From 912a5d9d164e013fbd28d9e7ce70f3ed2578ed6d Mon Sep 17 00:00:00 2001 From: Iru Cai Date: Tue, 29 Dec 2020 20:59:48 +0800 Subject: bdw: use librem mrc and refcode --- src/soc/intel/broadwell/refcode/broadwell_mrc.asm | 100770 +++++++++--------- .../intel/broadwell/refcode/broadwell_refcode.asm | 30879 +++--- 2 files changed, 65966 insertions(+), 65683 deletions(-) diff --git a/src/soc/intel/broadwell/refcode/broadwell_mrc.asm b/src/soc/intel/broadwell/refcode/broadwell_mrc.asm index 993424d67f..919d6e031a 100644 --- a/src/soc/intel/broadwell/refcode/broadwell_mrc.asm +++ b/src/soc/intel/broadwell/refcode/broadwell_mrc.asm @@ -1,10 +1,11 @@ ;; Generated with r2dumpbin (https://github.com/mytbk/r2dumpbin) ;; f va @ 0xfffa0000 -;; f fcn1 @ 0xfffa87da -;; f fcn2 @ 0xfffb7579 -;; f fcn3 @ 0xfffab07d -;; f fcn4 @ 0xfffb742b -;; f fcn5 @ 0xfffb7458 +;; f fcn1 @ 0xfffb00f4 +;; f fcn2 @ 0xfffb7fee +;; f fcn3 @ 0xfffb014c +;; f fcn4 @ 0xfffb7ea0 +;; f fcn5 @ 0xfffb7ecd +;; f fcn6 @ 0xfffd2c4f bits 32 extern mrc_printk @@ -44,11 +45,11 @@ je short loc_fffa0050 ; je 0xfffa0050 push edx push 0x16 push eax -push ref_fffd5f4a ; push 0xfffd5f4a -call mrc_printk ; call 0xfffb76e3 +push ref_fffd6246 ; push 0xfffd6246 +call mrc_printk ; call 0xfffb8212 add esp, 0x10 or eax, 0xffffffff -jmp near loc_fffa1e87 ; jmp 0xfffa1e87 +jmp near loc_fffa1e90 ; jmp 0xfffa1e90 loc_fffa0050: mov eax, dword [ebp + 8] @@ -58,7 +59,7 @@ push eax push eax push 0x270 push 0xff7d0004 -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f mov eax, dword [ebp + 8] add esp, 0x10 mov dword [0xff7d0004], 0xfeaddeaf @@ -68,8 +69,8 @@ jne short loc_fffa00af ; jne 0xfffa00af cmp dword [eax + 0x8f6], 0 je short loc_fffa00af ; je 0xfffa00af sub esp, 0xc -push ref_fffd5f6e ; push 0xfffd5f6e -call mrc_printk ; call 0xfffb76e3 +push ref_fffd626a ; push 0xfffd626a +call mrc_printk ; call 0xfffb8212 add esp, 0x10 mov dword [0xff7d0080], 0x11 jmp short loc_fffa00b9 ; jmp 0xfffa00b9 @@ -78,60 +79,60 @@ loc_fffa00af: mov dword [0xff7d0080], 6 loc_fffa00b9: -mov dword [0xff7d008c], ref_fffd65b0 ; mov dword [0xff7d008c], 0xfffd65b0 +mov dword [0xff7d008c], ref_fffd68ac ; mov dword [0xff7d008c], 0xfffd68ac mov dword [0xff7d0178], 1 -mov dword [0xff7d0028], fcn_fffc54ff ; mov dword [0xff7d0028], 0xfffc54ff -mov dword [0xff7d0030], fcn_fffa5c78 ; mov dword [0xff7d0030], 0xfffa5c78 -mov dword [0xff7d0034], fcn_fffa5c69 ; mov dword [0xff7d0034], 0xfffa5c69 -mov dword [0xff7d0038], fcn_fffa87da ; mov dword [0xff7d0038], 0xfffa87da -mov dword [0xff7d003c], fcn_fffb7579 ; mov dword [0xff7d003c], 0xfffb7579 -mov dword [0xff7d002c], fcn_fffab07d ; mov dword [0xff7d002c], 0xfffab07d -mov dword [0xff7d0020], fcn_fffc5451 ; mov dword [0xff7d0020], 0xfffc5451 -mov dword [0xff7d0054], fcn_fffb709f ; mov dword [0xff7d0054], 0xfffb709f -mov dword [0xff7d0058], fcn_fffab11d ; mov dword [0xff7d0058], 0xfffab11d -mov dword [0xff7d007c], fcn_fffa5c62 ; mov dword [0xff7d007c], 0xfffa5c62 +mov dword [0xff7d0028], fcn_fffc5b5d ; mov dword [0xff7d0028], 0xfffc5b5d +mov dword [0xff7d0030], fcn_fffa5cc0 ; mov dword [0xff7d0030], 0xfffa5cc0 +mov dword [0xff7d0034], fcn_fffa5cb1 ; mov dword [0xff7d0034], 0xfffa5cb1 +mov dword [0xff7d0038], fcn_fffb00f4 ; mov dword [0xff7d0038], 0xfffb00f4 +mov dword [0xff7d003c], fcn_fffb7fee ; mov dword [0xff7d003c], 0xfffb7fee +mov dword [0xff7d002c], fcn_fffb014c ; mov dword [0xff7d002c], 0xfffb014c +mov dword [0xff7d0020], fcn_fffc5aaf ; mov dword [0xff7d0020], 0xfffc5aaf +mov dword [0xff7d0054], fcn_fffb6341 ; mov dword [0xff7d0054], 0xfffb6341 +mov dword [0xff7d0058], fcn_fffb01f8 ; mov dword [0xff7d0058], 0xfffb01f8 +mov dword [0xff7d007c], fcn_fffa5caa ; mov dword [0xff7d007c], 0xfffa5caa mov dword [0xff7d0278], 0xff7d0008 mov dword [0xff7d0000], 0xff7d0278 -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0201 ; call 0xfffb0201 sub esp, 0xc mov eax, dword [eax] push 0 call dword [eax + 0x74] ; ucall mov edx, dword [0xff7d0278] add esp, 0x10 -mov dword [edx + 0x60], ref_fffd608c ; mov dword [edx + 0x60], 0xfffd608c +mov dword [edx + 0x60], ref_fffd6388 ; mov dword [edx + 0x60], 0xfffd6388 cmp eax, 0x80000014 je short loc_fffa017b ; je 0xfffa017b sub esp, 0xc -push ref_fffd6080 ; push 0xfffd6080 -call fcn_fffab5db ; call 0xfffab5db +push ref_fffd637c ; push 0xfffd637c +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 loc_fffa017b: sub esp, 0xc -push ref_fffd5f7e ; push 0xfffd5f7e -call mrc_printk ; call 0xfffb76e3 +push ref_fffd627a ; push 0xfffd627a +call mrc_printk ; call 0xfffb8212 mov esi, dword [0xff7d0084] -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff mov dword [esp], 0x5ac mov dword [ebp - 0x2c], eax -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je loc_fffa0efc ; je 0xfffa0efc +je loc_fffa0f05 ; je 0xfffa0f05 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x38], eax test eax, eax -je loc_fffa0efc ; je 0xfffa0efc +je loc_fffa0f05 ; je 0xfffa0f05 mov dword [eax], 0x80000010 xor edi, edi -mov dword [eax + 4], ref_fffd6584 ; mov dword [eax + 4], 0xfffd6584 +mov dword [eax + 4], ref_fffd6880 ; mov dword [eax + 4], 0xfffd6880 mov dword [eax + 8], ebx -mov byte [ebx], 0xb +mov byte [ebx], 0xc mov byte [ebx + 1], 0 mov dword [ebx + 4], 0xfed1c000 mov eax, dword [esi + 0x2a] @@ -164,7 +165,7 @@ or byte [ebx + 0x424], 0x40 mov byte [ebx + 0x43c], 1 loc_fffa0294: -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff cmp eax, 1 je short loc_fffa02a9 ; je 0xfffa02a9 cmp eax, 2 @@ -197,7 +198,7 @@ mov byte [ebx + 0x1a8], 1 loc_fffa02f2: mov dword [ebp - 0x30], edx -call fcn_fffb4984 ; call 0xfffb4984 +call fcn_fffb93ca ; call 0xfffb93ca mov edx, dword [ebp - 0x30] cmp dl, al jae short loc_fffa032a ; jae 0xfffa032a @@ -224,16 +225,16 @@ mov byte [ebx + 0x1a6], 0 mov byte [ebx + 0x1a7], 0 mov byte [ebx + 0x1a9], 1 push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax je short loc_fffa037e ; je 0xfffa037e sub esp, 0xc mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_fffd60ec ; mov dword [eax + 4], 0xfffd60ec -mov dword [eax + 8], ref_fffd6194 ; mov dword [eax + 8], 0xfffd6194 +mov dword [eax + 4], ref_fffd63e8 ; mov dword [eax + 4], 0xfffd63e8 +mov dword [eax + 8], ref_fffd6490 ; mov dword [eax + 8], 0xfffd6490 push eax -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 loc_fffa037e: @@ -241,7 +242,7 @@ mov dword [ebx + 0x1db], 1 xor edi, edi loc_fffa038a: -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff cmp eax, 1 je short loc_fffa03a1 ; je 0xfffa03a1 cmp eax, 2 @@ -301,9 +302,9 @@ mov byte [ebx + 0x38d], 4 push edi xor edi, edi push 4 -push ref_fffd6190 ; push 0xfffd6190 +push ref_fffd648c ; push 0xfffd648c push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc mov word [ebx + 0x36], 0x8086 mov word [ebx + 0x38], 0x7270 mov byte [ebx + 0x3b], 0 @@ -328,13 +329,13 @@ mov byte [ebx + 0x371], 0 mov word [ebx + 0x374], 0x12c mov byte [ebx + 0x372], 1 mov byte [ebx + 0x373], 0 -call fcn_fffb481e ; call 0xfffb481e +call fcn_fffb91ff ; call 0xfffb91ff mov dword [ebp - 0x30], eax mov eax, dword [0xff7d0084] mov eax, dword [eax + 0x14] add eax, 0xf8002 mov dword [esp], eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 add esp, 0x10 mov byte [ebx + 0x284], 0 mov byte [ebx + 0x28c], 0 @@ -346,7 +347,7 @@ mov byte [ebx + 0x296], 1 loc_fffa057d: mov dword [ebp - 0x34], ecx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov ecx, dword [ebp - 0x34] movzx eax, al cmp edi, eax @@ -360,7 +361,7 @@ xor edi, edi loc_fffa059c: mov dword [ebp - 0x34], ecx -call fcn_fffb5b8d ; call 0xfffb5b8d +call fcn_fffb936a ; call 0xfffb936a mov ecx, dword [ebp - 0x34] movzx eax, al cmp edi, eax @@ -580,7 +581,7 @@ add edi, 8 loc_fffa09a6: mov dword [ebp - 0x30], edx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov edx, dword [ebp - 0x30] movzx eax, al cmp edx, eax @@ -618,11 +619,11 @@ je short loc_fffa0a2d ; je 0xfffa0a2d loc_fffa0a0e: cmp dword [esi + 0x10], 0 -je loc_fffa0bde ; je 0xfffa0bde +je loc_fffa0be7 ; je 0xfffa0be7 mov byte [ebx + 0x284], 1 xor edi, edi mov byte [ebx + 0x297], 1 -jmp near loc_fffa0ba0 ; jmp 0xfffa0ba0 +jmp near loc_fffa0ba9 ; jmp 0xfffa0ba9 loc_fffa0a2d: lea edi, [ebx + 0x2b3] @@ -644,7 +645,7 @@ add edi, 8 loc_fffa0a49: mov dword [ebp - 0x30], edx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov edx, dword [ebp - 0x30] movzx eax, al cmp edx, eax @@ -688,20 +689,20 @@ jne loc_fffa0a0e ; jne 0xfffa0a0e lea eax, [ecx + 0x63bf] mov word [ebp - 0x3c], ax lea eax, [ecx + 0x633f] -lea edi, [ebx + 0x2b2] +lea edi, [ebx + 0x2b3] mov dword [ebp - 0x30], 0 mov word [ebp - 0x40], ax loc_fffa0ac2: mov dword [ebp - 0x34], ecx -call fcn_fffb5bb6 ; call 0xfffb5bb6 +call fcn_fffb9393 ; call 0xfffb9393 mov ecx, dword [ebp - 0x34] movzx eax, al cmp dword [ebp - 0x30], eax jae loc_fffa0a0e ; jae 0xfffa0a0e cmp word [ebp - 0x3c], 6 -ja short loc_fffa0b0e ; ja 0xfffa0b0e -mov al, byte [edi + 4] +ja short loc_fffa0b0f ; ja 0xfffa0b0f +mov al, byte [edi + 3] mov dl, al cmp al, 3 mov byte [ebp - 0x34], al @@ -710,7 +711,7 @@ test dl, dl sete dl or al, dl je short loc_fffa0b02 ; je 0xfffa0b02 -cmp word [edi + 2], 0x70 +cmp word [edi + 1], 0x70 sbb eax, eax add eax, 6 jmp short loc_fffa0b0c ; jmp 0xfffa0b0c @@ -721,180 +722,179 @@ setne al add eax, 4 loc_fffa0b0c: -mov byte [edi], al +mov byte [edi - 1], al -loc_fffa0b0e: +loc_fffa0b0f: cmp word [ebp - 0x40], 2 setbe dl cmp cx, 0x9cc5 sete al or dl, al -je short loc_fffa0b25 ; je 0xfffa0b25 -mov byte [edi], 6 - -loc_fffa0b25: +jne short loc_fffa0b5c ; jne 0xfffa0b5c lea eax, [ecx + 0x633a] cmp ax, 1 setbe dl cmp cx, 0x9cc9 sete al or dl, al -je short loc_fffa0b55 ; je 0xfffa0b55 -cmp byte [edi + 4], 0 -jne short loc_fffa0b52 ; jne 0xfffa0b52 -cmp word [edi + 2], 0x70 -sbb eax, eax -add eax, 7 -mov byte [edi], al -jmp short loc_fffa0b55 ; jmp 0xfffa0b55 +jne short loc_fffa0b5c ; jne 0xfffa0b5c +cmp cx, 0x9cc8 +sete dl +cmp cx, 0x9cc4 +sete al +or dl, al +jne short loc_fffa0b5c ; jne 0xfffa0b5c +lea eax, [ecx + 0x6336] +cmp ax, 1 +ja short loc_fffa0b60 ; ja 0xfffa0b60 -loc_fffa0b52: -mov byte [edi], 6 +loc_fffa0b5c: +mov byte [edi - 1], 6 -loc_fffa0b55: -mov al, byte [edi + 4] +loc_fffa0b60: +mov al, byte [edi + 3] cmp al, 3 sete dl test al, al mov byte [ebp - 0x34], al sete al or al, dl -jne short loc_fffa0b6f ; jne 0xfffa0b6f +jne short loc_fffa0b7a ; jne 0xfffa0b7a cmp byte [ebp - 0x34], 7 -jne short loc_fffa0b7c ; jne 0xfffa0b7c +jne short loc_fffa0b87 ; jne 0xfffa0b87 -loc_fffa0b6f: -cmp word [edi + 2], 0x100 +loc_fffa0b7a: +cmp word [edi + 1], 0x100 sbb eax, eax add eax, 3 -jmp short loc_fffa0b8c ; jmp 0xfffa0b8c +jmp short loc_fffa0b97 ; jmp 0xfffa0b97 -loc_fffa0b7c: +loc_fffa0b87: cmp byte [ebp - 0x34], 2 -jne short loc_fffa0b91 ; jne 0xfffa0b91 -cmp word [edi + 2], 0x50 +jne short loc_fffa0b9b ; jne 0xfffa0b9b +cmp word [edi + 1], 0x50 sbb eax, eax add eax, 2 -loc_fffa0b8c: -mov byte [edi + 1], al -jmp short loc_fffa0b95 ; jmp 0xfffa0b95 +loc_fffa0b97: +mov byte [edi], al +jmp short loc_fffa0b9e ; jmp 0xfffa0b9e -loc_fffa0b91: -mov byte [edi + 1], 2 +loc_fffa0b9b: +mov byte [edi], 2 -loc_fffa0b95: +loc_fffa0b9e: inc dword [ebp - 0x30] add edi, 8 jmp near loc_fffa0ac2 ; jmp 0xfffa0ac2 -loc_fffa0ba0: -call fcn_fffb5bb6 ; call 0xfffb5bb6 +loc_fffa0ba9: +call fcn_fffb9393 ; call 0xfffb9393 movzx eax, al cmp edi, eax -jae short loc_fffa0bb7 ; jae 0xfffa0bb7 +jae short loc_fffa0bc0 ; jae 0xfffa0bc0 mov byte [ebx + edi + 0x298], 1 inc edi -jmp short loc_fffa0ba0 ; jmp 0xfffa0ba0 +jmp short loc_fffa0ba9 ; jmp 0xfffa0ba9 -loc_fffa0bb7: +loc_fffa0bc0: mov byte [ebx + 0x299], 0 xor edi, edi -loc_fffa0bc0: -call fcn_fffb5b8d ; call 0xfffb5b8d +loc_fffa0bc9: +call fcn_fffb936a ; call 0xfffb936a movzx eax, al cmp edi, eax -jae short loc_fffa0bd7 ; jae 0xfffa0bd7 +jae short loc_fffa0be0 ; jae 0xfffa0be0 mov byte [ebx + edi + 0x2a6], 1 inc edi -jmp short loc_fffa0bc0 ; jmp 0xfffa0bc0 +jmp short loc_fffa0bc9 ; jmp 0xfffa0bc9 -loc_fffa0bd7: +loc_fffa0be0: mov byte [ebx + 0x2a7], 0 -loc_fffa0bde: +loc_fffa0be7: xor edi, edi -loc_fffa0be0: -call fcn_fffb5b8d ; call 0xfffb5b8d +loc_fffa0be9: +call fcn_fffb936a ; call 0xfffb936a movzx eax, al cmp edi, eax -jae loc_fffa0cba ; jae 0xfffa0cba +jae loc_fffa0cc3 ; jae 0xfffa0cc3 mov dl, byte [esi + edi + 0xb2] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0c0e ; je 0xfffa0c0e +je short loc_fffa0c17 ; je 0xfffa0c17 mov byte [ebx + edi*8 + 0x57c], dl or eax, 1 -jmp short loc_fffa0c19 ; jmp 0xfffa0c19 +jmp short loc_fffa0c22 ; jmp 0xfffa0c22 -loc_fffa0c0e: +loc_fffa0c17: mov byte [ebx + edi*8 + 0x57c], 0 and eax, 0xfffffffe -loc_fffa0c19: +loc_fffa0c22: mov byte [ebx + edi*8 + 0x580], al mov dl, byte [esi + edi + 0xb8] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0c3e ; je 0xfffa0c3e +je short loc_fffa0c47 ; je 0xfffa0c47 mov byte [ebx + edi*8 + 0x57d], dl or eax, 2 -jmp short loc_fffa0c49 ; jmp 0xfffa0c49 +jmp short loc_fffa0c52 ; jmp 0xfffa0c52 -loc_fffa0c3e: +loc_fffa0c47: mov byte [ebx + edi*8 + 0x57d], 0 and eax, 0xfffffffd -loc_fffa0c49: +loc_fffa0c52: mov byte [ebx + edi*8 + 0x580], al mov dl, byte [esi + edi + 0xbe] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0c6e ; je 0xfffa0c6e +je short loc_fffa0c77 ; je 0xfffa0c77 mov byte [ebx + edi*8 + 0x57e], dl or eax, 4 -jmp short loc_fffa0c79 ; jmp 0xfffa0c79 +jmp short loc_fffa0c82 ; jmp 0xfffa0c82 -loc_fffa0c6e: +loc_fffa0c77: mov byte [ebx + edi*8 + 0x57e], 0 and eax, 0xfffffffb -loc_fffa0c79: +loc_fffa0c82: mov byte [ebx + edi*8 + 0x580], al mov dl, byte [esi + edi + 0xc4] mov al, byte [ebx + edi*8 + 0x580] test dl, dl -je short loc_fffa0ca2 ; je 0xfffa0ca2 +je short loc_fffa0cab ; je 0xfffa0cab lea edx, [edx + edx + 1] or eax, 8 mov byte [ebx + edi*8 + 0x57f], dl -jmp short loc_fffa0cad ; jmp 0xfffa0cad +jmp short loc_fffa0cb6 ; jmp 0xfffa0cb6 -loc_fffa0ca2: +loc_fffa0cab: mov byte [ebx + edi*8 + 0x57f], 0 and eax, 0xfffffff7 -loc_fffa0cad: +loc_fffa0cb6: mov byte [ebx + edi*8 + 0x580], al inc edi -jmp near loc_fffa0be0 ; jmp 0xfffa0be0 +jmp near loc_fffa0be9 ; jmp 0xfffa0be9 -loc_fffa0cba: +loc_fffa0cc3: mov al, byte [ebx + 0x40e] or eax, 3 and eax, 0xffffffc3 mov byte [ebx + 0x40e], al xor eax, eax -loc_fffa0cce: +loc_fffa0cd7: and byte [ebx + eax*8 + 0x554], 0xfc mov word [ebx + eax*8 + 0x558], 0 mov word [ebx + eax*8 + 0x55a], 0 inc eax cmp eax, 5 -jne short loc_fffa0cce ; jne 0xfffa0cce +jne short loc_fffa0cd7 ; jne 0xfffa0cd7 mov al, byte [ebx + 0x46a] xor edx, edx mov byte [ebx + 0x364], 1 @@ -912,46 +912,46 @@ mov byte [ebx + 0x46a], al mov byte [ebx + 0x37f], 0 mov byte [ebx + 0x256], 1 -loc_fffa0d5a: +loc_fffa0d63: mov dword [ebp - 0x30], edx -call fcn_fffb4984 ; call 0xfffb4984 +call fcn_fffb93ca ; call 0xfffb93ca mov edx, dword [ebp - 0x30] cmp dl, al -jae short loc_fffa0d77 ; jae 0xfffa0d77 +jae short loc_fffa0d80 ; jae 0xfffa0d80 movzx eax, dl inc edx imul eax, eax, 0x2c mov byte [ebx + eax + 0x58], 1 -jmp short loc_fffa0d5a ; jmp 0xfffa0d5a +jmp short loc_fffa0d63 ; jmp 0xfffa0d63 -loc_fffa0d77: +loc_fffa0d80: and byte [ebx + 0x45e], 0xf7 xor edx, edx -loc_fffa0d80: +loc_fffa0d89: mov dword [ebp - 0x30], edx -call fcn_fffb4984 ; call 0xfffb4984 +call fcn_fffb93ca ; call 0xfffb93ca mov edx, dword [ebp - 0x30] cmp dl, al -jae short loc_fffa0df1 ; jae 0xfffa0df1 +jae short loc_fffa0dfa ; jae 0xfffa0dfa cmp dword [ebp - 0x2c], 2 movzx eax, dl -jne short loc_fffa0dad ; jne 0xfffa0dad +jne short loc_fffa0db6 ; jne 0xfffa0db6 imul eax, eax, 0x2c lea eax, [ebx + eax + 0x50] mov word [eax + 0xa], 0x1003 mov word [eax + 0xc], 0x1003 -jmp short loc_fffa0dc6 ; jmp 0xfffa0dc6 +jmp short loc_fffa0dcf ; jmp 0xfffa0dcf -loc_fffa0dad: +loc_fffa0db6: cmp dword [ebp - 0x2c], 1 -jne short loc_fffa0dc6 ; jne 0xfffa0dc6 +jne short loc_fffa0dcf ; jne 0xfffa0dcf imul eax, eax, 0x2c lea eax, [ebx + eax + 0x50] mov word [eax + 0xa], 0x846 mov word [eax + 0xc], 0x846 -loc_fffa0dc6: +loc_fffa0dcf: movzx eax, dl inc edx imul eax, eax, 0x2c @@ -963,9 +963,9 @@ mov word [eax + 0x60], 0x3c mov byte [eax + 0x62], 2 mov byte [eax + 0x63], 2 mov word [eax + 0x64], 0x3c -jmp short loc_fffa0d80 ; jmp 0xfffa0d80 +jmp short loc_fffa0d89 ; jmp 0xfffa0d89 -loc_fffa0df1: +loc_fffa0dfa: mov al, byte [ebx + 0x446] or byte [ebx + 0x442], 7 and byte [ebx + 0x45e], 0xf9 @@ -976,7 +976,7 @@ mov al, byte [ebx + 0x486] mov dword [ebx + 0x44a], 0 mov dword [ebx + 0x44e], 2 mov dword [ebx + 0x452], 4 -and eax, 0xffffffc1 +and eax, 1 or eax, 0x32 mov byte [ebx + 0x486], al mov al, byte [ebx + 0x49e] @@ -989,91 +989,91 @@ mov byte [ebx + 0x49e], al xor eax, eax mov byte [ebx + 0x10], 0xdd -loc_fffa0e74: +loc_fffa0e7d: mov dword [ebx + eax*4 + 0x1ba], 0 inc eax cmp eax, 8 -jne short loc_fffa0e74 ; jne 0xfffa0e74 +jne short loc_fffa0e7d ; jne 0xfffa0e7d cmp dword [ebp - 0x2c], 2 lea eax, [ebx + 0x4de] lea esi, [ebx + 0x527] -jne short loc_fffa0ebf ; jne 0xfffa0ebf +jne short loc_fffa0ec8 ; jne 0xfffa0ec8 mov byte [ebx + 0x526], 5 push ecx push 0x28 -push ref_fffd6168 ; push 0xfffd6168 +push ref_fffd6464 ; push 0xfffd6464 push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc add esp, 0xc mov byte [ebx + 0x553], 9 push 0x24 -push ref_fffd6144 ; push 0xfffd6144 -jmp short loc_fffa0ee5 ; jmp 0xfffa0ee5 +push ref_fffd6440 ; push 0xfffd6440 +jmp short loc_fffa0eee ; jmp 0xfffa0eee -loc_fffa0ebf: +loc_fffa0ec8: mov byte [ebx + 0x526], 6 push edx push 0x30 -push ref_fffd6114 ; push 0xfffd6114 +push ref_fffd6410 ; push 0xfffd6410 push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc add esp, 0xc mov byte [ebx + 0x553], 6 push 0x18 -push ref_fffd60fc ; push 0xfffd60fc +push ref_fffd63f8 ; push 0xfffd63f8 -loc_fffa0ee5: +loc_fffa0eee: push esi -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc add esp, 0x10 sub esp, 0xc push dword [ebp - 0x38] -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa0efc: +loc_fffa0f05: sub esp, 0xc push 0x15 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov edi, eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x2c], eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 5 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x34], eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x30], eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0x1d -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 sub esp, 0xc push 0x13 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov esi, eax test eax, eax -je loc_fffa10af ; je 0xfffa10af +je loc_fffa10b8 ; je 0xfffa10b8 mov edx, dword [ebp - 0x34] mov ecx, dword [ebp - 0x30] mov byte [edi], 0xa @@ -1105,27 +1105,27 @@ mov byte [ebx + 0xa], 0 mov byte [ebx + 0xb], 1 mov byte [ebx + 0xc], 0 mov byte [ebx + 0xd], 1 -call fcn_fffa6801 ; call 0xfffa6801 +call fcn_fffa67af ; call 0xfffa67af cmp eax, 0x40650 -jne short loc_fffa1033 ; jne 0xfffa1033 +jne short loc_fffa103c ; jne 0xfffa103c -loc_fffa1011: +loc_fffa101a: mov byte [ebx + 0xe], 1 -call fcn_fffa6801 ; call 0xfffa6801 +call fcn_fffa67af ; call 0xfffa67af mov byte [ebx + 0x10], 0 mov byte [ebx + 0x16], 1 cmp eax, 0x306d0 setne al lea eax, [eax + eax*4 + 0x6a] mov byte [ebx + 0xf], al -jmp short loc_fffa103f ; jmp 0xfffa103f +jmp short loc_fffa1048 ; jmp 0xfffa1048 -loc_fffa1033: -call fcn_fffa6801 ; call 0xfffa6801 +loc_fffa103c: +call fcn_fffa67af ; call 0xfffa67af cmp eax, 0x306d0 -je short loc_fffa1011 ; je 0xfffa1011 +je short loc_fffa101a ; je 0xfffa101a -loc_fffa103f: +loc_fffa1048: mov eax, dword [ebp - 0x2c] sub esp, 0xc mov byte [ebx + 0x17], 0x14 @@ -1145,100 +1145,100 @@ mov word [esi + 0xe], 0 mov word [esi + 0x10], 0 mov byte [esi + 0x12], 0 mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_fffd65c0 ; mov dword [eax + 4], 0xfffd65c0 +mov dword [eax + 4], ref_fffd68bc ; mov dword [eax + 4], 0xfffd68bc mov dword [eax + 8], edi push eax -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa10af: +loc_fffa10b8: sub esp, 0xc push 2 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_fffa10f2 ; je 0xfffa10f2 +je short loc_fffa10fb ; je 0xfffa10fb sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax -je short loc_fffa10f2 ; je 0xfffa10f2 +je short loc_fffa10fb ; je 0xfffa10fb sub esp, 0xc mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_fffd60dc ; mov dword [eax + 4], 0xfffd60dc +mov dword [eax + 4], ref_fffd63d8 ; mov dword [eax + 4], 0xfffd63d8 mov byte [ebx], 1 mov dword [eax + 8], ebx push eax -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa10f2: +loc_fffa10fb: sub esp, 0xc mov esi, dword [0xff7d0084] push 0x27 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x2c], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0xc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x30], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x36 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x3c], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0xd -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x40], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x102 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0xdc -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov edi, eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x6b -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x54], eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 5 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov dword [ebp - 0x44], eax test eax, eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 sub esp, 0xc push 0x11 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 test eax, eax mov dword [ebp - 0x50], eax -je loc_fffa19ec ; je 0xfffa19ec +je loc_fffa19f5 ; je 0xfffa19f5 lea eax, [esi + 0xce] mov dword [edi + 0xd0], eax lea eax, [esi + 0x8ce] @@ -1249,14 +1249,14 @@ push eax push 0 push 0x27 push dword [ebp - 0x2c] -call fcn_fffab0d1 ; call 0xfffab0d1 +call fcn_fffb01ac ; call 0xfffb01ac mov eax, dword [ebp - 0x30] mov ecx, dword [ebp - 0x2c] mov dword [eax], 0x80000010 mov dword [eax + 8], ecx -mov dword [eax + 4], ref_fffd661c ; mov dword [eax + 4], 0xfffd661c +mov dword [eax + 4], ref_fffd6918 ; mov dword [eax + 4], 0xfffd6918 mov byte [ecx], 0x13 -call fcn_fffa6801 ; call 0xfffa6801 +call fcn_fffa67af ; call 0xfffa67af add esp, 0x10 mov edx, dword [ebp - 0x50] cmp eax, 0x306d0 @@ -1269,7 +1269,7 @@ or al, cl mov byte [ebp - 0x48], cl mov ecx, dword [ebp - 0x54] mov byte [ebp - 0x49], al -je short loc_fffa1271 ; je 0xfffa1271 +je short loc_fffa127a ; je 0xfffa127a mov eax, dword [0xff7d0084] sub esp, 0xc mov dword [ebp - 0x54], edx @@ -1277,12 +1277,12 @@ mov dword [ebp - 0x50], ecx mov eax, dword [eax + 0x14] add eax, 0x10002 push eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 mov edx, dword [ebp - 0x54] add esp, 0x10 mov ecx, dword [ebp - 0x50] -loc_fffa1271: +loc_fffa127a: mov al, byte [esi + 0x42] mov dword [ebp - 0x54], edx mov edx, dword [ebp - 0x3c] @@ -1316,7 +1316,7 @@ mov dword [ecx + 1], edx mov edx, dword [ebp - 0x40] add eax, 3 mov word [edx + 2], ax -mov byte [edx + 4], 3 +mov byte [edx + 4], 1 mov byte [edx + 5], 1 mov byte [edx + 6], 0 mov byte [edx + 7], 1 @@ -1368,14 +1368,14 @@ mov byte [ebx + 0x72], 0 mov byte [ebx + 0x73], 0 mov byte [ebx + 0x74], 1 mov byte [ebp - 0x3c], al -jne short loc_fffa13d8 ; jne 0xfffa13d8 +jne short loc_fffa13e1 ; jne 0xfffa13e1 cmp byte [ebp - 0x34], 0 -je short loc_fffa13dc ; je 0xfffa13dc +je short loc_fffa13e5 ; je 0xfffa13e5 -loc_fffa13d8: +loc_fffa13e1: mov byte [ebx + 0x75], 0 -loc_fffa13dc: +loc_fffa13e5: mov al, byte [esi + 0x46] mov byte [ebx + 0x77], 1 mov byte [ebx + 0x78], 0 @@ -1435,15 +1435,15 @@ mov byte [ebx + 0xaf], 0 sete byte [ebx + 0xac] cmp byte [ebp - 0x3c], 0 mov byte [ebx + 0xb0], 0x30 -jne short loc_fffa155e ; jne 0xfffa155e +jne short loc_fffa1567 ; jne 0xfffa1567 cmp byte [ebp - 0x34], 0 -je short loc_fffa156c ; je 0xfffa156c +je short loc_fffa1575 ; je 0xfffa1575 -loc_fffa155e: +loc_fffa1567: mov byte [ebx + 0xb1], 1 mov byte [ebx + 0xb2], 0x40 -loc_fffa156c: +loc_fffa1575: mov byte [ebx + 0x101], 0xff mov byte [ebx + 0x2e], 1 mov byte [ebx + 0x2f], 0 @@ -1498,15 +1498,15 @@ mov byte [ebx + 0xf3], 1 mov byte [ebx + 0xc7], 0 mov al, byte [esi + 0x4a] mov byte [ebx + 0x57], al -jne short loc_fffa166a ; jne 0xfffa166a +jne short loc_fffa1673 ; jne 0xfffa1673 cmp byte [ebp - 0x34], 0 -jmp short loc_fffa1671 ; jmp 0xfffa1671 +jmp short loc_fffa167a ; jmp 0xfffa167a -loc_fffa166a: +loc_fffa1673: cmp dword [ebp - 0x38], 0x40650 -loc_fffa1671: -je short loc_fffa16f2 ; je 0xfffa16f2 +loc_fffa167a: +je short loc_fffa16fb ; je 0xfffa16fb mov byte [ebx + 0xfc], 0 mov byte [ebx + 0xd1], 0 mov dword [ebx + 0xd2], 0 @@ -1522,7 +1522,7 @@ mov dword [ebx + 0xf5], 0x320 mov word [ebx + 0xf9], 0x118 mov byte [ebx + 0xfb], 7 -loc_fffa16f2: +loc_fffa16fb: mov eax, dword [0xff7d0084] sub esp, 0xc mov dword [ebp - 0x40], edx @@ -1530,7 +1530,7 @@ mov dword [ebp - 0x3c], ecx mov eax, dword [eax + 0x14] add eax, 2 push eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 add esp, 0x10 mov edx, dword [ebp - 0x40] mov dword [ebp - 0x38], 1 @@ -1541,13 +1541,13 @@ mov word [ebp - 0x34], ax sete al or cl, al mov ecx, dword [ebp - 0x3c] -jne short loc_fffa175d ; jne 0xfffa175d +jne short loc_fffa1766 ; jne 0xfffa1766 cmp word [ebp - 0x34], 0xa0c sete al cmp word [ebp - 0x34], 0xd04 sete byte [ebp - 0x3c] or al, byte [ebp - 0x3c] -jne short loc_fffa175d ; jne 0xfffa175d +jne short loc_fffa1766 ; jne 0xfffa1766 mov eax, dword [ebp - 0x34] and eax, 0xffffffef cmp ax, 0x1604 @@ -1555,56 +1555,56 @@ sete al movzx eax, al mov dword [ebp - 0x38], eax -loc_fffa175d: +loc_fffa1766: mov al, byte [ebp - 0x38] mov word [ebx + 0xc8], 0xcf8 mov word [ebx + 0xca], 0xcfc mov byte [ebx + 0xcc], 0xaa mov byte [ebx + 0xc6], al -mov dword [edi], fcn_fffa5b74 ; mov dword [edi], 0xfffa5b74 -mov dword [edi + 4], fcn_fffb3f0f ; mov dword [edi + 4], 0xfffb3f0f -mov dword [edi + 8], fcn_fffaafc2 ; mov dword [edi + 8], 0xfffaafc2 -mov dword [edi + 0xc], fcn_fffa5b68 ; mov dword [edi + 0xc], 0xfffa5b68 -mov dword [edi + 0x10], fcn_fffb3f28 ; mov dword [edi + 0x10], 0xfffb3f28 -mov dword [edi + 0x14], fcn_fffaafda ; mov dword [edi + 0x14], 0xfffaafda -mov dword [edi + 0x18], fcn_fffb3cfc ; mov dword [edi + 0x18], 0xfffb3cfc -mov dword [edi + 0x1c], fcn_fffb3d06 ; mov dword [edi + 0x1c], 0xfffb3d06 -mov dword [edi + 0x20], fcn_fffb3d4e ; mov dword [edi + 0x20], 0xfffb3d4e -mov dword [edi + 0x24], fcn_fffb3dc0 ; mov dword [edi + 0x24], 0xfffb3dc0 -mov dword [edi + 0x28], fcn_fffb3db3 ; mov dword [edi + 0x28], 0xfffb3db3 -mov dword [edi + 0x2c], fcn_fffb3d20 ; mov dword [edi + 0x2c], 0xfffb3d20 -mov dword [edi + 0x30], fcn_fffb3d84 ; mov dword [edi + 0x30], 0xfffb3d84 -mov dword [edi + 0x34], fcn_fffa5bcf ; mov dword [edi + 0x34], 0xfffa5bcf -mov dword [edi + 0x38], fcn_fffab48f ; mov dword [edi + 0x38], 0xfffab48f -mov dword [edi + 0x3c], fcn_fffab4e0 ; mov dword [edi + 0x3c], 0xfffab4e0 -mov dword [edi + 0x40], fcn_fffab4b3 ; mov dword [edi + 0x40], 0xfffab4b3 -mov dword [edi + 0x44], fcn_fffb44dc ; mov dword [edi + 0x44], 0xfffb44dc -mov dword [edi + 0x48], fcn_fffc3868 ; mov dword [edi + 0x48], 0xfffc3868 -mov dword [edi + 0x4c], fcn_fffc3844 ; mov dword [edi + 0x4c], 0xfffc3844 -mov dword [edi + 0x50], fcn_fffb3ddc ; mov dword [edi + 0x50], 0xfffb3ddc -mov dword [edi + 0x54], fcn_fffb742b ; mov dword [edi + 0x54], 0xfffb742b -mov dword [edi + 0x58], fcn_fffab101 ; mov dword [edi + 0x58], 0xfffab101 -mov dword [edi + 0x5c], fcn_fffab0d1 ; mov dword [edi + 0x5c], 0xfffab0d1 -mov dword [edi + 0x60], fcn_fffa5c15 ; mov dword [edi + 0x60], 0xfffa5c15 -mov dword [edi + 0x64], fcn_fffa5bfd ; mov dword [edi + 0x64], 0xfffa5bfd -mov dword [edi + 0x68], fcn_fffab0f8 ; mov dword [edi + 0x68], 0xfffab0f8 -mov dword [edi + 0x6c], fcn_fffab0ef ; mov dword [edi + 0x6c], 0xfffab0ef -mov dword [edi + 0x70], fcn_fffa5c8a ; mov dword [edi + 0x70], 0xfffa5c8a +mov dword [edi], fcn_fffa5ba3 ; mov dword [edi], 0xfffa5ba3 +mov dword [edi + 4], fcn_fffb00a0 ; mov dword [edi + 4], 0xfffb00a0 +mov dword [edi + 8], fcn_fffb00dc ; mov dword [edi + 8], 0xfffb00dc +mov dword [edi + 0xc], fcn_fffa5b97 ; mov dword [edi + 0xc], 0xfffa5b97 +mov dword [edi + 0x10], fcn_fffb00b9 ; mov dword [edi + 0x10], 0xfffb00b9 +mov dword [edi + 0x14], fcn_fffb0086 ; mov dword [edi + 0x14], 0xfffb0086 +mov dword [edi + 0x18], fcn_fffb3e25 ; mov dword [edi + 0x18], 0xfffb3e25 +mov dword [edi + 0x1c], fcn_fffb3e49 ; mov dword [edi + 0x1c], 0xfffb3e49 +mov dword [edi + 0x20], fcn_fffb3fc4 ; mov dword [edi + 0x20], 0xfffb3fc4 +mov dword [edi + 0x24], fcn_fffb401c ; mov dword [edi + 0x24], 0xfffb401c +mov dword [edi + 0x28], fcn_fffb3e2f ; mov dword [edi + 0x28], 0xfffb3e2f +mov dword [edi + 0x2c], fcn_fffb3fa0 ; mov dword [edi + 0x2c], 0xfffb3fa0 +mov dword [edi + 0x30], fcn_fffb3ffa ; mov dword [edi + 0x30], 0xfffb3ffa +mov dword [edi + 0x34], fcn_fffa5bfe ; mov dword [edi + 0x34], 0xfffa5bfe +mov dword [edi + 0x38], fcn_fffb028b ; mov dword [edi + 0x38], 0xfffb028b +mov dword [edi + 0x3c], fcn_fffb045c ; mov dword [edi + 0x3c], 0xfffb045c +mov dword [edi + 0x40], fcn_fffb02af ; mov dword [edi + 0x40], 0xfffb02af +mov dword [edi + 0x44], fcn_fffb0481 ; mov dword [edi + 0x44], 0xfffb0481 +mov dword [edi + 0x48], fcn_fffc375d ; mov dword [edi + 0x48], 0xfffc375d +mov dword [edi + 0x4c], fcn_fffc3739 ; mov dword [edi + 0x4c], 0xfffc3739 +mov dword [edi + 0x50], fcn_fffb3e6d ; mov dword [edi + 0x50], 0xfffb3e6d +mov dword [edi + 0x54], fcn_fffb7ea0 ; mov dword [edi + 0x54], 0xfffb7ea0 +mov dword [edi + 0x58], fcn_fffb01dc ; mov dword [edi + 0x58], 0xfffb01dc +mov dword [edi + 0x5c], fcn_fffb01ac ; mov dword [edi + 0x5c], 0xfffb01ac +mov dword [edi + 0x60], fcn_fffa5c5d ; mov dword [edi + 0x60], 0xfffa5c5d +mov dword [edi + 0x64], fcn_fffa5c45 ; mov dword [edi + 0x64], 0xfffa5c45 +mov dword [edi + 0x68], fcn_fffb01d3 ; mov dword [edi + 0x68], 0xfffb01d3 +mov dword [edi + 0x6c], fcn_fffb01ca ; mov dword [edi + 0x6c], 0xfffb01ca +mov dword [edi + 0x70], fcn_fffa5cd2 ; mov dword [edi + 0x70], 0xfffa5cd2 mov eax, dword [ebp - 0x2c] -mov dword [edi + 0x74], fcn_fffab0c8 ; mov dword [edi + 0x74], 0xfffab0c8 -mov dword [edi + 0x78], fcn_fffb45e9 ; mov dword [edi + 0x78], 0xfffb45e9 -mov dword [edi + 0x7c], fcn_fffab039 ; mov dword [edi + 0x7c], 0xfffab039 -mov dword [edi + 0x80], fcn_fffb4ecf ; mov dword [edi + 0x80], 0xfffb4ecf -mov dword [edi + 0x84], fcn_fffb506c ; mov dword [edi + 0x84], 0xfffb506c -mov dword [edi + 0x88], fcn_fffa5bc8 ; mov dword [edi + 0x88], 0xfffa5bc8 -mov dword [edi + 0x8c], fcn_fffa5bc0 ; mov dword [edi + 0x8c], 0xfffa5bc0 -mov dword [edi + 0x90], fcn_fffa5b97 ; mov dword [edi + 0x90], 0xfffa5b97 -mov dword [edi + 0x94], fcn_fffb73dd ; mov dword [edi + 0x94], 0xfffb73dd -mov dword [edi + 0x98], fcn_fffab06a ; mov dword [edi + 0x98], 0xfffab06a -mov dword [edi + 0x9c], fcn_fffaaffb ; mov dword [edi + 0x9c], 0xfffaaffb -mov dword [edi + 0xa0], fcn_fffa5b8d ; mov dword [edi + 0xa0], 0xfffa5b8d -mov dword [edi + 0xa4], fcn_fffa5b7d ; mov dword [edi + 0xa4], 0xfffa5b7d -mov dword [edi + 0xa8], fcn_fffab06f ; mov dword [edi + 0xa8], 0xfffab06f +mov dword [edi + 0x74], fcn_fffb01a3 ; mov dword [edi + 0x74], 0xfffb01a3 +mov dword [edi + 0x78], fcn_fffb03bb ; mov dword [edi + 0x78], 0xfffb03bb +mov dword [edi + 0x7c], fcn_fffb0108 ; mov dword [edi + 0x7c], 0xfffb0108 +mov dword [edi + 0x80], fcn_fffb8075 ; mov dword [edi + 0x80], 0xfffb8075 +mov dword [edi + 0x84], fcn_fffb9af0 ; mov dword [edi + 0x84], 0xfffb9af0 +mov dword [edi + 0x88], fcn_fffa5bf7 ; mov dword [edi + 0x88], 0xfffa5bf7 +mov dword [edi + 0x8c], fcn_fffa5bef ; mov dword [edi + 0x8c], 0xfffa5bef +mov dword [edi + 0x90], fcn_fffa5bc6 ; mov dword [edi + 0x90], 0xfffa5bc6 +mov dword [edi + 0x94], fcn_fffb8fa9 ; mov dword [edi + 0x94], 0xfffb8fa9 +mov dword [edi + 0x98], fcn_fffb0139 ; mov dword [edi + 0x98], 0xfffb0139 +mov dword [edi + 0x9c], fcn_fffb4041 ; mov dword [edi + 0x9c], 0xfffb4041 +mov dword [edi + 0xa0], fcn_fffa5bbc ; mov dword [edi + 0xa0], 0xfffa5bbc +mov dword [edi + 0xa4], fcn_fffa5bac ; mov dword [edi + 0xa4], 0xfffa5bac +mov dword [edi + 0xa8], fcn_fffb013e ; mov dword [edi + 0xa8], 0xfffb013e mov dword [eax + 9], ebx mov dword [eax + 0x1e], edi xor eax, eax @@ -1639,13 +1639,13 @@ mov byte [ecx + 0x3f], 0xf mov byte [ecx + 0x42], 0x14 mov word [ecx + 0x50], 1 -loc_fffa1956: +loc_fffa195f: mov byte [ecx + eax + 9], 8 mov byte [ecx + eax + 0x19], 7 mov byte [ecx + eax + 0x29], 2 inc eax cmp eax, 0x10 -jne short loc_fffa1956 ; jne 0xfffa1956 +jne short loc_fffa195f ; jne 0xfffa195f mov eax, dword [ebp - 0x44] mov byte [ecx + 0x49], 0 mov byte [eax], 0 @@ -1653,11 +1653,11 @@ xor eax, eax mov byte [ecx + 0x52], 0 mov byte [ecx + 0x53], 0 -loc_fffa197f: +loc_fffa1988: mov byte [ecx + eax + 0x54], 8 inc eax cmp eax, 8 -jne short loc_fffa197f ; jne 0xfffa197f +jne short loc_fffa1988 ; jne 0xfffa1988 mov eax, dword [ebp - 0x2c] sub esp, 0xc mov dword [ecx + 0x44], 0 @@ -1678,22 +1678,22 @@ mov byte [eax + 0x22], 0 mov eax, dword [esi + 0x8f6] mov dword [ecx + 0x15], eax push dword [ebp - 0x30] -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa19ec: +loc_fffa19f5: sub esp, 0xc -push ref_fffd5f93 ; push 0xfffd5f93 -call mrc_printk ; call 0xfffb76e3 -mov dword [esp], ref_fffd6594 ; mov dword [esp], 0xfffd6594 -call fcn_fffab5db ; call 0xfffab5db +push ref_fffd628f ; push 0xfffd628f +call mrc_printk ; call 0xfffb8212 +mov dword [esp], ref_fffd6890 ; mov dword [esp], 0xfffd6890 +call fcn_fffb0585 ; call 0xfffb0585 mov dword [esp], 0x20 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_fffa1a74 ; je 0xfffa1a74 -mov dword [eax + 0x14], fcn_fffb4a59 ; mov dword [eax + 0x14], 0xfffb4a59 +je short loc_fffa1a7d ; je 0xfffa1a7d +mov dword [eax + 0x14], fcn_fffb4acb ; mov dword [eax + 0x14], 0xfffb4acb sub esp, 0xc mov dword [eax + 0xc], 0x53524549 mov dword [eax + 0x10], 0 @@ -1703,36 +1703,36 @@ lea edx, [eax + 0xf8000] add eax, 0xf80f0 mov dword [ebx + 0x1c], edx push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 mov dword [ebx], 0x80000010 -mov dword [ebx + 4], ref_fffd65a0 ; mov dword [ebx + 4], 0xfffd65a0 +mov dword [ebx + 4], ref_fffd689c ; mov dword [ebx + 4], 0xfffd689c and eax, 0xffffc000 mov dword [ebx + 0x18], eax lea eax, [ebx + 0x14] mov dword [ebx + 8], eax mov dword [esp], ebx -call fcn_fffab5db ; call 0xfffab5db +call fcn_fffb0585 ; call 0xfffb0585 add esp, 0x10 -loc_fffa1a74: +loc_fffa1a7d: push ebx push ebx lea eax, [ebp - 0x1c] push eax push 0x11b -call fcn_fffab60f ; call 0xfffab60f +call fcn_fffb05b9 ; call 0xfffb05b9 add esp, 0x10 test eax, eax -jns short loc_fffa1a92 ; jns 0xfffa1a92 +jns short loc_fffa1a9b ; jns 0xfffa1a9b mov dword [ebp - 0x1c], 0 -loc_fffa1a92: +loc_fffa1a9b: mov ebx, dword [ebp - 0x1c] test ebx, ebx -je loc_fffa1b43 ; je 0xfffa1b43 +je loc_fffa1b4c ; je 0xfffa1b4c mov edx, ebx mov eax, 0xff7d0278 -call fcn_fffab505 ; call 0xfffab505 +call fcn_fffb04af ; call 0xfffb04af mov eax, dword [0xff7d0084] sub esp, 0xc mov edi, dword [eax + 0x14] @@ -1740,14 +1740,14 @@ mov eax, dword [ebx + 8] lea esi, [edi + 0xfb020] push esi mov dword [ebp - 0x2c], eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 pop edx pop ecx and eax, 0xffe0 or eax, dword [ebp - 0x2c] push eax push esi -call fcn_fffb3d84 ; call 0xfffb3d84 +call fcn_fffb3ffa ; call 0xfffb3ffa mov al, byte [edi + 0xfb004] or eax, 1 mov byte [edi + 0xfb004], al @@ -1765,12 +1765,12 @@ pop esi pop edi push 0xff push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 +call fcn_fffb4a42 ; call 0xfffb4a42 lea eax, [ebx + 0xc] add ebx, 0x38 mov dword [esp], eax -call fcn_fffab5db ; call 0xfffab5db -call fcn_fffab405 ; call 0xfffab405 +call fcn_fffb0585 ; call 0xfffb0585 +call fcn_fffb0201 ; call 0xfffb0201 pop edx pop ecx mov edx, dword [eax] @@ -1779,24 +1779,24 @@ push eax call dword [edx + 0x24] ; ucall add esp, 0x10 -loc_fffa1b43: +loc_fffa1b4c: sub esp, 0xc -mov esi, ref_fffd65d0 ; mov esi, 0xfffd65d0 -push ref_fffd5fcb ; push 0xfffd5fcb -call mrc_printk ; call 0xfffb76e3 +mov esi, ref_fffd68cc ; mov esi, 0xfffd68cc +push ref_fffd62c7 ; push 0xfffd62c7 +call mrc_printk ; call 0xfffb8212 lea eax, [ebp - 0x24] push eax push 0 push 0 -push ref_fffd661c ; push 0xfffd661c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6918 ; push 0xfffd6918 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x1c mov ebx, dword [ebp - 0x24] lea eax, [ebp - 0x20] push eax push 0x73 push 4 -call fcn_fffab5ba ; call 0xfffab5ba +call fcn_fffb0564 ; call 0xfffb0564 mov eax, dword [ebp - 0x20] mov ecx, 4 lea edi, [eax + 8] @@ -1806,36 +1806,36 @@ pop edx pop ecx push 8 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f mov eax, dword [ebp - 0x20] pop esi pop edi add eax, 0x20 push 8 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f pop eax mov eax, dword [ebp - 0x20] pop edx add eax, 0x29 push 0x21 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f mov eax, dword [ebp - 0x20] add esp, 0x10 mov byte [eax + 0x28], 0 mov byte [eax + 0x71], 0 cmp byte [ebx], 1 -jbe short loc_fffa1bd2 ; jbe 0xfffa1bd2 +jbe short loc_fffa1bdb ; jbe 0xfffa1bdb mov edx, dword [ebx + 0xd] mov dl, byte [edx + 0x49] mov byte [eax + 0x4a], dl -jmp short loc_fffa1bd6 ; jmp 0xfffa1bd6 +jmp short loc_fffa1bdf ; jmp 0xfffa1bdf -loc_fffa1bd2: +loc_fffa1bdb: mov byte [eax + 0x4a], 0 -loc_fffa1bd6: +loc_fffa1bdf: mov edx, dword [ebx + 5] mov dl, byte [edx + 7] mov byte [eax + 0x72], dl @@ -1843,73 +1843,73 @@ lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_fffd65c0 ; push 0xfffd65c0 -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68bc ; push 0xfffd68bc +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [ebp - 0x1c] add esp, 0x10 mov edx, dword [eax + 9] cmp dword [edx + 4], 0 -je short loc_fffa1c29 ; je 0xfffa1c29 +je short loc_fffa1c32 ; je 0xfffa1c32 mov ebx, dword [ebp - 0x20] mov byte [ebx + 0x18], 1 mov edx, dword [eax + 1] cmp byte [edx], 0 -jns short loc_fffa1c29 ; jns 0xfffa1c29 +jns short loc_fffa1c32 ; jns 0xfffa1c32 push ecx push 0x14 mov eax, dword [eax + 9] mov eax, dword [eax + 4] push dword [eax + 0x1c] push dword [eax + 0x18] -call fcn_fffab0ef ; call 0xfffab0ef +call fcn_fffb01ca ; call 0xfffb01ca add esp, 0x10 mov byte [ebx + 0x19], al -loc_fffa1c29: +loc_fffa1c32: mov eax, dword [ebp - 0x20] mov byte [eax + 0x20], 2 mov edx, dword [ebp - 0x1c] mov ecx, dword [edx + 1] test byte [ecx], 0x10 -je short loc_fffa1c49 ; je 0xfffa1c49 +je short loc_fffa1c52 ; je 0xfffa1c52 mov edx, dword [edx + 9] mov edx, dword [edx] mov dl, byte [edx + 0x301] mov byte [eax + 0x21], dl -loc_fffa1c49: +loc_fffa1c52: sub esp, 0xc -push ref_fffd65e0 ; push 0xfffd65e0 -call fcn_fffab5db ; call 0xfffab5db -mov dword [esp], ref_fffd5faa ; mov dword [esp], 0xfffd5faa -call mrc_printk ; call 0xfffb76e3 +push ref_fffd68dc ; push 0xfffd68dc +call fcn_fffb0585 ; call 0xfffb0585 +mov dword [esp], ref_fffd62a6 ; mov dword [esp], 0xfffd62a6 +call mrc_printk ; call 0xfffb8212 mov dword [esp], 0x19 -call fcn_fffb8358 ; call 0xfffb8358 +call fcn_fffb8e87 ; call 0xfffb8e87 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_fffa1cea ; je 0xfffa1cea +je short loc_fffa1cf3 ; je 0xfffa1cf3 mov dword [eax], 0x4943524d lea eax, [eax + 0x14] mov dword [eax - 0x10], 0x80000020 lea esi, [ebx + 4] -mov dword [eax - 8], fcn_fffcd152 ; mov dword [eax - 8], 0xfffcd152 +mov dword [eax - 8], fcn_fffcdaba ; mov dword [eax - 8], 0xfffcdaba mov dword [eax - 4], 0 mov byte [eax + 4], 0 mov dword [eax], 0 push eax push 0 push 0 -push ref_fffd65fc ; push 0xfffd65fc -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68f8 ; push 0xfffd68f8 +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [ebx + 0x14] add esp, 0x10 test eax, eax -je short loc_fffa1cd9 ; je 0xfffa1cd9 +je short loc_fffa1ce2 ; je 0xfffa1ce2 test byte [eax + 1], 1 -je short loc_fffa1cd9 ; je 0xfffa1cd9 -mov dword [ebx + 8], ref_fffd65ec ; mov dword [ebx + 8], 0xfffd65ec -call fcn_fffab405 ; call 0xfffab405 +je short loc_fffa1ce2 ; je 0xfffa1ce2 +mov dword [ebx + 8], ref_fffd68e8 ; mov dword [ebx + 8], 0xfffd68e8 +call fcn_fffb0201 ; call 0xfffb0201 push edx push edx mov edx, dword [eax] @@ -1918,31 +1918,31 @@ push eax call dword [edx + 0x24] ; ucall add esp, 0x10 -loc_fffa1cd9: +loc_fffa1ce2: push edi push 0 push esi push 0xff7d0278 -call fcn_fffcd152 ; call 0xfffcd152 +call fcn_fffcdaba ; call 0xfffcdaba add esp, 0x10 -loc_fffa1cea: -call fcn_fffab5f3 ; call 0xfffab5f3 +loc_fffa1cf3: +call fcn_fffb059d ; call 0xfffb059d push ebx push ebx push eax -push ref_fffd660c ; push 0xfffd660c -call fcn_fffc5551 ; call 0xfffc5551 +push ref_fffd6908 ; push 0xfffd6908 +call fcn_fffc5baf ; call 0xfffc5baf add esp, 0x10 mov esi, eax test eax, eax -jne short loc_fffa1d21 ; jne 0xfffa1d21 +jne short loc_fffa1d2a ; jne 0xfffa1d2a mov eax, dword [ebp + 8] mov dword [eax + 0x906], 0 mov dword [eax + 0x902], 0 -jmp near loc_fffa1e75 ; jmp 0xfffa1e75 +jmp near loc_fffa1e7e ; jmp 0xfffa1e7e -loc_fffa1d21: +loc_fffa1d2a: mov eax, dword [eax + 0x20] mov ecx, dword [ebp + 8] mov byte [ebp - 0x2c], 0 @@ -1950,55 +1950,55 @@ mov dword [ecx + 0x906], eax lea eax, [esi + 0x20] mov dword [ecx + 0x902], eax mov byte [ecx + 0x90a], 0 -mov eax, dword [esi + 0x245b] +mov eax, dword [esi + 0x245c] mov dword [ebp - 0x34], eax lea eax, [esi + 0x1092] mov dword [ebp - 0x38], eax -loc_fffa1d53: +loc_fffa1d5c: mov al, byte [ebp - 0x2c] mov dword [ebp - 0x30], 0 add eax, eax -mov byte [ebp - 0x40], al +mov byte [ebp - 0x3c], al mov eax, dword [ebp - 0x38] lea edi, [eax + 0x25d] mov ecx, eax -loc_fffa1d6d: +loc_fffa1d76: mov edx, dword [ebp - 0x30] -mov al, byte [ebp - 0x40] +mov al, byte [ebp - 0x3c] mov byte [ebp - 0x44], dl add eax, edx cmp dword [ecx], 2 -mov byte [ebp - 0x3c], al -jne loc_fffa1e4b ; jne 0xfffa1e4b +mov byte [ebp - 0x40], al +jne loc_fffa1e54 ; jne 0xfffa1e54 mov eax, dword [ebp + 8] mov edx, dword [ebp + 8] movzx eax, byte [eax + 0x90a] imul eax, eax, 0x28 lea eax, [edx + eax + 0x900] -mov edx, dword [esi + 0x2498] +mov edx, dword [esi + 0x2499] mov dword [ebp - 0x48], eax lea ebx, [eax + 0xb] cmp edx, 2 -je short loc_fffa1dc5 ; je 0xfffa1dc5 +je short loc_fffa1dce ; je 0xfffa1dce cmp edx, 3 -je short loc_fffa1dcd ; je 0xfffa1dcd +je short loc_fffa1dd6 ; je 0xfffa1dd6 dec edx mov eax, 0xff mov edx, 0x18 cmove eax, edx mov word [ebx + 4], ax -jmp short loc_fffa1dd3 ; jmp 0xfffa1dd3 +jmp short loc_fffa1ddc ; jmp 0xfffa1ddc -loc_fffa1dc5: +loc_fffa1dce: mov word [ebx + 4], 0x1a -jmp short loc_fffa1dd3 ; jmp 0xfffa1dd3 +jmp short loc_fffa1ddc ; jmp 0xfffa1ddc -loc_fffa1dcd: +loc_fffa1dd6: mov word [ebx + 4], 0x1d -loc_fffa1dd3: +loc_fffa1ddc: mov eax, dword [esi + 0x1837] mov edx, dword [ebp - 0x48] mov dword [ebp - 0x48], ecx @@ -2011,7 +2011,7 @@ mov al, byte [ebp - 0x2c] mov byte [ebx + 9], al mov al, byte [ebp - 0x44] mov byte [ebx + 0xa], al -mov al, byte [ebp - 0x3c] +mov al, byte [ebp - 0x40] mov byte [ebx + 0xb], al lea eax, [ebx + 0x11] push ecx @@ -2039,25 +2039,25 @@ mov byte [ebx + 0x27], al mov eax, dword [ebp + 8] inc byte [eax + 0x90a] -loc_fffa1e4b: +loc_fffa1e54: inc dword [ebp - 0x30] add ecx, 0x128 add edi, 0x21 cmp dword [ebp - 0x30], 2 -jne loc_fffa1d6d ; jne 0xfffa1d6d +jne loc_fffa1d76 ; jne 0xfffa1d76 inc byte [ebp - 0x2c] add dword [ebp - 0x38], 0x433 cmp byte [ebp - 0x2c], 2 -jne loc_fffa1d53 ; jne 0xfffa1d53 +jne loc_fffa1d5c ; jne 0xfffa1d5c -loc_fffa1e75: +loc_fffa1e7e: sub esp, 0xc -push ref_fffd5fbf ; push 0xfffd5fbf -call mrc_printk ; call 0xfffb76e3 +push ref_fffd62bb ; push 0xfffd62bb +call mrc_printk ; call 0xfffb8212 add esp, 0x10 xor eax, eax -loc_fffa1e87: +loc_fffa1e90: lea esp, [ebp - 0xc] pop ebx pop esi @@ -2065,7 +2065,7 @@ pop edi pop ebp ret -fcn_fffa1e8f: +fcn_fffa1e98: push ebp mov ebp, esp push edi @@ -2073,187 +2073,197 @@ push esi mov esi, edx push ebx sub esp, 0x6214 -push 0x5ee4 -lea edi, [ebp - 0x5efc] +push 0x5ee5 +lea edi, [ebp - 0x5efd] push edi mov dword [ebp - 0x6208], ecx mov dword [ebp - 0x6204], eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f pop ebx pop eax -lea ebx, [ebp - 0x60c7] +lea ebx, [ebp - 0x60c8] push 0x1cb push ebx -call fcn_fffac673 ; call 0xfffac673 -lea eax, [ebp - 0x6173] +call fcn_fffb067f ; call 0xfffb067f +lea eax, [ebp - 0x6174] mov dword [ebp - 0x3ab9], eax -mov eax, dword [ref_fffd3288] ; mov eax, dword [0xfffd3288] -lea edx, [ebp - 0x61c0] +mov eax, dword [ref_fffd3578] ; mov eax, dword [0xfffd3578] +lea edx, [ebp - 0x61c1] mov dword [ebp - 0x20], ebx -mov dword [ebp - 0x60c3], edx +mov dword [ebp - 0x60c4], edx mov dword [ebp - 0x6200], edx -mov dword [ebp - 0x5efc], eax -lea eax, [ebp - 0x61e8] +mov dword [ebp - 0x5efd], eax +lea eax, [ebp - 0x61ec] push eax push 0 push 0 -push ref_fffd661c ; push 0xfffd661c -mov dword [ebp - 0x60c7], 0x1cb -mov dword [ebp - 0x5ef8], 0x5ee4 -mov dword [ebp - 0x5ef4], 0x1866 -mov dword [ebp - 0x468e], 0xbdd +push ref_fffd6918 ; push 0xfffd6918 +mov dword [ebp - 0x60c8], 0x1cb +mov dword [ebp - 0x5ef9], 0x5ee5 +mov dword [ebp - 0x5ef5], 0x1866 +mov dword [ebp - 0x468f], 0xbde mov dword [ebp - 0x3ab1], 0x3a91 -call fcn_fffab40f ; call 0xfffab40f -mov eax, dword [ebp - 0x61e8] +call fcn_fffb020b ; call 0xfffb020b +mov eax, dword [ebp - 0x61ec] add esp, 0x20 mov edx, dword [ebp - 0x3ab9] mov ecx, dword [eax + 9] mov ebx, dword [eax + 0x1e] mov dword [ebp - 0x61fc], edx -mov dword [ebx + 0xac], fcn_fffc6ea0 ; mov dword [ebx + 0xac], 0xfffc6ea0 -mov dword [ebx + 0xb0], fcn_fffc45f9 ; mov dword [ebx + 0xb0], 0xfffc45f9 -mov dword [ebx + 0xb4], fcn_fffac81d ; mov dword [ebx + 0xb4], 0xfffac81d -mov dword [ebx + 0xb8], fcn_fffc3bd3 ; mov dword [ebx + 0xb8], 0xfffc3bd3 -mov dword [ebx + 0xbc], fcn_fffcc900 ; mov dword [ebx + 0xbc], 0xfffcc900 -mov dword [ebx + 0xc0], fcn_fffac7e7 ; mov dword [ebx + 0xc0], 0xfffac7e7 -mov dword [ebx + 0xc4], fcn_fffa9178 ; mov dword [ebx + 0xc4], 0xfffa9178 -mov dword [ebx + 0xc8], fcn_fffcc4cb ; mov dword [ebx + 0xc8], 0xfffcc4cb -mov dword [ebx + 0xcc], fcn_fffa8c9b ; mov dword [ebx + 0xcc], 0xfffa8c9b -mov dword [ebp - 0x3ae1], eax +mov dword [ebx + 0xac], fcn_fffc8b09 ; mov dword [ebx + 0xac], 0xfffc8b09 +mov dword [ebx + 0xb0], fcn_fffce35b ; mov dword [ebx + 0xb0], 0xfffce35b +mov dword [ebx + 0xb4], fcn_fffb1612 ; mov dword [ebx + 0xb4], 0xfffb1612 +mov dword [ebx + 0xb8], fcn_fffc3ac8 ; mov dword [ebx + 0xb8], 0xfffc3ac8 +mov dword [ebx + 0xbc], fcn_fffcd268 ; mov dword [ebx + 0xbc], 0xfffcd268 +mov dword [ebx + 0xc0], fcn_fffb15dc ; mov dword [ebx + 0xc0], 0xfffb15dc +mov dword [ebx + 0xc4], fcn_fffabc7a ; mov dword [ebx + 0xc4], 0xfffabc7a +mov dword [ebx + 0xc8], fcn_fffcce33 ; mov dword [ebx + 0xc8], 0xfffcce33 +mov dword [ebx + 0xcc], fcn_fffab79d ; mov dword [ebx + 0xcc], 0xfffab79d +mov dword [ebp - 0x3ae2], eax mov ax, word [ecx + 0xc8] -mov word [ebp - 0x3ae5], ax +mov word [ebp - 0x3ae6], ax mov ax, word [ecx + 0xca] -mov word [ebp - 0x3ae3], ax -call fcn_fffa6801 ; call 0xfffa6801 +mov word [ebp - 0x3ae4], ax +call fcn_fffa67af ; call 0xfffa67af sub esp, 0xc -lea ecx, [ebp - 0x61c4] -push ecx lea ecx, [ebp - 0x61c8] push ecx lea ecx, [ebp - 0x61cc] push ecx -mov dword [ebp - 0x3aea], eax -lea eax, [ebp - 0x61d0] +lea ecx, [ebp - 0x61d0] +push ecx +mov dword [ebp - 0x3aeb], eax +lea eax, [ebp - 0x61d4] push eax push 1 -call fcn_fffd28d0 ; call 0xfffd28d0 +call fcn_fffd2bc2 ; call 0xfffd2bc2 add esp, 0x1c -mov eax, dword [ebp - 0x61d0] +mov eax, dword [ebp - 0x61d4] push 0xac push ebx push dword [ebp - 0x61fc] and eax, 0xf -mov byte [ebp - 0x3ae6], al +mov byte [ebp - 0x3ae7], al call dword [ebx + 0x58] ; ucall mov edx, dword [ebp - 0x6200] add esp, 0xc push 0x4d -push ref_fffd3238 ; push 0xfffd3238 +push ref_fffd3528 ; push 0xfffd3528 push edx -call dword [ebp - 0x611b] ; ucall -call fcn_fffab405 ; call 0xfffab405 +call dword [ebp - 0x611c] ; ucall +call fcn_fffb0201 ; call 0xfffb0201 pop edx pop ecx -lea ecx, [ebp - 0x61e0] +lea ecx, [ebp - 0x61e4] mov edx, dword [eax] push ecx push eax call dword [edx + 0x28] ; ucall add esp, 0x10 -cmp dword [ebp - 0x61e0], 0x11 -je short loc_fffa20a7 ; je 0xfffa20a7 -lea eax, [ebp - 0x61e4] +cmp dword [ebp - 0x61e4], 0x11 +je short loc_fffa20b0 ; je 0xfffa20b0 +lea eax, [ebp - 0x61e8] push ecx push eax -push 0x5efd +push 0x5efe push 4 -call fcn_fffab5ba ; call 0xfffab5ba +call fcn_fffb0564 ; call 0xfffb0564 add esp, 0x10 test eax, eax -js short loc_fffa20b1 ; js 0xfffa20b1 -mov ebx, dword [ebp - 0x61e4] +js short loc_fffa20ba ; js 0xfffa20ba +mov ebx, dword [ebp - 0x61e8] push eax push 0x10 -push ref_fffd660c ; push 0xfffd660c +push ref_fffd6908 ; push 0xfffd6908 lea eax, [ebx + 8] add ebx, 0x18 push eax -call fcn_fffab101 ; call 0xfffab101 +call fcn_fffb01dc ; call 0xfffb01dc pop eax pop edx -push 0x5ee5 +push 0x5ee6 push ebx -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f add esp, 0x10 -jmp short loc_fffa20b1 ; jmp 0xfffa20b1 +jmp short loc_fffa20ba ; jmp 0xfffa20ba -loc_fffa20a7: -mov dword [ebp - 0x61e4], 0 +loc_fffa20b0: +mov dword [ebp - 0x61e8], 0 -loc_fffa20b1: -mov eax, dword [ebp - 0x61e8] +loc_fffa20ba: +mov eax, dword [ebp - 0x61ec] mov edx, dword [eax + 9] mov eax, 5 cmp byte [edx + 0x55], 0 -jne short loc_fffa20c9 ; jne 0xfffa20c9 +jne short loc_fffa20d2 ; jne 0xfffa20d2 movzx eax, byte [edx + 0x2d] -loc_fffa20c9: -mov edx, dword [ebp - 0x61e0] -mov dword [ebp - 0x45fe], eax -mov dword [ebp - 0x4602], esi +loc_fffa20d2: +mov edx, dword [ebp - 0x61e4] +mov dword [ebp - 0x45ff], eax +mov dword [ebp - 0x4603], esi cmp edx, 0x11 -je short loc_fffa20eb ; je 0xfffa20eb -mov eax, dword [ebp - 0x61e4] +je short loc_fffa20f4 ; je 0xfffa20f4 +mov eax, dword [ebp - 0x61e8] add eax, 0x18 -jmp short loc_fffa20ed ; jmp 0xfffa20ed +jmp short loc_fffa20f6 ; jmp 0xfffa20f6 -loc_fffa20eb: +loc_fffa20f4: xor eax, eax -loc_fffa20ed: +loc_fffa20f6: push ecx push ecx push 0xdd00 push edi -mov dword [ebp - 0x460a], eax +mov dword [ebp - 0x460b], eax xor eax, eax cmp edx, 0x11 mov edx, 0xfbe8 cmovne eax, edx -mov dword [ebp - 0x4606], eax -call dword [ebp - 0x60df] ; ucall -lea edx, [ebp - 0x61c4] +mov dword [ebp - 0x4607], eax +call dword [ebp - 0x60e0] ; ucall +lea edx, [ebp - 0x61c8] mov edi, dword [ebp - 0x3ab9] mov dword [esp], edx -lea edx, [ebp - 0x61c8] -push edx lea edx, [ebp - 0x61cc] push edx -lea eax, [ebp - 0x61d0] +lea edx, [ebp - 0x61d0] +push edx +lea eax, [ebp - 0x61d4] push eax push 1 -mov byte [ebp - 0x61e9], 0 -call fcn_fffd28d0 ; call 0xfffd28d0 +mov byte [ebp - 0x61ed], 0 +call fcn_fffd2bc2 ; call 0xfffd2bc2 add esp, 0x20 -test byte [ebp - 0x61c8], 0x40 -je short loc_fffa21cf ; je 0xfffa21cf +test byte [ebp - 0x61cc], 0x40 +je loc_fffa21f6 ; je 0xfffa21f6 +mov edx, cr4 +mov eax, edx +or eax, 0x4000 +mov cr4, eax +xor eax, eax +mov ebx, eax +getsec +mov cr4, edx +test al, 1 +je short loc_fffa21f6 ; je 0xfffa21f6 sub esp, 0xc push 0x2e7 call dword [edi + 0xa0] ; ucall add esp, 0x10 test al, 6 -je short loc_fffa21cf ; je 0xfffa21cf -lea eax, [ebp - 0x61d4] +je short loc_fffa21f6 ; je 0xfffa21f6 +lea eax, [ebp - 0x61d8] mov ebx, 0x2ee push eax push 0 push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 -loc_fffa2184: +loc_fffa21ab: mov eax, dword [esi] mov eax, dword [eax + 0x60] push 0 @@ -2263,10 +2273,10 @@ push esi call dword [eax + 0x30] ; ucall add esp, 0x10 cmp al, 0xff -je short loc_fffa21bc ; je 0xfffa21bc +je short loc_fffa21e3 ; je 0xfffa21e3 test al, al -js loc_fffa2abe ; js 0xfffa2abe -mov eax, dword [ebp - 0x61d4] +js loc_fffa2ade ; js 0xfffa2ade +mov eax, dword [ebp - 0x61d8] push edx push 0x3e8 push eax @@ -2274,9 +2284,9 @@ push esi call dword [eax + 4] ; ucall add esp, 0x10 dec bx -jne short loc_fffa2184 ; jne 0xfffa2184 +jne short loc_fffa21ab ; jne 0xfffa21ab -loc_fffa21bc: +loc_fffa21e3: push ebx push 0 push 0 @@ -2284,10 +2294,10 @@ push 0x2e6 call dword [edi + 0xa4] ; ucall add esp, 0x10 -loc_fffa21cf: -cmp dword [ebp - 0x61e0], 0x11 +loc_fffa21f6: +cmp dword [ebp - 0x61e4], 0x11 mov dword [ebp - 0x6200], 2 -je short loc_fffa222d ; je 0xfffa222d +je short loc_fffa2254 ; je 0xfffa2254 mov ebx, dword [ebp - 0x3ab9] push 0xa0 push 0 @@ -2297,10 +2307,10 @@ call dword [ebx + 0x48] ; ucall pop edx pop ecx push eax -movzx eax, word [ebp - 0x3ae5] +movzx eax, word [ebp - 0x3ae6] push eax call dword [ebx + 0x14] ; ucall -movzx eax, word [ebp - 0x3ae3] +movzx eax, word [ebp - 0x3ae4] mov dword [esp], eax call dword [ebx + 8] ; ucall add esp, 0x10 @@ -2311,225 +2321,224 @@ sete al movzx eax, al mov dword [ebp - 0x6200], eax -loc_fffa222d: -mov eax, dword [ebp - 0x3aea] +loc_fffa2254: +mov eax, dword [ebp - 0x3aeb] cmp eax, 0x40650 -jne short loc_fffa2246 ; jne 0xfffa2246 -mov dword [ebp - 0x4675], 0x40650 -jmp short loc_fffa2274 ; jmp 0xfffa2274 +jne short loc_fffa226d ; jne 0xfffa226d +mov dword [ebp - 0x4676], 0x40650 +jmp short loc_fffa229b ; jmp 0xfffa229b -loc_fffa2246: +loc_fffa226d: cmp eax, 0x306c0 -jne short loc_fffa2263 ; jne 0xfffa2263 -mov dword [ebp - 0x4675], 0x306c0 -mov dword [ebp - 0x4671], 0 -jmp short loc_fffa22da ; jmp 0xfffa22da +jne short loc_fffa228a ; jne 0xfffa228a +mov dword [ebp - 0x4676], 0x306c0 +mov dword [ebp - 0x4672], 0 +jmp short loc_fffa2301 ; jmp 0xfffa2301 -loc_fffa2263: +loc_fffa228a: cmp eax, 0x40660 -jne short loc_fffa228d ; jne 0xfffa228d -mov dword [ebp - 0x4675], 0x40660 +jne short loc_fffa22b4 ; jne 0xfffa22b4 +mov dword [ebp - 0x4676], 0x40660 -loc_fffa2274: -mov dword [ebp - 0x4671], 0 -mov dword [ebp - 0x4679], 1 -jmp near loc_fffa231f ; jmp 0xfffa231f +loc_fffa229b: +mov dword [ebp - 0x4672], 0 +mov dword [ebp - 0x467a], 1 +jmp near loc_fffa2346 ; jmp 0xfffa2346 -loc_fffa228d: +loc_fffa22b4: cmp eax, 0x306d0 -jne short loc_fffa22f2 ; jne 0xfffa22f2 -mov al, byte [ebp - 0x3ae6] -mov dword [ebp - 0x4675], 0x306d0 -mov dword [ebp - 0x4671], 1 +jne short loc_fffa2319 ; jne 0xfffa2319 +mov al, byte [ebp - 0x3ae7] +mov dword [ebp - 0x4676], 0x306d0 +mov dword [ebp - 0x4672], 1 cmp al, 3 -je short loc_fffa22da ; je 0xfffa22da +je short loc_fffa2301 ; je 0xfffa2301 cmp al, 4 -jne short loc_fffa22e6 ; jne 0xfffa22e6 +jne short loc_fffa230d ; jne 0xfffa230d mov eax, dword [0xff7d0084] sub esp, 0xc mov eax, dword [eax + 0x14] add eax, 8 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 and eax, 0xf cmp eax, 9 sbb eax, eax add eax, 5 -jmp short loc_fffa2319 ; jmp 0xfffa2319 +jmp short loc_fffa2340 ; jmp 0xfffa2340 -loc_fffa22da: -mov dword [ebp - 0x4679], 3 -jmp short loc_fffa231f ; jmp 0xfffa231f +loc_fffa2301: +mov dword [ebp - 0x467a], 3 +jmp short loc_fffa2346 ; jmp 0xfffa2346 -loc_fffa22e6: -mov dword [ebp - 0x4679], 5 -jmp short loc_fffa231f ; jmp 0xfffa231f +loc_fffa230d: +mov dword [ebp - 0x467a], 5 +jmp short loc_fffa2346 ; jmp 0xfffa2346 -loc_fffa22f2: +loc_fffa2319: cmp eax, 0x40670 -jne short loc_fffa231f ; jne 0xfffa231f +jne short loc_fffa2346 ; jne 0xfffa2346 xor eax, eax -cmp byte [ebp - 0x3ae6], 0 -mov dword [ebp - 0x4675], 0x40670 -mov dword [ebp - 0x4671], 1 +cmp byte [ebp - 0x3ae7], 0 +mov dword [ebp - 0x4676], 0x40670 +mov dword [ebp - 0x4672], 1 setne al -loc_fffa2319: -mov dword [ebp - 0x4679], eax +loc_fffa2340: +mov dword [ebp - 0x467a], eax -loc_fffa231f: +loc_fffa2346: mov eax, dword [ebp - 0x6208] -mov dword [ebp - 0x61d0], 0 +mov dword [ebp - 0x61d4], 0 mov eax, dword [eax + 0x14] test eax, eax -jne short loc_fffa2347 ; jne 0xfffa2347 +jne short loc_fffa236e ; jne 0xfffa236e -loc_fffa2336: -mov eax, dword [ebp - 0x61e8] +loc_fffa235d: +mov eax, dword [ebp - 0x61ec] xor ebx, ebx mov edi, dword [eax + 0x15] test edi, edi -jne short loc_fffa2373 ; jne 0xfffa2373 -jmp short loc_fffa23a6 ; jmp 0xfffa23a6 +jne short loc_fffa239a ; jne 0xfffa239a +jmp short loc_fffa23cd ; jmp 0xfffa23cd -loc_fffa2347: +loc_fffa236e: test byte [eax + 1], 1 -je short loc_fffa2336 ; je 0xfffa2336 -lea eax, [ebp - 0x61d0] +je short loc_fffa235d ; je 0xfffa235d +lea eax, [ebp - 0x61d4] push eax push 0 push 0 -push ref_fffd65ec ; push 0xfffd65ec -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68e8 ; push 0xfffd68e8 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 test eax, eax -je short loc_fffa2336 ; je 0xfffa2336 +je short loc_fffa235d ; je 0xfffa235d -loc_fffa2369: +loc_fffa2390: mov eax, 0x8000000e -jmp near loc_fffa2b0c ; jmp 0xfffa2b0c +jmp near loc_fffa2b3b ; jmp 0xfffa2b3b -loc_fffa2373: -cmp dword [ebp - 0x61e0], 4 -je short loc_fffa23a6 ; je 0xfffa23a6 +loc_fffa239a: +cmp dword [ebp - 0x61e4], 4 +je short loc_fffa23cd ; je 0xfffa23cd lea eax, [edi + 8] mov edx, 0x185e -call fcn_fffc3dc3 ; call 0xfffc3dc3 +call fcn_fffc3cb8 ; call 0xfffc3cb8 cmp eax, dword [edi + 4] -jne short loc_fffa23a6 ; jne 0xfffa23a6 +jne short loc_fffa23cd ; jne 0xfffa23cd push eax mov eax, dword [esi] mov bl, 1 push 0x1866 push edi -lea edx, [ebp - 0x5ef4] +lea edx, [ebp - 0x5ef5] push edx call dword [eax + 0x50] ; ucall add esp, 0x10 -loc_fffa23a6: -cmp dword [ebp - 0x61e0], 0x11 -jne short loc_fffa23b3 ; jne 0xfffa23b3 +loc_fffa23cd: +cmp dword [ebp - 0x61e4], 0x11 +jne short loc_fffa23da ; jne 0xfffa23da test bl, bl -je short loc_fffa2369 ; je 0xfffa2369 +je short loc_fffa2390 ; je 0xfffa2390 -loc_fffa23b3: -lea eax, [ebp - 0x61dc] +loc_fffa23da: +lea eax, [ebp - 0x61e0] push eax push 0 push 0 -push ref_fffd6070 ; push 0xfffd6070 -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd636c ; push 0xfffd636c +call fcn_fffb020b ; call 0xfffb020b mov eax, dword [ebp - 0x6200] add esp, 0x10 dec eax cmp eax, 1 -jbe short loc_fffa23fe ; jbe 0xfffa23fe +jbe short loc_fffa2425 ; jbe 0xfffa2425 push eax -lea eax, [ebp - 0x61e9] +lea eax, [ebp - 0x61ed] push eax -mov eax, dword [ebp - 0x61dc] +mov eax, dword [ebp - 0x61e0] push dword [ebp - 0x6204] push esi call dword [eax + 5] ; ucall add esp, 0x10 mov al, 0 -cmp byte [ebp - 0x61e9], 1 +cmp byte [ebp - 0x61ed], 1 cmove ebx, eax -loc_fffa23fe: +loc_fffa2425: mov eax, dword [ebp - 0x6200] dec eax cmp eax, 1 -jbe short loc_fffa2446 ; jbe 0xfffa2446 +jbe short loc_fffa2466 ; jbe 0xfffa2466 dec bl -jne loc_fffa2acb ; jne 0xfffa2acb -mov edx, dword [ebp - 0x61e8] +jne loc_fffa2aeb ; jne 0xfffa2aeb +mov edx, dword [ebp - 0x61ec] mov eax, dword [edx + 9] cmp byte [eax + 0x56], 0 -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb xor ecx, ecx -lea eax, [ebp - 0x5efc] -call fcn_fffb82ba ; call 0xfffb82ba +lea eax, [ebp - 0x5efd] +call fcn_fffb8de9 ; call 0xfffb8de9 test al, al -jne loc_fffa2acb ; jne 0xfffa2acb -mov dword [ebp - 0x61fc], 3 -jmp short loc_fffa24aa ; jmp 0xfffa24aa +jne loc_fffa2aeb ; jne 0xfffa2aeb +jmp near loc_fffa2b10 ; jmp 0xfffa2b10 -loc_fffa2446: -mov edx, dword [ebp - 0x61e8] +loc_fffa2466: +mov edx, dword [ebp - 0x61ec] mov eax, dword [edx + 1] mov eax, dword [eax + 4] -mov dword [ebp - 0x4637], eax +mov dword [ebp - 0x4638], eax test bl, bl -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb mov edi, dword [ebp - 0x6200] -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] mov ecx, edi -call fcn_fffb82ba ; call 0xfffb82ba +call fcn_fffb8de9 ; call 0xfffb8de9 dec al -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb dec edi mov dword [ebp - 0x61fc], 2 -jne short loc_fffa24aa ; jne 0xfffa24aa +jne short loc_fffa24ca ; jne 0xfffa24ca mov edx, 0x5d10 -lea eax, [ebp - 0x5efc] -call fcn_fffae548 ; call 0xfffae548 +lea eax, [ebp - 0x5efd] +call fcn_fffb333d ; call 0xfffb333d or edx, eax -je loc_fffa2acb ; je 0xfffa2acb +je loc_fffa2aeb ; je 0xfffa2aeb mov dword [ebp - 0x61fc], 1 -loc_fffa24aa: -cmp dword [ebp - 0x4675], 0x306d0 -jne short loc_fffa24de ; jne 0xfffa24de +loc_fffa24ca: +cmp dword [ebp - 0x4676], 0x306d0 +jne short loc_fffa24fe ; jne 0xfffa24fe mov eax, dword [0xff7d0084] sub esp, 0xc mov eax, dword [eax + 0x14] add eax, 8 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 and eax, 0xf cmp eax, 7 -ja short loc_fffa24de ; ja 0xfffa24de -mov byte [ebp - 0x460f], 1 -jmp short loc_fffa24e5 ; jmp 0xfffa24e5 +ja short loc_fffa24fe ; ja 0xfffa24fe +mov byte [ebp - 0x4610], 1 +jmp short loc_fffa2505 ; jmp 0xfffa2505 -loc_fffa24de: -mov byte [ebp - 0x460f], 0 +loc_fffa24fe: +mov byte [ebp - 0x4610], 0 -loc_fffa24e5: -mov bl, byte [ebp - 0x460f] -call fcn_fffab5f3 ; call 0xfffab5f3 +loc_fffa2505: +mov bl, byte [ebp - 0x4610] +call fcn_fffb059d ; call 0xfffb059d push edi push edi push eax -push ref_fffd65d0 ; push 0xfffd65d0 -call fcn_fffc5551 ; call 0xfffc5551 +push ref_fffd68cc ; push 0xfffd68cc +call fcn_fffc5baf ; call 0xfffc5baf add esp, 0x10 test eax, eax -je short loc_fffa2520 ; je 0xfffa2520 +je short loc_fffa2540 ; je 0xfffa2540 movzx edi, byte [eax + 0x19] xor edx, edx cmp byte [eax + 0x18], 1 @@ -2538,59 +2547,59 @@ cmove edx, edi cmp byte [eax + 0x20], 1 cmove edx, ecx add ecx, edi -jmp short loc_fffa2524 ; jmp 0xfffa2524 +jmp short loc_fffa2544 ; jmp 0xfffa2544 -loc_fffa2520: +loc_fffa2540: xor edx, edx xor ecx, ecx -loc_fffa2524: +loc_fffa2544: cmp bl, 1 sbb cl, 0xff test cl, cl -je short loc_fffa253d ; je 0xfffa253d +je short loc_fffa255d ; je 0xfffa255d movzx ecx, cl -mov dword [ebp - 0x4617], ecx -mov dword [ebp - 0x4613], edx +mov dword [ebp - 0x4618], ecx +mov dword [ebp - 0x4614], edx -loc_fffa253d: +loc_fffa255d: push ebx mov edx, dword [ebp - 0x61fc] -push dword [ebp - 0x3aea] -push dword [ebp - 0x61e8] -mov eax, dword [ebp - 0x61e0] -lea ecx, [ebp - 0x5efc] +push dword [ebp - 0x3aeb] +push dword [ebp - 0x61ec] +mov eax, dword [ebp - 0x61e4] +lea ecx, [ebp - 0x5efd] push esi -call fcn_fffab673 ; call 0xfffab673 +call fcn_fffb0688 ; call 0xfffb0688 add esp, 0x10 -mov dword [ebp - 0x4627], 0 -mov dword [ebp - 0x4651], eax -mov eax, dword [ebp - 0x61d0] +mov dword [ebp - 0x4628], 0 +mov dword [ebp - 0x4652], eax +mov eax, dword [ebp - 0x61d4] test eax, eax -je short loc_fffa259e ; je 0xfffa259e -cmp dword [ebp - 0x61e0], 0x11 -je short loc_fffa259e ; je 0xfffa259e +je short loc_fffa25be ; je 0xfffa25be +cmp dword [ebp - 0x61e4], 0x11 +je short loc_fffa25be ; je 0xfffa25be sub esp, 0xc push eax call dword [eax + 1] ; ucall add esp, 0x10 cmp eax, 2 -jne short loc_fffa259e ; jne 0xfffa259e -mov byte [ebp - 0x3af5], 1 +jne short loc_fffa25be ; jne 0xfffa25be +mov byte [ebp - 0x3af6], 1 -loc_fffa259e: +loc_fffa25be: push ecx -mov eax, dword [ebp - 0x61dc] +mov eax, dword [ebp - 0x61e0] push ecx push dword [ebp - 0x6204] push esi call dword [eax + 1] ; ucall add esp, 0x10 -mov dword [ebp - 0x4627], eax +mov dword [ebp - 0x4628], eax -loc_fffa25b9: -cmp dword [ebp - 0x4651], 0 -jne short loc_fffa2623 ; jne 0xfffa2623 +loc_fffa25d9: +cmp dword [ebp - 0x4652], 0 +jne short loc_fffa2643 ; jne 0xfffa2643 mov ebx, dword [ebp - 0x3ab9] push 0xa0 push 0 @@ -2599,15 +2608,15 @@ push 0 call dword [ebx + 0x48] ; ucall mov edi, eax pop eax -movzx eax, word [ebp - 0x3ae5] +movzx eax, word [ebp - 0x3ae6] pop edx push edi push eax call dword [ebx + 0x14] ; ucall -movzx eax, word [ebp - 0x3ae3] +movzx eax, word [ebp - 0x3ae4] mov dword [esp], eax call dword [ebx + 8] ; ucall -movzx edx, word [ebp - 0x3ae5] +movzx edx, word [ebp - 0x3ae6] pop ecx mov dword [ebp - 0x6208], eax pop eax @@ -2619,22 +2628,22 @@ mov eax, dword [ebp - 0x6208] pop edx and eax, 0xff7f0000 push eax -movzx eax, word [ebp - 0x3ae3] +movzx eax, word [ebp - 0x3ae4] push eax call dword [ebx + 0x14] ; ucall add esp, 0x10 -loc_fffa2623: +loc_fffa2643: mov eax, dword [ebp - 0x3ab9] mov ebx, 1 push edi push 4 mov ecx, eax mov dword [ebp - 0x620c], eax -mov eax, dword [ebp - 0x4651] +mov eax, dword [ebp - 0x4652] mov dword [ebp - 0x2814], eax -mov eax, dword [ebp - 0x4671] -lea eax, [eax*4 + ref_fffd3230] ; lea eax, [eax*4 - 0x2cdd0] +mov eax, dword [ebp - 0x4672] +lea eax, [eax*4 + ref_fffd3520] ; lea eax, [eax*4 - 0x2cae0] push eax lea eax, [ebp - 0x282d] push eax @@ -2644,72 +2653,72 @@ add esp, 0x10 mov dl, 1 mov word [ebp - 0x6208], 0 -loc_fffa266d: +loc_fffa268d: mov eax, dword [ebp - 0x6208] -cmp ax, 0x40 +cmp ax, 0x41 lea ecx, [eax - 0x2300] setbe al mov word [ebp - 0x620e], cx test al, dl -je loc_fffa2795 ; je 0xfffa2795 +je loc_fffa27b5 ; je 0xfffa27b5 movzx eax, word [ebp - 0x6208] mov dl, 1 imul eax, eax, 0xc -cmp dword [eax + ref_fffd5c10], 0 ; cmp dword [eax - 0x2a3f0], 0 +cmp dword [eax + ref_fffd55c8], 0 ; cmp dword [eax - 0x2aa38], 0 mov dword [ebp - 0x6214], eax -lea edi, [eax + ref_fffd5c10] ; lea edi, [eax - 0x2a3f0] -je loc_fffa2789 ; je 0xfffa2789 +lea edi, [eax + ref_fffd55c8] ; lea edi, [eax - 0x2aa38] +je loc_fffa27a9 ; je 0xfffa27a9 mov al, byte [edi + 0xb] -cmp byte [ebp - 0x465e], al -jae loc_fffa2789 ; jae 0xfffa2789 -mov eax, dword [ebp - 0x465d] +cmp byte [ebp - 0x465f], al +jae loc_fffa27a9 ; jae 0xfffa27a9 +mov eax, dword [ebp - 0x465e] test eax, eax -jne short loc_fffa26d3 ; jne 0xfffa26d3 +jne short loc_fffa26f3 ; jne 0xfffa26f3 test byte [edi + 0xa], 0x10 -jmp short loc_fffa26de ; jmp 0xfffa26de +jmp short loc_fffa26fe ; jmp 0xfffa26fe -loc_fffa26d3: +loc_fffa26f3: dec eax -jne loc_fffa2789 ; jne 0xfffa2789 +jne loc_fffa27a9 ; jne 0xfffa27a9 test byte [edi + 0xa], 0x20 -loc_fffa26de: -je loc_fffa2789 ; je 0xfffa2789 +loc_fffa26fe: +je loc_fffa27a9 ; je 0xfffa27a9 mov eax, dword [ebp - 0x2814] cmp eax, 2 -jne short loc_fffa26f5 ; jne 0xfffa26f5 +jne short loc_fffa2715 ; jne 0xfffa2715 test byte [edi + 0xa], 8 -jmp short loc_fffa2709 ; jmp 0xfffa2709 +jmp short loc_fffa2729 ; jmp 0xfffa2729 -loc_fffa26f5: +loc_fffa2715: cmp eax, 3 -jne short loc_fffa2700 ; jne 0xfffa2700 +jne short loc_fffa2720 ; jne 0xfffa2720 test byte [edi + 0xa], 2 -jmp short loc_fffa2709 ; jmp 0xfffa2709 +jmp short loc_fffa2729 ; jmp 0xfffa2729 -loc_fffa2700: +loc_fffa2720: cmp eax, 1 -jne short loc_fffa270f ; jne 0xfffa270f +jne short loc_fffa272f ; jne 0xfffa272f test byte [edi + 0xa], 4 -loc_fffa2709: -jne short loc_fffa271b ; jne 0xfffa271b +loc_fffa2729: +jne short loc_fffa273b ; jne 0xfffa273b mov dl, 1 -jmp short loc_fffa2789 ; jmp 0xfffa2789 +jmp short loc_fffa27a9 ; jmp 0xfffa27a9 -loc_fffa270f: +loc_fffa272f: mov dl, 1 test eax, eax -jne short loc_fffa2789 ; jne 0xfffa2789 +jne short loc_fffa27a9 ; jne 0xfffa27a9 test byte [edi + 0xa], 1 -je short loc_fffa2789 ; je 0xfffa2789 +je short loc_fffa27a9 ; je 0xfffa27a9 -loc_fffa271b: +loc_fffa273b: mov edx, dword [edi + 6] cmp edx, 0x44 -jbe short loc_fffa2776 ; jbe 0xfffa2776 +jbe short loc_fffa2796 ; jbe 0xfffa2796 -loc_fffa2723: +loc_fffa2743: mov eax, dword [edi + 4] mov edi, dword [ebp - 0x620c] push ebx @@ -2718,116 +2727,116 @@ cmp ax, 0xffff cmove ax, word [ebp - 0x620e] movzx eax, ax push eax -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax call dword [edi + 0x94] ; ucall mov eax, edi call dword [eax + 0x54] ; ucall -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] mov dword [esp], eax mov eax, dword [ebp - 0x6214] -call dword [eax + ref_fffd5c10] ; ucall: call dword [eax - 0x2a3f0] +call dword [eax + ref_fffd55c8] ; ucall: call dword [eax - 0x2aa38] mov ebx, eax mov eax, edi call dword [eax + 0x54] ; ucall add esp, 0x10 test ebx, ebx sete dl -jmp short loc_fffa2789 ; jmp 0xfffa2789 +jmp short loc_fffa27a9 ; jmp 0xfffa27a9 -loc_fffa2776: +loc_fffa2796: xor ecx, ecx -lea eax, [ebp - 0x5efc] -call fcn_fffc3c0d ; call 0xfffc3c0d +lea eax, [ebp - 0x5efd] +call fcn_fffc3b02 ; call 0xfffc3b02 mov dl, 1 test eax, eax -je short loc_fffa2723 ; je 0xfffa2723 +je short loc_fffa2743 ; je 0xfffa2743 -loc_fffa2789: +loc_fffa27a9: inc word [ebp - 0x6208] -jmp near loc_fffa266d ; jmp 0xfffa266d +jmp near loc_fffa268d ; jmp 0xfffa268d -loc_fffa2795: +loc_fffa27b5: push ecx push ecx push ebx -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60cb] ; ucall +call dword [ebp - 0x60cc] ; ucall add esp, 0x10 cmp ebx, 0x17 -je loc_fffa28a9 ; je 0xfffa28a9 -ja short loc_fffa27c5 ; ja 0xfffa27c5 +je loc_fffa28c9 ; je 0xfffa28c9 +ja short loc_fffa27e5 ; ja 0xfffa27e5 test ebx, ebx -je loc_fffa2920 ; je 0xfffa2920 +je loc_fffa2940 ; je 0xfffa2940 cmp ebx, 0x16 -je short loc_fffa2832 ; je 0xfffa2832 -jmp near loc_fffa28f7 ; jmp 0xfffa28f7 +je short loc_fffa2852 ; je 0xfffa2852 +jmp near loc_fffa2917 ; jmp 0xfffa2917 -loc_fffa27c5: +loc_fffa27e5: cmp ebx, 0x18 -je loc_fffa2863 ; je 0xfffa2863 +je loc_fffa2883 ; je 0xfffa2883 cmp ebx, 0x1c -jne loc_fffa28f7 ; jne 0xfffa28f7 +jne loc_fffa2917 ; jne 0xfffa2917 push eax push eax push 0x3a91 lea eax, [ebp - 0x3ab1] push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f pop eax pop edx -lea eax, [ebp - 0x60c7] +lea eax, [ebp - 0x60c8] push 0x1cb push eax -call fcn_fffac673 ; call 0xfffac673 -lea eax, [ebp - 0x61c0] +call fcn_fffb067f ; call 0xfffb067f +lea eax, [ebp - 0x61c1] add esp, 0x10 mov dword [ebp - 0x3ab1], 0x3a91 -mov dword [ebp - 0x60c7], 0x1cb -mov dword [ebp - 0x60c3], eax +mov dword [ebp - 0x60c8], 0x1cb +mov dword [ebp - 0x60c4], eax mov byte [ebp - 0x3a6d], 1 -inc byte [ebp - 0x465e] -jmp near loc_fffa2920 ; jmp 0xfffa2920 +inc byte [ebp - 0x465f] +jmp near loc_fffa2940 ; jmp 0xfffa2940 -loc_fffa2832: +loc_fffa2852: sub esp, 0xc push 0 -lea ecx, [ebp - 0x61ea] -lea edx, [ebp - 0x61d4] -lea eax, [ebp - 0x5efc] -call fcn_fffa77b4 ; call 0xfffa77b4 +lea ecx, [ebp - 0x61ee] +lea edx, [ebp - 0x61d8] +lea eax, [ebp - 0x5efd] +call fcn_fffa7762 ; call 0xfffa7762 mov al, byte [ebp - 0x2815] add esp, 0x10 -cmp byte [ebp - 0x61ea], al -jae loc_fffa28f7 ; jae 0xfffa28f7 +cmp byte [ebp - 0x61ee], al +jae loc_fffa2917 ; jae 0xfffa2917 -loc_fffa2863: -cmp dword [ebp - 0x4651], 3 -jne short loc_fffa2898 ; jne 0xfffa2898 +loc_fffa2883: +cmp dword [ebp - 0x4652], 3 +jne short loc_fffa28b8 ; jne 0xfffa28b8 push eax -mov eax, dword [ebp - 0x61e0] +mov eax, dword [ebp - 0x61e4] xor edx, edx -push dword [ebp - 0x3aea] -push dword [ebp - 0x61e8] -lea ecx, [ebp - 0x5efc] +push dword [ebp - 0x3aeb] +push dword [ebp - 0x61ec] +lea ecx, [ebp - 0x5efd] push esi -call fcn_fffab673 ; call 0xfffab673 +call fcn_fffb0688 ; call 0xfffb0688 add esp, 0x10 -mov dword [ebp - 0x4651], eax -jmp short loc_fffa28a2 ; jmp 0xfffa28a2 +mov dword [ebp - 0x4652], eax +jmp short loc_fffa28c2 ; jmp 0xfffa28c2 -loc_fffa2898: -mov dword [ebp - 0x4651], 0 +loc_fffa28b8: +mov dword [ebp - 0x4652], 0 -loc_fffa28a2: +loc_fffa28c2: mov ebx, 0x18 -jmp short loc_fffa2920 ; jmp 0xfffa2920 +jmp short loc_fffa2940 ; jmp 0xfffa2940 -loc_fffa28a9: +loc_fffa28c9: sub esp, 0xc -mov eax, dword [ebp - 0x61dc] -push dword [ebp - 0x4627] +mov eax, dword [ebp - 0x61e0] +push dword [ebp - 0x4628] push dword [ebp - 0x27cb] push 1 push dword [ebp - 0x6204] @@ -2835,9 +2844,9 @@ push esi call dword [eax + 9] ; ucall add esp, 0x18 push 0xddfe -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60df] ; ucall +call dword [ebp - 0x60e0] ; ucall mov eax, dword [esi] pop ebx pop edi @@ -2850,11 +2859,11 @@ push esi call dword [eax + 0x58] ; ucall add esp, 0x20 -loc_fffa28f7: +loc_fffa2917: sub esp, 0xc -mov ebx, dword [ebp - 0x6167] +mov ebx, dword [ebp - 0x6168] push 0x80 -call dword [ebp - 0x6173] ; ucall +call dword [ebp - 0x6174] ; ucall pop edx pop ecx or eax, 0xffffff80 @@ -2862,201 +2871,205 @@ movzx eax, al push eax push 0x80 call ebx -jmp near loc_fffa2b04 ; jmp 0xfffa2b04 +jmp near loc_fffa2b33 ; jmp 0xfffa2b33 -loc_fffa2920: +loc_fffa2940: and ebx, 0xfffffffb cmp ebx, 0x18 -je loc_fffa25b9 ; je 0xfffa25b9 -mov eax, dword [ebp - 0x61d0] +je loc_fffa25d9 ; je 0xfffa25d9 +mov eax, dword [ebp - 0x61d4] test eax, eax -jne short loc_fffa293a ; jne 0xfffa293a +jne short loc_fffa295a ; jne 0xfffa295a -loc_fffa2936: +loc_fffa2956: xor edi, edi -jmp short loc_fffa294d ; jmp 0xfffa294d +jmp short loc_fffa296d ; jmp 0xfffa296d -loc_fffa293a: +loc_fffa295a: sub esp, 0xc push eax call dword [eax + 1] ; ucall add esp, 0x10 test eax, eax -je short loc_fffa2936 ; je 0xfffa2936 +je short loc_fffa2956 ; je 0xfffa2956 mov edi, 0xffffff80 -loc_fffa294d: +loc_fffa296d: cmp dword [ebp - 0x61fc], 0 sete bl cmp byte [ebp - 0x6200], 1 sete al test bl, al -je short loc_fffa296b ; je 0xfffa296b +je short loc_fffa298b ; je 0xfffa298b and edi, 0xfffffff0 or edi, 3 -loc_fffa296b: -cmp dword [ebp - 0x4627], 0x20 -ja short loc_fffa29b8 ; ja 0xfffa29b8 +loc_fffa298b: +cmp dword [ebp - 0x4628], 0x20 +ja short loc_fffa29d8 ; ja 0xfffa29d8 mov eax, dword [0xff7d0084] sub esp, 0xc mov eax, dword [eax + 0x14] add eax, 0xb0010 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 inc eax -je short loc_fffa29b8 ; je 0xfffa29b8 +je short loc_fffa29d8 ; je 0xfffa29d8 sub esp, 0xc mov eax, edi -push dword [ebp - 0x4627] +push dword [ebp - 0x4628] movzx edi, al push dword [ebp - 0x27cb] -mov eax, dword [ebp - 0x61dc] +mov eax, dword [ebp - 0x61e0] push edi push dword [ebp - 0x6204] push esi call dword [eax + 9] ; ucall add esp, 0x20 -loc_fffa29b8: -mov eax, dword [ebp - 0x61d0] +loc_fffa29d8: +mov eax, dword [ebp - 0x61d4] test eax, eax -je short loc_fffa2a0d ; je 0xfffa2a0d -mov edx, dword [ebp - 0x61e8] +je short loc_fffa2a2d ; je 0xfffa2a2d +mov edx, dword [ebp - 0x61ec] mov edx, dword [edx + 9] cmp byte [edx + 0x56], 0 -je short loc_fffa2a0d ; je 0xfffa2a0d +je short loc_fffa2a2d ; je 0xfffa2a2d sub esp, 0xc push eax call dword [eax + 1] ; ucall add esp, 0x10 cmp eax, 2 -jne short loc_fffa2a0d ; jne 0xfffa2a0d -cmp dword [ebp - 0x4651], 3 -je short loc_fffa2a0d ; je 0xfffa2a0d -lea eax, [ebp - 0x61d8] +jne short loc_fffa2a2d ; jne 0xfffa2a2d +cmp dword [ebp - 0x4652], 3 +je short loc_fffa2a2d ; je 0xfffa2a2d +lea eax, [ebp - 0x61dc] push eax push 0 push 0 -push ref_fffd65a0 ; push 0xfffd65a0 -call fcn_fffab40f ; call 0xfffab40f -mov eax, dword [ebp - 0x61d8] +push ref_fffd689c ; push 0xfffd689c +call fcn_fffb020b ; call 0xfffb020b +mov eax, dword [ebp - 0x61dc] pop ecx pop edi push 3 push eax call dword [eax] ; ucall -jmp short loc_fffa2a24 ; jmp 0xfffa2a24 +jmp short loc_fffa2a44 ; jmp 0xfffa2a44 -loc_fffa2a0d: -mov eax, dword [ebp - 0x61d0] +loc_fffa2a2d: +mov eax, dword [ebp - 0x61d4] test eax, eax -je short loc_fffa2a27 ; je 0xfffa2a27 +je short loc_fffa2a47 ; je 0xfffa2a47 push edx push edx -lea edx, [ebp - 0x61e0] +lea edx, [ebp - 0x61e4] push edx push eax call dword [eax + 5] ; ucall -loc_fffa2a24: +loc_fffa2a44: add esp, 0x10 -loc_fffa2a27: -cmp dword [ebp - 0x61e0], 0x11 -je short loc_fffa2aa6 ; je 0xfffa2aa6 +loc_fffa2a47: +cmp dword [ebp - 0x61e4], 0x11 +je short loc_fffa2ac6 ; je 0xfffa2ac6 cmp dword [ebp - 0x61fc], 3 sete al or al, bl -je short loc_fffa2a68 ; je 0xfffa2a68 +je short loc_fffa2a88 ; je 0xfffa2a88 xor eax, eax -loc_fffa2a40: +loc_fffa2a60: cmp eax, 0x1000 -je short loc_fffa2a4c ; je 0xfffa2a4c +je short loc_fffa2a6c ; je 0xfffa2a6c mov byte [eax], al inc eax -jmp short loc_fffa2a40 ; jmp 0xfffa2a40 +jmp short loc_fffa2a60 ; jmp 0xfffa2a60 -loc_fffa2a4c: +loc_fffa2a6c: mov edx, 0x14 -loc_fffa2a51: +loc_fffa2a71: xor eax, eax -loc_fffa2a53: +loc_fffa2a73: cmp eax, 0x1000 -je short loc_fffa2a65 ; je 0xfffa2a65 +je short loc_fffa2a85 ; je 0xfffa2a85 cmp byte [eax], al -jne loc_fffa2af0 ; jne 0xfffa2af0 +jne loc_fffa2b1f ; jne 0xfffa2b1f inc eax -jmp short loc_fffa2a53 ; jmp 0xfffa2a53 +jmp short loc_fffa2a73 ; jmp 0xfffa2a73 -loc_fffa2a65: +loc_fffa2a85: dec edx -jne short loc_fffa2a51 ; jne 0xfffa2a51 +jne short loc_fffa2a71 ; jne 0xfffa2a71 -loc_fffa2a68: +loc_fffa2a88: push ebx mov eax, dword [esi] -mov esi, dword [ebp - 0x61e4] -lea edx, [ebp - 0x5efc] -push 0x5ee4 +mov esi, dword [ebp - 0x61e8] +lea edx, [ebp - 0x5efd] +push 0x5ee5 push edx lea edx, [esi + 0x18] push edx mov dword [ebp - 0x3a9d], 0 call dword [eax + 0x50] ; ucall -mov eax, dword [ebp - 0x61e4] +mov eax, dword [ebp - 0x61e8] pop esi pop edi -add eax, 0x5efc +add eax, 0x5efd push 1 push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f add esp, 0x10 -loc_fffa2aa6: +loc_fffa2ac6: push ecx push ecx push 0x55 -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60df] ; ucall +call dword [ebp - 0x60e0] ; ucall add esp, 0x10 xor eax, eax -jmp short loc_fffa2b0c ; jmp 0xfffa2b0c +jmp short loc_fffa2b3b ; jmp 0xfffa2b3b -loc_fffa2abe: +loc_fffa2ade: test al, 1 -je loc_fffa21cf ; je 0xfffa21cf -jmp near loc_fffa21bc ; jmp 0xfffa21bc +je loc_fffa21f6 ; je 0xfffa21f6 +jmp near loc_fffa21e3 ; jmp 0xfffa21e3 -loc_fffa2acb: +loc_fffa2aeb: push edx push edx push 0x1866 -lea eax, [ebp - 0x5ef4] +lea eax, [ebp - 0x5ef5] push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f add esp, 0x10 mov dword [ebp - 0x61fc], 0 -jmp near loc_fffa24aa ; jmp 0xfffa24aa +jmp near loc_fffa24ca ; jmp 0xfffa24ca -loc_fffa2af0: +loc_fffa2b10: +mov dword [ebp - 0x61fc], 3 +jmp near loc_fffa24ca ; jmp 0xfffa24ca + +loc_fffa2b1f: push eax push eax push 0xd5 -lea eax, [ebp - 0x5efc] +lea eax, [ebp - 0x5efd] push eax -call dword [ebp - 0x60df] ; ucall +call dword [ebp - 0x60e0] ; ucall -loc_fffa2b04: +loc_fffa2b33: add esp, 0x10 mov eax, 0x80000007 -loc_fffa2b0c: +loc_fffa2b3b: lea esp, [ebp - 0xc] pop ebx pop esi @@ -3064,20 +3077,20 @@ pop edi pop ebp ret -fcn_fffa2b14: ; not directly referenced +fcn_fffa2b43: ; not directly referenced push ebp mov ecx, 9 mov ebp, esp push edi push esi -mov esi, ref_fffd3290 ; mov esi, 0xfffd3290 +mov esi, ref_fffd3580 ; mov esi, 0xfffd3580 push ebx sub esp, 0x100 mov eax, dword [ebp + 8] lea edi, [ebp - 0x31] mov byte [ebp - 0x45], 0x40 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov byte [ebp - 0x44], 0x60 mov byte [ebp - 0x43], 0x40 mov byte [ebp - 0x42], 0x40 @@ -3086,7 +3099,7 @@ mov eax, dword [ebp + 8] mov byte [ebp - 0x41], 0x40 mov byte [ebp - 0x40], 0x19 mov byte [ebp - 0x3f], 0x32 -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] mov eax, dword [eax + 0x18a7] mov byte [ebp - 0x3e], 0x14 mov byte [ebp - 0x3d], 0x14 @@ -3117,11 +3130,11 @@ mov dword [ebp - 0xe8], eax mov eax, dword [ebp + 8] mov eax, dword [eax + 0x188b] mov dword [ebp - 0x80], eax -mov eax, dword [ecx + esi*4 + 0x3735] +mov eax, dword [ecx + esi*4 + 0x3736] mov dword [ebp - 0x7c], eax movzx eax, byte [ecx + 0x2409] mov dword [ebp - 0x90], eax -mov al, byte [ecx + 0x3748] +mov al, byte [ecx + 0x3749] push 0 push 2 mov byte [ebp - 0xec], al @@ -3143,7 +3156,7 @@ lea eax, [ebp - 0x49] push eax call dword [ebx + 0x58] ; ucall mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] mov esi, dword [ebx + 0x14] push 0 push 0 @@ -3161,9 +3174,9 @@ movzx eax, word [eax + 0x2419] mov dword [esp], eax call dword [ebx + 8] ; ucall mov esi, dword [ebp + 8] -mov ebx, dword [esi + 0x2443] +mov ebx, dword [esi + 0x2444] shr eax, 0x10 -mov word [esi + 0x3752], ax +mov word [esi + 0x3753], ax mov esi, dword [ebx + 0x14] push 8 push 0 @@ -3185,96 +3198,96 @@ add esp, 0x10 cmp edi, 0x40660 sete dl cmp edi, 0x306c0 -mov byte [esi + 0x3754], al +mov byte [esi + 0x3755], al sete al or dl, al mov byte [ebp - 0x82], dl -je short loc_fffa2d11 ; je 0xfffa2d11 +je short loc_fffa2d40 ; je 0xfffa2d40 -loc_fffa2ccd: ; not directly referenced +loc_fffa2cfc: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffa2d03 ; jne 0xfffa2d03 +cmp dword [eax + 0x3757], 2 +jne short loc_fffa2d32 ; jne 0xfffa2d32 imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -lea eax, [edi + eax + 0x3756] +lea eax, [edi + eax + 0x3757] mov cx, word [eax + 0xa] movzx ebx, word [eax + 0xc] movzx edx, cx sub edx, ebx cmp edx, 4 -jle short loc_fffa2d03 ; jle 0xfffa2d03 +jle short loc_fffa2d32 ; jle 0xfffa2d32 sub ecx, 4 mov word [eax + 0xc], cx -loc_fffa2d03: ; not directly referenced +loc_fffa2d32: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -je short loc_fffa2d32 ; je 0xfffa2d32 -jmp short loc_fffa2d1d ; jmp 0xfffa2d1d +cmp dword [eax + 0x4b1a], 2 +je short loc_fffa2d61 ; je 0xfffa2d61 +jmp short loc_fffa2d4c ; jmp 0xfffa2d4c -loc_fffa2d11: ; not directly referenced +loc_fffa2d40: ; not directly referenced cmp dword [ebp - 0x8c], 0x40670 -je short loc_fffa2ccd ; je 0xfffa2ccd +je short loc_fffa2cfc ; je 0xfffa2cfc -loc_fffa2d1d: ; not directly referenced +loc_fffa2d4c: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3c -call fcn_fffc3c0d ; call 0xfffc3c0d +call fcn_fffc3b02 ; call 0xfffc3b02 test eax, eax -je short loc_fffa2d5e ; je 0xfffa2d5e -jmp short loc_fffa2dab ; jmp 0xfffa2dab +je short loc_fffa2d8d ; je 0xfffa2d8d +jmp short loc_fffa2dda ; jmp 0xfffa2dda -loc_fffa2d32: ; not directly referenced +loc_fffa2d61: ; not directly referenced imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -lea eax, [edi + eax + 0x4b19] +lea eax, [edi + eax + 0x4b1a] mov cx, word [eax + 0xa] movzx ebx, word [eax + 0xc] movzx edx, cx sub edx, ebx cmp edx, 4 -jle short loc_fffa2d1d ; jle 0xfffa2d1d +jle short loc_fffa2d4c ; jle 0xfffa2d4c sub ecx, 4 mov word [eax + 0xc], cx -jmp short loc_fffa2d1d ; jmp 0xfffa2d1d +jmp short loc_fffa2d4c ; jmp 0xfffa2d4c -loc_fffa2d5e: ; not directly referenced +loc_fffa2d8d: ; not directly referenced mov eax, dword [ebp + 8] sub esp, 0xc lea ecx, [ebp - 0x5b] lea edx, [ebp - 0x28] -mov edi, dword [eax + 0x2443] +mov edi, dword [eax + 0x2444] lea eax, [ebp - 0x58] push eax mov eax, dword [ebp + 8] -call fcn_fffa77b4 ; call 0xfffa77b4 +call fcn_fffa7762 ; call 0xfffa7762 add esp, 0x10 test eax, eax -je loc_fffa2e3d ; je 0xfffa2e3d +je loc_fffa2e6c ; je 0xfffa2e6c mov edi, dword [ebp + 8] -mov dword [edi + 0x36d7], eax +mov dword [edi + 0x36d8], eax mov eax, dword [ebp - 0x28] -mov dword [edi + 0x36df], eax +mov dword [edi + 0x36e0], eax mov eax, dword [ebp - 0x58] -mov dword [edi + 0x36e3], eax +mov dword [edi + 0x36e4], eax mov al, byte [ebp - 0x5b] -mov byte [edi + 0x36e7], al +mov byte [edi + 0x36e8], al -loc_fffa2dab: ; not directly referenced +loc_fffa2dda: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3d -call fcn_fffc3c0d ; call 0xfffc3c0d +call fcn_fffc3b02 ; call 0xfffc3b02 mov eax, dword [ebp + 8] xor edx, edx mov ecx, 0x7d0 mov edi, dword [ebp + 8] -mov eax, dword [eax + 0x36df] +mov eax, dword [eax + 0x36e0] div ecx -mov word [edi + 0x2489], ax -mov eax, dword [edi + 0x2480] +mov word [edi + 0x248a], ax +mov eax, dword [edi + 0x2481] cmp eax, 3 sete bl cmp eax, 2 @@ -3293,68 +3306,68 @@ sete al mov byte [ebp - 0x6c], al or al, bl mov byte [ebp - 0x84], al -jne loc_fffa2fd2 ; jne 0xfffa2fd2 +jne loc_fffa3001 ; jne 0xfffa3001 mov dword [ebp - 0x98], 0 -jmp near loc_fffa303e ; jmp 0xfffa303e +jmp near loc_fffa306d ; jmp 0xfffa306d -loc_fffa2e3d: ; not directly referenced +loc_fffa2e6c: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x36e8], 0 -jne loc_fffa2f5a ; jne 0xfffa2f5a +cmp dword [eax + 0x36e9], 0 +jne loc_fffa2f89 ; jne 0xfffa2f89 cmp dword [eax + 0x18a7], 1 -jne short loc_fffa2e6e ; jne 0xfffa2e6e +jne short loc_fffa2e9d ; jne 0xfffa2e9d mov al, byte [eax + 0x1876] test al, al -je short loc_fffa2e6e ; je 0xfffa2e6e +je short loc_fffa2e9d ; je 0xfffa2e9d mov esi, dword [ebp + 8] -mov byte [esi + 0x36e7], al -jmp near loc_fffa2f5a ; jmp 0xfffa2f5a +mov byte [esi + 0x36e8], al +jmp near loc_fffa2f89 ; jmp 0xfffa2f89 -loc_fffa2e6e: ; not directly referenced +loc_fffa2e9d: ; not directly referenced mov esi, dword [ebp + 8] mov eax, dword [ebp + 8] mov dword [ebp - 0x74], 0x3e8 -mov esi, dword [esi + 0x36d7] +mov esi, dword [esi + 0x36d8] mov eax, dword [eax + 0x187b] mov dword [ebp - 0x6c], esi mov esi, dword [ebp + 8] -mov ecx, dword [esi + 0x5edc] -mov esi, dword [esi + 0x2443] +mov ecx, dword [esi + 0x5edd] +mov esi, dword [esi + 0x2444] test eax, eax -je short loc_fffa2ea9 ; je 0xfffa2ea9 +je short loc_fffa2ed8 ; je 0xfffa2ed8 mov ebx, 0x186a0 xor edx, edx div ebx mov dword [ebp - 0x74], eax -loc_fffa2ea9: ; not directly referenced +loc_fffa2ed8: ; not directly referenced mov eax, dword [ebp + 8] cmp dword [eax + 0x1887], 0x306d0 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 cmp dword [eax + 0x1883], 4 -jbe short loc_fffa2f03 ; jbe 0xfffa2f03 +jbe short loc_fffa2f32 ; jbe 0xfffa2f32 cmp byte [eax + 0x2442], 1 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 cmp dword [eax + 0x1877], 2 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 cmp dword [ebp - 0x6c], 0x640 -jne short loc_fffa2f03 ; jne 0xfffa2f03 +jne short loc_fffa2f32 ; jne 0xfffa2f32 mov eax, dword [ecx + 0x1c6] test eax, eax -je short loc_fffa2f03 ; je 0xfffa2f03 +je short loc_fffa2f32 ; je 0xfffa2f32 cmp byte [ecx + 0x1ca], 0 -jne short loc_fffa2ef6 ; jne 0xfffa2ef6 +jne short loc_fffa2f25 ; jne 0xfffa2f25 cmp eax, 0x63f -jbe short loc_fffa2f03 ; jbe 0xfffa2f03 +jbe short loc_fffa2f32 ; jbe 0xfffa2f32 -loc_fffa2ef6: ; not directly referenced +loc_fffa2f25: ; not directly referenced mov eax, dword [ebp + 8] -mov dword [eax + 0x36e3], 1 +mov dword [eax + 0x36e4], 1 -loc_fffa2f03: ; not directly referenced +loc_fffa2f32: ; not directly referenced mov eax, dword [ebp + 8] mov ebx, 0x30d40 -cmp dword [eax + 0x36e3], 1 +cmp dword [eax + 0x36e4], 1 mov eax, 0x411ab cmovne ebx, eax xor edx, edx @@ -3379,24 +3392,24 @@ mov esi, dword [ebp + 8] add esp, 0x20 add eax, 0x1f4 div ecx -mov byte [esi + 0x36e7], al +mov byte [esi + 0x36e8], al -loc_fffa2f5a: ; not directly referenced +loc_fffa2f89: ; not directly referenced mov eax, dword [ebp + 8] -mov bl, byte [eax + 0x36e7] +mov bl, byte [eax + 0x36e8] lea eax, [ebx - 3] cmp al, 0xc -jbe short loc_fffa2f74 ; jbe 0xfffa2f74 +jbe short loc_fffa2fa3 ; jbe 0xfffa2fa3 -loc_fffa2f6a: ; not directly referenced +loc_fffa2f99: ; not directly referenced mov edx, 0x16 -jmp near loc_fffa5b40 ; jmp 0xfffa5b40 +jmp near loc_fffa5b6f ; jmp 0xfffa5b6f -loc_fffa2f74: ; not directly referenced +loc_fffa2fa3: ; not directly referenced mov eax, dword [ebp + 8] and ebx, 0xf mov edx, 0x5e00 -cmp dword [eax + 0x36e3], 0 +cmp dword [eax + 0x36e4], 0 setne al movzx eax, al shl eax, 4 @@ -3404,32 +3417,32 @@ or ebx, eax mov eax, dword [ebp + 8] or ebx, 0x80000000 mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 call dword [edi + 0x54] ; ucall lea esi, [eax + 0x2710] -loc_fffa2faa: ; not directly referenced +loc_fffa2fd9: ; not directly referenced shr ebx, 0x18 test bl, bl -jns loc_fffa5aca ; jns 0xfffa5aca +jns loc_fffa5af9 ; jns 0xfffa5af9 call dword [edi + 0x54] ; ucall cmp edx, 0 -ja short loc_fffa2f6a ; ja 0xfffa2f6a +ja short loc_fffa2f99 ; ja 0xfffa2f99 cmp eax, esi -jae short loc_fffa2f6a ; jae 0xfffa2f6a +jae short loc_fffa2f99 ; jae 0xfffa2f99 mov eax, dword [ebp + 8] mov edx, 0x5e00 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ebx, eax -jmp short loc_fffa2faa ; jmp 0xfffa2faa +jmp short loc_fffa2fd9 ; jmp 0xfffa2fd9 -loc_fffa2fd2: ; not directly referenced +loc_fffa3001: ; not directly referenced xor ecx, ecx cmp dword [ebp - 0x90], 0 sete cl shl ecx, 0xa cmp dword [ebp - 0x78], 0 -je short loc_fffa300a ; je 0xfffa300a +je short loc_fffa3039 ; je 0xfffa3039 mov eax, dword [ebp + 8] or ch, 8 mov al, byte [eax + 0x240c] @@ -3441,75 +3454,75 @@ and eax, 0xf shl eax, 0x10 or ecx, edx or ecx, eax -jmp short loc_fffa301c ; jmp 0xfffa301c +jmp short loc_fffa304b ; jmp 0xfffa304b -loc_fffa300a: ; not directly referenced +loc_fffa3039: ; not directly referenced mov edi, dword [ebp - 0xe0] mov eax, ecx or eax, 0x100000 test edi, edi cmovne ecx, eax -loc_fffa301c: ; not directly referenced +loc_fffa304b: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x2008 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 xor eax, eax cmp dword [ebp - 0x8c], 0x40670 setne al mov dword [ebp - 0x98], eax -loc_fffa303e: ; not directly referenced +loc_fffa306d: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x5034 -movzx ecx, byte [eax + 0x36cf] -movzx eax, byte [eax + 0x36d0] +movzx ecx, byte [eax + 0x36d0] +movzx eax, byte [eax + 0x36d1] shl ecx, 0x18 shl eax, 0x10 or ecx, eax mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x36d2] +movzx eax, byte [eax + 0x36d3] or ecx, eax mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x36d1] +movzx eax, byte [eax + 0x36d2] shl eax, 8 or ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x7c], 0x546 -ja short loc_fffa309c ; ja 0xfffa309c +ja short loc_fffa30cb ; ja 0xfffa30cb cmp dword [ebp - 0x7c], 0x4e2 mov byte [ebp - 0x74], 0 setbe byte [ebp - 0xd8] -jmp short loc_fffa30a7 ; jmp 0xfffa30a7 +jmp short loc_fffa30d6 ; jmp 0xfffa30d6 -loc_fffa309c: ; not directly referenced +loc_fffa30cb: ; not directly referenced mov byte [ebp - 0xd8], 0 mov byte [ebp - 0x74], 1 -loc_fffa30a7: ; not directly referenced +loc_fffa30d6: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa30d0 ; je 0xfffa30d0 +je short loc_fffa30ff ; je 0xfffa30ff mov edi, dword [ebp + 8] xor eax, eax cmp byte [edi + 0x240f], 0 -je short loc_fffa30c7 ; je 0xfffa30c7 +je short loc_fffa30f6 ; je 0xfffa30f6 xor eax, eax cmp dword [ebp - 0x7c], 0x5db setbe al -loc_fffa30c7: ; not directly referenced +loc_fffa30f6: ; not directly referenced mov edi, dword [ebp - 0x70] mov byte [edi + 0x1c5], al -loc_fffa30d0: ; not directly referenced +loc_fffa30ff: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x3918 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp + 8] -mov dl, byte [edi + 0x36e7] +mov dl, byte [edi + 0x36e8] and eax, 3 -cmp dword [edi + 0x36e3], 1 +cmp dword [edi + 0x36e4], 1 sbb ecx, ecx and ecx, 0xfffffffe add ecx, 6 @@ -3521,7 +3534,7 @@ xor edx, edx test cl, cl cmovns edx, ecx cmp byte [ebp - 0x81], 0 -je short loc_fffa3132 ; je 0xfffa3132 +je short loc_fffa3161 ; je 0xfffa3161 movzx ebx, byte [ebp - 0x74] cmp dl, 2 mov cl, 2 @@ -3530,55 +3543,55 @@ movzx eax, al movsx ecx, cl lea ebx, [ebx + ebx*2] add ecx, ebx -mov al, byte [eax + ecx*4 + ref_fffd32d4] ; mov al, byte [eax + ecx*4 - 0x2cd2c] -jmp short loc_fffa314e ; jmp 0xfffa314e +mov al, byte [eax + ecx*4 + ref_fffd35c4] ; mov al, byte [eax + ecx*4 - 0x2ca3c] +jmp short loc_fffa317d ; jmp 0xfffa317d -loc_fffa3132: ; not directly referenced +loc_fffa3161: ; not directly referenced cmp byte [ebp - 0x6c], 0 -jne short loc_fffa3156 ; jne 0xfffa3156 +jne short loc_fffa3185 ; jne 0xfffa3185 movzx ecx, byte [ebp - 0x74] movsx edx, dl movzx eax, al lea ecx, [ecx + ecx*4] add edx, ecx -mov al, byte [eax + edx*4 + ref_fffd32ac] ; mov al, byte [eax + edx*4 - 0x2cd54] +mov al, byte [eax + edx*4 + ref_fffd359c] ; mov al, byte [eax + edx*4 - 0x2ca64] -loc_fffa314e: ; not directly referenced +loc_fffa317d: ; not directly referenced mov byte [ebp - 0xc8], al -jmp short loc_fffa315d ; jmp 0xfffa315d +jmp short loc_fffa318c ; jmp 0xfffa318c -loc_fffa3156: ; not directly referenced +loc_fffa3185: ; not directly referenced mov byte [ebp - 0xc8], 4 -loc_fffa315d: ; not directly referenced +loc_fffa318c: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffa317e ; jne 0xfffa317e +cmp dword [eax + 0x3757], 2 +jne short loc_fffa31ad ; jne 0xfffa31ad imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -mov ax, word [edi + eax + 0x3760] +mov ax, word [edi + eax + 0x3761] mov byte [ebp - 0x5a], al -loc_fffa317e: ; not directly referenced +loc_fffa31ad: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffa319f ; jne 0xfffa319f +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffa31ce ; jne 0xfffa31ce imul eax, dword [ebp - 0x88], 0x2e mov edi, dword [ebp + 8] -mov ax, word [edi + eax + 0x4b23] +mov ax, word [edi + eax + 0x4b24] mov byte [ebp - 0x59], al -loc_fffa319f: ; not directly referenced +loc_fffa31ce: ; not directly referenced mov eax, dword [ebp + 8] xor esi, esi mov byte [ebp - 0x83], 0 -lea edi, [eax + 0x381a] +lea edi, [eax + 0x381b] add eax, 0x1eaa mov dword [ebp - 0xe4], eax -loc_fffa31bc: ; not directly referenced +loc_fffa31eb: ; not directly referenced cmp dword [edi - 0xc4], 2 -jne loc_fffa3346 ; jne 0xfffa3346 +jne loc_fffa3375 ; jne 0xfffa3375 cmp dword [edi - 4], 2 mov ecx, esi mov ebx, dword [ebp + 8] @@ -3586,13 +3599,13 @@ sete al add byte [ebp - 0x83], al mov eax, 1 shl eax, cl -or byte [ebx + 0x248e], al +or byte [ebx + 0x248f], al mov al, byte [edi] -or byte [ebx + 0x248d], al +or byte [ebx + 0x248e], al mov cl, byte [edi] and ecx, 0xf cmp dword [ebp - 0x78], 0 -je short loc_fffa3215 ; je 0xfffa3215 +je short loc_fffa3244 ; je 0xfffa3244 mov ebx, dword [ebp - 0xe4] xor ecx, ecx cmp byte [ebx - 1], 0 @@ -3602,47 +3615,47 @@ or eax, 2 cmp byte [ebx], 0 cmovne ecx, eax -loc_fffa3215: ; not directly referenced +loc_fffa3244: ; not directly referenced mov eax, dword [ebp + 8] lea ebx, [esi + 0x18] shl ebx, 8 mov edx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 movzx eax, byte [edi] and eax, 0xf cmp byte [ebp - 0x81], 0 mov ecx, eax -je short loc_fffa3250 ; je 0xfffa3250 +je short loc_fffa327f ; je 0xfffa327f cmp dword [ebp - 0x78], 0 -je short loc_fffa324b ; je 0xfffa324b +je short loc_fffa327a ; je 0xfffa327a mov edx, dword [ebp + 8] or ecx, 0x20 cmp byte [edx + 0x240a], 0 -jne short loc_fffa3250 ; jne 0xfffa3250 +jne short loc_fffa327f ; jne 0xfffa327f -loc_fffa324b: ; not directly referenced +loc_fffa327a: ; not directly referenced or eax, 0x30 mov ecx, eax -loc_fffa3250: ; not directly referenced +loc_fffa327f: ; not directly referenced cmp byte [ebp - 0xec], 0 sete al and al, byte [ebp - 0x6c] mov byte [ebp - 0xf4], al -je short loc_fffa3268 ; je 0xfffa3268 +je short loc_fffa3297 ; je 0xfffa3297 or ecx, 0x40 -loc_fffa3268: ; not directly referenced +loc_fffa3297: ; not directly referenced lea eax, [ebx - 0x1800] mov dword [ebp - 0xf8], eax mov eax, dword [ebp + 8] lea edx, [ebx + 0x420] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov dl, byte [edi] mov ebx, edx and ebx, 0xf cmp dword [ebp - 0x78], 0 -je loc_fffa3317 ; je 0xfffa3317 +je loc_fffa3346 ; je 0xfffa3346 mov eax, dword [ebp + 8] lea ecx, [esi*4] xor ebx, ebx @@ -3653,7 +3666,7 @@ movzx ecx, dl and eax, 0xf mov dword [ebp - 0xfc], ecx -loc_fffa32be: ; not directly referenced +loc_fffa32ed: ; not directly referenced mov cl, byte [ebp - 0xa8] mov edx, dword [ebp - 0xfc] sar edx, cl @@ -3661,29 +3674,29 @@ xor ecx, ecx mov dword [ebp - 0x94], edx and dword [ebp - 0x94], 1 -loc_fffa32db: ; not directly referenced +loc_fffa330a: ; not directly referenced mov edx, eax shr edx, cl and edx, 1 cmp edx, dword [ebp - 0xa8] -jne short loc_fffa32ff ; jne 0xfffa32ff +jne short loc_fffa332e ; jne 0xfffa332e cmp dword [ebp - 0x94], 0 -je short loc_fffa32ff ; je 0xfffa32ff +je short loc_fffa332e ; je 0xfffa332e mov edx, 1 shl edx, cl or ebx, edx and ebx, 0xf -loc_fffa32ff: ; not directly referenced +loc_fffa332e: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffa32db ; jne 0xfffa32db +jne short loc_fffa330a ; jne 0xfffa330a inc dword [ebp - 0xa8] cmp dword [ebp - 0xa8], 4 -jne short loc_fffa32be ; jne 0xfffa32be +jne short loc_fffa32ed ; jne 0xfffa32ed and ebx, 0xf -loc_fffa3317: ; not directly referenced +loc_fffa3346: ; not directly referenced mov cl, byte [ebp - 0xf4] mov eax, ebx or eax, 0x40 @@ -3694,15 +3707,15 @@ mov eax, dword [ebp + 8] add edx, 0x1220 mov ecx, ebx and ebx, 0xf -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov byte [edi + 0xfce], bl -loc_fffa3346: ; not directly referenced +loc_fffa3375: ; not directly referenced inc esi add edi, 0x13c3 add dword [ebp - 0xe4], 0x54a cmp esi, 2 -jne loc_fffa31bc ; jne 0xfffa31bc +jne loc_fffa31eb ; jne 0xfffa31eb cmp dword [ebp - 0x80], 1 mov ebx, 0x3620 sbb eax, eax @@ -3714,30 +3727,30 @@ mov eax, dword [ebp - 0xa8] and eax, 0x1f mov dword [ebp - 0xec], eax -loc_fffa3390: ; not directly referenced +loc_fffa33bf: ; not directly referenced mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x248d] +movzx eax, byte [eax + 0x248e] bt eax, edi -jb short loc_fffa33ad ; jb 0xfffa33ad +jb short loc_fffa33dc ; jb 0xfffa33dc -loc_fffa339f: ; not directly referenced +loc_fffa33ce: ; not directly referenced inc edi add ebx, 4 cmp edi, 4 -jne short loc_fffa3390 ; jne 0xfffa3390 -jmp near loc_fffa34a4 ; jmp 0xfffa34a4 +jne short loc_fffa33bf ; jne 0xfffa33bf +jmp near loc_fffa34d3 ; jmp 0xfffa34d3 -loc_fffa33ad: ; not directly referenced +loc_fffa33dc: ; not directly referenced mov ecx, dword [ebp - 0xec] lea edx, [ebx - 0x20] mov eax, dword [ebp + 8] shl ecx, 0xf or ecx, 0x2004040 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] lea edx, [ebx - 0x10] mov ecx, 0x88888888 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, ebx cmp byte [ebp - 0x6c], 1 @@ -3745,25 +3758,25 @@ sbb esi, esi and esi, 0xf00000 add esi, 0x2c08060 mov ecx, esi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] lea edx, [ebx + 0x10] mov ecx, 0x88888888 shr esi, 0x14 and esi, 0x3f -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov ecx, dword [ebp + 8] imul eax, edi, 0x12 lea edx, [edi + edi*8] mov byte [ebp - 0xe4], 2 -lea eax, [ecx + eax + 0x3756] -lea edx, [ecx + edx + 0x3756] +lea eax, [ecx + eax + 0x3757] +lea edx, [ecx + edx + 0x3757] mov dword [ebp - 0x94], eax -loc_fffa342f: ; not directly referenced +loc_fffa345e: ; not directly referenced xor eax, eax -loc_fffa3431: ; not directly referenced +loc_fffa3460: ; not directly referenced mov ecx, dword [ebp - 0x94] mov word [ecx + eax*2 + 0x169], 0x60 mov word [ecx + eax*2 + 0x121], 0x40 @@ -3777,21 +3790,21 @@ mov byte [edx + eax + 0x106e], 0x20 mov byte [edx + eax + 0x1026], cl inc eax cmp eax, 9 -jne short loc_fffa3431 ; jne 0xfffa3431 +jne short loc_fffa3460 ; jne 0xfffa3460 add dword [ebp - 0x94], 0x13c3 add edx, 0x13c3 dec byte [ebp - 0xe4] -jne short loc_fffa342f ; jne 0xfffa342f -jmp near loc_fffa339f ; jmp 0xfffa339f +jne short loc_fffa345e ; jne 0xfffa345e +jmp near loc_fffa33ce ; jmp 0xfffa33ce -loc_fffa34a4: ; not directly referenced +loc_fffa34d3: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3648 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x88888888 -call fcn_fffaa226 ; call 0xfffaa226 +call fcn_fffac864 ; call 0xfffac864 mov eax, dword [ebp + 8] mov edx, 0x3670 cmp dword [eax + 0x188b], 1 @@ -3799,7 +3812,7 @@ mov eax, 0x367c cmove edx, eax mov eax, dword [ebp + 8] xor ecx, ecx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x365c cmp dword [eax + 0x188b], 1 @@ -3807,7 +3820,7 @@ mov eax, 0x3668 cmove edx, eax mov eax, dword [ebp + 8] xor ecx, ecx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov al, byte [ebp - 0x74] and eax, 1 mov edi, eax @@ -3821,7 +3834,7 @@ and eax, 1 shl eax, 0x1a or edi, eax cmp dword [ebp - 0x78], 0 -je short loc_fffa3551 ; je 0xfffa3551 +je short loc_fffa3580 ; je 0xfffa3580 mov bl, byte [ebp - 0x84] or edi, 0x10000000 mov eax, edi @@ -3830,7 +3843,7 @@ test bl, bl cmovne edi, eax or edi, 0x40000000 -loc_fffa3551: ; not directly referenced +loc_fffa3580: ; not directly referenced mov bl, byte [ebp - 0x82] mov eax, edi mov edx, 0x3674 @@ -3843,7 +3856,7 @@ cmp dword [eax + 0x188b], 1 mov eax, 0x3680 cmove edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] cmp byte [eax + 0x190a], 1 mov eax, dword [ebp - 0xc8] @@ -3855,16 +3868,16 @@ shl eax, 0xa or esi, eax or esi, 0x7efc010 cmp dword [ebp - 0x78], 0 -je short loc_fffa35c5 ; je 0xfffa35c5 +je short loc_fffa35f4 ; je 0xfffa35f4 cmp byte [ebp - 0x6c], 0 -je short loc_fffa35c5 ; je 0xfffa35c5 +je short loc_fffa35f4 ; je 0xfffa35f4 mov eax, dword [ebp + 8] movzx eax, byte [eax + 0x1922] and eax, 7 shl eax, 0x1b or esi, eax -loc_fffa35c5: ; not directly referenced +loc_fffa35f4: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x3660 mov ecx, esi @@ -3873,17 +3886,17 @@ mov eax, 0x366c cmove edx, eax mov eax, dword [ebp + 8] xor ebx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 cmp byte [ebp - 0x81], 0 -je short loc_fffa3603 ; je 0xfffa3603 +je short loc_fffa3632 ; je 0xfffa3632 cmp dword [ebp - 0x78], 1 sbb ebx, ebx and ebx, 0xfffffe80 add ebx, 0x3f180 -loc_fffa3603: ; not directly referenced +loc_fffa3632: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa3663 ; je 0xfffa3663 +je short loc_fffa3692 ; je 0xfffa3692 mov eax, ebx mov ecx, dword [ebp - 0x70] and eax, 0xe3fc01ff @@ -3899,37 +3912,37 @@ or eax, 0x80000 cmp byte [ecx + 0x240d], 0 cmovne ebx, eax cmp dword [ebp - 0x78], 0 -je short loc_fffa3651 ; je 0xfffa3651 +je short loc_fffa3680 ; je 0xfffa3680 or ebx, 0x180 -jmp short loc_fffa3663 ; jmp 0xfffa3663 +jmp short loc_fffa3692 ; jmp 0xfffa3692 -loc_fffa3651: ; not directly referenced +loc_fffa3680: ; not directly referenced mov ecx, dword [ebp - 0xe0] mov eax, ebx or eax, 0x300000 test ecx, ecx cmovne ebx, eax -loc_fffa3663: ; not directly referenced +loc_fffa3692: ; not directly referenced mov eax, dword [ebp - 0x70] mov dword [ebp - 0x74], 0 add eax, 0x1c mov dword [ebp - 0xc8], eax -loc_fffa3676: ; not directly referenced +loc_fffa36a5: ; not directly referenced imul eax, dword [ebp - 0x74], 0x13c3 mov ecx, dword [ebp + 8] -cmp dword [ecx + eax + 0x3756], 2 -je short loc_fffa36a2 ; je 0xfffa36a2 +cmp dword [ecx + eax + 0x3757], 2 +je short loc_fffa36d1 ; je 0xfffa36d1 -loc_fffa368a: ; not directly referenced +loc_fffa36b9: ; not directly referenced inc dword [ebp - 0x74] add dword [ebp - 0xc8], 0xcc cmp dword [ebp - 0x74], 2 -jne short loc_fffa3676 ; jne 0xfffa3676 -jmp near loc_fffa3762 ; jmp 0xfffa3762 +jne short loc_fffa36a5 ; jne 0xfffa36a5 +jmp near loc_fffa3791 ; jmp 0xfffa3791 -loc_fffa36a2: ; not directly referenced +loc_fffa36d1: ; not directly referenced mov eax, dword [ebp - 0xc8] mov byte [ebp - 0xa8], 0 mov dword [eax], edi @@ -3939,11 +3952,11 @@ lea eax, [eax + eax - 6] movzx eax, al mov dword [ebp - 0xf4], eax -loc_fffa36c6: ; not directly referenced +loc_fffa36f5: ; not directly referenced mov ecx, dword [ebp + 8] mov al, byte [ebp - 0xa8] -cmp al, byte [ecx + 0x2488] -jae short loc_fffa368a ; jae 0xfffa368a +cmp al, byte [ecx + 0x2489] +jae short loc_fffa36b9 ; jae 0xfffa36b9 movzx eax, byte [ebp - 0xa8] and ebx, 0xffffffe0 mov edx, dword [ebp - 0xc8] @@ -3956,13 +3969,13 @@ mov dword [ebp - 0xec], eax mov dword [eax + 4], esi mov eax, dword [ebp + 8] mov dword [ebp - 0x98], ecx -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebp - 0x98] mov dword [ebp - 0xe0], eax movzx eax, byte [ebp + ecx - 0x31] mov ecx, dword [ebp + 8] imul eax, dword [ebp - 0xf4] -movzx ecx, byte [ecx + 0x2488] +movzx ecx, byte [ecx + 0x2489] cdq idiv ecx mov edx, dword [ebp - 0xe0] @@ -3970,13 +3983,13 @@ and eax, 0x1f or ebx, eax mov eax, dword [ebp + 8] mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0xec] inc byte [ebp - 0xa8] mov dword [eax + 0x28], ebx -jmp near loc_fffa36c6 ; jmp 0xfffa36c6 +jmp near loc_fffa36f5 ; jmp 0xfffa36f5 -loc_fffa3762: ; not directly referenced +loc_fffa3791: ; not directly referenced mov edi, dword [ebp - 0x7c] mov eax, edi movzx ebx, di @@ -3993,57 +4006,57 @@ movzx eax, ax add eax, 0x4d8140 cmp byte [ebp - 0x81], 0 mov dword [ebp - 0x74], eax -je short loc_fffa37b4 ; je 0xfffa37b4 +je short loc_fffa37e3 ; je 0xfffa37e3 mov ecx, eax mov eax, dword [ebp + 8] mov edx, 0x366c -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa37b4: ; not directly referenced +loc_fffa37e3: ; not directly referenced cmp byte [ebp - 0x82], 0 -je short loc_fffa37cd ; je 0xfffa37cd +je short loc_fffa37fc ; je 0xfffa37fc mov ecx, dword [ebp - 0x74] mov edx, 0x306c mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa37cd: ; not directly referenced +loc_fffa37fc: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa3817 ; je 0xfffa3817 +je short loc_fffa3846 ; je 0xfffa3846 mov ecx, dword [ebp - 0x74] mov eax, dword [ebp - 0x8c] and ch, 0x3f cmp eax, 0x306d0 -je short loc_fffa3801 ; je 0xfffa3801 +je short loc_fffa3830 ; je 0xfffa3830 cmp dword [ebp - 0xe8], 0 setne dl cmp eax, 0x40670 sete al test dl, al -jne short loc_fffa3801 ; jne 0xfffa3801 +jne short loc_fffa3830 ; jne 0xfffa3830 or ch, 0x40 -jmp short loc_fffa3804 ; jmp 0xfffa3804 +jmp short loc_fffa3833 ; jmp 0xfffa3833 -loc_fffa3801: ; not directly referenced +loc_fffa3830: ; not directly referenced or ch, 0x50 -loc_fffa3804: ; not directly referenced +loc_fffa3833: ; not directly referenced mov dword [ebp - 0x74], ecx mov eax, dword [ebp + 8] mov edx, 0x3678 mov ecx, dword [ebp - 0x74] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa3817: ; not directly referenced +loc_fffa3846: ; not directly referenced mov eax, dword [ebp - 0x74] mov edx, 0x3a24 -mov esi, ref_fffd329c ; mov esi, 0xfffd329c +mov esi, ref_fffd358c ; mov esi, 0xfffd358c shl ebx, 7 lea edi, [ebp - 0x28] mov ecx, eax mov dword [ebp - 0xfc], eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov ecx, 4 mov byte [ebp - 0xa8], 0 @@ -4057,7 +4070,7 @@ sub ax, 0x3e8 mov word [ebp - 0xe8], ax mov eax, 0x3e8 -loc_fffa386d: ; not directly referenced +loc_fffa389c: ; not directly referenced mov edi, dword [ebp - 0xe8] mov ebx, esi xor edx, edx @@ -4067,7 +4080,7 @@ mov ebx, eax mov byte [ebp - 0x98], cl mov word [ebp - 0xf8], di -loc_fffa3891: ; not directly referenced +loc_fffa38c0: ; not directly referenced mov eax, dword [ebp - 0xf8] mov cl, dl sub ax, word [ebp + edx*2 - 0x28] @@ -4076,49 +4089,49 @@ sar di, 0xf xor eax, edi sub eax, edi cmp bx, ax -jg short loc_fffa38b7 ; jg 0xfffa38b7 +jg short loc_fffa38e6 ; jg 0xfffa38e6 mov cl, byte [ebp - 0x98] mov eax, ebx -jmp short loc_fffa38c3 ; jmp 0xfffa38c3 +jmp short loc_fffa38f2 ; jmp 0xfffa38f2 -loc_fffa38b7: ; not directly referenced +loc_fffa38e6: ; not directly referenced mov bl, byte [ebp - 0xe0] mov byte [ebp - 0xa8], bl -loc_fffa38c3: ; not directly referenced +loc_fffa38f2: ; not directly referenced inc edx cmp edx, 8 -je short loc_fffa38d3 ; je 0xfffa38d3 +je short loc_fffa3902 ; je 0xfffa3902 mov byte [ebp - 0x98], cl mov ebx, eax -jmp short loc_fffa3891 ; jmp 0xfffa3891 +jmp short loc_fffa38c0 ; jmp 0xfffa38c0 -loc_fffa38d3: ; not directly referenced +loc_fffa3902: ; not directly referenced inc esi cmp esi, 8 -jne short loc_fffa386d ; jne 0xfffa386d +jne short loc_fffa389c ; jne 0xfffa389c xor eax, eax cmp byte [ebp - 0x6c], 0 -je short loc_fffa38ea ; je 0xfffa38ea +je short loc_fffa3919 ; je 0xfffa3919 mov ax, 0xb40 xor edx, edx div dword [ebp - 0x7c] -loc_fffa38ea: ; not directly referenced +loc_fffa3919: ; not directly referenced cmp byte [ebp - 0x81], 0 -je short loc_fffa3901 ; je 0xfffa3901 +je short loc_fffa3930 ; je 0xfffa3930 mov edx, eax shl edx, 0x12 lea edi, [edx + 0x2051c] mov dword [ebp - 0x74], edi -loc_fffa3901: ; not directly referenced +loc_fffa3930: ; not directly referenced cmp byte [ebp - 0x82], 0 -jne short loc_fffa3914 ; jne 0xfffa3914 +jne short loc_fffa3943 ; jne 0xfffa3943 cmp byte [ebp - 0x6c], 0 -je loc_fffa399b ; je 0xfffa399b +je loc_fffa39ca ; je 0xfffa39ca -loc_fffa3914: ; not directly referenced +loc_fffa3943: ; not directly referenced mov edi, dword [ebp - 0xa8] shl eax, 0x12 lea ecx, [ecx + edi*8] @@ -4126,31 +4139,31 @@ movzx ecx, cl shl ecx, 0xc add ecx, eax cmp byte [ebp - 0x6c], 0 -je short loc_fffa3992 ; je 0xfffa3992 +je short loc_fffa39c1 ; je 0xfffa39c1 xor eax, eax xor ebx, ebx xor esi, esi -loc_fffa3934: ; not directly referenced +loc_fffa3963: ; not directly referenced mov edi, dword [ebp + 8] cmp dword [edi + eax + 0x1973], 0 -jne short loc_fffa394d ; jne 0xfffa394d +jne short loc_fffa397c ; jne 0xfffa397c cmp byte [edi + eax + 0x1be9], 1 adc bl, 0 inc esi -loc_fffa394d: ; not directly referenced +loc_fffa397c: ; not directly referenced mov edi, dword [ebp + 8] cmp dword [edi + eax + 0x1bea], 0 -jne short loc_fffa3966 ; jne 0xfffa3966 +jne short loc_fffa3995 ; jne 0xfffa3995 cmp byte [edi + eax + 0x1e60], 1 adc bl, 0 inc esi -loc_fffa3966: ; not directly referenced +loc_fffa3995: ; not directly referenced add eax, 0x54a cmp eax, 0xa94 -jne short loc_fffa3934 ; jne 0xfffa3934 +jne short loc_fffa3963 ; jne 0xfffa3963 mov eax, esi cmp al, bl sete al @@ -4160,48 +4173,48 @@ sbb edx, edx and edx, 4 lea eax, [edx + ecx + 0x518] mov dword [ebp - 0x74], eax -jmp short loc_fffa399f ; jmp 0xfffa399f +jmp short loc_fffa39ce ; jmp 0xfffa39ce -loc_fffa3992: ; not directly referenced +loc_fffa39c1: ; not directly referenced lea eax, [ecx + 0x53f] mov dword [ebp - 0x74], eax -loc_fffa399b: ; not directly referenced +loc_fffa39ca: ; not directly referenced xor ebx, ebx xor esi, esi -loc_fffa399f: ; not directly referenced +loc_fffa39ce: ; not directly referenced cmp byte [ebp - 0x81], 0 -je short loc_fffa39b8 ; je 0xfffa39b8 +je short loc_fffa39e7 ; je 0xfffa39e7 mov ecx, dword [ebp - 0x74] mov edx, 0xf68 mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa39b8: ; not directly referenced +loc_fffa39e7: ; not directly referenced cmp byte [ebp - 0x82], 0 -je short loc_fffa39d1 ; je 0xfffa39d1 +je short loc_fffa3a00 ; je 0xfffa3a00 mov ecx, dword [ebp - 0x74] mov edx, 0xf6c mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa39d1: ; not directly referenced +loc_fffa3a00: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa39e7 ; je 0xfffa39e7 +je short loc_fffa3a16 ; je 0xfffa3a16 mov ecx, dword [ebp - 0x74] mov edx, 0xf74 mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa39e7: ; not directly referenced +loc_fffa3a16: ; not directly referenced mov eax, dword [ebp - 0x94] mov cl, 3 and eax, 1 shl eax, 0x1a or eax, 0xe00000 cmp byte [ebp - 0x6c], 0 -je short loc_fffa3a12 ; je 0xfffa3a12 +je short loc_fffa3a41 ; je 0xfffa3a41 mov ecx, esi cmp cl, bl sete cl @@ -4209,7 +4222,7 @@ or ecx, dword [ebp - 0xdc] neg ecx add ecx, 3 -loc_fffa3a12: ; not directly referenced +loc_fffa3a41: ; not directly referenced mov ebx, ecx mov edx, 0x3678 and ebx, 3 @@ -4222,7 +4235,7 @@ mov eax, 0x3684 cmove edx, eax mov eax, dword [ebp + 8] xor edi, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp - 0x70] mov dword [eax + 0x14], ebx mov ebx, dword [ebp + 8] @@ -4231,9 +4244,9 @@ mov eax, dword [ebp - 0x94] and eax, 1 mov dword [ebp - 0xdc], eax -loc_fffa3a5a: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne loc_fffa3c8b ; jne 0xfffa3c8b +loc_fffa3a89: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne loc_fffa3cba ; jne 0xfffa3cba mov eax, dword [ebp - 0xdc] lea edx, [edi + 0x1810] mov ecx, dword [ebp - 0x78] @@ -4250,21 +4263,21 @@ test cl, cl cmovne esi, eax mov eax, dword [ebp + 8] mov ecx, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x6c], 0 mov dword [ebp - 0xa8], esi -je short loc_fffa3aba ; je 0xfffa3aba +je short loc_fffa3ae9 ; je 0xfffa3ae9 and esi, 0x7fffffbf mov dword [ebp - 0xa8], esi -loc_fffa3aba: ; not directly referenced +loc_fffa3ae9: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x190a], 0 -je short loc_fffa3ad6 ; je 0xfffa3ad6 +je short loc_fffa3b05 ; je 0xfffa3b05 or dword [ebp - 0xa8], 0x10000000 or esi, 0x10000000 -loc_fffa3ad6: ; not directly referenced +loc_fffa3b05: ; not directly referenced or esi, 0x18000 cmp dword [ebp - 0x80], 1 lea edx, [edi + 0x320c] @@ -4276,7 +4289,7 @@ shl eax, 0xd or esi, eax mov eax, dword [ebp + 8] mov ecx, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x74] lea edx, [edi + 0x121c] mov al, byte [ebp - 0x98] @@ -4285,7 +4298,7 @@ mov eax, dword [ebp + 8] mov ecx, esi and ecx, 0xffe1bfff or ecx, 0x120000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0xa8] lea edx, [edi + 0x1c1c] mov esi, dword [ebp - 0x80] @@ -4298,108 +4311,108 @@ test esi, esi cmove eax, ecx mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 lea edx, [edi + 0x3208] cmp byte [ebp - 0x84], 0 -je short loc_fffa3b85 ; je 0xfffa3b85 +je short loc_fffa3bb4 ; je 0xfffa3bb4 mov eax, dword [ebp + 8] mov ecx, 0xc183060 -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa3b9b ; jmp 0xfffa3b9b +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffa3bca ; jmp 0xfffa3bca -loc_fffa3b85: ; not directly referenced +loc_fffa3bb4: ; not directly referenced cmp byte [ebp - 0x82], 0 -je short loc_fffa3b9b ; je 0xfffa3b9b +je short loc_fffa3bca ; je 0xfffa3bca mov eax, dword [ebp + 8] mov ecx, 0x60 -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffa3b9b: ; not directly referenced +loc_fffa3bca: ; not directly referenced mov eax, dword [ebp + 8] lea edx, [edi + 0x1208] mov ecx, 0xc183060 -mov dword [ebx + 0x386f], 0x60 -mov dword [ebx + 0x3867], 0x60 -mov dword [ebx + 0x3873], 0x60 -mov dword [ebx + 0x386b], 0x60 -call fcn_fffae58c ; call 0xfffae58c +mov dword [ebx + 0x3870], 0x60 +mov dword [ebx + 0x3868], 0x60 +mov dword [ebx + 0x3874], 0x60 +mov dword [ebx + 0x386c], 0x60 +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] lea edx, [edi + 0x3418] mov ecx, 0x8102040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] lea edx, [edi + 0x180c] mov ecx, 0x8102040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx -mov byte [ebx + 0x3997], 0x40 -lea edx, [edi + 0x3204] -mov byte [ebx + 0x399b], 0x40 mov byte [ebx + 0x3998], 0x40 +lea edx, [edi + 0x3204] mov byte [ebx + 0x399c], 0x40 mov byte [ebx + 0x3999], 0x40 mov byte [ebx + 0x399d], 0x40 mov byte [ebx + 0x399a], 0x40 mov byte [ebx + 0x399e], 0x40 -call fcn_fffae58c ; call 0xfffae58c +mov byte [ebx + 0x399b], 0x40 +mov byte [ebx + 0x399f], 0x40 +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x6c], 0 -je short loc_fffa3c5a ; je 0xfffa3c5a +je short loc_fffa3c89 ; je 0xfffa3c89 mov eax, dword [ebp + 8] lea edx, [edi + 0x1204] xor ecx, ecx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa3c5a: ; not directly referenced +loc_fffa3c89: ; not directly referenced mov esi, dword [ebp - 0x74] lea edx, [edi + 0x3414] xor ecx, ecx mov eax, dword [ebp + 8] mov dword [esi + 0x68], 0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] lea edx, [edi + 0x1808] mov dword [esi + 0x6c], 0 xor ecx, ecx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa3c8b: ; not directly referenced +loc_fffa3cba: ; not directly referenced add edi, 0x100 add ebx, 0x13c3 add dword [ebp - 0x74], 0xcc cmp edi, 0x200 -jne loc_fffa3a5a ; jne 0xfffa3a5a +jne loc_fffa3a89 ; jne 0xfffa3a89 mov al, byte [ebp - 0xe4] mov edi, dword [ebp - 0x70] shl eax, 3 cmp byte [ebp - 0x83], 0 mov dword [edi + 0xc], 0 mov byte [edi + 0xc], al -je short loc_fffa3cd9 ; je 0xfffa3cd9 +je short loc_fffa3d08 ; je 0xfffa3d08 mov eax, dword [ebp + 8] cmp dword [eax + 0x187f], 1 -jne short loc_fffa3cd9 ; jne 0xfffa3cd9 +jne short loc_fffa3d08 ; jne 0xfffa3d08 mov byte [ebp - 0x35], 0x3c -loc_fffa3cd9: ; not directly referenced +loc_fffa3d08: ; not directly referenced cmp dword [ebp - 0x8c], 0x306d0 mov bl, byte [ebp - 0x81] sete al or bl, al -je short loc_fffa3d0c ; je 0xfffa3d0c +je short loc_fffa3d3b ; je 0xfffa3d3b mov eax, dword [ebp - 0x70] mov byte [ebp - 0x40], 0x28 mov byte [ebp - 0x36], 0x28 mov byte [ebp - 0x3c], 0x28 cmp byte [eax + 0x1c5], 0 -je short loc_fffa3d0c ; je 0xfffa3d0c +je short loc_fffa3d3b ; je 0xfffa3d3b mov byte [ebp - 0x35], 0x20 -loc_fffa3d0c: ; not directly referenced +loc_fffa3d3b: ; not directly referenced mov edi, 0xc xor ebx, ebx -loc_fffa3d13: ; not directly referenced +loc_fffa3d42: ; not directly referenced movzx ecx, byte [ebp + ebx - 0x40] movzx edx, byte [ebp + ebx - 0x36] movzx eax, byte [ebp + ebx - 0x45] @@ -4411,7 +4424,7 @@ add ecx, ecx cdq idiv ecx cmp bl, 1 -jne short loc_fffa3d76 ; jne 0xfffa3d76 +jne short loc_fffa3da5 ; jne 0xfffa3da5 mov esi, dword [ebp - 0x70] cmp ax, 0xfff0 mov ecx, 0xfffffff0 @@ -4432,9 +4445,9 @@ mov al, byte [esi + 0xe] and eax, 0xfffffff0 or eax, edx mov byte [esi + 0xe], al -jmp short loc_fffa3db3 ; jmp 0xfffa3db3 +jmp short loc_fffa3de2 ; jmp 0xfffa3de2 -loc_fffa3d76: ; not directly referenced +loc_fffa3da5: ; not directly referenced cmp ax, 0xfff8 mov esi, 0xfffffff8 cmovl eax, esi @@ -4442,7 +4455,7 @@ mov esi, 7 cmp ax, 7 cmovg eax, esi test bl, bl -jne short loc_fffa3da8 ; jne 0xfffa3da8 +jne short loc_fffa3dd7 ; jne 0xfffa3dd7 mov esi, dword [ebp - 0x70] and eax, 0xf shl eax, 3 @@ -4450,78 +4463,78 @@ mov dl, byte [esi + 0xd] and edx, 0xffffff87 or edx, eax mov byte [esi + 0xd], dl -jmp short loc_fffa3db3 ; jmp 0xfffa3db3 +jmp short loc_fffa3de2 ; jmp 0xfffa3de2 -loc_fffa3da8: ; not directly referenced +loc_fffa3dd7: ; not directly referenced mov esi, dword [ebp - 0x70] cwde mov ecx, edi shl eax, cl or dword [esi + 0xc], eax -loc_fffa3db3: ; not directly referenced +loc_fffa3de2: ; not directly referenced inc ebx add edi, 4 cmp ebx, 5 -jne loc_fffa3d13 ; jne 0xfffa3d13 +jne loc_fffa3d42 ; jne 0xfffa3d42 mov eax, dword [ebp - 0x70] mov edx, 0x3a14 mov ecx, dword [eax + 0xc] mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ebx, dword [ebp - 0x94] and ebx, 1 shl ebx, 0x19 and ebx, 0xfeffffff cmp byte [ebp - 0x6c], 0 -je short loc_fffa3dff ; je 0xfffa3dff +je short loc_fffa3e2e ; je 0xfffa3e2e mov eax, dword [ebp - 0xd8] or ebx, 0x20000000 and eax, 1 shl eax, 0x1a or ebx, eax -loc_fffa3dff: ; not directly referenced +loc_fffa3e2e: ; not directly referenced imul eax, dword [ebp - 0x88], 0x2e add eax, dword [ebp + 8] -cmp word [eax + 0x375e], 2 -jne short loc_fffa3e41 ; jne 0xfffa3e41 +cmp word [eax + 0x375f], 2 +jne short loc_fffa3e70 ; jne 0xfffa3e70 -loc_fffa3e13: ; not directly referenced +loc_fffa3e42: ; not directly referenced mov eax, 1 mov edx, 2 -loc_fffa3e1d: ; not directly referenced +loc_fffa3e4c: ; not directly referenced imul ecx, dword [ebp - 0x88], 0x2e add ecx, dword [ebp + 8] -mov word [ecx + 0x375e], dx +mov word [ecx + 0x375f], dx lea edx, [eax + 1] dec eax -mov word [ecx + 0x4b21], dx -jne short loc_fffa3e54 ; jne 0xfffa3e54 +mov word [ecx + 0x4b22], dx +jne short loc_fffa3e83 ; jne 0xfffa3e83 mov byte [ebp - 0x48], 0x59 -jmp short loc_fffa3e54 ; jmp 0xfffa3e54 +jmp short loc_fffa3e83 ; jmp 0xfffa3e83 -loc_fffa3e41: ; not directly referenced -cmp word [eax + 0x4b21], 2 -je short loc_fffa3e13 ; je 0xfffa3e13 +loc_fffa3e70: ; not directly referenced +cmp word [eax + 0x4b22], 2 +je short loc_fffa3e42 ; je 0xfffa3e42 xor eax, eax mov edx, 1 -jmp short loc_fffa3e1d ; jmp 0xfffa3e1d +jmp short loc_fffa3e4c ; jmp 0xfffa3e4c -loc_fffa3e54: ; not directly referenced +loc_fffa3e83: ; not directly referenced cmp dword [ebp - 0x78], 0 -je short loc_fffa3e5e ; je 0xfffa3e5e +je short loc_fffa3e8d ; je 0xfffa3e8d mov byte [ebp - 0x48], 0x3f -loc_fffa3e5e: ; not directly referenced +loc_fffa3e8d: ; not directly referenced mov eax, dword [ebp + 8] xor esi, esi mov edi, 5 -movzx eax, word [eax + 0x2489] +movzx eax, word [eax + 0x248a] mov dword [ebp - 0x74], eax -loc_fffa3e72: ; not directly referenced +loc_fffa3ea1: ; not directly referenced mov al, byte [ebp + esi - 0x49] movzx ecx, al shr al, 1 @@ -4534,36 +4547,36 @@ lea ecx, [esi + esi*4] cmp ax, 4 cmovbe eax, edi cmp ax, 0x10 -ja short loc_fffa3ea0 ; ja 0xfffa3ea0 +ja short loc_fffa3ecf ; ja 0xfffa3ecf mov dl, byte [ebp - 0x78] cmp dl, byte [ebp + esi - 0x51] -jae short loc_fffa3ea9 ; jae 0xfffa3ea9 +jae short loc_fffa3ed8 ; jae 0xfffa3ed8 -loc_fffa3ea0: ; not directly referenced +loc_fffa3ecf: ; not directly referenced shr ax, 1 movzx eax, ax dec eax -jmp short loc_fffa3eaf ; jmp 0xfffa3eaf +jmp short loc_fffa3ede ; jmp 0xfffa3ede -loc_fffa3ea9: ; not directly referenced +loc_fffa3ed8: ; not directly referenced movzx eax, ax add eax, 0xf -loc_fffa3eaf: ; not directly referenced +loc_fffa3ede: ; not directly referenced shl eax, cl inc esi add ebx, eax cmp esi, 4 -jne short loc_fffa3e72 ; jne 0xfffa3e72 +jne short loc_fffa3ea1 ; jne 0xfffa3ea1 mov eax, dword [ebp + 8] mov ecx, ebx mov edx, 0x3a18 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x70] xor ecx, ecx cmp dword [ebp - 0x80], 0 mov dword [eax + 0x10], ebx -jne loc_fffa3f93 ; jne 0xfffa3f93 +jne loc_fffa3fc2 ; jne 0xfffa3fc2 mov esi, dword [ebp - 0xc8] mov eax, esi lea ecx, [eax + 0x18] @@ -4572,9 +4585,9 @@ imul eax, ecx, 0x64 sub ecx, 0xf cdq idiv ecx -call fcn_fffaebb7 ; call 0xfffaebb7 +call fcn_fffb38ee ; call 0xfffb38ee mov edi, dword [ebp + 8] -movzx ebx, word [edi + 0x2489] +movzx ebx, word [edi + 0x248a] movzx edi, word [edi + 0x1902] movzx ecx, ax imul ecx, ecx, 0x7d0 @@ -4597,7 +4610,7 @@ imul eax, ecx, 0x64 sub ecx, 0xf cdq idiv ecx -call fcn_fffaebb7 ; call 0xfffaebb7 +call fcn_fffb38ee ; call 0xfffb38ee mov esi, eax mov eax, 0x7080 cdq @@ -4622,23 +4635,23 @@ shl eax, 6 and edx, 0x3f or ecx, eax or ecx, edx -jmp near loc_fffa4040 ; jmp 0xfffa4040 +jmp near loc_fffa406f ; jmp 0xfffa406f -loc_fffa3f93: ; not directly referenced +loc_fffa3fc2: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je loc_fffa4040 ; je 0xfffa4040 +je loc_fffa406f ; je 0xfffa406f mov eax, dword [ebp - 0x70] cmp byte [eax + 0x1c5], 0 -je short loc_fffa3fb8 ; je 0xfffa3fb8 +je short loc_fffa3fe7 ; je 0xfffa3fe7 mov eax, dword [ebp + 8] mov ecx, 1 xor edx, edx -call fcn_fffb9560 ; call 0xfffb9560 +call fcn_fffb7663 ; call 0xfffb7663 -loc_fffa3fb8: ; not directly referenced +loc_fffa3fe7: ; not directly referenced mov eax, dword [ebp + 8] mov esi, 0x7f -movzx ecx, word [eax + 0x2489] +movzx ecx, word [eax + 0x248a] mov eax, 0xafc8 cdq idiv ecx @@ -4679,13 +4692,13 @@ or ecx, esi and eax, 0x3f or ecx, eax -loc_fffa4040: ; not directly referenced +loc_fffa406f: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x3a1c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x2008 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp - 0x70] mov edx, 0x2008 and eax, 0xfffffc20 @@ -4693,115 +4706,115 @@ or eax, 0x316 mov ecx, eax mov dword [edi + 0x18], eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x2000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x2004 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x42a0 -movzx ecx, byte [eax + 0x381a] -call fcn_fffae566 ; call 0xfffae566 +movzx ecx, byte [eax + 0x381b] +call fcn_fffb335b ; call 0xfffb335b mov eax, dword [ebp + 8] mov edx, 0x46a0 -movzx ecx, byte [eax + 0x4bdd] -call fcn_fffae566 ; call 0xfffae566 +movzx ecx, byte [eax + 0x4bde] +call fcn_fffb335b ; call 0xfffb335b mov eax, dword [ebp + 8] mov edx, 0x3a20 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, 0x115 mov edx, 0x5f08 mov ebx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x96 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 cmp dword [ebp - 0x80], 0 -jne loc_fffa4235 ; jne 0xfffa4235 +jne loc_fffa4264 ; jne 0xfffa4264 mov eax, dword [ebp + 8] mov edx, 0x3644 and ebx, 0xf8ffffff -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3644 and eax, 0x8fffffff or eax, 0x20000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3700 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3700 and eax, 0xf8ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3810 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3810 and eax, 0xf8ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3904 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3904 and eax, 0xfc7fffff or eax, 0x1000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 0x3a04 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a04 and eax, 0x8fffffff or eax, 0x20000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a08 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a08 and eax, 0xf8ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a0c -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a0c and eax, 0xf0ffffff or eax, 0x2000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a10 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3a10 and eax, 0xf87fffff or eax, 0x1000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 or ebx, 0x2000000 -jmp short loc_fffa425d ; jmp 0xfffa425d +jmp short loc_fffa428c ; jmp 0xfffa428c -loc_fffa4235: ; not directly referenced +loc_fffa4264: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa425d ; je 0xfffa425d +je short loc_fffa428c ; je 0xfffa428c mov eax, dword [ebp - 0xf0] sub eax, 2 cmp eax, 2 @@ -4813,43 +4826,43 @@ and eax, 6 shl eax, 0x18 or ebx, eax -loc_fffa425d: ; not directly referenced +loc_fffa428c: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, ebx mov edx, 0x3a20 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp - 0x70] mov edx, 0x2008 mov ecx, dword [eax + 0x18] mov eax, dword [ebp + 8] or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 0x3a04 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f cmp dword [ebp - 0x80], 0 -jne short loc_fffa429f ; jne 0xfffa429f +jne short loc_fffa42ce ; jne 0xfffa42ce mov ecx, eax shr ecx, 9 and ecx, 0x3f -jmp short loc_fffa42ac ; jmp 0xfffa42ac +jmp short loc_fffa42db ; jmp 0xfffa42db -loc_fffa429f: ; not directly referenced +loc_fffa42ce: ; not directly referenced cmp byte [ebp - 0x6c], 0 -je short loc_fffa42b1 ; je 0xfffa42b1 +je short loc_fffa42e0 ; je 0xfffa42e0 mov edi, eax shr edi, 0x1a mov ecx, edi -loc_fffa42ac: ; not directly referenced +loc_fffa42db: ; not directly referenced and eax, 0x3f -jmp short loc_fffa42b5 ; jmp 0xfffa42b5 +jmp short loc_fffa42e4 ; jmp 0xfffa42e4 -loc_fffa42b1: ; not directly referenced +loc_fffa42e0: ; not directly referenced xor eax, eax xor ecx, ecx -loc_fffa42b5: ; not directly referenced +loc_fffa42e4: ; not directly referenced mov edi, dword [ebp - 0x70] sub ecx, eax mov eax, ecx @@ -4861,7 +4874,7 @@ or edx, eax mov ecx, edx or ch, 4 cmp byte [ebp - 0x6c], 0 -je short loc_fffa42f1 ; je 0xfffa42f1 +je short loc_fffa4320 ; je 0xfffa4320 mov ecx, edx xor eax, eax or ecx, 0x404 @@ -4870,14 +4883,14 @@ seta al and ecx, 0xfffffffe or ecx, eax -loc_fffa42f1: ; not directly referenced +loc_fffa4320: ; not directly referenced mov eax, dword [ebp - 0x70] mov edx, 0x3a14 mov dword [eax + 0xc], ecx mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x6c], 0 -je loc_fffa455a ; je 0xfffa455a +je loc_fffa4589 ; je 0xfffa4589 mov eax, dword [ebp + 8] mov edx, 0x3658 mov ecx, 0x80000000 @@ -4887,25 +4900,25 @@ mov eax, 0x3664 cmove edx, eax mov eax, dword [ebp + 8] xor ebx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, 0x2000000 mov edx, 0x3824 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, 0x2000000 mov edx, 0x3914 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, 0x2000000 mov edx, 0x3724 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3688 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa437e: ; not directly referenced +loc_fffa43ad: ; not directly referenced mov eax, ebx mov edi, esi and eax, 7 @@ -4916,26 +4929,26 @@ or edi, eax mov eax, dword [ebp + 8] mov ecx, edi mov esi, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, edi mov edx, 0xc8c cmp dword [ebp - 0x90], 0 -je short loc_fffa43b6 ; je 0xfffa43b6 +je short loc_fffa43e5 ; je 0xfffa43e5 mov edx, 0x58c -loc_fffa43b6: ; not directly referenced +loc_fffa43e5: ; not directly referenced mov eax, dword [ebp + 8] inc ebx and ebx, 7 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp bl, 6 -jne short loc_fffa437e ; jne 0xfffa437e +jne short loc_fffa43ad ; jne 0xfffa43ad and edi, 0xfffffe0f xor ebx, ebx mov esi, edi or esi, 0x80 -loc_fffa43d7: ; not directly referenced +loc_fffa4406: ; not directly referenced mov eax, ebx mov edi, esi and eax, 7 @@ -4945,28 +4958,28 @@ or edi, eax cmp dword [ebp - 0x90], 0 mov esi, edi mov ecx, edi -jne short loc_fffa440c ; jne 0xfffa440c +jne short loc_fffa443b ; jne 0xfffa443b mov eax, dword [ebp + 8] mov edx, 0x58c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, edi mov edx, 0x48c -jmp short loc_fffa4420 ; jmp 0xfffa4420 +jmp short loc_fffa444f ; jmp 0xfffa444f -loc_fffa440c: ; not directly referenced +loc_fffa443b: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x98c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, edi mov edx, 0x18c -loc_fffa4420: ; not directly referenced +loc_fffa444f: ; not directly referenced mov eax, dword [ebp + 8] inc ebx and ebx, 7 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp bl, 6 -jne short loc_fffa43d7 ; jne 0xfffa43d7 +jne short loc_fffa4406 ; jne 0xfffa4406 mov ebx, edi and edi, 0xffffe60f mov esi, edi @@ -4975,7 +4988,7 @@ shr ebx, 0x10 or esi, 0x40 and ebx, 1 -loc_fffa4446: ; not directly referenced +loc_fffa4475: ; not directly referenced mov eax, edi and esi, 0xffff0fff and eax, 7 @@ -4985,29 +4998,29 @@ or dword [ebp - 0x6c], eax mov esi, dword [ebp - 0x6c] cmp dword [ebp - 0x90], 0 mov ecx, esi -jne short loc_fffa447e ; jne 0xfffa447e +jne short loc_fffa44ad ; jne 0xfffa44ad mov eax, dword [ebp + 8] mov edx, 0x78c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x68c -jmp short loc_fffa4492 ; jmp 0xfffa4492 +jmp short loc_fffa44c1 ; jmp 0xfffa44c1 -loc_fffa447e: ; not directly referenced +loc_fffa44ad: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0xb8c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x38c -loc_fffa4492: ; not directly referenced +loc_fffa44c1: ; not directly referenced mov eax, dword [ebp + 8] inc edi and edi, 7 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, edi cmp al, 6 -jne short loc_fffa4446 ; jne 0xfffa4446 +jne short loc_fffa4475 ; jne 0xfffa4475 mov eax, dword [ebp - 0x6c] mov ecx, dword [ebp + 8] shr eax, 0x10 @@ -5021,25 +5034,25 @@ cmovne esi, eax cmp dword [ebp - 0x90], 0 mov edi, esi mov ecx, esi -jne short loc_fffa44e9 ; jne 0xfffa44e9 +jne short loc_fffa4518 ; jne 0xfffa4518 mov eax, dword [ebp + 8] mov edx, 0x38c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x88c -jmp short loc_fffa44fd ; jmp 0xfffa44fd +jmp short loc_fffa452c ; jmp 0xfffa452c -loc_fffa44e9: ; not directly referenced +loc_fffa4518: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0xa8c -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x48c -loc_fffa44fd: ; not directly referenced +loc_fffa452c: ; not directly referenced mov eax, dword [ebp + 8] shr esi, 0x10 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, esi mov edx, 0x3920 and eax, 1 @@ -5047,7 +5060,7 @@ mov ecx, edi cmp al, 1 mov eax, dword [ebp + 8] sbb bl, 0xff -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, edi shr eax, 0x10 add bl, al @@ -5055,54 +5068,54 @@ setne dl cmp word [ebp - 0xf4], 0xf setbe al test dl, al -je short loc_fffa455a ; je 0xfffa455a +je short loc_fffa4589 ; je 0xfffa4589 mov eax, dword [ebp + 8] mov edx, 0x78 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x3678 and eax, 0xffffffc0 lea ecx, [eax + 0x10] mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa455a: ; not directly referenced +loc_fffa4589: ; not directly referenced mov eax, dword [ebp - 0x7c] cmp eax, 0x4b0 -je short loc_fffa456e ; je 0xfffa456e +je short loc_fffa459d ; je 0xfffa459d cmp eax, 0x546 sete cl -jmp short loc_fffa4582 ; jmp 0xfffa4582 +jmp short loc_fffa45b1 ; jmp 0xfffa45b1 -loc_fffa456e: ; not directly referenced +loc_fffa459d: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 +cmp dword [eax + 0x2481], 2 sete cl lea ecx, [ecx*4 + 3] -loc_fffa4582: ; not directly referenced +loc_fffa45b1: ; not directly referenced mov eax, dword [ebp + 8] and ecx, 7 mov edx, 0x58a4 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov dword [ebp - 0x6c], 0 -mov eax, dword [eax + 0x2480] +mov eax, dword [eax + 0x2481] mov dword [ebp - 0x80], eax mov eax, dword [ebp + 8] -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x88], eax mov dword [ebp - 0x70], eax mov eax, dword [ebp + 8] -add eax, 0x244b +add eax, 0x244c mov dword [ebp - 0x78], eax -loc_fffa45c1: ; not directly referenced +loc_fffa45f0: ; not directly referenced mov eax, dword [ebp - 0x70] cmp dword [eax], 2 -jne loc_fffa502f ; jne 0xfffa502f +jne loc_fffa505e ; jne 0xfffa505e mov edi, dword [ebp + 8] imul eax, dword [ebp - 0x6c], 0xcc -mov edx, dword [edi + 0x5edc] +mov edx, dword [edi + 0x5edd] lea eax, [edx + eax + 0x1c] imul edx, dword [edi + 0x18a7], 0x2e mov edi, dword [ebp - 0x70] @@ -5173,8 +5186,8 @@ and ebx, 0xffffffc3 shl esi, 2 or ebx, esi mov byte [eax + 0x9f], bl -cmp dword [edi + 0x2480], 3 -jne short loc_fffa470b ; jne 0xfffa470b +cmp dword [edi + 0x2481], 3 +jne short loc_fffa473a ; jne 0xfffa473a movzx esi, word [edx + 0x1a] movzx ecx, word [edx + 0x1c] sub ecx, esi @@ -5186,10 +5199,10 @@ shl ecx, 6 or ebx, ecx mov byte [eax + 0x9f], bl -loc_fffa470b: ; not directly referenced +loc_fffa473a: ; not directly referenced mov edi, dword [ebp + 8] -cmp dword [edi + 0x2480], 2 -jne short loc_fffa473d ; jne 0xfffa473d +cmp dword [edi + 0x2481], 2 +jne short loc_fffa476c ; jne 0xfffa476c mov cx, word [edx + 0x22] mov dl, 0xf mov bl, cl @@ -5202,7 +5215,7 @@ and ecx, 0xffffffc3 or ecx, edx mov byte [eax + 0x9f], cl -loc_fffa473d: ; not directly referenced +loc_fffa476c: ; not directly referenced mov esi, dword [ebp - 0x6c] mov ecx, dword [eax + 0x9c] mov eax, dword [ebp + 8] @@ -5210,10 +5223,10 @@ mov edi, esi add edi, 0x10 shl edi, 0xa mov edx, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 imul eax, esi, 0xcc mov esi, dword [ebp + 8] -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] lea ecx, [edx + eax + 0x1c] imul eax, dword [esi + 0x18a7], 0x2e mov esi, dword [ebp - 0x70] @@ -5224,7 +5237,7 @@ mov dword [ebp - 0x7c], eax movzx eax, word [ebx + 8] sub dword [ebp - 0x7c], eax mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 +cmp dword [eax + 0x2481], 2 mov dword [ecx + 0xac], 0 mov dx, word [ebx + 8] sete byte [ebp - 0x90] @@ -5280,13 +5293,13 @@ and eax, 0xfffffffe or eax, edx mov byte [ecx + 0xae], al mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne loc_fffa493f ; jne 0xfffa493f +cmp dword [eax + 0x2481], 3 +jne loc_fffa496e ; jne 0xfffa496e cmp byte [eax + 0x240a], 0 -je short loc_fffa4888 ; je 0xfffa4888 +je short loc_fffa48b7 ; je 0xfffa48b7 or byte [ecx + 0xaf], 2 -loc_fffa4888: ; not directly referenced +loc_fffa48b7: ; not directly referenced mov dl, byte [ebp - 0x81] mov al, byte [ecx + 0xac] add edx, 0x1f @@ -5305,7 +5318,7 @@ or eax, 8 mov byte [ecx + 0xad], al mov eax, dword [ebp + 8] movzx esi, word [ebx + 8] -movzx eax, word [eax + 0x2489] +movzx eax, word [eax + 0x248a] dec esi add eax, eax mov ebx, eax @@ -5341,7 +5354,7 @@ shl eax, 3 or ebx, eax mov byte [ecx + 0xae], bl -loc_fffa493f: ; not directly referenced +loc_fffa496e: ; not directly referenced lea eax, [edi - 0x4000] mov ecx, dword [ecx + 0xac] mov dword [ebp - 0x74], eax @@ -5349,10 +5362,10 @@ lea eax, [edi + 0x14] mov edx, eax mov dword [ebp - 0x7c], eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov esi, dword [ebp + 8] mov edi, dword [ebp - 0x6c] -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] imul eax, edi, 0xcc imul ecx, dword [esi + 0x18a7], 0x2e lea eax, [edx + eax + 0x1c] @@ -5360,37 +5373,37 @@ imul edx, edi, 0x13c3 mov edi, dword [ebp - 0x78] lea edx, [ecx + edx + 0x1300] lea ecx, [edi + edx + 0xf] -mov edx, dword [esi + 0x2480] +mov edx, dword [esi + 0x2481] mov dword [eax + 0xa0], 0 -mov ebx, dword [esi + 0x36d7] +mov ebx, dword [esi + 0x36d8] cmp edx, 3 -jne short loc_fffa49c1 ; jne 0xfffa49c1 +jne short loc_fffa49f0 ; jne 0xfffa49f0 mov dl, 4 cmp ebx, 0x42b -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 cmp ebx, 0x536 sbb edx, edx add edx, 6 -jmp short loc_fffa49f7 ; jmp 0xfffa49f7 +jmp short loc_fffa4a26 ; jmp 0xfffa4a26 -loc_fffa49c1: ; not directly referenced +loc_fffa49f0: ; not directly referenced mov edx, 3 cmp ebx, 0x42b -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 mov dl, 4 cmp ebx, 0x640 -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 mov dl, 5 cmp ebx, 0x74b -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 mov dl, 6 cmp ebx, 0x960 -jbe short loc_fffa49f7 ; jbe 0xfffa49f7 +jbe short loc_fffa4a26 ; jbe 0xfffa4a26 cmp ebx, 0xaf1 sbb edx, edx add edx, 8 -loc_fffa49f7: ; not directly referenced +loc_fffa4a26: ; not directly referenced cmp edx, 0xf mov ebx, 0xf mov edi, dword [ebp + 8] @@ -5401,15 +5414,15 @@ and edx, 0xfffffff0 or edx, ebx mov byte [eax + 0xa0], dl mov dl, byte [eax + 0xa3] -cmp dword [edi + 0x2480], 3 -jne short loc_fffa4a2d ; jne 0xfffa4a2d +cmp dword [edi + 0x2481], 3 +jne short loc_fffa4a5c ; jne 0xfffa4a5c and edx, 0x3f -jmp short loc_fffa4a30 ; jmp 0xfffa4a30 +jmp short loc_fffa4a5f ; jmp 0xfffa4a5f -loc_fffa4a2d: ; not directly referenced +loc_fffa4a5c: ; not directly referenced or edx, 0xffffffc0 -loc_fffa4a30: ; not directly referenced +loc_fffa4a5f: ; not directly referenced mov byte [eax + 0xa3], dl mov dx, word [ecx + 0xa] mov bl, 0xff @@ -5429,7 +5442,7 @@ or edx, ebx xor ebx, ebx or edx, 0x40 mov byte [eax + 0xa1], dl -cmp dword [edi + 0x2480], 3 +cmp dword [edi + 0x2481], 3 sete bl and edx, 0x7f add ebx, 6 @@ -5470,28 +5483,28 @@ mov ecx, dword [eax + 0xa0] mov eax, dword [ebp - 0x74] lea edx, [eax + 0x4004] mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edi, dword [ebp - 0x6c] mov esi, dword [ebp + 8] imul eax, edi, 0xcc -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] lea ebx, [edx + eax + 0x1c] imul edx, dword [esi + 0x18a7], 0x2e imul eax, edi, 0x13c3 mov edi, dword [ebp - 0x78] lea eax, [edx + eax + 0x1300] lea eax, [edi + eax + 0xf] -mov edi, dword [esi + 0x2480] +mov edi, dword [esi + 0x2481] mov dword [ebx + 0xa4], 0 cmp edi, 2 -jne short loc_fffa4b56 ; jne 0xfffa4b56 +jne short loc_fffa4b85 ; jne 0xfffa4b85 movzx edx, word [eax + 0x2c] -jmp short loc_fffa4b5a ; jmp 0xfffa4b5a +jmp short loc_fffa4b89 ; jmp 0xfffa4b89 -loc_fffa4b56: ; not directly referenced +loc_fffa4b85: ; not directly referenced movzx edx, word [eax + 0x28] -loc_fffa4b5a: ; not directly referenced +loc_fffa4b89: ; not directly referenced movzx ecx, word [eax + 8] lea edx, [edx + ecx + 6] mov ecx, 0x3f @@ -5506,15 +5519,15 @@ mov byte [ebx + 0xa4], dl movzx edx, word [eax + 8] movzx ecx, word [eax + 6] cmp edi, 3 -je short loc_fffa4b97 ; je 0xfffa4b97 +je short loc_fffa4bc6 ; je 0xfffa4bc6 sub edx, ecx add edx, 7 -jmp short loc_fffa4b9c ; jmp 0xfffa4b9c +jmp short loc_fffa4bcb ; jmp 0xfffa4bcb -loc_fffa4b97: ; not directly referenced +loc_fffa4bc6: ; not directly referenced mov edx, 8 -loc_fffa4b9c: ; not directly referenced +loc_fffa4bcb: ; not directly referenced cmp edx, 0xf mov ecx, 0xf cmovbe ecx, edx @@ -5533,14 +5546,14 @@ mov byte [ebx + 0xa5], dl mov edx, 7 or byte [ebx + 0xa6], 1 cmp edi, 3 -jne short loc_fffa4bf3 ; jne 0xfffa4bf3 +jne short loc_fffa4c22 ; jne 0xfffa4c22 mov edi, dword [ebp + 8] cmp byte [edi + 0x240a], 1 sbb edx, edx and edx, 0xfffffffe add edx, 9 -loc_fffa4bf3: ; not directly referenced +loc_fffa4c22: ; not directly referenced cmp edx, 0xf mov ecx, 0xf cmovbe ecx, edx @@ -5571,7 +5584,7 @@ or edx, eax mov eax, dword [ebp + 8] mov byte [ebx + 0xa7], dl mov edx, dword [ebp - 0x7c] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, dword [ebp - 0x74] mov dword [ebx + 0xac], eax movzx edx, byte [ebx + 0xad] @@ -5590,7 +5603,7 @@ mov byte [ebx + 0xa7], al mov eax, dword [ebp + 8] lea edx, [edi + 0x4008] mov ecx, dword [ebx + 0xa4] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov al, byte [ebx + 0xa7] shr al, 7 movzx eax, al @@ -5606,11 +5619,11 @@ or ecx, edx or ecx, eax mov eax, dword [ebp + 8] lea edx, [edi + 0x40d0] -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b mov edi, dword [ebp - 0x6c] mov esi, dword [ebp + 8] imul eax, edi, 0xcc -mov edx, dword [esi + 0x5edc] +mov edx, dword [esi + 0x5edd] lea ecx, [edx + eax + 0x1c] imul edx, dword [esi + 0x18a7], 0x2e imul eax, edi, 0x13c3 @@ -5618,42 +5631,42 @@ mov edi, dword [ebp - 0x78] lea eax, [edx + eax + 0x1300] lea esi, [edi + eax + 0xf] mov eax, dword [ebp + 8] -mov edi, dword [eax + 0x2480] +mov edi, dword [eax + 0x2481] mov dword [ecx + 0xa8], 0 -mov edx, dword [eax + 0x36d7] +mov edx, dword [eax + 0x36d8] mov eax, 0xa cmp edx, 0x320 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0xd cmp edx, 0x42b -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x10 cmp edx, 0x535 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x14 cmp edx, 0x640 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x17 cmp edx, 0x74b -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x1a cmp edx, 0x855 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x1d cmp edx, 0x960 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x20 cmp edx, 0xa6b -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 mov al, 0x22 cmp edx, 0xaf0 -jbe short loc_fffa4d98 ; jbe 0xfffa4d98 +jbe short loc_fffa4dc7 ; jbe 0xfffa4dc7 cmp edx, 0xbb9 sbb eax, eax and eax, 0xfffffffd add eax, 0x27 -loc_fffa4d98: ; not directly referenced +loc_fffa4dc7: ; not directly referenced cmp eax, 0x3f mov edx, 0x3f cmovbe edx, eax @@ -5663,30 +5676,30 @@ and eax, 0xffffffc0 or eax, edx mov byte [ecx + 0xa8], al mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x36d7] +mov edx, dword [eax + 0x36d8] cmp edi, 3 -jne short loc_fffa4dd2 ; jne 0xfffa4dd2 +jne short loc_fffa4e01 ; jne 0xfffa4e01 cmp edx, 0x536 sbb eax, eax add eax, 6 -jmp short loc_fffa4df9 ; jmp 0xfffa4df9 +jmp short loc_fffa4e28 ; jmp 0xfffa4e28 -loc_fffa4dd2: ; not directly referenced +loc_fffa4e01: ; not directly referenced cmp edi, 2 -jne short loc_fffa4dee ; jne 0xfffa4dee +jne short loc_fffa4e1d ; jne 0xfffa4e1d mov eax, 5 cmp edx, 0x640 -jbe short loc_fffa4df9 ; jbe 0xfffa4df9 +jbe short loc_fffa4e28 ; jbe 0xfffa4e28 mov al, 6 cmp edx, 0x74b -jbe short loc_fffa4df9 ; jbe 0xfffa4df9 +jbe short loc_fffa4e28 ; jbe 0xfffa4e28 -loc_fffa4dee: ; not directly referenced +loc_fffa4e1d: ; not directly referenced cmp edx, 0x856 sbb eax, eax add eax, 8 -loc_fffa4df9: ; not directly referenced +loc_fffa4e28: ; not directly referenced cmp eax, 0xf mov edx, 0xf cmovbe edx, eax @@ -5703,36 +5716,36 @@ and eax, 0xfffffffc or eax, edx mov byte [ecx + 0xa9], al mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x36d7] +mov edx, dword [eax + 0x36d8] mov eax, 4 cmp edx, 0x320 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 5 cmp edx, 0x42b -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 6 cmp edx, 0x535 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 7 cmp edx, 0x640 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 8 cmp edx, 0x74b -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 0xa cmp edx, 0x855 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 0xb cmp edx, 0x960 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 mov al, 0xc cmp edx, 0xaf0 -jbe short loc_fffa4e98 ; jbe 0xfffa4e98 +jbe short loc_fffa4ec7 ; jbe 0xfffa4ec7 cmp edx, 0xbb9 sbb eax, eax add eax, 0xe -loc_fffa4e98: ; not directly referenced +loc_fffa4ec7: ; not directly referenced cmp eax, 0xf mov edx, 0xf cmovbe edx, eax @@ -5746,20 +5759,20 @@ movzx eax, word [esi + 8] movzx ebx, word [esi + 6] mov esi, dword [ebp + 8] sub ebx, eax -cmp dword [esi + 0x36d7], 0x536 +cmp dword [esi + 0x36d8], 0x536 lea eax, [ebx + 8] -movzx esi, word [esi + 0x2489] +movzx esi, word [esi + 0x248a] lea edx, [ebx + 7] cmovb eax, edx cmp edi, 3 -jne short loc_fffa4ef6 ; jne 0xfffa4ef6 +jne short loc_fffa4f25 ; jne 0xfffa4f25 add esi, esi xor edx, edx lea eax, [esi + 0x157b] div esi lea eax, [ebx + eax + 6] -loc_fffa4ef6: ; not directly referenced +loc_fffa4f25: ; not directly referenced cmp eax, 0x1f mov edx, 0x1f cmovbe edx, eax @@ -5783,29 +5796,29 @@ mov eax, dword [ebp - 0x74] mov ecx, dword [ecx + 0xa8] lea edx, [eax + 0x400c] mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x80], 2 -jne loc_fffa502f ; jne 0xfffa502f +jne loc_fffa505e ; jne 0xfffa505e mov edi, dword [ebp + 8] imul eax, dword [ebp - 0x6c], 0xcc -mov edx, dword [edi + 0x5edc] +mov edx, dword [edi + 0x5edd] lea eax, [edx + eax + 0x1c] imul edx, dword [edi + 0x18a7], 0x2e mov edi, dword [ebp - 0x70] lea ecx, [edi + edx + 4] mov edi, dword [ebp + 8] mov dl, 4 -mov ebx, dword [edi + 0x36d7] +mov ebx, dword [edi + 0x36d8] cmp ebx, 0x535 -jbe short loc_fffa4faa ; jbe 0xfffa4faa +jbe short loc_fffa4fd9 ; jbe 0xfffa4fd9 mov dl, 5 cmp ebx, 0x74b -jbe short loc_fffa4faa ; jbe 0xfffa4faa +jbe short loc_fffa4fd9 ; jbe 0xfffa4fd9 cmp ebx, 0x961 sbb edx, edx add edx, 7 -loc_fffa4faa: ; not directly referenced +loc_fffa4fd9: ; not directly referenced and edx, 0xf mov bl, dl shl ebx, 4 @@ -5840,45 +5853,45 @@ mov edx, dword [ebp - 0x74] mov ecx, dword [eax + 0xb0] mov eax, dword [ebp + 8] add edx, 0x4018 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa502f: ; not directly referenced +loc_fffa505e: ; not directly referenced inc dword [ebp - 0x6c] add dword [ebp - 0x70], 0x13c3 cmp dword [ebp - 0x6c], 2 -jne loc_fffa45c1 ; jne 0xfffa45c1 +jne loc_fffa45f0 ; jne 0xfffa45f0 mov eax, dword [ebp + 8] mov edi, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] +mov edx, dword [eax + 0x5edd] xor eax, eax -cmp byte [edi + 0x381a], 0 -je short loc_fffa5064 ; je 0xfffa5064 -cmp dword [edi + 0x3816], 2 +cmp byte [edi + 0x381b], 0 +je short loc_fffa5093 ; je 0xfffa5093 +cmp dword [edi + 0x3817], 2 sete al -loc_fffa5064: ; not directly referenced +loc_fffa5093: ; not directly referenced mov edi, dword [ebp + 8] -cmp byte [edi + 0x4bdd], 0 -je short loc_fffa507f ; je 0xfffa507f +cmp byte [edi + 0x4bde], 0 +je short loc_fffa50ae ; je 0xfffa50ae mov cl, al or ecx, 2 -cmp dword [edi + 0x4bd9], 2 +cmp dword [edi + 0x4bda], 2 cmove eax, ecx -loc_fffa507f: ; not directly referenced +loc_fffa50ae: ; not directly referenced lea edi, [edx + 0xbc] movzx eax, al mov dword [ebp - 0x70], edi mov edi, dword [ebp + 8] mov dword [ebp - 0x6c], 0 mov dword [ebp - 0x74], eax -add edi, 0x4ae6 +add edi, 0x4ae7 -loc_fffa509e: ; not directly referenced +loc_fffa50cd: ; not directly referenced mov eax, dword [ebp - 0x74] mov esi, dword [ebp - 0x6c] bt eax, esi -jae loc_fffa5212 ; jae 0xfffa5212 +jae loc_fffa5241 ; jae 0xfffa5241 mov eax, dword [edi - 0x144] movzx ebx, byte [edi - 0x12cc] cmp eax, 3 @@ -5887,44 +5900,44 @@ cmp eax, 8 sete dl xor eax, eax or cl, dl -je short loc_fffa50e4 ; je 0xfffa50e4 +je short loc_fffa5113 ; je 0xfffa5113 mov eax, dword [ebp - 0xb8] mov al, byte [edi - 0x128] mov word [ebp - 0xb8], ax mov eax, 1 -loc_fffa50e4: ; not directly referenced +loc_fffa5113: ; not directly referenced mov edx, dword [edi - 0x1c] cmp edx, 8 sete cl cmp edx, 3 sete dl or cl, dl -jne short loc_fffa5100 ; jne 0xfffa5100 +jne short loc_fffa512f ; jne 0xfffa512f mov esi, 6 test eax, eax -je short loc_fffa5133 ; je 0xfffa5133 +je short loc_fffa5162 ; je 0xfffa5162 -loc_fffa5100: ; not directly referenced +loc_fffa512f: ; not directly referenced mov al, byte [edi] mov ecx, dword [ebp - 0xb8] mov ch, al mov word [ebp - 0xb8], cx mov al, cl cmp cl, 5 -je short loc_fffa5125 ; je 0xfffa5125 +je short loc_fffa5154 ; je 0xfffa5154 movzx edx, ch mov esi, 6 cmp dl, 5 -jne short loc_fffa5133 ; jne 0xfffa5133 +jne short loc_fffa5162 ; jne 0xfffa5162 -loc_fffa5125: ; not directly referenced +loc_fffa5154: ; not directly referenced mov ecx, dword [ebp - 0xb8] cmp ch, al setne al lea esi, [eax + 6] -loc_fffa5133: ; not directly referenced +loc_fffa5162: ; not directly referenced sub esp, 0xc mov eax, esi mov edx, dword [ebp - 0x6c] @@ -5936,11 +5949,11 @@ push 1 push eax mov eax, dword [ebp + 8] push 8 -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 mov eax, esi add esp, 0x20 cmp al, 7 -jne loc_fffa5212 ; jne 0xfffa5212 +jne loc_fffa5241 ; jne 0xfffa5241 mov eax, dword [ebp - 0x70] sub esp, 0xc mov edx, dword [ebp - 0x6c] @@ -5959,7 +5972,7 @@ mov eax, dword [ebp + 8] push 0 shr esi, 0x13 and esi, 0xf -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x14 mov edx, dword [ebp - 0x6c] push ebx @@ -5970,7 +5983,7 @@ lea eax, [esi + 1] push eax mov eax, dword [ebp + 8] push 1 -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 mov eax, dword [ebp - 0x70] add esp, 0x14 mov edx, dword [ebp - 0x6c] @@ -5986,7 +5999,7 @@ inc eax push eax mov eax, dword [ebp + 8] push 4 -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x14 mov eax, esi push ebx @@ -6002,7 +6015,7 @@ mov eax, dword [ebp + 8] push 5 shr esi, 0xe and esi, 0x1f -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x14 mov edx, dword [ebp - 0x6c] push ebx @@ -6013,144 +6026,144 @@ lea eax, [esi + 1] push eax mov eax, dword [ebp + 8] push 0xe -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffb4652 ; call 0xfffb4652 add esp, 0x20 -loc_fffa5212: ; not directly referenced +loc_fffa5241: ; not directly referenced inc dword [ebp - 0x6c] add edi, 0x13c3 add dword [ebp - 0x70], 0xcc cmp dword [ebp - 0x6c], 2 -jne loc_fffa509e ; jne 0xfffa509e +jne loc_fffa50cd ; jne 0xfffa50cd mov edi, 0x4290 mov dword [ebp - 0x6c], 0 -loc_fffa5238: ; not directly referenced +loc_fffa5267: ; not directly referenced imul eax, dword [ebp - 0x6c], 0x13c3 mov esi, dword [ebp + 8] -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffa553b ; jne 0xfffa553b +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffa556a ; jne 0xfffa556a mov edx, dword [ebp - 0x6c] mov eax, esi -call fcn_fffae6fa ; call 0xfffae6fa +call fcn_fffb3431 ; call 0xfffb3431 mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x36d7] +mov ebx, dword [eax + 0x36d8] mov eax, dword [eax + 0x188b] mov dword [ebp - 0x70], eax mov eax, dword [ebp + 8] -mov ecx, dword [eax + 0x2480] +mov ecx, dword [eax + 0x2481] cmp ecx, 3 -jne short loc_fffa528d ; jne 0xfffa528d -movzx esi, word [eax + 0x2489] +jne short loc_fffa52bc ; jne 0xfffa52bc +movzx esi, word [eax + 0x248a] mov eax, 0x57e40 cdq add esi, esi idiv esi -jmp short loc_fffa52de ; jmp 0xfffa52de +jmp short loc_fffa530d ; jmp 0xfffa530d -loc_fffa528d: ; not directly referenced +loc_fffa52bc: ; not directly referenced cmp ecx, 2 -je short loc_fffa52d9 ; je 0xfffa52d9 +je short loc_fffa5308 ; je 0xfffa5308 mov eax, 0x100 cmp ebx, 0x640 -jbe short loc_fffa52de ; jbe 0xfffa52de +jbe short loc_fffa530d ; jbe 0xfffa530d mov al, 0x2b cmp ebx, 0x74b -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 mov al, 0x56 cmp ebx, 0x855 -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 mov al, 0x80 cmp ebx, 0x960 -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 mov al, 0xab cmp ebx, 0xa6b -jbe short loc_fffa52e6 ; jbe 0xfffa52e6 +jbe short loc_fffa5315 ; jbe 0xfffa5315 cmp ebx, 0xb76 sbb eax, eax and eax, 0xffffffd6 add eax, 0x200 -jmp short loc_fffa52e6 ; jmp 0xfffa52e6 +jmp short loc_fffa5315 ; jmp 0xfffa5315 -loc_fffa52d9: ; not directly referenced +loc_fffa5308: ; not directly referenced mov eax, 0x200 -loc_fffa52de: ; not directly referenced +loc_fffa530d: ; not directly referenced cmp ebx, 0x320 -jbe short loc_fffa534b ; jbe 0xfffa534b +jbe short loc_fffa537a ; jbe 0xfffa537a -loc_fffa52e6: ; not directly referenced +loc_fffa5315: ; not directly referenced cmp ebx, 0x42b -jbe short loc_fffa5352 ; jbe 0xfffa5352 +jbe short loc_fffa5381 ; jbe 0xfffa5381 cmp ebx, 0x535 -jbe loc_fffa5b11 ; jbe 0xfffa5b11 +jbe loc_fffa5b40 ; jbe 0xfffa5b40 cmp ebx, 0x640 -jbe loc_fffa5b18 ; jbe 0xfffa5b18 +jbe loc_fffa5b47 ; jbe 0xfffa5b47 cmp ebx, 0x74b -jbe loc_fffa5b1f ; jbe 0xfffa5b1f +jbe loc_fffa5b4e ; jbe 0xfffa5b4e cmp ebx, 0x855 -jbe loc_fffa5b26 ; jbe 0xfffa5b26 +jbe loc_fffa5b55 ; jbe 0xfffa5b55 cmp ebx, 0x960 -jbe loc_fffa5b2d ; jbe 0xfffa5b2d +jbe loc_fffa5b5c ; jbe 0xfffa5b5c mov edx, 0xe cmp ebx, 0xaf0 -jbe loc_fffa53cc ; jbe 0xfffa53cc +jbe loc_fffa53fb ; jbe 0xfffa53fb cmp ebx, 0xbb9 sbb edx, edx add edx, 0x10 -jmp near loc_fffa53cc ; jmp 0xfffa53cc +jmp near loc_fffa53fb ; jmp 0xfffa53fb -loc_fffa534b: ; not directly referenced +loc_fffa537a: ; not directly referenced mov edx, 4 -jmp short loc_fffa5357 ; jmp 0xfffa5357 +jmp short loc_fffa5386 ; jmp 0xfffa5386 -loc_fffa5352: ; not directly referenced +loc_fffa5381: ; not directly referenced mov edx, 6 -loc_fffa5357: ; not directly referenced +loc_fffa5386: ; not directly referenced cmp ecx, 2 -je short loc_fffa53d1 ; je 0xfffa53d1 +je short loc_fffa5400 ; je 0xfffa5400 mov esi, 0xc cmp ebx, 0x42b -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 -loc_fffa5369: ; not directly referenced +loc_fffa5398: ; not directly referenced mov esi, 0xc cmp ebx, 0x640 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0xe cmp ebx, 0x74b -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x10 cmp ebx, 0x855 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x12 cmp ebx, 0x960 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 -loc_fffa539a: ; not directly referenced +loc_fffa53c9: ; not directly referenced mov esi, 0x14 cmp ebx, 0xa6b -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x15 cmp ebx, 0xaf0 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 mov si, 0x16 cmp ebx, 0xb75 -jbe short loc_fffa53d6 ; jbe 0xfffa53d6 +jbe short loc_fffa5405 ; jbe 0xfffa5405 cmp ebx, 0xbb9 sbb esi, esi add esi, 0x18 -jmp short loc_fffa53d6 ; jmp 0xfffa53d6 +jmp short loc_fffa5405 ; jmp 0xfffa5405 -loc_fffa53cc: ; not directly referenced +loc_fffa53fb: ; not directly referenced cmp ecx, 2 -jne short loc_fffa539a ; jne 0xfffa539a +jne short loc_fffa53c9 ; jne 0xfffa53c9 -loc_fffa53d1: ; not directly referenced +loc_fffa5400: ; not directly referenced mov esi, 0x18 -loc_fffa53d6: ; not directly referenced +loc_fffa5405: ; not directly referenced cmp edx, 0xf mov ecx, 0xf cmova edx, ecx @@ -6164,25 +6177,25 @@ and ebx, 0x3ff shl ebx, 0x10 or edx, ebx cmp dword [ebp - 0x70], 0 -jne short loc_fffa5416 ; jne 0xfffa5416 +jne short loc_fffa5445 ; jne 0xfffa5445 sub esi, 8 cmp esi, 0xf cmovbe ecx, esi shl ecx, 0x1c -jmp short loc_fffa5425 ; jmp 0xfffa5425 +jmp short loc_fffa5454 ; jmp 0xfffa5454 -loc_fffa5416: ; not directly referenced +loc_fffa5445: ; not directly referenced inc esi mov ecx, 0x1f cmp esi, 0x1f cmovbe ecx, esi shl ecx, 0x1b -loc_fffa5425: ; not directly referenced +loc_fffa5454: ; not directly referenced mov eax, dword [ebp + 8] or ecx, edx lea edx, [edi + 0x14] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] xor ecx, ecx mov eax, dword [eax + 0x188b] @@ -6191,48 +6204,48 @@ mov eax, dword [ebp + 8] mov eax, dword [eax + 0x1887] mov dword [ebp - 0x74], eax mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x2480] -mov edx, dword [eax + 0x36d7] +mov esi, dword [eax + 0x2481] +mov edx, dword [eax + 0x36d8] cmp esi, 3 -jne short loc_fffa5473 ; jne 0xfffa5473 -movzx ebx, word [eax + 0x2489] +jne short loc_fffa54a2 ; jne 0xfffa54a2 +movzx ebx, word [eax + 0x248a] mov eax, 0x15f90 cdq add ebx, ebx idiv ebx -jmp short loc_fffa54bd ; jmp 0xfffa54bd +jmp short loc_fffa54ec ; jmp 0xfffa54ec -loc_fffa5473: ; not directly referenced +loc_fffa54a2: ; not directly referenced mov eax, 0x80 cmp esi, 2 -je short loc_fffa54bd ; je 0xfffa54bd +je short loc_fffa54ec ; je 0xfffa54ec mov al, 0x40 cmp edx, 0x640 -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x4b cmp edx, 0x74b -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x56 cmp edx, 0x855 -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x60 cmp edx, 0x960 -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec mov al, 0x6b cmp edx, 0xa6b -jbe short loc_fffa54bd ; jbe 0xfffa54bd +jbe short loc_fffa54ec ; jbe 0xfffa54ec cmp edx, 0xb76 sbb eax, eax and eax, 0xfffffff6 sub eax, 0xffffff80 -loc_fffa54bd: ; not directly referenced +loc_fffa54ec: ; not directly referenced cmp dword [ebp - 0x70], 1 sete dl cmp dword [ebp - 0x74], 0x40650 sete bl or dl, bl -je short loc_fffa54fb ; je 0xfffa54fb +je short loc_fffa552a ; je 0xfffa552a cmp esi, 3 mov edx, 0x100 mov ecx, 0x80 @@ -6243,41 +6256,41 @@ cmovbe edx, eax and edx, 0x3ff shl edx, 0xa or ecx, edx -jmp short loc_fffa550c ; jmp 0xfffa550c +jmp short loc_fffa553b ; jmp 0xfffa553b -loc_fffa54fb: ; not directly referenced +loc_fffa552a: ; not directly referenced mov edx, 0xff cmp eax, 0xff mov cl, 0x80 cmovbe edx, eax mov ch, dl -loc_fffa550c: ; not directly referenced +loc_fffa553b: ; not directly referenced mov eax, dword [ebp + 8] mov edx, edi lea ebx, [edi + 4] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, ebx mov ecx, eax mov eax, dword [ebp + 8] mov cl, 0xff -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f -loc_fffa553b: ; not directly referenced +loc_fffa556a: ; not directly referenced inc dword [ebp - 0x6c] add edi, 0x400 cmp dword [ebp - 0x6c], 2 -jne loc_fffa5238 ; jne 0xfffa5238 +jne loc_fffa5267 ; jne 0xfffa5267 mov eax, dword [ebp + 8] mov ecx, 0x100000 mov esi, dword [eax + 0x1887] -cmp dword [eax + 0x2480], 3 +cmp dword [eax + 0x2481], 3 mov edi, dword [eax + 0x188b] sete al cmp esi, 0x306d0 @@ -6285,67 +6298,67 @@ sete bl cmp esi, 0x40650 sete dl or bl, dl -jne short loc_fffa558f ; jne 0xfffa558f +jne short loc_fffa55be ; jne 0xfffa55be cmp esi, 0x40670 sete dl test dl, al -je short loc_fffa55b0 ; je 0xfffa55b0 +je short loc_fffa55df ; je 0xfffa55df -loc_fffa558f: ; not directly referenced +loc_fffa55be: ; not directly referenced mov ecx, 0x102000 test al, al -je short loc_fffa55b0 ; je 0xfffa55b0 +je short loc_fffa55df ; je 0xfffa55df mov eax, dword [ebp + 8] cmp byte [eax + 0x240a], 1 sbb ecx, ecx and ecx, 0x2000 add ecx, 0x4100000 -loc_fffa55b0: ; not directly referenced +loc_fffa55df: ; not directly referenced mov eax, dword [ebp + 8] mov edx, 0x4c20 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov ecx, 0x553c3038 mov edx, 0x4f8c -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -je short loc_fffa55e4 ; je 0xfffa55e4 +cmp dword [eax + 0x2481], 3 +je short loc_fffa5613 ; je 0xfffa5613 -loc_fffa55db: ; not directly referenced +loc_fffa560a: ; not directly referenced dec edi -jne loc_fffa568d ; jne 0xfffa568d -jmp short loc_fffa563c ; jmp 0xfffa563c +jne loc_fffa56bc ; jne 0xfffa56bc +jmp short loc_fffa566b ; jmp 0xfffa566b -loc_fffa55e4: ; not directly referenced +loc_fffa5613: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffa560f ; jne 0xfffa560f +cmp dword [eax + 0x3757], 2 +jne short loc_fffa563e ; jne 0xfffa563e mov edx, 0x4010 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4010 and eax, 0xfffffff0 or eax, 7 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa560f: ; not directly referenced +loc_fffa563e: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffa55db ; jne 0xfffa55db +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffa560a ; jne 0xfffa560a mov edx, 0x4410 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4410 and eax, 0xfffffff0 or eax, 7 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa55db ; jmp 0xfffa55db +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffa560a ; jmp 0xfffa560a -loc_fffa563c: ; not directly referenced +loc_fffa566b: ; not directly referenced mov edi, dword [ebp + 8] xor edx, edx mov ecx, 0x1ffff @@ -6355,86 +6368,86 @@ mov dx, word [edi + 0x1920] and ecx, 0x1ffff cmp byte [edi + 0x191b], 0 mov eax, ecx -je short loc_fffa5679 ; je 0xfffa5679 +je short loc_fffa56a8 ; je 0xfffa56a8 mov ecx, edx or ecx, 0x80000000 mov edx, ecx -loc_fffa5679: ; not directly referenced +loc_fffa56a8: ; not directly referenced push ecx push ecx push edx mov edx, 0x5028 push eax mov eax, dword [ebp + 8] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffa568d: ; not directly referenced +loc_fffa56bc: ; not directly referenced mov eax, dword [ebp + 8] xor ecx, ecx mov edx, 0x3f xor esi, esi xor edi, edi -call fcn_fffc3c0d ; call 0xfffc3c0d +call fcn_fffc3b02 ; call 0xfffc3b02 mov eax, dword [ebp + 8] lea ecx, [ebp - 0x20] mov edx, dword [ebp - 0x88] mov eax, dword [eax + 0x188b] mov dword [ebp - 0x70], eax mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2480] +mov eax, dword [eax + 0x2481] mov dword [ebp - 0x74], eax lea eax, [ebp - 0x28] -loc_fffa56c4: ; not directly referenced +loc_fffa56f3: ; not directly referenced mov dword [eax], 0 cmp dword [edx], 2 -jne short loc_fffa56f1 ; jne 0xfffa56f1 +jne short loc_fffa5720 ; jne 0xfffa5720 cmp dword [edx + 0x1173], 2 -jne short loc_fffa56e0 ; jne 0xfffa56e0 +jne short loc_fffa570f ; jne 0xfffa570f mov ebx, dword [edx + 0x1254] mov dword [eax], ebx -loc_fffa56e0: ; not directly referenced +loc_fffa570f: ; not directly referenced cmp dword [edx + 0x129b], 2 -jne short loc_fffa56f1 ; jne 0xfffa56f1 +jne short loc_fffa5720 ; jne 0xfffa5720 mov ebx, dword [edx + 0x137c] add dword [eax], ebx -loc_fffa56f1: ; not directly referenced +loc_fffa5720: ; not directly referenced add eax, 4 add edx, 0x13c3 cmp eax, ecx -jne short loc_fffa56c4 ; jne 0xfffa56c4 +jne short loc_fffa56f3 ; jne 0xfffa56f3 mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x78], al mov eax, dword [ebp - 0x24] mov ebx, eax mov dword [ebp - 0x6c], eax mov eax, dword [ebp - 0x28] cmp ebx, eax -ja short loc_fffa5737 ; ja 0xfffa5737 +ja short loc_fffa5766 ; ja 0xfffa5766 mov eax, dword [ebp + 8] mov ebx, 4 -mov dword [eax + 0x381b], 0 -mov dword [eax + 0x4bde], 1 -jmp short loc_fffa5756 ; jmp 0xfffa5756 +mov dword [eax + 0x381c], 0 +mov dword [eax + 0x4bdf], 1 +jmp short loc_fffa5785 ; jmp 0xfffa5785 -loc_fffa5737: ; not directly referenced +loc_fffa5766: ; not directly referenced mov ecx, dword [ebp + 8] mov ebx, 1 mov dword [ebp - 0x6c], eax -mov dword [ecx + 0x381b], 1 -mov dword [ecx + 0x4bde], 0 +mov dword [ecx + 0x381c], 1 +mov dword [ecx + 0x4bdf], 0 -loc_fffa5756: ; not directly referenced +loc_fffa5785: ; not directly referenced mov eax, dword [ebp - 0x6c] mov edx, 0xff shr eax, 8 cmp dword [ebp - 0x70], 0 -jne short loc_fffa5788 ; jne 0xfffa5788 +jne short loc_fffa57b7 ; jne 0xfffa57b7 cmp eax, 0xff mov esi, edx cmovbe esi, eax @@ -6445,16 +6458,16 @@ movzx eax, al shl eax, 0x10 shl esi, 0x18 or esi, eax -jmp short loc_fffa5796 ; jmp 0xfffa5796 +jmp short loc_fffa57c5 ; jmp 0xfffa57c5 -loc_fffa5788: ; not directly referenced +loc_fffa57b7: ; not directly referenced cmp eax, 0xff cmovbe edx, eax mov eax, esi mov al, dl mov esi, eax -loc_fffa5796: ; not directly referenced +loc_fffa57c5: ; not directly referenced and ebx, 0xfffffbcf mov ecx, ebx mov ebx, dword [ebp - 0x74] @@ -6475,9 +6488,9 @@ mov eax, dword [ebp + 8] mov ebx, ecx mov al, byte [eax + 0x1917] test al, al -je loc_fffa5894 ; je 0xfffa5894 +je loc_fffa58c3 ; je 0xfffa58c3 cmp dword [ebp - 0x70], 0 -jne short loc_fffa5822 ; jne 0xfffa5822 +jne short loc_fffa5851 ; jne 0xfffa5851 mov edx, dword [ebp + 8] mov edi, 0x3fff mov eax, dword [ebp + 8] @@ -6493,28 +6506,28 @@ mov dl, byte [ebp - 0x70] cmovbe eax, edx and eax, 3 shl eax, 0x15 -jmp short loc_fffa588c ; jmp 0xfffa588c +jmp short loc_fffa58bb ; jmp 0xfffa58bb -loc_fffa5822: ; not directly referenced +loc_fffa5851: ; not directly referenced cmp al, 2 -jne short loc_fffa5849 ; jne 0xfffa5849 +jne short loc_fffa5878 ; jne 0xfffa5878 test dl, dl -je short loc_fffa5842 ; je 0xfffa5842 +je short loc_fffa5871 ; je 0xfffa5871 mov al, byte [ebp - 0x78] cmp al, 4 sete dl dec al sete al or dl, al -je short loc_fffa5842 ; je 0xfffa5842 +je short loc_fffa5871 ; je 0xfffa5871 mov edi, 0xd030c0 -jmp short loc_fffa5894 ; jmp 0xfffa5894 +jmp short loc_fffa58c3 ; jmp 0xfffa58c3 -loc_fffa5842: ; not directly referenced +loc_fffa5871: ; not directly referenced mov edi, 0x9030ce -jmp short loc_fffa5894 ; jmp 0xfffa5894 +jmp short loc_fffa58c3 ; jmp 0xfffa58c3 -loc_fffa5849: ; not directly referenced +loc_fffa5878: ; not directly referenced mov edx, dword [ebp + 8] mov edi, 0x3fff mov eax, dword [ebp + 8] @@ -6531,83 +6544,83 @@ cmovbe eax, edx and eax, 7 shl eax, 0x14 -loc_fffa588c: ; not directly referenced +loc_fffa58bb: ; not directly referenced or edi, 0x800000 or edi, eax -loc_fffa5894: ; not directly referenced +loc_fffa58c3: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x2402], 0 -je short loc_fffa58d8 ; je 0xfffa58d8 +je short loc_fffa5907 ; je 0xfffa5907 mov eax, dword [ebp - 0x24] cmp dword [ebp - 0x28], eax -jne short loc_fffa58ce ; jne 0xfffa58ce +jne short loc_fffa58fd ; jne 0xfffa58fd mov eax, dword [ebp - 0x6c] mov ebx, ecx or edi, 0x800000 or ebx, 0x40 and ebx, 0xfffffc7f -call fcn_fffaec34 ; call 0xfffaec34 +call fcn_fffb396b ; call 0xfffb396b sub eax, 9 and eax, 7 shl eax, 7 or ebx, eax -jmp short loc_fffa58d8 ; jmp 0xfffa58d8 +jmp short loc_fffa5907 ; jmp 0xfffa5907 -loc_fffa58ce: ; not directly referenced +loc_fffa58fd: ; not directly referenced mov eax, dword [ebp + 8] mov byte [eax + 0x2402], 0 -loc_fffa58d8: ; not directly referenced +loc_fffa5907: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, edi mov edx, 0x5024 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, ebx mov edx, 0x5000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov ecx, esi mov edx, 0x5014 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov dword [ebp - 0x6c], 0x5004 -lea ebx, [eax + 0x48c9] +lea ebx, [eax + 0x48ca] -loc_fffa5915: ; not directly referenced +loc_fffa5944: ; not directly referenced cmp dword [ebx - 0x1173], 2 mov esi, ebx -jne loc_fffa5aaf ; jne 0xfffa5aaf +jne loc_fffa5ade ; jne 0xfffa5ade xor edx, edx cmp dword [ebx], 2 -jne short loc_fffa5931 ; jne 0xfffa5931 +jne short loc_fffa5960 ; jne 0xfffa5960 mov edx, dword [ebx + 0xe1] -loc_fffa5931: ; not directly referenced +loc_fffa5960: ; not directly referenced cmp dword [ebx + 0x128], 2 lea eax, [ebx + 0x128] -jne short loc_fffa5948 ; jne 0xfffa5948 +jne short loc_fffa5977 ; jne 0xfffa5977 cmp dword [ebx + 0x209], edx -ja short loc_fffa594e ; ja 0xfffa594e +ja short loc_fffa597d ; ja 0xfffa597d -loc_fffa5948: ; not directly referenced +loc_fffa5977: ; not directly referenced mov edi, eax xor ecx, ecx -jmp short loc_fffa5957 ; jmp 0xfffa5957 +jmp short loc_fffa5986 ; jmp 0xfffa5986 -loc_fffa594e: ; not directly referenced +loc_fffa597d: ; not directly referenced mov ecx, 0x10000 mov edi, ebx mov esi, eax -loc_fffa5957: ; not directly referenced +loc_fffa5986: ; not directly referenced mov al, byte [esi + 0xed] mov byte [ebp - 0x70], al test al, al -je short loc_fffa59a6 ; je 0xfffa59a6 +je short loc_fffa59d5 ; je 0xfffa59d5 cmp dword [esi], 2 -jne short loc_fffa59a6 ; jne 0xfffa59a6 +jne short loc_fffa59d5 ; jne 0xfffa59d5 mov eax, dword [esi + 0xe1] mov edx, 0xff shr eax, 8 @@ -6626,13 +6639,13 @@ or ecx, edx shl eax, 0x13 or ecx, eax -loc_fffa59a6: ; not directly referenced +loc_fffa59d5: ; not directly referenced mov al, byte [edi + 0xed] mov byte [ebp - 0x70], al test al, al -je short loc_fffa59f5 ; je 0xfffa59f5 +je short loc_fffa5a24 ; je 0xfffa5a24 cmp dword [edi], 2 -jne short loc_fffa59f5 ; jne 0xfffa59f5 +jne short loc_fffa5a24 ; jne 0xfffa5a24 mov eax, dword [edi + 0xe1] mov edx, 0xff shr eax, 8 @@ -6651,7 +6664,7 @@ or ecx, eax shl edx, 0x14 or ecx, edx -loc_fffa59f5: ; not directly referenced +loc_fffa5a24: ; not directly referenced mov eax, dword [ebp + 8] mov eax, dword [eax + 0x1887] cmp eax, 0x306d0 @@ -6659,13 +6672,13 @@ sete dl cmp eax, 0x40650 sete al or dl, al -je short loc_fffa5a22 ; je 0xfffa5a22 +je short loc_fffa5a51 ; je 0xfffa5a51 lea eax, [ecx + ecx] and ecx, 0xffefffff and eax, 0x100000 or ecx, eax -loc_fffa5a22: ; not directly referenced +loc_fffa5a51: ; not directly referenced mov edi, dword [ebp + 8] mov eax, ecx or eax, 0x200000 @@ -6677,93 +6690,93 @@ or eax, 0x400000 cmp byte [edi + 0x1909], 0 cmovne ecx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne short loc_fffa5aaf ; jne 0xfffa5aaf +cmp dword [eax + 0x2481], 3 +jne short loc_fffa5ade ; jne 0xfffa5ade cmp dword [eax + 0x1887], 0x40650 -jne short loc_fffa5a7e ; jne 0xfffa5a7e +jne short loc_fffa5aad ; jne 0xfffa5aad xor ecx, ecx cmp byte [esi + 0xf1], 0x20 sete cl lea ecx, [ecx + ecx*2 + 0x200d00] -jmp short loc_fffa5a9b ; jmp 0xfffa5a9b +jmp short loc_fffa5aca ; jmp 0xfffa5aca -loc_fffa5a7e: ; not directly referenced +loc_fffa5aad: ; not directly referenced mov al, byte [esi + 0xf1] mov ecx, 0x401a00 cmp al, 0x10 -jne short loc_fffa5a91 ; jne 0xfffa5a91 +jne short loc_fffa5ac0 ; jne 0xfffa5ac0 mov cl, 5 -jmp short loc_fffa5a9b ; jmp 0xfffa5a9b +jmp short loc_fffa5aca ; jmp 0xfffa5aca -loc_fffa5a91: ; not directly referenced +loc_fffa5ac0: ; not directly referenced cmp al, 0x20 mov eax, 0x401a0a cmove ecx, eax -loc_fffa5a9b: ; not directly referenced +loc_fffa5aca: ; not directly referenced mov edx, dword [ebp - 0x6c] mov eax, dword [ebp + 8] shl edx, 8 sub edx, 0x4fc1f0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa5aaf: ; not directly referenced +loc_fffa5ade: ; not directly referenced add dword [ebp - 0x6c], 4 add ebx, 0x13c3 cmp dword [ebp - 0x6c], 0x500c -jne loc_fffa5915 ; jne 0xfffa5915 +jne loc_fffa5944 ; jne 0xfffa5944 xor edx, edx -jmp short loc_fffa5b40 ; jmp 0xfffa5b40 +jmp short loc_fffa5b6f ; jmp 0xfffa5b6f -loc_fffa5aca: ; not directly referenced +loc_fffa5af9: ; not directly referenced mov eax, dword [ebp + 8] -call fcn_fffa6828 ; call 0xfffa6828 +call fcn_fffa67d6 ; call 0xfffa67d6 mov edx, 0x12 test eax, eax -jne short loc_fffa5b40 ; jne 0xfffa5b40 +jne short loc_fffa5b6f ; jne 0xfffa5b6f sub esp, 0xc lea eax, [ebp - 0x58] push eax mov eax, dword [ebp + 8] lea edx, [ebp - 0x28] lea ecx, [ebp - 0x5b] -call fcn_fffa77b4 ; call 0xfffa77b4 +call fcn_fffa7762 ; call 0xfffa7762 mov edi, dword [ebp + 8] add esp, 0x10 mov edx, 0x16 -mov dword [edi + 0x36d7], eax -mov al, byte [edi + 0x36e7] +mov dword [edi + 0x36d8], eax +mov al, byte [edi + 0x36e8] cmp byte [ebp - 0x5b], al -jne short loc_fffa5b40 ; jne 0xfffa5b40 -jmp near loc_fffa2dab ; jmp 0xfffa2dab +jne short loc_fffa5b6f ; jne 0xfffa5b6f +jmp near loc_fffa2dda ; jmp 0xfffa2dda -loc_fffa5b11: ; not directly referenced +loc_fffa5b40: ; not directly referenced mov edx, 7 -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b18: ; not directly referenced +loc_fffa5b47: ; not directly referenced mov edx, 8 -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b1f: ; not directly referenced +loc_fffa5b4e: ; not directly referenced mov edx, 0xa -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b26: ; not directly referenced +loc_fffa5b55: ; not directly referenced mov edx, 0xb -jmp short loc_fffa5b32 ; jmp 0xfffa5b32 +jmp short loc_fffa5b61 ; jmp 0xfffa5b61 -loc_fffa5b2d: ; not directly referenced +loc_fffa5b5c: ; not directly referenced mov edx, 0xc -loc_fffa5b32: ; not directly referenced +loc_fffa5b61: ; not directly referenced cmp ecx, 2 -jne loc_fffa5369 ; jne 0xfffa5369 -jmp near loc_fffa53d1 ; jmp 0xfffa53d1 +jne loc_fffa5398 ; jne 0xfffa5398 +jmp near loc_fffa5400 ; jmp 0xfffa5400 -loc_fffa5b40: ; not directly referenced +loc_fffa5b6f: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -6772,28 +6785,28 @@ pop edi pop ebp ret -fcn_fffa5b4a: ; not directly referenced +fcn_fffa5b79: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_fffa5b54: ; not directly referenced +fcn_fffa5b83: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_fffa5b5e: ; not directly referenced +fcn_fffa5b8d: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_fffa5b68: ; not directly referenced +fcn_fffa5b97: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -6802,7 +6815,7 @@ out dx, al pop ebp ret -fcn_fffa5b74: ; not directly referenced +fcn_fffa5ba3: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 8] @@ -6810,7 +6823,7 @@ in al, dx pop ebp ret -fcn_fffa5b7d: ; not directly referenced +fcn_fffa5bac: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -6820,7 +6833,7 @@ wrmsr pop ebp ret -fcn_fffa5b8d: ; not directly referenced +fcn_fffa5bbc: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 8] @@ -6828,7 +6841,7 @@ rdmsr pop ebp ret -fcn_fffa5b97: ; not directly referenced +fcn_fffa5bc6: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -6836,87 +6849,94 @@ mov eax, dword [ebp + 8] cmp dword [ebp + 0xc], 0x41 mov edx, dword [eax + 0x241b] mov edx, dword [edx + 0x1e] -jne short loc_fffa5bbc ; jne 0xfffa5bbc +jne short loc_fffa5beb ; jne 0xfffa5beb sub esp, 0xc push eax call dword [edx + 0xcc] ; ucall add esp, 0x10 -loc_fffa5bbc: ; not directly referenced +loc_fffa5beb: ; not directly referenced xor eax, eax leave ret -fcn_fffa5bc0: ; not directly referenced +fcn_fffa5bef: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x14] pop ebp ret -fcn_fffa5bc8: ; not directly referenced +fcn_fffa5bf7: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffa5bcf: ; not directly referenced +fcn_fffa5bfe: ; not directly referenced push ebp mov ebp, esp -sub esp, 0x18 +push edi +sub esp, 0x1c mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x18], eax +mov dword [ebp - 0x10], 0 +mov dword [ebp - 0xc], 0 +mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x10] -mov dword [ebp - 0x14], eax +mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 8] -movq qword [ebp - 8], mm0 -movq mm0, qword [ebp - 0x18] -movq qword [eax], mm0 -movq mm0, qword [ebp - 8] +mov dword [ebp - 0x14], eax +movq qword [ebp - 0x10], mm0 +mov edi, dword [ebp - 0x14] +movq mm0, qword [ebp - 0x20] +movq qword [edi], mm0 +movq mm0, qword [ebp - 0x10] emms -mov eax, dword [ebp - 0x18] -mov edx, dword [ebp - 0x14] -leave +mov eax, dword [ebp - 0x20] +mov edx, dword [ebp - 0x1c] +add esp, 0x1c +pop edi +pop ebp ret -fcn_fffa5bfd: ; not directly referenced +fcn_fffa5c45: ; not directly referenced push ebp xor edx, edx mov ebp, esp mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0x10] -loc_fffa5c08: ; not directly referenced +loc_fffa5c50: ; not directly referenced cmp edx, dword [ebp + 0xc] -je short loc_fffa5c13 ; je 0xfffa5c13 +je short loc_fffa5c5b ; je 0xfffa5c5b mov dword [eax + edx*4], ecx inc edx -jmp short loc_fffa5c08 ; jmp 0xfffa5c08 +jmp short loc_fffa5c50 ; jmp 0xfffa5c50 -loc_fffa5c13: ; not directly referenced +loc_fffa5c5b: ; not directly referenced pop ebp ret -fcn_fffa5c15: ; not directly referenced +fcn_fffa5c5d: ; not directly referenced push ebp xor edx, edx mov ebp, esp mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0x10] -loc_fffa5c20: ; not directly referenced +loc_fffa5c68: ; not directly referenced cmp edx, dword [ebp + 0xc] -je short loc_fffa5c2c ; je 0xfffa5c2c +je short loc_fffa5c74 ; je 0xfffa5c74 mov word [eax + edx*2], cx inc edx -jmp short loc_fffa5c20 ; jmp 0xfffa5c20 +jmp short loc_fffa5c68 ; jmp 0xfffa5c68 -loc_fffa5c2c: ; not directly referenced +loc_fffa5c74: ; not directly referenced pop ebp ret -fcn_fffa5c2e: +fcn_fffa5c76: push ebp mov ebp, esp push esi @@ -6925,21 +6945,21 @@ push ebx mov ebx, dword [ebp + 0xc] add esi, ebx -loc_fffa5c3b: +loc_fffa5c83: cmp ebx, esi -je short loc_fffa5c58 ; je 0xfffa5c58 +je short loc_fffa5ca0 ; je 0xfffa5ca0 mov eax, dword [0xff7d0274] inc ebx movzx edx, byte [ebx - 1] test eax, eax -je short loc_fffa5c3b ; je 0xfffa5c3b +je short loc_fffa5c83 ; je 0xfffa5c83 sub esp, 0xc push edx call eax add esp, 0x10 -jmp short loc_fffa5c3b ; jmp 0xfffa5c3b +jmp short loc_fffa5c83 ; jmp 0xfffa5c83 -loc_fffa5c58: +loc_fffa5ca0: lea esp, [ebp - 8] or eax, 0xffffffff pop ebx @@ -6947,14 +6967,14 @@ pop esi pop ebp ret -fcn_fffa5c62: ; not directly referenced +fcn_fffa5caa: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffa5c69: ; not directly referenced +fcn_fffa5cb1: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -6963,7 +6983,7 @@ mov dword [0xff7d0080], eax xor eax, eax ret -fcn_fffa5c78: ; not directly referenced +fcn_fffa5cc0: ; not directly referenced push ebp mov edx, dword [0xff7d0080] mov ebp, esp @@ -6973,70 +6993,13 @@ xor eax, eax pop ebp ret -fcn_fffa5c8a: ; not directly referenced -push ebp -mov ebp, esp -pop ebp -jmp near loc_fffd2972 ; jmp 0xfffd2972 - -fcn_fffa5c93: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov ecx, dword [eax + 0x5edc] -lea edx, [ecx + 0x1b8] -xor ecx, ecx -mov dword [ebp + 8], edx -mov edx, 1 -pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 - -fcn_fffa5cb5: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -lea ecx, [eax + 0x1c] -mov byte [eax + 0x247c], 1 -add edx, 0x1b8 -mov dword [edx], ecx -xor ecx, ecx -mov dword [ebp + 8], edx -xor edx, edx -pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 - -fcn_fffa5ce0: ; not directly referenced -push ebp -mov ebp, esp -sub esp, 8 -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -cmp byte [edx + 0x1c4], 1 -jne short loc_fffa5d04 ; jne 0xfffa5d04 -sub esp, 0xc -push eax -call fcn_fffa5cb5 ; call 0xfffa5cb5 -add esp, 0x10 - -loc_fffa5d04: ; not directly referenced -xor eax, eax -leave -ret - -fcn_fffa5d08: ; not directly referenced +fcn_fffa5cd2: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 8] -mov ecx, dword [eax + 0x5edc] -lea edx, [ecx + 0x1b8] -mov ecx, 1 -mov dword [ebp + 8], edx -mov edx, 1 pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 +jmp near loc_fffd2c64 ; jmp 0xfffd2c64 -fcn_fffa5d2d: ; not directly referenced +fcn_fffa5cdb: ; not directly referenced push ebp mov ebp, esp push edi @@ -7055,7 +7018,7 @@ mov byte [ebp - 0x5b0], bl mov dword [ebp - 0x5ec], ecx mov byte [ebp - 0x5e0], cl mov dword [ebp - 0x5f0], edi -mov edi, dword [eax + 0x2443] +mov edi, dword [eax + 0x2444] lea eax, [ebp - 0x590] push 1 push 5 @@ -7129,7 +7092,7 @@ mov dword [ebp - 0x5d0], eax add eax, 0x7fffffff mov dword [ebp - 0x604], eax -loc_fffa5e6f: ; not directly referenced +loc_fffa5e1d: ; not directly referenced movzx eax, byte [ebp - 0x5b0] mov ecx, dword [ebp - 0x5c0] mov dword [ebp - 0x5c8], 0 @@ -7154,22 +7117,22 @@ mov ecx, ebx mov dword [ebp - 0x5f8], eax shl ecx, 6 -loc_fffa5ed2: ; not directly referenced +loc_fffa5e80: ; not directly referenced mov esi, dword [ebp - 0x5c8] mov eax, esi mov byte [ebp - 0x5e8], al movzx eax, al cmp eax, dword [ebp - 0x5d0] -jge loc_fffa6035 ; jge 0xfffa6035 +jge loc_fffa5fe3 ; jge 0xfffa5fe3 mov esi, dword [ebp + 0x10] cmp byte [esi + ebx], 0 -jne short loc_fffa5f16 ; jne 0xfffa5f16 +jne short loc_fffa5ec4 ; jne 0xfffa5ec4 lea edx, [ecx + eax] mov dword [ebp + edx*4 - 0x518], 1 mov dword [ebp + ebx*4 - 0x568], 1 -jmp near loc_fffa6005 ; jmp 0xfffa6005 +jmp near loc_fffa5fb3 ; jmp 0xfffa5fb3 -loc_fffa5f16: ; not directly referenced +loc_fffa5ec4: ; not directly referenced mov dl, byte [ebp - 0x5e8] lea edi, [ecx + eax] mov dword [ebp - 0x5c4], edi @@ -7178,67 +7141,67 @@ adc byte [ebp - 0x5d9], 0 sub edx, dword [ebp - 0x5d4] mov esi, edx -loc_fffa5f37: ; not directly referenced +loc_fffa5ee5: ; not directly referenced mov dl, byte [ebp - 0x5d4] sub edx, dword [ebp - 0x5e8] mov edi, edx add edi, esi mov edx, edi cmp dl, byte [ebp - 0x5b0] -jae short loc_fffa5fa7 ; jae 0xfffa5fa7 +jae short loc_fffa5f55 ; jae 0xfffa5f55 mov edx, esi test dl, dl -jns short loc_fffa5f5f ; jns 0xfffa5f5f +jns short loc_fffa5f0d ; jns 0xfffa5f0d mov edi, dword [ebp - 0x5f4] -jmp short loc_fffa5f6f ; jmp 0xfffa5f6f +jmp short loc_fffa5f1d ; jmp 0xfffa5f1d -loc_fffa5f5f: ; not directly referenced +loc_fffa5f0d: ; not directly referenced mov edx, esi cmp dl, byte [ebp - 0x5e0] -jl short loc_fffa5f74 ; jl 0xfffa5f74 +jl short loc_fffa5f22 ; jl 0xfffa5f22 mov edi, dword [ebp - 0x5f8] -loc_fffa5f6f: ; not directly referenced +loc_fffa5f1d: ; not directly referenced movzx edi, word [edi] -jmp short loc_fffa5f97 ; jmp 0xfffa5f97 +jmp short loc_fffa5f45 ; jmp 0xfffa5f45 -loc_fffa5f74: ; not directly referenced +loc_fffa5f22: ; not directly referenced mov edx, esi movsx edi, dl cmp eax, edi -jne short loc_fffa5f87 ; jne 0xfffa5f87 +jne short loc_fffa5f35 ; jne 0xfffa5f35 mov edi, dword [ebp - 0x5b8] add edi, eax -jmp short loc_fffa5f8d ; jmp 0xfffa5f8d +jmp short loc_fffa5f3b ; jmp 0xfffa5f3b -loc_fffa5f87: ; not directly referenced +loc_fffa5f35: ; not directly referenced add edi, dword [ebp - 0x5b8] -loc_fffa5f8d: ; not directly referenced +loc_fffa5f3b: ; not directly referenced mov edx, dword [ebp - 0x5c0] movzx edi, word [edx + edi*2] -loc_fffa5f97: ; not directly referenced +loc_fffa5f45: ; not directly referenced mov edx, dword [ebp - 0x5c4] inc esi add dword [ebp + edx*4 - 0x518], edi -jmp short loc_fffa5f37 ; jmp 0xfffa5f37 +jmp short loc_fffa5ee5 ; jmp 0xfffa5ee5 -loc_fffa5fa7: ; not directly referenced +loc_fffa5f55: ; not directly referenced lea edx, [ecx + eax] mov edx, dword [ebp + edx*4 - 0x518] cmp dword [ebp + ebx*4 - 0x590], edx -jae short loc_fffa5fc1 ; jae 0xfffa5fc1 +jae short loc_fffa5f6f ; jae 0xfffa5f6f mov dword [ebp + ebx*4 - 0x590], edx -loc_fffa5fc1: ; not directly referenced +loc_fffa5f6f: ; not directly referenced cmp dword [ebp + ebx*4 - 0x568], edx -jbe short loc_fffa5fdb ; jbe 0xfffa5fdb +jbe short loc_fffa5f89 ; jbe 0xfffa5f89 lea esi, [ecx + eax] mov esi, dword [ebp + esi*4 - 0x518] mov dword [ebp + ebx*4 - 0x568], esi -loc_fffa5fdb: ; not directly referenced +loc_fffa5f89: ; not directly referenced movzx esi, byte [ebp - 0x5c8] mov edi, dword [ebp - 0x5c0] add esi, dword [ebp - 0x5b8] @@ -7248,7 +7211,7 @@ sub edx, esi imul edx, edx add dword [ebp + ebx*4 - 0x540], edx -loc_fffa6005: ; not directly referenced +loc_fffa5fb3: ; not directly referenced imul edx, ebx, 0x29 movzx edi, byte [ebp - 0x5b0] inc dword [ebp - 0x5c8] @@ -7259,14 +7222,14 @@ xor edx, edx div edi mov edi, dword [ebp - 0x5ac] mov dword [edi + esi*4 + 6], eax -jmp near loc_fffa5ed2 ; jmp 0xfffa5ed2 +jmp near loc_fffa5e80 ; jmp 0xfffa5e80 -loc_fffa6035: ; not directly referenced +loc_fffa5fe3: ; not directly referenced mov eax, dword [ebp + 0x10] mov al, byte [eax + ebx] mov byte [ebp - 0x5c8], al test al, al -je loc_fffa61bd ; je 0xfffa61bd +je loc_fffa616b ; je 0xfffa616b mov edx, dword [ebp + ebx*4 - 0x590] mov ecx, dword [ebp + ebx*4 - 0x568] mov eax, edx @@ -7281,37 +7244,37 @@ mov dword [ebp + ebx*4 - 0x554], eax mov eax, dword [ebp + ebx*4 - 0x540] div dword [ebp - 0x5d0] test eax, eax -jne short loc_fffa6094 ; jne 0xfffa6094 +jne short loc_fffa6042 ; jne 0xfffa6042 mov dword [ebp + ebx*4 - 0x540], 0 -jmp short loc_fffa6103 ; jmp 0xfffa6103 +jmp short loc_fffa60b1 ; jmp 0xfffa60b1 -loc_fffa6094: ; not directly referenced +loc_fffa6042: ; not directly referenced imul eax, eax, 0x64 xor esi, esi -call fcn_fffaebb7 ; call 0xfffaebb7 +call fcn_fffb38ee ; call 0xfffb38ee mov ecx, eax mov eax, 1 shr ecx, 1 -loc_fffa60a7: ; not directly referenced +loc_fffa6055: ; not directly referenced cmp ecx, 0x64 -jbe short loc_fffa60d2 ; jbe 0xfffa60d2 +jbe short loc_fffa6080 ; jbe 0xfffa6080 imul eax, eax, 0xa9e mov edi, 0xa xor edx, edx sub ecx, 0x64 div edi test esi, esi -je short loc_fffa60cb ; je 0xfffa60cb +je short loc_fffa6079 ; je 0xfffa6079 mov esi, 0x64 xor edx, edx div esi -loc_fffa60cb: ; not directly referenced +loc_fffa6079: ; not directly referenced mov esi, 1 -jmp short loc_fffa60a7 ; jmp 0xfffa60a7 +jmp short loc_fffa6055 ; jmp 0xfffa6055 -loc_fffa60d2: ; not directly referenced +loc_fffa6080: ; not directly referenced lea edx, [ecx*8 + 0x384] imul edx, ecx mov ecx, 0x3e8 @@ -7321,15 +7284,15 @@ mov eax, edx xor edx, edx div ecx test esi, esi -je short loc_fffa60fc ; je 0xfffa60fc +je short loc_fffa60aa ; je 0xfffa60aa mov cx, 0x64 xor edx, edx div ecx -loc_fffa60fc: ; not directly referenced +loc_fffa60aa: ; not directly referenced mov dword [ebp + ebx*4 - 0x540], eax -loc_fffa6103: ; not directly referenced +loc_fffa60b1: ; not directly referenced mov ecx, dword [ebp + ebx*4 - 0x590] xor edx, edx mov edi, dword [ebp + ebx*4 - 0x568] @@ -7340,11 +7303,11 @@ mov esi, eax mov dword [ebp + ebx*4 - 0x540], eax imul eax, dword [ebp - 0x5c4], 0x3e8 test esi, esi -je short loc_fffa613e ; je 0xfffa613e +je short loc_fffa60ec ; je 0xfffa60ec xor edx, edx div esi -loc_fffa613e: ; not directly referenced +loc_fffa60ec: ; not directly referenced mov edx, dword [ebp - 0x5ac] mov dword [ebp + ebx*4 - 0x52c], eax mov al, byte [ebp - 0x5c8] @@ -7377,23 +7340,23 @@ idiv esi mov edx, dword [ebp - 0x5ac] mov word [edx + ebx*2 + 0x6c], ax -loc_fffa61bd: ; not directly referenced +loc_fffa616b: ; not directly referenced mov eax, dword [ebp - 0x5fc] inc ebx add dword [ebp - 0x5b8], eax cmp ebx, 5 -jne loc_fffa5e6f ; jne 0xfffa5e6f +jne loc_fffa5e1d ; jne 0xfffa5e1d mov eax, 5 -loc_fffa61d8: ; not directly referenced +loc_fffa6186: ; not directly referenced dec eax -je short loc_fffa6205 ; je 0xfffa6205 +je short loc_fffa61b3 ; je 0xfffa61b3 xor edx, edx -loc_fffa61dd: ; not directly referenced +loc_fffa618b: ; not directly referenced movzx ecx, dl cmp ecx, eax -jge short loc_fffa61d8 ; jge 0xfffa61d8 +jge short loc_fffa6186 ; jge 0xfffa6186 shl ecx, 2 lea esi, [ebp - 0x57c] add esi, ecx @@ -7401,47 +7364,47 @@ lea ecx, [ebp + ecx - 0x578] mov ebx, dword [esi] mov edi, dword [ecx] cmp ebx, edi -jae short loc_fffa6202 ; jae 0xfffa6202 +jae short loc_fffa61b0 ; jae 0xfffa61b0 mov dword [esi], edi mov dword [ecx], ebx -loc_fffa6202: ; not directly referenced +loc_fffa61b0: ; not directly referenced inc edx -jmp short loc_fffa61dd ; jmp 0xfffa61dd +jmp short loc_fffa618b ; jmp 0xfffa618b -loc_fffa6205: ; not directly referenced +loc_fffa61b3: ; not directly referenced mov esi, dword [ebp - 0x56c] xor edi, edi xor ebx, ebx -loc_fffa620f: ; not directly referenced +loc_fffa61bd: ; not directly referenced cmp edi, 4 -je short loc_fffa621d ; je 0xfffa621d +je short loc_fffa61cb ; je 0xfffa61cb mov eax, dword [ebp + edi*4 - 0x57c] -jmp short loc_fffa621f ; jmp 0xfffa621f +jmp short loc_fffa61cd ; jmp 0xfffa61cd -loc_fffa621d: ; not directly referenced +loc_fffa61cb: ; not directly referenced mov eax, esi -loc_fffa621f: ; not directly referenced -call fcn_fffaec34 ; call 0xfffaec34 +loc_fffa61cd: ; not directly referenced +call fcn_fffb396b ; call 0xfffb396b inc edi add ebx, eax cmp edi, 5 -jne short loc_fffa620f ; jne 0xfffa620f +jne short loc_fffa61bd ; jne 0xfffa61bd add ebx, 0xb cmp bl, 0x40 -ja short loc_fffa6259 ; ja 0xfffa6259 +ja short loc_fffa6207 ; ja 0xfffa6207 -loc_fffa6234: ; not directly referenced +loc_fffa61e2: ; not directly referenced mov al, byte [ebp - 0x5ec] cmp byte [ebp - 0x600], 0 mov byte [ebp - 0x5c8], 0 mov byte [ebp - 0x5c0], al -je loc_fffa62f4 ; je 0xfffa62f4 -jmp near loc_fffa631f ; jmp 0xfffa631f +je loc_fffa62a2 ; je 0xfffa62a2 +jmp near loc_fffa62cd ; jmp 0xfffa62cd -loc_fffa6259: ; not directly referenced +loc_fffa6207: ; not directly referenced movzx ecx, byte [ebp - 0x5d9] movzx ebx, bl lea eax, [ecx + ebx - 0x41] @@ -7455,7 +7418,7 @@ shl edx, cl mov dword [ebp - 0x5b0], eax movzx eax, dl -loc_fffa6282: ; not directly referenced +loc_fffa6230: ; not directly referenced mov edx, dword [ebp + ebx*4 - 0x590] mov esi, dword [ebp - 0x5b0] add edx, eax @@ -7471,10 +7434,10 @@ sar edx, cl mov word [ebp + ebx*2 - 0x59a], dx xor edx, edx -loc_fffa62bd: ; not directly referenced +loc_fffa626b: ; not directly referenced movzx edi, dl cmp edi, dword [ebp - 0x5d0] -jge short loc_fffa62e9 ; jge 0xfffa62e9 +jge short loc_fffa6297 ; jge 0xfffa6297 add edi, dword [ebp - 0x5b8] inc edx mov cl, byte [ebp - 0x5b0] @@ -7482,26 +7445,26 @@ mov esi, dword [ebp + edi*4 - 0x518] add esi, eax shr esi, cl mov dword [ebp + edi*4 - 0x518], esi -jmp short loc_fffa62bd ; jmp 0xfffa62bd +jmp short loc_fffa626b ; jmp 0xfffa626b -loc_fffa62e9: ; not directly referenced +loc_fffa6297: ; not directly referenced inc ebx cmp ebx, 5 -jne short loc_fffa6282 ; jne 0xfffa6282 -jmp near loc_fffa6234 ; jmp 0xfffa6234 +jne short loc_fffa6230 ; jne 0xfffa6230 +jmp near loc_fffa61e2 ; jmp 0xfffa61e2 -loc_fffa62f4: ; not directly referenced +loc_fffa62a2: ; not directly referenced mov eax, dword [ebp - 0x5d8] cmp dword [ebp - 0x5d0], eax -jle short loc_fffa631f ; jle 0xfffa631f +jle short loc_fffa62cd ; jle 0xfffa62cd cmp byte [ebp - 0x5d4], 0 -je short loc_fffa631f ; je 0xfffa631f +je short loc_fffa62cd ; je 0xfffa62cd mov al, byte [ebp - 0x5ec] mov byte [ebp - 0x5c8], 1 dec eax mov byte [ebp - 0x5c0], al -loc_fffa631f: ; not directly referenced +loc_fffa62cd: ; not directly referenced mov al, byte [ebp - 0x5c8] xor esi, esi xor edi, edi @@ -7510,11 +7473,11 @@ mov dword [ebp - 0x5b8], 0xffffffff mov dword [ebp - 0x5b4], 0xffffffff mov byte [ebp - 0x5c4], al -loc_fffa634a: ; not directly referenced +loc_fffa62f8: ; not directly referenced mov al, byte [ebp - 0x5c0] mov cl, byte [ebp - 0x5c4] cmp cl, al -jae loc_fffa6500 ; jae 0xfffa6500 +jae loc_fffa64ae ; jae 0xfffa64ae movzx eax, cl xor ebx, ebx lea eax, [ebp + eax*4 - 0x518] @@ -7523,11 +7486,11 @@ mov dword [ebp - 0x5e8], 0 mov dword [ebp - 0x5e4], 0 mov dword [ebp - 0x5d4], 0xffffffff -loc_fffa638e: ; not directly referenced +loc_fffa633c: ; not directly referenced mov eax, dword [ebp + 0x10] mov byte [ebp - 0x5ec], bl cmp byte [eax + ebx], 0 -je loc_fffa645f ; je 0xfffa645f +je loc_fffa640d ; je 0xfffa640d mov ecx, dword [ebp - 0x5d8] mov eax, ebx shl eax, 8 @@ -7541,12 +7504,12 @@ cmovbe eax, ecx xor ecx, ecx mov dword [ebp - 0x5d4], eax -loc_fffa63dc: ; not directly referenced +loc_fffa638a: ; not directly referenced mov eax, dword [ebp + 0x10] cmp byte [eax + ecx], 0 -je short loc_fffa6425 ; je 0xfffa6425 +je short loc_fffa63d3 ; je 0xfffa63d3 cmp byte [ebp - 0x5ec], cl -je short loc_fffa6425 ; je 0xfffa6425 +je short loc_fffa63d3 ; je 0xfffa63d3 push eax mov eax, dword [ebp - 0x5bc] push dword [ebp + ecx*4 - 0x590] @@ -7559,10 +7522,10 @@ add esp, 0x10 mov dword [ebp - 0x5d0], eax mov dword [ebp - 0x5cc], edx -loc_fffa6425: ; not directly referenced +loc_fffa63d3: ; not directly referenced inc ecx cmp ecx, 5 -jne short loc_fffa63dc ; jne 0xfffa63dc +jne short loc_fffa638a ; jne 0xfffa638a mov ecx, dword [ebp - 0x5e0] push eax mov eax, dword [ebp - 0x5d8] @@ -7575,17 +7538,17 @@ add dword [ebp - 0x5e8], eax adc dword [ebp - 0x5e4], edx add esp, 0x10 -loc_fffa645f: ; not directly referenced +loc_fffa640d: ; not directly referenced inc ebx cmp ebx, 5 -jne loc_fffa638e ; jne 0xfffa638e +jne loc_fffa633c ; jne 0xfffa633c mov eax, 1 xor edx, edx xor ebx, ebx -loc_fffa6472: ; not directly referenced +loc_fffa6420: ; not directly referenced cmp bl, byte [ebp - 0x5d9] -je short loc_fffa6492 ; je 0xfffa6492 +je short loc_fffa6440 ; je 0xfffa6440 push ecx inc ebx push dword [ebp - 0x5d4] @@ -7594,45 +7557,45 @@ push eax mov eax, dword [ebp - 0x5bc] call dword [eax + 0x70] ; ucall add esp, 0x10 -jmp short loc_fffa6472 ; jmp 0xfffa6472 +jmp short loc_fffa6420 ; jmp 0xfffa6420 -loc_fffa6492: ; not directly referenced +loc_fffa6440: ; not directly referenced mov ecx, dword [ebp - 0x5e8] mov ebx, dword [ebp - 0x5e4] add ecx, eax adc ebx, edx cmp dword [ebp - 0x5b4], ebx -jb short loc_fffa64c0 ; jb 0xfffa64c0 -ja short loc_fffa64b4 ; ja 0xfffa64b4 +jb short loc_fffa646e ; jb 0xfffa646e +ja short loc_fffa6462 ; ja 0xfffa6462 cmp dword [ebp - 0x5b8], ecx -jbe short loc_fffa64c0 ; jbe 0xfffa64c0 +jbe short loc_fffa646e ; jbe 0xfffa646e -loc_fffa64b4: ; not directly referenced +loc_fffa6462: ; not directly referenced mov dword [ebp - 0x5b8], ecx mov dword [ebp - 0x5b4], ebx -loc_fffa64c0: ; not directly referenced +loc_fffa646e: ; not directly referenced cmp ebx, edi -ja short loc_fffa64ca ; ja 0xfffa64ca -jb short loc_fffa64da ; jb 0xfffa64da +ja short loc_fffa6478 ; ja 0xfffa6478 +jb short loc_fffa6488 ; jb 0xfffa6488 cmp ecx, esi -jbe short loc_fffa64da ; jbe 0xfffa64da +jbe short loc_fffa6488 ; jbe 0xfffa6488 -loc_fffa64ca: ; not directly referenced +loc_fffa6478: ; not directly referenced mov al, byte [ebp - 0x5c4] mov esi, ecx mov edi, ebx mov byte [ebp - 0x5b0], al -loc_fffa64da: ; not directly referenced +loc_fffa6488: ; not directly referenced movzx eax, byte [ebp - 0x5c4] mov edx, dword [ebp - 0x5ac] inc byte [ebp - 0x5c4] mov dword [edx + eax*8 + 0x8e], ecx mov dword [edx + eax*8 + 0x92], ebx -jmp near loc_fffa634a ; jmp 0xfffa634a +jmp near loc_fffa62f8 ; jmp 0xfffa62f8 -loc_fffa6500: ; not directly referenced +loc_fffa64ae: ; not directly referenced mov ebx, dword [ebp - 0x5bc] mov eax, dword [ebx + 0x74] push edx @@ -7673,34 +7636,34 @@ mov dword [eax + 0x86], ecx mov dword [eax + 0x8a], ebx mov eax, dword [ebp - 0x5f0] test al, al -je loc_fffa6656 ; je 0xfffa6656 +je loc_fffa6604 ; je 0xfffa6604 movzx ebx, byte [ebp - 0x5b0] movsx eax, al -jns short loc_fffa65be ; jns 0xfffa65be +jns short loc_fffa656c ; jns 0xfffa656c movzx edx, byte [ebp - 0x5c8] add ebx, eax mov esi, 1 cmp ebx, edx cmovl ebx, edx -jmp short loc_fffa65e5 ; jmp 0xfffa65e5 +jmp short loc_fffa6593 ; jmp 0xfffa6593 -loc_fffa65be: ; not directly referenced +loc_fffa656c: ; not directly referenced movzx edx, byte [ebp - 0x5c0] add ebx, eax cmp ebx, edx -jl short loc_fffa65d4 ; jl 0xfffa65d4 +jl short loc_fffa6582 ; jl 0xfffa6582 mov bl, byte [ebp - 0x5c0] dec ebx -jmp short loc_fffa65e0 ; jmp 0xfffa65e0 +jmp short loc_fffa658e ; jmp 0xfffa658e -loc_fffa65d4: ; not directly referenced +loc_fffa6582: ; not directly referenced mov bl, byte [ebp - 0x5f0] add ebx, dword [ebp - 0x5b0] -loc_fffa65e0: ; not directly referenced +loc_fffa658e: ; not directly referenced mov esi, 0xffffffff -loc_fffa65e5: ; not directly referenced +loc_fffa6593: ; not directly referenced mov ecx, dword [ebp - 0x5ac] push eax movzx eax, byte [ebp - 0x5b0] @@ -7717,29 +7680,29 @@ push eax call dword [edi + 0x74] ; ucall add esp, 0x20 -loc_fffa661f: ; not directly referenced +loc_fffa65cd: ; not directly referenced cmp bl, byte [ebp - 0x5b0] -je short loc_fffa6641 ; je 0xfffa6641 +je short loc_fffa65ef ; je 0xfffa65ef mov edi, dword [ebp - 0x5ac] movzx ecx, bl add ecx, 0x10 cmp dword [edi + ecx*8 + 0x12], edx -jb short loc_fffa6652 ; jb 0xfffa6652 -ja short loc_fffa6641 ; ja 0xfffa6641 +jb short loc_fffa6600 ; jb 0xfffa6600 +ja short loc_fffa65ef ; ja 0xfffa65ef cmp dword [edi + ecx*8 + 0xe], eax -jbe short loc_fffa6652 ; jbe 0xfffa6652 +jbe short loc_fffa6600 ; jbe 0xfffa6600 -loc_fffa6641: ; not directly referenced +loc_fffa65ef: ; not directly referenced mov eax, dword [ebp - 0x5ac] sub ebx, dword [ebp - 0x5b0] mov byte [eax + 2], bl -jmp short loc_fffa6656 ; jmp 0xfffa6656 +jmp short loc_fffa6604 ; jmp 0xfffa6604 -loc_fffa6652: ; not directly referenced +loc_fffa6600: ; not directly referenced add ebx, esi -jmp short loc_fffa661f ; jmp 0xfffa661f +jmp short loc_fffa65cd ; jmp 0xfffa65cd -loc_fffa6656: ; not directly referenced +loc_fffa6604: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -7747,7 +7710,7 @@ pop edi pop ebp ret -fcn_fffa665e: ; not directly referenced +fcn_fffa660c: ; not directly referenced push ebp mov ebp, esp push edi @@ -7756,20 +7719,20 @@ xor esi, esi push ebx sub esp, 0x1c mov dword [ebp - 0x20], eax -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x28], edx mov dword [ebp - 0x1c], eax -loc_fffa6677: ; not directly referenced +loc_fffa6625: ; not directly referenced mov eax, dword [ebp - 0x1c] cmp dword [eax], 2 -je short loc_fffa669c ; je 0xfffa669c +je short loc_fffa664a ; je 0xfffa664a -loc_fffa667f: ; not directly referenced +loc_fffa662d: ; not directly referenced add esi, 0x400 add dword [ebp - 0x1c], 0x13c3 cmp esi, 0x800 -jne short loc_fffa6677 ; jne 0xfffa6677 +jne short loc_fffa6625 ; jne 0xfffa6625 add esp, 0x1c pop ebx pop esi @@ -7777,28 +7740,28 @@ pop edi pop ebp ret -loc_fffa669c: ; not directly referenced +loc_fffa664a: ; not directly referenced mov edi, dword [ebp - 0x28] lea eax, [esi + 0x4060] mov dword [ebp - 0x24], eax lea ebx, [esi + 0x4054] sub edi, esi -loc_fffa66b0: ; not directly referenced +loc_fffa665e: ; not directly referenced mov ecx, dword [edi + ebx - 0x4054] mov edx, ebx mov eax, dword [ebp - 0x20] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [edi + ebx - 0x4054] lea edx, [ebx - 0xc] mov eax, dword [ebp - 0x20] add ebx, 4 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp ebx, dword [ebp - 0x24] -jne short loc_fffa66b0 ; jne 0xfffa66b0 -jmp short loc_fffa667f ; jmp 0xfffa667f +jne short loc_fffa665e ; jne 0xfffa665e +jmp short loc_fffa662d ; jmp 0xfffa662d -fcn_fffa66dd: ; not directly referenced +fcn_fffa668b: ; not directly referenced push ebp mov ebp, esp push edi @@ -7807,38 +7770,38 @@ push ebx sub esp, 0x10 mov dword [ebp - 0x18], eax cmp cl, 5 -ja short loc_fffa6700 ; ja 0xfffa6700 +ja short loc_fffa66ae ; ja 0xfffa66ae cmp cl, 4 -jae short loc_fffa671a ; jae 0xfffa671a +jae short loc_fffa66c8 ; jae 0xfffa66c8 lea eax, [ecx - 1] cmp al, 1 -ja loc_fffa67f4 ; ja 0xfffa67f4 -jmp short loc_fffa671a ; jmp 0xfffa671a +ja loc_fffa67a2 ; ja 0xfffa67a2 +jmp short loc_fffa66c8 ; jmp 0xfffa66c8 -loc_fffa6700: ; not directly referenced +loc_fffa66ae: ; not directly referenced cmp cl, 0x10 -jb loc_fffa67f4 ; jb 0xfffa67f4 +jb loc_fffa67a2 ; jb 0xfffa67a2 cmp cl, 0x11 -jbe short loc_fffa6721 ; jbe 0xfffa6721 +jbe short loc_fffa66cf ; jbe 0xfffa66cf lea eax, [ecx - 0x20] cmp al, 1 -jbe short loc_fffa6721 ; jbe 0xfffa6721 -jmp near loc_fffa67f4 ; jmp 0xfffa67f4 +jbe short loc_fffa66cf ; jbe 0xfffa66cf +jmp near loc_fffa67a2 ; jmp 0xfffa67a2 -loc_fffa671a: ; not directly referenced +loc_fffa66c8: ; not directly referenced mov edi, 0xa -jmp short loc_fffa6726 ; jmp 0xfffa6726 +jmp short loc_fffa66d4 ; jmp 0xfffa66d4 -loc_fffa6721: ; not directly referenced +loc_fffa66cf: ; not directly referenced mov edi, 7 -loc_fffa6726: ; not directly referenced +loc_fffa66d4: ; not directly referenced xor ebx, ebx cmp cl, 0x21 -ja short loc_fffa6733 ; ja 0xfffa6733 -mov bl, byte [ecx + ref_fffd5f1c] ; mov bl, byte [ecx - 0x2a0e4] +ja short loc_fffa66e1 ; ja 0xfffa66e1 +mov bl, byte [ecx + ref_fffd58e0] ; mov bl, byte [ecx - 0x2a720] -loc_fffa6733: ; not directly referenced +loc_fffa66e1: ; not directly referenced cmp bl, 7 mov al, 7 cmovbe eax, ebx @@ -7846,54 +7809,54 @@ xor ebx, ebx movzx esi, al mov eax, dword [ebp - 0x18] imul esi, esi, 0x240 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x10], eax mov eax, edi add esi, edx movzx eax, al mov dword [ebp - 0x1c], eax -loc_fffa675b: ; not directly referenced +loc_fffa6709: ; not directly referenced mov eax, dword [ebp - 0x10] cmp dword [eax], 2 -jne short loc_fffa67dd ; jne 0xfffa67dd +jne short loc_fffa678b ; jne 0xfffa678b mov byte [ebp - 0x11], 0 -loc_fffa6767: ; not directly referenced +loc_fffa6715: ; not directly referenced mov edi, dword [ebp - 0x18] movzx eax, byte [ebp - 0x11] -cmp al, byte [edi + 0x2488] -jae short loc_fffa67b9 ; jae 0xfffa67b9 +cmp al, byte [edi + 0x2489] +jae short loc_fffa6767 ; jae 0xfffa6767 add eax, ebx xor ecx, ecx lea eax, [esi + eax*8] -loc_fffa677d: ; not directly referenced +loc_fffa672b: ; not directly referenced mov edi, dword [ebp - 0x10] mov edx, 1 shl edx, cl test byte [edi + 0xc4], dl -je short loc_fffa67ae ; je 0xfffa67ae +je short loc_fffa675c ; je 0xfffa675c imul edx, ecx, 0x90 mov edi, dword [eax + edx] cmp dword [esi + ebx*8], edi -jbe short loc_fffa67a0 ; jbe 0xfffa67a0 +jbe short loc_fffa674e ; jbe 0xfffa674e mov dword [esi + ebx*8], edi -loc_fffa67a0: ; not directly referenced +loc_fffa674e: ; not directly referenced mov edx, dword [eax + edx + 4] cmp dword [esi + ebx*8 + 4], edx -jbe short loc_fffa67ae ; jbe 0xfffa67ae +jbe short loc_fffa675c ; jbe 0xfffa675c mov dword [esi + ebx*8 + 4], edx -loc_fffa67ae: ; not directly referenced +loc_fffa675c: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffa677d ; jne 0xfffa677d +jne short loc_fffa672b ; jne 0xfffa672b inc byte [ebp - 0x11] -jmp short loc_fffa6767 ; jmp 0xfffa6767 +jmp short loc_fffa6715 ; jmp 0xfffa6715 -loc_fffa67b9: ; not directly referenced +loc_fffa6767: ; not directly referenced mov edi, dword [ebp - 0x1c] mov ecx, 0xa xor edx, edx @@ -7907,18 +7870,18 @@ imul eax, edi div ecx mov dword [esi + ebx*8 + 4], eax -loc_fffa67dd: ; not directly referenced +loc_fffa678b: ; not directly referenced add ebx, 9 add dword [ebp - 0x10], 0x13c3 cmp ebx, 0x12 -jne loc_fffa675b ; jne 0xfffa675b +jne loc_fffa6709 ; jne 0xfffa6709 xor eax, eax -jmp short loc_fffa67f9 ; jmp 0xfffa67f9 +jmp short loc_fffa67a7 ; jmp 0xfffa67a7 -loc_fffa67f4: ; not directly referenced +loc_fffa67a2: ; not directly referenced mov eax, 2 -loc_fffa67f9: ; not directly referenced +loc_fffa67a7: ; not directly referenced add esp, 0x10 pop ebx pop esi @@ -7926,7 +7889,7 @@ pop edi pop ebp ret -fcn_fffa6801: +fcn_fffa67af: push ebp mov ebp, esp sub esp, 0x24 @@ -7939,13 +7902,13 @@ push edx lea eax, [ebp - 0x18] push eax push 1 -call fcn_fffd28d0 ; call 0xfffd28d0 +call fcn_fffd2bc2 ; call 0xfffd2bc2 mov eax, dword [ebp - 0x18] leave and eax, 0xfff0ff0 ret -fcn_fffa6828: ; not directly referenced +fcn_fffa67d6: ; not directly referenced push ebp mov ebp, esp push edi @@ -7953,26 +7916,26 @@ push esi mov esi, eax push ebx sub esp, 0xc -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] call