xfffc45f0 -mov eax, ebx -shr eax, 0xb -and eax, 1 -cmp cx, ax -jne short loc_fffc45f0 ; jne 0xfffc45f0 -mov edx, ebx -shr edx, 8 -and edx, 7 - -loc_fffc45ae: ; not directly referenced -xor eax, eax -cmp word [ebp - 0x10], dx -jne short loc_fffc45f2 ; jne 0xfffc45f2 -mov edx, ebx -shr edx, 0xd -cmp word [ebp - 0x14], dx -jne short loc_fffc45f2 ; jne 0xfffc45f2 -movzx ebx, bl -and esi, 0xfffffff8 -shl ebx, 3 -xor eax, eax -cmp si, bx -sete al -jmp short loc_fffc45f2 ; jmp 0xfffc45f2 - -loc_fffc45d4: ; not directly referenced -test dx, dx -jne short loc_fffc45f0 ; jne 0xfffc45f0 -mov eax, ebx -shr eax, 0xc -and eax, 1 -cmp cx, ax -jne short loc_fffc45f0 ; jne 0xfffc45f0 -mov edx, ebx -shr edx, 8 -and edx, 0xf -jmp short loc_fffc45ae ; jmp 0xfffc45ae - -loc_fffc45f0: ; not directly referenced -xor eax, eax - -loc_fffc45f2: ; not directly referenced -pop edx -pop ecx -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffc45f9: ; not directly referenced -push ebp -xor eax, eax -mov ebp, esp -mov ecx, 8 -push edi -mov edx, 0xcf8 -push esi -push ebx -lea edi, [ebp - 0xe8] -sub esp, 0x198 -mov ebx, dword [ebp + 8] -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0xf8] -mov dword [ebp - 0xbc], fcn_fffaafc2 ; mov dword [ebp - 0xbc], 0xfffaafc2 -mov dword [ebp - 0xb0], fcn_fffaafda ; mov dword [ebp - 0xb0], 0xfffaafda -mov dword [ebp - 0x5c], fcn_fffab0f8 ; mov dword [ebp - 0x5c], 0xfffab0f8 -mov dword [ebp - 0x58], fcn_fffab0ef ; mov dword [ebp - 0x58], 0xfffab0ef -mov dword [ebp - 0xa4], fcn_fffb3d4e ; mov dword [ebp - 0xa4], 0xfffb3d4e -mov cl, 4 -rep stosd ; rep stosd dword es:[edi], eax -mov eax, 0x80000048 -mov dword [ebp - 0xa0], fcn_fffb3dc0 ; mov dword [ebp - 0xa0], 0xfffb3dc0 -mov dword [ebp - 0x7c], fcn_fffc3868 ; mov dword [ebp - 0x7c], 0xfffc3868 -mov dword [ebp - 0x78], fcn_fffc3844 ; mov dword [ebp - 0x78], 0xfffc3844 -out dx, eax -push 0xcfc -call fcn_fffaafc2 ; call 0xfffaafc2 -add esp, 0x10 -mov esi, eax -test al, 1 -jne short loc_fffc468a ; jne 0xfffc468a - -loc_fffc4683: ; not directly referenced -xor eax, eax -jmp near loc_fffc5449 ; jmp 0xfffc5449 - -loc_fffc468a: ; not directly referenced -push 0x60 -mov edi, dword [ebp - 0xb0] -push 0 -push 0 -push 0 -call dword [ebp - 0x7c] ; ucall -pop edx -pop ecx -push eax -push 0xcf8 -call edi -mov dword [esp], 0xcfc -call dword [ebp - 0xbc] ; ucall -add esp, 0x10 -test al, 1 -je short loc_fffc4683 ; je 0xfffc4683 -and eax, 0xfffffff8 -mov edi, eax -call fcn_fffa6801 ; call 0xfffa6801 -mov dword [ebp - 0x12c], 0 -cmp eax, 0x40660 -setne cl -cmp eax, 0x306c0 -setne dl -test cl, dl -je short loc_fffc46f2 ; je 0xfffc46f2 -cmp eax, 0x40650 -setne al -movzx eax, al -mov dword [ebp - 0x12c], eax - -loc_fffc46f2: ; not directly referenced -push 0xbc -and esi, 0xfffffffe -push 0 -push 0 -push 0 -call dword [ebp - 0x78] ; ucall -add eax, edi -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -push 0x90 -push 0 -push 0 -push 0 -mov dword [ebp - 0x168], eax -call dword [ebp - 0x78] ; ucall -add esp, 0x14 -add eax, edi -push eax -call dword [ebp - 0xa0] ; ucall -push 0x98 -push 0 -push 0 -push 0 -mov dword [ebp - 0x184], edx -mov dword [ebp - 0x180], eax -call dword [ebp - 0x78] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [ebp - 0xa0] ; ucall -mov dword [ebp - 0x188], eax -lea eax, [esi + 0x5024] -mov dword [ebp - 0x18c], edx -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x14c], eax -lea eax, [esi + 0x5014] -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x150], eax -lea eax, [esi + 0x5000] -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x114], eax -lea eax, [esi + 0x5004] -add esi, 0x5008 -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [esp], esi -mov edi, eax -call dword [ebp - 0xa4] ; ucall -mov cl, byte [ebx + 4] -add esp, 0x10 -mov dx, word [ebx + 5] -mov dword [ebp - 0x104], edi -mov dword [ebp - 0xfc], 0 -mov byte [ebp - 0x110], cl -mov cl, byte [ebx + 3] -mov word [ebp - 0x12e], dx -mov dx, word [ebx + 7] -mov dword [ebp - 0x100], eax -mov byte [ebp - 0x134], cl -mov cl, byte [ebx + 2] -mov word [ebp - 0x130], dx -mov dl, byte [ebx + 1] -mov al, cl -or eax, edx -mov byte [ebp - 0x151], cl -test al, 0xfe -je short loc_fffc481b ; je 0xfffc481b - -loc_fffc4814: ; not directly referenced -xor eax, eax -jmp near loc_fffc5449 ; jmp 0xfffc5449 - -loc_fffc481b: ; not directly referenced -movzx eax, dl -movzx edx, byte [ebp - 0x151] -mov esi, dword [ebp + eax*4 - 0x104] -mov dword [ebp - 0x140], eax -mov dword [ebp - 0x16c], 0 -mov eax, esi -shr eax, 0x10 -and eax, 1 -xor eax, edx -mov edx, esi -movzx eax, ax -test eax, eax -mov dword [ebp - 0x148], eax -mov dword [ebp - 0x170], eax -lea eax, [ebp - 0xc4] -je short loc_fffc4868 ; je 0xfffc4868 -call fcn_fffc3bda ; call 0xfffc3bda -jmp short loc_fffc486d ; jmp 0xfffc486d - -loc_fffc4868: ; not directly referenced -call fcn_fffc3bf5 ; call 0xfffc3bf5 - -loc_fffc486d: ; not directly referenced -mov dword [ebp - 0x124], edx -mov edx, dword [ebp - 0x124] -mov dword [ebp - 0x128], eax -mov eax, dword [ebp - 0x128] -mov edi, edx -or edi, eax -je short loc_fffc4814 ; je 0xfffc4814 -movzx eax, byte [ebp - 0x134] -mov dword [ebp - 0x144], eax -test al, 0xfe -jne loc_fffc4814 ; jne 0xfffc4814 -cmp dword [ebp - 0x148], 0 -mov ebx, esi -je short loc_fffc48b0 ; je 0xfffc48b0 -shr ebx, 0x12 -jmp short loc_fffc48b3 ; jmp 0xfffc48b3 - -loc_fffc48b0: ; not directly referenced -shr ebx, 0x11 - -loc_fffc48b3: ; not directly referenced -and ebx, 1 -cmp byte [ebp - 0x134], 0 -mov eax, ebx -setne cl -xor eax, 1 -mov byte [ebp - 0x152], cl -test cl, al -jne loc_fffc4814 ; jne 0xfffc4814 -cmp dword [ebp - 0x148], 0 -mov ecx, esi -mov edx, dword [ebp - 0x114] -lea eax, [ebp - 0xc4] -je short loc_fffc48fe ; je 0xfffc48fe -call fcn_fffb8408 ; call 0xfffb8408 -test esi, 0x100000 -mov word [ebp - 0x118], ax -jmp short loc_fffc4910 ; jmp 0xfffc4910 - -loc_fffc48fe: ; not directly referenced -call fcn_fffb8396 ; call 0xfffb8396 -test esi, 0x80000 -mov word [ebp - 0x118], ax - -loc_fffc4910: ; not directly referenced -je short loc_fffc4919 ; je 0xfffc4919 -mov eax, 0x10 -jmp short loc_fffc4930 ; jmp 0xfffc4930 - -loc_fffc4919: ; not directly referenced -mov eax, dword [ebp - 0x114] -shr eax, 0xa -and eax, 1 -cmp eax, 1 -sbb eax, eax -and eax, 0xffffffe8 -add eax, 0x20 - -loc_fffc4930: ; not directly referenced -mov edi, dword [ebp - 0x114] -shr edi, 0xb -mov dword [ebp - 0x13c], edi -movzx edi, byte [ebp - 0x110] -and dword [ebp - 0x13c], 1 -cmp ax, 8 -sete dl -mov byte [ebp - 0x120], dl -and edx, dword [ebp - 0x13c] -mov dword [ebp - 0x138], edi -movzx eax, dl -shl eax, 3 -or eax, 7 -not eax -test edi, eax -jne loc_fffc4814 ; jne 0xfffc4814 -push eax -mov al, byte [ebp - 0x118] -add eax, ebx -add edx, eax -movzx edx, dl -push edx -push dword [ebp - 0x124] -push dword [ebp - 0x128] -call dword [ebp - 0x58] ; ucall -movzx edi, word [ebp - 0x130] -add esp, 0x10 -mov dword [ebp - 0x160], eax -neg eax -mov dword [ebp - 0x15c], edx -test eax, edi -jne loc_fffc4814 ; jne 0xfffc4814 -movzx eax, word [ebp - 0x12e] -mov cl, byte [ebp - 0x118] -mov edx, eax -mov dword [ebp - 0x174], eax -mov eax, 1 -shl eax, cl -dec eax -movzx eax, ax -not eax -test edx, eax -jne loc_fffc4814 ; jne 0xfffc4814 -mov eax, esi -shr eax, 0x15 -mov dword [ebp - 0x178], eax -and eax, 1 -mov dword [ebp - 0x158], eax -mov eax, esi -shr eax, 0x1a -mov dword [ebp - 0x17c], eax -and eax, 1 -mov dword [ebp - 0x164], eax -mov eax, esi -shr eax, 0x16 -mov dword [ebp - 0x128], eax -and dword [ebp - 0x128], 1 -cmp dword [ebp - 0x13c], 0 -je loc_fffc4d7f ; je 0xfffc4d7f -push eax -mov eax, dword [ebp - 0x110] -xor edx, edx -push 8 -push edx -and eax, 3 -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 2 -mov dword [ebp - 0x190], eax -mov al, byte [ebp - 0x110] -mov dword [ebp - 0x194], edx -xor edx, edx -push edx -and eax, 4 -movzx eax, al -push eax -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -mov dword [ebp - 0x118], eax -mov eax, dword [ebp - 0x190] -or dword [ebp - 0x118], eax -mov eax, dword [ebp - 0x194] -mov dword [ebp - 0x13c], edx -mov edx, dword [ebp - 0x5c] -or dword [ebp - 0x13c], eax -test byte [ebp - 0x164], bl -je loc_fffc4b64 ; je 0xfffc4b64 -mov ecx, esi -mov ebx, 1 -shr ecx, 0x1b -and ecx, 7 -add ecx, 4 -shl ebx, cl -dec ebx -cmp byte [ebp - 0x120], 1 -push esi -mov esi, dword [ebp - 0x144] -sbb eax, eax -add eax, 0xb -push eax -mov eax, dword [ebp - 0x130] -shl esi, cl -and eax, ebx -movzx ebx, bx -not ebx -movzx eax, ax -and ebx, edi -or eax, esi -add ebx, ebx -or eax, ebx -mov ebx, eax -sar ebx, 0x1f -push ebx -push eax -call edx -add esp, 0xc -push 7 -mov esi, eax -mov al, byte [ebp - 0x110] -mov ebx, edx -xor edx, edx -push edx -and eax, 8 -movzx eax, al -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -or eax, esi -or edx, ebx -or eax, dword [ebp - 0x118] -or edx, dword [ebp - 0x13c] -cmp dword [ebp - 0x128], 0 -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -je loc_fffc4d3e ; je 0xfffc4d3e -cmp byte [ebp - 0x120], 0 -mov eax, dword [ebp - 0x58] -jne loc_fffc4cc9 ; jne 0xfffc4cc9 -push ebx -push 3 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -mov edi, ebx -and eax, 0x300 -xor eax, ecx -mov esi, eax -jmp near loc_fffc4d20 ; jmp 0xfffc4d20 - -loc_fffc4b64: ; not directly referenced -cmp byte [ebp - 0x120], 1 -sbb eax, eax -test byte [ebp - 0x158], bl -je loc_fffc4c25 ; je 0xfffc4c25 -add eax, 0xc -xor ebx, ebx -push ecx -push eax -push ebx -push edi -call edx -add esp, 0xc -push 0xa -mov esi, eax -movzx eax, byte [ebp - 0x134] -mov ebx, edx -xor edx, edx -push edx -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 8 -or esi, eax -mov al, byte [ebp - 0x110] -or ebx, edx -xor edx, edx -push edx -or esi, dword [ebp - 0x118] -and eax, 8 -movzx eax, al -or ebx, dword [ebp - 0x13c] -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -or esi, eax -or ebx, edx -cmp dword [ebp - 0x128], 0 -mov dword [ebp - 0x110], esi -mov dword [ebp - 0x10c], ebx -je loc_fffc4d3e ; je 0xfffc4d3e -cmp byte [ebp - 0x120], 0 -mov eax, dword [ebp - 0x58] -je loc_fffc4cc9 ; je 0xfffc4cc9 -push esi -push 5 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -add esp, 0xc -push 0xc -mov edi, ebx -and eax, 0xf00 -xor eax, ecx -mov esi, eax -jmp near loc_fffc4d25 ; jmp 0xfffc4d25 - -loc_fffc4c25: ; not directly referenced -add eax, 0xb -push ebx -xor ebx, ebx -push eax -push ebx -push edi -call edx -add esp, 0xc -push 7 -mov esi, eax -mov al, byte [ebp - 0x110] -mov ebx, edx -xor edx, edx -push edx -and eax, 8 -movzx eax, al -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -or eax, esi -or edx, ebx -or eax, dword [ebp - 0x118] -or edx, dword [ebp - 0x13c] -cmp byte [ebp - 0x152], 0 -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -je short loc_fffc4cb0 ; je 0xfffc4cb0 -cmp byte [ebp - 0x120], 1 -push ecx -sbb eax, eax -add eax, 0xb -push eax -push dword [ebp - 0x15c] -push dword [ebp - 0x160] -call dword [ebp - 0x5c] ; ucall -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -add esp, 0x10 -or eax, ecx -or edx, ebx -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx - -loc_fffc4cb0: ; not directly referenced -cmp dword [ebp - 0x128], 0 -je loc_fffc4d3e ; je 0xfffc4d3e -cmp byte [ebp - 0x120], 0 -mov eax, dword [ebp - 0x58] -je short loc_fffc4cf8 ; je 0xfffc4cf8 - -loc_fffc4cc9: ; not directly referenced -push edx -push 4 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -add esp, 0xc -push 0xb -mov edi, ebx -and eax, 0x700 -xor eax, ecx -mov esi, eax -jmp short loc_fffc4d25 ; jmp 0xfffc4d25 - -loc_fffc4cf8: ; not directly referenced -push edi -push 3 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov edx, dword [ebp - 0x110] -mov ecx, dword [ebp - 0x10c] -mov edi, ecx -and eax, 0x300 -xor eax, edx -mov esi, eax - -loc_fffc4d20: ; not directly referenced -add esp, 0xc -push 0xa - -loc_fffc4d25: ; not directly referenced -push edi -push esi -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -mov dword [ebp - 0x10c], edi -and eax, 1 -xor eax, esi -mov dword [ebp - 0x110], eax - -loc_fffc4d3e: ; not directly referenced -mov cx, word [ebp - 0x12e] -mov ebx, dword [ebp - 0x10c] -shr cx, 2 -and ecx, 0x3ffe -mov eax, ecx -cdq -mov eax, ecx -mov dword [ebp - 0x120], ecx -mov ecx, dword [ebp - 0x110] -mov dword [ebp - 0x11c], edx -or eax, ecx -mov esi, eax -mov eax, dword [ebp - 0x11c] -or eax, ebx -mov edi, eax -jmp near loc_fffc4f98 ; jmp 0xfffc4f98 - -loc_fffc4d7f: ; not directly referenced -test byte [ebp - 0x164], bl -je short loc_fffc4de3 ; je 0xfffc4de3 -mov ebx, esi -mov eax, 1 -shr ebx, 0x1b -and ebx, 7 -lea ecx, [ebx + 4] -shl eax, cl -mov ecx, eax -dec ecx -movzx eax, cx -and ecx, dword [ebp - 0x130] -not eax -and eax, edi -add eax, eax -movzx ecx, cx -push esi -or eax, ecx -push 0xa -cdq -push edx -push eax -call dword [ebp - 0x58] ; ucall -lea ecx, [ebx + 0xe] -mov ebx, dword [ebp - 0x144] -shl ebx, cl -mov ecx, dword [ebp - 0x138] -shl ecx, 7 -or ebx, ecx -mov edi, ebx -or eax, ebx -sar edi, 0x1f -mov dword [ebp - 0x110], eax -or edx, edi -jmp near loc_fffc4eec ; jmp 0xfffc4eec - -loc_fffc4de3: ; not directly referenced -test byte [ebp - 0x158], bl -je loc_fffc4ea2 ; je 0xfffc4ea2 -push ebx -xor edx, edx -push 0xb -push edx -push edi -xor edi, edi -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 9 -mov dword [ebp - 0x110], eax -movzx eax, byte [ebp - 0x134] -mov dword [ebp - 0x120], edx -xor edx, edx -push edx -push eax -call dword [ebp - 0x5c] ; ucall -mov esi, dword [ebp - 0x138] -add esp, 0xc -push 8 -push edi -push esi -mov dword [ebp - 0x134], eax -mov dword [ebp - 0x13c], edx -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 7 -push edi -push esi -mov ebx, eax -call dword [ebp - 0x5c] ; ucall -mov edi, dword [ebp - 0x134] -and ebx, 0x400 -or edi, dword [ebp - 0x110] -add esp, 0x10 -mov edx, edi -or edx, ebx -and eax, 0x180 -mov edi, edx -or edi, eax -mov eax, dword [ebp - 0x13c] -or eax, dword [ebp - 0x120] -cmp dword [ebp - 0x128], 0 -mov dword [ebp - 0x110], edi -mov dword [ebp - 0x10c], eax -je loc_fffc4f2f ; je 0xfffc4f2f -mov ebx, dword [ebp - 0x110] -push ecx -mov esi, dword [ebp - 0x10c] -push 4 -mov edi, ebx -and edi, 0x7800 -jmp short loc_fffc4f15 ; jmp 0xfffc4f15 - -loc_fffc4ea2: ; not directly referenced -mov ebx, dword [ebp - 0x138] -mov eax, edi -shl eax, 0xa -shl ebx, 7 -or ebx, eax -mov eax, ebx -sar eax, 0x1f -cmp byte [ebp - 0x152], 0 -mov dword [ebp - 0x110], ebx -mov dword [ebp - 0x10c], eax -je short loc_fffc4ef5 ; je 0xfffc4ef5 -push edx -push 0xa -push dword [ebp - 0x15c] -push dword [ebp - 0x160] -call dword [ebp - 0x5c] ; ucall -or edx, dword [ebp - 0x10c] -or ebx, eax -mov dword [ebp - 0x110], ebx - -loc_fffc4eec: ; not directly referenced -mov dword [ebp - 0x10c], edx -add esp, 0x10 - -loc_fffc4ef5: ; not directly referenced -cmp dword [ebp - 0x128], 0 -je short loc_fffc4f2f ; je 0xfffc4f2f -mov ebx, dword [ebp - 0x110] -mov esi, dword [ebp - 0x10c] -push eax -push 3 -mov edi, ebx -and edi, 0x1c00 - -loc_fffc4f15: ; not directly referenced -xor edx, edx -push edx -push edi -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -xor eax, ebx -xor edx, esi -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx - -loc_fffc4f2f: ; not directly referenced -cmp word [ebp - 0x118], 9 -jne short loc_fffc4f4d ; jne 0xfffc4f4d -push eax -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -jmp short loc_fffc4f69 ; jmp 0xfffc4f69 - -loc_fffc4f4d: ; not directly referenced -cmp word [ebp - 0x118], 0xb -jne short loc_fffc4f78 ; jne 0xfffc4f78 -push eax -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x5c] ; ucall - -loc_fffc4f69: ; not directly referenced -mov dword [ebp - 0x110], eax -add esp, 0x10 -mov dword [ebp - 0x10c], edx - -loc_fffc4f78: ; not directly referenced -mov ax, word [ebp - 0x12e] -mov edx, dword [ebp - 0x110] -mov ecx, dword [ebp - 0x10c] -shr ax, 3 -movzx eax, ax -or eax, edx -mov edi, ecx -mov esi, eax - -loc_fffc4f98: ; not directly referenced -mov eax, dword [ebp - 0x140] -mov ebx, dword [ebp + eax*4 - 0x104] -lea eax, [ebp - 0xc4] -mov edx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 -mov dword [ebp - 0x110], eax -lea eax, [ebp - 0xc4] -mov dword [ebp - 0x10c], edx -mov edx, ebx -call fcn_fffc3bda ; call 0xfffc3bda -mov ecx, dword [ebp - 0x17c] -or ecx, dword [ebp - 0x178] -and cl, 1 -je short loc_fffc5033 ; je 0xfffc5033 -cmp edi, edx -ja short loc_fffc502d ; ja 0xfffc502d -jb short loc_fffc4fe6 ; jb 0xfffc4fe6 -cmp esi, eax -jae short loc_fffc502d ; jae 0xfffc502d - -loc_fffc4fe6: ; not directly referenced -push eax -push 1 -push edi -push esi -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 9 -push dword [ebp - 0x16c] -push dword [ebp - 0x170] -mov ebx, edx -mov dword [ebp - 0x110], eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -mov ecx, eax -mov eax, esi -and eax, 0x1ff -or edx, ebx -or ecx, eax -mov eax, dword [ebp - 0x110] -mov edi, edx -and eax, 0xfffffc00 -or ecx, eax -mov esi, ecx -jmp short loc_fffc5048 ; jmp 0xfffc5048 - -loc_fffc502d: ; not directly referenced -add esi, eax -adc edi, edx -jmp short loc_fffc5048 ; jmp 0xfffc5048 - -loc_fffc5033: ; not directly referenced -cmp dword [ebp - 0x148], 0 -je short loc_fffc5048 ; je 0xfffc5048 -add esi, dword [ebp - 0x110] -adc edi, dword [ebp - 0x10c] - -loc_fffc5048: ; not directly referenced -mov ebx, dword [ebp - 0x114] -mov eax, ebx -and eax, 3 -cmp eax, dword [ebp - 0x140] -push eax -movzx eax, byte [ebp - 0x150] -push 0x16 -setne byte [ebp - 0x110] -xor edx, edx -push edx -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 2 -mov dword [ebp - 0x128], eax -mov eax, dword [ebp - 0x150] -mov dword [ebp - 0x118], edx -xor edx, edx -push edx -and eax, 0xff000000 -push eax -call dword [ebp - 0x5c] ; ucall -mov ecx, ebx -add esp, 0x10 -shr ecx, 6 -mov dword [ebp - 0x120], ecx -and dword [ebp - 0x120], 1 -cmp dword [ebp - 0x12c], 1 -jne short loc_fffc50c0 ; jne 0xfffc50c0 -mov ebx, dword [ebp - 0x128] -mov ecx, dword [ebp - 0x118] -jmp short loc_fffc50c4 ; jmp 0xfffc50c4 - -loc_fffc50c0: ; not directly referenced -mov ebx, eax -mov ecx, edx - -loc_fffc50c4: ; not directly referenced -cmp dword [ebp - 0x120], 0 -je short loc_fffc510b ; je 0xfffc510b -mov ebx, dword [ebp - 0x114] -push eax -shr ebx, 7 -and ebx, 7 -push ebx -add ebx, 0x16 -push 0 -push 0x400000 -call dword [ebp - 0x5c] ; ucall -movzx eax, byte [ebp - 0x110] -add esp, 0xc -push ebx -xor edx, edx -push edx -push eax -call dword [ebp - 0x5c] ; ucall -mov ecx, eax -mov ebx, edx -or ecx, esi -or ebx, edi -mov eax, ecx -mov edx, ebx -jmp near loc_fffc51ca ; jmp 0xfffc51ca - -loc_fffc510b: ; not directly referenced -cmp edi, ecx -ja loc_fffc51ea ; ja 0xfffc51ea -jb short loc_fffc511d ; jb 0xfffc511d -cmp esi, ebx -jae loc_fffc51ea ; jae 0xfffc51ea - -loc_fffc511d: ; not directly referenced -push ebx -push 1 -push edi -push esi -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -mov dword [ebp - 0x120], eax -mov dword [ebp - 0x11c], edx -test dword [ebp - 0x14c], 0x800000 -je loc_fffc51cf ; je 0xfffc51cf -mov edi, dword [ebp - 0x14c] -push ecx -mov esi, edi -shr esi, 0x15 -and esi, 3 -push esi -push edx -push eax -call dword [ebp - 0x58] ; ucall -mov edx, dword [ebp - 0x11c] -add esp, 0xc -push esi -push 0 -push 1 -mov ebx, eax -mov eax, dword [ebp - 0x120] -and ebx, 1 -mov dword [ebp - 0x120], edx -or ebx, eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -xor ecx, ecx -not eax -not edx -and dword [ebp - 0x120], edx -mov edx, edi -and ebx, eax -and dx, 0x3fff -and edx, ebx -xor eax, eax -movzx edx, dx - -loc_fffc519c: ; not directly referenced -mov edi, edx -sar edi, cl -inc ecx -xor eax, edi -cmp ecx, 0xe -jne short loc_fffc519c ; jne 0xfffc519c -xor eax, dword [ebp - 0x110] -xor edx, edx -push edi -push esi -and eax, 1 -push edx -push eax -call dword [ebp - 0x5c] ; ucall -mov esi, edx -mov ecx, eax -or esi, dword [ebp - 0x120] -or ecx, ebx -mov eax, ecx -mov edx, esi - -loc_fffc51ca: ; not directly referenced -add esp, 0x10 -jmp short loc_fffc5203 ; jmp 0xfffc5203 - -loc_fffc51cf: ; not directly referenced -movzx ecx, byte [ebp - 0x110] -mov ebx, dword [ebp - 0x120] -mov esi, dword [ebp - 0x11c] -or ecx, ebx -mov eax, ecx -mov edx, esi -jmp short loc_fffc5203 ; jmp 0xfffc5203 - -loc_fffc51ea: ; not directly referenced -cmp dword [ebp - 0x12c], 1 -jne short loc_fffc51ff ; jne 0xfffc51ff -mov eax, dword [ebp - 0x128] -mov edx, dword [ebp - 0x118] - -loc_fffc51ff: ; not directly referenced -add eax, esi -adc edx, edi - -loc_fffc5203: ; not directly referenced -mov edi, dword [ebp - 0x180] -push ecx -push 6 -push edx -and edi, 0xfff00000 -mov dword [ebp - 0x110], edi -mov edi, dword [ebp - 0x184] -push eax -and edi, 0x7f -mov dword [ebp - 0x10c], edi -mov edi, dword [ebp - 0x188] -or edi, 0xfffff -mov dword [ebp - 0x120], edi -mov edi, dword [ebp - 0x18c] -and edi, 0x7f -mov dword [ebp - 0x11c], edi -mov edi, 1 -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -cmp edx, dword [ebp - 0x10c] -ja short loc_fffc5269 ; ja 0xfffc5269 -jb short loc_fffc5267 ; jb 0xfffc5267 -cmp eax, dword [ebp - 0x110] -jae short loc_fffc5269 ; jae 0xfffc5269 - -loc_fffc5267: ; not directly referenced -xor edi, edi - -loc_fffc5269: ; not directly referenced -mov esi, 1 -cmp edx, dword [ebp - 0x11c] -jb short loc_fffc5282 ; jb 0xfffc5282 -ja short loc_fffc5280 ; ja 0xfffc5280 -cmp eax, dword [ebp - 0x120] -jbe short loc_fffc5282 ; jbe 0xfffc5282 - -loc_fffc5280: ; not directly referenced -xor esi, esi - -loc_fffc5282: ; not directly referenced -mov ecx, dword [ebp + 0xc] -and edi, esi -mov ebx, edi -movzx edi, bl -mov dword [ecx], eax -mov dword [ecx + 4], edx -test edi, edi -jne loc_fffc5322 ; jne 0xfffc5322 -mov esi, dword [ebp - 0x10c] -cmp dword [ebp - 0x11c], esi -jb short loc_fffc5322 ; jb 0xfffc5322 -ja short loc_fffc52b7 ; ja 0xfffc52b7 -mov esi, dword [ebp - 0x110] -cmp dword [ebp - 0x120], esi -jbe short loc_fffc5322 ; jbe 0xfffc5322 - -loc_fffc52b7: ; not directly referenced -mov esi, dword [ebp - 0x168] -xor ebx, ebx -mov dword [ebp - 0x124], ebx -and esi, 0xfff00000 -mov ecx, esi -add ecx, dword [ebp - 0x120] -adc ebx, dword [ebp - 0x11c] -sub ecx, dword [ebp - 0x110] -sbb ebx, dword [ebp - 0x10c] -mov dword [ebp - 0x128], esi -cmp edx, ebx -ja short loc_fffc5322 ; ja 0xfffc5322 -jb short loc_fffc52f5 ; jb 0xfffc52f5 -cmp eax, ecx -ja short loc_fffc5322 ; ja 0xfffc5322 - -loc_fffc52f5: ; not directly referenced -cmp edx, 0 -ja short loc_fffc52fe ; ja 0xfffc52fe -cmp eax, esi -jb short loc_fffc5322 ; jb 0xfffc5322 - -loc_fffc52fe: ; not directly referenced -mov ecx, dword [ebp - 0x110] -sub ecx, dword [ebp - 0x128] -mov ebx, dword [ebp - 0x10c] -sbb ebx, dword [ebp - 0x124] -add ecx, eax -mov eax, dword [ebp + 0xc] -adc ebx, edx -mov dword [eax], ecx -mov dword [eax + 4], ebx - -loc_fffc5322: ; not directly referenced -cmp dword [ebp - 0x12c], 1 -jne loc_fffc541b ; jne 0xfffc541b -lea ebx, [ebp - 0xe8] -lea esi, [ebp - 0xc8] - -loc_fffc533b: ; not directly referenced -push eax -mov eax, dword [ebp + 0xc] -mov edx, dword [eax + 4] -mov eax, dword [eax] -push dword [ebx + 4] -push dword [ebx] -mov ecx, edx -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -mov edx, eax -push edi -lea eax, [ebp - 0xc4] -call fcn_fffb726f ; call 0xfffb726f -add esp, 0x10 -test eax, eax -jne loc_fffc4814 ; jne 0xfffc4814 -add ebx, 8 -cmp ebx, esi -jne short loc_fffc533b ; jne 0xfffc533b -movzx eax, byte [ebp - 0x151] -xor ebx, ebx -mov dword [ebp - 0x110], eax -movzx eax, word [ebp - 0x130] -mov dword [ebp - 0x120], eax - -loc_fffc5393: ; not directly referenced -mov edi, dword [ebp + ebx*2 - 0xe4] -mov esi, dword [ebp + ebx*2 - 0xe8] -push ecx -push 0x3f -push edi -push esi -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -test al, 1 -je short loc_fffc540f ; je 0xfffc540f -sub esp, 0xc -mov ecx, dword [ebp - 0x144] -push dword [ebp - 0x114] -push dword [ebp + ebx - 0xf8] -push dword [ebp - 0x174] -push dword [ebp - 0x120] -push dword [ebp - 0x138] -mov edx, dword [ebp - 0x110] -mov eax, dword [ebp - 0x140] -call fcn_fffc455b ; call 0xfffc455b -add esp, 0x20 -test eax, eax -je short loc_fffc540f ; je 0xfffc540f -mov edx, dword [ebp + 0xc] -mov eax, esi -and eax, 0xffffffc0 -mov dword [edx], eax -mov eax, edi -and eax, 0x7f -mov dword [edx + 4], eax -push edx -push 0x3e -push edi -push esi -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -jmp short loc_fffc541b ; jmp 0xfffc541b - -loc_fffc540f: ; not directly referenced -add ebx, 4 -cmp ebx, 0x10 -jne loc_fffc5393 ; jne 0xfffc5393 - -loc_fffc541b: ; not directly referenced -mov eax, dword [ebp + 0xc] -xor edx, edx -mov ebx, dword [eax] -mov esi, dword [eax + 4] -push eax -movzx eax, word [ebp - 0x12e] -push 3 -push edx -push eax -call dword [ebp - 0x5c] ; ucall -mov edi, dword [ebp + 0xc] -add esp, 0x10 -mov dword [edi + 4], esi -and eax, 0x3f -or eax, ebx -mov dword [edi], eax -mov eax, 1 - -loc_fffc5449: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffc5451: ; not directly referenced +fcn_fffc5aaf: ; not directly referenced push ebp mov ebp, esp push edi @@ -50259,34 +50637,34 @@ push ebx sub esp, 0x1c mov ebx, dword [ebp + 0xc] -loc_fffc545d: ; not directly referenced +loc_fffc5abb: ; not directly referenced mov eax, dword [0xff7d0178] mov esi, 0xff7d0004 xor edi, edi mov dword [ebp - 0x1c], eax -loc_fffc546c: ; not directly referenced +loc_fffc5aca: ; not directly referenced cmp edi, dword [ebp - 0x1c] -je short loc_fffc548b ; je 0xfffc548b +je short loc_fffc5ae9 ; je 0xfffc5ae9 push ecx add esi, 0xc push ecx push dword [ebx + 4] push dword [esi + 0x7c] -call fcn_fffb884e ; call 0xfffb884e +call fcn_fffb6951 ; call 0xfffb6951 add esp, 0x10 test al, al -jne short loc_fffc5498 ; jne 0xfffc5498 +jne short loc_fffc5af6 ; jne 0xfffc5af6 inc edi -jmp short loc_fffc546c ; jmp 0xfffc546c +jmp short loc_fffc5aca ; jmp 0xfffc5aca -loc_fffc548b: ; not directly referenced +loc_fffc5ae9: ; not directly referenced cmp edi, 0x13 -ja short loc_fffc54f2 ; ja 0xfffc54f2 +ja short loc_fffc5b50 ; ja 0xfffc5b50 lea eax, [edi + 1] mov dword [0xff7d0178], eax -loc_fffc5498: ; not directly referenced +loc_fffc5af6: ; not directly referenced imul edi, edi, 0xc mov ecx, 3 mov esi, ebx @@ -50295,17 +50673,17 @@ rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov edi, 0xff7d017c xor esi, esi -loc_fffc54b1: ; not directly referenced +loc_fffc5b0f: ; not directly referenced cmp esi, dword [0xff7d026c] -jae short loc_fffc54e1 ; jae 0xfffc54e1 +jae short loc_fffc5b3f ; jae 0xfffc5b3f push edx push edx push dword [ebx + 4] push dword [edi + 4] -call fcn_fffb884e ; call 0xfffb884e +call fcn_fffb6951 ; call 0xfffb6951 add esp, 0x10 test al, al -je short loc_fffc54db ; je 0xfffc54db +je short loc_fffc5b39 ; je 0xfffc5b39 push eax push dword [ebx + 8] push edi @@ -50313,23 +50691,23 @@ push dword [ebp + 8] call dword [edi + 8] ; ucall add esp, 0x10 -loc_fffc54db: ; not directly referenced +loc_fffc5b39: ; not directly referenced inc esi add edi, 0xc -jmp short loc_fffc54b1 ; jmp 0xfffc54b1 +jmp short loc_fffc5b0f ; jmp 0xfffc5b0f -loc_fffc54e1: ; not directly referenced +loc_fffc5b3f: ; not directly referenced mov eax, dword [ebx] add ebx, 0xc test eax, eax -jns loc_fffc545d ; jns 0xfffc545d +jns loc_fffc5abb ; jns 0xfffc5abb xor eax, eax -jmp short loc_fffc54f7 ; jmp 0xfffc54f7 +jmp short loc_fffc5b55 ; jmp 0xfffc5b55 -loc_fffc54f2: ; not directly referenced +loc_fffc5b50: ; not directly referenced mov eax, 0x80000009 -loc_fffc54f7: ; not directly referenced +loc_fffc5b55: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -50337,7 +50715,7 @@ pop edi pop ebp ret -fcn_fffc54ff: ; not directly referenced +fcn_fffc5b5d: ; not directly referenced push ebp mov ebp, esp push edi @@ -50349,33 +50727,33 @@ sub esp, 0x1c mov eax, dword [0xff7d0178] mov dword [ebp - 0x1c], eax -loc_fffc5517: ; not directly referenced +loc_fffc5b75: ; not directly referenced cmp edi, dword [ebp - 0x1c] -je short loc_fffc5544 ; je 0xfffc5544 +je short loc_fffc5ba2 ; je 0xfffc5ba2 push eax mov esi, ebx push eax add ebx, 0xc push dword [ebx - 8] push dword [ebp + 0xc] -call fcn_fffb884e ; call 0xfffb884e +call fcn_fffb6951 ; call 0xfffb6951 add esp, 0x10 test al, al -je short loc_fffc5541 ; je 0xfffc5541 +je short loc_fffc5b9f ; je 0xfffc5b9f mov eax, dword [ebp + 0x18] mov edx, dword [esi + 8] mov dword [eax], edx xor eax, eax -jmp short loc_fffc5549 ; jmp 0xfffc5549 +jmp short loc_fffc5ba7 ; jmp 0xfffc5ba7 -loc_fffc5541: ; not directly referenced +loc_fffc5b9f: ; not directly referenced inc edi -jmp short loc_fffc5517 ; jmp 0xfffc5517 +jmp short loc_fffc5b75 ; jmp 0xfffc5b75 -loc_fffc5544: ; not directly referenced +loc_fffc5ba2: ; not directly referenced mov eax, 0x8000000e -loc_fffc5549: ; not directly referenced +loc_fffc5ba7: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -50383,47 +50761,47 @@ pop edi pop ebp ret -fcn_fffc5551: +fcn_fffc5baf: push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 0xc] -loc_fffc5559: +loc_fffc5bb7: mov ax, word [ebx] cmp ax, 0xffff -je short loc_fffc5570 ; je 0xfffc5570 +je short loc_fffc5bce ; je 0xfffc5bce cmp ax, 4 -je short loc_fffc5574 ; je 0xfffc5574 +je short loc_fffc5bd2 ; je 0xfffc5bd2 -loc_fffc5568: +loc_fffc5bc6: movzx eax, word [ebx + 2] add ebx, eax -jmp short loc_fffc5559 ; jmp 0xfffc5559 +jmp short loc_fffc5bb7 ; jmp 0xfffc5bb7 -loc_fffc5570: +loc_fffc5bce: xor eax, eax -jmp short loc_fffc558b ; jmp 0xfffc558b +jmp short loc_fffc5be9 ; jmp 0xfffc5be9 -loc_fffc5574: +loc_fffc5bd2: push eax push eax lea eax, [ebx + 8] push eax push dword [ebp + 8] -call fcn_fffb884e ; call 0xfffb884e +call fcn_fffb6951 ; call 0xfffb6951 add esp, 0x10 test al, al -je short loc_fffc5568 ; je 0xfffc5568 +je short loc_fffc5bc6 ; je 0xfffc5bc6 mov eax, ebx -loc_fffc558b: +loc_fffc5be9: mov ebx, dword [ebp - 4] leave ret -fcn_fffc5590: ; not directly referenced +fcn_fffc5bee: ; not directly referenced push ebp mov ebp, esp push edi @@ -50436,46 +50814,46 @@ lea eax, [ebp - 0x20] push eax push 0 push 0 -push ref_fffd60dc ; push 0xfffd60dc -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd63d8 ; push 0xfffd63d8 +call fcn_fffb020b ; call 0xfffb020b lea eax, [ebp - 0x24] push eax push 0 push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [0xff7d0084] add esp, 0x14 mov eax, dword [eax + 0x14] lea ebx, [eax + 0xb0040] push ebx mov dword [ebp - 0x30], eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 mov edx, eax shr edx, 0x10 and edx, 0xf cmp dl, 2 -je loc_fffc57da ; je 0xfffc57da +je loc_fffc5e38 ; je 0xfffc5e38 movzx edx, ah xor eax, eax and dl, 0xf0 -jne loc_fffc57dc ; jne 0xfffc57dc -call fcn_fffb481e ; call 0xfffb481e +jne loc_fffc5e3a ; jne 0xfffc5e3a +call fcn_fffb91ff ; call 0xfffb91ff cmp eax, 2 -je loc_fffc5699 ; je 0xfffc5699 +je loc_fffc5cf7 ; je 0xfffc5cf7 -loc_fffc560d: ; not directly referenced +loc_fffc5c6b: ; not directly referenced mov eax, dword [0xff7d0084] sub esp, 0xc mov edi, dword [eax + 0x14] lea eax, [edi + 0x70] add edi, 0x74 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 mov dword [esp], edi mov esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 shr esi, 4 mov ecx, dword [ebp - 0x2c] mov edi, dword [ebp - 0x30] @@ -50493,13 +50871,13 @@ add edi, 0xb004c shl eax, 0x18 mov dword [esp], edi or esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 pop eax pop edx push esi mov esi, 0x1389 push edi -call fcn_fffb3d84 ; call 0xfffb3d84 +call fcn_fffb3ffa ; call 0xfffb3ffa mov eax, dword [ebp - 0x24] add esp, 0xc push 0x44c @@ -50507,26 +50885,26 @@ push eax push dword [ebp + 8] call dword [eax + 4] ; ucall mov dword [esp], ebx -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 -jmp near loc_fffc57ba ; jmp 0xfffc57ba +jmp near loc_fffc5e18 ; jmp 0xfffc5e18 -loc_fffc5699: ; not directly referenced +loc_fffc5cf7: ; not directly referenced mov eax, dword [0xfed70044] test al, 1 -je loc_fffc560d ; je 0xfffc560d +je loc_fffc5c6b ; je 0xfffc5c6b mov eax, dword [ebp - 0x20] cmp byte [eax + 1], 0 -jne loc_fffc560d ; jne 0xfffc560d +jne loc_fffc5c6b ; jne 0xfffc5c6b cmp byte [ebp - 0x2c], 1 -je loc_fffc560d ; je 0xfffc560d +je loc_fffc5c6b ; je 0xfffc5c6b lea eax, [ebp - 0x1c] -mov esi, ref_fffd668c ; mov esi, 0xfffd668c +mov esi, ref_fffd6988 ; mov esi, 0xfffd6988 push ecx push eax push 0x20 push 4 -call fcn_fffab5ba ; call 0xfffab5ba +call fcn_fffb0564 ; call 0xfffb0564 mov eax, dword [ebp - 0x1c] mov ecx, 4 lea edi, [eax + 8] @@ -50536,40 +50914,40 @@ pop esi pop edi push 8 push eax -call fcn_fffac673 ; call 0xfffac673 -call fcn_fffab5f3 ; call 0xfffab5f3 +call fcn_fffb067f ; call 0xfffb067f +call fcn_fffb059d ; call 0xfffb059d pop edx pop ecx push eax -push ref_fffd668c ; push 0xfffd668c -call fcn_fffc5551 ; call 0xfffc5551 +push ref_fffd6988 ; push 0xfffd6988 +call fcn_fffc5baf ; call 0xfffc5baf add esp, 0x10 mov edx, eax test eax, eax -je loc_fffc560d ; je 0xfffc560d +je loc_fffc5c6b ; je 0xfffc5c6b mov eax, dword [ebp + 0x14] mov esi, 0x166 mov dword [edx + 0x1c], 0 mov dword [edx + 0x18], eax -loc_fffc571b: ; not directly referenced +loc_fffc5d79: ; not directly referenced mov eax, dword [0xfed70044] test al, 2 -je short loc_fffc5756 ; je 0xfffc5756 +je short loc_fffc5db4 ; je 0xfffc5db4 mov esi, dword [edx + 0x18] xor edi, edi mov dword [0xfed70080], esi mov dword [0xfed70084], edi mov dword [0xfed7000c], 3 cmp dword [ebp + 0x18], 0x20 -jne short loc_fffc574f ; jne 0xfffc574f +jne short loc_fffc5dad ; jne 0xfffc5dad mov dword [0xfed70040], 0 -loc_fffc574f: ; not directly referenced +loc_fffc5dad: ; not directly referenced mov esi, 0x48 -jmp short loc_fffc578e ; jmp 0xfffc578e +jmp short loc_fffc5dec ; jmp 0xfffc5dec -loc_fffc5756: ; not directly referenced +loc_fffc5db4: ; not directly referenced mov eax, dword [ebp - 0x24] mov dword [ebp - 0x34], edx push edx @@ -50580,10 +50958,10 @@ call dword [eax + 4] ; ucall mov edx, dword [ebp - 0x34] add esp, 0x10 dec esi -jne short loc_fffc571b ; jne 0xfffc571b -jmp short loc_fffc574f ; jmp 0xfffc574f +jne short loc_fffc5d79 ; jne 0xfffc5d79 +jmp short loc_fffc5dad ; jmp 0xfffc5dad -loc_fffc5774: ; not directly referenced +loc_fffc5dd2: ; not directly referenced mov eax, dword [ebp - 0x24] push edi push 0x8c @@ -50592,17 +50970,17 @@ push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 dec esi -je loc_fffc560d ; je 0xfffc560d +je loc_fffc5c6b ; je 0xfffc5c6b -loc_fffc578e: ; not directly referenced +loc_fffc5dec: ; not directly referenced mov eax, dword [0xfed7000c] test eax, eax -jne short loc_fffc5774 ; jne 0xfffc5774 -jmp near loc_fffc560d ; jmp 0xfffc560d +jne short loc_fffc5dd2 ; jne 0xfffc5dd2 +jmp near loc_fffc5c6b ; jmp 0xfffc5c6b -loc_fffc579c: ; not directly referenced +loc_fffc5dfa: ; not directly referenced dec esi -je short loc_fffc57c4 ; je 0xfffc57c4 +je short loc_fffc5e22 ; je 0xfffc5e22 mov eax, dword [ebp - 0x24] push ecx push 0x3e8 @@ -50610,30 +50988,30 @@ push eax push dword [ebp + 8] call dword [eax + 4] ; ucall mov dword [esp], ebx -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 -loc_fffc57ba: ; not directly referenced +loc_fffc5e18: ; not directly referenced mov edx, eax shr edx, 0x18 and dl, 0xf0 -je short loc_fffc579c ; je 0xfffc579c +je short loc_fffc5dfa ; je 0xfffc5dfa -loc_fffc57c4: ; not directly referenced +loc_fffc5e22: ; not directly referenced shr eax, 0x19 push edx and eax, 7 push edx push eax push dword [ebp + 8] -call fcn_fffb8736 ; call 0xfffb8736 +call fcn_fffb6839 ; call 0xfffb6839 add esp, 0x10 -jmp short loc_fffc57dc ; jmp 0xfffc57dc +jmp short loc_fffc5e3a ; jmp 0xfffc5e3a -loc_fffc57da: ; not directly referenced +loc_fffc5e38: ; not directly referenced xor eax, eax -loc_fffc57dc: ; not directly referenced +loc_fffc5e3a: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -50641,7 +51019,7 @@ pop edi pop ebp ret -fcn_fffc57e4: ; not directly referenced +fcn_fffc5e42: ; not directly referenced push ebp mov ebp, esp push edi @@ -50649,107 +51027,110 @@ push esi push ebx sub esp, 0x4c mov edi, dword [ebp + 8] -mov dword [ebp - 0x40], 0 -mov eax, dword [edi + 0x5edc] +mov dword [ebp - 0x3c], 0 +mov eax, dword [edi + 0x5edd] mov esi, dword [edi + 0x18a7] -mov dword [ebp - 0x44], eax +mov dword [ebp - 0x40], eax mov eax, dword [edi + 0x188b] mov dword [ebp - 0x34], eax -mov al, byte [edi + 0x36c9] +mov al, byte [edi + 0x36ca] inc eax cmp byte [edi + 0x1965], 1 -mov byte [edi + 0x36c9], al -jne short loc_fffc5831 ; jne 0xfffc5831 +mov byte [edi + 0x36ca], al +jne short loc_fffc5e8f ; jne 0xfffc5e8f xor ebx, ebx cmp dword [ebp - 0x34], 1 sete bl -mov dword [ebp - 0x40], ebx +mov dword [ebp - 0x3c], ebx -loc_fffc5831: ; not directly referenced -cmp dword [edi + 0x2480], 3 +loc_fffc5e8f: ; not directly referenced +cmp dword [edi + 0x2481], 3 sete bl dec al movzx ecx, bl -mov dword [ebp - 0x48], ecx +mov dword [ebp - 0x44], ecx mov ecx, 0xa -jne short loc_fffc58c2 ; jne 0xfffc58c2 +jne short loc_fffc5f20 ; jne 0xfffc5f20 cmp dword [ebp - 0x34], 1 -jne short loc_fffc58ac ; jne 0xfffc58ac -cmp dword [edi + 0x3756], 2 -jne short loc_fffc587e ; jne 0xfffc587e +jne short loc_fffc5f0a ; jne 0xfffc5f0a +cmp dword [edi + 0x3757], 2 +jne short loc_fffc5edc ; jne 0xfffc5edc cmp byte [edi + 0x190c], 0 -jne short loc_fffc587e ; jne 0xfffc587e -mov eax, dword [ebp - 0x44] +jne short loc_fffc5edc ; jne 0xfffc5edc +mov eax, dword [ebp - 0x40] mov edx, 0x4004 and byte [eax + 0xbf], 0xdf mov ecx, dword [eax + 0xbc] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc587e: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffc58ac ; jne 0xfffc58ac +loc_fffc5edc: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc5f0a ; jne 0xfffc5f0a cmp byte [edi + 0x190c], 0 -jne short loc_fffc58ac ; jne 0xfffc58ac -mov eax, dword [ebp - 0x44] +jne short loc_fffc5f0a ; jne 0xfffc5f0a +mov eax, dword [ebp - 0x40] mov edx, 0x4404 and byte [eax + 0x18b], 0xdf mov ecx, dword [eax + 0x188] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc58ac: ; not directly referenced +loc_fffc5f0a: ; not directly referenced cmp dword [ebp - 0x34], 0 sete dl xor eax, eax or dl, bl -jne loc_fffc6049 ; jne 0xfffc6049 +jne loc_fffc66a6 ; jne 0xfffc66a6 mov ecx, 6 -loc_fffc58c2: ; not directly referenced -mov al, byte [edi + 0x248d] -sub esp, 0xc -mov byte [ebp - 0x35], al +loc_fffc5f20: ; not directly referenced movzx eax, byte [edi + 0x248e] +movzx ebx, byte [edi + 0x248f] +push edx +push edx +push eax push 1 -mov dword [ebp - 0x3c], eax -mov edx, eax +mov edx, ebx +mov byte [ebp - 0x45], al +mov dword [ebp - 0x30], eax mov eax, edi -call fcn_fffb2759 ; call 0xfffb2759 +mov dword [ebp - 0x38], ebx +call fcn_fffaea71 ; call 0xfffaea71 add esp, 0x10 -cmp dword [ebp - 0x48], 0 -jne loc_fffc5bb3 ; jne 0xfffc5bb3 -cmp dword [edi + 0x3756], 2 -je short loc_fffc590b ; je 0xfffc590b -cmp dword [edi + 0x4b19], 2 +cmp dword [ebp - 0x44], 0 +jne loc_fffc6217 ; jne 0xfffc6217 +cmp dword [edi + 0x3757], 2 +je short loc_fffc5f6d ; je 0xfffc5f6d +cmp dword [edi + 0x4b1a], 2 mov al, 0x40 -jne short loc_fffc5928 ; jne 0xfffc5928 +jne short loc_fffc5f8a ; jne 0xfffc5f8a mov eax, 1 -jmp short loc_fffc590d ; jmp 0xfffc590d +jmp short loc_fffc5f6f ; jmp 0xfffc5f6f -loc_fffc590b: ; not directly referenced +loc_fffc5f6d: ; not directly referenced xor eax, eax -loc_fffc590d: ; not directly referenced +loc_fffc5f6f: ; not directly referenced imul eax, eax, 0x13c3 mov dl, 0x55 imul esi, esi, 0x2e add esi, eax mov al, 0x40 -cmp word [edi + esi + 0x375e], 2 +cmp word [edi + esi + 0x375f], 2 cmove eax, edx -loc_fffc5928: ; not directly referenced +loc_fffc5f8a: ; not directly referenced mov byte [ebp - 0x21], al -lea esi, [edi + 0x381a] +lea esi, [edi + 0x381b] xor ebx, ebx mov byte [ebp - 0x22], al mov byte [ebp - 0x1f], 0x40 mov byte [ebp - 0x20], 0x40 -loc_fffc593e: ; not directly referenced +loc_fffc5fa0: ; not directly referenced cmp dword [esi - 0xc4], 2 -jne short loc_fffc59b4 ; jne 0xfffc59b4 +jne short loc_fffc6016 ; jne 0xfffc6016 push ecx push 1 movzx eax, byte [esi + 0x17d] @@ -50761,7 +51142,7 @@ push eax push 0 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx - 0x22] add esp, 0x1c push 1 @@ -50772,7 +51153,7 @@ push eax push 2 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx - 0x22] add esp, 0x1c push 1 @@ -50783,7 +51164,7 @@ push eax push 1 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx - 0x20] add esp, 0x1c push 1 @@ -50794,87 +51175,86 @@ push eax push 4 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffc59b4: ; not directly referenced +loc_fffc6016: ; not directly referenced inc ebx add esi, 0x13c3 cmp ebx, 2 -jne loc_fffc593e ; jne 0xfffc593e -movzx ebx, byte [ebp - 0x35] +jne loc_fffc5fa0 ; jne 0xfffc5fa0 +mov ecx, dword [ebp - 0x30] mov eax, edi push edx push edx xor edx, edx push 0 push 1 -mov ecx, ebx -call fcn_fffcf9c9 ; call 0xfffcf9c9 -mov cl, byte [ebp - 0x40] +call fcn_fffcfc57 ; call 0xfffcfc57 +mov cl, byte [ebp - 0x3c] add esp, 0x10 and ecx, 1 mov byte [ebp - 0x2c], cl test eax, eax setne dl test cl, dl -jne loc_fffc6049 ; jne 0xfffc6049 -cmp byte [edi + 0x36c9], 2 -je short loc_fffc5a0d ; je 0xfffc5a0d +jne loc_fffc66a6 ; jne 0xfffc66a6 +cmp byte [edi + 0x36ca], 2 +je short loc_fffc606c ; je 0xfffc606c -loc_fffc59fb: ; not directly referenced -cmp byte [edi + 0x36c9], 2 -jne loc_fffc5ac2 ; jne 0xfffc5ac2 -jmp near loc_fffc5aa1 ; jmp 0xfffc5aa1 +loc_fffc605a: ; not directly referenced +cmp byte [edi + 0x36ca], 2 +jne loc_fffc6126 ; jne 0xfffc6126 +jmp near loc_fffc6105 ; jmp 0xfffc6105 -loc_fffc5a0d: ; not directly referenced -push eax +loc_fffc606c: ; not directly referenced +mov ecx, dword [ebp - 0x30] +lea ebx, [ebp - 0x22] mov edx, 2 push eax -mov ecx, ebx -lea esi, [ebp - 0x22] +push eax mov eax, edi -push esi +push ebx push 1 -call fcn_fffcf9c9 ; call 0xfffcf9c9 +call fcn_fffcfc57 ; call 0xfffcfc57 add esp, 0x10 test eax, eax setne dl test byte [ebp - 0x2c], dl -jne loc_fffc6049 ; jne 0xfffc6049 -push eax +jne loc_fffc66a6 ; jne 0xfffc66a6 +mov ecx, dword [ebp - 0x30] mov edx, 1 push eax -mov ecx, ebx -push esi +push eax mov eax, edi +push ebx push 1 -call fcn_fffcf9c9 ; call 0xfffcf9c9 +call fcn_fffcfc57 ; call 0xfffcfc57 add esp, 0x10 test eax, eax setne dl test byte [ebp - 0x2c], dl -jne loc_fffc6049 ; jne 0xfffc6049 +jne loc_fffc66a6 ; jne 0xfffc66a6 xor ebx, ebx lea esi, [ebp - 0x20] -loc_fffc5a5d: ; not directly referenced +loc_fffc60be: ; not directly referenced mov cl, bl mov eax, 1 shl eax, cl mov cl, 0xc cmp bl, 2 cmovne ecx, eax -and cl, byte [ebp - 0x35] -jne short loc_fffc5a7b ; jne 0xfffc5a7b +and cl, byte [ebp - 0x45] +jne short loc_fffc60df ; jne 0xfffc60df -loc_fffc5a73: ; not directly referenced +loc_fffc60d4: ; not directly referenced inc ebx cmp ebx, 3 -jne short loc_fffc5a5d ; jne 0xfffc5a5d -jmp short loc_fffc59fb ; jmp 0xfffc59fb +jne short loc_fffc60be ; jne 0xfffc60be +jmp near loc_fffc605a ; jmp 0xfffc605a -loc_fffc5a7b: ; not directly referenced +loc_fffc60df: ; not directly referenced push eax mov edx, 4 push eax @@ -50882,66 +51262,66 @@ movzx ecx, cl push esi mov eax, edi push 1 -call fcn_fffcf9c9 ; call 0xfffcf9c9 +call fcn_fffcfc57 ; call 0xfffcfc57 add esp, 0x10 test eax, eax setne dl test byte [ebp - 0x2c], dl -je short loc_fffc5a73 ; je 0xfffc5a73 -jmp near loc_fffc6049 ; jmp 0xfffc6049 +je short loc_fffc60d4 ; je 0xfffc60d4 +jmp near loc_fffc66a6 ; jmp 0xfffc66a6 -loc_fffc5aa1: ; not directly referenced -lea ebx, [edi + 0x3756] +loc_fffc6105: ; not directly referenced +lea ebx, [edi + 0x3757] mov dword [ebp - 0x2c], 0 -loc_fffc5aae: ; not directly referenced +loc_fffc6112: ; not directly referenced cmp dword [ebx], 2 -je short loc_fffc5ae2 ; je 0xfffc5ae2 +je short loc_fffc6146 ; je 0xfffc6146 -loc_fffc5ab3: ; not directly referenced +loc_fffc6117: ; not directly referenced inc dword [ebp - 0x2c] add ebx, 0x13c3 cmp dword [ebp - 0x2c], 2 -jne short loc_fffc5aae ; jne 0xfffc5aae +jne short loc_fffc6112 ; jne 0xfffc6112 -loc_fffc5ac2: ; not directly referenced -cmp dword [edi + 0x3756], 2 -jne loc_fffc5b8b ; jne 0xfffc5b8b +loc_fffc6126: ; not directly referenced +cmp dword [edi + 0x3757], 2 +jne loc_fffc61ef ; jne 0xfffc61ef xor ecx, ecx mov edx, 0x4198 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc5b8b ; jmp 0xfffc5b8b +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffc61ef ; jmp 0xfffc61ef -loc_fffc5ae2: ; not directly referenced +loc_fffc6146: ; not directly referenced mov eax, dword [ebx + 0x109] cmp dword [ebx + 0x111], eax cmovbe eax, dword [ebx + 0x111] -cmp dword [ebp - 0x48], 0 -je short loc_fffc5b20 ; je 0xfffc5b20 +cmp dword [ebp - 0x44], 0 +je short loc_fffc6184 ; je 0xfffc6184 mov esi, dword [ebx + 0x115] cmp dword [ebx + 0x11d], esi cmovbe esi, dword [ebx + 0x11d] cmp esi, eax cmova esi, eax -loc_fffc5b13: ; not directly referenced +loc_fffc6177: ; not directly referenced mov al, byte [ebx + 0xc4] xor ecx, ecx mov byte [ebp - 0x30], al -jmp short loc_fffc5b2d ; jmp 0xfffc5b2d +jmp short loc_fffc6191 ; jmp 0xfffc6191 -loc_fffc5b20: ; not directly referenced +loc_fffc6184: ; not directly referenced mov esi, dword [ebx + 0x119] cmp eax, esi cmovbe esi, eax -jmp short loc_fffc5b13 ; jmp 0xfffc5b13 +jmp short loc_fffc6177 ; jmp 0xfffc6177 -loc_fffc5b2d: ; not directly referenced +loc_fffc6191: ; not directly referenced mov edx, 1 shl edx, cl test byte [ebp - 0x30], dl -je short loc_fffc5b53 ; je 0xfffc5b53 +je short loc_fffc61b7 ; je 0xfffc61b7 movzx eax, byte [ebx + ecx + 0x249] movzx edx, byte [ebx + ecx + 0x245] cmp eax, edx @@ -50949,10 +51329,10 @@ cmovbe edx, eax cmp esi, edx cmova esi, edx -loc_fffc5b53: ; not directly referenced +loc_fffc61b7: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffc5b2d ; jne 0xfffc5b2d +jne short loc_fffc6191 ; jne 0xfffc6191 push 1 mov edx, dword [ebp - 0x2c] mov eax, esi @@ -50962,44 +51342,41 @@ push eax mov cl, 0xff push 1 mov eax, edi -call fcn_fffb0cb4 ; call 0xfffb0cb4 -mov edx, dword [ebp - 0x44] +call fcn_fffac68e ; call 0xfffac68e +mov edx, dword [ebp - 0x40] mov ecx, esi imul eax, dword [ebp - 0x2c], 0xcc add esp, 0x10 mov byte [edx + eax + 0xe2], cl -jmp near loc_fffc5ab3 ; jmp 0xfffc5ab3 +jmp near loc_fffc6117 ; jmp 0xfffc6117 -loc_fffc5b8b: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffc5ba2 ; jne 0xfffc5ba2 +loc_fffc61ef: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc6206 ; jne 0xfffc6206 xor ecx, ecx mov edx, 0x4598 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc5ba2: ; not directly referenced +loc_fffc6206: ; not directly referenced sub esp, 0xc push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp near loc_fffc6049 ; jmp 0xfffc6049 +jmp near loc_fffc66a6 ; jmp 0xfffc66a6 -loc_fffc5bb3: ; not directly referenced -mov eax, dword [edi + 0x385f] +loc_fffc6217: ; not directly referenced +mov eax, dword [edi + 0x3860] mov edx, 3 xor ebx, ebx -mov ecx, dword [ebp - 0x3c] +mov ecx, dword [ebp - 0x38] mov byte [ebp - 0x1e], al -mov eax, dword [edi + 0x3867] +mov eax, dword [edi + 0x3868] mov byte [ebp - 0x1a], al -mov eax, dword [edi + 0x4c22] +mov eax, dword [edi + 0x4c23] mov byte [ebp - 0x1d], al -mov eax, dword [edi + 0x4c2a] +mov eax, dword [edi + 0x4c2b] mov byte [ebp - 0x19], al -movzx eax, byte [ebp - 0x35] -mov esi, eax -mov dword [ebp - 0x30], eax push eax push 1 push 1 @@ -51009,23 +51386,23 @@ lea eax, [ebp - 0x1e] push eax mov eax, edi push 1 -push esi -call fcn_fffcfd43 ; call 0xfffcfd43 +push dword [ebp - 0x30] +call fcn_fffcffd1 ; call 0xfffcffd1 add esp, 0x20 mov dword [ebp - 0x2c], 0 -loc_fffc5c0b: ; not directly referenced +loc_fffc6268: ; not directly referenced imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5c89 ; jne 0xfffc5c89 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc62e6 ; jne 0xfffc62e6 imul ecx, ebx, 0x48 mov esi, 0xa xor edx, edx -mov eax, dword [edi + ecx + 0x3210] +mov eax, dword [edi + ecx + 0x3211] div esi xor edx, edx mov dword [ebp - 0x50], eax -mov eax, dword [edi + ecx + 0x3214] +mov eax, dword [edi + ecx + 0x3215] mov ecx, 2 div esi mov esi, dword [ebp - 0x50] @@ -51053,24 +51430,24 @@ push dword [ebp - 0x30] push 3 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffc5c89: ; not directly referenced +loc_fffc62e6: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffc5c0b ; jne 0xfffc5c0b -mov al, byte [ebp - 0x40] +jne loc_fffc6268 ; jne 0xfffc6268 +mov al, byte [ebp - 0x3c] and eax, 1 mov bl, al -mov byte [ebp - 0x40], al +mov byte [ebp - 0x3c], al mov eax, dword [ebp - 0x2c] test eax, eax setne dl test bl, dl -jne loc_fffc6049 ; jne 0xfffc6049 +jne loc_fffc66a6 ; jne 0xfffc66a6 push eax -mov ecx, dword [ebp - 0x3c] +mov ecx, dword [ebp - 0x38] mov edx, 2 push 1 xor ebx, ebx @@ -51082,21 +51459,21 @@ push eax mov eax, edi push 1 push dword [ebp - 0x30] -call fcn_fffcfd43 ; call 0xfffcfd43 +call fcn_fffcffd1 ; call 0xfffcffd1 add esp, 0x20 -loc_fffc5cd4: ; not directly referenced +loc_fffc6331: ; not directly referenced imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5d52 ; jne 0xfffc5d52 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc63af ; jne 0xfffc63af imul ecx, ebx, 0x48 mov esi, 0xa xor edx, edx -mov eax, dword [edi + ecx + 0x3210] +mov eax, dword [edi + ecx + 0x3211] div esi xor edx, edx mov dword [ebp - 0x50], eax -mov eax, dword [edi + ecx + 0x3214] +mov eax, dword [edi + ecx + 0x3215] mov ecx, 2 div esi mov esi, dword [ebp - 0x50] @@ -51124,29 +51501,29 @@ push dword [ebp - 0x30] push 2 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffc5d52: ; not directly referenced +loc_fffc63af: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffc5cd4 ; jne 0xfffc5cd4 +jne loc_fffc6331 ; jne 0xfffc6331 mov eax, dword [ebp - 0x2c] test eax, eax setne dl -test byte [ebp - 0x40], dl -jne loc_fffc6049 ; jne 0xfffc6049 -mov eax, dword [edi + 0x386b] +test byte [ebp - 0x3c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +mov eax, dword [edi + 0x386c] mov edx, 2 xor bl, bl mov byte [ebp - 0x1a], al -mov eax, dword [edi + 0x3873] +mov eax, dword [edi + 0x3874] mov byte [ebp - 0x1c], al -mov eax, dword [edi + 0x4c2e] +mov eax, dword [edi + 0x4c2f] mov byte [ebp - 0x19], al -mov eax, dword [edi + 0x4c36] +mov eax, dword [edi + 0x4c37] push ecx -mov ecx, dword [ebp - 0x3c] +mov ecx, dword [ebp - 0x38] push 1 push 1 push 0x14 @@ -51157,21 +51534,21 @@ push eax mov eax, edi push 2 push dword [ebp - 0x30] -call fcn_fffcfd43 ; call 0xfffcfd43 +call fcn_fffcffd1 ; call 0xfffcffd1 add esp, 0x20 -loc_fffc5db7: ; not directly referenced +loc_fffc6414: ; not directly referenced imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5e35 ; jne 0xfffc5e35 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc6492 ; jne 0xfffc6492 imul ecx, ebx, 0x48 mov esi, 0xa xor edx, edx -mov eax, dword [edi + ecx + 0x3210] +mov eax, dword [edi + ecx + 0x3211] div esi xor edx, edx mov dword [ebp - 0x50], eax -mov eax, dword [edi + ecx + 0x3214] +mov eax, dword [edi + ecx + 0x3215] mov ecx, 2 div esi mov esi, dword [ebp - 0x50] @@ -51199,20 +51576,20 @@ push dword [ebp - 0x30] push 2 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffc5e35: ; not directly referenced +loc_fffc6492: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffc5db7 ; jne 0xfffc5db7 +jne loc_fffc6414 ; jne 0xfffc6414 mov eax, dword [ebp - 0x2c] test eax, eax setne dl -test byte [ebp - 0x40], dl -jne loc_fffc6049 ; jne 0xfffc6049 +test byte [ebp - 0x3c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 push eax -mov ecx, dword [ebp - 0x3c] +mov ecx, dword [ebp - 0x38] mov edx, 1 push 1 xor bl, bl @@ -51224,32 +51601,32 @@ push eax mov eax, edi push 2 push dword [ebp - 0x30] -call fcn_fffcfd43 ; call 0xfffcfd43 +call fcn_fffcffd1 ; call 0xfffcffd1 add esp, 0x20 -loc_fffc5e76: ; not directly referenced +loc_fffc64d3: ; not directly referenced imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5ef4 ; jne 0xfffc5ef4 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc6551 ; jne 0xfffc6551 imul ecx, ebx, 0x48 mov esi, 0xa xor edx, edx -mov eax, dword [edi + ecx + 0x3210] +mov eax, dword [edi + ecx + 0x3211] div esi xor edx, edx mov dword [ebp - 0x4c], eax -mov eax, dword [edi + ecx + 0x3214] +mov eax, dword [edi + ecx + 0x3215] mov ecx, 2 div esi mov esi, dword [ebp - 0x4c] mov edx, esi movsx edx, dl -mov dword [ebp - 0x3c], eax -movsx eax, byte [ebp - 0x3c] +mov dword [ebp - 0x38], eax +movsx eax, byte [ebp - 0x38] sub eax, edx cdq idiv ecx -mov cl, byte [ebp - 0x3c] +mov cl, byte [ebp - 0x38] mov edx, 0xc add ecx, esi cmp cl, 0x11 @@ -51266,30 +51643,30 @@ push dword [ebp - 0x30] push 1 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffc5ef4: ; not directly referenced +loc_fffc6551: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffc5e76 ; jne 0xfffc5e76 +jne loc_fffc64d3 ; jne 0xfffc64d3 mov eax, dword [ebp - 0x2c] test eax, eax setne dl -test byte [ebp - 0x40], dl -jne loc_fffc6049 ; jne 0xfffc6049 -lea eax, [edi + 0x3756] +test byte [ebp - 0x3c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +lea eax, [edi + 0x3757] mov bx, 0x4908 mov dword [ebp - 0x2c], eax -loc_fffc5f1c: ; not directly referenced +loc_fffc6579: ; not directly referenced mov eax, dword [ebp - 0x2c] cmp dword [eax], 2 -jne loc_fffc5fc5 ; jne 0xfffc5fc5 +jne loc_fffc6622 ; jne 0xfffc6622 xor ecx, ecx mov edx, ebx mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 xor eax, eax mov edx, 0x80080020 mov ecx, eax @@ -51304,84 +51681,84 @@ lea esi, [ebx + ebx - 0x4900] push eax mov edx, esi mov eax, edi -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 mov edx, ebx mov ecx, 0x2c08 shl edx, 8 mov eax, edi sub edx, 0x48c668 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea edx, [ebx + 0x50] mov ecx, 0xff mov eax, edi -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b add esp, 0x10 cmp dword [ebp - 0x34], 1 -jne short loc_fffc5f9f ; jne 0xfffc5f9f +jne short loc_fffc65fc ; jne 0xfffc65fc lea edx, [ebx + 0x51] mov ecx, 0xff mov eax, edi -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc5f9f: ; not directly referenced +loc_fffc65fc: ; not directly referenced push ecx mov eax, edi push ecx push 0 push 0 lea edx, [esi - 0x38] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 pop eax mov eax, edi pop edx lea edx, [esi - 0x28] push 0 push 0x3f8 -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffc5fc5: ; not directly referenced +loc_fffc6622: ; not directly referenced add ebx, 4 add dword [ebp - 0x2c], 0x13c3 cmp ebx, 0x4910 -jne loc_fffc5f1c ; jne 0xfffc5f1c +jne loc_fffc6579 ; jne 0xfffc6579 xor bx, bx lea esi, [ebp - 0x20] -loc_fffc5fe1: ; not directly referenced +loc_fffc663e: ; not directly referenced mov eax, 1 mov cl, bl shl eax, cl -test byte [ebp - 0x35], al -jne short loc_fffc5ffa ; jne 0xfffc5ffa +test byte [ebp - 0x45], al +jne short loc_fffc6657 ; jne 0xfffc6657 -loc_fffc5fef: ; not directly referenced +loc_fffc664c: ; not directly referenced inc ebx cmp ebx, 4 -jne short loc_fffc5fe1 ; jne 0xfffc5fe1 -jmp near loc_fffc59fb ; jmp 0xfffc59fb +jne short loc_fffc663e ; jne 0xfffc663e +jmp near loc_fffc605a ; jmp 0xfffc605a -loc_fffc5ffa: ; not directly referenced -test byte [edi + 0x381a], al -jne short loc_fffc6008 ; jne 0xfffc6008 +loc_fffc6657: ; not directly referenced +test byte [edi + 0x381b], al +jne short loc_fffc6665 ; jne 0xfffc6665 mov byte [ebp - 0x20], 0 -jmp short loc_fffc6012 ; jmp 0xfffc6012 +jmp short loc_fffc666f ; jmp 0xfffc666f -loc_fffc6008: ; not directly referenced -mov dl, byte [edi + ebx + 0x399b] +loc_fffc6665: ; not directly referenced +mov dl, byte [edi + ebx + 0x399c] mov byte [ebp - 0x20], dl -loc_fffc6012: ; not directly referenced -test byte [edi + 0x4bdd], al -je short loc_fffc6026 ; je 0xfffc6026 -mov dl, byte [edi + ebx + 0x4d5e] +loc_fffc666f: ; not directly referenced +test byte [edi + 0x4bde], al +je short loc_fffc6683 ; je 0xfffc6683 +mov dl, byte [edi + ebx + 0x4d5f] mov byte [ebp - 0x1f], dl -jmp short loc_fffc602a ; jmp 0xfffc602a +jmp short loc_fffc6687 ; jmp 0xfffc6687 -loc_fffc6026: ; not directly referenced +loc_fffc6683: ; not directly referenced mov byte [ebp - 0x1f], 0 -loc_fffc602a: ; not directly referenced +loc_fffc6687: ; not directly referenced push edx mov ecx, eax push edx @@ -51389,14 +51766,14 @@ mov edx, 4 push esi push eax mov eax, edi -call fcn_fffcf9c9 ; call 0xfffcf9c9 +call fcn_fffcfc57 ; call 0xfffcfc57 add esp, 0x10 test eax, eax setne dl -test byte [ebp - 0x40], dl -je short loc_fffc5fef ; je 0xfffc5fef +test byte [ebp - 0x3c], dl +je short loc_fffc664c ; je 0xfffc664c -loc_fffc6049: ; not directly referenced +loc_fffc66a6: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -51404,7 +51781,7 @@ pop edi pop ebp ret -fcn_fffc6051: ; not directly referenced +fcn_fffc66ae: ; not directly referenced push ebp mov ebp, esp push edi @@ -51425,35 +51802,35 @@ mov byte [ebp - 0xb1], cl mov cl, byte [ebp + 0x14] mov byte [ebp - 0x6d], al mov byte [ebp - 0x6f], cl -mov ecx, dword [edi + 0x2443] +mov ecx, dword [edi + 0x2444] mov dword [ebp - 0xb8], ecx cmp al, 0x21 -ja short loc_fffc60a5 ; ja 0xfffc60a5 +ja short loc_fffc6702 ; ja 0xfffc6702 movzx eax, byte [ebp - 0x5c] -mov dl, byte [eax + ref_fffd5f1c] ; mov dl, byte [eax - 0x2a0e4] +mov dl, byte [eax + ref_fffd58e0] ; mov dl, byte [eax - 0x2a720] -loc_fffc60a5: ; not directly referenced +loc_fffc6702: ; not directly referenced mov eax, dword [edi + 0x188b] -cmp byte [edi + 0x248b], 1 -mov esi, dword [edi + 0x2480] +cmp byte [edi + 0x248c], 1 +mov esi, dword [edi + 0x2481] mov dword [ebp - 0x88], eax -jne short loc_fffc60da ; jne 0xfffc60da -mov al, byte [edi + 0x248c] +jne short loc_fffc6737 ; jne 0xfffc6737 +mov al, byte [edi + 0x248d] lea ecx, [eax + 4] mov byte [ebp - 0x24], al mov byte [ebp - 0x23], al add eax, 2 mov byte [ebp - 0x22], cl mov byte [ebp - 0x21], al -jmp short loc_fffc60ea ; jmp 0xfffc60ea +jmp short loc_fffc6747 ; jmp 0xfffc6747 -loc_fffc60da: ; not directly referenced +loc_fffc6737: ; not directly referenced mov byte [ebp - 0x24], 1 mov byte [ebp - 0x23], 1 mov byte [ebp - 0x22], 1 mov byte [ebp - 0x21], 1 -loc_fffc60ea: ; not directly referenced +loc_fffc6747: ; not directly referenced mov eax, dword [ebp - 0x5c] mov dword [ebp - 0x9c], 1 cmp al, 0x21 @@ -51461,29 +51838,29 @@ sete cl cmp al, 0x11 sete al or cl, al -jne short loc_fffc6114 ; jne 0xfffc6114 +jne short loc_fffc6771 ; jne 0xfffc6771 xor eax, eax cmp byte [ebp - 0x5c], 5 sete al mov dword [ebp - 0x9c], eax -loc_fffc6114: ; not directly referenced +loc_fffc6771: ; not directly referenced cmp byte [ebp - 0x5c], 0xd mov dword [ebp - 0x74], 0 -jne short loc_fffc613b ; jne 0xfffc613b +jne short loc_fffc6798 ; jne 0xfffc6798 movzx eax, byte [ebp - 0x4c] mov dword [ebp - 0x54], edx -call fcn_fffaeba2 ; call 0xfffaeba2 +call fcn_fffb38d9 ; call 0xfffb38d9 mov edx, dword [ebp - 0x54] cmp al, 1 seta al movzx eax, al mov dword [ebp - 0x74], eax -loc_fffc613b: ; not directly referenced +loc_fffc6798: ; not directly referenced mov eax, 2 cmp bl, 3 -ja loc_fffc6e98 ; ja 0xfffc6e98 +ja loc_fffc74f5 ; ja 0xfffc74f5 mov al, byte [ebp - 0x5c] movzx edx, dl mov dword [ebp - 0x68], 1 @@ -51525,7 +51902,7 @@ mov dword [ebp - 0x84], 0 mov byte [ebp - 0x58], 0 mov dword [ebp - 0xe0], eax -loc_fffc61f5: ; not directly referenced +loc_fffc6852: ; not directly referenced mov esi, dword [ebp - 0xb8] mov ebx, dword [ebp - 0x4c] push eax @@ -51545,7 +51922,7 @@ mov eax, esi call dword [eax + 0x5c] ; ucall mov cl, byte [ebp - 0x6f] add esp, 0x10 -lea esi, [edi + 0x3756] +lea esi, [edi + 0x3757] mov dword [ebp - 0xa8], esi mov dword [ebp - 0x50], esi mov al, cl @@ -51563,7 +51940,7 @@ movzx eax, byte [ebp - 0x58] imul eax, eax, 0x12 mov dword [ebp - 0xcc], eax -loc_fffc6267: ; not directly referenced +loc_fffc68c4: ; not directly referenced mov al, byte [ebp - 0x6f] mov byte [ebp + ebx - 0x3e], 0x7f mov dword [ebp + ebx*4 - 0x20], 0 @@ -51572,22 +51949,22 @@ mov byte [ebp + ebx - 0x42], al mov eax, dword [ebp - 0x6c] mov byte [ebp + ebx - 0x3c], 0 bt eax, ebx -jb short loc_fffc629e ; jb 0xfffc629e +jb short loc_fffc68fb ; jb 0xfffc68fb mov word [ebp + ebx*2 - 0x28], 1 mov byte [ebp + ebx - 0x40], 1 -jmp near loc_fffc64cc ; jmp 0xfffc64cc +jmp near loc_fffc6b29 ; jmp 0xfffc6b29 -loc_fffc629e: ; not directly referenced +loc_fffc68fb: ; not directly referenced cmp byte [ebp - 0x6d], 1 -jne short loc_fffc62dd ; jne 0xfffc62dd -mov al, byte [edi + 0x2488] +jne short loc_fffc693a ; jne 0xfffc693a +mov al, byte [edi + 0x2489] xor esi, esi mov byte [ebp - 0x78], al -loc_fffc62af: ; not directly referenced +loc_fffc690c: ; not directly referenced mov eax, esi cmp byte [ebp - 0x78], al -jbe loc_fffc646d ; jbe 0xfffc646d +jbe loc_fffc6aca ; jbe 0xfffc6aca push eax movzx eax, byte [ebp + ebx - 0x42] mov ecx, 0xff @@ -51597,48 +51974,48 @@ mov eax, edi push dword [ebp - 0x4c] push esi inc esi -call fcn_fffaec68 ; call 0xfffaec68 +call fcn_fffb399f ; call 0xfffb399f add esp, 0x10 mov byte [ebp + ebx - 0x42], al -jmp short loc_fffc62af ; jmp 0xfffc62af +jmp short loc_fffc690c ; jmp 0xfffc690c -loc_fffc62dd: ; not directly referenced +loc_fffc693a: ; not directly referenced cmp byte [ebp - 0x6d], 0xd -je short loc_fffc62f9 ; je 0xfffc62f9 +je short loc_fffc6956 ; je 0xfffc6956 cmp dword [ebp - 0x88], 1 sete al test byte [ebp - 0x9c], al -je loc_fffc637d ; je 0xfffc637d +je loc_fffc69da ; je 0xfffc69da -loc_fffc62f9: ; not directly referenced +loc_fffc6956: ; not directly referenced cmp byte [ebp - 0x6d], 0xd -mov edx, dword [edi + 0x5edc] -jne short loc_fffc630d ; jne 0xfffc630d +mov edx, dword [edi + 0x5edd] +jne short loc_fffc696a ; jne 0xfffc696a mov al, byte [edx + 0x14] and eax, 0x7f -jmp short loc_fffc6334 ; jmp 0xfffc6334 +jmp short loc_fffc6991 ; jmp 0xfffc6991 -loc_fffc630d: ; not directly referenced +loc_fffc696a: ; not directly referenced test bl, bl -jne short loc_fffc6323 ; jne 0xfffc6323 +jne short loc_fffc6980 ; jne 0xfffc6980 mov al, byte [edx + 0x15] movzx edx, byte [edx + 0x16] shr al, 6 and edx, 0x1f shl edx, 2 -jmp short loc_fffc6332 ; jmp 0xfffc6332 +jmp short loc_fffc698f ; jmp 0xfffc698f -loc_fffc6323: ; not directly referenced +loc_fffc6980: ; not directly referenced mov al, byte [edx + 0x14] movzx edx, byte [edx + 0x15] shr al, 7 and edx, 0x3f add edx, edx -loc_fffc6332: ; not directly referenced +loc_fffc698f: ; not directly referenced or eax, edx -loc_fffc6334: ; not directly referenced +loc_fffc6991: ; not directly referenced mov esi, dword [ebp - 0xb0] mov dl, al or edx, 0xffffff80 @@ -51652,26 +52029,26 @@ setl cl xor esi, 1 mov edx, esi test dl, cl -je short loc_fffc6361 ; je 0xfffc6361 +je short loc_fffc69be ; je 0xfffc69be lea edx, [eax + 0x36] -jmp short loc_fffc6374 ; jmp 0xfffc6374 +jmp short loc_fffc69d1 ; jmp 0xfffc69d1 -loc_fffc6361: ; not directly referenced +loc_fffc69be: ; not directly referenced cmp byte [ebp - 0x78], 0x36 mov dl, byte [ebp - 0x6f] setg cl test byte [ebp - 0x4c], cl -je short loc_fffc6374 ; je 0xfffc6374 +je short loc_fffc69d1 ; je 0xfffc69d1 mov dl, 0x36 sub edx, eax -loc_fffc6374: ; not directly referenced +loc_fffc69d1: ; not directly referenced mov byte [ebp + ebx - 0x42], dl -jmp near loc_fffc646d ; jmp 0xfffc646d +jmp near loc_fffc6aca ; jmp 0xfffc6aca -loc_fffc637d: ; not directly referenced +loc_fffc69da: ; not directly referenced cmp byte [ebp - 0x6d], 0xc -jne loc_fffc646d ; jne 0xfffc646d +jne loc_fffc6aca ; jne 0xfffc6aca cmp dword [ebp - 0x8c], 1 mov ecx, dword [ebp - 0x50] sbb eax, eax @@ -51682,28 +52059,28 @@ mov cl, byte [ecx + 0xc4] add byte [ebp - 0x78], 4 cmp byte [ebp - 0x80], 0 mov byte [ebp - 0x98], cl -jne short loc_fffc6409 ; jne 0xfffc6409 +jne short loc_fffc6a66 ; jne 0xfffc6a66 cmp eax, esi cmovae eax, esi xor ecx, ecx mov esi, 1 -loc_fffc63c4: ; not directly referenced +loc_fffc6a21: ; not directly referenced mov edx, esi shl edx, cl test byte [ebp - 0x98], dl -je short loc_fffc63df ; je 0xfffc63df +je short loc_fffc6a3c ; je 0xfffc6a3c mov edx, dword [ebp - 0x50] mov dl, byte [edx + ecx + 0x245] cmp al, dl cmova eax, edx -loc_fffc63df: ; not directly referenced +loc_fffc6a3c: ; not directly referenced inc ecx cmp byte [ebp - 0x78], cl -ja short loc_fffc63c4 ; ja 0xfffc63c4 +ja short loc_fffc6a21 ; ja 0xfffc6a21 cmp dword [ebp - 0x8c], 0 -je short loc_fffc645e ; je 0xfffc645e +je short loc_fffc6abb ; je 0xfffc6abb mov esi, dword [ebp - 0x50] mov edx, dword [esi + 0x109] cmp al, dl @@ -51711,31 +52088,31 @@ cmovae eax, edx mov edx, dword [esi + 0x115] cmp al, dl cmovae eax, edx -jmp short loc_fffc645e ; jmp 0xfffc645e +jmp short loc_fffc6abb ; jmp 0xfffc6abb -loc_fffc6409: ; not directly referenced +loc_fffc6a66: ; not directly referenced cmp eax, esi mov dl, al cmovbe edx, esi xor ecx, ecx mov esi, 1 -loc_fffc6417: ; not directly referenced +loc_fffc6a74: ; not directly referenced mov eax, esi shl eax, cl test byte [ebp - 0x98], al -je short loc_fffc6432 ; je 0xfffc6432 +je short loc_fffc6a8f ; je 0xfffc6a8f mov eax, dword [ebp - 0x50] mov al, byte [eax + ecx + 0x245] cmp dl, al cmovb edx, eax -loc_fffc6432: ; not directly referenced +loc_fffc6a8f: ; not directly referenced inc ecx cmp byte [ebp - 0x78], cl -ja short loc_fffc6417 ; ja 0xfffc6417 +ja short loc_fffc6a74 ; ja 0xfffc6a74 cmp dword [ebp - 0x8c], 0 -je short loc_fffc645a ; je 0xfffc645a +je short loc_fffc6ab7 ; je 0xfffc6ab7 mov esi, dword [ebp - 0x50] mov eax, dword [esi + 0x109] cmp dl, al @@ -51744,18 +52121,18 @@ mov eax, dword [esi + 0x115] cmp dl, al cmovbe edx, eax -loc_fffc645a: ; not directly referenced +loc_fffc6ab7: ; not directly referenced mov al, 0x7f sub eax, edx -loc_fffc645e: ; not directly referenced +loc_fffc6abb: ; not directly referenced movzx esi, byte [ebp - 0x6f] mov ecx, esi cmp al, cl cmova eax, esi mov byte [ebp + ebx - 0x42], al -loc_fffc646d: ; not directly referenced +loc_fffc6aca: ; not directly referenced mov esi, dword [ebp - 0x60] mov ecx, 0xa xor edx, edx @@ -51764,12 +52141,12 @@ div ecx mov dword [esi], eax movzx edx, byte [ebp + ebx - 0x42] cmp eax, edx -jbe short loc_fffc6488 ; jbe 0xfffc6488 +jbe short loc_fffc6ae5 ; jbe 0xfffc6ae5 mov dword [esi], edx -loc_fffc6488: ; not directly referenced +loc_fffc6ae5: ; not directly referenced cmp dword [ebp - 0x74], 0 -je short loc_fffc64ab ; je 0xfffc64ab +je short loc_fffc6b08 ; je 0xfffc6b08 mov eax, dword [ebp - 0x60] mov esi, dword [ebp - 0x54] mov edx, dword [eax] @@ -51777,10 +52154,10 @@ imul eax, dword [ebp - 0x64], 0x24 add eax, dword [ebp - 0xcc] add eax, dword [ebp - 0x4c] cmp dword [esi + eax*4], edx -jbe short loc_fffc64ab ; jbe 0xfffc64ab +jbe short loc_fffc6b08 ; jbe 0xfffc6b08 mov dword [esi + eax*4], edx -loc_fffc64ab: ; not directly referenced +loc_fffc6b08: ; not directly referenced mov eax, dword [ebp - 0x60] mov edx, ebx xor ecx, ecx @@ -51790,26 +52167,26 @@ mov eax, dword [eax] mov byte [ebp + ebx - 0x3a], al mov byte [ebp + ebx - 0x3c], al mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc64cc: ; not directly referenced +loc_fffc6b29: ; not directly referenced inc ebx add dword [ebp - 0x60], 0x48 add dword [ebp - 0x50], 0x13c3 cmp ebx, 2 -jne loc_fffc6267 ; jne 0xfffc6267 +jne loc_fffc68c4 ; jne 0xfffc68c4 cmp dword [ebp - 0x74], 0 -jne short loc_fffc64f9 ; jne 0xfffc64f9 +jne short loc_fffc6b56 ; jne 0xfffc6b56 -loc_fffc64e7: ; not directly referenced +loc_fffc6b44: ; not directly referenced mov eax, dword [ebp - 0x4c] lea eax, [eax + eax - 1] mov dword [ebp - 0xd8], eax -jmp near loc_fffc66b2 ; jmp 0xfffc66b2 +jmp near loc_fffc6d0f ; jmp 0xfffc6d0f -loc_fffc64f9: ; not directly referenced +loc_fffc6b56: ; not directly referenced test byte [ebp - 0x70], 1 -je short loc_fffc652a ; je 0xfffc652a +je short loc_fffc6b87 ; je 0xfffc6b87 movzx eax, byte [ebp - 0x58] imul edx, dword [ebp - 0x64], 0x24 mov esi, dword [ebp - 0x54] @@ -51824,9 +52201,9 @@ mov eax, dword [esi + eax*4] mov byte [ebp - 0x3a], al mov byte [ebp - 0x3c], al -loc_fffc652a: ; not directly referenced +loc_fffc6b87: ; not directly referenced cmp dword [ebp - 0xa0], 0 -je short loc_fffc64e7 ; je 0xfffc64e7 +je short loc_fffc6b44 ; je 0xfffc6b44 movzx eax, byte [ebp - 0x58] imul edx, dword [ebp - 0x64], 0x24 mov esi, dword [ebp - 0x54] @@ -51840,11 +52217,11 @@ mov dword [ebx + ecx + 0x48], edx mov eax, dword [esi + eax*4] mov byte [ebp - 0x39], al mov byte [ebp - 0x3b], al -jmp short loc_fffc64e7 ; jmp 0xfffc64e7 +jmp short loc_fffc6b44 ; jmp 0xfffc6b44 -loc_fffc6561: ; not directly referenced +loc_fffc6bbe: ; not directly referenced cmp byte [ebp - 0x6d], 0xc -jne loc_fffc67ac ; jne 0xfffc67ac +jne loc_fffc6e09 ; jne 0xfffc6e09 mov eax, dword [ebp - 0x60] cmp byte [ebp - 0x6e], 0 mov al, byte [eax + 0xc4] @@ -51853,12 +52230,12 @@ cmp dword [ebp + 0x1c], 0 mov byte [ebp - 0x78], al setne al test dl, al -jne loc_fffc66fa ; jne 0xfffc66fa +jne loc_fffc6d57 ; jne 0xfffc6d57 -loc_fffc658d: ; not directly referenced +loc_fffc6bea: ; not directly referenced cmp dword [ebp - 0x88], 0 movzx ecx, byte [ebp - 0x78] -jne loc_fffc6795 ; jne 0xfffc6795 +jne loc_fffc6df2 ; jne 0xfffc6df2 push esi push 0 push dword [ebp - 0x50] @@ -51867,32 +52244,32 @@ push ecx push 0 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffc65b3: ; not directly referenced +loc_fffc6c10: ; not directly referenced inc ebx add dword [ebp - 0x60], 0x13c3 cmp ebx, 2 -je loc_fffc6648 ; je 0xfffc6648 +je loc_fffc6ca5 ; je 0xfffc6ca5 -loc_fffc65c4: ; not directly referenced +loc_fffc6c21: ; not directly referenced mov eax, dword [ebp - 0x6c] bt eax, ebx -jae short loc_fffc65b3 ; jae 0xfffc65b3 +jae short loc_fffc6c10 ; jae 0xfffc6c10 imul eax, ebx, 0x48 mov ecx, dword [ebp - 0x90] mov esi, dword [ebp - 0xd8] imul esi, dword [ecx + eax] cmp byte [ebp - 0x6d], 0xd mov dword [ebp - 0x50], esi -jne loc_fffc6561 ; jne 0xfffc6561 +jne loc_fffc6bbe ; jne 0xfffc6bbe cmp byte [ebp - 0x6e], 0 setne dl cmp dword [ebp + 0x1c], 0 setne al test dl, al -je short loc_fffc661e ; je 0xfffc661e +je short loc_fffc6c7b ; je 0xfffc6c7b push 0 push 0 push 0 @@ -51901,13 +52278,13 @@ push 0 push 0 push 2 push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x14 push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -loc_fffc661e: ; not directly referenced +loc_fffc6c7b: ; not directly referenced push 0 push 0 push 0 @@ -51916,19 +52293,19 @@ push dword [ebp - 0x50] push 0 push 2 push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x20 cmp dword [ebp + 0x1c], 0 -jne short loc_fffc6648 ; jne 0xfffc6648 +jne short loc_fffc6ca5 ; jne 0xfffc6ca5 sub esp, 0xc push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -loc_fffc6648: ; not directly referenced +loc_fffc6ca5: ; not directly referenced push eax xor eax, eax -movzx ecx, byte [edi + 0x248b] +movzx ecx, byte [edi + 0x248c] cmp dword [ebp - 0x80], 0 mov edx, dword [ebp - 0x6c] push 0 @@ -51937,70 +52314,70 @@ push eax lea eax, [ebp - 0x24] push eax mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 mov byte [ebp - 0x6e], al movzx eax, al or dword [ebp - 0xb0], eax cmp byte [ebp - 0xb1], 0 -jne loc_fffc689e ; jne 0xfffc689e +jne loc_fffc6efb ; jne 0xfffc6efb movzx eax, byte [ebp - 0xa1] dec eax cmp dword [ebp - 0x80], eax -jae loc_fffc689e ; jae 0xfffc689e +jae loc_fffc6efb ; jae 0xfffc6efb movzx eax, byte [ebp - 0x70] cmp dword [ebp - 0xb0], eax -jne loc_fffc689e ; jne 0xfffc689e +jne loc_fffc6efb ; jne 0xfffc6efb -loc_fffc66a7: ; not directly referenced +loc_fffc6d04: ; not directly referenced cmp word [ebp - 0x28], 0 -jne loc_fffc6c97 ; jne 0xfffc6c97 +jne loc_fffc72f4 ; jne 0xfffc72f4 -loc_fffc66b2: ; not directly referenced +loc_fffc6d0f: ; not directly referenced mov ecx, 4 mov edx, 0x4800 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov dword [ebp - 0xb0], 0 mov dword [ebp - 0x80], 0 -loc_fffc66d4: ; not directly referenced +loc_fffc6d31: ; not directly referenced movzx eax, byte [ebp - 0xa1] cmp dword [ebp - 0x80], eax -jae short loc_fffc66a7 ; jae 0xfffc66a7 +jae short loc_fffc6d04 ; jae 0xfffc6d04 mov eax, dword [ebp - 0xa8] xor ebx, ebx mov dword [ebp - 0x98], 0 mov dword [ebp - 0x60], eax -jmp near loc_fffc65c4 ; jmp 0xfffc65c4 +jmp near loc_fffc6c21 ; jmp 0xfffc6c21 -loc_fffc66fa: ; not directly referenced +loc_fffc6d57: ; not directly referenced cmp dword [ebp - 0x98], 0 -jne loc_fffc658d ; jne 0xfffc658d +jne loc_fffc6bea ; jne 0xfffc6bea cmp dword [ebp - 0x8c], 0 -jne short loc_fffc672b ; jne 0xfffc672b +jne short loc_fffc6d88 ; jne 0xfffc6d88 -loc_fffc6710: ; not directly referenced +loc_fffc6d6d: ; not directly referenced sub esp, 0xc push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 mov dword [ebp - 0x98], 1 -jmp near loc_fffc658d ; jmp 0xfffc658d +jmp near loc_fffc6bea ; jmp 0xfffc6bea -loc_fffc672b: ; not directly referenced +loc_fffc6d88: ; not directly referenced movzx eax, byte [ebp - 0x6e] xor esi, esi mov dword [ebp - 0xcc], eax movzx eax, byte [ebp - 0x78] mov dword [ebp - 0x98], eax -loc_fffc6741: ; not directly referenced +loc_fffc6d9e: ; not directly referenced mov eax, dword [ebp - 0xcc] bt eax, esi -jae short loc_fffc678a ; jae 0xfffc678a +jae short loc_fffc6de7 ; jae 0xfffc6de7 cmp dword [ebp - 0x88], 0 -jne short loc_fffc6770 ; jne 0xfffc6770 +jne short loc_fffc6dcd ; jne 0xfffc6dcd push eax push 0 push 0 @@ -52009,11 +52386,11 @@ push dword [ebp - 0x98] push 0 push esi push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -jmp short loc_fffc678a ; jmp 0xfffc678a +jmp short loc_fffc6de7 ; jmp 0xfffc6de7 -loc_fffc6770: ; not directly referenced +loc_fffc6dcd: ; not directly referenced push 0 mov ecx, dword [ebp - 0x98] mov edx, ebx @@ -52021,26 +52398,26 @@ push 0 mov eax, edi push 0 push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -loc_fffc678a: ; not directly referenced +loc_fffc6de7: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffc6741 ; jne 0xfffc6741 -jmp near loc_fffc6710 ; jmp 0xfffc6710 +jne short loc_fffc6d9e ; jne 0xfffc6d9e +jmp near loc_fffc6d6d ; jmp 0xfffc6d6d -loc_fffc6795: ; not directly referenced +loc_fffc6df2: ; not directly referenced push 0 mov edx, ebx push 0 mov eax, edi push dword [ebp - 0x50] push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -jmp near loc_fffc6844 ; jmp 0xfffc6844 +call fcn_fffac68e ; call 0xfffac68e +jmp near loc_fffc6ea1 ; jmp 0xfffc6ea1 -loc_fffc67ac: ; not directly referenced +loc_fffc6e09: ; not directly referenced mov eax, dword [ebp - 0x6c] lea ecx, [ebx + 1] sar eax, cl @@ -52049,12 +52426,12 @@ mov dword [ebp - 0x78], eax cmp cl, 5 sete al test byte [ebp - 0xa2], al -jne short loc_fffc67d2 ; jne 0xfffc67d2 +jne short loc_fffc6e2f ; jne 0xfffc6e2f xor edx, edx movzx esi, cl -jmp near loc_fffc6891 ; jmp 0xfffc6891 +jmp near loc_fffc6eee ; jmp 0xfffc6eee -loc_fffc67d2: ; not directly referenced +loc_fffc6e2f: ; not directly referenced imul edx, dword [ebp - 0xe0], 0x18 imul eax, dword [ebp - 0xac], 0x128 mov esi, dword [ebp - 0x60] @@ -52070,7 +52447,7 @@ movzx eax, ax push eax mov eax, edi push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb push dword [ebp - 0x78] push 1 push 0xff @@ -52079,7 +52456,7 @@ push dword [ebp - 0x50] push 0 push ebx push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 mov ax, word [esi + 0xb] add esp, 0x28 mov ecx, dword [ebp - 0x68] @@ -52088,14 +52465,14 @@ and eax, 0xffef push eax mov eax, edi push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov dword [ebp - 0x84], eax -loc_fffc6844: ; not directly referenced +loc_fffc6ea1: ; not directly referenced add esp, 0x10 -jmp near loc_fffc65b3 ; jmp 0xfffc65b3 +jmp near loc_fffc6c10 ; jmp 0xfffc6c10 -loc_fffc684c: ; not directly referenced +loc_fffc6ea9: ; not directly referenced push 1 movzx eax, dl push dword [ebp - 0x78] @@ -52110,44 +52487,44 @@ push dword [ebp - 0x80] push dword [ebp - 0x50] push esi push edi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 cmp dword [ebp - 0x9c], 0 mov dword [ebp - 0x84], eax -jne loc_fffc65b3 ; jne 0xfffc65b3 +jne loc_fffc6c10 ; jne 0xfffc6c10 mov edx, dword [ebp - 0xcc] inc edx -loc_fffc6891: ; not directly referenced -cmp dl, byte [edi + 0x2488] -jb short loc_fffc684c ; jb 0xfffc684c -jmp near loc_fffc65b3 ; jmp 0xfffc65b3 +loc_fffc6eee: ; not directly referenced +cmp dl, byte [edi + 0x2489] +jb short loc_fffc6ea9 ; jb 0xfffc6ea9 +jmp near loc_fffc6c10 ; jmp 0xfffc6c10 -loc_fffc689e: ; not directly referenced +loc_fffc6efb: ; not directly referenced mov eax, dword [ebp - 0x90] xor ebx, ebx mov dword [ebp - 0x98], eax -jmp short loc_fffc68c6 ; jmp 0xfffc68c6 +jmp short loc_fffc6f23 ; jmp 0xfffc6f23 -loc_fffc68ae: ; not directly referenced +loc_fffc6f0b: ; not directly referenced cmp byte [ebp + ebx - 0x40], 1 -jne short loc_fffc68d0 ; jne 0xfffc68d0 +jne short loc_fffc6f2d ; jne 0xfffc6f2d -loc_fffc68b5: ; not directly referenced +loc_fffc6f12: ; not directly referenced inc ebx add dword [ebp - 0x98], 0x48 cmp ebx, 2 -je loc_fffc6bb5 ; je 0xfffc6bb5 +je loc_fffc7212 ; je 0xfffc7212 -loc_fffc68c6: ; not directly referenced +loc_fffc6f23: ; not directly referenced cmp word [ebp + ebx*2 - 0x28], 1 mov al, bl -je short loc_fffc68ae ; je 0xfffc68ae +je short loc_fffc6f0b ; je 0xfffc6f0b -loc_fffc68d0: ; not directly referenced +loc_fffc6f2d: ; not directly referenced mov esi, dword [ebp - 0x6c] bt esi, ebx -jae short loc_fffc68b5 ; jae 0xfffc68b5 +jae short