dword [ebx + 0x54] ; ucall lea edi, [eax + 0x2710] -loc_fffa6842: ; not directly referenced +loc_fffa67f0: ; not directly referenced mov edx, 0x5084 mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f test eax, 0x10000 -jne short loc_fffa6863 ; jne 0xfffa6863 +jne short loc_fffa6811 ; jne 0xfffa6811 call dword [ebx + 0x54] ; ucall cmp edi, eax -ja short loc_fffa6842 ; ja 0xfffa6842 +ja short loc_fffa67f0 ; ja 0xfffa67f0 mov eax, 0x12 -jmp short loc_fffa6865 ; jmp 0xfffa6865 +jmp short loc_fffa6813 ; jmp 0xfffa6813 -loc_fffa6863: ; not directly referenced +loc_fffa6811: ; not directly referenced xor eax, eax -loc_fffa6865: ; not directly referenced +loc_fffa6813: ; not directly referenced add esp, 0xc pop ebx pop esi @@ -7980,7 +7943,7 @@ pop edi pop ebp ret -fcn_fffa686d: ; not directly referenced +fcn_fffa681b: ; not directly referenced push ebp mov ebp, esp push edi @@ -7989,7 +7952,7 @@ push esi mov esi, ecx push ebx sub esp, 0x3c -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] mov dword [ebp - 0x30], edx call dword [ebx + 0x54] ; ucall lea ecx, [eax + 0x2710] @@ -8006,23 +7969,23 @@ mov dword [ebp - 0x38], eax add eax, 0x4214 mov dword [ebp - 0x2c], eax -loc_fffa68ae: ; not directly referenced +loc_fffa685c: ; not directly referenced mov edx, dword [ebp - 0x2c] mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, eax shr edx, 0x18 test dl, dl -jns short loc_fffa68d3 ; jns 0xfffa68d3 +jns short loc_fffa6881 ; jns 0xfffa6881 call dword [ebx + 0x54] ; ucall cmp dword [ebp - 0x34], eax -ja short loc_fffa68ae ; ja 0xfffa68ae +ja short loc_fffa685c ; ja 0xfffa685c -loc_fffa68c9: ; not directly referenced +loc_fffa6877: ; not directly referenced mov eax, 0x12 -jmp near loc_fffa69e2 ; jmp 0xfffa69e2 +jmp near loc_fffa6990 ; jmp 0xfffa6990 -loc_fffa68d3: ; not directly referenced +loc_fffa6881: ; not directly referenced mov al, byte [ebp + 8] and esi, 3 mov edx, dword [ebp - 0x2c] @@ -8032,23 +7995,23 @@ mov ecx, eax mov eax, edi or ecx, esi or ecx, 0x80000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 call dword [ebx + 0x54] ; ucall lea esi, [eax + 0x2710] -loc_fffa68fe: ; not directly referenced +loc_fffa68ac: ; not directly referenced mov edx, dword [ebp - 0x2c] mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f shr eax, 0x18 test al, al -jns short loc_fffa6918 ; jns 0xfffa6918 +jns short loc_fffa68c6 ; jns 0xfffa68c6 call dword [ebx + 0x54] ; ucall cmp esi, eax -ja short loc_fffa68fe ; ja 0xfffa68fe -jmp short loc_fffa68c9 ; jmp 0xfffa68c9 +ja short loc_fffa68ac ; ja 0xfffa68ac +jmp short loc_fffa6877 ; jmp 0xfffa6877 -loc_fffa6918: ; not directly referenced +loc_fffa68c6: ; not directly referenced mov esi, dword [ebp - 0x30] mov edx, dword [ebp - 0x38] imul eax, esi, 0x54a @@ -8057,46 +8020,46 @@ imul esi, esi, 0x13c3 lea eax, [edi + eax + 0x196b] mov dword [ebp - 0x2c], eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f xor edx, edx mov dword [ebp - 0x3c], esi mov dword [ebp - 0x1c], eax xor eax, eax -loc_fffa694b: ; not directly referenced +loc_fffa68f9: ; not directly referenced mov ecx, dword [ebp - 0x3c] -cmp byte [edi + ecx + 0x49ba], 0x20 -je short loc_fffa6969 ; je 0xfffa6969 +cmp byte [edi + ecx + 0x49bb], 0x20 +je short loc_fffa6917 ; je 0xfffa6917 -loc_fffa6958: ; not directly referenced -movzx esi, byte [edi + 0x2488] +loc_fffa6906: ; not directly referenced +movzx esi, byte [edi + 0x2489] lea ebx, [eax + eax] mov dword [ebp - 0x30], esi xor esi, esi -jmp short loc_fffa698b ; jmp 0xfffa698b +jmp short loc_fffa6939 ; jmp 0xfffa6939 -loc_fffa6969: ; not directly referenced +loc_fffa6917: ; not directly referenced test al, 1 -je short loc_fffa6958 ; je 0xfffa6958 +je short loc_fffa6906 ; je 0xfffa6906 mov ebx, dword [ebp + 0xc] mov esi, edx mov cl, byte [ebx + eax - 1] mov byte [ebx + eax], cl -jmp short loc_fffa69d3 ; jmp 0xfffa69d3 +jmp short loc_fffa6981 ; jmp 0xfffa6981 -loc_fffa697b: ; not directly referenced +loc_fffa6929: ; not directly referenced mov ecx, dword [ebp - 0x2c] movzx ecx, byte [ecx + esi + 0x4f6] cmp ebx, ecx -je short loc_fffa6992 ; je 0xfffa6992 +je short loc_fffa6940 ; je 0xfffa6940 inc esi -loc_fffa698b: ; not directly referenced +loc_fffa6939: ; not directly referenced cmp esi, dword [ebp - 0x30] -jb short loc_fffa697b ; jb 0xfffa697b +jb short loc_fffa6929 ; jb 0xfffa6929 mov esi, edx -loc_fffa6992: ; not directly referenced +loc_fffa6940: ; not directly referenced mov ebx, eax xor edx, edx shl ebx, 4 @@ -8107,7 +8070,7 @@ mov ebx, dword [ebp - 0x2c] lea ecx, [ebx + esi*8] mov dword [ebp - 0x34], ecx -loc_fffa69ad: ; not directly referenced +loc_fffa695b: ; not directly referenced mov ebx, dword [ebp - 0x30] mov cl, dl sar ebx, cl @@ -8120,19 +8083,19 @@ shl ebx, cl mov ecx, dword [ebp + 0xc] or byte [ecx + eax], bl cmp edx, 8 -jne short loc_fffa69ad ; jne 0xfffa69ad +jne short loc_fffa695b ; jne 0xfffa695b -loc_fffa69d3: ; not directly referenced +loc_fffa6981: ; not directly referenced inc eax cmp eax, 4 -je short loc_fffa69e0 ; je 0xfffa69e0 +je short loc_fffa698e ; je 0xfffa698e mov edx, esi -jmp near loc_fffa694b ; jmp 0xfffa694b +jmp near loc_fffa68f9 ; jmp 0xfffa68f9 -loc_fffa69e0: ; not directly referenced +loc_fffa698e: ; not directly referenced xor al, al -loc_fffa69e2: ; not directly referenced +loc_fffa6990: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -8140,240 +8103,240 @@ pop edi pop ebp ret -fcn_fffa69ea: ; not directly referenced +fcn_fffa6998: ; not directly referenced imul edx, edx, 0x13c3 push ebp mov ebp, esp push esi mov esi, ecx -lea edx, [eax + edx + 0x3756] +lea edx, [eax + edx + 0x3757] push ebx mov ebx, eax mov eax, dword [edx + 0xc0] cmp eax, 1 -je short loc_fffa6a51 ; je 0xfffa6a51 +je short loc_fffa69ff ; je 0xfffa69ff cmp eax, 2 -jne short loc_fffa6a85 ; jne 0xfffa6a85 +jne short loc_fffa6a33 ; jne 0xfffa6a33 mov cl, byte [edx + 0x1260] cmp cl, 1 -jne short loc_fffa6a2b ; jne 0xfffa6a2b +jne short loc_fffa69d9 ; jne 0xfffa69d9 mov al, byte [edx + 0x1388] cmp al, 1 -je short loc_fffa6a71 ; je 0xfffa6a71 +je short loc_fffa6a1f ; je 0xfffa6a1f cmp al, 2 -jne short loc_fffa6a85 ; jne 0xfffa6a85 -jmp short loc_fffa6a8c ; jmp 0xfffa6a8c +jne short loc_fffa6a33 ; jne 0xfffa6a33 +jmp short loc_fffa6a3a ; jmp 0xfffa6a3a -loc_fffa6a2b: ; not directly referenced +loc_fffa69d9: ; not directly referenced xor eax, eax cmp cl, 2 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b mov dl, byte [edx + 0x1388] cmp dl, 1 -je short loc_fffa6a93 ; je 0xfffa6a93 +je short loc_fffa6a41 ; je 0xfffa6a41 cmp dl, 2 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b mov ecx, 5 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a51: ; not directly referenced +loc_fffa69ff: ; not directly referenced mov al, byte [edx + 0x1260] cmp al, 1 -je short loc_fffa6a9a ; je 0xfffa6a9a +je short loc_fffa6a48 ; je 0xfffa6a48 mov dl, byte [edx + 0x1388] cmp dl, 1 -je short loc_fffa6a9a ; je 0xfffa6a9a +je short loc_fffa6a48 ; je 0xfffa6a48 cmp al, 2 -je short loc_fffa6a9e ; je 0xfffa6a9e +je short loc_fffa6a4c ; je 0xfffa6a4c cmp dl, 2 -jne short loc_fffa6a85 ; jne 0xfffa6a85 -jmp short loc_fffa6a9e ; jmp 0xfffa6a9e +jne short loc_fffa6a33 ; jne 0xfffa6a33 +jmp short loc_fffa6a4c ; jmp 0xfffa6a4c -loc_fffa6a71: ; not directly referenced +loc_fffa6a1f: ; not directly referenced mov ecx, 2 -loc_fffa6a76: ; not directly referenced +loc_fffa6a24: ; not directly referenced cmp dword [ebx + 0x187f], 6 mov edx, dword [ebx + 0x1887] -jbe short loc_fffa6aa5 ; jbe 0xfffa6aa5 +jbe short loc_fffa6a53 ; jbe 0xfffa6a53 -loc_fffa6a85: ; not directly referenced +loc_fffa6a33: ; not directly referenced xor eax, eax -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6a8c: ; not directly referenced +loc_fffa6a3a: ; not directly referenced mov ecx, 3 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a93: ; not directly referenced +loc_fffa6a41: ; not directly referenced mov ecx, 4 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a9a: ; not directly referenced +loc_fffa6a48: ; not directly referenced xor ecx, ecx -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6a9e: ; not directly referenced +loc_fffa6a4c: ; not directly referenced mov ecx, 1 -jmp short loc_fffa6a76 ; jmp 0xfffa6a76 +jmp short loc_fffa6a24 ; jmp 0xfffa6a24 -loc_fffa6aa5: ; not directly referenced +loc_fffa6a53: ; not directly referenced mov eax, dword [ebx + 0x187f] -jmp dword [eax*4 + ref_fffd32ec] ; ujmp: jmp dword [eax*4 - 0x2cd14] +jmp dword [eax*4 + ref_fffd35dc] ; ujmp: jmp dword [eax*4 - 0x2ca24] -loc_fffa6ab2: ; not directly referenced +loc_fffa6a60: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6ad6 ; jne 0xfffa6ad6 +jne short loc_fffa6a84 ; jne 0xfffa6a84 xor eax, eax cmp edx, 0x40670 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6ad6: ; not directly referenced +loc_fffa6a84: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd339c] ; lea eax, [ecx + ecx - 0x2cc64] -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd368c] ; lea eax, [ecx + ecx - 0x2c974] +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6ae7: ; not directly referenced +loc_fffa6a95: ; not directly referenced cmp edx, 0x306d0 sete bl cmp edx, 0x40650 sete al or bl, al -je short loc_fffa6b12 ; je 0xfffa6b12 +je short loc_fffa6ac0 ; je 0xfffa6ac0 cmp ecx, 1 -ja short loc_fffa6a85 ; ja 0xfffa6a85 +ja short loc_fffa6a33 ; ja 0xfffa6a33 add esi, esi add ecx, esi -lea eax, [ecx + ecx + ref_fffd3394] ; lea eax, [ecx + ecx - 0x2cc6c] -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd3684] ; lea eax, [ecx + ecx - 0x2c97c] +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6b12: ; not directly referenced +loc_fffa6ac0: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6b36 ; jne 0xfffa6b36 +jne short loc_fffa6ae4 ; jne 0xfffa6ae4 xor eax, eax cmp edx, 0x40670 -jne loc_fffa6bcd ; jne 0xfffa6bcd +jne loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6b36: ; not directly referenced +loc_fffa6ae4: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd337c] ; lea eax, [ecx + ecx - 0x2cc84] -jmp near loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd366c] ; lea eax, [ecx + ecx - 0x2c994] +jmp near loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6b47: ; not directly referenced +loc_fffa6af5: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6b67 ; jne 0xfffa6b67 +jne short loc_fffa6b15 ; jne 0xfffa6b15 xor eax, eax cmp edx, 0x40670 -jne short loc_fffa6bcd ; jne 0xfffa6bcd +jne short loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6b67: ; not directly referenced +loc_fffa6b15: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd3364] ; lea eax, [ecx + ecx - 0x2cc9c] -jmp short loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd3654] ; lea eax, [ecx + ecx - 0x2c9ac] +jmp short loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6b75: ; not directly referenced +loc_fffa6b23: ; not directly referenced cmp edx, 0x306d0 sete bl cmp edx, 0x40650 sete al or bl, al -je short loc_fffa6ba1 ; je 0xfffa6ba1 +je short loc_fffa6b4f ; je 0xfffa6b4f cmp ecx, 1 -ja loc_fffa6a85 ; ja 0xfffa6a85 +ja loc_fffa6a33 ; ja 0xfffa6a33 add esi, esi add ecx, esi -lea eax, [ecx + ecx + ref_fffd33cc] ; lea eax, [ecx + ecx - 0x2cc34] -jmp short loc_fffa6bcd ; jmp 0xfffa6bcd +lea eax, [ecx + ecx + ref_fffd36bc] ; lea eax, [ecx + ecx - 0x2c944] +jmp short loc_fffa6b7b ; jmp 0xfffa6b7b -loc_fffa6ba1: ; not directly referenced +loc_fffa6b4f: ; not directly referenced cmp edx, 0x40660 sete bl cmp edx, 0x306c0 sete al or bl, al -jne short loc_fffa6bc1 ; jne 0xfffa6bc1 +jne short loc_fffa6b6f ; jne 0xfffa6b6f xor eax, eax cmp edx, 0x40670 -jne short loc_fffa6bcd ; jne 0xfffa6bcd +jne short loc_fffa6b7b ; jne 0xfffa6b7b -loc_fffa6bc1: ; not directly referenced +loc_fffa6b6f: ; not directly referenced imul esi, esi, 6 add ecx, esi -lea eax, [ecx + ecx + ref_fffd33b4] ; lea eax, [ecx + ecx - 0x2cc4c] +lea eax, [ecx + ecx + ref_fffd36a4] ; lea eax, [ecx + ecx - 0x2c95c] -loc_fffa6bcd: ; not directly referenced +loc_fffa6b7b: ; not directly referenced pop ebx pop esi pop ebp ret -fcn_fffa6bd1: ; not directly referenced +fcn_fffa6b7f: ; not directly referenced push ebp mov ebp, esp push esi push ebx test cl, cl -je short loc_fffa6bf8 ; je 0xfffa6bf8 +je short loc_fffa6ba6 ; je 0xfffa6ba6 cmp cl, 0x3c -je short loc_fffa6bfc ; je 0xfffa6bfc +je short loc_fffa6baa ; je 0xfffa6baa cmp cl, 0x78 -je short loc_fffa6c02 ; je 0xfffa6c02 +je short loc_fffa6bb0 ; je 0xfffa6bb0 cmp cl, 0x28 -je short loc_fffa6c08 ; je 0xfffa6c08 +je short loc_fffa6bb6 ; je 0xfffa6bb6 cmp cl, 0x14 -je short loc_fffa6c10 ; je 0xfffa6c10 +je short loc_fffa6bbe ; je 0xfffa6bbe cmp cl, 0x1e mov cl, 1 setne bl -jmp short loc_fffa6c0c ; jmp 0xfffa6c0c +jmp short loc_fffa6bba ; jmp 0xfffa6bba -loc_fffa6bf8: ; not directly referenced +loc_fffa6ba6: ; not directly referenced xor ecx, ecx -jmp short loc_fffa6c12 ; jmp 0xfffa6c12 +jmp short loc_fffa6bc0 ; jmp 0xfffa6bc0 -loc_fffa6bfc: ; not directly referenced +loc_fffa6baa: ; not directly referenced xor ecx, ecx xor ebx, ebx -jmp short loc_fffa6c0c ; jmp 0xfffa6c0c +jmp short loc_fffa6bba ; jmp 0xfffa6bba -loc_fffa6c02: ; not directly referenced +loc_fffa6bb0: ; not directly referenced xor ecx, ecx mov bl, 1 -jmp short loc_fffa6c14 ; jmp 0xfffa6c14 +jmp short loc_fffa6bc2 ; jmp 0xfffa6bc2 -loc_fffa6c08: ; not directly referenced +loc_fffa6bb6: ; not directly referenced xor ecx, ecx mov bl, 1 -loc_fffa6c0c: ; not directly referenced +loc_fffa6bba: ; not directly referenced mov dl, 1 -jmp short loc_fffa6c16 ; jmp 0xfffa6c16 +jmp short loc_fffa6bc4 ; jmp 0xfffa6bc4 -loc_fffa6c10: ; not directly referenced +loc_fffa6bbe: ; not directly referenced mov cl, 1 -loc_fffa6c12: ; not directly referenced +loc_fffa6bc0: ; not directly referenced xor ebx, ebx -loc_fffa6c14: ; not directly referenced +loc_fffa6bc2: ; not directly referenced xor edx, edx -loc_fffa6c16: ; not directly referenced +loc_fffa6bc4: ; not directly referenced and edx, 1 and ebx, 1 lea esi, [edx*4] @@ -8392,97 +8355,97 @@ pop esi pop ebp ret -fcn_fffa6c42: ; not directly referenced +fcn_fffa6bf0: ; not directly referenced imul edx, edx, 0x13c3 push ebp mov ebp, esp -lea edx, [eax + edx + 0x3756] +lea edx, [eax + edx + 0x3757] mov cl, byte [edx + 0x1260] cmp cl, 1 -je short loc_fffa6c81 ; je 0xfffa6c81 +je short loc_fffa6c2f ; je 0xfffa6c2f mov dl, byte [edx + 0x1388] cmp dl, 1 -je short loc_fffa6c81 ; je 0xfffa6c81 +je short loc_fffa6c2f ; je 0xfffa6c2f cmp cl, 2 -je short loc_fffa6c85 ; je 0xfffa6c85 +je short loc_fffa6c33 ; je 0xfffa6c33 cmp dl, 2 -jne short loc_fffa6c7d ; jne 0xfffa6c7d -jmp short loc_fffa6c85 ; jmp 0xfffa6c85 +jne short loc_fffa6c2b ; jne 0xfffa6c2b +jmp short loc_fffa6c33 ; jmp 0xfffa6c33 -loc_fffa6c74: ; not directly referenced +loc_fffa6c22: ; not directly referenced cmp eax, 5 -je short loc_fffa6ca0 ; je 0xfffa6ca0 +je short loc_fffa6c4e ; je 0xfffa6c4e test eax, eax -je short loc_fffa6ca0 ; je 0xfffa6ca0 +je short loc_fffa6c4e ; je 0xfffa6c4e -loc_fffa6c7d: ; not directly referenced +loc_fffa6c2b: ; not directly referenced xor eax, eax -jmp short loc_fffa6ca9 ; jmp 0xfffa6ca9 +jmp short loc_fffa6c57 ; jmp 0xfffa6c57 -loc_fffa6c81: ; not directly referenced +loc_fffa6c2f: ; not directly referenced xor edx, edx -jmp short loc_fffa6c8a ; jmp 0xfffa6c8a +jmp short loc_fffa6c38 ; jmp 0xfffa6c38 -loc_fffa6c85: ; not directly referenced +loc_fffa6c33: ; not directly referenced mov edx, 1 -loc_fffa6c8a: ; not directly referenced +loc_fffa6c38: ; not directly referenced mov eax, dword [eax + 0x187f] cmp eax, 2 -jne short loc_fffa6c74 ; jne 0xfffa6c74 +jne short loc_fffa6c22 ; jne 0xfffa6c22 lea edx, [edx + edx*2] -lea eax, [edx + ref_fffd334c] ; lea eax, [edx - 0x2ccb4] -jmp short loc_fffa6ca9 ; jmp 0xfffa6ca9 +lea eax, [edx + ref_fffd363c] ; lea eax, [edx - 0x2c9c4] +jmp short loc_fffa6c57 ; jmp 0xfffa6c57 -loc_fffa6ca0: ; not directly referenced +loc_fffa6c4e: ; not directly referenced lea edx, [edx + edx*2] -lea eax, [edx + ref_fffd3358] ; lea eax, [edx - 0x2cca8] +lea eax, [edx + ref_fffd3648] ; lea eax, [edx - 0x2c9b8] -loc_fffa6ca9: ; not directly referenced +loc_fffa6c57: ; not directly referenced pop ebp ret -fcn_fffa6cab: ; not directly referenced +fcn_fffa6c59: ; not directly referenced push ebp mov ebp, esp cmp cl, 0x3c -je short loc_fffa6cdf ; je 0xfffa6cdf -ja short loc_fffa6cc8 ; ja 0xfffa6cc8 +je short loc_fffa6c8d ; je 0xfffa6c8d +ja short loc_fffa6c76 ; ja 0xfffa6c76 cmp cl, 0x28 -je short loc_fffa6ce3 ; je 0xfffa6ce3 +je short loc_fffa6c91 ; je 0xfffa6c91 mov dl, 5 cmp cl, 0x30 -je short loc_fffa6ce9 ; je 0xfffa6ce9 +je short loc_fffa6c97 ; je 0xfffa6c97 mov dl, 7 cmp cl, 0x22 -jmp short loc_fffa6cd9 ; jmp 0xfffa6cd9 +jmp short loc_fffa6c87 ; jmp 0xfffa6c87 -loc_fffa6cc8: ; not directly referenced +loc_fffa6c76: ; not directly referenced cmp cl, 0x78 -je short loc_fffa6ce7 ; je 0xfffa6ce7 +je short loc_fffa6c95 ; je 0xfffa6c95 mov dl, 4 cmp cl, 0xf0 -je short loc_fffa6ce9 ; je 0xfffa6ce9 +je short loc_fffa6c97 ; je 0xfffa6c97 mov dl, 6 cmp cl, 0x50 -loc_fffa6cd9: ; not directly referenced -je short loc_fffa6ce9 ; je 0xfffa6ce9 +loc_fffa6c87: ; not directly referenced +je short loc_fffa6c97 ; je 0xfffa6c97 xor edx, edx -jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9 +jmp short loc_fffa6c97 ; jmp 0xfffa6c97 -loc_fffa6cdf: ; not directly referenced +loc_fffa6c8d: ; not directly referenced mov dl, 1 -jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9 +jmp short loc_fffa6c97 ; jmp 0xfffa6c97 -loc_fffa6ce3: ; not directly referenced +loc_fffa6c91: ; not directly referenced mov dl, 3 -jmp short loc_fffa6ce9 ; jmp 0xfffa6ce9 +jmp short loc_fffa6c97 ; jmp 0xfffa6c97 -loc_fffa6ce7: ; not directly referenced +loc_fffa6c95: ; not directly referenced mov dl, 2 -loc_fffa6ce9: ; not directly referenced +loc_fffa6c97: ; not directly referenced mov ecx, dword [ebp + 8] and edx, 7 shl edx, 6 @@ -8492,7 +8455,7 @@ or ecx, edx mov word [eax], cx ret -fcn_fffa6cfe: ; not directly referenced +fcn_fffa6cac: ; not directly referenced push ebp mov ebp, esp push edi @@ -8500,7 +8463,7 @@ push esi push ebx mov esi, dword [eax + 0x1887] movsx ebx, dl -mov edi, dword [eax + 0x5edc] +mov edi, dword [eax + 0x5edd] cmp esi, 0x306d0 sete al cmp esi, 0x40650 @@ -8511,7 +8474,7 @@ sbb ecx, ecx and ecx, 0xffffffce add ecx, 0x64 cmp byte [edi + 0x1c5], 0 -jne short loc_fffa6d4d ; jne 0xfffa6d4d +jne short loc_fffa6cfb ; jne 0xfffa6cfb movzx eax, cl add ebx, 0x30 imul eax, eax, 0x60 @@ -8519,23 +8482,23 @@ movzx ecx, cl cdq idiv ebx sub eax, ecx -jmp short loc_fffa6d5c ; jmp 0xfffa6d5c +jmp short loc_fffa6d0a ; jmp 0xfffa6d0a -loc_fffa6d4d: ; not directly referenced +loc_fffa6cfb: ; not directly referenced mov eax, 0x3200 lea ecx, [ebx + 0x20] cdq idiv ecx sub ax, 0xc8 -loc_fffa6d5c: ; not directly referenced +loc_fffa6d0a: ; not directly referenced pop ebx pop esi pop edi pop ebp ret -fcn_fffa6d61: ; not directly referenced +fcn_fffa6d0f: ; not directly referenced push ebp mov ebp, esp push edi @@ -8548,7 +8511,7 @@ mov edx, dword [eax + 0x18a7] mov dword [ebp - 0x38], ecx mov dword [ebp - 0x30], esi add esi, 0xf -mov ecx, dword [eax + edx*4 + 0x3735] +mov ecx, dword [eax + edx*4 + 0x3736] movzx eax, word [ebp + 0xc] mov dword [ebp - 0x14], esi mov ebx, eax @@ -8810,7 +8773,7 @@ pop edi pop ebp ret -fcn_fffa7047: ; not directly referenced +fcn_fffa6ff5: ; not directly referenced push ebp mov ebp, esp push edi @@ -8840,10 +8803,10 @@ movzx eax, bl dec eax mov dword [ebp - 0xb0], eax -loc_fffa70ac: ; not directly referenced +loc_fffa705a: ; not directly referenced mov al, byte [ebp - 0x97] cmp byte [ebp - 0x94], al -jae loc_fffa71dd ; jae 0xfffa71dd +jae loc_fffa718b ; jae 0xfffa718b mov edx, dword [ebp - 0x94] mov ecx, dword [ebp - 0xb0] mov dword [ebp - 0x90], 0 @@ -8859,15 +8822,15 @@ movzx eax, byte [ebp - 0x96] mov byte [ebp - 0x95], bl mov dword [ebp - 0xac], eax -loc_fffa7107: ; not directly referenced +loc_fffa70b5: ; not directly referenced mov al, byte [ebp - 0x95] xor ebx, ebx or al, byte [ebp - 0x90] -je short loc_fffa7123 ; je 0xfffa7123 +je short loc_fffa70d1 ; je 0xfffa70d1 mov bl, byte [ebp - 0xa6] add ebx, dword [ebp - 0x90] -loc_fffa7123: ; not directly referenced +loc_fffa70d1: ; not directly referenced mov al, byte [ebp - 0xa4] cmp bl, al setb dl @@ -8886,7 +8849,7 @@ mov byte [ebp - 0xa2], al movzx eax, bl mov dword [ebp - 0xa0], eax -loc_fffa7168: ; not directly referenced +loc_fffa7116: ; not directly referenced xor eax, eax test dl, dl cmovns eax, edx @@ -8906,31 +8869,31 @@ imul eax, esi add eax, dword [ebp - 0xa0] add cx, word [edi + eax*2] cmp dl, byte [ebp - 0xa2] -jne short loc_fffa7168 ; jne 0xfffa7168 +jne short loc_fffa7116 ; jne 0xfffa7116 inc dword [ebp - 0x90] cmp dword [ebp - 0x90], 3 -jne loc_fffa7107 ; jne 0xfffa7107 +jne loc_fffa70b5 ; jne 0xfffa70b5 mov eax, dword [ebp - 0x94] inc dword [ebp - 0x94] mov word [ebp + eax*2 - 0x8c], cx -jmp near loc_fffa70ac ; jmp 0xfffa70ac +jmp near loc_fffa705a ; jmp 0xfffa705a -loc_fffa71dd: ; not directly referenced +loc_fffa718b: ; not directly referenced movzx ebx, byte [ebp - 0xa5] xor ecx, ecx add ebx, 8 -loc_fffa71e9: ; not directly referenced +loc_fffa7197: ; not directly referenced cmp byte [ebp - 0x97], cl -jbe short loc_fffa7203 ; jbe 0xfffa7203 +jbe short loc_fffa71b1 ; jbe 0xfffa71b1 movzx eax, word [ebp + ecx*2 - 0x8c] cdq idiv ebx mov word [edi + ecx*2], ax inc ecx -jmp short loc_fffa71e9 ; jmp 0xfffa71e9 +jmp short loc_fffa7197 ; jmp 0xfffa7197 -loc_fffa7203: ; not directly referenced +loc_fffa71b1: ; not directly referenced add esp, 0xa4 pop ebx pop esi @@ -8938,26 +8901,26 @@ pop edi pop ebp ret -fcn_fffa720e: ; not directly referenced +fcn_fffa71bc: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3664 cmp dl, 1 -ja short loc_fffa7239 ; ja 0xfffa7239 +ja short loc_fffa71e7 ; ja 0xfffa71e7 cmp cl, 8 movzx edx, dl -jbe short loc_fffa722f ; jbe 0xfffa722f +jbe short loc_fffa71dd ; jbe 0xfffa71dd shl edx, 8 lea ebx, [edx + 0x3064] -jmp short loc_fffa7239 ; jmp 0xfffa7239 +jmp short loc_fffa71e7 ; jmp 0xfffa71e7 -loc_fffa722f: ; not directly referenced +loc_fffa71dd: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x64] -loc_fffa7239: ; not directly referenced +loc_fffa71e7: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -8966,26 +8929,26 @@ pop ebx pop ebp ret -fcn_fffa724b: ; not directly referenced +fcn_fffa71f9: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3660 cmp dl, 1 -ja short loc_fffa7276 ; ja 0xfffa7276 +ja short loc_fffa7224 ; ja 0xfffa7224 cmp cl, 8 movzx edx, dl -jbe short loc_fffa726c ; jbe 0xfffa726c +jbe short loc_fffa721a ; jbe 0xfffa721a shl edx, 8 lea ebx, [edx + 0x3060] -jmp short loc_fffa7276 ; jmp 0xfffa7276 +jmp short loc_fffa7224 ; jmp 0xfffa7224 -loc_fffa726c: ; not directly referenced +loc_fffa721a: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x60] -loc_fffa7276: ; not directly referenced +loc_fffa7224: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -8994,26 +8957,26 @@ pop ebx pop ebp ret -fcn_fffa7288: ; not directly referenced +fcn_fffa7236: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3674 cmp dl, 1 -ja short loc_fffa72b3 ; ja 0xfffa72b3 +ja short loc_fffa7261 ; ja 0xfffa7261 cmp cl, 8 movzx edx, dl -jbe short loc_fffa72a9 ; jbe 0xfffa72a9 +jbe short loc_fffa7257 ; jbe 0xfffa7257 shl edx, 8 lea ebx, [edx + 0x3074] -jmp short loc_fffa72b3 ; jmp 0xfffa72b3 +jmp short loc_fffa7261 ; jmp 0xfffa7261 -loc_fffa72a9: ; not directly referenced +loc_fffa7257: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x74] -loc_fffa72b3: ; not directly referenced +loc_fffa7261: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -9022,7 +8985,7 @@ pop ebx pop ebp ret -fcn_fffa72c5: ; not directly referenced +fcn_fffa7273: ; not directly referenced push ebp mov ebp, esp push edi @@ -9043,19 +9006,19 @@ cmp edx, 1 mov dword [ebp - 0x28], edi mov edi, dword [ebp + 0x18] mov dword [ebp - 0x2c], edi -mov edi, dword [esi + 0x2443] -je short loc_fffa730c ; je 0xfffa730c +mov edi, dword [esi + 0x2444] +je short loc_fffa72ba ; je 0xfffa72ba cmp edx, 2 -jne short loc_fffa7351 ; jne 0xfffa7351 +jne short loc_fffa72ff ; jne 0xfffa72ff lea edx, [eax*8 + 0x48f8] -jmp short loc_fffa7313 ; jmp 0xfffa7313 +jmp short loc_fffa72c1 ; jmp 0xfffa72c1 -loc_fffa730c: ; not directly referenced +loc_fffa72ba: ; not directly referenced lea edx, [eax*8 + 0x48d8] -loc_fffa7313: ; not directly referenced +loc_fffa72c1: ; not directly referenced mov eax, esi -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d xor ecx, ecx push eax and edx, 0x7000000 @@ -9068,29 +9031,29 @@ mov eax, dword [ebp - 0x1c] movzx ebx, bl lea edx, [eax*4 + 0x4930] mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f lea ecx, [ebx*4] add esp, 0x10 shr eax, cl mov bl, al and ebx, 3 -loc_fffa7351: ; not directly referenced +loc_fffa72ff: ; not directly referenced cmp dword [ebp - 0x20], 0 mov ecx, 0xff movzx edx, byte [ebp - 0x1c] -jne short loc_fffa7364 ; jne 0xfffa7364 +jne short loc_fffa7312 ; jne 0xfffa7312 movzx ecx, byte [ebp - 0x24] -loc_fffa7364: ; not directly referenced +loc_fffa7312: ; not directly referenced mov eax, esi and ebx, 3 -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 shl ebx, 0x16 mov edi, eax mov edx, eax mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x28] mov edx, dword [ebp - 0x2c] lea esp, [ebp - 0xc] @@ -9110,9 +9073,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -fcn_fffa73b0: ; not directly referenced +fcn_fffa735e: ; not directly referenced push ebp mov ebp, esp push edi @@ -9130,59 +9093,59 @@ mov dword [ebp - 0x24], ebx movzx esi, bl movzx ebx, cl cmp al, 3 -lea edi, [edi + edx + 0x3756] -jne short loc_fffa73e9 ; jne 0xfffa73e9 +lea edi, [edi + edx + 0x3757] +jne short loc_fffa7397 ; jne 0xfffa7397 mov ecx, dword [ebp + 0x10] -jmp short loc_fffa745c ; jmp 0xfffa745c +jmp short loc_fffa740a ; jmp 0xfffa740a -loc_fffa73e9: ; not directly referenced +loc_fffa7397: ; not directly referenced test al, al -jne short loc_fffa73f2 ; jne 0xfffa73f2 +jne short loc_fffa73a0 ; jne 0xfffa73a0 mov edx, dword [ebp + 0x10] -jmp short loc_fffa7401 ; jmp 0xfffa7401 +jmp short loc_fffa73af ; jmp 0xfffa73af -loc_fffa73f2: ; not directly referenced +loc_fffa73a0: ; not directly referenced lea edx, [ebx + ebx*8] lea edx, [edx + esi + 0xb0] mov dx, word [edi + edx*2 + 9] -loc_fffa7401: ; not directly referenced +loc_fffa73af: ; not directly referenced and dx, 0x1ff and edx, 0x1ff mov dword [ebp - 0x28], edx cmp al, 1 -jne short loc_fffa7418 ; jne 0xfffa7418 +jne short loc_fffa73c6 ; jne 0xfffa73c6 mov edx, dword [ebp + 0x10] -jmp short loc_fffa742b ; jmp 0xfffa742b +jmp short loc_fffa73d9 ; jmp 0xfffa73d9 -loc_fffa7418: ; not directly referenced +loc_fffa73c6: ; not directly referenced movzx edx, byte [ebp - 0x24] lea ecx, [ecx + ecx*8] lea edx, [edx + ecx + 0x90] mov dx, word [edi + edx*2 + 1] -loc_fffa742b: ; not directly referenced +loc_fffa73d9: ; not directly referenced and dx, 0x1ff and edx, 0x1ff shl edx, 9 or edx, dword [ebp - 0x28] cmp al, 2 -jne short loc_fffa7445 ; jne 0xfffa7445 +jne short loc_fffa73f3 ; jne 0xfffa73f3 mov cl, byte [ebp + 0x10] -jmp short loc_fffa7451 ; jmp 0xfffa7451 +jmp short loc_fffa73ff ; jmp 0xfffa73ff -loc_fffa7445: ; not directly referenced +loc_fffa73f3: ; not directly referenced lea eax, [ebx + ebx*8] add edi, eax mov cl, byte [edi + esi + 0x24d] -loc_fffa7451: ; not directly referenced +loc_fffa73ff: ; not directly referenced and ecx, 0x3f and ecx, 0x3f shl ecx, 0x14 or ecx, edx -loc_fffa745c: ; not directly referenced +loc_fffa740a: ; not directly referenced mov edi, dword [ebp - 0x20] mov eax, edi shl eax, 8 @@ -9191,7 +9154,7 @@ mov eax, esi shl eax, 9 add edx, eax mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc mov eax, dword [ebp - 0x1c] push 1 @@ -9201,7 +9164,7 @@ xor ecx, ecx push esi push 0 push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 lea esp, [ebp - 0xc] pop ebx @@ -9210,7 +9173,7 @@ pop edi pop ebp ret -fcn_fffa7499: ; not directly referenced +fcn_fffa7447: ; not directly referenced push ebp mov ebp, esp push edi @@ -9227,19 +9190,19 @@ movzx edi, dl imul edx, edi, 0x13c3 mov dword [ebp - 0x20], ebx mov dword [ebp - 0x30], edi -lea esi, [esi + edx + 0x3756] +lea esi, [esi + edx + 0x3757] test bl, bl -jne short loc_fffa74d2 ; jne 0xfffa74d2 +jne short loc_fffa7480 ; jne 0xfffa7480 mov ebx, dword [ebp - 0x1c] -jmp short loc_fffa74e4 ; jmp 0xfffa74e4 +jmp short loc_fffa7492 ; jmp 0xfffa7492 -loc_fffa74d2: ; not directly referenced +loc_fffa7480: ; not directly referenced movzx ebx, al lea edx, [ecx + ecx*8] lea edx, [ebx + edx + 0xd8] mov bx, word [esi + edx*2 + 1] -loc_fffa74e4: ; not directly referenced +loc_fffa7492: ; not directly referenced mov edx, dword [ebp - 0x20] and bx, 0x1ff movzx edi, al @@ -9249,17 +9212,17 @@ cmp dl, 5 sete byte [ebp - 0x31] and edx, 0xfffffffb dec dl -jne short loc_fffa750b ; jne 0xfffa750b +jne short loc_fffa74b9 ; jne 0xfffa74b9 mov dl, byte [ebp - 0x1c] -jmp short loc_fffa751a ; jmp 0xfffa751a +jmp short loc_fffa74c8 ; jmp 0xfffa74c8 -loc_fffa750b: ; not directly referenced +loc_fffa74b9: ; not directly referenced mov edi, dword [ebp - 0x2c] lea edx, [ecx + ecx*8] add edx, esi mov dl, byte [edx + edi + 0x104a] -loc_fffa751a: ; not directly referenced +loc_fffa74c8: ; not directly referenced and edx, 0x3f movzx edi, al and edx, 0x3f @@ -9267,16 +9230,16 @@ shl edx, 9 or edx, ebx movzx ebx, cl cmp byte [ebp - 0x20], 2 -jne short loc_fffa7536 ; jne 0xfffa7536 +jne short loc_fffa74e4 ; jne 0xfffa74e4 mov al, byte [ebp - 0x1c] -jmp short loc_fffa7542 ; jmp 0xfffa7542 +jmp short loc_fffa74f0 ; jmp 0xfffa74f0 -loc_fffa7536: ; not directly referenced +loc_fffa74e4: ; not directly referenced lea eax, [ebx + ebx*8] add eax, esi mov al, byte [eax + edi + 0x1026] -loc_fffa7542: ; not directly referenced +loc_fffa74f0: ; not directly referenced and eax, 0x1f and eax, 0x1f mov dword [ebp - 0x24], eax @@ -9286,29 +9249,29 @@ or dword [ebp - 0x24], edx cmp byte [ebp - 0x20], 3 sete dl or al, dl -je short loc_fffa7565 ; je 0xfffa7565 +je short loc_fffa7513 ; je 0xfffa7513 mov dl, byte [ebp - 0x1c] -jmp short loc_fffa7571 ; jmp 0xfffa7571 +jmp short loc_fffa751f ; jmp 0xfffa751f -loc_fffa7565: ; not directly referenced +loc_fffa7513: ; not directly referenced lea ecx, [ecx + ecx*8] add ecx, esi mov dl, byte [ecx + edi + 0x106e] -loc_fffa7571: ; not directly referenced +loc_fffa751f: ; not directly referenced and edx, 0x3f and edx, 0x3f shl edx, 0x14 or edx, dword [ebp - 0x24] cmp byte [ebp - 0x20], 4 -jne short loc_fffa7588 ; jne 0xfffa7588 +jne short loc_fffa7536 ; jne 0xfffa7536 mov cl, byte [ebp - 0x1c] -jmp short loc_fffa758f ; jmp 0xfffa758f +jmp short loc_fffa753d ; jmp 0xfffa753d -loc_fffa7588: ; not directly referenced +loc_fffa7536: ; not directly referenced mov cl, byte [esi + edi + 0x101d] -loc_fffa758f: ; not directly referenced +loc_fffa753d: ; not directly referenced mov edi, dword [ebp - 0x30] and ecx, 0x3f mov esi, dword [ebp - 0x2c] @@ -9323,7 +9286,7 @@ shl eax, 7 add edx, eax mov eax, dword [ebp - 0x28] shl edx, 2 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc mov eax, dword [ebp - 0x28] push 0 @@ -9333,7 +9296,7 @@ xor ecx, ecx push esi push 0 push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 lea esp, [ebp - 0xc] pop ebx @@ -9342,26 +9305,26 @@ pop edi pop ebp ret -fcn_fffa75da: ; not directly referenced +fcn_fffa7588: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3658 cmp dl, 1 -ja short loc_fffa7605 ; ja 0xfffa7605 +ja short loc_fffa75b3 ; ja 0xfffa75b3 cmp cl, 8 movzx edx, dl -jbe short loc_fffa75fb ; jbe 0xfffa75fb +jbe short loc_fffa75a9 ; jbe 0xfffa75a9 shl edx, 8 lea ebx, [edx + 0x3058] -jmp short loc_fffa7605 ; jmp 0xfffa7605 +jmp short loc_fffa75b3 ; jmp 0xfffa75b3 -loc_fffa75fb: ; not directly referenced +loc_fffa75a9: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x58] -loc_fffa7605: ; not directly referenced +loc_fffa75b3: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -9370,26 +9333,26 @@ pop ebx pop ebp ret -fcn_fffa7617: ; not directly referenced +fcn_fffa75c5: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x3654 cmp dl, 1 -ja short loc_fffa7642 ; ja 0xfffa7642 +ja short loc_fffa75f0 ; ja 0xfffa75f0 cmp cl, 8 movzx edx, dl -jbe short loc_fffa7638 ; jbe 0xfffa7638 +jbe short loc_fffa75e6 ; jbe 0xfffa75e6 shl edx, 8 lea ebx, [edx + 0x3054] -jmp short loc_fffa7642 ; jmp 0xfffa7642 +jmp short loc_fffa75f0 ; jmp 0xfffa75f0 -loc_fffa7638: ; not directly referenced +loc_fffa75e6: ; not directly referenced shl edx, 8 shl ecx, 9 lea ebx, [edx + ecx + 0x54] -loc_fffa7642: ; not directly referenced +loc_fffa75f0: ; not directly referenced cmp dword [eax + 0x188b], 1 lea edx, [ebx + 0xc] cmove ebx, edx @@ -9398,7 +9361,7 @@ pop ebx pop ebp ret -fcn_fffa7654: ; not directly referenced +fcn_fffa7602: ; not directly referenced push ebp mov ebp, esp push edi @@ -9406,18 +9369,18 @@ push esi push ebx sub esp, 0x2c mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] mov dword [ebp - 0x30], eax mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 -lea edi, [eax + 0x3756] -jne short loc_fffa76d9 ; jne 0xfffa76d9 +cmp dword [eax + 0x2481], 2 +lea edi, [eax + 0x3757] +jne short loc_fffa7687 ; jne 0xfffa7687 xor esi, esi -loc_fffa767d: ; not directly referenced +loc_fffa762b: ; not directly referenced xor ebx, ebx -loc_fffa767f: ; not directly referenced +loc_fffa762d: ; not directly referenced push edx push 0 push 4 @@ -9433,28 +9396,28 @@ mov ax, word [edi + ebx*2 + 0x1283] inc ebx mov word [ebp - 0x1e], ax mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov ecx, dword [ebp - 0x20] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 cmp ebx, 7 -jne short loc_fffa767f ; jne 0xfffa767f +jne short loc_fffa762d ; jne 0xfffa762d inc esi add edi, 0x13c3 cmp esi, 2 -jne short loc_fffa767d ; jne 0xfffa767d -jmp near loc_fffa77aa ; jmp 0xfffa77aa +jne short loc_fffa762b ; jne 0xfffa762b +jmp near loc_fffa7758 ; jmp 0xfffa7758 -loc_fffa76d9: ; not directly referenced +loc_fffa7687: ; not directly referenced mov dword [ebp - 0x38], edi xor edi, edi -loc_fffa76de: ; not directly referenced +loc_fffa768c: ; not directly referenced mov dword [ebp - 0x2c], 0 -loc_fffa76e5: ; not directly referenced +loc_fffa7693: ; not directly referenced mov ebx, dword [ebp - 0x2c] xor edx, edx mov al, bl @@ -9487,37 +9450,37 @@ mov word [ebp - 0x20], ax mov ax, word [ebx + 0x126d] mov word [ebp - 0x1e], ax mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov ecx, dword [ebp - 0x20] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebx + 0x126f] add esp, 0x10 cmp byte [ebp - 0x31], 0 mov word [ebp + esi*2 - 0x20], ax -je short loc_fffa778c ; je 0xfffa778c +je short loc_fffa773a ; je 0xfffa773a mov cl, byte [ebp - 0x32] mov edx, edi mov eax, dword [ebp + 8] add ecx, 4 movzx ecx, cl -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov ecx, dword [ebp - 0x1c] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa778c: ; not directly referenced +loc_fffa773a: ; not directly referenced inc dword [ebp - 0x2c] cmp dword [ebp - 0x2c], 4 -jne loc_fffa76e5 ; jne 0xfffa76e5 +jne loc_fffa7693 ; jne 0xfffa7693 inc edi add dword [ebp - 0x38], 0x13c3 cmp edi, 2 -jne loc_fffa76de ; jne 0xfffa76de +jne loc_fffa768c ; jne 0xfffa768c -loc_fffa77aa: ; not directly referenced +loc_fffa7758: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -9526,7 +9489,7 @@ pop edi pop ebp ret -fcn_fffa77b4: +fcn_fffa7762: push ebp mov ebp, esp push edi @@ -9540,15 +9503,15 @@ mov eax, dword [ebp + 8] mov esi, ecx mov dword [ebp - 0x24], eax mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x5e04 mov dword [ebp - 0x1c], eax mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, eax mov dword [ebp - 0x20], eax test edi, edi -je short loc_fffa780e ; je 0xfffa780e +je short loc_fffa77bc ; je 0xfffa77bc mov ecx, dword [ebp - 0x1c] sub esp, 0xc and edx, 0xf @@ -9556,27 +9519,27 @@ push dword [ebx + 0x187b] mov eax, ebx shr ecx, 4 and ecx, 0xf -call fcn_fffaed31 ; call 0xfffaed31 +call fcn_fffb3a68 ; call 0xfffb3a68 add esp, 0x10 mov dword [edi], eax -loc_fffa780e: +loc_fffa77bc: test esi, esi -je short loc_fffa781a ; je 0xfffa781a +je short loc_fffa77c8 ; je 0xfffa77c8 mov al, byte [ebp - 0x20] and eax, 0xf mov byte [esi], al -loc_fffa781a: +loc_fffa77c8: mov esi, dword [ebp - 0x24] test esi, esi -je short loc_fffa782c ; je 0xfffa782c +je short loc_fffa77da ; je 0xfffa77da mov eax, dword [ebp - 0x1c] shr eax, 4 and eax, 0xf mov dword [esi], eax -loc_fffa782c: +loc_fffa77da: mov eax, dword [ebx + 0x187b] mov ecx, dword [ebp - 0x1c] mov edx, dword [ebp - 0x20] @@ -9590,9 +9553,9 @@ pop edi pop ebp shr ecx, 4 and ecx, 0xf -jmp near fcn_fffaefe1 ; jmp 0xfffaefe1 +jmp near fcn_fffb3d18 ; jmp 0xfffb3d18 -fcn_fffa7852: ; not directly referenced +fcn_fffa7800: ; not directly referenced push ebp xor edx, edx mov ebp, esp @@ -9606,7 +9569,7 @@ mov edi, dword [ebp + 8] push 0 lea ecx, [ebp - 0x45] mov eax, edi -call fcn_fffa77b4 ; call 0xfffa77b4 +call fcn_fffa7762 ; call 0xfffa7762 lea eax, [edi + 0x2407] add esp, 0x10 mov dword [ebp - 0x58], 0 @@ -9617,32 +9580,32 @@ mov dword [ebp - 0x80], 0 mov byte [ebp - 0x79], 0 mov dword [ebp - 0x94], eax -loc_fffa78a9: ; not directly referenced +loc_fffa7857: ; not directly referenced lea eax, [esi - 2] cmp eax, 1 -ja short loc_fffa78c7 ; ja 0xfffa78c7 -cmp byte [edi + 0x3749], 0 -je loc_fffa7d5e ; je 0xfffa7d5e +ja short loc_fffa7875 ; ja 0xfffa7875 +cmp byte [edi + 0x374a], 0 +je loc_fffa7d0c ; je 0xfffa7d0c mov dword [ebp - 0x70], 0 -jmp short loc_fffa78e2 ; jmp 0xfffa78e2 +jmp short loc_fffa7890 ; jmp 0xfffa7890 -loc_fffa78c7: ; not directly referenced +loc_fffa7875: ; not directly referenced mov dword [ebp - 0x70], 0 cmp esi, 1 -jne short loc_fffa78e2 ; jne 0xfffa78e2 +jne short loc_fffa7890 ; jne 0xfffa7890 xor eax, eax cmp dword [edi + 0x18a7], 1 sete al mov dword [ebp - 0x70], eax -loc_fffa78e2: ; not directly referenced +loc_fffa7890: ; not directly referenced mov al, byte [ebp - 0x45] -lea ecx, [edi + esi*8 + 0x3756] +lea ecx, [edi + esi*8 + 0x3757] mov dword [ebp - 0x78], ecx mov dword [ebp + esi*4 - 0x38], 0xffffffff mov dword [ebp + esi*4 - 0x28], 0 mov byte [ebp - 0x7a], al -lea eax, [edi + 0x49bf] +lea eax, [edi + 0x49c0] mov dword [ebp - 0x88], eax lea eax, [edi + 0x1973] mov dword [ebp - 0x74], eax @@ -9656,16 +9619,16 @@ add eax, 0xbb mov dword [ebp - 0x8c], ecx mov dword [ebp - 0x90], eax -loc_fffa7948: ; not directly referenced +loc_fffa78f6: ; not directly referenced mov eax, dword [ebp - 0x88] mov ecx, dword [ebp - 0x74] mov dword [ebp - 0x6c], 0 mov dword [ebp - 0x54], eax -loc_fffa795b: ; not directly referenced +loc_fffa7909: ; not directly referenced mov eax, dword [ebp - 0x54] cmp dword [eax - 0xf6], 2 -jne loc_fffa7b33 ; jne 0xfffa7b33 +jne loc_fffa7ae1 ; jne 0xfffa7ae1 mov ebx, dword [ebp - 0x84] mov edx, dword [ebp - 0x78] mov ebx, dword [eax + ebx - 0xf2] @@ -9676,81 +9639,81 @@ mov edx, dword [ebp - 0x78] mov edx, dword [edx + eax + 0xcd] mov dword [ebp - 0x68], edx cmp esi, 1 -je loc_fffa7a50 ; je 0xfffa7a50 -jb loc_fffa7a77 ; jb 0xfffa7a77 +je loc_fffa79fe ; je 0xfffa79fe +jb loc_fffa7a25 ; jb 0xfffa7a25 cmp esi, 3 -ja loc_fffa7a77 ; ja 0xfffa7a77 +ja loc_fffa7a25 ; ja 0xfffa7a25 mov eax, dword [ebp - 0x54] cmp esi, 2 mov al, byte [eax] -jne short loc_fffa79c7 ; jne 0xfffa79c7 +jne short loc_fffa7975 ; jne 0xfffa7975 test al, 1 -jne short loc_fffa79d6 ; jne 0xfffa79d6 +jne short loc_fffa7984 ; jne 0xfffa7984 mov dword [ebp - 0x4c], 0 -jmp near loc_fffa7b04 ; jmp 0xfffa7b04 +jmp near loc_fffa7ab2 ; jmp 0xfffa7ab2 -loc_fffa79c7: ; not directly referenced +loc_fffa7975: ; not directly referenced mov dword [ebp - 0x4c], 0 test al, 2 -je loc_fffa7b04 ; je 0xfffa7b04 +je loc_fffa7ab2 ; je 0xfffa7ab2 -loc_fffa79d6: ; not directly referenced +loc_fffa7984: ; not directly referenced mov eax, dword [ebp - 0x54] mov eax, dword [eax - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffa79fa ; jne 0xfffa79fa +jne short loc_fffa79a8 ; jne 0xfffa79a8 mov eax, dword [ebp - 0x90] mov dword [ebp - 0x60], 0x12 mov dword [ebp - 0x5c], 4 add eax, ecx -jmp short loc_fffa7a10 ; jmp 0xfffa7a10 +jmp short loc_fffa79be ; jmp 0xfffa79be -loc_fffa79fa: ; not directly referenced +loc_fffa79a8: ; not directly referenced mov eax, dword [ebp - 0x8c] mov dword [ebp - 0x60], 0x18 mov dword [ebp - 0x5c], 7 add eax, ecx -loc_fffa7a10: ; not directly referenced +loc_fffa79be: ; not directly referenced movzx edx, byte [eax + 2] mov dword [ebp - 0x50], 0 mov dword [ebp - 0x58], edx mov edx, dword [ebp - 0x54] cmp byte [edx + 1], 0x13 -jne short loc_fffa7a2e ; jne 0xfffa7a2e +jne short loc_fffa79dc ; jne 0xfffa79dc movsx edx, byte [eax + 0x1b] mov dword [ebp - 0x50], edx -loc_fffa7a2e: ; not directly referenced +loc_fffa79dc: ; not directly referenced mov ax, word [eax + 3] and eax, 0x7fff mov dword [ebp - 0x4c], eax xor eax, eax test ebx, ebx -je loc_fffa7af7 ; je 0xfffa7af7 +je loc_fffa7aa5 ; je 0xfffa7aa5 mov eax, dword [ebp - 0x64] imul eax, dword [ebp - 0x58] -jmp near loc_fffa7ae6 ; jmp 0xfffa7ae6 +jmp near loc_fffa7a94 ; jmp 0xfffa7a94 -loc_fffa7a50: ; not directly referenced +loc_fffa79fe: ; not directly referenced movzx edx, word [ecx + 0x24e] test dx, dx -je short loc_fffa7a77 ; je 0xfffa7a77 +je short loc_fffa7a25 ; je 0xfffa7a25 mov eax, dword [ebp - 0x24] mov dword [ebp - 0x4c], 0xffffffff mov byte [ebp - 0x79], 1 cmp edx, eax cmovae eax, edx mov dword [ebp - 0x24], eax -jmp near loc_fffa7b04 ; jmp 0xfffa7b04 +jmp near loc_fffa7ab2 ; jmp 0xfffa7ab2 -loc_fffa7a77: ; not directly referenced +loc_fffa7a25: ; not directly referenced mov eax, dword [ebp - 0x54] mov eax, dword [eax - 0x21] and eax, 0xfffffffd dec eax -jne short loc_fffa7aad ; jne 0xfffa7aad +jne short loc_fffa7a5b ; jne 0xfffa7a5b movzx eax, byte [ecx + 0x58] mov dword [ebp - 0x60], 0x12 mov dword [ebp - 0x5c], 4 @@ -9760,9 +9723,9 @@ mov dword [ebp - 0x50], eax mov ax, word [ecx + 0x56] and eax, 0x7fff mov dword [ebp - 0x4c], eax -jmp short loc_fffa7ad9 ; jmp 0xfffa7ad9 +jmp short loc_fffa7a87 ; jmp 0xfffa7a87 -loc_fffa7aad: ; not directly referenced +loc_fffa7a5b: ; not directly referenced movzx eax, byte [ecx + 0x60] mov dword [ebp - 0x60], 0x18 mov dword [ebp - 0x5c], 7 @@ -9773,14 +9736,14 @@ mov eax, dword [ecx + 0x5c] mov dword [ebp - 0x4c], eax and dword [ebp - 0x4c], 0x3ffff -loc_fffa7ad9: ; not directly referenced +loc_fffa7a87: ; not directly referenced xor eax, eax test ebx, ebx -je short loc_fffa7af7 ; je 0xfffa7af7 +je short loc_fffa7aa5 ; je 0xfffa7aa5 mov eax, dword [ebp - 0x58] imul eax, dword [ebp - 0x64] -loc_fffa7ae6: ; not directly referenced +loc_fffa7a94: ; not directly referenced lea edx, [ebx + eax - 1] mov eax, dword [ebp - 0x68] imul eax, dword [ebp - 0x50] @@ -9788,71 +9751,71 @@ add eax, edx xor edx, edx div ebx -loc_fffa7af7: ; not directly referenced +loc_fffa7aa5: ; not directly referenced mov edx, dword [ebp + esi*4 - 0x28] cmp eax, edx cmovb eax, edx mov dword [ebp + esi*4 - 0x28], eax -loc_fffa7b04: ; not directly referenced +loc_fffa7ab2: ; not directly referenced cmp dword [edi + 0x1872], 0x535 -jbe short loc_fffa7b1c ; jbe 0xfffa7b1c -cmp dword [edi + 0x36d3], 0x535 -ja short loc_fffa7b2c ; ja 0xfffa7b2c +jbe short loc_fffa7aca ; jbe 0xfffa7aca +cmp dword [edi + 0x36d4], 0x535 +ja short loc_fffa7ada ; ja 0xfffa7ada -loc_fffa7b1c: ; not directly referenced +loc_fffa7aca: ; not directly referenced cmp byte [ebp - 0x7a], 5 mov eax, 0xffff cmova eax, dword [ebp - 0x4c] mov dword [ebp - 0x4c], eax -loc_fffa7b2c: ; not directly referenced +loc_fffa7ada: ; not directly referenced mov eax, dword [ebp - 0x4c] and dword [ebp + esi*4 - 0x38], eax -loc_fffa7b33: ; not directly referenced +loc_fffa7ae1: ; not directly referenced add dword [ebp - 0x6c], 0x20 add ecx, 0x277 add dword [ebp - 0x54], 0x128 cmp dword [ebp - 0x6c], 0x40 -jne loc_fffa795b ; jne 0xfffa795b +jne loc_fffa7909 ; jne 0xfffa7909 add dword [ebp - 0x74], 0x54a mov eax, dword [ebp - 0x94] add dword [ebp - 0x88], 0x13c3 add dword [ebp - 0x78], 0x13c3 cmp dword [ebp - 0x74], eax -jne loc_fffa7948 ; jne 0xfffa7948 +jne loc_fffa78f6 ; jne 0xfffa78f6 cmp esi, 1 seta cl test ebx, ebx sete al mov byte [ebp - 0x4c], cl test cl, al -jne loc_fffa7d5c ; jne 0xfffa7d5c -mov eax, dword [edi + 0x36e3] +jne loc_fffa7d0a ; jne 0xfffa7d0a +mov eax, dword [edi + 0x36e4] lea ecx, [ebp - 0x44] mov edx, ebx mov byte [ebp + esi - 0x3c], 0 -call fcn_fffaf08c ; call 0xfffaf08c +call fcn_fffb3dc3 ; call 0xfffb3dc3 cmp byte [ebp - 0x4c], 0 -je short loc_fffa7be4 ; je 0xfffa7be4 -cmp dword [edi + 0x36e3], 0 -jne short loc_fffa7be4 ; jne 0xfffa7be4 -cmp byte [edi + 0x247e], 0 -je short loc_fffa7be4 ; je 0xfffa7be4 +je short loc_fffa7b92 ; je 0xfffa7b92 +cmp dword [edi + 0x36e4], 0 +jne short loc_fffa7b92 ; jne 0xfffa7b92 +cmp byte [edi + 0x247f], 0 +je short loc_fffa7b92 ; je 0xfffa7b92 lea ecx, [ebp - 0x40] mov edx, ebx mov eax, 1 -call fcn_fffaf08c ; call 0xfffaf08c +call fcn_fffb3dc3 ; call 0xfffb3dc3 mov eax, dword [ebp - 0x40] cmp eax, dword [ebp - 0x44] -jle short loc_fffa7be4 ; jle 0xfffa7be4 +jle short loc_fffa7b92 ; jle 0xfffa7b92 mov dword [ebp - 0x44], eax cmp dword [edi + 0x18a7], esi -jne short loc_fffa7be4 ; jne 0xfffa7be4 -mov dword [edi + 0x36e3], 1 +jne short loc_fffa7b92 ; jne 0xfffa7b92 +mov dword [edi + 0x36e4], 1 -loc_fffa7be4: ; not directly referenced +loc_fffa7b92: ; not directly referenced mov al, byte [ebp - 0x70] mov byte [ebp - 0x4c], al mov eax, dword [ebp - 0x64] @@ -9865,138 +9828,138 @@ mov eax, dword [ebp - 0x84] add eax, edi mov dword [ebp - 0x70], eax -loc_fffa7c09: ; not directly referenced +loc_fffa7bb7: ; not directly referenced cmp byte [ebp + esi - 0x3c], 0 -jne loc_fffa7ccb ; jne 0xfffa7ccb +jne loc_fffa7c79 ; jne 0xfffa7c79 mov edx, dword [ebp + esi*4 - 0x28] cmp edx, dword [ebp - 0x60] -ja loc_fffa7ccb ; ja 0xfffa7ccb +ja loc_fffa7c79 ; ja 0xfffa7c79 cmp byte [ebp - 0x4c], 0 -jne short loc_fffa7c45 ; jne 0xfffa7c45 +jne short loc_fffa7bf3 ; jne 0xfffa7bf3 mov ecx, dword [ebp + esi*4 - 0x38] mov eax, edx sub eax, dword [ebp - 0x5c] bt ecx, eax -jae loc_fffa7cc1 ; jae 0xfffa7cc1 +jae loc_fffa7c6f ; jae 0xfffa7c6f mov eax, ebx imul eax, edx cmp eax, 0x1312d00 -ja short loc_fffa7cc1 ; ja 0xfffa7cc1 +ja short loc_fffa7c6f ; ja 0xfffa7c6f -loc_fffa7c45: ; not directly referenced +loc_fffa7bf3: ; not directly referenced mov byte [ebp + esi - 0x3c], 1 cmp esi, dword [edi + 0x18a7] -jne short loc_fffa7c5f ; jne 0xfffa7c5f -mov dword [edi + 0x36df], ebx +jne short loc_fffa7c0d ; jne 0xfffa7c0d +mov dword [edi + 0x36e0], ebx mov dword [ebp - 0x80], 1 -loc_fffa7c5f: ; not directly referenced +loc_fffa7c0d: ; not directly referenced mov eax, dword [ebp - 0x70] xor ecx, ecx -loc_fffa7c64: ; not directly referenced -cmp dword [edi + ecx + 0x48c9], 2 -jne short loc_fffa7c88 ; jne 0xfffa7c88 -mov word [eax + 0x48d3], dx -mov word [eax + 0x3760], dx -mov dword [eax + 0x48cd], ebx -mov dword [eax + 0x375a], ebx - -loc_fffa7c88: ; not directly referenced -cmp dword [edi + ecx + 0x49f1], 2 -jne short loc_fffa7cac ; jne 0xfffa7cac -mov word [eax + 0x49fb], dx -mov word [eax + 0x3760], dx -mov dword [eax + 0x49f5], ebx -mov dword [eax + 0x375a], ebx - -loc_fffa7cac: ; not directly referenced +loc_fffa7c12: ; not directly referenced +cmp dword [edi + ecx + 0x48ca], 2 +jne short loc_fffa7c36 ; jne 0xfffa7c36 +mov word [eax + 0x48d4], dx +mov word [eax + 0x3761], dx +mov dword [eax + 0x48ce], ebx +mov dword [eax + 0x375b], ebx + +loc_fffa7c36: ; not directly referenced +cmp dword [edi + ecx + 0x49f2], 2 +jne short loc_fffa7c5a ; jne 0xfffa7c5a +mov word [eax + 0x49fc], dx +mov word [eax + 0x3761], dx +mov dword [eax + 0x49f6], ebx +mov dword [eax + 0x375b], ebx + +loc_fffa7c5a: ; not directly referenced add ecx, 0x13c3 add eax, 0x13c3 cmp ecx, 0x2786 -jne short loc_fffa7c64 ; jne 0xfffa7c64 -jmp short loc_fffa7ccb ; jmp 0xfffa7ccb +jne short loc_fffa7c12 ; jne 0xfffa7c12 +jmp short loc_fffa7c79 ; jmp 0xfffa7c79 -loc_fffa7cc1: ; not directly referenced +loc_fffa7c6f: ; not directly referenced inc edx mov dword [ebp + esi*4 - 0x28], edx -jmp near loc_fffa7c09 ; jmp 0xfffa7c09 +jmp near loc_fffa7bb7 ; jmp 0xfffa7bb7 -loc_fffa7ccb: ; not directly referenced +loc_fffa7c79: ; not directly referenced cmp byte [ebp + esi - 0x3c], 0 -jne loc_fffa7d5e ; jne 0xfffa7d5e +jne loc_fffa7d0c ; jne 0xfffa7d0c cmp byte [ebp - 0x4c], 0 -je short loc_fffa7ceb ; je 0xfffa7ceb +je short loc_fffa7c99 ; je 0xfffa7c99 cmp byte [edi + 0x1876], 0 -jne short loc_fffa7d5e ; jne 0xfffa7d5e +jne short loc_fffa7d0c ; jne 0xfffa7d0c cmp byte [ebp - 0x79], 1 -je short loc_fffa7d5e ; je 0xfffa7d5e +je short loc_fffa7d0c ; je 0xfffa7d0c -loc_fffa7ceb: ; not directly referenced +loc_fffa7c99: ; not directly referenced mov eax, dword [ebp - 0x44] -loc_fffa7cee: ; not directly referenced +loc_fffa7c9c: ; not directly referenced dec eax test eax, eax -jle short loc_fffa7d57 ; jle 0xfffa7d57 +jle short loc_fffa7d05 ; jle 0xfffa7d05 lea edx, [eax + eax*8] -mov dl, byte [edx + ref_fffd34b8] ; mov dl, byte [edx - 0x2cb48] +mov dl, byte [edx + ref_fffd3804] ; mov dl, byte [edx - 0x2c7fc] cmp dl, 3 -jne short loc_fffa7d33 ; jne 0xfffa7d33 +jne short loc_fffa7ce1 ; jne 0xfffa7ce1 -loc_fffa7d01: ; not directly referenced +loc_fffa7caf: ; not directly referenced mov dword [ebp - 0x44], eax lea eax, [eax + eax*8] -mov ebx, dword [eax + ref_fffd34b0] ; mov ebx, dword [eax - 0x2cb50] +mov ebx, dword [eax + ref_fffd37fc] ; mov ebx, dword [eax - 0x2c804] lea ecx, [ebp - 0x44] -mov eax, dword [edi + 0x36e3] +mov eax, dword [edi + 0x36e4] mov edx, ebx -call fcn_fffaf08c ; call 0xfffaf08c +call fcn_fffb3dc3 ; call 0xfffb3dc3 xor eax, eax test ebx, ebx -je short loc_fffa7d51 ; je 0xfffa7d51 +je short loc_fffa7cff ; je 0xfffa7cff mov eax, dword [ebp - 0x54] xor edx, edx lea eax, [ebx + eax - 1] add eax, dword [ebp - 0x6c] div ebx -jmp short loc_fffa7d51 ; jmp 0xfffa7d51 +jmp short loc_fffa7cff ; jmp 0xfffa7cff -loc_fffa7d33: ; not directly referenced +loc_fffa7ce1: ; not directly referenced cmp dl, 1 -jne short loc_fffa7d41 ; jne 0xfffa7d41 -cmp dword [edi + 0x36e3], 0 -jmp short loc_fffa7d4d ; jmp 0xfffa7d4d +jne short loc_fffa7cef ; jne 0xfffa7cef +cmp dword [edi + 0x36e4], 0 +jmp short loc_fffa7cfb ; jmp 0xfffa7cfb -loc_fffa7d41: ; not directly referenced +loc_fffa7cef: ; not directly referenced cmp dl, 2 -jne short loc_fffa7cee ; jne 0xfffa7cee -cmp dword [edi + 0x36e3], 1 +jne short loc_fffa7c9c ; jne 0xfffa7c9c +cmp dword [edi + 0x36e4], 1 -loc_fffa7d4d: ; not directly referenced -jne short loc_fffa7cee ; jne 0xfffa7cee -jmp short loc_fffa7d01 ; jmp 0xfffa7d01 +loc_fffa7cfb: ; not directly referenced +jne short loc_fffa7c9c ; jne 0xfffa7c9c +jmp short loc_fffa7caf ; jmp 0xfffa7caf -loc_fffa7d51: ; not directly referenced +loc_fffa7cff: ; not directly referenced mov dword [ebp + esi*4 - 0x28], eax -jmp short loc_fffa7d8c ; jmp 0xfffa7d8c +jmp short loc_fffa7d3a ; jmp 0xfffa7d3a -loc_fffa7d57: ; not directly referenced +loc_fffa7d05: ; not directly referenced mov dword [ebp - 0x44], eax -jmp short loc_fffa7d8c ; jmp 0xfffa7d8c +jmp short loc_fffa7d3a ; jmp 0xfffa7d3a -loc_fffa7d5c: ; not directly referenced +loc_fffa7d0a: ; not directly referenced xor ebx, ebx -loc_fffa7d5e: ; not directly referenced +loc_fffa7d0c: ; not directly referenced inc esi cmp esi, 4 -jne loc_fffa78a9 ; jne 0xfffa78a9 -mov edx, dword [edi + 0x36df] +jne loc_fffa7857 ; jne 0xfffa7857 +mov edx, dword [edi + 0x36e0] xor ecx, ecx -mov eax, dword [edi + 0x36e3] -call fcn_fffaf08c ; call 0xfffaf08c -mov dword [edi + 0x36d7], eax +mov eax, dword [edi + 0x36e4] +call fcn_fffb3dc3 ; call 0xfffb3dc3 +mov dword [edi + 0x36d8], eax mov eax, dword [ebp - 0x80] lea esp, [ebp - 0xc] pop ebx @@ -10005,12 +9968,12 @@ pop edi pop ebp ret -loc_fffa7d8c: ; not directly referenced +loc_fffa7d3a: ; not directly referenced cmp dword [ebp - 0x44], 0 -jg loc_fffa7c09 ; jg 0xfffa7c09 -jmp short loc_fffa7d5e ; jmp 0xfffa7d5e +jg loc_fffa7bb7 ; jg 0xfffa7bb7 +jmp short loc_fffa7d0c ; jmp 0xfffa7d0c -fcn_fffa7d98: ; not directly referenced +fcn_fffa7d46: ; not directly referenced push ebp mov ebp, esp push edi @@ -10025,21 +9988,21 @@ cmp cl, 0x10 mov byte [ebp - 0xd], al sete al or bl, al -jne short loc_fffa7dce ; jne 0xfffa7dce +jne short loc_fffa7d7c ; jne 0xfffa7d7c cmp cl, 0x21 sete bl cmp cl, 0x11 sete al or bl, al -je loc_fffa7e62 ; je 0xfffa7e62 +je loc_fffa7e10 ; je 0xfffa7e10 -loc_fffa7dce: ; not directly referenced +loc_fffa7d7c: ; not directly referenced xor ebx, ebx cmp cl, 0x21 -ja short loc_fffa7ddc ; ja 0xfffa7ddc -movzx ebx, byte [ecx + ref_fffd5f1c] ; movzx ebx, byte [ecx - 0x2a0e4] +ja short loc_fffa7d8a ; ja 0xfffa7d8a +movzx ebx, byte [ecx + ref_fffd58e0] ; movzx ebx, byte [ecx - 0x2a720] -loc_fffa7ddc: ; not directly referenced +loc_fffa7d8a: ; not directly referenced cmp bl, 7 mov eax, 7 cmovbe eax, ebx @@ -10050,29 +10013,29 @@ movzx eax, byte [ebp - 0xd] imul eax, eax, 0x12 mov dword [ebp - 0x20], eax -loc_fffa7dfc: ; not directly referenced +loc_fffa7daa: ; not directly referenced imul eax, ebx, 0x13c3 mov esi, dword [ebp - 0x14] -cmp dword [esi + eax + 0x3756], 2 -je short loc_fffa7e17 ; je 0xfffa7e17 +cmp dword [esi + eax + 0x3757], 2 +je short loc_fffa7dc5 ; je 0xfffa7dc5 -loc_fffa7e0f: ; not directly referenced +loc_fffa7dbd: ; not directly referenced inc ebx cmp ebx, 2 -je short loc_fffa7e62 ; je 0xfffa7e62 -jmp short loc_fffa7dfc ; jmp 0xfffa7dfc +je short loc_fffa7e10 ; je 0xfffa7e10 +jmp short loc_fffa7daa ; jmp 0xfffa7daa -loc_fffa7e17: ; not directly referenced +loc_fffa7dc5: ; not directly referenced lea eax, [ebx + ebx*8] add eax, dword [ebp - 0x20] mov byte [ebp - 0xd], 0 mov dword [ebp - 0x1c], eax -loc_fffa7e24: ; not directly referenced +loc_fffa7dd2: ; not directly referenced mov esi, dword [ebp - 0x14] mov al, byte [ebp - 0xd] -cmp al, byte [esi + 0x2488] -jae short loc_fffa7e0f ; jae 0xfffa7e0f +cmp al, byte [esi + 0x2489] +jae short loc_fffa7dbd ; jae 0xfffa7dbd movzx ecx, byte [ebp - 0xd] mov esi, 0xa xor edx, edx @@ -10088,9 +10051,9 @@ mov ecx, dword [ebp - 0x18] imul eax, dword [ecx + 4], 0xf div esi mov dword [ecx + 4], eax -jmp short loc_fffa7e24 ; jmp 0xfffa7e24 +jmp short loc_fffa7dd2 ; jmp 0xfffa7dd2 -loc_fffa7e62: ; not directly referenced +loc_fffa7e10: ; not directly referenced add esp, 0x14 xor eax, eax pop ebx @@ -10099,7 +10062,7 @@ pop edi pop ebp ret -fcn_fffa7e6c: ; not directly referenced +fcn_fffa7e1a: ; not directly referenced push ebp mov ebp, esp push edi @@ -10111,66 +10074,66 @@ mov dword [ebp - 0x24], eax movzx eax, byte [ebp + 8] mov byte [ebp - 0x1b], bl cmp cl, 0xd -ja short loc_fffa7e9f ; ja 0xfffa7e9f +ja short loc_fffa7e4d ; ja 0xfffa7e4d cmp cl, 0xb -jae short loc_fffa7eba ; jae 0xfffa7eba +jae short loc_fffa7e68 ; jae 0xfffa7e68 cmp cl, 2 -jbe short loc_fffa7eba ; jbe 0xfffa7eba +jbe short loc_fffa7e68 ; jbe 0xfffa7e68 lea ebx, [ecx - 4] cmp bl, 1 -ja loc_fffa7fd1 ; ja 0xfffa7fd1 -jmp short loc_fffa7eba ; jmp 0xfffa7eba +ja loc_fffa7f7f ; ja 0xfffa7f7f +jmp short loc_fffa7e68 ; jmp 0xfffa7e68 -loc_fffa7e9f: ; not directly referenced +loc_fffa7e4d: ; not directly referenced cmp cl, 0x10 -jb loc_fffa7fd1 ; jb 0xfffa7fd1 +jb loc_fffa7f7f ; jb 0xfffa7f7f cmp cl, 0x11 -jbe short loc_fffa7ec0 ; jbe 0xfffa7ec0 +jbe short loc_fffa7e6e ; jbe 0xfffa7e6e lea ebx, [ecx - 0x20] cmp bl, 1 -jbe short loc_fffa7ec0 ; jbe 0xfffa7ec0 -jmp near loc_fffa7fd1 ; jmp 0xfffa7fd1 +jbe short loc_fffa7e6e ; jbe 0xfffa7e6e +jmp near loc_fffa7f7f ; jmp 0xfffa7f7f -loc_fffa7eba: ; not directly referenced +loc_fffa7e68: ; not directly referenced mov byte [ebp - 0x1a], 0xa -jmp short loc_fffa7ec4 ; jmp 0xfffa7ec4 +jmp short loc_fffa7e72 ; jmp 0xfffa7e72 -loc_fffa7ec0: ; not directly referenced +loc_fffa7e6e: ; not directly referenced mov byte [ebp - 0x1a], 7 -loc_fffa7ec4: ; not directly referenced +loc_fffa7e72: ; not directly referenced xor ebx, ebx cmp cl, 0x21 -ja short loc_fffa7ed2 ; ja 0xfffa7ed2 -movzx ebx, byte [ecx + ref_fffd5f1c] ; movzx ebx, byte [ecx - 0x2a0e4] +ja short loc_fffa7e80 ; ja 0xfffa7e80 +movzx ebx, byte [ecx + ref_fffd58e0] ; movzx ebx, byte [ecx - 0x2a720] -loc_fffa7ed2: ; not directly referenced +loc_fffa7e80: ; not directly referenced cmp bl, 7 mov ecx, 7 mov esi, dword [ebp - 0x24] cmovbe ecx, ebx imul ecx, ecx, 0x240 imul eax, eax, 0x12 -add esi, 0x3756 +add esi, 0x3757 mov dword [ebp - 0x14], esi lea edi, [edx + ecx] mov dword [ebp - 0x18], 0 mov dword [ebp - 0x34], eax -loc_fffa7eff: ; not directly referenced +loc_fffa7ead: ; not directly referenced mov eax, dword [ebp - 0x14] cmp dword [eax], 2 -je short loc_fffa7f1e ; je 0xfffa7f1e +je short loc_fffa7ecc ; je 0xfffa7ecc -loc_fffa7f07: ; not directly referenced +loc_fffa7eb5: ; not directly referenced inc dword [ebp - 0x18] add dword [ebp - 0x14], 0x13c3 cmp dword [ebp - 0x18], 2 -jne short loc_fffa7eff ; jne 0xfffa7eff +jne short loc_fffa7ead ; jne 0xfffa7ead xor eax, eax -jmp near loc_fffa7fd6 ; jmp 0xfffa7fd6 +jmp near loc_fffa7f84 ; jmp 0xfffa7f84 -loc_fffa7f1e: ; not directly referenced +loc_fffa7ecc: ; not directly referenced imul eax, dword [ebp - 0x18], 9 mov esi, dword [ebp - 0x34] mov byte [ebp - 0x19], 0 @@ -10180,11 +10143,11 @@ movzx eax, byte [ebp - 0x1a] mov dword [ebp - 0x28], esi mov dword [ebp - 0x30], eax -loc_fffa7f38: ; not directly referenced +loc_fffa7ee6: ; not directly referenced mov edx, dword [ebp - 0x24] mov al, byte [ebp - 0x19] -cmp al, byte [edx + 0x2488] -jae short loc_fffa7f07 ; jae 0xfffa7f07 +cmp al, byte [edx + 0x2489] +jae short loc_fffa7eb5 ; jae 0xfffa7eb5 movzx esi, al mov edx, dword [ebp - 0x2c] xor ecx, ecx @@ -10197,32 +10160,32 @@ mov dword [ebp - 0x10], ebx mov ebx, eax mov dword [ebp - 0x20], edx -loc_fffa7f63: ; not directly referenced +loc_fffa7f11: ; not directly referenced mov eax, dword [ebp - 0x14] mov edx, 1 shl edx, cl and dl, byte [eax + 0xc4] test byte [ebp - 0x1b], dl -je short loc_fffa7f9e ; je 0xfffa7f9e +je short loc_fffa7f4c ; je 0xfffa7f4c imul edx, ecx, 0x90 mov eax, dword [ebp - 0x20] mov eax, dword [eax + edx] cmp dword [edi + ebx*8], eax -jbe short loc_fffa7f8c ; jbe 0xfffa7f8c +jbe short loc_fffa7f3a ; jbe 0xfffa7f3a mov dword [edi + ebx*8], eax -loc_fffa7f8c: ; not directly referenced +loc_fffa7f3a: ; not directly referenced mov eax, dword [ebp - 0x20] mov edx, dword [eax + edx + 4] mov eax, dword [ebp - 0x10] cmp dword [eax + 4], edx -jbe short loc_fffa7f9e ; jbe 0xfffa7f9e +jbe short loc_fffa7f4c ; jbe 0xfffa7f4c mov dword [eax + 4], edx -loc_fffa7f9e: ; not directly referenced +loc_fffa7f4c: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffa7f63 ; jne 0xfffa7f63 +jne short loc_fffa7f11 ; jne 0xfffa7f11 add esi, dword [ebp - 0x28] mov cl, 0xa mov ebx, dword [ebp - 0x30] @@ -10238,12 +10201,12 @@ mov eax, ebx imul eax, dword [esi + 4] div ecx mov dword [esi + 4], eax -jmp near loc_fffa7f38 ; jmp 0xfffa7f38 +jmp near loc_fffa7ee6 ; jmp 0xfffa7ee6 -loc_fffa7fd1: ; not directly referenced +loc_fffa7f7f: ; not directly referenced mov eax, 2 -loc_fffa7fd6: ; not directly referenced +loc_fffa7f84: ; not directly referenced add esp, 0x28 pop ebx pop esi @@ -10251,7 +10214,7 @@ pop edi pop ebp ret -fcn_fffa7fde: ; not directly referenced +fcn_fffa7f8c: ; not directly referenced push ebp mov ebp, esp push edi @@ -10271,18 +10234,18 @@ mov byte [ebp - 0x39], 0xf0 mov dword [ebp - 0x54], 0 mov word [ebp - 0x6e], ax -loc_fffa8015: ; not directly referenced +loc_fffa7fc3: ; not directly referenced mov eax, dword [ebp - 0x54] mov bx, word [ebp - 0x6e] mov word [ebp - 0x68], ax cmp ax, bx -jae loc_fffa819d ; jae 0xfffa819d +jae loc_fffa814b ; jae 0xfffa814b mov eax, dword [ebp - 0x50] xor ecx, ecx or eax, dword [ebp - 0x4c] mov dword [ebp - 0x6c], eax -loc_fffa8034: ; not directly referenced +loc_fffa7fe2: ; not directly referenced mov esi, 1 mov ebx, dword [ebp - 0x4c] mov al, 1 @@ -10292,30 +10255,30 @@ setne dl and ebx, esi setne byte [ebp - 0x56] test byte [ebp - 0x56], dl -jne short loc_fffa8067 ; jne 0xfffa8067 +jne short loc_fffa8015 ; jne 0xfffa8015 test ebx, ebx sete bl xor eax, eax test bl, dl -jne short loc_fffa8067 ; jne 0xfffa8067 +jne short loc_fffa8015 ; jne 0xfffa8015 and esi, dword [ebp - 0x6c] cmp esi, 1 sbb eax, eax add eax, 3 -loc_fffa8067: ; not directly referenced +loc_fffa8015: ; not directly referenced movzx eax, al mov al, byte [ebp + eax - 0x3c] mov byte [ebp + ecx - 0x38], al inc ecx cmp ecx, 0x20 -jne short loc_fffa8034 ; jne 0xfffa8034 +jne short loc_fffa7fe2 ; jne 0xfffa7fe2 mov eax, dword [ebp - 0x68] xor esi, esi add eax, dword [ebp - 0x58] mov word [ebp - 0x56], ax -loc_fffa8084: ; not directly referenced +loc_fffa8032: ; not directly referenced mov ecx, esi mov eax, 1 shl eax, cl @@ -10324,34 +10287,34 @@ mov dword [ebp - 0x68], eax xor ecx, ecx mov edx, 1 -loc_fffa8099: ; not directly referenced +loc_fffa8047: ; not directly referenced mov al, byte [ebp - 0x68] test byte [ebp + ecx - 0x38], al -je short loc_fffa80a8 ; je 0xfffa80a8 +je short loc_fffa8056 ; je 0xfffa8056 mov eax, edx shl eax, cl or ebx, eax -loc_fffa80a8: ; not directly referenced +loc_fffa8056: ; not directly referenced inc ecx cmp ecx, 0x20 -jne short loc_fffa8099 ; jne 0xfffa8099 -cmp dword [edi + 0x3756], 2 +jne short loc_fffa8047 ; jne 0xfffa8047 +cmp dword [edi + 0x3757], 2 lea eax, [esi + 0x10000] mov dword [ebp - 0x68], eax -jne short loc_fffa8113 ; jne 0xfffa8113 +jne short loc_fffa80c1 ; jne 0xfffa80c1 mov ecx, ebx mov edx, 0x42dc mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, ebx mov edx, 0x42e0 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x68] mov edx, 0x42d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x56] mov ecx, 0xfff mov edx, 0x42d0 @@ -10360,23 +10323,23 @@ cmovbe ecx, eax mov eax, edi and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8113: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffa816f ; jne 0xfffa816f +loc_fffa80c1: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffa811d ; jne 0xfffa811d mov ecx, ebx mov edx, 0x46dc mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, ebx mov edx, 0x46e0 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, dword [ebp - 0x68] mov edx, 0x46d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x56] mov ecx, 0xfff mov edx, 0x46d0 @@ -10385,12 +10348,12 @@ cmovbe ecx, eax mov eax, edi and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa816f: ; not directly referenced +loc_fffa811d: ; not directly referenced inc esi cmp esi, 8 -jne loc_fffa8084 ; jne 0xfffa8084 +jne loc_fffa8032 ; jne 0xfffa8032 mov ebx, dword [ebp - 0x50] mov esi, dword [ebp - 0x4c] add dword [ebp - 0x50], ebx @@ -10402,25 +10365,25 @@ mov eax, esi shr eax, 0x1f inc dword [ebp - 0x54] or dword [ebp - 0x4c], eax -jmp near loc_fffa8015 ; jmp 0xfffa8015 +jmp near loc_fffa7fc3 ; jmp 0xfffa7fc3 -loc_fffa819d: ; not directly referenced -cmp dword [edi + 0x3756], 2 -jne short loc_fffa81b4 ; jne 0xfffa81b4 +loc_fffa814b: ; not directly referenced +cmp dword [edi + 0x3757], 2 +jne short loc_fffa8162 ; jne 0xfffa8162 xor ecx, ecx mov edx, 0x42d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa81b4: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffa81cb ; jne 0xfffa81cb +loc_fffa8162: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffa8179 ; jne 0xfffa8179 xor ecx, ecx mov edx, 0x46d4 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa81cb: ; not directly referenced +loc_fffa8179: ; not directly referenced add esp, 0x6c pop ebx pop esi @@ -10428,7 +10391,7 @@ pop edi pop ebp ret -fcn_fffa81d3: ; not directly referenced +fcn_fffa8181: ; not directly referenced push ebp mov ebp, esp push edi @@ -10444,19 +10407,19 @@ mov word [ebp - 0x22], ax movzx eax, byte [ebp + 8] mov dword [ebp - 0x34], eax -loc_fffa81f4: ; not directly referenced +loc_fffa81a2: ; not directly referenced mov dword [ebp - 0x20], 1 mov ecx, edi mov esi, 0x46dc shl dword [ebp - 0x20], cl -loc_fffa8205: ; not directly referenced +loc_fffa81b3: ; not directly referenced lea eax, [esi*8 - 0x236e0] xor ecx, ecx mov dword [ebp - 0x28], eax mov dword [ebp - 0x1c], 0 -loc_fffa8218: ; not directly referenced +loc_fffa81c6: ; not directly referenced mov eax, dword [ebp - 0x28] add eax, ecx cdq @@ -10467,41 +10430,41 @@ movzx eax, byte [eax + edx] mov edx, dword [ebp - 0x2c] movzx eax, byte [edx + eax] test dword [ebp - 0x20], eax -je short loc_fffa8241 ; je 0xfffa8241 +je short loc_fffa81ef ; je 0xfffa81ef mov eax, 1 shl eax, cl or dword [ebp - 0x1c], eax -loc_fffa8241: ; not directly referenced +loc_fffa81ef: ; not directly referenced inc ecx cmp ecx, 0x20 -jne short loc_fffa8218 ; jne 0xfffa8218 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffa8260 ; jne 0xfffa8260 +jne short loc_fffa81c6 ; jne 0xfffa81c6 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa820e ; jne 0xfffa820e mov ecx, dword [ebp - 0x1c] lea edx, [esi - 0x400] mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8260: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffa8275 ; jne 0xfffa8275 +loc_fffa820e: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8223 ; jne 0xfffa8223 mov ecx, dword [ebp - 0x1c] mov edx, esi mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8275: ; not directly referenced +loc_fffa8223: ; not directly referenced add esi, 4 cmp esi, 0x46e4 -jne short loc_fffa8205 ; jne 0xfffa8205 -cmp dword [ebx + 0x3756], 2 +jne short loc_fffa81b3 ; jne 0xfffa81b3 +cmp dword [ebx + 0x3757], 2 lea esi, [edi + 0x10000] -jne short loc_fffa82c5 ; jne 0xfffa82c5 +jne short loc_fffa8273 ; jne 0xfffa8273 mov ecx, esi mov edx, 0x42d4 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x22] mov ecx, 0xfff mov edx, 0x42d0 @@ -10510,15 +10473,15 @@ cmovbe ecx, eax mov eax, ebx and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa82c5: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffa8304 ; jne 0xfffa8304 +loc_fffa8273: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa82b2 ; jne 0xfffa82b2 mov ecx, esi mov edx, 0x46d4 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ax, word [ebp - 0x22] mov ecx, 0xfff mov edx, 0x46d0 @@ -10527,22 +10490,22 @@ cmovbe ecx, eax mov eax, ebx and ecx, 0xfff or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8304: ; not directly referenced +loc_fffa82b2: ; not directly referenced inc edi cmp edi, 8 -jne loc_fffa81f4 ; jne 0xfffa81f4 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffa8325 ; jne 0xfffa8325 +jne loc_fffa81a2 ; jne 0xfffa81a2 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa82d3 ; jne 0xfffa82d3 xor ecx, ecx mov edx, 0x42d4 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8325: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffa8343 ; jne 0xfffa8343 +loc_fffa82d3: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa82f1 ; jne 0xfffa82f1 add esp, 0x2c mov eax, ebx pop ebx @@ -10551,9 +10514,9 @@ pop esi mov edx, 0x46d4 pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -loc_fffa8343: ; not directly referenced +loc_fffa82f1: ; not directly referenced add esp, 0x2c pop ebx pop esi @@ -10561,7 +10524,7 @@ pop edi pop ebp ret -fcn_fffa834b: ; not directly referenced +fcn_fffa82f9: ; not directly referenced push ebp mov ebp, esp push edi @@ -10569,15 +10532,15 @@ mov edi, eax push esi push ebx sub esp, 0x2c -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] cmp edx, 0x4a -ja short loc_fffa836a ; ja 0xfffa836a +ja short loc_fffa8318 ; ja 0xfffa8318 lea ebx, [edx + 1] xor esi, esi shr ebx, 1 -jmp short loc_fffa83ab ; jmp 0xfffa83ab +jmp short loc_fffa8359 ; jmp 0xfffa8359 -loc_fffa836a: ; not directly referenced +loc_fffa8318: ; not directly referenced mov edi, dword [eax + 0x18d1] sub esp, 0xc mov dword [ebp - 0x2c], edx @@ -10590,34 +10553,34 @@ add edx, eax mov esi, eax mov dword [ebp - 0x1c], edx -loc_fffa838d: ; not directly referenced +loc_fffa833b: ; not directly referenced sub esp, 0xc push edi call dword [ebx + 0x20] ; ucall mov edx, dword [ebp - 0x1c] add esp, 0x10 cmp edx, esi -ja short loc_fffa83a2 ; ja 0xfffa83a2 +ja short loc_fffa8350 ; ja 0xfffa8350 cmp eax, esi -jae short loc_fffa838d ; jae 0xfffa838d +jae short loc_fffa833b ; jae 0xfffa833b -loc_fffa83a2: ; not directly referenced +loc_fffa8350: ; not directly referenced mov edx, dword [ebp - 0x1c] cmp eax, edx -jae short loc_fffa83c1 ; jae 0xfffa83c1 -jmp short loc_fffa838d ; jmp 0xfffa838d +jae short loc_fffa836f ; jae 0xfffa836f +jmp short loc_fffa833b ; jmp 0xfffa833b -loc_fffa83ab: ; not directly referenced +loc_fffa8359: ; not directly referenced cmp esi, ebx -je short loc_fffa83c1 ; je 0xfffa83c1 +je short loc_fffa836f ; je 0xfffa836f mov edx, 0x4ce0 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f inc esi mov dword [ebp - 0x1c], eax -jmp short loc_fffa83ab ; jmp 0xfffa83ab +jmp short loc_fffa8359 ; jmp 0xfffa8359 -loc_fffa83c1: ; not directly referenced +loc_fffa836f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -10625,7 +10588,7 @@ pop edi pop ebp ret -fcn_fffa83c9: ; not directly referenced +fcn_fffa8377: ; not directly referenced push ebp mov ebp, esp push edi @@ -10637,51 +10600,51 @@ mov eax, dword [ebp + 8] mov dword [ebp - 0x20], edx mov dword [ebp - 0x30], eax mov byte [ebp - 0x31], al -mov eax, dword [edi + 0x5edc] +mov eax, dword [edi + 0x5edd] mov dword [ebp - 0x1c], eax mov ebx, dword [eax + 0xc] mov esi, dword [eax + 0x10] cmp dl, 8 -ja loc_fffa850b ; ja 0xfffa850b -jmp dword [edx*4 + ref_fffd3308] ; ujmp: jmp dword [edx*4 - 0x2ccf8] +ja loc_fffa84b9 ; ja 0xfffa84b9 +jmp dword [edx*4 + ref_fffd35f8] ; ujmp: jmp dword [edx*4 - 0x2ca08] -loc_fffa83ff: ; not directly referenced +loc_fffa83ad: ; not directly referenced and ecx, 0x1f and ebx, 0xfff07bff shl ecx, 0xf -jmp short loc_fffa8416 ; jmp 0xfffa8416 +jmp short loc_fffa83c4 ; jmp 0xfffa83c4 -loc_fffa840d: ; not directly referenced +loc_fffa83bb: ; not directly referenced and ecx, 0xf and bh, 0x87 shl ecx, 0xb -loc_fffa8416: ; not directly referenced +loc_fffa83c4: ; not directly referenced or ebx, ecx -jmp near loc_fffa850b ; jmp 0xfffa850b +jmp near loc_fffa84b9 ; jmp 0xfffa84b9 -loc_fffa841d: ; not directly referenced +loc_fffa83cb: ; not directly referenced and ecx, 0xf and ebx, 0xf00fffff mov eax, ecx shl eax, 0x14 shl ecx, 0x18 or ebx, eax -jmp short loc_fffa8416 ; jmp 0xfffa8416 +jmp short loc_fffa83c4 ; jmp 0xfffa83c4 -loc_fffa8432: ; not directly referenced +loc_fffa83e0: ; not directly referenced shl ecx, 0x1c and ebx, 0xfffffff -jmp short loc_fffa8416 ; jmp 0xfffa8416 +jmp short loc_fffa83c4 ; jmp 0xfffa83c4 -loc_fffa843d: ; not directly referenced +loc_fffa83eb: ; not directly referenced mov eax, ecx and esi, 0xffffffe0 and eax, 0xf and ecx, 0x10 -jmp short loc_fffa8492 ; jmp 0xfffa8492 +jmp short loc_fffa8440 ; jmp 0xfffa8440 -loc_fffa844a: ; not directly referenced +loc_fffa83f8: ; not directly referenced mov eax, ecx and esi, 0xfffffc1f and eax, 0xf @@ -10697,9 +10660,9 @@ shl eax, 0xa or esi, edx and esi, 0xffff83ff shl ecx, 0xe -jmp short loc_fffa8492 ; jmp 0xfffa8492 +jmp short loc_fffa8440 ; jmp 0xfffa8440 -loc_fffa847b: ; not directly referenced +loc_fffa8429: ; not directly referenced mov eax, ecx and esi, 0xfff07fff and eax, 0xf @@ -10707,12 +10670,12 @@ shl ecx, 0xf shl eax, 0xf and ecx, 0x80000 -loc_fffa8492: ; not directly referenced +loc_fffa8440: ; not directly referenced or esi, eax or esi, ecx -jmp short loc_fffa850b ; jmp 0xfffa850b +jmp short loc_fffa84b9 ; jmp 0xfffa84b9 -loc_fffa8498: ; not directly referenced +loc_fffa8446: ; not directly referenced and ecx, 1 and ebx, 0xfffffff7 lea eax, [ecx*8] @@ -10724,7 +10687,7 @@ mov dword [ebp - 0x38], ecx add eax, 0x1c mov dword [ebp - 0x2c], eax -loc_fffa84bd: ; not directly referenced +loc_fffa846b: ; not directly referenced mov eax, dword [ebp - 0x2c] mov ecx, 0xff mov edx, dword [ebp - 0x28] @@ -10734,55 +10697,55 @@ mov eax, dword [ebp - 0x38] and dword [ebp - 0x24], 0xfbffffff or dword [ebp - 0x24], eax mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebp - 0x24] mov edx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 cmp byte [ebp - 0x31], 0 -je short loc_fffa84fb ; je 0xfffa84fb +je short loc_fffa84a9 ; je 0xfffa84a9 mov eax, dword [ebp - 0x2c] mov ecx, dword [ebp - 0x24] mov dword [eax], ecx -loc_fffa84fb: ; not directly referenced +loc_fffa84a9: ; not directly referenced inc dword [ebp - 0x28] add dword [ebp - 0x2c], 0xcc cmp dword [ebp - 0x28], 2 -jne short loc_fffa84bd ; jne 0xfffa84bd +jne short loc_fffa846b ; jne 0xfffa846b -loc_fffa850b: ; not directly referenced +loc_fffa84b9: ; not directly referenced mov ecx, ebx mov edx, 0x3a14 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov ecx, esi mov edx, 0x3a18 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x30], 0 -je short loc_fffa8536 ; je 0xfffa8536 +je short loc_fffa84e4 ; je 0xfffa84e4 mov eax, dword [ebp - 0x1c] mov dword [eax + 0xc], ebx mov dword [eax + 0x10], esi -loc_fffa8536: ; not directly referenced +loc_fffa84e4: ; not directly referenced mov ecx, 0x115 mov edx, 0x5f08 mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x78 mov eax, edi -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 cmp byte [ebp - 0x20], 0 -jne loc_fffa8620 ; jne 0xfffa8620 +jne loc_fffa85ce ; jne 0xfffa85ce mov edx, 0x3a04 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f and eax, 0x3f lea edx, [eax - 0x10] cmp dl, 0x20 -jbe loc_fffa8636 ; jbe 0xfffa8636 +jbe loc_fffa85e4 ; jbe 0xfffa85e4 mov edx, ebx and ebx, 0xfffffff7 or edx, 8 @@ -10798,7 +10761,7 @@ mov byte [ebp - 0x24], al shl eax, 2 mov byte [ebp - 0x28], al -loc_fffa85a3: ; not directly referenced +loc_fffa8551: ; not directly referenced mov al, byte [esi + 3] mov ecx, 0xff add esi, 0xcc @@ -10807,18 +10770,18 @@ and eax, 0xfffffffb or eax, dword [ebp - 0x28] mov byte [esi - 0xc9], al mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [esi - 0xcc] mov edx, eax mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 inc dword [ebp - 0x20] cmp dword [ebp - 0x20], 2 -jne short loc_fffa85a3 ; jne 0xfffa85a3 +jne short loc_fffa8551 ; jne 0xfffa8551 mov ecx, ebx mov eax, edi mov edx, 0x3a14 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov esi, dword [ebp - 0x1c] mov ecx, 0x115 mov dl, byte [ebp - 0x24] @@ -10829,36 +10792,36 @@ or eax, edx mov edx, 0x5f08 mov byte [esi + 0xc], al mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov edx, 0x78 mov eax, edi -call fcn_fffa834b ; call 0xfffa834b -jmp short loc_fffa8636 ; jmp 0xfffa8636 +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp short loc_fffa85e4 ; jmp 0xfffa85e4 -loc_fffa8620: ; not directly referenced +loc_fffa85ce: ; not directly referenced mov al, byte [ebp - 0x20] dec eax cmp al, 7 -ja loc_fffa8702 ; ja 0xfffa8702 +ja loc_fffa86b0 ; ja 0xfffa86b0 movzx eax, al -jmp dword [eax*4 + ref_fffd332c] ; ujmp: jmp dword [eax*4 - 0x2ccd4] +jmp dword [eax*4 + ref_fffd361c] ; ujmp: jmp dword [eax*4 - 0x2c9e4] -loc_fffa8636: ; not directly referenced +loc_fffa85e4: ; not directly referenced mov edx, 0x3a04 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov esi, eax and esi, 0x3f cmp dword [edi + 0x188b], 0 -jne short loc_fffa8658 ; jne 0xfffa8658 +jne short loc_fffa8606 ; jne 0xfffa8606 shr eax, 9 and eax, 0x3f -jmp short loc_fffa865b ; jmp 0xfffa865b +jmp short loc_fffa8609 ; jmp 0xfffa8609 -loc_fffa8658: ; not directly referenced +loc_fffa8606: ; not directly referenced shr eax, 0x1a -loc_fffa865b: ; not directly referenced +loc_fffa8609: ; not directly referenced mov edx, esi and ebx, 0xfffffc0f sub eax, edx @@ -10869,69 +10832,69 @@ or ebx, eax mov eax, edi or bh, 4 mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp byte [ebp - 0x30], 0 -je short loc_fffa868a ; je 0xfffa868a +je short loc_fffa8638 ; je 0xfffa8638 mov eax, dword [ebp - 0x1c] mov dword [eax + 0xc], ebx -loc_fffa868a: ; not directly referenced +loc_fffa8638: ; not directly referenced mov eax, esi movzx esi, al -jmp short loc_fffa8704 ; jmp 0xfffa8704 +jmp short loc_fffa86b2 ; jmp 0xfffa86b2 -loc_fffa8691: ; not directly referenced +loc_fffa863f: ; not directly referenced mov edx, 0x3a00 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dl, al and edx, 0x3f cmp dword [edi + 0x188b], 0 -jne short loc_fffa86b0 ; jne 0xfffa86b0 +jne short loc_fffa865e ; jne 0xfffa865e shr eax, 0x1a -jmp short loc_fffa86b3 ; jmp 0xfffa86b3 +jmp short loc_fffa8661 ; jmp 0xfffa8661 -loc_fffa86b0: ; not directly referenced +loc_fffa865e: ; not directly referenced shr eax, 0x14 -loc_fffa86b3: ; not directly referenced +loc_fffa8661: ; not directly referenced and eax, 0x1f movzx edx, dl cmp byte [ebp - 0x20], 1 movzx esi, al cmove esi, edx -jmp short loc_fffa8704 ; jmp 0xfffa8704 +jmp short loc_fffa86b2 ; jmp 0xfffa86b2 -loc_fffa86c5: ; not directly referenced +loc_fffa8673: ; not directly referenced mov edx, 0x3a08 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov esi, eax and esi, 0x3f shr eax, 0xc cmp byte [ebp - 0x20], 2 -jne short loc_fffa8704 ; jne 0xfffa8704 -jmp short loc_fffa86fb ; jmp 0xfffa86fb +jne short loc_fffa86b2 ; jne 0xfffa86b2 +jmp short loc_fffa86a9 ; jmp 0xfffa86a9 -loc_fffa86e1: ; not directly referenced +loc_fffa868f: ; not directly referenced mov edx, 0x3a10 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov esi, eax and esi, 0x1f cmp byte [ebp - 0x20], 4 -jne short loc_fffa8704 ; jne 0xfffa8704 +jne short loc_fffa86b2 ; jne 0xfffa86b2 shr eax, 0xb -loc_fffa86fb: ; not directly referenced +loc_fffa86a9: ; not directly referenced mov esi, eax and esi, 0x3f -jmp short loc_fffa8704 ; jmp 0xfffa8704 +jmp short loc_fffa86b2 ; jmp 0xfffa86b2 -loc_fffa8702: ; not directly referenced +loc_fffa86b0: ; not directly referenced xor esi, esi -loc_fffa8704: ; not directly referenced +loc_fffa86b2: ; not directly referenced add esp, 0x2c mov eax, esi pop ebx @@ -10940,7 +10903,7 @@ pop edi pop ebp ret -fcn_fffa870e: ; not directly referenced +fcn_fffa86bc: ; not directly referenced push ebp mov ecx, 0x10200 mov ebp, esp @@ -10948,15 +10911,15 @@ push ebx mov ebx, eax push edx mov edx, 0x5060 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, ebx mov edx, 0xf pop ecx pop ebx pop ebp -jmp near fcn_fffa834b ; jmp 0xfffa834b +jmp near fcn_fffa82f9 ; jmp 0xfffa82f9 -fcn_fffa8733: ; not directly referenced +fcn_fffa86e1: ; not directly referenced push ebp mov ebp, esp push edi @@ -10973,15 +10936,15 @@ mov dword [ebp - 0x1c], eax mov eax, esi mov dword [ebp - 0x20], ecx imul edi, edi, 0x13c3 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x20] mov ebx, eax imul eax, ecx, 0x128 and ebx, 0xfffff8c0 lea eax, [eax + edi + 0x48b0] -lea edx, [esi + eax + 0x19] +lea edx, [esi + eax + 0x1a] cmp byte [edx + 0xcf], 1 -jne short loc_fffa879d ; jne 0xfffa879d +jne short loc_fffa874b ; jne 0xfffa874b mov edi, ebx mov eax, 1 shl eax, cl @@ -10992,11 +10955,11 @@ and edi, 3 shl edi, 6 or ebx, edi -loc_fffa879d: ; not directly referenced +loc_fffa874b: ; not directly referenced and byte [ebp + 8], 0x3f or ebx, dword [ebp + 8] cmp byte [edx + 0xce], 1 -jne short loc_fffa87c6 ; jne 0xfffa87c6 +jne short loc_fffa8774 ; jne 0xfffa8774 mov edx, ebx mov eax, 1 shl eax, cl @@ -11007,11 +10970,11 @@ and edx, 3 shl edx, 0xe or ebx, edx -loc_fffa87c6: ; not directly referenced +loc_fffa8774: ; not directly referenced mov edx, dword [ebp - 0x1c] mov ecx, ebx mov eax, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x1c pop ebx pop esi @@ -11019,401 +10982,421 @@ pop edi pop ebp ret -fcn_fffa87da: -mov eax, dword [0xff7d0270] -push ebp -mov ebp, esp -lea edx, [eax + 4] -mov eax, dword [ebp + 0xc] -mov dword [eax], edx -xor eax, eax -pop ebp -ret - -fcn_fffa87ee: ; not directly referenced +fcn_fffa8788: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x2c -mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x18a7] -mov esi, dword [ebx + 0x2443] -mov edi, dword [ebx + 0x18c1] -mov dword [ebp - 0x2c], eax -mov eax, dword [ebx + 0x188b] -push 0xe4 -push 0 -push 0 -push 0 -mov dword [ebp - 0x30], eax -call dword [esi + 0x4c] ; ucall -add edi, eax -mov dword [esp], edi -add edi, 4 -call dword [esi + 0x20] ; ucall -mov dword [esp], edi -mov dword [ebp - 0x1c], eax -call dword [esi + 0x20] ; ucall -mov edx, dword [ebp - 0x1c] -mov edi, dword [ebx + 0x18c1] -mov dword [ebx + 0x10], edx -mov dword [ebx + 0x14], eax -push 0x54 -push 0 -push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -mov edx, dword [ebp - 0x1c] -add esp, 0x10 -movzx ecx, dh -test cl, 8 -jne short loc_fffa8889 ; jne 0xfffa8889 -test al, 0x10 -je short loc_fffa8889 ; je 0xfffa8889 -mov eax, dword [ebx + 0x188f] -mov dword [ebx + 0x246d], eax -mov eax, dword [ebx + 0x1893] -mov dword [ebx + 0x2471], eax -jmp short loc_fffa889d ; jmp 0xfffa889d - -loc_fffa8889: ; not directly referenced -mov dword [ebx + 0x246d], 0 -mov dword [ebx + 0x2471], 0 - -loc_fffa889d: ; not directly referenced -mov eax, edx -shr eax, 0x13 -and eax, 3 -cmp eax, 1 -je short loc_fffa88c6 ; je 0xfffa88c6 -cmp eax, 2 -je short loc_fffa88d2 ; je 0xfffa88d2 -cmp eax, 1 -sbb eax, eax -and eax, 0x3e00 -add eax, 0x200 -mov dword [ebx + 0x2484], eax -jmp short loc_fffa88dc ; jmp 0xfffa88dc - -loc_fffa88c6: ; not directly referenced -mov dword [ebx + 0x2484], 0x2000 -jmp short loc_fffa88dc ; jmp 0xfffa88dc - -loc_fffa88d2: ; not directly referenced -mov dword [ebx + 0x2484], 0x800 - -loc_fffa88dc: ; not directly referenced -mov eax, ecx -shl eax, 0x1b -mov dword [ebp - 0x20], eax -mov eax, ecx -shl eax, 0x19 -sar dword [ebp - 0x20], 0x1f -add dword [ebp - 0x20], 2 -mov dword [ebp - 0x1c], eax -sar dword [ebp - 0x1c], 0x1f -add dword [ebp - 0x1c], 2 -cmp byte [ebx + 0x241f], 1 -je short loc_fffa892b ; je 0xfffa892b -mov eax, dword [ebx + 0x1887] -cmp eax, 0x306d0 +sub esp, 0x3c +mov eax, dword [ebp + 8] +mov esi, dword [eax + 0x188b] +mov ebx, dword [eax + 0x18a7] +mov al, byte [eax + 0x36ca] +test esi, esi sete cl -cmp eax, 0x40650 +test al, al +sete dl +test cl, dl +jne loc_fffa8a07 ; jne 0xfffa8a07 +dec esi +sete dl +dec al sete al -or cl, al -mov eax, 1 -cmove eax, dword [ebp - 0x1c] -mov dword [ebp - 0x1c], eax -jmp short loc_fffa8932 ; jmp 0xfffa8932 - -loc_fffa892b: ; not directly referenced -mov dword [ebp - 0x1c], 1 +test dl, al +jne loc_fffa8a07 ; jne 0xfffa8a07 +mov eax, dword [ebp + 8] +mov dword [ebp - 0x2c], 0 +lea edi, [eax + 0x3757] +imul eax, ebx, 0x2e +mov dword [ebp - 0x38], eax -loc_fffa8932: ; not directly referenced -mov eax, edx -shr eax, 0x10 -and eax, 2 -cmp al, 1 +loc_fffa87df: ; not directly referenced +cmp dword [edi], 2 +jne loc_fffa89f4 ; jne 0xfffa89f4 +mov eax, dword [ebp - 0x38] +mov ecx, dword [ebp - 0x2c] +mov byte [ebp - 0x1c], 0 +mov byte [ebp - 0x1b], 2 +cmp word [edi + eax + 8], 2 +mov byte [ebp - 0x1a], 3 +mov byte [ebp - 0x19], 2 +sete al +movzx eax, al +add eax, eax +mov byte [ebp - 0x31], al +mov eax, dword [ebp + 8] +mov edx, dword [eax + 0x5edd] +imul eax, ecx, 0xcc +lea ebx, [edx + eax + 0x1c] +mov eax, dword [ebp + 8] +mov esi, dword [eax + 0x18a7] +mov eax, ecx +shl eax, 0xa +lea ecx, [eax + 0x4004] +mov dword [ebp - 0x30], eax +mov eax, dword [ebp + 8] +mov edx, ecx +mov dword [ebp - 0x48], ecx +imul esi, esi, 0x2e +call fcn_fffb331f ; call 0xfffb331f +add esi, edi +mov dword [ebx + 0xa0], eax +movzx eax, word [esi + 8] +mov dl, byte [ebp + eax - 0x1d] +mov al, byte [ebx + 0xa3] +shl edx, 6 +and eax, 0x3f +or eax, edx +mov edx, dword [ebp - 0x48] +mov byte [ebx + 0xa3], al +mov eax, dword [ebp + 8] +mov ecx, dword [ebx + 0xa0] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x30] +add eax, 0x400c +mov edx, eax +mov dword [ebp - 0x48], eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebx + 0xa8], eax +mov ax, word [esi + 8] +mov esi, dword [ebp + 8] +mov ecx, dword [esi + 0x2481] +mov edx, dword [esi + 0x36d8] +cmp ecx, 3 +jne short loc_fffa88be ; jne 0xfffa88be +cmp edx, 0x536 sbb eax, eax -mov dword [ebp - 0x24], eax -mov eax, edx -shr eax, 0x18 -add word [ebp - 0x24], 2 -and eax, 1 -mov dword [ebp - 0x34], eax -je short loc_fffa8961 ; je 0xfffa8961 -mov byte [ebx + 0x3748], 1 -mov edi, 1 -jmp short loc_fffa8979 ; jmp 0xfffa8979 +add eax, 6 +jmp short loc_fffa8908 ; jmp 0xfffa8908 -loc_fffa8961: ; not directly referenced -xor eax, eax -and edx, 0x2000000 -jne short loc_fffa8977 ; jne 0xfffa8977 -xor eax, eax -cmp byte [ebx + 0x3748], 0 -setne al +loc_fffa88be: ; not directly referenced +cmp ecx, 2 +jne short loc_fffa88dc ; jne 0xfffa88dc +mov eax, 5 +cmp edx, 0x640 +jbe short loc_fffa8908 ; jbe 0xfffa8908 +mov al, 6 +cmp edx, 0x74b +jbe short loc_fffa8908 ; jbe 0xfffa8908 +jmp short loc_fffa88fd ; jmp 0xfffa88fd -loc_fffa8977: ; not directly referenced -mov edi, eax +loc_fffa88dc: ; not directly referenced +cmp edx, 0x640 +ja short loc_fffa88ec ; ja 0xfffa88ec +movzx eax, al +add eax, 4 +jmp short loc_fffa8908 ; jmp 0xfffa8908 -loc_fffa8979: ; not directly referenced -imul esi, dword [ebp - 0x2c], 0x2e -lea eax, [ebx + 0x736b] -lea ecx, [ebx + 0x4be5] -mov dword [ebp - 0x28], eax +loc_fffa88ec: ; not directly referenced +cmp edx, 0x74b +ja short loc_fffa88fd ; ja 0xfffa88fd +cmp al, 3 +sbb eax, eax +add eax, 7 +jmp short loc_fffa8908 ; jmp 0xfffa8908 -loc_fffa898c: ; not directly referenced -cmp dword [ecx - 0x148f], 2 -je short loc_fffa89d8 ; je 0xfffa89d8 +loc_fffa88fd: ; not directly referenced +cmp edx, 0x856 +sbb eax, eax +add eax, 8 -loc_fffa8995: ; not directly referenced -add ecx, 0x13c3 -cmp ecx, dword [ebp - 0x28] -jne short loc_fffa898c ; jne 0xfffa898c -cmp byte [ebx + 0x3748], 1 -mov edi, 2 -mov dword [ebx + 0x3711], 0 -mov dword [ebp - 0x24], 0 -sete al +loc_fffa8908: ; not directly referenced +cmp eax, 0xf +mov edx, 0xf +cmovbe edx, eax +mov al, byte [ebx + 0xa8] xor esi, esi -add eax, 8 +mov cl, dl +shl ecx, 6 +shr edx, 2 +and eax, 0x3f +and edx, 3 +or eax, ecx +mov byte [ebx + 0xa8], al +mov al, byte [ebx + 0xa9] +and eax, 0xfffffffc +or eax, edx +mov byte [ebx + 0xa9], al +mov ecx, dword [ebx + 0xa8] +xor ebx, ebx +mov edx, dword [ebp - 0x48] +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebp - 0x31] xor ecx, ecx -mov byte [ebx + 0x2488], al -lea eax, [ebx + 0x3812] -jmp near loc_fffa8ad1 ; jmp 0xfffa8ad1 - -loc_fffa89d8: ; not directly referenced -cmp word [ebp - 0x24], 2 -je short loc_fffa8a05 ; je 0xfffa8a05 -cmp dword [ebx + 0x18a7], 0 -jne short loc_fffa8a24 ; jne 0xfffa8a24 -mov eax, dword [ebx + 0x36d7] -cmp eax, 0x74b -ja short loc_fffa8a05 ; ja 0xfffa8a05 -cmp dword [ecx - 0x13cf], 1 -jbe short loc_fffa8a24 ; jbe 0xfffa8a24 -cmp eax, 0x534 -jbe short loc_fffa8a24 ; jbe 0xfffa8a24 - -loc_fffa8a05: ; not directly referenced -cmp word [ecx + esi - 0x1487], 2 -mov eax, 2 -cmovae ax, word [ecx + esi - 0x1487] -mov word [ecx + esi - 0x1487], ax +mov dl, byte [edi + 0xc4] +mov byte [ebp - 0x48], 0 +sub eax, 4 +test dl, 1 +je short loc_fffa897d ; je 0xfffa897d +mov cl, al +add cl, byte [edi + 0x1015] +mov byte [edi + 0x1015], cl +and ecx, 0x7f -loc_fffa8a24: ; not directly referenced -lea eax, [ecx - 0x250] +loc_fffa897d: ; not directly referenced +and dl, 2 +je short loc_fffa8995 ; je 0xfffa8995 +mov dl, al +add dl, byte [edi + 0x1016] +mov esi, edx +mov byte [edi + 0x1016], dl +and esi, 0x7f -loc_fffa8a2a: ; not directly referenced -cmp dword [eax - 0xcc], 2 -jne short loc_fffa8a81 ; jne 0xfffa8a81 -mov dx, word [ecx + esi - 0x1487] -mov word [eax + esi - 0xc4], dx -cmp edi, 1 -jne short loc_fffa8a70 ; jne 0xfffa8a70 -mov dl, byte [eax] -test dl, dl -jne short loc_fffa8a60 ; jne 0xfffa8a60 -cmp dword [ebp - 0x34], 1 -jne short loc_fffa8a73 ; jne 0xfffa8a73 -mov dword [eax - 0xcc], 1 -jmp short loc_fffa8a81 ; jmp 0xfffa8a81 +loc_fffa8995: ; not directly referenced +mov dl, byte [edi + 0xc4] +test dl, 4 +je short loc_fffa89b1 ; je 0xfffa89b1 +mov bl, al +add bl, byte [edi + 0x1017] +mov byte [edi + 0x1017], bl +and ebx, 0x7f -loc_fffa8a60: ; not directly referenced -dec dl -jne short loc_fffa8a73 ; jne 0xfffa8a73 -mov byte [eax], 1 -mov dword [eax + 0x11], 9 -jmp short loc_fffa8a81 ; jmp 0xfffa8a81 +loc_fffa89b1: ; not directly referenced +and dl, 8 +je short loc_fffa89c8 ; je 0xfffa89c8 +add al, byte [edi + 0x1018] +mov byte [edi + 0x1018], al +and eax, 0x7f +mov byte [ebp - 0x48], al -loc_fffa8a70: ; not directly referenced -mov byte [eax], 0 +loc_fffa89c8: ; not directly referenced +mov eax, dword [ebp - 0x48] +and esi, 0x7f +and ecx, 0x7f +shl esi, 8 +and ebx, 0x7f +mov edx, dword [ebp - 0x30] +shl ebx, 0x10 +or ecx, esi +or ecx, ebx +shl eax, 0x18 +or ecx, eax +mov eax, dword [ebp + 8] +add edx, 0x4024 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8a73: ; not directly referenced -mov dword [eax + 0x11], 8 -mov byte [ebx + 0x3748], 0 +loc_fffa89f4: ; not directly referenced +inc dword [ebp - 0x2c] +add edi, 0x13c3 +cmp dword [ebp - 0x2c], 2 +jne loc_fffa87df ; jne 0xfffa87df -loc_fffa8a81: ; not directly referenced -add eax, 0x128 -cmp eax, ecx -jne short loc_fffa8a2a ; jne 0xfffa8a2a -jmp near loc_fffa8995 ; jmp 0xfffa8995 +loc_fffa8a07: ; not directly referenced +add esp, 0x3c +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffa8a8f: ; not directly referenced -xor edx, edx -cmp dword [eax + 0x10b7], 2 -jne short loc_fffa8aa0 ; jne 0xfffa8aa0 -mov edx, dword [eax + 0x1198] +fcn_fffa8a11: ; not directly referenced +push ebp +mov ecx, 4 +mov ebp, esp +push edi +push esi +mov esi, ref_fffd36c4 ; mov esi, 0xfffd36c4 +push ebx +sub esp, 0x6c +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x54] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov byte [ebp - 0x5d], 0 +mov eax, dword [ebx + 0x2444] +mov dword [ebp - 0x5c], 0 +mov dword [ebp - 0x64], eax +lea eax, [ebx + 0x381b] -loc_fffa8aa0: ; not directly referenced -cmp dword [eax + 0x11df], 2 -jne short loc_fffa8aaf ; jne 0xfffa8aaf -add edx, dword [eax + 0x12c0] +loc_fffa8a46: ; not directly referenced +mov cl, byte [eax] +mov byte [ebp - 0x5e], cl +and cl, 1 +jne short loc_fffa8ab4 ; jne 0xfffa8ab4 -loc_fffa8aaf: ; not directly referenced -mov dword [eax], edx -cmp edx, dword [ebp - 0x24] -jbe short loc_fffa8adc ; jbe 0xfffa8adc -mov edi, dword [eax + 4] -mov ecx, esi -mov dword [ebp - 0x24], edx - -loc_fffa8abe: ; not directly referenced -mov edx, dword [eax] -inc esi -add eax, 0x13c3 -add dword [ebx + 0x3711], edx -cmp esi, 2 -je short loc_fffa8af9 ; je 0xfffa8af9 - -loc_fffa8ad1: ; not directly referenced -cmp dword [eax - 0xbc], 2 -jne short loc_fffa8abe ; jne 0xfffa8abe -jmp short loc_fffa8a8f ; jmp 0xfffa8a8f - -loc_fffa8adc: ; not directly referenced -sete byte [ebp - 0x28] -cmp dword [ebp - 0x1c], 1 -sete dl -test byte [ebp - 0x28], dl -je short loc_fffa8abe ; je 0xfffa8abe -mov edx, dword [eax + 4] +loc_fffa8a50: ; not directly referenced +test byte [ebp - 0x5e], 4 +je loc_fffa8b07 ; je 0xfffa8b07 +movzx edx, word [eax + 0x12c0] +mov ecx, 1 +imul edx, dword [eax + 0x12bc] +movzx edi, byte [eax + 0x12c6] +movzx esi, byte [eax + 0x12c5] +shr edx, 0x14 +cmp byte [eax + 0x12c6], 0 +cmovne ecx, edi +movzx edi, byte [eax + 0x12c8] +imul edi, esi +imul edi, edx +movzx edx, byte [eax + 0x12ca] +imul edi, ecx +movzx edx, word [ebp + edx*2 - 0x54] cmp edx, edi -jae short loc_fffa8abe ; jae 0xfffa8abe -mov edi, edx -mov ecx, esi -jmp short loc_fffa8abe ; jmp 0xfffa8abe - -loc_fffa8af9: ; not directly referenced -cmp dword [ebp - 0x20], 1 -je short loc_fffa8b0b ; je 0xfffa8b0b - -loc_fffa8aff: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne loc_fffa8b9b ; jne 0xfffa8b9b -jmp short loc_fffa8b83 ; jmp 0xfffa8b83 - -loc_fffa8b0b: ; not directly referenced -lea eax, [ebx + 0x3756] -xor edx, edx +mov edx, 1 +cmove edx, dword [ebp - 0x5c] +mov dword [ebp - 0x5c], edx +jmp short loc_fffa8b07 ; jmp 0xfffa8b07 -loc_fffa8b13: ; not directly referenced -mov esi, dword [eax] -cmp edx, ecx -je short loc_fffa8b73 ; je 0xfffa8b73 -cmp esi, 2 -jne short loc_fffa8b73 ; jne 0xfffa8b73 -cmp dword [eax + 0x1173], 2 -mov dword [eax], 1 -mov byte [eax + 0xc4], 0 -jne short loc_fffa8b4f ; jne 0xfffa8b4f -mov dword [eax + 0x1173], 1 -mov byte [eax + 0x1260], 0 -mov dword [eax + 0x1254], 0 +loc_fffa8ab4: ; not directly referenced +movzx edx, word [eax + 0x1198] +imul edx, dword [eax + 0x1194] +movzx ecx, byte [eax + 0x119e] +movzx esi, byte [eax + 0x119d] +shr edx, 0x14 +test cl, cl +jne short loc_fffa8adc ; jne 0xfffa8adc +mov ecx, 1 -loc_fffa8b4f: ; not directly referenced -cmp dword [eax + 0x129b], 2 -jne short loc_fffa8b73 ; jne 0xfffa8b73 -mov dword [eax + 0x129b], 1 -mov byte [eax + 0x1388], 0 -mov dword [eax + 0x137c], 0 +loc_fffa8adc: ; not directly referenced +movzx edi, byte [eax + 0x11a0] +imul esi, edi +imul esi, edx +movzx edx, byte [eax + 0x11a2] +imul esi, ecx +movzx edx, word [ebp + edx*2 - 0x54] +cmp edx, esi +je loc_fffa8a50 ; je 0xfffa8a50 +mov dword [ebp - 0x5c], 1 -loc_fffa8b73: ; not directly referenced -inc edx +loc_fffa8b07: ; not directly referenced +inc byte [ebp - 0x5d] add eax, 0x13c3 -cmp edx, 2 -jne short loc_fffa8b13 ; jne 0xfffa8b13 -jmp near loc_fffa8aff ; jmp 0xfffa8aff +cmp byte [ebp - 0x5d], 2 +jne loc_fffa8a46 ; jne 0xfffa8a46 +cmp dword [ebp - 0x5c], 1 +je loc_fffa8c87 ; je 0xfffa8c87 +push edx +push 0 +push 0x2c +lea eax, [ebp - 0x44] +push eax +mov eax, dword [ebp - 0x64] +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp byte [ebx + 0x3749], 1 +mov dword [ebp - 0x58], 1 +je short loc_fffa8b49 ; je 0xfffa8b49 -loc_fffa8b83: ; not directly referenced -xor eax, eax +loc_fffa8b45: ; not directly referenced +xor esi, esi +jmp short loc_fffa8ba3 ; jmp 0xfffa8ba3 -loc_fffa8b85: ; not directly referenced -cmp dword [ebx + eax + 0x3756], 2 -je short loc_fffa8ba9 ; je 0xfffa8ba9 +loc_fffa8b49: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa8b75 ; jne 0xfffa8b75 +mov edx, 0x5004 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5004 +mov ecx, eax +mov dword [ebp - 0x68], eax +and ecx, 0xfcffffff +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8b8f: ; not directly referenced -add eax, 0x13c3 -cmp eax, 0x2786 -jne short loc_fffa8b85 ; jne 0xfffa8b85 +loc_fffa8b75: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8b45 ; jne 0xfffa8b45 +mov edx, 0x5008 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5008 +mov ecx, eax +mov dword [ebp - 0x6c], eax +and ecx, 0xfcffffff +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffa8b45 ; jmp 0xfffa8b45 -loc_fffa8b9b: ; not directly referenced -cmp byte [ebx + 0x190d], 0 -jne short loc_fffa8bde ; jne 0xfffa8bde -jmp near loc_fffa8c91 ; jmp 0xfffa8c91 +loc_fffa8ba3: ; not directly referenced +movzx eax, byte [ebx + 0x248e] +bt eax, esi +jb short loc_fffa8bbb ; jb 0xfffa8bbb -loc_fffa8ba9: ; not directly referenced -mov edx, dword [ebx + eax + 0x48c9] -xor ecx, ecx -cmp edx, 2 -jne short loc_fffa8bbe ; jne 0xfffa8bbe -mov ecx, dword [ebx + eax + 0x49aa] - -loc_fffa8bbe: ; not directly referenced -cmp dword [ebx + eax + 0x49f1], 2 -jne short loc_fffa8b8f ; jne 0xfffa8b8f -cmp dword [ebx + eax + 0x4ad2], ecx -ja short loc_fffa8c13 ; ja 0xfffa8c13 -mov dword [ebx + eax + 0x49f1], 1 -jmp short loc_fffa8b8f ; jmp 0xfffa8b8f - -loc_fffa8bde: ; not directly referenced -mov eax, dword [ebx + 0x190e] -mov dword [ebx + 0x36cb], eax +loc_fffa8baf: ; not directly referenced +add esi, 2 +cmp esi, 4 +jne short loc_fffa8ba3 ; jne 0xfffa8ba3 +xor edi, edi +jmp short loc_fffa8c0a ; jmp 0xfffa8c0a + +loc_fffa8bbb: ; not directly referenced +push eax +mov ecx, esi +push eax +mov edi, 1 +lea eax, [ebp - 0x58] +push eax +mov eax, ebx +push 0 +lea edx, [ebp - 0x44] +call fcn_fffad0c1 ; call 0xfffad0c1 +mov ecx, esi +xor edx, edx +shl edi, cl +mov eax, ebx +mov ecx, edi +call fcn_fffad317 ; call 0xfffad317 +mov ecx, edi +mov edx, 1 +mov byte [ebp - 0x5c], al +mov eax, ebx +call fcn_fffad317 ; call 0xfffad317 +or eax, dword [ebp - 0x5c] +movzx edx, al +mov eax, ebx +call fcn_fffb33a7 ; call 0xfffb33a7 +add esp, 0x10 +mov edi, eax test eax, eax -jne short loc_fffa8c2c ; jne 0xfffa8c2c -cmp dword [ebp - 0x30], 0 -jne short loc_fffa8bfe ; jne 0xfffa8bfe -mov dword [ebx + 0x36cb], 1 +je short loc_fffa8baf ; je 0xfffa8baf -loc_fffa8bfe: ; not directly referenced -cmp byte [ebx + 0x36ca], 0 -jne short loc_fffa8c2c ; jne 0xfffa8c2c -mov dword [ebx + 0x36cb], 1 -jmp short loc_fffa8c2c ; jmp 0xfffa8c2c +loc_fffa8c0a: ; not directly referenced +cmp byte [ebx + 0x3749], 1 +jne short loc_fffa8c43 ; jne 0xfffa8c43 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa8c2b ; jne 0xfffa8c2b +mov ecx, dword [ebp - 0x68] +mov edx, 0x5004 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8c13: ; not directly referenced -cmp edx, 2 -jne loc_fffa8b8f ; jne 0xfffa8b8f -mov dword [ebx + eax + 0x48c9], 1 -jmp near loc_fffa8b8f ; jmp 0xfffa8b8f - -loc_fffa8c2c: ; not directly referenced -cmp dword [ebx + 0x36cb], 1 -jne short loc_fffa8c91 ; jne 0xfffa8c91 -cmp dword [ebx + 0x374e], 2 -mov byte [ebx + 0x247f], 1 -jne short loc_fffa8c91 ; jne 0xfffa8c91 -lea eax, [ebx + 0x3756] -lea edx, [ebx + 0x5edc] +loc_fffa8c2b: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8c43 ; jne 0xfffa8c43 +mov ecx, dword [ebp - 0x6c] +mov edx, 0x5008 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8c51: ; not directly referenced -cmp dword [eax], 2 -jne short loc_fffa8c88 ; jne 0xfffa8c88 -cmp dword [eax + 0x1173], 2 -jne short loc_fffa8c6f ; jne 0xfffa8c6f -cmp byte [eax + 0x1243], 0 -jne short loc_fffa8c6f ; jne 0xfffa8c6f -mov byte [ebx + 0x247f], 0 +loc_fffa8c43: ; not directly referenced +mov edx, 0x3c +mov eax, ebx +call fcn_fffa82f9 ; call 0xfffa82f9 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa8c69 ; jne 0xfffa8c69 +mov ecx, 0x3000 +mov edx, 0x48a8 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8c6f: ; not directly referenced -cmp dword [eax + 0x129b], 2 -jne short loc_fffa8c88 ; jne 0xfffa8c88 -cmp byte [eax + 0x136b], 0 -jne short loc_fffa8c88 ; jne 0xfffa8c88 -mov byte [ebx + 0x247f], 0 +loc_fffa8c69: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa8c83 ; jne 0xfffa8c83 +mov ecx, 0x3000 +mov edx, 0x48b0 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa8c88: ; not directly referenced -add eax, 0x13c3 -cmp eax, edx -jne short loc_fffa8c51 ; jne 0xfffa8c51 +loc_fffa8c83: ; not directly referenced +test edi, edi +je short loc_fffa8c91 ; je 0xfffa8c91 + +loc_fffa8c87: ; not directly referenced +mov dword [ebx + 0x374b], 1 loc_fffa8c91: ; not directly referenced lea esp, [ebp - 0xc] @@ -11430,961 +11413,699 @@ mov ebp, esp push edi push esi push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x2480] -cmp byte [ebx + 0x192b], 0 -mov dword [ebp - 0x1c], eax -je short loc_fffa8ceb ; je 0xfffa8ceb -movzx ecx, byte [ebx + 0x192c] -mov edx, 0x5884 -mov eax, ebx -and ecx, 7 -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x192e] -xor ecx, ecx -mov cl, byte [ebx + 0x192d] -mov edx, 0x5888 -mov ch, al -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +sub esp, 0x3c +mov edi, dword [ebp + 8] +mov eax, dword [edi + 0x2444] +cmp byte [edi + 0x190d], 0 +mov edx, dword [edi + 0x18a7] +mov esi, dword [edi + 0x2481] +mov dword [ebp - 0x30], eax +je loc_fffa9196 ; je 0xfffa9196 +cmp esi, 3 +sete al +mov byte [ebp - 0x2c], al +movzx eax, al +mov dword [ebp - 0x38], eax +mov eax, dword [edi + 0x36cc] +test eax, eax +je loc_fffa8e37 ; je 0xfffa8e37 +dec eax +jne loc_fffa9196 ; jne 0xfffa9196 +movzx ebx, byte [edi + 0x2480] +test ebx, ebx +sete al +or al, byte [ebp - 0x2c] +je short loc_fffa8d6f ; je 0xfffa8d6f +mov ecx, dword [ebp - 0x30] +xor eax, eax +cmp dword [edi + 0x188b], 1 +mov edx, dword [ecx + 0x80] +sete al +mov esi, eax +lea esi, [esi + esi + 0x18] +lea eax, [eax + eax + 0x17] +test edx, edx +je short loc_fffa8d6f ; je 0xfffa8d6f +lea ecx, [ebp - 0x20] +push ecx +lea ecx, [ebp - 0x1c] +push ecx +push eax +push 1 +call edx +mov al, byte [ebp - 0x19] +add esp, 0x10 +test al, al +js short loc_fffa8d6f ; js 0xfffa8d6f +or eax, 0xffffff80 +mov byte [ebp - 0x19], al +mov al, byte [ebp - 0x1c] +or eax, 1 +cmp dword [edi + 0x2481], 3 +mov byte [ebp - 0x1c], al +jne short loc_fffa8d59 ; jne 0xfffa8d59 +and eax, 0xfffffff1 +or eax, 8 +mov byte [ebp - 0x1c], al -loc_fffa8ceb: ; not directly referenced -movzx ecx, byte [ebx + 0x1935] -movzx edx, byte [ebx + 0x1936] -movzx eax, byte [ebx + 0x1937] -movzx esi, byte [ebx + 0x192f] -and ecx, 3 -and edx, 0x1f -shl edx, 0x11 -and eax, 1 -shl ecx, 0x16 -or ecx, edx -movzx edx, word [ebx + 0x1938] -shl eax, 0xf -or ecx, eax -movzx eax, byte [ebx + 0x1930] -shl esi, 0x1f -and edx, 0x7fff -or ecx, edx -movzx edx, byte [ebx + 0x1931] -and eax, 3 -shl eax, 0x16 -or esi, eax -movzx eax, byte [ebx + 0x1932] -and edx, 0x1f -shl edx, 0x11 -or esi, edx -movzx edx, word [ebx + 0x1933] -and eax, 1 -shl eax, 0xf -or esi, eax -mov eax, ebx -and edx, 0x7fff -or esi, edx -mov edx, 0x58e0 -call fcn_fffae58c ; call 0xfffae58c -mov ecx, esi -mov edx, 0x58e4 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x193b] -xor ecx, ecx -mov edx, 0x5890 -mov ch, al -mov cl, byte [ebx + 0x193a] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x193d] -xor ecx, ecx -mov edx, 0x5894 -mov ch, al -mov cl, byte [ebx + 0x193c] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x193f] -xor ecx, ecx -mov edx, 0x5898 -mov ch, al -mov cl, byte [ebx + 0x193e] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x1941] -xor ecx, ecx -mov edx, 0x589c -mov ch, al -mov cl, byte [ebx + 0x1940] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x1943] -xor ecx, ecx -mov edx, 0x58d0 -mov ch, al -mov cl, byte [ebx + 0x1942] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x1945] -xor ecx, ecx -mov edx, 0x58d4 -xor esi, esi -mov ch, al -mov cl, byte [ebx + 0x1944] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x1947] -xor ecx, ecx -mov edx, 0x58d8 -mov ch, al -mov cl, byte [ebx + 0x1946] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + 0x1949] -xor ecx, ecx -mov edx, 0x58dc -mov ch, al -mov cl, byte [ebx + 0x1948] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffa8d59: ; not directly referenced +lea eax, [ebp - 0x20] +push eax +mov eax, dword [ebp - 0x30] +push dword [ebp - 0x1c] +push esi +push 1 +call dword [eax + 0x84] ; ucall +add esp, 0x10 -loc_fffa8e67: ; not directly referenced -imul eax, esi, 0x13c3 -cmp dword [ebx + eax + 0x3756], 2 -jne loc_fffa8f7a ; jne 0xfffa8f7a -cmp byte [ebx + 0x192b], 0 -je loc_fffa8f3a ; je 0xfffa8f3a -movzx ecx, byte [ebx + esi*2 + 0x194b] -mov edi, esi -movzx eax, byte [ebx + esi*2 + 0x194a] -shl edi, 0xa -lea edx, [edi + 0x42ec] -and ecx, 0x3f -and eax, 0x3f -shl ecx, 8 -or ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -movzx ecx, byte [ebx + esi*2 + 0x194f] -lea edx, [edi + 0x42f0] -movzx eax, byte [ebx + esi*2 + 0x194e] -and ecx, 0x3f -and eax, 0x3f -shl ecx, 8 -or ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + esi*2 + 0x1953] -xor ecx, ecx -lea edx, [edi + 0x42f4] -mov ch, al -mov cl, byte [ebx + esi*2 + 0x1952] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + esi*2 + 0x1957] -xor ecx, ecx -lea edx, [edi + 0x42f8] -mov ch, al -mov cl, byte [ebx + esi*2 + 0x1956] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebx + esi*2 + 0x195b] -xor ecx, ecx -lea edx, [edi + 0x42fc] -mov ch, al -mov cl, byte [ebx + esi*2 + 0x195a] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffa8d6f: ; not directly referenced +cmp ebx, 1 +mov edx, 0x64 +mov eax, 0x32 +cmove edx, eax +cmp dword [ebp - 0x38], 1 +jne short loc_fffa8da6 ; jne 0xfffa8da6 +mov edx, 0x5880 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5880 +and al, 0x7f +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x61 -loc_fffa8f3a: ; not directly referenced -cmp dword [ebp - 0x1c], 3 -jne short loc_fffa8f55 ; jne 0xfffa8f55 -movzx ecx, byte [ebx + 0x1963] -and ecx, 1 -shl ecx, 8 -mov cl, byte [ebx + 0x1964] -jmp short loc_fffa8f68 ; jmp 0xfffa8f68 +loc_fffa8da6: ; not directly referenced +mov cl, byte [ebp - 0x2c] +dec ebx +sete al +or cl, al +je loc_fffa9196 ; je 0xfffa9196 +movzx eax, dx +xor esi, esi +lea ebx, [edi + 0x4a08] +mov dword [ebp - 0x2c], eax -loc_fffa8f55: ; not directly referenced -movzx ecx, byte [ebx + 0x1961] -and ecx, 1 -shl ecx, 8 -mov cl, byte [ebx + 0x1962] +loc_fffa8dc3: ; not directly referenced +cmp dword [ebx - 0x12b1], 2 +jne short loc_fffa8e1c ; jne 0xfffa8e1c +movzx eax, word [ebx - 0x129b] +mov ecx, 0x64 +imul eax, dword [ebp - 0x2c] +cdq +idiv ecx +cmp dword [ebx - 0x13e], 2 +mov word [ebx - 0x129b], ax +jne short loc_fffa8e04 ; jne 0xfffa8e04 +movzx eax, word [ebx - 0x128] +imul eax, dword [ebp - 0x2c] +cdq +idiv ecx +mov word [ebx - 0x128], ax -loc_fffa8f68: ; not directly referenced -mov edx, esi -mov eax, ebx -shl edx, 0xa -add edx, 0x4328 -call fcn_fffae58c ; call 0xfffae58c +loc_fffa8e04: ; not directly referenced +cmp dword [ebx - 0x16], 2 +jne short loc_fffa8e1c ; jne 0xfffa8e1c +movzx eax, word [ebx] +mov ecx, 0x64 +imul eax, dword [ebp - 0x2c] +cdq +idiv ecx +mov word [ebx], ax -loc_fffa8f7a: ; not directly referenced +loc_fffa8e1c: ; not directly referenced +mov edx, esi +mov eax, edi inc esi +add ebx, 0x13c3 +call fcn_fffb3431 ; call 0xfffb3431 cmp esi, 2 -jne loc_fffa8e67 ; jne 0xfffa8e67 -movzx ecx, byte [ebx + 0x195e] -mov edx, 0x5060 -mov eax, ebx -and ecx, 1 -shl ecx, 0x10 -mov cx, word [ebx + 0x195f] -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5880 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -movzx ecx, byte [ebx + 0x1925] -movzx edx, byte [ebx + 0x1924] -and ecx, 1 -and edx, 1 -and eax, 0xfffffffc -add edx, edx -or eax, ecx -movzx ecx, byte [ebx + 0x1928] -or eax, edx -movzx edx, byte [ebx + 0x1923] -and eax, 0xffffffe3 -and ecx, 3 -and edx, 1 -shl edx, 4 -shl ecx, 2 -or eax, edx -or eax, ecx -cmp dword [ebp - 0x1c], 3 -jne short loc_fffa902d ; jne 0xfffa902d -movzx edx, byte [ebx + 0x1927] -and eax, 0xffffffbf -and edx, 1 -shl edx, 6 -or eax, edx -cmp byte [ebx + 0x190d], 0 -mov ecx, eax -je short loc_fffa901a ; je 0xfffa901a -cmp dword [ebx + 0x36cb], 1 -je short loc_fffa9041 ; je 0xfffa9041 - -loc_fffa901a: ; not directly referenced -xor edx, edx -cmp byte [ebx + 0x1929], 0 -sete dl -and al, 0x7f -shl edx, 7 -jmp short loc_fffa903d ; jmp 0xfffa903d +je loc_fffa9196 ; je 0xfffa9196 +jmp short loc_fffa8dc3 ; jmp 0xfffa8dc3 -loc_fffa902d: ; not directly referenced -movzx edx, byte [ebx + 0x1926] -and eax, 0xffffffbf -and edx, 1 -shl edx, 6 +loc_fffa8e37: ; not directly referenced +cmp dword [edi + 0x36e9], 0 +je short loc_fffa8e4d ; je 0xfffa8e4d +cmp byte [edi + 0x1916], 0 +jne loc_fffa9196 ; jne 0xfffa9196 -loc_fffa903d: ; not directly referenced -mov ecx, eax -or ecx, edx +loc_fffa8e4d: ; not directly referenced +test byte [edi + 0x36cb], 0xf7 +je loc_fffa9196 ; je 0xfffa9196 +cmp dword [edi + 0x3757], 2 +mov dword [ebp - 0x40], 0 +mov dword [ebp - 0x44], 0 +mov dword [ebp - 0x34], 0 +je short loc_fffa8e8c ; je 0xfffa8e8c +cmp dword [edi + 0x4b1a], 2 +mov eax, 1 +jne loc_fffa8f2c ; jne 0xfffa8f2c +jmp short loc_fffa8e8e ; jmp 0xfffa8e8e -loc_fffa9041: ; not directly referenced -add esp, 0x1c -mov eax, ebx -pop ebx -mov edx, 0x5880 -pop esi -pop edi -pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +loc_fffa8e8c: ; not directly referenced +xor eax, eax -fcn_fffa9054: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -movzx esi, dl -push ebx -sub esp, 0x2c -mov bl, byte [ebp + 0xc] -mov dword [ebp - 0x20], eax -imul eax, esi, 0x13c3 -mov dword [ebp - 0x24], esi -mov byte [ebp - 0x19], 0 -mov byte [ebp - 0x1a], bl -mov bl, byte [ebp + 0x10] -lea eax, [edi + eax + 0x3756] -mov dword [ebp - 0x28], eax -lea eax, [ecx + ecx*8] -mov dword [ebp - 0x2c], ecx -mov byte [ebp - 0x31], bl -mov dword [ebp - 0x30], eax +loc_fffa8e8e: ; not directly referenced +imul eax, eax, 0x13c3 +lea ecx, [edi + eax + 0x3757] +imul eax, edx, 0x2e +lea eax, [ecx + eax + 4] +movzx ecx, word [eax + 0x1a] +movzx edx, word [eax + 0x10] +movzx eax, word [eax + 0xc] +lea edx, [ecx + edx + 1] +mov cl, 0x7f +mov bl, dl +and ebx, 0x7f +cmp edx, 0x7f +cmovbe ecx, ebx +mov ebx, 0xa +imul eax, eax, 0xf +xor edx, edx +and ecx, 0x7f +div ebx +mov bl, 0x7f +cmp dl, 1 +mov edx, 0x4e44 +sbb eax, 0xffffffff +cmp eax, 0x7f +cmovbe ebx, eax +mov eax, edi +and ebx, 0x7f +shl ecx, 8 +or ecx, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa9091: ; not directly referenced -mov edi, dword [ebp - 0x20] -mov al, byte [ebp - 0x19] -cmp al, byte [edi + 0x2488] -jae loc_fffa9170 ; jae 0xfffa9170 -mov al, byte [ebp - 0x19] -mov esi, dword [ebp + 8] -movzx edi, al -bt esi, eax -jae loc_fffa9168 ; jae 0xfffa9168 +loc_fffa8ef0: ; not directly referenced mov eax, dword [ebp - 0x30] -lea ebx, [edi + eax] -movsx ax, byte [ebp - 0x1a] -add ebx, ebx -add ebx, dword [ebp - 0x28] -mov word [ebp - 0x1c], ax -add ax, word [ebx + 0x1b1] -js short loc_fffa90e0 ; js 0xfffa90e0 -mov esi, 0x1ff -cmp ax, 0x1ff -cmovbe esi, eax -jmp short loc_fffa90e2 ; jmp 0xfffa90e2 - -loc_fffa90e0: ; not directly referenced -xor esi, esi - -loc_fffa90e2: ; not directly referenced -push eax -movzx eax, si -mov ecx, dword [ebp - 0x2c] -push eax -mov edx, dword [ebp - 0x24] -mov eax, dword [ebp - 0x20] -push 0 -push edi -call fcn_fffa7499 ; call 0xfffa7499 -mov eax, dword [ebp - 0x28] -add esp, 0xc -add eax, dword [ebp - 0x30] -mov ecx, dword [ebp - 0x1c] -movzx eax, byte [edi + eax + 0x24d] -mov edx, ecx -add dx, word [ebx + 0x121] -add cx, word [ebx + 0x169] -and eax, 0x3f -shl eax, 0x14 -and edx, 0x1ff -shl edx, 9 -and ecx, 0x1ff -or eax, edx -mov edx, dword [ebp - 0x24] -or eax, ecx -mov ecx, dword [ebp - 0x2c] -push eax -mov eax, dword [ebp - 0x20] -push 3 -push edi -call fcn_fffa73b0 ; call 0xfffa73b0 -add esp, 0x10 -cmp byte [ebp - 0x31], 0 -je short loc_fffa9168 ; je 0xfffa9168 -mov eax, dword [ebp - 0x1c] -add word [ebx + 0x121], ax -add word [ebx + 0x169], ax -mov word [ebx + 0x1b1], si - -loc_fffa9168: ; not directly referenced -inc byte [ebp - 0x19] -jmp near loc_fffa9091 ; jmp 0xfffa9091 +call dword [eax + 0x7c] ; ucall +mov ebx, eax +xor ax, ax +call fcn_fffb38d9 ; call 0xfffb38d9 +mov dl, al +movzx eax, bx +mov dword [ebp - 0x2c], edx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x2c] +test al, al +sete al +test dl, dl +sete dl +or al, dl +jne short loc_fffa8ef0 ; jne 0xfffa8ef0 +mov ecx, ebx +mov edx, 0x2bb8 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa9170: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffa8f2c: ; not directly referenced +cmp esi, 2 +je loc_fffa9196 ; je 0xfffa9196 +mov ecx, dword [edi + 0x1912] +mov eax, 0x800 +mov dl, 0xb -fcn_fffa9178: ; not directly referenced -push ebp -xor ecx, ecx -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x3c -mov eax, dword [ebp + 8] -mov ebx, dword [ebp + 0x18] -mov edx, dword [ebp + 0x10] -mov edi, eax -mov dword [ebp - 0x1c], eax -mov eax, dword [ebp + 0x1c] -mov byte [ebp - 0x26], bl -mov dword [ebp - 0x24], eax -mov eax, dword [ebp + 0x20] -mov esi, eax -mov dword [ebp - 0x30], eax -mov al, byte [ebp + 0x14] -mov byte [ebp - 0x34], al -mov eax, esi -mov byte [ebp - 0x25], al -movzx eax, byte [ebp + 0xc] -mov dword [ebp - 0x20], eax -imul eax, eax, 0x13c3 -cmp dword [edi + 0x2480], 3 -sete cl -lea esi, [edi + eax + 0x3756] -mov dword [ebp - 0x2c], ecx -test dl, dl -je short loc_fffa9227 ; je 0xfffa9227 -mov ecx, dword [ebp - 0x24] -mov edi, 0x7f -cmp ecx, 0x7f -cmovg ecx, edi -xor eax, eax -test ecx, ecx -cmovns eax, ecx -cmp dl, 2 -je loc_fffa93cd ; je 0xfffa93cd -ja short loc_fffa91ff ; ja 0xfffa91ff -dec dl -je loc_fffa938c ; je 0xfffa938c -jmp near loc_fffa95bb ; jmp 0xfffa95bb +loc_fffa8f42: ; not directly referenced +movzx ebx, dl +cmp ebx, ecx +lea eax, [eax + eax] +jae short loc_fffa8f4f ; jae 0xfffa8f4f +inc edx +jmp short loc_fffa8f42 ; jmp 0xfffa8f42 -loc_fffa91ff: ; not directly referenced -cmp dl, 3 -je loc_fffa946a ; je 0xfffa946a -cmp dl, 4 -jne loc_fffa95bb ; jne 0xfffa95bb -cmp eax, 0x7f -cmovg eax, edi -movzx edi, byte [ebp - 0x34] -xor edx, edx -xor ebx, ebx -mov dword [ebp - 0x24], edi -jmp near loc_fffa94ce ; jmp 0xfffa94ce +loc_fffa8f4f: ; not directly referenced +call fcn_fffb396b ; call 0xfffb396b +mov byte [ebp - 0x2c], 0x11 +sub byte [ebp - 0x2c], al +movzx eax, byte [ebp - 0x2c] +mov word [ebp - 0x48], ax -loc_fffa9227: ; not directly referenced -cmp dword [ebp - 0x2c], 0 -je loc_fffa92fa ; je 0xfffa92fa -mov ecx, dword [ebp - 0x1c] +loc_fffa8f63: ; not directly referenced +mov eax, dword [ebp - 0x30] xor ebx, ebx -xor edi, edi -imul edx, dword [ebp - 0x20], 0x54a -add eax, ecx -add edx, ecx -mov dword [ebp - 0x34], edx +mov esi, 1 +call dword [eax + 0x7c] ; ucall +xor edx, edx mov dword [ebp - 0x3c], eax -loc_fffa9249: ; not directly referenced -movzx edx, byte [ebp - 0x26] -imul eax, ebx, 7 -bt edx, ebx -mov dword [ebp - 0x2c], eax -movzx eax, byte [esi + ebx + 0x241] -jae loc_fffa92e7 ; jae 0xfffa92e7 -add eax, dword [ebp - 0x24] -mov ecx, 0x80 -cdq -idiv ecx -test dl, dl -lea eax, [edx - 0x80] -cmovns eax, edx -cmp byte [ebp - 0x25], 0 -je short loc_fffa9284 ; je 0xfffa9284 -mov byte [esi + ebx + 0x241], al - -loc_fffa9284: ; not directly referenced -mov cl, byte [ebp - 0x2c] -movsx eax, al -mov dword [ebp - 0x2c], 0 -shl eax, cl -add edi, eax -mov eax, dword [ebp - 0x34] -movzx eax, byte [eax + ebx + 0x1ea9] -mov dword [ebp - 0x30], eax -movzx eax, byte [ebp - 0x25] -mov dword [ebp - 0x38], eax - -loc_fffa92aa: ; not directly referenced -mov cl, byte [ebp - 0x2c] -mov eax, 1 +loc_fffa8f75: ; not directly referenced +mov cl, dl +cmp bx, word [ebp - 0x48] +je short loc_fffa8f95 ; je 0xfffa8f95 +mov eax, esi shl eax, cl mov ecx, dword [ebp - 0x3c] -test byte [ecx + 0x381a], al -je short loc_fffa92dc ; je 0xfffa92dc -movsx eax, byte [ebp - 0x24] -push edx -mov ecx, dword [ebp - 0x2c] -push dword [ebp - 0x38] -mov edx, dword [ebp - 0x20] -push eax -mov eax, dword [ebp - 0x1c] -push dword [ebp - 0x30] -call fcn_fffa9054 ; call 0xfffa9054 -add esp, 0x10 - -loc_fffa92dc: ; not directly referenced -inc dword [ebp - 0x2c] -cmp dword [ebp - 0x2c], 4 -jne short loc_fffa92aa ; jne 0xfffa92aa -jmp short loc_fffa92ee ; jmp 0xfffa92ee +and ecx, eax +cmp ecx, 1 +sbb bx, 0xffff +inc edx +cmp edx, 0x10 +jne short loc_fffa8f75 ; jne 0xfffa8f75 +mov cl, 0x10 -loc_fffa92e7: ; not directly referenced -mov cl, byte [ebp - 0x2c] -shl eax, cl -add edi, eax +loc_fffa8f95: ; not directly referenced +mov ebx, 1 +shl ebx, cl +dec ebx +and ebx, dword [ebp - 0x3c] +movzx eax, bx +call fcn_fffb38d9 ; call 0xfffb38d9 +cmp al, byte [ebp - 0x2c] +jne short loc_fffa8f63 ; jne 0xfffa8f63 +mov edx, ebx +xor esi, esi +mov word [ebp - 0x40], bx +not edx -loc_fffa92ee: ; not directly referenced -inc ebx -cmp ebx, 2 -jne loc_fffa9249 ; jne 0xfffa9249 -jmp short loc_fffa9379 ; jmp 0xfffa9379 +loc_fffa8fb7: ; not directly referenced +mov ecx, esi +mov eax, 0xfffffffe +rol eax, cl +and eax, edx +movzx ecx, ax +mov edx, eax +mov word [ebp - 0x30], ax +mov eax, ecx +mov dword [ebp - 0x48], edx +mov dword [ebp - 0x3c], ecx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov ecx, dword [ebp - 0x3c] +mov edx, dword [ebp - 0x48] +cmp al, byte [ebp - 0x2c] +jne short loc_fffa900b ; jne 0xfffa900b -loc_fffa92fa: ; not directly referenced -movzx eax, byte [ebp - 0x34] -xor ebx, ebx -xor edi, edi -mov dword [ebp - 0x30], eax -movzx eax, byte [ebp - 0x25] -mov dword [ebp - 0x34], eax +loc_fffa8fe3: ; not directly referenced +shl ecx, 0x10 +mov eax, edi +mov edx, ecx +movzx ecx, word [ebp - 0x40] +xor esi, esi +or ebx, dword [ebp - 0x30] +or ecx, edx +mov edx, 0x4e38 +mov word [ebp - 0x3c], bx +not ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov word [ebp - 0x30], bx +jmp short loc_fffa9019 ; jmp 0xfffa9019 -loc_fffa930c: ; not directly referenced -mov edx, dword [ebp - 0x30] -imul eax, ebx, 7 -bt edx, ebx -mov dword [ebp - 0x2c], eax -movzx eax, byte [esi + ebx + 0x241] -jae short loc_fffa936c ; jae 0xfffa936c -add eax, dword [ebp - 0x24] -mov ecx, 0x80 -cdq -idiv ecx -test dl, dl -lea eax, [edx - 0x80] -cmovns eax, edx -cmp byte [ebp - 0x25], 0 -je short loc_fffa9342 ; je 0xfffa9342 -mov byte [esi + ebx + 0x241], al +loc_fffa900b: ; not directly referenced +inc esi +cmp esi, 0x10 +jne short loc_fffa8fb7 ; jne 0xfffa8fb7 +jmp short loc_fffa8fe3 ; jmp 0xfffa8fe3 -loc_fffa9342: ; not directly referenced -mov cl, byte [ebp - 0x2c] -movsx eax, al -mov edx, dword [ebp - 0x20] -shl eax, cl -mov ecx, ebx -add edi, eax -push eax -movsx eax, byte [ebp - 0x24] -push dword [ebp - 0x34] -push eax -mov eax, dword [ebp - 0x1c] -push 0x1ff -call fcn_fffa9054 ; call 0xfffa9054 -add esp, 0x10 -jmp short loc_fffa9373 ; jmp 0xfffa9373 +loc_fffa9013: ; not directly referenced +inc esi +cmp esi, 0x10 +je short loc_fffa9038 ; je 0xfffa9038 -loc_fffa936c: ; not directly referenced -mov cl, byte [ebp - 0x2c] -shl eax, cl -add edi, eax +loc_fffa9019: ; not directly referenced +mov ebx, dword [ebp - 0x30] +mov edx, 0xfffffffe +mov ecx, esi +rol edx, cl +and ebx, edx +movzx eax, bx +mov word [ebp - 0x30], ax +call fcn_fffb38d9 ; call 0xfffb38d9 +cmp al, byte [ebp - 0x2c] +jne short loc_fffa9013 ; jne 0xfffa9013 -loc_fffa9373: ; not directly referenced -inc ebx -cmp ebx, 4 -jne short loc_fffa930c ; jne 0xfffa930c +loc_fffa9038: ; not directly referenced +mov word [ebp - 0x44], bx +xor esi, esi +or ebx, dword [ebp - 0x3c] +not ebx +jmp short loc_fffa9056 ; jmp 0xfffa9056 -loc_fffa9379: ; not directly referenced -mov edx, dword [ebp - 0x20] -mov ecx, edi -shl edx, 8 -add edx, 0x180c -jmp near loc_fffa95ac ; jmp 0xfffa95ac +loc_fffa9045: ; not directly referenced +mov ecx, esi +mov eax, 0xfffffffe +rol eax, cl +inc esi +and ebx, eax +cmp esi, 0x10 +je short loc_fffa9063 ; je 0xfffa9063 -loc_fffa938c: ; not directly referenced -cmp eax, 0x7f -mov edx, dword [ebp - 0x20] -cmovle edi, eax -mov eax, edi -and eax, 0x7f -mov ecx, eax -shl ecx, 7 -or ecx, eax -mov eax, dword [ebp - 0x1c] -shl edx, 8 -add edx, 0x1408 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x30], 0 -je loc_fffa95bb ; je 0xfffa95bb -mov dword [esi + 0x119], edi -mov dword [esi + 0x11d], edi -jmp near loc_fffa95bb ; jmp 0xfffa95bb +loc_fffa9056: ; not directly referenced +movzx eax, bx +call fcn_fffb38d9 ; call 0xfffb38d9 +cmp al, byte [ebp - 0x2c] +jne short loc_fffa9045 ; jne 0xfffa9045 -loc_fffa93cd: ; not directly referenced -cmp eax, 0x7f -cmovle edi, eax -cmp dword [ebp - 0x2c], 0 -je short loc_fffa940d ; je 0xfffa940d +loc_fffa9063: ; not directly referenced +movzx ecx, word [ebp - 0x44] +shl ebx, 0x10 +mov edx, 0x4e3c mov eax, edi -test bl, 1 -jne short loc_fffa93e6 ; jne 0xfffa93e6 -mov al, byte [esi + 0x111] - -loc_fffa93e6: ; not directly referenced -and eax, 0x7f -and eax, 0x7f -and bl, 2 -jne short loc_fffa93f8 ; jne 0xfffa93f8 -movzx edi, byte [esi + 0x115] +or ecx, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov dword [ebp - 0x2c], 0 -loc_fffa93f8: ; not directly referenced -and edi, 0x7f -mov ebx, edi -and ebx, 0x7f -shl ebx, 7 +loc_fffa907f: ; not directly referenced +imul esi, dword [ebp - 0x2c], 0x13c3 +cmp dword [edi + esi + 0x3757], 2 +jne loc_fffa9189 ; jne 0xfffa9189 +xor ebx, ebx +test byte [edi + esi + 0x381b], 1 +je short loc_fffa90f5 ; je 0xfffa90f5 +cmp dword [ebp - 0x38], 0 +jne short loc_fffa90c7 ; jne 0xfffa90c7 +imul eax, dword [ebp - 0x2c], 0x54a +mov ax, word [edi + eax + 0x1a4f] +cmp ax, 0xce00 +sete bl +cmp ax, 0xfe02 +sete al or ebx, eax -cmp byte [ebp - 0x30], 0 -jne short loc_fffa9441 ; jne 0xfffa9441 -jmp short loc_fffa9457 ; jmp 0xfffa9457 +jmp short loc_fffa90f5 ; jmp 0xfffa90f5 -loc_fffa940d: ; not directly referenced +loc_fffa90c7: ; not directly referenced +push edx +xor ecx, ecx +push edx +mov edx, dword [ebp - 0x2c] +lea eax, [ebp - 0x1c] +push eax mov eax, edi -mov edx, dword [ebp - 0x20] -and eax, 0x7f -mov ebx, eax -shl ebx, 7 -or ebx, eax -mov eax, dword [ebp - 0x1c] -shl edx, 8 -mov ecx, ebx -add edx, 0x1208 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x30], 0 -je short loc_fffa9457 ; je 0xfffa9457 -mov dword [esi + 0x109], edi -mov dword [esi + 0x10d], edi - -loc_fffa9441: ; not directly referenced -mov eax, ebx -and eax, 0x7f -mov dword [esi + 0x111], eax -mov eax, ebx -shr eax, 7 -mov dword [esi + 0x115], eax +push 5 +call fcn_fffa681b ; call 0xfffa681b +lea eax, [ebp - 0x1c] +add esp, 0x10 +mov cl, 1 -loc_fffa9457: ; not directly referenced -mov edx, dword [ebp - 0x20] -mov ecx, ebx -shl edx, 8 -add edx, 0x1a08 -jmp near loc_fffa95ac ; jmp 0xfffa95ac +loc_fffa90e3: ; not directly referenced +mov dl, byte [eax] +and edx, 0xfffffffd +dec dl +cmove ebx, ecx +inc eax +lea edx, [ebp - 0x18] +cmp eax, edx +jne short loc_fffa90e3 ; jne 0xfffa90e3 -loc_fffa946a: ; not directly referenced -cmp eax, 0x7f -mov edx, dword [ebp - 0x20] -cmovle edi, eax +loc_fffa90f5: ; not directly referenced +test byte [edi + esi + 0x381b], 4 +je short loc_fffa915f ; je 0xfffa915f +cmp dword [ebp - 0x38], 0 +je short loc_fffa913b ; je 0xfffa913b +mov edx, dword [ebp - 0x2c] +mov ecx, 2 +push eax +push eax +lea eax, [ebp - 0x1c] +push eax mov eax, edi -and eax, 0x7f -mov ecx, eax -shl ecx, 7 -or ecx, eax -mov eax, dword [ebp - 0x1c] -shl edx, 8 -add edx, 0x1208 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x30], 0 -je loc_fffa95bb ; je 0xfffa95bb -mov dword [esi + 0x109], edi -mov dword [esi + 0x10d], edi -jmp near loc_fffa95bb ; jmp 0xfffa95bb - -loc_fffa94ab: ; not directly referenced -imul ecx, edx, 7 -mov edi, eax -shl edi, cl -add ebx, edi -cmp byte [ebp - 0x25], 0 -je short loc_fffa94c8 ; je 0xfffa94c8 -mov byte [esi + edx + 0x245], al -mov byte [esi + edx + 0x249], al - -loc_fffa94c8: ; not directly referenced -inc edx -cmp edx, 4 -je short loc_fffa94e7 ; je 0xfffa94e7 - -loc_fffa94ce: ; not directly referenced -mov edi, dword [ebp - 0x24] -bt edi, edx -jb short loc_fffa94ab ; jb 0xfffa94ab -movzx edi, byte [esi + edx + 0x245] -imul ecx, edx, 7 -shl edi, cl -add ebx, edi -jmp short loc_fffa94c8 ; jmp 0xfffa94c8 - -loc_fffa94e7: ; not directly referenced -cmp dword [ebp - 0x2c], 0 -je short loc_fffa950e ; je 0xfffa950e -mov eax, dword [ebp - 0x1c] -cmp byte [eax + 0x240a], 0 -je short loc_fffa950e ; je 0xfffa950e -movzx eax, byte [esi + 0x245] -and ebx, 0xffe03fff -and eax, 0x7f -shl eax, 0xe -or ebx, eax - -loc_fffa950e: ; not directly referenced -mov eax, dword [ebp - 0x20] -mov ecx, ebx -shl eax, 8 -mov dword [ebp - 0x24], eax -lea edx, [eax + 0x1c18] -mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x2c], 0 -je short loc_fffa959b ; je 0xfffa959b -mov eax, dword [ebp - 0x1c] -xor edi, edi -mov ecx, dword [ebp - 0x20] -mov dword [ebp - 0x20], 0 -movzx ebx, byte [eax + 0x240c] -shl ecx, 2 -sar ebx, cl -and ebx, 0xf - -loc_fffa954b: ; not directly referenced -xor edx, edx +push 5 +call fcn_fffa681b ; call 0xfffa681b +lea eax, [ebp - 0x1c] +add esp, 0x10 +lea ecx, [ebp - 0x18] -loc_fffa954d: ; not directly referenced -mov cl, dl -mov eax, ebx -shr eax, cl -mov ecx, eax -and ecx, 1 -cmp ecx, edi -jne short loc_fffa956c ; jne 0xfffa956c -movzx eax, byte [esi + edi + 0x249] -imul ecx, edx, 7 -shl eax, cl -add dword [ebp - 0x20], eax +loc_fffa9125: ; not directly referenced +mov dl, byte [eax] +mov esi, ebx +or esi, 2 +and edx, 0xfffffffd +dec dl +cmove ebx, esi +inc eax +cmp eax, ecx +jne short loc_fffa9125 ; jne 0xfffa9125 +jmp short loc_fffa915f ; jmp 0xfffa915f -loc_fffa956c: ; not directly referenced -inc edx -cmp edx, 4 -jne short loc_fffa954d ; jne 0xfffa954d -inc edi -cmp edi, 4 -jne short loc_fffa954b ; jne 0xfffa954b -mov eax, dword [ebp - 0x20] -mov ecx, eax -mov edx, eax -shr ecx, 0xe -and eax, 0xffe03fff -shr edx, 0x15 -and ecx, 0x7f -and edx, 0x7f -mov ebx, eax -add edx, ecx -shr edx, 1 -shl edx, 0xe -or ebx, edx +loc_fffa913b: ; not directly referenced +imul eax, dword [ebp - 0x2c], 0x54a +mov ax, word [edi + eax + 0x1cc6] +cmp ax, 0xfe02 +sete dl +cmp ax, 0xce00 +sete al +or dl, al +je short loc_fffa915f ; je 0xfffa915f +or ebx, 2 -loc_fffa959b: ; not directly referenced -mov edx, dword [ebp - 0x24] -and ebx, 0xf01fffff -mov ecx, ebx -add edx, 0x1218 +loc_fffa915f: ; not directly referenced +and dword [ebp - 0x34], 0xffffff9f +and ebx, 3 +shl ebx, 5 +mov edx, dword [ebp - 0x2c] +mov eax, edi +or dword [ebp - 0x34], ebx +or dword [ebp - 0x34], 0x80000000 +mov ecx, dword [ebp - 0x34] +shl edx, 0xa +add edx, 0x4240 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa95ac: ; not directly referenced -mov eax, dword [ebp - 0x1c] -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +loc_fffa9189: ; not directly referenced +inc dword [ebp - 0x2c] +cmp dword [ebp - 0x2c], 2 +jne loc_fffa907f ; jne 0xfffa907f -loc_fffa95bb: ; not directly referenced +loc_fffa9196: ; not directly referenced lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffa95c3: ; not directly referenced +fcn_fffa91a0: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x2c +sub esp, 0x6c mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x5edc] -mov edi, dword [ebx + 0x2443] -mov esi, dword [ebx + 0x36e3] -mov dword [ebp - 0x2c], eax +mov dword [ebp - 0x68], 0 +mov dword [ebp - 0x4c], 0 +mov dword [ebp - 0x60], 0 +mov eax, dword [ebx + 0x2481] +mov dword [ebp - 0x58], eax +mov eax, dword [ebx + 0x1887] +mov dword [ebp - 0x6c], eax mov eax, dword [ebx + 0x188b] -mov dword [ebp - 0x20], esi -cmp eax, 1 -mov dword [ebp - 0x1c], eax -mov eax, dword [ebx + 0x18c1] -sbb esi, esi -push 0xe4 -and esi, 0xfffffdeb -push 0 -add esi, 0xc80 -push 0 -push 0 -mov dword [ebp - 0x24], eax -call dword [edi + 0x4c] ; ucall -mov edx, dword [ebp - 0x24] -lea ecx, [eax + edx] -mov dword [esp], ecx -mov dword [ebp - 0x28], ecx -call dword [edi + 0x20] ; ucall -mov ecx, dword [ebp - 0x28] -add ecx, 4 -mov dword [esp], ecx -mov dword [ebp - 0x24], eax -call dword [edi + 0x20] ; ucall -add esp, 0x10 -test byte [ebp - 0x24], 8 -setne cl -movzx edi, cl -mov dword [ebp - 0x24], edi -mov edi, dword [ebx + 0x1872] +mov dword [ebp - 0x5c], eax +lea eax, [ebx + 0x3757] +mov dword [ebp - 0x50], eax +mov eax, dword [ebx + 0x5edd] +lea esi, [eax + 0x1c] + +loc_fffa91ee: ; not directly referenced +mov eax, dword [ebp - 0x50] +cmp dword [eax], 2 +jne loc_fffa93c2 ; jne 0xfffa93c2 +cmp dword [ebp - 0x5c], 1 +jne short loc_fffa9231 ; jne 0xfffa9231 +mov dl, byte [esi + 3] +mov ecx, 0xff +mov al, dl +and edx, 0xffffffbf +mov byte [esi + 3], dl +mov edx, dword [ebp - 0x4c] +shr al, 6 +and eax, 1 +mov byte [esi + 0xcb], al +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [esi] mov edx, eax -shr eax, 4 -mov byte [ebp - 0x2d], cl -mov cl, al -mov eax, dword [ebx + 0x1877] -shr edx, 0x15 -and ecx, 7 -dec edi -cmp edi, 0x7ffffffd -cmovbe esi, dword [ebx + 0x1872] -mov dword [ebx + 0x36e3], eax -mov dword [ebx + 0x36d3], esi -and edx, 7 -je short loc_fffa968c ; je 0xfffa968c -cmp eax, 2 -jne short loc_fffa9696 ; jne 0xfffa9696 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffa9696 ; jne 0xfffa9696 +mov eax, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffa968c: ; not directly referenced -mov dword [ebx + 0x36e3], 0 +loc_fffa9231: ; not directly referenced +cmp dword [ebp - 0x58], 3 +je loc_fffa9385 ; je 0xfffa9385 +mov eax, dword [ebp - 0x50] +mov dword [ebp - 0x54], 0 +mov dword [ebp - 0x64], eax -loc_fffa9696: ; not directly referenced -cmp dword [ebp - 0x24], 0 -mov edi, dword [ebx + 0x36e3] -je short loc_fffa96bb ; je 0xfffa96bb -test edx, edx -je short loc_fffa96f3 ; je 0xfffa96f3 -mov byte [ebx + 0x247e], 1 -mov edx, 7 -mov dword [ebp - 0x28], 0 -jmp short loc_fffa96c7 ; jmp 0xfffa96c7 +loc_fffa9248: ; not directly referenced +mov ecx, dword [ebp - 0x54] +mov eax, 1 +mov dl, cl +shl eax, cl +mov ecx, dword [ebp - 0x50] +test byte [ecx + 0xc4], al +jne short loc_fffa9271 ; jne 0xfffa9271 -loc_fffa96bb: ; not directly referenced -movzx eax, cl -xor esi, esi -mov dword [ebp - 0x28], eax -test edx, edx -je short loc_fffa96e3 ; je 0xfffa96e3 +loc_fffa925f: ; not directly referenced +inc dword [ebp - 0x54] +add dword [ebp - 0x64], 9 +cmp dword [ebp - 0x54], 4 +jne short loc_fffa9248 ; jne 0xfffa9248 +jmp near loc_fffa92f6 ; jmp 0xfffa92f6 -loc_fffa96c7: ; not directly referenced -sub esp, 0xc -add edx, 6 -push 0x5f5e100 -mov ecx, 1 +loc_fffa9271: ; not directly referenced +cmp dword [ebp - 0x58], 2 +sete cl +cmp dword [ebp - 0x6c], 0x306d0 +sete al +test cl, al +je short loc_fffa925f ; je 0xfffa925f +mov eax, edx +shr dl, 1 +and eax, 1 +movzx edx, dl +imul eax, eax, 0x18 +imul edx, edx, 0x128 +add edx, eax +mov eax, dword [ebp - 0x50] +test word [eax + edx + 0x126f], 0x600 +je short loc_fffa925f ; je 0xfffa925f +xor edi, edi + +loc_fffa92ac: ; not directly referenced +mov eax, dword [ebp - 0x64] +mov edx, dword [ebp - 0x4c] +mov byte [eax + edi + 0x24d], 0x3f mov eax, ebx -call fcn_fffaefe1 ; call 0xfffaefe1 +push ecx +mov ecx, dword [ebp - 0x54] +push 0x3f +push 2 +push edi +call fcn_fffa735e ; call 0xfffa735e +mov ecx, edi +mov eax, ebx +or byte [esi + edi*4 + 0x2a], 0x80 +mov edx, dword [ebp - 0x4c] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [esi + edi*4 + 0x28] +inc edi +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -mov esi, eax - -loc_fffa96e3: ; not directly referenced -mov eax, dword [ebp - 0x28] -test eax, eax -je short loc_fffa96f5 ; je 0xfffa96f5 -mov edx, 0xb -sub edx, eax -jmp short loc_fffa96fa ; jmp 0xfffa96fa +cmp edi, 9 +jne short loc_fffa92ac ; jne 0xfffa92ac +jmp near loc_fffa925f ; jmp 0xfffa925f -loc_fffa96f3: ; not directly referenced -xor esi, esi +loc_fffa92f6: ; not directly referenced +cmp dword [ebp - 0x5c], 1 +jne loc_fffa9385 ; jne 0xfffa9385 +cmp dword [ebp - 0x68], 0 +jne short loc_fffa9385 ; jne 0xfffa9385 +mov eax, dword [esi + 0x28] +mov edx, 0x3a28 +mov edi, eax +mov dword [ebp - 0x68], eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov ecx, edi +mov edx, edi +shr ecx, 0x15 +and ecx, 1 +shr edx, 0x15 +and edx, 2 +and eax, 0xfffffffc +or eax, ecx +or eax, edx +mov edx, edi +mov edi, dword [ebp - 0x60] +shr edx, 9 +and eax, 0xff01ffff +and edx, 0xe0000 +or eax, edx +mov edx, 0x3a28 +or eax, 0x800000 +cmp dword [ebp - 0x58], 2 +mov ecx, eax +cmove edi, dword [ebp - 0x5c] +mov eax, ebx +mov dword [ebp - 0x60], edi +call fcn_fffb3381 ; call 0xfffb3381 +test edi, edi +je short loc_fffa9385 ; je 0xfffa9385 +mov edx, 0x5f09 +mov eax, ebx +mov ecx, 1 +call fcn_fffb335b ; call 0xfffb335b +mov edx, 0x96 +mov eax, ebx +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffa96f5: ; not directly referenced -mov edx, 0xa +loc_fffa9385: ; not directly referenced +cmp byte [ebx + 0x3749], 1 +jne short loc_fffa93c2 ; jne 0xfffa93c2 +mov eax, dword [ebp - 0x4c] +lea edi, [eax*4 + 0x5004] +mov eax, ebx +mov edx, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +and eax, 0xfcffffff +or eax, 0x1000000 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x3c +mov eax, ebx +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffa96fa: ; not directly referenced -sub esp, 0xc -xor ecx, ecx -push 0x5f5e100 +loc_fffa93c2: ; not directly referenced +inc dword [ebp - 0x4c] +add esi, 0xcc +add dword [ebp - 0x50], 0x13c3 +cmp dword [ebp - 0x4c], 2 +jne loc_fffa91ee ; jne 0xfffa91ee +lea edi, [ebp - 0x3c] +mov esi, ref_fffd36d4 ; mov esi, 0xfffd36d4 +mov ecx, 9 mov eax, ebx -call fcn_fffaefe1 ; call 0xfffaefe1 -mov ecx, dword [ebp - 0x2c] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x48] +mov esi, ref_fffd36f8 ; mov esi, 0xfffd36f8 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov ecx, 0x1010101 +mov esi, 8 +push edx +push edx +xor edx, edx +push 0 +push 8 +call fcn_fffa7f8c ; call 0xfffa7f8c +lea edi, [ebp - 0x3c] add esp, 0x10 -mov dl, byte [ebp - 0x2d] -mov dword [ecx + 0x1c6], esi -mov byte [ecx + 0x1ca], dl -cmp dword [ebx + 0x18a7], 0 -je short loc_fffa9745 ; je 0xfffa9745 -cmp dword [ebp - 0x24], 0 -je short loc_fffa9737 ; je 0xfffa9737 -cmp edi, 1 -cmove eax, esi -jmp short loc_fffa9747 ; jmp 0xfffa9747 - -loc_fffa9737: ; not directly referenced -xor edi, edi -cmp esi, eax -jbe short loc_fffa9747 ; jbe 0xfffa9747 -mov eax, esi -mov di, 1 -jmp short loc_fffa9747 ; jmp 0xfffa9747 - -loc_fffa9745: ; not directly referenced -xor edi, edi - -loc_fffa9747: ; not directly referenced -cmp eax, dword [ebx + 0x36d3] -jae short loc_fffa976a ; jae 0xfffa976a -cmp dword [ebx + 0x1877], 2 -mov dword [ebx + 0x36d3], eax -je short loc_fffa9764 ; je 0xfffa9764 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffa976a ; jne 0xfffa976a - -loc_fffa9764: ; not directly referenced -mov dword [ebx + 0x36e3], edi - -loc_fffa976a: ; not directly referenced -cmp dword [ebp - 0x20], 1 -jne short loc_fffa978e ; jne 0xfffa978e -cmp dword [ebx + 0x1877], 2 -jne short loc_fffa978e ; jne 0xfffa978e -cmp dword [ebx + 0x1887], 0x306d0 -jne short loc_fffa978e ; jne 0xfffa978e -cmp dword [ebx + 0x1883], 4 -ja short loc_fffa9797 ; ja 0xfffa9797 - -loc_fffa978e: ; not directly referenced -cmp dword [ebx + 0x36e3], 2 -jne short loc_fffa97a0 ; jne 0xfffa97a0 - -loc_fffa9797: ; not directly referenced -mov eax, dword [ebp - 0x20] -mov dword [ebx + 0x36e3], eax - -loc_fffa97a0: ; not directly referenced -mov ecx, dword [ebx + 0x36d3] -mov edx, ref_fffd34b0 ; mov edx, 0xfffd34b0 -xor eax, eax -loc_fffa97ad: ; not directly referenced -add edx, 9 -cmp ecx, dword [edx - 5] -jne short loc_fffa97c0 ; jne 0xfffa97c0 -lea eax, [eax + eax*8] -mov eax, dword [eax + ref_fffd34b0] ; mov eax, dword [eax - 0x2cb50] -jmp short loc_fffa97cb ; jmp 0xfffa97cb +loc_fffa9416: ; not directly referenced +push eax +mov ecx, 0x41041041 +push eax +mov eax, ebx +push esi +add esi, 6 +push 6 +mov edx, dword [edi] +add edi, 4 +call fcn_fffa7f8c ; call 0xfffa7f8c +add esp, 0x10 +cmp esi, 0x3e +jne short loc_fffa9416 ; jne 0xfffa9416 +lea edx, [ebp - 0x48] +mov eax, ebx +call fcn_fffa660c ; call 0xfffa660c +cmp dword [ebx + 0x3757], 2 +jne short loc_fffa945b ; jne 0xfffa945b +mov ecx, 0xa010102 +mov edx, 0x4078 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa97c0: ; not directly referenced -inc eax -cmp eax, 0x15 -jne short loc_fffa97ad ; jne 0xfffa97ad -mov eax, 0x2625a0 +loc_fffa945b: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffa9475 ; jne 0xfffa9475 +mov ecx, 0xa010102 +mov edx, 0x4478 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa97cb: ; not directly referenced -mov dword [ebx + 0x36db], eax +loc_fffa9475: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -12393,280 +12114,254 @@ pop edi pop ebp ret -fcn_fffa97db: ; not directly referenced +fcn_fffa947f: ; not directly referenced push ebp mov ebp, esp push edi +movzx edi, dl push esi push ebx -sub esp, 0x9c -mov eax, dword [ebp + 8] -mov dword [ebp - 0x88], 0 -mov dword [ebp - 0x94], 0 -mov dword [ebp - 0x90], 0 -mov byte [eax + 0x36ca], 8 -add eax, 0x1973 -mov dword [ebp - 0x9c], eax -mov eax, dword [ebp + 8] -mov dword [ebp - 0x7c], 0x17 -mov dword [ebp - 0x80], eax - -loc_fffa9827: ; not directly referenced -mov eax, dword [ebp - 0x80] -xor ebx, ebx -add eax, 0x3756 -mov dword [ebp - 0x8c], eax -mov eax, dword [ebp - 0x9c] -mov dword [ebp - 0x84], eax -mov dword [ebp - 0x98], eax -mov eax, dword [ebp - 0x88] -add eax, 0x48c9 -mov dword [ebp - 0xa0], eax - -loc_fffa985a: ; not directly referenced -mov eax, dword [ebp - 0x98] -cmp dword [eax], 1 -ja loc_fffa99f8 ; ja 0xfffa99f8 -mov eax, dword [ebp - 0x84] -mov esi, ref_fffd33d4 ; mov esi, 0xfffd33d4 -mov ecx, 0xd -lea edi, [ebp - 0x78] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [eax + 0x48] -mov eax, dword [ebp - 0xa0] -lea esi, [eax + ebx] -mov eax, dword [ebp - 0x80] -add esi, dword [ebp + 8] -mov dword [eax + ebx + 0x48c9], 3 -xor eax, eax +sub esp, 0x4c +mov esi, dword [ebp + 0x14] +mov byte [ebp - 0x27], cl +mov cl, byte [ebp + 8] +mov ebx, dword [ebp + 0xc] +mov byte [ebp - 0x26], dl +mov edx, 0x4c31 +mov dword [ebp - 0x38], esi +imul esi, edi, 0x13c3 +mov byte [ebp - 0x48], cl +xor ecx, ecx +mov dword [ebp - 0x20], edi +mov byte [ebp - 0x34], bl +lea edi, [eax + esi + 0x3757] +mov dword [ebp - 0x1c], eax +call fcn_fffb335b ; call 0xfffb335b +cmp byte [edi + 0x1241], 1 +sete al +mov dl, al +mov cl, al +mov eax, dword [ebp - 0x20] +or edx, 2 +cmp byte [edi + 0x1369], 1 +cmove ecx, edx +shl eax, 0xa +mov edi, ecx +lea edx, [eax + 0x41bc] +xor ecx, ecx +mov dword [ebp - 0x2c], eax +mov eax, dword [ebp - 0x1c] +call fcn_fffb335b ; call 0xfffb335b +mov eax, ebx +and eax, 1 +lea edx, [eax + eax] +mov al, bl +and eax, 2 +and ebx, 4 +shr al, 1 +or eax, ebx +or eax, edx +mov ebx, eax +movzx eax, byte [ebp - 0x34] +add esi, dword [ebp - 0x1c] +shl ebx, 0x18 +mov dword [ebp - 0x30], ebx +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x25], 0 +mov dword [ebp - 0x4c], esi +mov dword [ebp - 0x34], eax -loc_fffa989d: ; not directly referenced -inc eax -cmp byte [edi + eax - 1], 0 -je short loc_fffa98ae ; je 0xfffa98ae +loc_fffa952e: ; not directly referenced +mov cl, byte [ebp - 0x24] +mov ebx, 1 +mov esi, dword [ebp - 0x4c] +shl ebx, cl +mov al, bl +and al, byte [esi + 0x381b] +test byte [ebp - 0x27], al +je loc_fffa95d6 ; je 0xfffa95d6 +mov ecx, dword [ebp - 0x34] xor edx, edx -mov eax, 1 -jmp short loc_fffa98ba ; jmp 0xfffa98ba - -loc_fffa98ae: ; not directly referenced -cmp eax, 0x200 -jne short loc_fffa989d ; jne 0xfffa989d -jmp near loc_fffa99f8 ; jmp 0xfffa99f8 +mov esi, dword [ebp + 0x10] +and ecx, 0xf +shl ecx, 0x18 +mov eax, ecx +mov cl, byte [ebp - 0x24] +shr cl, 1 +movzx ecx, cl +mov si, word [esi + ecx*2] +mov ax, si +test byte [ebp - 0x24], 1 +je short loc_fffa9597 ; je 0xfffa9597 +inc ecx +test ecx, edi +je short loc_fffa9597 ; je 0xfffa9597 +mov edx, esi +and ax, 0x150 +and dx, 0xfe07 +and esi, 0xa8 +shr ax, 1 +add esi, esi +or eax, edx +or eax, esi +movzx eax, ax +add eax, dword [ebp - 0x30] +cdq -loc_fffa98ba: ; not directly referenced -cmp dl, 0xc -setbe cl -test cl, al -je short loc_fffa98e6 ; je 0xfffa98e6 +loc_fffa9597: ; not directly referenced +mov esi, dword [ebp - 0x48] +mov ecx, edx +not ebx +or ecx, 0xf000000 +and ebx, 0xf +and ch, 0xf0 +and esi, 0xf +shl esi, 8 +or ecx, esi +and ecx, 0xfffffff0 +or ecx, ebx +mov ebx, dword [ebp - 0x2c] +mov edx, ecx +push ecx +push ecx +push edx push eax -movzx eax, dl -push esi -push edi -push dword [ebp + 8] -mov dword [ebp - 0xa4], edx -call dword [ebp + eax*4 - 0x78] ; ucall -mov edx, dword [ebp - 0xa4] +mov eax, dword [ebp - 0x1c] +lea ecx, [ebx + 0x41c0] +mov edx, ecx +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -inc edx -and eax, 1 -jmp short loc_fffa98ba ; jmp 0xfffa98ba +inc byte [ebp - 0x25] -loc_fffa98e6: ; not directly referenced -test eax, eax -mov eax, dword [ebp - 0x80] -jne short loc_fffa98fd ; jne 0xfffa98fd -mov dword [eax + ebx + 0x48c9], 1 -jmp near loc_fffa99f8 ; jmp 0xfffa99f8 +loc_fffa95d6: ; not directly referenced +inc dword [ebp - 0x24] +cmp dword [ebp - 0x24], 4 +jne loc_fffa952e ; jne 0xfffa952e +cmp byte [ebp - 0x25], 0 +jne short loc_fffa95f3 ; jne 0xfffa95f3 -loc_fffa98fd: ; not directly referenced -mov dword [eax + ebx + 0x48c9], 2 -mov eax, dword [ebp - 0x84] -mov al, byte [eax + 0x4a] -cmp al, 0xf1 -sete cl -cmp al, 0xb -sete dl -or cl, dl -je short loc_fffa9931 ; je 0xfffa9931 -mov eax, dword [ebp - 0x84] -mov edx, 0xb -add eax, 0xbd -jmp short loc_fffa994b ; jmp 0xfffa994b +loc_fffa95e9: ; not directly referenced +mov eax, 1 +jmp near loc_fffa96c3 ; jmp 0xfffa96c3 -loc_fffa9931: ; not directly referenced -cmp al, 0xc -jne short loc_fffa9947 ; jne 0xfffa9947 -mov eax, dword [ebp - 0x84] -mov edx, 9 -add eax, 0x188 -jmp short loc_fffa994b ; jmp 0xfffa994b +loc_fffa95f3: ; not directly referenced +mov edi, dword [ebp - 0x38] +mov cl, 3 +mov edx, dword [ebp - 0x2c] +mov ebx, edi +mov eax, edi +mov edi, dword [ebp - 0x1c] +add edx, 0x419c +and eax, 7 +test bl, bl +cmovne ecx, eax +mov al, byte [ebp - 0x25] +and ecx, 7 +dec eax +and eax, 7 +shl eax, 0x10 +or ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x20] +lea ebx, [eax*8 + 0x48a8] +mov eax, edi +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +mov dword [ebp - 0x1c], edi +mov ecx, eax +mov esi, eax +and ch, 0xc7 +mov eax, edi +or ch, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x20] +mov ecx, 5 +mov eax, dword [ebp - 0x1c] +lea edi, [edx*4 + 0x48b8] +mov edx, edi +call fcn_fffb335b ; call 0xfffb335b -loc_fffa9947: ; not directly referenced -xor edx, edx +loc_fffa9668: ; not directly referenced +mov eax, dword [ebp - 0x1c] +mov edx, 0x4804 +call fcn_fffb331f ; call 0xfffb331f +cmp byte [ebp - 0x26], 0 +jne short loc_fffa968e ; jne 0xfffa968e +test al, 1 +jne loc_fffa95e9 ; jne 0xfffa95e9 +shr eax, 0x10 +and eax, 1 +xor eax, 1 +jmp short loc_fffa96a1 ; jmp 0xfffa96a1 + +loc_fffa968e: ; not directly referenced +test al, 2 +jne loc_fffa95e9 ; jne 0xfffa95e9 +shr eax, 0x10 +shr al, 1 +xor eax, 1 +and eax, 1 + +loc_fffa96a1: ; not directly referenced +test al, al +jne short loc_fffa9668 ; jne 0xfffa9668 +mov edx, edi +mov edi, dword [ebp - 0x1c] +mov ecx, 4 +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b +mov eax, edi +mov ecx, esi +mov edx, ebx +call fcn_fffb3381 ; call 0xfffb3381 xor eax, eax -loc_fffa994b: ; not directly referenced -mov edi, dword [ebp - 0x88] -lea ecx, [edi + ebx + 0x49b4] -add ecx, dword [ebp + 8] -call fcn_fffaf03f ; call 0xfffaf03f -mov eax, dword [ebp - 0x84] -cmp dword [eax], 1 -jne short loc_fffa9979 ; jne 0xfffa9979 -mov eax, dword [ebp - 0x80] -mov dword [eax + ebx + 0x48c9], 1 +loc_fffa96c3: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffa9979: ; not directly referenced -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2480] -test eax, eax -jne short loc_fffa999e ; jne 0xfffa999e -mov eax, dword [ebp - 0x8c] -mov edi, dword [ebp + 8] -mov eax, dword [eax + ebx + 0x1248] -mov dword [edi + 0x2480], eax -jmp short loc_fffa99b7 ; jmp 0xfffa99b7 +fcn_fffa96cb: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov esi, dword [ebp + 8] +mov ebx, dword [ebp + 0xc] +cmp cl, 3 +ja short loc_fffa96eb ; ja 0xfffa96eb +mov word [ebp - 0x1c], bx +mov word [ebp - 0x1a], 0 +jmp short loc_fffa96f5 ; jmp 0xfffa96f5 -loc_fffa999e: ; not directly referenced -mov esi, dword [ebp - 0x8c] -cmp eax, dword [esi + ebx + 0x1248] -mov eax, 0x1a -cmove eax, dword [ebp - 0x7c] -mov dword [ebp - 0x7c], eax +loc_fffa96eb: ; not directly referenced +mov word [ebp - 0x1c], 0 +mov word [ebp - 0x1a], bx -loc_fffa99b7: ; not directly referenced -cmp dword [ebp - 0x90], 0 -mov eax, dword [ebp - 0x8c] -jne short loc_fffa99d5 ; jne 0xfffa99d5 -mov eax, dword [eax + ebx + 0x124c] -mov dword [ebp - 0x90], eax -jmp short loc_fffa99e8 ; jmp 0xfffa99e8 - -loc_fffa99d5: ; not directly referenced -mov edi, dword [ebp - 0x90] -cmp edi, dword [eax + ebx + 0x124c] -jne loc_fffa9b58 ; jne 0xfffa9b58 - -loc_fffa99e8: ; not directly referenced -cmp dword [ebp - 0x7c], 0x1a -je loc_fffa9b81 ; je 0xfffa9b81 -inc dword [ebp - 0x94] - -loc_fffa99f8: ; not directly referenced -add ebx, 0x128 -add dword [ebp - 0x98], 0x277 -add dword [ebp - 0x84], 0x277 -cmp ebx, 0x250 -jne loc_fffa985a ; jne 0xfffa985a -add dword [ebp - 0x88], 0x13c3 -add dword [ebp - 0x9c], 0x54a -add dword [ebp - 0x80], 0x13c3 -cmp dword [ebp - 0x88], 0x2786 -jne loc_fffa9827 ; jne 0xfffa9827 -cmp dword [ebp - 0x94], 0 -je loc_fffa9b81 ; je 0xfffa9b81 -lea edi, [ebp - 0x78] -mov esi, ref_fffd3408 ; mov esi, 0xfffd3408 -mov ecx, 0x18 -xor ebx, ebx -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov eax, 1 - -loc_fffa9a6c: ; not directly referenced -cmp bl, 0x17 -setbe dl -test dl, al -je short loc_fffa9a8c ; je 0xfffa9a8c -sub esp, 0xc -movzx eax, bl -push dword [ebp + 8] -inc ebx -call dword [ebp + eax*4 - 0x78] ; ucall -add esp, 0x10 -and eax, 1 -jmp short loc_fffa9a6c ; jmp 0xfffa9a6c - -loc_fffa9a8c: ; not directly referenced -test eax, eax -je loc_fffa9b81 ; je 0xfffa9b81 -mov eax, dword [ebp + 8] -mov esi, dword [ebp + 8] -mov byte [eax + 0x3748], 1 -add eax, 0x48c9 -add esi, 0x704f - -loc_fffa9aac: ; not directly referenced -mov edx, eax -xor ecx, ecx - -loc_fffa9ab0: ; not directly referenced -mov edi, dword [edx] -lea ebx, [edi - 1] -cmp ebx, 1 -ja short loc_fffa9ac0 ; ja 0xfffa9ac0 -inc dword [eax - 0x10b3] - -loc_fffa9ac0: ; not directly referenced -cmp dword [edx], 2 -jne short loc_fffa9b16 ; jne 0xfffa9b16 -mov bl, byte [edx + 0xed] -cmp bl, 1 -je short loc_fffa9adb ; je 0xfffa9adb -cmp bl, 2 +loc_fffa96f5: ; not directly referenced +cmp dword [eax + 0x2481], 2 +movzx edi, dl +mov edx, esi +movzx ecx, cl +push 0 +movzx esi, dl sete bl -lea ebx, [ebx + ebx*2] -jmp short loc_fffa9add ; jmp 0xfffa9add - -loc_fffa9adb: ; not directly referenced -mov bl, 1 - -loc_fffa9add: ; not directly referenced -mov edi, dword [ebp + 8] +mov dword [ebp - 0x2c], edi +lea edi, [ebp - 0x1c] +mov edx, dword [ebp - 0x2c] +push edi +shl ebx, 3 +push esi movzx ebx, bl -shl ebx, cl -or byte [eax - 0x10af], bl -mov bl, byte [edx + 0xcc] -and byte [edi + 0x3748], bl -mov bl, byte [edi + 0x36ca] -movzx edi, byte [edx + 0xf4] -cmp byte [edx + 0xf4], bl -cmovbe ebx, edi -mov edi, dword [ebp + 8] -mov byte [edi + 0x36ca], bl - -loc_fffa9b16: ; not directly referenced -add ecx, 2 -add edx, 0x128 -cmp ecx, 4 -jne short loc_fffa9ab0 ; jne 0xfffa9ab0 -cmp dword [eax - 0x10b3], 0 -je short loc_fffa9b49 ; je 0xfffa9b49 -cmp byte [eax - 0x10af], 0 -je short loc_fffa9b49 ; je 0xfffa9b49 -mov ecx, dword [ebp + 8] -inc byte [ecx + 0x3755] -mov dword [eax - 0x1173], 2 - -loc_fffa9b49: ; not directly referenced -add eax, 0x13c3 -cmp eax, esi -jne loc_fffa9aac ; jne 0xfffa9aac -jmp short loc_fffa9b61 ; jmp 0xfffa9b61 - -loc_fffa9b58: ; not directly referenced -mov dword [ebp - 0x7c], 0x1a -jmp short loc_fffa9b81 ; jmp 0xfffa9b81 - -loc_fffa9b61: ; not directly referenced -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3755], 0 -je short loc_fffa9b81 ; je 0xfffa9b81 -mov eax, dword [ebp + 8] -mov dword [ebp - 0x7c], 0 -mov dword [eax + 0x374e], 2 - -loc_fffa9b81: ; not directly referenced -mov eax, dword [ebp - 0x7c] +push ebx +call fcn_fffa947f ; call 0xfffa947f lea esp, [ebp - 0xc] pop ebx pop esi @@ -12674,3606 +12369,3915 @@ pop edi pop ebp ret -fcn_fffa9b8c: ; not directly referenced +fcn_fffa972b: ; not directly referenced push ebp -mov ecx, 3 mov ebp, esp push edi push esi -mov esi, ref_fffd3468 ; mov esi, 0xfffd3468 push ebx -mov ebx, eax -sub esp, 0xc0 -lea edi, [ebp - 0x80] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x74] -mov esi, ref_fffd3474 ; mov esi, 0xfffd3474 -mov dword [ebp - 0x8c], eax -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x68] -mov esi, ref_fffd3480 ; mov esi, 0xfffd3480 -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x5c] -mov esi, ref_fffd348c ; mov esi, 0xfffd348c -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +sub esp, 0xe0 +mov esi, dword [ebp + 8] +mov edi, dword [ebp + 0x14] +mov byte [ebp - 0x9f], cl +mov ebx, dword [ebp + 0x10] +mov dword [ebp - 0x80], eax +mov eax, dword [ebp + 0xc] +mov ecx, esi +mov dword [ebp - 0xd8], esi +mov esi, ref_fffd3704 ; mov esi, 0xfffd3704 +mov dword [ebp - 0xac], edi +mov dword [ebp - 0xb8], edx +mov byte [ebp - 0xdc], dl +mov edx, edi +mov byte [ebp - 0xc8], cl lea edi, [ebp - 0x50] -mov esi, ref_fffd3498 ; mov esi, 0xfffd3498 -mov cl, 3 +mov ecx, 3 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x44] -mov esi, ref_fffd34a4 ; mov esi, 0xfffd34a4 -mov cl, 3 +lea edi, [ebp - 0x38] +mov esi, ref_fffd3710 ; mov esi, 0xfffd3710 +mov dword [ebp - 0x88], eax +mov byte [ebp - 0xa0], al +mov byte [ebp - 0x9d], dl +mov word [ebp - 0x7c], bx +mov word [ebp - 0x60], 0 +mov word [ebp - 0x5e], 2 +mov cl, 4 +mov word [ebp - 0x5c], 1 +mov word [ebp - 0x5a], 3 +mov word [ebp - 0x64], 0 +mov word [ebp - 0x62], 2 +mov byte [ebp - 0x6a], 1 +mov byte [ebp - 0x69], 2 +mov byte [ebp - 0x68], 3 +mov byte [ebp - 0x67], 0 +mov byte [ebp - 0x66], 2 +mov byte [ebp - 0x65], 3 +movzx edx, byte [ebp - 0xb8] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [eax + 0x5edc] -mov edx, edi -mov dword [ebp - 0x9c], edi -mov edi, dword [eax + 0x2443] -mov al, byte [eax + 0x2488] -mov esi, edi -mov dword [ebp - 0xa0], edi -movzx edi, byte [ebx + 0x248e] -mov byte [ebp - 0x95], al -mov eax, edx -push 0 -add eax, 0x1bc +mov edi, dword [ebp - 0x80] +imul eax, edx, 0x13c3 +mov dword [ebp - 0x84], edx +mov esi, dword [edi + 0x5edd] +lea eax, [edi + eax + 0x3757] +mov dword [ebp - 0xa8], eax +imul eax, edx, 0xcc +mov ecx, esi +mov dword [ebp - 0xa4], esi +mov esi, dword [edi + 0x2444] +lea edx, [ecx + eax + 0x1c] +mov dword [ebp - 0x9c], edx +mov edx, dword [edi + 0x188b] +lea eax, [ebp - 0x50] +push 0xc +push eax +lea eax, [ebp - 0x44] +push eax +mov dword [ebp - 0x98], edx +call dword [esi + 0x58] ; ucall +add esp, 0xc push 8 +lea eax, [ebp - 0x60] push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -mov edx, 0x3a1c -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x3a1c -mov ecx, eax -mov esi, eax -and ecx, 0xfffe003f -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, ebx -mov dword [ebp - 0x8c], ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -mov ebx, eax -mov eax, dword [ebp - 0x8c] -or bh, 1 -mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x8c] -mov edx, 0x78 -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp - 0x8c] -mov edx, 0x3a00 -call fcn_fffae52a ; call 0xfffae52a -mov ecx, esi -mov esi, dword [ebp - 0x8c] -mov dword [ebp - 0x94], eax -mov eax, dword [ebp - 0x8c] -shr dword [ebp - 0x94], 0xf -and dword [ebp - 0x94], 0x1f -mov ax, word [eax + 0x1904] -shr ax, 7 -movzx edx, ax -mov eax, esi -mov dword [ebp - 0xa8], edx -mov edx, 0x3a1c -call fcn_fffae58c ; call 0xfffae58c -mov ecx, ebx -mov edx, 0x5f08 -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x78 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -mov edx, 0x2008 -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +lea eax, [ebp - 0x58] +push eax +call dword [esi + 0x58] ; ucall +mov eax, dword [edi + 0x2481] +add esp, 0xc +xor edx, edx +push 0x10 +cmp eax, 3 +sete dl +mov dword [ebp - 0xb4], edx +xor edx, edx +cmp eax, 2 +lea eax, [ebp - 0x38] +sete dl +push eax +lea eax, [ebp - 0x28] +mov dword [ebp - 0xb0], edx +push eax +call dword [esi + 0x58] ; ucall +mov ecx, dword [ebp - 0x88] add esp, 0x10 -test ah, 4 -mov eax, edi -je short loc_fffa9d16 ; je 0xfffa9d16 -cmp al, 3 -je short loc_fffa9d2a ; je 0xfffa9d2a -lea eax, [ebp - 0x74] -mov edx, eax -lea eax, [ebp - 0x68] -jmp short loc_fffa9d22 ; jmp 0xfffa9d22 +cmp cl, 3 +sete al +cmp cl, 1 +setbe dl +or dl, al +jne short loc_fffa98ac ; jne 0xfffa98ac +mov edx, ecx +cmp cl, 0x11 +sete cl +cmp dl, 2 +sete dl +or cl, dl +je loc_fffa995e ; je 0xfffa995e -loc_fffa9d16: ; not directly referenced -cmp al, 3 -je short loc_fffa9d2f ; je 0xfffa9d2f -lea eax, [ebp - 0x50] +loc_fffa98ac: ; not directly referenced +mov ecx, dword [ebp - 0x88] +cmp cl, 1 +sbb esi, esi +and esi, 0x10 +add esi, 0xf +cmp cl, 1 +sbb edx, edx +and edx, 0xfffffff0 +sub edx, 0x10 +cmp bx, si +jg short loc_fffa98d5 ; jg 0xfffa98d5 +cmp dx, bx +mov esi, ebx +cmovge esi, edx + +loc_fffa98d5: ; not directly referenced +mov ebx, dword [ebp - 0x9c] +movzx ecx, byte [ebp - 0xd8] +cmp byte [ebp - 0x88], 0 +lea edi, [ebx + ecx*4] +mov ebx, dword [edi + 0x78] +jne loc_fffaa406 ; jne 0xfffaa406 +mov eax, esi +and ebx, 0xfffff000 +and eax, 0x3f mov edx, eax -lea eax, [ebp - 0x44] +or ebx, eax +shl edx, 6 +or ebx, edx -loc_fffa9d22: ; not directly referenced -and edi, 1 -cmovne eax, edx -jmp short loc_fffa9d32 ; jmp 0xfffa9d32 +loc_fffa9909: ; not directly referenced +cmp byte [ebp - 0xb8], 1 +mov edx, 0x365c +jbe loc_fffaa459 ; jbe 0xfffaa459 -loc_fffa9d2a: ; not directly referenced -lea eax, [ebp - 0x80] -jmp short loc_fffa9d32 ; jmp 0xfffa9d32 +loc_fffa991b: ; not directly referenced +mov ecx, dword [ebp - 0x80] +lea eax, [edx + 0xc] +cmp dword [ecx + 0x188b], 1 +mov ecx, ebx +cmove edx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0xac], 0 +je short loc_fffa9941 ; je 0xfffa9941 +mov dword [edi + 0x78], ebx -loc_fffa9d2f: ; not directly referenced -lea eax, [ebp - 0x5c] +loc_fffa9941: ; not directly referenced +mov eax, dword [ebp - 0xa4] +mov edx, 0x2008 +mov ecx, dword [eax + 0x18] +mov eax, dword [ebp - 0x80] +or ecx, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +mov word [ebp - 0x7c], si -loc_fffa9d32: ; not directly referenced -mov dword [ebp - 0x90], eax -mov eax, dword [ebp - 0x9c] +loc_fffa995e: ; not directly referenced +mov eax, dword [ebp - 0x88] +cmp al, 0x11 +sete cl +sub eax, 4 +cmp al, 1 +setbe al +or al, cl +mov byte [ebp - 0x9e], cl +je loc_fffa9b92 ; je 0xfffa9b92 +mov eax, dword [ebp - 0xa8] xor edi, edi -add eax, 0x1c -mov dword [ebp - 0xa4], eax -mov esi, eax - -loc_fffa9d4b: ; not directly referenced -imul eax, edi, 0x13c3 -mov edx, dword [ebp - 0x8c] -xor ebx, ebx -cmp dword [edx + eax + 0x3756], 2 -jne short loc_fffa9dc5 ; jne 0xfffa9dc5 +lea esi, [eax + 0x24d] +imul eax, dword [ebp - 0x84], 0x13c3 +add eax, dword [ebp - 0x80] +mov dword [ebp - 0xe4], eax +movzx eax, byte [ebp - 0x9f] +mov dword [ebp - 0xe8], eax -loc_fffa9d63: ; not directly referenced -cmp byte [ebp - 0x95], bl -jbe short loc_fffa9d9f ; jbe 0xfffa9d9f -or byte [esi + ebx*4 + 0x28], 0x20 -mov ecx, ebx -mov eax, dword [esi + ebx*4 + 0x28] -mov edx, edi -inc ebx -mov dword [ebp - 0xac], eax -mov eax, dword [ebp - 0x8c] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0xac] -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa9d63 ; jmp 0xfffa9d63 +loc_fffa99ad: ; not directly referenced +mov ebx, dword [ebp - 0xe4] +mov eax, 1 +mov ecx, edi +shl eax, cl +test byte [ebx + 0x381b], al +je loc_fffa9b85 ; je 0xfffa9b85 +mov eax, dword [ebp - 0xe8] +bt eax, edi +jae loc_fffa9b85 ; jae 0xfffa9b85 +cmp byte [ebp - 0xa0], 4 +jne loc_fffa9a7c ; jne 0xfffa9a7c +cmp dword [ebp - 0x98], 0 +jne short loc_fffa99fe ; jne 0xfffa99fe +mov ebx, dword [ebp - 0x7c] +mov eax, 0xb +cmp bx, 0xb +cmovle eax, ebx +jmp short loc_fffa9a21 ; jmp 0xfffa9a21 -loc_fffa9d9f: ; not directly referenced -mov eax, dword [ebp - 0x8c] -mov ecx, 0xff -mov edx, edi -mov ebx, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 -or bh, 1 -mov ecx, ebx -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffa99fe: ; not directly referenced +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9a25 ; jne 0xfffa9a25 +mov ecx, dword [ebp - 0x7c] +mov eax, 0xf +cmp cx, 0xf +cmovle eax, ecx +mov ecx, eax +or eax, 0x10 +test byte [esi], 0x10 +cmove eax, ecx -loc_fffa9dc5: ; not directly referenced -inc edi -add esi, 0xcc -cmp edi, 2 -jne loc_fffa9d4b ; jne 0xfffa9d4b -mov eax, dword [ebp - 0x90] -lea ebx, [ebp - 0x38] -inc eax -mov dword [ebp - 0xbc], eax -mov esi, eax +loc_fffa9a21: ; not directly referenced +mov word [ebp - 0x7c], ax -loc_fffa9de7: ; not directly referenced -mov edi, dword [ebp - 0x8c] -add ebx, 4 -add esi, 3 -movzx edx, byte [esi - 4] -movzx ecx, byte [esi - 3] -mov eax, edi -call fcn_fffa75da ; call 0xfffa75da -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebx - 4], eax -lea eax, [ebp - 0x28] -cmp ebx, eax -jne short loc_fffa9de7 ; jne 0xfffa9de7 -imul eax, dword [ebp - 0x94], 0x1f0 -mov ecx, 0x3e8 -imul eax, dword [ebp - 0xa8] -xor edx, edx -mov byte [ebp - 0xa8], 1 -div ecx -lea edi, [eax + 0x14a] -add eax, 0x226 -mov dword [ebp - 0xb8], eax -mov eax, dword [ebp - 0x9c] -mov dword [ebp - 0xb4], edi -add eax, 0x1bd -mov dword [ebp - 0xac], eax +loc_fffa9a25: ; not directly referenced +mov ebx, dword [ebp - 0x7c] +mov eax, 0 +mov ecx, edi +push edx +mov edx, dword [ebp - 0x84] +test bx, bx +cmovns eax, ebx +movzx ebx, byte [ebp - 0xc8] +mov word [ebp - 0x7c], ax +or eax, 0x30 +mov word [ebp - 0xe0], ax +cwde +push eax +mov eax, dword [ebp - 0x80] +push 2 +push ebx +call fcn_fffa735e ; call 0xfffa735e +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je loc_fffa9b85 ; je 0xfffa9b85 +mov al, byte [ebp - 0xe0] +mov byte [esi + ebx], al +jmp near loc_fffa9b85 ; jmp 0xfffa9b85 -loc_fffa9e5e: ; not directly referenced -mov eax, dword [ebp - 0xa4] -xor ebx, ebx -mov dword [ebp - 0x94], eax -mov eax, dword [ebp - 0xa8] -and eax, 7 -mov dword [ebp - 0x9c], eax +loc_fffa9a7c: ; not directly referenced +cmp byte [ebp - 0xa0], 5 +jne loc_fffa9b3e ; jne 0xfffa9b3e +cmp dword [ebp - 0x98], 0 +jne short loc_fffa9ac9 ; jne 0xfffa9ac9 +cmp word [ebp - 0x7c], 0x13 +jg short loc_fffa9aad ; jg 0xfffa9aad +mov ecx, dword [ebp - 0x7c] +mov eax, 0 +test cx, cx +cmovns eax, ecx +mov word [ebp - 0x7c], ax +jmp short loc_fffa9ab3 ; jmp 0xfffa9ab3 -loc_fffa9e7b: ; not directly referenced -imul eax, ebx, 0x13c3 -mov edi, dword [ebp - 0x8c] -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffa9eb0 ; je 0xfffa9eb0 +loc_fffa9aad: ; not directly referenced +mov word [ebp - 0x7c], 0x13 -loc_fffa9e91: ; not directly referenced -inc ebx -add dword [ebp - 0x94], 0xcc -cmp ebx, 2 -jne short loc_fffa9e7b ; jne 0xfffa9e7b -mov dword [ebp - 0x94], 0 -jmp near loc_fffaa085 ; jmp 0xfffaa085 +loc_fffa9ab3: ; not directly referenced +mov eax, dword [ebp - 0x7c] +mov ecx, 5 +mov edx, eax +sar dx, 0xf +idiv cx +lea ebx, [edx + eax*8] +jmp short loc_fffa9afe ; jmp 0xfffa9afe -loc_fffa9eb0: ; not directly referenced -xor esi, esi +loc_fffa9ac9: ; not directly referenced +xor ebx, ebx +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9afe ; jne 0xfffa9afe +mov eax, dword [ebp - 0x7c] +test ax, ax +jle short loc_fffa9afe ; jle 0xfffa9afe +movsx ebx, ax +mov eax, 0x10 +cmp bx, 0x10 +cmovle eax, ebx +mov word [ebp - 0x7c], ax +dec eax +mov ebx, eax +and eax, 3 +sar ebx, 2 +add eax, eax +lea ebx, [eax + ebx*8 + 1] -loc_fffa9eb2: ; not directly referenced -mov eax, esi -cmp byte [ebp - 0x95], al -jbe short loc_fffa9e91 ; jbe 0xfffa9e91 -mov eax, dword [ebp - 0x94] -mov ecx, esi -mov edx, ebx -mov edi, dword [eax + esi*4 + 4] -inc esi -mov eax, dword [ebp - 0x9c] -and edi, 0xffffe3ff -shl eax, 0xa -or edi, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffa724b ; call 0xfffa724b +loc_fffa9afe: ; not directly referenced +push eax +movzx eax, bl +mov edx, dword [ebp - 0x84] +push eax +movzx eax, byte [ebp - 0xc8] mov ecx, edi -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffa9eb2 ; jmp 0xfffa9eb2 +push 2 +push eax +mov dword [ebp - 0xe0], eax +mov eax, dword [ebp - 0x80] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffa9b85 ; je 0xfffa9b85 +mov eax, dword [ebp - 0xe0] +mov byte [esi + eax + 0xdd9], bl +jmp short loc_fffa9b85 ; jmp 0xfffa9b85 -loc_fffa9ef8: ; not directly referenced -imul eax, edi, 0x13c3 -mov edx, dword [ebp - 0x8c] -cmp dword [edx + eax + 0x3756], 2 -je loc_fffaa0c3 ; je 0xfffaa0c3 +loc_fffa9b3e: ; not directly referenced +cmp byte [ebp - 0x9e], 0 +je short loc_fffa9b85 ; je 0xfffa9b85 +movzx ebx, byte [ebp - 0xc8] +mov ecx, edi +push eax +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +push 0 +push 0xff +push ebx +call fcn_fffa735e ; call 0xfffa735e +add esp, 0xc +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +mov ecx, edi +push 0 +push 0xff +push ebx +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 -loc_fffa9f12: ; not directly referenced +loc_fffa9b85: ; not directly referenced inc edi -add dword [ebp - 0x9c], 0xcc -cmp edi, 2 -jne short loc_fffa9ef8 ; jne 0xfffa9ef8 -mov byte [ebp - 0x9c], 0 +add esi, 9 +cmp edi, 4 +jne loc_fffa99ad ; jne 0xfffa99ad -loc_fffa9f29: ; not directly referenced -mov esi, dword [ebp - 0x9c] -lea edi, [ebp - 0x28] -mov ebx, dword [ebp - 0x90] -and esi, 1 -shl esi, 0x1d -or esi, 0x2000000 +loc_fffa9b92: ; not directly referenced +cmp byte [ebp - 0x88], 6 +mov cl, byte [ebp - 0x9e] +sete al +or cl, al +je loc_fffa9cf1 ; je 0xfffa9cf1 +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9bc0 ; jne 0xfffa9bc0 +cmp word [ebp - 0x7c], 0x3f +jg loc_fffaa48b ; jg 0xfffaa48b +jmp short loc_fffa9bcb ; jmp 0xfffa9bcb -loc_fffa9f44: ; not directly referenced -movzx eax, byte [ebx + 2] -and esi, 0xefffffff -movzx ecx, byte [ebx + 1] -movzx edx, byte [ebx] -and eax, 1 -shl eax, 0x1c +loc_fffa9bc0: ; not directly referenced +cmp word [ebp - 0x7c], 7 +jg loc_fffaa496 ; jg 0xfffaa496 + +loc_fffa9bcb: ; not directly referenced +mov edi, dword [ebp - 0x7c] +mov edx, 0 +test di, di +cmovns edx, edi +mov word [ebp - 0x7c], dx + +loc_fffa9bdd: ; not directly referenced +movzx edi, byte [ebp - 0xd8] +mov ecx, dword [ebp - 0x9c] +mov dword [ebp - 0xc8], edi +lea edi, [ecx + edi*4] +mov ebx, dword [edi + 4] +mov esi, dword [edi + 0x28] +test al, al +je short loc_fffa9c3a ; je 0xfffa9c3a +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9c2c ; jne 0xfffa9c2c +mov ecx, dword [ebp - 0x7c] +and bh, 0xe3 +and esi, 0xe3ffffff +mov eax, ecx +sar ax, 3 +and eax, 7 +shl eax, 0xa +or ebx, eax +mov eax, ecx +and eax, 7 +shl eax, 0x1a or esi, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffa75da ; call 0xfffa75da +jmp short loc_fffa9c3a ; jmp 0xfffa9c3a + +loc_fffa9c2c: ; not directly referenced +mov eax, dword [ebp - 0x7c] +and bh, 0xe3 +and eax, 7 +shl eax, 0xa +or ebx, eax + +loc_fffa9c3a: ; not directly referenced +mov ecx, dword [ebp - 0xc8] +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, ebx +mov edx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x98], 1 +jne short loc_fffa9c83 ; jne 0xfffa9c83 +mov ecx, dword [ebp - 0xc8] +mov edx, dword [ebp - 0x84] +mov eax, dword [ebp - 0x80] +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, esi mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0xa0] -call dword [eax + 0x54] ; ucall -add eax, 0x3e8 -mov dword [ebp - 0xb0], eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffa9f8b: ; not directly referenced -mov esi, dword [ebp - 0x8c] -movzx edx, byte [ebx] -movzx ecx, byte [ebx + 1] -mov eax, esi -call fcn_fffa75da ; call 0xfffa75da -mov edx, eax -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a +loc_fffa9c83: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffa9cf1 ; je 0xfffa9cf1 +cmp dword [ebp - 0x98], 1 +mov dword [edi + 4], ebx +jne short loc_fffa9cf1 ; jne 0xfffa9cf1 +mov ebx, dword [ebp - 0x80] +mov edx, 0x3a28 +mov dword [edi + 0x28], esi +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +movzx ecx, byte [ebx + 0x2489] +xor edx, edx mov esi, eax -test eax, 0x40000000 -jne loc_fffaa108 ; jne 0xfffaa108 -mov eax, dword [ebp - 0xa0] -call dword [eax + 0x54] ; ucall -cmp dword [ebp - 0xb0], eax -ja short loc_fffa9f8b ; ja 0xfffa9f8b +xor eax, eax -loc_fffa9fc6: ; not directly referenced -movzx ecx, byte [ebx + 1] -add edi, 4 -add ebx, 3 -movzx edx, byte [ebx - 3] -mov eax, dword [ebp - 0x8c] -call fcn_fffa75da ; call 0xfffa75da -xor ecx, ecx -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -lea eax, [ebp - 0x18] -cmp edi, eax -jne loc_fffa9f44 ; jne 0xfffa9f44 -inc byte [ebp - 0x9c] -cmp byte [ebp - 0x9c], 2 -jne loc_fffa9f29 ; jne 0xfffa9f29 -mov ecx, dword [ebp - 0x28] -mov ebx, dword [ebp - 0x1c] -mov edx, dword [ebp - 0x20] -mov eax, dword [ebp - 0x24] -mov esi, ecx -cmp ebx, ecx -cmovbe esi, ebx -cmp esi, edx -cmova esi, edx -cmp ebx, ecx -cmovae ecx, ebx -cmp ecx, edx -cmovae edx, ecx -cmp edx, eax -cmovb edx, eax -cmp esi, eax -cmovbe eax, esi -cmp dword [ebp - 0xb4], eax -jbe short loc_fffaa055 ; jbe 0xfffaa055 -mov cl, byte [ebp - 0x94] -mov eax, 1 -mov edi, dword [ebp - 0xac] -shl eax, cl -or byte [edi], al +loc_fffa9cb7: ; not directly referenced +cmp cl, dl +jbe short loc_fffa9cd0 ; jbe 0xfffa9cd0 +mov edi, dword [ebp - 0x9c] +mov bl, byte [edi + edx*4 + 0x2b] +inc edx +shr bl, 2 +and ebx, 7 +add eax, ebx +jmp short loc_fffa9cb7 ; jmp 0xfffa9cb7 -loc_fffaa055: ; not directly referenced -cmp dword [ebp - 0xb8], edx -jae short loc_fffaa072 ; jae 0xfffaa072 -mov cl, byte [ebp - 0x94] -mov eax, 1 -mov edi, dword [ebp - 0xac] -shl eax, cl -or byte [edi], al +loc_fffa9cd0: ; not directly referenced +xor edx, edx +and esi, 0xfff1ffff +div ecx +mov ecx, esi +mov edx, 0x3a28 +and eax, 7 +shl eax, 0x11 +or ecx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaa072: ; not directly referenced -inc dword [ebp - 0x94] -cmp dword [ebp - 0x94], 8 -je loc_fffaa126 ; je 0xfffaa126 +loc_fffa9cf1: ; not directly referenced +cmp byte [ebp - 0x88], 9 +je short loc_fffa9d10 ; je 0xfffa9d10 -loc_fffaa085: ; not directly referenced -push eax -xor edi, edi +loc_fffa9cfa: ; not directly referenced +mov al, byte [ebp - 0x88] +sub eax, 7 +cmp al, 1 +ja loc_fffa9f84 ; ja 0xfffa9f84 +jmp near loc_fffa9fa3 ; jmp 0xfffa9fa3 + +loc_fffa9d10: ; not directly referenced +cmp dword [ebp - 0xb4], 0 +je loc_fffa9ddc ; je 0xfffa9ddc +mov edi, dword [ebp - 0x7c] +mov al, 2 +mov ecx, edi +mov ebx, edi +cmp cl, 2 +cmovbe eax, ebx +xor ebx, ebx +imul edx, dword [ebp - 0x84], 0x13c3 +movzx eax, al +add edx, dword [ebp - 0x80] +mov dword [ebp - 0xc8], eax +mov dword [ebp - 0x98], edx + +loc_fffa9d4a: ; not directly referenced +mov esi, dword [ebp - 0x98] +mov eax, 1 +mov cl, bl +mov dl, bl +shl eax, cl +test byte [esi + 0x381b], al +je short loc_fffa9dcd ; je 0xfffa9dcd +test byte [ebp - 0x9f], al +je short loc_fffa9dcd ; je 0xfffa9dcd +mov eax, edx +mov edi, dword [ebp - 0xa8] +shr dl, 1 +and eax, 1 +movzx edx, dl +imul edx, edx, 0x128 +imul eax, eax, 0x18 +lea eax, [eax + edx + 0x1260] +movzx edx, byte [ebp - 0xdc] +lea edi, [edi + eax + 0xb] +mov eax, dword [ebp - 0xc8] +movzx esi, byte [ebp + eax - 0x6a] +mov ax, word [edi + 6] +push ecx +mov ecx, ebx push 0 -push 4 -lea eax, [ebp - 0x28] +and eax, 0xfffffff0 +or esi, eax +movzx eax, si push eax -mov eax, dword [ebp - 0xa0] -call dword [eax + 0x64] ; ucall -mov eax, dword [ebp - 0xa4] +mov eax, dword [ebp - 0x80] +push 3 +call fcn_fffacb43 ; call 0xfffacb43 add esp, 0x10 -mov dword [ebp - 0x9c], eax -mov eax, dword [ebp - 0x94] -and eax, 7 -mov dword [ebp - 0xb0], eax -shl dword [ebp - 0xb0], 0x1a -jmp near loc_fffa9ef8 ; jmp 0xfffa9ef8 +cmp byte [ebp - 0x9d], 0 +je short loc_fffa9dcd ; je 0xfffa9dcd +mov word [edi + 6], si -loc_fffaa0c3: ; not directly referenced -xor ebx, ebx +loc_fffa9dcd: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffa9d4a ; jne 0xfffa9d4a +jmp near loc_fffa9cfa ; jmp 0xfffa9cfa -loc_fffaa0c5: ; not directly referenced -cmp byte [ebp - 0x95], bl -jbe loc_fffa9f12 ; jbe 0xfffa9f12 -mov eax, dword [ebp - 0x9c] -mov ecx, ebx +loc_fffa9ddc: ; not directly referenced +cmp dword [ebp - 0xb0], 1 +mov dword [ebp - 0x98], 0 +sbb ebx, ebx +xor eax, eax +and ebx, 0xffffffe4 +sub ebx, 7 +cmp byte [ebp - 0x7c], 0 +setne al +mov ax, word [ebp + eax*2 - 0x64] +mov word [ebp - 0xc8], ax +imul eax, dword [ebp - 0x84], 0x13c3 +add eax, dword [ebp - 0x80] +mov dword [ebp - 0xd8], eax + +loc_fffa9e1d: ; not directly referenced +mov edi, dword [ebp - 0x98] +mov eax, 1 +mov ecx, edi mov edx, edi -mov esi, dword [eax + ebx*4 + 0x28] -inc ebx -mov eax, dword [ebp - 0x8c] -and esi, 0xe3ffffff -call fcn_fffa720e ; call 0xfffa720e -or esi, dword [ebp - 0xb0] +shl eax, cl +mov ecx, dword [ebp - 0xd8] +test byte [ecx + 0x381b], al +je short loc_fffa9e9c ; je 0xfffa9e9c +test byte [ebp - 0x9f], al +je short loc_fffa9e9c ; je 0xfffa9e9c +mov ecx, edx +mov esi, dword [ebp - 0xa8] +shr dl, 1 +and ecx, 1 +movzx edx, dl +imul ecx, ecx, 0x18 +imul edx, edx, 0x128 +lea edx, [ecx + edx + 0x1260] +mov ecx, eax +mov eax, dword [ebp - 0x80] +lea edi, [esi + edx + 0xb] +mov esi, ebx +and si, word [edi + 2] +or esi, dword [ebp - 0xc8] +push edx +push edx +movzx edx, si +push edx +mov edx, dword [ebp - 0x84] +push 1 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffa9e9c ; je 0xfffa9e9c +mov word [edi + 2], si + +loc_fffa9e9c: ; not directly referenced +inc dword [ebp - 0x98] +cmp dword [ebp - 0x98], 4 +jne loc_fffa9e1d ; jne 0xfffa9e1d +jmp near loc_fffa9cfa ; jmp 0xfffa9cfa + +loc_fffa9eb4: ; not directly referenced +mov esi, dword [ebp - 0xb0] +mov dword [ebp - 0xb4], 0 +cmp esi, 1 +sbb eax, eax +mov dword [ebp - 0xd8], eax +add eax, 3 +and word [ebp - 0xd8], 0x4bc +sub word [ebp - 0xd8], 0x701 +cmp esi, 1 +mov esi, dword [ebp - 0x7c] +sbb ebx, ebx +mov dword [ebp - 0xc8], ebx +mov dword [ebp - 0x98], ebx +and byte [ebp - 0xc8], 0xfe +and byte [ebp - 0x98], 0xfa +mov edx, esi +sar dx, 4 mov ecx, esi -mov edx, eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaa0c5 ; jmp 0xfffaa0c5 +add byte [ebp - 0xc8], 7 +add byte [ebp - 0x98], 8 +cmp byte [ebp - 0x88], 7 +cmovne edx, ecx +cmp al, dl +cmova eax, edx +movzx eax, al +mov dword [ebp - 0xdc], eax +imul eax, dword [ebp - 0x84], 0x13c3 +add eax, dword [ebp - 0x80] +mov dword [ebp - 0xe0], eax +mov eax, esi +and eax, 0xf +mov byte [ebp - 0xe4], al -loc_fffaa108: ; not directly referenced -shr eax, 0xf -and eax, 0x3ff -add eax, dword [edi] -cmp byte [ebp - 0x9c], 1 -jne loc_fffaa215 ; jne 0xfffaa215 -shr eax, 1 -jmp near loc_fffaa215 ; jmp 0xfffaa215 +loc_fffa9f52: ; not directly referenced +mov edi, dword [ebp - 0xb4] +mov ebx, 1 +mov esi, dword [ebp - 0xe0] +mov ecx, edi +mov eax, edi +shl ebx, cl +test byte [esi + 0x381b], bl +jne loc_fffaa063 ; jne 0xfffaa063 -loc_fffaa126: ; not directly referenced -inc byte [ebp - 0xa8] -inc dword [ebp - 0xac] -and byte [ebp - 0xa8], 7 -jne loc_fffa9e5e ; jne 0xfffa9e5e -mov esi, dword [ebp - 0xa4] -xor edi, edi +loc_fffa9f75: ; not directly referenced +inc dword [ebp - 0xb4] +cmp dword [ebp - 0xb4], 4 +jne short loc_fffa9f52 ; jne 0xfffa9f52 -loc_fffaa147: ; not directly referenced -imul eax, edi, 0x13c3 -mov ecx, dword [ebp - 0x8c] +loc_fffa9f84: ; not directly referenced +mov al, byte [ebp - 0x88] +sub eax, 0xa +cmp al, 1 +setbe al +or al, byte [ebp - 0x9e] +jne loc_fffaa151 ; jne 0xfffaa151 +jmp near loc_fffaa258 ; jmp 0xfffaa258 + +loc_fffa9fa3: ; not directly referenced +cmp dword [ebp - 0xb4], 0 +je loc_fffa9eb4 ; je 0xfffa9eb4 +mov ebx, dword [ebp - 0x7c] +mov al, 2 +cmp bl, 2 +cmovbe eax, ebx xor ebx, ebx -cmp dword [ecx + eax + 0x3756], 2 -jne short loc_fffaa1cc ; jne 0xfffaa1cc +imul esi, dword [ebp - 0x84], 0x13c3 +movzx eax, al +add esi, dword [ebp - 0x80] +mov dword [ebp - 0x84], eax +mov dword [ebp - 0x7c], esi -loc_fffaa15f: ; not directly referenced -cmp byte [ebp - 0x95], bl -jbe short loc_fffaa1ad ; jbe 0xfffaa1ad -mov eax, dword [ebp - 0x8c] +loc_fffa9fd6: ; not directly referenced +mov edi, dword [ebp - 0x7c] +mov eax, 1 +mov cl, bl +mov dl, bl +shl eax, cl +test byte [edi + 0x381b], al +je short loc_fffaa054 ; je 0xfffaa054 +test byte [ebp - 0x9f], al +je short loc_fffaa054 ; je 0xfffaa054 +mov al, bl +and edx, 1 +mov ecx, dword [ebp - 0xa8] +shr al, 1 +mov esi, dword [ebp - 0x84] +movzx eax, al +imul edx, edx, 0x18 +imul eax, eax, 0x128 +movzx esi, byte [ebp + esi - 0x67] +add eax, edx +movzx edx, byte [ebp - 0xdc] +lea edi, [ecx + eax + 0x1260] +mov ax, word [edi + 0x19] +push ecx mov ecx, ebx -mov edx, edi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [esi + ebx*4 + 4] -mov edx, eax -mov dword [ebp - 0x90], eax -mov eax, dword [ebp - 0x8c] -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x90] -and byte [esi + ebx*4 + 0x28], 0xdf -mov ecx, dword [esi + ebx*4 + 0x28] +push 0 +and eax, 0xfffffffc +or esi, eax +movzx eax, si +push eax +mov eax, dword [ebp - 0x80] +push 0xb +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffaa054 ; je 0xfffaa054 +mov word [edi + 0x19], si + +loc_fffaa054: ; not directly referenced inc ebx -mov eax, dword [ebp - 0x8c] -add edx, 4 -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaa15f ; jmp 0xfffaa15f +cmp ebx, 4 +jne loc_fffa9fd6 ; jne 0xfffa9fd6 +jmp near loc_fffaa4a1 ; jmp 0xfffaa4a1 -loc_fffaa1ad: ; not directly referenced -mov ebx, dword [ebp - 0x8c] -mov ecx, 0xff -mov edx, edi -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [esi] +loc_fffaa063: ; not directly referenced +test byte [ebp - 0x9f], bl +je loc_fffa9f75 ; je 0xfffa9f75 mov edx, eax -mov eax, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c +mov edi, dword [ebp - 0xa8] +mov ecx, ebx +shr al, 1 +and edx, 1 +movzx eax, al +imul edx, edx, 0x18 +imul eax, eax, 0x128 +lea eax, [edx + eax + 0x1260] +lea edi, [edi + eax + 0xb] +mov eax, dword [ebp - 0xdc] +mov si, word [ebp + eax*2 - 0x58] +mov ax, word [edi + 4] +push edx +push edx +mov edx, dword [ebp - 0x84] +shl esi, 9 +and ah, 0xf9 +or esi, eax +movzx eax, si +push eax +mov eax, dword [ebp - 0x80] +push 2 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je short loc_fffaa0d2 ; je 0xfffaa0d2 +mov word [edi + 4], si -loc_fffaa1cc: ; not directly referenced -inc edi -add esi, 0xcc -cmp edi, 2 -jne loc_fffaa147 ; jne 0xfffaa147 -mov esi, dword [ebp - 0xbc] -lea ebx, [ebp - 0x38] +loc_fffaa0d2: ; not directly referenced +cmp byte [ebp - 0xa0], 8 +je loc_fffa9f75 ; je 0xfffa9f75 +mov esi, dword [ebp - 0xc8] +mov al, byte [ebp - 0xe4] +mov ecx, esi +cmp cl, al +cmova esi, eax +cmp dword [ebp - 0xb0], 0 +mov eax, esi +movzx eax, al +je short loc_fffaa107 ; je 0xfffaa107 +movzx eax, word [ebp + eax*2 - 0x28] +jmp short loc_fffaa10c ; jmp 0xfffaa10c -loc_fffaa1e5: ; not directly referenced -mov edi, dword [ebp - 0x8c] -add ebx, 4 -add esi, 3 -movzx ecx, byte [esi - 3] -movzx edx, byte [esi - 4] -mov eax, edi -call fcn_fffa75da ; call 0xfffa75da -mov ecx, dword [ebx - 4] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -lea eax, [ebp - 0x28] -cmp ebx, eax -jne short loc_fffaa1e5 ; jne 0xfffaa1e5 -jmp short loc_fffaa21c ; jmp 0xfffaa21c +loc_fffaa107: ; not directly referenced +movzx eax, word [ebp + eax*2 - 0x44] -loc_fffaa215: ; not directly referenced -mov dword [edi], eax -jmp near loc_fffa9fc6 ; jmp 0xfffa9fc6 +loc_fffaa10c: ; not directly referenced +mov cl, byte [ebp - 0x98] +mov esi, dword [ebp - 0xd8] +and si, word [edi + 2] +mov edx, dword [ebp - 0x84] +shl eax, cl +mov ecx, ebx +or esi, eax +push eax +push eax +movzx eax, si +push eax +mov eax, dword [ebp - 0x80] +push 1 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +cmp byte [ebp - 0x9d], 0 +je loc_fffa9f75 ; je 0xfffa9f75 +mov word [edi + 2], si +jmp near loc_fffa9f75 ; jmp 0xfffa9f75 -loc_fffaa21c: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaa151: ; not directly referenced +mov ecx, dword [ebp - 0x88] +cmp cl, 0xb +sete al +movzx edi, al +setne al +movzx eax, al +lea edi, [edi*8 + 7] +lea eax, [eax*8 - 0x10] +cmp word [ebp - 0x7c], di +jg short loc_fffaa183 ; jg 0xfffaa183 +mov edi, dword [ebp - 0x7c] +cmp ax, di +cmovge edi, eax -fcn_fffaa226: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -push ebx -sub esp, 0x1c -mov eax, dword [eax + 0x188b] -mov dword [ebp - 0x20], edx -cmp eax, 1 -je short loc_fffaa252 ; je 0xfffaa252 -sbb ebx, ebx -mov esi, 0 -mov byte [ebp - 0x1a], 1 -and ebx, 0x364c -jmp short loc_fffaa260 ; jmp 0xfffaa260 +loc_fffaa183: ; not directly referenced +mov eax, dword [ebp - 0x9c] +cmp byte [ebp - 0x88], 0xa +mov ebx, dword [eax + 0x4c] +mov esi, dword [eax + 0x50] +jne short loc_fffaa1b9 ; jne 0xfffaa1b9 +mov eax, edi +and ebx, 0xfffe01ff +and eax, 0xf +and esi, 0xfffe01ff +mov edx, eax +shl edx, 9 +shl eax, 0xd +or ebx, edx +or ebx, eax +or esi, edx +jmp short loc_fffaa1cf ; jmp 0xfffaa1cf -loc_fffaa252: ; not directly referenced -mov byte [ebp - 0x1a], 4 -mov esi, 4 -mov ebx, 0x3650 +loc_fffaa1b9: ; not directly referenced +cmp byte [ebp - 0x88], 0xb +jne short loc_fffaa1d1 ; jne 0xfffaa1d1 +mov eax, edi +and ebx, 0xffffffe0 +and eax, 0x1f +and esi, 0xffffffe0 +or ebx, eax -loc_fffaa260: ; not directly referenced -mov byte [ebp - 0x19], 0 +loc_fffaa1cf: ; not directly referenced +or esi, eax -loc_fffaa264: ; not directly referenced -mov ecx, dword [ebp - 0x20] -mov edx, ebx -mov eax, edi -add ebx, esi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov al, byte [ebp - 0x1a] -inc byte [ebp - 0x19] -cmp byte [ebp - 0x19], al -jb short loc_fffaa264 ; jb 0xfffaa264 -add esp, 0x1c -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaa1d1: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffaa1e6 ; je 0xfffaa1e6 +mov eax, dword [ebp - 0x9c] +mov dword [eax + 0x4c], ebx +mov dword [eax + 0x50], esi -fcn_fffaa285: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, edx -push esi -mov esi, eax -push ebx -sub esp, 0x2c -mov eax, dword [ebp + 8] -mov ebx, dword [esi + 0x2443] -shl edi, 0xa -mov dword [ebp - 0x20], ecx -add edi, 0x4214 -mov dword [ebp - 0x24], eax -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x28], eax -mov eax, dword [ebp + 0x10] -mov dword [ebp - 0x2c], eax -call dword [ebx + 0x54] ; ucall -add eax, 0x2710 -mov dword [ebp - 0x1c], eax +loc_fffaa1e6: ; not directly referenced +mov eax, dword [ebp - 0x84] +mov ecx, ebx +shl eax, 8 +lea edx, [eax + 0x1404] +mov dword [ebp - 0x7c], eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x7c] +mov ecx, ebx +lea edx, [eax + 0x1a04] +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x7c] +mov ecx, ebx +mov ebx, dword [ebp - 0x80] +lea edx, [eax + 0x1204] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x7c] +mov ecx, esi +lea edx, [eax + 0x3414] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0xa4] +mov edx, 0x2008 +mov ecx, dword [eax + 0x18] +mov eax, ebx +or ecx, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +mov word [ebp - 0x7c], di -loc_fffaa2c1: ; not directly referenced -mov edx, edi -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -shr eax, 0x18 +loc_fffaa258: ; not directly referenced +cmp byte [ebp - 0x88], 0xf +mov al, byte [ebp - 0x9e] +sete dl +or al, dl +je loc_fffaa332 ; je 0xfffaa332 +mov ecx, dword [ebp - 0x7c] +mov eax, 0xfffffff8 +mov ebx, 7 +cmp cx, 0xfff8 +cmovge eax, ecx +cmp ax, 7 +cmovg eax, ebx +mov word [ebp - 0x7c], ax +mov eax, dword [ebp - 0xa4] +mov ebx, dword [eax + 0xc] +test dl, dl +je short loc_fffaa2e6 ; je 0xfffaa2e6 +cmp byte [ebp - 0xb8], 1 +jne short loc_fffaa2ce ; jne 0xfffaa2ce +mov eax, dword [ebp - 0x80] +cmp dword [eax + 0x3757], 2 +jne short loc_fffaa2ce ; jne 0xfffaa2ce +mov edx, 0x3a14 +call fcn_fffb331f ; call 0xfffb331f +mov esi, dword [ebp - 0x7c] +shr eax, 0x14 +and eax, 0xf +cmp si, ax +cmovge eax, esi +mov word [ebp - 0x7c], ax + +loc_fffaa2ce: ; not directly referenced +mov eax, dword [ebp - 0x7c] +and ebx, 0xf00fffff +and eax, 0xf +mov edx, eax +shl edx, 0x14 +shl eax, 0x18 +or ebx, edx +or ebx, eax + +loc_fffaa2e6: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffaa2f8 ; je 0xfffaa2f8 +mov eax, dword [ebp - 0xa4] +mov dword [eax + 0xc], ebx + +loc_fffaa2f8: ; not directly referenced +mov edi, dword [ebp - 0x80] +mov ecx, ebx +mov edx, 0x3a14 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +or ah, 1 +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x78 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 + +loc_fffaa332: ; not directly referenced +cmp byte [ebp - 0x88], 0xc +mov cl, byte [ebp - 0x9e] +sete al +or cl, al +je loc_fffaa4a1 ; je 0xfffaa4a1 test al, al -jns short loc_fffaa2e0 ; jns 0xfffaa2e0 -call dword [ebx + 0x54] ; ucall -cmp dword [ebp - 0x1c], eax -ja short loc_fffaa2c1 ; ja 0xfffaa2c1 +je short loc_fffaa356 ; je 0xfffaa356 +mov bl, byte [ebp - 0x7c] +and ebx, 3 +jmp short loc_fffaa362 ; jmp 0xfffaa362 -loc_fffaa2d9: ; not directly referenced -mov eax, 0x12 -jmp short loc_fffaa340 ; jmp 0xfffaa340 +loc_fffaa356: ; not directly referenced +mov eax, dword [ebp - 0x9c] +mov bl, byte [eax + 0xb4] -loc_fffaa2e0: ; not directly referenced -mov ecx, dword [ebp - 0x28] -mov edx, edi -mov eax, dword [ebp - 0x24] -shl ecx, 0xd -and ax, 0x1fff -or ecx, eax -mov eax, dword [ebp - 0x20] -movzx ecx, cx -and eax, 3 -shl eax, 0x10 -or ecx, eax -mov eax, dword [ebp - 0x2c] -and eax, 0x1ff -shl eax, 0x15 -or ecx, eax -mov eax, esi -or ecx, 0x80100000 -call fcn_fffae58c ; call 0xfffae58c -call dword [ebx + 0x54] ; ucall -add eax, 0x2710 -mov dword [ebp - 0x1c], eax +loc_fffaa362: ; not directly referenced +cmp byte [ebp - 0xac], 0 +je short loc_fffaa377 ; je 0xfffaa377 +mov eax, dword [ebp - 0x9c] +mov byte [eax + 0xb4], bl -loc_fffaa324: ; not directly referenced +loc_fffaa377: ; not directly referenced +mov esi, dword [ebp - 0x84] +and ebx, 3 +mov eax, dword [ebp - 0x80] +shl ebx, 0xd +shl esi, 8 +lea edi, [esi + 0x140c] mov edx, edi -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -shr eax, 0x18 -test al, al -jns short loc_fffaa33e ; jns 0xfffaa33e -call dword [ebx + 0x54] ; ucall -cmp dword [ebp - 0x1c], eax -ja short loc_fffaa324 ; ja 0xfffaa324 -jmp short loc_fffaa2d9 ; jmp 0xfffaa2d9 +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +lea edi, [esi + 0x1a0c] +add esi, 0x121c +and ah, 0x9f +or eax, ebx +mov ecx, eax +mov eax, dword [ebp - 0x80] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x80] +mov edx, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +mov edi, dword [ebp - 0x80] +and ah, 0x9f +or eax, ebx +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, esi +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, esi +and ah, 0x9f +or eax, ebx +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0xa4] +mov edx, 0x2008 +mov ecx, dword [eax + 0x18] +mov eax, edi +or ecx, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffaa4a1 ; jmp 0xfffaa4a1 -loc_fffaa33e: ; not directly referenced -xor eax, eax +loc_fffaa406: ; not directly referenced +cmp byte [ebp - 0x88], 1 +jne short loc_fffaa426 ; jne 0xfffaa426 +mov eax, esi +and ebx, 0xffc00fff +and eax, 0x1f +mov edx, eax +shl edx, 0xc +shl eax, 0x11 +or ebx, edx +jmp short loc_fffaa452 ; jmp 0xfffaa452 -loc_fffaa340: ; not directly referenced -add esp, 0x2c -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaa426: ; not directly referenced +test al, al +je short loc_fffaa43a ; je 0xfffaa43a +mov eax, esi +and ebx, 0xf83fffff +and eax, 0x1f +shl eax, 0x16 +jmp short loc_fffaa452 ; jmp 0xfffaa452 -fcn_fffaa348: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -push ebx -mov ebx, dword [ebp + 8] -cmp ecx, edx -ja short loc_fffaa360 ; ja 0xfffaa360 -inc edi -inc dword [ebx + 0xc] -imul eax, edi, 0xa -jmp short loc_fffaa3c3 ; jmp 0xfffaa3c3 +loc_fffaa43a: ; not directly referenced +cmp byte [ebp - 0x88], 2 +jne loc_fffa9909 ; jne 0xfffa9909 +mov eax, esi +and ebx, 0x7ffffff +shl eax, 0x1b -loc_fffaa360: ; not directly referenced -mov esi, ecx -sub esi, edx -cmp ecx, 6 -ja short loc_fffaa38e ; ja 0xfffaa38e -imul edi, eax, 0xa -mov eax, 7 -sub eax, ecx -xor edx, edx -imul eax, eax, 0xa -mov ecx, 0xa -inc dword [ebx + 8] -div esi -cmp eax, 0xa -cmovbe ecx, eax -lea eax, [edi + ecx + 0x14] -jmp short loc_fffaa3c3 ; jmp 0xfffaa3c3 +loc_fffaa452: ; not directly referenced +or ebx, eax +jmp near loc_fffa9909 ; jmp 0xfffa9909 -loc_fffaa38e: ; not directly referenced -cmp edx, 7 -ja short loc_fffaa3ab ; ja 0xfffaa3ab -inc dword [ebx + 4] -test esi, esi -je short loc_fffaa3ad ; je 0xfffaa3ad -mov eax, 7 -inc edi -sub eax, edx -xor edx, edx -imul eax, eax, 0xa -div esi -jmp short loc_fffaa3be ; jmp 0xfffaa3be +loc_fffaa459: ; not directly referenced +cmp byte [ebp - 0xd8], 8 +jbe short loc_fffaa476 ; jbe 0xfffaa476 +mov edx, dword [ebp - 0x84] +shl edx, 8 +add edx, 0x305c +jmp near loc_fffa991b ; jmp 0xfffa991b -loc_fffaa3ab: ; not directly referenced -inc dword [ebx] +loc_fffaa476: ; not directly referenced +mov eax, dword [ebp - 0x84] +shl ecx, 9 +shl eax, 8 +lea edx, [eax + ecx + 0x5c] +jmp near loc_fffa991b ; jmp 0xfffa991b -loc_fffaa3ad: ; not directly referenced -cmp esi, edx -cmovb esi, edx -xor eax, eax -test esi, esi -je short loc_fffaa3c3 ; je 0xfffaa3c3 -mov al, 0x46 -xor edx, edx -div esi +loc_fffaa48b: ; not directly referenced +mov word [ebp - 0x7c], 0x3f +jmp near loc_fffa9bdd ; jmp 0xfffa9bdd -loc_fffaa3be: ; not directly referenced -imul edi, edi, 0xa -add eax, edi +loc_fffaa496: ; not directly referenced +mov word [ebp - 0x7c], 7 +jmp near loc_fffa9bdd ; jmp 0xfffa9bdd -loc_fffaa3c3: ; not directly referenced +loc_fffaa4a1: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffaa3c8: ; not directly referenced +fcn_fffaa4a9: ; not directly referenced push ebp mov ebp, esp push edi push esi +xor esi, esi push ebx -mov ebx, edx +mov ebx, eax sub esp, 0x2c -mov esi, dword [eax + 0x2443] -mov byte [ebp - 0x1b], cl -mov cl, byte [ebp + 8] -shl ebx, 0xa -lea edx, [ebx + 0x41bc] -mov dword [ebp - 0x20], eax -mov dword [ebp - 0x28], esi -mov byte [ebp - 0x1c], cl -xor ecx, ecx -call fcn_fffae566 ; call 0xfffae566 -lea eax, [ebx + 0x41c0] -mov byte [ebp - 0x19], 0 -mov dword [ebp - 0x34], eax +mov edi, dword [eax + 0x2444] +call dword [edi + 0x54] ; ucall +add eax, 0x2710 +mov dword [ebp - 0x2c], eax -loc_fffaa405: ; not directly referenced -mov cl, byte [ebp - 0x19] -xor esi, esi -xor edi, edi -mov dword [ebp - 0x2c], 0 -mov al, cl -and eax, 1 -mov byte [ebp - 0x1a], al -mov al, cl +loc_fffaa4c7: ; not directly referenced +imul eax, esi, 0x13c3 +mov dword [ebp + esi*4 - 0x28], 0 +cmp dword [ebx + eax + 0x3757], 2 +jne short loc_fffaa531 ; jne 0xfffaa531 +cmp dword [ebx + 0x188b], 0 +je short loc_fffaa531 ; je 0xfffaa531 xor ecx, ecx -shr al, 1 -and eax, 1 +mov edx, esi +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov edx, eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebp + esi*4 - 0x20], eax +test eax, 0x1000000 +je short loc_fffaa531 ; je 0xfffaa531 +and eax, 0xfeffffff +mov ecx, 0xff mov dword [ebp - 0x30], eax +mov edx, esi +mov eax, ebx +mov dword [ebp + esi*4 - 0x28], 1 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [ebp - 0x30] +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaa427: ; not directly referenced -movzx eax, cl -div byte [ebp - 0x1b] -movzx edx, ah -lea eax, [ecx + 0x15] -cmp cl, 0x12 -ja short loc_fffaa441 ; ja 0xfffaa441 -lea eax, [ecx + 8] -cmp cl, 0x10 -cmovb eax, ecx +loc_fffaa531: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffaa4c7 ; jne 0xfffaa4c7 +mov edx, 0x5030 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5030 +or eax, 0x800000 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaa441: ; not directly referenced -cmp dl, byte [ebp - 0x1c] -movzx eax, al -mov edx, dword [ebp - 0x28] -mov dword [ebp - 0x38], ecx -mov edx, dword [edx + 0x68] -mov dword [ebp - 0x24], edx -jne short loc_fffaa461 ; jne 0xfffaa461 -push ecx -xor edx, edx -push eax -movzx eax, byte [ebp - 0x1a] -push edx -push eax -jmp short loc_fffaa469 ; jmp 0xfffaa469 +loc_fffaa556: ; not directly referenced +mov edx, 0x5030 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +shr eax, 0x10 +test al, al +jns short loc_fffaa578 ; jns 0xfffaa578 +call dword [edi + 0x54] ; ucall +cmp dword [ebp - 0x2c], eax +ja short loc_fffaa556 ; ja 0xfffaa556 +mov edi, 1 +jmp short loc_fffaa57a ; jmp 0xfffaa57a -loc_fffaa461: ; not directly referenced -push edx -push eax -push dword [ebp - 0x2c] -push dword [ebp - 0x30] +loc_fffaa578: ; not directly referenced +xor edi, edi -loc_fffaa469: ; not directly referenced -mov eax, dword [ebp - 0x24] -call eax -mov ecx, dword [ebp - 0x38] -add esp, 0x10 -inc ecx -or eax, esi -or edx, edi -mov esi, eax -mov edi, edx -cmp cl, 0x16 -jne short loc_fffaa427 ; jne 0xfffaa427 -push eax -push eax -mov eax, dword [ebp - 0x20] -push edx -mov edx, dword [ebp - 0x34] -push esi -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 -inc byte [ebp - 0x19] -cmp byte [ebp - 0x19], 8 -jne loc_fffaa405 ; jne 0xfffaa405 -mov edi, dword [ebp - 0x20] -lea edx, [ebx + 0x41a0] -mov ecx, 0x222 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -lea edx, [ebx + 0x41b0] -mov eax, edi -mov ecx, 0x6010102 -call fcn_fffae58c ; call 0xfffae58c -lea edx, [ebx + 0x41a4] -mov eax, edi -mov ecx, 0xea1 -call fcn_fffae58c ; call 0xfffae58c -lea edx, [ebx + 0x41a8] -mov eax, edi -mov ecx, 0xbeef -call fcn_fffae58c ; call 0xfffae58c -lea esp, [ebp - 0xc] +loc_fffaa57a: ; not directly referenced +xor esi, esi + +loc_fffaa57c: ; not directly referenced +cmp dword [ebp + esi*4 - 0x28], 0 +je short loc_fffaa59e ; je 0xfffaa59e +mov ecx, 0xff +mov edx, esi +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [ebp + esi*4 - 0x20] +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffaa59e: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffaa57c ; jne 0xfffaa57c mov eax, edi -lea edx, [ebx + 0x41ac] -mov ecx, 0xdead +add esp, 0x2c +neg eax pop ebx +and eax, 0x12 pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +ret -fcn_fffaa505: ; not directly referenced +fcn_fffaa5b3: ; not directly referenced push ebp mov ebp, esp push edi -mov edi, edx +mov edi, eax push esi -mov esi, eax push ebx -sub esp, 0x1c -mov ebx, dword [eax + 0x2443] -mov dword [ebp - 0x20], ecx -shl edi, 0xa -add edi, 0x4214 -call dword [ebx + 0x54] ; ucall -add eax, 0x2710 -mov dword [ebp - 0x1c], eax +add esp, 0xffffff80 +mov al, byte [ebp + 0xc] +mov ebx, dword [edi + 0x2444] +push 1 +mov esi, dword [edi + 0x5edd] +push 8 +mov byte [ebp - 0x6a], al +mov eax, dword [edi + 0x188b] +mov dword [ebp - 0x64], edx +mov dword [ebp - 0x54], ecx +mov byte [ebp - 0x50], dl +mov dword [ebp - 0x78], eax +lea eax, [ebp - 0x38] +push eax +mov byte [ebp - 0x4e], cl +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 8 +lea eax, [ebp - 0x30] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 9 +push 8 +lea eax, [ebp - 0x28] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 2 +lea eax, [ebp - 0x20] +push eax +call dword [ebx + 0x64] ; ucall +add esp, 0x10 +cmp byte [ebp - 0x54], 1 +jne short loc_fffaa648 ; jne 0xfffaa648 +mov byte [ebp - 0x35], 0xa +mov byte [ebp - 0x36], 0x13 +mov byte [ebp - 0x37], 0x19 +mov byte [ebp - 0x38], 0x19 +mov byte [ebp - 0x2d], 0xa +mov byte [ebp - 0x2e], 0xa +mov byte [ebp - 0x25], 0x3f +mov byte [ebp - 0x26], 0x3f +jmp near loc_fffaa6d0 ; jmp 0xfffaa6d0 -loc_fffaa52f: ; not directly referenced -mov edx, edi -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov ecx, eax -shr eax, 0x18 -test al, al -jns short loc_fffaa550 ; jns 0xfffaa550 -call dword [ebx + 0x54] ; ucall -cmp dword [ebp - 0x1c], eax -ja short loc_fffaa52f ; ja 0xfffaa52f +loc_fffaa648: ; not directly referenced +mov eax, dword [ebp - 0x54] +cmp al, 2 +je short loc_fffaa6ca ; je 0xfffaa6ca +cmp al, 5 +jne short loc_fffaa659 ; jne 0xfffaa659 -loc_fffaa549: ; not directly referenced -mov eax, 0x12 -jmp short loc_fffaa5ae ; jmp 0xfffaa5ae +loc_fffaa653: ; not directly referenced +mov byte [ebp - 0x4d], 8 +jmp short loc_fffaa6d4 ; jmp 0xfffaa6d4 -loc_fffaa550: ; not directly referenced -mov cl, byte [ebp + 8] -mov ch, byte [ebp + 0xc] -mov edx, dword [ebp + 0x10] -mov eax, dword [ebp - 0x20] -or ecx, 0x40000 -and edx, 1 -and ecx, 0xfff4ffff -shl edx, 0x13 -and eax, 3 -shl eax, 0x10 -or ecx, edx -or ecx, eax -mov edx, edi -or ecx, 0x80000000 -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -call dword [ebx + 0x54] ; ucall -add eax, 0x2710 +loc_fffaa659: ; not directly referenced +mov eax, dword [ebp - 0x54] +cmp al, 6 +je short loc_fffaa6d0 ; je 0xfffaa6d0 +cmp al, 9 +jne short loc_fffaa68b ; jne 0xfffaa68b +mov ebx, dword [ebp - 0x64] +movzx eax, bl +and bl, 1 +je short loc_fffaa678 ; je 0xfffaa678 +mov edx, dword [esi + 0xbc] +mov dword [ebp - 0x20], edx + +loc_fffaa678: ; not directly referenced +mov byte [ebp - 0x4d], 2 +test al, 2 +je short loc_fffaa6d4 ; je 0xfffaa6d4 +mov eax, dword [esi + 0x188] mov dword [ebp - 0x1c], eax +jmp short loc_fffaa6d4 ; jmp 0xfffaa6d4 -loc_fffaa592: ; not directly referenced -mov edx, edi -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -shr eax, 0x18 -test al, al -jns short loc_fffaa5ac ; jns 0xfffaa5ac -call dword [ebx + 0x54] ; ucall -cmp dword [ebp - 0x1c], eax -ja short loc_fffaa592 ; ja 0xfffaa592 -jmp short loc_fffaa549 ; jmp 0xfffaa549 +loc_fffaa68b: ; not directly referenced +cmp byte [ebp - 0x54], 0xa +mov byte [ebp - 0x4d], 1 +jne short loc_fffaa6d4 ; jne 0xfffaa6d4 +mov eax, dword [ebp - 0x64] +movzx edx, al +test al, 1 +je short loc_fffaa6b1 ; je 0xfffaa6b1 +mov eax, dword [esi + 0xbc] +mov dword [ebp - 0x20], eax +shr eax, 0xf +and eax, 0xf +mov byte [ebp - 0x3a], al -loc_fffaa5ac: ; not directly referenced -xor eax, eax +loc_fffaa6b1: ; not directly referenced +and dl, 2 +je short loc_fffaa653 ; je 0xfffaa653 +mov eax, dword [esi + 0x188] +mov dword [ebp - 0x1c], eax +shr eax, 0xf +and eax, 0xf +mov byte [ebp - 0x39], al +jmp short loc_fffaa653 ; jmp 0xfffaa653 -loc_fffaa5ae: ; not directly referenced -add esp, 0x1c -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaa6ca: ; not directly referenced +mov byte [ebp - 0x4d], 7 +jmp short loc_fffaa6d4 ; jmp 0xfffaa6d4 -fcn_fffaa5b6: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, ecx -sub esp, 0x4c -mov edi, dword [ebp + 8] -mov esi, dword [ebp + 0x18] -mov ecx, dword [eax + 0x2443] -mov dword [ebp - 0x1c], eax -mov eax, dword [eax + 0x1887] -mov dword [ebp - 0x44], edi -mov edi, dword [ebp + 0xc] -mov dword [ebp - 0x34], esi -mov esi, dword [ebp + 0x1c] -mov dword [ebp - 0x28], edx -mov dword [ebp - 0x24], ecx -mov dword [ebp - 0x30], edi -mov edi, dword [ebp + 0x10] -mov dword [ebp - 0x20], edi -mov edi, dword [ebp + 0x14] -mov dword [ebp - 0x40], edi -mov edi, dword [ebp + 0x20] -cmp eax, 0x306d0 -je short loc_fffaa618 ; je 0xfffaa618 -cmp eax, 0x40670 -je short loc_fffaa618 ; je 0xfffaa618 -mov dword [ebp - 0x2c], 0x7f8 -mov dword [ebp - 0x38], 0xff -jmp short loc_fffaa626 ; jmp 0xfffaa626 +loc_fffaa6d0: ; not directly referenced +mov byte [ebp - 0x4d], 4 -loc_fffaa618: ; not directly referenced -mov dword [ebp - 0x2c], 0xff8 -mov dword [ebp - 0x38], 0x1ff +loc_fffaa6d4: ; not directly referenced +movzx eax, byte [ebp - 0x50] +mov dword [ebp - 0x4c], 0 +mov byte [ebp - 0x69], 0 +mov dword [ebp - 0x68], eax +movzx eax, byte [ebp - 0x4d] +mov dword [ebp - 0x80], eax -loc_fffaa626: ; not directly referenced -test ebx, ebx -je short loc_fffaa69e ; je 0xfffaa69e -mov dword [ebp - 0x4c], esi -push esi -push 0x20 -movzx edx, word [ebx] -movzx eax, word [ebx + 2] -shl edx, 0x18 -shl eax, 0x10 -add eax, edx -cdq -push edx -push eax -mov eax, dword [ebp - 0x24] -call dword [eax + 0x68] ; ucall -add esp, 0xc -mov ecx, dword [ebp - 0x24] -push 0x18 -mov esi, eax -movzx eax, word [ebx + 4] -mov dword [ebp - 0x48], edx -xor edx, edx -push edx -push eax -call dword [ecx + 0x68] ; ucall -movzx ebx, word [ebx + 6] -pop ecx -pop ecx -and edx, dword [ebp - 0x38] -mov dword [ebp - 0x3c], ebx -mov ebx, dword [ebp - 0x2c] -and dword [ebp - 0x3c], ebx -or dword [ebp - 0x3c], esi -and eax, 0xff000000 -mov esi, dword [ebp - 0x3c] -or esi, eax -mov eax, dword [ebp - 0x48] -or eax, edx -push eax -mov eax, dword [ebp - 0x28] -push esi -lea edx, [eax*8 + 0x48d8] -mov eax, dword [ebp - 0x1c] -call fcn_fffae7cf ; call 0xfffae7cf -mov esi, dword [ebp - 0x4c] -add esp, 0x10 +loc_fffaa6ed: ; not directly referenced +mov ebx, dword [ebp - 0x4c] +mov byte [ebp - 0x4f], bl +mov bl, byte [ebp + ebx - 0x38] +movzx eax, bl +dec eax +call fcn_fffb396b ; call 0xfffb396b +cmp bl, 0x1f +jbe short loc_fffaa74e ; jbe 0xfffaa74e +mov ebx, dword [ebp - 0x4c] +mov byte [ebp + ebx - 0x38], al -loc_fffaa69e: ; not directly referenced -mov eax, dword [ebp - 0x44] -test eax, eax -je short loc_fffaa715 ; je 0xfffaa715 -push edx -mov ebx, dword [ebp - 0x24] -push 0x20 -movzx edx, word [eax] -mov dword [ebp - 0x44], esi -mov esi, eax -movzx eax, word [eax + 2] -shl edx, 0x18 +loc_fffaa70c: ; not directly referenced +mov cl, byte [ebp - 0x4f] +mov dword [ebp - 0x58], 0x4004 +mov dword [ebp - 0x60], 0x4917 +mov al, cl +shl eax, 4 +add eax, ecx +cmp cl, 4 +movzx eax, al +mov dword [ebp - 0x7c], eax +sbb eax, eax +xor ebx, ebx +and eax, 0x1f +mov dword [ebp - 0x70], eax +mov al, cl +and eax, 3 +mov byte [ebp - 0x6b], al +add eax, 4 +or dword [ebp - 0x70], 0x80 +mov byte [ebp - 0x6c], al +jmp short loc_fffaa75a ; jmp 0xfffaa75a + +loc_fffaa74e: ; not directly referenced +mov eax, dword [ebp - 0x4c] +add ebx, 0x20 +mov byte [ebp + eax - 0x38], bl +jmp short loc_fffaa70c ; jmp 0xfffaa70c + +loc_fffaa75a: ; not directly referenced +mov eax, dword [ebp - 0x68] +bt eax, ebx +jae loc_fffaa916 ; jae 0xfffaa916 +mov eax, dword [ebp - 0x58] +lea edx, [eax + 0x94] +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +shr eax, 0xc +and eax, 1 +cmp byte [ebp - 0x4e], 1 +mov byte [ebp - 0x69], al +jne short loc_fffaa7f5 ; jne 0xfffaa7f5 +mov edx, dword [ebp - 0x4c] +mov dword [ebp - 0x5c], ebx +movzx ecx, byte [ebp + edx - 0x30] +movzx eax, byte [ebp + edx - 0x28] +mov dl, byte [ebp + edx - 0x38] +and ecx, 0x3f +and eax, 0x3f shl eax, 0x10 -add eax, edx -cdq -push edx -push eax -call dword [ebx + 0x68] ; ucall -add esp, 0xc -mov ecx, dword [ebp - 0x24] -push 0x18 -mov ebx, eax -movzx eax, word [esi + 4] -mov dword [ebp - 0x3c], edx -xor edx, edx -push edx -push eax -call dword [ecx + 0x68] ; ucall -pop ecx -pop ecx -movzx ecx, word [esi + 6] -and edx, dword [ebp - 0x38] -and eax, 0xff000000 -mov esi, ecx -mov ecx, dword [ebp - 0x2c] -and esi, ecx -or esi, ebx -or esi, eax -mov eax, dword [ebp - 0x3c] -or eax, edx -push eax -mov eax, dword [ebp - 0x28] -push esi -lea edx, [eax*8 + 0x48e8] -mov eax, dword [ebp - 0x1c] -call fcn_fffae7cf ; call 0xfffae7cf -mov esi, dword [ebp - 0x44] +mov ebx, edx +shl ecx, 8 +and ebx, 0x1f +or ecx, eax +mov eax, dword [ebp - 0x58] +shr dl, 5 +or ecx, ebx +and edx, 1 +shl edx, 5 +or ecx, edx +lea edx, [eax + 0x1fc] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x4c] +mov eax, 1 +mov ecx, dword [ebp + 8] +mov ebx, dword [ebp - 0x5c] +movzx ecx, byte [ecx + edx] +lea edx, [ebx*4 + 0x4980] +shl eax, cl +cmp dword [ebp - 0x78], 1 +lea ecx, [edx + 0x20] +cmove edx, ecx +mov ecx, eax +jmp near loc_fffaa892 ; jmp 0xfffaa892 + +loc_fffaa7f5: ; not directly referenced +cmp byte [ebp - 0x4e], 2 +jne short loc_fffaa815 ; jne 0xfffaa815 +sub esp, 0xc +mov ecx, dword [ebp - 0x80] +mov edx, ebx +push dword [ebp - 0x4c] +mov eax, edi +call fcn_fffaca06 ; call 0xfffaca06 add esp, 0x10 +jmp near loc_fffaa916 ; jmp 0xfffaa916 -loc_fffaa715: ; not directly referenced -cmp dword [ebp - 0x30], 0 -setne bl -cmp dword [ebp - 0x34], 0 -setne al -mov byte [ebp - 0x2c], al -or al, bl -jne short loc_fffaa73c ; jne 0xfffaa73c -test esi, esi -setne dl -test edi, edi +loc_fffaa815: ; not directly referenced +mov al, byte [ebp - 0x4e] +sub eax, 5 +cmp al, 1 +ja short loc_fffaa89b ; ja 0xfffaa89b +mov eax, dword [ebp - 0x60] +mov ecx, dword [ebp - 0x7c] +lea edx, [eax - 0x6c] +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b +cmp byte [ebp - 0x4e], 5 +jne short loc_fffaa84e ; jne 0xfffaa84e +mov cl, byte [ebp - 0x4f] +cmp cl, 7 setne al -or dl, al -je loc_fffaa876 ; je 0xfffaa876 +test cl, cl +setne cl +movzx ecx, cl +mov dword [ebp - 0x5c], ecx +and dword [ebp - 0x5c], eax +jmp short loc_fffaa85a ; jmp 0xfffaa85a -loc_fffaa73c: ; not directly referenced -mov ecx, dword [ebp - 0x28] +loc_fffaa84e: ; not directly referenced xor eax, eax -cmp dword [ebp - 0x30], 0 -lea ecx, [ecx*4 + 0x4908] -mov dword [ebp - 0x24], ecx -sete cl -cmp dword [ebp - 0x34], 0 -sete dl -or cl, dl -jne short loc_fffaa7a1 ; jne 0xfffaa7a1 -test esi, esi -sete cl -test edi, edi -sete dl -or cl, dl -jne short loc_fffaa7a1 ; jne 0xfffaa7a1 +test byte [ebp - 0x4f], 0xfd +setne al +mov dword [ebp - 0x5c], eax -loc_fffaa76b: ; not directly referenced -mov ebx, dword [ebp - 0x30] -and eax, 0xfffffff0 -movzx edx, byte [ebx + 3] -movzx ecx, byte [ebx + 2] -and edx, 3 -and ecx, 3 +loc_fffaa85a: ; not directly referenced +mov edx, dword [ebp - 0x60] +mov eax, edx +sub eax, 7 +mov dword [ebp - 0x74], eax +mov al, byte [ebp - 0x5c] +lea ecx, [eax - 0x80] +mov eax, edi +movzx ecx, cl +call fcn_fffb335b ; call 0xfffb335b +mov edx, dword [ebp - 0x74] +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x5c] +mov edx, dword [ebp - 0x74] +sub ecx, 0xffffff80 +shl ecx, 0xc +and eax, 0xfff00fff +or ecx, eax + +loc_fffaa892: ; not directly referenced +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaa916 ; jmp 0xfffaa916 + +loc_fffaa89b: ; not directly referenced +cmp byte [ebp - 0x4e], 9 +jne short loc_fffaa8c6 ; jne 0xfffaa8c6 +cmp byte [ebp - 0x4f], 1 +mov al, byte [ebp + ebx*4 - 0x1f] +sbb edx, edx +add edx, 5 +and edx, 7 +and eax, 0xffffff8f +shl edx, 4 or eax, edx -movzx edx, byte [ebx + 1] -shl ecx, 2 -or eax, ecx -movzx ecx, byte [ebx] -and al, 0xf -and edx, 3 +mov edx, dword [ebp - 0x58] +mov byte [ebp + ebx*4 - 0x1f], al +mov ecx, dword [ebp + ebx*4 - 0x20] +jmp short loc_fffaa892 ; jmp 0xfffaa892 + +loc_fffaa8c6: ; not directly referenced +cmp byte [ebp - 0x4e], 0xa +jne short loc_fffaa916 ; jne 0xfffaa916 +mov dl, byte [ebp - 0x6c] +mov al, byte [ebp + ebx*4 - 0x1f] +and edx, 7 shl edx, 4 -and ecx, 3 +and eax, 0xffffff8f or eax, edx -shl ecx, 6 -or eax, ecx -jmp short loc_fffaa7b0 ; jmp 0xfffaa7b0 +mov byte [ebp + ebx*4 - 0x1f], al +mov al, byte [ebp - 0x6b] +add al, byte [ebp + ebx - 0x3a] +mov ecx, dword [ebp + ebx*4 - 0x20] +and eax, 0xf +shl eax, 0xf +and ecx, 0xfff87fff +or ecx, eax +mov eax, edi +mov dword [ebp + ebx*4 - 0x20], ecx +mov edx, dword [ebp - 0x58] +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp - 0x70] +mov eax, edi +mov edx, dword [ebp - 0x60] +call fcn_fffb335b ; call 0xfffb335b -loc_fffaa7a1: ; not directly referenced -mov edx, dword [ebp - 0x24] -mov eax, dword [ebp - 0x1c] -call fcn_fffae52a ; call 0xfffae52a -test bl, bl -jne short loc_fffaa76b ; jne 0xfffaa76b +loc_fffaa916: ; not directly referenced +inc ebx +add dword [ebp - 0x60], 8 +add dword [ebp - 0x58], 0x400 +cmp ebx, 2 +jne loc_fffaa75a ; jne 0xfffaa75a +mov eax, edi +call fcn_fffaa4a9 ; call 0xfffaa4a9 +mov ecx, 1 +cmp byte [ebp - 0x4f], 0 +sete dl +cmp byte [ebp - 0x6a], 0 +setne al +test dl, al +mov eax, 5 +cmovne ecx, eax +mov edx, 0x4800 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaa7b0: ; not directly referenced -cmp byte [ebp - 0x2c], 0 -je short loc_fffaa7f2 ; je 0xfffaa7f2 -mov ebx, dword [ebp - 0x34] -and eax, 0xfcffffff -movzx ecx, byte [ebx + 3] -movzx edx, byte [ebx + 2] -and ecx, 1 -shl ecx, 0x18 -and edx, 1 -shl edx, 0x19 -or eax, ecx -movzx ecx, byte [ebx] +loc_fffaa95b: ; not directly referenced +mov edx, 0x4804 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov cl, byte [ebp - 0x50] +mov edx, eax +mov ebx, eax +shr edx, 0x10 +shr eax, 0x10 +and edx, 2 +and eax, 1 or eax, edx -movzx edx, byte [ebx + 1] -and eax, 0xf3ffffff -and ecx, 1 -and edx, 1 -shl edx, 0x1a -shl ecx, 0x1b +and eax, ecx +cmp al, cl +jne short loc_fffaa95b ; jne 0xfffaa95b +mov edx, ebx +mov al, bl +and edx, 2 +and eax, 1 or eax, edx -or eax, ecx +test cl, al +je short loc_fffaa998 ; je 0xfffaa998 +cmp byte [ebp - 0x69], 0 +jne short loc_fffaa9e1 ; jne 0xfffaa9e1 -loc_fffaa7f2: ; not directly referenced -test esi, esi -je short loc_fffaa82c ; je 0xfffaa82c -movzx ecx, byte [esi + 3] -and eax, 0xcfffffff -movzx edx, byte [esi + 2] -and ecx, 1 -shl ecx, 0x1c -and edx, 1 -shl edx, 0x1d -or eax, ecx -movzx ecx, byte [esi] -or eax, edx -movzx edx, byte [esi + 1] -and eax, 0x3fffffff -shl ecx, 0x1f -and edx, 1 -shl edx, 0x1e -or eax, edx -or eax, ecx +loc_fffaa998: ; not directly referenced +inc dword [ebp - 0x4c] +mov al, byte [ebp - 0x4c] +cmp byte [ebp - 0x4d], al +ja loc_fffaa6ed ; ja 0xfffaa6ed +mov al, byte [ebp - 0x54] +sub eax, 9 +cmp al, 1 +ja short loc_fffaa9e1 ; ja 0xfffaa9e1 +test byte [ebp - 0x68], 1 +je short loc_fffaa9c9 ; je 0xfffaa9c9 +mov ecx, dword [esi + 0xbc] +mov edx, 0x4004 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaa82c: ; not directly referenced -test edi, edi -je short loc_fffaa869 ; je 0xfffaa869 -movzx ecx, byte [edi + 3] -and eax, 0xffcf1fff -movzx edx, byte [edi + 2] -and ecx, 1 -shl ecx, 0x14 -and edx, 1 -shl edx, 0x15 -or eax, ecx -movzx ecx, byte [edi] -or eax, edx -movzx edx, byte [edi + 1] -and eax, 0xff3f1fff -and ecx, 1 -and edx, 1 -shl edx, 0x16 -shl ecx, 0x17 -or eax, edx -or eax, ecx +loc_fffaa9c9: ; not directly referenced +test byte [ebp - 0x68], 2 +je short loc_fffaa9e1 ; je 0xfffaa9e1 +mov ecx, dword [esi + 0x188] +mov edx, 0x4404 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaa869: ; not directly referenced -mov ecx, eax -mov edx, dword [ebp - 0x24] -mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c +loc_fffaa9e1: ; not directly referenced +mov al, byte [ebp - 0x64] +lea esp, [ebp - 0xc] +and eax, ebx +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffaa876: ; not directly referenced -mov edx, dword [ebp - 0x40] -cmp dword [ebp - 0x20], 0 -setne cl -test edx, edx -setne al -mov byte [ebp - 0x24], al -or al, cl -je loc_fffaa9e5 ; je 0xfffaa9e5 +fcn_fffaa9ee: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +lea esi, [eax + 0x3757] +mov dword [ebp - 0x2c], eax +mov eax, dword [eax + 0x5edd] +mov byte [ebp - 0x1f], dl +mov dword [ebp - 0x28], esi +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x1c], eax +add eax, 0x1c +mov dword [ebp - 0x30], eax +movzx eax, dl +mov dword [ebp - 0x34], eax + +loc_fffaaa22: ; not directly referenced mov eax, dword [ebp - 0x28] -xor esi, esi -xor ebx, ebx -cmp dword [ebp - 0x20], 0 -lea edi, [eax*8 + 0x4910] -sete al -test edx, edx -sete dl -or al, dl -jne short loc_fffaa8c3 ; jne 0xfffaa8c3 +cmp dword [eax], 2 +je short loc_fffaaa49 ; je 0xfffaaa49 -loc_fffaa8ae: ; not directly referenced -mov eax, dword [ebp - 0x20] -mov eax, dword [eax] -cmp eax, 0x1f -jbe short loc_fffaa8e1 ; jbe 0xfffaa8e1 -dec eax -call fcn_fffaec34 ; call 0xfffaec34 -movzx eax, al -jmp short loc_fffaa8e4 ; jmp 0xfffaa8e4 +loc_fffaaa2a: ; not directly referenced +inc dword [ebp - 0x24] +add dword [ebp - 0x28], 0x13c3 +add dword [ebp - 0x30], 0xcc +cmp dword [ebp - 0x24], 2 +jne short loc_fffaaa22 ; jne 0xfffaaa22 +add esp, 0x2c +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffaa8c3: ; not directly referenced -mov eax, dword [ebp - 0x1c] -mov edx, edi -mov dword [ebp - 0x28], ecx -call fcn_fffae548 ; call 0xfffae548 -mov ecx, dword [ebp - 0x28] -mov esi, eax -mov ebx, edx -test cl, cl -je loc_fffaa990 ; je 0xfffaa990 -jmp short loc_fffaa8ae ; jmp 0xfffaa8ae +loc_fffaaa49: ; not directly referenced +mov byte [ebp - 0x1c], 0 -loc_fffaa8e1: ; not directly referenced -sub eax, 0xffffff80 +loc_fffaaa4d: ; not directly referenced +mov esi, dword [ebp - 0x2c] +mov cl, byte [ebp - 0x1c] +cmp cl, byte [esi + 0x2489] +jae short loc_fffaaa2a ; jae 0xfffaaa2a +mov esi, dword [ebp - 0x28] +movzx edx, cl +mov ebx, 0x200 +xor ecx, ecx +mov word [ebp - 0x1e], 0 +mov al, byte [esi + 0xc4] +lea esi, [esi + edx*2] -loc_fffaa8e4: ; not directly referenced -mov edx, eax -and ebx, 0x60ffffff -and edx, 0x1f -shl edx, 0x18 -shr eax, 7 -or ebx, edx -shl eax, 0x1f -or ebx, eax -mov eax, dword [ebp - 0x20] -mov edx, dword [eax + 4] -lea eax, [edx + 0x80] -cmp edx, 0x1f -jbe short loc_fffaa918 ; jbe 0xfffaa918 -lea eax, [edx - 1] -call fcn_fffaec34 ; call 0xfffaec34 -movzx eax, al - -loc_fffaa918: ; not directly referenced -mov edx, eax -and ebx, 0xfff60fff -and edx, 0x1f -shl edx, 0xc -shl eax, 0xc -or ebx, edx -and eax, 0x80000 -or ebx, eax -mov eax, dword [ebp - 0x20] -mov edx, dword [eax + 8] -lea eax, [edx + 0x20] -cmp edx, 0xf -jbe short loc_fffaa94b ; jbe 0xfffaa94b -lea eax, [edx - 1] -call fcn_fffaec34 ; call 0xfffaec34 -movzx eax, al +loc_fffaaa77: ; not directly referenced +mov edi, 1 +shl edi, cl +mov edx, edi +test al, dl +je short loc_fffaaaa3 ; je 0xfffaaaa3 +imul edi, ecx, 0x12 +mov dx, word [ebp - 0x1e] +movzx edi, word [esi + edi + 0x1b1] +cmp dx, di +cmovb edx, edi +cmp bx, di +mov word [ebp - 0x1e], dx +cmova ebx, edi -loc_fffaa94b: ; not directly referenced -mov edx, eax -and ebx, 0xffffffd0 +loc_fffaaaa3: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffaaa77 ; jne 0xfffaaa77 +mov eax, dword [ebp - 0x2c] +mov dx, word [ebp - 0x1e] +movzx ecx, word [eax + 0x248a] +mov eax, 0x13880 +shr dx, 6 +lea edi, [edx + 1] +xor edx, edx +movzx edi, di +div ecx +mov edx, 0x80 +mov ecx, dword [ebp - 0x34] +cmp eax, 0x7f +cmova edx, eax +mov al, 6 +sub ebx, edx +mov dl, 0xfc +shr ebx, 6 +sub bl, byte [ebp - 0x1f] +cmp bl, 6 +cmovle eax, ebx +mov ebx, 7 +cmp al, 0xfc +cmovge edx, eax +movsx eax, dl +sub edi, eax +lea eax, [edi + ecx - 1] +movzx ecx, byte [ebp - 0x1c] +mov edi, dword [ebp - 0x30] +cmp eax, 7 +cmovle ebx, eax and edx, 0xf -and eax, 0x20 -or ebx, edx -or ebx, eax -mov eax, dword [ebp - 0x20] -mov edx, dword [eax + 0xc] -lea eax, [edx + 0x80] -cmp edx, 0x1f -jbe short loc_fffaa976 ; jbe 0xfffaa976 -lea eax, [edx - 1] -call fcn_fffaec34 ; call 0xfffaec34 -movzx eax, al - -loc_fffaa976: ; not directly referenced -mov edx, eax -and esi, 0xfff60fff +mov esi, edx +shl edx, 5 +lea edi, [edi + ecx*4] +mov byte [ebp - 0x1e], dl +mov dl, byte [edi + 5] and edx, 0x1f -shl edx, 0xc -shl eax, 0xc -or esi, edx -and eax, 0x80000 -or esi, eax - -loc_fffaa990: ; not directly referenced -cmp byte [ebp - 0x24], 0 -je short loc_fffaa9ce ; je 0xfffaa9ce -mov ecx, dword [ebp - 0x40] -and ebx, 0xff8ffc3f -and esi, 0xff807 -movzx edx, byte [ecx] -movzx eax, byte [ecx + 2] -and edx, 7 -shl edx, 0x14 -and eax, 0xf -shl eax, 6 -or ebx, edx -movzx edx, byte [ecx + 6] -or ebx, eax -movzx eax, word [ecx + 4] -shl edx, 3 -shl eax, 0x14 -or esi, eax -or esi, edx - -loc_fffaa9ce: ; not directly referenced -mov dword [ebp + 8], esi -mov eax, dword [ebp - 0x1c] -mov edx, edi -mov dword [ebp + 0xc], ebx -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -jmp near fcn_fffae7cf ; jmp 0xfffae7cf - -loc_fffaa9e5: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +or dl, byte [ebp - 0x1e] +mov byte [edi + 5], dl +mov edx, esi +shr dl, 3 +mov byte [ebp - 0x1e], dl +xor edx, edx +test ebx, ebx +cmovns edx, ebx +mov bl, dl +and ebx, 7 +lea edx, [ebx + ebx] +or dl, byte [ebp - 0x1e] +shl esi, 4 +or edx, esi +mov esi, dword [ebp - 0x2c] +mov byte [edi + 6], dl +mov dl, byte [edi + 7] +mov eax, esi +and edx, 0xfffffff8 +or edx, ebx +mov byte [edi + 7], dl +mov edx, dword [ebp - 0x24] +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [edi + 4] +mov edx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x1c] +jmp near loc_fffaaa4d ; jmp 0xfffaaa4d -fcn_fffaa9ed: ; not directly referenced +fcn_fffaab72: ; not directly referenced push ebp mov ebp, esp push edi -mov edi, ecx +mov edi, edx push esi push ebx -mov ebx, edx -sub esp, 0x3c -mov cl, byte [ebp + 8] -mov dword [ebp - 0x2c], eax -mov eax, dword [eax + 0x188b] -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x20], 0 -mov byte [ebp - 0x2d], cl -mov dword [ebp - 0x3c], eax -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x1c], 0 -cmp dword [eax], 1 -jne loc_fffaab38 ; jne 0xfffaab38 -mov dword [edx + 0x1c], 3 -xor esi, esi -mov word [edx + 0x2a], 0x20 -mov word [edx + 0x28], 0x400 -mov word [edx + 0xe], 0x18 -mov word [edx + 2], 1 -mov word [edx + 0xa], 1 - -loc_fffaaa54: ; not directly referenced -imul eax, esi, 0x13c3 -mov ecx, dword [ebp - 0x2c] -cmp dword [ecx + eax + 0x3756], 2 -jne loc_fffaab25 ; jne 0xfffaab25 -lea eax, [ebp - 0x1c] -mov ecx, ebx -push edx -mov edx, esi -push eax -lea eax, [ebp - 0x24] -push eax -lea eax, [ebp - 0x20] -push eax -lea eax, [ebx + 0x24] -push eax -lea eax, [ebx + 0x14] -push eax -lea eax, [ebx + 0x10] -push eax -mov eax, dword [ebp - 0x2c] -push 0 -call fcn_fffaa5b6 ; call 0xfffaa5b6 -xor edx, edx -mov eax, 0x1800 -mov dword [ebp - 0x38], eax -mov eax, edx -add esp, 0x20 -and eax, 0xfffffc00 -mov ecx, 1 -or eax, 2 -mov dword [ebp - 0x34], eax -mov eax, dword [ebp - 0x38] -lea edx, [esi*4 + 0x4980] -and eax, 0x8fffffff -or eax, 0x10000000 -cmp dword [ebp - 0x3c], 1 -mov dword [ebp - 0x38], eax -lea eax, [edx + 0x20] -cmove edx, eax -mov eax, dword [ebp - 0x2c] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x2c] -lea edx, [esi*8 + 0x48a8] -push ecx -push ecx -push dword [ebp - 0x34] -push dword [ebp - 0x38] -call fcn_fffae7cf ; call 0xfffae7cf -mov eax, esi -mov ecx, 0x20 -shl eax, 0xa -lea edx, [eax + 0x4200] -mov dword [ebp - 0x38], eax -mov eax, dword [ebp - 0x2c] -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp - 0x38] -mov eax, dword [ebp - 0x2c] -lea edx, [ecx + 0x4040] -mov ecx, 0x8092 -call fcn_fffae58c ; call 0xfffae58c -add esp, 0x10 - -loc_fffaab25: ; not directly referenced -inc esi -cmp esi, 2 -jne loc_fffaaa54 ; jne 0xfffaaa54 -mov eax, dword [ebp + 0xc] -mov dword [eax], 0 - -loc_fffaab38: ; not directly referenced -mov esi, dword [ebp - 0x2c] -movzx eax, byte [esi + 0x248d] -bt eax, edi -jae loc_fffaac3b ; jae 0xfffaac3b -mov eax, edi -shr eax, 1 -imul eax, eax, 0x128 -mov dword [ebp - 0x38], 0 -lea edi, [esi + eax + 0x49ae] -lea eax, [ebx + 0x14] -mov dword [ebp - 0x40], eax -movzx eax, byte [ebp - 0x2d] -mov dword [ebp - 0x44], eax +mov ebx, eax +sub esp, 0xc +mov eax, dword [eax + 0x5edd] +mov esi, dword [ebx + 0x1887] +mov dword [ebp - 0x14], edx +mov dword [ebp - 0x10], ecx +mov edx, dword [eax + 4] +xor eax, eax -loc_fffaab70: ; not directly referenced -imul eax, dword [ebp - 0x38], 0x13c3 -mov esi, dword [ebp - 0x2c] -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffaac28 ; jne 0xfffaac28 -mov ax, word [ebx + 0x2a] -xor edx, edx -lea ecx, [eax*8] -mov ax, word [edi + 4] -div cx -mov edx, dword [ebp - 0x38] -movzx esi, ax -mov eax, dword [edi] -dec eax -mov word [ebx + 0xc], ax -mov ax, word [edi + 4] -sub eax, ecx -xor ecx, ecx -mov word [ebx + 0xe], ax -lea eax, [esi - 1] -mov dword [ebx + 0x1c], eax -push eax -push 0 -push 0 -push 0 -push 0 -push dword [ebp - 0x40] -lea eax, [ebx + 8] -push 0 -push eax -mov eax, dword [ebp - 0x2c] -call fcn_fffaa5b6 ; call 0xfffaa5b6 -add esp, 0x20 -cmp byte [ebp - 0x2d], 0 -je short loc_fffaabe3 ; je 0xfffaabe3 -mov eax, dword [ebp - 0x44] -jmp short loc_fffaabeb ; jmp 0xfffaabeb +loc_fffaab96: ; not directly referenced +lea ecx, [edx + eax] +mov dword [ebp - 0x18], ecx +mov ecx, edi +cmp cl, byte [edx + eax] +jne short loc_fffaabb0 ; jne 0xfffaabb0 +mov eax, dword [ebp - 0x10] +mov edi, dword [ebp - 0x18] +mov ax, word [edi + eax*2 + 1] +jmp short loc_fffaabba ; jmp 0xfffaabba -loc_fffaabe3: ; not directly referenced -mov eax, dword [edi] -shr eax, 0xa -imul eax, esi +loc_fffaabb0: ; not directly referenced +add eax, 7 +cmp eax, 0x4d +jne short loc_fffaab96 ; jne 0xfffaab96 +xor al, al -loc_fffaabeb: ; not directly referenced -dec eax -call fcn_fffaec34 ; call 0xfffaec34 -imul esi, dword [ebp - 0x38], 0x28 -lea edx, [esi + 0x4808] -and eax, 0x7f -mov dword [ebp - 0x3c], eax -mov ecx, eax -mov eax, dword [ebp - 0x2c] -or ecx, 0x400000 -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp - 0x3c] -lea edx, [esi + 0x480c] -mov eax, dword [ebp - 0x2c] -or ecx, 0x8000000 -call fcn_fffae58c ; call 0xfffae58c +loc_fffaabba: ; not directly referenced +cmp esi, 0x306d0 +sete cl +cmp esi, 0x40650 +sete dl +or cl, dl +je short loc_fffaac15 ; je 0xfffaac15 +cmp dword [ebx + 0x2481], 1 +jne short loc_fffaac15 ; jne 0xfffaac15 +cmp byte [ebp - 0x14], 5 +sete cl +cmp byte [ebp - 0x10], 2 +setne dl +test cl, dl +je short loc_fffaac15 ; je 0xfffaac15 +cmp dword [ebx + 0x3757], 2 +jne short loc_fffaabfd ; jne 0xfffaabfd +cmp byte [ebx + 0x49bf], 5 +je short loc_fffaac0f ; je 0xfffaac0f + +loc_fffaabfd: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffaac4e ; jne 0xfffaac4e +cmp byte [ebx + 0x5d82], 5 +jne short loc_fffaac4e ; jne 0xfffaac4e + +loc_fffaac0f: ; not directly referenced +add ax, 0xc8 +jmp short loc_fffaac4e ; jmp 0xfffaac4e -loc_fffaac28: ; not directly referenced -inc dword [ebp - 0x38] -add edi, 0x13c3 -cmp dword [ebp - 0x38], 2 -jne loc_fffaab70 ; jne 0xfffaab70 +loc_fffaac15: ; not directly referenced +cmp dword [ebx + 0x188b], 1 +jne short loc_fffaac4e ; jne 0xfffaac4e +cmp dword [ebx + 0x2481], 1 +jne short loc_fffaac4e ; jne 0xfffaac4e +mov edi, dword [ebp - 0x10] +cmp byte [ebp - 0x14], 0xc +mov ebx, edi +sete cl +cmp bl, 2 +setne dl +test cl, dl +je short loc_fffaac4e ; je 0xfffaac4e +dec bl +mov edx, 0x78 +mov ecx, 0x50 +cmovne edx, ecx +add eax, edx -loc_fffaac3b: ; not directly referenced -lea esp, [ebp - 0xc] +loc_fffaac4e: ; not directly referenced +add esp, 0xc pop ebx pop esi pop edi pop ebp ret -fcn_fffaac43: ; not directly referenced +fcn_fffaac56: ; not directly referenced push ebp +mov ecx, 3 mov ebp, esp push edi push esi -movzx esi, dl +mov esi, ref_fffd3720 ; mov esi, 0xfffd3720 push ebx mov ebx, eax -imul eax, esi, 0x13c3 -sub esp, 0x1c -and cl, byte [ebx + eax + 0x381a] -mov edi, ecx -and edi, 0xf -jne short loc_fffaac95 ; jne 0xfffaac95 -xor ecx, ecx -mov eax, ebx -lea edx, [esi*4 + 0x4930] -lea esi, [esi*8 + 0x48a8] -call fcn_fffae58c ; call 0xfffae58c -mov edx, esi +sub esp, 0xc0 +lea edi, [ebp - 0x80] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x74] +mov esi, ref_fffd372c ; mov esi, 0xfffd372c +mov dword [ebp - 0x8c], eax +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x68] +mov esi, ref_fffd3738 ; mov esi, 0xfffd3738 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x5c] +mov esi, ref_fffd3744 ; mov esi, 0xfffd3744 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x50] +mov esi, ref_fffd3750 ; mov esi, 0xfffd3750 +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0x44] +mov esi, ref_fffd375c ; mov esi, 0xfffd375c +mov cl, 3 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, dword [eax + 0x5edd] +mov edx, edi +mov dword [ebp - 0x9c], edi +mov edi, dword [eax + 0x2444] +mov al, byte [eax + 0x2489] +mov esi, edi +mov dword [ebp - 0xa0], edi +movzx edi, byte [ebx + 0x248f] +mov byte [ebp - 0x95], al +mov eax, edx +push 0 +add eax, 0x1bc +push 8 +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +mov edx, 0x3a1c mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, esi -and ah, 0xf7 +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x3a1c mov ecx, eax +mov esi, eax +and ecx, 0xfffe003f +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaad12 ; jmp 0xfffaad12 +mov dword [ebp - 0x8c], ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +mov ebx, eax +mov eax, dword [ebp - 0x8c] +or bh, 1 +mov ecx, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x8c] +mov edx, 0x78 +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp - 0x8c] +mov edx, 0x3a00 +call fcn_fffb331f ; call 0xfffb331f +mov ecx, esi +mov esi, dword [ebp - 0x8c] +mov dword [ebp - 0x94], eax +mov eax, dword [ebp - 0x8c] +shr dword [ebp - 0x94], 0xf +and dword [ebp - 0x94], 0x1f +mov ax, word [eax + 0x1904] +shr ax, 7 +movzx edx, ax +mov eax, esi +mov dword [ebp - 0xa8], edx +mov edx, 0x3a1c +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, ebx +mov edx, 0x5f08 +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x78 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +mov edx, 0x2008 +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +add esp, 0x10 +test ah, 4 +mov eax, edi +je short loc_fffaade0 ; je 0xfffaade0 +cmp al, 3 +je short loc_fffaadf4 ; je 0xfffaadf4 +lea eax, [ebp - 0x74] +mov edx, eax +lea eax, [ebp - 0x68] +jmp short loc_fffaadec ; jmp 0xfffaadec -loc_fffaac95: ; not directly referenced -movzx edx, cl -xor eax, eax +loc_fffaade0: ; not directly referenced +cmp al, 3 +je short loc_fffaadf9 ; je 0xfffaadf9 +lea eax, [ebp - 0x50] +mov edx, eax +lea eax, [ebp - 0x44] + +loc_fffaadec: ; not directly referenced +and edi, 1 +cmovne eax, edx +jmp short loc_fffaadfc ; jmp 0xfffaadfc + +loc_fffaadf4: ; not directly referenced +lea eax, [ebp - 0x80] +jmp short loc_fffaadfc ; jmp 0xfffaadfc + +loc_fffaadf9: ; not directly referenced +lea eax, [ebp - 0x5c] + +loc_fffaadfc: ; not directly referenced +mov dword [ebp - 0x90], eax +mov eax, dword [ebp - 0x9c] xor edi, edi -mov byte [ebp - 0x19], 0 -mov dword [ebp - 0x20], edx +add eax, 0x1c +mov dword [ebp - 0xa4], eax +mov esi, eax -loc_fffaaca3: ; not directly referenced -mov edx, dword [ebp - 0x20] -bt edx, eax -jae short loc_fffaacbb ; jae 0xfffaacbb -movzx ecx, byte [ebp - 0x19] -mov edx, eax -inc byte [ebp - 0x19] -shl ecx, 2 -shl edx, cl -or edi, edx +loc_fffaae15: ; not directly referenced +imul eax, edi, 0x13c3 +mov edx, dword [ebp - 0x8c] +xor ebx, ebx +cmp dword [edx + eax + 0x3757], 2 +jne short loc_fffaae8f ; jne 0xfffaae8f -loc_fffaacbb: ; not directly referenced -inc eax -cmp eax, 4 -jne short loc_fffaaca3 ; jne 0xfffaaca3 -mov ecx, edi -mov eax, ebx -lea edx, [esi*4 + 0x4930] -call fcn_fffae58c ; call 0xfffae58c -mov cl, byte [ebp - 0x19] -lea edi, [esi*8] -lea edx, [edi + 0x48ef] -mov eax, ebx -add edi, 0x48a8 -dec ecx -movzx ecx, cl -call fcn_fffae566 ; call 0xfffae566 +loc_fffaae2d: ; not directly referenced +cmp byte [ebp - 0x95], bl +jbe short loc_fffaae69 ; jbe 0xfffaae69 +or byte [esi + ebx*4 + 0x28], 0x20 +mov ecx, ebx +mov eax, dword [esi + ebx*4 + 0x28] mov edx, edi -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a +inc ebx +mov dword [ebp - 0xac], eax +mov eax, dword [ebp - 0x8c] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0xac] +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaae2d ; jmp 0xfffaae2d + +loc_fffaae69: ; not directly referenced +mov eax, dword [ebp - 0x8c] +mov ecx, 0xff mov edx, edi -mov edi, 1 -or ah, 8 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov ecx, esi -shl edi, cl +mov ebx, dword [esi] +call fcn_fffa7236 ; call 0xfffa7236 +or bh, 1 +mov ecx, ebx +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffaad12: ; not directly referenced -add esp, 0x1c -mov eax, edi -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaae8f: ; not directly referenced +inc edi +add esi, 0xcc +cmp edi, 2 +jne loc_fffaae15 ; jne 0xfffaae15 +mov eax, dword [ebp - 0x90] +lea ebx, [ebp - 0x38] +inc eax +mov dword [ebp - 0xbc], eax +mov esi, eax -fcn_fffaad1c: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x70 -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x50], 0 -mov byte [ebp - 0x4c], 0 -mov byte [ebp - 0x4b], 0 -mov eax, dword [ebx + 0x2443] -mov byte [ebp - 0x4a], 1 -mov byte [ebp - 0x49], 0 -mov dword [ebp - 0x48], 0 -mov edi, eax -mov dword [ebp - 0x68], eax -mov eax, dword [ebx + 0x188b] -push 0 -push 0x2c -mov dword [ebp - 0x5c], eax -lea eax, [ebp - 0x44] -push eax +loc_fffaaeb1: ; not directly referenced +mov edi, dword [ebp - 0x8c] +add ebx, 4 +add esi, 3 +movzx edx, byte [esi - 4] +movzx ecx, byte [esi - 3] mov eax, edi -mov byte [ebp - 0x52], 0 -mov byte [ebp - 0x51], 0 -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -cmp byte [ebx + 0x3748], 1 -je short loc_fffaad8a ; je 0xfffaad8a -xor esi, esi -cmp byte [ebx + 0x2407], 1 -jne loc_fffaafaa ; jne 0xfffaafaa - -loc_fffaad8a: ; not directly referenced -push esi -mov eax, ebx -push esi -xor esi, esi -push 0 -push 1 -lea ecx, [ebp - 0x51] -lea edx, [ebp - 0x52] -mov word [ebp - 0x1a], 1 -mov word [ebp - 0x1c], 1 -call fcn_fffa81d3 ; call 0xfffa81d3 -add esp, 0x10 - -loc_fffaadae: ; not directly referenced -imul eax, esi, 0x13c3 -cmp dword [ebx + eax + 0x3756], 2 -jne loc_fffaae62 ; jne 0xfffaae62 -lea eax, [ebp - 0x48] -mov edx, esi -push ecx -push eax -lea eax, [ebp - 0x50] -push eax -lea eax, [ebp - 0x4c] -push eax -lea eax, [ebp - 0x20] -push eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x34] -push eax -mov eax, ebx -push 0 -lea ecx, [ebp - 0x44] -call fcn_fffaa5b6 ; call 0xfffaa5b6 +call fcn_fffa7588 ; call 0xfffa7588 +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebx - 4], eax +lea eax, [ebp - 0x28] +cmp ebx, eax +jne short loc_fffaaeb1 ; jne 0xfffaaeb1 +imul eax, dword [ebp - 0x94], 0x1f0 +mov ecx, 0x3e8 +imul eax, dword [ebp - 0xa8] xor edx, edx -mov eax, 0x1800 -mov ecx, edx -add esp, 0x18 -and ecx, 0xfffffc00 -or ecx, 2 -mov edx, ecx -mov ecx, eax -or ecx, 0x28 -push edx -mov eax, ecx -lea ecx, [esi*8 + 0x48a8] -push eax -mov edx, ecx -mov eax, ebx -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 -cmp dword [ebp - 0x5c], 1 -lea edx, [esi*4 + 0x4980] -lea eax, [edx + 0x20] -cmove edx, eax -xor ecx, ecx -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -imul edx, esi, 0x28 -mov ecx, 0x400000 -mov eax, ebx -add edx, 0x4808 -call fcn_fffae58c ; call 0xfffae58c -mov edx, esi -mov ecx, 0x20 -shl edx, 0xa -mov eax, ebx -add edx, 0x4200 -call fcn_fffae58c ; call 0xfffae58c +mov byte [ebp - 0xa8], 1 +div ecx +lea edi, [eax + 0x14a] +add eax, 0x226 +mov dword [ebp - 0xb8], eax +mov eax, dword [ebp - 0x9c] +mov dword [ebp - 0xb4], edi +add eax, 0x1bd +mov dword [ebp - 0xac], eax -loc_fffaae62: ; not directly referenced -inc esi -cmp esi, 2 -jne loc_fffaadae ; jne 0xfffaadae -mov dword [ebp - 0x5c], 0 +loc_fffaaf28: ; not directly referenced +mov eax, dword [ebp - 0xa4] +xor ebx, ebx +mov dword [ebp - 0x94], eax +mov eax, dword [ebp - 0xa8] +and eax, 7 +mov dword [ebp - 0x9c], eax -loc_fffaae73: ; not directly referenced -movzx eax, byte [ebx + 0x248d] -mov edi, dword [ebp - 0x5c] -bt eax, edi -jb short loc_fffaae92 ; jb 0xfffaae92 +loc_fffaaf45: ; not directly referenced +imul eax, ebx, 0x13c3 +mov edi, dword [ebp - 0x8c] +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffaaf7a ; je 0xfffaaf7a -loc_fffaae82: ; not directly referenced -inc dword [ebp - 0x5c] -cmp dword [ebp - 0x5c], 4 -jne short loc_fffaae73 ; jne 0xfffaae73 +loc_fffaaf5b: ; not directly referenced +inc ebx +add dword [ebp - 0x94], 0xcc +cmp ebx, 2 +jne short loc_fffaaf45 ; jne 0xfffaaf45 +mov dword [ebp - 0x94], 0 +jmp near loc_fffab14f ; jmp 0xfffab14f + +loc_fffaaf7a: ; not directly referenced xor esi, esi -jmp near loc_fffaaf5e ; jmp 0xfffaaf5e -loc_fffaae92: ; not directly referenced -mov cl, byte [ebp - 0x5c] -mov esi, 1 -xor edx, edx -mov eax, ebx -shl esi, cl -mov ecx, esi -call fcn_fffaac43 ; call 0xfffaac43 -mov edx, 1 +loc_fffaaf7c: ; not directly referenced +mov eax, esi +cmp byte [ebp - 0x95], al +jbe short loc_fffaaf5b ; jbe 0xfffaaf5b +mov eax, dword [ebp - 0x94] mov ecx, esi -mov edi, eax -mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 -mov dl, byte [ebp - 0x5c] -mov dword [ebp - 0x60], 0 -shr dl, 1 -movzx edx, dl -imul edx, edx, 0x128 -or eax, edi -movzx eax, al -mov dword [ebp - 0x64], eax -lea edi, [ebx + edx + 0x49ae] -mov dword [ebp - 0x6c], edi +mov edx, ebx +mov edi, dword [eax + esi*4 + 4] +inc esi +mov eax, dword [ebp - 0x9c] +and edi, 0xffffe3ff +shl eax, 0xa +or edi, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, edi +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaaf7c ; jmp 0xfffaaf7c -loc_fffaaede: ; not directly referenced -mov eax, dword [ebp - 0x60] -xor esi, esi -mov edi, dword [ebp - 0x6c] -mov word [ebp - 0x42], ax -mov word [ebp - 0x3a], ax +loc_fffaafc2: ; not directly referenced +imul eax, edi, 0x13c3 +mov edx, dword [ebp - 0x8c] +cmp dword [edx + eax + 0x3757], 2 +je loc_fffab18d ; je 0xfffab18d -loc_fffaaeee: ; not directly referenced -mov eax, dword [ebp - 0x64] -bt eax, esi -jae short loc_fffaaf34 ; jae 0xfffaaf34 -mov eax, dword [edi] -lea ecx, [ebp - 0x44] -dec eax -mov word [ebp - 0x38], ax -mov ax, word [edi + 4] -lea edx, [eax - 8] -mov word [ebp - 0x36], dx -shr ax, 3 -push edx -movzx eax, ax -push 0 -mov edx, esi -push 0 -push 0 -push 0 -mov dword [ebp - 0x28], eax -lea eax, [ebp - 0x30] -push eax -push 0 -lea eax, [ebp - 0x3c] -push eax -mov eax, ebx -call fcn_fffaa5b6 ; call 0xfffaa5b6 -add esp, 0x20 +loc_fffaafdc: ; not directly referenced +inc edi +add dword [ebp - 0x9c], 0xcc +cmp edi, 2 +jne short loc_fffaafc2 ; jne 0xfffaafc2 +mov byte [ebp - 0x9c], 0 -loc_fffaaf34: ; not directly referenced -inc esi -add edi, 0x13c3 -cmp esi, 2 -jne short loc_fffaaeee ; jne 0xfffaaeee -mov edx, dword [ebp - 0x64] -mov eax, ebx -call fcn_fffae670 ; call 0xfffae670 +loc_fffaaff3: ; not directly referenced +mov esi, dword [ebp - 0x9c] +lea edi, [ebp - 0x28] +mov ebx, dword [ebp - 0x90] +and esi, 1 +shl esi, 0x1d +or esi, 0x2000000 + +loc_fffab00e: ; not directly referenced +movzx eax, byte [ebx + 2] +and esi, 0xefffffff +movzx ecx, byte [ebx + 1] +movzx edx, byte [ebx] +and eax, 1 +shl eax, 0x1c +or esi, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffa7588 ; call 0xfffa7588 +mov ecx, esi +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0xa0] +call dword [eax + 0x54] ; ucall +add eax, 0x3e8 +mov dword [ebp - 0xb0], eax + +loc_fffab055: ; not directly referenced +mov esi, dword [ebp - 0x8c] +movzx edx, byte [ebx] +movzx ecx, byte [ebx + 1] +mov eax, esi +call fcn_fffa7588 ; call 0xfffa7588 +mov edx, eax +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f mov esi, eax -test eax, eax -jne short loc_fffaaf5e ; jne 0xfffaaf5e -inc dword [ebp - 0x60] -cmp dword [ebp - 0x60], 8 -jne short loc_fffaaede ; jne 0xfffaaede -jmp near loc_fffaae82 ; jmp 0xfffaae82 +test eax, 0x40000000 +jne loc_fffab1d2 ; jne 0xfffab1d2 +mov eax, dword [ebp - 0xa0] +call dword [eax + 0x54] ; ucall +cmp dword [ebp - 0xb0], eax +ja short loc_fffab055 ; ja 0xfffab055 -loc_fffaaf5e: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaaf78 ; jne 0xfffaaf78 -mov ecx, 0x3000 -mov edx, 0x48a8 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffab090: ; not directly referenced +movzx ecx, byte [ebx + 1] +add edi, 4 +add ebx, 3 +movzx edx, byte [ebx - 3] +mov eax, dword [ebp - 0x8c] +call fcn_fffa7588 ; call 0xfffa7588 +xor ecx, ecx +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +lea eax, [ebp - 0x18] +cmp edi, eax +jne loc_fffab00e ; jne 0xfffab00e +inc byte [ebp - 0x9c] +cmp byte [ebp - 0x9c], 2 +jne loc_fffaaff3 ; jne 0xfffaaff3 +mov ecx, dword [ebp - 0x28] +mov ebx, dword [ebp - 0x1c] +mov edx, dword [ebp - 0x20] +mov eax, dword [ebp - 0x24] +mov esi, ecx +cmp ebx, ecx +cmovbe esi, ebx +cmp esi, edx +cmova esi, edx +cmp ebx, ecx +cmovae ecx, ebx +cmp ecx, edx +cmovae edx, ecx +cmp edx, eax +cmovb edx, eax +cmp esi, eax +cmovbe eax, esi +cmp dword [ebp - 0xb4], eax +jbe short loc_fffab11f ; jbe 0xfffab11f +mov cl, byte [ebp - 0x94] +mov eax, 1 +mov edi, dword [ebp - 0xac] +shl eax, cl +or byte [edi], al -loc_fffaaf78: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaaf92 ; jne 0xfffaaf92 -mov ecx, 0x3000 -mov edx, 0x48b0 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffab11f: ; not directly referenced +cmp dword [ebp - 0xb8], edx +jae short loc_fffab13c ; jae 0xfffab13c +mov cl, byte [ebp - 0x94] +mov eax, 1 +mov edi, dword [ebp - 0xac] +shl eax, cl +or byte [edi], al -loc_fffaaf92: ; not directly referenced -test esi, esi -je short loc_fffaafaa ; je 0xfffaafaa +loc_fffab13c: ; not directly referenced +inc dword [ebp - 0x94] +cmp dword [ebp - 0x94], 8 +je loc_fffab1f0 ; je 0xfffab1f0 + +loc_fffab14f: ; not directly referenced push eax +xor edi, edi +push 0 +push 4 +lea eax, [ebp - 0x28] push eax -mov eax, dword [ebp - 0x68] -push 0xdddc -push ebx -call dword [eax + 0x94] ; ucall +mov eax, dword [ebp - 0xa0] +call dword [eax + 0x64] ; ucall +mov eax, dword [ebp - 0xa4] add esp, 0x10 +mov dword [ebp - 0x9c], eax +mov eax, dword [ebp - 0x94] +and eax, 7 +mov dword [ebp - 0xb0], eax +shl dword [ebp - 0xb0], 0x1a +jmp near loc_fffaafc2 ; jmp 0xfffaafc2 -loc_fffaafaa: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, esi -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffab18d: ; not directly referenced +xor ebx, ebx -fcn_fffaafb4: ; not directly referenced -push ebp -xor eax, eax -mov ebp, esp -xor edx, edx -pop ebp -ret +loc_fffab18f: ; not directly referenced +cmp byte [ebp - 0x95], bl +jbe loc_fffaafdc ; jbe 0xfffaafdc +mov eax, dword [ebp - 0x9c] +mov ecx, ebx +mov edx, edi +mov esi, dword [eax + ebx*4 + 0x28] +inc ebx +mov eax, dword [ebp - 0x8c] +and esi, 0xe3ffffff +call fcn_fffa71bc ; call 0xfffa71bc +or esi, dword [ebp - 0xb0] +mov ecx, esi +mov edx, eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffab18f ; jmp 0xfffab18f -fcn_fffaafbd: ; not directly referenced -push ebp -mov ebp, esp -pop ebp -ret +loc_fffab1d2: ; not directly referenced +shr eax, 0xf +and eax, 0x3ff +add eax, dword [edi] +cmp byte [ebp - 0x9c], 1 +jne loc_fffab2df ; jne 0xfffab2df +shr eax, 1 +jmp near loc_fffab2df ; jmp 0xfffab2df -fcn_fffaafc2: ; not directly referenced -push ebp -mov ebp, esp -mov edx, dword [ebp + 8] -in eax, dx -pop ebp -ret +loc_fffab1f0: ; not directly referenced +inc byte [ebp - 0xa8] +inc dword [ebp - 0xac] +and byte [ebp - 0xa8], 7 +jne loc_fffaaf28 ; jne 0xfffaaf28 +mov esi, dword [ebp - 0xa4] +xor edi, edi -fcn_fffaafcb: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffaafc2 ; jmp 0xfffaafc2 +loc_fffab211: ; not directly referenced +imul eax, edi, 0x13c3 +mov ecx, dword [ebp - 0x8c] +xor ebx, ebx +cmp dword [ecx + eax + 0x3757], 2 +jne short loc_fffab296 ; jne 0xfffab296 -fcn_fffaafda: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0xc] -mov edx, dword [ebp + 8] -out dx, eax -pop ebp -ret +loc_fffab229: ; not directly referenced +cmp byte [ebp - 0x95], bl +jbe short loc_fffab277 ; jbe 0xfffab277 +mov eax, dword [ebp - 0x8c] +mov ecx, ebx +mov edx, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [esi + ebx*4 + 4] +mov edx, eax +mov dword [ebp - 0x90], eax +mov eax, dword [ebp - 0x8c] +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x90] +and byte [esi + ebx*4 + 0x28], 0xdf +mov ecx, dword [esi + ebx*4 + 0x28] +inc ebx +mov eax, dword [ebp - 0x8c] +add edx, 4 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffab229 ; jmp 0xfffab229 -fcn_fffaafe6: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x18] -mov dword [ebp + 0xc], eax -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffaafda ; jmp 0xfffaafda +loc_fffab277: ; not directly referenced +mov ebx, dword [ebp - 0x8c] +mov ecx, 0xff +mov edx, edi +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [esi] +mov edx, eax +mov eax, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 -fcn_fffaaffb: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov dl, al -mov cl, al -sar dl, 7 -and eax, 0x7f -sar cl, 7 -and edx, 2 -and ecx, 2 -add edx, 0x74 -add ecx, 0x75 -movzx edx, dl -out dx, al -movzx edx, cl -in al, dx -pop ebp -ret +loc_fffab296: ; not directly referenced +inc edi +add esi, 0xcc +cmp edi, 2 +jne loc_fffab211 ; jne 0xfffab211 +mov esi, dword [ebp - 0xbc] +lea ebx, [ebp - 0x38] -fcn_fffab024: ; not directly referenced -push ebp -mov ebp, esp -mov edx, dword [ebp + 0x10] -in al, dx -pop ebp -ret +loc_fffab2af: ; not directly referenced +mov edi, dword [ebp - 0x8c] +add ebx, 4 +add esi, 3 +movzx ecx, byte [esi - 3] +movzx edx, byte [esi - 4] +mov eax, edi +call fcn_fffa7588 ; call 0xfffa7588 +mov ecx, dword [ebx - 4] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +lea eax, [ebp - 0x28] +cmp ebx, eax +jne short loc_fffab2af ; jne 0xfffab2af +jmp short loc_fffab2e6 ; jmp 0xfffab2e6 -fcn_fffab02d: ; not directly referenced -push ebp -mov ebp, esp -mov edx, dword [ebp + 0x10] -mov eax, dword [ebp + 0x18] -out dx, al -pop ebp -ret +loc_fffab2df: ; not directly referenced +mov dword [edi], eax +jmp near loc_fffab090 ; jmp 0xfffab090 -fcn_fffab039: ; not directly referenced -push ebp -mov edx, 0x186a0 -mov ebp, esp +loc_fffab2e6: ; not directly referenced +lea esp, [ebp - 0xc] xor eax, eax -push ebx -sub esp, 0x10 - -loc_fffab047: ; not directly referenced -test eax, eax -sete bl -test edx, edx -setne cl -test bl, cl -je short loc_fffab064 ; je 0xfffab064 -clc - -loc_fffab056: ; not directly referenced -rdrand eax -mov dword [ebp - 8], eax -jae short loc_fffab056 ; jae 0xfffab056 -mov eax, dword [ebp - 8] -dec edx -jmp short loc_fffab047 ; jmp 0xfffab047 - -loc_fffab064: ; not directly referenced -add esp, 0x10 pop ebx +pop esi +pop edi pop ebp ret -fcn_fffab06a: ; not directly referenced -push ebp -mov ebp, esp -pop ebp -ret - -fcn_fffab06f: ; not directly referenced -push ebp -mov ebp, esp -push eax -mov eax, 0x1000 -in al, 0x99 -pop eax -pop ebp -ret - -fcn_fffab07d: -mov edx, dword [0xff7d026c] -xor eax, eax +fcn_fffab2f0: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -imul ebx, edx, 0xc +sub esp, 0x2c +mov ebx, dword [ebp + 8] +mov eax, dword [ebx + 0x18a7] +mov esi, dword [ebx + 0x2444] +mov edi, dword [ebx + 0x18c1] +mov dword [ebp - 0x2c], eax +mov eax, dword [ebx + 0x188b] +push 0xe4 +push 0 +push 0 +push 0 +mov dword [ebp - 0x30], eax +call dword [esi + 0x4c] ; ucall +add edi, eax +mov dword [esp], edi +add edi, 4 +call dword [esi + 0x20] ; ucall +mov dword [esp], edi +mov dword [ebp - 0x1c], eax +call dword [esi + 0x20] ; ucall +mov edx, dword [ebp - 0x1c] +mov edi, dword [ebx + 0x18c1] +mov dword [ebx + 0x10], edx +mov dword [ebx + 0x14], eax +push 0x54 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +mov edx, dword [ebp - 0x1c] +add esp, 0x10 +movzx ecx, dh +test cl, 8 +jne short loc_fffab38b ; jne 0xfffab38b +test al, 0x10 +je short loc_fffab38b ; je 0xfffab38b +mov eax, dword [ebx + 0x188f] +mov dword [ebx + 0x246e], eax +mov eax, dword [ebx + 0x1893] +mov dword [ebx + 0x2472], eax +jmp short loc_fffab39f ; jmp 0xfffab39f -loc_fffab08e: -cmp edx, 0x13 -ja short loc_fffab0be ; ja 0xfffab0be -mov esi, dword [ebp + 0xc] -inc edx -mov ecx, 3 -mov dword [0xff7d026c], edx -lea edi, [ebx + eax - 0x82fe84] -add esi, eax -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [ebp + 0xc] -mov ecx, dword [edi + eax] -add eax, 0xc -test ecx, ecx -jns short loc_fffab08e ; jns 0xfffab08e +loc_fffab38b: ; not directly referenced +mov dword [ebx + 0x246e], 0 +mov dword [ebx + 0x2472], 0 + +loc_fffab39f: ; not directly referenced +mov eax, edx +shr eax, 0x13 +and eax, 3 +cmp eax, 1 +je short loc_fffab3c8 ; je 0xfffab3c8 +cmp eax, 2 +je short loc_fffab3d4 ; je 0xfffab3d4 +cmp eax, 1 +sbb eax, eax +and eax, 0x3e00 +add eax, 0x200 +mov dword [ebx + 0x2485], eax +jmp short loc_fffab3de ; jmp 0xfffab3de + +loc_fffab3c8: ; not directly referenced +mov dword [ebx + 0x2485], 0x2000 +jmp short loc_fffab3de ; jmp 0xfffab3de + +loc_fffab3d4: ; not directly referenced +mov dword [ebx + 0x2485], 0x800 + +loc_fffab3de: ; not directly referenced +mov eax, ecx +shl eax, 0x1b +mov dword [ebp - 0x20], eax +mov eax, ecx +shl eax, 0x19 +sar dword [ebp - 0x20], 0x1f +add dword [ebp - 0x20], 2 +mov dword [ebp - 0x1c], eax +sar dword [ebp - 0x1c], 0x1f +add dword [ebp - 0x1c], 2 +cmp byte [ebx + 0x241f], 1 +je short loc_fffab42d ; je 0xfffab42d +mov eax, dword [ebx + 0x1887] +cmp eax, 0x306d0 +sete cl +cmp eax, 0x40650 +sete al +or cl, al +mov eax, 1 +cmove eax, dword [ebp - 0x1c] +mov dword [ebp - 0x1c], eax +jmp short loc_fffab434 ; jmp 0xfffab434 + +loc_fffab42d: ; not directly referenced +mov dword [ebp - 0x1c], 1 + +loc_fffab434: ; not directly referenced +mov eax, edx +shr eax, 0x10 +and eax, 2 +cmp al, 1 +sbb eax, eax +mov dword [ebp - 0x24], eax +mov eax, edx +shr eax, 0x18 +add word [ebp - 0x24], 2 +and eax, 1 +mov dword [ebp - 0x34], eax +je short loc_fffab463 ; je 0xfffab463 +mov byte [ebx + 0x3749], 1 +mov edi, 1 +jmp short loc_fffab47b ; jmp 0xfffab47b + +loc_fffab463: ; not directly referenced +xor eax, eax +and edx, 0x2000000 +jne short loc_fffab479 ; jne 0xfffab479 xor eax, eax -jmp short loc_fffab0c3 ; jmp 0xfffab0c3 +cmp byte [ebx + 0x3749], 0 +setne al -loc_fffab0be: -mov eax, 0x80000009 +loc_fffab479: ; not directly referenced +mov edi, eax -loc_fffab0c3: -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffab47b: ; not directly referenced +imul esi, dword [ebp - 0x2c], 0x2e +lea eax, [ebx + 0x736c] +lea ecx, [ebx + 0x4be6] +mov dword [ebp - 0x28], eax -fcn_fffab0c8: ; not directly referenced -push ebp -mov ebp, esp -pop ebp -jmp near loc_fffd2984 ; jmp 0xfffd2984 +loc_fffab48e: ; not directly referenced +cmp dword [ecx - 0x148f], 2 +je short loc_fffab4da ; je 0xfffab4da -fcn_fffab0d1: -push ebp -mov ebp, esp -mov edx, dword [ebp + 0xc] -mov eax, dword [ebp + 8] -mov ecx, dword [ebp + 0x10] -test edx, edx -je short loc_fffab0ed ; je 0xfffab0ed -movzx ecx, cl -mov dword [ebp + 0x10], ecx -pop ebp -jmp near loc_fffd2932 ; jmp 0xfffd2932 +loc_fffab497: ; not directly referenced +add ecx, 0x13c3 +cmp ecx, dword [ebp - 0x28] +jne short loc_fffab48e ; jne 0xfffab48e +cmp byte [ebx + 0x3749], 1 +mov edi, 2 +mov dword [ebx + 0x3712], 0 +mov dword [ebp - 0x24], 0 +sete al +xor esi, esi +add eax, 8 +xor ecx, ecx +mov byte [ebx + 0x2489], al +lea eax, [ebx + 0x3813] +jmp near loc_fffab5d3 ; jmp 0xfffab5d3 -loc_fffab0ed: -pop ebp -ret +loc_fffab4da: ; not directly referenced +cmp word [ebp - 0x24], 2 +je short loc_fffab507 ; je 0xfffab507 +cmp dword [ebx + 0x18a7], 0 +jne short loc_fffab526 ; jne 0xfffab526 +mov eax, dword [ebx + 0x36d8] +cmp eax, 0x74b +ja short loc_fffab507 ; ja 0xfffab507 +cmp dword [ecx - 0x13cf], 1 +jbe short loc_fffab526 ; jbe 0xfffab526 +cmp eax, 0x534 +jbe short loc_fffab526 ; jbe 0xfffab526 -fcn_fffab0ef: -push ebp -mov ebp, esp -pop ebp -jmp near loc_fffd2917 ; jmp 0xfffd2917 +loc_fffab507: ; not directly referenced +cmp word [ecx + esi - 0x1487], 2 +mov eax, 2 +cmovae ax, word [ecx + esi - 0x1487] +mov word [ecx + esi - 0x1487], ax -fcn_fffab0f8: ; not directly referenced -push ebp -mov ebp, esp -pop ebp -jmp near loc_fffd28fc ; jmp 0xfffd28fc +loc_fffab526: ; not directly referenced +lea eax, [ecx - 0x250] -fcn_fffab101: -push ebp -mov ebp, esp -mov ecx, dword [ebp + 0x10] -mov eax, dword [ebp + 8] -mov edx, dword [ebp + 0xc] -test ecx, ecx -je short loc_fffab11b ; je 0xfffab11b -cmp eax, edx -je short loc_fffab11b ; je 0xfffab11b -pop ebp -jmp near loc_fffd2836 ; jmp 0xfffd2836 +loc_fffab52c: ; not directly referenced +cmp dword [eax - 0xcc], 2 +jne short loc_fffab583 ; jne 0xfffab583 +mov dx, word [ecx + esi - 0x1487] +mov word [eax + esi - 0xc4], dx +cmp edi, 1 +jne short loc_fffab572 ; jne 0xfffab572 +mov dl, byte [eax] +test dl, dl +jne short loc_fffab562 ; jne 0xfffab562 +cmp dword [ebp - 0x34], 1 +jne short loc_fffab575 ; jne 0xfffab575 +mov dword [eax - 0xcc], 1 +jmp short loc_fffab583 ; jmp 0xfffab583 -loc_fffab11b: -pop ebp -ret +loc_fffab562: ; not directly referenced +dec dl +jne short loc_fffab575 ; jne 0xfffab575 +mov byte [eax], 1 +mov dword [eax + 0x11], 9 +jmp short loc_fffab583 ; jmp 0xfffab583 -fcn_fffab11d: ; not directly referenced -push ebp -mov ebp, esp -pop ebp -jmp near fcn_fffab101 ; jmp 0xfffab101 +loc_fffab572: ; not directly referenced +mov byte [eax], 0 -fcn_fffab126: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x68], 0 -mov dword [ebp - 0x4c], 0 -mov dword [ebp - 0x60], 0 -mov eax, dword [ebx + 0x2480] -mov dword [ebp - 0x58], eax -mov eax, dword [ebx + 0x1887] -mov dword [ebp - 0x6c], eax -mov eax, dword [ebx + 0x188b] -mov dword [ebp - 0x5c], eax -lea eax, [ebx + 0x3756] -mov dword [ebp - 0x50], eax -mov eax, dword [ebx + 0x5edc] -lea esi, [eax + 0x1c] +loc_fffab575: ; not directly referenced +mov dword [eax + 0x11], 8 +mov byte [ebx + 0x3749], 0 -loc_fffab174: ; not directly referenced -mov eax, dword [ebp - 0x50] -cmp dword [eax], 2 -jne loc_fffab348 ; jne 0xfffab348 -cmp dword [ebp - 0x5c], 1 -jne short loc_fffab1b7 ; jne 0xfffab1b7 -mov dl, byte [esi + 3] -mov ecx, 0xff -mov al, dl -and edx, 0xffffffbf -mov byte [esi + 3], dl -mov edx, dword [ebp - 0x4c] -shr al, 6 -and eax, 1 -mov byte [esi + 0xcb], al -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [esi] -mov edx, eax -mov eax, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffab583: ; not directly referenced +add eax, 0x128 +cmp eax, ecx +jne short loc_fffab52c ; jne 0xfffab52c +jmp near loc_fffab497 ; jmp 0xfffab497 -loc_fffab1b7: ; not directly referenced -cmp dword [ebp - 0x58], 3 -je loc_fffab30b ; je 0xfffab30b -mov eax, dword [ebp - 0x50] -mov dword [ebp - 0x54], 0 -mov dword [ebp - 0x64], eax +loc_fffab591: ; not directly referenced +xor edx, edx +cmp dword [eax + 0x10b7], 2 +jne short loc_fffab5a2 ; jne 0xfffab5a2 +mov edx, dword [eax + 0x1198] -loc_fffab1ce: ; not directly referenced -mov ecx, dword [ebp - 0x54] -mov eax, 1 -mov dl, cl -shl eax, cl -mov ecx, dword [ebp - 0x50] -test byte [ecx + 0xc4], al -jne short loc_fffab1f7 ; jne 0xfffab1f7 +loc_fffab5a2: ; not directly referenced +cmp dword [eax + 0x11df], 2 +jne short loc_fffab5b1 ; jne 0xfffab5b1 +add edx, dword [eax + 0x12c0] -loc_fffab1e5: ; not directly referenced -inc dword [ebp - 0x54] -add dword [ebp - 0x64], 9 -cmp dword [ebp - 0x54], 4 -jne short loc_fffab1ce ; jne 0xfffab1ce -jmp near loc_fffab27c ; jmp 0xfffab27c +loc_fffab5b1: ; not directly referenced +mov dword [eax], edx +cmp edx, dword [ebp - 0x24] +jbe short loc_fffab5de ; jbe 0xfffab5de +mov edi, dword [eax + 4] +mov ecx, esi +mov dword [ebp - 0x24], edx -loc_fffab1f7: ; not directly referenced -cmp dword [ebp - 0x58], 2 -sete cl -cmp dword [ebp - 0x6c], 0x306d0 -sete al -test cl, al -je short loc_fffab1e5 ; je 0xfffab1e5 -mov eax, edx -shr dl, 1 -and eax, 1 -movzx edx, dl -imul eax, eax, 0x18 -imul edx, edx, 0x128 -add edx, eax -mov eax, dword [ebp - 0x50] -test word [eax + edx + 0x126f], 0x600 -je short loc_fffab1e5 ; je 0xfffab1e5 -xor edi, edi +loc_fffab5c0: ; not directly referenced +mov edx, dword [eax] +inc esi +add eax, 0x13c3 +add dword [ebx + 0x3712], edx +cmp esi, 2 +je short loc_fffab5fb ; je 0xfffab5fb -loc_fffab232: ; not directly referenced -mov eax, dword [ebp - 0x64] -mov edx, dword [ebp - 0x4c] -mov byte [eax + edi + 0x24d], 0x3f -mov eax, ebx -push ecx -mov ecx, dword [ebp - 0x54] -push 0x3f -push 2 -push edi -call fcn_fffa73b0 ; call 0xfffa73b0 -mov ecx, edi -mov eax, ebx -or byte [esi + edi*4 + 0x2a], 0x80 -mov edx, dword [ebp - 0x4c] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [esi + edi*4 + 0x28] -inc edi -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -add esp, 0x10 -cmp edi, 9 -jne short loc_fffab232 ; jne 0xfffab232 -jmp near loc_fffab1e5 ; jmp 0xfffab1e5 +loc_fffab5d3: ; not directly referenced +cmp dword [eax - 0xbc], 2 +jne short loc_fffab5c0 ; jne 0xfffab5c0 +jmp short loc_fffab591 ; jmp 0xfffab591 -loc_fffab27c: ; not directly referenced -cmp dword [ebp - 0x5c], 1 -jne loc_fffab30b ; jne 0xfffab30b -cmp dword [ebp - 0x68], 0 -jne short loc_fffab30b ; jne 0xfffab30b -mov eax, dword [esi + 0x28] -mov edx, 0x3a28 -mov edi, eax -mov dword [ebp - 0x68], eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov ecx, edi -mov edx, edi -shr ecx, 0x15 -and ecx, 1 -shr edx, 0x15 -and edx, 2 -and eax, 0xfffffffc -or eax, ecx -or eax, edx -mov edx, edi -mov edi, dword [ebp - 0x60] -shr edx, 9 -and eax, 0xff01ffff -and edx, 0xe0000 -or eax, edx -mov edx, 0x3a28 -or eax, 0x800000 -cmp dword [ebp - 0x58], 2 -mov ecx, eax -cmove edi, dword [ebp - 0x5c] -mov eax, ebx -mov dword [ebp - 0x60], edi -call fcn_fffae58c ; call 0xfffae58c -test edi, edi -je short loc_fffab30b ; je 0xfffab30b -mov edx, 0x5f09 -mov eax, ebx -mov ecx, 1 -call fcn_fffae566 ; call 0xfffae566 -mov edx, 0x96 -mov eax, ebx -call fcn_fffa834b ; call 0xfffa834b +loc_fffab5de: ; not directly referenced +sete byte [ebp - 0x28] +cmp dword [ebp - 0x1c], 1 +sete dl +test byte [ebp - 0x28], dl +je short loc_fffab5c0 ; je 0xfffab5c0 +mov edx, dword [eax + 4] +cmp edx, edi +jae short loc_fffab5c0 ; jae 0xfffab5c0 +mov edi, edx +mov ecx, esi +jmp short loc_fffab5c0 ; jmp 0xfffab5c0 -loc_fffab30b: ; not directly referenced -cmp byte [ebx + 0x3748], 1 -jne short loc_fffab348 ; jne 0xfffab348 -mov eax, dword [ebp - 0x4c] -lea edi, [eax*4 + 0x5004] -mov eax, ebx -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -and eax, 0xfcffffff -or eax, 0x1000000 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x3c -mov eax, ebx -call fcn_fffa834b ; call 0xfffa834b +loc_fffab5fb: ; not directly referenced +cmp dword [ebp - 0x20], 1 +je short loc_fffab60d ; je 0xfffab60d -loc_fffab348: ; not directly referenced -inc dword [ebp - 0x4c] -add esi, 0xcc -add dword [ebp - 0x50], 0x13c3 -cmp dword [ebp - 0x4c], 2 -jne loc_fffab174 ; jne 0xfffab174 -lea edi, [ebp - 0x3c] -mov esi, ref_fffd3570 ; mov esi, 0xfffd3570 -mov ecx, 9 -mov eax, ebx -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x48] -mov esi, ref_fffd3594 ; mov esi, 0xfffd3594 -mov cl, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov ecx, 0x1010101 -mov esi, 8 -push edx -push edx +loc_fffab601: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne loc_fffab69d ; jne 0xfffab69d +jmp short loc_fffab685 ; jmp 0xfffab685 + +loc_fffab60d: ; not directly referenced +lea eax, [ebx + 0x3757] xor edx, edx -push 0 -push 8 -call fcn_fffa7fde ; call 0xfffa7fde -lea edi, [ebp - 0x3c] -add esp, 0x10 -loc_fffab39c: ; not directly referenced -push eax -mov ecx, 0x41041041 -push eax -mov eax, ebx -push esi -add esi, 6 -push 6 -mov edx, dword [edi] -add edi, 4 -call fcn_fffa7fde ; call 0xfffa7fde -add esp, 0x10 -cmp esi, 0x3e -jne short loc_fffab39c ; jne 0xfffab39c -lea edx, [ebp - 0x48] -mov eax, ebx -call fcn_fffa665e ; call 0xfffa665e -cmp dword [ebx + 0x3756], 2 -jne short loc_fffab3e1 ; jne 0xfffab3e1 -mov ecx, 0xa010102 -mov edx, 0x4078 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffab615: ; not directly referenced +mov esi, dword [eax] +cmp edx, ecx +je short loc_fffab675 ; je 0xfffab675 +cmp esi, 2 +jne short loc_fffab675 ; jne 0xfffab675 +cmp dword [eax + 0x1173], 2 +mov dword [eax], 1 +mov byte [eax + 0xc4], 0 +jne short loc_fffab651 ; jne 0xfffab651 +mov dword [eax + 0x1173], 1 +mov byte [eax + 0x1260], 0 +mov dword [eax + 0x1254], 0 -loc_fffab3e1: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffab3fb ; jne 0xfffab3fb -mov ecx, 0xa010102 -mov edx, 0x4478 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffab651: ; not directly referenced +cmp dword [eax + 0x129b], 2 +jne short loc_fffab675 ; jne 0xfffab675 +mov dword [eax + 0x129b], 1 +mov byte [eax + 0x1388], 0 +mov dword [eax + 0x137c], 0 -loc_fffab3fb: ; not directly referenced -lea esp, [ebp - 0xc] +loc_fffab675: ; not directly referenced +inc edx +add eax, 0x13c3 +cmp edx, 2 +jne short loc_fffab615 ; jne 0xfffab615 +jmp near loc_fffab601 ; jmp 0xfffab601 + +loc_fffab685: ; not directly referenced xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret -fcn_fffab405: -push ebp -mov eax, dword [0xff7d0000] -mov ebp, esp -pop ebp -ret +loc_fffab687: ; not directly referenced +cmp dword [ebx + eax + 0x3757], 2 +je short loc_fffab6ab ; je 0xfffab6ab -fcn_fffab40f: -push ebp -mov ebp, esp -sub esp, 8 -call fcn_fffab405 ; call 0xfffab405 -sub esp, 0xc -mov edx, dword [eax] -push dword [ebp + 0x14] -push 0 -push dword [ebp + 0xc] -push dword [ebp + 8] -push eax -call dword [edx + 0x20] ; ucall -leave -ret +loc_fffab691: ; not directly referenced +add eax, 0x13c3 +cmp eax, 0x2786 +jne short loc_fffab687 ; jne 0xfffab687 -fcn_fffab430: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -push ebx -mov ebx, edx -sub esp, 0x2c -mov esi, dword [ebp + 0xc] -lea eax, [ebp - 0x1c] -push eax -push 0 -push 0 -push ref_fffd662c ; push 0xfffd662c -mov dword [ebp - 0x2c], ecx -call fcn_fffab40f ; call 0xfffab40f -add esp, 0xc -mov edx, dword [ebp - 0x1c] -push dword [ebp + 8] -mov ecx, ebx -lea eax, [ebp - 0x2c] -shr ecx, 1 -and ecx, 0x7f -push eax -mov eax, ebx -shr eax, 0x16 -movzx ebx, bh -and eax, 1 -push eax -push edi -push ebx -push ecx -push edx -call dword [edx] ; ucall -add esp, 0x20 -test esi, esi -je short loc_fffab484 ; je 0xfffab484 -mov dword [esi], eax +loc_fffab69d: ; not directly referenced +cmp byte [ebx + 0x190d], 0 +jne short loc_fffab6e0 ; jne 0xfffab6e0 +jmp near loc_fffab793 ; jmp 0xfffab793 -loc_fffab484: ; not directly referenced -mov eax, dword [ebp - 0x2c] +loc_fffab6ab: ; not directly referenced +mov edx, dword [ebx + eax + 0x48ca] +xor ecx, ecx +cmp edx, 2 +jne short loc_fffab6c0 ; jne 0xfffab6c0 +mov ecx, dword [ebx + eax + 0x49ab] + +loc_fffab6c0: ; not directly referenced +cmp dword [ebx + eax + 0x49f2], 2 +jne short loc_fffab691 ; jne 0xfffab691 +cmp dword [ebx + eax + 0x4ad3], ecx +ja short loc_fffab715 ; ja 0xfffab715 +mov dword [ebx + eax + 0x49f2], 1 +jmp short loc_fffab691 ; jmp 0xfffab691 + +loc_fffab6e0: ; not directly referenced +mov eax, dword [ebx + 0x190e] +mov dword [ebx + 0x36cc], eax +test eax, eax +jne short loc_fffab72e ; jne 0xfffab72e +cmp dword [ebp - 0x30], 0 +jne short loc_fffab700 ; jne 0xfffab700 +mov dword [ebx + 0x36cc], 1 + +loc_fffab700: ; not directly referenced +cmp byte [ebx + 0x36cb], 0 +jne short loc_fffab72e ; jne 0xfffab72e +mov dword [ebx + 0x36cc], 1 +jmp short loc_fffab72e ; jmp 0xfffab72e + +loc_fffab715: ; not directly referenced +cmp edx, 2 +jne loc_fffab691 ; jne 0xfffab691 +mov dword [ebx + eax + 0x48ca], 1 +jmp near loc_fffab691 ; jmp 0xfffab691 + +loc_fffab72e: ; not directly referenced +cmp dword [ebx + 0x36cc], 1 +jne short loc_fffab793 ; jne 0xfffab793 +cmp dword [ebx + 0x374f], 2 +mov byte [ebx + 0x2480], 1 +jne short loc_fffab793 ; jne 0xfffab793 +lea eax, [ebx + 0x3757] +lea edx, [ebx + 0x5edd] + +loc_fffab753: ; not directly referenced +cmp dword [eax], 2 +jne short loc_fffab78a ; jne 0xfffab78a +cmp dword [eax + 0x1173], 2 +jne short loc_fffab771 ; jne 0xfffab771 +cmp byte [eax + 0x1243], 0 +jne short loc_fffab771 ; jne 0xfffab771 +mov byte [ebx + 0x2480], 0 + +loc_fffab771: ; not directly referenced +cmp dword [eax + 0x129b], 2 +jne short loc_fffab78a ; jne 0xfffab78a +cmp byte [eax + 0x136b], 0 +jne short loc_fffab78a ; jne 0xfffab78a +mov byte [ebx + 0x2480], 0 + +loc_fffab78a: ; not directly referenced +add eax, 0x13c3 +cmp eax, edx +jne short loc_fffab753 ; jne 0xfffab753 + +loc_fffab793: ; not directly referenced lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffab48f: ; not directly referenced -push ebp -mov ecx, 1 -mov ebp, esp -sub esp, 0x20 -push dword [ebp + 0xc] -mov edx, dword [ebp + 8] -lea eax, [ebp - 9] -push eax -mov eax, 4 -call fcn_fffab430 ; call 0xfffab430 -mov al, byte [ebp - 9] -leave -ret - -fcn_fffab4b3: ; not directly referenced +fcn_fffab79d: ; not directly referenced push ebp -mov ecx, 1 mov ebp, esp +push edi +push esi push ebx sub esp, 0x1c -mov ebx, dword [ebp + 0xc] -push dword [ebp + 0x10] -mov edx, dword [ebp + 8] -lea eax, [ebp - 9] -mov byte [ebp - 9], bl -push eax -mov eax, 5 -call fcn_fffab430 ; call 0xfffab430 -mov al, bl -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffab4e0: ; not directly referenced -push ebp -mov ecx, 2 -mov ebp, esp -sub esp, 0x20 -push dword [ebp + 0xc] -mov edx, dword [ebp + 8] -lea eax, [ebp - 0xa] -push eax -mov eax, 6 -call fcn_fffab430 ; call 0xfffab430 -mov ax, word [ebp - 0xa] -leave -ret - -fcn_fffab505: -push ebp -mov ebp, esp -push ebx -mov ebx, edx -sub esp, 0x14 -mov dword [edx + 4], eax -lea eax, [ebp - 0xc] -mov dword [edx], 0x626d7370 -push eax -push 0 -push 0 -push ref_fffd6584 ; push 0xfffd6584 -call fcn_fffab40f ; call 0xfffab40f -mov eax, dword [ebp - 0xc] -add esp, 0x10 -movzx edx, word [eax + 0x388] -add eax, 0x38e -mov dword [ebx + 8], edx -mov dl, byte [eax - 1] -mov dword [ebx + 0xce], eax -lea eax, [ebx + 0x18] -mov dword [ebx + 0xc], 0x80000010 -mov dword [ebx + 0x10], ref_fffd662c ; mov dword [ebx + 0x10], 0xfffd662c -mov byte [ebx + 0xcd], dl -mov dword [ebx + 0x14], eax -mov dword [ebx + 0x18], fcn_fffb51f9 ; mov dword [ebx + 0x18], 0xfffb51f9 -mov dword [ebx + 0x1c], fcn_fffa5b5e ; mov dword [ebx + 0x1c], 0xfffa5b5e -mov dword [ebx + 0x20], fcn_fffa5b54 ; mov dword [ebx + 0x20], 0xfffa5b54 -mov dword [ebx + 0x24], fcn_fffa5b4a ; mov dword [ebx + 0x24], 0xfffa5b4a -mov dword [ebx + 0x38], 0x80000020 -mov dword [ebx + 0x3c], ref_fffd65b0 ; mov dword [ebx + 0x3c], 0xfffd65b0 -mov dword [ebx + 0x40], fcn_fffab5a2 ; mov dword [ebx + 0x40], 0xfffab5a2 -mov byte [ebx + 0x44], 0 -mov byte [ebx + 0xd2], 0 -mov ebx, dword [ebp - 4] -leave -ret +mov ebx, dword [ebp + 8] +mov eax, dword [ebx + 0x2481] +cmp byte [ebx + 0x192b], 0 +mov dword [ebp - 0x1c], eax +je short loc_fffab7ed ; je 0xfffab7ed +movzx ecx, byte [ebx + 0x192c] +mov edx, 0x5884 +mov eax, ebx +and ecx, 7 +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x192e] +xor ecx, ecx +mov cl, byte [ebx + 0x192d] +mov edx, 0x5888 +mov ch, al +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -fcn_fffab5a2: ; not directly referenced -push ebp -mov ebp, esp -sub esp, 8 -mov eax, dword [ebp + 0xc] -lea edx, [eax - 0x38] -mov eax, dword [ebp + 8] -call fcn_fffab505 ; call 0xfffab505 -xor eax, eax -leave -ret +loc_fffab7ed: ; not directly referenced +movzx ecx, byte [ebx + 0x1935] +movzx edx, byte [ebx + 0x1936] +movzx eax, byte [ebx + 0x1937] +movzx esi, byte [ebx + 0x192f] +and ecx, 3 +and edx, 0x1f +shl edx, 0x11 +and eax, 1 +shl ecx, 0x16 +or ecx, edx +movzx edx, word [ebx + 0x1938] +shl eax, 0xf +or ecx, eax +movzx eax, byte [ebx + 0x1930] +shl esi, 0x1f +and edx, 0x7fff +or ecx, edx +movzx edx, byte [ebx + 0x1931] +and eax, 3 +shl eax, 0x16 +or esi, eax +movzx eax, byte [ebx + 0x1932] +and edx, 0x1f +shl edx, 0x11 +or esi, edx +movzx edx, word [ebx + 0x1933] +and eax, 1 +shl eax, 0xf +or esi, eax +mov eax, ebx +and edx, 0x7fff +or esi, edx +mov edx, 0x58e0 +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, esi +mov edx, 0x58e4 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x193b] +xor ecx, ecx +mov edx, 0x5890 +mov ch, al +mov cl, byte [ebx + 0x193a] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x193d] +xor ecx, ecx +mov edx, 0x5894 +mov ch, al +mov cl, byte [ebx + 0x193c] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x193f] +xor ecx, ecx +mov edx, 0x5898 +mov ch, al +mov cl, byte [ebx + 0x193e] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x1941] +xor ecx, ecx +mov edx, 0x589c +mov ch, al +mov cl, byte [ebx + 0x1940] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x1943] +xor ecx, ecx +mov edx, 0x58d0 +mov ch, al +mov cl, byte [ebx + 0x1942] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x1945] +xor ecx, ecx +mov edx, 0x58d4 +xor esi, esi +mov ch, al +mov cl, byte [ebx + 0x1944] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x1947] +xor ecx, ecx +mov edx, 0x58d8 +mov ch, al +mov cl, byte [ebx + 0x1946] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + 0x1949] +xor ecx, ecx +mov edx, 0x58dc +mov ch, al +mov cl, byte [ebx + 0x1948] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -fcn_fffab5ba: -push ebp -mov ebp, esp -push ebx -push eax -mov ebx, dword [ebp + 0xc] -call fcn_fffab405 ; call 0xfffab405 -movzx ebx, bx -mov edx, dword [eax] -push dword [ebp + 0x10] -push ebx -push 4 -push eax -call dword [edx + 0x34] ; ucall -mov ebx, dword [ebp - 4] -leave -ret +loc_fffab969: ; not directly referenced +imul eax, esi, 0x13c3 +cmp dword [ebx + eax + 0x3757], 2 +jne loc_fffaba7c ; jne 0xfffaba7c +cmp byte [ebx + 0x192b], 0 +je loc_fffaba3c ; je 0xfffaba3c +movzx ecx, byte [ebx + esi*2 + 0x194b] +mov edi, esi +movzx eax, byte [ebx + esi*2 + 0x194a] +shl edi, 0xa +lea edx, [edi + 0x42ec] +and ecx, 0x3f +and eax, 0x3f +shl ecx, 8 +or ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +movzx ecx, byte [ebx + esi*2 + 0x194f] +lea edx, [edi + 0x42f0] +movzx eax, byte [ebx + esi*2 + 0x194e] +and ecx, 0x3f +and eax, 0x3f +shl ecx, 8 +or ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + esi*2 + 0x1953] +xor ecx, ecx +lea edx, [edi + 0x42f4] +mov ch, al +mov cl, byte [ebx + esi*2 + 0x1952] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + esi*2 + 0x1957] +xor ecx, ecx +lea edx, [edi + 0x42f8] +mov ch, al +mov cl, byte [ebx + esi*2 + 0x1956] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov al, byte [ebx + esi*2 + 0x195b] +xor ecx, ecx +lea edx, [edi + 0x42fc] +mov ch, al +mov cl, byte [ebx + esi*2 + 0x195a] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -fcn_fffab5db: -push ebp -mov ebp, esp -sub esp, 8 -call fcn_fffab405 ; call 0xfffab405 -push edx -push edx -mov edx, dword [eax] -push dword [ebp + 8] -push eax -call dword [edx + 0x18] ; ucall -leave -ret +loc_fffaba3c: ; not directly referenced +cmp dword [ebp - 0x1c], 3 +jne short loc_fffaba57 ; jne 0xfffaba57 +movzx ecx, byte [ebx + 0x1963] +and ecx, 1 +shl ecx, 8 +mov cl, byte [ebx + 0x1964] +jmp short loc_fffaba6a ; jmp 0xfffaba6a -fcn_fffab5f3: -push ebp -mov ebp, esp -sub esp, 0x18 -call fcn_fffab405 ; call 0xfffab405 -lea ecx, [ebp - 0xc] -push edx -push edx -mov edx, dword [eax] -push ecx -push eax -call dword [edx + 0x30] ; ucall -mov eax, dword [ebp - 0xc] -leave -ret +loc_fffaba57: ; not directly referenced +movzx ecx, byte [ebx + 0x1961] +and ecx, 1 +shl ecx, 8 +mov cl, byte [ebx + 0x1962] -fcn_fffab60f: -push ebp -mov ebp, esp -sub esp, 8 -call fcn_fffab405 ; call 0xfffab405 -push edx -mov edx, dword [eax] -push dword [ebp + 0xc] -push dword [ebp + 8] -push eax -call dword [edx + 0x4c] ; ucall -leave -ret +loc_fffaba6a: ; not directly referenced +mov edx, esi +mov eax, ebx +shl edx, 0xa +add edx, 0x4328 +call fcn_fffb3381 ; call 0xfffb3381 -fcn_fffab629: ; not directly referenced -push ebp -mov ebp, esp -push esi -mov esi, dword [ebp + 0xc] -push ebx -mov ebx, dword [ebp + 8] -push ebx -call fcn_fffaafc2 ; call 0xfffaafc2 -mov dword [ebp + 8], ebx -pop edx -or eax, esi -mov dword [ebp + 0xc], eax -lea esp, [ebp - 8] +loc_fffaba7c: ; not directly referenced +inc esi +cmp esi, 2 +jne loc_fffab969 ; jne 0xfffab969 +movzx ecx, byte [ebx + 0x195e] +mov edx, 0x5060 +mov eax, ebx +and ecx, 1 +shl ecx, 0x10 +mov cx, word [ebx + 0x195f] +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5880 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +movzx ecx, byte [ebx + 0x1925] +movzx edx, byte [ebx + 0x1924] +and ecx, 1 +and edx, 1 +and eax, 0xfffffffc +add edx, edx +or eax, ecx +movzx ecx, byte [ebx + 0x1928] +or eax, edx +movzx edx, byte [ebx + 0x1923] +and eax, 0xffffffe3 +and ecx, 3 +and edx, 1 +shl edx, 4 +shl ecx, 2 +or eax, edx +or eax, ecx +cmp dword [ebp - 0x1c], 3 +jne short loc_fffabb2f ; jne 0xfffabb2f +movzx edx, byte [ebx + 0x1927] +and eax, 0xffffffbf +and edx, 1 +shl edx, 6 +or eax, edx +cmp byte [ebx + 0x190d], 0 +mov ecx, eax +je short loc_fffabb1c ; je 0xfffabb1c +cmp dword [ebx + 0x36cc], 1 +je short loc_fffabb43 ; je 0xfffabb43 + +loc_fffabb1c: ; not directly referenced +xor edx, edx +cmp byte [ebx + 0x1929], 0 +sete dl +and al, 0x7f +shl edx, 7 +jmp short loc_fffabb3f ; jmp 0xfffabb3f + +loc_fffabb2f: ; not directly referenced +movzx edx, byte [ebx + 0x1926] +and eax, 0xffffffbf +and edx, 1 +shl edx, 6 + +loc_fffabb3f: ; not directly referenced +mov ecx, eax +or ecx, edx + +loc_fffabb43: ; not directly referenced +add esp, 0x1c +mov eax, ebx pop ebx +mov edx, 0x5880 pop esi +pop edi pop ebp -jmp near fcn_fffaafda ; jmp 0xfffaafda +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -fcn_fffab64e: ; not directly referenced +fcn_fffabb56: ; not directly referenced push ebp mov ebp, esp +push edi +mov edi, eax push esi -mov esi, dword [ebp + 0xc] -push ebx -mov ebx, dword [ebp + 8] +movzx esi, dl push ebx -call fcn_fffaafc2 ; call 0xfffaafc2 -mov dword [ebp + 8], ebx -pop edx -and eax, esi -mov dword [ebp + 0xc], eax -lea esp, [ebp - 8] +sub esp, 0x2c +mov bl, byte [ebp + 0xc] +mov dword [ebp - 0x20], eax +imul eax, esi, 0x13c3 +mov dword [ebp - 0x24], esi +mov byte [ebp - 0x19], 0 +mov byte [ebp - 0x1a], bl +mov bl, byte [ebp + 0x10] +lea eax, [edi + eax + 0x3757] +mov dword [ebp - 0x28], eax +lea eax, [ecx + ecx*8] +mov dword [ebp - 0x2c], ecx +mov byte [ebp - 0x31], bl +mov dword [ebp - 0x30], eax + +loc_fffabb93: ; not directly referenced +mov edi, dword [ebp - 0x20] +mov al, byte [ebp - 0x19] +cmp al, byte [edi + 0x2489] +jae loc_fffabc72 ; jae 0xfffabc72 +mov al, byte [ebp - 0x19] +mov esi, dword [ebp + 8] +movzx edi, al +bt esi, eax +jae loc_fffabc6a ; jae 0xfffabc6a +mov eax, dword [ebp - 0x30] +lea ebx, [edi + eax] +movsx ax, byte [ebp - 0x1a] +add ebx, ebx +add ebx, dword [ebp - 0x28] +mov word [ebp - 0x1c], ax +add ax, word [ebx + 0x1b1] +js short loc_fffabbe2 ; js 0xfffabbe2 +mov esi, 0x1ff +cmp ax, 0x1ff +cmovbe esi, eax +jmp short loc_fffabbe4 ; jmp 0xfffabbe4 + +loc_fffabbe2: ; not directly referenced +xor esi, esi + +loc_fffabbe4: ; not directly referenced +push eax +movzx eax, si +mov ecx, dword [ebp - 0x2c] +push eax +mov edx, dword [ebp - 0x24] +mov eax, dword [ebp - 0x20] +push 0 +push edi +call fcn_fffa7447 ; call 0xfffa7447 +mov eax, dword [ebp - 0x28] +add esp, 0xc +add eax, dword [ebp - 0x30] +mov ecx, dword [ebp - 0x1c] +movzx eax, byte [edi + eax + 0x24d] +mov edx, ecx +add dx, word [ebx + 0x121] +add cx, word [ebx + 0x169] +and eax, 0x3f +shl eax, 0x14 +and edx, 0x1ff +shl edx, 9 +and ecx, 0x1ff +or eax, edx +mov edx, dword [ebp - 0x24] +or eax, ecx +mov ecx, dword [ebp - 0x2c] +push eax +mov eax, dword [ebp - 0x20] +push 3 +push edi +call fcn_fffa735e ; call 0xfffa735e +add esp, 0x10 +cmp byte [ebp - 0x31], 0 +je short loc_fffabc6a ; je 0xfffabc6a +mov eax, dword [ebp - 0x1c] +add word [ebx + 0x121], ax +add word [ebx + 0x169], ax +mov word [ebx + 0x1b1], si + +loc_fffabc6a: ; not directly referenced +inc byte [ebp - 0x19] +jmp near loc_fffabb93 ; jmp 0xfffabb93 + +loc_fffabc72: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi +pop edi pop ebp -jmp near fcn_fffaafda ; jmp 0xfffaafda +ret -fcn_fffab673: +fcn_fffabc7a: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi push ebx -mov ebx, ecx -sub esp, 0x4c -mov edi, dword [ebp + 0xc] -lea ecx, [ecx + 0x186e] -mov dword [ebp - 0x3c], ecx -mov dword [ebp - 0x44], edx +sub esp, 0x3c +mov eax, dword [ebp + 8] +mov ebx, dword [ebp + 0x18] mov edx, dword [ebp + 0x10] -mov ecx, dword [edi + 0x1e] -mov esi, dword [edi + 9] -mov dword [ebx + 0x18bd], 0x102 -mov dword [ebx + 0x1877], 2 -mov dword [ebp - 0x40], ecx -mov ecx, dword [ebx + 0x2443] -mov dword [ebx + 0x18b9], esi -mov byte [ebx + 0x1876], 0 -mov dword [ebx + 0x18a3], 0 -mov dword [ebp - 0x30], ecx -mov cl, byte [esi + 0xf2] -mov byte [ebx + 0x2407], cl -mov ecx, dword [esi + 4] -cmp ecx, 2 -je short loc_fffab6eb ; je 0xfffab6eb -cmp ecx, 3 -je short loc_fffab6f8 ; je 0xfffab6f8 -dec ecx -jne short loc_fffab73a ; jne 0xfffab73a -jmp short loc_fffab70c ; jmp 0xfffab70c - -loc_fffab6eb: -cmp eax, 4 -setne al -movzx eax, al -add eax, eax -jmp short loc_fffab704 ; jmp 0xfffab704 +mov edi, eax +mov dword [ebp - 0x1c], eax +mov eax, dword [ebp + 0x1c] +mov byte [ebp - 0x26], bl +mov dword [ebp - 0x24], eax +mov eax, dword [ebp + 0x20] +mov esi, eax +mov dword [ebp - 0x30], eax +mov al, byte [ebp + 0x14] +mov byte [ebp - 0x34], al +mov eax, esi +mov byte [ebp - 0x25], al +movzx eax, byte [ebp + 0xc] +mov dword [ebp - 0x20], eax +imul eax, eax, 0x13c3 +cmp dword [edi + 0x2481], 3 +sete cl +lea esi, [edi + eax + 0x3757] +mov dword [ebp - 0x2c], ecx +test dl, dl +je short loc_fffabd29 ; je 0xfffabd29 +mov ecx, dword [ebp - 0x24] +mov edi, 0x7f +cmp ecx, 0x7f +cmovg ecx, edi +xor eax, eax +test ecx, ecx +cmovns eax, ecx +cmp dl, 2 +je loc_fffabecf ; je 0xfffabecf +ja short loc_fffabd01 ; ja 0xfffabd01 +dec dl +je loc_fffabe8e ; je 0xfffabe8e +jmp near loc_fffac0bd ; jmp 0xfffac0bd -loc_fffab6f8: -cmp eax, 4 -setne al -movzx eax, al -lea eax, [eax + eax*2] +loc_fffabd01: ; not directly referenced +cmp dl, 3 +je loc_fffabf6c ; je 0xfffabf6c +cmp dl, 4 +jne loc_fffac0bd ; jne 0xfffac0bd +cmp eax, 0x7f +cmovg eax, edi +movzx edi, byte [ebp - 0x34] +xor edx, edx +xor ebx, ebx +mov dword [ebp - 0x24], edi +jmp near loc_fffabfd0 ; jmp 0xfffabfd0 -loc_fffab704: -mov dword [ebx + 0x18a7], eax -jmp short loc_fffab744 ; jmp 0xfffab744 +loc_fffabd29: ; not directly referenced +cmp dword [ebp - 0x2c], 0 +je loc_fffabdfc ; je 0xfffabdfc +mov ecx, dword [ebp - 0x1c] +xor ebx, ebx +xor edi, edi +imul edx, dword [ebp - 0x20], 0x54a +add eax, ecx +add edx, ecx +mov dword [ebp - 0x34], edx +mov dword [ebp - 0x3c], eax -loc_fffab70c: -cmp eax, 4 -je short loc_fffab73a ; je 0xfffab73a -mov dword [ebx + 0x18a7], 1 -movzx eax, byte [esi + 0x53] -mov dword [ebx + 0x1877], eax -mov al, byte [esi + 0x54] -mov byte [ebx + 0x1876], al -movzx eax, word [esi + 0x4c] -mov dword [ebx + 0x18a3], eax -jmp short loc_fffab744 ; jmp 0xfffab744 +loc_fffabd4b: ; not directly referenced +movzx edx, byte [ebp - 0x26] +imul eax, ebx, 7 +bt edx, ebx +mov dword [ebp - 0x2c], eax +movzx eax, byte [esi + ebx + 0x241] +jae loc_fffabde9 ; jae 0xfffabde9 +add eax, dword [ebp - 0x24] +mov ecx, 0x80 +cdq +idiv ecx +test dl, dl +lea eax, [edx - 0x80] +cmovns eax, edx +cmp byte [ebp - 0x25], 0 +je short loc_fffabd86 ; je 0xfffabd86 +mov byte [esi + ebx + 0x241], al -loc_fffab73a: -mov dword [ebx + 0x18a7], 0 +loc_fffabd86: ; not directly referenced +mov cl, byte [ebp - 0x2c] +movsx eax, al +mov dword [ebp - 0x2c], 0 +shl eax, cl +add edi, eax +mov eax, dword [ebp - 0x34] +movzx eax, byte [eax + ebx + 0x1ea9] +mov dword [ebp - 0x30], eax +movzx eax, byte [ebp - 0x25] +mov dword [ebp - 0x38], eax -loc_fffab744: -mov eax, dword [edi + 1] -mov eax, dword [eax + 4] -mov dword [ebx + 0x18c5], eax -mov eax, dword [edi + 1] -mov eax, dword [eax + 0x10] -mov dword [ebx + 0x18c1], eax -mov eax, dword [edi + 1] -mov eax, dword [eax + 0x14] -mov dword [ebx + 0x18c9], eax -mov eax, dword [edi + 1] -mov eax, dword [eax + 0x18] -mov dword [ebx + 0x18d1], 0xfed00000 -mov dword [ebx + 0x18cd], eax -mov eax, dword [edi + 5] -movzx eax, word [eax] -mov dword [ebx + 0x18d9], eax -movzx eax, word [esi + 1] -mov dword [ebx + 0x1872], eax -mov eax, dword [edi + 1] -mov eax, dword [eax + 0x1c] -shr eax, 0x14 -cmp edx, 0x40650 -sete cl -cmp edx, 0x306c0 -mov dword [ebx + 0x18dd], eax -sete al -or cl, al -mov eax, dword [edi + 5] -jne short loc_fffab7c4 ; jne 0xfffab7c4 -cmp edx, 0x40660 -jne short loc_fffab7ca ; jne 0xfffab7ca +loc_fffabdac: ; not directly referenced +mov cl, byte [ebp - 0x2c] +mov eax, 1 +shl eax, cl +mov ecx, dword [ebp - 0x3c] +test byte [ecx + 0x381b], al +je short loc_fffabdde ; je 0xfffabdde +movsx eax, byte [ebp - 0x24] +push edx +mov ecx, dword [ebp - 0x2c] +push dword [ebp - 0x38] +mov edx, dword [ebp - 0x20] +push eax +mov eax, dword [ebp - 0x1c] +push dword [ebp - 0x30] +call fcn_fffabb56 ; call 0xfffabb56 +add esp, 0x10 -loc_fffab7c4: -movzx eax, word [eax + 2] -jmp short loc_fffab7d5 ; jmp 0xfffab7d5 +loc_fffabdde: ; not directly referenced +inc dword [ebp - 0x2c] +cmp dword [ebp - 0x2c], 4 +jne short loc_fffabdac ; jne 0xfffabdac +jmp short loc_fffabdf0 ; jmp 0xfffabdf0 -loc_fffab7ca: -movzx ecx, word [eax + 2] -mov eax, 1 +loc_fffabde9: ; not directly referenced +mov cl, byte [ebp - 0x2c] shl eax, cl +add edi, eax -loc_fffab7d5: -mov dword [ebx + 0x1893], eax -mov eax, dword [edi + 5] -movzx eax, byte [eax + 4] -mov byte [ebx + 0x18b3], 0 -shl eax, 5 -mov dword [ebx + 0x188f], eax -push eax -push eax -lea eax, [ebx + 0x189c] -push eax -lea eax, [ebx + 0x189b] -push eax -lea eax, [ebx + 0x189a] -push eax -lea eax, [ebx + 0x1899] -push eax -lea eax, [ebx + 0x1898] +loc_fffabdf0: ; not directly referenced +inc ebx +cmp ebx, 2 +jne loc_fffabd4b ; jne 0xfffabd4b +jmp short loc_fffabe7b ; jmp 0xfffabe7b + +loc_fffabdfc: ; not directly referenced +movzx eax, byte [ebp - 0x34] +xor ebx, ebx +xor edi, edi +mov dword [ebp - 0x30], eax +movzx eax, byte [ebp - 0x25] +mov dword [ebp - 0x34], eax + +loc_fffabe0e: ; not directly referenced +mov edx, dword [ebp - 0x30] +imul eax, ebx, 7 +bt edx, ebx +mov dword [ebp - 0x2c], eax +movzx eax, byte [esi + ebx + 0x241] +jae short loc_fffabe6e ; jae 0xfffabe6e +add eax, dword [ebp - 0x24] +mov ecx, 0x80 +cdq +idiv ecx +test dl, dl +lea eax, [edx - 0x80] +cmovns eax, edx +cmp byte [ebp - 0x25], 0 +je short loc_fffabe44 ; je 0xfffabe44 +mov byte [esi + ebx + 0x241], al + +loc_fffabe44: ; not directly referenced +mov cl, byte [ebp - 0x2c] +movsx eax, al +mov edx, dword [ebp - 0x20] +shl eax, cl +mov ecx, ebx +add edi, eax push eax -lea eax, [ebx + 0x1897] +movsx eax, byte [ebp - 0x24] +push dword [ebp - 0x34] push eax -mov eax, dword [ebp - 0x30] -call dword [eax + 0x50] ; ucall -mov eax, dword [edi + 1] -movzx eax, byte [eax + 0x20] -mov dword [ebx + 0x187f], eax -mov eax, dword [edi + 9] -mov al, byte [eax + 0xc6] -mov byte [ebx + 0x18b0], al -mov eax, dword [esi + 0x4e] -mov word [ebx + 0x1902], 0x3e8 -mov word [ebx + 0x1904], 0x3e8 -mov byte [ebx + 0x18b2], 0 -mov dword [ebx + 0x18ee], eax -mov al, byte [esi + 0x2e] -mov byte [ebx + 0x2442], 0 -mov byte [ebx + 0x18b5], al -mov al, byte [esi + 0x2f] -mov byte [ebx + 0x23ff], al -mov al, byte [esi + 0x30] -mov byte [ebx + 0x2400], al -mov al, byte [esi + 0x31] -mov byte [ebx + 0x2401], al -mov al, byte [esi + 0x6b] -mov byte [ebx + 0x2402], al -mov al, byte [ebx + 0x2403] -mov dl, byte [esi + 0x32] -and eax, 0xfffffffe -and edx, 1 -or eax, edx -mov byte [ebx + 0x2403], al -mov dl, byte [esi + 0x33] -and eax, 0xfffffffd -and edx, 1 -add edx, edx -or eax, edx -mov byte [ebx + 0x2403], al -mov dl, byte [esi + 0x34] -and eax, 0xfffffffb -and edx, 1 -shl edx, 2 -or eax, edx -mov byte [ebx + 0x2403], al -mov dl, byte [esi + 0x35] -and eax, 0xfffffff7 -and edx, 1 -shl edx, 3 -or eax, edx -mov byte [ebx + 0x2403], al -mov dl, byte [esi + 0x36] -and eax, 0xffffffef -and edx, 1 -shl edx, 4 -or eax, edx -mov byte [ebx + 0x2403], al -mov dl, byte [esi + 0x37] -and eax, 0xffffffdf -and edx, 1 -shl edx, 5 -or eax, edx -mov byte [ebx + 0x2403], al -mov dl, byte [esi + 0x38] -and eax, 0xffffffbf -and edx, 1 -shl edx, 6 -or eax, edx -mov byte [ebx + 0x2403], al -mov dl, byte [esi + 0x39] +mov eax, dword [ebp - 0x1c] +push 0x1ff +call fcn_fffabb56 ; call 0xfffabb56 +add esp, 0x10 +jmp short loc_fffabe75 ; jmp 0xfffabe75 + +loc_fffabe6e: ; not directly referenced +mov cl, byte [ebp - 0x2c] +shl eax, cl +add edi, eax + +loc_fffabe75: ; not directly referenced +inc ebx +cmp ebx, 4 +jne short loc_fffabe0e ; jne 0xfffabe0e + +loc_fffabe7b: ; not directly referenced +mov edx, dword [ebp - 0x20] +mov ecx, edi +shl edx, 8 +add edx, 0x180c +jmp near loc_fffac0ae ; jmp 0xfffac0ae + +loc_fffabe8e: ; not directly referenced +cmp eax, 0x7f +mov edx, dword [ebp - 0x20] +cmovle edi, eax +mov eax, edi and eax, 0x7f -shl edx, 7 -or eax, edx -mov byte [ebx + 0x2403], al -mov al, byte [ebx + 0x2404] -mov dl, byte [esi + 0x3a] -and edx, 1 -and eax, 0xfffffffe -or eax, edx -mov byte [ebx + 0x2404], al -mov dl, byte [esi + 0x3b] -and eax, 0xfffffffd -and edx, 1 -add edx, edx -or eax, edx -mov byte [ebx + 0x2404], al -mov dl, byte [esi + 0x3c] -and eax, 0xfffffffb -and edx, 1 -shl edx, 2 -or eax, edx -mov byte [ebx + 0x2404], al -mov dl, byte [esi + 0x3e] -and eax, 0xffffffef -and edx, 1 -shl edx, 4 -or eax, edx -mov byte [ebx + 0x2404], al -mov dl, byte [esi + 0x3f] -and eax, 0xffffffdf -and edx, 1 -shl edx, 5 -or eax, edx -mov byte [ebx + 0x2404], al -mov dl, byte [esi + 0x40] -and eax, 0xffffffbf -and edx, 1 -shl edx, 6 -or eax, edx -mov byte [ebx + 0x2404], al -mov dl, byte [esi + 0x41] +mov ecx, eax +shl ecx, 7 +or ecx, eax +mov eax, dword [ebp - 0x1c] +shl edx, 8 +add edx, 0x1408 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x30], 0 +je loc_fffac0bd ; je 0xfffac0bd +mov dword [esi + 0x119], edi +mov dword [esi + 0x11d], edi +jmp near loc_fffac0bd ; jmp 0xfffac0bd + +loc_fffabecf: ; not directly referenced +cmp eax, 0x7f +cmovle edi, eax +cmp dword [ebp - 0x2c], 0 +je short loc_fffabf0f ; je 0xfffabf0f +mov eax, edi +test bl, 1 +jne short loc_fffabee8 ; jne 0xfffabee8 +mov al, byte [esi + 0x111] + +loc_fffabee8: ; not directly referenced and eax, 0x7f -shl edx, 7 -or eax, edx -mov byte [ebx + 0x2404], al -mov al, byte [ebx + 0x2405] -mov dl, byte [esi + 0x42] -and eax, 0xfffffffe -and edx, 1 -or eax, edx -mov byte [ebx + 0x2405], al -mov dl, byte [esi + 0x43] -and eax, 0xfffffffb -and edx, 1 -shl edx, 2 -or eax, edx -mov byte [ebx + 0x2405], al -mov dl, byte [esi + 0x44] -and edx, 1 -shl edx, 3 -and eax, 0xfffffff7 -or eax, edx -add esp, 0x20 -mov byte [ebx + 0x2405], al -mov dl, byte [esi + 0x47] -and eax, 0xffffffbf -and edx, 1 -shl edx, 6 -or eax, edx -mov byte [ebx + 0x2405], al -mov dl, byte [esi + 0x48] and eax, 0x7f -shl edx, 7 -or eax, edx -mov byte [ebx + 0x2405], al -mov al, byte [ebx + 0x2406] -mov dl, byte [esi + 0x49] -and eax, 0xfffffffe -and edx, 1 -or eax, edx -mov byte [ebx + 0x2406], al -mov dl, byte [esi + 0x4a] -and eax, 0xfffffffd -and edx, 1 -add edx, edx -or eax, edx -mov byte [ebx + 0x2406], al -mov dl, byte [esi + 0x4b] -and eax, 0xfffffffb -and edx, 1 -shl edx, 2 -or eax, edx -mov byte [ebx + 0x2406], al -cmp byte [edi], 1 -jbe short loc_fffabaa2 ; jbe 0xfffabaa2 -mov dl, byte [esi + 0x58] -and eax, 0xfffffff7 -and edx, 1 -shl edx, 3 -or eax, edx -mov byte [ebx + 0x2406], al -mov dl, byte [esi + 0x59] -and eax, 0xffffffef -and edx, 1 -shl edx, 4 -or eax, edx -mov byte [ebx + 0x2406], al -mov dl, byte [esi + 0x5a] -and eax, 0xffffffdf -and edx, 1 -shl edx, 5 -or eax, edx -jmp short loc_fffabaa8 ; jmp 0xfffabaa8 +and bl, 2 +jne short loc_fffabefa ; jne 0xfffabefa +movzx edi, byte [esi + 0x115] -loc_fffabaa2: -and eax, 0xffffffe7 -or eax, 0x20 +loc_fffabefa: ; not directly referenced +and edi, 0x7f +mov ebx, edi +and ebx, 0x7f +shl ebx, 7 +or ebx, eax +cmp byte [ebp - 0x30], 0 +jne short loc_fffabf43 ; jne 0xfffabf43 +jmp short loc_fffabf59 ; jmp 0xfffabf59 -loc_fffabaa8: -mov byte [ebx + 0x2406], al -mov al, byte [ebx + 0x2405] -cmp byte [edi], 3 -jbe short loc_fffabb0d ; jbe 0xfffabb0d -mov dl, byte [esi + 0x5c] -and eax, 0xfffffffd -and edx, 1 -add edx, edx -or eax, edx -mov byte [ebx + 0x2405], al -mov al, byte [esi + 0x5d] -mov byte [ebx + 0x1906], al -mov al, byte [esi + 0x5e] -mov byte [ebx + 0x1907], al -mov al, byte [esi + 0x5f] -mov byte [ebx + 0x1908], al -mov al, byte [esi + 0x60] -mov byte [ebx + 0x1909], al -mov al, byte [esi + 0x61] -mov byte [ebx + 0x190a], al -mov al, byte [esi + 0x62] -mov byte [ebx + 0x190b], al -mov al, byte [esi + 0x63] -mov byte [ebx + 0x190c], al -jmp short loc_fffabb47 ; jmp 0xfffabb47 +loc_fffabf0f: ; not directly referenced +mov eax, edi +mov edx, dword [ebp - 0x20] +and eax, 0x7f +mov ebx, eax +shl ebx, 7 +or ebx, eax +mov eax, dword [ebp - 0x1c] +shl edx, 8 +mov ecx, ebx +add edx, 0x1208 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x30], 0 +je short loc_fffabf59 ; je 0xfffabf59 +mov dword [esi + 0x109], edi +mov dword [esi + 0x10d], edi -loc_fffabb0d: -or eax, 2 -mov byte [ebx + 0x2405], al -mov byte [ebx + 0x1906], 0xff -mov byte [ebx + 0x1907], 0x40 -mov byte [ebx + 0x1908], 1 -mov byte [ebx + 0x1909], 1 -mov byte [ebx + 0x190a], 0 -mov byte [ebx + 0x190b], 7 -mov byte [ebx + 0x190c], 0 +loc_fffabf43: ; not directly referenced +mov eax, ebx +and eax, 0x7f +mov dword [esi + 0x111], eax +mov eax, ebx +shr eax, 7 +mov dword [esi + 0x115], eax -loc_fffabb47: -cmp byte [edi], 4 -jbe short loc_fffabb72 ; jbe 0xfffabb72 -mov eax, dword [esi + 0x64] -mov edx, 0x5f5e100 -cmp eax, 0x55d4a7f -jbe short loc_fffabb6a ; jbe 0xfffabb6a -mov ecx, 0xf4240 -xor edx, edx -div ecx -imul edx, eax, 0xf4240 +loc_fffabf59: ; not directly referenced +mov edx, dword [ebp - 0x20] +mov ecx, ebx +shl edx, 8 +add edx, 0x1a08 +jmp near loc_fffac0ae ; jmp 0xfffac0ae -loc_fffabb6a: -mov dword [ebx + 0x187b], edx -jmp short loc_fffabb7c ; jmp 0xfffabb7c +loc_fffabf6c: ; not directly referenced +cmp eax, 0x7f +mov edx, dword [ebp - 0x20] +cmovle edi, eax +mov eax, edi +and eax, 0x7f +mov ecx, eax +shl ecx, 7 +or ecx, eax +mov eax, dword [ebp - 0x1c] +shl edx, 8 +add edx, 0x1208 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x30], 0 +je loc_fffac0bd ; je 0xfffac0bd +mov dword [esi + 0x109], edi +mov dword [esi + 0x10d], edi +jmp near loc_fffac0bd ; jmp 0xfffac0bd -loc_fffabb72: -mov dword [ebx + 0x187b], 0x5f5e100 +loc_fffabfad: ; not directly referenced +imul ecx, edx, 7 +mov edi, eax +shl edi, cl +add ebx, edi +cmp byte [ebp - 0x25], 0 +je short loc_fffabfca ; je 0xfffabfca +mov byte [esi + edx + 0x245], al +mov byte [esi + edx + 0x249], al -loc_fffabb7c: -cmp byte [edi], 5 -mov dl, byte [ebx + 0x2406] -jbe short loc_fffabb97 ; jbe 0xfffabb97 -mov al, byte [esi + 0x6a] -and edx, 0xffffffbf -and eax, 1 -shl eax, 6 -or edx, eax -jmp short loc_fffabb9a ; jmp 0xfffabb9a +loc_fffabfca: ; not directly referenced +inc edx +cmp edx, 4 +je short loc_fffabfe9 ; je 0xfffabfe9 -loc_fffabb97: -or edx, 0x40 +loc_fffabfd0: ; not directly referenced +mov edi, dword [ebp - 0x24] +bt edi, edx +jb short loc_fffabfad ; jb 0xfffabfad +movzx edi, byte [esi + edx + 0x245] +imul ecx, edx, 7 +shl edi, cl +add ebx, edi +jmp short loc_fffabfca ; jmp 0xfffabfca -loc_fffabb9a: -mov byte [ebx + 0x2406], dl -cmp byte [edi], 8 -jbe short loc_fffabbd3 ; jbe 0xfffabbd3 -mov eax, dword [edi + 1] -mov eax, dword [eax + 0x2b] -shr eax, 0x14 -mov dword [ebx + 0x18e1], eax -mov al, byte [esi + 0x6d] -mov byte [ebx + 0x1917], al -mov ax, word [esi + 0x6e] -mov word [ebx + 0x1918], ax -mov al, byte [esi + 0x70] -mov byte [ebx + 0x191a], al -jmp short loc_fffabbf4 ; jmp 0xfffabbf4 +loc_fffabfe9: ; not directly referenced +cmp dword [ebp - 0x2c], 0 +je short loc_fffac010 ; je 0xfffac010 +mov eax, dword [ebp - 0x1c] +cmp byte [eax + 0x240a], 0 +je short loc_fffac010 ; je 0xfffac010 +movzx eax, byte [esi + 0x245] +and ebx, 0xffe03fff +and eax, 0x7f +shl eax, 0xe +or ebx, eax -loc_fffabbd3: -mov dword [ebx + 0x18e1], 4 -mov byte [ebx + 0x1917], 2 -mov word [ebx + 0x1918], 0x30ce -mov byte [ebx + 0x191a], 1 +loc_fffac010: ; not directly referenced +mov eax, dword [ebp - 0x20] +mov ecx, ebx +shl eax, 8 +mov dword [ebp - 0x24], eax +lea edx, [eax + 0x1c18] +mov eax, dword [ebp - 0x1c] +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x2c], 0 +je short loc_fffac09d ; je 0xfffac09d +mov eax, dword [ebp - 0x1c] +xor edi, edi +mov ecx, dword [ebp - 0x20] +mov dword [ebp - 0x20], 0 +movzx ebx, byte [eax + 0x240c] +shl ecx, 2 +sar ebx, cl +and ebx, 0xf -loc_fffabbf4: -cmp byte [edi], 9 -jbe loc_fffabef9 ; jbe 0xfffabef9 -mov al, byte [esi + 0x71] -mov byte [ebx + 0x1923], al -mov al, byte [esi + 0x72] -mov byte [ebx + 0x1924], al -mov al, byte [esi + 0x73] -mov byte [ebx + 0x1925], al -mov al, byte [esi + 0x74] -mov byte [ebx + 0x1926], al -mov eax, dword [ebx + 0x1887] -cmp eax, 0x40650 -je short loc_fffabc37 ; je 0xfffabc37 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffabc40 ; jne 0xfffabc40 +loc_fffac04d: ; not directly referenced +xor edx, edx -loc_fffabc37: -mov dl, byte [esi + 0x75] -mov byte [ebx + 0x1927], dl +loc_fffac04f: ; not directly referenced +mov cl, dl +mov eax, ebx +shr eax, cl +mov ecx, eax +and ecx, 1 +cmp ecx, edi +jne short loc_fffac06e ; jne 0xfffac06e +movzx eax, byte [esi + edi + 0x249] +imul ecx, edx, 7 +shl eax, cl +add dword [ebp - 0x20], eax -loc_fffabc40: -mov dl, byte [esi + 0x76] -mov byte [ebx + 0x1928], dl -mov dl, byte [esi + 0x77] -mov byte [ebx + 0x1929], dl -mov dl, byte [esi + 0x78] -mov byte [ebx + 0x192a], dl -mov dl, byte [esi + 0x79] -mov byte [ebx + 0x192b], dl -mov dl, byte [esi + 0x7a] -mov byte [ebx + 0x192c], dl -mov dl, byte [esi + 0x7b] -mov byte [ebx + 0x192e], dl -mov dl, byte [esi + 0x7c] -mov byte [ebx + 0x192d], dl -mov dl, byte [esi + 0x7d] -mov byte [ebx + 0x192f], dl -mov dl, byte [esi + 0x7e] -mov byte [ebx + 0x1930], dl -mov dl, byte [esi + 0x7f] -mov byte [ebx + 0x1931], dl -mov dl, byte [esi + 0x80] -mov byte [ebx + 0x1932], dl -mov dx, word [esi + 0x81] -mov word [ebx + 0x1933], dx -mov dl, byte [esi + 0x83] -mov byte [ebx + 0x1935], dl -mov dl, byte [esi + 0x84] -mov byte [ebx + 0x1936], dl -mov dl, byte [esi + 0x85] -mov byte [ebx + 0x1937], dl -mov dx, word [esi + 0x86] -mov word [ebx + 0x1938], dx -mov dl, byte [esi + 0x88] -mov byte [ebx + 0x193a], dl -mov dl, byte [esi + 0x89] -mov byte [ebx + 0x193b], dl -mov dl, byte [esi + 0x8a] -mov byte [ebx + 0x193c], dl -mov dl, byte [esi + 0x8b] -mov byte [ebx + 0x193d], dl -mov dl, byte [esi + 0x8c] -mov byte [ebx + 0x193e], dl -mov dl, byte [esi + 0x8d] -mov byte [ebx + 0x193f], dl -mov dl, byte [esi + 0x8e] -mov byte [ebx + 0x1940], dl -mov dl, byte [esi + 0x8f] -mov byte [ebx + 0x1941], dl -mov dl, byte [esi + 0x90] -mov byte [ebx + 0x1942], dl -mov dl, byte [esi + 0x91] -mov byte [ebx + 0x1943], dl -mov dl, byte [esi + 0x92] -mov byte [ebx + 0x1944], dl -mov dl, byte [esi + 0x93] -mov byte [ebx + 0x1945], dl -mov dl, byte [esi + 0x94] -mov byte [ebx + 0x1946], dl -mov dl, byte [esi + 0x95] -mov byte [ebx + 0x1947], dl -mov dl, byte [esi + 0x96] -mov byte [ebx + 0x1948], dl -mov dl, byte [esi + 0x97] -mov byte [ebx + 0x1949], dl -mov dl, byte [esi + 0x98] -mov byte [ebx + 0x194b], dl -mov dl, byte [esi + 0x99] -mov byte [ebx + 0x194a], dl -mov dl, byte [esi + 0xa2] -mov byte [ebx + 0x194d], dl -mov dl, byte [esi + 0xa3] -mov byte [ebx + 0x194c], dl -mov dl, byte [esi + 0x9a] -mov byte [ebx + 0x194f], dl -mov dl, byte [esi + 0x9b] -mov byte [ebx + 0x194e], dl -mov dl, byte [esi + 0xa4] -mov byte [ebx + 0x1951], dl -mov dl, byte [esi + 0xa5] -mov byte [ebx + 0x1950], dl -mov dl, byte [esi + 0x9c] -mov byte [ebx + 0x1953], dl -mov dl, byte [esi + 0x9d] -mov byte [ebx + 0x1952], dl -mov dl, byte [esi + 0xa6] -mov byte [ebx + 0x1955], dl -mov dl, byte [esi + 0xa7] -mov byte [ebx + 0x1954], dl -mov dl, byte [esi + 0x9e] -mov byte [ebx + 0x1957], dl -mov dl, byte [esi + 0x9f] -mov byte [ebx + 0x1956], dl -mov dl, byte [esi + 0xa8] -mov byte [ebx + 0x1959], dl -mov dl, byte [esi + 0xa9] -mov byte [ebx + 0x1958], dl -mov dl, byte [esi + 0xa0] -mov byte [ebx + 0x195b], dl -mov dl, byte [esi + 0xa1] -mov byte [ebx + 0x195a], dl -mov dl, byte [esi + 0xaa] -mov byte [ebx + 0x195d], dl -mov dl, byte [esi + 0xab] -mov byte [ebx + 0x195c], dl -mov dl, byte [esi + 0xac] -mov byte [ebx + 0x195e], dl -mov dx, word [esi + 0xad] -mov word [ebx + 0x195f], dx -mov dl, byte [esi + 0xaf] -mov byte [ebx + 0x1961], dl -mov dl, byte [esi + 0xb0] -mov byte [ebx + 0x1962], dl -cmp eax, 0x40650 -je short loc_fffabedc ; je 0xfffabedc -cmp dword [ebx + 0x188b], 1 -jne loc_fffac030 ; jne 0xfffac030 +loc_fffac06e: ; not directly referenced +inc edx +cmp edx, 4 +jne short loc_fffac04f ; jne 0xfffac04f +inc edi +cmp edi, 4 +jne short loc_fffac04d ; jne 0xfffac04d +mov eax, dword [ebp - 0x20] +mov ecx, eax +mov edx, eax +shr ecx, 0xe +and eax, 0xffe03fff +shr edx, 0x15 +and ecx, 0x7f +and edx, 0x7f +mov ebx, eax +add edx, ecx +shr edx, 1 +shl edx, 0xe +or ebx, edx -loc_fffabedc: -mov al, byte [esi + 0xb1] -mov byte [ebx + 0x1963], al -mov al, byte [esi + 0xb2] -mov byte [ebx + 0x1964], al -jmp near loc_fffac030 ; jmp 0xfffac030 +loc_fffac09d: ; not directly referenced +mov edx, dword [ebp - 0x24] +and ebx, 0xf01fffff +mov ecx, ebx +add edx, 0x1218 -loc_fffabef9: -mov ecx, dword [ebx + 0x1887] -mov byte [ebx + 0x1923], 0 -mov byte [ebx + 0x1924], 0 -mov byte [ebx + 0x1925], 0 -mov byte [ebx + 0x1926], 1 -cmp ecx, 0x40650 -je short loc_fffabf2c ; je 0xfffabf2c -cmp dword [ebx + 0x188b], 1 -jne short loc_fffabf33 ; jne 0xfffabf33 +loc_fffac0ae: ; not directly referenced +mov eax, dword [ebp - 0x1c] +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -loc_fffabf2c: -mov byte [ebx + 0x1927], 0 +loc_fffac0bd: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffabf33: -mov byte [ebx + 0x1928], 0 -lea eax, [ebx + 0x193a] -xor edx, edx -mov byte [ebx + 0x1929], 1 -mov byte [ebx + 0x192a], 0 -mov byte [ebx + 0x192c], 3 -mov byte [ebx + 0x192f], 0 -mov byte [ebx + 0x1930], 0 -mov byte [ebx + 0x1931], 0 -mov byte [ebx + 0x1932], 0 -mov word [ebx + 0x1933], 0 -mov byte [ebx + 0x1935], 0 -mov byte [ebx + 0x1936], 0 -mov byte [ebx + 0x1937], 0 -mov word [ebx + 0x1938], 0 +fcn_fffac0c5: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov ebx, dword [ebp + 8] +mov eax, dword [ebx + 0x5edd] +mov edi, dword [ebx + 0x2444] +mov esi, dword [ebx + 0x36e4] +mov dword [ebp - 0x2c], eax +mov eax, dword [ebx + 0x188b] +mov dword [ebp - 0x20], esi +cmp eax, 1 +mov dword [ebp - 0x1c], eax +mov eax, dword [ebx + 0x18c1] +sbb esi, esi +push 0xe4 +and esi, 0xfffffdeb +push 0 +add esi, 0xc80 +push 0 +push 0 +mov dword [ebp - 0x24], eax +call dword [edi + 0x4c] ; ucall +mov edx, dword [ebp - 0x24] +lea ecx, [eax + edx] +mov dword [esp], ecx +mov dword [ebp - 0x28], ecx +call dword [edi + 0x20] ; ucall +mov ecx, dword [ebp - 0x28] +add ecx, 4 +mov dword [esp], ecx +mov dword [ebp - 0x24], eax +call dword [edi + 0x20] ; ucall +add esp, 0x10 +test byte [ebp - 0x24], 8 +setne cl +movzx edi, cl +mov dword [ebp - 0x24], edi +mov edi, dword [ebx + 0x1872] +mov edx, eax +shr eax, 4 +mov byte [ebp - 0x2d], cl +mov cl, al +mov eax, dword [ebx + 0x1877] +shr edx, 0x15 +and ecx, 7 +dec edi +cmp edi, 0x7ffffffd +cmovbe esi, dword [ebx + 0x1872] +mov dword [ebx + 0x36e4], eax +mov dword [ebx + 0x36d4], esi +and edx, 7 +je short loc_fffac18e ; je 0xfffac18e +cmp eax, 2 +jne short loc_fffac198 ; jne 0xfffac198 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffac198 ; jne 0xfffac198 -loc_fffabf9a: -mov byte [ebx + edx + 0x192d], 0 -inc edx -add eax, 2 -mov byte [eax - 2], 0xff -mov byte [eax + 2], 0xff -mov byte [eax + 6], 0xff -mov byte [eax + 0xa], 0xff -mov byte [eax + 0xe], 0 -mov byte [eax + 0x12], 0 -mov byte [eax + 0x16], 0 -mov byte [eax + 0x1a], 0 -mov byte [eax + 0x1e], 0 -mov byte [eax - 1], 0xff -mov byte [eax + 3], 0xff -mov byte [eax + 7], 0xff -mov byte [eax + 0xb], 0xff -mov byte [eax + 0xf], 0 -mov byte [eax + 0x13], 0 -mov byte [eax + 0x17], 0 -mov byte [eax + 0x1b], 0 -mov byte [eax + 0x1f], 0 -cmp edx, 2 -jne short loc_fffabf9a ; jne 0xfffabf9a -mov byte [ebx + 0x195e], 1 -mov word [ebx + 0x195f], 0x200 -mov byte [ebx + 0x1961], 0 -mov byte [ebx + 0x1962], 0x30 -cmp ecx, 0x40650 -je short loc_fffac022 ; je 0xfffac022 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffac030 ; jne 0xfffac030 +loc_fffac18e: ; not directly referenced +mov dword [ebx + 0x36e4], 0 -loc_fffac022: -mov byte [ebx + 0x1963], 1 -mov byte [ebx + 0x1964], 0x40 +loc_fffac198: ; not directly referenced +cmp dword [ebp - 0x24], 0 +mov edi, dword [ebx + 0x36e4] +je short loc_fffac1bd ; je 0xfffac1bd +test edx, edx +je short loc_fffac1f5 ; je 0xfffac1f5 +mov byte [ebx + 0x247f], 1 +mov edx, 7 +mov dword [ebp - 0x28], 0 +jmp short loc_fffac1c9 ; jmp 0xfffac1c9 -loc_fffac030: -cmp byte [edi], 0xa -jbe short loc_fffac05b ; jbe 0xfffac05b -mov al, byte [esi + 0xc2] -mov byte [ebx + 0x18b7], al -mov al, byte [esi + 0xc3] -mov byte [ebx + 0x18b8], al -mov al, byte [esi + 0xc4] -mov byte [ebx + 0x2411], al -jmp short loc_fffac070 ; jmp 0xfffac070 +loc_fffac1bd: ; not directly referenced +movzx eax, cl +xor esi, esi +mov dword [ebp - 0x28], eax +test edx, edx +je short loc_fffac1e5 ; je 0xfffac1e5 -loc_fffac05b: -mov byte [ebx + 0x18b7], 1 -mov byte [ebx + 0x18b8], 1 -mov byte [ebx + 0x2411], 0 +loc_fffac1c9: ; not directly referenced +sub esp, 0xc +add edx, 6 +push 0x5f5e100 +mov ecx, 1 +mov eax, ebx +call fcn_fffb3d18 ; call 0xfffb3d18 +add esp, 0x10 +mov esi, eax -loc_fffac070: -cmp byte [edi], 0xb -mov al, byte [ebx + 0x2404] -jbe short loc_fffac08e ; jbe 0xfffac08e -mov dl, byte [esi + 0xc5] -and eax, 0xfffffff7 -and edx, 1 -shl edx, 3 -or eax, edx -jmp short loc_fffac091 ; jmp 0xfffac091 +loc_fffac1e5: ; not directly referenced +mov eax, dword [ebp - 0x28] +test eax, eax +je short loc_fffac1f7 ; je 0xfffac1f7 +mov edx, 0xb +sub edx, eax +jmp short loc_fffac1fc ; jmp 0xfffac1fc -loc_fffac08e: -or eax, 8 +loc_fffac1f5: ; not directly referenced +xor esi, esi -loc_fffac091: -mov byte [ebx + 0x2404], al -mov cl, byte [ebx + 0x2405] -cmp byte [edi], 0xe -jbe loc_fffac149 ; jbe 0xfffac149 -mov al, byte [esi + 0xf3] -and ecx, 0xffffffef -mov dl, cl +loc_fffac1f7: ; not directly referenced +mov edx, 0xa + +loc_fffac1fc: ; not directly referenced +sub esp, 0xc xor ecx, ecx -mov byte [ebx + 0x1965], al -mov al, byte [esi + 0xce] -and eax, 1 -shl eax, 4 -or edx, eax -mov byte [ebx + 0x2405], dl -mov al, byte [esi + 0xcf] -mov byte [ebx + 0x190d], al -mov al, byte [esi + 0xd1] -mov byte [ebx + 0x2420], al +push 0x5f5e100 +mov eax, ebx +call fcn_fffb3d18 ; call 0xfffb3d18 +mov ecx, dword [ebp - 0x2c] +add esp, 0x10 +mov dl, byte [ebp - 0x2d] +mov dword [ecx + 0x1c6], esi +mov byte [ecx + 0x1ca], dl +cmp dword [ebx + 0x18a7], 0 +je short loc_fffac247 ; je 0xfffac247 +cmp dword [ebp - 0x24], 0 +je short loc_fffac239 ; je 0xfffac239 +cmp edi, 1 +cmove eax, esi +jmp short loc_fffac249 ; jmp 0xfffac249 -loc_fffac0e5: -mov eax, dword [esi + ecx + 0xd2] -mov edx, dword [esi + ecx + 0xd6] -mov dword [ebx + ecx + 0x2421], eax -mov dword [ebx + ecx + 0x2425], edx -add ecx, 8 -cmp ecx, 0x20 -jne short loc_fffac0e5 ; jne 0xfffac0e5 -mov al, byte [esi + 0xd0] -mov byte [ebx + 0x240f], al -mov al, byte [esi + 0xf4] -mov byte [ebx + 0x191b], al -mov eax, dword [esi + 0xf5] -mov dword [ebx + 0x191c], eax -mov ax, word [esi + 0xf9] -mov word [ebx + 0x1920], ax -mov al, byte [esi + 0xfb] -mov byte [ebx + 0x1922], al -jmp short loc_fffac1a0 ; jmp 0xfffac1a0 +loc_fffac239: ; not directly referenced +xor edi, edi +cmp esi, eax +jbe short loc_fffac249 ; jbe 0xfffac249 +mov eax, esi +mov di, 1 +jmp short loc_fffac249 ; jmp 0xfffac249 -loc_fffac149: -cmp dword [ebx + 0x188b], 1 -mov al, cl -mov byte [ebx + 0x1965], 1 -mov byte [ebx + 0x190d], 0 -setne dl -and eax, 0xffffffef -shl edx, 4 -or eax, edx -mov byte [ebx + 0x2405], al -mov byte [ebx + 0x2420], 0 -mov byte [ebx + 0x240f], 0 -mov byte [ebx + 0x191b], 1 -mov dword [ebx + 0x191c], 0x320 -mov word [ebx + 0x1920], 0x118 -mov byte [ebx + 0x1922], 7 +loc_fffac247: ; not directly referenced +xor edi, edi -loc_fffac1a0: -cmp byte [edi], 0xf -mov dl, byte [ebx + 0x2405] -jbe short loc_fffac1ca ; jbe 0xfffac1ca -mov al, byte [esi + 0xfc] -and edx, 0xffffffdf -mov byte [ebx + 0x2410], al -mov al, byte [esi + 0xfd] -and eax, 1 -shl eax, 5 -or edx, eax -jmp short loc_fffac1d4 ; jmp 0xfffac1d4 +loc_fffac249: ; not directly referenced +cmp eax, dword [ebx + 0x36d4] +jae short loc_fffac26c ; jae 0xfffac26c +cmp dword [ebx + 0x1877], 2 +mov dword [ebx + 0x36d4], eax +je short loc_fffac266 ; je 0xfffac266 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffac26c ; jne 0xfffac26c -loc_fffac1ca: -mov byte [ebx + 0x2410], 0 -and edx, 0xffffffdf +loc_fffac266: ; not directly referenced +mov dword [ebx + 0x36e4], edi -loc_fffac1d4: -mov byte [ebx + 0x2405], dl -cmp byte [edi], 0x11 -jbe short loc_fffac207 ; jbe 0xfffac207 -movzx eax, byte [esi + 0xfe] -mov dword [ebx + 0x190e], eax -movzx eax, byte [esi + 0xff] -mov dword [ebx + 0x1912], eax -mov al, byte [esi + 0x100] -mov byte [ebx + 0x1916], al -jmp short loc_fffac222 ; jmp 0xfffac222 +loc_fffac26c: ; not directly referenced +cmp dword [ebp - 0x20], 1 +jne short loc_fffac290 ; jne 0xfffac290 +cmp dword [ebx + 0x1877], 2 +jne short loc_fffac290 ; jne 0xfffac290 +cmp dword [ebx + 0x1887], 0x306d0 +jne short loc_fffac290 ; jne 0xfffac290 +cmp dword [ebx + 0x1883], 4 +ja short loc_fffac299 ; ja 0xfffac299 -loc_fffac207: -mov dword [ebx + 0x190e], 0 -mov dword [ebx + 0x1912], 0xe -mov byte [ebx + 0x1916], 0 +loc_fffac290: ; not directly referenced +cmp dword [ebx + 0x36e4], 2 +jne short loc_fffac2a2 ; jne 0xfffac2a2 -loc_fffac222: -cmp byte [edi], 0x12 -mov byte [ebp - 0x45], 0xff -jbe short loc_fffac234 ; jbe 0xfffac234 -mov al, byte [esi + 0x101] -mov byte [ebp - 0x45], al +loc_fffac299: ; not directly referenced +mov eax, dword [ebp - 0x20] +mov dword [ebx + 0x36e4], eax -loc_fffac234: -mov dword [ebx + 0x189f], 0 -mov byte [ebx + 0x189e], 0 -mov al, byte [esi + 0xc7] -mov byte [ebx + 0x241f], al -mov al, byte [esi + 0xcc] -mov byte [ebx + 0x2441], 0 -mov byte [ebx + 0x240c], al -mov al, byte [esi + 0x11] -mov byte [ebx + 0x18b4], al -mov al, byte [esi + 0x2c] -mov byte [ebx + 0x18b6], al -mov al, byte [esi] -mov byte [ebx + 0x18b1], al -mov al, byte [edi + 0x22] -mov byte [ebx + 0x2408], al -mov eax, dword [ebx + 0x1887] -cmp eax, 0x40650 -je short loc_fffac2a1 ; je 0xfffac2a1 -cmp dword [ebx + 0x188b], 1 -jne loc_fffac354 ; jne 0xfffac354 +loc_fffac2a2: ; not directly referenced +mov ecx, dword [ebx + 0x36d4] +mov edx, ref_fffd37fc ; mov edx, 0xfffd37fc +xor eax, eax -loc_fffac2a1: -mov dl, byte [esi + 0x57] -mov byte [ebx + 0x2409], dl -cmp eax, 0x40670 -je short loc_fffac2b8 ; je 0xfffac2b8 -mov byte [ebx + 0x240a], 0 +loc_fffac2af: ; not directly referenced +add edx, 9 +cmp ecx, dword [edx - 5] +jne short loc_fffac2c2 ; jne 0xfffac2c2 +lea eax, [eax + eax*8] +mov eax, dword [eax + ref_fffd37fc] ; mov eax, dword [eax - 0x2c804] +jmp short loc_fffac2cd ; jmp 0xfffac2cd -loc_fffac2b8: -cmp dword [ebx + 0x188b], 1 -jne loc_fffac354 ; jne 0xfffac354 -mov eax, dword [ebp - 0x30] -mov byte [ebx + 0x240b], 0 -mov eax, dword [eax + 0x80] -test eax, eax -je short loc_fffac2ec ; je 0xfffac2ec -lea edx, [ebp - 0x20] -push edx -lea edx, [ebp - 0x1c] -push edx -push 0x1b -push 1 -call eax -add esp, 0x10 -jmp short loc_fffac2f3 ; jmp 0xfffac2f3 +loc_fffac2c2: ; not directly referenced +inc eax +cmp eax, 0x15 +jne short loc_fffac2af ; jne 0xfffac2af +mov eax, 0x2625a0 -loc_fffac2ec: -mov dword [ebp - 0x1c], 0 +loc_fffac2cd: ; not directly referenced +mov dword [ebx + 0x36dc], eax +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffac2f3: -cmp dword [ebp - 0x1c], 0 -je short loc_fffac344 ; je 0xfffac344 -mov dx, word [ebp - 0x1a] -mov ecx, 0xb +fcn_fffac2dd: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x9c +mov eax, dword [ebp + 8] +mov dword [ebp - 0x88], 0 +mov dword [ebp - 0x94], 0 +mov dword [ebp - 0x90], 0 +mov byte [eax + 0x36cb], 8 +add eax, 0x1973 +mov dword [ebp - 0x9c], eax +mov eax, dword [ebp + 8] +mov dword [ebp - 0x7c], 0x17 +mov dword [ebp - 0x80], eax + +loc_fffac329: ; not directly referenced +mov eax, dword [ebp - 0x80] +xor ebx, ebx +add eax, 0x3757 +mov dword [ebp - 0x8c], eax +mov eax, dword [ebp - 0x9c] +mov dword [ebp - 0x84], eax +mov dword [ebp - 0x98], eax +mov eax, dword [ebp - 0x88] +add eax, 0x48ca +mov dword [ebp - 0xa0], eax + +loc_fffac35c: ; not directly referenced +mov eax, dword [ebp - 0x98] +cmp dword [eax], 1 +ja loc_fffac4fa ; ja 0xfffac4fa +mov eax, dword [ebp - 0x84] +mov esi, ref_fffd3768 ; mov esi, 0xfffd3768 +mov ecx, 0xd +lea edi, [ebp - 0x78] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [eax + 0x48] +mov eax, dword [ebp - 0xa0] +lea esi, [eax + ebx] +mov eax, dword [ebp - 0x80] +add esi, dword [ebp + 8] +mov dword [eax + ebx + 0x48ca], 3 xor eax, eax -mov word [ebp - 0x2c], 0x4e20 -and edx, 0xfff -mov dword [ebp - 0x38], edx -loc_fffac313: -mov edx, dword [ebp - 0x38] -sar edx, cl -mov dword [ebp - 0x34], edx -mov edx, dword [ebp - 0x2c] -add edx, eax -test byte [ebp - 0x34], 1 -cmovne eax, edx -dec ecx -shr word [ebp - 0x2c], 1 -cmp ecx, 0xffffffff -jne short loc_fffac313 ; jne 0xfffac313 -mov ecx, 0xa +loc_fffac39f: ; not directly referenced +inc eax +cmp byte [edi + eax - 1], 0 +je short loc_fffac3b0 ; je 0xfffac3b0 xor edx, edx -div cx -mov word [ebx + 0x1902], ax -jmp short loc_fffac34d ; jmp 0xfffac34d +mov eax, 1 +jmp short loc_fffac3bc ; jmp 0xfffac3bc -loc_fffac344: -mov word [ebx + 0x1902], 0x352 +loc_fffac3b0: ; not directly referenced +cmp eax, 0x200 +jne short loc_fffac39f ; jne 0xfffac39f +jmp near loc_fffac4fa ; jmp 0xfffac4fa -loc_fffac34d: -mov byte [ebx + 0x240d], 0 +loc_fffac3bc: ; not directly referenced +cmp dl, 0xc +setbe cl +test cl, al +je short loc_fffac3e8 ; je 0xfffac3e8 +push eax +movzx eax, dl +push esi +push edi +push dword [ebp + 8] +mov dword [ebp - 0xa4], edx +call dword [ebp + eax*4 - 0x78] ; ucall +mov edx, dword [ebp - 0xa4] +add esp, 0x10 +inc edx +and eax, 1 +jmp short loc_fffac3bc ; jmp 0xfffac3bc -loc_fffac354: -movzx eax, byte [ebp - 0x44] -lea ecx, [ebx + 0x19bb] -mov byte [ebx + 0x196a], 0 -mov dword [ebp - 0x2c], 0 -mov dword [ebp - 0x50], eax +loc_fffac3e8: ; not directly referenced +test eax, eax +mov eax, dword [ebp - 0x80] +jne short loc_fffac3ff ; jne 0xfffac3ff +mov dword [eax + ebx + 0x48ca], 1 +jmp near loc_fffac4fa ; jmp 0xfffac4fa -loc_fffac36f: -mov edx, dword [ebp - 0x2c] -mov al, byte [ebp - 0x45] -mov byte [ebp - 0x34], dl -cmp dl, al -je short loc_fffac3c9 ; je 0xfffac3c9 -mov eax, dword [ebp - 0x2c] -mov al, byte [esi + eax + 0x2a] -cmp al, 2 -je short loc_fffac3a2 ; je 0xfffac3a2 -cmp al, 3 -je short loc_fffac3c9 ; je 0xfffac3c9 -dec al -jne short loc_fffac3ea ; jne 0xfffac3ea -mov dword [ecx - 0x48], 1 -mov dword [ecx + 0x22f], 0 -jmp short loc_fffac3b3 ; jmp 0xfffac3b3 +loc_fffac3ff: ; not directly referenced +mov dword [eax + ebx + 0x48ca], 2 +mov eax, dword [ebp - 0x84] +mov al, byte [eax + 0x4a] +cmp al, 0xf1 +sete cl +cmp al, 0xb +sete dl +or cl, dl +je short loc_fffac433 ; je 0xfffac433 +mov eax, dword [ebp - 0x84] +mov edx, 0xb +add eax, 0xbd +jmp short loc_fffac44d ; jmp 0xfffac44d -loc_fffac3a2: -mov dword [ecx - 0x48], 0 -mov dword [ecx + 0x22f], 1 +loc_fffac433: ; not directly referenced +cmp al, 0xc +jne short loc_fffac449 ; jne 0xfffac449 +mov eax, dword [ebp - 0x84] +mov edx, 9 +add eax, 0x188 +jmp short loc_fffac44d ; jmp 0xfffac44d -loc_fffac3b3: -mov dword [ecx - 0x50], 2 -inc byte [ebx + 0x196a] -mov dword [ecx - 0x4c], 1 -jmp short loc_fffac40f ; jmp 0xfffac40f +loc_fffac449: ; not directly referenced +xor edx, edx +xor eax, eax -loc_fffac3c9: -mov dword [ecx - 0x48], 1 -mov dword [ecx + 0x22f], 1 -mov dword [ecx - 0x50], 1 -mov dword [ecx - 0x4c], 0 -jmp short loc_fffac40f ; jmp 0xfffac40f +loc_fffac44d: ; not directly referenced +mov edi, dword [ebp - 0x88] +lea ecx, [edi + ebx + 0x49b5] +add ecx, dword [ebp + 8] +call fcn_fffb3d76 ; call 0xfffb3d76 +mov eax, dword [ebp - 0x84] +cmp dword [eax], 1 +jne short loc_fffac47b ; jne 0xfffac47b +mov eax, dword [ebp - 0x80] +mov dword [eax + ebx + 0x48ca], 1 -loc_fffac3ea: -mov dword [ecx - 0x48], 0 -mov dword [ecx + 0x22f], 0 -mov dword [ecx - 0x50], 2 -inc byte [ebx + 0x196a] -mov dword [ecx - 0x4c], 2 +loc_fffac47b: ; not directly referenced +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x2481] +test eax, eax +jne short loc_fffac4a0 ; jne 0xfffac4a0 +mov eax, dword [ebp - 0x8c] +mov edi, dword [ebp + 8] +mov eax, dword [eax + ebx + 0x1248] +mov dword [edi + 0x2481], eax +jmp short loc_fffac4b9 ; jmp 0xfffac4b9 -loc_fffac40f: -mov edx, dword [ebp - 0x40] -push eax -imul eax, dword [ebp - 0x2c], 0xc -push 0xc -add eax, dword [edx + 0xd4] -mov dword [ebp - 0x38], ecx -push eax -lea eax, [ecx + 0x4ee] -push eax -mov eax, dword [ebp - 0x30] -call dword [eax + 0x58] ; ucall -mov edx, dword [ebp - 0x40] -add esp, 0xc -push 8 -mov ecx, dword [ebp - 0x2c] -mov eax, dword [edx + 0xd8] -lea eax, [eax + ecx*8] -mov ecx, dword [ebp - 0x38] -push eax -lea eax, [ecx + 0x4a6] -push eax -mov eax, dword [ebp - 0x30] -call dword [eax + 0x58] ; ucall -mov al, byte [ebp - 0x34] -add esp, 0x10 -mov ecx, dword [ebp - 0x38] -mov dword [ebp - 0x38], 0 -add eax, eax -mov byte [ebp - 0x47], al -mov al, byte [ebp - 0x2c] -mov dword [ebp - 0x34], ecx -and eax, 7 -mov byte [ebp - 0x46], al -shl byte [ebp - 0x46], 4 +loc_fffac4a0: ; not directly referenced +mov esi, dword [ebp - 0x8c] +cmp eax, dword [esi + ebx + 0x1248] +mov eax, 0x1a +cmove eax, dword [ebp - 0x7c] +mov dword [ebp - 0x7c], eax -loc_fffac47a: -mov dword [ebp - 0x54], ecx -mov ecx, dword [ebp - 0x34] -mov edx, dword [edi + 1] -mov eax, ecx -sub eax, 0x48 -mov dword [ebp - 0x4c], eax -mov al, byte [ebp - 0x47] -add eax, dword [ebp - 0x38] -movzx eax, al -mov al, byte [edx + eax] -mov edx, dword [ebp - 0x30] -mov byte [ecx + 0x22e], al -push eax -push 3 -push ref_fffd3620 ; push 0xfffd3620 -lea eax, [ecx - 4] -push eax -call dword [edx + 0x58] ; ucall -mov ecx, dword [ebp - 0x34] +loc_fffac4b9: ; not directly referenced +cmp dword [ebp - 0x90], 0 +mov eax, dword [ebp - 0x8c] +jne short loc_fffac4d7 ; jne 0xfffac4d7 +mov eax, dword [eax + ebx + 0x124c] +mov dword [ebp - 0x90], eax +jmp short loc_fffac4ea ; jmp 0xfffac4ea + +loc_fffac4d7: ; not directly referenced +mov edi, dword [ebp - 0x90] +cmp edi, dword [eax + ebx + 0x124c] +jne loc_fffac65a ; jne 0xfffac65a + +loc_fffac4ea: ; not directly referenced +cmp dword [ebp - 0x7c], 0x1a +je loc_fffac683 ; je 0xfffac683 +inc dword [ebp - 0x94] + +loc_fffac4fa: ; not directly referenced +add ebx, 0x128 +add dword [ebp - 0x98], 0x277 +add dword [ebp - 0x84], 0x277 +cmp ebx, 0x250 +jne loc_fffac35c ; jne 0xfffac35c +add dword [ebp - 0x88], 0x13c3 +add dword [ebp - 0x9c], 0x54a +add dword [ebp - 0x80], 0x13c3 +cmp dword [ebp - 0x88], 0x2786 +jne loc_fffac329 ; jne 0xfffac329 +cmp dword [ebp - 0x94], 0 +je loc_fffac683 ; je 0xfffac683 +lea edi, [ebp - 0x78] +mov esi, ref_fffd379c ; mov esi, 0xfffd379c +mov ecx, 0x18 +xor ebx, ebx +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov eax, 1 + +loc_fffac56e: ; not directly referenced +cmp bl, 0x17 +setbe dl +test dl, al +je short loc_fffac58e ; je 0xfffac58e +sub esp, 0xc +movzx eax, bl +push dword [ebp + 8] +inc ebx +call dword [ebp + eax*4 - 0x78] ; ucall add esp, 0x10 -mov al, byte [ebp - 0x38] -mov cl, byte [ecx + 0x22e] -and eax, 0xf -test cl, cl -setne dl -or al, byte [ebp - 0x46] -mov byte [ebp - 0x48], cl -mov cl, dl -shl ecx, 7 -or eax, ecx -mov ecx, dword [ebp - 0x4c] -mov byte [ecx + 0x47], al -mov ecx, dword [ebp - 0x34] -cmp dword [ecx - 0x48], 1 -mov ecx, dword [ebp - 0x54] -ja short loc_fffac552 ; ja 0xfffac552 -test dl, dl -je short loc_fffac523 ; je 0xfffac523 -mov eax, dword [ebp - 0x44] -cmp eax, 3 -sete dl +and eax, 1 +jmp short loc_fffac56e ; jmp 0xfffac56e + +loc_fffac58e: ; not directly referenced test eax, eax -sete al -or dl, al -je short loc_fffac552 ; je 0xfffac552 -push edx -movzx eax, byte [ebp - 0x48] -push 0x41 -push ref_fffd35a0 ; push 0xfffd35a0 -push 0x3c -push ref_fffd35e4 ; push 0xfffd35e4 -push dword [ebp - 0x34] -mov dword [ebp - 0x4c], ecx -push eax -mov eax, dword [ebp - 0x30] -push dword [ebp - 0x50] -call dword [eax + 0x78] ; ucall -add esp, 0x20 -jmp short loc_fffac54f ; jmp 0xfffac54f +je loc_fffac683 ; je 0xfffac683 +mov eax, dword [ebp + 8] +mov esi, dword [ebp + 8] +mov byte [eax + 0x3749], 1 +add eax, 0x48ca +add esi, 0x7050 -loc_fffac523: -mov dword [ebp - 0x4c], ecx -mov ecx, dword [ebp - 0x2c] -push eax -push 0x200 -mov eax, ecx -add eax, ecx -mov ecx, dword [ebp - 0x40] -add eax, dword [ebp - 0x38] -shl eax, 9 -add eax, dword [ecx + 0xd0] -push eax -mov eax, dword [ebp - 0x30] -push dword [ebp - 0x34] -call dword [eax + 0x58] ; ucall -add esp, 0x10 +loc_fffac5ae: ; not directly referenced +mov edx, eax +xor ecx, ecx -loc_fffac54f: -mov ecx, dword [ebp - 0x4c] +loc_fffac5b2: ; not directly referenced +mov edi, dword [edx] +lea ebx, [edi - 1] +cmp ebx, 1 +ja short loc_fffac5c2 ; ja 0xfffac5c2 +inc dword [eax - 0x10b3] -loc_fffac552: -inc dword [ebp - 0x38] -add dword [ebp - 0x34], 0x277 -cmp dword [ebp - 0x38], 2 -jne loc_fffac47a ; jne 0xfffac47a -inc dword [ebp - 0x2c] -add ecx, 0x54a -cmp dword [ebp - 0x2c], 2 -jne loc_fffac36f ; jne 0xfffac36f -mov eax, dword [ebp - 0x44] -mov edx, edi -cmp eax, 2 -je short loc_fffac59a ; je 0xfffac59a -cmp eax, 3 -je short loc_fffac5a9 ; je 0xfffac5a9 -dec eax -mov eax, dword [ebp - 0x3c] -jne short loc_fffac5b8 ; jne 0xfffac5b8 -call fcn_fffc3e29 ; call 0xfffc3e29 -mov eax, 1 -jmp short loc_fffac5bf ; jmp 0xfffac5bf +loc_fffac5c2: ; not directly referenced +cmp dword [edx], 2 +jne short loc_fffac618 ; jne 0xfffac618 +mov bl, byte [edx + 0xed] +cmp bl, 1 +je short loc_fffac5dd ; je 0xfffac5dd +cmp bl, 2 +sete bl +lea ebx, [ebx + ebx*2] +jmp short loc_fffac5df ; jmp 0xfffac5df -loc_fffac59a: -mov eax, dword [ebp - 0x3c] -call fcn_fffc3e29 ; call 0xfffc3e29 -mov eax, 2 -jmp short loc_fffac5bf ; jmp 0xfffac5bf +loc_fffac5dd: ; not directly referenced +mov bl, 1 -loc_fffac5a9: -mov eax, dword [ebp - 0x3c] -call fcn_fffc3e29 ; call 0xfffc3e29 -mov eax, 3 -jmp short loc_fffac5bf ; jmp 0xfffac5bf +loc_fffac5df: ; not directly referenced +mov edi, dword [ebp + 8] +movzx ebx, bl +shl ebx, cl +or byte [eax - 0x10af], bl +mov bl, byte [edx + 0xcc] +and byte [edi + 0x3749], bl +mov bl, byte [edi + 0x36cb] +movzx edi, byte [edx + 0xf4] +cmp byte [edx + 0xf4], bl +cmovbe ebx, edi +mov edi, dword [ebp + 8] +mov byte [edi + 0x36cb], bl -loc_fffac5b8: -call fcn_fffc3e29 ; call 0xfffc3e29 -xor eax, eax +loc_fffac618: ; not directly referenced +add ecx, 2 +add edx, 0x128 +cmp ecx, 4 +jne short loc_fffac5b2 ; jne 0xfffac5b2 +cmp dword [eax - 0x10b3], 0 +je short loc_fffac64b ; je 0xfffac64b +cmp byte [eax - 0x10af], 0 +je short loc_fffac64b ; je 0xfffac64b +mov ecx, dword [ebp + 8] +inc byte [ecx + 0x3756] +mov dword [eax - 0x1173], 2 + +loc_fffac64b: ; not directly referenced +add eax, 0x13c3 +cmp eax, esi +jne loc_fffac5ae ; jne 0xfffac5ae +jmp short loc_fffac663 ; jmp 0xfffac663 + +loc_fffac65a: ; not directly referenced +mov dword [ebp - 0x7c], 0x1a +jmp short loc_fffac683 ; jmp 0xfffac683 + +loc_fffac663: ; not directly referenced +mov eax, dword [ebp + 8] +cmp byte [eax + 0x3756], 0 +je short loc_fffac683 ; je 0xfffac683 +mov eax, dword [ebp + 8] +mov dword [ebp - 0x7c], 0 +mov dword [eax + 0x374f], 2 -loc_fffac5bf: +loc_fffac683: ; not directly referenced +mov eax, dword [ebp - 0x7c] lea esp, [ebp - 0xc] pop ebx pop esi @@ -16281,90 +16285,194 @@ pop edi pop ebp ret -fcn_fffac5c7: ; not directly referenced +fcn_fffac68e: ; not directly referenced push ebp mov ebp, esp push edi -mov edi, edx push esi -mov esi, 1 +mov esi, eax push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 8] -lea ecx, [edx - 4] -cmp ecx, 3 -cmova esi, dword [ebp + 0x10] -and edi, 3 -mov dword [ebp - 0x1c], ebx -mov ebx, dword [ebp + 0xc] -cmp edi, 3 -sete cl -test al, al -sete dl -mov dword [ebp - 0x20], ebx -test cl, dl -jne short loc_fffac666 ; jne 0xfffac666 -mov ecx, 0xffff -xor ebx, ebx -test al, al -je short loc_fffac60f ; je 0xfffac60f -or ecx, 0xffffffff -xor ebx, ebx +movzx ebx, dl +sub esp, 0x2c +mov eax, dword [ebp + 0x10] +imul edx, ebx, 0x13c3 +cmp dword [ebp + 8], 0 +mov byte [ebp - 0x20], cl +mov dword [ebp - 0x2c], eax +mov cl, al +lea eax, [esi + edx + 0x3757] +mov dword [ebp - 0x1c], eax +je short loc_fffac6c6 ; je 0xfffac6c6 +mov al, byte [eax + 0xc4] +mov byte [ebp - 0x20], al -loc_fffac60f: ; not directly referenced -test esi, esi -jne short loc_fffac62a ; jne 0xfffac62a -cmp dword [ebp - 0x20], ebx -jb short loc_fffac626 ; jb 0xfffac626 -ja short loc_fffac61f ; ja 0xfffac61f -cmp dword [ebp - 0x1c], ecx +loc_fffac6c6: ; not directly referenced +cmp dword [esi + 0x2481], 3 +sete byte [ebp - 0x24] +xor edi, edi +imul edx, ebx, 0x13c3 +lea eax, [esi + edx] +mov dword [ebp - 0x30], eax +movzx eax, cl +mov dword [ebp - 0x28], eax -loc_fffac61d: ; not directly referenced -jbe short loc_fffac626 ; jbe 0xfffac626 +loc_fffac6e5: ; not directly referenced +mov eax, dword [ebp - 0x30] +mov edx, 1 +mov ecx, edi +shl edx, cl +test byte [eax + 0x381b], dl +je short loc_fffac754 ; je 0xfffac754 +mov al, byte [ebp - 0x24] +cmp dword [ebp + 8], 0 +setne cl +xor eax, 1 +test cl, al +je short loc_fffac727 ; je 0xfffac727 +push eax +push dword [ebp - 0x28] +push dword [ebp + 0xc] +mov dword [ebp - 0x34], edx +push edx +push edx +push 0 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +mov edx, dword [ebp - 0x34] +jmp short loc_fffac732 ; jmp 0xfffac732 -loc_fffac61f: ; not directly referenced -mov eax, 0x80000003 -jmp short loc_fffac66b ; jmp 0xfffac66b +loc_fffac727: ; not directly referenced +cmp dword [ebp + 8], 0 +jne short loc_fffac732 ; jne 0xfffac732 +test byte [ebp - 0x20], dl +je short loc_fffac754 ; je 0xfffac754 -loc_fffac626: ; not directly referenced -xor eax, eax -jmp short loc_fffac66b ; jmp 0xfffac66b +loc_fffac732: ; not directly referenced +mov eax, dword [ebp - 0x1c] +push ecx +push dword [ebp - 0x28] +movzx ecx, byte [eax + edi + 0x245] +add ecx, dword [ebp + 0xc] +push ecx +push 1 +push edx +push 4 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffac62a: ; not directly referenced -push eax +loc_fffac754: ; not directly referenced +inc edi +cmp edi, 4 +jne short loc_fffac6e5 ; jne 0xfffac6e5 +movzx edi, byte [ebp - 0x2c] +mov ecx, dword [ebp - 0x1c] +push edx +mov edx, dword [ebp + 0xc] +movzx eax, byte [ebp - 0x20] push edi +add edx, dword [ecx + 0x111] +mov dword [ebp - 0x20], eax +push edx +push 1 +push eax +push 2 push ebx -push ecx -call fcn_fffab0ef ; call 0xfffab0ef -lea ecx, [esi - 1] -add esp, 0x10 -cmp edx, 0 -ja short loc_fffac642 ; ja 0xfffac642 -cmp eax, ecx -jb short loc_fffac61f ; jb 0xfffac61f +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +cmp byte [ebp - 0x24], 0 +je loc_fffac83c ; je 0xfffac83c +imul edx, ebx, 0x54a +xor eax, eax +lea ecx, [edx + 0xf0] +mov dword [ebp - 0x24], ecx -loc_fffac642: ; not directly referenced +loc_fffac79e: ; not directly referenced +cmp al, 1 +setbe cl +cmp dword [ebp + 8], 0 +setne dl +test cl, dl +je short loc_fffac7eb ; je 0xfffac7eb +mov ecx, dword [ebp - 0x24] +movzx edx, al +lea edx, [esi + edx + 0x186e] +cmp byte [edx + ecx + 0x54b], 0 +je short loc_fffac7e8 ; je 0xfffac7e8 push ecx +mov edx, 1 push edi -xor edi, edi -sub eax, esi -sbb edx, edi -add eax, 1 -adc edx, 0 +mov cl, al +push dword [ebp + 0xc] +shl edx, cl +mov dword [ebp - 0x28], eax push edx -push eax -call fcn_fffab0f8 ; call 0xfffab0f8 -add esp, 0x10 -cmp dword [ebp - 0x20], edx -ja short loc_fffac61f ; ja 0xfffac61f -jb short loc_fffac626 ; jb 0xfffac626 -cmp dword [ebp - 0x1c], eax -jmp short loc_fffac61d ; jmp 0xfffac61d +push 0 +push 0 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x28] +add esp, 0x20 -loc_fffac666: ; not directly referenced -mov eax, 0x80000002 +loc_fffac7e8: ; not directly referenced +inc eax +jmp short loc_fffac79e ; jmp 0xfffac79e + +loc_fffac7eb: ; not directly referenced +mov eax, dword [ebp - 0x1c] +push edx +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x109] +push edx +push 1 +push dword [ebp - 0x20] +push 3 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x1c] +add esp, 0x1c +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x115] +push edx +push 2 +push dword [ebp - 0x20] +push 2 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x1c] +add esp, 0x1c +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x11d] +push edx +push 2 +jmp short loc_fffac84d ; jmp 0xfffac84d + +loc_fffac83c: ; not directly referenced +push eax +mov eax, dword [ebp - 0x1c] +mov edx, dword [ebp + 0xc] +push edi +add edx, dword [eax + 0x119] +push edx +push 1 -loc_fffac66b: ; not directly referenced +loc_fffac84d: ; not directly referenced +push dword [ebp - 0x20] +push 1 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 lea esp, [ebp - 0xc] pop ebx pop esi @@ -16372,5102 +16480,5430 @@ pop edi pop ebp ret -fcn_fffac673: -push ebp -mov ebp, esp -pop ebp -jmp near loc_fffd286c ; jmp 0xfffd286c - -fcn_fffac67c: ; not directly referenced +fcn_fffac864: ; not directly referenced push ebp mov ebp, esp push edi mov edi, eax push esi -xor eax, eax push ebx -lea esi, [edi + 0x374e] -sub esp, 0x3c -mov byte [ebp - 0x29], 0 -mov dword [ebp - 0x3c], esi - -loc_fffac696: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x29], 1 -setbe dl -test cl, dl -je loc_fffac7df ; je 0xfffac7df -movzx eax, byte [ebp - 0x29] -imul edx, eax, 0x13c3 -mov dword [ebp - 0x30], eax -lea eax, [edi + edx] -cmp dword [eax + 0x3756], 2 -jne loc_fffac7d0 ; jne 0xfffac7d0 -mov ebx, dword [ebp - 0x3c] -xor ecx, ecx -mov dword [ebp - 0x38], eax -lea esi, [ebx + edx + 8] -mov dword [ebp - 0x34], esi -mov esi, 1 - -loc_fffac6db: ; not directly referenced -mov edx, dword [ebp - 0x38] -mov eax, 1 -mov bl, cl -shl eax, cl -test byte [edx + 0x381a], al -je loc_fffac7ac ; je 0xfffac7ac -cmp byte [edi + 0x247b], 0 -je short loc_fffac719 ; je 0xfffac719 -mov al, cl -mov esi, dword [ebp - 0x34] -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -mov si, word [esi + eax + 0x126d] -jmp near loc_fffac7a2 ; jmp 0xfffac7a2 - -loc_fffac719: ; not directly referenced -mov edx, dword [ebp - 0x30] -mov eax, edi -mov dword [ebp - 0x40], ecx -call fcn_fffa6c42 ; call 0xfffa6c42 -test eax, eax -je loc_fffac7da ; je 0xfffac7da -mov dl, byte [eax + 1] -xor eax, eax -mov ecx, dword [ebp - 0x40] -test dl, dl -je short loc_fffac77a ; je 0xfffac77a -cmp dl, 0x3c -je short loc_fffac764 ; je 0xfffac764 -cmp dl, 0x78 -je short loc_fffac768 ; je 0xfffac768 -cmp dl, 0x28 -je short loc_fffac76c ; je 0xfffac76c -cmp dl, 0xf0 -je short loc_fffac770 ; je 0xfffac770 -cmp dl, 0x30 -je short loc_fffac774 ; je 0xfffac774 -cmp dl, 0x50 -je short loc_fffac778 ; je 0xfffac778 -cmp dl, 0x22 -mov al, 7 -mov dl, 0 -cmovne eax, edx -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac764: ; not directly referenced -mov al, 1 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac768: ; not directly referenced -mov al, 2 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac76c: ; not directly referenced -mov al, 3 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac770: ; not directly referenced -mov al, 4 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac774: ; not directly referenced -mov al, 5 -jmp short loc_fffac77a ; jmp 0xfffac77a - -loc_fffac778: ; not directly referenced -mov al, 6 +sub esp, 0x1c +mov eax, dword [eax + 0x188b] +mov dword [ebp - 0x20], edx +cmp eax, 1 +je short loc_fffac890 ; je 0xfffac890 +sbb ebx, ebx +mov esi, 0 +mov byte [ebp - 0x1a], 1 +and ebx, 0x364c +jmp short loc_fffac89e ; jmp 0xfffac89e -loc_fffac77a: ; not directly referenced -shl eax, 8 -and si, 0xf8ff -or esi, eax -mov al, bl -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -add eax, dword [ebp - 0x34] -mov word [eax + 0x126d], si -mov word [eax + 0x1285], si +loc_fffac890: ; not directly referenced +mov byte [ebp - 0x1a], 4 +mov esi, 4 +mov ebx, 0x3650 -loc_fffac7a2: ; not directly referenced -shr bl, 1 -movzx ebx, bl -mov word [ebp + ebx*2 - 0x1c], si +loc_fffac89e: ; not directly referenced +mov byte [ebp - 0x19], 0 -loc_fffac7ac: ; not directly referenced -add ecx, 2 -cmp ecx, 4 -jne loc_fffac6db ; jne 0xfffac6db -mov edx, dword [ebp - 0x30] -sub esp, 0xc -mov cl, 1 -lea eax, [ebp - 0x1c] -push eax +loc_fffac8a2: ; not directly referenced +mov ecx, dword [ebp - 0x20] +mov edx, ebx mov eax, edi -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffac7d2 ; jmp 0xfffac7d2 - -loc_fffac7d0: ; not directly referenced -xor eax, eax - -loc_fffac7d2: ; not directly referenced -inc byte [ebp - 0x29] -jmp near loc_fffac696 ; jmp 0xfffac696 - -loc_fffac7da: ; not directly referenced -mov eax, 1 - -loc_fffac7df: ; not directly referenced -lea esp, [ebp - 0xc] +add ebx, esi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov al, byte [ebp - 0x1a] +inc byte [ebp - 0x19] +cmp byte [ebp - 0x19], al +jb short loc_fffac8a2 ; jb 0xfffac8a2 +add esp, 0x1c pop ebx pop esi pop edi pop ebp ret -fcn_fffac7e7: ; not directly referenced +fcn_fffac8c3: ; not directly referenced push ebp -mov eax, 1 mov ebp, esp -movzx ecx, byte [ebp + 0x10] +push edi +mov edi, edx push esi -movzx esi, byte [ebp + 0xc] -mov edx, dword [ebp + 8] +mov esi, eax push ebx -sub ecx, esi -shl eax, cl -mov ecx, esi -dec eax -movzx ebx, dl -shl eax, cl -lea ecx, [esi - 1] -sar ebx, cl -test ebx, ebx -je short loc_fffac815 ; je 0xfffac815 -or eax, edx -jmp short loc_fffac819 ; jmp 0xfffac819 +sub esp, 0x2c +mov eax, dword [ebp + 8] +mov ebx, dword [esi + 0x2444] +shl edi, 0xa +mov dword [ebp - 0x20], ecx +add edi, 0x4214 +mov dword [ebp - 0x24], eax +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x28], eax +mov eax, dword [ebp + 0x10] +mov dword [ebp - 0x2c], eax +call dword [ebx + 0x54] ; ucall +add eax, 0x2710 +mov dword [ebp - 0x1c], eax -loc_fffac815: ; not directly referenced -not eax -and eax, edx +loc_fffac8ff: ; not directly referenced +mov edx, edi +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +shr eax, 0x18 +test al, al +jns short loc_fffac91e ; jns 0xfffac91e +call dword [ebx + 0x54] ; ucall +cmp dword [ebp - 0x1c], eax +ja short loc_fffac8ff ; ja 0xfffac8ff -loc_fffac819: ; not directly referenced -pop ebx -pop esi -pop ebp -ret +loc_fffac917: ; not directly referenced +mov eax, 0x12 +jmp short loc_fffac97e ; jmp 0xfffac97e -fcn_fffac81d: ; not directly referenced -push ebp -mov ebp, esp -movzx eax, byte [ebp + 0xc] -imul eax, eax, 0x13c3 -add eax, dword [ebp + 8] -pop ebp -cmp dword [eax + 0x130b], 2 -sete al -movzx eax, al -ret +loc_fffac91e: ; not directly referenced +mov ecx, dword [ebp - 0x28] +mov edx, edi +mov eax, dword [ebp - 0x24] +shl ecx, 0xd +and ax, 0x1fff +or ecx, eax +mov eax, dword [ebp - 0x20] +movzx ecx, cx +and eax, 3 +shl eax, 0x10 +or ecx, eax +mov eax, dword [ebp - 0x2c] +and eax, 0x1ff +shl eax, 0x15 +or ecx, eax +mov eax, esi +or ecx, 0x80100000 +call fcn_fffb3381 ; call 0xfffb3381 +call dword [ebx + 0x54] ; ucall +add eax, 0x2710 +mov dword [ebp - 0x1c], eax -fcn_fffac83c: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov ecx, dword [ebp + 0xc] -mov edx, dword [eax + 0xd5] -and edx, 0xfffffffd -dec edx -jne short loc_fffac856 ; jne 0xfffac856 -mov dl, byte [ecx + 0x3e] -jmp short loc_fffac85c ; jmp 0xfffac85c +loc_fffac962: ; not directly referenced +mov edx, edi +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +shr eax, 0x18 +test al, al +jns short loc_fffac97c ; jns 0xfffac97c +call dword [ebx + 0x54] ; ucall +cmp dword [ebp - 0x1c], eax +ja short loc_fffac962 ; ja 0xfffac962 +jmp short loc_fffac917 ; jmp 0xfffac917 -loc_fffac856: ; not directly referenced -mov dl, byte [ecx + 0x82] +loc_fffac97c: ; not directly referenced +xor eax, eax -loc_fffac85c: ; not directly referenced -mov cl, dl -and edx, 0x1f -shr cl, 7 -movzx ecx, cl -shl ecx, 5 -or edx, ecx -mov byte [eax + 0xf5], dl -mov eax, 1 +loc_fffac97e: ; not directly referenced +add esp, 0x2c +pop ebx +pop esi +pop edi pop ebp ret -fcn_fffac879: ; not directly referenced +fcn_fffac986: ; not directly referenced push ebp mov ebp, esp push edi +mov edi, eax push esi push ebx -sub esp, 0x3c -mov eax, dword [ebp + 8] -mov dword [ebp - 0x3c], 0 -mov dword [ebp - 0x20], 0 -mov edi, dword [eax + 0x1887] -mov dword [ebp - 0x2c], edi -lea edi, [eax + 0x2407] -mov dword [ebp - 0x48], edi - -loc_fffac8a5: ; not directly referenced -mov edi, dword [ebp - 0x20] -mov edx, 0x4b0 -lea ecx, [edi - 2] -cmp ecx, 1 -ja short loc_fffac8d7 ; ja 0xfffac8d7 -cmp byte [eax + 0x3749], 0 -jne short loc_fffac8d5 ; jne 0xfffac8d5 - -loc_fffac8be: ; not directly referenced -inc dword [ebp - 0x20] -add dword [ebp - 0x3c], 0x23 -cmp dword [ebp - 0x20], 4 -jne short loc_fffac8a5 ; jne 0xfffac8a5 -mov edx, 0xfffffffe -jmp near loc_fffacb46 ; jmp 0xfffacb46 +mov ebx, dword [ebp + 8] +cmp ecx, edx +ja short loc_fffac99e ; ja 0xfffac99e +inc edi +inc dword [ebx + 0xc] +imul eax, edi, 0xa +jmp short loc_fffaca01 ; jmp 0xfffaca01 -loc_fffac8d5: ; not directly referenced +loc_fffac99e: ; not directly referenced +mov esi, ecx +sub esi, edx +cmp ecx, 6 +ja short loc_fffac9cc ; ja 0xfffac9cc +imul edi, eax, 0xa +mov eax, 7 +sub eax, ecx xor edx, edx +imul eax, eax, 0xa +mov ecx, 0xa +inc dword [ebx + 8] +div esi +cmp eax, 0xa +cmovbe ecx, eax +lea eax, [edi + ecx + 0x14] +jmp short loc_fffaca01 ; jmp 0xfffaca01 -loc_fffac8d7: ; not directly referenced -mov edi, dword [ebp - 0x20] -mov dword [ebp + edi*4 - 0x1c], edx -mov edi, dword [ebp - 0x3c] -lea edx, [eax + 0x1973] -mov dword [ebp - 0x30], edx -lea edx, [eax + 0x3756] -mov dword [ebp - 0x28], edx -lea ebx, [edi + 0x18b] -add edi, 0xbb -mov dword [ebp - 0x40], ebx -mov dword [ebp - 0x44], edi - -loc_fffac905: ; not directly referenced -mov edx, dword [ebp - 0x30] -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x38], edx - -loc_fffac912: ; not directly referenced -mov ebx, dword [ebp - 0x28] -mov edi, dword [ebp - 0x24] -cmp dword [ebx + edi + 0x1173], 2 -jne loc_fffacb0c ; jne 0xfffacb0c -mov edi, dword [ebp - 0x20] -cmp edi, 1 -je loc_fffac9d2 ; je 0xfffac9d2 -jb loc_fffac9e0 ; jb 0xfffac9e0 -cmp edi, 3 -ja loc_fffac9e0 ; ja 0xfffac9e0 -mov edx, ebx -mov ebx, dword [ebp - 0x24] -cmp edi, 2 -mov dl, byte [edx + ebx + 0x1269] -jne short loc_fffac95f ; jne 0xfffac95f -and dl, 1 -jne short loc_fffac96a ; jne 0xfffac96a -xor di, di -jmp near loc_fffacafc ; jmp 0xfffacafc - -loc_fffac95f: ; not directly referenced -xor edi, edi -and dl, 2 -je loc_fffacafc ; je 0xfffacafc - -loc_fffac96a: ; not directly referenced -mov edi, dword [ebp - 0x28] -mov edx, dword [ebp - 0x24] -mov ecx, dword [ebp - 0x44] -mov ebx, dword [ebp - 0x40] -mov edx, dword [edi + edx + 0x1248] -mov edi, dword [ebp - 0x38] -and edx, 0xfffffffd -add ebx, edi -add ecx, edi -dec edx -mov edx, 0x3e7 -cmovne ecx, ebx -mov edi, 0x672 -mov cl, byte [ecx] -mov ebx, ecx -and ebx, 0x1f -imul ebx, ebx, 0x32 -cmp ebx, 0x3e7 -cmovbe edx, ebx -mov ebx, 0x4b0 -shr cl, 5 -and ecx, 3 -imul ecx, ecx, 0x3e8 -add edx, ecx -cmp edx, 0x4b0 -cmovae ebx, edx -cmp ebx, 0x672 -cmovbe edi, ebx -jmp near loc_fffacafc ; jmp 0xfffacafc - -loc_fffac9d2: ; not directly referenced -mov edi, dword [eax + 0x18a3] -test edi, edi -jne loc_fffacafc ; jne 0xfffacafc - -loc_fffac9e0: ; not directly referenced -mov edi, dword [ebp - 0x24] -mov ebx, dword [ebp - 0x28] -mov edx, dword [ebx + edi + 0x1248] -mov edi, 0x4b0 -and edx, 0xfffffffd -dec edx -jne loc_fffacafc ; jne 0xfffacafc -mov edx, dword [ebp - 0x38] -mov edi, dword [ebp - 0x2c] -mov cl, byte [edx + 0x4e] -mov dl, cl -mov bl, cl -and edx, 1 -shr bl, 1 -xor edx, 1 -shr cl, 2 -mov byte [ebp - 0x31], bl -mov byte [ebp - 0x32], cl -and byte [ebp - 0x31], 1 -and byte [ebp - 0x32], 1 -cmp edi, 0x40650 -je short loc_fffaca56 ; je 0xfffaca56 -cmp edi, 0x40660 -sete bl -cmp edi, 0x306c0 -sete cl -or bl, cl -jne short loc_fffaca56 ; jne 0xfffaca56 -cmp edi, 0x40670 -sete bl -cmp edi, 0x306d0 -sete cl -or bl, cl -je short loc_fffaca9b ; je 0xfffaca9b - -loc_fffaca56: ; not directly referenced -mov bl, byte [ebp - 0x32] -and esi, 0xfffffff9 -mov cl, byte [ebp - 0x31] -and ebx, 1 -add ebx, ebx -and ecx, 1 -shl ecx, 2 -or esi, ebx -or esi, ecx -and esi, 0xfffffff7 -lea ecx, [edx*8] -or esi, ecx -mov ecx, esi -and ecx, 4 -cmp cl, 1 -sbb edi, edi -and edi, 0x96 -add edi, 0x546 -cmp dword [ebp - 0x2c], 0x40650 -jne short loc_fffacaa0 ; jne 0xfffacaa0 -jmp short loc_fffacab9 ; jmp 0xfffacab9 - -loc_fffaca9b: ; not directly referenced -mov edi, 0x5dc - -loc_fffacaa0: ; not directly referenced -mov ecx, dword [ebp - 0x2c] -cmp ecx, 0x40670 -sete bl -cmp ecx, 0x306d0 -sete cl -or bl, cl -je short loc_fffacae7 ; je 0xfffacae7 - -loc_fffacab9: ; not directly referenced -mov cl, byte [ebp - 0x32] -and esi, 0xfffffff9 -mov bl, byte [ebp - 0x31] -shl edx, 3 -and ecx, 1 -add ecx, ecx -and ebx, 1 -shl ebx, 2 -or esi, ecx -or esi, ebx -and esi, 0xfffffff7 -or esi, edx -mov edx, 0x4b0 -test esi, 2 -cmovne edi, edx - -loc_fffacae7: ; not directly referenced -cmp dword [ebp - 0x20], 0 -jne short loc_fffacafc ; jne 0xfffacafc -cmp dword [eax + 0x187f], 1 -mov ebx, 0x5dc -cmove edi, ebx - -loc_fffacafc: ; not directly referenced -mov ebx, dword [ebp - 0x20] -mov edx, dword [ebp + ebx*4 - 0x1c] -cmp edi, edx -cmovb edi, edx -mov dword [ebp + ebx*4 - 0x1c], edi +loc_fffac9cc: ; not directly referenced +cmp edx, 7 +ja short loc_fffac9e9 ; ja 0xfffac9e9 +inc dword [ebx + 4] +test esi, esi +je short loc_fffac9eb ; je 0xfffac9eb +mov eax, 7 +inc edi +sub eax, edx +xor edx, edx +imul eax, eax, 0xa +div esi +jmp short loc_fffac9fc ; jmp 0xfffac9fc -loc_fffacb0c: ; not directly referenced -add dword [ebp - 0x24], 0x128 -add dword [ebp - 0x38], 0x277 -cmp dword [ebp - 0x24], 0x250 -jne loc_fffac912 ; jne 0xfffac912 -add dword [ebp - 0x30], 0x54a -mov edi, dword [ebp - 0x48] -add dword [ebp - 0x28], 0x13c3 -cmp dword [ebp - 0x30], edi -jne loc_fffac905 ; jne 0xfffac905 -jmp near loc_fffac8be ; jmp 0xfffac8be +loc_fffac9e9: ; not directly referenced +inc dword [ebx] -loc_fffacb46: ; not directly referenced -cmp edx, 1 -ja short loc_fffacb54 ; ja 0xfffacb54 -cmp byte [eax + 0x3749], 0 -je short loc_fffacb7b ; je 0xfffacb7b +loc_fffac9eb: ; not directly referenced +cmp esi, edx +cmovb esi, edx +xor eax, eax +test esi, esi +je short loc_fffaca01 ; je 0xfffaca01 +mov al, 0x46 +xor edx, edx +div esi -loc_fffacb54: ; not directly referenced -mov ecx, dword [ebp + edx*4 - 0x14] -mov dword [eax + edx*4 + 0x373d], ecx -mov dword [eax + edx*4 + 0x498d], ecx -mov dword [eax + edx*4 + 0x4ab5], ecx -mov dword [eax + edx*4 + 0x5d50], ecx -mov dword [eax + edx*4 + 0x5e78], ecx +loc_fffac9fc: ; not directly referenced +imul edi, edi, 0xa +add eax, edi -loc_fffacb7b: ; not directly referenced -inc edx -cmp edx, 2 -jne short loc_fffacb46 ; jne 0xfffacb46 -add esp, 0x3c -mov eax, 1 +loc_fffaca01: ; not directly referenced pop ebx pop esi pop edi pop ebp ret -fcn_fffacb8e: ; not directly referenced +fcn_fffaca06: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x34 -mov edi, dword [ebp + 8] - -loc_fffacb9c: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffacbc3 ; ja 0xfffacbc3 -cmp byte [edi + 0x3749], 0 -jne short loc_fffacbc3 ; jne 0xfffacbc3 - -loc_fffacbad: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffacb9c ; jne 0xfffacb9c -lea eax, [edi + 0x48d1] -mov ecx, 0xfffffffe -jmp near loc_fffacd00 ; jmp 0xfffacd00 +mov ebx, edx +sub esp, 0x2c +mov esi, dword [eax + 0x2444] +mov byte [ebp - 0x1b], cl +mov cl, byte [ebp + 8] +shl ebx, 0xa +lea edx, [ebx + 0x41bc] +mov dword [ebp - 0x20], eax +mov dword [ebp - 0x28], esi +mov byte [ebp - 0x1c], cl +xor ecx, ecx +call fcn_fffb335b ; call 0xfffb335b +lea eax, [ebx + 0x41c0] +mov byte [ebp - 0x19], 0 +mov dword [ebp - 0x34], eax -loc_fffacbc3: ; not directly referenced -xor edx, edx -cmp ecx, 1 -lea esi, [edi + 0x49bf] -setbe dl -mov dword [ebp - 0x2c], esi -imul eax, eax, 0x23 -imul esi, ecx, 0x2e -lea ebx, [ecx*8 - 0x1269] -mov dword [ebp + ecx*4 - 0x1c], edx -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x34], esi -mov dword [ebp - 0x40], ebx +loc_fffaca43: ; not directly referenced +mov cl, byte [ebp - 0x19] +xor esi, esi +xor edi, edi +mov dword [ebp - 0x2c], 0 +mov al, cl +and eax, 1 +mov byte [ebp - 0x1a], al +mov al, cl +xor ecx, ecx +shr al, 1 +and eax, 1 mov dword [ebp - 0x30], eax -loc_fffacbf5: ; not directly referenced -mov eax, dword [ebp - 0x40] -mov ebx, dword [ebp - 0x2c] -mov dword [ebp - 0x28], 0 -add eax, ebx -mov dword [ebp - 0x3c], eax -mov eax, dword [ebp - 0x24] -lea esi, [edi + eax + 0x1973] +loc_fffaca65: ; not directly referenced +movzx eax, cl +div byte [ebp - 0x1b] +movzx edx, ah +lea eax, [ecx + 0x15] +cmp cl, 0x12 +ja short loc_fffaca7f ; ja 0xfffaca7f +lea eax, [ecx + 8] +cmp cl, 0x10 +cmovb eax, ecx -loc_fffacc11: ; not directly referenced -cmp dword [ebx - 0xf6], 2 -jne loc_fffaccc6 ; jne 0xfffaccc6 -mov eax, dword [ebp - 0x34] +loc_fffaca7f: ; not directly referenced +cmp dl, byte [ebp - 0x1c] +movzx eax, al mov edx, dword [ebp - 0x28] -mov eax, dword [ebx + eax - 0xf2] -mov dword [ebp - 0x20], eax -mov eax, dword [ebp - 0x3c] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x38], eax -cmp ecx, 1 -je short loc_fffacc9d ; je 0xfffacc9d -jb short loc_fffaccb4 ; jb 0xfffaccb4 -cmp ecx, 3 -ja short loc_fffaccb4 ; ja 0xfffaccb4 -cmp ecx, 2 -mov dl, byte [ebx] -jne short loc_fffacc57 ; jne 0xfffacc57 -and dl, 1 -jne short loc_fffacc5e ; jne 0xfffacc5e -xor eax, eax -jmp short loc_fffaccb9 ; jmp 0xfffaccb9 - -loc_fffacc57: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffaccb9 ; je 0xfffaccb9 - -loc_fffacc5e: ; not directly referenced -mov eax, dword [ebx - 0x21] -and eax, 0xfffffffd -dec eax -mov eax, dword [ebp - 0x30] -jne short loc_fffacc74 ; jne 0xfffacc74 -movzx edx, byte [esi + eax + 0x118] -jmp short loc_fffacc7c ; jmp 0xfffacc7c +mov dword [ebp - 0x38], ecx +mov edx, dword [edx + 0x68] +mov dword [ebp - 0x24], edx +jne short loc_fffaca9f ; jne 0xfffaca9f +push ecx +xor edx, edx +push eax +movzx eax, byte [ebp - 0x1a] +push edx +push eax +jmp short loc_fffacaa7 ; jmp 0xfffacaa7 -loc_fffacc74: ; not directly referenced -movzx edx, byte [esi + eax + 0x1e8] +loc_fffaca9f: ; not directly referenced +push edx +push eax +push dword [ebp - 0x2c] +push dword [ebp - 0x30] -loc_fffacc7c: ; not directly referenced -xor eax, eax -cmp dword [ebp - 0x20], 0 -je short loc_fffaccb9 ; je 0xfffaccb9 -imul edx, dword [ebp - 0x38] +loc_fffacaa7: ; not directly referenced +mov eax, dword [ebp - 0x24] +call eax +mov ecx, dword [ebp - 0x38] +add esp, 0x10 +inc ecx +or eax, esi +or edx, edi +mov esi, eax +mov edi, edx +cmp cl, 0x16 +jne short loc_fffaca65 ; jne 0xfffaca65 +push eax +push eax mov eax, dword [ebp - 0x20] -lea eax, [eax + edx - 1] -xor edx, edx -div dword [ebp - 0x20] -mov edx, 2 -test eax, eax -jmp short loc_fffaccaf ; jmp 0xfffaccaf - -loc_fffacc9d: ; not directly referenced -mov dx, word [esi + 0x24c] -movzx eax, dx -test dx, dx -mov edx, 1 +push edx +mov edx, dword [ebp - 0x34] +push esi +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 +inc byte [ebp - 0x19] +cmp byte [ebp - 0x19], 8 +jne loc_fffaca43 ; jne 0xfffaca43 +mov edi, dword [ebp - 0x20] +lea edx, [ebx + 0x41a0] +mov ecx, 0x222 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +lea edx, [ebx + 0x41b0] +mov eax, edi +mov ecx, 0x6010102 +call fcn_fffb3381 ; call 0xfffb3381 +lea edx, [ebx + 0x41a4] +mov eax, edi +mov ecx, 0xea1 +call fcn_fffb3381 ; call 0xfffb3381 +lea edx, [ebx + 0x41a8] +mov eax, edi +mov ecx, 0xbeef +call fcn_fffb3381 ; call 0xfffb3381 +lea esp, [ebp - 0xc] +mov eax, edi +lea edx, [ebx + 0x41ac] +mov ecx, 0xdead +pop ebx +pop esi +pop edi +pop ebp +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -loc_fffaccaf: ; not directly referenced -cmove eax, edx -jmp short loc_fffaccb9 ; jmp 0xfffaccb9 +fcn_fffacb43: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, edx +push esi +mov esi, eax +push ebx +sub esp, 0x1c +mov ebx, dword [eax + 0x2444] +mov dword [ebp - 0x20], ecx +shl edi, 0xa +add edi, 0x4214 +call dword [ebx + 0x54] ; ucall +add eax, 0x2710 +mov dword [ebp - 0x1c], eax -loc_fffaccb4: ; not directly referenced -mov eax, 1 +loc_fffacb6d: ; not directly referenced +mov edx, edi +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov ecx, eax +shr eax, 0x18 +test al, al +jns short loc_fffacb8e ; jns 0xfffacb8e +call dword [ebx + 0x54] ; ucall +cmp dword [ebp - 0x1c], eax +ja short loc_fffacb6d ; ja 0xfffacb6d -loc_fffaccb9: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffacb87: ; not directly referenced +mov eax, 0x12 +jmp short loc_fffacbec ; jmp 0xfffacbec -loc_fffaccc6: ; not directly referenced -add dword [ebp - 0x28], 0x20 -add ebx, 0x128 -add esi, 0x277 -cmp dword [ebp - 0x28], 0x40 -jne loc_fffacc11 ; jne 0xfffacc11 -add dword [ebp - 0x24], 0x54a -add dword [ebp - 0x2c], 0x13c3 -cmp dword [ebp - 0x24], 0xa94 -jne loc_fffacbf5 ; jne 0xfffacbf5 -jmp near loc_fffacbad ; jmp 0xfffacbad +loc_fffacb8e: ; not directly referenced +mov cl, byte [ebp + 8] +mov ch, byte [ebp + 0xc] +mov edx, dword [ebp + 0x10] +mov eax, dword [ebp - 0x20] +or ecx, 0x40000 +and edx, 1 +and ecx, 0xfff4ffff +shl edx, 0x13 +and eax, 3 +shl eax, 0x10 +or ecx, edx +or ecx, eax +mov edx, edi +or ecx, 0x80000000 +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +call dword [ebx + 0x54] ; ucall +add eax, 0x2710 +mov dword [ebp - 0x1c], eax -loc_fffacd00: ; not directly referenced -cmp ecx, 1 -ja short loc_fffacd0e ; ja 0xfffacd0e -cmp byte [edi + 0x3749], 0 -je short loc_fffacd38 ; je 0xfffacd38 +loc_fffacbd0: ; not directly referenced +mov edx, edi +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +shr eax, 0x18 +test al, al +jns short loc_fffacbea ; jns 0xfffacbea +call dword [ebx + 0x54] ; ucall +cmp dword [ebp - 0x1c], eax +ja short loc_fffacbd0 ; ja 0xfffacbd0 +jmp short loc_fffacb87 ; jmp 0xfffacb87 -loc_fffacd0e: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffacbea: ; not directly referenced +xor eax, eax -loc_fffacd38: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffacd00 ; jne 0xfffacd00 -add esp, 0x34 -mov eax, 1 +loc_fffacbec: ; not directly referenced +add esp, 0x1c pop ebx pop esi pop edi pop ebp ret -fcn_fffacd4e: ; not directly referenced +fcn_fffacbf4: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x24 +sub esp, 0x1c mov edi, dword [ebp + 8] +cmp dword [edi + 0x2481], 3 +jne short loc_fffacc80 ; jne 0xfffacc80 +cmp byte [edi + 0x240a], 0 +je short loc_fffacc80 ; je 0xfffacc80 +movzx eax, byte [edi + 0x240b] +test al, al +je short loc_fffacc80 ; je 0xfffacc80 +mov edx, 3 +cmp ax, 3 +cmova eax, edx +mov word [ebp - 0x1e], ax +lea ebx, [edi + 0x49d0] +mov dword [ebp - 0x1c], 0 -loc_fffacd5c: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffacd83 ; ja 0xfffacd83 -cmp byte [edi + 0x3749], 0 -jne short loc_fffacd83 ; jne 0xfffacd83 - -loc_fffacd6d: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffacd5c ; jne 0xfffacd5c -lea eax, [edi + 0x48f9] -mov ecx, 0xfffffffe -jmp near loc_ffface4e ; jmp 0xffface4e - -loc_fffacd83: ; not directly referenced -lea eax, [edi + 0x48c9] -mov dword [ebp - 0x28], eax -imul eax, ecx, 0x2e -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -mov dword [ebp - 0x2c], eax - -loc_fffacda1: ; not directly referenced -mov eax, dword [ebp - 0x20] -mov ebx, dword [ebp - 0x28] -mov dword [ebp - 0x24], 0 -lea eax, [edi + eax + 0x196b] -mov dword [ebp - 0x30], eax - -loc_fffacdb8: ; not directly referenced -cmp dword [ebx], 2 -jne short loc_ffface18 ; jne 0xffface18 -mov eax, dword [ebp - 0x2c] -mov esi, dword [ebx + eax + 4] -cmp ecx, 1 -je short loc_fffacdd4 ; je 0xfffacdd4 -jb short loc_fffacde7 ; jb 0xfffacde7 -xor eax, eax -cmp ecx, 3 -jbe short loc_ffface00 ; jbe 0xffface00 -jmp short loc_fffacde7 ; jmp 0xfffacde7 +loc_fffacc3a: ; not directly referenced +cmp dword [ebx - 0x1279], 2 +jne short loc_fffacc71 ; jne 0xfffacc71 +test byte [ebx - 0x11b5], 1 +je short loc_fffacc71 ; je 0xfffacc71 +mov si, word [ebx] +xor ecx, ecx +push eax +mov edx, dword [ebp - 0x1c] +push 0 +and esi, 0xfffffffc +or si, word [ebp - 0x1e] +movzx eax, si +push eax +mov eax, edi +push 0xb +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +mov word [ebx], si -loc_fffacdd4: ; not directly referenced -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x24] -movzx eax, word [eax + edx + 0x27a] -test ax, ax -jne short loc_ffface00 ; jne 0xffface00 +loc_fffacc71: ; not directly referenced +inc dword [ebp - 0x1c] +add ebx, 0x13c3 +cmp dword [ebp - 0x1c], 2 +jne short loc_fffacc3a ; jne 0xfffacc3a -loc_fffacde7: ; not directly referenced +loc_fffacc80: ; not directly referenced +lea esp, [ebp - 0xc] xor eax, eax -cmp dword [ebx + 0xd5], 2 -jne short loc_ffface00 ; jne 0xffface00 -test esi, esi -je short loc_ffface00 ; je 0xffface00 -lea eax, [esi + 0x26259f] -xor edx, edx -div esi - -loc_ffface00: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 4 -mov esi, 4 -cmova eax, esi -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax - -loc_ffface18: ; not directly referenced -add dword [ebp - 0x24], 0x277 -add ebx, 0x128 -cmp dword [ebp - 0x24], 0x4ee -jne short loc_fffacdb8 ; jne 0xfffacdb8 -add dword [ebp - 0x20], 0x54a -add dword [ebp - 0x28], 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffacda1 ; jne 0xfffacda1 -jmp near loc_fffacd6d ; jmp 0xfffacd6d - -loc_ffface4e: ; not directly referenced -cmp ecx, 1 -ja short loc_ffface5c ; ja 0xffface5c -cmp byte [edi + 0x3749], 0 -je short loc_ffface86 ; je 0xffface86 - -loc_ffface5c: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx - -loc_ffface86: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_ffface4e ; jne 0xffface4e -add esp, 0x24 -mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_ffface9c: ; not directly referenced +fcn_fffacc8a: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x24 +mov ebx, ecx +sub esp, 0x4c mov edi, dword [ebp + 8] +mov esi, dword [ebp + 0x18] +mov ecx, dword [eax + 0x2444] +mov dword [ebp - 0x1c], eax +mov eax, dword [eax + 0x1887] +mov dword [ebp - 0x44], edi +mov edi, dword [ebp + 0xc] +mov dword [ebp - 0x34], esi +mov esi, dword [ebp + 0x1c] +mov dword [ebp - 0x28], edx +mov dword [ebp - 0x24], ecx +mov dword [ebp - 0x30], edi +mov edi, dword [ebp + 0x10] +mov dword [ebp - 0x20], edi +mov edi, dword [ebp + 0x14] +mov dword [ebp - 0x40], edi +mov edi, dword [ebp + 0x20] +cmp eax, 0x306d0 +je short loc_fffaccec ; je 0xfffaccec +cmp eax, 0x40670 +je short loc_fffaccec ; je 0xfffaccec +mov dword [ebp - 0x2c], 0x7f8 +mov dword [ebp - 0x38], 0xff +jmp short loc_fffaccfa ; jmp 0xfffaccfa -loc_fffaceaa: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffaced1 ; ja 0xfffaced1 -cmp byte [edi + 0x3749], 0 -jne short loc_fffaced1 ; jne 0xfffaced1 +loc_fffaccec: ; not directly referenced +mov dword [ebp - 0x2c], 0xff8 +mov dword [ebp - 0x38], 0x1ff -loc_fffacebb: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffaceaa ; jne 0xfffaceaa -lea eax, [edi + 0x48f7] -mov ecx, 0xfffffffe -jmp near loc_fffacf9c ; jmp 0xfffacf9c +loc_fffaccfa: ; not directly referenced +test ebx, ebx +je short loc_fffacd72 ; je 0xfffacd72 +mov dword [ebp - 0x4c], esi +push esi +push 0x20 +movzx edx, word [ebx] +movzx eax, word [ebx + 2] +shl edx, 0x18 +shl eax, 0x10 +add eax, edx +cdq +push edx +push eax +mov eax, dword [ebp - 0x24] +call dword [eax + 0x68] ; ucall +add esp, 0xc +mov ecx, dword [ebp - 0x24] +push 0x18 +mov esi, eax +movzx eax, word [ebx + 4] +mov dword [ebp - 0x48], edx +xor edx, edx +push edx +push eax +call dword [ecx + 0x68] ; ucall +movzx ebx, word [ebx + 6] +pop ecx +pop ecx +and edx, dword [ebp - 0x38] +mov dword [ebp - 0x3c], ebx +mov ebx, dword [ebp - 0x2c] +and dword [ebp - 0x3c], ebx +or dword [ebp - 0x3c], esi +and eax, 0xff000000 +mov esi, dword [ebp - 0x3c] +or esi, eax +mov eax, dword [ebp - 0x48] +or eax, edx +push eax +mov eax, dword [ebp - 0x28] +push esi +lea edx, [eax*8 + 0x48d8] +mov eax, dword [ebp - 0x1c] +call fcn_fffb3506 ; call 0xfffb3506 +mov esi, dword [ebp - 0x4c] +add esp, 0x10 -loc_fffaced1: ; not directly referenced -lea eax, [edi + 0x48c9] -mov dword [ebp - 0x28], eax -imul eax, ecx, 0x2e -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -mov dword [ebp - 0x2c], eax +loc_fffacd72: ; not directly referenced +mov eax, dword [ebp - 0x44] +test eax, eax +je short loc_fffacde9 ; je 0xfffacde9 +push edx +mov ebx, dword [ebp - 0x24] +push 0x20 +movzx edx, word [eax] +mov dword [ebp - 0x44], esi +mov esi, eax +movzx eax, word [eax + 2] +shl edx, 0x18 +shl eax, 0x10 +add eax, edx +cdq +push edx +push eax +call dword [ebx + 0x68] ; ucall +add esp, 0xc +mov ecx, dword [ebp - 0x24] +push 0x18 +mov ebx, eax +movzx eax, word [esi + 4] +mov dword [ebp - 0x3c], edx +xor edx, edx +push edx +push eax +call dword [ecx + 0x68] ; ucall +pop ecx +pop ecx +movzx ecx, word [esi + 6] +and edx, dword [ebp - 0x38] +and eax, 0xff000000 +mov esi, ecx +mov ecx, dword [ebp - 0x2c] +and esi, ecx +or esi, ebx +or esi, eax +mov eax, dword [ebp - 0x3c] +or eax, edx +push eax +mov eax, dword [ebp - 0x28] +push esi +lea edx, [eax*8 + 0x48e8] +mov eax, dword [ebp - 0x1c] +call fcn_fffb3506 ; call 0xfffb3506 +mov esi, dword [ebp - 0x44] +add esp, 0x10 -loc_fffaceef: ; not directly referenced -mov eax, dword [ebp - 0x20] -mov ebx, dword [ebp - 0x28] -mov dword [ebp - 0x24], 0 -lea eax, [edi + eax + 0x196b] -mov dword [ebp - 0x30], eax +loc_fffacde9: ; not directly referenced +cmp dword [ebp - 0x30], 0 +setne bl +cmp dword [ebp - 0x34], 0 +setne al +mov byte [ebp - 0x2c], al +or al, bl +jne short loc_ffface10 ; jne 0xffface10 +test esi, esi +setne dl +test edi, edi +setne al +or dl, al +je loc_fffacf4a ; je 0xfffacf4a -loc_fffacf06: ; not directly referenced -cmp dword [ebx], 2 -jne short loc_fffacf66 ; jne 0xfffacf66 -mov eax, dword [ebp - 0x2c] -mov esi, dword [ebx + eax + 4] -cmp ecx, 1 -je short loc_fffacf22 ; je 0xfffacf22 -jb short loc_fffacf35 ; jb 0xfffacf35 +loc_ffface10: ; not directly referenced +mov ecx, dword [ebp - 0x28] xor eax, eax -cmp ecx, 3 -jbe short loc_fffacf4e ; jbe 0xfffacf4e -jmp short loc_fffacf35 ; jmp 0xfffacf35 +cmp dword [ebp - 0x30], 0 +lea ecx, [ecx*4 + 0x4908] +mov dword [ebp - 0x24], ecx +sete cl +cmp dword [ebp - 0x34], 0 +sete dl +or cl, dl +jne short loc_ffface75 ; jne 0xffface75 +test esi, esi +sete cl +test edi, edi +sete dl +or cl, dl +jne short loc_ffface75 ; jne 0xffface75 -loc_fffacf22: ; not directly referenced -mov eax, dword [ebp - 0x30] +loc_ffface3f: ; not directly referenced +mov ebx, dword [ebp - 0x30] +and eax, 0xfffffff0 +movzx edx, byte [ebx + 3] +movzx ecx, byte [ebx + 2] +and edx, 3 +and ecx, 3 +or eax, edx +movzx edx, byte [ebx + 1] +shl ecx, 2 +or eax, ecx +movzx ecx, byte [ebx] +and al, 0xf +and edx, 3 +shl edx, 4 +and ecx, 3 +or eax, edx +shl ecx, 6 +or eax, ecx +jmp short loc_ffface84 ; jmp 0xffface84 + +loc_ffface75: ; not directly referenced mov edx, dword [ebp - 0x24] -movzx eax, word [eax + edx + 0x27a] -test ax, ax -jne short loc_fffacf4e ; jne 0xfffacf4e +mov eax, dword [ebp - 0x1c] +call fcn_fffb331f ; call 0xfffb331f +test bl, bl +jne short loc_ffface3f ; jne 0xffface3f -loc_fffacf35: ; not directly referenced -xor eax, eax -cmp dword [ebx + 0xd5], 2 -jne short loc_fffacf4e ; jne 0xfffacf4e +loc_ffface84: ; not directly referenced +cmp byte [ebp - 0x2c], 0 +je short loc_fffacec6 ; je 0xfffacec6 +mov ebx, dword [ebp - 0x34] +and eax, 0xfcffffff +movzx ecx, byte [ebx + 3] +movzx edx, byte [ebx + 2] +and ecx, 1 +shl ecx, 0x18 +and edx, 1 +shl edx, 0x19 +or eax, ecx +movzx ecx, byte [ebx] +or eax, edx +movzx edx, byte [ebx + 1] +and eax, 0xf3ffffff +and ecx, 1 +and edx, 1 +shl edx, 0x1a +shl ecx, 0x1b +or eax, edx +or eax, ecx + +loc_fffacec6: ; not directly referenced test esi, esi -je short loc_fffacf4e ; je 0xfffacf4e -lea eax, [esi + 0x7270df] -xor edx, edx -div esi +je short loc_fffacf00 ; je 0xfffacf00 +movzx ecx, byte [esi + 3] +and eax, 0xcfffffff +movzx edx, byte [esi + 2] +and ecx, 1 +shl ecx, 0x1c +and edx, 1 +shl edx, 0x1d +or eax, ecx +movzx ecx, byte [esi] +or eax, edx +movzx edx, byte [esi + 1] +and eax, 0x3fffffff +shl ecx, 0x1f +and edx, 1 +shl edx, 0x1e +or eax, edx +or eax, ecx -loc_fffacf4e: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 0xb -mov esi, 0xb -cmova eax, esi -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffacf00: ; not directly referenced +test edi, edi +je short loc_fffacf3d ; je 0xfffacf3d +movzx ecx, byte [edi + 3] +and eax, 0xffcf1fff +movzx edx, byte [edi + 2] +and ecx, 1 +shl ecx, 0x14 +and edx, 1 +shl edx, 0x15 +or eax, ecx +movzx ecx, byte [edi] +or eax, edx +movzx edx, byte [edi + 1] +and eax, 0xff3f1fff +and ecx, 1 +and edx, 1 +shl edx, 0x16 +shl ecx, 0x17 +or eax, edx +or eax, ecx -loc_fffacf66: ; not directly referenced -add dword [ebp - 0x24], 0x277 -add ebx, 0x128 -cmp dword [ebp - 0x24], 0x4ee -jne short loc_fffacf06 ; jne 0xfffacf06 -add dword [ebp - 0x20], 0x54a -add dword [ebp - 0x28], 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffaceef ; jne 0xfffaceef -jmp near loc_fffacebb ; jmp 0xfffacebb +loc_fffacf3d: ; not directly referenced +mov ecx, eax +mov edx, dword [ebp - 0x24] +mov eax, dword [ebp - 0x1c] +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffacf9c: ; not directly referenced -cmp ecx, 1 -ja short loc_fffacfaa ; ja 0xfffacfaa -cmp byte [edi + 0x3749], 0 -je short loc_fffacfd4 ; je 0xfffacfd4 +loc_fffacf4a: ; not directly referenced +mov edx, dword [ebp - 0x40] +cmp dword [ebp - 0x20], 0 +setne cl +test edx, edx +setne al +mov byte [ebp - 0x24], al +or al, cl +je loc_fffad0b9 ; je 0xfffad0b9 +mov eax, dword [ebp - 0x28] +xor esi, esi +xor ebx, ebx +cmp dword [ebp - 0x20], 0 +lea edi, [eax*8 + 0x4910] +sete al +test edx, edx +sete dl +or al, dl +jne short loc_fffacf97 ; jne 0xfffacf97 -loc_fffacfaa: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffacf82: ; not directly referenced +mov eax, dword [ebp - 0x20] +mov eax, dword [eax] +cmp eax, 0x1f +jbe short loc_fffacfb5 ; jbe 0xfffacfb5 +dec eax +call fcn_fffb396b ; call 0xfffb396b +movzx eax, al +jmp short loc_fffacfb8 ; jmp 0xfffacfb8 -loc_fffacfd4: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffacf9c ; jne 0xfffacf9c -add esp, 0x24 -mov eax, 1 +loc_fffacf97: ; not directly referenced +mov eax, dword [ebp - 0x1c] +mov edx, edi +mov dword [ebp - 0x28], ecx +call fcn_fffb333d ; call 0xfffb333d +mov ecx, dword [ebp - 0x28] +mov esi, eax +mov ebx, edx +test cl, cl +je loc_fffad064 ; je 0xfffad064 +jmp short loc_fffacf82 ; jmp 0xfffacf82 + +loc_fffacfb5: ; not directly referenced +sub eax, 0xffffff80 + +loc_fffacfb8: ; not directly referenced +mov edx, eax +and ebx, 0x60ffffff +and edx, 0x1f +shl edx, 0x18 +shr eax, 7 +or ebx, edx +shl eax, 0x1f +or ebx, eax +mov eax, dword [ebp - 0x20] +mov edx, dword [eax + 4] +lea eax, [edx + 0x80] +cmp edx, 0x1f +jbe short loc_fffacfec ; jbe 0xfffacfec +lea eax, [edx - 1] +call fcn_fffb396b ; call 0xfffb396b +movzx eax, al + +loc_fffacfec: ; not directly referenced +mov edx, eax +and ebx, 0xfff60fff +and edx, 0x1f +shl edx, 0xc +shl eax, 0xc +or ebx, edx +and eax, 0x80000 +or ebx, eax +mov eax, dword [ebp - 0x20] +mov edx, dword [eax + 8] +lea eax, [edx + 0x20] +cmp edx, 0xf +jbe short loc_fffad01f ; jbe 0xfffad01f +lea eax, [edx - 1] +call fcn_fffb396b ; call 0xfffb396b +movzx eax, al + +loc_fffad01f: ; not directly referenced +mov edx, eax +and ebx, 0xffffffd0 +and edx, 0xf +and eax, 0x20 +or ebx, edx +or ebx, eax +mov eax, dword [ebp - 0x20] +mov edx, dword [eax + 0xc] +lea eax, [edx + 0x80] +cmp edx, 0x1f +jbe short loc_fffad04a ; jbe 0xfffad04a +lea eax, [edx - 1] +call fcn_fffb396b ; call 0xfffb396b +movzx eax, al + +loc_fffad04a: ; not directly referenced +mov edx, eax +and esi, 0xfff60fff +and edx, 0x1f +shl edx, 0xc +shl eax, 0xc +or esi, edx +and eax, 0x80000 +or esi, eax + +loc_fffad064: ; not directly referenced +cmp byte [ebp - 0x24], 0 +je short loc_fffad0a2 ; je 0xfffad0a2 +mov ecx, dword [ebp - 0x40] +and ebx, 0xff8ffc3f +and esi, 0xff807 +movzx edx, byte [ecx] +movzx eax, byte [ecx + 2] +and edx, 7 +shl edx, 0x14 +and eax, 0xf +shl eax, 6 +or ebx, edx +movzx edx, byte [ecx + 6] +or ebx, eax +movzx eax, word [ecx + 4] +shl edx, 3 +shl eax, 0x14 +or esi, eax +or esi, edx + +loc_fffad0a2: ; not directly referenced +mov dword [ebp + 8], esi +mov eax, dword [ebp - 0x1c] +mov edx, edi +mov dword [ebp + 0xc], ebx +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +jmp near fcn_fffb3506 ; jmp 0xfffb3506 + +loc_fffad0b9: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffacfea: ; not directly referenced +fcn_fffad0c1: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi +mov edi, ecx push esi push ebx -sub esp, 0x30 - -loc_fffacff5: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffad021 ; ja 0xfffad021 -mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -jne short loc_fffad021 ; jne 0xfffad021 - -loc_fffad009: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffacff5 ; jne 0xfffacff5 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48f5 -jmp near loc_fffad142 ; jmp 0xfffad142 - -loc_fffad021: ; not directly referenced -mov edi, dword [ebp + 8] -imul esi, ecx, 0x2e -imul eax, eax, 0x23 -mov dword [ebp + ecx*4 - 0x1c], 0 +mov ebx, edx +sub esp, 0x3c +mov cl, byte [ebp + 8] +mov dword [ebp - 0x2c], eax +mov eax, dword [eax + 0x188b] mov dword [ebp - 0x24], 0 -lea ebx, [edi + 0x49bf] -mov dword [ebp - 0x2c], ebx -lea ebx, [ecx*8 - 0x1269] -mov dword [ebp - 0x30], esi -mov dword [ebp - 0x38], ebx +mov dword [ebp - 0x20], 0 +mov byte [ebp - 0x2d], cl mov dword [ebp - 0x3c], eax +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x1c], 0 +cmp dword [eax], 1 +jne loc_fffad20c ; jne 0xfffad20c +mov dword [edx + 0x1c], 3 +xor esi, esi +mov word [edx + 0x2a], 0x20 +mov word [edx + 0x28], 0x400 +mov word [edx + 0xe], 0x18 +mov word [edx + 2], 1 +mov word [edx + 0xa], 1 -loc_fffad052: ; not directly referenced -mov eax, dword [ebp - 0x38] -mov esi, dword [ebp - 0x2c] -mov edi, dword [ebp - 0x24] -mov dword [ebp - 0x20], 0 -add eax, esi -mov dword [ebp - 0x34], eax -mov eax, dword [ebp + 8] -lea edi, [eax + edi + 0x1973] - -loc_fffad071: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffad108 ; jne 0xfffad108 -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x20] -mov ebx, dword [esi + eax - 0xf2] -mov eax, dword [ebp - 0x34] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x28], eax -cmp ecx, 1 -je short loc_fffad0ce ; je 0xfffad0ce -jb short loc_fffad0da ; jb 0xfffad0da -cmp ecx, 3 -ja short loc_fffad0da ; ja 0xfffad0da -cmp ecx, 2 -mov dl, byte [esi] -jne short loc_fffad0b4 ; jne 0xfffad0b4 -and dl, 1 -jne short loc_fffad0bb ; jne 0xfffad0bb -xor eax, eax -jmp short loc_fffad0f0 ; jmp 0xfffad0f0 - -loc_fffad0b4: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffad0f0 ; je 0xfffad0f0 - -loc_fffad0bb: ; not directly referenced -mov eax, dword [ebp - 0x3c] -movzx edx, byte [edi + eax + 0x115] -xor eax, eax -test ebx, ebx -je short loc_fffad0f0 ; je 0xfffad0f0 -jmp short loc_fffad0e4 ; jmp 0xfffad0e4 +loc_fffad128: ; not directly referenced +imul eax, esi, 0x13c3 +mov ecx, dword [ebp - 0x2c] +cmp dword [ecx + eax + 0x3757], 2 +jne loc_fffad1f9 ; jne 0xfffad1f9 +lea eax, [ebp - 0x1c] +mov ecx, ebx +push edx +mov edx, esi +push eax +lea eax, [ebp - 0x24] +push eax +lea eax, [ebp - 0x20] +push eax +lea eax, [ebx + 0x24] +push eax +lea eax, [ebx + 0x14] +push eax +lea eax, [ebx + 0x10] +push eax +mov eax, dword [ebp - 0x2c] +push 0 +call fcn_fffacc8a ; call 0xfffacc8a +xor edx, edx +mov eax, 0x1800 +mov dword [ebp - 0x38], eax +mov eax, edx +add esp, 0x20 +and eax, 0xfffffc00 +mov ecx, 1 +or eax, 2 +mov dword [ebp - 0x34], eax +mov eax, dword [ebp - 0x38] +lea edx, [esi*4 + 0x4980] +and eax, 0x8fffffff +or eax, 0x10000000 +cmp dword [ebp - 0x3c], 1 +mov dword [ebp - 0x38], eax +lea eax, [edx + 0x20] +cmove edx, eax +mov eax, dword [ebp - 0x2c] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x2c] +lea edx, [esi*8 + 0x48a8] +push ecx +push ecx +push dword [ebp - 0x34] +push dword [ebp - 0x38] +call fcn_fffb3506 ; call 0xfffb3506 +mov eax, esi +mov ecx, 0x20 +shl eax, 0xa +lea edx, [eax + 0x4200] +mov dword [ebp - 0x38], eax +mov eax, dword [ebp - 0x2c] +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp - 0x38] +mov eax, dword [ebp - 0x2c] +lea edx, [ecx + 0x4040] +mov ecx, 0x8092 +call fcn_fffb3381 ; call 0xfffb3381 +add esp, 0x10 -loc_fffad0ce: ; not directly referenced -movzx eax, word [edi + 0x270] -test ax, ax -jne short loc_fffad0f0 ; jne 0xfffad0f0 +loc_fffad1f9: ; not directly referenced +inc esi +cmp esi, 2 +jne loc_fffad128 ; jne 0xfffad128 +mov eax, dword [ebp + 0xc] +mov dword [eax], 0 -loc_fffad0da: ; not directly referenced -xor eax, eax -test ebx, ebx -je short loc_fffad0f0 ; je 0xfffad0f0 -movzx edx, byte [edi + 0x62] +loc_fffad20c: ; not directly referenced +mov esi, dword [ebp - 0x2c] +movzx eax, byte [esi + 0x248e] +bt eax, edi +jae loc_fffad30f ; jae 0xfffad30f +mov eax, edi +shr eax, 1 +imul eax, eax, 0x128 +mov dword [ebp - 0x38], 0 +lea edi, [esi + eax + 0x49af] +lea eax, [ebx + 0x14] +mov dword [ebp - 0x40], eax +movzx eax, byte [ebp - 0x2d] +mov dword [ebp - 0x44], eax -loc_fffad0e4: ; not directly referenced -imul edx, dword [ebp - 0x28] -lea eax, [ebx + edx - 1] +loc_fffad244: ; not directly referenced +imul eax, dword [ebp - 0x38], 0x13c3 +mov esi, dword [ebp - 0x2c] +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffad2fc ; jne 0xfffad2fc +mov ax, word [ebx + 0x2a] xor edx, edx -div ebx - -loc_fffad0f0: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 0xa -mov ebx, 0xa -cmova eax, ebx -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +lea ecx, [eax*8] +mov ax, word [edi + 4] +div cx +mov edx, dword [ebp - 0x38] +movzx esi, ax +mov eax, dword [edi] +dec eax +mov word [ebx + 0xc], ax +mov ax, word [edi + 4] +sub eax, ecx +xor ecx, ecx +mov word [ebx + 0xe], ax +lea eax, [esi - 1] +mov dword [ebx + 0x1c], eax +push eax +push 0 +push 0 +push 0 +push 0 +push dword [ebp - 0x40] +lea eax, [ebx + 8] +push 0 +push eax +mov eax, dword [ebp - 0x2c] +call fcn_fffacc8a ; call 0xfffacc8a +add esp, 0x20 +cmp byte [ebp - 0x2d], 0 +je short loc_fffad2b7 ; je 0xfffad2b7 +mov eax, dword [ebp - 0x44] +jmp short loc_fffad2bf ; jmp 0xfffad2bf -loc_fffad108: ; not directly referenced -add dword [ebp - 0x20], 0x20 -add esi, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x20], 0x40 -jne loc_fffad071 ; jne 0xfffad071 -add dword [ebp - 0x24], 0x54a -add dword [ebp - 0x2c], 0x13c3 -cmp dword [ebp - 0x24], 0xa94 -jne loc_fffad052 ; jne 0xfffad052 -jmp near loc_fffad009 ; jmp 0xfffad009 +loc_fffad2b7: ; not directly referenced +mov eax, dword [edi] +shr eax, 0xa +imul eax, esi -loc_fffad142: ; not directly referenced -cmp ecx, 1 -ja short loc_fffad153 ; ja 0xfffad153 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffad17d ; je 0xfffad17d +loc_fffad2bf: ; not directly referenced +dec eax +call fcn_fffb396b ; call 0xfffb396b +imul esi, dword [ebp - 0x38], 0x28 +lea edx, [esi + 0x4808] +and eax, 0x7f +mov dword [ebp - 0x3c], eax +mov ecx, eax +mov eax, dword [ebp - 0x2c] +or ecx, 0x400000 +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp - 0x3c] +lea edx, [esi + 0x480c] +mov eax, dword [ebp - 0x2c] +or ecx, 0x8000000 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffad153: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffad2fc: ; not directly referenced +inc dword [ebp - 0x38] +add edi, 0x13c3 +cmp dword [ebp - 0x38], 2 +jne loc_fffad244 ; jne 0xfffad244 -loc_fffad17d: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffad142 ; jne 0xfffad142 -add esp, 0x30 -mov eax, 1 +loc_fffad30f: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffad193: ; not directly referenced +fcn_fffad317: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi +movzx esi, dl push ebx -sub esp, 0x30 -mov dword [ebp - 0x20], 0x10 +mov ebx, eax +imul eax, esi, 0x13c3 +sub esp, 0x1c +and cl, byte [ebx + eax + 0x381b] +mov edi, ecx +and edi, 0xf +jne short loc_fffad369 ; jne 0xfffad369 +xor ecx, ecx +mov eax, ebx +lea edx, [esi*4 + 0x4930] +lea esi, [esi*8 + 0x48a8] +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, esi +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, esi +and ah, 0xf7 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffad3e6 ; jmp 0xfffad3e6 -loc_fffad1a5: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffad1bd ; ja 0xfffad1bd -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je loc_fffad312 ; je 0xfffad312 +loc_fffad369: ; not directly referenced +movzx edx, cl +xor eax, eax +xor edi, edi +mov byte [ebp - 0x19], 0 +mov dword [ebp - 0x20], edx -loc_fffad1bd: ; not directly referenced -imul esi, ecx, 0x2e -imul eax, eax, 0x23 -lea edi, [ecx*8 + 0x3756] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x30], esi -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x38], edi -mov dword [ebp - 0x3c], eax +loc_fffad377: ; not directly referenced +mov edx, dword [ebp - 0x20] +bt edx, eax +jae short loc_fffad38f ; jae 0xfffad38f +movzx ecx, byte [ebp - 0x19] +mov edx, eax +inc byte [ebp - 0x19] +shl ecx, 2 +shl edx, cl +or edi, edx -loc_fffad1e2: ; not directly referenced -mov edi, dword [ebp - 0x24] -mov esi, dword [ebp - 0x38] -mov dword [ebp - 0x28], 0 -imul eax, edi, 0x13c3 -imul edx, edi, 0x54a -mov edi, dword [ebp + 8] -lea ebx, [esi + eax] -mov esi, dword [ebp + 8] -add ebx, dword [ebp + 8] -lea edi, [edi + edx + 0x1973] -mov dword [ebp - 0x34], ebx -lea esi, [esi + eax + 0x49bf] +loc_fffad38f: ; not directly referenced +inc eax +cmp eax, 4 +jne short loc_fffad377 ; jne 0xfffad377 +mov ecx, edi +mov eax, ebx +lea edx, [esi*4 + 0x4930] +call fcn_fffb3381 ; call 0xfffb3381 +mov cl, byte [ebp - 0x19] +lea edi, [esi*8] +lea edx, [edi + 0x48ef] +mov eax, ebx +add edi, 0x48a8 +dec ecx +movzx ecx, cl +call fcn_fffb335b ; call 0xfffb335b +mov edx, edi +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +mov edi, 1 +or ah, 8 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, esi +shl edi, cl -loc_fffad218: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffad2eb ; jne 0xfffad2eb -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x28] -mov ebx, dword [esi + eax - 0xf2] -mov eax, dword [ebp - 0x34] -mov eax, dword [eax + edx + 0xc9] -mov edx, dword [esi - 0x21] -mov dword [ebp - 0x2c], eax -mov eax, 0x18 -cmp edx, 2 -cmovne eax, dword [ebp - 0x20] -mov dword [ebp - 0x20], eax -cmp ecx, 1 -je short loc_fffad28f ; je 0xfffad28f -jb short loc_fffad29b ; jb 0xfffad29b -cmp ecx, 3 -ja short loc_fffad29b ; ja 0xfffad29b -cmp ecx, 2 -mov dl, byte [esi] -jne short loc_fffad26d ; jne 0xfffad26d -and dl, 1 -jne short loc_fffad274 ; jne 0xfffad274 -xor eax, eax -jmp short loc_fffad2c9 ; jmp 0xfffad2c9 +loc_fffad3e6: ; not directly referenced +add esp, 0x1c +mov eax, edi +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffad26d: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffad2c9 ; je 0xfffad2c9 +fcn_fffad3f0: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x70 +mov ebx, dword [ebp + 8] +mov dword [ebp - 0x50], 0 +mov byte [ebp - 0x4c], 0 +mov byte [ebp - 0x4b], 0 +mov eax, dword [ebx + 0x2444] +mov byte [ebp - 0x4a], 1 +mov byte [ebp - 0x49], 0 +mov dword [ebp - 0x48], 0 +mov edi, eax +mov dword [ebp - 0x68], eax +mov eax, dword [ebx + 0x188b] +push 0 +push 0x2c +mov dword [ebp - 0x5c], eax +lea eax, [ebp - 0x44] +push eax +mov eax, edi +mov byte [ebp - 0x52], 0 +mov byte [ebp - 0x51], 0 +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp byte [ebx + 0x3749], 1 +je short loc_fffad45e ; je 0xfffad45e +xor esi, esi +cmp byte [ebx + 0x2407], 1 +jne loc_fffad67e ; jne 0xfffad67e -loc_fffad274: ; not directly referenced -mov eax, dword [ebp - 0x3c] -movzx edx, byte [edi + eax + 0x109] -xor eax, eax -test ebx, ebx -je short loc_fffad2c9 ; je 0xfffad2c9 -imul edx, dword [ebp - 0x2c] -lea eax, [ebx + edx - 1] -jmp short loc_fffad2b2 ; jmp 0xfffad2b2 +loc_fffad45e: ; not directly referenced +push esi +mov eax, ebx +push esi +xor esi, esi +push 0 +push 1 +lea ecx, [ebp - 0x51] +lea edx, [ebp - 0x52] +mov word [ebp - 0x1a], 1 +mov word [ebp - 0x1c], 1 +call fcn_fffa8181 ; call 0xfffa8181 +add esp, 0x10 -loc_fffad28f: ; not directly referenced -movzx eax, word [edi + 0x26e] -test ax, ax -jne short loc_fffad2c9 ; jne 0xfffad2c9 +loc_fffad482: ; not directly referenced +imul eax, esi, 0x13c3 +cmp dword [ebx + eax + 0x3757], 2 +jne loc_fffad536 ; jne 0xfffad536 +lea eax, [ebp - 0x48] +mov edx, esi +push ecx +push eax +lea eax, [ebp - 0x50] +push eax +lea eax, [ebp - 0x4c] +push eax +lea eax, [ebp - 0x20] +push eax +lea eax, [ebp - 0x30] +push eax +lea eax, [ebp - 0x34] +push eax +mov eax, ebx +push 0 +lea ecx, [ebp - 0x44] +call fcn_fffacc8a ; call 0xfffacc8a +xor edx, edx +mov eax, 0x1800 +mov ecx, edx +add esp, 0x18 +and ecx, 0xfffffc00 +or ecx, 2 +mov edx, ecx +mov ecx, eax +or ecx, 0x28 +push edx +mov eax, ecx +lea ecx, [esi*8 + 0x48a8] +push eax +mov edx, ecx +mov eax, ebx +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 +cmp dword [ebp - 0x5c], 1 +lea edx, [esi*4 + 0x4980] +lea eax, [edx + 0x20] +cmove edx, eax +xor ecx, ecx +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +imul edx, esi, 0x28 +mov ecx, 0x400000 +mov eax, ebx +add edx, 0x4808 +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, esi +mov ecx, 0x20 +shl edx, 0xa +mov eax, ebx +add edx, 0x4200 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffad29b: ; not directly referenced -xor eax, eax -test ebx, ebx -je short loc_fffad2c9 ; je 0xfffad2c9 -movzx eax, byte [edi + 0x59] -cmp edx, 2 -je short loc_fffad2b8 ; je 0xfffad2b8 -imul eax, dword [ebp - 0x2c] -lea eax, [ebx + eax - 1] +loc_fffad536: ; not directly referenced +inc esi +cmp esi, 2 +jne loc_fffad482 ; jne 0xfffad482 +mov dword [ebp - 0x5c], 0 -loc_fffad2b2: ; not directly referenced -xor edx, edx -div ebx -jmp short loc_fffad2c9 ; jmp 0xfffad2c9 +loc_fffad547: ; not directly referenced +movzx eax, byte [ebx + 0x248e] +mov edi, dword [ebp - 0x5c] +bt eax, edi +jb short loc_fffad566 ; jb 0xfffad566 -loc_fffad2b8: ; not directly referenced -xor edx, edx -mov eax, 0xe4e1c0 -div ebx -lea edx, [eax + 1] -test al, 1 -cmovne eax, edx +loc_fffad556: ; not directly referenced +inc dword [ebp - 0x5c] +cmp dword [ebp - 0x5c], 4 +jne short loc_fffad547 ; jne 0xfffad547 +xor esi, esi +jmp near loc_fffad632 ; jmp 0xfffad632 -loc_fffad2c9: ; not directly referenced -mov edx, eax -and edx, 0xfffffff9 -cmp edx, 9 -jne short loc_fffad2d6 ; jne 0xfffad2d6 -inc eax -jmp short loc_fffad2de ; jmp 0xfffad2de +loc_fffad566: ; not directly referenced +mov cl, byte [ebp - 0x5c] +mov esi, 1 +xor edx, edx +mov eax, ebx +shl esi, cl +mov ecx, esi +call fcn_fffad317 ; call 0xfffad317 +mov edx, 1 +mov ecx, esi +mov edi, eax +mov eax, ebx +call fcn_fffad317 ; call 0xfffad317 +mov dl, byte [ebp - 0x5c] +mov dword [ebp - 0x60], 0 +shr dl, 1 +movzx edx, dl +imul edx, edx, 0x128 +or eax, edi +movzx eax, al +mov dword [ebp - 0x64], eax +lea edi, [ebx + edx + 0x49af] +mov dword [ebp - 0x6c], edi -loc_fffad2d6: ; not directly referenced -mov ebx, dword [ebp - 0x20] -cmp eax, ebx -cmova eax, ebx +loc_fffad5b2: ; not directly referenced +mov eax, dword [ebp - 0x60] +xor esi, esi +mov edi, dword [ebp - 0x6c] +mov word [ebp - 0x42], ax +mov word [ebp - 0x3a], ax -loc_fffad2de: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffad5c2: ; not directly referenced +mov eax, dword [ebp - 0x64] +bt eax, esi +jae short loc_fffad608 ; jae 0xfffad608 +mov eax, dword [edi] +lea ecx, [ebp - 0x44] +dec eax +mov word [ebp - 0x38], ax +mov ax, word [edi + 4] +lea edx, [eax - 8] +mov word [ebp - 0x36], dx +shr ax, 3 +push edx +movzx eax, ax +push 0 +mov edx, esi +push 0 +push 0 +push 0 +mov dword [ebp - 0x28], eax +lea eax, [ebp - 0x30] +push eax +push 0 +lea eax, [ebp - 0x3c] +push eax +mov eax, ebx +call fcn_fffacc8a ; call 0xfffacc8a +add esp, 0x20 -loc_fffad2eb: ; not directly referenced -add dword [ebp - 0x28], 0x20 -add esi, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x28], 0x40 -jne loc_fffad218 ; jne 0xfffad218 -inc dword [ebp - 0x24] -cmp dword [ebp - 0x24], 2 -jne loc_fffad1e2 ; jne 0xfffad1e2 +loc_fffad608: ; not directly referenced +inc esi +add edi, 0x13c3 +cmp esi, 2 +jne short loc_fffad5c2 ; jne 0xfffad5c2 +mov edx, dword [ebp - 0x64] +mov eax, ebx +call fcn_fffb33a7 ; call 0xfffb33a7 +mov esi, eax +test eax, eax +jne short loc_fffad632 ; jne 0xfffad632 +inc dword [ebp - 0x60] +cmp dword [ebp - 0x60], 8 +jne short loc_fffad5b2 ; jne 0xfffad5b2 +jmp near loc_fffad556 ; jmp 0xfffad556 -loc_fffad312: ; not directly referenced -inc ecx -cmp ecx, 4 -jne loc_fffad1a5 ; jne 0xfffad1a5 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48f3 +loc_fffad632: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne short loc_fffad64c ; jne 0xfffad64c +mov ecx, 0x3000 +mov edx, 0x48a8 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffad329: ; not directly referenced -cmp ecx, 1 -ja short loc_fffad33a ; ja 0xfffad33a -mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffad364 ; je 0xfffad364 +loc_fffad64c: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffad666 ; jne 0xfffad666 +mov ecx, 0x3000 +mov edx, 0x48b0 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffad33a: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffad666: ; not directly referenced +test esi, esi +je short loc_fffad67e ; je 0xfffad67e +push eax +push eax +mov eax, dword [ebp - 0x68] +push 0xdddc +push ebx +call dword [eax + 0x94] ; ucall +add esp, 0x10 -loc_fffad364: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffad329 ; jne 0xfffad329 -add esp, 0x30 -mov eax, 1 +loc_fffad67e: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, esi pop ebx pop esi pop edi pop ebp ret -fcn_fffad37a: ; not directly referenced +fcn_fffad688: ; not directly referenced push ebp -xor ecx, ecx +movzx edx, dl mov ebp, esp -push edi -push esi push ebx -sub esp, 0x30 -mov dword [ebp - 0x20], 0xf - -loc_fffad38c: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffad3a4 ; ja 0xfffad3a4 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je loc_fffad4f8 ; je 0xfffad4f8 +push ebx +cmp dword [eax + 0x2481], 2 +push 0 +push dword [ebp + 8] +sete bl +shl ebx, 3 +movzx ebx, bl +push ecx +mov ecx, 0xf +push ebx +call fcn_fffa947f ; call 0xfffa947f +mov ebx, dword [ebp - 4] +leave +ret -loc_fffad3a4: ; not directly referenced -imul esi, ecx, 0x2e -imul eax, eax, 0x23 -lea edi, [ecx*8 + 0x3756] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x30], esi -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x38], edi -mov dword [ebp - 0x3c], eax +fcn_fffad6b6: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +xor eax, eax +push ebx +lea esi, [edi + 0x374f] +sub esp, 0x3c +mov byte [ebp - 0x29], 0 +mov dword [ebp - 0x3c], esi -loc_fffad3c9: ; not directly referenced -mov edi, dword [ebp - 0x24] -mov esi, dword [ebp - 0x38] -mov dword [ebp - 0x28], 0 -imul eax, edi, 0x13c3 -imul edx, edi, 0x54a -mov edi, dword [ebp + 8] -lea ebx, [esi + eax] -mov esi, dword [ebp + 8] -add ebx, dword [ebp + 8] -lea edi, [edi + edx + 0x1973] -mov dword [ebp - 0x34], ebx -lea esi, [esi + eax + 0x49bf] +loc_fffad6d0: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x29], 1 +setbe dl +test cl, dl +je loc_fffad819 ; je 0xfffad819 +movzx eax, byte [ebp - 0x29] +imul edx, eax, 0x13c3 +mov dword [ebp - 0x30], eax +lea eax, [edi + edx] +cmp dword [eax + 0x3757], 2 +jne loc_fffad80a ; jne 0xfffad80a +mov ebx, dword [ebp - 0x3c] +xor ecx, ecx +mov dword [ebp - 0x38], eax +lea esi, [ebx + edx + 8] +mov dword [ebp - 0x34], esi +mov esi, 1 -loc_fffad3ff: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffad4d1 ; jne 0xfffad4d1 -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x28] -mov ebx, dword [esi + eax - 0xf2] -mov eax, dword [ebp - 0x34] -mov eax, dword [eax + edx + 0xc9] -mov edx, dword [esi - 0x21] -mov dword [ebp - 0x2c], eax -mov eax, 0xc -cmp edx, 2 -cmovne eax, dword [ebp - 0x20] -mov dword [ebp - 0x20], eax -cmp ecx, 1 -je short loc_fffad476 ; je 0xfffad476 -jb short loc_fffad482 ; jb 0xfffad482 -cmp ecx, 3 -ja short loc_fffad482 ; ja 0xfffad482 -cmp ecx, 2 -mov dl, byte [esi] -jne short loc_fffad454 ; jne 0xfffad454 -and dl, 1 -jne short loc_fffad45b ; jne 0xfffad45b -xor eax, eax -jmp short loc_fffad4bc ; jmp 0xfffad4bc +loc_fffad715: ; not directly referenced +mov edx, dword [ebp - 0x38] +mov eax, 1 +mov bl, cl +shl eax, cl +test byte [edx + 0x381b], al +je loc_fffad7e6 ; je 0xfffad7e6 +cmp byte [edi + 0x247c], 0 +je short loc_fffad753 ; je 0xfffad753 +mov al, cl +mov esi, dword [ebp - 0x34] +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +mov si, word [esi + eax + 0x126d] +jmp near loc_fffad7dc ; jmp 0xfffad7dc -loc_fffad454: ; not directly referenced +loc_fffad753: ; not directly referenced +mov edx, dword [ebp - 0x30] +mov eax, edi +mov dword [ebp - 0x40], ecx +call fcn_fffa6bf0 ; call 0xfffa6bf0 +test eax, eax +je loc_fffad814 ; je 0xfffad814 +mov dl, byte [eax + 1] xor eax, eax -and dl, 2 -je short loc_fffad4bc ; je 0xfffad4bc +mov ecx, dword [ebp - 0x40] +test dl, dl +je short loc_fffad7b4 ; je 0xfffad7b4 +cmp dl, 0x3c +je short loc_fffad79e ; je 0xfffad79e +cmp dl, 0x78 +je short loc_fffad7a2 ; je 0xfffad7a2 +cmp dl, 0x28 +je short loc_fffad7a6 ; je 0xfffad7a6 +cmp dl, 0xf0 +je short loc_fffad7aa ; je 0xfffad7aa +cmp dl, 0x30 +je short loc_fffad7ae ; je 0xfffad7ae +cmp dl, 0x50 +je short loc_fffad7b2 ; je 0xfffad7b2 +cmp dl, 0x22 +mov al, 7 +mov dl, 0 +cmovne eax, edx +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 -loc_fffad45b: ; not directly referenced -mov eax, dword [ebp - 0x3c] -movzx edx, byte [edi + eax + 0x111] -xor eax, eax -test ebx, ebx -je short loc_fffad4bc ; je 0xfffad4bc -imul edx, dword [ebp - 0x2c] -lea eax, [ebx + edx - 1] -jmp short loc_fffad499 ; jmp 0xfffad499 +loc_fffad79e: ; not directly referenced +mov al, 1 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 -loc_fffad476: ; not directly referenced -movzx eax, word [edi + 0x26c] -test ax, ax -jne short loc_fffad4bc ; jne 0xfffad4bc +loc_fffad7a2: ; not directly referenced +mov al, 2 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 -loc_fffad482: ; not directly referenced -xor eax, eax -test ebx, ebx -je short loc_fffad4bc ; je 0xfffad4bc -movzx eax, byte [edi + 0x63] -cmp edx, 2 -je short loc_fffad49f ; je 0xfffad49f -imul eax, dword [ebp - 0x2c] -lea eax, [ebx + eax - 1] +loc_fffad7a6: ; not directly referenced +mov al, 3 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 -loc_fffad499: ; not directly referenced -xor edx, edx -div ebx -jmp short loc_fffad4bc ; jmp 0xfffad4bc +loc_fffad7aa: ; not directly referenced +mov al, 4 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 -loc_fffad49f: ; not directly referenced -mov eax, 0x7270e0 -xor edx, edx -div ebx -mov ebx, eax -mov eax, 5 -cmp ebx, 4 -jbe short loc_fffad4bc ; jbe 0xfffad4bc -cmp ebx, 0xb -mov al, 0xc -cmovne eax, ebx +loc_fffad7ae: ; not directly referenced +mov al, 5 +jmp short loc_fffad7b4 ; jmp 0xfffad7b4 -loc_fffad4bc: ; not directly referenced -mov ebx, dword [ebp - 0x20] -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, ebx -cmova eax, ebx -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffad7b2: ; not directly referenced +mov al, 6 -loc_fffad4d1: ; not directly referenced -add dword [ebp - 0x28], 0x20 -add esi, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x28], 0x40 -jne loc_fffad3ff ; jne 0xfffad3ff -inc dword [ebp - 0x24] -cmp dword [ebp - 0x24], 2 -jne loc_fffad3c9 ; jne 0xfffad3c9 +loc_fffad7b4: ; not directly referenced +shl eax, 8 +and si, 0xf8ff +or esi, eax +mov al, bl +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +add eax, dword [ebp - 0x34] +mov word [eax + 0x126d], si +mov word [eax + 0x1285], si -loc_fffad4f8: ; not directly referenced -inc ecx +loc_fffad7dc: ; not directly referenced +shr bl, 1 +movzx ebx, bl +mov word [ebp + ebx*2 - 0x1c], si + +loc_fffad7e6: ; not directly referenced +add ecx, 2 cmp ecx, 4 -jne loc_fffad38c ; jne 0xfffad38c -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48f1 +jne loc_fffad715 ; jne 0xfffad715 +mov edx, dword [ebp - 0x30] +sub esp, 0xc +mov cl, 1 +lea eax, [ebp - 0x1c] +push eax +mov eax, edi +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +jmp short loc_fffad80c ; jmp 0xfffad80c -loc_fffad50f: ; not directly referenced -cmp ecx, 1 -ja short loc_fffad520 ; ja 0xfffad520 -mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffad54a ; je 0xfffad54a +loc_fffad80a: ; not directly referenced +xor eax, eax -loc_fffad520: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffad80c: ; not directly referenced +inc byte [ebp - 0x29] +jmp near loc_fffad6d0 ; jmp 0xfffad6d0 -loc_fffad54a: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffad50f ; jne 0xfffad50f -add esp, 0x30 +loc_fffad814: ; not directly referenced mov eax, 1 + +loc_fffad819: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffad560: ; not directly referenced +fcn_fffad821: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi +mov esi, eax push ebx -sub esp, 0x34 - -loc_fffad56b: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffad597 ; ja 0xfffad597 -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffad597 ; jne 0xfffad597 - -loc_fffad57f: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffad56b ; jne 0xfffad56b -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48ef -jmp near loc_fffad6bc ; jmp 0xfffad6bc +sub esp, 0x3c +test dl, dl +setne bl +xor eax, eax +imul edi, dword [esi + 0x18a7], 0x2e +and ebx, 1 +lea edx, [esi + 0x374f] +shl ebx, 8 +mov byte [ebp - 0x2d], 0 +mov dword [ebp - 0x3c], edx +mov dword [ebp - 0x40], edi -loc_fffad597: ; not directly referenced -mov eax, dword [ebp + 8] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -lea edi, [eax + 0x3756] -lea eax, [ecx*8] -mov dword [ebp - 0x30], eax -imul eax, ecx, 0x2e +loc_fffad850: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x2d], 1 +setbe dl +test cl, dl +je loc_fffada27 ; je 0xfffada27 +movzx eax, byte [ebp - 0x2d] +mov dword [ebp - 0x34], eax +imul eax, eax, 0x13c3 +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffada11 ; jne 0xfffada11 +mov edx, dword [ebp - 0x3c] +lea eax, [edx + eax + 8] mov dword [ebp - 0x2c], eax +add eax, dword [ebp - 0x40] +mov cx, word [eax + 0x2a] +add eax, 0x20 +movzx edi, word [eax - 0x16] +mov ax, word [eax + 8] +cmp cx, 0xc +setne dl +cmp cx, 0xa +mov word [ebp - 0x38], ax +setne al +test dl, al +je short loc_fffad8df ; je 0xfffad8df +cmp cx, 0x10 +setne dl +cmp cx, 0xe +setne al +test dl, al +je short loc_fffad8df ; je 0xfffad8df +cmp cx, 0x14 +setne dl +cmp cx, 0x12 +setne al +test dl, al +je short loc_fffad8df ; je 0xfffad8df +cmp cx, 0x18 +jne loc_fffada1b ; jne 0xfffada1b -loc_fffad5bf: ; not directly referenced -mov eax, dword [ebp - 0x2c] -xor esi, esi -mov ebx, dword [ebp - 0x20] -add eax, edi -mov dword [ebp - 0x40], eax -mov eax, dword [ebp + 8] -lea ebx, [eax + ebx + 0x1973] -mov eax, dword [ebp - 0x30] -add eax, edi -mov dword [ebp - 0x28], eax - -loc_fffad5de: ; not directly referenced -cmp dword [edi + esi + 0x1173], 2 -jne loc_fffad681 ; jne 0xfffad681 -mov eax, dword [ebp - 0x40] -mov eax, dword [eax + esi + 0x1177] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp - 0x28] -mov edx, dword [eax + 0xc9] -mov eax, dword [eax + 0xcd] -mov dword [ebp - 0x34], edx +loc_fffad8df: ; not directly referenced +movzx eax, word [ebp - 0x38] +add eax, eax +mov edx, eax mov dword [ebp - 0x38], eax -cmp ecx, 1 -je short loc_fffad61e ; je 0xfffad61e -jb short loc_fffad62a ; jb 0xfffad62a -xor eax, eax -cmp ecx, 3 -jbe short loc_fffad669 ; jbe 0xfffad669 -jmp short loc_fffad62a ; jmp 0xfffad62a - -loc_fffad61e: ; not directly referenced -movzx eax, word [ebx + 0x26a] -test ax, ax -jne short loc_fffad669 ; jne 0xfffad669 - -loc_fffad62a: ; not directly referenced +movzx eax, cx +cmp edx, eax +jne loc_fffada22 ; jne 0xfffada22 +cmp di, 0x10 +ja short loc_fffad904 ; ja 0xfffad904 xor eax, eax -cmp dword [edi + esi + 0x1248], 2 -jne short loc_fffad669 ; jne 0xfffad669 -mov dl, byte [ebx + 0x6e] -cmp dword [ebp - 0x24], 0 -mov byte [ebp - 0x39], dl -mov dl, byte [ebx + 0xbf] -mov byte [ebp - 0x3a], dl -je short loc_fffad669 ; je 0xfffad669 -movzx edx, byte [ebp - 0x39] -imul edx, dword [ebp - 0x34] -mov eax, dword [ebp - 0x24] -lea eax, [eax + edx - 1] -movsx edx, byte [ebp - 0x3a] -imul edx, dword [ebp - 0x38] -add eax, edx -xor edx, edx -div dword [ebp - 0x24] +test di, 1 +jne short loc_fffad913 ; jne 0xfffad913 -loc_fffad669: ; not directly referenced -cmp eax, 0xa -mov edx, 0xa -cmova eax, edx -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffad904: ; not directly referenced +mov eax, edi +and eax, 0xfffffffb +cmp ax, 0x12 +setne al +movzx eax, al -loc_fffad681: ; not directly referenced -add esi, 0x128 -add ebx, 0x277 -add dword [ebp - 0x28], 0x20 -cmp esi, 0x250 -jne loc_fffad5de ; jne 0xfffad5de -add dword [ebp - 0x20], 0x54a -add edi, 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffad5bf ; jne 0xfffad5bf -jmp near loc_fffad57f ; jmp 0xfffad57f +loc_fffad913: ; not directly referenced +shl eax, 2 +and ebx, 0xfffffffb +or ebx, eax +cmp di, 0x10 +ja short loc_fffad939 ; ja 0xfffad939 +lea eax, [edi - 9] +mov edi, 2 +cdq +and ebx, 0xffffff8f +idiv edi +and eax, 7 +shl eax, 4 +or ebx, eax +jmp short loc_fffad94a ; jmp 0xfffad94a -loc_fffad6bc: ; not directly referenced -cmp ecx, 1 -ja short loc_fffad6cd ; ja 0xfffad6cd -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffad6f7 ; je 0xfffad6f7 +loc_fffad939: ; not directly referenced +sub edi, 2 +and ebx, 0xffffff8f +sar edi, 2 +and edi, 7 +shl edi, 4 +or ebx, edi -loc_fffad6cd: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffad94a: ; not directly referenced +cmp cx, 0x14 +ja loc_fffad9ff ; ja 0xfffad9ff +mov eax, dword [ebp - 0x38] +mov ecx, 2 +and bh, 0xf1 +sub eax, 0xa +cdq +idiv ecx +and eax, 7 +shl eax, 9 +or ebx, eax -loc_fffad6f7: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffad6bc ; jne 0xfffad6bc -add esp, 0x34 -mov eax, 1 -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffad96d: ; not directly referenced +imul eax, dword [ebp - 0x34], 0x13c3 +test byte [esi + eax + 0x381b], 1 +je short loc_fffad9aa ; je 0xfffad9aa +cmp byte [esi + 0x247c], 0 +jne short loc_fffad99e ; jne 0xfffad99e +mov eax, dword [ebp - 0x2c] +mov word [eax + 0x126b], bx +mov word [eax + 0x1283], bx -fcn_fffad70d: ; not directly referenced -push ebp -xor ecx, ecx -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x34 +loc_fffad998: ; not directly referenced +mov word [ebp - 0x1c], bx +jmp short loc_fffad9aa ; jmp 0xfffad9aa -loc_fffad718: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffad744 ; ja 0xfffad744 -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffad744 ; jne 0xfffad744 +loc_fffad99e: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov bx, word [eax + 0x126b] +jmp short loc_fffad998 ; jmp 0xfffad998 -loc_fffad72c: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffad718 ; jne 0xfffad718 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48ed -jmp near loc_fffad869 ; jmp 0xfffad869 +loc_fffad9aa: ; not directly referenced +imul eax, dword [ebp - 0x34], 0x13c3 +test byte [esi + eax + 0x381b], 4 +je short loc_fffad9e7 ; je 0xfffad9e7 +cmp byte [esi + 0x247c], 0 +jne short loc_fffad9db ; jne 0xfffad9db +mov eax, dword [ebp - 0x2c] +mov word [eax + 0x1393], bx +mov word [eax + 0x13ab], bx -loc_fffad744: ; not directly referenced -mov eax, dword [ebp + 8] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -lea edi, [eax + 0x3756] -lea eax, [ecx*8] -mov dword [ebp - 0x30], eax -imul eax, ecx, 0x2e -mov dword [ebp - 0x2c], eax +loc_fffad9d5: ; not directly referenced +mov word [ebp - 0x1a], bx +jmp short loc_fffad9e7 ; jmp 0xfffad9e7 -loc_fffad76c: ; not directly referenced +loc_fffad9db: ; not directly referenced mov eax, dword [ebp - 0x2c] -xor esi, esi -mov ebx, dword [ebp - 0x20] -add eax, edi -mov dword [ebp - 0x40], eax -mov eax, dword [ebp + 8] -lea ebx, [eax + ebx + 0x1973] -mov eax, dword [ebp - 0x30] -add eax, edi -mov dword [ebp - 0x28], eax +mov bx, word [eax + 0x1393] +jmp short loc_fffad9d5 ; jmp 0xfffad9d5 -loc_fffad78b: ; not directly referenced -cmp dword [edi + esi + 0x1173], 2 -jne loc_fffad82e ; jne 0xfffad82e -mov eax, dword [ebp - 0x40] -mov eax, dword [eax + esi + 0x1177] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp - 0x28] -mov edx, dword [eax + 0xc9] -mov eax, dword [eax + 0xcd] -mov dword [ebp - 0x34], edx -mov dword [ebp - 0x38], eax -cmp ecx, 1 -je short loc_fffad7cb ; je 0xfffad7cb -jb short loc_fffad7d7 ; jb 0xfffad7d7 -xor eax, eax -cmp ecx, 3 -jbe short loc_fffad816 ; jbe 0xfffad816 -jmp short loc_fffad7d7 ; jmp 0xfffad7d7 +loc_fffad9e7: ; not directly referenced +mov edx, dword [ebp - 0x34] +sub esp, 0xc +xor ecx, ecx +lea eax, [ebp - 0x1c] +push eax +mov eax, esi +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +jmp short loc_fffada13 ; jmp 0xfffada13 -loc_fffad7cb: ; not directly referenced -movzx eax, word [ebx + 0x268] -test ax, ax -jne short loc_fffad816 ; jne 0xfffad816 +loc_fffad9ff: ; not directly referenced +shl ecx, 7 +and bh, 0xf1 +and cx, 0xe00 +or ebx, ecx +jmp near loc_fffad96d ; jmp 0xfffad96d -loc_fffad7d7: ; not directly referenced +loc_fffada11: ; not directly referenced xor eax, eax -cmp dword [edi + esi + 0x1248], 2 -jne short loc_fffad816 ; jne 0xfffad816 -mov dl, byte [ebx + 0x6f] -cmp dword [ebp - 0x24], 0 -mov byte [ebp - 0x39], dl -mov dl, byte [ebx + 0xbe] -mov byte [ebp - 0x3a], dl -je short loc_fffad816 ; je 0xfffad816 -movzx edx, byte [ebp - 0x39] -imul edx, dword [ebp - 0x34] -mov eax, dword [ebp - 0x24] -lea eax, [eax + edx - 1] -movsx edx, byte [ebp - 0x3a] -imul edx, dword [ebp - 0x38] -add eax, edx -xor edx, edx -div dword [ebp - 0x24] - -loc_fffad816: ; not directly referenced -cmp eax, 0xf -mov edx, 0xf -cmova eax, edx -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffad82e: ; not directly referenced -add esi, 0x128 -add ebx, 0x277 -add dword [ebp - 0x28], 0x20 -cmp esi, 0x250 -jne loc_fffad78b ; jne 0xfffad78b -add dword [ebp - 0x20], 0x54a -add edi, 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffad76c ; jne 0xfffad76c -jmp near loc_fffad72c ; jmp 0xfffad72c +loc_fffada13: ; not directly referenced +inc byte [ebp - 0x2d] +jmp near loc_fffad850 ; jmp 0xfffad850 -loc_fffad869: ; not directly referenced -cmp ecx, 1 -ja short loc_fffad87a ; ja 0xfffad87a -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffad8a4 ; je 0xfffad8a4 +loc_fffada1b: ; not directly referenced +mov eax, 0xd +jmp short loc_fffada27 ; jmp 0xfffada27 -loc_fffad87a: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffada22: ; not directly referenced +mov eax, 0x1d -loc_fffad8a4: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffad869 ; jne 0xfffad869 -add esp, 0x34 -mov eax, 1 +loc_fffada27: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffad8ba: ; not directly referenced +fcn_fffada2f: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x30 +mov ebx, 0x100 +sub esp, 0x90 +mov esi, dword [ebp + 8] +lea edx, [ebp - 0x44] +mov dword [ebp - 0x48], 1 +mov eax, dword [esi + 0x2444] +push 0 +push 0x2c +push edx +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp dword [esi + 0x3757], 2 +jne short loc_fffada93 ; jne 0xfffada93 +xor edi, edi -loc_fffad8c5: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffad8f1 ; ja 0xfffad8f1 -mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -jne short loc_fffad8f1 ; jne 0xfffad8f1 +loc_fffada69: ; not directly referenced +mov eax, edi +cmp al, byte [esi + 0x2489] +jae short loc_fffada93 ; jae 0xfffada93 +movzx eax, al +and ebx, 0xffffff80 +mov edx, eax +inc edi +and edx, 0x7f +or ebx, edx +mov ecx, ebx +lea edx, [eax*4 + 0x40f0] +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffada69 ; jmp 0xfffada69 -loc_fffad8d9: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffad8c5 ; jne 0xfffad8c5 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48eb -jmp near loc_fffada12 ; jmp 0xfffada12 +loc_fffada93: ; not directly referenced +xor edi, edi +cmp dword [esi + 0x4b1a], 2 +je short loc_fffadaa9 ; je 0xfffadaa9 -loc_fffad8f1: ; not directly referenced -mov edi, dword [ebp + 8] -imul esi, ecx, 0x2e -imul eax, eax, 0x23 -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x24], 0 -lea ebx, [edi + 0x49bf] -mov dword [ebp - 0x2c], ebx -lea ebx, [ecx*8 - 0x1269] -mov dword [ebp - 0x30], esi -mov dword [ebp - 0x38], ebx -mov dword [ebp - 0x3c], eax +loc_fffada9e: ; not directly referenced +mov byte [ebp - 0x65], 0 +xor edi, edi +jmp near loc_fffadc40 ; jmp 0xfffadc40 -loc_fffad922: ; not directly referenced -mov eax, dword [ebp - 0x38] -mov esi, dword [ebp - 0x2c] -mov edi, dword [ebp - 0x24] -mov dword [ebp - 0x20], 0 -add eax, esi -mov dword [ebp - 0x34], eax -mov eax, dword [ebp + 8] -lea edi, [eax + edi + 0x1973] +loc_fffadaa9: ; not directly referenced +mov eax, edi +cmp al, byte [esi + 0x2489] +jae short loc_fffada9e ; jae 0xfffada9e +mov eax, edi +and ebx, 0xffffff80 +movzx eax, al +inc edi +mov edx, eax +and edx, 0x7f +or ebx, edx +mov ecx, ebx +lea edx, [eax*4 + 0x44f0] +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffadaa9 ; jmp 0xfffadaa9 -loc_fffad941: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffad9d8 ; jne 0xfffad9d8 -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x20] -mov ebx, dword [esi + eax - 0xf2] -mov eax, dword [ebp - 0x34] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x28], eax -cmp ecx, 1 -je short loc_fffad99e ; je 0xfffad99e -jb short loc_fffad9aa ; jb 0xfffad9aa -cmp ecx, 3 -ja short loc_fffad9aa ; ja 0xfffad9aa -cmp ecx, 2 -mov dl, byte [esi] -jne short loc_fffad984 ; jne 0xfffad984 -and dl, 1 -jne short loc_fffad98b ; jne 0xfffad98b -xor eax, eax -jmp short loc_fffad9c0 ; jmp 0xfffad9c0 +loc_fffadad5: ; not directly referenced +mov cl, byte [ebp - 0x65] +xor edi, edi +mov dword [ebp - 0x5c], 1 +shl dword [ebp - 0x5c], cl +movzx eax, cl +mov dword [ebp - 0x7c], eax +mov al, byte [ebp - 0x5c] +test byte [esi + 0x248e], al +je loc_fffadc3d ; je 0xfffadc3d +mov ecx, dword [ebp - 0x5c] +xor edx, edx +mov eax, esi +call fcn_fffad317 ; call 0xfffad317 +mov ecx, dword [ebp - 0x5c] +mov edx, 1 +mov byte [ebp - 0x4a], 0 +mov bl, al +mov eax, esi +call fcn_fffad317 ; call 0xfffad317 +imul ecx, dword [ebp - 0x7c], 0x18 +mov byte [ebp - 0x49], 0 +mov dword [ebp - 0x80], 0 +mov dword [ebp - 0x8c], ecx +lea ecx, [esi + ecx + 0x49c2] +or eax, ebx +movzx eax, al +mov dword [ebp - 0x90], ecx +mov dword [ebp - 0x64], eax -loc_fffad984: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffad9c0 ; je 0xfffad9c0 +loc_fffadb44: ; not directly referenced +mov ecx, dword [ebp - 0x7c] +lea eax, [ebp - 0x48] +push ebx +push ebx +mov ebx, edi +push eax +mov eax, esi +push 1 +xor edi, edi +lea edx, [ebp - 0x44] +call fcn_fffad0c1 ; call 0xfffad0c1 +mov cl, byte [ebp - 0x80] +add esp, 0x10 +mov eax, dword [ebp - 0x90] +mov dword [ebp - 0x84], 1 +shl dword [ebp - 0x84], cl +mov dword [ebp - 0x60], eax -loc_fffad98b: ; not directly referenced -mov eax, dword [ebp - 0x3c] -movzx edx, byte [edi + eax + 0x112] -xor eax, eax -test ebx, ebx -je short loc_fffad9c0 ; je 0xfffad9c0 -jmp short loc_fffad9b4 ; jmp 0xfffad9b4 +loc_fffadb7c: ; not directly referenced +mov eax, dword [ebp - 0x64] +bt eax, edi +jb loc_fffadc59 ; jb 0xfffadc59 -loc_fffad99e: ; not directly referenced -movzx eax, word [edi + 0x266] -test ax, ax -jne short loc_fffad9c0 ; jne 0xfffad9c0 +loc_fffadb88: ; not directly referenced +inc edi +add dword [ebp - 0x60], 0x13c3 +cmp edi, 2 +jne short loc_fffadb7c ; jne 0xfffadb7c +mov edx, dword [ebp - 0x64] +mov eax, esi +call fcn_fffb33a7 ; call 0xfffb33a7 +test eax, eax +mov edi, eax +lea eax, [esi + 0x49bb] +cmove edi, ebx +mov dword [ebp - 0x84], eax +mov eax, dword [ebp - 0x8c] +xor ebx, ebx +add eax, 7 +mov dword [ebp - 0x94], eax -loc_fffad9aa: ; not directly referenced -xor eax, eax -test ebx, ebx -je short loc_fffad9c0 ; je 0xfffad9c0 -movzx edx, byte [edi + 0x5b] +loc_fffadbc3: ; not directly referenced +mov eax, dword [ebp - 0x64] +bt eax, ebx +jae short loc_fffadbfc ; jae 0xfffadbfc +mov eax, ebx +shl eax, 0xa +add eax, 0x4114 +mov dword [ebp - 0x88], eax +mov byte [ebp - 0x60], 0 +mov byte [ebp - 0x78], 0 -loc_fffad9b4: ; not directly referenced -imul edx, dword [ebp - 0x28] -lea eax, [ebx + edx - 1] -xor edx, edx -div ebx +loc_fffadbe3: ; not directly referenced +mov al, byte [ebp - 0x78] +cmp al, byte [esi + 0x2489] +jb loc_fffadceb ; jb 0xfffadceb +cmp byte [ebp - 0x60], 0 +jne loc_fffadd2d ; jne 0xfffadd2d -loc_fffad9c0: ; not directly referenced -cmp dword [ebp + ecx*4 - 0x1c], 4 -mov edx, 4 -cmovae edx, dword [ebp + ecx*4 - 0x1c] -cmp edx, eax -cmovae eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffadbfc: ; not directly referenced +inc ebx +add dword [ebp - 0x84], 0x13c3 +cmp ebx, 2 +jne short loc_fffadbc3 ; jne 0xfffadbc3 +inc dword [ebp - 0x80] +cmp dword [ebp - 0x80], 8 +jne loc_fffadb44 ; jne 0xfffadb44 +test byte [ebp - 0x64], 1 +je short loc_fffadc2b ; je 0xfffadc2b +cmp byte [ebp - 0x4a], 0xff +mov eax, 0x1f +cmovne edi, eax -loc_fffad9d8: ; not directly referenced -add dword [ebp - 0x20], 0x20 -add esi, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x20], 0x40 -jne loc_fffad941 ; jne 0xfffad941 -add dword [ebp - 0x24], 0x54a -add dword [ebp - 0x2c], 0x13c3 -cmp dword [ebp - 0x24], 0xa94 -jne loc_fffad922 ; jne 0xfffad922 -jmp near loc_fffad8d9 ; jmp 0xfffad8d9 +loc_fffadc2b: ; not directly referenced +test byte [ebp - 0x64], 2 +je short loc_fffadc3d ; je 0xfffadc3d +cmp byte [ebp - 0x49], 0xff +mov eax, 0x1f +cmovne edi, eax -loc_fffada12: ; not directly referenced -cmp ecx, 1 -ja short loc_fffada23 ; ja 0xfffada23 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffada4d ; je 0xfffada4d +loc_fffadc3d: ; not directly referenced +inc byte [ebp - 0x65] -loc_fffada23: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffadc40: ; not directly referenced +test edi, edi +sete dl +cmp byte [ebp - 0x65], 1 +setbe al +test dl, al +jne loc_fffadad5 ; jne 0xfffadad5 +jmp near loc_fffadd8d ; jmp 0xfffadd8d -loc_fffada4d: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffada12 ; jne 0xfffada12 -add esp, 0x30 +loc_fffadc59: ; not directly referenced +cmp byte [ebp + edi - 0x4a], 0xff +je loc_fffadb88 ; je 0xfffadb88 +mov eax, dword [ebp - 0x60] +mov edx, edi +mov cx, word [eax + 6] +push eax +push eax +mov word [ebp - 0x78], cx +mov ecx, dword [ebp - 0x5c] +or word [ebp - 0x78], 0x10 +movzx eax, word [ebp - 0x78] +push eax +mov eax, esi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0xc +mov ecx, dword [ebp - 0x7c] +mov edx, edi +test eax, eax +cmovne ebx, eax +mov eax, dword [ebp - 0x60] +mov ax, word [eax] +push dword [ebp - 0x84] +and eax, 0xfffc +push 0 +or eax, 2 +push eax +mov eax, esi +call fcn_fffac8c3 ; call 0xfffac8c3 +pop edx +mov edx, edi +pop ecx +mov ecx, dword [ebp - 0x5c] +test eax, eax +cmovne ebx, eax +mov eax, dword [ebp - 0x78] +mov dword [ebp - 0x88], ebx +and eax, 0xffef +push eax +mov eax, esi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +mov ebx, eax +test eax, eax +cmove ebx, dword [ebp - 0x88] +jmp near loc_fffadb88 ; jmp 0xfffadb88 + +loc_fffadceb: ; not directly referenced +mov dl, byte [ebp - 0x78] +movzx eax, byte [ebp + ebx - 0x4a] +movzx ecx, dl +bt eax, edx +jb short loc_fffadd25 ; jb 0xfffadd25 +mov eax, dword [ebp - 0x88] +mov dword [ebp - 0x98], ecx +lea edx, [eax + ecx*4] +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x98] +test eax, eax +je short loc_fffadd25 ; je 0xfffadd25 mov eax, 1 +shl eax, cl +or byte [ebp - 0x60], al + +loc_fffadd25: ; not directly referenced +inc byte [ebp - 0x78] +jmp near loc_fffadbe3 ; jmp 0xfffadbe3 + +loc_fffadd2d: ; not directly referenced +movzx eax, byte [ebp - 0x60] +call fcn_fffb38d9 ; call 0xfffb38d9 +mov ecx, dword [ebp - 0x84] +cmp byte [ecx], 8 +movzx eax, al +jne short loc_fffadd47 ; jne 0xfffadd47 +dec eax +jmp short loc_fffadd4a ; jmp 0xfffadd4a + +loc_fffadd47: ; not directly referenced +cmp eax, 2 + +loc_fffadd4a: ; not directly referenced +sete al +mov edx, dword [ebp - 0x94] +movzx eax, al +test eax, eax +mov eax, 0x1f +cmove edi, eax +mov al, byte [ebp - 0x60] +add edx, dword [ebp - 0x84] +or byte [ebp + ebx - 0x4a], al +xor eax, eax + +loc_fffadd6f: ; not directly referenced +cmp byte [edx + eax + 0x10], 0 +jne short loc_fffadd82 ; jne 0xfffadd82 +mov cl, byte [ebp - 0x60] +mov byte [edx + eax + 0x10], cl +jmp near loc_fffadbfc ; jmp 0xfffadbfc + +loc_fffadd82: ; not directly referenced +inc eax +cmp eax, 8 +jne short loc_fffadd6f ; jne 0xfffadd6f +jmp near loc_fffadbfc ; jmp 0xfffadbfc + +loc_fffadd8d: ; not directly referenced +mov cl, byte [esi + 0x247c] +xor edx, edx +mov eax, esi +mov byte [esi + 0x247c], 1 +mov dword [ebp - 0x5c], ecx +call fcn_fffad821 ; call 0xfffad821 +mov ecx, dword [ebp - 0x5c] +mov byte [esi + 0x247c], cl +test eax, eax +mov ebx, eax +mov eax, esi +cmove ebx, edi +call fcn_fffaa4a9 ; call 0xfffaa4a9 +lea esp, [ebp - 0xc] +mov eax, ebx pop ebx pop esi pop edi pop ebp ret -fcn_fffada63: ; not directly referenced +fcn_fffaddc7: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x38 -mov edi, dword [ebp + 8] -mov byte [ebp - 0x1d], 0 -lea eax, [edi + 0x3756] -mov dword [ebp - 0x40], eax - -loc_fffada7e: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffada93 ; ja 0xfffada93 -cmp byte [edi + 0x3749], 0 -je loc_fffadbac ; je 0xfffadbac +mov ebx, eax +lea esi, [ebx + 0x374f] +sub esp, 0x3c +xor eax, eax +mov byte [ebp - 0x2b], 0 +mov dword [ebp - 0x40], esi -loc_fffada93: ; not directly referenced -lea eax, [edi + 0x48c9] -mov dword [ebp - 0x3c], eax -imul eax, ecx, 0x2e -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x28], 0 -mov dword [ebp - 0x38], eax -mov eax, dword [ebp - 0x40] +loc_fffadde1: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x2b], 1 +setbe dl +test cl, dl +je loc_fffadf25 ; je 0xfffadf25 +movzx eax, byte [ebp - 0x2b] +imul edx, eax, 0x13c3 mov dword [ebp - 0x34], eax +lea eax, [ebx + edx] +cmp dword [eax + 0x3757], 2 +jne loc_fffadf16 ; jne 0xfffadf16 +mov esi, dword [ebp - 0x40] +mov dword [ebp - 0x30], 0 +mov dword [ebp - 0x3c], eax +lea esi, [esi + edx + 8] +mov dword [ebp - 0x38], esi +xor esi, esi -loc_fffadab7: ; not directly referenced -mov eax, dword [ebp - 0x28] -mov ebx, dword [ebp - 0x3c] -mov dword [ebp - 0x2c], 0 -lea eax, [edi + eax + 0x1973] -mov dword [ebp - 0x30], eax - -loc_fffadace: ; not directly referenced -cmp dword [ebx], 2 -jne loc_fffadb6f ; jne 0xfffadb6f -cmp dword [ebx + 0xd5], 3 -jne loc_fffadb6f ; jne 0xfffadb6f -mov eax, dword [ebp - 0x38] -mov esi, dword [ebp - 0x2c] -mov eax, dword [ebx + eax + 4] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp - 0x34] -mov edx, dword [eax + esi + 0xc9] -mov eax, dword [eax + esi + 0xcd] -mov dword [ebp - 0x44], eax -cmp ecx, 1 -jne short loc_fffadb19 ; jne 0xfffadb19 -mov eax, dword [ebp - 0x30] -movzx eax, word [eax + 0x264] -test ax, ax -jne short loc_fffadb3f ; jne 0xfffadb3f +loc_fffade28: ; not directly referenced +mov edi, dword [ebp - 0x30] +mov eax, edi +mov ecx, edi +mov edi, dword [ebp - 0x3c] +mov byte [ebp - 0x2c], al +mov eax, 1 +shl eax, cl +test byte [edi + 0x381b], al +je loc_fffadeed ; je 0xfffadeed +cmp byte [ebx + 0x247c], 0 +je short loc_fffade6b ; je 0xfffade6b +mov al, cl +mov edx, dword [ebp - 0x38] +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +mov si, word [edx + eax + 0x126d] +jmp short loc_fffadee0 ; jmp 0xfffadee0 -loc_fffadb19: ; not directly referenced -cmp dword [ebp - 0x24], 0 -je short loc_fffadb62 ; je 0xfffadb62 -mov esi, dword [ebp - 0x30] -movzx eax, byte [esi + 0x6f] -imul edx, eax -mov eax, dword [ebp - 0x24] -lea edx, [eax + edx - 1] -movsx eax, byte [esi + 0x70] -imul eax, dword [ebp - 0x44] -add eax, edx -xor edx, edx -div dword [ebp - 0x24] +loc_fffade6b: ; not directly referenced +mov al, byte [ebp - 0x2c] +mov edx, dword [ebp - 0x34] +shr al, 1 +movzx edi, al +mov eax, ebx +mov ecx, edi +call fcn_fffa6998 ; call 0xfffa6998 +test eax, eax +je loc_fffadf20 ; je 0xfffadf20 +mov edx, dword [ebx + 0x1887] +cmp edx, 0x306d0 +sete cl +cmp edx, 0x40650 +sete dl +or cl, dl +je short loc_fffadeac ; je 0xfffadeac +cmp dword [ebx + 0x2481], 1 +je short loc_fffadeb2 ; je 0xfffadeb2 -loc_fffadb3f: ; not directly referenced -cmp eax, 3 -jbe short loc_fffadb62 ; jbe 0xfffadb62 -mov esi, dword [ebp - 0x38] -movzx edx, word [ebx + esi + 0x1e] -mov esi, eax -sub esi, edx -cmp esi, 3 -ja short loc_fffadb62 ; ja 0xfffadb62 -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffadeac: ; not directly referenced +movzx ecx, byte [eax + 1] +jmp short loc_fffadeb4 ; jmp 0xfffadeb4 -loc_fffadb62: ; not directly referenced -mov dl, byte [ebp - 0x1d] -mov al, 1 -test dl, dl -cmove edx, eax -mov byte [ebp - 0x1d], dl +loc_fffadeb2: ; not directly referenced +xor ecx, ecx -loc_fffadb6f: ; not directly referenced -add dword [ebp - 0x2c], 0x20 -add ebx, 0x128 -add dword [ebp - 0x30], 0x277 -cmp dword [ebp - 0x2c], 0x40 -jne loc_fffadace ; jne 0xfffadace -add dword [ebp - 0x28], 0x54a -add dword [ebp - 0x3c], 0x13c3 -add dword [ebp - 0x34], 0x13c3 -cmp dword [ebp - 0x28], 0xa94 -jne loc_fffadab7 ; jne 0xfffadab7 +loc_fffadeb4: ; not directly referenced +sub esp, 0xc +mov edx, ebx +push esi +lea eax, [ebp - 0x2a] +call fcn_fffa6b7f ; call 0xfffa6b7f +imul edi, edi, 0x128 +mov si, word [ebp - 0x2a] +add edi, dword [ebp - 0x38] +add esp, 0x10 +mov word [edi + 0x126d], si +mov word [edi + 0x1285], si -loc_fffadbac: ; not directly referenced -inc ecx -add dword [ebp - 0x40], 8 -cmp ecx, 4 -jne loc_fffada7e ; jne 0xfffada7e -mov al, byte [ebp - 0x1d] -test al, al -je short loc_fffadc0d ; je 0xfffadc0d -lea eax, [edi + 0x48e9] -mov ecx, 0xfffffffe +loc_fffadee0: ; not directly referenced +mov al, byte [ebp - 0x2c] +shr al, 1 +movzx eax, al +mov word [ebp + eax*2 - 0x1c], si -loc_fffadbcc: ; not directly referenced -cmp ecx, 1 -ja short loc_fffadbda ; ja 0xfffadbda -cmp byte [edi + 0x3749], 0 -je short loc_fffadc04 ; je 0xfffadc04 +loc_fffadeed: ; not directly referenced +add dword [ebp - 0x30], 2 +cmp dword [ebp - 0x30], 4 +jne loc_fffade28 ; jne 0xfffade28 +mov edx, dword [ebp - 0x34] +sub esp, 0xc +mov ecx, 1 +lea eax, [ebp - 0x1c] +push eax +mov eax, ebx +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +jmp short loc_fffadf18 ; jmp 0xfffadf18 -loc_fffadbda: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffadf16: ; not directly referenced +xor eax, eax -loc_fffadc04: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffadbcc ; jne 0xfffadbcc +loc_fffadf18: ; not directly referenced +inc byte [ebp - 0x2b] +jmp near loc_fffadde1 ; jmp 0xfffadde1 -loc_fffadc0d: ; not directly referenced -add esp, 0x38 +loc_fffadf20: ; not directly referenced mov eax, 1 + +loc_fffadf25: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffadc1a: ; not directly referenced +fcn_fffadf2d: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi +mov esi, eax push ebx -sub esp, 0x40 -mov eax, dword [ebp + 8] -mov dword [ebp - 0x3c], 0 -add eax, 0x3756 -mov dword [ebp - 0x2c], eax - -loc_fffadc37: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffadc6b ; ja 0xfffadc6b -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffadc6b ; jne 0xfffadc6b - -loc_fffadc4b: ; not directly referenced -inc ecx -add dword [ebp - 0x3c], 0x23 -add dword [ebp - 0x2c], 8 -cmp ecx, 4 -jne short loc_fffadc37 ; jne 0xfffadc37 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48e7 -jmp near loc_fffaddd7 ; jmp 0xfffaddd7 - -loc_fffadc6b: ; not directly referenced -mov eax, dword [ebp + 8] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x28], 0 -add eax, 0x49bf -mov dword [ebp - 0x40], eax -imul eax, ecx, 0x2e -mov dword [ebp - 0x44], eax -mov eax, dword [ebp - 0x2c] -mov dword [ebp - 0x30], eax -mov eax, dword [ebp - 0x3c] -lea esi, [eax + 0x18b] -add eax, 0xbb -mov dword [ebp - 0x48], esi -mov dword [ebp - 0x4c], eax - -loc_fffadca5: ; not directly referenced -mov eax, dword [ebp + 8] -mov ebx, dword [ebp - 0x28] -mov esi, dword [ebp - 0x40] -mov dword [ebp - 0x24], 0 -lea ebx, [eax + ebx + 0x1973] - -loc_fffadcbc: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffadd96 ; jne 0xfffadd96 -mov eax, dword [ebp - 0x44] -mov edi, dword [ebp - 0x24] -mov eax, dword [esi + eax - 0xf2] -mov dword [ebp - 0x20], eax -mov eax, dword [ebp - 0x30] -mov edx, dword [eax + edi + 0xc9] -mov eax, dword [eax + edi + 0xcd] -mov dword [ebp - 0x34], edx -mov dword [ebp - 0x38], eax +sub esp, 0x3c +mov edi, dword [esi + 0x2481] +mov dword [ebp - 0x3c], ecx +mov dword [ebp - 0x38], edi cmp ecx, 1 -je short loc_fffadd41 ; je 0xfffadd41 -jb short loc_fffadd4d ; jb 0xfffadd4d -cmp ecx, 3 -ja short loc_fffadd4d ; ja 0xfffadd4d +je short loc_fffadf70 ; je 0xfffadf70 +jb short loc_fffadf60 ; jb 0xfffadf60 cmp ecx, 2 -mov dl, byte [esi] -jne short loc_fffadd0c ; jne 0xfffadd0c -and dl, 1 -jne short loc_fffadd13 ; jne 0xfffadd13 -xor eax, eax -jmp short loc_fffadd89 ; jmp 0xfffadd89 +je short loc_fffadf67 ; je 0xfffadf67 +cmp ecx, 3 +jne loc_fffae060 ; jne 0xfffae060 +mov edi, 0xc3 +jmp short loc_fffadf6c ; jmp 0xfffadf6c -loc_fffadd0c: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffadd89 ; je 0xfffadd89 +loc_fffadf60: ; not directly referenced +mov edi, 0xff +jmp short loc_fffadf75 ; jmp 0xfffadf75 -loc_fffadd13: ; not directly referenced -mov edx, dword [esi - 0x21] -mov eax, dword [ebp - 0x4c] -mov edi, dword [ebp - 0x48] -and edx, 0xfffffffd -add eax, ebx -add edi, ebx -dec edx -cmovne eax, edi -xor edi, edi -cmp byte [esi + 1], 0x13 -movzx edx, byte [eax + 6] -jne short loc_fffadd37 ; jne 0xfffadd37 -movsx edi, byte [eax + 0x1c] +loc_fffadf67: ; not directly referenced +mov edi, 0x56 -loc_fffadd37: ; not directly referenced +loc_fffadf6c: ; not directly referenced xor eax, eax -cmp dword [ebp - 0x20], 0 -je short loc_fffadd89 ; je 0xfffadd89 -jmp short loc_fffadd73 ; jmp 0xfffadd73 +jmp short loc_fffadf7a ; jmp 0xfffadf7a -loc_fffadd41: ; not directly referenced -movzx eax, word [ebx + 0x262] -test ax, ax -jne short loc_fffadd89 ; jne 0xfffadd89 +loc_fffadf70: ; not directly referenced +mov edi, 0xab -loc_fffadd4d: ; not directly referenced -xor eax, eax -cmp dword [ebp - 0x20], 0 -je short loc_fffadd89 ; je 0xfffadd89 -mov eax, dword [esi - 0x21] -and eax, 0xfffffffd -dec eax -jne short loc_fffadd68 ; jne 0xfffadd68 -movzx edx, byte [ebx + 0x5c] -movsx edi, byte [ebx + 0x6d] -jmp short loc_fffadd73 ; jmp 0xfffadd73 +loc_fffadf75: ; not directly referenced +mov eax, 0x400 -loc_fffadd68: ; not directly referenced -movzx edx, byte [ebx + 0x62] -movsx edi, byte [ebx + 0xc1] +loc_fffadf7a: ; not directly referenced +mov word [ebp - 0x1c], ax +movzx ecx, dl +xor ebx, ebx +mov word [ebp - 0x1a], ax +lea eax, [esi + 0x3757] +mov dword [ebp - 0x34], eax +xor eax, eax +mov byte [ebp - 0x2d], 1 +mov dword [ebp - 0x40], ecx -loc_fffadd73: ; not directly referenced -imul edx, dword [ebp - 0x34] -mov eax, dword [ebp - 0x20] -imul edi, dword [ebp - 0x38] -lea eax, [eax + edx - 1] -xor edx, edx -add eax, edi -div dword [ebp - 0x20] +loc_fffadf99: ; not directly referenced +mov ecx, dword [ebp - 0x34] +cmp dword [ecx], 2 +jne loc_fffae039 ; jne 0xfffae039 +mov ecx, dword [ebp - 0x40] +bt ecx, ebx +jae loc_fffae039 ; jae 0xfffae039 +lea edx, [ebx + 1] +bt ecx, edx +jb short loc_fffadfc8 ; jb 0xfffadfc8 +mov cl, byte [ebp - 0x2d] +mov dl, 7 +cmp dword [ebp - 0x3c], 2 +cmove ecx, edx +mov byte [ebp - 0x2d], cl -loc_fffadd89: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffadfc8: ; not directly referenced +cmp dword [ebp - 0x38], 3 +jne short loc_fffae00a ; jne 0xfffae00a +mov dword [ebp - 0x2c], 0 -loc_fffadd96: ; not directly referenced -add dword [ebp - 0x24], 0x20 -add esi, 0x128 -add ebx, 0x277 -cmp dword [ebp - 0x24], 0x40 -jne loc_fffadcbc ; jne 0xfffadcbc -add dword [ebp - 0x28], 0x54a -add dword [ebp - 0x40], 0x13c3 -add dword [ebp - 0x30], 0x13c3 -cmp dword [ebp - 0x28], 0xa94 -jne loc_fffadca5 ; jne 0xfffadca5 -jmp near loc_fffadc4b ; jmp 0xfffadc4b +loc_fffadfd5: ; not directly referenced +mov cl, byte [ebp - 0x2c] +mov edx, 1 +shl edx, cl +mov ecx, dword [ebp - 0x34] +test byte [ecx + 0xc4], dl +je short loc_fffadfff ; je 0xfffadfff +mov ecx, dword [ebp - 0x2c] +mov edx, ebx +push eax +mov eax, esi +push 0 +push edi +push 0xa +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 -loc_fffaddd7: ; not directly referenced -cmp ecx, 1 -ja short loc_fffadde8 ; ja 0xfffadde8 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffade12 ; je 0xfffade12 +loc_fffadfff: ; not directly referenced +inc dword [ebp - 0x2c] +cmp dword [ebp - 0x2c], 4 +jne short loc_fffadfd5 ; jne 0xfffadfd5 +jmp short loc_fffae039 ; jmp 0xfffae039 -loc_fffadde8: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffae00a: ; not directly referenced +cmp dword [ebp - 0x38], 2 +movzx eax, byte [ebp - 0x2d] +jne short loc_fffae01f ; jne 0xfffae01f +push eax +lea eax, [ebp - 0x1c] +push eax +push 0 +push 0xe +jmp short loc_fffae028 ; jmp 0xfffae028 -loc_fffade12: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffaddd7 ; jne 0xfffaddd7 -add esp, 0x40 -mov eax, 1 +loc_fffae01f: ; not directly referenced +push eax +lea eax, [ebp - 0x1c] +push eax +push 0 +push 6 + +loc_fffae028: ; not directly referenced +mov ecx, 0xf +mov edx, ebx +mov eax, esi +call fcn_fffa947f ; call 0xfffa947f +add esp, 0x10 + +loc_fffae039: ; not directly referenced +inc ebx +add dword [ebp - 0x34], 0x13c3 +cmp ebx, 2 +jne loc_fffadf99 ; jne 0xfffadf99 +cmp dword [ebp - 0x3c], 1 +mov ebx, eax +ja short loc_fffae065 ; ja 0xfffae065 +mov edx, 0x13 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp short loc_fffae065 ; jmp 0xfffae065 + +loc_fffae060: ; not directly referenced +mov ebx, 2 + +loc_fffae065: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, ebx pop ebx pop esi pop edi pop ebp ret -fcn_fffade28: ; not directly referenced +fcn_fffae06f: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi +xor esi, esi push ebx -sub esp, 0x30 -mov esi, dword [ebp + 8] - -loc_fffade36: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffade5d ; ja 0xfffade5d -cmp byte [esi + 0x3749], 0 -jne short loc_fffade5d ; jne 0xfffade5d - -loc_fffade47: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffade36 ; jne 0xfffade36 -lea eax, [esi + 0x48e5] -mov ecx, 0xfffffffe -jmp near loc_fffadf55 ; jmp 0xfffadf55 +sub esp, 0x4c +mov ebx, dword [ebp + 8] +mov byte [ebp - 0x28], 2 +mov byte [ebp - 0x27], 0x40 +mov byte [ebp - 0x26], 1 +mov byte [ebp - 0x25], 0x43 +mov byte [ebp - 0x24], 3 +mov byte [ebp - 0x23], 1 +mov byte [ebp - 0x22], 0xb +mov byte [ebp - 0x21], 3 +mov dword [ebp - 0x50], 0 -loc_fffade5d: ; not directly referenced -lea eax, [esi + 0x48c9] -mov dword [ebp - 0x2c], eax -imul eax, ecx, 0x2e -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -mov dword [ebp - 0x30], eax -lea eax, [ecx*8 - 0x1173] -mov dword [ebp - 0x3c], eax +loc_fffae0a4: ; not directly referenced +imul eax, esi, 0x13c3 +cmp dword [ebx + eax + 0x3757], 2 +jne short loc_fffae0ef ; jne 0xfffae0ef +mov edi, esi +mov eax, ebx +shl edi, 0xa +add edi, 0x4004 +mov edx, edi +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebp + esi*4 - 0x20], eax +mov al, byte [ebp + esi*4 - 0x1d] +test al, 0x20 +jne short loc_fffae0ef ; jne 0xfffae0ef +or eax, 0x20 +mov edx, edi +mov byte [ebp + esi*4 - 0x1d], al +mov ecx, dword [ebp + esi*4 - 0x20] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov dword [ebp - 0x50], 1 -loc_fffade85: ; not directly referenced -mov eax, dword [ebp - 0x3c] -mov ebx, dword [ebp - 0x2c] -mov dword [ebp - 0x28], 0 -add eax, ebx -mov dword [ebp - 0x38], eax -mov eax, dword [ebp - 0x20] -lea edi, [esi + eax + 0x1973] +loc_fffae0ef: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffae0a4 ; jne 0xfffae0a4 +xor ecx, ecx +mov edx, 3 +mov eax, ebx +call fcn_fffadf2d ; call 0xfffadf2d +test eax, eax +jne loc_fffae328 ; jne 0xfffae328 +mov edx, dword [ebx + 0x36d8] +cmp edx, 0x320 +jbe short loc_fffae14b ; jbe 0xfffae14b +cmp edx, 0x42b +jbe short loc_fffae14f ; jbe 0xfffae14f +cmp edx, 0x4b0 +jbe short loc_fffae153 ; jbe 0xfffae153 +cmp edx, 0x535 +jbe short loc_fffae157 ; jbe 0xfffae157 +cmp edx, 0x640 +jbe short loc_fffae15b ; jbe 0xfffae15b +mov al, 0x16 +cmp edx, 0x74b +ja loc_fffae328 ; ja 0xfffae328 +mov al, 0x1c +jmp short loc_fffae15d ; jmp 0xfffae15d -loc_fffadea1: ; not directly referenced -cmp dword [ebx], 2 -jne short loc_fffadf1b ; jne 0xfffadf1b -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x28] -mov eax, dword [ebx + eax + 4] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp - 0x38] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x34], eax -cmp ecx, 1 -je short loc_fffaded0 ; je 0xfffaded0 -jb short loc_fffadedc ; jb 0xfffadedc -xor eax, eax -cmp ecx, 3 -jbe short loc_fffadf01 ; jbe 0xfffadf01 -jmp short loc_fffadedc ; jmp 0xfffadedc +loc_fffae14b: ; not directly referenced +mov al, 0x14 +jmp short loc_fffae15d ; jmp 0xfffae15d -loc_fffaded0: ; not directly referenced -movzx eax, word [edi + 0x260] -test ax, ax -jne short loc_fffadf01 ; jne 0xfffadf01 +loc_fffae14f: ; not directly referenced +mov al, 0x16 +jmp short loc_fffae15d ; jmp 0xfffae15d -loc_fffadedc: ; not directly referenced -xor eax, eax -cmp dword [ebx + 0xd5], 2 -jne short loc_fffadf01 ; jne 0xfffadf01 -cmp dword [ebp - 0x24], 0 -movzx edx, word [edi + 0x6a] -je short loc_fffadf01 ; je 0xfffadf01 -imul edx, dword [ebp - 0x34] -mov eax, dword [ebp - 0x24] -lea eax, [eax + edx - 1] -xor edx, edx -div dword [ebp - 0x24] +loc_fffae153: ; not directly referenced +mov al, 0x17 +jmp short loc_fffae15d ; jmp 0xfffae15d -loc_fffadf01: ; not directly referenced -cmp eax, 0x1ff -mov edx, 0x1ff -cmova eax, edx -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffae157: ; not directly referenced +mov al, 0x18 +jmp short loc_fffae15d ; jmp 0xfffae15d -loc_fffadf1b: ; not directly referenced -add dword [ebp - 0x28], 0x20 -add ebx, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x28], 0x40 -jne loc_fffadea1 ; jne 0xfffadea1 -add dword [ebp - 0x20], 0x54a -add dword [ebp - 0x2c], 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffade85 ; jne 0xfffade85 -jmp near loc_fffade47 ; jmp 0xfffade47 +loc_fffae15b: ; not directly referenced +mov al, 0x1a -loc_fffadf55: ; not directly referenced -cmp ecx, 1 -ja short loc_fffadf63 ; ja 0xfffadf63 -cmp byte [esi + 0x3749], 0 -je short loc_fffadf8d ; je 0xfffadf8d +loc_fffae15d: ; not directly referenced +mov byte [ebp - 0x27], al +lea eax, [ebx + 0x3757] +xor edi, edi +mov dword [ebp - 0x2c], eax -loc_fffadf63: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffae16b: ; not directly referenced +mov eax, dword [ebp - 0x2c] +cmp dword [eax], 2 +jne loc_fffae307 ; jne 0xfffae307 +mov dword [ebp - 0x34], 0 -loc_fffadf8d: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffadf55 ; jne 0xfffadf55 -add esp, 0x30 +loc_fffae17e: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov ecx, dword [ebp - 0x34] +mov al, byte [eax + 0xc4] +mov dl, cl +mov esi, eax mov eax, 1 -pop ebx -pop esi -pop edi -pop ebp -ret +shl eax, cl +mov ecx, esi +test cl, al +jne short loc_fffae1a9 ; jne 0xfffae1a9 -fcn_fffadfa3: ; not directly referenced -push ebp -xor ecx, ecx -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x30 -mov esi, dword [ebp + 8] +loc_fffae19b: ; not directly referenced +inc dword [ebp - 0x34] +cmp dword [ebp - 0x34], 4 +jne short loc_fffae17e ; jne 0xfffae17e +jmp near loc_fffae29b ; jmp 0xfffae29b -loc_fffadfb1: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffadfd8 ; ja 0xfffadfd8 -cmp byte [esi + 0x3749], 0 -jne short loc_fffadfd8 ; jne 0xfffadfd8 +loc_fffae1a9: ; not directly referenced +cmp byte [ebp - 0x34], 0 +mov byte [ebp - 0x48], 0 +jne short loc_fffae1d3 ; jne 0xfffae1d3 +cmp byte [ebx + 0x240a], 0 +mov byte [ebp - 0x48], dl +je short loc_fffae1d3 ; je 0xfffae1d3 +mov eax, esi +and eax, 2 +cmp al, 1 +sbb eax, eax +mov dword [ebp - 0x48], eax +and byte [ebp - 0x48], 0xfc +add byte [ebp - 0x48], 7 -loc_fffadfc2: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffadfb1 ; jne 0xfffadfb1 -lea eax, [esi + 0x48e3] -mov ecx, 0xfffffffe -jmp near loc_fffae0d0 ; jmp 0xfffae0d0 +loc_fffae1d3: ; not directly referenced +mov eax, edx +and eax, 1 +mov dword [ebp - 0x38], 0 +mov dword [ebp - 0x4c], eax -loc_fffadfd8: ; not directly referenced -lea eax, [esi + 0x48c9] -mov dword [ebp - 0x2c], eax -imul eax, ecx, 0x2e -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -mov dword [ebp - 0x30], eax -lea eax, [ecx*8 - 0x1173] -mov dword [ebp - 0x3c], eax +loc_fffae1e2: ; not directly referenced +mov eax, dword [ebp - 0x38] +cmp byte [ebx + 0x247c], 0 +movzx edx, byte [ebp + eax*2 - 0x28] +je short loc_fffae21f ; je 0xfffae21f +cmp edx, 6 +ja short loc_fffae20c ; ja 0xfffae20c +imul eax, dword [ebp - 0x4c], 0xc +mov ecx, dword [ebp - 0x2c] +lea eax, [edx + eax + 0x930] +mov al, byte [ecx + eax*2 + 0xb] +jmp short loc_fffae21a ; jmp 0xfffae21a -loc_fffae000: ; not directly referenced -mov eax, dword [ebp - 0x3c] -mov ebx, dword [ebp - 0x2c] -mov dword [ebp - 0x28], 0 -add eax, ebx -mov dword [ebp - 0x38], eax -mov eax, dword [ebp - 0x20] -lea edi, [esi + eax + 0x1973] +loc_fffae20c: ; not directly referenced +imul eax, dword [ebp - 0x4c], 0x18 +mov ecx, dword [ebp - 0x2c] +mov al, byte [ecx + eax + 0x1279] -loc_fffae01c: ; not directly referenced -cmp dword [ebx], 2 -jne short loc_fffae096 ; jne 0xfffae096 -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x28] -mov eax, dword [ebx + eax + 4] -mov dword [ebp - 0x24], eax +loc_fffae21a: ; not directly referenced +mov byte [ebp - 0x2d], al +jmp short loc_fffae269 ; jmp 0xfffae269 + +loc_fffae21f: ; not directly referenced mov eax, dword [ebp - 0x38] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x34], eax -cmp ecx, 1 -je short loc_fffae04b ; je 0xfffae04b -jb short loc_fffae057 ; jb 0xfffae057 -xor eax, eax -cmp ecx, 3 -jbe short loc_fffae07c ; jbe 0xfffae07c -jmp short loc_fffae057 ; jmp 0xfffae057 +cmp eax, 3 +je short loc_fffae22d ; je 0xfffae22d +mov al, byte [ebp + eax*2 - 0x27] +jmp short loc_fffae230 ; jmp 0xfffae230 -loc_fffae04b: ; not directly referenced -movzx eax, word [edi + 0x25e] -test ax, ax -jne short loc_fffae07c ; jne 0xfffae07c +loc_fffae22d: ; not directly referenced +mov al, byte [ebp - 0x48] -loc_fffae057: ; not directly referenced -xor eax, eax -cmp dword [ebx + 0xd5], 2 -jne short loc_fffae07c ; jne 0xfffae07c -cmp dword [ebp - 0x24], 0 -movzx edx, word [edi + 0x68] -je short loc_fffae07c ; je 0xfffae07c -imul edx, dword [ebp - 0x34] -mov eax, dword [ebp - 0x24] -lea eax, [eax + edx - 1] -xor edx, edx -div dword [ebp - 0x24] +loc_fffae230: ; not directly referenced +mov byte [ebp - 0x2d], al +cmp edx, 6 +ja short loc_fffae251 ; ja 0xfffae251 +imul ecx, dword [ebp - 0x4c], 0xc +movzx esi, byte [ebp - 0x2d] +mov eax, dword [ebp - 0x2c] +lea ecx, [edx + ecx + 0x930] +mov word [eax + ecx*2 + 0xb], si +jmp short loc_fffae269 ; jmp 0xfffae269 -loc_fffae07c: ; not directly referenced -cmp eax, 0x1ff -mov edx, 0x1ff -cmova eax, edx -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffae251: ; not directly referenced +cmp edx, 0xb +jne short loc_fffae269 ; jne 0xfffae269 +imul ecx, dword [ebp - 0x4c], 0x18 +movzx esi, byte [ebp - 0x2d] +mov eax, dword [ebp - 0x2c] +mov word [eax + ecx + 0x1279], si -loc_fffae096: ; not directly referenced -add dword [ebp - 0x28], 0x20 -add ebx, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x28], 0x40 -jne loc_fffae01c ; jne 0xfffae01c -add dword [ebp - 0x20], 0x54a -add dword [ebp - 0x2c], 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffae000 ; jne 0xfffae000 -jmp near loc_fffadfc2 ; jmp 0xfffadfc2 +loc_fffae269: ; not directly referenced +push eax +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x34] +push 0 +push eax +mov eax, ebx +push edx +mov edx, edi +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +test eax, eax +jne loc_fffae328 ; jne 0xfffae328 +inc dword [ebp - 0x38] +cmp dword [ebp - 0x38], 4 +jne loc_fffae1e2 ; jne 0xfffae1e2 +jmp near loc_fffae19b ; jmp 0xfffae19b -loc_fffae0d0: ; not directly referenced -cmp ecx, 1 -ja short loc_fffae0de ; ja 0xfffae0de -cmp byte [esi + 0x3749], 0 -je short loc_fffae108 ; je 0xfffae108 +loc_fffae29b: ; not directly referenced +cmp byte [ebx + 0x247e], 0 +jne short loc_fffae2e6 ; jne 0xfffae2e6 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffae2e6 ; jne 0xfffae2e6 +mov eax, edi +shl eax, 8 +add eax, 0x1c20 +mov edx, eax +mov esi, eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +cmp byte [ebx + 0x240a], 1 +sbb edx, edx +not edx +add edx, 3 +and eax, 0xffffffcf +and edx, 3 +shl edx, 4 +or eax, edx +mov edx, esi +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffae0de: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffae2e6: ; not directly referenced +cmp dword [ebp - 0x50], 0 +je short loc_fffae307 ; je 0xfffae307 +and byte [ebp + edi*4 - 0x1d], 0xdf +mov edx, edi +mov ecx, dword [ebp + edi*4 - 0x20] +shl edx, 0xa +mov eax, ebx +add edx, 0x4004 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffae108: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffae0d0 ; jne 0xfffae0d0 -add esp, 0x30 -mov eax, 1 +loc_fffae307: ; not directly referenced +inc edi +add dword [ebp - 0x2c], 0x13c3 +cmp edi, 2 +jne loc_fffae16b ; jne 0xfffae16b +mov byte [ebx + 0x247e], 1 +xor eax, eax +mov byte [ebx + 0x247c], 1 + +loc_fffae328: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffae11e: ; not directly referenced +fcn_fffae330: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x30 - -loc_fffae129: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffae155 ; ja 0xfffae155 -mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -jne short loc_fffae155 ; jne 0xfffae155 - -loc_fffae13d: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffae129 ; jne 0xfffae129 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48e1 -jmp near loc_fffae29a ; jmp 0xfffae29a - -loc_fffae155: ; not directly referenced +sub esp, 0x1c mov ebx, dword [ebp + 8] -imul eax, eax, 0x23 -lea esi, [ecx*8 - 0x1269] -mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x20], 0 -lea edi, [ebx + 0x49bf] -mov dword [ebp - 0x2c], edi -imul edi, ecx, 0x2e -mov dword [ebp - 0x3c], esi -mov dword [ebp - 0x30], eax -mov dword [ebp - 0x34], edi +lea edi, [ebx + 0x3757] -loc_fffae186: ; not directly referenced -mov eax, dword [ebp - 0x3c] -mov esi, dword [ebp - 0x2c] -mov ebx, dword [ebp - 0x20] -mov dword [ebp - 0x24], 0 -add eax, esi -mov dword [ebp - 0x38], eax -mov eax, dword [ebp + 8] -lea edi, [eax + ebx + 0x1973] +loc_fffae349: ; not directly referenced +cmp dword [edi], 2 +je short loc_fffae35f ; je 0xfffae35f -loc_fffae1a5: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffae260 ; jne 0xfffae260 -mov eax, dword [ebp - 0x34] -mov edx, dword [ebp - 0x24] -mov ebx, dword [esi + eax - 0xf2] -mov eax, dword [ebp - 0x38] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x28], eax -cmp ecx, 1 -je short loc_fffae215 ; je 0xfffae215 -jb short loc_fffae221 ; jb 0xfffae221 -cmp ecx, 3 -ja short loc_fffae221 ; ja 0xfffae221 -cmp ecx, 2 -mov dl, byte [esi] -jne short loc_fffae1e8 ; jne 0xfffae1e8 -and dl, 1 -jne short loc_fffae1ef ; jne 0xfffae1ef -xor eax, eax -jmp short loc_fffae246 ; jmp 0xfffae246 +loc_fffae34e: ; not directly referenced +inc dword [ebp - 0x20] +add edi, 0x13c3 +cmp dword [ebp - 0x20], 2 +jne short loc_fffae349 ; jne 0xfffae349 +jmp short loc_fffae3d2 ; jmp 0xfffae3d2 -loc_fffae1e8: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffae246 ; je 0xfffae246 +loc_fffae35f: ; not directly referenced +mov edx, dword [ebp - 0x20] +xor ecx, ecx +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +mov edx, eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, dword [ebp - 0x20] +mov ecx, 0xff +mov esi, eax +mov eax, ebx +call fcn_fffa7236 ; call 0xfffa7236 +or esi, 0x100000 +mov dword [ebp - 0x1c], 0 +mov dword [ebp - 0x24], eax -loc_fffae1ef: ; not directly referenced -mov eax, dword [esi - 0x21] -and eax, 0xfffffffd -dec eax -mov eax, dword [ebp - 0x30] -jne short loc_fffae205 ; jne 0xfffae205 -movzx edx, word [edi + eax + 0x10f] -jmp short loc_fffae20d ; jmp 0xfffae20d +loc_fffae395: ; not directly referenced +mov cl, byte [ebp - 0x1c] +mov eax, 1 +shl eax, cl +test byte [edi + 0xc4], al +je short loc_fffae3c4 ; je 0xfffae3c4 +mov eax, dword [ebp - 0x1c] +and esi, 0xff3fffff +mov edx, dword [ebp - 0x24] +and eax, 3 +shl eax, 0x16 +or esi, eax +mov eax, ebx +mov ecx, esi +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffae205: ; not directly referenced -movzx edx, word [edi + eax + 0x1df] +loc_fffae3c4: ; not directly referenced +inc dword [ebp - 0x1c] +cmp dword [ebp - 0x1c], 4 +jne short loc_fffae395 ; jne 0xfffae395 +jmp near loc_fffae34e ; jmp 0xfffae34e -loc_fffae20d: ; not directly referenced -xor eax, eax -test ebx, ebx -je short loc_fffae246 ; je 0xfffae246 -jmp short loc_fffae23a ; jmp 0xfffae23a +loc_fffae3d2: ; not directly referenced +cmp dword [ebx + 0x3757], 2 +jne short loc_fffae3ee ; jne 0xfffae3ee +movzx ecx, byte [ebx + 0x381b] +mov edx, 0x4192 +mov eax, ebx +call fcn_fffb335b ; call 0xfffb335b -loc_fffae215: ; not directly referenced -movzx eax, word [edi + 0x25c] -test ax, ax -jne short loc_fffae246 ; jne 0xfffae246 +loc_fffae3ee: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffae40a ; jne 0xfffae40a +movzx ecx, byte [ebx + 0x4bde] +mov edx, 0x4592 +mov eax, ebx +call fcn_fffb335b ; call 0xfffb335b -loc_fffae221: ; not directly referenced +loc_fffae40a: ; not directly referenced +mov eax, ebx +mov ecx, 1 +mov edx, 3 +call fcn_fffadf2d ; call 0xfffadf2d +add esp, 0x1c xor eax, eax -test ebx, ebx -je short loc_fffae246 ; je 0xfffae246 -mov eax, dword [esi - 0x21] -and eax, 0xfffffffd -dec eax -jne short loc_fffae236 ; jne 0xfffae236 -movzx edx, word [edi + 0x60] -jmp short loc_fffae23a ; jmp 0xfffae23a - -loc_fffae236: ; not directly referenced -movzx edx, word [edi + 0x66] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffae23a: ; not directly referenced -imul edx, dword [ebp - 0x28] -lea eax, [ebx + edx - 1] -xor edx, edx -div ebx - -loc_fffae246: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 0x1ff -mov ebx, 0x1ff -cmova eax, ebx -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax - -loc_fffae260: ; not directly referenced -add dword [ebp - 0x24], 0x20 -add esi, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x24], 0x40 -jne loc_fffae1a5 ; jne 0xfffae1a5 -add dword [ebp - 0x20], 0x54a -add dword [ebp - 0x2c], 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffae186 ; jne 0xfffae186 -jmp near loc_fffae13d ; jmp 0xfffae13d - -loc_fffae29a: ; not directly referenced -cmp ecx, 1 -ja short loc_fffae2ab ; ja 0xfffae2ab -mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffae2d5 ; je 0xfffae2d5 - -loc_fffae2ab: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx - -loc_fffae2d5: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffae29a ; jne 0xfffae29a -add esp, 0x30 -mov eax, 1 -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffae2eb: ; not directly referenced +fcn_fffae425: ; not directly referenced push ebp mov ebp, esp push edi -xor edi, edi push esi push ebx -sub esp, 0x4c -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] -mov dword [ebp - 0x44], eax - -loc_fffae302: ; not directly referenced -lea eax, [edi - 2] -cmp eax, 1 -ja short loc_fffae32e ; ja 0xfffae32e -mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -jne short loc_fffae32e ; jne 0xfffae32e +sub esp, 0xdc +mov edi, dword [ebp + 0x20] +mov byte [ebp - 0x51], cl +mov esi, dword [ebp + 8] +mov dword [ebp - 0x78], ecx +mov cl, byte [ebp + 0x14] +mov dword [ebp - 0x4c], eax +mov eax, dword [eax + 0x188b] +mov dword [ebp - 0x58], edi +mov edi, dword [ebp + 0x24] +mov ebx, esi +mov byte [ebp - 0xe8], cl +mov cl, byte [ebp + 0x1c] +mov dword [ebp - 0x60], eax +movzx eax, bx +dec eax +mov dword [ebp - 0x50], esi +mov esi, dword [ebp + 0xc] +mov byte [ebp - 0xad], dl +mov byte [ebp - 0x98], cl +mov dword [ebp - 0x5c], edi +mov dword [ebp - 0x45], 0 +mov dword [ebp - 0x41], 0 +mov dword [ebp - 0x3d], 0 +call fcn_fffb396b ; call 0xfffb396b +mov ecx, dword [ebp - 0x78] +lea edx, [esi + 1] +sub edx, eax +test dl, dl +setle bl +cmp cl, 4 +mov byte [ebp - 0x61], al +sete al +or bl, al +jne short loc_fffae4b4 ; jne 0xfffae4b4 +cmp cl, 5 +mov al, 1 +cmove edx, eax +jmp short loc_fffae4b6 ; jmp 0xfffae4b6 -loc_fffae316: ; not directly referenced -inc edi -cmp edi, 4 -jne short loc_fffae302 ; jne 0xfffae302 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48df -jmp near loc_fffae4d9 ; jmp 0xfffae4d9 +loc_fffae4b4: ; not directly referenced +mov dl, 1 -loc_fffae32e: ; not directly referenced -mov ebx, dword [ebp + 8] -imul eax, eax, 0x23 -lea esi, [edi*8 - 0x1269] -mov dword [ebp + edi*4 - 0x28], 0 -mov dword [ebp - 0x34], 0 -add ebx, 0x49bf -mov dword [ebp - 0x3c], ebx -imul ebx, edi, 0x2e -mov dword [ebp - 0x54], esi -mov dword [ebp - 0x40], eax -mov dword [ebp - 0x48], ebx +loc_fffae4b6: ; not directly referenced +mov ebx, dword [ebp - 0x50] +lea ecx, [edx - 1] +movzx esi, byte [ebp - 0x61] +mov dword [ebp - 0x68], 1 +shl dword [ebp - 0x68], cl +mov al, bl +add eax, 0xffffff80 +cmp bx, 0x7f +cmova eax, esi +add ebx, ebx +mov byte [ebp - 0x88], al +lea eax, [ebx - 0x80] +mov byte [ebp - 0x78], al +cmp bx, 0x7f +jbe short loc_fffae4f8 ; jbe 0xfffae4f8 +movzx ebx, bx +lea eax, [ebx - 1] +call fcn_fffb396b ; call 0xfffb396b +mov byte [ebp - 0x78], al -loc_fffae35f: ; not directly referenced -mov eax, dword [ebp - 0x54] -mov esi, dword [ebp - 0x3c] -mov ebx, dword [ebp - 0x34] -mov dword [ebp - 0x38], 0 -add eax, esi -mov dword [ebp - 0x50], eax -mov eax, dword [ebp + 8] -lea eax, [eax + ebx + 0x1973] -mov dword [ebp - 0x30], eax +loc_fffae4f8: ; not directly referenced +mov eax, dword [ebp + 0x18] +mov bx, word [eax] +movzx eax, bx +dec eax +call fcn_fffb396b ; call 0xfffb396b +cmp bx, 0x1f +jbe short loc_fffae518 ; jbe 0xfffae518 +mov esi, dword [ebp + 0x18] +movzx eax, al +mov word [esi], ax +jmp short loc_fffae521 ; jmp 0xfffae521 -loc_fffae381: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffae49e ; jne 0xfffae49e -mov eax, dword [ebp - 0x48] -mov ebx, dword [ebp - 0x38] -mov eax, dword [esi + eax - 0xf2] -mov dword [ebp - 0x2c], eax -mov eax, dword [ebp - 0x50] -mov ecx, dword [eax + ebx + 0xc9] -cmp edi, 1 -je loc_fffae446 ; je 0xfffae446 -jb loc_fffae455 ; jb 0xfffae455 -cmp edi, 3 -ja loc_fffae455 ; ja 0xfffae455 -cmp edi, 2 -mov dl, byte [esi] -jne short loc_fffae3d3 ; jne 0xfffae3d3 -and dl, 1 -jne short loc_fffae3de ; jne 0xfffae3de -xor eax, eax -jmp near loc_fffae484 ; jmp 0xfffae484 +loc_fffae518: ; not directly referenced +mov eax, dword [ebp + 0x18] +add ebx, 0x20 +mov word [eax], bx -loc_fffae3d3: ; not directly referenced -xor eax, eax -and dl, 2 -je loc_fffae484 ; je 0xfffae484 +loc_fffae521: ; not directly referenced +cmp byte [ebp - 0x58], 0 +je short loc_fffae547 ; je 0xfffae547 +mov eax, dword [ebp - 0x4c] +mov edx, 0x4cb0 +call fcn_fffb331f ; call 0xfffb331f +mov edi, eax +mov eax, dword [ebp - 0x5c] +and di, 0xfff +add edi, 0x10 +cmp ax, di +cmovae edi, eax -loc_fffae3de: ; not directly referenced -mov eax, dword [esi - 0x21] -mov ebx, dword [ebp - 0x40] -and eax, 0xfffffffd -dec eax -mov eax, dword [ebp - 0x30] -jne short loc_fffae3f7 ; jne 0xfffae3f7 -movzx edx, word [eax + ebx + 0x10d] -jmp short loc_fffae3ff ; jmp 0xfffae3ff +loc_fffae547: ; not directly referenced +cmp di, 0xff +mov eax, 0xff +cmova edi, eax +mov al, byte [ebp - 0x88] +mov word [ebp - 0xa8], di +mov dword [ebp - 0x50], 0x4960 +mov dword [ebp - 0x5c], 0x4040 +shr al, 7 +mov byte [ebp - 0xc8], al +mov al, byte [ebp - 0x78] +mov dword [ebp - 0x58], 0 +shr al, 7 +mov byte [ebp - 0xd8], al +mov eax, dword [ebp - 0x98] +and eax, 1 +mov dword [ebp - 0xb4], eax -loc_fffae3f7: ; not directly referenced -movzx edx, word [eax + ebx + 0x1dd] +loc_fffae59a: ; not directly referenced +movzx eax, byte [ebp - 0xad] +mov esi, dword [ebp - 0x58] +mov dword [ebp - 0xac], eax +bt eax, esi +jb short loc_fffae5c0 ; jb 0xfffae5c0 +mov eax, dword [ebp - 0x50] +xor ecx, ecx +lea edx, [eax + eax - 0x4a18] +jmp near loc_fffae9a7 ; jmp 0xfffae9a7 -loc_fffae3ff: ; not directly referenced -xor eax, eax -cmp dword [ebp - 0x2c], 0 -je short loc_fffae484 ; je 0xfffae484 -mov eax, dword [ebp - 0x44] -imul edx, edx, 0x3e8 -mov ebx, dword [eax + 0x74] -mov dword [ebp - 0x4c], ebx -push ebx -mov ebx, ecx -push edx -sar ebx, 0x1f -push ebx -xor ebx, ebx -push ecx -call dword [eax + 0x70] ; ucall -mov ecx, dword [ebp - 0x2c] -mov dword [esp], 0 -push ebx -xor ebx, ebx -push ecx -mov ecx, dword [ebp - 0x2c] -dec ecx -add eax, ecx -adc edx, ebx -mov ebx, dword [ebp - 0x4c] -push edx -push eax -call ebx -add esp, 0x20 -jmp short loc_fffae484 ; jmp 0xfffae484 +loc_fffae5c0: ; not directly referenced +mov eax, dword [ebp - 0x5c] +movzx ecx, byte [ebp - 0xb4] +lea edx, [eax + 0x158] +mov eax, dword [ebp - 0x4c] +call fcn_fffb335b ; call 0xfffb335b +cmp byte [ebp - 0x98], 0 +je short loc_fffae5f9 ; je 0xfffae5f9 +mov edx, dword [ebp - 0x58] +sub esp, 0xc +mov ecx, 7 +mov eax, dword [ebp - 0x4c] +push 8 +call fcn_fffaca06 ; call 0xfffaca06 +add esp, 0x10 -loc_fffae446: ; not directly referenced -mov eax, dword [ebp - 0x30] -movzx eax, word [eax + 0x25a] -test ax, ax -jne short loc_fffae484 ; jne 0xfffae484 +loc_fffae5f9: ; not directly referenced +cmp byte [ebp - 0x51], 5 +ja short loc_fffae611 ; ja 0xfffae611 +movzx eax, byte [ebp - 0x51] +mov dl, byte [eax + ref_fffd38f8] ; mov dl, byte [eax - 0x2c708] +mov al, byte [eax + ref_fffd38f0] ; mov al, byte [eax - 0x2c710] +jmp short loc_fffae615 ; jmp 0xfffae615 -loc_fffae455: ; not directly referenced +loc_fffae611: ; not directly referenced xor eax, eax -cmp dword [ebp - 0x2c], 0 -je short loc_fffae484 ; je 0xfffae484 -cmp dword [esi - 0x21], 3 -mov eax, 0x3b8260 -mov ebx, 0x7704c0 -mov ecx, 0x3e8 -cmove ebx, eax -mov eax, dword [ebp - 0x2c] -xor edx, edx -div ecx xor edx, edx -mov ecx, eax -lea eax, [ebx + eax - 1] -div ecx - -loc_fffae484: ; not directly referenced -cmp eax, 0xffff -mov edx, 0xffff -cmovbe edx, eax -mov eax, dword [ebp + edi*4 - 0x28] -cmp edx, eax -cmovb edx, eax -mov dword [ebp + edi*4 - 0x28], edx - -loc_fffae49e: ; not directly referenced -add dword [ebp - 0x38], 0x20 -add esi, 0x128 -add dword [ebp - 0x30], 0x277 -cmp dword [ebp - 0x38], 0x40 -jne loc_fffae381 ; jne 0xfffae381 -add dword [ebp - 0x34], 0x54a -add dword [ebp - 0x3c], 0x13c3 -cmp dword [ebp - 0x34], 0xa94 -jne loc_fffae35f ; jne 0xfffae35f -jmp near loc_fffae316 ; jmp 0xfffae316 - -loc_fffae4d9: ; not directly referenced -cmp ecx, 1 -ja short loc_fffae4ea ; ja 0xfffae4ea -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffae514 ; je 0xfffae514 - -loc_fffae4ea: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x20] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx - -loc_fffae514: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffae4d9 ; jne 0xfffae4d9 -lea esp, [ebp - 0xc] -mov eax, 1 -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffae52a: -push ebp -mov ebp, esp -sub esp, 0x14 -mov ecx, dword [eax + 0x2443] -add edx, dword [eax + 0x18c5] -inc dword [eax + 0x36a4] -push edx -call dword [ecx + 0x20] ; ucall -leave -ret - -fcn_fffae548: -push ebp -mov ebp, esp -sub esp, 0x14 -mov ecx, dword [eax + 0x2443] -add edx, dword [eax + 0x18c5] -inc dword [eax + 0x36a4] -push edx -call dword [ecx + 0x24] ; ucall -leave -ret -fcn_fffae566: ; not directly referenced -push ebp -mov ebp, esp -push ebx -sub esp, 0xc -mov ebx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] +loc_fffae615: ; not directly referenced +and edx, 7 +and eax, 7 +mov bl, byte [ebp - 0x51] +shl edx, 0x18 +xor edi, edi +mov ecx, dword [ebp - 0x50] +shl eax, 0x1c +or eax, edx +and ah, 0xcf +mov edx, eax +mov eax, dword [ebp - 0x4c] +or dh, 0x18 +cmp byte [eax + 0x247b], 0 +setne al +movzx eax, al +shl eax, 7 +or eax, edx +mov edx, eax +or edx, 0x20 +cmp bl, 6 +mov ebx, dword [ebp - 0x4c] +cmove eax, edx +mov esi, eax +mov eax, edi +and eax, 0xfffffc00 +or eax, 2 +mov edi, eax +cmp dword [ebp - 0x60], 1 +lea eax, [ecx + 0x20] +lea edx, [ecx + 0x40] +mov ecx, dword [ebp - 0x68] +cmovne edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, ebx push ecx -add edx, dword [eax + 0x18c5] -push edx -call dword [ebx + 0x28] ; ucall -add esp, 0x10 -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffae58c: ; not directly referenced -push ebp -mov ebp, esp -push ebx -sub esp, 0xc -mov ebx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] push ecx -add edx, dword [eax + 0x18c5] -push edx -call dword [ebx + 0x30] ; ucall -add esp, 0x10 -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffae5b2: ; not directly referenced -push ebp -mov ebp, esp +mov ecx, dword [ebp - 0x50] push edi push esi -push ebx -mov ebx, ref_fffd363c ; mov ebx, 0xfffd363c -sub esp, 0x1c -mov edi, dword [ebp + 8] -mov dword [ebp - 0x20], eax -mov eax, dword [eax + 0x188b] -mov byte [ebp - 0x21], cl -mov dword [ebp - 0x28], edx -mov esi, dword [edi] -mov dword [ebp - 0x1c], eax - -loc_fffae5d7: ; not directly referenced -mov al, byte [ebx + 4] -and eax, 1 -cmp eax, dword [ebp - 0x28] -jne short loc_fffae62b ; jne 0xfffae62b -movzx edi, word [ebx] -sub edi, esi - -loc_fffae5e7: ; not directly referenced -movzx eax, word [ebx + 2] -lea edx, [esi + edi] -cmp edx, eax -ja short loc_fffae62b ; ja 0xfffae62b -cmp dword [ebp - 0x1c], 0 -jne short loc_fffae5fe ; jne 0xfffae5fe -test byte [ebx + 4], 2 -jmp short loc_fffae608 ; jmp 0xfffae608 +lea edx, [ecx + ecx - 0x4a18] +call fcn_fffb3506 ; call 0xfffb3506 +mov ecx, dword [ebp - 0x50] +mov eax, ebx +lea edx, [ecx - 0xa8] +mov ecx, 4 +call fcn_fffb335b ; call 0xfffb335b +mov edx, dword [ebp - 0xc8] +add esp, 0x10 +mov eax, dword [ebp - 0x88] +mov esi, dword [ebp - 0x78] +mov ecx, dword [ebp - 0xd8] +and edx, 1 +mov bl, byte [ebp - 0x51] +shl edx, 7 +and eax, 0x7f +or eax, edx +mov edx, dword [ebp - 0xa8] +and esi, 0x7f +or eax, 0x8000000 +and ecx, 1 +shl ecx, 7 +and edx, 0x3fff +shl edx, 8 +or eax, edx +mov edx, eax +and edx, 0x83fff00 +or edx, esi +or edx, ecx +cmp bl, 4 +je short loc_fffae71d ; je 0xfffae71d +cmp bl, 5 +je short loc_fffae763 ; je 0xfffae763 +cmp bl, 3 +jne loc_fffae7a5 ; jne 0xfffae7a5 +mov dword [ebp - 0x38], edx +mov byte [ebp - 0x39], 1 +or byte [ebp - 0x36], 0xc0 +and byte [ebp - 0x35], 0xfc +jmp near loc_fffae7c7 ; jmp 0xfffae7c7 -loc_fffae5fe: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffae626 ; jne 0xfffae626 -test byte [ebx + 4], 4 +loc_fffae71d: ; not directly referenced +mov dword [ebp - 0x38], eax +mov cl, byte [ebp - 0x36] +and byte [ebp - 0x35], 0xfc +and ecx, 0x3f +or ecx, 0x40 +mov byte [ebp - 0x36], cl +mov ecx, 1 -loc_fffae608: ; not directly referenced -je short loc_fffae626 ; je 0xfffae626 -cmp byte [ebp - 0x21], 1 -jne short loc_fffae61c ; jne 0xfffae61c -mov eax, dword [ebp - 0x20] -call fcn_fffae52a ; call 0xfffae52a -mov dword [esi], eax -jmp short loc_fffae626 ; jmp 0xfffae626 +loc_fffae735: ; not directly referenced +mov dword [ebp + ecx*4 - 0x38], edx +mov bl, byte [ebp + ecx*4 - 0x36] +and byte [ebp + ecx*4 - 0x35], 0xfc +and ebx, 0x3f +or ebx, 0xffffff80 +mov byte [ebp + ecx*4 - 0x36], bl +inc ecx +cmp ecx, 7 +jne short loc_fffae735 ; jne 0xfffae735 +mov dword [ebp - 0x1c], eax +mov byte [ebp - 0x39], 0xff +and byte [ebp - 0x1a], 0x3f +and byte [ebp - 0x19], 0xfc +jmp short loc_fffae7c7 ; jmp 0xfffae7c7 -loc_fffae61c: ; not directly referenced -mov ecx, dword [esi] -mov eax, dword [ebp - 0x20] -call fcn_fffae58c ; call 0xfffae58c +loc_fffae763: ; not directly referenced +mov dword [ebp - 0x38], eax +mov cl, byte [ebp - 0x36] +mov dword [ebp - 0x34], edx +mov dword [ebp - 0x30], eax +mov dword [ebp - 0x2c], edx +and ecx, 0x3f +or ecx, 0x40 +mov byte [ebp - 0x36], cl +mov cl, byte [ebp - 0x32] +and byte [ebp - 0x35], 0xfc +and byte [ebp - 0x31], 0xfc +and byte [ebp - 0x2e], 0x3f +and ecx, 0x3f +or ecx, 0xffffff80 +mov byte [ebp - 0x32], cl +and byte [ebp - 0x2d], 0xfc +or byte [ebp - 0x2a], 0xc0 +and byte [ebp - 0x29], 0xfc +mov byte [ebp - 0x39], 0xf +jmp short loc_fffae7c7 ; jmp 0xfffae7c7 -loc_fffae626: ; not directly referenced -add esi, 4 -jmp short loc_fffae5e7 ; jmp 0xfffae5e7 +loc_fffae7a5: ; not directly referenced +mov dword [ebp - 0x38], eax +mov dl, byte [ebp - 0x36] +mov dword [ebp - 0x34], eax +and byte [ebp - 0x35], 0xfc +and byte [ebp - 0x32], 0x3f +and byte [ebp - 0x31], 0xfc +and edx, 0x3f +or edx, 0x40 +mov byte [ebp - 0x36], dl +mov byte [ebp - 0x39], 3 -loc_fffae62b: ; not directly referenced -add ebx, 5 -cmp ebx, ref_fffd3e70 ; cmp ebx, 0xfffd3e70 -jne short loc_fffae5d7 ; jne 0xfffae5d7 -mov eax, dword [ebp + 8] -mov dword [eax], esi -add esp, 0x1c -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffae7c7: ; not directly referenced +imul eax, dword [ebp - 0x58], 0x28 +xor ebx, ebx +lea edi, [ebp - 0x39] +lea esi, [eax + 0x4808] +sub edi, eax -fcn_fffae645: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -lea ecx, [eax + 0x1c] -mov dword [edx + 0x1b8], ecx -add edx, 0x1b8 -mov ecx, 1 -mov dword [ebp + 8], edx -xor edx, edx -pop ebp -jmp near fcn_fffae5b2 ; jmp 0xfffae5b2 +loc_fffae7d8: ; not directly referenced +movzx eax, byte [ebp - 0x39] +bt eax, ebx +jb loc_fffae8ab ; jb 0xfffae8ab -fcn_fffae670: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, eax -sub esp, 0x1c -mov esi, dword [ebx + 0x2443] -mov dword [ebp - 0x24], edx -mov byte [ebp - 0x1d], dl -call dword [esi + 0x54] ; ucall -mov ecx, 5 -mov edx, 0x4800 -add eax, 0x2710 -mov dword [ebp - 0x1c], eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffae6a3: ; not directly referenced -mov edx, 0x4804 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov cl, byte [ebp - 0x1d] -mov edx, eax -mov edi, eax -shr edx, 0x10 -shr eax, 0x10 -and edx, 2 -and eax, 1 +loc_fffae7e5: ; not directly referenced +lea eax, [ebp - 0x3d] +mov esi, dword [ebp - 0x4c] +push edx +mov ecx, dword [ebp + 0x10] +push eax +mov edx, dword [ebp - 0x58] +lea eax, [ebp - 0x41] +push eax +lea eax, [ebp - 0x45] +push eax +mov eax, dword [ebp + 0x10] +add eax, 0x24 +push eax +mov eax, dword [ebp + 0x10] +add eax, 0x14 +push eax +mov eax, dword [ebp + 0x10] +add eax, 0x10 +push eax +mov eax, dword [ebp + 0x10] +add eax, 8 +push eax +mov eax, esi +call fcn_fffacc8a ; call 0xfffacc8a +mov eax, dword [ebp + 0x18] +add esp, 0x20 +mov edi, dword [ebp + 0x18] +movzx ecx, byte [eax + 6] +movzx eax, byte [eax + 2] +mov dx, word [edi] +and ecx, 0x3f +and eax, 0x3f +shl eax, 8 +mov ebx, edx +shl ecx, 0x10 +and ebx, 0x1f +or ecx, eax +mov eax, dword [ebp - 0x5c] +shr dx, 5 +or ecx, ebx +and edx, 1 +shl edx, 5 +or ecx, edx +lea edx, [eax + 0x1c0] +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp + 0x18] +mov dl, byte [eax + 0xa] +cmp dl, 2 +sete al +cmp dl, 4 +sete dl or eax, edx -and eax, ecx -cmp al, cl -jne short loc_fffae6ce ; jne 0xfffae6ce -xor eax, eax -jmp short loc_fffae6db ; jmp 0xfffae6db +cmp al, 1 +mov al, byte [ebp - 0x51] +sbb ecx, ecx +and ecx, 2 +movzx ecx, cl +sub eax, 4 +or ecx, 0x8090 +cmp al, 1 +ja short loc_fffae8ce ; ja 0xfffae8ce +mov al, byte [ebp - 0x61] +and ecx, 0xf8c0ffff +inc eax +and eax, 7 +shl eax, 0x18 +or ecx, eax +or ecx, 0x10000 +jmp short loc_fffae8ce ; jmp 0xfffae8ce -loc_fffae6ce: ; not directly referenced -call dword [esi + 0x54] ; ucall -cmp dword [ebp - 0x1c], eax -ja short loc_fffae6a3 ; ja 0xfffae6a3 -mov eax, 0x12 +loc_fffae8ab: ; not directly referenced +mov ecx, dword [edi + esi - 0x4807] +mov edx, esi +inc ebx +mov eax, dword [ebp - 0x4c] +add esi, 4 +call fcn_fffb3381 ; call 0xfffb3381 +cmp ebx, 8 +jne loc_fffae7d8 ; jne 0xfffae7d8 +jmp near loc_fffae7e5 ; jmp 0xfffae7e5 -loc_fffae6db: ; not directly referenced -mov edx, edi -mov ecx, edi -and edx, 2 -and ecx, 1 -or ecx, edx -mov edx, 0x14 -test byte [ebp - 0x24], cl -cmovne eax, edx -add esp, 0x1c +loc_fffae8ce: ; not directly referenced +mov edi, dword [ebp - 0x4c] +mov esi, dword [ebp - 0x5c] +mov eax, edi +mov edx, esi +call fcn_fffb3381 ; call 0xfffb3381 +xor ecx, ecx +mov eax, edi +lea edx, [esi + 0x44] +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp - 0xe8] +mov eax, edi +lea edx, [esi + 0x58] +and ecx, 3 +shl ecx, 0xc +or ecx, 0xffff0001 +call fcn_fffb3381 ; call 0xfffb3381 +lea edx, [esi + 0x98] +push eax +push eax +mov eax, edi +push 0 +push 0 +call fcn_fffb3506 ; call 0xfffb3506 +xor ecx, ecx +mov eax, edi +lea edx, [esi + 0x5c] +call fcn_fffb335b ; call 0xfffb335b +add esp, 0x10 +cmp byte [edi + 0x247b], 0 +je short loc_fffae9af ; je 0xfffae9af +mov eax, dword [ebp - 0x50] +mov ecx, 0xfc +lea edx, [eax - 8] +mov eax, dword [ebp - 0x4c] +call fcn_fffb335b ; call 0xfffb335b +cmp dword [ebp - 0x60], 1 +jne short loc_fffae95c ; jne 0xfffae95c +mov eax, dword [ebp - 0x50] +mov ecx, 0xff +lea edx, [eax - 7] +mov eax, dword [ebp - 0x4c] +call fcn_fffb335b ; call 0xfffb335b + +loc_fffae95c: ; not directly referenced +mov eax, dword [ebp - 0x4c] +movzx ebx, word [eax + 0x248a] +test bx, bx +je short loc_fffae97f ; je 0xfffae97f +mov eax, 0x9c40 +cdq +idiv ebx +mov ecx, eax +mov eax, 0x30d40 +cdq +idiv ebx +jmp short loc_fffae989 ; jmp 0xfffae989 + +loc_fffae97f: ; not directly referenced +mov eax, 0xff +mov ecx, 0xff + +loc_fffae989: ; not directly referenced +mov ebx, ecx +movzx ecx, cl +mov edx, dword [ebp - 0x50] +shl ebx, 8 +and ebx, 0xff00 +shl ecx, 0x10 +shl eax, 0x18 +or ecx, ebx +or ecx, eax +or ecx, 2 + +loc_fffae9a7: ; not directly referenced +mov eax, dword [ebp - 0x4c] +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffae9af: ; not directly referenced +inc dword [ebp - 0x58] +add dword [ebp - 0x5c], 0x400 +add dword [ebp - 0x50], 4 +cmp dword [ebp - 0x58], 2 +jne loc_fffae59a ; jne 0xfffae59a +mov edx, dword [ebp - 0xac] +mov ecx, 2 +mov eax, dword [ebp - 0x4c] +call fcn_fffadf2d ; call 0xfffadf2d +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffae6fa: ; not directly referenced +fcn_fffae9e2: ; not directly referenced push ebp +movzx edx, dl mov ebp, esp push edi -mov edi, 0x1ff push esi -mov esi, 0x2800 +mov esi, ecx push ebx +mov ecx, 0xb +sub esp, 0x4c mov ebx, eax -sub esp, 0x10 -mov dword [ebp - 0x1c], edx -imul edx, dword [eax + 0x18a7], 0x2e -imul eax, dword [ebp - 0x1c], 0x13c3 -lea eax, [edx + eax + 0x3740] -lea edx, [ebx + eax + 0x1a] -movzx eax, word [edx + 0x12] -cmp word [edx + 0x14], 0x1ff -cmovbe di, word [edx + 0x14] -movzx ecx, ax -imul eax, eax, 0x59 -and edi, 0x1ff -shl edi, 0x10 -cdq -idiv esi -mov esi, dword [ebp - 0x1c] -mov edx, 0x7f -cmp eax, 0x7f -cmovbe edx, eax -add esp, 0x10 -shl edx, 0x19 -or ecx, edi -shl esi, 0xa -or ecx, edx +lea edi, [ebp - 0x44] +xor eax, eax +rep stosd ; rep stosd dword es:[edi], eax +lea eax, [ebp - 0x4f] +push 0 +push 0 +push 0 +push eax +movzx eax, byte [ebp + 8] +mov word [ebp - 0x36], 0x3ff +mov dword [ebp - 0x30], 0x20 +push eax +lea eax, [ebp - 0x44] +push eax mov eax, ebx -lea edx, [esi + 0x4298] +push esi +push 0x80 +mov word [ebp - 0x20], 1 +mov word [ebp - 0x1a], 1 +mov word [ebp - 0x4f], 4 +mov dword [ebp - 0x4d], 0 +mov dword [ebp - 0x49], 7 +mov byte [ebp - 0x45], 0 +call fcn_fffae425 ; call 0xfffae425 +lea edx, [esi - 7] +add esp, 0x20 +mov al, 1 +test dl, dl +cmovg eax, edx +mov byte [ebx + 0x248d], al +mov byte [ebx + 0x248c], 0 +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c +ret -fcn_fffae778: ; not directly referenced -mov dl, byte [eax + 0x1907] +fcn_fffaea71: ; not directly referenced push ebp mov ebp, esp +push edi push esi -mov esi, 0x80 -test dl, dl -movzx ecx, dl -cmovne esi, ecx -movzx ecx, byte [eax + 0x1906] +mov esi, ref_fffd38bc ; mov esi, 0xfffd38bc push ebx -cmp cl, 6 -sete bl -cmp cl, 1 -setbe dl -or bl, dl -jne short loc_fffae7ba ; jne 0xfffae7ba -xor ecx, ecx -cmp dword [eax + 0x2480], 3 -setne cl -lea ecx, [ecx*4 + 2] +mov ebx, eax +sub esp, 0x5c +mov edi, dword [ebp + 8] +mov eax, edx +mov dword [ebp - 0x5c], edx +mov edx, dword [ebp + 0xc] +mov dword [ebp - 0x60], ecx +mov ecx, 0xb +mov word [ebp - 0x4f], 4 +mov dword [ebp - 0x64], edi +lea edi, [ebp - 0x44] +mov dword [ebp - 0x4d], 0 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov esi, 1 +mov dword [ebp - 0x49], 9 +mov byte [ebp - 0x45], 2 +test al, 1 +je short loc_fffaead8 ; je 0xfffaead8 +mov al, dl +and al, byte [ebx + 0x381b] +mov dword [ebp - 0x68], edx +movzx eax, al +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x68] +test al, al +cmovne esi, eax -loc_fffae7ba: ; not directly referenced -and ecx, 0xf -mov edx, 0x4cb0 -shl ecx, 0xc +loc_fffaead8: ; not directly referenced +test byte [ebp - 0x5c], 2 +je short loc_fffaeaf3 ; je 0xfffaeaf3 +and dl, byte [ebx + 0x4bde] +movzx eax, dl +call fcn_fffb38d9 ; call 0xfffb38d9 +mov ecx, esi +cmp cl, al +cmovb esi, eax + +loc_fffaeaf3: ; not directly referenced +cmp dword [ebx + 0x2481], 1 +je short loc_fffaeb0e ; je 0xfffaeb0e +mov ecx, esi +mov al, 4 +cmp cl, 4 +cmovbe eax, esi +movzx eax, al +shl eax, 5 +jmp short loc_fffaeb13 ; jmp 0xfffaeb13 + +loc_fffaeb0e: ; not directly referenced +mov eax, 0x80 + +loc_fffaeb13: ; not directly referenced +push 0 +mov edi, dword [ebp - 0x60] +movzx eax, ax +push 0 +movzx edx, byte [ebp - 0x5c] +push 1 +lea ecx, [ebp - 0x4f] +push ecx +movzx ecx, byte [ebp - 0x64] +push ecx +lea ecx, [ebp - 0x44] +push ecx +xor ecx, ecx +push edi +push eax +mov eax, ebx +call fcn_fffae425 ; call 0xfffae425 +mov edx, edi +add esp, 0x20 +sub edx, 4 +mov al, 1 +test dl, dl +cmovg eax, edx +mov byte [ebx + 0x248d], al +mov byte [ebx + 0x248c], 2 +lea esp, [ebp - 0xc] pop ebx -or ecx, esi pop esi +pop edi pop ebp -jmp near fcn_fffae58c ; jmp 0xfffae58c - -fcn_fffae7cf: ; not directly referenced -push ebp -mov ebp, esp -sub esp, 0xc -mov ecx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] -push dword [ebp + 0xc] -push dword [ebp + 8] -add edx, dword [eax + 0x18c5] -push edx -call dword [ecx + 0x34] ; ucall -add esp, 0x10 -leave ret -fcn_fffae7f6: ; not directly referenced +fcn_fffaeb5f: ; not directly referenced push ebp +mov ecx, 0xb mov ebp, esp push edi -push esi push ebx -sub esp, 0x2c -mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x2443] -cmp dword [ebx + 0x188b], 1 -mov dword [ebp - 0x24], eax -je loc_fffae9e4 ; je 0xfffae9e4 +mov ebx, eax +lea edi, [ebp - 0x8c] +xor eax, eax +sub esp, 0x90 +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0x60] +mov word [ebp - 0x82], 0xf +mov word [ebp - 0x66], 1 +mov word [ebp - 0x97], 1 +mov dword [ebp - 0x95], 0 +mov dword [ebp - 0x91], 3 +mov cl, 0xb +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0x34] +mov word [ebp - 0x52], 0x3ff +mov dword [ebp - 0x4c], 0x20 +mov word [ebp - 0x3c], 1 +mov word [ebp - 0x36], 1 +mov byte [ebp - 0x8d], 0 +mov cl, 0xb +rep stosd ; rep stosd dword es:[edi], eax +mov eax, dword [ebx + 0x2481] +mov word [ebp - 0x32], 4 +mov word [ebp - 0x2a], 4 +cmp eax, 3 +je short loc_fffaebfb ; je 0xfffaebfb +dec eax +lea ecx, [ebp - 0x8c] +lea eax, [ebp - 0x60] +cmovne eax, ecx +jmp short loc_fffaebfe ; jmp 0xfffaebfe -loc_fffae818: ; not directly referenced -mov edx, 0x5030 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5030 -or al, 0x89 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov ecx, 0x8f -mov edx, 0x50fc -mov eax, ebx -mov esi, dword [ebx + 0x2443] -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebx + 0x18b5], 0 -je loc_fffaeac9 ; je 0xfffaeac9 -mov edi, dword [ebx + 0x18c1] -push 0xa0 -push 0 -push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add edi, eax -mov dword [esp], edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 -push eax -push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0xbc -push 0 -push 0 +loc_fffaebfb: ; not directly referenced +lea eax, [ebp - 0x34] + +loc_fffaebfe: ; not directly referenced push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 -push eax -push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0xa8 +movzx edx, dl push 0 push 0 +lea ecx, [ebp - 0x97] +push ecx +mov ecx, 2 push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 push eax +mov eax, ebx +push 0xa +push 0x80 +call fcn_fffae425 ; call 0xfffae425 +add esp, 0x20 +mov byte [ebx + 0x248d], 1 +mov byte [ebx + 0x248c], 0 +lea esp, [ebp - 8] +pop ebx +pop edi +pop ebp +ret + +fcn_fffaec3c: ; not directly referenced +push ebp +xor eax, eax +mov ebp, esp +mov ecx, 0xb push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0x90 -push 0 +push esi +push ebx +lea edi, [ebp - 0x1f4] +sub esp, 0x270 +rep stosd ; rep stosd dword es:[edi], eax +mov eax, dword [ebp + 8] +lea edx, [ebp - 0x217] +mov word [ebp - 0x1e6], 0x3ff +mov word [ebp - 0x1ca], 1 +mov word [ebp - 0x1ff], 0x20 +mov esi, dword [eax + 0x5edd] +mov al, byte [eax + 0x248f] +mov dword [ebp - 0x1fd], 0 +mov dword [ebp - 0x1f9], 9 +mov byte [ebp - 0x1f5], 0 +mov byte [ebp - 0x22c], al +mov eax, dword [ebp + 8] +mov al, byte [eax + 0x248e] +mov byte [ebp - 0x230], al +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x18a7] +mov dword [ebp - 0x234], eax +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x188b] +mov dword [ebp - 0x260], eax +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 2 +sete al +movzx eax, al +mov dword [ebp - 0x250], eax +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x2444] +push 1 +push 7 +push edx +call dword [eax + 0x5c] ; ucall +mov eax, dword [ebp + 8] +add esp, 0x10 +mov eax, dword [eax + 0x1887] +cmp eax, 0x40650 +je short loc_fffaed68 ; je 0xfffaed68 +ja short loc_fffaed18 ; ja 0xfffaed18 +cmp eax, 0x306d0 +jmp short loc_fffaed24 ; jmp 0xfffaed24 + +loc_fffaed18: ; not directly referenced +cmp eax, 0x40660 +je short loc_fffaed32 ; je 0xfffaed32 +cmp eax, 0x40670 + +loc_fffaed24: ; not directly referenced +jne short loc_fffaed4d ; jne 0xfffaed4d +mov dword [ebp - 0x248], 0x7f +jmp short loc_fffaed72 ; jmp 0xfffaed72 + +loc_fffaed32: ; not directly referenced +mov dword [ebp - 0x248], 0x3f +mov ebx, 0x19 +mov dword [ebp - 0x240], 0x14 +jmp short loc_fffaed81 ; jmp 0xfffaed81 + +loc_fffaed4d: ; not directly referenced +mov dword [ebp - 0x248], 0x3f +mov ebx, 0x15 +mov dword [ebp - 0x240], 0x10 +jmp short loc_fffaed81 ; jmp 0xfffaed81 + +loc_fffaed68: ; not directly referenced +mov dword [ebp - 0x248], 0x3f + +loc_fffaed72: ; not directly referenced +mov dword [ebp - 0x240], 0x12 +mov ebx, 0x17 + +loc_fffaed81: ; not directly referenced +push 8 +movzx edx, byte [ebp - 0x22c] +mov ecx, 2 push 0 push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 +lea eax, [ebp - 0x1ff] push eax -push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0x98 -push 0 push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 +lea eax, [ebp - 0x1f4] push eax -push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0xb0 -push 0 -push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 -push eax -push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0xb4 -push 0 -push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 -push eax -push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0x78 -push 0 -push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or ah, 4 -push eax -push edi -call dword [esi + 0x30] ; ucall -mov edi, dword [ebx + 0x18c1] -push 0x50 -push 0 -push 0 -push 0 -call dword [esi + 0x4c] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [esi + 0x20] ; ucall -pop edx -pop ecx -or eax, 1 -push eax -push edi -call dword [esi + 0x30] ; ucall -mov edx, 0x5880 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -movzx edx, byte [ebx + 0x192a] -and edx, 1 -shl edx, 5 -and eax, 0xffffffdf -or eax, edx -mov edx, 0x5880 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -add esp, 0x10 -jmp near loc_fffaeac9 ; jmp 0xfffaeac9 +mov eax, dword [ebp + 8] +push 7 +push 2 +shl ebx, 0x10 +call fcn_fffae425 ; call 0xfffae425 +lea eax, [esi + 0x1c] +add esp, 0x20 +mov dword [ebp - 0x264], eax +xor esi, esi +mov dword [ebp - 0x22c], eax +mov dword [ebp - 0x238], ebx -loc_fffae9e4: ; not directly referenced -cmp byte [ebx + 0x36a8], 0 -je loc_fffae818 ; je 0xfffae818 -cmp byte [ebx + 0x3704], 0 -je short loc_fffaea2e ; je 0xfffaea2e -push eax -mov esi, dword [ebp - 0x24] -xor edx, edx -push 0x14 -mov eax, dword [ebx + 0x3711] -push edx -push eax -call dword [esi + 0x68] ; ucall -add esp, 0xc -push 0x14 -mov dword [ebp - 0x28], eax -mov eax, dword [ebx + 0x3705] -mov dword [ebp - 0x2c], edx -xor edx, edx -push edx -push eax -call dword [esi + 0x68] ; ucall -add esp, 0x10 -mov ecx, eax -mov edi, edx -jmp short loc_fffaea40 ; jmp 0xfffaea40 +loc_fffaedcc: ; not directly referenced +imul eax, esi, 0x13c3 +mov edi, dword [ebp + 8] +xor ebx, ebx +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffaee75 ; jne 0xfffaee75 -loc_fffaea2e: ; not directly referenced -xor ecx, ecx -xor edi, edi -mov dword [ebp - 0x28], 0 -mov dword [ebp - 0x2c], 0 +loc_fffaede5: ; not directly referenced +mov eax, dword [ebp + 8] +cmp bl, byte [eax + 0x2489] +jae short loc_fffaee19 ; jae 0xfffaee19 +mov eax, dword [ebp + 8] +movzx edi, bl +mov edx, esi +mov ecx, edi +inc ebx +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0x22c] +mov ecx, dword [ecx + edi*4 + 0x28] +mov edx, eax +mov eax, dword [ebp + 8] +or ecx, 0x40 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaede5 ; jmp 0xfffaede5 -loc_fffaea40: ; not directly referenced -xor esi, esi +loc_fffaee19: ; not directly referenced +mov ecx, 0xff +mov edx, esi +call fcn_fffa7236 ; call 0xfffa7236 +mov edi, eax +mov eax, dword [ebp - 0x22c] +mov ebx, dword [eax] +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 3 +jne short loc_fffaee4a ; jne 0xfffaee4a +and ebx, 0xefffffff +mov edx, edi +mov ecx, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffaea42: ; not directly referenced -movzx eax, byte [ebx + 0x36a8] -cmp esi, eax -jae loc_fffae818 ; jae 0xfffae818 -mov eax, dword [ebx + esi*8 + 0x36a9] -mov edx, dword [ebx + esi*8 + 0x36ad] -cmp byte [ebx + 0x3704], 0 -mov dword [ebp - 0x20], eax -mov dword [ebp - 0x1c], edx -je short loc_fffaea8e ; je 0xfffaea8e -cmp edx, dword [ebp - 0x2c] -ja short loc_fffaea8e ; ja 0xfffaea8e -jb short loc_fffaea7a ; jb 0xfffaea7a -cmp eax, dword [ebp - 0x28] -jae short loc_fffaea8e ; jae 0xfffaea8e +loc_fffaee4a: ; not directly referenced +mov eax, dword [ebp + 8] +or ebx, 0x1000004 +mov edx, edi +mov ecx, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 +mov ecx, dword [ebp - 0x238] +mov edx, esi +mov eax, dword [ebp + 8] +shl edx, 0xa +add edx, 0x4028 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaea7a: ; not directly referenced -cmp edx, edi -jb short loc_fffaea8e ; jb 0xfffaea8e -ja short loc_fffaea84 ; ja 0xfffaea84 -cmp eax, ecx -jb short loc_fffaea8e ; jb 0xfffaea8e +loc_fffaee75: ; not directly referenced +inc esi +add dword [ebp - 0x22c], 0xcc +cmp esi, 2 +jne loc_fffaedcc ; jne 0xfffaedcc +imul eax, dword [ebp - 0x234], 0x2e +mov dword [ebp - 0x22c], 0 +mov dword [ebp - 0x26c], eax +movzx eax, byte [ebp - 0x230] +mov dword [ebp - 0x274], eax +mov eax, dword [ebp + 8] +add eax, 0x3757 +mov dword [ebp - 0x234], eax -loc_fffaea84: ; not directly referenced -mov eax, dword [ebp - 0x1c] -or eax, 0x40000000 -jmp short loc_fffaea96 ; jmp 0xfffaea96 +loc_fffaeebb: ; not directly referenced +mov edi, dword [ebp - 0x22c] +mov esi, dword [ebp - 0x274] +mov eax, edi +bt esi, edi +jb short loc_fffaef02 ; jb 0xfffaef02 -loc_fffaea8e: ; not directly referenced -mov eax, dword [ebp - 0x1c] -and eax, 0xbfffffff +loc_fffaeece: ; not directly referenced +inc dword [ebp - 0x22c] +cmp dword [ebp - 0x22c], 4 +jne short loc_fffaeebb ; jne 0xfffaeebb +mov eax, dword [ebp + 8] +mov edi, dword [ebp - 0x264] +mov dword [ebp - 0x22c], 0 +add eax, 0x3757 +mov dword [ebp - 0x234], eax +mov esi, eax +jmp near loc_fffaf927 ; jmp 0xfffaf927 -loc_fffaea96: ; not directly referenced -mov dword [ebp - 0x1c], eax -mov eax, dword [ebp - 0x1c] -lea edx, [esi*8 + 0x50b0] -mov dword [ebp - 0x30], ecx -inc esi -or eax, 0x80000000 -mov dword [ebp - 0x1c], eax -push eax -push eax -mov eax, ebx -push dword [ebp - 0x1c] -push dword [ebp - 0x20] -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 -mov ecx, dword [ebp - 0x30] -jmp near loc_fffaea42 ; jmp 0xfffaea42 +loc_fffaef02: ; not directly referenced +mov esi, dword [ebp - 0x22c] +and eax, 1 +mov dword [ebp - 0x23c], 1 +mov dword [ebp - 0x238], 0 +mov byte [ebp - 0x254], 0 +mov ecx, esi +shl dword [ebp - 0x23c], cl +mov bl, byte [ebp - 0x23c] +mov dword [ebp - 0x24c], eax +mov byte [ebp - 0x230], bl +mov ebx, esi +shr bl, 1 +movzx esi, bl +mov byte [ebp - 0x265], bl +mov ebx, dword [ebp - 0x234] +mov dword [ebp - 0x244], esi -loc_fffaeac9: ; not directly referenced -mov eax, dword [ebp - 0x24] -call dword [eax + 0x54] ; ucall -lea esi, [eax + 0x2710] +loc_fffaef59: ; not directly referenced +mov ecx, dword [ebp - 0x23c] +mov edx, dword [ebp - 0x238] +mov eax, dword [ebp + 8] +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x254], al +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +je loc_fffaf0b2 ; je 0xfffaf0b2 +mov eax, dword [ebp - 0x22c] +mov edx, 0 +mov byte [ebx + eax + 0x1011], 0 +mov eax, dword [ebp + 8] +movzx eax, byte [eax + 0x36e8] +cmp al, 1 +cmovbe eax, edx +cmp dword [ebp - 0x260], 1 +jne short loc_fffaefd1 ; jne 0xfffaefd1 +mov esi, dword [ebp + 8] +cmp dword [esi + 0x36e4], 1 +jne short loc_fffaefc7 ; jne 0xfffaefc7 +imul eax, eax, 0x64 +mov ecx, 0x85 +cdq +idiv ecx -loc_fffaead5: ; not directly referenced -mov edx, 0x5030 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -test al, 0x20 -jne short loc_fffaeaf6 ; jne 0xfffaeaf6 -mov eax, dword [ebp - 0x24] -call dword [eax + 0x54] ; ucall -cmp esi, eax -ja short loc_fffaead5 ; ja 0xfffaead5 -mov eax, 1 -jmp short loc_fffaeb74 ; jmp 0xfffaeb74 +loc_fffaefc7: ; not directly referenced +cmp al, 2 +lea edx, [eax - 2] +mov al, 0 +cmovae eax, edx -loc_fffaeaf6: ; not directly referenced -xor eax, eax -cmp dword [ebx + 0x1887], 0x306d0 -je short loc_fffaeb30 ; je 0xfffaeb30 -mov ecx, eax -mov edx, 0x14000000 -and ecx, 0xe00fffff -mov dl, 0xa0 -or ecx, 0x5a00000 -and ecx, 0xfff00fff -or ecx, 0x24000 -and ecx, 0xfffff00f -or ecx, 0x4f -jmp short loc_fffaeb5d ; jmp 0xfffaeb5d +loc_fffaefd1: ; not directly referenced +mov esi, dword [ebp + 8] +cmp dword [esi + 0x2481], 3 +mov esi, dword [ebp - 0x26c] +movzx esi, word [ebx + esi + 0xa] +jne short loc_fffaf01d ; jne 0xfffaf01d +mov edi, dword [ebp + 8] +movzx edx, al +add esi, esi +mov ecx, 4 +movzx edi, word [edi + 0x248a] +add edi, edi +cmp al, 5 +cmovae ecx, edx +xor edx, edx +lea eax, [edi + 0x157b] +div edi +mov edi, dword [ebp - 0x240] +lea edx, [edi + eax + 1] +add esi, edx +add esi, ecx +jmp short loc_fffaf038 ; jmp 0xfffaf038 -loc_fffaeb30: ; not directly referenced -mov ecx, eax -mov edx, 0x14000000 -and ecx, 0xe00fffff -mov dl, 0xa0 -or ecx, 0x8200000 -and ecx, 0xfff00fff -or ecx, 0x5a000 -and ecx, 0xfffff00f -or ecx, 0x32f +loc_fffaf01d: ; not directly referenced +add esi, esi +movzx ecx, al +cmp al, 5 +mov eax, dword [ebp - 0x240] +mov edx, 4 +cmovae edx, ecx +lea esi, [eax + esi + 5] +add esi, edx -loc_fffaeb5d: ; not directly referenced -mov eax, ecx -push ecx -push ecx +loc_fffaf038: ; not directly referenced +mov eax, dword [ebp - 0x248] +mov edi, dword [ebp - 0x22c] +cmp esi, eax +cmova esi, eax +mov eax, dword [ebp - 0x238] +mov ecx, esi +shl eax, 0xa +lea edx, [edi + eax + 0x4024] +mov eax, dword [ebp + 8] +call fcn_fffb335b ; call 0xfffb335b +mov eax, esi +cmp dword [ebp - 0x250], 0 +mov byte [ebx + edi + 0x1015], al +je short loc_fffaf0b2 ; je 0xfffaf0b2 +imul edx, dword [ebp - 0x24c], 0x18 +imul eax, dword [ebp - 0x244], 0x128 +mov ecx, dword [ebp - 0x23c] +add eax, edx +mov ax, word [ebx + eax + 0x1273] push edx -mov edx, 0x5d10 +push edx +mov edx, dword [ebp - 0x238] +or ah, 4 +movzx eax, ax push eax -mov eax, ebx -call fcn_fffae7cf ; call 0xfffae7cf +mov eax, dword [ebp + 8] +push 4 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -xor eax, eax - -loc_fffaeb74: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret -fcn_fffaeb7c: ; not directly referenced -push ebp -mov ebp, esp -push ebx -sub esp, 0xc -mov ebx, dword [eax + 0x2443] -inc dword [eax + 0x36a0] -push ecx -add edx, dword [eax + 0x18c5] -push edx -call dword [ebx + 0x30] ; ucall -add esp, 0x10 -mov ebx, dword [ebp - 4] -leave -ret +loc_fffaf0b2: ; not directly referenced +inc dword [ebp - 0x238] +add ebx, 0x13c3 +cmp dword [ebp - 0x238], 2 +jne loc_fffaef59 ; jne 0xfffaef59 +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x36d8] +cmp eax, 0x320 +je short loc_fffaf116 ; je 0xfffaf116 +cmp eax, 0x42b +ja short loc_fffaf12a ; ja 0xfffaf12a +mov eax, dword [ebp + 8] +mov esi, 0x198 +cmp dword [eax + 0x2481], 3 +mov eax, 0x158 +cmovne eax, esi +mov esi, 0x118 +mov word [ebp - 0x23c], ax +mov eax, 0xd8 +cmovne eax, esi +mov word [ebp - 0x238], ax +jmp short loc_fffaf13c ; jmp 0xfffaf13c -fcn_fffaeba2: ; not directly referenced -push ebp -mov edx, eax -mov ebp, esp -xor eax, eax +loc_fffaf116: ; not directly referenced +mov word [ebp - 0x23c], 0x158 +mov word [ebp - 0x238], 0xd8 +jmp short loc_fffaf13c ; jmp 0xfffaf13c -loc_fffaeba9: ; not directly referenced -test edx, edx -je short loc_fffaebb5 ; je 0xfffaebb5 -lea ecx, [edx - 1] -inc eax -and edx, ecx -jmp short loc_fffaeba9 ; jmp 0xfffaeba9 +loc_fffaf12a: ; not directly referenced +mov word [ebp - 0x23c], 0x198 +mov word [ebp - 0x238], 0x118 -loc_fffaebb5: ; not directly referenced -pop ebp -ret +loc_fffaf13c: ; not directly referenced +mov eax, dword [ebp - 0x238] +mov word [ebp - 0x244], ax +movzx eax, word [ebp - 0x23c] +sub eax, 8 +mov dword [ebp - 0x270], eax -fcn_fffaebb7: ; not directly referenced -push ebp -xor ecx, ecx -mov ebp, esp -push ebx -mov ebx, 0xa9e +loc_fffaf159: ; not directly referenced +movzx edi, word [ebp - 0x244] +xor ebx, ebx -loc_fffaebc2: ; not directly referenced -cmp eax, 0x10f -jbe short loc_fffaebd8 ; jbe 0xfffaebd8 -imul eax, eax, 0x3e8 -xor edx, edx -add ecx, 0x64 -div ebx -jmp short loc_fffaebc2 ; jmp 0xfffaebc2 +loc_fffaf162: ; not directly referenced +imul eax, ebx, 0x13c3 +mov esi, dword [ebp + 8] +mov cl, byte [ebp - 0x230] +test byte [esi + eax + 0x381b], cl +je short loc_fffaf17e ; je 0xfffaf17e +xor esi, esi +jmp short loc_fffaf1c3 ; jmp 0xfffaf1c3 -loc_fffaebd8: ; not directly referenced -imul edx, eax, 0xfffffff0 -mov ebx, 0x2710 -add edx, 0x2d3a -imul edx, eax -lea eax, [edx - 0xeefac] -xor edx, edx -div ebx -pop ebx -pop ebp -add eax, ecx -ret +loc_fffaf17e: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffaf162 ; jne 0xfffaf162 +movzx eax, byte [ebp - 0x254] +xor ecx, ecx +xor esi, esi +push edi +push 0 +push 1 +mov edx, eax +mov dword [ebp - 0x258], eax +lea eax, [ebp - 0x217] +push eax +mov eax, dword [ebp + 8] +call fcn_fffaa5b3 ; call 0xfffaa5b3 +movzx ebx, word [ebp - 0x244] +add esp, 0x10 +lea eax, [ebx - 8] +mov dword [ebp - 0x25c], eax +jmp near loc_fffaf27a ; jmp 0xfffaf27a -fcn_fffaebf8: ; not directly referenced -push ebp -mov ecx, 0x12 -mov ebp, esp -xor edx, edx +loc_fffaf1c3: ; not directly referenced +mov ecx, dword [ebp + 8] +mov eax, esi +cmp al, byte [ecx + 0x2489] +jae short loc_fffaf17e ; jae 0xfffaf17e +push eax +mov eax, esi +mov ecx, dword [ebp - 0x22c] push edi -push esi -mov esi, ref_fffd3628 ; mov esi, 0xfffd3628 -sub esp, 0x20 -lea edi, [ebp - 0x1a] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -lea ecx, [eax + eax] +movzx eax, al +push 0 +mov edx, ebx +push eax +mov eax, dword [ebp + 8] +inc esi +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +jmp short loc_fffaf1c3 ; jmp 0xfffaf1c3 -loc_fffaec14: ; not directly referenced -cmp eax, 8 -jbe short loc_fffaec26 ; jbe 0xfffaec26 -mov ecx, eax -add edx, 0xa -shr ecx, 2 -shr eax, 3 -jmp short loc_fffaec14 ; jmp 0xfffaec14 +loc_fffaf1f0: ; not directly referenced +movzx edi, byte [ebp - 0x24c] +mov edx, esi +mov eax, dword [ebp + 8] +mov ecx, edi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x238] +cmp eax, 0x1f +seta al +movzx eax, al +cmp word [ebp - 0x244], cx +jne loc_fffaf2e4 ; jne 0xfffaf2e4 +test eax, eax +je short loc_fffaf29b ; je 0xfffaf29b +lea eax, [esi + esi*8] +add edi, eax +mov dword [ebp + edi*4 - 0x180], ebx +mov dword [ebp + edi*4 - 0x1c8], ebx +mov dword [ebp + edi*4 - 0xf0], ebx +mov dword [ebp + edi*4 - 0x138], ebx +mov dword [ebp + edi*4 - 0x60], ebx +mov dword [ebp + edi*4 - 0xa8], ebx -loc_fffaec26: ; not directly referenced -movzx eax, byte [ebp + ecx - 0x1a] -add esp, 0x20 -pop esi -pop edi -pop ebp -add eax, edx -ret +loc_fffaf259: ; not directly referenced +inc byte [ebp - 0x24c] -fcn_fffaec34: ; not directly referenced -cmp eax, 0xffffffff -je short loc_fffaec5c ; je 0xfffaec5c -push ebp -xor ecx, ecx -mov ebp, esp -xor edx, edx -push edi -push esi -push ebx -mov ebx, 1 +loc_fffaf25f: ; not directly referenced +mov edi, dword [ebp + 8] +mov al, byte [ebp - 0x24c] +cmp al, byte [edi + 0x2489] +jb short loc_fffaf1f0 ; jb 0xfffaf1f0 -loc_fffaec48: ; not directly referenced -mov edi, ebx -shl edi, cl -lea esi, [ecx + 1] -test edi, eax -cmovne edx, esi -inc ecx -cmp ecx, 0x20 -jne short loc_fffaec48 ; jne 0xfffaec48 -jmp short loc_fffaec61 ; jmp 0xfffaec61 +loc_fffaf270: ; not directly referenced +inc esi +cmp esi, 2 +je loc_fffaf3ab ; je 0xfffaf3ab -loc_fffaec5c: ; not directly referenced -xor edx, edx -mov al, dl -ret +loc_fffaf27a: ; not directly referenced +imul eax, esi, 0x13c3 +mov edi, dword [ebp + 8] +mov cl, byte [ebp - 0x230] +test byte [edi + eax + 0x381b], cl +je short loc_fffaf270 ; je 0xfffaf270 +mov byte [ebp - 0x24c], 0 +jmp short loc_fffaf25f ; jmp 0xfffaf25f -loc_fffaec61: ; not directly referenced -pop ebx -mov al, dl -pop esi -pop edi -pop ebp -ret +loc_fffaf29b: ; not directly referenced +lea eax, [esi + esi*8] +add edi, eax +mov dword [ebp + edi*4 - 0x180], 0xfffffff8 +mov dword [ebp + edi*4 - 0x1c8], 0xfffffff8 +mov dword [ebp + edi*4 - 0xf0], 0xfffffff8 +mov dword [ebp + edi*4 - 0x138], 0xfffffff8 +mov dword [ebp + edi*4 - 0x60], 0xfffffff8 +mov dword [ebp + edi*4 - 0xa8], 0xfffffff8 +jmp near loc_fffaf259 ; jmp 0xfffaf259 -fcn_fffaec68: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x10 -mov bl, byte [ebp + 8] -mov byte [ebp - 0xe], bl -mov bl, byte [ebp + 0xc] -mov byte [ebp - 0xf], bl -mov bl, byte [ebp + 0x10] -cmp cl, 0xff -je short loc_fffaec8d ; je 0xfffaec8d -lea edi, [ecx + 1] -mov byte [ebp - 0xd], cl -jmp short loc_fffaec96 ; jmp 0xfffaec96 +loc_fffaf2e4: ; not directly referenced +test eax, eax +je loc_fffaf259 ; je 0xfffaf259 +lea eax, [esi + esi*8] +mov ecx, dword [ebp - 0x25c] +add eax, edi +cmp dword [ebp + eax*4 - 0x180], ecx +jne short loc_fffaf307 ; jne 0xfffaf307 +mov dword [ebp + eax*4 - 0x180], ebx -loc_fffaec8d: ; not directly referenced -mov edi, 4 -mov byte [ebp - 0xd], 0 +loc_fffaf307: ; not directly referenced +lea eax, [esi + esi*8] +mov ecx, dword [ebp - 0x25c] +add eax, edi +cmp dword [ebp + eax*4 - 0xf0], ecx +mov dword [ebp + eax*4 - 0xf0], ebx +je short loc_fffaf329 ; je 0xfffaf329 +mov dword [ebp + eax*4 - 0x138], ebx -loc_fffaec96: ; not directly referenced -imul edx, edx, 0x13c3 -lea esi, [eax + edx + 0x3756] -add eax, edx -mov dword [ebp - 0x14], esi -mov dword [ebp - 0x1c], eax +loc_fffaf329: ; not directly referenced +cmp ebx, dword [ebp - 0x270] +jl short loc_fffaf378 ; jl 0xfffaf378 +lea eax, [esi + esi*8] +movzx edx, word [ebp - 0x238] +add eax, edi +mov ecx, dword [ebp + eax*4 - 0x1c8] +cmp ecx, edx +jne short loc_fffaf378 ; jne 0xfffaf378 +mov edx, dword [ebp + eax*4 - 0x180] +cmp edx, ebx +je short loc_fffaf378 ; je 0xfffaf378 +mov edi, ebx +sub edi, dword [ebp + eax*4 - 0x138] +mov dword [ebp + eax*4 - 0x60], edx +sub ecx, edi +sub ecx, 8 +mov dword [ebp + eax*4 - 0x1c8], ecx +mov dword [ebp + eax*4 - 0xa8], ecx +jmp near loc_fffaf259 ; jmp 0xfffaf259 -loc_fffaecab: ; not directly referenced -mov eax, edi -cmp byte [ebp - 0xd], al -jae short loc_fffaed27 ; jae 0xfffaed27 -mov cl, byte [ebp - 0xd] +loc_fffaf378: ; not directly referenced +lea eax, [esi + esi*8] +mov ecx, ebx +add edi, eax +mov edx, dword [ebp + edi*4 - 0x138] +mov eax, dword [ebp + edi*4 - 0x60] +sub eax, dword [ebp + edi*4 - 0xa8] +sub ecx, edx +cmp ecx, eax +jle loc_fffaf259 ; jle 0xfffaf259 +mov dword [ebp + edi*4 - 0xa8], edx +mov dword [ebp + edi*4 - 0x60], ebx +jmp near loc_fffaf259 ; jmp 0xfffaf259 + +loc_fffaf3ab: ; not directly referenced +add word [ebp - 0x244], 8 +mov eax, dword [ebp - 0x23c] +cmp word [ebp - 0x244], ax +jb loc_fffaf159 ; jb 0xfffaf159 +movzx eax, word [ebp - 0x23c] +xor edi, edi +mov ebx, dword [ebp - 0x234] +mov dword [ebp - 0x254], eax +imul eax, dword [ebp - 0x22c], 9 +mov dword [ebp - 0x25c], eax + +loc_fffaf3e8: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +jne short loc_fffaf459 ; jne 0xfffaf459 + +loc_fffaf3f6: ; not directly referenced +inc edi +add ebx, 0x13c3 +cmp edi, 2 +jne short loc_fffaf3e8 ; jne 0xfffaf3e8 +mov eax, dword [ebp + 8] +mov bl, byte [ebp - 0x265] +mov word [ebp - 0x220], 0x1ff +mov word [ebp - 0x21e], 0x1ff +movzx ecx, byte [eax + 0x2489] mov eax, 1 -mov esi, dword [ebp - 0x1c] -movzx edx, cl shl eax, cl -test byte [esi + 0x381a], al -je short loc_fffaed22 ; je 0xfffaed22 -movzx eax, byte [ebp - 0xe] -lea edx, [edx + edx*8] -add edx, dword [ebp - 0x14] -add eax, edx -cmp byte [ebp - 0xf], 0 -mov dl, byte [eax + 0x104a] -mov al, byte [eax + 0x106e] -jne short loc_fffaecf4 ; jne 0xfffaecf4 -cmp al, dl -cmova eax, edx -cmp bl, al -cmova ebx, eax -jmp short loc_fffaed22 ; jmp 0xfffaed22 +dec eax +mov word [ebp - 0x244], ax +lea eax, [ebx + ebx] +movzx eax, al +mov dword [ebp - 0x23c], eax +inc eax +mov dword [ebp - 0x238], eax +movzx eax, bl +add eax, 0x4028 +mov dword [ebp - 0x25c], eax +jmp near loc_fffaf572 ; jmp 0xfffaf572 -loc_fffaecf4: ; not directly referenced -movzx ecx, dl -movzx esi, bl -mov dword [ebp - 0x18], ecx -mov ecx, 0x3f -sub ecx, dword [ebp - 0x18] -cmp esi, ecx -jle short loc_fffaed0d ; jle 0xfffaed0d -mov bl, 0x3f -sub ebx, edx +loc_fffaf459: ; not directly referenced +lea eax, [edi + edi*8] +mov byte [ebp - 0x238], 0 +mov dword [ebp - 0x24c], eax -loc_fffaed0d: ; not directly referenced -movzx esi, al -mov edx, 0x3f -movzx ecx, bl -sub edx, esi -cmp ecx, edx -jle short loc_fffaed22 ; jle 0xfffaed22 -mov bl, 0x3f -sub ebx, eax +loc_fffaf469: ; not directly referenced +mov esi, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [esi + 0x2489] +jae loc_fffaf3f6 ; jae 0xfffaf3f6 +movzx ecx, byte [ebp - 0x238] +mov eax, dword [ebp - 0x24c] +add eax, ecx +mov esi, dword [ebp + eax*4 - 0x60] +mov eax, dword [ebp + eax*4 - 0xa8] +mov dword [ebp - 0x23c], esi +mov dword [ebp - 0x244], eax +add eax, esi +mov esi, 2 +cdq +idiv esi +mov esi, dword [ebp - 0x23c] +sub esi, dword [ebp - 0x244] +cmp eax, dword [ebp - 0x254] +jle short loc_fffaf4d8 ; jle 0xfffaf4d8 +mov edx, dword [ebp + 8] +cmp byte [edx + 0x1965], 0 +je short loc_fffaf4d8 ; je 0xfffaf4d8 -loc_fffaed22: ; not directly referenced -inc byte [ebp - 0xd] -jmp short loc_fffaecab ; jmp 0xfffaecab +loc_fffaf4ce: ; not directly referenced +mov eax, 7 +jmp near loc_fffafdfb ; jmp 0xfffafdfb -loc_fffaed27: ; not directly referenced -add esp, 0x10 -mov al, bl -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaf4d8: ; not directly referenced +sub esi, 0x21 +cmp esi, 0x3e +jbe short loc_fffaf4ec ; jbe 0xfffaf4ec +mov esi, dword [ebp + 8] +cmp byte [esi + 0x1965], 0 +jne short loc_fffaf4ce ; jne 0xfffaf4ce -fcn_fffaed31: -push ebp -mov ebp, esp -push edi +loc_fffaf4ec: ; not directly referenced +mov esi, dword [ebp - 0x25c] +lea edx, [ecx + esi + 0xd8] +mov word [ebx + edx*2 + 1], ax +mov eax, dword [ebp + 8] +mov edx, edi push esi -push ebx -mov ebx, edx -sub esp, 0x10 -mov edi, dword [ebp + 8] -mov esi, dword [eax + 0x2443] -mov eax, 0x5f5e100 -test edi, edi -cmovne eax, edi -xor edx, edx -mov edi, 0x186a0 -div edi -dec ecx -mov edx, 0x3b9aca00 -mov ecx, 0x4f790d55 -cmovne edx, ecx -push edx -xor edx, edx -push edx -push eax -call dword [esi + 0x70] ; ucall -add esp, 0xc -push ebx -push edx -push eax -call dword [esi + 0x70] ; ucall +push 0 +push 0xff +push ecx +mov ecx, dword [ebp - 0x22c] +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 +inc byte [ebp - 0x238] +jmp near loc_fffaf469 ; jmp 0xfffaf469 + +loc_fffaf525: ; not directly referenced +push ebx +mov edx, dword [ebp - 0x258] xor ecx, ecx -mov ebx, edx -or ebx, eax -je short loc_fffaed9b ; je 0xfffaed9b -sub esp, 0xc push 0 -push edx +xor ebx, ebx +push 1 +lea eax, [ebp - 0x217] push eax -push 0x8ac72304 -push 0x89e80000 -call dword [esi + 0x74] ; ucall -add esp, 0x20 -mov ecx, eax - -loc_fffaed9b: -lea esp, [ebp - 0xc] -mov eax, ecx -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffaeda5: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -xor esi, esi -push ebx -sub esp, 0x4c -mov ebx, dword [ebp + 8] -lea eax, [ebx + 0x3756] -mov dword [ebp - 0x4c], eax -lea eax, [ebx + 0x2407] -mov dword [ebp - 0x58], eax +mov eax, dword [ebp + 8] +call fcn_fffaa5b3 ; call 0xfffaa5b3 +mov esi, dword [ebp - 0x234] +add esp, 0x10 -loc_fffaedc5: ; not directly referenced -lea eax, [esi - 2] -cmp eax, 1 -ja short loc_fffaedf0 ; ja 0xfffaedf0 -cmp byte [ebx + 0x3749], 0 -jne short loc_fffaedf0 ; jne 0xfffaedf0 +loc_fffaf54c: ; not directly referenced +mov al, byte [ebp - 0x230] +xor edi, edi +mov word [ebp + ebx*2 - 0x220], 0 +test byte [esi + 0xc4], al +jne short loc_fffaf5b7 ; jne 0xfffaf5b7 -loc_fffaedd6: ; not directly referenced -inc esi -add dword [ebp - 0x4c], 8 -cmp esi, 4 -jne short loc_fffaedc5 ; jne 0xfffaedc5 -lea eax, [ebx + 0x48cd] -mov ecx, 0xfffffffe -jmp near loc_fffaef89 ; jmp 0xfffaef89 +loc_fffaf566: ; not directly referenced +inc ebx +add esi, 0x13c3 +cmp ebx, 2 +jne short loc_fffaf54c ; jne 0xfffaf54c -loc_fffaedf0: ; not directly referenced -lea eax, [ebx + 0x49bf] -mov edi, dword [ebp - 0x4c] -mov dword [ebp - 0x44], eax -lea eax, [ebx + 0x1973] -mov dword [ebp - 0x34], eax -imul eax, esi, 0x23 -mov dword [ebp + esi*4 - 0x28], 0 -mov dword [ebp - 0x48], edi -lea edi, [eax + 0x18b] -add eax, 0xbb -mov dword [ebp - 0x50], edi -mov dword [ebp - 0x54], eax +loc_fffaf572: ; not directly referenced +cmp word [ebp - 0x220], 0 +je loc_fffaf6bf ; je 0xfffaf6bf +jmp short loc_fffaf525 ; jmp 0xfffaf525 -loc_fffaee24: ; not directly referenced -mov eax, dword [ebp - 0x44] -mov edi, dword [ebp - 0x34] -mov dword [ebp - 0x38], 0 -mov dword [ebp - 0x2c], eax +loc_fffaf582: ; not directly referenced +mov eax, edi +mov edx, ebx +movzx ecx, al +mov eax, dword [ebp + 8] +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +and eax, 0x1ff +cmp eax, 0x1f +jle short loc_fffaf5b6 ; jle 0xfffaf5b6 +mov eax, 1 +mov ecx, edi +shl eax, cl +or word [ebp + ebx*2 - 0x220], ax -loc_fffaee34: ; not directly referenced -mov eax, dword [ebp - 0x2c] -cmp dword [eax - 0xf6], 2 -jne loc_fffaef48 ; jne 0xfffaef48 -mov eax, dword [ebp - 0x48] -mov ecx, dword [ebp - 0x38] -mov edx, dword [eax + ecx + 0xc9] -mov eax, dword [eax + ecx + 0xcd] -mov dword [ebp - 0x3c], edx -mov dword [ebp - 0x40], eax -cmp esi, 1 -je short loc_fffaeed2 ; je 0xfffaeed2 -jb loc_fffaef03 ; jb 0xfffaef03 -cmp esi, 3 -ja loc_fffaef03 ; ja 0xfffaef03 -mov eax, dword [ebp - 0x2c] -cmp esi, 2 -mov dl, byte [eax] -jne short loc_fffaee88 ; jne 0xfffaee88 -and dl, 1 -jne short loc_fffaee93 ; jne 0xfffaee93 -xor eax, eax -jmp near loc_fffaef3b ; jmp 0xfffaef3b +loc_fffaf5b6: ; not directly referenced +inc edi -loc_fffaee88: ; not directly referenced -xor eax, eax -and dl, 2 -je loc_fffaef3b ; je 0xfffaef3b +loc_fffaf5b7: ; not directly referenced +mov ecx, dword [ebp + 8] +mov eax, edi +cmp al, byte [ecx + 0x2489] +jb short loc_fffaf582 ; jb 0xfffaf582 +mov dx, word [ebp + ebx*2 - 0x220] +cmp dx, word [ebp - 0x244] +je short loc_fffaf5ef ; je 0xfffaf5ef -loc_fffaee93: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov ecx, dword [ebp - 0x54] -mov edx, dword [eax - 0x21] -add ecx, edi -mov dword [ebp - 0x30], ecx -mov ecx, dword [ebp - 0x50] -and edx, 0xfffffffd -add ecx, edi -dec edx -cmove ecx, dword [ebp - 0x30] -xor edx, edx -cmp byte [eax + 1], 0x13 -mov dword [ebp - 0x30], ecx -movzx ecx, byte [ecx + 1] -jne short loc_fffaeec4 ; jne 0xfffaeec4 -mov eax, dword [ebp - 0x30] -movsx edx, byte [eax + 0x1a] +loc_fffaf5d5: ; not directly referenced +movzx eax, dx +xor edi, edi +mov dword [ebp - 0x24c], eax +imul eax, dword [ebp - 0x22c], 9 +mov dword [ebp - 0x254], eax +jmp short loc_fffaf65a ; jmp 0xfffaf65a -loc_fffaeec4: ; not directly referenced -mov eax, dword [ebp - 0x40] -imul ecx, dword [ebp - 0x3c] -imul eax, edx -add eax, ecx -jmp short loc_fffaef2e ; jmp 0xfffaef2e +loc_fffaf5ef: ; not directly referenced +mov eax, dword [ebp - 0x22c] +mov al, byte [esi + eax + 0x1011] +cmp al, 0xd +ja short loc_fffaf5d5 ; ja 0xfffaf5d5 +mov edi, dword [ebp - 0x22c] +add eax, 2 +mov edx, ebx +shl edx, 0xa +add edx, dword [ebp - 0x25c] +mov byte [esi + edi + 0x1011], al +mov eax, dword [ebp - 0x238] +movzx ecx, byte [esi + eax + 0x1011] +mov eax, dword [ebp - 0x23c] +shl ecx, 4 +add cl, byte [esi + eax + 0x1011] +mov eax, dword [ebp + 8] +movzx ecx, cl +call fcn_fffb335b ; call 0xfffb335b +jmp near loc_fffaf566 ; jmp 0xfffaf566 -loc_fffaeed2: ; not directly referenced -movzx edx, byte [ebx + 0x1876] -test dl, dl -je short loc_fffaef03 ; je 0xfffaef03 -sub esp, 0xc -mov ecx, dword [ebx + 0x36e3] -mov eax, ebx -push dword [ebx + 0x187b] -call fcn_fffaed31 ; call 0xfffaed31 -mov edx, dword [ebx + 0x36db] -add esp, 0x10 -cmp eax, edx -cmovb eax, edx -jmp short loc_fffaef3b ; jmp 0xfffaef3b +loc_fffaf649: ; not directly referenced +mov ecx, dword [ebp - 0x24c] +mov eax, edi +movzx eax, al +bt ecx, edi +jb short loc_fffaf66c ; jb 0xfffaf66c -loc_fffaef03: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov eax, dword [eax - 0x21] -and eax, 0xfffffffd -dec eax -jne short loc_fffaef19 ; jne 0xfffaef19 -movzx eax, byte [edi + 0x54] -movsx edx, byte [edi + 0x6a] -jmp short loc_fffaef24 ; jmp 0xfffaef24 +loc_fffaf659: ; not directly referenced +inc edi -loc_fffaef19: ; not directly referenced -movzx eax, byte [edi + 0x5a] -movsx edx, byte [edi + 0xc5] +loc_fffaf65a: ; not directly referenced +mov ecx, dword [ebp + 8] +mov eax, edi +cmp al, byte [ecx + 0x2489] +jb short loc_fffaf649 ; jb 0xfffaf649 +jmp near loc_fffaf566 ; jmp 0xfffaf566 -loc_fffaef24: ; not directly referenced -imul eax, dword [ebp - 0x3c] -imul edx, dword [ebp - 0x40] -add eax, edx +loc_fffaf66c: ; not directly referenced +mov ecx, dword [ebp - 0x254] +lea edx, [eax + ecx] +lea edx, [esi + edx*2] +mov cx, word [edx + 0x1b1] +cmp cx, 0x7f +jbe short loc_fffaf691 ; jbe 0xfffaf691 +add ecx, 0xffffff80 +mov word [edx + 0x1b1], cx +jmp short loc_fffaf6a1 ; jmp 0xfffaf6a1 -loc_fffaef2e: ; not directly referenced -cmp eax, dword [ebx + 0x36db] -cmovb eax, dword [ebx + 0x36db] +loc_fffaf691: ; not directly referenced +mov ecx, dword [ebp + 8] +cmp byte [ecx + 0x1965], 0 +jne loc_fffaf4ce ; jne 0xfffaf4ce -loc_fffaef3b: ; not directly referenced -mov edx, dword [ebp + esi*4 - 0x28] -cmp eax, edx -cmovb eax, edx -mov dword [ebp + esi*4 - 0x28], eax +loc_fffaf6a1: ; not directly referenced +push ecx +mov ecx, dword [ebp - 0x22c] +mov edx, ebx +push 0 +push 0xff +push eax +mov eax, dword [ebp + 8] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +jmp short loc_fffaf659 ; jmp 0xfffaf659 -loc_fffaef48: ; not directly referenced -add dword [ebp - 0x38], 0x20 -add edi, 0x277 -add dword [ebp - 0x2c], 0x128 -cmp dword [ebp - 0x38], 0x40 -jne loc_fffaee34 ; jne 0xfffaee34 -add dword [ebp - 0x34], 0x54a -mov eax, dword [ebp - 0x58] -add dword [ebp - 0x44], 0x13c3 -add dword [ebp - 0x48], 0x13c3 -cmp dword [ebp - 0x34], eax -jne loc_fffaee24 ; jne 0xfffaee24 -jmp near loc_fffaedd6 ; jmp 0xfffaedd6 +loc_fffaf6bf: ; not directly referenced +cmp word [ebp - 0x21e], 0 +jne loc_fffaf525 ; jne 0xfffaf525 +mov ebx, dword [ebp - 0x234] +xor esi, esi +imul edi, dword [ebp - 0x22c], 9 -loc_fffaef89: ; not directly referenced -cmp ecx, 1 -ja short loc_fffaef97 ; ja 0xfffaef97 -cmp byte [ebx + 0x3749], 0 -je short loc_fffaefbb ; je 0xfffaefbb +loc_fffaf6dc: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +jne short loc_fffaf721 ; jne 0xfffaf721 -loc_fffaef97: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x20] -mov dword [eax], edx -mov dword [eax - 0x1173], edx -mov dword [eax + 0x128], edx -mov dword [eax + 0x13c3], edx -mov dword [eax + 0x250], edx -mov dword [eax + 0x14eb], edx +loc_fffaf6ea: ; not directly referenced +inc esi +add ebx, 0x13c3 +cmp esi, 2 +jne short loc_fffaf6dc ; jne 0xfffaf6dc +imul eax, dword [ebp - 0x22c], 9 +mov word [ebp - 0x220], 0 +mov word [ebp - 0x21e], 0 +mov byte [ebp - 0x254], 0x40 +mov dword [ebp - 0x25c], eax +jmp near loc_fffaf7cd ; jmp 0xfffaf7cd -loc_fffaefbb: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffaef89 ; jne 0xfffaef89 -mov eax, dword [ebx + 0x18a7] -mov eax, dword [ebp + eax*4 - 0x28] -mov dword [ebx + 0x36df], eax -lea esp, [ebp - 0xc] -mov eax, 1 -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaf721: ; not directly referenced +mov byte [ebp - 0x238], 0 -fcn_fffaefe1: -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, 0x5f5e100 -sub esp, 0x10 -mov edi, dword [ebp + 8] -mov esi, dword [eax + 0x2443] -mov eax, 0xbebc200 -test edi, edi -cmovne ebx, edi -dec ecx -mov ecx, 0xfe502ab -cmovne eax, ecx -imul ebx, edx -xor edx, edx -push ebx -push edx -push eax -call dword [esi + 0x70] ; ucall -mov dword [esp], 0 -push 0x5af3 -push 0x107a4000 -add eax, 0x883d2000 -adc edx, 0x2d79 +loc_fffaf728: ; not directly referenced +mov edx, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [edx + 0x2489] +jae short loc_fffaf6ea ; jae 0xfffaf6ea +movzx eax, byte [ebp - 0x238] +mov ecx, dword [ebp - 0x22c] +lea edx, [eax + edi] +add edx, edx +add word [ebx + edx + 0x1b1], 0x40 push edx +mov edx, esi +push 0 +push 0xff push eax -call dword [esi + 0x74] ; ucall -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +mov eax, dword [ebp + 8] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +inc byte [ebp - 0x238] +jmp short loc_fffaf728 ; jmp 0xfffaf728 -fcn_fffaf03f: -push ebp -mov ebp, esp -push edi -push esi -xor esi, esi -push ebx -xor ebx, ebx -sub esp, 8 -mov dword [ebp - 0x14], eax +loc_fffaf772: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [esi + 0xc4], al +je short loc_fffaf7ab ; je 0xfffaf7ab +mov byte [ebp - 0x238], 0 -loc_fffaf04f: -cmp esi, edx -je short loc_fffaf07d ; je 0xfffaf07d -mov eax, dword [ebp - 0x14] -mov byte [ebp - 0xd], 8 -movzx edi, byte [eax + esi] -shl edi, 8 -xor ebx, edi +loc_fffaf787: ; not directly referenced +mov ecx, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [ecx + 0x2489] +jb short loc_fffaf7fe ; jb 0xfffaf7fe +mov eax, dword [ebp - 0x244] +cmp word [ebp + ebx*2 - 0x220], ax +mov al, 0 +cmovne edi, eax -loc_fffaf063: -lea edi, [ebx + ebx] +loc_fffaf7ab: ; not directly referenced +inc ebx +add esi, 0x13c3 +cmp ebx, 2 +jne short loc_fffaf772 ; jne 0xfffaf772 mov eax, edi -xor eax, 0x1021 -and bh, 0x80 -mov ebx, eax -cmove ebx, edi -dec byte [ebp - 0xd] -jne short loc_fffaf063 ; jne 0xfffaf063 -inc esi -jmp short loc_fffaf04f ; jmp 0xfffaf04f - -loc_fffaf07d: -mov word [ecx], bx -mov eax, 1 -pop edx -pop ecx -pop ebx -pop esi -pop edi -pop ebp -ret +test al, al +jne loc_fffaf8a8 ; jne 0xfffaf8a8 +dec byte [ebp - 0x254] +je loc_fffaf898 ; je 0xfffaf898 -fcn_fffaf08c: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, ecx -push esi -mov esi, eax -push ebx -mov eax, ref_fffd34b0 ; mov eax, 0xfffd34b0 +loc_fffaf7cd: ; not directly referenced +push eax +mov edx, dword [ebp - 0x258] +xor ecx, ecx +push 0 xor ebx, ebx +push 1 +mov edi, 1 +lea eax, [ebp - 0x217] +push eax +mov eax, dword [ebp + 8] +call fcn_fffaa5b3 ; call 0xfffaa5b3 +add esp, 0x10 +mov esi, dword [ebp - 0x234] +jmp near loc_fffaf772 ; jmp 0xfffaf772 -loc_fffaf09d: ; not directly referenced -cmp edx, dword [eax] -ja short loc_fffaf0b1 ; ja 0xfffaf0b1 -cmp edx, dword [eax + 9] -jbe short loc_fffaf0b1 ; jbe 0xfffaf0b1 -lea eax, [ebx + ebx*8] -mov eax, dword [eax + ref_fffd34b4] ; mov eax, dword [eax - 0x2cb4c] -jmp short loc_fffaf0bc ; jmp 0xfffaf0bc - -loc_fffaf0b1: ; not directly referenced -inc ebx -add eax, 9 -cmp ebx, 0x14 -jne short loc_fffaf09d ; jne 0xfffaf09d -xor eax, eax +loc_fffaf7fe: ; not directly referenced +movzx eax, word [ebp + ebx*2 - 0x220] +mov cl, byte [ebp - 0x238] +mov word [ebp - 0x24c], ax +movzx edx, cl +bt eax, ecx +mov dword [ebp - 0x23c], edx +jb short loc_fffaf88d ; jb 0xfffaf88d +mov eax, dword [ebp + 8] +mov ecx, edx +mov edx, ebx +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +cmp eax, 0x1f +jbe short loc_fffaf859 ; jbe 0xfffaf859 +mov cl, byte [ebp - 0x23c] +mov eax, 1 +shl eax, cl +or eax, dword [ebp - 0x24c] +mov word [ebp + ebx*2 - 0x220], ax +jmp short loc_fffaf88d ; jmp 0xfffaf88d -loc_fffaf0bc: ; not directly referenced -mov ecx, esi -mov edx, 1 -shl edx, cl -lea ecx, [ebx + ebx*8] -add ecx, ref_fffd34b0 ; add ecx, 0xfffd34b0 -jmp short loc_fffaf0df ; jmp 0xfffaf0df +loc_fffaf859: ; not directly referenced +mov ecx, dword [ebp - 0x23c] +mov edx, dword [ebp - 0x25c] +mov eax, ecx +add eax, edx +mov edx, ebx +inc word [esi + eax*2 + 0x1b1] +push eax +mov eax, dword [ebp + 8] +push 0 +push 0xff +push ecx +mov ecx, dword [ebp - 0x22c] +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 -loc_fffaf0d0: ; not directly referenced -movzx esi, byte [ecx + 8] -sub ecx, 9 -test esi, edx -jne short loc_fffaf0e3 ; jne 0xfffaf0e3 -mov eax, dword [ecx + 4] -dec ebx +loc_fffaf88d: ; not directly referenced +inc byte [ebp - 0x238] +jmp near loc_fffaf787 ; jmp 0xfffaf787 -loc_fffaf0df: ; not directly referenced -test ebx, ebx -jne short loc_fffaf0d0 ; jne 0xfffaf0d0 +loc_fffaf898: ; not directly referenced +mov eax, dword [ebp + 8] +cmp byte [eax + 0x1965], 0 +jne loc_fffaf4ce ; jne 0xfffaf4ce -loc_fffaf0e3: ; not directly referenced -test edi, edi -je short loc_fffaf0e9 ; je 0xfffaf0e9 -mov dword [edi], ebx +loc_fffaf8a8: ; not directly referenced +mov ebx, dword [ebp - 0x234] +xor esi, esi +imul edi, dword [ebp - 0x22c], 9 -loc_fffaf0e9: ; not directly referenced -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffaf8b7: ; not directly referenced +mov al, byte [ebp - 0x230] +test byte [ebx + 0xc4], al +jne short loc_fffaf8d6 ; jne 0xfffaf8d6 -fcn_fffaf0ee: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x3c +loc_fffaf8c5: ; not directly referenced +inc esi +add ebx, 0x13c3 +cmp esi, 2 +jne short loc_fffaf8b7 ; jne 0xfffaf8b7 +jmp near loc_fffaeece ; jmp 0xfffaeece + +loc_fffaf8d6: ; not directly referenced +mov byte [ebp - 0x238], 0 + +loc_fffaf8dd: ; not directly referenced +mov ecx, dword [ebp + 8] +mov al, byte [ebp - 0x238] +cmp al, byte [ecx + 0x2489] +jae short loc_fffaf8c5 ; jae 0xfffaf8c5 +movzx eax, byte [ebp - 0x238] +lea edx, [eax + edi] +add edx, edx +sub word [ebx + edx + 0x1b1], 0x40 +mov edx, esi +push ecx +mov ecx, dword [ebp - 0x22c] +push 0 +push 0xff +push eax mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x188b] -mov ebx, dword [eax + 0x18a7] -mov al, byte [eax + 0x36c9] -test esi, esi -sete cl -test al, al -sete dl -test cl, dl -jne loc_fffaf36d ; jne 0xfffaf36d -dec esi -sete dl -dec al -sete al -test dl, al -jne loc_fffaf36d ; jne 0xfffaf36d +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +inc byte [ebp - 0x238] +jmp short loc_fffaf8dd ; jmp 0xfffaf8dd + +loc_fffaf927: ; not directly referenced +cmp dword [esi], 2 +je short loc_fffaf966 ; je 0xfffaf966 + +loc_fffaf92c: ; not directly referenced +inc dword [ebp - 0x22c] +add esi, 0x13c3 +add edi, 0xcc +cmp dword [ebp - 0x22c], 2 +jne short loc_fffaf927 ; jne 0xfffaf927 mov eax, dword [ebp + 8] -mov dword [ebp - 0x2c], 0 -lea edi, [eax + 0x3756] -imul eax, ebx, 0x2e -mov dword [ebp - 0x38], eax +call fcn_fffaa4a9 ; call 0xfffaa4a9 +mov edi, dword [ebp - 0x234] +mov dword [ebp - 0x22c], 0 +mov ebx, eax +jmp near loc_fffafa4f ; jmp 0xfffafa4f -loc_fffaf145: ; not directly referenced -cmp dword [edi], 2 -jne loc_fffaf35a ; jne 0xfffaf35a -mov eax, dword [ebp - 0x38] -mov ecx, dword [ebp - 0x2c] -mov byte [ebp - 0x1c], 0 -mov byte [ebp - 0x1b], 2 -cmp word [edi + eax + 8], 2 -mov byte [ebp - 0x1a], 3 -mov byte [ebp - 0x19], 2 -sete al -movzx eax, al -add eax, eax -mov byte [ebp - 0x31], al +loc_fffaf966: ; not directly referenced +mov edx, dword [ebp - 0x22c] +mov ecx, 0xff mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x5edc] -imul eax, ecx, 0xcc -lea ebx, [edx + eax + 0x1c] +call fcn_fffa7236 ; call 0xfffa7236 +mov ebx, dword [edi] +mov dword [ebp - 0x230], eax mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x18a7] -mov eax, ecx -shl eax, 0xa -lea ecx, [eax + 0x4004] -mov dword [ebp - 0x30], eax +cmp dword [eax + 0x2481], 3 +jne short loc_fffaf9a0 ; jne 0xfffaf9a0 +mov edx, dword [ebp - 0x230] +and ebx, 0xefffffff +mov ecx, ebx +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffaf9a0: ; not directly referenced +mov ecx, dword [edi] +xor ebx, ebx +mov edx, dword [ebp - 0x230] mov eax, dword [ebp + 8] -mov edx, ecx -mov dword [ebp - 0x48], ecx -imul esi, esi, 0x2e -call fcn_fffae52a ; call 0xfffae52a -add esi, edi -mov dword [ebx + 0xa0], eax -movzx eax, word [esi + 8] -mov dl, byte [ebp + eax - 0x1d] -mov al, byte [ebx + 0xa3] -shl edx, 6 -and eax, 0x3f -or eax, edx -mov edx, dword [ebp - 0x48] -mov byte [ebx + 0xa3], al +call fcn_fffb38b3 ; call 0xfffb38b3 + +loc_fffaf9b2: ; not directly referenced mov eax, dword [ebp + 8] -mov ecx, dword [ebx + 0xa0] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x30] -add eax, 0x400c +cmp bl, byte [eax + 0x2489] +jae short loc_fffaf9ed ; jae 0xfffaf9ed +movzx eax, bl +mov edx, dword [ebp - 0x22c] +inc ebx +mov ecx, eax +mov dword [ebp - 0x230], eax +mov eax, dword [ebp + 8] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0x230] +mov ecx, dword [edi + ecx*4 + 0x28] mov edx, eax -mov dword [ebp - 0x48], eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebx + 0xa8], eax -mov ax, word [esi + 8] -mov esi, dword [ebp + 8] -mov ecx, dword [esi + 0x2480] -mov edx, dword [esi + 0x36d7] -cmp ecx, 3 -jne short loc_fffaf224 ; jne 0xfffaf224 -cmp edx, 0x536 -sbb eax, eax -add eax, 6 -jmp short loc_fffaf26e ; jmp 0xfffaf26e +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffaf9b2 ; jmp 0xfffaf9b2 -loc_fffaf224: ; not directly referenced -cmp ecx, 2 -jne short loc_fffaf242 ; jne 0xfffaf242 -mov eax, 5 -cmp edx, 0x640 -jbe short loc_fffaf26e ; jbe 0xfffaf26e -mov al, 6 -cmp edx, 0x74b -jbe short loc_fffaf26e ; jbe 0xfffaf26e -jmp short loc_fffaf263 ; jmp 0xfffaf263 +loc_fffaf9ed: ; not directly referenced +cmp dword [ebp - 0x250], 0 +je loc_fffaf92c ; je 0xfffaf92c +xor ebx, ebx -loc_fffaf242: ; not directly referenced -cmp edx, 0x640 -ja short loc_fffaf252 ; ja 0xfffaf252 -movzx eax, al -add eax, 4 -jmp short loc_fffaf26e ; jmp 0xfffaf26e +loc_fffaf9fc: ; not directly referenced +mov eax, 1 +mov cl, bl +shl eax, cl +test byte [esi + 0xc4], al +je short loc_fffafa44 ; je 0xfffafa44 +push edx +mov ecx, ebx +push edx +mov dl, bl +shr dl, 1 +and ecx, 1 +movzx edx, dl +imul ecx, ecx, 0x18 +imul edx, edx, 0x128 +add edx, ecx +mov ecx, eax +mov eax, dword [ebp + 8] +movzx edx, word [esi + edx + 0x1273] +push edx +mov edx, dword [ebp - 0x22c] +push 4 +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 -loc_fffaf252: ; not directly referenced -cmp edx, 0x74b -ja short loc_fffaf263 ; ja 0xfffaf263 -cmp al, 3 -sbb eax, eax -add eax, 7 -jmp short loc_fffaf26e ; jmp 0xfffaf26e +loc_fffafa44: ; not directly referenced +inc ebx +cmp ebx, 4 +jne short loc_fffaf9fc ; jne 0xfffaf9fc +jmp near loc_fffaf92c ; jmp 0xfffaf92c -loc_fffaf263: ; not directly referenced -cmp edx, 0x856 -sbb eax, eax -add eax, 8 +loc_fffafa4f: ; not directly referenced +cmp dword [edi], 2 +jne loc_fffafde0 ; jne 0xfffafde0 +mov eax, dword [ebp + 8] +mov ebx, dword [eax + 0x2444] +lea eax, [ebp - 0x210] +push ecx +push 0xf000 +push 4 +push eax +call dword [ebx + 0x60] ; ucall +add esp, 0xc +push 0x1000 +push 4 +lea eax, [ebp - 0x208] +push eax +call dword [ebx + 0x60] ; ucall +add esp, 0xc +push 0 +push 4 +lea eax, [ebp - 0x21b] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0x10 +mov ebx, 2 +cmp dword [edi], 2 +jne loc_fffafde0 ; jne 0xfffafde0 +xor ecx, ecx +mov esi, 0x1000 +mov word [ebp - 0x230], 0xf000 -loc_fffaf26e: ; not directly referenced -cmp eax, 0xf -mov edx, 0xf -cmovbe edx, eax -mov al, byte [ebx + 0xa8] -xor esi, esi -mov cl, dl -shl ecx, 6 -shr edx, 2 -and eax, 0x3f -and edx, 3 -or eax, ecx -mov byte [ebx + 0xa8], al -mov al, byte [ebx + 0xa9] -and eax, 0xfffffffc -or eax, edx -mov byte [ebx + 0xa9], al -mov ecx, dword [ebx + 0xa8] +loc_fffafab9: ; not directly referenced +mov ebx, 0xf +bt ebx, ecx +jae loc_fffafb5e ; jae 0xfffafb5e +mov edx, 1 +shl edx, cl +test byte [edi + 0xc4], dl +je loc_fffafb5e ; je 0xfffafb5e +mov ebx, dword [ebp + 8] +imul edx, ecx, 0x12 +mov bl, byte [ebx + 0x2489] +mov byte [ebp - 0x234], bl +lea ebx, [edi + edx] +xor edx, edx +mov eax, ebx + +loc_fffafaf3: ; not directly referenced +cmp byte [ebp - 0x234], dl +jbe short loc_fffafb35 ; jbe 0xfffafb35 +movzx ebx, byte [edi + ecx + 0x1011] +imul ebx, ebx, 0xffffffc0 +add bx, word [eax + edx*2 + 0x1b1] +cmp word [ebp + ecx*2 - 0x210], bx +jge short loc_fffafb20 ; jge 0xfffafb20 +mov word [ebp + ecx*2 - 0x210], bx + +loc_fffafb20: ; not directly referenced +cmp word [ebp + ecx*2 - 0x208], bx +jle short loc_fffafb32 ; jle 0xfffafb32 +mov word [ebp + ecx*2 - 0x208], bx + +loc_fffafb32: ; not directly referenced +inc edx +jmp short loc_fffafaf3 ; jmp 0xfffafaf3 + +loc_fffafb35: ; not directly referenced +mov eax, dword [ebp - 0x230] +mov dx, word [ebp + ecx*2 - 0x210] +cmp ax, dx +cmovge edx, eax +mov word [ebp - 0x230], dx +movsx edx, word [ebp + ecx*2 - 0x208] +cmp si, dx +cmovg esi, edx + +loc_fffafb5e: ; not directly referenced +inc ecx +cmp ecx, 4 +jne loc_fffafab9 ; jne 0xfffafab9 +movsx eax, word [ebp - 0x230] +mov cl, 2 xor ebx, ebx -mov edx, dword [ebp - 0x48] +add eax, esi +xor esi, esi +cdq +idiv ecx +mov cl, 0x40 +neg eax +add eax, 0x160 +cdq +idiv ecx +mov dword [ebp - 0x240], eax +mov byte [ebp - 0x23c], al +cbw +mov word [ebp - 0x234], ax +shl word [ebp - 0x234], 6 + +loc_fffafba3: ; not directly referenced +mov eax, 0xf +bt eax, ebx +jae loc_fffafce6 ; jae 0xfffafce6 +mov al, 1 +mov cl, bl +shl eax, cl +test byte [edi + 0xc4], al +je loc_fffafce6 ; je 0xfffafce6 +mov al, byte [ebp - 0x23c] +mov byte [ebp + ebx - 0x21b], al +mov eax, dword [ebp - 0x234] +add ax, word [ebp + ebx*2 - 0x208] +cmp ax, 0x3f +jg short loc_fffafbfe ; jg 0xfffafbfe +movsx edx, ax +mov eax, 0x7f +sub eax, edx +sar eax, 6 +add eax, dword [ebp - 0x240] +mov byte [ebp + ebx - 0x21b], al + +loc_fffafbfe: ; not directly referenced +mov dl, byte [ebp + ebx - 0x21b] +movsx ax, dl +shl eax, 6 +add ax, word [ebp + ebx*2 - 0x210] +cwde +cmp eax, 0x1bf +jle short loc_fffafc2d ; jle 0xfffafc2d +sub eax, 0x180 +sar eax, 6 +sub edx, eax +mov byte [ebp + ebx - 0x21b], dl + +loc_fffafc2d: ; not directly referenced +mov al, byte [ebp + ebx - 0x21b] +mov ecx, esi +movsx ecx, cl +movsx edx, al +mov byte [ebp - 0x230], al +mov eax, edx +sub eax, ecx +mov cl, byte [ebp - 0x230] +sub ecx, 0xe +cmp eax, 0xf +mov al, byte [ebp - 0x230] +cmovge esi, ecx +mov ecx, esi +movsx ecx, cl +sub edx, ecx +test edx, edx +lea ecx, [eax - 1] +cmovle esi, ecx +sub al, byte [edi + ebx + 0x1011] +mov byte [ebp - 0x230], 0 +cbw +mov word [ebp - 0x238], ax +lea eax, [ebx + ebx*8] +shl word [ebp - 0x238], 6 +mov dword [ebp - 0x244], eax + +loc_fffafc92: ; not directly referenced +mov edx, dword [ebp + 8] +mov al, byte [ebp - 0x230] +cmp al, byte [edx + 0x2489] +jae short loc_fffafce6 ; jae 0xfffafce6 +movzx eax, byte [ebp - 0x230] +mov edx, dword [ebp - 0x244] +mov ecx, dword [ebp - 0x238] +add edx, eax +add edx, edx +add word [edi + edx + 0x1b1], cx +mov ecx, ebx +push edx +mov edx, dword [ebp - 0x22c] +push 0 +push 0xff +push eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -mov al, byte [ebp - 0x31] -xor ecx, ecx -mov dl, byte [edi + 0xc4] -mov byte [ebp - 0x48], 0 -sub eax, 4 -test dl, 1 -je short loc_fffaf2e3 ; je 0xfffaf2e3 -mov cl, al -add cl, byte [edi + 0x1015] -mov byte [edi + 0x1015], cl -and ecx, 0x7f +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 +inc byte [ebp - 0x230] +jmp short loc_fffafc92 ; jmp 0xfffafc92 -loc_fffaf2e3: ; not directly referenced -and dl, 2 -je short loc_fffaf2fb ; je 0xfffaf2fb -mov dl, al -add dl, byte [edi + 0x1016] -mov esi, edx -mov byte [edi + 0x1016], dl -and esi, 0x7f +loc_fffafce6: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffafba3 ; jne 0xfffafba3 +mov eax, dword [ebp - 0x22c] +mov ebx, esi +shl eax, 0xa +add eax, 0x4028 +mov dword [ebp - 0x234], eax +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +test bl, bl +jns short loc_fffafd34 ; jns 0xfffafd34 +mov edx, eax +mov ecx, esi +shr edx, 0x10 +neg ecx +and edx, 0x3f +movzx ecx, cl +cmp edx, ecx +mov ebx, 7 +mov edx, 0 +cmovge ebx, edx +jmp short loc_fffafd55 ; jmp 0xfffafd55 -loc_fffaf2fb: ; not directly referenced -mov dl, byte [edi + 0xc4] -test dl, 4 -je short loc_fffaf317 ; je 0xfffaf317 -mov bl, al -add bl, byte [edi + 0x1017] -mov byte [edi + 0x1017], bl -and ebx, 0x7f +loc_fffafd34: ; not directly referenced +je short loc_fffafd53 ; je 0xfffafd53 +mov edx, eax +mov ebx, esi +shr edx, 0x10 +movsx ecx, bl +not edx +xor ebx, ebx +and edx, 0x3f +cmp ecx, edx +mov edx, 7 +cmovg ebx, edx +jmp short loc_fffafd55 ; jmp 0xfffafd55 -loc_fffaf317: ; not directly referenced -and dl, 8 -je short loc_fffaf32e ; je 0xfffaf32e -add al, byte [edi + 0x1018] -mov byte [edi + 0x1018], al -and eax, 0x7f -mov byte [ebp - 0x48], al +loc_fffafd53: ; not directly referenced +xor ebx, ebx -loc_fffaf32e: ; not directly referenced -mov eax, dword [ebp - 0x48] -and esi, 0x7f -and ecx, 0x7f -shl esi, 8 -and ebx, 0x7f -mov edx, dword [ebp - 0x30] -shl ebx, 0x10 -or ecx, esi -or ecx, ebx -shl eax, 0x18 -or ecx, eax +loc_fffafd55: ; not directly referenced +mov edx, eax +and eax, 0xffc00000 +shr edx, 0x10 +add edx, esi +and edx, 0x3f +mov ecx, edx +shl ecx, 0x10 +mov dword [ebp - 0x230], eax +or dword [ebp - 0x230], ecx +mov dword [edi + 0x1019], edx +xor edx, edx + +loc_fffafd7d: ; not directly referenced +mov eax, 0xf +bt eax, edx +jae short loc_fffafda7 ; jae 0xfffafda7 +mov al, 1 +mov cl, dl +shl eax, cl +test byte [edi + 0xc4], al +je short loc_fffafda7 ; je 0xfffafda7 +mov cl, byte [ebp + edx - 0x21b] +mov eax, esi +sub ecx, eax +mov byte [edi + edx + 0x1011], cl + +loc_fffafda7: ; not directly referenced +mov cl, byte [edi + edx + 0x1011] +mov eax, ecx +and eax, 0xf +lea ecx, [edx*4] +inc edx +shl eax, cl +or eax, dword [ebp - 0x230] +cmp edx, 4 +je short loc_fffafdd0 ; je 0xfffafdd0 +mov dword [ebp - 0x230], eax +jmp short loc_fffafd7d ; jmp 0xfffafd7d + +loc_fffafdd0: ; not directly referenced +mov ecx, eax +mov edx, dword [ebp - 0x234] mov eax, dword [ebp + 8] -add edx, 0x4024 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffaf35a: ; not directly referenced -inc dword [ebp - 0x2c] +loc_fffafde0: ; not directly referenced +inc dword [ebp - 0x22c] add edi, 0x13c3 -cmp dword [ebp - 0x2c], 2 -jne loc_fffaf145 ; jne 0xfffaf145 +cmp dword [ebp - 0x22c], 2 +jne loc_fffafa4f ; jne 0xfffafa4f +mov eax, ebx -loc_fffaf36d: ; not directly referenced -add esp, 0x3c -xor eax, eax +loc_fffafdfb: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffaf377: ; not directly referenced +fcn_fffafe03: ; not directly referenced push ebp -mov ecx, 4 mov ebp, esp push edi +mov edi, ecx push esi -mov esi, ref_fffd3e70 ; mov esi, 0xfffd3e70 +mov esi, eax push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x54] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov byte [ebp - 0x5d], 0 -mov eax, dword [ebx + 0x2443] -mov dword [ebp - 0x5c], 0 -mov dword [ebp - 0x64], eax -lea eax, [ebx + 0x381a] - -loc_fffaf3ac: ; not directly referenced -mov cl, byte [eax] -mov byte [ebp - 0x5e], cl -and cl, 1 -jne short loc_fffaf41a ; jne 0xfffaf41a - -loc_fffaf3b6: ; not directly referenced -test byte [ebp - 0x5e], 4 -je loc_fffaf46d ; je 0xfffaf46d -movzx edx, word [eax + 0x12c0] -mov ecx, 1 -imul edx, dword [eax + 0x12bc] -movzx edi, byte [eax + 0x12c6] -movzx esi, byte [eax + 0x12c5] -shr edx, 0x14 -cmp byte [eax + 0x12c6], 0 -cmovne ecx, edi -movzx edi, byte [eax + 0x12c8] -imul edi, esi -imul edi, edx -movzx edx, byte [eax + 0x12ca] -imul edi, ecx -movzx edx, word [ebp + edx*2 - 0x54] -cmp edx, edi -mov edx, 1 -cmove edx, dword [ebp - 0x5c] -mov dword [ebp - 0x5c], edx -jmp short loc_fffaf46d ; jmp 0xfffaf46d +sub esp, 0x50 +mov al, byte [ecx + 0x539] +push 0 +push 5 +mov bl, al +mov eax, dword [esi + 0x2444] +mov byte [ebp - 0x2d], dl +lea edx, [ebp - 0x1d] +push edx +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +mov al, 0 +cmp dword [ebp + 0xc], 0 +cmovne ebx, eax +xor eax, eax +mov byte [ebp - 0x2e], bl -loc_fffaf41a: ; not directly referenced -movzx edx, word [eax + 0x1198] -imul edx, dword [eax + 0x1194] -movzx ecx, byte [eax + 0x119e] -movzx esi, byte [eax + 0x119d] -shr edx, 0x14 -test cl, cl -jne short loc_fffaf442 ; jne 0xfffaf442 -mov ecx, 1 +loc_fffafe3d: ; not directly referenced +cmp byte [ebp - 0x2e], al +jbe short loc_fffafe60 ; jbe 0xfffafe60 +movzx edx, byte [edi + eax + 0x534] +xor ecx, ecx +cmp dl, 5 +ja short loc_fffafe58 ; ja 0xfffafe58 +movzx ecx, byte [edx + ref_fffd38e8] ; movzx ecx, byte [edx - 0x2c718] -loc_fffaf442: ; not directly referenced -movzx edi, byte [eax + 0x11a0] -imul esi, edi -imul esi, edx -movzx edx, byte [eax + 0x11a2] -imul esi, ecx -movzx edx, word [ebp + edx*2 - 0x54] -cmp edx, esi -je loc_fffaf3b6 ; je 0xfffaf3b6 -mov dword [ebp - 0x5c], 1 +loc_fffafe58: ; not directly referenced +mov byte [ebp + ecx - 0x1d], 1 +inc eax +jmp short loc_fffafe3d ; jmp 0xfffafe3d -loc_fffaf46d: ; not directly referenced -inc byte [ebp - 0x5d] -add eax, 0x13c3 -cmp byte [ebp - 0x5d], 2 -jne loc_fffaf3ac ; jne 0xfffaf3ac -cmp dword [ebp - 0x5c], 1 -je loc_fffaf5ed ; je 0xfffaf5ed -push edx -push 0 -push 0x2c -lea eax, [ebp - 0x44] -push eax -mov eax, dword [ebp - 0x64] -call dword [eax + 0x5c] ; ucall +loc_fffafe60: ; not directly referenced +cmp dword [ebp + 8], 0 +jne short loc_fffafe7e ; jne 0xfffafe7e +movzx ecx, byte [edi + 8] +sub esp, 0xc +xor edx, edx +push 1 +mov eax, esi +call fcn_fffa8377 ; call 0xfffa8377 add esp, 0x10 -cmp byte [ebx + 0x3748], 1 -mov dword [ebp - 0x58], 1 -je short loc_fffaf4af ; je 0xfffaf4af +mov dword [edi + 9], eax -loc_fffaf4ab: ; not directly referenced -xor esi, esi -jmp short loc_fffaf509 ; jmp 0xfffaf509 +loc_fffafe7e: ; not directly referenced +lea eax, [esi + 0x3757] +mov ebx, edi +mov dword [ebp - 0x34], eax +movzx eax, byte [ebp - 0x2d] +mov dword [ebp - 0x2c], 0 +mov dword [ebp - 0x50], eax -loc_fffaf4af: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaf4db ; jne 0xfffaf4db -mov edx, 0x5004 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5004 -mov ecx, eax -mov dword [ebp - 0x68], eax -and ecx, 0xfcffffff -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffafe97: ; not directly referenced +mov eax, dword [ebp - 0x34] +cmp dword [eax], 2 +je short loc_fffafeba ; je 0xfffafeba -loc_fffaf4db: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaf4ab ; jne 0xfffaf4ab -mov edx, 0x5008 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5008 -mov ecx, eax -mov dword [ebp - 0x6c], eax -and ecx, 0xfcffffff -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffaf4ab ; jmp 0xfffaf4ab +loc_fffafe9f: ; not directly referenced +inc dword [ebp - 0x2c] +add ebx, 2 +add dword [ebp - 0x34], 0x13c3 +cmp dword [ebp - 0x2c], 2 +jne short loc_fffafe97 ; jne 0xfffafe97 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffaf509: ; not directly referenced -movzx eax, byte [ebx + 0x248d] -bt eax, esi -jb short loc_fffaf521 ; jb 0xfffaf521 +loc_fffafeba: ; not directly referenced +mov eax, dword [ebp - 0x50] +mov ecx, dword [ebp - 0x2c] +bt eax, ecx +jae short loc_fffafe9f ; jae 0xfffafe9f +mov eax, dword [ebp - 0x34] +mov byte [ebp - 0x2d], 1 +cmp dword [eax + 0xc0], 1 +jne short loc_fffafee4 ; jne 0xfffafee4 +mov al, byte [ebx + 4] +mov byte [ebp - 0x2d], 0 +mov byte [ebx], al +mov al, byte [ebx + 5] +mov byte [ebx + 1], al -loc_fffaf515: ; not directly referenced -add esi, 2 -cmp esi, 4 -jne short loc_fffaf509 ; jne 0xfffaf509 -xor edi, edi -jmp short loc_fffaf570 ; jmp 0xfffaf570 +loc_fffafee4: ; not directly referenced +mov eax, dword [esi + 0x1887] +cmp eax, 0x306d0 +sete dl +cmp eax, 0x40650 +sete al +or dl, al +je short loc_fffaff0d ; je 0xfffaff0d +mov byte [ebx], 0 +mov byte [ebx + 1], 0 +mov byte [ebx + 5], 0 +mov byte [ebp - 0x2d], 1 -loc_fffaf521: ; not directly referenced +loc_fffaff0d: ; not directly referenced +mov dl, byte [ebx + 4] +mov ecx, 3 +push 1 +mov al, dl +movzx edx, byte [ebx] +mul byte [ebp - 0x2d] +shl eax, 4 +add eax, edx +mov edx, dword [ebp - 0x2c] +movzx eax, ax push eax -mov ecx, esi +mov eax, esi +push 7 +push 0 +call fcn_fffa972b ; call 0xfffa972b +mov dl, byte [ebx + 5] +mov ecx, 0xc +mov al, byte [ebp - 0x2d] +push 1 +mul dl +movzx edx, byte [ebx + 1] +shl eax, 4 +add eax, edx +mov edx, dword [ebp - 0x2c] +movzx eax, ax push eax -mov edi, 1 -lea eax, [ebp - 0x58] +mov eax, esi +push 7 +push 0 +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x20 +cmp byte [ebp - 0x2e], 0 +je loc_fffafe9f ; je 0xfffafe9f +imul eax, dword [ebp - 0x2c], 9 +mov byte [ebp - 0x2d], 0 +mov dword [ebp - 0x4c], eax +mov dword [ebp - 0x48], eax + +loc_fffaff7b: ; not directly referenced +mov al, byte [ebp - 0x2d] +cmp al, byte [esi + 0x2489] +jae loc_fffafe9f ; jae 0xfffafe9f +cmp byte [ebp - 0x1d], 0 +je short loc_fffaffb8 ; je 0xfffaffb8 +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x48] +push 1 +lea edx, [eax + ecx + 0x28] +mov ecx, 0xf +movsx edx, word [edi + edx*2 + 7] +push edx +mov edx, dword [ebp - 0x2c] +push 6 push eax -mov eax, ebx +mov eax, esi +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 + +loc_fffaffb8: ; not directly referenced +cmp byte [ebp - 0x1c], 0 +je short loc_fffaffe9 ; je 0xfffaffe9 +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x48] +push 1 +lea edx, [eax + ecx + 0xa4] +mov ecx, 0xf +movsx edx, word [edi + edx*2 + 7] +push edx +mov edx, dword [ebp - 0x2c] push 0 -lea edx, [ebp - 0x44] -call fcn_fffaa9ed ; call 0xfffaa9ed -mov ecx, esi -xor edx, edx -shl edi, cl -mov eax, ebx -mov ecx, edi -call fcn_fffaac43 ; call 0xfffaac43 -mov ecx, edi -mov edx, 1 -mov byte [ebp - 0x5c], al -mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 -or eax, dword [ebp - 0x5c] -movzx edx, al -mov eax, ebx -call fcn_fffae670 ; call 0xfffae670 +push eax +mov eax, esi +call fcn_fffa972b ; call 0xfffa972b add esp, 0x10 -mov edi, eax -test eax, eax -je short loc_fffaf515 ; je 0xfffaf515 -loc_fffaf570: ; not directly referenced -cmp byte [ebx + 0x3748], 1 -jne short loc_fffaf5a9 ; jne 0xfffaf5a9 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaf591 ; jne 0xfffaf591 -mov ecx, dword [ebp - 0x68] -mov edx, 0x5004 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffaffe9: ; not directly referenced +movzx eax, byte [ebp - 0x2d] +mov ecx, dword [ebp - 0x4c] +mov dword [ebp - 0x40], 0 +mov dword [ebp - 0x44], eax +lea edx, [eax + ecx] +lea edx, [edx + edx + 0x33f] +lea ecx, [edi + edx] +mov dword [ebp - 0x3c], ecx -loc_fffaf591: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaf5a9 ; jne 0xfffaf5a9 -mov ecx, dword [ebp - 0x6c] -mov edx, 0x5008 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffb000a: ; not directly referenced +mov cl, byte [ebp - 0x40] +mov dword [ebp - 0x38], 1 +shl dword [ebp - 0x38], cl +mov ecx, dword [ebp - 0x34] +mov al, byte [ebp - 0x38] +test byte [ecx + 0xc4], al +je short loc_fffb0071 ; je 0xfffb0071 +cmp byte [ebp - 0x1b], 0 +je short loc_fffb004d ; je 0xfffb004d +mov eax, dword [ebp - 0x3c] +push 1 +mov ecx, dword [ebp - 0x38] +mov edx, dword [ebp - 0x2c] +movsx eax, word [eax - 0xf8] +push eax +mov eax, esi +push 5 +push dword [ebp - 0x44] +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 -loc_fffaf5a9: ; not directly referenced -mov edx, 0x3c -mov eax, ebx -call fcn_fffa834b ; call 0xfffa834b -cmp dword [ebx + 0x3756], 2 -jne short loc_fffaf5cf ; jne 0xfffaf5cf -mov ecx, 0x3000 -mov edx, 0x48a8 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffb004d: ; not directly referenced +cmp byte [ebp - 0x1a], 0 +je short loc_fffb0071 ; je 0xfffb0071 +mov eax, dword [ebp - 0x3c] +push 1 +mov ecx, dword [ebp - 0x38] +mov edx, dword [ebp - 0x2c] +movsx eax, word [eax] +push eax +mov eax, esi +push 4 +push dword [ebp - 0x44] +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 -loc_fffaf5cf: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffaf5e9 ; jne 0xfffaf5e9 -mov ecx, 0x3000 -mov edx, 0x48b0 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffb0071: ; not directly referenced +inc dword [ebp - 0x40] +add dword [ebp - 0x3c], 0x3e +cmp dword [ebp - 0x40], 4 +jne short loc_fffb000a ; jne 0xfffb000a +inc byte [ebp - 0x2d] +jmp near loc_fffaff7b ; jmp 0xfffaff7b -loc_fffaf5e9: ; not directly referenced -test edi, edi -je short loc_fffaf5f7 ; je 0xfffaf5f7 +fcn_fffb0086: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0xc] +mov edx, dword [ebp + 8] +out dx, eax +pop ebp +ret + +fcn_fffb0092: ; not directly referenced +push ebp +xor eax, eax +mov ebp, esp +xor edx, edx +pop ebp +ret -loc_fffaf5ed: ; not directly referenced -mov dword [ebx + 0x374a], 1 +fcn_fffb009b: ; not directly referenced +push ebp +mov ebp, esp +pop ebp +ret -loc_fffaf5f7: ; not directly referenced -lea esp, [ebp - 0xc] +fcn_fffb00a0: ; not directly referenced +push ebp +mov ebp, esp +mov edx, dword [ebp + 8] +in ax, dx +pop ebp +ret + +fcn_fffb00aa: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb00a0 ; jmp 0xfffb00a0 + +fcn_fffb00b9: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0xc] +mov edx, dword [ebp + 8] +out dx, ax +pop ebp +ret + +fcn_fffb00c6: ; not directly referenced +push ebp +mov ebp, esp +movzx eax, word [ebp + 0x18] +mov dword [ebp + 0xc], eax +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb00b9 ; jmp 0xfffb00b9 + +fcn_fffb00dc: ; not directly referenced +push ebp +mov ebp, esp +mov edx, dword [ebp + 8] +in eax, dx +pop ebp +ret + +fcn_fffb00e5: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb00dc ; jmp 0xfffb00dc + +fcn_fffb00f4: +mov eax, dword [0xff7d0270] +push ebp +mov ebp, esp +lea edx, [eax + 4] +mov eax, dword [ebp + 0xc] +mov dword [eax], edx xor eax, eax -pop ebx -pop esi -pop edi pop ebp ret -fcn_fffaf601: ; not directly referenced +fcn_fffb0108: ; not directly referenced push ebp +mov edx, 0x186a0 mov ebp, esp -push edi -push esi +xor eax, eax push ebx -sub esp, 0x3c -mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x2443] -cmp byte [edi + 0x190d], 0 -mov edx, dword [edi + 0x18a7] -mov esi, dword [edi + 0x2480] -mov dword [ebp - 0x30], eax -je loc_fffafafc ; je 0xfffafafc -cmp esi, 3 -sete al -mov byte [ebp - 0x2c], al -movzx eax, al -mov dword [ebp - 0x38], eax -mov eax, dword [edi + 0x36cb] +sub esp, 0x10 + +loc_fffb0116: ; not directly referenced test eax, eax -je loc_fffaf79d ; je 0xfffaf79d -dec eax -jne loc_fffafafc ; jne 0xfffafafc -movzx ebx, byte [edi + 0x247f] -test ebx, ebx -sete al -or al, byte [ebp - 0x2c] -je short loc_fffaf6d5 ; je 0xfffaf6d5 -mov ecx, dword [ebp - 0x30] -xor eax, eax -cmp dword [edi + 0x188b], 1 -mov edx, dword [ecx + 0x80] -sete al -mov esi, eax -lea esi, [esi + esi + 0x18] -lea eax, [eax + eax + 0x17] +sete bl test edx, edx -je short loc_fffaf6d5 ; je 0xfffaf6d5 -lea ecx, [ebp - 0x20] -push ecx -lea ecx, [ebp - 0x1c] -push ecx -push eax -push 1 -call edx -mov al, byte [ebp - 0x19] +setne cl +test bl, cl +je short loc_fffb0133 ; je 0xfffb0133 +clc + +loc_fffb0125: ; not directly referenced +rdrand eax +mov dword [ebp - 8], eax +jae short loc_fffb0125 ; jae 0xfffb0125 +mov eax, dword [ebp - 8] +dec edx +jmp short loc_fffb0116 ; jmp 0xfffb0116 + +loc_fffb0133: ; not directly referenced add esp, 0x10 -test al, al -js short loc_fffaf6d5 ; js 0xfffaf6d5 -or eax, 0xffffff80 -mov byte [ebp - 0x19], al -mov al, byte [ebp - 0x1c] -or eax, 1 -cmp dword [edi + 0x2480], 3 -mov byte [ebp - 0x1c], al -jne short loc_fffaf6bf ; jne 0xfffaf6bf -and eax, 0xfffffff1 -or eax, 8 -mov byte [ebp - 0x1c], al +pop ebx +pop ebp +ret -loc_fffaf6bf: ; not directly referenced -lea eax, [ebp - 0x20] +fcn_fffb0139: ; not directly referenced +push ebp +mov ebp, esp +pop ebp +ret + +fcn_fffb013e: ; not directly referenced +push ebp +mov ebp, esp push eax -mov eax, dword [ebp - 0x30] -push dword [ebp - 0x1c] +mov eax, 0x1000 +in al, 0x99 +pop eax +pop ebp +ret + +fcn_fffb014c: +mov edx, dword [0xff7d026c] +xor eax, eax +push ebp +mov ebp, esp +push edi push esi -push 1 -call dword [eax + 0x84] ; ucall -add esp, 0x10 +push ebx +imul ebx, edx, 0xc -loc_fffaf6d5: ; not directly referenced -cmp ebx, 1 -mov edx, 0x64 -mov eax, 0x32 -cmove edx, eax -cmp dword [ebp - 0x38], 1 -jne short loc_fffaf70c ; jne 0xfffaf70c -mov edx, 0x5880 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5880 -and al, 0x7f -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x61 +loc_fffb015d: +cmp edx, 0x13 +ja short loc_fffb018d ; ja 0xfffb018d +mov esi, dword [ebp + 0xc] +inc edx +mov ecx, 3 +mov dword [0xff7d026c], edx +lea edi, [ebx + eax - 0x82fe84] +add esi, eax +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, dword [ebp + 0xc] +mov ecx, dword [edi + eax] +add eax, 0xc +test ecx, ecx +jns short loc_fffb015d ; jns 0xfffb015d +xor eax, eax +jmp short loc_fffb0192 ; jmp 0xfffb0192 -loc_fffaf70c: ; not directly referenced -mov cl, byte [ebp - 0x2c] -dec ebx -sete al -or cl, al -je loc_fffafafc ; je 0xfffafafc -movzx eax, dx -xor esi, esi -lea ebx, [edi + 0x4a07] -mov dword [ebp - 0x2c], eax +loc_fffb018d: +mov eax, 0x80000009 -loc_fffaf729: ; not directly referenced -cmp dword [ebx - 0x12b1], 2 -jne short loc_fffaf782 ; jne 0xfffaf782 -movzx eax, word [ebx - 0x129b] -mov ecx, 0x64 -imul eax, dword [ebp - 0x2c] -cdq -idiv ecx -cmp dword [ebx - 0x13e], 2 -mov word [ebx - 0x129b], ax -jne short loc_fffaf76a ; jne 0xfffaf76a -movzx eax, word [ebx - 0x128] -imul eax, dword [ebp - 0x2c] -cdq -idiv ecx -mov word [ebx - 0x128], ax +loc_fffb0192: +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffaf76a: ; not directly referenced -cmp dword [ebx - 0x16], 2 -jne short loc_fffaf782 ; jne 0xfffaf782 -movzx eax, word [ebx] -mov ecx, 0x64 -imul eax, dword [ebp - 0x2c] -cdq -idiv ecx -mov word [ebx], ax +fcn_fffb0197: ; not directly referenced +push ebp +mov ebp, esp +mov edx, dword [ebp + 0x10] +mov eax, dword [ebp + 0x18] +out dx, al +pop ebp +ret -loc_fffaf782: ; not directly referenced -mov edx, esi -mov eax, edi -inc esi -add ebx, 0x13c3 -call fcn_fffae6fa ; call 0xfffae6fa -cmp esi, 2 -je loc_fffafafc ; je 0xfffafafc -jmp short loc_fffaf729 ; jmp 0xfffaf729 +fcn_fffb01a3: ; not directly referenced +push ebp +mov ebp, esp +pop ebp +jmp near loc_fffd2c76 ; jmp 0xfffd2c76 -loc_fffaf79d: ; not directly referenced -cmp dword [edi + 0x36e8], 0 -je short loc_fffaf7b3 ; je 0xfffaf7b3 -cmp byte [edi + 0x1916], 0 -jne loc_fffafafc ; jne 0xfffafafc +fcn_fffb01ac: +push ebp +mov ebp, esp +mov edx, dword [ebp + 0xc] +mov eax, dword [ebp + 8] +mov ecx, dword [ebp + 0x10] +test edx, edx +je short loc_fffb01c8 ; je 0xfffb01c8 +movzx ecx, cl +mov dword [ebp + 0x10], ecx +pop ebp +jmp near loc_fffd2c24 ; jmp 0xfffd2c24 -loc_fffaf7b3: ; not directly referenced -test byte [edi + 0x36ca], 0xf7 -je loc_fffafafc ; je 0xfffafafc -cmp dword [edi + 0x3756], 2 -mov dword [ebp - 0x40], 0 -mov dword [ebp - 0x44], 0 -mov dword [ebp - 0x34], 0 -je short loc_fffaf7f2 ; je 0xfffaf7f2 -cmp dword [edi + 0x4b19], 2 -mov eax, 1 -jne loc_fffaf892 ; jne 0xfffaf892 -jmp short loc_fffaf7f4 ; jmp 0xfffaf7f4 +loc_fffb01c8: +pop ebp +ret -loc_fffaf7f2: ; not directly referenced -xor eax, eax - -loc_fffaf7f4: ; not directly referenced -imul eax, eax, 0x13c3 -lea ecx, [edi + eax + 0x3756] -imul eax, edx, 0x2e -lea eax, [ecx + eax + 4] -movzx ecx, word [eax + 0x1a] -movzx edx, word [eax + 0x10] -movzx eax, word [eax + 0xc] -lea edx, [ecx + edx + 1] -mov cl, 0x7f -mov bl, dl -and ebx, 0x7f -cmp edx, 0x7f -cmovbe ecx, ebx -mov ebx, 0xa -imul eax, eax, 0xf -xor edx, edx -and ecx, 0x7f -div ebx -mov bl, 0x7f -cmp dl, 1 -mov edx, 0x4e44 -sbb eax, 0xffffffff -cmp eax, 0x7f -cmovbe ebx, eax -mov eax, edi -and ebx, 0x7f -shl ecx, 8 -or ecx, ebx -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf856: ; not directly referenced -mov eax, dword [ebp - 0x30] -call dword [eax + 0x7c] ; ucall -mov ebx, eax -xor ax, ax -call fcn_fffaeba2 ; call 0xfffaeba2 -mov dl, al -movzx eax, bx -mov dword [ebp - 0x2c], edx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov edx, dword [ebp - 0x2c] -test al, al -sete al -test dl, dl -sete dl -or al, dl -jne short loc_fffaf856 ; jne 0xfffaf856 -mov ecx, ebx -mov edx, 0x2bb8 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffaf892: ; not directly referenced -cmp esi, 2 -je loc_fffafafc ; je 0xfffafafc -mov ecx, dword [edi + 0x1912] -mov eax, 0x800 -mov dl, 0xb - -loc_fffaf8a8: ; not directly referenced -movzx ebx, dl -cmp ebx, ecx -lea eax, [eax + eax] -jae short loc_fffaf8b5 ; jae 0xfffaf8b5 -inc edx -jmp short loc_fffaf8a8 ; jmp 0xfffaf8a8 - -loc_fffaf8b5: ; not directly referenced -call fcn_fffaec34 ; call 0xfffaec34 -mov byte [ebp - 0x2c], 0x11 -sub byte [ebp - 0x2c], al -movzx eax, byte [ebp - 0x2c] -mov word [ebp - 0x48], ax +fcn_fffb01ca: +push ebp +mov ebp, esp +pop ebp +jmp near loc_fffd2c09 ; jmp 0xfffd2c09 -loc_fffaf8c9: ; not directly referenced -mov eax, dword [ebp - 0x30] -xor ebx, ebx -mov esi, 1 -call dword [eax + 0x7c] ; ucall -xor edx, edx -mov dword [ebp - 0x3c], eax +fcn_fffb01d3: ; not directly referenced +push ebp +mov ebp, esp +pop ebp +jmp near loc_fffd2bee ; jmp 0xfffd2bee -loc_fffaf8db: ; not directly referenced -mov cl, dl -cmp bx, word [ebp - 0x48] -je short loc_fffaf8fb ; je 0xfffaf8fb -mov eax, esi -shl eax, cl -mov ecx, dword [ebp - 0x3c] -and ecx, eax -cmp ecx, 1 -sbb bx, 0xffff -inc edx -cmp edx, 0x10 -jne short loc_fffaf8db ; jne 0xfffaf8db -mov cl, 0x10 +fcn_fffb01dc: +push ebp +mov ebp, esp +mov ecx, dword [ebp + 0x10] +mov eax, dword [ebp + 8] +mov edx, dword [ebp + 0xc] +test ecx, ecx +je short loc_fffb01f6 ; je 0xfffb01f6 +cmp eax, edx +je short loc_fffb01f6 ; je 0xfffb01f6 +pop ebp +jmp near loc_fffd2b28 ; jmp 0xfffd2b28 -loc_fffaf8fb: ; not directly referenced -mov ebx, 1 -shl ebx, cl -dec ebx -and ebx, dword [ebp - 0x3c] -movzx eax, bx -call fcn_fffaeba2 ; call 0xfffaeba2 -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf8c9 ; jne 0xfffaf8c9 -mov edx, ebx -xor esi, esi -mov word [ebp - 0x40], bx -not edx +loc_fffb01f6: +pop ebp +ret -loc_fffaf91d: ; not directly referenced -mov ecx, esi -mov eax, 0xfffffffe -rol eax, cl -and eax, edx -movzx ecx, ax -mov edx, eax -mov word [ebp - 0x30], ax -mov eax, ecx -mov dword [ebp - 0x48], edx -mov dword [ebp - 0x3c], ecx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov ecx, dword [ebp - 0x3c] -mov edx, dword [ebp - 0x48] -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf971 ; jne 0xfffaf971 +fcn_fffb01f8: ; not directly referenced +push ebp +mov ebp, esp +pop ebp +jmp near fcn_fffb01dc ; jmp 0xfffb01dc -loc_fffaf949: ; not directly referenced -shl ecx, 0x10 -mov eax, edi -mov edx, ecx -movzx ecx, word [ebp - 0x40] -xor esi, esi -or ebx, dword [ebp - 0x30] -or ecx, edx -mov edx, 0x4e38 -mov word [ebp - 0x3c], bx -not ebx -call fcn_fffae58c ; call 0xfffae58c -mov word [ebp - 0x30], bx -jmp short loc_fffaf97f ; jmp 0xfffaf97f +fcn_fffb0201: +push ebp +mov eax, dword [0xff7d0000] +mov ebp, esp +pop ebp +ret -loc_fffaf971: ; not directly referenced -inc esi -cmp esi, 0x10 -jne short loc_fffaf91d ; jne 0xfffaf91d -jmp short loc_fffaf949 ; jmp 0xfffaf949 +fcn_fffb020b: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb0201 ; call 0xfffb0201 +sub esp, 0xc +mov edx, dword [eax] +push dword [ebp + 0x14] +push 0 +push dword [ebp + 0xc] +push dword [ebp + 8] +push eax +call dword [edx + 0x20] ; ucall +leave +ret -loc_fffaf979: ; not directly referenced -inc esi -cmp esi, 0x10 -je short loc_fffaf99e ; je 0xfffaf99e +fcn_fffb022c: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +push ebx +mov ebx, edx +sub esp, 0x2c +mov esi, dword [ebp + 0xc] +lea eax, [ebp - 0x1c] +push eax +push 0 +push 0 +push ref_fffd6928 ; push 0xfffd6928 +mov dword [ebp - 0x2c], ecx +call fcn_fffb020b ; call 0xfffb020b +add esp, 0xc +mov edx, dword [ebp - 0x1c] +push dword [ebp + 8] +mov ecx, ebx +lea eax, [ebp - 0x2c] +shr ecx, 1 +and ecx, 0x7f +push eax +mov eax, ebx +shr eax, 0x16 +movzx ebx, bh +and eax, 1 +push eax +push edi +push ebx +push ecx +push edx +call dword [edx] ; ucall +add esp, 0x20 +test esi, esi +je short loc_fffb0280 ; je 0xfffb0280 +mov dword [esi], eax -loc_fffaf97f: ; not directly referenced -mov ebx, dword [ebp - 0x30] -mov edx, 0xfffffffe -mov ecx, esi -rol edx, cl -and ebx, edx -movzx eax, bx -mov word [ebp - 0x30], ax -call fcn_fffaeba2 ; call 0xfffaeba2 -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf979 ; jne 0xfffaf979 +loc_fffb0280: ; not directly referenced +mov eax, dword [ebp - 0x2c] +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffaf99e: ; not directly referenced -mov word [ebp - 0x44], bx -xor esi, esi -or ebx, dword [ebp - 0x3c] -not ebx -jmp short loc_fffaf9bc ; jmp 0xfffaf9bc +fcn_fffb028b: ; not directly referenced +push ebp +mov ecx, 1 +mov ebp, esp +sub esp, 0x20 +push dword [ebp + 0xc] +mov edx, dword [ebp + 8] +lea eax, [ebp - 9] +push eax +mov eax, 4 +call fcn_fffb022c ; call 0xfffb022c +mov al, byte [ebp - 9] +leave +ret -loc_fffaf9ab: ; not directly referenced -mov ecx, esi -mov eax, 0xfffffffe -rol eax, cl -inc esi -and ebx, eax -cmp esi, 0x10 -je short loc_fffaf9c9 ; je 0xfffaf9c9 +fcn_fffb02af: ; not directly referenced +push ebp +mov ecx, 1 +mov ebp, esp +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 0xc] +push dword [ebp + 0x10] +mov edx, dword [ebp + 8] +lea eax, [ebp - 9] +mov byte [ebp - 9], bl +push eax +mov eax, 5 +call fcn_fffb022c ; call 0xfffb022c +mov al, bl +mov ebx, dword [ebp - 4] +leave +ret -loc_fffaf9bc: ; not directly referenced -movzx eax, bx -call fcn_fffaeba2 ; call 0xfffaeba2 -cmp al, byte [ebp - 0x2c] -jne short loc_fffaf9ab ; jne 0xfffaf9ab +fcn_fffb02dc: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +mov ebx, edx +sub esp, 0x2c +test ebx, ebx +setne al +cmp cx, 0x1ff +setbe bl +mov dword [ebp - 0x2c], edx +mov edx, dword [ebp + 8] +mov word [ebp - 0x2e], cx +mov dword [ebp - 0x1c], 0x80000007 +test al, bl +je loc_fffb03b0 ; je 0xfffb03b0 +mov edi, edx +movzx edx, dx +add edx, ecx +cmp edx, 0x1ff +jg loc_fffb03b0 ; jg 0xfffb03b0 +mov eax, dword [ebp - 0x2c] +add edi, eax +mov ebx, eax +mov eax, esi +movzx eax, al +mov word [ebp - 0x30], di +mov dword [ebp - 0x34], eax -loc_fffaf9c9: ; not directly referenced -movzx ecx, word [ebp - 0x44] -shl ebx, 0x10 -mov edx, 0x4e3c -mov eax, edi -or ecx, ebx -call fcn_fffae58c ; call 0xfffae58c -mov dword [ebp - 0x2c], 0 +loc_fffb0335: ; not directly referenced +cmp word [ebp - 0x30], bx +je short loc_fffb03a9 ; je 0xfffb03a9 +mov ecx, dword [ebp + 0xc] +mov dx, word [ebp - 0x2e] +sub edx, dword [ebp - 0x2c] +movzx ecx, byte [ecx] +add edx, ebx +mov eax, edx +shr ax, 8 +cmp ax, cx +je short loc_fffb035e ; je 0xfffb035e +mov edi, dword [ebp + 0xc] +mov byte [edi], al +mov al, 1 +jmp short loc_fffb0360 ; jmp 0xfffb0360 -loc_fffaf9e5: ; not directly referenced -imul esi, dword [ebp - 0x2c], 0x13c3 -cmp dword [edi + esi + 0x3756], 2 -jne loc_fffafaef ; jne 0xfffafaef -xor ebx, ebx -test byte [edi + esi + 0x381a], 1 -je short loc_fffafa5b ; je 0xfffafa5b -cmp dword [ebp - 0x38], 0 -jne short loc_fffafa2d ; jne 0xfffafa2d -imul eax, dword [ebp - 0x2c], 0x54a -mov ax, word [edi + eax + 0x1a4f] -cmp ax, 0xce00 -sete bl -cmp ax, 0xfe02 -sete al -or ebx, eax -jmp short loc_fffafa5b ; jmp 0xfffafa5b +loc_fffb035e: ; not directly referenced +xor eax, eax -loc_fffafa2d: ; not directly referenced +loc_fffb0360: ; not directly referenced +dec al +movzx esi, dl +jne short loc_fffb0385 ; jne 0xfffb0385 +mov eax, dword [ebp + 0xc] +cmp byte [eax], 1 push edx -xor ecx, ecx +lea edx, [ebp - 0x1c] +sbb eax, eax push edx -mov edx, dword [ebp - 0x2c] -lea eax, [ebp - 0x1c] +and eax, 0xfffffffe +push 0 +add eax, 0x6e push eax -mov eax, edi -push 5 -call fcn_fffa686d ; call 0xfffa686d -lea eax, [ebp - 0x1c] +call fcn_fffb02af ; call 0xfffb02af add esp, 0x10 -mov cl, 1 - -loc_fffafa49: ; not directly referenced -mov dl, byte [eax] -and edx, 0xfffffffd -dec dl -cmove ebx, ecx -inc eax -lea edx, [ebp - 0x18] -cmp eax, edx -jne short loc_fffafa49 ; jne 0xfffafa49 -loc_fffafa5b: ; not directly referenced -test byte [edi + esi + 0x381a], 4 -je short loc_fffafac5 ; je 0xfffafac5 -cmp dword [ebp - 0x38], 0 -je short loc_fffafaa1 ; je 0xfffafaa1 -mov edx, dword [ebp - 0x2c] -mov ecx, 2 +loc_fffb0385: ; not directly referenced +shl esi, 8 +mov edi, ebx push eax +inc ebx +or esi, dword [ebp - 0x34] push eax lea eax, [ebp - 0x1c] push eax -mov eax, edi -push 5 -call fcn_fffa686d ; call 0xfffa686d -lea eax, [ebp - 0x1c] +push esi +call fcn_fffb028b ; call 0xfffb028b add esp, 0x10 -lea ecx, [ebp - 0x18] - -loc_fffafa8b: ; not directly referenced -mov dl, byte [eax] -mov esi, ebx -or esi, 2 -and edx, 0xfffffffd -dec dl -cmove ebx, esi -inc eax -cmp eax, ecx -jne short loc_fffafa8b ; jne 0xfffafa8b -jmp short loc_fffafac5 ; jmp 0xfffafac5 - -loc_fffafaa1: ; not directly referenced -imul eax, dword [ebp - 0x2c], 0x54a -mov ax, word [edi + eax + 0x1cc6] -cmp ax, 0xfe02 -sete dl -cmp ax, 0xce00 -sete al -or dl, al -je short loc_fffafac5 ; je 0xfffafac5 -or ebx, 2 - -loc_fffafac5: ; not directly referenced -and dword [ebp - 0x34], 0xffffff9f -and ebx, 3 -shl ebx, 5 -mov edx, dword [ebp - 0x2c] -mov eax, edi -or dword [ebp - 0x34], ebx -or dword [ebp - 0x34], 0x80000000 -mov ecx, dword [ebp - 0x34] -shl edx, 0xa -add edx, 0x4240 -call fcn_fffae58c ; call 0xfffae58c +mov byte [ebx - 1], al +cmp dword [ebp - 0x1c], 0 +je short loc_fffb0335 ; je 0xfffb0335 +mov byte [edi], 0 -loc_fffafaef: ; not directly referenced -inc dword [ebp - 0x2c] -cmp dword [ebp - 0x2c], 2 -jne loc_fffaf9e5 ; jne 0xfffaf9e5 +loc_fffb03a9: ; not directly referenced +mov dword [ebp - 0x1c], 0 -loc_fffafafc: ; not directly referenced +loc_fffb03b0: ; not directly referenced +mov eax, dword [ebp - 0x1c] lea esp, [ebp - 0xc] -xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffafb06: ; not directly referenced +fcn_fffb03bb: ; not directly referenced push ebp +mov ecx, 2 mov ebp, esp push edi -movzx edi, dl push esi push ebx -sub esp, 0x4c -mov esi, dword [ebp + 0x14] -mov byte [ebp - 0x27], cl -mov cl, byte [ebp + 8] -mov ebx, dword [ebp + 0xc] -mov byte [ebp - 0x26], dl -mov edx, 0x4c31 -mov dword [ebp - 0x38], esi -imul esi, edi, 0x13c3 -mov byte [ebp - 0x48], cl -xor ecx, ecx -mov dword [ebp - 0x20], edi -mov byte [ebp - 0x34], bl -lea edi, [eax + esi + 0x3756] -mov dword [ebp - 0x1c], eax -call fcn_fffae566 ; call 0xfffae566 -cmp byte [edi + 0x1241], 1 -sete al -mov dl, al -mov cl, al -mov eax, dword [ebp - 0x20] -or edx, 2 -cmp byte [edi + 0x1369], 1 -cmove ecx, edx -shl eax, 0xa -mov edi, ecx -lea edx, [eax + 0x41bc] -xor ecx, ecx -mov dword [ebp - 0x2c], eax -mov eax, dword [ebp - 0x1c] -call fcn_fffae566 ; call 0xfffae566 -mov eax, ebx -and eax, 1 -lea edx, [eax + eax] -mov al, bl -and eax, 2 -and ebx, 4 -shr al, 1 -or eax, ebx -or eax, edx -mov ebx, eax -movzx eax, byte [ebp - 0x34] -add esi, dword [ebp - 0x1c] -shl ebx, 0x18 -mov dword [ebp - 0x30], ebx -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x25], 0 -mov dword [ebp - 0x4c], esi +sub esp, 0x34 +mov esi, dword [ebp + 0x10] +movzx eax, byte [ebp + 0xc] +lea edi, [ebp - 0x19] +push edi +push 1 +lea edx, [esi + 2] +mov byte [ebp - 0x19], 0xff +mov dword [ebp - 0x30], eax +call fcn_fffb02dc ; call 0xfffb02dc +add esp, 0x10 +mov esi, eax +test eax, eax +jne short loc_fffb044f ; jne 0xfffb044f +mov eax, dword [ebp + 0x18] +xor edx, edx +mov ecx, dword [ebp + 8] +mov dword [ebp - 0x2c], 1 +mov ebx, dword [ebp + 0x14] +shl dword [ebp - 0x2c], cl +mov ecx, 5 +div ecx +lea eax, [eax + eax*4] +add eax, ebx mov dword [ebp - 0x34], eax -loc_fffafbb5: ; not directly referenced -mov cl, byte [ebp - 0x24] -mov ebx, 1 -mov esi, dword [ebp - 0x4c] -shl ebx, cl -mov al, bl -and al, byte [esi + 0x381a] -test byte [ebp - 0x27], al -je loc_fffafc5d ; je 0xfffafc5d -mov ecx, dword [ebp - 0x34] -xor edx, edx -mov esi, dword [ebp + 0x10] -and ecx, 0xf -shl ecx, 0x18 -mov eax, ecx -mov cl, byte [ebp - 0x24] -shr cl, 1 -movzx ecx, cl -mov si, word [esi + ecx*2] -mov ax, si -test byte [ebp - 0x24], 1 -je short loc_fffafc1e ; je 0xfffafc1e -inc ecx -test ecx, edi -je short loc_fffafc1e ; je 0xfffafc1e -mov edx, esi -and ax, 0x150 -and dx, 0xfe07 -and esi, 0xa8 -shr ax, 1 -add esi, esi -or eax, edx -or eax, esi +loc_fffb0412: ; not directly referenced +cmp ebx, dword [ebp - 0x34] +je short loc_fffb044f ; je 0xfffb044f +movzx eax, byte [ebx + 4] +test dword [ebp - 0x2c], eax +je short loc_fffb044a ; je 0xfffb044a +push eax +mov edx, dword [ebp + 0x10] +push eax +movzx ecx, word [ebx] +push edi +mov ax, word [ebx + 2] +add edx, ecx +inc eax +sub ax, word [ebx] movzx eax, ax -add eax, dword [ebp - 0x30] -cdq - -loc_fffafc1e: ; not directly referenced -mov esi, dword [ebp - 0x48] -mov ecx, edx -not ebx -or ecx, 0xf000000 -and ebx, 0xf -and ch, 0xf0 -and esi, 0xf -shl esi, 8 -or ecx, esi -and ecx, 0xfffffff0 -or ecx, ebx -mov ebx, dword [ebp - 0x2c] -mov edx, ecx -push ecx -push ecx -push edx push eax -mov eax, dword [ebp - 0x1c] -lea ecx, [ebx + 0x41c0] -mov edx, ecx -call fcn_fffae7cf ; call 0xfffae7cf +mov eax, dword [ebp - 0x30] +call fcn_fffb02dc ; call 0xfffb02dc add esp, 0x10 -inc byte [ebp - 0x25] +test eax, eax +je short loc_fffb044a ; je 0xfffb044a +mov esi, eax +jmp short loc_fffb044f ; jmp 0xfffb044f -loc_fffafc5d: ; not directly referenced -inc dword [ebp - 0x24] -cmp dword [ebp - 0x24], 4 -jne loc_fffafbb5 ; jne 0xfffafbb5 -cmp byte [ebp - 0x25], 0 -jne short loc_fffafc7a ; jne 0xfffafc7a +loc_fffb044a: ; not directly referenced +add ebx, 5 +jmp short loc_fffb0412 ; jmp 0xfffb0412 -loc_fffafc70: ; not directly referenced -mov eax, 1 -jmp near loc_fffafd4a ; jmp 0xfffafd4a - -loc_fffafc7a: ; not directly referenced -mov edi, dword [ebp - 0x38] -mov cl, 3 -mov edx, dword [ebp - 0x2c] -mov ebx, edi -mov eax, edi -mov edi, dword [ebp - 0x1c] -add edx, 0x419c -and eax, 7 -test bl, bl -cmovne ecx, eax -mov al, byte [ebp - 0x25] -and ecx, 7 -dec eax -and eax, 7 -shl eax, 0x10 -or ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x20] -lea ebx, [eax*8 + 0x48a8] -mov eax, edi -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -mov dword [ebp - 0x1c], edi -mov ecx, eax -mov esi, eax -and ch, 0xc7 -mov eax, edi -or ch, 0x20 -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x20] -mov ecx, 5 -mov eax, dword [ebp - 0x1c] -lea edi, [edx*4 + 0x48b8] -mov edx, edi -call fcn_fffae566 ; call 0xfffae566 - -loc_fffafcef: ; not directly referenced -mov eax, dword [ebp - 0x1c] -mov edx, 0x4804 -call fcn_fffae52a ; call 0xfffae52a -cmp byte [ebp - 0x26], 0 -jne short loc_fffafd15 ; jne 0xfffafd15 -test al, 1 -jne loc_fffafc70 ; jne 0xfffafc70 -shr eax, 0x10 -and eax, 1 -xor eax, 1 -jmp short loc_fffafd28 ; jmp 0xfffafd28 - -loc_fffafd15: ; not directly referenced -test al, 2 -jne loc_fffafc70 ; jne 0xfffafc70 -shr eax, 0x10 -shr al, 1 -xor eax, 1 -and eax, 1 - -loc_fffafd28: ; not directly referenced -test al, al -jne short loc_fffafcef ; jne 0xfffafcef -mov edx, edi -mov edi, dword [ebp - 0x1c] -mov ecx, 4 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -mov eax, edi -mov ecx, esi -mov edx, ebx -call fcn_fffae58c ; call 0xfffae58c -xor eax, eax - -loc_fffafd4a: ; not directly referenced +loc_fffb044f: ; not directly referenced +test esi, esi +sete al lea esp, [ebp - 0xc] pop ebx pop esi @@ -21475,1083 +21911,1288 @@ pop edi pop ebp ret -fcn_fffafd52: ; not directly referenced +fcn_fffb045c: ; not directly referenced push ebp +mov ecx, 2 +mov ebp, esp +sub esp, 0x20 +push dword [ebp + 0xc] +mov edx, dword [ebp + 8] +lea eax, [ebp - 0xa] +push eax +mov eax, 6 +call fcn_fffb022c ; call 0xfffb022c +mov ax, word [ebp - 0xa] +leave +ret + +fcn_fffb0481: ; not directly referenced +push ebp +mov ecx, 2 mov ebp, esp -push edi -push esi push ebx -sub esp, 0x2c -mov esi, dword [ebp + 8] +sub esp, 0x1c mov ebx, dword [ebp + 0xc] -cmp cl, 3 -ja short loc_fffafd72 ; ja 0xfffafd72 -mov word [ebp - 0x1c], bx -mov word [ebp - 0x1a], 0 -jmp short loc_fffafd7c ; jmp 0xfffafd7c - -loc_fffafd72: ; not directly referenced -mov word [ebp - 0x1c], 0 -mov word [ebp - 0x1a], bx +push dword [ebp + 0x10] +mov edx, dword [ebp + 8] +lea eax, [ebp - 0xa] +mov word [ebp - 0xa], bx +push eax +mov eax, 7 +call fcn_fffb022c ; call 0xfffb022c +mov eax, ebx +mov ebx, dword [ebp - 4] +leave +ret -loc_fffafd7c: ; not directly referenced -cmp dword [eax + 0x2480], 2 -movzx edi, dl -mov edx, esi -movzx ecx, cl -push 0 -movzx esi, dl -sete bl -mov dword [ebp - 0x2c], edi -lea edi, [ebp - 0x1c] -mov edx, dword [ebp - 0x2c] -push edi -shl ebx, 3 -push esi -movzx ebx, bl +fcn_fffb04af: +push ebp +mov ebp, esp push ebx -call fcn_fffafb06 ; call 0xfffafb06 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp +mov ebx, edx +sub esp, 0x14 +mov dword [edx + 4], eax +lea eax, [ebp - 0xc] +mov dword [edx], 0x626d7370 +push eax +push 0 +push 0 +push ref_fffd6880 ; push 0xfffd6880 +call fcn_fffb020b ; call 0xfffb020b +mov eax, dword [ebp - 0xc] +add esp, 0x10 +movzx edx, word [eax + 0x388] +add eax, 0x38e +mov dword [ebx + 8], edx +mov dl, byte [eax - 1] +mov dword [ebx + 0xce], eax +lea eax, [ebx + 0x18] +mov dword [ebx + 0xc], 0x80000010 +mov dword [ebx + 0x10], ref_fffd6928 ; mov dword [ebx + 0x10], 0xfffd6928 +mov byte [ebx + 0xcd], dl +mov dword [ebx + 0x14], eax +mov dword [ebx + 0x18], fcn_fffb94a2 ; mov dword [ebx + 0x18], 0xfffb94a2 +mov dword [ebx + 0x1c], fcn_fffa5b8d ; mov dword [ebx + 0x1c], 0xfffa5b8d +mov dword [ebx + 0x20], fcn_fffa5b83 ; mov dword [ebx + 0x20], 0xfffa5b83 +mov dword [ebx + 0x24], fcn_fffa5b79 ; mov dword [ebx + 0x24], 0xfffa5b79 +mov dword [ebx + 0x38], 0x80000020 +mov dword [ebx + 0x3c], ref_fffd68ac ; mov dword [ebx + 0x3c], 0xfffd68ac +mov dword [ebx + 0x40], fcn_fffb054c ; mov dword [ebx + 0x40], 0xfffb054c +mov byte [ebx + 0x44], 0 +mov byte [ebx + 0xd2], 0 +mov ebx, dword [ebp - 4] +leave ret -fcn_fffafdb2: ; not directly referenced +fcn_fffb054c: ; not directly referenced push ebp mov ebp, esp -push edi -push esi -push ebx -sub esp, 0xe0 -mov esi, dword [ebp + 8] -mov edi, dword [ebp + 0x14] -mov byte [ebp - 0x9f], cl -mov ebx, dword [ebp + 0x10] -mov dword [ebp - 0x80], eax +sub esp, 8 mov eax, dword [ebp + 0xc] -mov ecx, esi -mov dword [ebp - 0xd8], esi -mov esi, ref_fffd3e80 ; mov esi, 0xfffd3e80 -mov dword [ebp - 0xac], edi -mov dword [ebp - 0xb8], edx -mov byte [ebp - 0xdc], dl -mov edx, edi -mov byte [ebp - 0xc8], cl -lea edi, [ebp - 0x50] -mov ecx, 3 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0x38] -mov esi, ref_fffd3e8c ; mov esi, 0xfffd3e8c -mov dword [ebp - 0x88], eax -mov byte [ebp - 0xa0], al -mov byte [ebp - 0x9d], dl -mov word [ebp - 0x7c], bx -mov word [ebp - 0x60], 0 -mov word [ebp - 0x5e], 2 -mov cl, 4 -mov word [ebp - 0x5c], 1 -mov word [ebp - 0x5a], 3 -mov word [ebp - 0x64], 0 -mov word [ebp - 0x62], 2 -mov byte [ebp - 0x6a], 1 -mov byte [ebp - 0x69], 2 -mov byte [ebp - 0x68], 3 -mov byte [ebp - 0x67], 0 -mov byte [ebp - 0x66], 2 -mov byte [ebp - 0x65], 3 -movzx edx, byte [ebp - 0xb8] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [ebp - 0x80] -imul eax, edx, 0x13c3 -mov dword [ebp - 0x84], edx -mov esi, dword [edi + 0x5edc] -lea eax, [edi + eax + 0x3756] -mov dword [ebp - 0xa8], eax -imul eax, edx, 0xcc -mov ecx, esi -mov dword [ebp - 0xa4], esi -mov esi, dword [edi + 0x2443] -lea edx, [ecx + eax + 0x1c] -mov dword [ebp - 0x9c], edx -mov edx, dword [edi + 0x188b] -lea eax, [ebp - 0x50] -push 0xc -push eax -lea eax, [ebp - 0x44] +lea edx, [eax - 0x38] +mov eax, dword [ebp + 8] +call fcn_fffb04af ; call 0xfffb04af +xor eax, eax +leave +ret + +fcn_fffb0564: +push ebp +mov ebp, esp +push ebx push eax -mov dword [ebp - 0x98], edx -call dword [esi + 0x58] ; ucall -add esp, 0xc -push 8 -lea eax, [ebp - 0x60] +mov ebx, dword [ebp + 0xc] +call fcn_fffb0201 ; call 0xfffb0201 +movzx ebx, bx +mov edx, dword [eax] +push dword [ebp + 0x10] +push ebx +push 4 push eax -lea eax, [ebp - 0x58] +call dword [edx + 0x34] ; ucall +mov ebx, dword [ebp - 4] +leave +ret + +fcn_fffb0585: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb0201 ; call 0xfffb0201 +push edx +push edx +mov edx, dword [eax] +push dword [ebp + 8] push eax -call dword [esi + 0x58] ; ucall -mov eax, dword [edi + 0x2480] -add esp, 0xc -xor edx, edx -push 0x10 -cmp eax, 3 -sete dl -mov dword [ebp - 0xb4], edx -xor edx, edx -cmp eax, 2 -lea eax, [ebp - 0x38] -sete dl +call dword [edx + 0x18] ; ucall +leave +ret + +fcn_fffb059d: +push ebp +mov ebp, esp +sub esp, 0x18 +call fcn_fffb0201 ; call 0xfffb0201 +lea ecx, [ebp - 0xc] +push edx +push edx +mov edx, dword [eax] +push ecx push eax -lea eax, [ebp - 0x28] -mov dword [ebp - 0xb0], edx +call dword [edx + 0x30] ; ucall +mov eax, dword [ebp - 0xc] +leave +ret + +fcn_fffb05b9: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb0201 ; call 0xfffb0201 +push edx +mov edx, dword [eax] +push dword [ebp + 0xc] +push dword [ebp + 8] push eax -call dword [esi + 0x58] ; ucall -mov ecx, dword [ebp - 0x88] -add esp, 0x10 -cmp cl, 3 -sete al -cmp cl, 1 -setbe dl -or dl, al -jne short loc_fffaff33 ; jne 0xfffaff33 -mov edx, ecx -cmp cl, 0x11 +call dword [edx + 0x4c] ; ucall +leave +ret + +fcn_fffb05d3: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, edx +push esi +mov esi, 1 +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 8] +lea ecx, [edx - 4] +cmp ecx, 3 +cmova esi, dword [ebp + 0x10] +and edi, 3 +mov dword [ebp - 0x1c], ebx +mov ebx, dword [ebp + 0xc] +cmp edi, 3 sete cl -cmp dl, 2 +test al, al sete dl -or cl, dl -je loc_fffaffe5 ; je 0xfffaffe5 +mov dword [ebp - 0x20], ebx +test cl, dl +jne short loc_fffb0672 ; jne 0xfffb0672 +mov ecx, 0xffff +xor ebx, ebx +test al, al +je short loc_fffb061b ; je 0xfffb061b +or ecx, 0xffffffff +xor ebx, ebx -loc_fffaff33: ; not directly referenced -mov ecx, dword [ebp - 0x88] -cmp cl, 1 -sbb esi, esi -and esi, 0x10 -add esi, 0xf -cmp cl, 1 -sbb edx, edx -and edx, 0xfffffff0 -sub edx, 0x10 -cmp bx, si -jg short loc_fffaff5c ; jg 0xfffaff5c -cmp dx, bx -mov esi, ebx -cmovge esi, edx +loc_fffb061b: ; not directly referenced +test esi, esi +jne short loc_fffb0636 ; jne 0xfffb0636 +cmp dword [ebp - 0x20], ebx +jb short loc_fffb0632 ; jb 0xfffb0632 +ja short loc_fffb062b ; ja 0xfffb062b +cmp dword [ebp - 0x1c], ecx -loc_fffaff5c: ; not directly referenced -mov ebx, dword [ebp - 0x9c] -movzx ecx, byte [ebp - 0xd8] -cmp byte [ebp - 0x88], 0 -lea edi, [ebx + ecx*4] -mov ebx, dword [edi + 0x78] -jne loc_fffb0a8d ; jne 0xfffb0a8d -mov eax, esi -and ebx, 0xfffff000 -and eax, 0x3f -mov edx, eax -or ebx, eax -shl edx, 6 -or ebx, edx +loc_fffb0629: ; not directly referenced +jbe short loc_fffb0632 ; jbe 0xfffb0632 -loc_fffaff90: ; not directly referenced -cmp byte [ebp - 0xb8], 1 -mov edx, 0x365c -jbe loc_fffb0ae0 ; jbe 0xfffb0ae0 +loc_fffb062b: ; not directly referenced +mov eax, 0x80000003 +jmp short loc_fffb0677 ; jmp 0xfffb0677 -loc_fffaffa2: ; not directly referenced -mov ecx, dword [ebp - 0x80] -lea eax, [edx + 0xc] -cmp dword [ecx + 0x188b], 1 -mov ecx, ebx -cmove edx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0xac], 0 -je short loc_fffaffc8 ; je 0xfffaffc8 -mov dword [edi + 0x78], ebx +loc_fffb0632: ; not directly referenced +xor eax, eax +jmp short loc_fffb0677 ; jmp 0xfffb0677 -loc_fffaffc8: ; not directly referenced -mov eax, dword [ebp - 0xa4] -mov edx, 0x2008 -mov ecx, dword [eax + 0x18] -mov eax, dword [ebp - 0x80] -or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c -mov word [ebp - 0x7c], si +loc_fffb0636: ; not directly referenced +push eax +push edi +push ebx +push ecx +call fcn_fffb01ca ; call 0xfffb01ca +lea ecx, [esi - 1] +add esp, 0x10 +cmp edx, 0 +ja short loc_fffb064e ; ja 0xfffb064e +cmp eax, ecx +jb short loc_fffb062b ; jb 0xfffb062b -loc_fffaffe5: ; not directly referenced -mov eax, dword [ebp - 0x88] -cmp al, 0x11 -sete cl -sub eax, 4 -cmp al, 1 -setbe al -or al, cl -mov byte [ebp - 0x9e], cl -je loc_fffb0219 ; je 0xfffb0219 -mov eax, dword [ebp - 0xa8] +loc_fffb064e: ; not directly referenced +push ecx +push edi xor edi, edi -lea esi, [eax + 0x24d] -imul eax, dword [ebp - 0x84], 0x13c3 -add eax, dword [ebp - 0x80] -mov dword [ebp - 0xe4], eax -movzx eax, byte [ebp - 0x9f] -mov dword [ebp - 0xe8], eax +sub eax, esi +sbb edx, edi +add eax, 1 +adc edx, 0 +push edx +push eax +call fcn_fffb01d3 ; call 0xfffb01d3 +add esp, 0x10 +cmp dword [ebp - 0x20], edx +ja short loc_fffb062b ; ja 0xfffb062b +jb short loc_fffb0632 ; jb 0xfffb0632 +cmp dword [ebp - 0x1c], eax +jmp short loc_fffb0629 ; jmp 0xfffb0629 -loc_fffb0034: ; not directly referenced -mov ebx, dword [ebp - 0xe4] -mov eax, 1 -mov ecx, edi -shl eax, cl -test byte [ebx + 0x381a], al -je loc_fffb020c ; je 0xfffb020c -mov eax, dword [ebp - 0xe8] -bt eax, edi -jae loc_fffb020c ; jae 0xfffb020c -cmp byte [ebp - 0xa0], 4 -jne loc_fffb0103 ; jne 0xfffb0103 -cmp dword [ebp - 0x98], 0 -jne short loc_fffb0085 ; jne 0xfffb0085 -mov ebx, dword [ebp - 0x7c] -mov eax, 0xb -cmp bx, 0xb -cmovle eax, ebx -jmp short loc_fffb00a8 ; jmp 0xfffb00a8 +loc_fffb0672: ; not directly referenced +mov eax, 0x80000002 -loc_fffb0085: ; not directly referenced -cmp dword [ebp - 0x98], 1 -jne short loc_fffb00ac ; jne 0xfffb00ac -mov ecx, dword [ebp - 0x7c] -mov eax, 0xf -cmp cx, 0xf -cmovle eax, ecx -mov ecx, eax -or eax, 0x10 -test byte [esi], 0x10 -cmove eax, ecx +loc_fffb0677: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb00a8: ; not directly referenced -mov word [ebp - 0x7c], ax +fcn_fffb067f: +push ebp +mov ebp, esp +pop ebp +jmp near loc_fffd2b5e ; jmp 0xfffd2b5e -loc_fffb00ac: ; not directly referenced -mov ebx, dword [ebp - 0x7c] -mov eax, 0 -mov ecx, edi -push edx -mov edx, dword [ebp - 0x84] -test bx, bx -cmovns eax, ebx -movzx ebx, byte [ebp - 0xc8] -mov word [ebp - 0x7c], ax -or eax, 0x30 -mov word [ebp - 0xe0], ax -cwde -push eax -mov eax, dword [ebp - 0x80] -push 2 +fcn_fffb0688: +push ebp +mov ebp, esp +push edi +push esi push ebx -call fcn_fffa73b0 ; call 0xfffa73b0 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je loc_fffb020c ; je 0xfffb020c -mov al, byte [ebp - 0xe0] -mov byte [esi + ebx], al -jmp near loc_fffb020c ; jmp 0xfffb020c +mov ebx, ecx +sub esp, 0x4c +mov edi, dword [ebp + 0xc] +lea ecx, [ecx + 0x186e] +mov dword [ebp - 0x3c], ecx +mov dword [ebp - 0x44], edx +mov edx, dword [ebp + 0x10] +mov ecx, dword [edi + 0x1e] +mov esi, dword [edi + 9] +mov dword [ebx + 0x18bd], 0x102 +mov dword [ebx + 0x1877], 2 +mov dword [ebp - 0x40], ecx +mov ecx, dword [ebx + 0x2444] +mov dword [ebx + 0x18b9], esi +mov byte [ebx + 0x1876], 0 +mov dword [ebx + 0x18a3], 0 +mov dword [ebp - 0x30], ecx +mov cl, byte [esi + 0xf2] +mov byte [ebx + 0x2407], cl +mov ecx, dword [esi + 4] +cmp ecx, 2 +je short loc_fffb0700 ; je 0xfffb0700 +cmp ecx, 3 +je short loc_fffb070d ; je 0xfffb070d +dec ecx +jne short loc_fffb074f ; jne 0xfffb074f +jmp short loc_fffb0721 ; jmp 0xfffb0721 -loc_fffb0103: ; not directly referenced -cmp byte [ebp - 0xa0], 5 -jne loc_fffb01c5 ; jne 0xfffb01c5 -cmp dword [ebp - 0x98], 0 -jne short loc_fffb0150 ; jne 0xfffb0150 -cmp word [ebp - 0x7c], 0x13 -jg short loc_fffb0134 ; jg 0xfffb0134 -mov ecx, dword [ebp - 0x7c] -mov eax, 0 -test cx, cx -cmovns eax, ecx -mov word [ebp - 0x7c], ax -jmp short loc_fffb013a ; jmp 0xfffb013a +loc_fffb0700: +cmp eax, 4 +setne al +movzx eax, al +add eax, eax +jmp short loc_fffb0719 ; jmp 0xfffb0719 -loc_fffb0134: ; not directly referenced -mov word [ebp - 0x7c], 0x13 +loc_fffb070d: +cmp eax, 4 +setne al +movzx eax, al +lea eax, [eax + eax*2] -loc_fffb013a: ; not directly referenced -mov eax, dword [ebp - 0x7c] -mov ecx, 5 -mov edx, eax -sar dx, 0xf -idiv cx -lea ebx, [edx + eax*8] -jmp short loc_fffb0185 ; jmp 0xfffb0185 +loc_fffb0719: +mov dword [ebx + 0x18a7], eax +jmp short loc_fffb0759 ; jmp 0xfffb0759 -loc_fffb0150: ; not directly referenced -xor ebx, ebx -cmp dword [ebp - 0x98], 1 -jne short loc_fffb0185 ; jne 0xfffb0185 -mov eax, dword [ebp - 0x7c] -test ax, ax -jle short loc_fffb0185 ; jle 0xfffb0185 -movsx ebx, ax -mov eax, 0x10 -cmp bx, 0x10 -cmovle eax, ebx -mov word [ebp - 0x7c], ax -dec eax -mov ebx, eax -and eax, 3 -sar ebx, 2 -add eax, eax -lea ebx, [eax + ebx*8 + 1] +loc_fffb0721: +cmp eax, 4 +je short loc_fffb074f ; je 0xfffb074f +mov dword [ebx + 0x18a7], 1 +movzx eax, byte [esi + 0x53] +mov dword [ebx + 0x1877], eax +mov al, byte [esi + 0x54] +mov byte [ebx + 0x1876], al +movzx eax, word [esi + 0x4c] +mov dword [ebx + 0x18a3], eax +jmp short loc_fffb0759 ; jmp 0xfffb0759 -loc_fffb0185: ; not directly referenced -push eax -movzx eax, bl -mov edx, dword [ebp - 0x84] -push eax -movzx eax, byte [ebp - 0xc8] -mov ecx, edi -push 2 -push eax -mov dword [ebp - 0xe0], eax -mov eax, dword [ebp - 0x80] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb020c ; je 0xfffb020c -mov eax, dword [ebp - 0xe0] -mov byte [esi + eax + 0xdd9], bl -jmp short loc_fffb020c ; jmp 0xfffb020c - -loc_fffb01c5: ; not directly referenced -cmp byte [ebp - 0x9e], 0 -je short loc_fffb020c ; je 0xfffb020c -movzx ebx, byte [ebp - 0xc8] -mov ecx, edi -push eax -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -push 0 -push 0xff -push ebx -call fcn_fffa73b0 ; call 0xfffa73b0 -add esp, 0xc -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -mov ecx, edi -push 0 -push 0xff -push ebx -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 - -loc_fffb020c: ; not directly referenced -inc edi -add esi, 9 -cmp edi, 4 -jne loc_fffb0034 ; jne 0xfffb0034 +loc_fffb074f: +mov dword [ebx + 0x18a7], 0 -loc_fffb0219: ; not directly referenced -cmp byte [ebp - 0x88], 6 -mov cl, byte [ebp - 0x9e] +loc_fffb0759: +mov eax, dword [edi + 1] +mov eax, dword [eax + 4] +mov dword [ebx + 0x18c5], eax +mov eax, dword [edi + 1] +mov eax, dword [eax + 0x10] +mov dword [ebx + 0x18c1], eax +mov eax, dword [edi + 1] +mov eax, dword [eax + 0x14] +mov dword [ebx + 0x18c9], eax +mov eax, dword [edi + 1] +mov eax, dword [eax + 0x18] +mov dword [ebx + 0x18d1], 0xfed00000 +mov dword [ebx + 0x18cd], eax +mov eax, dword [edi + 5] +movzx eax, word [eax] +mov dword [ebx + 0x18d9], eax +movzx eax, word [esi + 1] +mov dword [ebx + 0x1872], eax +mov eax, dword [edi + 1] +mov eax, dword [eax + 0x1c] +shr eax, 0x14 +cmp edx, 0x40650 +sete cl +cmp edx, 0x306c0 +mov dword [ebx + 0x18dd], eax sete al or cl, al -je loc_fffb0378 ; je 0xfffb0378 -cmp dword [ebp - 0x98], 1 -jne short loc_fffb0247 ; jne 0xfffb0247 -cmp word [ebp - 0x7c], 0x3f -jg loc_fffb0b12 ; jg 0xfffb0b12 -jmp short loc_fffb0252 ; jmp 0xfffb0252 - -loc_fffb0247: ; not directly referenced -cmp word [ebp - 0x7c], 7 -jg loc_fffb0b1d ; jg 0xfffb0b1d +mov eax, dword [edi + 5] +jne short loc_fffb07d9 ; jne 0xfffb07d9 +cmp edx, 0x40660 +jne short loc_fffb07df ; jne 0xfffb07df -loc_fffb0252: ; not directly referenced -mov edi, dword [ebp - 0x7c] -mov edx, 0 -test di, di -cmovns edx, edi -mov word [ebp - 0x7c], dx +loc_fffb07d9: +movzx eax, word [eax + 2] +jmp short loc_fffb07ea ; jmp 0xfffb07ea -loc_fffb0264: ; not directly referenced -movzx edi, byte [ebp - 0xd8] -mov ecx, dword [ebp - 0x9c] -mov dword [ebp - 0xc8], edi -lea edi, [ecx + edi*4] -mov ebx, dword [edi + 4] -mov esi, dword [edi + 0x28] -test al, al -je short loc_fffb02c1 ; je 0xfffb02c1 -cmp dword [ebp - 0x98], 1 -jne short loc_fffb02b3 ; jne 0xfffb02b3 -mov ecx, dword [ebp - 0x7c] -and bh, 0xe3 -and esi, 0xe3ffffff -mov eax, ecx -sar ax, 3 -and eax, 7 -shl eax, 0xa -or ebx, eax -mov eax, ecx -and eax, 7 -shl eax, 0x1a -or esi, eax -jmp short loc_fffb02c1 ; jmp 0xfffb02c1 +loc_fffb07df: +movzx ecx, word [eax + 2] +mov eax, 1 +shl eax, cl -loc_fffb02b3: ; not directly referenced -mov eax, dword [ebp - 0x7c] -and bh, 0xe3 -and eax, 7 -shl eax, 0xa -or ebx, eax +loc_fffb07ea: +mov dword [ebx + 0x1893], eax +mov eax, dword [edi + 5] +movzx eax, byte [eax + 4] +mov byte [ebx + 0x18b3], 0 +shl eax, 5 +mov dword [ebx + 0x188f], eax +push eax +push eax +lea eax, [ebx + 0x189c] +push eax +lea eax, [ebx + 0x189b] +push eax +lea eax, [ebx + 0x189a] +push eax +lea eax, [ebx + 0x1899] +push eax +lea eax, [ebx + 0x1898] +push eax +lea eax, [ebx + 0x1897] +push eax +mov eax, dword [ebp - 0x30] +call dword [eax + 0x50] ; ucall +mov eax, dword [edi + 1] +movzx eax, byte [eax + 0x20] +mov dword [ebx + 0x187f], eax +mov eax, dword [edi + 9] +mov al, byte [eax + 0xc6] +mov byte [ebx + 0x18b0], al +mov eax, dword [esi + 0x4e] +mov word [ebx + 0x1902], 0x3e8 +mov word [ebx + 0x1904], 0x3e8 +mov byte [ebx + 0x18b2], 0 +mov dword [ebx + 0x18ee], eax +mov al, byte [esi + 0x2e] +mov byte [ebx + 0x2442], 0 +mov byte [ebx + 0x18b5], al +mov al, byte [esi + 0x2f] +mov byte [ebx + 0x23ff], al +mov al, byte [esi + 0x30] +mov byte [ebx + 0x2400], al +mov al, byte [esi + 0x31] +mov byte [ebx + 0x2401], al +mov al, byte [esi + 0x6b] +mov byte [ebx + 0x2402], al +mov al, byte [ebx + 0x2403] +mov dl, byte [esi + 0x32] +and eax, 0xfffffffe +and edx, 1 +or eax, edx +mov byte [ebx + 0x2403], al +mov dl, byte [esi + 0x33] +and eax, 0xfffffffd +and edx, 1 +add edx, edx +or eax, edx +mov byte [ebx + 0x2403], al +mov dl, byte [esi + 0x34] +and eax, 0xfffffffb +and edx, 1 +shl edx, 2 +or eax, edx +mov byte [ebx + 0x2403], al +mov dl, byte [esi + 0x35] +and eax, 0xfffffff7 +and edx, 1 +shl edx, 3 +or eax, edx +mov byte [ebx + 0x2403], al +mov dl, byte [esi + 0x36] +and eax, 0xffffffef +and edx, 1 +shl edx, 4 +or eax, edx +mov byte [ebx + 0x2403], al +mov dl, byte [esi + 0x37] +and eax, 0xffffffdf +and edx, 1 +shl edx, 5 +or eax, edx +mov byte [ebx + 0x2403], al +mov dl, byte [esi + 0x38] +and eax, 0xffffffbf +and edx, 1 +shl edx, 6 +or eax, edx +mov byte [ebx + 0x2403], al +mov dl, byte [esi + 0x39] +and eax, 0x7f +shl edx, 7 +or eax, edx +mov byte [ebx + 0x2403], al +mov al, byte [ebx + 0x2404] +mov dl, byte [esi + 0x3a] +and edx, 1 +and eax, 0xfffffffe +or eax, edx +mov byte [ebx + 0x2404], al +mov dl, byte [esi + 0x3b] +and eax, 0xfffffffd +and edx, 1 +add edx, edx +or eax, edx +mov byte [ebx + 0x2404], al +mov dl, byte [esi + 0x3c] +and eax, 0xfffffffb +and edx, 1 +shl edx, 2 +or eax, edx +mov byte [ebx + 0x2404], al +mov dl, byte [esi + 0x3e] +and eax, 0xffffffef +and edx, 1 +shl edx, 4 +or eax, edx +mov byte [ebx + 0x2404], al +mov dl, byte [esi + 0x3f] +and eax, 0xffffffdf +and edx, 1 +shl edx, 5 +or eax, edx +mov byte [ebx + 0x2404], al +mov dl, byte [esi + 0x40] +and eax, 0xffffffbf +and edx, 1 +shl edx, 6 +or eax, edx +mov byte [ebx + 0x2404], al +mov dl, byte [esi + 0x41] +and eax, 0x7f +shl edx, 7 +or eax, edx +mov byte [ebx + 0x2404], al +mov al, byte [ebx + 0x2405] +mov dl, byte [esi + 0x42] +and eax, 0xfffffffe +and edx, 1 +or eax, edx +mov byte [ebx + 0x2405], al +mov dl, byte [esi + 0x43] +and eax, 0xfffffffb +and edx, 1 +shl edx, 2 +or eax, edx +mov byte [ebx + 0x2405], al +mov dl, byte [esi + 0x44] +and edx, 1 +shl edx, 3 +and eax, 0xfffffff7 +or eax, edx +add esp, 0x20 +mov byte [ebx + 0x2405], al +mov dl, byte [esi + 0x47] +and eax, 0xffffffbf +and edx, 1 +shl edx, 6 +or eax, edx +mov byte [ebx + 0x2405], al +mov dl, byte [esi + 0x48] +and eax, 0x7f +shl edx, 7 +or eax, edx +mov byte [ebx + 0x2405], al +mov al, byte [ebx + 0x2406] +mov dl, byte [esi + 0x49] +and eax, 0xfffffffe +and edx, 1 +or eax, edx +mov byte [ebx + 0x2406], al +mov dl, byte [esi + 0x4a] +and eax, 0xfffffffd +and edx, 1 +add edx, edx +or eax, edx +mov byte [ebx + 0x2406], al +mov dl, byte [esi + 0x4b] +and eax, 0xfffffffb +and edx, 1 +shl edx, 2 +or eax, edx +mov byte [ebx + 0x2406], al +cmp byte [edi], 1 +jbe short loc_fffb0ab7 ; jbe 0xfffb0ab7 +mov dl, byte [esi + 0x58] +and eax, 0xfffffff7 +and edx, 1 +shl edx, 3 +or eax, edx +mov byte [ebx + 0x2406], al +mov dl, byte [esi + 0x59] +and eax, 0xffffffef +and edx, 1 +shl edx, 4 +or eax, edx +mov byte [ebx + 0x2406], al +mov dl, byte [esi + 0x5a] +and eax, 0xffffffdf +and edx, 1 +shl edx, 5 +or eax, edx +jmp short loc_fffb0abd ; jmp 0xfffb0abd -loc_fffb02c1: ; not directly referenced -mov ecx, dword [ebp - 0xc8] -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -call fcn_fffa724b ; call 0xfffa724b -mov ecx, ebx -mov edx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x98], 1 -jne short loc_fffb030a ; jne 0xfffb030a -mov ecx, dword [ebp - 0xc8] -mov edx, dword [ebp - 0x84] -mov eax, dword [ebp - 0x80] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, esi -mov edx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c +loc_fffb0ab7: +and eax, 0xffffffe7 +or eax, 0x20 -loc_fffb030a: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb0378 ; je 0xfffb0378 -cmp dword [ebp - 0x98], 1 -mov dword [edi + 4], ebx -jne short loc_fffb0378 ; jne 0xfffb0378 -mov ebx, dword [ebp - 0x80] -mov edx, 0x3a28 -mov dword [edi + 0x28], esi -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -movzx ecx, byte [ebx + 0x2488] -xor edx, edx -mov esi, eax -xor eax, eax +loc_fffb0abd: +mov byte [ebx + 0x2406], al +mov al, byte [ebx + 0x2405] +cmp byte [edi], 3 +jbe short loc_fffb0b22 ; jbe 0xfffb0b22 +mov dl, byte [esi + 0x5c] +and eax, 0xfffffffd +and edx, 1 +add edx, edx +or eax, edx +mov byte [ebx + 0x2405], al +mov al, byte [esi + 0x5d] +mov byte [ebx + 0x1906], al +mov al, byte [esi + 0x5e] +mov byte [ebx + 0x1907], al +mov al, byte [esi + 0x5f] +mov byte [ebx + 0x1908], al +mov al, byte [esi + 0x60] +mov byte [ebx + 0x1909], al +mov al, byte [esi + 0x61] +mov byte [ebx + 0x190a], al +mov al, byte [esi + 0x62] +mov byte [ebx + 0x190b], al +mov al, byte [esi + 0x63] +mov byte [ebx + 0x190c], al +jmp short loc_fffb0b5c ; jmp 0xfffb0b5c -loc_fffb033e: ; not directly referenced -cmp cl, dl -jbe short loc_fffb0357 ; jbe 0xfffb0357 -mov edi, dword [ebp - 0x9c] -mov bl, byte [edi + edx*4 + 0x2b] -inc edx -shr bl, 2 -and ebx, 7 -add eax, ebx -jmp short loc_fffb033e ; jmp 0xfffb033e +loc_fffb0b22: +or eax, 2 +mov byte [ebx + 0x2405], al +mov byte [ebx + 0x1906], 0xff +mov byte [ebx + 0x1907], 0x80 +mov byte [ebx + 0x1908], 1 +mov byte [ebx + 0x1909], 1 +mov byte [ebx + 0x190a], 1 +mov byte [ebx + 0x190b], 7 +mov byte [ebx + 0x190c], 0 -loc_fffb0357: ; not directly referenced +loc_fffb0b5c: +cmp byte [edi], 4 +jbe short loc_fffb0b87 ; jbe 0xfffb0b87 +mov eax, dword [esi + 0x64] +mov edx, 0x5f5e100 +cmp eax, 0x55d4a7f +jbe short loc_fffb0b7f ; jbe 0xfffb0b7f +mov ecx, 0xf4240 xor edx, edx -and esi, 0xfff1ffff div ecx -mov ecx, esi -mov edx, 0x3a28 -and eax, 7 -shl eax, 0x11 -or ecx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb0378: ; not directly referenced -cmp byte [ebp - 0x88], 9 -je short loc_fffb0397 ; je 0xfffb0397 +imul edx, eax, 0xf4240 -loc_fffb0381: ; not directly referenced -mov al, byte [ebp - 0x88] -sub eax, 7 -cmp al, 1 -ja loc_fffb060b ; ja 0xfffb060b -jmp near loc_fffb062a ; jmp 0xfffb062a +loc_fffb0b7f: +mov dword [ebx + 0x187b], edx +jmp short loc_fffb0b91 ; jmp 0xfffb0b91 -loc_fffb0397: ; not directly referenced -cmp dword [ebp - 0xb4], 0 -je loc_fffb0463 ; je 0xfffb0463 -mov edi, dword [ebp - 0x7c] -mov al, 2 -mov ecx, edi -mov ebx, edi -cmp cl, 2 -cmovbe eax, ebx -xor ebx, ebx -imul edx, dword [ebp - 0x84], 0x13c3 -movzx eax, al -add edx, dword [ebp - 0x80] -mov dword [ebp - 0xc8], eax -mov dword [ebp - 0x98], edx +loc_fffb0b87: +mov dword [ebx + 0x187b], 0x5f5e100 -loc_fffb03d1: ; not directly referenced -mov esi, dword [ebp - 0x98] -mov eax, 1 -mov cl, bl -mov dl, bl -shl eax, cl -test byte [esi + 0x381a], al -je short loc_fffb0454 ; je 0xfffb0454 -test byte [ebp - 0x9f], al -je short loc_fffb0454 ; je 0xfffb0454 -mov eax, edx -mov edi, dword [ebp - 0xa8] -shr dl, 1 +loc_fffb0b91: +cmp byte [edi], 5 +mov dl, byte [ebx + 0x2406] +jbe short loc_fffb0bac ; jbe 0xfffb0bac +mov al, byte [esi + 0x6a] +and edx, 0xffffffbf and eax, 1 -movzx edx, dl -imul edx, edx, 0x128 -imul eax, eax, 0x18 -lea eax, [eax + edx + 0x1260] -movzx edx, byte [ebp - 0xdc] -lea edi, [edi + eax + 0xb] -mov eax, dword [ebp - 0xc8] -movzx esi, byte [ebp + eax - 0x6a] -mov ax, word [edi + 6] -push ecx -mov ecx, ebx -push 0 -and eax, 0xfffffff0 -or esi, eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 3 -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb0454 ; je 0xfffb0454 -mov word [edi + 6], si +shl eax, 6 +or edx, eax +jmp short loc_fffb0baf ; jmp 0xfffb0baf -loc_fffb0454: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffb03d1 ; jne 0xfffb03d1 -jmp near loc_fffb0381 ; jmp 0xfffb0381 +loc_fffb0bac: +or edx, 0x40 -loc_fffb0463: ; not directly referenced -cmp dword [ebp - 0xb0], 1 -mov dword [ebp - 0x98], 0 -sbb ebx, ebx -xor eax, eax -and ebx, 0xffffffe4 -sub ebx, 7 -cmp byte [ebp - 0x7c], 0 -setne al -mov ax, word [ebp + eax*2 - 0x64] -mov word [ebp - 0xc8], ax -imul eax, dword [ebp - 0x84], 0x13c3 -add eax, dword [ebp - 0x80] -mov dword [ebp - 0xd8], eax +loc_fffb0baf: +mov byte [ebx + 0x2406], dl +cmp byte [edi], 8 +jbe short loc_fffb0be8 ; jbe 0xfffb0be8 +mov eax, dword [edi + 1] +mov eax, dword [eax + 0x2b] +shr eax, 0x14 +mov dword [ebx + 0x18e1], eax +mov al, byte [esi + 0x6d] +mov byte [ebx + 0x1917], al +mov ax, word [esi + 0x6e] +mov word [ebx + 0x1918], ax +mov al, byte [esi + 0x70] +mov byte [ebx + 0x191a], al +jmp short loc_fffb0c09 ; jmp 0xfffb0c09 -loc_fffb04a4: ; not directly referenced -mov edi, dword [ebp - 0x98] -mov eax, 1 -mov ecx, edi -mov edx, edi -shl eax, cl -mov ecx, dword [ebp - 0xd8] -test byte [ecx + 0x381a], al -je short loc_fffb0523 ; je 0xfffb0523 -test byte [ebp - 0x9f], al -je short loc_fffb0523 ; je 0xfffb0523 -mov ecx, edx -mov esi, dword [ebp - 0xa8] -shr dl, 1 -and ecx, 1 -movzx edx, dl -imul ecx, ecx, 0x18 -imul edx, edx, 0x128 -lea edx, [ecx + edx + 0x1260] -mov ecx, eax -mov eax, dword [ebp - 0x80] -lea edi, [esi + edx + 0xb] -mov esi, ebx -and si, word [edi + 2] -or esi, dword [ebp - 0xc8] -push edx -push edx -movzx edx, si -push edx -mov edx, dword [ebp - 0x84] -push 1 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb0523 ; je 0xfffb0523 -mov word [edi + 2], si +loc_fffb0be8: +mov dword [ebx + 0x18e1], 4 +mov byte [ebx + 0x1917], 2 +mov word [ebx + 0x1918], 0x30ce +mov byte [ebx + 0x191a], 1 -loc_fffb0523: ; not directly referenced -inc dword [ebp - 0x98] -cmp dword [ebp - 0x98], 4 -jne loc_fffb04a4 ; jne 0xfffb04a4 -jmp near loc_fffb0381 ; jmp 0xfffb0381 +loc_fffb0c09: +cmp byte [edi], 9 +jbe loc_fffb0f0e ; jbe 0xfffb0f0e +mov al, byte [esi + 0x71] +mov byte [ebx + 0x1923], al +mov al, byte [esi + 0x72] +mov byte [ebx + 0x1924], al +mov al, byte [esi + 0x73] +mov byte [ebx + 0x1925], al +mov al, byte [esi + 0x74] +mov byte [ebx + 0x1926], al +mov eax, dword [ebx + 0x1887] +cmp eax, 0x40650 +je short loc_fffb0c4c ; je 0xfffb0c4c +cmp dword [ebx + 0x188b], 1 +jne short loc_fffb0c55 ; jne 0xfffb0c55 -loc_fffb053b: ; not directly referenced -mov esi, dword [ebp - 0xb0] -mov dword [ebp - 0xb4], 0 -cmp esi, 1 -sbb eax, eax -mov dword [ebp - 0xd8], eax -add eax, 3 -and word [ebp - 0xd8], 0x4bc -sub word [ebp - 0xd8], 0x701 -cmp esi, 1 -mov esi, dword [ebp - 0x7c] -sbb ebx, ebx -mov dword [ebp - 0xc8], ebx -mov dword [ebp - 0x98], ebx -and byte [ebp - 0xc8], 0xfe -and byte [ebp - 0x98], 0xfa -mov edx, esi -sar dx, 4 -mov ecx, esi -add byte [ebp - 0xc8], 7 -add byte [ebp - 0x98], 8 -cmp byte [ebp - 0x88], 7 -cmovne edx, ecx -cmp al, dl -cmova eax, edx -movzx eax, al -mov dword [ebp - 0xdc], eax -imul eax, dword [ebp - 0x84], 0x13c3 -add eax, dword [ebp - 0x80] -mov dword [ebp - 0xe0], eax -mov eax, esi -and eax, 0xf -mov byte [ebp - 0xe4], al - -loc_fffb05d9: ; not directly referenced -mov edi, dword [ebp - 0xb4] -mov ebx, 1 -mov esi, dword [ebp - 0xe0] -mov ecx, edi -mov eax, edi -shl ebx, cl -test byte [esi + 0x381a], bl -jne loc_fffb06ea ; jne 0xfffb06ea +loc_fffb0c4c: +mov dl, byte [esi + 0x75] +mov byte [ebx + 0x1927], dl -loc_fffb05fc: ; not directly referenced -inc dword [ebp - 0xb4] -cmp dword [ebp - 0xb4], 4 -jne short loc_fffb05d9 ; jne 0xfffb05d9 +loc_fffb0c55: +mov dl, byte [esi + 0x76] +mov byte [ebx + 0x1928], dl +mov dl, byte [esi + 0x77] +mov byte [ebx + 0x1929], dl +mov dl, byte [esi + 0x78] +mov byte [ebx + 0x192a], dl +mov dl, byte [esi + 0x79] +mov byte [ebx + 0x192b], dl +mov dl, byte [esi + 0x7a] +mov byte [ebx + 0x192c], dl +mov dl, byte [esi + 0x7b] +mov byte [ebx + 0x192e], dl +mov dl, byte [esi + 0x7c] +mov byte [ebx + 0x192d], dl +mov dl, byte [esi + 0x7d] +mov byte [ebx + 0x192f], dl +mov dl, byte [esi + 0x7e] +mov byte [ebx + 0x1930], dl +mov dl, byte [esi + 0x7f] +mov byte [ebx + 0x1931], dl +mov dl, byte [esi + 0x80] +mov byte [ebx + 0x1932], dl +mov dx, word [esi + 0x81] +mov word [ebx + 0x1933], dx +mov dl, byte [esi + 0x83] +mov byte [ebx + 0x1935], dl +mov dl, byte [esi + 0x84] +mov byte [ebx + 0x1936], dl +mov dl, byte [esi + 0x85] +mov byte [ebx + 0x1937], dl +mov dx, word [esi + 0x86] +mov word [ebx + 0x1938], dx +mov dl, byte [esi + 0x88] +mov byte [ebx + 0x193a], dl +mov dl, byte [esi + 0x89] +mov byte [ebx + 0x193b], dl +mov dl, byte [esi + 0x8a] +mov byte [ebx + 0x193c], dl +mov dl, byte [esi + 0x8b] +mov byte [ebx + 0x193d], dl +mov dl, byte [esi + 0x8c] +mov byte [ebx + 0x193e], dl +mov dl, byte [esi + 0x8d] +mov byte [ebx + 0x193f], dl +mov dl, byte [esi + 0x8e] +mov byte [ebx + 0x1940], dl +mov dl, byte [esi + 0x8f] +mov byte [ebx + 0x1941], dl +mov dl, byte [esi + 0x90] +mov byte [ebx + 0x1942], dl +mov dl, byte [esi + 0x91] +mov byte [ebx + 0x1943], dl +mov dl, byte [esi + 0x92] +mov byte [ebx + 0x1944], dl +mov dl, byte [esi + 0x93] +mov byte [ebx + 0x1945], dl +mov dl, byte [esi + 0x94] +mov byte [ebx + 0x1946], dl +mov dl, byte [esi + 0x95] +mov byte [ebx + 0x1947], dl +mov dl, byte [esi + 0x96] +mov byte [ebx + 0x1948], dl +mov dl, byte [esi + 0x97] +mov byte [ebx + 0x1949], dl +mov dl, byte [esi + 0x98] +mov byte [ebx + 0x194b], dl +mov dl, byte [esi + 0x99] +mov byte [ebx + 0x194a], dl +mov dl, byte [esi + 0xa2] +mov byte [ebx + 0x194d], dl +mov dl, byte [esi + 0xa3] +mov byte [ebx + 0x194c], dl +mov dl, byte [esi + 0x9a] +mov byte [ebx + 0x194f], dl +mov dl, byte [esi + 0x9b] +mov byte [ebx + 0x194e], dl +mov dl, byte [esi + 0xa4] +mov byte [ebx + 0x1951], dl +mov dl, byte [esi + 0xa5] +mov byte [ebx + 0x1950], dl +mov dl, byte [esi + 0x9c] +mov byte [ebx + 0x1953], dl +mov dl, byte [esi + 0x9d] +mov byte [ebx + 0x1952], dl +mov dl, byte [esi + 0xa6] +mov byte [ebx + 0x1955], dl +mov dl, byte [esi + 0xa7] +mov byte [ebx + 0x1954], dl +mov dl, byte [esi + 0x9e] +mov byte [ebx + 0x1957], dl +mov dl, byte [esi + 0x9f] +mov byte [ebx + 0x1956], dl +mov dl, byte [esi + 0xa8] +mov byte [ebx + 0x1959], dl +mov dl, byte [esi + 0xa9] +mov byte [ebx + 0x1958], dl +mov dl, byte [esi + 0xa0] +mov byte [ebx + 0x195b], dl +mov dl, byte [esi + 0xa1] +mov byte [ebx + 0x195a], dl +mov dl, byte [esi + 0xaa] +mov byte [ebx + 0x195d], dl +mov dl, byte [esi + 0xab] +mov byte [ebx + 0x195c], dl +mov dl, byte [esi + 0xac] +mov byte [ebx + 0x195e], dl +mov dx, word [esi + 0xad] +mov word [ebx + 0x195f], dx +mov dl, byte [esi + 0xaf] +mov byte [ebx + 0x1961], dl +mov dl, byte [esi + 0xb0] +mov byte [ebx + 0x1962], dl +cmp eax, 0x40650 +je short loc_fffb0ef1 ; je 0xfffb0ef1 +cmp dword [ebx + 0x188b], 1 +jne loc_fffb1045 ; jne 0xfffb1045 -loc_fffb060b: ; not directly referenced -mov al, byte [ebp - 0x88] -sub eax, 0xa -cmp al, 1 -setbe al -or al, byte [ebp - 0x9e] -jne loc_fffb07d8 ; jne 0xfffb07d8 -jmp near loc_fffb08df ; jmp 0xfffb08df +loc_fffb0ef1: +mov al, byte [esi + 0xb1] +mov byte [ebx + 0x1963], al +mov al, byte [esi + 0xb2] +mov byte [ebx + 0x1964], al +jmp near loc_fffb1045 ; jmp 0xfffb1045 -loc_fffb062a: ; not directly referenced -cmp dword [ebp - 0xb4], 0 -je loc_fffb053b ; je 0xfffb053b -mov ebx, dword [ebp - 0x7c] -mov al, 2 -cmp bl, 2 -cmovbe eax, ebx -xor ebx, ebx -imul esi, dword [ebp - 0x84], 0x13c3 -movzx eax, al -add esi, dword [ebp - 0x80] -mov dword [ebp - 0x84], eax -mov dword [ebp - 0x7c], esi +loc_fffb0f0e: +mov ecx, dword [ebx + 0x1887] +mov byte [ebx + 0x1923], 0 +mov byte [ebx + 0x1924], 0 +mov byte [ebx + 0x1925], 0 +mov byte [ebx + 0x1926], 1 +cmp ecx, 0x40650 +je short loc_fffb0f41 ; je 0xfffb0f41 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffb0f48 ; jne 0xfffb0f48 -loc_fffb065d: ; not directly referenced -mov edi, dword [ebp - 0x7c] -mov eax, 1 -mov cl, bl -mov dl, bl -shl eax, cl -test byte [edi + 0x381a], al -je short loc_fffb06db ; je 0xfffb06db -test byte [ebp - 0x9f], al -je short loc_fffb06db ; je 0xfffb06db -mov al, bl -and edx, 1 -mov ecx, dword [ebp - 0xa8] -shr al, 1 -mov esi, dword [ebp - 0x84] -movzx eax, al -imul edx, edx, 0x18 -imul eax, eax, 0x128 -movzx esi, byte [ebp + esi - 0x67] -add eax, edx -movzx edx, byte [ebp - 0xdc] -lea edi, [ecx + eax + 0x1260] -mov ax, word [edi + 0x19] -push ecx -mov ecx, ebx -push 0 -and eax, 0xfffffffc -or esi, eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 0xb -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb06db ; je 0xfffb06db -mov word [edi + 0x19], si +loc_fffb0f41: +mov byte [ebx + 0x1927], 0 -loc_fffb06db: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffb065d ; jne 0xfffb065d -jmp near loc_fffb0b28 ; jmp 0xfffb0b28 +loc_fffb0f48: +mov byte [ebx + 0x1928], 0 +lea eax, [ebx + 0x193a] +xor edx, edx +mov byte [ebx + 0x1929], 1 +mov byte [ebx + 0x192a], 0 +mov byte [ebx + 0x192c], 3 +mov byte [ebx + 0x192f], 0 +mov byte [ebx + 0x1930], 0 +mov byte [ebx + 0x1931], 0 +mov byte [ebx + 0x1932], 0 +mov word [ebx + 0x1933], 0 +mov byte [ebx + 0x1935], 0 +mov byte [ebx + 0x1936], 0 +mov byte [ebx + 0x1937], 0 +mov word [ebx + 0x1938], 0 -loc_fffb06ea: ; not directly referenced -test byte [ebp - 0x9f], bl -je loc_fffb05fc ; je 0xfffb05fc -mov edx, eax -mov edi, dword [ebp - 0xa8] -mov ecx, ebx -shr al, 1 -and edx, 1 -movzx eax, al -imul edx, edx, 0x18 -imul eax, eax, 0x128 -lea eax, [edx + eax + 0x1260] -lea edi, [edi + eax + 0xb] -mov eax, dword [ebp - 0xdc] -mov si, word [ebp + eax*2 - 0x58] -mov ax, word [edi + 4] -push edx -push edx -mov edx, dword [ebp - 0x84] -shl esi, 9 -and ah, 0xf9 -or esi, eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 2 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je short loc_fffb0759 ; je 0xfffb0759 -mov word [edi + 4], si +loc_fffb0faf: +mov byte [ebx + edx + 0x192d], 0 +inc edx +add eax, 2 +mov byte [eax - 2], 0xff +mov byte [eax + 2], 0xff +mov byte [eax + 6], 0xff +mov byte [eax + 0xa], 0xff +mov byte [eax + 0xe], 0 +mov byte [eax + 0x12], 0 +mov byte [eax + 0x16], 0 +mov byte [eax + 0x1a], 0 +mov byte [eax + 0x1e], 0 +mov byte [eax - 1], 0xff +mov byte [eax + 3], 0xff +mov byte [eax + 7], 0xff +mov byte [eax + 0xb], 0xff +mov byte [eax + 0xf], 0 +mov byte [eax + 0x13], 0 +mov byte [eax + 0x17], 0 +mov byte [eax + 0x1b], 0 +mov byte [eax + 0x1f], 0 +cmp edx, 2 +jne short loc_fffb0faf ; jne 0xfffb0faf +mov byte [ebx + 0x195e], 1 +mov word [ebx + 0x195f], 0x200 +mov byte [ebx + 0x1961], 0 +mov byte [ebx + 0x1962], 0x30 +cmp ecx, 0x40650 +je short loc_fffb1037 ; je 0xfffb1037 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffb1045 ; jne 0xfffb1045 -loc_fffb0759: ; not directly referenced -cmp byte [ebp - 0xa0], 8 -je loc_fffb05fc ; je 0xfffb05fc -mov esi, dword [ebp - 0xc8] -mov al, byte [ebp - 0xe4] -mov ecx, esi -cmp cl, al -cmova esi, eax -cmp dword [ebp - 0xb0], 0 -mov eax, esi -movzx eax, al -je short loc_fffb078e ; je 0xfffb078e -movzx eax, word [ebp + eax*2 - 0x28] -jmp short loc_fffb0793 ; jmp 0xfffb0793 +loc_fffb1037: +mov byte [ebx + 0x1963], 1 +mov byte [ebx + 0x1964], 0x40 -loc_fffb078e: ; not directly referenced -movzx eax, word [ebp + eax*2 - 0x44] +loc_fffb1045: +cmp byte [edi], 0xa +jbe short loc_fffb1070 ; jbe 0xfffb1070 +mov al, byte [esi + 0xc2] +mov byte [ebx + 0x18b7], al +mov al, byte [esi + 0xc3] +mov byte [ebx + 0x18b8], al +mov al, byte [esi + 0xc4] +mov byte [ebx + 0x2411], al +jmp short loc_fffb1085 ; jmp 0xfffb1085 -loc_fffb0793: ; not directly referenced -mov cl, byte [ebp - 0x98] -mov esi, dword [ebp - 0xd8] -and si, word [edi + 2] -mov edx, dword [ebp - 0x84] -shl eax, cl -mov ecx, ebx -or esi, eax -push eax -push eax -movzx eax, si -push eax -mov eax, dword [ebp - 0x80] -push 1 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -cmp byte [ebp - 0x9d], 0 -je loc_fffb05fc ; je 0xfffb05fc -mov word [edi + 2], si -jmp near loc_fffb05fc ; jmp 0xfffb05fc +loc_fffb1070: +mov byte [ebx + 0x18b7], 1 +mov byte [ebx + 0x18b8], 1 +mov byte [ebx + 0x2411], 0 -loc_fffb07d8: ; not directly referenced -mov ecx, dword [ebp - 0x88] -cmp cl, 0xb -sete al -movzx edi, al -setne al -movzx eax, al -lea edi, [edi*8 + 7] -lea eax, [eax*8 - 0x10] -cmp word [ebp - 0x7c], di -jg short loc_fffb080a ; jg 0xfffb080a -mov edi, dword [ebp - 0x7c] -cmp ax, di -cmovge edi, eax +loc_fffb1085: +cmp byte [edi], 0xb +mov al, byte [ebx + 0x2404] +jbe short loc_fffb10a3 ; jbe 0xfffb10a3 +mov dl, byte [esi + 0xc5] +and eax, 0xfffffff7 +and edx, 1 +shl edx, 3 +or eax, edx +jmp short loc_fffb10a6 ; jmp 0xfffb10a6 -loc_fffb080a: ; not directly referenced -mov eax, dword [ebp - 0x9c] -cmp byte [ebp - 0x88], 0xa -mov ebx, dword [eax + 0x4c] -mov esi, dword [eax + 0x50] -jne short loc_fffb0840 ; jne 0xfffb0840 -mov eax, edi -and ebx, 0xfffe01ff -and eax, 0xf -and esi, 0xfffe01ff -mov edx, eax -shl edx, 9 -shl eax, 0xd -or ebx, edx -or ebx, eax -or esi, edx -jmp short loc_fffb0856 ; jmp 0xfffb0856 +loc_fffb10a3: +or eax, 8 -loc_fffb0840: ; not directly referenced -cmp byte [ebp - 0x88], 0xb -jne short loc_fffb0858 ; jne 0xfffb0858 -mov eax, edi -and ebx, 0xffffffe0 -and eax, 0x1f -and esi, 0xffffffe0 -or ebx, eax +loc_fffb10a6: +mov byte [ebx + 0x2404], al +mov cl, byte [ebx + 0x2405] +cmp byte [edi], 0xe +jbe loc_fffb115e ; jbe 0xfffb115e +mov al, byte [esi + 0xf3] +and ecx, 0xffffffef +mov dl, cl +xor ecx, ecx +mov byte [ebx + 0x1965], al +mov al, byte [esi + 0xce] +and eax, 1 +shl eax, 4 +or edx, eax +mov byte [ebx + 0x2405], dl +mov al, byte [esi + 0xcf] +mov byte [ebx + 0x190d], al +mov al, byte [esi + 0xd1] +mov byte [ebx + 0x2420], al -loc_fffb0856: ; not directly referenced -or esi, eax +loc_fffb10fa: +mov eax, dword [esi + ecx + 0xd2] +mov edx, dword [esi + ecx + 0xd6] +mov dword [ebx + ecx + 0x2421], eax +mov dword [ebx + ecx + 0x2425], edx +add ecx, 8 +cmp ecx, 0x20 +jne short loc_fffb10fa ; jne 0xfffb10fa +mov al, byte [esi + 0xd0] +mov byte [ebx + 0x240f], al +mov al, byte [esi + 0xf4] +mov byte [ebx + 0x191b], al +mov eax, dword [esi + 0xf5] +mov dword [ebx + 0x191c], eax +mov ax, word [esi + 0xf9] +mov word [ebx + 0x1920], ax +mov al, byte [esi + 0xfb] +mov byte [ebx + 0x1922], al +jmp short loc_fffb11b5 ; jmp 0xfffb11b5 -loc_fffb0858: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb086d ; je 0xfffb086d -mov eax, dword [ebp - 0x9c] -mov dword [eax + 0x4c], ebx -mov dword [eax + 0x50], esi +loc_fffb115e: +cmp dword [ebx + 0x188b], 1 +mov al, cl +mov byte [ebx + 0x1965], 1 +mov byte [ebx + 0x190d], 0 +setne dl +and eax, 0xffffffef +shl edx, 4 +or eax, edx +mov byte [ebx + 0x2405], al +mov byte [ebx + 0x2420], 0 +mov byte [ebx + 0x240f], 1 +mov byte [ebx + 0x191b], 1 +mov dword [ebx + 0x191c], 0x320 +mov word [ebx + 0x1920], 0x118 +mov byte [ebx + 0x1922], 7 -loc_fffb086d: ; not directly referenced -mov eax, dword [ebp - 0x84] -mov ecx, ebx -shl eax, 8 -lea edx, [eax + 0x1404] -mov dword [ebp - 0x7c], eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x7c] -mov ecx, ebx -lea edx, [eax + 0x1a04] -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x7c] -mov ecx, ebx -mov ebx, dword [ebp - 0x80] -lea edx, [eax + 0x1204] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x7c] -mov ecx, esi -lea edx, [eax + 0x3414] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0xa4] -mov edx, 0x2008 -mov ecx, dword [eax + 0x18] -mov eax, ebx -or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c -mov word [ebp - 0x7c], di +loc_fffb11b5: +cmp byte [edi], 0xf +mov dl, byte [ebx + 0x2405] +jbe short loc_fffb11df ; jbe 0xfffb11df +mov al, byte [esi + 0xfc] +and edx, 0xffffffdf +mov byte [ebx + 0x2410], al +mov al, byte [esi + 0xfd] +and eax, 1 +shl eax, 5 +or edx, eax +jmp short loc_fffb11e9 ; jmp 0xfffb11e9 -loc_fffb08df: ; not directly referenced -cmp byte [ebp - 0x88], 0xf -mov al, byte [ebp - 0x9e] -sete dl -or al, dl -je loc_fffb09b9 ; je 0xfffb09b9 -mov ecx, dword [ebp - 0x7c] -mov eax, 0xfffffff8 -mov ebx, 7 -cmp cx, 0xfff8 -cmovge eax, ecx -cmp ax, 7 -cmovg eax, ebx -mov word [ebp - 0x7c], ax -mov eax, dword [ebp - 0xa4] -mov ebx, dword [eax + 0xc] -test dl, dl -je short loc_fffb096d ; je 0xfffb096d -cmp byte [ebp - 0xb8], 1 -jne short loc_fffb0955 ; jne 0xfffb0955 -mov eax, dword [ebp - 0x80] -cmp dword [eax + 0x3756], 2 -jne short loc_fffb0955 ; jne 0xfffb0955 -mov edx, 0x3a14 -call fcn_fffae52a ; call 0xfffae52a -mov esi, dword [ebp - 0x7c] -shr eax, 0x14 -and eax, 0xf -cmp si, ax -cmovge eax, esi -mov word [ebp - 0x7c], ax +loc_fffb11df: +mov byte [ebx + 0x2410], 0 +and edx, 0xffffffdf -loc_fffb0955: ; not directly referenced -mov eax, dword [ebp - 0x7c] -and ebx, 0xf00fffff -and eax, 0xf -mov edx, eax -shl edx, 0x14 -shl eax, 0x18 -or ebx, edx -or ebx, eax +loc_fffb11e9: +mov byte [ebx + 0x2405], dl +cmp byte [edi], 0x11 +jbe short loc_fffb121c ; jbe 0xfffb121c +movzx eax, byte [esi + 0xfe] +mov dword [ebx + 0x190e], eax +movzx eax, byte [esi + 0xff] +mov dword [ebx + 0x1912], eax +mov al, byte [esi + 0x100] +mov byte [ebx + 0x1916], al +jmp short loc_fffb1237 ; jmp 0xfffb1237 -loc_fffb096d: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb097f ; je 0xfffb097f -mov eax, dword [ebp - 0xa4] -mov dword [eax + 0xc], ebx +loc_fffb121c: +mov dword [ebx + 0x190e], 0 +mov dword [ebx + 0x1912], 0xe +mov byte [ebx + 0x1916], 0 -loc_fffb097f: ; not directly referenced -mov edi, dword [ebp - 0x80] -mov ecx, ebx -mov edx, 0x3a14 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -or ah, 1 -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x78 -mov eax, edi -call fcn_fffa834b ; call 0xfffa834b +loc_fffb1237: +cmp byte [edi], 0x12 +mov byte [ebp - 0x45], 0xff +jbe short loc_fffb1249 ; jbe 0xfffb1249 +mov al, byte [esi + 0x101] +mov byte [ebp - 0x45], al -loc_fffb09b9: ; not directly referenced -cmp byte [ebp - 0x88], 0xc -mov cl, byte [ebp - 0x9e] -sete al -or cl, al -je loc_fffb0b28 ; je 0xfffb0b28 -test al, al -je short loc_fffb09dd ; je 0xfffb09dd -mov bl, byte [ebp - 0x7c] -and ebx, 3 -jmp short loc_fffb09e9 ; jmp 0xfffb09e9 +loc_fffb1249: +mov dword [ebx + 0x189f], 0 +mov byte [ebx + 0x189e], 0 +mov al, byte [esi + 0xc7] +mov byte [ebx + 0x241f], al +mov al, byte [esi + 0xcc] +mov byte [ebx + 0x2441], 0 +mov byte [ebx + 0x240c], al +mov al, byte [esi + 0x11] +mov byte [ebx + 0x18b4], al +mov al, byte [esi + 0x2c] +mov byte [ebx + 0x18b6], al +mov al, byte [esi] +mov byte [ebx + 0x18b1], al +mov al, byte [edi + 0x22] +mov byte [ebx + 0x2408], al +mov eax, dword [ebx + 0x1887] +cmp eax, 0x40650 +je short loc_fffb12b6 ; je 0xfffb12b6 +cmp dword [ebx + 0x188b], 1 +jne loc_fffb1369 ; jne 0xfffb1369 -loc_fffb09dd: ; not directly referenced -mov eax, dword [ebp - 0x9c] -mov bl, byte [eax + 0xb4] +loc_fffb12b6: +mov dl, byte [esi + 0x57] +mov byte [ebx + 0x2409], dl +cmp eax, 0x40670 +je short loc_fffb12cd ; je 0xfffb12cd +mov byte [ebx + 0x240a], 0 -loc_fffb09e9: ; not directly referenced -cmp byte [ebp - 0xac], 0 -je short loc_fffb09fe ; je 0xfffb09fe -mov eax, dword [ebp - 0x9c] -mov byte [eax + 0xb4], bl +loc_fffb12cd: +cmp dword [ebx + 0x188b], 1 +jne loc_fffb1369 ; jne 0xfffb1369 +mov eax, dword [ebp - 0x30] +mov byte [ebx + 0x240b], 0 +mov eax, dword [eax + 0x80] +test eax, eax +je short loc_fffb1301 ; je 0xfffb1301 +lea edx, [ebp - 0x20] +push edx +lea edx, [ebp - 0x1c] +push edx +push 0x1b +push 1 +call eax +add esp, 0x10 +jmp short loc_fffb1308 ; jmp 0xfffb1308 -loc_fffb09fe: ; not directly referenced -mov esi, dword [ebp - 0x84] -and ebx, 3 -mov eax, dword [ebp - 0x80] -shl ebx, 0xd -shl esi, 8 -lea edi, [esi + 0x140c] -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -lea edi, [esi + 0x1a0c] -add esi, 0x121c -and ah, 0x9f -or eax, ebx -mov ecx, eax -mov eax, dword [ebp - 0x80] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x80] -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -mov edi, dword [ebp - 0x80] -and ah, 0x9f -or eax, ebx -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, esi -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, esi -and ah, 0x9f -or eax, ebx -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0xa4] -mov edx, 0x2008 -mov ecx, dword [eax + 0x18] -mov eax, edi -or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffb0b28 ; jmp 0xfffb0b28 +loc_fffb1301: +mov dword [ebp - 0x1c], 0 -loc_fffb0a8d: ; not directly referenced -cmp byte [ebp - 0x88], 1 -jne short loc_fffb0aad ; jne 0xfffb0aad -mov eax, esi -and ebx, 0xffc00fff -and eax, 0x1f -mov edx, eax -shl edx, 0xc -shl eax, 0x11 -or ebx, edx -jmp short loc_fffb0ad9 ; jmp 0xfffb0ad9 +loc_fffb1308: +cmp dword [ebp - 0x1c], 0 +je short loc_fffb1359 ; je 0xfffb1359 +mov dx, word [ebp - 0x1a] +mov ecx, 0xb +xor eax, eax +mov word [ebp - 0x2c], 0x4e20 +and edx, 0xfff +mov dword [ebp - 0x38], edx -loc_fffb0aad: ; not directly referenced -test al, al -je short loc_fffb0ac1 ; je 0xfffb0ac1 -mov eax, esi -and ebx, 0xf83fffff -and eax, 0x1f -shl eax, 0x16 -jmp short loc_fffb0ad9 ; jmp 0xfffb0ad9 +loc_fffb1328: +mov edx, dword [ebp - 0x38] +sar edx, cl +mov dword [ebp - 0x34], edx +mov edx, dword [ebp - 0x2c] +add edx, eax +test byte [ebp - 0x34], 1 +cmovne eax, edx +dec ecx +shr word [ebp - 0x2c], 1 +cmp ecx, 0xffffffff +jne short loc_fffb1328 ; jne 0xfffb1328 +mov ecx, 0xa +xor edx, edx +div cx +mov word [ebx + 0x1902], ax +jmp short loc_fffb1362 ; jmp 0xfffb1362 -loc_fffb0ac1: ; not directly referenced -cmp byte [ebp - 0x88], 2 -jne loc_fffaff90 ; jne 0xfffaff90 -mov eax, esi -and ebx, 0x7ffffff -shl eax, 0x1b +loc_fffb1359: +mov word [ebx + 0x1902], 0x352 -loc_fffb0ad9: ; not directly referenced -or ebx, eax -jmp near loc_fffaff90 ; jmp 0xfffaff90 +loc_fffb1362: +mov byte [ebx + 0x240d], 0 -loc_fffb0ae0: ; not directly referenced -cmp byte [ebp - 0xd8], 8 -jbe short loc_fffb0afd ; jbe 0xfffb0afd -mov edx, dword [ebp - 0x84] -shl edx, 8 -add edx, 0x305c -jmp near loc_fffaffa2 ; jmp 0xfffaffa2 +loc_fffb1369: +movzx eax, byte [ebp - 0x44] +lea ecx, [ebx + 0x19bb] +mov byte [ebx + 0x196a], 0 +mov dword [ebp - 0x2c], 0 +mov dword [ebp - 0x50], eax -loc_fffb0afd: ; not directly referenced -mov eax, dword [ebp - 0x84] -shl ecx, 9 -shl eax, 8 -lea edx, [eax + ecx + 0x5c] -jmp near loc_fffaffa2 ; jmp 0xfffaffa2 +loc_fffb1384: +mov edx, dword [ebp - 0x2c] +mov al, byte [ebp - 0x45] +mov byte [ebp - 0x34], dl +cmp dl, al +je short loc_fffb13de ; je 0xfffb13de +mov eax, dword [ebp - 0x2c] +mov al, byte [esi + eax + 0x2a] +cmp al, 2 +je short loc_fffb13b7 ; je 0xfffb13b7 +cmp al, 3 +je short loc_fffb13de ; je 0xfffb13de +dec al +jne short loc_fffb13ff ; jne 0xfffb13ff +mov dword [ecx - 0x48], 1 +mov dword [ecx + 0x22f], 0 +jmp short loc_fffb13c8 ; jmp 0xfffb13c8 -loc_fffb0b12: ; not directly referenced -mov word [ebp - 0x7c], 0x3f -jmp near loc_fffb0264 ; jmp 0xfffb0264 +loc_fffb13b7: +mov dword [ecx - 0x48], 0 +mov dword [ecx + 0x22f], 1 -loc_fffb0b1d: ; not directly referenced -mov word [ebp - 0x7c], 7 -jmp near loc_fffb0264 ; jmp 0xfffb0264 +loc_fffb13c8: +mov dword [ecx - 0x50], 2 +inc byte [ebx + 0x196a] +mov dword [ecx - 0x4c], 1 +jmp short loc_fffb1424 ; jmp 0xfffb1424 + +loc_fffb13de: +mov dword [ecx - 0x48], 1 +mov dword [ecx + 0x22f], 1 +mov dword [ecx - 0x50], 1 +mov dword [ecx - 0x4c], 0 +jmp short loc_fffb1424 ; jmp 0xfffb1424 + +loc_fffb13ff: +mov dword [ecx - 0x48], 0 +mov dword [ecx + 0x22f], 0 +mov dword [ecx - 0x50], 2 +inc byte [ebx + 0x196a] +mov dword [ecx - 0x4c], 2 + +loc_fffb1424: +mov edx, dword [ebp - 0x40] +push eax +imul eax, dword [ebp - 0x2c], 0xc +push 0xc +add eax, dword [edx + 0xd4] +mov dword [ebp - 0x38], ecx +push eax +lea eax, [ecx + 0x4ee] +push eax +mov eax, dword [ebp - 0x30] +call dword [eax + 0x58] ; ucall +mov edx, dword [ebp - 0x40] +add esp, 0xc +push 8 +mov ecx, dword [ebp - 0x2c] +mov eax, dword [edx + 0xd8] +lea eax, [eax + ecx*8] +mov ecx, dword [ebp - 0x38] +push eax +lea eax, [ecx + 0x4a6] +push eax +mov eax, dword [ebp - 0x30] +call dword [eax + 0x58] ; ucall +mov al, byte [ebp - 0x34] +add esp, 0x10 +mov ecx, dword [ebp - 0x38] +mov dword [ebp - 0x38], 0 +add eax, eax +mov byte [ebp - 0x47], al +mov al, byte [ebp - 0x2c] +mov dword [ebp - 0x34], ecx +and eax, 7 +mov byte [ebp - 0x46], al +shl byte [ebp - 0x46], 4 + +loc_fffb148f: +mov dword [ebp - 0x54], ecx +mov ecx, dword [ebp - 0x34] +mov edx, dword [edi + 1] +mov eax, ecx +sub eax, 0x48 +mov dword [ebp - 0x4c], eax +mov al, byte [ebp - 0x47] +add eax, dword [ebp - 0x38] +movzx eax, al +mov al, byte [edx + eax] +mov edx, dword [ebp - 0x30] +mov byte [ecx + 0x22e], al +push eax +push 3 +push ref_fffd3980 ; push 0xfffd3980 +lea eax, [ecx - 4] +push eax +call dword [edx + 0x58] ; ucall +mov ecx, dword [ebp - 0x34] +add esp, 0x10 +mov al, byte [ebp - 0x38] +mov cl, byte [ecx + 0x22e] +and eax, 0xf +test cl, cl +setne dl +or al, byte [ebp - 0x46] +mov byte [ebp - 0x48], cl +mov cl, dl +shl ecx, 7 +or eax, ecx +mov ecx, dword [ebp - 0x4c] +mov byte [ecx + 0x47], al +mov ecx, dword [ebp - 0x34] +cmp dword [ecx - 0x48], 1 +mov ecx, dword [ebp - 0x54] +ja short loc_fffb1567 ; ja 0xfffb1567 +test dl, dl +je short loc_fffb1538 ; je 0xfffb1538 +mov eax, dword [ebp - 0x44] +cmp eax, 3 +sete dl +test eax, eax +sete al +or dl, al +je short loc_fffb1567 ; je 0xfffb1567 +push edx +movzx eax, byte [ebp - 0x48] +push 0x41 +push ref_fffd3900 ; push 0xfffd3900 +push 0x3c +push ref_fffd3944 ; push 0xfffd3944 +push dword [ebp - 0x34] +mov dword [ebp - 0x4c], ecx +push eax +mov eax, dword [ebp - 0x30] +push dword [ebp - 0x50] +call dword [eax + 0x78] ; ucall +add esp, 0x20 +jmp short loc_fffb1564 ; jmp 0xfffb1564 + +loc_fffb1538: +mov dword [ebp - 0x4c], ecx +mov ecx, dword [ebp - 0x2c] +push eax +push 0x200 +mov eax, ecx +add eax, ecx +mov ecx, dword [ebp - 0x40] +add eax, dword [ebp - 0x38] +shl eax, 9 +add eax, dword [ecx + 0xd0] +push eax +mov eax, dword [ebp - 0x30] +push dword [ebp - 0x34] +call dword [eax + 0x58] ; ucall +add esp, 0x10 + +loc_fffb1564: +mov ecx, dword [ebp - 0x4c] + +loc_fffb1567: +inc dword [ebp - 0x38] +add dword [ebp - 0x34], 0x277 +cmp dword [ebp - 0x38], 2 +jne loc_fffb148f ; jne 0xfffb148f +inc dword [ebp - 0x2c] +add ecx, 0x54a +cmp dword [ebp - 0x2c], 2 +jne loc_fffb1384 ; jne 0xfffb1384 +mov eax, dword [ebp - 0x44] +mov edx, edi +cmp eax, 2 +je short loc_fffb15af ; je 0xfffb15af +cmp eax, 3 +je short loc_fffb15be ; je 0xfffb15be +dec eax +mov eax, dword [ebp - 0x3c] +jne short loc_fffb15cd ; jne 0xfffb15cd +call fcn_fffc3d1e ; call 0xfffc3d1e +mov eax, 1 +jmp short loc_fffb15d4 ; jmp 0xfffb15d4 + +loc_fffb15af: +mov eax, dword [ebp - 0x3c] +call fcn_fffc3d1e ; call 0xfffc3d1e +mov eax, 2 +jmp short loc_fffb15d4 ; jmp 0xfffb15d4 + +loc_fffb15be: +mov eax, dword [ebp - 0x3c] +call fcn_fffc3d1e ; call 0xfffc3d1e +mov eax, 3 +jmp short loc_fffb15d4 ; jmp 0xfffb15d4 + +loc_fffb15cd: +call fcn_fffc3d1e ; call 0xfffc3d1e +xor eax, eax -loc_fffb0b28: ; not directly referenced +loc_fffb15d4: lea esp, [ebp - 0xc] pop ebx pop esi @@ -22559,4124 +23200,3654 @@ pop edi pop ebp ret -fcn_fffb0b30: ; not directly referenced +fcn_fffb15dc: ; not directly referenced push ebp +mov eax, 1 mov ebp, esp -push edi +movzx ecx, byte [ebp + 0x10] push esi +movzx esi, byte [ebp + 0xc] +mov edx, dword [ebp + 8] push ebx -sub esp, 0x2c -lea esi, [eax + 0x3756] -mov dword [ebp - 0x2c], eax -mov eax, dword [eax + 0x5edc] -mov byte [ebp - 0x1f], dl -mov dword [ebp - 0x28], esi -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x1c], eax -add eax, 0x1c -mov dword [ebp - 0x30], eax -movzx eax, dl -mov dword [ebp - 0x34], eax +sub ecx, esi +shl eax, cl +mov ecx, esi +dec eax +movzx ebx, dl +shl eax, cl +lea ecx, [esi - 1] +sar ebx, cl +test ebx, ebx +je short loc_fffb160a ; je 0xfffb160a +or eax, edx +jmp short loc_fffb160e ; jmp 0xfffb160e -loc_fffb0b64: ; not directly referenced -mov eax, dword [ebp - 0x28] -cmp dword [eax], 2 -je short loc_fffb0b8b ; je 0xfffb0b8b +loc_fffb160a: ; not directly referenced +not eax +and eax, edx -loc_fffb0b6c: ; not directly referenced -inc dword [ebp - 0x24] -add dword [ebp - 0x28], 0x13c3 -add dword [ebp - 0x30], 0xcc -cmp dword [ebp - 0x24], 2 -jne short loc_fffb0b64 ; jne 0xfffb0b64 -add esp, 0x2c +loc_fffb160e: ; not directly referenced pop ebx pop esi -pop edi pop ebp ret -loc_fffb0b8b: ; not directly referenced -mov byte [ebp - 0x1c], 0 +fcn_fffb1612: ; not directly referenced +push ebp +mov ebp, esp +movzx eax, byte [ebp + 0xc] +imul eax, eax, 0x13c3 +add eax, dword [ebp + 8] +pop ebp +cmp dword [eax + 0x130b], 2 +sete al +movzx eax, al +ret -loc_fffb0b8f: ; not directly referenced -mov esi, dword [ebp - 0x2c] -mov cl, byte [ebp - 0x1c] -cmp cl, byte [esi + 0x2488] -jae short loc_fffb0b6c ; jae 0xfffb0b6c -mov esi, dword [ebp - 0x28] -movzx edx, cl -mov ebx, 0x200 -xor ecx, ecx -mov word [ebp - 0x1e], 0 -mov al, byte [esi + 0xc4] -lea esi, [esi + edx*2] +fcn_fffb1631: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x10] +mov ecx, dword [ebp + 0xc] +mov edx, dword [eax + 0xd5] +and edx, 0xfffffffd +dec edx +jne short loc_fffb164b ; jne 0xfffb164b +mov dl, byte [ecx + 0x3e] +jmp short loc_fffb1651 ; jmp 0xfffb1651 -loc_fffb0bb9: ; not directly referenced -mov edi, 1 -shl edi, cl -mov edx, edi -test al, dl -je short loc_fffb0be5 ; je 0xfffb0be5 -imul edi, ecx, 0x12 -mov dx, word [ebp - 0x1e] -movzx edi, word [esi + edi + 0x1b1] -cmp dx, di -cmovb edx, edi -cmp bx, di -mov word [ebp - 0x1e], dx -cmova ebx, edi +loc_fffb164b: ; not directly referenced +mov dl, byte [ecx + 0x82] -loc_fffb0be5: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffb0bb9 ; jne 0xfffb0bb9 -mov eax, dword [ebp - 0x2c] -mov dx, word [ebp - 0x1e] -movzx ecx, word [eax + 0x2489] -mov eax, 0x13880 -shr dx, 6 -lea edi, [edx + 1] -xor edx, edx -movzx edi, di -div ecx -mov edx, 0x80 -mov ecx, dword [ebp - 0x34] -cmp eax, 0x7f -cmova edx, eax -mov al, 6 -sub ebx, edx -mov dl, 0xfc -shr ebx, 6 -sub bl, byte [ebp - 0x1f] -cmp bl, 6 -cmovle eax, ebx -mov ebx, 7 -cmp al, 0xfc -cmovge edx, eax -movsx eax, dl -sub edi, eax -lea eax, [edi + ecx - 1] -movzx ecx, byte [ebp - 0x1c] -mov edi, dword [ebp - 0x30] -cmp eax, 7 -cmovle ebx, eax -and edx, 0xf -mov esi, edx -shl edx, 5 -lea edi, [edi + ecx*4] -mov byte [ebp - 0x1e], dl -mov dl, byte [edi + 5] +loc_fffb1651: ; not directly referenced +mov cl, dl and edx, 0x1f -or dl, byte [ebp - 0x1e] -mov byte [edi + 5], dl -mov edx, esi -shr dl, 3 -mov byte [ebp - 0x1e], dl -xor edx, edx -test ebx, ebx -cmovns edx, ebx -mov bl, dl -and ebx, 7 -lea edx, [ebx + ebx] -or dl, byte [ebp - 0x1e] -shl esi, 4 -or edx, esi -mov esi, dword [ebp - 0x2c] -mov byte [edi + 6], dl -mov dl, byte [edi + 7] -mov eax, esi -and edx, 0xfffffff8 -or edx, ebx -mov byte [edi + 7], dl -mov edx, dword [ebp - 0x24] -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [edi + 4] -mov edx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x1c] -jmp near loc_fffb0b8f ; jmp 0xfffb0b8f +shr cl, 7 +movzx ecx, cl +shl ecx, 5 +or edx, ecx +mov byte [eax + 0xf5], dl +mov eax, 1 +pop ebp +ret -fcn_fffb0cb4: ; not directly referenced +fcn_fffb166e: ; not directly referenced push ebp mov ebp, esp push edi push esi -mov esi, eax push ebx -movzx ebx, dl -sub esp, 0x2c -mov eax, dword [ebp + 0x10] -imul edx, ebx, 0x13c3 -cmp dword [ebp + 8], 0 -mov byte [ebp - 0x20], cl -mov dword [ebp - 0x2c], eax -mov cl, al -lea eax, [esi + edx + 0x3756] -mov dword [ebp - 0x1c], eax -je short loc_fffb0cec ; je 0xfffb0cec -mov al, byte [eax + 0xc4] -mov byte [ebp - 0x20], al - -loc_fffb0cec: ; not directly referenced -cmp dword [esi + 0x2480], 3 -sete byte [ebp - 0x24] -xor edi, edi -imul edx, ebx, 0x13c3 -lea eax, [esi + edx] -mov dword [ebp - 0x30], eax -movzx eax, cl -mov dword [ebp - 0x28], eax +sub esp, 0x3c +mov eax, dword [ebp + 8] +mov dword [ebp - 0x3c], 0 +mov dword [ebp - 0x20], 0 +mov edi, dword [eax + 0x1887] +mov dword [ebp - 0x2c], edi +lea edi, [eax + 0x2407] +mov dword [ebp - 0x48], edi -loc_fffb0d0b: ; not directly referenced -mov eax, dword [ebp - 0x30] -mov edx, 1 -mov ecx, edi -shl edx, cl -test byte [eax + 0x381a], dl -je short loc_fffb0d7a ; je 0xfffb0d7a -mov al, byte [ebp - 0x24] -cmp dword [ebp + 8], 0 -setne cl -xor eax, 1 -test cl, al -je short loc_fffb0d4d ; je 0xfffb0d4d -push eax -push dword [ebp - 0x28] -push dword [ebp + 0xc] -mov dword [ebp - 0x34], edx -push edx -push edx -push 0 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -mov edx, dword [ebp - 0x34] -jmp short loc_fffb0d58 ; jmp 0xfffb0d58 +loc_fffb169a: ; not directly referenced +mov edi, dword [ebp - 0x20] +mov edx, 0x4b0 +lea ecx, [edi - 2] +cmp ecx, 1 +ja short loc_fffb16cc ; ja 0xfffb16cc +cmp byte [eax + 0x374a], 0 +jne short loc_fffb16ca ; jne 0xfffb16ca -loc_fffb0d4d: ; not directly referenced -cmp dword [ebp + 8], 0 -jne short loc_fffb0d58 ; jne 0xfffb0d58 -test byte [ebp - 0x20], dl -je short loc_fffb0d7a ; je 0xfffb0d7a +loc_fffb16b3: ; not directly referenced +inc dword [ebp - 0x20] +add dword [ebp - 0x3c], 0x23 +cmp dword [ebp - 0x20], 4 +jne short loc_fffb169a ; jne 0xfffb169a +mov edx, 0xfffffffe +jmp near loc_fffb193b ; jmp 0xfffb193b -loc_fffb0d58: ; not directly referenced -mov eax, dword [ebp - 0x1c] -push ecx -push dword [ebp - 0x28] -movzx ecx, byte [eax + edi + 0x245] -add ecx, dword [ebp + 0xc] -push ecx -push 1 -push edx -push 4 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +loc_fffb16ca: ; not directly referenced +xor edx, edx -loc_fffb0d7a: ; not directly referenced -inc edi -cmp edi, 4 -jne short loc_fffb0d0b ; jne 0xfffb0d0b -movzx edi, byte [ebp - 0x2c] -mov ecx, dword [ebp - 0x1c] -push edx -mov edx, dword [ebp + 0xc] -movzx eax, byte [ebp - 0x20] -push edi -add edx, dword [ecx + 0x111] -mov dword [ebp - 0x20], eax -push edx -push 1 -push eax -push 2 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -cmp byte [ebp - 0x24], 0 -je loc_fffb0e62 ; je 0xfffb0e62 -imul edx, ebx, 0x54a -xor eax, eax -lea ecx, [edx + 0xf0] -mov dword [ebp - 0x24], ecx +loc_fffb16cc: ; not directly referenced +mov edi, dword [ebp - 0x20] +mov dword [ebp + edi*4 - 0x1c], edx +mov edi, dword [ebp - 0x3c] +lea edx, [eax + 0x1973] +mov dword [ebp - 0x30], edx +lea edx, [eax + 0x3757] +mov dword [ebp - 0x28], edx +lea ebx, [edi + 0x18b] +add edi, 0xbb +mov dword [ebp - 0x40], ebx +mov dword [ebp - 0x44], edi -loc_fffb0dc4: ; not directly referenced -cmp al, 1 -setbe cl -cmp dword [ebp + 8], 0 -setne dl -test cl, dl -je short loc_fffb0e11 ; je 0xfffb0e11 -mov ecx, dword [ebp - 0x24] -movzx edx, al -lea edx, [esi + edx + 0x186e] -cmp byte [edx + ecx + 0x54b], 0 -je short loc_fffb0e0e ; je 0xfffb0e0e -push ecx -mov edx, 1 -push edi -mov cl, al -push dword [ebp + 0xc] -shl edx, cl -mov dword [ebp - 0x28], eax -push edx -push 0 -push 0 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x28] -add esp, 0x20 +loc_fffb16fa: ; not directly referenced +mov edx, dword [ebp - 0x30] +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x38], edx -loc_fffb0e0e: ; not directly referenced -inc eax -jmp short loc_fffb0dc4 ; jmp 0xfffb0dc4 +loc_fffb1707: ; not directly referenced +mov ebx, dword [ebp - 0x28] +mov edi, dword [ebp - 0x24] +cmp dword [ebx + edi + 0x1173], 2 +jne loc_fffb1901 ; jne 0xfffb1901 +mov edi, dword [ebp - 0x20] +cmp edi, 1 +je loc_fffb17c7 ; je 0xfffb17c7 +jb loc_fffb17d5 ; jb 0xfffb17d5 +cmp edi, 3 +ja loc_fffb17d5 ; ja 0xfffb17d5 +mov edx, ebx +mov ebx, dword [ebp - 0x24] +cmp edi, 2 +mov dl, byte [edx + ebx + 0x1269] +jne short loc_fffb1754 ; jne 0xfffb1754 +and dl, 1 +jne short loc_fffb175f ; jne 0xfffb175f +xor di, di +jmp near loc_fffb18f1 ; jmp 0xfffb18f1 -loc_fffb0e11: ; not directly referenced -mov eax, dword [ebp - 0x1c] -push edx -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x109] -push edx -push 1 -push dword [ebp - 0x20] -push 3 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x1c] -add esp, 0x1c -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x115] -push edx -push 2 -push dword [ebp - 0x20] -push 2 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x1c] -add esp, 0x1c -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x11d] -push edx -push 2 -jmp short loc_fffb0e73 ; jmp 0xfffb0e73 +loc_fffb1754: ; not directly referenced +xor edi, edi +and dl, 2 +je loc_fffb18f1 ; je 0xfffb18f1 -loc_fffb0e62: ; not directly referenced -push eax -mov eax, dword [ebp - 0x1c] -mov edx, dword [ebp + 0xc] -push edi -add edx, dword [eax + 0x119] -push edx -push 1 +loc_fffb175f: ; not directly referenced +mov edi, dword [ebp - 0x28] +mov edx, dword [ebp - 0x24] +mov ecx, dword [ebp - 0x44] +mov ebx, dword [ebp - 0x40] +mov edx, dword [edi + edx + 0x1248] +mov edi, dword [ebp - 0x38] +and edx, 0xfffffffd +add ebx, edi +add ecx, edi +dec edx +mov edx, 0x3e7 +cmovne ecx, ebx +mov edi, 0x672 +mov cl, byte [ecx] +mov ebx, ecx +and ebx, 0x1f +imul ebx, ebx, 0x32 +cmp ebx, 0x3e7 +cmovbe edx, ebx +mov ebx, 0x4b0 +shr cl, 5 +and ecx, 3 +imul ecx, ecx, 0x3e8 +add edx, ecx +cmp edx, 0x4b0 +cmovae ebx, edx +cmp ebx, 0x672 +cmovbe edi, ebx +jmp near loc_fffb18f1 ; jmp 0xfffb18f1 -loc_fffb0e73: ; not directly referenced -push dword [ebp - 0x20] -push 1 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -lea esp, [ebp - 0xc] +loc_fffb17c7: ; not directly referenced +mov edi, dword [eax + 0x18a3] +test edi, edi +jne loc_fffb18f1 ; jne 0xfffb18f1 + +loc_fffb17d5: ; not directly referenced +mov edi, dword [ebp - 0x24] +mov ebx, dword [ebp - 0x28] +mov edx, dword [ebx + edi + 0x1248] +mov edi, 0x4b0 +and edx, 0xfffffffd +dec edx +jne loc_fffb18f1 ; jne 0xfffb18f1 +mov edx, dword [ebp - 0x38] +mov edi, dword [ebp - 0x2c] +mov cl, byte [edx + 0x4e] +mov dl, cl +mov bl, cl +and edx, 1 +shr bl, 1 +xor edx, 1 +shr cl, 2 +mov byte [ebp - 0x31], bl +mov byte [ebp - 0x32], cl +and byte [ebp - 0x31], 1 +and byte [ebp - 0x32], 1 +cmp edi, 0x40650 +je short loc_fffb184b ; je 0xfffb184b +cmp edi, 0x40660 +sete bl +cmp edi, 0x306c0 +sete cl +or bl, cl +jne short loc_fffb184b ; jne 