loc_fffc6f12 ; jae 0xfffc6f12 xor esi, esi mov edx, ebx cmp dword [ebp - 0x74], 0 @@ -52157,7 +52534,7 @@ shl edx, 0xa add edx, 0x4114 mov byte [ebp - 0x58], al mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov esi, dword [ebp - 0x98] mov dl, byte [ebp + ebx - 0x3e] mov esi, dword [esi] @@ -52168,90 +52545,90 @@ mov dword [ebp - 0x78], eax movzx eax, byte [ebp - 0x58] mov dword [ebp - 0x50], esi mov byte [ebp - 0x60], cl -jne loc_fffc69cb ; jne 0xfffc69cb +jne loc_fffc7028 ; jne 0xfffc7028 mov cl, byte [ebp - 0x50] cmp cl, byte [ebp + eax - 0x3c] -jne short loc_fffc698c ; jne 0xfffc698c +jne short loc_fffc6fe9 ; jne 0xfffc6fe9 cmp byte [ebp - 0x60], 0 -jns short loc_fffc6951 ; jns 0xfffc6951 +jns short loc_fffc6fae ; jns 0xfffc6fae cmp byte [ebp + eax - 0x3a], cl -jne short loc_fffc6941 ; jne 0xfffc6941 +jne short loc_fffc6f9e ; jne 0xfffc6f9e -loc_fffc6935: ; not directly referenced +loc_fffc6f92: ; not directly referenced mov al, byte [ebp - 0x50] mov byte [ebp + ebx - 0x3e], al -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc6941: ; not directly referenced +loc_fffc6f9e: ; not directly referenced mov dword [ebp - 0x2c], 1 -loc_fffc6948: ; not directly referenced +loc_fffc6fa5: ; not directly referenced mov eax, dword [ebp - 0x2c] test eax, eax -jne short loc_fffc6948 ; jne 0xfffc6948 -jmp short loc_fffc6935 ; jmp 0xfffc6935 +jne short loc_fffc6fa5 ; jne 0xfffc6fa5 +jmp short loc_fffc6f92 ; jmp 0xfffc6f92 -loc_fffc6951: ; not directly referenced +loc_fffc6fae: ; not directly referenced cmp byte [ebp - 0x60], 1 -jne short loc_fffc696d ; jne 0xfffc696d +jne short loc_fffc6fca ; jne 0xfffc6fca mov eax, dword [ebp + ebx*4 - 0x20] shr eax, 8 xor ah, ah mov dword [ebp + ebx*4 - 0x20], eax mov al, byte [ebp - 0x50] mov byte [ebx + ebp - 0x3e], al -jmp short loc_fffc69b3 ; jmp 0xfffc69b3 +jmp short loc_fffc7010 ; jmp 0xfffc7010 -loc_fffc696d: ; not directly referenced +loc_fffc6fca: ; not directly referenced xor eax, eax cmp byte [ebp - 0x60], 2 -je loc_fffc6a1d ; je 0xfffc6a1d +je loc_fffc707a ; je 0xfffc707a mov dword [ebp - 0x30], 1 -loc_fffc6980: ; not directly referenced +loc_fffc6fdd: ; not directly referenced mov eax, dword [ebp - 0x30] test eax, eax -jne short loc_fffc6980 ; jne 0xfffc6980 -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 +jne short loc_fffc6fdd ; jne 0xfffc6fdd +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc698c: ; not directly referenced +loc_fffc6fe9: ; not directly referenced mov cl, byte [ebp - 0x50] cmp cl, byte [ebp + eax - 0x3a] -jne loc_fffc6b0b ; jne 0xfffc6b0b +jne loc_fffc7168 ; jne 0xfffc7168 cmp word [ebp + ebx*2 - 0x28], 1 -je loc_fffc68b5 ; je 0xfffc68b5 +je loc_fffc6f12 ; je 0xfffc6f12 cmp byte [ebp - 0x60], 0xff -jne short loc_fffc69bf ; jne 0xfffc69bf +jne short loc_fffc701c ; jne 0xfffc701c and dword [ebp + ebx*4 - 0x20], 0xffffff00 -loc_fffc69b3: ; not directly referenced +loc_fffc7010: ; not directly referenced mov word [ebp + ebx*2 - 0x28], 1 -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc69bf: ; not directly referenced +loc_fffc701c: ; not directly referenced mov al, byte [ebp - 0x50] mov byte [ebx + ebp - 0x3e], al -jmp near loc_fffc6b02 ; jmp 0xfffc6b02 +jmp near loc_fffc715f ; jmp 0xfffc715f -loc_fffc69cb: ; not directly referenced +loc_fffc7028: ; not directly referenced mov cl, byte [ebp + eax - 0x3c] mov byte [ebp - 0xcc], cl cmp byte [ebp - 0x50], cl -jne short loc_fffc6a3f ; jne 0xfffc6a3f +jne short loc_fffc709c ; jne 0xfffc709c cmp byte [ebp - 0x60], 2 -jle short loc_fffc69f3 ; jle 0xfffc69f3 +jle short loc_fffc7050 ; jle 0xfffc7050 mov dword [ebp - 0x34], 1 -loc_fffc69e7: ; not directly referenced +loc_fffc7044: ; not directly referenced mov eax, dword [ebp - 0x34] test eax, eax -jne short loc_fffc69e7 ; jne 0xfffc69e7 -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 +jne short loc_fffc7044 ; jne 0xfffc7044 +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc69f3: ; not directly referenced +loc_fffc7050: ; not directly referenced mov eax, dword [ebp - 0x78] -je short loc_fffc6a1d ; je 0xfffc6a1d -call fcn_fffaebf8 ; call 0xfffaebf8 +je short loc_fffc707a ; je 0xfffc707a +call fcn_fffb392f ; call 0xfffb392f mov edx, dword [ebp + ebx*4 - 0x20] mov byte [ebp + ebx - 0x40], 0 and edx, 0xff00ffff @@ -52259,30 +52636,30 @@ movzx eax, al shl eax, 0x10 or eax, edx mov dword [ebp + ebx*4 - 0x20], eax -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc6a1d: ; not directly referenced -call fcn_fffaebf8 ; call 0xfffaebf8 +loc_fffc707a: ; not directly referenced +call fcn_fffb392f ; call 0xfffb392f mov edx, dword [ebp + ebx*4 - 0x20] mov byte [ebp + ebx - 0x40], 1 and edx, 0xffffff shl eax, 0x18 or eax, edx mov dword [ebp + ebx*4 - 0x20], eax -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc6a3f: ; not directly referenced +loc_fffc709c: ; not directly referenced mov cl, byte [ebp - 0x50] cmp cl, byte [ebp + eax - 0x3a] -jne loc_fffc6b0b ; jne 0xfffc6b0b +jne loc_fffc7168 ; jne 0xfffc7168 inc dl -je short loc_fffc6ac9 ; je 0xfffc6ac9 +je short loc_fffc7126 ; je 0xfffc7126 cmp byte [ebp - 0x60], 0 -jg short loc_fffc6ac9 ; jg 0xfffc6ac9 +jg short loc_fffc7126 ; jg 0xfffc7126 movsx eax, byte [ebp - 0x60] mov esi, eax mov eax, dword [ebp - 0x78] -call fcn_fffaebf8 ; call 0xfffaebf8 +call fcn_fffb392f ; call 0xfffb392f mov ecx, dword [ebp + ebx*4 - 0x20] mov edx, 1 sub edx, esi @@ -52293,7 +52670,7 @@ mov dword [ebp - 0xd0], eax mov eax, esi xor esi, esi cmp cl, 0x3e -ja short loc_fffc6abb ; ja 0xfffc6abb +ja short loc_fffc7118 ; ja 0xfffc7118 mov esi, eax mov eax, 0xff lea ecx, [esi*8 + 8] @@ -52305,25 +52682,25 @@ shl esi, cl mov cl, dl or esi, eax test dl, dl -jle short loc_fffc6ab7 ; jle 0xfffc6ab7 +jle short loc_fffc7114 ; jle 0xfffc7114 shl esi, cl -jmp short loc_fffc6abb ; jmp 0xfffc6abb +jmp short loc_fffc7118 ; jmp 0xfffc7118 -loc_fffc6ab7: ; not directly referenced +loc_fffc7114: ; not directly referenced neg ecx shr esi, cl -loc_fffc6abb: ; not directly referenced +loc_fffc7118: ; not directly referenced mov al, byte [ebp - 0x50] mov dword [ebp + ebx*4 - 0x20], esi dec eax mov byte [ebp + ebx - 0x3e], al -jmp short loc_fffc6aec ; jmp 0xfffc6aec +jmp short loc_fffc7149 ; jmp 0xfffc7149 -loc_fffc6ac9: ; not directly referenced +loc_fffc7126: ; not directly referenced mov eax, dword [ebp - 0x78] mov esi, dword [ebp + ebx*4 - 0x20] -call fcn_fffaebf8 ; call 0xfffaebf8 +call fcn_fffb392f ; call 0xfffb392f movzx edx, si and esi, 0xff0000 shr esi, 8 @@ -52332,96 +52709,96 @@ shl esi, 0x10 or esi, edx mov dword [ebp + ebx*4 - 0x20], esi -loc_fffc6aec: ; not directly referenced +loc_fffc7149: ; not directly referenced mov al, byte [ebp - 0xcc] cmp byte [ebp - 0x50], al -jae short loc_fffc6afc ; jae 0xfffc6afc +jae short loc_fffc7159 ; jae 0xfffc7159 mov byte [ebp + ebx - 0x40], 1 -loc_fffc6afc: ; not directly referenced +loc_fffc7159: ; not directly referenced cmp byte [ebp - 0x60], 0 -jg short loc_fffc6b19 ; jg 0xfffc6b19 +jg short loc_fffc7176 ; jg 0xfffc7176 -loc_fffc6b02: ; not directly referenced +loc_fffc715f: ; not directly referenced mov word [ebp + ebx*2 - 0x28], 0 -jmp short loc_fffc6b19 ; jmp 0xfffc6b19 +jmp short loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc6b0b: ; not directly referenced +loc_fffc7168: ; not directly referenced mov dword [ebp - 0x38], 1 -loc_fffc6b12: ; not directly referenced +loc_fffc716f: ; not directly referenced mov eax, dword [ebp - 0x38] test eax, eax -jne short loc_fffc6b12 ; jne 0xfffc6b12 +jne short loc_fffc716f ; jne 0xfffc716f -loc_fffc6b19: ; not directly referenced +loc_fffc7176: ; not directly referenced mov al, byte [ebp + ebx - 0x42] cmp byte [ebp - 0x50], al -jne short loc_fffc6b27 ; jne 0xfffc6b27 +jne short loc_fffc7184 ; jne 0xfffc7184 mov byte [ebp + ebx - 0x40], 1 -loc_fffc6b27: ; not directly referenced +loc_fffc7184: ; not directly referenced cmp dword [ebp - 0x78], 0 -jne short loc_fffc6b42 ; jne 0xfffc6b42 +jne short loc_fffc719f ; jne 0xfffc719f cmp al, byte [ebp + ebx - 0x3e] -jne short loc_fffc6b42 ; jne 0xfffc6b42 +jne short loc_fffc719f ; jne 0xfffc719f cmp word [ebp + ebx*2 - 0x28], 1 -jne short loc_fffc6b42 ; jne 0xfffc6b42 +jne short loc_fffc719f ; jne 0xfffc719f mov word [ebp + ebx*4 - 0x1e], 0xfffe -loc_fffc6b42: ; not directly referenced +loc_fffc719f: ; not directly referenced cmp byte [ebp - 0x50], 0 -jne short loc_fffc6b66 ; jne 0xfffc6b66 +jne short loc_fffc71c3 ; jne 0xfffc71c3 cmp dword [ebp - 0x78], 0 mov word [ebp + ebx*2 - 0x28], 1 -je short loc_fffc6b66 ; je 0xfffc6b66 +je short loc_fffc71c3 ; je 0xfffc71c3 mov byte [ebp + ebx - 0x40], 1 mov byte [ebp + ebx - 0x3e], 0 mov word [ebp + ebx*4 - 0x1e], 0x707 -loc_fffc6b66: ; not directly referenced +loc_fffc71c3: ; not directly referenced cmp dword [ebp - 0x74], 0 -jne loc_fffc68b5 ; jne 0xfffc68b5 +jne loc_fffc6f12 ; jne 0xfffc6f12 cmp word [ebp + ebx*2 - 0x28], 1 -jne short loc_fffc6b9c ; jne 0xfffc6b9c +jne short loc_fffc71f9 ; jne 0xfffc71f9 cmp byte [ebp + ebx - 0x40], 1 -je loc_fffc68b5 ; je 0xfffc68b5 +je loc_fffc6f12 ; je 0xfffc6f12 mov al, byte [ebp + ebx - 0x3c] mov esi, dword [ebp - 0x98] inc eax mov byte [ebp + ebx - 0x3c], al movzx eax, al mov dword [esi], eax -jmp near loc_fffc68b5 ; jmp 0xfffc68b5 +jmp near loc_fffc6f12 ; jmp 0xfffc6f12 -loc_fffc6b9c: ; not directly referenced +loc_fffc71f9: ; not directly referenced mov al, byte [ebp + ebx - 0x3a] mov ecx, dword [ebp - 0x98] dec eax mov byte [ebp + ebx - 0x3a], al movzx eax, al mov dword [ecx], eax -jmp near loc_fffc68b5 ; jmp 0xfffc68b5 +jmp near loc_fffc6f12 ; jmp 0xfffc6f12 -loc_fffc6bb5: ; not directly referenced +loc_fffc7212: ; not directly referenced cmp dword [ebp - 0x74], 0 -je loc_fffc6c8f ; je 0xfffc6c8f +je loc_fffc72ec ; je 0xfffc72ec cmp word [ebp - 0x28], 1 -jne loc_fffc6c7b ; jne 0xfffc6c7b +jne loc_fffc72d8 ; jne 0xfffc72d8 cmp word [ebp - 0x26], 1 -jne loc_fffc6c7b ; jne 0xfffc6c7b +jne loc_fffc72d8 ; jne 0xfffc72d8 cmp byte [ebp - 0x40], 1 -jne short loc_fffc6be5 ; jne 0xfffc6be5 +jne short loc_fffc7242 ; jne 0xfffc7242 cmp byte [ebp - 0x3f], 1 -je loc_fffc6c8f ; je 0xfffc6c8f +je loc_fffc72ec ; je 0xfffc72ec -loc_fffc6be5: ; not directly referenced +loc_fffc7242: ; not directly referenced movzx eax, byte [ebp - 0x58] mov bl, byte [ebp + eax - 0x3c] lea edx, [ebx + 1] mov byte [ebp + eax - 0x3c], dl -loc_fffc6bf4: ; not directly referenced +loc_fffc7251: ; not directly referenced imul ecx, dword [ebp - 0x64], 0x24 movzx edx, dl imul eax, eax, 0x12 @@ -52430,7 +52807,7 @@ add eax, ecx add eax, dword [ebp - 0x4c] mov dword [ebx + eax*4], edx test byte [ebp - 0x70], 1 -je short loc_fffc6c3f ; je 0xfffc6c3f +je short loc_fffc729c ; je 0xfffc729c movzx eax, byte [ebp - 0x58] imul ecx, dword [ebp - 0x64], 0x24 mov ebx, dword [ebp - 0x54] @@ -52446,9 +52823,9 @@ mov al, byte [ebp + eax - 0x3c] mov byte [ebp - 0x3a], dl mov byte [ebp - 0x3c], al -loc_fffc6c3f: ; not directly referenced +loc_fffc729c: ; not directly referenced cmp dword [ebp - 0xa0], 0 -je short loc_fffc6c8f ; je 0xfffc6c8f +je short loc_fffc72ec ; je 0xfffc72ec movzx eax, byte [ebp - 0x58] imul ecx, dword [ebp - 0x64], 0x24 mov ebx, dword [ebp - 0x94] @@ -52463,34 +52840,34 @@ mov dl, byte [ebp + eax - 0x3a] mov al, byte [ebp + eax - 0x3c] mov byte [ebp - 0x39], dl mov byte [ebp - 0x3b], al -jmp short loc_fffc6c8f ; jmp 0xfffc6c8f +jmp short loc_fffc72ec ; jmp 0xfffc72ec -loc_fffc6c7b: ; not directly referenced +loc_fffc72d8: ; not directly referenced movzx eax, byte [ebp - 0x58] mov bl, byte [ebp + eax - 0x3a] lea edx, [ebx - 1] mov byte [ebp + eax - 0x3a], dl -jmp near loc_fffc6bf4 ; jmp 0xfffc6bf4 +jmp near loc_fffc7251 ; jmp 0xfffc7251 -loc_fffc6c8f: ; not directly referenced +loc_fffc72ec: ; not directly referenced inc dword [ebp - 0x80] -jmp near loc_fffc66d4 ; jmp 0xfffc66d4 +jmp near loc_fffc6d31 ; jmp 0xfffc6d31 -loc_fffc6c97: ; not directly referenced +loc_fffc72f4: ; not directly referenced cmp byte [ebp - 0x40], 0 -je loc_fffc66b2 ; je 0xfffc66b2 +je loc_fffc6d0f ; je 0xfffc6d0f cmp word [ebp - 0x26], 0 -je loc_fffc66b2 ; je 0xfffc66b2 +je loc_fffc6d0f ; je 0xfffc6d0f cmp byte [ebp - 0x3f], 0 -je loc_fffc66b2 ; je 0xfffc66b2 +je loc_fffc6d0f ; je 0xfffc6d0f xor ebx, ebx -loc_fffc6cb8: ; not directly referenced +loc_fffc7315: ; not directly referenced mov eax, dword [ebp - 0x6c] bt eax, ebx -jae short loc_fffc6d0d ; jae 0xfffc6d0d +jae short loc_fffc736a ; jae 0xfffc736a cmp byte [ebp - 0xb1], 0 -je short loc_fffc6cf9 ; je 0xfffc6cf9 +je short loc_fffc7356 ; je 0xfffc7356 mov edx, dword [ebp + ebx*4 - 0x20] sub esp, 0xc movzx eax, byte [ebp + ebx - 0x3e] @@ -52499,30 +52876,30 @@ mov ecx, edx shr edx, 0x10 shr ecx, 0x18 movzx edx, dl -call fcn_fffaa348 ; call 0xfffaa348 +call fcn_fffac986 ; call 0xfffac986 imul edx, ebx, 0x48 mov ecx, dword [ebp - 0x90] add esp, 0x10 mov dword [ecx + edx], eax -jmp short loc_fffc6d0d ; jmp 0xfffc6d0d +jmp short loc_fffc736a ; jmp 0xfffc736a -loc_fffc6cf9: ; not directly referenced +loc_fffc7356: ; not directly referenced movzx edx, byte [ebp + ebx - 0x3e] imul eax, ebx, 0x48 mov esi, dword [ebp - 0x90] imul edx, edx, 0xa mov dword [esi + eax], edx -loc_fffc6d0d: ; not directly referenced +loc_fffc736a: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffc6cb8 ; jne 0xfffc6cb8 +jne short loc_fffc7315 ; jne 0xfffc7315 inc dword [ebp - 0x4c] add dword [ebp - 0x7c], 4 cmp dword [ebp - 0x4c], 2 -jne loc_fffc61f5 ; jne 0xfffc61f5 +jne loc_fffc6852 ; jne 0xfffc6852 cmp byte [ebp - 0x5c], 0xd -jne short loc_fffc6d46 ; jne 0xfffc6d46 +jne short loc_fffc73a3 ; jne 0xfffc73a3 push 0 push 0 push 0 @@ -52531,20 +52908,20 @@ push 0 push 0 push 2 push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x20 -jmp near loc_fffc6e84 ; jmp 0xfffc6e84 +jmp near loc_fffc74e1 ; jmp 0xfffc74e1 -loc_fffc6d46: ; not directly referenced +loc_fffc73a3: ; not directly referenced cmp byte [ebp - 0x5c], 0xc -jne short loc_fffc6d9a ; jne 0xfffc6d9a +jne short loc_fffc73f7 ; jne 0xfffc73f7 xor ebx, ebx -loc_fffc6d4e: ; not directly referenced +loc_fffc73ab: ; not directly referenced imul eax, ebx, 0x13c3 cmp dword [ebp - 0x88], 0 -movzx ecx, byte [edi + eax + 0x381a] -jne short loc_fffc6d7b ; jne 0xfffc6d7b +movzx ecx, byte [edi + eax + 0x381b] +jne short loc_fffc73d8 ; jne 0xfffc73d8 push esi push 0 push 0 @@ -52553,31 +52930,31 @@ push ecx push 0 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -jmp short loc_fffc6d8f ; jmp 0xfffc6d8f +jmp short loc_fffc73ec ; jmp 0xfffc73ec -loc_fffc6d7b: ; not directly referenced +loc_fffc73d8: ; not directly referenced push 0 mov edx, ebx push 0 mov eax, edi push 0 push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -loc_fffc6d8f: ; not directly referenced +loc_fffc73ec: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffc6d4e ; jne 0xfffc6d4e -jmp near loc_fffc6e84 ; jmp 0xfffc6e84 +jne short loc_fffc73ab ; jne 0xfffc73ab +jmp near loc_fffc74e1 ; jmp 0xfffc74e1 -loc_fffc6d9a: ; not directly referenced +loc_fffc73f7: ; not directly referenced cmp byte [ebp - 0x5c], 5 sete al test byte [ebp - 0xa2], al -je loc_fffc6e5c ; je 0xfffc6e5c +je loc_fffc74b9 ; je 0xfffc74b9 mov edx, dword [ebp - 0xc8] xor ebx, ebx mov eax, dword [ebp - 0xa8] @@ -52588,7 +52965,7 @@ imul eax, dword [ebp - 0xac], 0x128 add eax, edx mov dword [ebp - 0x58], eax -loc_fffc6dd3: ; not directly referenced +loc_fffc7430: ; not directly referenced mov esi, dword [ebp - 0x6c] lea eax, [ebx + 1] mov cl, al @@ -52608,7 +52985,7 @@ movzx eax, ax push eax mov eax, edi push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb push dword [ebp - 0x54] push 1 push 0xff @@ -52617,7 +52994,7 @@ push 0 push 0 push ebx push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 mov ax, word [esi + 0xb] add esp, 0x28 mov ecx, dword [ebp - 0x68] @@ -52626,16 +53003,16 @@ and eax, 0xffef push eax mov eax, edi push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov ebx, dword [ebp - 0x50] add esp, 0x10 add dword [ebp - 0x4c], 0x13c3 mov dword [ebp - 0x84], eax cmp ebx, 2 -jne loc_fffc6dd3 ; jne 0xfffc6dd3 -jmp short loc_fffc6e84 ; jmp 0xfffc6e84 +jne loc_fffc7430 ; jne 0xfffc7430 +jmp short loc_fffc74e1 ; jmp 0xfffc74e1 -loc_fffc6e5c: ; not directly referenced +loc_fffc74b9: ; not directly referenced push 2 movzx eax, byte [ebp - 0x5c] push 0 @@ -52649,18 +53026,1636 @@ push 0 push 0 push eax push edi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 mov dword [ebp - 0x84], eax -loc_fffc6e84: ; not directly referenced +loc_fffc74e1: ; not directly referenced mov eax, edi xor ecx, ecx mov edx, 0x4cf0 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp - 0x84] -loc_fffc6e98: ; not directly referenced +loc_fffc74f5: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc74fd: ; not directly referenced +push ebp +mov eax, 0x80000002 +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 0x20] +mov ecx, dword [ebp + 0x10] +mov esi, dword [ebp + 0x14] +mov edi, dword [ebp + 0x18] +test ebx, ebx +je loc_fffc75d3 ; je 0xfffc75d3 +cmp ecx, 0xb +ja loc_fffc75d3 ; ja 0xfffc75d3 +push eax +mov edx, ecx +push dword [ebp + 0x1c] +mov eax, 1 +mov dword [ebp - 0x1c], ecx +push edi +push esi +call fcn_fffb05d3 ; call 0xfffb05d3 +add esp, 0x10 +mov ecx, dword [ebp - 0x1c] +test eax, eax +js loc_fffc75d3 ; js 0xfffc75d3 +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x1e], al +mov eax, ecx +and eax, 3 +mov dword [ebp - 0x1c], eax +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] +dec eax +test ebx, eax +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] +sete byte [ebp - 0x1d] +mov dword [ebp - 0x28], eax + +loc_fffc757b: ; not directly referenced +cmp dword [ebp + 0x1c], 0 +je short loc_fffc75d1 ; je 0xfffc75d1 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffc758d ; jne 0xfffc758d +mov dl, byte [ebx] +mov byte [esi], dl +jmp short loc_fffc75c0 ; jmp 0xfffc75c0 + +loc_fffc758d: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffc75a1 ; jne 0xfffc75a1 +movzx eax, word [ebx] +push edx +push edx +push eax +push esi +call fcn_fffb3fa0 ; call 0xfffb3fa0 +jmp short loc_fffc75b1 ; jmp 0xfffc75b1 + +loc_fffc75a1: ; not directly referenced +cmp dword [ebp - 0x1c], 2 +jne short loc_fffc75b6 ; jne 0xfffc75b6 +push eax +push eax +push dword [ebx] +push esi +call fcn_fffb3ffa ; call 0xfffb3ffa + +loc_fffc75b1: ; not directly referenced +add esp, 0x10 +jmp short loc_fffc75c0 ; jmp 0xfffc75c0 + +loc_fffc75b6: ; not directly referenced +mov eax, dword [ebx] +mov edx, dword [ebx + 4] +mov dword [esi], eax +mov dword [esi + 4], edx + +loc_fffc75c0: ; not directly referenced +movzx eax, byte [ebp - 0x1e] +add esi, dword [ebp - 0x28] +adc edi, dword [ebp - 0x24] +dec dword [ebp + 0x1c] +add ebx, eax +jmp short loc_fffc757b ; jmp 0xfffc757b + +loc_fffc75d1: ; not directly referenced +xor eax, eax + +loc_fffc75d3: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc75db: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +push ebx +mov ebx, ref_fffd5904 ; mov ebx, 0xfffd5904 +sub esp, 0x2c +mov eax, dword [ebp + 8] +mov dword [ebp - 0x28], ecx +mov byte [ebp - 0x21], cl +mov dword [ebp - 0x2c], edx +mov esi, dword [eax] +mov eax, dword [edi + 0x188b] +mov dword [ebp - 0x1c], eax + +loc_fffc7602: ; not directly referenced +mov al, byte [ebx + 4] +and eax, 1 +cmp eax, dword [ebp - 0x2c] +jne short loc_fffc765b ; jne 0xfffc765b +movzx eax, word [ebx] +mov dword [ebp - 0x20], eax +sub dword [ebp - 0x20], esi + +loc_fffc7616: ; not directly referenced +mov eax, dword [ebp - 0x20] +lea edx, [esi + eax] +movzx eax, word [ebx + 2] +cmp edx, eax +ja short loc_fffc765b ; ja 0xfffc765b +cmp dword [ebp - 0x1c], 0 +jne short loc_fffc7630 ; jne 0xfffc7630 +test byte [ebx + 4], 2 +jmp short loc_fffc763a ; jmp 0xfffc763a + +loc_fffc7630: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffc7656 ; jne 0xfffc7656 +test byte [ebx + 4], 4 + +loc_fffc763a: ; not directly referenced +je short loc_fffc7656 ; je 0xfffc7656 +cmp byte [ebp - 0x21], 1 +jne short loc_fffc764d ; jne 0xfffc764d +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov dword [esi], eax +jmp short loc_fffc7656 ; jmp 0xfffc7656 + +loc_fffc764d: ; not directly referenced +mov ecx, dword [esi] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffc7656: ; not directly referenced +add esi, 4 +jmp short loc_fffc7616 ; jmp 0xfffc7616 + +loc_fffc765b: ; not directly referenced +add ebx, 5 +cmp ebx, ref_fffd6138 ; cmp ebx, 0xfffd6138 +jne short loc_fffc7602 ; jne 0xfffc7602 +mov eax, dword [ebp + 8] +cmp byte [ebp - 0x28], 0 +mov dword [eax], esi +jne short loc_fffc768e ; jne 0xfffc768e +mov edx, 0x5f09 +mov eax, edi +mov ecx, 1 +call fcn_fffb335b ; call 0xfffb335b +mov edx, 0x96 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 + +loc_fffc768e: ; not directly referenced +add esp, 0x2c +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc7698: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov ecx, dword [eax + 0x5edd] +lea edx, [ecx + 0x1b8] +xor ecx, ecx +mov dword [ebp + 8], edx +mov edx, 1 +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db + +fcn_fffc76ba: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov edx, dword [eax + 0x5edd] +lea ecx, [eax + 0x1c] +mov byte [eax + 0x247d], 1 +add edx, 0x1b8 +mov dword [edx], ecx +xor ecx, ecx +mov dword [ebp + 8], edx +xor edx, edx +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db + +fcn_fffc76e5: ; not directly referenced +push ebp +mov ebp, esp +sub esp, 8 +mov eax, dword [ebp + 8] +mov edx, dword [eax + 0x5edd] +cmp byte [edx + 0x1c4], 1 +jne short loc_fffc7709 ; jne 0xfffc7709 +sub esp, 0xc +push eax +call fcn_fffc76ba ; call 0xfffc76ba +add esp, 0x10 + +loc_fffc7709: ; not directly referenced +xor eax, eax +leave +ret + +fcn_fffc770d: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov ecx, dword [eax + 0x5edd] +lea edx, [ecx + 0x1b8] +mov ecx, 1 +mov dword [ebp + 8], edx +mov edx, 1 +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db + +fcn_fffc7732: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov edx, dword [eax + 0x5edd] +lea ecx, [eax + 0x1c] +mov dword [edx + 0x1b8], ecx +add edx, 0x1b8 +mov ecx, 1 +mov dword [ebp + 8], edx +xor edx, edx +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db + +fcn_fffc775d: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2cc +mov edi, dword [ebp + 8] +mov dword [ebp - 0x268], 1 +mov eax, dword [edi + 0x5edd] +mov edx, dword [edi + 0x2481] +mov ecx, dword [edi + 0x1883] +mov dword [ebp - 0x260], eax +mov eax, dword [edi + 0x2444] +cmp edx, 3 +mov dword [ebp - 0x28c], ecx +mov dword [ebp - 0x2a4], eax +sete al +movzx ebx, al +mov dword [ebp - 0x288], ebx +mov ebx, dword [edi + 0x1887] +mov esi, ebx +mov dword [ebp - 0x2b0], ebx +mov ebx, dword [edi + 0x188b] +mov dword [ebp - 0x290], ebx +xor ebx, ebx +cmp edx, 2 +sete bl +cmp esi, 0x306d0 +mov dword [ebp - 0x2b4], ebx +sete bl +cmp ecx, 3 +setbe dl +mov byte [ebp - 0x27b], bl +test bl, dl +jne short loc_fffc780c ; jne 0xfffc780c +test ecx, ecx +sete dl +xor ebx, ebx +cmp esi, 0x40670 +sete bl +mov dword [ebp - 0x268], ebx +and dword [ebp - 0x268], edx + +loc_fffc780c: ; not directly referenced +and al, byte [ebp - 0x27b] +cmp dword [ebp - 0x290], 1 +movzx eax, al +mov dword [ebp - 0x2b8], eax +mov eax, dword [ebp - 0x260] +movzx eax, byte [eax + 0x1c5] +mov dword [ebp - 0x298], eax +movzx eax, byte [edi + 0x1965] +mov dword [ebp - 0x284], eax +jne short loc_fffc7889 ; jne 0xfffc7889 +cmp dword [ebp - 0x28c], 4 +mov byte [ebp - 0x27a], 0x10 +mov byte [ebp - 0x280], 0xf0 +setbe al +test byte [ebp - 0x27b], al +mov byte [ebp - 0x279], 4 +je short loc_fffc789e ; je 0xfffc789e +cmp dword [edi + 0x36d8], 0x640 +mov eax, 0 +cmovbe eax, dword [ebp - 0x284] +mov dword [ebp - 0x284], eax +jmp short loc_fffc789e ; jmp 0xfffc789e + +loc_fffc7889: ; not directly referenced +mov byte [ebp - 0x27a], 8 +mov byte [ebp - 0x280], 0xf8 +mov byte [ebp - 0x279], 1 + +loc_fffc789e: ; not directly referenced +mov ebx, dword [ebp - 0x260] +lea eax, [edi + 0x3757] +xor esi, esi +mov dword [ebp - 0x264], eax +mov dword [ebp - 0x25c], eax +add ebx, 0x1c +mov dword [ebp - 0x2a8], ebx +mov dword [ebp - 0x270], ebx + +loc_fffc78c7: ; not directly referenced +mov eax, dword [ebp - 0x25c] +mov byte [ebp + esi - 0x252], 0 +cmp dword [eax], 2 +je short loc_fffc78f9 ; je 0xfffc78f9 + +loc_fffc78da: ; not directly referenced +inc esi +add dword [ebp - 0x25c], 0x13c3 +add dword [ebp - 0x270], 0xcc +cmp esi, 2 +jne short loc_fffc78c7 ; jne 0xfffc78c7 +jmp near loc_fffc798a ; jmp 0xfffc798a + +loc_fffc78f9: ; not directly referenced +mov eax, dword [ebp - 0x25c] +xor ecx, ecx +mov edx, 1 +mov al, byte [eax + 0xc4] + +loc_fffc790c: ; not directly referenced +mov ebx, edx +shl ebx, cl +test al, bl +je short loc_fffc791b ; je 0xfffc791b +mov byte [ebp + esi - 0x252], cl + +loc_fffc791b: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc790c ; jne 0xfffc790c +mov byte [ebp - 0x26c], 0 + +loc_fffc7928: ; not directly referenced +mov al, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc78da ; jae 0xfffc78da +movzx ecx, byte [ebp - 0x26c] +mov eax, dword [ebp - 0x270] +mov edx, dword [ebp - 0x298] +mov ebx, dword [eax + ecx*4 + 0x28] +or ebx, 0x60 +mov eax, ebx +and eax, 0xffbfffff +test edx, edx +mov edx, dword [ebp - 0x2b4] +cmovne ebx, eax +mov eax, ebx +and eax, 0xffdfffff +test edx, edx +mov edx, esi +cmovne ebx, eax +mov eax, edi +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x26c] +jmp short loc_fffc7928 ; jmp 0xfffc7928 + +loc_fffc798a: ; not directly referenced +cmp dword [ebp - 0x298], 0 +je short loc_fffc79e7 ; je 0xfffc79e7 +mov edx, 0x3a28 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x3a28 +mov dword [ebp - 0x2ac], eax +mov eax, edi +and dword [ebp - 0x2ac], 0xfffffffd +mov ecx, dword [ebp - 0x2ac] +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +or ah, 1 +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x96 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 + +loc_fffc79e7: ; not directly referenced +movzx eax, byte [ebp - 0x280] +mov dword [ebp - 0x278], 1 +mov dword [ebp - 0x270], 0 +mov dword [ebp - 0x2c8], eax + +loc_fffc7a08: ; not directly referenced +mov esi, dword [ebp - 0x278] +mov eax, esi +mov byte [ebp - 0x274], al +test al, al +je short loc_fffc7a30 ; je 0xfffc7a30 +cmp dword [ebp - 0x290], 0 +sete al +or al, byte [ebp - 0x268] +jne loc_fffc81ea ; jne 0xfffc81ea + +loc_fffc7a30: ; not directly referenced +mov esi, dword [ebp - 0x2a4] +push eax +push 0 +push 0x24 +lea eax, [ebp - 0x1c8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x24 +lea eax, [ebp - 0x1ec] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push dword [ebp - 0x2c8] +lea eax, [ebp - 0x234] +push 0x12 +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0xff +push 0x12 +lea eax, [ebp - 0x210] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x12 +lea eax, [ebp - 0x222] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +mov esi, dword [ebp - 0x264] +add esp, 0x10 +mov dword [ebp - 0x26c], 0 + +loc_fffc7aad: ; not directly referenced +cmp dword [esi], 2 +je short loc_fffc7ae9 ; je 0xfffc7ae9 + +loc_fffc7ab2: ; not directly referenced +inc dword [ebp - 0x26c] +add esi, 0x13c3 +cmp dword [ebp - 0x26c], 2 +jne short loc_fffc7aad ; jne 0xfffc7aad +mov al, byte [ebp - 0x280] +mov byte [ebp - 0x29c], 0 +mov byte [ebp - 0x25c], al +imul eax, dword [ebp - 0x278], 0x12 +mov dword [ebp - 0x2c0], eax +jmp short loc_fffc7b59 ; jmp 0xfffc7b59 + +loc_fffc7ae9: ; not directly referenced +xor ebx, ebx + +loc_fffc7aeb: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffc7ab2 ; jae 0xfffc7ab2 +movzx eax, bl +mov dword [ebp - 0x270], eax +mov byte [esi + eax + 0x101d], 0 +mov dword [ebp - 0x25c], 0 + +loc_fffc7b0e: ; not directly referenced +mov cl, byte [ebp - 0x25c] +mov eax, 1 +shl eax, cl +test byte [esi + 0xc4], al +je short loc_fffc7b47 ; je 0xfffc7b47 +push eax +mov ecx, dword [ebp - 0x25c] +mov eax, edi +push 0 +mov edx, dword [ebp - 0x26c] +push 0xff +push dword [ebp - 0x270] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 + +loc_fffc7b47: ; not directly referenced +inc dword [ebp - 0x25c] +cmp dword [ebp - 0x25c], 4 +jne short loc_fffc7b0e ; jne 0xfffc7b0e +inc ebx +jmp short loc_fffc7aeb ; jmp 0xfffc7aeb + +loc_fffc7b59: ; not directly referenced +cmp byte [ebp - 0x274], 0 +jne short loc_fffc7b8f ; jne 0xfffc7b8f +push 0 +movsx eax, byte [ebp - 0x25c] +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push eax +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov dword [ebp - 0x270], eax +jmp short loc_fffc7be3 ; jmp 0xfffc7be3 + +loc_fffc7b8f: ; not directly referenced +push 0 +mov bl, byte [ebp - 0x25c] +push 0 +push 0 +push 0 +push 0 +and ebx, 1 +push 0 +movzx eax, bl +push 0 +push 1 +push 0 +push eax +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov esi, dword [ebp - 0x25c] +mov dl, 2 +add esp, 0x30 +mov dword [ebp - 0x270], eax +mov eax, esi +cbw +idiv dl +mov edx, esi +shr dl, 7 +mov byte [ebp - 0x29c], al +test bl, dl +je short loc_fffc7be3 ; je 0xfffc7be3 +dec eax +mov byte [ebp - 0x29c], al + +loc_fffc7be3: ; not directly referenced +mov eax, edi +or edx, 0xffffffff +call fcn_fffac864 ; call 0xfffac864 +mov eax, dword [ebp - 0x264] +mov dword [ebp - 0x26c], 0 +mov dword [ebp - 0x294], eax + +loc_fffc7c03: ; not directly referenced +mov eax, dword [ebp - 0x294] +cmp dword [eax], 2 +jne loc_fffc7d84 ; jne 0xfffc7d84 +cmp byte [ebp - 0x274], 1 +je short loc_fffc7c8f ; je 0xfffc7c8f + +loc_fffc7c1b: ; not directly referenced +mov esi, dword [ebp - 0x26c] +mov ecx, 0xff +mov ebx, dword [ebp - 0x260] +imul eax, esi, 0xcc +mov edx, esi +mov ebx, dword [ebx + eax + 0x1c] +movzx eax, byte [ebp + esi - 0x252] +or ebx, 0x100000 +and eax, 3 +and ebx, 0xff1fffff +shl eax, 0x16 +or ebx, eax +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +or ebx, 0x1000008 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, edi +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +lea eax, [esi + esi*8] +lea esi, [ebp - 0x18] +add eax, esi +mov byte [ebp - 0x2a0], 0 +mov dword [ebp - 0x2bc], eax +jmp short loc_fffc7d04 ; jmp 0xfffc7d04 + +loc_fffc7c8f: ; not directly referenced +mov byte [ebp - 0x2a0], 0 + +loc_fffc7c96: ; not directly referenced +mov al, byte [ebp - 0x2a0] +cmp al, byte [edi + 0x2489] +jae loc_fffc7c1b ; jae 0xfffc7c1b +mov ebx, dword [ebp - 0x294] +movzx esi, byte [ebp - 0x2a0] +mov al, byte [ebp - 0x29c] +mov byte [ebx + esi + 0x101d], al +xor ebx, ebx + +loc_fffc7cc4: ; not directly referenced +mov cl, bl +mov eax, 1 +shl eax, cl +mov ecx, dword [ebp - 0x294] +test byte [ecx + 0xc4], al +je short loc_fffc7cf6 ; je 0xfffc7cf6 +mov edx, dword [ebp - 0x26c] +mov ecx, ebx +push eax +mov eax, edi +push 0 +push 0xff +push esi +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 + +loc_fffc7cf6: ; not directly referenced +inc ebx +cmp ebx, 4 +jne short loc_fffc7cc4 ; jne 0xfffc7cc4 +inc byte [ebp - 0x2a0] +jmp short loc_fffc7c96 ; jmp 0xfffc7c96 + +loc_fffc7d04: ; not directly referenced +mov al, byte [ebp - 0x2a0] +cmp al, byte [edi + 0x2489] +jae short loc_fffc7d64 ; jae 0xfffc7d64 +movzx esi, byte [ebp - 0x2a0] +mov eax, edi +mov edx, dword [ebp - 0x26c] +mov ecx, esi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +movzx edx, al +movzx eax, dx +mov dword [ebp - 0x2c4], edx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x2c4] +add esi, dword [ebp - 0x2bc] +inc byte [ebp - 0x2a0] +and byte [esi - 0x1f8], dl +neg eax +mov byte [esi - 0x22e], al +jmp short loc_fffc7d04 ; jmp 0xfffc7d04 + +loc_fffc7d64: ; not directly referenced +mov edx, dword [ebp - 0x26c] +mov ecx, 0xff +mov eax, edi +and ebx, 0xfffffff7 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffc7d84: ; not directly referenced +inc dword [ebp - 0x26c] +add dword [ebp - 0x294], 0x13c3 +cmp dword [ebp - 0x26c], 2 +jne loc_fffc7c03 ; jne 0xfffc7c03 +mov eax, edi +mov edx, 0x11111111 +call fcn_fffac864 ; call 0xfffac864 +mov eax, dword [ebp - 0x264] +xor esi, esi +mov dword [ebp - 0x2a0], eax + +loc_fffc7dbb: ; not directly referenced +mov eax, dword [ebp - 0x2a0] +cmp dword [eax], 2 +jne loc_fffc7f4c ; jne 0xfffc7f4c +imul eax, esi, 0xcc +mov ebx, dword [ebp - 0x260] +mov ecx, 0xff +mov edx, esi +mov ebx, dword [ebx + eax + 0x1c] +movzx eax, byte [ebp + esi - 0x252] +or ebx, 0x100000 +and eax, 3 +and ebx, 0xff1fffff +shl eax, 0x16 +or ebx, eax +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +or ebx, 0x1000008 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, edi +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +lea eax, [esi + esi*8] +lea ecx, [ebp - 0x18] +add ecx, eax +mov byte [ebp - 0x294], 0 +mov dword [ebp - 0x2bc], eax +mov dword [ebp - 0x2c4], ecx + +loc_fffc7e3c: ; not directly referenced +mov al, byte [ebp - 0x294] +cmp al, byte [edi + 0x2489] +jae loc_fffc7f30 ; jae 0xfffc7f30 +movzx eax, byte [ebp - 0x294] +mov edx, esi +mov ecx, eax +mov dword [ebp - 0x26c], eax +mov eax, edi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +movzx ecx, al +movzx eax, cx +mov dword [ebp - 0x2cc], ecx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x2c4] +add edx, dword [ebp - 0x26c] +mov ecx, dword [ebp - 0x2cc] +or byte [edx - 0x20a], cl +add al, byte [edx - 0x22e] +mov byte [edx - 0x22e], al +cmp al, byte [edx - 0x21c] +jle short loc_fffc7eff ; jle 0xfffc7eff +mov byte [edx - 0x21c], al +mov eax, dword [ebp - 0x2c0] +lea ecx, [ebp - 0x18] +add eax, dword [ebp - 0x2bc] +add eax, ecx +mov cl, byte [ebp - 0x25c] +add eax, dword [ebp - 0x26c] +cmp byte [ebp - 0x274], 0 +mov byte [eax - 0x1b0], cl +mov byte [eax - 0x1d4], cl +jne short loc_fffc7f25 ; jne 0xfffc7f25 +mov ecx, dword [ebp - 0x2a0] +mov edx, dword [ebp - 0x26c] +mov al, byte [ebp - 0x25c] +mov byte [ecx + edx + 0x101d], al +jmp short loc_fffc7f25 ; jmp 0xfffc7f25 + +loc_fffc7eff: ; not directly referenced +jne short loc_fffc7f25 ; jne 0xfffc7f25 +mov eax, dword [ebp - 0x2c0] +lea ecx, [ebp - 0x18] +add eax, dword [ebp - 0x2bc] +mov edx, dword [ebp - 0x26c] +add eax, ecx +mov cl, byte [ebp - 0x25c] +mov byte [edx + eax - 0x1b0], cl + +loc_fffc7f25: ; not directly referenced +inc byte [ebp - 0x294] +jmp near loc_fffc7e3c ; jmp 0xfffc7e3c + +loc_fffc7f30: ; not directly referenced +mov ecx, 0xff +mov edx, esi +mov eax, edi +and ebx, 0xfffffff7 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffc7f4c: ; not directly referenced +inc esi +add dword [ebp - 0x2a0], 0x13c3 +cmp esi, 2 +jne loc_fffc7dbb ; jne 0xfffc7dbb +inc byte [ebp - 0x25c] +mov al, byte [ebp - 0x27a] +cmp byte [ebp - 0x25c], al +jle loc_fffc7b59 ; jle 0xfffc7b59 +push 0 +xor ebx, ebx +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0 +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov eax, dword [ebp - 0x264] +add esp, 0x30 +mov dword [ebp - 0x25c], eax +imul eax, dword [ebp - 0x278], 0x12 +mov dword [ebp - 0x2a0], eax + +loc_fffc7fb2: ; not directly referenced +mov eax, dword [ebp - 0x25c] +mov dword [ebp + ebx*4 - 0x250], 0 +cmp dword [eax], 2 +je short loc_fffc7fdd ; je 0xfffc7fdd + +loc_fffc7fc8: ; not directly referenced +inc ebx +add dword [ebp - 0x25c], 0x13c3 +cmp ebx, 2 +jne short loc_fffc7fb2 ; jne 0xfffc7fb2 +jmp near loc_fffc8122 ; jmp 0xfffc8122 + +loc_fffc7fdd: ; not directly referenced +lea eax, [ebx + ebx*8] +lea esi, [ebp - 0x18] +add esi, eax +mov byte [ebp - 0x294], 0 +mov dword [ebp - 0x29c], eax +mov dword [ebp - 0x2bc], esi + +loc_fffc7ff8: ; not directly referenced +mov al, byte [ebp - 0x294] +cmp al, byte [edi + 0x2489] +jae short loc_fffc7fc8 ; jae 0xfffc7fc8 +mov ecx, dword [ebp - 0x2a0] +lea eax, [ebp - 0x18] +add ecx, dword [ebp - 0x29c] +movzx esi, byte [ebp - 0x294] +add ecx, eax +add ecx, esi +mov dl, byte [ecx - 0x1d4] +mov al, byte [ecx - 0x1b0] +sub eax, edx +mov byte [ecx - 0x168], al +mov cl, 2 +cbw +idiv cl +add eax, edx +cmp dword [ebp - 0x268], 0 +mov dl, al +je short loc_fffc807b ; je 0xfffc807b +mov ecx, dword [ebp - 0x2bc] +mov byte [esi + ecx - 0x1e6], al +movsx eax, al +push 0 +push 0 +push 0 +push 0 +push esi +push 0xff +push ebx +push 0 +push 0 +push eax +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +jmp near loc_fffc8117 ; jmp 0xfffc8117 + +loc_fffc807b: ; not directly referenced +cmp byte [ebp - 0x274], 0 +jne short loc_fffc8091 ; jne 0xfffc8091 +lea eax, [edx - 1] +test dl, dl +lea ecx, [edx + 1] +cmovns eax, ecx +mov dl, al + +loc_fffc8091: ; not directly referenced +movsx eax, dl +mov cl, 2 +add dword [ebp + ebx*4 - 0x250], eax +movsx ax, dl +idiv cl +mov ecx, dword [ebp - 0x25c] +mov edx, dword [ebp - 0x2a0] +add edx, dword [ebp - 0x29c] +mov dword [ebp - 0x26c], 0 +mov byte [ecx + esi + 0x101d], al +lea ecx, [ebp - 0x18] +add edx, ecx +mov byte [esi + edx - 0x18c], al + +loc_fffc80d2: ; not directly referenced +mov cl, byte [ebp - 0x26c] +mov eax, 1 +mov edx, dword [ebp - 0x25c] +shl eax, cl +test byte [edx + 0xc4], al +je short loc_fffc8108 ; je 0xfffc8108 +push ecx +mov ecx, dword [ebp - 0x26c] +mov edx, ebx +push 0 +mov eax, edi +push 0xff +push esi +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 + +loc_fffc8108: ; not directly referenced +inc dword [ebp - 0x26c] +cmp dword [ebp - 0x26c], 4 +jne short loc_fffc80d2 ; jne 0xfffc80d2 + +loc_fffc8117: ; not directly referenced +inc byte [ebp - 0x294] +jmp near loc_fffc7ff8 ; jmp 0xfffc7ff8 + +loc_fffc8122: ; not directly referenced +cmp dword [ebp - 0x290], 0 +sete al +or al, byte [ebp - 0x268] +jne loc_fffc81ea ; jne 0xfffc81ea +cmp byte [ebp - 0x274], 1 +je loc_fffc81ea ; je 0xfffc81ea +mov eax, dword [ebp - 0x264] +lea edx, [ebp - 0x180] +lea ecx, [ebp - 0x1a4] +mov dword [ebp - 0x25c], eax + +loc_fffc815d: ; not directly referenced +mov eax, dword [ebp - 0x25c] +cmp dword [eax], 2 +jne short loc_fffc81cc ; jne 0xfffc81cc +mov al, byte [edi + 0x2489] +mov byte [ebp - 0x26c], al +xor eax, eax + +loc_fffc8176: ; not directly referenced +cmp byte [ebp - 0x26c], al +jbe short loc_fffc81cc ; jbe 0xfffc81cc +cmp dword [ebp - 0x284], 0 +je short loc_fffc81c9 ; je 0xfffc81c9 +movsx esi, byte [edx + eax + 0x12] +movsx ebx, byte [edx + eax] +sub ebx, esi +mov esi, ebx +sar esi, 0x1f +xor ebx, esi +sub ebx, esi +cmp ebx, 4 +jle short loc_fffc81c9 ; jle 0xfffc81c9 +movsx esi, byte [ecx + eax + 0x12] +movsx ebx, byte [ecx + eax] +sub ebx, esi +mov esi, ebx +sar esi, 0x1f +xor ebx, esi +sub ebx, esi +mov esi, 5 +cmp ebx, 3 +cmovl esi, dword [ebp - 0x270] +mov dword [ebp - 0x270], esi + +loc_fffc81c9: ; not directly referenced +inc eax +jmp short loc_fffc8176 ; jmp 0xfffc8176 + +loc_fffc81cc: ; not directly referenced +add edx, 9 +add ecx, 9 +lea eax, [ebp - 0x16e] +add dword [ebp - 0x25c], 0x13c3 +cmp edx, eax +jne loc_fffc815d ; jne 0xfffc815d + +loc_fffc81ea: ; not directly referenced +dec dword [ebp - 0x278] +cmp dword [ebp - 0x278], 0xffffffff +jne loc_fffc7a08 ; jne 0xfffc7a08 +cmp dword [ebp - 0x290], 1 +jne loc_fffc8321 ; jne 0xfffc8321 +cmp dword [ebp - 0x270], 5 +mov eax, 5 +sete cl +cmp dword [ebp - 0x284], 0 +setne dl +test cl, dl +jne loc_fffc8a14 ; jne 0xfffc8a14 +cmp dword [ebp - 0x28c], 3 +seta al +test byte [ebp - 0x27b], al +jne short loc_fffc8258 ; jne 0xfffc8258 +cmp dword [ebp - 0x28c], 0 +setne dl +cmp dword [ebp - 0x2b0], 0x40670 +sete al +test dl, al +je short loc_fffc82ca ; je 0xfffc82ca + +loc_fffc8258: ; not directly referenced +mov eax, dword [ebp - 0x250] +movzx ecx, byte [edi + 0x2489] +add eax, dword [ebp - 0x24c] +add ecx, ecx +cdq +idiv ecx +mov dword [ebp - 0x250], eax + +loc_fffc8276: ; not directly referenced +cmp dword [edi + 0x3757], 2 +mov eax, dword [ebp - 0x250] +jne short loc_fffc8291 ; jne 0xfffc8291 +mov ebx, dword [ebp - 0x260] +mov dword [ebx + 0xe3], eax + +loc_fffc8291: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc82a6 ; jne 0xfffc82a6 +mov ebx, dword [ebp - 0x260] +mov dword [ebx + 0x1af], eax + +loc_fffc82a6: ; not directly referenced +mov esi, dword [ebp - 0x260] +mov ebx, eax +cmp dword [ebp - 0x288], 0 +mov dword [esi + 0x1b4], eax +je short loc_fffc82d6 ; je 0xfffc82d6 +mov ebx, 3 +cmp eax, 3 +cmovle ebx, eax +jmp short loc_fffc82d6 ; jmp 0xfffc82d6 + +loc_fffc82ca: ; not directly referenced +mov dword [ebp - 0x250], 0xfffffff0 +jmp short loc_fffc8276 ; jmp 0xfffc8276 + +loc_fffc82d6: ; not directly referenced +push 1 +push 0 +push 0 +push 0xff +push ebx +push 1 +push 0 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 +push 1 +push 0 +push 0 +push 0xff +push ebx +push 1 +push 1 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 +push 0 +push 0 +push 0 +push 0xff +push ebx +push 1 +push 2 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 + +loc_fffc8321: ; not directly referenced +mov eax, dword [ebp - 0x2a4] +lea ebx, [ebp - 0x15c] +push edx +push 0 +push 0xa2 +push ebx +call dword [eax + 0x5c] ; ucall +add esp, 0xc +mov eax, dword [ebp - 0x2a4] +push 0 +push 0xa2 +lea esi, [ebp - 0xba] +push esi +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp dword [ebp - 0x288], 1 +mov dword [ebp - 0x260], 1 +mov dword [ebp - 0x290], esi +sbb eax, eax +mov dword [ebp - 0x270], eax +add byte [ebp - 0x270], 9 +mov dword [ebp - 0x294], ebx + +loc_fffc8382: ; not directly referenced +mov al, byte [ebp - 0x260] +xor ecx, ecx +xor edx, edx +mov byte [ebp - 0x278], al + +loc_fffc8392: ; not directly referenced +mov eax, dword [ebp - 0x260] +shl eax, cl +add ecx, 4 +add edx, eax +cmp ecx, 0x20 +jne short loc_fffc8392 ; jne 0xfffc8392 +mov eax, edi +call fcn_fffac864 ; call 0xfffac864 +mov eax, dword [ebp - 0x2a8] +mov dword [ebp - 0x25c], 0 +mov dword [ebp - 0x274], eax +mov eax, dword [ebp - 0x260] +and eax, 0xf +mov dword [ebp - 0x284], eax +shl dword [ebp - 0x284], 9 + +loc_fffc83d7: ; not directly referenced +imul eax, dword [ebp - 0x25c], 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffc85c8 ; jne 0xfffc85c8 +cmp dword [ebp - 0x288], 0 +jne short loc_fffc8462 ; jne 0xfffc8462 + +loc_fffc83f8: ; not directly referenced +mov esi, dword [ebp - 0x25c] +mov ecx, 0xff +mov eax, dword [ebp - 0x274] +mov edx, esi +mov ebx, dword [eax] +movzx eax, byte [ebp + esi - 0x252] +or ebx, 0x100000 +and eax, 3 +and ebx, 0xff1fffff +shl eax, 0x16 +or ebx, eax +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +or ebx, 0x1000008 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, edi +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +imul eax, esi, 0x51 +mov byte [ebp - 0x26c], 0 +mov dword [ebp - 0x28c], eax +jmp near loc_fffc853e ; jmp 0xfffc853e + +loc_fffc8462: ; not directly referenced +mov byte [ebp - 0x26c], 0 + +loc_fffc8469: ; not directly referenced +mov al, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc83f8 ; jae 0xfffc83f8 +movzx esi, byte [ebp - 0x26c] +mov eax, dword [ebp - 0x274] +mov ecx, dword [ebp - 0x298] +mov edx, dword [ebp - 0x25c] +lea eax, [eax + esi*4] +mov dword [ebp - 0x280], eax +mov eax, dword [eax + 0x28] +and ah, 0xe1 +or eax, dword [ebp - 0x284] +or eax, 0x60 +mov ebx, eax +and eax, 0xfffffe7f +and ebx, 0xffbffe7f +test ecx, ecx +mov ecx, dword [ebp - 0x2b4] +cmove ebx, eax +mov eax, ebx +and eax, 0xffdfffff +test ecx, ecx +mov ecx, esi +cmovne ebx, eax +mov eax, edi +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x2b8], 0 +je short loc_fffc8510 ; je 0xfffc8510 +mov edx, dword [ebp - 0x25c] +mov ecx, esi +mov eax, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov esi, dword [ebp - 0x280] +mov ecx, dword [esi + 4] +mov edx, eax +mov eax, edi +and ecx, 0xc7ffffff +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffc8510: ; not directly referenced +inc byte [ebp - 0x26c] +jmp near loc_fffc8469 ; jmp 0xfffc8469 + +loc_fffc851b: ; not directly referenced +mov eax, dword [ebp - 0x280] +bt eax, edx +jae short loc_fffc8597 ; jae 0xfffc8597 +mov al, byte [ebp - 0x278] +mov byte [ecx + edx], al + +loc_fffc852f: ; not directly referenced +inc edx +cmp byte [ebp - 0x270], dl +ja short loc_fffc851b ; ja 0xfffc851b +inc byte [ebp - 0x26c] + +loc_fffc853e: ; not directly referenced +mov al, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc85a8 ; jae 0xfffc85a8 +movzx esi, byte [ebp - 0x26c] +mov eax, edi +mov edx, dword [ebp - 0x25c] +mov ecx, esi +call fcn_fffa75c5 ; call 0xfffa75c5 +lea esi, [esi + esi*8] +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +xor edx, edx +add esi, dword [ebp - 0x28c] +mov dword [ebp - 0x280], eax +mov eax, dword [ebp - 0x290] +and dword [ebp - 0x280], 0x1ff +lea ecx, [eax + esi] +add esi, dword [ebp - 0x294] +jmp short loc_fffc851b ; jmp 0xfffc851b + +loc_fffc8597: ; not directly referenced +cmp byte [esi + edx], 0 +jne short loc_fffc852f ; jne 0xfffc852f +mov al, byte [ebp - 0x278] +mov byte [esi + edx], al +jmp short loc_fffc852f ; jmp 0xfffc852f + +loc_fffc85a8: ; not directly referenced +mov edx, dword [ebp - 0x25c] +mov ecx, 0xff +mov eax, edi +and ebx, 0xfffffff7 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffc85c8: ; not directly referenced +inc dword [ebp - 0x25c] +add dword [ebp - 0x274], 0xcc +cmp dword [ebp - 0x25c], 2 +jne loc_fffc83d7 ; jne 0xfffc83d7 +inc dword [ebp - 0x260] +cmp dword [ebp - 0x260], 0x10 +jne loc_fffc8382 ; jne 0xfffc8382 +mov eax, dword [ebp - 0x2a8] +mov dword [ebp - 0x25c], 0 +mov dword [ebp - 0x280], eax +mov eax, dword [ebp - 0x264] +mov dword [ebp - 0x260], eax + +loc_fffc861a: ; not directly referenced +mov eax, dword [ebp - 0x260] +cmp dword [eax], 2 +je short loc_fffc864d ; je 0xfffc864d + +loc_fffc8625: ; not directly referenced +inc dword [ebp - 0x25c] +add dword [ebp - 0x260], 0x13c3 +add dword [ebp - 0x280], 0xcc +cmp dword [ebp - 0x25c], 2 +jne short loc_fffc861a ; jne 0xfffc861a +jmp near loc_fffc87fb ; jmp 0xfffc87fb + +loc_fffc864d: ; not directly referenced +mov esi, dword [ebp - 0x25c] +mov byte [ebp - 0x26c], 0 +imul ebx, esi, 0x51 +mov eax, esi +shl eax, 8 +mov dword [ebp - 0x29c], eax +add eax, 0x4c +mov dword [ebp - 0x28c], eax +mov dword [ebp - 0x284], ebx + +loc_fffc8677: ; not directly referenced +movzx eax, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc8625 ; jae 0xfffc8625 +mov ebx, eax +mov dword [ebp - 0x274], eax +lea eax, [eax + eax*8] +add eax, dword [ebp - 0x284] +lea esi, [ebp - 0x15c] +mov dword [ebp - 0x278], 0 +add esi, eax +mov dword [ebp - 0x294], esi +lea esi, [ebp - 0xba] +add eax, esi +mov dword [ebp - 0x290], eax +imul eax, ebx, 0x18 +xor ebx, ebx +mov dword [ebp - 0x2a0], eax + +loc_fffc86c8: ; not directly referenced +mov eax, dword [ebp - 0x294] +mov dl, byte [eax + ebx] +mov eax, dword [ebp - 0x290] +movsx ecx, byte [eax + ebx] +mov al, 0xf +test dl, dl +je short loc_fffc86f4 ; je 0xfffc86f4 +xor eax, eax +test cl, cl +je short loc_fffc86f4 ; je 0xfffc86f4 +movsx eax, dl +mov esi, 2 +add eax, ecx +cdq +idiv esi + +loc_fffc86f4: ; not directly referenced +cmp dword [ebp - 0x288], 0 +je short loc_fffc8755 ; je 0xfffc8755 +cmp bl, 8 +jne short loc_fffc8755 ; jne 0xfffc8755 +mov dl, 0xf +cmp al, 6 +jg short loc_fffc870e ; jg 0xfffc870e +lea edx, [eax + 8] +and edx, 0xf + +loc_fffc870e: ; not directly referenced +mov eax, dword [ebp - 0x274] +and edx, 0xf +mov esi, dword [ebp - 0x280] +add edx, edx +lea ecx, [eax + 8] +mov al, byte [esi + ecx*4 + 9] +and eax, 0xffffffe1 +or eax, edx +mov byte [esi + ecx*4 + 9], al + +loc_fffc872f: ; not directly referenced +mov eax, dword [ebp - 0x274] +mov esi, dword [ebp - 0x28c] +shl eax, 9 +lea ebx, [eax + esi] +mov dword [ebp - 0x274], ebx +mov ebx, dword [ebp - 0x29c] +lea esi, [ebx + eax + 0x50] +xor ebx, ebx +jmp short loc_fffc879f ; jmp 0xfffc879f + +loc_fffc8755: ; not directly referenced +mov edx, eax +lea esi, [ebx + ebx*2] +and edx, 0xf +add esi, dword [ebp - 0x2a0] +add esi, dword [ebp - 0x260] +lea ecx, [ebx*4] +shl edx, cl +add dword [ebp - 0x278], edx +xor edx, edx + +loc_fffc877a: ; not directly referenced +imul ecx, edx, 0xd8 +inc edx +mov byte [esi + ecx + 0x942], al +cmp byte [ebp - 0x279], dl +ja short loc_fffc877a ; ja 0xfffc877a +inc ebx +cmp byte [ebp - 0x270], bl +ja loc_fffc86c8 ; ja 0xfffc86c8 +jmp short loc_fffc872f ; jmp 0xfffc872f + +loc_fffc879f: ; not directly referenced +mov eax, dword [edi + 0x188b] +mov edx, dword [ebp - 0x274] +test eax, eax +je short loc_fffc87b5 ; je 0xfffc87b5 +xor edx, edx +dec eax +cmove edx, esi + +loc_fffc87b5: ; not directly referenced +mov ecx, dword [ebp - 0x278] +mov eax, edi +inc ebx +add esi, 4 +call fcn_fffb3381 ; call 0xfffb3381 +cmp bl, byte [ebp - 0x279] +jb short loc_fffc879f ; jb 0xfffc879f +sub esp, 0xc +mov edx, dword [ebp - 0x25c] +mov ecx, 1 +push 0 +mov eax, edi +push 1 +push 0 +push 0 +push 0 +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +inc byte [ebp - 0x26c] +jmp near loc_fffc8677 ; jmp 0xfffc8677 + +loc_fffc87fb: ; not directly referenced +cmp dword [ebp - 0x268], 0 +jne short loc_fffc8854 ; jne 0xfffc8854 + +loc_fffc8804: ; not directly referenced +cmp dword [ebp - 0x298], 0 +je loc_fffc894e ; je 0xfffc894e +mov ecx, dword [ebp - 0x2ac] +mov eax, edi +mov edx, 0x3a28 +or ecx, 2 +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +or ah, 1 +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0xe1 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp near loc_fffc894e ; jmp 0xfffc894e + +loc_fffc8854: ; not directly referenced +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0 +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov ebx, dword [ebp - 0x264] +add esp, 0x30 +mov dword [ebp - 0x260], 0 + +loc_fffc8883: ; not directly referenced +cmp dword [ebx], 2 +je short loc_fffc88a3 ; je 0xfffc88a3 + +loc_fffc8888: ; not directly referenced +inc dword [ebp - 0x260] +add ebx, 0x13c3 +cmp dword [ebp - 0x260], 2 +je loc_fffc8804 ; je 0xfffc8804 +jmp short loc_fffc8883 ; jmp 0xfffc8883 + +loc_fffc88a3: ; not directly referenced +imul eax, dword [ebp - 0x260], 9 +lea edx, [ebp - 0x18] +mov byte [ebp - 0x264], 0 +add eax, edx +mov dword [ebp - 0x268], eax + +loc_fffc88bc: ; not directly referenced +mov al, byte [ebp - 0x264] +cmp al, byte [edi + 0x2489] +jae short loc_fffc8888 ; jae 0xfffc8888 +movzx esi, byte [ebp - 0x264] +mov eax, dword [ebp - 0x268] +mov dword [ebp - 0x25c], 0 +mov dl, byte [esi + eax - 0x1e6] +test dl, dl +lea eax, [edx - 1] +lea ecx, [edx + 1] +mov dl, 2 +cmovns eax, ecx +cbw +idiv dl +mov byte [ebx + esi + 0x101d], al + +loc_fffc8900: ; not directly referenced +mov cl, byte [ebp - 0x25c] +mov eax, 1 +shl eax, cl +test byte [ebx + 0xc4], al +je short loc_fffc8934 ; je 0xfffc8934 +mov ecx, dword [ebp - 0x25c] +push eax +mov edx, dword [ebp - 0x260] +mov eax, edi +push 0 +push 0xff +push esi +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 + +loc_fffc8934: ; not directly referenced +inc dword [ebp - 0x25c] +cmp dword [ebp - 0x25c], 4 +jne short loc_fffc8900 ; jne 0xfffc8900 +inc byte [ebp - 0x264] +jmp near loc_fffc88bc ; jmp 0xfffc88bc + +loc_fffc894e: ; not directly referenced +mov esi, dword [ebp - 0x2a8] +xor ebx, ebx + +loc_fffc8956: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffc89fd ; jne 0xfffc89fd +mov byte [ebp - 0x25c], 0 + +loc_fffc8971: ; not directly referenced +mov al, byte [ebp - 0x25c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc89e4 ; jae 0xfffc89e4 +movzx eax, byte [ebp - 0x25c] +mov edx, ebx +mov ecx, eax +mov dword [ebp - 0x260], eax +mov eax, edi +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0x260] +lea ecx, [esi + ecx*4] +mov dword [ebp - 0x264], ecx +mov ecx, dword [ecx + 0x28] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x2b8], 0 +je short loc_fffc89dc ; je 0xfffc89dc +mov ecx, dword [ebp - 0x260] +mov edx, ebx +mov eax, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [ebp - 0x264] +mov ecx, dword [ecx + 4] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffc89dc: ; not directly referenced +inc byte [ebp - 0x25c] +jmp short loc_fffc8971 ; jmp 0xfffc8971 + +loc_fffc89e4: ; not directly referenced +mov ecx, 0xff +mov edx, ebx +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [esi] +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffc89fd: ; not directly referenced +inc ebx +add esi, 0xcc +cmp ebx, 2 +jne loc_fffc8956 ; jne 0xfffc8956 +mov eax, edi +call fcn_fffaa4a9 ; call 0xfffaa4a9 + +loc_fffc8a14: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -52668,7 +54663,111 @@ pop edi pop ebp ret -fcn_fffc6ea0: ; not directly referenced +fcn_fffc8a1c: ; not directly referenced +push ebp +mov ebp, esp +push esi +push ebx +mov ebx, dword [ebp + 8] +push edx +push edx +movzx ecx, byte [ebx + 0x248f] +lea esi, [ebx + 0x2491] +mov eax, ebx +push 0 +mov edx, esi +push 0xf +push 1 +push 0 +push 1 +push 2 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 +test eax, eax +jne short loc_fffc8a90 ; jne 0xfffc8a90 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffc8a6f ; jne 0xfffc8a6f +cmp dword [ebx + 0x2481], 1 +jne short loc_fffc8a6f ; jne 0xfffc8a6f +mov ecx, 2 +mov edx, esi +mov eax, ebx +call fcn_fffbd7ee ; call 0xfffbd7ee + +loc_fffc8a6f: ; not directly referenced +push eax +mov edx, esi +push eax +movzx ecx, byte [ebx + 0x248f] +mov eax, ebx +push 1 +push 0xf +push 0 +push 0 +push 0 +push 2 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 + +loc_fffc8a90: ; not directly referenced +lea esp, [ebp - 8] +pop ebx +pop esi +pop ebp +ret + +fcn_fffc8a97: ; not directly referenced +push ebp +mov ebp, esp +push esi +push ebx +mov ebx, dword [ebp + 8] +push edx +push edx +movzx ecx, byte [ebx + 0x248f] +lea esi, [ebx + 0x2491] +mov eax, ebx +push 0 +mov edx, esi +push 0xf +push 1 +push 0 +push 1 +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 +test eax, eax +jne short loc_fffc8b02 ; jne 0xfffc8b02 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffc8ae1 ; jne 0xfffc8ae1 +mov ecx, 1 +mov edx, esi +mov eax, ebx +call fcn_fffbd7ee ; call 0xfffbd7ee + +loc_fffc8ae1: ; not directly referenced +push eax +mov edx, esi +push eax +movzx ecx, byte [ebx + 0x248f] +mov eax, ebx +push 1 +push 0xf +push 0 +push 1 +push 0 +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 + +loc_fffc8b02: ; not directly referenced +lea esp, [ebp - 8] +pop ebx +pop esi +pop ebp +ret + +fcn_fffc8b09: ; not directly referenced push ebp mov ecx, 8 mov ebp, esp @@ -52679,36 +54778,36 @@ sub esp, 0x178 mov eax, dword [ebp + 8] lea edi, [ebp - 0xe8] mov edx, dword [ebp + 0xc] -mov dword [ebp - 0xbc], fcn_fffaafc2 ; mov dword [ebp - 0xbc], 0xfffaafc2 -mov dword [ebp - 0xb0], fcn_fffaafda ; mov dword [ebp - 0xb0], 0xfffaafda +mov dword [ebp - 0xbc], fcn_fffb00dc ; mov dword [ebp - 0xbc], 0xfffb00dc +mov dword [ebp - 0xb0], fcn_fffb0086 ; mov dword [ebp - 0xb0], 0xfffb0086 mov dword [ebp - 0x130], eax xor eax, eax rep stosd ; rep stosd dword es:[edi], eax lea edi, [ebp - 0xf8] mov dword [ebp - 0x12c], edx mov edx, 0xcf8 -mov dword [ebp - 0x5c], fcn_fffab0f8 ; mov dword [ebp - 0x5c], 0xfffab0f8 -mov dword [ebp - 0x58], fcn_fffab0ef ; mov dword [ebp - 0x58], 0xfffab0ef -mov dword [ebp - 0xa4], fcn_fffb3d4e ; mov dword [ebp - 0xa4], 0xfffb3d4e -mov dword [ebp - 0xa0], fcn_fffb3dc0 ; mov dword [ebp - 0xa0], 0xfffb3dc0 +mov dword [ebp - 0x5c], fcn_fffb01d3 ; mov dword [ebp - 0x5c], 0xfffb01d3 +mov dword [ebp - 0x58], fcn_fffb01ca ; mov dword [ebp - 0x58], 0xfffb01ca +mov dword [ebp - 0xa4], fcn_fffb3fc4 ; mov dword [ebp - 0xa4], 0xfffb3fc4 +mov dword [ebp - 0xa0], fcn_fffb401c ; mov dword [ebp - 0xa0], 0xfffb401c mov cl, 4 rep stosd ; rep stosd dword es:[edi], eax mov eax, 0x80000048 -mov dword [ebp - 0x7c], fcn_fffc3868 ; mov dword [ebp - 0x7c], 0xfffc3868 -mov dword [ebp - 0x78], fcn_fffc3844 ; mov dword [ebp - 0x78], 0xfffc3844 +mov dword [ebp - 0x7c], fcn_fffc375d ; mov dword [ebp - 0x7c], 0xfffc375d +mov dword [ebp - 0x78], fcn_fffc3739 ; mov dword [ebp - 0x78], 0xfffc3739 out dx, eax push 0xcfc -call fcn_fffaafc2 ; call 0xfffaafc2 +call fcn_fffb00dc ; call 0xfffb00dc add esp, 0x10 mov ebx, eax test al, 1 -jne short loc_fffc6f40 ; jne 0xfffc6f40 +jne short loc_fffc8ba9 ; jne 0xfffc8ba9 -loc_fffc6f39: ; not directly referenced +loc_fffc8ba2: ; not directly referenced xor eax, eax -jmp near loc_fffc82ec ; jmp 0xfffc82ec +jmp near loc_fffc9f55 ; jmp 0xfffc9f55 -loc_fffc6f40: ; not directly referenced +loc_fffc8ba9: ; not directly referenced push 0x60 mov esi, dword [ebp - 0xb0] push 0 @@ -52724,23 +54823,23 @@ mov dword [esp], 0xcfc call dword [ebp - 0xbc] ; ucall add esp, 0x10 test al, 1 -je short loc_fffc6f39 ; je 0xfffc6f39 +je short loc_fffc8ba2 ; je 0xfffc8ba2 and eax, 0xfffffff8 mov esi, eax -call fcn_fffa6801 ; call 0xfffa6801 +call fcn_fffa67af ; call 0xfffa67af mov dword [ebp - 0x144], 0 cmp eax, 0x40660 setne cl cmp eax, 0x306c0 setne dl test cl, dl -je short loc_fffc6fa8 ; je 0xfffc6fa8 +je short loc_fffc8c11 ; je 0xfffc8c11 cmp eax, 0x40650 setne al movzx eax, al mov dword [ebp - 0x144], eax -loc_fffc6fa8: ; not directly referenced +loc_fffc8c11: ; not directly referenced push 0xbc and ebx, 0xfffffffe push 0 @@ -52855,37 +54954,37 @@ and eax, 1 mov ebx, dword [ebp + eax*4 - 0x104] lea eax, [ebp - 0xc4] mov edx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 +call fcn_fffc3aea ; call 0xfffc3aea mov esi, eax mov edi, edx lea eax, [ebp - 0xc4] mov edx, ebx -call fcn_fffc3bda ; call 0xfffc3bda +call fcn_fffc3acf ; call 0xfffc3acf add eax, esi adc edx, edi add esp, 0x10 cmp dword [ebp - 0x144], 1 -jne short loc_fffc718e ; jne 0xfffc718e +jne short loc_fffc8df7 ; jne 0xfffc8df7 add eax, dword [ebp - 0x150] adc edx, dword [ebp - 0x14c] -jmp short loc_fffc719a ; jmp 0xfffc719a +jmp short loc_fffc8e03 ; jmp 0xfffc8e03 -loc_fffc718e: ; not directly referenced +loc_fffc8df7: ; not directly referenced add eax, dword [ebp - 0x140] adc edx, dword [ebp - 0x13c] -loc_fffc719a: ; not directly referenced +loc_fffc8e03: ; not directly referenced mov esi, eax mov eax, dword [ebp - 0x10c] mov edi, edx cmp dword [ebp - 0x134], eax -jb loc_fffc729e ; jb 0xfffc729e -ja short loc_fffc71c4 ; ja 0xfffc71c4 +jb loc_fffc8f07 ; jb 0xfffc8f07 +ja short loc_fffc8e2d ; ja 0xfffc8e2d mov eax, dword [ebp - 0x110] cmp dword [ebp - 0x138], eax -jbe loc_fffc729e ; jbe 0xfffc729e +jbe loc_fffc8f07 ; jbe 0xfffc8f07 -loc_fffc71c4: ; not directly referenced +loc_fffc8e2d: ; not directly referenced mov eax, dword [ebp - 0x160] mov cl, 1 mov ebx, dword [ebp - 0x134] @@ -52894,46 +54993,46 @@ and eax, 0xfff00000 mov edx, eax mov dword [ebp - 0x160], eax cmp dword [ebp - 0x12c], ebx -jb short loc_fffc7203 ; jb 0xfffc7203 -ja short loc_fffc7201 ; ja 0xfffc7201 +jb short loc_fffc8e6c ; jb 0xfffc8e6c +ja short loc_fffc8e6a ; ja 0xfffc8e6a mov ebx, dword [ebp - 0x138] cmp dword [ebp - 0x130], ebx -jbe short loc_fffc7203 ; jbe 0xfffc7203 +jbe short loc_fffc8e6c ; jbe 0xfffc8e6c -loc_fffc7201: ; not directly referenced +loc_fffc8e6a: ; not directly referenced xor ecx, ecx -loc_fffc7203: ; not directly referenced +loc_fffc8e6c: ; not directly referenced mov eax, dword [ebp - 0x10c] mov bl, 1 cmp dword [ebp - 0x12c], eax -ja short loc_fffc7225 ; ja 0xfffc7225 -jb short loc_fffc7223 ; jb 0xfffc7223 +ja short loc_fffc8e8e ; ja 0xfffc8e8e +jb short loc_fffc8e8c ; jb 0xfffc8e8c mov eax, dword [ebp - 0x110] cmp dword [ebp - 0x130], eax -jae short loc_fffc7225 ; jae 0xfffc7225 +jae short loc_fffc8e8e ; jae 0xfffc8e8e -loc_fffc7223: ; not directly referenced +loc_fffc8e8c: ; not directly referenced xor ebx, ebx -loc_fffc7225: ; not directly referenced +loc_fffc8e8e: ; not directly referenced test cl, bl -je short loc_fffc724f ; je 0xfffc724f +je short loc_fffc8eb8 ; je 0xfffc8eb8 mov eax, dword [ebp - 0x160] mov edx, dword [ebp - 0x15c] sub eax, dword [ebp - 0x110] sbb edx, dword [ebp - 0x10c] add eax, dword [ebp - 0x130] adc edx, dword [ebp - 0x12c] -jmp short loc_fffc72aa ; jmp 0xfffc72aa +jmp short loc_fffc8f13 ; jmp 0xfffc8f13 -loc_fffc724f: ; not directly referenced +loc_fffc8eb8: ; not directly referenced cmp dword [ebp - 0x12c], 0 -ja short loc_fffc7260 ; ja 0xfffc7260 +ja short loc_fffc8ec9 ; ja 0xfffc8ec9 cmp dword [ebp - 0x130], edx -jb short loc_fffc729e ; jb 0xfffc729e +jb short loc_fffc8f07 ; jb 0xfffc8f07 -loc_fffc7260: ; not directly referenced +loc_fffc8ec9: ; not directly referenced mov eax, dword [ebp - 0x160] mov edx, dword [ebp - 0x15c] add eax, dword [ebp - 0x138] @@ -52941,16 +55040,16 @@ adc edx, dword [ebp - 0x134] sub eax, dword [ebp - 0x110] sbb edx, dword [ebp - 0x10c] cmp dword [ebp - 0x12c], edx -ja short loc_fffc729e ; ja 0xfffc729e -jb loc_fffc826e ; jb 0xfffc826e +ja short loc_fffc8f07 ; ja 0xfffc8f07 +jb loc_fffc9ed7 ; jb 0xfffc9ed7 cmp dword [ebp - 0x130], eax -jbe loc_fffc826e ; jbe 0xfffc826e +jbe loc_fffc9ed7 ; jbe 0xfffc9ed7 -loc_fffc729e: ; not directly referenced +loc_fffc8f07: ; not directly referenced mov eax, dword [ebp - 0x130] mov edx, dword [ebp - 0x12c] -loc_fffc72aa: ; not directly referenced +loc_fffc8f13: ; not directly referenced push ecx push 6 push edx @@ -52963,7 +55062,7 @@ and ebx, 1 cmp dword [ebp - 0x144], 1 mov dword [ebp - 0x110], eax mov dword [ebp - 0x10c], edx -jne short loc_fffc72f7 ; jne 0xfffc72f7 +jne short loc_fffc8f60 ; jne 0xfffc8f60 push edx push 1 push dword [ebp - 0x14c] @@ -52973,16 +55072,16 @@ add esp, 0x10 mov dword [ebp - 0x164], eax mov dword [ebp - 0x168], edx -loc_fffc72f7: ; not directly referenced +loc_fffc8f60: ; not directly referenced test ebx, ebx -je short loc_fffc7360 ; je 0xfffc7360 +je short loc_fffc8fc9 ; je 0xfffc8fc9 cmp dword [ebp - 0x10c], edi -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc7315 ; jb 0xfffc7315 +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc8f7e ; jb 0xfffc8f7e cmp dword [ebp - 0x110], esi -jae loc_fffc826e ; jae 0xfffc826e +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffc7315: ; not directly referenced +loc_fffc8f7e: ; not directly referenced push eax mov eax, dword [ebp - 0x148] shr eax, 7 @@ -52993,29 +55092,29 @@ push 0x400000 call dword [ebp - 0x5c] ; ucall add esp, 0x10 cmp dword [ebp - 0x10c], edx -jb loc_fffc74a0 ; jb 0xfffc74a0 -ja short loc_fffc734a ; ja 0xfffc734a +jb loc_fffc9109 ; jb 0xfffc9109 +ja short loc_fffc8fb3 ; ja 0xfffc8fb3 cmp dword [ebp - 0x110], eax -jb loc_fffc74a0 ; jb 0xfffc74a0 +jb loc_fffc9109 ; jb 0xfffc9109 -loc_fffc734a: ; not directly referenced +loc_fffc8fb3: ; not directly referenced sub dword [ebp - 0x110], eax mov edi, 1 sbb dword [ebp - 0x10c], edx -jmp near loc_fffc74a2 ; jmp 0xfffc74a2 +jmp near loc_fffc910b ; jmp 0xfffc910b -loc_fffc7360: ; not directly referenced +loc_fffc8fc9: ; not directly referenced mov eax, dword [ebp - 0x168] cmp dword [ebp - 0x10c], eax -ja loc_fffc744d ; ja 0xfffc744d -jb short loc_fffc7386 ; jb 0xfffc7386 +ja loc_fffc90b6 ; ja 0xfffc90b6 +jb short loc_fffc8fef ; jb 0xfffc8fef mov eax, dword [ebp - 0x164] cmp dword [ebp - 0x110], eax -jae loc_fffc744d ; jae 0xfffc744d +jae loc_fffc90b6 ; jae 0xfffc90b6 -loc_fffc7386: ; not directly referenced +loc_fffc8fef: ; not directly referenced test dword [ebp - 0x154], 0x800000 -je loc_fffc7421 ; je 0xfffc7421 +je loc_fffc908a ; je 0xfffc908a mov eax, dword [ebp - 0x154] mov edx, 1 xor edi, edi @@ -53030,13 +55129,13 @@ or eax, edx and eax, dword [ebp - 0x110] movzx eax, ax -loc_fffc73c0: ; not directly referenced +loc_fffc9029: ; not directly referenced mov edx, eax sar edx, cl inc ecx xor edi, edx cmp ecx, 0xe -jne short loc_fffc73c0 ; jne 0xfffc73c0 +jne short loc_fffc9029 ; jne 0xfffc9029 push eax and edi, 1 push esi @@ -53066,13 +55165,13 @@ or ebx, eax or ecx, edx mov dword [ebp - 0x110], ebx mov dword [ebp - 0x10c], ecx -jmp short loc_fffc742a ; jmp 0xfffc742a +jmp short loc_fffc9093 ; jmp 0xfffc9093 -loc_fffc7421: ; not directly referenced +loc_fffc908a: ; not directly referenced mov edi, dword [ebp - 0x110] and edi, 1 -loc_fffc742a: ; not directly referenced +loc_fffc9093: ; not directly referenced push eax push 1 push dword [ebp - 0x10c] @@ -53081,33 +55180,33 @@ call dword [ebp - 0x58] ; ucall add esp, 0x10 mov dword [ebp - 0x110], eax mov dword [ebp - 0x10c], edx -jmp short loc_fffc74a2 ; jmp 0xfffc74a2 +jmp short loc_fffc910b ; jmp 0xfffc910b -loc_fffc744d: ; not directly referenced +loc_fffc90b6: ; not directly referenced cmp dword [ebp - 0x10c], edi -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc7467 ; jb 0xfffc7467 +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc90d0 ; jb 0xfffc90d0 cmp dword [ebp - 0x110], esi -jae loc_fffc826e ; jae 0xfffc826e +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffc7467: ; not directly referenced +loc_fffc90d0: ; not directly referenced cmp dword [ebp - 0x144], 1 -jne short loc_fffc7488 ; jne 0xfffc7488 +jne short loc_fffc90f1 ; jne 0xfffc90f1 mov eax, dword [ebp - 0x150] mov edx, dword [ebp - 0x14c] mov dword [ebp - 0x140], eax mov dword [ebp - 0x13c], edx -loc_fffc7488: ; not directly referenced +loc_fffc90f1: ; not directly referenced mov eax, dword [ebp - 0x140] mov edx, dword [ebp - 0x13c] sub dword [ebp - 0x110], eax sbb dword [ebp - 0x10c], edx -loc_fffc74a0: ; not directly referenced +loc_fffc9109: ; not directly referenced xor edi, edi -loc_fffc74a2: ; not directly referenced +loc_fffc910b: ; not directly referenced mov eax, dword [ebp - 0x148] movzx edi, di lea ecx, [edi + edi] @@ -53119,12 +55218,12 @@ mov ebx, dword [ebp + eax*4 - 0x104] mov dword [ebp - 0x16c], eax lea eax, [ebp - 0xc4] mov edx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 +call fcn_fffc3aea ; call 0xfffc3aea mov dword [ebp - 0x138], eax lea eax, [ebp - 0xc4] mov dword [ebp - 0x134], edx mov edx, ebx -call fcn_fffc3bda ; call 0xfffc3bda +call fcn_fffc3acf ; call 0xfffc3acf mov ecx, ebx shr ecx, 0x16 mov dword [ebp - 0x150], ecx @@ -53143,7 +55242,7 @@ or eax, edx and edi, 1 mov dword [ebp - 0x168], edi test al, 1 -je loc_fffc75fd ; je 0xfffc75fd +je loc_fffc9266 ; je 0xfffc9266 push eax push 1 push dword [ebp - 0x13c] @@ -53151,12 +55250,12 @@ push dword [ebp - 0x140] call dword [ebp - 0x5c] ; ucall add esp, 0x10 cmp dword [ebp - 0x10c], edx -ja short loc_fffc75b1 ; ja 0xfffc75b1 -jb short loc_fffc755f ; jb 0xfffc755f +ja short loc_fffc921a ; ja 0xfffc921a +jb short loc_fffc91c8 ; jb 0xfffc91c8 cmp dword [ebp - 0x110], eax -jae short loc_fffc75b1 ; jae 0xfffc75b1 +jae short loc_fffc921a ; jae 0xfffc921a -loc_fffc755f: ; not directly referenced +loc_fffc91c8: ; not directly referenced push eax push 9 push dword [ebp - 0x10c] @@ -53176,58 +55275,58 @@ and eax, 0xfffffe00 or eax, ecx mov dword [ebp - 0x110], eax mov dword [ebp - 0x10c], edx -jmp near loc_fffc766e ; jmp 0xfffc766e +jmp near loc_fffc92d7 ; jmp 0xfffc92d7 -loc_fffc75b1: ; not directly referenced +loc_fffc921a: ; not directly referenced mov eax, dword [ebp - 0x140] mov edx, dword [ebp - 0x13c] add eax, dword [ebp - 0x138] adc edx, dword [ebp - 0x134] cmp dword [ebp - 0x10c], edx -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc75e3 ; jb 0xfffc75e3 +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc924c ; jb 0xfffc924c cmp dword [ebp - 0x110], eax -jae loc_fffc826e ; jae 0xfffc826e +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffc75e3: ; not directly referenced +loc_fffc924c: ; not directly referenced mov eax, dword [ebp - 0x140] mov edx, dword [ebp - 0x13c] sub dword [ebp - 0x110], eax sbb dword [ebp - 0x10c], edx -jmp short loc_fffc766c ; jmp 0xfffc766c +jmp short loc_fffc92d5 ; jmp 0xfffc92d5 -loc_fffc75fd: ; not directly referenced +loc_fffc9266: ; not directly referenced mov eax, dword [ebp - 0x134] cmp dword [ebp - 0x10c], eax -jb short loc_fffc766c ; jb 0xfffc766c -ja short loc_fffc761b ; ja 0xfffc761b +jb short loc_fffc92d5 ; jb 0xfffc92d5 +ja short loc_fffc9284 ; ja 0xfffc9284 mov eax, dword [ebp - 0x138] cmp dword [ebp - 0x110], eax -jb short loc_fffc766c ; jb 0xfffc766c +jb short loc_fffc92d5 ; jb 0xfffc92d5 -loc_fffc761b: ; not directly referenced +loc_fffc9284: ; not directly referenced mov eax, dword [ebp - 0x140] mov edx, dword [ebp - 0x13c] add eax, dword [ebp - 0x138] adc edx, dword [ebp - 0x134] cmp dword [ebp - 0x10c], edx -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc764d ; jb 0xfffc764d +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc92b6 ; jb 0xfffc92b6 cmp dword [ebp - 0x110], eax -jae loc_fffc826e ; jae 0xfffc826e +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffc764d: ; not directly referenced +loc_fffc92b6: ; not directly referenced mov eax, dword [ebp - 0x138] mov esi, 1 mov edx, dword [ebp - 0x134] sub dword [ebp - 0x110], eax sbb dword [ebp - 0x10c], edx -jmp short loc_fffc766e ; jmp 0xfffc766e +jmp short loc_fffc92d7 ; jmp 0xfffc92d7 -loc_fffc766c: ; not directly referenced +loc_fffc92d5: ; not directly referenced xor esi, esi -loc_fffc766e: ; not directly referenced +loc_fffc92d7: ; not directly referenced mov eax, dword [ebp - 0x148] shr eax, 0xa mov dword [ebp - 0x154], eax @@ -53238,7 +55337,7 @@ mov word [ebp - 0x118], ax and dword [ebp - 0x154], 1 xor word [ebp - 0x118], si test si, si -je short loc_fffc76d9 ; je 0xfffc76d9 +je short loc_fffc9342 ; je 0xfffc9342 mov edx, dword [ebp - 0x148] mov eax, ebx mov ecx, ebx @@ -53247,12 +55346,12 @@ mov edi, dword [ebp - 0x140] mov dword [ebp - 0x138], eax lea eax, [ebp - 0xc4] and dword [ebp - 0x138], 1 -call fcn_fffb8408 ; call 0xfffb8408 +call fcn_fffb8ec5 ; call 0xfffb8ec5 test ebx, 0x100000 mov word [ebp - 0x116], ax -jmp short loc_fffc7711 ; jmp 0xfffc7711 +jmp short loc_fffc937a ; jmp 0xfffc937a -loc_fffc76d9: ; not directly referenced +loc_fffc9342: ; not directly referenced mov edx, dword [ebp - 0x148] mov eax, ebx mov ecx, ebx @@ -53261,37 +55360,37 @@ mov edi, dword [ebp - 0x138] mov dword [ebp - 0x138], eax lea eax, [ebp - 0xc4] and dword [ebp - 0x138], 1 -call fcn_fffb8396 ; call 0xfffb8396 +call fcn_fffb8f37 ; call 0xfffb8f37 test ebx, 0x80000 mov word [ebp - 0x116], ax -loc_fffc7711: ; not directly referenced -je short loc_fffc771a ; je 0xfffc771a +loc_fffc937a: ; not directly referenced +je short loc_fffc9383 ; je 0xfffc9383 mov esi, 0x10 -jmp short loc_fffc7729 ; jmp 0xfffc7729 +jmp short loc_fffc9392 ; jmp 0xfffc9392 -loc_fffc771a: ; not directly referenced +loc_fffc9383: ; not directly referenced cmp dword [ebp - 0x154], 1 sbb esi, esi and esi, 0xffffffe8 add esi, 0x20 -loc_fffc7729: ; not directly referenced +loc_fffc9392: ; not directly referenced mov eax, dword [ebp - 0x148] shr eax, 0xb mov dword [ebp - 0x140], eax and dword [ebp - 0x140], 1 cmp dword [ebp - 0x144], 1 -jne short loc_fffc7762 ; jne 0xfffc7762 +jne short loc_fffc93cb ; jne 0xfffc93cb mov eax, dword [ebp - 0x110] mov edx, eax shr dx, 1 cmp dword [ebp - 0x140], 0 cmovne eax, edx shl eax, 3 -jmp short loc_fffc779a ; jmp 0xfffc779a +jmp short loc_fffc9403 ; jmp 0xfffc9403 -loc_fffc7762: ; not directly referenced +loc_fffc93cb: ; not directly referenced push eax push 3 push dword [ebp - 0x10c] @@ -53307,7 +55406,7 @@ add esp, 0x10 and eax, 7 or eax, dword [ebp - 0x160] -loc_fffc779a: ; not directly referenced +loc_fffc9403: ; not directly referenced mov cl, byte [ebp - 0x116] mov edx, 1 shl edx, cl @@ -53317,7 +55416,7 @@ and word [ebp - 0x160], ax mov eax, dword [ebp - 0x160] cmp dword [ebp - 0x140], 0 mov word [ebp - 0x156], ax -je loc_fffc7cd6 ; je 0xfffc7cd6 +je loc_fffc993f ; je 0xfffc993f push ecx push 8 push dword [ebp - 0x10c] @@ -53340,11 +55439,11 @@ or word [ebp - 0x114], ax mov al, byte [ebp - 0x168] test byte [ebp - 0x138], al mov eax, dword [ebp - 0x58] -je loc_fffc7a04 ; je 0xfffc7a04 +je loc_fffc966d ; je 0xfffc966d shr ebx, 0x1b and ebx, 7 cmp si, 8 -jne loc_fffc794a ; jne 0xfffc794a +jne loc_fffc95b3 ; jne 0xfffc95b3 push edx push 7 push dword [ebp - 0x10c] @@ -53355,11 +55454,11 @@ mov esi, eax and esi, 8 or esi, dword [ebp - 0x114] cmp dword [ebp - 0x150], 0 -jne short loc_fffc786f ; jne 0xfffc786f +jne short loc_fffc94d8 ; jne 0xfffc94d8 mov word [ebp - 0x114], si -jmp short loc_fffc78dd ; jmp 0xfffc78dd +jmp short loc_fffc9546 ; jmp 0xfffc9546 -loc_fffc786f: ; not directly referenced +loc_fffc94d8: ; not directly referenced push eax push 0xc push dword [ebp - 0x10c] @@ -53386,7 +55485,7 @@ add esp, 0x10 and eax, 8 xor word [ebp - 0x114], ax -loc_fffc78dd: ; not directly referenced +loc_fffc9546: ; not directly referenced lea eax, [ebx + 0xf] movzx ebx, bx push ecx @@ -53416,11 +55515,11 @@ mov word [ebp - 0x128], si shr eax, 0xc and word [ebp - 0x128], cx or word [ebp - 0x128], dx -jmp near loc_fffc79f4 ; jmp 0xfffc79f4 +jmp near loc_fffc965d ; jmp 0xfffc965d -loc_fffc794a: ; not directly referenced +loc_fffc95b3: ; not directly referenced cmp dword [ebp - 0x150], 0 -je short loc_fffc798c ; je 0xfffc798c +je short loc_fffc95f5 ; je 0xfffc95f5 push edx push 0xb push dword [ebp - 0x10c] @@ -53438,7 +55537,7 @@ and eax, 4 xor esi, eax xor word [ebp - 0x114], si -loc_fffc798c: ; not directly referenced +loc_fffc95f5: ; not directly referenced lea eax, [ebx + 0xe] movzx ebx, bx push esi @@ -53469,20 +55568,20 @@ shr eax, 0xb and word [ebp - 0x128], cx or word [ebp - 0x128], dx -loc_fffc79f4: ; not directly referenced +loc_fffc965d: ; not directly referenced dec eax -loc_fffc79f5: ; not directly referenced +loc_fffc965e: ; not directly referenced and word [ebp - 0x128], ax -loc_fffc79fc: ; not directly referenced +loc_fffc9665: ; not directly referenced add esp, 0x10 -jmp near loc_fffc8107 ; jmp 0xfffc8107 +jmp near loc_fffc9d70 ; jmp 0xfffc9d70 -loc_fffc7a04: ; not directly referenced +loc_fffc966d: ; not directly referenced mov cl, byte [ebp - 0x164] test byte [ebp - 0x138], cl -je loc_fffc7b71 ; je 0xfffc7b71 +je loc_fffc97da ; je 0xfffc97da push ecx push 0xa push dword [ebp - 0x10c] @@ -53493,7 +55592,7 @@ and eax, 1 cmp si, 8 mov word [ebp - 0x116], ax mov eax, dword [ebp - 0x58] -jne loc_fffc7aed ; jne 0xfffc7aed +jne loc_fffc9756 ; jne 0xfffc9756 push edx push 8 push dword [ebp - 0x10c] @@ -53503,7 +55602,7 @@ add esp, 0x10 and eax, 8 or word [ebp - 0x114], ax cmp dword [ebp - 0x150], 0 -je short loc_fffc7ad6 ; je 0xfffc7ad6 +je short loc_fffc973f ; je 0xfffc973f push eax push 0xd push dword [ebp - 0x10c] @@ -53537,18 +55636,18 @@ add esp, 0x10 and eax, 1 xor word [ebp - 0x116], ax -loc_fffc7ad6: ; not directly referenced +loc_fffc973f: ; not directly referenced push esi push 0xc push dword [ebp - 0x10c] push dword [ebp - 0x110] call dword [ebp - 0x58] ; ucall shr edi, 0xc -jmp short loc_fffc7b62 ; jmp 0xfffc7b62 +jmp short loc_fffc97cb ; jmp 0xfffc97cb -loc_fffc7aed: ; not directly referenced +loc_fffc9756: ; not directly referenced cmp dword [ebp - 0x150], 0 -je short loc_fffc7b4d ; je 0xfffc7b4d +je short loc_fffc97b6 ; je 0xfffc97b6 push ebx push 0xc push dword [ebp - 0x10c] @@ -53573,7 +55672,7 @@ add esp, 0x10 and eax, 1 xor word [ebp - 0x116], ax -loc_fffc7b4d: ; not directly referenced +loc_fffc97b6: ; not directly referenced push ecx push 0xb push dword [ebp - 0x10c] @@ -53581,12 +55680,12 @@ push dword [ebp - 0x110] call dword [ebp - 0x58] ; ucall shr edi, 0xb -loc_fffc7b62: ; not directly referenced +loc_fffc97cb: ; not directly referenced lea edi, [edi - 1] mov word [ebp - 0x128], di -jmp near loc_fffc79f5 ; jmp 0xfffc79f5 +jmp near loc_fffc965e ; jmp 0xfffc965e -loc_fffc7b71: ; not directly referenced +loc_fffc97da: ; not directly referenced mov edx, edi shr edx, 1 test dword [ebp - 0x110], edx @@ -53595,7 +55694,7 @@ mov ecx, edx and ecx, dword [ebp - 0x138] mov word [ebp - 0x116], cx cmp si, 8 -jne loc_fffc7c68 ; jne 0xfffc7c68 +jne loc_fffc98d1 ; jne 0xfffc98d1 push edx push 7 push dword [ebp - 0x10c] @@ -53606,11 +55705,11 @@ mov ebx, eax and ebx, 8 or ebx, dword [ebp - 0x114] cmp dword [ebp - 0x150], 0 -jne short loc_fffc7bc8 ; jne 0xfffc7bc8 +jne short loc_fffc9831 ; jne 0xfffc9831 mov word [ebp - 0x114], bx -jmp short loc_fffc7c2c ; jmp 0xfffc7c2c +jmp short loc_fffc9895 ; jmp 0xfffc9895 -loc_fffc7bc8: ; not directly referenced +loc_fffc9831: ; not directly referenced push eax push 0xc push dword [ebp - 0x10c] @@ -53636,7 +55735,7 @@ add esp, 0x10 and eax, 8 xor word [ebp - 0x114], ax -loc_fffc7c2c: ; not directly referenced +loc_fffc9895: ; not directly referenced push esi push 0xb push dword [ebp - 0x10c] @@ -53654,11 +55753,11 @@ call dword [ebp - 0x58] ; ucall dec eax mov word [ebp - 0x128], ax and word [ebp - 0x128], bx -jmp near loc_fffc79fc ; jmp 0xfffc79fc +jmp near loc_fffc9665 ; jmp 0xfffc9665 -loc_fffc7c68: ; not directly referenced +loc_fffc98d1: ; not directly referenced cmp dword [ebp - 0x150], 0 -je short loc_fffc7caa ; je 0xfffc7caa +je short loc_fffc9913 ; je 0xfffc9913 push ebx push 0xb push dword [ebp - 0x10c] @@ -53676,7 +55775,7 @@ and eax, 4 xor ebx, eax xor word [ebp - 0x114], bx -loc_fffc7caa: ; not directly referenced +loc_fffc9913: ; not directly referenced push ecx push 0xa push dword [ebp - 0x10c] @@ -53687,11 +55786,11 @@ add ecx, 0xa shr edi, cl lea esi, [edi - 1] mov word [ebp - 0x128], si -jmp near loc_fffc79f5 ; jmp 0xfffc79f5 +jmp near loc_fffc965e ; jmp 0xfffc965e -loc_fffc7cd6: ; not directly referenced +loc_fffc993f: ; not directly referenced cmp word [ebp - 0x116], 9 -jne short loc_fffc7d0d ; jne 0xfffc7d0d +jne short loc_fffc9976 ; jne 0xfffc9976 push edx push 1 push dword [ebp - 0x10c] @@ -53703,11 +55802,11 @@ dec ecx mov dword [ebp - 0x110], eax lea eax, [edi + edi] mov dword [ebp - 0x10c], edx -jmp short loc_fffc7d43 ; jmp 0xfffc7d43 +jmp short loc_fffc99ac ; jmp 0xfffc99ac -loc_fffc7d0d: ; not directly referenced +loc_fffc9976: ; not directly referenced