0xfffb184b +cmp edi, 0x40670 +sete bl +cmp edi, 0x306d0 +sete cl +or bl, cl +je short loc_fffb1890 ; je 0xfffb1890 + +loc_fffb184b: ; not directly referenced +mov bl, byte [ebp - 0x32] +and esi, 0xfffffff9 +mov cl, byte [ebp - 0x31] +and ebx, 1 +add ebx, ebx +and ecx, 1 +shl ecx, 2 +or esi, ebx +or esi, ecx +and esi, 0xfffffff7 +lea ecx, [edx*8] +or esi, ecx +mov ecx, esi +and ecx, 4 +cmp cl, 1 +sbb edi, edi +and edi, 0x96 +add edi, 0x546 +cmp dword [ebp - 0x2c], 0x40650 +jne short loc_fffb1895 ; jne 0xfffb1895 +jmp short loc_fffb18ae ; jmp 0xfffb18ae + +loc_fffb1890: ; not directly referenced +mov edi, 0x5dc + +loc_fffb1895: ; not directly referenced +mov ecx, dword [ebp - 0x2c] +cmp ecx, 0x40670 +sete bl +cmp ecx, 0x306d0 +sete cl +or bl, cl +je short loc_fffb18dc ; je 0xfffb18dc + +loc_fffb18ae: ; not directly referenced +mov cl, byte [ebp - 0x32] +and esi, 0xfffffff9 +mov bl, byte [ebp - 0x31] +shl edx, 3 +and ecx, 1 +add ecx, ecx +and ebx, 1 +shl ebx, 2 +or esi, ecx +or esi, ebx +and esi, 0xfffffff7 +or esi, edx +mov edx, 0x4b0 +test esi, 2 +cmovne edi, edx + +loc_fffb18dc: ; not directly referenced +cmp dword [ebp - 0x20], 0 +jne short loc_fffb18f1 ; jne 0xfffb18f1 +cmp dword [eax + 0x187f], 1 +mov ebx, 0x5dc +cmove edi, ebx + +loc_fffb18f1: ; not directly referenced +mov ebx, dword [ebp - 0x20] +mov edx, dword [ebp + ebx*4 - 0x1c] +cmp edi, edx +cmovb edi, edx +mov dword [ebp + ebx*4 - 0x1c], edi + +loc_fffb1901: ; not directly referenced +add dword [ebp - 0x24], 0x128 +add dword [ebp - 0x38], 0x277 +cmp dword [ebp - 0x24], 0x250 +jne loc_fffb1707 ; jne 0xfffb1707 +add dword [ebp - 0x30], 0x54a +mov edi, dword [ebp - 0x48] +add dword [ebp - 0x28], 0x13c3 +cmp dword [ebp - 0x30], edi +jne loc_fffb16fa ; jne 0xfffb16fa +jmp near loc_fffb16b3 ; jmp 0xfffb16b3 + +loc_fffb193b: ; not directly referenced +cmp edx, 1 +ja short loc_fffb1949 ; ja 0xfffb1949 +cmp byte [eax + 0x374a], 0 +je short loc_fffb1970 ; je 0xfffb1970 + +loc_fffb1949: ; not directly referenced +mov ecx, dword [ebp + edx*4 - 0x14] +mov dword [eax + edx*4 + 0x373e], ecx +mov dword [eax + edx*4 + 0x498e], ecx +mov dword [eax + edx*4 + 0x4ab6], ecx +mov dword [eax + edx*4 + 0x5d51], ecx +mov dword [eax + edx*4 + 0x5e79], ecx + +loc_fffb1970: ; not directly referenced +inc edx +cmp edx, 2 +jne short loc_fffb193b ; jne 0xfffb193b +add esp, 0x3c +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb0e8a: ; not directly referenced +fcn_fffb1983: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi -xor esi, esi push ebx -mov ebx, eax -sub esp, 0x2c -mov edi, dword [eax + 0x2443] -call dword [edi + 0x54] ; ucall -add eax, 0x2710 -mov dword [ebp - 0x2c], eax +sub esp, 0x34 +mov edi, dword [ebp + 8] -loc_fffb0ea8: ; not directly referenced -imul eax, esi, 0x13c3 -mov dword [ebp + esi*4 - 0x28], 0 -cmp dword [ebx + eax + 0x3756], 2 -jne short loc_fffb0f12 ; jne 0xfffb0f12 -cmp dword [ebx + 0x188b], 0 -je short loc_fffb0f12 ; je 0xfffb0f12 -xor ecx, ecx -mov edx, esi -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov edx, eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebp + esi*4 - 0x20], eax -test eax, 0x1000000 -je short loc_fffb0f12 ; je 0xfffb0f12 -and eax, 0xfeffffff -mov ecx, 0xff +loc_fffb1991: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb19b8 ; ja 0xfffb19b8 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb19b8 ; jne 0xfffb19b8 + +loc_fffb19a2: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb1991 ; jne 0xfffb1991 +lea eax, [edi + 0x48d2] +mov ecx, 0xfffffffe +jmp near loc_fffb1af5 ; jmp 0xfffb1af5 + +loc_fffb19b8: ; not directly referenced +xor edx, edx +cmp ecx, 1 +lea esi, [edi + 0x49c0] +setbe dl +mov dword [ebp - 0x2c], esi +imul eax, eax, 0x23 +imul esi, ecx, 0x2e +lea ebx, [ecx*8 - 0x1269] +mov dword [ebp + ecx*4 - 0x1c], edx +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x34], esi +mov dword [ebp - 0x40], ebx mov dword [ebp - 0x30], eax -mov edx, esi -mov eax, ebx -mov dword [ebp + esi*4 - 0x28], 1 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebp - 0x30] -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -loc_fffb0f12: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffb0ea8 ; jne 0xfffb0ea8 -mov edx, 0x5030 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5030 -or eax, 0x800000 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffb19ea: ; not directly referenced +mov eax, dword [ebp - 0x40] +mov ebx, dword [ebp - 0x2c] +mov dword [ebp - 0x28], 0 +add eax, ebx +mov dword [ebp - 0x3c], eax +mov eax, dword [ebp - 0x24] +lea esi, [edi + eax + 0x1973] -loc_fffb0f37: ; not directly referenced -mov edx, 0x5030 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -shr eax, 0x10 -test al, al -jns short loc_fffb0f59 ; jns 0xfffb0f59 -call dword [edi + 0x54] ; ucall -cmp dword [ebp - 0x2c], eax -ja short loc_fffb0f37 ; ja 0xfffb0f37 -mov edi, 1 -jmp short loc_fffb0f5b ; jmp 0xfffb0f5b +loc_fffb1a06: ; not directly referenced +cmp dword [ebx - 0xf6], 2 +jne loc_fffb1abb ; jne 0xfffb1abb +mov eax, dword [ebp - 0x34] +mov edx, dword [ebp - 0x28] +mov eax, dword [ebx + eax - 0xf2] +mov dword [ebp - 0x20], eax +mov eax, dword [ebp - 0x3c] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x38], eax +cmp ecx, 1 +je short loc_fffb1a92 ; je 0xfffb1a92 +jb short loc_fffb1aa9 ; jb 0xfffb1aa9 +cmp ecx, 3 +ja short loc_fffb1aa9 ; ja 0xfffb1aa9 +cmp ecx, 2 +mov dl, byte [ebx] +jne short loc_fffb1a4c ; jne 0xfffb1a4c +and dl, 1 +jne short loc_fffb1a53 ; jne 0xfffb1a53 +xor eax, eax +jmp short loc_fffb1aae ; jmp 0xfffb1aae -loc_fffb0f59: ; not directly referenced -xor edi, edi +loc_fffb1a4c: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffb1aae ; je 0xfffb1aae -loc_fffb0f5b: ; not directly referenced -xor esi, esi +loc_fffb1a53: ; not directly referenced +mov eax, dword [ebx - 0x21] +and eax, 0xfffffffd +dec eax +mov eax, dword [ebp - 0x30] +jne short loc_fffb1a69 ; jne 0xfffb1a69 +movzx edx, byte [esi + eax + 0x118] +jmp short loc_fffb1a71 ; jmp 0xfffb1a71 -loc_fffb0f5d: ; not directly referenced -cmp dword [ebp + esi*4 - 0x28], 0 -je short loc_fffb0f7f ; je 0xfffb0f7f -mov ecx, 0xff -mov edx, esi -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebp + esi*4 - 0x20] -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffb1a69: ; not directly referenced +movzx edx, byte [esi + eax + 0x1e8] -loc_fffb0f7f: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffb0f5d ; jne 0xfffb0f5d -mov eax, edi -add esp, 0x2c -neg eax +loc_fffb1a71: ; not directly referenced +xor eax, eax +cmp dword [ebp - 0x20], 0 +je short loc_fffb1aae ; je 0xfffb1aae +imul edx, dword [ebp - 0x38] +mov eax, dword [ebp - 0x20] +lea eax, [eax + edx - 1] +xor edx, edx +div dword [ebp - 0x20] +mov edx, 2 +test eax, eax +jmp short loc_fffb1aa4 ; jmp 0xfffb1aa4 + +loc_fffb1a92: ; not directly referenced +mov dx, word [esi + 0x24c] +movzx eax, dx +test dx, dx +mov edx, 1 + +loc_fffb1aa4: ; not directly referenced +cmove eax, edx +jmp short loc_fffb1aae ; jmp 0xfffb1aae + +loc_fffb1aa9: ; not directly referenced +mov eax, 1 + +loc_fffb1aae: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax + +loc_fffb1abb: ; not directly referenced +add dword [ebp - 0x28], 0x20 +add ebx, 0x128 +add esi, 0x277 +cmp dword [ebp - 0x28], 0x40 +jne loc_fffb1a06 ; jne 0xfffb1a06 +add dword [ebp - 0x24], 0x54a +add dword [ebp - 0x2c], 0x13c3 +cmp dword [ebp - 0x24], 0xa94 +jne loc_fffb19ea ; jne 0xfffb19ea +jmp near loc_fffb19a2 ; jmp 0xfffb19a2 + +loc_fffb1af5: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb1b03 ; ja 0xfffb1b03 +cmp byte [edi + 0x374a], 0 +je short loc_fffb1b2d ; je 0xfffb1b2d + +loc_fffb1b03: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb1b2d: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb1af5 ; jne 0xfffb1af5 +add esp, 0x34 +mov eax, 1 pop ebx -and eax, 0x12 pop esi pop edi pop ebp ret -fcn_fffb0f94: ; not directly referenced +fcn_fffb1b43: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi -mov edi, eax push esi push ebx -add esp, 0xffffff80 -mov al, byte [ebp + 0xc] -mov ebx, dword [edi + 0x2443] -push 1 -mov esi, dword [edi + 0x5edc] -push 8 -mov byte [ebp - 0x6a], al -mov eax, dword [edi + 0x188b] -mov dword [ebp - 0x64], edx -mov dword [ebp - 0x54], ecx -mov byte [ebp - 0x50], dl -mov dword [ebp - 0x78], eax -lea eax, [ebp - 0x38] -push eax -mov byte [ebp - 0x4e], cl -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 8 -lea eax, [ebp - 0x30] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 9 -push 8 -lea eax, [ebp - 0x28] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x20] -push eax -call dword [ebx + 0x64] ; ucall -add esp, 0x10 -cmp byte [ebp - 0x54], 1 -jne short loc_fffb1029 ; jne 0xfffb1029 -mov byte [ebp - 0x35], 0xa -mov byte [ebp - 0x36], 0x13 -mov byte [ebp - 0x37], 0x19 -mov byte [ebp - 0x38], 0x19 -mov byte [ebp - 0x2d], 0xa -mov byte [ebp - 0x2e], 0xa -mov byte [ebp - 0x25], 0x3f -mov byte [ebp - 0x26], 0x3f -jmp near loc_fffb10b1 ; jmp 0xfffb10b1 +sub esp, 0x24 +mov edi, dword [ebp + 8] -loc_fffb1029: ; not directly referenced -mov eax, dword [ebp - 0x54] -cmp al, 2 -je short loc_fffb10ab ; je 0xfffb10ab -cmp al, 5 -jne short loc_fffb103a ; jne 0xfffb103a +loc_fffb1b51: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb1b78 ; ja 0xfffb1b78 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb1b78 ; jne 0xfffb1b78 -loc_fffb1034: ; not directly referenced -mov byte [ebp - 0x4d], 8 -jmp short loc_fffb10b5 ; jmp 0xfffb10b5 +loc_fffb1b62: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb1b51 ; jne 0xfffb1b51 +lea eax, [edi + 0x48fa] +mov ecx, 0xfffffffe +jmp near loc_fffb1c43 ; jmp 0xfffb1c43 -loc_fffb103a: ; not directly referenced -mov eax, dword [ebp - 0x54] -cmp al, 6 -je short loc_fffb10b1 ; je 0xfffb10b1 -cmp al, 9 -jne short loc_fffb106c ; jne 0xfffb106c -mov ebx, dword [ebp - 0x64] -movzx eax, bl -and bl, 1 -je short loc_fffb1059 ; je 0xfffb1059 -mov edx, dword [esi + 0xbc] -mov dword [ebp - 0x20], edx +loc_fffb1b78: ; not directly referenced +lea eax, [edi + 0x48ca] +mov dword [ebp - 0x28], eax +imul eax, ecx, 0x2e +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +mov dword [ebp - 0x2c], eax -loc_fffb1059: ; not directly referenced -mov byte [ebp - 0x4d], 2 -test al, 2 -je short loc_fffb10b5 ; je 0xfffb10b5 -mov eax, dword [esi + 0x188] -mov dword [ebp - 0x1c], eax -jmp short loc_fffb10b5 ; jmp 0xfffb10b5 +loc_fffb1b96: ; not directly referenced +mov eax, dword [ebp - 0x20] +mov ebx, dword [ebp - 0x28] +mov dword [ebp - 0x24], 0 +lea eax, [edi + eax + 0x196b] +mov dword [ebp - 0x30], eax -loc_fffb106c: ; not directly referenced -cmp byte [ebp - 0x54], 0xa -mov byte [ebp - 0x4d], 1 -jne short loc_fffb10b5 ; jne 0xfffb10b5 -mov eax, dword [ebp - 0x64] -movzx edx, al -test al, 1 -je short loc_fffb1092 ; je 0xfffb1092 -mov eax, dword [esi + 0xbc] -mov dword [ebp - 0x20], eax -shr eax, 0xf -and eax, 0xf -mov byte [ebp - 0x3a], al +loc_fffb1bad: ; not directly referenced +cmp dword [ebx], 2 +jne short loc_fffb1c0d ; jne 0xfffb1c0d +mov eax, dword [ebp - 0x2c] +mov esi, dword [ebx + eax + 4] +cmp ecx, 1 +je short loc_fffb1bc9 ; je 0xfffb1bc9 +jb short loc_fffb1bdc ; jb 0xfffb1bdc +xor eax, eax +cmp ecx, 3 +jbe short loc_fffb1bf5 ; jbe 0xfffb1bf5 +jmp short loc_fffb1bdc ; jmp 0xfffb1bdc -loc_fffb1092: ; not directly referenced -and dl, 2 -je short loc_fffb1034 ; je 0xfffb1034 -mov eax, dword [esi + 0x188] -mov dword [ebp - 0x1c], eax -shr eax, 0xf -and eax, 0xf -mov byte [ebp - 0x39], al -jmp short loc_fffb1034 ; jmp 0xfffb1034 +loc_fffb1bc9: ; not directly referenced +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x24] +movzx eax, word [eax + edx + 0x27a] +test ax, ax +jne short loc_fffb1bf5 ; jne 0xfffb1bf5 -loc_fffb10ab: ; not directly referenced -mov byte [ebp - 0x4d], 7 -jmp short loc_fffb10b5 ; jmp 0xfffb10b5 +loc_fffb1bdc: ; not directly referenced +xor eax, eax +cmp dword [ebx + 0xd5], 2 +jne short loc_fffb1bf5 ; jne 0xfffb1bf5 +test esi, esi +je short loc_fffb1bf5 ; je 0xfffb1bf5 +lea eax, [esi + 0x26259f] +xor edx, edx +div esi -loc_fffb10b1: ; not directly referenced -mov byte [ebp - 0x4d], 4 - -loc_fffb10b5: ; not directly referenced -movzx eax, byte [ebp - 0x50] -mov dword [ebp - 0x4c], 0 -mov byte [ebp - 0x69], 0 -mov dword [ebp - 0x68], eax -movzx eax, byte [ebp - 0x4d] -mov dword [ebp - 0x80], eax +loc_fffb1bf5: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, 4 +mov esi, 4 +cmova eax, esi +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb10ce: ; not directly referenced -mov ebx, dword [ebp - 0x4c] -mov byte [ebp - 0x4f], bl -mov bl, byte [ebp + ebx - 0x38] -movzx eax, bl -dec eax -call fcn_fffaec34 ; call 0xfffaec34 -cmp bl, 0x1f -jbe short loc_fffb112f ; jbe 0xfffb112f -mov ebx, dword [ebp - 0x4c] -mov byte [ebp + ebx - 0x38], al +loc_fffb1c0d: ; not directly referenced +add dword [ebp - 0x24], 0x277 +add ebx, 0x128 +cmp dword [ebp - 0x24], 0x4ee +jne short loc_fffb1bad ; jne 0xfffb1bad +add dword [ebp - 0x20], 0x54a +add dword [ebp - 0x28], 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffb1b96 ; jne 0xfffb1b96 +jmp near loc_fffb1b62 ; jmp 0xfffb1b62 -loc_fffb10ed: ; not directly referenced -mov cl, byte [ebp - 0x4f] -mov dword [ebp - 0x58], 0x4004 -mov dword [ebp - 0x60], 0x4917 -mov al, cl -shl eax, 4 -add eax, ecx -cmp cl, 4 -movzx eax, al -mov dword [ebp - 0x7c], eax -sbb eax, eax -xor ebx, ebx -and eax, 0x1f -mov dword [ebp - 0x70], eax -mov al, cl -and eax, 3 -mov byte [ebp - 0x6b], al -add eax, 4 -or dword [ebp - 0x70], 0x80 -mov byte [ebp - 0x6c], al -jmp short loc_fffb113b ; jmp 0xfffb113b +loc_fffb1c43: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb1c51 ; ja 0xfffb1c51 +cmp byte [edi + 0x374a], 0 +je short loc_fffb1c7b ; je 0xfffb1c7b -loc_fffb112f: ; not directly referenced -mov eax, dword [ebp - 0x4c] -add ebx, 0x20 -mov byte [ebp + eax - 0x38], bl -jmp short loc_fffb10ed ; jmp 0xfffb10ed +loc_fffb1c51: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx -loc_fffb113b: ; not directly referenced -mov eax, dword [ebp - 0x68] -bt eax, ebx -jae loc_fffb12f7 ; jae 0xfffb12f7 -mov eax, dword [ebp - 0x58] -lea edx, [eax + 0x94] -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -shr eax, 0xc -and eax, 1 -cmp byte [ebp - 0x4e], 1 -mov byte [ebp - 0x69], al -jne short loc_fffb11d6 ; jne 0xfffb11d6 -mov edx, dword [ebp - 0x4c] -mov dword [ebp - 0x5c], ebx -movzx ecx, byte [ebp + edx - 0x30] -movzx eax, byte [ebp + edx - 0x28] -mov dl, byte [ebp + edx - 0x38] -and ecx, 0x3f -and eax, 0x3f -shl eax, 0x10 -mov ebx, edx -shl ecx, 8 -and ebx, 0x1f -or ecx, eax -mov eax, dword [ebp - 0x58] -shr dl, 5 -or ecx, ebx -and edx, 1 -shl edx, 5 -or ecx, edx -lea edx, [eax + 0x1fc] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x4c] +loc_fffb1c7b: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb1c43 ; jne 0xfffb1c43 +add esp, 0x24 mov eax, 1 -mov ecx, dword [ebp + 8] -mov ebx, dword [ebp - 0x5c] -movzx ecx, byte [ecx + edx] -lea edx, [ebx*4 + 0x4980] -shl eax, cl -cmp dword [ebp - 0x78], 1 -lea ecx, [edx + 0x20] -cmove edx, ecx -mov ecx, eax -jmp near loc_fffb1273 ; jmp 0xfffb1273 +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb11d6: ; not directly referenced -cmp byte [ebp - 0x4e], 2 -jne short loc_fffb11f6 ; jne 0xfffb11f6 -sub esp, 0xc -mov ecx, dword [ebp - 0x80] -mov edx, ebx -push dword [ebp - 0x4c] -mov eax, edi -call fcn_fffaa3c8 ; call 0xfffaa3c8 -add esp, 0x10 -jmp near loc_fffb12f7 ; jmp 0xfffb12f7 +fcn_fffb1c91: ; not directly referenced +push ebp +xor ecx, ecx +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x24 +mov edi, dword [ebp + 8] -loc_fffb11f6: ; not directly referenced -mov al, byte [ebp - 0x4e] -sub eax, 5 -cmp al, 1 -ja short loc_fffb127c ; ja 0xfffb127c -mov eax, dword [ebp - 0x60] -mov ecx, dword [ebp - 0x7c] -lea edx, [eax - 0x6c] -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -cmp byte [ebp - 0x4e], 5 -jne short loc_fffb122f ; jne 0xfffb122f -mov cl, byte [ebp - 0x4f] -cmp cl, 7 -setne al -test cl, cl -setne cl -movzx ecx, cl -mov dword [ebp - 0x5c], ecx -and dword [ebp - 0x5c], eax -jmp short loc_fffb123b ; jmp 0xfffb123b +loc_fffb1c9f: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb1cc6 ; ja 0xfffb1cc6 +cmp byte [edi + 0x374a], 0 +jne short loc_fffb1cc6 ; jne 0xfffb1cc6 -loc_fffb122f: ; not directly referenced -xor eax, eax -test byte [ebp - 0x4f], 0xfd -setne al -mov dword [ebp - 0x5c], eax +loc_fffb1cb0: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb1c9f ; jne 0xfffb1c9f +lea eax, [edi + 0x48f8] +mov ecx, 0xfffffffe +jmp near loc_fffb1d91 ; jmp 0xfffb1d91 -loc_fffb123b: ; not directly referenced -mov edx, dword [ebp - 0x60] -mov eax, edx -sub eax, 7 -mov dword [ebp - 0x74], eax -mov al, byte [ebp - 0x5c] -lea ecx, [eax - 0x80] -mov eax, edi -movzx ecx, cl -call fcn_fffae566 ; call 0xfffae566 -mov edx, dword [ebp - 0x74] -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x5c] -mov edx, dword [ebp - 0x74] -sub ecx, 0xffffff80 -shl ecx, 0xc -and eax, 0xfff00fff -or ecx, eax +loc_fffb1cc6: ; not directly referenced +lea eax, [edi + 0x48ca] +mov dword [ebp - 0x28], eax +imul eax, ecx, 0x2e +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +mov dword [ebp - 0x2c], eax -loc_fffb1273: ; not directly referenced -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb12f7 ; jmp 0xfffb12f7 +loc_fffb1ce4: ; not directly referenced +mov eax, dword [ebp - 0x20] +mov ebx, dword [ebp - 0x28] +mov dword [ebp - 0x24], 0 +lea eax, [edi + eax + 0x196b] +mov dword [ebp - 0x30], eax -loc_fffb127c: ; not directly referenced -cmp byte [ebp - 0x4e], 9 -jne short loc_fffb12a7 ; jne 0xfffb12a7 -cmp byte [ebp - 0x4f], 1 -mov al, byte [ebp + ebx*4 - 0x1f] -sbb edx, edx -add edx, 5 -and edx, 7 -and eax, 0xffffff8f -shl edx, 4 -or eax, edx -mov edx, dword [ebp - 0x58] -mov byte [ebp + ebx*4 - 0x1f], al -mov ecx, dword [ebp + ebx*4 - 0x20] -jmp short loc_fffb1273 ; jmp 0xfffb1273 +loc_fffb1cfb: ; not directly referenced +cmp dword [ebx], 2 +jne short loc_fffb1d5b ; jne 0xfffb1d5b +mov eax, dword [ebp - 0x2c] +mov esi, dword [ebx + eax + 4] +cmp ecx, 1 +je short loc_fffb1d17 ; je 0xfffb1d17 +jb short loc_fffb1d2a ; jb 0xfffb1d2a +xor eax, eax +cmp ecx, 3 +jbe short loc_fffb1d43 ; jbe 0xfffb1d43 +jmp short loc_fffb1d2a ; jmp 0xfffb1d2a -loc_fffb12a7: ; not directly referenced -cmp byte [ebp - 0x4e], 0xa -jne short loc_fffb12f7 ; jne 0xfffb12f7 -mov dl, byte [ebp - 0x6c] -mov al, byte [ebp + ebx*4 - 0x1f] -and edx, 7 -shl edx, 4 -and eax, 0xffffff8f -or eax, edx -mov byte [ebp + ebx*4 - 0x1f], al -mov al, byte [ebp - 0x6b] -add al, byte [ebp + ebx - 0x3a] -mov ecx, dword [ebp + ebx*4 - 0x20] -and eax, 0xf -shl eax, 0xf -and ecx, 0xfff87fff -or ecx, eax -mov eax, edi -mov dword [ebp + ebx*4 - 0x20], ecx -mov edx, dword [ebp - 0x58] -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp - 0x70] -mov eax, edi -mov edx, dword [ebp - 0x60] -call fcn_fffae566 ; call 0xfffae566 +loc_fffb1d17: ; not directly referenced +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x24] +movzx eax, word [eax + edx + 0x27a] +test ax, ax +jne short loc_fffb1d43 ; jne 0xfffb1d43 -loc_fffb12f7: ; not directly referenced -inc ebx -add dword [ebp - 0x60], 8 -add dword [ebp - 0x58], 0x400 -cmp ebx, 2 -jne loc_fffb113b ; jne 0xfffb113b -mov eax, edi -call fcn_fffb0e8a ; call 0xfffb0e8a -mov ecx, 1 -cmp byte [ebp - 0x4f], 0 -sete dl -cmp byte [ebp - 0x6a], 0 -setne al -test dl, al -mov eax, 5 -cmovne ecx, eax -mov edx, 0x4800 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffb1d2a: ; not directly referenced +xor eax, eax +cmp dword [ebx + 0xd5], 2 +jne short loc_fffb1d43 ; jne 0xfffb1d43 +test esi, esi +je short loc_fffb1d43 ; je 0xfffb1d43 +lea eax, [esi + 0x7270df] +xor edx, edx +div esi -loc_fffb133c: ; not directly referenced -mov edx, 0x4804 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov cl, byte [ebp - 0x50] -mov edx, eax -mov ebx, eax -shr edx, 0x10 -shr eax, 0x10 -and edx, 2 -and eax, 1 -or eax, edx -and eax, ecx -cmp al, cl -jne short loc_fffb133c ; jne 0xfffb133c -mov edx, ebx -mov al, bl -and edx, 2 -and eax, 1 -or eax, edx -test cl, al -je short loc_fffb1379 ; je 0xfffb1379 -cmp byte [ebp - 0x69], 0 -jne short loc_fffb13c2 ; jne 0xfffb13c2 +loc_fffb1d43: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, 0xb +mov esi, 0xb +cmova eax, esi +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb1379: ; not directly referenced -inc dword [ebp - 0x4c] -mov al, byte [ebp - 0x4c] -cmp byte [ebp - 0x4d], al -ja loc_fffb10ce ; ja 0xfffb10ce -mov al, byte [ebp - 0x54] -sub eax, 9 -cmp al, 1 -ja short loc_fffb13c2 ; ja 0xfffb13c2 -test byte [ebp - 0x68], 1 -je short loc_fffb13aa ; je 0xfffb13aa -mov ecx, dword [esi + 0xbc] -mov edx, 0x4004 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffb1d5b: ; not directly referenced +add dword [ebp - 0x24], 0x277 +add ebx, 0x128 +cmp dword [ebp - 0x24], 0x4ee +jne short loc_fffb1cfb ; jne 0xfffb1cfb +add dword [ebp - 0x20], 0x54a +add dword [ebp - 0x28], 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffb1ce4 ; jne 0xfffb1ce4 +jmp near loc_fffb1cb0 ; jmp 0xfffb1cb0 -loc_fffb13aa: ; not directly referenced -test byte [ebp - 0x68], 2 -je short loc_fffb13c2 ; je 0xfffb13c2 -mov ecx, dword [esi + 0x188] -mov edx, 0x4404 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffb1d91: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb1d9f ; ja 0xfffb1d9f +cmp byte [edi + 0x374a], 0 +je short loc_fffb1dc9 ; je 0xfffb1dc9 -loc_fffb13c2: ; not directly referenced -mov al, byte [ebp - 0x64] -lea esp, [ebp - 0xc] -and eax, ebx +loc_fffb1d9f: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb1dc9: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb1d91 ; jne 0xfffb1d91 +add esp, 0x24 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb13cf: ; not directly referenced +fcn_fffb1ddf: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi -mov edi, edx push esi push ebx -mov ebx, eax -sub esp, 0xc -mov eax, dword [eax + 0x5edc] -mov esi, dword [ebx + 0x1887] -mov dword [ebp - 0x14], edx -mov dword [ebp - 0x10], ecx -mov edx, dword [eax + 4] +sub esp, 0x30 + +loc_fffb1dea: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb1e16 ; ja 0xfffb1e16 +mov edi, dword [ebp + 8] +cmp byte [edi + 0x374a], 0 +jne short loc_fffb1e16 ; jne 0xfffb1e16 + +loc_fffb1dfe: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb1dea ; jne 0xfffb1dea +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48f6 +jmp near loc_fffb1f37 ; jmp 0xfffb1f37 + +loc_fffb1e16: ; not directly referenced +mov edi, dword [ebp + 8] +imul esi, ecx, 0x2e +imul eax, eax, 0x23 +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x24], 0 +lea ebx, [edi + 0x49c0] +mov dword [ebp - 0x2c], ebx +lea ebx, [ecx*8 - 0x1269] +mov dword [ebp - 0x30], esi +mov dword [ebp - 0x38], ebx +mov dword [ebp - 0x3c], eax + +loc_fffb1e47: ; not directly referenced +mov eax, dword [ebp - 0x38] +mov esi, dword [ebp - 0x2c] +mov edi, dword [ebp - 0x24] +mov dword [ebp - 0x20], 0 +add eax, esi +mov dword [ebp - 0x34], eax +mov eax, dword [ebp + 8] +lea edi, [eax + edi + 0x1973] + +loc_fffb1e66: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffb1efd ; jne 0xfffb1efd +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x20] +mov ebx, dword [esi + eax - 0xf2] +mov eax, dword [ebp - 0x34] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x28], eax +cmp ecx, 1 +je short loc_fffb1ec3 ; je 0xfffb1ec3 +jb short loc_fffb1ecf ; jb 0xfffb1ecf +cmp ecx, 3 +ja short loc_fffb1ecf ; ja 0xfffb1ecf +cmp ecx, 2 +mov dl, byte [esi] +jne short loc_fffb1ea9 ; jne 0xfffb1ea9 +and dl, 1 +jne short loc_fffb1eb0 ; jne 0xfffb1eb0 xor eax, eax +jmp short loc_fffb1ee5 ; jmp 0xfffb1ee5 -loc_fffb13f3: ; not directly referenced -lea ecx, [edx + eax] -mov dword [ebp - 0x18], ecx -mov ecx, edi -cmp cl, byte [edx + eax] -jne short loc_fffb140d ; jne 0xfffb140d -mov eax, dword [ebp - 0x10] -mov edi, dword [ebp - 0x18] -mov ax, word [edi + eax*2 + 1] -jmp short loc_fffb1417 ; jmp 0xfffb1417 +loc_fffb1ea9: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffb1ee5 ; je 0xfffb1ee5 -loc_fffb140d: ; not directly referenced -add eax, 7 -cmp eax, 0x4d -jne short loc_fffb13f3 ; jne 0xfffb13f3 -xor al, al +loc_fffb1eb0: ; not directly referenced +mov eax, dword [ebp - 0x3c] +movzx edx, byte [edi + eax + 0x115] +xor eax, eax +test ebx, ebx +je short loc_fffb1ee5 ; je 0xfffb1ee5 +jmp short loc_fffb1ed9 ; jmp 0xfffb1ed9 -loc_fffb1417: ; not directly referenced -cmp esi, 0x306d0 -sete cl -cmp esi, 0x40650 -sete dl -or cl, dl -je short loc_fffb1472 ; je 0xfffb1472 -cmp dword [ebx + 0x2480], 1 -jne short loc_fffb1472 ; jne 0xfffb1472 -cmp byte [ebp - 0x14], 5 -sete cl -cmp byte [ebp - 0x10], 2 -setne dl -test cl, dl -je short loc_fffb1472 ; je 0xfffb1472 -cmp dword [ebx + 0x3756], 2 -jne short loc_fffb145a ; jne 0xfffb145a -cmp byte [ebx + 0x49be], 5 -je short loc_fffb146c ; je 0xfffb146c - -loc_fffb145a: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffb14ab ; jne 0xfffb14ab -cmp byte [ebx + 0x5d81], 5 -jne short loc_fffb14ab ; jne 0xfffb14ab - -loc_fffb146c: ; not directly referenced -add ax, 0xc8 -jmp short loc_fffb14ab ; jmp 0xfffb14ab +loc_fffb1ec3: ; not directly referenced +movzx eax, word [edi + 0x270] +test ax, ax +jne short loc_fffb1ee5 ; jne 0xfffb1ee5 -loc_fffb1472: ; not directly referenced -cmp dword [ebx + 0x188b], 1 -jne short loc_fffb14ab ; jne 0xfffb14ab -cmp dword [ebx + 0x2480], 1 -jne short loc_fffb14ab ; jne 0xfffb14ab -mov edi, dword [ebp - 0x10] -cmp byte [ebp - 0x14], 0xc -mov ebx, edi -sete cl -cmp bl, 2 -setne dl -test cl, dl -je short loc_fffb14ab ; je 0xfffb14ab -dec bl -mov edx, 0x78 -mov ecx, 0x50 -cmovne edx, ecx -add eax, edx +loc_fffb1ecf: ; not directly referenced +xor eax, eax +test ebx, ebx +je short loc_fffb1ee5 ; je 0xfffb1ee5 +movzx edx, byte [edi + 0x62] -loc_fffb14ab: ; not directly referenced -add esp, 0xc +loc_fffb1ed9: ; not directly referenced +imul edx, dword [ebp - 0x28] +lea eax, [ebx + edx - 1] +xor edx, edx +div ebx + +loc_fffb1ee5: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, 0xa +mov ebx, 0xa +cmova eax, ebx +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax + +loc_fffb1efd: ; not directly referenced +add dword [ebp - 0x20], 0x20 +add esi, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x20], 0x40 +jne loc_fffb1e66 ; jne 0xfffb1e66 +add dword [ebp - 0x24], 0x54a +add dword [ebp - 0x2c], 0x13c3 +cmp dword [ebp - 0x24], 0xa94 +jne loc_fffb1e47 ; jne 0xfffb1e47 +jmp near loc_fffb1dfe ; jmp 0xfffb1dfe + +loc_fffb1f37: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb1f48 ; ja 0xfffb1f48 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je short loc_fffb1f72 ; je 0xfffb1f72 + +loc_fffb1f48: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb1f72: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb1f37 ; jne 0xfffb1f37 +add esp, 0x30 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb14b3: ; not directly referenced -push ebp -movzx edx, dl -mov ebp, esp -push ebx -push ebx -cmp dword [eax + 0x2480], 2 -push 0 -push dword [ebp + 8] -sete bl -shl ebx, 3 -movzx ebx, bl -push ecx -mov ecx, 0xf -push ebx -call fcn_fffafb06 ; call 0xfffafb06 -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffb14e1: ; not directly referenced +fcn_fffb1f88: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi -mov esi, eax push ebx -sub esp, 0x3c -test dl, dl -setne bl -xor eax, eax -imul edi, dword [esi + 0x18a7], 0x2e -and ebx, 1 -lea edx, [esi + 0x374e] -shl ebx, 8 -mov byte [ebp - 0x2d], 0 -mov dword [ebp - 0x3c], edx -mov dword [ebp - 0x40], edi - -loc_fffb1510: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x2d], 1 -setbe dl -test cl, dl -je loc_fffb16e7 ; je 0xfffb16e7 -movzx eax, byte [ebp - 0x2d] -mov dword [ebp - 0x34], eax -imul eax, eax, 0x13c3 -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffb16d1 ; jne 0xfffb16d1 -mov edx, dword [ebp - 0x3c] -lea eax, [edx + eax + 8] -mov dword [ebp - 0x2c], eax -add eax, dword [ebp - 0x40] -mov cx, word [eax + 0x2a] -add eax, 0x20 -movzx edi, word [eax - 0x16] -mov ax, word [eax + 8] -cmp cx, 0xc -setne dl -cmp cx, 0xa -mov word [ebp - 0x38], ax -setne al -test dl, al -je short loc_fffb159f ; je 0xfffb159f -cmp cx, 0x10 -setne dl -cmp cx, 0xe -setne al -test dl, al -je short loc_fffb159f ; je 0xfffb159f -cmp cx, 0x14 -setne dl -cmp cx, 0x12 -setne al -test dl, al -je short loc_fffb159f ; je 0xfffb159f -cmp cx, 0x18 -jne loc_fffb16db ; jne 0xfffb16db +sub esp, 0x30 +mov dword [ebp - 0x20], 0x10 -loc_fffb159f: ; not directly referenced -movzx eax, word [ebp - 0x38] -add eax, eax -mov edx, eax -mov dword [ebp - 0x38], eax -movzx eax, cx -cmp edx, eax -jne loc_fffb16e2 ; jne 0xfffb16e2 -cmp di, 0x10 -ja short loc_fffb15c4 ; ja 0xfffb15c4 -xor eax, eax -test di, 1 -jne short loc_fffb15d3 ; jne 0xfffb15d3 +loc_fffb1f9a: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb1fb2 ; ja 0xfffb1fb2 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je loc_fffb2107 ; je 0xfffb2107 -loc_fffb15c4: ; not directly referenced -mov eax, edi -and eax, 0xfffffffb -cmp ax, 0x12 -setne al -movzx eax, al +loc_fffb1fb2: ; not directly referenced +imul esi, ecx, 0x2e +imul eax, eax, 0x23 +lea edi, [ecx*8 + 0x3757] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x30], esi +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x38], edi +mov dword [ebp - 0x3c], eax -loc_fffb15d3: ; not directly referenced -shl eax, 2 -and ebx, 0xfffffffb -or ebx, eax -cmp di, 0x10 -ja short loc_fffb15f9 ; ja 0xfffb15f9 -lea eax, [edi - 9] -mov edi, 2 -cdq -and ebx, 0xffffff8f -idiv edi -and eax, 7 -shl eax, 4 -or ebx, eax -jmp short loc_fffb160a ; jmp 0xfffb160a +loc_fffb1fd7: ; not directly referenced +mov edi, dword [ebp - 0x24] +mov esi, dword [ebp - 0x38] +mov dword [ebp - 0x28], 0 +imul eax, edi, 0x13c3 +imul edx, edi, 0x54a +mov edi, dword [ebp + 8] +lea ebx, [esi + eax] +mov esi, dword [ebp + 8] +add ebx, dword [ebp + 8] +lea edi, [edi + edx + 0x1973] +mov dword [ebp - 0x34], ebx +lea esi, [esi + eax + 0x49c0] -loc_fffb15f9: ; not directly referenced -sub edi, 2 -and ebx, 0xffffff8f -sar edi, 2 -and edi, 7 -shl edi, 4 -or ebx, edi +loc_fffb200d: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffb20e0 ; jne 0xfffb20e0 +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x28] +mov ebx, dword [esi + eax - 0xf2] +mov eax, dword [ebp - 0x34] +mov eax, dword [eax + edx + 0xc9] +mov edx, dword [esi - 0x21] +mov dword [ebp - 0x2c], eax +mov eax, 0x18 +cmp edx, 2 +cmovne eax, dword [ebp - 0x20] +mov dword [ebp - 0x20], eax +cmp ecx, 1 +je short loc_fffb2084 ; je 0xfffb2084 +jb short loc_fffb2090 ; jb 0xfffb2090 +cmp ecx, 3 +ja short loc_fffb2090 ; ja 0xfffb2090 +cmp ecx, 2 +mov dl, byte [esi] +jne short loc_fffb2062 ; jne 0xfffb2062 +and dl, 1 +jne short loc_fffb2069 ; jne 0xfffb2069 +xor eax, eax +jmp short loc_fffb20be ; jmp 0xfffb20be -loc_fffb160a: ; not directly referenced -cmp cx, 0x14 -ja loc_fffb16bf ; ja 0xfffb16bf -mov eax, dword [ebp - 0x38] -mov ecx, 2 -and bh, 0xf1 -sub eax, 0xa -cdq -idiv ecx -and eax, 7 -shl eax, 9 -or ebx, eax +loc_fffb2062: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffb20be ; je 0xfffb20be -loc_fffb162d: ; not directly referenced -imul eax, dword [ebp - 0x34], 0x13c3 -test byte [esi + eax + 0x381a], 1 -je short loc_fffb166a ; je 0xfffb166a -cmp byte [esi + 0x247b], 0 -jne short loc_fffb165e ; jne 0xfffb165e -mov eax, dword [ebp - 0x2c] -mov word [eax + 0x126b], bx -mov word [eax + 0x1283], bx +loc_fffb2069: ; not directly referenced +mov eax, dword [ebp - 0x3c] +movzx edx, byte [edi + eax + 0x109] +xor eax, eax +test ebx, ebx +je short loc_fffb20be ; je 0xfffb20be +imul edx, dword [ebp - 0x2c] +lea eax, [ebx + edx - 1] +jmp short loc_fffb20a7 ; jmp 0xfffb20a7 -loc_fffb1658: ; not directly referenced -mov word [ebp - 0x1c], bx -jmp short loc_fffb166a ; jmp 0xfffb166a +loc_fffb2084: ; not directly referenced +movzx eax, word [edi + 0x26e] +test ax, ax +jne short loc_fffb20be ; jne 0xfffb20be -loc_fffb165e: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov bx, word [eax + 0x126b] -jmp short loc_fffb1658 ; jmp 0xfffb1658 +loc_fffb2090: ; not directly referenced +xor eax, eax +test ebx, ebx +je short loc_fffb20be ; je 0xfffb20be +movzx eax, byte [edi + 0x59] +cmp edx, 2 +je short loc_fffb20ad ; je 0xfffb20ad +imul eax, dword [ebp - 0x2c] +lea eax, [ebx + eax - 1] -loc_fffb166a: ; not directly referenced -imul eax, dword [ebp - 0x34], 0x13c3 -test byte [esi + eax + 0x381a], 4 -je short loc_fffb16a7 ; je 0xfffb16a7 -cmp byte [esi + 0x247b], 0 -jne short loc_fffb169b ; jne 0xfffb169b -mov eax, dword [ebp - 0x2c] -mov word [eax + 0x1393], bx -mov word [eax + 0x13ab], bx +loc_fffb20a7: ; not directly referenced +xor edx, edx +div ebx +jmp short loc_fffb20be ; jmp 0xfffb20be -loc_fffb1695: ; not directly referenced -mov word [ebp - 0x1a], bx -jmp short loc_fffb16a7 ; jmp 0xfffb16a7 +loc_fffb20ad: ; not directly referenced +xor edx, edx +mov eax, 0xe4e1c0 +div ebx +lea edx, [eax + 1] +test al, 1 +cmovne eax, edx -loc_fffb169b: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov bx, word [eax + 0x1393] -jmp short loc_fffb1695 ; jmp 0xfffb1695 +loc_fffb20be: ; not directly referenced +mov edx, eax +and edx, 0xfffffff9 +cmp edx, 9 +jne short loc_fffb20cb ; jne 0xfffb20cb +inc eax +jmp short loc_fffb20d3 ; jmp 0xfffb20d3 -loc_fffb16a7: ; not directly referenced -mov edx, dword [ebp - 0x34] -sub esp, 0xc -xor ecx, ecx -lea eax, [ebp - 0x1c] -push eax -mov eax, esi -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffb16d3 ; jmp 0xfffb16d3 +loc_fffb20cb: ; not directly referenced +mov ebx, dword [ebp - 0x20] +cmp eax, ebx +cmova eax, ebx -loc_fffb16bf: ; not directly referenced -shl ecx, 7 -and bh, 0xf1 -and cx, 0xe00 -or ebx, ecx -jmp near loc_fffb162d ; jmp 0xfffb162d +loc_fffb20d3: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb16d1: ; not directly referenced -xor eax, eax +loc_fffb20e0: ; not directly referenced +add dword [ebp - 0x28], 0x20 +add esi, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x28], 0x40 +jne loc_fffb200d ; jne 0xfffb200d +inc dword [ebp - 0x24] +cmp dword [ebp - 0x24], 2 +jne loc_fffb1fd7 ; jne 0xfffb1fd7 -loc_fffb16d3: ; not directly referenced -inc byte [ebp - 0x2d] -jmp near loc_fffb1510 ; jmp 0xfffb1510 +loc_fffb2107: ; not directly referenced +inc ecx +cmp ecx, 4 +jne loc_fffb1f9a ; jne 0xfffb1f9a +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48f4 -loc_fffb16db: ; not directly referenced -mov eax, 0xd -jmp short loc_fffb16e7 ; jmp 0xfffb16e7 +loc_fffb211e: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb212f ; ja 0xfffb212f +mov edi, dword [ebp + 8] +cmp byte [edi + 0x374a], 0 +je short loc_fffb2159 ; je 0xfffb2159 -loc_fffb16e2: ; not directly referenced -mov eax, 0x1d +loc_fffb212f: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx -loc_fffb16e7: ; not directly referenced -lea esp, [ebp - 0xc] +loc_fffb2159: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb211e ; jne 0xfffb211e +add esp, 0x30 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb16ef: ; not directly referenced +fcn_fffb216f: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi push ebx -mov ebx, 0x100 -sub esp, 0x90 -mov esi, dword [ebp + 8] -lea edx, [ebp - 0x44] -mov dword [ebp - 0x48], 1 -mov eax, dword [esi + 0x2443] -push 0 -push 0x2c -push edx -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -cmp dword [esi + 0x3756], 2 -jne short loc_fffb1753 ; jne 0xfffb1753 -xor edi, edi - -loc_fffb1729: ; not directly referenced -mov eax, edi -cmp al, byte [esi + 0x2488] -jae short loc_fffb1753 ; jae 0xfffb1753 -movzx eax, al -and ebx, 0xffffff80 -mov edx, eax -inc edi -and edx, 0x7f -or ebx, edx -mov ecx, ebx -lea edx, [eax*4 + 0x40f0] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb1729 ; jmp 0xfffb1729 - -loc_fffb1753: ; not directly referenced -xor edi, edi -cmp dword [esi + 0x4b19], 2 -je short loc_fffb1769 ; je 0xfffb1769 - -loc_fffb175e: ; not directly referenced -mov byte [ebp - 0x65], 0 -xor edi, edi -jmp near loc_fffb1900 ; jmp 0xfffb1900 - -loc_fffb1769: ; not directly referenced -mov eax, edi -cmp al, byte [esi + 0x2488] -jae short loc_fffb175e ; jae 0xfffb175e -mov eax, edi -and ebx, 0xffffff80 -movzx eax, al -inc edi -mov edx, eax -and edx, 0x7f -or ebx, edx -mov ecx, ebx -lea edx, [eax*4 + 0x44f0] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb1769 ; jmp 0xfffb1769 - -loc_fffb1795: ; not directly referenced -mov cl, byte [ebp - 0x65] -xor edi, edi -mov dword [ebp - 0x5c], 1 -shl dword [ebp - 0x5c], cl -movzx eax, cl -mov dword [ebp - 0x7c], eax -mov al, byte [ebp - 0x5c] -test byte [esi + 0x248d], al -je loc_fffb18fd ; je 0xfffb18fd -mov ecx, dword [ebp - 0x5c] -xor edx, edx -mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 -mov ecx, dword [ebp - 0x5c] -mov edx, 1 -mov byte [ebp - 0x4a], 0 -mov bl, al -mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 -imul ecx, dword [ebp - 0x7c], 0x18 -mov byte [ebp - 0x49], 0 -mov dword [ebp - 0x80], 0 -mov dword [ebp - 0x8c], ecx -lea ecx, [esi + ecx + 0x49c1] -or eax, ebx -movzx eax, al -mov dword [ebp - 0x90], ecx -mov dword [ebp - 0x64], eax +sub esp, 0x30 +mov dword [ebp - 0x20], 0xf -loc_fffb1804: ; not directly referenced -mov ecx, dword [ebp - 0x7c] -lea eax, [ebp - 0x48] -push ebx -push ebx -mov ebx, edi -push eax -mov eax, esi -push 1 -xor edi, edi -lea edx, [ebp - 0x44] -call fcn_fffaa9ed ; call 0xfffaa9ed -mov cl, byte [ebp - 0x80] -add esp, 0x10 -mov eax, dword [ebp - 0x90] -mov dword [ebp - 0x84], 1 -shl dword [ebp - 0x84], cl -mov dword [ebp - 0x60], eax +loc_fffb2181: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb2199 ; ja 0xfffb2199 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je loc_fffb22ed ; je 0xfffb22ed -loc_fffb183c: ; not directly referenced -mov eax, dword [ebp - 0x64] -bt eax, edi -jb loc_fffb1919 ; jb 0xfffb1919 +loc_fffb2199: ; not directly referenced +imul esi, ecx, 0x2e +imul eax, eax, 0x23 +lea edi, [ecx*8 + 0x3757] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x30], esi +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x38], edi +mov dword [ebp - 0x3c], eax -loc_fffb1848: ; not directly referenced -inc edi -add dword [ebp - 0x60], 0x13c3 -cmp edi, 2 -jne short loc_fffb183c ; jne 0xfffb183c -mov edx, dword [ebp - 0x64] -mov eax, esi -call fcn_fffae670 ; call 0xfffae670 -test eax, eax -mov edi, eax -lea eax, [esi + 0x49ba] -cmove edi, ebx -mov dword [ebp - 0x84], eax -mov eax, dword [ebp - 0x8c] -xor ebx, ebx -add eax, 7 -mov dword [ebp - 0x94], eax +loc_fffb21be: ; not directly referenced +mov edi, dword [ebp - 0x24] +mov esi, dword [ebp - 0x38] +mov dword [ebp - 0x28], 0 +imul eax, edi, 0x13c3 +imul edx, edi, 0x54a +mov edi, dword [ebp + 8] +lea ebx, [esi + eax] +mov esi, dword [ebp + 8] +add ebx, dword [ebp + 8] +lea edi, [edi + edx + 0x1973] +mov dword [ebp - 0x34], ebx +lea esi, [esi + eax + 0x49c0] -loc_fffb1883: ; not directly referenced -mov eax, dword [ebp - 0x64] -bt eax, ebx -jae short loc_fffb18bc ; jae 0xfffb18bc -mov eax, ebx -shl eax, 0xa -add eax, 0x4114 -mov dword [ebp - 0x88], eax -mov byte [ebp - 0x60], 0 -mov byte [ebp - 0x78], 0 +loc_fffb21f4: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffb22c6 ; jne 0xfffb22c6 +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x28] +mov ebx, dword [esi + eax - 0xf2] +mov eax, dword [ebp - 0x34] +mov eax, dword [eax + edx + 0xc9] +mov edx, dword [esi - 0x21] +mov dword [ebp - 0x2c], eax +mov eax, 0xc +cmp edx, 2 +cmovne eax, dword [ebp - 0x20] +mov dword [ebp - 0x20], eax +cmp ecx, 1 +je short loc_fffb226b ; je 0xfffb226b +jb short loc_fffb2277 ; jb 0xfffb2277 +cmp ecx, 3 +ja short loc_fffb2277 ; ja 0xfffb2277 +cmp ecx, 2 +mov dl, byte [esi] +jne short loc_fffb2249 ; jne 0xfffb2249 +and dl, 1 +jne short loc_fffb2250 ; jne 0xfffb2250 +xor eax, eax +jmp short loc_fffb22b1 ; jmp 0xfffb22b1 -loc_fffb18a3: ; not directly referenced -mov al, byte [ebp - 0x78] -cmp al, byte [esi + 0x2488] -jb loc_fffb19ab ; jb 0xfffb19ab -cmp byte [ebp - 0x60], 0 -jne loc_fffb19ed ; jne 0xfffb19ed +loc_fffb2249: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffb22b1 ; je 0xfffb22b1 -loc_fffb18bc: ; not directly referenced -inc ebx -add dword [ebp - 0x84], 0x13c3 -cmp ebx, 2 -jne short loc_fffb1883 ; jne 0xfffb1883 -inc dword [ebp - 0x80] -cmp dword [ebp - 0x80], 8 -jne loc_fffb1804 ; jne 0xfffb1804 -test byte [ebp - 0x64], 1 -je short loc_fffb18eb ; je 0xfffb18eb -cmp byte [ebp - 0x4a], 0xff -mov eax, 0x1f -cmovne edi, eax +loc_fffb2250: ; not directly referenced +mov eax, dword [ebp - 0x3c] +movzx edx, byte [edi + eax + 0x111] +xor eax, eax +test ebx, ebx +je short loc_fffb22b1 ; je 0xfffb22b1 +imul edx, dword [ebp - 0x2c] +lea eax, [ebx + edx - 1] +jmp short loc_fffb228e ; jmp 0xfffb228e -loc_fffb18eb: ; not directly referenced -test byte [ebp - 0x64], 2 -je short loc_fffb18fd ; je 0xfffb18fd -cmp byte [ebp - 0x49], 0xff -mov eax, 0x1f -cmovne edi, eax +loc_fffb226b: ; not directly referenced +movzx eax, word [edi + 0x26c] +test ax, ax +jne short loc_fffb22b1 ; jne 0xfffb22b1 -loc_fffb18fd: ; not directly referenced -inc byte [ebp - 0x65] +loc_fffb2277: ; not directly referenced +xor eax, eax +test ebx, ebx +je short loc_fffb22b1 ; je 0xfffb22b1 +movzx eax, byte [edi + 0x63] +cmp edx, 2 +je short loc_fffb2294 ; je 0xfffb2294 +imul eax, dword [ebp - 0x2c] +lea eax, [ebx + eax - 1] -loc_fffb1900: ; not directly referenced -test edi, edi -sete dl -cmp byte [ebp - 0x65], 1 -setbe al -test dl, al -jne loc_fffb1795 ; jne 0xfffb1795 -jmp near loc_fffb1a4d ; jmp 0xfffb1a4d +loc_fffb228e: ; not directly referenced +xor edx, edx +div ebx +jmp short loc_fffb22b1 ; jmp 0xfffb22b1 -loc_fffb1919: ; not directly referenced -cmp byte [ebp + edi - 0x4a], 0xff -je loc_fffb1848 ; je 0xfffb1848 -mov eax, dword [ebp - 0x60] -mov edx, edi -mov cx, word [eax + 6] -push eax -push eax -mov word [ebp - 0x78], cx -mov ecx, dword [ebp - 0x5c] -or word [ebp - 0x78], 0x10 -movzx eax, word [ebp - 0x78] -push eax -mov eax, esi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0xc -mov ecx, dword [ebp - 0x7c] -mov edx, edi -test eax, eax -cmovne ebx, eax -mov eax, dword [ebp - 0x60] -mov ax, word [eax] -push dword [ebp - 0x84] -and eax, 0xfffc -push 0 -or eax, 2 -push eax -mov eax, esi -call fcn_fffaa285 ; call 0xfffaa285 -pop edx -mov edx, edi -pop ecx -mov ecx, dword [ebp - 0x5c] -test eax, eax -cmovne ebx, eax -mov eax, dword [ebp - 0x78] -mov dword [ebp - 0x88], ebx -and eax, 0xffef -push eax -mov eax, esi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 +loc_fffb2294: ; not directly referenced +mov eax, 0x7270e0 +xor edx, edx +div ebx mov ebx, eax -test eax, eax -cmove ebx, dword [ebp - 0x88] -jmp near loc_fffb1848 ; jmp 0xfffb1848 - -loc_fffb19ab: ; not directly referenced -mov dl, byte [ebp - 0x78] -movzx eax, byte [ebp + ebx - 0x4a] -movzx ecx, dl -bt eax, edx -jb short loc_fffb19e5 ; jb 0xfffb19e5 -mov eax, dword [ebp - 0x88] -mov dword [ebp - 0x98], ecx -lea edx, [eax + ecx*4] -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x98] -test eax, eax -je short loc_fffb19e5 ; je 0xfffb19e5 -mov eax, 1 -shl eax, cl -or byte [ebp - 0x60], al - -loc_fffb19e5: ; not directly referenced -inc byte [ebp - 0x78] -jmp near loc_fffb18a3 ; jmp 0xfffb18a3 +mov eax, 5 +cmp ebx, 4 +jbe short loc_fffb22b1 ; jbe 0xfffb22b1 +cmp ebx, 0xb +mov al, 0xc +cmovne eax, ebx -loc_fffb19ed: ; not directly referenced -movzx eax, byte [ebp - 0x60] -call fcn_fffaeba2 ; call 0xfffaeba2 -mov ecx, dword [ebp - 0x84] -cmp byte [ecx], 8 -movzx eax, al -jne short loc_fffb1a07 ; jne 0xfffb1a07 -dec eax -jmp short loc_fffb1a0a ; jmp 0xfffb1a0a +loc_fffb22b1: ; not directly referenced +mov ebx, dword [ebp - 0x20] +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, ebx +cmova eax, ebx +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb1a07: ; not directly referenced -cmp eax, 2 +loc_fffb22c6: ; not directly referenced +add dword [ebp - 0x28], 0x20 +add esi, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x28], 0x40 +jne loc_fffb21f4 ; jne 0xfffb21f4 +inc dword [ebp - 0x24] +cmp dword [ebp - 0x24], 2 +jne loc_fffb21be ; jne 0xfffb21be -loc_fffb1a0a: ; not directly referenced -sete al -mov edx, dword [ebp - 0x94] -movzx eax, al -test eax, eax -mov eax, 0x1f -cmove edi, eax -mov al, byte [ebp - 0x60] -add edx, dword [ebp - 0x84] -or byte [ebp + ebx - 0x4a], al -xor eax, eax +loc_fffb22ed: ; not directly referenced +inc ecx +cmp ecx, 4 +jne loc_fffb2181 ; jne 0xfffb2181 +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48f2 -loc_fffb1a2f: ; not directly referenced -cmp byte [edx + eax + 0x10], 0 -jne short loc_fffb1a42 ; jne 0xfffb1a42 -mov cl, byte [ebp - 0x60] -mov byte [edx + eax + 0x10], cl -jmp near loc_fffb18bc ; jmp 0xfffb18bc +loc_fffb2304: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb2315 ; ja 0xfffb2315 +mov edi, dword [ebp + 8] +cmp byte [edi + 0x374a], 0 +je short loc_fffb233f ; je 0xfffb233f -loc_fffb1a42: ; not directly referenced -inc eax -cmp eax, 8 -jne short loc_fffb1a2f ; jne 0xfffb1a2f -jmp near loc_fffb18bc ; jmp 0xfffb18bc +loc_fffb2315: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx -loc_fffb1a4d: ; not directly referenced -mov cl, byte [esi + 0x247b] -xor edx, edx -mov eax, esi -mov byte [esi + 0x247b], 1 -mov dword [ebp - 0x5c], ecx -call fcn_fffb14e1 ; call 0xfffb14e1 -mov ecx, dword [ebp - 0x5c] -mov byte [esi + 0x247b], cl -test eax, eax -mov ebx, eax -mov eax, esi -cmove ebx, edi -call fcn_fffb0e8a ; call 0xfffb0e8a -lea esp, [ebp - 0xc] -mov eax, ebx +loc_fffb233f: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb2304 ; jne 0xfffb2304 +add esp, 0x30 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb1a87: ; not directly referenced +fcn_fffb2355: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi push ebx -mov ebx, eax -lea esi, [ebx + 0x374e] -sub esp, 0x3c -xor eax, eax -mov byte [ebp - 0x2b], 0 -mov dword [ebp - 0x40], esi +sub esp, 0x34 -loc_fffb1aa1: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x2b], 1 -setbe dl -test cl, dl -je loc_fffb1be5 ; je 0xfffb1be5 -movzx eax, byte [ebp - 0x2b] -imul edx, eax, 0x13c3 -mov dword [ebp - 0x34], eax -lea eax, [ebx + edx] -cmp dword [eax + 0x3756], 2 -jne loc_fffb1bd6 ; jne 0xfffb1bd6 -mov esi, dword [ebp - 0x40] -mov dword [ebp - 0x30], 0 -mov dword [ebp - 0x3c], eax -lea esi, [esi + edx + 8] -mov dword [ebp - 0x38], esi -xor esi, esi +loc_fffb2360: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb238c ; ja 0xfffb238c +mov eax, dword [ebp + 8] +cmp byte [eax + 0x374a], 0 +jne short loc_fffb238c ; jne 0xfffb238c -loc_fffb1ae8: ; not directly referenced -mov edi, dword [ebp - 0x30] -mov eax, edi -mov ecx, edi -mov edi, dword [ebp - 0x3c] -mov byte [ebp - 0x2c], al -mov eax, 1 -shl eax, cl -test byte [edi + 0x381a], al -je loc_fffb1bad ; je 0xfffb1bad -cmp byte [ebx + 0x247b], 0 -je short loc_fffb1b2b ; je 0xfffb1b2b -mov al, cl -mov edx, dword [ebp - 0x38] -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -mov si, word [edx + eax + 0x126d] -jmp short loc_fffb1ba0 ; jmp 0xfffb1ba0 +loc_fffb2374: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb2360 ; jne 0xfffb2360 +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48f0 +jmp near loc_fffb24b1 ; jmp 0xfffb24b1 -loc_fffb1b2b: ; not directly referenced -mov al, byte [ebp - 0x2c] -mov edx, dword [ebp - 0x34] -shr al, 1 -movzx edi, al -mov eax, ebx -mov ecx, edi -call fcn_fffa69ea ; call 0xfffa69ea -test eax, eax -je loc_fffb1be0 ; je 0xfffb1be0 -mov edx, dword [ebx + 0x1887] -cmp edx, 0x306d0 -sete cl -cmp edx, 0x40650 -sete dl -or cl, dl -je short loc_fffb1b6c ; je 0xfffb1b6c -cmp dword [ebx + 0x2480], 1 -je short loc_fffb1b72 ; je 0xfffb1b72 +loc_fffb238c: ; not directly referenced +mov eax, dword [ebp + 8] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +lea edi, [eax + 0x3757] +lea eax, [ecx*8] +mov dword [ebp - 0x30], eax +imul eax, ecx, 0x2e +mov dword [ebp - 0x2c], eax -loc_fffb1b6c: ; not directly referenced -movzx ecx, byte [eax + 1] -jmp short loc_fffb1b74 ; jmp 0xfffb1b74 +loc_fffb23b4: ; not directly referenced +mov eax, dword [ebp - 0x2c] +xor esi, esi +mov ebx, dword [ebp - 0x20] +add eax, edi +mov dword [ebp - 0x40], eax +mov eax, dword [ebp + 8] +lea ebx, [eax + ebx + 0x1973] +mov eax, dword [ebp - 0x30] +add eax, edi +mov dword [ebp - 0x28], eax -loc_fffb1b72: ; not directly referenced -xor ecx, ecx +loc_fffb23d3: ; not directly referenced +cmp dword [edi + esi + 0x1173], 2 +jne loc_fffb2476 ; jne 0xfffb2476 +mov eax, dword [ebp - 0x40] +mov eax, dword [eax + esi + 0x1177] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp - 0x28] +mov edx, dword [eax + 0xc9] +mov eax, dword [eax + 0xcd] +mov dword [ebp - 0x34], edx +mov dword [ebp - 0x38], eax +cmp ecx, 1 +je short loc_fffb2413 ; je 0xfffb2413 +jb short loc_fffb241f ; jb 0xfffb241f +xor eax, eax +cmp ecx, 3 +jbe short loc_fffb245e ; jbe 0xfffb245e +jmp short loc_fffb241f ; jmp 0xfffb241f -loc_fffb1b74: ; not directly referenced -sub esp, 0xc -mov edx, ebx -push esi -lea eax, [ebp - 0x2a] -call fcn_fffa6bd1 ; call 0xfffa6bd1 -imul edi, edi, 0x128 -mov si, word [ebp - 0x2a] -add edi, dword [ebp - 0x38] -add esp, 0x10 -mov word [edi + 0x126d], si -mov word [edi + 0x1285], si +loc_fffb2413: ; not directly referenced +movzx eax, word [ebx + 0x26a] +test ax, ax +jne short loc_fffb245e ; jne 0xfffb245e -loc_fffb1ba0: ; not directly referenced -mov al, byte [ebp - 0x2c] -shr al, 1 -movzx eax, al -mov word [ebp + eax*2 - 0x1c], si +loc_fffb241f: ; not directly referenced +xor eax, eax +cmp dword [edi + esi + 0x1248], 2 +jne short loc_fffb245e ; jne 0xfffb245e +mov dl, byte [ebx + 0x6e] +cmp dword [ebp - 0x24], 0 +mov byte [ebp - 0x39], dl +mov dl, byte [ebx + 0xbf] +mov byte [ebp - 0x3a], dl +je short loc_fffb245e ; je 0xfffb245e +movzx edx, byte [ebp - 0x39] +imul edx, dword [ebp - 0x34] +mov eax, dword [ebp - 0x24] +lea eax, [eax + edx - 1] +movsx edx, byte [ebp - 0x3a] +imul edx, dword [ebp - 0x38] +add eax, edx +xor edx, edx +div dword [ebp - 0x24] -loc_fffb1bad: ; not directly referenced -add dword [ebp - 0x30], 2 -cmp dword [ebp - 0x30], 4 -jne loc_fffb1ae8 ; jne 0xfffb1ae8 -mov edx, dword [ebp - 0x34] -sub esp, 0xc -mov ecx, 1 -lea eax, [ebp - 0x1c] -push eax -mov eax, ebx -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffb1bd8 ; jmp 0xfffb1bd8 +loc_fffb245e: ; not directly referenced +cmp eax, 0xa +mov edx, 0xa +cmova eax, edx +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb1bd6: ; not directly referenced -xor eax, eax +loc_fffb2476: ; not directly referenced +add esi, 0x128 +add ebx, 0x277 +add dword [ebp - 0x28], 0x20 +cmp esi, 0x250 +jne loc_fffb23d3 ; jne 0xfffb23d3 +add dword [ebp - 0x20], 0x54a +add edi, 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffb23b4 ; jne 0xfffb23b4 +jmp near loc_fffb2374 ; jmp 0xfffb2374 -loc_fffb1bd8: ; not directly referenced -inc byte [ebp - 0x2b] -jmp near loc_fffb1aa1 ; jmp 0xfffb1aa1 +loc_fffb24b1: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb24c2 ; ja 0xfffb24c2 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je short loc_fffb24ec ; je 0xfffb24ec -loc_fffb1be0: ; not directly referenced -mov eax, 1 +loc_fffb24c2: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx -loc_fffb1be5: ; not directly referenced -lea esp, [ebp - 0xc] +loc_fffb24ec: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb24b1 ; jne 0xfffb24b1 +add esp, 0x34 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb1bed: ; not directly referenced +fcn_fffb2502: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi -mov esi, eax push ebx -sub esp, 0x3c -mov edi, dword [esi + 0x2480] -mov dword [ebp - 0x3c], ecx -mov dword [ebp - 0x38], edi -cmp ecx, 1 -je short loc_fffb1c30 ; je 0xfffb1c30 -jb short loc_fffb1c20 ; jb 0xfffb1c20 -cmp ecx, 2 -je short loc_fffb1c27 ; je 0xfffb1c27 -cmp ecx, 3 -jne loc_fffb1d20 ; jne 0xfffb1d20 -mov edi, 0xc3 -jmp short loc_fffb1c2c ; jmp 0xfffb1c2c - -loc_fffb1c20: ; not directly referenced -mov edi, 0xff -jmp short loc_fffb1c35 ; jmp 0xfffb1c35 +sub esp, 0x34 -loc_fffb1c27: ; not directly referenced -mov edi, 0x56 +loc_fffb250d: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb2539 ; ja 0xfffb2539 +mov eax, dword [ebp + 8] +cmp byte [eax + 0x374a], 0 +jne short loc_fffb2539 ; jne 0xfffb2539 -loc_fffb1c2c: ; not directly referenced -xor eax, eax -jmp short loc_fffb1c3a ; jmp 0xfffb1c3a +loc_fffb2521: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb250d ; jne 0xfffb250d +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48ee +jmp near loc_fffb265e ; jmp 0xfffb265e -loc_fffb1c30: ; not directly referenced -mov edi, 0xab +loc_fffb2539: ; not directly referenced +mov eax, dword [ebp + 8] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +lea edi, [eax + 0x3757] +lea eax, [ecx*8] +mov dword [ebp - 0x30], eax +imul eax, ecx, 0x2e +mov dword [ebp - 0x2c], eax -loc_fffb1c35: ; not directly referenced -mov eax, 0x400 +loc_fffb2561: ; not directly referenced +mov eax, dword [ebp - 0x2c] +xor esi, esi +mov ebx, dword [ebp - 0x20] +add eax, edi +mov dword [ebp - 0x40], eax +mov eax, dword [ebp + 8] +lea ebx, [eax + ebx + 0x1973] +mov eax, dword [ebp - 0x30] +add eax, edi +mov dword [ebp - 0x28], eax -loc_fffb1c3a: ; not directly referenced -mov word [ebp - 0x1c], ax -movzx ecx, dl -xor ebx, ebx -mov word [ebp - 0x1a], ax -lea eax, [esi + 0x3756] -mov dword [ebp - 0x34], eax +loc_fffb2580: ; not directly referenced +cmp dword [edi + esi + 0x1173], 2 +jne loc_fffb2623 ; jne 0xfffb2623 +mov eax, dword [ebp - 0x40] +mov eax, dword [eax + esi + 0x1177] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp - 0x28] +mov edx, dword [eax + 0xc9] +mov eax, dword [eax + 0xcd] +mov dword [ebp - 0x34], edx +mov dword [ebp - 0x38], eax +cmp ecx, 1 +je short loc_fffb25c0 ; je 0xfffb25c0 +jb short loc_fffb25cc ; jb 0xfffb25cc xor eax, eax -mov byte [ebp - 0x2d], 1 -mov dword [ebp - 0x40], ecx - -loc_fffb1c59: ; not directly referenced -mov ecx, dword [ebp - 0x34] -cmp dword [ecx], 2 -jne loc_fffb1cf9 ; jne 0xfffb1cf9 -mov ecx, dword [ebp - 0x40] -bt ecx, ebx -jae loc_fffb1cf9 ; jae 0xfffb1cf9 -lea edx, [ebx + 1] -bt ecx, edx -jb short loc_fffb1c88 ; jb 0xfffb1c88 -mov cl, byte [ebp - 0x2d] -mov dl, 7 -cmp dword [ebp - 0x3c], 2 -cmove ecx, edx -mov byte [ebp - 0x2d], cl - -loc_fffb1c88: ; not directly referenced -cmp dword [ebp - 0x38], 3 -jne short loc_fffb1cca ; jne 0xfffb1cca -mov dword [ebp - 0x2c], 0 - -loc_fffb1c95: ; not directly referenced -mov cl, byte [ebp - 0x2c] -mov edx, 1 -shl edx, cl -mov ecx, dword [ebp - 0x34] -test byte [ecx + 0xc4], dl -je short loc_fffb1cbf ; je 0xfffb1cbf -mov ecx, dword [ebp - 0x2c] -mov edx, ebx -push eax -mov eax, esi -push 0 -push edi -push 0xa -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 +cmp ecx, 3 +jbe short loc_fffb260b ; jbe 0xfffb260b +jmp short loc_fffb25cc ; jmp 0xfffb25cc -loc_fffb1cbf: ; not directly referenced -inc dword [ebp - 0x2c] -cmp dword [ebp - 0x2c], 4 -jne short loc_fffb1c95 ; jne 0xfffb1c95 -jmp short loc_fffb1cf9 ; jmp 0xfffb1cf9 +loc_fffb25c0: ; not directly referenced +movzx eax, word [ebx + 0x268] +test ax, ax +jne short loc_fffb260b ; jne 0xfffb260b -loc_fffb1cca: ; not directly referenced -cmp dword [ebp - 0x38], 2 -movzx eax, byte [ebp - 0x2d] -jne short loc_fffb1cdf ; jne 0xfffb1cdf -push eax -lea eax, [ebp - 0x1c] -push eax -push 0 -push 0xe -jmp short loc_fffb1ce8 ; jmp 0xfffb1ce8 +loc_fffb25cc: ; not directly referenced +xor eax, eax +cmp dword [edi + esi + 0x1248], 2 +jne short loc_fffb260b ; jne 0xfffb260b +mov dl, byte [ebx + 0x6f] +cmp dword [ebp - 0x24], 0 +mov byte [ebp - 0x39], dl +mov dl, byte [ebx + 0xbe] +mov byte [ebp - 0x3a], dl +je short loc_fffb260b ; je 0xfffb260b +movzx edx, byte [ebp - 0x39] +imul edx, dword [ebp - 0x34] +mov eax, dword [ebp - 0x24] +lea eax, [eax + edx - 1] +movsx edx, byte [ebp - 0x3a] +imul edx, dword [ebp - 0x38] +add eax, edx +xor edx, edx +div dword [ebp - 0x24] -loc_fffb1cdf: ; not directly referenced -push eax -lea eax, [ebp - 0x1c] -push eax -push 0 -push 6 +loc_fffb260b: ; not directly referenced +cmp eax, 0xf +mov edx, 0xf +cmova eax, edx +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb1ce8: ; not directly referenced -mov ecx, 0xf -mov edx, ebx -mov eax, esi -call fcn_fffafb06 ; call 0xfffafb06 -add esp, 0x10 +loc_fffb2623: ; not directly referenced +add esi, 0x128 +add ebx, 0x277 +add dword [ebp - 0x28], 0x20 +cmp esi, 0x250 +jne loc_fffb2580 ; jne 0xfffb2580 +add dword [ebp - 0x20], 0x54a +add edi, 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffb2561 ; jne 0xfffb2561 +jmp near loc_fffb2521 ; jmp 0xfffb2521 -loc_fffb1cf9: ; not directly referenced -inc ebx -add dword [ebp - 0x34], 0x13c3 -cmp ebx, 2 -jne loc_fffb1c59 ; jne 0xfffb1c59 -cmp dword [ebp - 0x3c], 1 -mov ebx, eax -ja short loc_fffb1d25 ; ja 0xfffb1d25 -mov edx, 0x13 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -jmp short loc_fffb1d25 ; jmp 0xfffb1d25 +loc_fffb265e: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb266f ; ja 0xfffb266f +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je short loc_fffb2699 ; je 0xfffb2699 -loc_fffb1d20: ; not directly referenced -mov ebx, 2 +loc_fffb266f: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx -loc_fffb1d25: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, ebx +loc_fffb2699: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb265e ; jne 0xfffb265e +add esp, 0x34 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb1d2f: ; not directly referenced +fcn_fffb26af: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi -xor esi, esi push ebx -sub esp, 0x4c -mov ebx, dword [ebp + 8] -mov byte [ebp - 0x28], 2 -mov byte [ebp - 0x27], 0x40 -mov byte [ebp - 0x26], 1 -mov byte [ebp - 0x25], 0x43 -mov byte [ebp - 0x24], 3 -mov byte [ebp - 0x23], 1 -mov byte [ebp - 0x22], 0xb -mov byte [ebp - 0x21], 3 -mov dword [ebp - 0x50], 0 +sub esp, 0x30 -loc_fffb1d64: ; not directly referenced -imul eax, esi, 0x13c3 -cmp dword [ebx + eax + 0x3756], 2 -jne short loc_fffb1daf ; jne 0xfffb1daf -mov edi, esi -mov eax, ebx -shl edi, 0xa -add edi, 0x4004 -mov edx, edi -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebp + esi*4 - 0x20], eax -mov al, byte [ebp + esi*4 - 0x1d] -test al, 0x20 -jne short loc_fffb1daf ; jne 0xfffb1daf -or eax, 0x20 -mov edx, edi -mov byte [ebp + esi*4 - 0x1d], al -mov ecx, dword [ebp + esi*4 - 0x20] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov dword [ebp - 0x50], 1 +loc_fffb26ba: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb26e6 ; ja 0xfffb26e6 +mov edi, dword [ebp + 8] +cmp byte [edi + 0x374a], 0 +jne short loc_fffb26e6 ; jne 0xfffb26e6 -loc_fffb1daf: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffb1d64 ; jne 0xfffb1d64 -xor ecx, ecx -mov edx, 3 -mov eax, ebx -call fcn_fffb1bed ; call 0xfffb1bed -test eax, eax -jne loc_fffb1fe8 ; jne 0xfffb1fe8 -mov edx, dword [ebx + 0x36d7] -cmp edx, 0x320 -jbe short loc_fffb1e0b ; jbe 0xfffb1e0b -cmp edx, 0x42b -jbe short loc_fffb1e0f ; jbe 0xfffb1e0f -cmp edx, 0x4b0 -jbe short loc_fffb1e13 ; jbe 0xfffb1e13 -cmp edx, 0x535 -jbe short loc_fffb1e17 ; jbe 0xfffb1e17 -cmp edx, 0x640 -jbe short loc_fffb1e1b ; jbe 0xfffb1e1b -mov al, 0x16 -cmp edx, 0x74b -ja loc_fffb1fe8 ; ja 0xfffb1fe8 -mov al, 0x1c -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d +loc_fffb26ce: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb26ba ; jne 0xfffb26ba +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48ec +jmp near loc_fffb2807 ; jmp 0xfffb2807 -loc_fffb1e0b: ; not directly referenced -mov al, 0x14 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d +loc_fffb26e6: ; not directly referenced +mov edi, dword [ebp + 8] +imul esi, ecx, 0x2e +imul eax, eax, 0x23 +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x24], 0 +lea ebx, [edi + 0x49c0] +mov dword [ebp - 0x2c], ebx +lea ebx, [ecx*8 - 0x1269] +mov dword [ebp - 0x30], esi +mov dword [ebp - 0x38], ebx +mov dword [ebp - 0x3c], eax -loc_fffb1e0f: ; not directly referenced -mov al, 0x16 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d +loc_fffb2717: ; not directly referenced +mov eax, dword [ebp - 0x38] +mov esi, dword [ebp - 0x2c] +mov edi, dword [ebp - 0x24] +mov dword [ebp - 0x20], 0 +add eax, esi +mov dword [ebp - 0x34], eax +mov eax, dword [ebp + 8] +lea edi, [eax + edi + 0x1973] -loc_fffb1e13: ; not directly referenced -mov al, 0x17 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d +loc_fffb2736: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffb27cd ; jne 0xfffb27cd +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x20] +mov ebx, dword [esi + eax - 0xf2] +mov eax, dword [ebp - 0x34] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x28], eax +cmp ecx, 1 +je short loc_fffb2793 ; je 0xfffb2793 +jb short loc_fffb279f ; jb 0xfffb279f +cmp ecx, 3 +ja short loc_fffb279f ; ja 0xfffb279f +cmp ecx, 2 +mov dl, byte [esi] +jne short loc_fffb2779 ; jne 0xfffb2779 +and dl, 1 +jne short loc_fffb2780 ; jne 0xfffb2780 +xor eax, eax +jmp short loc_fffb27b5 ; jmp 0xfffb27b5 -loc_fffb1e17: ; not directly referenced -mov al, 0x18 -jmp short loc_fffb1e1d ; jmp 0xfffb1e1d +loc_fffb2779: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffb27b5 ; je 0xfffb27b5 -loc_fffb1e1b: ; not directly referenced -mov al, 0x1a +loc_fffb2780: ; not directly referenced +mov eax, dword [ebp - 0x3c] +movzx edx, byte [edi + eax + 0x112] +xor eax, eax +test ebx, ebx +je short loc_fffb27b5 ; je 0xfffb27b5 +jmp short loc_fffb27a9 ; jmp 0xfffb27a9 -loc_fffb1e1d: ; not directly referenced -mov byte [ebp - 0x27], al -lea eax, [ebx + 0x3756] -xor edi, edi -mov dword [ebp - 0x2c], eax +loc_fffb2793: ; not directly referenced +movzx eax, word [edi + 0x266] +test ax, ax +jne short loc_fffb27b5 ; jne 0xfffb27b5 -loc_fffb1e2b: ; not directly referenced -mov eax, dword [ebp - 0x2c] -cmp dword [eax], 2 -jne loc_fffb1fc7 ; jne 0xfffb1fc7 -mov dword [ebp - 0x34], 0 +loc_fffb279f: ; not directly referenced +xor eax, eax +test ebx, ebx +je short loc_fffb27b5 ; je 0xfffb27b5 +movzx edx, byte [edi + 0x5b] -loc_fffb1e3e: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov ecx, dword [ebp - 0x34] -mov al, byte [eax + 0xc4] -mov dl, cl -mov esi, eax -mov eax, 1 -shl eax, cl -mov ecx, esi -test cl, al -jne short loc_fffb1e69 ; jne 0xfffb1e69 +loc_fffb27a9: ; not directly referenced +imul edx, dword [ebp - 0x28] +lea eax, [ebx + edx - 1] +xor edx, edx +div ebx -loc_fffb1e5b: ; not directly referenced -inc dword [ebp - 0x34] -cmp dword [ebp - 0x34], 4 -jne short loc_fffb1e3e ; jne 0xfffb1e3e -jmp near loc_fffb1f5b ; jmp 0xfffb1f5b +loc_fffb27b5: ; not directly referenced +cmp dword [ebp + ecx*4 - 0x1c], 4 +mov edx, 4 +cmovae edx, dword [ebp + ecx*4 - 0x1c] +cmp edx, eax +cmovae eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb1e69: ; not directly referenced -cmp byte [ebp - 0x34], 0 -mov byte [ebp - 0x48], 0 -jne short loc_fffb1e93 ; jne 0xfffb1e93 -cmp byte [ebx + 0x240a], 0 -mov byte [ebp - 0x48], dl -je short loc_fffb1e93 ; je 0xfffb1e93 -mov eax, esi -and eax, 2 -cmp al, 1 -sbb eax, eax -mov dword [ebp - 0x48], eax -and byte [ebp - 0x48], 0xfc -add byte [ebp - 0x48], 7 +loc_fffb27cd: ; not directly referenced +add dword [ebp - 0x20], 0x20 +add esi, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x20], 0x40 +jne loc_fffb2736 ; jne 0xfffb2736 +add dword [ebp - 0x24], 0x54a +add dword [ebp - 0x2c], 0x13c3 +cmp dword [ebp - 0x24], 0xa94 +jne loc_fffb2717 ; jne 0xfffb2717 +jmp near loc_fffb26ce ; jmp 0xfffb26ce -loc_fffb1e93: ; not directly referenced -mov eax, edx -and eax, 1 -mov dword [ebp - 0x38], 0 -mov dword [ebp - 0x4c], eax +loc_fffb2807: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb2818 ; ja 0xfffb2818 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je short loc_fffb2842 ; je 0xfffb2842 -loc_fffb1ea2: ; not directly referenced -mov eax, dword [ebp - 0x38] -cmp byte [ebx + 0x247b], 0 -movzx edx, byte [ebp + eax*2 - 0x28] -je short loc_fffb1edf ; je 0xfffb1edf -cmp edx, 6 -ja short loc_fffb1ecc ; ja 0xfffb1ecc -imul eax, dword [ebp - 0x4c], 0xc -mov ecx, dword [ebp - 0x2c] -lea eax, [edx + eax + 0x930] -mov al, byte [ecx + eax*2 + 0xb] -jmp short loc_fffb1eda ; jmp 0xfffb1eda +loc_fffb2818: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx -loc_fffb1ecc: ; not directly referenced -imul eax, dword [ebp - 0x4c], 0x18 -mov ecx, dword [ebp - 0x2c] -mov al, byte [ecx + eax + 0x1279] +loc_fffb2842: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb2807 ; jne 0xfffb2807 +add esp, 0x30 +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb1eda: ; not directly referenced -mov byte [ebp - 0x2d], al -jmp short loc_fffb1f29 ; jmp 0xfffb1f29 +fcn_fffb2858: ; not directly referenced +push ebp +xor ecx, ecx +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x38 +mov edi, dword [ebp + 8] +mov byte [ebp - 0x1d], 0 +lea eax, [edi + 0x3757] +mov dword [ebp - 0x40], eax -loc_fffb1edf: ; not directly referenced -mov eax, dword [ebp - 0x38] -cmp eax, 3 -je short loc_fffb1eed ; je 0xfffb1eed -mov al, byte [ebp + eax*2 - 0x27] -jmp short loc_fffb1ef0 ; jmp 0xfffb1ef0 +loc_fffb2873: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb2888 ; ja 0xfffb2888 +cmp byte [edi + 0x374a], 0 +je loc_fffb29a1 ; je 0xfffb29a1 -loc_fffb1eed: ; not directly referenced -mov al, byte [ebp - 0x48] +loc_fffb2888: ; not directly referenced +lea eax, [edi + 0x48ca] +mov dword [ebp - 0x3c], eax +imul eax, ecx, 0x2e +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x28], 0 +mov dword [ebp - 0x38], eax +mov eax, dword [ebp - 0x40] +mov dword [ebp - 0x34], eax -loc_fffb1ef0: ; not directly referenced -mov byte [ebp - 0x2d], al -cmp edx, 6 -ja short loc_fffb1f11 ; ja 0xfffb1f11 -imul ecx, dword [ebp - 0x4c], 0xc -movzx esi, byte [ebp - 0x2d] -mov eax, dword [ebp - 0x2c] -lea ecx, [edx + ecx + 0x930] -mov word [eax + ecx*2 + 0xb], si -jmp short loc_fffb1f29 ; jmp 0xfffb1f29 +loc_fffb28ac: ; not directly referenced +mov eax, dword [ebp - 0x28] +mov ebx, dword [ebp - 0x3c] +mov dword [ebp - 0x2c], 0 +lea eax, [edi + eax + 0x1973] +mov dword [ebp - 0x30], eax -loc_fffb1f11: ; not directly referenced -cmp edx, 0xb -jne short loc_fffb1f29 ; jne 0xfffb1f29 -imul ecx, dword [ebp - 0x4c], 0x18 -movzx esi, byte [ebp - 0x2d] -mov eax, dword [ebp - 0x2c] -mov word [eax + ecx + 0x1279], si +loc_fffb28c3: ; not directly referenced +cmp dword [ebx], 2 +jne loc_fffb2964 ; jne 0xfffb2964 +cmp dword [ebx + 0xd5], 3 +jne loc_fffb2964 ; jne 0xfffb2964 +mov eax, dword [ebp - 0x38] +mov esi, dword [ebp - 0x2c] +mov eax, dword [ebx + eax + 4] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp - 0x34] +mov edx, dword [eax + esi + 0xc9] +mov eax, dword [eax + esi + 0xcd] +mov dword [ebp - 0x44], eax +cmp ecx, 1 +jne short loc_fffb290e ; jne 0xfffb290e +mov eax, dword [ebp - 0x30] +movzx eax, word [eax + 0x264] +test ax, ax +jne short loc_fffb2934 ; jne 0xfffb2934 -loc_fffb1f29: ; not directly referenced -push eax -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x34] -push 0 -push eax -mov eax, ebx -push edx -mov edx, edi -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -test eax, eax -jne loc_fffb1fe8 ; jne 0xfffb1fe8 -inc dword [ebp - 0x38] -cmp dword [ebp - 0x38], 4 -jne loc_fffb1ea2 ; jne 0xfffb1ea2 -jmp near loc_fffb1e5b ; jmp 0xfffb1e5b +loc_fffb290e: ; not directly referenced +cmp dword [ebp - 0x24], 0 +je short loc_fffb2957 ; je 0xfffb2957 +mov esi, dword [ebp - 0x30] +movzx eax, byte [esi + 0x6f] +imul edx, eax +mov eax, dword [ebp - 0x24] +lea edx, [eax + edx - 1] +movsx eax, byte [esi + 0x70] +imul eax, dword [ebp - 0x44] +add eax, edx +xor edx, edx +div dword [ebp - 0x24] -loc_fffb1f5b: ; not directly referenced -cmp byte [ebx + 0x247d], 0 -jne short loc_fffb1fa6 ; jne 0xfffb1fa6 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffb1fa6 ; jne 0xfffb1fa6 -mov eax, edi -shl eax, 8 -add eax, 0x1c20 -mov edx, eax +loc_fffb2934: ; not directly referenced +cmp eax, 3 +jbe short loc_fffb2957 ; jbe 0xfffb2957 +mov esi, dword [ebp - 0x38] +movzx edx, word [ebx + esi + 0x1e] mov esi, eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -cmp byte [ebx + 0x240a], 1 -sbb edx, edx -not edx -add edx, 3 -and eax, 0xffffffcf -and edx, 3 -shl edx, 4 -or eax, edx -mov edx, esi -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +sub esi, edx +cmp esi, 3 +ja short loc_fffb2957 ; ja 0xfffb2957 +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb1fa6: ; not directly referenced -cmp dword [ebp - 0x50], 0 -je short loc_fffb1fc7 ; je 0xfffb1fc7 -and byte [ebp + edi*4 - 0x1d], 0xdf -mov edx, edi -mov ecx, dword [ebp + edi*4 - 0x20] -shl edx, 0xa -mov eax, ebx -add edx, 0x4004 -call fcn_fffae58c ; call 0xfffae58c +loc_fffb2957: ; not directly referenced +mov dl, byte [ebp - 0x1d] +mov al, 1 +test dl, dl +cmove edx, eax +mov byte [ebp - 0x1d], dl -loc_fffb1fc7: ; not directly referenced -inc edi -add dword [ebp - 0x2c], 0x13c3 -cmp edi, 2 -jne loc_fffb1e2b ; jne 0xfffb1e2b -mov byte [ebx + 0x247d], 1 -xor eax, eax -mov byte [ebx + 0x247b], 1 +loc_fffb2964: ; not directly referenced +add dword [ebp - 0x2c], 0x20 +add ebx, 0x128 +add dword [ebp - 0x30], 0x277 +cmp dword [ebp - 0x2c], 0x40 +jne loc_fffb28c3 ; jne 0xfffb28c3 +add dword [ebp - 0x28], 0x54a +add dword [ebp - 0x3c], 0x13c3 +add dword [ebp - 0x34], 0x13c3 +cmp dword [ebp - 0x28], 0xa94 +jne loc_fffb28ac ; jne 0xfffb28ac -loc_fffb1fe8: ; not directly referenced -lea esp, [ebp - 0xc] +loc_fffb29a1: ; not directly referenced +inc ecx +add dword [ebp - 0x40], 8 +cmp ecx, 4 +jne loc_fffb2873 ; jne 0xfffb2873 +mov al, byte [ebp - 0x1d] +test al, al +je short loc_fffb2a02 ; je 0xfffb2a02 +lea eax, [edi + 0x48ea] +mov ecx, 0xfffffffe + +loc_fffb29c1: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb29cf ; ja 0xfffb29cf +cmp byte [edi + 0x374a], 0 +je short loc_fffb29f9 ; je 0xfffb29f9 + +loc_fffb29cf: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb29f9: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb29c1 ; jne 0xfffb29c1 + +loc_fffb2a02: ; not directly referenced +add esp, 0x38 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb1ff0: ; not directly referenced +fcn_fffb2a0f: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x20], 0 -lea edi, [ebx + 0x3756] +sub esp, 0x40 +mov eax, dword [ebp + 8] +mov dword [ebp - 0x3c], 0 +add eax, 0x3757 +mov dword [ebp - 0x2c], eax -loc_fffb2009: ; not directly referenced -cmp dword [edi], 2 -je short loc_fffb201f ; je 0xfffb201f +loc_fffb2a2c: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb2a60 ; ja 0xfffb2a60 +mov eax, dword [ebp + 8] +cmp byte [eax + 0x374a], 0 +jne short loc_fffb2a60 ; jne 0xfffb2a60 -loc_fffb200e: ; not directly referenced -inc dword [ebp - 0x20] -add edi, 0x13c3 -cmp dword [ebp - 0x20], 2 -jne short loc_fffb2009 ; jne 0xfffb2009 -jmp short loc_fffb2092 ; jmp 0xfffb2092 +loc_fffb2a40: ; not directly referenced +inc ecx +add dword [ebp - 0x3c], 0x23 +add dword [ebp - 0x2c], 8 +cmp ecx, 4 +jne short loc_fffb2a2c ; jne 0xfffb2a2c +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48e8 +jmp near loc_fffb2bcc ; jmp 0xfffb2bcc -loc_fffb201f: ; not directly referenced -mov edx, dword [ebp - 0x20] -xor ecx, ecx -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -mov edx, eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, dword [ebp - 0x20] -mov ecx, 0xff -mov esi, eax -mov eax, ebx -call fcn_fffa7288 ; call 0xfffa7288 -or esi, 0x100000 -mov dword [ebp - 0x1c], 0 -mov dword [ebp - 0x24], eax +loc_fffb2a60: ; not directly referenced +mov eax, dword [ebp + 8] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x28], 0 +add eax, 0x49c0 +mov dword [ebp - 0x40], eax +imul eax, ecx, 0x2e +mov dword [ebp - 0x44], eax +mov eax, dword [ebp - 0x2c] +mov dword [ebp - 0x30], eax +mov eax, dword [ebp - 0x3c] +lea esi, [eax + 0x18b] +add eax, 0xbb +mov dword [ebp - 0x48], esi +mov dword [ebp - 0x4c], eax -loc_fffb2055: ; not directly referenced -mov cl, byte [ebp - 0x1c] -mov eax, 1 -shl eax, cl -test byte [edi + 0xc4], al -je short loc_fffb2084 ; je 0xfffb2084 -mov eax, dword [ebp - 0x1c] -and esi, 0xff3fffff -mov edx, dword [ebp - 0x24] -and eax, 3 -shl eax, 0x16 -or esi, eax -mov eax, ebx -mov ecx, esi -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffb2a9a: ; not directly referenced +mov eax, dword [ebp + 8] +mov ebx, dword [ebp - 0x28] +mov esi, dword [ebp - 0x40] +mov dword [ebp - 0x24], 0 +lea ebx, [eax + ebx + 0x1973] -loc_fffb2084: ; not directly referenced -inc dword [ebp - 0x1c] -cmp dword [ebp - 0x1c], 4 -jne short loc_fffb2055 ; jne 0xfffb2055 -jmp near loc_fffb200e ; jmp 0xfffb200e +loc_fffb2ab1: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffb2b8b ; jne 0xfffb2b8b +mov eax, dword [ebp - 0x44] +mov edi, dword [ebp - 0x24] +mov eax, dword [esi + eax - 0xf2] +mov dword [ebp - 0x20], eax +mov eax, dword [ebp - 0x30] +mov edx, dword [eax + edi + 0xc9] +mov eax, dword [eax + edi + 0xcd] +mov dword [ebp - 0x34], edx +mov dword [ebp - 0x38], eax +cmp ecx, 1 +je short loc_fffb2b36 ; je 0xfffb2b36 +jb short loc_fffb2b42 ; jb 0xfffb2b42 +cmp ecx, 3 +ja short loc_fffb2b42 ; ja 0xfffb2b42 +cmp ecx, 2 +mov dl, byte [esi] +jne short loc_fffb2b01 ; jne 0xfffb2b01 +and dl, 1 +jne short loc_fffb2b08 ; jne 0xfffb2b08 +xor eax, eax +jmp short loc_fffb2b7e ; jmp 0xfffb2b7e -loc_fffb2092: ; not directly referenced -cmp dword [ebx + 0x3756], 2 -jne short loc_fffb20ae ; jne 0xfffb20ae -movzx ecx, byte [ebx + 0x381a] -mov edx, 0x4192 -mov eax, ebx -call fcn_fffae566 ; call 0xfffae566 +loc_fffb2b01: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffb2b7e ; je 0xfffb2b7e -loc_fffb20ae: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffb20ca ; jne 0xfffb20ca -movzx ecx, byte [ebx + 0x4bdd] -mov edx, 0x4592 -mov eax, ebx -call fcn_fffae566 ; call 0xfffae566 +loc_fffb2b08: ; not directly referenced +mov edx, dword [esi - 0x21] +mov eax, dword [ebp - 0x4c] +mov edi, dword [ebp - 0x48] +and edx, 0xfffffffd +add eax, ebx +add edi, ebx +dec edx +cmovne eax, edi +xor edi, edi +cmp byte [esi + 1], 0x13 +movzx edx, byte [eax + 6] +jne short loc_fffb2b2c ; jne 0xfffb2b2c +movsx edi, byte [eax + 0x1c] -loc_fffb20ca: ; not directly referenced -mov eax, ebx -mov ecx, 1 -mov edx, 3 -call fcn_fffb1bed ; call 0xfffb1bed -add esp, 0x1c +loc_fffb2b2c: ; not directly referenced +xor eax, eax +cmp dword [ebp - 0x20], 0 +je short loc_fffb2b7e ; je 0xfffb2b7e +jmp short loc_fffb2b68 ; jmp 0xfffb2b68 + +loc_fffb2b36: ; not directly referenced +movzx eax, word [ebx + 0x262] +test ax, ax +jne short loc_fffb2b7e ; jne 0xfffb2b7e + +loc_fffb2b42: ; not directly referenced xor eax, eax +cmp dword [ebp - 0x20], 0 +je short loc_fffb2b7e ; je 0xfffb2b7e +mov eax, dword [esi - 0x21] +and eax, 0xfffffffd +dec eax +jne short loc_fffb2b5d ; jne 0xfffb2b5d +movzx edx, byte [ebx + 0x5c] +movsx edi, byte [ebx + 0x6d] +jmp short loc_fffb2b68 ; jmp 0xfffb2b68 + +loc_fffb2b5d: ; not directly referenced +movzx edx, byte [ebx + 0x62] +movsx edi, byte [ebx + 0xc1] + +loc_fffb2b68: ; not directly referenced +imul edx, dword [ebp - 0x34] +mov eax, dword [ebp - 0x20] +imul edi, dword [ebp - 0x38] +lea eax, [eax + edx - 1] +xor edx, edx +add eax, edi +div dword [ebp - 0x20] + +loc_fffb2b7e: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax + +loc_fffb2b8b: ; not directly referenced +add dword [ebp - 0x24], 0x20 +add esi, 0x128 +add ebx, 0x277 +cmp dword [ebp - 0x24], 0x40 +jne loc_fffb2ab1 ; jne 0xfffb2ab1 +add dword [ebp - 0x28], 0x54a +add dword [ebp - 0x40], 0x13c3 +add dword [ebp - 0x30], 0x13c3 +cmp dword [ebp - 0x28], 0xa94 +jne loc_fffb2a9a ; jne 0xfffb2a9a +jmp near loc_fffb2a40 ; jmp 0xfffb2a40 + +loc_fffb2bcc: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb2bdd ; ja 0xfffb2bdd +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je short loc_fffb2c07 ; je 0xfffb2c07 + +loc_fffb2bdd: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb2c07: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb2bcc ; jne 0xfffb2bcc +add esp, 0x40 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb20e5: ; not directly referenced +fcn_fffb2c1d: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0xdc -mov edi, dword [ebp + 0x20] -mov byte [ebp - 0x51], cl -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x5c], ecx -mov cl, byte [ebp + 0x14] -mov dword [ebp - 0x4c], eax -mov eax, dword [eax + 0x188b] -mov dword [ebp - 0x50], edi -mov edi, dword [ebp + 0x24] -mov byte [ebp - 0xad], dl -mov esi, dword [ebp + 0xc] -mov byte [ebp - 0xe8], cl -mov cl, byte [ebp + 0x1c] -mov dword [ebp - 0x60], eax -movzx eax, bx -dec eax -mov dword [ebp - 0x58], edi -inc esi -mov byte [ebp - 0x98], cl -mov word [ebp - 0xb0], bx -mov dword [ebp - 0x45], 0 -mov dword [ebp - 0x41], 0 -mov dword [ebp - 0x3d], 0 -call fcn_fffaec34 ; call 0xfffaec34 -mov ecx, esi -sub ecx, eax -test cl, cl -mov esi, ecx -mov ecx, dword [ebp - 0x5c] -setle dl -mov byte [ebp - 0x61], al -cmp cl, 4 -sete al -or dl, al -jne short loc_fffb2178 ; jne 0xfffb2178 -cmp cl, 5 -mov al, 1 -cmove esi, eax -jmp short loc_fffb217d ; jmp 0xfffb217d +sub esp, 0x30 +mov esi, dword [ebp + 8] -loc_fffb2178: ; not directly referenced -mov esi, 1 +loc_fffb2c2b: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb2c52 ; ja 0xfffb2c52 +cmp byte [esi + 0x374a], 0 +jne short loc_fffb2c52 ; jne 0xfffb2c52 -loc_fffb217d: ; not directly referenced -lea ecx, [esi - 1] -movzx esi, byte [ebp - 0x61] -lea eax, [ebx - 0x80] -mov dword [ebp - 0x68], 1 -shl dword [ebp - 0x68], cl -cmp bx, 0x7f -cmova eax, esi -add ebx, ebx -mov byte [ebp - 0x88], al -lea eax, [ebx - 0x80] -mov byte [ebp - 0x78], al -cmp bx, 0x7f -jbe short loc_fffb21ba ; jbe 0xfffb21ba -movzx ebx, bx -lea eax, [ebx - 1] -call fcn_fffaec34 ; call 0xfffaec34 -mov byte [ebp - 0x78], al +loc_fffb2c3c: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb2c2b ; jne 0xfffb2c2b +lea eax, [esi + 0x48e6] +mov ecx, 0xfffffffe +jmp near loc_fffb2d4a ; jmp 0xfffb2d4a -loc_fffb21ba: ; not directly referenced -mov eax, dword [ebp + 0x18] -mov bx, word [eax] -movzx eax, bx -dec eax -call fcn_fffaec34 ; call 0xfffaec34 -cmp bx, 0x1f -jbe short loc_fffb21da ; jbe 0xfffb21da -mov esi, dword [ebp + 0x18] -movzx eax, al -mov word [esi], ax -jmp short loc_fffb21e3 ; jmp 0xfffb21e3 +loc_fffb2c52: ; not directly referenced +lea eax, [esi + 0x48ca] +mov dword [ebp - 0x2c], eax +imul eax, ecx, 0x2e +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +mov dword [ebp - 0x30], eax +lea eax, [ecx*8 - 0x1173] +mov dword [ebp - 0x3c], eax -loc_fffb21da: ; not directly referenced -mov eax, dword [ebp + 0x18] -add ebx, 0x20 -mov word [eax], bx +loc_fffb2c7a: ; not directly referenced +mov eax, dword [ebp - 0x3c] +mov ebx, dword [ebp - 0x2c] +mov dword [ebp - 0x28], 0 +add eax, ebx +mov dword [ebp - 0x38], eax +mov eax, dword [ebp - 0x20] +lea edi, [esi + eax + 0x1973] -loc_fffb21e3: ; not directly referenced -cmp byte [ebp - 0x50], 0 -je short loc_fffb2209 ; je 0xfffb2209 -mov eax, dword [ebp - 0x4c] -mov edx, 0x4cb0 -call fcn_fffae52a ; call 0xfffae52a -mov edi, eax -mov eax, dword [ebp - 0x58] -and di, 0xfff -add edi, 0x10 -cmp ax, di -cmovae edi, eax +loc_fffb2c96: ; not directly referenced +cmp dword [ebx], 2 +jne short loc_fffb2d10 ; jne 0xfffb2d10 +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x28] +mov eax, dword [ebx + eax + 4] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp - 0x38] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x34], eax +cmp ecx, 1 +je short loc_fffb2cc5 ; je 0xfffb2cc5 +jb short loc_fffb2cd1 ; jb 0xfffb2cd1 +xor eax, eax +cmp ecx, 3 +jbe short loc_fffb2cf6 ; jbe 0xfffb2cf6 +jmp short loc_fffb2cd1 ; jmp 0xfffb2cd1 -loc_fffb2209: ; not directly referenced -cmp di, 0xff -mov eax, 0xff -cmova edi, eax -mov al, byte [ebp - 0x88] -mov word [ebp - 0xa8], di -mov dword [ebp - 0x50], 0x4960 -mov dword [ebp - 0x5c], 0x4040 -shr al, 7 -mov byte [ebp - 0xc8], al -mov al, byte [ebp - 0x78] -mov dword [ebp - 0x58], 0 -shr al, 7 -mov byte [ebp - 0xd8], al -mov eax, dword [ebp - 0x98] -and eax, 1 -mov dword [ebp - 0xb4], eax +loc_fffb2cc5: ; not directly referenced +movzx eax, word [edi + 0x260] +test ax, ax +jne short loc_fffb2cf6 ; jne 0xfffb2cf6 -loc_fffb225c: ; not directly referenced -movzx eax, byte [ebp - 0xad] -mov esi, dword [ebp - 0x58] -mov dword [ebp - 0xac], eax -bt eax, esi -jb short loc_fffb2282 ; jb 0xfffb2282 -mov eax, dword [ebp - 0x50] +loc_fffb2cd1: ; not directly referenced +xor eax, eax +cmp dword [ebx + 0xd5], 2 +jne short loc_fffb2cf6 ; jne 0xfffb2cf6 +cmp dword [ebp - 0x24], 0 +movzx edx, word [edi + 0x6a] +je short loc_fffb2cf6 ; je 0xfffb2cf6 +imul edx, dword [ebp - 0x34] +mov eax, dword [ebp - 0x24] +lea eax, [eax + edx - 1] +xor edx, edx +div dword [ebp - 0x24] + +loc_fffb2cf6: ; not directly referenced +cmp eax, 0x1ff +mov edx, 0x1ff +cmova eax, edx +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax + +loc_fffb2d10: ; not directly referenced +add dword [ebp - 0x28], 0x20 +add ebx, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x28], 0x40 +jne loc_fffb2c96 ; jne 0xfffb2c96 +add dword [ebp - 0x20], 0x54a +add dword [ebp - 0x2c], 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffb2c7a ; jne 0xfffb2c7a +jmp near loc_fffb2c3c ; jmp 0xfffb2c3c + +loc_fffb2d4a: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb2d58 ; ja 0xfffb2d58 +cmp byte [esi + 0x374a], 0 +je short loc_fffb2d82 ; je 0xfffb2d82 + +loc_fffb2d58: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb2d82: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb2d4a ; jne 0xfffb2d4a +add esp, 0x30 +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb2d98: ; not directly referenced +push ebp xor ecx, ecx -lea edx, [eax + eax - 0x4a18] -jmp near loc_fffb268f ; jmp 0xfffb268f +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x30 +mov esi, dword [ebp + 8] -loc_fffb2282: ; not directly referenced -mov eax, dword [ebp - 0x5c] -movzx ecx, byte [ebp - 0xb4] -lea edx, [eax + 0x158] -mov eax, dword [ebp - 0x4c] -call fcn_fffae566 ; call 0xfffae566 -cmp byte [ebp - 0x98], 0 -je short loc_fffb22bb ; je 0xfffb22bb -mov edx, dword [ebp - 0x58] -sub esp, 0xc -mov ecx, 7 -mov eax, dword [ebp - 0x4c] -push 8 -call fcn_fffaa3c8 ; call 0xfffaa3c8 -add esp, 0x10 +loc_fffb2da6: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb2dcd ; ja 0xfffb2dcd +cmp byte [esi + 0x374a], 0 +jne short loc_fffb2dcd ; jne 0xfffb2dcd -loc_fffb22bb: ; not directly referenced -cmp byte [ebp - 0x51], 5 -ja short loc_fffb22d3 ; ja 0xfffb22d3 -movzx eax, byte [ebp - 0x51] -mov dl, byte [eax + ref_fffd3ed8] ; mov dl, byte [eax - 0x2c128] -mov al, byte [eax + ref_fffd3ed0] ; mov al, byte [eax - 0x2c130] -jmp short loc_fffb22d7 ; jmp 0xfffb22d7 +loc_fffb2db7: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffb2da6 ; jne 0xfffb2da6 +lea eax, [esi + 0x48e4] +mov ecx, 0xfffffffe +jmp near loc_fffb2ec5 ; jmp 0xfffb2ec5 + +loc_fffb2dcd: ; not directly referenced +lea eax, [esi + 0x48ca] +mov dword [ebp - 0x2c], eax +imul eax, ecx, 0x2e +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +mov dword [ebp - 0x30], eax +lea eax, [ecx*8 - 0x1173] +mov dword [ebp - 0x3c], eax + +loc_fffb2df5: ; not directly referenced +mov eax, dword [ebp - 0x3c] +mov ebx, dword [ebp - 0x2c] +mov dword [ebp - 0x28], 0 +add eax, ebx +mov dword [ebp - 0x38], eax +mov eax, dword [ebp - 0x20] +lea edi, [esi + eax + 0x1973] + +loc_fffb2e11: ; not directly referenced +cmp dword [ebx], 2 +jne short loc_fffb2e8b ; jne 0xfffb2e8b +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x28] +mov eax, dword [ebx + eax + 4] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp - 0x38] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x34], eax +cmp ecx, 1 +je short loc_fffb2e40 ; je 0xfffb2e40 +jb short loc_fffb2e4c ; jb 0xfffb2e4c +xor eax, eax +cmp ecx, 3 +jbe short loc_fffb2e71 ; jbe 0xfffb2e71 +jmp short loc_fffb2e4c ; jmp 0xfffb2e4c + +loc_fffb2e40: ; not directly referenced +movzx eax, word [edi + 0x25e] +test ax, ax +jne short loc_fffb2e71 ; jne 0xfffb2e71 -loc_fffb22d3: ; not directly referenced +loc_fffb2e4c: ; not directly referenced xor eax, eax +cmp dword [ebx + 0xd5], 2 +jne short loc_fffb2e71 ; jne 0xfffb2e71 +cmp dword [ebp - 0x24], 0 +movzx edx, word [edi + 0x68] +je short loc_fffb2e71 ; je 0xfffb2e71 +imul edx, dword [ebp - 0x34] +mov eax, dword [ebp - 0x24] +lea eax, [eax + edx - 1] xor edx, edx +div dword [ebp - 0x24] -loc_fffb22d7: ; not directly referenced -and edx, 7 -and eax, 7 -mov bl, byte [ebp - 0x51] -shl edx, 0x18 -xor edi, edi -mov ecx, dword [ebp - 0x50] -shl eax, 0x1c -or eax, edx -and ah, 0xcf -mov edx, eax -mov eax, dword [ebp - 0x4c] -or dh, 0x18 -cmp byte [eax + 0x247a], 0 -setne al -movzx eax, al -shl eax, 7 -or eax, edx -mov edx, eax -or edx, 0x20 -cmp bl, 6 -mov ebx, dword [ebp - 0x4c] -cmove eax, edx -mov esi, eax -mov eax, edi -and eax, 0xfffffc00 -or eax, 2 -mov edi, eax -cmp dword [ebp - 0x60], 1 -lea eax, [ecx + 0x20] -lea edx, [ecx + 0x40] -mov ecx, dword [ebp - 0x68] -cmovne edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, ebx -push ecx -push ecx -mov ecx, dword [ebp - 0x50] +loc_fffb2e71: ; not directly referenced +cmp eax, 0x1ff +mov edx, 0x1ff +cmova eax, edx +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax + +loc_fffb2e8b: ; not directly referenced +add dword [ebp - 0x28], 0x20 +add ebx, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x28], 0x40 +jne loc_fffb2e11 ; jne 0xfffb2e11 +add dword [ebp - 0x20], 0x54a +add dword [ebp - 0x2c], 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffb2df5 ; jne 0xfffb2df5 +jmp near loc_fffb2db7 ; jmp 0xfffb2db7 + +loc_fffb2ec5: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb2ed3 ; ja 0xfffb2ed3 +cmp byte [esi + 0x374a], 0 +je short loc_fffb2efd ; je 0xfffb2efd + +loc_fffb2ed3: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb2efd: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb2ec5 ; jne 0xfffb2ec5 +add esp, 0x30 +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb2f13: ; not directly referenced +push ebp +xor ecx, ecx +mov ebp, esp push edi push esi -lea edx, [ecx + ecx - 0x4a18] -call fcn_fffae7cf ; call 0xfffae7cf -mov ecx, dword [ebp - 0x50] -mov eax, ebx -lea edx, [ecx - 0xa8] -mov ecx, 4 -call fcn_fffae566 ; call 0xfffae566 -mov edx, dword [ebp - 0xc8] -add esp, 0x10 -mov eax, dword [ebp - 0x88] -mov esi, dword [ebp - 0x78] -mov ecx, dword [ebp - 0xd8] -and edx, 1 -mov bl, byte [ebp - 0x51] -shl edx, 7 -and eax, 0x7f -or eax, edx -mov edx, dword [ebp - 0xa8] -and esi, 0x7f -or eax, 0x8000000 -and ecx, 1 -shl ecx, 7 -and edx, 0x3fff -shl edx, 8 -or eax, edx -mov edx, eax -and edx, 0x83fff00 -or edx, esi -or edx, ecx -mov ecx, eax -or ecx, 0x4000000 -and ecx, 0xf7ffffff -cmp bl, 4 -je short loc_fffb23ed ; je 0xfffb23ed -cmp bl, 5 -je short loc_fffb2433 ; je 0xfffb2433 -cmp bl, 3 -jne loc_fffb2475 ; jne 0xfffb2475 -mov dword [ebp - 0x38], edx -mov byte [ebp - 0x39], 1 -or byte [ebp - 0x36], 0xc0 -and byte [ebp - 0x35], 0xfc -jmp near loc_fffb24af ; jmp 0xfffb24af +push ebx +sub esp, 0x30 -loc_fffb23ed: ; not directly referenced -mov dword [ebp - 0x38], eax -mov cl, byte [ebp - 0x36] -and byte [ebp - 0x35], 0xfc -and ecx, 0x3f -or ecx, 0x40 -mov byte [ebp - 0x36], cl -mov ecx, 1 +loc_fffb2f1e: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffb2f4a ; ja 0xfffb2f4a +mov ebx, dword [ebp + 8] +cmp byte [ebx + 0x374a], 0 +jne short loc_fffb2f4a ; jne 0xfffb2f4a -loc_fffb2405: ; not directly referenced -mov dword [ebp + ecx*4 - 0x38], edx -mov bl, byte [ebp + ecx*4 - 0x36] -and byte [ebp + ecx*4 - 0x35], 0xfc -and ebx, 0x3f -or ebx, 0xffffff80 -mov byte [ebp + ecx*4 - 0x36], bl +loc_fffb2f32: ; not directly referenced inc ecx -cmp ecx, 7 -jne short loc_fffb2405 ; jne 0xfffb2405 -mov dword [ebp - 0x1c], eax -mov byte [ebp - 0x39], 0xff -and byte [ebp - 0x1a], 0x3f -and byte [ebp - 0x19], 0xfc -jmp short loc_fffb24af ; jmp 0xfffb24af +cmp ecx, 4 +jne short loc_fffb2f1e ; jne 0xfffb2f1e +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48e2 +jmp near loc_fffb308f ; jmp 0xfffb308f -loc_fffb2433: ; not directly referenced -mov dword [ebp - 0x38], eax -mov cl, byte [ebp - 0x36] -mov dword [ebp - 0x34], edx +loc_fffb2f4a: ; not directly referenced +mov ebx, dword [ebp + 8] +imul eax, eax, 0x23 +lea esi, [ecx*8 - 0x1269] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +lea edi, [ebx + 0x49c0] +mov dword [ebp - 0x2c], edi +imul edi, ecx, 0x2e +mov dword [ebp - 0x3c], esi mov dword [ebp - 0x30], eax -mov dword [ebp - 0x2c], edx -and ecx, 0x3f -or ecx, 0x40 -mov byte [ebp - 0x36], cl -mov cl, byte [ebp - 0x32] -and byte [ebp - 0x35], 0xfc -and byte [ebp - 0x31], 0xfc -and byte [ebp - 0x2e], 0x3f -and ecx, 0x3f -or ecx, 0xffffff80 -mov byte [ebp - 0x32], cl -and byte [ebp - 0x2d], 0xfc -or byte [ebp - 0x2a], 0xc0 -and byte [ebp - 0x29], 0xfc -mov byte [ebp - 0x39], 0xf -jmp short loc_fffb24af ; jmp 0xfffb24af - -loc_fffb2475: ; not directly referenced -mov esi, dword [ebp + 0x18] -cmp byte [esi + 0xa], 2 -jne short loc_fffb248d ; jne 0xfffb248d -cmp word [ebp - 0xb0], 8 -jne short loc_fffb248d ; jne 0xfffb248d -mov dword [ebp - 0x38], ecx -jmp short loc_fffb2490 ; jmp 0xfffb2490 +mov dword [ebp - 0x34], edi -loc_fffb248d: ; not directly referenced +loc_fffb2f7b: ; not directly referenced +mov eax, dword [ebp - 0x3c] +mov esi, dword [ebp - 0x2c] +mov ebx, dword [ebp - 0x20] +mov dword [ebp - 0x24], 0 +add eax, esi mov dword [ebp - 0x38], eax +mov eax, dword [ebp + 8] +lea edi, [eax + ebx + 0x1973] -loc_fffb2490: ; not directly referenced -mov dl, byte [ebp - 0x36] -mov dword [ebp - 0x34], eax -and byte [ebp - 0x35], 0xfc -and byte [ebp - 0x32], 0x3f -and byte [ebp - 0x31], 0xfc -and edx, 0x3f -or edx, 0x40 -mov byte [ebp - 0x36], dl -mov byte [ebp - 0x39], 3 +loc_fffb2f9a: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffb3055 ; jne 0xfffb3055 +mov eax, dword [ebp - 0x34] +mov edx, dword [ebp - 0x24] +mov ebx, dword [esi + eax - 0xf2] +mov eax, dword [ebp - 0x38] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x28], eax +cmp ecx, 1 +je short loc_fffb300a ; je 0xfffb300a +jb short loc_fffb3016 ; jb 0xfffb3016 +cmp ecx, 3 +ja short loc_fffb3016 ; ja 0xfffb3016 +cmp ecx, 2 +mov dl, byte [esi] +jne short loc_fffb2fdd ; jne 0xfffb2fdd +and dl, 1 +jne short loc_fffb2fe4 ; jne 0xfffb2fe4 +xor eax, eax +jmp short loc_fffb303b ; jmp 0xfffb303b -loc_fffb24af: ; not directly referenced -imul eax, dword [ebp - 0x58], 0x28 -xor ebx, ebx -lea edi, [ebp - 0x39] -lea esi, [eax + 0x4808] -sub edi, eax +loc_fffb2fdd: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffb303b ; je 0xfffb303b -loc_fffb24c0: ; not directly referenced -movzx eax, byte [ebp - 0x39] -bt eax, ebx -jb loc_fffb2593 ; jb 0xfffb2593 +loc_fffb2fe4: ; not directly referenced +mov eax, dword [esi - 0x21] +and eax, 0xfffffffd +dec eax +mov eax, dword [ebp - 0x30] +jne short loc_fffb2ffa ; jne 0xfffb2ffa +movzx edx, word [edi + eax + 0x10f] +jmp short loc_fffb3002 ; jmp 0xfffb3002 -loc_fffb24cd: ; not directly referenced -lea eax, [ebp - 0x3d] -mov esi, dword [ebp - 0x4c] -push edx -mov ecx, dword [ebp + 0x10] -push eax -mov edx, dword [ebp - 0x58] -lea eax, [ebp - 0x41] -push eax -lea eax, [ebp - 0x45] -push eax -mov eax, dword [ebp + 0x10] -add eax, 0x24 -push eax -mov eax, dword [ebp + 0x10] -add eax, 0x14 -push eax -mov eax, dword [ebp + 0x10] -add eax, 0x10 -push eax -mov eax, dword [ebp + 0x10] -add eax, 8 -push eax -mov eax, esi -call fcn_fffaa5b6 ; call 0xfffaa5b6 -mov eax, dword [ebp + 0x18] -add esp, 0x20 -mov edi, dword [ebp + 0x18] -movzx ecx, byte [eax + 6] -movzx eax, byte [eax + 2] -mov dx, word [edi] -and ecx, 0x3f -and eax, 0x3f -shl eax, 8 -mov ebx, edx -shl ecx, 0x10 -and ebx, 0x1f -or ecx, eax -mov eax, dword [ebp - 0x5c] -shr dx, 5 -or ecx, ebx -and edx, 1 -shl edx, 5 -or ecx, edx -lea edx, [eax + 0x1c0] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp + 0x18] -mov dl, byte [eax + 0xa] -cmp dl, 2 -sete al -cmp dl, 4 -sete dl -or eax, edx -cmp al, 1 -mov al, byte [ebp - 0x51] -sbb ecx, ecx -and ecx, 2 -movzx ecx, cl -sub eax, 4 -or ecx, 0x8090 -cmp al, 1 -ja short loc_fffb25b6 ; ja 0xfffb25b6 -mov al, byte [ebp - 0x61] -and ecx, 0xf8c0ffff -inc eax -and eax, 7 -shl eax, 0x18 -or ecx, eax -or ecx, 0x10000 -jmp short loc_fffb25b6 ; jmp 0xfffb25b6 +loc_fffb2ffa: ; not directly referenced +movzx edx, word [edi + eax + 0x1df] -loc_fffb2593: ; not directly referenced -mov ecx, dword [edi + esi - 0x4807] -mov edx, esi -inc ebx -mov eax, dword [ebp - 0x4c] -add esi, 4 -call fcn_fffae58c ; call 0xfffae58c -cmp ebx, 8 -jne loc_fffb24c0 ; jne 0xfffb24c0 -jmp near loc_fffb24cd ; jmp 0xfffb24cd +loc_fffb3002: ; not directly referenced +xor eax, eax +test ebx, ebx +je short loc_fffb303b ; je 0xfffb303b +jmp short loc_fffb302f ; jmp 0xfffb302f -loc_fffb25b6: ; not directly referenced -mov edi, dword [ebp - 0x4c] -mov esi, dword [ebp - 0x5c] -mov eax, edi -mov edx, esi -call fcn_fffae58c ; call 0xfffae58c -xor ecx, ecx -mov eax, edi -lea edx, [esi + 0x44] -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp - 0xe8] -mov eax, edi -lea edx, [esi + 0x58] -and ecx, 3 -shl ecx, 0xc -or ecx, 0xffff0001 -call fcn_fffae58c ; call 0xfffae58c -lea edx, [esi + 0x98] -push eax -push eax -mov eax, edi -push 0 -push 0 -call fcn_fffae7cf ; call 0xfffae7cf -xor ecx, ecx -mov eax, edi -lea edx, [esi + 0x5c] -call fcn_fffae566 ; call 0xfffae566 -add esp, 0x10 -cmp byte [edi + 0x247a], 0 -je short loc_fffb2697 ; je 0xfffb2697 -mov eax, dword [ebp - 0x50] -mov ecx, 0xfc -lea edx, [eax - 8] -mov eax, dword [ebp - 0x4c] -call fcn_fffae566 ; call 0xfffae566 -cmp dword [ebp - 0x60], 1 -jne short loc_fffb2644 ; jne 0xfffb2644 -mov eax, dword [ebp - 0x50] -mov ecx, 0xff -lea edx, [eax - 7] -mov eax, dword [ebp - 0x4c] -call fcn_fffae566 ; call 0xfffae566 +loc_fffb300a: ; not directly referenced +movzx eax, word [edi + 0x25c] +test ax, ax +jne short loc_fffb303b ; jne 0xfffb303b -loc_fffb2644: ; not directly referenced -mov eax, dword [ebp - 0x4c] -movzx ebx, word [eax + 0x2489] -test bx, bx -je short loc_fffb2667 ; je 0xfffb2667 -mov eax, 0x9c40 -cdq -idiv ebx -mov ecx, eax -mov eax, 0x30d40 -cdq -idiv ebx -jmp short loc_fffb2671 ; jmp 0xfffb2671 +loc_fffb3016: ; not directly referenced +xor eax, eax +test ebx, ebx +je short loc_fffb303b ; je 0xfffb303b +mov eax, dword [esi - 0x21] +and eax, 0xfffffffd +dec eax +jne short loc_fffb302b ; jne 0xfffb302b +movzx edx, word [edi + 0x60] +jmp short loc_fffb302f ; jmp 0xfffb302f -loc_fffb2667: ; not directly referenced -mov eax, 0xff -mov ecx, 0xff +loc_fffb302b: ; not directly referenced +movzx edx, word [edi + 0x66] -loc_fffb2671: ; not directly referenced -mov ebx, ecx -movzx ecx, cl -mov edx, dword [ebp - 0x50] -shl ebx, 8 -and ebx, 0xff00 -shl ecx, 0x10 -shl eax, 0x18 -or ecx, ebx -or ecx, eax -or ecx, 2 +loc_fffb302f: ; not directly referenced +imul edx, dword [ebp - 0x28] +lea eax, [ebx + edx - 1] +xor edx, edx +div ebx -loc_fffb268f: ; not directly referenced -mov eax, dword [ebp - 0x4c] -call fcn_fffae58c ; call 0xfffae58c +loc_fffb303b: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, 0x1ff +mov ebx, 0x1ff +cmova eax, ebx +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffb2697: ; not directly referenced -inc dword [ebp - 0x58] -add dword [ebp - 0x5c], 0x400 -add dword [ebp - 0x50], 4 -cmp dword [ebp - 0x58], 2 -jne loc_fffb225c ; jne 0xfffb225c -mov edx, dword [ebp - 0xac] -mov ecx, 2 -mov eax, dword [ebp - 0x4c] -call fcn_fffb1bed ; call 0xfffb1bed -lea esp, [ebp - 0xc] +loc_fffb3055: ; not directly referenced +add dword [ebp - 0x24], 0x20 +add esi, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x24], 0x40 +jne loc_fffb2f9a ; jne 0xfffb2f9a +add dword [ebp - 0x20], 0x54a +add dword [ebp - 0x2c], 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffb2f7b ; jne 0xfffb2f7b +jmp near loc_fffb2f32 ; jmp 0xfffb2f32 + +loc_fffb308f: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb30a0 ; ja 0xfffb30a0 +mov edi, dword [ebp + 8] +cmp byte [edi + 0x374a], 0 +je short loc_fffb30ca ; je 0xfffb30ca + +loc_fffb30a0: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffb30ca: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb308f ; jne 0xfffb308f +add esp, 0x30 +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb26ca: ; not directly referenced +fcn_fffb30e0: ; not directly referenced push ebp -movzx edx, dl mov ebp, esp push edi +xor edi, edi push esi -mov esi, ecx push ebx -mov ecx, 0xb sub esp, 0x4c -mov ebx, eax -lea edi, [ebp - 0x44] -xor eax, eax -rep stosd ; rep stosd dword es:[edi], eax -lea eax, [ebp - 0x4f] -push 0 -push 0 -push 0 -push eax -movzx eax, byte [ebp + 8] -mov word [ebp - 0x36], 0x3ff -mov dword [ebp - 0x30], 0x20 -push eax -lea eax, [ebp - 0x44] -push eax -mov eax, ebx -push esi -push 0x80 -mov word [ebp - 0x20], 1 -mov word [ebp - 0x1a], 1 -mov word [ebp - 0x4f], 4 -mov dword [ebp - 0x4d], 0 -mov dword [ebp - 0x49], 7 -mov byte [ebp - 0x45], 0 -call fcn_fffb20e5 ; call 0xfffb20e5 -lea edx, [esi - 7] -add esp, 0x20 -mov al, 1 -test dl, dl -cmovg eax, edx -mov byte [ebx + 0x248c], al -mov byte [ebx + 0x248b], 0 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x2444] +mov dword [ebp - 0x44], eax -fcn_fffb2759: ; not directly referenced -push ebp -movzx edx, dl -mov ebp, esp -push edi -push esi -mov esi, ref_fffd3e9c ; mov esi, 0xfffd3e9c -push ebx -mov ebx, eax -sub esp, 0x5c -lea edi, [ebp - 0x44] -mov dword [ebp - 0x5c], ecx -mov ecx, 0xb -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea eax, [ebp - 0x4f] -mov esi, dword [ebp - 0x5c] -push 0 -push 0 -push 1 -push eax -movzx eax, byte [ebp + 8] -mov word [ebp - 0x4f], 4 -mov dword [ebp - 0x4d], 0 -push eax -lea eax, [ebp - 0x44] -push eax -mov eax, ebx -push esi -push 8 -mov dword [ebp - 0x49], 9 -mov byte [ebp - 0x45], 2 -call fcn_fffb20e5 ; call 0xfffb20e5 -mov edx, esi -add esp, 0x20 -sub edx, 4 -mov al, 1 -test dl, dl -cmovg eax, edx -mov byte [ebx + 0x248c], al -mov byte [ebx + 0x248b], 2 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffb30f7: ; not directly referenced +lea eax, [edi - 2] +cmp eax, 1 +ja short loc_fffb3123 ; ja 0xfffb3123 +mov ebx, dword [ebp + 8] +cmp byte [ebx + 0x374a], 0 +jne short loc_fffb3123 ; jne 0xfffb3123 -fcn_fffb27d5: ; not directly referenced -push ebp -mov ecx, 0xb -mov ebp, esp -push edi -push ebx -mov ebx, eax -lea edi, [ebp - 0x8c] -xor eax, eax -sub esp, 0x90 -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0x60] -mov word [ebp - 0x82], 0xf -mov word [ebp - 0x66], 1 -mov word [ebp - 0x97], 1 -mov dword [ebp - 0x95], 0 -mov dword [ebp - 0x91], 3 -mov cl, 0xb -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0x34] -mov word [ebp - 0x52], 0x3ff -mov dword [ebp - 0x4c], 0x20 -mov word [ebp - 0x3c], 1 -mov word [ebp - 0x36], 1 -mov byte [ebp - 0x8d], 0 -mov cl, 0xb -rep stosd ; rep stosd dword es:[edi], eax -mov eax, dword [ebx + 0x2480] -mov word [ebp - 0x32], 4 -mov word [ebp - 0x2a], 4 -cmp eax, 3 -je short loc_fffb2871 ; je 0xfffb2871 -dec eax -lea ecx, [ebp - 0x8c] -lea eax, [ebp - 0x60] -cmovne eax, ecx -jmp short loc_fffb2874 ; jmp 0xfffb2874 +loc_fffb310b: ; not directly referenced +inc edi +cmp edi, 4 +jne short loc_fffb30f7 ; jne 0xfffb30f7 +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48e0 +jmp near loc_fffb32ce ; jmp 0xfffb32ce -loc_fffb2871: ; not directly referenced -lea eax, [ebp - 0x34] +loc_fffb3123: ; not directly referenced +mov ebx, dword [ebp + 8] +imul eax, eax, 0x23 +lea esi, [edi*8 - 0x1269] +mov dword [ebp + edi*4 - 0x28], 0 +mov dword [ebp - 0x34], 0 +add ebx, 0x49c0 +mov dword [ebp - 0x3c], ebx +imul ebx, edi, 0x2e +mov dword [ebp - 0x54], esi +mov dword [ebp - 0x40], eax +mov dword [ebp - 0x48], ebx -loc_fffb2874: ; not directly referenced -push 0 -movzx edx, dl -push 0 -push 0 -lea ecx, [ebp - 0x97] -push ecx -mov ecx, 2 -push 0 -push eax -mov eax, ebx -push 0xa -push 0x80 -call fcn_fffb20e5 ; call 0xfffb20e5 -add esp, 0x20 -mov byte [ebx + 0x248c], 1 -mov byte [ebx + 0x248b], 0 -lea esp, [ebp - 8] -pop ebx -pop edi -pop ebp -ret - -fcn_fffb28b2: ; not directly referenced -push ebp -xor eax, eax -mov ebp, esp -mov ecx, 0xb -push edi -push esi -push ebx -lea edi, [ebp - 0x1f4] -sub esp, 0x270 -rep stosd ; rep stosd dword es:[edi], eax -mov eax, dword [ebp + 8] -lea edx, [ebp - 0x217] -mov word [ebp - 0x1e6], 0x3ff -mov word [ebp - 0x1ca], 1 -mov word [ebp - 0x1ff], 0x20 -mov esi, dword [eax + 0x5edc] -mov al, byte [eax + 0x248e] -mov dword [ebp - 0x1fd], 0 -mov dword [ebp - 0x1f9], 9 -mov byte [ebp - 0x1f5], 0 -mov byte [ebp - 0x22c], al -mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] -mov byte [ebp - 0x230], al -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x18a7] -mov dword [ebp - 0x234], eax -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x188b] -mov dword [ebp - 0x260], eax -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 -sete al -movzx eax, al -mov dword [ebp - 0x250], eax -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] -push 1 -push 7 -push edx -call dword [eax + 0x5c] ; ucall +loc_fffb3154: ; not directly referenced +mov eax, dword [ebp - 0x54] +mov esi, dword [ebp - 0x3c] +mov ebx, dword [ebp - 0x34] +mov dword [ebp - 0x38], 0 +add eax, esi +mov dword [ebp - 0x50], eax mov eax, dword [ebp + 8] -add esp, 0x10 -mov eax, dword [eax + 0x1887] -cmp eax, 0x40650 -je short loc_fffb29de ; je 0xfffb29de -ja short loc_fffb298e ; ja 0xfffb298e -cmp eax, 0x306d0 -jmp short loc_fffb299a ; jmp 0xfffb299a - -loc_fffb298e: ; not directly referenced -cmp eax, 0x40660 -je short loc_fffb29a8 ; je 0xfffb29a8 -cmp eax, 0x40670 - -loc_fffb299a: ; not directly referenced -jne short loc_fffb29c3 ; jne 0xfffb29c3 -mov dword [ebp - 0x248], 0x7f -jmp short loc_fffb29e8 ; jmp 0xfffb29e8 +lea eax, [eax + ebx + 0x1973] +mov dword [ebp - 0x30], eax -loc_fffb29a8: ; not directly referenced -mov dword [ebp - 0x248], 0x3f -mov ebx, 0x19 -mov dword [ebp - 0x240], 0x14 -jmp short loc_fffb29f7 ; jmp 0xfffb29f7 +loc_fffb3176: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffb3293 ; jne 0xfffb3293 +mov eax, dword [ebp - 0x48] +mov ebx, dword [ebp - 0x38] +mov eax, dword [esi + eax - 0xf2] +mov dword [ebp - 0x2c], eax +mov eax, dword [ebp - 0x50] +mov ecx, dword [eax + ebx + 0xc9] +cmp edi, 1 +je loc_fffb323b ; je 0xfffb323b +jb loc_fffb324a ; jb 0xfffb324a +cmp edi, 3 +ja loc_fffb324a ; ja 0xfffb324a +cmp edi, 2 +mov dl, byte [esi] +jne short loc_fffb31c8 ; jne 0xfffb31c8 +and dl, 1 +jne short loc_fffb31d3 ; jne 0xfffb31d3 +xor eax, eax +jmp near loc_fffb3279 ; jmp 0xfffb3279 -loc_fffb29c3: ; not directly referenced -mov dword [ebp - 0x248], 0x3f -mov ebx, 0x15 -mov dword [ebp - 0x240], 0x10 -jmp short loc_fffb29f7 ; jmp 0xfffb29f7 +loc_fffb31c8: ; not directly referenced +xor eax, eax +and dl, 2 +je loc_fffb3279 ; je 0xfffb3279 -loc_fffb29de: ; not directly referenced -mov dword [ebp - 0x248], 0x3f +loc_fffb31d3: ; not directly referenced +mov eax, dword [esi - 0x21] +mov ebx, dword [ebp - 0x40] +and eax, 0xfffffffd +dec eax +mov eax, dword [ebp - 0x30] +jne short loc_fffb31ec ; jne 0xfffb31ec +movzx edx, word [eax + ebx + 0x10d] +jmp short loc_fffb31f4 ; jmp 0xfffb31f4 -loc_fffb29e8: ; not directly referenced -mov dword [ebp - 0x240], 0x12 -mov ebx, 0x17 +loc_fffb31ec: ; not directly referenced +movzx edx, word [eax + ebx + 0x1dd] -loc_fffb29f7: ; not directly referenced -push 8 -movzx edx, byte [ebp - 0x22c] -mov ecx, 2 -push 0 -push 0 -lea eax, [ebp - 0x1ff] -push eax -push 0 -lea eax, [ebp - 0x1f4] +loc_fffb31f4: ; not directly referenced +xor eax, eax +cmp dword [ebp - 0x2c], 0 +je short loc_fffb3279 ; je 0xfffb3279 +mov eax, dword [ebp - 0x44] +imul edx, edx, 0x3e8 +mov ebx, dword [eax + 0x74] +mov dword [ebp - 0x4c], ebx +push ebx +mov ebx, ecx +push edx +sar ebx, 0x1f +push ebx +xor ebx, ebx +push ecx +call dword [eax + 0x70] ; ucall +mov ecx, dword [ebp - 0x2c] +mov dword [esp], 0 +push ebx +xor ebx, ebx +push ecx +mov ecx, dword [ebp - 0x2c] +dec ecx +add eax, ecx +adc edx, ebx +mov ebx, dword [ebp - 0x4c] +push edx push eax -mov eax, dword [ebp + 8] -push 7 -push 2 -shl ebx, 0x10 -call fcn_fffb20e5 ; call 0xfffb20e5 -lea eax, [esi + 0x1c] +call ebx add esp, 0x20 -mov dword [ebp - 0x264], eax -xor esi, esi -mov dword [ebp - 0x22c], eax -mov dword [ebp - 0x238], ebx - -loc_fffb2a42: ; not directly referenced -imul eax, esi, 0x13c3 -mov edi, dword [ebp + 8] -xor ebx, ebx -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffb2aeb ; jne 0xfffb2aeb - -loc_fffb2a5b: ; not directly referenced -mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffb2a8f ; jae 0xfffb2a8f -mov eax, dword [ebp + 8] -movzx edi, bl -mov edx, esi -mov ecx, edi -inc ebx -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0x22c] -mov ecx, dword [ecx + edi*4 + 0x28] -mov edx, eax -mov eax, dword [ebp + 8] -or ecx, 0x40 -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb2a5b ; jmp 0xfffb2a5b - -loc_fffb2a8f: ; not directly referenced -mov ecx, 0xff -mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 -mov edi, eax -mov eax, dword [ebp - 0x22c] -mov ebx, dword [eax] -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne short loc_fffb2ac0 ; jne 0xfffb2ac0 -and ebx, 0xefffffff -mov edx, edi -mov ecx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffb2ac0: ; not directly referenced -mov eax, dword [ebp + 8] -or ebx, 0x1000004 -mov edx, edi -mov ecx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c -mov ecx, dword [ebp - 0x238] -mov edx, esi -mov eax, dword [ebp + 8] -shl edx, 0xa -add edx, 0x4028 -call fcn_fffae58c ; call 0xfffae58c +jmp short loc_fffb3279 ; jmp 0xfffb3279 -loc_fffb2aeb: ; not directly referenced -inc esi -add dword [ebp - 0x22c], 0xcc -cmp esi, 2 -jne loc_fffb2a42 ; jne 0xfffb2a42 -imul eax, dword [ebp - 0x234], 0x2e -mov dword [ebp - 0x22c], 0 -mov dword [ebp - 0x26c], eax -movzx eax, byte [ebp - 0x230] -mov dword [ebp - 0x274], eax -mov eax, dword [ebp + 8] -add eax, 0x3756 -mov dword [ebp - 0x234], eax +loc_fffb323b: ; not directly referenced +mov eax, dword [ebp - 0x30] +movzx eax, word [eax + 0x25a] +test ax, ax +jne short loc_fffb3279 ; jne 0xfffb3279 -loc_fffb2b31: ; not directly referenced -mov edi, dword [ebp - 0x22c] -mov esi, dword [ebp - 0x274] -mov eax, edi -bt esi, edi -jb short loc_fffb2b78 ; jb 0xfffb2b78 +loc_fffb324a: ; not directly referenced +xor eax, eax +cmp dword [ebp - 0x2c], 0 +je short loc_fffb3279 ; je 0xfffb3279 +cmp dword [esi - 0x21], 3 +mov eax, 0x3b8260 +mov ebx, 0x7704c0 +mov ecx, 0x3e8 +cmove ebx, eax +mov eax, dword [ebp - 0x2c] +xor edx, edx +div ecx +xor edx, edx +mov ecx, eax +lea eax, [ebx + eax - 1] +div ecx -loc_fffb2b44: ; not directly referenced -inc dword [ebp - 0x22c] -cmp dword [ebp - 0x22c], 4 -jne short loc_fffb2b31 ; jne 0xfffb2b31 -mov eax, dword [ebp + 8] -mov edi, dword [ebp - 0x264] -mov dword [ebp - 0x22c], 0 -add eax, 0x3756 -mov dword [ebp - 0x234], eax -mov esi, eax -jmp near loc_fffb359d ; jmp 0xfffb359d +loc_fffb3279: ; not directly referenced +cmp eax, 0xffff +mov edx, 0xffff +cmovbe edx, eax +mov eax, dword [ebp + edi*4 - 0x28] +cmp edx, eax +cmovb edx, eax +mov dword [ebp + edi*4 - 0x28], edx -loc_fffb2b78: ; not directly referenced -mov esi, dword [ebp - 0x22c] -and eax, 1 -mov dword [ebp - 0x23c], 1 -mov dword [ebp - 0x238], 0 -mov byte [ebp - 0x254], 0 -mov ecx, esi -shl dword [ebp - 0x23c], cl -mov bl, byte [ebp - 0x23c] -mov dword [ebp - 0x24c], eax -mov byte [ebp - 0x230], bl -mov ebx, esi -shr bl, 1 -movzx esi, bl -mov byte [ebp - 0x265], bl -mov ebx, dword [ebp - 0x234] -mov dword [ebp - 0x244], esi +loc_fffb3293: ; not directly referenced +add dword [ebp - 0x38], 0x20 +add esi, 0x128 +add dword [ebp - 0x30], 0x277 +cmp dword [ebp - 0x38], 0x40 +jne loc_fffb3176 ; jne 0xfffb3176 +add dword [ebp - 0x34], 0x54a +add dword [ebp - 0x3c], 0x13c3 +cmp dword [ebp - 0x34], 0xa94 +jne loc_fffb3154 ; jne 0xfffb3154 +jmp near loc_fffb310b ; jmp 0xfffb310b -loc_fffb2bcf: ; not directly referenced -mov ecx, dword [ebp - 0x23c] -mov edx, dword [ebp - 0x238] -mov eax, dword [ebp + 8] -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x254], al -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -je loc_fffb2d28 ; je 0xfffb2d28 -mov eax, dword [ebp - 0x22c] -mov edx, 0 -mov byte [ebx + eax + 0x1011], 0 -mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x36e7] -cmp al, 1 -cmovbe eax, edx -cmp dword [ebp - 0x260], 1 -jne short loc_fffb2c47 ; jne 0xfffb2c47 +loc_fffb32ce: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb32df ; ja 0xfffb32df mov esi, dword [ebp + 8] -cmp dword [esi + 0x36e3], 1 -jne short loc_fffb2c3d ; jne 0xfffb2c3d -imul eax, eax, 0x64 -mov ecx, 0x85 -cdq -idiv ecx +cmp byte [esi + 0x374a], 0 +je short loc_fffb3309 ; je 0xfffb3309 -loc_fffb2c3d: ; not directly referenced -cmp al, 2 -lea edx, [eax - 2] -mov al, 0 -cmovae eax, edx +loc_fffb32df: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x20] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx -loc_fffb2c47: ; not directly referenced -mov esi, dword [ebp + 8] -cmp dword [esi + 0x2480], 3 -mov esi, dword [ebp - 0x26c] -movzx esi, word [ebx + esi + 0xa] -jne short loc_fffb2c93 ; jne 0xfffb2c93 -mov edi, dword [ebp + 8] -movzx edx, al -add esi, esi -mov ecx, 4 -movzx edi, word [edi + 0x2489] -add edi, edi -cmp al, 5 -cmovae ecx, edx -xor edx, edx -lea eax, [edi + 0x157b] -div edi -mov edi, dword [ebp - 0x240] -lea edx, [edi + eax + 1] -add esi, edx -add esi, ecx -jmp short loc_fffb2cae ; jmp 0xfffb2cae +loc_fffb3309: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb32ce ; jne 0xfffb32ce +lea esp, [ebp - 0xc] +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb2c93: ; not directly referenced -add esi, esi -movzx ecx, al -cmp al, 5 -mov eax, dword [ebp - 0x240] -mov edx, 4 -cmovae edx, ecx -lea esi, [eax + esi + 5] -add esi, edx +fcn_fffb331f: +push ebp +mov ebp, esp +sub esp, 0x14 +mov ecx, dword [eax + 0x2444] +add edx, dword [eax + 0x18c5] +inc dword [eax + 0x36a5] +push edx +call dword [ecx + 0x20] ; ucall +leave +ret -loc_fffb2cae: ; not directly referenced -mov eax, dword [ebp - 0x248] -mov edi, dword [ebp - 0x22c] -cmp esi, eax -cmova esi, eax -mov eax, dword [ebp - 0x238] -mov ecx, esi -shl eax, 0xa -lea edx, [edi + eax + 0x4024] -mov eax, dword [ebp + 8] -call fcn_fffae566 ; call 0xfffae566 -mov eax, esi -cmp dword [ebp - 0x250], 0 -mov byte [ebx + edi + 0x1015], al -je short loc_fffb2d28 ; je 0xfffb2d28 -imul edx, dword [ebp - 0x24c], 0x18 -imul eax, dword [ebp - 0x244], 0x128 -mov ecx, dword [ebp - 0x23c] -add eax, edx -mov ax, word [ebx + eax + 0x1273] +fcn_fffb333d: +push ebp +mov ebp, esp +sub esp, 0x14 +mov ecx, dword [eax + 0x2444] +add edx, dword [eax + 0x18c5] +inc dword [eax + 0x36a5] push edx +call dword [ecx + 0x24] ; ucall +leave +ret + +fcn_fffb335b: ; not directly referenced +push ebp +mov ebp, esp +push ebx +sub esp, 0xc +mov ebx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] +push ecx +add edx, dword [eax + 0x18c5] push edx -mov edx, dword [ebp - 0x238] -or ah, 4 -movzx eax, ax -push eax -mov eax, dword [ebp + 8] -push 4 -call fcn_fffafd52 ; call 0xfffafd52 +call dword [ebx + 0x28] ; ucall add esp, 0x10 +mov ebx, dword [ebp - 4] +leave +ret -loc_fffb2d28: ; not directly referenced -inc dword [ebp - 0x238] -add ebx, 0x13c3 -cmp dword [ebp - 0x238], 2 -jne loc_fffb2bcf ; jne 0xfffb2bcf -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x36d7] -cmp eax, 0x320 -je short loc_fffb2d8c ; je 0xfffb2d8c -cmp eax, 0x42b -ja short loc_fffb2da0 ; ja 0xfffb2da0 -mov eax, dword [ebp + 8] -mov esi, 0x198 -cmp dword [eax + 0x2480], 3 -mov eax, 0x158 -cmovne eax, esi -mov esi, 0x118 -mov word [ebp - 0x23c], ax -mov eax, 0xd8 -cmovne eax, esi -mov word [ebp - 0x238], ax -jmp short loc_fffb2db2 ; jmp 0xfffb2db2 - -loc_fffb2d8c: ; not directly referenced -mov word [ebp - 0x23c], 0x158 -mov word [ebp - 0x238], 0xd8 -jmp short loc_fffb2db2 ; jmp 0xfffb2db2 - -loc_fffb2da0: ; not directly referenced -mov word [ebp - 0x23c], 0x198 -mov word [ebp - 0x238], 0x118 - -loc_fffb2db2: ; not directly referenced -mov eax, dword [ebp - 0x238] -mov word [ebp - 0x244], ax -movzx eax, word [ebp - 0x23c] -sub eax, 8 -mov dword [ebp - 0x270], eax - -loc_fffb2dcf: ; not directly referenced -movzx edi, word [ebp - 0x244] -xor ebx, ebx - -loc_fffb2dd8: ; not directly referenced -imul eax, ebx, 0x13c3 -mov esi, dword [ebp + 8] -mov cl, byte [ebp - 0x230] -test byte [esi + eax + 0x381a], cl -je short loc_fffb2df4 ; je 0xfffb2df4 -xor esi, esi -jmp short loc_fffb2e39 ; jmp 0xfffb2e39 - -loc_fffb2df4: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffb2dd8 ; jne 0xfffb2dd8 -movzx eax, byte [ebp - 0x254] -xor ecx, ecx -xor esi, esi -push edi -push 0 -push 1 -mov edx, eax -mov dword [ebp - 0x258], eax -lea eax, [ebp - 0x217] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 -movzx ebx, word [ebp - 0x244] +fcn_fffb3381: ; not directly referenced +push ebp +mov ebp, esp +push ebx +sub esp, 0xc +mov ebx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] +push ecx +add edx, dword [eax + 0x18c5] +push edx +call dword [ebx + 0x30] ; ucall add esp, 0x10 -lea eax, [ebx - 8] -mov dword [ebp - 0x25c], eax -jmp near loc_fffb2ef0 ; jmp 0xfffb2ef0 +mov ebx, dword [ebp - 4] +leave +ret -loc_fffb2e39: ; not directly referenced -mov ecx, dword [ebp + 8] -mov eax, esi -cmp al, byte [ecx + 0x2488] -jae short loc_fffb2df4 ; jae 0xfffb2df4 -push eax -mov eax, esi -mov ecx, dword [ebp - 0x22c] +fcn_fffb33a7: ; not directly referenced +push ebp +mov ebp, esp push edi -movzx eax, al -push 0 -mov edx, ebx -push eax -mov eax, dword [ebp + 8] -inc esi -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -jmp short loc_fffb2e39 ; jmp 0xfffb2e39 +push esi +push ebx +mov ebx, eax +sub esp, 0x1c +mov esi, dword [ebx + 0x2444] +mov dword [ebp - 0x24], edx +mov byte [ebp - 0x1d], dl +call dword [esi + 0x54] ; ucall +mov ecx, 5 +mov edx, 0x4800 +add eax, 0x2710 +mov dword [ebp - 0x1c], eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb2e66: ; not directly referenced -movzx edi, byte [ebp - 0x24c] -mov edx, esi -mov eax, dword [ebp + 8] -mov ecx, edi -call fcn_fffa7617 ; call 0xfffa7617 +loc_fffb33da: ; not directly referenced +mov edx, 0x4804 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov cl, byte [ebp - 0x1d] mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x238] -cmp eax, 0x1f -seta al -movzx eax, al -cmp word [ebp - 0x244], cx -jne loc_fffb2f5a ; jne 0xfffb2f5a -test eax, eax -je short loc_fffb2f11 ; je 0xfffb2f11 -lea eax, [esi + esi*8] -add edi, eax -mov dword [ebp + edi*4 - 0x180], ebx -mov dword [ebp + edi*4 - 0x1c8], ebx -mov dword [ebp + edi*4 - 0xf0], ebx -mov dword [ebp + edi*4 - 0x138], ebx -mov dword [ebp + edi*4 - 0x60], ebx -mov dword [ebp + edi*4 - 0xa8], ebx - -loc_fffb2ecf: ; not directly referenced -inc byte [ebp - 0x24c] - -loc_fffb2ed5: ; not directly referenced -mov edi, dword [ebp + 8] -mov al, byte [ebp - 0x24c] -cmp al, byte [edi + 0x2488] -jb short loc_fffb2e66 ; jb 0xfffb2e66 +mov edi, eax +shr edx, 0x10 +shr eax, 0x10 +and edx, 2 +and eax, 1 +or eax, edx +and eax, ecx +cmp al, cl +jne short loc_fffb3405 ; jne 0xfffb3405 +xor eax, eax +jmp short loc_fffb3412 ; jmp 0xfffb3412 -loc_fffb2ee6: ; not directly referenced -inc esi -cmp esi, 2 -je loc_fffb3021 ; je 0xfffb3021 +loc_fffb3405: ; not directly referenced +call dword [esi + 0x54] ; ucall +cmp dword [ebp - 0x1c], eax +ja short loc_fffb33da ; ja 0xfffb33da +mov eax, 0x12 -loc_fffb2ef0: ; not directly referenced -imul eax, esi, 0x13c3 -mov edi, dword [ebp + 8] -mov cl, byte [ebp - 0x230] -test byte [edi + eax + 0x381a], cl -je short loc_fffb2ee6 ; je 0xfffb2ee6 -mov byte [ebp - 0x24c], 0 -jmp short loc_fffb2ed5 ; jmp 0xfffb2ed5 +loc_fffb3412: ; not directly referenced +mov edx, edi +mov ecx, edi +and edx, 2 +and ecx, 1 +or ecx, edx +mov edx, 0x14 +test byte [ebp - 0x24], cl +cmovne eax, edx +add esp, 0x1c +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb2f11: ; not directly referenced -lea eax, [esi + esi*8] -add edi, eax -mov dword [ebp + edi*4 - 0x180], 0xfffffff8 -mov dword [ebp + edi*4 - 0x1c8], 0xfffffff8 -mov dword [ebp + edi*4 - 0xf0], 0xfffffff8 -mov dword [ebp + edi*4 - 0x138], 0xfffffff8 -mov dword [ebp + edi*4 - 0x60], 0xfffffff8 -mov dword [ebp + edi*4 - 0xa8], 0xfffffff8 -jmp near loc_fffb2ecf ; jmp 0xfffb2ecf - -loc_fffb2f5a: ; not directly referenced -test eax, eax -je loc_fffb2ecf ; je 0xfffb2ecf -lea eax, [esi + esi*8] -mov ecx, dword [ebp - 0x25c] -add eax, edi -cmp dword [ebp + eax*4 - 0x180], ecx -jne short loc_fffb2f7d ; jne 0xfffb2f7d -mov dword [ebp + eax*4 - 0x180], ebx - -loc_fffb2f7d: ; not directly referenced -lea eax, [esi + esi*8] -mov ecx, dword [ebp - 0x25c] -add eax, edi -cmp dword [ebp + eax*4 - 0xf0], ecx -mov dword [ebp + eax*4 - 0xf0], ebx -je short loc_fffb2f9f ; je 0xfffb2f9f -mov dword [ebp + eax*4 - 0x138], ebx - -loc_fffb2f9f: ; not directly referenced -cmp ebx, dword [ebp - 0x270] -jl short loc_fffb2fee ; jl 0xfffb2fee -lea eax, [esi + esi*8] -movzx edx, word [ebp - 0x238] -add eax, edi -mov ecx, dword [ebp + eax*4 - 0x1c8] -cmp ecx, edx -jne short loc_fffb2fee ; jne 0xfffb2fee -mov edx, dword [ebp + eax*4 - 0x180] -cmp edx, ebx -je short loc_fffb2fee ; je 0xfffb2fee -mov edi, ebx -sub edi, dword [ebp + eax*4 - 0x138] -mov dword [ebp + eax*4 - 0x60], edx -sub ecx, edi -sub ecx, 8 -mov dword [ebp + eax*4 - 0x1c8], ecx -mov dword [ebp + eax*4 - 0xa8], ecx -jmp near loc_fffb2ecf ; jmp 0xfffb2ecf - -loc_fffb2fee: ; not directly referenced -lea eax, [esi + esi*8] -mov ecx, ebx -add edi, eax -mov edx, dword [ebp + edi*4 - 0x138] -mov eax, dword [ebp + edi*4 - 0x60] -sub eax, dword [ebp + edi*4 - 0xa8] -sub ecx, edx -cmp ecx, eax -jle loc_fffb2ecf ; jle 0xfffb2ecf -mov dword [ebp + edi*4 - 0xa8], edx -mov dword [ebp + edi*4 - 0x60], ebx -jmp near loc_fffb2ecf ; jmp 0xfffb2ecf - -loc_fffb3021: ; not directly referenced -add word [ebp - 0x244], 8 -mov eax, dword [ebp - 0x23c] -cmp word [ebp - 0x244], ax -jb loc_fffb2dcf ; jb 0xfffb2dcf -movzx eax, word [ebp - 0x23c] -xor edi, edi -mov ebx, dword [ebp - 0x234] -mov dword [ebp - 0x254], eax -imul eax, dword [ebp - 0x22c], 9 -mov dword [ebp - 0x25c], eax - -loc_fffb305e: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -jne short loc_fffb30cf ; jne 0xfffb30cf - -loc_fffb306c: ; not directly referenced -inc edi -add ebx, 0x13c3 -cmp edi, 2 -jne short loc_fffb305e ; jne 0xfffb305e -mov eax, dword [ebp + 8] -mov bl, byte [ebp - 0x265] -mov word [ebp - 0x220], 0x1ff -mov word [ebp - 0x21e], 0x1ff -movzx ecx, byte [eax + 0x2488] -mov eax, 1 -shl eax, cl -dec eax -mov word [ebp - 0x244], ax -lea eax, [ebx + ebx] -movzx eax, al -mov dword [ebp - 0x23c], eax -inc eax -mov dword [ebp - 0x238], eax -movzx eax, bl -add eax, 0x4028 -mov dword [ebp - 0x25c], eax -jmp near loc_fffb31e8 ; jmp 0xfffb31e8 - -loc_fffb30cf: ; not directly referenced -lea eax, [edi + edi*8] -mov byte [ebp - 0x238], 0 -mov dword [ebp - 0x24c], eax - -loc_fffb30df: ; not directly referenced -mov esi, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [esi + 0x2488] -jae loc_fffb306c ; jae 0xfffb306c -movzx ecx, byte [ebp - 0x238] -mov eax, dword [ebp - 0x24c] -add eax, ecx -mov esi, dword [ebp + eax*4 - 0x60] -mov eax, dword [ebp + eax*4 - 0xa8] -mov dword [ebp - 0x23c], esi -mov dword [ebp - 0x244], eax -add eax, esi -mov esi, 2 +fcn_fffb3431: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, 0x1ff +push esi +mov esi, 0x2800 +push ebx +mov ebx, eax +sub esp, 0x10 +mov dword [ebp - 0x1c], edx +imul edx, dword [eax + 0x18a7], 0x2e +imul eax, dword [ebp - 0x1c], 0x13c3 +lea eax, [edx + eax + 0x3740] +lea edx, [ebx + eax + 0x1b] +movzx eax, word [edx + 0x12] +cmp word [edx + 0x14], 0x1ff +cmovbe di, word [edx + 0x14] +movzx ecx, ax +imul eax, eax, 0x59 +and edi, 0x1ff +shl edi, 0x10 cdq idiv esi -mov esi, dword [ebp - 0x23c] -sub esi, dword [ebp - 0x244] -cmp eax, dword [ebp - 0x254] -jle short loc_fffb314e ; jle 0xfffb314e -mov edx, dword [ebp + 8] -cmp byte [edx + 0x1965], 0 -je short loc_fffb314e ; je 0xfffb314e +mov esi, dword [ebp - 0x1c] +mov edx, 0x7f +cmp eax, 0x7f +cmovbe edx, eax +add esp, 0x10 +shl edx, 0x19 +or ecx, edi +shl esi, 0xa +or ecx, edx +mov eax, ebx +lea edx, [esi + 0x4298] +pop ebx +pop esi +pop edi +pop ebp +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -loc_fffb3144: ; not directly referenced -mov eax, 7 -jmp near loc_fffb3a71 ; jmp 0xfffb3a71 +fcn_fffb34af: ; not directly referenced +mov dl, byte [eax + 0x1907] +push ebp +mov ebp, esp +push esi +mov esi, 0x80 +test dl, dl +movzx ecx, dl +cmovne esi, ecx +movzx ecx, byte [eax + 0x1906] +push ebx +cmp cl, 6 +sete bl +cmp cl, 1 +setbe dl +or bl, dl +jne short loc_fffb34f1 ; jne 0xfffb34f1 +xor ecx, ecx +cmp dword [eax + 0x2481], 3 +setne cl +lea ecx, [ecx*4 + 2] -loc_fffb314e: ; not directly referenced -sub esi, 0x21 -cmp esi, 0x3e -jbe short loc_fffb3162 ; jbe 0xfffb3162 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x1965], 0 -jne short loc_fffb3144 ; jne 0xfffb3144 +loc_fffb34f1: ; not directly referenced +and ecx, 0xf +mov edx, 0x4cb0 +shl ecx, 0xc +pop ebx +or ecx, esi +pop esi +pop ebp +jmp near fcn_fffb3381 ; jmp 0xfffb3381 -loc_fffb3162: ; not directly referenced -mov esi, dword [ebp - 0x25c] -lea edx, [ecx + esi + 0xd8] -mov word [ebx + edx*2 + 1], ax -mov eax, dword [ebp + 8] -mov edx, edi -push esi -push 0 -push 0xff -push ecx -mov ecx, dword [ebp - 0x22c] -call fcn_fffa7499 ; call 0xfffa7499 +fcn_fffb3506: ; not directly referenced +push ebp +mov ebp, esp +sub esp, 0xc +mov ecx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] +push dword [ebp + 0xc] +push dword [ebp + 8] +add edx, dword [eax + 0x18c5] +push edx +call dword [ecx + 0x34] ; ucall add esp, 0x10 -inc byte [ebp - 0x238] -jmp near loc_fffb30df ; jmp 0xfffb30df +leave +ret -loc_fffb319b: ; not directly referenced +fcn_fffb352d: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi push ebx -mov edx, dword [ebp - 0x258] -xor ecx, ecx +sub esp, 0x2c +mov ebx, dword [ebp + 8] +mov eax, dword [ebx + 0x2444] +cmp dword [ebx + 0x188b], 1 +mov dword [ebp - 0x24], eax +je loc_fffb371b ; je 0xfffb371b + +loc_fffb354f: ; not directly referenced +mov edx, 0x5030 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5030 +or al, 0x89 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, 0x8f +mov edx, 0x50fc +mov eax, ebx +mov esi, dword [ebx + 0x2444] +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebx + 0x18b5], 0 +je loc_fffb3800 ; je 0xfffb3800 +mov edi, dword [ebx + 0x18c1] +push 0xa0 push 0 -xor ebx, ebx -push 1 -lea eax, [ebp - 0x217] +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add edi, eax +mov dword [esp], edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 push eax -mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 -mov esi, dword [ebp - 0x234] +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0xbc +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0xa8 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0x90 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0x98 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0xb0 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0xb4 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0x78 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or ah, 4 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edi, dword [ebx + 0x18c1] +push 0x50 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [esi + 0x20] ; ucall +pop edx +pop ecx +or eax, 1 +push eax +push edi +call dword [esi + 0x30] ; ucall +mov edx, 0x5880 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +movzx edx, byte [ebx + 0x192a] +and edx, 1 +shl edx, 5 +and eax, 0xffffffdf +or eax, edx +mov edx, 0x5880 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 +jmp near loc_fffb3800 ; jmp 0xfffb3800 -loc_fffb31c2: ; not directly referenced -mov al, byte [ebp - 0x230] -xor edi, edi -mov word [ebp + ebx*2 - 0x220], 0 -test byte [esi + 0xc4], al -jne short loc_fffb322d ; jne 0xfffb322d - -loc_fffb31dc: ; not directly referenced -inc ebx -add esi, 0x13c3 -cmp ebx, 2 -jne short loc_fffb31c2 ; jne 0xfffb31c2 +loc_fffb371b: ; not directly referenced +cmp byte [ebx + 0x36a9], 0 +je loc_fffb354f ; je 0xfffb354f +cmp byte [ebx + 0x3705], 0 +je short loc_fffb3765 ; je 0xfffb3765 +push eax +mov esi, dword [ebp - 0x24] +xor edx, edx +push 0x14 +mov eax, dword [ebx + 0x3712] +push edx +push eax +call dword [esi + 0x68] ; ucall +add esp, 0xc +push 0x14 +mov dword [ebp - 0x28], eax +mov eax, dword [ebx + 0x3706] +mov dword [ebp - 0x2c], edx +xor edx, edx +push edx +push eax +call dword [esi + 0x68] ; ucall +add esp, 0x10 +mov ecx, eax +mov edi, edx +jmp short loc_fffb3777 ; jmp 0xfffb3777 -loc_fffb31e8: ; not directly referenced -cmp word [ebp - 0x220], 0 -je loc_fffb3335 ; je 0xfffb3335 -jmp short loc_fffb319b ; jmp 0xfffb319b +loc_fffb3765: ; not directly referenced +xor ecx, ecx +xor edi, edi +mov dword [ebp - 0x28], 0 +mov dword [ebp - 0x2c], 0 -loc_fffb31f8: ; not directly referenced -mov eax, edi -mov edx, ebx -movzx ecx, al -mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -and eax, 0x1ff -cmp eax, 0x1f -jle short loc_fffb322c ; jle 0xfffb322c -mov eax, 1 -mov ecx, edi -shl eax, cl -or word [ebp + ebx*2 - 0x220], ax +loc_fffb3777: ; not directly referenced +xor esi, esi -loc_fffb322c: ; not directly referenced -inc edi +loc_fffb3779: ; not directly referenced +movzx eax, byte [ebx + 0x36a9] +cmp esi, eax +jae loc_fffb354f ; jae 0xfffb354f +mov eax, dword [ebx + esi*8 + 0x36aa] +mov edx, dword [ebx + esi*8 + 0x36ae] +cmp byte [ebx + 0x3705], 0 +mov dword [ebp - 0x20], eax +mov dword [ebp - 0x1c], edx +je short loc_fffb37c5 ; je 0xfffb37c5 +cmp edx, dword [ebp - 0x2c] +ja short loc_fffb37c5 ; ja 0xfffb37c5 +jb short loc_fffb37b1 ; jb 0xfffb37b1 +cmp eax, dword [ebp - 0x28] +jae short loc_fffb37c5 ; jae 0xfffb37c5 -loc_fffb322d: ; not directly referenced -mov ecx, dword [ebp + 8] -mov eax, edi -cmp al, byte [ecx + 0x2488] -jb short loc_fffb31f8 ; jb 0xfffb31f8 -mov dx, word [ebp + ebx*2 - 0x220] -cmp dx, word [ebp - 0x244] -je short loc_fffb3265 ; je 0xfffb3265 +loc_fffb37b1: ; not directly referenced +cmp edx, edi +jb short loc_fffb37c5 ; jb 0xfffb37c5 +ja short loc_fffb37bb ; ja 0xfffb37bb +cmp eax, ecx +jb short loc_fffb37c5 ; jb 0xfffb37c5 -loc_fffb324b: ; not directly referenced -movzx eax, dx -xor edi, edi -mov dword [ebp - 0x24c], eax -imul eax, dword [ebp - 0x22c], 9 -mov dword [ebp - 0x254], eax -jmp short loc_fffb32d0 ; jmp 0xfffb32d0 +loc_fffb37bb: ; not directly referenced +mov eax, dword [ebp - 0x1c] +or eax, 0x40000000 +jmp short loc_fffb37cd ; jmp 0xfffb37cd -loc_fffb3265: ; not directly referenced -mov eax, dword [ebp - 0x22c] -mov al, byte [esi + eax + 0x1011] -cmp al, 0xd -ja short loc_fffb324b ; ja 0xfffb324b -mov edi, dword [ebp - 0x22c] -add eax, 2 -mov edx, ebx -shl edx, 0xa -add edx, dword [ebp - 0x25c] -mov byte [esi + edi + 0x1011], al -mov eax, dword [ebp - 0x238] -movzx ecx, byte [esi + eax + 0x1011] -mov eax, dword [ebp - 0x23c] -shl ecx, 4 -add cl, byte [esi + eax + 0x1011] -mov eax, dword [ebp + 8] -movzx ecx, cl -call fcn_fffae566 ; call 0xfffae566 -jmp near loc_fffb31dc ; jmp 0xfffb31dc +loc_fffb37c5: ; not directly referenced +mov eax, dword [ebp - 0x1c] +and eax, 0xbfffffff -loc_fffb32bf: ; not directly referenced -mov ecx, dword [ebp - 0x24c] -mov eax, edi -movzx eax, al -bt ecx, edi -jb short loc_fffb32e2 ; jb 0xfffb32e2 +loc_fffb37cd: ; not directly referenced +mov dword [ebp - 0x1c], eax +mov eax, dword [ebp - 0x1c] +lea edx, [esi*8 + 0x50b0] +mov dword [ebp - 0x30], ecx +inc esi +or eax, 0x80000000 +mov dword [ebp - 0x1c], eax +push eax +push eax +mov eax, ebx +push dword [ebp - 0x1c] +push dword [ebp - 0x20] +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 +mov ecx, dword [ebp - 0x30] +jmp near loc_fffb3779 ; jmp 0xfffb3779 -loc_fffb32cf: ; not directly referenced -inc edi +loc_fffb3800: ; not directly referenced +mov eax, dword [ebp - 0x24] +call dword [eax + 0x54] ; ucall +lea esi, [eax + 0x2710] -loc_fffb32d0: ; not directly referenced -mov ecx, dword [ebp + 8] -mov eax, edi -cmp al, byte [ecx + 0x2488] -jb short loc_fffb32bf ; jb 0xfffb32bf -jmp near loc_fffb31dc ; jmp 0xfffb31dc +loc_fffb380c: ; not directly referenced +mov edx, 0x5030 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +test al, 0x20 +jne short loc_fffb382d ; jne 0xfffb382d +mov eax, dword [ebp - 0x24] +call dword [eax + 0x54] ; ucall +cmp esi, eax +ja short loc_fffb380c ; ja 0xfffb380c +mov eax, 1 +jmp short loc_fffb38ab ; jmp 0xfffb38ab -loc_fffb32e2: ; not directly referenced -mov ecx, dword [ebp - 0x254] -lea edx, [eax + ecx] -lea edx, [esi + edx*2] -mov cx, word [edx + 0x1b1] -cmp cx, 0x7f -jbe short loc_fffb3307 ; jbe 0xfffb3307 -add ecx, 0xffffff80 -mov word [edx + 0x1b1], cx -jmp short loc_fffb3317 ; jmp 0xfffb3317 +loc_fffb382d: ; not directly referenced +xor eax, eax +cmp dword [ebx + 0x1887], 0x306d0 +je short loc_fffb3867 ; je 0xfffb3867 +mov ecx, eax +mov edx, 0x14000000 +and ecx, 0xe00fffff +mov dl, 0xa0 +or ecx, 0x5a00000 +and ecx, 0xfff00fff +or ecx, 0x24000 +and ecx, 0xfffff00f +or ecx, 0x4f +jmp short loc_fffb3894 ; jmp 0xfffb3894 -loc_fffb3307: ; not directly referenced -mov ecx, dword [ebp + 8] -cmp byte [ecx + 0x1965], 0 -jne loc_fffb3144 ; jne 0xfffb3144 +loc_fffb3867: ; not directly referenced +mov ecx, eax +mov edx, 0x14000000 +and ecx, 0xe00fffff +mov dl, 0xa0 +or ecx, 0x8200000 +and ecx, 0xfff00fff +or ecx, 0x5a000 +and ecx, 0xfffff00f +or ecx, 0x32f -loc_fffb3317: ; not directly referenced +loc_fffb3894: ; not directly referenced +mov eax, ecx push ecx -mov ecx, dword [ebp - 0x22c] -mov edx, ebx -push 0 -push 0xff +push ecx +push edx +mov edx, 0x5d10 push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 +mov eax, ebx +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -jmp short loc_fffb32cf ; jmp 0xfffb32cf - -loc_fffb3335: ; not directly referenced -cmp word [ebp - 0x21e], 0 -jne loc_fffb319b ; jne 0xfffb319b -mov ebx, dword [ebp - 0x234] -xor esi, esi -imul edi, dword [ebp - 0x22c], 9 - -loc_fffb3352: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -jne short loc_fffb3397 ; jne 0xfffb3397 - -loc_fffb3360: ; not directly referenced -inc esi -add ebx, 0x13c3 -cmp esi, 2 -jne short loc_fffb3352 ; jne 0xfffb3352 -imul eax, dword [ebp - 0x22c], 9 -mov word [ebp - 0x220], 0 -mov word [ebp - 0x21e], 0 -mov byte [ebp - 0x254], 0x40 -mov dword [ebp - 0x25c], eax -jmp near loc_fffb3443 ; jmp 0xfffb3443 +xor eax, eax -loc_fffb3397: ; not directly referenced -mov byte [ebp - 0x238], 0 +loc_fffb38ab: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb339e: ; not directly referenced -mov edx, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [edx + 0x2488] -jae short loc_fffb3360 ; jae 0xfffb3360 -movzx eax, byte [ebp - 0x238] -mov ecx, dword [ebp - 0x22c] -lea edx, [eax + edi] -add edx, edx -add word [ebx + edx + 0x1b1], 0x40 +fcn_fffb38b3: ; not directly referenced +push ebp +mov ebp, esp +push ebx +sub esp, 0xc +mov ebx, dword [eax + 0x2444] +inc dword [eax + 0x36a1] +push ecx +add edx, dword [eax + 0x18c5] push edx -mov edx, esi -push 0 -push 0xff -push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 +call dword [ebx + 0x30] ; ucall add esp, 0x10 -inc byte [ebp - 0x238] -jmp short loc_fffb339e ; jmp 0xfffb339e +mov ebx, dword [ebp - 4] +leave +ret -loc_fffb33e8: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [esi + 0xc4], al -je short loc_fffb3421 ; je 0xfffb3421 -mov byte [ebp - 0x238], 0 +fcn_fffb38d9: ; not directly referenced +push ebp +mov edx, eax +mov ebp, esp +xor eax, eax -loc_fffb33fd: ; not directly referenced -mov ecx, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [ecx + 0x2488] -jb short loc_fffb3474 ; jb 0xfffb3474 -mov eax, dword [ebp - 0x244] -cmp word [ebp + ebx*2 - 0x220], ax -mov al, 0 -cmovne edi, eax +loc_fffb38e0: ; not directly referenced +test edx, edx +je short loc_fffb38ec ; je 0xfffb38ec +lea ecx, [edx - 1] +inc eax +and edx, ecx +jmp short loc_fffb38e0 ; jmp 0xfffb38e0 -loc_fffb3421: ; not directly referenced -inc ebx -add esi, 0x13c3 -cmp ebx, 2 -jne short loc_fffb33e8 ; jne 0xfffb33e8 -mov eax, edi -test al, al -jne loc_fffb351e ; jne 0xfffb351e -dec byte [ebp - 0x254] -je loc_fffb350e ; je 0xfffb350e +loc_fffb38ec: ; not directly referenced +pop ebp +ret -loc_fffb3443: ; not directly referenced -push eax -mov edx, dword [ebp - 0x258] +fcn_fffb38ee: ; not directly referenced +push ebp xor ecx, ecx -push 0 -xor ebx, ebx -push 1 -mov edi, 1 -lea eax, [ebp - 0x217] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 -add esp, 0x10 -mov esi, dword [ebp - 0x234] -jmp near loc_fffb33e8 ; jmp 0xfffb33e8 +mov ebp, esp +push ebx +mov ebx, 0xa9e -loc_fffb3474: ; not directly referenced -movzx eax, word [ebp + ebx*2 - 0x220] -mov cl, byte [ebp - 0x238] -mov word [ebp - 0x24c], ax -movzx edx, cl -bt eax, ecx -mov dword [ebp - 0x23c], edx -jb short loc_fffb3503 ; jb 0xfffb3503 -mov eax, dword [ebp + 8] -mov ecx, edx -mov edx, ebx -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -cmp eax, 0x1f -jbe short loc_fffb34cf ; jbe 0xfffb34cf -mov cl, byte [ebp - 0x23c] -mov eax, 1 -shl eax, cl -or eax, dword [ebp - 0x24c] -mov word [ebp + ebx*2 - 0x220], ax -jmp short loc_fffb3503 ; jmp 0xfffb3503 +loc_fffb38f9: ; not directly referenced +cmp eax, 0x10f +jbe short loc_fffb390f ; jbe 0xfffb390f +imul eax, eax, 0x3e8 +xor edx, edx +add ecx, 0x64 +div ebx +jmp short loc_fffb38f9 ; jmp 0xfffb38f9 -loc_fffb34cf: ; not directly referenced -mov ecx, dword [ebp - 0x23c] -mov edx, dword [ebp - 0x25c] -mov eax, ecx -add eax, edx -mov edx, ebx -inc word [esi + eax*2 + 0x1b1] -push eax -mov eax, dword [ebp + 8] -push 0 -push 0xff -push ecx -mov ecx, dword [ebp - 0x22c] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 +loc_fffb390f: ; not directly referenced +imul edx, eax, 0xfffffff0 +mov ebx, 0x2710 +add edx, 0x2d3a +imul edx, eax +lea eax, [edx - 0xeefac] +xor edx, edx +div ebx +pop ebx +pop ebp +add eax, ecx +ret -loc_fffb3503: ; not directly referenced -inc byte [ebp - 0x238] -jmp near loc_fffb33fd ; jmp 0xfffb33fd +fcn_fffb392f: ; not directly referenced +push ebp +mov ecx, 0x12 +mov ebp, esp +xor edx, edx +push edi +push esi +mov esi, ref_fffd3988 ; mov esi, 0xfffd3988 +sub esp, 0x20 +lea edi, [ebp - 0x1a] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +lea ecx, [eax + eax] -loc_fffb350e: ; not directly referenced -mov eax, dword [ebp + 8] -cmp byte [eax + 0x1965], 0 -jne loc_fffb3144 ; jne 0xfffb3144 +loc_fffb394b: ; not directly referenced +cmp eax, 8 +jbe short loc_fffb395d ; jbe 0xfffb395d +mov ecx, eax +add edx, 0xa +shr ecx, 2 +shr eax, 3 +jmp short loc_fffb394b ; jmp 0xfffb394b -loc_fffb351e: ; not directly referenced -mov ebx, dword [ebp - 0x234] -xor esi, esi -imul edi, dword [ebp - 0x22c], 9 +loc_fffb395d: ; not directly referenced +movzx eax, byte [ebp + ecx - 0x1a] +add esp, 0x20 +pop esi +pop edi +pop ebp +add eax, edx +ret -loc_fffb352d: ; not directly referenced -mov al, byte [ebp - 0x230] -test byte [ebx + 0xc4], al -jne short loc_fffb354c ; jne 0xfffb354c +fcn_fffb396b: ; not directly referenced +cmp eax, 0xffffffff +je short loc_fffb3993 ; je 0xfffb3993 +push ebp +xor ecx, ecx +mov ebp, esp +xor edx, edx +push edi +push esi +push ebx +mov ebx, 1 -loc_fffb353b: ; not directly referenced -inc esi -add ebx, 0x13c3 -cmp esi, 2 -jne short loc_fffb352d ; jne 0xfffb352d -jmp near loc_fffb2b44 ; jmp 0xfffb2b44 +loc_fffb397f: ; not directly referenced +mov edi, ebx +shl edi, cl +lea esi, [ecx + 1] +test edi, eax +cmovne edx, esi +inc ecx +cmp ecx, 0x20 +jne short loc_fffb397f ; jne 0xfffb397f +jmp short loc_fffb3998 ; jmp 0xfffb3998 -loc_fffb354c: ; not directly referenced -mov byte [ebp - 0x238], 0 +loc_fffb3993: ; not directly referenced +xor edx, edx +mov al, dl +ret -loc_fffb3553: ; not directly referenced -mov ecx, dword [ebp + 8] -mov al, byte [ebp - 0x238] -cmp al, byte [ecx + 0x2488] -jae short loc_fffb353b ; jae 0xfffb353b -movzx eax, byte [ebp - 0x238] -lea edx, [eax + edi] -add edx, edx -sub word [ebx + edx + 0x1b1], 0x40 -mov edx, esi -push ecx -mov ecx, dword [ebp - 0x22c] -push 0 -push 0xff -push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 -inc byte [ebp - 0x238] -jmp short loc_fffb3553 ; jmp 0xfffb3553 +loc_fffb3998: ; not directly referenced +pop ebx +mov al, dl +pop esi +pop edi +pop ebp +ret -loc_fffb359d: ; not directly referenced -cmp dword [esi], 2 -je short loc_fffb35dc ; je 0xfffb35dc +fcn_fffb399f: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x10 +mov bl, byte [ebp + 8] +mov byte [ebp - 0xe], bl +mov bl, byte [ebp + 0xc] +mov byte [ebp - 0xf], bl +mov bl, byte [ebp + 0x10] +cmp cl, 0xff +je short loc_fffb39c4 ; je 0xfffb39c4 +lea edi, [ecx + 1] +mov byte [ebp - 0xd], cl +jmp short loc_fffb39cd ; jmp 0xfffb39cd -loc_fffb35a2: ; not directly referenced -inc dword [ebp - 0x22c] -add esi, 0x13c3 -add edi, 0xcc -cmp dword [ebp - 0x22c], 2 -jne short loc_fffb359d ; jne 0xfffb359d -mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a -mov edi, dword [ebp - 0x234] -mov dword [ebp - 0x22c], 0 -mov ebx, eax -jmp near loc_fffb36c5 ; jmp 0xfffb36c5 +loc_fffb39c4: ; not directly referenced +mov edi, 4 +mov byte [ebp - 0xd], 0 -loc_fffb35dc: ; not directly referenced -mov edx, dword [ebp - 0x22c] -mov ecx, 0xff -mov eax, dword [ebp + 8] -call fcn_fffa7288 ; call 0xfffa7288 -mov ebx, dword [edi] -mov dword [ebp - 0x230], eax -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne short loc_fffb3616 ; jne 0xfffb3616 -mov edx, dword [ebp - 0x230] -and ebx, 0xefffffff -mov ecx, ebx -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffb39cd: ; not directly referenced +imul edx, edx, 0x13c3 +lea esi, [eax + edx + 0x3757] +add eax, edx +mov dword [ebp - 0x14], esi +mov dword [ebp - 0x1c], eax -loc_fffb3616: ; not directly referenced -mov ecx, dword [edi] -xor ebx, ebx -mov edx, dword [ebp - 0x230] -mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffb39e2: ; not directly referenced +mov eax, edi +cmp byte [ebp - 0xd], al +jae short loc_fffb3a5e ; jae 0xfffb3a5e +mov cl, byte [ebp - 0xd] +mov eax, 1 +mov esi, dword [ebp - 0x1c] +movzx edx, cl +shl eax, cl +test byte [esi + 0x381b], al +je short loc_fffb3a59 ; je 0xfffb3a59 +movzx eax, byte [ebp - 0xe] +lea edx, [edx + edx*8] +add edx, dword [ebp - 0x14] +add eax, edx +cmp byte [ebp - 0xf], 0 +mov dl, byte [eax + 0x104a] +mov al, byte [eax + 0x106e] +jne short loc_fffb3a2b ; jne 0xfffb3a2b +cmp al, dl +cmova eax, edx +cmp bl, al +cmova ebx, eax +jmp short loc_fffb3a59 ; jmp 0xfffb3a59 -loc_fffb3628: ; not directly referenced -mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffb3663 ; jae 0xfffb3663 -movzx eax, bl -mov edx, dword [ebp - 0x22c] -inc ebx -mov ecx, eax -mov dword [ebp - 0x230], eax -mov eax, dword [ebp + 8] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0x230] -mov ecx, dword [edi + ecx*4 + 0x28] -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb3628 ; jmp 0xfffb3628 +loc_fffb3a2b: ; not directly referenced +movzx ecx, dl +movzx esi, bl +mov dword [ebp - 0x18], ecx +mov ecx, 0x3f +sub ecx, dword [ebp - 0x18] +cmp esi, ecx +jle short loc_fffb3a44 ; jle 0xfffb3a44 +mov bl, 0x3f +sub ebx, edx -loc_fffb3663: ; not directly referenced -cmp dword [ebp - 0x250], 0 -je loc_fffb35a2 ; je 0xfffb35a2 -xor ebx, ebx +loc_fffb3a44: ; not directly referenced +movzx esi, al +mov edx, 0x3f +movzx ecx, bl +sub edx, esi +cmp ecx, edx +jle short loc_fffb3a59 ; jle 0xfffb3a59 +mov bl, 0x3f +sub ebx, eax -loc_fffb3672: ; not directly referenced -mov eax, 1 -mov cl, bl -shl eax, cl -test byte [esi + 0xc4], al -je short loc_fffb36ba ; je 0xfffb36ba -push edx -mov ecx, ebx -push edx -mov dl, bl -shr dl, 1 -and ecx, 1 -movzx edx, dl -imul ecx, ecx, 0x18 -imul edx, edx, 0x128 -add edx, ecx -mov ecx, eax -mov eax, dword [ebp + 8] -movzx edx, word [esi + edx + 0x1273] -push edx -mov edx, dword [ebp - 0x22c] -push 4 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 +loc_fffb3a59: ; not directly referenced +inc byte [ebp - 0xd] +jmp short loc_fffb39e2 ; jmp 0xfffb39e2 -loc_fffb36ba: ; not directly referenced -inc ebx -cmp ebx, 4 -jne short loc_fffb3672 ; jne 0xfffb3672 -jmp near loc_fffb35a2 ; jmp 0xfffb35a2 +loc_fffb3a5e: ; not directly referenced +add esp, 0x10 +mov al, bl +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb36c5: ; not directly referenced -cmp dword [edi], 2 -jne loc_fffb3a56 ; jne 0xfffb3a56 -mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x2443] -lea eax, [ebp - 0x210] -push ecx -push 0xf000 -push 4 -push eax -call dword [ebx + 0x60] ; ucall -add esp, 0xc -push 0x1000 -push 4 -lea eax, [ebp - 0x208] +fcn_fffb3a68: +push ebp +mov ebp, esp +push edi +push esi +push ebx +mov ebx, edx +sub esp, 0x10 +mov edi, dword [ebp + 8] +mov esi, dword [eax + 0x2444] +mov eax, 0x5f5e100 +test edi, edi +cmovne eax, edi +xor edx, edx +mov edi, 0x186a0 +div edi +dec ecx +mov edx, 0x3b9aca00 +mov ecx, 0x4f790d55 +cmovne edx, ecx +push edx +xor edx, edx +push edx push eax -call dword [ebx + 0x60] ; ucall +call dword [esi + 0x70] ; ucall add esp, 0xc -push 0 -push 4 -lea eax, [ebp - 0x21b] +push ebx +push edx push eax -call dword [ebx + 0x5c] ; ucall +call dword [esi + 0x70] ; ucall add esp, 0x10 -mov ebx, 2 -cmp dword [edi], 2 -jne loc_fffb3a56 ; jne 0xfffb3a56 xor ecx, ecx -mov esi, 0x1000 -mov word [ebp - 0x230], 0xf000 +mov ebx, edx +or ebx, eax +je short loc_fffb3ad2 ; je 0xfffb3ad2 +sub esp, 0xc +push 0 +push edx +push eax +push 0x8ac72304 +push 0x89e80000 +call dword [esi + 0x74] ; ucall +add esp, 0x20 +mov ecx, eax -loc_fffb372f: ; not directly referenced -mov ebx, 0xf -bt ebx, ecx -jae loc_fffb37d4 ; jae 0xfffb37d4 -mov edx, 1 -shl edx, cl -test byte [edi + 0xc4], dl -je loc_fffb37d4 ; je 0xfffb37d4 +loc_fffb3ad2: +lea esp, [ebp - 0xc] +mov eax, ecx +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb3adc: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +xor esi, esi +push ebx +sub esp, 0x4c mov ebx, dword [ebp + 8] -imul edx, ecx, 0x12 -mov bl, byte [ebx + 0x2488] -mov byte [ebp - 0x234], bl -lea ebx, [edi + edx] -xor edx, edx -mov eax, ebx +lea eax, [ebx + 0x3757] +mov dword [ebp - 0x4c], eax +lea eax, [ebx + 0x2407] +mov dword [ebp - 0x58], eax -loc_fffb3769: ; not directly referenced -cmp byte [ebp - 0x234], dl -jbe short loc_fffb37ab ; jbe 0xfffb37ab -movzx ebx, byte [edi + ecx + 0x1011] -imul ebx, ebx, 0xffffffc0 -add bx, word [eax + edx*2 + 0x1b1] -cmp word [ebp + ecx*2 - 0x210], bx -jge short loc_fffb3796 ; jge 0xfffb3796 -mov word [ebp + ecx*2 - 0x210], bx +loc_fffb3afc: ; not directly referenced +lea eax, [esi - 2] +cmp eax, 1 +ja short loc_fffb3b27 ; ja 0xfffb3b27 +cmp byte [ebx + 0x374a], 0 +jne short loc_fffb3b27 ; jne 0xfffb3b27 -loc_fffb3796: ; not directly referenced -cmp word [ebp + ecx*2 - 0x208], bx -jle short loc_fffb37a8 ; jle 0xfffb37a8 -mov word [ebp + ecx*2 - 0x208], bx +loc_fffb3b0d: ; not directly referenced +inc esi +add dword [ebp - 0x4c], 8 +cmp esi, 4 +jne short loc_fffb3afc ; jne 0xfffb3afc +lea eax, [ebx + 0x48ce] +mov ecx, 0xfffffffe +jmp near loc_fffb3cc0 ; jmp 0xfffb3cc0 -loc_fffb37a8: ; not directly referenced -inc edx -jmp short loc_fffb3769 ; jmp 0xfffb3769 +loc_fffb3b27: ; not directly referenced +lea eax, [ebx + 0x49c0] +mov edi, dword [ebp - 0x4c] +mov dword [ebp - 0x44], eax +lea eax, [ebx + 0x1973] +mov dword [ebp - 0x34], eax +imul eax, esi, 0x23 +mov dword [ebp + esi*4 - 0x28], 0 +mov dword [ebp - 0x48], edi +lea edi, [eax + 0x18b] +add eax, 0xbb +mov dword [ebp - 0x50], edi +mov dword [ebp - 0x54], eax -loc_fffb37ab: ; not directly referenced -mov eax, dword [ebp - 0x230] -mov dx, word [ebp + ecx*2 - 0x210] -cmp ax, dx -cmovge edx, eax -mov word [ebp - 0x230], dx -movsx edx, word [ebp + ecx*2 - 0x208] -cmp si, dx -cmovg esi, edx +loc_fffb3b5b: ; not directly referenced +mov eax, dword [ebp - 0x44] +mov edi, dword [ebp - 0x34] +mov dword [ebp - 0x38], 0 +mov dword [ebp - 0x2c], eax -loc_fffb37d4: ; not directly referenced -inc ecx -cmp ecx, 4 -jne loc_fffb372f ; jne 0xfffb372f -movsx eax, word [ebp - 0x230] -mov cl, 2 -xor ebx, ebx -add eax, esi -xor esi, esi -cdq -idiv ecx -mov cl, 0x40 -neg eax -add eax, 0x160 -cdq -idiv ecx -mov dword [ebp - 0x240], eax -mov byte [ebp - 0x23c], al -cbw -mov word [ebp - 0x234], ax -shl word [ebp - 0x234], 6 +loc_fffb3b6b: ; not directly referenced +mov eax, dword [ebp - 0x2c] +cmp dword [eax - 0xf6], 2 +jne loc_fffb3c7f ; jne 0xfffb3c7f +mov eax, dword [ebp - 0x48] +mov ecx, dword [ebp - 0x38] +mov edx, dword [eax + ecx + 0xc9] +mov eax, dword [eax + ecx + 0xcd] +mov dword [ebp - 0x3c], edx +mov dword [ebp - 0x40], eax +cmp esi, 1 +je short loc_fffb3c09 ; je 0xfffb3c09 +jb loc_fffb3c3a ; jb 0xfffb3c3a +cmp esi, 3 +ja loc_fffb3c3a ; ja 0xfffb3c3a +mov eax, dword [ebp - 0x2c] +cmp esi, 2 +mov dl, byte [eax] +jne short loc_fffb3bbf ; jne 0xfffb3bbf +and dl, 1 +jne short loc_fffb3bca ; jne 0xfffb3bca +xor eax, eax +jmp near loc_fffb3c72 ; jmp 0xfffb3c72 -loc_fffb3819: ; not directly referenced -mov eax, 0xf -bt eax, ebx -jae loc_fffb395c ; jae 0xfffb395c -mov al, 1 -mov cl, bl -shl eax, cl -test byte [edi + 0xc4], al -je loc_fffb395c ; je 0xfffb395c -mov al, byte [ebp - 0x23c] -mov byte [ebp + ebx - 0x21b], al -mov eax, dword [ebp - 0x234] -add ax, word [ebp + ebx*2 - 0x208] -cmp ax, 0x3f -jg short loc_fffb3874 ; jg 0xfffb3874 -movsx edx, ax -mov eax, 0x7f -sub eax, edx -sar eax, 6 -add eax, dword [ebp - 0x240] -mov byte [ebp + ebx - 0x21b], al +loc_fffb3bbf: ; not directly referenced +xor eax, eax +and dl, 2 +je loc_fffb3c72 ; je 0xfffb3c72 -loc_fffb3874: ; not directly referenced -mov dl, byte [ebp + ebx - 0x21b] -movsx ax, dl -shl eax, 6 -add ax, word [ebp + ebx*2 - 0x210] -cwde -cmp eax, 0x1bf -jle short loc_fffb38a3 ; jle 0xfffb38a3 -sub eax, 0x180 -sar eax, 6 -sub edx, eax -mov byte [ebp + ebx - 0x21b], dl +loc_fffb3bca: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov ecx, dword [ebp - 0x54] +mov edx, dword [eax - 0x21] +add ecx, edi +mov dword [ebp - 0x30], ecx +mov ecx, dword [ebp - 0x50] +and edx, 0xfffffffd +add ecx, edi +dec edx +cmove ecx, dword [ebp - 0x30] +xor edx, edx +cmp byte [eax + 1], 0x13 +mov dword [ebp - 0x30], ecx +movzx ecx, byte [ecx + 1] +jne short loc_fffb3bfb ; jne 0xfffb3bfb +mov eax, dword [ebp - 0x30] +movsx edx, byte [eax + 0x1a] -loc_fffb38a3: ; not directly referenced -mov al, byte [ebp + ebx - 0x21b] -mov ecx, esi -movsx ecx, cl -movsx edx, al -mov byte [ebp - 0x230], al -mov eax, edx -sub eax, ecx -mov cl, byte [ebp - 0x230] -sub ecx, 0xe -cmp eax, 0xf -mov al, byte [ebp - 0x230] -cmovge esi, ecx -mov ecx, esi -movsx ecx, cl -sub edx, ecx -test edx, edx -lea ecx, [eax - 1] -cmovle esi, ecx -sub al, byte [edi + ebx + 0x1011] -mov byte [ebp - 0x230], 0 -cbw -mov word [ebp - 0x238], ax -lea eax, [ebx + ebx*8] -shl word [ebp - 0x238], 6 -mov dword [ebp - 0x244], eax +loc_fffb3bfb: ; not directly referenced +mov eax, dword [ebp - 0x40] +imul ecx, dword [ebp - 0x3c] +imul eax, edx +add eax, ecx +jmp short loc_fffb3c65 ; jmp 0xfffb3c65 -loc_fffb3908: ; not directly referenced -mov edx, dword [ebp + 8] -mov al, byte [ebp - 0x230] -cmp al, byte [edx + 0x2488] -jae short loc_fffb395c ; jae 0xfffb395c -movzx eax, byte [ebp - 0x230] -mov edx, dword [ebp - 0x244] -mov ecx, dword [ebp - 0x238] -add edx, eax -add edx, edx -add word [edi + edx + 0x1b1], cx -mov ecx, ebx -push edx -mov edx, dword [ebp - 0x22c] -push 0 -push 0xff -push eax -mov eax, dword [ebp + 8] -call fcn_fffa7499 ; call 0xfffa7499 +loc_fffb3c09: ; not directly referenced +movzx edx, byte [ebx + 0x1876] +test dl, dl +je short loc_fffb3c3a ; je 0xfffb3c3a +sub esp, 0xc +mov ecx, dword [ebx + 0x36e4] +mov eax, ebx +push dword [ebx + 0x187b] +call fcn_fffb3a68 ; call 0xfffb3a68 +mov edx, dword [ebx + 0x36dc] add esp, 0x10 -inc byte [ebp - 0x230] -jmp short loc_fffb3908 ; jmp 0xfffb3908 +cmp eax, edx +cmovb eax, edx +jmp short loc_fffb3c72 ; jmp 0xfffb3c72 -loc_fffb395c: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffb3819 ; jne 0xfffb3819 -mov eax, dword [ebp - 0x22c] -mov ebx, esi -shl eax, 0xa -add eax, 0x4028 -mov dword [ebp - 0x234], eax -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -test bl, bl -jns short loc_fffb39aa ; jns 0xfffb39aa -mov edx, eax -mov ecx, esi -shr edx, 0x10 -neg ecx -and edx, 0x3f -movzx ecx, cl -cmp edx, ecx -mov ebx, 7 -mov edx, 0 -cmovge ebx, edx -jmp short loc_fffb39cb ; jmp 0xfffb39cb +loc_fffb3c3a: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov eax, dword [eax - 0x21] +and eax, 0xfffffffd +dec eax +jne short loc_fffb3c50 ; jne 0xfffb3c50 +movzx eax, byte [edi + 0x54] +movsx edx, byte [edi + 0x6a] +jmp short loc_fffb3c5b ; jmp 0xfffb3c5b -loc_fffb39aa: ; not directly referenced -je short loc_fffb39c9 ; je 0xfffb39c9 -mov edx, eax -mov ebx, esi -shr edx, 0x10 -movsx ecx, bl -not edx -xor ebx, ebx -and edx, 0x3f -cmp ecx, edx -mov edx, 7 -cmovg ebx, edx -jmp short loc_fffb39cb ; jmp 0xfffb39cb +loc_fffb3c50: ; not directly referenced +movzx eax, byte [edi + 0x5a] +movsx edx, byte [edi + 0xc5] -loc_fffb39c9: ; not directly referenced -xor ebx, ebx +loc_fffb3c5b: ; not directly referenced +imul eax, dword [ebp - 0x3c] +imul edx, dword [ebp - 0x40] +add eax, edx -loc_fffb39cb: ; not directly referenced -mov edx, eax -and eax, 0xffc00000 -shr edx, 0x10 -add edx, esi -and edx, 0x3f -mov ecx, edx -shl ecx, 0x10 -mov dword [ebp - 0x230], eax -or dword [ebp - 0x230], ecx -mov dword [edi + 0x1019], edx -xor edx, edx +loc_fffb3c65: ; not directly referenced +cmp eax, dword [ebx + 0x36dc] +cmovb eax, dword [ebx + 0x36dc] -loc_fffb39f3: ; not directly referenced -mov eax, 0xf -bt eax, edx -jae short loc_fffb3a1d ; jae 0xfffb3a1d -mov al, 1 -mov cl, dl -shl eax, cl -test byte [edi + 0xc4], al -je short loc_fffb3a1d ; je 0xfffb3a1d -mov cl, byte [ebp + edx - 0x21b] -mov eax, esi -sub ecx, eax -mov byte [edi + edx + 0x1011], cl +loc_fffb3c72: ; not directly referenced +mov edx, dword [ebp + esi*4 - 0x28] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + esi*4 - 0x28], eax -loc_fffb3a1d: ; not directly referenced -mov cl, byte [edi + edx + 0x1011] -mov eax, ecx -and eax, 0xf -lea ecx, [edx*4] -inc edx -shl eax, cl -or eax, dword [ebp - 0x230] -cmp edx, 4 -je short loc_fffb3a46 ; je 0xfffb3a46 -mov dword [ebp - 0x230], eax -jmp short loc_fffb39f3 ; jmp 0xfffb39f3 +loc_fffb3c7f: ; not directly referenced +add dword [ebp - 0x38], 0x20 +add edi, 0x277 +add dword [ebp - 0x2c], 0x128 +cmp dword [ebp - 0x38], 0x40 +jne loc_fffb3b6b ; jne 0xfffb3b6b +add dword [ebp - 0x34], 0x54a +mov eax, dword [ebp - 0x58] +add dword [ebp - 0x44], 0x13c3 +add dword [ebp - 0x48], 0x13c3 +cmp dword [ebp - 0x34], eax +jne loc_fffb3b5b ; jne 0xfffb3b5b +jmp near loc_fffb3b0d ; jmp 0xfffb3b0d -loc_fffb3a46: ; not directly referenced -mov ecx, eax -mov edx, dword [ebp - 0x234] -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +loc_fffb3cc0: ; not directly referenced +cmp ecx, 1 +ja short loc_fffb3cce ; ja 0xfffb3cce +cmp byte [ebx + 0x374a], 0 +je short loc_fffb3cf2 ; je 0xfffb3cf2 -loc_fffb3a56: ; not directly referenced -inc dword [ebp - 0x22c] -add edi, 0x13c3 -cmp dword [ebp - 0x22c], 2 -jne loc_fffb36c5 ; jne 0xfffb36c5 -mov eax, ebx +loc_fffb3cce: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x20] +mov dword [eax], edx +mov dword [eax - 0x1173], edx +mov dword [eax + 0x128], edx +mov dword [eax + 0x13c3], edx +mov dword [eax + 0x250], edx +mov dword [eax + 0x14eb], edx -loc_fffb3a71: ; not directly referenced +loc_fffb3cf2: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffb3cc0 ; jne 0xfffb3cc0 +mov eax, dword [ebx + 0x18a7] +mov eax, dword [ebp + eax*4 - 0x28] +mov dword [ebx + 0x36e0], eax lea esp, [ebp - 0xc] +mov eax, 1 pop ebx pop esi pop edi pop ebp ret -fcn_fffb3a79: ; not directly referenced +fcn_fffb3d18: push ebp mov ebp, esp push edi -mov edi, ecx push esi -mov esi, eax push ebx -sub esp, 0x50 -mov al, byte [ecx + 0x539] -push 0 -push 5 -mov bl, al -mov eax, dword [esi + 0x2443] -mov byte [ebp - 0x2d], dl -lea edx, [ebp - 0x1d] -push edx -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -mov al, 0 -cmp dword [ebp + 0xc], 0 -cmovne ebx, eax -xor eax, eax -mov byte [ebp - 0x2e], bl - -loc_fffb3ab3: ; not directly referenced -cmp byte [ebp - 0x2e], al -jbe short loc_fffb3ad6 ; jbe 0xfffb3ad6 -movzx edx, byte [edi + eax + 0x534] -xor ecx, ecx -cmp dl, 5 -ja short loc_fffb3ace ; ja 0xfffb3ace -movzx ecx, byte [edx + ref_fffd3ec8] ; movzx ecx, byte [edx - 0x2c138] - -loc_fffb3ace: ; not directly referenced -mov byte [ebp + ecx - 0x1d], 1 -inc eax -jmp short loc_fffb3ab3 ; jmp 0xfffb3ab3 - -loc_fffb3ad6: ; not directly referenced -cmp dword [ebp + 8], 0 -jne short loc_fffb3af4 ; jne 0xfffb3af4 -movzx ecx, byte [edi + 8] -sub esp, 0xc +mov ebx, 0x5f5e100 +sub esp, 0x10 +mov edi, dword [ebp + 8] +mov esi, dword [eax + 0x2444] +mov eax, 0xbebc200 +test edi, edi +cmovne ebx, edi +dec ecx +mov ecx, 0xfe502ab +cmovne eax, ecx +imul ebx, edx xor edx, edx -push 1 -mov eax, esi -call fcn_fffa83c9 ; call 0xfffa83c9 -add esp, 0x10 -mov dword [edi + 9], eax - -loc_fffb3af4: ; not directly referenced -lea eax, [esi + 0x3756] -mov ebx, edi -mov dword [ebp - 0x34], eax -movzx eax, byte [ebp - 0x2d] -mov dword [ebp - 0x2c], 0 -mov dword [ebp - 0x50], eax - -loc_fffb3b0d: ; not directly referenced -mov eax, dword [ebp - 0x34] -cmp dword [eax], 2 -je short loc_fffb3b30 ; je 0xfffb3b30 - -loc_fffb3b15: ; not directly referenced -inc dword [ebp - 0x2c] -add ebx, 2 -add dword [ebp - 0x34], 0x13c3 -cmp dword [ebp - 0x2c], 2 -jne short loc_fffb3b0d ; jne 0xfffb3b0d +push ebx +push edx +push eax +call dword [esi + 0x70] ; ucall +mov dword [esp], 0 +push 0x5af3 +push 0x107a4000 +add eax, 0x883d2000 +adc edx, 0x2d79 +push edx +push eax +call dword [esi + 0x74] ; ucall lea esp, [ebp - 0xc] pop ebx pop esi @@ -26684,264 +26855,126 @@ pop edi pop ebp ret -loc_fffb3b30: ; not directly referenced -mov eax, dword [ebp - 0x50] -mov ecx, dword [ebp - 0x2c] -bt eax, ecx -jae short loc_fffb3b15 ; jae 0xfffb3b15 -mov eax, dword [ebp - 0x34] -mov byte [ebp - 0x2d], 1 -cmp dword [eax + 0xc0], 1 -jne short loc_fffb3b5a ; jne 0xfffb3b5a -mov al, byte [ebx + 4] -mov byte [ebp - 0x2d], 0 -mov byte [ebx], al -mov al, byte [ebx + 5] -mov byte [ebx + 1], al - -loc_fffb3b5a: ; not directly referenced -mov eax, dword [esi + 0x1887] -cmp eax, 0x306d0 -sete dl -cmp eax, 0x40650 -sete al -or dl, al -je short loc_fffb3b83 ; je 0xfffb3b83 -mov byte [ebx], 0 -mov byte [ebx + 1], 0 -mov byte [ebx + 5], 0 -mov byte [ebp - 0x2d], 1 - -loc_fffb3b83: ; not directly referenced -mov dl, byte [ebx + 4] -mov ecx, 3 -push 1 -mov al, dl -movzx edx, byte [ebx] -mul byte [ebp - 0x2d] -shl eax, 4 -add eax, edx -mov edx, dword [ebp - 0x2c] -movzx eax, ax -push eax -mov eax, esi -push 7 -push 0 -call fcn_fffafdb2 ; call 0xfffafdb2 -mov dl, byte [ebx + 5] -mov ecx, 0xc -mov al, byte [ebp - 0x2d] -push 1 -mul dl -movzx edx, byte [ebx + 1] -shl eax, 4 -add eax, edx -mov edx, dword [ebp - 0x2c] -movzx eax, ax -push eax -mov eax, esi -push 7 -push 0 -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x20 -cmp byte [ebp - 0x2e], 0 -je loc_fffb3b15 ; je 0xfffb3b15 -imul eax, dword [ebp - 0x2c], 9 -mov byte [ebp - 0x2d], 0 -mov dword [ebp - 0x4c], eax -mov dword [ebp - 0x48], eax - -loc_fffb3bf1: ; not directly referenced -mov al, byte [ebp - 0x2d] -cmp al, byte [esi + 0x2488] -jae loc_fffb3b15 ; jae 0xfffb3b15 -cmp byte [ebp - 0x1d], 0 -je short loc_fffb3c2e ; je 0xfffb3c2e -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x48] -push 1 -lea edx, [eax + ecx + 0x28] -mov ecx, 0xf -movsx edx, word [edi + edx*2 + 7] -push edx -mov edx, dword [ebp - 0x2c] -push 6 -push eax -mov eax, esi -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 - -loc_fffb3c2e: ; not directly referenced -cmp byte [ebp - 0x1c], 0 -je short loc_fffb3c5f ; je 0xfffb3c5f -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x48] -push 1 -lea edx, [eax + ecx + 0xa4] -mov ecx, 0xf -movsx edx, word [edi + edx*2 + 7] -push edx -mov edx, dword [ebp - 0x2c] -push 0 -push eax -mov eax, esi -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 - -loc_fffb3c5f: ; not directly referenced -movzx eax, byte [ebp - 0x2d] -mov ecx, dword [ebp - 0x4c] -mov dword [ebp - 0x40], 0 -mov dword [ebp - 0x44], eax -lea edx, [eax + ecx] -lea edx, [edx + edx + 0x33f] -lea ecx, [edi + edx] -mov dword [ebp - 0x3c], ecx - -loc_fffb3c80: ; not directly referenced -mov cl, byte [ebp - 0x40] -mov dword [ebp - 0x38], 1 -shl dword [ebp - 0x38], cl -mov ecx, dword [ebp - 0x34] -mov al, byte [ebp - 0x38] -test byte [ecx + 0xc4], al -je short loc_fffb3ce7 ; je 0xfffb3ce7 -cmp byte [ebp - 0x1b], 0 -je short loc_fffb3cc3 ; je 0xfffb3cc3 -mov eax, dword [ebp - 0x3c] -push 1 -mov ecx, dword [ebp - 0x38] -mov edx, dword [ebp - 0x2c] -movsx eax, word [eax - 0xf8] -push eax -mov eax, esi -push 5 -push dword [ebp - 0x44] -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 +fcn_fffb3d76: +push ebp +mov ebp, esp +push edi +push esi +xor esi, esi +push ebx +xor ebx, ebx +sub esp, 8 +mov dword [ebp - 0x14], eax -loc_fffb3cc3: ; not directly referenced -cmp byte [ebp - 0x1a], 0 -je short loc_fffb3ce7 ; je 0xfffb3ce7 -mov eax, dword [ebp - 0x3c] -push 1 -mov ecx, dword [ebp - 0x38] -mov edx, dword [ebp - 0x2c] -movsx eax, word [eax] -push eax -mov eax, esi -push 4 -push dword [ebp - 0x44] -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 +loc_fffb3d86: +cmp esi, edx +je short loc_fffb3db4 ; je 0xfffb3db4 +mov eax, dword [ebp - 0x14] +mov byte [ebp - 0xd], 8 +movzx edi, byte [eax + esi] +shl edi, 8 +xor ebx, edi -loc_fffb3ce7: ; not directly referenced -inc dword [ebp - 0x40] -add dword [ebp - 0x3c], 0x3e -cmp dword [ebp - 0x40], 4 -jne short loc_fffb3c80 ; jne 0xfffb3c80 -inc byte [ebp - 0x2d] -jmp near loc_fffb3bf1 ; jmp 0xfffb3bf1 +loc_fffb3d9a: +lea edi, [ebx + ebx] +mov eax, edi +xor eax, 0x1021 +and bh, 0x80 +mov ebx, eax +cmove ebx, edi +dec byte [ebp - 0xd] +jne short loc_fffb3d9a ; jne 0xfffb3d9a +inc esi +jmp short loc_fffb3d86 ; jmp 0xfffb3d86 -fcn_fffb3cfc: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 8] -mov al, byte [eax] +loc_fffb3db4: +mov word [ecx], bx +mov eax, 1 +pop edx +pop ecx +pop ebx +pop esi +pop edi pop ebp ret -fcn_fffb3d06: +fcn_fffb3dc3: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 8] -mov ax, word [eax] -pop ebp -ret +push edi +mov edi, ecx +push esi +mov esi, eax +push ebx +mov eax, ref_fffd37fc ; mov eax, 0xfffd37fc +xor ebx, ebx -fcn_fffb3d11: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3d06 ; jmp 0xfffb3d06 +loc_fffb3dd4: ; not directly referenced +cmp edx, dword [eax] +ja short loc_fffb3de8 ; ja 0xfffb3de8 +cmp edx, dword [eax + 9] +jbe short loc_fffb3de8 ; jbe 0xfffb3de8 +lea eax, [ebx + ebx*8] +mov eax, dword [eax + ref_fffd3800] ; mov eax, dword [eax - 0x2c800] +jmp short loc_fffb3df3 ; jmp 0xfffb3df3 -fcn_fffb3d20: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0xc] -mov edx, dword [ebp + 8] -mov word [edx], ax -pop ebp -ret +loc_fffb3de8: ; not directly referenced +inc ebx +add eax, 9 +cmp ebx, 0x14 +jne short loc_fffb3dd4 ; jne 0xfffb3dd4 +xor eax, eax -fcn_fffb3d2e: ; not directly referenced -push ebp -mov ebp, esp -movzx eax, word [ebp + 0x18] -mov dword [ebp + 0xc], eax -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3d20 ; jmp 0xfffb3d20 +loc_fffb3df3: ; not directly referenced +mov ecx, esi +mov edx, 1 +shl edx, cl +lea ecx, [ebx + ebx*8] +add ecx, ref_fffd37fc ; add ecx, 0xfffd37fc +jmp short loc_fffb3e16 ; jmp 0xfffb3e16 -fcn_fffb3d44: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov al, byte [eax] +loc_fffb3e07: ; not directly referenced +movzx esi, byte [ecx + 8] +sub ecx, 9 +test esi, edx +jne short loc_fffb3e1a ; jne 0xfffb3e1a +mov eax, dword [ecx + 4] +dec ebx + +loc_fffb3e16: ; not directly referenced +test ebx, ebx +jne short loc_fffb3e07 ; jne 0xfffb3e07 + +loc_fffb3e1a: ; not directly referenced +test edi, edi +je short loc_fffb3e20 ; je 0xfffb3e20 +mov dword [edi], ebx + +loc_fffb3e20: ; not directly referenced +pop ebx +pop esi +pop edi pop ebp ret -fcn_fffb3d4e: +fcn_fffb3e25: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] -mov eax, dword [eax] +mov al, byte [eax] pop ebp ret -fcn_fffb3d58: -mov eax, dword [0xff7d0084] -push ebp -mov ebp, esp -mov eax, dword [eax + 0x14] -add eax, 0xfb020 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -leave -and eax, 0xffe0 -ret - -fcn_fffb3d75: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3d4e ; jmp 0xfffb3d4e - -fcn_fffb3d84: +fcn_fffb3e2f: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] -mov dword [edx], eax +mov byte [edx], al pop ebp ret -fcn_fffb3d91: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0x18] -mov dword [ebp + 0xc], eax -mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax -pop ebp -jmp near fcn_fffb3d84 ; jmp 0xfffb3d84 - -fcn_fffb3da6: ; not directly referenced +fcn_fffb3e3c: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -26950,33 +26983,31 @@ mov byte [eax], dl pop ebp ret -fcn_fffb3db3: ; not directly referenced +fcn_fffb3e49: push ebp mov ebp, esp -mov eax, dword [ebp + 0xc] -mov edx, dword [ebp + 8] -mov byte [edx], al +mov eax, dword [ebp + 8] +mov ax, word [eax] pop ebp ret -fcn_fffb3dc0: ; not directly referenced +fcn_fffb3e54: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 8] -mov edx, dword [eax + 4] -mov eax, dword [eax] +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax pop ebp -ret +jmp near fcn_fffb3e49 ; jmp 0xfffb3e49 -fcn_fffb3dcd: ; not directly referenced +fcn_fffb3e63: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] -mov dword [ebp + 8], eax +mov al, byte [eax] pop ebp -jmp near fcn_fffb3dc0 ; jmp 0xfffb3dc0 +ret -fcn_fffb3ddc: ; not directly referenced +fcn_fffb3e6d: ; not directly referenced push ebp mov ecx, 0xfffff mov ebp, esp @@ -26987,23 +27018,23 @@ mov esi, dword [ebp + 0x1c] push ebx mov ebx, dword [ebp + 8] -loc_fffb3df0: ; not directly referenced +loc_fffb3e81: ; not directly referenced mov al, 0xa mov edx, 0x70 out dx, al mov dl, 0x71 in al, dx test al, al -jns short loc_fffb3e04 ; jns 0xfffb3e04 +jns short loc_fffb3e95 ; jns 0xfffb3e95 dec ecx -jne short loc_fffb3df0 ; jne 0xfffb3df0 -jmp short loc_fffb3e08 ; jmp 0xfffb3e08 +jne short loc_fffb3e81 ; jne 0xfffb3e81 +jmp short loc_fffb3e99 ; jmp 0xfffb3e99 -loc_fffb3e04: ; not directly referenced +loc_fffb3e95: ; not directly referenced test ecx, ecx -jne short loc_fffb3e39 ; jne 0xfffb3e39 +jne short loc_fffb3eca ; jne 0xfffb3eca -loc_fffb3e08: ; not directly referenced +loc_fffb3e99: ; not directly referenced mov edx, 0x70 mov al, 0xb out dx, al @@ -27033,7 +27064,7 @@ mov al, 2 mov dl, 0x71 out dx, al -loc_fffb3e39: ; not directly referenced +loc_fffb3eca: ; not directly referenced mov edx, 0x70 xor eax, eax out dx, al @@ -27130,115 +27161,128 @@ pop edi pop ebp ret -fcn_fffb3f0f: ; not directly referenced +fcn_fffb3fa0: ; not directly referenced push ebp mov ebp, esp +mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] -in ax, dx +mov word [edx], ax pop ebp ret -fcn_fffb3f19: ; not directly referenced +fcn_fffb3fae: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 0x10] +movzx eax, word [ebp + 0x18] +mov dword [ebp + 0xc], eax +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb3fa0 ; jmp 0xfffb3fa0 + +fcn_fffb3fc4: +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov eax, dword [eax] +pop ebp +ret + +fcn_fffb3fce: +mov eax, dword [0xff7d0084] +push ebp +mov ebp, esp +mov eax, dword [eax + 0x14] +add eax, 0xfb020 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +leave +and eax, 0xffe0 +ret + +fcn_fffb3feb: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_fffb3f0f ; jmp 0xfffb3f0f +jmp near fcn_fffb3fc4 ; jmp 0xfffb3fc4 -fcn_fffb3f28: ; not directly referenced +fcn_fffb3ffa: push ebp mov ebp, esp mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] -out dx, ax +mov dword [edx], eax pop ebp ret -fcn_fffb3f35: ; not directly referenced +fcn_fffb4007: ; not directly referenced push ebp mov ebp, esp -movzx eax, word [ebp + 0x18] +mov eax, dword [ebp + 0x18] mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_fffb3f28 ; jmp 0xfffb3f28 +jmp near fcn_fffb3ffa ; jmp 0xfffb3ffa -fcn_fffb3f4b: ; not directly referenced +fcn_fffb401c: ; not directly referenced push ebp mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x1c -mov eax, dword [0xff7d0084] -mov edi, dword [eax + 0x14] -lea esi, [edi + 0xb0044] -add edi, 0xb0040 -push esi -call fcn_fffb3d4e ; call 0xfffb3d4e -push edi -mov ebx, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -pop ecx -pop edi -mov edx, eax -shr edx, 0x10 -and edx, 0xf -cmp dl, 2 -jne short loc_fffb3f89 ; jne 0xfffb3f89 - -loc_fffb3f85: ; not directly referenced -xor eax, eax -jmp short loc_fffb3fe4 ; jmp 0xfffb3fe4 - -loc_fffb3f89: ; not directly referenced -movzx eax, ah -test al, 0xf0 -jne short loc_fffb3f85 ; jne 0xfffb3f85 -lea eax, [ebp - 0x1c] -xor edi, edi -push eax -push 0 -push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f -add esp, 0x10 +mov eax, dword [ebp + 8] +mov edx, dword [eax + 4] +mov eax, dword [eax] +pop ebp +ret -loc_fffb3fa7: ; not directly referenced -test ebx, 0x10000 -jne short loc_fffb3fd7 ; jne 0xfffb3fd7 -cmp edi, 0x1388 -je short loc_fffb3f85 ; je 0xfffb3f85 -mov eax, dword [ebp - 0x1c] -inc edi -push edx -push 0x3e8 -push eax -push dword [ebp + 8] -call dword [eax + 4] ; ucall -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -add esp, 0x10 -mov ebx, eax -jmp short loc_fffb3fa7 ; jmp 0xfffb3fa7 +fcn_fffb4029: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb401c ; jmp 0xfffb401c -loc_fffb3fd7: ; not directly referenced -cmp edi, 0x1388 -je short loc_fffb3f85 ; je 0xfffb3f85 -mov eax, ebx -and eax, 0x3f +fcn_fffb4038: ; not directly referenced +push ebp +mov ebp, esp +mov edx, dword [ebp + 0x10] +in al, dx +pop ebp +ret -loc_fffb3fe4: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi +fcn_fffb4041: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 8] +mov dl, al +mov cl, al +sar dl, 7 +and eax, 0x7f +sar cl, 7 +and edx, 2 +and ecx, 2 +add edx, 0x74 +add ecx, 0x75 +movzx edx, dl +out dx, al +movzx edx, cl +in al, dx pop ebp ret -fcn_fffb3fec: ; not directly referenced +fcn_fffb406a: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0x18] +mov dword [ebp + 0xc], eax +mov eax, dword [ebp + 0x10] +mov dword [ebp + 8], eax +pop ebp +jmp near fcn_fffb0086 ; jmp 0xfffb0086 + +fcn_fffb407f: ; not directly referenced push ebp mov ebp, esp push edi @@ -27246,7 +27290,7 @@ mov edi, eax push esi push ebx sub esp, 0x5c -mov edi, dword [edi + 0x5edc] +mov edi, dword [edi + 0x5edd] mov dword [ebp - 0x3c], eax mov eax, edx mov dword [ebp - 0x4c], edx @@ -27258,47 +27302,47 @@ xor edi, edi cmp dl, 2 sete byte [ebp - 0x46] test al, 0xfd -jne short loc_fffb404c ; jne 0xfffb404c +jne short loc_fffb40df ; jne 0xfffb40df mov eax, dword [ebp - 0x3c] mov edx, 0x3a00 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp - 0x3c] mov dl, al and edx, 0x3f cmp dword [ecx + 0x188b], 0 -jne short loc_fffb4041 ; jne 0xfffb4041 +jne short loc_fffb40d4 ; jne 0xfffb40d4 shr eax, 0x1a -jmp short loc_fffb4044 ; jmp 0xfffb4044 +jmp short loc_fffb40d7 ; jmp 0xfffb40d7 -loc_fffb4041: ; not directly referenced +loc_fffb40d4: ; not directly referenced shr eax, 0x14 -loc_fffb4044: ; not directly referenced +loc_fffb40d7: ; not directly referenced and eax, 0x1f mov byte [ebp - 0x3d], al -jmp short loc_fffb406b ; jmp 0xfffb406b +jmp short loc_fffb40fe ; jmp 0xfffb40fe -loc_fffb404c: ; not directly referenced +loc_fffb40df: ; not directly referenced mov al, byte [ebp - 0x4c] sub eax, 0xa cmp al, 1 -ja short loc_fffb4065 ; ja 0xfffb4065 +ja short loc_fffb40f8 ; ja 0xfffb40f8 mov eax, dword [ebp - 0x3c] mov edx, 0x3a08 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edi, eax -loc_fffb4065: ; not directly referenced +loc_fffb40f8: ; not directly referenced mov byte [ebp - 0x3d], 0 xor edx, edx -loc_fffb406b: ; not directly referenced +loc_fffb40fe: ; not directly referenced mov eax, dword [ebp - 0x4c] cmp al, 0xb -ja loc_fffb415f ; ja 0xfffb415f -jmp dword [eax*4 + ref_fffd3ee0] ; ujmp: jmp dword [eax*4 - 0x2c120] +ja loc_fffb41f2 ; ja 0xfffb41f2 +jmp dword [eax*4 + ref_fffd399c] ; ujmp: jmp dword [eax*4 - 0x2c664] -loc_fffb407d: ; not directly referenced +loc_fffb4110: ; not directly referenced shr esi, 0xb and esi, 0xf mov eax, esi @@ -27311,15 +27355,15 @@ mov byte [ebp - 0x44], 0 mov byte [ebp - 0x40], 0xf8 mov byte [ebp - 0x45], 7 mov byte [ebp - 0x3f], 1 -jmp near loc_fffb4175 ; jmp 0xfffb4175 +jmp near loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb40ab: ; not directly referenced +loc_fffb413e: ; not directly referenced mov eax, dword [ebp - 0x3c] mov edx, 0x3a04 shr esi, 0xf and esi, 0x1f mov edi, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov byte [ebp - 0x44], 0 mov byte [ebp - 0x40], 0xf0 mov byte [ebp - 0x45], 0xf @@ -27329,9 +27373,9 @@ mov eax, esi or eax, 0xffffffe0 test esi, 0x10 cmovne edi, eax -jmp near loc_fffb4171 ; jmp 0xfffb4171 +jmp near loc_fffb4204 ; jmp 0xfffb4204 -loc_fffb40e5: ; not directly referenced +loc_fffb4178: ; not directly referenced mov eax, ebx mov edi, ebx shr eax, 4 @@ -27341,9 +27385,9 @@ mov byte [ebp - 0x44], al mov byte [ebp - 0x40], 4 mov byte [ebp - 0x45], 0xf mov byte [ebp - 0x3f], 5 -jmp short loc_fffb4175 ; jmp 0xfffb4175 +jmp short loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb4103: ; not directly referenced +loc_fffb4196: ; not directly referenced shr edi, 0xc mov eax, edi shr esi, 0x14 @@ -27359,9 +27403,9 @@ mov byte [ebp - 0x44], 0 mov byte [ebp - 0x40], 0xf8 mov byte [ebp - 0x45], 7 mov byte [ebp - 0x3f], 2 -jmp short loc_fffb4175 ; jmp 0xfffb4175 +jmp short loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb4136: ; not directly referenced +loc_fffb41c9: ; not directly referenced mov eax, edi and eax, 0x3f mov byte [ebp - 0x3d], al @@ -27375,26 +27419,26 @@ and edi, 0xf mov byte [ebp - 0x40], 4 mov byte [ebp - 0x45], 0xf mov byte [ebp - 0x3f], 6 -jmp short loc_fffb4175 ; jmp 0xfffb4175 +jmp short loc_fffb4208 ; jmp 0xfffb4208 -loc_fffb415f: ; not directly referenced +loc_fffb41f2: ; not directly referenced mov byte [ebp - 0x44], 0 xor edi, edi mov byte [ebp - 0x40], 0 mov byte [ebp - 0x45], 0 mov byte [ebp - 0x3d], 0 -loc_fffb4171: ; not directly referenced +loc_fffb4204: ; not directly referenced mov byte [ebp - 0x3f], 0 -loc_fffb4175: ; not directly referenced +loc_fffb4208: ; not directly referenced mov eax, dword [ebp - 0x3c] xor ebx, ebx xor esi, esi mov ecx, dword [ebp - 0x58] mov byte [ebp - 0x47], 0 mov word [ebp - 0x58], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x54], eax lea eax, [ebp - 0x2a] add ecx, 0x1c @@ -27403,13 +27447,13 @@ mov al, byte [ebp - 0x3e] sub eax, 0xa mov byte [ebp - 0x5e], al -loc_fffb41a3: ; not directly referenced +loc_fffb4236: ; not directly referenced mov eax, dword [ebp - 0x54] cmp dword [eax], 2 -jne loc_fffb4269 ; jne 0xfffb4269 +jne loc_fffb42fc ; jne 0xfffb42fc mov eax, dword [ebp - 0x3c] mov edx, dword [ecx + 0x4c] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x5d], al mov eax, edx shr eax, 9 @@ -27420,51 +27464,51 @@ xor edx, edx and eax, 0x1f mov byte [ebp - 0x48], al -loc_fffb41d3: ; not directly referenced +loc_fffb4266: ; not directly referenced cmp byte [ebp - 0x5d], dl -jbe loc_fffb4266 ; jbe 0xfffb4266 +jbe loc_fffb42f9 ; jbe 0xfffb42f9 cmp byte [ebp - 0x3e], 0 mov eax, dword [ecx + edx*4 + 0x78] -jne short loc_fffb41ef ; jne 0xfffb41ef +jne short loc_fffb4282 ; jne 0xfffb4282 mov esi, eax mov bl, 6 and esi, 0x3f -jmp short loc_fffb4229 ; jmp 0xfffb4229 +jmp short loc_fffb42bc ; jmp 0xfffb42bc -loc_fffb41ef: ; not directly referenced +loc_fffb4282: ; not directly referenced cmp byte [ebp - 0x3e], 1 -jne short loc_fffb41ff ; jne 0xfffb41ff +jne short loc_fffb4292 ; jne 0xfffb4292 shr eax, 0xc mov esi, eax and esi, 0x1f -jmp short loc_fffb420a ; jmp 0xfffb420a +jmp short loc_fffb429d ; jmp 0xfffb429d -loc_fffb41ff: ; not directly referenced +loc_fffb4292: ; not directly referenced cmp byte [ebp - 0x46], 0 -je short loc_fffb420e ; je 0xfffb420e +je short loc_fffb42a1 ; je 0xfffb42a1 shr eax, 0x1b mov esi, eax -loc_fffb420a: ; not directly referenced +loc_fffb429d: ; not directly referenced mov bl, 5 -jmp short loc_fffb4229 ; jmp 0xfffb4229 +jmp short loc_fffb42bc ; jmp 0xfffb42bc -loc_fffb420e: ; not directly referenced +loc_fffb42a1: ; not directly referenced mov al, byte [ebp - 0x3e] cmp al, 0xa -je short loc_fffb4224 ; je 0xfffb4224 +je short loc_fffb42b7 ; je 0xfffb42b7 cmp al, 0xb mov al, byte [ebp - 0x48] cmove esi, eax mov al, 5 cmove ebx, eax -jmp short loc_fffb4229 ; jmp 0xfffb4229 +jmp short loc_fffb42bc ; jmp 0xfffb42bc -loc_fffb4224: ; not directly referenced +loc_fffb42b7: ; not directly referenced mov esi, dword [ebp - 0x5c] mov bl, 4 -loc_fffb4229: ; not directly referenced +loc_fffb42bc: ; not directly referenced push eax movzx eax, bl push 8 @@ -27474,7 +27518,7 @@ movzx eax, al push eax mov dword [ebp - 0x68], edx mov dword [ebp - 0x64], ecx -call fcn_fffac7e7 ; call 0xfffac7e7 +call fcn_fffb15dc ; call 0xfffb15dc mov edx, dword [ebp - 0x68] add esp, 0x10 movsx cx, al @@ -27485,18 +27529,18 @@ mov byte [ecx + edx], al inc edx mov ecx, dword [ebp - 0x64] cmp byte [ebp - 0x5e], 2 -ja loc_fffb41d3 ; ja 0xfffb41d3 +ja loc_fffb4266 ; ja 0xfffb4266 -loc_fffb4266: ; not directly referenced +loc_fffb42f9: ; not directly referenced inc byte [ebp - 0x47] -loc_fffb4269: ; not directly referenced +loc_fffb42fc: ; not directly referenced add dword [ebp - 0x50], 9 add ecx, 0xcc add dword [ebp - 0x54], 0x13c3 lea eax, [ebp - 0x18] cmp dword [ebp - 0x50], eax -jne loc_fffb41a3 ; jne 0xfffb41a3 +jne loc_fffb4236 ; jne 0xfffb4236 movsx ebx, word [ebp - 0x58] movzx ecx, byte [ebp - 0x47] mov eax, ebx @@ -27506,34 +27550,34 @@ cmp byte [ebp - 0x4c], 2 mov byte [ebp - 0x54], al movsx eax, al mov dword [ebp - 0x50], ebx -ja short loc_fffb42c6 ; ja 0xfffb42c6 +ja short loc_fffb4359 ; ja 0xfffb4359 mov esi, dword [ebp - 0x3c] imul eax, ecx mov ebx, 2 -movzx esi, byte [esi + 0x2488] +movzx esi, byte [esi + 0x2489] imul eax, esi imul ecx, esi cdq idiv ebx add eax, dword [ebp - 0x50] -jmp short loc_fffb42d4 ; jmp 0xfffb42d4 +jmp short loc_fffb4367 ; jmp 0xfffb4367 -loc_fffb42c6: ; not directly referenced +loc_fffb4359: ; not directly referenced imul eax, ecx mov esi, 2 cdq idiv esi add eax, dword [ebp - 0x50] -loc_fffb42d4: ; not directly referenced +loc_fffb4367: ; not directly referenced cdq idiv ecx test ax, ax -jne short loc_fffb42e5 ; jne 0xfffb42e5 +jne short loc_fffb4378 ; jne 0xfffb4378 movzx eax, byte [ebp - 0x3d] -jmp near loc_fffb447c ; jmp 0xfffb447c +jmp near loc_fffb450f ; jmp 0xfffb450f -loc_fffb42e5: ; not directly referenced +loc_fffb4378: ; not directly referenced movsx eax, al cdq mov ecx, edx @@ -27544,10 +27588,10 @@ mov byte [ebp - 0x47], cl sete dl or dl, byte [ebp - 0x46] mov byte [ebp - 0x58], dl -je short loc_fffb4304 ; je 0xfffb4304 +je short loc_fffb4397 ; je 0xfffb4397 neg byte [ebp - 0x54] -loc_fffb4304: ; not directly referenced +loc_fffb4397: ; not directly referenced mov bl, byte [ebp - 0x54] mov dl, byte [ebp - 0x3d] mov esi, dword [ebp - 0x44] @@ -27560,13 +27604,13 @@ mov ebx, edi mov byte [ebp - 0x4c], bl mov dword [ebp - 0x5c], eax -loc_fffb4322: ; not directly referenced +loc_fffb43b5: ; not directly referenced mov al, byte [ebp - 0x50] mov bl, 1 mov byte [ebp - 0x3d], al lea eax, [edx - 3] cmp al, 0x39 -ja short loc_fffb4344 ; ja 0xfffb4344 +ja short loc_fffb43d7 ; ja 0xfffb43d7 mov al, byte [ebp - 0x45] mov cl, byte [ebp - 0x50] cmp cl, al @@ -27575,9 +27619,9 @@ cmp byte [ebp - 0x40], cl setg al or ebx, eax -loc_fffb4344: ; not directly referenced +loc_fffb43d7: ; not directly referenced cmp byte [ebp - 0x58], 0 -je short loc_fffb435f ; je 0xfffb435f +je short loc_fffb43f2 ; je 0xfffb43f2 mov cl, byte [ebp - 0x50] mov al, 0 cmp cl, 0x10 @@ -27587,15 +27631,15 @@ shl eax, 4 add eax, ecx mov byte [ebp - 0x3d], al -loc_fffb435f: ; not directly referenced +loc_fffb43f2: ; not directly referenced test bl, bl -jne short loc_fffb43a8 ; jne 0xfffb43a8 +jne short loc_fffb443b ; jne 0xfffb443b movsx ecx, byte [ebp - 0x3d] sub esp, 0xc movzx edx, byte [ebp - 0x3f] mov eax, dword [ebp - 0x3c] push 0 -call fcn_fffa83c9 ; call 0xfffa83c9 +call fcn_fffa8377 ; call 0xfffa8377 mov ecx, dword [ebp - 0x5c] add esp, 0x10 mov dl, al @@ -27606,64 +27650,64 @@ sar ecx, 0x1f xor eax, ecx sub eax, ecx cmp al, byte [ebp - 0x47] -jae short loc_fffb43a8 ; jae 0xfffb43a8 +jae short loc_fffb443b ; jae 0xfffb443b cmp al, byte [ebp - 0x46] -jae short loc_fffb43aa ; jae 0xfffb43aa +jae short loc_fffb443d ; jae 0xfffb443d mov cl, byte [ebp - 0x3d] test al, al sete bl mov byte [ebp - 0x46], al mov byte [ebp - 0x4c], cl -jmp short loc_fffb43aa ; jmp 0xfffb43aa +jmp short loc_fffb443d ; jmp 0xfffb443d -loc_fffb43a8: ; not directly referenced +loc_fffb443b: ; not directly referenced mov bl, 1 -loc_fffb43aa: ; not directly referenced +loc_fffb443d: ; not directly referenced mov al, byte [ebp - 0x54] add byte [ebp - 0x50], al test bl, bl -je loc_fffb4322 ; je 0xfffb4322 +je loc_fffb43b5 ; je 0xfffb43b5 mov bl, byte [ebp - 0x4c] mov eax, edi movzx edx, byte [ebp - 0x3f] cmp bl, al -je loc_fffb4452 ; je 0xfffb4452 +je loc_fffb44e5 ; je 0xfffb44e5 mov eax, dword [ebp - 0x3c] sub esp, 0xc movzx ecx, bl push 1 xor ebx, ebx -call fcn_fffa83c9 ; call 0xfffa83c9 +call fcn_fffa8377 ; call 0xfffa8377 movzx esi, byte [ebp - 0x3e] add esp, 0x10 mov byte [ebp - 0x3f], al movzx edi, al -loc_fffb43e8: ; not directly referenced +loc_fffb447b: ; not directly referenced imul eax, ebx, 0x13c3 mov edx, dword [ebp - 0x3c] -cmp dword [edx + eax + 0x3756], 2 -je short loc_fffb4403 ; je 0xfffb4403 +cmp dword [edx + eax + 0x3757], 2 +je short loc_fffb4496 ; je 0xfffb4496 -loc_fffb43fb: ; not directly referenced +loc_fffb448e: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffb43e8 ; jne 0xfffb43e8 -jmp short loc_fffb4478 ; jmp 0xfffb4478 +jne short loc_fffb447b ; jne 0xfffb447b +jmp short loc_fffb450b ; jmp 0xfffb450b -loc_fffb4403: ; not directly referenced +loc_fffb4496: ; not directly referenced lea eax, [ebx + ebx*8] lea edx, [ebp - 0x18] add eax, edx mov byte [ebp - 0x3d], 0 mov dword [ebp - 0x44], eax -loc_fffb4412: ; not directly referenced +loc_fffb44a5: ; not directly referenced mov edx, dword [ebp - 0x3c] mov al, byte [ebp - 0x3d] -cmp al, byte [edx + 0x2488] -jae short loc_fffb43fb ; jae 0xfffb43fb +cmp al, byte [edx + 0x2489] +jae short loc_fffb448e ; jae 0xfffb448e movzx edx, byte [ebp - 0x3d] xor ecx, ecx mov eax, dword [ebp - 0x44] @@ -27676,35 +27720,35 @@ mov eax, dword [ebp - 0x3c] push esi push edx mov edx, ebx -call fcn_fffafdb2 ; call 0xfffafdb2 +call fcn_fffa972b ; call 0xfffa972b mov al, byte [ebp - 0x3e] add esp, 0x10 sub eax, 0xa cmp al, 2 -jbe short loc_fffb43fb ; jbe 0xfffb43fb +jbe short loc_fffb448e ; jbe 0xfffb448e inc byte [ebp - 0x3d] -jmp short loc_fffb4412 ; jmp 0xfffb4412 +jmp short loc_fffb44a5 ; jmp 0xfffb44a5 -loc_fffb4452: ; not directly referenced +loc_fffb44e5: ; not directly referenced cmp byte [ebp - 0x58], 0 -je short loc_fffb4461 ; je 0xfffb4461 +je short loc_fffb44f4 ; je 0xfffb44f4 mov al, byte [ebp - 0x44] shl eax, 4 add byte [ebp - 0x4c], al -loc_fffb4461: ; not directly referenced +loc_fffb44f4: ; not directly referenced movzx ecx, byte [ebp - 0x4c] sub esp, 0xc mov eax, dword [ebp - 0x3c] push 1 -call fcn_fffa83c9 ; call 0xfffa83c9 +call fcn_fffa8377 ; call 0xfffa8377 add esp, 0x10 mov byte [ebp - 0x3f], al -loc_fffb4478: ; not directly referenced +loc_fffb450b: ; not directly referenced movzx eax, byte [ebp - 0x3f] -loc_fffb447c: ; not directly referenced +loc_fffb450f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -27712,7 +27756,7 @@ pop edi pop ebp ret -fcn_fffb4484: ; not directly referenced +fcn_fffb4517: ; not directly referenced push ebp mov ebp, esp push edi @@ -27726,23 +27770,23 @@ mov byte [ebp - 0x1a], 1 lea edi, [ebp - 0x18] mov byte [ebp - 0x19], 2 -loc_fffb44a2: ; not directly referenced +loc_fffb4535: ; not directly referenced movzx edx, byte [esi] mov eax, ebx inc esi -call fcn_fffb3fec ; call 0xfffb3fec +call fcn_fffb407f ; call 0xfffb407f cmp esi, edi -jne short loc_fffb44a2 ; jne 0xfffb44a2 +jne short loc_fffb4535 ; jne 0xfffb4535 cmp dword [ebx + 0x188b], 1 -jne short loc_fffb44d2 ; jne 0xfffb44d2 +jne short loc_fffb4565 ; jne 0xfffb4565 mov edx, 0xa mov eax, ebx -call fcn_fffb3fec ; call 0xfffb3fec +call fcn_fffb407f ; call 0xfffb407f mov edx, 0xb mov eax, ebx -call fcn_fffb3fec ; call 0xfffb3fec +call fcn_fffb407f ; call 0xfffb407f -loc_fffb44d2: ; not directly referenced +loc_fffb4565: ; not directly referenced add esp, 0x1c xor eax, eax pop ebx @@ -27751,116 +27795,96 @@ pop edi pop ebp ret -fcn_fffb44dc: ; not directly referenced +fcn_fffb456f: ; not directly referenced push ebp -mov ecx, 2 +mov eax, 0x80000002 mov ebp, esp +push edi +push esi push ebx sub esp, 0x1c -mov ebx, dword [ebp + 0xc] -push dword [ebp + 0x10] -mov edx, dword [ebp + 8] -lea eax, [ebp - 0xa] -mov word [ebp - 0xa], bx +mov ebx, dword [ebp + 0x20] +mov ecx, dword [ebp + 0x10] +mov esi, dword [ebp + 0x14] +mov edi, dword [ebp + 0x18] +test ebx, ebx +je loc_fffb464a ; je 0xfffb464a +cmp ecx, 0xb +ja loc_fffb464a ; ja 0xfffb464a push eax -mov eax, 7 -call fcn_fffab430 ; call 0xfffab430 -mov eax, ebx -mov ebx, dword [ebp - 4] -leave -ret - -fcn_fffb450a: ; not directly referenced -push ebp -mov ebp, esp +mov edx, ecx +push dword [ebp + 0x1c] +mov eax, 1 +mov dword [ebp - 0x1c], ecx push edi push esi -mov esi, eax -push ebx -mov ebx, edx -sub esp, 0x2c -test ebx, ebx -setne al -cmp cx, 0x1ff -setbe bl -mov dword [ebp - 0x2c], edx -mov edx, dword [ebp + 8] -mov word [ebp - 0x2e], cx -mov dword [ebp - 0x1c], 0x80000007 -test al, bl -je loc_fffb45de ; je 0xfffb45de -mov edi, edx -movzx edx, dx -add edx, ecx -cmp edx, 0x1ff -jg loc_fffb45de ; jg 0xfffb45de -mov eax, dword [ebp - 0x2c] -add edi, eax -mov ebx, eax -mov eax, esi -movzx eax, al -mov word [ebp - 0x30], di -mov dword [ebp - 0x34], eax +call fcn_fffb05d3 ; call 0xfffb05d3 +add esp, 0x10 +mov ecx, dword [ebp - 0x1c] +test eax, eax +js loc_fffb464a ; js 0xfffb464a +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x1e], al +mov eax, ecx +and eax, 3 +mov dword [ebp - 0x1c], eax +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] +dec eax +test ebx, eax +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] +sete byte [ebp - 0x1d] +mov dword [ebp - 0x28], eax -loc_fffb4563: ; not directly referenced -cmp word [ebp - 0x30], bx -je short loc_fffb45d7 ; je 0xfffb45d7 -mov ecx, dword [ebp + 0xc] -mov dx, word [ebp - 0x2e] -sub edx, dword [ebp - 0x2c] -movzx ecx, byte [ecx] -add edx, ebx -mov eax, edx -shr ax, 8 -cmp ax, cx -je short loc_fffb458c ; je 0xfffb458c -mov edi, dword [ebp + 0xc] -mov byte [edi], al -mov al, 1 -jmp short loc_fffb458e ; jmp 0xfffb458e +loc_fffb45ed: ; not directly referenced +cmp dword [ebp + 0x1c], 0 +je short loc_fffb4648 ; je 0xfffb4648 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffb45ff ; jne 0xfffb45ff +mov al, byte [esi] +mov byte [ebx], al +jmp short loc_fffb4637 ; jmp 0xfffb4637 -loc_fffb458c: ; not directly referenced -xor eax, eax +loc_fffb45ff: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffb4613 ; jne 0xfffb4613 +sub esp, 0xc +push esi +call fcn_fffb3e49 ; call 0xfffb3e49 +mov word [ebx], ax +jmp short loc_fffb4634 ; jmp 0xfffb4634 -loc_fffb458e: ; not directly referenced -dec al -movzx esi, dl -jne short loc_fffb45b3 ; jne 0xfffb45b3 -mov eax, dword [ebp + 0xc] -cmp byte [eax], 1 -push edx -lea edx, [ebp - 0x1c] -sbb eax, eax -push edx -and eax, 0xfffffffe -push 0 -add eax, 0x6e -push eax -call fcn_fffab4b3 ; call 0xfffab4b3 -add esp, 0x10 +loc_fffb4613: ; not directly referenced +cmp dword [ebp - 0x1c], 2 +jne short loc_fffb4626 ; jne 0xfffb4626 +sub esp, 0xc +push esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [ebx], eax +jmp short loc_fffb4634 ; jmp 0xfffb4634 -loc_fffb45b3: ; not directly referenced -shl esi, 8 -mov edi, ebx -push eax -inc ebx -or esi, dword [ebp - 0x34] -push eax -lea eax, [ebp - 0x1c] -push eax +loc_fffb4626: ; not directly referenced +sub esp, 0xc push esi -call fcn_fffab48f ; call 0xfffab48f +call fcn_fffb401c ; call 0xfffb401c +mov dword [ebx], eax +mov dword [ebx + 4], edx + +loc_fffb4634: ; not directly referenced add esp, 0x10 -mov byte [ebx - 1], al -cmp dword [ebp - 0x1c], 0 -je short loc_fffb4563 ; je 0xfffb4563 -mov byte [edi], 0 -loc_fffb45d7: ; not directly referenced -mov dword [ebp - 0x1c], 0 +loc_fffb4637: ; not directly referenced +movzx eax, byte [ebp - 0x1e] +add esi, dword [ebp - 0x28] +adc edi, dword [ebp - 0x24] +dec dword [ebp + 0x1c] +add ebx, eax +jmp short loc_fffb45ed ; jmp 0xfffb45ed -loc_fffb45de: ; not directly referenced -mov eax, dword [ebp - 0x1c] +loc_fffb4648: ; not directly referenced +xor eax, eax + +loc_fffb464a: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -27868,590 +27892,601 @@ pop edi pop ebp ret -fcn_fffb45e9: ; not directly referenced +fcn_fffb4652: ; not directly referenced push ebp -mov ecx, 2 +movzx edx, dl mov ebp, esp push edi push esi -push ebx -sub esp, 0x34 -mov esi, dword [ebp + 0x10] -movzx eax, byte [ebp + 0xc] -lea edi, [ebp - 0x19] -push edi -push 1 -lea edx, [esi + 2] -mov byte [ebp - 0x19], 0xff -mov dword [ebp - 0x30], eax -call fcn_fffb450a ; call 0xfffb450a -add esp, 0x10 mov esi, eax -test eax, eax -jne short loc_fffb467d ; jne 0xfffb467d -mov eax, dword [ebp + 0x18] -xor edx, edx -mov ecx, dword [ebp + 8] -mov dword [ebp - 0x2c], 1 -mov ebx, dword [ebp + 0x14] -shl dword [ebp - 0x2c], cl -mov ecx, 5 -div ecx -lea eax, [eax + eax*4] -add eax, ebx -mov dword [ebp - 0x34], eax +push ebx +sub esp, 0x2c +mov ebx, dword [ebp + 0x10] +mov eax, dword [ebp + 8] +mov dword [ebp - 0x24], ecx +mov edi, dword [esi + 0x5edd] +mov dword [ebp - 0x1c], ebx +mov byte [ebp - 0x2b], bl +mov bl, byte [ebp + 0x18] +mov ecx, eax +mov eax, dword [ebp + 0xc] +mov byte [ebp - 0x2c], bl +imul ebx, edx, 0xcc +mov byte [ebp - 0x20], al +lea ebx, [edi + ebx + 0x1c] +cmp cl, 0xe +ja loc_fffb4a3a ; ja 0xfffb4a3a +movzx edi, cl +jmp dword [edi*4 + ref_fffd39cc] ; ujmp: jmp dword [edi*4 - 0x2c634] -loc_fffb4640: ; not directly referenced -cmp ebx, dword [ebp - 0x34] -je short loc_fffb467d ; je 0xfffb467d -movzx eax, byte [ebx + 4] -test dword [ebp - 0x2c], eax -je short loc_fffb4678 ; je 0xfffb4678 -push eax -mov edx, dword [ebp + 0x10] -push eax -movzx ecx, word [ebx] -push edi -mov ax, word [ebx + 2] -add edx, ecx -inc eax -sub ax, word [ebx] -movzx eax, ax -push eax -mov eax, dword [ebp - 0x30] -call fcn_fffb450a ; call 0xfffb450a -add esp, 0x10 -test eax, eax -je short loc_fffb4678 ; je 0xfffb4678 -mov esi, eax -jmp short loc_fffb467d ; jmp 0xfffb467d +loc_fffb46a0: ; not directly referenced +mov edi, dword [ebx + 0xa0] +and eax, 0xf +shl eax, 0xf +and edi, 0xfff87fff +jmp near loc_fffb49e6 ; jmp 0xfffb49e6 -loc_fffb4678: ; not directly referenced -add ebx, 5 -jmp short loc_fffb4640 ; jmp 0xfffb4640 +loc_fffb46b7: ; not directly referenced +mov edi, dword [ebx + 0xa0] +and eax, 0xf +shl eax, 0x13 +and edi, 0xff87ffff +jmp near loc_fffb49e6 ; jmp 0xfffb49e6 -loc_fffb467d: ; not directly referenced -test esi, esi -sete al -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffb46ce: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 0x11 +and edi, 0xffe1ffff +jmp short loc_fffb474a ; jmp 0xfffb474a -fcn_fffb468a: -mov eax, dword [0xff7d0084] -push ebp -mov ebp, esp -push ebx -mov eax, dword [eax + 0x14] -add eax, 0xf8002 -push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -mov ecx, eax -mov edx, eax -and cl, 0x7d -pop eax -mov eax, 1 -cmp cx, 0x8c44 -je loc_fffb47e4 ; je 0xfffb47e4 -cmp dx, 0x8c4c -sete bl -cmp dx, 0x8c4a -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c50 -sete bl -cmp dx, 0x8c4e -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c42 -sete bl -cmp dx, 0x8c5c -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c4f -sete bl -cmp dx, 0x8c49 -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c41 -sete bl -cmp dx, 0x8c4b -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c58 -je loc_fffb47e4 ; je 0xfffb47e4 -cmp dx, 0x8c54 -sete bl -cmp dx, 0x8c52 -sete cl -or bl, cl -jne loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x8c56 -je loc_fffb47e4 ; je 0xfffb47e4 -lea ecx, [edx + 0x63bf] -cmp cx, 6 -jbe short loc_fffb47e4 ; jbe 0xfffb47e4 -cmp dx, 0x8cc5 -sete bl -cmp dx, 0x8cc3 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -lea ecx, [edx + 0x733f] -cmp cx, 1 -jbe short loc_fffb47e4 ; jbe 0xfffb47e4 -lea eax, [edx + 0x633f] -cmp ax, 2 -mov eax, 2 -setbe bl -cmp dx, 0x9cc5 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -lea ecx, [edx + 0x633a] -cmp cx, 1 -setbe bl -cmp dx, 0x9cc9 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -cmp dx, 0x9cc8 -sete bl -cmp dx, 0x9cc4 -sete cl -or bl, cl -jne short loc_fffb47e4 ; jne 0xfffb47e4 -add dx, 0x6336 -cmp dx, 2 -sbb eax, eax -add eax, 3 +loc_fffb46e2: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 0x15 +and edi, 0xfe1fffff +jmp short loc_fffb474a ; jmp 0xfffb474a -loc_fffb47e4: -mov ebx, dword [ebp - 4] -leave -ret +loc_fffb46f6: ; not directly referenced +mov edi, dword [ebx + 0xa8] +and eax, 0x1f +shl eax, 0x13 +and edi, 0xff07ffff +jmp near loc_fffb4a1a ; jmp 0xfffb4a1a -fcn_fffb47e9: -push ebp -mov ebp, esp -push esi -mov esi, dword [ebp + 8] -push ebx -mov ebx, dword [ebp + 0xc] -call fcn_fffb3d58 ; call 0xfffb3d58 -mov ecx, esi -movzx esi, cl -lea edx, [eax + esi] -mov al, bl -out dx, al -pop ebx -pop esi -pop ebp -ret +loc_fffb470d: ; not directly referenced +mov edi, dword [ebx + 0xa8] +and eax, 0x1f +shl eax, 0x18 +and edi, 0xe0ffffff +jmp near loc_fffb4a1a ; jmp 0xfffb4a1a -fcn_fffb4808: ; not directly referenced -push ebp -mov ebp, esp -push ebx -mov ebx, dword [ebp + 8] -call fcn_fffb3d58 ; call 0xfffb3d58 -movzx ebx, bl -lea edx, [eax + ebx] -in al, dx -pop ebx -pop ebp -ret +loc_fffb4724: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 6 +and edi, 0xfffffc3f +jmp short loc_fffb474a ; jmp 0xfffb474a -fcn_fffb481e: -mov eax, dword [0xff7d0084] -push ebp -mov ebp, esp -push ebx -mov eax, dword [eax + 0x14] -add eax, 0xf8002 -push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -mov ecx, eax -mov edx, eax -and cl, 0x7d -pop eax -mov eax, 1 -cmp cx, 0x8c44 -je loc_fffb497f ; je 0xfffb497f -cmp dx, 0x8c4c -sete bl -cmp dx, 0x8c4a -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c50 -sete bl -cmp dx, 0x8c4e -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c42 -sete bl -cmp dx, 0x8c5c -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c4f -sete bl -cmp dx, 0x8c49 -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c41 -sete bl -cmp dx, 0x8c4b -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c58 -je loc_fffb497f ; je 0xfffb497f -cmp dx, 0x8c54 -sete bl -cmp dx, 0x8c52 -sete cl -or bl, cl -jne loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x8c56 -je loc_fffb497f ; je 0xfffb497f -cmp dx, 0x8cc5 -sete bl -cmp dx, 0x8cc3 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -lea eax, [edx + 0x733f] -cmp ax, 1 -jbe short loc_fffb497a ; jbe 0xfffb497a -lea ecx, [edx + 0x63bf] -mov eax, 2 -cmp cx, 6 -jbe short loc_fffb497f ; jbe 0xfffb497f -lea ecx, [edx + 0x633f] -cmp cx, 2 -setbe bl -cmp dx, 0x9cc5 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -lea ecx, [edx + 0x633a] -cmp cx, 1 -setbe bl -cmp dx, 0x9cc9 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -cmp dx, 0x9cc8 -sete bl -cmp dx, 0x9cc4 -sete cl -or bl, cl -jne short loc_fffb497f ; jne 0xfffb497f -add dx, 0x6336 -cmp dx, 2 -sbb eax, eax -add eax, 3 -jmp short loc_fffb497f ; jmp 0xfffb497f +loc_fffb4738: ; not directly referenced +mov edi, dword [ebx + 0xa4] +and eax, 0xf +shl eax, 0xa +and edi, 0xffffc3ff -loc_fffb497a: -mov eax, 1 +loc_fffb474a: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x4008 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xa4], edi +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a -loc_fffb497f: -mov ebx, dword [ebp - 4] -leave +loc_fffb4773: ; not directly referenced +mov edi, dword [ebx + 0xac] +sub eax, 6 +and eax, 3 +shl eax, 0x11 +and edi, 0xfff9ffff +jmp short loc_fffb47b6 ; jmp 0xfffb47b6 + +loc_fffb478a: ; not directly referenced +sub eax, 6 +mov edi, dword [ebx + 0xac] +cmp dword [esi + 0x2481], 3 +jne short loc_fffb47aa ; jne 0xfffb47aa +and eax, 7 +and edi, 0xffc7ffff +shl eax, 0x13 +jmp short loc_fffb47b6 ; jmp 0xfffb47b6 + +loc_fffb47aa: ; not directly referenced +and eax, 3 +and edi, 0xffe7ffff +shl eax, 0x13 + +loc_fffb47b6: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x4014 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xac], edi +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb47df: ; not directly referenced +movzx ecx, byte [ebp - 0x24] +lea edi, [ebx + ecx*4] +mov ebx, dword [edi + 4] +mov dword [ebp - 0x24], edi +mov dword [ebp - 0x20], ebx +shr ebx, 0xd +and ebx, 0xf +mov edi, ebx +or edi, 0xfffffff0 +test bl, 8 +cmovne ebx, edi +add eax, ebx +mov bl, 6 +cmp al, 6 +cmovle ebx, eax +mov al, 0xfc +cmp bl, 0xfc +cmovge eax, ebx +mov ebx, dword [ebp - 0x20] +and eax, 0xf +mov edi, eax +shl edi, 0xd +and ebx, 0xff0e1fff +shl eax, 0x14 +or ebx, edi +or ebx, eax +mov eax, esi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, ebx +mov edx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov eax, dword [ebp - 0x24] +mov dword [eax + 4], ebx +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb4850: ; not directly referenced +movzx ecx, byte [ebp - 0x24] +lea edi, [ebx + ecx*4] +mov ebx, dword [edi + 4] +mov dword [ebp - 0x20], ebx +shr ebx, 0x11 +and ebx, 7 +add eax, ebx +mov bl, 7 +cmp al, 7 +cmovle ebx, eax +xor eax, eax +test bl, bl +cmovns eax, ebx +and eax, 7 +mov ebx, eax +shl ebx, 0x11 +mov dword [ebp - 0x24], ebx +mov ebx, dword [ebp - 0x20] +shl eax, 0x18 +and ebx, 0xf8f1ffff +or ebx, dword [ebp - 0x24] +or ebx, eax +mov eax, esi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, ebx +mov edx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je loc_fffb4a3a ; je 0xfffb4a3a +mov dword [edi + 4], ebx +jmp near loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb48b3: ; not directly referenced +imul eax, edx, 0x13c3 +xor edi, edi +shl edx, 0xa +lea eax, [esi + eax + 0x3757] +mov dword [ebp - 0x24], eax +lea eax, [edx + 0x4028] +mov dword [ebp - 0x30], eax +lea eax, [edx + 0x4024] +mov dword [ebp - 0x28], eax +mov eax, dword [ebp - 0x20] +and eax, 0x7f +mov dword [ebp - 0x1c], eax + +loc_fffb48e3: ; not directly referenced +mov eax, edi +mov byte [ebp - 0x2a], al +movzx eax, byte [ebp - 0x2c] +bt eax, edi +jae loc_fffb49c8 ; jae 0xfffb49c8 +mov ecx, dword [ebp - 0x24] +mov al, byte [ebp - 0x20] +add al, byte [ecx + edi + 0x1011] +sub al, byte [ecx + edi + 0x1015] +mov byte [ebp - 0x29], al +js loc_fffb49c8 ; js 0xfffb49c8 +mov edx, dword [ebp - 0x30] +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov edx, dword [ebp - 0x28] +mov dword [ebp - 0x34], eax +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov dl, byte [ebp - 0x2a] +mov ecx, dword [ebp - 0x34] +cmp dl, 2 +mov ebx, eax +movzx eax, byte [ebp - 0x29] +je short loc_fffb4966 ; je 0xfffb4966 +and eax, 0xf +cmp dl, 3 +je short loc_fffb497f ; je 0xfffb497f +dec dl +je short loc_fffb4953 ; je 0xfffb4953 +and ecx, 0xfffffff0 +and ebx, 0xffffff80 +or ecx, eax +or ebx, dword [ebp - 0x1c] +jmp short loc_fffb4995 ; jmp 0xfffb4995 + +loc_fffb4953: ; not directly referenced +shl eax, 4 +and cl, 0xf +or ecx, eax +mov eax, dword [ebp - 0x1c] +and bh, 0x80 +shl eax, 8 +jmp short loc_fffb4993 ; jmp 0xfffb4993 + +loc_fffb4966: ; not directly referenced +and eax, 0xf +and ch, 0xf0 +shl eax, 8 +and ebx, 0xff80ffff +or ecx, eax +mov eax, dword [ebp - 0x1c] +shl eax, 0x10 +jmp short loc_fffb4993 ; jmp 0xfffb4993 + +loc_fffb497f: ; not directly referenced +shl eax, 0xc +and ch, 0xf +or ecx, eax +mov eax, dword [ebp - 0x1c] +and ebx, 0x80ffffff +shl eax, 0x18 + +loc_fffb4993: ; not directly referenced +or ebx, eax + +loc_fffb4995: ; not directly referenced +mov edx, dword [ebp - 0x30] +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, dword [ebp - 0x28] +mov ecx, ebx +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x2b], 0 +je short loc_fffb49c8 ; je 0xfffb49c8 +mov ecx, dword [ebp - 0x24] +mov al, byte [ebp - 0x20] +mov byte [ecx + edi + 0x1015], al +mov al, byte [ebp - 0x29] +mov byte [ecx + edi + 0x1011], al + +loc_fffb49c8: ; not directly referenced +inc edi +cmp edi, 4 +jne loc_fffb48e3 ; jne 0xfffb48e3 +jmp short loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb49d4: ; not directly referenced +mov edi, dword [ebx + 0xa0] +and eax, 7 +shl eax, 0xc +and edi, 0xffff8fff + +loc_fffb49e6: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x4004 +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je short loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xa0], edi +jmp short loc_fffb4a3a ; jmp 0xfffb4a3a + +loc_fffb4a08: ; not directly referenced +mov edi, dword [ebx + 0xa8] +and eax, 0x1f +shl eax, 0xe +and edi, 0xfff83fff + +loc_fffb4a1a: ; not directly referenced +or edi, eax +mov eax, esi +shl edx, 0xa +mov ecx, edi +add edx, 0x400c +call fcn_fffb3381 ; call 0xfffb3381 +cmp byte [ebp - 0x1c], 0 +je short loc_fffb4a3a ; je 0xfffb4a3a +mov dword [ebx + 0xa8], edi + +loc_fffb4a3a: ; not directly referenced +add esp, 0x2c +pop ebx +pop esi +pop edi +pop ebp ret -fcn_fffb4984: +fcn_fffb4a42: push ebp mov ebp, esp -call fcn_fffb481e ; call 0xfffb481e -cmp eax, 1 -je short loc_fffb499d ; je 0xfffb499d -xor edx, edx -cmp eax, 2 -mov al, 6 -cmove edx, eax -jmp short loc_fffb499f ; jmp 0xfffb499f - -loc_fffb499d: -mov dl, 8 +push esi +mov esi, dword [ebp + 8] +push ebx +mov ebx, dword [ebp + 0xc] +call fcn_fffb3fce ; call 0xfffb3fce +mov ecx, esi +movzx esi, cl +lea edx, [eax + esi] +mov al, bl +out dx, al +pop ebx +pop esi +pop ebp +ret -loc_fffb499f: -mov al, dl +fcn_fffb4a61: ; not directly referenced +push ebp +mov ebp, esp +push ebx +mov ebx, dword [ebp + 8] +call fcn_fffb3fce ; call 0xfffb3fce +movzx ebx, bl +lea edx, [eax + ebx] +in al, dx +pop ebx pop ebp ret -fcn_fffb49a3: ; not directly referenced +fcn_fffb4a77: ; not directly