cmp word [ebp - 0x116], 0xb -jne short loc_fffc7d46 ; jne 0xfffc7d46 +jne short loc_fffc99af ; jne 0xfffc99af push eax push 1 push dword [ebp - 0x10c] @@ -53720,13 +55819,13 @@ shr eax, 1 cmp dword [ebp - 0x144], 1 mov dword [ebp - 0x10c], edx -loc_fffc7d43: ; not directly referenced +loc_fffc99ac: ; not directly referenced cmove edi, eax -loc_fffc7d46: ; not directly referenced +loc_fffc99af: ; not directly referenced mov al, byte [ebp - 0x168] test byte [ebp - 0x138], al -je loc_fffc7e1d ; je 0xfffc7e1d +je loc_fffc9a86 ; je 0xfffc9a86 shr ebx, 0x1b and ebx, 7 push eax @@ -53747,7 +55846,7 @@ add esp, 0x10 and eax, 7 cmp dword [ebp - 0x150], 0 mov word [ebp - 0x114], ax -je short loc_fffc7dc8 ; je 0xfffc7dc8 +je short loc_fffc9a31 ; je 0xfffc9a31 push eax push 0xa push dword [ebp - 0x10c] @@ -53757,7 +55856,7 @@ add esp, 0x10 and eax, 7 xor word [ebp - 0x114], ax -loc_fffc7dc8: ; not directly referenced +loc_fffc9a31: ; not directly referenced push eax movzx ebx, bx push 0xa @@ -53783,14 +55882,14 @@ shr eax, cl dec eax mov word [ebp - 0x128], ax and word [ebp - 0x128], dx -jmp near loc_fffc8107 ; jmp 0xfffc8107 +jmp near loc_fffc9d70 ; jmp 0xfffc9d70 -loc_fffc7e1d: ; not directly referenced +loc_fffc9a86: ; not directly referenced mov al, byte [ebp - 0x164] test byte [ebp - 0x138], al -je loc_fffc7ef8 ; je 0xfffc7ef8 +je loc_fffc9b61 ; je 0xfffc9b61 cmp dword [ebp - 0x150], 0 -je short loc_fffc7e62 ; je 0xfffc7e62 +je short loc_fffc9acb ; je 0xfffc9acb mov esi, dword [ebp - 0x10c] mov ebx, dword [ebp - 0x110] push eax @@ -53804,7 +55903,7 @@ and eax, 0x780 xor eax, ebx mov dword [ebp - 0x110], eax -loc_fffc7e62: ; not directly referenced +loc_fffc9acb: ; not directly referenced mov esi, dword [ebp - 0x10c] mov ebx, dword [ebp - 0x110] push eax @@ -53843,11 +55942,11 @@ shr edi, cl lea edi, [edi - 1] mov word [ebp - 0x128], di and word [ebp - 0x128], ax -jmp near loc_fffc8107 ; jmp 0xfffc8107 +jmp near loc_fffc9d70 ; jmp 0xfffc9d70 -loc_fffc7ef8: ; not directly referenced +loc_fffc9b61: ; not directly referenced cmp dword [ebp - 0x144], 1 -jne loc_fffc7f9a ; jne 0xfffc7f9a +jne loc_fffc9c03 ; jne 0xfffc9c03 mov ecx, dword [ebp - 0x110] mov eax, edi shr eax, 1 @@ -53865,7 +55964,7 @@ add esp, 0x10 and eax, 7 cmp dword [ebp - 0x150], 0 mov word [ebp - 0x114], ax -je short loc_fffc7f64 ; je 0xfffc7f64 +je short loc_fffc9bcd ; je 0xfffc9bcd push ebx push 0xa push dword [ebp - 0x10c] @@ -53875,7 +55974,7 @@ add esp, 0x10 and eax, 7 xor word [ebp - 0x114], ax -loc_fffc7f64: ; not directly referenced +loc_fffc9bcd: ; not directly referenced push ecx push 0xa push dword [ebp - 0x10c] @@ -53888,72 +55987,72 @@ shr edi, cl lea esi, [edi - 1] mov word [ebp - 0x128], si and word [ebp - 0x128], ax -jmp near loc_fffc8114 ; jmp 0xfffc8114 +jmp near loc_fffc9d7d ; jmp 0xfffc9d7d -loc_fffc7f9a: ; not directly referenced +loc_fffc9c03: ; not directly referenced cmp dword [ebp - 0x138], 0 -je loc_fffc8089 ; je 0xfffc8089 +je loc_fffc9cf2 ; je 0xfffc9cf2 mov al, byte [ebp - 0x154] and eax, 1 cmp word [ebp - 0x116], 0xb sete dl test dl, al -je short loc_fffc7fdf ; je 0xfffc7fdf +je short loc_fffc9c48 ; je 0xfffc9c48 cmp edi, 0x4000000 -je short loc_fffc7fda ; je 0xfffc7fda +je short loc_fffc9c43 ; je 0xfffc9c43 cmp edi, 0x8000000 -jne loc_fffc8257 ; jne 0xfffc8257 +jne loc_fffc9ec0 ; jne 0xfffc9ec0 mov edi, 0x4000000 -jmp short loc_fffc7fdf ; jmp 0xfffc7fdf +jmp short loc_fffc9c48 ; jmp 0xfffc9c48 -loc_fffc7fda: ; not directly referenced +loc_fffc9c43: ; not directly referenced mov edi, 0x2000000 -loc_fffc7fdf: ; not directly referenced +loc_fffc9c48: ; not directly referenced cmp word [ebp - 0x116], 9 sete dl test dl, al -je short loc_fffc7ffb ; je 0xfffc7ffb +je short loc_fffc9c64 ; je 0xfffc9c64 cmp edi, 0x1000000 -je short loc_fffc805d ; je 0xfffc805d -jmp near loc_fffc8257 ; jmp 0xfffc8257 +je short loc_fffc9cc6 ; je 0xfffc9cc6 +jmp near loc_fffc9ec0 ; jmp 0xfffc9ec0 -loc_fffc7ffb: ; not directly referenced +loc_fffc9c64: ; not directly referenced cmp edi, 0x2000000 -je short loc_fffc805d ; je 0xfffc805d -ja short loc_fffc8025 ; ja 0xfffc8025 +je short loc_fffc9cc6 ; je 0xfffc9cc6 +ja short loc_fffc9c8e ; ja 0xfffc9c8e cmp edi, 0x800000 -je short loc_fffc8045 ; je 0xfffc8045 +je short loc_fffc9cae ; je 0xfffc9cae cmp edi, 0x1000000 -jne loc_fffc8257 ; jne 0xfffc8257 +jne loc_fffc9ec0 ; jne 0xfffc9ec0 mov eax, 0x17 mov esi, 0x7ffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 -loc_fffc8025: ; not directly referenced +loc_fffc9c8e: ; not directly referenced cmp edi, 0x4000000 -je short loc_fffc8051 ; je 0xfffc8051 +je short loc_fffc9cba ; je 0xfffc9cba cmp edi, 0x8000000 -jne loc_fffc8257 ; jne 0xfffc8257 +jne loc_fffc9ec0 ; jne 0xfffc9ec0 mov eax, 0x1a mov esi, 0x3fffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 -loc_fffc8045: ; not directly referenced +loc_fffc9cae: ; not directly referenced mov eax, 0x16 mov esi, 0x3ffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 -loc_fffc8051: ; not directly referenced +loc_fffc9cba: ; not directly referenced mov eax, 0x19 mov esi, 0x1fffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 -loc_fffc805d: ; not directly referenced +loc_fffc9cc6: ; not directly referenced mov eax, 0x18 mov esi, 0xfffc00 -loc_fffc8067: ; not directly referenced +loc_fffc9cd0: ; not directly referenced push edx xor ebx, ebx push eax @@ -53963,14 +56062,14 @@ call dword [ebp - 0x58] ; ucall add esp, 0x10 and eax, 1 mov word [ebp - 0x116], ax -jmp short loc_fffc809a ; jmp 0xfffc809a +jmp short loc_fffc9d03 ; jmp 0xfffc9d03 -loc_fffc8089: ; not directly referenced +loc_fffc9cf2: ; not directly referenced mov word [ebp - 0x116], 0 mov esi, 0xfffffc00 or ebx, 0xffffffff -loc_fffc809a: ; not directly referenced +loc_fffc9d03: ; not directly referenced push eax push 7 push dword [ebp - 0x10c] @@ -53980,7 +56079,7 @@ add esp, 0x10 and eax, 7 cmp dword [ebp - 0x150], 0 mov word [ebp - 0x114], ax -je short loc_fffc80e1 ; je 0xfffc80e1 +je short loc_fffc9d4a ; je 0xfffc9d4a push edi push 0xa push dword [ebp - 0x10c] @@ -53990,7 +56089,7 @@ add esp, 0x10 and eax, 7 xor word [ebp - 0x114], ax -loc_fffc80e1: ; not directly referenced +loc_fffc9d4a: ; not directly referenced mov edi, dword [ebp - 0x10c] mov ecx, esi mov esi, dword [ebp - 0x110] @@ -54002,18 +56101,18 @@ push edi push ecx call dword [ebp - 0x58] ; ucall mov word [ebp - 0x128], ax -jmp near loc_fffc8252 ; jmp 0xfffc8252 +jmp near loc_fffc9ebb ; jmp 0xfffc9ebb -loc_fffc8107: ; not directly referenced +loc_fffc9d70: ; not directly referenced cmp dword [ebp - 0x144], 1 -jne loc_fffc8262 ; jne 0xfffc8262 +jne loc_fffc9ecb ; jne 0xfffc9ecb -loc_fffc8114: ; not directly referenced +loc_fffc9d7d: ; not directly referenced movzx esi, word [ebp - 0x116] xor ebx, ebx movzx edi, word [ebp - 0x118] -loc_fffc8124: ; not directly referenced +loc_fffc9d8d: ; not directly referenced push ecx push 0x3f push dword [ebp + ebx*2 - 0xe4] @@ -54021,7 +56120,7 @@ push dword [ebp + ebx*2 - 0xe8] call dword [ebp - 0x58] ; ucall add esp, 0x10 test al, 1 -je short loc_fffc8181 ; je 0xfffc8181 +je short loc_fffc9dea ; je 0xfffc9dea sub esp, 0xc movzx eax, word [ebp - 0x160] mov ecx, esi @@ -54034,18 +56133,18 @@ push eax movzx eax, word [ebp - 0x114] push eax mov eax, dword [ebp - 0x16c] -call fcn_fffc455b ; call 0xfffc455b +call fcn_fffce2bd ; call 0xfffce2bd add esp, 0x20 test eax, eax -jne loc_fffc826e ; jne 0xfffc826e +jne loc_fffc9ed7 ; jne 0xfffc9ed7 -loc_fffc8181: ; not directly referenced +loc_fffc9dea: ; not directly referenced add ebx, 4 cmp ebx, 0x10 -jne short loc_fffc8124 ; jne 0xfffc8124 +jne short loc_fffc9d8d ; jne 0xfffc9d8d xor bl, bl -loc_fffc818b: ; not directly referenced +loc_fffc9df4: ; not directly referenced push edx mov ecx, dword [ebp - 0x12c] push dword [ebp + ebx*8 - 0xe4] @@ -54053,10 +56152,10 @@ push dword [ebp + ebx*8 - 0xe8] mov edx, dword [ebp - 0x130] lea eax, [ebp - 0xc4] push 0 -call fcn_fffb726f ; call 0xfffb726f +call fcn_fffb6511 ; call 0xfffb6511 add esp, 0x10 test eax, eax -je short loc_fffc822c ; je 0xfffc822c +je short loc_fffc9e95 ; je 0xfffc9e95 mov eax, dword [ebp + ebx*4 - 0xf8] mov edx, eax shr edx, 0x1d @@ -54066,7 +56165,7 @@ and esi, 1 shr edx, 0xc cmp dword [ebp - 0x140], 0 mov word [ebp - 0x158], si -jne loc_fffc82c1 ; jne 0xfffc82c1 +jne loc_fffc9f2a ; jne 0xfffc9f2a mov edi, edx mov edx, eax and edi, 1 @@ -54081,21 +56180,21 @@ mov esi, edi and esi, 7 mov word [ebp - 0x114], si -loc_fffc8212: ; not directly referenced +loc_fffc9e7b: ; not directly referenced mov edi, eax movzx eax, al shr edi, 0xd shl eax, 3 mov dword [ebp - 0x128], edi mov word [ebp - 0x156], ax -jmp short loc_fffc8236 ; jmp 0xfffc8236 +jmp short loc_fffc9e9f ; jmp 0xfffc9e9f -loc_fffc822c: ; not directly referenced +loc_fffc9e95: ; not directly referenced inc ebx cmp ebx, 4 -jne loc_fffc818b ; jne 0xfffc818b +jne loc_fffc9df4 ; jne 0xfffc9df4 -loc_fffc8236: ; not directly referenced +loc_fffc9e9f: ; not directly referenced push eax push 3 push dword [ebp - 0x12c] @@ -54104,22 +56203,22 @@ call dword [ebp - 0x58] ; ucall and eax, 7 or word [ebp - 0x156], ax -loc_fffc8252: ; not directly referenced +loc_fffc9ebb: ; not directly referenced add esp, 0x10 -jmp short loc_fffc8262 ; jmp 0xfffc8262 +jmp short loc_fffc9ecb ; jmp 0xfffc9ecb -loc_fffc8257: ; not directly referenced +loc_fffc9ec0: ; not directly referenced mov word [ebp - 0x116], 0 -jmp short loc_fffc8278 ; jmp 0xfffc8278 +jmp short loc_fffc9ee1 ; jmp 0xfffc9ee1 -loc_fffc8262: ; not directly referenced +loc_fffc9ecb: ; not directly referenced mov dword [ebp - 0x140], 1 -jmp short loc_fffc8278 ; jmp 0xfffc8278 +jmp short loc_fffc9ee1 ; jmp 0xfffc9ee1 -loc_fffc826e: ; not directly referenced +loc_fffc9ed7: ; not directly referenced mov dword [ebp - 0x140], 0 -loc_fffc8278: ; not directly referenced +loc_fffc9ee1: ; not directly referenced mov eax, dword [ebp + 0x10] mov ecx, dword [ebp - 0x128] mov si, word [ebp - 0x156] @@ -54136,9 +56235,9 @@ mov byte [edi + 3], al mov al, byte [ebp - 0x114] mov byte [edi + 4], al mov al, byte [ebp - 0x140] -jmp short loc_fffc82ec ; jmp 0xfffc82ec +jmp short loc_fffc9f55 ; jmp 0xfffc9f55 -loc_fffc82c1: ; not directly referenced +loc_fffc9f2a: ; not directly referenced mov esi, edx mov edi, eax and esi, 1 @@ -54148,9 +56247,9 @@ mov esi, edi and esi, 0xf mov word [ebp - 0x114], si mov word [ebp - 0x118], 0 -jmp near loc_fffc8212 ; jmp 0xfffc8212 +jmp near loc_fffc9e7b ; jmp 0xfffc9e7b -loc_fffc82ec: ; not directly referenced +loc_fffc9f55: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -54158,7 +56257,7 @@ pop edi pop ebp ret -fcn_fffc82f4: ; not directly referenced +fcn_fffc9f5d: ; not directly referenced push ebp mov ebp, esp push edi @@ -54166,94 +56265,94 @@ push esi push ebx sub esp, 0x4c mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] -call fcn_fffa6828 ; call 0xfffa6828 +call fcn_fffa67d6 ; call 0xfffa67d6 mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] mov ecx, 0xf mov edx, 0x4d94 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne loc_fffc849f ; jne 0xfffc849f +cmp dword [eax + 0x2481], 3 +jne loc_fffca108 ; jne 0xfffca108 mov ecx, 0xf mov edx, 0x4d90 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x5030 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x5030 or eax, 0x400000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffc839d ; jne 0xfffc839d -movzx ecx, byte [eax + 0x47e8] +cmp dword [eax + 0x3757], 2 +jne short loc_fffca006 ; jne 0xfffca006 +movzx ecx, byte [eax + 0x47e9] mov edx, 0x4192 -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc839d: ; not directly referenced +loc_fffca006: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffc83ba ; jne 0xfffc83ba -movzx ecx, byte [eax + 0x5bab] +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffca023 ; jne 0xfffca023 +movzx ecx, byte [eax + 0x5bac] mov edx, 0x4592 -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc83ba: ; not directly referenced +loc_fffca023: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0xbb8 xor ebx, ebx -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] -lea edi, [eax + 0x3756] +lea edi, [eax + 0x3757] -loc_fffc83d2: ; not directly referenced +loc_fffca03b: ; not directly referenced cmp dword [edi], 2 -je short loc_fffc83f4 ; je 0xfffc83f4 +je short loc_fffca05d ; je 0xfffca05d -loc_fffc83d7: ; not directly referenced +loc_fffca040: ; not directly referenced inc ebx add edi, 0x13c3 cmp ebx, 2 -jne short loc_fffc83d2 ; jne 0xfffc83d2 +jne short loc_fffca03b ; jne 0xfffca03b mov eax, dword [ebp + 8] mov edx, 0x96 xor esi, esi -call fcn_fffa834b ; call 0xfffa834b -jmp short loc_fffc8471 ; jmp 0xfffc8471 +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp short loc_fffca0da ; jmp 0xfffca0da -loc_fffc83f4: ; not directly referenced +loc_fffca05d: ; not directly referenced mov dword [ebp - 0x30], 0 -loc_fffc83fb: ; not directly referenced +loc_fffca064: ; not directly referenced mov cl, byte [ebp - 0x30] mov eax, 1 shl eax, cl test byte [edi + 0xc4], al -jne short loc_fffc8418 ; jne 0xfffc8418 +jne short loc_fffca081 ; jne 0xfffca081 -loc_fffc840d: ; not directly referenced +loc_fffca076: ; not directly referenced inc dword [ebp - 0x30] cmp dword [ebp - 0x30], 4 -jne short loc_fffc83fb ; jne 0xfffc83fb -jmp short loc_fffc83d7 ; jmp 0xfffc83d7 +jne short loc_fffca064 ; jne 0xfffca064 +jmp short loc_fffca040 ; jmp 0xfffca040 -loc_fffc8418: ; not directly referenced +loc_fffca081: ; not directly referenced mov esi, dword [ebp + 8] -cmp byte [esi + 0x247c], 0 -je short loc_fffc8451 ; je 0xfffc8451 +cmp byte [esi + 0x247d], 0 +je short loc_fffca0ba ; je 0xfffca0ba push 0 mov ecx, eax mov eax, dword [ebp + 8] @@ -54263,13 +56362,13 @@ push esi push 0 push 7 mov dword [ebp - 0x24], 0x8600 -call fcn_fffafb06 ; call 0xfffafb06 +call fcn_fffa947f ; call 0xfffa947f mov eax, dword [ebp + 8] mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 add esp, 0x10 -loc_fffc8451: ; not directly referenced +loc_fffca0ba: ; not directly referenced mov eax, dword [ebp + 8] mov edx, ebx push ecx @@ -54277,33 +56376,33 @@ mov ecx, dword [ebp - 0x30] push 1 push 0xfc push 0x3f -call fcn_fffaa505 ; call 0xfffaa505 +call fcn_fffacb43 ; call 0xfffacb43 add esp, 0x10 mov esi, eax test eax, eax -je short loc_fffc840d ; je 0xfffc840d +je short loc_fffca076 ; je 0xfffca076 -loc_fffc8471: ; not directly referenced +loc_fffca0da: ; not directly referenced mov eax, dword [ebp + 8] -cmp byte [eax + 0x247c], 0 -je short loc_fffc848b ; je 0xfffc848b +cmp byte [eax + 0x247d], 0 +je short loc_fffca0f4 ; je 0xfffca0f4 sub esp, 0xc push eax -call fcn_fffb1d2f ; call 0xfffb1d2f +call fcn_fffae06f ; call 0xfffae06f add esp, 0x10 mov esi, eax -loc_fffc848b: ; not directly referenced +loc_fffca0f4: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x4d94 -call fcn_fffaeb7c ; call 0xfffaeb7c -jmp near loc_fffc9120 ; jmp 0xfffc9120 +call fcn_fffb38b3 ; call 0xfffb38b3 +jmp near loc_fffcad89 ; jmp 0xfffcad89 -loc_fffc849f: ; not directly referenced +loc_fffca108: ; not directly referenced mov eax, dword [ebp + 8] mov edx, dword [eax + 0x1887] -mov esi, dword [eax + 0x2443] +mov esi, dword [eax + 0x2444] cmp edx, 0x306d0 sete al cmp edx, 0x40650 @@ -54327,7 +56426,7 @@ add esp, 0x10 mov dword [ebp - 0x30], eax and dword [ebp - 0x30], 0xfffffffe test edi, edi -je short loc_fffc851b ; je 0xfffc851b +je short loc_fffca184 ; je 0xfffca184 mov eax, dword [ebp - 0x30] sub esp, 0xc lea edi, [eax + 0x333c] @@ -54342,18 +56441,18 @@ push edi call dword [esi + 0x30] ; ucall add esp, 0x10 -loc_fffc851b: ; not directly referenced +loc_fffca184: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0x102 mov edx, 0x5030 mov edi, 0x102 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, 0xf mov edx, 0x4d90 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x34], 0 -je short loc_fffc8564 ; je 0xfffc8564 +je short loc_fffca1cd ; je 0xfffca1cd push eax and ebx, 0xfbffffff push eax @@ -54363,31 +56462,31 @@ add eax, 0x333c push eax call dword [esi + 0x30] ; ucall add esp, 0x10 -jmp short loc_fffc8585 ; jmp 0xfffc8585 +jmp short loc_fffca1ee ; jmp 0xfffca1ee -loc_fffc8564: ; not directly referenced +loc_fffca1cd: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x5030 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x5030 mov edi, eax mov eax, dword [ebp + 8] and edi, 0xfffffffd mov ecx, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc8585: ; not directly referenced +loc_fffca1ee: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0xc8 mov ecx, dword [ebp + 8] mov eax, dword [eax + 0x18a7] -mov ecx, dword [ecx + eax*4 + 0x3735] +mov ecx, dword [ecx + eax*4 + 0x3736] test ecx, ecx -je loc_fffc8636 ; je 0xfffc8636 +je loc_fffca29f ; je 0xfffca29f mov eax, dword [ebp + 8] -cmp byte [eax + 0x2479], 0 -jne loc_fffc8636 ; jne 0xfffc8636 -mov edx, dword [eax + 0x2443] +cmp byte [eax + 0x247a], 0 +jne loc_fffca29f ; jne 0xfffca29f +mov edx, dword [eax + 0x2444] mov dword [ebp - 0x3c], ecx push ecx movzx eax, byte [eax + 0x187f] @@ -54402,7 +56501,7 @@ call dword [edx + 0x88] ; ucall mov ecx, dword [ebp - 0x3c] add esp, 0x10 cmp ecx, eax -je short loc_fffc861a ; je 0xfffc861a +je short loc_fffca283 ; je 0xfffca283 mov eax, dword [ebp + 8] push ecx mov edx, dword [ebp - 0x38] @@ -54416,20 +56515,20 @@ push dword [eax + 0x18c1] call dword [edx + 0x8c] ; ucall add esp, 0x10 -loc_fffc861a: ; not directly referenced +loc_fffca283: ; not directly referenced mov eax, dword [ebp + 8] mov eax, dword [eax + 0x18ee] mov dword [ebp - 0x38], eax lea edx, [eax + 0xc8] mov eax, dword [ebp + 8] -mov byte [eax + 0x2479], 1 +mov byte [eax + 0x247a], 1 -loc_fffc8636: ; not directly referenced +loc_fffca29f: ; not directly referenced imul edx, edx, 0xf mov eax, dword [ebp + 8] -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 cmp dword [ebp - 0x34], 0 -je short loc_fffc8661 ; je 0xfffc8661 +je short loc_fffca2ca ; je 0xfffca2ca push eax or ebx, 0x4000000 push eax @@ -54439,58 +56538,58 @@ add eax, 0x333c push eax call dword [esi + 0x30] ; ucall add esp, 0x10 -jmp short loc_fffc8673 ; jmp 0xfffc8673 +jmp short loc_fffca2dc ; jmp 0xfffca2dc -loc_fffc8661: ; not directly referenced +loc_fffca2ca: ; not directly referenced mov eax, dword [ebp + 8] or edi, 2 mov edx, 0x5030 mov ecx, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc8673: ; not directly referenced +loc_fffca2dc: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x1d4c or edi, 0x400000 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] mov ecx, edi mov edx, 0x5030 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffc86bf ; jne 0xfffc86bf -movzx ecx, byte [eax + 0x381a] +cmp dword [eax + 0x3757], 2 +jne short loc_fffca328 ; jne 0xfffca328 +movzx ecx, byte [eax + 0x381b] mov edx, 0x4192 -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc86bf: ; not directly referenced +loc_fffca328: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffc86dc ; jne 0xfffc86dc -movzx ecx, byte [eax + 0x4bdd] +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffca345 ; jne 0xfffca345 +movzx ecx, byte [eax + 0x4bde] mov edx, 0x4592 -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc86dc: ; not directly referenced +loc_fffca345: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 -jne loc_fffc8ce3 ; jne 0xfffc8ce3 -mov edi, dword [eax + 0x36d7] +cmp dword [eax + 0x2481], 2 +jne loc_fffca94c ; jne 0xfffca94c +mov edi, dword [eax + 0x36d8] xor eax, eax cmp edi, 0x640 -jbe short loc_fffc8714 ; jbe 0xfffc8714 +jbe short loc_fffca37d ; jbe 0xfffca37d cmp edi, 0x961 sbb eax, eax add eax, 2 -loc_fffc8714: ; not directly referenced +loc_fffca37d: ; not directly referenced mov esi, dword [ebp + 8] cmp al, 3 mov bl, 3 @@ -54498,91 +56597,91 @@ cmovbe ebx, eax xor eax, eax and ebx, 3 shl ebx, 9 -add esi, 0x374e +add esi, 0x374f mov byte [ebp - 0x30], 0 mov dword [ebp - 0x34], esi -loc_fffc8733: ; not directly referenced +loc_fffca39c: ; not directly referenced test eax, eax sete cl cmp byte [ebp - 0x30], 1 setbe dl test cl, dl -je loc_fffc87f6 ; je 0xfffc87f6 +je loc_fffca45f ; je 0xfffca45f movzx edx, byte [ebp - 0x30] xor eax, eax mov ecx, dword [ebp + 8] imul esi, edx, 0x13c3 add ecx, esi -cmp dword [ecx + 0x3756], 2 -jne loc_fffc87ee ; jne 0xfffc87ee +cmp dword [ecx + 0x3757], 2 +jne loc_fffca457 ; jne 0xfffca457 mov eax, dword [ebp - 0x34] lea eax, [eax + esi + 8] -test byte [ecx + 0x381a], 1 -je short loc_fffc879e ; je 0xfffc879e +test byte [ecx + 0x381b], 1 +je short loc_fffca407 ; je 0xfffca407 mov esi, dword [ebp + 8] -cmp byte [esi + 0x247b], 0 -jne short loc_fffc8795 ; jne 0xfffc8795 +cmp byte [esi + 0x247c], 0 +jne short loc_fffca3fe ; jne 0xfffca3fe mov word [eax + 0x1271], bx mov word [eax + 0x1289], bx -loc_fffc878f: ; not directly referenced +loc_fffca3f8: ; not directly referenced mov word [ebp - 0x24], bx -jmp short loc_fffc879e ; jmp 0xfffc879e +jmp short loc_fffca407 ; jmp 0xfffca407 -loc_fffc8795: ; not directly referenced +loc_fffca3fe: ; not directly referenced mov bx, word [eax + 0x1271] -jmp short loc_fffc878f ; jmp 0xfffc878f +jmp short loc_fffca3f8 ; jmp 0xfffca3f8 -loc_fffc879e: ; not directly referenced +loc_fffca407: ; not directly referenced imul ecx, edx, 0x13c3 mov esi, dword [ebp + 8] -test byte [esi + ecx + 0x381a], 4 -je short loc_fffc87d7 ; je 0xfffc87d7 -cmp byte [esi + 0x247b], 0 -jne short loc_fffc87ce ; jne 0xfffc87ce +test byte [esi + ecx + 0x381b], 4 +je short loc_fffca440 ; je 0xfffca440 +cmp byte [esi + 0x247c], 0 +jne short loc_fffca437 ; jne 0xfffca437 mov word [eax + 0x1399], bx mov word [eax + 0x13b1], bx -loc_fffc87c8: ; not directly referenced +loc_fffca431: ; not directly referenced mov word [ebp - 0x22], bx -jmp short loc_fffc87d7 ; jmp 0xfffc87d7 +jmp short loc_fffca440 ; jmp 0xfffca440 -loc_fffc87ce: ; not directly referenced +loc_fffca437: ; not directly referenced mov bx, word [eax + 0x1399] -jmp short loc_fffc87c8 ; jmp 0xfffc87c8 +jmp short loc_fffca431 ; jmp 0xfffca431 -loc_fffc87d7: ; not directly referenced +loc_fffca440: ; not directly referenced sub esp, 0xc mov ecx, 3 lea eax, [ebp - 0x24] push eax mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 -loc_fffc87ee: ; not directly referenced +loc_fffca457: ; not directly referenced inc byte [ebp - 0x30] -jmp near loc_fffc8733 ; jmp 0xfffc8733 +jmp near loc_fffca39c ; jmp 0xfffca39c -loc_fffc87f6: ; not directly referenced +loc_fffca45f: ; not directly referenced mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] mov bl, 4 -movzx eax, byte [eax + 0x247d] +movzx eax, byte [eax + 0x247e] mov dword [ebp - 0x34], eax cmp edi, 0x535 -jbe short loc_fffc882c ; jbe 0xfffc882c +jbe short loc_fffca495 ; jbe 0xfffca495 mov bl, 5 cmp edi, 0x74b -jbe short loc_fffc882c ; jbe 0xfffc882c +jbe short loc_fffca495 ; jbe 0xfffca495 cmp edi, 0x961 sbb ebx, ebx add ebx, 7 -loc_fffc882c: ; not directly referenced +loc_fffca495: ; not directly referenced sub ebx, 4 mov al, 3 cmp bl, 3 @@ -54593,277 +56692,277 @@ and ebx, 7 shl ebx, 0xa or bl, 0x8d mov byte [ebp - 0x30], 0 -lea edi, [eax + 0x374e] +lea edi, [eax + 0x374f] -loc_fffc884f: ; not directly referenced +loc_fffca4b8: ; not directly referenced test esi, esi sete dl cmp byte [ebp - 0x30], 1 setbe al test dl, al -je loc_fffc891d ; je 0xfffc891d +je loc_fffca586 ; je 0xfffca586 movzx edx, byte [ebp - 0x30] xor esi, esi mov ecx, dword [ebp + 8] imul eax, edx, 0x13c3 add ecx, eax -cmp dword [ecx + 0x3756], 2 -jne loc_fffc8915 ; jne 0xfffc8915 +cmp dword [ecx + 0x3757], 2 +jne loc_fffca57e ; jne 0xfffca57e lea eax, [edi + eax + 8] -test byte [ecx + 0x381a], 1 -je short loc_fffc88bd ; je 0xfffc88bd +test byte [ecx + 0x381b], 1 +je short loc_fffca526 ; je 0xfffca526 mov esi, dword [ebp + 8] -cmp byte [esi + 0x247b], 0 -je short loc_fffc88a7 ; je 0xfffc88a7 +cmp byte [esi + 0x247c], 0 +je short loc_fffca510 ; je 0xfffca510 -loc_fffc889a: ; not directly referenced +loc_fffca503: ; not directly referenced mov bx, word [eax + 0x1277] -loc_fffc88a1: ; not directly referenced +loc_fffca50a: ; not directly referenced mov word [ebp - 0x24], bx -jmp short loc_fffc88bd ; jmp 0xfffc88bd +jmp short loc_fffca526 ; jmp 0xfffca526 -loc_fffc88a7: ; not directly referenced +loc_fffca510: ; not directly referenced cmp dword [ebp - 0x34], 0 -jne short loc_fffc889a ; jne 0xfffc889a +jne short loc_fffca503 ; jne 0xfffca503 mov word [eax + 0x1277], bx mov word [eax + 0x128f], bx -jmp short loc_fffc88a1 ; jmp 0xfffc88a1 +jmp short loc_fffca50a ; jmp 0xfffca50a -loc_fffc88bd: ; not directly referenced +loc_fffca526: ; not directly referenced imul ecx, edx, 0x13c3 mov esi, dword [ebp + 8] -test byte [esi + ecx + 0x381a], 4 -je short loc_fffc88fc ; je 0xfffc88fc -cmp byte [esi + 0x247b], 0 -je short loc_fffc88e6 ; je 0xfffc88e6 +test byte [esi + ecx + 0x381b], 4 +je short loc_fffca565 ; je 0xfffca565 +cmp byte [esi + 0x247c], 0 +je short loc_fffca54f ; je 0xfffca54f -loc_fffc88d9: ; not directly referenced +loc_fffca542: ; not directly referenced mov bx, word [eax + 0x139f] -loc_fffc88e0: ; not directly referenced +loc_fffca549: ; not directly referenced mov word [ebp - 0x22], bx -jmp short loc_fffc88fc ; jmp 0xfffc88fc +jmp short loc_fffca565 ; jmp 0xfffca565 -loc_fffc88e6: ; not directly referenced +loc_fffca54f: ; not directly referenced cmp dword [ebp - 0x34], 0 -jne short loc_fffc88d9 ; jne 0xfffc88d9 +jne short loc_fffca542 ; jne 0xfffca542 mov word [eax + 0x139f], bx mov word [eax + 0x13b7], bx -jmp short loc_fffc88e0 ; jmp 0xfffc88e0 +jmp short loc_fffca549 ; jmp 0xfffca549 -loc_fffc88fc: ; not directly referenced +loc_fffca565: ; not directly referenced sub esp, 0xc mov ecx, 6 lea eax, [ebp - 0x24] push eax mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 mov esi, eax -loc_fffc8915: ; not directly referenced +loc_fffca57e: ; not directly referenced inc byte [ebp - 0x30] -jmp near loc_fffc884f ; jmp 0xfffc884f +jmp near loc_fffca4b8 ; jmp 0xfffca4b8 -loc_fffc891d: ; not directly referenced +loc_fffca586: ; not directly referenced mov dword [ebp - 0x38], esi test esi, esi -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] mov ebx, 0x20 mov byte [ebp - 0x30], 0 -add eax, 0x374e +add eax, 0x374f mov dword [ebp - 0x40], eax -loc_fffc893c: ; not directly referenced +loc_fffca5a5: ; not directly referenced test esi, esi sete dl cmp byte [ebp - 0x30], 1 setbe al test dl, al -je loc_fffc8a13 ; je 0xfffc8a13 +je loc_fffca67c ; je 0xfffca67c movzx eax, byte [ebp - 0x30] imul edx, eax, 0x13c3 mov dword [ebp - 0x34], eax mov eax, dword [ebp + 8] add eax, edx -cmp dword [eax + 0x3756], 2 -jne loc_fffc8a08 ; jne 0xfffc8a08 +cmp dword [eax + 0x3757], 2 +jne loc_fffca671 ; jne 0xfffca671 mov edi, dword [ebp - 0x40] mov dword [ebp - 0x3c], eax lea esi, [edi + edx + 0x127d] xor edi, edi -loc_fffc897e: ; not directly referenced +loc_fffca5e7: ; not directly referenced mov ecx, edi mov eax, 1 shl eax, cl mov ecx, dword [ebp - 0x3c] -test byte [ecx + 0x381a], al -je short loc_fffc89dc ; je 0xfffc89dc +test byte [ecx + 0x381b], al +je short loc_fffca645 ; je 0xfffca645 mov eax, dword [ebp + 8] -cmp byte [eax + 0x247b], 0 -je short loc_fffc89a3 ; je 0xfffc89a3 +cmp byte [eax + 0x247c], 0 +je short loc_fffca60c ; je 0xfffca60c mov bx, word [esi] -jmp short loc_fffc89d7 ; jmp 0xfffc89d7 +jmp short loc_fffca640 ; jmp 0xfffca640 -loc_fffc89a3: ; not directly referenced +loc_fffca60c: ; not directly referenced mov edx, dword [ebp - 0x34] mov eax, dword [ebp + 8] -call fcn_fffa6c42 ; call 0xfffa6c42 +call fcn_fffa6bf0 ; call 0xfffa6bf0 test eax, eax -je loc_fffc8ec5 ; je 0xfffc8ec5 +je loc_fffcab2e ; je 0xfffcab2e movzx ecx, byte [eax + 2] sub esp, 0xc mov edx, dword [ebp + 8] lea eax, [ebp - 0x2a] push ebx -call fcn_fffa6cab ; call 0xfffa6cab +call fcn_fffa6c59 ; call 0xfffa6c59 mov bx, word [ebp - 0x2a] add esp, 0x10 mov word [esi], bx mov word [esi + 0x18], bx -loc_fffc89d7: ; not directly referenced +loc_fffca640: ; not directly referenced mov word [ebp + edi - 0x24], bx -loc_fffc89dc: ; not directly referenced +loc_fffca645: ; not directly referenced add edi, 2 add esi, 0x128 cmp edi, 4 -jne short loc_fffc897e ; jne 0xfffc897e +jne short loc_fffca5e7 ; jne 0xfffca5e7 sub esp, 0xc mov edx, dword [ebp - 0x34] mov ecx, 5 lea eax, [ebp - 0x24] push eax mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 mov esi, eax -jmp short loc_fffc8a0b ; jmp 0xfffc8a0b +jmp short loc_fffca674 ; jmp 0xfffca674 -loc_fffc8a08: ; not directly referenced +loc_fffca671: ; not directly referenced mov esi, dword [ebp - 0x38] -loc_fffc8a0b: ; not directly referenced +loc_fffca674: ; not directly referenced inc byte [ebp - 0x30] -jmp near loc_fffc893c ; jmp 0xfffc893c +jmp near loc_fffca5a5 ; jmp 0xfffca5a5 -loc_fffc8a13: ; not directly referenced +loc_fffca67c: ; not directly referenced test esi, esi -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov edi, dword [ebp + 8] xor ebx, ebx xor eax, eax mov byte [ebp - 0x30], 0 -add edi, 0x374e +add edi, 0x374f -loc_fffc8a2c: ; not directly referenced +loc_fffca695: ; not directly referenced test eax, eax sete cl cmp byte [ebp - 0x30], 1 setbe dl test cl, dl -je loc_fffc8aec ; je 0xfffc8aec +je loc_fffca755 ; je 0xfffca755 movzx edx, byte [ebp - 0x30] xor eax, eax mov ecx, dword [ebp + 8] imul esi, edx, 0x13c3 add ecx, esi -cmp dword [ecx + 0x3756], 2 -jne loc_fffc8ae4 ; jne 0xfffc8ae4 +cmp dword [ecx + 0x3757], 2 +jne loc_fffca74d ; jne 0xfffca74d lea eax, [edi + esi + 8] -test byte [ecx + 0x381a], 1 -je short loc_fffc8a94 ; je 0xfffc8a94 +test byte [ecx + 0x381b], 1 +je short loc_fffca6fd ; je 0xfffca6fd mov esi, dword [ebp + 8] -cmp byte [esi + 0x247b], 0 -jne short loc_fffc8a8b ; jne 0xfffc8a8b +cmp byte [esi + 0x247c], 0 +jne short loc_fffca6f4 ; jne 0xfffca6f4 mov word [eax + 0x1273], bx mov word [eax + 0x128b], bx -loc_fffc8a85: ; not directly referenced +loc_fffca6ee: ; not directly referenced mov word [ebp - 0x24], bx -jmp short loc_fffc8a94 ; jmp 0xfffc8a94 +jmp short loc_fffca6fd ; jmp 0xfffca6fd -loc_fffc8a8b: ; not directly referenced +loc_fffca6f4: ; not directly referenced mov bx, word [eax + 0x1273] -jmp short loc_fffc8a85 ; jmp 0xfffc8a85 +jmp short loc_fffca6ee ; jmp 0xfffca6ee -loc_fffc8a94: ; not directly referenced +loc_fffca6fd: ; not directly referenced imul ecx, edx, 0x13c3 mov esi, dword [ebp + 8] -test byte [esi + ecx + 0x381a], 4 -je short loc_fffc8acd ; je 0xfffc8acd -cmp byte [esi + 0x247b], 0 -jne short loc_fffc8ac4 ; jne 0xfffc8ac4 +test byte [esi + ecx + 0x381b], 4 +je short loc_fffca736 ; je 0xfffca736 +cmp byte [esi + 0x247c], 0 +jne short loc_fffca72d ; jne 0xfffca72d mov word [eax + 0x139b], bx mov word [eax + 0x13b3], bx -loc_fffc8abe: ; not directly referenced +loc_fffca727: ; not directly referenced mov word [ebp - 0x22], bx -jmp short loc_fffc8acd ; jmp 0xfffc8acd +jmp short loc_fffca736 ; jmp 0xfffca736 -loc_fffc8ac4: ; not directly referenced +loc_fffca72d: ; not directly referenced mov bx, word [eax + 0x139b] -jmp short loc_fffc8abe ; jmp 0xfffc8abe +jmp short loc_fffca727 ; jmp 0xfffca727 -loc_fffc8acd: ; not directly referenced +loc_fffca736: ; not directly referenced sub esp, 0xc mov ecx, 4 lea eax, [ebp - 0x24] push eax mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 -loc_fffc8ae4: ; not directly referenced +loc_fffca74d: ; not directly referenced inc byte [ebp - 0x30] -jmp near loc_fffc8a2c ; jmp 0xfffc8a2c +jmp near loc_fffca695 ; jmp 0xfffca695 -loc_fffc8aec: ; not directly referenced +loc_fffca755: ; not directly referenced mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] mov byte [ebp - 0x30], 0 -add eax, 0x374e +add eax, 0x374f mov dword [ebp - 0x48], eax mov eax, dword [ebp + 8] imul eax, dword [eax + 0x18a7], 0x2e mov dword [ebp - 0x4c], eax -loc_fffc8b12: ; not directly referenced +loc_fffca77b: ; not directly referenced test esi, esi sete dl cmp byte [ebp - 0x30], 1 setbe al test dl, al -je loc_fffc8c8a ; je 0xfffc8c8a +je loc_fffca8f3 ; je 0xfffca8f3 movzx eax, byte [ebp - 0x30] mov edi, dword [ebp + 8] mov dword [ebp - 0x38], eax imul eax, eax, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffc8c80 ; jne 0xfffc8c80 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffca8e9 ; jne 0xfffca8e9 mov edi, dword [ebp - 0x48] lea edi, [edi + eax + 8] mov eax, dword [ebp - 0x4c] movzx eax, word [edi + eax + 0xc] cmp ax, 0xc -ja short loc_fffc8b5e ; ja 0xfffc8b5e +ja short loc_fffca7c7 ; ja 0xfffca7c7 sub eax, 9 -jmp short loc_fffc8b6c ; jmp 0xfffc8b6c +jmp short loc_fffca7d5 ; jmp 0xfffca7d5 -loc_fffc8b5e: ; not directly referenced +loc_fffca7c7: ; not directly referenced sub eax, 0xe mov ecx, 2 cdq idiv ecx or eax, 4 -loc_fffc8b6c: ; not directly referenced +loc_fffca7d5: ; not directly referenced and eax, 7 lea ebx, [eax*8] imul eax, dword [ebp - 0x38], 0x13c3 @@ -54873,7 +56972,7 @@ mov dword [ebp - 0x40], eax movzx eax, byte [ebp - 0x30] mov dword [ebp - 0x44], eax -loc_fffc8b91: ; not directly referenced +loc_fffca7fa: ; not directly referenced mov esi, dword [ebp - 0x3c] mov eax, esi mov ecx, esi @@ -54881,48 +56980,48 @@ mov byte [ebp - 0x34], al mov eax, 1 shl eax, cl mov ecx, dword [ebp - 0x40] -test byte [ecx + 0x381a], al -je loc_fffc8c54 ; je 0xfffc8c54 +test byte [ecx + 0x381b], al +je loc_fffca8bd ; je 0xfffca8bd mov eax, dword [ebp + 8] -cmp byte [eax + 0x247b], 0 -je short loc_fffc8bd4 ; je 0xfffc8bd4 +cmp byte [eax + 0x247c], 0 +je short loc_fffca83d ; je 0xfffca83d mov eax, esi shr al, 1 movzx eax, al imul eax, eax, 0x128 mov bx, word [edi + eax + 0x126f] -jmp short loc_fffc8c47 ; jmp 0xfffc8c47 +jmp short loc_fffca8b0 ; jmp 0xfffca8b0 -loc_fffc8bd4: ; not directly referenced +loc_fffca83d: ; not directly referenced mov edx, dword [ebp - 0x38] mov eax, dword [ebp + 8] -call fcn_fffa6c42 ; call 0xfffa6c42 +call fcn_fffa6bf0 ; call 0xfffa6bf0 test eax, eax -je loc_fffc8ec5 ; je 0xfffc8ec5 +je loc_fffcab2e ; je 0xfffcab2e mov dl, byte [eax] cmp dl, 0x78 -je short loc_fffc8c08 ; je 0xfffc8c08 -ja short loc_fffc8bf7 ; ja 0xfffc8bf7 +je short loc_fffca871 ; je 0xfffca871 +ja short loc_fffca860 ; ja 0xfffca860 mov al, 4 cmp dl, 0x50 -jmp short loc_fffc8c02 ; jmp 0xfffc8c02 +jmp short loc_fffca86b ; jmp 0xfffca86b -loc_fffc8bf7: ; not directly referenced +loc_fffca860: ; not directly referenced mov al, 2 cmp dl, 0xf0 -je short loc_fffc8c0a ; je 0xfffc8c0a +je short loc_fffca873 ; je 0xfffca873 mov al, 3 inc dl -loc_fffc8c02: ; not directly referenced -je short loc_fffc8c0a ; je 0xfffc8c0a +loc_fffca86b: ; not directly referenced +je short loc_fffca873 ; je 0xfffca873 xor eax, eax -jmp short loc_fffc8c0a ; jmp 0xfffc8c0a +jmp short loc_fffca873 ; jmp 0xfffca873 -loc_fffc8c08: ; not directly referenced +loc_fffca871: ; not directly referenced mov al, 1 -loc_fffc8c0a: ; not directly referenced +loc_fffca873: ; not directly referenced shl eax, 9 and bh, 0xf1 mov edx, dword [ebp - 0x44] @@ -54937,88 +57036,88 @@ imul esi, esi, 0x128 push eax mov eax, dword [ebp + 8] add esi, edi -call fcn_fffa8733 ; call 0xfffa8733 +call fcn_fffa86e1 ; call 0xfffa86e1 add esp, 0x10 mov word [esi + 0x126f], bx mov word [esi + 0x1287], bx -loc_fffc8c47: ; not directly referenced +loc_fffca8b0: ; not directly referenced mov al, byte [ebp - 0x34] shr al, 1 movzx eax, al mov word [ebp + eax*2 - 0x24], bx -loc_fffc8c54: ; not directly referenced +loc_fffca8bd: ; not directly referenced add dword [ebp - 0x3c], 2 cmp dword [ebp - 0x3c], 4 -jne loc_fffc8b91 ; jne 0xfffc8b91 +jne loc_fffca7fa ; jne 0xfffca7fa sub esp, 0xc mov edx, dword [ebp - 0x38] mov ecx, 2 lea eax, [ebp - 0x24] push eax mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 mov esi, eax -jmp short loc_fffc8c82 ; jmp 0xfffc8c82 +jmp short loc_fffca8eb ; jmp 0xfffca8eb -loc_fffc8c80: ; not directly referenced +loc_fffca8e9: ; not directly referenced xor esi, esi -loc_fffc8c82: ; not directly referenced +loc_fffca8eb: ; not directly referenced inc byte [ebp - 0x30] -jmp near loc_fffc8b12 ; jmp 0xfffc8b12 +jmp near loc_fffca77b ; jmp 0xfffca77b -loc_fffc8c8a: ; not directly referenced +loc_fffca8f3: ; not directly referenced test esi, esi -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] -call fcn_fffac67c ; call 0xfffac67c +call fcn_fffad6b6 ; call 0xfffad6b6 mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffb14e1 ; call 0xfffb14e1 +call fcn_fffad821 ; call 0xfffad821 mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 3 -call fcn_fffb1bed ; call 0xfffb1bed +call fcn_fffadf2d ; call 0xfffadf2d mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] -mov byte [eax + 0x247d], 1 -jmp near loc_fffc9116 ; jmp 0xfffc9116 +mov byte [eax + 0x247e], 1 +jmp near loc_fffcad7f ; jmp 0xfffcad7f -loc_fffc8ce3: ; not directly referenced +loc_fffca94c: ; not directly referenced mov edi, dword [ebp + 8] xor eax, eax mov byte [ebp - 0x30], 0 -add edi, 0x374e +add edi, 0x374f mov dword [ebp - 0x4c], edi mov edi, dword [ebp + 8] imul edi, dword [edi + 0x18a7], 0x2e mov dword [ebp - 0x50], edi -loc_fffc8d02: ; not directly referenced +loc_fffca96b: ; not directly referenced test eax, eax sete cl cmp byte [ebp - 0x30], 1 setbe dl test cl, dl -je loc_fffc8eb2 ; je 0xfffc8eb2 +je loc_fffcab1b ; je 0xfffcab1b movzx eax, byte [ebp - 0x30] imul edx, eax, 0x13c3 mov dword [ebp - 0x34], eax mov eax, dword [ebp + 8] add eax, edx -cmp dword [eax + 0x3756], 2 -jne loc_fffc8ea8 ; jne 0xfffc8ea8 +cmp dword [eax + 0x3757], 2 +jne loc_fffcab11 ; jne 0xfffcab11 mov edi, dword [ebp - 0x4c] mov dword [ebp - 0x44], eax mov eax, dword [ebp - 0x34] @@ -55033,7 +57132,7 @@ lea ebx, [edi - 5] and ebx, 7 shl ebx, 3 -loc_fffc8d64: ; not directly referenced +loc_fffca9cd: ; not directly referenced mov edi, dword [ebp - 0x38] mov eax, edi mov ecx, edi @@ -55041,46 +57140,46 @@ mov edi, dword [ebp - 0x44] mov byte [ebp - 0x3c], al mov eax, 1 shl eax, cl -test byte [edi + 0x381a], al -je loc_fffc8e7e ; je 0xfffc8e7e +test byte [edi + 0x381b], al +je loc_fffcaae7 ; je 0xfffcaae7 mov eax, dword [ebp + 8] -cmp byte [eax + 0x247b], 0 -je short loc_fffc8daa ; je 0xfffc8daa +cmp byte [eax + 0x247c], 0 +je short loc_fffcaa13 ; je 0xfffcaa13 mov al, cl shr al, 1 movzx eax, al imul eax, eax, 0x128 mov bx, word [esi + eax + 0x126f] -jmp near loc_fffc8e71 ; jmp 0xfffc8e71 +jmp near loc_fffcaada ; jmp 0xfffcaada -loc_fffc8daa: ; not directly referenced +loc_fffcaa13: ; not directly referenced mov al, byte [ebp - 0x3c] shr al, 1 movzx edi, al mov byte [ebp - 0x40], al imul eax, edi, 0x128 cmp byte [esi + eax + 0x1243], 1 -jne short loc_fffc8de3 ; jne 0xfffc8de3 +jne short loc_fffcaa4c ; jne 0xfffcaa4c mov eax, dword [ebp + 8] cmp byte [eax + 0x190d], 0 -je short loc_fffc8df8 ; je 0xfffc8df8 -cmp dword [eax + 0x36cb], 1 -jne short loc_fffc8df8 ; jne 0xfffc8df8 -cmp byte [eax + 0x247f], 1 -je short loc_fffc8df8 ; je 0xfffc8df8 +je short loc_fffcaa61 ; je 0xfffcaa61 +cmp dword [eax + 0x36cc], 1 +jne short loc_fffcaa61 ; jne 0xfffcaa61 +cmp byte [eax + 0x2480], 1 +je short loc_fffcaa61 ; je 0xfffcaa61 -loc_fffc8de3: ; not directly referenced +loc_fffcaa4c: ; not directly referenced imul eax, edi, 0x128 cmp byte [esi + eax + 0x1242], 1 sete al xor edx, edx -jmp short loc_fffc8dfc ; jmp 0xfffc8dfc +jmp short loc_fffcaa65 ; jmp 0xfffcaa65 -loc_fffc8df8: ; not directly referenced +loc_fffcaa61: ; not directly referenced xor eax, eax mov dl, 1 -loc_fffc8dfc: ; not directly referenced +loc_fffcaa65: ; not directly referenced and edx, 1 and bl, 0x3f shl edx, 6 @@ -55091,19 +57190,19 @@ mov edx, dword [ebp - 0x34] or ebx, eax mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffa69ea ; call 0xfffa69ea +call fcn_fffa6998 ; call 0xfffa6998 test eax, eax -je loc_fffc8ec5 ; je 0xfffc8ec5 +je loc_fffcab2e ; je 0xfffcab2e movzx eax, byte [eax] xor edx, edx cmp al, 0x78 -ja short loc_fffc8e37 ; ja 0xfffc8e37 +ja short loc_fffcaaa0 ; ja 0xfffcaaa0 mov cl, 0x3c div cl test ah, 0x3f cmove edx, eax -loc_fffc8e37: ; not directly referenced +loc_fffcaaa0: ; not directly referenced and edx, 3 and bh, 0xf9 movzx ecx, byte [ebp - 0x40] @@ -55116,112 +57215,112 @@ imul edi, edi, 0x128 push eax mov eax, dword [ebp + 8] add edi, esi -call fcn_fffa8733 ; call 0xfffa8733 +call fcn_fffa86e1 ; call 0xfffa86e1 add esp, 0x10 mov word [edi + 0x126f], bx mov word [edi + 0x1287], bx -loc_fffc8e71: ; not directly referenced +loc_fffcaada: ; not directly referenced mov al, byte [ebp - 0x3c] shr al, 1 movzx eax, al mov word [ebp + eax*2 - 0x24], bx -loc_fffc8e7e: ; not directly referenced +loc_fffcaae7: ; not directly referenced add dword [ebp - 0x38], 2 cmp dword [ebp - 0x38], 4 -jne loc_fffc8d64 ; jne 0xfffc8d64 +jne loc_fffca9cd ; jne 0xfffca9cd sub esp, 0xc mov edx, dword [ebp - 0x34] mov ecx, 2 lea eax, [ebp - 0x24] push eax mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 -jmp short loc_fffc8eaa ; jmp 0xfffc8eaa +jmp short loc_fffcab13 ; jmp 0xfffcab13 -loc_fffc8ea8: ; not directly referenced +loc_fffcab11: ; not directly referenced xor eax, eax -loc_fffc8eaa: ; not directly referenced +loc_fffcab13: ; not directly referenced inc byte [ebp - 0x30] -jmp near loc_fffc8d02 ; jmp 0xfffc8d02 +jmp near loc_fffca96b ; jmp 0xfffca96b -loc_fffc8eb2: ; not directly referenced +loc_fffcab1b: ; not directly referenced mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f xor eax, eax xor ebx, ebx lea edi, [ebp - 0x24] -jmp short loc_fffc8f07 ; jmp 0xfffc8f07 +jmp short loc_fffcab70 ; jmp 0xfffcab70 -loc_fffc8ec5: ; not directly referenced +loc_fffcab2e: ; not directly referenced mov esi, 1 -jmp near loc_fffc9116 ; jmp 0xfffc9116 +jmp near loc_fffcad7f ; jmp 0xfffcad7f -loc_fffc8ecf: ; not directly referenced +loc_fffcab38: ; not directly referenced movzx edx, bl mov esi, dword [ebp + 8] xor eax, eax imul ecx, edx, 0x13c3 -cmp dword [esi + ecx + 0x3756], 2 -jne short loc_fffc8f06 ; jne 0xfffc8f06 +cmp dword [esi + ecx + 0x3757], 2 +jne short loc_fffcab6f ; jne 0xfffcab6f sub esp, 0xc mov ecx, 3 push edi mov eax, esi mov word [ebp - 0x24], 0 mov word [ebp - 0x22], 0 -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 -loc_fffc8f06: ; not directly referenced +loc_fffcab6f: ; not directly referenced inc ebx -loc_fffc8f07: ; not directly referenced +loc_fffcab70: ; not directly referenced test eax, eax sete cl cmp bl, 1 setbe dl test cl, dl -jne short loc_fffc8ecf ; jne 0xfffc8ecf +jne short loc_fffcab38 ; jne 0xfffcab38 mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] -call fcn_fffb1a87 ; call 0xfffb1a87 +call fcn_fffaddc7 ; call 0xfffaddc7 mov esi, eax test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 +jne loc_fffcad7f ; jne 0xfffcad7f lea edi, [ebp - 0x24] -mov esi, ref_fffd5abc ; mov esi, 0xfffd5abc +mov esi, ref_fffd6150 ; mov esi, 0xfffd6150 mov ecx, 3 mov ebx, 0x100 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov edi, dword [ebp + 8] xor eax, eax mov byte [ebp - 0x34], 0 -add edi, 0x374e +add edi, 0x374f mov dword [ebp - 0x3c], edi mov edi, dword [ebp + 8] imul edi, dword [edi + 0x18a7], 0x2e mov dword [ebp - 0x40], edi -loc_fffc8f65: ; not directly referenced +loc_fffcabce: ; not directly referenced test eax, eax sete cl cmp byte [ebp - 0x34], 1 setbe dl test cl, dl -je loc_fffc90e3 ; je 0xfffc90e3 +je loc_fffcad4c ; je 0xfffcad4c movzx eax, byte [ebp - 0x34] mov edi, dword [ebp + 8] mov dword [ebp - 0x38], eax imul eax, eax, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffc90d9 ; jne 0xfffc90d9 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffcad42 ; jne 0xfffcad42 mov edi, dword [ebp - 0x3c] lea edi, [edi + eax + 8] mov eax, dword [ebp - 0x40] @@ -55230,21 +57329,21 @@ mov cx, word [eax + 0xa] movzx eax, word [eax + 0x2a] mov word [ebp - 0x30], cx cmp ax, 4 -jbe loc_fffc90eb ; jbe 0xfffc90eb +jbe loc_fffcad54 ; jbe 0xfffcad54 cmp ax, 0xa setne cl cmp ax, 8 seta dl test cl, dl -je short loc_fffc8fe0 ; je 0xfffc8fe0 +je short loc_fffcac49 ; je 0xfffcac49 mov edx, eax and edx, 0xfffffffd cmp dx, 0xc -je short loc_fffc8fe0 ; je 0xfffc8fe0 +je short loc_fffcac49 ; je 0xfffcac49 cmp ax, 0x10 -jne loc_fffc90eb ; jne 0xfffc90eb +jne loc_fffcad54 ; jne 0xfffcad54 -loc_fffc8fe0: ; not directly referenced +loc_fffcac49: ; not directly referenced mov esi, dword [ebp - 0x30] movzx eax, byte [ebp + eax - 0x29] cmp si, 0xc @@ -55276,95 +57375,95 @@ cmp al, 1 seta dl and bh, 0xef test cl, dl -jne short loc_fffc904c ; jne 0xfffc904c +jne short loc_fffcacb5 ; jne 0xfffcacb5 cmp al, 1 setbe al and eax, 1 shl eax, 0xc or ebx, eax -loc_fffc904c: ; not directly referenced +loc_fffcacb5: ; not directly referenced imul eax, dword [ebp - 0x38], 0x13c3 mov esi, dword [ebp + 8] -test byte [esi + eax + 0x381a], 1 -je short loc_fffc9086 ; je 0xfffc9086 -cmp byte [esi + 0x247b], 0 -jne short loc_fffc907d ; jne 0xfffc907d +test byte [esi + eax + 0x381b], 1 +je short loc_fffcacef ; je 0xfffcacef +cmp byte [esi + 0x247c], 0 +jne short loc_fffcace6 ; jne 0xfffcace6 mov word [edi + 0x126b], bx mov word [edi + 0x1283], bx -loc_fffc9077: ; not directly referenced +loc_fffcace0: ; not directly referenced mov word [ebp - 0x28], bx -jmp short loc_fffc9086 ; jmp 0xfffc9086 +jmp short loc_fffcacef ; jmp 0xfffcacef -loc_fffc907d: ; not directly referenced +loc_fffcace6: ; not directly referenced mov bx, word [edi + 0x126b] -jmp short loc_fffc9077 ; jmp 0xfffc9077 +jmp short loc_fffcace0 ; jmp 0xfffcace0 -loc_fffc9086: ; not directly referenced +loc_fffcacef: ; not directly referenced imul eax, dword [ebp - 0x38], 0x13c3 mov ecx, dword [ebp + 8] -test byte [ecx + eax + 0x381a], 4 -je short loc_fffc90c0 ; je 0xfffc90c0 -cmp byte [ecx + 0x247b], 0 -jne short loc_fffc90b7 ; jne 0xfffc90b7 +test byte [ecx + eax + 0x381b], 4 +je short loc_fffcad29 ; je 0xfffcad29 +cmp byte [ecx + 0x247c], 0 +jne short loc_fffcad20 ; jne 0xfffcad20 mov word [edi + 0x1393], bx mov word [edi + 0x13ab], bx -loc_fffc90b1: ; not directly referenced +loc_fffcad1a: ; not directly referenced mov word [ebp - 0x26], bx -jmp short loc_fffc90c0 ; jmp 0xfffc90c0 +jmp short loc_fffcad29 ; jmp 0xfffcad29 -loc_fffc90b7: ; not directly referenced +loc_fffcad20: ; not directly referenced mov bx, word [edi + 0x1393] -jmp short loc_fffc90b1 ; jmp 0xfffc90b1 +jmp short loc_fffcad1a ; jmp 0xfffcad1a -loc_fffc90c0: ; not directly referenced +loc_fffcad29: ; not directly referenced sub esp, 0xc mov edx, dword [ebp - 0x38] xor ecx, ecx lea eax, [ebp - 0x28] push eax mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 -jmp short loc_fffc90db ; jmp 0xfffc90db +jmp short loc_fffcad44 ; jmp 0xfffcad44 -loc_fffc90d9: ; not directly referenced +loc_fffcad42: ; not directly referenced xor eax, eax -loc_fffc90db: ; not directly referenced +loc_fffcad44: ; not directly referenced inc byte [ebp - 0x34] -jmp near loc_fffc8f65 ; jmp 0xfffc8f65 +jmp near loc_fffcabce ; jmp 0xfffcabce -loc_fffc90e3: ; not directly referenced +loc_fffcad4c: ; not directly referenced mov esi, eax test eax, eax -jne short loc_fffc9116 ; jne 0xfffc9116 -jmp short loc_fffc90f2 ; jmp 0xfffc90f2 +jne short loc_fffcad7f ; jne 0xfffcad7f +jmp short loc_fffcad5b ; jmp 0xfffcad5b -loc_fffc90eb: ; not directly referenced +loc_fffcad54: ; not directly referenced mov esi, 0xd -jmp short loc_fffc9116 ; jmp 0xfffc9116 +jmp short loc_fffcad7f ; jmp 0xfffcad7f -loc_fffc90f2: ; not directly referenced +loc_fffcad5b: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 3 -call fcn_fffb1bed ; call 0xfffb1bed +call fcn_fffadf2d ; call 0xfffadf2d mov esi, eax test eax, eax -jne short loc_fffc9116 ; jne 0xfffc9116 +jne short loc_fffcad7f ; jne 0xfffcad7f mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x4d94 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc9116: ; not directly referenced +loc_fffcad7f: ; not directly referenced mov eax, dword [ebp + 8] -mov byte [eax + 0x247b], 1 +mov byte [eax + 0x247c], 1 -loc_fffc9120: ; not directly referenced +loc_fffcad89: ; not directly referenced lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -55373,7 +57472,7 @@ pop edi pop ebp ret -fcn_fffc912a: ; not directly referenced +fcn_fffcad93: ; not directly referenced push ebp mov ebp, esp push edi @@ -55386,7 +57485,7 @@ mov eax, dword [ebp + 8] push 1 push 7 mov dword [ebp - 0x48], eax -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] mov byte [ebp - 0x49], dl lea edx, [ebp - 0x27] push edx @@ -55396,13 +57495,13 @@ mov ecx, esi add esp, 0x10 movzx esi, cl xor eax, eax -lea edx, [edi + 0x3756] +lea edx, [edi + 0x3757] mov dword [ebp - 0x40], esi -loc_fffc9167: ; not directly referenced +loc_fffcadd0: ; not directly referenced mov esi, dword [ebp - 0x40] bt esi, eax -jae loc_fffc9234 ; jae 0xfffc9234 +jae loc_fffcae9d ; jae 0xfffcae9d mov esi, dword [edx + 0x109] mov ecx, dword [edx + 0x111] mov dword [ebp + eax*4 - 0x20], 0 @@ -55435,11 +57534,11 @@ mov byte [ebp - 0x44], cl xor ecx, ecx mov byte [ebp + eax - 0x2d], bl -loc_fffc91f1: ; not directly referenced +loc_fffcae5a: ; not directly referenced mov ebx, 1 shl ebx, cl test byte [ebp - 0x44], bl -je short loc_fffc922c ; je 0xfffc922c +je short loc_fffcae95 ; je 0xfffcae95 mov bl, byte [edx + ecx + 0x245] movzx esi, byte [ebp + eax - 0x2f] cmp bl, byte [ebp + eax - 0x2f] @@ -55453,24 +57552,24 @@ cmp bl, byte [ebp + eax - 0x2d] cmovl ebx, esi mov byte [ebp + eax - 0x2d], bl -loc_fffc922c: ; not directly referenced +loc_fffcae95: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffc91f1 ; jne 0xfffc91f1 -jmp short loc_fffc9246 ; jmp 0xfffc9246 +jne short loc_fffcae5a ; jne 0xfffcae5a +jmp short loc_fffcaeaf ; jmp 0xfffcaeaf -loc_fffc9234: ; not directly referenced +loc_fffcae9d: ; not directly referenced mov dword [ebp + eax*4 - 0x20], 1 mov byte [ebp + eax - 0x2f], 0 mov byte [ebp + eax - 0x2d], 0x7f -loc_fffc9246: ; not directly referenced +loc_fffcaeaf: ; not directly referenced inc eax add edx, 0x13c3 cmp eax, 2 -jne loc_fffc9167 ; jne 0xfffc9167 +jne loc_fffcadd0 ; jne 0xfffcadd0 cmp byte [ebp - 0x48], 0 -je short loc_fffc9281 ; je 0xfffc9281 +je short loc_fffcaeea ; je 0xfffcaeea mov dl, byte [ebp - 0x2d] mov al, 0x5f cmp byte [ebp - 0x2d], 0x5f @@ -55481,9 +57580,9 @@ mov dl, byte [ebp - 0x2c] cmp byte [ebp - 0x2c], 0x5f cmovge eax, edx mov byte [ebp - 0x2a], al -jmp short loc_fffc92a4 ; jmp 0xfffc92a4 +jmp short loc_fffcaf0d ; jmp 0xfffcaf0d -loc_fffc9281: ; not directly referenced +loc_fffcaeea: ; not directly referenced mov dl, byte [ebp - 0x2f] mov al, 0x20 cmp byte [ebp - 0x2f], 0x20 @@ -55495,7 +57594,7 @@ cmp byte [ebp - 0x2e], 0x20 cmovle eax, edx mov byte [ebp - 0x2a], al -loc_fffc92a4: ; not directly referenced +loc_fffcaf0d: ; not directly referenced mov al, byte [ebp - 0x2b] mov dword [ebp - 0x44], 0 mov byte [ebp - 0x29], al @@ -55509,59 +57608,59 @@ and dword [ebp - 0x48], 1 and eax, 1 mov byte [ebp - 0x4c], al -loc_fffc92cc: ; not directly referenced +loc_fffcaf35: ; not directly referenced mov eax, dword [ebp - 0x3c] xor ebx, ebx add dword [ebp - 0x44], eax -loc_fffc92d4: ; not directly referenced +loc_fffcaf3d: ; not directly referenced mov eax, dword [ebp - 0x40] bt eax, ebx -jae short loc_fffc930b ; jae 0xfffc930b +jae short loc_fffcaf74 ; jae 0xfffcaf74 mov al, byte [ebp - 0x3c] mov edx, ebx add byte [ebp + ebx - 0x2b], al imul eax, ebx, 0x13c3 mov cl, byte [ebp - 0x4b] -and cl, byte [edi + eax + 0x381a] +and cl, byte [edi + eax + 0x381b] mov eax, edi push 0 push 0 push dword [ebp - 0x44] movzx ecx, cl push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -loc_fffc930b: ; not directly referenced +loc_fffcaf74: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffc92d4 ; jne 0xfffc92d4 +jne short loc_fffcaf3d ; jne 0xfffcaf3d sub esp, 0xc push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0xc -movzx ecx, byte [edi + 0x248b] +movzx ecx, byte [edi + 0x248c] mov edx, dword [ebp - 0x40] lea eax, [ebp - 0x27] push 0 push 1 push eax mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 xor ecx, ecx mov byte [ebp - 0x4a], al -loc_fffc933e: ; not directly referenced +loc_fffcafa7: ; not directly referenced mov eax, 1 shl eax, cl test byte [ebp - 0x49], al -je short loc_fffc93c0 ; je 0xfffc93c0 +je short loc_fffcb029 ; je 0xfffcb029 cmp dword [ebp + ecx*4 - 0x20], 0 -jne short loc_fffc93c0 ; jne 0xfffc93c0 +jne short loc_fffcb029 ; jne 0xfffcb029 test byte [ebp - 0x4a], al -je short loc_fffc9389 ; je 0xfffc9389 +je short loc_fffcaff2 ; je 0xfffcaff2 mov bl, byte [ebp + ecx - 0x2b] mov dl, byte [ebp + ecx - 0x29] mov dword [ebp + ecx*4 - 0x20], 1 @@ -55569,29 +57668,29 @@ movsx eax, bl sub eax, dword [ebp - 0x3c] movsx esi, dl cmp eax, esi -jns short loc_fffc937c ; jns 0xfffc937c +jns short loc_fffcafe5 ; jns 0xfffcafe5 mov al, byte [ebp - 0x3c] add eax, edx sub eax, ebx -jmp short loc_fffc9383 ; jmp 0xfffc9383 +jmp short loc_fffcafec ; jmp 0xfffcafec -loc_fffc937c: ; not directly referenced +loc_fffcafe5: ; not directly referenced mov al, bl sub eax, dword [ebp - 0x3c] sub eax, edx -loc_fffc9383: ; not directly referenced +loc_fffcafec: ; not directly referenced mov esi, dword [ebp + 0xc] mov byte [esi + ecx], al -loc_fffc9389: ; not directly referenced +loc_fffcaff2: ; not directly referenced mov al, byte [ebp + ecx - 0x2b] cmp al, 0x7f sete bl test al, al sete dl or bl, dl -je short loc_fffc93c0 ; je 0xfffc93c0 +je short loc_fffcb029 ; je 0xfffcb029 mov bl, byte [ebp + ecx - 0x29] movsx edx, al movsx esi, byte [ebp + ecx - 0x29] @@ -55603,25 +57702,25 @@ cmovns ebx, eax mov eax, dword [ebp + 0xc] mov byte [eax + ecx], bl -loc_fffc93c0: ; not directly referenced +loc_fffcb029: ; not directly referenced inc ecx cmp ecx, 2 -jne loc_fffc933e ; jne 0xfffc933e +jne loc_fffcafa7 ; jne 0xfffcafa7 cmp byte [ebp - 0x4c], 0 mov al, 1 -je short loc_fffc93d9 ; je 0xfffc93d9 +je short loc_fffcb042 ; je 0xfffcb042 cmp dword [ebp - 0x20], 0 setne al -loc_fffc93d9: ; not directly referenced +loc_fffcb042: ; not directly referenced cmp dword [ebp - 0x48], 0 -je short loc_fffc93e9 ; je 0xfffc93e9 +je short loc_fffcb052 ; je 0xfffcb052 cmp dword [ebp - 0x1c], 0 -je loc_fffc92cc ; je 0xfffc92cc +je loc_fffcaf35 ; je 0xfffcaf35 -loc_fffc93e9: ; not directly referenced +loc_fffcb052: ; not directly referenced test al, al -je loc_fffc92cc ; je 0xfffc92cc +je loc_fffcaf35 ; je 0xfffcaf35 lea esp, [ebp - 0xc] pop ebx pop esi @@ -55629,7 +57728,7 @@ pop edi pop ebp ret -fcn_fffc93f9: ; not directly referenced +fcn_fffcb062: ; not directly referenced push ebp mov ebp, esp push edi @@ -55637,7 +57736,7 @@ push esi push ebx mov ebx, eax sub esp, 0x30 -mov edi, dword [ebx + 0x2443] +mov edi, dword [ebx + 0x2444] movzx eax, cl push 0 push 4 @@ -55656,12 +57755,12 @@ call dword [edi + 0x5c] ; ucall mov ecx, dword [ebp - 0x2c] xor edx, edx mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov ecx, dword [ebp - 0x2c] mov edx, 1 mov edi, eax mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 pop ecx mov ecx, dword [ebp - 0x2c] or eax, edi @@ -55672,33 +57771,33 @@ mov eax, ebx push esi xor esi, esi push 0 -call fcn_fffc912a ; call 0xfffc912a +call fcn_fffcad93 ; call 0xfffcad93 add esp, 0x10 -loc_fffc9467: ; not directly referenced +loc_fffcb0d0: ; not directly referenced bt edi, esi -jae short loc_fffc9493 ; jae 0xfffc9493 +jae short loc_fffcb0fc ; jae 0xfffcb0fc imul eax, esi, 0x13c3 mov cl, byte [ebp - 0x30] mov edx, esi -and cl, byte [ebx + eax + 0x381a] +and cl, byte [ebx + eax + 0x381b] mov eax, ebx push 0 push 0 push 0 movzx ecx, cl push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -loc_fffc9493: ; not directly referenced +loc_fffcb0fc: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffc9467 ; jne 0xfffc9467 +jne short loc_fffcb0d0 ; jne 0xfffcb0d0 sub esp, 0xc xor si, si push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d mov ecx, dword [ebp - 0x2c] pop eax pop edx @@ -55707,48 +57806,48 @@ lea eax, [ebp - 0x1c] push eax mov eax, ebx push 1 -call fcn_fffc912a ; call 0xfffc912a +call fcn_fffcad93 ; call 0xfffcad93 add esp, 0x10 -loc_fffc94bc: ; not directly referenced +loc_fffcb125: ; not directly referenced bt edi, esi -jae short loc_fffc94e8 ; jae 0xfffc94e8 +jae short loc_fffcb151 ; jae 0xfffcb151 imul eax, esi, 0x13c3 mov cl, byte [ebp - 0x30] mov edx, esi -and cl, byte [ebx + eax + 0x381a] +and cl, byte [ebx + eax + 0x381b] mov eax, ebx push 0 push 0 push 0 movzx ecx, cl push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -loc_fffc94e8: ; not directly referenced +loc_fffcb151: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffc94bc ; jne 0xfffc94bc +jne short loc_fffcb125 ; jne 0xfffcb125 sub esp, 0xc xor edi, edi push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d movzx eax, byte [ebp - 0x31] -lea esi, [ebx + 0x3218] +lea esi, [ebx + 0x3219] add esp, 0x10 mov dword [ebp - 0x30], eax -loc_fffc9509: ; not directly referenced +loc_fffcb172: ; not directly referenced mov eax, dword [ebp - 0x30] bt eax, edi -jb short loc_fffc9522 ; jb 0xfffc9522 +jb short loc_fffcb18b ; jb 0xfffcb18b -loc_fffc9511: ; not directly referenced +loc_fffcb17a: ; not directly referenced inc edi add esi, 0x48 cmp edi, 2 -jne short loc_fffc9509 ; jne 0xfffc9509 +jne short loc_fffcb172 ; jne 0xfffcb172 lea esp, [ebp - 0xc] pop ebx pop esi @@ -55756,7 +57855,7 @@ pop edi pop ebp ret -loc_fffc9522: ; not directly referenced +loc_fffcb18b: ; not directly referenced push 0 mov ecx, dword [ebp - 0x2c] mov edx, edi @@ -55764,7 +57863,7 @@ push 0 mov eax, ebx push 0 push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e movzx edx, byte [ebp + edi - 0x1c] add esp, 0x10 movzx eax, byte [ebp + edi - 0x1a] @@ -55778,1539 +57877,9 @@ mov dword [esi + 0x120], edx mov dword [esi + 0x124], eax mov dword [esi + 0x1b0], edx mov dword [esi + 0x1b4], eax -jmp short loc_fffc9511 ; jmp 0xfffc9511 - -fcn_fffc9574: ; not directly referenced -push ebp -mov eax, 0x80000002 -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 0x20] -mov ecx, dword [ebp + 0x10] -mov esi, dword [ebp + 0x14] -mov edi, dword [ebp + 0x18] -test ebx, ebx -je loc_fffc964a ; je 0xfffc964a -cmp ecx, 0xb -ja loc_fffc964a ; ja 0xfffc964a -push eax -mov edx, ecx -push dword [ebp + 0x1c] -mov eax, 1 -mov dword [ebp - 0x1c], ecx -push edi -push esi -call fcn_fffac5c7 ; call 0xfffac5c7 -add esp, 0x10 -mov ecx, dword [ebp - 0x1c] -test eax, eax -js loc_fffc964a ; js 0xfffc964a -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x1e], al -mov eax, ecx -and eax, 3 -mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] -dec eax -test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] -sete byte [ebp - 0x1d] -mov dword [ebp - 0x28], eax - -loc_fffc95f2: ; not directly referenced -cmp dword [ebp + 0x1c], 0 -je short loc_fffc9648 ; je 0xfffc9648 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffc9604 ; jne 0xfffc9604 -mov dl, byte [ebx] -mov byte [esi], dl -jmp short loc_fffc9637 ; jmp 0xfffc9637 - -loc_fffc9604: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffc9618 ; jne 0xfffc9618 -movzx eax, word [ebx] -push edx -push edx -push eax -push esi -call fcn_fffb3d20 ; call 0xfffb3d20 -jmp short loc_fffc9628 ; jmp 0xfffc9628 - -loc_fffc9618: ; not directly referenced -cmp dword [ebp - 0x1c], 2 -jne short loc_fffc962d ; jne 0xfffc962d -push eax -push eax -push dword [ebx] -push esi -call fcn_fffb3d84 ; call 0xfffb3d84 - -loc_fffc9628: ; not directly referenced -add esp, 0x10 -jmp short loc_fffc9637 ; jmp 0xfffc9637 - -loc_fffc962d: ; not directly referenced -mov eax, dword [ebx] -mov edx, dword [ebx + 4] -mov dword [esi], eax -mov dword [esi + 4], edx - -loc_fffc9637: ; not directly referenced -movzx eax, byte [ebp - 0x1e] -add esi, dword [ebp - 0x28] -adc edi, dword [ebp - 0x24] -dec dword [ebp + 0x1c] -add ebx, eax -jmp short loc_fffc95f2 ; jmp 0xfffc95f2 +jmp short loc_fffcb17a ; jmp 0xfffcb17a -loc_fffc9648: ; not directly referenced -xor eax, eax - -loc_fffc964a: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffc9652: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2cc -mov edi, dword [ebp + 8] -mov dword [ebp - 0x264], 1 -mov eax, dword [edi + 0x5edc] -mov edx, dword [edi + 0x2480] -mov dword [ebp - 0x260], eax -mov eax, dword [edi + 0x2443] -cmp edx, 3 -mov dword [ebp - 0x2a8], eax -sete al -movzx ebx, al -mov dword [ebp - 0x28c], ebx -mov ebx, dword [edi + 0x1887] -mov esi, ebx -mov dword [ebp - 0x2b0], ebx -mov ebx, dword [edi + 0x1883] -mov ecx, ebx -mov dword [ebp - 0x290], ebx -mov ebx, dword [edi + 0x188b] -mov dword [ebp - 0x294], ebx -xor ebx, ebx -cmp edx, 2 -sete bl -cmp esi, 0x306d0 -mov dword [ebp - 0x2b4], ebx -sete bl -cmp ecx, 3 -setbe dl -mov byte [ebp - 0x27b], bl -test bl, dl -jne short loc_fffc9703 ; jne 0xfffc9703 -test ecx, ecx -sete dl -xor ebx, ebx -cmp esi, 0x40670 -sete bl -mov dword [ebp - 0x264], ebx -and dword [ebp - 0x264], edx - -loc_fffc9703: ; not directly referenced -and al, byte [ebp - 0x27b] -cmp dword [ebp - 0x294], 1 -movzx eax, al -mov dword [ebp - 0x2b8], eax -mov eax, dword [ebp - 0x260] -movzx eax, byte [eax + 0x1c5] -mov dword [ebp - 0x298], eax -movzx eax, byte [edi + 0x1965] -mov dword [ebp - 0x288], eax -jne short loc_fffc9780 ; jne 0xfffc9780 -cmp dword [ebp - 0x290], 4 -mov byte [ebp - 0x27a], 0x10 -mov byte [ebp - 0x280], 0xf0 -setbe al -test byte [ebp - 0x27b], al -mov byte [ebp - 0x279], 4 -je short loc_fffc9795 ; je 0xfffc9795 -cmp dword [edi + 0x36d7], 0x640 -mov eax, 0 -cmovbe eax, dword [ebp - 0x288] -mov dword [ebp - 0x288], eax -jmp short loc_fffc9795 ; jmp 0xfffc9795 - -loc_fffc9780: ; not directly referenced -mov byte [ebp - 0x27a], 8 -mov byte [ebp - 0x280], 0xf8 -mov byte [ebp - 0x279], 1 - -loc_fffc9795: ; not directly referenced -mov eax, dword [ebp - 0x260] -xor esi, esi -add eax, 0x1c -mov dword [ebp - 0x2a0], eax -mov dword [ebp - 0x268], eax - -loc_fffc97ac: ; not directly referenced -imul eax, esi, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffc97ce ; je 0xfffc97ce - -loc_fffc97bc: ; not directly referenced -inc esi -add dword [ebp - 0x268], 0xcc -cmp esi, 2 -jne short loc_fffc97ac ; jne 0xfffc97ac -jmp short loc_fffc9837 ; jmp 0xfffc9837 - -loc_fffc97ce: ; not directly referenced -mov byte [ebp - 0x25c], 0 - -loc_fffc97d5: ; not directly referenced -mov al, byte [ebp - 0x25c] -cmp al, byte [edi + 0x2488] -jae short loc_fffc97bc ; jae 0xfffc97bc -movzx ecx, byte [ebp - 0x25c] -mov eax, dword [ebp - 0x268] -mov edx, dword [ebp - 0x298] -mov ebx, dword [eax + ecx*4 + 0x28] -or ebx, 0x60 -mov eax, ebx -and eax, 0xffbfffff -test edx, edx -mov edx, dword [ebp - 0x2b4] -cmovne ebx, eax -mov eax, ebx -and eax, 0xffdfffff -test edx, edx -mov edx, esi -cmovne ebx, eax -mov eax, edi -call fcn_fffa720e ; call 0xfffa720e -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x25c] -jmp short loc_fffc97d5 ; jmp 0xfffc97d5 - -loc_fffc9837: ; not directly referenced -cmp dword [ebp - 0x298], 0 -je short loc_fffc9894 ; je 0xfffc9894 -mov edx, 0x3a28 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x3a28 -mov dword [ebp - 0x2ac], eax -mov eax, edi -and dword [ebp - 0x2ac], 0xfffffffd -mov ecx, dword [ebp - 0x2ac] -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -or ah, 1 -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x96 -mov eax, edi -call fcn_fffa834b ; call 0xfffa834b - -loc_fffc9894: ; not directly referenced -movzx eax, byte [ebp - 0x280] -mov dword [ebp - 0x278], 1 -mov dword [ebp - 0x26c], 0 -mov dword [ebp - 0x2c8], eax - -loc_fffc98b5: ; not directly referenced -mov ebx, dword [ebp - 0x278] -mov byte [ebp - 0x270], bl -test bl, bl -je short loc_fffc98db ; je 0xfffc98db -cmp dword [ebp - 0x294], 0 -sete al -or al, byte [ebp - 0x264] -jne loc_fffca060 ; jne 0xfffca060 - -loc_fffc98db: ; not directly referenced -mov esi, dword [ebp - 0x2a8] -push eax -push 0 -push 0x24 -lea eax, [ebp - 0x1c8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x24 -lea eax, [ebp - 0x1ec] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push dword [ebp - 0x2c8] -lea eax, [ebp - 0x234] -push 0x12 -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0xff -push 0x12 -lea eax, [ebp - 0x210] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x12 -lea eax, [ebp - 0x222] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -lea eax, [edi + 0x3756] -add esp, 0x10 -mov dword [ebp - 0x274], eax -mov esi, eax -mov dword [ebp - 0x268], 0 - -loc_fffc9960: ; not directly referenced -cmp dword [esi], 2 -je short loc_fffc999c ; je 0xfffc999c - -loc_fffc9965: ; not directly referenced -inc dword [ebp - 0x268] -add esi, 0x13c3 -cmp dword [ebp - 0x268], 2 -jne short loc_fffc9960 ; jne 0xfffc9960 -mov al, byte [ebp - 0x280] -mov byte [ebp - 0x29c], 0 -mov byte [ebp - 0x25c], al -imul eax, dword [ebp - 0x278], 0x12 -mov dword [ebp - 0x2c0], eax -jmp short loc_fffc9a0c ; jmp 0xfffc9a0c - -loc_fffc999c: ; not directly referenced -xor ebx, ebx - -loc_fffc999e: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffc9965 ; jae 0xfffc9965 -movzx eax, bl -mov dword [ebp - 0x26c], eax -mov byte [esi + eax + 0x101d], 0 -mov dword [ebp - 0x25c], 0 - -loc_fffc99c1: ; not directly referenced -mov cl, byte [ebp - 0x25c] -mov eax, 1 -shl eax, cl -test byte [esi + 0xc4], al -je short loc_fffc99fa ; je 0xfffc99fa -push eax -mov ecx, dword [ebp - 0x25c] -mov eax, edi -push 0 -mov edx, dword [ebp - 0x268] -push 0xff -push dword [ebp - 0x26c] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 - -loc_fffc99fa: ; not directly referenced -inc dword [ebp - 0x25c] -cmp dword [ebp - 0x25c], 4 -jne short loc_fffc99c1 ; jne 0xfffc99c1 -inc ebx -jmp short loc_fffc999e ; jmp 0xfffc999e - -loc_fffc9a0c: ; not directly referenced -cmp byte [ebp - 0x270], 0 -jne short loc_fffc9a42 ; jne 0xfffc9a42 -push 0 -movsx eax, byte [ebp - 0x25c] -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 -push 1 -push 0 -push eax -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov dword [ebp - 0x26c], eax -jmp short loc_fffc9a96 ; jmp 0xfffc9a96 - -loc_fffc9a42: ; not directly referenced -push 0 -mov bl, byte [ebp - 0x25c] -push 0 -push 0 -push 0 -push 0 -and ebx, 1 -push 0 -movzx eax, bl -push 0 -push 1 -push 0 -push eax -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov esi, dword [ebp - 0x25c] -mov dl, 2 -add esp, 0x30 -mov dword [ebp - 0x26c], eax -mov eax, esi -cbw -idiv dl -mov edx, esi -shr dl, 7 -mov byte [ebp - 0x29c], al -test bl, dl -je short loc_fffc9a96 ; je 0xfffc9a96 -dec eax -mov byte [ebp - 0x29c], al - -loc_fffc9a96: ; not directly referenced -mov eax, edi -or edx, 0xffffffff -call fcn_fffaa226 ; call 0xfffaa226 -mov eax, dword [ebp - 0x274] -mov dword [ebp - 0x268], 0 -mov dword [ebp - 0x284], eax - -loc_fffc9ab6: ; not directly referenced -mov eax, dword [ebp - 0x284] -cmp dword [eax], 2 -jne loc_fffc9c1d ; jne 0xfffc9c1d -cmp byte [ebp - 0x270], 1 -je short loc_fffc9b2c ; je 0xfffc9b2c - -loc_fffc9ace: ; not directly referenced -mov esi, dword [ebp - 0x268] -mov ecx, 0xff -mov ebx, dword [ebp - 0x260] -imul eax, esi, 0xcc -mov edx, esi -mov ebx, dword [ebx + eax + 0x1c] -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -and ebx, 0xfe0ffff7 -or ebx, 0x1100008 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, edi -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -lea eax, [esi + esi*8] -lea esi, [ebp - 0x18] -add eax, esi -mov byte [ebp - 0x2a4], 0 -mov dword [ebp - 0x2bc], eax -jmp short loc_fffc9b9d ; jmp 0xfffc9b9d - -loc_fffc9b2c: ; not directly referenced -mov byte [ebp - 0x2a4], 0 - -loc_fffc9b33: ; not directly referenced -mov al, byte [ebp - 0x2a4] -cmp al, byte [edi + 0x2488] -jae short loc_fffc9ace ; jae 0xfffc9ace -mov ebx, dword [ebp - 0x284] -movzx esi, byte [ebp - 0x2a4] -mov al, byte [ebp - 0x29c] -mov byte [ebx + esi + 0x101d], al -xor ebx, ebx - -loc_fffc9b5d: ; not directly referenced -mov cl, bl -mov eax, 1 -shl eax, cl -mov ecx, dword [ebp - 0x284] -test byte [ecx + 0xc4], al -je short loc_fffc9b8f ; je 0xfffc9b8f -mov edx, dword [ebp - 0x268] -mov ecx, ebx -push eax -mov eax, edi -push 0 -push 0xff -push esi -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 - -loc_fffc9b8f: ; not directly referenced -inc ebx -cmp ebx, 4 -jne short loc_fffc9b5d ; jne 0xfffc9b5d -inc byte [ebp - 0x2a4] -jmp short loc_fffc9b33 ; jmp 0xfffc9b33 - -loc_fffc9b9d: ; not directly referenced -mov al, byte [ebp - 0x2a4] -cmp al, byte [edi + 0x2488] -jae short loc_fffc9bfd ; jae 0xfffc9bfd -movzx esi, byte [ebp - 0x2a4] -mov eax, edi -mov edx, dword [ebp - 0x268] -mov ecx, esi -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -movzx edx, al -movzx eax, dx -mov dword [ebp - 0x2c4], edx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov edx, dword [ebp - 0x2c4] -add esi, dword [ebp - 0x2bc] -inc byte [ebp - 0x2a4] -and byte [esi - 0x1f8], dl -neg eax -mov byte [esi - 0x22e], al -jmp short loc_fffc9b9d ; jmp 0xfffc9b9d - -loc_fffc9bfd: ; not directly referenced -mov edx, dword [ebp - 0x268] -mov ecx, 0xff -mov eax, edi -and ebx, 0xfffffff7 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffc9c1d: ; not directly referenced -inc dword [ebp - 0x268] -add dword [ebp - 0x284], 0x13c3 -cmp dword [ebp - 0x268], 2 -jne loc_fffc9ab6 ; jne 0xfffc9ab6 -mov eax, edi -mov edx, 0x11111111 -call fcn_fffaa226 ; call 0xfffaa226 -mov eax, dword [ebp - 0x274] -xor esi, esi -mov dword [ebp - 0x2a4], eax - -loc_fffc9c54: ; not directly referenced -mov eax, dword [ebp - 0x2a4] -cmp dword [eax], 2 -jne loc_fffc9dce ; jne 0xfffc9dce -mov ebx, dword [ebp - 0x260] -imul eax, esi, 0xcc -mov ecx, 0xff -mov edx, esi -mov eax, dword [ebx + eax + 0x1c] -lea ebx, [ebp - 0x18] -mov dword [ebp - 0x268], eax -mov eax, edi -and dword [ebp - 0x268], 0xfe0ffff7 -or dword [ebp - 0x268], 0x1100008 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebp - 0x268] -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, edi -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -lea eax, [esi + esi*8] -add ebx, eax -mov byte [ebp - 0x284], 0 -mov dword [ebp - 0x2bc], eax -mov dword [ebp - 0x2c4], ebx - -loc_fffc9cd1: ; not directly referenced -mov al, byte [ebp - 0x284] -cmp al, byte [edi + 0x2488] -jae loc_fffc9dac ; jae 0xfffc9dac -movzx ebx, byte [ebp - 0x284] -mov edx, esi -mov eax, edi -mov ecx, ebx -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -movzx ecx, al -movzx eax, cx -mov dword [ebp - 0x2cc], ecx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov ecx, dword [ebp - 0x2c4] -lea edx, [ecx + ebx] -mov ecx, dword [ebp - 0x2cc] -or byte [edx - 0x20a], cl -add al, byte [edx - 0x22e] -mov byte [edx - 0x22e], al -cmp al, byte [edx - 0x21c] -jle short loc_fffc9d81 ; jle 0xfffc9d81 -mov byte [edx - 0x21c], al -mov eax, dword [ebp - 0x2c0] -lea ecx, [ebp - 0x18] -add eax, dword [ebp - 0x2bc] -add eax, ecx -mov cl, byte [ebp - 0x25c] -add eax, ebx -cmp byte [ebp - 0x270], 0 -mov byte [eax - 0x1b0], cl -mov byte [eax - 0x1d4], cl -jne short loc_fffc9da1 ; jne 0xfffc9da1 -mov ecx, dword [ebp - 0x2a4] -mov al, byte [ebp - 0x25c] -mov byte [ecx + ebx + 0x101d], al -jmp short loc_fffc9da1 ; jmp 0xfffc9da1 - -loc_fffc9d81: ; not directly referenced -jne short loc_fffc9da1 ; jne 0xfffc9da1 -mov eax, dword [ebp - 0x2c0] -lea ecx, [ebp - 0x18] -add eax, dword [ebp - 0x2bc] -add eax, ecx -mov cl, byte [ebp - 0x25c] -mov byte [ebx + eax - 0x1b0], cl - -loc_fffc9da1: ; not directly referenced -inc byte [ebp - 0x284] -jmp near loc_fffc9cd1 ; jmp 0xfffc9cd1 - -loc_fffc9dac: ; not directly referenced -mov ecx, 0xff -mov edx, esi -mov ebx, dword [ebp - 0x268] -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -and ebx, 0xfffffff7 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffc9dce: ; not directly referenced -inc esi -add dword [ebp - 0x2a4], 0x13c3 -cmp esi, 2 -jne loc_fffc9c54 ; jne 0xfffc9c54 -inc byte [ebp - 0x25c] -mov al, byte [ebp - 0x27a] -cmp byte [ebp - 0x25c], al -jle loc_fffc9a0c ; jle 0xfffc9a0c -push 0 -xor ebx, ebx -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 -push 1 -push 0 -push 0 -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov eax, dword [ebp - 0x274] -add esp, 0x30 -mov dword [ebp - 0x25c], eax -imul eax, dword [ebp - 0x278], 0x12 -mov dword [ebp - 0x2a4], eax - -loc_fffc9e34: ; not directly referenced -mov eax, dword [ebp - 0x25c] -mov dword [ebp + ebx*4 - 0x250], 0 -cmp dword [eax], 2 -je short loc_fffc9e5f ; je 0xfffc9e5f - -loc_fffc9e4a: ; not directly referenced -inc ebx -add dword [ebp - 0x25c], 0x13c3 -cmp ebx, 2 -jne short loc_fffc9e34 ; jne 0xfffc9e34 -jmp near loc_fffc9fa4 ; jmp 0xfffc9fa4 - -loc_fffc9e5f: ; not directly referenced -lea eax, [ebx + ebx*8] -lea esi, [ebp - 0x18] -add esi, eax -mov byte [ebp - 0x284], 0 -mov dword [ebp - 0x29c], eax -mov dword [ebp - 0x2bc], esi - -loc_fffc9e7a: ; not directly referenced -mov al, byte [ebp - 0x284] -cmp al, byte [edi + 0x2488] -jae short loc_fffc9e4a ; jae 0xfffc9e4a -mov ecx, dword [ebp - 0x2a4] -lea eax, [ebp - 0x18] -add ecx, dword [ebp - 0x29c] -movzx esi, byte [ebp - 0x284] -add ecx, eax -add ecx, esi -mov dl, byte [ecx - 0x1d4] -mov al, byte [ecx - 0x1b0] -sub eax, edx -mov byte [ecx - 0x168], al -mov cl, 2 -cbw -idiv cl -add eax, edx -cmp dword [ebp - 0x264], 0 -mov dl, al -je short loc_fffc9efd ; je 0xfffc9efd -mov ecx, dword [ebp - 0x2bc] -mov byte [esi + ecx - 0x1e6], al -movsx eax, al -push 0 -push 0 -push 0 -push 0 -push esi -push 0xff -push ebx -push 0 -push 0 -push eax -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp near loc_fffc9f99 ; jmp 0xfffc9f99 - -loc_fffc9efd: ; not directly referenced -cmp byte [ebp - 0x270], 0 -jne short loc_fffc9f13 ; jne 0xfffc9f13 -lea eax, [edx - 1] -test dl, dl -lea ecx, [edx + 1] -cmovns eax, ecx -mov dl, al - -loc_fffc9f13: ; not directly referenced -movsx eax, dl -mov cl, 2 -add dword [ebp + ebx*4 - 0x250], eax -movsx ax, dl -idiv cl -mov ecx, dword [ebp - 0x25c] -mov edx, dword [ebp - 0x2a4] -add edx, dword [ebp - 0x29c] -mov dword [ebp - 0x268], 0 -mov byte [ecx + esi + 0x101d], al -lea ecx, [ebp - 0x18] -add edx, ecx -mov byte [esi + edx - 0x18c], al - -loc_fffc9f54: ; not directly referenced -mov cl, byte [ebp - 0x268] -mov eax, 1 -mov edx, dword [ebp - 0x25c] -shl eax, cl -test byte [edx + 0xc4], al -je short loc_fffc9f8a ; je 0xfffc9f8a -push ecx -mov ecx, dword [ebp - 0x268] -mov edx, ebx -push 0 -mov eax, edi -push 0xff -push esi -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 - -loc_fffc9f8a: ; not directly referenced -inc dword [ebp - 0x268] -cmp dword [ebp - 0x268], 4 -jne short loc_fffc9f54 ; jne 0xfffc9f54 - -loc_fffc9f99: ; not directly referenced -inc byte [ebp - 0x284] -jmp near loc_fffc9e7a ; jmp 0xfffc9e7a - -loc_fffc9fa4: ; not directly referenced -cmp dword [ebp - 0x294], 0 -sete al -or al, byte [ebp - 0x264] -jne loc_fffca060 ; jne 0xfffca060 -cmp byte [ebp - 0x270], 1 -je loc_fffca060 ; je 0xfffca060 -lea edx, [ebp - 0x180] -lea ecx, [ebp - 0x1a4] - -loc_fffc9fd3: ; not directly referenced -mov eax, dword [ebp - 0x274] -cmp dword [eax], 2 -jne short loc_fffca042 ; jne 0xfffca042 -mov al, byte [edi + 0x2488] -mov byte [ebp - 0x25c], al -xor eax, eax - -loc_fffc9fec: ; not directly referenced -cmp byte [ebp - 0x25c], al -jbe short loc_fffca042 ; jbe 0xfffca042 -cmp dword [ebp - 0x288], 0 -je short loc_fffca03f ; je 0xfffca03f -movsx esi, byte [edx + eax + 0x12] -movsx ebx, byte [edx + eax] -sub ebx, esi -mov esi, ebx -sar esi, 0x1f -xor ebx, esi -sub ebx, esi -cmp ebx, 4 -jle short loc_fffca03f ; jle 0xfffca03f -movsx esi, byte [ecx + eax + 0x12] -movsx ebx, byte [ecx + eax] -sub ebx, esi -mov esi, ebx -sar esi, 0x1f -xor ebx, esi -sub ebx, esi -mov esi, 5 -cmp ebx, 3 -cmovl esi, dword [ebp - 0x26c] -mov dword [ebp - 0x26c], esi - -loc_fffca03f: ; not directly referenced -inc eax -jmp short loc_fffc9fec ; jmp 0xfffc9fec - -loc_fffca042: ; not directly referenced -add edx, 9 -add ecx, 9 -lea eax, [ebp - 0x16e] -add dword [ebp - 0x274], 0x13c3 -cmp edx, eax -jne loc_fffc9fd3 ; jne 0xfffc9fd3 - -loc_fffca060: ; not directly referenced -dec dword [ebp - 0x278] -cmp dword [ebp - 0x278], 0xffffffff -jne loc_fffc98b5 ; jne 0xfffc98b5 -cmp dword [ebp - 0x294], 1 -jne loc_fffca197 ; jne 0xfffca197 -cmp dword [ebp - 0x26c], 5 -mov eax, 5 -sete cl -cmp dword [ebp - 0x288], 0 -setne dl -test cl, dl -jne loc_fffca879 ; jne 0xfffca879 -cmp dword [ebp - 0x290], 3 -seta al -test byte [ebp - 0x27b], al -jne short loc_fffca0ce ; jne 0xfffca0ce -cmp dword [ebp - 0x290], 0 -setne dl -cmp dword [ebp - 0x2b0], 0x40670 -sete al -test dl, al -je short loc_fffca140 ; je 0xfffca140 - -loc_fffca0ce: ; not directly referenced -mov eax, dword [ebp - 0x250] -movzx ecx, byte [edi + 0x2488] -add eax, dword [ebp - 0x24c] -add ecx, ecx -cdq -idiv ecx -mov dword [ebp - 0x250], eax - -loc_fffca0ec: ; not directly referenced -cmp dword [edi + 0x3756], 2 -mov eax, dword [ebp - 0x250] -jne short loc_fffca107 ; jne 0xfffca107 -mov ebx, dword [ebp - 0x260] -mov dword [ebx + 0xe3], eax - -loc_fffca107: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffca11c ; jne 0xfffca11c -mov ebx, dword [ebp - 0x260] -mov dword [ebx + 0x1af], eax - -loc_fffca11c: ; not directly referenced -mov ebx, dword [ebp - 0x260] -cmp dword [ebp - 0x28c], 0 -mov dword [ebx + 0x1b4], eax -mov ebx, eax -je short loc_fffca14c ; je 0xfffca14c -mov ebx, 3 -cmp eax, 3 -cmovle ebx, eax -jmp short loc_fffca14c ; jmp 0xfffca14c - -loc_fffca140: ; not directly referenced -mov dword [ebp - 0x250], 0xfffffff0 -jmp short loc_fffca0ec ; jmp 0xfffca0ec - -loc_fffca14c: ; not directly referenced -push 1 -push 0 -push 0 -push 0xff -push ebx -push 1 -push 0 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 -push 1 -push 0 -push 0 -push 0xff -push ebx -push 1 -push 1 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 -push 0 -push 0 -push 0 -push 0xff -push ebx -push 1 -push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 - -loc_fffca197: ; not directly referenced -mov eax, dword [ebp - 0x2a8] -lea ebx, [ebp - 0x15c] -push edx -push 0 -push 0xa2 -push ebx -call dword [eax + 0x5c] ; ucall -add esp, 0xc -mov eax, dword [ebp - 0x2a8] -push 0 -push 0xa2 -lea esi, [ebp - 0xba] -push esi -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -cmp dword [ebp - 0x28c], 1 -mov dword [ebp - 0x260], 1 -mov dword [ebp - 0x288], esi -sbb eax, eax -mov dword [ebp - 0x26c], eax -add byte [ebp - 0x26c], 9 -mov dword [ebp - 0x290], ebx - -loc_fffca1f8: ; not directly referenced -mov al, byte [ebp - 0x260] -xor ecx, ecx -xor edx, edx -mov byte [ebp - 0x278], al - -loc_fffca208: ; not directly referenced -mov eax, dword [ebp - 0x260] -shl eax, cl -add ecx, 4 -add edx, eax -cmp ecx, 0x20 -jne short loc_fffca208 ; jne 0xfffca208 -mov eax, edi -call fcn_fffaa226 ; call 0xfffaa226 -mov eax, dword [ebp - 0x2a0] -mov dword [ebp - 0x25c], 0 -mov dword [ebp - 0x270], eax -mov eax, dword [ebp - 0x260] -and eax, 0xf -mov dword [ebp - 0x280], eax -shl dword [ebp - 0x280], 9 - -loc_fffca24d: ; not directly referenced -imul eax, dword [ebp - 0x25c], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffca428 ; jne 0xfffca428 -cmp dword [ebp - 0x28c], 0 -jne short loc_fffca2c2 ; jne 0xfffca2c2 - -loc_fffca26e: ; not directly referenced -mov eax, dword [ebp - 0x270] -mov ecx, 0xff -mov esi, dword [ebp - 0x25c] -mov ebx, dword [eax] -mov eax, edi -mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 -and ebx, 0xfe0ffff7 -or ebx, 0x1100008 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, edi -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -imul eax, esi, 0x51 -mov byte [ebp - 0x268], 0 -mov dword [ebp - 0x284], eax -jmp near loc_fffca39e ; jmp 0xfffca39e - -loc_fffca2c2: ; not directly referenced -mov byte [ebp - 0x268], 0 - -loc_fffca2c9: ; not directly referenced -mov al, byte [ebp - 0x268] -cmp al, byte [edi + 0x2488] -jae short loc_fffca26e ; jae 0xfffca26e -movzx esi, byte [ebp - 0x268] -mov eax, dword [ebp - 0x270] -mov ecx, dword [ebp - 0x298] -mov edx, dword [ebp - 0x25c] -lea eax, [eax + esi*4] -mov dword [ebp - 0x274], eax -mov eax, dword [eax + 0x28] -and ah, 0xe1 -or eax, dword [ebp - 0x280] -or eax, 0x60 -mov ebx, eax -and eax, 0xfffffe7f -and ebx, 0xffbffe7f -test ecx, ecx -mov ecx, dword [ebp - 0x2b4] -cmove ebx, eax -mov eax, ebx -and eax, 0xffdfffff -test ecx, ecx -mov ecx, esi -cmovne ebx, eax -mov eax, edi -call fcn_fffa720e ; call 0xfffa720e -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x2b8], 0 -je short loc_fffca370 ; je 0xfffca370 -mov edx, dword [ebp - 0x25c] -mov ecx, esi -mov eax, edi -call fcn_fffa724b ; call 0xfffa724b -mov esi, dword [ebp - 0x274] -mov ecx, dword [esi + 4] -mov edx, eax -mov eax, edi -and ecx, 0xc7ffffff -call fcn_fffae58c ; call 0xfffae58c - -loc_fffca370: ; not directly referenced -inc byte [ebp - 0x268] -jmp near loc_fffca2c9 ; jmp 0xfffca2c9 - -loc_fffca37b: ; not directly referenced -mov eax, dword [ebp - 0x274] -bt eax, edx -jae short loc_fffca3f7 ; jae 0xfffca3f7 -mov al, byte [ebp - 0x278] -mov byte [ecx + edx], al - -loc_fffca38f: ; not directly referenced -inc edx -cmp byte [ebp - 0x26c], dl -ja short loc_fffca37b ; ja 0xfffca37b -inc byte [ebp - 0x268] - -loc_fffca39e: ; not directly referenced -mov al, byte [ebp - 0x268] -cmp al, byte [edi + 0x2488] -jae short loc_fffca408 ; jae 0xfffca408 -movzx esi, byte [ebp - 0x268] -mov eax, edi -mov edx, dword [ebp - 0x25c] -mov ecx, esi -call fcn_fffa7617 ; call 0xfffa7617 -lea esi, [esi + esi*8] -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -xor edx, edx -add esi, dword [ebp - 0x284] -mov dword [ebp - 0x274], eax -mov eax, dword [ebp - 0x288] -and dword [ebp - 0x274], 0x1ff -lea ecx, [eax + esi] -add esi, dword [ebp - 0x290] -jmp short loc_fffca37b ; jmp 0xfffca37b - -loc_fffca3f7: ; not directly referenced -cmp byte [esi + edx], 0 -jne short loc_fffca38f ; jne 0xfffca38f -mov al, byte [ebp - 0x278] -mov byte [esi + edx], al -jmp short loc_fffca38f ; jmp 0xfffca38f - -loc_fffca408: ; not directly referenced -mov edx, dword [ebp - 0x25c] -mov ecx, 0xff -mov eax, edi -and ebx, 0xfffffff7 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffca428: ; not directly referenced -inc dword [ebp - 0x25c] -add dword [ebp - 0x270], 0xcc -cmp dword [ebp - 0x25c], 2 -jne loc_fffca24d ; jne 0xfffca24d -inc dword [ebp - 0x260] -cmp dword [ebp - 0x260], 0x10 -jne loc_fffca1f8 ; jne 0xfffca1f8 -mov ebx, dword [ebp - 0x2a0] -lea eax, [edi + 0x3756] -mov dword [ebp - 0x280], eax -mov dword [ebp - 0x260], eax -mov dword [ebp - 0x25c], 0 -mov dword [ebp - 0x278], ebx - -loc_fffca480: ; not directly referenced -mov eax, dword [ebp - 0x260] -cmp dword [eax], 2 -je short loc_fffca4b3 ; je 0xfffca4b3 - -loc_fffca48b: ; not directly referenced -inc dword [ebp - 0x25c] -add dword [ebp - 0x260], 0x13c3 -add dword [ebp - 0x278], 0xcc -cmp dword [ebp - 0x25c], 2 -jne short loc_fffca480 ; jne 0xfffca480 -jmp near loc_fffca660 ; jmp 0xfffca660 - -loc_fffca4b3: ; not directly referenced -mov esi, dword [ebp - 0x25c] -mov byte [ebp - 0x268], 0 -mov eax, esi -imul esi, esi, 0x51 -shl eax, 8 -mov dword [ebp - 0x29c], eax -add eax, 0x4c -mov dword [ebp - 0x288], eax -mov dword [ebp - 0x284], esi - -loc_fffca4dd: ; not directly referenced -movzx eax, byte [ebp - 0x268] -cmp al, byte [edi + 0x2488] -jae short loc_fffca48b ; jae 0xfffca48b -mov esi, eax -mov dword [ebp - 0x270], eax -lea eax, [eax + eax*8] -add eax, dword [ebp - 0x284] -lea ebx, [ebp - 0x15c] -lea edx, [ebp - 0xba] -add ebx, eax -add eax, edx -mov dword [ebp - 0x294], eax -imul eax, esi, 0x18 -mov dword [ebp - 0x2a4], ebx -xor ebx, ebx -mov dword [ebp - 0x274], 0 -mov dword [ebp - 0x290], eax - -loc_fffca52e: ; not directly referenced -mov eax, dword [ebp - 0x2a4] -mov dl, byte [eax + ebx] -mov eax, dword [ebp - 0x294] -movsx ecx, byte [eax + ebx] -mov al, 0xf -test dl, dl -je short loc_fffca55a ; je 0xfffca55a -xor eax, eax -test cl, cl -je short loc_fffca55a ; je 0xfffca55a -movsx eax, dl -mov esi, 2 -add eax, ecx -cdq -idiv esi - -loc_fffca55a: ; not directly referenced -cmp dword [ebp - 0x28c], 0 -je short loc_fffca5ba ; je 0xfffca5ba -cmp bl, 8 -jne short loc_fffca5ba ; jne 0xfffca5ba -mov dl, 0xf -cmp al, 6 -jg short loc_fffca574 ; jg 0xfffca574 -lea edx, [eax + 8] -and edx, 0xf - -loc_fffca574: ; not directly referenced -mov eax, dword [ebp - 0x270] -and edx, 0xf -mov esi, dword [ebp - 0x278] -add edx, edx -lea ecx, [eax + 8] -mov al, byte [esi + ecx*4 + 9] -and eax, 0xffffffe1 -or eax, edx -mov byte [esi + ecx*4 + 9], al - -loc_fffca595: ; not directly referenced -mov eax, dword [ebp - 0x270] -mov ebx, dword [ebp - 0x288] -mov esi, dword [ebp - 0x29c] -shl eax, 9 -add ebx, eax -mov dword [ebp - 0x270], ebx -lea esi, [esi + eax + 0x50] -xor ebx, ebx -jmp short loc_fffca604 ; jmp 0xfffca604 - -loc_fffca5ba: ; not directly referenced -mov edx, eax -lea esi, [ebx + ebx*2] -and edx, 0xf -add esi, dword [ebp - 0x290] -add esi, dword [ebp - 0x260] -lea ecx, [ebx*4] -shl edx, cl -add dword [ebp - 0x274], edx -xor edx, edx - -loc_fffca5df: ; not directly referenced -imul ecx, edx, 0xd8 -inc edx -mov byte [esi + ecx + 0x942], al -cmp byte [ebp - 0x279], dl -ja short loc_fffca5df ; ja 0xfffca5df -inc ebx -cmp byte [ebp - 0x26c], bl -ja loc_fffca52e ; ja 0xfffca52e -jmp short loc_fffca595 ; jmp 0xfffca595 - -loc_fffca604: ; not directly referenced -mov eax, dword [edi + 0x188b] -mov edx, dword [ebp - 0x270] -test eax, eax -je short loc_fffca61a ; je 0xfffca61a -xor edx, edx -dec eax -cmove edx, esi - -loc_fffca61a: ; not directly referenced -mov ecx, dword [ebp - 0x274] -mov eax, edi -inc ebx -add esi, 4 -call fcn_fffae58c ; call 0xfffae58c -cmp bl, byte [ebp - 0x279] -jb short loc_fffca604 ; jb 0xfffca604 -sub esp, 0xc -mov edx, dword [ebp - 0x25c] -mov ecx, 1 -push 0 -mov eax, edi -push 1 -push 0 -push 0 -push 0 -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 -inc byte [ebp - 0x268] -jmp near loc_fffca4dd ; jmp 0xfffca4dd - -loc_fffca660: ; not directly referenced -cmp dword [ebp - 0x264], 0 -jne short loc_fffca6b9 ; jne 0xfffca6b9 - -loc_fffca669: ; not directly referenced -cmp dword [ebp - 0x298], 0 -je loc_fffca7b3 ; je 0xfffca7b3 -mov ecx, dword [ebp - 0x2ac] -mov eax, edi -mov edx, 0x3a28 -or ecx, 2 -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -or ah, 1 -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0xe1 -mov eax, edi -call fcn_fffa834b ; call 0xfffa834b -jmp near loc_fffca7b3 ; jmp 0xfffca7b3 - -loc_fffca6b9: ; not directly referenced -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 -push 1 -push 0 -push 0 -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov ebx, dword [ebp - 0x280] -add esp, 0x30 -mov dword [ebp - 0x260], 0 - -loc_fffca6e8: ; not directly referenced -cmp dword [ebx], 2 -je short loc_fffca708 ; je 0xfffca708 - -loc_fffca6ed: ; not directly referenced -inc dword [ebp - 0x260] -add ebx, 0x13c3 -cmp dword [ebp - 0x260], 2 -je loc_fffca669 ; je 0xfffca669 -jmp short loc_fffca6e8 ; jmp 0xfffca6e8 - -loc_fffca708: ; not directly referenced -imul eax, dword [ebp - 0x260], 9 -lea esi, [ebp - 0x18] -mov byte [ebp - 0x264], 0 -add eax, esi -mov dword [ebp - 0x268], eax - -loc_fffca721: ; not directly referenced -mov al, byte [ebp - 0x264] -cmp al, byte [edi + 0x2488] -jae short loc_fffca6ed ; jae 0xfffca6ed -movzx esi, byte [ebp - 0x264] -mov eax, dword [ebp - 0x268] -mov dword [ebp - 0x25c], 0 -mov dl, byte [esi + eax - 0x1e6] -test dl, dl -lea eax, [edx - 1] -lea ecx, [edx + 1] -mov dl, 2 -cmovns eax, ecx -cbw -idiv dl -mov byte [ebx + esi + 0x101d], al - -loc_fffca765: ; not directly referenced -mov cl, byte [ebp - 0x25c] -mov eax, 1 -shl eax, cl -test byte [ebx + 0xc4], al -je short loc_fffca799 ; je 0xfffca799 -mov ecx, dword [ebp - 0x25c] -push eax -mov edx, dword [ebp - 0x260] -mov eax, edi -push 0 -push 0xff -push esi -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 - -loc_fffca799: ; not directly referenced -inc dword [ebp - 0x25c] -cmp dword [ebp - 0x25c], 4 -jne short loc_fffca765 ; jne 0xfffca765 -inc byte [ebp - 0x264] -jmp near loc_fffca721 ; jmp 0xfffca721 - -loc_fffca7b3: ; not directly referenced -mov esi, dword [ebp - 0x2a0] -xor ebx, ebx - -loc_fffca7bb: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffca862 ; jne 0xfffca862 -mov byte [ebp - 0x25c], 0 - -loc_fffca7d6: ; not directly referenced -mov al, byte [ebp - 0x25c] -cmp al, byte [edi + 0x2488] -jae short loc_fffca849 ; jae 0xfffca849 -movzx eax, byte [ebp - 0x25c] -mov edx, ebx -mov ecx, eax -mov dword [ebp - 0x260], eax -mov eax, edi -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0x260] -lea ecx, [esi + ecx*4] -mov dword [ebp - 0x264], ecx -mov ecx, dword [ecx + 0x28] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x2b8], 0 -je short loc_fffca841 ; je 0xfffca841 -mov ecx, dword [ebp - 0x260] -mov edx, ebx -mov eax, edi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [ebp - 0x264] -mov ecx, dword [ecx + 4] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffca841: ; not directly referenced -inc byte [ebp - 0x25c] -jmp short loc_fffca7d6 ; jmp 0xfffca7d6 - -loc_fffca849: ; not directly referenced -mov ecx, 0xff -mov edx, ebx -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [esi] -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffca862: ; not directly referenced -inc ebx -add esi, 0xcc -cmp ebx, 2 -jne loc_fffca7bb ; jne 0xfffca7bb -mov eax, edi -call fcn_fffb0e8a ; call 0xfffb0e8a - -loc_fffca879: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffca881: ; not directly referenced -push ebp -mov ebp, esp -push esi -push ebx -mov ebx, dword [ebp + 8] -push edx -push edx -movzx ecx, byte [ebx + 0x248e] -lea esi, [ebx + 0x2490] -mov eax, ebx -push 0 -mov edx, esi -push 0xf -push 1 -push 0 -push 1 -push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 -test eax, eax -jne short loc_fffca8f5 ; jne 0xfffca8f5 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffca8d4 ; jne 0xfffca8d4 -cmp dword [ebx + 0x2480], 1 -jne short loc_fffca8d4 ; jne 0xfffca8d4 -mov ecx, 2 -mov edx, esi -mov eax, ebx -call fcn_fffbd80c ; call 0xfffbd80c - -loc_fffca8d4: ; not directly referenced -push eax -mov edx, esi -push eax -movzx ecx, byte [ebx + 0x248e] -mov eax, ebx -push 1 -push 0xf -push 0 -push 0 -push 0 -push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 - -loc_fffca8f5: ; not directly referenced -lea esp, [ebp - 8] -pop ebx -pop esi -pop ebp -ret - -fcn_fffca8fc: ; not directly referenced -push ebp -mov ebp, esp -push esi -push ebx -mov ebx, dword [ebp + 8] -push edx -push edx -movzx ecx, byte [ebx + 0x248e] -lea esi, [ebx + 0x2490] -mov eax, ebx -push 0 -mov edx, esi -push 0xf -push 1 -push 0 -push 1 -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 -test eax, eax -jne short loc_fffca967 ; jne 0xfffca967 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffca946 ; jne 0xfffca946 -mov ecx, 1 -mov edx, esi -mov eax, ebx -call fcn_fffbd80c ; call 0xfffbd80c - -loc_fffca946: ; not directly referenced -push eax -mov edx, esi -push eax -movzx ecx, byte [ebx + 0x248e] -mov eax, ebx -push 1 -push 0xf -push 0 -push 1 -push 0 -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 - -loc_fffca967: ; not directly referenced -lea esp, [ebp - 8] -pop ebx -pop esi -pop ebp -ret - -fcn_fffca96e: ; not directly referenced +fcn_fffcb1dd: ; not directly referenced push ebp mov ebp, esp push edi @@ -57329,7 +57898,7 @@ mov dword [ebp - 0xacac], ebx mov ebx, dword [ebp + 0x28] mov byte [ebp - 0xace6], dl mov edx, esi -mov esi, dword [edi + 0x5edc] +mov esi, dword [edi + 0x5edd] mov byte [ebp - 0xac90], dl mov dl, byte [ebp - 0xacac] mov dword [ebp - 0xac98], eax @@ -57337,13 +57906,13 @@ mov ecx, ebx mov byte [ebp - 0xac8c], al mov byte [ebp - 0xaca1], dl mov dl, cl -mov ecx, dword [edi + 0x2480] +mov ecx, dword [edi + 0x2481] mov dword [ebp - 0xaca0], edx mov dl, byte [ebp + 0x30] mov dword [ebp - 0xac94], ebx mov ebx, dword [ebp + 0x2c] mov dword [ebp - 0xaca8], esi -mov esi, dword [edi + 0x2443] +mov esi, dword [edi + 0x2444] mov dword [ebp - 0xacc4], ecx mov byte [ebp - 0xad09], dl mov edx, dword [edi + 0x188b] @@ -57358,13 +57927,13 @@ and eax, edx movzx eax, al mov dword [ebp - 0xacc8], eax mov al, byte [ebp - 0xac88] -and al, byte [edi + 0x248e] +and al, byte [edi + 0x248f] push 0 push 0x5ab4 -mov byte [ebp - 0xac88], al -mov eax, dword [ebp + 8] -and al, byte [edi + 0x248d] mov byte [ebp - 0xac9c], al +mov eax, dword [ebp + 8] +and al, byte [edi + 0x248e] +mov byte [ebp - 0xac88], al lea eax, [ebp - 0x5acc] push eax call dword [esi + 0x5c] ; ucall @@ -57419,25 +57988,25 @@ mov edx, dword [ebp - 0xaca0] add esp, 0x10 xor eax, eax -loc_fffcab02: ; not directly referenced +loc_fffcb371: ; not directly referenced mov byte [ebp + eax - 0xac71], al inc eax cmp eax, 9 -jne short loc_fffcab02 ; jne 0xfffcab02 -mov byte [edi + 0x247a], 0 +jne short loc_fffcb371 ; jne 0xfffcb371 +mov byte [edi + 0x247b], 0 cmp bl, 9 -jne short loc_fffcab24 ; jne 0xfffcab24 +jne short loc_fffcb393 ; jne 0xfffcb393 mov dl, byte [ebp - 0xac94] dec edx -jmp short loc_fffcab33 ; jmp 0xfffcab33 +jmp short loc_fffcb3a2 ; jmp 0xfffcb3a2 -loc_fffcab24: ; not directly referenced +loc_fffcb393: ; not directly referenced mov al, byte [ebp - 0xac94] sub eax, 3 cmp bl, 0xa cmove edx, eax -loc_fffcab33: ; not directly referenced +loc_fffcb3a2: ; not directly referenced mov ecx, dword [ebp - 0xac98] mov al, cl sub eax, 0xa @@ -57449,83 +58018,86 @@ setbe al or al, cl mov byte [ebp - 0xac94], cl movzx ecx, dl -movzx edx, byte [ebp - 0xac88] -je short loc_fffcab7e ; je 0xfffcab7e -sub esp, 0xc +movzx edx, byte [ebp - 0xac9c] +je short loc_fffcb3f4 ; je 0xfffcb3f4 +push eax +push eax +movzx eax, byte [ebp - 0xac88] +push eax mov eax, edi push 0 -call fcn_fffb2759 ; call 0xfffb2759 +call fcn_fffaea71 ; call 0xfffaea71 add esp, 0x10 mov dword [ebp - 0xacf0], 1 -jmp short loc_fffcab97 ; jmp 0xfffcab97 +jmp short loc_fffcb40d ; jmp 0xfffcb40d -loc_fffcab7e: ; not directly referenced +loc_fffcb3f4: ; not directly referenced sub esp, 0xc mov eax, edi push 0 -call fcn_fffb26ca ; call 0xfffb26ca +call fcn_fffae9e2 ; call 0xfffae9e2 add esp, 0x10 mov dword [ebp - 0xacf0], 0 -loc_fffcab97: ; not directly referenced +loc_fffcb40d: ; not directly referenced test bl, bl -je short loc_fffcaba1 ; je 0xfffcaba1 -mov byte [edi + 0x248b], bl +je short loc_fffcb417 ; je 0xfffcb417 +mov byte [edi + 0x248c], bl -loc_fffcaba1: ; not directly referenced +loc_fffcb417: ; not directly referenced mov eax, dword [ebp - 0xaca8] xor ebx, ebx mov byte [ebp - 0xaca3], 0 add eax, 0x70 mov dword [ebp - 0xaca0], eax -movzx eax, byte [ebp - 0xac88] -mov dword [ebp - 0xac88], eax +movzx eax, byte [ebp - 0xac9c] +mov dword [ebp - 0xac9c], eax -loc_fffcabc6: ; not directly referenced -mov eax, dword [ebp - 0xac88] +loc_fffcb43c: ; not directly referenced +mov eax, dword [ebp - 0xac9c] bt eax, ebx -jae short loc_fffcac14 ; jae 0xfffcac14 +jae short loc_fffcb48a ; jae 0xfffcb48a imul eax, ebx, 0x13c3 -mov cl, byte [ebp - 0xac9c] +mov cl, byte [ebp - 0xac88] mov edx, ebx -and cl, byte [edi + eax + 0x381a] +and cl, byte [edi + eax + 0x381b] mov eax, edi mov byte [ebp + ebx - 0xac75], cl movzx ecx, cl -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 or byte [ebp - 0xaca3], al push eax -movzx eax, byte [edi + 0x2488] +movzx eax, byte [edi + 0x2489] push 0 push eax push dword [ebp - 0xaca0] call dword [esi + 0x5c] ; ucall add esp, 0x10 -loc_fffcac14: ; not directly referenced +loc_fffcb48a: ; not directly referenced inc ebx add dword [ebp - 0xaca0], 0xcc cmp ebx, 2 -jne short loc_fffcabc6 ; jne 0xfffcabc6 +jne short loc_fffcb43c ; jne 0xfffcb43c cmp byte [ebp - 0xaca3], 0 -je loc_fffcbd35 ; je 0xfffcbd35 -movzx esi, byte [ebp - 0xac9c] +je loc_fffcc5ab ; je 0xfffcc5ab +movzx esi, byte [ebp - 0xac88] xor eax, eax mov dword [ebp - 0xacec], esi -loc_fffcac40: ; not directly referenced +loc_fffcb4b6: ; not directly referenced mov esi, dword [ebp - 0xacec] mov byte [ebp - 0xaca4], al bt esi, eax -jb short loc_fffcac5e ; jb 0xfffcac5e +jb short loc_fffcb4d4 ; jb 0xfffcb4d4 inc eax cmp eax, 4 -jne short loc_fffcac40 ; jne 0xfffcac40 +jne short loc_fffcb4b6 ; jne 0xfffcb4b6 mov byte [ebp - 0xaca4], 0 -loc_fffcac5e: ; not directly referenced +loc_fffcb4d4: ; not directly referenced mov ecx, dword [ebp - 0xac98] -mov al, byte [edi + 0x2488] +mov al, byte [edi + 0x2489] mov bl, al mov al, cl sub eax, 7 @@ -57543,125 +58115,125 @@ setbe dl mov eax, 1 or cl, dl mov byte [ebp - 0xaca2], bl -jne short loc_fffcacaf ; jne 0xfffcacaf +jne short loc_fffcb525 ; jne 0xfffcb525 xor eax, eax cmp byte [ebp - 0xac98], 2 sete al -loc_fffcacaf: ; not directly referenced +loc_fffcb525: ; not directly referenced mov dword [ebp - 0xaccc], eax xor eax, 1 test byte [ebp - 0xacbb], al -je short loc_fffcacd9 ; je 0xfffcacd9 +je short loc_fffcb54f ; je 0xfffcb54f cmp byte [ebp - 0xacbc], 1 setbe al or eax, dword [ebp - 0xac94] movzx eax, al mov dword [ebp - 0xaccc], eax -loc_fffcacd9: ; not directly referenced +loc_fffcb54f: ; not directly referenced cmp dword [ebp - 0xaccc], 0 mov byte [ebp - 0xac88], 0 -je loc_fffcae2f ; je 0xfffcae2f +je loc_fffcb6a5 ; je 0xfffcb6a5 xor esi, esi xor ebx, ebx cmp byte [ebp - 0xac98], 1 -jne short loc_fffcad17 ; jne 0xfffcad17 +jne short loc_fffcb58d ; jne 0xfffcb58d mov edx, 0x3a04 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f cmp dword [ebp - 0xacc0], 0 mov esi, eax -je loc_fffcadb4 ; je 0xfffcadb4 -jmp short loc_fffcad4e ; jmp 0xfffcad4e +je loc_fffcb62a ; je 0xfffcb62a +jmp short loc_fffcb5c4 ; jmp 0xfffcb5c4 -loc_fffcad17: ; not directly referenced +loc_fffcb58d: ; not directly referenced mov edx, 0x3a00 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f cmp dword [ebp - 0xacc0], 0 mov ebx, eax -jne short loc_fffcad4e ; jne 0xfffcad4e +jne short loc_fffcb5c4 ; jne 0xfffcb5c4 mov ecx, dword [ebp - 0xac98] cmp cl, 2 -je short loc_fffcad44 ; je 0xfffcad44 +je short loc_fffcb5ba ; je 0xfffcb5ba cmp cl, 3 -je short loc_fffcad49 ; je 0xfffcad49 +je short loc_fffcb5bf ; je 0xfffcb5bf test cl, cl -jne short loc_fffcadbd ; jne 0xfffcadbd -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +jne short loc_fffcb633 ; jne 0xfffcb633 +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcad44: ; not directly referenced +loc_fffcb5ba: ; not directly referenced shr eax, 0x1a -jmp short loc_fffcad93 ; jmp 0xfffcad93 +jmp short loc_fffcb609 ; jmp 0xfffcb609 -loc_fffcad49: ; not directly referenced +loc_fffcb5bf: ; not directly referenced shr eax, 0x14 -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcad4e: ; not directly referenced +loc_fffcb5c4: ; not directly referenced mov edx, 0x3a08 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a0c mov dword [ebp - 0xac88], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov eax, dword [ebp - 0xac98] cmp al, 0xf -ja short loc_fffcadc1 ; ja 0xfffcadc1 +ja short loc_fffcb637 ; ja 0xfffcb637 movzx eax, al mov ecx, dword [ebp - 0xac88] -jmp dword [eax*4 + ref_fffd5ae0] ; ujmp: jmp dword [eax*4 - 0x2a520] +jmp dword [eax*4 + ref_fffd615c] ; ujmp: jmp dword [eax*4 - 0x29ea4] -loc_fffcad86: ; not directly referenced +loc_fffcb5fc: ; not directly referenced mov al, bl -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcad8a: ; not directly referenced +loc_fffcb600: ; not directly referenced mov eax, esi -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcad8e: ; not directly referenced +loc_fffcb604: ; not directly referenced shr ebx, 0x14 mov al, bl -loc_fffcad93: ; not directly referenced +loc_fffcb609: ; not directly referenced and eax, 0x1f mov byte [ebp - 0xac88], al mov al, 0x1f -jmp short loc_fffcadca ; jmp 0xfffcadca +jmp short loc_fffcb640 ; jmp 0xfffcb640 -loc_fffcada0: ; not directly referenced +loc_fffcb616: ; not directly referenced shr ebx, 0x1a mov dword [ebp - 0xac88], ebx -jmp short loc_fffcadbd ; jmp 0xfffcadbd +jmp short loc_fffcb633 ; jmp 0xfffcb633 -loc_fffcadab: ; not directly referenced +loc_fffcb621: ; not directly referenced mov eax, ecx shr eax, 0xc -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcadb2: ; not directly referenced +loc_fffcb628: ; not directly referenced mov al, cl -loc_fffcadb4: ; not directly referenced +loc_fffcb62a: ; not directly referenced and eax, 0x3f mov byte [ebp - 0xac88], al -loc_fffcadbd: ; not directly referenced +loc_fffcb633: ; not directly referenced mov al, 0x3f -jmp short loc_fffcadca ; jmp 0xfffcadca +jmp short loc_fffcb640 ; jmp 0xfffcb640 -loc_fffcadc1: ; not directly referenced +loc_fffcb637: ; not directly referenced mov al, 0x3f mov byte [ebp - 0xac88], 0 -loc_fffcadca: ; not directly referenced +loc_fffcb640: ; not directly referenced cmp byte [ebp - 0xac98], 0xa sete dl or dl, byte [ebp - 0xac94] -jne short loc_fffcae01 ; jne 0xfffcae01 +jne short loc_fffcb677 ; jne 0xfffcb677 mov esi, dword [ebp - 0xacb0] mov bl, byte [ebp - 0xac88] mov ecx, esi @@ -57672,7 +58244,7 @@ test dl, dl cmovs ebx, ecx mov byte [ebp - 0xac90], bl -loc_fffcae01: ; not directly referenced +loc_fffcb677: ; not directly referenced movzx esi, byte [ebp - 0xaca1] sub eax, 3 sub eax, dword [ebp - 0xac88] @@ -57685,7 +58257,7 @@ cmp al, bl cmovl eax, esi mov byte [ebp - 0xaca1], al -loc_fffcae2f: ; not directly referenced +loc_fffcb6a5: ; not directly referenced mov eax, dword [ebp + 0x1c] mov dword [ebp - 0xace4], eax movzx eax, byte [ebp - 0xaca4] @@ -57699,13 +58271,13 @@ mov dword [ebp - 0xacb8], esi movzx esi, byte [ebp - 0xace6] mov word [ebp - 0xacba], si -loc_fffcae71: ; not directly referenced +loc_fffcb6e7: ; not directly referenced mov eax, dword [ebp + 0x10] mov esi, dword [ebp - 0xacb8] mov word [ebp - 0xad04], ax sub esi, eax cmp si, word [ebp - 0xacba] -jae loc_fffcb350 ; jae 0xfffcb350 +jae loc_fffcbbc6 ; jae 0xfffcbbc6 mov eax, dword [ebp - 0xacb8] mov al, byte [eax] mov cl, al @@ -57715,10 +58287,10 @@ mov ebx, eax mov dword [ebp - 0xacb0], eax xor eax, eax cmp cl, 0x21 -ja short loc_fffcaeb9 ; ja 0xfffcaeb9 -movzx eax, byte [ebx + ref_fffd5f1c] ; movzx eax, byte [ebx - 0x2a0e4] +ja short loc_fffcb72f ; ja 0xfffcb72f +movzx eax, byte [ebx + ref_fffd58e0] ; movzx eax, byte [ebx - 0x2a720] -loc_fffcaeb9: ; not directly referenced +loc_fffcb72f: ; not directly referenced cmp al, 8 mov ebx, 8 cmovbe ebx, eax @@ -57726,20 +58298,20 @@ mov al, byte [ebp - 0xac98] sub eax, 0xc mov byte [ebp - 0xacdc], al cmp al, 1 -jbe short loc_fffcaefa ; jbe 0xfffcaefa +jbe short loc_fffcb770 ; jbe 0xfffcb770 push eax mov ecx, dword [ebp - 0xacb0] push eax mov eax, edi push dword [ebp - 0xacec] push dword [ebp - 0xacd8] -lea edx, [edi + 0x2490] -call fcn_fffa7e6c ; call 0xfffa7e6c +lea edx, [edi + 0x2491] +call fcn_fffa7e1a ; call 0xfffa7e1a add esp, 0x10 -loc_fffcaefa: ; not directly referenced +loc_fffcb770: ; not directly referenced cmp dword [ebp - 0xacc4], 2 -jne short loc_fffcaf27 ; jne 0xfffcaf27 +jne short loc_fffcb79d ; jne 0xfffcb79d mov al, byte [ebp - 0xac98] mov byte [ebp - 0xac9c], 0x25 cmp al, 0x11 @@ -57747,11 +58319,11 @@ sete dl cmp al, 5 sete al or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 cmp byte [ebp - 0xac98], 0x21 -je short loc_fffcaf83 ; je 0xfffcaf83 +je short loc_fffcb7f9 ; je 0xfffcb7f9 -loc_fffcaf27: ; not directly referenced +loc_fffcb79d: ; not directly referenced mov al, byte [ebp - 0xac98] mov byte [ebp - 0xac9c], 0x36 cmp al, 0x10 @@ -57759,31 +58331,31 @@ sete dl cmp al, 4 sete al or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 mov al, byte [ebp - 0xac98] cmp al, 5 sete dl cmp al, 0x20 sete al or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 mov al, byte [ebp - 0xac98] cmp al, 0x21 sete dl cmp al, 0x11 sete al or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 mov al, byte [ebp - 0xac98] cmp al, 0xd -je short loc_fffcaf83 ; je 0xfffcaf83 +je short loc_fffcb7f9 ; je 0xfffcb7f9 cmp al, 0xc mov cl, 0x1f mov al, 0x40 cmove ecx, eax mov byte [ebp - 0xac9c], cl -loc_fffcaf83: ; not directly referenced +loc_fffcb7f9: ; not directly referenced mov eax, dword [ebp - 0xace4] mov ecx, 0x14 xor edx, edx @@ -57795,7 +58367,7 @@ movzx edx, cl cmp dx, ax cmova ecx, eax imul ebx, ebx, 0x240 -lea eax, [edi + 0x2490] +lea eax, [edi + 0x2491] mov dword [ebp - 0xace0], eax mov byte [ebp - 0xac9c], cl add eax, ebx @@ -57811,24 +58383,24 @@ mov dword [ebp - 0xad10], eax movzx eax, byte [ebp - 0xaca3] mov dword [ebp - 0xacac], eax -loc_fffcb006: ; not directly referenced +loc_fffcb87c: ; not directly referenced mov al, byte [ebp - 0xaca0] cmp byte [ebp - 0xaca1], al -jl loc_fffcb33e ; jl 0xfffcb33e +jl loc_fffcbbb4 ; jl 0xfffcbbb4 movsx eax, byte [ebp - 0xaca0] mov dword [ebp - 0xacd0], eax mov eax, dword [ebp - 0xad10] sub dword [ebp - 0xacd0], eax cmp dword [ebp - 0xacc8], 0 -jne short loc_fffcb04d ; jne 0xfffcb04d +jne short loc_fffcb8c3 ; jne 0xfffcb8c3 -loc_fffcb03a: ; not directly referenced +loc_fffcb8b0: ; not directly referenced movsx ax, byte [ebp - 0xaca0] xor ebx, ebx mov word [ebp - 0xacf4], ax -jmp short loc_fffcb0a4 ; jmp 0xfffcb0a4 +jmp short loc_fffcb91a ; jmp 0xfffcb91a -loc_fffcb04d: ; not directly referenced +loc_fffcb8c3: ; not directly referenced movsx ax, byte [ebp - 0xaca0] mov dl, 8 mov esi, dword [ebp - 0xaca8] @@ -57842,42 +58414,42 @@ test dl, dl mov al, byte [esi + eax + 0x1bc] sete dl test bl, dl -jne loc_fffcb333 ; jne 0xfffcb333 +jne loc_fffcbba9 ; jne 0xfffcbba9 mov edx, 1 shl edx, cl test al, dl -je short loc_fffcb03a ; je 0xfffcb03a -jmp near loc_fffcb333 ; jmp 0xfffcb333 +je short loc_fffcb8b0 ; je 0xfffcb8b0 +jmp near loc_fffcbba9 ; jmp 0xfffcbba9 -loc_fffcb091: ; not directly referenced +loc_fffcb907: ; not directly referenced cmp byte [ebp - 0xacbb], 0 -jne short loc_fffcb113 ; jne 0xfffcb113 +jne short loc_fffcb989 ; jne 0xfffcb989 -loc_fffcb09a: ; not directly referenced +loc_fffcb910: ; not directly referenced inc ebx cmp ebx, 2 -je loc_fffcb14a ; je 0xfffcb14a +je loc_fffcb9c0 ; je 0xfffcb9c0 -loc_fffcb0a4: ; not directly referenced +loc_fffcb91a: ; not directly referenced mov eax, dword [ebp - 0xacac] bt eax, ebx -jae short loc_fffcb09a ; jae 0xfffcb09a +jae short loc_fffcb910 ; jae 0xfffcb910 xor eax, eax cmp byte [ebp - 0xac8c], 7 -jne short loc_fffcb0d0 ; jne 0xfffcb0d0 +jne short loc_fffcb946 ; jne 0xfffcb946 imul edx, ebx, 0x13c3 -cmp dword [edi + edx + 0x3816], 2 +cmp dword [edi + edx + 0x3817], 2 mov edx, 0x20 cmove eax, edx -loc_fffcb0d0: ; not directly referenced +loc_fffcb946: ; not directly referenced xor esi, esi mov word [ebp - 0xacd4], ax -loc_fffcb0d9: ; not directly referenced +loc_fffcb94f: ; not directly referenced mov eax, esi cmp byte [ebp - 0xaca2], al -jbe short loc_fffcb091 ; jbe 0xfffcb091 +jbe short loc_fffcb907 ; jbe 0xfffcb907 mov eax, dword [ebp - 0xacf4] mov edx, ebx add eax, dword [ebp - 0xacd4] @@ -57890,31 +58462,31 @@ push eax mov eax, edi push esi inc esi -call fcn_fffafdb2 ; call 0xfffafdb2 +call fcn_fffa972b ; call 0xfffa972b add esp, 0x10 -jmp short loc_fffcb0d9 ; jmp 0xfffcb0d9 +jmp short loc_fffcb94f ; jmp 0xfffcb94f -loc_fffcb113: ; not directly referenced +loc_fffcb989: ; not directly referenced mov al, byte [ebp - 0xac8c] and eax, 0xfffffff7 dec al -jne loc_fffcb09a ; jne 0xfffcb09a +jne loc_fffcb910 ; jne 0xfffcb910 mov eax, dword [ebp - 0xaca8] cmp byte [eax + 0x1c5], 0 -je loc_fffcb09a ; je 0xfffcb09a +je loc_fffcb910 ; je 0xfffcb910 xor ecx, ecx mov edx, 1 mov eax, edi -call fcn_fffb9560 ; call 0xfffb9560 -jmp near loc_fffcb09a ; jmp 0xfffcb09a +call fcn_fffb7663 ; call 0xfffb7663 +jmp near loc_fffcb910 ; jmp 0xfffcb910 -loc_fffcb14a: ; not directly referenced +loc_fffcb9c0: ; not directly referenced cmp byte [ebp - 0xacdc], 1 -ja loc_fffcb1ec ; ja 0xfffcb1ec +ja loc_fffcba62 ; ja 0xfffcba62 cmp dword [ebp - 0xacc4], 3 -je short loc_fffcb1a5 ; je 0xfffcb1a5 +je short loc_fffcba1b ; je 0xfffcba1b -loc_fffcb160: ; not directly referenced +loc_fffcb9d6: ; not directly referenced push eax mov ecx, dword [ebp - 0xacac] push eax @@ -57928,21 +58500,21 @@ mov eax, edi push 0 push dword [ebp - 0xacb0] push dword [ebp - 0xacd8] -call fcn_fffc6051 ; call 0xfffc6051 +call fcn_fffc66ae ; call 0xfffc66ae add esp, 0x14 push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp near loc_fffcb228 ; jmp 0xfffcb228 +jmp near loc_fffcba9e ; jmp 0xfffcba9e -loc_fffcb1a5: ; not directly referenced +loc_fffcba1b: ; not directly referenced mov eax, dword [ebp - 0xad04] xor edx, edx xor ecx, ecx -loc_fffcb1af: ; not directly referenced -cmp dword [edi + edx + 0x3756], 2 -jne short loc_fffcb1d5 ; jne 0xfffcb1d5 +loc_fffcba25: ; not directly referenced +cmp dword [edi + edx + 0x3757], 2 +jne short loc_fffcba4b ; jne 0xfffcba4b mov ebx, dword [eax - 4] cmp ebx, 0x29 lea esi, [ebx - 0x28] @@ -57954,14 +58526,14 @@ lea esi, [ebx - 0x28] cmovb esi, ecx mov dword [eax], esi -loc_fffcb1d5: ; not directly referenced +loc_fffcba4b: ; not directly referenced add edx, 0x13c3 add eax, 0x48 cmp edx, 0x2786 -je loc_fffcb160 ; je 0xfffcb160 -jmp short loc_fffcb1af ; jmp 0xfffcb1af +je loc_fffcb9d6 ; je 0xfffcb9d6 +jmp short loc_fffcba25 ; jmp 0xfffcba25 -loc_fffcb1ec: ; not directly referenced +loc_fffcba62: ; not directly referenced push eax mov ecx, dword [ebp - 0xacac] push eax @@ -57977,10 +58549,10 @@ push dword [ebp - 0xacb0] push eax push eax mov eax, edi -call fcn_fffd13ed ; call 0xfffd13ed +call fcn_fffd16df ; call 0xfffd16df add esp, 0x20 -loc_fffcb228: ; not directly referenced +loc_fffcba9e: ; not directly referenced movsx eax, byte [ebp - 0xacd0] xor ecx, ecx mov esi, dword [ebp - 0xacfc] @@ -57989,86 +58561,86 @@ lea eax, [esi + eax + 4] lea eax, [ebp + eax - 0xa2cc] mov dword [ebp - 0xacd4], eax -loc_fffcb24b: ; not directly referenced +loc_fffcbac1: ; not directly referenced mov eax, dword [ebp - 0xacac] bt eax, ecx -jae loc_fffcb322 ; jae 0xfffcb322 +jae loc_fffcbb98 ; jae 0xfffcbb98 imul esi, ecx, 0x48 mov eax, dword [ebp - 0xacd4] add esi, dword [ebp - 0xacf8] lea ebx, [eax - 4] add esi, edi -loc_fffcb26e: ; not directly referenced -mov al, byte [edi + 0x2488] +loc_fffcbae4: ; not directly referenced +mov al, byte [edi + 0x2489] mov word [ebp - 0xacd0], 0xffff mov byte [ebp - 0xacf4], al xor eax, eax -loc_fffcb285: ; not directly referenced +loc_fffcbafb: ; not directly referenced cmp byte [ebp - 0xacf4], al -jbe short loc_fffcb2c0 ; jbe 0xfffcb2c0 -mov edx, dword [esi + eax*8 + 0x2490] +jbe short loc_fffcbb36 ; jbe 0xfffcbb36 +mov edx, dword [esi + eax*8 + 0x2491] mov word [ebx + eax*4], dx mov edx, dword [ebp - 0xacd0] -cmp dx, word [esi + eax*8 + 0x2490] -cmova dx, word [esi + eax*8 + 0x2490] +cmp dx, word [esi + eax*8 + 0x2491] +cmova dx, word [esi + eax*8 + 0x2491] inc eax cmp byte [ebp - 0xacdc], 1 mov word [ebp - 0xacd0], dx -ja short loc_fffcb285 ; ja 0xfffcb285 +ja short loc_fffcbafb ; ja 0xfffcbafb -loc_fffcb2c0: ; not directly referenced +loc_fffcbb36: ; not directly referenced cmp byte [ebp - 0xaca2], 1 -jne short loc_fffcb2d2 ; jne 0xfffcb2d2 +jne short loc_fffcbb48 ; jne 0xfffcbb48 mov eax, dword [ebp - 0xacd0] mov word [ebx], ax -loc_fffcb2d2: ; not directly referenced +loc_fffcbb48: ; not directly referenced cmp byte [ebp - 0xac94], 0 -je short loc_fffcb310 ; je 0xfffcb310 +je short loc_fffcbb86 ; je 0xfffcbb86 mov al, byte [ebp - 0xac98] cmp al, 0xc -je short loc_fffcb2ee ; je 0xfffcb2ee +je short loc_fffcbb64 ; je 0xfffcbb64 cmp al, 0xd -jne short loc_fffcb310 ; jne 0xfffcb310 -jmp near loc_fffcbd2b ; jmp 0xfffcbd2b +jne short loc_fffcbb86 ; jne 0xfffcbb86 +jmp near loc_fffcc5a1 ; jmp 0xfffcc5a1 -loc_fffcb2ee: ; not directly referenced +loc_fffcbb64: ; not directly referenced mov eax, 0x8c -loc_fffcb2f3: ; not directly referenced +loc_fffcbb69: ; not directly referenced cmp word [ebx], ax -ja short loc_fffcb310 ; ja 0xfffcb310 +ja short loc_fffcbb86 ; ja 0xfffcbb86 sub esp, 0xc push edi mov dword [ebp - 0xacd0], ecx -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d mov ecx, dword [ebp - 0xacd0] add esp, 0x10 -loc_fffcb310: ; not directly referenced +loc_fffcbb86: ; not directly referenced add ebx, 2 add esi, 4 cmp ebx, dword [ebp - 0xacd4] -jne loc_fffcb26e ; jne 0xfffcb26e +jne loc_fffcbae4 ; jne 0xfffcbae4 -loc_fffcb322: ; not directly referenced +loc_fffcbb98: ; not directly referenced inc ecx add dword [ebp - 0xacd4], 0x24 cmp ecx, 2 -jne loc_fffcb24b ; jne 0xfffcb24b +jne loc_fffcbac1 ; jne 0xfffcbac1 -loc_fffcb333: ; not directly referenced +loc_fffcbba9: ; not directly referenced inc byte [ebp - 0xaca0] -jmp near loc_fffcb006 ; jmp 0xfffcb006 +jmp near loc_fffcb87c ; jmp 0xfffcb87c -loc_fffcb33e: ; not directly referenced +loc_fffcbbb4: ; not directly referenced add dword [ebp - 0xace4], 2 inc dword [ebp - 0xacb8] -jmp near loc_fffcae71 ; jmp 0xfffcae71 +jmp near loc_fffcb6e7 ; jmp 0xfffcb6e7 -loc_fffcb350: ; not directly referenced +loc_fffcbbc6: ; not directly referenced movsx esi, byte [ebp - 0xaca1] movsx eax, byte [ebp - 0xac90] mov dword [ebp - 0xac98], 0 @@ -58082,7 +58654,7 @@ inc eax mov byte [ebp - 0xacac], al lea eax, [ebp - 0x5acc] mov dword [ebp - 0xacf8], eax -lea eax, [edi + 0x3756] +lea eax, [edi + 0x3757] mov dword [ebp - 0xacb0], eax mov eax, dword [ebp - 0xacb4] mov dword [ebp - 0xace0], eax @@ -58091,29 +58663,29 @@ mov dword [ebp - 0xad08], eax shl eax, 6 mov dword [ebp - 0xacdc], eax -loc_fffcb3c9: ; not directly referenced +loc_fffcbc3f: ; not directly referenced movzx eax, byte [ebp - 0xaca3] mov esi, dword [ebp - 0xac98] mov dword [ebp - 0xace4], eax bt eax, esi -jae loc_fffcbabc ; jae 0xfffcbabc +jae loc_fffcc332 ; jae 0xfffcc332 mov eax, dword [ebp - 0xacf8] mov dword [ebp - 0xac9c], 0 mov dword [ebp - 0xacec], eax -loc_fffcb3fb: ; not directly referenced +loc_fffcbc71: ; not directly referenced mov al, byte [ebp - 0xac9c] cmp byte [ebp - 0xaca2], al -jbe loc_fffcbabc ; jbe 0xfffcbabc +jbe loc_fffcc332 ; jbe 0xfffcc332 imul eax, dword [ebp - 0xac98], 9 mov word [ebp - 0xacd8], 0 mov dword [ebp - 0xacfc], eax -loc_fffcb423: ; not directly referenced +loc_fffcbc99: ; not directly referenced mov ax, word [ebp - 0xacba] mov esi, dword [ebp - 0xacd8] cmp si, ax -jae loc_fffcb5de ; jae 0xfffcb5de +jae loc_fffcbe54 ; jae 0xfffcbe54 mov al, byte [ebp - 0xac90] movzx ebx, si mov byte [ebp - 0xaca0], al @@ -58121,10 +58693,10 @@ mov eax, ebx shl eax, 6 mov dword [ebp - 0xacb8], eax -loc_fffcb453: ; not directly referenced +loc_fffcbcc9: ; not directly referenced mov al, byte [ebp - 0xaca0] cmp byte [ebp - 0xaca1], al -jl loc_fffcb5d2 ; jl 0xfffcb5d2 +jl loc_fffcbe48 ; jl 0xfffcbe48 mov al, byte [ebp - 0xaca0] sub eax, dword [ebp - 0xacd0] movsx esi, al @@ -58132,7 +58704,7 @@ mov eax, dword [ebp - 0xacb8] add eax, esi cmp dword [ebp - 0xacc8], 0 mov word [ebp + eax*2 - 0xabcc], 0 -je short loc_fffcb4df ; je 0xfffcb4df +je short loc_fffcbd55 ; je 0xfffcbd55 movsx ax, byte [ebp - 0xaca0] mov dl, 8 mov ecx, dword [ebp - 0xaca8] @@ -58146,14 +58718,14 @@ setle cl test dl, dl sete dl test cl, dl -jne loc_fffcb5c7 ; jne 0xfffcb5c7 +jne loc_fffcbe3d ; jne 0xfffcbe3d mov cl, byte [ebp - 0xace6] mov edx, 1 shl edx, cl test al, dl -jne loc_fffcb5c7 ; jne 0xfffcb5c7 +jne loc_fffcbe3d ; jne 0xfffcbe3d -loc_fffcb4df: ; not directly referenced +loc_fffcbd55: ; not directly referenced mov eax, dword [ebp + 0x10] mov al, byte [eax + ebx] lea edx, [eax - 4] @@ -58162,13 +58734,13 @@ setbe cl cmp al, 0x21 sete dl or cl, dl -jne short loc_fffcb503 ; jne 0xfffcb503 +jne short loc_fffcbd79 ; jne 0xfffcbd79 cmp al, 0x20 -je short loc_fffcb503 ; je 0xfffcb503 +je short loc_fffcbd79 ; je 0xfffcbd79 cmp al, 0xd -jne loc_fffcb587 ; jne 0xfffcb587 +jne loc_fffcbdfd ; jne 0xfffcbdfd -loc_fffcb503: ; not directly referenced +loc_fffcbd79: ; not directly referenced mov eax, dword [ebp + 0x18] imul ecx, esi, 0x12 movzx edx, byte [eax + ebx] @@ -58197,9 +58769,9 @@ sar dx, 0xf idiv cx add esi, dword [ebp - 0xacb8] mov word [ebp + esi*2 - 0xabcc], ax -jmp short loc_fffcb5c7 ; jmp 0xfffcb5c7 +jmp short loc_fffcbe3d ; jmp 0xfffcbe3d -loc_fffcb587: ; not directly referenced +loc_fffcbdfd: ; not directly referenced mov ecx, dword [ebp + 0x18] mov eax, dword [ebp - 0xacb8] movzx edx, byte [ecx + ebx] @@ -58214,15 +58786,15 @@ add ecx, dword [ebp + esi*4 - 0xa2cc] imul ecx, edx mov word [ebp + eax*2 - 0xabcc], cx -loc_fffcb5c7: ; not directly referenced +loc_fffcbe3d: ; not directly referenced inc byte [ebp - 0xaca0] -jmp near loc_fffcb453 ; jmp 0xfffcb453 +jmp near loc_fffcbcc9 ; jmp 0xfffcbcc9 -loc_fffcb5d2: ; not directly referenced +loc_fffcbe48: ; not directly referenced inc word [ebp - 0xacd8] -jmp near loc_fffcb423 ; jmp 0xfffcb423 +jmp near loc_fffcbc99 ; jmp 0xfffcbc99 -loc_fffcb5de: ; not directly referenced +loc_fffcbe54: ; not directly referenced cmp byte [ebp - 0xac8c], 0xc mov byte [ebp - 0xaca0], 1 sete bl @@ -58230,12 +58802,12 @@ cmp byte [ebp - 0xace8], 2 mov byte [ebp - 0xace6], bl setbe al or al, bl -jne loc_fffcb73c ; jne 0xfffcb73c +jne loc_fffcbfb2 ; jne 0xfffcbfb2 cmp byte [ebp - 0xace7], 0 -je short loc_fffcb666 ; je 0xfffcb666 +je short loc_fffcbedc ; je 0xfffcbedc cmp byte [ebp - 0xacbb], 0 mov byte [ebp - 0xaca0], 3 -je loc_fffcb73c ; je 0xfffcb73c +je loc_fffcbfb2 ; je 0xfffcbfb2 mov al, byte [ebp - 0xaca1] push ecx push ecx @@ -58247,7 +58819,7 @@ push 0 lea eax, [ebp - 0xabcc] movzx ebx, bl mov edx, ebx -call fcn_fffa7047 ; call 0xfffa7047 +call fcn_fffa6ff5 ; call 0xfffa6ff5 mov ecx, 8 mov edx, ebx pop esi @@ -58255,26 +58827,26 @@ pop eax lea eax, [ebp - 0xab4c] push 3 push 0 -jmp near loc_fffcb6eb ; jmp 0xfffcb6eb +jmp near loc_fffcbf61 ; jmp 0xfffcbf61 -loc_fffcb666: ; not directly referenced +loc_fffcbedc: ; not directly referenced cmp byte [ebp - 0xac8c], 5 -jne loc_fffcb6fc ; jne 0xfffcb6fc +jne loc_fffcbf72 ; jne 0xfffcbf72 cmp dword [ebp - 0xacc0], 0 -je short loc_fffcb68e ; je 0xfffcb68e +je short loc_fffcbf04 ; je 0xfffcbf04 movzx eax, byte [ebp - 0xacd4] mov ebx, 1 xor ecx, ecx mov dl, 4 -jmp short loc_fffcb69b ; jmp 0xfffcb69b +jmp short loc_fffcbf11 ; jmp 0xfffcbf11 -loc_fffcb68e: ; not directly referenced +loc_fffcbf04: ; not directly referenced movzx eax, byte [ebp - 0xacac] xor ebx, ebx mov cl, 2 mov dl, 5 -loc_fffcb69b: ; not directly referenced +loc_fffcbf11: ; not directly referenced movzx esi, cl movzx ecx, dl mov dword [ebp - 0xaca0], esi @@ -58288,7 +58860,7 @@ lea eax, [ebx + ebx] add eax, esi mov esi, edx mov dword [ebp - 0xacb8], ecx -call fcn_fffa7047 ; call 0xfffa7047 +call fcn_fffa6ff5 ; call 0xfffa6ff5 mov ecx, dword [ebp - 0xacb8] pop eax pop edx @@ -58298,37 +58870,37 @@ lea eax, [eax + ebx + 0x80] push 1 push dword [ebp - 0xaca0] -loc_fffcb6eb: ; not directly referenced -call fcn_fffa7047 ; call 0xfffa7047 +loc_fffcbf61: ; not directly referenced +call fcn_fffa6ff5 ; call 0xfffa6ff5 add esp, 0x10 mov byte [ebp - 0xaca0], 1 -jmp short loc_fffcb73c ; jmp 0xfffcb73c +jmp short loc_fffcbfb2 ; jmp 0xfffcbfb2 -loc_fffcb6fc: ; not directly referenced +loc_fffcbf72: ; not directly referenced cmp byte [ebp - 0xac8c], 0xa mov byte [ebp - 0xaca0], 5 sete al or al, byte [ebp - 0xac94] -jne short loc_fffcb73c ; jne 0xfffcb73c +jne short loc_fffcbfb2 ; jne 0xfffcbfb2 cmp byte [ebp - 0xacac], 6 mov byte [ebp - 0xaca0], 7 -jg short loc_fffcb73c ; jg 0xfffcb73c +jg short loc_fffcbfb2 ; jg 0xfffcbfb2 mov al, byte [ebp - 0xad00] mov esi, dword [ebp - 0xacac] test al, al cmove eax, esi mov byte [ebp - 0xaca0], al -loc_fffcb73c: ; not directly referenced +loc_fffcbfb2: ; not directly referenced mov dword [ebp - 0xacd8], 0 -loc_fffcb746: ; not directly referenced +loc_fffcbfbc: ; not directly referenced movsx ebx, byte [ebp - 0xacd8] movsx esi, byte [ebp - 0xacac] movzx eax, byte [ebp - 0xac8c] cmp ebx, esi mov dword [ebp - 0xacb8], eax -jge loc_fffcb9c9 ; jge 0xfffcb9c9 +jge loc_fffcc23f ; jge 0xfffcc23f movsx eax, byte [ebp - 0xac88] push edx push edx @@ -58348,18 +58920,18 @@ xor ecx, ecx push esi push dword [ebp - 0xacb8] push dword [ebp - 0xac9c] -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 add esp, 0x20 cmp byte [ebp - 0xac8c], 0xa mov word [ebp + ebx*2 - 0xac4c], ax sete al mov byte [ebp - 0xacfc], al or al, byte [ebp - 0xace6] -jne short loc_fffcb7e5 ; jne 0xfffcb7e5 +jne short loc_fffcc05b ; jne 0xfffcc05b cmp byte [ebp - 0xac94], 0 -je short loc_fffcb811 ; je 0xfffcb811 +je short loc_fffcc087 ; je 0xfffcc087 -loc_fffcb7e5: ; not directly referenced +loc_fffcc05b: ; not directly referenced imul eax, ebx, 0x1a mov edx, dword [ebp - 0xac68] lea ecx, [ebp - 0x18] @@ -58370,11 +58942,11 @@ mov dword [eax - 0xa932], ecx mov ecx, dword [ebp - 0xac60] mov dword [eax - 0xa92e], ecx -loc_fffcb811: ; not directly referenced +loc_fffcc087: ; not directly referenced cmp byte [ebp - 0xacbc], 1 setbe al or al, byte [ebp - 0xac94] -je short loc_fffcb8a0 ; je 0xfffcb8a0 +je short loc_fffcc116 ; je 0xfffcc116 push eax mov edx, dword [ebp - 0xac98] xor ecx, ecx @@ -58389,14 +58961,14 @@ push esi push dword [ebp - 0xacb8] push dword [ebp - 0xac9c] imul esi, ebx, 0x1a -call fcn_fffb887d ; call 0xfffb887d +call fcn_fffb6980 ; call 0xfffb6980 add esp, 0x20 lea ecx, [ebp - 0x18] lea edx, [ecx + esi] mov word [ebp + esi - 0xa94c], ax mov al, byte [ebp - 0xacfc] or al, byte [ebp - 0xac94] -je short loc_fffcb8a0 ; je 0xfffcb8a0 +je short loc_fffcc116 ; je 0xfffcc116 mov eax, dword [ebp - 0xac64] mov dword [edx - 0xa92a], eax mov eax, dword [ebp - 0xac60] @@ -58404,7 +58976,7 @@ mov dword [edx - 0xa926], eax mov eax, dword [ebp - 0xac68] mov dword [edx - 0xa922], eax -loc_fffcb8a0: ; not directly referenced +loc_fffcc116: ; not directly referenced imul edx, ebx, 0x1a mov ax, word [ebp + ebx*2 - 0xac4c] mov esi, dword [ebp - 0xacdc] @@ -58413,24 +58985,24 @@ add cx, word [ebp + edx - 0xa94c] cmp dword [ebp - 0xacc8], 0 lea edx, [esi + ebx] mov word [ebp + edx*2 - 0xabcc], cx -je short loc_fffcb8e1 ; je 0xfffcb8e1 +je short loc_fffcc157 ; je 0xfffcc157 mov esi, 0x3e8 xor edx, edx div si mov word [ebp + ebx*2 - 0xac4c], ax -loc_fffcb8e1: ; not directly referenced +loc_fffcc157: ; not directly referenced mov al, byte [ebp - 0xac8c] test al, al sete dl cmp al, 9 sete al or dl, al -jne short loc_fffcb8fe ; jne 0xfffcb8fe +jne short loc_fffcc174 ; jne 0xfffcc174 cmp byte [ebp - 0xac8c], 1 -jne short loc_fffcb91a ; jne 0xfffcb91a +jne short loc_fffcc190 ; jne 0xfffcc190 -loc_fffcb8fe: ; not directly referenced +loc_fffcc174: ; not directly referenced mov eax, dword [ebp - 0xacdc] movzx ecx, cx lea esi, [eax + ebx] @@ -58439,36 +59011,36 @@ cdq idiv ecx mov word [ebp + esi*2 - 0xabcc], ax -loc_fffcb91a: ; not directly referenced +loc_fffcc190: ; not directly referenced cmp byte [ebp - 0xac8c], 4 -jne loc_fffcb9be ; jne 0xfffcb9be +jne loc_fffcc234 ; jne 0xfffcc234 mov eax, dword [ebp - 0xacb0] cmp dword [eax + 0xc0], 1 -jne loc_fffcb9be ; jne 0xfffcb9be +jne loc_fffcc234 ; jne 0xfffcc234 movzx edx, byte [eax + 0xc4] xor eax, eax -loc_fffcb943: ; not directly referenced +loc_fffcc1b9: ; not directly referenced bt edx, eax -jb short loc_fffcb950 ; jb 0xfffcb950 +jb short loc_fffcc1c6 ; jb 0xfffcc1c6 inc eax cmp eax, 4 -jne short loc_fffcb943 ; jne 0xfffcb943 -jmp short loc_fffcb956 ; jmp 0xfffcb956 +jne short loc_fffcc1b9 ; jne 0xfffcc1b9 +jmp short loc_fffcc1cc ; jmp 0xfffcc1cc -loc_fffcb950: ; not directly referenced +loc_fffcc1c6: ; not directly referenced mov byte [ebp - 0xaca4], al -loc_fffcb956: ; not directly referenced +loc_fffcc1cc: ; not directly referenced cmp dword [ebp - 0xacc4], 3 -jne short loc_fffcb971 ; jne 0xfffcb971 +jne short loc_fffcc1e7 ; jne 0xfffcc1e7 -loc_fffcb95f: ; not directly referenced +loc_fffcc1d5: ; not directly referenced add ebx, dword [ebp - 0xacdc] mov word [ebp + ebx*2 - 0xabcc], 1 -jmp short loc_fffcb9be ; jmp 0xfffcb9be +jmp short loc_fffcc234 ; jmp 0xfffcc234 -loc_fffcb971: ; not directly referenced +loc_fffcc1e7: ; not directly referenced mov al, byte [ebp - 0xaca4] mov esi, dword [ebp - 0xacb0] mov edx, eax @@ -58491,13 +59063,13 @@ shr ax, 2 or edx, ecx and eax, 1 or dl, al -je short loc_fffcb95f ; je 0xfffcb95f +je short loc_fffcc1d5 ; je 0xfffcc1d5 -loc_fffcb9be: ; not directly referenced +loc_fffcc234: ; not directly referenced inc dword [ebp - 0xacd8] -jmp near loc_fffcb746 ; jmp 0xfffcb746 +jmp near loc_fffcbfbc ; jmp 0xfffcbfbc -loc_fffcb9c9: ; not directly referenced +loc_fffcc23f: ; not directly referenced sub esp, 0xc mov edx, dword [ebp - 0xac98] push dword [ebp - 0xacb8] @@ -58513,7 +59085,7 @@ mov eax, edi push 0x40 push ebx push 0 -call fcn_fffb97c0 ; call 0xfffb97c0 +call fcn_fffb78c3 ; call 0xfffb78c3 movsx eax, byte [ebp - 0xad09] add esp, 0x2c mov ecx, ebx @@ -58528,19 +59100,19 @@ push esi mov esi, dword [ebp - 0xacec] push 0x40 mov edx, esi -call fcn_fffa5d2d ; call 0xfffa5d2d +call fcn_fffa5cdb ; call 0xfffa5cdb movsx bx, byte [esi + 2] add esp, 0x20 add bx, word [esi] xor edx, edx cmp byte [ebp - 0xac8c], 7 -jne short loc_fffcba66 ; jne 0xfffcba66 +jne short loc_fffcc2dc ; jne 0xfffcc2dc mov eax, dword [ebp - 0xacb0] cmp dword [eax + 0xc0], 2 mov eax, 0x20 cmove edx, eax -loc_fffcba66: ; not directly referenced +loc_fffcc2dc: ; not directly referenced movsx ax, byte [ebp - 0xac90] push 1 mov esi, dword [ebp - 0xac9c] @@ -58553,54 +59125,54 @@ mov eax, edi push dword [ebp - 0xacb8] movzx ecx, byte [ebp + edx - 0xac75] push esi -call fcn_fffafdb2 ; call 0xfffafdb2 +call fcn_fffa972b ; call 0xfffa972b mov ecx, dword [ebp - 0xace0] add esp, 0x10 inc dword [ebp - 0xac9c] add dword [ebp - 0xacec], 0x50a mov word [ecx + esi*2], bx -jmp near loc_fffcb3fb ; jmp 0xfffcb3fb +jmp near loc_fffcbc71 ; jmp 0xfffcbc71 -loc_fffcbabc: ; not directly referenced +loc_fffcc332: ; not directly referenced inc dword [ebp - 0xac98] add dword [ebp - 0xacf8], 0x2d5a add dword [ebp - 0xace0], 0x12 add dword [ebp - 0xacb0], 0x13c3 cmp dword [ebp - 0xac98], 2 -jne loc_fffcb3c9 ; jne 0xfffcb3c9 +jne loc_fffcbc3f ; jne 0xfffcbc3f cmp dword [ebp - 0xaccc], 0 -je short loc_fffcbb0b ; je 0xfffcbb0b +je short loc_fffcc381 ; je 0xfffcc381 mov eax, dword [ebp - 0xaca8] mov edx, 0x2008 mov ecx, dword [eax + 0x18] mov eax, edi or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffcbb0b: ; not directly referenced -lea eax, [edi + 0x2490] +loc_fffcc381: ; not directly referenced +lea eax, [edi + 0x2491] xor esi, esi mov dword [ebp - 0xac94], eax -loc_fffcbb19: ; not directly referenced +loc_fffcc38f: ; not directly referenced mov eax, dword [ebp - 0xacb4] cmp word [ebp - 0xacba], si -jbe loc_fffcbc10 ; jbe 0xfffcbc10 +jbe loc_fffcc486 ; jbe 0xfffcc486 mov dword [ebp - 0xac88], eax imul eax, esi, 0x480 xor edx, edx mov dword [ebp - 0xac90], eax -loc_fffcbb40: ; not directly referenced +loc_fffcc3b6: ; not directly referenced mov eax, dword [ebp - 0xace4] bt eax, edx -jb short loc_fffcbb77 ; jb 0xfffcbb77 +jb short loc_fffcc3ed ; jb 0xfffcc3ed -loc_fffcbb4b: ; not directly referenced +loc_fffcc3c1: ; not directly referenced inc edx add dword [ebp - 0xac88], 0x12 cmp edx, 2 -jne short loc_fffcbb40 ; jne 0xfffcbb40 +jne short loc_fffcc3b6 ; jne 0xfffcc3b6 mov eax, dword [ebp + 0x10] sub esp, 0xc mov edx, dword [ebp - 0xac94] @@ -58608,19 +59180,19 @@ movzx ecx, byte [eax + esi] mov eax, edi inc esi push 0 -call fcn_fffa7d98 ; call 0xfffa7d98 +call fcn_fffa7d46 ; call 0xfffa7d46 add esp, 0x10 -jmp short loc_fffcbb19 ; jmp 0xfffcbb19 +jmp short loc_fffcc38f ; jmp 0xfffcc38f -loc_fffcbb77: ; not directly referenced +loc_fffcc3ed: ; not directly referenced mov eax, dword [ebp + 0x10] xor ebx, ebx movzx eax, byte [eax + esi] cmp al, 0x21 -ja short loc_fffcbb8b ; ja 0xfffcbb8b -movzx ebx, byte [eax + ref_fffd5f1c] ; movzx ebx, byte [eax - 0x2a0e4] +ja short loc_fffcc401 ; ja 0xfffcc401 +movzx ebx, byte [eax + ref_fffd58e0] ; movzx ebx, byte [eax - 0x2a720] -loc_fffcbb8b: ; not directly referenced +loc_fffcc401: ; not directly referenced imul ebx, ebx, 0x240 imul eax, edx, 0x48 add eax, ebx @@ -58630,9 +59202,9 @@ mov ecx, eax mov dword [ebp - 0xac8c], ebx xor eax, eax -loc_fffcbba5: ; not directly referenced +loc_fffcc41b: ; not directly referenced cmp byte [ebp - 0xaca2], al -jbe short loc_fffcbb4b ; jbe 0xfffcbb4b +jbe short loc_fffcc3c1 ; jbe 0xfffcc3c1 mov ebx, dword [ebp - 0xac88] movsx ebx, word [ebx + eax*2] sub ebx, dword [ebp - 0xacd0] @@ -58641,7 +59213,7 @@ add ebx, dword [ebp - 0xac90] add ebx, dword [ebp - 0xac8c] add ebx, eax movzx ebx, word [ebp + ebx*4 - 0xa2cc] -mov dword [ecx + eax*8 + 0x2490], ebx +mov dword [ecx + eax*8 + 0x2491], ebx mov ebx, dword [ebp - 0xac88] movsx ebx, word [ebx + eax*2] sub ebx, dword [ebp - 0xacd0] @@ -58650,28 +59222,28 @@ add ebx, dword [ebp - 0xac90] add ebx, dword [ebp - 0xac8c] add ebx, eax movzx ebx, word [ebp + ebx*4 - 0xa2ca] -mov dword [ecx + eax*8 + 0x2494], ebx +mov dword [ecx + eax*8 + 0x2495], ebx inc eax -jmp short loc_fffcbba5 ; jmp 0xfffcbba5 +jmp short loc_fffcc41b ; jmp 0xfffcc41b -loc_fffcbc10: ; not directly referenced +loc_fffcc486: ; not directly referenced mov esi, dword [ebp + 0x10] add eax, 0x24 mov byte [eax + 0x18], 4 mov dword [ebp - 0xac90], eax -loc_fffcbc20: ; not directly referenced +loc_fffcc496: ; not directly referenced mov ecx, esi sub ecx, dword [ebp - 0xad04] cmp cx, word [ebp - 0xacba] -jae loc_fffcbd22 ; jae 0xfffcbd22 +jae loc_fffcc598 ; jae 0xfffcc598 movzx edx, byte [esi] xor eax, eax cmp dl, 0x21 -ja short loc_fffcbc46 ; ja 0xfffcbc46 -movzx eax, byte [edx + ref_fffd5f1c] ; movzx eax, byte [edx - 0x2a0e4] +ja short loc_fffcc4bc ; ja 0xfffcc4bc +movzx eax, byte [edx + ref_fffd58e0] ; movzx eax, byte [edx - 0x2a720] -loc_fffcbc46: ; not directly referenced +loc_fffcc4bc: ; not directly referenced mov ebx, dword [ebp - 0xacb4] movzx ecx, cx imul eax, eax, 0x240 @@ -58682,25 +59254,25 @@ mov ebx, dword [ebp - 0xac90] add eax, edi mov dword [ebp - 0xac8c], ebx -loc_fffcbc76: ; not directly referenced +loc_fffcc4ec: ; not directly referenced mov ecx, dword [ebp - 0xace4] mov edx, dword [ebp - 0xac88] bt ecx, edx -jae short loc_fffcbcf8 ; jae 0xfffcbcf8 +jae short loc_fffcc56e ; jae 0xfffcc56e xor edx, edx -loc_fffcbc89: ; not directly referenced +loc_fffcc4ff: ; not directly referenced cmp dl, byte [ebp - 0xaca2] -jae short loc_fffcbce6 ; jae 0xfffcbce6 +jae short loc_fffcc55c ; jae 0xfffcc55c test dl, dl -jne short loc_fffcbca3 ; jne 0xfffcbca3 -mov ecx, dword [eax + 0x2490] -add ecx, dword [eax + 0x2494] -jmp short loc_fffcbcda ; jmp 0xfffcbcda - -loc_fffcbca3: ; not directly referenced -mov ecx, dword [eax + edx*8 + 0x2494] -mov ebx, dword [eax + edx*8 + 0x2490] +jne short loc_fffcc519 ; jne 0xfffcc519 +mov ecx, dword [eax + 0x2491] +add ecx, dword [eax + 0x2495] +jmp short loc_fffcc550 ; jmp 0xfffcc550 + +loc_fffcc519: ; not directly referenced +mov ecx, dword [eax + edx*8 + 0x2495] +mov ebx, dword [eax + edx*8 + 0x2491] mov dword [ebp - 0xac9c], eax mov eax, dword [ebp - 0xac8c] mov dword [ebp - 0xac98], ecx @@ -58708,43 +59280,43 @@ add ecx, ebx movzx eax, word [eax] cmp eax, ecx mov eax, dword [ebp - 0xac9c] -jbe short loc_fffcbce3 ; jbe 0xfffcbce3 +jbe short loc_fffcc559 ; jbe 0xfffcc559 mov ecx, ebx add ecx, dword [ebp - 0xac98] -loc_fffcbcda: ; not directly referenced +loc_fffcc550: ; not directly referenced mov ebx, dword [ebp - 0xac8c] mov word [ebx], cx -loc_fffcbce3: ; not directly referenced +loc_fffcc559: ; not directly referenced inc edx -jmp short loc_fffcbc89 ; jmp 0xfffcbc89 +jmp short loc_fffcc4ff ; jmp 0xfffcc4ff -loc_fffcbce6: ; not directly referenced +loc_fffcc55c: ; not directly referenced mov dl, byte [esi] mov ecx, dword [ebp - 0xac94] mov ebx, dword [ebp - 0xac88] mov byte [ecx + ebx + 0x34], dl -loc_fffcbcf8: ; not directly referenced +loc_fffcc56e: ; not directly referenced inc dword [ebp - 0xac88] add eax, 0x48 add dword [ebp - 0xac8c], 2 cmp dword [ebp - 0xac88], 2 -jne loc_fffcbc76 ; jne 0xfffcbc76 +jne loc_fffcc4ec ; jne 0xfffcc4ec add dword [ebp - 0xac90], 4 inc esi -jmp near loc_fffcbc20 ; jmp 0xfffcbc20 +jmp near loc_fffcc496 ; jmp 0xfffcc496 -loc_fffcbd22: ; not directly referenced -mov byte [edi + 0x247a], 0 -jmp short loc_fffcbd35 ; jmp 0xfffcbd35 +loc_fffcc598: ; not directly referenced +mov byte [edi + 0x247b], 0 +jmp short loc_fffcc5ab ; jmp 0xfffcc5ab -loc_fffcbd2b: ; not directly referenced +loc_fffcc5a1: ; not directly referenced mov eax, 0xdc -jmp near loc_fffcb2f3 ; jmp 0xfffcb2f3 +jmp near loc_fffcbb69 ; jmp 0xfffcbb69 -loc_fffcbd35: ; not directly referenced +loc_fffcc5ab: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -58752,7 +59324,96 @@ pop edi pop ebp ret -fcn_fffcbd3d: ; not directly referenced +fcn_fffcc5b3: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x60 +mov ebx, dword [ebp + 8] +mov byte [ebp - 0x67], 4 +lea esi, [ebp - 0x60] +mov byte [ebp - 0x66], 1 +mov byte [ebp - 0x65], 1 +mov edi, dword [ebx + 0x2444] +push 0 +push 8 +mov eax, dword [ebx + 0x5edd] +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +add eax, 0x1bc +push eax +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +call dword [edi + 0x5c] ; ucall +add esp, 0xc +push 0 +push 5 +push esi +call dword [edi + 0x60] ; ucall +movzx edx, byte [ebp - 0x67] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x66] +mov ecx, 1 +mov word [ebp - 0x60], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +add esp, 0x10 +cmp dword [ebx + 0x188b], 1 +mov word [ebp - 0x5e], ax +jne short loc_fffcc64e ; jne 0xfffcc64e +mov eax, ebx +call fcn_fffaac56 ; call 0xfffaac56 +mov eax, 8 +mov edx, 0x2f +add word [ebp - 0x5e], 0x28 +jmp short loc_fffcc655 ; jmp 0xfffcc655 + +loc_fffcc64e: ; not directly referenced +xor eax, eax +mov edx, 7 + +loc_fffcc655: ; not directly referenced +push ecx +mov ecx, 3 +push 0 +push 0 +push 0xf +push edx +push eax +push esi +lea eax, [ebp - 0x65] +push eax +push 2 +lea eax, [ebp - 0x67] +push eax +mov eax, ebx +push 6 +lea edx, [ebp - 0x56] +push 0xf +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x28 +mov eax, ebx +push 0 +mov ecx, 3 +push 0xf +push 0 +push 0 +push 0 +lea edx, [ebx + 0x2491] +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffcc6a5: ; not directly referenced push ebp mov ebp, esp push esi @@ -58762,7 +59423,7 @@ mov ebx, dword [ebp + 8] lea esi, [ebp - 0x50] mov byte [ebp - 0x57], 4 mov byte [ebp - 0x56], 1 -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] push 0 push 5 push esi @@ -58775,16 +59436,16 @@ call dword [eax + 0x60] ; ucall movzx edx, byte [ebp - 0x57] mov ecx, 1 mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 movzx edx, byte [ebp - 0x56] mov ecx, 1 mov word [ebp - 0x50], ax mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 add esp, 0x10 -cmp dword [ebx + 0x2480], 3 +cmp dword [ebx + 0x2481], 3 mov word [ebp - 0x4e], ax -jne short loc_fffcbdd5 ; jne 0xfffcbdd5 +jne short loc_fffcc73d ; jne 0xfffcc73d push eax mov ecx, 3 push 0 @@ -58802,10 +59463,10 @@ mov eax, ebx push 9 push 0xf lea edx, [ebp - 0x46] -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 -loc_fffcbdd5: ; not directly referenced +loc_fffcc73d: ; not directly referenced lea esp, [ebp - 8] xor eax, eax pop ebx @@ -58813,7 +59474,7 @@ pop esi pop ebp ret -fcn_fffcbdde: ; not directly referenced +fcn_fffcc746: ; not directly referenced push ebp mov ebp, esp push edi @@ -58824,9 +59485,9 @@ mov edi, dword [ebp + 8] lea edx, [ebp - 0x60] mov byte [ebp - 0x6f], 4 mov byte [ebp - 0x6e], 1 -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] mov ebx, dword [edi + 0x1887] -mov esi, dword [edi + 0x5edc] +mov esi, dword [edi + 0x5edd] push 0 push 5 push edx @@ -58846,9 +59507,9 @@ mov byte [ebp - 0x61], 0 call dword [eax + 0x60] ; ucall mov edx, 0x3a04 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f add esp, 0x10 -mov edx, dword [edi + 0x2480] +mov edx, dword [edi + 0x2481] and eax, 0x3f cmp ebx, 0x306d0 mov byte [ebp - 0x88], al @@ -58856,27 +59517,27 @@ sete al cmp ebx, 0x40650 sete cl or al, cl -je short loc_fffcbe8f ; je 0xfffcbe8f +je short loc_fffcc7f7 ; je 0xfffcc7f7 cmp edx, 3 -je short loc_fffcbeb2 ; je 0xfffcbeb2 +je short loc_fffcc81a ; je 0xfffcc81a mov byte [ebp - 0x85], 9 mov byte [ebp - 0x7e], 0x1e mov word [ebp - 0x80], 0xe6 -jmp short loc_fffcbea0 ; jmp 0xfffcbea0 +jmp short loc_fffcc808 ; jmp 0xfffcc808 -loc_fffcbe8f: ; not directly referenced +loc_fffcc7f7: ; not directly referenced mov byte [ebp - 0x85], 9 mov byte [ebp - 0x7e], 0x1e mov word [ebp - 0x80], 0xb4 -loc_fffcbea0: ; not directly referenced +loc_fffcc808: ; not directly referenced lea eax, [ebp - 0x6a] mov dword [ebp - 0x84], eax lea eax, [ebp - 0x6f] mov byte [ebp - 0x7d], 2 -jmp short loc_fffcbed3 ; jmp 0xfffcbed3 +jmp short loc_fffcc83b ; jmp 0xfffcc83b -loc_fffcbeb2: ; not directly referenced +loc_fffcc81a: ; not directly referenced lea eax, [ebp - 0x65] mov dword [ebp - 0x84], eax lea eax, [ebp - 0x6d] @@ -58885,20 +59546,20 @@ mov byte [ebp - 0x7e], 0x50 mov word [ebp - 0x80], 0xe6 mov byte [ebp - 0x7d], 3 -loc_fffcbed3: ; not directly referenced +loc_fffcc83b: ; not directly referenced mov dword [ebp - 0x7c], eax xor ebx, ebx -loc_fffcbed8: ; not directly referenced +loc_fffcc840: ; not directly referenced mov eax, dword [ebp - 0x7c] mov ecx, 1 movzx edx, byte [eax + ebx] mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov word [ebp + ebx*2 - 0x60], ax inc ebx cmp byte [ebp - 0x7d], bl -ja short loc_fffcbed8 ; ja 0xfffcbed8 +ja short loc_fffcc840 ; ja 0xfffcc840 mov ecx, dword [esi + 0xc] mov esi, ecx shr ecx, 0xf @@ -58911,7 +59572,7 @@ lea edx, [eax - 0x20] cmove edx, eax mov eax, edi movsx edx, dl -call fcn_fffa6cfe ; call 0xfffa6cfe +call fcn_fffa6cac ; call 0xfffa6cac movzx ecx, byte [ebp - 0x88] mov edx, esi xor edx, 1 @@ -58967,7 +59628,7 @@ mov eax, edi push dword [ebp - 0x7c] push 1 push 0xf -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x28 mov eax, edi push 0 @@ -58976,9 +59637,9 @@ push 0x11 push 0 push 0 push 0 -lea edx, [edi + 0x2490] +lea edx, [edi + 0x2491] push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d +call fcn_fffbea08 ; call 0xfffbea08 lea esp, [ebp - 0xc] pop ebx pop esi @@ -58986,13 +59647,13 @@ pop edi pop ebp ret -fcn_fffcbfee: ; not directly referenced +fcn_fffcc956: ; not directly referenced push ebp mov ecx, 0xa mov ebp, esp push edi push esi -mov esi, ref_fffd5b20 ; mov esi, 0xfffd5b20 +mov esi, ref_fffd619c ; mov esi, 0xfffd619c push ebx sub esp, 0x7c mov eax, dword [ebp + 8] @@ -59001,7 +59662,7 @@ mov byte [ebp - 0x6e], 4 lea ebx, [ebp - 0x60] rep movsb ; rep movsb byte es:[edi], byte ptr [esi] mov byte [ebp - 0x6d], 1 -lea esi, [eax + 0x3756] +lea esi, [eax + 0x3757] mov byte [ebp - 0x6c], 5 mov byte [ebp - 0x6b], 2 mov byte [ebp - 0x70], 5 @@ -59018,14 +59679,14 @@ mov byte [ebp - 0x62], 0 mov byte [ebp - 0x61], 0 mov dword [ebp - 0x7c], 0 -loc_fffcc059: ; not directly referenced +loc_fffcc9c1: ; not directly referenced cmp dword [esi], 2 -jne loc_fffcc10d ; jne 0xfffcc10d +jne loc_fffcca75 ; jne 0xfffcca75 mov cl, byte [ebp - 0x7c] mov edi, 1 shl edi, cl cmp dword [esi + 0xc0], 2 -jne short loc_fffcc0e3 ; jne 0xfffcc0e3 +jne short loc_fffcca4b ; jne 0xfffcca4b push edx mov ecx, edi push 0 @@ -59043,7 +59704,7 @@ mov eax, dword [ebp + 8] push 7 push 0xf lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x2c mov ecx, edi push 0 @@ -59061,7 +59722,7 @@ mov eax, dword [ebp + 8] push 8 push 3 lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x2c push 0 push 0 @@ -59076,9 +59737,9 @@ lea eax, [ebp - 0x70] push eax push 8 push 0xc -jmp short loc_fffcc0fd ; jmp 0xfffcc0fd +jmp short loc_fffcca65 ; jmp 0xfffcca65 -loc_fffcc0e3: ; not directly referenced +loc_fffcca4b: ; not directly referenced push eax push 0 push 0 @@ -59094,18 +59755,18 @@ push eax push 7 push 0xf -loc_fffcc0fd: ; not directly referenced +loc_fffcca65: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, edi lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 -loc_fffcc10d: ; not directly referenced +loc_fffcca75: ; not directly referenced inc dword [ebp - 0x7c] add esi, 0x13c3 cmp dword [ebp - 0x7c], 2 -jne loc_fffcc059 ; jne 0xfffcc059 +jne loc_fffcc9c1 ; jne 0xfffcc9c1 lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -59114,13 +59775,13 @@ pop edi pop ebp ret -fcn_fffcc12a: ; not directly referenced +fcn_fffcca92: ; not directly referenced push ebp mov ecx, 0xa mov ebp, esp push edi push esi -mov esi, ref_fffd5b2c ; mov esi, 0xfffd5b2c +mov esi, ref_fffd61a8 ; mov esi, 0xfffd61a8 push ebx sub esp, 0x5c mov ebx, dword [ebp + 8] @@ -59139,11 +59800,11 @@ or dl, al mov byte [ebp - 0x62], 0 mov byte [ebp - 0x61], 0 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -je short loc_fffcc1e4 ; je 0xfffcc1e4 +je short loc_fffccb4c ; je 0xfffccb4c mov cl, 1 mov edx, 5 mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov edx, dword [ebp - 0x60] mov ecx, 1 cmp ax, dx @@ -59151,7 +59812,7 @@ cmovae edx, eax mov eax, ebx mov word [ebp - 0x60], dx mov edx, 2 -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov dx, word [ebp - 0x5e] mov ecx, 3 cmp ax, dx @@ -59174,10 +59835,10 @@ push 2 push 0xf mov word [ebp - 0x5e], dx lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 -loc_fffcc1e4: ; not directly referenced +loc_fffccb4c: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -59186,7 +59847,7 @@ pop edi pop ebp ret -fcn_fffcc1ee: ; not directly referenced +fcn_fffccb56: ; not directly referenced push ebp mov ebp, esp push edi @@ -59202,12 +59863,12 @@ mov byte [ebp - 0x64], 2 mov byte [ebp - 0x63], 1 mov byte [ebp - 0x62], 0 mov byte [ebp - 0x61], 0 -jne loc_fffcc2f7 ; jne 0xfffcc2f7 -movzx esi, byte [ebx + 0x248e] +jne loc_fffccc5f ; jne 0xfffccc5f +movzx esi, byte [ebx + 0x248f] lea ecx, [ebp - 0x60] -movzx edi, byte [ebx + 0x248d] +movzx edi, byte [ebx + 0x248e] push eax -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] push 0 push 5 push ecx @@ -59215,12 +59876,12 @@ call dword [eax + 0x60] ; ucall movzx edx, byte [ebp - 0x67] mov ecx, 1 mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 movzx edx, byte [ebp - 0x66] mov ecx, 1 mov word [ebp - 0x60], ax mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 add esp, 0xc mov ecx, edi push 0 @@ -59244,11 +59905,11 @@ mov dword [ebp - 0x6c], ecx mov ecx, eax mov dword [ebp - 0x70], eax mov eax, ebx -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 mov edx, 0x3a08 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, eax shr edx, 0x12 shr eax, 0xc @@ -59278,13 +59939,13 @@ push edi push 0xa push dword [ebp - 0x6c] lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 -loc_fffcc2f7: ; not directly referenced +loc_fffccc5f: ; not directly referenced sub esp, 0xc push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -59293,7 +59954,7 @@ pop edi pop ebp ret -fcn_fffcc30a: ; not directly referenced +fcn_fffccc72: ; not directly referenced push ebp mov ebp, esp push edi @@ -59309,13 +59970,13 @@ mov byte [ebp - 0x64], 2 mov byte [ebp - 0x63], 1 mov byte [ebp - 0x62], 0 mov byte [ebp - 0x61], 0 -jne short loc_fffcc3b3 ; jne 0xfffcc3b3 -movzx eax, byte [ebx + 0x248d] +jne short loc_fffccd1b ; jne 0xfffccd1b +movzx eax, byte [ebx + 0x248e] lea esi, [ebp - 0x60] -movzx edi, byte [ebx + 0x248e] +movzx edi, byte [ebx + 0x248f] mov dword [ebp - 0x6c], eax push eax -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] push 0 push 5 push esi @@ -59323,12 +59984,12 @@ call dword [eax + 0x60] ; ucall movzx edx, byte [ebp - 0x67] mov ecx, 1 mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 movzx edx, byte [ebp - 0x66] mov ecx, 1 mov word [ebp - 0x60], ax mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 add esp, 0xc mov ecx, edi push 0 @@ -59348,13 +60009,13 @@ mov eax, dword [ebp - 0x6c] push 0xc push eax mov eax, ebx -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 -loc_fffcc3b3: ; not directly referenced +loc_fffccd1b: ; not directly referenced sub esp, 0xc push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -59363,7 +60024,7 @@ pop edi pop ebp ret -fcn_fffcc3c6: ; not directly referenced +fcn_fffccd2e: ; not directly referenced push ebp mov ebp, esp push edi @@ -59372,7 +60033,7 @@ push esi push ebx mov ebx, eax sub esp, 0x70 -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] push 0 push 5 lea esi, [ebp - 0x60] @@ -59389,12 +60050,12 @@ call dword [eax + 0x60] ; ucall movzx edx, byte [ebp - 0x67] mov ecx, 1 mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 movzx edx, byte [ebp - 0x66] mov ecx, 1 mov word [ebp - 0x60], ax mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 add esp, 0xc movzx ecx, byte [ebp - 0x6c] cmp dword [ebx + 0x188b], 1 @@ -59418,11 +60079,11 @@ push eax mov eax, ebx push 0 push 0xf -call fcn_fffca96e ; call 0xfffca96e +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 xor eax, eax cmp dword [ebp + 8], 0 -je short loc_fffcc493 ; je 0xfffcc493 +je short loc_fffccdfb ; je 0xfffccdfb push eax mov ecx, 3 push eax @@ -59433,11 +60094,11 @@ push 0 push 0 push 0 push 2 -lea edx, [ebx + 0x2490] -call fcn_fffc0a2d ; call 0xfffc0a2d +lea edx, [ebx + 0x2491] +call fcn_fffbea08 ; call 0xfffbea08 add esp, 0x20 -loc_fffcc493: ; not directly referenced +loc_fffccdfb: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -59445,7 +60106,7 @@ pop edi pop ebp ret -fcn_fffcc49b: ; not directly referenced +fcn_fffcce03: ; not directly referenced push ebp mov ecx, 0xf mov ebp, esp @@ -59453,9 +60114,9 @@ mov edx, 3 mov eax, dword [ebp + 8] mov dword [ebp + 8], 1 pop ebp -jmp near fcn_fffcc3c6 ; jmp 0xfffcc3c6 +jmp near fcn_fffccd2e ; jmp 0xfffccd2e -fcn_fffcc4b8: ; not directly referenced +fcn_fffcce20: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 0x10] @@ -59466,7 +60127,7 @@ mov dword [ecx + 4], edx pop ebp ret -fcn_fffcc4cb: ; not directly referenced +fcn_fffcce33: ; not directly referenced push ebp mov ebp, esp push edi @@ -59489,28 +60150,28 @@ mov al, byte [ebp + 0x18] mov byte [ebp - 0x33], al mov al, byte [ebp + 0x1c] mov byte [ebp - 0x34], al -mov eax, dword [edi + 0x5edc] +mov eax, dword [edi + 0x5edd] cmp bl, 1 -ja loc_fffcc70e ; ja 0xfffcc70e -cmp dword [edi + 0x2480], 2 -jne loc_fffcc70e ; jne 0xfffcc70e +ja loc_fffcd076 ; ja 0xfffcd076 +cmp dword [edi + 0x2481], 2 +jne loc_fffcd076 ; jne 0xfffcd076 movzx eax, byte [ebp - 0x24] mov dword [ebp - 0x1c], 0 mov dword [ebp - 0x38], eax imul eax, eax, 0x13c3 -lea ebx, [edi + eax + 0x3756] +lea ebx, [edi + eax + 0x3757] add eax, edi mov dword [ebp - 0x48], eax -loc_fffcc540: ; not directly referenced +loc_fffccea8: ; not directly referenced mov cl, byte [ebp - 0x1c] mov edx, 1 shl edx, cl test byte [ebp - 0x33], dl -je loc_fffcc6f7 ; je 0xfffcc6f7 +je loc_fffcd05f ; je 0xfffcd05f mov eax, dword [ebp - 0x48] -test byte [eax + 0x381a], dl -je loc_fffcc6f7 ; je 0xfffcc6f7 +test byte [eax + 0x381b], dl +je loc_fffcd05f ; je 0xfffcd05f mov esi, dword [ebp - 0x1c] imul eax, esi, 0x18 mov dword [ebp - 0x30], eax @@ -59520,7 +60181,7 @@ or word [ebp - 0x28], 0x80 mov eax, dword [ebp - 0x28] cmp dword [ebp - 0x3c], 0 mov word [ebp - 0x20], ax -je loc_fffcc666 ; je 0xfffcc666 +je loc_fffccfce ; je 0xfffccfce movzx eax, byte [ebp - 0x34] imul esi, esi, 0x70 mov dword [ebp - 0x28], 0 @@ -59529,11 +60190,11 @@ movzx eax, byte [ebp - 0x32] add esi, ebx mov dword [ebp - 0x44], eax -loc_fffcc5a8: ; not directly referenced +loc_fffccf10: ; not directly referenced mov eax, dword [ebp - 0x30] mov edx, dword [ebp - 0x28] bt eax, edx -jae loc_fffcc651 ; jae 0xfffcc651 +jae loc_fffccfb9 ; jae 0xfffccfb9 mov cx, word [esi + 0x109f] mov al, cl and ecx, 0x3f @@ -59544,36 +60205,36 @@ test al, 0x60 cmove edx, ecx lea eax, [edx - 0xd] cmp dl, 0xc -jg short loc_fffcc5e3 ; jg 0xfffcc5e3 +jg short loc_fffccf4b ; jg 0xfffccf4b xor eax, eax cmp dl, 0xe4 lea ecx, [edx + 0x1b] cmovle eax, ecx -loc_fffcc5e3: ; not directly referenced +loc_fffccf4b: ; not directly referenced add eax, dword [ebp - 0x2c] cmp al, 0x25 -jg short loc_fffcc5f4 ; jg 0xfffcc5f4 +jg short loc_fffccf5c ; jg 0xfffccf5c cmp al, 0xdb -jl short loc_fffcc5fb ; jl 0xfffcc5fb +jl short loc_fffccf63 ; jl 0xfffccf63 test al, al -jns short loc_fffcc5f6 ; jns 0xfffcc5f6 -jmp short loc_fffcc5fd ; jmp 0xfffcc5fd +jns short loc_fffccf5e ; jns 0xfffccf5e +jmp short loc_fffccf65 ; jmp 0xfffccf65 -loc_fffcc5f4: ; not directly referenced +loc_fffccf5c: ; not directly referenced mov al, 0x25 -loc_fffcc5f6: ; not directly referenced +loc_fffccf5e: ; not directly referenced add eax, 0xd -jmp short loc_fffcc600 ; jmp 0xfffcc600 +jmp short loc_fffccf68 ; jmp 0xfffccf68 -loc_fffcc5fb: ; not directly referenced +loc_fffccf63: ; not directly referenced mov al, 0xdb -loc_fffcc5fd: ; not directly referenced +loc_fffccf65: ; not directly referenced sub eax, 0x1b -loc_fffcc600: ; not directly referenced +loc_fffccf68: ; not directly referenced and eax, 0x7f mov cl, byte [ebp - 0x28] mov dl, al @@ -59594,21 +60255,21 @@ movzx eax, word [ebp - 0x20] push 6 push eax mov eax, edi -call fcn_fffaa285 ; call 0xfffaa285 +call fcn_fffac8c3 ; call 0xfffac8c3 add esp, 0x10 cmp byte [ebp - 0x31], 0 -je short loc_fffcc651 ; je 0xfffcc651 +je short loc_fffccfb9 ; je 0xfffccfb9 mov eax, dword [ebp - 0x20] mov word [esi + 0x109f], ax -loc_fffcc651: ; not directly referenced +loc_fffccfb9: ; not directly referenced inc dword [ebp - 0x28] add esi, 0xe cmp dword [ebp - 0x28], 8 -jne loc_fffcc5a8 ; jne 0xfffcc5a8 -jmp near loc_fffcc6f7 ; jmp 0xfffcc6f7 +jne loc_fffccf10 ; jne 0xfffccf10 +jmp near loc_fffcd05f ; jmp 0xfffcd05f -loc_fffcc666: ; not directly referenced +loc_fffccfce: ; not directly referenced mov eax, dword [ebp - 0x30] mov si, word [ebx + eax + 0x1277] mov ecx, esi @@ -59620,36 +60281,36 @@ and cl, 0x60 cmove eax, esi lea ecx, [eax - 0xd] cmp al, 0xc -jg short loc_fffcc695 ; jg 0xfffcc695 +jg short loc_fffccffd ; jg 0xfffccffd xor ecx, ecx cmp al, 0xe4 lea esi, [eax + 0x1b] cmovle ecx, esi -loc_fffcc695: ; not directly referenced +loc_fffccffd: ; not directly referenced add ecx, dword [ebp - 0x2c] cmp cl, 0x25 -jg short loc_fffcc6a8 ; jg 0xfffcc6a8 +jg short loc_fffcd010 ; jg 0xfffcd010 cmp cl, 0xdb -jl short loc_fffcc6af ; jl 0xfffcc6af +jl short loc_fffcd017 ; jl 0xfffcd017 test cl, cl -js short loc_fffcc6b1 ; js 0xfffcc6b1 -jmp short loc_fffcc6aa ; jmp 0xfffcc6aa +js short loc_fffcd019 ; js 0xfffcd019 +jmp short loc_fffcd012 ; jmp 0xfffcd012 -loc_fffcc6a8: ; not directly referenced +loc_fffcd010: ; not directly referenced mov cl, 0x25 -loc_fffcc6aa: ; not directly referenced +loc_fffcd012: ; not directly referenced add ecx, 0xd -jmp short loc_fffcc6b4 ; jmp 0xfffcc6b4 +jmp short loc_fffcd01c ; jmp 0xfffcd01c -loc_fffcc6af: ; not directly referenced +loc_fffcd017: ; not directly referenced mov cl, 0xdb -loc_fffcc6b1: ; not directly referenced +loc_fffcd019: ; not directly referenced sub ecx, 0x1b -loc_fffcc6b4: ; not directly referenced +loc_fffcd01c: ; not directly referenced and ecx, 0x7f mov esi, dword [ebp - 0x28] mov al, cl @@ -59668,50 +60329,50 @@ movzx eax, si push eax mov eax, edi push 6 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 cmp byte [ebp - 0x31], 0 -je short loc_fffcc6f7 ; je 0xfffcc6f7 +je short loc_fffcd05f ; je 0xfffcd05f mov eax, dword [ebp - 0x30] mov word [ebx + eax + 0x1277], si -loc_fffcc6f7: ; not directly referenced +loc_fffcd05f: ; not directly referenced inc dword [ebp - 0x1c] cmp dword [ebp - 0x1c], 2 -jne loc_fffcc540 ; jne 0xfffcc540 +jne loc_fffccea8 ; jne 0xfffccea8 mov ebx, 0x40000000 -jmp near loc_fffcc866 ; jmp 0xfffcc866 +jmp near loc_fffcd1ce ; jmp 0xfffcd1ce -loc_fffcc70e: ; not directly referenced +loc_fffcd076: ; not directly referenced mov ebx, dword [ebp - 0x24] cmp bl, 1 -je short loc_fffcc73b ; je 0xfffcc73b -jb short loc_fffcc729 ; jb 0xfffcc729 +je short loc_fffcd0a3 ; je 0xfffcd0a3 +jb short loc_fffcd091 ; jb 0xfffcd091 cmp bl, 2 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 +jne loc_fffcd260 ; jne 0xfffcd260 mov cl, byte [eax + 0x14] and ecx, 0x7f -jmp short loc_fffcc74c ; jmp 0xfffcc74c +jmp short loc_fffcd0b4 ; jmp 0xfffcd0b4 -loc_fffcc729: ; not directly referenced +loc_fffcd091: ; not directly referenced movzx ebx, byte [eax + 0x16] mov cl, byte [eax + 0x15] and ebx, 0x1f shr cl, 6 shl ebx, 2 -jmp short loc_fffcc74a ; jmp 0xfffcc74a +jmp short loc_fffcd0b2 ; jmp 0xfffcd0b2 -loc_fffcc73b: ; not directly referenced +loc_fffcd0a3: ; not directly referenced movzx ebx, byte [eax + 0x15] mov cl, byte [eax + 0x14] and ebx, 0x3f shr cl, 7 add ebx, ebx -loc_fffcc74a: ; not directly referenced +loc_fffcd0b2: ; not directly referenced or ecx, ebx -loc_fffcc74c: ; not directly referenced +loc_fffcd0b4: ; not directly referenced mov bl, cl mov esi, 0xffffffca or ebx, 0xffffff80 @@ -59725,22 +60386,22 @@ cmovge esi, ecx cmp esi, 0x36 cmovle ebx, esi test dl, dl -je short loc_fffcc7e6 ; je 0xfffcc7e6 +je short loc_fffcd14e ; je 0xfffcd14e mov edx, dword [ebp - 0x24] cmp dl, 1 -je short loc_fffcc7c1 ; je 0xfffcc7c1 -jb short loc_fffcc79c ; jb 0xfffcc79c +je short loc_fffcd129 ; je 0xfffcd129 +jb short loc_fffcd104 ; jb 0xfffcd104 cmp dl, 2 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 +jne loc_fffcd260 ; jne 0xfffcd260 mov dl, byte [eax + 0x14] mov cl, bl and ecx, 0x7f and edx, 0xffffff80 or edx, ecx mov byte [eax + 0x14], dl -jmp short loc_fffcc7e6 ; jmp 0xfffcc7e6 +jmp short loc_fffcd14e ; jmp 0xfffcd14e -loc_fffcc79c: ; not directly referenced +loc_fffcd104: ; not directly referenced mov dl, byte [eax + 0x15] mov cl, bl shl ecx, 6 @@ -59754,9 +60415,9 @@ and ecx, 0x1f and edx, 0xffffffe0 or edx, ecx mov byte [eax + 0x16], dl -jmp short loc_fffcc7e6 ; jmp 0xfffcc7e6 +jmp short loc_fffcd14e ; jmp 0xfffcd14e -loc_fffcc7c1: ; not directly referenced +loc_fffcd129: ; not directly referenced mov dl, byte [eax + 0x14] mov ecx, ebx and ecx, 1 @@ -59772,59 +60433,59 @@ and edx, 0xffffffc0 or edx, ecx mov byte [eax + 0x15], dl -loc_fffcc7e6: ; not directly referenced +loc_fffcd14e: ; not directly referenced cmp dword [edi + 0x188b], 1 mov eax, 0xf84 mov edx, 0xf78 cmove edx, eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, dword [ebp - 0x24] cmp dl, 1 -je short loc_fffcc837 ; je 0xfffcc837 -jb short loc_fffcc823 ; jb 0xfffcc823 +je short loc_fffcd19f ; je 0xfffcd19f +jb short loc_fffcd18b ; jb 0xfffcd18b cmp dl, 2 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 +jne loc_fffcd260 ; jne 0xfffcd260 and ebx, 0x7f and eax, 0xffffff80 or eax, ebx mov ebx, 0x20000000 -jmp short loc_fffcc849 ; jmp 0xfffcc849 +jmp short loc_fffcd1b1 ; jmp 0xfffcd1b1 -loc_fffcc823: ; not directly referenced +loc_fffcd18b: ; not directly referenced and ebx, 0x7f and eax, 0xffe03fff shl ebx, 0xe or eax, ebx mov ebx, 0x40000000 -jmp short loc_fffcc849 ; jmp 0xfffcc849 +jmp short loc_fffcd1b1 ; jmp 0xfffcd1b1 -loc_fffcc837: ; not directly referenced +loc_fffcd19f: ; not directly referenced and ebx, 0x7f and eax, 0xffffc07f shl ebx, 7 or eax, ebx mov ebx, 0x80000000 -loc_fffcc849: ; not directly referenced +loc_fffcd1b1: ; not directly referenced cmp dword [edi + 0x188b], 1 mov ecx, 0xf84 mov edx, 0xf78 cmove edx, ecx mov ecx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffcc866: ; not directly referenced +loc_fffcd1ce: ; not directly referenced cmp byte [ebp - 0x40], 0 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 -cmp dword [edi + 0x2480], 2 -jne short loc_fffcc884 ; jne 0xfffcc884 +jne loc_fffcd260 ; jne 0xfffcd260 +cmp dword [edi + 0x2481], 2 +jne short loc_fffcd1ec ; jne 0xfffcd1ec cmp byte [ebp - 0x24], 1 mov edx, 3 -jbe short loc_fffcc8ce ; jbe 0xfffcc8ce +jbe short loc_fffcd236 ; jbe 0xfffcd236 -loc_fffcc884: ; not directly referenced +loc_fffcd1ec: ; not directly referenced cmp dword [edi + 0x188b], 1 mov cl, 0x4b mov byte [ebp - 0x1c], 0 @@ -59834,45 +60495,45 @@ mov al, 0x32 lea esi, [esi + esi*4 + 5] cmovne ecx, eax -loc_fffcc89f: ; not directly referenced +loc_fffcd207: ; not directly referenced cmp dword [edi + 0x188b], 1 mov eax, 0xf84 mov edx, 0xf78 mov dword [ebp - 0x20], ecx cmove edx, eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x20] and eax, ebx cmp eax, ebx -jne short loc_fffcc8dc ; jne 0xfffcc8dc +jne short loc_fffcd244 ; jne 0xfffcd244 -loc_fffcc8c6: ; not directly referenced +loc_fffcd22e: ; not directly referenced mov eax, esi movzx esi, al imul edx, esi, 0xf -loc_fffcc8ce: ; not directly referenced +loc_fffcd236: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edi pop ebx pop esi pop edi pop ebp -jmp near fcn_fffa834b ; jmp 0xfffa834b +jmp near fcn_fffa82f9 ; jmp 0xfffa82f9 -loc_fffcc8dc: ; not directly referenced +loc_fffcd244: ; not directly referenced mov edx, 0xf mov eax, edi mov dword [ebp - 0x20], ecx -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov ecx, dword [ebp - 0x20] inc byte [ebp - 0x1c] cmp byte [ebp - 0x1c], cl -jb short loc_fffcc89f ; jb 0xfffcc89f -jmp short loc_fffcc8c6 ; jmp 0xfffcc8c6 +jb short loc_fffcd207 ; jb 0xfffcd207 +jmp short loc_fffcd22e ; jmp 0xfffcd22e -loc_fffcc8f8: ; not directly referenced +loc_fffcd260: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -59880,7 +60541,7 @@ pop edi pop ebp ret -fcn_fffcc900: ; not directly referenced +fcn_fffcd268: ; not directly referenced push ebp mov ebp, esp push edi @@ -59911,52 +60572,52 @@ mov eax, dword [ebp + 8] mov dword [ebp - 0x44], edx mov dword [ebp - 0x34], edi mov byte [ebp - 0x49], dl -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov byte [ebp - 0x2a], bl mov dword [ebp - 0x38], eax setbe al or al, bl -jne short loc_fffcc98e ; jne 0xfffcc98e +jne short loc_fffcd2f6 ; jne 0xfffcd2f6 lea eax, [ecx - 8] cmp al, 2 -jbe short loc_fffcc992 ; jbe 0xfffcc992 +jbe short loc_fffcd2fa ; jbe 0xfffcd2fa mov eax, dword [ebp + 8] mov bl, 0x36 -cmp dword [eax + 0x2480], 2 -jne short loc_fffcc998 ; jne 0xfffcc998 +cmp dword [eax + 0x2481], 2 +jne short loc_fffcd300 ; jne 0xfffcd300 cmp cl, 0x11 sete dl cmp cl, 5 sete al or dl, al -jne short loc_fffcc996 ; jne 0xfffcc996 +jne short loc_fffcd2fe ; jne 0xfffcd2fe cmp cl, 0x21 -jne short loc_fffcc998 ; jne 0xfffcc998 -jmp short loc_fffcc9a9 ; jmp 0xfffcc9a9 +jne short loc_fffcd300 ; jne 0xfffcd300 +jmp short loc_fffcd311 ; jmp 0xfffcd311 -loc_fffcc98e: ; not directly referenced +loc_fffcd2f6: ; not directly referenced mov bl, 0x1f -jmp short loc_fffcc998 ; jmp 0xfffcc998 +jmp short loc_fffcd300 ; jmp 0xfffcd300 -loc_fffcc992: ; not directly referenced +loc_fffcd2fa: ; not directly referenced mov bl, 0xff -jmp short loc_fffcc998 ; jmp 0xfffcc998 +jmp short loc_fffcd300 ; jmp 0xfffcd300 -loc_fffcc996: ; not directly referenced +loc_fffcd2fe: ; not directly referenced mov bl, 0x25 -loc_fffcc998: ; not directly referenced +loc_fffcd300: ; not directly referenced cmp cl, 0x1f -ja short loc_fffcc9ab ; ja 0xfffcc9ab +ja short loc_fffcd313 ; ja 0xfffcd313 mov eax, dword [ebp + 0x14] lea esi, [eax + eax - 1] mov eax, dword [ebp + 0x10] -jmp short loc_fffcc9d6 ; jmp 0xfffcc9d6 +jmp short loc_fffcd33e ; jmp 0xfffcd33e -loc_fffcc9a9: ; not directly referenced +loc_fffcd311: ; not directly referenced mov bl, 0x25 -loc_fffcc9ab: ; not directly referenced +loc_fffcd313: ; not directly referenced imul esi, dword [ebp + 0x14], 3 mov edi, 2 lea eax, [esi - 5] @@ -59967,16 +60628,16 @@ cmp dword [ebp + 0x14], 0 mov esi, eax mov eax, dword [ebp + 0x10] mov dword [ebp - 0x1c], eax -jne short loc_fffcc9d9 ; jne 0xfffcc9d9 +jne short loc_fffcd341 ; jne 0xfffcd341 lea eax, [eax + eax*4] mov di, 4 cdq idiv edi -loc_fffcc9d6: ; not directly referenced +loc_fffcd33e: ; not directly referenced mov dword [ebp - 0x1c], eax -loc_fffcc9d9: ; not directly referenced +loc_fffcd341: ; not directly referenced mov eax, dword [ebp + 0x10] mov edi, 3 imul eax, esi @@ -59984,13 +60645,13 @@ movzx esi, bl cdq idiv edi cmp dword [ebp - 0x1c], esi -jg short loc_fffcc9f9 ; jg 0xfffcc9f9 +jg short loc_fffcd361 ; jg 0xfffcd361 mov edi, dword [ebp - 0x1c] neg esi cmp edi, esi cmovge esi, edi -loc_fffcc9f9: ; not directly referenced +loc_fffcd361: ; not directly referenced mov ebx, dword [ebp - 0x20] cmp eax, 0xffffffe1 mov edx, 0xffffffe1 @@ -60007,7 +60668,7 @@ movzx eax, byte [ebp - 0x40] mov ebx, eax mov dword [ebp - 0x20], eax imul eax, eax, 0x13c3 -lea eax, [edx + eax + 0x3756] +lea eax, [edx + eax + 0x3757] mov dword [ebp - 0x28], eax movzx eax, byte [ebp - 0x44] mov edx, eax @@ -60019,61 +60680,61 @@ lea eax, [eax + edx*4] mov dword [ebp - 0x3c], eax mov ebx, dword [eax + 0x54] cmp cl, 0x21 -ja loc_fffccfba ; ja 0xfffccfba +ja loc_fffcd922 ; ja 0xfffcd922 movzx eax, cl -jmp dword [eax*4 + ref_fffd5b38] ; ujmp: jmp dword [eax*4 - 0x2a4c8] +jmp dword [eax*4 + ref_fffd61b4] ; ujmp: jmp dword [eax*4 - 0x29e4c] -loc_fffcca6b: ; not directly referenced +loc_fffcd3d3: ; not directly referenced and esi, 0x3f and ebx, 0xffffffc0 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +jmp near loc_fffcd579 ; jmp 0xfffcd579 -loc_fffcca76: ; not directly referenced +loc_fffcd3de: ; not directly referenced and esi, 0x3f and ebx, 0xfffff03f shl esi, 6 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +jmp near loc_fffcd579 ; jmp 0xfffcd579 -loc_fffcca87: ; not directly referenced +loc_fffcd3ef: ; not directly referenced and esi, 0x3f and ebx, 0xfffc0fff shl esi, 0xc -jmp near loc_fffccc11 ; jmp 0xfffccc11 +jmp near loc_fffcd579 ; jmp 0xfffcd579 -loc_fffcca98: ; not directly referenced +loc_fffcd400: ; not directly referenced and esi, 0x3f and ebx, 0xff03ffff shl esi, 0x12 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +jmp near loc_fffcd579 ; jmp 0xfffcd579 -loc_fffccaa9: ; not directly referenced +loc_fffcd411: ; not directly referenced and esi, 0x7f and ebx, 0x80ffffff shl esi, 0x18 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +jmp near loc_fffcd579 ; jmp 0xfffcd579 -loc_fffccaba: ; not directly referenced +loc_fffcd422: ; not directly referenced mov ebx, dword [ebp - 0x20] mov eax, dword [ebp + 8] shl ebx, 0xa add ebx, 0x4028 mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f cmp esi, 0 mov edi, eax mov eax, dword [ebp - 0x28] mov eax, dword [eax + 0x1019] -jle short loc_fffccae7 ; jle 0xfffccae7 +jle short loc_fffcd44f ; jle 0xfffcd44f lea esi, [esi + esi - 0x10] dec eax -jmp short loc_fffccaee ; jmp 0xfffccaee +jmp short loc_fffcd456 ; jmp 0xfffcd456 -loc_fffccae7: ; not directly referenced -je short loc_fffccaee ; je 0xfffccaee +loc_fffcd44f: ; not directly referenced +je short loc_fffcd456 ; je 0xfffcd456 lea esi, [esi + esi + 0x10] inc eax -loc_fffccaee: ; not directly referenced +loc_fffcd456: ; not directly referenced movzx ecx, byte [ebp - 0x24] and eax, 0x3f and edi, 0xffc0ffff @@ -60097,32 +60758,32 @@ push edx mov edx, dword [ebp - 0x20] push 0 push dword [ebp - 0x1c] -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 mov eax, dword [ebp + 8] mov ecx, edi mov edx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffccb52: ; not directly referenced +loc_fffcd4ba: ; not directly referenced movzx eax, byte [ebp - 0x50] xor ebx, ebx mov dword [ebp - 0x28], eax movzx eax, byte [ebp - 0x48] mov dword [ebp - 0x48], eax -loc_fffccb62: ; not directly referenced +loc_fffcd4ca: ; not directly referenced imul eax, ebx, 0x13c3 mov edx, dword [ebp + 8] -cmp dword [edx + eax + 0x3756], 2 -jne short loc_fffccbb1 ; jne 0xfffccbb1 +cmp dword [edx + eax + 0x3757], 2 +jne short loc_fffcd519 ; jne 0xfffcd519 cmp byte [ebp - 0x2c], bl sete dl cmp byte [ebp - 0x2b], 1 sete al or dl, al -je short loc_fffccbb1 ; je 0xfffccbb1 +je short loc_fffcd519 ; je 0xfffcd519 push dword [ebp - 0x28] xor eax, eax cmp byte [ebp - 0x49], 0 @@ -60136,29 +60797,29 @@ push esi push eax push ebx push dword [ebp + 8] -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 mov ecx, dword [ebp - 0x50] add esp, 0x20 -loc_fffccbb1: ; not directly referenced +loc_fffcd519: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffccb62 ; jne 0xfffccb62 +jne short loc_fffcd4ca ; jne 0xfffcd4ca cmp cl, 0x21 sete dl cmp cl, 0x11 sete al or dl, al -je loc_fffcd148 ; je 0xfffcd148 +je loc_fffcdab0 ; je 0xfffcdab0 mov eax, dword [ebp - 0x3c] mov ebx, dword [eax + 0x54] mov eax, edi and eax, 0x3f shl eax, 0xc and ebx, 0xfffc0fff -jmp short loc_fffccbf7 ; jmp 0xfffccbf7 +jmp short loc_fffcd55f ; jmp 0xfffcd55f -loc_fffccbe1: ; not directly referenced +loc_fffcd549: ; not directly referenced and esi, 0x7f mov eax, edi shl esi, 0x18 @@ -60167,11 +60828,11 @@ and eax, 0x3f or ebx, esi shl eax, 6 -loc_fffccbf7: ; not directly referenced +loc_fffcd55f: ; not directly referenced or ebx, eax -jmp near loc_fffccfc4 ; jmp 0xfffccfc4 +jmp near loc_fffcd92c ; jmp 0xfffcd92c -loc_fffccbfe: ; not directly referenced +loc_fffcd566: ; not directly referenced and esi, 0x3f and ebx, 0xff000fff mov eax, esi @@ -60179,23 +60840,23 @@ shl eax, 0xc shl esi, 0x12 or ebx, eax -loc_fffccc11: ; not directly referenced +loc_fffcd579: ; not directly referenced or ebx, esi -jmp near loc_fffccfc4 ; jmp 0xfffccfc4 +jmp near loc_fffcd92c ; jmp 0xfffcd92c -loc_fffccc18: ; not directly referenced +loc_fffcd580: ; not directly referenced cmp byte [ebp - 0x30], 0 movzx ebx, byte [ebp - 0x24] -je loc_fffcccca ; je 0xfffcccca +je loc_fffcd632 ; je 0xfffcd632 mov eax, dword [ebp + 8] lea edx, [ebx*4 + 0x3630] xor edi, edi mov ecx, dword [ebp + 0x10] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 imul eax, ebx, 0xd8 mov dword [ebp - 0x20], eax -loc_fffccc43: ; not directly referenced +loc_fffcd5ab: ; not directly referenced sub esp, 0xc mov eax, dword [ebp + 8] mov ecx, 1 @@ -60205,28 +60866,28 @@ push 0 push 0 push dword [ebp + 0x34] push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 cmp byte [ebp - 0x29], 0 -jne short loc_fffccc73 ; jne 0xfffccc73 +jne short loc_fffcd5db ; jne 0xfffcd5db -loc_fffccc68: ; not directly referenced +loc_fffcd5d0: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffccc43 ; jne 0xfffccc43 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jne short loc_fffcd5ab ; jne 0xfffcd5ab +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffccc73: ; not directly referenced +loc_fffcd5db: ; not directly referenced imul eax, edi, 0x13c3 add eax, dword [ebp - 0x20] mov byte [ebp - 0x1c], 0 mov dword [ebp - 0x24], eax -loc_fffccc83: ; not directly referenced +loc_fffcd5eb: ; not directly referenced mov eax, dword [ebp + 8] mov cl, byte [ebp - 0x1c] -cmp cl, byte [eax + 0x2488] -jae short loc_fffccc68 ; jae 0xfffccc68 +cmp cl, byte [eax + 0x2489] +jae short loc_fffcd5d0 ; jae 0xfffcd5d0 movzx esi, cl imul esi, esi, 0x18 add esi, dword [ebp - 0x24] @@ -60234,7 +60895,7 @@ add esi, eax xor eax, eax mov dword [ebp - 0x28], esi -loc_fffccca1: ; not directly referenced +loc_fffcd609: ; not directly referenced mov esi, dword [ebp + 0x10] lea ecx, [eax*4] lea edx, [eax + eax*2] @@ -60243,13 +60904,13 @@ sar esi, cl mov ecx, esi mov esi, dword [ebp - 0x28] and ecx, 0xf -mov byte [esi + edx + 0x3d38], cl +mov byte [esi + edx + 0x3d39], cl cmp eax, 8 -jne short loc_fffccca1 ; jne 0xfffccca1 +jne short loc_fffcd609 ; jne 0xfffcd609 inc byte [ebp - 0x1c] -jmp short loc_fffccc83 ; jmp 0xfffccc83 +jmp short loc_fffcd5eb ; jmp 0xfffcd5eb -loc_fffcccca: ; not directly referenced +loc_fffcd632: ; not directly referenced mov edi, dword [ebp - 0x1c] mov esi, dword [ebp - 0x20] mov ecx, dword [ebp + 0x10] @@ -60261,7 +60922,7 @@ shl eax, 6 add edx, eax mov eax, dword [ebp + 8] shl edx, 2 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc mov eax, dword [ebp + 8] push 1 @@ -60271,10 +60932,10 @@ mov edx, esi push edi push dword [ebp + 0x34] push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 cmp byte [ebp - 0x34], 0 -je loc_fffcd148 ; je 0xfffcd148 +je loc_fffcdab0 ; je 0xfffcdab0 imul eax, dword [ebp - 0x1c], 0x18 xor ecx, ecx imul ebx, ebx, 0xd8 @@ -60282,7 +60943,7 @@ add ebx, eax xor eax, eax add ebx, dword [ebp - 0x28] -loc_fffccd26: ; not directly referenced +loc_fffcd68e: ; not directly referenced mov edx, dword [ebp + 0x10] sar edx, cl add ecx, 4 @@ -60290,22 +60951,22 @@ and edx, 0xf mov byte [ebx + eax + 0x5e2], dl add eax, 3 cmp ecx, 0x20 -jne short loc_fffccd26 ; jne 0xfffccd26 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jne short loc_fffcd68e ; jne 0xfffcd68e +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffccd45: ; not directly referenced +loc_fffcd6ad: ; not directly referenced cmp byte [ebp - 0x30], 0 movzx ebx, byte [ebp - 0x24] -je loc_fffccdf7 ; je 0xfffccdf7 +je loc_fffcd75f ; je 0xfffcd75f mov eax, dword [ebp + 8] lea edx, [ebx*4 + 0x3610] xor edi, edi mov ecx, dword [ebp + 0x10] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 imul eax, ebx, 0xd8 mov dword [ebp - 0x24], eax -loc_fffccd70: ; not directly referenced +loc_fffcd6d8: ; not directly referenced sub esp, 0xc mov eax, dword [ebp + 8] mov ecx, 1 @@ -60315,28 +60976,28 @@ push 1 push 0 push dword [ebp + 0x34] push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 cmp byte [ebp - 0x29], 0 -jne short loc_fffccda0 ; jne 0xfffccda0 +jne short loc_fffcd708 ; jne 0xfffcd708 -loc_fffccd95: ; not directly referenced +loc_fffcd6fd: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffccd70 ; jne 0xfffccd70 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jne short loc_fffcd6d8 ; jne 0xfffcd6d8 +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffccda0: ; not directly referenced +loc_fffcd708: ; not directly referenced imul eax, edi, 0x13c3 add eax, dword [ebp - 0x24] mov byte [ebp - 0x1c], 0 mov dword [ebp - 0x20], eax -loc_fffccdb0: ; not directly referenced +loc_fffcd718: ; not directly referenced mov eax, dword [ebp + 8] mov cl, byte [ebp - 0x1c] -cmp cl, byte [eax + 0x2488] -jae short loc_fffccd95 ; jae 0xfffccd95 +cmp cl, byte [eax + 0x2489] +jae short loc_fffcd6fd ; jae 0xfffcd6fd movzx esi, cl imul esi, esi, 0x18 add esi, dword [ebp - 0x20] @@ -60344,7 +61005,7 @@ add esi, eax xor eax, eax mov dword [ebp - 0x28], esi -loc_fffccdce: ; not directly referenced +loc_fffcd736: ; not directly referenced mov esi, dword [ebp + 0x10] lea ecx, [eax*4] lea edx, [eax + eax*2] @@ -60353,13 +61014,13 @@ sar esi, cl mov ecx, esi mov esi, dword [ebp - 0x28] and ecx, 0xf -mov byte [esi + edx + 0x39d8], cl +mov byte [esi + edx + 0x39d9], cl cmp eax, 8 -jne short loc_fffccdce ; jne 0xfffccdce +jne short loc_fffcd736 ; jne 0xfffcd736 inc byte [ebp - 0x1c] -jmp short loc_fffccdb0 ; jmp 0xfffccdb0 +jmp short loc_fffcd718 ; jmp 0xfffcd718 -loc_fffccdf7: ; not directly referenced +loc_fffcd75f: ; not directly referenced mov edi, dword [ebp - 0x1c] mov esi, dword [ebp - 0x20] mov ecx, dword [ebp + 0x10] @@ -60371,7 +61032,7 @@ shl eax, 6 add edx, eax mov eax, dword [ebp + 8] shl edx, 2 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc mov eax, dword [ebp + 8] push 0 @@ -60381,10 +61042,10 @@ mov edx, esi push edi push dword [ebp + 0x34] push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 cmp byte [ebp - 0x34], 0 -je loc_fffcd148 ; je 0xfffcd148 +je loc_fffcdab0 ; je 0xfffcdab0 imul eax, dword [ebp - 0x1c], 0x18 xor ecx, ecx imul ebx, ebx, 0xd8 @@ -60392,7 +61053,7 @@ add ebx, eax xor eax, eax add ebx, dword [ebp - 0x28] -loc_fffcce53: ; not directly referenced +loc_fffcd7bb: ; not directly referenced mov edx, dword [ebp + 0x10] sar edx, cl add ecx, 4 @@ -60400,21 +61061,21 @@ and edx, 0xf mov byte [ebx + eax + 0x282], dl add eax, 3 cmp ecx, 0x20 -jne short loc_fffcce53 ; jne 0xfffcce53 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jne short loc_fffcd7bb ; jne 0xfffcd7bb +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffcce72: ; not directly referenced +loc_fffcd7da: ; not directly referenced cmp byte [ebp - 0x30], 0 movzx edi, byte [ebp - 0x24] -je loc_fffccf1d ; je 0xfffccf1d +je loc_fffcd885 ; je 0xfffcd885 mov eax, dword [ebp + 8] xor ebx, ebx mov edx, dword [ebp + 0x10] -call fcn_fffaa226 ; call 0xfffaa226 +call fcn_fffac864 ; call 0xfffac864 imul eax, edi, 0xd8 mov dword [ebp - 0x20], eax -loc_fffcce96: ; not directly referenced +loc_fffcd7fe: ; not directly referenced sub esp, 0xc mov eax, dword [ebp + 8] mov ecx, 1 @@ -60424,28 +61085,28 @@ push 1 push 0 push dword [ebp + 0x34] push edi -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 cmp byte [ebp - 0x29], 0 -jne short loc_fffccec6 ; jne 0xfffccec6 +jne short loc_fffcd82e ; jne 0xfffcd82e -loc_fffccebb: ; not directly referenced +loc_fffcd823: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffcce96 ; jne 0xfffcce96 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jne short loc_fffcd7fe ; jne 0xfffcd7fe +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffccec6: ; not directly referenced +loc_fffcd82e: ; not directly referenced imul eax, ebx, 0x13c3 add eax, dword [ebp - 0x20] mov byte [ebp - 0x1c], 0 mov dword [ebp - 0x24], eax -loc_fffcced6: ; not directly referenced +loc_fffcd83e: ; not directly referenced mov eax, dword [ebp + 8] mov cl, byte [ebp - 0x1c] -cmp cl, byte [eax + 0x2488] -jae short loc_fffccebb ; jae 0xfffccebb +cmp cl, byte [eax + 0x2489] +jae short loc_fffcd823 ; jae 0xfffcd823 movzx esi, cl imul esi, esi, 0x18 add esi, dword [ebp - 0x24] @@ -60453,7 +61114,7 @@ add esi, eax xor eax, eax mov dword [ebp - 0x28], esi -loc_fffccef4: ; not directly referenced +loc_fffcd85c: ; not directly referenced mov esi, dword [ebp + 0x10] lea ecx, [eax*4] lea edx, [eax + eax*2] @@ -60462,42 +61123,42 @@ sar esi, cl mov ecx, esi mov esi, dword [ebp - 0x28] and ecx, 0xf -mov byte [esi + edx + 0x4098], cl +mov byte [esi + edx + 0x4099], cl cmp eax, 8 -jne short loc_fffccef4 ; jne 0xfffccef4 +jne short loc_fffcd85c ; jne 0xfffcd85c inc byte [ebp - 0x1c] -jmp short loc_fffcced6 ; jmp 0xfffcced6 +jmp short loc_fffcd83e ; jmp 0xfffcd83e -loc_fffccf1d: ; not directly referenced +loc_fffcd885: ; not directly referenced mov eax, dword [ebp + 8] mov eax, dword [eax + 0x188b] test eax, eax -jne short loc_fffccf3c ; jne 0xfffccf3c +jne short loc_fffcd8a4 ; jne 0xfffcd8a4 mov edx, dword [ebp - 0x20] mov eax, dword [ebp - 0x1c] shl edx, 8 shl eax, 9 lea edx, [edx + eax + 0x4c] -jmp short loc_fffccf55 ; jmp 0xfffccf55 +jmp short loc_fffcd8bd ; jmp 0xfffcd8bd -loc_fffccf3c: ; not directly referenced +loc_fffcd8a4: ; not directly referenced dec eax -jne short loc_fffccf53 ; jne 0xfffccf53 +jne short loc_fffcd8bb ; jne 0xfffcd8bb mov eax, dword [ebp - 0x20] shl eax, 8 lea edx, [eax + edi*4 + 0x50] mov eax, dword [ebp - 0x1c] shl eax, 9 add edx, eax -jmp short loc_fffccf55 ; jmp 0xfffccf55 +jmp short loc_fffcd8bd ; jmp 0xfffcd8bd -loc_fffccf53: ; not directly referenced +loc_fffcd8bb: ; not directly referenced xor edx, edx -loc_fffccf55: ; not directly referenced +loc_fffcd8bd: ; not directly referenced mov ecx, dword [ebp + 0x10] mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc mov edx, dword [ebp - 0x20] push 0 @@ -60507,10 +61168,10 @@ push 1 push dword [ebp - 0x1c] push dword [ebp + 0x34] push edi -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 cmp byte [ebp - 0x34], 0 -je loc_fffcd148 ; je 0xfffcd148 +je loc_fffcdab0 ; je 0xfffcdab0 imul eax, dword [ebp - 0x1c], 0x18 xor ecx, ecx imul edx, edi, 0xd8 @@ -60518,7 +61179,7 @@ add edx, eax xor eax, eax add edx, dword [ebp - 0x28] -loc_fffccf9b: ; not directly referenced +loc_fffcd903: ; not directly referenced mov ebx, dword [ebp + 0x10] sar ebx, cl add ecx, 4 @@ -60526,68 +61187,68 @@ and ebx, 0xf mov byte [edx + eax + 0x942], bl add eax, 3 cmp ecx, 0x20 -jne short loc_fffccf9b ; jne 0xfffccf9b -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jne short loc_fffcd903 ; jne 0xfffcd903 +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffccfba: ; not directly referenced +loc_fffcd922: ; not directly referenced mov eax, 2 -jmp near loc_fffcd14a ; jmp 0xfffcd14a +jmp near loc_fffcdab2 ; jmp 0xfffcdab2 -loc_fffccfc4: ; not directly referenced +loc_fffcd92c: ; not directly referenced test cl, cl sete dl cmp cl, 0xb sete al or dl, al -jne short loc_fffcd01d ; jne 0xfffcd01d +jne short loc_fffcd985 ; jne 0xfffcd985 cmp cl, 4 sete dl cmp cl, 1 sete al or dl, al -jne short loc_fffcd01d ; jne 0xfffcd01d +jne short loc_fffcd985 ; jne 0xfffcd985 cmp cl, 0x20 sete dl cmp cl, 0x10 sete al or dl, al -jne short loc_fffcd01d ; jne 0xfffcd01d +jne short loc_fffcd985 ; jne 0xfffcd985 mov dl, byte [ebp - 0x2a] lea eax, [ecx - 2] cmp al, 1 setbe al or dl, al -jne short loc_fffcd014 ; jne 0xfffcd014 +jne short loc_fffcd97c ; jne 0xfffcd97c cmp cl, 0x21 sete al cmp cl, 0x11 mov esi, eax sete al or esi, eax -jmp short loc_fffcd019 ; jmp 0xfffcd019 +jmp short loc_fffcd981 ; jmp 0xfffcd981 -loc_fffcd014: ; not directly referenced +loc_fffcd97c: ; not directly referenced mov esi, 1 -loc_fffcd019: ; not directly referenced +loc_fffcd981: ; not directly referenced xor edi, edi -jmp short loc_fffcd024 ; jmp 0xfffcd024 +jmp short loc_fffcd98c ; jmp 0xfffcd98c -loc_fffcd01d: ; not directly referenced +loc_fffcd985: ; not directly referenced xor esi, esi mov edi, 1 -loc_fffcd024: ; not directly referenced +loc_fffcd98c: ; not directly referenced cmp byte [ebp - 0x30], 0 mov edx, 0x3670 -je loc_fffcd0d4 ; je 0xfffcd0d4 +je loc_fffcda3c ; je 0xfffcda3c mov eax, dword [ebp + 8] mov ecx, ebx cmp dword [eax + 0x188b], 1 mov eax, 0x367c cmove edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp - 0x38] mov dword [ebp - 0x1c], 0 add eax, 0x1c @@ -60597,20 +61258,20 @@ movzx esi, al mov eax, edi movzx edi, al -loc_fffcd069: ; not directly referenced +loc_fffcd9d1: ; not directly referenced imul eax, dword [ebp - 0x1c], 0x13c3 mov ecx, dword [ebp + 8] -cmp dword [ecx + eax + 0x3756], 2 -je short loc_fffcd092 ; je 0xfffcd092 +cmp dword [ecx + eax + 0x3757], 2 +je short loc_fffcd9fa ; je 0xfffcd9fa -loc_fffcd07d: ; not directly referenced +loc_fffcd9e5: ; not directly referenced inc dword [ebp - 0x1c] add dword [ebp - 0x20], 0xcc cmp dword [ebp - 0x1c], 2 -jne short loc_fffcd069 ; jne 0xfffcd069 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +jne short loc_fffcd9d1 ; jne 0xfffcd9d1 +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffcd092: ; not directly referenced +loc_fffcd9fa: ; not directly referenced sub esp, 0xc movzx eax, byte [ebp - 0x24] mov ecx, 1 @@ -60621,47 +61282,47 @@ push 0 push dword [ebp + 0x34] push eax mov eax, dword [ebp + 8] -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 xor eax, eax -loc_fffcd0b6: ; not directly referenced +loc_fffcda1e: ; not directly referenced mov ecx, dword [ebp + 8] -cmp al, byte [ecx + 0x2488] -jae short loc_fffcd07d ; jae 0xfffcd07d +cmp al, byte [ecx + 0x2489] +jae short loc_fffcd9e5 ; jae 0xfffcd9e5 cmp byte [ebp - 0x29], 0 -je short loc_fffcd0d1 ; je 0xfffcd0d1 +je short loc_fffcda39 ; je 0xfffcda39 mov ecx, dword [ebp - 0x20] movzx edx, al mov dword [ecx + edx*4 + 0x54], ebx -loc_fffcd0d1: ; not directly referenced +loc_fffcda39: ; not directly referenced inc eax -jmp short loc_fffcd0b6 ; jmp 0xfffcd0b6 +jmp short loc_fffcda1e ; jmp 0xfffcda1e -loc_fffcd0d4: ; not directly referenced +loc_fffcda3c: ; not directly referenced cmp byte [ebp - 0x40], 1 -ja short loc_fffcd0f8 ; ja 0xfffcd0f8 +ja short loc_fffcda60 ; ja 0xfffcda60 mov edx, dword [ebp - 0x20] shl edx, 8 cmp byte [ebp - 0x44], 8 -jbe short loc_fffcd0ee ; jbe 0xfffcd0ee +jbe short loc_fffcda56 ; jbe 0xfffcda56 add edx, 0x3070 -jmp short loc_fffcd0f8 ; jmp 0xfffcd0f8 +jmp short loc_fffcda60 ; jmp 0xfffcda60 -loc_fffcd0ee: ; not directly referenced +loc_fffcda56: ; not directly referenced mov eax, dword [ebp - 0x1c] shl eax, 9 lea edx, [edx + eax + 0x70] -loc_fffcd0f8: ; not directly referenced +loc_fffcda60: ; not directly referenced mov ecx, dword [ebp + 8] lea eax, [edx + 0xc] cmp dword [ecx + 0x188b], 1 mov ecx, ebx cmove edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, esi sub esp, 0xc movzx esi, al @@ -60676,17 +61337,17 @@ push dword [ebp - 0x1c] push dword [ebp + 0x34] push eax mov eax, dword [ebp + 8] -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 cmp byte [ebp - 0x34], 0 -je short loc_fffcd148 ; je 0xfffcd148 +je short loc_fffcdab0 ; je 0xfffcdab0 mov eax, dword [ebp - 0x3c] mov dword [eax + 0x54], ebx -loc_fffcd148: ; not directly referenced +loc_fffcdab0: ; not directly referenced xor eax, eax -loc_fffcd14a: ; not directly referenced +loc_fffcdab2: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -60694,7 +61355,7 @@ pop edi pop ebp ret -fcn_fffcd152: +fcn_fffcdaba: push ebp mov ebp, esp push ebx @@ -60702,43 +61363,43 @@ sub esp, 0x14 mov eax, dword [ebp + 0xc] lea ebx, [eax - 4] cmp byte [ebx + 0x18], 1 -je short loc_fffcd1a5 ; je 0xfffcd1a5 +je short loc_fffcdb0d ; je 0xfffcdb0d mov eax, dword [ebx + 0x14] test eax, eax -jne short loc_fffcd17f ; jne 0xfffcd17f +jne short loc_fffcdae7 ; jne 0xfffcdae7 -loc_fffcd16c: +loc_fffcdad4: mov eax, dword [ebx + 0x10] mov ecx, ebx mov edx, dword [ebp + 8] mov byte [ebx + 0x18], 1 -call fcn_fffa1e8f ; call 0xfffa1e8f -jmp short loc_fffcd1a7 ; jmp 0xfffcd1a7 +call fcn_fffa1e98 ; call 0xfffa1e98 +jmp short loc_fffcdb0f ; jmp 0xfffcdb0f -loc_fffcd17f: +loc_fffcdae7: test byte [eax + 1], 1 -je short loc_fffcd16c ; je 0xfffcd16c +je short loc_fffcdad4 ; je 0xfffcdad4 lea eax, [ebp - 0xc] push eax push 0 push 0 -push ref_fffd65ec ; push 0xfffd65ec -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68e8 ; push 0xfffd68e8 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 test eax, eax -je short loc_fffcd16c ; je 0xfffcd16c +je short loc_fffcdad4 ; je 0xfffcdad4 mov eax, 0x80000006 -jmp short loc_fffcd1a7 ; jmp 0xfffcd1a7 +jmp short loc_fffcdb0f ; jmp 0xfffcdb0f -loc_fffcd1a5: +loc_fffcdb0d: xor eax, eax -loc_fffcd1a7: +loc_fffcdb0f: mov ebx, dword [ebp - 4] leave ret -fcn_fffcd1ac: ; not directly referenced +fcn_fffcdb14: ; not directly referenced push ebp mov ebp, esp push edi @@ -60748,14 +61409,14 @@ push ebx sub esp, 0x190 mov ebx, dword [ebp + 8] mov dword [ebp - 0x14c], edx -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] lea eax, [ebp - 0x13f] push 1 mov edi, dword [ebp + 0xc] push 7 push eax mov dword [ebp - 0x180], edx -mov edx, dword [esi + 0x2443] +mov edx, dword [esi + 0x2444] mov dword [ebp - 0x16c], ecx mov byte [ebp - 0x151], cl mov dword [ebp - 0x184], edx @@ -60770,44 +61431,44 @@ cmp al, 1 seta al test cl, al mov byte [ebp - 0x152], cl -jne loc_fffcd946 ; jne 0xfffcd946 +jne loc_fffce2ae ; jne 0xfffce2ae cmp byte [ebp - 0x16c], 0xb movzx edx, dl -jne short loc_fffcd25f ; jne 0xfffcd25f +jne short loc_fffcdbc7 ; jne 0xfffcdbc7 sub esp, 0xc mov eax, esi lea ecx, [edi - 3] push 0 movzx ecx, cl -call fcn_fffb26ca ; call 0xfffb26ca +call fcn_fffae9e2 ; call 0xfffae9e2 add esp, 0x10 dec bl -mov byte [esi + 0x248b], 0xa -je short loc_fffcd258 ; je 0xfffcd258 +mov byte [esi + 0x248c], 0xa +je short loc_fffcdbc0 ; je 0xfffcdbc0 -loc_fffcd24c: ; not directly referenced +loc_fffcdbb4: ; not directly referenced mov dword [ebp - 0x158], 0 -jmp short loc_fffcd2ac ; jmp 0xfffcd2ac +jmp short loc_fffcdc14 ; jmp 0xfffcdc14 -loc_fffcd258: ; not directly referenced +loc_fffcdbc0: ; not directly referenced mov eax, 8 -jmp short loc_fffcd285 ; jmp 0xfffcd285 +jmp short loc_fffcdbed ; jmp 0xfffcdbed -loc_fffcd25f: ; not directly referenced +loc_fffcdbc7: ; not directly referenced sub esp, 0xc mov eax, edi movzx ecx, al mov eax, esi push 0 -call fcn_fffb26ca ; call 0xfffb26ca +call fcn_fffae9e2 ; call 0xfffae9e2 add esp, 0x10 dec bl -jne short loc_fffcd24c ; jne 0xfffcd24c +jne short loc_fffcdbb4 ; jne 0xfffcdbb4 cmp byte [ebp - 0x16c], 1 -jne short loc_fffcd258 ; jne 0xfffcd258 +jne short loc_fffcdbc0 ; jne 0xfffcdbc0 mov eax, 9 -loc_fffcd285: ; not directly referenced +loc_fffcdbed: ; not directly referenced push 1 push 0 push 1 @@ -60820,19 +61481,19 @@ push 0 push 0x88888888 push eax push esi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 mov dword [ebp - 0x158], eax -loc_fffcd2ac: ; not directly referenced -lea eax, [esi + 0x3756] +loc_fffcdc14: ; not directly referenced +lea eax, [esi + 0x3757] mov dword [ebp - 0x178], eax movzx eax, byte [ebp - 0x151] mov dword [ebp - 0x150], 0 mov dword [ebp - 0x164], 0 mov dword [ebp - 0x17c], eax -loc_fffcd2d9: ; not directly referenced +loc_fffcdc41: ; not directly referenced mov edi, dword [ebp - 0x180] xor ebx, ebx mov eax, dword [ebp - 0x150] @@ -60846,27 +61507,27 @@ lea eax, [eax + eax*8] shl dword [ebp - 0x170], cl mov dword [ebp - 0x174], eax -loc_fffcd318: ; not directly referenced +loc_fffcdc80: ; not directly referenced mov ecx, dword [ebp - 0x170] mov edx, ebx mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 or byte [ebp - 0x15c], al movzx eax, byte [ebp - 0x15c] bt eax, ebx mov dword [ebp - 0x168], eax -jae loc_fffcd434 ; jae 0xfffcd434 +jae loc_fffcdd9c ; jae 0xfffcdd9c mov eax, dword [ebp - 0x174] mov byte [ebp - 0x14c], 0 add eax, edi mov dword [ebp - 0x188], eax -loc_fffcd358: ; not directly referenced -movzx eax, byte [esi + 0x2488] +loc_fffcdcc0: ; not directly referenced +movzx eax, byte [esi + 0x2489] cmp byte [ebp - 0x14c], al -jb short loc_fffcd396 ; jb 0xfffcd396 +jb short loc_fffcdcfe ; jb 0xfffcdcfe -loc_fffcd367: ; not directly referenced +loc_fffcdccf: ; not directly referenced push edx push 0 push eax @@ -60878,15 +61539,15 @@ xor ecx, ecx shl edx, 0xa mov eax, esi add edx, 0x40f0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -jmp near loc_fffcd434 ; jmp 0xfffcd434 +jmp near loc_fffcdd9c ; jmp 0xfffcdd9c -loc_fffcd396: ; not directly referenced +loc_fffcdcfe: ; not directly referenced cmp byte [ebp - 0x152], 0 -je short loc_fffcd367 ; je 0xfffcd367 +je short loc_fffcdccf ; je 0xfffcdccf cmp byte [ebp - 0x151], 1 -jne short loc_fffcd3e0 ; jne 0xfffcd3e0 +jne short loc_fffcdd48 ; jne 0xfffcdd48 movzx eax, byte [ebp - 0x14c] mov ecx, dword [ebp - 0x188] lea edx, [ecx + eax] @@ -60899,12 +61560,12 @@ push 0 push 0xff push eax mov eax, esi -call fcn_fffa7499 ; call 0xfffa7499 -jmp short loc_fffcd426 ; jmp 0xfffcd426 +call fcn_fffa7447 ; call 0xfffa7447 +jmp short loc_fffcdd8e ; jmp 0xfffcdd8e -loc_fffcd3e0: ; not directly referenced +loc_fffcdd48: ; not directly referenced cmp byte [ebp - 0x151], 2 -jne short loc_fffcd429 ; jne 0xfffcd429 +jne short loc_fffcdd91 ; jne 0xfffcdd91 movzx eax, byte [ebp - 0x14c] mov ecx, dword [ebp - 0x174] lea edx, [eax + ecx] @@ -60920,47 +61581,47 @@ push 0 push 0xff push eax mov eax, esi -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e -loc_fffcd426: ; not directly referenced +loc_fffcdd8e: ; not directly referenced add esp, 0x10 -loc_fffcd429: ; not directly referenced +loc_fffcdd91: ; not directly referenced inc byte [ebp - 0x14c] -jmp near loc_fffcd358 ; jmp 0xfffcd358 +jmp near loc_fffcdcc0 ; jmp 0xfffcdcc0 -loc_fffcd434: ; not directly referenced +loc_fffcdd9c: ; not directly referenced inc ebx add edi, 0x13c3 add dword [ebp - 0x160], 0xcc cmp ebx, 2 -jne loc_fffcd318 ; jne 0xfffcd318 +jne loc_fffcdc80 ; jne 0xfffcdc80 cmp byte [ebp - 0x15c], 0 -je loc_fffcd91b ; je 0xfffcd91b +je loc_fffce283 ; je 0xfffce283 mov edi, 0xffffffe1 -loc_fffcd460: ; not directly referenced +loc_fffcddc8: ; not directly referenced cmp byte [ebp - 0x151], 0xb -jne short loc_fffcd4ba ; jne 0xfffcd4ba +jne short loc_fffcde22 ; jne 0xfffcde22 xor ebx, ebx -loc_fffcd46b: ; not directly referenced +loc_fffcddd3: ; not directly referenced mov eax, dword [ebp - 0x168] bt eax, ebx -jb short loc_fffcd47e ; jb 0xfffcd47e +jb short loc_fffcdde6 ; jb 0xfffcdde6 -loc_fffcd476: ; not directly referenced +loc_fffcddde: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffcd46b ; jne 0xfffcd46b -jmp short loc_fffcd4dc ; jmp 0xfffcd4dc +jne short loc_fffcddd3 ; jne 0xfffcddd3 +jmp short loc_fffcde44 ; jmp 0xfffcde44 -loc_fffcd47e: ; not directly referenced +loc_fffcdde6: ; not directly referenced xor edx, edx -loc_fffcd480: ; not directly referenced -cmp dl, byte [esi + 0x2488] -jae short loc_fffcd476 ; jae 0xfffcd476 +loc_fffcdde8: ; not directly referenced +cmp dl, byte [esi + 0x2489] +jae short loc_fffcddde ; jae 0xfffcddde push 1 movzx eax, dl push 0 @@ -60975,13 +61636,13 @@ push 0 push edi push 0xb push esi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov edx, dword [ebp - 0x14c] add esp, 0x30 inc edx -jmp short loc_fffcd480 ; jmp 0xfffcd480 +jmp short loc_fffcdde8 ; jmp 0xfffcdde8 -loc_fffcd4ba: ; not directly referenced +loc_fffcde22: ; not directly referenced push 1 push 0 push 0 @@ -60994,11 +61655,11 @@ push 0 push edi push dword [ebp - 0x17c] push esi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -loc_fffcd4dc: ; not directly referenced -movzx ecx, byte [esi + 0x248b] +loc_fffcde44: ; not directly referenced +movzx ecx, byte [esi + 0x248c] lea eax, [ebp - 0x13f] push ebx mov edx, dword [ebp - 0x168] @@ -61006,7 +61667,7 @@ push 0 push 1 push eax mov eax, esi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 lea eax, [ebp - 0x60] add esp, 0x10 mov dword [ebp - 0x14c], eax @@ -61019,73 +61680,73 @@ lea ebx, [ebp - 0xf0] mov dword [ebp - 0x160], 0 mov dword [ebp - 0x190], eax -loc_fffcd539: ; not directly referenced +loc_fffcdea1: ; not directly referenced mov eax, dword [ebp - 0x168] mov ecx, dword [ebp - 0x160] bt eax, ecx -jb short loc_fffcd576 ; jb 0xfffcd576 +jb short loc_fffcdede ; jb 0xfffcdede -loc_fffcd54a: ; not directly referenced +loc_fffcdeb2: ; not directly referenced inc dword [ebp - 0x160] add ebx, 0x24 add dword [ebp - 0x14c], 0x24 add dword [ebp - 0x158], 0x24 add dword [ebp - 0x15c], 0x24 cmp dword [ebp - 0x160], 2 -jne short loc_fffcd539 ; jne 0xfffcd539 -jmp near loc_fffcd689 ; jmp 0xfffcd689 +jne short loc_fffcdea1 ; jne 0xfffcdea1 +jmp near loc_fffcdff1 ; jmp 0xfffcdff1 -loc_fffcd576: ; not directly referenced +loc_fffcdede: ; not directly referenced mov edx, dword [ebp - 0x160] mov eax, esi shl edx, 0xa add edx, 0x40ec -call fcn_fffae52a ; call 0xfffae52a -mov cl, byte [esi + 0x2488] +call fcn_fffb331f ; call 0xfffb331f +mov cl, byte [esi + 0x2489] mov byte [ebp - 0x170], cl xor ecx, ecx movzx eax, ax mov dword [ebp - 0x18c], eax -loc_fffcd5a3: ; not directly referenced +loc_fffcdf0b: ; not directly referenced cmp byte [ebp - 0x170], cl -jbe short loc_fffcd54a ; jbe 0xfffcd54a +jbe short loc_fffcdeb2 ; jbe 0xfffcdeb2 mov eax, dword [ebp - 0x18c] sar eax, cl and eax, 1 xor eax, 1 cmp edi, 0xffffffe1 -jne short loc_fffcd61f ; jne 0xfffcd61f +jne short loc_fffcdf87 ; jne 0xfffcdf87 test eax, eax mov eax, dword [ebp - 0x14c] -je short loc_fffcd5f5 ; je 0xfffcd5f5 +je short loc_fffcdf5d ; je 0xfffcdf5d mov dword [eax + ecx*4], 0xffffffe1 mov eax, dword [ebp - 0x158] mov dword [ebx + ecx*4], 0xffffffe1 mov dword [eax + ecx*4], 0xffffffe1 mov eax, dword [ebp - 0x15c] mov dword [eax + ecx*4], 0xffffffe1 -jmp near loc_fffcd683 ; jmp 0xfffcd683 +jmp near loc_fffcdfeb ; jmp 0xfffcdfeb -loc_fffcd5f5: ; not directly referenced +loc_fffcdf5d: ; not directly referenced mov dword [eax + ecx*4], 0xffffffdf mov eax, dword [ebp - 0x158] mov dword [ebx + ecx*4], 0xffffffdf mov dword [eax + ecx*4], 0xffffffdf mov eax, dword [ebp - 0x15c] mov dword [eax + ecx*4], 0xffffffdf -jmp short loc_fffcd683 ; jmp 0xfffcd683 +jmp short loc_fffcdfeb ; jmp 0xfffcdfeb -loc_fffcd61f: ; not directly referenced +loc_fffcdf87: ; not directly referenced test eax, eax -je short loc_fffcd683 ; je 0xfffcd683 +je short loc_fffcdfeb ; je 0xfffcdfeb mov eax, dword [ebp - 0x190] cmp dword [ebx + ecx*4], eax -je short loc_fffcd637 ; je 0xfffcd637 +je short loc_fffcdf9f ; je 0xfffcdf9f mov eax, dword [ebp - 0x15c] mov dword [eax + ecx*4], edi -loc_fffcd637: ; not directly referenced +loc_fffcdf9f: ; not directly referenced mov eax, dword [ebp - 0x15c] mov dword [ebx + ecx*4], edi mov eax, dword [eax + ecx*4] @@ -61099,21 +61760,21 @@ mov eax, dword [ebp - 0x14c] mov eax, dword [eax + ecx*4] sub eax, dword [edx + ecx*4] cmp dword [ebp - 0x188], eax -jle short loc_fffcd683 ; jle 0xfffcd683 +jle short loc_fffcdfeb ; jle 0xfffcdfeb mov eax, edx mov edx, dword [ebp - 0x174] mov dword [eax + ecx*4], edx mov eax, dword [ebp - 0x14c] mov dword [eax + ecx*4], edi -loc_fffcd683: ; not directly referenced +loc_fffcdfeb: ; not directly referenced inc ecx -jmp near loc_fffcd5a3 ; jmp 0xfffcd5a3 +jmp near loc_fffcdf0b ; jmp 0xfffcdf0b -loc_fffcd689: ; not directly referenced +loc_fffcdff1: ; not directly referenced inc edi cmp edi, 0x20 -jne loc_fffcd460 ; jne 0xfffcd460 +jne loc_fffcddc8 ; jne 0xfffcddc8 push 2 push 0 push 0 @@ -61126,7 +61787,7 @@ push 0 push 0 push dword [ebp - 0x17c] push esi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 mov dword [ebp - 0x14c], 0 mov dword [ebp - 0x158], eax @@ -61138,20 +61799,20 @@ imul eax, eax, 0x12 mov dword [ebp - 0x170], ebx mov dword [ebp - 0x174], eax -loc_fffcd6ea: ; not directly referenced +loc_fffce052: ; not directly referenced mov eax, dword [ebp - 0x168] mov ebx, dword [ebp - 0x14c] bt eax, ebx -jae loc_fffcd8fe ; jae 0xfffcd8fe +jae loc_fffce266 ; jae 0xfffce266 mov eax, dword [ebp - 0x170] add eax, dword [ebp - 0x15c] mov byte [ebp - 0x160], 0 mov dword [ebp - 0x188], eax -loc_fffcd718: ; not directly referenced +loc_fffce080: ; not directly referenced mov al, byte [ebp - 0x160] -cmp al, byte [esi + 0x2488] -jae loc_fffcd8b8 ; jae 0xfffcd8b8 +cmp al, byte [esi + 0x2489] +jae loc_fffce220 ; jae 0xfffce220 movzx eax, byte [ebp - 0x160] imul edx, dword [ebp - 0x14c], 9 add edx, eax @@ -61160,19 +61821,19 @@ mov edx, dword [ebp + edx*4 - 0xa8] mov ecx, ebx sub ecx, edx cmp ecx, 7 -jg short loc_fffcd769 ; jg 0xfffcd769 +jg short loc_fffce0d1 ; jg 0xfffce0d1 cmp byte [esi + 0x1965], 0 mov ecx, 9 cmove ecx, dword [ebp - 0x158] mov dword [ebp - 0x158], ecx -jmp short loc_fffcd773 ; jmp 0xfffcd773 +jmp short loc_fffce0db ; jmp 0xfffce0db -loc_fffcd769: ; not directly referenced +loc_fffce0d1: ; not directly referenced sar ecx, 1 add ecx, edx mov dword [ebp - 0x164], ecx -loc_fffcd773: ; not directly referenced +loc_fffce0db: ; not directly referenced imul edi, edx, 0xfffffff6 imul ecx, edx, 0xa test edx, edx @@ -61182,29 +61843,29 @@ imul edi, ebx, 0xfffffff6 test ebx, ebx cmovs edx, edi cmp byte [ebp - 0x151], 1 -jne short loc_fffcd7d1 ; jne 0xfffcd7d1 +jne short loc_fffce139 ; jne 0xfffce139 imul ebx, dword [ebp - 0x14c], 9 add ebx, dword [ebp - 0x174] mov edi, dword [ebp - 0x188] lea ebx, [eax + ebx + 0x50] -mov dword [esi + ebx*8 + 0x2450], ecx +mov dword [esi + ebx*8 + 0x2451], ecx mov ecx, dword [ebp - 0x164] -mov dword [esi + ebx*8 + 0x2454], edx +mov dword [esi + ebx*8 + 0x2455], edx lea edx, [edi + eax] add byte [edx + 0x104a], cl add byte [edx + 0x106e], cl -jmp near loc_fffcd88e ; jmp 0xfffcd88e +jmp near loc_fffce1f6 ; jmp 0xfffce1f6 -loc_fffcd7d1: ; not directly referenced +loc_fffce139: ; not directly referenced cmp byte [ebp - 0x151], 2 -jne short loc_fffcd83d ; jne 0xfffcd83d +jne short loc_fffce1a5 ; jne 0xfffce1a5 imul ebx, dword [ebp - 0x14c], 9 add ebx, dword [ebp - 0x174] mov edi, dword [ebp - 0x164] lea ebx, [eax + ebx + 0xe0] -mov dword [esi + ebx*8 + 0x2454], edx +mov dword [esi + ebx*8 + 0x2455], edx movzx edx, byte [ebp - 0x160] -mov dword [esi + ebx*8 + 0x2450], ecx +mov dword [esi + ebx*8 + 0x2451], ecx mov ebx, dword [ebp - 0x15c] add edx, dword [ebp - 0x170] add edx, edx @@ -61216,26 +61877,26 @@ push 0 push 0xff push eax mov eax, esi -call fcn_fffa73b0 ; call 0xfffa73b0 -jmp short loc_fffcd8aa ; jmp 0xfffcd8aa +call fcn_fffa735e ; call 0xfffa735e +jmp short loc_fffce212 ; jmp 0xfffce212 -loc_fffcd83d: ; not directly referenced +loc_fffce1a5: ; not directly referenced cmp byte [ebp - 0x151], 0xb -jne short loc_fffcd8ad ; jne 0xfffcd8ad +jne short loc_fffce215 ; jne 0xfffce215 imul ebx, dword [ebp - 0x14c], 9 add ebx, dword [ebp - 0x174] mov edi, dword [ebp - 0x164] lea ebx, [eax + ebx + 0x128] -mov dword [esi + ebx*8 + 0x2454], edx +mov dword [esi + ebx*8 + 0x2455], edx movzx edx, byte [ebp - 0x160] -mov dword [esi + ebx*8 + 0x2450], ecx +mov dword [esi + ebx*8 + 0x2451], ecx lea ecx, [edi + edi] mov edi, dword [ebp - 0x15c] add edx, dword [ebp - 0x170] add edx, edx add word [edi + edx + 0x1b1], cx -loc_fffcd88e: ; not directly referenced +loc_fffce1f6: ; not directly referenced mov ecx, dword [ebp - 0x150] push edx mov edx, dword [ebp - 0x14c] @@ -61243,24 +61904,24 @@ push 0 push 0xff push eax mov eax, esi -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 -loc_fffcd8aa: ; not directly referenced +loc_fffce212: ; not directly referenced add esp, 0x10 -loc_fffcd8ad: ; not directly referenced +loc_fffce215: ; not directly referenced inc byte [ebp - 0x160] -jmp near loc_fffcd718 ; jmp 0xfffcd718 +jmp near loc_fffce080 ; jmp 0xfffce080 -loc_fffcd8b8: ; not directly referenced +loc_fffce220: ; not directly referenced cmp byte [ebp - 0x151], 0xb -jne short loc_fffcd8fe ; jne 0xfffcd8fe +jne short loc_fffce266 ; jne 0xfffce266 mov ebx, dword [ebp - 0x14c] mov eax, esi shl ebx, 0xa add ebx, 0x4028 mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp - 0x15c] movzx edx, byte [edi + 0x1019] and eax, 0xffc0ffff @@ -61270,29 +61931,29 @@ or eax, edx mov edx, ebx mov ecx, eax mov eax, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffcd8fe: ; not directly referenced +loc_fffce266: ; not directly referenced inc dword [ebp - 0x14c] add dword [ebp - 0x15c], 0x13c3 cmp dword [ebp - 0x14c], 2 -jne loc_fffcd6ea ; jne 0xfffcd6ea +jne loc_fffce052 ; jne 0xfffce052 -loc_fffcd91b: ; not directly referenced +loc_fffce283: ; not directly referenced inc dword [ebp - 0x150] cmp dword [ebp - 0x150], 4 -jne loc_fffcd2d9 ; jne 0xfffcd2d9 +jne loc_fffcdc41 ; jne 0xfffcdc41 cmp byte [ebp - 0x16c], 0xb mov ebx, dword [ebp - 0x158] -jne short loc_fffcd94b ; jne 0xfffcd94b +jne short loc_fffce2b3 ; jne 0xfffce2b3 mov eax, esi -call fcn_fffb0e8a ; call 0xfffb0e8a -jmp short loc_fffcd94b ; jmp 0xfffcd94b +call fcn_fffaa4a9 ; call 0xfffaa4a9 +jmp short loc_fffce2b3 ; jmp 0xfffce2b3 -loc_fffcd946: ; not directly referenced +loc_fffce2ae: ; not directly referenced mov ebx, 2 -loc_fffcd94b: ; not directly referenced +loc_fffce2b3: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -61301,1662 +61962,1210 @@ pop edi pop ebp ret -fcn_fffcd955: ; not directly referenced +fcn_fffce2bd: ; not directly referenced push ebp mov ebp, esp push edi push esi -mov esi, eax push ebx -xor ebx, ebx -sub esp, 0x2c -mov eax, dword [eax + 0x2480] -mov dword [ebp - 0x2c], ecx -lea edi, [esi + 0x3756] -mov byte [ebp - 0x25], dl -mov dword [ebp - 0x24], eax - -loc_fffcd977: ; not directly referenced -cmp dword [edi], 2 -jne loc_fffcda73 ; jne 0xfffcda73 -mov dl, byte [ebp - 0x25] -and dl, byte [edi + 0xc4] -je loc_fffcda73 ; je 0xfffcda73 -mov eax, dword [ebp - 0x2c] -movzx ecx, dl -mov dword [ebp - 0x20], ecx -movzx eax, byte [eax + ebx] -push edx -push 0 -push eax -push 3 -push ecx -push 0 -push ebx -push esi -mov dword [ebp - 0x1c], eax -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -xor edx, edx - -loc_fffcd9b4: ; not directly referenced -mov eax, dword [ebp - 0x20] -bt eax, edx -jae short loc_fffcd9c9 ; jae 0xfffcd9c9 -movzx edx, byte [edi + edx + 0x245] -add edx, dword [ebp - 0x1c] -jmp short loc_fffcd9d1 ; jmp 0xfffcd9d1 +sub esp, 8 +mov esi, dword [ebp + 8] +mov ebx, dword [ebp + 0x14] +mov dword [ebp - 0x10], esi +mov esi, dword [ebp + 0xc] +mov edi, ebx +shr edi, 0x1d +and edi, 1 +mov dword [ebp - 0x14], esi +mov esi, dword [ebp + 0x10] +cmp ax, di +jne short loc_fffce352 ; jne 0xfffce352 +test dword [ebp + 0x18], 0x800 +jne short loc_fffce336 ; jne 0xfffce336 +mov eax, ebx +shr eax, 0xc +and eax, 1 +cmp dx, ax +jne short loc_fffce352 ; jne 0xfffce352 +mov eax, ebx +shr eax, 0xb +and eax, 1 +cmp cx, ax +jne short loc_fffce352 ; jne 0xfffce352 +mov edx, ebx +shr edx, 8 +and edx, 7 -loc_fffcd9c9: ; not directly referenced -inc edx -cmp edx, 4 -jne short loc_fffcd9b4 ; jne 0xfffcd9b4 -xor dl, dl +loc_fffce310: ; not directly referenced +xor eax, eax +cmp word [ebp - 0x10], dx +jne short loc_fffce354 ; jne 0xfffce354 +mov edx, ebx +shr edx, 0xd +cmp word [ebp - 0x14], dx +jne short loc_fffce354 ; jne 0xfffce354 +movzx ebx, bl +and esi, 0xfffffff8 +shl ebx, 3 +xor eax, eax +cmp si, bx +sete al +jmp short loc_fffce354 ; jmp 0xfffce354 -loc_fffcd9d1: ; not directly referenced -push ecx -push 0 -push edx -push 1 -push dword [ebp - 0x20] -push 4 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c -mov edx, dword [ebp - 0x1c] -push 0 -add edx, dword [edi + 0x111] -push edx -push 1 -push dword [ebp - 0x20] -push 2 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c -mov edx, dword [ebp - 0x1c] -push 0 -add edx, dword [edi + 0x119] -push edx -push 1 -push dword [ebp - 0x20] -push 1 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -cmp dword [ebp - 0x24], 3 -jne short loc_fffcda55 ; jne 0xfffcda55 -mov eax, dword [ebp - 0x1c] -add dword [edi + 0x111], eax -push edx -push 0 -mov edx, dword [edi + 0x115] -add edx, eax -push edx -push 2 -push dword [ebp - 0x20] -push 2 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov edx, dword [ebp - 0x1c] -add esp, 0x20 -sub dword [edi + 0x111], edx +loc_fffce336: ; not directly referenced +test dx, dx +jne short loc_fffce352 ; jne 0xfffce352 +mov eax, ebx +shr eax, 0xc +and eax, 1 +cmp cx, ax +jne short loc_fffce352 ; jne 0xfffce352 +mov edx, ebx +shr edx, 8 +and edx, 0xf +jmp short loc_fffce310 ; jmp 0xfffce310 -loc_fffcda55: ; not directly referenced -mov edx, dword [ebp - 0x1c] -push eax -push 0 -add edx, dword [edi + 0x109] -push edx -push 1 -push dword [ebp - 0x20] -push 3 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +loc_fffce352: ; not directly referenced +xor eax, eax -loc_fffcda73: ; not directly referenced -inc ebx -add edi, 0x13c3 -cmp ebx, 2 -jne loc_fffcd977 ; jne 0xfffcd977 -sub esp, 0xc -push esi -call fcn_fffc82f4 ; call 0xfffc82f4 -lea esp, [ebp - 0xc] +loc_fffce354: ; not directly referenced +pop edx +pop ecx pop ebx pop esi pop edi pop ebp ret -fcn_fffcda94: ; not directly referenced +fcn_fffce35b: ; not directly referenced push ebp +xor eax, eax mov ebp, esp +mov ecx, 8 push edi +mov edx, 0xcf8 push esi push ebx -mov ebx, edx -sub esp, 0x3d0 -mov edi, dword [ebp + 0xc] -mov dword [ebp - 0x3cc], ecx -mov ecx, dword [ebp + 0x14] -mov byte [ebp - 0x38e], dl -mov dl, byte [ebp + 8] -mov esi, dword [ebp + 0x10] -mov dword [ebp - 0x34c], eax -xor eax, eax -cmp bl, 0xc -mov dword [ebp - 0x37c], ecx -mov ecx, dword [ebp + 0x24] -mov dword [ebp - 0x374], edi -mov byte [ebp - 0x3a4], dl -mov edx, edi -lea edi, [ebp - 0x2e0] -mov dword [ebp - 0x380], ecx -mov ecx, dword [ebp + 0x2c] -mov byte [ebp - 0x34d], dl -mov edx, esi -mov byte [ebp - 0x364], dl -mov dl, byte [ebp + 0x20] -mov dword [ebp - 0x378], esi -mov esi, ref_fffd5bc0 ; mov esi, 0xfffd5bc0 -mov dword [ebp - 0x384], ecx -mov ecx, 0xb +lea edi, [ebp - 0xe8] +sub esp, 0x198 +mov ebx, dword [ebp + 8] rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0x321] -mov byte [ebp - 0x38f], dl -mov dl, byte [ebp + 0x28] -mov word [ebp - 0x2d8], 7 -mov word [ebp - 0x2d2], 0x3ff -mov word [ebp - 0x2bc], 1 -mov byte [ebp - 0x34e], dl -mov cl, 0xd -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -lea edi, [ebp - 0x302] -mov esi, ref_fffd5bd0 ; mov esi, 0xfffd5bd0 -mov word [ebp - 0x2b6], 1 +lea edi, [ebp - 0xf8] +mov dword [ebp - 0xbc], fcn_fffb00dc ; mov dword [ebp - 0xbc], 0xfffb00dc +mov dword [ebp - 0xb0], fcn_fffb0086 ; mov dword [ebp - 0xb0], 0xfffb0086 +mov dword [ebp - 0x5c], fcn_fffb01d3 ; mov dword [ebp - 0x5c], 0xfffb01d3 +mov dword [ebp - 0x58], fcn_fffb01ca ; mov dword [ebp - 0x58], 0xfffb01ca +mov dword [ebp - 0xa4], fcn_fffb3fc4 ; mov dword [ebp - 0xa4], 0xfffb3fc4 mov cl, 4 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov eax, dword [ebp - 0x34c] -lea edi, [ebp - 0x288] -mov esi, ref_fffd5be0 ; mov esi, 0xfffd5be0 -mov byte [ebp - 0x33e], 0 -mov byte [ebp - 0x33d], 0 -mov word [ebp - 0x32c], 0 -mov dword [ebp - 0x32a], 0 -mov cl, 0xc -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [eax + 0x2443] -mov esi, 0xa -mov al, 0x14 -cmovne esi, eax +rep stosd ; rep stosd dword es:[edi], eax +mov eax, 0x80000048 +mov dword [ebp - 0xa0], fcn_fffb401c ; mov dword [ebp - 0xa0], 0xfffb401c +mov dword [ebp - 0x7c], fcn_fffc375d ; mov dword [ebp - 0x7c], 0xfffc375d +mov dword [ebp - 0x78], fcn_fffc3739 ; mov dword [ebp - 0x78], 0xfffc3739 +out dx, eax +push 0xcfc +call fcn_fffb00dc ; call 0xfffb00dc +add esp, 0x10 +mov esi, eax +test al, 1 +jne short loc_fffce3ec ; jne 0xfffce3ec + +loc_fffce3e5: ; not directly referenced +xor eax, eax +jmp near loc_fffcf1ab ; jmp 0xfffcf1ab + +loc_fffce3ec: ; not directly referenced +push 0x60 +mov edi, dword [ebp - 0xb0] push 0 -mov eax, esi -push 2 -mov byte [ebp - 0x3b6], al -lea eax, [ebp - 0x33a] -push eax -mov dword [ebp - 0x326], 7 -mov byte [ebp - 0x322], 0 -call dword [edi + 0x60] ; ucall -add esp, 0xc push 0 -push 2 -lea eax, [ebp - 0x33c] -push eax -call dword [edi + 0x5c] ; ucall -add esp, 0xc push 0 -push 0x10 -lea eax, [ebp - 0x314] -push eax -call dword [edi + 0x5c] ; ucall -add esp, 0xc -push 0x2c -lea eax, [ebp - 0x2e0] -push eax -lea eax, [ebp - 0x2b4] +call dword [ebp - 0x7c] ; ucall +pop edx +pop ecx push eax -call dword [edi + 0x58] ; ucall +push 0xcf8 +call edi +mov dword [esp], 0xcfc +call dword [ebp - 0xbc] ; ucall add esp, 0x10 -xor eax, eax - -loc_fffcdc0a: ; not directly referenced -mov byte [ebp + eax - 0x335], al -inc eax -cmp eax, 9 -jne short loc_fffcdc0a ; jne 0xfffcdc0a -cmp bl, 0xc -sete al -mov byte [ebp - 0x34f], al +test al, 1 +je short loc_fffce3e5 ; je 0xfffce3e5 +and eax, 0xfffffff8 +mov edi, eax +call fcn_fffa67af ; call 0xfffa67af +mov dword [ebp - 0x12c], 0 +cmp eax, 0x40660 +setne cl +cmp eax, 0x306c0 +setne dl +test cl, dl +je short loc_fffce454 ; je 0xfffce454 +cmp eax, 0x40650 +setne al movzx eax, al -mov dword [ebp - 0x354], eax -lea eax, [ebx - 8] -cmp al, 1 -setbe dl -cmp bl, 0xb -sete al -or dl, al -mov dword [ebp - 0x35c], 1 -jne short loc_fffcdc56 ; jne 0xfffcdc56 -xor eax, eax -cmp bl, 0xa -sete al -mov dword [ebp - 0x35c], eax - -loc_fffcdc56: ; not directly referenced -mov al, byte [ebp - 0x33d] -mov esi, dword [ebp - 0x34c] -movzx ecx, byte [ebp - 0x38e] -mov dword [ebp - 0x358], 0 -mov byte [ebp - 0x360], al -mov al, byte [ebp - 0x33e] -add esi, 0x381a -mov dword [ebp - 0x388], ecx - -loc_fffcdc8b: ; not directly referenced -mov cl, byte [esi] -test cl, cl -je loc_fffcdd4f ; je 0xfffcdd4f -mov dl, cl -and edx, 0xc -cmp dl, 0xc -je short loc_fffcdcb5 ; je 0xfffcdcb5 -mov dl, cl -and edx, 3 -cmp dl, 3 -sete dl -movzx edx, dl -mov dword [ebp - 0x370], edx -jmp short loc_fffcdcbf ; jmp 0xfffcdcbf - -loc_fffcdcb5: ; not directly referenced -mov dword [ebp - 0x370], 1 - -loc_fffcdcbf: ; not directly referenced -test byte [ebp - 0x34e], cl -je loc_fffcdd4f ; je 0xfffcdd4f -mov cl, byte [ebp - 0x358] -mov edx, 1 -shl edx, cl -mov ecx, dword [ebp - 0x388] -mov dword [ebp - 0x368], edx -mov cl, byte [ebp + ecx - 0x321] -mov byte [ebp - 0x36c], cl -and cl, 2 -je short loc_fffcdd11 ; je 0xfffcdd11 -mov cl, byte [ebp - 0x360] -mov dl, byte [ebp - 0x368] -or edx, ecx -cmp dword [esi - 4], 2 -cmove ecx, edx -mov byte [ebp - 0x360], cl +mov dword [ebp - 0x12c], eax -loc_fffcdd11: ; not directly referenced -test byte [ebp - 0x36c], 1 -je short loc_fffcdd23 ; je 0xfffcdd23 -cmp dword [ebp - 0x370], 0 -jne short loc_fffcdd2c ; jne 0xfffcdd2c +loc_fffce454: ; not directly referenced +push 0xbc +and esi, 0xfffffffe +push 0 +push 0 +push 0 +call dword [ebp - 0x78] ; ucall +add eax, edi +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +push 0x90 +push 0 +push 0 +push 0 +mov dword [ebp - 0x168], eax +call dword [ebp - 0x78] ; ucall +add esp, 0x14 +add eax, edi +push eax +call dword [ebp - 0xa0] ; ucall +push 0x98 +push 0 +push 0 +push 0 +mov dword [ebp - 0x184], edx +mov dword [ebp - 0x180], eax +call dword [ebp - 0x78] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [ebp - 0xa0] ; ucall +mov dword [ebp - 0x188], eax +lea eax, [esi + 0x5024] +mov dword [ebp - 0x18c], edx +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x14c], eax +lea eax, [esi + 0x5014] +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x150], eax +lea eax, [esi + 0x5000] +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x114], eax +lea eax, [esi + 0x5004] +add esi, 0x5008 +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [esp], esi +mov edi, eax +call dword [ebp - 0xa4] ; ucall +mov cl, byte [ebx + 4] +add esp, 0x10 +mov dx, word [ebx + 5] +mov dword [ebp - 0x104], edi +mov dword [ebp - 0xfc], 0 +mov byte [ebp - 0x110], cl +mov cl, byte [ebx + 3] +mov word [ebp - 0x12e], dx +mov dx, word [ebx + 7] +mov dword [ebp - 0x100], eax +mov byte [ebp - 0x134], cl +mov cl, byte [ebx + 2] +mov word [ebp - 0x130], dx +mov dl, byte [ebx + 1] +mov al, cl +or eax, edx +mov byte [ebp - 0x151], cl +test al, 0xfe +je short loc_fffce57d ; je 0xfffce57d -loc_fffcdd23: ; not directly referenced -cmp dword [ebp - 0x354], 0 -je short loc_fffcdd32 ; je 0xfffcdd32 +loc_fffce576: ; not directly referenced +xor eax, eax +jmp near loc_fffcf1ab ; jmp 0xfffcf1ab -loc_fffcdd2c: ; not directly referenced -or eax, dword [ebp - 0x368] +loc_fffce57d: ; not directly referenced +movzx eax, dl +movzx edx, byte [ebp - 0x151] +mov esi, dword [ebp + eax*4 - 0x104] +mov dword [ebp - 0x140], eax +mov dword [ebp - 0x16c], 0 +mov eax, esi +shr eax, 0x10 +and eax, 1 +xor eax, edx +mov edx, esi +movzx eax, ax +test eax, eax +mov dword [ebp - 0x148], eax +mov dword [ebp - 0x170], eax +lea eax, [ebp - 0xc4] +je short loc_fffce5ca ; je 0xfffce5ca +call fcn_fffc3acf ; call 0xfffc3acf +jmp short loc_fffce5cf ; jmp 0xfffce5cf -loc_fffcdd32: ; not directly referenced -cmp dword [ebp - 0x35c], 0 -je short loc_fffcdd4f ; je 0xfffcdd4f -mov edx, dword [ebp - 0x358] -movzx ecx, al -bt ecx, edx -jb short loc_fffcdd4f ; jb 0xfffcdd4f -or eax, dword [ebp - 0x368] +loc_fffce5ca: ; not directly referenced +call fcn_fffc3aea ; call 0xfffc3aea -loc_fffcdd4f: ; not directly referenced -inc dword [ebp - 0x358] -add esi, 0x13c3 -cmp dword [ebp - 0x358], 2 -jne loc_fffcdc8b ; jne 0xfffcdc8b -mov dl, byte [ebp - 0x360] -mov cl, byte [ebp - 0x374] -cmp byte [ebp - 0x378], cl -mov byte [ebp - 0x33e], al -mov byte [ebp - 0x33d], dl -setle cl -or al, dl -mov byte [ebp - 0x358], al -sete al -or cl, al -je short loc_fffcdda2 ; je 0xfffcdda2 +loc_fffce5cf: ; not directly referenced +mov dword [ebp - 0x124], edx +mov edx, dword [ebp - 0x124] +mov dword [ebp - 0x128], eax +mov eax, dword [ebp - 0x128] +mov edi, edx +or edi, eax +je short loc_fffce576 ; je 0xfffce576 +movzx eax, byte [ebp - 0x134] +mov dword [ebp - 0x144], eax +test al, 0xfe +jne loc_fffce576 ; jne 0xfffce576 +cmp dword [ebp - 0x148], 0 +mov ebx, esi +je short loc_fffce612 ; je 0xfffce612 +shr ebx, 0x12 +jmp short loc_fffce615 ; jmp 0xfffce615 -loc_fffcdd98: ; not directly referenced -mov eax, 1 -jmp near loc_fffceaf5 ; jmp 0xfffceaf5 +loc_fffce612: ; not directly referenced +shr ebx, 0x11 -loc_fffcdda2: ; not directly referenced -mov eax, dword [ebp - 0x34c] -mov byte [eax + 0x248b], 3 -lea eax, [ebx - 6] -cmp al, 1 -ja short loc_fffcddd1 ; ja 0xfffcddd1 -mov eax, dword [ebp - 0x34c] -mov edx, 1 -mov ecx, 4 -mov byte [eax + 0x248b], 5 -mov al, 0xd -jmp short loc_fffcddf3 ; jmp 0xfffcddf3 +loc_fffce615: ; not directly referenced +and ebx, 1 +cmp byte [ebp - 0x134], 0 +mov eax, ebx +setne cl +xor eax, 1 +mov byte [ebp - 0x152], cl +test cl, al +jne loc_fffce576 ; jne 0xfffce576 +cmp dword [ebp - 0x148], 0 +mov ecx, esi +mov edx, dword [ebp - 0x114] +lea eax, [ebp - 0xc4] +je short loc_fffce660 ; je 0xfffce660 +call fcn_fffb8ec5 ; call 0xfffb8ec5 +test esi, 0x100000 +mov word [ebp - 0x118], ax +jmp short loc_fffce672 ; jmp 0xfffce672 -loc_fffcddd1: ; not directly referenced -cmp dword [ebp - 0x35c], 0 -je short loc_fffcddfa ; je 0xfffcddfa -mov eax, dword [ebp - 0x34c] -mov edx, 1 -mov ecx, 5 -mov byte [eax + 0x248b], 6 -mov al, 0xd +loc_fffce660: ; not directly referenced +call fcn_fffb8f37 ; call 0xfffb8f37 +test esi, 0x80000 +mov word [ebp - 0x118], ax -loc_fffcddf3: ; not directly referenced -mov esi, 0x80 -jmp short loc_fffcde1c ; jmp 0xfffcde1c +loc_fffce672: ; not directly referenced +je short loc_fffce67b ; je 0xfffce67b +mov eax, 0x10 +jmp short loc_fffce692 ; jmp 0xfffce692 -loc_fffcddfa: ; not directly referenced -cmp byte [ebp - 0x34f], 1 +loc_fffce67b: ; not directly referenced +mov eax, dword [ebp - 0x114] +shr eax, 0xa +and eax, 1 +cmp eax, 1 sbb eax, eax -xor edx, edx -and eax, 0xfffffffd -xor ecx, ecx -add eax, 0x10 -cmp byte [ebp - 0x34f], 1 -sbb esi, esi -and esi, 0x7c -add esi, 4 +and eax, 0xffffffe8 +add eax, 0x20 -loc_fffcde1c: ; not directly referenced -movzx eax, al -movzx esi, si -mov dword [ebp - 0x35c], ebx -mov ebx, dword [ebp - 0x34c] -mov word [ebp - 0x32c], ax -movzx eax, byte [ebp - 0x37c] -mov dword [ebp - 0x2a0], edx -mov dword [ebp - 0x294], edx -mov bl, byte [ebx + 0x248b] +loc_fffce692: ; not directly referenced +mov edi, dword [ebp - 0x114] +shr edi, 0xb +mov dword [ebp - 0x13c], edi +movzx edi, byte [ebp - 0x110] +and dword [ebp - 0x13c], 1 +cmp ax, 8 +sete dl +mov byte [ebp - 0x120], dl +and edx, dword [ebp - 0x13c] +mov dword [ebp - 0x138], edi +movzx eax, dl +shl eax, 3 +or eax, 7 +not eax +test edi, eax +jne loc_fffce576 ; jne 0xfffce576 +push eax +mov al, byte [ebp - 0x118] +add eax, ebx +add edx, eax +movzx edx, dl +push edx +push dword [ebp - 0x124] +push dword [ebp - 0x128] +call dword [ebp - 0x58] ; ucall +movzx edi, word [ebp - 0x130] +add esp, 0x10 +mov dword [ebp - 0x160], eax +neg eax +mov dword [ebp - 0x15c], edx +test eax, edi +jne loc_fffce576 ; jne 0xfffce576 +movzx eax, word [ebp - 0x12e] +mov cl, byte [ebp - 0x118] mov edx, eax -movzx eax, byte [ebp - 0x358] -push 0 -push 0 -push 0 -mov byte [ebp - 0x322], bl -mov ebx, eax -mov dword [ebp - 0x3a0], eax -lea eax, [ebp - 0x32c] +mov dword [ebp - 0x174], eax +mov eax, 1 +shl eax, cl +dec eax +movzx eax, ax +not eax +test edx, eax +jne loc_fffce576 ; jne 0xfffce576 +mov eax, esi +shr eax, 0x15 +mov dword [ebp - 0x178], eax +and eax, 1 +mov dword [ebp - 0x158], eax +mov eax, esi +shr eax, 0x1a +mov dword [ebp - 0x17c], eax +and eax, 1 +mov dword [ebp - 0x164], eax +mov eax, esi +shr eax, 0x16 +mov dword [ebp - 0x128], eax +and dword [ebp - 0x128], 1 +cmp dword [ebp - 0x13c], 0 +je loc_fffceae1 ; je 0xfffceae1 push eax -push 0 -lea eax, [ebp - 0x2b4] +mov eax, dword [ebp - 0x110] +xor edx, edx +push 8 +push edx +and eax, 3 push eax +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 2 +mov dword [ebp - 0x190], eax +mov al, byte [ebp - 0x110] +mov dword [ebp - 0x194], edx +xor edx, edx push edx +and eax, 4 +movzx eax, al +push eax +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +mov dword [ebp - 0x118], eax +mov eax, dword [ebp - 0x190] +or dword [ebp - 0x118], eax +mov eax, dword [ebp - 0x194] +mov dword [ebp - 0x13c], edx +mov edx, dword [ebp - 0x5c] +or dword [ebp - 0x13c], eax +test byte [ebp - 0x164], bl +je loc_fffce8c6 ; je 0xfffce8c6 +mov ecx, esi +mov ebx, 1 +shr ecx, 0x1b +and ecx, 7 +add ecx, 4 +shl ebx, cl +dec ebx +cmp byte [ebp - 0x120], 1 push esi -mov dword [ebp - 0x358], edx -mov edx, ebx -mov ebx, dword [ebp - 0x34c] -mov eax, ebx -call fcn_fffb20e5 ; call 0xfffb20e5 -add esp, 0x20 -lea eax, [esi - 1] -mov esi, ebx -call fcn_fffaec34 ; call 0xfffaec34 -mov cl, byte [ebp - 0x358] -mov edx, 1 -sub ecx, eax -mov eax, edx -shl eax, cl -mov ecx, eax -mov al, 1 -test cl, cl -cmovg eax, ecx -mov byte [ebx + 0x248c], al -mov ebx, dword [ebp - 0x35c] -movzx ecx, byte [esi + 0x2488] -mov dword [ebp - 0x35c], 0 -lea eax, [ebx - 0xa] -cmp al, 1 -mov byte [ebp - 0x3b5], al -setbe al +mov esi, dword [ebp - 0x144] +sbb eax, eax +add eax, 0xb +push eax +mov eax, dword [ebp - 0x130] +shl esi, cl +and eax, ebx +movzx ebx, bx +not ebx +movzx eax, ax +and ebx, edi +or eax, esi +add ebx, ebx +or eax, ebx +mov ebx, eax +sar ebx, 0x1f +push ebx +push eax +call edx +add esp, 0xc +push 7 +mov esi, eax +mov al, byte [ebp - 0x110] +mov ebx, edx +xor edx, edx +push edx +and eax, 8 movzx eax, al -shl edx, cl -cmp bl, 0xa -mov bl, byte [ebp - 0x364] -mov dword [ebp - 0x38c], eax -lea eax, [edx - 1] -mov dl, byte [ebp - 0x34d] -mov word [ebp - 0x3a2], ax -sete al -lea eax, [eax + eax - 1] -mov cl, al -mov byte [ebp - 0x358], al -mov al, byte [ebp - 0x378] -cmove eax, edx -mov dl, al -mov byte [ebp - 0x34d], al -mov al, byte [ebp - 0x374] -cmove eax, ebx -add esi, 0x3756 -mov byte [ebp - 0x364], al -mov al, byte [ebp - 0x384] -imul eax, ecx -sub edx, eax -mov byte [ebp - 0x350], al -movzx eax, dl -mov dword [ebp - 0x36c], eax - -loc_fffcdf57: ; not directly referenced -cmp dword [esi], 2 -je short loc_fffcdfce ; je 0xfffcdfce - -loc_fffcdf5c: ; not directly referenced -add dword [ebp - 0x35c], 9 -add esi, 0x13c3 -cmp dword [ebp - 0x35c], 0x12 -jne short loc_fffcdf57 ; jne 0xfffcdf57 -movzx eax, byte [ebp - 0x380] -movzx edi, byte [ebp - 0x38e] -mov dword [ebp - 0x37c], 0 -mov dword [ebp - 0x3b0], eax -imul eax, eax, 0x90 -mov dword [ebp - 0x398], edi -movzx edi, byte [ebp - 0x34e] -mov dword [ebp - 0x3c4], eax -mov al, byte [ebp - 0x364] -mov dword [ebp - 0x39c], edi -mov byte [ebp - 0x36c], al -mov al, byte [ebp - 0x34d] -mov byte [ebp - 0x374], al -xor eax, eax -jmp near loc_fffce1f4 ; jmp 0xfffce1f4 +push eax +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +or eax, esi +or edx, ebx +or eax, dword [ebp - 0x118] +or edx, dword [ebp - 0x13c] +cmp dword [ebp - 0x128], 0 +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +je loc_fffceaa0 ; je 0xfffceaa0 +cmp byte [ebp - 0x120], 0 +mov eax, dword [ebp - 0x58] +jne loc_fffcea2b ; jne 0xfffcea2b +push ebx +push 3 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +mov edi, ebx +and eax, 0x300 +xor eax, ecx +mov esi, eax +jmp near loc_fffcea82 ; jmp 0xfffcea82 -loc_fffcdfce: ; not directly referenced -mov ebx, dword [ebp - 0x34c] +loc_fffce8c6: ; not directly referenced +cmp byte [ebp - 0x120], 1 +sbb eax, eax +test byte [ebp - 0x158], bl +je loc_fffce987 ; je 0xfffce987 +add eax, 0xc +xor ebx, ebx push ecx -push dword [ebp - 0x36c] -movzx eax, byte [ebx + 0x2488] push eax -mov eax, dword [ebp - 0x35c] -lea eax, [ebp + eax - 0x2f2] +push ebx +push edi +call edx +add esp, 0xc +push 0xa +mov esi, eax +movzx eax, byte [ebp - 0x134] +mov ebx, edx +xor edx, edx +push edx push eax -call dword [edi + 0x5c] ; ucall -mov al, byte [ebx + 0x2488] -add esp, 0x10 +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 8 +or esi, eax +mov al, byte [ebp - 0x110] +or ebx, edx xor edx, edx -mov byte [ebp - 0x368], al +push edx +or esi, dword [ebp - 0x118] +and eax, 8 +movzx eax, al +or ebx, dword [ebp - 0x13c] +push eax +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +or esi, eax +or ebx, edx +cmp dword [ebp - 0x128], 0 +mov dword [ebp - 0x110], esi +mov dword [ebp - 0x10c], ebx +je loc_fffceaa0 ; je 0xfffceaa0 +cmp byte [ebp - 0x120], 0 +mov eax, dword [ebp - 0x58] +je loc_fffcea2b ; je 0xfffcea2b +push esi +push 5 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +add esp, 0xc +push 0xc +mov edi, ebx +and eax, 0xf00 +xor eax, ecx +mov esi, eax +jmp near loc_fffcea87 ; jmp 0xfffcea87 -loc_fffce005: ; not directly referenced -cmp dl, byte [ebp - 0x368] -je loc_fffcdf5c ; je 0xfffcdf5c -movzx ecx, dl -add ecx, dword [ebp - 0x35c] -lea eax, [ebp - 0x258] -mov byte [ebp - 0x360], 0 -add ecx, ecx -add ecx, eax -xor eax, eax +loc_fffce987: ; not directly referenced +add eax, 0xb +push ebx +xor ebx, ebx +push eax +push ebx +push edi +call edx +add esp, 0xc +push 7 +mov esi, eax +mov al, byte [ebp - 0x110] +mov ebx, edx +xor edx, edx +push edx +and eax, 8 +movzx eax, al +push eax +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +or eax, esi +or edx, ebx +or eax, dword [ebp - 0x118] +or edx, dword [ebp - 0x13c] +cmp byte [ebp - 0x152], 0 +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +je short loc_fffcea12 ; je 0xfffcea12 +cmp byte [ebp - 0x120], 1 +push ecx +sbb eax, eax +add eax, 0xb +push eax +push dword [ebp - 0x15c] +push dword [ebp - 0x160] +call dword [ebp - 0x5c] ; ucall +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +add esp, 0x10 +or eax, ecx +or edx, ebx +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx -loc_fffce02d: ; not directly referenced -mov bl, byte [ebp - 0x3a4] -cmp byte [ebp - 0x360], bl -je short loc_fffce07b ; je 0xfffce07b -mov bl, byte [ebp - 0x38f] -test bl, bl -je short loc_fffce06e ; je 0xfffce06e -mov word [ecx + eax], 0x500 -cmp bl, 1 -jbe short loc_fffce057 ; jbe 0xfffce057 -mov word [ecx + eax + 0x24], 0x500 +loc_fffcea12: ; not directly referenced +cmp dword [ebp - 0x128], 0 +je loc_fffceaa0 ; je 0xfffceaa0 +cmp byte [ebp - 0x120], 0 +mov eax, dword [ebp - 0x58] +je short loc_fffcea5a ; je 0xfffcea5a -loc_fffce057: ; not directly referenced -cmp byte [ebp - 0x38f], 1 -mov word [ecx + eax + 0x48], 0x500 -jbe short loc_fffce06e ; jbe 0xfffce06e -mov word [ecx + eax + 0x6c], 0x500 +loc_fffcea2b: ; not directly referenced +push edx +push 4 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +add esp, 0xc +push 0xb +mov edi, ebx +and eax, 0x700 +xor eax, ecx +mov esi, eax +jmp short loc_fffcea87 ; jmp 0xfffcea87 -loc_fffce06e: ; not directly referenced -inc byte [ebp - 0x360] -add eax, 0x90 -jmp short loc_fffce02d ; jmp 0xfffce02d +loc_fffcea5a: ; not directly referenced +push edi +push 3 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov edx, dword [ebp - 0x110] +mov ecx, dword [ebp - 0x10c] +mov edi, ecx +and eax, 0x300 +xor eax, edx +mov esi, eax -loc_fffce07b: ; not directly referenced -inc edx -jmp short loc_fffce005 ; jmp 0xfffce005 +loc_fffcea82: ; not directly referenced +add esp, 0xc +push 0xa -loc_fffce07e: ; not directly referenced -test al, al -jne loc_fffce210 ; jne 0xfffce210 -mov al, byte [ebp - 0x34d] -sub eax, dword [ebp - 0x374] -imul eax, dword [ebp - 0x358] -mov byte [ebp - 0x38d], al -dec al -sete al -test byte [ebp - 0x34f], al -je short loc_fffce0d0 ; je 0xfffce0d0 -mov al, byte [ebp - 0x36c] -add ecx, dword [ebp - 0x374] -neg byte [ebp - 0x358] -mov byte [ebp - 0x374], dl -mov byte [ebp - 0x34d], al -mov byte [ebp - 0x36c], cl +loc_fffcea87: ; not directly referenced +push edi +push esi +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +mov dword [ebp - 0x10c], edi +and eax, 1 +xor eax, esi +mov dword [ebp - 0x110], eax -loc_fffce0d0: ; not directly referenced -movzx eax, byte [ebp - 0x34d] -xor esi, esi +loc_fffceaa0: ; not directly referenced +mov cx, word [ebp - 0x12e] +mov ebx, dword [ebp - 0x10c] +shr cx, 2 +and ecx, 0x3ffe +mov eax, ecx +cdq +mov eax, ecx +mov dword [ebp - 0x120], ecx +mov ecx, dword [ebp - 0x110] +mov dword [ebp - 0x11c], edx +or eax, ecx +mov esi, eax +mov eax, dword [ebp - 0x11c] +or eax, ebx mov edi, eax -shl edi, 0x18 -mov dword [ebp - 0x360], edi -mov edi, 0x48dc -mov dword [ebp - 0x368], eax +jmp near loc_fffcecfa ; jmp 0xfffcecfa -loc_fffce0ef: ; not directly referenced -imul eax, esi, 0x13c3 -mov ebx, dword [ebp - 0x34c] -mov al, byte [ebx + eax + 0x381a] -mov ebx, dword [ebp - 0x3a0] -bt ebx, esi -jb loc_fffce23a ; jb 0xfffce23a - -loc_fffce111: ; not directly referenced -inc esi -add edi, 8 -cmp esi, 2 -jne short loc_fffce0ef ; jne 0xfffce0ef -mov al, byte [ebp - 0x34d] -sub eax, dword [ebp - 0x358] -mov dword [ebp - 0x3a8], 0 -mov dword [ebp - 0x368], 0 -mov byte [ebp - 0x390], al -mov al, byte [ebp - 0x350] -sub byte [ebp - 0x390], al - -loc_fffce14c: ; not directly referenced -mov eax, dword [ebp - 0x368] -movzx eax, byte [ebp + eax - 0x33e] -mov byte [ebp - 0x3a3], al -test al, al -je loc_fffce98f ; je 0xfffce98f -mov dword [ebp - 0x35c], eax -xor esi, esi -imul eax, dword [ebp - 0x368], 6 -mov dword [ebp - 0x364], eax - -loc_fffce17d: ; not directly referenced -mov eax, dword [ebp - 0x35c] -bt eax, esi -jb loc_fffce35a ; jb 0xfffce35a - -loc_fffce18c: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffce17d ; jne 0xfffce17d -mov eax, dword [ebp - 0x35c] -mov byte [ebp - 0x360], 0 -and eax, 2 -mov dword [ebp - 0x3b4], eax -mov eax, dword [ebp + 0x1c] -mov dword [ebp - 0x394], eax - -loc_fffce1b1: ; not directly referenced -mov al, byte [ebp - 0x394] -sub eax, dword [ebp + 0x1c] -mov byte [ebp - 0x364], al -cmp al, byte [ebp - 0x38f] -jae short loc_fffce1d5 ; jae 0xfffce1d5 -cmp byte [ebp - 0x360], 0 -je loc_fffce40a ; je 0xfffce40a - -loc_fffce1d5: ; not directly referenced -cmp dword [ebp - 0x368], 1 -jne loc_fffce99b ; jne 0xfffce99b - -loc_fffce1e2: ; not directly referenced -mov al, byte [ebp - 0x358] -add byte [ebp - 0x34d], al -mov al, byte [ebp - 0x360] - -loc_fffce1f4: ; not directly referenced -mov edi, dword [ebp - 0x358] -mov dl, byte [ebp - 0x36c] -mov ecx, edi -add edx, edi -cmp byte [ebp - 0x34d], dl -jne loc_fffce07e ; jne 0xfffce07e - -loc_fffce210: ; not directly referenced -cmp dword [ebp - 0x354], 1 -jne loc_fffce9be ; jne 0xfffce9be -mov al, byte [ebp - 0x374] -add eax, dword [ebp - 0x358] -neg byte [ebp - 0x358] -mov byte [ebp - 0x36c], al -jmp near loc_fffce9be ; jmp 0xfffce9be - -loc_fffce23a: ; not directly referenced -and al, byte [ebp - 0x34e] -mov byte [ebp - 0x364], al -je loc_fffce111 ; je 0xfffce111 -mov ebx, dword [ebp - 0x34c] -mov edx, edi -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -mov dword [ebp - 0x34c], ebx -xor al, al -or eax, dword [ebp - 0x398] -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x34c] -lea ebx, [edi - 4] -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -lea ebx, [edi + 0x10] -and eax, 0xffffff -or eax, dword [ebp - 0x360] -mov ecx, eax -mov eax, dword [ebp - 0x34c] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x34c] -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -lea ebx, [edi + 0xc] -xor al, al -or eax, dword [ebp - 0x398] -mov ecx, eax -mov eax, dword [ebp - 0x34c] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x34c] -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -and eax, 0xffffff -or eax, dword [ebp - 0x360] +loc_fffceae1: ; not directly referenced +test byte [ebp - 0x164], bl +je short loc_fffceb45 ; je 0xfffceb45 +mov ebx, esi +mov eax, 1 +shr ebx, 0x1b +and ebx, 7 +lea ecx, [ebx + 4] +shl eax, cl mov ecx, eax -mov eax, dword [ebp - 0x34c] -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x38c], 0 -mov byte [ebp - 0x35c], 1 -je short loc_fffce311 ; je 0xfffce311 -mov eax, dword [ebp - 0x34c] -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x35c], al - -loc_fffce311: ; not directly referenced -movzx eax, byte [ebp - 0x364] -xor ebx, ebx -mov dword [ebp - 0x364], eax - -loc_fffce320: ; not directly referenced -cmp byte [ebp - 0x35c], bl -jbe loc_fffce111 ; jbe 0xfffce111 -sub esp, 0xc -mov eax, dword [ebp - 0x34c] -mov ecx, ebx -push dword [ebp - 0x364] -mov edx, esi -inc ebx -push 0 -push 0 -push dword [ebp - 0x368] -push dword [ebp - 0x398] -call fcn_fffb579d ; call 0xfffb579d -add esp, 0x20 -jmp short loc_fffce320 ; jmp 0xfffce320 - -loc_fffce35a: ; not directly referenced -imul eax, esi, 0x13c3 -mov edi, dword [ebp - 0x34c] -mov dl, byte [ebp - 0x34e] -and dl, byte [edi + eax + 0x381a] -je loc_fffce18c ; je 0xfffce18c -cmp dword [ebp - 0x354], 0 -mov eax, 0x3210 -jne short loc_fffce3a4 ; jne 0xfffce3a4 -movzx ecx, dl -movzx ecx, byte [ebp + ecx - 0x302] -cmp cl, 0xf -je short loc_fffce3a4 ; je 0xfffce3a4 -add ecx, dword [ebp - 0x364] -mov eax, dword [ebp + ecx*4 - 0x288] - -loc_fffce3a4: ; not directly referenced -mov dword [ebp - 0x360], 0 -xor ebx, ebx -movzx edx, dl - -loc_fffce3b3: ; not directly referenced -test eax, eax -je short loc_fffce3d9 ; je 0xfffce3d9 -mov cl, al -and ecx, 0xf -shr eax, 4 -bt edx, ecx -movzx edi, cl -jae short loc_fffce3b3 ; jae 0xfffce3b3 -lea ecx, [ebx*4] -inc ebx -shl edi, cl -or dword [ebp - 0x360], edi -jmp short loc_fffce3b3 ; jmp 0xfffce3b3 +dec ecx +movzx eax, cx +and ecx, dword [ebp - 0x130] +not eax +and eax, edi +add eax, eax +movzx ecx, cx +push esi +or eax, ecx +push 0xa +cdq +push edx +push eax +call dword [ebp - 0x58] ; ucall +lea ecx, [ebx + 0xe] +mov ebx, dword [ebp - 0x144] +shl ebx, cl +mov ecx, dword [ebp - 0x138] +shl ecx, 7 +or ebx, ecx +mov edi, ebx +or eax, ebx +sar edi, 0x1f +mov dword [ebp - 0x110], eax +or edx, edi +jmp near loc_fffcec4e ; jmp 0xfffcec4e -loc_fffce3d9: ; not directly referenced -mov edi, dword [ebp - 0x34c] -lea edx, [esi*4 + 0x4930] -dec ebx -mov ecx, dword [ebp - 0x360] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -movzx ecx, bl -mov eax, edi -lea edx, [esi*8 + 0x48ef] -call fcn_fffae566 ; call 0xfffae566 -jmp near loc_fffce18c ; jmp 0xfffce18c +loc_fffceb45: ; not directly referenced +test byte [ebp - 0x158], bl +je loc_fffcec04 ; je 0xfffcec04 +push ebx +xor edx, edx +push 0xb +push edx +push edi +xor edi, edi +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 9 +mov dword [ebp - 0x110], eax +movzx eax, byte [ebp - 0x134] +mov dword [ebp - 0x120], edx +xor edx, edx +push edx +push eax +call dword [ebp - 0x5c] ; ucall +mov esi, dword [ebp - 0x138] +add esp, 0xc +push 8 +push edi +push esi +mov dword [ebp - 0x134], eax +mov dword [ebp - 0x13c], edx +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 7 +push edi +push esi +mov ebx, eax +call dword [ebp - 0x5c] ; ucall +mov edi, dword [ebp - 0x134] +and ebx, 0x400 +or edi, dword [ebp - 0x110] +add esp, 0x10 +mov edx, edi +or edx, ebx +and eax, 0x180 +mov edi, edx +or edi, eax +mov eax, dword [ebp - 0x13c] +or eax, dword [ebp - 0x120] +cmp dword [ebp - 0x128], 0 +mov dword [ebp - 0x110], edi +mov dword [ebp - 0x10c], eax +je loc_fffcec91 ; je 0xfffcec91 +mov ebx, dword [ebp - 0x110] +push ecx +mov esi, dword [ebp - 0x10c] +push 4 +mov edi, ebx +and edi, 0x7800 +jmp short loc_fffcec77 ; jmp 0xfffcec77 -loc_fffce40a: ; not directly referenced -mov eax, dword [ebp - 0x394] -cmp dword [ebp - 0x354], 0 -mov bl, byte [eax] -je short loc_fffce45e ; je 0xfffce45e -mov edi, dword [ebp - 0x360] -lea ecx, [ebp - 0x33c] -test byte [ebp - 0x3a3], 1 -mov edx, dword [ebp - 0x39c] -mov eax, edi -cmovne eax, ebx -cmp dword [ebp - 0x3b4], 0 -mov byte [ebp - 0x33c], al +loc_fffcec04: ; not directly referenced +mov ebx, dword [ebp - 0x138] mov eax, edi -cmovne eax, ebx -mov byte [ebp - 0x33b], al -mov eax, dword [ebp - 0x34c] -call fcn_fffcd955 ; call 0xfffcd955 -jmp short loc_fffce4ce ; jmp 0xfffce4ce +shl eax, 0xa +shl ebx, 7 +or ebx, eax +mov eax, ebx +sar eax, 0x1f +cmp byte [ebp - 0x152], 0 +mov dword [ebp - 0x110], ebx +mov dword [ebp - 0x10c], eax +je short loc_fffcec57 ; je 0xfffcec57 +push edx +push 0xa +push dword [ebp - 0x15c] +push dword [ebp - 0x160] +call dword [ebp - 0x5c] ; ucall +or edx, dword [ebp - 0x10c] +or ebx, eax +mov dword [ebp - 0x110], ebx -loc_fffce45e: ; not directly referenced -cmp byte [ebp - 0x368], 1 -movzx eax, bl -jne short loc_fffce497 ; jne 0xfffce497 -mov esi, dword [ebp - 0x35c] -sub esp, 0xc -mov ecx, 3 -mov edi, dword [ebp - 0x34c] -neg ebx -push eax -mov edx, esi -mov eax, edi -call fcn_fffcfce5 ; call 0xfffcfce5 -movzx eax, bl -mov ecx, 0xc -mov dword [esp], eax -jmp short loc_fffce4c2 ; jmp 0xfffce4c2 +loc_fffcec4e: ; not directly referenced +mov dword [ebp - 0x10c], edx +add esp, 0x10 -loc_fffce497: ; not directly referenced -mov esi, dword [ebp - 0x35c] -sub esp, 0xc -mov ecx, 5 -mov edi, dword [ebp - 0x34c] -neg ebx +loc_fffcec57: ; not directly referenced +cmp dword [ebp - 0x128], 0 +je short loc_fffcec91 ; je 0xfffcec91 +mov ebx, dword [ebp - 0x110] +mov esi, dword [ebp - 0x10c] push eax -mov edx, esi -mov eax, edi -call fcn_fffcfce5 ; call 0xfffcfce5 -movzx eax, bl -mov ecx, 0xa -mov dword [esp], eax +push 3 +mov edi, ebx +and edi, 0x1c00 -loc_fffce4c2: ; not directly referenced -mov edx, esi -mov eax, edi -call fcn_fffcfce5 ; call 0xfffcfce5 +loc_fffcec77: ; not directly referenced +xor edx, edx +push edx +push edi +call dword [ebp - 0x58] ; ucall add esp, 0x10 +xor eax, ebx +xor edx, esi +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx -loc_fffce4ce: ; not directly referenced -movzx ebx, byte [ebp - 0x364] -mov dword [ebp - 0x388], 0 -imul ebx, ebx, 0x24 -add ebx, dword [ebp - 0x3a8] -mov dword [ebp - 0x3c8], ebx +loc_fffcec91: ; not directly referenced +cmp word [ebp - 0x118], 9 +jne short loc_fffcecaf ; jne 0xfffcecaf +push eax +push 1 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +jmp short loc_fffceccb ; jmp 0xfffceccb -loc_fffce4ee: ; not directly referenced -mov al, byte [ebp - 0x388] -cmp byte [ebp - 0x3a4], al -jbe loc_fffce935 ; jbe 0xfffce935 -mov eax, dword [ebp - 0x3cc] -mov edi, dword [ebp - 0x388] -mov bl, byte [eax + edi] -test bl, bl -je loc_fffcdd98 ; je 0xfffcdd98 -movzx eax, bl -mov dword [ebp - 0x378], eax -mov byte [ebp - 0x370], 0 -cmp bl, 0x21 -ja short loc_fffce538 ; ja 0xfffce538 -mov al, byte [eax + ref_fffd5f1c] ; mov al, byte [eax - 0x2a0e4] -mov byte [ebp - 0x370], al +loc_fffcecaf: ; not directly referenced +cmp word [ebp - 0x118], 0xb +jne short loc_fffcecda ; jne 0xfffcecda +push eax +push 1 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x5c] ; ucall -loc_fffce538: ; not directly referenced -mov esi, dword [ebp - 0x34c] -xor ecx, ecx -mov edx, dword [ebp - 0x378] -mov eax, esi -call fcn_fffb13cf ; call 0xfffb13cf -cmp dword [esi + 0x2480], 2 -mov word [ebp - 0x3b8], ax -jne short loc_fffce572 ; jne 0xfffce572 -cmp bl, 0x11 -sete dl -cmp bl, 5 -sete al -or dl, al -jne short loc_fffce5ac ; jne 0xfffce5ac -cmp bl, 0x21 -je short loc_fffce5ac ; je 0xfffce5ac +loc_fffceccb: ; not directly referenced +mov dword [ebp - 0x110], eax +add esp, 0x10 +mov dword [ebp - 0x10c], edx -loc_fffce572: ; not directly referenced -cmp bl, 0x10 -sete dl -cmp bl, 4 -sete al -or dl, al -jne short loc_fffce5b0 ; jne 0xfffce5b0 -cmp bl, 5 -sete dl -cmp bl, 0x20 -sete al -or dl, al -jne short loc_fffce5b0 ; jne 0xfffce5b0 -cmp bl, 0x21 -sete al -cmp bl, 0x11 -sete dl +loc_fffcecda: ; not directly referenced +mov ax, word [ebp - 0x12e] +mov edx, dword [ebp - 0x110] +mov ecx, dword [ebp - 0x10c] +shr ax, 3 +movzx eax, ax or eax, edx -cmp al, 1 -sbb ebx, ebx -and ebx, 0xffffffe9 -add ebx, 0x36 -jmp short loc_fffce5b2 ; jmp 0xfffce5b2 - -loc_fffce5ac: ; not directly referenced -mov bl, 0x25 -jmp short loc_fffce5b2 ; jmp 0xfffce5b2 +mov edi, ecx +mov esi, eax -loc_fffce5b0: ; not directly referenced -mov bl, 0x36 +loc_fffcecfa: ; not directly referenced +mov eax, dword [ebp - 0x140] +mov ebx, dword [ebp + eax*4 - 0x104] +lea eax, [ebp - 0xc4] +mov edx, ebx +call fcn_fffc3aea ; call 0xfffc3aea +mov dword [ebp - 0x110], eax +lea eax, [ebp - 0xc4] +mov dword [ebp - 0x10c], edx +mov edx, ebx +call fcn_fffc3acf ; call 0xfffc3acf +mov ecx, dword [ebp - 0x17c] +or ecx, dword [ebp - 0x178] +and cl, 1 +je short loc_fffced95 ; je 0xfffced95 +cmp edi, edx +ja short loc_fffced8f ; ja 0xfffced8f +jb short loc_fffced48 ; jb 0xfffced48 +cmp esi, eax +jae short loc_fffced8f ; jae 0xfffced8f -loc_fffce5b2: ; not directly referenced -xor eax, eax -mov dl, 1 +loc_fffced48: ; not directly referenced +push eax +push 1 +push edi +push esi +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 9 +push dword [ebp - 0x16c] +push dword [ebp - 0x170] +mov ebx, edx +mov dword [ebp - 0x110], eax +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +mov ecx, eax +mov eax, esi +and eax, 0x1ff +or edx, ebx +or ecx, eax +mov eax, dword [ebp - 0x110] +mov edi, edx +and eax, 0xfffffc00 +or ecx, eax +mov esi, ecx +jmp short loc_fffcedaa ; jmp 0xfffcedaa -loc_fffce5b6: ; not directly referenced -mov esi, dword [ebp - 0x35c] -bt esi, eax -jae short loc_fffce60f ; jae 0xfffce60f -imul esi, eax, 0x13c3 -mov edi, dword [ebp - 0x34c] -mov cl, byte [ebp - 0x34e] -test byte [edi + esi + 0x381a], cl -je short loc_fffce60f ; je 0xfffce60f -cmp byte [ebp - 0x3b5], 2 -ja short loc_fffce5fe ; ja 0xfffce5fe -mov di, word [ebp - 0x3a2] -cmp word [ebp + eax*2 - 0x33a], di -mov edi, 0 -cmovne edx, edi -jmp short loc_fffce60f ; jmp 0xfffce60f +loc_fffced8f: ; not directly referenced +add esi, eax +adc edi, edx +jmp short loc_fffcedaa ; jmp 0xfffcedaa -loc_fffce5fe: ; not directly referenced -cmp word [ebp + eax*2 - 0x33a], 0 -mov edi, 0 -cmove edx, edi +loc_fffced95: ; not directly referenced +cmp dword [ebp - 0x148], 0 +je short loc_fffcedaa ; je 0xfffcedaa +add esi, dword [ebp - 0x110] +adc edi, dword [ebp - 0x10c] -loc_fffce60f: ; not directly referenced -inc eax -cmp eax, 2 -jne short loc_fffce5b6 ; jne 0xfffce5b6 -test dl, dl -jne loc_fffce92e ; jne 0xfffce92e -mov edi, dword [ebp - 0x34c] -mov ecx, dword [ebp - 0x378] -push edx +loc_fffcedaa: ; not directly referenced +mov ebx, dword [ebp - 0x114] +mov eax, ebx +and eax, 3 +cmp eax, dword [ebp - 0x140] +push eax +movzx eax, byte [ebp - 0x150] +push 0x16 +setne byte [ebp - 0x110] +xor edx, edx push edx -mov eax, edi -add eax, 0x2490 -push 0xf -mov edx, eax -push 0 -mov esi, eax -mov dword [ebp - 0x3bc], eax -mov eax, edi -call fcn_fffa7e6c ; call 0xfffa7e6c -add esp, 0x10 -test eax, eax -jne loc_fffceaf5 ; jne 0xfffceaf5 push eax -movzx ebx, bl -mov ecx, dword [ebp - 0x35c] +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 2 +mov dword [ebp - 0x128], eax +mov eax, dword [ebp - 0x150] +mov dword [ebp - 0x118], edx +xor edx, edx +push edx +and eax, 0xff000000 push eax -mov edx, esi -lea eax, [ebp - 0x314] +call dword [ebp - 0x5c] ; ucall +mov ecx, ebx +add esp, 0x10 +shr ecx, 6 +mov dword [ebp - 0x120], ecx +and dword [ebp - 0x120], 1 +cmp dword [ebp - 0x12c], 1 +jne short loc_fffcee22 ; jne 0xfffcee22 +mov ebx, dword [ebp - 0x128] +mov ecx, dword [ebp - 0x118] +jmp short loc_fffcee26 ; jmp 0xfffcee26 + +loc_fffcee22: ; not directly referenced +mov ebx, eax +mov ecx, edx + +loc_fffcee26: ; not directly referenced +cmp dword [ebp - 0x120], 0 +je short loc_fffcee6d ; je 0xfffcee6d +mov ebx, dword [ebp - 0x114] push eax +shr ebx, 7 +and ebx, 7 push ebx -lea eax, [ebp - 0x335] +add ebx, 0x16 +push 0 +push 0x400000 +call dword [ebp - 0x5c] ; ucall +movzx eax, byte [ebp - 0x110] +add esp, 0xc +push ebx +xor edx, edx +push edx push eax -mov eax, edi -push dword [ebp - 0x378] -push 0xff -push dword [ebp - 0x3b0] -call fcn_fffd13ed ; call 0xfffd13ed -add esp, 0x20 -mov dword [ebp - 0x37c], eax -test eax, eax -jne loc_fffceaef ; jne 0xfffceaef -imul eax, dword [ebp - 0x388], 0x90 -mov esi, 0x64 -add eax, dword [ebp - 0x3c8] -mov bl, byte [ebp - 0x370] -lea edi, [ebp - 0x2f2] -mov dword [ebp - 0x364], edi -lea eax, [ebp + eax - 0x258] -mov dword [ebp - 0x384], eax -movzx eax, byte [ebp - 0x3b6] -movzx edi, bl -imul edi, edi, 0x240 -add edi, dword [ebp + 0x18] -add edi, dword [ebp - 0x3c4] -sub esi, eax -mov byte [ebp - 0x380], 1 -mov dword [ebp - 0x3d4], esi -mov dword [ebp - 0x3ac], edi -xor edi, edi - -loc_fffce6fb: ; not directly referenced -imul eax, edi, 0x13c3 -mov esi, dword [ebp - 0x34c] -mov al, byte [esi + eax + 0x381a] -mov esi, dword [ebp - 0x35c] -bt esi, edi -jae loc_fffce8d2 ; jae 0xfffce8d2 -test byte [ebp - 0x34e], al -je loc_fffce8d2 ; je 0xfffce8d2 -mov eax, dword [ebp - 0x34c] -xor ecx, ecx -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x3bf], al - -loc_fffce73d: ; not directly referenced -cmp byte [ebp - 0x3bf], cl -jbe loc_fffce8d2 ; jbe 0xfffce8d2 -mov eax, dword [ebp - 0x3ac] -mov dword [ebp - 0x370], 1 -shl dword [ebp - 0x370], cl -movzx ebx, word [eax + ecx*8 + 4] -movzx edx, word [eax + ecx*8] -mov esi, ebx -lea eax, [ebx + edx] -sub esi, edx -add eax, eax -mov word [ebp - 0x3be], ax -sub eax, esi -add si, word [ebp - 0x3be] -cmp bx, dx -mov ebx, dword [ebp - 0x370] -cmovbe eax, esi -mov si, word [ebp + edi*2 - 0x33a] -and bx, si -mov word [ebp - 0x3be], bx -je short loc_fffce7ae ; je 0xfffce7ae -cmp dword [ebp - 0x354], 0 -je loc_fffce8cc ; je 0xfffce8cc - -loc_fffce7ae: ; not directly referenced -mov edx, eax -mov ebx, 2 -sar dx, 0xf -idiv bx -cmp ax, word [ebp - 0x3b8] -jae short loc_fffce806 ; jae 0xfffce806 -cmp dword [ebp - 0x354], 1 -jne loc_fffce862 ; jne 0xfffce862 -cmp byte [ebp - 0x38d], 0 -mov byte [ebp - 0x380], 0 -jne loc_fffce8cc ; jne 0xfffce8cc -mov ax, word [ebp - 0x3a2] -mov word [ebp + edi*2 - 0x33a], ax -mov al, byte [ebp - 0x38d] -mov byte [ebp - 0x380], al -jmp near loc_fffce8cc ; jmp 0xfffce8cc - -loc_fffce806: ; not directly referenced -cmp byte [ebp - 0x38d], 0 -jne short loc_fffce828 ; jne 0xfffce828 -mov esi, dword [ebp - 0x384] -cmp word [esi + ecx*2], ax -jbe loc_fffce8cc ; jbe 0xfffce8cc -mov word [esi + ecx*2], ax -jmp near loc_fffce8cc ; jmp 0xfffce8cc - -loc_fffce828: ; not directly referenced -movzx eax, ax -mov ebx, 0x64 -mov dword [ebp - 0x3d0], eax -mov eax, dword [ebp - 0x384] -movzx eax, word [eax + ecx*2] -imul eax, dword [ebp - 0x3d4] -cdq -idiv ebx -cmp dword [ebp - 0x3d0], eax -jge short loc_fffce87e ; jge 0xfffce87e -cmp dword [ebp - 0x354], 0 -mov byte [ebp - 0x380], 0 -jne short loc_fffce8cc ; jne 0xfffce8cc - -loc_fffce862: ; not directly referenced -or esi, dword [ebp - 0x370] -mov al, byte [ebp - 0x390] -mov word [ebp + edi*2 - 0x33a], si -mov esi, dword [ebp - 0x364] -jmp short loc_fffce8c9 ; jmp 0xfffce8c9 - -loc_fffce87e: ; not directly referenced -cmp dword [ebp - 0x354], 1 -jne short loc_fffce8b7 ; jne 0xfffce8b7 -mov ebx, dword [ebp - 0x370] -cmp word [ebp - 0x3be], bx -je short loc_fffce8cc ; je 0xfffce8cc -mov al, byte [ebp - 0x34d] -or esi, ebx -mov edx, dword [ebp - 0x364] -sub eax, dword [ebp - 0x350] -mov word [ebp + edi*2 - 0x33a], si -mov byte [edx + ecx], al -jmp short loc_fffce8cc ; jmp 0xfffce8cc +call dword [ebp - 0x5c] ; ucall +mov ecx, eax +mov ebx, edx +or ecx, esi +or ebx, edi +mov eax, ecx +mov edx, ebx +jmp near loc_fffcef2c ; jmp 0xfffcef2c -loc_fffce8b7: ; not directly referenced -mov al, byte [ebp - 0x34d] -mov esi, dword [ebp - 0x364] -sub eax, dword [ebp - 0x350] +loc_fffcee6d: ; not directly referenced +cmp edi, ecx +ja loc_fffcef4c ; ja 0xfffcef4c +jb short loc_fffcee7f ; jb 0xfffcee7f +cmp esi, ebx +jae loc_fffcef4c ; jae 0xfffcef4c -loc_fffce8c9: ; not directly referenced -mov byte [esi + ecx], al +loc_fffcee7f: ; not directly referenced +push ebx +push 1 +push edi +push esi +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +mov dword [ebp - 0x120], eax +mov dword [ebp - 0x11c], edx +test dword [ebp - 0x14c], 0x800000 +je loc_fffcef31 ; je 0xfffcef31 +mov edi, dword [ebp - 0x14c] +push ecx +mov esi, edi +shr esi, 0x15 +and esi, 3 +push esi +push edx +push eax +call dword [ebp - 0x58] ; ucall +mov edx, dword [ebp - 0x11c] +add esp, 0xc +push esi +push 0 +push 1 +mov ebx, eax +mov eax, dword [ebp - 0x120] +and ebx, 1 +mov dword [ebp - 0x120], edx +or ebx, eax +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +xor ecx, ecx +not eax +not edx +and dword [ebp - 0x120], edx +mov edx, edi +and ebx, eax +and dx, 0x3fff +and edx, ebx +xor eax, eax +movzx edx, dx -loc_fffce8cc: ; not directly referenced +loc_fffceefe: ; not directly referenced +mov edi, edx +sar edi, cl inc ecx -jmp near loc_fffce73d ; jmp 0xfffce73d +xor eax, edi +cmp ecx, 0xe +jne short loc_fffceefe ; jne 0xfffceefe +xor eax, dword [ebp - 0x110] +xor edx, edx +push edi +push esi +and eax, 1 +push edx +push eax +call dword [ebp - 0x5c] ; ucall +mov esi, edx +mov ecx, eax +or esi, dword [ebp - 0x120] +or ecx, ebx +mov eax, ecx +mov edx, esi -loc_fffce8d2: ; not directly referenced -inc edi -add dword [ebp - 0x384], 0x12 -add dword [ebp - 0x364], 9 -add dword [ebp - 0x3ac], 0x48 -cmp edi, 2 -jne loc_fffce6fb ; jne 0xfffce6fb -cmp byte [ebp - 0x380], 0 -je short loc_fffce923 ; je 0xfffce923 -sub esp, 0xc -mov ecx, dword [ebp - 0x378] -push dword [ebp - 0x3b0] -mov edx, dword [ebp - 0x3bc] -mov eax, dword [ebp - 0x34c] -call fcn_fffa7d98 ; call 0xfffa7d98 +loc_fffcef2c: ; not directly referenced add esp, 0x10 -mov dword [ebp - 0x37c], eax +jmp short loc_fffcef65 ; jmp 0xfffcef65 -loc_fffce923: ; not directly referenced -inc dword [ebp - 0x388] -jmp near loc_fffce4ee ; jmp 0xfffce4ee +loc_fffcef31: ; not directly referenced +movzx ecx, byte [ebp - 0x110] +mov ebx, dword [ebp - 0x120] +mov esi, dword [ebp - 0x11c] +or ecx, ebx +mov eax, ecx +mov edx, esi +jmp short loc_fffcef65 ; jmp 0xfffcef65 -loc_fffce92e: ; not directly referenced -mov byte [ebp - 0x360], 1 +loc_fffcef4c: ; not directly referenced +cmp dword [ebp - 0x12c], 1 +jne short loc_fffcef61 ; jne 0xfffcef61 +mov eax, dword [ebp - 0x128] +mov edx, dword [ebp - 0x118] -loc_fffce935: ; not directly referenced -cmp dword [ebp - 0x354], 0 -je short loc_fffce965 ; je 0xfffce965 -mov edx, dword [ebp - 0x39c] -lea ecx, [ebp - 0x33c] -mov eax, dword [ebp - 0x34c] -mov byte [ebp - 0x33c], 0 -mov byte [ebp - 0x33b], 0 -call fcn_fffcd955 ; call 0xfffcd955 -jmp short loc_fffce984 ; jmp 0xfffce984 +loc_fffcef61: ; not directly referenced +add eax, esi +adc edx, edi -loc_fffce965: ; not directly referenced -mov ecx, dword [ebp - 0x39c] -sub esp, 0xc -mov edx, dword [ebp - 0x35c] -mov eax, dword [ebp - 0x34c] -push 0 -call fcn_fffcfce5 ; call 0xfffcfce5 +loc_fffcef65: ; not directly referenced +mov edi, dword [ebp - 0x180] +push ecx +push 6 +push edx +and edi, 0xfff00000 +mov dword [ebp - 0x110], edi +mov edi, dword [ebp - 0x184] +push eax +and edi, 0x7f +mov dword [ebp - 0x10c], edi +mov edi, dword [ebp - 0x188] +or edi, 0xfffff +mov dword [ebp - 0x120], edi +mov edi, dword [ebp - 0x18c] +and edi, 0x7f +mov dword [ebp - 0x11c], edi +mov edi, 1 +call dword [ebp - 0x5c] ; ucall add esp, 0x10 +cmp edx, dword [ebp - 0x10c] +ja short loc_fffcefcb ; ja 0xfffcefcb +jb short loc_fffcefc9 ; jb 0xfffcefc9 +cmp eax, dword [ebp - 0x110] +jae short loc_fffcefcb ; jae 0xfffcefcb -loc_fffce984: ; not directly referenced -inc dword [ebp - 0x394] -jmp near loc_fffce1b1 ; jmp 0xfffce1b1 - -loc_fffce98f: ; not directly referenced -mov byte [ebp - 0x360], 0 -jmp near loc_fffce1d5 ; jmp 0xfffce1d5 +loc_fffcefc9: ; not directly referenced +xor edi, edi -loc_fffce99b: ; not directly referenced -add dword [ebp - 0x3a8], 0x48 -cmp byte [ebp - 0x360], 0 -jne loc_fffce1e2 ; jne 0xfffce1e2 -mov dword [ebp - 0x368], 1 -jmp near loc_fffce14c ; jmp 0xfffce14c +loc_fffcefcb: ; not directly referenced +mov esi, 1 +cmp edx, dword [ebp - 0x11c] +jb short loc_fffcefe4 ; jb 0xfffcefe4 +ja short loc_fffcefe2 ; ja 0xfffcefe2 +cmp eax, dword [ebp - 0x120] +jbe short loc_fffcefe4 ; jbe 0xfffcefe4 -loc_fffce9be: ; not directly referenced -movzx eax, byte [ebp - 0x38e] +loc_fffcefe2: ; not directly referenced xor esi, esi -mov dword [ebp - 0x35c], eax -loc_fffce9cd: ; not directly referenced -mov eax, dword [ebp - 0x3a0] -bt eax, esi -jae loc_fffceae5 ; jae 0xfffceae5 -imul eax, esi, 0x13c3 -mov edi, dword [ebp - 0x34c] -mov bl, byte [ebp - 0x34e] -and bl, byte [edi + eax + 0x381a] -mov byte [ebp - 0x354], bl -je loc_fffceae5 ; je 0xfffceae5 -movzx ebx, byte [ebp - 0x36c] -lea edi, [esi + esi*8] -lea eax, [ebp - 0x18] -mov byte [ebp - 0x34d], 0 -add edi, eax +loc_fffcefe4: ; not directly referenced +mov ecx, dword [ebp + 0xc] +and edi, esi +mov ebx, edi +movzx edi, bl +mov dword [ecx], eax +mov dword [ecx + 4], edx +test edi, edi +jne loc_fffcf084 ; jne 0xfffcf084 +mov esi, dword [ebp - 0x10c] +cmp dword [ebp - 0x11c], esi +jb short loc_fffcf084 ; jb 0xfffcf084 +ja short loc_fffcf019 ; ja 0xfffcf019 +mov esi, dword [ebp - 0x110] +cmp dword [ebp - 0x120], esi +jbe short loc_fffcf084 ; jbe 0xfffcf084 -loc_fffcea17: ; not directly referenced -mov ecx, dword [ebp - 0x34c] -mov al, byte [ebp - 0x34d] -cmp al, byte [ecx + 0x2488] -jae loc_fffceab4 ; jae 0xfffceab4 -cmp byte [ebp - 0x358], 1 -jne short loc_fffcea4e ; jne 0xfffcea4e -movzx eax, byte [ebp - 0x34d] -movzx eax, byte [eax + edi - 0x2da] -cmp bl, al -cmovg ebx, eax -jmp short loc_fffcea6b ; jmp 0xfffcea6b +loc_fffcf019: ; not directly referenced +mov esi, dword [ebp - 0x168] +xor ebx, ebx +mov dword [ebp - 0x124], ebx +and esi, 0xfff00000 +mov ecx, esi +add ecx, dword [ebp - 0x120] +adc ebx, dword [ebp - 0x11c] +sub ecx, dword [ebp - 0x110] +sbb ebx, dword [ebp - 0x10c] +mov dword [ebp - 0x128], esi +cmp edx, ebx +ja short loc_fffcf084 ; ja 0xfffcf084 +jb short loc_fffcf057 ; jb 0xfffcf057 +cmp eax, ecx +ja short loc_fffcf084 ; ja 0xfffcf084 -loc_fffcea4e: ; not directly referenced -cmp byte [ebp - 0x358], 0xff -jne short loc_fffcea6b ; jne 0xfffcea6b -movzx eax, byte [ebp - 0x34d] -movzx eax, byte [eax + edi - 0x2da] -cmp bl, al -cmovl ebx, eax +loc_fffcf057: ; not directly referenced +cmp edx, 0 +ja short loc_fffcf060 ; ja 0xfffcf060 +cmp eax, esi +jb short loc_fffcf084 ; jb 0xfffcf084 -loc_fffcea6b: ; not directly referenced -cmp dword [ebp - 0x38c], 0 -je short loc_fffceaa9 ; je 0xfffceaa9 -movzx eax, byte [ebp - 0x354] -sub esp, 0xc -mov edx, esi -movzx ecx, byte [ebp - 0x34d] -push eax -push 1 -push 1 -movzx eax, byte [ecx + edi - 0x2da] -push eax -mov eax, dword [ebp - 0x34c] -push dword [ebp - 0x35c] -call fcn_fffb579d ; call 0xfffb579d -add esp, 0x20 +loc_fffcf060: ; not directly referenced +mov ecx, dword [ebp - 0x110] +sub ecx, dword [ebp - 0x128] +mov ebx, dword [ebp - 0x10c] +sbb ebx, dword [ebp - 0x124] +add ecx, eax +mov eax, dword [ebp + 0xc] +adc ebx, edx +mov dword [eax], ecx +mov dword [eax + 4], ebx -loc_fffceaa9: ; not directly referenced -inc byte [ebp - 0x34d] -jmp near loc_fffcea17 ; jmp 0xfffcea17 +loc_fffcf084: ; not directly referenced +cmp dword [ebp - 0x12c], 1 +jne loc_fffcf17d ; jne 0xfffcf17d +lea ebx, [ebp - 0xe8] +lea esi, [ebp - 0xc8] -loc_fffceab4: ; not directly referenced -cmp dword [ebp - 0x38c], 0 -jne short loc_fffceae5 ; jne 0xfffceae5 -movzx eax, byte [ebp - 0x354] -sub esp, 0xc -xor ecx, ecx -mov edx, esi +loc_fffcf09d: ; not directly referenced push eax -mov eax, dword [ebp - 0x34c] -push 1 -push 1 -push ebx -push dword [ebp - 0x35c] -call fcn_fffb579d ; call 0xfffb579d -add esp, 0x20 - -loc_fffceae5: ; not directly referenced -inc esi -cmp esi, 2 -jne loc_fffce9cd ; jne 0xfffce9cd - -loc_fffceaef: ; not directly referenced -mov eax, dword [ebp - 0x37c] - -loc_fffceaf5: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffceafd: ; not directly referenced -push ebp -mov ebp, esp +mov eax, dword [ebp + 0xc] +mov edx, dword [eax + 4] +mov eax, dword [eax] +push dword [ebx + 4] +push dword [ebx] +mov ecx, edx +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +mov edx, eax push edi -push esi -push ebx -xor ebx, ebx -sub esp, 0x2c -mov eax, dword [ebp + 8] -mov byte [ebp - 0x1c], 4 -mov byte [ebp - 0x1b], 1 -mov byte [ebp - 0x1a], 5 -mov eax, dword [eax + 0x5edc] -mov byte [ebp - 0x19], 2 -mov byte [ebp - 0x22], 4 -mov byte [ebp - 0x21], 1 -lea edx, [eax + 0x1c] -xor eax, eax -mov byte [ebp - 0x20], 5 -mov byte [ebp - 0x1f], 2 -mov byte [ebp - 0x1e], 0xf9 -mov byte [ebp - 0x1d], 7 -mov dword [ebp - 0x30], 0 -mov dword [ebp - 0x2c], 0 - -loc_fffceb4c: ; not directly referenced -mov edi, dword [ebp + 8] -mov cl, byte [edi + eax + 0x381a] -test cl, cl -je short loc_fffcebb4 ; je 0xfffcebb4 -cmp dword [ebp - 0x2c], 0 -mov ebx, 1 -jne short loc_fffceb72 ; jne 0xfffceb72 -xor ebx, ebx -cmp dword [edi + eax + 0x3816], 2 -sete bl - -loc_fffceb72: ; not directly referenced -cmp dword [ebp - 0x30], 0 -mov edi, 1 -mov dword [ebp - 0x2c], ebx -jne short loc_fffceb99 ; jne 0xfffceb99 -mov esi, ecx -and esi, 0xc -mov ebx, esi -cmp bl, 0xc -je short loc_fffceb99 ; je 0xfffceb99 -and ecx, 3 +lea eax, [ebp - 0xc4] +call fcn_fffb6511 ; call 0xfffb6511 +add esp, 0x10 +test eax, eax +jne loc_fffce576 ; jne 0xfffce576 +add ebx, 8 +cmp ebx, esi +jne short loc_fffcf09d ; jne 0xfffcf09d +movzx eax, byte [ebp - 0x151] xor ebx, ebx -cmp cl, 3 -sete bl -mov edi, ebx - -loc_fffceb99: ; not directly referenced -movzx ecx, byte [edx + 0xa5] -mov bl, byte [edx + 0xa4] -mov dword [ebp - 0x30], edi -and ecx, 3 -shr bl, 6 -shl ecx, 2 -or ebx, ecx +mov dword [ebp - 0x110], eax +movzx eax, word [ebp - 0x130] +mov dword [ebp - 0x120], eax -loc_fffcebb4: ; not directly referenced -add eax, 0x13c3 -add edx, 0xcc -cmp eax, 0x2786 -jne short loc_fffceb4c ; jne 0xfffceb4c -mov eax, dword [ebp + 8] -mov edx, 1 -lea edi, [ebp - 0x1e] -call fcn_fffb0b30 ; call 0xfffb0b30 -mov eax, dword [ebp + 8] -mov edx, 0xa -lea esi, [eax + 0x2490] -push ecx +loc_fffcf0f5: ; not directly referenced +mov edi, dword [ebp + ebx*2 - 0xe4] +mov esi, dword [ebp + ebx*2 - 0xe8] push ecx -push 1 -push 0xf -push 0 -push 2 -push edi -push esi -push 0xc -push 3 -push 0 -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 -mov eax, dword [ebp + 8] -push 1 -mov edx, 0xb -push 0xf -push 0 -push 2 +push 0x3f push edi push esi -push 0xc -push 0 -push 0xfffffffffffffffe -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 -cmp dword [ebp - 0x2c], 0 -je short loc_fffceca9 ; je 0xfffceca9 -push edx -mov eax, dword [ebp + 8] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +test al, 1 +je short loc_fffcf171 ; je 0xfffcf171 +sub esp, 0xc +mov ecx, dword [ebp - 0x144] +push dword [ebp - 0x114] +push dword [ebp + ebx - 0xf8] +push dword [ebp - 0x174] +push dword [ebp - 0x120] +push dword [ebp - 0x138] +mov edx, dword [ebp - 0x110] +mov eax, dword [ebp - 0x140] +call fcn_fffce2bd ; call 0xfffce2bd +add esp, 0x20 +test eax, eax +je short loc_fffcf171 ; je 0xfffcf171 +mov edx, dword [ebp + 0xc] +mov eax, esi +and eax, 0xffffffc0 +mov dword [edx], eax +mov eax, edi +and eax, 0x7f +mov dword [edx + 4], eax push edx -mov edx, 1 -push 0 -push 0xf -push 0 -push 2 -push edi -push esi -push 0xc -push 7 -push 6 -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 -mov eax, dword [ebp + 8] -push 0 -mov edx, 3 -push 0xf -push 0 -push 2 -push edi -push esi -push 0xc -push 8 -push 7 -push 2 -lea ecx, [ebp - 0x20] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 -mov edx, 7 -push 0 -push 0xf -push 0 -push 2 +push 0x3e push edi push esi -lea eax, [ebx + 1] -push 0xc -movsx eax, al -push eax -lea eax, [ebx - 1] -movsx eax, al -push eax -mov eax, dword [ebp + 8] -push 4 -lea ecx, [ebp - 0x1c] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +jmp short loc_fffcf17d ; jmp 0xfffcf17d -loc_fffceca9: ; not directly referenced -cmp dword [ebp - 0x30], 0 -je short loc_fffced28 ; je 0xfffced28 -push eax +loc_fffcf171: ; not directly referenced +add ebx, 4 +cmp ebx, 0x10 +jne loc_fffcf0f5 ; jne 0xfffcf0f5 + +loc_fffcf17d: ; not directly referenced +mov eax, dword [ebp + 0xc] xor edx, edx +mov ebx, dword [eax] +mov esi, dword [eax + 4] push eax -mov eax, dword [ebp + 8] -push 0 -push 0xf -push 0 -push 2 -lea edi, [ebp - 0x1e] -push edi -push esi -push 0xc -push 7 -push 6 -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 -mov eax, dword [ebp + 8] -push 0 -mov edx, 2 -push 0xf -push 0 -push 2 -push edi -push esi -push 0xc -push 8 -push 7 -push 2 -lea ecx, [ebp - 0x20] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 -mov edx, 6 -push 0 -push 0xf -push 0 -push 2 -push edi -push esi -lea eax, [ebx + 1] -dec ebx -push 0xc -movsx eax, al -push eax -mov eax, dword [ebp + 8] -movsx ebx, bl -push ebx -push 4 -lea ecx, [ebp - 0x1c] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 - -loc_fffced28: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffced30: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -xor ebx, ebx -sub esp, 0x3c -mov edi, dword [ebp + 8] -mov byte [ebp - 0x1a], 1 -mov byte [ebp - 0x19], 0x19 -mov dword [ebp - 0x38], 0 -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x30], eax - -loc_fffced56: ; not directly referenced -mov esi, 1 -mov cl, bl -shl esi, cl -mov eax, esi -test byte [edi + 0x248d], al -je loc_fffcee06 ; je 0xfffcee06 -test byte [edi + 0x381a], al -je short loc_fffced95 ; je 0xfffced95 -mov cl, byte [edi + ebx + 0x4767] -mov dl, 0xf -movsx eax, byte [edi + ebx + 0x476b] -cmp cl, 0xf -cmovbe edx, ecx -mov cl, al -mov byte [ebp - 0x29], dl -sub ecx, edx -jmp short loc_fffced9d ; jmp 0xfffced9d - -loc_fffced95: ; not directly referenced -mov byte [ebp - 0x29], 0xf -xor eax, eax -xor ecx, ecx - -loc_fffced9d: ; not directly referenced -mov edx, esi -test byte [edi + 0x4bdd], dl -je short loc_fffcedc7 ; je 0xfffcedc7 -movsx ecx, byte [edi + ebx + 0x5b2e] -mov dl, byte [ebp - 0x29] -cmp al, cl -cmovb eax, ecx -mov cl, byte [edi + ebx + 0x5b2a] -cmp dl, cl -cmova edx, ecx -mov cl, al -sub ecx, edx - -loc_fffcedc7: ; not directly referenced -mov dl, 0 -test cl, cl -cmovs ecx, edx -push edx -movzx ecx, cl -push edx -push 0 -push esi -push ebx -push 1 -lea esi, [ebp - 0x19] -push esi -lea edx, [edi + 0x2490] +movzx eax, word [ebp - 0x12e] +push 3 push edx -mov edx, 0xc -push 0xa push eax -mov eax, edi -push ecx -push 1 -lea ecx, [ebp - 0x1a] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 -mov dword [ebp - 0x38], eax -dec eax -je loc_fffcef18 ; je 0xfffcef18 - -loc_fffcee06: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffced56 ; jne 0xfffced56 -mov esi, dword [ebp - 0x30] -lea ebx, [edi + 0x3756] -mov dword [ebp - 0x34], 0 -add esi, 0x1c - -loc_fffcee23: ; not directly referenced -cmp dword [ebx], 2 -je short loc_fffcee45 ; je 0xfffcee45 - -loc_fffcee28: ; not directly referenced -inc dword [ebp - 0x34] -add ebx, 0x13c3 -add esi, 0xcc -cmp dword [ebp - 0x34], 2 -jne short loc_fffcee23 ; jne 0xfffcee23 -mov eax, dword [ebp - 0x38] -jmp near loc_fffcef1d ; jmp 0xfffcef1d - -loc_fffcee45: ; not directly referenced -mov al, byte [esi + 0xa1] -movzx edx, byte [esi + 0xa2] -mov byte [ebp - 0x29], 0 -shr al, 7 -and edx, 7 -movzx eax, al -add edx, edx -or edx, eax -mov al, byte [esi + 0xa2] -shr al, 3 -and eax, 0xf -cmp al, dl -cmovb eax, edx -xor edx, edx -lea eax, [eax + eax - 8] -test al, al -cmovns edx, eax -mov al, byte [ebx + 0xc4] -xor ecx, ecx -mov byte [ebp - 0x2a], dl -mov byte [ebp - 0x30], al - -loc_fffcee8d: ; not directly referenced -mov edx, 1 -shl edx, cl -test byte [ebp - 0x30], dl -je short loc_fffceeab ; je 0xfffceeab -mov al, byte [ebp - 0x29] -mov dl, byte [ebx + ecx + 0x1015] -cmp al, dl -cmovb eax, edx -mov byte [ebp - 0x29], al - -loc_fffceeab: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffcee8d ; jne 0xfffcee8d -mov al, byte [ebp - 0x29] -sub al, byte [ebp - 0x2a] -mov dword [ebp - 0x30], 0 -movzx eax, al -mov dword [ebp - 0x3c], eax - -loc_fffceec4: ; not directly referenced -mov cl, byte [ebp - 0x30] +call dword [ebp - 0x5c] ; ucall +mov edi, dword [ebp + 0xc] +add esp, 0x10 +mov dword [edi + 4], esi +and eax, 0x3f +or eax, ebx +mov dword [edi], eax mov eax, 1 -shl eax, cl -test byte [ebx + 0xc4], al -je short loc_fffcef0a ; je 0xfffcef0a -mov ecx, dword [ebp - 0x30] -mov dl, byte [ebp - 0x29] -sub dl, byte [ebx + ecx + 0x1015] -movsx ecx, byte [ebp - 0x2a] -movzx edx, dl -cmp edx, ecx -jle short loc_fffcef0a ; jle 0xfffcef0a -sub esp, 0xc -mov edx, dword [ebp - 0x34] -xor ecx, ecx -push eax -mov eax, edi -push 0 -push 1 -push dword [ebp - 0x3c] -push 0xc -call fcn_fffb579d ; call 0xfffb579d -add esp, 0x20 -loc_fffcef0a: ; not directly referenced -inc dword [ebp - 0x30] -cmp dword [ebp - 0x30], 4 -jne short loc_fffceec4 ; jne 0xfffceec4 -jmp near loc_fffcee28 ; jmp 0xfffcee28 - -loc_fffcef18: ; not directly referenced -mov eax, 0x19 - -loc_fffcef1d: ; not directly referenced +loc_fffcf1ab: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -62964,7 +63173,7 @@ pop edi pop ebp ret -fcn_fffcef25: ; not directly referenced +fcn_fffcf1b3: ; not directly referenced push ebp mov ebp, esp push edi @@ -62976,7 +63185,7 @@ mov al, byte [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x18] mov byte [ebp - 0x41], dl -mov edx, dword [esi + 0x2443] +mov edx, dword [esi + 0x2444] push 0 push 2 mov byte [ebp - 0x33], al @@ -63000,36 +63209,36 @@ add esp, 0x10 mov ecx, dword [ebp - 0x30] cmp dword [esi + 0x188b], 1 mov dword [ebp - 0x2c], 0 -jne short loc_fffcefbc ; jne 0xfffcefbc +jne short loc_fffcf24a ; jne 0xfffcf24a xor eax, eax -cmp dword [esi + 0x2480], 3 +cmp dword [esi + 0x2481], 3 sete al mov dword [ebp - 0x2c], eax -jne short loc_fffcefbc ; jne 0xfffcefbc +jne short loc_fffcf24a ; jne 0xfffcf24a test bl, bl -je short loc_fffcefa2 ; je 0xfffcefa2 +je short loc_fffcf230 ; je 0xfffcf230 mov eax, dword [ebp + 0x10] -jmp short loc_fffcefa5 ; jmp 0xfffcefa5 +jmp short loc_fffcf233 ; jmp 0xfffcf233 -loc_fffcefa2: ; not directly referenced +loc_fffcf230: ; not directly referenced mov eax, dword [ebp + 0x14] -loc_fffcefa5: ; not directly referenced +loc_fffcf233: ; not directly referenced mov al, byte [eax] mov byte [ebp - 0x21], al test bl, bl -jne short loc_fffcefb3 ; jne 0xfffcefb3 +jne short loc_fffcf241 ; jne 0xfffcf241 mov eax, dword [ebp + 0x14] -jmp short loc_fffcefb6 ; jmp 0xfffcefb6 +jmp short loc_fffcf244 ; jmp 0xfffcf244 -loc_fffcefb3: ; not directly referenced +loc_fffcf241: ; not directly referenced mov eax, dword [ebp + 0x10] -loc_fffcefb6: ; not directly referenced +loc_fffcf244: ; not directly referenced mov al, byte [eax + 1] mov byte [ebp - 0x20], al -loc_fffcefbc: ; not directly referenced +loc_fffcf24a: ; not directly referenced movzx eax, cl mov dword [ebp - 0x38], eax sar eax, 1 @@ -63043,21 +63252,21 @@ mov dword [ebp - 0x48], eax movzx eax, byte [ebp - 0x41] mov dword [ebp - 0x3c], eax -loc_fffcefe2: ; not directly referenced +loc_fffcf270: ; not directly referenced xor edi, edi -loc_fffcefe4: ; not directly referenced +loc_fffcf272: ; not directly referenced mov eax, dword [ebp - 0x38] bt eax, edi -jb short loc_fffceff4 ; jb 0xfffceff4 +jb short loc_fffcf282 ; jb 0xfffcf282 -loc_fffcefec: ; not directly referenced +loc_fffcf27a: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffcefe4 ; jne 0xfffcefe4 -jmp short loc_fffcf061 ; jmp 0xfffcf061 +jne short loc_fffcf272 ; jne 0xfffcf272 +jmp short loc_fffcf2ef ; jmp 0xfffcf2ef -loc_fffceff4: ; not directly referenced +loc_fffcf282: ; not directly referenced mov eax, dword [ebp + 0x14] mov bl, byte [ebp - 0x33] movzx edx, byte [eax + edi] @@ -63068,9 +63277,9 @@ imul edx, edi, 0x13c3 add eax, dword [ebp - 0x48] sar eax, 1 mov byte [ebp + edi - 0x23], al -and bl, byte [esi + edx + 0x381a] +and bl, byte [esi + edx + 0x381b] test byte [ebp - 0x34], 1 -je short loc_fffcf03d ; je 0xfffcf03d +je short loc_fffcf2cb ; je 0xfffcf2cb push edx movzx eax, al push 0 @@ -63081,12 +63290,12 @@ push eax push dword [ebp - 0x3c] push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffcf03d: ; not directly referenced +loc_fffcf2cb: ; not directly referenced cmp dword [ebp - 0x30], 0 -je short loc_fffcefec ; je 0xfffcefec +je short loc_fffcf27a ; je 0xfffcf27a push eax movzx eax, byte [ebp + edi - 0x23] movzx ebx, bl @@ -63097,24 +63306,24 @@ push ebx push dword [ebp - 0x3c] push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -jmp short loc_fffcefec ; jmp 0xfffcefec +jmp short loc_fffcf27a ; jmp 0xfffcf27a -loc_fffcf061: ; not directly referenced +loc_fffcf2ef: ; not directly referenced cmp dword [ebp - 0x2c], 0 -jne short loc_fffcf073 ; jne 0xfffcf073 +jne short loc_fffcf301 ; jne 0xfffcf301 sub esp, 0xc push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -loc_fffcf073: ; not directly referenced +loc_fffcf301: ; not directly referenced xor ebx, ebx mov byte [ebp - 0x31], 0 lea edi, [ebp - 0x1f] -loc_fffcf07c: ; not directly referenced +loc_fffcf30a: ; not directly referenced mov eax, dword [ebp + 0x1c] push 0 push 0 @@ -63125,59 +63334,59 @@ push eax push 0 push 2 push esi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x1c -movzx ecx, byte [esi + 0x248b] +movzx ecx, byte [esi + 0x248c] mov edx, dword [ebp - 0x38] mov eax, esi push 0 push 1 push edi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 or byte [ebp - 0x31], al mov al, byte [ebp - 0x32] cmp byte [ebp - 0x31], al -jne short loc_fffcf0da ; jne 0xfffcf0da +jne short loc_fffcf368 ; jne 0xfffcf368 -loc_fffcf0bd: ; not directly referenced +loc_fffcf34b: ; not directly referenced cmp byte [ebp - 0x31], 0 setne al test byte [ebp - 0x2c], al -je loc_fffcf154 ; je 0xfffcf154 +je loc_fffcf3e2 ; je 0xfffcf3e2 mov al, byte [ebp - 0x34] xor edi, edi and eax, 1 mov byte [ebp - 0x43], al -jmp short loc_fffcf0e2 ; jmp 0xfffcf0e2 +jmp short loc_fffcf370 ; jmp 0xfffcf370 -loc_fffcf0da: ; not directly referenced +loc_fffcf368: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffcf07c ; jne 0xfffcf07c -jmp short loc_fffcf0bd ; jmp 0xfffcf0bd +jne short loc_fffcf30a ; jne 0xfffcf30a +jmp short loc_fffcf34b ; jmp 0xfffcf34b -loc_fffcf0e2: ; not directly referenced +loc_fffcf370: ; not directly referenced mov eax, dword [ebp - 0x38] bt eax, edi -jb short loc_fffcf0fe ; jb 0xfffcf0fe +jb short loc_fffcf38c ; jb 0xfffcf38c -loc_fffcf0ea: ; not directly referenced +loc_fffcf378: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffcf0e2 ; jne 0xfffcf0e2 +jne short loc_fffcf370 ; jne 0xfffcf370 sub esp, 0xc push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp short loc_fffcf154 ; jmp 0xfffcf154 +jmp short loc_fffcf3e2 ; jmp 0xfffcf3e2 -loc_fffcf0fe: ; not directly referenced +loc_fffcf38c: ; not directly referenced imul edx, edi, 0x13c3 mov bl, byte [ebp - 0x33] -and bl, byte [esi + edx + 0x381a] +and bl, byte [esi + edx + 0x381b] cmp byte [ebp - 0x43], 0 -je short loc_fffcf130 ; je 0xfffcf130 +je short loc_fffcf3be ; je 0xfffcf3be movzx edx, byte [ebp + edi - 0x21] push eax push 0 @@ -63188,12 +63397,12 @@ push edx push dword [ebp - 0x3c] push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffcf130: ; not directly referenced +loc_fffcf3be: ; not directly referenced cmp dword [ebp - 0x30], 0 -je short loc_fffcf0ea ; je 0xfffcf0ea +je short loc_fffcf378 ; je 0xfffcf378 movzx edx, byte [ebp + edi - 0x21] movzx ebx, bl push ecx @@ -63204,78 +63413,78 @@ push ebx push dword [ebp - 0x3c] push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -jmp short loc_fffcf0ea ; jmp 0xfffcf0ea +jmp short loc_fffcf378 ; jmp 0xfffcf378 -loc_fffcf154: ; not directly referenced +loc_fffcf3e2: ; not directly referenced xor ecx, ecx mov eax, 1 -loc_fffcf15b: ; not directly referenced +loc_fffcf3e9: ; not directly referenced mov edx, eax shl edx, cl test byte [ebp - 0x32], dl -je short loc_fffcf1a4 ; je 0xfffcf1a4 +je short loc_fffcf432 ; je 0xfffcf432 mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] mov bl, byte [ebx + ecx] cmp byte [edi + ecx], bl -jbe short loc_fffcf1a4 ; jbe 0xfffcf1a4 +jbe short loc_fffcf432 ; jbe 0xfffcf432 and dl, byte [ebp - 0x31] cmp byte [ebp - 0x42], 0 -je short loc_fffcf18d ; je 0xfffcf18d +je short loc_fffcf41b ; je 0xfffcf41b test dl, dl mov dl, byte [ebp + ecx - 0x23] -je short loc_fffcf188 ; je 0xfffcf188 +je short loc_fffcf416 ; je 0xfffcf416 dec edx mov ebx, edi -jmp short loc_fffcf1a1 ; jmp 0xfffcf1a1 +jmp short loc_fffcf42f ; jmp 0xfffcf42f -loc_fffcf188: ; not directly referenced +loc_fffcf416: ; not directly referenced mov ebx, dword [ebp + 0x10] -jmp short loc_fffcf1a1 ; jmp 0xfffcf1a1 +jmp short loc_fffcf42f ; jmp 0xfffcf42f -loc_fffcf18d: ; not directly referenced +loc_fffcf41b: ; not directly referenced test dl, dl mov dl, byte [ebp + ecx - 0x23] -je short loc_fffcf19e ; je 0xfffcf19e +je short loc_fffcf42c ; je 0xfffcf42c mov edi, dword [ebp + 0x10] inc edx mov byte [edi + ecx], dl -jmp short loc_fffcf1a4 ; jmp 0xfffcf1a4 +jmp short loc_fffcf432 ; jmp 0xfffcf432 -loc_fffcf19e: ; not directly referenced +loc_fffcf42c: ; not directly referenced mov ebx, dword [ebp + 0x14] -loc_fffcf1a1: ; not directly referenced +loc_fffcf42f: ; not directly referenced mov byte [ebx + ecx], dl -loc_fffcf1a4: ; not directly referenced +loc_fffcf432: ; not directly referenced inc ecx cmp ecx, 2 -jne short loc_fffcf15b ; jne 0xfffcf15b +jne short loc_fffcf3e9 ; jne 0xfffcf3e9 mov al, 1 test byte [ebp - 0x32], 1 -je short loc_fffcf1bf ; je 0xfffcf1bf +je short loc_fffcf44d ; je 0xfffcf44d mov eax, dword [ebp + 0x10] mov ecx, dword [ebp + 0x14] mov al, byte [eax] cmp byte [ecx], al setbe al -loc_fffcf1bf: ; not directly referenced +loc_fffcf44d: ; not directly referenced cmp dword [ebp - 0x40], 0 -je short loc_fffcf1d7 ; je 0xfffcf1d7 +je short loc_fffcf465 ; je 0xfffcf465 mov ecx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] mov cl, byte [ecx + 1] cmp byte [edi + 1], cl -ja loc_fffcefe2 ; ja 0xfffcefe2 +ja loc_fffcf270 ; ja 0xfffcf270 -loc_fffcf1d7: ; not directly referenced +loc_fffcf465: ; not directly referenced test al, al -je loc_fffcefe2 ; je 0xfffcefe2 +je loc_fffcf270 ; je 0xfffcf270 push 0 xor edi, edi push 0 @@ -63285,15 +63494,15 @@ push 0 push 0 push 2 push esi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x20 cmp dword [ebp - 0x2c], 0 -jne short loc_fffcf20f ; jne 0xfffcf20f +jne short loc_fffcf49d ; jne 0xfffcf49d -loc_fffcf1fe: ; not directly referenced +loc_fffcf48c: ; not directly referenced sub esp, 0xc push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d lea esp, [ebp - 0xc] pop ebx pop esi @@ -63301,30 +63510,30 @@ pop edi pop ebp ret -loc_fffcf20f: ; not directly referenced +loc_fffcf49d: ; not directly referenced mov al, byte [ebp - 0x34] and eax, 1 mov byte [ebp - 0x31], al movzx eax, byte [ebp - 0x41] mov dword [ebp - 0x2c], eax -loc_fffcf21f: ; not directly referenced +loc_fffcf4ad: ; not directly referenced mov eax, dword [ebp - 0x38] bt eax, edi -jb short loc_fffcf22f ; jb 0xfffcf22f +jb short loc_fffcf4bd ; jb 0xfffcf4bd -loc_fffcf227: ; not directly referenced +loc_fffcf4b5: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffcf21f ; jne 0xfffcf21f -jmp short loc_fffcf1fe ; jmp 0xfffcf1fe +jne short loc_fffcf4ad ; jne 0xfffcf4ad +jmp short loc_fffcf48c ; jmp 0xfffcf48c -loc_fffcf22f: ; not directly referenced +loc_fffcf4bd: ; not directly referenced imul edx, edi, 0x13c3 mov bl, byte [ebp - 0x33] -and bl, byte [esi + edx + 0x381a] +and bl, byte [esi + edx + 0x381b] cmp byte [ebp - 0x31], 0 -je short loc_fffcf261 ; je 0xfffcf261 +je short loc_fffcf4ef ; je 0xfffcf4ef push edx movzx edx, byte [ebp + edi - 0x21] push 0 @@ -63335,12 +63544,12 @@ push edx push dword [ebp - 0x2c] push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffcf261: ; not directly referenced +loc_fffcf4ef: ; not directly referenced cmp dword [ebp - 0x30], 0 -je short loc_fffcf227 ; je 0xfffcf227 +je short loc_fffcf4b5 ; je 0xfffcf4b5 movzx edx, byte [ebp + edi - 0x21] movzx ebx, bl push eax @@ -63351,11 +63560,11 @@ push ebx push dword [ebp - 0x2c] push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -jmp short loc_fffcf227 ; jmp 0xfffcf227 +jmp short loc_fffcf4b5 ; jmp 0xfffcf4b5 -fcn_fffcf285: ; not directly referenced +fcn_fffcf513: ; not directly referenced push ebp mov ebp, esp push edi @@ -63379,24 +63588,24 @@ mov byte [ebp - 0x29], cl mov dword [ebp - 0x1c], 0 mov dword [ebp - 0x20], 0 mov word [ebp - 0x34], ax -mov eax, dword [esi + 0x2443] +mov eax, dword [esi + 0x2444] call dword [eax + 0x5c] ; ucall movzx eax, byte [ebp - 0x29] add esp, 0x10 mov dword [ebp - 0x3c], edi mov dword [ebp - 0x30], eax -loc_fffcf2dc: ; not directly referenced +loc_fffcf56a: ; not directly referenced movsx eax, bx xor edi, edi mov dword [ebp - 0x38], eax -loc_fffcf2e4: ; not directly referenced +loc_fffcf572: ; not directly referenced mov eax, dword [ebp - 0x30] bt eax, edi -jae short loc_fffcf318 ; jae 0xfffcf318 +jae short loc_fffcf5a6 ; jae 0xfffcf5a6 cmp dword [ebp + edi*4 - 0x20], 0 -jne short loc_fffcf318 ; jne 0xfffcf318 +jne short loc_fffcf5a6 ; jne 0xfffcf5a6 mov eax, dword [ebp + 0x10] push edx push 0 @@ -63410,87 +63619,87 @@ movzx edx, byte [ebp - 0x2a] push edx push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffcf318: ; not directly referenced +loc_fffcf5a6: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffcf2e4 ; jne 0xfffcf2e4 +jne short loc_fffcf572 ; jne 0xfffcf572 cmp dword [ebp + 0x20], 0 -jne short loc_fffcf330 ; jne 0xfffcf330 +jne short loc_fffcf5be ; jne 0xfffcf5be sub esp, 0xc push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -loc_fffcf330: ; not directly referenced +loc_fffcf5be: ; not directly referenced mov edx, dword [ebp - 0x30] push eax -movzx ecx, byte [esi + 0x248b] +movzx ecx, byte [esi + 0x248c] push 0 push 1 lea eax, [ebp - 0x27] push eax mov eax, esi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 mov dl, bl add esp, 0x10 neg edx test bx, bx cmovns edx, ebx test byte [ebp - 0x29], 1 -je short loc_fffcf375 ; je 0xfffcf375 +je short loc_fffcf603 ; je 0xfffcf603 cmp dword [ebp - 0x20], 0 -jne short loc_fffcf375 ; jne 0xfffcf375 +jne short loc_fffcf603 ; jne 0xfffcf603 test al, 1 -je short loc_fffcf370 ; je 0xfffcf370 +je short loc_fffcf5fe ; je 0xfffcf5fe mov dword [ebp - 0x20], 1 -jmp short loc_fffcf375 ; jmp 0xfffcf375 +jmp short loc_fffcf603 ; jmp 0xfffcf603 -loc_fffcf370: ; not directly referenced +loc_fffcf5fe: ; not directly referenced mov ecx, dword [ebp + 0x1c] mov byte [ecx], dl -loc_fffcf375: ; not directly referenced +loc_fffcf603: ; not directly referenced test byte [ebp - 0x29], 2 -je short loc_fffcf394 ; je 0xfffcf394 +je short loc_fffcf622 ; je 0xfffcf622 cmp dword [ebp - 0x1c], 0 -jne short loc_fffcf394 ; jne 0xfffcf394 +jne short loc_fffcf622 ; jne 0xfffcf622 test al, 2 -jne short loc_fffcf38d ; jne 0xfffcf38d +jne short loc_fffcf61b ; jne 0xfffcf61b mov eax, dword [ebp + 0x1c] mov byte [eax + 1], dl -jmp short loc_fffcf394 ; jmp 0xfffcf394 +jmp short loc_fffcf622 ; jmp 0xfffcf622 -loc_fffcf38d: ; not directly referenced +loc_fffcf61b: ; not directly referenced mov dword [ebp - 0x1c], 1 -loc_fffcf394: ; not directly referenced +loc_fffcf622: ; not directly referenced mov eax, dword [ebp - 0x34] add ebx, eax test ax, ax -jle short loc_fffcf3a7 ; jle 0xfffcf3a7 +jle short loc_fffcf635 ; jle 0xfffcf635 cmp bx, word [ebp - 0x2c] setg al -jmp short loc_fffcf3ae ; jmp 0xfffcf3ae +jmp short loc_fffcf63c ; jmp 0xfffcf63c -loc_fffcf3a7: ; not directly referenced +loc_fffcf635: ; not directly referenced cmp bx, word [ebp - 0x2c] setl al -loc_fffcf3ae: ; not directly referenced +loc_fffcf63c: ; not directly referenced cmp dword [ebp - 0x20], 0 movzx eax, al -je short loc_fffcf3bd ; je 0xfffcf3bd +je short loc_fffcf64b ; je 0xfffcf64b cmp dword [ebp - 0x1c], 0 -jne short loc_fffcf3c5 ; jne 0xfffcf3c5 +jne short loc_fffcf653 ; jne 0xfffcf653 -loc_fffcf3bd: ; not directly referenced +loc_fffcf64b: ; not directly referenced test eax, eax -je loc_fffcf2dc ; je 0xfffcf2dc +je loc_fffcf56a ; je 0xfffcf56a -loc_fffcf3c5: ; not directly referenced +loc_fffcf653: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -63498,7 +63707,7 @@ pop edi pop ebp ret -fcn_fffcf3cd: ; not directly referenced +fcn_fffcf65b: ; not directly referenced push ebp mov ebp, esp push edi @@ -63514,7 +63723,7 @@ mov ebx, eax mov dword [ebp - 0x78], eax mov al, byte [ebp + 8] mov byte [ebp - 0x89], bl -mov ebx, dword [edi + 0x2443] +mov ebx, dword [edi + 0x2444] mov dword [ebp - 0x88], edx mov byte [ebp - 0x69], dl mov byte [ebp - 0x6a], al @@ -63542,14 +63751,14 @@ push eax call dword [ebx + 0x5c] ; ucall xor eax, eax add esp, 0x10 -cmp dword [edi + 0x2480], 3 +cmp dword [edi + 0x2481], 3 sete al mov dword [ebp - 0x60], eax mov eax, esi cmp al, 6 -je short loc_fffcf489 ; je 0xfffcf489 +je short loc_fffcf717 ; je 0xfffcf717 -loc_fffcf457: ; not directly referenced +loc_fffcf6e5: ; not directly referenced cmp dword [ebp - 0x60], 1 sbb eax, eax mov dword [ebp - 0x60], eax @@ -63562,19 +63771,19 @@ mov al, byte [ebp - 0x7c] sub eax, dword [ebp - 0x60] movzx eax, al mov dword [ebp - 0x94], eax -jmp near loc_fffcf604 ; jmp 0xfffcf604 +jmp near loc_fffcf892 ; jmp 0xfffcf892 -loc_fffcf489: ; not directly referenced +loc_fffcf717: ; not directly referenced movzx esi, byte [ebp - 0x68] -lea eax, [edi + 0x3756] +lea eax, [edi + 0x3757] mov dword [ebp - 0x5c], eax xor eax, eax mov dword [ebp - 0x70], esi -loc_fffcf49b: ; not directly referenced +loc_fffcf729: ; not directly referenced mov esi, dword [ebp - 0x70] bt esi, eax -jae loc_fffcf567 ; jae 0xfffcf567 +jae loc_fffcf7f5 ; jae 0xfffcf7f5 mov esi, dword [ebp - 0x5c] mov ebx, dword [esi + 0x111] mov ecx, dword [esi + 0x11d] @@ -63591,11 +63800,11 @@ xor ecx, ecx mov dl, byte [esi + 0xc4] mov byte [ebp - 0x64], dl -loc_fffcf4da: ; not directly referenced +loc_fffcf768: ; not directly referenced mov ebx, 1 shl ebx, cl test byte [ebp - 0x64], bl -je short loc_fffcf512 ; je 0xfffcf512 +je short loc_fffcf7a0 ; je 0xfffcf7a0 mov esi, dword [ebp - 0x5c] mov bl, byte [esi + ecx + 0x245] movzx esi, byte [ebp + eax - 0x53] @@ -63608,12 +63817,12 @@ mov byte [ebp + eax - 0x53], dl cmovb ebx, esi mov byte [ebp + eax - 0x51], bl -loc_fffcf512: ; not directly referenced +loc_fffcf7a0: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffcf4da ; jne 0xfffcf4da +jne short loc_fffcf768 ; jne 0xfffcf768 cmp dword [ebp - 0x60], 0 -je short loc_fffcf559 ; je 0xfffcf559 +je short loc_fffcf7e7 ; je 0xfffcf7e7 mov ecx, dword [ebp - 0x5c] mov esi, dword [ecx + 0x109] mov ecx, dword [ecx + 0x115] @@ -63633,35 +63842,35 @@ cmp bl, cl cmovbe ebx, ecx mov byte [ebp + eax - 0x51], bl -loc_fffcf559: ; not directly referenced +loc_fffcf7e7: ; not directly referenced mov cl, 0x7f neg byte [ebp + eax - 0x53] sub cl, byte [ebp + eax - 0x51] mov byte [ebp + eax - 0x51], cl -loc_fffcf567: ; not directly referenced +loc_fffcf7f5: ; not directly referenced inc eax add dword [ebp - 0x5c], 0x13c3 cmp eax, 2 -jne loc_fffcf49b ; jne 0xfffcf49b -jmp near loc_fffcf457 ; jmp 0xfffcf457 +jne loc_fffcf729 ; jne 0xfffcf729 +jmp near loc_fffcf6e5 ; jmp 0xfffcf6e5 -loc_fffcf57d: ; not directly referenced +loc_fffcf80b: ; not directly referenced mov eax, dword [ebp - 0x70] bt eax, ebx -jb loc_fffcf62c ; jb 0xfffcf62c +jb loc_fffcf8ba ; jb 0xfffcf8ba -loc_fffcf589: ; not directly referenced +loc_fffcf817: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffcf57d ; jne 0xfffcf57d +jne short loc_fffcf80b ; jne 0xfffcf80b sub esp, 0xc push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 cmp dword [ebp + 0x24], 0 -je loc_fffcf67f ; je 0xfffcf67f -movzx ecx, byte [edi + 0x248b] +je loc_fffcf90d ; je 0xfffcf90d +movzx ecx, byte [edi + 0x248c] push eax mov edx, dword [ebp - 0x70] push 0 @@ -63669,15 +63878,15 @@ push 1 lea eax, [ebp - 0x4f] push eax mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 mov byte [ebp - 0x5c], al -loc_fffcf5c5: ; not directly referenced +loc_fffcf853: ; not directly referenced cmp byte [ebp - 0x69], 6 -je loc_fffcf6d8 ; je 0xfffcf6d8 +je loc_fffcf966 ; je 0xfffcf966 -loc_fffcf5cf: ; not directly referenced +loc_fffcf85d: ; not directly referenced movzx eax, byte [ebp - 0x60] mov edx, esi xor ecx, ecx @@ -63686,40 +63895,40 @@ mov dword [ebp - 0x70], eax movsx eax, byte [ebp - 0x89] mov dword [ebp - 0x80], edx -loc_fffcf5e6: ; not directly referenced +loc_fffcf874: ; not directly referenced mov edx, 1 shl edx, cl test byte [ebp - 0x68], dl -jne loc_fffcf712 ; jne 0xfffcf712 +jne loc_fffcf9a0 ; jne 0xfffcf9a0 -loc_fffcf5f6: ; not directly referenced +loc_fffcf884: ; not directly referenced inc ecx cmp ecx, 2 -jne short loc_fffcf5e6 ; jne 0xfffcf5e6 +jne short loc_fffcf874 ; jne 0xfffcf874 movzx eax, byte [ebp - 0x60] add word [ebp - 0x64], ax -loc_fffcf604: ; not directly referenced +loc_fffcf892: ; not directly referenced movzx eax, byte [ebp - 0x7c] movsx esi, word [ebp - 0x64] mov dword [ebp - 0x5c], eax cmp esi, eax -jg loc_fffcf7f0 ; jg 0xfffcf7f0 +jg loc_fffcfa7e ; jg 0xfffcfa7e movzx eax, byte [ebp - 0x68] xor ebx, ebx mov dword [ebp - 0x70], eax movzx eax, byte [ebp - 0x74] mov dword [ebp - 0x5c], eax -jmp near loc_fffcf57d ; jmp 0xfffcf57d +jmp near loc_fffcf80b ; jmp 0xfffcf80b -loc_fffcf62c: ; not directly referenced +loc_fffcf8ba: ; not directly referenced imul eax, ebx, 0x13c3 mov cl, byte [ebp - 0x6a] -and cl, byte [edi + eax + 0x381a] +and cl, byte [edi + eax + 0x381b] movzx eax, byte [ebp - 0x69] movzx ecx, cl cmp al, 6 -je short loc_fffcf65f ; je 0xfffcf65f +je short loc_fffcf8ed ; je 0xfffcf8ed push edx push 0 push esi @@ -63728,11 +63937,11 @@ push ecx push eax push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -jmp near loc_fffcf589 ; jmp 0xfffcf589 +jmp near loc_fffcf817 ; jmp 0xfffcf817 -loc_fffcf65f: ; not directly referenced +loc_fffcf8ed: ; not directly referenced xor eax, eax mov edx, ebx cmp dword [ebp + 0x20], 0 @@ -63742,15 +63951,15 @@ mov eax, edi push 0 push esi push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -jmp near loc_fffcf589 ; jmp 0xfffcf589 +jmp near loc_fffcf817 ; jmp 0xfffcf817 -loc_fffcf67f: ; not directly referenced +loc_fffcf90d: ; not directly referenced xor ebx, ebx mov byte [ebp - 0x5c], 0 -loc_fffcf685: ; not directly referenced +loc_fffcf913: ; not directly referenced mov eax, dword [ebp + 0x1c] push 0 push 0 @@ -63761,73 +63970,73 @@ push eax push 0 push 2 push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x1c -movzx ecx, byte [edi + 0x248b] +movzx ecx, byte [edi + 0x248c] mov edx, dword [ebp - 0x70] lea eax, [ebp - 0x4f] push 0 push 1 push eax mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 or byte [ebp - 0x5c], al mov al, byte [ebp - 0x68] cmp byte [ebp - 0x5c], al -je loc_fffcf5c5 ; je 0xfffcf5c5 +je loc_fffcf853 ; je 0xfffcf853 inc ebx cmp ebx, 2 -jne short loc_fffcf685 ; jne 0xfffcf685 -jmp near loc_fffcf5c5 ; jmp 0xfffcf5c5 +jne short loc_fffcf913 ; jne 0xfffcf913 +jmp near loc_fffcf853 ; jmp 0xfffcf853 -loc_fffcf6d8: ; not directly referenced +loc_fffcf966: ; not directly referenced movsx ax, byte [ebp - 0x53] cmp word [ebp - 0x64], ax -jge short loc_fffcf6e9 ; jge 0xfffcf6e9 +jge short loc_fffcf977 ; jge 0xfffcf977 -loc_fffcf6e3: ; not directly referenced +loc_fffcf971: ; not directly referenced or byte [ebp - 0x5c], 1 -jmp short loc_fffcf6f1 ; jmp 0xfffcf6f1 +jmp short loc_fffcf97f ; jmp 0xfffcf97f -loc_fffcf6e9: ; not directly referenced +loc_fffcf977: ; not directly referenced movzx eax, byte [ebp - 0x51] cmp esi, eax -jg short loc_fffcf6e3 ; jg 0xfffcf6e3 +jg short loc_fffcf971 ; jg 0xfffcf971 -loc_fffcf6f1: ; not directly referenced +loc_fffcf97f: ; not directly referenced movsx ax, byte [ebp - 0x52] cmp word [ebp - 0x64], ax -jge short loc_fffcf705 ; jge 0xfffcf705 +jge short loc_fffcf993 ; jge 0xfffcf993 -loc_fffcf6fc: ; not directly referenced +loc_fffcf98a: ; not directly referenced or byte [ebp - 0x5c], 2 -jmp near loc_fffcf5cf ; jmp 0xfffcf5cf +jmp near loc_fffcf85d ; jmp 0xfffcf85d -loc_fffcf705: ; not directly referenced +loc_fffcf993: ; not directly referenced movzx eax, byte [ebp - 0x50] cmp esi, eax -jg short loc_fffcf6fc ; jg 0xfffcf6fc -jmp near loc_fffcf5cf ; jmp 0xfffcf5cf +jg short loc_fffcf98a ; jg 0xfffcf98a +jmp near loc_fffcf85d ; jmp 0xfffcf85d -loc_fffcf712: ; not directly referenced +loc_fffcf9a0: ; not directly referenced test byte [ebp - 0x5c], dl mov ebx, dword [ebp - 0x6c] sete dl movzx edx, dl cmp word [ebp - 0x64], bx -jne short loc_fffcf767 ; jne 0xfffcf767 +jne short loc_fffcf9f5 ; jne 0xfffcf9f5 test edx, edx -je short loc_fffcf745 ; je 0xfffcf745 +je short loc_fffcf9d3 ; je 0xfffcf9d3 mov dword [ebp + ecx*4 - 0x20], eax mov dword [ebp + ecx*4 - 0x28], eax mov dword [ebp + ecx*4 - 0x30], eax mov dword [ebp + ecx*4 - 0x38], eax mov dword [ebp + ecx*4 - 0x40], eax mov dword [ebp + ecx*4 - 0x48], eax -jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6 +jmp near loc_fffcf884 ; jmp 0xfffcf884 -loc_fffcf745: ; not directly referenced +loc_fffcf9d3: ; not directly referenced mov edx, eax sub edx, dword [ebp - 0x70] mov dword [ebp + ecx*4 - 0x20], edx @@ -63836,37 +64045,37 @@ mov dword [ebp + ecx*4 - 0x30], edx mov dword [ebp + ecx*4 - 0x38], edx mov dword [ebp + ecx*4 - 0x40], edx mov dword [ebp + ecx*4 - 0x48], edx -jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6 +jmp near loc_fffcf884 ; jmp 0xfffcf884 -loc_fffcf767: ; not directly referenced +loc_fffcf9f5: ; not directly referenced test edx, edx -je loc_fffcf5f6 ; je 0xfffcf5f6 +je loc_fffcf884 ; je 0xfffcf884 mov ebx, dword [ebp - 0x80] cmp dword [ebp + ecx*4 - 0x40], ebx -jne short loc_fffcf77c ; jne 0xfffcf77c +jne short loc_fffcfa0a ; jne 0xfffcfa0a mov dword [ebp + ecx*4 - 0x40], esi -loc_fffcf77c: ; not directly referenced +loc_fffcfa0a: ; not directly referenced mov ebx, dword [ebp - 0x80] cmp dword [ebp + ecx*4 - 0x30], ebx mov dword [ebp + ecx*4 - 0x30], esi -je short loc_fffcf78d ; je 0xfffcf78d +je short loc_fffcfa1b ; je 0xfffcfa1b mov dword [ebp + ecx*4 - 0x38], esi -loc_fffcf78d: ; not directly referenced +loc_fffcfa1b: ; not directly referenced cmp esi, dword [ebp - 0x94] -jl short loc_fffcf7b3 ; jl 0xfffcf7b3 +jl short loc_fffcfa41 ; jl 0xfffcfa41 cmp dword [ebp + ecx*4 - 0x48], eax -jne short loc_fffcf7b3 ; jne 0xfffcf7b3 +jne short loc_fffcfa41 ; jne 0xfffcfa41 cmp byte [ebp - 0x8a], 0 -je short loc_fffcf7b3 ; je 0xfffcf7b3 +je short loc_fffcfa41 ; je 0xfffcfa41 mov edx, dword [ebp + ecx*4 - 0x40] sub edx, eax add edx, dword [ebp - 0x70] add edx, esi mov dword [ebp + ecx*4 - 0x30], edx -loc_fffcf7b3: ; not directly referenced +loc_fffcfa41: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x30] mov ebx, dword [ebp + ecx*4 - 0x38] mov dword [ebp - 0x84], edx @@ -63875,13 +64084,13 @@ mov dword [ebp - 0x90], edx mov edx, dword [ebp + ecx*4 - 0x20] sub edx, dword [ebp + ecx*4 - 0x28] cmp dword [ebp - 0x90], edx -jle loc_fffcf5f6 ; jle 0xfffcf5f6 +jle loc_fffcf884 ; jle 0xfffcf884 mov dword [ebp + ecx*4 - 0x28], ebx mov ebx, dword [ebp - 0x84] mov dword [ebp + ecx*4 - 0x20], ebx -jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6 +jmp near loc_fffcf884 ; jmp 0xfffcf884 -loc_fffcf7f0: ; not directly referenced +loc_fffcfa7e: ; not directly referenced movzx eax, byte [ebp - 0x60] mov ecx, 2 xor ebx, ebx @@ -63900,58 +64109,58 @@ mov dword [ebp - 0x68], eax movzx eax, byte [ebp - 0x74] mov dword [ebp - 0x74], eax -loc_fffcf823: ; not directly referenced +loc_fffcfab1: ; not directly referenced mov eax, dword [ebp - 0x68] bt eax, ebx -jb short loc_fffcf837 ; jb 0xfffcf837 +jb short loc_fffcfac5 ; jb 0xfffcfac5 -loc_fffcf82b: ; not directly referenced +loc_fffcfab9: ; not directly referenced inc ebx cmp ebx, 2 -je loc_fffcf90e ; je 0xfffcf90e -jmp short loc_fffcf823 ; jmp 0xfffcf823 +je loc_fffcfb9c ; je 0xfffcfb9c +jmp short loc_fffcfab1 ; jmp 0xfffcfab1 -loc_fffcf837: ; not directly referenced +loc_fffcfac5: ; not directly referenced mov esi, dword [ebp + ebx*4 - 0x20] mov eax, dword [ebp + ebx*4 - 0x28] mov ecx, esi mov dword [ebp - 0x60], eax sub ecx, eax cmp ecx, dword [ebp - 0x7c] -jl short loc_fffcf855 ; jl 0xfffcf855 +jl short loc_fffcfae3 ; jl 0xfffcfae3 mov edx, dword [ebp - 0x5c] sub edx, dword [ebp - 0x78] cmp ecx, edx -jl short loc_fffcf86c ; jl 0xfffcf86c +jl short loc_fffcfafa ; jl 0xfffcfafa -loc_fffcf855: ; not directly referenced +loc_fffcfae3: ; not directly referenced cmp byte [edi + 0x1965], 0 -je short loc_fffcf87b ; je 0xfffcf87b +je short loc_fffcfb09 ; je 0xfffcfb09 cmp dword [edi + 0x188b], 1 -jne short loc_fffcf87b ; jne 0xfffcf87b -jmp near loc_fffcf9bc ; jmp 0xfffcf9bc +jne short loc_fffcfb09 ; jne 0xfffcfb09 +jmp near loc_fffcfc4a ; jmp 0xfffcfc4a -loc_fffcf86c: ; not directly referenced +loc_fffcfafa: ; not directly referenced mov eax, dword [ebp - 0x60] mov ecx, 2 add eax, esi cdq idiv ecx -jmp short loc_fffcf87e ; jmp 0xfffcf87e +jmp short loc_fffcfb0c ; jmp 0xfffcfb0c -loc_fffcf87b: ; not directly referenced +loc_fffcfb09: ; not directly referenced mov eax, dword [ebp - 0x70] -loc_fffcf87e: ; not directly referenced +loc_fffcfb0c: ; not directly referenced imul edx, ebx, 0x13c3 mov cl, byte [ebp - 0x6a] -and cl, byte [edi + edx + 0x381a] +and cl, byte [edi + edx + 0x381b] cmp dword [ebp + 0x20], 0 mov byte [ebp - 0x64], cl -jne short loc_fffcf8ba ; jne 0xfffcf8ba +jne short loc_fffcfb48 ; jne 0xfffcfb48 mov dl, byte [ebp - 0x69] cmp dl, 6 -je short loc_fffcf8ba ; je 0xfffcf8ba +je short loc_fffcfb48 ; je 0xfffcfb48 sub esp, 4 push 1 push eax @@ -63962,10 +64171,10 @@ movzx eax, dl push eax push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffcf8ba: ; not directly referenced +loc_fffcfb48: ; not directly referenced mov edx, dword [ebp - 0x60] movzx ecx, byte [ebp - 0x64] mov eax, edx @@ -63984,24 +64193,24 @@ sub esi, eax xor eax, eax imul esi, esi, 0xa -loc_fffcf8e6: ; not directly referenced +loc_fffcfb74: ; not directly referenced mov ecx, dword [ebp - 0x64] bt ecx, eax -jae short loc_fffcf8fd ; jae 0xfffcf8fd +jae short loc_fffcfb8b ; jae 0xfffcfb8b mov ecx, dword [ebp - 0x60] -mov dword [edx + 0x3214], esi -mov dword [edx + 0x3210], ecx +mov dword [edx + 0x3215], esi +mov dword [edx + 0x3211], ecx -loc_fffcf8fd: ; not directly referenced +loc_fffcfb8b: ; not directly referenced inc eax add edx, 0x90 cmp eax, 4 -jne short loc_fffcf8e6 ; jne 0xfffcf8e6 -jmp near loc_fffcf82b ; jmp 0xfffcf82b +jne short loc_fffcfb74 ; jne 0xfffcfb74 +jmp near loc_fffcfab9 ; jmp 0xfffcfab9 -loc_fffcf90e: ; not directly referenced +loc_fffcfb9c: ; not directly referenced cmp dword [ebp + 0x24], 0 -jne short loc_fffcf92b ; jne 0xfffcf92b +jne short loc_fffcfbb9 ; jne 0xfffcfbb9 push 0 push 0 push 0 @@ -64010,38 +64219,38 @@ push 0 push 0 push 2 push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x20 -loc_fffcf92b: ; not directly referenced +loc_fffcfbb9: ; not directly referenced cmp byte [ebp - 0x88], 6 -je short loc_fffcf942 ; je 0xfffcf942 +je short loc_fffcfbd0 ; je 0xfffcfbd0 -loc_fffcf934: ; not directly referenced +loc_fffcfbc2: ; not directly referenced sub esp, 0xc push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp short loc_fffcf9c1 ; jmp 0xfffcf9c1 +jmp short loc_fffcfc4f ; jmp 0xfffcfc4f -loc_fffcf942: ; not directly referenced +loc_fffcfbd0: ; not directly referenced xor ebx, ebx -loc_fffcf944: ; not directly referenced +loc_fffcfbd2: ; not directly referenced mov eax, dword [ebp - 0x68] bt eax, ebx -jb short loc_fffcf954 ; jb 0xfffcf954 +jb short loc_fffcfbe2 ; jb 0xfffcfbe2 -loc_fffcf94c: ; not directly referenced +loc_fffcfbda: ; not directly referenced inc ebx cmp ebx, 2 -je short loc_fffcf934 ; je 0xfffcf934 -jmp short loc_fffcf944 ; jmp 0xfffcf944 +je short loc_fffcfbc2 ; je 0xfffcfbc2 +jmp short loc_fffcfbd2 ; jmp 0xfffcfbd2 -loc_fffcf954: ; not directly referenced +loc_fffcfbe2: ; not directly referenced imul eax, ebx, 0x13c3 mov dl, byte [ebp - 0x6a] -and dl, byte [edi + eax + 0x381a] +and dl, byte [edi + eax + 0x381b] xor eax, eax cmp dword [ebp + 0x20], 0 movzx esi, dl @@ -64053,33 +64262,33 @@ mov eax, edi push 0 push 0 push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e imul eax, ebx, 0x48 add esp, 0x10 xor edx, edx add eax, edi -loc_fffcf98c: ; not directly referenced +loc_fffcfc1a: ; not directly referenced bt esi, edx -jae short loc_fffcf9af ; jae 0xfffcf9af -mov ecx, dword [eax + 0x3210] +jae short loc_fffcfc3d ; jae 0xfffcfc3d +mov ecx, dword [eax + 0x3211] mov dword [ebp - 0x5c], ecx -mov ecx, dword [eax + 0x3214] -mov dword [eax + 0x3210], ecx +mov ecx, dword [eax + 0x3215] +mov dword [eax + 0x3211], ecx mov ecx, dword [ebp - 0x5c] -mov dword [eax + 0x3214], ecx +mov dword [eax + 0x3215], ecx -loc_fffcf9af: ; not directly referenced +loc_fffcfc3d: ; not directly referenced inc edx add eax, 0x90 cmp edx, 4 -jne short loc_fffcf98c ; jne 0xfffcf98c -jmp short loc_fffcf94c ; jmp 0xfffcf94c +jne short loc_fffcfc1a ; jne 0xfffcfc1a +jmp short loc_fffcfbda ; jmp 0xfffcfbda -loc_fffcf9bc: ; not directly referenced +loc_fffcfc4a: ; not directly referenced mov eax, 0xc -loc_fffcf9c1: ; not directly referenced +loc_fffcfc4f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -64087,7 +64296,7 @@ pop edi pop ebp ret -fcn_fffcf9c9: ; not directly referenced +fcn_fffcfc57: ; not directly referenced push ebp mov ebp, esp push edi @@ -64102,7 +64311,7 @@ mov esi, edi mov ebx, esi mov esi, eax mov byte [ebp - 0x3e], bl -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] lea eax, [ebp - 0x24] push 0 push 2 @@ -64122,11 +64331,11 @@ call dword [ebx + 0x5c] ; ucall add esp, 0x10 cmp byte [ebp - 0x3c], 0 setne cl -cmp dword [esi + 0x2480], 3 +cmp dword [esi + 0x2481], 3 mov byte [ebp - 0x30], cl sete al test cl, al -je short loc_fffcfa69 ; je 0xfffcfa69 +je short loc_fffcfcf7 ; je 0xfffcfcf7 mov al, byte [edi] xor ecx, ecx lea edx, [eax - 0x20] @@ -64147,9 +64356,9 @@ mov byte [ebp - 0x1d], cl lea ecx, [eax + 0x20] cmovbe edx, ecx mov byte [ebp - 0x1b], dl -jmp short loc_fffcfa86 ; jmp 0xfffcfa86 +jmp short loc_fffcfd14 ; jmp 0xfffcfd14 -loc_fffcfa69: ; not directly referenced +loc_fffcfcf7: ; not directly referenced push eax push 0 push 2 @@ -64164,42 +64373,42 @@ push eax call dword [ebx + 0x5c] ; ucall add esp, 0x10 -loc_fffcfa86: ; not directly referenced +loc_fffcfd14: ; not directly referenced test edi, edi mov eax, 1 sete dl test byte [ebp - 0x30], dl -jne loc_fffcfcdd ; jne 0xfffcfcdd +jne loc_fffcff6b ; jne 0xfffcff6b movzx esi, byte [ebp - 0x3d] xor ebx, ebx mov byte [ebp - 0x34], 0 -loc_fffcfaa3: ; not directly referenced +loc_fffcfd31: ; not directly referenced mov eax, dword [ebp - 0x2c] mov ecx, esi mov edx, ebx -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 or byte [ebp - 0x34], al cmp byte [ebp - 0x30], 0 -je short loc_fffcfabf ; je 0xfffcfabf +je short loc_fffcfd4d ; je 0xfffcfd4d mov al, byte [edi + ebx] mov byte [ebp + ebx - 0x20], al -loc_fffcfabf: ; not directly referenced +loc_fffcfd4d: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffcfaa3 ; jne 0xfffcfaa3 +jne short loc_fffcfd31 ; jne 0xfffcfd31 cmp byte [ebp - 0x3c], 0 -jne loc_fffcfbe2 ; jne 0xfffcfbe2 +jne loc_fffcfe70 ; jne 0xfffcfe70 mov eax, dword [ebp - 0x2c] cmp dword [eax + 0x188b], 0 -je short loc_fffcfae5 ; je 0xfffcfae5 +je short loc_fffcfd73 ; je 0xfffcfd73 mov al, byte [ebp - 0x44] and eax, 5 cmp al, 5 -je short loc_fffcfb15 ; je 0xfffcfb15 +je short loc_fffcfda3 ; je 0xfffcfda3 -loc_fffcfae5: ; not directly referenced +loc_fffcfd73: ; not directly referenced push 0 movzx ecx, byte [ebp - 0x34] xor edx, edx @@ -64215,28 +64424,28 @@ movzx eax, byte [ebp - 0x38] push eax mov eax, dword [ebp - 0x2c] push esi -call fcn_fffcf3cd ; call 0xfffcf3cd +call fcn_fffcf65b ; call 0xfffcf65b add esp, 0x20 -jmp near loc_fffcfcdd ; jmp 0xfffcfcdd +jmp near loc_fffcff6b ; jmp 0xfffcff6b -loc_fffcfb15: ; not directly referenced +loc_fffcfda3: ; not directly referenced movzx edi, byte [ebp - 0x3e] xor eax, eax mov dword [ebp - 0x30], 0 mov dword [ebp - 0x38], edi -loc_fffcfb25: ; not directly referenced +loc_fffcfdb3: ; not directly referenced mov cl, byte [ebp - 0x30] mov ebx, 3 xor esi, esi mov edi, dword [ebp - 0x2c] shl ebx, cl mov byte [ebp - 0x34], bl -add edi, 0x3756 +add edi, 0x3757 -loc_fffcfb3d: ; not directly referenced +loc_fffcfdcb: ; not directly referenced cmp dword [edi], 2 -jne short loc_fffcfb77 ; jne 0xfffcfb77 +jne short loc_fffcfe05 ; jne 0xfffcfe05 cmp byte [ebp - 0x34], 3 mov ecx, 0x40 mov dword [ebp - 0x3c], eax @@ -64252,27 +64461,27 @@ push edx push 0 push esi push dword [ebp - 0x2c] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov eax, dword [ebp - 0x3c] add esp, 0x20 -loc_fffcfb77: ; not directly referenced +loc_fffcfe05: ; not directly referenced inc esi add edi, 0x13c3 cmp esi, 2 -jne short loc_fffcfb3d ; jne 0xfffcfb3d +jne short loc_fffcfdcb ; jne 0xfffcfdcb test byte [ebp - 0x3d], bl -je short loc_fffcfbcf ; je 0xfffcfbcf +je short loc_fffcfe5d ; je 0xfffcfe5d mov edi, dword [ebp - 0x2c] mov ecx, ebx xor edx, edx mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov ecx, ebx mov edx, 1 mov esi, eax mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 xor edx, edx push 0 push 0 @@ -64288,16 +64497,16 @@ push eax mov eax, edi push dword [ebp - 0x38] push ebx -call fcn_fffcf3cd ; call 0xfffcf3cd +call fcn_fffcf65b ; call 0xfffcf65b add esp, 0x20 -loc_fffcfbcf: ; not directly referenced +loc_fffcfe5d: ; not directly referenced add dword [ebp - 0x30], 2 cmp dword [ebp - 0x30], 4 -je loc_fffcfcdd ; je 0xfffcfcdd -jmp near loc_fffcfb25 ; jmp 0xfffcfb25 +je loc_fffcff6b ; je 0xfffcff6b +jmp near loc_fffcfdb3 ; jmp 0xfffcfdb3 -loc_fffcfbe2: ; not directly referenced +loc_fffcfe70: ; not directly referenced movzx eax, byte [ebp - 0x38] push ebx push ebx @@ -64319,7 +64528,7 @@ mov eax, dword [ebp - 0x2c] push edx mov edx, dword [ebp - 0x3c] push esi -call fcn_fffcef25 ; call 0xfffcef25 +call fcn_fffcf1b3 ; call 0xfffcf1b3 mov al, byte [ebp - 0x20] add esp, 0x18 lea edx, [ebp - 0x1a] @@ -64341,7 +64550,7 @@ push ebx push dword [ebp - 0x30] push esi xor esi, esi -call fcn_fffcef25 ; call 0xfffcef25 +call fcn_fffcf1b3 ; call 0xfffcf1b3 mov al, byte [ebp - 0x20] add esp, 0x20 mov dword [ebp - 0x34], 0 @@ -64349,27 +64558,27 @@ mov byte [ebp - 0x22], al mov al, byte [ebp - 0x1f] mov byte [ebp - 0x21], al -loc_fffcfc67: ; not directly referenced +loc_fffcfef5: ; not directly referenced mov eax, dword [ebp - 0x38] bt eax, esi -jae short loc_fffcfcd4 ; jae 0xfffcfcd4 +jae short loc_fffcff62 ; jae 0xfffcff62 mov ebx, dword [ebp - 0x2c] imul eax, esi, 0x13c3 mov cl, byte [ebp - 0x3d] movzx edx, byte [ebp + esi - 0x22] -and cl, byte [ebx + eax + 0x381a] +and cl, byte [ebx + eax + 0x381b] mov bl, dl mov byte [ebp - 0x44], cl movzx ecx, byte [ebp + esi - 0x24] sub ebx, ecx cmp dl, 0x7f -jne short loc_fffcfca1 ; jne 0xfffcfca1 +jne short loc_fffcff2f ; jne 0xfffcff2f test cl, cl -jne short loc_fffcfca1 ; jne 0xfffcfca1 +jne short loc_fffcff2f ; jne 0xfffcff2f mov al, byte [edi + esi] -jmp short loc_fffcfcb6 ; jmp 0xfffcfcb6 +jmp short loc_fffcff44 ; jmp 0xfffcff44 -loc_fffcfca1: ; not directly referenced +loc_fffcff2f: ; not directly referenced lea eax, [ecx + edx + 1] mov edx, 0xc shr eax, 1 @@ -64377,7 +64586,7 @@ cmp bl, 0x11 cmova edx, dword [ebp - 0x34] mov dword [ebp - 0x34], edx -loc_fffcfcb6: ; not directly referenced +loc_fffcff44: ; not directly referenced push edx movzx eax, al push 1 @@ -64388,16 +64597,16 @@ push eax push dword [ebp - 0x3c] push esi push dword [ebp - 0x2c] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffcfcd4: ; not directly referenced +loc_fffcff62: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffcfc67 ; jne 0xfffcfc67 +jne short loc_fffcfef5 ; jne 0xfffcfef5 mov eax, dword [ebp - 0x34] -loc_fffcfcdd: ; not directly referenced +loc_fffcff6b: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -64405,7 +64614,7 @@ pop edi pop ebp ret -fcn_fffcfce5: ; not directly referenced +fcn_fffcff73: ; not directly referenced push ebp mov ebp, esp push edi @@ -64418,14 +64627,14 @@ sub esp, 0x1c mov byte [ebp - 0x19], cl movzx ecx, byte [ebp + 8] -loc_fffcfcfb: ; not directly referenced +loc_fffcff89: ; not directly referenced bt edi, ebx -jae short loc_fffcfd2e ; jae 0xfffcfd2e +jae short loc_fffcffbc ; jae 0xfffcffbc imul eax, ebx, 0x13c3 mov dl, byte [ebp - 0x19] -and dl, byte [esi + eax + 0x381a] +and dl, byte [esi + eax + 0x381b] movzx eax, dl -je short loc_fffcfd2e ; je 0xfffcfd2e +je short loc_fffcffbc ; je 0xfffcffbc push edx push 0 push ecx @@ -64435,23 +64644,23 @@ push 0 push ebx push esi mov dword [ebp - 0x20], ecx -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov ecx, dword [ebp - 0x20] add esp, 0x20 -loc_fffcfd2e: ; not directly referenced +loc_fffcffbc: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffcfcfb ; jne 0xfffcfcfb +jne short loc_fffcff89 ; jne 0xfffcff89 mov dword [ebp + 8], esi lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_fffc82f4 ; jmp 0xfffc82f4 +jmp near fcn_fffc9f5d ; jmp 0xfffc9f5d -fcn_fffcfd43: ; not directly referenced +fcn_fffcffd1: ; not directly referenced push ebp mov ebp, esp push edi @@ -64462,25 +64671,25 @@ sub esp, 0x3c mov edi, dword [ebp + 0xc] mov eax, dword [ebp + 8] mov dword [ebp - 0x2c], ecx -mov esi, dword [ebx + 0x2443] +mov esi, dword [ebx + 0x2444] mov dword [ebp - 0x30], edx mov edx, dword [ebp + 0x18] mov ecx, edi inc cl mov dword [ebp - 0x3c], eax mov eax, dword [ebp + 0x14] -je short loc_fffcfd80 ; je 0xfffcfd80 +je short loc_fffd000e ; je 0xfffd000e movsx cx, dl movzx edx, dl mov word [ebp - 0x34], cx neg word [ebp - 0x34] -jmp short loc_fffcfd8b ; jmp 0xfffcfd8b +jmp short loc_fffd0019 ; jmp 0xfffd0019 -loc_fffcfd80: ; not directly referenced +loc_fffd000e: ; not directly referenced mov edx, 0x20 mov word [ebp - 0x34], 0xffe0 -loc_fffcfd8b: ; not directly referenced +loc_fffd0019: ; not directly referenced push ecx movzx eax, al push 0 @@ -64520,16 +64729,16 @@ mov eax, ebx push dword [ebp + 0x10] push edi push esi -call fcn_fffcf285 ; call 0xfffcf285 +call fcn_fffcf513 ; call 0xfffcf513 add esp, 0x20 cmp dword [ebp + 0x1c], 0 -je short loc_fffcfe37 ; je 0xfffcfe37 +je short loc_fffd00c5 ; je 0xfffd00c5 xor eax, eax -loc_fffcfdfd: ; not directly referenced +loc_fffd008b: ; not directly referenced mov ecx, dword [ebp - 0x2c] bt ecx, eax -jae short loc_fffcfe25 ; jae 0xfffcfe25 +jae short loc_fffd00b3 ; jae 0xfffd00b3 mov ecx, dword [ebp + 0x10] push edx push 0 @@ -64541,20 +64750,20 @@ push esi push dword [ebp - 0x30] push eax push ebx -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov eax, dword [ebp - 0x3c] add esp, 0x20 -loc_fffcfe25: ; not directly referenced +loc_fffd00b3: ; not directly referenced inc eax cmp eax, 2 -jne short loc_fffcfdfd ; jne 0xfffcfdfd +jne short loc_fffd008b ; jne 0xfffd008b sub esp, 0xc push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -loc_fffcfe37: ; not directly referenced +loc_fffd00c5: ; not directly referenced push ecx mov edx, dword [ebp - 0x30] push dword [ebp + 0x1c] @@ -64571,16 +64780,16 @@ mov eax, ebx push dword [ebp + 0x10] push edi push esi -call fcn_fffcf285 ; call 0xfffcf285 +call fcn_fffcf513 ; call 0xfffcf513 add esp, 0x20 cmp dword [ebp + 0x1c], 0 -je short loc_fffcfea3 ; je 0xfffcfea3 +je short loc_fffd0131 ; je 0xfffd0131 xor eax, eax -loc_fffcfe69: ; not directly referenced +loc_fffd00f7: ; not directly referenced mov ecx, dword [ebp - 0x2c] bt ecx, eax -jae short loc_fffcfe91 ; jae 0xfffcfe91 +jae short loc_fffd011f ; jae 0xfffd011f push edx mov edx, dword [ebp + 0x10] push 0 @@ -64592,32 +64801,32 @@ push esi push dword [ebp - 0x30] push eax push ebx -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov eax, dword [ebp - 0x34] add esp, 0x20 -loc_fffcfe91: ; not directly referenced +loc_fffd011f: ; not directly referenced inc eax cmp eax, 2 -jne short loc_fffcfe69 ; jne 0xfffcfe69 +jne short loc_fffd00f7 ; jne 0xfffd00f7 sub esp, 0xc push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -loc_fffcfea3: ; not directly referenced +loc_fffd0131: ; not directly referenced xor eax, eax -loc_fffcfea5: ; not directly referenced +loc_fffd0133: ; not directly referenced mov edi, dword [ebp - 0x2c] bt edi, eax -jb short loc_fffcfebe ; jb 0xfffcfebe +jb short loc_fffd014c ; jb 0xfffd014c -loc_fffcfead: ; not directly referenced +loc_fffd013b: ; not directly referenced inc eax add ebx, 0x48 cmp eax, 2 -jne short loc_fffcfea5 ; jne 0xfffcfea5 +jne short loc_fffd0133 ; jne 0xfffd0133 lea esp, [ebp - 0xc] pop ebx pop esi @@ -64625,28 +64834,28 @@ pop edi pop ebp ret -loc_fffcfebe: ; not directly referenced +loc_fffd014c: ; not directly referenced mov ecx, ebx xor edx, edx -loc_fffcfec2: ; not directly referenced +loc_fffd0150: ; not directly referenced bt esi, edx -jae short loc_fffcfee3 ; jae 0xfffcfee3 +jae short loc_fffd0171 ; jae 0xfffd0171 movzx edi, byte [ebp + eax - 0x1a] imul edi, edi, 0xa -mov dword [ecx + 0x3210], edi +mov dword [ecx + 0x3211], edi movzx edi, byte [ebp + eax - 0x1c] imul edi, edi, 0xa -mov dword [ecx + 0x3214], edi +mov dword [ecx + 0x3215], edi -loc_fffcfee3: ; not directly referenced +loc_fffd0171: ; not directly referenced inc edx add ecx, 0x90 cmp edx, 4 -jne short loc_fffcfec2 ; jne 0xfffcfec2 -jmp short loc_fffcfead ; jmp 0xfffcfead +jne short loc_fffd0150 ; jne 0xfffd0150 +jmp short loc_fffd013b ; jmp 0xfffd013b -fcn_fffcfef1: ; not directly referenced +fcn_fffd017f: ; not directly referenced push ebp mov ebp, esp push edi @@ -64655,25 +64864,25 @@ push ebx sub esp, 0xfc mov esi, dword [ebp + 8] mov dword [ebp - 0xd4], 0 -mov eax, dword [esi + 0x2443] +mov eax, dword [esi + 0x2444] mov dword [ebp - 0xd8], eax -mov eax, dword [esi + 0x5edc] +mov eax, dword [esi + 0x5edd] mov dword [ebp - 0xdc], eax -lea eax, [esi + 0x2490] +lea eax, [esi + 0x2491] mov dword [ebp - 0xe0], eax mov eax, dword [esi + 0x188b] mov dword [ebp - 0xe4], eax mov al, byte [esi + 0x2441] mov byte [ebp - 0xf9], al test byte [esi + 0x2405], 0x20 -je short loc_fffcff61 ; je 0xfffcff61 +je short loc_fffd01ef ; je 0xfffd01ef xor eax, eax cmp dword [ebp - 0xe4], 1 sete al mov dword [ebp - 0xd4], eax -loc_fffcff61: ; not directly referenced -cmp dword [esi + 0x2480], 3 +loc_fffd01ef: ; not directly referenced +cmp dword [esi + 0x2481], 3 mov edi, dword [ebp - 0xd8] push ebx sete al @@ -64682,7 +64891,7 @@ push 0x10 lea ebx, [ebp - 0xa8] mov byte [ebp - 0xfa], al movzx eax, al -mov dword [ebp - 0xcc], eax +mov dword [ebp - 0xd0], eax mov eax, edi push ebx call dword [eax + 0x5c] ; ucall @@ -64703,7 +64912,7 @@ mov dword [ebp - 0xbc], edx call dword [eax + 0x5c] ; ucall add esp, 0x10 mov edx, dword [ebp - 0xbc] -cmp dword [ebp - 0xcc], 1 +cmp dword [ebp - 0xd0], 1 mov byte [ebp - 0xad], 0 mov byte [ebp - 0xae], 0 sbb eax, eax @@ -64711,77 +64920,78 @@ and eax, 7 add eax, 0xa cmp dword [ebp - 0xd4], 1 movzx eax, al +mov byte [esi + 0x2443], 0 mov dword [ebp - 0xf8], edx -mov dword [ebp - 0xec], edx sbb edi, edi -mov dword [ebp - 0xc8], edi +mov dword [ebp - 0xcc], edi mov edi, esi -and dword [ebp - 0xc8], 0xfffffff8 -add dword [ebp - 0xc8], 0xd -mov dword [ebp - 0xc4], 0 +and dword [ebp - 0xcc], 0xfffffff8 +add dword [ebp - 0xcc], 0xd +mov dword [ebp - 0xec], edx +mov dword [ebp - 0xc8], 0 mov dword [ebp - 0xc0], 0 mov dword [ebp - 0xf4], ebx mov dword [ebp - 0x100], eax -loc_fffd0037: ; not directly referenced +loc_fffd02cc: ; not directly referenced mov eax, dword [ebp - 0xdc] xor ebx, ebx -mov cl, byte [ebp - 0xc4] -mov dword [ebp - 0xd0], 1 -shl dword [ebp - 0xd0], cl +mov cl, byte [ebp - 0xc8] +mov dword [ebp - 0xc4], 1 +shl dword [ebp - 0xc4], cl add eax, 0x70 mov dword [ebp - 0xf0], eax mov byte [ebp - 0xe8], 0 -loc_fffd0065: ; not directly referenced -mov ecx, dword [ebp - 0xd0] +loc_fffd02fa: ; not directly referenced +mov ecx, dword [ebp - 0xc4] mov edx, ebx mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 or byte [ebp - 0xe8], al movzx eax, byte [ebp - 0xe8] bt eax, ebx mov dword [ebp - 0xbc], eax -jae short loc_fffd00a9 ; jae 0xfffd00a9 +jae short loc_fffd033e ; jae 0xfffd033e push ecx push 0 -movzx eax, byte [esi + 0x2488] +movzx eax, byte [esi + 0x2489] push eax mov eax, dword [ebp - 0xd8] push dword [ebp - 0xf0] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffd00a9: ; not directly referenced +loc_fffd033e: ; not directly referenced inc ebx add dword [ebp - 0xf0], 0xcc cmp ebx, 2 -jne short loc_fffd0065 ; jne 0xfffd0065 +jne short loc_fffd02fa ; jne 0xfffd02fa cmp byte [ebp - 0xe8], 0 -je loc_fffd03c2 ; je 0xfffd03c2 +je loc_fffd065c ; je 0xfffd065c mov edx, dword [ebp - 0xbc] sub esp, 0xc mov ecx, 0x11 push 0 mov eax, esi mov bl, 1 -call fcn_fffb26ca ; call 0xfffb26ca +call fcn_fffae9e2 ; call 0xfffae9e2 add esp, 0x10 -loc_fffd00e2: ; not directly referenced +loc_fffd0377: ; not directly referenced cmp ebx, 3 -je short loc_fffd0142 ; je 0xfffd0142 +je short loc_fffd03d7 ; je 0xfffd03d7 cmp ebx, 1 -jne short loc_fffd00f5 ; jne 0xfffd00f5 -mov byte [esi + 0x248b], 9 -jmp short loc_fffd0101 ; jmp 0xfffd0101 +jne short loc_fffd038a ; jne 0xfffd038a +mov byte [esi + 0x248c], 9 +jmp short loc_fffd0396 ; jmp 0xfffd0396 -loc_fffd00f5: ; not directly referenced +loc_fffd038a: ; not directly referenced cmp ebx, 4 -jne short loc_fffd0101 ; jne 0xfffd0101 -mov byte [esi + 0x248b], 0 +jne short loc_fffd0396 ; jne 0xfffd0396 +mov byte [esi + 0x248c], 0 -loc_fffd0101: ; not directly referenced +loc_fffd0396: ; not directly referenced lea eax, [ebx - 4] mov ecx, dword [ebp - 0xbc] push edx @@ -64798,26 +65008,28 @@ push eax mov eax, esi push 1 push ebx -push dword [ebp - 0xc4] -call fcn_fffc6051 ; call 0xfffc6051 +push dword [ebp - 0xc8] +call fcn_fffc66ae ; call 0xfffc66ae add esp, 0x20 mov dword [ebp - 0xc0], eax -loc_fffd0142: ; not directly referenced +loc_fffd03d7: ; not directly referenced inc ebx cmp ebx, 6 -jne short loc_fffd00e2 ; jne 0xfffd00e2 +jne short loc_fffd0377 ; jne 0xfffd0377 cmp dword [ebp - 0xd4], 0 -je loc_fffd03c2 ; je 0xfffd03c2 +je loc_fffd065c ; je 0xfffd065c +push eax mov ecx, dword [ebp - 0x100] -sub esp, 0xc -mov eax, esi +push eax mov edx, dword [ebp - 0xbc] +mov eax, esi +push dword [ebp - 0xc4] push 0 -call fcn_fffb2759 ; call 0xfffb2759 +call fcn_fffaea71 ; call 0xfffaea71 add esp, 0x10 -cmp dword [ebp - 0xcc], 0 -je short loc_fffd01a5 ; je 0xfffd01a5 +cmp dword [ebp - 0xd0], 0 +je short loc_fffd043f ; je 0xfffd043f push eax mov ecx, dword [ebp - 0xbc] xor edx, edx @@ -64829,11 +65041,11 @@ lea eax, [ebp - 0xae] push eax mov eax, esi push 0xff -push dword [ebp - 0xd0] -call fcn_fffcfd43 ; call 0xfffcfd43 -jmp short loc_fffd01f5 ; jmp 0xfffd01f5 +push dword [ebp - 0xc4] +call fcn_fffcffd1 ; call 0xfffcffd1 +jmp short loc_fffd048f ; jmp 0xfffd048f -loc_fffd01a5: ; not directly referenced +loc_fffd043f: ; not directly referenced push 1 mov ecx, dword [ebp - 0xbc] xor edx, edx @@ -64846,23 +65058,23 @@ push 0x40 push 0xffffffffffffffc0 push 3 push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd +call fcn_fffcf65b ; call 0xfffcf65b mov ebx, dword [ebp - 0xec] -mov eax, dword [edi + 0x3210] +mov eax, dword [edi + 0x3211] mov dword [ebx], eax -mov eax, dword [edi + 0x3214] +mov eax, dword [edi + 0x3215] mov dword [ebx + 4], eax -mov eax, dword [edi + 0x3258] +mov eax, dword [edi + 0x3259] mov dword [ebx + 0x10], eax -mov eax, dword [edi + 0x325c] +mov eax, dword [edi + 0x325d] mov dword [ebx + 0x14], eax -loc_fffd01f5: ; not directly referenced +loc_fffd048f: ; not directly referenced add esp, 0x20 cmp byte [ebp - 0xf9], 0 -je short loc_fffd0278 ; je 0xfffd0278 +je short loc_fffd0512 ; je 0xfffd0512 -loc_fffd0201: ; not directly referenced +loc_fffd049b: ; not directly referenced push ecx push 0 push 0 @@ -64871,7 +65083,7 @@ push 0xff push 0 push 0 push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 0 push 0 @@ -64880,10 +65092,10 @@ push 0xff push 0 push 1 push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x14 push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d mov ecx, dword [ebp - 0xbc] pop ebx pop eax @@ -64894,22 +65106,22 @@ push dword [ebp - 0xf4] push 0x36 push 0 push 0xd -push dword [ebp - 0xc4] -call fcn_fffc6051 ; call 0xfffc6051 +push dword [ebp - 0xc8] +call fcn_fffc66ae ; call 0xfffc66ae add esp, 0x14 push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 mov dword [ebp - 0xc0], eax -jmp near loc_fffd03c2 ; jmp 0xfffd03c2 +jmp near loc_fffd065c ; jmp 0xfffd065c -loc_fffd0278: ; not directly referenced +loc_fffd0512: ; not directly referenced xor ebx, ebx -loc_fffd027a: ; not directly referenced +loc_fffd0514: ; not directly referenced imul eax, ebx, 0x13c3 -cmp dword [esi + eax + 0x3756], 2 -jne short loc_fffd02ce ; jne 0xfffd02ce +cmp dword [esi + eax + 0x3757], 2 +jne short loc_fffd0568 ; jne 0xfffd0568 push edx push 0 push 0 @@ -64918,7 +65130,7 @@ push 0xff push 0 push ebx push esi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov ecx, dword [ebp - 0xdc] imul eax, ebx, 0xcc add esp, 0x20 @@ -64930,32 +65142,32 @@ mov ecx, 0xff push eax mov eax, esi push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -loc_fffd02ce: ; not directly referenced +loc_fffd0568: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffd027a ; jne 0xfffd027a +jne short loc_fffd0514 ; jne 0xfffd0514 sub esp, 0xc push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -cmp dword [ebp - 0xcc], 0 -je short loc_fffd0316 ; je 0xfffd0316 -mov ecx, dword [ebp - 0xd0] +cmp dword [ebp - 0xd0], 0 +je short loc_fffd05b0 ; je 0xfffd05b0 +mov ecx, dword [ebp - 0xc4] mov eax, esi mov edx, dword [ebp - 0xbc] -call fcn_fffc93f9 ; call 0xfffc93f9 +call fcn_fffcb062 ; call 0xfffcb062 -loc_fffd02fc: ; not directly referenced +loc_fffd0596: ; not directly referenced mov eax, dword [ebp - 0xec] mov ebx, edi mov dword [ebp - 0xc0], 0 -mov dword [ebp - 0xd0], eax -jmp short loc_fffd0362 ; jmp 0xfffd0362 +mov dword [ebp - 0xc4], eax +jmp short loc_fffd05fc ; jmp 0xfffd05fc -loc_fffd0316: ; not directly referenced +loc_fffd05b0: ; not directly referenced push 1 mov ecx, dword [ebp - 0xbc] mov edx, 6 @@ -64968,26 +65180,26 @@ push 0x40 push 0xffffffffffffffc0 push 3 push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd +call fcn_fffcf65b ; call 0xfffcf65b add esp, 0x20 -jmp short loc_fffd02fc ; jmp 0xfffd02fc +jmp short loc_fffd0596 ; jmp 0xfffd0596 -loc_fffd0345: ; not directly referenced +loc_fffd05df: ; not directly referenced inc dword [ebp - 0xc0] add ebx, 0x48 -add dword [ebp - 0xd0], 0x10 +add dword [ebp - 0xc4], 0x10 cmp dword [ebp - 0xc0], 2 -je loc_fffd0201 ; je 0xfffd0201 +je loc_fffd049b ; je 0xfffd049b -loc_fffd0362: ; not directly referenced +loc_fffd05fc: ; not directly referenced imul eax, dword [ebp - 0xc0], 0x13c3 -cmp dword [esi + eax + 0x3756], 2 -jne short loc_fffd0345 ; jne 0xfffd0345 -mov eax, dword [ebx + 0x3210] -mov edx, dword [ebp - 0xd0] +cmp dword [esi + eax + 0x3757], 2 +jne short loc_fffd05df ; jne 0xfffd05df +mov eax, dword [ebx + 0x3211] +mov edx, dword [ebp - 0xc4] mov ecx, dword [ebp - 0xdc] mov dword [edx + 8], eax -mov eax, dword [ebx + 0x3214] +mov eax, dword [ebx + 0x3215] mov dword [edx + 0xc], eax mov edx, dword [ebp - 0xc0] push 0 @@ -64999,23 +65211,23 @@ neg eax push eax mov eax, esi push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -jmp short loc_fffd0345 ; jmp 0xfffd0345 +jmp short loc_fffd05df ; jmp 0xfffd05df -loc_fffd03c2: ; not directly referenced -inc dword [ebp - 0xc4] +loc_fffd065c: ; not directly referenced +inc dword [ebp - 0xc8] add edi, 0x90 add dword [ebp - 0xec], 0x20 -cmp dword [ebp - 0xc4], 4 -jne loc_fffd0037 ; jne 0xfffd0037 -cmp dword [ebp - 0xcc], 0 -jne short loc_fffd0439 ; jne 0xfffd0439 +cmp dword [ebp - 0xc8], 4 +jne loc_fffd02cc ; jne 0xfffd02cc +cmp dword [ebp - 0xd0], 0 +jne short loc_fffd06d3 ; jne 0xfffd06d3 mov eax, dword [ebp - 0xf8] -lea edx, [esi + 0x3210] +lea edx, [esi + 0x3211] lea ebx, [ebp - 0x18] -loc_fffd03fa: ; not directly referenced +loc_fffd0694: ; not directly referenced mov ecx, dword [eax] cmp dword [eax + 8], ecx cmovbe ecx, dword [eax + 8] @@ -65035,26 +65247,26 @@ add eax, 0x20 add edx, 0x90 mov dword [edx - 0x44], ecx cmp eax, ebx -jne short loc_fffd03fa ; jne 0xfffd03fa +jne short loc_fffd0694 ; jne 0xfffd0694 -loc_fffd0439: ; not directly referenced -mov dword [ebp - 0xcc], 0 -xor edi, edi +loc_fffd06d3: ; not directly referenced mov dword [ebp - 0xd0], 0 +xor edi, edi +mov dword [ebp - 0xc8], 0 mov byte [ebp - 0xc4], 0 -loc_fffd0456: ; not directly referenced +loc_fffd06f0: ; not directly referenced mov byte [ebp - 0xbc], 0 -loc_fffd045d: ; not directly referenced +loc_fffd06f7: ; not directly referenced mov cl, byte [ebp - 0xc4] mov eax, 1 movzx edx, byte [ebp - 0xbc] movzx ebx, cl shl eax, cl imul ecx, edx, 0x13c3 -test byte [esi + ecx + 0x381a], al -je loc_fffd0601 ; je 0xfffd0601 +test byte [esi + ecx + 0x381b], al +je loc_fffd08b4 ; je 0xfffd08b4 imul ebx, ebx, 0x90 imul edx, edx, 0x48 mov dword [ebp - 0xd4], edi @@ -65062,19 +65274,19 @@ lea eax, [ebx + edx] mov ebx, 1 mov dword [ebp - 0xe8], eax -loc_fffd04a4: ; not directly referenced +loc_fffd073e: ; not directly referenced lea eax, [ebx - 6] cmp eax, 5 setbe dl cmp ebx, 3 sete al or dl, al -jne loc_fffd05de ; jne 0xfffd05de +jne loc_fffd0891 ; jne 0xfffd0891 mov ecx, 2 mov edx, ebx -movzx edi, byte [ebx + ref_fffd5f1c] ; movzx edi, byte [ebx - 0x2a0e4] +movzx edi, byte [ebx + ref_fffd58e0] ; movzx edi, byte [ebx - 0x2a720] mov eax, esi -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov ecx, 0xa xor edx, edx imul edi, edi, 0x240 @@ -65095,7 +65307,7 @@ add edi, dword [ebp - 0xe8] mov dword [ebp - 0xf0], eax mov dword [ebp - 0xdc], edi -loc_fffd051f: ; not directly referenced +loc_fffd07b9: ; not directly referenced mov eax, dword [ebp - 0xdc] xor edx, edx mov edi, 0xa @@ -65106,178 +65318,181 @@ cmp ax, dx cmovbe edx, eax mov word [ecx + ebp - 0xac], dx cmp ax, word [ebp - 0xec] -ja short loc_fffd05ac ; ja 0xfffd05ac +ja short loc_fffd085f ; ja 0xfffd085f cmp ebx, 4 sete dl cmp ebx, 1 sete al or dl, al -jne short loc_fffd058c ; jne 0xfffd058c +je short loc_fffd080e ; je 0xfffd080e +or byte [esi + 0x2443], 1 +mov dword [ebp - 0xc8], 1 +jmp short loc_fffd082f ; jmp 0xfffd082f + +loc_fffd080e: ; not directly referenced cmp ebx, 5 sete dl cmp ebx, 2 sete al or dl, al -jne short loc_fffd0598 ; jne 0xfffd0598 -cmp dword [ebp - 0xf0], 1 -mov eax, 1 -cmova eax, dword [ebp - 0xcc] -mov dword [ebp - 0xcc], eax -jmp short loc_fffd05a2 ; jmp 0xfffd05a2 - -loc_fffd058c: ; not directly referenced -mov dword [ebp - 0xd0], 1 -jmp short loc_fffd05a2 ; jmp 0xfffd05a2 - -loc_fffd0598: ; not directly referenced +je short loc_fffd083b ; je 0xfffd083b +or byte [esi + 0x2443], 2 mov dword [ebp - 0xd4], 1 -loc_fffd05a2: ; not directly referenced +loc_fffd082f: ; not directly referenced +mov dword [ebp - 0xc0], 0x1c +jmp short loc_fffd085f ; jmp 0xfffd085f + +loc_fffd083b: ; not directly referenced +cmp dword [ebp - 0xf0], 1 mov dword [ebp - 0xc0], 0x1c +ja short loc_fffd085f ; ja 0xfffd085f +or byte [esi + 0x2443], 4 +mov dword [ebp - 0xd0], 1 -loc_fffd05ac: ; not directly referenced +loc_fffd085f: ; not directly referenced add ecx, 2 cmp ecx, 4 -jne loc_fffd051f ; jne 0xfffd051f -mov eax, dword [ebp - 0xd0] +jne loc_fffd07b9 ; jne 0xfffd07b9 +mov eax, dword [ebp - 0xc8] mov edi, dword [ebp - 0xd4] dec eax -jne short loc_fffd05de ; jne 0xfffd05de +jne short loc_fffd0891 ; jne 0xfffd0891 cmp edi, 1 -jne short loc_fffd05de ; jne 0xfffd05de -cmp dword [ebp - 0xcc], 1 -je short loc_fffd05f3 ; je 0xfffd05f3 +jne short loc_fffd0891 ; jne 0xfffd0891 +cmp dword [ebp - 0xd0], 1 +je short loc_fffd08a6 ; je 0xfffd08a6 cmp dword [ebp - 0xe4], 0 -je short loc_fffd05f3 ; je 0xfffd05f3 +je short loc_fffd08a6 ; je 0xfffd08a6 -loc_fffd05de: ; not directly referenced +loc_fffd0891: ; not directly referenced inc ebx -cmp ebx, dword [ebp - 0xc8] -jbe loc_fffd04a4 ; jbe 0xfffd04a4 +cmp ebx, dword [ebp - 0xcc] +jbe loc_fffd073e ; jbe 0xfffd073e mov edi, dword [ebp - 0xd4] -jmp short loc_fffd0601 ; jmp 0xfffd0601 +jmp short loc_fffd08b4 ; jmp 0xfffd08b4 -loc_fffd05f3: ; not directly referenced +loc_fffd08a6: ; not directly referenced mov byte [ebp - 0xc4], 4 mov byte [ebp - 0xbc], 2 -loc_fffd0601: ; not directly referenced +loc_fffd08b4: ; not directly referenced inc byte [ebp - 0xbc] cmp byte [ebp - 0xbc], 1 -jbe loc_fffd045d ; jbe 0xfffd045d +jbe loc_fffd06f7 ; jbe 0xfffd06f7 inc byte [ebp - 0xc4] cmp byte [ebp - 0xc4], 3 -jbe loc_fffd0456 ; jbe 0xfffd0456 +jbe loc_fffd06f0 ; jbe 0xfffd06f0 cmp dword [ebp - 0xc0], 0x1c -jne loc_fffd079e ; jne 0xfffd079e +jne loc_fffd0a51 ; jne 0xfffd0a51 mov dl, byte [ebp - 0xfa] xor edx, 1 cmp dword [ebp - 0xe4], 1 sete al test dl, al -jne short loc_fffd0655 ; jne 0xfffd0655 +jne short loc_fffd0908 ; jne 0xfffd0908 -loc_fffd064b: ; not directly referenced +loc_fffd08fe: ; not directly referenced mov eax, 1 -jmp near loc_fffd06e5 ; jmp 0xfffd06e5 +jmp near loc_fffd0998 ; jmp 0xfffd0998 -loc_fffd0655: ; not directly referenced -lea eax, [esi + 0x3756] +loc_fffd0908: ; not directly referenced +lea eax, [esi + 0x3757] mov ebx, 0x4020 mov dword [ebp - 0xc4], eax -loc_fffd0666: ; not directly referenced +loc_fffd0919: ; not directly referenced mov eax, dword [ebp - 0xc4] cmp dword [eax], 2 -jne short loc_fffd06ae ; jne 0xfffd06ae +jne short loc_fffd0961 ; jne 0xfffd0961 mov edx, ebx mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, ebx mov dword [ebp - 0xbc], eax mov eax, esi or dword [ebp - 0xbc], 0x40000000 mov ecx, dword [ebp - 0xbc] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0xbc] mov edx, ebx mov eax, esi and ecx, 0xbfffffff -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffd06ae: ; not directly referenced +loc_fffd0961: ; not directly referenced add ebx, 0x400 add dword [ebp - 0xc4], 0x13c3 cmp ebx, 0x4820 -jne short loc_fffd0666 ; jne 0xfffd0666 -jmp short loc_fffd064b ; jmp 0xfffd064b +jne short loc_fffd0919 ; jne 0xfffd0919 +jmp short loc_fffd08fe ; jmp 0xfffd08fe -loc_fffd06c8: ; not directly referenced +loc_fffd097b: ; not directly referenced cmp eax, 4 sete cl cmp eax, 1 sete dl or cl, dl -je short loc_fffd06ee ; je 0xfffd06ee +je short loc_fffd09a1 ; je 0xfffd09a1 -loc_fffd06d8: ; not directly referenced +loc_fffd098b: ; not directly referenced inc eax -cmp eax, dword [ebp - 0xc8] -ja loc_fffd079e ; ja 0xfffd079e +cmp eax, dword [ebp - 0xcc] +ja loc_fffd0a51 ; ja 0xfffd0a51 -loc_fffd06e5: ; not directly referenced -cmp dword [ebp - 0xd0], 0 -je short loc_fffd06c8 ; je 0xfffd06c8 +loc_fffd0998: ; not directly referenced +cmp dword [ebp - 0xc8], 0 +je short loc_fffd097b ; je 0xfffd097b -loc_fffd06ee: ; not directly referenced +loc_fffd09a1: ; not directly referenced test edi, edi -jne short loc_fffd0702 ; jne 0xfffd0702 +jne short loc_fffd09b5 ; jne 0xfffd09b5 cmp eax, 5 sete cl cmp eax, 2 sete dl or cl, dl -jne short loc_fffd06d8 ; jne 0xfffd06d8 +jne short loc_fffd098b ; jne 0xfffd098b -loc_fffd0702: ; not directly referenced -cmp dword [ebp - 0xcc], 0 -jne short loc_fffd0713 ; jne 0xfffd0713 +loc_fffd09b5: ; not directly referenced +cmp dword [ebp - 0xd0], 0 +jne short loc_fffd09c6 ; jne 0xfffd09c6 lea edx, [eax - 0xc] cmp edx, 1 -jbe short loc_fffd06d8 ; jbe 0xfffd06d8 +jbe short loc_fffd098b ; jbe 0xfffd098b -loc_fffd0713: ; not directly referenced +loc_fffd09c6: ; not directly referenced cmp eax, 3 -je short loc_fffd06d8 ; je 0xfffd06d8 +je short loc_fffd098b ; je 0xfffd098b lea edx, [eax - 6] cmp edx, 5 -jbe short loc_fffd06d8 ; jbe 0xfffd06d8 +jbe short loc_fffd098b ; jbe 0xfffd098b mov dword [ebp - 0xbc], 0 mov byte [ebp - 0xd4], al -loc_fffd0730: ; not directly referenced -mov ecx, dword [esi + 0x5edc] +loc_fffd09e3: ; not directly referenced +mov ecx, dword [esi + 0x5edd] mov ecx, dword [ecx + 4] mov dword [ebp - 0xc4], ecx mov ebx, ecx xor ecx, ecx -loc_fffd0743: ; not directly referenced +loc_fffd09f6: ; not directly referenced mov dl, byte [ebp - 0xd4] cmp dl, byte [ebx] -jne short loc_fffd075a ; jne 0xfffd075a +jne short loc_fffd0a0d ; jne 0xfffd0a0d mov edx, dword [ebp - 0xbc] movzx ebx, word [ebx + edx*2 + 1] -jmp short loc_fffd0765 ; jmp 0xfffd0765 +jmp short loc_fffd0a18 ; jmp 0xfffd0a18 -loc_fffd075a: ; not directly referenced +loc_fffd0a0d: ; not directly referenced inc ecx add ebx, 7 cmp ecx, 0xb -jne short loc_fffd0743 ; jne 0xfffd0743 +jne short loc_fffd09f6 ; jne 0xfffd09f6 xor ebx, ebx -loc_fffd0765: ; not directly referenced +loc_fffd0a18: ; not directly referenced add ebx, 0x28 mov edx, 0xffff imul ecx, ecx, 7 @@ -65288,10 +65503,10 @@ mov edx, dword [ebp - 0xbc] inc dword [ebp - 0xbc] cmp dword [ebp - 0xbc], 2 mov word [ecx + edx*2 + 1], bx -jne short loc_fffd0730 ; jne 0xfffd0730 -jmp near loc_fffd06d8 ; jmp 0xfffd06d8 +jne short loc_fffd09e3 ; jne 0xfffd09e3 +jmp near loc_fffd098b ; jmp 0xfffd098b -loc_fffd079e: ; not directly referenced +loc_fffd0a51: ; not directly referenced mov eax, dword [ebp - 0xc0] lea esp, [ebp - 0xc] pop ebx @@ -65300,52 +65515,52 @@ pop edi pop ebp ret -fcn_fffd07ac: ; not directly referenced +fcn_fffd0a5f: ; not directly referenced push ebp mov ecx, 0xa mov ebp, esp push edi push esi -mov esi, ref_fffd5f40 ; mov esi, 0xfffd5f40 +mov esi, ref_fffd623c ; mov esi, 0xfffd623c push ebx -sub esp, 0xe0f0 +sub esp, 0xe100 mov eax, dword [ebp + 8] lea edi, [ebp - 0xe044] rep movsb ; rep movsb byte es:[edi], byte ptr [esi] mov byte [ebp - 0xe06e], 6 -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov byte [ebp - 0xe069], 0 mov byte [ebp - 0xe068], 4 mov byte [ebp - 0xe065], 6 -mov edi, eax -mov dword [ebp - 0xe0e0], eax +mov esi, eax +mov dword [ebp - 0xe0f4], eax mov eax, dword [ebp + 8] mov byte [ebp - 0xe064], 0 mov byte [ebp - 0xe063], 4 mov byte [ebp - 0xe056], 1 -mov ebx, dword [eax + 0x2443] -movzx eax, byte [eax + 0x2488] +mov ebx, dword [eax + 0x2444] +movzx eax, byte [eax + 0x2489] mov byte [ebp - 0xe055], 1 mov byte [ebp - 0xe054], 1 mov byte [ebp - 0xe053], 1 -mov dword [ebp - 0xe0d0], eax +mov dword [ebp - 0xe0e4], eax mov eax, dword [ebp + 8] mov byte [ebp - 0xe052], 1 mov byte [ebp - 0xe051], 1 mov byte [ebp - 0xe050], 1 -mov esi, dword [eax + 0x1887] +mov edi, dword [eax + 0x1887] mov eax, dword [eax + 0x188b] mov byte [ebp - 0xe04f], 1 mov byte [ebp - 0xe04e], 0 mov byte [ebp - 0xe04d], 0 mov byte [ebp - 0xe067], 6 mov byte [ebp - 0xe066], 5 -mov dword [ebp - 0xe088], eax +mov dword [ebp - 0xe084], eax mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2480] +mov eax, dword [eax + 0x2481] push 0 push 0x50a -mov dword [ebp - 0xe0e4], eax +mov dword [ebp - 0xe0f8], eax lea eax, [ebp - 0xdea0] push eax call dword [ebx + 0x5c] ; ucall @@ -65374,78 +65589,76 @@ lea eax, [ebp - 0xe04c] push eax call dword [ebx + 0x5c] ; ucall add esp, 0x10 -cmp esi, 0x306d0 +cmp edi, 0x306d0 sete bl -cmp esi, 0x40650 +cmp edi, 0x40650 sete al or ebx, eax mov al, bl xor eax, 1 -cmp byte [edi + 0x1c5], 1 -mov byte [ebp - 0xe0ba], al -mov eax, edi -mov word [ebp - 0xe07a], 0 -sbb edi, edi -not edi -and edi, 0x10 -cmp byte [eax + 0x1c5], 1 +mov byte [ebp - 0xe0a8], al mov eax, dword [ebp + 8] -mov byte [ebp - 0xe07c], 0 +cmp byte [esi + 0x1c5], 1 +mov word [ebp - 0xe07a], 0 +mov byte [ebp - 0xe0c0], 0 +mov al, byte [eax + 0x248f] sbb esi, esi -mov dword [ebp - 0xe0b8], esi -mov al, byte [eax + 0x248e] mov dword [ebp - 0xe098], esi -and byte [ebp - 0xe0b8], 0xe -and byte [ebp - 0xe098], 0xfc -add byte [ebp - 0xe0b8], 2 -add byte [ebp - 0xe098], 6 -mov byte [ebp - 0xe0b9], al -mov eax, dword [ebp + 8] -and byte [ebp - 0xe0b9], 3 -movzx esi, byte [ebp - 0xe0b9] -mov dword [ebp - 0xe0a8], 0 -mov al, byte [eax + 0x248d] -mov dword [ebp - 0xe0a0], 0 -mov dword [ebp - 0xe080], esi -mov byte [ebp - 0xe0c0], al +mov dword [ebp - 0xe0d8], esi +mov dword [ebp - 0xe0b8], esi +mov byte [ebp - 0xe0c1], al mov eax, dword [ebp + 8] -and byte [ebp - 0xe0c0], 0xf -lea edx, [eax + 0x39b5] +and byte [ebp - 0xe0c1], 3 +movzx esi, byte [ebp - 0xe0c1] +not byte [ebp - 0xe098] +mov al, byte [eax + 0x248e] +and byte [ebp - 0xe0d8], 0xe +and byte [ebp - 0xe0b8], 0xfc +and byte [ebp - 0xe098], 0x10 +add byte [ebp - 0xe0d8], 2 +add byte [ebp - 0xe0b8], 6 +mov byte [ebp - 0xe0c8], al +mov eax, dword [ebp + 8] +and byte [ebp - 0xe0c8], 0xf +mov dword [ebp - 0xe0bc], 0 +lea edx, [eax + 0x39b6] xor eax, eax +mov dword [ebp - 0xe09c], 0 +mov dword [ebp - 0xe080], esi -loc_fffd09b9: ; not directly referenced +loc_fffd0c6f: ; not directly referenced mov esi, dword [ebp - 0xe080] bt esi, eax -jae loc_fffd0a91 ; jae 0xfffd0a91 +jae loc_fffd0d47 ; jae 0xfffd0d47 cmp dword [edx - 0x19f], 2 lea ecx, [eax*4] -jne short loc_fffd09f3 ; jne 0xfffd09f3 +jne short loc_fffd0ca9 ; jne 0xfffd0ca9 mov esi, 3 shl esi, cl mov ecx, esi -mov dword [ebp - 0xe0a0], 1 -or byte [ebp - 0xe07c], cl -jmp short loc_fffd0a0c ; jmp 0xfffd0a0c +mov dword [ebp - 0xe09c], 1 +or byte [ebp - 0xe0c0], cl +jmp short loc_fffd0cc2 ; jmp 0xfffd0cc2 -loc_fffd09f3: ; not directly referenced +loc_fffd0ca9: ; not directly referenced mov esi, 1 shl esi, cl mov ecx, esi -or byte [ebp - 0xe07c], cl -mov dword [ebp - 0xe0a8], 1 +or byte [ebp - 0xe0c0], cl +mov dword [ebp - 0xe0bc], 1 -loc_fffd0a0c: ; not directly referenced +loc_fffd0cc2: ; not directly referenced mov esi, dword [ebp + 8] -mov cl, byte [ebp - 0xe0c0] +mov cl, byte [ebp - 0xe0c8] and cl, byte [edx - 0x19b] -mov esi, dword [esi + 0x2480] +mov esi, dword [esi + 0x2481] mov byte [ebp + eax - 0xe06d], cl cmp esi, 3 setne cl add ecx, ecx -cmp dword [ebp - 0xe088], 1 +cmp dword [ebp - 0xe084], 1 mov byte [ebp + eax*2 - 0xe062], cl -jne short loc_fffd0a5d ; jne 0xfffd0a5d +jne short loc_fffd0d13 ; jne 0xfffd0d13 mov cl, byte [edx - 0x12] and ecx, 0x30 cmp cl, 0x30 @@ -65453,13 +65666,13 @@ mov ecx, 3 cmovne cx, word [ebp - 0xe07a] mov word [ebp - 0xe07a], cx -loc_fffd0a5d: ; not directly referenced +loc_fffd0d13: ; not directly referenced cmp esi, 3 setne cl add ecx, ecx -cmp dword [ebp - 0xe088], 1 +cmp dword [ebp - 0xe084], 1 mov byte [ebp + eax*2 - 0xe061], cl -jne short loc_fffd0a91 ; jne 0xfffd0a91 +jne short loc_fffd0d47 ; jne 0xfffd0d47 mov cl, byte [edx] mov esi, 3 and ecx, 0x30 @@ -65467,224 +65680,240 @@ cmp cl, 0x30 cmovne si, word [ebp - 0xe07a] mov word [ebp - 0xe07a], si -loc_fffd0a91: ; not directly referenced +loc_fffd0d47: ; not directly referenced inc eax add edx, 0x13c3 cmp eax, 2 -jne loc_fffd09b9 ; jne 0xfffd09b9 -cmp dword [ebp - 0xe0a0], 0 -jne short loc_fffd0ac8 ; jne 0xfffd0ac8 +jne loc_fffd0c6f ; jne 0xfffd0c6f +mov eax, dword [ebp + 8] +cmp byte [eax + 0x189e], 1 +jne short loc_fffd0d93 ; jne 0xfffd0d93 +cmp edi, 0x40670 +sete al +test byte [ebp - 0xe09c], al +je short loc_fffd0d93 ; je 0xfffd0d93 +mov eax, dword [ebp + 8] +mov edi, dword [ebp - 0xe0a8] +test byte [eax + 0x2443], 2 +mov al, 2 +cmovne edi, eax +mov eax, edi +mov byte [ebp - 0xe0a8], al +jmp short loc_fffd0dba ; jmp 0xfffd0dba + +loc_fffd0d93: ; not directly referenced +cmp dword [ebp - 0xe09c], 0 +jne short loc_fffd0dba ; jne 0xfffd0dba test bl, bl -je short loc_fffd0aea ; je 0xfffd0aea +je short loc_fffd0dda ; je 0xfffd0dda mov eax, dword [ebp + 8] test byte [eax + 0x2404], 0x20 lea eax, [ebp - 0xe051] -mov dword [ebp - 0xe0a4], eax -jne short loc_fffd0b05 ; jne 0xfffd0b05 -jmp short loc_fffd0af6 ; jmp 0xfffd0af6 +mov dword [ebp - 0xe0a0], eax +jne short loc_fffd0df5 ; jne 0xfffd0df5 +jmp short loc_fffd0de6 ; jmp 0xfffd0de6 -loc_fffd0ac8: ; not directly referenced +loc_fffd0dba: ; not directly referenced lea eax, [ebp - 0xe056] -mov dword [ebp - 0xe0a4], eax +mov edi, 2 +mov dword [ebp - 0xe0a0], eax lea esi, [ebp - 0xe065] -mov byte [ebp - 0xe09c], 3 -mov byte [ebp - 0xe07b], 2 -jmp short loc_fffd0b19 ; jmp 0xfffd0b19 +mov byte [ebp - 0xe088], 3 +jmp short loc_fffd0e07 ; jmp 0xfffd0e07 -loc_fffd0aea: ; not directly referenced +loc_fffd0dda: ; not directly referenced lea eax, [ebp - 0xe051] -mov dword [ebp - 0xe0a4], eax +mov dword [ebp - 0xe0a0], eax -loc_fffd0af6: ; not directly referenced -mov byte [ebp - 0xe09c], 1 +loc_fffd0de6: ; not directly referenced +mov byte [ebp - 0xe088], 1 lea esi, [ebp - 0xe06e] -jmp short loc_fffd0b12 ; jmp 0xfffd0b12 +jmp short loc_fffd0e02 ; jmp 0xfffd0e02 -loc_fffd0b05: ; not directly referenced -mov byte [ebp - 0xe09c], 2 +loc_fffd0df5: ; not directly referenced +mov byte [ebp - 0xe088], 2 lea esi, [ebp - 0xe067] -loc_fffd0b12: ; not directly referenced -mov byte [ebp - 0xe07b], 1 +loc_fffd0e02: ; not directly referenced +mov edi, 1 -loc_fffd0b19: ; not directly referenced -cmp dword [ebp - 0xe088], 0 -je short loc_fffd0b41 ; je 0xfffd0b41 +loc_fffd0e07: ; not directly referenced +cmp dword [ebp - 0xe084], 0 +je short loc_fffd0e2f ; je 0xfffd0e2f mov dx, word [ebp - 0xe07a] -mov ebx, dword [ebp - 0xe088] +mov ebx, dword [ebp - 0xe084] mov eax, edx add eax, 0xc dec ebx cmovne eax, edx mov word [ebp - 0xe07a], ax -jmp short loc_fffd0b4a ; jmp 0xfffd0b4a +jmp short loc_fffd0e38 ; jmp 0xfffd0e38 -loc_fffd0b41: ; not directly referenced +loc_fffd0e2f: ; not directly referenced mov word [ebp - 0xe07a], 0xc -loc_fffd0b4a: ; not directly referenced -lea eax, [edi - 0x10] -mov byte [ebp - 0xe0bc], al -movzx eax, byte [ebp - 0xe098] -mov byte [ebp - 0xe084], 0 -mov byte [ebp - 0xe0c8], 0 -mov dword [ebp - 0xe0f4], eax -movzx eax, byte [ebp - 0xe0ba] -mov dword [ebp - 0xe0dc], eax +loc_fffd0e38: ; not directly referenced +mov al, byte [ebp - 0xe098] +mov byte [ebp - 0xe0c2], 0 +mov byte [ebp - 0xe098], 0 +sub eax, 0x10 +mov byte [ebp - 0xe0c3], al +movzx eax, byte [ebp - 0xe0b8] +mov dword [ebp - 0xe104], eax +movzx eax, byte [ebp - 0xe0a8] +mov dword [ebp - 0xe0f0], eax -loc_fffd0b7b: ; not directly referenced -movsx eax, byte [ebp - 0xe0c8] -cmp eax, dword [ebp - 0xe0f4] -jge loc_fffd0d6d ; jge 0xfffd0d6d -movzx eax, byte [ebp - 0xe07b] -xor edi, edi -add eax, dword [ebp - 0xe0dc] -mov dword [ebp - 0xe0d8], eax +loc_fffd0e6f: ; not directly referenced +movsx eax, byte [ebp - 0xe0c2] +cmp eax, dword [ebp - 0xe104] +jge loc_fffd105f ; jge 0xfffd105f +mov al, byte [ebp - 0xe0a8] +mov byte [ebp - 0xe0a4], al +mov eax, edi +movzx eax, al +add eax, dword [ebp - 0xe0f0] +mov dword [ebp - 0xe0ec], eax -loc_fffd0ba3: ; not directly referenced -mov bl, byte [ebp - 0xe0ba] -mov al, bl -add eax, edi -mov dl, al -mov byte [ebp - 0xe0bb], al -movsx eax, al -cmp eax, dword [ebp - 0xe0d8] -jge loc_fffd0d56 ; jge 0xfffd0d56 +loc_fffd0e9f: ; not directly referenced +mov dl, byte [ebp - 0xe0a4] +movsx eax, dl +cmp eax, dword [ebp - 0xe0ec] +jge loc_fffd1048 ; jge 0xfffd1048 mov al, dl add eax, 2 -mov byte [ebp - 0xe0e5], al -mov al, bl -lea eax, [eax + edi - 1] -mov byte [ebp - 0xe098], al +mov byte [ebp - 0xe0c4], al +mov al, dl +dec eax +mov byte [ebp - 0xe0b8], al movsx eax, word [ebp - 0xe07a] -mov dword [ebp - 0xe0ec], eax -movzx eax, byte [ebp - 0xe09c] -mov dword [ebp - 0xe0f0], eax - -loc_fffd0bf5: ; not directly referenced -movsx eax, byte [ebp - 0xe098] -cmp eax, dword [ebp - 0xe0d8] -je loc_fffd0d38 ; je 0xfffd0d38 -cmp eax, dword [ebp - 0xe0dc] -jl loc_fffd0d38 ; jl 0xfffd0d38 -cmp byte [ebp - 0xe098], 1 -mov dword [ebp - 0xe0cc], 0 +mov dword [ebp - 0xe0fc], eax +movzx eax, byte [ebp - 0xe088] +mov dword [ebp - 0xe100], eax + +loc_fffd0ee2: ; not directly referenced +movsx eax, byte [ebp - 0xe0b8] +cmp eax, dword [ebp - 0xe0ec] +je loc_fffd1025 ; je 0xfffd1025 +cmp eax, dword [ebp - 0xe0f0] +jl loc_fffd1025 ; jl 0xfffd1025 +cmp byte [ebp - 0xe0b8], 1 +mov dword [ebp - 0xe0e0], 0 sete dl -cmp byte [ebp - 0xe0bb], 1 +cmp byte [ebp - 0xe0a4], 1 sete al or dl, al -je short loc_fffd0c42 ; je 0xfffd0c42 -mov eax, dword [ebp - 0xe0a0] -mov dword [ebp - 0xe0cc], eax +je short loc_fffd0f2f ; je 0xfffd0f2f +mov eax, dword [ebp - 0xe09c] +mov dword [ebp - 0xe0e0], eax -loc_fffd0c42: ; not directly referenced +loc_fffd0f2f: ; not directly referenced xor ebx, ebx -loc_fffd0c44: ; not directly referenced +loc_fffd0f31: ; not directly referenced mov eax, dword [ebp - 0xe080] bt eax, ebx -jb short loc_fffd0c57 ; jb 0xfffd0c57 +jb short loc_fffd0f44 ; jb 0xfffd0f44 -loc_fffd0c4f: ; not directly referenced +loc_fffd0f3c: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffd0c44 ; jne 0xfffd0c44 -jmp short loc_fffd0cd2 ; jmp 0xfffd0cd2 +jne short loc_fffd0f31 ; jne 0xfffd0f31 +jmp short loc_fffd0fbf ; jmp 0xfffd0fbf -loc_fffd0c57: ; not directly referenced -mov al, byte [ebp - 0xe0bb] -mov byte [ebp - 0xe0c4], 0 +loc_fffd0f44: ; not directly referenced +mov al, byte [ebp - 0xe0a4] +mov byte [ebp - 0xe0dc], 0 mov byte [ebp + ebx*2 - 0xe05e], al -mov al, byte [ebp - 0xe098] +mov al, byte [ebp - 0xe0b8] mov byte [ebp + ebx*2 - 0xe05d], al -loc_fffd0c78: ; not directly referenced -movzx eax, byte [ebp - 0xe0c4] -mov dword [ebp - 0xe0d4], eax -cmp eax, dword [ebp - 0xe0d0] -jae short loc_fffd0c4f ; jae 0xfffd0c4f +loc_fffd0f65: ; not directly referenced +movzx eax, byte [ebp - 0xe0dc] +mov dword [ebp - 0xe0e8], eax +cmp eax, dword [ebp - 0xe0e4] +jae short loc_fffd0f3c ; jae 0xfffd0f3c push 1 mov eax, dword [ebp + 8] xor ecx, ecx push 0 mov edx, ebx push 0 -push dword [ebp - 0xe0d4] -call fcn_fffafdb2 ; call 0xfffafdb2 +push dword [ebp - 0xe0e8] +call fcn_fffa972b ; call 0xfffa972b movzx ecx, byte [ebp + ebx - 0xe06d] mov edx, ebx push 1 mov eax, dword [ebp + 8] -push dword [ebp - 0xe0ec] +push dword [ebp - 0xe0fc] push 4 -push dword [ebp - 0xe0d4] -call fcn_fffafdb2 ; call 0xfffafdb2 +push dword [ebp - 0xe0e8] +call fcn_fffa972b ; call 0xfffa972b add esp, 0x20 -inc byte [ebp - 0xe0c4] -jmp short loc_fffd0c78 ; jmp 0xfffd0c78 +inc byte [ebp - 0xe0dc] +jmp short loc_fffd0f65 ; jmp 0xfffd0f65 -loc_fffd0cd2: ; not directly referenced -cmp byte [ebp - 0xe084], 0x28 -ja short loc_fffd0d38 ; ja 0xfffd0d38 -movzx eax, byte [ebp - 0xe084] +loc_fffd0fbf: ; not directly referenced +cmp byte [ebp - 0xe098], 0x28 +ja short loc_fffd1025 ; ja 0xfffd1025 +movzx eax, byte [ebp - 0xe098] sub esp, 0xc push 0 mov ecx, dword [ebp - 0xe080] -push dword [ebp - 0xe0cc] -push dword [ebp - 0xe0f0] +push dword [ebp - 0xe0e0] +push dword [ebp - 0xe100] imul eax, eax, 0x54e push esi lea edx, [ebp + eax - 0xd996] -movsx eax, byte [ebp - 0xe0bc] +movsx eax, byte [ebp - 0xe0c3] push eax lea eax, [ebp - 0xe062] push eax lea eax, [ebp - 0xe05e] push eax -movzx eax, byte [ebp - 0xe0c0] +movzx eax, byte [ebp - 0xe0c8] push 0 push eax mov eax, dword [ebp + 8] -call fcn_fffbf2e9 ; call 0xfffbf2e9 +call fcn_fffc1b5f ; call 0xfffc1b5f add esp, 0x30 -inc byte [ebp - 0xe084] - -loc_fffd0d38: ; not directly referenced inc byte [ebp - 0xe098] -mov al, byte [ebp - 0xe0e5] -cmp byte [ebp - 0xe098], al -jne loc_fffd0bf5 ; jne 0xfffd0bf5 -inc edi -jmp near loc_fffd0ba3 ; jmp 0xfffd0ba3 -loc_fffd0d56: ; not directly referenced -mov al, byte [ebp - 0xe0b8] -inc byte [ebp - 0xe0c8] -add byte [ebp - 0xe0bc], al -jmp near loc_fffd0b7b ; jmp 0xfffd0b7b - -loc_fffd0d6d: ; not directly referenced -movzx eax, byte [ebp - 0xe07c] +loc_fffd1025: ; not directly referenced +inc byte [ebp - 0xe0b8] +mov al, byte [ebp - 0xe0c4] +cmp byte [ebp - 0xe0b8], al +jne loc_fffd0ee2 ; jne 0xfffd0ee2 +inc byte [ebp - 0xe0a4] +jmp near loc_fffd0e9f ; jmp 0xfffd0e9f + +loc_fffd1048: ; not directly referenced +mov al, byte [ebp - 0xe0d8] +inc byte [ebp - 0xe0c2] +add byte [ebp - 0xe0c3], al +jmp near loc_fffd0e6f ; jmp 0xfffd0e6f + +loc_fffd105f: ; not directly referenced +movzx eax, byte [ebp - 0xe0c0] xor ebx, ebx -mov dword [ebp - 0xe09c], eax -movzx eax, byte [ebp - 0xe084] -mov dword [ebp - 0xe0b8], eax +mov dword [ebp - 0xe0a4], eax +movzx eax, byte [ebp - 0xe098] +mov dword [ebp - 0xe0a8], eax -loc_fffd0d89: ; not directly referenced +loc_fffd107b: ; not directly referenced mov eax, dword [ebp - 0xe080] mov byte [ebp + ebx - 0xe06b], 0 bt eax, ebx -jae loc_fffd0efc ; jae 0xfffd0efc +jae loc_fffd11ee ; jae 0xfffd11ee mov al, byte [ebp - 0xd467] -mov byte [ebp - 0xe098], 0 -mov byte [ebp - 0xe07b], al +mov byte [ebp - 0xe088], 0 +mov byte [ebp - 0xe0b8], al -loc_fffd0db3: ; not directly referenced -mov edi, dword [ebp - 0xe098] -mov al, byte [ebp - 0xe084] +loc_fffd10a5: ; not directly referenced +mov edi, dword [ebp - 0xe088] +mov al, byte [ebp - 0xe098] mov edx, edi cmp dl, al -je short loc_fffd0e08 ; je 0xfffd0e08 +je short loc_fffd10fa ; je 0xfffd10fa movzx ecx, dl imul esi, ecx, 0x2a7 add ecx, ecx @@ -65696,24 +65925,24 @@ lea eax, [ebp - 0xe03a] add ecx, eax xor eax, eax -loc_fffd0de6: ; not directly referenced -cmp byte [ebp - 0xe07b], al -jbe short loc_fffd0e00 ; jbe 0xfffd0e00 +loc_fffd10d8: ; not directly referenced +cmp byte [ebp - 0xe0b8], al +jbe short loc_fffd10f2 ; jbe 0xfffd10f2 imul edi, eax, 0x52 mov dx, word [esi + eax*4 + 0x53a] inc eax mov word [ecx + edi], dx -jmp short loc_fffd0de6 ; jmp 0xfffd0de6 +jmp short loc_fffd10d8 ; jmp 0xfffd10d8 -loc_fffd0e00: ; not directly referenced -inc byte [ebp - 0xe098] -jmp short loc_fffd0db3 ; jmp 0xfffd0db3 +loc_fffd10f2: ; not directly referenced +inc byte [ebp - 0xe088] +jmp short loc_fffd10a5 ; jmp 0xfffd10a5 -loc_fffd0e08: ; not directly referenced -mov eax, dword [ebp - 0xe09c] +loc_fffd10fa: ; not directly referenced +mov eax, dword [ebp - 0xe0a4] lea ecx, [ebx*4] sub esp, 0xc -mov edi, dword [ebp - 0xe0a4] +mov edi, dword [ebp - 0xe0a0] lea esi, [ebp - 0xe03a] mov edx, ebx push 7 @@ -65725,19 +65954,19 @@ push eax push edi lea eax, [ebp - 0xd466] push eax -push dword [ebp - 0xe0b8] +push dword [ebp - 0xe0a8] lea eax, [ebp - 0xd996] push 0x29 push esi push eax mov eax, dword [ebp + 8] -call fcn_fffb97c0 ; call 0xfffb97c0 +call fcn_fffb78c3 ; call 0xfffb78c3 add esp, 0x2c mov ecx, esi push 0 lea eax, [ebp - 0xe044] push eax -movsx eax, byte [ebp - 0xe084] +movsx eax, byte [ebp - 0xe098] push 1 push 1 push edi @@ -65745,7 +65974,7 @@ push eax mov eax, dword [ebp + 8] push 0x29 lea edx, [ebp - 0xdea0] -call fcn_fffa5d2d ; call 0xfffa5d2d +call fcn_fffa5cdb ; call 0xfffa5cdb movsx di, byte [ebp - 0xde9e] lea eax, [ebp - 0xd996] add edi, dword [ebp - 0xdea0] @@ -65762,7 +65991,7 @@ add eax, esi mov ecx, eax mov eax, dword [ebp + 8] add edi, ebx -call fcn_fffb3a79 ; call 0xfffb3a79 +call fcn_fffafe03 ; call 0xfffafe03 mov al, byte [ebp + edi*2 - 0xd996] add esp, 0x10 mov byte [ebp + ebx*2 - 0xe05a], al @@ -65774,68 +66003,68 @@ mov eax, dword [eax + 9] mov byte [ebp + ebx - 0xe06b], dl mov dword [ebp + ebx*4 - 0xe04c], eax -loc_fffd0efc: ; not directly referenced +loc_fffd11ee: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffd0d89 ; jne 0xfffd0d89 +jne loc_fffd107b ; jne 0xfffd107b test byte [ebp - 0xe080], 1 -je short loc_fffd0f1f ; je 0xfffd0f1f +je short loc_fffd1211 ; je 0xfffd1211 mov al, byte [ebp - 0xe06b] mov bl, 1 -mov byte [ebp - 0xe084], al -jmp short loc_fffd0f28 ; jmp 0xfffd0f28 +mov byte [ebp - 0xe098], al +jmp short loc_fffd121a ; jmp 0xfffd121a -loc_fffd0f1f: ; not directly referenced -mov byte [ebp - 0xe084], 0 +loc_fffd1211: ; not directly referenced +mov byte [ebp - 0xe098], 0 xor ebx, ebx -loc_fffd0f28: ; not directly referenced +loc_fffd121a: ; not directly referenced mov eax, dword [ebp - 0xe080] shr eax, 1 -je short loc_fffd0f41 ; je 0xfffd0f41 +je short loc_fffd1233 ; je 0xfffd1233 mov al, byte [ebp - 0xe06a] inc ebx -add byte [ebp - 0xe084], al -jmp short loc_fffd0f47 ; jmp 0xfffd0f47 +add byte [ebp - 0xe098], al +jmp short loc_fffd1239 ; jmp 0xfffd1239 -loc_fffd0f41: ; not directly referenced +loc_fffd1233: ; not directly referenced test bl, bl -je short loc_fffd0f5a ; je 0xfffd0f5a +je short loc_fffd124c ; je 0xfffd124c mov bl, 1 -loc_fffd0f47: ; not directly referenced -movsx eax, byte [ebp - 0xe084] +loc_fffd1239: ; not directly referenced +movsx eax, byte [ebp - 0xe098] movzx ecx, bl cdq idiv ecx -mov byte [ebp - 0xe084], al +mov byte [ebp - 0xe098], al -loc_fffd0f5a: ; not directly referenced -movzx ecx, byte [ebp - 0xe084] +loc_fffd124c: ; not directly referenced +movzx ecx, byte [ebp - 0xe098] sub esp, 0xc xor edx, edx mov eax, dword [ebp + 8] push 1 -call fcn_fffa83c9 ; call 0xfffa83c9 +call fcn_fffa8377 ; call 0xfffa8377 add esp, 0x10 mov edi, eax cmp bl, 2 -je short loc_fffd0fd2 ; je 0xfffd0fd2 +je short loc_fffd12c4 ; je 0xfffd12c4 -loc_fffd0f7a: ; not directly referenced +loc_fffd126c: ; not directly referenced mov eax, dword [ebp + 8] mov esi, dword [ebp - 0xe080] push edx push 0 -add eax, 0x2490 +add eax, 0x2491 mov edx, eax mov edi, eax -mov dword [ebp - 0xe0b8], eax +mov dword [ebp - 0xe0a8], eax mov eax, dword [ebp + 8] mov ecx, esi push 0 push 0 -call fcn_fffc19af ; call 0xfffc19af +call fcn_fffbf98a ; call 0xfffbf98a mov eax, dword [ebp + 8] mov edx, edi pop ecx @@ -65847,39 +66076,39 @@ push 0 push 0 push 0 push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d +call fcn_fffbea08 ; call 0xfffbea08 add esp, 0x20 -cmp dword [ebp - 0xe0e4], 3 -jne loc_fffd105e ; jne 0xfffd105e -jmp near loc_fffd110a ; jmp 0xfffd110a +cmp dword [ebp - 0xe0f8], 3 +jne loc_fffd1350 ; jne 0xfffd1350 +jmp near loc_fffd13fc ; jmp 0xfffd13fc -loc_fffd0fd2: ; not directly referenced -mov esi, dword [ebp - 0xe0e0] +loc_fffd12c4: ; not directly referenced +mov esi, dword [ebp - 0xe0f4] xor ebx, ebx add esi, 0x1c -loc_fffd0fdd: ; not directly referenced +loc_fffd12cf: ; not directly referenced mov eax, dword [ebp - 0xe080] bt eax, ebx -jb short loc_fffd0ff6 ; jb 0xfffd0ff6 +jb short loc_fffd12e8 ; jb 0xfffd12e8 -loc_fffd0fe8: ; not directly referenced +loc_fffd12da: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -jne short loc_fffd0fdd ; jne 0xfffd0fdd -jmp short loc_fffd0f7a ; jmp 0xfffd0f7a +jne short loc_fffd12cf ; jne 0xfffd12cf +jmp short loc_fffd126c ; jmp 0xfffd126c -loc_fffd0ff6: ; not directly referenced +loc_fffd12e8: ; not directly referenced sub dword [ebp + ebx*4 - 0xe04c], edi -mov byte [ebp - 0xe098], 0 +mov byte [ebp - 0xe088], 0 -loc_fffd1004: ; not directly referenced +loc_fffd12f6: ; not directly referenced mov edx, dword [ebp + 8] -mov al, byte [ebp - 0xe098] -cmp al, byte [edx + 0x2488] -jae short loc_fffd0fe8 ; jae 0xfffd0fe8 -movzx edx, byte [ebp - 0xe098] +mov al, byte [ebp - 0xe088] +cmp al, byte [edx + 0x2489] +jae short loc_fffd12da ; jae 0xfffd12da +movzx edx, byte [ebp - 0xe088] push 1 lea eax, [edx + 0x1c] mov cl, byte [esi + eax*4 + 9] @@ -65897,79 +66126,79 @@ mov eax, dword [ebp + 8] push 1 push edx mov edx, ebx -call fcn_fffafdb2 ; call 0xfffafdb2 +call fcn_fffa972b ; call 0xfffa972b add esp, 0x10 -inc byte [ebp - 0xe098] -jmp short loc_fffd1004 ; jmp 0xfffd1004 +inc byte [ebp - 0xe088] +jmp short loc_fffd12f6 ; jmp 0xfffd12f6 -loc_fffd105e: ; not directly referenced +loc_fffd1350: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [ebp - 0xe0a8], 0 -mov byte [ebp - 0xe07b], 1 +cmp dword [ebp - 0xe0bc], 0 +mov byte [ebp - 0xe0a0], 1 mov al, byte [eax + 0x2411] sete dl -test byte [ebp - 0xe0a0], dl -jne short loc_fffd1092 ; jne 0xfffd1092 +test byte [ebp - 0xe09c], dl +jne short loc_fffd1384 ; jne 0xfffd1384 test al, al mov edi, 1 cmove edi, eax mov eax, edi -mov byte [ebp - 0xe07b], al +mov byte [ebp - 0xe0a0], al -loc_fffd1092: ; not directly referenced +loc_fffd1384: ; not directly referenced lea eax, [ebp - 0xe062] mov dword [ebp - 0xe09c], eax -movsx eax, byte [ebp - 0xe084] -mov dword [ebp - 0xe098], 0 -mov dword [ebp - 0xe0c8], eax +movsx eax, byte [ebp - 0xe098] +mov dword [ebp - 0xe088], 0 +mov dword [ebp - 0xe0dc], eax -loc_fffd10b5: ; not directly referenced -mov eax, dword [ebp - 0xe098] +loc_fffd13a7: ; not directly referenced +mov eax, dword [ebp - 0xe088] mov ebx, 3 mov ecx, eax add ecx, eax mov eax, dword [ebp + 8] shl ebx, cl -test byte [eax + 0x248d], bl -jne short loc_fffd1143 ; jne 0xfffd1143 +test byte [eax + 0x248e], bl +jne short loc_fffd1435 ; jne 0xfffd1435 -loc_fffd10d1: ; not directly referenced -inc dword [ebp - 0xe098] +loc_fffd13c3: ; not directly referenced +inc dword [ebp - 0xe088] inc dword [ebp - 0xe09c] -cmp dword [ebp - 0xe098], 2 -jne short loc_fffd10b5 ; jne 0xfffd10b5 +cmp dword [ebp - 0xe088], 2 +jne short loc_fffd13a7 ; jne 0xfffd13a7 movsx edi, word [ebp - 0xe07a] xor ebx, ebx -loc_fffd10ef: ; not directly referenced +loc_fffd13e1: ; not directly referenced mov eax, dword [ebp + 8] xor esi, esi -movzx eax, byte [eax + 0x248e] +movzx eax, byte [eax + 0x248f] bt eax, ebx -jb loc_fffd1379 ; jb 0xfffd1379 +jb loc_fffd166b ; jb 0xfffd166b -loc_fffd1104: ; not directly referenced +loc_fffd13f6: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffd10ef ; jne 0xfffd10ef +jne short loc_fffd13e1 ; jne 0xfffd13e1 -loc_fffd110a: ; not directly referenced +loc_fffd13fc: ; not directly referenced mov eax, dword [ebp + 8] sub esp, 0xc xor ecx, ecx -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] push 0 -call fcn_fffcc3c6 ; call 0xfffcc3c6 +call fcn_fffccd2e ; call 0xfffccd2e add esp, 0x10 -cmp dword [ebp - 0xe088], 0 -jne loc_fffd13a8 ; jne 0xfffd13a8 +cmp dword [ebp - 0xe084], 0 +jne loc_fffd169a ; jne 0xfffd169a sub esp, 0xc push dword [ebp + 8] -call fcn_fffbdcd9 ; call 0xfffbdcd9 +call fcn_fffc054a ; call 0xfffc054a add esp, 0x10 -jmp near loc_fffd13a8 ; jmp 0xfffd13a8 +jmp near loc_fffd169a ; jmp 0xfffd169a -loc_fffd1143: ; not directly referenced +loc_fffd1435: ; not directly referenced test byte [ebp - 0xe06d], bl setne al mov dl, al @@ -65977,14 +66206,14 @@ or edx, 2 test byte [ebp - 0xe06c], bl cmovne eax, edx xor esi, esi -and al, byte [ebp - 0xe0b9] +and al, byte [ebp - 0xe0c1] lea edx, [ebp - 0xd996] mov edi, edx movzx eax, al mov dword [ebp - 0xe0a4], eax -loc_fffd1173: ; not directly referenced -mov al, byte [ebp - 0xe07b] +loc_fffd1465: ; not directly referenced +mov al, byte [ebp - 0xe0a0] sub esp, 0xc mov edx, dword [ebp - 0xe09c] mov ecx, dword [ebp - 0xe0a4] @@ -65994,14 +66223,14 @@ mov byte [edx], al mov byte [edx + 2], al sete al mov edx, edi -and eax, dword [ebp - 0xe0a8] +and eax, dword [ebp - 0xe0bc] add edi, 0x54e push eax push 0 push 2 lea eax, [ebp - 0xe069] push eax -push dword [ebp - 0xe0c8] +push dword [ebp - 0xe0dc] lea eax, [ebp - 0xe062] push eax lea eax, [ebp - 0xe05a] @@ -66009,34 +66238,34 @@ push eax mov eax, dword [ebp + 8] push 1 push ebx -call fcn_fffbf2e9 ; call 0xfffbf2e9 +call fcn_fffc1b5f ; call 0xfffc1b5f lea eax, [esi + 1] inc esi -mov byte [ebp - 0xe0a0], al -mov al, byte [ebp - 0xe07b] +mov byte [ebp - 0xe0b8], al +mov al, byte [ebp - 0xe0a0] add esp, 0x30 add eax, esi cmp al, 2 -jbe short loc_fffd1173 ; jbe 0xfffd1173 -movsx eax, byte [ebp - 0xe0a0] -mov cl, byte [ebp - 0xe098] -mov dword [ebp - 0xe084], 1 -shl dword [ebp - 0xe084], cl +jbe short loc_fffd1465 ; jbe 0xfffd1465 +movsx eax, byte [ebp - 0xe0b8] +mov cl, byte [ebp - 0xe088] +mov dword [ebp - 0xe098], 1 +shl dword [ebp - 0xe098], cl movzx ebx, al mov dword [ebp - 0xe080], 0 mov dword [ebp - 0xe0c0], ebx -mov dword [ebp - 0xe0c4], eax +mov dword [ebp - 0xe0c8], eax -loc_fffd121c: ; not directly referenced +loc_fffd150e: ; not directly referenced mov eax, dword [ebp - 0xe0a4] -mov edx, dword [ebp - 0xe080] -bt eax, edx -jae loc_fffd1361 ; jae 0xfffd1361 +mov ebx, dword [ebp - 0xe080] +bt eax, ebx +jae loc_fffd1653 ; jae 0xfffd1653 mov al, byte [ebp - 0xd467] xor edx, edx -mov byte [ebp - 0xe07c], al +mov byte [ebp - 0xe0d8], al -loc_fffd123f: ; not directly referenced +loc_fffd1531: ; not directly referenced movzx ecx, dl imul ebx, ecx, 0x2a7 add ecx, ecx @@ -66048,23 +66277,23 @@ lea eax, [ebp - 0xe03a] add ecx, eax xor eax, eax -loc_fffd1264: ; not directly referenced -cmp byte [ebp - 0xe07c], al -jbe short loc_fffd127e ; jbe 0xfffd127e +loc_fffd1556: ; not directly referenced +cmp byte [ebp - 0xe0d8], al +jbe short loc_fffd1570 ; jbe 0xfffd1570 imul esi, eax, 0x52 mov di, word [ebx + eax*4 + 0x53a] inc eax mov word [ecx + esi], di -jmp short loc_fffd1264 ; jmp 0xfffd1264 +jmp short loc_fffd1556 ; jmp 0xfffd1556 -loc_fffd127e: ; not directly referenced +loc_fffd1570: ; not directly referenced inc edx -cmp dl, byte [ebp - 0xe0a0] -jne short loc_fffd123f ; jne 0xfffd123f +cmp dl, byte [ebp - 0xe0b8] +jne short loc_fffd1531 ; jne 0xfffd1531 movzx eax, byte [ebp - 0xd467] sub esp, 0xc push 8 -mov ecx, dword [ebp - 0xe084] +mov ecx, dword [ebp - 0xe098] push 0 mov edx, dword [ebp - 0xe080] lea ebx, [ebp - 0xe051] @@ -66080,7 +66309,7 @@ push 0x29 push esi push eax mov eax, dword [ebp + 8] -call fcn_fffb97c0 ; call 0xfffb97c0 +call fcn_fffb78c3 ; call 0xfffb78c3 add esp, 0x2c mov ecx, esi push 0 @@ -66090,10 +66319,10 @@ mov eax, dword [ebp + 8] push 1 push 1 push ebx -push dword [ebp - 0xe0c4] +push dword [ebp - 0xe0c8] lea edx, [ebp - 0xdea0] push 0x29 -call fcn_fffa5d2d ; call 0xfffa5d2d +call fcn_fffa5cdb ; call 0xfffa5cdb movsx si, byte [ebp - 0xde9e] add esp, 0x18 add esi, dword [ebp - 0xdea0] @@ -66110,28 +66339,28 @@ mov ecx, edi add esi, edi shl edx, cl mov ecx, ebx -call fcn_fffb3a79 ; call 0xfffb3a79 +call fcn_fffafe03 ; call 0xfffafe03 add esi, esi mov edx, edi lea eax, [ebp - 0x18] mov edi, dword [ebp - 0xe09c] add esp, 0x10 add esi, eax -mov eax, dword [ebp - 0xe098] +mov eax, dword [ebp - 0xe088] mov al, byte [eax + esi - 0xd97a] mov byte [edi + edx*2], al -loc_fffd1361: ; not directly referenced +loc_fffd1653: ; not directly referenced inc dword [ebp - 0xe080] cmp dword [ebp - 0xe080], 2 -jne loc_fffd121c ; jne 0xfffd121c -jmp near loc_fffd10d1 ; jmp 0xfffd10d1 +jne loc_fffd150e ; jne 0xfffd150e +jmp near loc_fffd13c3 ; jmp 0xfffd13c3 -loc_fffd1379: ; not directly referenced +loc_fffd166b: ; not directly referenced mov eax, esi movzx eax, al -cmp eax, dword [ebp - 0xe0d0] -jae loc_fffd1104 ; jae 0xfffd1104 +cmp eax, dword [ebp - 0xe0e4] +jae loc_fffd13f6 ; jae 0xfffd13f6 push 1 movzx ecx, byte [ebp + ebx - 0xe06d] mov edx, ebx @@ -66140,32 +66369,32 @@ inc esi push 4 push eax mov eax, dword [ebp + 8] -call fcn_fffafdb2 ; call 0xfffafdb2 +call fcn_fffa972b ; call 0xfffa972b add esp, 0x10 -jmp short loc_fffd1379 ; jmp 0xfffd1379 +jmp short loc_fffd166b ; jmp 0xfffd166b -loc_fffd13a8: ; not directly referenced +loc_fffd169a: ; not directly referenced push eax -mov edx, dword [ebp - 0xe0b8] +mov edx, dword [ebp - 0xe0a8] push eax mov eax, dword [ebp + 8] -movzx ecx, byte [eax + 0x248e] +movzx ecx, byte [eax + 0x248f] push 0 push 0xf push 0 push 0 push 0 push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d +call fcn_fffbea08 ; call 0xfffbea08 add esp, 0x20 -cmp dword [ebp - 0xe088], 1 -jne short loc_fffd13e5 ; jne 0xfffd13e5 +cmp dword [ebp - 0xe084], 1 +jne short loc_fffd16d7 ; jne 0xfffd16d7 sub esp, 0xc push dword [ebp + 8] -call fcn_fffbdcd9 ; call 0xfffbdcd9 +call fcn_fffc054a ; call 0xfffc054a add esp, 0x10 -loc_fffd13e5: ; not directly referenced +loc_fffd16d7: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -66173,7 +66402,7 @@ pop edi pop ebp ret -fcn_fffd13ed: ; not directly referenced +fcn_fffd16df: ; not directly referenced push ebp mov ebp, esp push edi @@ -66193,7 +66422,7 @@ mov byte [ebp - 0xeb], al mov al, byte [ebp + 0x18] mov byte [ebp - 0xec], bl mov byte [ebp - 0xd3], al -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] mov dword [ebp - 0xf8], eax mov al, cl shr al, 4 @@ -66201,11 +66430,11 @@ inc eax mov byte [ebp - 0xf9], al xor eax, eax cmp cl, 0x21 -ja short loc_fffd1460 ; ja 0xfffd1460 +ja short loc_fffd1752 ; ja 0xfffd1752 movzx eax, byte [ebp - 0xe4] -movzx eax, byte [eax + ref_fffd5f1c] ; movzx eax, byte [eax - 0x2a0e4] +movzx eax, byte [eax + ref_fffd58e0] ; movzx eax, byte [eax - 0x2a720] -loc_fffd1460: ; not directly referenced +loc_fffd1752: ; not directly referenced mov ecx, dword [ebp - 0xe4] mov dword [ebp - 0xd8], 1 cmp cl, 0x21 @@ -66213,21 +66442,21 @@ sete dl cmp cl, 0x11 sete cl or dl, cl -jne short loc_fffd1492 ; jne 0xfffd1492 +jne short loc_fffd1784 ; jne 0xfffd1784 xor ecx, ecx cmp byte [ebp - 0xe4], 5 sete cl mov dword [ebp - 0xd8], ecx -loc_fffd1492: ; not directly referenced -movzx ecx, byte [edi + 0x2488] +loc_fffd1784: ; not directly referenced +movzx ecx, byte [edi + 0x2489] mov esi, 1 shl esi, cl dec esi -cmp byte [edi + 0x248b], 1 +cmp byte [edi + 0x248c], 1 mov word [ebp - 0xea], si -jne short loc_fffd151e ; jne 0xfffd151e -mov cl, byte [edi + 0x248c] +jne short loc_fffd1810 ; jne 0xfffd1810 +mov cl, byte [edi + 0x248d] lea esi, [ecx + 4] mov byte [ebp - 0x9a], cl mov edx, esi @@ -66236,7 +66465,7 @@ add ecx, 2 mov byte [ebp - 0x98], dl mov byte [ebp - 0x97], cl -loc_fffd14d7: ; not directly referenced +loc_fffd17c9: ; not directly referenced imul eax, eax, 0x240 movzx ebx, bl add eax, dword [ebp - 0xbc] @@ -66249,24 +66478,24 @@ movzx eax, byte [ebp - 0xec] mov dword [ebp - 0x118], eax imul eax, eax, 0x12 mov dword [ebp - 0xd0], eax -jmp short loc_fffd1559 ; jmp 0xfffd1559 +jmp short loc_fffd184b ; jmp 0xfffd184b -loc_fffd151e: ; not directly referenced +loc_fffd1810: ; not directly referenced mov byte [ebp - 0x9a], 1 mov byte [ebp - 0x99], 1 mov byte [ebp - 0x98], 1 mov byte [ebp - 0x97], 1 -jmp short loc_fffd14d7 ; jmp 0xfffd14d7 +jmp short loc_fffd17c9 ; jmp 0xfffd17c9 -loc_fffd153c: ; not directly referenced +loc_fffd182e: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffd1f38 ; jne 0xfffd1f38 +jne loc_fffd222a ; jne 0xfffd222a inc dword [ebp - 0xc4] cmp dword [ebp - 0xc4], 2 -je loc_fffd1fc4 ; je 0xfffd1fc4 +je loc_fffd22b6 ; je 0xfffd22b6 -loc_fffd1559: ; not directly referenced +loc_fffd184b: ; not directly referenced mov ebx, dword [ebp - 0xf8] lea eax, [ebp - 0xa2] xor esi, esi @@ -66287,17 +66516,17 @@ lea eax, [ebp - 0x72] add esp, 0x10 mov dword [ebp - 0xbc], eax -loc_fffd1591: ; not directly referenced +loc_fffd1883: ; not directly referenced movzx eax, byte [ebp - 0xfa] bt eax, esi mov dword [ebp - 0xe0], eax -jb short loc_fffd15bf ; jb 0xfffd15bf +jb short loc_fffd18b1 ; jb 0xfffd18b1 mov ax, word [ebp - 0xea] mov word [ebp + esi*2 - 0xa2], ax mov word [ebp + esi*2 - 0x9e], ax -jmp near loc_fffd1766 ; jmp 0xfffd1766 +jmp near loc_fffd1a58 ; jmp 0xfffd1a58 -loc_fffd15bf: ; not directly referenced +loc_fffd18b1: ; not directly referenced mov eax, dword [ebp - 0xbc] mov byte [ebp - 0xc0], 0 mov byte [eax], 0x7f @@ -66308,10 +66537,10 @@ mov dword [ebp - 0xf0], eax lea eax, [esi + esi*8] mov dword [ebp - 0xe8], eax -loc_fffd15e8: ; not directly referenced +loc_fffd18da: ; not directly referenced mov al, byte [ebp - 0xc0] -cmp al, byte [edi + 0x2488] -jae loc_fffd171e ; jae 0xfffd171e +cmp al, byte [edi + 0x2489] +jae loc_fffd1a10 ; jae 0xfffd1a10 movzx eax, byte [ebp - 0xc0] lea ecx, [ebp - 0x18] mov ebx, eax @@ -66324,7 +66553,7 @@ movzx eax, byte [ebp - 0xd3] cmp byte [ebp - 0xeb], 1 mov byte [ebx + edx - 0x7e], 0x7f mov byte [ebp - 0xd1], al -jne short loc_fffd1659 ; jne 0xfffd1659 +jne short loc_fffd194b ; jne 0xfffd194b push edx movzx ecx, byte [ebp - 0xd4] mov edx, esi @@ -66332,11 +66561,11 @@ push eax mov eax, edi push dword [ebp - 0xc4] push ebx -call fcn_fffaec68 ; call 0xfffaec68 +call fcn_fffb399f ; call 0xfffb399f add esp, 0x10 mov byte [ebp - 0xd1], al -loc_fffd1659: ; not directly referenced +loc_fffd194b: ; not directly referenced lea eax, [esi + esi*8] xor edx, edx mov dword [ebp - 0xdc], eax @@ -66356,18 +66585,18 @@ cmova eax, edx mov edx, dword [ebp - 0xc8] cmp dword [ebp - 0xd8], 1 mov dword [edx + ebx*4], eax -jne short loc_fffd16d2 ; jne 0xfffd16d2 +jne short loc_fffd19c4 ; jne 0xfffd19c4 mov ebx, dword [ebp - 0xbc] movzx edx, byte [ebx] cmp eax, edx -jae short loc_fffd16e9 ; jae 0xfffd16e9 +jae short loc_fffd19db ; jae 0xfffd19db mov ebx, dword [ebp - 0xe8] mov byte [ebp + ebx - 0x84], al mov ebx, dword [ebp - 0xbc] mov byte [ebx], al -jmp short loc_fffd16e9 ; jmp 0xfffd16e9 +jmp short loc_fffd19db ; jmp 0xfffd19db -loc_fffd16d2: ; not directly referenced +loc_fffd19c4: ; not directly referenced mov ecx, dword [ebp - 0xdc] lea ebx, [ebp - 0x18] add ecx, ebx @@ -66375,7 +66604,7 @@ add ecx, dword [ebp - 0xcc] mov byte [ecx - 0x6c], al mov byte [ecx - 0x5a], al -loc_fffd16e9: ; not directly referenced +loc_fffd19db: ; not directly referenced movzx eax, byte [ebp - 0xc0] mov ebx, dword [ebp + 0x14] movzx ecx, byte [ebx + eax] @@ -66385,21 +66614,21 @@ and ecx, 0x7f or ch, 1 lea edx, [eax + ebx*4] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0xc0] -jmp near loc_fffd15e8 ; jmp 0xfffd15e8 +jmp near loc_fffd18da ; jmp 0xfffd18da -loc_fffd171e: ; not directly referenced +loc_fffd1a10: ; not directly referenced cmp dword [ebp - 0xd8], 1 -jne short loc_fffd1766 ; jne 0xfffd1766 +jne short loc_fffd1a58 ; jne 0xfffd1a58 lea edx, [esi + esi*8] xor eax, eax add edx, dword [ebp - 0xd0] mov dword [ebp - 0xc0], edx -loc_fffd1738: ; not directly referenced -cmp al, byte [edi + 0x2488] -jae short loc_fffd1766 ; jae 0xfffd1766 +loc_fffd1a2a: ; not directly referenced +cmp al, byte [edi + 0x2489] +jae short loc_fffd1a58 ; jae 0xfffd1a58 mov ebx, dword [ebp - 0xbc] movzx ecx, al inc eax @@ -66409,13 +66638,13 @@ movzx ebx, byte [ebx] add ecx, ecx add ecx, dword [ebp - 0xc4] mov dword [edx + ecx*4], ebx -jmp short loc_fffd1738 ; jmp 0xfffd1738 +jmp short loc_fffd1a2a ; jmp 0xfffd1a2a -loc_fffd1766: ; not directly referenced +loc_fffd1a58: ; not directly referenced inc esi add dword [ebp - 0xbc], 9 cmp esi, 2 -jne loc_fffd1591 ; jne 0xfffd1591 +jne loc_fffd1883 ; jne 0xfffd1883 mov eax, dword [ebp - 0xc4] lea esi, [eax + eax - 1] mov dword [ebp - 0x114], esi @@ -66424,33 +66653,33 @@ add eax, dword [ebp - 0x110] lea eax, [esi + eax*4] mov dword [ebp - 0xf0], eax -loc_fffd179c: ; not directly referenced +loc_fffd1a8e: ; not directly referenced mov ecx, 4 mov edx, 0x4800 mov eax, edi xor esi, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffd17af: ; not directly referenced +loc_fffd1aa1: ; not directly referenced movzx eax, byte [ebp - 0xf9] cmp esi, eax -jae loc_fffd1883 ; jae 0xfffd1883 +jae loc_fffd1b75 ; jae 0xfffd1b75 xor ebx, ebx -loc_fffd17c0: ; not directly referenced +loc_fffd1ab2: ; not directly referenced mov eax, dword [ebp - 0xe0] bt eax, ebx -jb short loc_fffd17fd ; jb 0xfffd17fd +jb short loc_fffd1aef ; jb 0xfffd1aef -loc_fffd17cb: ; not directly referenced +loc_fffd1abd: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffd17c0 ; jne 0xfffd17c0 +jne short loc_fffd1ab2 ; jne 0xfffd1ab2 xor eax, eax mov edx, dword [ebp - 0xe0] test esi, esi push ecx -movzx ecx, byte [edi + 0x248b] +movzx ecx, byte [edi + 0x248c] sete al push 0 inc esi @@ -66458,20 +66687,20 @@ push eax lea eax, [ebp - 0x9a] push eax mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 -jmp short loc_fffd17af ; jmp 0xfffd17af +jmp short loc_fffd1aa1 ; jmp 0xfffd1aa1 -loc_fffd17fd: ; not directly referenced +loc_fffd1aef: ; not directly referenced mov eax, dword [ebp - 0xe0] lea ecx, [ebx + 1] xor edx, edx sar eax, cl mov dword [ebp - 0xbc], eax -loc_fffd1810: ; not directly referenced -cmp dl, byte [edi + 0x2488] -jae short loc_fffd17cb ; jae 0xfffd17cb +loc_fffd1b02: ; not directly referenced +cmp dl, byte [edi + 0x2489] +jae short loc_fffd1abd ; jae 0xfffd1abd push 1 movzx eax, dl push dword [ebp - 0xbc] @@ -66495,31 +66724,31 @@ movzx eax, byte [ebp - 0xeb] push ecx push eax push edi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 mov edx, dword [ebp - 0xc0] cmp dword [ebp - 0xd8], 0 -jne loc_fffd17cb ; jne 0xfffd17cb +jne loc_fffd1abd ; jne 0xfffd1abd inc edx -jmp short loc_fffd1810 ; jmp 0xfffd1810 +jmp short loc_fffd1b02 ; jmp 0xfffd1b02 -loc_fffd1883: ; not directly referenced +loc_fffd1b75: ; not directly referenced xor esi, esi -loc_fffd1885: ; not directly referenced +loc_fffd1b77: ; not directly referenced mov eax, dword [ebp - 0xe0] bt eax, esi -jae loc_fffd1edf ; jae 0xfffd1edf +jae loc_fffd21d1 ; jae 0xfffd21d1 mov eax, esi shl eax, 0xa add eax, 0x4114 mov dword [ebp - 0x10c], eax mov byte [ebp - 0xe8], 0 -loc_fffd18ab: ; not directly referenced +loc_fffd1b9d: ; not directly referenced mov al, byte [ebp - 0xe8] -cmp al, byte [edi + 0x2488] -jae loc_fffd1e18 ; jae 0xfffd1e18 +cmp al, byte [edi + 0x2489] +jae loc_fffd210a ; jae 0xfffd210a mov cl, byte [ebp - 0xe8] movzx eax, cl mov dword [ebp - 0xbc], eax @@ -66530,7 +66759,7 @@ mov dword [ebp - 0xc0], eax mov ax, word [ebp + esi*2 - 0x9e] and ax, word [ebp + esi*2 - 0xa2] test bx, ax -jne loc_fffd1e0d ; jne 0xfffd1e0d +jne loc_fffd20ff ; jne 0xfffd20ff xor eax, eax mov bl, cl mov edx, dword [ebp - 0x10c] @@ -66540,7 +66769,7 @@ mov ebx, dword [ebp - 0xbc] mov byte [ebp - 0xd2], al mov eax, edi lea edx, [edx + ebx*4] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, dword [ebp - 0xd0] lea ebx, [esi + esi*8] mov ecx, dword [ebp - 0xbc] @@ -66565,37 +66794,37 @@ mov edx, dword [ebp - 0xf4] and eax, 0x7fffff mov dword [ebp - 0xdc], eax movzx eax, byte [ebp - 0xd2] -jne loc_fffd1abc ; jne 0xfffd1abc +jne loc_fffd1dae ; jne 0xfffd1dae add edx, eax mov al, byte [ebp - 0xcc] cmp al, byte [edx - 0x6c] -jne loc_fffd1a4e ; jne 0xfffd1a4e +jne loc_fffd1d40 ; jne 0xfffd1d40 cmp byte [ebp - 0xd1], 0 -jns short loc_fffd19e2 ; jns 0xfffd19e2 +jns short loc_fffd1cd4 ; jns 0xfffd1cd4 cmp byte [edx - 0x5a], al -jne short loc_fffd19cc ; jne 0xfffd19cc +jne short loc_fffd1cbe ; jne 0xfffd1cbe -loc_fffd19af: ; not directly referenced +loc_fffd1ca1: ; not directly referenced lea ebx, [ebp - 0x18] mov ecx, dword [ebp - 0xbc] lea eax, [esi + esi*8] add eax, ebx mov bl, byte [ebp - 0xcc] mov byte [ecx + eax - 0x7e], bl -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd19cc: ; not directly referenced +loc_fffd1cbe: ; not directly referenced mov dword [ebp - 0xa8], 1 -loc_fffd19d6: ; not directly referenced +loc_fffd1cc8: ; not directly referenced mov eax, dword [ebp - 0xa8] test eax, eax -jne short loc_fffd19d6 ; jne 0xfffd19d6 -jmp short loc_fffd19af ; jmp 0xfffd19af +jne short loc_fffd1cc8 ; jne 0xfffd1cc8 +jmp short loc_fffd1ca1 ; jmp 0xfffd1ca1 -loc_fffd19e2: ; not directly referenced +loc_fffd1cd4: ; not directly referenced cmp byte [ebp - 0xd1], 1 -jne short loc_fffd1a1a ; jne 0xfffd1a1a +jne short loc_fffd1d0c ; jne 0xfffd1d0c add ebx, dword [ebp - 0xbc] mov eax, dword [ebp + ebx*4 - 0x60] shr eax, 8 @@ -66605,71 +66834,71 @@ mov al, byte [ebp - 0xcc] mov byte [ecx - 0x7e], al mov eax, dword [ebp - 0xc0] or word [ebp + esi*2 - 0xa2], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1a1a: ; not directly referenced +loc_fffd1d0c: ; not directly referenced cmp byte [ebp - 0xd1], 2 -jne short loc_fffd1a35 ; jne 0xfffd1a35 +jne short loc_fffd1d27 ; jne 0xfffd1d27 xor eax, eax -call fcn_fffaebf8 ; call 0xfffaebf8 +call fcn_fffb392f ; call 0xfffb392f add ebx, dword [ebp - 0xbc] -jmp near loc_fffd1b3b ; jmp 0xfffd1b3b +jmp near loc_fffd1e2d ; jmp 0xfffd1e2d -loc_fffd1a35: ; not directly referenced +loc_fffd1d27: ; not directly referenced mov dword [ebp - 0xac], 1 -loc_fffd1a3f: ; not directly referenced +loc_fffd1d31: ; not directly referenced mov eax, dword [ebp - 0xac] test eax, eax -jne short loc_fffd1a3f ; jne 0xfffd1a3f -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jne short loc_fffd1d31 ; jne 0xfffd1d31 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1a4e: ; not directly referenced +loc_fffd1d40: ; not directly referenced mov al, byte [ebp - 0xcc] cmp al, byte [edx - 0x5a] -jne loc_fffd1c91 ; jne 0xfffd1c91 +jne loc_fffd1f83 ; jne 0xfffd1f83 mov ax, word [ebp + esi*2 - 0xa2] test word [ebp - 0xc0], ax -jne loc_fffd1e0d ; jne 0xfffd1e0d +jne loc_fffd20ff ; jne 0xfffd20ff cmp byte [ebp - 0xd1], 0xff -jne short loc_fffd1a9c ; jne 0xfffd1a9c +jne short loc_fffd1d8e ; jne 0xfffd1d8e add ebx, dword [ebp - 0xbc] or eax, dword [ebp - 0xc0] and dword [ebp + ebx*4 - 0x60], 0xffffff00 mov word [ebp + esi*2 - 0xa2], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1a9c: ; not directly referenced +loc_fffd1d8e: ; not directly referenced mov edx, dword [ebp - 0xc0] mov bl, byte [ebp - 0xcc] not edx and edx, eax mov byte [ecx - 0x7e], bl mov word [ebp + esi*2 - 0xa2], dx -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1abc: ; not directly referenced +loc_fffd1dae: ; not directly referenced add edx, eax mov al, byte [edx - 0x6c] mov byte [ebp - 0xf4], al cmp byte [ebp - 0xcc], al -jne loc_fffd1b61 ; jne 0xfffd1b61 +jne loc_fffd1e53 ; jne 0xfffd1e53 cmp byte [ebp - 0xd1], 2 -jle short loc_fffd1af5 ; jle 0xfffd1af5 +jle short loc_fffd1de7 ; jle 0xfffd1de7 mov dword [ebp - 0xb0], 1 -loc_fffd1ae6: ; not directly referenced +loc_fffd1dd8: ; not directly referenced mov eax, dword [ebp - 0xb0] test eax, eax -jne short loc_fffd1ae6 ; jne 0xfffd1ae6 -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jne short loc_fffd1dd8 ; jne 0xfffd1dd8 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1af5: ; not directly referenced +loc_fffd1de7: ; not directly referenced mov eax, dword [ebp - 0xbc] lea ebx, [ebx + eax] mov eax, dword [ebp - 0xdc] -je short loc_fffd1b36 ; je 0xfffd1b36 -call fcn_fffaebf8 ; call 0xfffaebf8 +je short loc_fffd1e28 ; je 0xfffd1e28 +call fcn_fffb392f ; call 0xfffb392f mov edx, dword [ebp + ebx*4 - 0x60] and edx, 0xff00ffff movzx eax, al @@ -66679,12 +66908,12 @@ mov dword [ebp + ebx*4 - 0x60], eax mov eax, dword [ebp - 0xc0] not eax and word [ebp + esi*2 - 0x9e], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1b36: ; not directly referenced -call fcn_fffaebf8 ; call 0xfffaebf8 +loc_fffd1e28: ; not directly referenced +call fcn_fffb392f ; call 0xfffb392f -loc_fffd1b3b: ; not directly referenced +loc_fffd1e2d: ; not directly referenced mov edx, dword [ebp + ebx*4 - 0x60] shl eax, 0x18 and edx, 0xffffff @@ -66692,20 +66921,20 @@ or eax, edx mov dword [ebp + ebx*4 - 0x60], eax mov eax, dword [ebp - 0xc0] or word [ebp + esi*2 - 0x9e], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1b61: ; not directly referenced +loc_fffd1e53: ; not directly referenced mov al, byte [ebp - 0xcc] cmp al, byte [edx - 0x5a] -jne loc_fffd1c91 ; jne 0xfffd1c91 +jne loc_fffd1f83 ; jne 0xfffd1f83 cmp byte [ebp - 0x100], 0xff -je loc_fffd1c27 ; je 0xfffd1c27 +je loc_fffd1f19 ; je 0xfffd1f19 cmp byte [ebp - 0xd1], 0 -jg loc_fffd1c27 ; jg 0xfffd1c27 +jg loc_fffd1f19 ; jg 0xfffd1f19 movsx eax, byte [ebp - 0xd1] mov dword [ebp - 0x100], eax mov eax, dword [ebp - 0xdc] -call fcn_fffaebf8 ; call 0xfffaebf8 +call fcn_fffb392f ; call 0xfffb392f mov edx, 1 add ebx, dword [ebp - 0xbc] mov ebx, dword [ebp + ebx*4 - 0x60] @@ -66717,7 +66946,7 @@ sub edx, eax shl edx, 3 lea ecx, [edx + 0x1f] cmp cl, 0x3e -ja short loc_fffd1c03 ; ja 0xfffd1c03 +ja short loc_fffd1ef5 ; ja 0xfffd1ef5 mov cl, al movzx ebx, byte [ebp - 0x104] mov eax, 0xff @@ -66729,15 +66958,15 @@ shl ebx, cl mov cl, dl or ebx, eax test dl, dl -jle short loc_fffd1bff ; jle 0xfffd1bff +jle short loc_fffd1ef1 ; jle 0xfffd1ef1 shl ebx, cl -jmp short loc_fffd1c03 ; jmp 0xfffd1c03 +jmp short loc_fffd1ef5 ; jmp 0xfffd1ef5 -loc_fffd1bff: ; not directly referenced +loc_fffd1ef1: ; not directly referenced neg ecx shr ebx, cl -loc_fffd1c03: ; not directly referenced +loc_fffd1ef5: ; not directly referenced mov ecx, dword [ebp - 0xbc] lea eax, [esi + esi*8] lea edx, [eax + ecx] @@ -66747,49 +66976,49 @@ add eax, ebx mov bl, byte [ebp - 0xcc] lea edx, [ebx - 1] mov byte [ecx + eax - 0x7e], dl -jmp short loc_fffd1c5a ; jmp 0xfffd1c5a +jmp short loc_fffd1f4c ; jmp 0xfffd1f4c -loc_fffd1c27: ; not directly referenced +loc_fffd1f19: ; not directly referenced mov ebx, dword [ebp - 0xbc] lea eax, [esi + esi*8] lea edx, [eax + ebx] mov eax, dword [ebp - 0xdc] mov ebx, dword [ebp + edx*4 - 0x60] mov dword [ebp - 0x100], edx -call fcn_fffaebf8 ; call 0xfffaebf8 +call fcn_fffb392f ; call 0xfffb392f mov edx, dword [ebp - 0x100] movzx ebx, bx shl eax, 0x10 or eax, ebx mov dword [ebp + edx*4 - 0x60], eax -loc_fffd1c5a: ; not directly referenced +loc_fffd1f4c: ; not directly referenced mov al, byte [ebp - 0xf4] cmp byte [ebp - 0xcc], al -jae short loc_fffd1c76 ; jae 0xfffd1c76 +jae short loc_fffd1f68 ; jae 0xfffd1f68 mov eax, dword [ebp - 0xc0] or word [ebp + esi*2 - 0x9e], ax -loc_fffd1c76: ; not directly referenced +loc_fffd1f68: ; not directly referenced cmp byte [ebp - 0xd1], 0 -jg short loc_fffd1ca5 ; jg 0xfffd1ca5 +jg short loc_fffd1f97 ; jg 0xfffd1f97 mov eax, dword [ebp - 0xc0] not eax and word [ebp + esi*2 - 0xa2], ax -jmp short loc_fffd1ca5 ; jmp 0xfffd1ca5 +jmp short loc_fffd1f97 ; jmp 0xfffd1f97 -loc_fffd1c91: ; not directly referenced +loc_fffd1f83: ; not directly referenced mov dword [ebp - 0xb4], 1 -loc_fffd1c9b: ; not directly referenced +loc_fffd1f8d: ; not directly referenced mov eax, dword [ebp - 0xb4] test eax, eax -jne short loc_fffd1c9b ; jne 0xfffd1c9b +jne short loc_fffd1f8d ; jne 0xfffd1f8d -loc_fffd1ca5: ; not directly referenced +loc_fffd1f97: ; not directly referenced cmp byte [ebp - 0xeb], 1 movzx eax, byte [ebp - 0xd3] -jne short loc_fffd1cd6 ; jne 0xfffd1cd6 +jne short loc_fffd1fc8 ; jne 0xfffd1fc8 push edx movzx ecx, byte [ebp - 0xd4] mov edx, esi @@ -66797,37 +67026,37 @@ push eax mov eax, edi push dword [ebp - 0xc4] push dword [ebp - 0xbc] -call fcn_fffaec68 ; call 0xfffaec68 +call fcn_fffb399f ; call 0xfffb399f add esp, 0x10 -loc_fffd1cd6: ; not directly referenced +loc_fffd1fc8: ; not directly referenced cmp byte [ebp - 0xcc], al -jne short loc_fffd1cec ; jne 0xfffd1cec +jne short loc_fffd1fde ; jne 0xfffd1fde mov ebx, dword [ebp - 0xc0] or word [ebp + esi*2 - 0x9e], bx -loc_fffd1cec: ; not directly referenced +loc_fffd1fde: ; not directly referenced cmp dword [ebp - 0xdc], 0 -jne short loc_fffd1d23 ; jne 0xfffd1d23 +jne short loc_fffd2015 ; jne 0xfffd2015 lea ebx, [ebp - 0x18] lea edx, [esi + esi*8] lea ecx, [ebx + edx] mov ebx, dword [ebp - 0xbc] cmp al, byte [ebx + ecx - 0x7e] -jne short loc_fffd1d23 ; jne 0xfffd1d23 +jne short loc_fffd2015 ; jne 0xfffd2015 mov eax, dword [ebp - 0xc0] test word [ebp + esi*2 - 0xa2], ax -je short loc_fffd1d23 ; je 0xfffd1d23 +je short loc_fffd2015 ; je 0xfffd2015 add edx, ebx mov word [ebp + edx*4 - 0x5e], 0xfffe -loc_fffd1d23: ; not directly referenced +loc_fffd2015: ; not directly referenced cmp byte [ebp - 0xcc], 0 -jne short loc_fffd1d68 ; jne 0xfffd1d68 +jne short loc_fffd205a ; jne 0xfffd205a mov eax, dword [ebp - 0xc0] or word [ebp + esi*2 - 0xa2], ax cmp dword [ebp - 0xdc], 0 -je short loc_fffd1d68 ; je 0xfffd1d68 +je short loc_fffd205a ; je 0xfffd205a lea ebx, [ebp - 0x18] or word [ebp + esi*2 - 0x9e], ax lea eax, [esi + esi*8] @@ -66837,52 +67066,52 @@ add eax, ebx mov byte [ebx + edx - 0x7e], 0 mov word [ebp + eax*4 - 0x5e], 0x707 -loc_fffd1d68: ; not directly referenced +loc_fffd205a: ; not directly referenced cmp dword [ebp - 0xd8], 0 -jne loc_fffd1e0d ; jne 0xfffd1e0d +jne loc_fffd20ff ; jne 0xfffd20ff mov cx, word [ebp + esi*2 - 0x9e] mov dx, word [ebp + esi*2 - 0xa2] mov eax, ecx and eax, edx test word [ebp - 0xc0], ax -jne short loc_fffd1e0d ; jne 0xfffd1e0d +jne short loc_fffd20ff ; jne 0xfffd20ff cmp dword [ebp - 0xdc], 0 movzx eax, byte [ebp - 0xd2] -jne short loc_fffd1dc1 ; jne 0xfffd1dc1 +jne short loc_fffd20b3 ; jne 0xfffd20b3 test word [ebp - 0xc0], cx -jne short loc_fffd1db6 ; jne 0xfffd1db6 +jne short loc_fffd20a8 ; jne 0xfffd20a8 lea ecx, [esi + esi*8] lea ebx, [ebp - 0x18] lea edx, [ebx + ecx] -jmp short loc_fffd1de0 ; jmp 0xfffd1de0 +jmp short loc_fffd20d2 ; jmp 0xfffd20d2 -loc_fffd1db6: ; not directly referenced +loc_fffd20a8: ; not directly referenced lea ecx, [esi + esi*8] lea ebx, [ebp - 0x18] lea edx, [ebx + ecx] -jmp short loc_fffd1dd3 ; jmp 0xfffd1dd3 +jmp short loc_fffd20c5 ; jmp 0xfffd20c5 -loc_fffd1dc1: ; not directly referenced +loc_fffd20b3: ; not directly referenced test word [ebp - 0xc0], dx lea ecx, [esi + esi*8] lea ebx, [ebp - 0x18] lea edx, [ebx + ecx] -jne short loc_fffd1de0 ; jne 0xfffd1de0 +jne short loc_fffd20d2 ; jne 0xfffd20d2 -loc_fffd1dd3: ; not directly referenced +loc_fffd20c5: ; not directly referenced add eax, edx mov bl, byte [eax - 0x5a] lea edx, [ebx - 1] mov byte [eax - 0x5a], dl -jmp short loc_fffd1deb ; jmp 0xfffd1deb +jmp short loc_fffd20dd ; jmp 0xfffd20dd -loc_fffd1de0: ; not directly referenced +loc_fffd20d2: ; not directly referenced add eax, edx mov bl, byte [eax - 0x6c] lea edx, [ebx + 1] mov byte [eax - 0x6c], dl -loc_fffd1deb: ; not directly referenced +loc_fffd20dd: ; not directly referenced mov eax, dword [ebp - 0xd0] movzx edx, dl add eax, ecx @@ -66892,25 +67121,25 @@ add eax, eax add eax, dword [ebp - 0xc4] mov dword [ecx + eax*4], edx -loc_fffd1e0d: ; not directly referenced +loc_fffd20ff: ; not directly referenced inc byte [ebp - 0xe8] -jmp near loc_fffd18ab ; jmp 0xfffd18ab +jmp near loc_fffd1b9d ; jmp 0xfffd1b9d -loc_fffd1e18: ; not directly referenced +loc_fffd210a: ; not directly referenced cmp dword [ebp - 0xd8], 1 -jne loc_fffd1edf ; jne 0xfffd1edf +jne loc_fffd21d1 ; jne 0xfffd21d1 mov ax, word [ebp + esi*2 - 0xa2] mov bx, word [ebp - 0xea] mov edx, eax and dx, word [ebp + esi*2 - 0x9e] cmp dx, bx -je loc_fffd1edf ; je 0xfffd1edf +je loc_fffd21d1 ; je 0xfffd21d1 lea edx, [esi + esi*8] lea ecx, [ebp - 0x18] add edx, ecx cmp ax, bx movzx eax, byte [ebp - 0xd2] -je short loc_fffd1e8f ; je 0xfffd1e8f +je short loc_fffd2181 ; je 0xfffd2181 add eax, edx mov ebx, dword [ebp - 0xf0] mov cl, byte [eax - 0x5a] @@ -66920,16 +67149,16 @@ imul eax, esi, 0x48 movzx ecx, cl mov dword [ebx + eax], ecx -loc_fffd1e73: ; not directly referenced +loc_fffd2165: ; not directly referenced imul eax, esi, 0x48 lea ebx, [esi + esi*8] add ebx, dword [ebp - 0xd0] mov dword [ebp - 0xbc], eax xor eax, eax mov dword [ebp - 0xc0], ebx -jmp short loc_fffd1ea9 ; jmp 0xfffd1ea9 +jmp short loc_fffd219b ; jmp 0xfffd219b -loc_fffd1e8f: ; not directly referenced +loc_fffd2181: ; not directly referenced add edx, eax mov ecx, dword [ebp - 0xf0] mov al, byte [edx - 0x6c] @@ -66938,11 +67167,11 @@ mov byte [edx - 0x6c], al imul edx, esi, 0x48 movzx eax, al mov dword [ecx + edx], eax -jmp short loc_fffd1e73 ; jmp 0xfffd1e73 +jmp short loc_fffd2165 ; jmp 0xfffd2165 -loc_fffd1ea9: ; not directly referenced -cmp al, byte [edi + 0x2488] -jae short loc_fffd1edf ; jae 0xfffd1edf +loc_fffd219b: ; not directly referenced +cmp al, byte [edi + 0x2489] +jae short loc_fffd21d1 ; jae 0xfffd21d1 mov ebx, dword [ebp - 0xbc] mov edx, dword [ebp - 0xf0] mov edx, dword [edx + ebx] @@ -66954,41 +67183,41 @@ inc eax add edx, edx add edx, dword [ebp - 0xc4] mov dword [ebx + edx*4], ecx -jmp short loc_fffd1ea9 ; jmp 0xfffd1ea9 +jmp short loc_fffd219b ; jmp 0xfffd219b -loc_fffd1edf: ; not directly referenced +loc_fffd21d1: ; not directly referenced inc esi cmp esi, 2 -jne loc_fffd1885 ; jne 0xfffd1885 +jne loc_fffd1b77 ; jne 0xfffd1b77 mov si, word [ebp - 0xea] mov eax, esi and ax, word [ebp - 0xa2] cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c +jne loc_fffd1a8e ; jne 0xfffd1a8e mov eax, esi and ax, word [ebp - 0x9e] cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c +jne loc_fffd1a8e ; jne 0xfffd1a8e mov eax, esi and eax, dword [ebp - 0xa0] cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c +jne loc_fffd1a8e ; jne 0xfffd1a8e mov eax, esi and eax, dword [ebp - 0x9c] cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c +jne loc_fffd1a8e ; jne 0xfffd1a8e xor ebx, ebx -loc_fffd1f38: ; not directly referenced +loc_fffd222a: ; not directly referenced mov eax, dword [ebp - 0xe0] bt eax, ebx -jae loc_fffd153c ; jae 0xfffd153c +jae loc_fffd182e ; jae 0xfffd182e mov byte [ebp - 0xbc], 0 -loc_fffd1f4e: ; not directly referenced +loc_fffd2240: ; not directly referenced mov al, byte [ebp - 0xbc] -cmp al, byte [edi + 0x2488] -jae loc_fffd153c ; jae 0xfffd153c +cmp al, byte [edi + 0x2489] +jae loc_fffd182e ; jae 0xfffd182e movzx esi, byte [ebp - 0xbc] lea eax, [ebx + ebx*8] sub esp, 0xc @@ -67003,7 +67232,7 @@ push dword [ebp + 0x1c] shr edx, 0x10 shr ecx, 0x18 movzx edx, dl -call fcn_fffaa348 ; call 0xfffaa348 +call fcn_fffac986 ; call 0xfffac986 mov edx, dword [ebp - 0xc0] add esp, 0x10 add edx, dword [ebp - 0xd0] @@ -67013,13 +67242,13 @@ add esi, edx add esi, esi add esi, dword [ebp - 0xc4] mov dword [ecx + esi*4], eax -jmp short loc_fffd1f4e ; jmp 0xfffd1f4e +jmp short loc_fffd2240 ; jmp 0xfffd2240 -loc_fffd1fc4: ; not directly referenced +loc_fffd22b6: ; not directly referenced cmp byte [ebp - 0xe4], 0xb -je short loc_fffd1ffb ; je 0xfffd1ffb +je short loc_fffd22ed ; je 0xfffd22ed -loc_fffd1fcd: ; not directly referenced +loc_fffd22bf: ; not directly referenced push 2 movzx eax, byte [ebp - 0xe4] xor ebx, ebx @@ -67034,28 +67263,28 @@ push 0 push 0 push eax push edi -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 mov esi, eax -jmp near loc_fffd20a3 ; jmp 0xfffd20a3 +jmp near loc_fffd2395 ; jmp 0xfffd2395 -loc_fffd1ffb: ; not directly referenced +loc_fffd22ed: ; not directly referenced movzx eax, byte [ebp - 0xec] xor ebx, ebx mov dword [ebp - 0xc4], eax -loc_fffd200a: ; not directly referenced +loc_fffd22fc: ; not directly referenced mov eax, dword [ebp - 0xe0] bt eax, ebx -jb short loc_fffd201d ; jb 0xfffd201d +jb short loc_fffd230f ; jb 0xfffd230f -loc_fffd2015: ; not directly referenced +loc_fffd2307: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffd200a ; jne 0xfffd200a -jmp short loc_fffd1fcd ; jmp 0xfffd1fcd +jne short loc_fffd22fc ; jne 0xfffd22fc +jmp short loc_fffd22bf ; jmp 0xfffd22bf -loc_fffd201d: ; not directly referenced +loc_fffd230f: ; not directly referenced mov eax, ebx imul esi, ebx, 0x13c3 shl eax, 0xa @@ -67063,10 +67292,10 @@ add eax, 0x4028 mov dword [ebp - 0xc0], eax mov byte [ebp - 0xbc], 0 -loc_fffd203a: ; not directly referenced +loc_fffd232c: ; not directly referenced mov al, byte [ebp - 0xbc] -cmp al, byte [edi + 0x2488] -jae short loc_fffd2015 ; jae 0xfffd2015 +cmp al, byte [edi + 0x2489] +jae short loc_fffd2307 ; jae 0xfffd2307 push eax movzx eax, byte [ebp - 0xbc] mov edx, ebx @@ -67075,11 +67304,11 @@ push 0 push 0xff push eax mov eax, edi -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 mov edx, dword [ebp - 0xc0] mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -movzx edx, byte [edi + esi + 0x476f] +call fcn_fffb331f ; call 0xfffb331f +movzx edx, byte [edi + esi + 0x4770] and edx, 0x3f shl edx, 0x10 and eax, 0xffc0ffff @@ -67087,23 +67316,23 @@ or eax, edx mov edx, dword [ebp - 0xc0] mov ecx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 inc byte [ebp - 0xbc] -jmp short loc_fffd203a ; jmp 0xfffd203a +jmp short loc_fffd232c ; jmp 0xfffd232c -loc_fffd20a3: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffd20c1 ; jae 0xfffd20c1 +loc_fffd2395: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffd23b3 ; jae 0xfffd23b3 movzx eax, bl xor ecx, ecx lea edx, [eax*4 + 0x4cf0] mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 inc ebx -jmp short loc_fffd20a3 ; jmp 0xfffd20a3 +jmp short loc_fffd2395 ; jmp 0xfffd2395 -loc_fffd20c1: ; not directly referenced +loc_fffd23b3: ; not directly referenced lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -67112,7 +67341,7 @@ pop edi pop ebp ret -fcn_fffd20cb: ; not directly referenced +fcn_fffd23bd: ; not directly referenced push ebp mov ebp, esp push edi @@ -67120,86 +67349,86 @@ push esi push ebx sub esp, 0x4c mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x2443] -lea ecx, [ebx + 0x5f98] +mov eax, dword [ebx + 0x2444] +lea ecx, [ebx + 0x5f99] movzx esi, byte [ebx + 0x18ed] -mov dword [ebx + 0x3711], 0 +mov dword [ebx + 0x3712], 0 mov dword [ebp - 0x3c], eax mov eax, dword [ebx + 0x188b] mov dword [ebp - 0x40], eax -lea eax, [ebx + 0x3812] +lea eax, [ebx + 0x3813] -loc_fffd2106: ; not directly referenced +loc_fffd23f8: ; not directly referenced cmp dword [eax - 0xbc], 2 mov dword [eax], 0 -jne short loc_fffd214a ; jne 0xfffd214a +jne short loc_fffd243c ; jne 0xfffd243c cmp dword [eax + 0x10b7], 2 -jne short loc_fffd2126 ; jne 0xfffd2126 +jne short loc_fffd2418 ; jne 0xfffd2418 mov edx, dword [eax + 0x1198] mov dword [eax], edx -loc_fffd2126: ; not directly referenced +loc_fffd2418: ; not directly referenced cmp dword [eax + 0x11df], 2 -jne short loc_fffd2137 ; jne 0xfffd2137 +jne short loc_fffd2429 ; jne 0xfffd2429 mov edx, dword [eax + 0x12c0] add dword [eax], edx -loc_fffd2137: ; not directly referenced -mov edx, dword [ebx + 0x2484] +loc_fffd2429: ; not directly referenced +mov edx, dword [ebx + 0x2485] cmp dword [eax], edx cmovbe edx, dword [eax] mov dword [eax], edx -add dword [ebx + 0x3711], edx +add dword [ebx + 0x3712], edx -loc_fffd214a: ; not directly referenced +loc_fffd243c: ; not directly referenced add eax, 0x13c3 cmp eax, ecx -jne short loc_fffd2106 ; jne 0xfffd2106 -mov edi, dword [ebx + 0x3711] +jne short loc_fffd23f8 ; jne 0xfffd23f8 +mov edi, dword [ebx + 0x3712] mov eax, dword [ebx + 0x18d9] mov ecx, edi sub ecx, dword [ebx + 0x18d5] cmp byte [ebx + 0x2402], 0 -mov dword [ebx + 0x36ec], ecx -je short loc_fffd218c ; je 0xfffd218c +mov dword [ebx + 0x36ed], ecx +je short loc_fffd247e ; je 0xfffd247e cmp edi, 0x1000 -ja short loc_fffd218c ; ja 0xfffd218c +ja short loc_fffd247e ; ja 0xfffd247e shr edi, 1 mov edx, 0x1000 sub edx, edi cmp eax, edx cmovb eax, edx -loc_fffd218c: ; not directly referenced +loc_fffd247e: ; not directly referenced mov edx, 0x1000 sub edx, eax cmp edx, ecx cmovbe ecx, edx -mov dword [ebx + 0x36f0], ecx +mov dword [ebx + 0x36f1], ecx test esi, esi -je short loc_fffd21cc ; je 0xfffd21cc -mov eax, dword [ebx + 0x3812] -mov edx, dword [ebx + 0x4bd5] +je short loc_fffd24be ; je 0xfffd24be +mov eax, dword [ebx + 0x3813] +mov edx, dword [ebx + 0x4bd6] cmp eax, edx -je short loc_fffd21cc ; je 0xfffd21cc +je short loc_fffd24be ; je 0xfffd24be test eax, eax -je short loc_fffd21cc ; je 0xfffd21cc +je short loc_fffd24be ; je 0xfffd24be test edx, edx -je short loc_fffd21cc ; je 0xfffd21cc +je short loc_fffd24be ; je 0xfffd24be cmp edx, eax cmova edx, eax add edx, edx cmp ecx, edx cmovbe edx, ecx -mov dword [ebx + 0x36f0], edx +mov dword [ebx + 0x36f1], edx -loc_fffd21cc: ; not directly referenced -mov eax, dword [ebx + 0x36f0] -sub eax, dword [ebx + 0x246d] +loc_fffd24be: ; not directly referenced +mov eax, dword [ebx + 0x36f1] +sub eax, dword [ebx + 0x246e] mov edi, dword [ebx + 0x18c1] -mov dword [ebx + 0x36f4], eax -sub eax, dword [ebx + 0x2471] -mov dword [ebx + 0x36f8], eax +mov dword [ebx + 0x36f5], eax +sub eax, dword [ebx + 0x2472] +mov dword [ebx + 0x36f9], eax mov eax, dword [ebp - 0x3c] push 0x50 push 0 @@ -67211,9 +67440,9 @@ mov eax, dword [ebp - 0x3c] mov dword [esp], edi call dword [eax + 0x20] ; ucall add esp, 0x10 -mov ecx, dword [ebx + 0x246d] +mov ecx, dword [ebx + 0x246e] cmp dword [ebp - 0x40], 0 -jne short loc_fffd2275 ; jne 0xfffd2275 +jne short loc_fffd2567 ; jne 0xfffd2567 xor edx, edx cmp byte [ebx + 0x18b3], 1 sete dl @@ -67221,36 +67450,36 @@ and ah, 0xbc mov edi, edx mov edx, 3 shl edi, 0xe -cmp dword [ebx + 0x2471], 3 -cmovbe edx, dword [ebx + 0x2471] +cmp dword [ebx + 0x2472], 3 +cmovbe edx, dword [ebx + 0x2472] or eax, edi and edx, 3 shl edx, 8 or eax, edx cmp ecx, 0x400 -jne short loc_fffd2257 ; jne 0xfffd2257 +jne short loc_fffd2549 ; jne 0xfffd2549 and al, 7 or al, 0x88 -jmp short loc_fffd22b9 ; jmp 0xfffd22b9 +jmp short loc_fffd25ab ; jmp 0xfffd25ab -loc_fffd2257: ; not directly referenced +loc_fffd2549: ; not directly referenced mov dl, 0x1f cmp ecx, 0x3ff -ja short loc_fffd2269 ; ja 0xfffd2269 +ja short loc_fffd255b ; ja 0xfffd255b shr ecx, 5 mov dl, cl and edx, 0x1f -loc_fffd2269: ; not directly referenced +loc_fffd255b: ; not directly referenced and edx, 0x1f and al, 7 shl edx, 3 or eax, edx -jmp short loc_fffd22b9 ; jmp 0xfffd22b9 +jmp short loc_fffd25ab ; jmp 0xfffd25ab -loc_fffd2275: ; not directly referenced +loc_fffd2567: ; not directly referenced xor edx, edx -mov edi, dword [ebx + 0x2471] +mov edi, dword [ebx + 0x2472] cmp byte [ebx + 0x18b3], 1 sete dl and eax, 0xfffffffb @@ -67258,12 +67487,12 @@ shl edx, 2 or eax, edx mov dl, 3 cmp edi, 7 -ja short loc_fffd229d ; ja 0xfffd229d +ja short loc_fffd258f ; ja 0xfffd258f shr edi, 1 mov edx, edi and edx, 3 -loc_fffd229d: ; not directly referenced +loc_fffd258f: ; not directly referenced and edx, 3 and al, 0x3f shl edx, 6 @@ -67275,30 +67504,30 @@ cmp ecx, 0x1fff cmovbe edx, edi mov ah, dl -loc_fffd22b9: ; not directly referenced -mov ecx, dword [ebx + 0x36f8] -mov dword [ebx + 0x36fc], eax +loc_fffd25ab: ; not directly referenced +mov ecx, dword [ebx + 0x36f9] +mov dword [ebx + 0x36fd], eax mov eax, dword [ebx + 0x18dd] mov edx, dword [ebx + 0x18e5] mov dword [ebp - 0x40], ecx sub dword [ebp - 0x40], eax neg eax and eax, dword [ebp - 0x40] -mov dword [ebx + 0x372d], edx -mov dword [ebx + 0x3700], eax +mov dword [ebx + 0x372e], edx +mov dword [ebx + 0x3701], eax test esi, esi -jne short loc_fffd2312 ; jne 0xfffd2312 +jne short loc_fffd2604 ; jne 0xfffd2604 -loc_fffd22ec: ; not directly referenced +loc_fffd25de: ; not directly referenced mov eax, dword [ebp - 0x40] -sub eax, dword [ebx + 0x3700] -je loc_fffd23fb ; je 0xfffd23fb -sub dword [ebx + 0x36f8], eax -sub dword [ebx + 0x36f4], eax -sub dword [ebx + 0x36f0], eax -jmp near loc_fffd23fb ; jmp 0xfffd23fb - -loc_fffd2312: ; not directly referenced +sub eax, dword [ebx + 0x3701] +je loc_fffd26ed ; je 0xfffd26ed +sub dword [ebx + 0x36f9], eax +sub dword [ebx + 0x36f5], eax +sub dword [ebx + 0x36f1], eax +jmp near loc_fffd26ed ; jmp 0xfffd26ed + +loc_fffd2604: ; not directly referenced or edx, 0xffffffff sub edx, dword [ebx + 0x18e9] mov dword [ebp - 0x4c], 0 @@ -67308,25 +67537,25 @@ add eax, edx shl eax, 0x14 mov dword [ebp - 0x50], eax -loc_fffd2334: ; not directly referenced +loc_fffd2626: ; not directly referenced mov ecx, dword [ebp - 0x48] imul eax, ecx, 0x13c3 mov byte [ebp - 0x44], cl -cmp dword [ebx + eax + 0x3756], 2 -jne loc_fffd23e6 ; jne 0xfffd23e6 +cmp dword [ebx + eax + 0x3757], 2 +jne loc_fffd26d8 ; jne 0xfffd26d8 -loc_fffd234e: ; not directly referenced +loc_fffd2640: ; not directly referenced push eax push esi push dword [ebp - 0x4c] push dword [ebp - 0x50] -call fcn_fffc6ea0 ; call 0xfffc6ea0 +call fcn_fffc8b09 ; call 0xfffc8b09 mov al, byte [ebp - 0x44] add dword [ebp - 0x50], 0x40 adc dword [ebp - 0x4c], 0 add esp, 0x10 cmp byte [esi + 1], al -jne short loc_fffd234e ; jne 0xfffd234e +jne short loc_fffd2640 ; jne 0xfffd2640 mov ax, word [esi + 7] movzx ecx, byte [esi + 5] mov edx, eax @@ -67369,20 +67598,20 @@ push 1 call dword [eax + 0x84] ; ucall add esp, 0x10 -loc_fffd23e6: ; not directly referenced +loc_fffd26d8: ; not directly referenced inc dword [ebp - 0x48] add esi, 9 cmp dword [ebp - 0x48], 2 -jne loc_fffd2334 ; jne 0xfffd2334 -jmp near loc_fffd22ec ; jmp 0xfffd22ec +jne loc_fffd2626 ; jne 0xfffd2626 +jmp near loc_fffd25de ; jmp 0xfffd25de -loc_fffd23fb: ; not directly referenced +loc_fffd26ed: ; not directly referenced cmp byte [ebx + 0x18b6], 0 -mov eax, dword [ebx + 0x36ec] -je short loc_fffd2446 ; je 0xfffd2446 -mov ecx, dword [ebx + 0x36f0] +mov eax, dword [ebx + 0x36ed] +je short loc_fffd2738 ; je 0xfffd2738 +mov ecx, dword [ebx + 0x36f1] cmp eax, ecx -jbe short loc_fffd2446 ; jbe 0xfffd2446 +jbe short loc_fffd2738 ; jbe 0xfffd2738 mov edx, 0x1000 cmp eax, 0x1000 mov esi, edx @@ -67390,53 +67619,53 @@ cmovbe edx, eax cmovae esi, eax add edx, esi sub edx, ecx -mov dword [ebx + 0x370d], edx +mov dword [ebx + 0x370e], edx dec edx -mov byte [ebx + 0x3704], 1 -mov dword [ebx + 0x3705], esi -mov dword [ebx + 0x3709], edx -jmp short loc_fffd2453 ; jmp 0xfffd2453 - -loc_fffd2446: ; not directly referenced -mov byte [ebx + 0x3704], 0 -mov dword [ebx + 0x370d], eax - -loc_fffd2453: ; not directly referenced -cmp byte [ebx + 0x3745], 0 -je short loc_fffd24bf ; je 0xfffd24bf +mov byte [ebx + 0x3705], 1 +mov dword [ebx + 0x3706], esi +mov dword [ebx + 0x370a], edx +jmp short loc_fffd2745 ; jmp 0xfffd2745 + +loc_fffd2738: ; not directly referenced +mov byte [ebx + 0x3705], 0 +mov dword [ebx + 0x370e], eax + +loc_fffd2745: ; not directly referenced +cmp byte [ebx + 0x3746], 0 +je short loc_fffd27b1 ; je 0xfffd27b1 cmp byte [ebx + 0x2402], 0 -je short loc_fffd247b ; je 0xfffd247b -cmp dword [ebx + 0x3711], 0x1000 +je short loc_fffd276d ; je 0xfffd276d +cmp dword [ebx + 0x3712], 0x1000 mov edx, eax -ja short loc_fffd2487 ; ja 0xfffd2487 -mov edx, dword [ebx + 0x370d] -jmp short loc_fffd2487 ; jmp 0xfffd2487 +ja short loc_fffd2779 ; ja 0xfffd2779 +mov edx, dword [ebx + 0x370e] +jmp short loc_fffd2779 ; jmp 0xfffd2779 -loc_fffd247b: ; not directly referenced -mov edx, dword [ebx + 0x3700] +loc_fffd276d: ; not directly referenced +mov edx, dword [ebx + 0x3701] sub edx, dword [ebx + 0x18e5] -loc_fffd2487: ; not directly referenced -movzx ecx, byte [ebx + 0x3747] +loc_fffd2779: ; not directly referenced +movzx ecx, byte [ebx + 0x3748] shl ecx, 3 -mov dword [ebx + 0x3721], ecx +mov dword [ebx + 0x3722], ecx not ecx add edx, ecx -movzx ecx, byte [ebx + 0x3746] +movzx ecx, byte [ebx + 0x3747] and edx, 0xffffffc0 -mov dword [ebx + 0x371d], edx +mov dword [ebx + 0x371e], edx shl ecx, 3 sub edx, ecx sub edx, 0x40 -mov dword [ebx + 0x3729], ecx -mov dword [ebx + 0x3725], edx +mov dword [ebx + 0x372a], ecx +mov dword [ebx + 0x3726], edx -loc_fffd24bf: ; not directly referenced -mov dword [ebx + 0x3715], eax +loc_fffd27b1: ; not directly referenced +mov dword [ebx + 0x3716], eax mov eax, dword [ebx + 0x18d5] -mov edx, dword [ebx + 0x3711] -mov esi, dword [ebx + 0x2443] -mov dword [ebx + 0x3719], eax +mov edx, dword [ebx + 0x3712] +mov esi, dword [ebx + 0x2444] +mov dword [ebx + 0x371a], eax mov eax, dword [ebx + 0x18cd] mov dword [ebp - 0x40], eax mov eax, dword [ebx + 0x18c1] @@ -67467,7 +67696,7 @@ mov edx, dword [ebp - 0x48] push edx push ecx call dword [esi + 0x30] ; ucall -movzx edi, word [ebx + 0x36f0] +movzx edi, word [ebx + 0x36f1] push 0xbc push 0 push 0 @@ -67480,7 +67709,7 @@ mov edi, dword [ebp - 0x3c] add eax, edi push eax call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x370d] +mov edx, dword [ebx + 0x370e] push 0xa8 push 0 push 0 @@ -67505,9 +67734,9 @@ push edx push ecx call dword [esi + 0x30] ; ucall add esp, 0x10 -cmp byte [ebx + 0x3704], 0 -je loc_fffd2626 ; je 0xfffd2626 -mov edx, dword [ebx + 0x3705] +cmp byte [ebx + 0x3705], 0 +je loc_fffd2918 ; je 0xfffd2918 +mov edx, dword [ebx + 0x3706] push 0x90 push 0 push 0 @@ -67533,7 +67762,7 @@ lea ecx, [edi + 4] push edx push ecx call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x3709] +mov edx, dword [ebx + 0x370a] push 0x98 push 0 push 0 @@ -67560,13 +67789,13 @@ push ecx call dword [esi + 0x30] ; ucall add esp, 0x10 -loc_fffd2626: ; not directly referenced +loc_fffd2918: ; not directly referenced push 0xb8 push 0 push 0 push 0 call dword [esi + 0x4c] ; ucall -movzx edx, word [ebx + 0x3700] +movzx edx, word [ebx + 0x3701] pop edi pop ecx add eax, dword [ebp - 0x3c] @@ -67575,8 +67804,8 @@ push edx push eax call dword [esi + 0x30] ; ucall add esp, 0x10 -cmp dword [ebx + 0x372d], 0 -je short loc_fffd2689 ; je 0xfffd2689 +cmp dword [ebx + 0x372e], 0 +je short loc_fffd297b ; je 0xfffd297b push 0x5c push 0 push 0 @@ -67586,7 +67815,7 @@ mov ecx, dword [ebp - 0x3c] lea edi, [eax + ecx] mov dword [esp], edi call dword [esi + 0x20] ; ucall -movzx edx, byte [ebx + 0x372d] +movzx edx, byte [ebx + 0x372e] shl edx, 4 and eax, 0xfffff00f or eax, edx @@ -67598,13 +67827,13 @@ push edi call dword [esi + 0x30] ; ucall add esp, 0x10 -loc_fffd2689: ; not directly referenced +loc_fffd297b: ; not directly referenced push 0xb0 push 0 push 0 push 0 call dword [esi + 0x4c] ; ucall -movzx edx, word [ebx + 0x36f4] +movzx edx, word [ebx + 0x36f5] pop ecx pop edi mov edi, dword [ebp - 0x3c] @@ -67618,17 +67847,17 @@ push 0 push 0 push 0 call dword [esi + 0x4c] ; ucall -movzx edx, word [ebx + 0x36f8] +movzx edx, word [ebx + 0x36f9] add esp, 0x18 shl edx, 0x14 push edx add eax, edi push eax call dword [esi + 0x30] ; ucall -mov eax, dword [ebx + 0x3719] +mov eax, dword [ebx + 0x371a] add esp, 0x10 test eax, eax -je loc_fffd2764 ; je 0xfffd2764 +je loc_fffd2a56 ; je 0xfffd2a56 mov edi, 0x80000 sub edi, eax push 0x78 @@ -67658,7 +67887,7 @@ add ecx, 4 push edi push ecx call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x3715] +mov edx, dword [ebx + 0x3716] push 0x70 push 0 push 0 @@ -67685,7 +67914,7 @@ push ecx call dword [esi + 0x30] ; ucall add esp, 0x10 -loc_fffd2764: ; not directly referenced +loc_fffd2a56: ; not directly referenced push 0x50 push 0 push 0 @@ -67693,14 +67922,14 @@ push 0 call dword [esi + 0x4c] ; ucall pop edx pop ecx -push dword [ebx + 0x36fc] +push dword [ebx + 0x36fd] add eax, dword [ebp - 0x3c] push eax call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x371d] +mov edx, dword [ebx + 0x371e] pop edi pop eax -mov eax, dword [ebx + 0x3721] +mov eax, dword [ebx + 0x3722] mov edi, dword [ebp - 0x40] add eax, edx shr eax, 3 @@ -67713,7 +67942,7 @@ add eax, 0x18 push eax call dword [esi + 0x30] ; ucall pop eax -mov eax, dword [ebx + 0x371d] +mov eax, dword [ebx + 0x371e] pop edx shl eax, 0xe push eax @@ -67723,7 +67952,7 @@ push eax call dword [esi + 0x30] ; ucall pop ecx pop eax -mov eax, dword [ebx + 0x371d] +mov eax, dword [ebx + 0x371e] and eax, 0x40000 shr eax, 0x12 push eax @@ -67731,9 +67960,9 @@ mov eax, edi add eax, 0x14 push eax call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x3725] +mov edx, dword [ebx + 0x3726] pop eax -mov eax, dword [ebx + 0x3729] +mov eax, dword [ebx + 0x372a] pop ecx add eax, edx shr eax, 3 @@ -67746,7 +67975,7 @@ add eax, 0x28 push eax call dword [esi + 0x30] ; ucall pop eax -mov eax, dword [ebx + 0x3725] +mov eax, dword [ebx + 0x3726] pop edx shl eax, 0xe push eax @@ -67756,7 +67985,7 @@ push eax call dword [esi + 0x30] ; ucall pop ecx pop eax -mov eax, dword [ebx + 0x3725] +mov eax, dword [ebx + 0x3726] and eax, 0x40000 shr eax, 0x12 or eax, 4 @@ -67773,37 +68002,37 @@ pop edi pop ebp ret -loc_fffd2836: +loc_fffd2b28: push esi push edi mov esi, dword [esp + 0x10] mov edi, dword [esp + 0xc] mov edx, dword [esp + 0x14] cmp edi, esi -je short loc_fffd2865 ; je 0xfffd2865 +je short loc_fffd2b57 ; je 0xfffd2b57 cmp edx, 0 -je short loc_fffd2865 ; je 0xfffd2865 +je short loc_fffd2b57 ; je 0xfffd2b57 lea eax, [esi + edx - 1] cmp esi, edi -jae short loc_fffd2860 ; jae 0xfffd2860 +jae short loc_fffd2b52 ; jae 0xfffd2b52 cmp eax, edi -jb short loc_fffd2860 ; jb 0xfffd2860 +jb short loc_fffd2b52 ; jb 0xfffd2b52 mov esi, eax lea edi, [edi + edx - 1] std -loc_fffd2860: +loc_fffd2b52: mov ecx, edx rep movsb ; rep movsb byte es:[edi], byte ptr [esi] cld -loc_fffd2865: +loc_fffd2b57: mov eax, dword [esp + 0xc] pop edi pop esi ret -loc_fffd286c: +loc_fffd2b5e: push edi xor eax, eax mov edi, dword [esp + 8] @@ -67819,7 +68048,7 @@ pop eax pop edi ret -fcn_fffd2889: +fcn_fffd2b7b: mov eax, dword [esp + 8] mov ecx, dword [esp + 0xc] xor edx, edx @@ -67829,7 +68058,7 @@ div ecx mov eax, edx ret -fcn_fffd289e: +fcn_fffd2b90: mov eax, dword [esp + 8] mov ecx, dword [esp + 0xc] xor edx, edx @@ -67840,7 +68069,7 @@ div ecx pop edx ret -fcn_fffd28b3: +fcn_fffd2ba5: mov ecx, dword [esp + 0xc] mov eax, dword [esp + 8] xor edx, edx @@ -67849,46 +68078,48 @@ push eax mov eax, dword [esp + 8] div ecx mov ecx, dword [esp + 0x14] -jecxz loc_fffd28ce ; jecxz 0xfffd28ce +jecxz loc_fffd2bc0 ; jecxz 0xfffd2bc0 mov dword [ecx], edx -loc_fffd28ce: +loc_fffd2bc0: pop edx ret -fcn_fffd28d0: +fcn_fffd2bc2: push ebx + +fcn_fffd2bc3: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] cpuid push ecx mov ecx, dword [ebp + 0x10] -jecxz loc_fffd28e1 ; jecxz 0xfffd28e1 +jecxz loc_fffd2bd3 ; jecxz 0xfffd2bd3 mov dword [ecx], eax -loc_fffd28e1: +loc_fffd2bd3: mov ecx, dword [ebp + 0x14] -jecxz loc_fffd28e8 ; jecxz 0xfffd28e8 +jecxz loc_fffd2bda ; jecxz 0xfffd2bda mov dword [ecx], ebx -loc_fffd28e8: +loc_fffd2bda: mov ecx, dword [ebp + 0x18] -jecxz loc_fffd28ef ; jecxz 0xfffd28ef +jecxz loc_fffd2be1 ; jecxz 0xfffd2be1 pop dword [ecx] -loc_fffd28ef: +loc_fffd2be1: mov ecx, dword [ebp + 0x1c] -jecxz loc_fffd28f6 ; jecxz 0xfffd28f6 +jecxz loc_fffd2be8 ; jecxz 0xfffd2be8 mov dword [ecx], edx -loc_fffd28f6: +loc_fffd2be8: mov eax, dword [ebp + 0xc] leave pop ebx ret -loc_fffd28fc: ; not directly referenced +loc_fffd2bee: ; not directly referenced mov cl, byte [esp + 0xc] xor eax, eax mov edx, dword [esp + 4] @@ -67899,7 +68130,7 @@ shld edx, eax, cl shl eax, cl ret -loc_fffd2917: +loc_fffd2c09: mov cl, byte [esp + 0xc] xor edx, edx mov eax, dword [esp + 8] @@ -67910,7 +68141,7 @@ shrd eax, edx, cl shr edx, cl ret -loc_fffd2932: +loc_fffd2c24: push edi mov ecx, dword [esp + 0xc] mov al, byte [esp + 0x10] @@ -67928,7 +68159,7 @@ mov eax, dword [esp + 8] pop edi ret -fcn_fffd295d: +fcn_fffd2c4f: push edi mov eax, dword [esp + 0x10] mov edi, dword [esp + 8] @@ -67938,7 +68169,7 @@ mov eax, dword [esp + 8] pop edi ret -loc_fffd2972: ; not directly referenced +loc_fffd2c64: ; not directly referenced mov ecx, dword [esp + 0xc] mov eax, ecx imul ecx, dword [esp + 8] @@ -67946,19 +68177,19 @@ mul dword [esp + 4] add edx, ecx ret -loc_fffd2984: ; not directly referenced +loc_fffd2c76: ; not directly referenced mov ecx, dword [esp + 0x10] test ecx, ecx -jne short loc_fffd299f ; jne 0xfffd299f +jne short loc_fffd2c91 ; jne 0xfffd2c91 mov ecx, dword [esp + 0x14] -jecxz loc_fffd299a ; jecxz 0xfffd299a +jecxz loc_fffd2c8c ; jecxz 0xfffd2c8c and dword [ecx + 4], 0 mov dword [esp + 0x10], ecx -loc_fffd299a: ; not directly referenced -jmp near fcn_fffd28b3 ; jmp 0xfffd28b3 +loc_fffd2c8c: ; not directly referenced +jmp near fcn_fffd2ba5 ; jmp 0xfffd2ba5 -loc_fffd299f: ; not directly referenced +loc_fffd2c91: ; not directly referenced push ebx push esi push edi @@ -67968,12 +68199,12 @@ mov edi, edx mov esi, eax mov ebx, dword [esp + 0x18] -loc_fffd29b2: ; not directly referenced +loc_fffd2ca4: ; not directly referenced shr edx, 1 rcr eax, 1 shrd ebx, ecx, 1 shr ecx, 1 -jne short loc_fffd29b2 ; jne 0xfffd29b2 +jne short loc_fffd2ca4 ; jne 0xfffd2ca4 div ebx mov ebx, eax mov ecx, dword [esp + 0x1c] @@ -67981,27 +68212,27 @@ mul dword [esp + 0x18] imul ecx, ebx add edx, ecx mov ecx, dword [esp + 0x20] -jb short loc_fffd29df ; jb 0xfffd29df +jb short loc_fffd2cd1 ; jb 0xfffd2cd1 cmp edi, edx -ja short loc_fffd29ea ; ja 0xfffd29ea -jb short loc_fffd29df ; jb 0xfffd29df +ja short loc_fffd2cdc ; ja 0xfffd2cdc +jb short loc_fffd2cd1 ; jb 0xfffd2cd1 cmp esi, eax -jae short loc_fffd29ea ; jae 0xfffd29ea +jae short loc_fffd2cdc ; jae 0xfffd2cdc -loc_fffd29df: ; not directly referenced +loc_fffd2cd1: ; not directly referenced dec ebx -jecxz loc_fffd29f5 ; jecxz 0xfffd29f5 +jecxz loc_fffd2ce7 ; jecxz 0xfffd2ce7 sub eax, dword [esp + 0x18] sbb edx, dword [esp + 0x1c] -loc_fffd29ea: ; not directly referenced -jecxz loc_fffd29f5 ; jecxz 0xfffd29f5 +loc_fffd2cdc: ; not directly referenced +jecxz loc_fffd2ce7 ; jecxz 0xfffd2ce7 sub esi, eax sbb edi, edx mov dword [ecx], esi mov dword [ecx + 4], edi -loc_fffd29f5: ; not directly referenced +loc_fffd2ce7: ; not directly referenced mov eax, ebx xor edx, edx pop edi @@ -68009,10 +68240,10 @@ pop esi pop ebx ret -loc_fffd29fd: +loc_fffd2cef: db 0x53 -fcn_fffd29fe: ; not directly referenced +fcn_fffd2cf0: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -68020,31 +68251,31 @@ mov ecx, dword [ebp + 0x10] cpuid push ecx mov ecx, dword [ebp + 0x14] -jecxz loc_fffd2a11 ; jecxz 0xfffd2a11 +jecxz loc_fffd2d03 ; jecxz 0xfffd2d03 mov dword [ecx], eax -loc_fffd2a11: ; not directly referenced +loc_fffd2d03: ; not directly referenced mov ecx, dword [ebp + 0x18] -jecxz loc_fffd2a18 ; jecxz 0xfffd2a18 +jecxz loc_fffd2d0a ; jecxz 0xfffd2d0a mov dword [ecx], ebx -loc_fffd2a18: ; not directly referenced +loc_fffd2d0a: ; not directly referenced mov ecx, dword [ebp + 0x20] -jecxz loc_fffd2a1f ; jecxz 0xfffd2a1f +jecxz loc_fffd2d11 ; jecxz 0xfffd2d11 mov dword [ecx], edx -loc_fffd2a1f: ; not directly referenced +loc_fffd2d11: ; not directly referenced mov ecx, dword [ebp + 0x1c] -jecxz loc_fffd2a26 ; jecxz 0xfffd2a26 +jecxz loc_fffd2d18 ; jecxz 0xfffd2d18 pop dword [ecx] -loc_fffd2a26: ; not directly referenced +loc_fffd2d18: ; not directly referenced mov eax, dword [ebp + 0xc] leave pop ebx ret -fcn_fffd2a2c: ; not directly referenced +fcn_fffd2d1e: ; not directly referenced push ebp mov ebp, esp push edi @@ -68055,24 +68286,24 @@ mov ebx, eax sub esp, 0x1c mov dword [ebp - 0x1c], edx -loc_fffd2a3c: ; not directly referenced +loc_fffd2d2e: ; not directly referenced lea eax, [esi*8 + 0x48a8] mov dword [ebp - 0x20], eax mov edx, eax mov eax, ebx -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d mov edi, dword [ebp - 0x1c] bt edi, esi mov ecx, eax -jae short loc_fffd2a61 ; jae 0xfffd2a61 +jae short loc_fffd2d53 ; jae 0xfffd2d53 and ch, 0xcf or ch, 0x18 -jmp short loc_fffd2a64 ; jmp 0xfffd2a64 +jmp short loc_fffd2d56 ; jmp 0xfffd2d56 -loc_fffd2a61: ; not directly referenced +loc_fffd2d53: ; not directly referenced and ch, 0xf7 -loc_fffd2a64: ; not directly referenced +loc_fffd2d56: ; not directly referenced push edi mov eax, ebx push edi @@ -68080,45 +68311,45 @@ inc esi push edx mov edx, dword [ebp - 0x20] push ecx -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 cmp esi, 2 -jne short loc_fffd2a3c ; jne 0xfffd2a3c +jne short loc_fffd2d2e ; jne 0xfffd2d2e mov ecx, 2 mov edx, 0x4d98 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, 1 mov edx, 0x4800 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x4800 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f xor ecx, ecx mov edx, 0x4d98 mov esi, eax mov eax, ebx and esi, 0xfffffffe -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x4800 or ecx, 2 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x4800 mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f xor esi, esi -loc_fffd2adb: ; not directly referenced +loc_fffd2dcd: ; not directly referenced mov eax, dword [ebp - 0x1c] bt eax, esi -jae short loc_fffd2b0a ; jae 0xfffd2b0a +jae short loc_fffd2dfc ; jae 0xfffd2dfc lea edi, [esi*8 + 0x48a8] mov eax, ebx mov edx, edi -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d mov ecx, eax and ch, 0xf7 mov eax, ecx @@ -68128,13 +68359,13 @@ push edx mov edx, edi push eax mov eax, ebx -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffd2b0a: ; not directly referenced +loc_fffd2dfc: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffd2adb ; jne 0xfffd2adb +jne short loc_fffd2dcd ; jne 0xfffd2dcd lea esp, [ebp - 0xc] pop ebx pop esi @@ -68142,7 +68373,7 @@ pop edi pop ebp ret -fcn_fffd2b18: ; not directly referenced +fcn_fffd2e0a: ; not directly referenced push ebp mov ebp, esp push edi @@ -68155,29 +68386,29 @@ lea edi, [esi + 0x41a0] sub esp, 0x2c mov edx, edi mov byte [ebp - 0x29], cl -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, edi and eax, 0xfffffccc or eax, 0x111 mov ecx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp + 0x10] lea edx, [esi + 0x41a4] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp + 0x14] lea edx, [esi + 0x41a8] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp + 0x18] lea edx, [esi + 0x41ac] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea edx, [esi + 0x41bc] mov eax, ebx xor ecx, ecx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea eax, [esi + 0x41c0] mov dword [ebp - 0x28], eax mov eax, dword [ebp + 8] @@ -68186,10 +68417,10 @@ mov dword [ebp - 0x1c], 0 mov dword [ebp - 0x24], 0 lea esi, [eax + 4] -loc_fffd2bb0: ; not directly referenced +loc_fffd2ea2: ; not directly referenced mov eax, dword [ebp - 0x24] cmp eax, dword [ebp + 0xc] -je loc_fffd2c4b ; je 0xfffd2c4b +je loc_fffd2f3d ; je 0xfffd2f3d mov ecx, dword [esi - 4] add esi, 0xc movzx eax, byte [esi - 0xc] @@ -68235,12 +68466,12 @@ push eax mov eax, ebx push dword [ebp - 0x1c] push dword [ebp - 0x20] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 inc dword [ebp - 0x24] -jmp near loc_fffd2bb0 ; jmp 0xfffd2bb0 +jmp near loc_fffd2ea2 ; jmp 0xfffd2ea2 -loc_fffd2c4b: ; not directly referenced +loc_fffd2f3d: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -68248,127 +68479,7 @@ pop edi pop ebp ret -fcn_fffd2c53: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -sub esp, 0x2c -cmp dword [ebp + 8], 1 -je short loc_fffd2c90 ; je 0xfffd2c90 -jb short loc_fffd2c80 ; jb 0xfffd2c80 -cmp dword [ebp + 8], 2 -jne loc_fffd2d7c ; jne 0xfffd2d7c -mov dword [ebp - 0x24], 0xa8 -mov dword [ebp - 0x20], 0x2a -jmp short loc_fffd2c9e ; jmp 0xfffd2c9e - -loc_fffd2c80: ; not directly referenced -mov dword [ebp - 0x24], 0xa4 -mov dword [ebp - 0x20], 0x29 -jmp short loc_fffd2c9e ; jmp 0xfffd2c9e - -loc_fffd2c90: ; not directly referenced -mov dword [ebp - 0x24], 0xc0 -mov dword [ebp - 0x20], 0x30 - -loc_fffd2c9e: ; not directly referenced -lea eax, [esi + 0x381a] -xor ebx, ebx -mov dword [ebp - 0x28], eax -movzx eax, dl -mov dword [ebp - 0x30], eax -movzx eax, cl -mov dword [ebp - 0x34], eax - -loc_fffd2cb5: ; not directly referenced -mov eax, dword [ebp - 0x30] -bt eax, ebx -jae loc_fffd2d67 ; jae 0xfffd2d67 -mov eax, dword [ebp - 0x28] -movzx edi, byte [eax + 0xfce] -mov eax, ebx -shl eax, 0xa -add eax, 0x4190 -mov edx, eax -and edi, 0xf -shl edi, 0x10 -or edi, 0xf -mov dword [ebp - 0x2c], eax -mov ecx, edi -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 1 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -mov dword [ebp - 0x1c], 0 - -loc_fffd2cff: ; not directly referenced -mov cl, byte [ebp - 0x1c] -mov eax, 1 -mov edx, dword [ebp - 0x28] -shl eax, cl -test byte [edx], al -jne short loc_fffd2d1b ; jne 0xfffd2d1b - -loc_fffd2d10: ; not directly referenced -inc dword [ebp - 0x1c] -cmp dword [ebp - 0x1c], 4 -jne short loc_fffd2cff ; jne 0xfffd2cff -jmp short loc_fffd2d43 ; jmp 0xfffd2d43 - -loc_fffd2d1b: ; not directly referenced -mov eax, dword [ebp - 0x34] -mov edx, dword [ebp - 0x1c] -bt eax, edx -jae short loc_fffd2d10 ; jae 0xfffd2d10 -push eax -mov ecx, edx -push 1 -mov edx, ebx -push dword [ebp - 0x24] -mov eax, esi -push dword [ebp - 0x20] -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -test eax, eax -je short loc_fffd2d10 ; je 0xfffd2d10 -jmp short loc_fffd2d81 ; jmp 0xfffd2d81 - -loc_fffd2d43: ; not directly referenced -cmp dword [ebp + 8], 2 -je short loc_fffd2d67 ; je 0xfffd2d67 -mov edx, 1 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -mov edx, dword [ebp - 0x2c] -and edi, 0xfff0ffff -mov ecx, edi -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffd2d67: ; not directly referenced -inc ebx -add dword [ebp - 0x28], 0x13c3 -cmp ebx, 2 -jne loc_fffd2cb5 ; jne 0xfffd2cb5 -xor eax, eax -jmp short loc_fffd2d81 ; jmp 0xfffd2d81 - -loc_fffd2d7c: ; not directly referenced -mov eax, 1 - -loc_fffd2d81: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffd2d89: ; not directly referenced +fcn_fffd2f45: ; not directly referenced push ebp mov ebp, esp push edi @@ -68380,7 +68491,7 @@ mov al, byte [ebp + 8] push 0 push 2 mov byte [ebp - 0x34], al -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] mov byte [ebp - 0x33], cl lea ecx, [ebp - 0x1a] push ecx @@ -68395,27 +68506,27 @@ mov ecx, edi mov dword [ebp - 0x48], eax mov eax, 1 shl eax, cl -test byte [ebx + 0x381a], al +test byte [ebx + 0x381b], al mov byte [ebp - 0x32], al setne dl mov cl, dl or ecx, 2 -test byte [ebx + 0x4bdd], al +test byte [ebx + 0x4bde], al movzx eax, al mov dword [ebp - 0x38], eax cmovne edx, ecx movzx eax, dl mov dword [ebp - 0x50], eax -loc_fffd2df2: ; not directly referenced +loc_fffd2fae: ; not directly referenced movzx esi, byte [ebp - 0x2c] xor edi, edi -loc_fffd2df8: ; not directly referenced +loc_fffd2fb4: ; not directly referenced imul eax, edi, 0x13c3 mov cl, byte [ebp - 0x32] -test byte [ebx + eax + 0x381a], cl -je short loc_fffd2e47 ; je 0xfffd2e47 +test byte [ebx + eax + 0x381b], cl +je short loc_fffd3003 ; je 0xfffd3003 push eax push 0 push esi @@ -68424,7 +68535,7 @@ push dword [ebp - 0x38] push 1 push edi push ebx -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 0 push esi @@ -68433,7 +68544,7 @@ push dword [ebp - 0x38] push 2 push edi push ebx -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 0 push esi @@ -68442,78 +68553,78 @@ push dword [ebp - 0x38] push 3 push edi push ebx -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffd2e47: ; not directly referenced +loc_fffd3003: ; not directly referenced inc edi cmp edi, 2 -jne short loc_fffd2df8 ; jne 0xfffd2df8 +jne short loc_fffd2fb4 ; jne 0xfffd2fb4 mov edx, dword [ebp - 0x50] mov eax, ebx xor esi, esi -call fcn_fffd2a2c ; call 0xfffd2a2c +call fcn_fffd2d1e ; call 0xfffd2d1e mov eax, ebx mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov edi, dword [ebp + 0xc] imul eax, dword [ebp - 0x48], 9 mov dword [ebp - 0x4c], eax -loc_fffd2e6f: ; not directly referenced +loc_fffd302b: ; not directly referenced imul eax, esi, 0x13c3 mov dword [ebp - 0x40], eax mov ecx, eax mov al, byte [ebp - 0x32] -test byte [ebx + ecx + 0x381a], al -jne short loc_fffd2e90 ; jne 0xfffd2e90 +test byte [ebx + ecx + 0x381b], al +jne short loc_fffd304c ; jne 0xfffd304c mov byte [ebp + esi - 0x1a], 0xff -jmp near loc_fffd2f40 ; jmp 0xfffd2f40 +jmp near loc_fffd30fc ; jmp 0xfffd30fc -loc_fffd2e90: ; not directly referenced +loc_fffd304c: ; not directly referenced cmp byte [ebp + esi - 0x1a], 0xff -je loc_fffd2f40 ; je 0xfffd2f40 +je loc_fffd30fc ; je 0xfffd30fc imul eax, esi, 0x54a mov byte [ebp - 0x31], 0 lea eax, [ebx + eax + 0x196b] mov dword [ebp - 0x44], eax -loc_fffd2eaf: ; not directly referenced +loc_fffd306b: ; not directly referenced mov al, byte [ebp - 0x31] -cmp al, byte [ebx + 0x2488] -jae loc_fffd2f40 ; jae 0xfffd2f40 +cmp al, byte [ebx + 0x2489] +jae loc_fffd30fc ; jae 0xfffd30fc mov cl, byte [ebp - 0x31] mov edx, dword [ebp - 0x40] mov dword [ebp - 0x30], 1 shl dword [ebp - 0x30], cl movzx eax, cl mov ecx, dword [ebp - 0x44] -cmp byte [ebx + edx + 0x49ba], 0x20 +cmp byte [ebx + edx + 0x49bb], 0x20 mov dword [ebp - 0x3c], eax mov al, byte [ecx + eax + 0x4f6] -jne short loc_fffd2ef5 ; jne 0xfffd2ef5 +jne short loc_fffd30b1 ; jne 0xfffd30b1 test al, 2 -je short loc_fffd2ef5 ; je 0xfffd2ef5 +je short loc_fffd30b1 ; je 0xfffd30b1 mov al, byte [ebp - 0x30] or byte [ebp + esi - 0x1a], al -jmp short loc_fffd2f38 ; jmp 0xfffd2f38 +jmp short loc_fffd30f4 ; jmp 0xfffd30f4 -loc_fffd2ef5: ; not directly referenced +loc_fffd30b1: ; not directly referenced mov ecx, dword [ebp - 0x3c] mov edx, esi mov eax, ebx -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov edx, eax mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dl, byte [ebp + esi - 0x1a] test byte [ebp - 0x30], dl -jne short loc_fffd2f38 ; jne 0xfffd2f38 +jne short loc_fffd30f4 ; jne 0xfffd30f4 movzx eax, al mov dword [ebp - 0x54], edx -call fcn_fffaeba2 ; call 0xfffaeba2 +call fcn_fffb38d9 ; call 0xfffb38d9 cmp al, 4 -je short loc_fffd2f38 ; je 0xfffd2f38 +je short loc_fffd30f4 ; je 0xfffd30f4 mov eax, dword [ebp - 0x3c] mov cl, byte [ebp - 0x2c] mov edx, dword [ebp - 0x54] @@ -68522,42 +68633,162 @@ or edx, dword [ebp - 0x30] mov byte [edi + eax], cl mov byte [esi + ebp - 0x1a], dl -loc_fffd2f38: ; not directly referenced +loc_fffd30f4: ; not directly referenced inc byte [ebp - 0x31] -jmp near loc_fffd2eaf ; jmp 0xfffd2eaf +jmp near loc_fffd306b ; jmp 0xfffd306b -loc_fffd2f40: ; not directly referenced +loc_fffd30fc: ; not directly referenced inc esi add edi, 0x24 cmp esi, 2 -jne loc_fffd2e6f ; jne 0xfffd2e6f +jne loc_fffd302b ; jne 0xfffd302b cmp byte [ebp - 0x1a], 0xff -jne short loc_fffd2f59 ; jne 0xfffd2f59 +jne short loc_fffd3115 ; jne 0xfffd3115 cmp byte [ebp - 0x19], 0xff -je short loc_fffd2f86 ; je 0xfffd2f86 +je short loc_fffd3142 ; je 0xfffd3142 -loc_fffd2f59: ; not directly referenced +loc_fffd3115: ; not directly referenced mov al, byte [ebp - 0x34] add byte [ebp - 0x2c], al test al, al -jle short loc_fffd2f6e ; jle 0xfffd2f6e +jle short loc_fffd312a ; jle 0xfffd312a mov al, byte [ebp - 0x33] cmp byte [ebp - 0x2c], al seta al -jmp short loc_fffd2f7b ; jmp 0xfffd2f7b +jmp short loc_fffd3137 ; jmp 0xfffd3137 -loc_fffd2f6e: ; not directly referenced +loc_fffd312a: ; not directly referenced movzx eax, byte [ebp - 0x33] movsx edx, byte [ebp - 0x2c] cmp edx, eax setl al -loc_fffd2f7b: ; not directly referenced +loc_fffd3137: ; not directly referenced movzx eax, al test eax, eax -je loc_fffd2df2 ; je 0xfffd2df2 +je loc_fffd2fae ; je 0xfffd2fae + +loc_fffd3142: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffd314a: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +sub esp, 0x2c +cmp dword [ebp + 8], 1 +je short loc_fffd3187 ; je 0xfffd3187 +jb short loc_fffd3177 ; jb 0xfffd3177 +cmp dword [ebp + 8], 2 +jne loc_fffd3273 ; jne 0xfffd3273 +mov dword [ebp - 0x24], 0xa8 +mov dword [ebp - 0x20], 0x2a +jmp short loc_fffd3195 ; jmp 0xfffd3195 + +loc_fffd3177: ; not directly referenced +mov dword [ebp - 0x24], 0xa4 +mov dword [ebp - 0x20], 0x29 +jmp short loc_fffd3195 ; jmp 0xfffd3195 + +loc_fffd3187: ; not directly referenced +mov dword [ebp - 0x24], 0xc0 +mov dword [ebp - 0x20], 0x30 + +loc_fffd3195: ; not directly referenced +lea eax, [esi + 0x381b] +xor ebx, ebx +mov dword [ebp - 0x28], eax +movzx eax, dl +mov dword [ebp - 0x30], eax +movzx eax, cl +mov dword [ebp - 0x34], eax + +loc_fffd31ac: ; not directly referenced +mov eax, dword [ebp - 0x30] +bt eax, ebx +jae loc_fffd325e ; jae 0xfffd325e +mov eax, dword [ebp - 0x28] +movzx edi, byte [eax + 0xfce] +mov eax, ebx +shl eax, 0xa +add eax, 0x4190 +mov edx, eax +and edi, 0xf +shl edi, 0x10 +or edi, 0xf +mov dword [ebp - 0x2c], eax +mov ecx, edi +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 1 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +mov dword [ebp - 0x1c], 0 + +loc_fffd31f6: ; not directly referenced +mov cl, byte [ebp - 0x1c] +mov eax, 1 +mov edx, dword [ebp - 0x28] +shl eax, cl +test byte [edx], al +jne short loc_fffd3212 ; jne 0xfffd3212 + +loc_fffd3207: ; not directly referenced +inc dword [ebp - 0x1c] +cmp dword [ebp - 0x1c], 4 +jne short loc_fffd31f6 ; jne 0xfffd31f6 +jmp short loc_fffd323a ; jmp 0xfffd323a + +loc_fffd3212: ; not directly referenced +mov eax, dword [ebp - 0x34] +mov edx, dword [ebp - 0x1c] +bt eax, edx +jae short loc_fffd3207 ; jae 0xfffd3207 +push eax +mov ecx, edx +push 1 +mov edx, ebx +push dword [ebp - 0x24] +mov eax, esi +push dword [ebp - 0x20] +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +test eax, eax +je short loc_fffd3207 ; je 0xfffd3207 +jmp short loc_fffd3278 ; jmp 0xfffd3278 + +loc_fffd323a: ; not directly referenced +cmp dword [ebp + 8], 2 +je short loc_fffd325e ; je 0xfffd325e +mov edx, 1 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +mov edx, dword [ebp - 0x2c] +and edi, 0xfff0ffff +mov ecx, edi +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffd2f86: ; not directly referenced +loc_fffd325e: ; not directly referenced +inc ebx +add dword [ebp - 0x28], 0x13c3 +cmp ebx, 2 +jne loc_fffd31ac ; jne 0xfffd31ac +xor eax, eax +jmp short loc_fffd3278 ; jmp 0xfffd3278 + +loc_fffd3273: ; not directly referenced +mov eax, 1 + +loc_fffd3278: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -68565,7 +68796,7 @@ pop edi pop ebp ret -fcn_fffd2f8e: ; not directly referenced +fcn_fffd3280: ; not directly referenced push ebp mov ebp, esp push edi @@ -68580,7 +68811,7 @@ push 0 push 2 lea edx, [ebp - 0x2c] mov byte [ebp - 0x53], al -mov eax, dword [edi + 0x2443] +mov eax, dword [edi + 0x2444] mov byte [ebp - 0x52], cl push edx call dword [eax + 0x5c] ; ucall @@ -68599,15 +68830,15 @@ mov byte [ebp - 0x40], 0 mov byte [ebp - 0x3d], 0x40 mov dword [ebp - 0x64], eax -loc_fffd2fe3: ; not directly referenced +loc_fffd32d5: ; not directly referenced movzx esi, byte [ebp - 0x3d] xor ebx, ebx -loc_fffd2fe9: ; not directly referenced +loc_fffd32db: ; not directly referenced imul eax, ebx, 0x13c3 mov dl, byte [ebp - 0x3e] -test byte [edi + eax + 0x381a], dl -je short loc_fffd3010 ; je 0xfffd3010 +test byte [edi + eax + 0x381b], dl +je short loc_fffd3302 ; je 0xfffd3302 push eax push 0 push esi @@ -68616,19 +68847,19 @@ push dword [ebp - 0x50] push 4 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffd3010: ; not directly referenced +loc_fffd3302: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffd2fe9 ; jne 0xfffd2fe9 +jne short loc_fffd32db ; jne 0xfffd32db mov dword [ebp - 0x3c], 0 -loc_fffd301d: ; not directly referenced +loc_fffd330f: ; not directly referenced mov al, byte [ebp - 0x3e] -test byte [edi + 0x381a], al -je short loc_fffd3069 ; je 0xfffd3069 +test byte [edi + 0x381b], al +je short loc_fffd335b ; je 0xfffd335b or byte [ebp - 0x40], 1 mov edx, 0x41a4 cmp dword [ebp - 0x3c], 1 @@ -68636,20 +68867,20 @@ mov eax, edi sbb ecx, ecx and ecx, 0xffffc000 add ecx, 0x7000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, 0x4000 mov edx, 0x41a8 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 xor ecx, ecx mov edx, 0x41ac mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffd3069: ; not directly referenced +loc_fffd335b: ; not directly referenced mov al, byte [ebp - 0x3e] -test byte [edi + 0x4bdd], al -je short loc_fffd30b5 ; je 0xfffd30b5 +test byte [edi + 0x4bde], al +je short loc_fffd33a7 ; je 0xfffd33a7 or byte [ebp - 0x40], 2 mov edx, 0x45a4 cmp dword [ebp - 0x3c], 1 @@ -68657,40 +68888,40 @@ mov eax, edi sbb ecx, ecx and ecx, 0xffffc000 add ecx, 0x7000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, 0x4000 mov edx, 0x45a8 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 xor ecx, ecx mov edx, 0x45ac mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffd30b5: ; not directly referenced +loc_fffd33a7: ; not directly referenced movzx edx, byte [ebp - 0x40] mov eax, edi xor esi, esi -call fcn_fffd2a2c ; call 0xfffd2a2c +call fcn_fffd2d1e ; call 0xfffd2d1e mov eax, edi mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 0xc] mov dword [ebp - 0x48], eax -loc_fffd30d4: ; not directly referenced +loc_fffd33c6: ; not directly referenced imul eax, esi, 0x13c3 mov dword [ebp - 0x5c], eax mov ebx, eax mov al, byte [ebp - 0x3e] -test byte [edi + ebx + 0x381a], al -jne short loc_fffd30f5 ; jne 0xfffd30f5 +test byte [edi + ebx + 0x381b], al +jne short loc_fffd33e7 ; jne 0xfffd33e7 mov byte [ebp + esi - 0x2c], 0xff -jmp near loc_fffd31d4 ; jmp 0xfffd31d4 +jmp near loc_fffd34c6 ; jmp 0xfffd34c6 -loc_fffd30f5: ; not directly referenced +loc_fffd33e7: ; not directly referenced cmp byte [ebp + esi - 0x2c], 0xff -je loc_fffd31d4 ; je 0xfffd31d4 +je loc_fffd34c6 ; je 0xfffd34c6 imul eax, esi, 0x54a lea ebx, [ebp - 0x18] mov byte [ebp - 0x3f], 0 @@ -68700,59 +68931,59 @@ lea eax, [esi + esi*8] add eax, ebx mov dword [ebp - 0x4c], eax -loc_fffd311f: ; not directly referenced +loc_fffd3411: ; not directly referenced mov al, byte [ebp - 0x3f] -cmp al, byte [edi + 0x2488] -jae loc_fffd31d4 ; jae 0xfffd31d4 +cmp al, byte [edi + 0x2489] +jae loc_fffd34c6 ; jae 0xfffd34c6 mov edx, dword [ebp - 0x5c] mov cl, byte [ebp - 0x3f] mov eax, dword [ebp - 0x58] mov dword [ebp - 0x44], 1 shl dword [ebp - 0x44], cl -cmp byte [edi + edx + 0x49ba], 0x20 +cmp byte [edi + edx + 0x49bb], 0x20 movzx ebx, cl mov al, byte [eax + ebx + 0x4f6] -jne short loc_fffd3162 ; jne 0xfffd3162 +jne short loc_fffd3454 ; jne 0xfffd3454 test al, 2 -je short loc_fffd3162 ; je 0xfffd3162 +je short loc_fffd3454 ; je 0xfffd3454 mov al, byte [ebp - 0x44] or byte [ebp + esi - 0x2c], al -jmp short loc_fffd31cc ; jmp 0xfffd31cc +jmp short loc_fffd34be ; jmp 0xfffd34be -loc_fffd3162: ; not directly referenced +loc_fffd3454: ; not directly referenced mov ecx, ebx mov edx, esi mov eax, edi -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov edx, eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov cl, byte [ebp + esi - 0x2c] test byte [ebp - 0x44], cl -jne short loc_fffd31cc ; jne 0xfffd31cc +jne short loc_fffd34be ; jne 0xfffd34be cmp dword [ebp - 0x3c], 0 movzx edx, al -jne short loc_fffd3191 ; jne 0xfffd3191 +jne short loc_fffd3483 ; jne 0xfffd3483 mov eax, dword [ebp - 0x4c] mov byte [ebx + eax - 0x12], dl -jmp short loc_fffd31cc ; jmp 0xfffd31cc +jmp short loc_fffd34be ; jmp 0xfffd34be -loc_fffd3191: ; not directly referenced +loc_fffd3483: ; not directly referenced mov eax, dword [ebp - 0x4c] mov dword [ebp - 0x6c], ecx mov dword [ebp - 0x68], edx mov al, byte [ebx + eax - 0x12] mov byte [ebp - 0x51], al mov eax, edx -call fcn_fffaeba2 ; call 0xfffaeba2 +call fcn_fffb38d9 ; call 0xfffb38d9 mov edx, dword [ebp - 0x68] mov ecx, dword [ebp - 0x6c] cmp al, 4 -jne short loc_fffd31b7 ; jne 0xfffd31b7 +jne short loc_fffd34a9 ; jne 0xfffd34a9 cmp byte [ebp - 0x51], dl -jne short loc_fffd31cc ; jne 0xfffd31cc +jne short loc_fffd34be ; jne 0xfffd34be -loc_fffd31b7: ; not directly referenced +loc_fffd34a9: ; not directly referenced mov eax, dword [ebp - 0x60] mov edx, dword [ebp - 0x48] or ecx, dword [ebp - 0x44] @@ -68761,44 +68992,44 @@ mov bl, byte [ebp - 0x3d] mov byte [ebp + esi - 0x2c], cl mov byte [edx + eax], bl -loc_fffd31cc: ; not directly referenced +loc_fffd34be: ; not directly referenced inc byte [ebp - 0x3f] -jmp near loc_fffd311f ; jmp 0xfffd311f +jmp near loc_fffd3411 ; jmp 0xfffd3411 -loc_fffd31d4: ; not directly referenced +loc_fffd34c6: ; not directly referenced inc esi add dword [ebp - 0x48], 0x24 cmp esi, 2 -jne loc_fffd30d4 ; jne 0xfffd30d4 +jne loc_fffd33c6 ; jne 0xfffd33c6 inc dword [ebp - 0x3c] cmp dword [ebp - 0x3c], 2 -jne loc_fffd301d ; jne 0xfffd301d +jne loc_fffd330f ; jne 0xfffd330f cmp byte [ebp - 0x2c], 0xff -jne short loc_fffd31fb ; jne 0xfffd31fb +jne short loc_fffd34ed ; jne 0xfffd34ed cmp byte [ebp - 0x2b], 0xff -je short loc_fffd3225 ; je 0xfffd3225 +je short loc_fffd3517 ; je 0xfffd3517 -loc_fffd31fb: ; not directly referenced +loc_fffd34ed: ; not directly referenced mov al, byte [ebp - 0x53] add byte [ebp - 0x3d], al test al, al -jle short loc_fffd3210 ; jle 0xfffd3210 +jle short loc_fffd3502 ; jle 0xfffd3502 mov al, byte [ebp - 0x52] cmp byte [ebp - 0x3d], al seta al -jmp short loc_fffd321a ; jmp 0xfffd321a +jmp short loc_fffd350c ; jmp 0xfffd350c -loc_fffd3210: ; not directly referenced +loc_fffd3502: ; not directly referenced movsx eax, byte [ebp - 0x3d] cmp eax, dword [ebp - 0x64] setl al -loc_fffd321a: ; not directly referenced +loc_fffd350c: ; not directly referenced movzx eax, al test eax, eax -je loc_fffd2fe3 ; je 0xfffd2fe3 +je loc_fffd32d5 ; je 0xfffd32d5 -loc_fffd3225: ; not directly referenced +loc_fffd3517: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -68806,16 +69037,14 @@ pop edi pop ebp ret -loc_fffd322d: -db 0x66 -db 0x90 +loc_fffd351f: db 0x90 -ref_fffd3230: -dd 0x00000801 -dd 0x01000402 +ref_fffd3520: +dd 0x02000801 +dd 0x00000602 -ref_fffd3238: +ref_fffd3528: dd 0x4000f001 dd 0x02005a01 dd 0x011800dc @@ -68837,22 +69066,22 @@ dd 0x080d008c dd 0xbe028002 dd 0x00000000 -ref_fffd3288: +ref_fffd3578: dd 0x4443524d dd 0x90906600 -ref_fffd3290: +ref_fffd3580: dd 0x05010400 dd 0x07030602 dd 0x00000008 -ref_fffd329c: +ref_fffd358c: dd 0xff830000 dd 0xffe1ffc2 dd 0x007d00fa dd 0x001f003e -ref_fffd32ac: +ref_fffd359c: dd 0x02030304 dd 0x02030404 dd 0x03030405 @@ -68864,7 +69093,7 @@ dd 0x03030405 dd 0x03040405 dd 0x03030404 -ref_fffd32d4: +ref_fffd35c4: dd 0x05060605 dd 0x05060605 dd 0x06060604 @@ -68872,55 +69101,50 @@ dd 0x05060607 dd 0x05060607 dd 0x06060607 -ref_fffd32ec: -dd loc_fffa6b75 -dd loc_fffa6ab2 -dd loc_fffa6ae7 -dd loc_fffa6b47 -dd loc_fffa6a85 -dd loc_fffa6b75 -dd loc_fffa6b75 - -ref_fffd3308: -dd loc_fffa83ff -dd loc_fffa840d -dd loc_fffa841d -dd loc_fffa850b -dd loc_fffa8432 -dd loc_fffa843d -dd loc_fffa844a -dd loc_fffa847b -dd loc_fffa8498 - -ref_fffd332c: -dd loc_fffa8691 -dd loc_fffa86c5 -dd loc_fffa8702 -dd loc_fffa86e1 -dd loc_fffa8691 -dd loc_fffa86c5 -dd loc_fffa86e1 -dd loc_fffa8636 - -ref_fffd334c: +ref_fffd35dc: +dd loc_fffa6b23 +dd loc_fffa6a60 +dd loc_fffa6a95 +dd loc_fffa6af5 +dd loc_fffa6a33 +dd loc_fffa6b23 +dd loc_fffa6b23 + +ref_fffd35f8: +dd loc_fffa83ad +dd loc_fffa83bb +dd loc_fffa83cb +dd loc_fffa84b9 +dd loc_fffa83e0 +dd loc_fffa83eb +dd loc_fffa83f8 +dd loc_fffa8429 +dd loc_fffa8446 + +ref_fffd361c: +dd loc_fffa863f +dd loc_fffa8673 +dd loc_fffa86b0 +dd loc_fffa868f +dd loc_fffa863f +dd loc_fffa8673 +dd loc_fffa868f +dd loc_fffa85e4 + +ref_fffd363c: dd 0x50f00050 dd 0x0000f000 dd 0x00000000 -ref_fffd3358: +ref_fffd3648: dd 0x50f00050 dd 0x0000f000 dd 0x00000000 -ref_fffd3364: -dd 0x3c3c3c3c -dd 0x283c283c -dd 0x283c283c -dd 0x3c3c3c3c -dd 0x283c283c -dd 0x283c283c +ref_fffd3654: +db '<<<<<(<(<(<(<<<<<(<(<(<(' -ref_fffd337c: +ref_fffd366c: dd 0x3c3c3c3c dd 0x1e3c1e3c dd 0x1e3c1e3c @@ -68928,11 +69152,11 @@ dd 0x3c3c3c3c dd 0x1e3c1e3c dd 0x1e3c1e3c -ref_fffd3394: +ref_fffd3684: dd 0x00780078 dd 0x00000000 -ref_fffd339c: +ref_fffd368c: dd 0x003c003c dd 0x1e3c1e3c dd 0x1e3c1e3c @@ -68940,7 +69164,7 @@ dd 0x003c003c dd 0x1e3c1e3c dd 0x1e3c1e3c -ref_fffd33b4: +ref_fffd36a4: dd 0x28002800 dd 0x1e3c1e3c dd 0x1e3c1e3c @@ -68948,88 +69172,121 @@ dd 0x28002800 dd 0x1e3c1e3c dd 0x1e3c1e3c -ref_fffd33cc: +ref_fffd36bc: dd 0x00780078 dd 0x00000000 -ref_fffd33d4: -dd fcn_fffc3686 -dd fcn_fffc3621 -dd fcn_fffc34c9 -dd fcn_fffc33fa -dd fcn_fffc343a -dd fcn_fffc337c -dd fcn_fffc35b2 -dd fcn_fffc3506 -dd fcn_fffc3343 -dd fcn_fffc32fa -dd fcn_fffc323f -dd fcn_fffc31bb -dd fcn_fffac83c - -ref_fffd3408: -dd fcn_fffc2f86 -dd fcn_fffaeda5 -dd fcn_fffa7852 -dd fcn_fffc2cf5 -dd fcn_fffc2912 -dd fcn_fffc2693 -dd fcn_fffc247a -dd fcn_fffae2eb -dd fcn_fffae11e -dd fcn_fffadc1a -dd fcn_fffada63 -dd fcn_fffc2b14 -dd fcn_fffad8ba -dd fcn_fffad37a -dd fcn_fffad193 -dd fcn_fffacfea -dd fcn_fffadfa3 -dd fcn_fffade28 -dd fcn_fffad70d -dd fcn_fffad560 -dd fcn_ffface9c -dd fcn_fffacd4e -dd fcn_fffacb8e -dd fcn_fffac879 - -ref_fffd3468: +ref_fffd36c4: +dd 0x02000100 +dd 0x08000400 +dd 0x20001000 +dd 0x80004000 + +ref_fffd36d4: +dd 0x86186186 +dd 0x18618618 +dd 0x30c30c30 +dd 0xa28a28a2 +dd 0x8a28a28a +dd 0x14514514 +dd 0x28a28a28 +dd 0x92492492 +dd 0x24924924 + +ref_fffd36f8: +dd 0x00a10ca1 +dd 0x00ef0d08 +dd 0x00ad0a1e + +ref_fffd3704: +dd 0x00100000 +dd 0x00110001 +dd 0x00800081 + +ref_fffd3710: +dd 0x00010000 +dd 0x00030002 +dd 0x00050004 +dd 0x00070006 + +ref_fffd3720: dd 0x00000000 dd 0x00010105 dd 0x01050100 -ref_fffd3474: +ref_fffd372c: dd 0x00000000 dd 0x04000101 dd 0x01050000 -ref_fffd3480: +ref_fffd3738: dd 0x01000001 dd 0x04010101 dd 0x01050100 -ref_fffd348c: +ref_fffd3744: dd 0x00000000 dd 0x04000103 dd 0x01070000 -ref_fffd3498: +ref_fffd3750: dd 0x00000000 dd 0x04000003 dd 0x00070000 -ref_fffd34a4: +ref_fffd375c: dd 0x00010000 dd 0x04000103 dd 0x01070001 -ref_fffd34b0: +ref_fffd3768: +dd fcn_fffc357b +dd fcn_fffc3516 +dd fcn_fffc33be +dd fcn_fffc32ef +dd fcn_fffc332f +dd fcn_fffc3271 +dd fcn_fffc34a7 +dd fcn_fffc33fb +dd fcn_fffc3238 +dd fcn_fffc31ef +dd fcn_fffc3134 +dd fcn_fffc30b0 +dd fcn_fffb1631 + +ref_fffd379c: +dd fcn_fffc2e7b +dd fcn_fffb3adc +dd fcn_fffa7800 +dd fcn_fffc2bea +dd fcn_fffc2807 +dd fcn_fffc2588 +dd fcn_fffc236f +dd fcn_fffb30e0 +dd fcn_fffb2f13 +dd fcn_fffb2a0f +dd fcn_fffb2858 +dd fcn_fffc2a09 +dd fcn_fffb26af +dd fcn_fffb216f +dd fcn_fffb1f88 +dd fcn_fffb1ddf +dd fcn_fffb2d98 +dd fcn_fffb2c1d +dd fcn_fffb2502 +dd fcn_fffb2355 +dd fcn_fffb1c91 +dd fcn_fffb1b43 +dd fcn_fffb1983 +dd fcn_fffb166e + +ref_fffd37fc: dd 0xffffffff -ref_fffd34b4: +ref_fffd3800: dd 0x7fffffff -ref_fffd34b8: +ref_fffd3804: dd 0x2625a000 dd 0x00032000 dd 0x84800300 @@ -69077,23 +69334,32 @@ dd 0x00000000 dd 0x00000000 dd 0x90906600 -ref_fffd3570: -dd 0x86186186 -dd 0x18618618 -dd 0x30c30c30 -dd 0xa28a28a2 -dd 0x8a28a28a -dd 0x14514514 -dd 0x28a28a28 -dd 0x92492492 -dd 0x24924924 +ref_fffd38bc: +dd 0x00000000 +dd 0x00000000 +dd 0x00070000 +dd 0x03ff07ff +dd 0x00000000 +dd 0x00000020 +dd 0x00000003 +dd 0x00000003 +dd 0x00000000 +dd 0x00010001 +dd 0x00350049 -ref_fffd3594: -dd 0x00a10ca1 -dd 0x00ef0d08 -dd 0x00ad0a1e +ref_fffd38e8: +dd 0x00000401 +dd 0x00000203 -ref_fffd35a0: +ref_fffd38f0: +dd 0x00010001 +dd 0x00000307 + +ref_fffd38f8: +dd 0x00010000 +dd 0x90660000 + +ref_fffd3900: dd 0x00010000 dd 0x02000201 dd 0x00030900 @@ -69112,7 +69378,7 @@ dd 0x0101a701 dd 0x01ca01ac dd 0x00000001 -ref_fffd35e4: +ref_fffd3944: dd 0x00010000 dd 0x02000201 dd 0x00030900 @@ -69129,660 +69395,65 @@ dd 0x00b90100 dd 0xdc0100d7 dd 0x0100fa00 -ref_fffd3620: +ref_fffd3980: dd 0x20445053 dd 0x90906600 -ref_fffd3628: +ref_fffd3988: dd 0x02010000 dd 0x06050403 dd 0x08080707 dd 0x0a090909 -dd 0x00000a0a - -ref_fffd363c: -dd 0x003c0000 -dd 0x48004806 -dd 0x004c0600 -dd 0x5002004c -dd 0x04005000 -dd 0x00540054 -dd 0x58005806 -dd 0x005c0400 -dd 0x6006005c -dd 0x06006000 -dd 0x00640064 -dd 0x60006002 -dd 0x00640700 -dd 0x68030064 -dd 0x06006800 -dd 0x0070006c -dd 0x78007407 -dd 0x00740600 -dd 0x7c070074 -dd 0x04008c00 -dd 0x00800080 -dd 0x3c010005 -dd 0x01480601 -dd 0x4c060148 -dd 0x02014c01 -dd 0x01500150 -dd 0x54015404 -dd 0x01580601 -dd 0x5c040158 -dd 0x06015c01 -dd 0x01600160 -dd 0x64016406 -dd 0x01600201 -dd 0x64070160 -dd 0x03016401 -dd 0x01680168 -dd 0x70016c06 -dd 0x01740701 -dd 0x74060178 -dd 0x07017401 -dd 0x018c017c -dd 0x80018004 -dd 0x02000501 -dd 0x4806023c -dd 0x06024802 -dd 0x024c024c -dd 0x50025002 -dd 0x02540402 -dd 0x58060254 -dd 0x04025802 -dd 0x025c025c -dd 0x60026006 -dd 0x02640602 -dd 0x60020264 -dd 0x07026002 -dd 0x02640264 -dd 0x68026803 -dd 0x026c0602 -dd 0x74070270 -dd 0x06027802 -dd 0x02740274 -dd 0x8c027c07 -dd 0x02800402 -dd 0x00050280 -dd 0x06033c03 -dd 0x03480348 -dd 0x4c034c06 -dd 0x03500203 -dd 0x54040350 -dd 0x06035403 -dd 0x03580358 -dd 0x5c035c04 -dd 0x03600603 -dd 0x64060360 -dd 0x02036403 -dd 0x03600360 -dd 0x64036407 -dd 0x03680303 -dd 0x6c060368 -dd 0x07037003 -dd 0x03780374 -dd 0x74037406 -dd 0x037c0703 -dd 0x8004038c -dd 0x05038003 -dd 0x043c0400 -dd 0x48044806 -dd 0x044c0604 -dd 0x5002044c -dd 0x04045004 -dd 0x04540454 -dd 0x58045806 -dd 0x045c0404 -dd 0x6006045c -dd 0x06046004 -dd 0x04640464 -dd 0x60046002 -dd 0x04640704 -dd 0x68030464 -dd 0x06046804 -dd 0x0470046c -dd 0x78047407 -dd 0x04740604 -dd 0x7c070474 -dd 0x04048c04 -dd 0x04800480 -dd 0x3c050005 -dd 0x05480605 -dd 0x4c060548 -dd 0x02054c05 -dd 0x05500550 -dd 0x54055404 -dd 0x05580605 -dd 0x5c040558 -dd 0x06055c05 -dd 0x05600560 -dd 0x64056406 -dd 0x05600205 -dd 0x64070560 -dd 0x03056405 -dd 0x05680568 -dd 0x70056c06 -dd 0x05740705 -dd 0x74060578 -dd 0x07057405 -dd 0x058c057c -dd 0x80058004 -dd 0x06000505 -dd 0x4806063c -dd 0x06064806 -dd 0x064c064c -dd 0x50065002 -dd 0x06540406 -dd 0x58060654 -dd 0x04065806 -dd 0x065c065c -dd 0x60066006 -dd 0x06640606 -dd 0x60020664 -dd 0x07066006 -dd 0x06640664 -dd 0x68066803 -dd 0x066c0606 -dd 0x74070670 -dd 0x06067806 -dd 0x06740674 -dd 0x8c067c07 -dd 0x06800406 -dd 0x00050680 -dd 0x06073c07 -dd 0x07480748 -dd 0x4c074c06 -dd 0x07500207 -dd 0x54040750 -dd 0x06075407 -dd 0x07580758 -dd 0x5c075c04 -dd 0x07600607 -dd 0x64060760 -dd 0x02076407 -dd 0x07600760 -dd 0x64076407 -dd 0x07680307 -dd 0x6c060768 -dd 0x07077007 -dd 0x07780774 -dd 0x74077406 -dd 0x077c0707 -dd 0x8004078c -dd 0x05078007 -dd 0x083c0800 -dd 0x48084806 -dd 0x084c0608 -dd 0x5002084c -dd 0x04085008 -dd 0x08540854 -dd 0x58085806 -dd 0x085c0408 -dd 0x6006085c -dd 0x06086008 -dd 0x08640864 -dd 0x60086002 -dd 0x08640708 -dd 0x68030864 -dd 0x06086808 -dd 0x0870086c -dd 0x78087407 -dd 0x08740608 -dd 0x7c070874 -dd 0x04088c08 -dd 0x08800880 -dd 0x3c090005 -dd 0x09480609 -dd 0x4c060948 -dd 0x02094c09 -dd 0x09500950 -dd 0x54095404 -dd 0x09580609 -dd 0x5c040958 -dd 0x06095c09 -dd 0x09600960 -dd 0x64096406 -dd 0x09600209 -dd 0x64070960 -dd 0x03096409 -dd 0x09680968 -dd 0x70096c06 -dd 0x09740709 -dd 0x74060978 -dd 0x07097409 -dd 0x098c097c -dd 0x80098004 -dd 0x0a000509 -dd 0x48060a3c -dd 0x060a480a -dd 0x0a4c0a4c -dd 0x500a5002 -dd 0x0a54040a -dd 0x58060a54 -dd 0x040a580a -dd 0x0a5c0a5c -dd 0x600a6006 -dd 0x0a64060a -dd 0x60020a64 -dd 0x070a600a -dd 0x0a640a64 -dd 0x680a6803 -dd 0x0a6c060a -dd 0x74070a70 -dd 0x060a780a -dd 0x0a740a74 -dd 0x8c0a7c07 -dd 0x0a80040a -dd 0x00050a80 -dd 0x060b3c0b -dd 0x0b480b48 -dd 0x4c0b4c06 -dd 0x0b50020b -dd 0x54040b50 -dd 0x060b540b -dd 0x0b580b58 -dd 0x5c0b5c04 -dd 0x0b60060b -dd 0x64060b60 -dd 0x020b640b -dd 0x0b600b60 -dd 0x640b6407 -dd 0x0b68030b -dd 0x6c060b68 -dd 0x070b700b -dd 0x0b780b74 -dd 0x740b7406 -dd 0x0b7c070b -dd 0x80040b8c -dd 0x050b800b -dd 0x0c3c0c00 -dd 0x480c4806 -dd 0x0c4c060c -dd 0x50020c4c -dd 0x040c500c -dd 0x0c540c54 -dd 0x580c5806 -dd 0x0c5c040c -dd 0x60060c5c -dd 0x060c600c -dd 0x0c640c64 -dd 0x600c6002 -dd 0x0c64070c -dd 0x68030c64 -dd 0x060c680c -dd 0x0c700c6c -dd 0x780c7407 -dd 0x0c74060c -dd 0x7c070c74 -dd 0x040c8c0c -dd 0x0c800c80 -dd 0x3c0d0005 -dd 0x0d48060d -dd 0x4c060d48 -dd 0x020d4c0d -dd 0x0d500d50 -dd 0x540d5404 -dd 0x0d58060d -dd 0x5c040d58 -dd 0x060d5c0d -dd 0x0d600d60 -dd 0x640d6406 -dd 0x0d60020d -dd 0x64070d60 -dd 0x030d640d -dd 0x0d680d68 -dd 0x700d6c06 -dd 0x0d74070d -dd 0x74060d78 -dd 0x070d740d -dd 0x0d8c0d7c -dd 0x800d8004 -dd 0x0e00050d -dd 0x48060e3c -dd 0x060e480e -dd 0x0e4c0e4c -dd 0x500e5002 -dd 0x0e54040e -dd 0x58060e54 -dd 0x040e580e -dd 0x0e5c0e5c -dd 0x600e6006 -dd 0x0e64060e -dd 0x60020e64 -dd 0x070e600e -dd 0x0e640e64 -dd 0x680e6803 -dd 0x0e6c060e -dd 0x74070e70 -dd 0x060e780e -dd 0x0e740e74 -dd 0x8c0e7c07 -dd 0x0e80040e -dd 0x00050e80 -dd 0x060f3c0f -dd 0x0f480f48 -dd 0x4c0f4c06 -dd 0x0f50020f -dd 0x54040f50 -dd 0x060f540f -dd 0x0f580f58 -dd 0x5c0f5c04 -dd 0x0f60060f -dd 0x64060f60 -dd 0x020f640f -dd 0x0f600f60 -dd 0x640f6407 -dd 0x0f68030f -dd 0x6c060f68 -dd 0x070f700f -dd 0x0f780f74 -dd 0x740f7406 -dd 0x0f7c070f -dd 0x80040f8c -dd 0x050f800f -dd 0x0f840f84 -dd 0x3c100005 -dd 0x10480610 -dd 0x4c061048 -dd 0x02104c10 -dd 0x10501050 -dd 0x54105404 -dd 0x10580610 -dd 0x5c041058 -dd 0x06105c10 -dd 0x10601060 -dd 0x64106406 -dd 0x10600210 -dd 0x64071060 -dd 0x03106410 -dd 0x10681068 -dd 0x70106c06 -dd 0x10740710 -dd 0x74061078 -dd 0x07107410 -dd 0x108c107c -dd 0x80108004 -dd 0x11000510 -dd 0x4806113c -dd 0x06114811 -dd 0x114c114c -dd 0x50115002 -dd 0x11540411 -dd 0x58061154 -dd 0x04115811 -dd 0x115c115c -dd 0x60116006 -dd 0x11640611 -dd 0x60021164 -dd 0x07116011 -dd 0x11641164 -dd 0x68116803 -dd 0x116c0611 -dd 0x74071170 -dd 0x06117811 -dd 0x11741174 -dd 0x8c117c07 -dd 0x11800411 -dd 0x04051180 -dd 0x06120812 -dd 0x121c1214 -dd 0x20122006 -dd 0x13040412 -dd 0x14061308 -dd 0x06131c13 -dd 0x13201320 -dd 0x0c140404 -dd 0x15040614 -dd 0x0006150c -dd 0x04180018 -dd 0x18101808 -dd 0x18181806 -dd 0x18200418 -dd 0x00041820 -dd 0x04190019 -dd 0x19101908 -dd 0x18191806 -dd 0x19200419 -dd 0x04041920 -dd 0x061a0c1a -dd 0x1b0c1b04 -dd 0x1c1c1406 -dd 0x1c20061c -dd 0x14041c20 -dd 0x061d1c1d -dd 0x1d201d20 -dd 0x04200004 -dd 0x20080720 -dd 0xb8062008 -dd 0x022bb82b -dd 0x36783678 -dd 0x283a0004 -dd 0x3a2c063a -dd 0x30043a2c -dd 0x043a343a -dd 0x40044000 -dd 0x04400406 -dd 0x40080740 -dd 0x1006400c -dd 0x07401440 -dd 0x40184018 -dd 0x20402005 -dd 0x40240740 -dd 0x2c064028 -dd 0x04403840 -dd 0x40ac40a4 -dd 0xcc40b404 -dd 0x40d00440 -dd 0xd40640d0 -dd 0x0440d440 -dd 0x42104210 -dd 0x24422004 -dd 0x42280642 -dd 0x8c044244 -dd 0x04429042 -dd 0x42944294 -dd 0x98429806 -dd 0x429c0442 -dd 0xa006429c -dd 0x0742a042 -dd 0x42ac42a4 -dd 0xe842e405 -dd 0x42ec0542 -dd 0x280742fc -dd 0x07432843 -dd 0x43744340 -dd 0x90438c05 -dd 0x44000643 -dd 0x04064404 -dd 0x07440444 -dd 0x440c4408 -dd 0x14441006 -dd 0x44180744 -dd 0x20054418 -dd 0x07442044 -dd 0x44284424 -dd 0x38442c06 -dd 0x44a40444 -dd 0xb40444ac -dd 0x0444cc44 -dd 0x44d044d0 -dd 0xd444d406 -dd 0x46100444 -dd 0x20044610 -dd 0x06462446 -dd 0x46444628 -dd 0x90468c04 -dd 0x46940446 -dd 0x98064694 -dd 0x04469846 -dd 0x469c469c -dd 0xa046a006 -dd 0x46a40746 -dd 0xe40546ac -dd 0x0546e846 -dd 0x46fc46ec -dd 0x28472807 -dd 0x47400747 -dd 0x8c054774 -dd 0x06479047 -dd 0x48c048a8 -dd 0xf448d802 -dd 0x49080248 -dd 0x6802491c -dd 0x04496849 -dd 0x498c4980 -dd 0x444e3802 -dd 0x5000024e -dd 0x04065000 -dd 0x07500850 -dd 0x5018500c -dd 0x1c501c06 -dd 0x50200750 -dd 0x38065034 -dd 0x02503c50 -dd 0x50585040 -dd 0x5c505c06 -dd 0x50600250 -dd 0x64075060 -dd 0x02507c50 -dd 0x50845080 -dd 0x8c508806 -dd 0x50900250 -dd 0x98065094 -dd 0x02509c50 -dd 0x50a450a0 -dd 0xac50a806 -dd 0x50b00250 -dd 0xd00650cc -dd 0x0250dc50 -dd 0x58805880 -dd 0x88588407 -dd 0x588c0758 -dd 0x9005588c -dd 0x07589c58 -dd 0x58a458a4 -dd 0xdc58d006 -dd 0x58e00758 -dd 0xb80758e4 -dd 0x0759b859 - -ref_fffd3e70: -dd 0x02000100 -dd 0x08000400 -dd 0x20001000 -dd 0x80004000 - -ref_fffd3e80: -dd 0x00100000 -dd 0x00110001 -dd 0x00800081 - -ref_fffd3e8c: -dd 0x00010000 -dd 0x00030002 -dd 0x00050004 -dd 0x00070006 - -ref_fffd3e9c: -dd 0x00000000 -dd 0x00000000 -dd 0x00070000 -dd 0x03ff07ff -dd 0x00000000 -dd 0x00000020 -dd 0x00000003 -dd 0x00000003 -dd 0x00000000 -dd 0x00010001 -dd 0x00350049 - -ref_fffd3ec8: -dd 0x00000401 -dd 0x00000203 - -ref_fffd3ed0: -dd 0x00010001 -dd 0x00000307 - -ref_fffd3ed8: -dd 0x00010000 -dd 0x90660000 - -ref_fffd3ee0: -dd loc_fffb407d -dd loc_fffb40ab -dd loc_fffb40e5 -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb4103 -dd loc_fffb4136 - -ref_fffd3f10: -dd loc_fffb4beb -dd loc_fffb4bdc -dd loc_fffb4bfa -dd loc_fffb4c84 -dd loc_fffb4c84 -dd loc_fffb4c84 - -ref_fffd3f28: -dd loc_fffb52b2 -dd loc_fffb52ad -dd loc_fffb52d3 -dd loc_fffb52c6 -dd loc_fffb530f -dd loc_fffb52f1 -dd loc_fffb5344 -dd loc_fffb535a -dd loc_fffb53b3 -dd loc_fffb5399 -dd loc_fffb53cc -dd loc_fffb5414 - -ref_fffd3f58: -dd loc_fffb56de -dd loc_fffb561b -dd loc_fffb5559 -dd loc_fffb561b -dd loc_fffb56a0 -dd loc_fffb561b -dd loc_fffb5705 -dd loc_fffb56ef -dd loc_fffb56a0 -dd loc_fffb553a - -ref_fffd3f80: -dd loc_fffb57eb -dd loc_fffb5802 -dd loc_fffb5819 -dd loc_fffb582d -dd loc_fffb5841 -dd loc_fffb5858 -dd loc_fffb586f -dd loc_fffb5883 -dd loc_fffb58be -dd loc_fffb58d5 -dd loc_fffb592a -dd loc_fffb599b -dd loc_fffb59fe -dd loc_fffb5b1f -dd loc_fffb5b53 - -ref_fffd3fbc: +dd 0x90660a0a + +ref_fffd399c: +dd loc_fffb4110 +dd loc_fffb413e +dd loc_fffb4178 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb4196 +dd loc_fffb41c9 + +ref_fffd39cc: +dd loc_fffb46a0 +dd loc_fffb46b7 +dd loc_fffb46ce +dd loc_fffb46e2 +dd loc_fffb46f6 +dd loc_fffb470d +dd loc_fffb4724 +dd loc_fffb4738 +dd loc_fffb4773 +dd loc_fffb478a +dd loc_fffb47df +dd loc_fffb4850 +dd loc_fffb48b3 +dd loc_fffb49d4 +dd loc_fffb4a08 + +ref_fffd3a08: +dd loc_fffb4c55 +dd loc_fffb4c46 +dd loc_fffb4c64 +dd loc_fffb4cee +dd loc_fffb4cee +dd loc_fffb4cee + +ref_fffd3a20: db 'CbAllocatePool',0x00,0x00 -ref_fffd3fcc: +ref_fffd3a30: dd 0x00000000 dd 0xe0566b04 dd 0x060a0302 -ref_fffd3fd8: +ref_fffd3a3c: dd 0x008a2601 dd 0xee84a905 dd 0x03060402 @@ -69808,7 +69479,7 @@ dd 0x008e1401 dd 0xdb385b04 dd 0x05090302 -ref_fffd4038: +ref_fffd3a9c: dd 0x00000062 dd 0x44ab8703 dd 0x42220805 @@ -69830,7 +69501,7 @@ dd 0x98020000 dd 0x090573a3 dd 0x00000034 -ref_fffd4088: +ref_fffd3aec: dd 0x00669263 dd 0x82ca6a04 dd 0x63081009 @@ -71350,16 +71021,20 @@ dd 0x4f145324 dd 0x887d0200 dd 0x1804023c -ref_fffd5840: +ref_fffd52a4: +dd 0x283c7800 +dd 0x9066141e + +ref_fffd52ac: db '0000000000000000',0x00,0x00,0x00,0x00 -ref_fffd5854: +ref_fffd52c0: db ' ',0x00,0x00,0x00,0x00 -ref_fffd5868: +ref_fffd52d4: db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ',0x00,0x00,0x00,0x00 -ref_fffd5890: +ref_fffd52fc: dd 0x00000001 dd 0x00000002 dd 0x00000004 @@ -71369,14 +71044,36 @@ dd 0x00000020 dd 0x00000040 dd 0x00000000 -ref_fffd58b0: +ref_fffd531c: db ' +-#0!^',0x00 -ref_fffd58b8: -dd 0x283c7800 -dd 0x9066141e - -ref_fffd58c0: +ref_fffd5324: +dd loc_fffb955b +dd loc_fffb9556 +dd loc_fffb957c +dd loc_fffb956f +dd loc_fffb95b8 +dd loc_fffb959a +dd loc_fffb95ed +dd loc_fffb9603 +dd loc_fffb965c +dd loc_fffb9642 +dd loc_fffb9675 +dd loc_fffb96bd + +ref_fffd5354: +dd loc_fffb9987 +dd loc_fffb98c4 +dd loc_fffb9802 +dd loc_fffb98c4 +dd loc_fffb9949 +dd loc_fffb98c4 +dd loc_fffb99ae +dd loc_fffb9998 +dd loc_fffb9949 +dd loc_fffb97e3 + +ref_fffd537c: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -71384,44 +71081,25 @@ dd 0x00000001 dd 0x00000000 dd 0x00000001 -ref_fffd58d8: +ref_fffd5394: dd 0x01010101 dd 0x00010101 -ref_fffd58e0: +ref_fffd539c: dd 0xfb0af600 dd 0x000ff105 -ref_fffd58e8: +ref_fffd53a4: dd 0x00aaaaaa dd 0x00cccccc dd 0x00f0f0f0 -ref_fffd58f4: +ref_fffd53b0: dd 0x00a10ca1 dd 0x00ef0d08 dd 0x00ad0a1e -ref_fffd5900: -dd 0x05000500 -dd 0x00000000 -dd 0x00000000 - -ref_fffd590c: -dd 0x08c009b0 -dd 0x00000000 -dd 0x00000000 - -ref_fffd5918: -dd loc_fffbf5bb -dd loc_fffbf620 -dd loc_fffbf92d -dd loc_fffbf92d -dd loc_fffbf685 -dd loc_fffbf787 -dd loc_fffbf8aa - -ref_fffd5934: +ref_fffd53bc: dd 0x00000006 dd 0x00000002 dd 0x00000001 @@ -71430,7 +71108,7 @@ dd 0x00000002 dd 0x00000001 dd 0x00000000 -ref_fffd5950: +ref_fffd53d8: dd 0x00000000 dd 0x00000001 dd 0x00000002 @@ -71439,7 +71117,7 @@ dd 0x00000001 dd 0x00000002 dd 0x00000003 -ref_fffd596c: +ref_fffd53f4: dd 0x00000000 dd 0xfffffffa dd 0xfffffff4 @@ -71448,18 +71126,37 @@ dd 0x00000006 dd 0x0000000c dd 0x00000012 -ref_fffd5988: -dd loc_fffc31e7 -dd loc_fffc3222 -dd loc_fffc3219 -dd loc_fffc3210 -dd loc_fffc3207 -dd loc_fffc31fe -dd loc_fffc31f0 -dd loc_fffc3234 -dd loc_fffc322b - -ref_fffd59ac: +ref_fffd5410: +dd 0x05000500 +dd 0x00000000 +dd 0x00000000 + +ref_fffd541c: +dd 0x08c009b0 +dd 0x00000000 +dd 0x00000000 + +ref_fffd5428: +dd loc_fffc1e31 +dd loc_fffc1e96 +dd loc_fffc21a3 +dd loc_fffc21a3 +dd loc_fffc1efb +dd loc_fffc1ffd +dd loc_fffc2120 + +ref_fffd5444: +dd loc_fffc30dc +dd loc_fffc3117 +dd loc_fffc310e +dd loc_fffc3105 +dd loc_fffc30fc +dd loc_fffc30f3 +dd loc_fffc30e5 +dd loc_fffc3129 +dd loc_fffc3120 + +ref_fffd5468: dd 0x00000020 dd 0x00000040 dd 0x00000080 @@ -71469,162 +71166,83 @@ dd 0x00000400 dd 0x00000800 dd 0x00001000 -ref_fffd59cc: -dd loc_fffc35d2 -dd loc_fffc35de -dd loc_fffc35ef -dd loc_fffc35fb -dd loc_fffc3607 - -ref_fffd59e0: -dd loc_fffc3c31 -dd loc_fffc3d79 -dd loc_fffc3c42 -dd loc_fffc3c4a -dd loc_fffc3c55 +ref_fffd5488: +dd loc_fffc34c7 +dd loc_fffc34d3 +dd loc_fffc34e4 +dd loc_fffc34f0 +dd loc_fffc34fc + +ref_fffd549c: +dd loc_fffc3b26 +dd loc_fffc3c6e +dd loc_fffc3b37 +dd loc_fffc3b3f +dd loc_fffc3b4a +dd loc_fffc3b55 +dd loc_fffc3b60 +dd loc_fffc3b68 +dd loc_fffc3b73 +dd loc_fffc3b7f +dd loc_fffc3b94 +dd loc_fffc3b87 +dd loc_fffc3ba7 +dd loc_fffc3baf +dd loc_fffc3b9c +dd loc_fffc3bb9 +dd loc_fffc3bc1 +dd loc_fffc3bcc +dd loc_fffc3bd7 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3bdf +dd loc_fffc3be8 +dd loc_fffc3bf0 +dd loc_fffc3bf8 +dd loc_fffc3c03 +dd loc_fffc3c0e +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c3f +dd loc_fffc3c4d dd loc_fffc3c60 -dd loc_fffc3c6b -dd loc_fffc3c73 -dd loc_fffc3c7e -dd loc_fffc3c8a -dd loc_fffc3c9f -dd loc_fffc3c92 -dd loc_fffc3cb2 -dd loc_fffc3cba -dd loc_fffc3ca7 -dd loc_fffc3cc4 -dd loc_fffc3ccc -dd loc_fffc3cd7 -dd loc_fffc3ce2 -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3cea -dd loc_fffc3cf3 -dd loc_fffc3cfb -dd loc_fffc3d03 -dd loc_fffc3d0e -dd loc_fffc3d19 -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d4a -dd loc_fffc3d58 -dd loc_fffc3d6b -dd loc_fffc3dad -dd loc_fffc3d8c -dd loc_fffc3d97 -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3da2 -dd loc_fffc3dad -dd loc_fffc3d66 -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3d81 - -ref_fffd5abc: -dd 0x04030201 -dd 0x06000500 -dd 0x00000700 - -ref_fffd5ac8: -dd 0x08040201 -dd 0x08040201 -dd 0x00000000 - -ref_fffd5ad4: -dd 0x08040201 -dd 0x00000000 -dd 0x08040201 - -ref_fffd5ae0: -dd loc_fffcad86 -dd loc_fffcad8a -dd loc_fffcad8e -dd loc_fffcada0 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadab -dd loc_fffcadb2 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadab - -ref_fffd5b20: -dd 0x08c009b0 -dd 0x08c009b0 -dd 0x00000000 - -ref_fffd5b2c: -dd 0x08c009b0 -dd 0x00000000 -dd 0x90660000 - -ref_fffd5b38: -dd loc_fffcca6b -dd loc_fffcca76 -dd loc_fffcca87 -dd loc_fffcca98 -dd loc_fffccaa9 -dd loc_fffccb52 -dd loc_fffccbfe -dd loc_fffccfba -dd loc_fffccc18 -dd loc_fffccd45 -dd loc_fffcce72 -dd loc_fffccaba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccbe1 -dd loc_fffccb52 -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccbe1 -dd loc_fffccb52 - -ref_fffd5bc0: +dd loc_fffc3ca2 +dd loc_fffc3c81 +dd loc_fffc3c8c +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3c97 +dd loc_fffc3ca2 +dd loc_fffc3c5b +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3c76 + +ref_fffd5578: dd 0x02010201 dd 0x02010201 dd 0x03030303 dd 0x00000000 -ref_fffd5bd0: +ref_fffd5588: dd 0x040f0f0f dd 0x010f030f dd 0x0f0f0f0f dd 0x000f0205 -ref_fffd5be0: +ref_fffd5598: dd 0x32320101 dd 0x20101010 dd 0x23232320 @@ -71638,204 +71256,207 @@ dd 0x00000020 dd 0x00000000 dd 0x00000000 -ref_fffd5c10: -dd fcn_fffb7458 +ref_fffd55c8: +dd fcn_fffb7ecd dd 0x0000dd1b dd 0xff320000 -dd fcn_fffc3896 +dd fcn_fffc378b dd 0x0001dd1c dd 0xff3e0000 -dd fcn_fffc3bcc +dd fcn_fffc3ac1 dd 0x0004dd1e dd 0xff3f0000 -dd fcn_fffa95c3 +dd fcn_fffac0c5 dd 0x0005dd1f dd 0xff3f0000 -dd fcn_fffa97db +dd fcn_fffac2dd dd 0x0003dd20 dd 0xff310000 -dd fcn_fffc3b2d +dd fcn_fffc3a22 dd 0x0006dd21 dd 0xff3f0000 -dd fcn_fffa87ee +dd fcn_fffab2f0 dd 0x0007dd22 dd 0xff3f0000 -dd fcn_fffa2b14 +dd fcn_fffa2b43 dd 0x0008dd23 dd 0xff3f0000 -dd fcn_fffd20cb +dd fcn_fffd23bd dd 0x0009dd24 dd 0xff3f0000 -dd fcn_fffc82f4 +dd fcn_fffc9f5d dd 0x000add26 dd 0xff310000 -dd fcn_fffab126 +dd fcn_fffa91a0 dd 0x000bdd27 dd 0xff330000 -dd fcn_fffc9652 +dd fcn_fffc775d dd 0x000fdd29 dd 0xff310000 -dd fcn_fffb9c9b +dd fcn_fffb9c7d dd 0x000ddd28 dd 0xff310000 -dd fcn_fffb1d2f +dd fcn_fffae06f dd 0x000edd25 dd 0xff310000 -dd fcn_fffb28b2 +dd fcn_fffaec3c dd 0x0011dd2b dd 0xff310000 -dd fcn_fffbcdcd +dd fcn_fffbcdaf dd 0x0010dd2a dd 0xff310000 -dd fcn_fffbba04 +dd fcn_fffbb9e6 dd 0x0012dd2c dd 0xff310000 -dd fcn_fffbd7ac +dd fcn_fffbd78e dd 0x0014dd2e dd 0xff310000 -dd fcn_fffbd7cc +dd fcn_fffbd7ae dd 0x0015dd2f dd 0xff310000 -dd fcn_fffb16ef +dd fcn_fffada2f dd 0x0016dd4a dd 0xff310000 -dd fcn_fffc40aa +dd fcn_fffc556f dd 0x0024dd3a dd 0xff310000 -dd fcn_fffaf0ee +dd fcn_fffa8788 dd 0x0038dd3d dd 0xff310000 -dd fcn_fffc57e4 +dd fcn_fffc5e42 dd 0x0027dd3e dd 0xff310000 -dd fcn_fffb947c +dd fcn_fffb757f dd 0x0021dd49 dd 0xff310000 -dd fcn_fffcbd3d +dd fcn_fffcc6a5 dd 0x0017dd46 dd 0xff310000 -dd fcn_fffd07ac +dd fcn_fffd0a5f dd 0x0018dd30 dd 0xff310000 -dd fcn_fffcbfee +dd fcn_fffcc956 dd 0x0019dd30 dd 0xff310000 -dd fcn_fffcc49b +dd fcn_fffcce03 dd 0x001add32 dd 0xff310000 -dd fcn_fffbf115 +dd fcn_fffc198b dd 0x001cdd33 dd 0xff310000 -dd fcn_fffcbdde +dd fcn_fffcc746 dd 0x001ddd35 dd 0xff310000 -dd fcn_fffcc12a +dd fcn_fffcca92 dd 0x001bdd45 dd 0xff310000 -dd fcn_fffbdbe7 +dd fcn_fffcc5b3 dd 0x001fdd37 dd 0xff310000 -dd fcn_fffbdaf2 +dd fcn_fffc0455 dd 0x001edd36 dd 0xff310000 -dd fcn_fffcc1ee +dd fcn_fffccb56 dd 0x0028dd4b dd 0xff310000 -dd fcn_fffcc30a +dd fcn_fffccc72 dd 0x0029dd4c dd 0xff310000 -dd fcn_fffb4484 +dd fcn_fffb4517 dd 0x0020dd41 dd 0xff310000 -dd fcn_fffaf0ee +dd fcn_fffacbf4 +dd 0x0006dd21 +dd 0xff310000 +dd fcn_fffa8788 dd 0x0038dd3d dd 0xff310000 -dd fcn_fffc57e4 +dd fcn_fffc5e42 dd 0x0027dd3e dd 0xff310000 -dd fcn_fffc40aa +dd fcn_fffc556f dd 0x0024dd3a dd 0xff310000 -dd fcn_fffbdcd9 +dd fcn_fffc054a dd 0x0025dd3b dd 0xff310000 -dd fcn_fffc242d +dd fcn_fffc0408 dd 0x0026dd3c dd 0xff310000 -dd fcn_fffca881 +dd fcn_fffc8a1c dd 0x0022dd38 dd 0xff310000 -dd fcn_fffca8fc +dd fcn_fffc8a97 dd 0x0023dd39 dd 0xff310000 -dd fcn_fffbd7ec +dd fcn_fffbd7ce dd 0x002fdd47 dd 0xff310000 -dd fcn_fffced30 +dd fcn_fffc51d8 dd 0x002ddd3f dd 0xff310000 -dd fcn_fffceafd +dd fcn_fffc4fa5 dd 0x002edd40 dd 0xff310000 -dd fcn_fffcfef1 +dd fcn_fffd017f dd 0x0043dd58 dd 0x01310000 -dd fcn_fffbea2f +dd fcn_fffc12a0 dd 0x0031dd44 dd 0xff310000 -dd fcn_fffb947c +dd fcn_fffb757f dd 0x0021dd49 dd 0xff310000 -dd fcn_fffa7654 +dd fcn_fffa7602 dd 0x0045dd48 dd 0xff310000 -dd fcn_fffae645 +dd fcn_fffc7732 dd 0x0030dd42 dd 0xff310000 -dd fcn_fffa5ce0 +dd fcn_fffc76e5 dd 0x0044dd7f dd 0xff310000 -dd fcn_fffb5bed +dd fcn_fffb4e8f dd 0x0039dd50 dd 0xff310000 -dd fcn_fffa5d08 +dd fcn_fffc770d dd 0x0030dd42 dd 0xff310000 -dd fcn_fffb847a +dd fcn_fffb657d dd 0x0030dd42 dd 0xff310000 -dd fcn_fffa5cb5 +dd fcn_fffc76ba dd 0x0033dd43 dd 0xff3e0000 -dd fcn_fffc82f4 +dd fcn_fffc9f5d dd 0x000add26 dd 0xff320000 -dd fcn_fffa5ce0 +dd fcn_fffc76e5 dd 0x0044dd7f dd 0xff360000 -dd fcn_fffa5c93 +dd fcn_fffc7698 dd 0x0033dd43 dd 0xff3e0000 -dd fcn_fffaf601 +dd fcn_fffa8c9b dd 0x003add51 dd 0xff3f0000 -dd fcn_fffb1ff0 +dd fcn_fffae330 dd 0x0034dd70 dd 0xff3c0000 -dd fcn_fffc3f08 +dd fcn_fffc53cd dd 0x0035dd71 dd 0xff3e0000 -dd fcn_fffaf377 +dd fcn_fffa8a11 dd 0x0036dd5b dd 0xff310000 -dd fcn_fffaad1c +dd fcn_fffad3f0 dd 0x0037dd5c dd 0xff330000 -dd fcn_fffae7f6 +dd fcn_fffb352d dd 0x003bdd5d dd 0xff3f0000 -ref_fffd5f1c: +ref_fffd58e0: dd 0x00030104 dd 0x00050200 dd 0x04000000 @@ -71846,115 +71467,722 @@ dd 0x00000000 dd 0x00000000 dd 0x90660200 -ref_fffd5f40: +ref_fffd5904: +dd 0x003c0000 +dd 0x48004806 +dd 0x004c0600 +dd 0x5002004c +dd 0x04005000 +dd 0x00540054 +dd 0x58005806 +dd 0x005c0400 +dd 0x6006005c +dd 0x06006000 +dd 0x00640064 +dd 0x60006002 +dd 0x00640700 +dd 0x68030064 +dd 0x06006800 +dd 0x0070006c +dd 0x78007407 +dd 0x00740600 +dd 0x7c070074 +dd 0x04008c00 +dd 0x00800080 +dd 0x3c010005 +dd 0x01480601 +dd 0x4c060148 +dd 0x02014c01 +dd 0x01500150 +dd 0x54015404 +dd 0x01580601 +dd 0x5c040158 +dd 0x06015c01 +dd 0x01600160 +dd 0x64016406 +dd 0x01600201 +dd 0x64070160 +dd 0x03016401 +dd 0x01680168 +dd 0x70016c06 +dd 0x01740701 +dd 0x74060178 +dd 0x07017401 +dd 0x018c017c +dd 0x80018004 +dd 0x02000501 +dd 0x4806023c +dd 0x06024802 +dd 0x024c024c +dd 0x50025002 +dd 0x02540402 +dd 0x58060254 +dd 0x04025802 +dd 0x025c025c +dd 0x60026006 +dd 0x02640602 +dd 0x60020264 +dd 0x07026002 +dd 0x02640264 +dd 0x68026803 +dd 0x026c0602 +dd 0x74070270 +dd 0x06027802 +dd 0x02740274 +dd 0x8c027c07 +dd 0x02800402 +dd 0x00050280 +dd 0x06033c03 +dd 0x03480348 +dd 0x4c034c06 +dd 0x03500203 +dd 0x54040350 +dd 0x06035403 +dd 0x03580358 +dd 0x5c035c04 +dd 0x03600603 +dd 0x64060360 +dd 0x02036403 +dd 0x03600360 +dd 0x64036407 +dd 0x03680303 +dd 0x6c060368 +dd 0x07037003 +dd 0x03780374 +dd 0x74037406 +dd 0x037c0703 +dd 0x8004038c +dd 0x05038003 +dd 0x043c0400 +dd 0x48044806 +dd 0x044c0604 +dd 0x5002044c +dd 0x04045004 +dd 0x04540454 +dd 0x58045806 +dd 0x045c0404 +dd 0x6006045c +dd 0x06046004 +dd 0x04640464 +dd 0x60046002 +dd 0x04640704 +dd 0x68030464 +dd 0x06046804 +dd 0x0470046c +dd 0x78047407 +dd 0x04740604 +dd 0x7c070474 +dd 0x04048c04 +dd 0x04800480 +dd 0x3c050005 +dd 0x05480605 +dd 0x4c060548 +dd 0x02054c05 +dd 0x05500550 +dd 0x54055404 +dd 0x05580605 +dd 0x5c040558 +dd 0x06055c05 +dd 0x05600560 +dd 0x64056406 +dd 0x05600205 +dd 0x64070560 +dd 0x03056405 +dd 0x05680568 +dd 0x70056c06 +dd 0x05740705 +dd 0x74060578 +dd 0x07057405 +dd 0x058c057c +dd 0x80058004 +dd 0x06000505 +dd 0x4806063c +dd 0x06064806 +dd 0x064c064c +dd 0x50065002 +dd 0x06540406 +dd 0x58060654 +dd 0x04065806 +dd 0x065c065c +dd 0x60066006 +dd 0x06640606 +dd 0x60020664 +dd 0x07066006 +dd 0x06640664 +dd 0x68066803 +dd 0x066c0606 +dd 0x74070670 +dd 0x06067806 +dd 0x06740674 +dd 0x8c067c07 +dd 0x06800406 +dd 0x00050680 +dd 0x06073c07 +dd 0x07480748 +dd 0x4c074c06 +dd 0x07500207 +dd 0x54040750 +dd 0x06075407 +dd 0x07580758 +dd 0x5c075c04 +dd 0x07600607 +dd 0x64060760 +dd 0x02076407 +dd 0x07600760 +dd 0x64076407 +dd 0x07680307 +dd 0x6c060768 +dd 0x07077007 +dd 0x07780774 +dd 0x74077406 +dd 0x077c0707 +dd 0x8004078c +dd 0x05078007 +dd 0x083c0800 +dd 0x48084806 +dd 0x084c0608 +dd 0x5002084c +dd 0x04085008 +dd 0x08540854 +dd 0x58085806 +dd 0x085c0408 +dd 0x6006085c +dd 0x06086008 +dd 0x08640864 +dd 0x60086002 +dd 0x08640708 +dd 0x68030864 +dd 0x06086808 +dd 0x0870086c +dd 0x78087407 +dd 0x08740608 +dd 0x7c070874 +dd 0x04088c08 +dd 0x08800880 +dd 0x3c090005 +dd 0x09480609 +dd 0x4c060948 +dd 0x02094c09 +dd 0x09500950 +dd 0x54095404 +dd 0x09580609 +dd 0x5c040958 +dd 0x06095c09 +dd 0x09600960 +dd 0x64096406 +dd 0x09600209 +dd 0x64070960 +dd 0x03096409 +dd 0x09680968 +dd 0x70096c06 +dd 0x09740709 +dd 0x74060978 +dd 0x07097409 +dd 0x098c097c +dd 0x80098004 +dd 0x0a000509 +dd 0x48060a3c +dd 0x060a480a +dd 0x0a4c0a4c +dd 0x500a5002 +dd 0x0a54040a +dd 0x58060a54 +dd 0x040a580a +dd 0x0a5c0a5c +dd 0x600a6006 +dd 0x0a64060a +dd 0x60020a64 +dd 0x070a600a +dd 0x0a640a64 +dd 0x680a6803 +dd 0x0a6c060a +dd 0x74070a70 +dd 0x060a780a +dd 0x0a740a74 +dd 0x8c0a7c07 +dd 0x0a80040a +dd 0x00050a80 +dd 0x060b3c0b +dd 0x0b480b48 +dd 0x4c0b4c06 +dd 0x0b50020b +dd 0x54040b50 +dd 0x060b540b +dd 0x0b580b58 +dd 0x5c0b5c04 +dd 0x0b60060b +dd 0x64060b60 +dd 0x020b640b +dd 0x0b600b60 +dd 0x640b6407 +dd 0x0b68030b +dd 0x6c060b68 +dd 0x070b700b +dd 0x0b780b74 +dd 0x740b7406 +dd 0x0b7c070b +dd 0x80040b8c +dd 0x050b800b +dd 0x0c3c0c00 +dd 0x480c4806 +dd 0x0c4c060c +dd 0x50020c4c +dd 0x040c500c +dd 0x0c540c54 +dd 0x580c5806 +dd 0x0c5c040c +dd 0x60060c5c +dd 0x060c600c +dd 0x0c640c64 +dd 0x600c6002 +dd 0x0c64070c +dd 0x68030c64 +dd 0x060c680c +dd 0x0c700c6c +dd 0x780c7407 +dd 0x0c74060c +dd 0x7c070c74 +dd 0x040c8c0c +dd 0x0c800c80 +dd 0x3c0d0005 +dd 0x0d48060d +dd 0x4c060d48 +dd 0x020d4c0d +dd 0x0d500d50 +dd 0x540d5404 +dd 0x0d58060d +dd 0x5c040d58 +dd 0x060d5c0d +dd 0x0d600d60 +dd 0x640d6406 +dd 0x0d60020d +dd 0x64070d60 +dd 0x030d640d +dd 0x0d680d68 +dd 0x700d6c06 +dd 0x0d74070d +dd 0x74060d78 +dd 0x070d740d +dd 0x0d8c0d7c +dd 0x800d8004 +dd 0x0e00050d +dd 0x48060e3c +dd 0x060e480e +dd 0x0e4c0e4c +dd 0x500e5002 +dd 0x0e54040e +dd 0x58060e54 +dd 0x040e580e +dd 0x0e5c0e5c +dd 0x600e6006 +dd 0x0e64060e +dd 0x60020e64 +dd 0x070e600e +dd 0x0e640e64 +dd 0x680e6803 +dd 0x0e6c060e +dd 0x74070e70 +dd 0x060e780e +dd 0x0e740e74 +dd 0x8c0e7c07 +dd 0x0e80040e +dd 0x00050e80 +dd 0x060f3c0f +dd 0x0f480f48 +dd 0x4c0f4c06 +dd 0x0f50020f +dd 0x54040f50 +dd 0x060f540f +dd 0x0f580f58 +dd 0x5c0f5c04 +dd 0x0f60060f +dd 0x64060f60 +dd 0x020f640f +dd 0x0f600f60 +dd 0x640f6407 +dd 0x0f68030f +dd 0x6c060f68 +dd 0x070f700f +dd 0x0f780f74 +dd 0x740f7406 +dd 0x0f7c070f +dd 0x80040f8c +dd 0x050f800f +dd 0x0f840f84 +dd 0x3c100005 +dd 0x10480610 +dd 0x4c061048 +dd 0x02104c10 +dd 0x10501050 +dd 0x54105404 +dd 0x10580610 +dd 0x5c041058 +dd 0x06105c10 +dd 0x10601060 +dd 0x64106406 +dd 0x10600210 +dd 0x64071060 +dd 0x03106410 +dd 0x10681068 +dd 0x70106c06 +dd 0x10740710 +dd 0x74061078 +dd 0x07107410 +dd 0x108c107c +dd 0x80108004 +dd 0x11000510 +dd 0x4806113c +dd 0x06114811 +dd 0x114c114c +dd 0x50115002 +dd 0x11540411 +dd 0x58061154 +dd 0x04115811 +dd 0x115c115c +dd 0x60116006 +dd 0x11640611 +dd 0x60021164 +dd 0x07116011 +dd 0x11641164 +dd 0x68116803 +dd 0x116c0611 +dd 0x74071170 +dd 0x06117811 +dd 0x11741174 +dd 0x8c117c07 +dd 0x11800411 +dd 0x04051180 +dd 0x06120812 +dd 0x121c1214 +dd 0x20122006 +dd 0x13040412 +dd 0x14061308 +dd 0x06131c13 +dd 0x13201320 +dd 0x0c140404 +dd 0x15040614 +dd 0x0006150c +dd 0x04180018 +dd 0x18101808 +dd 0x18181806 +dd 0x18200418 +dd 0x00041820 +dd 0x04190019 +dd 0x19101908 +dd 0x18191806 +dd 0x19200419 +dd 0x04041920 +dd 0x061a0c1a +dd 0x1b0c1b04 +dd 0x1c1c1406 +dd 0x1c20061c +dd 0x14041c20 +dd 0x061d1c1d +dd 0x1d201d20 +dd 0x04200004 +dd 0x20080720 +dd 0xb8062008 +dd 0x022bb82b +dd 0x36783678 +dd 0x283a0004 +dd 0x3a2c063a +dd 0x30043a2c +dd 0x043a343a +dd 0x40044000 +dd 0x04400406 +dd 0x40080740 +dd 0x1006400c +dd 0x07401440 +dd 0x40184018 +dd 0x20402005 +dd 0x40240740 +dd 0x2c064028 +dd 0x04403840 +dd 0x40ac40a4 +dd 0xcc40b404 +dd 0x40d00440 +dd 0xd40640d0 +dd 0x0440d440 +dd 0x42104210 +dd 0x24422004 +dd 0x42280642 +dd 0x8c044244 +dd 0x04429042 +dd 0x42944294 +dd 0x98429806 +dd 0x429c0442 +dd 0xa006429c +dd 0x0742a042 +dd 0x42ac42a4 +dd 0xe842e405 +dd 0x42ec0542 +dd 0x280742fc +dd 0x07432843 +dd 0x43744340 +dd 0x90438c05 +dd 0x44000643 +dd 0x04064404 +dd 0x07440444 +dd 0x440c4408 +dd 0x14441006 +dd 0x44180744 +dd 0x20054418 +dd 0x07442044 +dd 0x44284424 +dd 0x38442c06 +dd 0x44a40444 +dd 0xb40444ac +dd 0x0444cc44 +dd 0x44d044d0 +dd 0xd444d406 +dd 0x46100444 +dd 0x20044610 +dd 0x06462446 +dd 0x46444628 +dd 0x90468c04 +dd 0x46940446 +dd 0x98064694 +dd 0x04469846 +dd 0x469c469c +dd 0xa046a006 +dd 0x46a40746 +dd 0xe40546ac +dd 0x0546e846 +dd 0x46fc46ec +dd 0x28472807 +dd 0x47400747 +dd 0x8c054774 +dd 0x06479047 +dd 0x48c048a8 +dd 0xf448d802 +dd 0x49080248 +dd 0x6802491c +dd 0x04496849 +dd 0x498c4980 +dd 0x444e3802 +dd 0x5000024e +dd 0x04065000 +dd 0x07500850 +dd 0x5018500c +dd 0x1c501c06 +dd 0x50200750 +dd 0x38065034 +dd 0x02503c50 +dd 0x50585040 +dd 0x5c505c06 +dd 0x50600250 +dd 0x64075060 +dd 0x02507c50 +dd 0x50845080 +dd 0x8c508806 +dd 0x50900250 +dd 0x98065094 +dd 0x02509c50 +dd 0x50a450a0 +dd 0xac50a806 +dd 0x50b00250 +dd 0xd00650cc +dd 0x0250dc50 +dd 0x58805880 +dd 0x88588407 +dd 0x588c0758 +dd 0x9005588c +dd 0x07589c58 +dd 0x58a458a4 +dd 0xdc58d006 +dd 0x58e00758 +dd 0xb80758e4 +dd 0x0759b859 + +ref_fffd6138: +dd 0x08040201 +dd 0x08040201 +dd 0x00000000 + +ref_fffd6144: +dd 0x08040201 +dd 0x00000000 +dd 0x08040201 + +ref_fffd6150: +dd 0x04030201 +dd 0x06000500 +dd 0x00000700 + +ref_fffd615c: +dd loc_fffcb5fc +dd loc_fffcb600 +dd loc_fffcb604 +dd loc_fffcb616 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb621 +dd loc_fffcb628 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb621 + +ref_fffd619c: +dd 0x08c009b0 +dd 0x08c009b0 +dd 0x00000000 + +ref_fffd61a8: +dd 0x08c009b0 +dd 0x00000000 +dd 0x90660000 + +ref_fffd61b4: +dd loc_fffcd3d3 +dd loc_fffcd3de +dd loc_fffcd3ef +dd loc_fffcd400 +dd loc_fffcd411 +dd loc_fffcd4ba +dd loc_fffcd566 +dd loc_fffcd922 +dd loc_fffcd580 +dd loc_fffcd6ad +dd loc_fffcd7da +dd loc_fffcd422 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd549 +dd loc_fffcd4ba +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd549 +dd loc_fffcd4ba + +ref_fffd623c: dd 0x0bb80bb8 dd 0x00000000 db 0x00 db 0x00 -ref_fffd5f4a: +ref_fffd6246: db 'Invalid PEI data version, %d != %d',0x0a,0x00 -ref_fffd5f6e: +ref_fffd626a: db 'MRC: S3 Resume',0x0a,0x00 -ref_fffd5f7e: +ref_fffd627a: db 'Initializing Policy',0x0a,0x00 -ref_fffd5f93: +ref_fffd628f: db 'Installing common PPI',0x0a,0x00 -ref_fffd5faa: +ref_fffd62a6: db 'Initializing Memory',0x0a,0x00 -ref_fffd5fbf: +ref_fffd62bb: db 'MRC: Done.',0x0a,0x00 -ref_fffd5fcb: +ref_fffd62c7: db 'MRC: Starting...',0x0a,0x00 -ref_fffd5fdd: +ref_fffd62d9: db '%s:%d pool cookie corrupted...',0x0a,0x00 -ref_fffd5ffd: +ref_fffd62f9: db '%s:%d failed to allocate %d bytes...',0x0a,0x00 -ref_fffd6023: +ref_fffd631f: db 'hljztL',0x00 -ref_fffd602a: +ref_fffd6326: db '(null)',0x00,0x00,0x00,0x00 -ref_fffd6034: +ref_fffd6330: dd 0xe6af1f7b dd 0x46dafc3f dd 0xb4a328a8 dd 0x8242a457 -ref_fffd6044: +ref_fffd6340: dd 0x00000000 -dd fcn_fffb4a3c +dd fcn_fffb9485 -ref_fffd604c: +ref_fffd6348: dd 0x1f4c6f90 dd 0x48d8b06b dd 0xe5ba01a2 dd 0x567dcdf1 -ref_fffd605c: +; FIXME: fix up for a PPI +ref_fffd6358: db 0x01 -dd fcn_fffb3f4b -dd fcn_fffb878b -dd fcn_fffc5590 -dd fcn_fffb8736 +dd fcn_fffb915b +dd fcn_fffb688e +dd fcn_fffc5bee +dd fcn_fffb6839 db 0x00, 0x00, 0x00 -ref_fffd6070: +ref_fffd636c: dd 0x794a0deb dd 0x4e7bc971 dd 0xbfd0f28a dd 0x9826ca3c -ref_fffd6080: +ref_fffd637c: dd 0x80000010 -dd ref_fffd6034 +dd ref_fffd6330 dd 0x00000000 -ref_fffd608c: -dd fcn_fffb7600 -dd fcn_fffc9574 -dd fcn_fffb6fd2 -dd fcn_fffb6f06 -dd fcn_fffab024 -dd fcn_fffb3f19 -dd fcn_fffaafcb -dd fcn_fffaafb4 -dd fcn_fffab02d -dd fcn_fffb3f35 -dd fcn_fffaafe6 -dd fcn_fffaafbd -dd fcn_fffb3d44 -dd fcn_fffb3d11 -dd fcn_fffb3d75 -dd fcn_fffb3dcd -dd fcn_fffb3da6 -dd fcn_fffb3d2e -dd fcn_fffb3d91 -dd fcn_fffcc4b8 - -ref_fffd60dc: +ref_fffd6388: +dd fcn_fffb456f +dd fcn_fffc74fd +dd fcn_fffb61a8 +dd fcn_fffb6275 +dd fcn_fffb4038 +dd fcn_fffb00aa +dd fcn_fffb00e5 +dd fcn_fffb0092 +dd fcn_fffb0197 +dd fcn_fffb00c6 +dd fcn_fffb406a +dd fcn_fffb009b +dd fcn_fffb3e63 +dd fcn_fffb3e54 +dd fcn_fffb3feb +dd fcn_fffb4029 +dd fcn_fffb3e3c +dd fcn_fffb3fae +dd fcn_fffb4007 +dd fcn_fffcce20 + +ref_fffd63d8: dd 0x98191174 dd 0x41060b26 dd 0x45d002af dd 0x2b05e851 -ref_fffd60ec: +ref_fffd63e8: dd 0xaf4a1998 dd 0x45454949 dd 0xe7c14c9c dd 0x56e042c0 -ref_fffd60fc: +ref_fffd63f8: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -71962,7 +72190,7 @@ dd 0x32163148 dd 0x3250314c dd 0x76543150 -ref_fffd6114: +ref_fffd6410: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -71976,7 +72204,7 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_fffd6144: +ref_fffd6440: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -71987,7 +72215,7 @@ dd 0x00063158 dd 0x55443164 dd 0x00073168 -ref_fffd6168: +ref_fffd6464: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -71999,10 +72227,10 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_fffd6190: +ref_fffd648c: dd 0xa6a4a2a0 -ref_fffd6194: +ref_fffd6490: dd 0x422b8086 dd 0x02ffffff dd 0x00000001 @@ -72256,89 +72484,89 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_fffd6584: +ref_fffd6880: dd 0x50031131 dd 0x43ef4f24 dd 0x3773afb7 dd 0xac0ef794 -ref_fffd6594: +ref_fffd6890: dd 0x80000010 -dd ref_fffd604c -dd ref_fffd6044 +dd ref_fffd6348 +dd ref_fffd6340 -ref_fffd65a0: +ref_fffd689c: dd 0x433e0f9f dd 0x410a05ae dd 0x29bfc3a0 dd 0xac25cb8e -ref_fffd65b0: +ref_fffd68ac: dd 0xf894643d dd 0x42d1c449 dd 0xbd85a88e dd 0xde5bc6d8 -ref_fffd65c0: +ref_fffd68bc: dd 0xf8d5438e dd 0x481d26e1 dd 0xd6303cb6 dd 0x20a4f4ef -ref_fffd65d0: +ref_fffd68cc: dd 0x4c10d934 dd 0x45a438e6 dd 0x792a249a dd 0x7fcb3db9 -ref_fffd65e0: +ref_fffd68dc: dd 0x80000010 -dd ref_fffd6070 -dd ref_fffd605c +dd ref_fffd636c +dd ref_fffd6358 -ref_fffd65ec: +ref_fffd68e8: dd 0x3d0e663a dd 0x4489dc72 dd 0x9ee4c587 dd 0x52a473e7 -ref_fffd65fc: +ref_fffd68f8: dd 0x3e14d361 dd 0x42e4c7d7 dd 0xebb907ae dd 0x2aed9648 -ref_fffd660c: +ref_fffd6908: dd 0x87f22dcb dd 0x41057304 dd 0x71317cbb dd 0x3bc2cc43 -ref_fffd661c: +ref_fffd6918: dd 0x573eaf99 dd 0x46b5f445 dd 0x4abcd5a5 dd 0xf3983593 -ref_fffd662c: +ref_fffd6928: dd 0x9ca93627 dd 0x4324b65b dd 0xb4c002a2 dd 0x43457661 -ref_fffd663c: +ref_fffd6938: dd 0x17865dc0 dd 0x4da80b8b dd 0x467c428b dd 0x4dca5cb8 -ref_fffd664c: +ref_fffd6948: dd 0xf38d1338 dd 0x4fb6af7a dd 0x9c1adb91 dd 0x0d578321 -ref_fffd665c: +ref_fffd6958: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -72352,7 +72580,7 @@ dd 0x00000155 dd 0x00000155 dd 0x00000001 -ref_fffd668c: +ref_fffd6988: dd 0x1e94f097 dd 0x40895acd dd 0xa5b9e3b2 |