referenced push ebp mov ebp, esp -push edi push esi +mov esi, dword [ebp + 0xc] push ebx -sub esp, 0x1c -mov eax, dword [0xff7d0084] -mov eax, dword [eax + 0x14] -add eax, 0xf8040 -push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -mov esi, eax -and esi, 0xfffc -push eax -add esi, 8 -push eax -push esi -call fcn_fffaafc2 ; call 0xfffaafc2 -mov ecx, 0x64 -xor edx, edx -add esp, 0x10 -mov ebx, eax -imul eax, dword [ebp + 8], 0x166 -and ebx, 0xffffff -div ecx -lea edi, [ebx + eax + 1] -mov ecx, edi -and edi, 0xffffff -shr ecx, 0x18 - -loc_fffb49fc: ; not directly referenced -test ecx, ecx -setne dl -cmp edi, ebx -seta al -or al, dl -je short loc_fffb4a34 ; je 0xfffb4a34 +mov ebx, dword [ebp + 8] sub esp, 0xc -push esi -mov dword [ebp - 0x20], edx -mov dword [ebp - 0x1c], ecx -call fcn_fffaafc2 ; call 0xfffaafc2 +push ebx +call fcn_fffb00dc ; call 0xfffb00dc add esp, 0x10 -mov ecx, dword [ebp - 0x1c] -mov edx, dword [ebp - 0x20] -and eax, 0xffffff -cmp eax, ebx -jae short loc_fffb4a30 ; jae 0xfffb4a30 -test dl, dl -je short loc_fffb4a34 ; je 0xfffb4a34 -dec ecx - -loc_fffb4a30: ; not directly referenced -mov ebx, eax -jmp short loc_fffb49fc ; jmp 0xfffb49fc - -loc_fffb4a34: ; not directly referenced -lea esp, [ebp - 0xc] +mov dword [ebp + 8], ebx +or eax, esi +mov dword [ebp + 0xc], eax +lea esp, [ebp - 8] pop ebx pop esi -pop edi pop ebp -ret +jmp near fcn_fffb0086 ; jmp 0xfffb0086 -fcn_fffb4a3c: ; not directly referenced +fcn_fffb4aa1: ; not directly referenced push ebp mov ebp, esp -sub esp, 8 -mov eax, dword [ebp + 0x10] -test eax, eax -je short loc_fffb4a55 ; je 0xfffb4a55 +push esi +mov esi, dword [ebp + 0xc] +push ebx +mov ebx, dword [ebp + 8] sub esp, 0xc -push eax -call fcn_fffb49a3 ; call 0xfffb49a3 +push ebx +call fcn_fffb00dc ; call 0xfffb00dc add esp, 0x10 +mov dword [ebp + 8], ebx +and eax, esi +mov dword [ebp + 0xc], eax +lea esp, [ebp - 8] +pop ebx +pop esi +pop ebp +jmp near fcn_fffb0086 ; jmp 0xfffb0086 -loc_fffb4a55: ; not directly referenced -xor eax, eax -leave -ret - -fcn_fffb4a59: ; not directly referenced +fcn_fffb4acb: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -mov ebx, 1 -sub esp, 0x38 +sub esp, 0x2c mov eax, dword [ebp + 8] lea esi, [eax - 8] mov edi, dword [esi + 0x10] lea eax, [edi + 2] push eax -call fcn_fffb3d06 ; call 0xfffb3d06 -add esp, 0x10 +call fcn_fffb3e49 ; call 0xfffb3e49 +pop ebx +mov ebx, 1 mov edx, eax and dl, 0x7d cmp dx, 0x8c44 -je loc_fffb4ba6 ; je 0xfffb4ba6 +je loc_fffb4c16 ; je 0xfffb4c16 cmp ax, 0x8c4c sete cl cmp ax, 0x8c4a sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c50 sete cl cmp ax, 0x8c4e sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c42 sete cl cmp ax, 0x8c5c sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c4f sete cl cmp ax, 0x8c49 sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c41 sete cl cmp ax, 0x8c4b sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c58 -je loc_fffb4ba6 ; je 0xfffb4ba6 +je loc_fffb4c16 ; je 0xfffb4c16 cmp ax, 0x8c54 sete cl cmp ax, 0x8c52 sete dl or cl, dl -jne loc_fffb4ba6 ; jne 0xfffb4ba6 +jne loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x8c56 -je loc_fffb4ba6 ; je 0xfffb4ba6 +je loc_fffb4c16 ; je 0xfffb4c16 cmp ax, 0x8cc5 sete cl cmp ax, 0x8cc3 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 lea edx, [eax + 0x733f] cmp dx, 1 -jbe short loc_fffb4ba1 ; jbe 0xfffb4ba1 +jbe short loc_fffb4c11 ; jbe 0xfffb4c11 lea edx, [eax + 0x63bf] mov bl, 2 cmp dx, 6 -jbe short loc_fffb4ba6 ; jbe 0xfffb4ba6 +jbe short loc_fffb4c16 ; jbe 0xfffb4c16 lea edx, [eax + 0x633f] cmp dx, 2 setbe cl cmp ax, 0x9cc5 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 lea edx, [eax + 0x633a] cmp dx, 1 setbe cl cmp ax, 0x9cc9 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 cmp ax, 0x9cc8 sete cl cmp ax, 0x9cc4 sete dl or cl, dl -jne short loc_fffb4ba6 ; jne 0xfffb4ba6 +jne short loc_fffb4c16 ; jne 0xfffb4c16 add ax, 0x6336 cmp ax, 2 sbb ebx, ebx add ebx, 3 -jmp short loc_fffb4ba6 ; jmp 0xfffb4ba6 +jmp short loc_fffb4c16 ; jmp 0xfffb4c16 -loc_fffb4ba1: ; not directly referenced +loc_fffb4c11: ; not directly referenced mov ebx, 1 -loc_fffb4ba6: ; not directly referenced +loc_fffb4c16: ; not directly referenced mov eax, dword [esi + 0xc] -sub esp, 0xc mov dword [ebp - 0x2c], eax lea eax, [edi + 0x40] push eax -call fcn_fffb3d06 ; call 0xfffb3d06 +call fcn_fffb3e49 ; call 0xfffb3e49 mov esi, eax lea eax, [edi + 0x48] -mov dword [esp], eax -call fcn_fffb3d06 ; call 0xfffb3d06 -add esp, 0x10 +push eax +call fcn_fffb3e49 ; call 0xfffb3e49 cmp dword [ebp + 0xc], 5 -ja loc_fffb4e16 ; ja 0xfffb4e16 +pop edx +pop ecx +ja loc_fffb4e80 ; ja 0xfffb4e80 mov edx, dword [ebp + 0xc] -jmp dword [edx*4 + ref_fffd3f10] ; ujmp: jmp dword [edx*4 - 0x2c0f0] +jmp dword [edx*4 + ref_fffd3a08] ; ujmp: jmp dword [edx*4 - 0x2c5f8] -loc_fffb4bdc: ; not directly referenced +loc_fffb4c46: ; not directly referenced mov edx, 0xcf9 xor eax, eax out dx, al mov bl, 4 -jmp near loc_fffb4d98 ; jmp 0xfffb4d98 +jmp near loc_fffb4e02 ; jmp 0xfffb4e02 -loc_fffb4beb: ; not directly referenced +loc_fffb4c55: ; not directly referenced mov edx, 0xcf9 mov al, 2 out dx, al mov bl, 6 -jmp near loc_fffb4d98 ; jmp 0xfffb4d98 +jmp near loc_fffb4e02 ; jmp 0xfffb4e02 -loc_fffb4bfa: ; not directly referenced +loc_fffb4c64: ; not directly referenced and esi, 0xfffffffc mov al, byte [edi + 0x44] or eax, 0xffffff80 mov byte [edi + 0x44], al cmp ebx, 2 movzx esi, si -jne short loc_fffb4c20 ; jne 0xfffb4c20 +jne short loc_fffb4c8a ; jne 0xfffb4c8a push eax push eax push 0 lea eax, [esi + 0x9c] push eax -call fcn_fffaafda ; call 0xfffaafda -jmp short loc_fffb4c3d ; jmp 0xfffb4c3d +call fcn_fffb0086 ; call 0xfffb0086 +jmp short loc_fffb4ca7 ; jmp 0xfffb4ca7 -loc_fffb4c20: ; not directly referenced +loc_fffb4c8a: ; not directly referenced dec ebx -jne short loc_fffb4c40 ; jne 0xfffb4c40 +jne short loc_fffb4caa ; jne 0xfffb4caa push ecx push ecx push 0 lea eax, [esi + 0x28] push eax -call fcn_fffb3f28 ; call 0xfffb3f28 +call fcn_fffb00b9 ; call 0xfffb00b9 lea eax, [esi + 0x2c] pop ebx pop edi push 0 push eax -call fcn_fffb3f28 ; call 0xfffb3f28 +call fcn_fffb00b9 ; call 0xfffb00b9 -loc_fffb4c3d: ; not directly referenced +loc_fffb4ca7: ; not directly referenced add esp, 0x10 -loc_fffb4c40: ; not directly referenced +loc_fffb4caa: ; not directly referenced push ecx push ecx push 0x100 lea eax, [esi + 0x34] add esi, 4 push eax -call fcn_fffb3f28 ; call 0xfffb3f28 +call fcn_fffb00b9 ; call 0xfffb00b9 mov dword [esp], esi -call fcn_fffaafc2 ; call 0xfffaafc2 +call fcn_fffb00dc ; call 0xfffb00dc pop edi mov ebx, eax and bh, 0xc3 @@ -28461,17 +28496,17 @@ or ah, 0x1c or bh, 0x3c push eax push esi -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 pop eax pop edx push ebx push esi -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 add esp, 0x10 xor ecx, ecx -jmp near loc_fffb4e1b ; jmp 0xfffb4e1b +jmp near loc_fffb4e85 ; jmp 0xfffb4e85 -loc_fffb4c84: ; not directly referenced +loc_fffb4cee: ; not directly referenced mov esi, eax push edx and esi, 0xfffc @@ -28480,139 +28515,139 @@ push 0 lea eax, [esi + 0x60] push eax mov dword [ebp - 0x30], eax -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 pop ecx pop eax lea eax, [esi + 0x64] push 0 push eax -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 pop eax pop edx lea eax, [esi + 0x68] push 0 push eax -call fcn_fffaafda ; call 0xfffaafda +call fcn_fffb0086 ; call 0xfffb0086 mov eax, dword [ebp + 0xc] add esp, 0x10 sub eax, 4 cmp eax, 1 -ja loc_fffb4d96 ; ja 0xfffb4d96 +ja loc_fffb4e00 ; ja 0xfffb4e00 sub esp, 0xc add edi, 0xac push edi -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 pop edx pop ecx or eax, 0x100000 push eax push edi -call fcn_fffb3d84 ; call 0xfffb3d84 +call fcn_fffb3ffa ; call 0xfffb3ffa add esp, 0x10 cmp dword [ebp + 0xc], 5 -jne loc_fffb4d96 ; jne 0xfffb4d96 +jne loc_fffb4e00 ; jne 0xfffb4e00 mov eax, dword [ebp - 0x2c] sub esp, 0xc add eax, 0x332c push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 test al, 3 -jne loc_fffb4d96 ; jne 0xfffb4d96 +jne loc_fffb4e00 ; jne 0xfffb4e00 mov eax, dword [ebp - 0x2c] sub esp, 0xc add eax, 0x3330 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 test ah, 0xc0 -jne short loc_fffb4d96 ; jne 0xfffb4d96 +jne short loc_fffb4e00 ; jne 0xfffb4e00 cmp ebx, 1 -jne short loc_fffb4d55 ; jne 0xfffb4d55 +jne short loc_fffb4dbf ; jne 0xfffb4dbf push eax push eax push 0x40000000 push esi -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 pop eax pop edx lea eax, [esi + 4] add esi, 0xc push 0xbfffffff push eax -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 pop ecx pop ebx push 0xbfffffff -jmp short loc_fffb4d7b ; jmp 0xfffb4d7b +jmp short loc_fffb4de5 ; jmp 0xfffb4de5 -loc_fffb4d55: ; not directly referenced +loc_fffb4dbf: ; not directly referenced cmp ebx, 2 -jne short loc_fffb4d84 ; jne 0xfffb4d84 +jne short loc_fffb4dee ; jne 0xfffb4dee push edx add esi, 0x1f0 push edx push 1 push esi -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 pop ecx pop ebx push 0xfffffffffffffffb push esi -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 pop edi pop eax push 0x7fffffff -loc_fffb4d7b: ; not directly referenced +loc_fffb4de5: ; not directly referenced push esi -call fcn_fffab64e ; call 0xfffab64e +call fcn_fffb4aa1 ; call 0xfffb4aa1 add esp, 0x10 -loc_fffb4d84: ; not directly referenced +loc_fffb4dee: ; not directly referenced push eax push eax push 0x40000000 push dword [ebp - 0x30] -call fcn_fffab629 ; call 0xfffab629 +call fcn_fffb4a77 ; call 0xfffb4a77 add esp, 0x10 -loc_fffb4d96: ; not directly referenced +loc_fffb4e00: ; not directly referenced mov bl, 0xe -loc_fffb4d98: ; not directly referenced +loc_fffb4e02: ; not directly referenced mov eax, dword [ebp + 0xc] sub eax, 4 cmp eax, 1 -jbe short loc_fffb4daa ; jbe 0xfffb4daa +jbe short loc_fffb4e14 ; jbe 0xfffb4e14 -loc_fffb4da3: ; not directly referenced +loc_fffb4e0d: ; not directly referenced xor esi, esi lea edi, [ebp - 0x1c] -jmp short loc_fffb4dc8 ; jmp 0xfffb4dc8 +jmp short loc_fffb4e32 ; jmp 0xfffb4e32 -loc_fffb4daa: ; not directly referenced +loc_fffb4e14: ; not directly referenced push 0 push 0 push 0 -push ref_fffd65b0 ; push 0xfffd65b0 -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd68ac ; push 0xfffd68ac +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 test eax, eax -jne short loc_fffb4da3 ; jne 0xfffb4da3 +jne short loc_fffb4e0d ; jne 0xfffb4e0d mov ecx, 0x80000003 -jmp short loc_fffb4e1b ; jmp 0xfffb4e1b +jmp short loc_fffb4e85 ; jmp 0xfffb4e85 -loc_fffb4dc8: ; not directly referenced +loc_fffb4e32: ; not directly referenced push edi push 0 push esi -push ref_fffd663c ; push 0xfffd663c -call fcn_fffab40f ; call 0xfffab40f +push ref_fffd6938 ; push 0xfffd6938 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 mov edx, eax test eax, eax -jne short loc_fffb4df3 ; jne 0xfffb4df3 +jne short loc_fffb4e5d ; jne 0xfffb4e5d mov dword [ebp - 0x2c], eax mov eax, dword [ebp - 0x1c] sub esp, 0xc @@ -28621,26 +28656,26 @@ call dword [eax] ; ucall mov edx, dword [ebp - 0x2c] add esp, 0x10 -loc_fffb4df3: ; not directly referenced +loc_fffb4e5d: ; not directly referenced inc esi cmp edx, 0x8000000e -jne short loc_fffb4dc8 ; jne 0xfffb4dc8 +jne short loc_fffb4e32 ; jne 0xfffb4e32 xor ecx, ecx mov edx, 0xcf9 mov al, bl out dx, al mov dword [ebp - 0x1c], 0 -loc_fffb4e0d: ; not directly referenced +loc_fffb4e77: ; not directly referenced mov eax, dword [ebp - 0x1c] test eax, eax -je short loc_fffb4e0d ; je 0xfffb4e0d -jmp short loc_fffb4e1b ; jmp 0xfffb4e1b +je short loc_fffb4e77 ; je 0xfffb4e77 +jmp short loc_fffb4e85 ; jmp 0xfffb4e85 -loc_fffb4e16: ; not directly referenced +loc_fffb4e80: ; not directly referenced mov ecx, 0x80000002 -loc_fffb4e1b: ; not directly referenced +loc_fffb4e85: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ecx pop ebx @@ -28649,3400 +28684,3405 @@ pop edi pop ebp ret -fcn_fffb4e25: ; not directly referenced +fcn_fffb4e8f: ; not directly referenced push ebp -mov al, 1 +xor ecx, ecx mov ebp, esp +mov edx, 0x40 push edi push esi push ebx -xor ebx, ebx -sub esp, 0x2c -lea esi, [ebp - 0x28] -lea edi, [ebp - 0x20] - -loc_fffb4e38: ; not directly referenced -cmp dword [ebp + 8], 1 -je short loc_fffb4e63 ; je 0xfffb4e63 -cmp dword [ebp + 8], 2 -jne short loc_fffb4e8d ; jne 0xfffb4e8d -mov ecx, 0x150 -rdmsr -mov dword [ebp - 0x28], eax -push eax -push 8 -push esi -push edi -mov dword [ebp - 0x24], edx -call fcn_fffab101 ; call 0xfffab101 -mov al, byte [ebp - 0x19] -shr al, 7 -jmp short loc_fffb4e8a ; jmp 0xfffb4e8a +sub esp, 0xac +mov edi, dword [ebp + 8] +mov eax, dword [edi + 0x5edd] +mov esi, eax +mov dword [ebp - 0x90], eax +mov eax, dword [edi + 0x2444] +mov dword [ebp - 0x7c], eax +mov eax, dword [edi + 0x1887] +mov dword [ebp - 0x78], eax +mov eax, dword [edi + 0x188b] +mov dword [ebp - 0x6c], eax +mov eax, edi +call fcn_fffc3b02 ; call 0xfffc3b02 +lea eax, [edi + 0x3757] +mov ecx, eax +mov dword [ebp - 0x80], eax +mov eax, esi +xor esi, esi +add eax, 0x1c +mov dword [ebp - 0x8c], eax +mov ebx, eax +mov dword [ebp - 0x70], ecx -loc_fffb4e63: ; not directly referenced -mov eax, dword [0xff7d0084] -sub esp, 0xc -mov eax, dword [eax + 0x14] -add eax, 0x48 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -and eax, 0xfffffffe -add eax, 0x5da4 -mov dword [esp], eax -call fcn_fffb3d4e ; call 0xfffb3d4e -shr eax, 0x1f +loc_fffb4ef2: ; not directly referenced +mov eax, dword [ebp - 0x70] +cmp dword [eax], 2 +jne loc_fffb50b6 ; jne 0xfffb50b6 +cmp dword [ebp - 0x6c], 1 +je short loc_fffb4f41 ; je 0xfffb4f41 -loc_fffb4e8a: ; not directly referenced -add esp, 0x10 +loc_fffb4f04: ; not directly referenced +cmp byte [edi + 0x18b4], 1 +jne loc_fffb4fdf ; jne 0xfffb4fdf +mov eax, dword [ebp - 0x7c] +call dword [eax + 0x7c] ; ucall +mov edx, dword [ebp - 0x6c] +movzx eax, ax +add eax, eax +mov ecx, eax +or eax, 1 +or ecx, 0x3e0001 +dec edx +cmovne ecx, eax +mov eax, edi +lea edx, [esi*4 + 0x2000] +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffb4fdf ; jmp 0xfffb4fdf -loc_fffb4e8d: ; not directly referenced -sub esp, 0xc -inc ebx -push 1 -mov dword [ebp - 0x2c], eax -call fcn_fffb49a3 ; call 0xfffb49a3 -mov eax, dword [ebp - 0x2c] -add esp, 0x10 -mov dl, al +loc_fffb4f41: ; not directly referenced +mov dl, byte [ebx + 0xcb] +mov ecx, 0xff +mov al, byte [ebx + 3] and edx, 1 -cmp bx, 0x3e7 -setbe cl -test dl, cl -jne short loc_fffb4e38 ; jne 0xfffb4e38 -cmp bx, 0x3e8 -sete al -and eax, edx -shl eax, 0x1f -lea esp, [ebp - 0xc] -sar eax, 0x1f -pop ebx -and eax, 0x80000012 -pop esi -pop edi -pop ebp -ret - -fcn_fffb4ecf: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x38 -mov edi, dword [ebp + 8] -push edi -call fcn_fffb4e25 ; call 0xfffb4e25 -add esp, 0x10 -mov ebx, eax -test eax, eax -js loc_fffb505b ; js 0xfffb505b -cmp edi, 1 -je short loc_fffb4f01 ; je 0xfffb4f01 -cmp edi, 2 -je loc_fffb4fa4 ; je 0xfffb4fa4 -jmp near loc_fffb505f ; jmp 0xfffb505f - -loc_fffb4f01: ; not directly referenced -mov eax, dword [ebp + 0xc] -sub esp, 0xc -mov dword [ebp - 0x20], eax -mov eax, dword [0xff7d0084] -or byte [ebp - 0x1d], 0x80 -mov eax, dword [eax + 0x14] -add eax, 0x48 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov edi, eax -pop eax -and edi, 0xfffffffe -pop edx -push dword [ebp - 0x20] -lea esi, [edi + 0x5da4] -add edi, 0x5da0 -push esi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov dword [esp], 1 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov dword [ebp - 0x20], eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], 0xa -mov dword [ebp - 0x1c], eax -call fcn_fffb49a3 ; call 0xfffb49a3 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov edx, dword [ebp - 0x20] -add esp, 0x10 -cmp edx, esi -je short loc_fffb4f94 ; je 0xfffb4f94 -cmp dword [ebp - 0x1c], eax -je short loc_fffb4f94 ; je 0xfffb4f94 +shl edx, 6 +and eax, 0xffffffbf +or eax, edx +mov edx, esi +mov byte [ebx + 3], al +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [ebx] +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +cmp byte [ebx + 0xcb], 0 +je short loc_fffb4f04 ; je 0xfffb4f04 +mov byte [ebp - 0x74], 0 -loc_fffb4f8a: ; not directly referenced -mov eax, 0x80000002 -jmp near loc_fffb5064 ; jmp 0xfffb5064 +loc_fffb4f7e: ; not directly referenced +mov al, byte [ebp - 0x74] +cmp al, byte [edi + 0x2489] +jae loc_fffb4f04 ; jae 0xfffb4f04 +movzx ecx, byte [ebp - 0x74] +xor edx, edx +mov al, byte [ebx + ecx*4 + 6] +shr al, 1 +and eax, 7 +cmp al, 2 +jbe short loc_fffb4fa6 ; jbe 0xfffb4fa6 +lea edx, [eax - 1] +and edx, 7 -loc_fffb4f94: ; not directly referenced -mov eax, dword [ebp + 0x14] -mov dword [eax], edx -lea eax, [ebp - 0x1c] -push ecx -push 4 -jmp near loc_fffb504f ; jmp 0xfffb504f +loc_fffb4fa6: ; not directly referenced +mov al, byte [ebx + ecx*4 + 6] +and edx, 7 +add edx, edx +and eax, 0xfffffff1 +or eax, edx +mov edx, esi +mov byte [ebx + ecx*4 + 6], al +mov eax, dword [ebx + ecx*4 + 4] +mov dword [ebp - 0x84], eax +mov eax, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [ebp - 0x84] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x74] +jmp short loc_fffb4f7e ; jmp 0xfffb4f7e -loc_fffb4fa4: ; not directly referenced -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp + 0x10] -mov eax, dword [eax] -push edx -push 8 -or byte [ebp - 0x21], 0x80 -mov dword [ebp - 0x28], eax -lea eax, [ebp - 0x28] -push eax -lea eax, [ebp - 0x30] -push eax -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x30] -mov ecx, 0x150 -mov edx, dword [ebp - 0x2c] -wrmsr -mov dword [esp], 2 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x28] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov dword [esp], 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x20] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x1c] -add esp, 0x10 -cmp dword [ebp - 0x24], eax -je short loc_fffb5040 ; je 0xfffb5040 -mov eax, dword [ebp - 0x20] -cmp dword [ebp - 0x28], eax -jne loc_fffb4f8a ; jne 0xfffb4f8a +loc_fffb4fdf: ; not directly referenced +imul eax, dword [edi + 0x18a7], 0x2e +mov ecx, dword [ebp - 0x70] +cmp word [ecx + eax + 8], 1 +jne short loc_fffb502c ; jne 0xfffb502c +mov eax, esi +shl eax, 0xa +add eax, 0x4010 +mov edx, eax +mov dword [ebp - 0x74], eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov dl, byte [edi + 0x190b] +mov ecx, edx +shr dl, 1 +and ecx, 1 +and eax, 0xfffffff0 +and edx, 7 +add edx, edx +or eax, ecx +or eax, edx +mov edx, dword [ebp - 0x74] +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb5040: ; not directly referenced -movzx eax, byte [ebp - 0x24] -mov edx, dword [ebp + 0x14] -mov dword [edx], eax -push eax -push 4 -lea eax, [ebp - 0x28] +loc_fffb502c: ; not directly referenced +cmp byte [edi + 0x190c], 0 +jne short loc_fffb505a ; jne 0xfffb505a +cmp dword [ebp - 0x6c], 0 +jne short loc_fffb505a ; jne 0xfffb505a +and byte [ebx + 0xa3], 0xdf +mov edx, esi +mov ecx, dword [ebx + 0xa0] +shl edx, 0xa +mov eax, edi +add edx, 0x4004 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb504f: ; not directly referenced -push eax -push dword [ebp + 0x10] -call fcn_fffab101 ; call 0xfffab101 -add esp, 0x10 +loc_fffb505a: ; not directly referenced +lea edx, [esi*8 + 0x48a8] +mov ecx, 0x3000 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x70] +mov edx, esi +shl edx, 0xa +add edx, 0x42a0 +movzx ecx, byte [eax + 0xc4] +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b +cmp byte [edi + 0x3749], 1 +jne short loc_fffb50b6 ; jne 0xfffb50b6 +lea eax, [esi*4 + 0x5004] +mov edx, eax +mov dword [ebp - 0x74], eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, dword [ebp - 0x74] +or eax, 0x3000000 +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb505b: ; not directly referenced -mov eax, ebx -jmp short loc_fffb5064 ; jmp 0xfffb5064 +loc_fffb50b6: ; not directly referenced +inc esi +add ebx, 0xcc +add dword [ebp - 0x70], 0x13c3 +cmp esi, 2 +jne loc_fffb4ef2 ; jne 0xfffb4ef2 +xor eax, eax +cmp dword [edi + 0x2481], 3 +sete al +mov dword [ebp - 0x84], eax +test byte [edi + 0x2406], 1 +je short loc_fffb50ec ; je 0xfffb50ec +test eax, eax +je short loc_fffb50f5 ; je 0xfffb50f5 -loc_fffb505f: ; not directly referenced -mov eax, 0x80000003 +loc_fffb50ec: ; not directly referenced +xor edx, edx +mov eax, edi +call fcn_fffaa9ee ; call 0xfffaa9ee -loc_fffb5064: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffb50f5: ; not directly referenced +mov eax, dword [ebp - 0x78] +cmp eax, 0x40660 +sete dl +cmp eax, 0x306c0 +sete al +or dl, al +jne short loc_fffb5127 ; jne 0xfffb5127 -fcn_fffb506c: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x48 -mov esi, dword [ebp + 8] -push esi -call fcn_fffb4e25 ; call 0xfffb4e25 -add esp, 0x10 -mov ebx, eax -test eax, eax -js loc_fffb51e8 ; js 0xfffb51e8 -cmp esi, 1 -je short loc_fffb509e ; je 0xfffb509e -cmp esi, 2 -je loc_fffb5145 ; je 0xfffb5145 -jmp near loc_fffb51ec ; jmp 0xfffb51ec +loc_fffb510c: ; not directly referenced +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x7c], 0 +lea esi, [eax + 0x1c] +mov eax, dword [ebp - 0x80] +mov dword [ebp - 0x74], eax +jmp near loc_fffb521d ; jmp 0xfffb521d -loc_fffb509e: ; not directly referenced -mov eax, dword [0xff7d0084] -sub esp, 0xc -mov eax, dword [eax + 0x14] -add eax, 0x48 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -pop edx -pop ecx -push dword [ebp + 0x10] -mov esi, eax -and esi, 0xfffffffe -lea edi, [esi + 0x5da0] -add esi, 0x5da4 -push edi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov eax, dword [ebp + 0xc] -pop edx -pop ecx -or eax, 0x80000000 -push eax -push esi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov dword [esp], 1 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov dword [ebp - 0x40], eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], 0xa -mov dword [ebp - 0x3c], eax -call fcn_fffb49a3 ; call 0xfffb49a3 -mov dword [esp], esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov ecx, dword [ebp - 0x40] -add esp, 0x10 -cmp ecx, esi -je short loc_fffb5138 ; je 0xfffb5138 -cmp dword [ebp - 0x3c], eax -je short loc_fffb5138 ; je 0xfffb5138 +loc_fffb5127: ; not directly referenced +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x70], 0 +lea ebx, [eax + 0x1c] -loc_fffb512e: ; not directly referenced -mov eax, 0x80000002 -jmp near loc_fffb51f1 ; jmp 0xfffb51f1 +loc_fffb5137: ; not directly referenced +imul eax, dword [ebp - 0x70], 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffb51eb ; jne 0xfffb51eb +mov al, byte [edi + 0x2489] +mov byte [ebp - 0x7c], al +xor eax, eax -loc_fffb5138: ; not directly referenced -mov eax, dword [ebp + 0x14] -movzx ecx, cl -mov dword [eax], ecx -jmp near loc_fffb51e8 ; jmp 0xfffb51e8 +loc_fffb5157: ; not directly referenced +cmp byte [ebp - 0x7c], al +jbe short loc_fffb51c0 ; jbe 0xfffb51c0 +mov dl, byte [ebx + eax*4 + 5] +movzx ecx, byte [ebx + eax*4 + 6] +shr dl, 5 +and ecx, 1 +movzx edx, dl +shl ecx, 3 +or ecx, edx +mov esi, ecx +mov dl, cl +or edx, 0xfffffff0 +shr esi, 3 +cmove edx, ecx +mov cl, byte [ebx + eax*4 + 6] +movsx edx, dl +shr cl, 1 +mov esi, ecx +and esi, 7 +mov dword [ebp - 0x74], esi +mov cl, byte [ebx + eax*4 + 6] +shr cl, 4 +mov esi, ecx +or esi, 0xfffffff0 +test cl, 8 +cmovne ecx, esi +movzx esi, byte [ebx + eax*4 + 7] +add edx, dword [ebp - 0x74] +and esi, 7 +cmp edx, 6 +jg short loc_fffb51c4 ; jg 0xfffb51c4 +movsx ecx, cl +inc eax +add ecx, esi +cmp ecx, 6 +jle short loc_fffb5157 ; jle 0xfffb5157 +jmp short loc_fffb51c4 ; jmp 0xfffb51c4 -loc_fffb5145: ; not directly referenced -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x24], eax -mov eax, dword [ebp + 0x10] -or byte [ebp - 0x21], 0x80 -mov dword [ebp - 0x28], eax -push eax -push 8 -lea eax, [ebp - 0x28] -push eax -lea eax, [ebp - 0x30] -push eax -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x30] -mov ecx, 0x150 -mov edx, dword [ebp - 0x2c] -wrmsr -mov dword [esp], 2 -call fcn_fffb4e25 ; call 0xfffb4e25 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x28] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov dword [esp], 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -mov ecx, 0x150 -rdmsr -add esp, 0xc -push 8 -mov dword [ebp - 0x30], eax -lea eax, [ebp - 0x30] -push eax -lea eax, [ebp - 0x20] -push eax -mov dword [ebp - 0x2c], edx -call fcn_fffab101 ; call 0xfffab101 -mov eax, dword [ebp - 0x1c] -add esp, 0x10 -cmp dword [ebp - 0x24], eax -je short loc_fffb51df ; je 0xfffb51df -mov eax, dword [ebp - 0x20] -cmp dword [ebp - 0x28], eax -jne loc_fffb512e ; jne 0xfffb512e +loc_fffb51c0: ; not directly referenced +xor edx, edx +jmp short loc_fffb51c6 ; jmp 0xfffb51c6 -loc_fffb51df: ; not directly referenced -movzx eax, byte [ebp - 0x24] -mov edx, dword [ebp + 0x14] -mov dword [edx], eax +loc_fffb51c4: ; not directly referenced +mov dl, 1 -loc_fffb51e8: ; not directly referenced -mov eax, ebx -jmp short loc_fffb51f1 ; jmp 0xfffb51f1 +loc_fffb51c6: ; not directly referenced +mov al, byte [ebx + 1] +mov ecx, 0xff +and eax, 0xfffffffe +or eax, edx +mov edx, dword [ebp - 0x70] +mov byte [ebx + 1], al +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [ebx] +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffb51ec: ; not directly referenced -mov eax, 0x80000003 +loc_fffb51eb: ; not directly referenced +inc dword [ebp - 0x70] +add ebx, 0xcc +cmp dword [ebp - 0x70], 2 +je loc_fffb510c ; je 0xfffb510c +jmp near loc_fffb5137 ; jmp 0xfffb5137 -loc_fffb51f1: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffb5203: ; not directly referenced +inc dword [ebp - 0x7c] +add esi, 0xcc +add dword [ebp - 0x74], 0x13c3 +cmp dword [ebp - 0x7c], 2 +je loc_fffb52d3 ; je 0xfffb52d3 -fcn_fffb51f9: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2c -mov bl, byte [ebp + 0xc] -mov al, byte [ebp + 0x18] -mov edi, dword [ebp + 0x1c] -and ebx, 0x7f -cmp dword [ebp + 0x14], 1 -mov byte [ebp - 0x1f], al -jbe short loc_fffb5230 ; jbe 0xfffb5230 -test edi, edi -mov esi, 0x80000002 -sete dl -cmp dword [ebp + 0x20], 0 -sete al -or dl, al -jne loc_fffb5793 ; jne 0xfffb5793 +loc_fffb521d: ; not directly referenced +mov eax, dword [ebp - 0x74] +cmp dword [eax], 2 +jne short loc_fffb5203 ; jne 0xfffb5203 +mov byte [ebp - 0x70], 0 -loc_fffb5230: ; not directly referenced -sub esp, 0xc -mov esi, 0x80000012 -push 0 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, 0x40 -jne loc_fffb5793 ; jne 0xfffb5793 -test al, 1 -je short loc_fffb5264 ; je 0xfffb5264 -push edi -push edi -push 0xff -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -jmp near loc_fffb5793 ; jmp 0xfffb5793 +loc_fffb5229: ; not directly referenced +movzx eax, byte [ebp - 0x70] +cmp al, byte [edi + 0x2489] +jae short loc_fffb5203 ; jae 0xfffb5203 +mov ecx, dword [ebp - 0x74] +mov bl, byte [ecx + 0xc4] +lea eax, [ecx + eax + 0x104a] +xor ecx, ecx +mov dword [ebp - 0x88], eax +xor eax, eax +mov byte [ebp - 0x98], bl -loc_fffb5264: ; not directly referenced -push esi -movzx eax, al -push esi -push eax -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -lea eax, [ebx + ebx + 1] -add esp, 0x10 -mov byte [ebp - 0x1c], al -dec eax -mov byte [ebp - 0x1d], al -mov eax, dword [ebp + 0x14] -mov dword [ebp - 0x24], 3 -mov byte [ebp - 0x1e], 0 -and eax, 0xfffffffd -mov dword [ebp - 0x2c], eax +loc_fffb5255: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x98], dl +je short loc_fffb5285 ; je 0xfffb5285 +mov ebx, dword [ebp - 0x88] +mov dl, byte [ebx] +mov byte [ebp - 0x94], dl +mov dl, byte [ebx + 0x24] +mov bl, byte [ebp - 0x94] +cmp bl, dl +cmovae edx, ebx +cmp al, dl +cmovb eax, edx -loc_fffb5293: ; not directly referenced -mov al, byte [ebp + 0x10] -cmp dword [ebp + 0x14], 0xb -mov byte [ebp - 0x20], al -ja loc_fffb5454 ; ja 0xfffb5454 -mov eax, dword [ebp + 0x14] -jmp dword [eax*4 + ref_fffd3f28] ; ujmp: jmp dword [eax*4 - 0x2c0d8] +loc_fffb5285: ; not directly referenced +inc ecx +add dword [ebp - 0x88], 9 +cmp ecx, 4 +jne short loc_fffb5255 ; jne 0xfffb5255 +movzx ebx, byte [ebp - 0x70] +shr al, 3 +not eax +shr eax, 1 +and eax, 3 +mov dl, byte [esi + ebx*4 + 5] +mov ecx, ebx +and byte [esi + ebx*4 + 4], 0x7f +and edx, 0xfffffffc +or edx, eax +mov eax, edi +mov byte [esi + ebx*4 + 5], dl +mov edx, dword [ebp - 0x7c] +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [esi + ebx*4 + 4] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x70] +jmp near loc_fffb5229 ; jmp 0xfffb5229 -loc_fffb52ad: ; not directly referenced -mov dl, byte [ebp - 0x1d] -jmp short loc_fffb52b5 ; jmp 0xfffb52b5 +loc_fffb52d3: ; not directly referenced +movzx ecx, word [edi + 0x248a] +mov eax, ecx +shr ax, 1 +movzx eax, ax +add eax, 0xb2c +cdq +idiv ecx +mov ecx, 7 +cmp eax, 7 +ja short loc_fffb5303 ; ja 0xfffb5303 +xor cl, cl +cmp eax, 2 +jbe short loc_fffb5303 ; jbe 0xfffb5303 +mov cl, 4 +cmp eax, 3 +cmovne ecx, eax -loc_fffb52b2: ; not directly referenced -mov dl, byte [ebp - 0x1c] +loc_fffb5303: ; not directly referenced +cmp dword [ebp - 0x6c], 1 +jne short loc_fffb531b ; jne 0xfffb531b -loc_fffb52b5: ; not directly referenced -cmp byte [ebp - 0x1f], 1 -je loc_fffb5446 ; je 0xfffb5446 +loc_fffb5309: ; not directly referenced +cmp dword [ebp - 0x78], 0x40650 +jne loc_fffb53c7 ; jne 0xfffb53c7 +jmp near loc_fffb53d4 ; jmp 0xfffb53d4 + +loc_fffb531b: ; not directly referenced +and ecx, 7 xor esi, esi -jmp near loc_fffb5440 ; jmp 0xfffb5440 +mov ebx, dword [ebp - 0x8c] +cmp dword [ebp - 0x84], 0 +lea eax, [ecx*8] +mov dword [ebp - 0x70], 0 +cmove esi, ecx +mov byte [ebp - 0x7c], al -loc_fffb52c6: ; not directly referenced -mov eax, dword [ebp + 0x20] -mov dl, byte [ebp - 0x1d] -mov al, byte [eax] -mov byte [ebp - 0x20], al -jmp short loc_fffb52d6 ; jmp 0xfffb52d6 +loc_fffb5341: ; not directly referenced +imul eax, dword [ebp - 0x70], 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffb5363 ; je 0xfffb5363 -loc_fffb52d3: ; not directly referenced -mov dl, byte [ebp - 0x1c] +loc_fffb5352: ; not directly referenced +inc dword [ebp - 0x70] +add ebx, 0xcc +cmp dword [ebp - 0x70], 2 +jne short loc_fffb5341 ; jne 0xfffb5341 +jmp short loc_fffb5309 ; jmp 0xfffb5309 -loc_fffb52d6: ; not directly referenced -cmp dword [edi], 1 -mov esi, 4 -mov dword [edi], 1 -sbb ebx, ebx -and ebx, 0x80000005 -jmp near loc_fffb5409 ; jmp 0xfffb5409 +loc_fffb5363: ; not directly referenced +mov byte [ebp - 0x6c], 0 -loc_fffb52f1: ; not directly referenced -mov eax, dword [ebp + 0x20] -push ecx -push ecx -movzx eax, byte [eax] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -mov dl, byte [ebp - 0x1d] -mov dword [edi], 1 -jmp short loc_fffb5312 ; jmp 0xfffb5312 +loc_fffb5367: ; not directly referenced +mov al, byte [ebp - 0x6c] +cmp al, byte [edi + 0x2489] +jae short loc_fffb5352 ; jae 0xfffb5352 +cmp dword [ebp - 0x78], 0x40650 +movzx edx, byte [ebp - 0x6c] +jne short loc_fffb5391 ; jne 0xfffb5391 +mov al, byte [ebx + edx*4 + 7] +lea ecx, [esi*8] +and eax, 0xffffffc7 +or eax, ecx +jmp short loc_fffb539b ; jmp 0xfffb539b -loc_fffb530f: ; not directly referenced -mov dl, byte [ebp - 0x1c] +loc_fffb5391: ; not directly referenced +mov al, byte [ebx + edx*4 + 7] +and eax, 0xffffffc7 +or eax, dword [ebp - 0x7c] -loc_fffb5312: ; not directly referenced -mov eax, dword [edi] -test eax, eax -je loc_fffb554f ; je 0xfffb554f -cmp eax, 1 -je loc_fffb543b ; je 0xfffb543b -cmp eax, 0x100 -ja loc_fffb5454 ; ja 0xfffb5454 -cmp byte [ebp - 0x1f], 1 -je loc_fffb5446 ; je 0xfffb5446 -mov esi, 0x18 -jmp near loc_fffb5440 ; jmp 0xfffb5440 +loc_fffb539b: ; not directly referenced +mov byte [ebx + edx*4 + 7], al +movzx eax, byte [ebp - 0x6c] +mov edx, dword [ebp - 0x70] +mov ecx, eax +mov dword [ebp - 0x74], eax +mov eax, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [ebp - 0x74] +mov ecx, dword [ebx + ecx*4 + 4] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x6c] +jmp short loc_fffb5367 ; jmp 0xfffb5367 -loc_fffb5344: ; not directly referenced -cmp dword [edi], 2 -mov dl, byte [ebp - 0x1c] -mov dword [edi], 2 -sbb ebx, ebx -and ebx, 0x80000005 -jmp short loc_fffb5392 ; jmp 0xfffb5392 +loc_fffb53c7: ; not directly referenced +cmp dword [edi + 0x188b], 1 +jne loc_fffb56d6 ; jne 0xfffb56d6 -loc_fffb535a: ; not directly referenced -push eax -push eax -mov eax, dword [ebp + 0x20] -movzx eax, byte [eax + 1] -push eax -push 6 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop eax -mov eax, dword [ebp + 0x20] -pop edx -movzx eax, byte [eax] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -mov dl, byte [ebp - 0x1d] -cmp dword [edi], 2 -mov dword [edi], 2 -sbb ebx, ebx -and ebx, 0x80000005 +loc_fffb53d4: ; not directly referenced +mov eax, dword [ebp - 0x80] +mov esi, dword [ebp - 0x8c] +mov dword [ebp - 0x74], 0 +mov dword [ebp - 0x78], eax -loc_fffb5392: ; not directly referenced -mov esi, 0xc -jmp short loc_fffb5409 ; jmp 0xfffb5409 +loc_fffb53e7: ; not directly referenced +mov eax, dword [ebp - 0x78] +cmp dword [eax], 2 +je short loc_fffb540a ; je 0xfffb540a -loc_fffb5399: ; not directly referenced -push eax -push eax -movzx eax, byte [edi] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov al, byte [edi] -add esp, 0x10 -mov dl, byte [ebp - 0x1d] -mov byte [ebp - 0x1e], al -jmp short loc_fffb53b6 ; jmp 0xfffb53b6 +loc_fffb53ef: ; not directly referenced +inc dword [ebp - 0x74] +add esi, 0xcc +add dword [ebp - 0x78], 0x13c3 +cmp dword [ebp - 0x74], 2 +jne short loc_fffb53e7 ; jne 0xfffb53e7 +jmp near loc_fffb5573 ; jmp 0xfffb5573 -loc_fffb53b3: ; not directly referenced -mov dl, byte [ebp - 0x1c] +loc_fffb540a: ; not directly referenced +mov ebx, dword [ebp - 0x78] +xor ecx, ecx +mov al, byte [ebx + 0xc4] +mov dword [ebp - 0x70], ebx +xor ebx, ebx +mov byte [ebp - 0x80], al -loc_fffb53b6: ; not directly referenced -mov eax, dword [edi] -dec eax -cmp eax, 0x1f -ja loc_fffb5454 ; ja 0xfffb5454 -mov esi, 0x14 -jmp near loc_fffb5450 ; jmp 0xfffb5450 +loc_fffb541d: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x80], dl +je short loc_fffb545f ; je 0xfffb545f +mov al, byte [edi + 0x2489] +xor edx, edx +mov byte [ebp - 0x7c], al -loc_fffb53cc: ; not directly referenced -mov eax, dword [ebp + 0x20] -push ebx -push ebx -movzx eax, byte [eax + 1] -push eax -push 6 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop esi -mov esi, 0x10 -pop eax -mov eax, dword [ebp + 0x20] -movzx eax, byte [eax] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -mov dl, byte [ebp - 0x1c] -cmp dword [edi], 2 -mov dword [edi], 2 -sbb ebx, ebx -and ebx, 0x80000005 +loc_fffb5434: ; not directly referenced +cmp byte [ebp - 0x7c], dl +jbe short loc_fffb545f ; jbe 0xfffb545f +mov eax, dword [ebp - 0x70] +mov ax, word [eax + edx*2 + 0x1b1] +mov word [ebp - 0x6c], ax +movzx eax, bl +shr word [ebp - 0x6c], 6 +cmp ax, word [ebp - 0x6c] +mov al, byte [ebp - 0x6c] +cmova eax, ebx +inc edx +mov bl, al +jmp short loc_fffb5434 ; jmp 0xfffb5434 -loc_fffb5409: ; not directly referenced -xor eax, eax -test ebx, ebx -jns short loc_fffb545e ; jns 0xfffb545e -jmp near loc_fffb561b ; jmp 0xfffb561b +loc_fffb545f: ; not directly referenced +inc ecx +add dword [ebp - 0x70], 0x12 +cmp ecx, 4 +jne short loc_fffb541d ; jne 0xfffb541d +cmp dword [ebp - 0x84], 0 +mov al, 1 +je short loc_fffb5481 ; je 0xfffb5481 +movzx ecx, word [edi + 0x248a] +lea eax, [ecx + 0x3f] +cdq +idiv ecx -loc_fffb5414: ; not directly referenced -mov eax, dword [edi] -dec eax -cmp eax, 0x1f -ja short loc_fffb5454 ; ja 0xfffb5454 -push ecx -mov esi, 0x1c -push ecx -movzx eax, byte [edi] -push eax -push 5 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov al, byte [edi] -add esp, 0x10 -mov dl, byte [ebp - 0x1c] -mov byte [ebp - 0x1e], al -jmp short loc_fffb5450 ; jmp 0xfffb5450 +loc_fffb5481: ; not directly referenced +mov byte [ebp - 0x70], 0 +lea eax, [ebx + eax*2 + 0xf] +mov byte [ebp - 0x6c], al -loc_fffb543b: ; not directly referenced -mov esi, 8 +loc_fffb548c: ; not directly referenced +mov al, byte [ebp - 0x70] +cmp al, byte [edi + 0x2489] +jae loc_fffb53ef ; jae 0xfffb53ef +movzx ecx, byte [ebp - 0x70] +mov bl, 0x1f +mov al, byte [esi + ecx*4 + 7] +shr al, 6 +and eax, 1 +cmp al, 1 +sbb byte [ebp - 0x6c], 0xff +mov al, byte [ebp - 0x6c] +cmp al, 0x1f +cmova eax, ebx +mov byte [ebp - 0x6c], al +mov dl, byte [esi + ecx*4 + 5] +movzx eax, byte [esi + ecx*4 + 6] +shr dl, 5 +and eax, 1 +movzx edx, dl +shl eax, 3 +or eax, edx +mov edx, eax +mov bl, al +or ebx, 0xfffffff0 +shr edx, 3 +mov dl, byte [esi + ecx*4 + 6] +cmove ebx, eax +shr dl, 1 +and edx, 7 +test byte [esi + 3], 0x40 +je short loc_fffb5513 ; je 0xfffb5513 +lea eax, [ecx + 8] +mov bl, byte [ebp - 0x6c] +mov dl, byte [esi + eax*4 + 9] +movzx eax, byte [esi + eax*4 + 0xa] +shr dl, 5 +and eax, 3 +movzx edx, dl +shl eax, 3 +or eax, edx +cmp bl, al +cmovae eax, ebx +jmp short loc_fffb5525 ; jmp 0xfffb5525 -loc_fffb5440: ; not directly referenced -xor eax, eax +loc_fffb5513: ; not directly referenced +lea eax, [edx + ebx + 0xe] +mov bl, 0x1f +cmp al, 0x1f +mov dl, 0x11 +cmovg eax, ebx +cmp al, 0x11 +cmovl eax, edx -loc_fffb5442: ; not directly referenced -xor ebx, ebx -jmp short loc_fffb545e ; jmp 0xfffb545e +loc_fffb5525: ; not directly referenced +and eax, 0x1f +mov dl, al +lea ebx, [ecx + 8] +shl edx, 5 +mov byte [ebp - 0x7c], dl +mov dl, byte [esi + ebx*4 + 9] +shr al, 3 +and eax, 3 +and edx, 0x1f +or edx, dword [ebp - 0x7c] +mov byte [esi + ebx*4 + 9], dl +mov dl, byte [esi + ebx*4 + 0xa] +and edx, 0xfffffffc +or edx, eax +mov eax, edi +mov byte [esi + ebx*4 + 0xa], dl +mov edx, dword [ebp - 0x74] +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [esi + ebx*4 + 8] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x70] +jmp near loc_fffb548c ; jmp 0xfffb548c -loc_fffb5446: ; not directly referenced -mov ebx, 0x80000003 -jmp near loc_fffb561b ; jmp 0xfffb561b +loc_fffb5573: ; not directly referenced +mov eax, dword [edi + 0x2444] +cmp byte [edi + 0x2402], 0 +mov ebx, dword [edi + 0x5edd] +mov dword [ebp - 0x74], eax +je loc_fffb56d6 ; je 0xfffb56d6 +mov edx, 0x4024 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x40d0 +mov dword [ebp - 0x78], eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x4ca4 +mov dword [ebp - 0x7c], eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov dl, byte [ebx + 0xc8] +movzx ecx, byte [ebx + 0xc9] +mov esi, edx +and esi, 0x1f +and ecx, 3 +shr dl, 5 +mov dword [ebp - 0x80], esi +lea esi, [ecx*8] +movzx edx, dl +mov dword [ebp - 0x70], esi +xor ecx, ecx +or dword [ebp - 0x70], edx +mov dl, byte [ebx + 0xcb] +shr dl, 2 +mov esi, edx +mov dl, byte [ebx + 0xbf] +and esi, 3 +mov dword [ebp - 0x84], esi +shr dl, 6 +movzx esi, dl +mov dl, byte [ebx + 0xc3] +mov dword [ebp - 0x6c], esi +shr dl, 7 +cmp dword [edi + 0x2481], 1 +movzx esi, dl +jne short loc_fffb562e ; jne 0xfffb562e +mov edx, dword [ebp - 0x70] +xor ecx, ecx +add edx, dword [ebp - 0x6c] +sub edx, esi +cmp edx, 5 +sete cl -loc_fffb5450: ; not directly referenced -mov al, 2 -jmp short loc_fffb5442 ; jmp 0xfffb5442 +loc_fffb562e: ; not directly referenced +mov bl, al +mov edx, 1 +and ebx, 3 +cmp bl, 2 +jne short loc_fffb5645 ; jne 0xfffb5645 +shr eax, 4 +mov edx, eax +and edx, 7 -loc_fffb5454: ; not directly referenced -mov ebx, 0x80000002 -jmp near loc_fffb561b ; jmp 0xfffb561b +loc_fffb5645: ; not directly referenced +mov al, byte [edi + 0x381b] +add esi, esi +add ecx, ecx +mov byte [ebp - 0x70], al +lea eax, [esi + 4] +mov esi, dword [ebp - 0x84] +add esi, dword [ebp - 0x80] +add esi, dword [ebp - 0x6c] +add esi, esi +sub eax, esi +sub eax, ecx +lea eax, [eax + edx*8 - 8] +xor edx, edx +mov dword [ebp - 0x6c], eax +xor eax, eax -loc_fffb545e: ; not directly referenced +loc_fffb5672: ; not directly referenced mov cl, al -or ecx, 1 -cmp byte [ebp - 0x1f], 1 -mov dword [ebp - 0x28], edx -push edx -cmove eax, ecx -push edx -movzx eax, al -push eax -push 0xd -call fcn_fffb47e9 ; call 0xfffb47e9 -mov dword [esp], 2 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -mov edx, dword [ebp - 0x28] -cmp dword [ebp - 0x2c], 9 -je short loc_fffb54ae ; je 0xfffb54ae - -loc_fffb5492: ; not directly referenced -push ecx -movzx edx, dl -push ecx -push edx -push 4 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -movzx eax, byte [ebp - 0x20] -cmp dword [ebp + 0x14], 4 -jne short loc_fffb54eb ; jne 0xfffb54eb -jmp short loc_fffb54df ; jmp 0xfffb54df - -loc_fffb54ae: ; not directly referenced -movzx ecx, byte [ebp - 0x1e] -xor eax, eax -mov dword [ebp - 0x28], ecx +mov esi, 1 +shl esi, cl +mov ecx, esi +test byte [ebp - 0x70], cl +je short loc_fffb56b8 ; je 0xfffb56b8 +mov ebx, dword [ebp - 0x78] +lea esi, [eax*8] +mov ecx, esi +mov dword [ebp - 0x80], esi +shr ebx, cl +mov esi, ebx +mov ebx, dword [ebp - 0x7c] +lea ecx, [eax + eax] +and esi, 0x3f +add esi, dword [ebp - 0x6c] +shr ebx, cl +mov ecx, ebx +and ecx, 3 +add ecx, ecx +sub esi, ecx +mov ecx, esi +movzx esi, cl +mov cl, byte [ebp - 0x80] +shl esi, cl +or edx, esi -loc_fffb54b7: ; not directly referenced -cmp eax, dword [ebp - 0x28] -jae short loc_fffb5492 ; jae 0xfffb5492 -mov ecx, dword [ebp + 0x20] -mov dword [ebp - 0x34], edx -push edx -push edx -movzx ecx, byte [ecx + eax] -mov dword [ebp - 0x30], eax -push ecx -push 7 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov eax, dword [ebp - 0x30] -add esp, 0x10 -mov edx, dword [ebp - 0x34] +loc_fffb56b8: ; not directly referenced inc eax -jmp short loc_fffb54b7 ; jmp 0xfffb54b7 - -loc_fffb54df: ; not directly referenced -cmp dword [edi], 1 -jbe short loc_fffb54eb ; jbe 0xfffb54eb -push ecx -push ecx -push eax -push 6 -jmp short loc_fffb54f0 ; jmp 0xfffb54f0 - -loc_fffb54eb: ; not directly referenced -push edx +cmp eax, 4 +jne short loc_fffb5672 ; jne 0xfffb5672 +push ebx +push ebx push edx +mov eax, dword [edi + 0x18cd] +add eax, 0xc04 push eax -push 3 - -loc_fffb54f0: ; not directly referenced -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -lea eax, [esi + 0x40] -mov esi, 0x186a0 -movzx eax, al -push ecx -push ecx -push eax -push 2 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 - -loc_fffb5510: ; not directly referenced -sub esp, 0xc -push 0 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, 0x8e -jne loc_fffb55fa ; jne 0xfffb55fa -sub esp, 0xc -push 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 +mov eax, dword [ebp - 0x74] +call dword [eax + 0x30] ; ucall add esp, 0x10 -dec esi -jne short loc_fffb5510 ; jne 0xfffb5510 -jmp near loc_fffb55f3 ; jmp 0xfffb55f3 -loc_fffb553a: ; not directly referenced -sub esp, 0xc -push 5 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, al -jne loc_fffb5750 ; jne 0xfffb5750 +loc_fffb56d6: ; not directly referenced +mov ecx, 0x14 +mov edx, 0x5f08 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov esi, dword [ebp - 0x90] +mov dl, byte [edi + 0x369e] +mov al, byte [esi + 0x16] +shl edx, 7 +and eax, 0x7f +or eax, edx +mov byte [esi + 0x16], al +mov dl, byte [edi + 0x369f] +and eax, 0xffffffbf +and edx, 1 +shl edx, 6 +or eax, edx +mov byte [esi + 0x16], al +mov dl, byte [edi + 0x36a0] +and eax, 0xffffffdf +and edx, 1 +shl edx, 5 +or eax, edx +mov edx, 0xf78 +mov byte [esi + 0x16], al +mov ecx, dword [esi + 0x14] +mov eax, 0xf84 +cmp dword [edi + 0x188b], 1 +cmove edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov ebx, dword [edi + 0x5edd] +cmp dword [edi + 0x3757], 2 +jne short loc_fffb57aa ; jne 0xfffb57aa +cmp dword [edi + 0x36d8], 0x74a +ja short loc_fffb5796 ; ja 0xfffb5796 -loc_fffb554f: ; not directly referenced -mov ebx, 0x80000005 -jmp near loc_fffb561b ; jmp 0xfffb561b +loc_fffb5762: ; not directly referenced +cmp dword [edi + 0x36d8], 0x854 +ja short loc_fffb5782 ; ja 0xfffb5782 -loc_fffb5559: ; not directly referenced -cmp dword [edi], 1 -jbe loc_fffb56de ; jbe 0xfffb56de -xor esi, esi +loc_fffb576e: ; not directly referenced +mov ecx, dword [ebx + 0xc8] +mov edx, 0x4014 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffb57aa ; jmp 0xfffb57aa -loc_fffb5564: ; not directly referenced -cmp esi, dword [edi] -jae loc_fffb561b ; jae 0xfffb561b -sub esp, 0xc -push 7 -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -add esp, 0x10 -mov byte [ecx + esi], al -mov eax, dword [edi] -lea edx, [eax - 2] -cmp esi, edx -jne loc_fffb56b9 ; jne 0xfffb56b9 -sub esp, 0xc -push 2 -call fcn_fffb4808 ; call 0xfffb4808 -pop edx -pop ecx +loc_fffb5782: ; not directly referenced +mov al, byte [ebx + 0xc9] +and eax, 0xffffffcf or eax, 0x20 -movzx eax, al - -loc_fffb559e: ; not directly referenced -push eax -push 2 -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 +mov byte [ebx + 0xc9], al +jmp short loc_fffb576e ; jmp 0xfffb576e -loc_fffb55a9: ; not directly referenced -push eax -push eax -push 0x80 -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -mov eax, dword [edi] -add esp, 0x10 -dec eax -cmp esi, eax -jae loc_fffb56d8 ; jae 0xfffb56d8 -mov dword [ebp - 0x1c], 0x64 +loc_fffb5796: ; not directly referenced +mov al, byte [ebx + 0xc9] +and eax, 0xfffffff3 +or eax, 8 +mov byte [ebx + 0xc9], al +jmp short loc_fffb5762 ; jmp 0xfffb5762 -loc_fffb55cc: ; not directly referenced -sub esp, 0xc -push 0 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -test al, al -js loc_fffb56d8 ; js 0xfffb56d8 -sub esp, 0xc -push 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 -add esp, 0x10 -dec dword [ebp - 0x1c] -jne short loc_fffb55cc ; jne 0xfffb55cc +loc_fffb57aa: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffb5801 ; jne 0xfffb5801 +cmp dword [edi + 0x36d8], 0x74a +jbe short loc_fffb57d1 ; jbe 0xfffb57d1 +mov al, byte [ebx + 0x195] +and eax, 0xfffffff3 +or eax, 8 +mov byte [ebx + 0x195], al -loc_fffb55f3: ; not directly referenced -mov ebx, 0x80000012 -jmp short loc_fffb561b ; jmp 0xfffb561b +loc_fffb57d1: ; not directly referenced +cmp dword [edi + 0x36d8], 0x854 +jbe short loc_fffb57ef ; jbe 0xfffb57ef +mov al, byte [ebx + 0x195] +and eax, 0xffffffcf +or eax, 0x20 +mov byte [ebx + 0x195], al -loc_fffb55fa: ; not directly referenced -test al, 4 -je short loc_fffb5649 ; je 0xfffb5649 -sub esp, 0xc -push 0xc -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -and eax, 1 -cmp al, 1 -sbb ebx, ebx -and ebx, 0xffffffec -sub ebx, 0x7fffffe5 +loc_fffb57ef: ; not directly referenced +mov ecx, dword [ebx + 0x194] +mov edx, 0x4414 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb561b: ; not directly referenced +loc_fffb5801: ; not directly referenced +mov eax, edi +call fcn_fffb34af ; call 0xfffb34af +mov edx, 0x501c +mov eax, edi +cmp byte [edi + 0x190a], 1 +sbb ecx, ecx +and ecx, 0x40000000 +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, edi +call fcn_fffa86bc ; call 0xfffa86bc +lea ecx, [edi + 0x18b5] +mov edx, 0x41 +mov eax, edi +call fcn_fffc3b02 ; call 0xfffc3b02 +cmp byte [edi + 0x192b], 0 +jne loc_fffb5ece ; jne 0xfffb5ece +mov ebx, dword [edi + 0x2444] +lea eax, [ebp - 0x40] +push ecx +push 0 +push 8 push eax +mov dword [ebp - 0x50], ref_fffd3aec ; mov dword [ebp - 0x50], 0xfffd3aec +mov dword [ebp - 0x4c], ref_fffd3a9c ; mov dword [ebp - 0x4c], 0xfffd3a9c +mov dword [ebp - 0x48], ref_fffd3a3c ; mov dword [ebp - 0x48], 0xfffd3a3c +mov dword [ebp - 0x44], ref_fffd3a30 ; mov dword [ebp - 0x44], 0xfffd3a30 +mov dword [ebp - 0xb8], 0 +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 8 +lea eax, [ebp - 0x38] push eax -push 0xff +call dword [ebx + 0x5c] ; ucall +add esp, 0xc push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop edx -pop ecx -push 1 -push 0xc -call fcn_fffb47e9 ; call 0xfffb47e9 -pop esi -mov esi, ebx -pop edi +push 8 +lea eax, [ebp - 0x30] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc push 0 -push 0xd -call fcn_fffb47e9 ; call 0xfffb47e9 -add esp, 0x10 -jmp near loc_fffb5793 ; jmp 0xfffb5793 - -loc_fffb5649: ; not directly referenced -test al, 8 -je short loc_fffb568e ; je 0xfffb568e -push ebx -push ebx push 8 +lea eax, [ebp - 0x28] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop esi -pop eax +push 8 +lea eax, [ebp - 0x20] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc push 0xff +push 4 +lea eax, [ebp - 0x58] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 -pop eax -pop edx -push 1 -push 0xc -call fcn_fffb47e9 ; call 0xfffb47e9 -mov dword [esp], 0xa -call fcn_fffb49a3 ; call 0xfffb49a3 +push 4 +lea eax, [ebp - 0x54] +push eax +call dword [ebx + 0x5c] ; ucall add esp, 0x10 -dec dword [ebp - 0x24] -je loc_fffb5789 ; je 0xfffb5789 -jmp near loc_fffb5293 ; jmp 0xfffb5293 - -loc_fffb568e: ; not directly referenced -mov eax, dword [ebp + 0x14] -sub eax, 2 -cmp eax, 9 -ja short loc_fffb561b ; ja 0xfffb561b -jmp dword [eax*4 + ref_fffd3f58] ; ujmp: jmp dword [eax*4 - 0x2c0a8] +cmp dword [edi + 0x2481], 3 +jne short loc_fffb58f2 ; jne 0xfffb58f2 +mov word [ebp - 0x5c], 8 +mov word [ebp - 0x5a], 1 +jmp short loc_fffb58fe ; jmp 0xfffb58fe -loc_fffb56a0: ; not directly referenced -sub esp, 0xc -push 6 -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -mov byte [ecx + 1], al -mov dword [esp], 5 -jmp short loc_fffb56e3 ; jmp 0xfffb56e3 +loc_fffb58f2: ; not directly referenced +mov word [ebp - 0x5c], 0x228 +mov word [ebp - 0x5a], 7 -loc_fffb56b9: ; not directly referenced +loc_fffb58fe: ; not directly referenced +mov eax, dword [edi + 0x18a7] +mov dword [ebp - 0xb0], eax dec eax -cmp esi, eax -jne loc_fffb55a9 ; jne 0xfffb55a9 -sub esp, 0xc -push 2 -call fcn_fffb4808 ; call 0xfffb4808 -pop edx -pop ecx -and eax, 0xdf -jmp near loc_fffb559e ; jmp 0xfffb559e +je loc_fffb5ece ; je 0xfffb5ece +lea eax, [edi + 0x48ca] +mov dword [ebp - 0x7c], eax +lea eax, [ebp - 0x58] +mov dword [ebp - 0x90], eax +lea eax, [ebp - 0x20] +mov dword [ebp - 0xa4], eax +lea eax, [ebp - 0x28] +mov dword [ebp - 0x8c], eax +lea eax, [ebp - 0x30] +mov dword [ebp - 0x94], eax +lea eax, [ebp - 0x38] +mov dword [ebp - 0x98], eax +lea eax, [ebp - 0x40] +mov dword [ebp - 0x88], eax +lea eax, [ebp - 0x54] +mov dword [ebp - 0x80], eax +mov byte [ebp - 0x74], 0xff -loc_fffb56d8: ; not directly referenced -inc esi -jmp near loc_fffb5564 ; jmp 0xfffb5564 +loc_fffb595a: ; not directly referenced +mov eax, dword [ebp - 0x7c] +cmp dword [eax - 0x1173], 2 +jne loc_fffb5c82 ; jne 0xfffb5c82 +mov dword [ebp - 0x6c], eax +mov dword [ebp - 0x78], 0 -loc_fffb56de: ; not directly referenced -sub esp, 0xc -push 5 +loc_fffb5974: ; not directly referenced +mov eax, dword [ebp - 0x6c] +cmp dword [eax], 2 +jne loc_fffb5c6e ; jne 0xfffb5c6e +mov eax, dword [ebp - 0xb0] +mov eax, dword [edi + eax*4 + 0x3736] +cmp eax, 0x546 +je short loc_fffb59b5 ; je 0xfffb59b5 +cmp eax, 0x5dc +je short loc_fffb59bc ; je 0xfffb59bc +cmp eax, 0x4b0 +setne cl +movzx eax, cl +movzx ebx, cl +lea eax, [eax + eax*2 + 1] +mov dword [ebp - 0x84], ebx +jmp short loc_fffb59cb ; jmp 0xfffb59cb -loc_fffb56e3: ; not directly referenced -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -mov byte [ecx], al -jmp short loc_fffb56fd ; jmp 0xfffb56fd - -loc_fffb56ef: ; not directly referenced -push eax -push eax -push 0x80 -push 0 -call fcn_fffb47e9 ; call 0xfffb47e9 - -loc_fffb56fd: ; not directly referenced -add esp, 0x10 -jmp near loc_fffb561b ; jmp 0xfffb561b - -loc_fffb5705: ; not directly referenced -sub esp, 0xc -xor esi, esi -push 5 -call fcn_fffb4808 ; call 0xfffb4808 -add esp, 0x10 -movzx edx, al -mov al, 1 -cmp dword [edi], edx -jb short loc_fffb573f ; jb 0xfffb573f +loc_fffb59b5: ; not directly referenced +mov eax, 2 +jmp short loc_fffb59c1 ; jmp 0xfffb59c1 -loc_fffb571d: ; not directly referenced -cmp esi, edx -jae short loc_fffb573d ; jae 0xfffb573d -sub esp, 0xc -push 7 -mov dword [ebp - 0x1c], edx -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -add esp, 0x10 -mov edx, dword [ebp - 0x1c] -mov byte [ecx + esi], al -inc esi -jmp short loc_fffb571d ; jmp 0xfffb571d +loc_fffb59bc: ; not directly referenced +mov eax, 3 -loc_fffb573d: ; not directly referenced -xor eax, eax +loc_fffb59c1: ; not directly referenced +mov dword [ebp - 0x84], 0 -loc_fffb573f: ; not directly referenced -test al, al -mov eax, 0x80000005 -mov dword [edi], edx -cmovne ebx, eax -jmp near loc_fffb561b ; jmp 0xfffb561b +loc_fffb59cb: ; not directly referenced +mov esi, dword [ebp - 0x6c] +and eax, 0xfffffe0f +movzx ebx, byte [esi + 0xcc] +movzx ecx, byte [esi + 0xd9] +and ebx, 1 +shl ebx, 4 +and ecx, 0xf +or eax, ebx +movzx ebx, byte [esi + 0xf2] +shl ecx, 5 +or eax, ecx +movzx ecx, byte [esi + 0xed] +and ah, 0x81 +and ebx, 7 +shl ebx, 9 +or eax, ebx +mov ebx, dword [ebp - 0x7c] +and ecx, 7 +shl ecx, 0xc +or eax, ecx +and eax, 0xfffe7fff +movzx ecx, byte [ebx - 0x10b3] +and ecx, 3 +shl ecx, 0xf +or eax, ecx +mov ecx, dword [edi + 0x36d8] +cmp ecx, 0x640 +je short loc_fffb5a7d ; je 0xfffb5a7d +ja short loc_fffb5a55 ; ja 0xfffb5a55 +cmp ecx, 0x42b +je short loc_fffb5a71 ; je 0xfffb5a71 +cmp ecx, 0x535 +jne short loc_fffb5a95 ; jne 0xfffb5a95 +and eax, 0xffe1ffff +or eax, 0xa0000 +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb5750: ; not directly referenced -movzx edx, byte [edi] -movzx ecx, al -lea eax, [edx + ecx] -cmp eax, 0x20 -jg short loc_fffb5789 ; jg 0xfffb5789 -xor esi, esi -mov edx, ecx +loc_fffb5a55: ; not directly referenced +cmp ecx, 0x74b +je short loc_fffb5a89 ; je 0xfffb5a89 +cmp ecx, 0x855 +jne short loc_fffb5a95 ; jne 0xfffb5a95 +and eax, 0xffe1ffff +or eax, 0x160000 +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb5762: ; not directly referenced -cmp esi, edx -jae short loc_fffb5782 ; jae 0xfffb5782 -sub esp, 0xc -push 7 -mov dword [ebp - 0x1c], edx -call fcn_fffb4808 ; call 0xfffb4808 -mov ecx, dword [ebp + 0x20] -add esp, 0x10 -mov edx, dword [ebp - 0x1c] -mov byte [ecx + esi], al -inc esi -jmp short loc_fffb5762 ; jmp 0xfffb5762 +loc_fffb5a71: ; not directly referenced +and eax, 0xffe1ffff +or eax, 0x60000 +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb5782: ; not directly referenced -mov dword [edi], edx -jmp near loc_fffb561b ; jmp 0xfffb561b +loc_fffb5a7d: ; not directly referenced +and eax, 0xffe1ffff +or eax, 0xe0000 +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb5789: ; not directly referenced -mov ebx, 0x80000007 -jmp near loc_fffb561b ; jmp 0xfffb561b +loc_fffb5a89: ; not directly referenced +and eax, 0xffe1ffff +or eax, 0x120000 +jmp short loc_fffb5a9f ; jmp 0xfffb5a9f -loc_fffb5793: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, esi -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffb5a95: ; not directly referenced +mov dword [ebp - 0x84], 1 -fcn_fffb579d: ; not directly referenced -push ebp -movzx edx, dl -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -sub esp, 0x2c -mov ebx, dword [ebp + 0x10] -mov eax, dword [ebp + 8] -mov dword [ebp - 0x24], ecx -mov edi, dword [esi + 0x5edc] -mov dword [ebp - 0x1c], ebx -mov byte [ebp - 0x2b], bl -mov bl, byte [ebp + 0x18] +loc_fffb5a9f: ; not directly referenced +mov esi, dword [ebp - 0x6c] +and eax, 0xff1fffff +mov ebx, dword [edi + 0x2481] +mov dword [ebp - 0x70], 0 +movzx ecx, byte [esi + 0xf3] +mov dword [ebp - 0xb4], ebx +and ecx, 7 +shl ecx, 0x15 +or eax, ecx mov ecx, eax -mov eax, dword [ebp + 0xc] -mov byte [ebp - 0x2c], bl -imul ebx, edx, 0xcc -mov byte [ebp - 0x20], al -lea ebx, [edi + ebx + 0x1c] -cmp cl, 0xe -ja loc_fffb5b85 ; ja 0xfffb5b85 -movzx edi, cl -jmp dword [edi*4 + ref_fffd3f80] ; ujmp: jmp dword [edi*4 - 0x2c080] +and ecx, 0xfffe7e0f +cmp ebx, 3 +cmove eax, ecx +xor ebx, ebx -loc_fffb57eb: ; not directly referenced -mov edi, dword [ebx + 0xa0] -and eax, 0xf -shl eax, 0xf -and edi, 0xfff87fff -jmp near loc_fffb5b31 ; jmp 0xfffb5b31 +loc_fffb5ad9: ; not directly referenced +mov edx, dword [ebp - 0x70] +mov byte [ebp - 0xa9], dl +test dl, dl +jne short loc_fffb5af5 ; jne 0xfffb5af5 +cmp dword [ebp - 0x84], 0 +jne loc_fffb5c61 ; jne 0xfffb5c61 +jmp short loc_fffb5b02 ; jmp 0xfffb5b02 -loc_fffb5802: ; not directly referenced -mov edi, dword [ebx + 0xa0] -and eax, 0xf -shl eax, 0x13 -and edi, 0xff87ffff -jmp near loc_fffb5b31 ; jmp 0xfffb5b31 +loc_fffb5af5: ; not directly referenced +test ebx, ebx +jne loc_fffb5c5c ; jne 0xfffb5c5c +and eax, 0xff0001ff -loc_fffb5819: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 0x11 -and edi, 0xffe1ffff -jmp short loc_fffb5895 ; jmp 0xfffb5895 +loc_fffb5b02: ; not directly referenced +mov ecx, dword [ebp - 0x70] +xor esi, esi +movzx ecx, word [ebp + ecx*2 - 0x5c] +mov word [ebp - 0xac], cx +dec ecx +mov dword [ebp - 0xa8], ecx -loc_fffb582d: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 0x15 -and edi, 0xfe1fffff -jmp short loc_fffb5895 ; jmp 0xfffb5895 +loc_fffb5b1a: ; not directly referenced +cmp word [ebp - 0xac], si +jbe loc_fffb5c61 ; jbe 0xfffb5c61 +cmp dword [ebp - 0xb4], 3 +jne loc_fffb5bd2 ; jne 0xfffb5bd2 +mov edx, dword [ebp - 0x70] +imul ecx, esi, 0xc +add ecx, dword [ebp + edx*4 - 0x48] +cmp eax, dword [ecx] +jne short loc_fffb5bb2 ; jne 0xfffb5bb2 -loc_fffb5841: ; not directly referenced -mov edi, dword [ebx + 0xa8] -and eax, 0x1f -shl eax, 0x13 -and edi, 0xff07ffff -jmp near loc_fffb5b65 ; jmp 0xfffb5b65 +loc_fffb5b42: ; not directly referenced +mov bl, byte [ecx + 5] +mov esi, dword [ebp - 0x78] +mov edx, dword [ebp - 0x88] +cmp byte [edi + 0x3756], 1 +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x98] +mov bl, byte [ecx + 6] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x94] +mov bl, byte [ecx + 7] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x8c] +mov bl, byte [ecx + 8] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0xa4] +mov bl, byte [ecx + 9] +mov byte [edx + esi], bl +mov ebx, dword [ebp - 0x90] +mov dl, byte [ecx + 4] +mov byte [ebx + esi], dl +mov bl, byte [ecx + 0xa] +mov cl, byte [ecx + 0xb] +cmove ecx, ebx +mov ebx, dword [ebp - 0x80] +mov byte [ebx + esi], cl +mov bl, byte [ebp - 0x74] +cmp bl, dl +cmovbe edx, ebx +mov bl, dl +jmp near loc_fffb5c3e ; jmp 0xfffb5c3e -loc_fffb5858: ; not directly referenced -mov edi, dword [ebx + 0xa8] -and eax, 0x1f -shl eax, 0x18 -and edi, 0xe0ffffff -jmp near loc_fffb5b65 ; jmp 0xfffb5b65 +loc_fffb5bb2: ; not directly referenced +cmp byte [ebp - 0xa9], 1 +jne loc_fffb5c56 ; jne 0xfffb5c56 +mov edx, dword [ebp - 0xa8] +cmp esi, edx +jne loc_fffb5c56 ; jne 0xfffb5c56 +jmp near loc_fffb5b42 ; jmp 0xfffb5b42 -loc_fffb586f: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 6 -and edi, 0xfffffc3f -jmp short loc_fffb5895 ; jmp 0xfffb5895 +loc_fffb5bd2: ; not directly referenced +mov edx, dword [ebp - 0x70] +imul ecx, esi, 0xb +add ecx, dword [ebp + edx*4 - 0x50] +cmp eax, dword [ecx] +jne short loc_fffb5c43 ; jne 0xfffb5c43 -loc_fffb5883: ; not directly referenced -mov edi, dword [ebx + 0xa4] -and eax, 0xf -shl eax, 0xa -and edi, 0xffffc3ff +loc_fffb5be0: ; not directly referenced +mov bl, byte [ecx + 5] +mov esi, dword [ebp - 0x78] +mov edx, dword [ebp - 0x88] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x98] +mov bl, byte [ecx + 6] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x94] +mov bl, byte [ecx + 7] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x8c] +mov bl, byte [ecx + 8] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0xa4] +mov bl, byte [ecx + 9] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x90] +mov bl, byte [ecx + 4] +mov byte [edx + esi], bl +mov edx, dword [ebp - 0x80] +mov cl, byte [ecx + 0xa] +mov byte [edx + esi], cl +mov cl, byte [ebp - 0x74] +cmp cl, bl +cmova ecx, ebx +mov bl, cl -loc_fffb5895: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x4008 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xa4], edi -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 +loc_fffb5c3e: ; not directly referenced +mov byte [ebp - 0x74], bl +jmp short loc_fffb5c5c ; jmp 0xfffb5c5c -loc_fffb58be: ; not directly referenced -mov edi, dword [ebx + 0xac] -sub eax, 6 -and eax, 3 -shl eax, 0x11 -and edi, 0xfff9ffff -jmp short loc_fffb5901 ; jmp 0xfffb5901 +loc_fffb5c43: ; not directly referenced +cmp byte [ebp - 0xa9], 1 +jne short loc_fffb5c56 ; jne 0xfffb5c56 +mov edx, dword [ebp - 0xa8] +cmp esi, edx +je short loc_fffb5be0 ; je 0xfffb5be0 -loc_fffb58d5: ; not directly referenced -sub eax, 6 -mov edi, dword [ebx + 0xac] -cmp dword [esi + 0x2480], 3 -jne short loc_fffb58f5 ; jne 0xfffb58f5 -and eax, 7 -and edi, 0xffc7ffff -shl eax, 0x13 -jmp short loc_fffb5901 ; jmp 0xfffb5901 +loc_fffb5c56: ; not directly referenced +inc esi +jmp near loc_fffb5b1a ; jmp 0xfffb5b1a -loc_fffb58f5: ; not directly referenced -and eax, 3 -and edi, 0xffe7ffff -shl eax, 0x13 +loc_fffb5c5c: ; not directly referenced +mov ebx, 1 -loc_fffb5901: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x4014 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xac], edi -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 +loc_fffb5c61: ; not directly referenced +inc dword [ebp - 0x70] +cmp dword [ebp - 0x70], 2 +jne loc_fffb5ad9 ; jne 0xfffb5ad9 -loc_fffb592a: ; not directly referenced -movzx ecx, byte [ebp - 0x24] -lea edi, [ebx + ecx*4] -mov ebx, dword [edi + 4] -mov dword [ebp - 0x24], edi -mov dword [ebp - 0x20], ebx -shr ebx, 0xd -and ebx, 0xf -mov edi, ebx -or edi, 0xfffffff0 -test bl, 8 -cmovne ebx, edi -add eax, ebx -mov bl, 6 -cmp al, 6 -cmovle ebx, eax -mov al, 0xfc -cmp bl, 0xfc -cmovge eax, ebx -mov ebx, dword [ebp - 0x20] -and eax, 0xf -mov edi, eax -shl edi, 0xd -and ebx, 0xff0e1fff -shl eax, 0x14 -or ebx, edi -or ebx, eax -mov eax, esi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, ebx -mov edx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov eax, dword [ebp - 0x24] -mov dword [eax + 4], ebx -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 +loc_fffb5c6e: ; not directly referenced +inc dword [ebp - 0x78] +add dword [ebp - 0x6c], 0x128 +cmp dword [ebp - 0x78], 2 +jne loc_fffb5974 ; jne 0xfffb5974 -loc_fffb599b: ; not directly referenced -movzx ecx, byte [ebp - 0x24] -lea edi, [ebx + ecx*4] -mov ebx, dword [edi + 4] -mov dword [ebp - 0x20], ebx -shr ebx, 0x11 -and ebx, 7 -add eax, ebx -mov bl, 7 -cmp al, 7 -cmovle ebx, eax +loc_fffb5c82: ; not directly referenced +add dword [ebp - 0x80], 2 +add dword [ebp - 0x7c], 0x13c3 +add dword [ebp - 0x88], 4 +add dword [ebp - 0x98], 4 +add dword [ebp - 0x94], 4 +add dword [ebp - 0x8c], 4 +add dword [ebp - 0xa4], 4 +add dword [ebp - 0x90], 2 +lea eax, [ebp - 0x50] +cmp dword [ebp - 0x80], eax +jne loc_fffb595a ; jne 0xfffb595a +lea eax, [ebp - 0x58] +mov esi, 0x42f8 +mov dword [ebp - 0x8c], eax +lea eax, [ebp - 0x20] +mov dword [ebp - 0x7c], eax +lea eax, [ebp - 0x28] +mov dword [ebp - 0x84], eax +lea eax, [ebp - 0x30] +mov dword [ebp - 0x80], eax +lea eax, [ebp - 0x38] +mov dword [ebp - 0x88], eax +lea eax, [ebp - 0x40] +mov dword [ebp - 0x70], edi +lea ebx, [ebp - 0x54] +mov dword [ebp - 0x78], eax + +loc_fffb5cfb: ; not directly referenced +mov eax, dword [ebp - 0x70] +cmp dword [eax + 0x3757], 2 +jne loc_fffb5e63 ; jne 0xfffb5e63 xor eax, eax -test bl, bl -cmovns eax, ebx -and eax, 7 -mov ebx, eax -shl ebx, 0x11 -mov dword [ebp - 0x24], ebx -mov ebx, dword [ebp - 0x20] -shl eax, 0x18 -and ebx, 0xf8f1ffff -or ebx, dword [ebp - 0x24] -or ebx, eax -mov eax, esi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, ebx -mov edx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je loc_fffb5b85 ; je 0xfffb5b85 -mov dword [edi + 4], ebx -jmp near loc_fffb5b85 ; jmp 0xfffb5b85 -loc_fffb59fe: ; not directly referenced -imul eax, edx, 0x13c3 -xor edi, edi -shl edx, 0xa -lea eax, [esi + eax + 0x3756] -mov dword [ebp - 0x24], eax -lea eax, [edx + 0x4028] -mov dword [ebp - 0x30], eax -lea eax, [edx + 0x4024] -mov dword [ebp - 0x28], eax -mov eax, dword [ebp - 0x20] -and eax, 0x7f -mov dword [ebp - 0x1c], eax +loc_fffb5d0d: ; not directly referenced +imul edx, eax, 0x128 +mov ecx, dword [ebp - 0x70] +cmp dword [ecx + edx + 0x48ca], 2 +jne loc_fffb5dcb ; jne 0xfffb5dcb +mov ecx, dword [ebp - 0x8c] +mov cl, byte [ecx + eax] +sub cl, byte [ebp - 0x74] +mov byte [ebp - 0x6c], cl +je loc_fffb5dcb ; je 0xfffb5dcb +mov ecx, dword [ebp - 0x78] +movzx edx, byte [ecx + eax] +mov dword [ebp - 0x90], ecx +mov cl, byte [ebp - 0x6c] +inc edx +sar edx, cl +mov ecx, dword [ebp - 0x90] +mov byte [ecx + eax], dl +mov ecx, dword [ebp - 0x88] +movzx edx, byte [ecx + eax] +mov dword [ebp - 0x90], ecx +mov cl, byte [ebp - 0x6c] +inc edx +sar edx, cl +mov ecx, dword [ebp - 0x90] +mov byte [ecx + eax], dl +mov ecx, dword [ebp - 0x80] +movzx edx, byte [ecx + eax] +mov dword [ebp - 0x90], ecx +mov cl, byte [ebp - 0x6c] +inc edx +sar edx, cl +mov ecx, dword [ebp - 0x90] +mov byte [ecx + eax], dl +mov ecx, dword [ebp - 0x84] +movzx edx, byte [ecx + eax] +mov dword [ebp - 0x90], ecx +mov cl, byte [ebp - 0x6c] +inc edx +sar edx, cl +mov ecx, dword [ebp - 0x90] +mov byte [ecx + eax], dl +mov ecx, dword [ebp - 0x7c] +movzx edx, byte [ecx + eax] +mov dword [ebp - 0x90], ecx +mov cl, byte [ebp - 0x6c] +inc edx +sar edx, cl +mov ecx, dword [ebp - 0x90] +mov byte [ecx + eax], dl -loc_fffb5a2e: ; not directly referenced -mov eax, edi -mov byte [ebp - 0x2a], al -movzx eax, byte [ebp - 0x2c] -bt eax, edi -jae loc_fffb5b13 ; jae 0xfffb5b13 -mov ecx, dword [ebp - 0x24] -mov al, byte [ebp - 0x20] -add al, byte [ecx + edi + 0x1011] -sub al, byte [ecx + edi + 0x1015] -mov byte [ebp - 0x29], al -js loc_fffb5b13 ; js 0xfffb5b13 -mov edx, dword [ebp - 0x30] -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov edx, dword [ebp - 0x28] -mov dword [ebp - 0x34], eax -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov dl, byte [ebp - 0x2a] -mov ecx, dword [ebp - 0x34] -cmp dl, 2 -mov ebx, eax -movzx eax, byte [ebp - 0x29] -je short loc_fffb5ab1 ; je 0xfffb5ab1 -and eax, 0xf -cmp dl, 3 -je short loc_fffb5aca ; je 0xfffb5aca -dec dl -je short loc_fffb5a9e ; je 0xfffb5a9e -and ecx, 0xfffffff0 -and ebx, 0xffffff80 -or ecx, eax -or ebx, dword [ebp - 0x1c] -jmp short loc_fffb5ae0 ; jmp 0xfffb5ae0 +loc_fffb5dcb: ; not directly referenced +inc eax +cmp eax, 2 +jne loc_fffb5d0d ; jne 0xfffb5d0d +mov eax, dword [ebp - 0x70] +cmp dword [eax + 0x3817], 1 +ja short loc_fffb5ded ; ja 0xfffb5ded +mov al, byte [ebx] +mov dl, byte [ebx + 1] +cmp dl, al +cmovae eax, edx +jmp short loc_fffb5e0c ; jmp 0xfffb5e0c -loc_fffb5a9e: ; not directly referenced -shl eax, 4 -and cl, 0xf -or ecx, eax -mov eax, dword [ebp - 0x1c] -and bh, 0x80 -shl eax, 8 -jmp short loc_fffb5ade ; jmp 0xfffb5ade +loc_fffb5ded: ; not directly referenced +movzx edx, byte [ebx] +movzx eax, byte [ebx + 1] +cmp dl, al +je short loc_fffb5e13 ; je 0xfffb5e13 +lea eax, [edx + eax + 1] +sar eax, 1 +cmp al, 0xf7 +ja short loc_fffb5e10 ; ja 0xfffb5e10 +test al, 7 +je short loc_fffb5e0c ; je 0xfffb5e0c +and eax, 0xfffffff8 +add eax, 8 -loc_fffb5ab1: ; not directly referenced -and eax, 0xf -and ch, 0xf0 -shl eax, 8 -and ebx, 0xff80ffff -or ecx, eax -mov eax, dword [ebp - 0x1c] -shl eax, 0x10 -jmp short loc_fffb5ade ; jmp 0xfffb5ade +loc_fffb5e0c: ; not directly referenced +mov byte [ebx], al +jmp short loc_fffb5e13 ; jmp 0xfffb5e13 -loc_fffb5aca: ; not directly referenced -shl eax, 0xc -and ch, 0xf -or ecx, eax -mov eax, dword [ebp - 0x1c] -and ebx, 0x80ffffff -shl eax, 0x18 +loc_fffb5e10: ; not directly referenced +mov byte [ebx], 0xf8 -loc_fffb5ade: ; not directly referenced -or ebx, eax +loc_fffb5e13: ; not directly referenced +mov eax, dword [ebp - 0x78] +mov edx, esi +mov ecx, dword [eax] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x88] +lea edx, [esi + 4] +mov ecx, dword [eax] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x80] +lea edx, [esi - 4] +mov ecx, dword [eax] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x84] +lea edx, [esi - 8] +mov ecx, dword [eax] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x7c] +lea edx, [esi - 0xc] +mov ecx, dword [eax] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb5ae0: ; not directly referenced -mov edx, dword [ebp - 0x30] -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov edx, dword [ebp - 0x28] +loc_fffb5e63: ; not directly referenced +add esi, 0x400 +add ebx, 2 +add dword [ebp - 0x70], 0x13c3 +add dword [ebp - 0x78], 4 +add dword [ebp - 0x88], 4 +add dword [ebp - 0x80], 4 +add dword [ebp - 0x84], 4 +add dword [ebp - 0x7c], 4 +add dword [ebp - 0x8c], 2 +cmp esi, 0x4af8 +jne loc_fffb5cfb ; jne 0xfffb5cfb +mov eax, dword [ebp - 0xb8] +mov edx, 0x5888 +mov al, byte [ebp - 0x54] +mov ebx, eax +mov al, byte [ebp - 0x52] +mov bh, al +mov eax, edi mov ecx, ebx -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x2b], 0 -je short loc_fffb5b13 ; je 0xfffb5b13 -mov ecx, dword [ebp - 0x24] -mov al, byte [ebp - 0x20] -mov byte [ecx + edi + 0x1015], al -mov al, byte [ebp - 0x29] -mov byte [ecx + edi + 0x1011], al +call fcn_fffb3381 ; call 0xfffb3381 +movzx ecx, byte [ebp - 0x74] +mov edx, 0x5884 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffb5b13: ; not directly referenced -inc edi -cmp edi, 4 -jne loc_fffb5a2e ; jne 0xfffb5a2e -jmp short loc_fffb5b85 ; jmp 0xfffb5b85 +loc_fffb5ece: ; not directly referenced +cmp dword [edi + 0x188b], 1 +jne loc_fffb619e ; jne 0xfffb619e +movzx eax, byte [edi + 0x2420] +mov byte [ebp - 0x6c], al +test al, al +je loc_fffb6155 ; je 0xfffb6155 +mov esi, dword [edi + 0x2444] +cmp al, 4 +ja loc_fffb608f ; ja 0xfffb608f +shl eax, 3 +push edx +push eax +lea eax, [edi + 0x2421] +push eax +lea eax, [edi + 0x36aa] +push eax +call dword [esi + 0x58] ; ucall +mov cl, byte [ebp - 0x6c] +mov eax, 1 +add esp, 0x10 +shl eax, cl +dec eax +mov byte [ebp - 0x70], al +xor eax, eax -loc_fffb5b1f: ; not directly referenced -mov edi, dword [ebx + 0xa0] -and eax, 7 -shl eax, 0xc -and edi, 0xffff8fff +loc_fffb5f24: ; not directly referenced +and dword [edi + eax*8 + 0x36aa], 0xffffffc0 +and dword [edi + eax*8 + 0x36ae], 0x7f +inc eax +cmp byte [ebp - 0x6c], al +ja short loc_fffb5f24 ; ja 0xfffb5f24 +mov al, byte [ebp - 0x6c] +xor ecx, ecx +mov byte [ebp - 0x74], 0 +dec eax +mov byte [ebp - 0x78], al -loc_fffb5b31: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x4004 -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je short loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xa0], edi -jmp short loc_fffb5b85 ; jmp 0xfffb5b85 +loc_fffb5f47: ; not directly referenced +cmp cl, byte [ebp - 0x78] +jae short loc_fffb5fa8 ; jae 0xfffb5fa8 +lea eax, [ecx + 1] +mov byte [ebp - 0x7c], al -loc_fffb5b53: ; not directly referenced -mov edi, dword [ebx + 0xa8] -and eax, 0x1f -shl eax, 0xe -and edi, 0xfff83fff +loc_fffb5f52: ; not directly referenced +cmp al, byte [ebp - 0x6c] +jae short loc_fffb5fa2 ; jae 0xfffb5fa2 +lea esi, [ecx + 0x24a] +movzx ebx, al +mov edx, dword [edi + esi*8 + 0x245a] +add ebx, 0x24a +mov dword [ebp - 0x80], edx +mov edx, dword [edi + ebx*8 + 0x245e] +cmp dword [edi + esi*8 + 0x245e], edx +jne short loc_fffb5f9f ; jne 0xfffb5f9f +mov esi, dword [ebp - 0x80] +cmp esi, dword [edi + ebx*8 + 0x245a] +jne short loc_fffb5f9f ; jne 0xfffb5f9f +mov eax, 1 +shl eax, cl +mov ecx, eax +not ecx +inc byte [ebp - 0x74] +and byte [ebp - 0x70], cl +jmp short loc_fffb5fa2 ; jmp 0xfffb5fa2 -loc_fffb5b65: ; not directly referenced -or edi, eax -mov eax, esi -shl edx, 0xa -mov ecx, edi -add edx, 0x400c -call fcn_fffae58c ; call 0xfffae58c -cmp byte [ebp - 0x1c], 0 -je short loc_fffb5b85 ; je 0xfffb5b85 -mov dword [ebx + 0xa8], edi +loc_fffb5f9f: ; not directly referenced +inc eax +jmp short loc_fffb5f52 ; jmp 0xfffb5f52 -loc_fffb5b85: ; not directly referenced -add esp, 0x2c +loc_fffb5fa2: ; not directly referenced +movzx ecx, byte [ebp - 0x7c] +jmp short loc_fffb5f47 ; jmp 0xfffb5f47 + +loc_fffb5fa8: ; not directly referenced +xor ebx, ebx + +loc_fffb5faa: ; not directly referenced +movzx eax, byte [ebp - 0x70] +bt eax, ebx +jae short loc_fffb600c ; jae 0xfffb600c +push esi +mov eax, dword [edi + 0x2444] +push 0x14 +push dword [edi + ebx*8 + 0x36ae] +push dword [edi + ebx*8 + 0x36aa] +call dword [eax + 0x6c] ; ucall +mov ecx, dword [edi + 0x370e] +add esp, 0x10 +mov dword [ebp - 0x7c], ecx +mov esi, edx +mov edx, dword [edi + 0x36f1] +cmp esi, 0 +ja short loc_fffb5fea ; ja 0xfffb5fea +cmp eax, edx +jb short loc_fffb600c ; jb 0xfffb600c + +loc_fffb5fea: ; not directly referenced +cmp esi, 0 +ja short loc_fffb5ffa ; ja 0xfffb5ffa +cmp eax, 0xfff +jbe loc_fffb615e ; jbe 0xfffb615e + +loc_fffb5ffa: ; not directly referenced +cmp esi, 0 +ja loc_fffb615e ; ja 0xfffb615e +cmp eax, dword [ebp - 0x7c] +jae loc_fffb615e ; jae 0xfffb615e + +loc_fffb600c: ; not directly referenced +inc ebx +cmp byte [ebp - 0x6c], bl +ja short loc_fffb5faa ; ja 0xfffb5faa +mov esi, dword [ebp - 0x74] +mov al, byte [ebp - 0x6c] +mov ebx, esi +sub eax, ebx +mov byte [edi + 0x36a9], al +test bl, bl +je loc_fffb619e ; je 0xfffb619e +test al, al +je loc_fffb619e ; je 0xfffb619e +xor eax, eax + +loc_fffb6034: ; not directly referenced +mov dl, al +cmp al, byte [ebp - 0x78] +jae loc_fffb619e ; jae 0xfffb619e +movzx esi, byte [ebp - 0x70] +bt esi, eax +jb short loc_fffb608c ; jb 0xfffb608c + +loc_fffb6048: ; not directly referenced +inc edx +cmp dl, byte [ebp - 0x6c] +jae short loc_fffb608c ; jae 0xfffb608c +bt esi, edx +movzx ecx, dl +jae short loc_fffb6048 ; jae 0xfffb6048 +mov esi, dword [edi + ecx*8 + 0x36ae] +mov edx, 1 +mov ebx, dword [edi + ecx*8 + 0x36aa] +shl edx, cl +mov cl, al +not edx +mov dword [edi + eax*8 + 0x36ae], esi +mov esi, 1 +shl esi, cl +mov ecx, esi +or byte [ebp - 0x70], cl +and byte [ebp - 0x70], dl +mov dword [edi + eax*8 + 0x36aa], ebx + +loc_fffb608c: ; not directly referenced +inc eax +jmp short loc_fffb6034 ; jmp 0xfffb6034 + +loc_fffb608f: ; not directly referenced +mov al, byte [ebp - 0x6c] +mov bl, 4 +sub eax, 4 +cmp al, 4 +cmovbe ebx, eax +mov eax, dword [edi + 0x370e] +xor edx, edx +mov byte [edi + 0x36a9], bl +push ecx +push 0x14 +push edx +push eax +mov byte [ebp - 0x70], bl +call dword [esi + 0x68] ; ucall +add eax, 0xffffffff +adc edx, 0xffffffff +add esp, 0xc +push 0x20 +mov ebx, eax +push edx +and ebx, 0xffffffc0 +push eax +mov dword [ebp - 0x74], ebx +call dword [esi + 0x6c] ; ucall +add esp, 0x10 +mov dword [ebp - 0x6c], 0 +mov dword [ebp - 0x78], eax + +loc_fffb60da: ; not directly referenced +mov ebx, dword [esi + 0x68] +call dword [esi + 0x7c] ; ucall +and eax, dword [ebp - 0x78] +push edx +xor edx, edx +push 0x20 +push edx +push eax +call ebx +mov ebx, eax +mov dword [ebp - 0x7c], edx +call dword [esi + 0x7c] ; ucall +mov edx, dword [ebp - 0x7c] +add esp, 0xc +and eax, dword [ebp - 0x74] +mov dword [ebp - 0x9c], edx +or eax, ebx +mov dword [ebp - 0xa0], eax +mov eax, dword [edi + 0x2444] +push 0x14 +push dword [ebp - 0x9c] +push dword [ebp - 0xa0] +call dword [eax + 0x6c] ; ucall +mov ebx, dword [edi + 0x370e] +mov ecx, dword [edi + 0x36f1] +add esp, 0x10 +mov dword [ebp - 0x7c], ebx +cmp edx, 0 +ja short loc_fffb613d ; ja 0xfffb613d +cmp eax, ecx +jb short loc_fffb6172 ; jb 0xfffb6172 + +loc_fffb613d: ; not directly referenced +cmp edx, 0 +ja short loc_fffb6149 ; ja 0xfffb6149 +cmp eax, 0xfff +jbe short loc_fffb60da ; jbe 0xfffb60da + +loc_fffb6149: ; not directly referenced +cmp edx, 0 +ja short loc_fffb60da ; ja 0xfffb60da +cmp eax, dword [ebp - 0x7c] +jb short loc_fffb6172 ; jb 0xfffb6172 +jmp short loc_fffb60da ; jmp 0xfffb60da + +loc_fffb6155: ; not directly referenced +mov byte [edi + 0x36a9], 0 +jmp short loc_fffb619e ; jmp 0xfffb619e + +loc_fffb615e: ; not directly referenced +mov eax, 0xfffffffe +mov cl, bl +rol eax, cl +inc byte [ebp - 0x74] +and byte [ebp - 0x70], al +jmp near loc_fffb600c ; jmp 0xfffb600c + +loc_fffb6172: ; not directly referenced +mov ebx, dword [ebp - 0x6c] +mov eax, dword [ebp - 0xa0] +mov edx, dword [ebp - 0x9c] +inc dword [ebp - 0x6c] +mov dword [edi + ebx*8 + 0x36aa], eax +mov al, byte [ebp - 0x6c] +mov dword [edi + ebx*8 + 0x36ae], edx +cmp byte [ebp - 0x70], al +ja loc_fffb60da ; ja 0xfffb60da + +loc_fffb619e: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffb5b8d: +fcn_fffb61a8: ; not directly referenced push ebp +mov eax, 0x80000002 mov ebp, esp -sub esp, 8 -call fcn_fffb468a ; call 0xfffb468a -cmp eax, 1 -jne short loc_fffb5bab ; jne 0xfffb5bab -call fcn_fffb481e ; call 0xfffb481e -cmp eax, 1 -jne short loc_fffb5bab ; jne 0xfffb5bab -mov al, 6 -jmp short loc_fffb5bb4 ; jmp 0xfffb5bb4 +push edi +push esi +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 0x20] +mov ecx, dword [ebp + 0x10] +mov esi, dword [ebp + 0x14] +mov edi, dword [ebp + 0x18] +test ebx, ebx +je loc_fffb626d ; je 0xfffb626d +cmp ecx, 0xb +ja loc_fffb626d ; ja 0xfffb626d +push eax +mov edx, ecx +push dword [ebp + 0x1c] +xor eax, eax +mov dword [ebp - 0x1c], ecx +push edi +push esi +call fcn_fffb05d3 ; call 0xfffb05d3 +add esp, 0x10 +mov ecx, dword [ebp - 0x1c] +test eax, eax +js short loc_fffb626d ; js 0xfffb626d +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x1e], al +mov eax, ecx +and eax, 3 +mov dword [ebp - 0x1c], eax +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] +dec eax +test ebx, eax +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] +sete byte [ebp - 0x1d] +mov dword [ebp - 0x28], eax -loc_fffb5bab: -cmp eax, 2 -sete al -shl eax, 2 +loc_fffb621f: ; not directly referenced +cmp dword [ebp + 0x1c], 0 +je short loc_fffb626b ; je 0xfffb626b +cmp dword [ebp - 0x1c], 0 +jne short loc_fffb6232 ; jne 0xfffb6232 +mov edx, esi +in al, dx +mov byte [ebx], al +jmp short loc_fffb625a ; jmp 0xfffb625a -loc_fffb5bb4: -leave -ret +loc_fffb6232: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffb6246 ; jne 0xfffb6246 +sub esp, 0xc +push esi +call fcn_fffb00a0 ; call 0xfffb00a0 +mov word [ebx], ax +jmp short loc_fffb6257 ; jmp 0xfffb6257 -fcn_fffb5bb6: -push ebp -mov ebp, esp -sub esp, 8 -call fcn_fffb468a ; call 0xfffb468a -cmp eax, 1 -jne short loc_fffb5bdf ; jne 0xfffb5bdf -call fcn_fffb481e ; call 0xfffb481e -cmp eax, 1 -je short loc_fffb5bdb ; je 0xfffb5bdb -cmp eax, 2 -sete dl -shl edx, 3 -jmp short loc_fffb5be9 ; jmp 0xfffb5be9 +loc_fffb6246: ; not directly referenced +cmp dword [ebp - 0x1c], 2 +jne short loc_fffb625a ; jne 0xfffb625a +sub esp, 0xc +push esi +call fcn_fffb00dc ; call 0xfffb00dc +mov dword [ebx], eax -loc_fffb5bdb: -mov dl, 0xe -jmp short loc_fffb5be9 ; jmp 0xfffb5be9 +loc_fffb6257: ; not directly referenced +add esp, 0x10 -loc_fffb5bdf: -cmp eax, 2 -mov dl, 0xa -mov al, 0 -cmovne edx, eax +loc_fffb625a: ; not directly referenced +movzx eax, byte [ebp - 0x1e] +add esi, dword [ebp - 0x28] +adc edi, dword [ebp - 0x24] +dec dword [ebp + 0x1c] +add ebx, eax +jmp short loc_fffb621f ; jmp 0xfffb621f -loc_fffb5be9: -mov al, dl -leave +loc_fffb626b: ; not directly referenced +xor eax, eax + +loc_fffb626d: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp ret -fcn_fffb5bed: ; not directly referenced +fcn_fffb6275: ; not directly referenced push ebp -xor ecx, ecx +mov eax, 0x80000002 mov ebp, esp -mov edx, 0x40 push edi push esi push ebx -sub esp, 0xac -mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x5edc] -mov esi, eax -mov dword [ebp - 0x90], eax -mov eax, dword [edi + 0x2443] -mov dword [ebp - 0x7c], eax -mov eax, dword [edi + 0x1887] -mov dword [ebp - 0x78], eax -mov eax, dword [edi + 0x188b] -mov dword [ebp - 0x6c], eax -mov eax, edi -call fcn_fffc3c0d ; call 0xfffc3c0d -lea eax, [edi + 0x3756] -mov ecx, eax -mov dword [ebp - 0x80], eax -mov eax, esi -xor esi, esi -add eax, 0x1c -mov dword [ebp - 0x8c], eax -mov ebx, eax -mov dword [ebp - 0x70], ecx - -loc_fffb5c50: ; not directly referenced -mov eax, dword [ebp - 0x70] -cmp dword [eax], 2 -jne loc_fffb5e14 ; jne 0xfffb5e14 -cmp dword [ebp - 0x6c], 1 -je short loc_fffb5c9f ; je 0xfffb5c9f - -loc_fffb5c62: ; not directly referenced -cmp byte [edi + 0x18b4], 1 -jne loc_fffb5d3d ; jne 0xfffb5d3d -mov eax, dword [ebp - 0x7c] -call dword [eax + 0x7c] ; ucall -mov edx, dword [ebp - 0x6c] -movzx eax, ax -add eax, eax -mov ecx, eax -or eax, 1 -or ecx, 0x3e0001 -dec edx -cmovne ecx, eax -mov eax, edi -lea edx, [esi*4 + 0x2000] -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffb5d3d ; jmp 0xfffb5d3d +sub esp, 0x1c +mov ebx, dword [ebp + 0x20] +mov ecx, dword [ebp + 0x10] +mov esi, dword [ebp + 0x14] +mov edi, dword [ebp + 0x18] +test ebx, ebx +je loc_fffb6339 ; je 0xfffb6339 +cmp ecx, 0xb +ja loc_fffb6339 ; ja 0xfffb6339 +push eax +mov edx, ecx +push dword [ebp + 0x1c] +xor eax, eax +mov dword [ebp - 0x1c], ecx +push edi +push esi +call fcn_fffb05d3 ; call 0xfffb05d3 +add esp, 0x10 +mov ecx, dword [ebp - 0x1c] +test eax, eax +js short loc_fffb6339 ; js 0xfffb6339 +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x1e], al +mov eax, ecx +and eax, 3 +mov dword [ebp - 0x1c], eax +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] +dec eax +test ebx, eax +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] +sete byte [ebp - 0x1d] +mov dword [ebp - 0x28], eax -loc_fffb5c9f: ; not directly referenced -mov dl, byte [ebx + 0xcb] -mov ecx, 0xff -mov al, byte [ebx + 3] -and edx, 1 -shl edx, 6 -and eax, 0xffffffbf -or eax, edx +loc_fffb62ec: ; not directly referenced +cmp dword [ebp + 0x1c], 0 +je short loc_fffb6337 ; je 0xfffb6337 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffb62ff ; jne 0xfffb62ff +mov al, byte [ebx] mov edx, esi -mov byte [ebx + 3], al -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebx] -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -cmp byte [ebx + 0xcb], 0 -je short loc_fffb5c62 ; je 0xfffb5c62 -mov byte [ebp - 0x74], 0 - -loc_fffb5cdc: ; not directly referenced -mov al, byte [ebp - 0x74] -cmp al, byte [edi + 0x2488] -jae loc_fffb5c62 ; jae 0xfffb5c62 -movzx ecx, byte [ebp - 0x74] -xor edx, edx -mov al, byte [ebx + ecx*4 + 6] -shr al, 1 -and eax, 7 -cmp al, 2 -jbe short loc_fffb5d04 ; jbe 0xfffb5d04 -lea edx, [eax - 1] -and edx, 7 +out dx, al +jmp short loc_fffb6326 ; jmp 0xfffb6326 -loc_fffb5d04: ; not directly referenced -mov al, byte [ebx + ecx*4 + 6] -and edx, 7 -add edx, edx -and eax, 0xfffffff1 -or eax, edx -mov edx, esi -mov byte [ebx + ecx*4 + 6], al -mov eax, dword [ebx + ecx*4 + 4] -mov dword [ebp - 0x84], eax -mov eax, edi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [ebp - 0x84] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x74] -jmp short loc_fffb5cdc ; jmp 0xfffb5cdc +loc_fffb62ff: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffb6313 ; jne 0xfffb6313 +movzx eax, word [ebx] +push edx +push edx +push eax +push esi +call fcn_fffb00b9 ; call 0xfffb00b9 +jmp short loc_fffb6323 ; jmp 0xfffb6323 -loc_fffb5d3d: ; not directly referenced -imul eax, dword [edi + 0x18a7], 0x2e -mov ecx, dword [ebp - 0x70] -cmp word [ecx + eax + 8], 1 -jne short loc_fffb5d8a ; jne 0xfffb5d8a -mov eax, esi -shl eax, 0xa -add eax, 0x4010 -mov edx, eax -mov dword [ebp - 0x74], eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov dl, byte [edi + 0x190b] -mov ecx, edx -shr dl, 1 -and ecx, 1 -and eax, 0xfffffff0 -and edx, 7 -add edx, edx -or eax, ecx -or eax, edx -mov edx, dword [ebp - 0x74] -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffb6313: ; not directly referenced +cmp dword [ebp - 0x1c], 2 +jne short loc_fffb6326 ; jne 0xfffb6326 +push eax +push eax +push dword [ebx] +push esi +call fcn_fffb0086 ; call 0xfffb0086 -loc_fffb5d8a: ; not directly referenced -cmp byte [edi + 0x190c], 0 -jne short loc_fffb5db8 ; jne 0xfffb5db8 -cmp dword [ebp - 0x6c], 0 -jne short loc_fffb5db8 ; jne 0xfffb5db8 -and byte [ebx + 0xa3], 0xdf -mov edx, esi -mov ecx, dword [ebx + 0xa0] -shl edx, 0xa -mov eax, edi -add edx, 0x4004 -call fcn_fffae58c ; call 0xfffae58c +loc_fffb6323: ; not directly referenced +add esp, 0x10 -loc_fffb5db8: ; not directly referenced -lea edx, [esi*8 + 0x48a8] -mov ecx, 0x3000 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x70] -mov edx, esi -shl edx, 0xa -add edx, 0x42a0 -movzx ecx, byte [eax + 0xc4] -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -cmp byte [edi + 0x3748], 1 -jne short loc_fffb5e14 ; jne 0xfffb5e14 -lea eax, [esi*4 + 0x5004] -mov edx, eax -mov dword [ebp - 0x74], eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, dword [ebp - 0x74] -or eax, 0x3000000 -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffb6326: ; not directly referenced +movzx eax, byte [ebp - 0x1e] +add esi, dword [ebp - 0x28] +adc edi, dword [ebp - 0x24] +dec dword [ebp + 0x1c] +add ebx, eax +jmp short loc_fffb62ec ; jmp 0xfffb62ec -loc_fffb5e14: ; not directly referenced -inc esi -add ebx, 0xcc -add dword [ebp - 0x70], 0x13c3 -cmp esi, 2 -jne loc_fffb5c50 ; jne 0xfffb5c50 +loc_fffb6337: ; not directly referenced xor eax, eax -cmp dword [edi + 0x2480], 3 -sete al -mov dword [ebp - 0x84], eax -test byte [edi + 0x2406], 1 -je short loc_fffb5e4a ; je 0xfffb5e4a -test eax, eax -je short loc_fffb5e53 ; je 0xfffb5e53 - -loc_fffb5e4a: ; not directly referenced -xor edx, edx -mov eax, edi -call fcn_fffb0b30 ; call 0xfffb0b30 - -loc_fffb5e53: ; not directly referenced -mov eax, dword [ebp - 0x78] -cmp eax, 0x40660 -sete dl -cmp eax, 0x306c0 -sete al -or dl, al -jne short loc_fffb5e85 ; jne 0xfffb5e85 -loc_fffb5e6a: ; not directly referenced -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x7c], 0 -lea esi, [eax + 0x1c] -mov eax, dword [ebp - 0x80] -mov dword [ebp - 0x74], eax -jmp near loc_fffb5f7b ; jmp 0xfffb5f7b +loc_fffb6339: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb5e85: ; not directly referenced -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x70], 0 -lea ebx, [eax + 0x1c] +fcn_fffb6341: ; not directly referenced +push ebp +mov ebp, esp +sub esp, 8 +mov edx, dword [0xff7d77b0] +mov eax, dword [ebp + 0xc] +add eax, 3 +and eax, 0xfffffffc +test edx, edx +jne short loc_fffb6366 ; jne 0xfffb6366 +mov dword [0xff7d77ac], 0xff7d027c +jmp short loc_fffb638c ; jmp 0xfffb638c -loc_fffb5e95: ; not directly referenced -imul eax, dword [ebp - 0x70], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffb5f49 ; jne 0xfffb5f49 -mov al, byte [edi + 0x2488] -mov byte [ebp - 0x7c], al -xor eax, eax - -loc_fffb5eb5: ; not directly referenced -cmp byte [ebp - 0x7c], al -jbe short loc_fffb5f1e ; jbe 0xfffb5f1e -mov dl, byte [ebx + eax*4 + 5] -movzx ecx, byte [ebx + eax*4 + 6] -shr dl, 5 -and ecx, 1 -movzx edx, dl -shl ecx, 3 -or ecx, edx -mov esi, ecx -mov dl, cl -or edx, 0xfffffff0 -shr esi, 3 -cmove edx, ecx -mov cl, byte [ebx + eax*4 + 6] -movsx edx, dl -shr cl, 1 -mov esi, ecx -and esi, 7 -mov dword [ebp - 0x74], esi -mov cl, byte [ebx + eax*4 + 6] -shr cl, 4 -mov esi, ecx -or esi, 0xfffffff0 -test cl, 8 -cmovne ecx, esi -movzx esi, byte [ebx + eax*4 + 7] -add edx, dword [ebp - 0x74] -and esi, 7 -cmp edx, 6 -jg short loc_fffb5f22 ; jg 0xfffb5f22 -movsx ecx, cl -inc eax -add ecx, esi -cmp ecx, 6 -jle short loc_fffb5eb5 ; jle 0xfffb5eb5 -jmp short loc_fffb5f22 ; jmp 0xfffb5f22 - -loc_fffb5f1e: ; not directly referenced -xor edx, edx -jmp short loc_fffb5f24 ; jmp 0xfffb5f24 - -loc_fffb5f22: ; not directly referenced -mov dl, 1 - -loc_fffb5f24: ; not directly referenced -mov al, byte [ebx + 1] -mov ecx, 0xff -and eax, 0xfffffffe -or eax, edx -mov edx, dword [ebp - 0x70] -mov byte [ebx + 1], al -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebx] -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffb6366: ; not directly referenced +mov ecx, dword [0xff7d77ac] +cmp dword [ecx + edx], 0x900ddea1 +je short loc_fffb638c ; je 0xfffb638c +push eax +push 0x3d +push ref_fffd3a20 ; push 0xfffd3a20 +push ref_fffd62d9 ; push 0xfffd62d9 +call mrc_printk ; call 0xfffb8212 +add esp, 0x10 -loc_fffb5f49: ; not directly referenced -inc dword [ebp - 0x70] -add ebx, 0xcc -cmp dword [ebp - 0x70], 2 -je loc_fffb5e6a ; je 0xfffb5e6a -jmp near loc_fffb5e95 ; jmp 0xfffb5e95 +loc_fffb638a: ; not directly referenced +jmp short loc_fffb638a ; jmp 0xfffb638a -loc_fffb5f61: ; not directly referenced -inc dword [ebp - 0x7c] -add esi, 0xcc -add dword [ebp - 0x74], 0x13c3 -cmp dword [ebp - 0x7c], 2 -je loc_fffb6031 ; je 0xfffb6031 +loc_fffb638c: ; not directly referenced +lea ecx, [eax + edx] +cmp ecx, 0x752c +jbe short loc_fffb63ae ; jbe 0xfffb63ae +push eax +push 0x4b +push ref_fffd3a20 ; push 0xfffd3a20 +push ref_fffd62f9 ; push 0xfffd62f9 +call mrc_printk ; call 0xfffb8212 +add esp, 0x10 -loc_fffb5f7b: ; not directly referenced -mov eax, dword [ebp - 0x74] -cmp dword [eax], 2 -jne short loc_fffb5f61 ; jne 0xfffb5f61 -mov byte [ebp - 0x70], 0 +loc_fffb63ac: ; not directly referenced +jmp short loc_fffb63ac ; jmp 0xfffb63ac -loc_fffb5f87: ; not directly referenced -movzx eax, byte [ebp - 0x70] -cmp al, byte [edi + 0x2488] -jae short loc_fffb5f61 ; jae 0xfffb5f61 -mov ecx, dword [ebp - 0x74] -mov bl, byte [ecx + 0xc4] -lea eax, [ecx + eax + 0x104a] -xor ecx, ecx -mov dword [ebp - 0x88], eax +loc_fffb63ae: ; not directly referenced +mov eax, dword [0xff7d77ac] +mov dword [0xff7d77b0], ecx +mov dword [eax + ecx], 0x900ddea1 +mov ecx, dword [ebp + 0x10] +add edx, eax xor eax, eax -mov byte [ebp - 0x98], bl +mov dword [ecx], edx +leave +ret -loc_fffb5fb3: ; not directly referenced -mov edx, 1 -shl edx, cl -test byte [ebp - 0x98], dl -je short loc_fffb5fe3 ; je 0xfffb5fe3 -mov ebx, dword [ebp - 0x88] -mov dl, byte [ebx] -mov byte [ebp - 0x94], dl -mov dl, byte [ebx + 0x24] -mov bl, byte [ebp - 0x94] -cmp bl, dl -cmovae edx, ebx -cmp al, dl -cmovb eax, edx +fcn_fffb63cb: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov dword [ebp - 0x30], edx +mov dword [ebp - 0x1c], 0 +call fcn_fffb91ff ; call 0xfffb91ff +mov dword [ebp - 0x2c], eax +lea eax, [ebp - 0x1c] +push eax +push 0 +push 0 +push ref_fffd6948 ; push 0xfffd6948 +call fcn_fffb020b ; call 0xfffb020b +mov eax, dword [0xff7d0084] +mov esi, dword [eax + 0x14] +lea edi, [esi + 0xf80ac] +mov dword [esp], edi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +pop edx +pop ecx +and eax, 0xffebffff +push eax +push edi +call fcn_fffb3ffa ; call 0xfffb3ffa +mov edx, 0xcf9 +in al, dx +mov ecx, dword [ebp - 0x30] +mov bl, al +add esp, 0x10 +and ebx, 0xfffffff1 +cmp cl, 6 +jne short loc_fffb6479 ; jne 0xfffb6479 +sub esp, 0xc +add esi, 0xf8048 +push esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +add esp, 0x10 +mov esi, eax +and esi, 0xfffffffe +cmp dword [ebp - 0x2c], 1 +jne short loc_fffb6494 ; jne 0xfffb6494 +push eax +push eax +push 0x40000000 +push esi +call fcn_fffb4a77 ; call 0xfffb4a77 +pop eax +pop edx +lea eax, [esi + 4] +push 0xbfffffff +push eax +call fcn_fffb4aa1 ; call 0xfffb4aa1 +pop ecx +pop eax +lea eax, [esi + 0xc] +push 0xbfffffff +push eax +jmp short loc_fffb64c5 ; jmp 0xfffb64c5 -loc_fffb5fe3: ; not directly referenced -inc ecx -add dword [ebp - 0x88], 9 -cmp ecx, 4 -jne short loc_fffb5fb3 ; jne 0xfffb5fb3 -movzx ebx, byte [ebp - 0x70] -shr al, 3 -not eax -shr eax, 1 -and eax, 3 -mov dl, byte [esi + ebx*4 + 5] -mov ecx, ebx -and byte [esi + ebx*4 + 4], 0x7f -and edx, 0xfffffffc -or edx, eax -mov eax, edi -mov byte [esi + ebx*4 + 5], dl -mov edx, dword [ebp - 0x7c] -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [esi + ebx*4 + 4] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x70] -jmp near loc_fffb5f87 ; jmp 0xfffb5f87 +loc_fffb6479: ; not directly referenced +cmp cl, 1 +je short loc_fffb648f ; je 0xfffb648f +cmp cl, 2 +jne short loc_fffb64f9 ; jne 0xfffb64f9 +mov eax, dword [ebp - 0x1c] +sub esp, 0xc +push 2 +call dword [eax] ; ucall +jmp short loc_fffb64f3 ; jmp 0xfffb64f3 -loc_fffb6031: ; not directly referenced -movzx ecx, word [edi + 0x2489] -mov eax, ecx -shr ax, 1 -movzx eax, ax -add eax, 0xb2c -cdq -idiv ecx -mov ecx, 7 -cmp eax, 7 -ja short loc_fffb6061 ; ja 0xfffb6061 -xor cl, cl -cmp eax, 2 -jbe short loc_fffb6061 ; jbe 0xfffb6061 -mov cl, 4 -cmp eax, 3 -cmovne ecx, eax +loc_fffb648f: ; not directly referenced +or ebx, 6 +jmp short loc_fffb64f9 ; jmp 0xfffb64f9 -loc_fffb6061: ; not directly referenced -cmp dword [ebp - 0x6c], 1 -jne short loc_fffb6079 ; jne 0xfffb6079 +loc_fffb6494: ; not directly referenced +cmp dword [ebp - 0x2c], 2 +jne short loc_fffb64cd ; jne 0xfffb64cd +push eax +push eax +push 1 +lea edx, [esi + 0x1f0] +push edx +mov dword [ebp - 0x2c], edx +call fcn_fffb4a77 ; call 0xfffb4a77 +pop eax +pop edx +mov edx, dword [ebp - 0x2c] +push 0xfffffffffffffffb +push edx +call fcn_fffb4aa1 ; call 0xfffb4aa1 +mov edx, dword [ebp - 0x2c] +pop ecx +pop eax +push 0x7fffffff +push edx -loc_fffb6067: ; not directly referenced -cmp dword [ebp - 0x78], 0x40650 -jne loc_fffb6125 ; jne 0xfffb6125 -jmp near loc_fffb6132 ; jmp 0xfffb6132 +loc_fffb64c5: ; not directly referenced +call fcn_fffb4aa1 ; call 0xfffb4aa1 +add esp, 0x10 -loc_fffb6079: ; not directly referenced -and ecx, 7 -xor esi, esi -mov ebx, dword [ebp - 0x8c] -cmp dword [ebp - 0x84], 0 -lea eax, [ecx*8] -mov dword [ebp - 0x70], 0 -cmove esi, ecx -mov byte [ebp - 0x7c], al +loc_fffb64cd: ; not directly referenced +push eax +add esi, 0x60 +push eax +push 0x40000000 +push esi +call fcn_fffb4a77 ; call 0xfffb4a77 +mov dword [esp], edi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +pop edx +pop ecx +or eax, 0x100000 +push eax +push edi +call fcn_fffb3ffa ; call 0xfffb3ffa -loc_fffb609f: ; not directly referenced -imul eax, dword [ebp - 0x70], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffb60c1 ; je 0xfffb60c1 +loc_fffb64f3: ; not directly referenced +or ebx, 0xe +add esp, 0x10 -loc_fffb60b0: ; not directly referenced -inc dword [ebp - 0x70] -add ebx, 0xcc -cmp dword [ebp - 0x70], 2 -jne short loc_fffb609f ; jne 0xfffb609f -jmp short loc_fffb6067 ; jmp 0xfffb6067 +loc_fffb64f9: ; not directly referenced +mov eax, dword [ebp - 0x1c] +call dword [eax + 0xc] ; ucall +mov edx, 0xcf9 +mov al, bl +out dx, al +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb60c1: ; not directly referenced -mov byte [ebp - 0x6c], 0 +fcn_fffb6511: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +mov ebx, eax +sub esp, 0x20 +mov edi, dword [ebp + 0x10] +mov esi, dword [ebp + 0xc] +push 0x3f +push edi +push esi +mov dword [ebp - 0x1c], edx +mov dword [ebp - 0x20], ecx +call dword [eax + 0x6c] ; ucall +add esp, 0x10 +test al, 1 +je short loc_fffb6573 ; je 0xfffb6573 +mov eax, dword [ebp - 0x1c] +mov edx, esi +and edx, 0xffffffc0 +and eax, 0xffffffc0 +mov ecx, eax +mov eax, dword [ebp - 0x20] +and eax, 0x7f +mov dword [ebp - 0x1c], eax +mov eax, edi +and eax, 0x7f +cmp dword [ebp - 0x1c], eax +jne short loc_fffb6573 ; jne 0xfffb6573 +cmp ecx, edx +jne short loc_fffb6573 ; jne 0xfffb6573 +push eax +push 0x3e +push edi +push esi +call dword [ebx + 0x6c] ; ucall +add esp, 0x10 +and eax, 1 +cmp dword [ebp + 8], eax +sete al +movzx eax, al +jmp short loc_fffb6575 ; jmp 0xfffb6575 -loc_fffb60c5: ; not directly referenced -mov al, byte [ebp - 0x6c] -cmp al, byte [edi + 0x2488] -jae short loc_fffb60b0 ; jae 0xfffb60b0 -cmp dword [ebp - 0x78], 0x40650 -movzx edx, byte [ebp - 0x6c] -jne short loc_fffb60ef ; jne 0xfffb60ef -mov al, byte [ebx + edx*4 + 7] -lea ecx, [esi*8] -and eax, 0xffffffc7 -or eax, ecx -jmp short loc_fffb60f9 ; jmp 0xfffb60f9 +loc_fffb6573: ; not directly referenced +xor eax, eax -loc_fffb60ef: ; not directly referenced -mov al, byte [ebx + edx*4 + 7] -and eax, 0xffffffc7 -or eax, dword [ebp - 0x7c] +loc_fffb6575: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb60f9: ; not directly referenced -mov byte [ebx + edx*4 + 7], al -movzx eax, byte [ebp - 0x6c] -mov edx, dword [ebp - 0x70] -mov ecx, eax -mov dword [ebp - 0x74], eax -mov eax, edi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [ebp - 0x74] -mov ecx, dword [ebx + ecx*4 + 4] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x6c] -jmp short loc_fffb60c5 ; jmp 0xfffb60c5 +fcn_fffb657d: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov ebx, dword [ebp + 8] +mov dword [ebp - 0x1c], 0 +mov eax, dword [ebx + 0x2444] +lea esi, [ebx + 0xfb9] +mov dword [ebp - 0x20], eax +lea eax, [ebx + 0x10] +mov dword [ebp - 0x2c], eax +mov al, byte [ebx + 0x3756] +mov byte [ebx + 0xfb8], al +mov eax, dword [ebx + 0x374f] +mov dword [ebx + 0xfb4], eax -loc_fffb6125: ; not directly referenced -cmp dword [edi + 0x188b], 1 -jne loc_fffb6434 ; jne 0xfffb6434 +loc_fffb65bd: ; not directly referenced +imul eax, dword [ebp - 0x1c], 0x13c3 +xor edi, edi +mov edx, dword [ebx + eax + 0x3817] +lea ecx, [ebx + eax + 0x3757] +mov dword [ebp - 0x28], ecx +mov dword [esi + 4], edx +mov dl, byte [ebx + eax + 0x381b] +mov byte [esi + 8], dl +mov eax, dword [ebx + eax + 0x3757] +mov dword [esi], eax -loc_fffb6132: ; not directly referenced -mov eax, dword [ebp - 0x80] -mov esi, dword [ebp - 0x8c] -mov dword [ebp - 0x74], 0 -mov dword [ebp - 0x78], eax +loc_fffb65ed: ; not directly referenced +mov eax, dword [ebp - 0x28] +push edx +push 0x2e +lea eax, [eax + edi + 4] +push eax +lea eax, [esi + edi + 9] +add edi, 0x2e +push eax +mov eax, dword [ebp - 0x20] +call dword [eax + 0x58] ; ucall +add esp, 0x10 +cmp edi, 0xb8 +jne short loc_fffb65ed ; jne 0xfffb65ed +imul eax, dword [ebp - 0x1c], 0x54a +lea edx, [esi + 0x313] +mov dword [ebp - 0x24], 0 +lea edi, [ebx + eax + 0x19bb] -loc_fffb6145: ; not directly referenced -mov eax, dword [ebp - 0x78] -cmp dword [eax], 2 -je short loc_fffb6168 ; je 0xfffb6168 +loc_fffb662c: ; not directly referenced +mov ecx, dword [ebp - 0x24] +mov dword [ebp - 0x30], edx +mov edx, dword [ebp - 0x28] +push eax +push 0x128 +lea eax, [edx + ecx + 0x1173] +push eax +lea eax, [esi + ecx + 0xc1] +push eax +mov eax, dword [ebp - 0x20] +call dword [eax + 0x58] ; ucall +mov al, byte [edi + 3] +add esp, 0x10 +mov edx, dword [ebp - 0x30] +cmp byte [edi + 2], 0xc +mov byte [edx - 2], al +jne short loc_fffb6676 ; jne 0xfffb6676 +mov al, byte [edi + 0xd] +mov ecx, 0x1d +mov byte [edx - 1], al +lea eax, [edi + 0x140] +jmp short loc_fffb6684 ; jmp 0xfffb6684 -loc_fffb614d: ; not directly referenced -inc dword [ebp - 0x74] -add esi, 0xcc -add dword [ebp - 0x78], 0x13c3 -cmp dword [ebp - 0x74], 2 -jne short loc_fffb6145 ; jne 0xfffb6145 -jmp near loc_fffb62d1 ; jmp 0xfffb62d1 +loc_fffb6676: ; not directly referenced +mov al, byte [edi + 8] +mov ecx, 0x1f +mov byte [edx - 1], al +lea eax, [edi + 0x75] -loc_fffb6168: ; not directly referenced -mov ebx, dword [ebp - 0x78] +loc_fffb6684: ; not directly referenced +sub esp, 4 +add edi, 0x277 +push ecx +push eax +mov eax, dword [ebp - 0x20] +push edx +mov dword [ebp - 0x30], edx +call dword [eax + 0x58] ; ucall +mov edx, dword [ebp - 0x30] +add esp, 0x10 +add dword [ebp - 0x24], 0x128 +add edx, 0x21 +cmp dword [ebp - 0x24], 0x250 +jne loc_fffb662c ; jne 0xfffb662c +inc dword [ebp - 0x1c] +add esi, 0x433 +cmp dword [ebp - 0x1c], 2 +jne loc_fffb65bd ; jne 0xfffb65bd +mov eax, dword [ebx + 0x3736] +mov dword [ebx + 0x182c], eax +mov eax, dword [ebx + 0x373a] +mov dword [ebx + 0x1830], eax +mov eax, dword [ebx + 0x373e] +mov dword [ebx + 0x1834], eax +mov eax, dword [ebx + 0x3742] +mov dword [ebx + 0x1838], eax +push eax +mov eax, dword [ebx + 0x2444] +push 4 +mov edx, dword [ebx + 0x188b] +lea edx, [edx*4 + ref_fffd3520] ; lea edx, [edx*4 - 0x2cae0] +push edx +lea edx, [ebx + 0xfac] +push edx +call dword [eax + 0x58] ; ucall +mov eax, dword [ebx + 0x1887] +add esp, 0x10 xor ecx, ecx -mov al, byte [ebx + 0xc4] -mov dword [ebp - 0x70], ebx -xor ebx, ebx -mov byte [ebp - 0x80], al +mov dword [ebx + 0xfa4], eax +mov eax, dword [ebx + 0x1883] +mov dword [ebx + 0xfa0], eax +mov eax, dword [ebx + 0x188b] +mov dword [ebx + 0xfa8], eax +mov al, byte [ebx + 0x190d] +mov byte [ebx + 0x1842], al +mov eax, dword [ebx + 0x36d8] +mov dword [ebx + 0x181f], eax +mov eax, dword [ebx + 0x36e0] +mov dword [ebx + 0x1823], eax +mov al, byte [ebx + 0x36e8] +mov byte [ebx + 0x182b], al +mov eax, dword [ebx + 0x36e4] +mov dword [ebx + 0x1827], eax +mov al, byte [ebx + 0x3749] +mov byte [ebx + 0x183c], al +mov eax, dword [ebx + 0x2481] +mov dword [ebx + 0x183d], eax +mov al, byte [ebx + 0x374a] +mov byte [ebx + 0x1841], al +mov al, byte [ebx + 0x36cb] +mov byte [ebx + 0x184c], al +mov al, byte [ebx + 0x36a9] +mov byte [ebx + 0x184d], al +mov eax, dword [ebx + 0x36cc] +mov dword [ebx + 0x1843], eax +mov eax, dword [ebx + 0x1912] +mov dword [ebx + 0x1847], eax +mov al, byte [ebx + 0x1916] +mov byte [ebx + 0x184b], al + +loc_fffb67df: ; not directly referenced +mov eax, dword [ebx + ecx*8 + 0x36aa] +mov edx, dword [ebx + ecx*8 + 0x36ae] +mov dword [ebx + ecx*8 + 0x184e], eax +mov dword [ebx + ecx*8 + 0x1852], edx +inc ecx +cmp ecx, 4 +jne short loc_fffb67df ; jne 0xfffb67df +mov edx, dword [ebx + 0x18bd] +mov eax, dword [ebx + 0x18b9] +call fcn_fffc3cb8 ; call 0xfffc3cb8 +mov edx, 0x185e +mov dword [ebx + 0xfb0], eax +mov eax, dword [ebp - 0x2c] +call fcn_fffc3cb8 ; call 0xfffc3cb8 +mov dword [ebx + 8], 0x1866 +mov dword [ebx + 0xc], eax +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb617b: ; not directly referenced +fcn_fffb6839: ; not directly referenced +mov eax, dword [0xff7d0084] +push ebp +mov ebp, esp +push esi +mov esi, dword [ebp + 8] +push ebx +mov eax, dword [eax + 0x14] +mov ebx, dword [ebp + 0xc] +sub esp, 0xc +add eax, 0xb0048 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +add esp, 0x10 +cmp bl, 2 +je short loc_fffb6872 ; je 0xfffb6872 +cmp bl, 6 +je short loc_fffb6879 ; je 0xfffb6879 +dec bl +jne short loc_fffb6885 ; jne 0xfffb6885 mov edx, 1 -shl edx, cl -test byte [ebp - 0x80], dl -je short loc_fffb61bd ; je 0xfffb61bd -mov al, byte [edi + 0x2488] -xor edx, edx -mov byte [ebp - 0x7c], al +jmp short loc_fffb687e ; jmp 0xfffb687e -loc_fffb6192: ; not directly referenced -cmp byte [ebp - 0x7c], dl -jbe short loc_fffb61bd ; jbe 0xfffb61bd -mov eax, dword [ebp - 0x70] -mov ax, word [eax + edx*2 + 0x1b1] -mov word [ebp - 0x6c], ax -movzx eax, bl -shr word [ebp - 0x6c], 6 -cmp ax, word [ebp - 0x6c] -mov al, byte [ebp - 0x6c] -cmova eax, ebx -inc edx -mov bl, al -jmp short loc_fffb6192 ; jmp 0xfffb6192 +loc_fffb6872: ; not directly referenced +mov edx, 2 +jmp short loc_fffb687e ; jmp 0xfffb687e -loc_fffb61bd: ; not directly referenced -inc ecx -add dword [ebp - 0x70], 0x12 -cmp ecx, 4 -jne short loc_fffb617b ; jne 0xfffb617b -cmp dword [ebp - 0x84], 0 -mov al, 1 -je short loc_fffb61df ; je 0xfffb61df -movzx ecx, word [edi + 0x2489] -lea eax, [ecx + 0x3f] -cdq -idiv ecx +loc_fffb6879: ; not directly referenced +mov edx, 6 -loc_fffb61df: ; not directly referenced -mov byte [ebp - 0x70], 0 -lea eax, [ebx + eax*2 + 0xf] -mov byte [ebp - 0x6c], al +loc_fffb687e: ; not directly referenced +mov eax, esi +call fcn_fffb63cb ; call 0xfffb63cb -loc_fffb61ea: ; not directly referenced -mov al, byte [ebp - 0x70] -cmp al, byte [edi + 0x2488] -jae loc_fffb614d ; jae 0xfffb614d -movzx ecx, byte [ebp - 0x70] -mov bl, 0x1f -mov al, byte [esi + ecx*4 + 7] -shr al, 6 -and eax, 1 -cmp al, 1 -sbb byte [ebp - 0x6c], 0xff -mov al, byte [ebp - 0x6c] -cmp al, 0x1f -cmova eax, ebx -mov byte [ebp - 0x6c], al -mov dl, byte [esi + ecx*4 + 5] -movzx eax, byte [esi + ecx*4 + 6] -shr dl, 5 -and eax, 1 -movzx edx, dl -shl eax, 3 -or eax, edx -mov edx, eax -mov bl, al -or ebx, 0xfffffff0 -shr edx, 3 -mov dl, byte [esi + ecx*4 + 6] -cmove ebx, eax -shr dl, 1 -and edx, 7 -test byte [esi + 3], 0x40 -je short loc_fffb6271 ; je 0xfffb6271 -lea eax, [ecx + 8] -mov bl, byte [ebp - 0x6c] -mov dl, byte [esi + eax*4 + 9] -movzx eax, byte [esi + eax*4 + 0xa] -shr dl, 5 -and eax, 3 -movzx edx, dl -shl eax, 3 -or eax, edx -cmp bl, al -cmovae eax, ebx -jmp short loc_fffb6283 ; jmp 0xfffb6283 - -loc_fffb6271: ; not directly referenced -lea eax, [edx + ebx + 0xe] -mov bl, 0x1f -cmp al, 0x1f -mov dl, 0x11 -cmovg eax, ebx -cmp al, 0x11 -cmovl eax, edx - -loc_fffb6283: ; not directly referenced -and eax, 0x1f -mov dl, al -lea ebx, [ecx + 8] -shl edx, 5 -mov byte [ebp - 0x7c], dl -mov dl, byte [esi + ebx*4 + 9] -shr al, 3 -and eax, 3 -and edx, 0x1f -or edx, dword [ebp - 0x7c] -mov byte [esi + ebx*4 + 9], dl -mov dl, byte [esi + ebx*4 + 0xa] -and edx, 0xfffffffc -or edx, eax -mov eax, edi -mov byte [esi + ebx*4 + 0xa], dl -mov edx, dword [ebp - 0x74] -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [esi + ebx*4 + 8] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x70] -jmp near loc_fffb61ea ; jmp 0xfffb61ea - -loc_fffb62d1: ; not directly referenced -mov eax, dword [edi + 0x2443] -cmp byte [edi + 0x2402], 0 -mov ebx, dword [edi + 0x5edc] -mov dword [ebp - 0x74], eax -je loc_fffb6434 ; je 0xfffb6434 -mov edx, 0x4024 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x40d0 -mov dword [ebp - 0x78], eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x4ca4 -mov dword [ebp - 0x7c], eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov dl, byte [ebx + 0xc8] -movzx ecx, byte [ebx + 0xc9] -mov esi, edx -and esi, 0x1f -and ecx, 3 -shr dl, 5 -mov dword [ebp - 0x80], esi -lea esi, [ecx*8] -movzx edx, dl -mov dword [ebp - 0x70], esi -xor ecx, ecx -or dword [ebp - 0x70], edx -mov dl, byte [ebx + 0xcb] -shr dl, 2 -mov esi, edx -mov dl, byte [ebx + 0xbf] -and esi, 3 -mov dword [ebp - 0x84], esi -shr dl, 6 -movzx esi, dl -mov dl, byte [ebx + 0xc3] -mov dword [ebp - 0x6c], esi -shr dl, 7 -cmp dword [edi + 0x2480], 1 -movzx esi, dl -jne short loc_fffb638c ; jne 0xfffb638c -mov edx, dword [ebp - 0x70] -xor ecx, ecx -add edx, dword [ebp - 0x6c] -sub edx, esi -cmp edx, 5 -sete cl - -loc_fffb638c: ; not directly referenced -mov bl, al -mov edx, 1 -and ebx, 3 -cmp bl, 2 -jne short loc_fffb63a3 ; jne 0xfffb63a3 -shr eax, 4 -mov edx, eax -and edx, 7 - -loc_fffb63a3: ; not directly referenced -mov al, byte [edi + 0x381a] -add esi, esi -add ecx, ecx -mov byte [ebp - 0x70], al -lea eax, [esi + 4] -mov esi, dword [ebp - 0x84] -add esi, dword [ebp - 0x80] -add esi, dword [ebp - 0x6c] -add esi, esi -sub eax, esi -sub eax, ecx -lea eax, [eax + edx*8 - 8] -xor edx, edx -mov dword [ebp - 0x6c], eax +loc_fffb6885: ; not directly referenced +lea esp, [ebp - 8] xor eax, eax +pop ebx +pop esi +pop ebp +ret -loc_fffb63d0: ; not directly referenced -mov cl, al -mov esi, 1 -shl esi, cl -mov ecx, esi -test byte [ebp - 0x70], cl -je short loc_fffb6416 ; je 0xfffb6416 -mov ebx, dword [ebp - 0x78] -lea esi, [eax*8] -mov ecx, esi -mov dword [ebp - 0x80], esi -shr ebx, cl -mov esi, ebx -mov ebx, dword [ebp - 0x7c] -lea ecx, [eax + eax] -and esi, 0x3f -add esi, dword [ebp - 0x6c] -shr ebx, cl -mov ecx, ebx -and ecx, 3 -add ecx, ecx -sub esi, ecx -mov ecx, esi -movzx esi, cl -mov cl, byte [ebp - 0x80] -shl esi, cl -or edx, esi +fcn_fffb688e: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x38 +mov eax, dword [0xff7d0084] +mov edi, dword [eax + 0x14] +add edi, 0xb0048 +push edi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov ebx, eax +lea eax, [ebp - 0x1c] +push eax +push 0 +push 0 +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b +add esp, 0x20 +xor ecx, ecx +mov esi, eax -loc_fffb6416: ; not directly referenced -inc eax -cmp eax, 4 -jne short loc_fffb63d0 ; jne 0xfffb63d0 +loc_fffb68c6: ; not directly referenced +test bh, 1 +jne short loc_fffb68f6 ; jne 0xfffb68f6 +cmp ecx, 0x32 +je short loc_fffb6941 ; je 0xfffb6941 +mov eax, dword [ebp - 0x1c] push ebx +push 0x3e8 +push eax +push dword [ebp + 8] +mov dword [ebp - 0x2c], ecx +call dword [eax + 4] ; ucall +mov dword [esp], edi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov ecx, dword [ebp - 0x2c] +add esp, 0x10 +inc ecx +mov ebx, eax +jmp short loc_fffb68c6 ; jmp 0xfffb68c6 + +loc_fffb68f6: ; not directly referenced +cmp ecx, 0x32 +je short loc_fffb6941 ; je 0xfffb6941 +mov edi, ebx +test bl, bl +jns short loc_fffb6938 ; jns 0xfffb6938 +mov eax, dword [0xff7d0084] +sub esp, 0xc +mov ebx, dword [eax + 0x14] +add ebx, 0xf80a2 push ebx -push edx -mov eax, dword [edi + 0x18cd] -add eax, 0xc04 +call fcn_fffb3e49 ; call 0xfffb3e49 +pop edx +pop ecx +and eax, 0xff7f push eax -mov eax, dword [ebp - 0x74] -call dword [eax + 0x30] ; ucall +push ebx +call fcn_fffb3fa0 ; call 0xfffb3fa0 +mov eax, dword [ebp + 8] +mov edx, 1 +call fcn_fffb63cb ; call 0xfffb63cb add esp, 0x10 +mov esi, eax -loc_fffb6434: ; not directly referenced -mov ecx, 0x14 -mov edx, 0x5f08 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov esi, dword [ebp - 0x90] -mov dl, byte [edi + 0x369d] -mov al, byte [esi + 0x16] -shl edx, 7 -and eax, 0x7f -or eax, edx -mov byte [esi + 0x16], al -mov dl, byte [edi + 0x369e] -and eax, 0xffffffbf -and edx, 1 -shl edx, 6 -or eax, edx -mov byte [esi + 0x16], al -mov dl, byte [edi + 0x369f] -and eax, 0xffffffdf -and edx, 1 -shl edx, 5 -or eax, edx -mov edx, 0xf78 -mov byte [esi + 0x16], al -mov ecx, dword [esi + 0x14] -mov eax, 0xf84 -cmp dword [edi + 0x188b], 1 -cmove edx, eax +loc_fffb6938: ; not directly referenced mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov ebx, dword [edi + 0x5edc] -cmp dword [edi + 0x3756], 2 -jne short loc_fffb6508 ; jne 0xfffb6508 -cmp dword [edi + 0x36d7], 0x74a -ja short loc_fffb64f4 ; ja 0xfffb64f4 - -loc_fffb64c0: ; not directly referenced -cmp dword [edi + 0x36d7], 0x854 -ja short loc_fffb64e0 ; ja 0xfffb64e0 - -loc_fffb64cc: ; not directly referenced -mov ecx, dword [ebx + 0xc8] -mov edx, 0x4014 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb6508 ; jmp 0xfffb6508 +and eax, 0xffffff90 +cmp al, 0x10 +jne short loc_fffb6947 ; jne 0xfffb6947 -loc_fffb64e0: ; not directly referenced -mov al, byte [ebx + 0xc9] -and eax, 0xffffffcf -or eax, 0x20 -mov byte [ebx + 0xc9], al -jmp short loc_fffb64cc ; jmp 0xfffb64cc +loc_fffb6941: ; not directly referenced +mov eax, dword [ebp + 0x10] +mov byte [eax], 1 -loc_fffb64f4: ; not directly referenced -mov al, byte [ebx + 0xc9] -and eax, 0xfffffff3 -or eax, 8 -mov byte [ebx + 0xc9], al -jmp short loc_fffb64c0 ; jmp 0xfffb64c0 +loc_fffb6947: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, esi +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb6508: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffb655f ; jne 0xfffb655f -cmp dword [edi + 0x36d7], 0x74a -jbe short loc_fffb652f ; jbe 0xfffb652f -mov al, byte [ebx + 0x195] -and eax, 0xfffffff3 -or eax, 8 -mov byte [ebx + 0x195], al +fcn_fffb6951: +push ebp +mov ebp, esp +mov ecx, dword [ebp + 8] +mov edx, dword [ebp + 0xc] +push ebx +mov ebx, dword [ecx + 8] +mov eax, dword [ecx + 0xc] +xor ebx, dword [edx + 8] +xor eax, dword [edx + 0xc] +or ebx, eax +mov ebx, dword [ecx] +mov ecx, dword [ecx + 4] +sete al +xor ebx, dword [edx] +xor ecx, dword [edx + 4] +or ebx, ecx +sete dl +and eax, edx +pop ebx +pop ebp +ret -loc_fffb652f: ; not directly referenced -cmp dword [edi + 0x36d7], 0x854 -jbe short loc_fffb654d ; jbe 0xfffb654d -mov al, byte [ebx + 0x195] -and eax, 0xffffffcf -or eax, 0x20 -mov byte [ebx + 0x195], al +fcn_fffb6980: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +sub esp, 0x6c +mov eax, dword [ebp + 8] +mov dword [ebp - 0x68], ecx +mov ecx, dword [ebp + 0xc] +mov ebx, dword [ebp + 0x10] +mov byte [ebp - 0x30], 0x21 +mov dword [ebp - 0x6c], eax +mov al, byte [ebp + 0x14] +mov dword [ebp - 0x3c], ecx +mov byte [ebp - 0x76], cl +mov edi, ebx +mov byte [ebp - 0x2f], 0x42 +mov byte [ebp - 0x40], al +mov byte [ebp - 0x2e], 0x58 +mov byte [ebp - 0x2d], 0x64 +mov byte [ebp - 0x2c], 0x85 +mov byte [ebp - 0x2b], 0xa6 +mov byte [ebp - 0x2a], 0xc8 +mov byte [ebp - 0x29], 0xe9 +mov byte [ebp - 0x28], 0x2f +mov byte [ebp - 0x27], 0x41 +mov byte [ebp - 0x26], 0x53 +mov byte [ebp - 0x25], 0x64 +mov byte [ebp - 0x24], 0x7d +mov byte [ebp - 0x23], 0x95 +mov byte [ebp - 0x22], 0xad +mov byte [ebp - 0x21], 0xc5 +mov byte [ebp - 0x20], 0x76 +mov byte [ebp - 0x1f], 0x70 +mov byte [ebp - 0x1e], 0x6c +mov byte [ebp - 0x1d], 0x67 +mov eax, dword [esi + 0x5edd] +mov byte [ebp - 0x1c], 0x64 +mov byte [ebp - 0x1b], 0x61 +mov byte [ebp - 0x1a], 0x5f +mov dword [ebp - 0x58], eax +movzx eax, dl +mov edx, dword [ebp - 0x58] +mov dword [ebp - 0x60], eax +imul eax, eax, 0xcc +mov byte [ebp - 0x19], 0x5d +mov dword [ebp - 0x74], 0 +mov dword [ebp - 0x5c], 0 +lea eax, [edx + eax + 0x1c] +mov dl, 0x19 +mov dword [ebp - 0x44], eax +mov eax, dword [esi + 0x18a7] +mov eax, dword [esi + eax*4 + 0x3736] +mov dword [ebp - 0x48], eax +mov eax, dword [esi + 0x188b] +mov dword [ebp - 0x70], eax +xor eax, eax +cmp dword [esi + 0x2481], 3 +sete al +cmp cl, 0xc +mov dword [ebp - 0x64], eax +mov al, 0x4b +cmovne edx, eax +cmp dword [ebp + 0x1c], 0 +mov byte [ebp - 0x75], dl +je short loc_fffb6a81 ; je 0xfffb6a81 +mov eax, dword [ebp + 0x1c] +cmp dword [eax], 0 +setne al +movzx eax, al +mov dword [ebp - 0x4c], eax +jmp short loc_fffb6aa6 ; jmp 0xfffb6aa6 -loc_fffb654d: ; not directly referenced -mov ecx, dword [ebx + 0x194] -mov edx, 0x4414 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffb6a81: ; not directly referenced +mov eax, dword [ebp - 0x3c] +cmp al, 0xc +sete dl +cmp al, 0xa +sete al +or dl, al +je short loc_fffb6a99 ; je 0xfffb6a99 -loc_fffb655f: ; not directly referenced -mov eax, edi -call fcn_fffae778 ; call 0xfffae778 -mov edx, 0x501c -mov eax, edi -cmp byte [edi + 0x190a], 1 -sbb ecx, ecx -and ecx, 0x40000000 -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, edi -call fcn_fffa870e ; call 0xfffa870e -lea ecx, [edi + 0x18b5] -mov edx, 0x41 -mov eax, edi -call fcn_fffc3c0d ; call 0xfffc3c0d -cmp byte [edi + 0x192b], 0 -jne loc_fffb6c2c ; jne 0xfffb6c2c -mov ebx, dword [edi + 0x2443] -lea eax, [ebp - 0x40] -push ecx -push 0 -push 8 -push eax -mov dword [ebp - 0x50], ref_fffd4088 ; mov dword [ebp - 0x50], 0xfffd4088 -mov dword [ebp - 0x4c], ref_fffd4038 ; mov dword [ebp - 0x4c], 0xfffd4038 -mov dword [ebp - 0x48], ref_fffd3fd8 ; mov dword [ebp - 0x48], 0xfffd3fd8 -mov dword [ebp - 0x44], ref_fffd3fcc ; mov dword [ebp - 0x44], 0xfffd3fcc -mov dword [ebp - 0xb8], 0 -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 8 -lea eax, [ebp - 0x38] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 8 -lea eax, [ebp - 0x30] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 8 -lea eax, [ebp - 0x28] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 8 -lea eax, [ebp - 0x20] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0xff -push 4 -lea eax, [ebp - 0x58] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 4 -lea eax, [ebp - 0x54] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0x10 -cmp dword [edi + 0x2480], 3 -jne short loc_fffb6650 ; jne 0xfffb6650 -mov word [ebp - 0x5c], 8 -mov word [ebp - 0x5a], 1 -jmp short loc_fffb665c ; jmp 0xfffb665c +loc_fffb6a92: ; not directly referenced +xor eax, eax +jmp near loc_fffb70f8 ; jmp 0xfffb70f8 -loc_fffb6650: ; not directly referenced -mov word [ebp - 0x5c], 0x228 -mov word [ebp - 0x5a], 7 +loc_fffb6a99: ; not directly referenced +cmp byte [ebp - 0x3c], 0xf +je short loc_fffb6a92 ; je 0xfffb6a92 +mov dword [ebp - 0x4c], 0 -loc_fffb665c: ; not directly referenced -mov eax, dword [edi + 0x18a7] -mov dword [ebp - 0xb0], eax -dec eax -je loc_fffb6c2c ; je 0xfffb6c2c -lea eax, [edi + 0x48c9] -mov dword [ebp - 0x7c], eax -lea eax, [ebp - 0x58] -mov dword [ebp - 0x90], eax -lea eax, [ebp - 0x20] -mov dword [ebp - 0xa4], eax -lea eax, [ebp - 0x28] -mov dword [ebp - 0x8c], eax -lea eax, [ebp - 0x30] -mov dword [ebp - 0x94], eax -lea eax, [ebp - 0x38] -mov dword [ebp - 0x98], eax -lea eax, [ebp - 0x40] -mov dword [ebp - 0x88], eax -lea eax, [ebp - 0x54] -mov dword [ebp - 0x80], eax -mov byte [ebp - 0x74], 0xff +loc_fffb6aa6: ; not directly referenced +cmp dword [ebp - 0x64], 0 +jne short loc_fffb6aee ; jne 0xfffb6aee +mov edx, dword [ebp - 0x60] +imul eax, edx, 0x54a +imul edx, edx, 0x13c3 +lea eax, [esi + eax + 0x196b] +mov dl, byte [esi + edx + 0x381b] +test dl, 1 +je short loc_fffb6ad7 ; je 0xfffb6ad7 +cmp byte [eax + 0x27e], 0 +je short loc_fffb6afe ; je 0xfffb6afe -loc_fffb66b8: ; not directly referenced -mov eax, dword [ebp - 0x7c] -cmp dword [eax - 0x1173], 2 -jne loc_fffb69e0 ; jne 0xfffb69e0 -mov dword [ebp - 0x6c], eax -mov dword [ebp - 0x78], 0 +loc_fffb6ad7: ; not directly referenced +and dl, 4 +je short loc_fffb6b07 ; je 0xfffb6b07 +cmp byte [eax + 0x4f5], 1 +sbb eax, eax +mov dword [ebp - 0x54], eax +add dword [ebp - 0x54], 0x24 +jmp short loc_fffb6b0e ; jmp 0xfffb6b0e -loc_fffb66d2: ; not directly referenced -mov eax, dword [ebp - 0x6c] -cmp dword [eax], 2 -jne loc_fffb69cc ; jne 0xfffb69cc -mov eax, dword [ebp - 0xb0] -mov eax, dword [edi + eax*4 + 0x3735] -cmp eax, 0x546 -je short loc_fffb6713 ; je 0xfffb6713 -cmp eax, 0x5dc -je short loc_fffb671a ; je 0xfffb671a -cmp eax, 0x4b0 -setne cl -movzx eax, cl -movzx ebx, cl -lea eax, [eax + eax*2 + 1] -mov dword [ebp - 0x84], ebx -jmp short loc_fffb6729 ; jmp 0xfffb6729 +loc_fffb6aee: ; not directly referenced +mov dword [ebp - 0x54], 0x50 +mov dword [ebp - 0x50], 0x37 +jmp short loc_fffb6b15 ; jmp 0xfffb6b15 -loc_fffb6713: ; not directly referenced -mov eax, 2 -jmp short loc_fffb671f ; jmp 0xfffb671f +loc_fffb6afe: ; not directly referenced +mov dword [ebp - 0x54], 0x23 +jmp short loc_fffb6b0e ; jmp 0xfffb6b0e -loc_fffb671a: ; not directly referenced -mov eax, 3 +loc_fffb6b07: ; not directly referenced +mov dword [ebp - 0x54], 0x24 -loc_fffb671f: ; not directly referenced -mov dword [ebp - 0x84], 0 +loc_fffb6b0e: ; not directly referenced +mov dword [ebp - 0x50], 0x23 -loc_fffb6729: ; not directly referenced -mov esi, dword [ebp - 0x6c] -and eax, 0xfffffe0f -movzx ebx, byte [esi + 0xcc] -movzx ecx, byte [esi + 0xd9] -and ebx, 1 -shl ebx, 4 +loc_fffb6b15: ; not directly referenced +cmp byte [ebp - 0x3c], 2 +ja loc_fffb6c0b ; ja 0xfffb6c0b +movzx eax, byte [ebp - 0x6c] +mov edx, dword [ebp - 0x44] +cmp byte [ebp - 0x3c], 1 +mov eax, dword [edx + eax*4 + 0x78] +mov dword [ebp - 0x5c], eax +jne short loc_fffb6b47 ; jne 0xfffb6b47 +mov edx, 0x3a04 +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov dword [ebp - 0x74], eax +jmp near loc_fffb6c15 ; jmp 0xfffb6c15 + +loc_fffb6b47: ; not directly referenced +mov edx, 0x3a00 +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +cmp byte [ebp - 0x3c], 0 +jne loc_fffb6c0b ; jne 0xfffb6c0b +mov ebx, dword [ebp - 0x58] +mov edx, dword [ebx + 0xc] +shr edx, 0xb +mov cl, dl and ecx, 0xf -or eax, ebx -movzx ebx, byte [esi + 0xf2] -shl ecx, 5 -or eax, ecx -movzx ecx, byte [esi + 0xed] -and ah, 0x81 -and ebx, 7 -shl ebx, 9 -or eax, ebx -mov ebx, dword [ebp - 0x7c] -and ecx, 7 -shl ecx, 0xc -or eax, ecx -and eax, 0xfffe7fff -movzx ecx, byte [ebx - 0x10b3] -and ecx, 3 -shl ecx, 0xf -or eax, ecx -mov ecx, dword [edi + 0x36d7] -cmp ecx, 0x640 -je short loc_fffb67db ; je 0xfffb67db -ja short loc_fffb67b3 ; ja 0xfffb67b3 -cmp ecx, 0x42b -je short loc_fffb67cf ; je 0xfffb67cf -cmp ecx, 0x535 -jne short loc_fffb67f3 ; jne 0xfffb67f3 -and eax, 0xffe1ffff -or eax, 0xa0000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +and dl, 8 +lea ebx, [ecx - 0x10] +cmovne ecx, ebx +cmp dword [ebp + 0x18], 0 +je short loc_fffb6b93 ; je 0xfffb6b93 +mov edi, dword [ebp - 0x5c] +and eax, 0x3f +mov byte [ebp - 0x40], al +mov eax, edi +and eax, 0x3f +and edi, 0x20 +lea edx, [eax - 0x40] +cmovne eax, edx +mov edi, eax -loc_fffb67b3: ; not directly referenced -cmp ecx, 0x74b -je short loc_fffb67e7 ; je 0xfffb67e7 -cmp ecx, 0x855 -jne short loc_fffb67f3 ; jne 0xfffb67f3 -and eax, 0xffe1ffff -or eax, 0x160000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +loc_fffb6b93: ; not directly referenced +cmp dword [ebp - 0x70], 1 +movsx ecx, cl +mov edx, dword [esi + 0x1887] +sbb ebx, ebx +and ebx, 0x12 +add ebx, 0x1e +cmp edx, 0x306d0 +sete al +cmp edx, 0x40650 +sete dl +movsx ebx, bl +or eax, edx +mov edx, 0x20 +cmp al, 1 +sbb eax, eax +sub edx, ecx +and eax, 0xffffffd3 +add ecx, 0x20 +add eax, 0x78 +movzx eax, al +imul eax, edx +cdq +idiv ecx +mov ecx, 3 +xor edx, edx +div cx +movsx ecx, byte [ebp - 0x40] +lea edx, [ecx + ecx*2] +add edx, ebx +imul eax, edx +mov edx, edi +movsx edx, dl +add edx, ecx +lea edx, [edx + edx*2] +movzx eax, ax +add ebx, edx +cdq +idiv ebx +mov ecx, eax +jmp near loc_fffb6d05 ; jmp 0xfffb6d05 -loc_fffb67cf: ; not directly referenced -and eax, 0xffe1ffff -or eax, 0x60000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +loc_fffb6c0b: ; not directly referenced +cmp byte [ebp - 0x3c], 1 +jne loc_fffb6cae ; jne 0xfffb6cae -loc_fffb67db: ; not directly referenced -and eax, 0xffe1ffff -or eax, 0xe0000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +loc_fffb6c15: ; not directly referenced +mov eax, dword [ebp - 0x58] +mov ecx, dword [eax + 0xc] +mov eax, ecx +shr eax, 3 +and eax, 1 +shr ecx, 0xf +mov byte [ebp - 0x64], al +mov al, cl +and eax, 0x1f +cmp dword [ebp - 0x70], 1 +lea edx, [eax - 0x20] +sbb ebx, ebx +and ebx, 6 +add ebx, 0xa +and cl, 0x10 +cmove edx, eax +cmp dword [ebp + 0x18], 0 +je short loc_fffb6c68 ; je 0xfffb6c68 +mov al, byte [ebp - 0x74] +mov edi, dword [ebp - 0x5c] +and eax, 0x3f +shr edi, 0xc +mov byte [ebp - 0x40], al +mov eax, edi +and eax, 0x1f +and edi, 0x10 +lea ecx, [eax - 0x20] +cmovne eax, ecx +mov edi, eax -loc_fffb67e7: ; not directly referenced -and eax, 0xffe1ffff -or eax, 0x120000 -jmp short loc_fffb67fd ; jmp 0xfffb67fd +loc_fffb6c68: ; not directly referenced +mov cl, byte [ebp - 0x40] +mov al, 1 +movsx edx, dl +movsx ebx, bl +test cl, cl +cmove ecx, eax +mov eax, esi +mov byte [ebp - 0x40], cl +call fcn_fffa6cac ; call 0xfffa6cac +mov dl, byte [ebp - 0x64] +xor edx, 1 +movzx edx, dl +imul ebx, edx +movsx edx, byte [ebp - 0x40] +lea ecx, [ebx + edx] +imul eax, ecx +mov ecx, edi +movsx ecx, cl +add edx, ecx +add ebx, edx +movzx eax, ax +cdq +idiv ebx +mov ecx, eax +jmp near loc_fffb6da7 ; jmp 0xfffb6da7 -loc_fffb67f3: ; not directly referenced -mov dword [ebp - 0x84], 1 +loc_fffb6cae: ; not directly referenced +cmp byte [ebp - 0x3c], 2 +jne short loc_fffb6cda ; jne 0xfffb6cda +cmp dword [ebp + 0x18], 0 +je short loc_fffb6ccd ; je 0xfffb6ccd +mov edi, dword [ebp - 0x5c] +shr edi, 0x1b +mov eax, edi +and eax, 0x10 +lea ecx, [edi - 0x20] +test al, al +cmovne edi, ecx -loc_fffb67fd: ; not directly referenced -mov esi, dword [ebp - 0x6c] -and eax, 0xff1fffff -mov ebx, dword [edi + 0x2480] -mov dword [ebp - 0x70], 0 -movzx ecx, byte [esi + 0xf3] -mov dword [ebp - 0xb4], ebx -and ecx, 7 -shl ecx, 0x15 -or eax, ecx -mov ecx, eax -and ecx, 0xfffe7e0f -cmp ebx, 3 -cmove eax, ecx -xor ebx, ebx +loc_fffb6ccd: ; not directly referenced +mov eax, edi +movsx ecx, al +add ecx, 0x32 +jmp near loc_fffb6da7 ; jmp 0xfffb6da7 -loc_fffb6837: ; not directly referenced -mov edx, dword [ebp - 0x70] -mov byte [ebp - 0xa9], dl -test dl, dl -jne short loc_fffb6853 ; jne 0xfffb6853 -cmp dword [ebp - 0x84], 0 -jne loc_fffb69bf ; jne 0xfffb69bf -jmp short loc_fffb6860 ; jmp 0xfffb6860 +loc_fffb6cda: ; not directly referenced +cmp byte [ebp - 0x3c], 4 +jne short loc_fffb6ce8 ; jne 0xfffb6ce8 +movsx ecx, bl +jmp near loc_fffb6eef ; jmp 0xfffb6eef -loc_fffb6853: ; not directly referenced -test ebx, ebx -jne loc_fffb69ba ; jne 0xfffb69ba -and eax, 0xff0001ff +loc_fffb6ce8: ; not directly referenced +cmp byte [ebp - 0x3c], 5 +jne short loc_fffb6d03 ; jne 0xfffb6d03 +movsx ax, bl +idiv byte [ebp - 0x76] +movsx eax, al +lea ecx, [eax + eax*4] +add ecx, 0x64 +jmp near loc_fffb6eef ; jmp 0xfffb6eef -loc_fffb6860: ; not directly referenced -mov ecx, dword [ebp - 0x70] -xor esi, esi -movzx ecx, word [ebp + ecx*2 - 0x5c] -mov word [ebp - 0xac], cx -dec ecx -mov dword [ebp - 0xa8], ecx +loc_fffb6d03: ; not directly referenced +xor ecx, ecx -loc_fffb6878: ; not directly referenced -cmp word [ebp - 0xac], si -jbe loc_fffb69bf ; jbe 0xfffb69bf -cmp dword [ebp - 0xb4], 3 -jne loc_fffb6930 ; jne 0xfffb6930 -mov edx, dword [ebp - 0x70] -imul ecx, esi, 0xc -add ecx, dword [ebp + edx*4 - 0x48] -cmp eax, dword [ecx] -jne short loc_fffb6910 ; jne 0xfffb6910 +loc_fffb6d05: ; not directly referenced +cmp byte [ebp - 0x3c], 9 +jne loc_fffb6da7 ; jne 0xfffb6da7 +cmp dword [ebp + 0x18], 0 +je short loc_fffb6d6a ; je 0xfffb6d6a +cmp byte [ebp - 0x68], 3 +ja loc_fffb6a92 ; ja 0xfffb6a92 +mov ecx, dword [ebp - 0x68] +imul eax, dword [ebp - 0x60], 0x13c3 +mov edx, ecx +and edx, 1 +shr ecx, 1 +imul edx, edx, 0x18 +imul ecx, ecx, 0x128 +lea eax, [esi + eax + 0x3757] +add edx, ecx +cmp dword [ebp - 0x64], 0 +je short loc_fffb6d58 ; je 0xfffb6d58 +mov cx, word [eax + edx + 0x1271] +lea edi, [ecx - 1] +and edi, 0xf +jmp short loc_fffb6d70 ; jmp 0xfffb6d70 -loc_fffb68a0: ; not directly referenced -mov bl, byte [ecx + 5] -mov esi, dword [ebp - 0x78] -mov edx, dword [ebp - 0x88] -cmp byte [edi + 0x3755], 1 -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x98] -mov bl, byte [ecx + 6] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x94] -mov bl, byte [ecx + 7] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x8c] -mov bl, byte [ecx + 8] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0xa4] -mov bl, byte [ecx + 9] -mov byte [edx + esi], bl -mov ebx, dword [ebp - 0x90] -mov dl, byte [ecx + 4] -mov byte [ebx + esi], dl -mov bl, byte [ecx + 0xa] -mov cl, byte [ecx + 0xb] -cmove ecx, ebx -mov ebx, dword [ebp - 0x80] -mov byte [ebx + esi], cl -mov bl, byte [ebp - 0x74] -cmp bl, dl -cmovbe edx, ebx -mov bl, dl -jmp near loc_fffb699c ; jmp 0xfffb699c +loc_fffb6d58: ; not directly referenced +mov cx, word [eax + edx + 0x126d] +shr cx, 1 +mov edi, ecx +and edi, 1 +jmp short loc_fffb6d90 ; jmp 0xfffb6d90 -loc_fffb6910: ; not directly referenced -cmp byte [ebp - 0xa9], 1 -jne loc_fffb69b4 ; jne 0xfffb69b4 -mov edx, dword [ebp - 0xa8] -cmp esi, edx -jne loc_fffb69b4 ; jne 0xfffb69b4 -jmp near loc_fffb68a0 ; jmp 0xfffb68a0 +loc_fffb6d6a: ; not directly referenced +cmp dword [ebp - 0x64], 0 +je short loc_fffb6d87 ; je 0xfffb6d87 -loc_fffb6930: ; not directly referenced -mov edx, dword [ebp - 0x70] -imul ecx, esi, 0xb -add ecx, dword [ebp + edx*4 - 0x50] -cmp eax, dword [ecx] -jne short loc_fffb69a1 ; jne 0xfffb69a1 +loc_fffb6d70: ; not directly referenced +mov eax, edi +mov ebx, 7 +cmp al, 6 +mov al, 6 +cmovg edi, eax +mov eax, edi +movsx eax, al +sub ebx, eax +jmp short loc_fffb6d98 ; jmp 0xfffb6d98 -loc_fffb693e: ; not directly referenced -mov bl, byte [ecx + 5] -mov esi, dword [ebp - 0x78] -mov edx, dword [ebp - 0x88] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x98] -mov bl, byte [ecx + 6] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x94] -mov bl, byte [ecx + 7] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x8c] -mov bl, byte [ecx + 8] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0xa4] -mov bl, byte [ecx + 9] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x90] -mov bl, byte [ecx + 4] -mov byte [edx + esi], bl -mov edx, dword [ebp - 0x80] -mov cl, byte [ecx + 0xa] -mov byte [edx + esi], cl -mov cl, byte [ebp - 0x74] -cmp cl, bl -cmova ecx, ebx -mov bl, cl +loc_fffb6d87: ; not directly referenced +mov eax, edi +cmp al, 0xfa +mov al, 0xfb +cmovle edi, eax -loc_fffb699c: ; not directly referenced -mov byte [ebp - 0x74], bl -jmp short loc_fffb69ba ; jmp 0xfffb69ba +loc_fffb6d90: ; not directly referenced +mov eax, edi +movsx ebx, al +add ebx, 6 -loc_fffb69a1: ; not directly referenced -cmp byte [ebp - 0xa9], 1 -jne short loc_fffb69b4 ; jne 0xfffb69b4 -mov edx, dword [ebp - 0xa8] -cmp esi, edx -je short loc_fffb693e ; je 0xfffb693e +loc_fffb6d98: ; not directly referenced +mov eax, 0xf0 +cdq +idiv ebx +mov ecx, eax +jmp near loc_fffb6eef ; jmp 0xfffb6eef -loc_fffb69b4: ; not directly referenced -inc esi -jmp near loc_fffb6878 ; jmp 0xfffb6878 +loc_fffb6da7: ; not directly referenced +cmp byte [ebp - 0x3c], 6 +jne loc_fffb6eef ; jne 0xfffb6eef +mov edx, 0x3918 +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov dl, byte [esi + 0x36e8] +and eax, 3 +cmp dword [esi + 0x36e4], 1 +sbb ebx, ebx +and ebx, 0xfffffffe +add ebx, 6 +cmp dword [esi + 0x188b], 0 +jne loc_fffb6e84 ; jne 0xfffb6e84 +cmp dword [ebp - 0x48], 0x546 +movzx eax, al +seta cl +sub edx, ebx +cmp dl, 4 +mov bl, 4 +cmovle ebx, edx +xor edx, edx +test bl, bl +movzx ecx, cl +cmovns edx, ebx +cmp dword [esi + 0x1887], 0x40650 +jne short loc_fffb6e29 ; jne 0xfffb6e29 +cmp dl, 2 +mov bl, 2 +cmovle ebx, edx +movsx ebx, bl +lea ecx, [ecx + ecx*2] +add ecx, ebx +movzx ebx, byte [eax + ecx*4 + ref_fffd35c4] ; movzx ebx, byte [eax + ecx*4 - 0x2ca3c] +jmp short loc_fffb6e39 ; jmp 0xfffb6e39 -loc_fffb69ba: ; not directly referenced -mov ebx, 1 +loc_fffb6e29: ; not directly referenced +movsx edx, dl +lea ecx, [ecx + ecx*4] +add edx, ecx +movzx ebx, byte [eax + edx*4 + ref_fffd359c] ; movzx ebx, byte [eax + edx*4 - 0x2ca64] -loc_fffb69bf: ; not directly referenced -inc dword [ebp - 0x70] -cmp dword [ebp - 0x70], 2 -jne loc_fffb6837 ; jne 0xfffb6837 +loc_fffb6e39: ; not directly referenced +imul eax, dword [ebp - 0x48], 0x4b0 +mov ecx, 0x3e8 +xor edx, edx +div ecx +xor edx, edx +add eax, 0x520 +div ecx +cmp dword [ebp + 0x18], 0 +mov ecx, eax +je short loc_fffb6e70 ; je 0xfffb6e70 +movzx eax, byte [ebp - 0x6c] +mov edi, dword [ebp - 0x44] +movzx edi, byte [edi + eax*4 + 5] +mov eax, edi +shr al, 2 +mov edi, eax +and edi, 7 -loc_fffb69cc: ; not directly referenced -inc dword [ebp - 0x78] -add dword [ebp - 0x6c], 0x128 -cmp dword [ebp - 0x78], 2 -jne loc_fffb66d2 ; jne 0xfffb66d2 +loc_fffb6e70: ; not directly referenced +mov eax, edi +movzx ebx, byte [ebp + ebx - 0x30] +movsx eax, al +movzx eax, byte [ebp + eax - 0x30] +imul eax, ecx +jmp short loc_fffb6ee8 ; jmp 0xfffb6ee8 -loc_fffb69e0: ; not directly referenced -add dword [ebp - 0x80], 2 -add dword [ebp - 0x7c], 0x13c3 -add dword [ebp - 0x88], 4 -add dword [ebp - 0x98], 4 -add dword [ebp - 0x94], 4 -add dword [ebp - 0x8c], 4 -add dword [ebp - 0xa4], 4 -add dword [ebp - 0x90], 2 -lea eax, [ebp - 0x50] -cmp dword [ebp - 0x80], eax -jne loc_fffb66b8 ; jne 0xfffb66b8 -lea eax, [ebp - 0x58] -mov esi, 0x42f8 -mov dword [ebp - 0x8c], eax -lea eax, [ebp - 0x20] -mov dword [ebp - 0x7c], eax -lea eax, [ebp - 0x28] -mov dword [ebp - 0x84], eax -lea eax, [ebp - 0x30] -mov dword [ebp - 0x80], eax -lea eax, [ebp - 0x38] -mov dword [ebp - 0x88], eax -lea eax, [ebp - 0x40] -mov dword [ebp - 0x70], edi -lea ebx, [ebp - 0x54] -mov dword [ebp - 0x78], eax +loc_fffb6e84: ; not directly referenced +imul eax, dword [ebp - 0x48], 0x5fa +xor edx, edx +mov ecx, 0x3e8 +div ecx +cmp dword [ebp + 0x18], 0 +lea edx, [eax + 0x4cc] +je short loc_fffb6ebf ; je 0xfffb6ebf +movzx eax, byte [ebp - 0x6c] +mov ecx, dword [ebp - 0x44] +movzx edi, byte [ecx + eax*4 + 5] +mov ebx, edi +shr bl, 2 +mov edi, ebx +mov bl, byte [ecx + eax*4 + 0x2b] +and edi, 7 +shr bl, 2 +jmp short loc_fffb6ec8 ; jmp 0xfffb6ec8 -loc_fffb6a59: ; not directly referenced -mov eax, dword [ebp - 0x70] -cmp dword [eax + 0x3756], 2 -jne loc_fffb6bc1 ; jne 0xfffb6bc1 -xor eax, eax +loc_fffb6ebf: ; not directly referenced +mov eax, edi +mov ebx, edi +shr al, 3 +mov edi, eax -loc_fffb6a6b: ; not directly referenced -imul edx, eax, 0x128 -mov ecx, dword [ebp - 0x70] -cmp dword [ecx + edx + 0x48c9], 2 -jne loc_fffb6b29 ; jne 0xfffb6b29 -mov ecx, dword [ebp - 0x8c] -mov cl, byte [ecx + eax] -sub cl, byte [ebp - 0x74] -mov byte [ebp - 0x6c], cl -je loc_fffb6b29 ; je 0xfffb6b29 -mov ecx, dword [ebp - 0x78] -movzx edx, byte [ecx + eax] -mov dword [ebp - 0x90], ecx -mov cl, byte [ebp - 0x6c] -inc edx -sar edx, cl -mov ecx, dword [ebp - 0x90] -mov byte [ecx + eax], dl -mov ecx, dword [ebp - 0x88] -movzx edx, byte [ecx + eax] -mov dword [ebp - 0x90], ecx -mov cl, byte [ebp - 0x6c] -inc edx -sar edx, cl -mov ecx, dword [ebp - 0x90] -mov byte [ecx + eax], dl -mov ecx, dword [ebp - 0x80] -movzx edx, byte [ecx + eax] -mov dword [ebp - 0x90], ecx -mov cl, byte [ebp - 0x6c] -inc edx -sar edx, cl -mov ecx, dword [ebp - 0x90] -mov byte [ecx + eax], dl -mov ecx, dword [ebp - 0x84] -movzx edx, byte [ecx + eax] -mov dword [ebp - 0x90], ecx -mov cl, byte [ebp - 0x6c] -inc edx -sar edx, cl -mov ecx, dword [ebp - 0x90] -mov byte [ecx + eax], dl -mov ecx, dword [ebp - 0x7c] -movzx edx, byte [ecx + eax] -mov dword [ebp - 0x90], ecx -mov cl, byte [ebp - 0x6c] -inc edx -sar edx, cl -mov ecx, dword [ebp - 0x90] -mov byte [ecx + eax], dl +loc_fffb6ec8: ; not directly referenced +and ebx, 7 +mov eax, edi +movzx ebx, bl +movsx eax, al +movzx ecx, byte [ebp + ebx - 0x20] +mov ebx, 0x2710 +movzx eax, byte [ebp + eax - 0x28] +imul eax, ecx +imul eax, edx -loc_fffb6b29: ; not directly referenced -inc eax -cmp eax, 2 -jne loc_fffb6a6b ; jne 0xfffb6a6b -mov eax, dword [ebp - 0x70] -cmp dword [eax + 0x3816], 1 -ja short loc_fffb6b4b ; ja 0xfffb6b4b -mov al, byte [ebx] -mov dl, byte [ebx + 1] -cmp dl, al -cmovae eax, edx -jmp short loc_fffb6b6a ; jmp 0xfffb6b6a +loc_fffb6ee8: ; not directly referenced +xor edx, edx +div ebx +movzx ecx, ax -loc_fffb6b4b: ; not directly referenced -movzx edx, byte [ebx] -movzx eax, byte [ebx + 1] -cmp dl, al -je short loc_fffb6b71 ; je 0xfffb6b71 -lea eax, [edx + eax + 1] -sar eax, 1 -cmp al, 0xf7 -ja short loc_fffb6b6e ; ja 0xfffb6b6e -test al, 7 -je short loc_fffb6b6a ; je 0xfffb6b6a -and eax, 0xfffffff8 -add eax, 8 +loc_fffb6eef: ; not directly referenced +mov eax, dword [ebp - 0x3c] +cmp al, 0xa +sete bl +cmp al, 0xc +sete al +mov byte [ebp - 0x64], al +or al, bl +mov byte [ebp - 0x5c], bl +jne short loc_fffb6f12 ; jne 0xfffb6f12 +cmp byte [ebp - 0x3c], 0xf +jne loc_fffb70b5 ; jne 0xfffb70b5 +jmp short loc_fffb6f39 ; jmp 0xfffb6f39 -loc_fffb6b6a: ; not directly referenced -mov byte [ebx], al -jmp short loc_fffb6b71 ; jmp 0xfffb6b71 +loc_fffb6f12: ; not directly referenced +cmp byte [ebp - 0x3c], 0xf +je short loc_fffb6f39 ; je 0xfffb6f39 +mov eax, dword [ebp - 0x58] +cmp dword [ebp - 0x4c], 0 +mov ecx, dword [eax + 0xc] +je short loc_fffb6f29 ; je 0xfffb6f29 +shr ecx, 0x18 +jmp short loc_fffb6f2c ; jmp 0xfffb6f2c -loc_fffb6b6e: ; not directly referenced -mov byte [ebx], 0xf8 +loc_fffb6f29: ; not directly referenced +shr ecx, 0x14 -loc_fffb6b71: ; not directly referenced -mov eax, dword [ebp - 0x78] -mov edx, esi -mov ecx, dword [eax] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x88] -lea edx, [esi + 4] -mov ecx, dword [eax] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x80] -lea edx, [esi - 4] -mov ecx, dword [eax] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x84] -lea edx, [esi - 8] -mov ecx, dword [eax] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x7c] -lea edx, [esi - 0xc] -mov ecx, dword [eax] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffb6f2c: ; not directly referenced +and ecx, 0xf +test cl, 8 +je short loc_fffb6f3b ; je 0xfffb6f3b +sub ecx, 0x10 +jmp short loc_fffb6f3b ; jmp 0xfffb6f3b -loc_fffb6bc1: ; not directly referenced -add esi, 0x400 -add ebx, 2 -add dword [ebp - 0x70], 0x13c3 -add dword [ebp - 0x78], 4 -add dword [ebp - 0x88], 4 -add dword [ebp - 0x80], 4 -add dword [ebp - 0x84], 4 -add dword [ebp - 0x7c], 4 -add dword [ebp - 0x8c], 2 -cmp esi, 0x4af8 -jne loc_fffb6a59 ; jne 0xfffb6a59 -mov eax, dword [ebp - 0xb8] -mov edx, 0x5888 -mov al, byte [ebp - 0x54] -mov ebx, eax -mov al, byte [ebp - 0x52] -mov bh, al -mov eax, edi -mov ecx, ebx -call fcn_fffae58c ; call 0xfffae58c -movzx ecx, byte [ebp - 0x74] -mov edx, 0x5884 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffb6c2c: ; not directly referenced -cmp dword [edi + 0x188b], 1 -jne loc_fffb6efc ; jne 0xfffb6efc -movzx eax, byte [edi + 0x2420] -mov byte [ebp - 0x6c], al -test al, al -je loc_fffb6eb3 ; je 0xfffb6eb3 -mov esi, dword [edi + 0x2443] -cmp al, 4 -ja loc_fffb6ded ; ja 0xfffb6ded -shl eax, 3 -push edx -push eax -lea eax, [edi + 0x2421] -push eax -lea eax, [edi + 0x36a9] -push eax -call dword [esi + 0x58] ; ucall -mov cl, byte [ebp - 0x6c] -mov eax, 1 -add esp, 0x10 -shl eax, cl -dec eax -mov byte [ebp - 0x70], al -xor eax, eax - -loc_fffb6c82: ; not directly referenced -and dword [edi + eax*8 + 0x36a9], 0xffffffc0 -and dword [edi + eax*8 + 0x36ad], 0x7f -inc eax -cmp byte [ebp - 0x6c], al -ja short loc_fffb6c82 ; ja 0xfffb6c82 -mov al, byte [ebp - 0x6c] -xor ecx, ecx -mov byte [ebp - 0x74], 0 -dec eax -mov byte [ebp - 0x78], al - -loc_fffb6ca5: ; not directly referenced -cmp cl, byte [ebp - 0x78] -jae short loc_fffb6d06 ; jae 0xfffb6d06 -lea eax, [ecx + 1] -mov byte [ebp - 0x7c], al - -loc_fffb6cb0: ; not directly referenced -cmp al, byte [ebp - 0x6c] -jae short loc_fffb6d00 ; jae 0xfffb6d00 -lea esi, [ecx + 0x24a] -movzx ebx, al -mov edx, dword [edi + esi*8 + 0x2459] -add ebx, 0x24a -mov dword [ebp - 0x80], edx -mov edx, dword [edi + ebx*8 + 0x245d] -cmp dword [edi + esi*8 + 0x245d], edx -jne short loc_fffb6cfd ; jne 0xfffb6cfd -mov esi, dword [ebp - 0x80] -cmp esi, dword [edi + ebx*8 + 0x2459] -jne short loc_fffb6cfd ; jne 0xfffb6cfd -mov eax, 1 -shl eax, cl -mov ecx, eax -not ecx -inc byte [ebp - 0x74] -and byte [ebp - 0x70], cl -jmp short loc_fffb6d00 ; jmp 0xfffb6d00 - -loc_fffb6cfd: ; not directly referenced -inc eax -jmp short loc_fffb6cb0 ; jmp 0xfffb6cb0 - -loc_fffb6d00: ; not directly referenced -movzx ecx, byte [ebp - 0x7c] -jmp short loc_fffb6ca5 ; jmp 0xfffb6ca5 - -loc_fffb6d06: ; not directly referenced -xor ebx, ebx +loc_fffb6f39: ; not directly referenced +mov ecx, edi -loc_fffb6d08: ; not directly referenced -movzx eax, byte [ebp - 0x70] -bt eax, ebx -jae short loc_fffb6d6a ; jae 0xfffb6d6a -push esi -mov eax, dword [edi + 0x2443] -push 0x14 -push dword [edi + ebx*8 + 0x36ad] -push dword [edi + ebx*8 + 0x36a9] -call dword [eax + 0x6c] ; ucall -mov ecx, dword [edi + 0x370d] -add esp, 0x10 -mov dword [ebp - 0x7c], ecx -mov esi, edx -mov edx, dword [edi + 0x36f0] -cmp esi, 0 -ja short loc_fffb6d48 ; ja 0xfffb6d48 -cmp eax, edx -jb short loc_fffb6d6a ; jb 0xfffb6d6a +loc_fffb6f3b: ; not directly referenced +movsx ecx, cl +xor edx, edx +add ecx, 0x20 +mov eax, 0x1900 +div ecx +sub eax, 0x64 +cmp dword [ebp + 0x18], 0 +mov dword [ebp - 0x58], eax +setne bl +cmp byte [ebp - 0x3c], 0xf +sete al +xor edx, edx +mov byte [ebp - 0x68], al +or al, bl +je short loc_fffb6fd8 ; je 0xfffb6fd8 +cmp dword [ebp - 0x4c], 0 +je short loc_fffb6f81 ; je 0xfffb6f81 +mov edx, 0x3a0c +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov edi, dword [ebp - 0x44] +mov edx, dword [edi + 0x50] +jmp short loc_fffb6f93 ; jmp 0xfffb6f93 -loc_fffb6d48: ; not directly referenced -cmp esi, 0 -ja short loc_fffb6d58 ; ja 0xfffb6d58 -cmp eax, 0xfff -jbe loc_fffb6ebc ; jbe 0xfffb6ebc +loc_fffb6f81: ; not directly referenced +mov edx, 0x3a08 +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov edi, dword [ebp - 0x44] +mov edx, dword [edi + 0x4c] -loc_fffb6d58: ; not directly referenced -cmp esi, 0 -ja loc_fffb6ebc ; ja 0xfffb6ebc -cmp eax, dword [ebp - 0x7c] -jae loc_fffb6ebc ; jae 0xfffb6ebc +loc_fffb6f93: ; not directly referenced +shr edx, 9 +shr eax, 0xc +mov edi, edx +and eax, 0x3f +and edi, 0xf +mov byte [ebp - 0x40], al +test edi, 8 +je short loc_fffb6faf ; je 0xfffb6faf +sub edi, 0x10 -loc_fffb6d6a: ; not directly referenced -inc ebx -cmp byte [ebp - 0x6c], bl -ja short loc_fffb6d08 ; ja 0xfffb6d08 -mov esi, dword [ebp - 0x74] -mov al, byte [ebp - 0x6c] -mov ebx, esi -sub eax, ebx -mov byte [edi + 0x36a8], al +loc_fffb6faf: ; not directly referenced +xor edx, edx test bl, bl -je loc_fffb6efc ; je 0xfffb6efc -test al, al -je loc_fffb6efc ; je 0xfffb6efc -xor eax, eax - -loc_fffb6d92: ; not directly referenced -mov dl, al -cmp al, byte [ebp - 0x78] -jae loc_fffb6efc ; jae 0xfffb6efc -movzx esi, byte [ebp - 0x70] -bt esi, eax -jb short loc_fffb6dea ; jb 0xfffb6dea - -loc_fffb6da6: ; not directly referenced -inc edx -cmp dl, byte [ebp - 0x6c] -jae short loc_fffb6dea ; jae 0xfffb6dea -bt esi, edx -movzx ecx, dl -jae short loc_fffb6da6 ; jae 0xfffb6da6 -mov esi, dword [edi + ecx*8 + 0x36ad] -mov edx, 1 -mov ebx, dword [edi + ecx*8 + 0x36a9] -shl edx, cl -mov cl, al -not edx -mov dword [edi + eax*8 + 0x36ad], esi -mov esi, 1 -shl esi, cl -mov ecx, esi -or byte [ebp - 0x70], cl -and byte [ebp - 0x70], dl -mov dword [edi + eax*8 + 0x36a9], ebx - -loc_fffb6dea: ; not directly referenced -inc eax -jmp short loc_fffb6d92 ; jmp 0xfffb6d92 +je short loc_fffb6fd8 ; je 0xfffb6fd8 +cmp byte [ebp - 0x64], 0 +je short loc_fffb6fd8 ; je 0xfffb6fd8 +mov edx, dword [ebp - 0x60] +mov eax, esi +shl edx, 8 +add edx, 0x140c +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +shr eax, 0xd +mov edi, eax +and edi, 3 -loc_fffb6ded: ; not directly referenced -mov al, byte [ebp - 0x6c] -mov bl, 4 -sub eax, 4 -cmp al, 4 -cmovbe ebx, eax -mov eax, dword [edi + 0x370d] +loc_fffb6fd8: ; not directly referenced +movsx ecx, byte [ebp - 0x40] +mov eax, dword [ebp - 0x58] +mov bl, byte [ebp - 0x68] +add ecx, 0xc +imul eax, ecx +or bl, byte [ebp - 0x5c] +mov ebx, edi +movsx ebx, bl +je short loc_fffb701b ; je 0xfffb701b +add ecx, ebx xor edx, edx -mov byte [edi + 0x36a8], bl -push ecx -push 0x14 -push edx -push eax -mov byte [ebp - 0x70], bl -call dword [esi + 0x68] ; ucall -add eax, 0xffffffff -adc edx, 0xffffffff -add esp, 0xc -push 0x20 +mov esi, dword [ebp - 0x50] +div ecx +xor edx, edx +mov ecx, 5 +div ecx mov ebx, eax -push edx -and ebx, 0xffffffc0 -push eax -mov dword [ebp - 0x74], ebx -call dword [esi + 0x6c] ; ucall -add esp, 0x10 -mov dword [ebp - 0x6c], 0 -mov dword [ebp - 0x78], eax +mov eax, dword [ebp + 0x1c] +add esi, ebx +mov dword [eax], ebx +mov eax, dword [ebp - 0x54] +add eax, ebx +cmp dword [ebp - 0x4c], 0 +cmovne esi, eax +jmp short loc_fffb703b ; jmp 0xfffb703b -loc_fffb6e38: ; not directly referenced -mov ebx, dword [esi + 0x68] -call dword [esi + 0x7c] ; ucall -and eax, dword [ebp - 0x78] -push edx +loc_fffb701b: ; not directly referenced +movsx edx, dl +mov esi, dword [ebp - 0x50] +add ecx, edx xor edx, edx -push 0x20 -push edx -push eax -call ebx +div ecx +mov ecx, 5 +sub ecx, ebx +xor edx, edx +div ecx mov ebx, eax -mov dword [ebp - 0x7c], edx -call dword [esi + 0x7c] ; ucall -mov edx, dword [ebp - 0x7c] -add esp, 0xc -and eax, dword [ebp - 0x74] -mov dword [ebp - 0x9c], edx -or eax, ebx -mov dword [ebp - 0xa0], eax -mov eax, dword [edi + 0x2443] -push 0x14 -push dword [ebp - 0x9c] -push dword [ebp - 0xa0] -call dword [eax + 0x6c] ; ucall -mov ebx, dword [edi + 0x370d] -mov ecx, dword [edi + 0x36f0] -add esp, 0x10 -mov dword [ebp - 0x7c], ebx -cmp edx, 0 -ja short loc_fffb6e9b ; ja 0xfffb6e9b -cmp eax, ecx -jb short loc_fffb6ed0 ; jb 0xfffb6ed0 - -loc_fffb6e9b: ; not directly referenced -cmp edx, 0 -ja short loc_fffb6ea7 ; ja 0xfffb6ea7 -cmp eax, 0xfff -jbe short loc_fffb6e38 ; jbe 0xfffb6e38 +add esi, eax +mov eax, dword [ebp + 0x1c] +mov dword [eax], ebx -loc_fffb6ea7: ; not directly referenced -cmp edx, 0 -ja short loc_fffb6e38 ; ja 0xfffb6e38 -cmp eax, dword [ebp - 0x7c] -jb short loc_fffb6ed0 ; jb 0xfffb6ed0 -jmp short loc_fffb6e38 ; jmp 0xfffb6e38 +loc_fffb703b: ; not directly referenced +imul eax, dword [ebp - 0x48], 0x3e8 +add esi, esi +xor edx, edx +div esi +mov esi, 0x3e8 +xor edx, edx +mov ecx, eax +div esi +movzx esi, byte [ebp - 0x75] +xor edx, edx +mov dword [ebp - 0x40], esi +mov esi, eax +imul esi, eax +mov dword [ebp - 0x50], eax +mov eax, esi +mov esi, 0x64 +imul eax, ebx +imul ebx, dword [ebp - 0x50] +div esi +xor edx, edx +imul eax, dword [ebp - 0x40] +div esi +mov edx, dword [ebp + 0x1c] +mov dword [edx + 4], eax +mov eax, dword [ebp - 0x48] +xor edx, edx +sub eax, ebx +sub eax, ebx +mov ebx, 0x3e8 +imul eax, eax +div ebx +mov bx, 0x2710 +xor edx, edx +imul eax, eax, 0xd2f0 +div ebx +xor edx, edx +div esi +xor edx, edx +imul eax, dword [ebp - 0x40] +div esi +mov esi, dword [ebp + 0x1c] +mov dword [esi + 8], eax -loc_fffb6eb3: ; not directly referenced -mov byte [edi + 0x36a8], 0 -jmp short loc_fffb6efc ; jmp 0xfffb6efc +loc_fffb70b5: ; not directly referenced +cmp byte [ebp - 0x3c], 0xb +mov eax, ecx +jne short loc_fffb70f8 ; jne 0xfffb70f8 +cmp dword [ebp + 0x18], 0 +je short loc_fffb70f0 ; je 0xfffb70f0 +mov eax, dword [ebp - 0x44] +mov eax, dword [eax + 0x4c] +mov dword [ebp - 0x3c], eax +mov cl, byte [ebp - 0x3c] +and ecx, 0x1f +cmp dword [ebp - 0x4c], 0 +mov edi, ecx +je short loc_fffb70e5 ; je 0xfffb70e5 +mov eax, dword [ebp - 0x44] +mov ecx, dword [eax + 0x50] +mov edi, ecx +and edi, 0x1f -loc_fffb6ebc: ; not directly referenced -mov eax, 0xfffffffe -mov cl, bl -rol eax, cl -inc byte [ebp - 0x74] -and byte [ebp - 0x70], al -jmp near loc_fffb6d6a ; jmp 0xfffb6d6a +loc_fffb70e5: ; not directly referenced +test edi, 0x10 +je short loc_fffb70f0 ; je 0xfffb70f0 +sub edi, 0x20 -loc_fffb6ed0: ; not directly referenced -mov ebx, dword [ebp - 0x6c] -mov eax, dword [ebp - 0xa0] -mov edx, dword [ebp - 0x9c] -inc dword [ebp - 0x6c] -mov dword [edi + ebx*8 + 0x36a9], eax -mov al, byte [ebp - 0x6c] -mov dword [edi + ebx*8 + 0x36ad], edx -cmp byte [ebp - 0x70], al -ja loc_fffb6e38 ; ja 0xfffb6e38 +loc_fffb70f0: ; not directly referenced +mov eax, edi +movsx eax, al +add eax, 0x32 -loc_fffb6efc: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax +loc_fffb70f8: ; not directly referenced +add esp, 0x6c pop ebx pop esi pop edi pop ebp ret -fcn_fffb6f06: ; not directly referenced +fcn_fffb7100: ; not directly referenced push ebp -mov eax, 0x80000002 mov ebp, esp push edi +mov edi, edx push esi push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 0x20] -mov ecx, dword [ebp + 0x10] -mov esi, dword [ebp + 0x14] -mov edi, dword [ebp + 0x18] -test ebx, ebx -je loc_fffb6fca ; je 0xfffb6fca -cmp ecx, 0xb -ja loc_fffb6fca ; ja 0xfffb6fca -push eax +mov ebx, eax +sub esp, 0x8c +mov eax, dword [eax + 0x188b] +mov byte [ebp - 0x2a], 0 +mov byte [ebp - 0x29], 0x3c +mov byte [ebp - 0x28], 0x78 +cmp eax, 1 +mov dword [ebp - 0x8c], eax +sbb eax, eax +mov dword [ebp - 0x88], eax +and word [ebp - 0x88], 0xfc19 +add word [ebp - 0x88], 0x3e8 +mov byte [ebp - 0x27], 0x28 +mov byte [ebp - 0x26], 0x14 +mov byte [ebp - 0x25], 0x1e +mov byte [ebp - 0x35], 0 +mov byte [ebp - 0x34], 0x3c +mov byte [ebp - 0x33], 0x78 +mov byte [ebp - 0x32], 0 +mov byte [ebp - 0x31], 0x22 +mov byte [ebp - 0x30], 0x28 +mov byte [ebp - 0x2f], 0x30 +mov byte [ebp - 0x2e], 0 +mov byte [ebp - 0x2d], 0 +mov byte [ebp - 0x2c], 0x78 +mov byte [ebp - 0x2b], 0xf0 +mov dword [ebp - 0x48], ebx +mov dword [ebp - 0x3c], 0 +mov dword [ebp - 0x44], 0 +mov dword [ebp - 0x50], 0 +mov dword [ebp - 0x6c], 0 +mov byte [ebp - 0x76], 0 + +loc_fffb71a0: ; not directly referenced +mov eax, dword [ebp - 0x48] +mov esi, edi +mov dword [ebp - 0x54], 0 +mov word [ebp - 0x4a], 0 +mov word [ebp - 0x56], 0 +add eax, 0x3757 +mov word [ebp - 0x4c], 0 +mov dword [ebp - 0x70], 0 +mov dword [ebp - 0x94], eax + +loc_fffb71d0: ; not directly referenced +mov ecx, dword [ebp - 0x48] +mov al, byte [ebp - 0x54] +mov edx, dword [ecx + 0x3817] +mov cl, al +mov dword [ebp - 0x90], edx +mov edx, 1 +shl edx, cl +mov ecx, dword [ebp - 0x48] +test byte [ecx + 0x381b], dl +je loc_fffb74ec ; je 0xfffb74ec +cmp dword [ebx + 0x2481], 3 +jne short loc_fffb7243 ; jne 0xfffb7243 +cmp al, 1 +ja loc_fffb7577 ; ja 0xfffb7577 +imul eax, dword [ebp - 0x54], 0x18 +mov word [ebp - 0x40], 0x3fff +mov dx, word [ecx + eax + 0x49c8] +and edx, 3 +mov cl, byte [ebp + edx - 0x32] +mov byte [ebp - 0x75], cl +mov ecx, dword [ebp - 0x48] +mov ax, word [ecx + eax + 0x49d0] +and eax, 3 +movzx eax, byte [ebp + eax - 0x2e] +mov word [ebp - 0x68], ax +jmp near loc_fffb72c9 ; jmp 0xfffb72c9 + +loc_fffb7243: ; not directly referenced +mov dl, al +and eax, 1 +shr dl, 1 +movzx edx, dl +imul edx, edx, 0x128 +imul eax, eax, 0x18 +add eax, edx +add eax, dword [ebp - 0x94] +mov cx, word [eax + 0x126d] +mov ax, word [eax + 0x126f] +mov word [ebp - 0x68], ax +mov eax, ecx +shr ax, 1 +and eax, 1 +add eax, 6 +mov dword [ebp - 0x40], eax +mov eax, 0xf0 +cdq +idiv dword [ebp - 0x40] mov edx, ecx -push dword [ebp + 0x1c] -xor eax, eax -mov dword [ebp - 0x1c], ecx -push edi -push esi -call fcn_fffac5c7 ; call 0xfffac5c7 -add esp, 0x10 -mov ecx, dword [ebp - 0x1c] -test eax, eax -js short loc_fffb6fca ; js 0xfffb6fca -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x1e], al +shr dx, 6 +and edx, 1 +add edx, edx +shr word [ebp - 0x68], 9 +mov byte [ebp - 0x75], al mov eax, ecx +shr ax, 9 +and eax, 1 +shl eax, 2 +shr cx, 2 +or eax, edx +and ecx, 1 +or eax, ecx +movzx eax, byte [ebp + eax - 0x2a] +mov word [ebp - 0x40], ax +mov eax, dword [ebp - 0x68] and eax, 3 -mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] -dec eax -test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] -sete byte [ebp - 0x1d] -mov dword [ebp - 0x28], eax +movzx eax, byte [ebp + eax - 0x35] +mov word [ebp - 0x68], ax -loc_fffb6f7d: ; not directly referenced -cmp dword [ebp + 0x1c], 0 -je short loc_fffb6fc8 ; je 0xfffb6fc8 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffb6f90 ; jne 0xfffb6f90 -mov al, byte [ebx] -mov edx, esi -out dx, al -jmp short loc_fffb6fb7 ; jmp 0xfffb6fb7 +loc_fffb72c9: ; not directly referenced +cmp dword [ebp - 0x70], 0 +jne loc_fffb744e ; jne 0xfffb744e +mov byte [ebp - 0x70], 0 -loc_fffb6f90: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffb6fa4 ; jne 0xfffb6fa4 -movzx eax, word [ebx] +loc_fffb72d7: ; not directly referenced +movzx ecx, byte [ebx + 0x2489] +cmp byte [ebp - 0x70], cl +jae short loc_fffb735b ; jae 0xfffb735b push edx +movzx eax, byte [ebp - 0x70] +xor ecx, ecx push edx +mov edx, dword [ebp - 0x3c] +push 0 +push 1 +push 0 +push 0 +push 0 push eax -push esi -call fcn_fffb3f28 ; call 0xfffb3f28 -jmp short loc_fffb6fb4 ; jmp 0xfffb6fb4 +mov dword [ebp - 0x74], eax +mov eax, ebx +call fcn_fffb6980 ; call 0xfffb6980 +add esp, 0x18 +mov edx, dword [ebp - 0x3c] +push 0 +xor ecx, ecx +push 1 +push 0 +push 0 +push 1 +push dword [ebp - 0x74] +add word [ebp - 0x56], ax +mov eax, ebx +call fcn_fffb6980 ; call 0xfffb6980 +add esp, 0x18 +mov edx, dword [ebp - 0x3c] +push 0 +xor ecx, ecx +push 1 +push 0 +push 0 +push 6 +push dword [ebp - 0x74] +add word [ebp - 0x4c], ax +mov eax, ebx +call fcn_fffb6980 ; call 0xfffb6980 +xor edx, edx +add esp, 0x20 +inc byte [ebp - 0x70] +div word [ebp - 0x88] +add word [ebp - 0x4a], ax +jmp near loc_fffb72d7 ; jmp 0xfffb72d7 -loc_fffb6fa4: ; not directly referenced -cmp dword [ebp - 0x1c], 2 -jne short loc_fffb6fb7 ; jne 0xfffb6fb7 +loc_fffb735b: ; not directly referenced +movzx eax, word [ebp - 0x56] +mov dword [ebp - 0x70], 1 +cdq +idiv ecx +mov word [ebp - 0x56], ax +movzx eax, word [ebp - 0x4c] +cdq +idiv ecx +mov word [ebp - 0x4c], ax +movzx eax, word [ebp - 0x4a] +cdq +idiv ecx +cmp dword [ebp - 0x8c], 1 +mov word [ebp - 0x4a], ax +jne loc_fffb744e ; jne 0xfffb744e push eax +mov edx, dword [ebp - 0x3c] +xor ecx, ecx push eax -push dword [ebx] -push esi -call fcn_fffaafda ; call 0xfffaafda - -loc_fffb6fb4: ; not directly referenced -add esp, 0x10 - -loc_fffb6fb7: ; not directly referenced -movzx eax, byte [ebp - 0x1e] -add esi, dword [ebp - 0x28] -adc edi, dword [ebp - 0x24] -dec dword [ebp + 0x1c] -add ebx, eax -jmp short loc_fffb6f7d ; jmp 0xfffb6f7d - -loc_fffb6fc8: ; not directly referenced -xor eax, eax - -loc_fffb6fca: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb6fd2: ; not directly referenced -push ebp -mov eax, 0x80000002 -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 0x20] -mov ecx, dword [ebp + 0x10] -mov esi, dword [ebp + 0x14] -mov edi, dword [ebp + 0x18] -test ebx, ebx -je loc_fffb7097 ; je 0xfffb7097 -cmp ecx, 0xb -ja loc_fffb7097 ; ja 0xfffb7097 -push eax -mov edx, ecx -push dword [ebp + 0x1c] -xor eax, eax -mov dword [ebp - 0x1c], ecx -push edi -push esi -call fcn_fffac5c7 ; call 0xfffac5c7 -add esp, 0x10 -mov ecx, dword [ebp - 0x1c] -test eax, eax -js short loc_fffb7097 ; js 0xfffb7097 -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x1e], al -mov eax, ecx -and eax, 3 -mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] -dec eax -test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] -sete byte [ebp - 0x1d] -mov dword [ebp - 0x28], eax - -loc_fffb7049: ; not directly referenced -cmp dword [ebp + 0x1c], 0 -je short loc_fffb7095 ; je 0xfffb7095 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffb705c ; jne 0xfffb705c -mov edx, esi -in al, dx -mov byte [ebx], al -jmp short loc_fffb7084 ; jmp 0xfffb7084 - -loc_fffb705c: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffb7070 ; jne 0xfffb7070 -sub esp, 0xc -push esi -call fcn_fffb3f0f ; call 0xfffb3f0f -mov word [ebx], ax -jmp short loc_fffb7081 ; jmp 0xfffb7081 - -loc_fffb7070: ; not directly referenced -cmp dword [ebp - 0x1c], 2 -jne short loc_fffb7084 ; jne 0xfffb7084 -sub esp, 0xc -push esi -call fcn_fffaafc2 ; call 0xfffaafc2 -mov dword [ebx], eax - -loc_fffb7081: ; not directly referenced -add esp, 0x10 - -loc_fffb7084: ; not directly referenced -movzx eax, byte [ebp - 0x1e] -add esi, dword [ebp - 0x28] -adc edi, dword [ebp - 0x24] -dec dword [ebp + 0x1c] -add ebx, eax -jmp short loc_fffb7049 ; jmp 0xfffb7049 - -loc_fffb7095: ; not directly referenced -xor eax, eax - -loc_fffb7097: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb709f: ; not directly referenced -push ebp -mov ebp, esp -sub esp, 8 -mov edx, dword [0xff7d77b0] -mov eax, dword [ebp + 0xc] -add eax, 3 -and eax, 0xfffffffc -test edx, edx -jne short loc_fffb70c4 ; jne 0xfffb70c4 -mov dword [0xff7d77ac], 0xff7d027c -jmp short loc_fffb70ea ; jmp 0xfffb70ea - -loc_fffb70c4: ; not directly referenced -mov ecx, dword [0xff7d77ac] -cmp dword [ecx + edx], 0x900ddea1 -je short loc_fffb70ea ; je 0xfffb70ea -push eax -push 0x3d -push ref_fffd3fbc ; push 0xfffd3fbc -push ref_fffd5fdd ; push 0xfffd5fdd -call mrc_printk ; call 0xfffb76e3 -add esp, 0x10 - -loc_fffb70e8: ; not directly referenced -jmp short loc_fffb70e8 ; jmp 0xfffb70e8 - -loc_fffb70ea: ; not directly referenced -lea ecx, [eax + edx] -cmp ecx, 0x752c -jbe short loc_fffb710c ; jbe 0xfffb710c -push eax -push 0x4b -push ref_fffd3fbc ; push 0xfffd3fbc -push ref_fffd5ffd ; push 0xfffd5ffd -call mrc_printk ; call 0xfffb76e3 -add esp, 0x10 - -loc_fffb710a: ; not directly referenced -jmp short loc_fffb710a ; jmp 0xfffb710a - -loc_fffb710c: ; not directly referenced -mov eax, dword [0xff7d77ac] -mov dword [0xff7d77b0], ecx -mov dword [eax + ecx], 0x900ddea1 -mov ecx, dword [ebp + 0x10] -add edx, eax -xor eax, eax -mov dword [ecx], edx -leave -ret - -fcn_fffb7129: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2c -mov dword [ebp - 0x30], edx -mov dword [ebp - 0x1c], 0 -call fcn_fffb481e ; call 0xfffb481e -mov dword [ebp - 0x2c], eax -lea eax, [ebp - 0x1c] +lea eax, [ebp - 0x24] push eax +movzx eax, byte [ebx + 0x2489] +push 1 push 0 push 0 -push ref_fffd664c ; push 0xfffd664c -call fcn_fffab40f ; call 0xfffab40f -mov eax, dword [0xff7d0084] -mov esi, dword [eax + 0x14] -lea edi, [esi + 0xf80ac] -mov dword [esp], edi -call fcn_fffb3d4e ; call 0xfffb3d4e -pop edx -pop ecx -and eax, 0xffebffff +push 0xa push eax -push edi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov edx, 0xcf9 -in al, dx -mov ecx, dword [ebp - 0x30] -mov bl, al -add esp, 0x10 -and ebx, 0xfffffff1 -cmp cl, 6 -jne short loc_fffb71d7 ; jne 0xfffb71d7 -sub esp, 0xc -add esi, 0xf8048 -push esi -call fcn_fffb3d4e ; call 0xfffb3d4e -add esp, 0x10 -mov esi, eax -and esi, 0xfffffffe -cmp dword [ebp - 0x2c], 1 -jne short loc_fffb71f2 ; jne 0xfffb71f2 +mov eax, ebx +mov dword [ebp - 0x24], 0 +call fcn_fffb6980 ; call 0xfffb6980 +mov eax, dword [ebp - 0x20] +add esp, 0x18 +mov edx, dword [ebp - 0x3c] +xor ecx, ecx +mov dword [edi + 0x20], eax +mov eax, dword [ebp - 0x1c] +mov dword [edi + 0x24], eax +lea eax, [ebp - 0x24] push eax +movzx eax, byte [ebx + 0x2489] +push 1 +push 0 +push 0 +push 0xc push eax -push 0x40000000 -push esi -call fcn_fffab629 ; call 0xfffab629 -pop eax -pop edx -lea eax, [esi + 4] -push 0xbfffffff +mov eax, ebx +mov dword [ebp - 0x24], 0 +call fcn_fffb6980 ; call 0xfffb6980 +mov eax, dword [ebp - 0x20] +add esp, 0x18 +add dword [edi + 0x20], eax +xor ecx, ecx +mov eax, dword [ebp - 0x1c] +add dword [edi + 0x24], eax +lea eax, [ebp - 0x24] +mov edx, dword [ebp - 0x3c] push eax -call fcn_fffab64e ; call 0xfffab64e -pop ecx -pop eax -lea eax, [esi + 0xc] -push 0xbfffffff +movzx eax, byte [ebx + 0x2489] +push 1 +push 0 +push 0 +push 0xa push eax -jmp short loc_fffb7223 ; jmp 0xfffb7223 +mov eax, ebx +mov dword [ebp - 0x24], 1 +call fcn_fffb6980 ; call 0xfffb6980 +mov eax, dword [ebp - 0x20] +add esp, 0x20 +mov dword [edi + 0x28], eax +mov edx, dword [ebp - 0x1c] +add eax, edx +mov dword [ebp - 0x44], eax +mov eax, dword [edi + 0x20] +add dword [ebp - 0x44], eax +mov eax, dword [edi + 0x24] +add dword [ebp - 0x44], eax +mov eax, dword [ebp - 0x8c] +mov dword [edi + 0x2c], edx +mov dword [ebp - 0x70], eax -loc_fffb71d7: ; not directly referenced -cmp cl, 1 -je short loc_fffb71ed ; je 0xfffb71ed -cmp cl, 2 -jne short loc_fffb7257 ; jne 0xfffb7257 -mov eax, dword [ebp - 0x1c] -sub esp, 0xc -push 2 -call dword [eax] ; ucall -jmp short loc_fffb7251 ; jmp 0xfffb7251 +loc_fffb744e: ; not directly referenced +cmp dword [ebp - 0x90], 1 +jne short loc_fffb746e ; jne 0xfffb746e +mov eax, dword [ebp - 0x68] +test ax, ax +cmove ax, word [ebp - 0x40] +mov word [ebp - 0x40], 0x3fff +mov word [ebp - 0x68], ax +jmp short loc_fffb7480 ; jmp 0xfffb7480 -loc_fffb71ed: ; not directly referenced -or ebx, 6 -jmp short loc_fffb7257 ; jmp 0xfffb7257 +loc_fffb746e: ; not directly referenced +mov ecx, dword [ebp - 0x40] +mov eax, 0x3fff +test cx, cx +cmovne eax, ecx +mov word [ebp - 0x40], ax -loc_fffb71f2: ; not directly referenced -cmp dword [ebp - 0x2c], 2 -jne short loc_fffb722b ; jne 0xfffb722b -push eax +loc_fffb7480: ; not directly referenced +movzx eax, word [ebp - 0x68] +movzx edx, word [ebp - 0x40] +movzx ecx, word [ebp - 0x56] +test ax, ax +cmove eax, edx push eax -push 1 -lea edx, [esi + 0x1f0] -push edx -mov dword [ebp - 0x2c], edx -call fcn_fffab629 ; call 0xfffab629 -pop eax -pop edx -mov edx, dword [ebp - 0x2c] -push 0xfffffffffffffffb -push edx -call fcn_fffab64e ; call 0xfffab64e -mov edx, dword [ebp - 0x2c] -pop ecx -pop eax -push 0x7fffffff -push edx - -loc_fffb7223: ; not directly referenced -call fcn_fffab64e ; call 0xfffab64e -add esp, 0x10 - -loc_fffb722b: ; not directly referenced +movzx eax, dx push eax -add esi, 0x60 +movzx eax, word [ebp - 0x4c] +mov edx, esi push eax -push 0x40000000 -push esi -call fcn_fffab629 ; call 0xfffab629 -mov dword [esp], edi -call fcn_fffb3d4e ; call 0xfffb3d4e -pop edx -pop ecx -or eax, 0x100000 +movzx eax, byte [ebp - 0x75] push eax -push edi -call fcn_fffb3d84 ; call 0xfffb3d84 - -loc_fffb7251: ; not directly referenced -or ebx, 0xe +mov eax, ebx +call fcn_fffa6d0f ; call 0xfffa6d0f +mov ax, word [ebp - 0x4a] add esp, 0x10 +add word [esi + 0x30], ax +add ax, word [esi + 0x34] +add eax, dword [ebp - 0x44] +inc byte [ebp - 0x76] +mov word [esi + 0x34], ax +mov eax, dword [esi] +add dword [ebp - 0x6c], eax +mov eax, dword [esi + 4] +add dword [ebp - 0x6c], eax +mov eax, dword [esi + 0x14] +add dword [ebp - 0x6c], eax +mov eax, dword [esi + 8] +add dword [ebp - 0x50], eax +mov eax, dword [esi + 0x10] +add dword [ebp - 0x50], eax +mov eax, dword [esi + 0xc] +add dword [ebp - 0x50], eax +mov eax, dword [esi + 0x18] +add dword [ebp - 0x50], eax -loc_fffb7257: ; not directly referenced -mov eax, dword [ebp - 0x1c] -call dword [eax + 0xc] ; ucall -mov edx, 0xcf9 -mov al, bl -out dx, al -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb726f: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, eax -sub esp, 0x20 -mov edi, dword [ebp + 0x10] -mov esi, dword [ebp + 0xc] -push 0x3f -push edi -push esi -mov dword [ebp - 0x1c], edx -mov dword [ebp - 0x20], ecx -call dword [eax + 0x6c] ; ucall -add esp, 0x10 -test al, 1 -je short loc_fffb72d1 ; je 0xfffb72d1 -mov eax, dword [ebp - 0x1c] -mov edx, esi -and edx, 0xffffffc0 -and eax, 0xffffffc0 -mov ecx, eax -mov eax, dword [ebp - 0x20] -and eax, 0x7f -mov dword [ebp - 0x1c], eax +loc_fffb74ec: ; not directly referenced +inc dword [ebp - 0x54] +add esi, 0x36 +cmp dword [ebp - 0x54], 4 +jne loc_fffb71d0 ; jne 0xfffb71d0 +inc dword [ebp - 0x3c] +add edi, 0xd8 +add dword [ebp - 0x48], 0x13c3 +cmp dword [ebp - 0x3c], 2 +jne loc_fffb71a0 ; jne 0xfffb71a0 +movzx edi, byte [ebp - 0x76] +movzx esi, word [ebp - 0x4a] mov eax, edi -and eax, 0x7f -cmp dword [ebp - 0x1c], eax -jne short loc_fffb72d1 ; jne 0xfffb72d1 -cmp ecx, edx -jne short loc_fffb72d1 ; jne 0xfffb72d1 -push eax -push 0x3e -push edi -push esi -call dword [ebx + 0x6c] ; ucall -add esp, 0x10 -and eax, 1 -cmp dword [ebp + 8], eax -sete al -movzx eax, al -jmp short loc_fffb72d3 ; jmp 0xfffb72d3 +test al, al +mov al, 1 +cmove edi, eax +xor edx, edx +mov eax, edi +movzx ecx, al +mov eax, dword [ebp - 0x6c] +div ecx +xor edx, edx +add esi, eax +mov eax, dword [ebp - 0x50] +div ecx +cmp byte [ebx + 0x3691], 0 +jne short loc_fffb755f ; jne 0xfffb755f +mov word [ebx + 0x3694], ax +mov eax, dword [ebp - 0x44] +mov word [ebx + 0x3692], si +mov word [ebx + 0x3696], ax +jmp short loc_fffb7577 ; jmp 0xfffb7577 -loc_fffb72d1: ; not directly referenced -xor eax, eax +loc_fffb755f: ; not directly referenced +mov word [ebx + 0x369a], ax +mov eax, dword [ebp - 0x44] +mov word [ebx + 0x3698], si +mov word [ebx + 0x369c], ax -loc_fffb72d3: ; not directly referenced +loc_fffb7577: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -32050,312 +32090,699 @@ pop edi pop ebp ret -fcn_fffb72db: +fcn_fffb757f: ; not directly referenced push ebp mov ebp, esp push edi -mov edi, eax push esi push ebx -mov ebx, edx -sub esp, 0x1c - -loc_fffb72e8: -test ebx, ebx -jle short loc_fffb7315 ; jle 0xfffb7315 -cmp ebx, 0x10 -mov esi, 0x10 -cmovle esi, ebx -push eax +sub esp, 0x1c0 +mov ebx, dword [ebp + 8] +lea esi, [ebp - 0x1c8] +mov eax, dword [ebx + 0x2444] +push 0 +push 0x1b0 push esi -push edi -push dword [ecx] -mov dword [ebp - 0x1c], ecx -call fcn_fffa5c2e ; call 0xfffa5c2e -mov ecx, dword [ebp - 0x1c] +call dword [eax + 0x5c] ; ucall +mov edx, esi +mov eax, ebx +call fcn_fffb7100 ; call 0xfffb7100 add esp, 0x10 -mov dword [ecx], eax -test eax, eax -jne short loc_fffb7319 ; jne 0xfffb7319 -or eax, 0xffffffff -jmp short loc_fffb731d ; jmp 0xfffb731d +cmp byte [ebx + 0x3691], 0 +je loc_fffb7652 ; je 0xfffb7652 +mov dx, word [ebx + 0x3692] +xor ecx, ecx +movzx eax, word [ebx + 0x3698] +cmp dx, ax +jbe short loc_fffb75e5 ; jbe 0xfffb75e5 +movzx ecx, dx +xor edx, edx +mov edi, ecx +sub edi, eax +mov eax, edi +shl eax, 8 +div ecx +mov cl, al + +loc_fffb75e5: ; not directly referenced +mov dx, word [ebx + 0x3694] +xor esi, esi +movzx eax, word [ebx + 0x369a] +cmp dx, ax +jbe short loc_fffb760c ; jbe 0xfffb760c +movzx esi, dx +xor edx, edx +mov edi, esi +sub edi, eax +mov eax, edi +shl eax, 8 +div esi +mov esi, eax -loc_fffb7315: +loc_fffb760c: ; not directly referenced +movzx edi, word [ebx + 0x3696] xor eax, eax -jmp short loc_fffb731d ; jmp 0xfffb731d +movzx edx, word [ebx + 0x369c] +cmp di, dx +jbe short loc_fffb762c ; jbe 0xfffb762c +mov eax, edi +sub eax, edx +xor edx, edx +shl eax, 8 +div edi -loc_fffb7319: -sub ebx, esi -jmp short loc_fffb72e8 ; jmp 0xfffb72e8 +loc_fffb762c: ; not directly referenced +xor edx, edx +mov dl, cl +mov ecx, esi +movzx eax, al +mov dh, cl +mov ecx, edx +mov edx, 0x59b8 +shl eax, 0x10 +and ecx, 0xff00ffff +or ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffb7659 ; jmp 0xfffb7659 + +loc_fffb7652: ; not directly referenced +mov byte [ebx + 0x3691], 1 -loc_fffb731d: +loc_fffb7659: ; not directly referenced lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffb7325: +fcn_fffb7663: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi -mov edi, ecx push esi -mov esi, edx +xor esi, esi push ebx mov ebx, eax -sub esp, 0xc -test edx, edx -jne short loc_fffb734a ; jne 0xfffb734a - -loc_fffb7338: -test edi, edi -setne dl -cmp dword [ebp + 8], 0 -setne al -test dl, al -je short loc_fffb7377 ; je 0xfffb7377 -jmp short loc_fffb735f ; jmp 0xfffb735f - -loc_fffb734a: -mov ecx, eax -mov eax, ref_fffd5854 ; mov eax, 0xfffd5854 -call fcn_fffb72db ; call 0xfffb72db -test eax, eax -jns short loc_fffb7338 ; jns 0xfffb7338 +sub esp, 0x34 +mov dword [ebp - 0x1c], eax +mov eax, dword [eax + 0x18a7] +lea edi, [ebx + 0x3757] +mov byte [ebp - 0x1d], dl +mov edx, dword [ebx + 0x2481] +mov eax, dword [ebx + eax*4 + 0x3736] +push 0 +push 1 +push 0 +push 0 +push 1 +push 0 +mov dword [ebp - 0x30], eax +shr eax, 1 +mov dword [ebp - 0x28], edx +xor edx, edx +mov dword [ebp - 0x2c], eax +mov eax, ebx +call fcn_fffb6980 ; call 0xfffb6980 +add esp, 0x20 +mov byte [ebp - 0x1e], 2 +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x34], eax -loc_fffb735a: -or eax, 0xffffffff -jmp short loc_fffb73d5 ; jmp 0xfffb73d5 +loc_fffb76c2: ; not directly referenced +cmp dword [edi], 2 +jne loc_fffb7779 ; jne 0xfffb7779 +mov al, byte [edi + 0xc4] +xor ecx, ecx +mov byte [ebp - 0x1f], al -loc_fffb735f: -push edx -push dword [ebp + 8] -push edi -push dword [ebx] -call fcn_fffa5c2e ; call 0xfffa5c2e -add esp, 0x10 -mov dword [ebx], eax -test eax, eax -je short loc_fffb735a ; je 0xfffb735a -add esi, dword [ebp + 8] +loc_fffb76d6: ; not directly referenced +mov eax, 1 +shl eax, cl +test byte [ebp - 0x1f], al +je loc_fffb776d ; je 0xfffb776d +mov al, cl +inc esi +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +cmp dword [ebp - 0x28], 3 +lea eax, [edi + eax + 0x126b] +jne short loc_fffb7720 ; jne 0xfffb7720 +cmp byte [ebp - 0x1d], 0 +mov ebx, 7 +je short loc_fffb7761 ; je 0xfffb7761 +movzx eax, word [eax + 6] +dec eax +and eax, 0xf +sub ebx, eax +mov eax, 1 +cmove ebx, eax +jmp short loc_fffb7761 ; jmp 0xfffb7761 -loc_fffb7377: -cmp dword [ebp + 0xc], 0 -jne short loc_fffb7388 ; jne 0xfffb7388 +loc_fffb7720: ; not directly referenced +cmp dword [ebp - 0x28], 2 +jne short loc_fffb773c ; jne 0xfffb773c +cmp byte [ebp - 0x1d], 0 +mov ebx, 7 +je short loc_fffb7761 ; je 0xfffb7761 +movzx eax, word [eax + 2] +and eax, 6 +sub ebx, eax +jmp short loc_fffb7761 ; jmp 0xfffb7761 -loc_fffb737d: -add esi, dword [ebp + 0xc] -cmp dword [ebp + 0x14], 0 -je short loc_fffb73b4 ; je 0xfffb73b4 -jmp short loc_fffb739d ; jmp 0xfffb739d +loc_fffb773c: ; not directly referenced +cmp byte [ebp - 0x1d], 0 +mov ebx, 6 +je short loc_fffb7761 ; je 0xfffb7761 +mov bx, word [eax + 2] +mov eax, ebx +shr ax, 5 +and eax, 1 +shr bx, 1 +add eax, eax +and ebx, 1 +or ebx, eax +add ebx, 6 -loc_fffb7388: -mov edx, dword [ebp + 0xc] -mov ecx, ebx -mov eax, ref_fffd5840 ; mov eax, 0xfffd5840 -call fcn_fffb72db ; call 0xfffb72db -test eax, eax -jns short loc_fffb737d ; jns 0xfffb737d -jmp short loc_fffb735a ; jmp 0xfffb735a +loc_fffb7761: ; not directly referenced +mov eax, 0xf0 +xor edx, edx +div ebx +add dword [ebp - 0x24], eax -loc_fffb739d: -push eax -push dword [ebp + 0x14] -push dword [ebp + 0x10] -push dword [ebx] -call fcn_fffa5c2e ; call 0xfffa5c2e -add esp, 0x10 -mov dword [ebx], eax -test eax, eax -je short loc_fffb735a ; je 0xfffb735a +loc_fffb776d: ; not directly referenced +add ecx, 2 +cmp ecx, 4 +jne loc_fffb76d6 ; jne 0xfffb76d6 -loc_fffb73b4: -add esi, dword [ebp + 0x14] -cmp dword [ebp + 0x18], 0 -je short loc_fffb73d0 ; je 0xfffb73d0 -mov edx, dword [ebp + 0x18] -mov ecx, ebx -mov eax, ref_fffd5854 ; mov eax, 0xfffd5854 -call fcn_fffb72db ; call 0xfffb72db +loc_fffb7779: ; not directly referenced +add edi, 0x13c3 +dec byte [ebp - 0x1e] +jne loc_fffb76c2 ; jne 0xfffb76c2 +mov eax, esi +mov edi, dword [ebp - 0x34] +mov ecx, 1 +test al, al +mov al, 1 +cmove esi, eax +xor edx, edx +mov eax, esi +movzx esi, al +mov eax, dword [ebp - 0x24] +div esi test eax, eax -js short loc_fffb735a ; js 0xfffb735a - -loc_fffb73d0: -mov eax, dword [ebp + 0x18] -add eax, esi - -loc_fffb73d5: +sete bl +test di, di +sete dl +movzx edi, di +test bl, dl +mov ebx, dword [ebp - 0x30] +cmovne eax, ecx +xor edx, edx +add edi, eax +add edi, edi +imul esi, ebx, 0xfa00 +mov eax, esi +div edi +mov edx, dword [ebp - 0x1c] +movzx edi, word [edx + 0x248a] +xor edx, edx +imul edi, edi, 0xc0 +mov esi, eax +imul eax, ebx, 0x7d00 +div edi +mov edx, dword [ebp - 0x1c] +mov edi, 0x64 +imul eax, eax, 0x3e8 +lea ebx, [esi + eax] +movzx esi, word [edx + 0x1902] +xor edx, edx +sub esi, dword [ebp - 0x2c] +shr ebx, 5 +imul eax, esi, 0x3e8 +div edi +mov di, 0xc8 +xor edx, edx +mov esi, eax +imul eax, dword [ebp - 0x2c], 0x3e8 +div edi +test esi, esi +cmove esi, ecx +mov edi, ecx +mov edx, 0x3a28 +test eax, eax +cmovne edi, eax +mov eax, dword [ebp - 0x1c] +call fcn_fffb331f ; call 0xfffb331f +xor edx, edx +mov ecx, eax +mov eax, ebx +div edi +mov edi, 0xf +add eax, eax +cmp eax, 0xf +cmovbe edi, eax +mov eax, ebx +xor edx, edx +and edi, 0xf +div esi +and ecx, 0xfffe00ff +mov esi, dword [ebp - 0x1c] +mov edx, 0x1f +shl edi, 8 +lea ebx, [eax + eax] +mov eax, esi +cmp ebx, 0x1f +cmovbe edx, ebx +or ecx, edi +and edx, 0x1f +shl edx, 0xc +or ecx, edx +mov edx, 0x3a28 +and ecx, 0xff0fffff +or ecx, 0x800000 +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +or ah, 1 +mov ecx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 lea esp, [ebp - 0xc] +mov eax, esi pop ebx +mov edx, 0xe1 pop esi pop edi pop ebp -ret +jmp near fcn_fffa82f9 ; jmp 0xfffa82f9 -fcn_fffb73dd: ; not directly referenced +fcn_fffb78c3: ; not directly referenced push ebp mov ebp, esp -mov eax, dword [ebp + 0xc] -mov edx, dword [ebp + 8] push edi push esi push ebx -mov esi, eax -mov word [edx + 0x2467], ax -mov edx, 0x80 -out dx, ax -mov edi, 0x48 -mov ebx, 0x74 +mov bl, cl +sub esp, 0xb0 +mov esi, dword [ebp + 0x10] +mov cl, byte [ebp + 0x14] +mov dword [ebp - 0x74], eax +mov dword [ebp - 0x6c], esi +mov esi, dword [ebp + 0x20] +mov byte [ebp - 0x8a], cl +mov ecx, esi +mov byte [ebp - 0x9b], cl +mov cl, byte [ebp + 0x28] +mov dword [ebp - 0x94], esi +mov esi, dword [eax + 0x2444] +mov byte [ebp - 0x8c], cl +mov ecx, eax +movzx eax, dl +mov dword [ebp - 0x90], eax +imul eax, eax, 0x13c3 +lea edi, [ecx + eax + 0x3757] +mov eax, dword [edi + 0xc0] +mov dword [ebp - 0x98], eax +mov eax, dword [ecx + 0x188b] +push 0 +push 0x36 +mov dword [ebp - 0x7c], eax +lea eax, [ebp - 0x4e] +push eax +call dword [esi + 0x5c] ; ucall +add esp, 0xc +push 0 +push 4 +lea eax, [ebp - 0x5e] +push eax +call dword [esi + 0x60] ; ucall +add esp, 0xc +push 0xffff +push 4 +lea eax, [ebp - 0x56] +push eax +call dword [esi + 0x60] ; ucall +add esp, 0x10 +cmp dword [ebp - 0x7c], 1 +mov dword [ebp - 0x88], 0 +jne short loc_fffb7996 ; jne 0xfffb7996 +cmp byte [edi + 0x1390], 5 +mov al, byte [edi + 0x1268] +je short loc_fffb798c ; je 0xfffb798c +cmp al, 5 +sete al +movzx eax, al +mov dword [ebp - 0x88], eax +jmp short loc_fffb7996 ; jmp 0xfffb7996 -loc_fffb7403: ; not directly referenced -mov eax, edi -mov edx, ebx -out dx, al -mov edx, 0x75 -in al, dx -movzx ecx, al -mov edx, ebx -mov al, 0x49 -out dx, al -mov edx, 0x75 -in al, dx -shl eax, 8 -or eax, ecx -cmp si, ax -je short loc_fffb7403 ; je 0xfffb7403 -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffb798c: ; not directly referenced +mov dword [ebp - 0x88], 1 -fcn_fffb742b: -mov ecx, 0xce -rdmsr -movzx ecx, ah -xor edx, edx -imul ecx, ecx, 0x186a0 +loc_fffb7996: ; not directly referenced +movzx eax, byte [ebp - 0x6c] +mov esi, dword [ebp + 0xc] +mov word [ebp - 0x6c], 0 +mov byte [ebp - 0x8b], 0 +mov edi, eax +mov dword [ebp - 0xa0], eax +movzx eax, byte [ebp - 0x94] +mov word [ebp - 0x6e], 0xffff +mov word [ebp - 0x70], 0 +imul eax, edi +add edi, edi +mov dword [ebp - 0xa4], edi +lea eax, [esi + eax*2] +mov esi, dword [ebp - 0x90] +mov dword [ebp - 0x80], eax +mov eax, dword [ebp + 8] +mov dword [ebp - 0x84], eax +mov eax, esi +add eax, esi +mov dword [ebp - 0xa8], eax +movzx eax, bl +mov dword [ebp - 0xac], eax + +loc_fffb79f8: ; not directly referenced +mov al, byte [ebp - 0x8a] +mov bl, byte [ebp - 0x8b] +cmp bl, al +je loc_fffb7bd7 ; je 0xfffb7bd7 +movzx eax, bl +mov ebx, dword [ebp + 0xc] +xor ecx, ecx +lea ebx, [ebx + eax*2] xor eax, eax -test ecx, ecx -je short loc_fffb7457 ; je 0xfffb7457 -push ebp -mov ebp, esp -sub esp, 0xc -rdtsc -push ecx -push edx -push eax -call fcn_fffd289e ; call 0xfffd289e -add esp, 0x10 -leave -loc_fffb7457: -ret +loc_fffb7a19: ; not directly referenced +cmp byte [ebp - 0x9b], al +jbe short loc_fffb7a46 ; jbe 0xfffb7a46 +mov dx, word [ebx + ecx] +cmp word [ebp + eax*2 - 0x5e], dx +jae short loc_fffb7a31 ; jae 0xfffb7a31 +mov word [ebp + eax*2 - 0x5e], dx -fcn_fffb7458: -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x2c -mov ebx, dword [ebp + 8] -mov esi, dword [ebx + 0x2443] -mov edi, dword [ebx + 0x18c1] -push 0xe4 +loc_fffb7a31: ; not directly referenced +cmp word [ebp + eax*2 - 0x56], dx +jbe short loc_fffb7a3d ; jbe 0xfffb7a3d +mov word [ebp + eax*2 - 0x56], dx + +loc_fffb7a3d: ; not directly referenced +inc eax +add ecx, dword [ebp - 0xa4] +jmp short loc_fffb7a19 ; jmp 0xfffb7a19 + +loc_fffb7a46: ; not directly referenced +cmp dword [ebp + 0x24], 0 +jne loc_fffb7b8a ; jne 0xfffb7b8a +mov edi, dword [ebp - 0x84] +xor esi, esi +xor ebx, ebx +mov eax, dword [ebp - 0x74] +movsx edx, byte [edi + 8] +call fcn_fffa6cac ; call 0xfffa6cac +add edi, dword [ebp - 0xa8] +mov byte [ebp - 0x89], 0 +mov byte [ebp - 0x78], 0 +mov word [ebp - 0x9a], ax + +loc_fffb7a7e: ; not directly referenced +mov eax, dword [ebp - 0xac] +bt eax, esi +jae short loc_fffb7b03 ; jae 0xfffb7b03 +push eax +mov edx, dword [ebp - 0x90] +push eax +mov eax, dword [ebp - 0x74] push 0 +push 1 push 0 push 0 -call dword [esi + 0x4c] ; ucall -add edi, eax -mov dword [esp], edi -add edi, 4 -call dword [esi + 0x20] ; ucall -mov dword [esp], edi -mov dword [ebp - 0x2c], eax -call dword [esi + 0x20] ; ucall +push 9 +lea ecx, [esi + esi] +push 0 +call fcn_fffb6980 ; call 0xfffb6980 +movzx edx, byte [edi + esi + 4] +add esp, 0x20 +add byte [ebp - 0x78], al +movzx ecx, byte [edx + ref_fffd52a4] ; movzx ecx, byte [edx - 0x2ad5c] +movzx eax, byte [edi + esi] +cmp dword [ebp - 0x98], 1 +mov word [ebp - 0x6c], cx +movzx eax, byte [eax + ref_fffd52a4] ; movzx eax, byte [eax - 0x2ad5c] +jne short loc_fffb7ae3 ; jne 0xfffb7ae3 +test cx, cx +cmovne eax, ecx +mov word [ebp - 0x6c], ax +mov eax, 0x3fff +jmp short loc_fffb7aee ; jmp 0xfffb7aee + +loc_fffb7ae3: ; not directly referenced +test ax, ax +mov edx, 0x3fff +cmove eax, edx + +loc_fffb7aee: ; not directly referenced +mov ecx, dword [ebp - 0x6c] +test cx, cx +cmove ecx, eax +add ebx, eax +inc byte [ebp - 0x89] +mov word [ebp - 0x6c], cx + +loc_fffb7b03: ; not directly referenced +inc esi +cmp esi, 2 +jne loc_fffb7a7e ; jne 0xfffb7a7e +cmp byte [ebp - 0x89], 0 +je short loc_fffb7b35 ; je 0xfffb7b35 +movzx esi, byte [ebp - 0x89] +movzx eax, bx +cdq +mov ebx, esi +movzx ecx, bl +idiv ecx +mov ecx, esi +mov ebx, eax +movzx eax, byte [ebp - 0x78] +div cl +mov byte [ebp - 0x78], al + +loc_fffb7b35: ; not directly referenced +lea eax, [ebx - 0x79] +mov ecx, 0x1e +cmp ax, 0x3f85 +mov eax, 0xf0 +cmovbe ebx, eax +movzx eax, word [ebp - 0x6c] +movzx ebx, bx +lea edx, [ebp - 0x4e] +lea esi, [ebp - 0x4e] +push eax +movzx eax, word [ebp - 0x9a] +push ebx +push eax +movzx eax, byte [ebp - 0x78] +push eax +mov eax, dword [ebp - 0x74] +call fcn_fffa6d0f ; call 0xfffa6d0f +mov ax, word [ebp - 0x1a] +mov ecx, 0x36 +mov edi, dword [ebp - 0x80] add esp, 0x10 -mov edx, dword [ebp - 0x2c] -cmp eax, dword [ebx + 0x14] -jne short loc_fffb74a2 ; jne 0xfffb74a2 -cmp edx, dword [ebx + 0x10] -je short loc_fffb74ac ; je 0xfffb74ac +mov word [edi], ax +mov eax, dword [ebp - 0x84] +lea edi, [eax + 0xd] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -loc_fffb74a2: -mov eax, 0x18 -jmp near loc_fffb7571 ; jmp 0xfffb7571 +loc_fffb7b8a: ; not directly referenced +mov eax, dword [ebp - 0x80] +cmp byte [ebp - 0x8a], 1 +mov ax, word [eax] +je short loc_fffb7bb4 ; je 0xfffb7bb4 +mov edx, dword [ebp - 0x70] +mov bx, word [ebp - 0x6e] +cmp ax, dx +cmovae edx, eax +cmp bx, ax +cmovbe eax, ebx +mov word [ebp - 0x6e], ax +mov eax, edx +jmp short loc_fffb7bba ; jmp 0xfffb7bba -loc_fffb74ac: -lea eax, [ebx + 0x1165] -xor esi, esi -mov dword [ebp - 0x30], eax +loc_fffb7bb4: ; not directly referenced +mov word [ebp - 0x6e], 0 -loc_fffb74b7: -lea eax, [ebx + esi + 0x196b] -xor edi, edi -mov dword [ebp - 0x34], eax -mov eax, dword [ebp - 0x30] -mov dword [ebp - 0x2c], eax -lea eax, [esi + 0x1afb] -mov dword [ebp - 0x38], eax +loc_fffb7bba: ; not directly referenced +inc byte [ebp - 0x8b] +add dword [ebp - 0x80], 2 +add dword [ebp - 0x84], 0x54e +mov word [ebp - 0x70], ax +jmp near loc_fffb79f8 ; jmp 0xfffb79f8 -loc_fffb74d2: -mov eax, dword [ebp - 0x34] -cmp dword [eax + edi + 8], 1 -jne short loc_fffb74e4 ; jne 0xfffb74e4 -mov word [ebp - 0x1a], 0 -jmp short loc_fffb752a ; jmp 0xfffb752a +loc_fffb7bd7: ; not directly referenced +mov edi, dword [ebp - 0x94] +mov al, 4 +mov word [ebp - 0x6c], 0x7fff +mov word [ebp - 0x80], 0 +mov ebx, edi +cmp bl, 4 +cmovbe eax, edi +xor edi, edi +mov byte [ebp - 0x78], al +mov eax, dword [ebp - 0x88] +xor eax, 1 +and eax, 1 +mov byte [ebp - 0x89], al -loc_fffb74e4: -lea eax, [ebx + edi] -mov al, byte [esi + eax + 0x19bd] -cmp al, 0xf1 -sete cl -cmp al, 0xb +loc_fffb7c0a: ; not directly referenced +mov eax, edi +cmp byte [ebp - 0x78], al +jbe loc_fffb7cd7 ; jbe 0xfffb7cd7 +mov si, word [ebp + edi*2 - 0x5e] +add word [ebp - 0x80], si +cmp byte [ebp - 0x8c], 6 +mov eax, dword [ebp + 0x18] sete dl -or cl, dl -je short loc_fffb750c ; je 0xfffb750c -lea eax, [edi + esi + 0x1a30] -mov edx, 0xb -add eax, ebx -jmp short loc_fffb7522 ; jmp 0xfffb7522 +cmp dword [ebp - 0x7c], 1 +mov cl, byte [eax + edi] +sete al +xor ebx, ebx +test dl, al +je short loc_fffb7c46 ; je 0xfffb7c46 +cmp cl, 1 +mov eax, 0x28 +cmove ebx, eax -loc_fffb750c: -cmp al, 0xc -jne short loc_fffb751e ; jne 0xfffb751e -mov eax, dword [ebp - 0x38] -mov edx, 9 -add eax, edi -add eax, ebx -jmp short loc_fffb7522 ; jmp 0xfffb7522 +loc_fffb7c46: ; not directly referenced +cmp byte [ebp - 0x8c], 8 +setne dl +cmp dword [ebp - 0x7c], 1 +setne al +or dl, al +jne short loc_fffb7c6f ; jne 0xfffb7c6f +cmp cl, 2 +setne al +or al, byte [ebp - 0x89] +mov eax, 0x50 +cmove ebx, eax + +loc_fffb7c6f: ; not directly referenced +movzx eax, si +mov esi, dword [ebp + 0x1c] +cdq +movzx esi, byte [esi + edi] +idiv esi +movzx esi, cl +mov edx, esi +xor ecx, ecx +mov dword [ebp - 0x84], esi +mov dword [ebp - 0x88], eax +mov eax, dword [ebp - 0x74] +call fcn_fffaab72 ; call 0xfffaab72 +mov edx, dword [ebp - 0x84] +mov ecx, 1 +movzx esi, ax +mov eax, dword [ebp - 0x74] +call fcn_fffaab72 ; call 0xfffaab72 +mov edx, dword [ebp - 0x88] +sub edx, esi +imul edx, edx, 0x64 +movzx eax, ax +add ebx, eax +sub ebx, esi +mov eax, edx +cdq +idiv ebx +mov ebx, dword [ebp - 0x6c] +cmp bx, ax +cmovle eax, ebx +inc edi +mov word [ebp - 0x6c], ax +jmp near loc_fffb7c0a ; jmp 0xfffb7c0a + +loc_fffb7cd7: ; not directly referenced +movzx eax, word [ebp - 0x80] +mov ebx, 0x64 +movzx ecx, byte [ebp - 0x78] +cdq +idiv ecx +mov dword [ebp - 0x74], eax +movsx eax, word [ebp - 0x6c] +imul eax, eax, 0x41 +cdq +idiv ebx +xor bl, bl +movzx edi, ax +cmp ax, 0x64 +jbe short loc_fffb7d07 ; jbe 0xfffb7d07 +lea ebx, [eax - 0x64] +mov edi, 0x64 + +loc_fffb7d07: ; not directly referenced +imul ecx, dword [ebp - 0xa0] +movzx ebx, bx +mov eax, dword [ebp + 0xc] +lea esi, [eax + ecx*2] +xor ecx, ecx +lea eax, [edi + ebx] +mov dword [ebp - 0x7c], eax +movzx eax, word [ebp - 0x6e] +mov dword [ebp - 0x80], eax +movzx eax, word [ebp - 0x70] +mov dword [ebp - 0x84], eax + +loc_fffb7d30: ; not directly referenced +cmp byte [ebp - 0x8a], cl +jbe short loc_fffb7d96 ; jbe 0xfffb7d96 +cmp word [ebp - 0x6c], 0 +jns short loc_fffb7d47 ; jns 0xfffb7d47 +mov word [esi + ecx*2], 1 +jmp short loc_fffb7d93 ; jmp 0xfffb7d93 + +loc_fffb7d47: ; not directly referenced +mov ax, word [ebp - 0x6e] +cmp word [ebp - 0x70], ax +je short loc_fffb7d6b ; je 0xfffb7d6b +movzx eax, word [esi + ecx*2] +sub eax, dword [ebp - 0x80] +imul eax, eax, 0x64 +cdq +idiv dword [ebp - 0x84] +mov edx, 0x64 +sub edx, eax +jmp short loc_fffb7d6d ; jmp 0xfffb7d6d -loc_fffb751e: +loc_fffb7d6b: ; not directly referenced xor edx, edx -xor eax, eax -loc_fffb7522: -lea ecx, [ebp - 0x1a] -call fcn_fffaf03f ; call 0xfffaf03f +loc_fffb7d6d: ; not directly referenced +movzx edx, dx +mov ebx, 0x64 +imul edx, dword [ebp - 0x7c] +mov eax, ebx +sub eax, edi +mov dword [ebp - 0x78], eax +mov eax, edx +cdq +idiv ebx +add eax, dword [ebp - 0x78] +imul eax, dword [ebp - 0x74] +cdq +idiv ebx +mov word [esi + ecx*2], ax -loc_fffb752a: -mov eax, dword [ebp - 0x2c] -mov ax, word [eax] -cmp word [ebp - 0x1a], ax -jne loc_fffb74a2 ; jne 0xfffb74a2 -add edi, 0x277 -add dword [ebp - 0x2c], 0x128 -cmp edi, 0x4ee -jne short loc_fffb74d2 ; jne 0xfffb74d2 -add esi, 0x54a -add dword [ebp - 0x30], 0x433 -cmp esi, 0xa94 -jne loc_fffb74b7 ; jne 0xfffb74b7 -mov byte [ebx + 0x247b], 1 -xor eax, eax +loc_fffb7d93: ; not directly referenced +inc ecx +jmp short loc_fffb7d30 ; jmp 0xfffb7d30 -loc_fffb7571: +loc_fffb7d96: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -32363,15 +32790,291 @@ pop edi pop ebp ret -fcn_fffb7579: +fcn_fffb7d9e: push ebp mov ebp, esp push edi +mov edi, eax push esi push ebx -sub esp, 0x34 -mov edi, dword [ebp + 0x10] -mov edx, dword [ebp + 0xc] +mov ebx, edx +sub esp, 0x1c + +loc_fffb7dab: +test ebx, ebx +jle short loc_fffb7dd8 ; jle 0xfffb7dd8 +cmp ebx, 0x10 +mov esi, 0x10 +cmovle esi, ebx +push eax +push esi +push edi +push dword [ecx] +mov dword [ebp - 0x1c], ecx +call fcn_fffa5c76 ; call 0xfffa5c76 +mov ecx, dword [ebp - 0x1c] +add esp, 0x10 +mov dword [ecx], eax +test eax, eax +jne short loc_fffb7ddc ; jne 0xfffb7ddc +or eax, 0xffffffff +jmp short loc_fffb7de0 ; jmp 0xfffb7de0 + +loc_fffb7dd8: +xor eax, eax +jmp short loc_fffb7de0 ; jmp 0xfffb7de0 + +loc_fffb7ddc: +sub ebx, esi +jmp short loc_fffb7dab ; jmp 0xfffb7dab + +loc_fffb7de0: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb7de8: +push ebp +mov ebp, esp +push edi +mov edi, ecx +push esi +mov esi, edx +push ebx +mov ebx, eax +sub esp, 0xc +test edx, edx +jne short loc_fffb7e0d ; jne 0xfffb7e0d + +loc_fffb7dfb: +test edi, edi +setne dl +cmp dword [ebp + 8], 0 +setne al +test dl, al +je short loc_fffb7e3a ; je 0xfffb7e3a +jmp short loc_fffb7e22 ; jmp 0xfffb7e22 + +loc_fffb7e0d: +mov ecx, eax +mov eax, ref_fffd52c0 ; mov eax, 0xfffd52c0 +call fcn_fffb7d9e ; call 0xfffb7d9e +test eax, eax +jns short loc_fffb7dfb ; jns 0xfffb7dfb + +loc_fffb7e1d: +or eax, 0xffffffff +jmp short loc_fffb7e98 ; jmp 0xfffb7e98 + +loc_fffb7e22: +push edx +push dword [ebp + 8] +push edi +push dword [ebx] +call fcn_fffa5c76 ; call 0xfffa5c76 +add esp, 0x10 +mov dword [ebx], eax +test eax, eax +je short loc_fffb7e1d ; je 0xfffb7e1d +add esi, dword [ebp + 8] + +loc_fffb7e3a: +cmp dword [ebp + 0xc], 0 +jne short loc_fffb7e4b ; jne 0xfffb7e4b + +loc_fffb7e40: +add esi, dword [ebp + 0xc] +cmp dword [ebp + 0x14], 0 +je short loc_fffb7e77 ; je 0xfffb7e77 +jmp short loc_fffb7e60 ; jmp 0xfffb7e60 + +loc_fffb7e4b: +mov edx, dword [ebp + 0xc] +mov ecx, ebx +mov eax, ref_fffd52ac ; mov eax, 0xfffd52ac +call fcn_fffb7d9e ; call 0xfffb7d9e +test eax, eax +jns short loc_fffb7e40 ; jns 0xfffb7e40 +jmp short loc_fffb7e1d ; jmp 0xfffb7e1d + +loc_fffb7e60: +push eax +push dword [ebp + 0x14] +push dword [ebp + 0x10] +push dword [ebx] +call fcn_fffa5c76 ; call 0xfffa5c76 +add esp, 0x10 +mov dword [ebx], eax +test eax, eax +je short loc_fffb7e1d ; je 0xfffb7e1d + +loc_fffb7e77: +add esi, dword [ebp + 0x14] +cmp dword [ebp + 0x18], 0 +je short loc_fffb7e93 ; je 0xfffb7e93 +mov edx, dword [ebp + 0x18] +mov ecx, ebx +mov eax, ref_fffd52c0 ; mov eax, 0xfffd52c0 +call fcn_fffb7d9e ; call 0xfffb7d9e +test eax, eax +js short loc_fffb7e1d ; js 0xfffb7e1d + +loc_fffb7e93: +mov eax, dword [ebp + 0x18] +add eax, esi + +loc_fffb7e98: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb7ea0: +mov ecx, 0xce +rdmsr +movzx ecx, ah +xor edx, edx +imul ecx, ecx, 0x186a0 +xor eax, eax +test ecx, ecx +je short loc_fffb7ecc ; je 0xfffb7ecc +push ebp +mov ebp, esp +sub esp, 0xc +rdtsc +push ecx +push edx +push eax +call fcn_fffd2b90 ; call 0xfffd2b90 +add esp, 0x10 +leave + +loc_fffb7ecc: +ret + +fcn_fffb7ecd: +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov ebx, dword [ebp + 8] +mov esi, dword [ebx + 0x2444] +mov edi, dword [ebx + 0x18c1] +push 0xe4 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +add edi, eax +mov dword [esp], edi +add edi, 4 +call dword [esi + 0x20] ; ucall +mov dword [esp], edi +mov dword [ebp - 0x2c], eax +call dword [esi + 0x20] ; ucall +add esp, 0x10 +mov edx, dword [ebp - 0x2c] +cmp eax, dword [ebx + 0x14] +jne short loc_fffb7f17 ; jne 0xfffb7f17 +cmp edx, dword [ebx + 0x10] +je short loc_fffb7f21 ; je 0xfffb7f21 + +loc_fffb7f17: +mov eax, 0x18 +jmp near loc_fffb7fe6 ; jmp 0xfffb7fe6 + +loc_fffb7f21: +lea eax, [ebx + 0x1165] +xor esi, esi +mov dword [ebp - 0x30], eax + +loc_fffb7f2c: +lea eax, [ebx + esi + 0x196b] +xor edi, edi +mov dword [ebp - 0x34], eax +mov eax, dword [ebp - 0x30] +mov dword [ebp - 0x2c], eax +lea eax, [esi + 0x1afb] +mov dword [ebp - 0x38], eax + +loc_fffb7f47: +mov eax, dword [ebp - 0x34] +cmp dword [eax + edi + 8], 1 +jne short loc_fffb7f59 ; jne 0xfffb7f59 +mov word [ebp - 0x1a], 0 +jmp short loc_fffb7f9f ; jmp 0xfffb7f9f + +loc_fffb7f59: +lea eax, [ebx + edi] +mov al, byte [esi + eax + 0x19bd] +cmp al, 0xf1 +sete cl +cmp al, 0xb +sete dl +or cl, dl +je short loc_fffb7f81 ; je 0xfffb7f81 +lea eax, [edi + esi + 0x1a30] +mov edx, 0xb +add eax, ebx +jmp short loc_fffb7f97 ; jmp 0xfffb7f97 + +loc_fffb7f81: +cmp al, 0xc +jne short loc_fffb7f93 ; jne 0xfffb7f93 +mov eax, dword [ebp - 0x38] +mov edx, 9 +add eax, edi +add eax, ebx +jmp short loc_fffb7f97 ; jmp 0xfffb7f97 + +loc_fffb7f93: +xor edx, edx +xor eax, eax + +loc_fffb7f97: +lea ecx, [ebp - 0x1a] +call fcn_fffb3d76 ; call 0xfffb3d76 + +loc_fffb7f9f: +mov eax, dword [ebp - 0x2c] +mov ax, word [eax] +cmp word [ebp - 0x1a], ax +jne loc_fffb7f17 ; jne 0xfffb7f17 +add edi, 0x277 +add dword [ebp - 0x2c], 0x128 +cmp edi, 0x4ee +jne short loc_fffb7f47 ; jne 0xfffb7f47 +add esi, 0x54a +add dword [ebp - 0x30], 0x433 +cmp esi, 0xa94 +jne loc_fffb7f2c ; jne 0xfffb7f2c +mov byte [ebx + 0x247c], 1 +xor eax, eax + +loc_fffb7fe6: +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffb7fee: +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x34 +mov edi, dword [ebp + 0x10] +mov edx, dword [ebp + 0xc] lea eax, [ebp - 0x1c] push eax mov ebx, dword [ebp + 0x14] @@ -32379,17 +33082,17 @@ movzx esi, di lea eax, [esi + 0xc] push eax mov dword [ebp - 0x2c], edx -call fcn_fffab60f ; call 0xfffab60f +call fcn_fffb05b9 ; call 0xfffb05b9 add esp, 0x10 mov edx, dword [ebp - 0x2c] test eax, eax -jns short loc_fffb75af ; jns 0xfffb75af +jns short loc_fffb8024 ; jns 0xfffb8024 mov dword [ebp - 0x1c], 0 -loc_fffb75af: +loc_fffb8024: mov eax, dword [ebp - 0x1c] test eax, eax -je short loc_fffb75f3 ; je 0xfffb75f3 +je short loc_fffb8068 ; je 0xfffb8068 lea ecx, [eax + 4] mov dword [ebx], ecx mov word [eax + 4], dx @@ -32405,12 +33108,12 @@ mov edx, dword [0xff7d0270] mov dword [eax], edx mov dword [0xff7d0270], eax xor eax, eax -jmp short loc_fffb75f8 ; jmp 0xfffb75f8 +jmp short loc_fffb806d ; jmp 0xfffb806d -loc_fffb75f3: +loc_fffb8068: mov eax, 0x80000009 -loc_fffb75f8: +loc_fffb806d: lea esp, [ebp - 0xc] pop ebx pop esi @@ -32418,96 +33121,153 @@ pop edi pop ebp ret -fcn_fffb7600: ; not directly referenced +fcn_fffb8075: ; not directly referenced push ebp -mov eax, 0x80000002 mov ebp, esp push edi push esi push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 0x20] -mov ecx, dword [ebp + 0x10] -mov esi, dword [ebp + 0x14] -mov edi, dword [ebp + 0x18] -test ebx, ebx -je loc_fffb76db ; je 0xfffb76db -cmp ecx, 0xb -ja loc_fffb76db ; ja 0xfffb76db -push eax -mov edx, ecx -push dword [ebp + 0x1c] -mov eax, 1 -mov dword [ebp - 0x1c], ecx +sub esp, 0x38 +mov edi, dword [ebp + 8] push edi -push esi -call fcn_fffac5c7 ; call 0xfffac5c7 +call fcn_fffb9a46 ; call 0xfffb9a46 add esp, 0x10 -mov ecx, dword [ebp - 0x1c] +mov ebx, eax test eax, eax -js loc_fffb76db ; js 0xfffb76db -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x1e], al -mov eax, ecx -and eax, 3 -mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] -dec eax -test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] -sete byte [ebp - 0x1d] -mov dword [ebp - 0x28], eax - -loc_fffb767e: ; not directly referenced -cmp dword [ebp + 0x1c], 0 -je short loc_fffb76d9 ; je 0xfffb76d9 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffb7690 ; jne 0xfffb7690 -mov al, byte [esi] -mov byte [ebx], al -jmp short loc_fffb76c8 ; jmp 0xfffb76c8 +js loc_fffb8201 ; js 0xfffb8201 +cmp edi, 1 +je short loc_fffb80a7 ; je 0xfffb80a7 +cmp edi, 2 +je loc_fffb814a ; je 0xfffb814a +jmp near loc_fffb8205 ; jmp 0xfffb8205 -loc_fffb7690: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffb76a4 ; jne 0xfffb76a4 +loc_fffb80a7: ; not directly referenced +mov eax, dword [ebp + 0xc] sub esp, 0xc +mov dword [ebp - 0x20], eax +mov eax, dword [0xff7d0084] +or byte [ebp - 0x1d], 0x80 +mov eax, dword [eax + 0x14] +add eax, 0x48 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov edi, eax +pop eax +and edi, 0xfffffffe +pop edx +push dword [ebp - 0x20] +lea esi, [edi + 0x5da4] +add edi, 0x5da0 push esi -call fcn_fffb3d06 ; call 0xfffb3d06 -mov word [ebx], ax -jmp short loc_fffb76c5 ; jmp 0xfffb76c5 +call fcn_fffb3ffa ; call 0xfffb3ffa +mov dword [esp], 1 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov dword [ebp - 0x20], eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], 0xa +mov dword [ebp - 0x1c], eax +call fcn_fffb93ec ; call 0xfffb93ec +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov esi, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov edx, dword [ebp - 0x20] +add esp, 0x10 +cmp edx, esi +je short loc_fffb813a ; je 0xfffb813a +cmp dword [ebp - 0x1c], eax +je short loc_fffb813a ; je 0xfffb813a -loc_fffb76a4: ; not directly referenced -cmp dword [ebp - 0x1c], 2 -jne short loc_fffb76b7 ; jne 0xfffb76b7 -sub esp, 0xc -push esi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [ebx], eax -jmp short loc_fffb76c5 ; jmp 0xfffb76c5 +loc_fffb8130: ; not directly referenced +mov eax, 0x80000002 +jmp near loc_fffb820a ; jmp 0xfffb820a -loc_fffb76b7: ; not directly referenced -sub esp, 0xc -push esi -call fcn_fffb3dc0 ; call 0xfffb3dc0 -mov dword [ebx], eax -mov dword [ebx + 4], edx +loc_fffb813a: ; not directly referenced +mov eax, dword [ebp + 0x14] +mov dword [eax], edx +lea eax, [ebp - 0x1c] +push ecx +push 4 +jmp near loc_fffb81f5 ; jmp 0xfffb81f5 + +loc_fffb814a: ; not directly referenced +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp + 0x10] +mov eax, dword [eax] +push edx +push 8 +or byte [ebp - 0x21], 0x80 +mov dword [ebp - 0x28], eax +lea eax, [ebp - 0x28] +push eax +lea eax, [ebp - 0x30] +push eax +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x30] +mov ecx, 0x150 +mov edx, dword [ebp - 0x2c] +wrmsr +mov dword [esp], 2 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] +push eax +lea eax, [ebp - 0x28] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov dword [esp], 0xa +call fcn_fffb93ec ; call 0xfffb93ec +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] +push eax +lea eax, [ebp - 0x20] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x1c] +add esp, 0x10 +cmp dword [ebp - 0x24], eax +je short loc_fffb81e6 ; je 0xfffb81e6 +mov eax, dword [ebp - 0x20] +cmp dword [ebp - 0x28], eax +jne loc_fffb8130 ; jne 0xfffb8130 -loc_fffb76c5: ; not directly referenced +loc_fffb81e6: ; not directly referenced +movzx eax, byte [ebp - 0x24] +mov edx, dword [ebp + 0x14] +mov dword [edx], eax +push eax +push 4 +lea eax, [ebp - 0x28] + +loc_fffb81f5: ; not directly referenced +push eax +push dword [ebp + 0x10] +call fcn_fffb01dc ; call 0xfffb01dc add esp, 0x10 -loc_fffb76c8: ; not directly referenced -movzx eax, byte [ebp - 0x1e] -add esi, dword [ebp - 0x28] -adc edi, dword [ebp - 0x24] -dec dword [ebp + 0x1c] -add ebx, eax -jmp short loc_fffb767e ; jmp 0xfffb767e +loc_fffb8201: ; not directly referenced +mov eax, ebx +jmp short loc_fffb820a ; jmp 0xfffb820a -loc_fffb76d9: ; not directly referenced -xor eax, eax +loc_fffb8205: ; not directly referenced +mov eax, 0x80000003 -loc_fffb76db: ; not directly referenced +loc_fffb820a: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -32527,298 +33287,298 @@ lea ebx, [ebp + 0xc] mov dword [ebp - 0xa8], ebx mov dword [ebp - 0xa4], 0 test ecx, ecx -je short loc_fffb7757 ; je 0xfffb7757 +je short loc_fffb8286 ; je 0xfffb8286 mov dword [ebp - 0xf8], 0 mov dword [ebp - 0xe4], 0 -jmp short loc_fffb776c ; jmp 0xfffb776c +jmp short loc_fffb829b ; jmp 0xfffb829b -loc_fffb771f: +loc_fffb824e: cmp dl, 0x2a -jne loc_fffb77c0 ; jne 0xfffb77c0 +jne loc_fffb82ef ; jne 0xfffb82ef mov ecx, dword [ebx] lea eax, [ebx + 4] mov dword [ebp - 0xe0], ecx test ecx, ecx -jns short loc_fffb7744 ; jns 0xfffb7744 +jns short loc_fffb8273 ; jns 0xfffb8273 neg dword [ebp - 0xe0] or dword [ebp - 0xc4], 4 -loc_fffb7744: +loc_fffb8273: inc edi mov ebx, eax -loc_fffb7747: +loc_fffb8276: cmp dword [ebp - 0xe0], 0x1f4 -jle loc_fffb7818 ; jle 0xfffb7818 +jle loc_fffb8347 ; jle 0xfffb8347 -loc_fffb7757: +loc_fffb8286: or eax, 0xffffffff -jmp near loc_fffb82b2 ; jmp 0xfffb82b2 +jmp near loc_fffb8de1 ; jmp 0xfffb8de1 -loc_fffb775f: +loc_fffb828e: mov edi, esi sub edi, ecx -jne short loc_fffb778a ; jne 0xfffb778a +jne short loc_fffb82b9 ; jne 0xfffb82b9 -loc_fffb7765: +loc_fffb8294: cmp byte [esi], 0 -jne short loc_fffb77ad ; jne 0xfffb77ad +jne short loc_fffb82dc ; jne 0xfffb82dc mov ecx, esi -loc_fffb776c: +loc_fffb829b: cmp byte [ecx], 0 -je loc_fffb8277 ; je 0xfffb8277 +je loc_fffb8da6 ; je 0xfffb8da6 mov esi, ecx -loc_fffb7777: +loc_fffb82a6: mov al, byte [esi] cmp al, 0x25 setne dl test al, al setne al test dl, al -je short loc_fffb775f ; je 0xfffb775f +je short loc_fffb828e ; je 0xfffb828e inc esi -jmp short loc_fffb7777 ; jmp 0xfffb7777 +jmp short loc_fffb82a6 ; jmp 0xfffb82a6 -loc_fffb778a: +loc_fffb82b9: push eax push edi push ecx push dword [ebp - 0xa4] -call fcn_fffa5c2e ; call 0xfffa5c2e +call fcn_fffa5c76 ; call 0xfffa5c76 add esp, 0x10 mov dword [ebp - 0xa4], eax test eax, eax -je short loc_fffb7757 ; je 0xfffb7757 +je short loc_fffb8286 ; je 0xfffb8286 add dword [ebp - 0xe4], edi -jmp short loc_fffb7765 ; jmp 0xfffb7765 +jmp short loc_fffb8294 ; jmp 0xfffb8294 -loc_fffb77ad: +loc_fffb82dc: lea edi, [esi + 1] mov dword [ebp - 0xc4], 0 -loc_fffb77ba: +loc_fffb82e9: mov dl, byte [edi] test dl, dl -jne short loc_fffb77cc ; jne 0xfffb77cc +jne short loc_fffb82fb ; jne 0xfffb82fb -loc_fffb77c0: +loc_fffb82ef: mov dword [ebp - 0xe0], 0 -jmp short loc_fffb7808 ; jmp 0xfffb7808 +jmp short loc_fffb8337 ; jmp 0xfffb8337 -loc_fffb77cc: -mov eax, ref_fffd58b0 ; mov eax, 0xfffd58b0 +loc_fffb82fb: +mov eax, ref_fffd531c ; mov eax, 0xfffd531c -loc_fffb77d1: +loc_fffb8300: mov cl, byte [eax] cmp cl, dl -je loc_fffb827f ; je 0xfffb827f +je loc_fffb8dae ; je 0xfffb8dae test cl, cl -je loc_fffb771f ; je 0xfffb771f +je loc_fffb824e ; je 0xfffb824e inc eax -jmp short loc_fffb77d1 ; jmp 0xfffb77d1 +jmp short loc_fffb8300 ; jmp 0xfffb8300 -loc_fffb77e6: +loc_fffb8315: cmp dword [ebp - 0xe0], 0x1f3 -jg loc_fffb7747 ; jg 0xfffb7747 +jg loc_fffb8276 ; jg 0xfffb8276 imul edx, dword [ebp - 0xe0], 0xa inc edi lea eax, [edx + eax - 0x30] mov dword [ebp - 0xe0], eax -loc_fffb7808: +loc_fffb8337: movsx eax, byte [edi] lea edx, [eax - 0x30] cmp dl, 9 -jbe short loc_fffb77e6 ; jbe 0xfffb77e6 -jmp near loc_fffb7747 ; jmp 0xfffb7747 +jbe short loc_fffb8315 ; jbe 0xfffb8315 +jmp near loc_fffb8276 ; jmp 0xfffb8276 -loc_fffb7818: +loc_fffb8347: cmp byte [edi], 0x2e mov dword [ebp - 0xd0], 0xffffffff -jne short loc_fffb7891 ; jne 0xfffb7891 +jne short loc_fffb83c0 ; jne 0xfffb83c0 cmp byte [edi + 1], 0x2a -je short loc_fffb783a ; je 0xfffb783a +je short loc_fffb8369 ; je 0xfffb8369 inc edi mov dword [ebp - 0xd0], 0 -jmp short loc_fffb7876 ; jmp 0xfffb7876 +jmp short loc_fffb83a5 ; jmp 0xfffb83a5 -loc_fffb783a: +loc_fffb8369: mov ecx, dword [ebx] lea eax, [ebx + 4] mov dword [ebp - 0xd0], ecx cmp ecx, 0x1f4 -jg loc_fffb7757 ; jg 0xfffb7757 +jg loc_fffb8286 ; jg 0xfffb8286 add edi, 2 mov ebx, eax -jmp short loc_fffb7891 ; jmp 0xfffb7891 +jmp short loc_fffb83c0 ; jmp 0xfffb83c0 -loc_fffb7858: +loc_fffb8387: cmp dword [ebp - 0xd0], 0x1f3 -jg short loc_fffb7881 ; jg 0xfffb7881 +jg short loc_fffb83b0 ; jg 0xfffb83b0 imul edx, dword [ebp - 0xd0], 0xa inc edi lea eax, [edx + eax - 0x30] mov dword [ebp - 0xd0], eax -loc_fffb7876: +loc_fffb83a5: movsx eax, byte [edi] lea edx, [eax - 0x30] cmp dl, 9 -jbe short loc_fffb7858 ; jbe 0xfffb7858 +jbe short loc_fffb8387 ; jbe 0xfffb8387 -loc_fffb7881: +loc_fffb83b0: cmp dword [ebp - 0xd0], 0x1f4 -jg loc_fffb7757 ; jg 0xfffb7757 +jg loc_fffb8286 ; jg 0xfffb8286 -loc_fffb7891: +loc_fffb83c0: cmp byte [edi], 0x3a mov dword [ebp - 0xc0], 0 -jne short loc_fffb7903 ; jne 0xfffb7903 +jne short loc_fffb8432 ; jne 0xfffb8432 cmp byte [edi + 1], 0x2a -jne short loc_fffb78ea ; jne 0xfffb78ea +jne short loc_fffb8419 ; jne 0xfffb8419 mov esi, dword [ebx] lea eax, [ebx + 4] mov dword [ebp - 0xc0], esi test esi, esi -js short loc_fffb78bf ; js 0xfffb78bf +js short loc_fffb83ee ; js 0xfffb83ee cmp esi, 0x24 -jle short loc_fffb78c9 ; jle 0xfffb78c9 -jmp near loc_fffb7757 ; jmp 0xfffb7757 +jle short loc_fffb83f8 ; jle 0xfffb83f8 +jmp near loc_fffb8286 ; jmp 0xfffb8286 -loc_fffb78bf: +loc_fffb83ee: mov dword [ebp - 0xc0], 0 -loc_fffb78c9: +loc_fffb83f8: add edi, 2 mov ebx, eax -jmp short loc_fffb7903 ; jmp 0xfffb7903 +jmp short loc_fffb8432 ; jmp 0xfffb8432 -loc_fffb78d0: +loc_fffb83ff: cmp dword [ebp - 0xc0], 0x23 -jg short loc_fffb78f6 ; jg 0xfffb78f6 +jg short loc_fffb8425 ; jg 0xfffb8425 imul ecx, dword [ebp - 0xc0], 0xa lea eax, [ecx + eax - 0x30] mov dword [ebp - 0xc0], eax -loc_fffb78ea: +loc_fffb8419: inc edi movsx eax, byte [edi] lea edx, [eax - 0x30] cmp dl, 9 -jbe short loc_fffb78d0 ; jbe 0xfffb78d0 +jbe short loc_fffb83ff ; jbe 0xfffb83ff -loc_fffb78f6: +loc_fffb8425: cmp dword [ebp - 0xc0], 0x24 -jg loc_fffb7757 ; jg 0xfffb7757 +jg loc_fffb8286 ; jg 0xfffb8286 -loc_fffb7903: +loc_fffb8432: cmp byte [edi], 0x5b mov dword [ebp - 0xd8], 0 -jne short loc_fffb793b ; jne 0xfffb793b +jne short loc_fffb846a ; jne 0xfffb846a lea eax, [edi + 1] not edi mov dword [ebp - 0xf8], eax -loc_fffb791d: +loc_fffb844c: mov dl, byte [eax] lea esi, [edi + eax] mov dword [ebp - 0xd8], esi mov esi, eax test dl, dl -je loc_fffb7757 ; je 0xfffb7757 +je loc_fffb8286 ; je 0xfffb8286 inc eax cmp dl, 0x5d -jne short loc_fffb791d ; jne 0xfffb791d +jne short loc_fffb844c ; jne 0xfffb844c lea edi, [esi + 1] -loc_fffb793b: +loc_fffb846a: mov al, byte [edi] -mov esi, ref_fffd6023 ; mov esi, 0xfffd6023 +mov esi, ref_fffd631f ; mov esi, 0xfffd631f test al, al -je short loc_fffb7973 ; je 0xfffb7973 +je short loc_fffb84a2 ; je 0xfffb84a2 -loc_fffb7946: +loc_fffb8475: mov dl, byte [esi] cmp dl, al -je short loc_fffb7957 ; je 0xfffb7957 +je short loc_fffb8486 ; je 0xfffb8486 test dl, dl -je short loc_fffb7953 ; je 0xfffb7953 +je short loc_fffb8482 ; je 0xfffb8482 inc esi -jmp short loc_fffb7946 ; jmp 0xfffb7946 +jmp short loc_fffb8475 ; jmp 0xfffb8475 -loc_fffb7953: +loc_fffb8482: xor eax, eax -jmp short loc_fffb7973 ; jmp 0xfffb7973 +jmp short loc_fffb84a2 ; jmp 0xfffb84a2 -loc_fffb7957: +loc_fffb8486: mov dl, byte [edi + 1] lea esi, [edi + 1] test dl, dl -je loc_fffb8297 ; je 0xfffb8297 +je loc_fffb8dc6 ; je 0xfffb8dc6 cmp dl, al -jne loc_fffb8297 ; jne 0xfffb8297 +jne loc_fffb8dc6 ; jne 0xfffb8dc6 or eax, 1 add edi, 2 -loc_fffb7973: +loc_fffb84a2: mov dl, byte [edi] test dl, dl -jne short loc_fffb7983 ; jne 0xfffb7983 +jne short loc_fffb84b2 ; jne 0xfffb84b2 mov ecx, dword [ebx] add ebx, 4 -jmp near loc_fffb776c ; jmp 0xfffb776c +jmp near loc_fffb829b ; jmp 0xfffb829b -loc_fffb7983: +loc_fffb84b2: mov byte [ebp - 0xc8], 0 cmp dl, 0x43 -jne short loc_fffb79a5 ; jne 0xfffb79a5 +jne short loc_fffb84d4 ; jne 0xfffb84d4 mov cl, byte [edi + 1] lea esi, [edi + 1] mov byte [ebp - 0xc8], cl test cl, cl -je loc_fffb7757 ; je 0xfffb7757 +je loc_fffb8286 ; je 0xfffb8286 mov edi, esi -loc_fffb79a5: +loc_fffb84d4: mov byte [ebp - 0xab], dl cmp dl, 0x6e -jne short loc_fffb7a06 ; jne 0xfffb7a06 +jne short loc_fffb8535 ; jne 0xfffb8535 mov edx, dword [ebx] test edx, edx -je loc_fffb82ab ; je 0xfffb82ab +je loc_fffb8dda ; je 0xfffb8dda cmp al, 0x68 -jne short loc_fffb79cc ; jne 0xfffb79cc +jne short loc_fffb84fb ; jne 0xfffb84fb mov eax, dword [ebp - 0xe4] mov word [edx], ax -jmp near loc_fffb82ab ; jmp 0xfffb82ab +jmp near loc_fffb8dda ; jmp 0xfffb8dda -loc_fffb79cc: +loc_fffb84fb: cmp al, 0x69 -jne short loc_fffb79dd ; jne 0xfffb79dd +jne short loc_fffb850c ; jne 0xfffb850c mov al, byte [ebp - 0xe4] mov byte [edx], al -jmp near loc_fffb82ab ; jmp 0xfffb82ab +jmp near loc_fffb8dda ; jmp 0xfffb8dda -loc_fffb79dd: +loc_fffb850c: cmp al, 0x6c -je short loc_fffb79f9 ; je 0xfffb79f9 +je short loc_fffb8528 ; je 0xfffb8528 cmp al, 0x6a -jne short loc_fffb79f9 ; jne 0xfffb79f9 +jne short loc_fffb8528 ; jne 0xfffb8528 mov eax, dword [ebp - 0xe4] mov dword [edx + 4], 0 mov dword [edx], eax -jmp near loc_fffb82ab ; jmp 0xfffb82ab +jmp near loc_fffb8dda ; jmp 0xfffb8dda -loc_fffb79f9: +loc_fffb8528: mov eax, dword [ebp - 0xe4] mov dword [edx], eax -jmp near loc_fffb82ab ; jmp 0xfffb82ab +jmp near loc_fffb8dda ; jmp 0xfffb8dda -loc_fffb7a06: +loc_fffb8535: cmp dl, 0x25 -jne short loc_fffb7a34 ; jne 0xfffb7a34 +jne short loc_fffb8563 ; jne 0xfffb8563 sub esp, 0xc xor ecx, ecx push 0 @@ -32829,28 +33589,28 @@ push eax push 0 push 0 lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 +call fcn_fffb7de8 ; call 0xfffb7de8 add esp, 0x20 -jmp near loc_fffb8261 ; jmp 0xfffb8261 +jmp near loc_fffb8d90 ; jmp 0xfffb8d90 -loc_fffb7a34: +loc_fffb8563: mov esi, edx and esi, 0xffffffdf mov ecx, esi cmp cl, 0x43 -jne short loc_fffb7ab9 ; jne 0xfffb7ab9 +jne short loc_fffb85e8 ; jne 0xfffb85e8 cmp dl, 0x63 -jne short loc_fffb7a52 ; jne 0xfffb7a52 +jne short loc_fffb8581 ; jne 0xfffb8581 mov eax, dword [ebx] add ebx, 4 mov byte [ebp - 0x9a], al -jmp short loc_fffb7a5e ; jmp 0xfffb7a5e +jmp short loc_fffb858d ; jmp 0xfffb858d -loc_fffb7a52: +loc_fffb8581: mov al, byte [ebp - 0xc8] mov byte [ebp - 0x9a], al -loc_fffb7a5e: +loc_fffb858d: mov esi, dword [ebp - 0xd0] mov eax, 1 test esi, esi @@ -32860,7 +33620,7 @@ cmovg eax, esi xor esi, esi mov dword [ebp - 0xc0], eax -loc_fffb7a7b: +loc_fffb85aa: sub esp, 0xc xor ecx, ecx push 0 @@ -32871,42 +33631,42 @@ push eax push 0 push 0 lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 +call fcn_fffb7de8 ; call 0xfffb7de8 add esp, 0x20 cmp eax, 0xffffffff -je loc_fffb7757 ; je 0xfffb7757 +je loc_fffb8286 ; je 0xfffb8286 add esi, eax dec dword [ebp - 0xc0] -jne short loc_fffb7a7b ; jne 0xfffb7a7b +jne short loc_fffb85aa ; jne 0xfffb85aa mov eax, esi -jmp near loc_fffb8261 ; jmp 0xfffb8261 +jmp near loc_fffb8d90 ; jmp 0xfffb8d90 -loc_fffb7ab9: +loc_fffb85e8: cmp dl, 0x73 -jne loc_fffb7b51 ; jne 0xfffb7b51 +jne loc_fffb8680 ; jne 0xfffb8680 lea eax, [ebx + 4] -mov edx, ref_fffd602a ; mov edx, 0xfffd602a +mov edx, ref_fffd6326 ; mov edx, 0xfffd6326 mov dword [ebp - 0xc0], eax mov eax, dword [ebx] test eax, eax cmove eax, edx mov ecx, eax -loc_fffb7ad9: +loc_fffb8608: cmp byte [ecx], 0 -je short loc_fffb7ae1 ; je 0xfffb7ae1 +je short loc_fffb8610 ; je 0xfffb8610 inc ecx -jmp short loc_fffb7ad9 ; jmp 0xfffb7ad9 +jmp short loc_fffb8608 ; jmp 0xfffb8608 -loc_fffb7ae1: +loc_fffb8610: mov ebx, dword [ebp - 0xd0] sub ecx, eax test ebx, ebx -js short loc_fffb7af2 ; js 0xfffb7af2 +js short loc_fffb8621 ; js 0xfffb8621 cmp ecx, ebx cmovg ecx, ebx -loc_fffb7af2: +loc_fffb8621: mov esi, dword [ebp - 0xe0] xor edx, edx mov ebx, esi @@ -32916,13 +33676,13 @@ mov esi, dword [ebp - 0xc4] cmovl edx, ebx xor ebx, ebx and esi, 4 -je short loc_fffb7b14 ; je 0xfffb7b14 +je short loc_fffb8643 ; je 0xfffb8643 mov ebx, edx xor edx, edx -loc_fffb7b14: +loc_fffb8643: test byte [ebp - 0xc4], 0x40 -je short loc_fffb7b2c ; je 0xfffb7b2c +je short loc_fffb865b ; je 0xfffb865b add ebx, edx xor edx, edx test esi, esi @@ -32931,7 +33691,7 @@ add edx, ebx sar edx, 1 sub ebx, edx -loc_fffb7b2c: +loc_fffb865b: sub esp, 0xc push ebx push ecx @@ -32940,21 +33700,21 @@ push eax push 0 push 0 lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 +call fcn_fffb7de8 ; call 0xfffb7de8 add esp, 0x20 mov ebx, dword [ebp - 0xc0] -jmp near loc_fffb8261 ; jmp 0xfffb8261 +jmp near loc_fffb8d90 ; jmp 0xfffb8d90 -loc_fffb7b51: +loc_fffb8680: cmp dl, 0x70 -jne short loc_fffb7b7d ; jne 0xfffb7b7d +jne short loc_fffb86ac ; jne 0xfffb86ac mov byte [ebp - 0xab], 0x58 xor eax, eax mov dword [ebp - 0xd0], 8 mov dword [ebp - 0xe0], 8 mov dword [ebp - 0xc4], 0x28 -loc_fffb7b7d: +loc_fffb86ac: mov dl, byte [ebp - 0xab] cmp dl, 0x69 sete cl @@ -32963,24 +33723,24 @@ mov byte [ebp - 0xd4], dl sete dl or dl, cl mov byte [ebp - 0xe8], cl -jne short loc_fffb7baa ; jne 0xfffb7baa +jne short loc_fffb86d9 ; jne 0xfffb86d9 xor esi, esi cmp byte [ebp - 0xd4], 0x49 -jne short loc_fffb7bd9 ; jne 0xfffb7bd9 +jne short loc_fffb8708 ; jne 0xfffb8708 -loc_fffb7baa: +loc_fffb86d9: mov dl, byte [ebp - 0xd4] mov esi, 0xa and dword [ebp - 0xc4], 0xfffffff7 or dword [ebp - 0xc4], 0x80 and edx, 0xffffffdf cmp dl, 0x49 -jne short loc_fffb7bd9 ; jne 0xfffb7bd9 +jne short loc_fffb8708 ; jne 0xfffb8708 mov ecx, dword [ebp - 0xc0] test ecx, ecx cmovne esi, ecx -loc_fffb7bd9: +loc_fffb8708: mov dl, byte [ebp - 0xd4] and edx, 0xffffffdf cmp dl, 0x58 @@ -32990,68 +33750,68 @@ mov byte [ebp - 0xcc], cl mov ecx, 0x10 cmovne esi, ecx cmp dl, 0x55 -jne short loc_fffb7c0d ; jne 0xfffb7c0d +jne short loc_fffb873c ; jne 0xfffb873c mov ecx, dword [ebp - 0xc0] mov esi, 0xa test ecx, ecx cmovne esi, ecx -loc_fffb7c0d: +loc_fffb873c: mov cl, byte [ebp - 0xd4] cmp cl, 0x6f -je short loc_fffb7c27 ; je 0xfffb7c27 +je short loc_fffb8756 ; je 0xfffb8756 cmp cl, 0x62 -je short loc_fffb7c2e ; je 0xfffb7c2e +je short loc_fffb875d ; je 0xfffb875d cmp esi, 1 -ja short loc_fffb7c33 ; ja 0xfffb7c33 -jmp near loc_fffb7757 ; jmp 0xfffb7757 +ja short loc_fffb8762 ; ja 0xfffb8762 +jmp near loc_fffb8286 ; jmp 0xfffb8286 -loc_fffb7c27: +loc_fffb8756: mov esi, 8 -jmp short loc_fffb7c33 ; jmp 0xfffb7c33 +jmp short loc_fffb8762 ; jmp 0xfffb8762 -loc_fffb7c2e: +loc_fffb875d: mov esi, 2 -loc_fffb7c33: +loc_fffb8762: test byte [ebp - 0xc4], 0x80 -je loc_fffb7cf8 ; je 0xfffb7cf8 +je loc_fffb8827 ; je 0xfffb8827 cmp al, 0x6c -jne short loc_fffb7c49 ; jne 0xfffb7c49 +jne short loc_fffb8778 ; jne 0xfffb8778 lea eax, [ebx + 4] -jmp short loc_fffb7c50 ; jmp 0xfffb7c50 +jmp short loc_fffb877f ; jmp 0xfffb877f -loc_fffb7c49: +loc_fffb8778: cmp al, 0x6a -jne short loc_fffb7c5a ; jne 0xfffb7c5a +jne short loc_fffb8789 ; jne 0xfffb8789 lea eax, [ebx + 8] -loc_fffb7c50: +loc_fffb877f: mov dword [ebp - 0xc8], eax -loc_fffb7c56: +loc_fffb8785: mov edx, dword [ebx] -jmp short loc_fffb7c7e ; jmp 0xfffb7c7e +jmp short loc_fffb87ad ; jmp 0xfffb87ad -loc_fffb7c5a: +loc_fffb8789: lea edx, [ebx + 4] cmp al, 0x7a mov dword [ebp - 0xc8], edx -je short loc_fffb7c56 ; je 0xfffb7c56 +je short loc_fffb8785 ; je 0xfffb8785 mov edx, dword [ebx] cmp al, 0x74 -je short loc_fffb7c7e ; je 0xfffb7c7e +je short loc_fffb87ad ; je 0xfffb87ad cmp al, 0x68 -jne short loc_fffb7c76 ; jne 0xfffb7c76 +jne short loc_fffb87a5 ; jne 0xfffb87a5 movsx edx, dx -jmp short loc_fffb7c7e ; jmp 0xfffb7c7e +jmp short loc_fffb87ad ; jmp 0xfffb87ad -loc_fffb7c76: +loc_fffb87a5: movsx ecx, dl cmp al, 0x69 cmove edx, ecx -loc_fffb7c7e: +loc_fffb87ad: mov ecx, edx sar ecx, 0x1f mov eax, ecx @@ -33061,92 +33821,92 @@ mov dword [ebp - 0xc0], eax sar eax, 0x1f mov dword [ebp - 0xbc], eax test edx, edx -jns short loc_fffb7ca5 ; jns 0xfffb7ca5 +jns short loc_fffb87d4 ; jns 0xfffb87d4 mov byte [ebp - 0xaa], 0x2d -jmp short loc_fffb7ccb ; jmp 0xfffb7ccb +jmp short loc_fffb87fa ; jmp 0xfffb87fa -loc_fffb7ca5: +loc_fffb87d4: test byte [ebp - 0xc4], 2 -je short loc_fffb7cb7 ; je 0xfffb7cb7 +je short loc_fffb87e6 ; je 0xfffb87e6 mov byte [ebp - 0xaa], 0x2b -jmp short loc_fffb7ccb ; jmp 0xfffb7ccb +jmp short loc_fffb87fa ; jmp 0xfffb87fa -loc_fffb7cb7: +loc_fffb87e6: mov eax, dword [ebp - 0xc4] and eax, 1 neg eax and eax, 0x20 mov byte [ebp - 0xaa], al -loc_fffb7ccb: +loc_fffb87fa: cmp byte [ebp - 0xaa], 0 mov dword [ebp - 0xdc], 0 -je loc_fffb7d9c ; je 0xfffb7d9c +je loc_fffb88cb ; je 0xfffb88cb or dword [ebp - 0xc4], 8 mov dword [ebp - 0xdc], 1 -jmp near loc_fffb7d9c ; jmp 0xfffb7d9c +jmp near loc_fffb88cb ; jmp 0xfffb88cb -loc_fffb7cf8: +loc_fffb8827: cmp al, 0x6c -jne short loc_fffb7d0b ; jne 0xfffb7d0b +jne short loc_fffb883a ; jne 0xfffb883a lea eax, [ebx + 4] xor edx, edx mov dword [ebp - 0xc8], eax mov eax, dword [ebx] -jmp short loc_fffb7d1d ; jmp 0xfffb7d1d +jmp short loc_fffb884c ; jmp 0xfffb884c -loc_fffb7d0b: +loc_fffb883a: cmp al, 0x6a -jne short loc_fffb7d2b ; jne 0xfffb7d2b +jne short loc_fffb885a ; jne 0xfffb885a lea eax, [ebx + 8] mov edx, dword [ebx + 4] mov dword [ebp - 0xc8], eax mov eax, dword [ebx] -loc_fffb7d1d: +loc_fffb884c: mov dword [ebp - 0xc0], eax mov dword [ebp - 0xbc], edx -jmp short loc_fffb7d8b ; jmp 0xfffb7d8b +jmp short loc_fffb88ba ; jmp 0xfffb88ba -loc_fffb7d2b: +loc_fffb885a: lea edx, [ebx + 4] cmp al, 0x7a mov dword [ebp - 0xc8], edx -je short loc_fffb7d3c ; je 0xfffb7d3c +je short loc_fffb886b ; je 0xfffb886b cmp al, 0x74 -jne short loc_fffb7d4f ; jne 0xfffb7d4f +jne short loc_fffb887e ; jne 0xfffb887e -loc_fffb7d3c: +loc_fffb886b: mov eax, dword [ebx] mov dword [ebp - 0xc0], eax sar eax, 0x1f mov dword [ebp - 0xbc], eax -jmp short loc_fffb7d8b ; jmp 0xfffb7d8b +jmp short loc_fffb88ba ; jmp 0xfffb88ba -loc_fffb7d4f: +loc_fffb887e: mov edx, dword [ebx] mov dword [ebp - 0xbc], 0 mov dword [ebp - 0xc0], edx cmp al, 0x68 -jne short loc_fffb7d70 ; jne 0xfffb7d70 +jne short loc_fffb889f ; jne 0xfffb889f movzx edx, dx mov dword [ebp - 0xc0], edx -jmp short loc_fffb7d81 ; jmp 0xfffb7d81 +jmp short loc_fffb88b0 ; jmp 0xfffb88b0 -loc_fffb7d70: +loc_fffb889f: cmp al, 0x69 -jne short loc_fffb7d8b ; jne 0xfffb7d8b +jne short loc_fffb88ba ; jne 0xfffb88ba movzx eax, byte [ebp - 0xc0] mov dword [ebp - 0xc0], eax -loc_fffb7d81: +loc_fffb88b0: mov dword [ebp - 0xbc], 0 -loc_fffb7d8b: +loc_fffb88ba: mov byte [ebp - 0xaa], 0x30 mov dword [ebp - 0xdc], 0 -loc_fffb7d9c: +loc_fffb88cb: mov eax, dword [ebp - 0xc0] mov edx, dword [ebp - 0xbc] mov ebx, eax @@ -33159,54 +33919,54 @@ mov edx, 1 cmove edx, dword [ebp - 0xdc] cmp byte [ebp - 0xcc], 0 mov dword [ebp - 0xdc], edx -jne short loc_fffb7ddf ; jne 0xfffb7ddf +jne short loc_fffb890e ; jne 0xfffb890e cmp byte [ebp - 0xd4], 0x62 -jne short loc_fffb7e0d ; jne 0xfffb7e0d +jne short loc_fffb893c ; jne 0xfffb893c -loc_fffb7ddf: +loc_fffb890e: test byte [ebp - 0xc4], 0x20 -jne short loc_fffb7df4 ; jne 0xfffb7df4 +jne short loc_fffb8923 ; jne 0xfffb8923 test al, al -je short loc_fffb7e0d ; je 0xfffb7e0d +je short loc_fffb893c ; je 0xfffb893c mov al, byte [ebp - 0xd4] -jmp short loc_fffb7dfd ; jmp 0xfffb7dfd +jmp short loc_fffb892c ; jmp 0xfffb892c -loc_fffb7df4: +loc_fffb8923: mov al, byte [ebp - 0xd4] or eax, 0x20 -loc_fffb7dfd: +loc_fffb892c: mov byte [ebp - 0xa9], al mov dword [ebp - 0xdc], 2 -loc_fffb7e0d: +loc_fffb893c: test byte [ebp - 0xc4], 8 -je short loc_fffb7e24 ; je 0xfffb7e24 +je short loc_fffb8953 ; je 0xfffb8953 lea eax, [ebp - 0xaa] mov dword [ebp - 0xf4], eax -jmp short loc_fffb7e38 ; jmp 0xfffb7e38 +jmp short loc_fffb8967 ; jmp 0xfffb8967 -loc_fffb7e24: +loc_fffb8953: mov dword [ebp - 0xf4], 0 mov dword [ebp - 0xdc], 0 -loc_fffb7e38: +loc_fffb8967: cmp esi, 0xa -jne short loc_fffb7ea3 ; jne 0xfffb7ea3 +jne short loc_fffb89d2 ; jne 0xfffb89d2 mov dword [ebp - 0xcc], 0 lea ebx, [ebp - 0xa0] -loc_fffb7e4d: +loc_fffb897c: mov edx, dword [ebp - 0xbc] mov eax, dword [ebp - 0xc0] mov esi, edx or esi, eax -je loc_fffb7ff0 ; je 0xfffb7ff0 +je loc_fffb8b1f ; je 0xfffb8b1f push ebx push 0xa push dword [ebp - 0xbc] push dword [ebp - 0xc0] -call fcn_fffd28b3 ; call 0xfffd28b3 +call fcn_fffd2ba5 ; call 0xfffd2ba5 mov esi, dword [ebp - 0xa0] add esp, 0x10 inc dword [ebp - 0xcc] @@ -33216,9 +33976,9 @@ mov dword [ebp - 0xbc], edx lea edx, [esi + 0x30] neg eax mov byte [eax + ebp - 0x18], dl -jmp short loc_fffb7e4d ; jmp 0xfffb7e4d +jmp short loc_fffb897c ; jmp 0xfffb897c -loc_fffb7ea3: +loc_fffb89d2: cmp byte [ebp - 0xd4], 0x75 sete byte [ebp - 0xec] cmp esi, 8 @@ -33226,50 +33986,50 @@ sete dl cmp esi, 2 sete al or al, dl -jne short loc_fffb7ee1 ; jne 0xfffb7ee1 +jne short loc_fffb8a10 ; jne 0xfffb8a10 cmp esi, 0x10 -je short loc_fffb7ee1 ; je 0xfffb7ee1 +je short loc_fffb8a10 ; je 0xfffb8a10 mov bl, byte [ebp - 0xec] mov dword [ebp - 0xcc], 0 or ebx, dword [ebp - 0xe8] -jmp near loc_fffb7f83 ; jmp 0xfffb7f83 +jmp near loc_fffb8ab2 ; jmp 0xfffb8ab2 -loc_fffb7ee1: +loc_fffb8a10: lea eax, [esi - 1] cmp esi, 0x10 -je short loc_fffb7ef6 ; je 0xfffb7ef6 +je short loc_fffb8a25 ; je 0xfffb8a25 cmp dl, 1 sbb ecx, ecx and ecx, 0xfffffffe add ecx, 3 -jmp short loc_fffb7efb ; jmp 0xfffb7efb +jmp short loc_fffb8a2a ; jmp 0xfffb8a2a -loc_fffb7ef6: +loc_fffb8a25: mov ecx, 4 -loc_fffb7efb: +loc_fffb8a2a: mov dword [ebp - 0xcc], 0 -loc_fffb7f05: +loc_fffb8a34: mov esi, dword [ebp - 0xbc] mov ebx, dword [ebp - 0xc0] mov edx, esi or edx, ebx -je loc_fffb7ff0 ; je 0xfffb7ff0 +je loc_fffb8b1f ; je 0xfffb8b1f mov edx, dword [ebp - 0xc0] and edx, eax cmp byte [ebp - 0xd4], 0x78 -mov bl, byte [edx + ref_fffd5868] ; mov bl, byte [edx - 0x2a798] +mov bl, byte [edx + ref_fffd52d4] ; mov bl, byte [edx - 0x2ad2c] sete dl or dl, byte [ebp - 0xe8] -jne short loc_fffb7f44 ; jne 0xfffb7f44 +jne short loc_fffb8a73 ; jne 0xfffb8a73 cmp byte [ebp - 0xec], 0 -je short loc_fffb7f47 ; je 0xfffb7f47 +je short loc_fffb8a76 ; je 0xfffb8a76 -loc_fffb7f44: +loc_fffb8a73: or ebx, 0x20 -loc_fffb7f47: +loc_fffb8a76: inc dword [ebp - 0xcc] mov edx, dword [ebp - 0xcc] mov esi, dword [ebp - 0xbc] @@ -33284,24 +34044,24 @@ cmovne ebx, esi cmovne esi, edx mov dword [ebp - 0xc0], ebx mov dword [ebp - 0xbc], esi -jmp short loc_fffb7f05 ; jmp 0xfffb7f05 +jmp short loc_fffb8a34 ; jmp 0xfffb8a34 -loc_fffb7f83: +loc_fffb8ab2: mov edx, dword [ebp - 0xbc] mov eax, dword [ebp - 0xc0] mov ecx, edx or ecx, eax -je short loc_fffb7ff0 ; je 0xfffb7ff0 +je short loc_fffb8b1f ; je 0xfffb8b1f push eax push esi push dword [ebp - 0xbc] push dword [ebp - 0xc0] -call fcn_fffd2889 ; call 0xfffd2889 +call fcn_fffd2b7b ; call 0xfffd2b7b add esp, 0xc push esi push dword [ebp - 0xbc] push dword [ebp - 0xc0] -mov al, byte [eax + ref_fffd5868] ; mov al, byte [eax - 0x2a798] +mov al, byte [eax + ref_fffd52d4] ; mov al, byte [eax - 0x2ad2c] mov dl, al or edx, 0x20 test bl, bl @@ -33310,16 +34070,16 @@ inc dword [ebp - 0xcc] mov edx, dword [ebp - 0xcc] neg edx mov byte [edx + ebp - 0x18], al -call fcn_fffd289e ; call 0xfffd289e +call fcn_fffd2b90 ; call 0xfffd2b90 add esp, 0x10 mov dword [ebp - 0xc0], eax mov dword [ebp - 0xbc], edx -jmp short loc_fffb7f83 ; jmp 0xfffb7f83 +jmp short loc_fffb8ab2 ; jmp 0xfffb8ab2 -loc_fffb7ff0: +loc_fffb8b1f: cmp dword [ebp - 0xd8], 0 mov dword [ebp - 0xf0], 0 -je loc_fffb819b ; je 0xfffb819b +je loc_fffb8cca ; je 0xfffb8cca mov ebx, dword [ebp - 0xf8] mov esi, dword [ebp - 0xd8] mov eax, dword [ebp - 0xcc] @@ -33331,40 +34091,40 @@ mov dword [ebp - 0xe8], eax xor eax, eax mov dword [ebp - 0xd4], ebx -loc_fffb8042: +loc_fffb8b71: cmp dword [ebp - 0xe8], 0 -je loc_fffb819b ; je 0xfffb819b +je loc_fffb8cca ; je 0xfffb8cca cmp dword [ebp - 0xd8], 0 -je loc_fffb829e ; je 0xfffb829e +je loc_fffb8dcd ; je 0xfffb8dcd mov esi, dword [ebp - 0xd4] mov al, byte [esi] cmp al, 0x2d -je loc_fffb819b ; je 0xfffb819b +je loc_fffb8cca ; je 0xfffb8cca cmp al, 0x2a -je short loc_fffb808e ; je 0xfffb808e +je short loc_fffb8bbd ; je 0xfffb8bbd mov ebx, dword [ebp - 0xd8] xor eax, eax mov dword [ebp - 0xec], 1 sub esi, ebx mov edx, ebx mov dword [ebp - 0x100], esi -jmp short loc_fffb80e1 ; jmp 0xfffb80e1 +jmp short loc_fffb8c10 ; jmp 0xfffb8c10 -loc_fffb808e: +loc_fffb8bbd: mov eax, dword [ebp - 0xc8] lea ebx, [eax + 4] mov eax, dword [eax] test eax, eax -js loc_fffb8195 ; js 0xfffb8195 +js loc_fffb8cc4 ; js 0xfffb8cc4 mov ecx, dword [ebp - 0xd4] mov edx, dword [ebp - 0xd8] mov dword [ebp - 0xc8], ebx dec ecx dec edx -jne short loc_fffb8108 ; jne 0xfffb8108 -jmp near loc_fffb819b ; jmp 0xfffb819b +jne short loc_fffb8c37 ; jne 0xfffb8c37 +jmp near loc_fffb8cca ; jmp 0xfffb8cca -loc_fffb80bc: +loc_fffb8beb: movsx esi, byte [ebp - 0xf9] mov ecx, dword [ebp - 0xec] sub esi, 0x30 @@ -33373,9 +34133,9 @@ add eax, esi imul esi, ecx, 0xa mov dword [ebp - 0xec], esi dec edx -je loc_fffb819b ; je 0xfffb819b +je loc_fffb8cca ; je 0xfffb8cca -loc_fffb80e1: +loc_fffb8c10: mov ebx, dword [ebp - 0x100] mov ecx, edx sub ecx, dword [ebp - 0xd8] @@ -33385,9 +34145,9 @@ lea esi, [ebx - 0x30] mov byte [ebp - 0xf9], bl mov ebx, esi cmp bl, 9 -jbe short loc_fffb80bc ; jbe 0xfffb80bc +jbe short loc_fffb8beb ; jbe 0xfffb8beb -loc_fffb8108: +loc_fffb8c37: mov bl, byte [ecx] lea esi, [ecx - 1] mov dword [ebp - 0xd4], esi @@ -33395,26 +34155,26 @@ mov byte [ebp - 0xec], bl lea ebx, [edx - 1] mov dword [ebp - 0xd8], ebx test eax, eax -je short loc_fffb8186 ; je 0xfffb8186 +je short loc_fffb8cb5 ; je 0xfffb8cb5 -loc_fffb8126: +loc_fffb8c55: mov esi, dword [ebp - 0xe8] cmp esi, eax -jle short loc_fffb819b ; jle 0xfffb819b +jle short loc_fffb8cca ; jle 0xfffb8cca lea ecx, [ebp - 0x9a] sub esi, eax add ecx, dword [ebp - 0xc0] xor edx, edx -loc_fffb8140: +loc_fffb8c6f: cmp edx, esi -je short loc_fffb814e ; je 0xfffb814e +je short loc_fffb8c7d ; je 0xfffb8c7d mov bl, byte [ecx + edx] mov byte [ecx + edx - 1], bl inc edx -jmp short loc_fffb8140 ; jmp 0xfffb8140 +jmp short loc_fffb8c6f ; jmp 0xfffb8c6f -loc_fffb814e: +loc_fffb8c7d: mov ecx, dword [ebp - 0xe8] dec dword [ebp - 0xc0] add ecx, dword [ebp - 0xc0] @@ -33424,26 +34184,26 @@ sub ecx, eax inc dword [ebp - 0xf0] mov byte [ebp + ecx - 0x9a], bl mov dword [ebp - 0xe8], edx -jmp near loc_fffb8042 ; jmp 0xfffb8042 +jmp near loc_fffb8b71 ; jmp 0xfffb8b71 -loc_fffb8186: +loc_fffb8cb5: cmp dword [ebp - 0xd8], 0 -jne loc_fffb8042 ; jne 0xfffb8042 -jmp short loc_fffb819b ; jmp 0xfffb819b +jne loc_fffb8b71 ; jne 0xfffb8b71 +jmp short loc_fffb8cca ; jmp 0xfffb8cca -loc_fffb8195: +loc_fffb8cc4: mov dword [ebp - 0xc8], ebx -loc_fffb819b: +loc_fffb8cca: cmp dword [ebp - 0xd0], 0 -js short loc_fffb81ad ; js 0xfffb81ad +js short loc_fffb8cdc ; js 0xfffb8cdc and dword [ebp - 0xc4], 0xffffffef -jmp short loc_fffb81b7 ; jmp 0xfffb81b7 +jmp short loc_fffb8ce6 ; jmp 0xfffb8ce6 -loc_fffb81ad: +loc_fffb8cdc: mov dword [ebp - 0xd0], 1 -loc_fffb81b7: +loc_fffb8ce6: mov esi, dword [ebp - 0xcc] mov eax, dword [ebp - 0xd0] add eax, dword [ebp - 0xf0] @@ -33461,13 +34221,13 @@ cmovl edx, ecx mov ecx, dword [ebp - 0xc4] xor eax, eax and ecx, 4 -je short loc_fffb81fa ; je 0xfffb81fa +je short loc_fffb8d29 ; je 0xfffb8d29 mov eax, edx xor edx, edx -loc_fffb81fa: +loc_fffb8d29: test byte [ebp - 0xc4], 0x40 -je short loc_fffb8212 ; je 0xfffb8212 +je short loc_fffb8d41 ; je 0xfffb8d41 add eax, edx xor edx, edx test ecx, ecx @@ -33476,15 +34236,15 @@ add edx, eax sar edx, 1 sub eax, edx -loc_fffb8212: +loc_fffb8d41: sub ebx, dword [ebp - 0xcc] mov ecx, ebx test byte [ebp - 0xc4], 0x10 -je short loc_fffb8227 ; je 0xfffb8227 +je short loc_fffb8d56 ; je 0xfffb8d56 add ecx, edx xor edx, edx -loc_fffb8227: +loc_fffb8d56: mov esi, dword [ebp - 0xcc] sub esp, 0xc push eax @@ -33497,45 +34257,45 @@ push ecx mov ecx, dword [ebp - 0xf4] push dword [ebp - 0xdc] lea eax, [ebp - 0xa4] -call fcn_fffb7325 ; call 0xfffb7325 +call fcn_fffb7de8 ; call 0xfffb7de8 mov ebx, dword [ebp - 0xc8] add esp, 0x20 -loc_fffb8261: +loc_fffb8d90: test eax, eax -js loc_fffb7757 ; js 0xfffb7757 +js loc_fffb8286 ; js 0xfffb8286 -loc_fffb8269: +loc_fffb8d98: add dword [ebp - 0xe4], eax lea ecx, [edi + 1] -jmp near loc_fffb776c ; jmp 0xfffb776c +jmp near loc_fffb829b ; jmp 0xfffb829b -loc_fffb8277: +loc_fffb8da6: mov eax, dword [ebp - 0xe4] -jmp short loc_fffb82b2 ; jmp 0xfffb82b2 +jmp short loc_fffb8de1 ; jmp 0xfffb8de1 -loc_fffb827f: -sub eax, ref_fffd58b0 ; sub eax, 0xfffd58b0 +loc_fffb8dae: +sub eax, ref_fffd531c ; sub eax, 0xfffd531c inc edi -mov eax, dword [eax*4 + ref_fffd5890] ; mov eax, dword [eax*4 - 0x2a770] +mov eax, dword [eax*4 + ref_fffd52fc] ; mov eax, dword [eax*4 - 0x2ad04] or dword [ebp - 0xc4], eax -jmp near loc_fffb77ba ; jmp 0xfffb77ba +jmp near loc_fffb82e9 ; jmp 0xfffb82e9 -loc_fffb8297: +loc_fffb8dc6: mov edi, esi -jmp near loc_fffb7973 ; jmp 0xfffb7973 +jmp near loc_fffb84a2 ; jmp 0xfffb84a2 -loc_fffb829e: +loc_fffb8dcd: test eax, eax -jne loc_fffb8126 ; jne 0xfffb8126 -jmp near loc_fffb819b ; jmp 0xfffb819b +jne loc_fffb8c55 ; jne 0xfffb8c55 +jmp near loc_fffb8cca ; jmp 0xfffb8cca -loc_fffb82ab: +loc_fffb8dda: add ebx, 4 xor eax, eax -jmp short loc_fffb8269 ; jmp 0xfffb8269 +jmp short loc_fffb8d98 ; jmp 0xfffb8d98 -loc_fffb82b2: +loc_fffb8de1: lea esp, [ebp - 0xc] pop ebx pop esi @@ -33543,7 +34303,7 @@ pop edi pop ebp ret -fcn_fffb82ba: +fcn_fffb8de9: push ebp mov ebp, esp push edi @@ -33554,9 +34314,9 @@ mov ebx, eax sub esp, 0x20 mov esi, dword [edx + 9] mov edx, dword [ebx + 0x188b] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] push 4 -lea edx, [edx*4 + ref_fffd3230] ; lea edx, [edx*4 - 0x2cdd0] +lea edx, [edx*4 + ref_fffd3520] ; lea edx, [edx*4 - 0x2cae0] push edx lea edx, [ebp - 0x1c] push edx @@ -33565,32 +34325,32 @@ mov al, byte [ebx + 0xfac] add esp, 0x10 cmp byte [ebp - 0x1c], al mov al, 1 -jne short loc_fffb8350 ; jne 0xfffb8350 +jne short loc_fffb8e7f ; jne 0xfffb8e7f mov cl, byte [ebx + 0xfad] cmp byte [ebp - 0x1b], cl -jne short loc_fffb8350 ; jne 0xfffb8350 +jne short loc_fffb8e7f ; jne 0xfffb8e7f mov cl, byte [ebx + 0xfae] cmp byte [ebp - 0x1a], cl -jne short loc_fffb8350 ; jne 0xfffb8350 +jne short loc_fffb8e7f ; jne 0xfffb8e7f mov cl, byte [ebx + 0xfaf] cmp byte [ebp - 0x19], cl -jne short loc_fffb8350 ; jne 0xfffb8350 +jne short loc_fffb8e7f ; jne 0xfffb8e7f mov ecx, dword [ebx + 0xfa4] cmp dword [ebx + 0x1887], ecx -jne short loc_fffb8350 ; jne 0xfffb8350 +jne short loc_fffb8e7f ; jne 0xfffb8e7f mov ecx, dword [ebx + 0xfa0] cmp dword [ebx + 0x1883], ecx -jne short loc_fffb8350 ; jne 0xfffb8350 +jne short loc_fffb8e7f ; jne 0xfffb8e7f xor eax, eax cmp edi, 2 -je short loc_fffb8350 ; je 0xfffb8350 +je short loc_fffb8e7f ; je 0xfffb8e7f mov edx, 0x102 mov eax, esi -call fcn_fffc3dc3 ; call 0xfffc3dc3 +call fcn_fffc3cb8 ; call 0xfffc3cb8 cmp eax, dword [ebx + 0xfb0] setne al -loc_fffb8350: +loc_fffb8e7f: lea esp, [ebp - 0xc] pop ebx pop esi @@ -33598,7 +34358,7 @@ pop edi pop ebp ret -fcn_fffb8358: +fcn_fffb8e87: push ebp mov ebp, esp push ebx @@ -33607,42 +34367,42 @@ mov ebx, dword [ebp + 8] lea eax, [ebp - 0xc] push eax push ebx -call fcn_fffab60f ; call 0xfffab60f +call fcn_fffb05b9 ; call 0xfffb05b9 add esp, 0x10 test eax, eax -jns short loc_fffb837a ; jns 0xfffb837a +jns short loc_fffb8ea9 ; jns 0xfffb8ea9 mov dword [ebp - 0xc], 0 -loc_fffb837a: +loc_fffb8ea9: mov eax, dword [ebp - 0xc] test eax, eax -je short loc_fffb838f ; je 0xfffb838f +je short loc_fffb8ebe ; je 0xfffb8ebe push edx push edx push ebx push eax -call fcn_fffac673 ; call 0xfffac673 +call fcn_fffb067f ; call 0xfffb067f add esp, 0x10 -jmp short loc_fffb8391 ; jmp 0xfffb8391 +jmp short loc_fffb8ec0 ; jmp 0xfffb8ec0 -loc_fffb838f: +loc_fffb8ebe: xor eax, eax -loc_fffb8391: +loc_fffb8ec0: mov ebx, dword [ebp - 4] leave ret -fcn_fffb8396: ; not directly referenced +fcn_fffb8ec5: ; not directly referenced and dh, 4 -je short loc_fffb83fa ; je 0xfffb83fa +je short loc_fffb8f29 ; je 0xfffb8f29 push ebp mov edx, ecx mov ebp, esp push edi push esi mov esi, ecx -shr edx, 0x13 +shr edx, 0x14 push ebx and edx, 1 sub esp, 0xc @@ -33650,8 +34410,8 @@ cmp edx, 1 mov edi, dword [eax + 0x68] mov edx, ecx sbb ebx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 -shr esi, 0x11 +call fcn_fffc3acf ; call 0xfffc3acf +shr esi, 0x12 and ebx, 0x10 and esi, 1 add ebx, 0x10 @@ -33662,27 +34422,27 @@ push eax call edi add esp, 0x10 cmp bx, 0x10 -jne short loc_fffb83e9 ; jne 0xfffb83e9 +jne short loc_fffb8f18 ; jne 0xfffb8f18 xor eax, 0x1000000 or eax, edx cmp eax, 1 sbb eax, eax add eax, 0xb -jmp short loc_fffb8400 ; jmp 0xfffb8400 +jmp short loc_fffb8f2f ; jmp 0xfffb8f2f -loc_fffb83e9: ; not directly referenced +loc_fffb8f18: ; not directly referenced xor eax, 0x800000 or eax, edx cmp eax, 1 sbb eax, eax add eax, 0xa -jmp short loc_fffb8400 ; jmp 0xfffb8400 +jmp short loc_fffb8f2f ; jmp 0xfffb8f2f -loc_fffb83fa: ; not directly referenced +loc_fffb8f29: ; not directly referenced mov eax, 0xa ret -loc_fffb8400: ; not directly referenced +loc_fffb8f2f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -33690,16 +34450,16 @@ pop edi pop ebp ret -fcn_fffb8408: ; not directly referenced +fcn_fffb8f37: ; not directly referenced and dh, 4 -je short loc_fffb846c ; je 0xfffb846c +je short loc_fffb8f9b ; je 0xfffb8f9b push ebp mov edx, ecx mov ebp, esp push edi push esi mov esi, ecx -shr edx, 0x14 +shr edx, 0x13 push ebx and edx, 1 sub esp, 0xc @@ -33707,8 +34467,8 @@ cmp edx, 1 mov edi, dword [eax + 0x68] mov edx, ecx sbb ebx, ebx -call fcn_fffc3bda ; call 0xfffc3bda -shr esi, 0x12 +call fcn_fffc3aea ; call 0xfffc3aea +shr esi, 0x11 and ebx, 0x10 and esi, 1 add ebx, 0x10 @@ -33719,27 +34479,27 @@ push eax call edi add esp, 0x10 cmp bx, 0x10 -jne short loc_fffb845b ; jne 0xfffb845b +jne short loc_fffb8f8a ; jne 0xfffb8f8a xor eax, 0x1000000 or eax, edx cmp eax, 1 sbb eax, eax add eax, 0xb -jmp short loc_fffb8472 ; jmp 0xfffb8472 +jmp short loc_fffb8fa1 ; jmp 0xfffb8fa1 -loc_fffb845b: ; not directly referenced +loc_fffb8f8a: ; not directly referenced xor eax, 0x800000 or eax, edx cmp eax, 1 sbb eax, eax add eax, 0xa -jmp short loc_fffb8472 ; jmp 0xfffb8472 +jmp short loc_fffb8fa1 ; jmp 0xfffb8fa1 -loc_fffb846c: ; not directly referenced +loc_fffb8f9b: ; not directly referenced mov eax, 0xa ret -loc_fffb8472: ; not directly referenced +loc_fffb8fa1: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -33747,1388 +34507,1296 @@ pop edi pop ebp ret -fcn_fffb847a: ; not directly referenced +fcn_fffb8fa9: ; not directly referenced push ebp mov ebp, esp +mov eax, dword [ebp + 0xc] +mov edx, dword [ebp + 8] push edi push esi push ebx -sub esp, 0x2c -mov ebx, dword [ebp + 8] -mov dword [ebp - 0x1c], 0 -mov eax, dword [ebx + 0x2443] -lea esi, [ebx + 0xfb9] -mov dword [ebp - 0x20], eax -lea eax, [ebx + 0x10] -mov dword [ebp - 0x2c], eax -mov al, byte [ebx + 0x3755] -mov byte [ebx + 0xfb8], al -mov eax, dword [ebx + 0x374e] -mov dword [ebx + 0xfb4], eax +mov esi, eax +mov word [edx + 0x2468], ax +mov edx, 0x80 +out dx, ax +mov edi, 0x48 +mov ebx, 0x74 -loc_fffb84ba: ; not directly referenced -imul eax, dword [ebp - 0x1c], 0x13c3 -xor edi, edi -mov edx, dword [ebx + eax + 0x3816] -lea ecx, [ebx + eax + 0x3756] -mov dword [ebp - 0x28], ecx -mov dword [esi + 4], edx -mov dl, byte [ebx + eax + 0x381a] -mov byte [esi + 8], dl -mov eax, dword [ebx + eax + 0x3756] -mov dword [esi], eax +loc_fffb8fcf: ; not directly referenced +mov eax, edi +mov edx, ebx +out dx, al +mov edx, 0x75 +in al, dx +movzx ecx, al +mov edx, ebx +mov al, 0x49 +out dx, al +mov edx, 0x75 +in al, dx +shl eax, 8 +or eax, ecx +cmp si, ax +je short loc_fffb8fcf ; je 0xfffb8fcf +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffb84ea: ; not directly referenced -mov eax, dword [ebp - 0x28] -push edx -push 0x2e -lea eax, [eax + edi + 4] -push eax -lea eax, [esi + edi + 9] -add edi, 0x2e +fcn_fffb8ff7: +push ebp +mov ebp, esp +push ebx +sub esp, 0x10 +mov eax, dword [0xff7d0084] +mov eax, dword [eax + 0x14] +add eax, 0xf8002 push eax -mov eax, dword [ebp - 0x20] -call dword [eax + 0x58] ; ucall +call fcn_fffb3e49 ; call 0xfffb3e49 add esp, 0x10 -cmp edi, 0xb8 -jne short loc_fffb84ea ; jne 0xfffb84ea -imul eax, dword [ebp - 0x1c], 0x54a -lea edx, [esi + 0x313] -mov dword [ebp - 0x24], 0 -lea edi, [ebx + eax + 0x19bb] +mov ecx, eax +mov edx, eax +and cl, 0x7d +mov eax, 1 +cmp cx, 0x8c44 +je loc_fffb9156 ; je 0xfffb9156 +cmp dx, 0x8c4c +sete bl +cmp dx, 0x8c4a +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c50 +sete bl +cmp dx, 0x8c4e +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c42 +sete bl +cmp dx, 0x8c5c +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c4f +sete bl +cmp dx, 0x8c49 +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c41 +sete bl +cmp dx, 0x8c4b +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c58 +je loc_fffb9156 ; je 0xfffb9156 +cmp dx, 0x8c54 +sete bl +cmp dx, 0x8c52 +sete cl +or bl, cl +jne loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x8c56 +je loc_fffb9156 ; je 0xfffb9156 +lea ecx, [edx + 0x63bf] +cmp cx, 6 +jbe short loc_fffb9156 ; jbe 0xfffb9156 +cmp dx, 0x8cc5 +sete bl +cmp dx, 0x8cc3 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +lea ecx, [edx + 0x733f] +cmp cx, 1 +jbe short loc_fffb9156 ; jbe 0xfffb9156 +lea eax, [edx + 0x633f] +cmp ax, 2 +mov eax, 2 +setbe bl +cmp dx, 0x9cc5 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +lea ecx, [edx + 0x633a] +cmp cx, 1 +setbe bl +cmp dx, 0x9cc9 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +cmp dx, 0x9cc8 +sete bl +cmp dx, 0x9cc4 +sete cl +or bl, cl +jne short loc_fffb9156 ; jne 0xfffb9156 +add dx, 0x6336 +cmp dx, 2 +sbb eax, eax +add eax, 3 -loc_fffb8529: ; not directly referenced -mov ecx, dword [ebp - 0x24] -mov dword [ebp - 0x30], edx -mov edx, dword [ebp - 0x28] -push eax -push 0x128 -lea eax, [edx + ecx + 0x1173] -push eax -lea eax, [esi + ecx + 0xc1] -push eax -mov eax, dword [ebp - 0x20] -call dword [eax + 0x58] ; ucall -mov al, byte [edi + 3] +loc_fffb9156: +mov ebx, dword [ebp - 4] +leave +ret + +fcn_fffb915b: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x28 +mov eax, dword [0xff7d0084] +mov edi, dword [eax + 0x14] +lea esi, [edi + 0xb0044] +add edi, 0xb0040 +push esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov ebx, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 -mov edx, dword [ebp - 0x30] -cmp byte [edi + 2], 0xc -mov byte [edx - 2], al -jne short loc_fffb8573 ; jne 0xfffb8573 -mov al, byte [edi + 0xd] -mov ecx, 0x1d -mov byte [edx - 1], al -lea eax, [edi + 0x140] -jmp short loc_fffb8581 ; jmp 0xfffb8581 +mov edx, eax +shr edx, 0x10 +and edx, 0xf +cmp dl, 2 +jne short loc_fffb919c ; jne 0xfffb919c -loc_fffb8573: ; not directly referenced -mov al, byte [edi + 8] -mov ecx, 0x1f -mov byte [edx - 1], al -lea eax, [edi + 0x75] +loc_fffb9198: ; not directly referenced +xor eax, eax +jmp short loc_fffb91f7 ; jmp 0xfffb91f7 -loc_fffb8581: ; not directly referenced -sub esp, 4 -add edi, 0x277 -push ecx +loc_fffb919c: ; not directly referenced +movzx eax, ah +test al, 0xf0 +jne short loc_fffb9198 ; jne 0xfffb9198 +lea eax, [ebp - 0x1c] +xor edi, edi push eax -mov eax, dword [ebp - 0x20] -push edx -mov dword [ebp - 0x30], edx -call dword [eax + 0x58] ; ucall -mov edx, dword [ebp - 0x30] +push 0 +push 0 +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b add esp, 0x10 -add dword [ebp - 0x24], 0x128 -add edx, 0x21 -cmp dword [ebp - 0x24], 0x250 -jne loc_fffb8529 ; jne 0xfffb8529 -inc dword [ebp - 0x1c] -add esi, 0x433 -cmp dword [ebp - 0x1c], 2 -jne loc_fffb84ba ; jne 0xfffb84ba -mov eax, dword [ebx + 0x3735] -mov dword [ebx + 0x182c], eax -mov eax, dword [ebx + 0x3739] -mov dword [ebx + 0x1830], eax -mov eax, dword [ebx + 0x373d] -mov dword [ebx + 0x1834], eax -mov eax, dword [ebx + 0x3741] -mov dword [ebx + 0x1838], eax -push eax -mov eax, dword [ebx + 0x2443] -push 4 -mov edx, dword [ebx + 0x188b] -lea edx, [edx*4 + ref_fffd3230] ; lea edx, [edx*4 - 0x2cdd0] -push edx -lea edx, [ebx + 0xfac] + +loc_fffb91ba: ; not directly referenced +test ebx, 0x10000 +jne short loc_fffb91ea ; jne 0xfffb91ea +cmp edi, 0x1388 +je short loc_fffb9198 ; je 0xfffb9198 +mov eax, dword [ebp - 0x1c] +inc edi push edx -call dword [eax + 0x58] ; ucall -mov eax, dword [ebx + 0x1887] +push 0x3e8 +push eax +push dword [ebp + 8] +call dword [eax + 4] ; ucall +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 -xor ecx, ecx -mov dword [ebx + 0xfa4], eax -mov eax, dword [ebx + 0x1883] -mov dword [ebx + 0xfa0], eax -mov eax, dword [ebx + 0x188b] -mov dword [ebx + 0xfa8], eax -mov al, byte [ebx + 0x190d] -mov byte [ebx + 0x1842], al -mov eax, dword [ebx + 0x36d7] -mov dword [ebx + 0x181f], eax -mov eax, dword [ebx + 0x36df] -mov dword [ebx + 0x1823], eax -mov al, byte [ebx + 0x36e7] -mov byte [ebx + 0x182b], al -mov eax, dword [ebx + 0x36e3] -mov dword [ebx + 0x1827], eax -mov al, byte [ebx + 0x3748] -mov byte [ebx + 0x183c], al -mov eax, dword [ebx + 0x2480] -mov dword [ebx + 0x183d], eax -mov al, byte [ebx + 0x3749] -mov byte [ebx + 0x1841], al -mov al, byte [ebx + 0x36ca] -mov byte [ebx + 0x184c], al -mov al, byte [ebx + 0x36a8] -mov byte [ebx + 0x184d], al -mov eax, dword [ebx + 0x36cb] -mov dword [ebx + 0x1843], eax -mov eax, dword [ebx + 0x1912] -mov dword [ebx + 0x1847], eax -mov al, byte [ebx + 0x1916] -mov byte [ebx + 0x184b], al +mov ebx, eax +jmp short loc_fffb91ba ; jmp 0xfffb91ba -loc_fffb86dc: ; not directly referenced -mov eax, dword [ebx + ecx*8 + 0x36a9] -mov edx, dword [ebx + ecx*8 + 0x36ad] -mov dword [ebx + ecx*8 + 0x184e], eax -mov dword [ebx + ecx*8 + 0x1852], edx -inc ecx -cmp ecx, 4 -jne short loc_fffb86dc ; jne 0xfffb86dc -mov edx, dword [ebx + 0x18bd] -mov eax, dword [ebx + 0x18b9] -call fcn_fffc3dc3 ; call 0xfffc3dc3 -mov edx, 0x185e -mov dword [ebx + 0xfb0], eax -mov eax, dword [ebp - 0x2c] -call fcn_fffc3dc3 ; call 0xfffc3dc3 -mov dword [ebx + 8], 0x1866 -mov dword [ebx + 0xc], eax +loc_fffb91ea: ; not directly referenced +cmp edi, 0x1388 +je short loc_fffb9198 ; je 0xfffb9198 +mov eax, ebx +and eax, 0x3f + +loc_fffb91f7: ; not directly referenced lea esp, [ebp - 0xc] -xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffb8736: ; not directly referenced -mov eax, dword [0xff7d0084] +fcn_fffb91ff: push ebp mov ebp, esp -push esi -mov esi, dword [ebp + 8] push ebx +sub esp, 0x10 +mov eax, dword [0xff7d0084] mov eax, dword [eax + 0x14] -mov ebx, dword [ebp + 0xc] -sub esp, 0xc -add eax, 0xb0048 +add eax, 0xf8002 push eax -call fcn_fffb3d4e ; call 0xfffb3d4e +call fcn_fffb3e49 ; call 0xfffb3e49 add esp, 0x10 -cmp bl, 2 -je short loc_fffb876f ; je 0xfffb876f -cmp bl, 6 -je short loc_fffb8776 ; je 0xfffb8776 -dec bl -jne short loc_fffb8782 ; jne 0xfffb8782 -mov edx, 1 -jmp short loc_fffb877b ; jmp 0xfffb877b +mov ecx, eax +mov edx, eax +and cl, 0x7d +mov eax, 1 +cmp cx, 0x8c44 +je loc_fffb9365 ; je 0xfffb9365 +cmp dx, 0x8c4c +sete bl +cmp dx, 0x8c4a +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c50 +sete bl +cmp dx, 0x8c4e +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c42 +sete bl +cmp dx, 0x8c5c +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c4f +sete bl +cmp dx, 0x8c49 +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c41 +sete bl +cmp dx, 0x8c4b +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c58 +je loc_fffb9365 ; je 0xfffb9365 +cmp dx, 0x8c54 +sete bl +cmp dx, 0x8c52 +sete cl +or bl, cl +jne loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x8c56 +je loc_fffb9365 ; je 0xfffb9365 +cmp dx, 0x8cc5 +sete bl +cmp dx, 0x8cc3 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +lea eax, [edx + 0x733f] +cmp ax, 1 +jbe short loc_fffb9360 ; jbe 0xfffb9360 +lea ecx, [edx + 0x63bf] +mov eax, 2 +cmp cx, 6 +jbe short loc_fffb9365 ; jbe 0xfffb9365 +lea ecx, [edx + 0x633f] +cmp cx, 2 +setbe bl +cmp dx, 0x9cc5 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +lea ecx, [edx + 0x633a] +cmp cx, 1 +setbe bl +cmp dx, 0x9cc9 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +cmp dx, 0x9cc8 +sete bl +cmp dx, 0x9cc4 +sete cl +or bl, cl +jne short loc_fffb9365 ; jne 0xfffb9365 +add dx, 0x6336 +cmp dx, 2 +sbb eax, eax +add eax, 3 +jmp short loc_fffb9365 ; jmp 0xfffb9365 -loc_fffb876f: ; not directly referenced -mov edx, 2 -jmp short loc_fffb877b ; jmp 0xfffb877b +loc_fffb9360: +mov eax, 1 -loc_fffb8776: ; not directly referenced -mov edx, 6 +loc_fffb9365: +mov ebx, dword [ebp - 4] +leave +ret -loc_fffb877b: ; not directly referenced -mov eax, esi -call fcn_fffb7129 ; call 0xfffb7129 +fcn_fffb936a: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb8ff7 ; call 0xfffb8ff7 +cmp eax, 1 +jne short loc_fffb9388 ; jne 0xfffb9388 +call fcn_fffb91ff ; call 0xfffb91ff +cmp eax, 1 +jne short loc_fffb9388 ; jne 0xfffb9388 +mov al, 6 +jmp short loc_fffb9391 ; jmp 0xfffb9391 -loc_fffb8782: ; not directly referenced -lea esp, [ebp - 8] -xor eax, eax -pop ebx -pop esi -pop ebp +loc_fffb9388: +cmp eax, 2 +sete al +shl eax, 2 + +loc_fffb9391: +leave +ret + +fcn_fffb9393: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb8ff7 ; call 0xfffb8ff7 +cmp eax, 1 +jne short loc_fffb93bc ; jne 0xfffb93bc +call fcn_fffb91ff ; call 0xfffb91ff +cmp eax, 1 +je short loc_fffb93b8 ; je 0xfffb93b8 +cmp eax, 2 +sete dl +shl edx, 3 +jmp short loc_fffb93c6 ; jmp 0xfffb93c6 + +loc_fffb93b8: +mov dl, 0xe +jmp short loc_fffb93c6 ; jmp 0xfffb93c6 + +loc_fffb93bc: +cmp eax, 2 +mov dl, 0xa +mov al, 0 +cmovne edx, eax + +loc_fffb93c6: +mov al, dl +leave +ret + +fcn_fffb93ca: +push ebp +mov ebp, esp +sub esp, 8 +call fcn_fffb91ff ; call 0xfffb91ff +cmp eax, 1 +je short loc_fffb93e6 ; je 0xfffb93e6 +xor edx, edx +cmp eax, 2 +mov al, 6 +cmove edx, eax +jmp short loc_fffb93e8 ; jmp 0xfffb93e8 + +loc_fffb93e6: +mov dl, 8 + +loc_fffb93e8: +mov al, dl +leave ret -fcn_fffb878b: ; not directly referenced +fcn_fffb93ec: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x38 +sub esp, 0x28 mov eax, dword [0xff7d0084] -mov edi, dword [eax + 0x14] -add edi, 0xb0048 -push edi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov ebx, eax -lea eax, [ebp - 0x1c] +mov eax, dword [eax + 0x14] +add eax, 0xf8040 push eax -push 0 -push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f -add esp, 0x20 -xor ecx, ecx +call fcn_fffb3e49 ; call 0xfffb3e49 mov esi, eax - -loc_fffb87c3: ; not directly referenced -test bh, 1 -jne short loc_fffb87f3 ; jne 0xfffb87f3 -cmp ecx, 0x32 -je short loc_fffb883e ; je 0xfffb883e -mov eax, dword [ebp - 0x1c] -push ebx -push 0x3e8 -push eax -push dword [ebp + 8] -mov dword [ebp - 0x2c], ecx -call dword [eax + 4] ; ucall -mov dword [esp], edi -call fcn_fffb3d4e ; call 0xfffb3d4e -mov ecx, dword [ebp - 0x2c] +and esi, 0xfffc +add esi, 8 +mov dword [esp], esi +call fcn_fffb00dc ; call 0xfffb00dc +mov ecx, 0x64 +xor edx, edx add esp, 0x10 -inc ecx mov ebx, eax -jmp short loc_fffb87c3 ; jmp 0xfffb87c3 +imul eax, dword [ebp + 8], 0x166 +and ebx, 0xffffff +div ecx +lea edi, [ebx + eax + 1] +mov ecx, edi +and edi, 0xffffff +shr ecx, 0x18 -loc_fffb87f3: ; not directly referenced -cmp ecx, 0x32 -je short loc_fffb883e ; je 0xfffb883e -mov edi, ebx -test bl, bl -jns short loc_fffb8835 ; jns 0xfffb8835 -mov eax, dword [0xff7d0084] +loc_fffb9445: ; not directly referenced +test ecx, ecx +setne dl +cmp edi, ebx +seta al +or al, dl +je short loc_fffb947d ; je 0xfffb947d sub esp, 0xc -mov ebx, dword [eax + 0x14] -add ebx, 0xf80a2 -push ebx -call fcn_fffb3d06 ; call 0xfffb3d06 -pop edx -pop ecx -and eax, 0xff7f -push eax -push ebx -call fcn_fffb3d20 ; call 0xfffb3d20 -mov eax, dword [ebp + 8] -mov edx, 1 -call fcn_fffb7129 ; call 0xfffb7129 +push esi +mov dword [ebp - 0x20], edx +mov dword [ebp - 0x1c], ecx +call fcn_fffb00dc ; call 0xfffb00dc add esp, 0x10 -mov esi, eax - -loc_fffb8835: ; not directly referenced -mov eax, edi -and eax, 0xffffff90 -cmp al, 0x10 -jne short loc_fffb8844 ; jne 0xfffb8844 +mov ecx, dword [ebp - 0x1c] +mov edx, dword [ebp - 0x20] +and eax, 0xffffff +cmp eax, ebx +jae short loc_fffb9479 ; jae 0xfffb9479 +test dl, dl +je short loc_fffb947d ; je 0xfffb947d +dec ecx -loc_fffb883e: ; not directly referenced -mov eax, dword [ebp + 0x10] -mov byte [eax], 1 +loc_fffb9479: ; not directly referenced +mov ebx, eax +jmp short loc_fffb9445 ; jmp 0xfffb9445 -loc_fffb8844: ; not directly referenced +loc_fffb947d: ; not directly referenced lea esp, [ebp - 0xc] -mov eax, esi pop ebx pop esi pop edi pop ebp ret -fcn_fffb884e: +fcn_fffb9485: ; not directly referenced push ebp mov ebp, esp -mov ecx, dword [ebp + 8] -mov edx, dword [ebp + 0xc] -push ebx -mov ebx, dword [ecx + 8] -mov eax, dword [ecx + 0xc] -xor ebx, dword [edx + 8] -xor eax, dword [edx + 0xc] -or ebx, eax -mov ebx, dword [ecx] -mov ecx, dword [ecx + 4] -sete al -xor ebx, dword [edx] -xor ecx, dword [edx + 4] -or ebx, ecx -sete dl -and eax, edx -pop ebx -pop ebp +sub esp, 8 +mov eax, dword [ebp + 0x10] +test eax, eax +je short loc_fffb949e ; je 0xfffb949e +sub esp, 0xc +push eax +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 + +loc_fffb949e: ; not directly referenced +xor eax, eax +leave ret -fcn_fffb887d: ; not directly referenced +fcn_fffb94a2: ; not directly referenced push ebp mov ebp, esp push edi push esi -mov esi, eax push ebx -sub esp, 0x6c -mov eax, dword [ebp + 8] -mov dword [ebp - 0x68], ecx -mov ecx, dword [ebp + 0xc] -mov ebx, dword [ebp + 0x10] -mov byte [ebp - 0x30], 0x21 -mov dword [ebp - 0x6c], eax -mov al, byte [ebp + 0x14] -mov dword [ebp - 0x3c], ecx -mov byte [ebp - 0x76], cl -mov edi, ebx -mov byte [ebp - 0x2f], 0x42 -mov byte [ebp - 0x40], al -mov byte [ebp - 0x2e], 0x58 -mov byte [ebp - 0x2d], 0x64 -mov byte [ebp - 0x2c], 0x85 -mov byte [ebp - 0x2b], 0xa6 -mov byte [ebp - 0x2a], 0xc8 -mov byte [ebp - 0x29], 0xe9 -mov byte [ebp - 0x28], 0x2f -mov byte [ebp - 0x27], 0x41 -mov byte [ebp - 0x26], 0x53 -mov byte [ebp - 0x25], 0x64 -mov byte [ebp - 0x24], 0x7d -mov byte [ebp - 0x23], 0x95 -mov byte [ebp - 0x22], 0xad -mov byte [ebp - 0x21], 0xc5 -mov byte [ebp - 0x20], 0x76 -mov byte [ebp - 0x1f], 0x70 -mov byte [ebp - 0x1e], 0x6c -mov byte [ebp - 0x1d], 0x67 -mov eax, dword [esi + 0x5edc] -mov byte [ebp - 0x1c], 0x64 -mov byte [ebp - 0x1b], 0x61 -mov byte [ebp - 0x1a], 0x5f -mov dword [ebp - 0x58], eax -movzx eax, dl -mov edx, dword [ebp - 0x58] -mov dword [ebp - 0x60], eax -imul eax, eax, 0xcc -mov byte [ebp - 0x19], 0x5d -mov dword [ebp - 0x74], 0 -mov dword [ebp - 0x5c], 0 -lea eax, [edx + eax + 0x1c] -mov dl, 0x19 -mov dword [ebp - 0x44], eax -mov eax, dword [esi + 0x18a7] -mov eax, dword [esi + eax*4 + 0x3735] -mov dword [ebp - 0x48], eax -mov eax, dword [esi + 0x188b] -mov dword [ebp - 0x70], eax -xor eax, eax -cmp dword [esi + 0x2480], 3 -sete al -cmp cl, 0xc -mov dword [ebp - 0x64], eax -mov al, 0x4b -cmovne edx, eax -cmp dword [ebp + 0x1c], 0 -mov byte [ebp - 0x75], dl -je short loc_fffb897e ; je 0xfffb897e -mov eax, dword [ebp + 0x1c] -cmp dword [eax], 0 -setne al -movzx eax, al -mov dword [ebp - 0x4c], eax -jmp short loc_fffb89a3 ; jmp 0xfffb89a3 - -loc_fffb897e: ; not directly referenced -mov eax, dword [ebp - 0x3c] -cmp al, 0xc +sub esp, 0x2c +mov bl, byte [ebp + 0xc] +mov al, byte [ebp + 0x18] +mov edi, dword [ebp + 0x1c] +and ebx, 0x7f +cmp dword [ebp + 0x14], 1 +mov byte [ebp - 0x1f], al +jbe short loc_fffb94d9 ; jbe 0xfffb94d9 +test edi, edi +mov esi, 0x80000002 sete dl -cmp al, 0xa +cmp dword [ebp + 0x20], 0 sete al or dl, al -je short loc_fffb8996 ; je 0xfffb8996 +jne loc_fffb9a3c ; jne 0xfffb9a3c -loc_fffb898f: ; not directly referenced -xor eax, eax -jmp near loc_fffb8ff5 ; jmp 0xfffb8ff5 +loc_fffb94d9: ; not directly referenced +sub esp, 0xc +mov esi, 0x80000012 +push 0 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, 0x40 +jne loc_fffb9a3c ; jne 0xfffb9a3c +test al, 1 +je short loc_fffb950d ; je 0xfffb950d +push edi +push edi +push 0xff +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +jmp near loc_fffb9a3c ; jmp 0xfffb9a3c -loc_fffb8996: ; not directly referenced -cmp byte [ebp - 0x3c], 0xf -je short loc_fffb898f ; je 0xfffb898f -mov dword [ebp - 0x4c], 0 +loc_fffb950d: ; not directly referenced +push esi +movzx eax, al +push esi +push eax +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +lea eax, [ebx + ebx + 1] +add esp, 0x10 +mov byte [ebp - 0x1c], al +dec eax +mov byte [ebp - 0x1d], al +mov eax, dword [ebp + 0x14] +mov dword [ebp - 0x24], 3 +mov byte [ebp - 0x1e], 0 +and eax, 0xfffffffd +mov dword [ebp - 0x2c], eax -loc_fffb89a3: ; not directly referenced -cmp dword [ebp - 0x64], 0 -jne short loc_fffb89eb ; jne 0xfffb89eb -mov edx, dword [ebp - 0x60] -imul eax, edx, 0x54a -imul edx, edx, 0x13c3 -lea eax, [esi + eax + 0x196b] -mov dl, byte [esi + edx + 0x381a] -test dl, 1 -je short loc_fffb89d4 ; je 0xfffb89d4 -cmp byte [eax + 0x27e], 0 -je short loc_fffb89fb ; je 0xfffb89fb +loc_fffb953c: ; not directly referenced +mov al, byte [ebp + 0x10] +cmp dword [ebp + 0x14], 0xb +mov byte [ebp - 0x20], al +ja loc_fffb96fd ; ja 0xfffb96fd +mov eax, dword [ebp + 0x14] +jmp dword [eax*4 + ref_fffd5324] ; ujmp: jmp dword [eax*4 - 0x2acdc] -loc_fffb89d4: ; not directly referenced -and dl, 4 -je short loc_fffb8a04 ; je 0xfffb8a04 -cmp byte [eax + 0x4f5], 1 -sbb eax, eax -mov dword [ebp - 0x54], eax -add dword [ebp - 0x54], 0x24 -jmp short loc_fffb8a0b ; jmp 0xfffb8a0b +loc_fffb9556: ; not directly referenced +mov dl, byte [ebp - 0x1d] +jmp short loc_fffb955e ; jmp 0xfffb955e -loc_fffb89eb: ; not directly referenced -mov dword [ebp - 0x54], 0x50 -mov dword [ebp - 0x50], 0x37 -jmp short loc_fffb8a12 ; jmp 0xfffb8a12 +loc_fffb955b: ; not directly referenced +mov dl, byte [ebp - 0x1c] -loc_fffb89fb: ; not directly referenced -mov dword [ebp - 0x54], 0x23 -jmp short loc_fffb8a0b ; jmp 0xfffb8a0b +loc_fffb955e: ; not directly referenced +cmp byte [ebp - 0x1f], 1 +je loc_fffb96ef ; je 0xfffb96ef +xor esi, esi +jmp near loc_fffb96e9 ; jmp 0xfffb96e9 -loc_fffb8a04: ; not directly referenced -mov dword [ebp - 0x54], 0x24 +loc_fffb956f: ; not directly referenced +mov eax, dword [ebp + 0x20] +mov dl, byte [ebp - 0x1d] +mov al, byte [eax] +mov byte [ebp - 0x20], al +jmp short loc_fffb957f ; jmp 0xfffb957f -loc_fffb8a0b: ; not directly referenced -mov dword [ebp - 0x50], 0x23 +loc_fffb957c: ; not directly referenced +mov dl, byte [ebp - 0x1c] -loc_fffb8a12: ; not directly referenced -cmp byte [ebp - 0x3c], 2 -ja loc_fffb8b08 ; ja 0xfffb8b08 -movzx eax, byte [ebp - 0x6c] -mov edx, dword [ebp - 0x44] -cmp byte [ebp - 0x3c], 1 -mov eax, dword [edx + eax*4 + 0x78] -mov dword [ebp - 0x5c], eax -jne short loc_fffb8a44 ; jne 0xfffb8a44 -mov edx, 0x3a04 -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov dword [ebp - 0x74], eax -jmp near loc_fffb8b12 ; jmp 0xfffb8b12 +loc_fffb957f: ; not directly referenced +cmp dword [edi], 1 +mov esi, 4 +mov dword [edi], 1 +sbb ebx, ebx +and ebx, 0x80000005 +jmp near loc_fffb96b2 ; jmp 0xfffb96b2 -loc_fffb8a44: ; not directly referenced -mov edx, 0x3a00 -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -cmp byte [ebp - 0x3c], 0 -jne loc_fffb8b08 ; jne 0xfffb8b08 -mov ebx, dword [ebp - 0x58] -mov edx, dword [ebx + 0xc] -shr edx, 0xb -mov cl, dl -and ecx, 0xf -and dl, 8 -lea ebx, [ecx - 0x10] -cmovne ecx, ebx -cmp dword [ebp + 0x18], 0 -je short loc_fffb8a90 ; je 0xfffb8a90 -mov edi, dword [ebp - 0x5c] -and eax, 0x3f -mov byte [ebp - 0x40], al -mov eax, edi -and eax, 0x3f -and edi, 0x20 -lea edx, [eax - 0x40] -cmovne eax, edx -mov edi, eax +loc_fffb959a: ; not directly referenced +mov eax, dword [ebp + 0x20] +push ecx +push ecx +movzx eax, byte [eax] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +mov dl, byte [ebp - 0x1d] +mov dword [edi], 1 +jmp short loc_fffb95bb ; jmp 0xfffb95bb -loc_fffb8a90: ; not directly referenced -cmp dword [ebp - 0x70], 1 -movsx ecx, cl -mov edx, dword [esi + 0x1887] -sbb ebx, ebx -and ebx, 0x12 -add ebx, 0x1e -cmp edx, 0x306d0 -sete al -cmp edx, 0x40650 -sete dl -movsx ebx, bl -or eax, edx -mov edx, 0x20 -cmp al, 1 -sbb eax, eax -sub edx, ecx -and eax, 0xffffffd3 -add ecx, 0x20 -add eax, 0x78 -movzx eax, al -imul eax, edx -cdq -idiv ecx -mov ecx, 3 -xor edx, edx -div cx -movsx ecx, byte [ebp - 0x40] -lea edx, [ecx + ecx*2] -add edx, ebx -imul eax, edx -mov edx, edi -movsx edx, dl -add edx, ecx -lea edx, [edx + edx*2] -movzx eax, ax -add ebx, edx -cdq -idiv ebx -mov ecx, eax -jmp near loc_fffb8c02 ; jmp 0xfffb8c02 +loc_fffb95b8: ; not directly referenced +mov dl, byte [ebp - 0x1c] -loc_fffb8b08: ; not directly referenced -cmp byte [ebp - 0x3c], 1 -jne loc_fffb8bab ; jne 0xfffb8bab +loc_fffb95bb: ; not directly referenced +mov eax, dword [edi] +test eax, eax +je loc_fffb97f8 ; je 0xfffb97f8 +cmp eax, 1 +je loc_fffb96e4 ; je 0xfffb96e4 +cmp eax, 0x100 +ja loc_fffb96fd ; ja 0xfffb96fd +cmp byte [ebp - 0x1f], 1 +je loc_fffb96ef ; je 0xfffb96ef +mov esi, 0x18 +jmp near loc_fffb96e9 ; jmp 0xfffb96e9 -loc_fffb8b12: ; not directly referenced -mov eax, dword [ebp - 0x58] -mov ecx, dword [eax + 0xc] -mov eax, ecx -shr eax, 3 -and eax, 1 -shr ecx, 0xf -mov byte [ebp - 0x64], al -mov al, cl -and eax, 0x1f -cmp dword [ebp - 0x70], 1 -lea edx, [eax - 0x20] +loc_fffb95ed: ; not directly referenced +cmp dword [edi], 2 +mov dl, byte [ebp - 0x1c] +mov dword [edi], 2 sbb ebx, ebx -and ebx, 6 -add ebx, 0xa -and cl, 0x10 -cmove edx, eax -cmp dword [ebp + 0x18], 0 -je short loc_fffb8b65 ; je 0xfffb8b65 -mov al, byte [ebp - 0x74] -mov edi, dword [ebp - 0x5c] -and eax, 0x3f -shr edi, 0xc -mov byte [ebp - 0x40], al -mov eax, edi -and eax, 0x1f -and edi, 0x10 -lea ecx, [eax - 0x20] -cmovne eax, ecx -mov edi, eax +and ebx, 0x80000005 +jmp short loc_fffb963b ; jmp 0xfffb963b -loc_fffb8b65: ; not directly referenced -mov cl, byte [ebp - 0x40] -mov al, 1 -movsx edx, dl -movsx ebx, bl -test cl, cl -cmove ecx, eax -mov eax, esi -mov byte [ebp - 0x40], cl -call fcn_fffa6cfe ; call 0xfffa6cfe -mov dl, byte [ebp - 0x64] -xor edx, 1 -movzx edx, dl -imul ebx, edx -movsx edx, byte [ebp - 0x40] -lea ecx, [ebx + edx] -imul eax, ecx -mov ecx, edi -movsx ecx, cl -add edx, ecx -add ebx, edx -movzx eax, ax -cdq -idiv ebx -mov ecx, eax -jmp near loc_fffb8ca4 ; jmp 0xfffb8ca4 +loc_fffb9603: ; not directly referenced +push eax +push eax +mov eax, dword [ebp + 0x20] +movzx eax, byte [eax + 1] +push eax +push 6 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop eax +mov eax, dword [ebp + 0x20] +pop edx +movzx eax, byte [eax] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +mov dl, byte [ebp - 0x1d] +cmp dword [edi], 2 +mov dword [edi], 2 +sbb ebx, ebx +and ebx, 0x80000005 -loc_fffb8bab: ; not directly referenced -cmp byte [ebp - 0x3c], 2 -jne short loc_fffb8bd7 ; jne 0xfffb8bd7 -cmp dword [ebp + 0x18], 0 -je short loc_fffb8bca ; je 0xfffb8bca -mov edi, dword [ebp - 0x5c] -shr edi, 0x1b -mov eax, edi -and eax, 0x10 -lea ecx, [edi - 0x20] -test al, al -cmovne edi, ecx +loc_fffb963b: ; not directly referenced +mov esi, 0xc +jmp short loc_fffb96b2 ; jmp 0xfffb96b2 -loc_fffb8bca: ; not directly referenced -mov eax, edi -movsx ecx, al -add ecx, 0x32 -jmp near loc_fffb8ca4 ; jmp 0xfffb8ca4 +loc_fffb9642: ; not directly referenced +push eax +push eax +movzx eax, byte [edi] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov al, byte [edi] +add esp, 0x10 +mov dl, byte [ebp - 0x1d] +mov byte [ebp - 0x1e], al +jmp short loc_fffb965f ; jmp 0xfffb965f -loc_fffb8bd7: ; not directly referenced -cmp byte [ebp - 0x3c], 4 -jne short loc_fffb8be5 ; jne 0xfffb8be5 -movsx ecx, bl -jmp near loc_fffb8dec ; jmp 0xfffb8dec +loc_fffb965c: ; not directly referenced +mov dl, byte [ebp - 0x1c] -loc_fffb8be5: ; not directly referenced -cmp byte [ebp - 0x3c], 5 -jne short loc_fffb8c00 ; jne 0xfffb8c00 -movsx ax, bl -idiv byte [ebp - 0x76] -movsx eax, al -lea ecx, [eax + eax*4] -add ecx, 0x64 -jmp near loc_fffb8dec ; jmp 0xfffb8dec +loc_fffb965f: ; not directly referenced +mov eax, dword [edi] +dec eax +cmp eax, 0x1f +ja loc_fffb96fd ; ja 0xfffb96fd +mov esi, 0x14 +jmp near loc_fffb96f9 ; jmp 0xfffb96f9 -loc_fffb8c00: ; not directly referenced -xor ecx, ecx +loc_fffb9675: ; not directly referenced +mov eax, dword [ebp + 0x20] +push ebx +push ebx +movzx eax, byte [eax + 1] +push eax +push 6 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop esi +mov esi, 0x10 +pop eax +mov eax, dword [ebp + 0x20] +movzx eax, byte [eax] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +mov dl, byte [ebp - 0x1c] +cmp dword [edi], 2 +mov dword [edi], 2 +sbb ebx, ebx +and ebx, 0x80000005 -loc_fffb8c02: ; not directly referenced -cmp byte [ebp - 0x3c], 9 -jne loc_fffb8ca4 ; jne 0xfffb8ca4 -cmp dword [ebp + 0x18], 0 -je short loc_fffb8c67 ; je 0xfffb8c67 -cmp byte [ebp - 0x68], 3 -ja loc_fffb898f ; ja 0xfffb898f -mov ecx, dword [ebp - 0x68] -imul eax, dword [ebp - 0x60], 0x13c3 -mov edx, ecx -and edx, 1 -shr ecx, 1 -imul edx, edx, 0x18 -imul ecx, ecx, 0x128 -lea eax, [esi + eax + 0x3756] -add edx, ecx -cmp dword [ebp - 0x64], 0 -je short loc_fffb8c55 ; je 0xfffb8c55 -mov cx, word [eax + edx + 0x1271] -lea edi, [ecx - 1] -and edi, 0xf -jmp short loc_fffb8c6d ; jmp 0xfffb8c6d +loc_fffb96b2: ; not directly referenced +xor eax, eax +test ebx, ebx +jns short loc_fffb9707 ; jns 0xfffb9707 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 -loc_fffb8c55: ; not directly referenced -mov cx, word [eax + edx + 0x126d] -shr cx, 1 -mov edi, ecx -and edi, 1 -jmp short loc_fffb8c8d ; jmp 0xfffb8c8d +loc_fffb96bd: ; not directly referenced +mov eax, dword [edi] +dec eax +cmp eax, 0x1f +ja short loc_fffb96fd ; ja 0xfffb96fd +push ecx +mov esi, 0x1c +push ecx +movzx eax, byte [edi] +push eax +push 5 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov al, byte [edi] +add esp, 0x10 +mov dl, byte [ebp - 0x1c] +mov byte [ebp - 0x1e], al +jmp short loc_fffb96f9 ; jmp 0xfffb96f9 -loc_fffb8c67: ; not directly referenced -cmp dword [ebp - 0x64], 0 -je short loc_fffb8c84 ; je 0xfffb8c84 +loc_fffb96e4: ; not directly referenced +mov esi, 8 -loc_fffb8c6d: ; not directly referenced -mov eax, edi -mov ebx, 7 -cmp al, 6 -mov al, 6 -cmovg edi, eax -mov eax, edi -movsx eax, al -sub ebx, eax -jmp short loc_fffb8c95 ; jmp 0xfffb8c95 +loc_fffb96e9: ; not directly referenced +xor eax, eax -loc_fffb8c84: ; not directly referenced -mov eax, edi -cmp al, 0xfa -mov al, 0xfb -cmovle edi, eax +loc_fffb96eb: ; not directly referenced +xor ebx, ebx +jmp short loc_fffb9707 ; jmp 0xfffb9707 -loc_fffb8c8d: ; not directly referenced -mov eax, edi -movsx ebx, al -add ebx, 6 +loc_fffb96ef: ; not directly referenced +mov ebx, 0x80000003 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 -loc_fffb8c95: ; not directly referenced -mov eax, 0xf0 -cdq -idiv ebx -mov ecx, eax -jmp near loc_fffb8dec ; jmp 0xfffb8dec +loc_fffb96f9: ; not directly referenced +mov al, 2 +jmp short loc_fffb96eb ; jmp 0xfffb96eb -loc_fffb8ca4: ; not directly referenced -cmp byte [ebp - 0x3c], 6 -jne loc_fffb8dec ; jne 0xfffb8dec -mov edx, 0x3918 -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov dl, byte [esi + 0x36e7] -and eax, 3 -cmp dword [esi + 0x36e3], 1 -sbb ebx, ebx -and ebx, 0xfffffffe -add ebx, 6 -cmp dword [esi + 0x188b], 0 -jne loc_fffb8d81 ; jne 0xfffb8d81 -cmp dword [ebp - 0x48], 0x546 -movzx eax, al -seta cl -sub edx, ebx -cmp dl, 4 -mov bl, 4 -cmovle ebx, edx -xor edx, edx -test bl, bl -movzx ecx, cl -cmovns edx, ebx -cmp dword [esi + 0x1887], 0x40650 -jne short loc_fffb8d26 ; jne 0xfffb8d26 -cmp dl, 2 -mov bl, 2 -cmovle ebx, edx -movsx ebx, bl -lea ecx, [ecx + ecx*2] -add ecx, ebx -movzx ebx, byte [eax + ecx*4 + ref_fffd32d4] ; movzx ebx, byte [eax + ecx*4 - 0x2cd2c] -jmp short loc_fffb8d36 ; jmp 0xfffb8d36 +loc_fffb96fd: ; not directly referenced +mov ebx, 0x80000002 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 -loc_fffb8d26: ; not directly referenced -movsx edx, dl -lea ecx, [ecx + ecx*4] -add edx, ecx -movzx ebx, byte [eax + edx*4 + ref_fffd32ac] ; movzx ebx, byte [eax + edx*4 - 0x2cd54] +loc_fffb9707: ; not directly referenced +mov cl, al +or ecx, 1 +cmp byte [ebp - 0x1f], 1 +mov dword [ebp - 0x28], edx +push edx +cmove eax, ecx +push edx +movzx eax, al +push eax +push 0xd +call fcn_fffb4a42 ; call 0xfffb4a42 +mov dword [esp], 2 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +mov edx, dword [ebp - 0x28] +cmp dword [ebp - 0x2c], 9 +je short loc_fffb9757 ; je 0xfffb9757 -loc_fffb8d36: ; not directly referenced -imul eax, dword [ebp - 0x48], 0x4b0 -mov ecx, 0x3e8 -xor edx, edx -div ecx -xor edx, edx -add eax, 0x520 -div ecx -cmp dword [ebp + 0x18], 0 -mov ecx, eax -je short loc_fffb8d6d ; je 0xfffb8d6d -movzx eax, byte [ebp - 0x6c] -mov edi, dword [ebp - 0x44] -movzx edi, byte [edi + eax*4 + 5] -mov eax, edi -shr al, 2 -mov edi, eax -and edi, 7 +loc_fffb973b: ; not directly referenced +push ecx +movzx edx, dl +push ecx +push edx +push 4 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +movzx eax, byte [ebp - 0x20] +cmp dword [ebp + 0x14], 4 +jne short loc_fffb9794 ; jne 0xfffb9794 +jmp short loc_fffb9788 ; jmp 0xfffb9788 -loc_fffb8d6d: ; not directly referenced -mov eax, edi -movzx ebx, byte [ebp + ebx - 0x30] -movsx eax, al -movzx eax, byte [ebp + eax - 0x30] -imul eax, ecx -jmp short loc_fffb8de5 ; jmp 0xfffb8de5 +loc_fffb9757: ; not directly referenced +movzx ecx, byte [ebp - 0x1e] +xor eax, eax +mov dword [ebp - 0x28], ecx -loc_fffb8d81: ; not directly referenced -imul eax, dword [ebp - 0x48], 0x5fa -xor edx, edx -mov ecx, 0x3e8 -div ecx -cmp dword [ebp + 0x18], 0 -lea edx, [eax + 0x4cc] -je short loc_fffb8dbc ; je 0xfffb8dbc -movzx eax, byte [ebp - 0x6c] -mov ecx, dword [ebp - 0x44] -movzx edi, byte [ecx + eax*4 + 5] -mov ebx, edi -shr bl, 2 -mov edi, ebx -mov bl, byte [ecx + eax*4 + 0x2b] -and edi, 7 -shr bl, 2 -jmp short loc_fffb8dc5 ; jmp 0xfffb8dc5 +loc_fffb9760: ; not directly referenced +cmp eax, dword [ebp - 0x28] +jae short loc_fffb973b ; jae 0xfffb973b +mov ecx, dword [ebp + 0x20] +mov dword [ebp - 0x34], edx +push edx +push edx +movzx ecx, byte [ecx + eax] +mov dword [ebp - 0x30], eax +push ecx +push 7 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov eax, dword [ebp - 0x30] +add esp, 0x10 +mov edx, dword [ebp - 0x34] +inc eax +jmp short loc_fffb9760 ; jmp 0xfffb9760 -loc_fffb8dbc: ; not directly referenced -mov eax, edi -mov ebx, edi -shr al, 3 -mov edi, eax +loc_fffb9788: ; not directly referenced +cmp dword [edi], 1 +jbe short loc_fffb9794 ; jbe 0xfffb9794 +push ecx +push ecx +push eax +push 6 +jmp short loc_fffb9799 ; jmp 0xfffb9799 -loc_fffb8dc5: ; not directly referenced -and ebx, 7 -mov eax, edi -movzx ebx, bl -movsx eax, al -movzx ecx, byte [ebp + ebx - 0x20] -mov ebx, 0x2710 -movzx eax, byte [ebp + eax - 0x28] -imul eax, ecx -imul eax, edx +loc_fffb9794: ; not directly referenced +push edx +push edx +push eax +push 3 -loc_fffb8de5: ; not directly referenced -xor edx, edx -div ebx -movzx ecx, ax +loc_fffb9799: ; not directly referenced +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +lea eax, [esi + 0x40] +mov esi, 0x186a0 +movzx eax, al +push ecx +push ecx +push eax +push 2 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 -loc_fffb8dec: ; not directly referenced -mov eax, dword [ebp - 0x3c] -cmp al, 0xa -sete bl -cmp al, 0xc -sete al -mov byte [ebp - 0x64], al -or al, bl -mov byte [ebp - 0x5c], bl -jne short loc_fffb8e0f ; jne 0xfffb8e0f -cmp byte [ebp - 0x3c], 0xf -jne loc_fffb8fb2 ; jne 0xfffb8fb2 -jmp short loc_fffb8e36 ; jmp 0xfffb8e36 +loc_fffb97b9: ; not directly referenced +sub esp, 0xc +push 0 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, 0x8e +jne loc_fffb98a3 ; jne 0xfffb98a3 +sub esp, 0xc +push 0xa +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 +dec esi +jne short loc_fffb97b9 ; jne 0xfffb97b9 +jmp near loc_fffb989c ; jmp 0xfffb989c -loc_fffb8e0f: ; not directly referenced -cmp byte [ebp - 0x3c], 0xf -je short loc_fffb8e36 ; je 0xfffb8e36 -mov eax, dword [ebp - 0x58] -cmp dword [ebp - 0x4c], 0 -mov ecx, dword [eax + 0xc] -je short loc_fffb8e26 ; je 0xfffb8e26 -shr ecx, 0x18 -jmp short loc_fffb8e29 ; jmp 0xfffb8e29 +loc_fffb97e3: ; not directly referenced +sub esp, 0xc +push 5 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, al +jne loc_fffb99f9 ; jne 0xfffb99f9 -loc_fffb8e26: ; not directly referenced -shr ecx, 0x14 +loc_fffb97f8: ; not directly referenced +mov ebx, 0x80000005 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 -loc_fffb8e29: ; not directly referenced -and ecx, 0xf -test cl, 8 -je short loc_fffb8e38 ; je 0xfffb8e38 -sub ecx, 0x10 -jmp short loc_fffb8e38 ; jmp 0xfffb8e38 +loc_fffb9802: ; not directly referenced +cmp dword [edi], 1 +jbe loc_fffb9987 ; jbe 0xfffb9987 +xor esi, esi -loc_fffb8e36: ; not directly referenced -mov ecx, edi +loc_fffb980d: ; not directly referenced +cmp esi, dword [edi] +jae loc_fffb98c4 ; jae 0xfffb98c4 +sub esp, 0xc +push 7 +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +add esp, 0x10 +mov byte [ecx + esi], al +mov eax, dword [edi] +lea edx, [eax - 2] +cmp esi, edx +jne loc_fffb9962 ; jne 0xfffb9962 +sub esp, 0xc +push 2 +call fcn_fffb4a61 ; call 0xfffb4a61 +pop edx +pop ecx +or eax, 0x20 +movzx eax, al -loc_fffb8e38: ; not directly referenced -movsx ecx, cl -xor edx, edx -add ecx, 0x20 -mov eax, 0x1900 -div ecx -sub eax, 0x64 -cmp dword [ebp + 0x18], 0 -mov dword [ebp - 0x58], eax -setne bl -cmp byte [ebp - 0x3c], 0xf -sete al -xor edx, edx -mov byte [ebp - 0x68], al -or al, bl -je short loc_fffb8ed5 ; je 0xfffb8ed5 -cmp dword [ebp - 0x4c], 0 -je short loc_fffb8e7e ; je 0xfffb8e7e -mov edx, 0x3a0c -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov edi, dword [ebp - 0x44] -mov edx, dword [edi + 0x50] -jmp short loc_fffb8e90 ; jmp 0xfffb8e90 +loc_fffb9847: ; not directly referenced +push eax +push 2 +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 -loc_fffb8e7e: ; not directly referenced -mov edx, 0x3a08 -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov edi, dword [ebp - 0x44] -mov edx, dword [edi + 0x4c] +loc_fffb9852: ; not directly referenced +push eax +push eax +push 0x80 +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +mov eax, dword [edi] +add esp, 0x10 +dec eax +cmp esi, eax +jae loc_fffb9981 ; jae 0xfffb9981 +mov dword [ebp - 0x1c], 0x64 -loc_fffb8e90: ; not directly referenced -shr edx, 9 -shr eax, 0xc -mov edi, edx -and eax, 0x3f -and edi, 0xf -mov byte [ebp - 0x40], al -test edi, 8 -je short loc_fffb8eac ; je 0xfffb8eac -sub edi, 0x10 +loc_fffb9875: ; not directly referenced +sub esp, 0xc +push 0 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +test al, al +js loc_fffb9981 ; js 0xfffb9981 +sub esp, 0xc +push 0xa +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 +dec dword [ebp - 0x1c] +jne short loc_fffb9875 ; jne 0xfffb9875 -loc_fffb8eac: ; not directly referenced -xor edx, edx -test bl, bl -je short loc_fffb8ed5 ; je 0xfffb8ed5 -cmp byte [ebp - 0x64], 0 -je short loc_fffb8ed5 ; je 0xfffb8ed5 -mov edx, dword [ebp - 0x60] -mov eax, esi -shl edx, 8 -add edx, 0x140c -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -shr eax, 0xd -mov edi, eax -and edi, 3 +loc_fffb989c: ; not directly referenced +mov ebx, 0x80000012 +jmp short loc_fffb98c4 ; jmp 0xfffb98c4 -loc_fffb8ed5: ; not directly referenced -movsx ecx, byte [ebp - 0x40] -mov eax, dword [ebp - 0x58] -mov bl, byte [ebp - 0x68] -add ecx, 0xc -imul eax, ecx -or bl, byte [ebp - 0x5c] -mov ebx, edi -movsx ebx, bl -je short loc_fffb8f18 ; je 0xfffb8f18 -add ecx, ebx -xor edx, edx -mov esi, dword [ebp - 0x50] -div ecx -xor edx, edx -mov ecx, 5 -div ecx -mov ebx, eax -mov eax, dword [ebp + 0x1c] -add esi, ebx -mov dword [eax], ebx -mov eax, dword [ebp - 0x54] -add eax, ebx -cmp dword [ebp - 0x4c], 0 -cmovne esi, eax -jmp short loc_fffb8f38 ; jmp 0xfffb8f38 +loc_fffb98a3: ; not directly referenced +test al, 4 +je short loc_fffb98f2 ; je 0xfffb98f2 +sub esp, 0xc +push 0xc +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +and eax, 1 +cmp al, 1 +sbb ebx, ebx +and ebx, 0xffffffec +sub ebx, 0x7fffffe5 -loc_fffb8f18: ; not directly referenced -movsx edx, dl -mov esi, dword [ebp - 0x50] -add ecx, edx -xor edx, edx -div ecx -mov ecx, 5 -sub ecx, ebx -xor edx, edx -div ecx -mov ebx, eax -add esi, eax -mov eax, dword [ebp + 0x1c] -mov dword [eax], ebx +loc_fffb98c4: ; not directly referenced +push eax +push eax +push 0xff +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop edx +pop ecx +push 1 +push 0xc +call fcn_fffb4a42 ; call 0xfffb4a42 +pop esi +mov esi, ebx +pop edi +push 0 +push 0xd +call fcn_fffb4a42 ; call 0xfffb4a42 +add esp, 0x10 +jmp near loc_fffb9a3c ; jmp 0xfffb9a3c -loc_fffb8f38: ; not directly referenced -imul eax, dword [ebp - 0x48], 0x3e8 -add esi, esi -xor edx, edx -div esi -mov esi, 0x3e8 -xor edx, edx -mov ecx, eax -div esi -movzx esi, byte [ebp - 0x75] -xor edx, edx -mov dword [ebp - 0x40], esi -mov esi, eax -imul esi, eax -mov dword [ebp - 0x50], eax -mov eax, esi -mov esi, 0x64 -imul eax, ebx -imul ebx, dword [ebp - 0x50] -div esi -xor edx, edx -imul eax, dword [ebp - 0x40] -div esi -mov edx, dword [ebp + 0x1c] -mov dword [edx + 4], eax -mov eax, dword [ebp - 0x48] -xor edx, edx -sub eax, ebx -sub eax, ebx -mov ebx, 0x3e8 -imul eax, eax -div ebx -mov bx, 0x2710 -xor edx, edx -imul eax, eax, 0xd2f0 -div ebx -xor edx, edx -div esi -xor edx, edx -imul eax, dword [ebp - 0x40] -div esi -mov esi, dword [ebp + 0x1c] -mov dword [esi + 8], eax +loc_fffb98f2: ; not directly referenced +test al, 8 +je short loc_fffb9937 ; je 0xfffb9937 +push ebx +push ebx +push 8 +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop esi +pop eax +push 0xff +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 +pop eax +pop edx +push 1 +push 0xc +call fcn_fffb4a42 ; call 0xfffb4a42 +mov dword [esp], 0xa +call fcn_fffb93ec ; call 0xfffb93ec +add esp, 0x10 +dec dword [ebp - 0x24] +je loc_fffb9a32 ; je 0xfffb9a32 +jmp near loc_fffb953c ; jmp 0xfffb953c -loc_fffb8fb2: ; not directly referenced -cmp byte [ebp - 0x3c], 0xb -mov eax, ecx -jne short loc_fffb8ff5 ; jne 0xfffb8ff5 -cmp dword [ebp + 0x18], 0 -je short loc_fffb8fed ; je 0xfffb8fed -mov eax, dword [ebp - 0x44] -mov eax, dword [eax + 0x4c] -mov dword [ebp - 0x3c], eax -mov cl, byte [ebp - 0x3c] -and ecx, 0x1f -cmp dword [ebp - 0x4c], 0 -mov edi, ecx -je short loc_fffb8fe2 ; je 0xfffb8fe2 -mov eax, dword [ebp - 0x44] -mov ecx, dword [eax + 0x50] -mov edi, ecx -and edi, 0x1f +loc_fffb9937: ; not directly referenced +mov eax, dword [ebp + 0x14] +sub eax, 2 +cmp eax, 9 +ja short loc_fffb98c4 ; ja 0xfffb98c4 +jmp dword [eax*4 + ref_fffd5354] ; ujmp: jmp dword [eax*4 - 0x2acac] -loc_fffb8fe2: ; not directly referenced -test edi, 0x10 -je short loc_fffb8fed ; je 0xfffb8fed -sub edi, 0x20 +loc_fffb9949: ; not directly referenced +sub esp, 0xc +push 6 +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +mov byte [ecx + 1], al +mov dword [esp], 5 +jmp short loc_fffb998c ; jmp 0xfffb998c -loc_fffb8fed: ; not directly referenced -mov eax, edi -movsx eax, al -add eax, 0x32 +loc_fffb9962: ; not directly referenced +dec eax +cmp esi, eax +jne loc_fffb9852 ; jne 0xfffb9852 +sub esp, 0xc +push 2 +call fcn_fffb4a61 ; call 0xfffb4a61 +pop edx +pop ecx +and eax, 0xdf +jmp near loc_fffb9847 ; jmp 0xfffb9847 -loc_fffb8ff5: ; not directly referenced -add esp, 0x6c +loc_fffb9981: ; not directly referenced +inc esi +jmp near loc_fffb980d ; jmp 0xfffb980d + +loc_fffb9987: ; not directly referenced +sub esp, 0xc +push 5 + +loc_fffb998c: ; not directly referenced +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +mov byte [ecx], al +jmp short loc_fffb99a6 ; jmp 0xfffb99a6 + +loc_fffb9998: ; not directly referenced +push eax +push eax +push 0x80 +push 0 +call fcn_fffb4a42 ; call 0xfffb4a42 + +loc_fffb99a6: ; not directly referenced +add esp, 0x10 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb99ae: ; not directly referenced +sub esp, 0xc +xor esi, esi +push 5 +call fcn_fffb4a61 ; call 0xfffb4a61 +add esp, 0x10 +movzx edx, al +mov al, 1 +cmp dword [edi], edx +jb short loc_fffb99e8 ; jb 0xfffb99e8 + +loc_fffb99c6: ; not directly referenced +cmp esi, edx +jae short loc_fffb99e6 ; jae 0xfffb99e6 +sub esp, 0xc +push 7 +mov dword [ebp - 0x1c], edx +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +add esp, 0x10 +mov edx, dword [ebp - 0x1c] +mov byte [ecx + esi], al +inc esi +jmp short loc_fffb99c6 ; jmp 0xfffb99c6 + +loc_fffb99e6: ; not directly referenced +xor eax, eax + +loc_fffb99e8: ; not directly referenced +test al, al +mov eax, 0x80000005 +mov dword [edi], edx +cmovne ebx, eax +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb99f9: ; not directly referenced +movzx edx, byte [edi] +movzx ecx, al +lea eax, [edx + ecx] +cmp eax, 0x20 +jg short loc_fffb9a32 ; jg 0xfffb9a32 +xor esi, esi +mov edx, ecx + +loc_fffb9a0b: ; not directly referenced +cmp esi, edx +jae short loc_fffb9a2b ; jae 0xfffb9a2b +sub esp, 0xc +push 7 +mov dword [ebp - 0x1c], edx +call fcn_fffb4a61 ; call 0xfffb4a61 +mov ecx, dword [ebp + 0x20] +add esp, 0x10 +mov edx, dword [ebp - 0x1c] +mov byte [ecx + esi], al +inc esi +jmp short loc_fffb9a0b ; jmp 0xfffb9a0b + +loc_fffb9a2b: ; not directly referenced +mov dword [edi], edx +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb9a32: ; not directly referenced +mov ebx, 0x80000007 +jmp near loc_fffb98c4 ; jmp 0xfffb98c4 + +loc_fffb9a3c: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, esi pop ebx pop esi pop edi pop ebp ret -fcn_fffb8ffd: ; not directly referenced +fcn_fffb9a46: ; not directly referenced push ebp +mov al, 1 mov ebp, esp push edi -mov edi, edx push esi push ebx -mov ebx, eax -sub esp, 0x8c -mov eax, dword [eax + 0x188b] -mov byte [ebp - 0x2a], 0 -mov byte [ebp - 0x29], 0x3c -mov byte [ebp - 0x28], 0x78 -cmp eax, 1 -mov dword [ebp - 0x8c], eax -sbb eax, eax -mov dword [ebp - 0x88], eax -and word [ebp - 0x88], 0xfc19 -add word [ebp - 0x88], 0x3e8 -mov byte [ebp - 0x27], 0x28 -mov byte [ebp - 0x26], 0x14 -mov byte [ebp - 0x25], 0x1e -mov byte [ebp - 0x35], 0 -mov byte [ebp - 0x34], 0x3c -mov byte [ebp - 0x33], 0x78 -mov byte [ebp - 0x32], 0 -mov byte [ebp - 0x31], 0x22 -mov byte [ebp - 0x30], 0x28 -mov byte [ebp - 0x2f], 0x30 -mov byte [ebp - 0x2e], 0 -mov byte [ebp - 0x2d], 0 -mov byte [ebp - 0x2c], 0x78 -mov byte [ebp - 0x2b], 0xf0 -mov dword [ebp - 0x48], ebx -mov dword [ebp - 0x3c], 0 -mov dword [ebp - 0x44], 0 -mov dword [ebp - 0x50], 0 -mov dword [ebp - 0x6c], 0 -mov byte [ebp - 0x76], 0 +xor ebx, ebx +sub esp, 0x2c +lea esi, [ebp - 0x28] +lea edi, [ebp - 0x20] -loc_fffb909d: ; not directly referenced -mov eax, dword [ebp - 0x48] -mov esi, edi -mov dword [ebp - 0x54], 0 -mov word [ebp - 0x4a], 0 -mov word [ebp - 0x56], 0 -add eax, 0x3756 -mov word [ebp - 0x4c], 0 -mov dword [ebp - 0x70], 0 -mov dword [ebp - 0x94], eax +loc_fffb9a59: ; not directly referenced +cmp dword [ebp + 8], 1 +je short loc_fffb9a84 ; je 0xfffb9a84 +cmp dword [ebp + 8], 2 +jne short loc_fffb9aae ; jne 0xfffb9aae +mov ecx, 0x150 +rdmsr +mov dword [ebp - 0x28], eax +push eax +push 8 +push esi +push edi +mov dword [ebp - 0x24], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov al, byte [ebp - 0x19] +shr al, 7 +jmp short loc_fffb9aab ; jmp 0xfffb9aab -loc_fffb90cd: ; not directly referenced -mov ecx, dword [ebp - 0x48] -mov al, byte [ebp - 0x54] -mov edx, dword [ecx + 0x3816] -mov cl, al -mov dword [ebp - 0x90], edx -mov edx, 1 -shl edx, cl -mov ecx, dword [ebp - 0x48] -test byte [ecx + 0x381a], dl -je loc_fffb93e9 ; je 0xfffb93e9 -cmp dword [ebx + 0x2480], 3 -jne short loc_fffb9140 ; jne 0xfffb9140 -cmp al, 1 -ja loc_fffb9474 ; ja 0xfffb9474 -imul eax, dword [ebp - 0x54], 0x18 -mov word [ebp - 0x40], 0x3fff -mov dx, word [ecx + eax + 0x49c7] -and edx, 3 -mov cl, byte [ebp + edx - 0x32] -mov byte [ebp - 0x75], cl -mov ecx, dword [ebp - 0x48] -mov ax, word [ecx + eax + 0x49cf] -and eax, 3 -movzx eax, byte [ebp + eax - 0x2e] -mov word [ebp - 0x68], ax -jmp near loc_fffb91c6 ; jmp 0xfffb91c6 +loc_fffb9a84: ; not directly referenced +mov eax, dword [0xff7d0084] +sub esp, 0xc +mov eax, dword [eax + 0x14] +add eax, 0x48 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +and eax, 0xfffffffe +add eax, 0x5da4 +mov dword [esp], eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +shr eax, 0x1f + +loc_fffb9aab: ; not directly referenced +add esp, 0x10 -loc_fffb9140: ; not directly referenced +loc_fffb9aae: ; not directly referenced +sub esp, 0xc +inc ebx +push 1 +mov dword [ebp - 0x2c], eax +call fcn_fffb93ec ; call 0xfffb93ec +mov eax, dword [ebp - 0x2c] +add esp, 0x10 mov dl, al -and eax, 1 -shr dl, 1 -movzx edx, dl -imul edx, edx, 0x128 -imul eax, eax, 0x18 -add eax, edx -add eax, dword [ebp - 0x94] -mov cx, word [eax + 0x126d] -mov ax, word [eax + 0x126f] -mov word [ebp - 0x68], ax -mov eax, ecx -shr ax, 1 -and eax, 1 -add eax, 6 -mov dword [ebp - 0x40], eax -mov eax, 0xf0 -cdq -idiv dword [ebp - 0x40] -mov edx, ecx -shr dx, 6 and edx, 1 -add edx, edx -shr word [ebp - 0x68], 9 -mov byte [ebp - 0x75], al -mov eax, ecx -shr ax, 9 -and eax, 1 -shl eax, 2 -shr cx, 2 -or eax, edx -and ecx, 1 -or eax, ecx -movzx eax, byte [ebp + eax - 0x2a] -mov word [ebp - 0x40], ax -mov eax, dword [ebp - 0x68] -and eax, 3 -movzx eax, byte [ebp + eax - 0x35] -mov word [ebp - 0x68], ax - -loc_fffb91c6: ; not directly referenced -cmp dword [ebp - 0x70], 0 -jne loc_fffb934b ; jne 0xfffb934b -mov byte [ebp - 0x70], 0 +cmp bx, 0x3e7 +setbe cl +test dl, cl +jne short loc_fffb9a59 ; jne 0xfffb9a59 +cmp bx, 0x3e8 +sete al +and eax, edx +shl eax, 0x1f +lea esp, [ebp - 0xc] +sar eax, 0x1f +pop ebx +and eax, 0x80000012 +pop esi +pop edi +pop ebp +ret -loc_fffb91d4: ; not directly referenced -movzx ecx, byte [ebx + 0x2488] -cmp byte [ebp - 0x70], cl -jae short loc_fffb9258 ; jae 0xfffb9258 -push edx -movzx eax, byte [ebp - 0x70] -xor ecx, ecx -push edx -mov edx, dword [ebp - 0x3c] -push 0 -push 1 -push 0 -push 0 -push 0 -push eax -mov dword [ebp - 0x74], eax -mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d -add esp, 0x18 -mov edx, dword [ebp - 0x3c] -push 0 -xor ecx, ecx -push 1 -push 0 -push 0 -push 1 -push dword [ebp - 0x74] -add word [ebp - 0x56], ax -mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d -add esp, 0x18 -mov edx, dword [ebp - 0x3c] -push 0 -xor ecx, ecx -push 1 -push 0 -push 0 -push 6 -push dword [ebp - 0x74] -add word [ebp - 0x4c], ax -mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d -xor edx, edx -add esp, 0x20 -inc byte [ebp - 0x70] -div word [ebp - 0x88] -add word [ebp - 0x4a], ax -jmp near loc_fffb91d4 ; jmp 0xfffb91d4 +fcn_fffb9af0: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x48 +mov esi, dword [ebp + 8] +push esi +call fcn_fffb9a46 ; call 0xfffb9a46 +add esp, 0x10 +mov ebx, eax +test eax, eax +js loc_fffb9c6c ; js 0xfffb9c6c +cmp esi, 1 +je short loc_fffb9b22 ; je 0xfffb9b22 +cmp esi, 2 +je loc_fffb9bc9 ; je 0xfffb9bc9 +jmp near loc_fffb9c70 ; jmp 0xfffb9c70 -loc_fffb9258: ; not directly referenced -movzx eax, word [ebp - 0x56] -mov dword [ebp - 0x70], 1 -cdq -idiv ecx -mov word [ebp - 0x56], ax -movzx eax, word [ebp - 0x4c] -cdq -idiv ecx -mov word [ebp - 0x4c], ax -movzx eax, word [ebp - 0x4a] -cdq -idiv ecx -cmp dword [ebp - 0x8c], 1 -mov word [ebp - 0x4a], ax -jne loc_fffb934b ; jne 0xfffb934b +loc_fffb9b22: ; not directly referenced +mov eax, dword [0xff7d0084] +sub esp, 0xc +mov eax, dword [eax + 0x14] +add eax, 0x48 push eax -mov edx, dword [ebp - 0x3c] -xor ecx, ecx +call fcn_fffb3fc4 ; call 0xfffb3fc4 +pop edx +pop ecx +push dword [ebp + 0x10] +mov esi, eax +and esi, 0xfffffffe +lea edi, [esi + 0x5da0] +add esi, 0x5da4 +push edi +call fcn_fffb3ffa ; call 0xfffb3ffa +mov eax, dword [ebp + 0xc] +pop edx +pop ecx +or eax, 0x80000000 push eax -lea eax, [ebp - 0x24] +push esi +call fcn_fffb3ffa ; call 0xfffb3ffa +mov dword [esp], 1 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov dword [ebp - 0x40], eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], 0xa +mov dword [ebp - 0x3c], eax +call fcn_fffb93ec ; call 0xfffb93ec +mov dword [esp], esi +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov esi, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov ecx, dword [ebp - 0x40] +add esp, 0x10 +cmp ecx, esi +je short loc_fffb9bbc ; je 0xfffb9bbc +cmp dword [ebp - 0x3c], eax +je short loc_fffb9bbc ; je 0xfffb9bbc + +loc_fffb9bb2: ; not directly referenced +mov eax, 0x80000002 +jmp near loc_fffb9c75 ; jmp 0xfffb9c75 + +loc_fffb9bbc: ; not directly referenced +mov eax, dword [ebp + 0x14] +movzx ecx, cl +mov dword [eax], ecx +jmp near loc_fffb9c6c ; jmp 0xfffb9c6c + +loc_fffb9bc9: ; not directly referenced +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x24], eax +mov eax, dword [ebp + 0x10] +or byte [ebp - 0x21], 0x80 +mov dword [ebp - 0x28], eax push eax -movzx eax, byte [ebx + 0x2488] -push 1 -push 0 -push 0 -push 0xa +push 8 +lea eax, [ebp - 0x28] push eax -mov eax, ebx -mov dword [ebp - 0x24], 0 -call fcn_fffb887d ; call 0xfffb887d -mov eax, dword [ebp - 0x20] -add esp, 0x18 -mov edx, dword [ebp - 0x3c] -xor ecx, ecx -mov dword [edi + 0x20], eax -mov eax, dword [ebp - 0x1c] -mov dword [edi + 0x24], eax -lea eax, [ebp - 0x24] +lea eax, [ebp - 0x30] push eax -movzx eax, byte [ebx + 0x2488] -push 1 -push 0 -push 0 -push 0xc +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x30] +mov ecx, 0x150 +mov edx, dword [ebp - 0x2c] +wrmsr +mov dword [esp], 2 +call fcn_fffb9a46 ; call 0xfffb9a46 +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] push eax -mov eax, ebx -mov dword [ebp - 0x24], 0 -call fcn_fffb887d ; call 0xfffb887d -mov eax, dword [ebp - 0x20] -add esp, 0x18 -add dword [edi + 0x20], eax -xor ecx, ecx -mov eax, dword [ebp - 0x1c] -add dword [edi + 0x24], eax -lea eax, [ebp - 0x24] -mov edx, dword [ebp - 0x3c] +lea eax, [ebp - 0x28] push eax -movzx eax, byte [ebx + 0x2488] -push 1 -push 0 -push 0 -push 0xa +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov dword [esp], 0xa +call fcn_fffb93ec ; call 0xfffb93ec +mov ecx, 0x150 +rdmsr +add esp, 0xc +push 8 +mov dword [ebp - 0x30], eax +lea eax, [ebp - 0x30] push eax -mov eax, ebx -mov dword [ebp - 0x24], 1 -call fcn_fffb887d ; call 0xfffb887d +lea eax, [ebp - 0x20] +push eax +mov dword [ebp - 0x2c], edx +call fcn_fffb01dc ; call 0xfffb01dc +mov eax, dword [ebp - 0x1c] +add esp, 0x10 +cmp dword [ebp - 0x24], eax +je short loc_fffb9c63 ; je 0xfffb9c63 mov eax, dword [ebp - 0x20] -add esp, 0x20 -mov dword [edi + 0x28], eax -mov edx, dword [ebp - 0x1c] -add eax, edx -mov dword [ebp - 0x44], eax -mov eax, dword [edi + 0x20] -add dword [ebp - 0x44], eax -mov eax, dword [edi + 0x24] -add dword [ebp - 0x44], eax -mov eax, dword [ebp - 0x8c] -mov dword [edi + 0x2c], edx -mov dword [ebp - 0x70], eax - -loc_fffb934b: ; not directly referenced -cmp dword [ebp - 0x90], 1 -jne short loc_fffb936b ; jne 0xfffb936b -mov eax, dword [ebp - 0x68] -test ax, ax -cmove ax, word [ebp - 0x40] -mov word [ebp - 0x40], 0x3fff -mov word [ebp - 0x68], ax -jmp short loc_fffb937d ; jmp 0xfffb937d +cmp dword [ebp - 0x28], eax +jne loc_fffb9bb2 ; jne 0xfffb9bb2 -loc_fffb936b: ; not directly referenced -mov ecx, dword [ebp - 0x40] -mov eax, 0x3fff -test cx, cx -cmovne eax, ecx -mov word [ebp - 0x40], ax +loc_fffb9c63: ; not directly referenced +movzx eax, byte [ebp - 0x24] +mov edx, dword [ebp + 0x14] +mov dword [edx], eax -loc_fffb937d: ; not directly referenced -movzx eax, word [ebp - 0x68] -movzx edx, word [ebp - 0x40] -movzx ecx, word [ebp - 0x56] -test ax, ax -cmove eax, edx -push eax -movzx eax, dx -push eax -movzx eax, word [ebp - 0x4c] -mov edx, esi -push eax -movzx eax, byte [ebp - 0x75] -push eax +loc_fffb9c6c: ; not directly referenced mov eax, ebx -call fcn_fffa6d61 ; call 0xfffa6d61 -mov ax, word [ebp - 0x4a] -add esp, 0x10 -add word [esi + 0x30], ax -add ax, word [esi + 0x34] -add eax, dword [ebp - 0x44] -inc byte [ebp - 0x76] -mov word [esi + 0x34], ax -mov eax, dword [esi] -add dword [ebp - 0x6c], eax -mov eax, dword [esi + 4] -add dword [ebp - 0x6c], eax -mov eax, dword [esi + 0x14] -add dword [ebp - 0x6c], eax -mov eax, dword [esi + 8] -add dword [ebp - 0x50], eax -mov eax, dword [esi + 0x10] -add dword [ebp - 0x50], eax -mov eax, dword [esi + 0xc] -add dword [ebp - 0x50], eax -mov eax, dword [esi + 0x18] -add dword [ebp - 0x50], eax - -loc_fffb93e9: ; not directly referenced -inc dword [ebp - 0x54] -add esi, 0x36 -cmp dword [ebp - 0x54], 4 -jne loc_fffb90cd ; jne 0xfffb90cd -inc dword [ebp - 0x3c] -add edi, 0xd8 -add dword [ebp - 0x48], 0x13c3 -cmp dword [ebp - 0x3c], 2 -jne loc_fffb909d ; jne 0xfffb909d -movzx edi, byte [ebp - 0x76] -movzx esi, word [ebp - 0x4a] -mov eax, edi -test al, al -mov al, 1 -cmove edi, eax -xor edx, edx -mov eax, edi -movzx ecx, al -mov eax, dword [ebp - 0x6c] -div ecx -xor edx, edx -add esi, eax -mov eax, dword [ebp - 0x50] -div ecx -cmp byte [ebx + 0x3690], 0 -jne short loc_fffb945c ; jne 0xfffb945c -mov word [ebx + 0x3693], ax -mov eax, dword [ebp - 0x44] -mov word [ebx + 0x3691], si -mov word [ebx + 0x3695], ax -jmp short loc_fffb9474 ; jmp 0xfffb9474 +jmp short loc_fffb9c75 ; jmp 0xfffb9c75 -loc_fffb945c: ; not directly referenced -mov word [ebx + 0x3699], ax -mov eax, dword [ebp - 0x44] -mov word [ebx + 0x3697], si -mov word [ebx + 0x369b], ax +loc_fffb9c70: ; not directly referenced +mov eax, 0x80000003 -loc_fffb9474: ; not directly referenced +loc_fffb9c75: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -35136,1249 +35804,549 @@ pop edi pop ebp ret -fcn_fffb947c: ; not directly referenced +fcn_fffb9c7d: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x1c0 -mov ebx, dword [ebp + 8] -lea esi, [ebp - 0x1c8] -mov eax, dword [ebx + 0x2443] +sub esp, 0x3d0 +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x5edd] +mov dword [ebp - 0x344], eax +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x2444] +push 0x20 +push 0x200 +mov edi, eax +mov dword [ebp - 0x38c], eax +lea eax, [ebp - 0x218] +push eax +mov eax, edi +call dword [eax + 0x5c] ; ucall +mov eax, dword [ebp + 8] +add esp, 0x10 +mov al, byte [eax + 0x248e] +mov byte [ebp - 0x3c8], al +mov eax, dword [ebp + 8] +mov al, byte [eax + 0x248f] +mov byte [ebp - 0x348], al +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 3 +jne loc_fffbb0a1 ; jne 0xfffbb0a1 +mov eax, dword [eax + 0x5edd] +lea edi, [ebp - 0x260] +mov esi, ref_fffd537c ; mov esi, 0xfffd537c +mov ecx, 6 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea ebx, [ebp - 0x2a8] +mov esi, 1 +mov dword [ebp - 0x33c], eax +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x2444] +push edi push 0 -push 0x1b0 -push esi +push 0x10 +push ebx +lea edi, [ebp - 0x298] +mov dword [ebp - 0x340], eax +call dword [eax + 0x5c] ; ucall +mov eax, dword [ebp + 8] +add esp, 0xc +lea edx, [ebp - 0x2c8] +mov byte [ebp - 0x2a7], 1 +mov eax, dword [eax + 0x2444] +push 0 +push 0xc +push edx call dword [eax + 0x5c] ; ucall -mov edx, esi -mov eax, ebx -call fcn_fffb8ffd ; call 0xfffb8ffd add esp, 0x10 -cmp byte [ebx + 0x3690], 0 -je loc_fffb954f ; je 0xfffb954f -mov dx, word [ebx + 0x3691] -xor ecx, ecx -movzx eax, word [ebx + 0x3697] -cmp dx, ax -jbe short loc_fffb94e2 ; jbe 0xfffb94e2 -movzx ecx, dx -xor edx, edx -mov edi, ecx -sub edi, eax -mov eax, edi -shl eax, 8 -div ecx -mov cl, al -loc_fffb94e2: ; not directly referenced -mov dx, word [ebx + 0x3693] -xor esi, esi -movzx eax, word [ebx + 0x3699] -cmp dx, ax -jbe short loc_fffb9509 ; jbe 0xfffb9509 -movzx esi, dx -xor edx, edx -mov edi, esi -sub edi, eax -mov eax, edi -shl eax, 8 -div esi -mov esi, eax +loc_fffb9d58: ; not directly referenced +movzx eax, byte [ebx] +xor ecx, ecx +mov dword [ebp - 0x344], eax -loc_fffb9509: ; not directly referenced -movzx edi, word [ebx + 0x3695] -xor eax, eax -movzx edx, word [ebx + 0x369b] -cmp di, dx -jbe short loc_fffb9529 ; jbe 0xfffb9529 -mov eax, edi -sub eax, edx -xor edx, edx -shl eax, 8 -div edi +loc_fffb9d63: ; not directly referenced +mov eax, dword [ebp + ecx*4 - 0x2c8] +mov edx, eax +add eax, eax +and edx, 0x8000 +movzx eax, ax +shr edx, 0xf +or eax, edx +mov edx, esi +shl edx, cl +and edx, dword [ebp - 0x344] +sar edx, cl +or eax, edx +mov dword [ebp + ecx*4 - 0x2c8], eax +inc ecx +cmp ecx, 3 +jne short loc_fffb9d63 ; jne 0xfffb9d63 +inc ebx +cmp ebx, edi +jne short loc_fffb9d58 ; jne 0xfffb9d58 +lea eax, [ebp - 0x2c8] +lea ebx, [ebp - 0x2bc] -loc_fffb9529: ; not directly referenced -xor edx, edx -mov dl, cl -mov ecx, esi -movzx eax, al -mov dh, cl +loc_fffb9da8: ; not directly referenced +mov edx, dword [eax] +add eax, 4 mov ecx, edx -mov edx, 0x59b8 -shl eax, 0x10 -and ecx, 0xff00ffff -or ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffb9556 ; jmp 0xfffb9556 +add edx, edx +and ecx, 0x8000 +movzx edx, dx +shr ecx, 0xf +or edx, ecx +mov dword [eax - 4], edx +cmp eax, ebx +jne short loc_fffb9da8 ; jne 0xfffb9da8 +mov edi, dword [ebp - 0x33c] +xor ebx, ebx +add edi, 0x1c -loc_fffb954f: ; not directly referenced -mov byte [ebx + 0x3690], 1 +loc_fffb9dd1: ; not directly referenced +imul eax, ebx, 0x13c3 +mov esi, dword [ebp + 8] +test byte [esi + eax + 0x381b], 1 +jne short loc_fffb9e03 ; jne 0xfffb9e03 -loc_fffb9556: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffb9de4: ; not directly referenced +inc ebx +add edi, 0xcc +cmp ebx, 2 +jne short loc_fffb9dd1 ; jne 0xfffb9dd1 +mov byte [ebp - 0x340], 0 +mov byte [ebp - 0x33c], 0 +jmp near loc_fffb9f51 ; jmp 0xfffb9f51 -fcn_fffb9560: ; not directly referenced -push ebp -xor ecx, ecx -mov ebp, esp -push edi +loc_fffb9e03: ; not directly referenced +imul eax, ebx, 0x54a push esi -xor esi, esi -push ebx -mov ebx, eax -sub esp, 0x34 -mov dword [ebp - 0x1c], eax -mov eax, dword [eax + 0x18a7] -lea edi, [ebx + 0x3756] -mov byte [ebp - 0x1d], dl -mov edx, dword [ebx + 0x2480] -mov eax, dword [ebx + eax*4 + 0x3735] -push 0 -push 1 -push 0 -push 0 -push 1 -push 0 -mov dword [ebp - 0x30], eax -shr eax, 1 -mov dword [ebp - 0x28], edx -xor edx, edx -mov dword [ebp - 0x2c], eax -mov eax, ebx -call fcn_fffb887d ; call 0xfffb887d -add esp, 0x20 -mov byte [ebp - 0x1e], 2 -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x34], eax +mov esi, dword [ebp + 8] +push 0xff +push 0x40 +lea eax, [esi + eax + 0x1e69] +push eax +mov eax, dword [ebp - 0x340] +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +mov byte [ebp - 0x33c], 0 -loc_fffb95bf: ; not directly referenced -cmp dword [edi], 2 -jne loc_fffb9676 ; jne 0xfffb9676 -mov al, byte [edi + 0xc4] -xor ecx, ecx -mov byte [ebp - 0x1f], al +loc_fffb9e2f: ; not directly referenced +mov esi, dword [ebp + 8] +mov al, byte [ebp - 0x33c] +cmp al, byte [esi + 0x2489] +jae short loc_fffb9e6c ; jae 0xfffb9e6c +movzx ecx, byte [ebp - 0x33c] +mov edx, ebx +mov eax, dword [ebp + 8] +mov esi, dword [edi + ecx*4 + 0x28] +call fcn_fffa71bc ; call 0xfffa71bc +or esi, 0x60 +mov ecx, esi +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x33c] +jmp short loc_fffb9e2f ; jmp 0xfffb9e2f + +loc_fffb9e6c: ; not directly referenced +mov eax, dword [ebp + 8] +mov ecx, 0xff +mov edx, ebx +mov esi, dword [edi] +call fcn_fffa7236 ; call 0xfffa7236 +or esi, 0x1000008 +mov ecx, esi +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, dword [ebp + 8] +sub esp, 0xc +mov cl, bl +mov edx, 1 +shl edx, cl +mov ecx, 1 +push 0 +call fcn_fffd314a ; call 0xfffd314a +add esp, 0x10 +test eax, eax +je loc_fffb9de4 ; je 0xfffb9de4 +jmp near loc_fffbb9de ; jmp 0xfffbb9de -loc_fffb95d3: ; not directly referenced +loc_fffb9eba: ; not directly referenced +imul eax, ebx, 0x13c3 +mov edi, dword [ebp + 8] +test byte [edi + eax + 0x381b], 1 +je short loc_fffb9f08 ; je 0xfffb9f08 +sub esp, 0xc +mov cl, bl +push dword [ebp - 0x2c0] mov eax, 1 +push dword [ebp - 0x2c4] +mov edx, ebx +push dword [ebp - 0x2c8] shl eax, cl -test byte [ebp - 0x1f], al -je loc_fffb966a ; je 0xfffb966a -mov al, cl -inc esi -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -cmp dword [ebp - 0x28], 3 -lea eax, [edi + eax + 0x126b] -jne short loc_fffb961d ; jne 0xfffb961d -cmp byte [ebp - 0x1d], 0 -mov ebx, 7 -je short loc_fffb965e ; je 0xfffb965e -movzx eax, word [eax + 6] -dec eax -and eax, 0xf -sub ebx, eax -mov eax, 1 -cmove ebx, eax -jmp short loc_fffb965e ; jmp 0xfffb965e +xor ecx, ecx +or byte [ebp - 0x340], al +lea eax, [ebp - 0x260] +push 2 +push eax +mov eax, edi +call fcn_fffd2e0a ; call 0xfffd2e0a +add esp, 0x20 -loc_fffb961d: ; not directly referenced -cmp dword [ebp - 0x28], 2 -jne short loc_fffb9639 ; jne 0xfffb9639 -cmp byte [ebp - 0x1d], 0 -mov ebx, 7 -je short loc_fffb965e ; je 0xfffb965e -movzx eax, word [eax + 2] -and eax, 6 -sub ebx, eax -jmp short loc_fffb965e ; jmp 0xfffb965e +loc_fffb9f08: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffb9eba ; jne 0xfffb9eba +movzx edx, byte [ebp - 0x340] +xor edi, edi +mov eax, dword [ebp + 8] +call fcn_fffd2d1e ; call 0xfffd2d1e -loc_fffb9639: ; not directly referenced -cmp byte [ebp - 0x1d], 0 -mov ebx, 6 -je short loc_fffb965e ; je 0xfffb965e -mov bx, word [eax + 2] -mov eax, ebx -shr ax, 5 -and eax, 1 -shr bx, 1 -add eax, eax -and ebx, 1 -or ebx, eax -add ebx, 6 +loc_fffb9f1f: ; not directly referenced +imul eax, edi, 0x13c3 +mov esi, dword [ebp + 8] +mov dword [ebp - 0x348], eax +test byte [esi + eax + 0x381b], 1 +jne short loc_fffb9f94 ; jne 0xfffb9f94 -loc_fffb965e: ; not directly referenced -mov eax, 0xf0 +loc_fffb9f38: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffb9f1f ; jne 0xfffb9f1f +inc byte [ebp - 0x33c] +cmp byte [ebp - 0x33c], 8 +je loc_fffba067 ; je 0xfffba067 + +loc_fffb9f51: ; not directly referenced +mov dl, byte [ebp - 0x33c] +mov ebx, 1 +mov eax, ebx +shr dl, 1 +movzx ecx, dl +add ecx, 5 +shl eax, cl +mov cl, dl +shl ebx, cl +mov cl, byte [ebp - 0x33c] xor edx, edx -div ebx -add dword [ebp - 0x24], eax +or eax, ebx +mov ebx, edx +and cl, 1 +cmove ebx, eax +cmove eax, edx +mov dword [ebp - 0x254], ebx +xor ebx, ebx +mov dword [ebp - 0x250], eax +jmp near loc_fffb9eba ; jmp 0xfffb9eba -loc_fffb966a: ; not directly referenced -add ecx, 2 -cmp ecx, 4 -jne loc_fffb95d3 ; jne 0xfffb95d3 +loc_fffb9f94: ; not directly referenced +imul eax, edi, 0x54a +mov esi, dword [ebp + 8] +xor ebx, ebx +lea eax, [esi + eax + 0x196b] +mov dword [ebp - 0x344], eax -loc_fffb9676: ; not directly referenced -add edi, 0x13c3 -dec byte [ebp - 0x1e] -jne loc_fffb95bf ; jne 0xfffb95bf -mov eax, esi -mov edi, dword [ebp - 0x34] -mov ecx, 1 -test al, al -mov al, 1 -cmove esi, eax -xor edx, edx -mov eax, esi -movzx esi, al -mov eax, dword [ebp - 0x24] -div esi -test eax, eax -sete bl -test di, di -sete dl -movzx edi, di -test bl, dl -mov ebx, dword [ebp - 0x30] -cmovne eax, ecx -xor edx, edx -add edi, eax -add edi, edi -imul esi, ebx, 0xfa00 -mov eax, esi -div edi -mov edx, dword [ebp - 0x1c] -movzx edi, word [edx + 0x2489] -xor edx, edx -imul edi, edi, 0xc0 -mov esi, eax -imul eax, ebx, 0x7d00 -div edi -mov edx, dword [ebp - 0x1c] -mov edi, 0x64 -imul eax, eax, 0x3e8 -lea ebx, [esi + eax] -movzx esi, word [edx + 0x1902] -xor edx, edx -sub esi, dword [ebp - 0x2c] -shr ebx, 5 -imul eax, esi, 0x3e8 -div edi -mov di, 0xc8 +loc_fffb9fac: ; not directly referenced +mov eax, dword [ebp + 8] +cmp bl, byte [eax + 0x2489] +jae short loc_fffba008 ; jae 0xfffba008 +mov ecx, dword [ebp + 8] +movzx esi, bl +mov edx, dword [ebp - 0x348] +mov eax, dword [ebp - 0x344] +cmp byte [ecx + edx + 0x49bb], 0x20 +mov al, byte [eax + esi + 0x4f6] +jne short loc_fffb9fe8 ; jne 0xfffb9fe8 +test al, 2 +je short loc_fffb9fe8 ; je 0xfffb9fe8 +mov byte [ebp + esi - 0x2e8], 0 +jmp short loc_fffba005 ; jmp 0xfffba005 + +loc_fffb9fe8: ; not directly referenced +mov eax, dword [ebp + 8] +mov ecx, esi +mov edx, edi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb331f ; call 0xfffb331f +mov byte [ebp + esi - 0x2e8], al + +loc_fffba005: ; not directly referenced +inc ebx +jmp short loc_fffb9fac ; jmp 0xfffb9fac + +loc_fffba008: ; not directly referenced xor edx, edx -mov esi, eax -imul eax, dword [ebp - 0x2c], 0x3e8 -div edi + +loc_fffba00a: ; not directly referenced +mov eax, dword [ebp + 8] +cmp dl, byte [eax + 0x2489] +jae loc_fffb9f38 ; jae 0xfffb9f38 +movzx eax, dl +mov al, byte [ebp + eax - 0x2e8] +test al, al +je short loc_fffba064 ; je 0xfffba064 +xor ebx, ebx +xor ecx, ecx +xor esi, esi + +loc_fffba02d: ; not directly referenced +test al, 1 +je short loc_fffba03c ; je 0xfffba03c test esi, esi -cmove esi, ecx -mov edi, ecx -mov edx, 0x3a28 -test eax, eax -cmovne edi, eax -mov eax, dword [ebp - 0x1c] -call fcn_fffae52a ; call 0xfffae52a -xor edx, edx -mov ecx, eax -mov eax, ebx -div edi -mov edi, 0xf -add eax, eax -cmp eax, 0xf -cmovbe edi, eax -mov eax, ebx -xor edx, edx -and edi, 0xf -div esi -and ecx, 0xfffe00ff -mov esi, dword [ebp - 0x1c] -mov edx, 0x1f -shl edi, 8 -lea ebx, [eax + eax] -mov eax, esi -cmp ebx, 0x1f -cmovbe edx, ebx -or ecx, edi -and edx, 0x1f -shl edx, 0xc -or ecx, edx -mov edx, 0x3a28 -and ecx, 0xff0fffff -or ecx, 0x800000 -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -or ah, 1 -mov ecx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -lea esp, [ebp - 0xc] -mov eax, esi -pop ebx -mov edx, 0xe1 -pop esi -pop edi -pop ebp -jmp near fcn_fffa834b ; jmp 0xfffa834b +jne short loc_fffba041 ; jne 0xfffba041 +movzx ebx, cl +mov si, 1 -fcn_fffb97c0: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov bl, cl -sub esp, 0xb0 -mov esi, dword [ebp + 0x10] -mov cl, byte [ebp + 0x14] -mov dword [ebp - 0x74], eax -mov dword [ebp - 0x6c], esi -mov esi, dword [ebp + 0x20] -mov byte [ebp - 0x8a], cl -mov ecx, esi -mov byte [ebp - 0x9b], cl -mov cl, byte [ebp + 0x28] -mov dword [ebp - 0x94], esi -mov esi, dword [eax + 0x2443] -mov byte [ebp - 0x8c], cl -mov ecx, eax +loc_fffba03c: ; not directly referenced +inc ecx +shr al, 1 +jne short loc_fffba02d ; jne 0xfffba02d + +loc_fffba041: ; not directly referenced +mov esi, dword [ebp - 0x344] movzx eax, dl -mov dword [ebp - 0x90], eax -imul eax, eax, 0x13c3 -lea edi, [ecx + eax + 0x3756] -mov eax, dword [edi + 0xc0] -mov dword [ebp - 0x98], eax -mov eax, dword [ecx + 0x188b] -push 0 -push 0x36 -mov dword [ebp - 0x7c], eax -lea eax, [ebp - 0x4e] +lea ecx, [esi + eax*8] +mov al, byte [esi + eax + 0x4f6] +mov esi, dword [ebp - 0x33c] +lea eax, [esi + eax*8] +mov byte [ebx + ecx + 0x4fe], al + +loc_fffba064: ; not directly referenced +inc edx +jmp short loc_fffba00a ; jmp 0xfffba00a + +loc_fffba067: ; not directly referenced +mov eax, dword [ebp + 8] +test byte [eax + 0x381b], 1 +jne short loc_fffba081 ; jne 0xfffba081 + +loc_fffba073: ; not directly referenced +mov eax, dword [ebp + 8] +test byte [eax + 0x4bde], 1 +je short loc_fffba0c6 ; je 0xfffba0c6 +jmp short loc_fffba0a4 ; jmp 0xfffba0a4 + +loc_fffba081: ; not directly referenced +mov eax, dword [ebp + 8] +sub esp, 0xc +mov ecx, 1 +push 2 +mov edx, 1 +call fcn_fffd314a ; call 0xfffd314a +add esp, 0x10 +test eax, eax +je short loc_fffba073 ; je 0xfffba073 +jmp near loc_fffbb9de ; jmp 0xfffbb9de + +loc_fffba0a4: ; not directly referenced +mov eax, dword [ebp + 8] +sub esp, 0xc +mov ecx, 1 +push 2 +mov edx, 2 +call fcn_fffd314a ; call 0xfffd314a +add esp, 0x10 +test eax, eax +jne loc_fffbb9de ; jne 0xfffbb9de + +loc_fffba0c6: ; not directly referenced +mov eax, dword [ebp + 8] +mov esi, dword [eax + 0x5edd] +mov ebx, dword [eax + 0x2444] +mov al, byte [eax + 0x248e] +push ecx +push 0x7f +push 0x48 +mov byte [ebp - 0x34c], al +lea eax, [ebp - 0x2a8] push eax -call dword [esi + 0x5c] ; ucall +call dword [ebx + 0x5c] ; ucall add esp, 0xc push 0 -push 4 -lea eax, [ebp - 0x5e] -push eax -call dword [esi + 0x60] ; ucall -add esp, 0xc -push 0xffff -push 4 -lea eax, [ebp - 0x56] +push 0x48 +lea eax, [ebp - 0x260] push eax -call dword [esi + 0x60] ; ucall +call dword [ebx + 0x5c] ; ucall +lea eax, [esi + 0x1c] add esp, 0x10 -cmp dword [ebp - 0x7c], 1 -mov dword [ebp - 0x88], 0 -jne short loc_fffb9893 ; jne 0xfffb9893 -cmp byte [edi + 0x1390], 5 -mov al, byte [edi + 0x1268] -je short loc_fffb9889 ; je 0xfffb9889 -cmp al, 5 -sete al -movzx eax, al -mov dword [ebp - 0x88], eax -jmp short loc_fffb9893 ; jmp 0xfffb9893 +mov dword [ebp - 0x340], eax +mov esi, eax +xor ebx, ebx -loc_fffb9889: ; not directly referenced -mov dword [ebp - 0x88], 1 +loc_fffba111: ; not directly referenced +imul eax, ebx, 0x13c3 +mov edi, dword [ebp + 8] +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffba18b ; jne 0xfffba18b +mov byte [ebp - 0x33c], 0 -loc_fffb9893: ; not directly referenced -movzx eax, byte [ebp - 0x6c] -mov esi, dword [ebp + 0xc] -mov word [ebp - 0x6c], 0 -mov byte [ebp - 0x8b], 0 -mov edi, eax -mov dword [ebp - 0xa0], eax -movzx eax, byte [ebp - 0x94] -mov word [ebp - 0x6e], 0xffff -mov word [ebp - 0x70], 0 -imul eax, edi -add edi, edi -mov dword [ebp - 0xa4], edi -lea eax, [esi + eax*2] -mov esi, dword [ebp - 0x90] -mov dword [ebp - 0x80], eax +loc_fffba12b: ; not directly referenced +mov edi, dword [ebp + 8] +mov al, byte [ebp - 0x33c] +cmp al, byte [edi + 0x2489] +jae short loc_fffba168 ; jae 0xfffba168 +movzx ecx, byte [ebp - 0x33c] +mov edx, ebx mov eax, dword [ebp + 8] -mov dword [ebp - 0x84], eax -mov eax, esi -add eax, esi -mov dword [ebp - 0xa8], eax -movzx eax, bl -mov dword [ebp - 0xac], eax +mov edi, dword [esi + ecx*4 + 0x28] +call fcn_fffa71bc ; call 0xfffa71bc +or edi, 0x60 +mov ecx, edi +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x33c] +jmp short loc_fffba12b ; jmp 0xfffba12b -loc_fffb98f5: ; not directly referenced -mov al, byte [ebp - 0x8a] -mov bl, byte [ebp - 0x8b] -cmp bl, al -je loc_fffb9ad4 ; je 0xfffb9ad4 -movzx eax, bl -mov ebx, dword [ebp + 0xc] -xor ecx, ecx -lea ebx, [ebx + eax*2] -xor eax, eax +loc_fffba168: ; not directly referenced +mov eax, dword [ebp + 8] +mov ecx, 0xff +mov edx, ebx +mov edi, dword [esi] +call fcn_fffa7236 ; call 0xfffa7236 +or edi, 0x1000008 +mov ecx, edi +mov edx, eax +mov eax, dword [ebp + 8] +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffb9916: ; not directly referenced -cmp byte [ebp - 0x9b], al -jbe short loc_fffb9943 ; jbe 0xfffb9943 -mov dx, word [ebx + ecx] -cmp word [ebp + eax*2 - 0x5e], dx -jae short loc_fffb992e ; jae 0xfffb992e -mov word [ebp + eax*2 - 0x5e], dx +loc_fffba18b: ; not directly referenced +inc ebx +add esi, 0xcc +cmp ebx, 2 +jne loc_fffba111 ; jne 0xfffba111 +xor edi, edi -loc_fffb992e: ; not directly referenced -cmp word [ebp + eax*2 - 0x56], dx -jbe short loc_fffb993a ; jbe 0xfffb993a -mov word [ebp + eax*2 - 0x56], dx +loc_fffba19d: ; not directly referenced +mov ebx, 1 +mov ecx, edi +shl ebx, cl +test byte [ebp - 0x34c], bl +jne short loc_fffba1c1 ; jne 0xfffba1c1 -loc_fffb993a: ; not directly referenced -inc eax -add ecx, dword [ebp - 0xa4] -jmp short loc_fffb9916 ; jmp 0xfffb9916 +loc_fffba1ae: ; not directly referenced +inc edi +cmp edi, 4 +jne short loc_fffba19d ; jne 0xfffba19d +mov esi, dword [ebp - 0x340] +xor ebx, ebx +jmp near loc_fffba2bb ; jmp 0xfffba2bb -loc_fffb9943: ; not directly referenced -cmp dword [ebp + 0x24], 0 -jne loc_fffb9a87 ; jne 0xfffb9a87 -mov edi, dword [ebp - 0x84] +loc_fffba1c1: ; not directly referenced xor esi, esi -xor ebx, ebx -mov eax, dword [ebp - 0x74] -movsx edx, byte [edi + 8] -call fcn_fffa6cfe ; call 0xfffa6cfe -add edi, dword [ebp - 0xa8] -mov byte [ebp - 0x89], 0 -mov byte [ebp - 0x78], 0 -mov word [ebp - 0x9a], ax -loc_fffb997b: ; not directly referenced -mov eax, dword [ebp - 0xac] -bt eax, esi -jae short loc_fffb9a00 ; jae 0xfffb9a00 -push eax -mov edx, dword [ebp - 0x90] -push eax -mov eax, dword [ebp - 0x74] -push 0 -push 1 -push 0 +loc_fffba1c3: ; not directly referenced +imul eax, esi, 0x13c3 +mov ecx, dword [ebp + 8] +mov byte [ebp - 0x33c], bl +test byte [ecx + eax + 0x381b], bl +je short loc_fffba223 ; je 0xfffba223 +mov eax, dword [ebp + 8] +sub esp, 0xc +mov ecx, esi +mov edx, 1 +shl edx, cl +mov ecx, ebx push 0 -push 9 -lea ecx, [esi + esi] +call fcn_fffd314a ; call 0xfffd314a +add esp, 0x10 +test eax, eax +jne loc_fffba7b2 ; jne 0xfffba7b2 +sub esp, 0xc +mov eax, dword [ebp + 8] +mov ecx, edi push 0 -call fcn_fffb887d ; call 0xfffb887d -movzx edx, byte [edi + esi + 4] +mov edx, esi +push 0x4000 +push 0x3000 +push 4 +push ref_fffd6958 ; push 0xfffd6958 +call fcn_fffd2e0a ; call 0xfffd2e0a add esp, 0x20 -add byte [ebp - 0x78], al -movzx ecx, byte [edx + ref_fffd58b8] ; movzx ecx, byte [edx - 0x2a748] -movzx eax, byte [edi + esi] -cmp dword [ebp - 0x98], 1 -mov word [ebp - 0x6c], cx -movzx eax, byte [eax + ref_fffd58b8] ; movzx eax, byte [eax - 0x2a748] -jne short loc_fffb99e0 ; jne 0xfffb99e0 -test cx, cx -cmovne eax, ecx -mov word [ebp - 0x6c], ax -mov eax, 0x3fff -jmp short loc_fffb99eb ; jmp 0xfffb99eb - -loc_fffb99e0: ; not directly referenced -test ax, ax -mov edx, 0x3fff -cmove eax, edx - -loc_fffb99eb: ; not directly referenced -mov ecx, dword [ebp - 0x6c] -test cx, cx -cmove ecx, eax -add ebx, eax -inc byte [ebp - 0x89] -mov word [ebp - 0x6c], cx -loc_fffb9a00: ; not directly referenced +loc_fffba223: ; not directly referenced inc esi cmp esi, 2 -jne loc_fffb997b ; jne 0xfffb997b -cmp byte [ebp - 0x89], 0 -je short loc_fffb9a32 ; je 0xfffb9a32 -movzx esi, byte [ebp - 0x89] -movzx eax, bx -cdq -mov ebx, esi -movzx ecx, bl -idiv ecx -mov ecx, esi -mov ebx, eax -movzx eax, byte [ebp - 0x78] -div cl -mov byte [ebp - 0x78], al - -loc_fffb9a32: ; not directly referenced -lea eax, [ebx - 0x79] -mov ecx, 0x1e -cmp ax, 0x3f85 -mov eax, 0xf0 -cmovbe ebx, eax -movzx eax, word [ebp - 0x6c] -movzx ebx, bx -lea edx, [ebp - 0x4e] -lea esi, [ebp - 0x4e] +jne short loc_fffba1c3 ; jne 0xfffba1c3 push eax -movzx eax, word [ebp - 0x9a] -push ebx +mov ecx, 0x7f push eax -movzx eax, byte [ebp - 0x78] +mov edx, edi +lea eax, [ebp - 0x2a8] +xor si, si push eax -mov eax, dword [ebp - 0x74] -call fcn_fffa6d61 ; call 0xfffa6d61 -mov ax, word [ebp - 0x1a] -mov ecx, 0x36 -mov edi, dword [ebp - 0x80] +mov eax, dword [ebp + 8] +push 2 +call fcn_fffd3280 ; call 0xfffd3280 +xor ecx, ecx +pop eax +pop edx +mov edx, edi +lea eax, [ebp - 0x260] +push eax +mov eax, dword [ebp + 8] +push 0xfffffffffffffffe +call fcn_fffd3280 ; call 0xfffd3280 add esp, 0x10 -mov word [edi], ax -mov eax, dword [ebp - 0x84] -lea edi, [eax + 0xd] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] - -loc_fffb9a87: ; not directly referenced -mov eax, dword [ebp - 0x80] -cmp byte [ebp - 0x8a], 1 -mov ax, word [eax] -je short loc_fffb9ab1 ; je 0xfffb9ab1 -mov edx, dword [ebp - 0x70] -mov bx, word [ebp - 0x6e] -cmp ax, dx -cmovae edx, eax -cmp bx, ax -cmovbe eax, ebx -mov word [ebp - 0x6e], ax -mov eax, edx -jmp short loc_fffb9ab7 ; jmp 0xfffb9ab7 -loc_fffb9ab1: ; not directly referenced -mov word [ebp - 0x6e], 0 +loc_fffba260: ; not directly referenced +imul eax, esi, 0x13c3 +mov ecx, dword [ebp + 8] +mov dl, byte [ebp - 0x33c] +test byte [ecx + eax + 0x381b], dl +jne short loc_fffba283 ; jne 0xfffba283 -loc_fffb9ab7: ; not directly referenced -inc byte [ebp - 0x8b] -add dword [ebp - 0x80], 2 -add dword [ebp - 0x84], 0x54e -mov word [ebp - 0x70], ax -jmp near loc_fffb98f5 ; jmp 0xfffb98f5 +loc_fffba278: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffba260 ; jne 0xfffba260 +jmp near loc_fffba1ae ; jmp 0xfffba1ae -loc_fffb9ad4: ; not directly referenced -mov edi, dword [ebp - 0x94] -mov al, 4 -mov word [ebp - 0x6c], 0x7fff -mov word [ebp - 0x80], 0 -mov ebx, edi -cmp bl, 4 -cmovbe eax, edi -xor edi, edi -mov byte [ebp - 0x78], al -mov eax, dword [ebp - 0x88] -xor eax, 1 -and eax, 1 -mov byte [ebp - 0x89], al +loc_fffba283: ; not directly referenced +push eax +push 1 +push 0x40 +push 1 +push 3 +push 4 +push esi +push dword [ebp + 8] +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp + 8] +add esp, 0x14 +mov ecx, esi +mov edx, 1 +shl edx, cl +mov ecx, ebx +push 2 +call fcn_fffd314a ; call 0xfffd314a +add esp, 0x10 +test eax, eax +je short loc_fffba278 ; je 0xfffba278 +jmp near loc_fffba7b2 ; jmp 0xfffba7b2 -loc_fffb9b07: ; not directly referenced -mov eax, edi -cmp byte [ebp - 0x78], al -jbe loc_fffb9bd4 ; jbe 0xfffb9bd4 -mov si, word [ebp + edi*2 - 0x5e] -add word [ebp - 0x80], si -cmp byte [ebp - 0x8c], 6 -mov eax, dword [ebp + 0x18] -sete dl -cmp dword [ebp - 0x7c], 1 -mov cl, byte [eax + edi] -sete al -xor ebx, ebx -test dl, al -je short loc_fffb9b43 ; je 0xfffb9b43 -cmp cl, 1 -mov eax, 0x28 -cmove ebx, eax +loc_fffba2bb: ; not directly referenced +imul eax, ebx, 0x13c3 +mov edi, dword [ebp + 8] +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffba34b ; je 0xfffba34b -loc_fffb9b43: ; not directly referenced -cmp byte [ebp - 0x8c], 8 -setne dl -cmp dword [ebp - 0x7c], 1 -setne al -or dl, al -jne short loc_fffb9b6c ; jne 0xfffb9b6c -cmp cl, 2 -setne al -or al, byte [ebp - 0x89] -mov eax, 0x50 -cmove ebx, eax - -loc_fffb9b6c: ; not directly referenced -movzx eax, si -mov esi, dword [ebp + 0x1c] -cdq -movzx esi, byte [esi + edi] -idiv esi -movzx esi, cl -mov edx, esi -xor ecx, ecx -mov dword [ebp - 0x84], esi -mov dword [ebp - 0x88], eax -mov eax, dword [ebp - 0x74] -call fcn_fffb13cf ; call 0xfffb13cf -mov edx, dword [ebp - 0x84] -mov ecx, 1 -movzx esi, ax -mov eax, dword [ebp - 0x74] -call fcn_fffb13cf ; call 0xfffb13cf -mov edx, dword [ebp - 0x88] -sub edx, esi -imul edx, edx, 0x64 -movzx eax, ax -add ebx, eax -sub ebx, esi -mov eax, edx -cdq -idiv ebx -mov ebx, dword [ebp - 0x6c] -cmp bx, ax -cmovle eax, ebx -inc edi -mov word [ebp - 0x6c], ax -jmp near loc_fffb9b07 ; jmp 0xfffb9b07 - -loc_fffb9bd4: ; not directly referenced -movzx eax, word [ebp - 0x80] -mov ebx, 0x64 -movzx ecx, byte [ebp - 0x78] -cdq -idiv ecx -mov dword [ebp - 0x74], eax -movsx eax, word [ebp - 0x6c] -imul eax, eax, 0x41 -cdq -idiv ebx -xor bl, bl -movzx edi, ax -cmp ax, 0x64 -jbe short loc_fffb9c04 ; jbe 0xfffb9c04 -lea ebx, [eax - 0x64] -mov edi, 0x64 - -loc_fffb9c04: ; not directly referenced -imul ecx, dword [ebp - 0xa0] -movzx ebx, bx -mov eax, dword [ebp + 0xc] -lea esi, [eax + ecx*2] -xor ecx, ecx -lea eax, [edi + ebx] -mov dword [ebp - 0x7c], eax -movzx eax, word [ebp - 0x6e] -mov dword [ebp - 0x80], eax -movzx eax, word [ebp - 0x70] -mov dword [ebp - 0x84], eax - -loc_fffb9c2d: ; not directly referenced -cmp byte [ebp - 0x8a], cl -jbe short loc_fffb9c93 ; jbe 0xfffb9c93 -cmp word [ebp - 0x6c], 0 -jns short loc_fffb9c44 ; jns 0xfffb9c44 -mov word [esi + ecx*2], 1 -jmp short loc_fffb9c90 ; jmp 0xfffb9c90 - -loc_fffb9c44: ; not directly referenced -mov ax, word [ebp - 0x6e] -cmp word [ebp - 0x70], ax -je short loc_fffb9c68 ; je 0xfffb9c68 -movzx eax, word [esi + ecx*2] -sub eax, dword [ebp - 0x80] -imul eax, eax, 0x64 -cdq -idiv dword [ebp - 0x84] -mov edx, 0x64 -sub edx, eax -jmp short loc_fffb9c6a ; jmp 0xfffb9c6a - -loc_fffb9c68: ; not directly referenced -xor edx, edx - -loc_fffb9c6a: ; not directly referenced -movzx edx, dx -mov ebx, 0x64 -imul edx, dword [ebp - 0x7c] -mov eax, ebx -sub eax, edi -mov dword [ebp - 0x78], eax -mov eax, edx -cdq -idiv ebx -add eax, dword [ebp - 0x78] -imul eax, dword [ebp - 0x74] -cdq -idiv ebx -mov word [esi + ecx*2], ax - -loc_fffb9c90: ; not directly referenced -inc ecx -jmp short loc_fffb9c2d ; jmp 0xfffb9c2d - -loc_fffb9c93: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffb9c9b: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x3d0 -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x5edc] -mov dword [ebp - 0x344], eax -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] -push 0x20 -push 0x200 -mov edi, eax -mov dword [ebp - 0x38c], eax -lea eax, [ebp - 0x218] -push eax -mov eax, edi -call dword [eax + 0x5c] ; ucall -mov eax, dword [ebp + 8] -add esp, 0x10 -mov al, byte [eax + 0x248d] -mov byte [ebp - 0x3c8], al -mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248e] -mov byte [ebp - 0x348], al -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne loc_fffbb0bf ; jne 0xfffbb0bf -mov eax, dword [eax + 0x5edc] -lea edi, [ebp - 0x260] -mov esi, ref_fffd58c0 ; mov esi, 0xfffd58c0 -mov ecx, 6 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea ebx, [ebp - 0x2a8] -mov esi, 1 -mov dword [ebp - 0x33c], eax -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2443] -push edi -push 0 -push 0x10 -push ebx -lea edi, [ebp - 0x298] -mov dword [ebp - 0x340], eax -call dword [eax + 0x5c] ; ucall -mov eax, dword [ebp + 8] -add esp, 0xc -lea edx, [ebp - 0x2c8] -mov byte [ebp - 0x2a7], 1 -mov eax, dword [eax + 0x2443] -push 0 -push 0xc -push edx -call dword [eax + 0x5c] ; ucall -add esp, 0x10 - -loc_fffb9d76: ; not directly referenced -movzx eax, byte [ebx] -xor ecx, ecx -mov dword [ebp - 0x344], eax - -loc_fffb9d81: ; not directly referenced -mov eax, dword [ebp + ecx*4 - 0x2c8] -mov edx, eax -add eax, eax -and edx, 0x8000 -movzx eax, ax -shr edx, 0xf -or eax, edx -mov edx, esi -shl edx, cl -and edx, dword [ebp - 0x344] -sar edx, cl -or eax, edx -mov dword [ebp + ecx*4 - 0x2c8], eax -inc ecx -cmp ecx, 3 -jne short loc_fffb9d81 ; jne 0xfffb9d81 -inc ebx -cmp ebx, edi -jne short loc_fffb9d76 ; jne 0xfffb9d76 -lea eax, [ebp - 0x2c8] -lea ebx, [ebp - 0x2bc] - -loc_fffb9dc6: ; not directly referenced -mov edx, dword [eax] -add eax, 4 -mov ecx, edx -add edx, edx -and ecx, 0x8000 -movzx edx, dx -shr ecx, 0xf -or edx, ecx -mov dword [eax - 4], edx -cmp eax, ebx -jne short loc_fffb9dc6 ; jne 0xfffb9dc6 -mov edi, dword [ebp - 0x33c] -xor ebx, ebx -add edi, 0x1c - -loc_fffb9def: ; not directly referenced -imul eax, ebx, 0x13c3 -mov esi, dword [ebp + 8] -test byte [esi + eax + 0x381a], 1 -jne short loc_fffb9e21 ; jne 0xfffb9e21 - -loc_fffb9e02: ; not directly referenced -inc ebx -add edi, 0xcc -cmp ebx, 2 -jne short loc_fffb9def ; jne 0xfffb9def -mov byte [ebp - 0x340], 0 -mov byte [ebp - 0x33c], 0 -jmp near loc_fffb9f6f ; jmp 0xfffb9f6f - -loc_fffb9e21: ; not directly referenced -imul eax, ebx, 0x54a -push esi -mov esi, dword [ebp + 8] -push 0xff -push 0x40 -lea eax, [esi + eax + 0x1e69] -push eax -mov eax, dword [ebp - 0x340] -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -mov byte [ebp - 0x33c], 0 - -loc_fffb9e4d: ; not directly referenced -mov esi, dword [ebp + 8] -mov al, byte [ebp - 0x33c] -cmp al, byte [esi + 0x2488] -jae short loc_fffb9e8a ; jae 0xfffb9e8a -movzx ecx, byte [ebp - 0x33c] -mov edx, ebx -mov eax, dword [ebp + 8] -mov esi, dword [edi + ecx*4 + 0x28] -call fcn_fffa720e ; call 0xfffa720e -or esi, 0x60 -mov ecx, esi -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x33c] -jmp short loc_fffb9e4d ; jmp 0xfffb9e4d - -loc_fffb9e8a: ; not directly referenced -mov eax, dword [ebp + 8] -mov ecx, 0xff -mov edx, ebx -mov esi, dword [edi] -call fcn_fffa7288 ; call 0xfffa7288 -or esi, 0x1000008 -mov ecx, esi -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, dword [ebp + 8] -sub esp, 0xc -mov cl, bl -mov edx, 1 -shl edx, cl -mov ecx, 1 -push 0 -call fcn_fffd2c53 ; call 0xfffd2c53 -add esp, 0x10 -test eax, eax -je loc_fffb9e02 ; je 0xfffb9e02 -jmp near loc_fffbb9fc ; jmp 0xfffbb9fc - -loc_fffb9ed8: ; not directly referenced -imul eax, ebx, 0x13c3 -mov edi, dword [ebp + 8] -test byte [edi + eax + 0x381a], 1 -je short loc_fffb9f26 ; je 0xfffb9f26 -sub esp, 0xc -mov cl, bl -push dword [ebp - 0x2c0] -mov eax, 1 -push dword [ebp - 0x2c4] -mov edx, ebx -push dword [ebp - 0x2c8] -shl eax, cl -xor ecx, ecx -or byte [ebp - 0x340], al -lea eax, [ebp - 0x260] -push 2 -push eax -mov eax, edi -call fcn_fffd2b18 ; call 0xfffd2b18 -add esp, 0x20 - -loc_fffb9f26: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffb9ed8 ; jne 0xfffb9ed8 -movzx edx, byte [ebp - 0x340] -xor edi, edi -mov eax, dword [ebp + 8] -call fcn_fffd2a2c ; call 0xfffd2a2c - -loc_fffb9f3d: ; not directly referenced -imul eax, edi, 0x13c3 -mov esi, dword [ebp + 8] -mov dword [ebp - 0x348], eax -test byte [esi + eax + 0x381a], 1 -jne short loc_fffb9fb2 ; jne 0xfffb9fb2 - -loc_fffb9f56: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffb9f3d ; jne 0xfffb9f3d -inc byte [ebp - 0x33c] -cmp byte [ebp - 0x33c], 8 -je loc_fffba085 ; je 0xfffba085 - -loc_fffb9f6f: ; not directly referenced -mov dl, byte [ebp - 0x33c] -mov ebx, 1 -mov eax, ebx -shr dl, 1 -movzx ecx, dl -add ecx, 5 -shl eax, cl -mov cl, dl -shl ebx, cl -mov cl, byte [ebp - 0x33c] -xor edx, edx -or eax, ebx -mov ebx, edx -and cl, 1 -cmove ebx, eax -cmove eax, edx -mov dword [ebp - 0x254], ebx -xor ebx, ebx -mov dword [ebp - 0x250], eax -jmp near loc_fffb9ed8 ; jmp 0xfffb9ed8 - -loc_fffb9fb2: ; not directly referenced -imul eax, edi, 0x54a -mov esi, dword [ebp + 8] -xor ebx, ebx -lea eax, [esi + eax + 0x196b] -mov dword [ebp - 0x344], eax - -loc_fffb9fca: ; not directly referenced -mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffba026 ; jae 0xfffba026 -mov ecx, dword [ebp + 8] -movzx esi, bl -mov edx, dword [ebp - 0x348] -mov eax, dword [ebp - 0x344] -cmp byte [ecx + edx + 0x49ba], 0x20 -mov al, byte [eax + esi + 0x4f6] -jne short loc_fffba006 ; jne 0xfffba006 -test al, 2 -je short loc_fffba006 ; je 0xfffba006 -mov byte [ebp + esi - 0x2e8], 0 -jmp short loc_fffba023 ; jmp 0xfffba023 - -loc_fffba006: ; not directly referenced -mov eax, dword [ebp + 8] -mov ecx, esi -mov edx, edi -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a -mov byte [ebp + esi - 0x2e8], al - -loc_fffba023: ; not directly referenced -inc ebx -jmp short loc_fffb9fca ; jmp 0xfffb9fca - -loc_fffba026: ; not directly referenced -xor edx, edx - -loc_fffba028: ; not directly referenced -mov eax, dword [ebp + 8] -cmp dl, byte [eax + 0x2488] -jae loc_fffb9f56 ; jae 0xfffb9f56 -movzx eax, dl -mov al, byte [ebp + eax - 0x2e8] -test al, al -je short loc_fffba082 ; je 0xfffba082 -xor ebx, ebx -xor ecx, ecx -xor esi, esi - -loc_fffba04b: ; not directly referenced -test al, 1 -je short loc_fffba05a ; je 0xfffba05a -test esi, esi -jne short loc_fffba05f ; jne 0xfffba05f -movzx ebx, cl -mov si, 1 - -loc_fffba05a: ; not directly referenced -inc ecx -shr al, 1 -jne short loc_fffba04b ; jne 0xfffba04b - -loc_fffba05f: ; not directly referenced -mov esi, dword [ebp - 0x344] -movzx eax, dl -lea ecx, [esi + eax*8] -mov al, byte [esi + eax + 0x4f6] -mov esi, dword [ebp - 0x33c] -lea eax, [esi + eax*8] -mov byte [ebx + ecx + 0x4fe], al - -loc_fffba082: ; not directly referenced -inc edx -jmp short loc_fffba028 ; jmp 0xfffba028 - -loc_fffba085: ; not directly referenced -mov eax, dword [ebp + 8] -test byte [eax + 0x381a], 1 -jne short loc_fffba09f ; jne 0xfffba09f - -loc_fffba091: ; not directly referenced -mov eax, dword [ebp + 8] -test byte [eax + 0x4bdd], 1 -je short loc_fffba0e4 ; je 0xfffba0e4 -jmp short loc_fffba0c2 ; jmp 0xfffba0c2 - -loc_fffba09f: ; not directly referenced -mov eax, dword [ebp + 8] -sub esp, 0xc -mov ecx, 1 -push 2 -mov edx, 1 -call fcn_fffd2c53 ; call 0xfffd2c53 -add esp, 0x10 -test eax, eax -je short loc_fffba091 ; je 0xfffba091 -jmp near loc_fffbb9fc ; jmp 0xfffbb9fc - -loc_fffba0c2: ; not directly referenced -mov eax, dword [ebp + 8] -sub esp, 0xc -mov ecx, 1 -push 2 -mov edx, 2 -call fcn_fffd2c53 ; call 0xfffd2c53 -add esp, 0x10 -test eax, eax -jne loc_fffbb9fc ; jne 0xfffbb9fc - -loc_fffba0e4: ; not directly referenced -mov eax, dword [ebp + 8] -mov esi, dword [eax + 0x5edc] -mov ebx, dword [eax + 0x2443] -mov al, byte [eax + 0x248d] -push ecx -push 0x7f -push 0x48 -mov byte [ebp - 0x34c], al -lea eax, [ebp - 0x2a8] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x48 -lea eax, [ebp - 0x260] -push eax -call dword [ebx + 0x5c] ; ucall -lea eax, [esi + 0x1c] -add esp, 0x10 -mov dword [ebp - 0x340], eax -mov esi, eax -xor ebx, ebx - -loc_fffba12f: ; not directly referenced -imul eax, ebx, 0x13c3 -mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffba1a9 ; jne 0xfffba1a9 -mov byte [ebp - 0x33c], 0 - -loc_fffba149: ; not directly referenced -mov edi, dword [ebp + 8] -mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae short loc_fffba186 ; jae 0xfffba186 -movzx ecx, byte [ebp - 0x33c] -mov edx, ebx -mov eax, dword [ebp + 8] -mov edi, dword [esi + ecx*4 + 0x28] -call fcn_fffa720e ; call 0xfffa720e -or edi, 0x60 -mov ecx, edi -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x33c] -jmp short loc_fffba149 ; jmp 0xfffba149 - -loc_fffba186: ; not directly referenced -mov eax, dword [ebp + 8] -mov ecx, 0xff -mov edx, ebx -mov edi, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 -or edi, 0x1000008 -mov ecx, edi -mov edx, eax -mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffba1a9: ; not directly referenced +loc_fffba2ce: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -jne loc_fffba12f ; jne 0xfffba12f -xor edi, edi - -loc_fffba1bb: ; not directly referenced -mov ebx, 1 -mov ecx, edi -shl ebx, cl -test byte [ebp - 0x34c], bl -jne short loc_fffba1df ; jne 0xfffba1df - -loc_fffba1cc: ; not directly referenced -inc edi -cmp edi, 4 -jne short loc_fffba1bb ; jne 0xfffba1bb -mov esi, dword [ebp - 0x340] -xor ebx, ebx -jmp near loc_fffba2d9 ; jmp 0xfffba2d9 - -loc_fffba1df: ; not directly referenced -xor esi, esi - -loc_fffba1e1: ; not directly referenced -imul eax, esi, 0x13c3 -mov ecx, dword [ebp + 8] -mov byte [ebp - 0x33c], bl -test byte [ecx + eax + 0x381a], bl -je short loc_fffba241 ; je 0xfffba241 -mov eax, dword [ebp + 8] -sub esp, 0xc -mov ecx, esi -mov edx, 1 -shl edx, cl -mov ecx, ebx -push 0 -call fcn_fffd2c53 ; call 0xfffd2c53 -add esp, 0x10 -test eax, eax -jne loc_fffba7d0 ; jne 0xfffba7d0 -sub esp, 0xc -mov eax, dword [ebp + 8] -mov ecx, edi -push 0 -mov edx, esi -push 0x4000 -push 0x3000 -push 4 -push ref_fffd665c ; push 0xfffd665c -call fcn_fffd2b18 ; call 0xfffd2b18 -add esp, 0x20 - -loc_fffba241: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffba1e1 ; jne 0xfffba1e1 -push eax -mov ecx, 0x7f -push eax -mov edx, edi -lea eax, [ebp - 0x2a8] -xor si, si -push eax -mov eax, dword [ebp + 8] -push 2 -call fcn_fffd2f8e ; call 0xfffd2f8e -xor ecx, ecx -pop eax -pop edx -mov edx, edi -lea eax, [ebp - 0x260] -push eax -mov eax, dword [ebp + 8] -push 0xfffffffffffffffe -call fcn_fffd2f8e ; call 0xfffd2f8e -add esp, 0x10 - -loc_fffba27e: ; not directly referenced -imul eax, esi, 0x13c3 -mov ecx, dword [ebp + 8] -mov dl, byte [ebp - 0x33c] -test byte [ecx + eax + 0x381a], dl -jne short loc_fffba2a1 ; jne 0xfffba2a1 - -loc_fffba296: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffba27e ; jne 0xfffba27e -jmp near loc_fffba1cc ; jmp 0xfffba1cc - -loc_fffba2a1: ; not directly referenced -push eax -push 1 -push 0x40 -push 1 -push 3 -push 4 -push esi -push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp + 8] -add esp, 0x14 -mov ecx, esi -mov edx, 1 -shl edx, cl -mov ecx, ebx -push 2 -call fcn_fffd2c53 ; call 0xfffd2c53 -add esp, 0x10 -test eax, eax -je short loc_fffba296 ; je 0xfffba296 -jmp near loc_fffba7d0 ; jmp 0xfffba7d0 - -loc_fffba2d9: ; not directly referenced -imul eax, ebx, 0x13c3 -mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffba369 ; je 0xfffba369 - -loc_fffba2ec: ; not directly referenced -inc ebx -add esi, 0xcc -cmp ebx, 2 -jne short loc_fffba2d9 ; jne 0xfffba2d9 +jne short loc_fffba2bb ; jne 0xfffba2bb mov eax, dword [ebp + 8] lea esi, [ebp - 0x2e8] lea ebx, [ebp - 0x2c8] -mov edi, dword [eax + 0x2443] +mov edi, dword [eax + 0x2444] push ecx push 0x7f push 0x10 @@ -36405,47 +36373,47 @@ mov dword [ebp - 0x368], eax xor edi, edi mov dword [ebp - 0x3a8], esi mov dword [ebp - 0x3b8], edx -jmp short loc_fffba3c9 ; jmp 0xfffba3c9 +jmp short loc_fffba3ab ; jmp 0xfffba3ab -loc_fffba369: ; not directly referenced +loc_fffba34b: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [esi] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x33c], 0 -loc_fffba38b: ; not directly referenced +loc_fffba36d: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae loc_fffba2ec ; jae 0xfffba2ec +cmp al, byte [edi + 0x2489] +jae loc_fffba2ce ; jae 0xfffba2ce movzx edi, byte [ebp - 0x33c] mov edx, ebx mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [esi + edi*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffba38b ; jmp 0xfffba38b +jmp short loc_fffba36d ; jmp 0xfffba36d -loc_fffba3c9: ; not directly referenced +loc_fffba3ab: ; not directly referenced imul eax, edi, 0x13c3 mov esi, dword [ebp + 8] -cmp dword [esi + eax + 0x3756], 2 -jne loc_fffba5cf ; jne 0xfffba5cf +cmp dword [esi + eax + 0x3757], 2 +jne loc_fffba5b1 ; jne 0xfffba5b1 imul edx, edi, 0x54a mov dword [ebp - 0x344], 0 lea esi, [esi + edx + 0x196b] mov dword [ebp - 0x358], esi mov esi, dword [ebp + 8] -mov al, byte [esi + eax + 0x381a] +mov al, byte [esi + eax + 0x381b] mov byte [ebp - 0x354], al lea eax, [edi*4] mov dword [ebp - 0x38c], eax @@ -36454,15 +36422,15 @@ mov dword [ebp - 0x350], eax mov eax, dword [ebp - 0x378] mov dword [ebp - 0x348], eax -loc_fffba432: ; not directly referenced +loc_fffba414: ; not directly referenced mov cl, byte [ebp - 0x344] mov eax, 1 shl eax, cl test byte [ebp - 0x354], al -je loc_fffba51a ; je 0xfffba51a +je loc_fffba4fc ; je 0xfffba4fc mov eax, dword [ebp + 8] mov dword [ebp - 0x33c], 0 -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x388], al mov eax, dword [ebp - 0x344] add eax, dword [ebp - 0x38c] @@ -36475,36 +36443,36 @@ mov dword [ebp - 0x340], esi mov esi, dword [ebp - 0x3a8] add esi, eax -loc_fffba495: ; not directly referenced +loc_fffba477: ; not directly referenced xor eax, eax -loc_fffba497: ; not directly referenced +loc_fffba479: ; not directly referenced cmp byte [ebp - 0x388], al -jbe short loc_fffba4df ; jbe 0xfffba4df +jbe short loc_fffba4c1 ; jbe 0xfffba4c1 mov edx, dword [ebp - 0x358] mov ecx, dword [ebp - 0x33c] movzx edx, byte [edx + ecx + 0x53e] bt edx, eax -jae short loc_fffba4dc ; jae 0xfffba4dc +jae short loc_fffba4be ; jae 0xfffba4be mov edx, dword [ebp - 0x350] mov dl, byte [edx + eax] cmp byte [esi], dl -jbe short loc_fffba4c7 ; jbe 0xfffba4c7 +jbe short loc_fffba4a9 ; jbe 0xfffba4a9 mov byte [esi], dl -loc_fffba4c7: ; not directly referenced +loc_fffba4a9: ; not directly referenced mov edx, dword [ebp - 0x348] mov ecx, dword [ebp - 0x340] mov dl, byte [edx + eax] cmp byte [ecx], dl -jae short loc_fffba4dc ; jae 0xfffba4dc +jae short loc_fffba4be ; jae 0xfffba4be mov byte [ecx], dl -loc_fffba4dc: ; not directly referenced +loc_fffba4be: ; not directly referenced inc eax -jmp short loc_fffba497 ; jmp 0xfffba497 +jmp short loc_fffba479 ; jmp 0xfffba479 -loc_fffba4df: ; not directly referenced +loc_fffba4c1: ; not directly referenced movzx eax, byte [esi] inc esi mov ecx, dword [ebp - 0x33c] @@ -36518,39 +36486,39 @@ mov edx, dword [ebp - 0x390] sar eax, 1 cmp dword [ebp - 0x33c], 2 mov byte [edx + ecx], al -jne loc_fffba495 ; jne 0xfffba495 +jne loc_fffba477 ; jne 0xfffba477 -loc_fffba51a: ; not directly referenced +loc_fffba4fc: ; not directly referenced inc dword [ebp - 0x344] add dword [ebp - 0x348], 9 add dword [ebp - 0x350], 9 cmp dword [ebp - 0x344], 4 -jne loc_fffba432 ; jne 0xfffba432 +jne loc_fffba414 ; jne 0xfffba414 xor ecx, ecx xor edx, edx mov esi, 1 -loc_fffba544: ; not directly referenced +loc_fffba526: ; not directly referenced mov eax, esi shl eax, cl test byte [ebp - 0x354], al -je short loc_fffba561 ; je 0xfffba561 +je short loc_fffba543 ; je 0xfffba543 mov al, byte [ebx + ecx*2 + 1] inc edx sub al, byte [ebx + ecx*2] mov byte [ebp + ecx - 0x328], al -jmp short loc_fffba569 ; jmp 0xfffba569 +jmp short loc_fffba54b ; jmp 0xfffba54b -loc_fffba561: ; not directly referenced +loc_fffba543: ; not directly referenced mov byte [ebp + ecx - 0x328], 0 -loc_fffba569: ; not directly referenced +loc_fffba54b: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffba544 ; jne 0xfffba544 +jne short loc_fffba526 ; jne 0xfffba526 xor ecx, ecx test dl, dl -je short loc_fffba58d ; je 0xfffba58d +je short loc_fffba56f ; je 0xfffba56f movsx ecx, byte [ebp - 0x328] movsx eax, byte [ebp - 0x327] add eax, ecx @@ -36559,7 +36527,7 @@ cdq idiv ecx mov cl, al -loc_fffba58d: ; not directly referenced +loc_fffba56f: ; not directly referenced mov dl, 2 movsx ax, cl idiv dl @@ -36579,17 +36547,17 @@ add eax, edx sar eax, 1 mov byte [ebp + edi*2 - 0x337], al -loc_fffba5cf: ; not directly referenced +loc_fffba5b1: ; not directly referenced inc edi add ebx, 8 add dword [ebp - 0x378], 0x24 add dword [ebp - 0x368], 0x24 cmp edi, 2 -jne loc_fffba3c9 ; jne 0xfffba3c9 +jne loc_fffba3ab ; jne 0xfffba3ab mov eax, dword [ebp + 8] xor ebx, ebx mov dword [ebp - 0x344], 0 -lea esi, [eax + 0x3756] +lea esi, [eax + 0x3757] lea eax, [ebp - 0x330] mov dword [ebp - 0x350], eax mov eax, dword [ebp + 8] @@ -36600,17 +36568,17 @@ mov dword [ebp - 0x348], eax movzx eax, byte [ebp - 0x34c] mov dword [ebp - 0x33c], eax -loc_fffba632: ; not directly referenced +loc_fffba614: ; not directly referenced cmp dword [esi], 2 -jne loc_fffba78f ; jne 0xfffba78f +jne loc_fffba771 ; jne 0xfffba771 xor edi, edi -loc_fffba63d: ; not directly referenced +loc_fffba61f: ; not directly referenced mov eax, 1 mov ecx, edi shl eax, cl test byte [esi + 0xc4], al -je short loc_fffba66d ; je 0xfffba66d +je short loc_fffba64f ; je 0xfffba64f mov ecx, dword [ebp - 0x348] push edx push 1 @@ -36621,21 +36589,21 @@ push eax push 4 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffba66d: ; not directly referenced +loc_fffba64f: ; not directly referenced inc edi cmp edi, 4 -jne short loc_fffba63d ; jne 0xfffba63d +jne short loc_fffba61f ; jne 0xfffba61f xor ecx, ecx -loc_fffba675: ; not directly referenced +loc_fffba657: ; not directly referenced mov eax, dword [ebp - 0x350] movzx edi, byte [eax + ecx] movzx eax, byte [esi + ecx + 0x241] sub edi, eax -je loc_fffba785 ; je 0xfffba785 +je loc_fffba767 ; je 0xfffba767 push eax mov eax, 1 push 1 @@ -36647,13 +36615,13 @@ mov dword [ebp - 0x344], ecx push 0 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov edx, dword [ebp - 0x340] add esp, 0x20 mov ecx, dword [ebp - 0x344] mov al, byte [edx + 0x542] cmp byte [ecx + edx + 0x53e], al -jne short loc_fffba719 ; jne 0xfffba719 +jne short loc_fffba6fb ; jne 0xfffba6fb push eax push 1 mov eax, dword [esi + 0x111] @@ -36664,7 +36632,7 @@ push dword [ebp - 0x33c] push 2 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 mov eax, dword [esi + 0x109] @@ -36675,16 +36643,16 @@ push dword [ebp - 0x33c] push 3 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov ecx, dword [ebp - 0x344] add esp, 0x20 -loc_fffba719: ; not directly referenced +loc_fffba6fb: ; not directly referenced mov edx, dword [ebp - 0x340] mov dword [ebp - 0x344], 1 mov al, byte [edx + 0x543] cmp byte [ecx + edx + 0x53e], al -jne short loc_fffba785 ; jne 0xfffba785 +jne short loc_fffba767 ; jne 0xfffba767 push eax push 1 mov eax, dword [esi + 0x115] @@ -36696,7 +36664,7 @@ push dword [ebp - 0x33c] push 2 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 add edi, dword [esi + 0x11d] @@ -36706,40 +36674,40 @@ push dword [ebp - 0x33c] push 1 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov ecx, dword [ebp - 0x34c] add esp, 0x20 -loc_fffba785: ; not directly referenced +loc_fffba767: ; not directly referenced inc ecx cmp ecx, 2 -jne loc_fffba675 ; jne 0xfffba675 +jne loc_fffba657 ; jne 0xfffba657 -loc_fffba78f: ; not directly referenced +loc_fffba771: ; not directly referenced inc ebx add esi, 0x13c3 add dword [ebp - 0x350], 2 add dword [ebp - 0x340], 0x54a add dword [ebp - 0x348], 2 cmp ebx, 2 -jne loc_fffba632 ; jne 0xfffba632 +jne loc_fffba614 ; jne 0xfffba614 cmp dword [ebp - 0x344], 0 -je short loc_fffba7d8 ; je 0xfffba7d8 +je short loc_fffba7ba ; je 0xfffba7ba sub esp, 0xc push dword [ebp + 8] -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp short loc_fffba7d8 ; jmp 0xfffba7d8 +jmp short loc_fffba7ba ; jmp 0xfffba7ba -loc_fffba7d0: ; not directly referenced +loc_fffba7b2: ; not directly referenced test eax, eax -jne loc_fffbb9fc ; jne 0xfffbb9fc +jne loc_fffbb9de ; jne 0xfffbb9de -loc_fffba7d8: ; not directly referenced +loc_fffba7ba: ; not directly referenced mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x5edc] -mov esi, dword [eax + 0x2443] -mov al, byte [eax + 0x248d] +mov ebx, dword [eax + 0x5edd] +mov esi, dword [eax + 0x2444] +mov al, byte [eax + 0x248e] push ecx push 0x7f push 0x48 @@ -36759,74 +36727,74 @@ mov dword [ebp - 0x348], eax mov esi, eax xor ebx, ebx -loc_fffba823: ; not directly referenced +loc_fffba805: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffba89d ; jne 0xfffba89d +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffba87f ; jne 0xfffba87f mov byte [ebp - 0x33c], 0 -loc_fffba83d: ; not directly referenced +loc_fffba81f: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae short loc_fffba87a ; jae 0xfffba87a +cmp al, byte [edi + 0x2489] +jae short loc_fffba85c ; jae 0xfffba85c movzx ecx, byte [ebp - 0x33c] mov edx, ebx mov eax, dword [ebp + 8] mov edi, dword [esi + ecx*4 + 0x28] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc or edi, 0x60 mov ecx, edi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffba83d ; jmp 0xfffba83d +jmp short loc_fffba81f ; jmp 0xfffba81f -loc_fffba87a: ; not directly referenced +loc_fffba85c: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx mov edi, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 or edi, 0x1000008 mov ecx, edi mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffba89d: ; not directly referenced +loc_fffba87f: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -jne loc_fffba823 ; jne 0xfffba823 +jne loc_fffba805 ; jne 0xfffba805 xor edi, edi -loc_fffba8af: ; not directly referenced +loc_fffba891: ; not directly referenced mov ebx, 1 mov ecx, edi shl ebx, cl test byte [ebp - 0x340], bl -jne short loc_fffba8d3 ; jne 0xfffba8d3 +jne short loc_fffba8b5 ; jne 0xfffba8b5 -loc_fffba8c0: ; not directly referenced +loc_fffba8a2: ; not directly referenced inc edi cmp edi, 4 -jne short loc_fffba8af ; jne 0xfffba8af +jne short loc_fffba891 ; jne 0xfffba891 mov ebx, dword [ebp - 0x348] xor esi, esi -jmp near loc_fffbaa02 ; jmp 0xfffbaa02 +jmp near loc_fffba9e4 ; jmp 0xfffba9e4 -loc_fffba8d3: ; not directly referenced +loc_fffba8b5: ; not directly referenced xor esi, esi -loc_fffba8d5: ; not directly referenced +loc_fffba8b7: ; not directly referenced imul eax, esi, 0x13c3 mov ecx, dword [ebp + 8] mov byte [ebp - 0x33c], bl -test byte [ecx + eax + 0x381a], bl -je short loc_fffba93b ; je 0xfffba93b +test byte [ecx + eax + 0x381b], bl +je short loc_fffba91d ; je 0xfffba91d mov eax, dword [ebp + 8] sub esp, 0xc mov ecx, esi @@ -36834,11 +36802,11 @@ mov edx, 1 shl edx, cl mov ecx, ebx push 0 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 mov dword [ebp - 0x344], eax test eax, eax -jne loc_fffbb0b4 ; jne 0xfffbb0b4 +jne loc_fffbb096 ; jne 0xfffbb096 sub esp, 0xc mov eax, dword [ebp + 8] mov ecx, edi @@ -36847,14 +36815,14 @@ mov edx, esi push 0x4000 push 0x3000 push 4 -push ref_fffd665c ; push 0xfffd665c -call fcn_fffd2b18 ; call 0xfffd2b18 +push ref_fffd6958 ; push 0xfffd6958 +call fcn_fffd2e0a ; call 0xfffd2e0a add esp, 0x20 -loc_fffba93b: ; not directly referenced +loc_fffba91d: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffba8d5 ; jne 0xfffba8d5 +jne short loc_fffba8b7 ; jne 0xfffba8b7 push eax mov ecx, 0x7f push eax @@ -36864,7 +36832,7 @@ xor si, si push eax mov eax, dword [ebp + 8] push 2 -call fcn_fffd2d89 ; call 0xfffd2d89 +call fcn_fffd2f45 ; call 0xfffd2f45 xor ecx, ecx pop eax pop edx @@ -36873,23 +36841,23 @@ lea eax, [ebp - 0x260] push eax mov eax, dword [ebp + 8] push 0xfffffffffffffffe -call fcn_fffd2d89 ; call 0xfffd2d89 +call fcn_fffd2f45 ; call 0xfffd2f45 add esp, 0x10 -loc_fffba978: ; not directly referenced +loc_fffba95a: ; not directly referenced imul eax, esi, 0x13c3 mov ecx, dword [ebp + 8] mov dl, byte [ebp - 0x33c] -test byte [ecx + eax + 0x381a], dl -jne short loc_fffba99b ; jne 0xfffba99b +test byte [ecx + eax + 0x381b], dl +jne short loc_fffba97d ; jne 0xfffba97d -loc_fffba990: ; not directly referenced +loc_fffba972: ; not directly referenced inc esi cmp esi, 2 -jne short loc_fffba978 ; jne 0xfffba978 -jmp near loc_fffba8c0 ; jmp 0xfffba8c0 +jne short loc_fffba95a ; jne 0xfffba95a +jmp near loc_fffba8a2 ; jmp 0xfffba8a2 -loc_fffba99b: ; not directly referenced +loc_fffba97d: ; not directly referenced push eax push 1 push 0x60 @@ -36898,7 +36866,7 @@ push ebx push 2 push esi push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 push 0x60 @@ -36907,7 +36875,7 @@ push ebx push 3 push esi push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x1c push 1 push 0x60 @@ -36916,7 +36884,7 @@ push ebx push 1 push esi push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a mov eax, dword [ebp + 8] add esp, 0x14 mov ecx, esi @@ -36924,26 +36892,26 @@ mov edx, 1 shl edx, cl mov ecx, ebx push 2 -call fcn_fffd2c53 ; call 0xfffd2c53 +call fcn_fffd314a ; call 0xfffd314a add esp, 0x10 mov dword [ebp - 0x344], eax test eax, eax -je short loc_fffba990 ; je 0xfffba990 -jmp near loc_fffbb0b4 ; jmp 0xfffbb0b4 +je short loc_fffba972 ; je 0xfffba972 +jmp near loc_fffbb096 ; jmp 0xfffbb096 -loc_fffbaa02: ; not directly referenced +loc_fffba9e4: ; not directly referenced imul eax, esi, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffbaa69 ; je 0xfffbaa69 +cmp dword [edi + eax + 0x3757], 2 +je short loc_fffbaa4b ; je 0xfffbaa4b -loc_fffbaa15: ; not directly referenced +loc_fffba9f7: ; not directly referenced inc esi add ebx, 0xcc cmp esi, 2 -jne short loc_fffbaa02 ; jne 0xfffbaa02 +jne short loc_fffba9e4 ; jne 0xfffba9e4 mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] lea eax, [ebp - 0x2c8] push esi xor esi, esi @@ -36962,42 +36930,42 @@ add esp, 0x10 mov dword [ebp - 0x34c], eax lea eax, [ebp - 0x260] mov dword [ebp - 0x348], eax -jmp short loc_fffbaac9 ; jmp 0xfffbaac9 +jmp short loc_fffbaaab ; jmp 0xfffbaaab -loc_fffbaa69: ; not directly referenced +loc_fffbaa4b: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebx] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x33c], 0 -loc_fffbaa8b: ; not directly referenced +loc_fffbaa6d: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x33c] -cmp al, byte [edi + 0x2488] -jae loc_fffbaa15 ; jae 0xfffbaa15 +cmp al, byte [edi + 0x2489] +jae loc_fffba9f7 ; jae 0xfffba9f7 movzx edi, byte [ebp - 0x33c] mov edx, esi mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebx + edi*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x33c] -jmp short loc_fffbaa8b ; jmp 0xfffbaa8b +jmp short loc_fffbaa6d ; jmp 0xfffbaa6d -loc_fffbaac9: ; not directly referenced +loc_fffbaaab: ; not directly referenced imul eax, esi, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffbabfc ; jne 0xfffbabfc -mov al, byte [edi + eax + 0x381a] +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffbabde ; jne 0xfffbabde +mov al, byte [edi + eax + 0x381b] lea ecx, [ebp - 0x18] mov edi, dword [ebp - 0x348] mov dword [ebp - 0x33c], 0 @@ -37010,24 +36978,24 @@ lea eax, [esi + esi] add eax, ecx mov dword [ebp - 0x378], eax -loc_fffbab23: ; not directly referenced +loc_fffbab05: ; not directly referenced mov cl, byte [ebp - 0x33c] mov eax, 1 shl eax, cl test byte [ebp - 0x368], al -je short loc_fffbab4b ; je 0xfffbab4b +je short loc_fffbab2d ; je 0xfffbab2d mov eax, dword [ebp + 8] xor ecx, ecx -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x354], al -jmp short loc_fffbab9c ; jmp 0xfffbab9c +jmp short loc_fffbab7e ; jmp 0xfffbab7e -loc_fffbab4b: ; not directly referenced +loc_fffbab2d: ; not directly referenced inc dword [ebp - 0x33c] add edi, 9 add dword [ebp - 0x344], 9 cmp dword [ebp - 0x33c], 4 -jne short loc_fffbab23 ; jne 0xfffbab23 +jne short loc_fffbab05 ; jne 0xfffbab05 movzx edx, byte [ebp + esi*2 - 0x2c8] movzx eax, byte [ebp + esi*2 - 0x2e8] add eax, edx @@ -37038,11 +37006,11 @@ movzx eax, byte [ebp + esi*2 - 0x2e7] add eax, edx sar eax, 1 mov byte [ebp + esi*2 - 0x307], al -jmp short loc_fffbabfc ; jmp 0xfffbabfc +jmp short loc_fffbabde ; jmp 0xfffbabde -loc_fffbab9c: ; not directly referenced +loc_fffbab7e: ; not directly referenced cmp byte [ebp - 0x354], cl -jbe short loc_fffbab4b ; jbe 0xfffbab4b +jbe short loc_fffbab2d ; jbe 0xfffbab2d mov edx, dword [ebp - 0x350] mov eax, dword [ebp + 8] mov ebx, dword [ebp - 0x344] @@ -37062,22 +37030,22 @@ cmp byte [eax - 0x2d0], dl cmovae edx, ebx inc ecx mov byte [eax - 0x2d0], dl -jmp short loc_fffbab9c ; jmp 0xfffbab9c +jmp short loc_fffbab7e ; jmp 0xfffbab7e -loc_fffbabfc: ; not directly referenced +loc_fffbabde: ; not directly referenced inc esi add dword [ebp - 0x34c], 0x24 add dword [ebp - 0x348], 0x24 cmp esi, 2 -jne loc_fffbaac9 ; jne 0xfffbaac9 +jne loc_fffbaaab ; jne 0xfffbaaab movzx esi, byte [ebp - 0x340] xor ebx, ebx -loc_fffbac1d: ; not directly referenced +loc_fffbabff: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbac9f ; jne 0xfffbac9f +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffbac81 ; jne 0xfffbac81 movzx eax, byte [ebp + ebx*2 - 0x308] push ecx push 1 @@ -37087,7 +37055,7 @@ push esi push 2 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx*2 - 0x308] add esp, 0x1c push 1 @@ -37097,7 +37065,7 @@ push esi push 3 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx*2 - 0x307] add esp, 0x1c push 1 @@ -37107,7 +37075,7 @@ push esi push 2 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a movzx eax, byte [ebp + ebx*2 - 0x307] add esp, 0x1c push 1 @@ -37117,67 +37085,67 @@ push esi push 1 push ebx push dword [ebp + 8] -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffbac9f: ; not directly referenced +loc_fffbac81: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffbac1d ; jne 0xfffbac1d +jne loc_fffbabff ; jne 0xfffbabff mov eax, dword [ebp + 8] mov dword [ebp - 0x344], 0 mov dword [ebp - 0x348], 0x4224 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x34c], eax mov eax, dword [ebp + 8] add eax, 0x196b mov dword [ebp - 0x340], eax -loc_fffbacd9: ; not directly referenced +loc_fffbacbb: ; not directly referenced mov eax, dword [ebp - 0x34c] cmp dword [eax], 2 -jne loc_fffbb079 ; jne 0xfffbb079 +jne loc_fffbb05b ; jne 0xfffbb05b xor ebx, ebx xor edi, edi mov byte [ebp - 0x350], 0 xor ecx, ecx xor eax, eax -loc_fffbacf7: ; not directly referenced +loc_fffbacd9: ; not directly referenced mov esi, dword [ebp - 0x340] mov dl, byte [esi + eax + 0x4f6] cmp dl, 2 -je short loc_fffbad29 ; je 0xfffbad29 -ja short loc_fffbad17 ; ja 0xfffbad17 +je short loc_fffbad0b ; je 0xfffbad0b +ja short loc_fffbacf9 ; ja 0xfffbacf9 mov esi, eax and esi, 7 test dl, dl cmove ebx, esi -jmp short loc_fffbad3b ; jmp 0xfffbad3b +jmp short loc_fffbad1d ; jmp 0xfffbad1d -loc_fffbad17: ; not directly referenced +loc_fffbacf9: ; not directly referenced cmp dl, 4 -je short loc_fffbad30 ; je 0xfffbad30 +je short loc_fffbad12 ; je 0xfffbad12 mov esi, eax and esi, 7 cmp dl, 6 cmove ecx, esi -jmp short loc_fffbad3b ; jmp 0xfffbad3b +jmp short loc_fffbad1d ; jmp 0xfffbad1d -loc_fffbad29: ; not directly referenced +loc_fffbad0b: ; not directly referenced mov edi, eax and edi, 7 -jmp short loc_fffbad3b ; jmp 0xfffbad3b +jmp short loc_fffbad1d ; jmp 0xfffbad1d -loc_fffbad30: ; not directly referenced +loc_fffbad12: ; not directly referenced mov dl, al and edx, 7 mov byte [ebp - 0x350], dl -loc_fffbad3b: ; not directly referenced +loc_fffbad1d: ; not directly referenced inc eax cmp eax, 8 -jne short loc_fffbacf7 ; jne 0xfffbacf7 +jne short loc_fffbacd9 ; jne 0xfffbacd9 mov eax, edi mov edx, ebx shl eax, 0x1c @@ -37228,85 +37196,85 @@ xor edx, edx mov dword [ebp - 0x3cc], eax xor eax, eax -loc_fffbae25: ; not directly referenced +loc_fffbae07: ; not directly referenced mov ecx, dword [ebp - 0x398] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 1 -je short loc_fffbae49 ; je 0xfffbae49 -jb short loc_fffbae41 ; jb 0xfffbae41 +je short loc_fffbae2b ; je 0xfffbae2b +jb short loc_fffbae23 ; jb 0xfffbae23 cmp cl, 2 cmove esi, eax -jmp short loc_fffbae4f ; jmp 0xfffbae4f +jmp short loc_fffbae31 ; jmp 0xfffbae31 -loc_fffbae41: ; not directly referenced +loc_fffbae23: ; not directly referenced mov byte [ebp - 0x368], al -jmp short loc_fffbae4f ; jmp 0xfffbae4f +jmp short loc_fffbae31 ; jmp 0xfffbae31 -loc_fffbae49: ; not directly referenced +loc_fffbae2b: ; not directly referenced mov byte [ebp - 0x378], al -loc_fffbae4f: ; not directly referenced +loc_fffbae31: ; not directly referenced mov ecx, dword [ebp - 0x394] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 0x11 -je short loc_fffbae6e ; je 0xfffbae6e +je short loc_fffbae50 ; je 0xfffbae50 cmp cl, 0x12 -je short loc_fffbae76 ; je 0xfffbae76 +je short loc_fffbae58 ; je 0xfffbae58 cmp cl, 0x10 cmove edi, eax -jmp short loc_fffbae7c ; jmp 0xfffbae7c +jmp short loc_fffbae5e ; jmp 0xfffbae5e -loc_fffbae6e: ; not directly referenced +loc_fffbae50: ; not directly referenced mov byte [ebp - 0x3a8], al -jmp short loc_fffbae7c ; jmp 0xfffbae7c +jmp short loc_fffbae5e ; jmp 0xfffbae5e -loc_fffbae76: ; not directly referenced +loc_fffbae58: ; not directly referenced mov byte [ebp - 0x390], al -loc_fffbae7c: ; not directly referenced +loc_fffbae5e: ; not directly referenced mov ecx, dword [ebp - 0x3d0] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 0x21 -je short loc_fffbaea7 ; je 0xfffbaea7 +je short loc_fffbae89 ; je 0xfffbae89 cmp cl, 0x22 -je short loc_fffbaeaf ; je 0xfffbaeaf +je short loc_fffbae91 ; je 0xfffbae91 cmp cl, 0x20 mov cl, byte [ebp - 0x350] cmove ecx, eax mov byte [ebp - 0x350], cl -jmp short loc_fffbaeb5 ; jmp 0xfffbaeb5 +jmp short loc_fffbae97 ; jmp 0xfffbae97 -loc_fffbaea7: ; not directly referenced +loc_fffbae89: ; not directly referenced mov byte [ebp - 0x38c], al -jmp short loc_fffbaeb5 ; jmp 0xfffbaeb5 +jmp short loc_fffbae97 ; jmp 0xfffbae97 -loc_fffbaeaf: ; not directly referenced +loc_fffbae91: ; not directly referenced mov byte [ebp - 0x358], al -loc_fffbaeb5: ; not directly referenced +loc_fffbae97: ; not directly referenced mov ecx, dword [ebp - 0x3cc] mov cl, byte [ecx + edx + 0x4fe] cmp cl, 0x31 -je short loc_fffbaed4 ; je 0xfffbaed4 +je short loc_fffbaeb6 ; je 0xfffbaeb6 cmp cl, 0x32 -je short loc_fffbaedc ; je 0xfffbaedc +je short loc_fffbaebe ; je 0xfffbaebe cmp cl, 0x30 cmove ebx, eax -jmp short loc_fffbaee2 ; jmp 0xfffbaee2 +jmp short loc_fffbaec4 ; jmp 0xfffbaec4 -loc_fffbaed4: ; not directly referenced +loc_fffbaeb6: ; not directly referenced mov byte [ebp - 0x3c8], al -jmp short loc_fffbaee2 ; jmp 0xfffbaee2 +jmp short loc_fffbaec4 ; jmp 0xfffbaec4 -loc_fffbaedc: ; not directly referenced +loc_fffbaebe: ; not directly referenced mov byte [ebp - 0x3b8], al -loc_fffbaee2: ; not directly referenced +loc_fffbaec4: ; not directly referenced inc eax inc edx and eax, 7 cmp edx, 8 -jne loc_fffbae25 ; jne 0xfffbae25 +jne loc_fffbae07 ; jne 0xfffbae07 mov ecx, dword [ebp - 0x368] and esi, 7 and edi, 7 @@ -37357,7 +37325,7 @@ shl eax, 0x14 or esi, eax mov eax, dword [ebp - 0x34c] cmp byte [eax + 0x1264], 0x20 -jne loc_fffbb03c ; jne 0xfffbb03c +jne loc_fffbb01e ; jne 0xfffbb01e mov ebx, dword [ebp - 0x3d4] and ecx, 0x8fffffff and esi, 0x8fffffff @@ -37397,7 +37365,7 @@ shl eax, 0xc and eax, 0x700000 or esi, eax -loc_fffbb03c: ; not directly referenced +loc_fffbb01e: ; not directly referenced mov edi, dword [ebp - 0x348] mov ebx, dword [ebp + 8] mov eax, edi @@ -37406,7 +37374,7 @@ cmp dword [ebx + 0x188b], 1 lea edx, [edi + 4] cmovne edx, eax mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, edi mov ecx, esi lea edx, [edi + 8] @@ -37414,30 +37382,30 @@ mov edi, dword [ebp + 8] cmp dword [edi + 0x188b], 1 cmovne edx, eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb079: ; not directly referenced +loc_fffbb05b: ; not directly referenced mov eax, dword [ebp - 0x348] add dword [ebp - 0x34c], 0x13c3 add dword [ebp - 0x340], 0x54a add eax, 0x400 cmp eax, 0x4a24 -je short loc_fffbb0aa ; je 0xfffbb0aa +je short loc_fffbb08c ; je 0xfffbb08c mov dword [ebp - 0x348], eax -jmp near loc_fffbacd9 ; jmp 0xfffbacd9 +jmp near loc_fffbacbb ; jmp 0xfffbacbb -loc_fffbb0aa: ; not directly referenced +loc_fffbb08c: ; not directly referenced mov eax, dword [ebp + 8] -mov byte [eax + 0x247c], 1 +mov byte [eax + 0x247d], 1 -loc_fffbb0b4: ; not directly referenced +loc_fffbb096: ; not directly referenced mov eax, dword [ebp - 0x344] -jmp near loc_fffbb9fc ; jmp 0xfffbb9fc +jmp near loc_fffbb9de ; jmp 0xfffbb9de -loc_fffbb0bf: ; not directly referenced +loc_fffbb0a1: ; not directly referenced mov eax, dword [ebp + 8] mov edi, dword [ebp - 0x344] -add eax, 0x3756 +add eax, 0x3757 add edi, 0x70 mov ebx, eax mov dword [ebp - 0x3d0], edi @@ -37445,47 +37413,47 @@ mov esi, edi xor edi, edi mov dword [ebp - 0x3cc], eax -loc_fffbb0e2: ; not directly referenced +loc_fffbb0c4: ; not directly referenced cmp dword [ebx], 2 -jne loc_fffbb17d ; jne 0xfffbb17d +jne loc_fffbb15f ; jne 0xfffbb15f mov byte [ebp - 0x340], 0 -loc_fffbb0f2: ; not directly referenced +loc_fffbb0d4: ; not directly referenced mov eax, dword [ebp + 8] mov cl, byte [ebp - 0x340] -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] cmp cl, al -jae short loc_fffbb16c ; jae 0xfffbb16c +jae short loc_fffbb14e ; jae 0xfffbb14e movzx eax, cl mov dword [ebp - 0x33c], 0 mov dword [ebp - 0x34c], eax -loc_fffbb119: ; not directly referenced +loc_fffbb0fb: ; not directly referenced mov cl, byte [ebp - 0x33c] mov eax, 1 shl eax, cl test byte [ebx + 0xc4], al -je short loc_fffbb155 ; je 0xfffbb155 +je short loc_fffbb137 ; je 0xfffbb137 mov eax, dword [ebp + 8] cmp byte [eax + 0x18b2], 1 -jne short loc_fffbb155 ; jne 0xfffbb155 +jne short loc_fffbb137 ; jne 0xfffbb137 push edx mov ecx, dword [ebp - 0x33c] mov edx, edi push 0x20 push 5 push dword [ebp - 0x34c] -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -loc_fffbb155: ; not directly referenced +loc_fffbb137: ; not directly referenced inc dword [ebp - 0x33c] cmp dword [ebp - 0x33c], 4 -jne short loc_fffbb119 ; jne 0xfffbb119 +jne short loc_fffbb0fb ; jne 0xfffbb0fb inc byte [ebp - 0x340] -jmp short loc_fffbb0f2 ; jmp 0xfffbb0f2 +jmp short loc_fffbb0d4 ; jmp 0xfffbb0d4 -loc_fffbb16c: ; not directly referenced +loc_fffbb14e: ; not directly referenced push ecx push 0 push eax @@ -37494,26 +37462,26 @@ push esi call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffbb17d: ; not directly referenced +loc_fffbb15f: ; not directly referenced inc edi add ebx, 0x13c3 add esi, 0xcc cmp edi, 2 -jne loc_fffbb0e2 ; jne 0xfffbb0e2 +jne loc_fffbb0c4 ; jne 0xfffbb0c4 mov eax, dword [ebp + 8] movzx edx, byte [ebp - 0x348] -call fcn_fffb27d5 ; call 0xfffb27d5 +call fcn_fffaeb5f ; call 0xfffaeb5f mov eax, dword [ebp - 0x344] mov dword [ebp - 0x33c], 0 add eax, 0x1c mov dword [ebp - 0x3b8], eax -loc_fffbb1bb: ; not directly referenced +loc_fffbb19d: ; not directly referenced mov edi, dword [ebp - 0x33c] mov eax, edi mov byte [ebp - 0x388], al cmp edi, 0x80 -je loc_fffbb85b ; je 0xfffbb85b +je loc_fffbb83d ; je 0xfffbb83d mov edi, dword [ebp - 0x33c] mov eax, edi and eax, 0x7f @@ -37528,10 +37496,10 @@ or ecx, edx mov edx, 0x390c or ecx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 sub esp, 0xc push dword [ebp + 8] -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d mov eax, edi add esp, 0x10 shr al, 1 @@ -37541,39 +37509,39 @@ mov dword [ebp - 0x378], eax mov dword [ebp - 0x390], 0 mov dword [ebp - 0x358], 0 -loc_fffbb238: ; not directly referenced +loc_fffbb21a: ; not directly referenced mov cl, byte [ebp - 0x358] mov dword [ebp - 0x340], 1 shl dword [ebp - 0x340], cl mov al, byte [ebp - 0x340] test byte [ebp - 0x3c8], al -jne short loc_fffbb284 ; jne 0xfffbb284 +jne short loc_fffbb266 ; jne 0xfffbb266 -loc_fffbb25c: ; not directly referenced +loc_fffbb23e: ; not directly referenced inc dword [ebp - 0x358] inc dword [ebp - 0x378] add dword [ebp - 0x390], 4 cmp dword [ebp - 0x358], 4 -jne short loc_fffbb238 ; jne 0xfffbb238 +jne short loc_fffbb21a ; jne 0xfffbb21a add dword [ebp - 0x33c], 2 -jmp near loc_fffbb1bb ; jmp 0xfffbb1bb +jmp near loc_fffbb19d ; jmp 0xfffbb19d -loc_fffbb284: ; not directly referenced +loc_fffbb266: ; not directly referenced xor ebx, ebx -loc_fffbb286: ; not directly referenced +loc_fffbb268: ; not directly referenced mov edi, dword [ebp - 0x340] mov edx, ebx mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 imul eax, ebx, 0x13c3 mov esi, dword [ebp + 8] mov dword [ebp + ebx*4 - 0x338], 0 mov edx, edi mov dword [ebp + ebx*4 - 0x330], 0 -test byte [esi + eax + 0x381a], dl -je short loc_fffbb300 ; je 0xfffbb300 +test byte [esi + eax + 0x381b], dl +je short loc_fffbb2e2 ; je 0xfffbb2e2 mov ecx, dword [ebp - 0x340] mov eax, esi mov esi, ebx @@ -37582,34 +37550,34 @@ push edx mov edx, ebx push 4 push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov eax, dword [ebp + 8] shl esi, 0xa add esi, 0x4194 mov edx, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, esi or eax, 0x80000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -loc_fffbb300: ; not directly referenced +loc_fffbb2e2: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffbb286 ; jne 0xfffbb286 +jne short loc_fffbb268 ; jne 0xfffbb268 mov al, byte [ebp - 0x340] mov dword [ebp - 0x34c], 0xffffffe0 mov byte [ebp - 0x344], al mov eax, dword [ebp + 8] -movzx ecx, byte [eax + 0x2488] +movzx ecx, byte [eax + 0x2489] mov eax, 1 shl eax, cl dec eax mov dword [ebp - 0x348], eax -loc_fffbb334: ; not directly referenced +loc_fffbb316: ; not directly referenced push 1 mov edi, dword [ebp - 0x34c] xor ebx, ebx @@ -37626,23 +37594,23 @@ push edi push 1 push dword [ebp + 8] mov byte [ebp - 0x350], al -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov edi, dword [ebp - 0x3b8] add esp, 0x30 -loc_fffbb36a: ; not directly referenced +loc_fffbb34c: ; not directly referenced imul eax, ebx, 0x13c3 mov ecx, dword [ebp + 8] xor esi, esi mov dl, byte [ebp - 0x344] -test byte [ecx + eax + 0x381a], dl -je short loc_fffbb3e3 ; je 0xfffbb3e3 +test byte [ecx + eax + 0x381b], dl +je short loc_fffbb3c5 ; je 0xfffbb3c5 -loc_fffbb384: ; not directly referenced +loc_fffbb366: ; not directly referenced mov ecx, dword [ebp + 8] mov eax, esi -cmp al, byte [ecx + 0x2488] -jae short loc_fffbb3c2 ; jae 0xfffbb3c2 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbb3a4 ; jae 0xfffbb3a4 mov eax, esi mov edx, ebx movzx eax, al @@ -37650,117 +37618,117 @@ inc esi mov ecx, eax mov dword [ebp - 0x354], eax mov eax, dword [ebp + 8] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebp - 0x354] mov ecx, dword [edi + ecx*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] or ecx, 0x60 -call fcn_fffaeb7c ; call 0xfffaeb7c -jmp short loc_fffbb384 ; jmp 0xfffbb384 +call fcn_fffb38b3 ; call 0xfffb38b3 +jmp short loc_fffbb366 ; jmp 0xfffbb366 -loc_fffbb3c2: ; not directly referenced +loc_fffbb3a4: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [edi] or ecx, 0x1000001 mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb3e3: ; not directly referenced +loc_fffbb3c5: ; not directly referenced inc ebx add edi, 0xcc cmp ebx, 2 -jne loc_fffbb36a ; jne 0xfffbb36a +jne loc_fffbb34c ; jne 0xfffbb34c mov eax, dword [ebp + 8] xor bl, bl -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov ecx, 5 mov edx, 0x4800 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 mov eax, dword [ebp + 8] mov edx, 2 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov edx, 2 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 mov eax, dword [ebp + 8] mov ecx, 2 mov edx, 0x4800 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb443: ; not directly referenced +loc_fffbb425: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] mov dl, byte [ebp - 0x344] -test byte [edi + eax + 0x381a], dl -je short loc_fffbb4c5 ; je 0xfffbb4c5 +test byte [edi + eax + 0x381b], dl +je short loc_fffbb4a7 ; je 0xfffbb4a7 xor edi, edi -loc_fffbb45d: ; not directly referenced +loc_fffbb43f: ; not directly referenced mov ecx, dword [ebp + 8] mov eax, edi -cmp al, byte [ecx + 0x2488] -jae short loc_fffbb4a2 ; jae 0xfffbb4a2 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbb484 ; jae 0xfffbb484 mov eax, edi mov edx, ebx movzx ecx, al mov eax, dword [ebp + 8] -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 1 mov ecx, edi shl edx, cl dec eax -jne short loc_fffbb498 ; jne 0xfffbb498 +jne short loc_fffbb47a ; jne 0xfffbb47a or dword [ebp + ebx*4 - 0x338], edx -jmp short loc_fffbb49f ; jmp 0xfffbb49f +jmp short loc_fffbb481 ; jmp 0xfffbb481 -loc_fffbb498: ; not directly referenced +loc_fffbb47a: ; not directly referenced or dword [ebp + ebx*4 - 0x330], edx -loc_fffbb49f: ; not directly referenced +loc_fffbb481: ; not directly referenced inc edi -jmp short loc_fffbb45d ; jmp 0xfffbb45d +jmp short loc_fffbb43f ; jmp 0xfffbb43f -loc_fffbb4a2: ; not directly referenced +loc_fffbb484: ; not directly referenced mov eax, dword [ebp - 0x348] cmp dword [ebp + ebx*4 - 0x338], eax -jne short loc_fffbb4c5 ; jne 0xfffbb4c5 +jne short loc_fffbb4a7 ; jne 0xfffbb4a7 mov edi, dword [ebp - 0x378] mov al, byte [ebp - 0x350] cmp byte [edi + ebx*4], al -jle short loc_fffbb4c5 ; jle 0xfffbb4c5 +jle short loc_fffbb4a7 ; jle 0xfffbb4a7 mov byte [edi + ebx*4], al -loc_fffbb4c5: ; not directly referenced +loc_fffbb4a7: ; not directly referenced inc ebx cmp ebx, 2 -jne loc_fffbb443 ; jne 0xfffbb443 +jne loc_fffbb425 ; jne 0xfffbb425 mov ebx, dword [ebp - 0x3b8] xor edi, edi -loc_fffbb4d7: ; not directly referenced +loc_fffbb4b9: ; not directly referenced imul eax, edi, 0x13c3 mov ecx, dword [ebp + 8] xor esi, esi mov dl, byte [ebp - 0x344] -test byte [ecx + eax + 0x381a], dl -je short loc_fffbb54e ; je 0xfffbb54e +test byte [ecx + eax + 0x381b], dl +je short loc_fffbb530 ; je 0xfffbb530 -loc_fffbb4f1: ; not directly referenced +loc_fffbb4d3: ; not directly referenced mov edx, dword [ebp + 8] mov eax, esi -cmp al, byte [edx + 0x2488] -jae short loc_fffbb52c ; jae 0xfffbb52c +cmp al, byte [edx + 0x2489] +jae short loc_fffbb50e ; jae 0xfffbb50e mov eax, esi mov edx, edi movzx eax, al @@ -37768,53 +37736,53 @@ inc esi mov ecx, eax mov dword [ebp - 0x350], eax mov eax, dword [ebp + 8] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [ebp - 0x350] mov ecx, dword [ebx + ecx*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp short loc_fffbb4f1 ; jmp 0xfffbb4f1 +call fcn_fffb3381 ; call 0xfffb3381 +jmp short loc_fffbb4d3 ; jmp 0xfffbb4d3 -loc_fffbb52c: ; not directly referenced +loc_fffbb50e: ; not directly referenced mov eax, edx -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, edi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [ebx] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffbb54e: ; not directly referenced +loc_fffbb530: ; not directly referenced inc edi add ebx, 0xcc cmp edi, 2 -jne loc_fffbb4d7 ; jne 0xfffbb4d7 +jne loc_fffbb4b9 ; jne 0xfffbb4b9 mov edi, dword [ebp + 8] mov al, byte [ebp - 0x344] -test byte [edi + 0x381a], al -je short loc_fffbb58d ; je 0xfffbb58d +test byte [edi + 0x381b], al +je short loc_fffbb56f ; je 0xfffbb56f mov eax, dword [ebp - 0x348] cmp dword [ebp - 0x338], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 cmp dword [ebp - 0x330], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 -loc_fffbb58d: ; not directly referenced +loc_fffbb56f: ; not directly referenced mov ebx, dword [ebp + 8] mov al, byte [ebp - 0x344] -test byte [ebx + 0x4bdd], al -je short loc_fffbb5bc ; je 0xfffbb5bc +test byte [ebx + 0x4bde], al +je short loc_fffbb59e ; je 0xfffbb59e mov eax, dword [ebp - 0x348] cmp dword [ebp - 0x334], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 cmp dword [ebp - 0x32c], eax -jne loc_fffbb9e3 ; jne 0xfffbb9e3 +jne loc_fffbb9c5 ; jne 0xfffbb9c5 -loc_fffbb5bc: ; not directly referenced +loc_fffbb59e: ; not directly referenced mov eax, dword [ebp - 0x390] mov edx, dword [ebp - 0x33c] lea edi, [ebp + eax - 0x260] @@ -37833,25 +37801,25 @@ xor ebx, ebx lea edi, [ebp + edi - 0x308] mov dword [ebp - 0x3a8], ecx -loc_fffbb619: ; not directly referenced +loc_fffbb5fb: ; not directly referenced imul edx, ebx, 0x13c3 mov esi, dword [ebp + 8] mov cl, byte [ebp - 0x344] -test byte [esi + edx + 0x381a], cl -je loc_fffbb7c4 ; je 0xfffbb7c4 +test byte [esi + edx + 0x381b], cl +je loc_fffbb7a6 ; je 0xfffbb7a6 mov esi, dword [ebp - 0x348] xor ecx, ecx cmp dword [ebp + ebx*4 - 0x338], esi -jne short loc_fffbb652 ; jne 0xfffbb652 +jne short loc_fffbb634 ; jne 0xfffbb634 xor ecx, ecx cmp dword [ebp + ebx*4 - 0x330], esi sete cl -loc_fffbb652: ; not directly referenced +loc_fffbb634: ; not directly referenced cmp byte [ebp - 0x388], 0 setne dl test dl, cl -je short loc_fffbb67f ; je 0xfffbb67f +je short loc_fffbb661 ; je 0xfffbb661 mov ecx, dword [ebp - 0x378] movsx edx, byte [ecx + ebx*4] movsx ecx, byte [ecx + ebx*4 - 8] @@ -37859,15 +37827,15 @@ sub edx, ecx cmp edx, 0x10 setle dl movzx edx, dl -jmp near loc_fffbb70e ; jmp 0xfffbb70e +jmp near loc_fffbb6f0 ; jmp 0xfffbb6f0 -loc_fffbb67f: ; not directly referenced +loc_fffbb661: ; not directly referenced cmp byte [ebp - 0x388], 0 mov edx, ecx -jne loc_fffbb70e ; jne 0xfffbb70e +jne loc_fffbb6f0 ; jne 0xfffbb6f0 mov esi, dword [ebp - 0x368] test ecx, ecx -je short loc_fffbb6d3 ; je 0xfffbb6d3 +je short loc_fffbb6b5 ; je 0xfffbb6b5 mov dword [esi], 0 mov esi, dword [ebp - 0x34c] mov dword [edi], 0 @@ -37877,9 +37845,9 @@ mov esi, dword [ebp - 0x354] mov dword [esi], 0 mov esi, dword [ebp - 0x350] mov dword [esi], 0 -jmp near loc_fffbb7c4 ; jmp 0xfffbb7c4 +jmp near loc_fffbb7a6 ; jmp 0xfffbb7a6 -loc_fffbb6d3: ; not directly referenced +loc_fffbb6b5: ; not directly referenced mov dword [esi], 0xfffffffe mov esi, dword [ebp - 0x34c] mov dword [edi], 0xfffffffe @@ -37889,45 +37857,45 @@ mov esi, dword [ebp - 0x354] mov dword [esi], 0xfffffffe mov esi, dword [ebp - 0x350] mov dword [esi], 0xfffffffe -jmp near loc_fffbb7c4 ; jmp 0xfffbb7c4 +jmp near loc_fffbb7a6 ; jmp 0xfffbb7a6 -loc_fffbb70e: ; not directly referenced +loc_fffbb6f0: ; not directly referenced test edx, edx -je loc_fffbb7c4 ; je 0xfffbb7c4 +je loc_fffbb7a6 ; je 0xfffbb7a6 mov esi, dword [ebp - 0x3a8] cmp dword [edi], esi -jne short loc_fffbb728 ; jne 0xfffbb728 +jne short loc_fffbb70a ; jne 0xfffbb70a mov esi, dword [ebp - 0x33c] mov dword [edi], esi -loc_fffbb728: ; not directly referenced +loc_fffbb70a: ; not directly referenced mov esi, dword [ebp - 0x3a8] cmp dword [eax], esi -jne short loc_fffbb73c ; jne 0xfffbb73c +jne short loc_fffbb71e ; jne 0xfffbb71e mov esi, dword [ebp - 0x33c] mov dword [eax], esi -jmp short loc_fffbb74c ; jmp 0xfffbb74c +jmp short loc_fffbb72e ; jmp 0xfffbb72e -loc_fffbb73c: ; not directly referenced +loc_fffbb71e: ; not directly referenced mov ecx, dword [ebp - 0x33c] mov esi, dword [ebp - 0x34c] mov dword [eax], ecx mov dword [esi], ecx -loc_fffbb74c: ; not directly referenced +loc_fffbb72e: ; not directly referenced cmp byte [ebp - 0x388], 0x7e -jne short loc_fffbb772 ; jne 0xfffbb772 +jne short loc_fffbb754 ; jne 0xfffbb754 mov esi, dword [ebp - 0x368] cmp dword [esi], 0 -jne short loc_fffbb772 ; jne 0xfffbb772 +jne short loc_fffbb754 ; jne 0xfffbb754 mov edx, dword [edi] mov ecx, dword [ebp - 0x33c] cmp edx, ecx -je short loc_fffbb772 ; je 0xfffbb772 +je short loc_fffbb754 ; je 0xfffbb754 lea edx, [edx + ecx + 2] mov dword [eax], edx -loc_fffbb772: ; not directly referenced +loc_fffbb754: ; not directly referenced mov edx, dword [ebp - 0x34c] mov esi, dword [eax] mov dword [ebp - 0x3d4], eax @@ -37942,7 +37910,7 @@ mov edx, dword [edx] sub edx, dword [ecx] cmp eax, edx mov eax, dword [ebp - 0x3d4] -jle short loc_fffbb7c4 ; jle 0xfffbb7c4 +jle short loc_fffbb7a6 ; jle 0xfffbb7a6 mov esi, ecx mov ecx, dword [ebp - 0x398] mov dword [esi], ecx @@ -37950,7 +37918,7 @@ mov esi, dword [ebp - 0x350] mov ecx, dword [ebp - 0x394] mov dword [esi], ecx -loc_fffbb7c4: ; not directly referenced +loc_fffbb7a6: ; not directly referenced inc ebx add edi, 0x10 add dword [ebp - 0x368], 0x10 @@ -37959,44 +37927,44 @@ add dword [ebp - 0x34c], 0x10 add dword [ebp - 0x354], 0x10 add dword [ebp - 0x350], 0x10 cmp ebx, 2 -jne loc_fffbb619 ; jne 0xfffbb619 +jne loc_fffbb5fb ; jne 0xfffbb5fb mov edi, dword [ebp + 8] mov al, byte [ebp - 0x340] -test byte [edi + 0x381a], al -je short loc_fffbb821 ; je 0xfffbb821 +test byte [edi + 0x381b], al +je short loc_fffbb803 ; je 0xfffbb803 mov edx, 0x4194 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4194 and eax, 0x7fffffff mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbb821: ; not directly referenced +loc_fffbb803: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x340] -test byte [edi + 0x4bdd], al -je loc_fffbb25c ; je 0xfffbb25c +test byte [edi + 0x4bde], al +je loc_fffbb23e ; je 0xfffbb23e mov edx, 0x4594 mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, 0x4594 and eax, 0x7fffffff mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffbb25c ; jmp 0xfffbb25c +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbb23e ; jmp 0xfffbb23e -loc_fffbb85b: ; not directly referenced +loc_fffbb83d: ; not directly referenced mov eax, dword [ebp - 0x3d0] xor di, di mov ebx, dword [ebp - 0x3cc] mov dword [ebp - 0x340], eax -loc_fffbb870: ; not directly referenced +loc_fffbb852: ; not directly referenced cmp dword [ebx], 2 -jne loc_fffbb992 ; jne 0xfffbb992 +jne loc_fffbb974 ; jne 0xfffbb974 mov al, byte [ebx + 0xc4] xor ecx, ecx mov byte [ebp - 0x350], 0 @@ -38008,12 +37976,12 @@ add eax, edi mov byte [ebp - 0x344], 0 mov dword [ebp - 0x368], eax -loc_fffbb8b1: ; not directly referenced +loc_fffbb893: ; not directly referenced mov edx, 1 mov al, cl shl edx, cl test byte [ebp - 0x354], dl -je short loc_fffbb926 ; je 0xfffbb926 +je short loc_fffbb908 ; je 0xfffbb908 mov esi, dword [ebp - 0x368] lea edx, [ebp - 0x260] add edx, edi @@ -38021,40 +37989,40 @@ mov esi, dword [esi + ecx*4] mov dword [ebp - 0x33c], esi mov esi, dword [edx + ecx*4] sub esi, dword [ebp - 0x33c] -je loc_fffbb9dc ; je 0xfffbb9dc +je loc_fffbb9be ; je 0xfffbb9be mov dl, 0x40 cmp esi, 0x10 -jle short loc_fffbb8f9 ; jle 0xfffbb8f9 +jle short loc_fffbb8db ; jle 0xfffbb8db mov dl, byte [ebp - 0x33c] sar esi, 1 add edx, esi -loc_fffbb8f9: ; not directly referenced +loc_fffbb8db: ; not directly referenced and edx, 0x7f cmp al, 2 -je short loc_fffbb918 ; je 0xfffbb918 +je short loc_fffbb8fa ; je 0xfffbb8fa cmp al, 3 -je short loc_fffbb920 ; je 0xfffbb920 +je short loc_fffbb902 ; je 0xfffbb902 dec al -je short loc_fffbb910 ; je 0xfffbb910 +je short loc_fffbb8f2 ; je 0xfffbb8f2 mov byte [ebp - 0x344], dl -jmp short loc_fffbb926 ; jmp 0xfffbb926 +jmp short loc_fffbb908 ; jmp 0xfffbb908 -loc_fffbb910: ; not directly referenced +loc_fffbb8f2: ; not directly referenced mov byte [ebp - 0x348], dl -jmp short loc_fffbb926 ; jmp 0xfffbb926 +jmp short loc_fffbb908 ; jmp 0xfffbb908 -loc_fffbb918: ; not directly referenced +loc_fffbb8fa: ; not directly referenced mov byte [ebp - 0x34c], dl -jmp short loc_fffbb926 ; jmp 0xfffbb926 +jmp short loc_fffbb908 ; jmp 0xfffbb908 -loc_fffbb920: ; not directly referenced +loc_fffbb902: ; not directly referenced mov byte [ebp - 0x350], dl -loc_fffbb926: ; not directly referenced +loc_fffbb908: ; not directly referenced inc ecx cmp ecx, 4 -jne short loc_fffbb8b1 ; jne 0xfffbb8b1 +jne short loc_fffbb893 ; jne 0xfffbb893 mov ecx, dword [ebp - 0x350] mov eax, dword [ebp - 0x34c] mov edx, dword [ebp - 0x348] @@ -38073,23 +38041,23 @@ and eax, 0x7f add edx, 0x180c or ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 push eax mov eax, dword [ebp + 8] push 0 -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] push eax mov eax, dword [ebp - 0x38c] push dword [ebp - 0x340] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffbb992: ; not directly referenced +loc_fffbb974: ; not directly referenced add edi, 0x10 add ebx, 0x13c3 add dword [ebp - 0x340], 0xcc cmp edi, 0x20 -jne loc_fffbb870 ; jne 0xfffbb870 +jne loc_fffbb852 ; jne 0xfffbb852 push 2 push 0 push 0 @@ -38102,24 +38070,24 @@ push 0 push 0 push 1 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x24 push dword [ebp + 8] -call fcn_fffc82f4 ; call 0xfffc82f4 +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -jmp short loc_fffbb9fc ; jmp 0xfffbb9fc +jmp short loc_fffbb9de ; jmp 0xfffbb9de -loc_fffbb9dc: ; not directly referenced +loc_fffbb9be: ; not directly referenced mov eax, 6 -jmp short loc_fffbb9fc ; jmp 0xfffbb9fc +jmp short loc_fffbb9de ; jmp 0xfffbb9de -loc_fffbb9e3: ; not directly referenced +loc_fffbb9c5: ; not directly referenced add dword [ebp - 0x34c], 8 cmp dword [ebp - 0x34c], 0x20 -jne loc_fffbb334 ; jne 0xfffbb334 -jmp near loc_fffbb5bc ; jmp 0xfffbb5bc +jne loc_fffbb316 ; jne 0xfffbb316 +jmp near loc_fffbb59e ; jmp 0xfffbb59e -loc_fffbb9fc: ; not directly referenced +loc_fffbb9de: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -38127,7 +38095,7 @@ pop edi pop ebp ret -fcn_fffbba04: ; not directly referenced +fcn_fffbb9e6: ; not directly referenced push ebp mov ebp, esp push edi @@ -38135,20 +38103,20 @@ push esi push ebx sub esp, 0x2bc mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov dword [ebp - 0x294], eax mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x2a0], al mov eax, dword [ebp + 8] mov eax, dword [eax + 0x1887] mov dword [ebp - 0x284], eax mov eax, dword [ebp + 8] -mov al, byte [eax + 0x247b] +mov al, byte [eax + 0x247c] mov byte [ebp - 0x2a4], al mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x2480] -mov byte [eax + 0x247b], 0 +mov edx, dword [eax + 0x2481] +mov byte [eax + 0x247c], 0 xor eax, eax cmp edx, 3 sete al @@ -38161,17 +38129,17 @@ add eax, 0x800 cmp edx, 2 sete bl mov dword [ebp - 0x280], ebx -jne short loc_fffbba9d ; jne 0xfffbba9d +jne short loc_fffbba7f ; jne 0xfffbba7f mov esi, dword [ebp + 8] mov dx, 0x800 -cmp dword [esi + 0x36d7], 0x536 +cmp dword [esi + 0x36d8], 0x536 cmovae eax, edx -loc_fffbba9d: ; not directly referenced +loc_fffbba7f: ; not directly referenced mov esi, dword [ebp + 8] mov ecx, 0xf4240 xor edi, edi -movzx edx, word [esi + 0x2489] +movzx edx, word [esi + 0x248a] imul eax, edx xor edx, edx add eax, 0xf423f @@ -38182,41 +38150,41 @@ add eax, 0x1c mov dword [ebp - 0x2ac], eax mov esi, eax -loc_fffbbad1: ; not directly referenced +loc_fffbbab3: ; not directly referenced imul eax, edi, 0x13c3 mov ecx, dword [ebp + 8] -cmp dword [ecx + eax + 0x3756], 2 -je short loc_fffbbb0c ; je 0xfffbbb0c +cmp dword [ecx + eax + 0x3757], 2 +je short loc_fffbbaee ; je 0xfffbbaee -loc_fffbbae4: ; not directly referenced +loc_fffbbac6: ; not directly referenced inc edi add esi, 0xcc cmp edi, 2 -jne short loc_fffbbad1 ; jne 0xfffbbad1 +jne short loc_fffbbab3 ; jne 0xfffbbab3 imul eax, dword [ebp - 0x274], 0xf mov dword [ebp - 0x270], 0 mov dword [ebp - 0x298], eax -jmp near loc_fffbbbae ; jmp 0xfffbbbae +jmp near loc_fffbbb90 ; jmp 0xfffbbb90 -loc_fffbbb0c: ; not directly referenced +loc_fffbbaee: ; not directly referenced mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, edi mov ebx, dword [esi] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 and ebx, 0xff0fffff or ebx, 0x200000 mov ecx, ebx mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x270], 0 -loc_fffbbb3c: ; not directly referenced +loc_fffbbb1e: ; not directly referenced mov ecx, dword [ebp + 8] mov al, byte [ebp - 0x270] -cmp al, byte [ecx + 0x2488] -jae short loc_fffbbae4 ; jae 0xfffbbae4 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbbac6 ; jae 0xfffbbac6 movzx ecx, byte [ebp - 0x270] mov edx, dword [ebp - 0x27c] mov ebx, dword [esi + ecx*4 + 0x28] @@ -38227,25 +38195,25 @@ or eax, 0x40000 test edx, edx cmovne ebx, eax cmp dword [ebp - 0x280], 0 -je short loc_fffbbb90 ; je 0xfffbbb90 +je short loc_fffbbb72 ; je 0xfffbbb72 mov edx, dword [ebp + 8] mov eax, ebx or eax, 0x40000 -cmp dword [edx + 0x36d7], 0x536 +cmp dword [edx + 0x36d8], 0x536 cmovae ebx, eax -loc_fffbbb90: ; not directly referenced +loc_fffbbb72: ; not directly referenced mov eax, dword [ebp + 8] mov edx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, ebx mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x270] -jmp short loc_fffbbb3c ; jmp 0xfffbbb3c +jmp short loc_fffbbb1e ; jmp 0xfffbbb1e -loc_fffbbbae: ; not directly referenced +loc_fffbbb90: ; not directly referenced mov cl, byte [ebp - 0x270] mov eax, 1 mov esi, eax @@ -38254,17 +38222,17 @@ mov ebx, esi mov dword [ebp - 0x278], esi mov byte [ebp - 0x28c], bl test byte [ebp - 0x2a0], bl -jne short loc_fffbbbef ; jne 0xfffbbbef +jne short loc_fffbbbd1 ; jne 0xfffbbbd1 -loc_fffbbbd3: ; not directly referenced +loc_fffbbbb5: ; not directly referenced inc dword [ebp - 0x270] cmp dword [ebp - 0x270], 4 -jne short loc_fffbbbae ; jne 0xfffbbbae +jne short loc_fffbbb90 ; jne 0xfffbbb90 mov esi, dword [ebp - 0x2ac] xor ebx, ebx -jmp near loc_fffbc378 ; jmp 0xfffbc378 +jmp near loc_fffbc35a ; jmp 0xfffbc35a -loc_fffbbbef: ; not directly referenced +loc_fffbbbd1: ; not directly referenced mov esi, dword [ebp - 0x270] lea ecx, [esi + 2] mov edx, esi @@ -38276,7 +38244,7 @@ movzx edx, dl mov byte [ebp - 0x29c], al mov eax, dword [ebp + 8] mov dword [ebp - 0x2a8], edx -add eax, 0x3816 +add eax, 0x3817 mov dword [ebp - 0x274], eax imul eax, edx, 0x128 mov edi, eax @@ -38286,18 +38254,18 @@ mov esi, dword [ebp + 8] and eax, 1 imul eax, eax, 0x18 add eax, edi -lea edi, [esi + eax + 0x49c3] +lea edi, [esi + eax + 0x49c4] xor esi, esi mov dword [ebp - 0x2b4], eax -loc_fffbbc4e: ; not directly referenced +loc_fffbbc30: ; not directly referenced mov ebx, dword [ebp - 0x278] mov ecx, dword [ebp - 0x274] mov byte [ebp - 0x290], bl test byte [ecx + 4], bl -je loc_fffbbe21 ; je 0xfffbbe21 +je loc_fffbbe03 ; je 0xfffbbe03 cmp dword [ebp - 0x27c], 0 -je short loc_fffbbc96 ; je 0xfffbbc96 +je short loc_fffbbc78 ; je 0xfffbbc78 push ecx mov ecx, dword [ebp - 0x270] mov edx, esi @@ -38308,24 +38276,24 @@ movzx eax, ax push eax mov eax, dword [ebp + 8] push 2 -call fcn_fffaa505 ; call 0xfffaa505 -jmp near loc_fffbbda7 ; jmp 0xfffbbda7 +call fcn_fffacb43 ; call 0xfffacb43 +jmp near loc_fffbbd89 ; jmp 0xfffbbd89 -loc_fffbbc96: ; not directly referenced +loc_fffbbc78: ; not directly referenced cmp dword [ebp - 0x280], 0 -je short loc_fffbbcfc ; je 0xfffbbcfc +je short loc_fffbbcde ; je 0xfffbbcde mov eax, dword [ebp + 8] mov edx, esi -call fcn_fffa6c42 ; call 0xfffa6c42 +call fcn_fffa6bf0 ; call 0xfffa6bf0 test eax, eax -je loc_fffbccb7 ; je 0xfffbccb7 +je loc_fffbcc99 ; je 0xfffbcc99 movzx ecx, byte [eax] sub esp, 0xc mov ax, word [edi + 8] mov edx, dword [ebp + 8] push eax lea eax, [ebp - 0x26a] -call fcn_fffa6cab ; call 0xfffa6cab +call fcn_fffa6c59 ; call 0xfffa6c59 mov ebx, dword [ebp - 0x278] pop eax movzx eax, word [ebp - 0x26a] @@ -38335,7 +38303,7 @@ mov ecx, ebx push eax mov eax, dword [ebp + 8] push 5 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov ax, word [edi] pop ecx mov ecx, ebx @@ -38344,50 +38312,50 @@ or al, 0x80 movzx eax, ax push eax push 1 -jmp near loc_fffbbd9d ; jmp 0xfffbbd9d +jmp near loc_fffbbd7f ; jmp 0xfffbbd7f -loc_fffbbcfc: ; not directly referenced +loc_fffbbcde: ; not directly referenced mov ecx, dword [ebp - 0x2a8] mov edx, esi mov eax, dword [ebp + 8] mov bx, word [edi] -call fcn_fffa69ea ; call 0xfffa69ea +call fcn_fffa6998 ; call 0xfffa6998 or bl, 0x80 mov dword [ebp - 0x288], eax test eax, eax -je loc_fffbccb7 ; je 0xfffbccb7 +je loc_fffbcc99 ; je 0xfffbcc99 mov eax, dword [ebp - 0x284] cmp eax, 0x306d0 sete dl cmp eax, 0x40650 sete al or dl, al -je short loc_fffbbd5f ; je 0xfffbbd5f +je short loc_fffbbd41 ; je 0xfffbbd41 mov eax, dword [ebp - 0x288] sub esp, 0xc mov edx, dword [ebp + 8] movzx ecx, byte [eax] lea eax, [ebp - 0x26a] push ebx -call fcn_fffa6bd1 ; call 0xfffa6bd1 +call fcn_fffa6b7f ; call 0xfffa6b7f mov bx, word [ebp - 0x26a] add esp, 0x10 -loc_fffbbd5f: ; not directly referenced +loc_fffbbd41: ; not directly referenced mov eax, dword [ebp - 0x274] cmp dword [eax], 2 -jne short loc_fffbbd8f ; jne 0xfffbbd8f +jne short loc_fffbbd71 ; jne 0xfffbbd71 mov eax, dword [ebp - 0x288] sub esp, 0xc mov edx, dword [ebp + 8] movzx ecx, byte [eax] lea eax, [ebp - 0x26a] push ebx -call fcn_fffa6bd1 ; call 0xfffa6bd1 +call fcn_fffa6b7f ; call 0xfffa6b7f mov bx, word [ebp - 0x26a] add esp, 0x10 -loc_fffbbd8f: ; not directly referenced +loc_fffbbd71: ; not directly referenced mov ecx, dword [ebp - 0x278] movzx ebx, bx push eax @@ -38395,12 +38363,12 @@ push eax push ebx push 1 -loc_fffbbd9d: ; not directly referenced +loc_fffbbd7f: ; not directly referenced mov eax, dword [ebp + 8] mov edx, esi -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb -loc_fffbbda7: ; not directly referenced +loc_fffbbd89: ; not directly referenced mov eax, dword [ebp - 0x274] add esp, 0x10 mov bl, byte [ebp - 0x28c] @@ -38409,65 +38377,65 @@ mov al, byte [ebp - 0x29c] cmove ebx, eax xor ecx, ecx cmp dword [ebp - 0x27c], 0 -je short loc_fffbbdd4 ; je 0xfffbbdd4 +je short loc_fffbbdb6 ; je 0xfffbbdb6 mov ecx, 0x10001 -jmp short loc_fffbbe05 ; jmp 0xfffbbe05 +jmp short loc_fffbbde7 ; jmp 0xfffbbde7 -loc_fffbbdd4: ; not directly referenced +loc_fffbbdb6: ; not directly referenced mov eax, dword [ebp - 0x284] cmp eax, 0x40660 sete dl cmp eax, 0x306c0 sete al or dl, al -jne short loc_fffbbdfa ; jne 0xfffbbdfa +jne short loc_fffbbddc ; jne 0xfffbbddc cmp dword [ebp - 0x284], 0x40670 -jne short loc_fffbbe05 ; jne 0xfffbbe05 +jne short loc_fffbbde7 ; jne 0xfffbbde7 -loc_fffbbdfa: ; not directly referenced +loc_fffbbddc: ; not directly referenced mov ecx, ebx and ecx, 0xf shl ecx, 0x10 or ecx, 0xf -loc_fffbbe05: ; not directly referenced +loc_fffbbde7: ; not directly referenced cmp dword [ebp - 0x280], 0 -jne short loc_fffbbe21 ; jne 0xfffbbe21 +jne short loc_fffbbe03 ; jne 0xfffbbe03 mov eax, dword [ebp + 8] mov edx, esi shl edx, 0xa add edx, 0x4194 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbbe21: ; not directly referenced +loc_fffbbe03: ; not directly referenced inc esi add edi, 0x13c3 add dword [ebp - 0x274], 0x13c3 cmp esi, 2 -jne loc_fffbbc4e ; jne 0xfffbbc4e +jne loc_fffbbc30 ; jne 0xfffbbc30 mov eax, dword [ebp - 0x270] mov si, 0xc0 and eax, 3 mov dword [ebp - 0x29c], eax shl dword [ebp - 0x29c], 0x16 -loc_fffbbe55: ; not directly referenced +loc_fffbbe37: ; not directly referenced mov dword [ebp - 0x274], 0 -loc_fffbbe5f: ; not directly referenced +loc_fffbbe41: ; not directly referenced imul eax, dword [ebp - 0x274], 0x13c3 mov edi, dword [ebp + 8] mov bl, byte [ebp - 0x290] -test byte [edi + eax + 0x381a], bl -jne short loc_fffbbe8f ; jne 0xfffbbe8f +test byte [edi + eax + 0x381b], bl +jne short loc_fffbbe71 ; jne 0xfffbbe71 -loc_fffbbe7b: ; not directly referenced +loc_fffbbe5d: ; not directly referenced inc dword [ebp - 0x274] cmp dword [ebp - 0x274], 2 -jne short loc_fffbbe5f ; jne 0xfffbbe5f -jmp near loc_fffbbf14 ; jmp 0xfffbbf14 +jne short loc_fffbbe41 ; jne 0xfffbbe41 +jmp near loc_fffbbef6 ; jmp 0xfffbbef6 -loc_fffbbe8f: ; not directly referenced +loc_fffbbe71: ; not directly referenced imul eax, dword [ebp - 0x274], 0xcc mov edi, dword [ebp - 0x294] mov byte [ebp - 0x288], 0 @@ -38476,11 +38444,11 @@ and ebx, 0xff0fff7d or ebx, 0x200082 or ebx, dword [ebp - 0x29c] -loc_fffbbebc: ; not directly referenced +loc_fffbbe9e: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x288] -cmp al, byte [edi + 0x2488] -jae short loc_fffbbe7b ; jae 0xfffbbe7b +cmp al, byte [edi + 0x2489] +jae short loc_fffbbe5d ; jae 0xfffbbe5d movzx edi, byte [ebp - 0x288] mov ecx, dword [ebp - 0x270] push eax @@ -38489,65 +38457,65 @@ mov eax, dword [ebp + 8] push esi push 1 push edi -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e mov edx, dword [ebp - 0x274] mov ecx, edi mov eax, dword [ebp + 8] -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, ebx mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 inc byte [ebp - 0x288] -jmp short loc_fffbbebc ; jmp 0xfffbbebc +jmp short loc_fffbbe9e ; jmp 0xfffbbe9e -loc_fffbbf14: ; not directly referenced +loc_fffbbef6: ; not directly referenced mov word [ebp - 0x2a8], si cmp si, 0xc0 -jne short loc_fffbbf30 ; jne 0xfffbbf30 +jne short loc_fffbbf12 ; jne 0xfffbbf12 mov edx, dword [ebp - 0x298] mov eax, dword [ebp + 8] -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbbf30: ; not directly referenced +loc_fffbbf12: ; not directly referenced mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] mov edx, dword [ebp - 0x298] -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 lea eax, [esi - 2] mov dword [ebp - 0x274], 0 mov dword [ebp - 0x28c], eax -loc_fffbbf59: ; not directly referenced +loc_fffbbf3b: ; not directly referenced imul eax, dword [ebp - 0x274], 0x13c3 mov edi, dword [ebp + 8] mov bl, byte [ebp - 0x290] -test byte [edi + eax + 0x381a], bl -je loc_fffbc02a ; je 0xfffbc02a +test byte [edi + eax + 0x381b], bl +je loc_fffbc00c ; je 0xfffbc00c mov byte [ebp - 0x288], 0 imul edi, dword [ebp - 0x274], 9 -jmp near loc_fffbc015 ; jmp 0xfffbc015 +jmp near loc_fffbbff7 ; jmp 0xfffbbff7 -loc_fffbbf8c: ; not directly referenced +loc_fffbbf6e: ; not directly referenced movzx ebx, byte [ebp - 0x288] mov edx, dword [ebp - 0x274] mov eax, dword [ebp + 8] mov ecx, ebx -call fcn_fffa7617 ; call 0xfffa7617 +call fcn_fffa75c5 ; call 0xfffa75c5 mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f and eax, 0x1ff cmp eax, 0xf setg al cmp word [ebp - 0x2a8], 0xc0 movzx eax, al -jne loc_fffbc083 ; jne 0xfffbc083 +jne loc_fffbc065 ; jne 0xfffbc065 add ebx, edi test eax, eax -je short loc_fffbc042 ; je 0xfffbc042 +je short loc_fffbc024 ; je 0xfffbc024 mov dword [ebp + ebx*4 - 0x180], 0xc0 mov dword [ebp + ebx*4 - 0x1c8], 0xc0 mov dword [ebp + ebx*4 - 0xf0], 0xc0 @@ -38555,58 +38523,58 @@ mov dword [ebp + ebx*4 - 0x138], 0xc0 mov dword [ebp + ebx*4 - 0x60], 0xc0 mov dword [ebp + ebx*4 - 0xa8], 0xc0 -loc_fffbc00f: ; not directly referenced +loc_fffbbff1: ; not directly referenced inc byte [ebp - 0x288] -loc_fffbc015: ; not directly referenced +loc_fffbbff7: ; not directly referenced mov ebx, dword [ebp + 8] mov al, byte [ebp - 0x288] -cmp al, byte [ebx + 0x2488] -jb loc_fffbbf8c ; jb 0xfffbbf8c +cmp al, byte [ebx + 0x2489] +jb loc_fffbbf6e ; jb 0xfffbbf6e -loc_fffbc02a: ; not directly referenced +loc_fffbc00c: ; not directly referenced inc dword [ebp - 0x274] cmp dword [ebp - 0x274], 2 -jne loc_fffbbf59 ; jne 0xfffbbf59 -jmp near loc_fffbc12e ; jmp 0xfffbc12e +jne loc_fffbbf3b ; jne 0xfffbbf3b +jmp near loc_fffbc110 ; jmp 0xfffbc110 -loc_fffbc042: ; not directly referenced +loc_fffbc024: ; not directly referenced mov dword [ebp + ebx*4 - 0x180], 0xfffffffe mov dword [ebp + ebx*4 - 0x1c8], 0xfffffffe mov dword [ebp + ebx*4 - 0xf0], 0xfffffffe mov dword [ebp + ebx*4 - 0x138], 0xfffffffe mov dword [ebp + ebx*4 - 0x60], 0xfffffffe mov dword [ebp + ebx*4 - 0xa8], 0xfffffffe -jmp short loc_fffbc00f ; jmp 0xfffbc00f +jmp short loc_fffbbff1 ; jmp 0xfffbbff1 -loc_fffbc083: ; not directly referenced +loc_fffbc065: ; not directly referenced test eax, eax -je short loc_fffbc00f ; je 0xfffbc00f +je short loc_fffbbff1 ; je 0xfffbbff1 lea eax, [edi + ebx] mov ecx, dword [ebp - 0x28c] cmp dword [ebp + eax*4 - 0x180], ecx -jne short loc_fffbc0a0 ; jne 0xfffbc0a0 +jne short loc_fffbc082 ; jne 0xfffbc082 mov dword [ebp + eax*4 - 0x180], esi -loc_fffbc0a0: ; not directly referenced +loc_fffbc082: ; not directly referenced lea eax, [edi + ebx] mov ecx, dword [ebp - 0x28c] cmp dword [ebp + eax*4 - 0xf0], ecx mov dword [ebp + eax*4 - 0xf0], esi -je short loc_fffbc0c0 ; je 0xfffbc0c0 +je short loc_fffbc0a2 ; je 0xfffbc0a2 mov dword [ebp + eax*4 - 0x138], esi -loc_fffbc0c0: ; not directly referenced +loc_fffbc0a2: ; not directly referenced cmp esi, 0x13e -jne short loc_fffbc0ec ; jne 0xfffbc0ec +jne short loc_fffbc0ce ; jne 0xfffbc0ce lea eax, [edi + ebx] cmp dword [ebp + eax*4 - 0x1c8], 0xc0 -jne short loc_fffbc0ec ; jne 0xfffbc0ec +jne short loc_fffbc0ce ; jne 0xfffbc0ce mov ecx, dword [ebp + eax*4 - 0x180] lea edx, [ecx + 0x80] mov dword [ebp + eax*4 - 0xf0], edx -loc_fffbc0ec: ; not directly referenced +loc_fffbc0ce: ; not directly referenced lea ecx, [edi + ebx] mov edx, dword [ebp + ecx*4 - 0xf0] mov ebx, dword [ebp + ecx*4 - 0x138] @@ -38616,41 +38584,41 @@ mov dword [ebp - 0x2b8], eax mov eax, dword [ebp + ecx*4 - 0x60] sub eax, dword [ebp + ecx*4 - 0xa8] cmp dword [ebp - 0x2b8], eax -jle loc_fffbc00f ; jle 0xfffbc00f +jle loc_fffbbff1 ; jle 0xfffbbff1 mov dword [ebp + ecx*4 - 0xa8], ebx mov dword [ebp + ecx*4 - 0x60], edx -jmp near loc_fffbc00f ; jmp 0xfffbc00f +jmp near loc_fffbbff1 ; jmp 0xfffbbff1 -loc_fffbc12e: ; not directly referenced +loc_fffbc110: ; not directly referenced add esi, 2 cmp esi, 0x140 -jne loc_fffbbe55 ; jne 0xfffbbe55 +jne loc_fffbbe37 ; jne 0xfffbbe37 mov eax, dword [ebp + 8] mov esi, dword [ebp - 0x2b4] mov dword [ebp - 0x274], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x28c], eax mov eax, dword [ebp + 8] -lea eax, [eax + esi + 0x49cb] +lea eax, [eax + esi + 0x49cc] mov dword [ebp - 0x288], eax imul eax, dword [ebp - 0x270], 9 mov dword [ebp - 0x2a8], eax -loc_fffbc178: ; not directly referenced +loc_fffbc15a: ; not directly referenced mov esi, dword [ebp - 0x28c] mov al, byte [ebp - 0x290] test byte [esi + 0xc4], al -jne short loc_fffbc1b5 ; jne 0xfffbc1b5 +jne short loc_fffbc197 ; jne 0xfffbc197 -loc_fffbc18c: ; not directly referenced +loc_fffbc16e: ; not directly referenced inc dword [ebp - 0x274] add dword [ebp - 0x28c], 0x13c3 add dword [ebp - 0x288], 0x13c3 cmp dword [ebp - 0x274], 2 -je loc_fffbbbd3 ; je 0xfffbbbd3 -jmp short loc_fffbc178 ; jmp 0xfffbc178 +je loc_fffbbbb5 ; je 0xfffbbbb5 +jmp short loc_fffbc15a ; jmp 0xfffbc15a -loc_fffbc1b5: ; not directly referenced +loc_fffbc197: ; not directly referenced mov eax, dword [ebp - 0x28c] xor ecx, ecx mov esi, dword [ebp - 0x2b0] @@ -38660,9 +38628,9 @@ shl edx, 0xa add edx, 0x4194 mov byte [ebp - 0x29c], al mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x27c], 0 -je short loc_fffbc216 ; je 0xfffbc216 +je short loc_fffbc1f8 ; je 0xfffbc1f8 push eax mov eax, dword [ebp - 0x288] push 0 @@ -38672,10 +38640,10 @@ movzx eax, word [eax - 6] push eax mov eax, dword [ebp + 8] push 2 -call fcn_fffaa505 ; call 0xfffaa505 -jmp short loc_fffbc239 ; jmp 0xfffbc239 +call fcn_fffacb43 ; call 0xfffacb43 +jmp short loc_fffbc21b ; jmp 0xfffbc21b -loc_fffbc216: ; not directly referenced +loc_fffbc1f8: ; not directly referenced push eax mov ecx, dword [ebp - 0x278] push eax @@ -38685,12 +38653,12 @@ movzx eax, word [eax - 8] push eax mov eax, dword [ebp + 8] push 1 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb -loc_fffbc239: ; not directly referenced +loc_fffbc21b: ; not directly referenced add esp, 0x10 cmp dword [ebp - 0x280], 0 -je short loc_fffbc26a ; je 0xfffbc26a +je short loc_fffbc24c ; je 0xfffbc24c push eax mov ecx, dword [ebp - 0x278] push eax @@ -38700,17 +38668,17 @@ movzx eax, word [eax] push eax mov eax, dword [ebp + 8] push 5 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbc26a: ; not directly referenced +loc_fffbc24c: ; not directly referenced imul esi, dword [ebp - 0x274], 9 xor ebx, ebx -loc_fffbc273: ; not directly referenced +loc_fffbc255: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae loc_fffbc18c ; jae 0xfffbc18c +cmp bl, byte [eax + 0x2489] +jae loc_fffbc16e ; jae 0xfffbc16e movzx eax, bl lea ecx, [esi + eax] mov edx, dword [ebp + ecx*4 - 0xa8] @@ -38718,45 +38686,45 @@ mov ecx, dword [ebp + ecx*4 - 0x60] sub ecx, edx sub ecx, 0x21 cmp ecx, 0x3e -jbe short loc_fffbc2ad ; jbe 0xfffbc2ad +jbe short loc_fffbc28f ; jbe 0xfffbc28f mov edi, dword [ebp + 8] cmp byte [edi + 0x1965], 0 -jne loc_fffbccc1 ; jne 0xfffbccc1 +jne loc_fffbcca3 ; jne 0xfffbcca3 -loc_fffbc2ad: ; not directly referenced +loc_fffbc28f: ; not directly referenced cmp byte [ebp - 0x29c], 0x10 -jne short loc_fffbc303 ; jne 0xfffbc303 +jne short loc_fffbc2e5 ; jne 0xfffbc2e5 test bl, 1 -je short loc_fffbc303 ; je 0xfffbc303 +je short loc_fffbc2e5 ; je 0xfffbc2e5 lea ecx, [ebx - 1] movzx ecx, cl lea edi, [esi + ecx] mov edi, dword [ebp + edi*4 - 0xa8] add edi, 0x40 cmp edx, edi -jle short loc_fffbc2df ; jle 0xfffbc2df +jle short loc_fffbc2c1 ; jle 0xfffbc2c1 lea edi, [esi + eax] add edx, 0xffffff80 mov dword [ebp + edi*4 - 0xa8], edx -loc_fffbc2df: ; not directly referenced +loc_fffbc2c1: ; not directly referenced add ecx, esi lea edx, [esi + eax] mov ecx, dword [ebp + ecx*4 - 0xa8] mov edi, dword [ebp + edx*4 - 0xa8] sub ecx, 0x40 cmp edi, ecx -jge short loc_fffbc303 ; jge 0xfffbc303 +jge short loc_fffbc2e5 ; jge 0xfffbc2e5 sub edi, 0xffffff80 mov dword [ebp + edx*4 - 0xa8], edi -loc_fffbc303: ; not directly referenced +loc_fffbc2e5: ; not directly referenced cmp dword [ebp - 0x284], 0x40650 -jne short loc_fffbc31a ; jne 0xfffbc31a +jne short loc_fffbc2fc ; jne 0xfffbc2fc lea edx, [esi + eax] add dword [ebp + edx*4 - 0xa8], 0x40 -loc_fffbc31a: ; not directly referenced +loc_fffbc2fc: ; not directly referenced lea edx, [esi + eax] mov ecx, dword [ebp + edx*4 - 0xa8] movzx edx, bl @@ -38774,53 +38742,53 @@ push 0 push 0xff push eax mov eax, dword [ebp + 8] -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 -jmp near loc_fffbc273 ; jmp 0xfffbc273 +jmp near loc_fffbc255 ; jmp 0xfffbc255 -loc_fffbc36c: ; not directly referenced +loc_fffbc34e: ; not directly referenced inc ebx add esi, 0xcc cmp ebx, 2 -je short loc_fffbc3e7 ; je 0xfffbc3e7 +je short loc_fffbc3c9 ; je 0xfffbc3c9 -loc_fffbc378: ; not directly referenced +loc_fffbc35a: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbc36c ; jne 0xfffbc36c +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffbc34e ; jne 0xfffbc34e mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 mov ecx, dword [esi] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov byte [ebp - 0x270], 0 -loc_fffbc3ad: ; not directly referenced +loc_fffbc38f: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x270] -cmp al, byte [edi + 0x2488] -jae short loc_fffbc36c ; jae 0xfffbc36c +cmp al, byte [edi + 0x2489] +jae short loc_fffbc34e ; jae 0xfffbc34e movzx edi, byte [ebp - 0x270] mov edx, ebx mov eax, dword [ebp + 8] mov ecx, edi -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov ecx, dword [esi + edi*4 + 0x28] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x270] -jmp short loc_fffbc3ad ; jmp 0xfffbc3ad +jmp short loc_fffbc38f ; jmp 0xfffbc38f -loc_fffbc3e7: ; not directly referenced +loc_fffbc3c9: ; not directly referenced cmp dword [ebp - 0x27c], 0 -je loc_fffbc568 ; je 0xfffbc568 +je loc_fffbc54a ; je 0xfffbc54a -loc_fffbc3f4: ; not directly referenced +loc_fffbc3d6: ; not directly referenced mov esi, dword [ebp + 8] lea edi, [ebp - 0x1f4] mov ecx, 0xb @@ -38828,22 +38796,22 @@ mov al, byte [ebp - 0x2a4] mov byte [ebp - 0x25f], 0 mov byte [ebp - 0x25e], 1 mov byte [ebp - 0x25d], 0xff -mov byte [esi + 0x247b], al +mov byte [esi + 0x247c], al xor eax, eax -mov esi, ref_fffd58d8 ; mov esi, 0xfffd58d8 +mov esi, ref_fffd5394 ; mov esi, 0xfffd5394 rep stosd ; rep stosd dword es:[edi], eax lea edi, [ebp - 0x25a] mov eax, dword [ebp + 8] mov word [ebp - 0x1e6], 0x3ff mov word [ebp - 0x1ca], 1 mov byte [ebp - 0x25c], 2 -mov ebx, dword [eax + 0x2443] +mov ebx, dword [eax + 0x2444] lea eax, [ebp - 0x243] mov byte [ebp - 0x25b], 3 mov cl, 7 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] lea edi, [ebp - 0x253] -mov esi, ref_fffd58e0 ; mov esi, 0xfffd58e0 +mov esi, ref_fffd539c ; mov esi, 0xfffd539c mov byte [ebp - 0x243], 0 mov byte [ebp - 0x242], 0 mov byte [ebp - 0x241], 1 @@ -38852,7 +38820,7 @@ mov byte [ebp - 0x23f], 1 mov cl, 7 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] lea edi, [ebp - 0x220] -mov esi, ref_fffd58e8 ; mov esi, 0xfffd58e8 +mov esi, ref_fffd53a4 ; mov esi, 0xfffd53a4 mov byte [ebp - 0x23e], 1 mov byte [ebp - 0x23d], 0 mov byte [ebp - 0x23c], 0 @@ -38861,7 +38829,7 @@ mov byte [ebp - 0x23a], 0xff mov cl, 3 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] lea edi, [ebp - 0x214] -mov esi, ref_fffd58f4 ; mov esi, 0xfffd58f4 +mov esi, ref_fffd53b0 ; mov esi, 0xfffd53b0 mov byte [ebp - 0x239], 0xff mov byte [ebp - 0x238], 0 mov cl, 3 @@ -38889,29 +38857,29 @@ push eax call dword [ebx + 0x5c] ; ucall mov eax, dword [ebp + 8] add esp, 0x10 -cmp dword [eax + 0x2480], 3 +cmp dword [eax + 0x2481], 3 sete al xor ebx, ebx movzx eax, al mov dword [ebp - 0x2a4], eax -jmp short loc_fffbc58d ; jmp 0xfffbc58d +jmp short loc_fffbc56f ; jmp 0xfffbc56f -loc_fffbc568: ; not directly referenced +loc_fffbc54a: ; not directly referenced cmp dword [ebp - 0x280], 0 mov eax, dword [ebp + 8] -je short loc_fffbc57b ; je 0xfffbc57b -call fcn_fffac67c ; call 0xfffac67c -jmp short loc_fffbc580 ; jmp 0xfffbc580 +je short loc_fffbc55d ; je 0xfffbc55d +call fcn_fffad6b6 ; call 0xfffad6b6 +jmp short loc_fffbc562 ; jmp 0xfffbc562 -loc_fffbc57b: ; not directly referenced -call fcn_fffb1a87 ; call 0xfffb1a87 +loc_fffbc55d: ; not directly referenced +call fcn_fffaddc7 ; call 0xfffaddc7 -loc_fffbc580: ; not directly referenced +loc_fffbc562: ; not directly referenced test eax, eax -je loc_fffbc3f4 ; je 0xfffbc3f4 -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +je loc_fffbc3d6 ; je 0xfffbc3d6 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbc58d: ; not directly referenced +loc_fffbc56f: ; not directly referenced mov eax, dword [ebp + 8] mov edx, esi add esi, 2 @@ -38921,25 +38889,25 @@ mov ecx, edi push ebx inc ebx push 8 -call fcn_fffa81d3 ; call 0xfffa81d3 +call fcn_fffa8181 ; call 0xfffa8181 add esp, 0x10 cmp ebx, 4 -jne short loc_fffbc58d ; jne 0xfffbc58d +jne short loc_fffbc56f ; jne 0xfffbc56f mov eax, dword [ebp + 8] lea edx, [ebp - 0x220] -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x2b8], al mov eax, dword [ebp + 8] -movzx ecx, byte [eax + 0x2488] +movzx ecx, byte [eax + 0x2489] mov eax, 1 shl eax, cl xor ecx, ecx dec eax mov word [ebp - 0x2a8], ax mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] lea eax, [ebp - 0x22b] push 0 push 0 @@ -38951,32 +38919,32 @@ push eax mov eax, dword [ebp + 8] push 4 push 2 -call fcn_fffb20e5 ; call 0xfffb20e5 +call fcn_fffae425 ; call 0xfffae425 mov eax, dword [ebp + 8] add esp, 0x20 -cmp dword [eax + 0x3756], 2 -jne short loc_fffbc62c ; jne 0xfffbc62c +cmp dword [eax + 0x3757], 2 +jne short loc_fffbc60e ; jne 0xfffbc60e mov ecx, 0x8049 mov edx, 0x4040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbc62c: ; not directly referenced +loc_fffbc60e: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffbc647 ; jne 0xfffbc647 +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffbc629 ; jne 0xfffbc629 mov ecx, 0x8049 mov edx, 0x4440 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbc647: ; not directly referenced +loc_fffbc629: ; not directly referenced mov eax, dword [ebp + 8] lea esi, [ebp - 0x24c] mov dword [ebp - 0x278], 0 -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x2ac], eax mov dword [ebp - 0x2b0], eax -loc_fffbc66b: ; not directly referenced +loc_fffbc64d: ; not directly referenced mov cl, byte [ebp - 0x278] xor edx, edx mov dword [ebp - 0x27c], 1 @@ -38984,20 +38952,20 @@ mov eax, dword [ebp + 8] shl dword [ebp - 0x27c], cl mov edi, dword [ebp - 0x27c] mov ecx, edi -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov ecx, edi mov edx, 1 mov byte [ebp - 0x266], 0 mov word [ebp - 0x264], 0 mov bl, al mov eax, dword [ebp + 8] -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov byte [ebp - 0x265], 0 mov word [ebp - 0x262], 0 or eax, ebx mov ebx, edi test byte [ebp - 0x2b8], bl -je loc_fffbc971 ; je 0xfffbc971 +je loc_fffbc953 ; je 0xfffbc953 mov edx, dword [ebp - 0x278] movzx eax, al mov dword [ebp - 0x274], 3 @@ -39024,36 +38992,36 @@ imul ebx, edx, 0x128 mov dword [ebp - 0x28c], edi mov dword [ebp - 0x298], ebx -loc_fffbc74b: ; not directly referenced +loc_fffbc72d: ; not directly referenced mov eax, dword [ebp - 0x2ac] xor ebx, ebx mov dword [ebp - 0x280], eax -loc_fffbc759: ; not directly referenced +loc_fffbc73b: ; not directly referenced mov edi, dword [ebp - 0x280] mov al, byte [ebp - 0x27c] test byte [edi + 0xc4], al -jne loc_fffbc9df ; jne 0xfffbc9df +jne loc_fffbc9c1 ; jne 0xfffbc9c1 -loc_fffbc771: ; not directly referenced +loc_fffbc753: ; not directly referenced inc ebx add dword [ebp - 0x280], 0x13c3 cmp ebx, 2 -jne short loc_fffbc759 ; jne 0xfffbc759 +jne short loc_fffbc73b ; jne 0xfffbc73b mov al, byte [ebp - 0x27c] cmp dword [ebp - 0x2a4], 0 mov byte [ebp - 0x294], al -jne short loc_fffbc800 ; jne 0xfffbc800 +jne short loc_fffbc7e2 ; jne 0xfffbc7e2 mov eax, dword [ebp + 8] xor bl, bl -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 mov eax, dword [ebp + 8] -lea edi, [eax + 0x381a] +lea edi, [eax + 0x381b] -loc_fffbc7a9: ; not directly referenced +loc_fffbc78b: ; not directly referenced mov al, byte [ebp - 0x294] test byte [edi], al -je short loc_fffbc7e7 ; je 0xfffbc7e7 +je short loc_fffbc7c9 ; je 0xfffbc7c9 push eax mov ecx, dword [ebp - 0x298] mov edx, ebx @@ -39067,22 +39035,22 @@ movzx eax, ax push eax mov eax, dword [ebp + 8] push 0 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbc7e7: ; not directly referenced +loc_fffbc7c9: ; not directly referenced inc ebx add edi, 0x13c3 cmp ebx, 2 -jne short loc_fffbc7a9 ; jne 0xfffbc7a9 +jne short loc_fffbc78b ; jne 0xfffbc78b mov eax, dword [ebp + 8] mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbc800: ; not directly referenced +loc_fffbc7e2: ; not directly referenced lea edi, [ebp - 0x253] -loc_fffbc806: ; not directly referenced +loc_fffbc7e8: ; not directly referenced push 0 xor ebx, ebx push 0 @@ -39097,7 +39065,7 @@ movsx eax, byte [edi] push eax push 2 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x2c mov edx, dword [ebp - 0x2bc] push 0 @@ -39106,50 +39074,50 @@ push 1 lea eax, [ebp - 0x25a] push eax mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 lea eax, [ebp - 0x206] add esp, 0x10 mov dword [ebp - 0x288], eax mov dword [ebp - 0x280], 1 -loc_fffbc863: ; not directly referenced +loc_fffbc845: ; not directly referenced imul eax, ebx, 0x13c3 mov edx, dword [ebp + 8] mov cl, byte [ebp - 0x294] -test byte [edx + eax + 0x381a], cl -je short loc_fffbc8e7 ; je 0xfffbc8e7 +test byte [edx + eax + 0x381b], cl +je short loc_fffbc8c9 ; je 0xfffbc8c9 mov eax, dword [ebp + 8] mov edx, ebx shl edx, 0xa add edx, 0x40ec -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov ecx, dword [ebp + 8] and eax, dword [ebp - 0x2a8] -mov cl, byte [ecx + 0x2488] +mov cl, byte [ecx + 0x2489] mov word [ebp - 0x270], ax mov ax, word [ebp + ebx*2 - 0x264] or word [ebp - 0x270], ax mov byte [ebp - 0x2a0], cl xor ecx, ecx -loc_fffbc8bb: ; not directly referenced +loc_fffbc89d: ; not directly referenced cmp byte [ebp - 0x2a0], cl -ja loc_fffbcb02 ; ja 0xfffbcb02 +ja loc_fffbcae4 ; ja 0xfffbcae4 mov eax, dword [ebp - 0x2a8] cmp word [ebp + ebx*2 - 0x264], ax mov eax, 0 cmove eax, dword [ebp - 0x280] mov dword [ebp - 0x280], eax -loc_fffbc8e7: ; not directly referenced +loc_fffbc8c9: ; not directly referenced inc ebx add dword [ebp - 0x288], 9 cmp ebx, 2 -jne loc_fffbc863 ; jne 0xfffbc863 +jne loc_fffbc845 ; jne 0xfffbc845 cmp dword [ebp - 0x280], 1 -jne loc_fffbcb38 ; jne 0xfffbcb38 +jne loc_fffbcb1a ; jne 0xfffbcb1a -loc_fffbc905: ; not directly referenced +loc_fffbc8e7: ; not directly referenced lea eax, [ebp - 0x206] xor edi, edi mov dword [ebp - 0x2a0], eax @@ -39160,25 +39128,25 @@ mov dword [ebp - 0x288], eax imul eax, dword [ebp - 0x278], 9 mov dword [ebp - 0x2c8], eax -loc_fffbc938: ; not directly referenced +loc_fffbc91a: ; not directly referenced mov ebx, dword [ebp - 0x288] mov al, byte [ebp - 0x294] test byte [ebx + 0xc4], al -jne loc_fffbcb68 ; jne 0xfffbcb68 +jne loc_fffbcb4a ; jne 0xfffbcb4a -loc_fffbc950: ; not directly referenced +loc_fffbc932: ; not directly referenced inc edi add dword [ebp - 0x288], 0x13c3 add dword [ebp - 0x28c], 0x13c3 add dword [ebp - 0x2a0], 9 cmp edi, 2 -jne short loc_fffbc938 ; jne 0xfffbc938 +jne short loc_fffbc91a ; jne 0xfffbc91a -loc_fffbc971: ; not directly referenced +loc_fffbc953: ; not directly referenced inc dword [ebp - 0x278] add dword [ebp - 0x2b0], 0x12 cmp dword [ebp - 0x278], 4 -jne loc_fffbc66b ; jne 0xfffbc66b +jne loc_fffbc64d ; jne 0xfffbc64d push eax mov ecx, 0x1010101 push eax @@ -39186,10 +39154,10 @@ mov eax, dword [ebp + 8] xor edx, edx push 0 push 8 -call fcn_fffa7fde ; call 0xfffa7fde +call fcn_fffa7f8c ; call 0xfffa7f8c mov eax, dword [ebp + 8] lea edx, [ebp - 0x214] -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c mov eax, dword [ebp + 8] add esp, 0x10 mov edx, 0x3670 @@ -39198,16 +39166,16 @@ mov eax, 0x367c cmove edx, eax mov eax, dword [ebp + 8] xor ecx, ecx -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +call fcn_fffaa4a9 ; call 0xfffaa4a9 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbc9df: ; not directly referenced +loc_fffbc9c1: ; not directly referenced mov eax, dword [ebp - 0x284] movsx eax, byte [eax] cmp al, 2 -jle short loc_fffbca0d ; jle 0xfffbca0d +jle short loc_fffbc9ef ; jle 0xfffbc9ef mov edx, dword [ebp - 0x274] sub eax, 2 and edx, dword [esi + ebx*4] @@ -39215,18 +39183,18 @@ or edx, dword [ebp - 0x290] shl eax, 7 mov word [ebp - 0x270], ax mov dword [esi + ebx*4], edx -jmp short loc_fffbca4a ; jmp 0xfffbca4a +jmp short loc_fffbca2c ; jmp 0xfffbca2c -loc_fffbca0d: ; not directly referenced +loc_fffbc9ef: ; not directly referenced test al, al -jns short loc_fffbca2b ; jns 0xfffbca2b +jns short loc_fffbca0d ; jns 0xfffbca0d mov edi, dword [ebp - 0x274] mov word [ebp - 0x270], ax and dword [esi + ebx*4], edi shl word [ebp - 0x270], 7 -jmp short loc_fffbca4a ; jmp 0xfffbca4a +jmp short loc_fffbca2c ; jmp 0xfffbca2c -loc_fffbca2b: ; not directly referenced +loc_fffbca0d: ; not directly referenced mov cl, byte [ebp - 0x2b4] mov edx, dword [ebp - 0x274] and edx, dword [esi + ebx*4] @@ -39235,17 +39203,17 @@ shl eax, cl or edx, eax mov dword [esi + ebx*4], edx -loc_fffbca4a: ; not directly referenced +loc_fffbca2c: ; not directly referenced mov eax, dword [ebp - 0x280] add eax, dword [ebp - 0x28c] mov byte [ebp - 0x288], 0 mov dword [ebp - 0x294], eax -loc_fffbca63: ; not directly referenced +loc_fffbca45: ; not directly referenced mov edi, dword [ebp + 8] mov al, byte [ebp - 0x288] -cmp al, byte [edi + 0x2488] -jae short loc_fffbcae8 ; jae 0xfffbcae8 +cmp al, byte [edi + 0x2489] +jae short loc_fffbcaca ; jae 0xfffbcaca movzx ecx, byte [ebp - 0x288] mov eax, dword [ebp - 0x28c] mov edi, dword [ebp - 0x280] @@ -39270,25 +39238,25 @@ mov eax, dword [ebp + 8] push 3 push ecx mov ecx, dword [ebp - 0x278] -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 inc byte [ebp - 0x288] -jmp near loc_fffbca63 ; jmp 0xfffbca63 +jmp near loc_fffbca45 ; jmp 0xfffbca45 -loc_fffbcae8: ; not directly referenced +loc_fffbcaca: ; not directly referenced mov ecx, dword [esi + ebx*4] mov edx, ebx mov eax, edi shl edx, 0xa add edx, 0x40d0 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffbc771 ; jmp 0xfffbc771 +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbc753 ; jmp 0xfffbc753 -loc_fffbcb02: ; not directly referenced +loc_fffbcae4: ; not directly referenced mov edx, 1 shl edx, cl test word [ebp - 0x270], dx -jne short loc_fffbcb32 ; jne 0xfffbcb32 +jne short loc_fffbcb14 ; jne 0xfffbcb14 or word [ebp + ebx*2 - 0x264], dx mov edx, dword [ebp - 0x284] mov eax, dword [ebp - 0x288] @@ -39296,31 +39264,31 @@ mov dl, byte [edx] add byte [ebp + ebx - 0x266], dl mov byte [eax + ecx], dl -loc_fffbcb32: ; not directly referenced +loc_fffbcb14: ; not directly referenced inc ecx -jmp near loc_fffbc8bb ; jmp 0xfffbc8bb +jmp near loc_fffbc89d ; jmp 0xfffbc89d -loc_fffbcb38: ; not directly referenced +loc_fffbcb1a: ; not directly referenced inc edi cmp edi, esi -jne loc_fffbc806 ; jne 0xfffbc806 +jne loc_fffbc7e8 ; jne 0xfffbc7e8 inc dword [ebp - 0x284] lea eax, [ebp - 0x25a] cmp dword [ebp - 0x284], eax -jne loc_fffbc74b ; jne 0xfffbc74b +jne loc_fffbc72d ; jne 0xfffbc72d mov dword [ebp - 0x280], 0 -jmp near loc_fffbc905 ; jmp 0xfffbc905 +jmp near loc_fffbc8e7 ; jmp 0xfffbc8e7 -loc_fffbcb68: ; not directly referenced +loc_fffbcb4a: ; not directly referenced cmp dword [ebp - 0x280], 0 -jne short loc_fffbcb81 ; jne 0xfffbcb81 +jne short loc_fffbcb63 ; jne 0xfffbcb63 mov eax, dword [ebp + 8] cmp byte [eax + 0x1965], 0 -jne loc_fffbccc1 ; jne 0xfffbccc1 +jne loc_fffbcca3 ; jne 0xfffbcca3 -loc_fffbcb81: ; not directly referenced +loc_fffbcb63: ; not directly referenced mov eax, dword [ebp + 8] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov bl, al mov byte [ebp - 0x2bc], al movsx eax, byte [ebp + edi - 0x266] @@ -39334,9 +39302,9 @@ cdq idiv ecx mov byte [ebp - 0x270], al -loc_fffbcbb1: ; not directly referenced +loc_fffbcb93: ; not directly referenced cmp byte [ebp - 0x270], 2 -jle short loc_fffbcbe2 ; jle 0xfffbcbe2 +jle short loc_fffbcbc4 ; jle 0xfffbcbc4 mov eax, dword [ebp - 0x274] and eax, dword [esi + edi*4] or eax, dword [ebp - 0x290] @@ -39345,19 +39313,19 @@ movsx eax, byte [ebp - 0x270] sub eax, 2 shl eax, 7 mov word [ebp - 0x284], ax -jmp short loc_fffbcc33 ; jmp 0xfffbcc33 +jmp short loc_fffbcc15 ; jmp 0xfffbcc15 -loc_fffbcbe2: ; not directly referenced +loc_fffbcbc4: ; not directly referenced cmp byte [ebp - 0x270], 0 -jns short loc_fffbcc0d ; jns 0xfffbcc0d +jns short loc_fffbcbef ; jns 0xfffbcbef mov eax, dword [ebp - 0x274] and dword [esi + edi*4], eax movsx ax, byte [ebp - 0x270] mov word [ebp - 0x284], ax shl word [ebp - 0x284], 7 -jmp short loc_fffbcc33 ; jmp 0xfffbcc33 +jmp short loc_fffbcc15 ; jmp 0xfffbcc15 -loc_fffbcc0d: ; not directly referenced +loc_fffbcbef: ; not directly referenced movsx eax, byte [ebp - 0x270] mov cl, byte [ebp - 0x2b4] mov edx, dword [ebp - 0x274] @@ -39367,16 +39335,16 @@ shl eax, cl or eax, edx mov dword [esi + edi*4], eax -loc_fffbcc33: ; not directly referenced +loc_fffbcc15: ; not directly referenced movsx ecx, word [ebp - 0x284] xor eax, eax movsx edx, byte [ebp - 0x270] mov dword [ebp - 0x2c0], ecx mov dword [ebp - 0x2c4], edx -loc_fffbcc4f: ; not directly referenced +loc_fffbcc31: ; not directly referenced cmp byte [ebp - 0x2bc], al -jbe short loc_fffbcccb ; jbe 0xfffbcccb +jbe short loc_fffbccad ; jbe 0xfffbccad mov edx, dword [ebp - 0x2a0] mov ecx, dword [ebp - 0x28c] movsx edx, byte [edx + eax] @@ -39386,46 +39354,46 @@ shl edx, 7 add edx, dword [ebp - 0x2c0] add ecx, edx cmp ecx, 0x1bf -jle short loc_fffbcc91 ; jle 0xfffbcc91 +jle short loc_fffbcc73 ; jle 0xfffbcc73 inc ebx inc byte [ebp - 0x270] -jmp short loc_fffbccae ; jmp 0xfffbccae +jmp short loc_fffbcc90 ; jmp 0xfffbcc90 -loc_fffbcc91: ; not directly referenced +loc_fffbcc73: ; not directly referenced mov ecx, dword [ebp - 0x28c] movzx ecx, word [ecx + eax*2 + 0x121] inc eax add edx, ecx cmp edx, 0x5f -jg short loc_fffbcc4f ; jg 0xfffbcc4f +jg short loc_fffbcc31 ; jg 0xfffbcc31 dec byte [ebp - 0x270] inc ebx -loc_fffbccae: ; not directly referenced +loc_fffbcc90: ; not directly referenced cmp bl, 3 -jbe loc_fffbcbb1 ; jbe 0xfffbcbb1 +jbe loc_fffbcb93 ; jbe 0xfffbcb93 -loc_fffbccb7: ; not directly referenced +loc_fffbcc99: ; not directly referenced mov eax, 1 -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbccc1: ; not directly referenced +loc_fffbcca3: ; not directly referenced mov eax, 8 -jmp near loc_fffbcdc5 ; jmp 0xfffbcdc5 +jmp near loc_fffbcda7 ; jmp 0xfffbcda7 -loc_fffbcccb: ; not directly referenced +loc_fffbccad: ; not directly referenced cmp bl, 3 -ja short loc_fffbccb7 ; ja 0xfffbccb7 +ja short loc_fffbcc99 ; ja 0xfffbcc99 lea eax, [edi + edi*8] xor ebx, ebx lea ecx, [ebp - 0x18] add eax, ecx mov dword [ebp - 0x2c0], eax -loc_fffbcce0: ; not directly referenced +loc_fffbccc2: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffbcd5b ; jae 0xfffbcd5b +cmp bl, byte [eax + 0x2489] +jae short loc_fffbcd3d ; jae 0xfffbcd3d mov eax, dword [ebp - 0x2c8] movzx ecx, bl inc ebx @@ -39450,18 +39418,18 @@ push 0 push 0xff push ecx mov ecx, dword [ebp - 0x278] -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 -jmp short loc_fffbcce0 ; jmp 0xfffbcce0 +jmp short loc_fffbccc2 ; jmp 0xfffbccc2 -loc_fffbcd5b: ; not directly referenced +loc_fffbcd3d: ; not directly referenced mov ecx, dword [esi + edi*4] mov edx, edi shl edx, 0xa add edx, 0x40d0 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x2a4], 0 -jne loc_fffbc950 ; jne 0xfffbc950 +jne loc_fffbc932 ; jne 0xfffbc932 mov eax, dword [ebp - 0x288] mov ebx, dword [ebp - 0x298] add eax, dword [ebp - 0x29c] @@ -39475,14 +39443,14 @@ movzx eax, ax push eax mov eax, dword [ebp + 8] push 0 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb mov eax, dword [ebp + 8] mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 add esp, 0x10 -jmp near loc_fffbc950 ; jmp 0xfffbc950 +jmp near loc_fffbc932 ; jmp 0xfffbc932 -loc_fffbcdc5: ; not directly referenced +loc_fffbcda7: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -39490,31 +39458,31 @@ pop edi pop ebp ret -fcn_fffbcdcd: ; not directly referenced +fcn_fffbcdaf: ; not directly referenced push ebp mov ecx, 3 mov ebp, esp push edi push esi -mov esi, ref_fffd58e8 ; mov esi, 0xfffd58e8 +mov esi, ref_fffd53a4 ; mov esi, 0xfffd53a4 push ebx sub esp, 0x13c0 mov eax, dword [ebp + 8] lea edi, [ebp - 0x1360] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] lea edi, [ebp - 0x1354] -mov esi, ref_fffd58f4 ; mov esi, 0xfffd58f4 +mov esi, ref_fffd53b0 ; mov esi, 0xfffd53b0 mov byte [ebp - 0x1362], 0 -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov dword [ebp - 0x1384], eax mov eax, dword [ebp + 8] mov cl, 3 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov eax, dword [eax + 0x2443] +mov eax, dword [eax + 0x2444] mov edi, eax mov dword [ebp - 0x1394], eax mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x2480] +mov edx, dword [eax + 0x2481] xor eax, eax cmp edx, 1 sete al @@ -39540,7 +39508,7 @@ mov eax, edi call dword [eax + 0x5c] ; ucall add esp, 0x10 -loc_fffbce7a: ; not directly referenced +loc_fffbce5c: ; not directly referenced push eax push eax mov eax, dword [ebp + 8] @@ -39549,62 +39517,62 @@ inc ebx push 1 lea ecx, [ebp - 0x1362] lea edx, [ebp - 0x1363] -call fcn_fffa81d3 ; call 0xfffa81d3 +call fcn_fffa8181 ; call 0xfffa8181 add esp, 0x10 cmp ebx, 4 -jne short loc_fffbce7a ; jne 0xfffbce7a +jne short loc_fffbce5c ; jne 0xfffbce5c mov eax, dword [ebp + 8] lea edx, [ebp - 0x1360] xor esi, esi -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248e] +mov al, byte [eax + 0x248f] mov byte [ebp - 0x1374], al mov eax, dword [ebp + 8] -mov al, byte [eax + 0x248d] +mov al, byte [eax + 0x248e] mov byte [ebp - 0x1375], al mov eax, dword [ebp + 8] -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x1388], eax mov edi, eax -loc_fffbceda: ; not directly referenced +loc_fffbcebc: ; not directly referenced cmp dword [edi], 2 -jne loc_fffbcfe7 ; jne 0xfffbcfe7 +jne loc_fffbcfc9 ; jne 0xfffbcfc9 cmp dword [ebp - 0x139c], 1 -jne short loc_fffbcf28 ; jne 0xfffbcf28 +jne short loc_fffbcf0a ; jne 0xfffbcf0a mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 imul edx, esi, 0xcc mov ecx, dword [ebp - 0x1384] mov ecx, dword [ecx + edx + 0x1c] mov edx, eax mov eax, dword [ebp + 8] or ecx, 0x40000000 -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbcf28: ; not directly referenced +loc_fffbcf0a: ; not directly referenced xor ebx, ebx -loc_fffbcf2a: ; not directly referenced +loc_fffbcf0c: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae short loc_fffbcf8d ; jae 0xfffbcf8d +cmp bl, byte [eax + 0x2489] +jae short loc_fffbcf6f ; jae 0xfffbcf6f movzx eax, bl mov dword [ebp - 0x136c], 0 mov dword [ebp - 0x137c], eax -loc_fffbcf48: ; not directly referenced +loc_fffbcf2a: ; not directly referenced mov cl, byte [ebp - 0x136c] mov eax, 1 shl eax, cl test byte [edi + 0xc4], al -je short loc_fffbcf7b ; je 0xfffbcf7b +je short loc_fffbcf5d ; je 0xfffbcf5d push eax mov ecx, dword [ebp - 0x136c] mov edx, esi @@ -39612,23 +39580,23 @@ push 0x20 mov eax, dword [ebp + 8] push 5 push dword [ebp - 0x137c] -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -loc_fffbcf7b: ; not directly referenced +loc_fffbcf5d: ; not directly referenced inc dword [ebp - 0x136c] cmp dword [ebp - 0x136c], 4 -jne short loc_fffbcf48 ; jne 0xfffbcf48 +jne short loc_fffbcf2a ; jne 0xfffbcf2a inc ebx -jmp short loc_fffbcf2a ; jmp 0xfffbcf2a +jmp short loc_fffbcf0c ; jmp 0xfffbcf0c -loc_fffbcf8d: ; not directly referenced +loc_fffbcf6f: ; not directly referenced cmp dword [ebp - 0x1370], 0 -je short loc_fffbcfce ; je 0xfffbcfce +je short loc_fffbcfb0 ; je 0xfffbcfb0 mov eax, dword [ebp + 8] lea ebx, [esi*8 + 0x4980] mov edx, ebx -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d mov dword [ebp + esi*8 - 0x1348], eax push eax push eax @@ -39637,64 +39605,64 @@ push 0xfb73ea62 push 0xd951c840 mov dword [ebp + esi*8 - 0x1344], edx mov edx, ebx -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffbcfce: ; not directly referenced +loc_fffbcfb0: ; not directly referenced mov eax, dword [ebp + 8] mov edx, esi shl edx, 0xa add edx, 0x4020 -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov dword [ebp - 0x138c], eax -loc_fffbcfe7: ; not directly referenced +loc_fffbcfc9: ; not directly referenced inc esi add edi, 0x13c3 cmp esi, 2 -jne loc_fffbceda ; jne 0xfffbceda +jne loc_fffbcebc ; jne 0xfffbcebc cmp dword [ebp - 0x1370], 0 -je short loc_fffbd01d ; je 0xfffbd01d +je short loc_fffbcfff ; je 0xfffbcfff or dword [ebp - 0x138c], 0x80 mov edx, 0x4c20 mov ecx, dword [ebp - 0x138c] mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffbd01d: ; not directly referenced +loc_fffbcfff: ; not directly referenced movzx eax, byte [ebp - 0x1374] mov dword [ebp - 0x13a0], eax mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffb27d5 ; call 0xfffb27d5 +call fcn_fffaeb5f ; call 0xfffaeb5f mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffbd04f ; jne 0xfffbd04f +cmp dword [eax + 0x3757], 2 +jne short loc_fffbd031 ; jne 0xfffbd031 mov ecx, 0x8049 mov edx, 0x4040 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbd04f: ; not directly referenced +loc_fffbd031: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffbd06a ; jne 0xfffbd06a +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffbd04c ; jne 0xfffbd04c mov ecx, 0x8049 mov edx, 0x4440 -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbd06a: ; not directly referenced +loc_fffbd04c: ; not directly referenced movzx eax, byte [ebp - 0x1375] mov dword [ebp - 0x1374], 0 mov dword [ebp - 0x1380], 0 mov dword [ebp - 0x13c8], eax -loc_fffbd08b: ; not directly referenced +loc_fffbd06d: ; not directly referenced mov edi, dword [ebp - 0x1374] mov esi, dword [ebp - 0x13c8] mov eax, edi bt esi, edi mov byte [ebp - 0x13b8], al -jae loc_fffbd61a ; jae 0xfffbd61a +jae loc_fffbd5fc ; jae 0xfffbd5fc mov dword [ebp - 0x136c], 1 mov ecx, edi xor ebx, ebx @@ -39710,24 +39678,24 @@ mov eax, dword [ebp - 0x13b8] and eax, 1 mov dword [ebp - 0x137c], eax -loc_fffbd0ea: ; not directly referenced +loc_fffbd0cc: ; not directly referenced mov ecx, dword [ebp - 0x136c] mov edx, ebx mov eax, dword [ebp + 8] -call fcn_fffaac43 ; call 0xfffaac43 +call fcn_fffad317 ; call 0xfffad317 mov al, byte [ebp - 0x1375] test byte [edi + 0xc4], al -je short loc_fffbd17f ; je 0xfffbd17f +je short loc_fffbd161 ; je 0xfffbd161 cmp dword [ebp - 0x1398], 0 -je short loc_fffbd117 ; je 0xfffbd117 +je short loc_fffbd0f9 ; je 0xfffbd0f9 push ecx push ecx push 4 -jmp short loc_fffbd144 ; jmp 0xfffbd144 +jmp short loc_fffbd126 ; jmp 0xfffbd126 -loc_fffbd117: ; not directly referenced +loc_fffbd0f9: ; not directly referenced cmp dword [ebp - 0x1370], 0 -je short loc_fffbd159 ; je 0xfffbd159 +je short loc_fffbd13b ; je 0xfffbd13b imul edx, dword [ebp - 0x137c], 0x18 imul eax, dword [ebp - 0x1390], 0x128 add eax, edx @@ -39738,35 +39706,35 @@ or eax, 4 movzx eax, ax push eax -loc_fffbd144: ; not directly referenced +loc_fffbd126: ; not directly referenced mov ecx, dword [ebp - 0x136c] mov edx, ebx mov eax, dword [ebp + 8] push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbd159: ; not directly referenced +loc_fffbd13b: ; not directly referenced mov esi, ebx mov eax, dword [ebp + 8] shl esi, 0xa add esi, 0x4194 mov edx, esi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, esi or eax, 0x80000000 mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbd17f: ; not directly referenced +loc_fffbd161: ; not directly referenced inc ebx add edi, 0x13c3 cmp ebx, 2 -jne loc_fffbd0ea ; jne 0xfffbd0ea +jne loc_fffbd0cc ; jne 0xfffbd0cc mov dword [ebp - 0x137c], 0 -loc_fffbd199: ; not directly referenced +loc_fffbd17b: ; not directly referenced push 1 mov eax, dword [ebp - 0x137c] xor edi, edi @@ -39782,30 +39750,30 @@ push 0 push eax push 1 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov eax, dword [ebp + 8] add esp, 0x2c mov edx, dword [ebp - 0x13a0] -movzx ecx, byte [eax + 0x248b] +movzx ecx, byte [eax + 0x248c] lea eax, [ebp - 0x1361] push 0 push 1 push eax mov eax, dword [ebp + 8] -call fcn_fffb0f94 ; call 0xfffb0f94 +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 -loc_fffbd1ea: ; not directly referenced +loc_fffbd1cc: ; not directly referenced imul eax, edi, 0x13c3 mov esi, dword [ebp + 8] mov bl, byte [ebp - 0x1375] -test byte [esi + eax + 0x381a], bl -je loc_fffbd2de ; je 0xfffbd2de +test byte [esi + eax + 0x381b], bl +je loc_fffbd2c0 ; je 0xfffbd2c0 mov ebx, edi mov eax, esi shl ebx, 0xa lea edx, [ebx + 0x40e0] -call fcn_fffae548 ; call 0xfffae548 +call fcn_fffb333d ; call 0xfffb333d mov dword [ebp - 0x13a8], eax lea eax, [ebx + 0x40e8] xor ebx, ebx @@ -39814,12 +39782,12 @@ lea eax, [edi + edi*8] mov dword [ebp - 0x13a4], edx mov dword [ebp - 0x13c0], eax -loc_fffbd23b: ; not directly referenced +loc_fffbd21d: ; not directly referenced mov eax, dword [ebp + 8] -cmp bl, byte [eax + 0x2488] -jae loc_fffbd2de ; jae 0xfffbd2de +cmp bl, byte [eax + 0x2489] +jae loc_fffbd2c0 ; jae 0xfffbd2c0 cmp bl, 7 -ja short loc_fffbd273 ; ja 0xfffbd273 +ja short loc_fffbd255 ; ja 0xfffbd255 push eax movzx eax, bl shl eax, 3 @@ -39830,53 +39798,53 @@ push dword [ebp - 0x13a8] call dword [eax + 0x6c] ; ucall add esp, 0x10 mov cl, al -jmp short loc_fffbd283 ; jmp 0xfffbd283 +jmp short loc_fffbd265 ; jmp 0xfffbd265 -loc_fffbd273: ; not directly referenced +loc_fffbd255: ; not directly referenced mov edx, dword [ebp - 0x13bc] mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov cl, al -loc_fffbd283: ; not directly referenced +loc_fffbd265: ; not directly referenced movzx eax, cl mov dword [ebp - 0x13c4], ecx -call fcn_fffaeba2 ; call 0xfffaeba2 +call fcn_fffb38d9 ; call 0xfffb38d9 mov ecx, dword [ebp - 0x13c4] cmp dword [ebp - 0x1380], 0 -jne short loc_fffbd2ad ; jne 0xfffbd2ad +jne short loc_fffbd28f ; jne 0xfffbd28f xor edx, edx cmp al, 6 setbe dl mov dword [ebp - 0x1380], edx -loc_fffbd2ad: ; not directly referenced +loc_fffbd28f: ; not directly referenced movzx esi, bl mov edx, 1 test cl, cl -je short loc_fffbd2c2 ; je 0xfffbd2c2 +je short loc_fffbd2a4 ; je 0xfffbd2a4 xor edx, edx cmp al, 7 sete dl add edx, edx -loc_fffbd2c2: ; not directly referenced +loc_fffbd2a4: ; not directly referenced add esi, dword [ebp - 0x13c0] inc ebx shl esi, 6 add esi, dword [ebp - 0x137c] mov dword [ebp + esi*4 - 0x1218], edx -jmp near loc_fffbd23b ; jmp 0xfffbd23b +jmp near loc_fffbd21d ; jmp 0xfffbd21d -loc_fffbd2de: ; not directly referenced +loc_fffbd2c0: ; not directly referenced inc edi cmp edi, 2 -jne loc_fffbd1ea ; jne 0xfffbd1ea +jne loc_fffbd1cc ; jne 0xfffbd1cc mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a +call fcn_fffaa4a9 ; call 0xfffaa4a9 inc dword [ebp - 0x137c] cmp dword [ebp - 0x137c], 0x40 -jne loc_fffbd199 ; jne 0xfffbd199 +jne loc_fffbd17b ; jne 0xfffbd17b mov eax, dword [ebp - 0x1384] xor di, di mov ebx, dword [ebp - 0x1388] @@ -39885,32 +39853,32 @@ mov eax, dword [ebp - 0x13b8] and eax, 1 mov dword [ebp - 0x13b8], eax -loc_fffbd324: ; not directly referenced +loc_fffbd306: ; not directly referenced mov al, byte [ebp - 0x1375] test byte [ebx + 0xc4], al -je loc_fffbd3cb ; je 0xfffbd3cb +je loc_fffbd3ad ; je 0xfffbd3ad mov eax, edi shl eax, 0xa add eax, 0x4194 mov edx, eax mov dword [ebp - 0x137c], eax mov eax, dword [ebp + 8] -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffb331f ; call 0xfffb331f mov edx, dword [ebp - 0x137c] and eax, 0x7fffffff mov ecx, eax mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 cmp dword [ebp - 0x1398], 0 -je short loc_fffbd374 ; je 0xfffbd374 +je short loc_fffbd356 ; je 0xfffbd356 push eax push eax push 0 -jmp short loc_fffbd39b ; jmp 0xfffbd39b +jmp short loc_fffbd37d ; jmp 0xfffbd37d -loc_fffbd374: ; not directly referenced +loc_fffbd356: ; not directly referenced cmp dword [ebp - 0x1370], 0 -je short loc_fffbd3b0 ; je 0xfffbd3b0 +je short loc_fffbd392 ; je 0xfffbd392 push eax push eax imul edx, dword [ebp - 0x13b8], 0x18 @@ -39919,40 +39887,40 @@ add eax, edx movzx eax, word [ebx + eax + 0x1271] push eax -loc_fffbd39b: ; not directly referenced +loc_fffbd37d: ; not directly referenced mov ecx, dword [ebp - 0x136c] mov edx, edi mov eax, dword [ebp + 8] push 3 -call fcn_fffafd52 ; call 0xfffafd52 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -loc_fffbd3b0: ; not directly referenced +loc_fffbd392: ; not directly referenced push eax mov eax, dword [ebp + 8] push 0 -movzx eax, byte [eax + 0x2488] +movzx eax, byte [eax + 0x2489] push eax mov eax, dword [ebp - 0x1394] push esi call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffbd3cb: ; not directly referenced +loc_fffbd3ad: ; not directly referenced inc edi add esi, 0xcc add ebx, 0x13c3 cmp edi, 2 -jne loc_fffbd324 ; jne 0xfffbd324 +jne loc_fffbd306 ; jne 0xfffbd306 lea eax, [ebp - 0x1298] mov edx, 0xffffffe0 mov dword [ebp - 0x13b8], eax -loc_fffbd3f2: ; not directly referenced +loc_fffbd3d4: ; not directly referenced mov eax, dword [ebp + 8] lea ecx, [ebp - 0x12f0] lea edi, [ebp - 0x12a8] -add eax, 0x381a +add eax, 0x381b mov dword [ebp - 0x1390], eax lea eax, [ebp - 0x1338] mov dword [ebp - 0x136c], eax @@ -39963,18 +39931,18 @@ mov dword [ebp - 0x13a8], eax lea eax, [edx - 1] mov dword [ebp - 0x13c4], eax -loc_fffbd439: ; not directly referenced +loc_fffbd41b: ; not directly referenced mov esi, dword [ebp - 0x1390] mov al, byte [ebp - 0x1375] test byte [esi], al -je short loc_fffbd4af ; je 0xfffbd4af +je short loc_fffbd491 ; je 0xfffbd491 mov eax, dword [ebp + 8] -mov al, byte [eax + 0x2488] +mov al, byte [eax + 0x2489] mov byte [ebp - 0x13bc], al xor eax, eax -jmp short loc_fffbd4a7 ; jmp 0xfffbd4a7 +jmp short loc_fffbd489 ; jmp 0xfffbd489 -loc_fffbd45c: ; not directly referenced +loc_fffbd43e: ; not directly referenced mov ebx, eax mov esi, eax mov eax, dword [ebp - 0x13a8] @@ -39986,9 +39954,9 @@ cmp ebx, 2 cmove ebx, eax cmp dl, 0xe0 mov eax, esi -jne loc_fffbd514 ; jne 0xfffbd514 +jne loc_fffbd4f6 ; jne 0xfffbd4f6 test ebx, ebx -je short loc_fffbd4ea ; je 0xfffbd4ea +je short loc_fffbd4cc ; je 0xfffbd4cc mov dword [ecx + esi*4], edx mov esi, dword [ebp - 0x136c] mov dword [edi + eax*4], edx @@ -39996,14 +39964,14 @@ mov dword [esi + eax*4], edx mov esi, dword [ebp - 0x137c] mov dword [esi + eax*4], edx -loc_fffbd4a6: ; not directly referenced +loc_fffbd488: ; not directly referenced inc eax -loc_fffbd4a7: ; not directly referenced +loc_fffbd489: ; not directly referenced cmp byte [ebp - 0x13bc], al -ja short loc_fffbd45c ; ja 0xfffbd45c +ja short loc_fffbd43e ; ja 0xfffbd43e -loc_fffbd4af: ; not directly referenced +loc_fffbd491: ; not directly referenced add ecx, 0x24 add edi, 0x24 lea eax, [ebp - 0x12a8] @@ -40012,29 +39980,29 @@ add dword [ebp - 0x136c], 0x24 add dword [ebp - 0x137c], 0x24 add dword [ebp - 0x13a8], 0x900 cmp ecx, eax -jne loc_fffbd439 ; jne 0xfffbd439 -jmp near loc_fffbd56d ; jmp 0xfffbd56d +jne loc_fffbd41b ; jne 0xfffbd41b +jmp near loc_fffbd54f ; jmp 0xfffbd54f -loc_fffbd4ea: ; not directly referenced +loc_fffbd4cc: ; not directly referenced mov dword [ecx + esi*4], 0xffffffdf mov esi, dword [ebp - 0x136c] mov dword [edi + eax*4], 0xffffffdf mov dword [esi + eax*4], 0xffffffdf mov esi, dword [ebp - 0x137c] mov dword [esi + eax*4], 0xffffffdf -jmp short loc_fffbd4a6 ; jmp 0xfffbd4a6 +jmp short loc_fffbd488 ; jmp 0xfffbd488 -loc_fffbd514: ; not directly referenced +loc_fffbd4f6: ; not directly referenced test ebx, ebx -je short loc_fffbd4a6 ; je 0xfffbd4a6 +je short loc_fffbd488 ; je 0xfffbd488 mov ebx, dword [ebp - 0x13c4] cmp dword [ecx + esi*4], ebx mov dword [ecx + esi*4], edx -je short loc_fffbd52f ; je 0xfffbd52f +je short loc_fffbd511 ; je 0xfffbd511 mov esi, dword [ebp - 0x136c] mov dword [esi + eax*4], edx -loc_fffbd52f: ; not directly referenced +loc_fffbd511: ; not directly referenced mov ebx, dword [ebp - 0x136c] mov esi, edx mov ebx, dword [ebx + eax*4] @@ -40044,164 +40012,164 @@ mov ebx, dword [ebp - 0x137c] mov ebx, dword [ebx + eax*4] sub ebx, dword [edi + eax*4] cmp esi, ebx -jle loc_fffbd4a6 ; jle 0xfffbd4a6 +jle loc_fffbd488 ; jle 0xfffbd488 mov esi, dword [ebp - 0x13c0] mov ebx, dword [ebp - 0x137c] mov dword [edi + eax*4], esi mov dword [ebx + eax*4], edx -jmp near loc_fffbd4a6 ; jmp 0xfffbd4a6 +jmp near loc_fffbd488 ; jmp 0xfffbd488 -loc_fffbd56d: ; not directly referenced +loc_fffbd54f: ; not directly referenced inc edx add dword [ebp - 0x13b8], 4 cmp edx, 0x20 -jne loc_fffbd3f2 ; jne 0xfffbd3f2 +jne loc_fffbd3d4 ; jne 0xfffbd3d4 imul ecx, dword [ebp - 0x1374], 9 xor edi, edi mov eax, dword [ebp - 0x1388] mov dword [ebp - 0x137c], ecx -loc_fffbd593: ; not directly referenced +loc_fffbd575: ; not directly referenced mov bl, byte [ebp - 0x1375] test byte [eax + 0xc4], bl -jne short loc_fffbd5ae ; jne 0xfffbd5ae +jne short loc_fffbd590 ; jne 0xfffbd590 -loc_fffbd5a1: ; not directly referenced +loc_fffbd583: ; not directly referenced inc edi add eax, 0x13c3 cmp edi, 2 -je short loc_fffbd61a ; je 0xfffbd61a -jmp short loc_fffbd593 ; jmp 0xfffbd593 +je short loc_fffbd5fc ; je 0xfffbd5fc +jmp short loc_fffbd575 ; jmp 0xfffbd575 -loc_fffbd5ae: ; not directly referenced +loc_fffbd590: ; not directly referenced mov ebx, dword [ebp - 0x137c] xor edx, edx lea ecx, [eax + ebx] mov dword [ebp - 0x136c], ecx -loc_fffbd5bf: ; not directly referenced +loc_fffbd5a1: ; not directly referenced mov ecx, dword [ebp + 8] -cmp dl, byte [ecx + 0x2488] -jae short loc_fffbd5a1 ; jae 0xfffbd5a1 +cmp dl, byte [ecx + 0x2489] +jae short loc_fffbd583 ; jae 0xfffbd583 movzx ebx, dl lea esi, [edi + edi*8] add esi, ebx mov ecx, dword [ebp + esi*4 - 0x12a8] mov esi, dword [ebp + esi*4 - 0x1260] sub esi, ecx -jne short loc_fffbd5f5 ; jne 0xfffbd5f5 +jne short loc_fffbd5d7 ; jne 0xfffbd5d7 mov esi, dword [ebp + 8] cmp byte [esi + 0x1965], 0 -je short loc_fffbd600 ; je 0xfffbd600 -jmp near loc_fffbd79f ; jmp 0xfffbd79f +je short loc_fffbd5e2 ; je 0xfffbd5e2 +jmp near loc_fffbd781 ; jmp 0xfffbd781 -loc_fffbd5f5: ; not directly referenced +loc_fffbd5d7: ; not directly referenced cmp esi, 0xc -jle short loc_fffbd600 ; jle 0xfffbd600 +jle short loc_fffbd5e2 ; jle 0xfffbd5e2 sar esi, 1 add esi, ecx -jmp short loc_fffbd602 ; jmp 0xfffbd602 +jmp short loc_fffbd5e4 ; jmp 0xfffbd5e4 -loc_fffbd600: ; not directly referenced +loc_fffbd5e2: ; not directly referenced xor esi, esi -loc_fffbd602: ; not directly referenced +loc_fffbd5e4: ; not directly referenced add ebx, dword [ebp - 0x136c] inc edx lea ecx, [esi + 0x20] mov byte [ebx + 0x104a], cl mov byte [ebx + 0x106e], cl -jmp short loc_fffbd5bf ; jmp 0xfffbd5bf +jmp short loc_fffbd5a1 ; jmp 0xfffbd5a1 -loc_fffbd61a: ; not directly referenced +loc_fffbd5fc: ; not directly referenced inc dword [ebp - 0x1374] cmp dword [ebp - 0x1374], 4 -jne loc_fffbd08b ; jne 0xfffbd08b +jne loc_fffbd06d ; jne 0xfffbd06d cmp dword [ebp - 0x1370], 0 -je short loc_fffbd69a ; je 0xfffbd69a +je short loc_fffbd67c ; je 0xfffbd67c mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffbd65d ; jne 0xfffbd65d +cmp dword [eax + 0x3757], 2 +jne short loc_fffbd63f ; jne 0xfffbd63f push ebx mov edx, 0x4980 push ebx push dword [ebp - 0x1344] push dword [ebp - 0x1348] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffbd65d: ; not directly referenced +loc_fffbd63f: ; not directly referenced mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffbd684 ; jne 0xfffbd684 +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffbd666 ; jne 0xfffbd666 push ecx mov edx, 0x4988 push ecx push dword [ebp - 0x133c] push dword [ebp - 0x1340] -call fcn_fffae7cf ; call 0xfffae7cf +call fcn_fffb3506 ; call 0xfffb3506 add esp, 0x10 -loc_fffbd684: ; not directly referenced +loc_fffbd666: ; not directly referenced mov ecx, dword [ebp - 0x138c] mov edx, 0x4c20 mov eax, dword [ebp + 8] and cl, 0x7f -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffbd69a: ; not directly referenced +loc_fffbd67c: ; not directly referenced xor esi, esi -loc_fffbd69c: ; not directly referenced +loc_fffbd67e: ; not directly referenced mov eax, 1 mov ecx, esi shl eax, cl xor ebx, ebx mov dword [ebp - 0x136c], eax -loc_fffbd6ad: ; not directly referenced +loc_fffbd68f: ; not directly referenced mov eax, esi test al, al sete dl cmp dword [ebp - 0x139c], 1 sete al test dl, al -je short loc_fffbd6f8 ; je 0xfffbd6f8 +je short loc_fffbd6da ; je 0xfffbd6da mov eax, dword [ebp + 8] mov ecx, 0xff mov edx, ebx -call fcn_fffa7288 ; call 0xfffa7288 +call fcn_fffa7236 ; call 0xfffa7236 imul edx, ebx, 0xcc mov edi, dword [ebp - 0x1384] mov ecx, dword [edi + edx + 0x1c] mov edx, eax mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb38b3 ; call 0xfffb38b3 mov eax, dword [ebp + 8] mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffbd6f8: ; not directly referenced +loc_fffbd6da: ; not directly referenced imul eax, ebx, 0x13c3 mov edi, dword [ebp + 8] mov cl, byte [ebp - 0x136c] -test byte [edi + eax + 0x381a], cl -jne short loc_fffbd718 ; jne 0xfffbd718 +test byte [edi + eax + 0x381b], cl +jne short loc_fffbd6fa ; jne 0xfffbd6fa -loc_fffbd710: ; not directly referenced +loc_fffbd6f2: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffbd6ad ; jne 0xfffbd6ad -jmp short loc_fffbd747 ; jmp 0xfffbd747 +jne short loc_fffbd68f ; jne 0xfffbd68f +jmp short loc_fffbd729 ; jmp 0xfffbd729 -loc_fffbd718: ; not directly referenced +loc_fffbd6fa: ; not directly referenced xor edi, edi -loc_fffbd71a: ; not directly referenced +loc_fffbd6fc: ; not directly referenced mov ecx, dword [ebp + 8] mov eax, edi -cmp al, byte [ecx + 0x2488] -jae short loc_fffbd710 ; jae 0xfffbd710 +cmp al, byte [ecx + 0x2489] +jae short loc_fffbd6f2 ; jae 0xfffbd6f2 push edx mov eax, edi push 0 @@ -40212,14 +40180,14 @@ push eax mov eax, dword [ebp + 8] mov edx, ebx inc edi -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -jmp short loc_fffbd71a ; jmp 0xfffbd71a +jmp short loc_fffbd6fc ; jmp 0xfffbd6fc -loc_fffbd747: ; not directly referenced +loc_fffbd729: ; not directly referenced inc esi cmp esi, 4 -jne loc_fffbd69c ; jne 0xfffbd69c +jne loc_fffbd67e ; jne 0xfffbd67e push eax mov ecx, 0x1010101 push eax @@ -40227,10 +40195,10 @@ mov eax, dword [ebp + 8] xor edx, edx push 0 push 8 -call fcn_fffa7fde ; call 0xfffa7fde +call fcn_fffa7f8c ; call 0xfffa7f8c mov eax, dword [ebp + 8] lea edx, [ebp - 0x1354] -call fcn_fffa665e ; call 0xfffa665e +call fcn_fffa660c ; call 0xfffa660c push 2 push 0 push 0 @@ -40243,16 +40211,16 @@ push 0 push 0 push 1 push dword [ebp + 8] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 mov eax, dword [ebp + 8] add esp, 0x40 -call fcn_fffb0e8a ; call 0xfffb0e8a -jmp short loc_fffbd7a4 ; jmp 0xfffbd7a4 +call fcn_fffaa4a9 ; call 0xfffaa4a9 +jmp short loc_fffbd786 ; jmp 0xfffbd786 -loc_fffbd79f: ; not directly referenced +loc_fffbd781: ; not directly referenced mov eax, 6 -loc_fffbd7a4: ; not directly referenced +loc_fffbd786: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -40260,46 +40228,46 @@ pop edi pop ebp ret -fcn_fffbd7ac: ; not directly referenced +fcn_fffbd78e: ; not directly referenced push ebp mov ecx, 2 mov ebp, esp sub esp, 0x10 mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] push 0xa push 1 -call fcn_fffcd1ac ; call 0xfffcd1ac +call fcn_fffcdb14 ; call 0xfffcdb14 leave ret -fcn_fffbd7cc: ; not directly referenced +fcn_fffbd7ae: ; not directly referenced push ebp mov ecx, 1 mov ebp, esp sub esp, 0x10 mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] push 0xa push 1 -call fcn_fffcd1ac ; call 0xfffcd1ac +call fcn_fffcdb14 ; call 0xfffcdb14 leave ret -fcn_fffbd7ec: ; not directly referenced +fcn_fffbd7ce: ; not directly referenced push ebp mov ecx, 0xb mov ebp, esp sub esp, 0x10 mov eax, dword [ebp + 8] -movzx edx, byte [eax + 0x248e] +movzx edx, byte [eax + 0x248f] push 0x11 push 0 -call fcn_fffcd1ac ; call 0xfffcd1ac +call fcn_fffcdb14 ; call 0xfffcdb14 leave ret -fcn_fffbd80c: ; not directly referenced +fcn_fffbd7ee: ; not directly referenced push ebp mov ebp, esp push edi @@ -40307,35 +40275,35 @@ push esi push ebx sub esp, 0x3c mov dword [ebp - 0x1c], eax -mov eax, dword [eax + 0x5edc] +mov eax, dword [eax + 0x5edd] mov dword [ebp - 0x20], edx mov byte [ebp - 0x2a], cl mov dword [ebp - 0x24], eax lea eax, [ecx - 1] cmp al, 1 -jbe short loc_fffbd835 ; jbe 0xfffbd835 +jbe short loc_fffbd817 ; jbe 0xfffbd817 -loc_fffbd82e: ; not directly referenced +loc_fffbd810: ; not directly referenced xor esi, esi -jmp near loc_fffbdae8 ; jmp 0xfffbdae8 +jmp near loc_fffbdaca ; jmp 0xfffbdaca -loc_fffbd835: ; not directly referenced +loc_fffbd817: ; not directly referenced mov eax, dword [ebp - 0x1c] movzx ebx, cl dec cl mov edx, ebx mov ecx, 1 -movzx edi, byte [ebx + ref_fffd5f1c] ; movzx edi, byte [ebx - 0x2a0e4] +movzx edi, byte [ebx + ref_fffd58e0] ; movzx edi, byte [ebx - 0x2a720] sete byte [ebp - 0x28] add byte [ebp - 0x28], 8 -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 mov edx, ebx mov ebx, dword [ebp - 0x1c] xor ecx, ecx imul edi, edi, 0x240 movzx esi, ax mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +call fcn_fffaab72 ; call 0xfffaab72 add edi, dword [ebp - 0x20] mov dword [ebp - 0x38], edi movzx eax, ax @@ -40343,7 +40311,7 @@ add eax, esi xor esi, esi mov dword [ebp - 0x30], eax mov eax, ebx -add eax, 0x3756 +add eax, 0x3757 mov dword [ebp - 0x20], eax mov eax, dword [ebp - 0x24] sar dword [ebp - 0x30], 1 @@ -40354,19 +40322,19 @@ mov dword [ebp - 0x34], eax movzx eax, byte [ebp - 0x28] mov dword [ebp - 0x48], eax -loc_fffbd8a6: ; not directly referenced +loc_fffbd888: ; not directly referenced mov eax, dword [ebp - 0x20] cmp dword [eax], 2 -jne loc_fffbda64 ; jne 0xfffbda64 +jne loc_fffbda46 ; jne 0xfffbda46 imul eax, dword [ebp - 0x24], 9 mov byte [ebp - 0x29], 0 mov dword [ebp - 0x44], eax -loc_fffbd8bd: ; not directly referenced +loc_fffbd89f: ; not directly referenced mov ebx, dword [ebp - 0x1c] mov al, byte [ebp - 0x29] -cmp al, byte [ebx + 0x2488] -jae loc_fffbda64 ; jae 0xfffbda64 +cmp al, byte [ebx + 0x2489] +jae loc_fffbda46 ; jae 0xfffbda46 mov edi, dword [ebp - 0x20] xor ecx, ecx mov dword [ebp - 0x28], 0xffffffff @@ -40378,12 +40346,12 @@ mov eax, dword [ebp - 0x44] add eax, ebx lea edx, [edi + eax*8 + 4] -loc_fffbd8f3: ; not directly referenced +loc_fffbd8d5: ; not directly referenced mov edi, 1 shl edi, cl mov eax, edi test byte [ebp - 0x3c], al -je short loc_fffbd911 ; je 0xfffbd911 +je short loc_fffbd8f3 ; je 0xfffbd8f3 mov eax, dword [ebp - 0x28] mov edi, dword [edx] add edi, dword [edx - 4] @@ -40391,24 +40359,24 @@ cmp eax, edi cmovbe edi, eax mov dword [ebp - 0x28], edi -loc_fffbd911: ; not directly referenced +loc_fffbd8f3: ; not directly referenced inc ecx add edx, 0x90 cmp ecx, 4 -jne short loc_fffbd8f3 ; jne 0xfffbd8f3 +jne short loc_fffbd8d5 ; jne 0xfffbd8d5 mov eax, dword [ebp - 0x30] cmp dword [ebp - 0x28], eax -jbe loc_fffbda5c ; jbe 0xfffbda5c +jbe loc_fffbda3e ; jbe 0xfffbda3e movzx edi, byte [ebp - 0x29] xor esi, esi -loc_fffbd92f: ; not directly referenced +loc_fffbd911: ; not directly referenced mov edx, dword [ebp - 0x20] mov eax, 1 mov ecx, esi shl eax, cl test byte [edx + 0xc4], al -je short loc_fffbd964 ; je 0xfffbd964 +je short loc_fffbd946 ; je 0xfffbd946 push 0 push 0 push 1 @@ -40421,13 +40389,13 @@ push 0 push 0 push dword [ebp - 0x48] push dword [ebp - 0x1c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -loc_fffbd964: ; not directly referenced +loc_fffbd946: ; not directly referenced inc esi cmp esi, 4 -jne short loc_fffbd92f ; jne 0xfffbd92f +jne short loc_fffbd911 ; jne 0xfffbd911 mov eax, dword [ebp - 0x20] movzx edi, byte [ebp - 0x29] mov dword [ebp - 0x28], 0 @@ -40437,15 +40405,15 @@ add ebx, eax lea eax, [edi*4] mov dword [ebp - 0x3c], eax -loc_fffbd992: ; not directly referenced +loc_fffbd974: ; not directly referenced mov cl, byte [ebp - 0x28] mov eax, 1 shl eax, cl mov ecx, dword [ebp - 0x20] test byte [ecx + 0xc4], al -je loc_fffbda44 ; je 0xfffbda44 +je loc_fffbda26 ; je 0xfffbda26 cmp byte [ebp - 0x2a], 1 -jne short loc_fffbd9f0 ; jne 0xfffbd9f0 +jne short loc_fffbd9d2 ; jne 0xfffbd9d2 mov al, byte [esi + 0x24] xor edx, edx lea ecx, [eax - 9] @@ -40465,12 +40433,12 @@ mov edx, dword [ebp - 0x24] push 0 push 0xff push edi -call fcn_fffa7499 ; call 0xfffa7499 +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 mov eax, 0x40000000 -jmp short loc_fffbda3a ; jmp 0xfffbda3a +jmp short loc_fffbda1c ; jmp 0xfffbda1c -loc_fffbd9f0: ; not directly referenced +loc_fffbd9d2: ; not directly referenced mov dx, word [ebx + 0x48] mov eax, 0x1ff lea ecx, [edx + 9] @@ -40490,74 +40458,74 @@ mov eax, dword [ebp - 0x1c] push 0 push 0xff push edi -call fcn_fffa73b0 ; call 0xfffa73b0 +call fcn_fffa735e ; call 0xfffa735e add esp, 0x10 mov eax, 0x20000000 -loc_fffbda3a: ; not directly referenced +loc_fffbda1c: ; not directly referenced mov edx, dword [ebp - 0x34] mov ecx, dword [ebp - 0x3c] or dword [edx + ecx + 0x28], eax -loc_fffbda44: ; not directly referenced +loc_fffbda26: ; not directly referenced inc dword [ebp - 0x28] add esi, 9 add ebx, 0x12 cmp dword [ebp - 0x28], 4 -jne loc_fffbd992 ; jne 0xfffbd992 +jne loc_fffbd974 ; jne 0xfffbd974 mov esi, 1 -loc_fffbda5c: ; not directly referenced +loc_fffbda3e: ; not directly referenced inc byte [ebp - 0x29] -jmp near loc_fffbd8bd ; jmp 0xfffbd8bd +jmp near loc_fffbd89f ; jmp 0xfffbd89f -loc_fffbda64: ; not directly referenced +loc_fffbda46: ; not directly referenced inc dword [ebp - 0x24] add dword [ebp - 0x20], 0x13c3 add dword [ebp - 0x34], 0xcc cmp dword [ebp - 0x24], 2 -jne loc_fffbd8a6 ; jne 0xfffbd8a6 +jne loc_fffbd888 ; jne 0xfffbd888 test esi, esi -je loc_fffbd82e ; je 0xfffbd82e +je loc_fffbd810 ; je 0xfffbd810 mov edi, dword [ebp - 0x40] xor ebx, ebx -loc_fffbda8c: ; not directly referenced +loc_fffbda6e: ; not directly referenced imul eax, ebx, 0x13c3 mov edx, dword [ebp - 0x1c] -cmp dword [edx + eax + 0x3756], 2 -je short loc_fffbdaad ; je 0xfffbdaad +cmp dword [edx + eax + 0x3757], 2 +je short loc_fffbda8f ; je 0xfffbda8f -loc_fffbda9f: ; not directly referenced +loc_fffbda81: ; not directly referenced inc ebx add edi, 0xcc cmp ebx, 2 -je short loc_fffbdae8 ; je 0xfffbdae8 -jmp short loc_fffbda8c ; jmp 0xfffbda8c +je short loc_fffbdaca ; je 0xfffbdaca +jmp short loc_fffbda6e ; jmp 0xfffbda6e -loc_fffbdaad: ; not directly referenced +loc_fffbda8f: ; not directly referenced mov byte [ebp - 0x20], 0 -loc_fffbdab1: ; not directly referenced +loc_fffbda93: ; not directly referenced mov ecx, dword [ebp - 0x1c] mov al, byte [ebp - 0x20] -cmp al, byte [ecx + 0x2488] -jae short loc_fffbda9f ; jae 0xfffbda9f +cmp al, byte [ecx + 0x2489] +jae short loc_fffbda81 ; jae 0xfffbda81 movzx eax, byte [ebp - 0x20] mov edx, ebx mov ecx, eax mov dword [ebp - 0x24], eax mov eax, dword [ebp - 0x1c] -call fcn_fffa720e ; call 0xfffa720e +call fcn_fffa71bc ; call 0xfffa71bc mov edx, dword [ebp - 0x24] mov ecx, dword [edi + edx*4 + 0x28] mov edx, eax mov eax, dword [ebp - 0x1c] -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffb3381 ; call 0xfffb3381 inc byte [ebp - 0x20] -jmp short loc_fffbdab1 ; jmp 0xfffbdab1 +jmp short loc_fffbda93 ; jmp 0xfffbda93 -loc_fffbdae8: ; not directly referenced +loc_fffbdaca: ; not directly referenced lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -40566,1106 +40534,992 @@ pop edi pop ebp ret -fcn_fffbdaf2: ; not directly referenced +fcn_fffbdad4: ; not directly referenced push ebp -mov ecx, 0xa mov ebp, esp push edi push esi -mov esi, ref_fffd5900 ; mov esi, 0xfffd5900 push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x60] -mov byte [ebp - 0x67], 4 -mov byte [ebp - 0x66], 1 -mov eax, dword [ebx + 0x1887] -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -cmp eax, 0x306d0 -sete dl -cmp eax, 0x40650 -sete al -or dl, al -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -je loc_fffbdbdd ; je 0xfffbdbdd -mov cl, 1 -mov edx, 4 -mov eax, ebx -mov esi, 4 -call fcn_fffb13cf ; call 0xfffb13cf -mov edx, dword [ebp - 0x60] -mov ecx, 1 -cmp ax, dx -cmovae edx, eax -mov eax, ebx -mov word [ebp - 0x60], dx -mov edx, 1 -call fcn_fffb13cf ; call 0xfffb13cf -mov dx, word [ebp - 0x5e] -mov byte [ebp - 0x69], 1 -cmp ax, dx -cmovae edx, eax -cmp dword [ebx + 0x188b], 1 -mov word [ebp - 0x5e], dx +sub esp, 0x57c +mov ebx, dword [ebp + 0x10] +cmp byte [eax + 0x248c], 1 +mov dword [ebp - 0x50c], eax +mov dword [ebp - 0x574], ecx +mov dword [ebp - 0x53c], ebx +mov byte [ebp - 0x566], dl +mov byte [ebp - 0x535], cl +mov byte [ebp - 0x50e], bl +jne short loc_fffbdb36 ; jne 0xfffbdb36 +mov al, byte [eax + 0x248d] +lea edx, [eax + 4] +mov byte [ebp - 0x508], al +mov byte [ebp - 0x507], al +add eax, 2 +mov byte [ebp - 0x506], dl +mov byte [ebp - 0x505], al +jmp short loc_fffbdb52 ; jmp 0xfffbdb52 + +loc_fffbdb36: ; not directly referenced +mov byte [ebp - 0x508], 1 +mov byte [ebp - 0x507], 1 +mov byte [ebp - 0x506], 1 +mov byte [ebp - 0x505], 1 + +loc_fffbdb52: ; not directly referenced +mov ebx, dword [ebp - 0x53c] +mov al, bl +shr al, 4 +inc eax +mov byte [ebp - 0x520], al +cmp bl, 9 +je short loc_fffbdb85 ; je 0xfffbdb85 +cmp bl, 8 +je short loc_fffbdb95 ; je 0xfffbdb95 +cmp bl, 0xa sete al -lea eax, [eax + eax*4 + 7] -movsx edi, al +mov byte [ebp - 0x50d], al +shl eax, 2 +mov byte [ebp - 0x50f], al +jmp short loc_fffbdba3 ; jmp 0xfffbdba3 -loc_fffbdb9b: ; not directly referenced -mov al, byte [ebp - 0x69] -test byte [ebx + 0x248d], al -je short loc_fffbdbd7 ; je 0xfffbdbd7 -push eax -mov ecx, 3 -push 0 -push 0 -push 0xf -push edi -push 0 -lea eax, [ebp - 0x60] -push eax -lea eax, [ebp - 0x65] -push eax -push 2 -lea eax, [ebp - 0x67] -push eax -movzx eax, byte [ebp - 0x69] -push 5 -lea edx, [ebp - 0x56] -push eax -mov eax, ebx -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 +loc_fffbdb85: ; not directly referenced +mov byte [ebp - 0x50d], 1 +mov byte [ebp - 0x50f], 1 +jmp short loc_fffbdba3 ; jmp 0xfffbdba3 -loc_fffbdbd7: ; not directly referenced -shl byte [ebp - 0x69], 1 -dec esi -jne short loc_fffbdb9b ; jne 0xfffbdb9b +loc_fffbdb95: ; not directly referenced +mov byte [ebp - 0x50d], 1 +mov byte [ebp - 0x50f], 2 -loc_fffbdbdd: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffbdba3: ; not directly referenced +mov eax, dword [ebp - 0x53c] +cmp al, 0x21 +sete dl +cmp al, 0x11 +sete al +or dl, al +jne short loc_fffbdbca ; jne 0xfffbdbca +cmp byte [ebp - 0x53c], 5 +mov dword [ebp - 0x52c], 0 +jne short loc_fffbdbdc ; jne 0xfffbdbdc -fcn_fffbdbe7: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x60 -mov ebx, dword [ebp + 8] -mov byte [ebp - 0x67], 4 -lea esi, [ebp - 0x60] -mov byte [ebp - 0x66], 1 -mov byte [ebp - 0x65], 1 -mov edi, dword [ebx + 0x2443] -push 0 -push 8 -mov eax, dword [ebx + 0x5edc] -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -add eax, 0x1bc -push eax -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -call dword [edi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 5 -push esi -call dword [edi + 0x60] ; ucall -movzx edx, byte [ebp - 0x67] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x66] -mov ecx, 1 -mov word [ebp - 0x60], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -add esp, 0x10 -cmp dword [ebx + 0x188b], 1 -mov word [ebp - 0x5e], ax -jne short loc_fffbdc82 ; jne 0xfffbdc82 -mov eax, ebx -call fcn_fffa9b8c ; call 0xfffa9b8c -mov eax, 8 -mov edx, 0x2f -add word [ebp - 0x5e], 0x28 -jmp short loc_fffbdc89 ; jmp 0xfffbdc89 +loc_fffbdbca: ; not directly referenced +mov al, byte [ebp - 0x50d] +xor eax, 1 +movzx eax, al +mov dword [ebp - 0x52c], eax -loc_fffbdc82: ; not directly referenced -xor eax, eax -mov edx, 7 +loc_fffbdbdc: ; not directly referenced +lea eax, [ebp - 0x4e0] +xor edi, edi +mov dword [ebp - 0x51c], eax +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x514], eax +movzx eax, byte [ebp - 0x566] +mov dword [ebp - 0x518], eax -loc_fffbdc89: ; not directly referenced -push ecx -mov ecx, 3 -push 0 -push 0 -push 0xf -push edx -push eax -push esi -lea eax, [ebp - 0x65] -push eax -push 2 -lea eax, [ebp - 0x67] -push eax -mov eax, ebx -push 6 -lea edx, [ebp - 0x56] -push 0xf -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x28 -mov eax, ebx -push 0 -mov ecx, 3 -push 0xf -push 0 -push 0 -push 0 -lea edx, [ebx + 0x2490] -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffbdc00: ; not directly referenced +mov eax, dword [ebp - 0x518] +bt eax, edi +jb short loc_fffbdc6b ; jb 0xfffbdc6b -fcn_fffbdcd9: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x140 -mov edi, dword [ebp + 8] -mov dword [ebp - 0xe4], 1 -mov dword [ebp - 0xe0], 1 -mov eax, dword [edi + 0x2443] -mov ebx, dword [edi + 0x5edc] -mov esi, eax -mov dword [ebp - 0x110], eax -mov eax, dword [edi + 0x1887] -mov dword [ebp - 0x108], eax -mov eax, dword [edi + 0x1883] -push 0 -push 0x10 -mov dword [ebp - 0x100], eax -lea eax, [ebp - 0xc8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 1 -push 3 -lea eax, [ebp - 0xee] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -cmp dword [edi + 0x2480], 2 -mov byte [ebp - 0xf1], 0xfc -mov byte [ebp - 0xf0], 4 -mov byte [ebp - 0xef], 0 -jne loc_fffbe4d2 ; jne 0xfffbe4d2 -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x100], eax -mov eax, dword [edi + 0x2443] -mov esi, eax -mov dword [ebp - 0x110], eax -push eax -push 0 -push 0x10 -lea eax, [ebp - 0xb8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 1 -push 3 -lea eax, [ebp - 0xe8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0x10 -xor eax, eax -mov byte [ebp - 0xeb], 0xfc -mov byte [ebp - 0xea], 4 -mov byte [ebp - 0xe9], 0 +loc_fffbdc0b: ; not directly referenced +inc edi +add dword [ebp - 0x514], 0x48 +add dword [ebp - 0x51c], 0x24 +cmp edi, 2 +jne short loc_fffbdc00 ; jne 0xfffbdc00 +mov eax, dword [ebp - 0x518] +mov byte [ebp - 0x510], 0 +mov dword [ebp - 0x514], 0 +sar eax, 1 +mov dword [ebp - 0x564], eax +movzx eax, byte [ebp - 0x50d] +and dword [ebp - 0x564], 1 +shl eax, 2 +mov dword [ebp - 0x560], eax +movzx eax, byte [ebp - 0x520] +mov dword [ebp - 0x57c], eax +dec eax +mov dword [ebp - 0x580], eax +jmp short loc_fffbdcae ; jmp 0xfffbdcae -loc_fffbddc8: ; not directly referenced -mov byte [ebp + eax - 0xd4], al -inc eax -cmp eax, 9 -jne short loc_fffbddc8 ; jne 0xfffbddc8 -mov ecx, 1 -mov edx, 5 -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -xor ecx, ecx -mov edx, 5 -lea ebx, [edi + 0x2b50] -mov word [ebp - 0x138], ax -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -sub esp, 0xc -mov ecx, 0x11 -mov word [ebp - 0x13c], ax -movzx eax, byte [edi + 0x248e] -push 0 -mov edx, eax -mov dword [ebp - 0x10c], eax -mov eax, edi -call fcn_fffb26ca ; call 0xfffb26ca -mov al, byte [ebp - 0xe7] -mov ecx, 2 -mov byte [ebp - 0x11c], al -mov al, byte [ebp - 0xe8] -add byte [ebp - 0x11c], al -mov al, byte [ebp - 0xe6] -add byte [ebp - 0x11c], al -lea eax, [edi + 0x2490] -mov dword [ebp - 0x140], eax -mov edx, eax -mov eax, edi -call fcn_fffa66dd ; call 0xfffa66dd -add esp, 0x10 +loc_fffbdc6b: ; not directly referenced +mov eax, dword [ebp - 0x50c] xor ecx, ecx +mov esi, dword [ebp - 0x514] +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x524], al -loc_fffbde6b: ; not directly referenced -mov eax, dword [ebp - 0x10c] -mov dword [ebp + ecx*4 - 0xdc], 0 -bt eax, ecx -jae short loc_fffbdea3 ; jae 0xfffbdea3 -mov eax, dword [ebx + 4] -mov esi, 0x14 +loc_fffbdc85: ; not directly referenced +cmp byte [ebp - 0x524], cl +jbe loc_fffbdc0b ; jbe 0xfffbdc0b +mov eax, dword [esi + 4] +mov ebx, 0x14 xor edx, edx -add eax, dword [ebx] -div esi -mov si, 0xc -lea edx, [eax - 1] -cmp edx, 0xb -cmova eax, esi -mov dword [ebp + ecx*4 - 0xdc], eax - -loc_fffbdea3: ; not directly referenced +add eax, dword [esi] +add esi, 8 +div ebx +mov ebx, dword [ebp - 0x51c] +mov dword [ebx + ecx*4], eax inc ecx -add ebx, 0x48 -cmp ecx, 2 -jne short loc_fffbde6b ; jne 0xfffbde6b -push eax -push 0 -push 0x80 -lea eax, [ebp - 0x98] -push eax -mov eax, dword [ebp - 0x110] -call dword [eax + 0x5c] ; ucall -mov eax, dword [ebp - 0x100] -add esp, 0x10 -mov dword [ebp - 0xfc], 0 -add eax, 0x70 -mov dword [ebp - 0x134], eax +jmp short loc_fffbdc85 ; jmp 0xfffbdc85 -loc_fffbdee0: ; not directly referenced +loc_fffbdcae: ; not directly referenced +mov esi, dword [ebp - 0x514] +mov eax, esi +mov byte [ebp - 0x565], al +lea eax, [esi + esi - 1] xor esi, esi +mov dword [ebp - 0x540], eax +mov eax, dword [ebp + 8] +mov dword [ebp - 0x520], eax +movzx eax, byte [ebp - 0x535] +mov dword [ebp - 0x534], eax +movzx eax, byte [ebp - 0x50f] +mov dword [ebp - 0x558], eax -loc_fffbdee2: ; not directly referenced -mov eax, dword [ebp - 0x10c] +loc_fffbdceb: ; not directly referenced +mov eax, dword [ebp - 0x518] bt eax, esi -jb short loc_fffbdef7 ; jb 0xfffbdef7 - -loc_fffbdeed: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffbdee2 ; jne 0xfffbdee2 -xor esi, esi -jmp short loc_fffbdf4c ; jmp 0xfffbdf4c - -loc_fffbdef7: ; not directly referenced -mov eax, dword [ebp - 0xfc] -mov ecx, 0xc -xor ebx, ebx -movsx eax, byte [ebp + eax - 0xeb] -imul eax, dword [ebp + esi*4 - 0xdc] -cdq -idiv ecx -mov dword [ebp - 0x100], eax +jae loc_fffbde70 ; jae 0xfffbde70 +lea eax, [esi + esi*8] +lea edi, [ebp - 0x18] +add edi, eax +mov dword [ebp - 0x528], eax +mov byte [ebp - 0x524], 0x7f +mov byte [ebp - 0x51c], 0 +mov dword [ebp - 0x530], eax +mov dword [ebp - 0x55c], edi +jmp near loc_fffbde58 ; jmp 0xfffbde58 -loc_fffbdf1d: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffbdeed ; jae 0xfffbdeed +loc_fffbdd27: ; not directly referenced +movzx ebx, byte [ebp - 0x51c] +mov eax, dword [ebp - 0x55c] +movzx edi, byte [ebp - 0x50e] +add eax, ebx +mov byte [eax - 0x4da], 0 +mov byte [eax - 0x4ec], 0 +mov eax, dword [ebp - 0x530] +lea ecx, [eax + ebx] +mov eax, dword [ebp + ecx*4 - 0x4e0] +shl ecx, 5 +lea edx, [eax - 2] +mov dword [ebp + ecx - 0x498], edx +lea ecx, [edi - 8] +cmp cl, 1 +ja loc_fffbde89 ; ja 0xfffbde89 push 1 -movzx eax, bl push 0 -inc ebx -push 1 push 0 -push eax push 0 +push ebx +push dword [ebp - 0x534] +imul edx, dword [ebp - 0x540] push esi push 0 push 0 -push dword [ebp - 0x100] -push 2 -push edi -call fcn_fffcc900 ; call 0xfffcc900 +push edx + +loc_fffbdd90: ; not directly referenced +push dword [ebp - 0x558] +push dword [ebp - 0x50c] +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -jmp short loc_fffbdf1d ; jmp 0xfffbdf1d -loc_fffbdf4c: ; not directly referenced -mov eax, dword [ebp - 0x134] -mov ecx, esi -xor ebx, ebx -mov dword [ebp - 0x100], 1 -shl dword [ebp - 0x100], cl -mov dword [ebp - 0x108], eax -mov byte [ebp - 0x104], 0 +loc_fffbdda4: ; not directly referenced +cmp byte [ebp - 0x50d], 0 +jne loc_fffbdeba ; jne 0xfffbdeba -loc_fffbdf73: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbdfb5 ; jne 0xfffbdfb5 -mov ecx, dword [ebp - 0x100] -mov edx, ebx +loc_fffbddb1: ; not directly referenced +cmp dword [ebp - 0x52c], 0 +je short loc_fffbddec ; je 0xfffbddec +add ebx, dword [ebp - 0x530] +mov edi, dword [ebp - 0x524] +shl ebx, 5 +mov eax, dword [ebp + ebx - 0x498] +mov ecx, edi +movzx edx, cl +cmp eax, edx +cmovb edi, eax mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x104], al -push eax -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x108] -call dword [eax + 0x64] ; ucall -add esp, 0x10 +mov byte [ebp - 0x524], al +movzx eax, al +mov dword [ebp + ebx - 0x498], eax -loc_fffbdfb5: ; not directly referenced -inc ebx -add dword [ebp - 0x108], 0xcc -cmp ebx, 2 -jne short loc_fffbdf73 ; jne 0xfffbdf73 -push ecx -mov edx, dword [ebp - 0x140] -push ecx -movzx ecx, byte [ebp - 0x104] -lea eax, [ebp - 0xb8] -push eax -push 0x25 -lea eax, [ebp - 0xd4] -push eax -mov eax, edi -push 5 -push 0 -push esi -inc esi -call fcn_fffd13ed ; call 0xfffd13ed -add esp, 0x20 -cmp esi, 2 -jne loc_fffbdf4c ; jne 0xfffbdf4c -lea eax, [ebp - 0xa8] -xor esi, esi -mov dword [ebp - 0x130], eax -lea eax, [ebp - 0x98] -mov dword [ebp - 0x128], eax +loc_fffbddec: ; not directly referenced +movzx eax, byte [ebp - 0x51c] +mov edi, dword [ebp - 0x528] +lea edx, [eax + edi] +shl edx, 5 +lea ebx, [ebp + edx - 0x258] +mov dword [ebp - 0x544], ebx +mov ebx, dword [ebp - 0x520] +shl eax, 4 +add eax, dword [ebp - 0x514] +lea edi, [ebp + edx - 0x498] +xor edx, edx +lea eax, [ebx + eax*4] +mov dword [ebp - 0x548], eax +xor eax, eax -loc_fffbe017: ; not directly referenced -mov eax, dword [ebp - 0x10c] -bt eax, esi -jb short loc_fffbe03b ; jb 0xfffbe03b +loc_fffbde2f: ; not directly referenced +mov ebx, dword [edi + edx] +mov ecx, dword [ebp - 0x544] +add edx, dword [ebp - 0x560] +mov dword [ecx + eax], ebx +mov ecx, dword [ebp - 0x548] +mov dword [ecx + eax*2], ebx +add eax, 4 +cmp eax, 0x20 +jne short loc_fffbde2f ; jne 0xfffbde2f +inc byte [ebp - 0x51c] -loc_fffbe022: ; not directly referenced +loc_fffbde58: ; not directly referenced +mov edi, dword [ebp - 0x50c] +mov al, byte [ebp - 0x51c] +cmp al, byte [edi + 0x2489] +jb loc_fffbdd27 ; jb 0xfffbdd27 + +loc_fffbde70: ; not directly referenced inc esi -add dword [ebp - 0x128], 0x40 -add dword [ebp - 0x130], 8 +add dword [ebp - 0x520], 0x240 cmp esi, 2 -jne short loc_fffbe017 ; jne 0xfffbe017 -jmp near loc_fffbe1ed ; jmp 0xfffbe1ed +jne loc_fffbdceb ; jne 0xfffbdceb +jmp near loc_fffbe05b ; jmp 0xfffbe05b -loc_fffbe03b: ; not directly referenced -imul edx, esi, 0x13c3 -mov ebx, dword [ebp - 0x130] -mov ecx, dword [ebp - 0x128] -mov dword [ebp - 0x108], 0 -mov al, byte [edi + edx + 0x381a] -lea edx, [edi + edx + 0x49c1] -mov dword [ebp - 0x100], ebx -mov dword [ebp - 0x12c], ecx -mov dword [ebp - 0x120], edx -mov byte [ebp - 0x141], al -imul eax, esi, 0x48 -add eax, edi +loc_fffbde89: ; not directly referenced +cmp byte [ebp - 0x50e], 0xa +jne loc_fffbdda4 ; jne 0xfffbdda4 +push 1 +add eax, 2 +push 0 +push 0 +push 0 +push ebx +push dword [ebp - 0x534] +imul eax, dword [ebp - 0x540] +push esi +push 0 +push 0 +push eax +jmp near loc_fffbdd90 ; jmp 0xfffbdd90 -loc_fffbe082: ; not directly referenced -mov cl, byte [ebp - 0x108] -mov edx, 1 -shl edx, cl -test byte [ebp - 0x141], dl -jne short loc_fffbe0c5 ; jne 0xfffbe0c5 +loc_fffbdeba: ; not directly referenced +movzx eax, byte [ebp - 0x51c] +mov edi, dword [ebp - 0x520] +mov edx, eax +add eax, dword [ebp - 0x528] +shl edx, 4 +add edx, dword [ebp - 0x514] +shl eax, 5 +lea eax, [ebp + eax - 0x498] +mov dword [ebp - 0x544], eax +lea edi, [edi + edx*4] +xor eax, eax -loc_fffbe097: ; not directly referenced -inc dword [ebp - 0x108] -add eax, 0x90 -add dword [ebp - 0x120], 0x18 -add dword [ebp - 0x12c], 0x20 -add dword [ebp - 0x100], 4 -cmp dword [ebp - 0x108], 2 -jne short loc_fffbe082 ; jne 0xfffbe082 -jmp near loc_fffbe022 ; jmp 0xfffbe022 +loc_fffbdeed: ; not directly referenced +mov edx, dword [edi + eax*2] +mov ecx, 0xf +cmp edx, 0xf +cmova edx, ecx +mov ecx, dword [ebp - 0x544] +mov dword [ecx + eax], edx +add eax, 4 +cmp eax, 0x20 +jne short loc_fffbdeed ; jne 0xfffbdeed +jmp near loc_fffbddb1 ; jmp 0xfffbddb1 -loc_fffbe0c5: ; not directly referenced -cmp byte [ebp - 0xfc], 0 -jne short loc_fffbe0da ; jne 0xfffbe0da -mov ebx, dword [ebp - 0x100] -mov dword [ebx], 0xffffffff +loc_fffbdf11: ; not directly referenced +inc al +je loc_fffbe650 ; je 0xfffbe650 +mov eax, dword [ebp - 0x50c] +mov ecx, 4 +mov edx, 0x4800 +call fcn_fffb335b ; call 0xfffb335b +mov dword [ebp - 0x520], 0 -loc_fffbe0da: ; not directly referenced -mov dl, byte [edi + 0x2488] -mov byte [ebp - 0x124], dl -xor edx, edx +loc_fffbdf38: ; not directly referenced +mov eax, dword [ebp - 0x57c] +cmp dword [ebp - 0x520], eax +jae loc_fffbdfe6 ; jae 0xfffbdfe6 +mov al, byte [ebp - 0x510] +xor ebx, ebx +and eax, 1 +mov byte [ebp - 0x558], al -loc_fffbe0e8: ; not directly referenced -cmp byte [ebp - 0x124], dl -jbe short loc_fffbe116 ; jbe 0xfffbe116 -mov ebx, dword [ebp - 0x100] -mov ecx, dword [eax + edx*8 + 0x2914] -cmp dword [eax + edx*8 + 0x2910], ecx -cmovbe ecx, dword [eax + edx*8 + 0x2910] -cmp ecx, dword [ebx] -cmova ecx, dword [ebx] -inc edx -mov dword [ebx], ecx -jmp short loc_fffbe0e8 ; jmp 0xfffbe0e8 +loc_fffbdf5b: ; not directly referenced +mov eax, dword [ebp - 0x518] +bt eax, ebx +jb loc_fffbe0d6 ; jb 0xfffbe0d6 -loc_fffbe116: ; not directly referenced -xor edx, edx +loc_fffbdf6a: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffbdf5b ; jne 0xfffbdf5b +mov esi, dword [ebp - 0x50c] +xor eax, eax +mov edi, dword [ebp - 0x520] +push edx +mov edx, dword [ebp - 0x518] +movzx ecx, byte [esi + 0x248c] +test edi, edi +push 0 +sete al +push eax +lea eax, [ebp - 0x508] +push eax +mov eax, esi +call fcn_fffaa5b3 ; call 0xfffaa5b3 +mov eax, dword [ebp - 0x580] +add esp, 0x10 +cmp edi, eax +jae loc_fffbe273 ; jae 0xfffbe273 +mov eax, dword [ebp - 0x50c] +xor edi, edi +mov cl, 1 +mov al, byte [eax + 0x3749] +mov byte [ebp - 0x51c], al -loc_fffbe118: ; not directly referenced -mov ecx, dword [ebp - 0x120] -movzx ecx, byte [ecx + edx + 0x10] +loc_fffbdfc9: ; not directly referenced +mov eax, dword [ebp - 0x518] +bt eax, edi +jb loc_fffbe1fd ; jb 0xfffbe1fd + +loc_fffbdfd8: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffbdfc9 ; jne 0xfffbdfc9 test cl, cl -je loc_fffbe097 ; je 0xfffbe097 -mov dword [ebp - 0x104], 0 -mov dword [ebp - 0x118], 0xffffffff -mov dword [ebp - 0x114], 0xffffffff +je loc_fffbe273 ; je 0xfffbe273 -loc_fffbe149: ; not directly referenced -mov bl, byte [ebp - 0x104] -cmp byte [ebp - 0x124], bl -jbe short loc_fffbe1ac ; jbe 0xfffbe1ac -mov ebx, dword [ebp - 0x104] -bt ecx, ebx -jae short loc_fffbe1a4 ; jae 0xfffbe1a4 -mov dword [ebp - 0x148], edx -mov edx, dword [ebp - 0x114] -cmp edx, dword [eax + ebx*8 + 0x2910] -cmova edx, dword [eax + ebx*8 + 0x2910] -mov dword [ebp - 0x114], edx -mov edx, dword [ebp - 0x118] -cmp edx, dword [eax + ebx*8 + 0x2914] -cmova edx, dword [eax + ebx*8 + 0x2914] -mov dword [ebp - 0x118], edx -mov edx, dword [ebp - 0x148] +loc_fffbdfe6: ; not directly referenced +lea eax, [ebp - 0x498] +mov dword [ebp - 0x530], eax +mov eax, dword [ebp + 8] +mov dword [ebp - 0x534], 0 +mov dword [ebp - 0x51c], 0 +mov dword [ebp - 0x55c], eax +movzx eax, byte [ebp - 0x535] +mov dword [ebp - 0x578], eax -loc_fffbe1a4: ; not directly referenced -inc dword [ebp - 0x104] -jmp short loc_fffbe149 ; jmp 0xfffbe149 +loc_fffbe01c: ; not directly referenced +mov eax, dword [ebp - 0x518] +mov esi, dword [ebp - 0x51c] +bt eax, esi +jb loc_fffbe27e ; jb 0xfffbe27e -loc_fffbe1ac: ; not directly referenced -mov ecx, dword [ebp - 0xfc] -movzx ebx, byte [ebp + ecx - 0xe8] -mov ecx, dword [ebp - 0x118] -sub ecx, dword [ebp - 0x114] -mov dword [ebp - 0x104], ebx -mov ebx, dword [ebp - 0x104] -imul ebx, ecx -mov ecx, dword [ebp - 0x12c] -add dword [ecx + edx*4], ebx +loc_fffbe031: ; not directly referenced +inc dword [ebp - 0x51c] +add dword [ebp - 0x530], 0x120 +add dword [ebp - 0x55c], 0x240 +add dword [ebp - 0x534], 9 +cmp dword [ebp - 0x51c], 2 +jne short loc_fffbe01c ; jne 0xfffbe01c + +loc_fffbe05b: ; not directly referenced +mov al, 0xff +test byte [ebp - 0x566], 1 +je short loc_fffbe08b ; je 0xfffbe08b +mov esi, dword [ebp - 0x50c] +xor edx, edx +mov cl, byte [esi + 0x2489] + +loc_fffbe074: ; not directly referenced +cmp cl, dl +jbe short loc_fffbe08b ; jbe 0xfffbe08b +mov bl, byte [ebp + edx - 0x504] +and bl, byte [ebp + edx - 0x4f2] inc edx -cmp edx, 8 -jne loc_fffbe118 ; jne 0xfffbe118 -jmp near loc_fffbe097 ; jmp 0xfffbe097 +and eax, ebx +jmp short loc_fffbe074 ; jmp 0xfffbe074 -loc_fffbe1ed: ; not directly referenced -inc dword [ebp - 0xfc] -cmp dword [ebp - 0xfc], 3 -jne loc_fffbdee0 ; jne 0xfffbdee0 -movzx edx, word [ebp - 0x138] -movzx eax, word [ebp - 0x13c] -mov dword [ebp - 0x120], edi -mov dword [ebp - 0xfc], 0 -add eax, edx -mov dword [ebp - 0x12c], eax -movsx eax, byte [ebp - 0x11c] -sar dword [ebp - 0x12c], 2 -imul esi, eax, 0xa -imul eax, eax, 0x14 -mov dword [ebp - 0x138], esi -mov dword [ebp - 0x13c], eax -mov eax, dword [ebp - 0x134] -mov dword [ebp - 0x130], eax -lea eax, [edi + 0x49c1] -mov dword [ebp - 0x114], eax -lea eax, [ebp - 0xa8] -mov dword [ebp - 0x11c], eax -lea eax, [ebp - 0x98] -mov dword [ebp - 0x124], eax +loc_fffbe08b: ; not directly referenced +cmp dword [ebp - 0x564], 0 +je loc_fffbdf11 ; je 0xfffbdf11 +mov edi, dword [ebp - 0x50c] +lea esi, [ebp - 0x504] +mov cl, byte [edi + 0x2489] +lea edi, [ebp - 0x4f2] +mov edx, edi +mov byte [ebp - 0x51c], cl -loc_fffbe276: ; not directly referenced -mov eax, dword [ebp - 0x10c] -mov esi, dword [ebp - 0xfc] -bt eax, esi -jae loc_fffbe491 ; jae 0xfffbe491 -mov eax, dword [ebp - 0x114] -mov dword [ebp - 0x100], 0 -lea esi, [eax - 0x126b] -mov dword [ebp - 0x134], esi -mov esi, dword [ebp - 0x120] -mov dword [ebp - 0x108], eax -mov dword [ebp - 0x128], esi -mov esi, dword [ebp - 0x124] +loc_fffbe0b8: ; not directly referenced +mov bl, dl +mov ecx, edi +inc esi +sub ebx, ecx +cmp bl, byte [ebp - 0x51c] +jae loc_fffbdf11 ; jae 0xfffbdf11 +mov bl, byte [edx + 9] +inc edx +and bl, byte [esi + 8] +and eax, ebx +jmp short loc_fffbe0b8 ; jmp 0xfffbe0b8 -loc_fffbe2bf: ; not directly referenced -mov ebx, dword [ebp - 0x114] -mov cl, byte [ebp - 0x100] -mov dword [ebp - 0x104], 1 -shl dword [ebp - 0x104], cl -mov al, byte [ebp - 0x104] -test byte [ebx - 0x11a7], al -je loc_fffbe44d ; je 0xfffbe44d -mov eax, dword [ebp - 0x108] -mov ebx, dword [ebp - 0x11c] -mov edx, dword [ebp - 0x100] -mov ecx, dword [ebp - 0x12c] -mov ax, word [eax + 0xc] -or al, 0x80 -cmp dword [ebx + edx*4], ecx -jbe short loc_fffbe33b ; jbe 0xfffbe33b -imul edx, edx, 0x70 -mov ebx, dword [ebp - 0x134] -and eax, 0xffffff80 -or eax, 0xd -mov word [ebx + edx + 0x109f], ax -mov ebx, dword [ebp - 0x108] -mov word [ebx + 0xc], ax -movzx eax, ax -push edx -push edx -push eax -push 6 -jmp short loc_fffbe397 ; jmp 0xfffbe397 +loc_fffbe0d6: ; not directly referenced +mov eax, dword [ebp - 0x518] +lea ecx, [ebx + 1] +mov byte [ebp - 0x51c], 0 +sar eax, cl +mov dword [ebp - 0x528], eax +lea eax, [ebx + ebx*8] +mov dword [ebp - 0x530], eax -loc_fffbe33b: ; not directly referenced -mov eax, dword [ebp - 0x108] -xor ebx, ebx -mov ecx, dword [ebp - 0x104] -mov edx, dword [ebp - 0xfc] -mov ax, word [eax + 6] -mov word [ebp - 0x118], ax -or word [ebp - 0x118], 0x10 -push eax -push eax -movzx eax, word [ebp - 0x118] -push eax -mov eax, edi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 +loc_fffbe0f7: ; not directly referenced +mov esi, dword [ebp - 0x50c] +mov al, byte [ebp - 0x51c] +cmp al, byte [esi + 0x2489] +jae loc_fffbdf6a ; jae 0xfffbdf6a +cmp byte [ebp - 0x50d], 0 +movzx eax, byte [ebp - 0x51c] +je short loc_fffbe19e ; je 0xfffbe19e +add eax, dword [ebp - 0x530] +xor ecx, ecx +mov dl, byte [ebp - 0x565] +shl eax, 5 +lea eax, [ebp + eax - 0x498] +xor edx, 1 +mov dword [ebp - 0x524], eax +xor eax, eax +mov byte [ebp - 0x534], dl -loc_fffbe378: ; not directly referenced -mov eax, dword [ebp - 0x108] -movzx ecx, byte [eax + ebx + 0x10] -test cl, cl -jne short loc_fffbe3b2 ; jne 0xfffbe3b2 +loc_fffbe148: ; not directly referenced +cmp byte [ebp - 0x50e], 9 +sete dl +test byte [ebp - 0x558], dl +jne short loc_fffbe16c ; jne 0xfffbe16c +cmp byte [ebp - 0x50e], 9 +setne dl +test byte [ebp - 0x534], dl +je short loc_fffbe17c ; je 0xfffbe17c -loc_fffbe387: ; not directly referenced -mov eax, dword [ebp - 0x118] -push ebx -push ebx -and eax, 0xffef -push eax -push 3 +loc_fffbe16c: ; not directly referenced +mov esi, dword [ebp - 0x524] +mov edi, 0xf +sub edi, dword [esi + ecx] +jmp short loc_fffbe185 ; jmp 0xfffbe185 -loc_fffbe397: ; not directly referenced -mov ecx, dword [ebp - 0x104] -mov eax, edi -mov edx, dword [ebp - 0xfc] -call fcn_fffafd52 ; call 0xfffafd52 -add esp, 0x10 -jmp near loc_fffbe44d ; jmp 0xfffbe44d +loc_fffbe17c: ; not directly referenced +mov edi, dword [ebp - 0x524] +mov edi, dword [edi + ecx] -loc_fffbe3b2: ; not directly referenced -mov edx, dword [esi + ebx*4] -mov dword [ebp - 0x140], ecx -mov eax, edx -sar eax, 0x1f -or eax, 1 -movsx eax, al -imul eax, dword [ebp - 0x138] +loc_fffbe185: ; not directly referenced +cmp edi, 0xf +mov esi, 0xf +cmovbe esi, edi +shl esi, cl +add ecx, 4 +or eax, esi +cmp ecx, 0x20 +jne short loc_fffbe148 ; jne 0xfffbe148 +jmp short loc_fffbe1b6 ; jmp 0xfffbe1b6 + +loc_fffbe19e: ; not directly referenced +lea edx, [ebx + ebx*8] +mov esi, dword [ebp - 0x540] add eax, edx -cdq -idiv dword [ebp - 0x13c] -mov dword [esi + ebx*4], eax -push 2 -push 0 +shl eax, 5 +imul esi, dword [ebp + eax - 0x498] +mov eax, esi + +loc_fffbe1b6: ; not directly referenced push 1 +movzx edx, byte [ebp - 0x51c] +push dword [ebp - 0x528] push 0 -push ecx -push dword [ebp - 0x100] -push dword [ebp - 0xfc] push 0 +push edx +movzx edx, byte [ebp - 0x535] +push edx +push ebx push 0 +push dword [ebp - 0x520] push eax -push 5 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov al, byte [edi + 0x2488] +movzx eax, byte [ebp - 0x50e] +push eax +push dword [ebp - 0x50c] +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -mov byte [ebp - 0x141], al -xor eax, eax - -loc_fffbe40c: ; not directly referenced -cmp byte [ebp - 0x141], al -jbe short loc_fffbe43e ; jbe 0xfffbe43e -mov edx, dword [ebp - 0x140] -bt edx, eax -jae short loc_fffbe43b ; jae 0xfffbe43b -mov edx, dword [ebp - 0x128] -imul ecx, dword [esi + ebx*4], 0xa -add dword [edx + eax*8 + 0x2910], ecx -imul ecx, dword [esi + ebx*4], 0xfffffff6 -add dword [edx + eax*8 + 0x2914], ecx +inc byte [ebp - 0x51c] +jmp near loc_fffbe0f7 ; jmp 0xfffbe0f7 -loc_fffbe43b: ; not directly referenced +loc_fffbe1fd: ; not directly referenced +mov ebx, dword [ebp - 0x50c] +mov esi, edi +shl esi, 0xa +lea edx, [esi + 0x40e0] +mov dword [ebp - 0x528], ecx +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +lea edx, [esi + 0x40e4] +mov dword [ebp - 0x524], eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x528] inc eax -jmp short loc_fffbe40c ; jmp 0xfffbe40c - -loc_fffbe43e: ; not directly referenced -inc ebx -cmp ebx, 8 -jne loc_fffbe378 ; jne 0xfffbe378 -jmp near loc_fffbe387 ; jmp 0xfffbe387 +sete bl +cmp dword [ebp - 0x524], 0xffffffff +sete al +and ebx, eax +and ebx, ecx +mov ecx, 1 +cmp byte [ebp - 0x51c], 0 +je short loc_fffbe26c ; je 0xfffbe26c +mov eax, dword [ebp - 0x50c] +lea edx, [esi + 0x40e8] +call fcn_fffb331f ; call 0xfffb331f +xor ecx, ecx +inc al +sete cl -loc_fffbe44d: ; not directly referenced -inc dword [ebp - 0x100] -add esi, 0x20 -add dword [ebp - 0x108], 0x18 -add dword [ebp - 0x128], 0x90 -cmp dword [ebp - 0x100], 2 -jne loc_fffbe2bf ; jne 0xfffbe2bf -push ecx -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x130] -call dword [eax + 0x64] ; ucall -add esp, 0x10 +loc_fffbe26c: ; not directly referenced +and ecx, ebx +jmp near loc_fffbdfd8 ; jmp 0xfffbdfd8 -loc_fffbe491: ; not directly referenced -inc dword [ebp - 0xfc] -add dword [ebp - 0x130], 0xcc -add dword [ebp - 0x114], 0x13c3 -add dword [ebp - 0x124], 0x40 -add dword [ebp - 0x120], 0x48 -add dword [ebp - 0x11c], 8 -cmp dword [ebp - 0xfc], 2 -jne loc_fffbe276 ; jne 0xfffbe276 -jmp near loc_fffbea01 ; jmp 0xfffbea01 +loc_fffbe273: ; not directly referenced +inc dword [ebp - 0x520] +jmp near loc_fffbdf38 ; jmp 0xfffbdf38 -loc_fffbe4d2: ; not directly referenced -mov ecx, 1 -mov edx, 5 +loc_fffbe27e: ; not directly referenced +mov esi, dword [ebp - 0x51c] +mov edi, dword [ebp - 0x50c] +mov ebx, esi +shl ebx, 0xa mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -xor ecx, ecx -mov edx, 5 -mov word [ebp - 0x118], ax +lea edx, [ebx + 0x40e0] +call fcn_fffb331f ; call 0xfffb331f +lea edx, [ebx + 0x40e4] +mov dword [ebp - 0x56c], eax mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -mov word [ebp - 0x11c], ax -mov al, byte [ebx + 0x15] -shr al, 6 -movzx edx, al -movzx eax, byte [ebx + 0x16] -and eax, 0x1f -shl eax, 2 -or eax, edx -mov esi, eax -mov dl, al -or edx, 0xffffff80 -shr esi, 6 -cmove edx, eax -mov byte [ebp - 0xeb], dl -mov cl, byte [ebx + 0x14] -movsx dx, dl -movzx eax, byte [ebx + 0x15] -lea edx, [edx + edx*4] -shr cl, 7 -and eax, 0x3f -movzx ecx, cl -add eax, eax -or eax, ecx -mov esi, eax -mov cl, al -or ecx, 0xffffff80 -shr esi, 6 -cmove ecx, eax -add edx, edx -mov byte [ebp - 0xea], cl -movsx cx, cl -sub esp, 0xc -mov word [ebp - 0xe8], dx -movzx edx, byte [edi + 0x248e] -lea ecx, [ecx + ecx*4] -add ecx, ecx +call fcn_fffb331f ; call 0xfffb331f +lea edx, [ebx + 0x40e8] +mov dword [ebp - 0x570], eax mov eax, edi -mov word [ebp - 0xe6], cx -mov ecx, 0x11 -push 0 -call fcn_fffb26ca ; call 0xfffb26ca -mov al, byte [ebp - 0xed] -lea esi, [edi + 0x3756] -add esp, 0x10 -mov byte [ebp - 0xfc], 0 -mov byte [ebp - 0x10c], al -mov al, byte [ebp - 0xee] -add byte [ebp - 0x10c], al -mov al, byte [ebp - 0xec] -add byte [ebp - 0x10c], al -lea eax, [ebx + 0x70] -xor ebx, ebx -mov dword [ebp - 0x128], eax -mov dword [ebp - 0x104], eax +call fcn_fffb331f ; call 0xfffb331f +mov byte [ebp - 0x538], 0xff +mov byte [ebp - 0x537], 0xff +mov byte [ebp - 0x524], 0 +mov byte [ebp - 0x567], al +lea eax, [esi + esi*8] +lea esi, [ebp - 0x18] +add esi, eax +mov dword [ebp - 0x548], eax +mov dword [ebp - 0x520], esi -loc_fffbe5cb: ; not directly referenced -cmp dword [esi], 2 -jne short loc_fffbe603 ; jne 0xfffbe603 -movzx ecx, byte [esi + 0xc4] -mov edx, ebx -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0xfc], al -push edx -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x104] -call dword [eax + 0x64] ; ucall -add esp, 0x10 +loc_fffbe2f1: ; not directly referenced +mov eax, dword [ebp - 0x50c] +mov dl, byte [eax + 0x2489] +cmp byte [ebp - 0x524], dl +jae loc_fffbe5dd ; jae 0xfffbe5dd +movzx eax, byte [ebp - 0x524] +cmp al, 3 +ja short loc_fffbe32b ; ja 0xfffbe32b +mov esi, dword [ebp - 0x56c] +lea ecx, [eax*8] +shr esi, cl +mov dword [ebp - 0x558], esi +jmp short loc_fffbe355 ; jmp 0xfffbe355 -loc_fffbe603: ; not directly referenced -inc ebx -add esi, 0x13c3 -add dword [ebp - 0x104], 0xcc -cmp ebx, 2 -jne short loc_fffbe5cb ; jne 0xfffbe5cb -lea eax, [edi + 0x2490] -mov ecx, 2 -mov dword [ebp - 0x114], eax -mov edx, eax -mov eax, edi -call fcn_fffa66dd ; call 0xfffa66dd -movzx eax, byte [ebp - 0xfc] -lea ebx, [edi + 0x2b50] +loc_fffbe32b: ; not directly referenced +mov bl, byte [ebp - 0x567] +cmp byte [ebp - 0x524], 7 +mov byte [ebp - 0x558], bl +ja short loc_fffbe355 ; ja 0xfffbe355 +mov edi, dword [ebp - 0x570] +lea ecx, [eax*8 - 0x20] +shr edi, cl +mov dword [ebp - 0x558], edi + +loc_fffbe355: ; not directly referenced +mov esi, dword [ebp - 0x534] +lea edi, [ebp - 0x498] xor ecx, ecx -mov dword [ebp - 0xfc], eax +movzx ebx, byte [ebp - 0x524] +lea edx, [eax + esi] +shl edx, 5 +lea esi, [edi + edx] +mov dword [ebp - 0x544], esi +mov esi, dword [ebp - 0x55c] +shl eax, 4 +add eax, dword [ebp - 0x514] +lea edi, [esi + eax*4] +mov eax, dword [ebp - 0x520] +add eax, ebx -loc_fffbe648: ; not directly referenced -mov eax, dword [ebp - 0xfc] -mov dword [ebp + ecx*4 - 0xdc], 0 -bt eax, ecx -jae short loc_fffbe680 ; jae 0xfffbe680 -mov eax, dword [ebx + 4] -mov esi, 0x14 -xor edx, edx -add eax, dword [ebx] -div esi -mov si, 0xc -lea edx, [eax - 1] -cmp edx, 0xb -cmovbe esi, eax -mov dword [ebp + ecx*4 - 0xdc], esi +loc_fffbe393: ; not directly referenced +mov edx, 1 +movzx esi, byte [eax - 0x4da] +shl edx, cl +mov dword [ebp - 0x528], edx +mov dl, byte [eax - 0x4ec] +mov byte [ebp - 0x536], dl +and edx, esi +test byte [ebp - 0x528], dl +jne short loc_fffbe41e ; jne 0xfffbe41e +mov dl, byte [ebp - 0x528] +test byte [ebp - 0x558], dl +je short loc_fffbe3fc ; je 0xfffbe3fc +or esi, edx +mov edx, esi +mov esi, dword [ebp - 0x544] +mov byte [eax - 0x4da], dl +mov esi, dword [esi] +cmp dword [edi + ecx*8], esi +jb short loc_fffbe41e ; jb 0xfffbe41e +mov dl, byte [ebp - 0x528] +dec esi +mov dword [edi + ecx*8], esi +not edx +and dl, byte [ebp - 0x536] +mov byte [eax - 0x4ec], dl +jmp short loc_fffbe41e ; jmp 0xfffbe41e + +loc_fffbe3fc: ; not directly referenced +mov dl, byte [ebp - 0x528] +mov esi, dword [ebp - 0x544] +or dl, byte [ebp - 0x536] +mov byte [eax - 0x4ec], dl +mov edx, dword [esi] +cmp dword [edi + ecx*8], edx +jae short loc_fffbe41e ; jae 0xfffbe41e +mov dword [edi + ecx*8], edx -loc_fffbe680: ; not directly referenced +loc_fffbe41e: ; not directly referenced +mov esi, dword [ebp - 0x560] inc ecx -add ebx, 0x48 -cmp ecx, 2 -jne short loc_fffbe648 ; jne 0xfffbe648 -mov edx, dword [ebp - 0x114] -mov cl, 5 -mov eax, edi -call fcn_fffa66dd ; call 0xfffa66dd -mov dword [ebp - 0xd4], 0 -mov dword [ebp - 0xb8], 0x7fffffff -mov dword [ebp - 0xa8], 0x7fffffff -mov dword [ebp - 0xd0], 0 -mov dword [ebp - 0xb4], 0x7fffffff -mov dword [ebp - 0xa4], 0x7fffffff -mov dword [ebp - 0x104], 0 +add dword [ebp - 0x544], esi +cmp ecx, 8 +jne loc_fffbe393 ; jne 0xfffbe393 +cmp byte [ebp - 0x50e], 1 +mov al, 0xf +jne short loc_fffbe463 ; jne 0xfffbe463 +push eax +mov ecx, dword [ebp - 0x578] +push 0xf +mov edx, dword [ebp - 0x51c] +push dword [ebp - 0x514] +mov eax, dword [ebp - 0x50c] +push ebx +call fcn_fffb399f ; call 0xfffb399f +add esp, 0x10 -loc_fffbe6de: ; not directly referenced -xor esi, esi +loc_fffbe463: ; not directly referenced +cmp byte [ebp - 0x50d], 0 +je short loc_fffbe4c4 ; je 0xfffbe4c4 +mov edi, dword [ebp - 0x534] +lea esi, [ebp - 0x498] +xor ecx, ecx +add edi, ebx +shl edi, 5 +add edi, esi +mov dword [ebp - 0x528], edi -loc_fffbe6e0: ; not directly referenced -mov eax, dword [ebp - 0xfc] -bt eax, esi -jb short loc_fffbe724 ; jb 0xfffbe724 +loc_fffbe487: ; not directly referenced +mov edi, dword [ebp - 0x528] +mov edx, 1 +shl edx, cl +mov esi, dword [edi + ecx*4] +movzx edi, al +cmp esi, edi +jb short loc_fffbe4ab ; jb 0xfffbe4ab +mov edi, dword [ebp - 0x520] +or byte [ebx + edi - 0x4da], dl -loc_fffbe6eb: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffbe6e0 ; jne 0xfffbe6e0 -push eax -mov edx, dword [ebp - 0x114] -push eax -mov ecx, dword [ebp - 0xfc] -push 0 -lea eax, [ebp - 0xc8] -push eax -mov eax, edi -push 0x36 -push 1 -push 5 -push 0 -call fcn_fffc6051 ; call 0xfffc6051 -lea edx, [edi + 0x2914] -add esp, 0x20 -xor eax, eax -jmp short loc_fffbe782 ; jmp 0xfffbe782 +loc_fffbe4ab: ; not directly referenced +test esi, esi +jne short loc_fffbe4bc ; jne 0xfffbe4bc +mov edi, dword [ebp - 0x520] +or byte [ebx + edi - 0x4ec], dl -loc_fffbe724: ; not directly referenced -mov eax, dword [ebp - 0x104] -mov ecx, 0xc -xor ebx, ebx -movsx eax, byte [ebp + eax - 0xf1] -imul eax, dword [ebp + esi*4 - 0xdc] -cdq -idiv ecx -mov dword [ebp - 0x120], eax +loc_fffbe4bc: ; not directly referenced +inc ecx +cmp ecx, 8 +jne short loc_fffbe487 ; jne 0xfffbe487 +jmp short loc_fffbe4fe ; jmp 0xfffbe4fe -loc_fffbe74a: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffbe6eb ; jae 0xfffbe6eb -push 1 -movzx eax, bl -push 0 -inc ebx -push 1 -push 0 -push eax -push 0 -push esi -push 0 -push 0 -push dword [ebp - 0x120] -push 2 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp short loc_fffbe74a ; jmp 0xfffbe74a +loc_fffbe4c4: ; not directly referenced +mov edi, dword [ebp - 0x548] +movzx eax, al +lea edx, [edi + ebx] +shl edx, 5 +mov edx, dword [ebp + edx - 0x498] +cmp edx, eax +jb short loc_fffbe4ec ; jb 0xfffbe4ec +mov eax, dword [ebp - 0x520] +mov byte [ebx + eax - 0x4da], 0xff -loc_fffbe779: ; not directly referenced -inc eax -add edx, 0x48 -cmp eax, 2 -je short loc_fffbe7d4 ; je 0xfffbe7d4 +loc_fffbe4ec: ; not directly referenced +test edx, edx +jne short loc_fffbe4fe ; jne 0xfffbe4fe +mov eax, dword [ebp - 0x520] +mov byte [ebx + eax - 0x4ec], 0xff -loc_fffbe782: ; not directly referenced -mov esi, dword [ebp - 0xfc] -bt esi, eax -jae short loc_fffbe779 ; jae 0xfffbe779 -mov ebx, dword [ebp - 0x104] -mov ecx, dword [edx - 4] -mov esi, dword [edx] -movzx ebx, byte [ebp + ebx - 0xee] -sub esi, ecx -imul ebx, esi -add dword [ebp + eax*4 - 0xd4], ebx -mov ebx, dword [ebp + eax*4 - 0xb8] -cmp ecx, ebx -cmovg ecx, ebx -mov dword [ebp + eax*4 - 0xb8], ecx -mov ecx, dword [ebp + eax*4 - 0xa8] -cmp dword [edx], ecx -cmovle ecx, dword [edx] -mov dword [ebp + eax*4 - 0xa8], ecx -jmp short loc_fffbe779 ; jmp 0xfffbe779 +loc_fffbe4fe: ; not directly referenced +mov eax, dword [ebp - 0x520] +lea edx, [eax + ebx] +mov al, byte [edx - 0x4ec] +mov dl, byte [edx - 0x4da] +and byte [ebp - 0x537], al +and byte [ebp - 0x538], dl +cmp dword [ebp - 0x52c], 0 +jne loc_fffbe5d2 ; jne 0xfffbe5d2 +cmp byte [ebp - 0x50d], 0 +je short loc_fffbe58b ; je 0xfffbe58b +mov esi, dword [ebp - 0x534] +lea edi, [ebp - 0x498] +lea ecx, [ebx + esi] +mov bl, dl +shl ecx, 5 +and ebx, eax +lea esi, [edi + ecx] +mov byte [ebp - 0x528], bl +lea edi, [ebp + ecx - 0x258] +xor ecx, ecx -loc_fffbe7d4: ; not directly referenced -inc dword [ebp - 0x104] -cmp dword [ebp - 0x104], 3 -jne loc_fffbe6de ; jne 0xfffbe6de +loc_fffbe55d: ; not directly referenced +mov ebx, 1 +shl ebx, cl +test byte [ebp - 0x528], bl +jne short loc_fffbe583 ; jne 0xfffbe583 +test dl, bl +jne short loc_fffbe575 ; jne 0xfffbe575 +inc dword [esi + ecx*4] +jmp short loc_fffbe583 ; jmp 0xfffbe583 + +loc_fffbe575: ; not directly referenced +test al, bl +jne short loc_fffbe583 ; jne 0xfffbe583 +mov ebx, dword [edi + ecx*4] +dec ebx +mov dword [edi + ecx*4], ebx +mov dword [esi + ecx*4], ebx + +loc_fffbe583: ; not directly referenced +inc ecx +cmp ecx, 8 +jne short loc_fffbe55d ; jne 0xfffbe55d +jmp short loc_fffbe5d2 ; jmp 0xfffbe5d2 + +loc_fffbe58b: ; not directly referenced +mov cl, dl +and ecx, eax +inc cl +je short loc_fffbe5d2 ; je 0xfffbe5d2 +inc dl +je short loc_fffbe5ab ; je 0xfffbe5ab +mov eax, dword [ebp - 0x548] +add eax, ebx +shl eax, 5 +inc dword [ebp + eax - 0x498] +jmp short loc_fffbe5d2 ; jmp 0xfffbe5d2 + +loc_fffbe5ab: ; not directly referenced +inc al +je short loc_fffbe5d2 ; je 0xfffbe5d2 +mov eax, dword [ebp - 0x548] +add eax, ebx +shl eax, 5 +mov esi, dword [ebp + eax - 0x258] +lea edx, [esi - 1] +mov dword [ebp + eax - 0x258], edx +mov dword [ebp + eax - 0x498], edx + +loc_fffbe5d2: ; not directly referenced +inc byte [ebp - 0x524] +jmp near loc_fffbe2f1 ; jmp 0xfffbe2f1 + +loc_fffbe5dd: ; not directly referenced +cmp dword [ebp - 0x52c], 1 +jne loc_fffbe031 ; jne 0xfffbe031 +mov al, byte [ebp - 0x537] +mov edi, dword [ebp - 0x538] +and eax, edi +inc al +je loc_fffbe031 ; je 0xfffbe031 +mov eax, edi +inc al +je short loc_fffbe612 ; je 0xfffbe612 +mov eax, dword [ebp - 0x530] +inc dword [eax] + +loc_fffbe60e: ; not directly referenced xor eax, eax -xor ebx, ebx +jmp short loc_fffbe635 ; jmp 0xfffbe635 -loc_fffbe7eb: ; not directly referenced -movsx ecx, word [ebp + eax - 0xe8] -mov edx, dword [ebp + eax*2 - 0xb8] -sub edx, ecx -cmovs edx, ebx -add ecx, dword [ebp + eax*2 - 0xa8] -mov dword [ebp + eax*2 - 0xb8], edx -cmovs ecx, ebx -cmp ecx, edx -cmovle edx, ecx -mov dword [ebp + eax*2 - 0xa8], ecx -mov dword [ebp + eax*2 - 0x98], edx -add eax, 2 -cmp eax, 4 -jne short loc_fffbe7eb ; jne 0xfffbe7eb -movsx eax, byte [ebp - 0x10c] -xor ebx, ebx -movzx edx, word [ebp - 0x118] -imul esi, eax, 0xa -imul eax, eax, 0x14 -mov dword [ebp - 0x120], esi -mov dword [ebp - 0x124], eax -movzx eax, word [ebp - 0x11c] -add eax, edx -mov dword [ebp - 0x10c], eax -lea eax, [edi + 0x2910] -mov dword [ebp - 0x114], eax -mov eax, dword [ebp - 0x128] -sar dword [ebp - 0x10c], 2 -mov dword [ebp - 0x104], eax +loc_fffbe612: ; not directly referenced +imul ecx, dword [ebp - 0x51c], 0x120 +mov edi, dword [ebp - 0x530] +mov eax, dword [ebp + ecx - 0x258] +dec eax +mov dword [ebp + ecx - 0x258], eax +mov dword [edi], eax +jmp short loc_fffbe60e ; jmp 0xfffbe60e -loc_fffbe87b: ; not directly referenced -mov eax, dword [ebp - 0xfc] -bt eax, ebx -jae loc_fffbe9e6 ; jae 0xfffbe9e6 -mov edx, dword [ebp + ebx*4 - 0xd4] -mov eax, edx -sar eax, 0x1f -or eax, 1 -movsx eax, al -imul eax, dword [ebp - 0x120] -add eax, edx -cdq -idiv dword [ebp - 0x124] -cmp dword [ebp - 0x108], 0x306d0 -sete dl -cmp dword [ebp - 0x100], 3 -mov dword [ebp + ebx*4 - 0xd4], eax -seta al -test al, dl -jne short loc_fffbe8e9 ; jne 0xfffbe8e9 -cmp dword [ebp - 0x100], 0 -setne cl -cmp dword [ebp - 0x108], 0x40670 -sete al -test cl, al -je short loc_fffbe914 ; je 0xfffbe914 +loc_fffbe635: ; not directly referenced +cmp dl, al +jbe loc_fffbe031 ; jbe 0xfffbe031 +mov esi, dword [ebp - 0x530] +mov ecx, eax +inc eax +shl ecx, 5 +mov ebx, dword [esi] +mov dword [esi + ecx], ebx +jmp short loc_fffbe635 ; jmp 0xfffbe635 -loc_fffbe8e9: ; not directly referenced -mov eax, dword [ebp - 0x10c] -cmp dword [ebp + ebx*4 - 0x98], eax -jbe short loc_fffbe914 ; jbe 0xfffbe914 -movsx eax, byte [ebp + ebx - 0xeb] -mov dword [ebp + ebx*4 - 0xe4], 0 -neg eax -mov dword [ebp + ebx*4 - 0xd4], eax +loc_fffbe650: ; not directly referenced +cmp byte [ebp - 0x50d], 0 +jne loc_fffbe701 ; jne 0xfffbe701 +mov eax, dword [ebp + 8] +xor edi, edi +mov dword [ebp - 0x51c], eax +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x520], eax -loc_fffbe914: ; not directly referenced -mov eax, dword [ebp + ebx*4 - 0xe4] -mov esi, dword [ebp - 0x104] -mov byte [edi + ebx + 0x369d], al -cmp byte [esi + 0x61], 0 -jle short loc_fffbe98b ; jle 0xfffbe98b -cmp dword [ebp - 0x100], 3 -sete cl -test cl, dl -jne short loc_fffbe961 ; jne 0xfffbe961 -cmp dword [ebp - 0x100], 0 -sete cl -cmp dword [ebp - 0x108], 0x40670 -sete byte [ebp - 0x118] +loc_fffbe671: ; not directly referenced +mov eax, dword [ebp - 0x518] +bt eax, edi +jb short loc_fffbe699 ; jb 0xfffbe699 + +loc_fffbe67c: ; not directly referenced +inc edi +add dword [ebp - 0x520], 0x48 +add dword [ebp - 0x51c], 0x240 +cmp edi, 2 +je loc_fffbe7ca ; je 0xfffbe7ca +jmp short loc_fffbe671 ; jmp 0xfffbe671 + +loc_fffbe699: ; not directly referenced +xor ebx, ebx + +loc_fffbe69b: ; not directly referenced +mov eax, dword [ebp - 0x50c] +cmp bl, byte [eax + 0x2489] +jae short loc_fffbe67c ; jae 0xfffbe67c +movzx ecx, bl +mov esi, dword [ebp - 0x51c] xor edx, edx -test byte [ebp - 0x118], cl -je short loc_fffbe96a ; je 0xfffbe96a +mov eax, ecx +shl eax, 4 +add eax, dword [ebp - 0x514] +mov dword [ebp - 0x524], ecx +lea esi, [esi + eax*4] +mov eax, 0x7f -loc_fffbe961: ; not directly referenced -mov esi, dword [ebp - 0x104] -mov dl, byte [esi + 0x73] +loc_fffbe6cd: ; not directly referenced +movzx ecx, al +cmp ecx, dword [esi + edx] +movzx ecx, byte [esi + edx] +cmova eax, ecx +add edx, 8 +cmp edx, 0x40 +jne short loc_fffbe6cd ; jne 0xfffbe6cd +mov esi, dword [ebp - 0x524] +imul eax, eax, 0xa +inc ebx +mov ecx, esi +add ecx, esi +mov esi, dword [ebp - 0x520] +add ecx, dword [ebp - 0x514] +mov dword [esi + ecx*4], eax +jmp short loc_fffbe69b ; jmp 0xfffbe69b -loc_fffbe96a: ; not directly referenced -sub dl, byte [ebp + ebx - 0xeb] -add edx, 3 -movsx esi, dl -cmp dword [ebp + ebx*4 - 0xd4], esi -jle short loc_fffbe98b ; jle 0xfffbe98b -test eax, eax -je short loc_fffbe98b ; je 0xfffbe98b -mov dword [ebp + ebx*4 - 0xd4], esi +loc_fffbe701: ; not directly referenced +mov al, byte [ebp - 0x510] +xor edi, edi +mov esi, dword [ebp + 8] +and eax, 1 +mov byte [ebp - 0x520], al -loc_fffbe98b: ; not directly referenced -mov eax, dword [ebp - 0xfc] -lea ecx, [ebx + 1] +loc_fffbe715: ; not directly referenced +mov eax, dword [ebp - 0x518] +xor edx, edx +bt eax, edi +jb short loc_fffbe78d ; jb 0xfffbe78d + +loc_fffbe722: ; not directly referenced +inc edi +add esi, 0x240 +cmp edi, 2 +jne short loc_fffbe715 ; jne 0xfffbe715 push 2 -mov esi, dword [ebp + ebx*4 - 0xd4] -sar eax, cl -push eax -push 1 +movzx eax, byte [ebp - 0x535] push 0 -push 7 push 0 -push ebx push 0 push 0 -push esi -push 5 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov ecx, dword [ebp - 0x114] -imul eax, esi, 0xa -imul esi, esi, 0xfffffff6 -add esp, 0x2c -add dword [ecx], eax -add dword [ecx + 4], esi +push eax +movzx eax, byte [ebp - 0x50f] +push 0 +push 1 +push 0 push 0 -movzx eax, byte [edi + 0x2488] push eax -mov eax, dword [ebp - 0x110] -push dword [ebp - 0x104] -call dword [eax + 0x64] ; ucall -add esp, 0x10 +push dword [ebp - 0x50c] +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +jmp short loc_fffbe7ca ; jmp 0xfffbe7ca -loc_fffbe9e6: ; not directly referenced -inc ebx -add dword [ebp - 0x114], 0x48 -add dword [ebp - 0x104], 0xcc -cmp ebx, 2 -jne loc_fffbe87b ; jne 0xfffbe87b +loc_fffbe760: ; not directly referenced +cmp byte [ebp - 0x50e], 9 +sete bl +test byte [ebp - 0x520], bl +jne short loc_fffbe7bd ; jne 0xfffbe7bd +cmp byte [ebp - 0x50e], 9 +setne bl +test byte [ebp - 0x51c], bl +jne short loc_fffbe7bd ; jne 0xfffbe7bd + +loc_fffbe784: ; not directly referenced +add eax, 8 +cmp eax, 0x40 +jne short loc_fffbe760 ; jne 0xfffbe760 +inc edx + +loc_fffbe78d: ; not directly referenced +mov eax, dword [ebp - 0x50c] +cmp dl, byte [eax + 0x2489] +jae short loc_fffbe722 ; jae 0xfffbe722 +mov bl, byte [ebp - 0x565] +movzx eax, dl +shl eax, 4 +add eax, dword [ebp - 0x514] +xor ebx, 1 +lea ecx, [esi + eax*4] +xor eax, eax +mov byte [ebp - 0x51c], bl +jmp short loc_fffbe760 ; jmp 0xfffbe760 -loc_fffbea01: ; not directly referenced +loc_fffbe7bd: ; not directly referenced +mov ebx, 0xf +sub ebx, dword [ecx + eax] +mov dword [ecx + eax], ebx +jmp short loc_fffbe784 ; jmp 0xfffbe784 + +loc_fffbe7ca: ; not directly referenced +inc byte [ebp - 0x510] +inc dword [ebp - 0x514] +and byte [ebp - 0x510], 1 +cmp dword [ebp - 0x514], 2 +jne loc_fffbdcae ; jne 0xfffbdcae push 2 +mov edx, 0 push 0 -push 1 +mov eax, 0x88888888 push 0 push 0 push 0 +push dword [ebp - 0x574] +cmp byte [ebp - 0x50d], 1 push 0 +cmovne eax, edx push 1 push 0 -push 0 -push 2 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov byte [edi + 0x247a], 0 +push eax +movzx eax, byte [ebp - 0x53c] +push eax +push dword [ebp - 0x50c] +call fcn_fffcd268 ; call 0xfffcd268 lea esp, [ebp - 0xc] pop ebx pop esi @@ -41673,2248 +41527,2020 @@ pop edi pop ebp ret -fcn_fffbea2f: ; not directly referenced +fcn_fffbe830: ; not directly referenced push ebp mov ebp, esp push edi push esi +mov esi, 0x36 push ebx -sub esp, 0x230 -mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x1fc], eax -mov eax, dword [edi + 0x2443] -mov esi, eax -mov dword [ebp - 0x218], eax -mov eax, dword [edi + 0x188b] -push 0 -push 0x10 -mov dword [ebp - 0x21c], eax -lea eax, [ebp - 0x1d8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x1dc] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x1b0 -lea eax, [ebp - 0x1c8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -mov al, byte [edi + 0x2441] -xor ecx, ecx -mov byte [ebp - 0x1d9], 0 -mov byte [ebp - 0x1da], 0 -mov byte [ebp - 0x21d], al -mov eax, dword [edi + 0x2480] -mov dword [esp], edi -cmp eax, 3 -sete cl -cmp eax, 2 -mov ebx, ecx -sete byte [ebp - 0x21e] -mov dword [ebp - 0x208], ebx -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -cmp ebx, 1 -lea ecx, [edi + 0x2490] -mov dword [ebp - 0x1f4], edi -mov dword [ebp - 0x1f0], 0 -mov dword [ebp - 0x214], ecx -mov dword [ebp - 0x200], eax -sbb eax, eax -and eax, 7 -add eax, 0xa -movzx eax, al -mov dword [ebp - 0x22c], eax - -loc_fffbeb18: ; not directly referenced -mov eax, dword [ebp - 0x1fc] -xor ebx, ebx -mov cl, byte [ebp - 0x1f0] -mov dword [ebp - 0x1ec], 1 -shl dword [ebp - 0x1ec], cl -add eax, 0x70 -mov dword [ebp - 0x204], eax -mov byte [ebp - 0x1f8], 0 +mov ebx, eax +sub esp, 0x3c +mov eax, dword [ebp + 8] +cmp dword [ebx + 0x2481], 2 +mov dword [ebp - 0x28], edx +mov dword [ebp - 0x24], eax +mov byte [ebp - 0x2a], al +mov eax, dword [ebx + 0x2444] +mov dword [ebp - 0x38], eax +jne short loc_fffbe867 ; jne 0xfffbe867 +cmp byte [ebp - 0x24], 5 +mov al, 0x25 +cmove esi, eax -loc_fffbeb46: ; not directly referenced -mov ecx, dword [ebp - 0x1ec] -mov edx, ebx -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x1f8], al -movzx eax, byte [ebp - 0x1f8] -bt eax, ebx -mov esi, eax -jae short loc_fffbeb86 ; jae 0xfffbeb86 +loc_fffbe867: ; not directly referenced +movzx eax, byte [ebp - 0x24] +movzx edi, cl push ecx -push 0 -movzx eax, byte [edi + 0x2488] -push eax -mov eax, dword [ebp - 0x218] -push dword [ebp - 0x204] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffbeb86: ; not directly referenced -inc ebx -add dword [ebp - 0x204], 0xcc -cmp ebx, 2 -jne short loc_fffbeb46 ; jne 0xfffbeb46 -cmp byte [ebp - 0x1f8], 0 -je loc_fffbf0bc ; je 0xfffbf0bc -sub esp, 0xc -mov ecx, 0x11 -push 0 -mov edx, esi -mov eax, edi -xor bl, bl -call fcn_fffb26ca ; call 0xfffb26ca +push ecx +mov ecx, edi +mov edx, eax +mov dword [ebp - 0x1c], eax +lea eax, [ebx + 0x2491] +mov dword [ebp - 0x20], eax +mov eax, 1 +shl eax, cl +mov ecx, edx +mov edx, dword [ebp - 0x20] +movzx eax, al +push eax +mov eax, ebx +push edi +call fcn_fffa7e1a ; call 0xfffa7e1a +add esp, 0x10 +test eax, eax +jne loc_fffbea00 ; jne 0xfffbea00 +movzx eax, byte [ebp - 0x28] +push edx +push edx +mov edx, dword [ebp - 0x20] +push dword [ebp + 0x18] +mov ecx, eax +mov dword [ebp - 0x3c], eax +mov eax, esi +movzx esi, al +mov eax, ebx +push esi +push dword [ebp + 0xc] +push dword [ebp - 0x1c] +push edi +push edi +call fcn_fffd16df ; call 0xfffd16df +add esp, 0x20 +test eax, eax +jne loc_fffbea00 ; jne 0xfffbea00 +mov ecx, dword [ebp - 0x1c] +sub esp, 0xc +mov eax, ebx +mov edx, dword [ebp - 0x20] +push edi +call fcn_fffa7d46 ; call 0xfffa7d46 add esp, 0x10 +test eax, eax +jne loc_fffbea00 ; jne 0xfffbea00 +xor edx, edx +cmp byte [ebp - 0x24], 0x21 +ja short loc_fffbe902 ; ja 0xfffbe902 +mov eax, dword [ebp - 0x1c] +movzx edx, byte [eax + ref_fffd58e0] ; movzx edx, byte [eax - 0x2a720] -loc_fffbebbb: ; not directly referenced -mov dl, bl -cmp bl, 3 -je short loc_fffbec24 ; je 0xfffbec24 -cmp bl, 1 -jne short loc_fffbebd0 ; jne 0xfffbebd0 -mov byte [edi + 0x248b], 9 -jmp short loc_fffbebdc ; jmp 0xfffbebdc +loc_fffbe902: ; not directly referenced +imul esi, edx, 0x48 +xor eax, eax +mov byte [ebp - 0x28], 0 +mov dword [ebp - 0x44], esi -loc_fffbebd0: ; not directly referenced -cmp bl, 4 -jne short loc_fffbebdc ; jne 0xfffbebdc -mov byte [edi + 0x248b], 0 +loc_fffbe90e: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x28], 1 +setbe dl +test cl, dl +je loc_fffbea00 ; je 0xfffbea00 +mov al, byte [ebp - 0x28] +movzx esi, al +mov dword [ebp - 0x30], esi +mov esi, dword [ebp - 0x3c] +bt esi, eax +jb short loc_fffbe93a ; jb 0xfffbe93a -loc_fffbebdc: ; not directly referenced -lea eax, [edx - 4] -cmp al, 2 -sbb eax, eax -and eax, 0x17 -add eax, 0x1f -cmp dl, 5 -sete dl -test byte [ebp - 0x21e], dl -mov dl, 0x25 -lea ecx, [ebp - 0x1d8] -cmovne eax, edx -push edx -movzx eax, al -push edx -mov edx, dword [ebp - 0x214] -push 0 -push ecx -mov ecx, esi +loc_fffbe933: ; not directly referenced +xor eax, eax +jmp near loc_fffbe9f8 ; jmp 0xfffbe9f8 + +loc_fffbe93a: ; not directly referenced +imul eax, dword [ebp - 0x30], 0x24 +mov esi, dword [ebp + 0x14] +mov dword [ebp - 0x24], 0x18 +mov byte [ebp - 0x29], 0 +add esi, eax +add eax, dword [ebp + 0x10] +mov dword [ebp - 0x34], esi +mov dword [ebp - 0x40], eax + +loc_fffbe957: ; not directly referenced +mov al, byte [ebp - 0x29] +cmp al, byte [ebx + 0x2489] +jae short loc_fffbe933 ; jae 0xfffbe933 +imul edx, edi, 0x12 +movzx ecx, byte [ebp - 0x29] +imul eax, dword [ebp - 0x30], 9 +add eax, edx +mov edx, dword [ebp - 0x44] +mov esi, eax +add eax, ecx +lea eax, [eax + edx + 8] +add edx, esi +mov eax, dword [ebx + eax*8 + 0x2455] +lea edx, [ecx + edx + 8] +mov esi, 0xa +add eax, dword [ebx + edx*8 + 0x2451] +xor edx, edx +div esi +mov edx, dword [ebp - 0x40] +mov dword [edx + ecx*4], eax +shr eax, 1 +mov edx, 0x18 +cmp eax, 0x18 +cmovbe edx, eax +mov eax, dword [ebp - 0x34] +cmp dword [ebp - 0x24], edx +mov dword [eax + ecx*4], edx +mov ecx, dword [ebp - 0x1c] +mov eax, ebx +cmovbe edx, dword [ebp - 0x24] +sub esp, 0xc +push edi +mov dword [ebp - 0x24], edx +mov edx, dword [ebp - 0x20] +call fcn_fffa7d46 ; call 0xfffa7d46 +add esp, 0x10 +test eax, eax +jne short loc_fffbe9f8 ; jne 0xfffbe9f8 +cmp byte [ebp - 0x2a], 5 +jne short loc_fffbe9f0 ; jne 0xfffbe9f0 push eax -mov eax, edi -push 1 +movzx eax, byte [ebx + 0x2489] +push dword [ebp - 0x24] +push eax +mov eax, dword [ebp - 0x38] +push dword [ebp - 0x34] +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffbe9f0: ; not directly referenced +inc byte [ebp - 0x29] +jmp near loc_fffbe957 ; jmp 0xfffbe957 + +loc_fffbe9f8: ; not directly referenced +inc byte [ebp - 0x28] +jmp near loc_fffbe90e ; jmp 0xfffbe90e + +loc_fffbea00: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffbea08: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi push ebx -push dword [ebp - 0x1f0] -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x20 +sub esp, 0xcfc +mov edi, dword [ebp + 0x18] +mov dword [ebp - 0xcc0], edx +mov dl, byte [ebp + 0xc] +mov esi, dword [ebp + 0x10] +mov dword [ebp - 0xc88], ecx +mov ecx, 7 +mov ebx, dword [ebp + 8] +mov dword [ebp - 0xca0], edi +mov edi, dword [ebp + 0x1c] +mov byte [ebp - 0xcee], dl +mov dl, byte [ebp + 0x14] +mov dword [ebp - 0xc98], esi +mov esi, ref_fffd53bc ; mov esi, 0xfffd53bc +mov dword [ebp - 0xc7c], eax +mov dword [ebp - 0xca4], edi +mov byte [ebp - 0xcef], dl +mov edx, edi +lea edi, [ebp - 0xc58] +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0xc3c] +mov esi, ref_fffd53d8 ; mov esi, 0xfffd53d8 +mov byte [ebp - 0xc9a], bl +mov byte [ebp - 0xc99], dl +mov cl, 7 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +lea edi, [ebp - 0xc20] +mov esi, ref_fffd53f4 ; mov esi, 0xfffd53f4 +mov cl, 7 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov esi, dword [eax + 0x5edd] +mov eax, dword [eax + 0x2444] +mov dword [ebp - 0xce8], esi +mov dword [ebp - 0xc84], eax +lea eax, [ebx - 1] +cmp al, 1 +ja loc_fffbf976 ; ja 0xfffbf976 +push esi +push 0 +push 0x10 +lea eax, [ebp - 0xc68] +push eax +mov eax, dword [ebp - 0xc84] +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +xor eax, eax -loc_fffbec24: ; not directly referenced -inc ebx -cmp ebx, 7 -jne short loc_fffbebbb ; jne 0xfffbebbb -mov ecx, dword [ebp - 0x22c] +loc_fffbead1: ; not directly referenced +mov byte [ebp + eax - 0xc71], al +inc eax +cmp eax, 9 +jne short loc_fffbead1 ; jne 0xfffbead1 +movzx eax, bl +mov cl, byte [ebp - 0xca0] sub esp, 0xc -mov edx, esi +mov al, byte [eax + ref_fffd58e0] ; mov al, byte [eax - 0x2a720] +mov edi, dword [ebp - 0xc7c] push 0 +dec ecx +mov byte [ebp - 0xc80], al +movzx eax, byte [ebp - 0xc88] +movzx ecx, cl +mov dword [ebp - 0xcec], eax +mov edx, eax mov eax, edi -call fcn_fffb2759 ; call 0xfffb2759 +call fcn_fffae9e2 ; call 0xfffae9e2 +xor eax, eax add esp, 0x10 -cmp dword [ebp - 0x208], 0 -je short loc_fffbec72 ; je 0xfffbec72 -push eax -mov ecx, esi -push 0 -xor edx, edx -push 0 -push 0x20 +mov byte [edi + 0x248c], 9 +mov edi, dword [ebp - 0xc98] +cmp bl, 1 +cmove eax, edi +mov byte [ebp - 0xc9c], al +inc eax +cmp byte [ebp - 0xca4], 0 +mov byte [ebp - 0xced], al +jne short loc_fffbeb5d ; jne 0xfffbeb5d +push ecx push 0 -lea eax, [ebp - 0x1da] +lea eax, [ebp - 0xc04] +push 0x1c push eax -mov eax, edi -push 0xff -push dword [ebp - 0x1ec] -call fcn_fffcfd43 ; call 0xfffcfd43 -jmp short loc_fffbec95 ; jmp 0xfffbec95 +mov eax, dword [ebp - 0xc84] +call dword [eax + 0x5c] ; ucall +jmp short loc_fffbeb77 ; jmp 0xfffbeb77 -loc_fffbec72: ; not directly referenced -push 1 -mov ecx, esi -push 1 -xor edx, edx -lea eax, [ebp - 0x1dc] +loc_fffbeb5d: ; not directly referenced +push edx +push 0x1c +lea eax, [ebp - 0xc20] push eax -mov eax, edi -push 1 -push 0x40 -push 0xffffffffffffffc0 -push 3 -push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd +lea eax, [ebp - 0xc04] +push eax +mov eax, dword [ebp - 0xc84] +call dword [eax + 0x58] ; ucall -loc_fffbec95: ; not directly referenced -add esp, 0x20 -cmp byte [ebp - 0x21d], 0 -sete dl -cmp dword [ebp - 0x21c], 1 -sete al -test dl, al -jne loc_fffbed6c ; jne 0xfffbed6c +loc_fffbeb77: ; not directly referenced +add esp, 0x10 +xor edx, edx +xor esi, esi +xor eax, eax +mov edi, 6 -loc_fffbecb4: ; not directly referenced -push edx +loc_fffbeb85: ; not directly referenced +movzx ecx, al +add esi, dword [ebp + ecx*4 - 0xc58] +add edx, dword [ebp + ecx*4 - 0xc3c] +cmp byte [ebp - 0xc99], 0 +mov dword [ebp - 0xcd8], esi +mov dword [ebp - 0xcdc], edx +cmove eax, edi +inc eax +cmp al, 7 +jne short loc_fffbeb85 ; jne 0xfffbeb85 +movzx eax, byte [ebp - 0xc80] +cmp bl, 1 +sete byte [ebp - 0xc9b] +add byte [ebp - 0xc9b], 8 +dec bl +setne byte [ebp - 0xca0] +imul eax, eax, 0x240 +add eax, dword [ebp - 0xcc0] +add byte [ebp - 0xca0], 4 +mov dword [ebp - 0xcbc], eax +movzx eax, byte [ebp - 0xc9a] +mov dword [ebp - 0xc80], 0 +mov dword [ebp - 0xce4], eax +movzx eax, byte [ebp - 0xca0] +mov dword [ebp - 0xcb4], eax + +loc_fffbec0f: ; not directly referenced +mov eax, dword [ebp - 0xce8] +mov edi, 1 +xor ebx, ebx +mov cl, byte [ebp - 0xc80] +mov byte [ebp - 0xc98], 0 +add eax, 0x70 +shl edi, cl +mov esi, eax +mov dword [ebp - 0xcc8], eax + +loc_fffbec36: ; not directly referenced +mov eax, dword [ebp - 0xcec] +bt eax, ebx +jae short loc_fffbec80 ; jae 0xfffbec80 +mov eax, dword [ebp - 0xc7c] +mov ecx, edi +mov edx, ebx +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0xc98], al +movzx eax, byte [ebp - 0xc98] +bt eax, ebx +jae short loc_fffbec80 ; jae 0xfffbec80 +push eax +mov eax, dword [ebp - 0xc7c] push 0 +movzx eax, byte [eax + 0x2489] +push eax +mov eax, dword [ebp - 0xc84] +push esi +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffbec80: ; not directly referenced +inc ebx +add esi, 0xcc +cmp ebx, 2 +jne short loc_fffbec36 ; jne 0xfffbec36 +cmp byte [ebp - 0xc98], 0 +jne short loc_fffbecdf ; jne 0xfffbecdf + +loc_fffbec95: ; not directly referenced +inc dword [ebp - 0xc80] +cmp dword [ebp - 0xc80], 4 +jne loc_fffbec0f ; jne 0xfffbec0f +mov edi, dword [ebp - 0xc7c] +movzx eax, byte [ebp - 0xca0] +mov byte [edi + 0x247b], 0 +push 2 push 0 -push 3 -push 0xff push 0 push 0 -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c push 0 push 0 -push 3 -push 0xff push 0 push 1 -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x14 -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -lea eax, [ebp - 0x1d8] -mov edx, dword [ebp - 0x214] -pop ecx -mov ecx, esi -pop ebx -mov ebx, dword [ebp - 0x1f0] +push 0 push 0 push eax -mov eax, edi -push 0x36 -push 1 -push 0xd -push ebx -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x14 push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -lea edx, [ebp - 0x1c8] -mov dword [ebp - 0x200], eax -mov eax, edi -call fcn_fffb8ffd ; call 0xfffb8ffd -imul eax, ebx, 0xd8 -mov edx, ebx -add edx, ebx -add esp, 0x10 -lea ecx, [edi + ebx*4] -add edx, edi -mov dword [ebp - 0x210], ecx -mov ecx, dword [ebp - 0x1f4] -add eax, 0x281 -mov dword [ebp - 0x20c], edx -mov dword [ebp - 0x1f8], 0 -mov dword [ebp - 0x228], eax -jmp near loc_fffbef33 ; jmp 0xfffbef33 - -loc_fffbed6c: ; not directly referenced -xor ebx, ebx +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +jmp near loc_fffbf982 ; jmp 0xfffbf982 -loc_fffbed6e: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbedcb ; jne 0xfffbedcb -push eax +loc_fffbecdf: ; not directly referenced +cmp byte [ebp - 0xcef], 1 +jne short loc_fffbed19 ; jne 0xfffbed19 push 0 +movzx eax, byte [ebp - 0xc9b] push 0 -push 3 -push 0xff +push 1 push 0 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -cmp byte [edi + 0x36c9], 2 -jne short loc_fffbedcb ; jne 0xfffbedcb -mov ecx, dword [ebp - 0x1fc] -imul eax, ebx, 0xcc -mov edx, ebx +push 0 +push dword [ebp - 0xc80] push 0 push 1 -movzx eax, byte [ecx + eax + 0xe2] -mov ecx, 0xff +push 0 +push 0x88888888 push eax -mov eax, edi -push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -add esp, 0x10 +push dword [ebp - 0xc7c] +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 -loc_fffbedcb: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffbed6e ; jne 0xfffbed6e +loc_fffbed19: ; not directly referenced +xor ebx, ebx +cmp byte [ebp - 0xc99], 0 +je loc_fffbee01 ; je 0xfffbee01 sub esp, 0xc -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -cmp dword [ebp - 0x208], 0 -jne short loc_fffbee47 ; jne 0xfffbee47 -mov ecx, dword [ebp - 0x1f4] -mov edx, 6 -mov eax, dword [ecx + 0x3210] -mov dword [ecx + 0x3218], eax -mov eax, dword [ecx + 0x3214] -mov dword [ecx + 0x321c], eax -mov eax, dword [ecx + 0x3258] -mov dword [ecx + 0x3260], eax -mov eax, dword [ecx + 0x325c] -mov dword [ecx + 0x3264], eax -lea eax, [ebp - 0x1dc] -mov ecx, esi -push 1 -push 1 +movzx edx, byte [ebp - 0xc98] +lea eax, [ebp - 0xc68] +mov ecx, dword [ebp - 0xc80] push eax -mov eax, edi -push 0 -push 0x40 -push 0xffffffffffffffc0 -push 3 -push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd +lea ebx, [ebp - 0xbe8] +push ebx +lea eax, [ebp - 0xba0] +push eax +lea eax, [ebp - 0xc71] +push eax +mov eax, dword [ebp - 0xc7c] +push dword [ebp - 0xcb4] +call fcn_fffbe830 ; call 0xfffbe830 add esp, 0x20 -jmp short loc_fffbee56 ; jmp 0xfffbee56 +test eax, eax +jne short loc_fffbedc3 ; jne 0xfffbedc3 -loc_fffbee47: ; not directly referenced -mov ecx, dword [ebp - 0x1ec] -mov edx, esi -mov eax, edi -call fcn_fffc93f9 ; call 0xfffc93f9 +loc_fffbed6c: ; not directly referenced +push eax +mov ecx, dword [ebp - 0xce4] +push eax +mov edx, dword [ebp - 0xcc0] +push edi +mov edi, dword [ebp - 0xc80] +mov eax, dword [ebp - 0xc7c] +push edi +call fcn_fffa7e1a ; call 0xfffa7e1a +mov al, byte [ebp - 0xc98] +add esp, 0x10 +mov dword [ebp - 0xcac], 0 +movzx ebx, al +and eax, 2 +movzx eax, al +mov dword [ebp - 0xca8], eax +imul eax, edi, 0x12 +mov dword [ebp - 0xc88], ebx +mov dword [ebp - 0xcc4], eax +jmp near loc_fffbefc6 ; jmp 0xfffbefc6 -loc_fffbee56: ; not directly referenced -mov ebx, dword [ebp - 0x1f4] -mov dword [ebp - 0x1f8], 0 - -loc_fffbee66: ; not directly referenced -imul eax, dword [ebp - 0x1f8], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffbeee7 ; jne 0xfffbeee7 -mov eax, dword [ebx + 0x3218] -cmp dword [ebx + 0x3210], eax -cmovbe eax, dword [ebx + 0x3210] -mov dword [ebx + 0x3210], eax -mov eax, dword [ebx + 0x321c] -cmp dword [ebx + 0x3214], eax -cmovbe eax, dword [ebx + 0x3214] -mov dword [ebx + 0x3214], eax -cmp byte [edi + 0x36c9], 2 -jne short loc_fffbeee7 ; jne 0xfffbeee7 -mov edx, dword [ebp - 0x1f8] -mov ecx, dword [ebp - 0x1fc] -push 0 +loc_fffbedc3: ; not directly referenced +mov esi, dword [ebp - 0xc7c] +push eax +push 0x18 +movzx eax, byte [esi + 0x2489] +push eax +push ebx +mov ebx, dword [ebp - 0xc84] +mov eax, ebx +call dword [eax + 0x64] ; ucall +add esp, 0xc +push 0x18 +movzx eax, byte [esi + 0x2489] +push eax +lea eax, [ebp - 0xbc4] +push eax +mov eax, ebx +call dword [eax + 0x64] ; ucall +add esp, 0x10 +jmp near loc_fffbed6c ; jmp 0xfffbed6c + +loc_fffbee01: ; not directly referenced +mov esi, dword [ebp - 0xc7c] +push eax push 1 -imul eax, edx, 0xcc -movzx eax, byte [ecx + eax + 0xe2] -mov ecx, 0xff -neg eax +movzx eax, byte [esi + 0x2489] push eax -mov eax, edi +lea eax, [ebp - 0xba0] +add eax, ebx +push eax +mov eax, dword [ebp - 0xc84] +call dword [eax + 0x64] ; ucall +add esp, 0xc push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +movzx eax, byte [esi + 0x2489] +lea esi, [ebp - 0xbe8] +push eax +lea eax, [esi + ebx] +add ebx, 0x24 +push eax +mov eax, dword [ebp - 0xc84] +call dword [eax + 0x64] ; ucall add esp, 0x10 +cmp ebx, 0x48 +je loc_fffbed6c ; je 0xfffbed6c +jmp short loc_fffbee01 ; jmp 0xfffbee01 -loc_fffbeee7: ; not directly referenced -inc dword [ebp - 0x1f8] -add ebx, 0x48 -cmp dword [ebp - 0x1f8], 2 -jne loc_fffbee66 ; jne 0xfffbee66 -jmp near loc_fffbecb4 ; jmp 0xfffbecb4 +loc_fffbee55: ; not directly referenced +cmp byte [ebp - 0xc9c], 0 +jne loc_fffbefe5 ; jne 0xfffbefe5 -loc_fffbef02: ; not directly referenced -add dword [ebp - 0x1f8], 0x13c3 -add ecx, 0x48 -add dword [ebp - 0x210], 0x13c3 -add dword [ebp - 0x20c], 0x13c3 -cmp dword [ebp - 0x1f8], 0x2786 -je loc_fffbf0bc ; je 0xfffbf0bc +loc_fffbee62: ; not directly referenced +xor ebx, ebx -loc_fffbef33: ; not directly referenced -mov ebx, dword [ebp - 0x1f8] -mov al, byte [ebp - 0x1ec] -test byte [edi + ebx + 0x381a], al -je short loc_fffbef02 ; je 0xfffbef02 -mov eax, dword [ebp - 0x1f8] -mov ebx, 0xa -xor edx, edx -mov esi, 0xa -mov byte [ebp - 0x204], 0 -lea eax, [edi + eax + 0x3756] -mov dword [ebp - 0x224], eax -mov eax, dword [ecx + 0x3210] -div ebx -mov ebx, dword [ebp - 0x210] -xor edx, edx -mov byte [ebx + 0x39c7], al -mov eax, dword [ecx + 0x3214] -div esi -xor edx, edx -mov byte [ebx + 0x39c8], al -mov eax, dword [ecx + 0x3450] -div esi -xor edx, edx -mov byte [ebx + 0x39ca], al -mov eax, dword [ecx + 0x3454] -div esi -xor edx, edx -mov byte [ebx + 0x39c9], al -mov eax, dword [ecx + 0x2d90] -mov ebx, dword [ebp - 0x20c] -div esi -xor edx, edx -mov byte [ebx + 0x4757], al -mov eax, dword [ecx + 0x2d94] -div esi -xor edx, edx -mov byte [ebx + 0x4758], al -mov eax, dword [ecx + 0x2fd0] -div esi -xor edx, edx -mov byte [ebx + 0x475f], al -mov eax, dword [ecx + 0x2fd4] -div esi -mov byte [ebx + 0x4760], al +loc_fffbee64: ; not directly referenced +lea eax, [ebp - 0xbe8] +xor edi, edi +mov dword [ebp - 0xcb0], eax +movzx eax, bl +mov dword [ebp - 0xcd0], eax -loc_fffbeff8: ; not directly referenced -mov al, byte [ebp - 0x204] -cmp al, byte [edi + 0x2488] -jae loc_fffbef02 ; jae 0xfffbef02 -movzx ebx, al -imul ebx, ebx, 0x18 -add ebx, dword [ebp - 0x228] -add ebx, dword [ebp - 0x224] -mov byte [ebp - 0x21f], 8 +loc_fffbee7b: ; not directly referenced +mov eax, dword [ebp - 0xc88] +bt eax, edi +jb loc_fffbf040 ; jb 0xfffbf040 -loc_fffbf023: ; not directly referenced -mov eax, dword [ecx + 0x26d0] -mov esi, 0xa -xor edx, edx -add ebx, 3 -div esi -xor edx, edx -mov byte [ebx - 3], al -mov eax, dword [ecx + 0x26d4] -div esi -xor edx, edx -mov byte [ebx - 1], al -mov eax, dword [ecx + 0x2b50] -div esi -xor edx, edx -mov byte [ebx + 0x35d], al -mov eax, dword [ecx + 0x2b54] -div esi -xor edx, edx -mov byte [ebx + 0x35f], al -mov eax, dword [ecx + 0x2490] -div esi -xor edx, edx -mov byte [ebx + 0x6bf], al -mov eax, dword [ecx + 0x2494] -div esi -xor edx, edx -mov byte [ebx + 0x6bd], al -mov eax, dword [ecx + 0x2910] -div esi -xor edx, edx -mov byte [ebx + 0xa1f], al -mov eax, dword [ecx + 0x2914] -div esi -mov byte [ebx + 0xa1d], al -dec byte [ebp - 0x21f] -jne loc_fffbf023 ; jne 0xfffbf023 -inc byte [ebp - 0x204] -jmp near loc_fffbeff8 ; jmp 0xfffbeff8 +loc_fffbee8a: ; not directly referenced +inc edi +add dword [ebp - 0xcb0], 0x24 +cmp edi, 2 +jne short loc_fffbee7b ; jne 0xfffbee7b +push eax +mov ecx, dword [ebp - 0xc88] +push eax +mov edx, dword [ebp - 0xcc0] +lea eax, [ebp - 0xc68] +push eax +push 0x1f +lea eax, [ebp - 0xc71] +push eax +mov eax, dword [ebp - 0xc80] +push dword [ebp - 0xce4] +push eax +push eax +mov eax, dword [ebp - 0xc7c] +call fcn_fffd16df ; call 0xfffd16df +movzx eax, bl +add esp, 0x20 +mov dword [ebp - 0xce0], eax +imul eax, eax, 0x12 +mov dword [ebp - 0xcb0], 0 +mov dword [ebp - 0xcfc], eax -loc_fffbf0bc: ; not directly referenced -inc dword [ebp - 0x1f0] -add dword [ebp - 0x1f4], 0x90 -cmp dword [ebp - 0x1f0], 4 -jne loc_fffbeb18 ; jne 0xfffbeb18 -cmp dword [edi + 0x3756], 2 -jne short loc_fffbf0f0 ; jne 0xfffbf0f0 -xor ecx, ecx -mov edx, 0x4198 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 +loc_fffbeeed: ; not directly referenced +mov eax, dword [ebp - 0xc88] +mov edi, dword [ebp - 0xcb0] +bt eax, edi +jb loc_fffbf0d2 ; jb 0xfffbf0d2 -loc_fffbf0f0: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffbf107 ; jne 0xfffbf107 -xor ecx, ecx -mov edx, 0x4598 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 +loc_fffbef02: ; not directly referenced +inc dword [ebp - 0xcb0] +cmp dword [ebp - 0xcb0], 2 +jne short loc_fffbeeed ; jne 0xfffbeeed +cmp byte [ebp - 0xc99], 0 +mov al, 7 +cmove ebx, eax +inc ebx +cmp bl, 6 +jbe loc_fffbee64 ; jbe 0xfffbee64 +mov eax, dword [ebp - 0xc7c] +xor esi, esi +add eax, 0x3757 +mov dword [ebp - 0xcb0], eax +mov eax, dword [ebp - 0xcc8] +mov dword [ebp - 0xcb8], eax +imul eax, dword [ebp - 0xc80], 9 +mov dword [ebp - 0xcd4], eax -loc_fffbf107: ; not directly referenced -mov eax, dword [ebp - 0x200] -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffbef53: ; not directly referenced +mov eax, dword [ebp - 0xc88] +bt eax, esi +jae short loc_fffbefa6 ; jae 0xfffbefa6 +mov eax, dword [ebp - 0xcb0] +add eax, dword [ebp - 0xcd4] +mov byte [ebp - 0xca4], 0 +mov dword [ebp - 0xcd0], eax -fcn_fffbf115: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -xor esi, esi -push ebx -add esp, 0xffffff80 -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x60] -mov byte [ebp - 0x67], 5 -mov byte [ebp - 0x66], 2 -mov eax, dword [ebx + 0x5edc] -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -mov dword [ebp - 0x6c], eax -mov al, byte [ebx + 0x248e] -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -mov byte [ebp - 0x6d], al -mov eax, dword [ebx + 0x188b] -mov dword [ebp - 0x74], eax -mov eax, dword [ebx + 0x2443] +loc_fffbef77: ; not directly referenced +mov eax, dword [ebp - 0xc7c] +movzx eax, byte [eax + 0x2489] +cmp byte [ebp - 0xca4], al +jb loc_fffbf22e ; jb 0xfffbf22e +push edx push 0 -push 5 -push edi -call dword [eax + 0x60] ; ucall -movzx edx, byte [ebp - 0x67] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x66] -mov ecx, 1 -mov word [ebp - 0x60], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf +push eax +mov eax, dword [ebp - 0xc84] +push dword [ebp - 0xcb8] +call dword [eax + 0x64] ; ucall add esp, 0x10 -mov word [ebp - 0x5e], ax -loc_fffbf196: ; not directly referenced -mov eax, 1 -mov ecx, esi +loc_fffbefa6: ; not directly referenced +inc esi +add dword [ebp - 0xcb8], 0xcc +add dword [ebp - 0xcb0], 0x13c3 +cmp esi, 2 +jne short loc_fffbef53 ; jne 0xfffbef53 +inc dword [ebp - 0xcac] + +loc_fffbefc6: ; not directly referenced +mov ebx, dword [ebp - 0xcac] +mov al, byte [ebp - 0xced] +mov byte [ebp - 0xccc], bl +cmp bl, al +jb loc_fffbee55 ; jb 0xfffbee55 +jmp near loc_fffbf386 ; jmp 0xfffbf386 + +loc_fffbefe5: ; not directly referenced +test byte [ebp - 0xc98], 1 +je short loc_fffbf00e ; je 0xfffbf00e +mov cl, byte [ebp - 0xcac] +mov eax, 0x55 +mov edx, 0x409a shl eax, cl -test byte [ebx + 0x248d], al -je short loc_fffbf1d2 ; je 0xfffbf1d2 -push edx -mov ecx, 3 -push 2 +movzx ecx, al +mov eax, dword [ebp - 0xc7c] +call fcn_fffb335b ; call 0xfffb335b + +loc_fffbf00e: ; not directly referenced +cmp dword [ebp - 0xca8], 0 +je loc_fffbee62 ; je 0xfffbee62 +mov cl, byte [ebp - 0xcac] +mov eax, 0x55 +mov edx, 0x449a +shl eax, cl +movzx ecx, al +mov eax, dword [ebp - 0xc7c] +call fcn_fffb335b ; call 0xfffb335b +jmp near loc_fffbee62 ; jmp 0xfffbee62 + +loc_fffbf040: ; not directly referenced +mov eax, dword [ebp - 0xc88] +lea ecx, [edi + 1] +mov byte [ebp - 0xca4], 1 +sar eax, cl +cmp byte [ebp - 0xca0], 4 +mov dword [ebp - 0xcb8], eax +jne short loc_fffbf073 ; jne 0xfffbf073 +mov eax, dword [ebp - 0xc7c] +mov al, byte [eax + 0x2489] +mov byte [ebp - 0xca4], al + +loc_fffbf073: ; not directly referenced +xor esi, esi + +loc_fffbf075: ; not directly referenced +mov eax, esi +cmp byte [ebp - 0xca4], al +jbe loc_fffbee8a ; jbe 0xfffbee8a +push 0 +mov eax, dword [ebp - 0xcb0] +push dword [ebp - 0xcb8] +mov ecx, dword [ebp - 0xcd0] push 0 -push 0xf -push 0xb push 0 +push esi +push dword [ebp - 0xc80] push edi -lea edx, [ebp - 0x65] -push edx -push 2 -lea edx, [ebp - 0x67] -push edx -push 4 +push 0 +push 0 +mov eax, dword [eax + esi*4] +inc esi +imul eax, dword [ebp + ecx*4 - 0xc04] +mov ecx, 0x18 +cdq +idiv ecx push eax -mov eax, ebx -lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e +push dword [ebp - 0xcb4] +push dword [ebp - 0xc7c] +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 +jmp short loc_fffbf075 ; jmp 0xfffbf075 -loc_fffbf1d2: ; not directly referenced -inc esi -cmp esi, 4 -jne short loc_fffbf196 ; jne 0xfffbf196 -push eax -mov ecx, 3 +loc_fffbf0d2: ; not directly referenced +imul eax, dword [ebp - 0xcb0], 9 +mov byte [ebp - 0xcb8], 0 +mov dword [ebp - 0xca4], eax +mov eax, dword [ebp - 0xcfc] +add eax, dword [ebp - 0xca4] +mov dword [ebp - 0xcf8], eax + +loc_fffbf0f8: ; not directly referenced +mov edx, dword [ebp - 0xc7c] +mov al, byte [ebp - 0xcb8] +cmp al, byte [edx + 0x2489] +jae loc_fffbef02 ; jae 0xfffbef02 +mov eax, dword [ebp - 0xcc4] +mov edi, dword [ebp - 0xca4] +movzx ecx, byte [ebp - 0xcb8] +mov esi, dword [ebp - 0xcbc] +lea edx, [eax + edi] +add edx, ecx +lea eax, [esi + edx*8] +mov esi, dword [esi + edx*8] +mov dword [ebp - 0xcd0], eax +mov eax, dword [eax + 4] +mov dword [ebp - 0xcd4], esi +mov edx, eax +sub edx, esi +mov dword [ebp - 0xcf4], edx +test bl, bl +jne short loc_fffbf175 ; jne 0xfffbf175 +add eax, dword [ebp - 0xcd4] +xor edx, edx +lea esi, [edi + ecx] +mov edi, 0xa +mov dword [ebp + esi*4 - 0xb10], 0 +div edi +mov dword [ebp + esi*4 - 0xb58], eax + +loc_fffbf175: ; not directly referenced +mov eax, dword [ebp - 0xca4] +lea esi, [eax + ecx] +mov eax, dword [ebp - 0xce0] +mov edi, esi +mov esi, dword [ebp + esi*4 - 0xb58] +mov edx, dword [ebp + edi*4 - 0xba0] +imul esi, dword [ebp + eax*4 - 0xc3c] +imul edx, dword [ebp + eax*4 - 0xc58] +add edx, esi +mov esi, dword [ebp - 0xcf8] +imul edx, dword [ebp - 0xcf4] +add dword [ebp + edi*4 - 0xb10], edx +cmp dword [ebp + eax*4 - 0xc04], 0 +lea edx, [esi + ecx] +mov esi, dword [ebp - 0xcd4] +mov dword [ebp + edx*8 - 0x888], esi +mov esi, dword [ebp - 0xcd0] +mov esi, dword [esi + 4] +mov dword [ebp + edx*8 - 0x884], esi +jns short loc_fffbf223 ; jns 0xfffbf223 +cmp bl, 6 +je short loc_fffbf223 ; je 0xfffbf223 +cmp dword [ebp + eax*4 - 0xc00], 0 +jle short loc_fffbf223 ; jle 0xfffbf223 +mov eax, dword [ebp - 0xcc4] +mov edx, dword [ebp - 0xca4] +mov esi, dword [ebp + edi*8 - 0x888] +add edx, eax +mov eax, dword [ebp - 0xcbc] +add ecx, edx +mov dword [eax + ecx*8], esi +mov ecx, dword [ebp - 0xcd0] +mov eax, dword [ebp + edi*8 - 0x884] +mov dword [ecx + 4], eax + +loc_fffbf223: ; not directly referenced +inc byte [ebp - 0xcb8] +jmp near loc_fffbf0f8 ; jmp 0xfffbf0f8 + +loc_fffbf22e: ; not directly referenced +movzx ebx, byte [ebp - 0xca4] +lea ecx, [esi + esi*8] +mov edi, dword [ebp - 0xcdc] +mov eax, dword [ebp - 0xcd8] +add ecx, ebx +imul edi, dword [ebp + ecx*4 - 0xb58] +imul eax, dword [ebp + ecx*4 - 0xba0] +add edi, eax +je loc_fffbf97d ; je 0xfffbf97d +mov edx, dword [ebp + ecx*4 - 0xb10] +mov eax, edx +sar eax, 0x1f +or eax, 1 +movsx eax, al +imul eax, edi +imul edi, edi, 0x14 +imul eax, eax, 0xa +add eax, edx +cdq +idiv edi +cmp byte [ebp - 0xc9a], 1 +mov edi, eax +mov dword [ebp + ecx*4 - 0xb10], eax +jne short loc_fffbf2eb ; jne 0xfffbf2eb +cmp byte [ebp - 0xccc], 0 +jne short loc_fffbf2a6 ; jne 0xfffbf2a6 +mov ecx, dword [ebp - 0xcd0] +add byte [ebx + ecx + 0x104a], al + +loc_fffbf2a6: ; not directly referenced +cmp byte [ebp - 0xccc], 1 +sete dl +cmp byte [ebp - 0xc9c], 0 +sete al +or dl, al +je short loc_fffbf320 ; je 0xfffbf320 +mov edx, dword [ebp - 0xcd0] +mov eax, edi +mov ecx, dword [ebp - 0xc80] +add byte [ebx + edx + 0x106e], al +mov edx, esi push eax -mov eax, ebx -push 0 -push 0xf -push 0 -push 0 +mov eax, dword [ebp - 0xc7c] push 0 -push 2 -lea edx, [ebx + 0x2490] -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 -cmp dword [ebp - 0x74], 1 -jne loc_fffbf2df ; jne 0xfffbf2df -lea eax, [ebx + 0x3756] -mov edi, dword [ebp - 0x6c] -mov dword [ebp - 0x78], eax -movzx eax, byte [ebp - 0x6d] -mov dword [ebp - 0x6c], 0 -add edi, 0x1c -mov dword [ebp - 0x80], eax - -loc_fffbf222: ; not directly referenced -mov eax, dword [ebp - 0x80] -mov ecx, dword [ebp - 0x6c] -bt eax, ecx -jb short loc_fffbf248 ; jb 0xfffbf248 +push 0xff +push ebx +call fcn_fffa7447 ; call 0xfffa7447 +jmp short loc_fffbf31d ; jmp 0xfffbf31d -loc_fffbf22d: ; not directly referenced -inc dword [ebp - 0x6c] -add edi, 0xcc -add dword [ebp - 0x78], 0x13c3 -cmp dword [ebp - 0x6c], 2 -jne short loc_fffbf222 ; jne 0xfffbf222 -jmp near loc_fffbf2df ; jmp 0xfffbf2df +loc_fffbf2eb: ; not directly referenced +mov eax, dword [ebp - 0xcd4] +mov edx, esi +mov ecx, dword [ebp - 0xcb0] +add eax, ebx +add word [ecx + eax*2 + 0x169], di +mov eax, dword [ebp - 0xc7c] +push ecx +mov ecx, dword [ebp - 0xc80] +push 0 +push 0xff +push ebx +call fcn_fffa735e ; call 0xfffa735e -loc_fffbf248: ; not directly referenced -mov byte [ebp - 0x6d], 0 +loc_fffbf31d: ; not directly referenced +add esp, 0x10 -loc_fffbf24c: ; not directly referenced -mov al, byte [ebp - 0x6d] -cmp al, byte [ebx + 0x2488] -jae short loc_fffbf22d ; jae 0xfffbf22d -mov edx, dword [ebp - 0x78] -movzx esi, al -mov byte [ebp - 0x74], 0 -mov cl, byte [edx + 0xc4] -add esi, edx -mov dword [ebp - 0x7c], esi -mov byte [ebp - 0x6e], cl +loc_fffbf320: ; not directly referenced +imul edi, edi, 0xa xor ecx, ecx +lea edx, [esi + esi*8] -loc_fffbf271: ; not directly referenced -mov eax, 1 -shl eax, cl -test byte [ebp - 0x6e], al -je short loc_fffbf29d ; je 0xfffbf29d -mov eax, dword [ebp - 0x7c] -lea esi, [ecx + ecx*8] -mov al, byte [eax + esi + 0x24d] -mov dl, al -and eax, 0xf -shr dl, 4 -shl edx, 2 -cmp dl, al -setne al -or byte [ebp - 0x74], al - -loc_fffbf29d: ; not directly referenced +loc_fffbf328: ; not directly referenced +movzx eax, cl +imul eax, eax, 0x12 +add eax, edx +add eax, ebx +add dword [ebp + eax*8 - 0x888], edi +sub dword [ebp + eax*8 - 0x884], edi +mov al, 7 +cmp byte [ebp - 0xc99], 0 +cmove ecx, eax inc ecx -cmp ecx, 4 -jne short loc_fffbf271 ; jne 0xfffbf271 -cmp byte [ebx + 0x240e], 1 -je short loc_fffbf2b2 ; je 0xfffbf2b2 -cmp byte [ebp - 0x74], 1 -jne short loc_fffbf2d7 ; jne 0xfffbf2d7 +cmp cl, 6 +jbe short loc_fffbf328 ; jbe 0xfffbf328 +lea ecx, [esi + esi*8] +mov edi, dword [ebp - 0xcbc] +lea eax, [ecx + ebx] +mov edx, dword [ebp + eax*8 - 0x888] +add ecx, dword [ebp - 0xcc4] +inc byte [ebp - 0xca4] +add ebx, ecx +mov dword [edi + ebx*8], edx +mov eax, dword [ebp + eax*8 - 0x884] +mov dword [edi + ebx*8 + 4], eax +jmp near loc_fffbef77 ; jmp 0xfffbef77 -loc_fffbf2b2: ; not directly referenced -movzx esi, byte [ebp - 0x6d] -mov eax, ebx -mov edx, dword [ebp - 0x6c] -mov ecx, esi -add esi, 8 -call fcn_fffa720e ; call 0xfffa720e -or byte [edi + esi*4 + 0xb], 1 -mov ecx, dword [edi + esi*4 + 8] -mov edx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffbf386: ; not directly referenced +cmp byte [ebp - 0xcee], 0 +je loc_fffbec95 ; je 0xfffbec95 +cmp byte [ebp - 0xc99], 0 +jne short loc_fffbf3e9 ; jne 0xfffbf3e9 -loc_fffbf2d7: ; not directly referenced -inc byte [ebp - 0x6d] -jmp near loc_fffbf24c ; jmp 0xfffbf24c +loc_fffbf39c: ; not directly referenced +mov eax, dword [ebp - 0xc98] +and eax, 1 +mov dword [ebp - 0xcb0], eax +je short loc_fffbf3c2 ; je 0xfffbf3c2 +mov eax, dword [ebp - 0xc7c] +mov ecx, 0xffff3001 +mov edx, 0x4098 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbf2df: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffbf3c2: ; not directly referenced +cmp dword [ebp - 0xca8], 0 +je loc_fffbf46e ; je 0xfffbf46e +mov eax, dword [ebp - 0xc7c] +mov ecx, 0xffff3001 +mov edx, 0x4498 +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbf46e ; jmp 0xfffbf46e -fcn_fffbf2e9: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi +loc_fffbf3e9: ; not directly referenced +sub esp, 0xc +mov ecx, dword [ebp - 0xc80] +lea eax, [ebp - 0xc68] +mov edx, dword [ebp - 0xc88] +push eax +lea ebx, [ebp - 0xbe8] push ebx -sub esp, 0x540 -mov esi, dword [ebp + 0xc] -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x4fa] -mov dword [ebp - 0x520], edx -mov edx, dword [ebp + 0x14] -mov dword [ebp - 0x51c], eax -mov dword [ebp - 0x52c], esi -mov esi, dword [ebp + 0x18] -mov dword [ebp - 0x524], ecx -mov ecx, 0xa -mov dword [ebp - 0x538], edx -mov dword [ebp - 0x528], ebx -mov ebx, dword [ebp + 0x10] -mov dword [ebp - 0x530], esi -mov esi, dword [ebp + 0x20] -mov byte [ebp - 0x507], 4 -mov byte [ebp - 0x506], 1 -mov byte [ebp - 0x505], 5 -mov eax, esi -mov dword [ebp - 0x534], esi -mov esi, ref_fffd590c ; mov esi, 0xfffd590c -mov byte [ebp - 0x541], al -lea eax, [ebp - 0x4f0] -mov byte [ebp - 0x504], 2 -mov byte [ebp - 0x50b], 4 -mov byte [ebp - 0x50a], 1 -mov byte [ebp - 0x509], 5 -mov byte [ebp - 0x508], 2 -mov byte [ebp - 0x4ff], 1 -mov byte [ebp - 0x4fe], 2 -mov byte [ebp - 0x4fd], 0 -mov byte [ebp - 0x4fc], 0 -mov byte [ebp - 0x4fb], 0 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov edi, dword [ebp - 0x51c] -mov dword [ebp - 0x503], 0 -mov esi, dword [edi + 0x2443] -push 0xff -push 0x4d8 +lea eax, [ebp - 0xba0] push eax -call dword [esi + 0x5c] ; ucall +lea eax, [ebp - 0xc71] +push eax +mov eax, dword [ebp - 0xc7c] +push dword [ebp - 0xcb4] +call fcn_fffbe830 ; call 0xfffbe830 +add esp, 0x20 +test eax, eax +je loc_fffbf39c ; je 0xfffbf39c +push edi +mov edi, dword [ebp - 0xc7c] +push 0x18 +movzx eax, byte [edi + 0x2489] +push eax +push ebx +mov ebx, dword [ebp - 0xc84] +mov eax, ebx +call dword [eax + 0x64] ; ucall add esp, 0xc -push 0xff -push 0x54e -push dword [ebp - 0x520] -call dword [esi + 0x5c] ; ucall -mov cl, byte [ebp - 0x524] -mov al, byte [ebp - 0x528] -and cl, byte [edi + 0x248e] -and al, byte [edi + 0x248d] +push 0x18 +movzx eax, byte [edi + 0x2489] +push eax +lea eax, [ebp - 0xbc4] +push eax +mov eax, ebx +call dword [eax + 0x64] ; ucall add esp, 0x10 -mov byte [ebp - 0x50d], 0 -mov edx, dword [ebp - 0x538] -movzx esi, cl -mov edi, eax -xor eax, eax -and cl, 1 -je short loc_fffbf439 ; je 0xfffbf439 -mov ecx, dword [ebp - 0x51c] -mov eax, edi -and al, byte [ecx + 0x381a] -test al, al -mov byte [ebp - 0x50d], al -setne al +jmp near loc_fffbf39c ; jmp 0xfffbf39c -loc_fffbf439: ; not directly referenced -and esi, 2 -mov byte [ebp - 0x50c], 0 -je short loc_fffbf463 ; je 0xfffbf463 -mov esi, dword [ebp - 0x51c] -mov ecx, edi -and cl, byte [esi + 0x4bdd] -mov esi, eax -or esi, 2 -test cl, cl -mov byte [ebp - 0x50c], cl -cmovne eax, esi +loc_fffbf46e: ; not directly referenced +movzx eax, byte [ebp - 0xc9b] +mov byte [ebp - 0xc98], 0 +mov dword [ebp - 0xcd0], eax -loc_fffbf463: ; not directly referenced -mov cl, byte [ebx] -movzx eax, al -mov esi, dword [ebp - 0x520] -mov dword [ebp - 0x524], eax -mov byte [esi], cl -mov cl, byte [edx] -mov byte [esi + 4], cl -mov cl, byte [ebx + 1] -mov byte [esi + 1], cl -mov cl, byte [edx + 1] -mov byte [esi + 5], cl -mov cl, byte [ebx + 2] -mov byte [esi + 2], cl -mov cl, byte [edx + 2] -mov byte [esi + 6], cl -mov cl, byte [ebx + 3] -mov bl, byte [ebp - 0x530] -mov byte [esi + 3], cl -mov dl, byte [edx + 3] -mov byte [esi + 8], bl -mov byte [esi + 7], dl -mov edx, eax -movzx eax, byte [ebp - 0x52c] -push ecx +loc_fffbf482: ; not directly referenced +lea eax, [ebp - 0xbe8] +xor ebx, ebx +mov dword [ebp - 0xcac], eax +movzx eax, byte [ebp - 0xc98] +lea edi, [ebp - 0x498] +mov dword [ebp - 0xcc4], eax + +loc_fffbf4a3: ; not directly referenced +mov eax, dword [ebp - 0xc88] +bt eax, ebx +jb loc_fffbf55d ; jb 0xfffbf55d + +loc_fffbf4b2: ; not directly referenced +mov eax, dword [ebp - 0xc84] +inc ebx +push esi +push 8 +push 0x90 +push edi +add edi, 0x240 +call dword [eax + 0x64] ; ucall +add esp, 0x10 +add dword [ebp - 0xcac], 0x24 +cmp ebx, 2 +jne short loc_fffbf4a3 ; jne 0xfffbf4a3 +movzx eax, byte [ebp - 0xc98] +mov ebx, dword [ebp - 0xc7c] +mov edx, dword [ebp - 0xc88] +mov dword [ebp - 0xcd4], eax +imul eax, eax, 0x90 +mov byte [ebx + 0x248d], 1 push ecx -mov ecx, esi -push 1 +mov ecx, dword [ebp - 0xc80] +push dword [ebp - 0xcd0] +lea eax, [ebp + eax - 0x888] push eax -mov eax, dword [ebp - 0x51c] -call fcn_fffb3a79 ; call 0xfffb3a79 +lea eax, [ebp - 0x498] +push eax +mov eax, ebx +call fcn_fffbdad4 ; call 0xfffbdad4 +lea eax, [ebp - 0xac8] add esp, 0x10 -cmp dword [ebp + 0x24], 0 -je short loc_fffbf50e ; je 0xfffbf50e -mov esi, dword [ebp - 0x51c] -push ecx -mov ecx, dword [ebp - 0x524] -push 0 -push 0 -lea ebx, [esi + 0x2490] -mov eax, esi -push 0 -mov edx, ebx -call fcn_fffc19af ; call 0xfffc19af -mov ecx, dword [ebp - 0x524] -pop eax +mov dword [ebp - 0xcac], eax +lea eax, [ebp - 0xba0] +xor ebx, ebx +mov dword [ebp - 0xcc4], eax +lea eax, [ebp - 0xb58] +mov dword [ebp - 0xcb8], eax +lea eax, [ebp - 0x498] +mov dword [ebp - 0xccc], eax +jmp near loc_fffbf61b ; jmp 0xfffbf61b + +loc_fffbf55d: ; not directly referenced +mov eax, dword [ebp - 0xc88] +lea ecx, [ebx + 1] +mov byte [ebp - 0xca4], 1 +sar eax, cl +cmp byte [ebp - 0xca0], 4 +mov dword [ebp - 0xcb8], eax +jne short loc_fffbf590 ; jne 0xfffbf590 +mov eax, dword [ebp - 0xc7c] +mov al, byte [eax + 0x2489] +mov byte [ebp - 0xca4], al + +loc_fffbf590: ; not directly referenced +xor esi, esi + +loc_fffbf592: ; not directly referenced mov eax, esi -pop edx -mov edx, ebx -push 0 -push 0xf +cmp byte [ebp - 0xca4], al +jbe loc_fffbf4b2 ; jbe 0xfffbf4b2 push 0 +mov eax, dword [ebp - 0xcac] +mov ecx, 0x18 +push dword [ebp - 0xcb8] +mov edx, dword [ebp - 0xcc4] push 0 push 0 -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 - -loc_fffbf50e: ; not directly referenced -cmp dword [ebp + 0x28], 0 -je short loc_fffbf547 ; je 0xfffbf547 -mov ebx, dword [ebp - 0x51c] -sub esp, 0xc +push esi +push dword [ebp - 0xc80] push ebx -call fcn_fffbdcd9 ; call 0xfffbdcd9 -mov ecx, dword [ebp - 0x524] -pop eax -mov eax, ebx -pop edx -lea edx, [ebx + 0x2490] -push 0 -push 0xf push 0 push 0 -push 0 -push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 +mov eax, dword [eax + esi*4] +inc esi +imul eax, dword [ebp + edx*4 - 0xc04] +cdq +idiv ecx +push eax +push dword [ebp - 0xcb4] +push dword [ebp - 0xc7c] +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +jmp short loc_fffbf592 ; jmp 0xfffbf592 -loc_fffbf547: ; not directly referenced -mov ebx, dword [ebp - 0x520] -mov edx, edi -xor ecx, ecx -mov al, byte [ebp - 0x534] -movzx edi, dl -mov dword [ebp - 0x52c], edi -mov byte [ebx + 0x539], al -lea eax, [ebx + 0x534] -mov dword [ebp - 0x538], eax -mov eax, dword [ebp + 0x1c] -lea ebx, [ebp - 0x507] -mov dword [ebp - 0x530], eax +loc_fffbf5ef: ; not directly referenced +inc ebx +add dword [ebp - 0xcac], 0x120 +add dword [ebp - 0xccc], 0x240 +add dword [ebp - 0xcc4], 0x24 +add dword [ebp - 0xcb8], 0x24 +cmp ebx, 2 +je loc_fffbf6cb ; je 0xfffbf6cb + +loc_fffbf61b: ; not directly referenced +mov eax, dword [ebp - 0xc88] +bt eax, ebx +jae short loc_fffbf5ef ; jae 0xfffbf5ef +mov eax, dword [ebp - 0xc7c] +xor edx, edx +mov esi, dword [ebp - 0xccc] +mov al, byte [eax + 0x2489] +mov byte [ebp - 0xce0], al +mov eax, dword [ebp - 0xcac] +mov dword [ebp - 0xca4], eax + +loc_fffbf64c: ; not directly referenced +cmp byte [ebp - 0xce0], dl +jbe short loc_fffbf5ef ; jbe 0xfffbf5ef +mov eax, dword [ebp - 0xcb8] +mov edi, dword [ebp - 0xcd4] +mov ecx, dword [eax + edx*4] +mov eax, dword [ebp - 0xcc4] +imul ecx, dword [ebp + edi*4 - 0xc3c] +mov eax, dword [eax + edx*4] +imul eax, dword [ebp + edi*4 - 0xc58] +add eax, ecx +mov dword [ebp - 0xcf4], eax xor eax, eax -loc_fffbf583: ; not directly referenced -mov dl, byte [ebp - 0x530] -sub edx, dword [ebp + 0x1c] -cmp dl, byte [ebp - 0x541] -jae loc_fffbf9f9 ; jae 0xfffbf9f9 -mov edi, dword [ebp - 0x530] -mov esi, dword [ebp - 0x538] -mov dl, byte [edi] -mov byte [esi], dl -cmp byte [edi], 6 -ja loc_fffbf92d ; ja 0xfffbf92d -movzx edx, byte [edi] -jmp dword [edx*4 + ref_fffd5918] ; ujmp: jmp dword [edx*4 - 0x2a6e8] +loc_fffbf686: ; not directly referenced +mov edi, dword [esi + eax*2 + 4] +add edi, dword [esi + eax*2] +sub edi, 0x10 +cmp byte [ebp - 0xc98], 0 +jne short loc_fffbf6a6 ; jne 0xfffbf6a6 +mov ecx, dword [ebp - 0xca4] +mov dword [ecx + eax], 0 -loc_fffbf5bb: ; not directly referenced -push eax -mov ecx, dword [ebp - 0x524] -push 1 -push 0 -push 0xf -push 0xc -push 0xfffffffffffffff5 -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -mov eax, dword [ebp - 0x51c] -push 2 -lea ebx, [ebp - 0x509] -push ebx -push 0 -push dword [ebp - 0x52c] -lea esi, [ebp - 0x3f8] -mov edx, esi -call fcn_fffca96e ; call 0xfffca96e -mov eax, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edi, [eax + 0x14f] +loc_fffbf6a6: ; not directly referenced +mov ecx, dword [ebp - 0xca4] +imul edi, dword [ebp - 0xcf4] +add dword [ecx + eax], edi +add eax, 4 +cmp eax, 0x20 +jne short loc_fffbf686 ; jne 0xfffbf686 +inc edx +add esi, 0x40 +add dword [ebp - 0xca4], 0x20 +jmp short loc_fffbf64c ; jmp 0xfffbf64c + +loc_fffbf6cb: ; not directly referenced +mov bl, byte [ebp - 0xc98] +mov al, 7 +cmp byte [ebp - 0xc99], 0 +cmove ebx, eax +mov byte [ebp - 0xc98], bl +inc byte [ebp - 0xc98] +cmp byte [ebp - 0xc98], 6 +jbe loc_fffbf482 ; jbe 0xfffbf482 +mov eax, dword [ebp - 0xc7c] +xor edi, edi +mov ebx, dword [ebp - 0xcc8] +mov dword [ebp - 0xcac], 0 +add eax, 0x3757 +mov dword [ebp - 0xcb8], eax +imul eax, dword [ebp - 0xc80], 0xd8 +mov dword [ebp - 0xcc4], ebx +add eax, 0x282 +mov dword [ebp - 0xcf4], eax + +loc_fffbf734: ; not directly referenced +mov eax, dword [ebp - 0xc88] +bt eax, edi +jae loc_fffbf8d0 ; jae 0xfffbf8d0 +mov eax, dword [ebp - 0xc7c] +mov edx, edi +mov ecx, 0xffff0001 +shl edx, 0xa +add edx, 0x4098 +call fcn_fffb3381 ; call 0xfffb3381 +lea eax, [edi + edi*8] +mov byte [ebp - 0xc98], 0 +mov dword [ebp - 0xce0], eax + +loc_fffbf76e: ; not directly referenced +mov eax, dword [ebp - 0xc7c] +movzx eax, byte [eax + 0x2489] +cmp byte [ebp - 0xc98], al +jae loc_fffbf8ba ; jae 0xfffbf8ba +movzx eax, byte [ebp - 0xc98] +mov edx, dword [ebp - 0xcdc] +mov ebx, dword [ebp - 0xcd8] +mov dword [ebp - 0xca4], 0 +mov esi, eax +mov dword [ebp - 0xccc], eax +mov eax, dword [ebp - 0xce0] +add eax, esi +imul ebx, dword [ebp + eax*4 - 0xba0] +imul edx, dword [ebp + eax*4 - 0xb58] mov eax, 1 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov cl, 2 -jmp near loc_fffbf92d ; jmp 0xfffbf92d +add edx, ebx +cmovne eax, edx +xor ecx, ecx +mov ebx, eax +add ebx, eax +mov dword [ebp - 0xcd4], ebx +imul ebx, esi, 0x18 +add esi, dword [ebp - 0xcac] +add ebx, dword [ebp - 0xcf4] +add ebx, dword [ebp - 0xcb8] +mov dword [ebp - 0xcc8], eax +shl esi, 5 +lea eax, [ebp - 0xac8] +add esi, eax -loc_fffbf620: ; not directly referenced -push eax -mov ecx, dword [ebp - 0x524] -push 0 -push 9 -push 0xf -push 6 -push 0xfffffffffffffff6 -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -mov eax, dword [ebp - 0x51c] -push 2 -lea ebx, [ebp - 0x50b] -push ebx -push 1 -push dword [ebp - 0x52c] -lea esi, [ebp - 0x110] -mov edx, esi -call fcn_fffca96e ; call 0xfffca96e -mov eax, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edi, [eax + 0x437] -mov eax, 4 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov cl, 2 -jmp near loc_fffbf92d ; jmp 0xfffbf92d +loc_fffbf800: ; not directly referenced +mov edx, dword [esi + ecx] +mov eax, edx +sar eax, 0x1f +or eax, 1 +movsx eax, al +imul eax, dword [ebp - 0xcc8] +add eax, edx +cdq +idiv dword [ebp - 0xcd4] +cmp byte [ebp - 0xc9a], 1 +jne short loc_fffbf82c ; jne 0xfffbf82c +movzx edx, byte [ebx] +jmp short loc_fffbf833 ; jmp 0xfffbf833 -loc_fffbf685: ; not directly referenced -lea eax, [ebp - 0x208] -xor ebx, ebx -mov dword [ebp - 0x534], eax +loc_fffbf82c: ; not directly referenced +movzx edx, byte [ebx + 0x360] -loc_fffbf693: ; not directly referenced -mov eax, dword [ebp - 0x52c] -bt eax, ebx -jb short loc_fffbf6bd ; jb 0xfffbf6bd +loc_fffbf833: ; not directly referenced +add eax, edx +cmp eax, 0xf +jle short loc_fffbf843 ; jle 0xfffbf843 +mov dword [esi + ecx], 0xf +jmp short loc_fffbf850 ; jmp 0xfffbf850 -loc_fffbf69e: ; not directly referenced -inc ebx -add dword [ebp - 0x534], 0x3e -cmp ebx, 4 -jne short loc_fffbf693 ; jne 0xfffbf693 -mov cl, 2 -mov eax, 3 -lea ebx, [ebp - 0x509] -jmp near loc_fffbf92d ; jmp 0xfffbf92d +loc_fffbf843: ; not directly referenced +test eax, eax +mov edx, 0 +cmovs eax, edx +mov dword [esi + ecx], eax + +loc_fffbf850: ; not directly referenced +cmp byte [ebp - 0xc9a], 1 +mov eax, dword [esi + ecx] +jne short loc_fffbf860 ; jne 0xfffbf860 +mov byte [ebx], al +jmp short loc_fffbf866 ; jmp 0xfffbf866 + +loc_fffbf860: ; not directly referenced +mov byte [ebx + 0x360], al -loc_fffbf6bd: ; not directly referenced +loc_fffbf866: ; not directly referenced +mov eax, dword [esi + ecx] +add ebx, 3 +shl eax, cl +add ecx, 4 +or dword [ebp - 0xca4], eax +cmp ecx, 0x20 +jne short loc_fffbf800 ; jne 0xfffbf800 +push 0 +push 0 +push 0 +push 0 +push dword [ebp - 0xccc] +push dword [ebp - 0xc80] push edi -mov esi, dword [ebp - 0x534] -mov cl, bl -push 2 push 0 -push 0xf -push 0xb -mov edx, esi push 0 -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -push 2 -lea eax, [ebp - 0x509] -push eax -mov eax, dword [ebp - 0x51c] -push 4 -mov dword [ebp - 0x528], 1 -shl dword [ebp - 0x528], cl -push dword [ebp - 0x528] -mov ecx, dword [ebp - 0x524] -call fcn_fffca96e ; call 0xfffca96e -imul eax, ebx, 0x3e -mov edi, dword [ebp - 0x520] -mov ecx, 0x3e +push dword [ebp - 0xca4] +push dword [ebp - 0xcd0] +push dword [ebp - 0xc7c] +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -lea edx, [ebp - 0x4f0] -lea edi, [edi + eax + 0x33f] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -lea ecx, [ebp - 0x50d] -lea edi, [ebp - 0x50b] +inc byte [ebp - 0xc98] +jmp near loc_fffbf76e ; jmp 0xfffbf76e -loc_fffbf73e: ; not directly referenced -movzx esi, byte [ecx] -test dword [ebp - 0x528], esi -je short loc_fffbf779 ; je 0xfffbf779 -mov si, word [edx + eax + 0x30c] -cmp si, word [edx + 0x30c] -jae short loc_fffbf761 ; jae 0xfffbf761 -mov word [edx + 0x30c], si +loc_fffbf8ba: ; not directly referenced +push edx +push 0 +push eax +mov eax, dword [ebp - 0xc84] +push dword [ebp - 0xcc4] +call dword [eax + 0x64] ; ucall +add esp, 0x10 -loc_fffbf761: ; not directly referenced -mov si, word [edx + eax + 0x310] -cmp si, word [edx + 0x310] -jae short loc_fffbf779 ; jae 0xfffbf779 -mov word [edx + 0x310], si +loc_fffbf8d0: ; not directly referenced +inc edi +add dword [ebp - 0xcc4], 0xcc +add dword [ebp - 0xcac], 9 +add dword [ebp - 0xcb8], 0x13c3 +cmp edi, 2 +jne loc_fffbf734 ; jne 0xfffbf734 +cmp dword [ebp - 0xcb0], 0 +je short loc_fffbf913 ; je 0xfffbf913 +mov eax, dword [ebp - 0xc7c] +mov ecx, 0xffff3001 +mov edx, 0x4098 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbf779: ; not directly referenced -inc ecx -add edx, 2 -cmp ecx, edi -je loc_fffbf69e ; je 0xfffbf69e -jmp short loc_fffbf73e ; jmp 0xfffbf73e +loc_fffbf913: ; not directly referenced +cmp dword [ebp - 0xca8], 0 +je short loc_fffbf931 ; je 0xfffbf931 +mov eax, dword [ebp - 0xc7c] +mov ecx, 0xffff3001 +mov edx, 0x4498 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbf787: ; not directly referenced -mov eax, dword [ebp - 0x51c] -lea ebx, [ebp - 0x300] -mov dword [ebp - 0x534], ebx -cmp dword [eax + 0x188b], 1 -setne al -xor ebx, ebx -lea eax, [eax + eax + 0xc] -movsx eax, al -mov dword [ebp - 0x53c], eax +loc_fffbf931: ; not directly referenced +cmp dword [ebp - 0xcb0], 0 +je short loc_fffbf94f ; je 0xfffbf94f +mov eax, dword [ebp - 0xc7c] +mov ecx, 0xffff0001 +mov edx, 0x4098 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffbf7b2: ; not directly referenced -mov eax, dword [ebp - 0x52c] -bt eax, ebx -jb short loc_fffbf7dc ; jb 0xfffbf7dc +loc_fffbf94f: ; not directly referenced +cmp dword [ebp - 0xca8], 0 +je loc_fffbec95 ; je 0xfffbec95 +mov eax, dword [ebp - 0xc7c] +mov ecx, 0xffff0001 +mov edx, 0x4498 +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffbec95 ; jmp 0xfffbec95 -loc_fffbf7bd: ; not directly referenced -inc ebx -add dword [ebp - 0x534], 0x3e -cmp ebx, 4 -jne short loc_fffbf7b2 ; jne 0xfffbf7b2 -mov cl, 2 +loc_fffbf976: ; not directly referenced mov eax, 2 -lea ebx, [ebp - 0x50b] -jmp near loc_fffbf92d ; jmp 0xfffbf92d +jmp short loc_fffbf982 ; jmp 0xfffbf982 + +loc_fffbf97d: ; not directly referenced +mov eax, 1 + +loc_fffbf982: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffbf7dc: ; not directly referenced +fcn_fffbf98a: ; not directly referenced +push ebp +mov ebp, esp +push edi push esi -mov cl, bl -mov esi, dword [ebp - 0x534] -push 0 -push 9 -push 0xf -push dword [ebp - 0x53c] -mov edx, esi -lea eax, [ebp - 0x4fa] -mov dword [ebp - 0x528], 1 -shl dword [ebp - 0x528], cl +push ebx +sub esp, 0x1040 +mov edi, dword [eax + 0x5edd] +mov dword [ebp - 0x101c], edx +mov dl, byte [ebp + 0x10] +mov dword [ebp - 0xffc], eax +mov esi, dword [ebp + 8] +mov dword [ebp - 0x1000], ecx +mov ebx, dword [ebp + 0xc] +mov byte [ebp - 0xff7], 0 +mov byte [ebp - 0x1008], dl +mov edx, dword [eax + 0x2444] +mov eax, dword [eax + 0x188b] push 0 -mov ecx, dword [ebp - 0x524] -push eax -lea eax, [ebp - 0x4ff] -push eax -push 2 -lea eax, [ebp - 0x50b] +push 0x10 +mov dword [ebp - 0x102c], eax +lea eax, [ebp - 0xfe8] push eax -mov eax, dword [ebp - 0x51c] -push 5 -push dword [ebp - 0x528] -call fcn_fffca96e ; call 0xfffca96e -imul eax, ebx, 0x3e -mov edi, dword [ebp - 0x520] -mov ecx, 0x3e -add esp, 0x30 -lea edx, [ebp - 0x4f0] -lea edi, [edi + eax + 0x247] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -lea ecx, [ebp - 0x50d] +mov dword [ebp - 0x1038], esi +mov byte [ebp - 0xff6], 0xf8 +mov byte [ebp - 0xff5], 8 +mov byte [ebp - 0xff4], 1 +mov byte [ebp - 0xff3], 1 +mov byte [ebp - 0xff2], 1 +mov dword [ebp - 0x1010], edx +call dword [edx + 0x5c] ; ucall +mov ecx, dword [ebp - 0x1000] +add esp, 0x10 +xor eax, eax -loc_fffbf85b: ; not directly referenced -movzx esi, byte [ecx] -test dword [ebp - 0x528], esi -je short loc_fffbf896 ; je 0xfffbf896 -mov si, word [edx + eax + 0x214] -cmp si, word [edx + 0x214] -jae short loc_fffbf87e ; jae 0xfffbf87e -mov word [edx + 0x214], si - -loc_fffbf87e: ; not directly referenced -mov si, word [edx + eax + 0x218] -cmp si, word [edx + 0x218] -jae short loc_fffbf896 ; jae 0xfffbf896 -mov word [edx + 0x218], si - -loc_fffbf896: ; not directly referenced -inc ecx -add edx, 2 -lea edi, [ebp - 0x50b] -cmp ecx, edi -je loc_fffbf7bd ; je 0xfffbf7bd -jmp short loc_fffbf85b ; jmp 0xfffbf85b - -loc_fffbf8aa: ; not directly referenced -mov eax, dword [ebp - 0x51c] -cmp dword [eax + 0x188b], 1 -jne short loc_fffbf8ca ; jne 0xfffbf8ca -call fcn_fffa9b8c ; call 0xfffa9b8c -mov edx, 0x2f -mov eax, 8 -jmp short loc_fffbf8d1 ; jmp 0xfffbf8d1 - -loc_fffbf8ca: ; not directly referenced -mov edx, 7 +loc_fffbfa1e: ; not directly referenced +mov byte [ebp + eax - 0xff1], al +inc eax +cmp eax, 9 +jne short loc_fffbfa1e ; jne 0xfffbfa1e +mov eax, dword [ebp - 0xffc] +sub esp, 0xc +movzx edx, cl +push 2 +mov ecx, 0xf +call fcn_fffae9e2 ; call 0xfffae9e2 +add esp, 0x10 xor eax, eax +mov byte [ebp - 0x1004], 0 +mov dl, 3 -loc_fffbf8d1: ; not directly referenced -push ecx -mov ecx, dword [ebp - 0x524] +loc_fffbfa51: ; not directly referenced +movzx ecx, al +mov cl, byte [ebp + ecx - 0xff4] +add byte [ebp - 0x1004], cl +cmp byte [ebp - 0x1008], 0 +cmove eax, edx +inc eax +cmp al, 2 +jbe short loc_fffbfa51 ; jbe 0xfffbfa51 +mov esi, dword [ebp - 0x1004] +mov eax, esi +test al, al +mov al, 1 +cmove esi, eax +dec bl +mov eax, esi +mov byte [ebp - 0x1004], al +jne short loc_fffbfab2 ; jne 0xfffbfab2 +push 1 push 0 -push 9 -push 0xf -push edx -push eax -lea eax, [ebp - 0x4fa] -push eax -lea eax, [ebp - 0x4ff] -push eax -mov eax, dword [ebp - 0x51c] -push 2 -lea ebx, [ebp - 0x50b] -push ebx -push 6 -push dword [ebp - 0x52c] -lea edx, [ebp - 0x4f0] -lea esi, [ebp - 0x4f0] -call fcn_fffca96e ; call 0xfffca96e -mov eax, dword [ebp - 0x520] -mov ecx, 0x3e +push 1 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0x88888888 +push 0xa +push dword [ebp - 0xffc] +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -lea edi, [eax + 0x57] -xor eax, eax -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov cl, 2 - -loc_fffbf92d: ; not directly referenced -imul edi, eax, 0x7c -mov dword [ebp - 0x528], 0 -mov dword [ebp - 0x53c], edi - -loc_fffbf940: ; not directly referenced -mov edi, dword [ebp - 0x528] -cmp byte [ebp + edi - 0x50d], 0 -je loc_fffbf9d5 ; je 0xfffbf9d5 -mov edi, dword [ebp - 0x53c] -lea edx, [ebp - 0x4f0] -add edi, dword [ebp - 0x528] -add edi, edi -add edi, edx -mov dword [ebp - 0x540], edi -xor edi, edi -jmp short loc_fffbf9cf ; jmp 0xfffbf9cf - -loc_fffbf974: ; not directly referenced -mov dl, byte [ebx + edi] -xor esi, esi -mov byte [ebp - 0x534], dl -cmp dl, 0x21 -ja short loc_fffbf98e ; ja 0xfffbf98e -movzx esi, dl -movzx esi, byte [esi + ref_fffd5f1c] ; movzx esi, byte [esi - 0x2a0e4] - -loc_fffbf98e: ; not directly referenced -mov edx, esi -movzx esi, dl -mov dl, byte [ebp - 0x534] -mov dword [ebp - 0x548], eax -mov eax, dword [ebp - 0x520] -mov byte [ebp + esi - 0x503], dl -mov edx, dword [ebp - 0x528] -add esi, esi -lea edx, [edx + esi + 0x20] -mov esi, dword [ebp - 0x540] -mov si, word [esi + edi*4 + 0x24] -inc edi -mov word [eax + edx*2 + 3], si -mov eax, dword [ebp - 0x548] - -loc_fffbf9cf: ; not directly referenced -mov edx, edi -cmp cl, dl -ja short loc_fffbf974 ; ja 0xfffbf974 - -loc_fffbf9d5: ; not directly referenced -inc dword [ebp - 0x528] -cmp dword [ebp - 0x528], 2 -jne loc_fffbf940 ; jne 0xfffbf940 -inc dword [ebp - 0x530] -inc dword [ebp - 0x538] -jmp near loc_fffbf583 ; jmp 0xfffbf583 - -loc_fffbf9f9: ; not directly referenced -mov eax, dword [ebp - 0x520] -lea ebx, [ebp - 0x503] -mov dword [ebp - 0x524], ebx -mov byte [ebp - 0x52c], 0 -mov byte [eax + 0x52f], 0 -mov dword [ebp - 0x528], eax - -loc_fffbfa1f: ; not directly referenced -mov eax, dword [ebp - 0x524] -mov bl, byte [eax] -test bl, bl -je loc_fffbfad2 ; je 0xfffbfad2 -mov ecx, dword [ebp - 0x520] -xor esi, esi -movzx eax, byte [ebp - 0x52c] -mov edi, dword [ebp - 0x51c] -mov byte [ecx + eax + 0x530], bl -lea eax, [ecx + eax*4] -inc byte [ecx + 0x52f] -add edi, 0x49be -mov dword [ebp - 0x530], eax -movzx eax, bl -mov dword [ebp - 0x534], eax - -loc_fffbfa69: ; not directly referenced -cmp byte [ebp + esi - 0x50d], 0 -je short loc_fffbfac0 ; je 0xfffbfac0 -mov edx, dword [ebp - 0x534] -mov ecx, 1 -mov eax, dword [ebp - 0x51c] -call fcn_fffb13cf ; call 0xfffb13cf -cmp bl, 2 -jne short loc_fffbfaa1 ; jne 0xfffbfaa1 -cmp byte [edi + 0x128], 5 -mov dl, byte [edi] -je short loc_fffbfa9e ; je 0xfffbfa9e -cmp dl, 5 -jne short loc_fffbfaa1 ; jne 0xfffbfaa1 - -loc_fffbfa9e: ; not directly referenced -add eax, 0x50 - -loc_fffbfaa1: ; not directly referenced -mov ecx, dword [ebp - 0x528] -mov dx, word [ecx + esi*2 + 0x43] -mov ecx, dword [ebp - 0x530] -cmp dx, ax -cmovbe eax, edx -mov word [ecx + esi*2 + 0x53a], ax -loc_fffbfac0: ; not directly referenced -inc esi -add edi, 0x13c3 -cmp esi, 2 -jne short loc_fffbfa69 ; jne 0xfffbfa69 -inc byte [ebp - 0x52c] +loc_fffbfab2: ; not directly referenced +mov eax, dword [ebp - 0xffc] +xor ebx, ebx +mov byte [ebp - 0x1000], 0 +lea esi, [eax + 0x381b] +lea eax, [edi + 0x70] +mov dword [ebp - 0x1028], eax +mov edi, eax loc_fffbfad2: ; not directly referenced -inc dword [ebp - 0x524] -add dword [ebp - 0x528], 4 -lea eax, [ebp - 0x4ff] -cmp dword [ebp - 0x524], eax -jne loc_fffbfa1f ; jne 0xfffbfa1f -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffbfaf9: ; not directly referenced -push ebp -mov ebp, esp +movzx ecx, byte [esi] +mov edx, ebx +mov eax, dword [ebp - 0xffc] +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x1000], al +cmp dword [esi - 0xc4], 2 +jne short loc_fffbfb0f ; jne 0xfffbfb0f +mov eax, dword [ebp - 0xffc] +push ecx +push 0 +movzx eax, byte [eax + 0x2489] +push eax +mov eax, dword [ebp - 0x1010] push edi -push esi -push ebx -sub esp, 0x57c -mov ebx, dword [ebp + 0x10] -cmp byte [eax + 0x248b], 1 -mov dword [ebp - 0x50c], eax -mov dword [ebp - 0x574], ecx -mov dword [ebp - 0x53c], ebx -mov byte [ebp - 0x566], dl -mov byte [ebp - 0x535], cl -mov byte [ebp - 0x50e], bl -jne short loc_fffbfb5b ; jne 0xfffbfb5b -mov al, byte [eax + 0x248c] -lea edx, [eax + 4] -mov byte [ebp - 0x508], al -mov byte [ebp - 0x507], al -add eax, 2 -mov byte [ebp - 0x506], dl -mov byte [ebp - 0x505], al -jmp short loc_fffbfb77 ; jmp 0xfffbfb77 - -loc_fffbfb5b: ; not directly referenced -mov byte [ebp - 0x508], 1 -mov byte [ebp - 0x507], 1 -mov byte [ebp - 0x506], 1 -mov byte [ebp - 0x505], 1 - -loc_fffbfb77: ; not directly referenced -mov ebx, dword [ebp - 0x53c] -mov al, bl -shr al, 4 -inc eax -mov byte [ebp - 0x520], al -cmp bl, 9 -je short loc_fffbfbaa ; je 0xfffbfbaa -cmp bl, 8 -je short loc_fffbfbba ; je 0xfffbfbba -cmp bl, 0xa -sete al -mov byte [ebp - 0x50d], al -shl eax, 2 -mov byte [ebp - 0x50f], al -jmp short loc_fffbfbc8 ; jmp 0xfffbfbc8 - -loc_fffbfbaa: ; not directly referenced -mov byte [ebp - 0x50d], 1 -mov byte [ebp - 0x50f], 1 -jmp short loc_fffbfbc8 ; jmp 0xfffbfbc8 - -loc_fffbfbba: ; not directly referenced -mov byte [ebp - 0x50d], 1 -mov byte [ebp - 0x50f], 2 - -loc_fffbfbc8: ; not directly referenced -mov eax, dword [ebp - 0x53c] -cmp al, 0x21 -sete dl -cmp al, 0x11 -sete al -or dl, al -jne short loc_fffbfbef ; jne 0xfffbfbef -cmp byte [ebp - 0x53c], 5 -mov dword [ebp - 0x52c], 0 -jne short loc_fffbfc01 ; jne 0xfffbfc01 - -loc_fffbfbef: ; not directly referenced -mov al, byte [ebp - 0x50d] -xor eax, 1 -movzx eax, al -mov dword [ebp - 0x52c], eax +call dword [eax + 0x64] ; ucall +add esp, 0x10 -loc_fffbfc01: ; not directly referenced -lea eax, [ebp - 0x4e0] -xor edi, edi -mov dword [ebp - 0x51c], eax -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x514], eax -movzx eax, byte [ebp - 0x566] -mov dword [ebp - 0x518], eax +loc_fffbfb0f: ; not directly referenced +inc ebx +add esi, 0x13c3 +add edi, 0xcc +cmp ebx, 2 +jne short loc_fffbfad2 ; jne 0xfffbfad2 +mov eax, dword [ebp - 0xffc] +mov ecx, 1 +push edx +push edx +push 0xf +lea edi, [eax + 0x2491] +push 0 +mov edx, edi +mov dword [ebp - 0x1014], edi +call fcn_fffa7e1a ; call 0xfffa7e1a +movzx eax, byte [ebp - 0x1000] +lea ecx, [ebp - 0xfd8] +mov esi, dword [ebp - 0x101c] +add esp, 0x10 +mov dword [ebp - 0x100c], 0 +mov dword [ebp - 0x1000], eax -loc_fffbfc25: ; not directly referenced -mov eax, dword [ebp - 0x518] +loc_fffbfb6b: ; not directly referenced +mov eax, dword [ebp - 0x1000] +mov edi, dword [ebp - 0x100c] bt eax, edi -jb short loc_fffbfc90 ; jb 0xfffbfc90 - -loc_fffbfc30: ; not directly referenced -inc edi -add dword [ebp - 0x514], 0x48 -add dword [ebp - 0x51c], 0x24 -cmp edi, 2 -jne short loc_fffbfc25 ; jne 0xfffbfc25 -mov eax, dword [ebp - 0x518] -mov byte [ebp - 0x510], 0 -mov dword [ebp - 0x514], 0 -sar eax, 1 -mov dword [ebp - 0x564], eax -movzx eax, byte [ebp - 0x50d] -and dword [ebp - 0x564], 1 -shl eax, 2 -mov dword [ebp - 0x560], eax -movzx eax, byte [ebp - 0x520] -mov dword [ebp - 0x57c], eax -dec eax -mov dword [ebp - 0x580], eax -jmp short loc_fffbfcd3 ; jmp 0xfffbfcd3 - -loc_fffbfc90: ; not directly referenced -mov eax, dword [ebp - 0x50c] -xor ecx, ecx -mov esi, dword [ebp - 0x514] -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x524], al +jae short loc_fffbfbd0 ; jae 0xfffbfbd0 +mov eax, dword [ebp - 0xffc] +xor edi, edi +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x1018], al +jmp short loc_fffbfbc6 ; jmp 0xfffbfbc6 -loc_fffbfcaa: ; not directly referenced -cmp byte [ebp - 0x524], cl -jbe loc_fffbfc30 ; jbe 0xfffbfc30 -mov eax, dword [esi + 4] +loc_fffbfb92: ; not directly referenced +cmp byte [ebp - 0x1008], 0 +je short loc_fffbfc08 ; je 0xfffbfc08 +mov eax, dword [esi + edi*8 + 0x244] mov ebx, 0x14 xor edx, edx -add eax, dword [esi] -add esi, 8 +add eax, dword [esi + edi*8 + 0x240] div ebx -mov ebx, dword [ebp - 0x51c] -mov dword [ebx + ecx*4], eax -inc ecx -jmp short loc_fffbfcaa ; jmp 0xfffbfcaa +mov dword [ecx + edi*4], eax -loc_fffbfcd3: ; not directly referenced -mov esi, dword [ebp - 0x514] -mov eax, esi -mov byte [ebp - 0x565], al -lea eax, [esi + esi - 1] -xor esi, esi -mov dword [ebp - 0x540], eax -mov eax, dword [ebp + 8] -mov dword [ebp - 0x520], eax -movzx eax, byte [ebp - 0x535] -mov dword [ebp - 0x534], eax -movzx eax, byte [ebp - 0x50f] -mov dword [ebp - 0x558], eax +loc_fffbfbb5: ; not directly referenced +mov eax, dword [ecx + edi*4] +dec eax +cmp eax, 0xb +jbe short loc_fffbfbc5 ; jbe 0xfffbfbc5 +mov dword [ecx + edi*4], 0xc -loc_fffbfd10: ; not directly referenced -mov eax, dword [ebp - 0x518] -bt eax, esi -jae loc_fffbfe95 ; jae 0xfffbfe95 -lea eax, [esi + esi*8] -lea edi, [ebp - 0x18] -add edi, eax -mov dword [ebp - 0x528], eax -mov byte [ebp - 0x524], 0x7f -mov byte [ebp - 0x51c], 0 -mov dword [ebp - 0x530], eax -mov dword [ebp - 0x55c], edi -jmp near loc_fffbfe7d ; jmp 0xfffbfe7d +loc_fffbfbc5: ; not directly referenced +inc edi -loc_fffbfd4c: ; not directly referenced -movzx ebx, byte [ebp - 0x51c] -mov eax, dword [ebp - 0x55c] -movzx edi, byte [ebp - 0x50e] -add eax, ebx -mov byte [eax - 0x4da], 0 -mov byte [eax - 0x4ec], 0 -mov eax, dword [ebp - 0x530] -lea ecx, [eax + ebx] -mov eax, dword [ebp + ecx*4 - 0x4e0] -shl ecx, 5 -lea edx, [eax - 2] -mov dword [ebp + ecx - 0x498], edx -lea ecx, [edi - 8] -cmp cl, 1 -ja loc_fffbfeae ; ja 0xfffbfeae -push 1 -push 0 -push 0 -push 0 -push ebx -push dword [ebp - 0x534] -imul edx, dword [ebp - 0x540] -push esi -push 0 -push 0 -push edx +loc_fffbfbc6: ; not directly referenced +mov eax, edi +cmp byte [ebp - 0x1018], al +ja short loc_fffbfb92 ; ja 0xfffbfb92 -loc_fffbfdb5: ; not directly referenced -push dword [ebp - 0x558] -push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 +loc_fffbfbd0: ; not directly referenced +inc dword [ebp - 0x100c] +add ecx, 0x24 +add esi, 0x48 +cmp dword [ebp - 0x100c], 2 +jne short loc_fffbfb6b ; jne 0xfffbfb6b +push eax +mov edx, dword [ebp - 0x1014] +mov ecx, 4 +push eax +mov eax, dword [ebp - 0xffc] +xor edi, edi +push 0xf +push 0 +call fcn_fffa7e1a ; call 0xfffa7e1a +add esp, 0x10 +jmp short loc_fffbfc11 ; jmp 0xfffbfc11 -loc_fffbfdc9: ; not directly referenced -cmp byte [ebp - 0x50d], 0 -jne loc_fffbfedf ; jne 0xfffbfedf +loc_fffbfc08: ; not directly referenced +mov dword [ecx + edi*4], 1 +jmp short loc_fffbfbb5 ; jmp 0xfffbfbb5 -loc_fffbfdd6: ; not directly referenced -cmp dword [ebp - 0x52c], 0 -je short loc_fffbfe11 ; je 0xfffbfe11 -add ebx, dword [ebp - 0x530] -mov edi, dword [ebp - 0x524] -shl ebx, 5 -mov eax, dword [ebp + ebx - 0x498] -mov ecx, edi -movzx edx, cl -cmp eax, edx -cmovb edi, eax +loc_fffbfc11: ; not directly referenced mov eax, edi -mov byte [ebp - 0x524], al -movzx eax, al -mov dword [ebp + ebx - 0x498], eax - -loc_fffbfe11: ; not directly referenced -movzx eax, byte [ebp - 0x51c] -mov edi, dword [ebp - 0x528] -lea edx, [eax + edi] -shl edx, 5 -lea ebx, [ebp + edx - 0x258] -mov dword [ebp - 0x544], ebx -mov ebx, dword [ebp - 0x520] -shl eax, 4 -add eax, dword [ebp - 0x514] -lea edi, [ebp + edx - 0x498] -xor edx, edx -lea eax, [ebx + eax*4] -mov dword [ebp - 0x548], eax -xor eax, eax - -loc_fffbfe54: ; not directly referenced -mov ebx, dword [edi + edx] -mov ecx, dword [ebp - 0x544] -add edx, dword [ebp - 0x560] -mov dword [ecx + eax], ebx -mov ecx, dword [ebp - 0x548] -mov dword [ecx + eax*2], ebx -add eax, 4 -cmp eax, 0x20 -jne short loc_fffbfe54 ; jne 0xfffbfe54 -inc byte [ebp - 0x51c] +xor ebx, ebx +movzx esi, al -loc_fffbfe7d: ; not directly referenced -mov edi, dword [ebp - 0x50c] -mov al, byte [ebp - 0x51c] -cmp al, byte [edi + 0x2488] -jb loc_fffbfd4c ; jb 0xfffbfd4c +loc_fffbfc18: ; not directly referenced +mov eax, dword [ebp - 0x1000] +bt eax, ebx +jae short loc_fffbfc30 ; jae 0xfffbfc30 +lea eax, [ebx + ebx*8] +xor ecx, ecx +mov dword [ebp - 0x100c], eax +jmp short loc_fffbfc9c ; jmp 0xfffbfc9c -loc_fffbfe95: ; not directly referenced -inc esi -add dword [ebp - 0x520], 0x240 -cmp esi, 2 -jne loc_fffbfd10 ; jne 0xfffbfd10 -jmp near loc_fffc0080 ; jmp 0xfffc0080 +loc_fffbfc30: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffbfc18 ; jne 0xfffbfc18 +push eax +mov ecx, dword [ebp - 0x1000] +push eax +mov edx, dword [ebp - 0x1014] +lea eax, [ebp - 0xfe8] +push eax +push 0x36 +lea eax, [ebp - 0xff1] +push eax +mov eax, dword [ebp - 0xffc] +push 4 +push 0xff +push 0 +call fcn_fffd16df ; call 0xfffd16df +mov eax, edi +mov ebx, dword [ebp - 0x101c] +movzx eax, al +add esp, 0x20 +imul ecx, eax, 0x90 +lea edx, [ebp - 0xf90] +mov dword [ebp - 0x100c], ebx +xor ebx, ebx +mov dword [ebp - 0x1034], eax +lea esi, [ebp + ecx - 0xf48] +jmp near loc_fffbfd30 ; jmp 0xfffbfd30 -loc_fffbfeae: ; not directly referenced -cmp byte [ebp - 0x50e], 0xa -jne loc_fffbfdc9 ; jne 0xfffbfdc9 -push 1 -add eax, 2 +loc_fffbfc9c: ; not directly referenced +mov eax, dword [ebp - 0xffc] +cmp cl, byte [eax + 0x2489] +jae short loc_fffbfc30 ; jae 0xfffbfc30 +push 2 +mov edx, dword [ebp - 0x100c] +movzx eax, cl push 0 +push 1 push 0 +push eax +add edx, eax +movsx eax, byte [ebp + esi - 0xff7] +imul eax, dword [ebp + edx*4 - 0xfd8] +mov dword [ebp - 0x1018], ecx +mov ecx, 0xc push 0 push ebx -push dword [ebp - 0x534] -imul eax, dword [ebp - 0x540] -push esi +cdq +idiv ecx push 0 push 0 push eax -jmp near loc_fffbfdb5 ; jmp 0xfffbfdb5 +push 1 +push dword [ebp - 0xffc] +call fcn_fffcd268 ; call 0xfffcd268 +mov ecx, dword [ebp - 0x1018] +add esp, 0x30 +inc ecx +jmp short loc_fffbfc9c ; jmp 0xfffbfc9c -loc_fffbfedf: ; not directly referenced -movzx eax, byte [ebp - 0x51c] -mov edi, dword [ebp - 0x520] -mov edx, eax -add eax, dword [ebp - 0x528] -shl edx, 4 -add edx, dword [ebp - 0x514] -shl eax, 5 -lea eax, [ebp + eax - 0x498] -mov dword [ebp - 0x544], eax -lea edi, [edi + edx*4] +loc_fffbfcfd: ; not directly referenced +mov eax, dword [ebp - 0xffc] +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x1030], al xor eax, eax -loc_fffbff12: ; not directly referenced -mov edx, dword [edi + eax*2] -mov ecx, 0xf -cmp edx, 0xf -cmova edx, ecx -mov ecx, dword [ebp - 0x544] -mov dword [ecx + eax], edx -add eax, 4 -cmp eax, 0x20 -jne short loc_fffbff12 ; jne 0xfffbff12 -jmp near loc_fffbfdd6 ; jmp 0xfffbfdd6 +loc_fffbfd11: ; not directly referenced +cmp byte [ebp - 0x1030], al +ja short loc_fffbfd3d ; ja 0xfffbfd3d -loc_fffbff36: ; not directly referenced -inc al -je loc_fffc0675 ; je 0xfffc0675 -mov eax, dword [ebp - 0x50c] -mov ecx, 4 -mov edx, 0x4800 -call fcn_fffae566 ; call 0xfffae566 -mov dword [ebp - 0x520], 0 - -loc_fffbff5d: ; not directly referenced -mov eax, dword [ebp - 0x57c] -cmp dword [ebp - 0x520], eax -jae loc_fffc000b ; jae 0xfffc000b -mov al, byte [ebp - 0x510] -xor ebx, ebx -and eax, 1 -mov byte [ebp - 0x558], al - -loc_fffbff80: ; not directly referenced -mov eax, dword [ebp - 0x518] -bt eax, ebx -jb loc_fffc00fb ; jb 0xfffc00fb - -loc_fffbff8f: ; not directly referenced +loc_fffbfd19: ; not directly referenced inc ebx +add edx, 0x24 +add esi, 0x48 +add dword [ebp - 0x100c], 0x48 cmp ebx, 2 -jne short loc_fffbff80 ; jne 0xfffbff80 -mov esi, dword [ebp - 0x50c] -xor eax, eax -mov edi, dword [ebp - 0x520] -push edx -mov edx, dword [ebp - 0x518] -movzx ecx, byte [esi + 0x248b] -test edi, edi -push 0 -sete al -push eax -lea eax, [ebp - 0x508] -push eax -mov eax, esi -call fcn_fffb0f94 ; call 0xfffb0f94 -mov eax, dword [ebp - 0x580] -add esp, 0x10 -cmp edi, eax -jae loc_fffc0298 ; jae 0xfffc0298 -mov eax, dword [ebp - 0x50c] -xor edi, edi -mov cl, 1 -mov al, byte [eax + 0x3748] -mov byte [ebp - 0x51c], al +je loc_fffbfdb6 ; je 0xfffbfdb6 -loc_fffbffee: ; not directly referenced -mov eax, dword [ebp - 0x518] -bt eax, edi -jb loc_fffc0222 ; jb 0xfffc0222 +loc_fffbfd30: ; not directly referenced +mov eax, dword [ebp - 0x1000] +bt eax, ebx +jb short loc_fffbfcfd ; jb 0xfffbfcfd +jmp short loc_fffbfd19 ; jmp 0xfffbfd19 -loc_fffbfffd: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffbffee ; jne 0xfffbffee +loc_fffbfd3d: ; not directly referenced +mov dword [ebp - 0x103c], edx +mov edx, dword [ebp - 0x100c] +mov ecx, dword [edx + eax*8 + 4] +mov edx, dword [edx + eax*8] +mov dword [ebp - 0x1018], ecx +sub ecx, edx +mov dword [ebp - 0x1024], ecx +mov ecx, edi test cl, cl -je loc_fffc0298 ; je 0xfffc0298 - -loc_fffc000b: ; not directly referenced -lea eax, [ebp - 0x498] -mov dword [ebp - 0x530], eax -mov eax, dword [ebp + 8] -mov dword [ebp - 0x534], 0 -mov dword [ebp - 0x51c], 0 -mov dword [ebp - 0x55c], eax -movzx eax, byte [ebp - 0x535] -mov dword [ebp - 0x578], eax - -loc_fffc0041: ; not directly referenced -mov eax, dword [ebp - 0x518] -mov esi, dword [ebp - 0x51c] -bt eax, esi -jb loc_fffc02a3 ; jb 0xfffc02a3 +mov dword [ebp - 0x1020], edx +mov edx, dword [ebp - 0x103c] +jne short loc_fffbfd77 ; jne 0xfffbfd77 +mov dword [edx + eax*4], 0 -loc_fffc0056: ; not directly referenced -inc dword [ebp - 0x51c] -add dword [ebp - 0x530], 0x120 -add dword [ebp - 0x55c], 0x240 -add dword [ebp - 0x534], 9 -cmp dword [ebp - 0x51c], 2 -jne short loc_fffc0041 ; jne 0xfffc0041 +loc_fffbfd77: ; not directly referenced +mov dword [ebp - 0x103c], eax +mov eax, dword [ebp - 0x1034] +movzx eax, byte [ebp + eax - 0xff4] +imul eax, dword [ebp - 0x1024] +mov ecx, eax +mov eax, dword [ebp - 0x103c] +add dword [edx + eax*4], ecx +mov ecx, dword [ebp - 0x1020] +mov dword [esi + eax*8], ecx +mov ecx, dword [ebp - 0x1018] +mov dword [esi + eax*8 + 4], ecx +inc eax +jmp near loc_fffbfd11 ; jmp 0xfffbfd11 -loc_fffc0080: ; not directly referenced -mov al, 0xff -test byte [ebp - 0x566], 1 -je short loc_fffc00b0 ; je 0xfffc00b0 -mov esi, dword [ebp - 0x50c] -xor edx, edx -mov cl, byte [esi + 0x2488] +loc_fffbfdb6: ; not directly referenced +cmp byte [ebp - 0x1008], 0 +mov al, 3 +cmove edi, eax +inc edi +mov eax, edi +cmp al, 2 +jbe loc_fffbfc11 ; jbe 0xfffbfc11 +movsx eax, byte [ebp - 0x1004] +mov dword [ebp - 0x1004], 0 +mov dword [ebp - 0x1018], eax +imul eax, eax, 0x14 +mov dword [ebp - 0x1030], eax +mov eax, dword [ebp - 0xffc] +add eax, 0x3757 +mov dword [ebp - 0x1034], eax +mov dword [ebp - 0x1014], eax +mov eax, dword [ebp - 0x1028] +mov dword [ebp - 0x1024], eax -loc_fffc0099: ; not directly referenced -cmp cl, dl -jbe short loc_fffc00b0 ; jbe 0xfffc00b0 -mov bl, byte [ebp + edx - 0x504] -and bl, byte [ebp + edx - 0x4f2] -inc edx -and eax, ebx -jmp short loc_fffc0099 ; jmp 0xfffc0099 +loc_fffbfe10: ; not directly referenced +mov eax, dword [ebp - 0x1000] +mov ebx, dword [ebp - 0x1004] +bt eax, ebx +jae loc_fffbff78 ; jae 0xfffbff78 +lea eax, [ebx + ebx*8] +mov byte [ebp - 0x100c], 0 +mov dword [ebp - 0x1020], eax -loc_fffc00b0: ; not directly referenced -cmp dword [ebp - 0x564], 0 -je loc_fffbff36 ; je 0xfffbff36 -mov edi, dword [ebp - 0x50c] -lea esi, [ebp - 0x504] -mov cl, byte [edi + 0x2488] -lea edi, [ebp - 0x4f2] -mov edx, edi -mov byte [ebp - 0x51c], cl +loc_fffbfe35: ; not directly referenced +mov eax, dword [ebp - 0xffc] +movzx eax, byte [eax + 0x2489] +cmp byte [ebp - 0x100c], al +jae loc_fffbff3d ; jae 0xfffbff3d +movzx ebx, byte [ebp - 0x100c] +mov eax, dword [ebp - 0x1020] +lea ecx, [eax + ebx] +mov eax, dword [ebp + ecx*4 - 0xf90] +cdq +or edx, 1 +movsx edi, dl +imul edi, dword [ebp - 0x1018] +imul esi, edi, 0xa +mov edi, dword [ebp - 0x1014] +add eax, esi +cdq +idiv dword [ebp - 0x1030] +mov dword [ebp + ecx*4 - 0xf90], eax +cdq +mov ecx, 2 +mov esi, eax +idiv ecx +add byte [edi + ebx + 0x101d], al +xor edi, edi -loc_fffc00dd: ; not directly referenced -mov bl, dl +loc_fffbfe9f: ; not directly referenced +mov edx, dword [ebp - 0x1014] +mov eax, 1 mov ecx, edi -inc esi -sub ebx, ecx -cmp bl, byte [ebp - 0x51c] -jae loc_fffbff36 ; jae 0xfffbff36 -mov bl, byte [edx + 9] -inc edx -and bl, byte [esi + 8] -and eax, ebx -jmp short loc_fffc00dd ; jmp 0xfffc00dd - -loc_fffc00fb: ; not directly referenced -mov eax, dword [ebp - 0x518] -lea ecx, [ebx + 1] -mov byte [ebp - 0x51c], 0 -sar eax, cl -mov dword [ebp - 0x528], eax -lea eax, [ebx + ebx*8] -mov dword [ebp - 0x530], eax +shl eax, cl +test byte [edx + 0xc4], al +je short loc_fffbfed5 ; je 0xfffbfed5 +mov edx, dword [ebp - 0x1004] +mov ecx, edi +push eax +mov eax, dword [ebp - 0xffc] +push 0 +push 0xff +push ebx +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 -loc_fffc011c: ; not directly referenced -mov esi, dword [ebp - 0x50c] -mov al, byte [ebp - 0x51c] -cmp al, byte [esi + 0x2488] -jae loc_fffbff8f ; jae 0xfffbff8f -cmp byte [ebp - 0x50d], 0 -movzx eax, byte [ebp - 0x51c] -je short loc_fffc01c3 ; je 0xfffc01c3 -add eax, dword [ebp - 0x530] +loc_fffbfed5: ; not directly referenced +inc edi +cmp edi, 4 +jne short loc_fffbfe9f ; jne 0xfffbfe9f +imul edi, esi, 0xa xor ecx, ecx -mov dl, byte [ebp - 0x565] -shl eax, 5 -lea eax, [ebp + eax - 0x498] -xor edx, 1 -mov dword [ebp - 0x524], eax -xor eax, eax -mov byte [ebp - 0x534], dl +imul esi, esi, 0xfffffff6 +mov dl, 3 -loc_fffc016d: ; not directly referenced -cmp byte [ebp - 0x50e], 9 +loc_fffbfee5: ; not directly referenced +movzx eax, cl +imul eax, eax, 0x12 +add eax, dword [ebp - 0x1020] +add eax, ebx +add dword [ebp + eax*8 - 0xf48], edi +add dword [ebp + eax*8 - 0xf44], esi +cmp byte [ebp - 0x1008], 0 +cmove ecx, edx +inc ecx +cmp cl, 2 +jbe short loc_fffbfee5 ; jbe 0xfffbfee5 +add ebx, dword [ebp - 0x1020] +mov edi, dword [ebp - 0x101c] +inc byte [ebp - 0x100c] +mov eax, dword [ebp + ebx*8 - 0xf48] +mov dword [edi + ebx*8], eax +mov eax, dword [ebp + ebx*8 - 0xf44] +mov dword [edi + ebx*8 + 4], eax +jmp near loc_fffbfe35 ; jmp 0xfffbfe35 + +loc_fffbff3d: ; not directly referenced +push ebx +push 0 +push eax +mov eax, dword [ebp - 0x1010] +push dword [ebp - 0x1024] +call dword [eax + 0x64] ; ucall +mov edx, dword [ebp - 0x1004] +mov ecx, 1 +mov dword [esp], 0 +mov eax, dword [ebp - 0xffc] +push 1 +push 0 +push 2 +push 0 +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 + +loc_fffbff78: ; not directly referenced +inc dword [ebp - 0x1004] +add dword [ebp - 0x1024], 0xcc +add dword [ebp - 0x1014], 0x13c3 +cmp dword [ebp - 0x1004], 2 +jne loc_fffbfe10 ; jne 0xfffbfe10 +cmp dword [ebp - 0x102c], 1 sete dl -test byte [ebp - 0x558], dl -jne short loc_fffc0191 ; jne 0xfffc0191 -cmp byte [ebp - 0x50e], 9 -setne dl -test byte [ebp - 0x534], dl -je short loc_fffc01a1 ; je 0xfffc01a1 +cmp byte [ebp - 0x1038], 0 +setne cl +mov al, cl +and eax, edx +xor eax, 1 +test al, cl +je loc_fffc03d7 ; je 0xfffc03d7 +cmp dl, 1 +sbb eax, eax +mov dword [ebp - 0x100c], eax +and byte [ebp - 0x100c], 0xfd +add byte [ebp - 0x100c], 4 +test byte [ebp - 0x1000], 1 +je short loc_fffbfff9 ; je 0xfffbfff9 +mov eax, dword [ebp - 0xffc] +mov ecx, 0xffff3001 +mov edx, 0x4098 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc0191: ; not directly referenced -mov esi, dword [ebp - 0x524] -mov edi, 0xf -sub edi, dword [esi + ecx] -jmp short loc_fffc01aa ; jmp 0xfffc01aa +loc_fffbfff9: ; not directly referenced +test byte [ebp - 0x1000], 2 +je short loc_fffc0017 ; je 0xfffc0017 +mov eax, dword [ebp - 0xffc] +mov ecx, 0xffff3001 +mov edx, 0x4498 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc01a1: ; not directly referenced -mov edi, dword [ebp - 0x524] -mov edi, dword [edi + ecx] +loc_fffc0017: ; not directly referenced +mov byte [ebp - 0x1004], 0 -loc_fffc01aa: ; not directly referenced -cmp edi, 0xf -mov esi, 0xf -cmovbe esi, edi -shl esi, cl -add ecx, 4 -or eax, esi -cmp ecx, 0x20 -jne short loc_fffc016d ; jne 0xfffc016d -jmp short loc_fffc01db ; jmp 0xfffc01db +loc_fffc001e: ; not directly referenced +movzx edi, byte [ebp - 0x1004] +xor ebx, ebx -loc_fffc01c3: ; not directly referenced -lea edx, [ebx + ebx*8] -mov esi, dword [ebp - 0x540] -add eax, edx -shl eax, 5 -imul esi, dword [ebp + eax - 0x498] -mov eax, esi +loc_fffc0027: ; not directly referenced +mov eax, dword [ebp - 0x1000] +bt eax, ebx +jb short loc_fffc0068 ; jb 0xfffc0068 + +loc_fffc0032: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffc0027 ; jne 0xfffc0027 +movzx eax, byte [ebp - 0x1004] +lea ebx, [ebp - 0xf48] +mov dword [ebp - 0x1014], 0 +mov dword [ebp - 0x1030], eax +imul eax, eax, 0x90 +add eax, ebx +mov dword [ebp - 0x1038], eax +jmp near loc_fffc0138 ; jmp 0xfffc0138 + +loc_fffc0068: ; not directly referenced +lea eax, [ebx + ebx*8] +xor ecx, ecx +mov dword [ebp - 0x1014], eax +mov dword [ebp - 0x101c], eax -loc_fffc01db: ; not directly referenced +loc_fffc0079: ; not directly referenced +mov eax, dword [ebp - 0xffc] +cmp cl, byte [eax + 0x2489] +jae short loc_fffc0032 ; jae 0xfffc0032 +mov eax, dword [ebp - 0x101c] +movzx esi, cl +mov dword [ebp - 0x1020], ecx +mov ecx, 0xc push 1 -movzx edx, byte [ebp - 0x51c] -push dword [ebp - 0x528] push 0 +lea edx, [eax + esi] +movsx eax, byte [ebp + edi - 0xff7] +imul eax, dword [ebp + edx*4 - 0xfd8] +push 1 +push 0 +push esi +cdq +idiv ecx push 0 -push edx -movzx edx, byte [ebp - 0x535] -push edx push ebx push 0 -push dword [ebp - 0x520] -push eax -movzx eax, byte [ebp - 0x50e] +push 0 push eax -push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 +push 1 +push dword [ebp - 0xffc] +call fcn_fffcd268 ; call 0xfffcd268 +mov ecx, dword [ebp - 0x1020] +lea eax, [ebp - 0xd98] +add esi, dword [ebp - 0x1014] add esp, 0x30 -inc byte [ebp - 0x51c] -jmp near loc_fffc011c ; jmp 0xfffc011c - -loc_fffc0222: ; not directly referenced -mov ebx, dword [ebp - 0x50c] -mov esi, edi -shl esi, 0xa -lea edx, [esi + 0x40e0] -mov dword [ebp - 0x528], ecx -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -lea edx, [esi + 0x40e4] -mov dword [ebp - 0x524], eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x528] -inc eax -sete bl -cmp dword [ebp - 0x524], 0xffffffff -sete al -and ebx, eax -and ebx, ecx -mov ecx, 1 -cmp byte [ebp - 0x51c], 0 -je short loc_fffc0291 ; je 0xfffc0291 -mov eax, dword [ebp - 0x50c] -lea edx, [esi + 0x40e8] -call fcn_fffae52a ; call 0xfffae52a -xor ecx, ecx -inc al -sete cl - -loc_fffc0291: ; not directly referenced -and ecx, ebx -jmp near loc_fffbfffd ; jmp 0xfffbfffd - -loc_fffc0298: ; not directly referenced -inc dword [ebp - 0x520] -jmp near loc_fffbff5d ; jmp 0xfffbff5d - -loc_fffc02a3: ; not directly referenced -mov esi, dword [ebp - 0x51c] -mov edi, dword [ebp - 0x50c] -mov ebx, esi -shl ebx, 0xa -mov eax, edi -lea edx, [ebx + 0x40e0] -call fcn_fffae52a ; call 0xfffae52a -lea edx, [ebx + 0x40e4] -mov dword [ebp - 0x56c], eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -lea edx, [ebx + 0x40e8] -mov dword [ebp - 0x570], eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov byte [ebp - 0x538], 0xff -mov byte [ebp - 0x537], 0xff -mov byte [ebp - 0x524], 0 -mov byte [ebp - 0x567], al -lea eax, [esi + esi*8] -lea esi, [ebp - 0x18] +shl esi, 6 add esi, eax -mov dword [ebp - 0x548], eax -mov dword [ebp - 0x520], esi - -loc_fffc0316: ; not directly referenced -mov eax, dword [ebp - 0x50c] -mov dl, byte [eax + 0x2488] -cmp byte [ebp - 0x524], dl -jae loc_fffc0602 ; jae 0xfffc0602 -movzx eax, byte [ebp - 0x524] -cmp al, 3 -ja short loc_fffc0350 ; ja 0xfffc0350 -mov esi, dword [ebp - 0x56c] -lea ecx, [eax*8] -shr esi, cl -mov dword [ebp - 0x558], esi -jmp short loc_fffc037a ; jmp 0xfffc037a - -loc_fffc0350: ; not directly referenced -mov bl, byte [ebp - 0x567] -cmp byte [ebp - 0x524], 7 -mov byte [ebp - 0x558], bl -ja short loc_fffc037a ; ja 0xfffc037a -mov edi, dword [ebp - 0x570] -lea ecx, [eax*8 - 0x20] -shr edi, cl -mov dword [ebp - 0x558], edi +xor eax, eax -loc_fffc037a: ; not directly referenced -mov esi, dword [ebp - 0x534] -lea edi, [ebp - 0x498] -xor ecx, ecx -movzx ebx, byte [ebp - 0x524] -lea edx, [eax + esi] -shl edx, 5 -lea esi, [edi + edx] -mov dword [ebp - 0x544], esi -mov esi, dword [ebp - 0x55c] -shl eax, 4 -add eax, dword [ebp - 0x514] -lea edi, [esi + eax*4] -mov eax, dword [ebp - 0x520] -add eax, ebx +loc_fffc00eb: ; not directly referenced +mov dword [esi + eax + 4], 8 +mov dword [esi + eax], 8 +add eax, 8 +cmp eax, 0x40 +jne short loc_fffc00eb ; jne 0xfffc00eb +inc ecx +jmp near loc_fffc0079 ; jmp 0xfffc0079 -loc_fffc03b8: ; not directly referenced -mov edx, 1 -movzx esi, byte [eax - 0x4da] -shl edx, cl -mov dword [ebp - 0x528], edx -mov dl, byte [eax - 0x4ec] -mov byte [ebp - 0x536], dl -and edx, esi -test byte [ebp - 0x528], dl -jne short loc_fffc0443 ; jne 0xfffc0443 -mov dl, byte [ebp - 0x528] -test byte [ebp - 0x558], dl -je short loc_fffc0421 ; je 0xfffc0421 -or esi, edx -mov edx, esi -mov esi, dword [ebp - 0x544] -mov byte [eax - 0x4da], dl -mov esi, dword [esi] -cmp dword [edi + ecx*8], esi -jb short loc_fffc0443 ; jb 0xfffc0443 -mov dl, byte [ebp - 0x528] -dec esi -mov dword [edi + ecx*8], esi -not edx -and dl, byte [ebp - 0x536] -mov byte [eax - 0x4ec], dl -jmp short loc_fffc0443 ; jmp 0xfffc0443 +loc_fffc0108: ; not directly referenced +mov eax, dword [ebp - 0x1000] +bt eax, edx +jb short loc_fffc0178 ; jb 0xfffc0178 -loc_fffc0421: ; not directly referenced -mov dl, byte [ebp - 0x528] -mov esi, dword [ebp - 0x544] -or dl, byte [ebp - 0x536] -mov byte [eax - 0x4ec], dl -mov edx, dword [esi] -cmp dword [edi + ecx*8], edx -jae short loc_fffc0443 ; jae 0xfffc0443 -mov dword [edi + ecx*8], edx +loc_fffc0113: ; not directly referenced +inc edx +add dword [ebp - 0x101c], 0x24 +cmp edx, 2 +jne short loc_fffc0108 ; jne 0xfffc0108 +inc dword [ebp - 0x1014] +mov al, byte [ebp - 0x1014] +cmp byte [ebp - 0x100c], al +jbe loc_fffc020e ; jbe 0xfffc020e -loc_fffc0443: ; not directly referenced -mov esi, dword [ebp - 0x560] -inc ecx -add dword [ebp - 0x544], esi -cmp ecx, 8 -jne loc_fffc03b8 ; jne 0xfffc03b8 -cmp byte [ebp - 0x50e], 1 -mov al, 0xf -jne short loc_fffc0488 ; jne 0xfffc0488 -push eax -mov ecx, dword [ebp - 0x578] -push 0xf -mov edx, dword [ebp - 0x51c] -push dword [ebp - 0x514] -mov eax, dword [ebp - 0x50c] -push ebx -call fcn_fffaec68 ; call 0xfffaec68 +loc_fffc0138: ; not directly referenced +mov eax, dword [ebp - 0xffc] +lea esi, [ebp - 0xd98] +mov edx, dword [ebp - 0x1000] +mov byte [eax + 0x248d], 1 +push ecx +push 0xa +push dword [ebp - 0x1038] +push esi +mov esi, dword [ebp - 0x1014] +mov ecx, esi +call fcn_fffbdad4 ; call 0xfffbdad4 +lea eax, [esi + esi*8] add esp, 0x10 +mov dword [ebp - 0x101c], eax +xor edx, edx +jmp short loc_fffc0108 ; jmp 0xfffc0108 -loc_fffc0488: ; not directly referenced -cmp byte [ebp - 0x50d], 0 -je short loc_fffc04e9 ; je 0xfffc04e9 -mov edi, dword [ebp - 0x534] -lea esi, [ebp - 0x498] +loc_fffc0178: ; not directly referenced +mov eax, dword [ebp - 0xffc] xor ecx, ecx -add edi, ebx -shl edi, 5 -add edi, esi -mov dword [ebp - 0x528], edi +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x102c], al +lea eax, [edx + edx*8] +mov dword [ebp - 0x1020], eax -loc_fffc04ac: ; not directly referenced -mov edi, dword [ebp - 0x528] -mov edx, 1 -shl edx, cl -mov esi, dword [edi + ecx*4] -movzx edi, al -cmp esi, edi -jb short loc_fffc04d0 ; jb 0xfffc04d0 -mov edi, dword [ebp - 0x520] -or byte [ebx + edi - 0x4da], dl +loc_fffc0195: ; not directly referenced +cmp cl, byte [ebp - 0x102c] +je loc_fffc0113 ; je 0xfffc0113 +mov eax, dword [ebp - 0x1030] +movzx ebx, cl +movzx eax, byte [ebp + eax - 0xff4] +mov dword [ebp - 0x1024], eax +mov eax, dword [ebp - 0x1020] +lea edi, [ebx + eax] +add ebx, dword [ebp - 0x101c] +lea eax, [ebp - 0xd98] +shl edi, 6 +add edi, eax +shl ebx, 5 +lea eax, [ebp - 0x918] +add ebx, eax +xor eax, eax -loc_fffc04d0: ; not directly referenced -test esi, esi -jne short loc_fffc04e1 ; jne 0xfffc04e1 -mov edi, dword [ebp - 0x520] -or byte [ebx + edi - 0x4ec], dl +loc_fffc01df: ; not directly referenced +mov esi, dword [edi + eax*2 + 4] +add esi, dword [edi + eax*2] +sub esi, 0x10 +cmp byte [ebp - 0x1004], 0 +jne short loc_fffc01f9 ; jne 0xfffc01f9 +mov dword [ebx + eax], 0 -loc_fffc04e1: ; not directly referenced +loc_fffc01f9: ; not directly referenced +imul esi, dword [ebp - 0x1024] +add dword [ebx + eax], esi +add eax, 4 +cmp eax, 0x20 +jne short loc_fffc01df ; jne 0xfffc01df inc ecx -cmp ecx, 8 -jne short loc_fffc04ac ; jne 0xfffc04ac -jmp short loc_fffc0523 ; jmp 0xfffc0523 - -loc_fffc04e9: ; not directly referenced -mov edi, dword [ebp - 0x548] -movzx eax, al -lea edx, [edi + ebx] -shl edx, 5 -mov edx, dword [ebp + edx - 0x498] -cmp edx, eax -jb short loc_fffc0511 ; jb 0xfffc0511 -mov eax, dword [ebp - 0x520] -mov byte [ebx + eax - 0x4da], 0xff - -loc_fffc0511: ; not directly referenced -test edx, edx -jne short loc_fffc0523 ; jne 0xfffc0523 -mov eax, dword [ebp - 0x520] -mov byte [ebx + eax - 0x4ec], 0xff - -loc_fffc0523: ; not directly referenced -mov eax, dword [ebp - 0x520] -lea edx, [eax + ebx] -mov al, byte [edx - 0x4ec] -mov dl, byte [edx - 0x4da] -and byte [ebp - 0x537], al -and byte [ebp - 0x538], dl -cmp dword [ebp - 0x52c], 0 -jne loc_fffc05f7 ; jne 0xfffc05f7 -cmp byte [ebp - 0x50d], 0 -je short loc_fffc05b0 ; je 0xfffc05b0 -mov esi, dword [ebp - 0x534] -lea edi, [ebp - 0x498] -lea ecx, [ebx + esi] -mov bl, dl -shl ecx, 5 -and ebx, eax -lea esi, [edi + ecx] -mov byte [ebp - 0x528], bl -lea edi, [ebp + ecx - 0x258] -xor ecx, ecx - -loc_fffc0582: ; not directly referenced -mov ebx, 1 -shl ebx, cl -test byte [ebp - 0x528], bl -jne short loc_fffc05a8 ; jne 0xfffc05a8 -test dl, bl -jne short loc_fffc059a ; jne 0xfffc059a -inc dword [esi + ecx*4] -jmp short loc_fffc05a8 ; jmp 0xfffc05a8 - -loc_fffc059a: ; not directly referenced -test al, bl -jne short loc_fffc05a8 ; jne 0xfffc05a8 -mov ebx, dword [edi + ecx*4] -dec ebx -mov dword [edi + ecx*4], ebx -mov dword [esi + ecx*4], ebx - -loc_fffc05a8: ; not directly referenced -inc ecx -cmp ecx, 8 -jne short loc_fffc0582 ; jne 0xfffc0582 -jmp short loc_fffc05f7 ; jmp 0xfffc05f7 - -loc_fffc05b0: ; not directly referenced -mov cl, dl -and ecx, eax -inc cl -je short loc_fffc05f7 ; je 0xfffc05f7 -inc dl -je short loc_fffc05d0 ; je 0xfffc05d0 -mov eax, dword [ebp - 0x548] -add eax, ebx -shl eax, 5 -inc dword [ebp + eax - 0x498] -jmp short loc_fffc05f7 ; jmp 0xfffc05f7 - -loc_fffc05d0: ; not directly referenced -inc al -je short loc_fffc05f7 ; je 0xfffc05f7 -mov eax, dword [ebp - 0x548] -add eax, ebx -shl eax, 5 -mov esi, dword [ebp + eax - 0x258] -lea edx, [esi - 1] -mov dword [ebp + eax - 0x258], edx -mov dword [ebp + eax - 0x498], edx - -loc_fffc05f7: ; not directly referenced -inc byte [ebp - 0x524] -jmp near loc_fffc0316 ; jmp 0xfffc0316 +jmp short loc_fffc0195 ; jmp 0xfffc0195 -loc_fffc0602: ; not directly referenced -cmp dword [ebp - 0x52c], 1 -jne loc_fffc0056 ; jne 0xfffc0056 -mov al, byte [ebp - 0x537] -mov edi, dword [ebp - 0x538] -and eax, edi -inc al -je loc_fffc0056 ; je 0xfffc0056 +loc_fffc020e: ; not directly referenced +mov bl, byte [ebp - 0x1004] +mov al, 3 +cmp byte [ebp - 0x1008], 0 +cmove ebx, eax +mov byte [ebp - 0x1004], bl +inc byte [ebp - 0x1004] +cmp byte [ebp - 0x1004], 2 +jbe loc_fffc001e ; jbe 0xfffc001e +mov edi, dword [ebp - 0x1018] mov eax, edi -inc al -je short loc_fffc0637 ; je 0xfffc0637 -mov eax, dword [ebp - 0x530] -inc dword [eax] - -loc_fffc0633: ; not directly referenced -xor eax, eax -jmp short loc_fffc065a ; jmp 0xfffc065a - -loc_fffc0637: ; not directly referenced -imul ecx, dword [ebp - 0x51c], 0x120 -mov edi, dword [ebp - 0x530] -mov eax, dword [ebp + ecx - 0x258] -dec eax -mov dword [ebp + ecx - 0x258], eax -mov dword [edi], eax -jmp short loc_fffc0633 ; jmp 0xfffc0633 - -loc_fffc065a: ; not directly referenced -cmp dl, al -jbe loc_fffc0056 ; jbe 0xfffc0056 -mov esi, dword [ebp - 0x530] -mov ecx, eax -inc eax -shl ecx, 5 -mov ebx, dword [esi] -mov dword [esi + ecx], ebx -jmp short loc_fffc065a ; jmp 0xfffc065a - -loc_fffc0675: ; not directly referenced -cmp byte [ebp - 0x50d], 0 -jne loc_fffc0726 ; jne 0xfffc0726 -mov eax, dword [ebp + 8] +add eax, edi xor edi, edi -mov dword [ebp - 0x51c], eax -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x520], eax +mov dword [ebp - 0x102c], eax +mov eax, dword [ebp - 0x1034] +mov dword [ebp - 0x1008], eax +mov eax, dword [ebp - 0x1028] +mov dword [ebp - 0x1024], eax -loc_fffc0696: ; not directly referenced -mov eax, dword [ebp - 0x518] +loc_fffc0263: ; not directly referenced +mov eax, dword [ebp - 0x1000] bt eax, edi -jb short loc_fffc06be ; jb 0xfffc06be - -loc_fffc06a1: ; not directly referenced -inc edi -add dword [ebp - 0x520], 0x48 -add dword [ebp - 0x51c], 0x240 -cmp edi, 2 -je loc_fffc07ef ; je 0xfffc07ef -jmp short loc_fffc0696 ; jmp 0xfffc0696 - -loc_fffc06be: ; not directly referenced -xor ebx, ebx +jae loc_fffc03b9 ; jae 0xfffc03b9 +imul eax, edi, 0x24 +mov dword [ebp - 0x1004], 0 +mov dword [ebp - 0x1020], eax -loc_fffc06c0: ; not directly referenced -mov eax, dword [ebp - 0x50c] -cmp bl, byte [eax + 0x2488] -jae short loc_fffc06a1 ; jae 0xfffc06a1 -movzx ecx, bl -mov esi, dword [ebp - 0x51c] -xor edx, edx -mov eax, ecx -shl eax, 4 -add eax, dword [ebp - 0x514] -mov dword [ebp - 0x524], ecx -lea esi, [esi + eax*4] -mov eax, 0x7f +loc_fffc0285: ; not directly referenced +imul eax, dword [ebp - 0x1004], 0xd8 +mov byte [ebp - 0x1014], 0 +add eax, 0x942 +mov dword [ebp - 0x1030], eax -loc_fffc06f2: ; not directly referenced -movzx ecx, al -cmp ecx, dword [esi + edx] -movzx ecx, byte [esi + edx] -cmova eax, ecx -add edx, 8 -cmp edx, 0x40 -jne short loc_fffc06f2 ; jne 0xfffc06f2 -mov esi, dword [ebp - 0x524] -imul eax, eax, 0xa -inc ebx -mov ecx, esi -add ecx, esi -mov esi, dword [ebp - 0x520] -add ecx, dword [ebp - 0x514] -mov dword [esi + ecx*4], eax -jmp short loc_fffc06c0 ; jmp 0xfffc06c0 +loc_fffc02a1: ; not directly referenced +mov eax, dword [ebp - 0xffc] +mov bl, byte [ebp - 0x1014] +movzx eax, byte [eax + 0x2489] +cmp bl, al +jae loc_fffc0384 ; jae 0xfffc0384 +movzx eax, bl +mov ebx, dword [ebp - 0x1020] +xor ecx, ecx +imul esi, eax, 0x18 +add esi, dword [ebp - 0x1030] +add esi, dword [ebp - 0x1008] +add ebx, eax +shl ebx, 5 +lea edx, [ebp - 0x918] +add ebx, edx +mov dword [ebp - 0x101c], 0 +mov dword [ebp - 0x1028], eax -loc_fffc0726: ; not directly referenced -mov al, byte [ebp - 0x510] -xor edi, edi -mov esi, dword [ebp + 8] -and eax, 1 -mov byte [ebp - 0x520], al +loc_fffc02f3: ; not directly referenced +mov edx, dword [ebx + ecx] +mov eax, edx +sar eax, 0x1f +or eax, 1 +movsx eax, al +imul eax, dword [ebp - 0x1018] +add eax, edx +cdq +idiv dword [ebp - 0x102c] +movzx edx, byte [esi] +add eax, edx +cmp eax, 0xf +jle short loc_fffc0324 ; jle 0xfffc0324 +mov dword [ebx + ecx], 0xf +jmp short loc_fffc0331 ; jmp 0xfffc0331 -loc_fffc073a: ; not directly referenced -mov eax, dword [ebp - 0x518] -xor edx, edx -bt eax, edi -jb short loc_fffc07b2 ; jb 0xfffc07b2 +loc_fffc0324: ; not directly referenced +test eax, eax +mov edx, 0 +cmovs eax, edx +mov dword [ebx + ecx], eax -loc_fffc0747: ; not directly referenced -inc edi -add esi, 0x240 -cmp edi, 2 -jne short loc_fffc073a ; jne 0xfffc073a +loc_fffc0331: ; not directly referenced +mov eax, dword [ebx + ecx] +add esi, 3 +mov byte [esi - 3], al +shl eax, cl +add ecx, 4 +or dword [ebp - 0x101c], eax +cmp ecx, 0x20 +jne short loc_fffc02f3 ; jne 0xfffc02f3 push 2 -movzx eax, byte [ebp - 0x535] push 0 push 0 push 0 -push 0 -push eax -movzx eax, byte [ebp - 0x50f] -push 0 -push 1 +push dword [ebp - 0x1028] +push dword [ebp - 0x1004] +push edi push 0 push 0 -push eax -push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 +push dword [ebp - 0x101c] +push 0xa +push dword [ebp - 0xffc] +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -jmp short loc_fffc07ef ; jmp 0xfffc07ef - -loc_fffc0785: ; not directly referenced -cmp byte [ebp - 0x50e], 9 -sete bl -test byte [ebp - 0x520], bl -jne short loc_fffc07e2 ; jne 0xfffc07e2 -cmp byte [ebp - 0x50e], 9 -setne bl -test byte [ebp - 0x51c], bl -jne short loc_fffc07e2 ; jne 0xfffc07e2 - -loc_fffc07a9: ; not directly referenced -add eax, 8 -cmp eax, 0x40 -jne short loc_fffc0785 ; jne 0xfffc0785 -inc edx +inc byte [ebp - 0x1014] +jmp near loc_fffc02a1 ; jmp 0xfffc02a1 -loc_fffc07b2: ; not directly referenced -mov eax, dword [ebp - 0x50c] -cmp dl, byte [eax + 0x2488] -jae short loc_fffc0747 ; jae 0xfffc0747 -mov bl, byte [ebp - 0x565] -movzx eax, dl -shl eax, 4 -add eax, dword [ebp - 0x514] -xor ebx, 1 -lea ecx, [esi + eax*4] -xor eax, eax -mov byte [ebp - 0x51c], bl -jmp short loc_fffc0785 ; jmp 0xfffc0785 +loc_fffc0384: ; not directly referenced +inc dword [ebp - 0x1004] +mov dl, byte [ebp - 0x1004] +add dword [ebp - 0x1020], 9 +cmp byte [ebp - 0x100c], dl +ja loc_fffc0285 ; ja 0xfffc0285 +push edx +push 0 +push eax +mov eax, dword [ebp - 0x1010] +push dword [ebp - 0x1024] +call dword [eax + 0x64] ; ucall +add esp, 0x10 -loc_fffc07e2: ; not directly referenced -mov ebx, 0xf -sub ebx, dword [ecx + eax] -mov dword [ecx + eax], ebx -jmp short loc_fffc07a9 ; jmp 0xfffc07a9 +loc_fffc03b9: ; not directly referenced +inc edi +add dword [ebp - 0x1024], 0xcc +add dword [ebp - 0x1008], 0x13c3 +cmp edi, 2 +jne loc_fffc0263 ; jne 0xfffc0263 -loc_fffc07ef: ; not directly referenced -inc byte [ebp - 0x510] -inc dword [ebp - 0x514] -and byte [ebp - 0x510], 1 -cmp dword [ebp - 0x514], 2 -jne loc_fffbfcd3 ; jne 0xfffbfcd3 +loc_fffc03d7: ; not directly referenced +mov eax, dword [ebp - 0xffc] +mov byte [eax + 0x247b], 0 push 2 -mov edx, 0 push 0 -mov eax, 0x88888888 +push 1 push 0 push 0 push 0 -push dword [ebp - 0x574] -cmp byte [ebp - 0x50d], 1 push 0 -cmovne eax, edx push 1 push 0 +push 0 +push 1 push eax -movzx eax, byte [ebp - 0x53c] -push eax -push dword [ebp - 0x50c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 lea esp, [ebp - 0xc] pop ebx pop esi @@ -43922,2804 +43548,2483 @@ pop edi pop ebp ret -fcn_fffc0855: ; not directly referenced +fcn_fffc0408: ; not directly referenced push ebp mov ebp, esp -push edi push esi -mov esi, 0x36 push ebx -mov ebx, eax -sub esp, 0x3c -mov eax, dword [ebp + 8] -cmp dword [ebx + 0x2480], 2 -mov dword [ebp - 0x28], edx -mov dword [ebp - 0x24], eax -mov byte [ebp - 0x2a], al -mov eax, dword [ebx + 0x2443] -mov dword [ebp - 0x38], eax -jne short loc_fffc088c ; jne 0xfffc088c -cmp byte [ebp - 0x24], 5 -mov al, 0x25 -cmove esi, eax - -loc_fffc088c: ; not directly referenced -movzx eax, byte [ebp - 0x24] -movzx edi, cl -push ecx -push ecx -mov ecx, edi -mov edx, eax -mov dword [ebp - 0x1c], eax -lea eax, [ebx + 0x2490] -mov dword [ebp - 0x20], eax -mov eax, 1 -shl eax, cl -mov ecx, edx -mov edx, dword [ebp - 0x20] -movzx eax, al -push eax -mov eax, ebx -push edi -call fcn_fffa7e6c ; call 0xfffa7e6c -add esp, 0x10 -test eax, eax -jne loc_fffc0a25 ; jne 0xfffc0a25 -movzx eax, byte [ebp - 0x28] -push edx +mov ebx, dword [ebp + 8] push edx -mov edx, dword [ebp - 0x20] -push dword [ebp + 0x18] -mov ecx, eax -mov dword [ebp - 0x3c], eax -mov eax, esi -movzx esi, al +movzx ecx, byte [ebx + 0x248f] +lea esi, [ebx + 0x2491] mov eax, ebx -push esi -push dword [ebp + 0xc] -push dword [ebp - 0x1c] -push edi -push edi -call fcn_fffd13ed ; call 0xfffd13ed -add esp, 0x20 +push 0 +mov edx, esi +push 1 +push 1 +call fcn_fffbf98a ; call 0xfffbf98a +add esp, 0x10 test eax, eax -jne loc_fffc0a25 ; jne 0xfffc0a25 -mov ecx, dword [ebp - 0x1c] -sub esp, 0xc +jne short loc_fffc044e ; jne 0xfffc044e +push eax +movzx ecx, byte [ebx + 0x248f] +mov edx, esi +push 1 mov eax, ebx -mov edx, dword [ebp - 0x20] -push edi -call fcn_fffa7d98 ; call 0xfffa7d98 +push 0 +push 0 +call fcn_fffbf98a ; call 0xfffbf98a add esp, 0x10 -test eax, eax -jne loc_fffc0a25 ; jne 0xfffc0a25 -xor edx, edx -cmp byte [ebp - 0x24], 0x21 -ja short loc_fffc0927 ; ja 0xfffc0927 -mov eax, dword [ebp - 0x1c] -movzx edx, byte [eax + ref_fffd5f1c] ; movzx edx, byte [eax - 0x2a0e4] - -loc_fffc0927: ; not directly referenced -imul esi, edx, 0x48 -xor eax, eax -mov byte [ebp - 0x28], 0 -mov dword [ebp - 0x44], esi - -loc_fffc0933: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x28], 1 -setbe dl -test cl, dl -je loc_fffc0a25 ; je 0xfffc0a25 -mov al, byte [ebp - 0x28] -movzx esi, al -mov dword [ebp - 0x30], esi -mov esi, dword [ebp - 0x3c] -bt esi, eax -jb short loc_fffc095f ; jb 0xfffc095f - -loc_fffc0958: ; not directly referenced -xor eax, eax -jmp near loc_fffc0a1d ; jmp 0xfffc0a1d -loc_fffc095f: ; not directly referenced -imul eax, dword [ebp - 0x30], 0x24 -mov esi, dword [ebp + 0x14] -mov dword [ebp - 0x24], 0x18 -mov byte [ebp - 0x29], 0 -add esi, eax -add eax, dword [ebp + 0x10] -mov dword [ebp - 0x34], esi -mov dword [ebp - 0x40], eax +loc_fffc044e: ; not directly referenced +lea esp, [ebp - 8] +pop ebx +pop esi +pop ebp +ret -loc_fffc097c: ; not directly referenced -mov al, byte [ebp - 0x29] -cmp al, byte [ebx + 0x2488] -jae short loc_fffc0958 ; jae 0xfffc0958 -imul edx, edi, 0x12 -movzx ecx, byte [ebp - 0x29] -imul eax, dword [ebp - 0x30], 9 -add eax, edx -mov edx, dword [ebp - 0x44] -mov esi, eax -add eax, ecx -lea eax, [eax + edx + 8] -add edx, esi -mov eax, dword [ebx + eax*8 + 0x2454] -lea edx, [ecx + edx + 8] -mov esi, 0xa -add eax, dword [ebx + edx*8 + 0x2450] -xor edx, edx -div esi -mov edx, dword [ebp - 0x40] -mov dword [edx + ecx*4], eax -shr eax, 1 -mov edx, 0x18 -cmp eax, 0x18 -cmovbe edx, eax -mov eax, dword [ebp - 0x34] -cmp dword [ebp - 0x24], edx -mov dword [eax + ecx*4], edx -mov ecx, dword [ebp - 0x1c] +fcn_fffc0455: ; not directly referenced +push ebp +mov ecx, 0xa +mov ebp, esp +push edi +push esi +mov esi, ref_fffd5410 ; mov esi, 0xfffd5410 +push ebx +sub esp, 0x6c +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x60] +mov byte [ebp - 0x67], 4 +mov byte [ebp - 0x66], 1 +mov eax, dword [ebx + 0x1887] +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +cmp eax, 0x306d0 +sete dl +cmp eax, 0x40650 +sete al +or dl, al +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +je loc_fffc0540 ; je 0xfffc0540 +mov cl, 1 +mov edx, 4 mov eax, ebx -cmovbe edx, dword [ebp - 0x24] -sub esp, 0xc +mov esi, 4 +call fcn_fffaab72 ; call 0xfffaab72 +mov edx, dword [ebp - 0x60] +mov ecx, 1 +cmp ax, dx +cmovae edx, eax +mov eax, ebx +mov word [ebp - 0x60], dx +mov edx, 1 +call fcn_fffaab72 ; call 0xfffaab72 +mov dx, word [ebp - 0x5e] +mov byte [ebp - 0x69], 1 +cmp ax, dx +cmovae edx, eax +cmp dword [ebx + 0x188b], 1 +mov word [ebp - 0x5e], dx +sete al +lea eax, [eax + eax*4 + 7] +movsx edi, al + +loc_fffc04fe: ; not directly referenced +mov al, byte [ebp - 0x69] +test byte [ebx + 0x248e], al +je short loc_fffc053a ; je 0xfffc053a +push eax +mov ecx, 3 +push 0 +push 0 +push 0xf push edi -mov dword [ebp - 0x24], edx -mov edx, dword [ebp - 0x20] -call fcn_fffa7d98 ; call 0xfffa7d98 -add esp, 0x10 -test eax, eax -jne short loc_fffc0a1d ; jne 0xfffc0a1d -cmp byte [ebp - 0x2a], 5 -jne short loc_fffc0a15 ; jne 0xfffc0a15 +push 0 +lea eax, [ebp - 0x60] push eax -movzx eax, byte [ebx + 0x2488] -push dword [ebp - 0x24] +lea eax, [ebp - 0x65] push eax -mov eax, dword [ebp - 0x38] -push dword [ebp - 0x34] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffc0a15: ; not directly referenced -inc byte [ebp - 0x29] -jmp near loc_fffc097c ; jmp 0xfffc097c +push 2 +lea eax, [ebp - 0x67] +push eax +movzx eax, byte [ebp - 0x69] +push 5 +lea edx, [ebp - 0x56] +push eax +mov eax, ebx +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 -loc_fffc0a1d: ; not directly referenced -inc byte [ebp - 0x28] -jmp near loc_fffc0933 ; jmp 0xfffc0933 +loc_fffc053a: ; not directly referenced +shl byte [ebp - 0x69], 1 +dec esi +jne short loc_fffc04fe ; jne 0xfffc04fe -loc_fffc0a25: ; not directly referenced +loc_fffc0540: ; not directly referenced lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffc0a2d: ; not directly referenced +fcn_fffc054a: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0xcfc -mov edi, dword [ebp + 0x18] -mov dword [ebp - 0xcc0], edx -mov dl, byte [ebp + 0xc] -mov esi, dword [ebp + 0x10] -mov dword [ebp - 0xc88], ecx -mov ecx, 7 -mov ebx, dword [ebp + 8] -mov dword [ebp - 0xca0], edi -mov edi, dword [ebp + 0x1c] -mov byte [ebp - 0xcee], dl -mov dl, byte [ebp + 0x14] -mov dword [ebp - 0xc98], esi -mov esi, ref_fffd5934 ; mov esi, 0xfffd5934 -mov dword [ebp - 0xc7c], eax -mov dword [ebp - 0xca4], edi -mov byte [ebp - 0xcef], dl -mov edx, edi -lea edi, [ebp - 0xc58] -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0xc3c] -mov esi, ref_fffd5950 ; mov esi, 0xfffd5950 -mov byte [ebp - 0xc9a], bl -mov byte [ebp - 0xc99], dl -mov cl, 7 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -lea edi, [ebp - 0xc20] -mov esi, ref_fffd596c ; mov esi, 0xfffd596c -mov cl, 7 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov esi, dword [eax + 0x5edc] -mov eax, dword [eax + 0x2443] -mov dword [ebp - 0xce8], esi -mov dword [ebp - 0xc84], eax -lea eax, [ebx - 1] -cmp al, 1 -ja loc_fffc199b ; ja 0xfffc199b -push esi -push 0 -push 0x10 -lea eax, [ebp - 0xc68] -push eax -mov eax, dword [ebp - 0xc84] -call dword [eax + 0x5c] ; ucall -add esp, 0x10 +sub esp, 0x140 +mov edi, dword [ebp + 8] +mov dword [ebp - 0xe4], 1 +mov dword [ebp - 0xe0], 1 +mov eax, dword [edi + 0x2444] +mov ebx, dword [edi + 0x5edd] +mov esi, eax +mov dword [ebp - 0x110], eax +mov eax, dword [edi + 0x1887] +mov dword [ebp - 0x108], eax +mov eax, dword [edi + 0x1883] +push 0 +push 0x10 +mov dword [ebp - 0x100], eax +lea eax, [ebp - 0xc8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 1 +push 3 +lea eax, [ebp - 0xee] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp dword [edi + 0x2481], 2 +mov byte [ebp - 0xf1], 0xfc +mov byte [ebp - 0xf0], 4 +mov byte [ebp - 0xef], 0 +jne loc_fffc0d43 ; jne 0xfffc0d43 +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x100], eax +mov eax, dword [edi + 0x2444] +mov esi, eax +mov dword [ebp - 0x110], eax +push eax +push 0 +push 0x10 +lea eax, [ebp - 0xb8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 1 +push 3 +lea eax, [ebp - 0xe8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0x10 xor eax, eax +mov byte [ebp - 0xeb], 0xfc +mov byte [ebp - 0xea], 4 +mov byte [ebp - 0xe9], 0 -loc_fffc0af6: ; not directly referenced -mov byte [ebp + eax - 0xc71], al +loc_fffc0639: ; not directly referenced +mov byte [ebp + eax - 0xd4], al inc eax cmp eax, 9 -jne short loc_fffc0af6 ; jne 0xfffc0af6 -movzx eax, bl -mov cl, byte [ebp - 0xca0] +jne short loc_fffc0639 ; jne 0xfffc0639 +mov ecx, 1 +mov edx, 5 +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 +xor ecx, ecx +mov edx, 5 +lea ebx, [edi + 0x2b51] +mov word [ebp - 0x138], ax +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 sub esp, 0xc -mov al, byte [eax + ref_fffd5f1c] ; mov al, byte [eax - 0x2a0e4] -mov edi, dword [ebp - 0xc7c] +mov ecx, 0x11 +mov word [ebp - 0x13c], ax +movzx eax, byte [edi + 0x248f] push 0 -dec ecx -mov byte [ebp - 0xc80], al -movzx eax, byte [ebp - 0xc88] -movzx ecx, cl -mov dword [ebp - 0xcec], eax mov edx, eax +mov dword [ebp - 0x10c], eax mov eax, edi -call fcn_fffb26ca ; call 0xfffb26ca -xor eax, eax +call fcn_fffae9e2 ; call 0xfffae9e2 +mov al, byte [ebp - 0xe7] +mov ecx, 2 +mov byte [ebp - 0x11c], al +mov al, byte [ebp - 0xe8] +add byte [ebp - 0x11c], al +mov al, byte [ebp - 0xe6] +add byte [ebp - 0x11c], al +lea eax, [edi + 0x2491] +mov dword [ebp - 0x140], eax +mov edx, eax +mov eax, edi +call fcn_fffa668b ; call 0xfffa668b add esp, 0x10 -mov byte [edi + 0x248b], 9 -mov edi, dword [ebp - 0xc98] -cmp bl, 1 -cmove eax, edi -mov byte [ebp - 0xc9c], al -inc eax -cmp byte [ebp - 0xca4], 0 -mov byte [ebp - 0xced], al -jne short loc_fffc0b82 ; jne 0xfffc0b82 -push ecx -push 0 -lea eax, [ebp - 0xc04] -push 0x1c -push eax -mov eax, dword [ebp - 0xc84] -call dword [eax + 0x5c] ; ucall -jmp short loc_fffc0b9c ; jmp 0xfffc0b9c +xor ecx, ecx -loc_fffc0b82: ; not directly referenced -push edx -push 0x1c -lea eax, [ebp - 0xc20] +loc_fffc06dc: ; not directly referenced +mov eax, dword [ebp - 0x10c] +mov dword [ebp + ecx*4 - 0xdc], 0 +bt eax, ecx +jae short loc_fffc0714 ; jae 0xfffc0714 +mov eax, dword [ebx + 4] +mov esi, 0x14 +xor edx, edx +add eax, dword [ebx] +div esi +mov si, 0xc +lea edx, [eax - 1] +cmp edx, 0xb +cmova eax, esi +mov dword [ebp + ecx*4 - 0xdc], eax + +loc_fffc0714: ; not directly referenced +inc ecx +add ebx, 0x48 +cmp ecx, 2 +jne short loc_fffc06dc ; jne 0xfffc06dc push eax -lea eax, [ebp - 0xc04] +push 0 +push 0x80 +lea eax, [ebp - 0x98] push eax -mov eax, dword [ebp - 0xc84] -call dword [eax + 0x58] ; ucall - -loc_fffc0b9c: ; not directly referenced +mov eax, dword [ebp - 0x110] +call dword [eax + 0x5c] ; ucall +mov eax, dword [ebp - 0x100] add esp, 0x10 -xor edx, edx +mov dword [ebp - 0xfc], 0 +add eax, 0x70 +mov dword [ebp - 0x134], eax + +loc_fffc0751: ; not directly referenced xor esi, esi -xor eax, eax -mov edi, 6 -loc_fffc0baa: ; not directly referenced -movzx ecx, al -add esi, dword [ebp + ecx*4 - 0xc58] -add edx, dword [ebp + ecx*4 - 0xc3c] -cmp byte [ebp - 0xc99], 0 -mov dword [ebp - 0xcd8], esi -mov dword [ebp - 0xcdc], edx -cmove eax, edi -inc eax -cmp al, 7 -jne short loc_fffc0baa ; jne 0xfffc0baa -movzx eax, byte [ebp - 0xc80] -cmp bl, 1 -sete byte [ebp - 0xc9b] -add byte [ebp - 0xc9b], 8 -dec bl -setne byte [ebp - 0xca0] -imul eax, eax, 0x240 -add eax, dword [ebp - 0xcc0] -add byte [ebp - 0xca0], 4 -mov dword [ebp - 0xcbc], eax -movzx eax, byte [ebp - 0xc9a] -mov dword [ebp - 0xc80], 0 -mov dword [ebp - 0xce4], eax -movzx eax, byte [ebp - 0xca0] -mov dword [ebp - 0xcb4], eax +loc_fffc0753: ; not directly referenced +mov eax, dword [ebp - 0x10c] +bt eax, esi +jb short loc_fffc0768 ; jb 0xfffc0768 -loc_fffc0c34: ; not directly referenced -mov eax, dword [ebp - 0xce8] -mov edi, 1 +loc_fffc075e: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffc0753 ; jne 0xfffc0753 +xor esi, esi +jmp short loc_fffc07bd ; jmp 0xfffc07bd + +loc_fffc0768: ; not directly referenced +mov eax, dword [ebp - 0xfc] +mov ecx, 0xc xor ebx, ebx -mov cl, byte [ebp - 0xc80] -mov byte [ebp - 0xc98], 0 -add eax, 0x70 -shl edi, cl -mov esi, eax -mov dword [ebp - 0xcc8], eax +movsx eax, byte [ebp + eax - 0xeb] +imul eax, dword [ebp + esi*4 - 0xdc] +cdq +idiv ecx +mov dword [ebp - 0x100], eax -loc_fffc0c5b: ; not directly referenced -mov eax, dword [ebp - 0xcec] -bt eax, ebx -jae short loc_fffc0ca5 ; jae 0xfffc0ca5 -mov eax, dword [ebp - 0xc7c] -mov ecx, edi -mov edx, ebx -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0xc98], al -movzx eax, byte [ebp - 0xc98] -bt eax, ebx -jae short loc_fffc0ca5 ; jae 0xfffc0ca5 -push eax -mov eax, dword [ebp - 0xc7c] +loc_fffc078e: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffc075e ; jae 0xfffc075e +push 1 +movzx eax, bl push 0 -movzx eax, byte [eax + 0x2488] -push eax -mov eax, dword [ebp - 0xc84] -push esi -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffc0ca5: ; not directly referenced inc ebx -add esi, 0xcc -cmp ebx, 2 -jne short loc_fffc0c5b ; jne 0xfffc0c5b -cmp byte [ebp - 0xc98], 0 -jne short loc_fffc0d04 ; jne 0xfffc0d04 - -loc_fffc0cba: ; not directly referenced -inc dword [ebp - 0xc80] -cmp dword [ebp - 0xc80], 4 -jne loc_fffc0c34 ; jne 0xfffc0c34 -mov edi, dword [ebp - 0xc7c] -movzx eax, byte [ebp - 0xca0] -mov byte [edi + 0x247a], 0 -push 2 -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 push 1 push 0 -push 0 push eax -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp near loc_fffc19a7 ; jmp 0xfffc19a7 - -loc_fffc0d04: ; not directly referenced -cmp byte [ebp - 0xcef], 1 -jne short loc_fffc0d3e ; jne 0xfffc0d3e -push 0 -movzx eax, byte [ebp - 0xc9b] push 0 -push 1 -push 0 -push 0 -push dword [ebp - 0xc80] +push esi push 0 -push 1 push 0 -push 0x88888888 -push eax -push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 +push dword [ebp - 0x100] +push 2 +push edi +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 +jmp short loc_fffc078e ; jmp 0xfffc078e -loc_fffc0d3e: ; not directly referenced +loc_fffc07bd: ; not directly referenced +mov eax, dword [ebp - 0x134] +mov ecx, esi xor ebx, ebx -cmp byte [ebp - 0xc99], 0 -je loc_fffc0e26 ; je 0xfffc0e26 -sub esp, 0xc -movzx edx, byte [ebp - 0xc98] -lea eax, [ebp - 0xc68] -mov ecx, dword [ebp - 0xc80] -push eax -lea ebx, [ebp - 0xbe8] -push ebx -lea eax, [ebp - 0xba0] -push eax -lea eax, [ebp - 0xc71] -push eax -mov eax, dword [ebp - 0xc7c] -push dword [ebp - 0xcb4] -call fcn_fffc0855 ; call 0xfffc0855 -add esp, 0x20 -test eax, eax -jne short loc_fffc0de8 ; jne 0xfffc0de8 - -loc_fffc0d91: ; not directly referenced -push eax -mov ecx, dword [ebp - 0xce4] -push eax -mov edx, dword [ebp - 0xcc0] -push edi -mov edi, dword [ebp - 0xc80] -mov eax, dword [ebp - 0xc7c] -push edi -call fcn_fffa7e6c ; call 0xfffa7e6c -mov al, byte [ebp - 0xc98] -add esp, 0x10 -mov dword [ebp - 0xcac], 0 -movzx ebx, al -and eax, 2 -movzx eax, al -mov dword [ebp - 0xca8], eax -imul eax, edi, 0x12 -mov dword [ebp - 0xc88], ebx -mov dword [ebp - 0xcc4], eax -jmp near loc_fffc0feb ; jmp 0xfffc0feb - -loc_fffc0de8: ; not directly referenced -mov esi, dword [ebp - 0xc7c] -push eax -push 0x18 -movzx eax, byte [esi + 0x2488] -push eax -push ebx -mov ebx, dword [ebp - 0xc84] -mov eax, ebx -call dword [eax + 0x64] ; ucall -add esp, 0xc -push 0x18 -movzx eax, byte [esi + 0x2488] -push eax -lea eax, [ebp - 0xbc4] -push eax -mov eax, ebx -call dword [eax + 0x64] ; ucall -add esp, 0x10 -jmp near loc_fffc0d91 ; jmp 0xfffc0d91 +mov dword [ebp - 0x100], 1 +shl dword [ebp - 0x100], cl +mov dword [ebp - 0x108], eax +mov byte [ebp - 0x104], 0 -loc_fffc0e26: ; not directly referenced -mov esi, dword [ebp - 0xc7c] -push eax -push 1 -movzx eax, byte [esi + 0x2488] -push eax -lea eax, [ebp - 0xba0] -add eax, ebx -push eax -mov eax, dword [ebp - 0xc84] -call dword [eax + 0x64] ; ucall -add esp, 0xc -push 1 -movzx eax, byte [esi + 0x2488] -lea esi, [ebp - 0xbe8] +loc_fffc07e4: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc0826 ; jne 0xfffc0826 +mov ecx, dword [ebp - 0x100] +mov edx, ebx +mov eax, edi +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x104], al push eax -lea eax, [esi + ebx] -add ebx, 0x24 +push 0 +movzx eax, byte [edi + 0x2489] push eax -mov eax, dword [ebp - 0xc84] +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x108] call dword [eax + 0x64] ; ucall add esp, 0x10 -cmp ebx, 0x48 -je loc_fffc0d91 ; je 0xfffc0d91 -jmp short loc_fffc0e26 ; jmp 0xfffc0e26 - -loc_fffc0e7a: ; not directly referenced -cmp byte [ebp - 0xc9c], 0 -jne loc_fffc100a ; jne 0xfffc100a - -loc_fffc0e87: ; not directly referenced -xor ebx, ebx - -loc_fffc0e89: ; not directly referenced -lea eax, [ebp - 0xbe8] -xor edi, edi -mov dword [ebp - 0xcb0], eax -movzx eax, bl -mov dword [ebp - 0xcd0], eax -loc_fffc0ea0: ; not directly referenced -mov eax, dword [ebp - 0xc88] -bt eax, edi -jb loc_fffc1065 ; jb 0xfffc1065 - -loc_fffc0eaf: ; not directly referenced -inc edi -add dword [ebp - 0xcb0], 0x24 -cmp edi, 2 -jne short loc_fffc0ea0 ; jne 0xfffc0ea0 -push eax -mov ecx, dword [ebp - 0xc88] -push eax -mov edx, dword [ebp - 0xcc0] -lea eax, [ebp - 0xc68] -push eax -push 0x1f -lea eax, [ebp - 0xc71] -push eax -mov eax, dword [ebp - 0xc80] -push dword [ebp - 0xce4] +loc_fffc0826: ; not directly referenced +inc ebx +add dword [ebp - 0x108], 0xcc +cmp ebx, 2 +jne short loc_fffc07e4 ; jne 0xfffc07e4 +push ecx +mov edx, dword [ebp - 0x140] +push ecx +movzx ecx, byte [ebp - 0x104] +lea eax, [ebp - 0xb8] push eax +push 0x25 +lea eax, [ebp - 0xd4] push eax -mov eax, dword [ebp - 0xc7c] -call fcn_fffd13ed ; call 0xfffd13ed -movzx eax, bl +mov eax, edi +push 5 +push 0 +push esi +inc esi +call fcn_fffd16df ; call 0xfffd16df add esp, 0x20 -mov dword [ebp - 0xce0], eax -imul eax, eax, 0x12 -mov dword [ebp - 0xcb0], 0 -mov dword [ebp - 0xcfc], eax - -loc_fffc0f12: ; not directly referenced -mov eax, dword [ebp - 0xc88] -mov edi, dword [ebp - 0xcb0] -bt eax, edi -jb loc_fffc10f7 ; jb 0xfffc10f7 - -loc_fffc0f27: ; not directly referenced -inc dword [ebp - 0xcb0] -cmp dword [ebp - 0xcb0], 2 -jne short loc_fffc0f12 ; jne 0xfffc0f12 -cmp byte [ebp - 0xc99], 0 -mov al, 7 -cmove ebx, eax -inc ebx -cmp bl, 6 -jbe loc_fffc0e89 ; jbe 0xfffc0e89 -mov eax, dword [ebp - 0xc7c] +cmp esi, 2 +jne loc_fffc07bd ; jne 0xfffc07bd +lea eax, [ebp - 0xa8] xor esi, esi -add eax, 0x3756 -mov dword [ebp - 0xcb0], eax -mov eax, dword [ebp - 0xcc8] -mov dword [ebp - 0xcb8], eax -imul eax, dword [ebp - 0xc80], 9 -mov dword [ebp - 0xcd4], eax +mov dword [ebp - 0x130], eax +lea eax, [ebp - 0x98] +mov dword [ebp - 0x128], eax -loc_fffc0f78: ; not directly referenced -mov eax, dword [ebp - 0xc88] +loc_fffc0888: ; not directly referenced +mov eax, dword [ebp - 0x10c] bt eax, esi -jae short loc_fffc0fcb ; jae 0xfffc0fcb -mov eax, dword [ebp - 0xcb0] -add eax, dword [ebp - 0xcd4] -mov byte [ebp - 0xca4], 0 -mov dword [ebp - 0xcd0], eax - -loc_fffc0f9c: ; not directly referenced -mov eax, dword [ebp - 0xc7c] -movzx eax, byte [eax + 0x2488] -cmp byte [ebp - 0xca4], al -jb loc_fffc1253 ; jb 0xfffc1253 -push edx -push 0 -push eax -mov eax, dword [ebp - 0xc84] -push dword [ebp - 0xcb8] -call dword [eax + 0x64] ; ucall -add esp, 0x10 +jb short loc_fffc08ac ; jb 0xfffc08ac -loc_fffc0fcb: ; not directly referenced +loc_fffc0893: ; not directly referenced inc esi -add dword [ebp - 0xcb8], 0xcc -add dword [ebp - 0xcb0], 0x13c3 +add dword [ebp - 0x128], 0x40 +add dword [ebp - 0x130], 8 cmp esi, 2 -jne short loc_fffc0f78 ; jne 0xfffc0f78 -inc dword [ebp - 0xcac] - -loc_fffc0feb: ; not directly referenced -mov ebx, dword [ebp - 0xcac] -mov al, byte [ebp - 0xced] -mov byte [ebp - 0xccc], bl -cmp bl, al -jb loc_fffc0e7a ; jb 0xfffc0e7a -jmp near loc_fffc13ab ; jmp 0xfffc13ab +jne short loc_fffc0888 ; jne 0xfffc0888 +jmp near loc_fffc0a5e ; jmp 0xfffc0a5e -loc_fffc100a: ; not directly referenced -test byte [ebp - 0xc98], 1 -je short loc_fffc1033 ; je 0xfffc1033 -mov cl, byte [ebp - 0xcac] -mov eax, 0x55 -mov edx, 0x409a -shl eax, cl -movzx ecx, al -mov eax, dword [ebp - 0xc7c] -call fcn_fffae566 ; call 0xfffae566 +loc_fffc08ac: ; not directly referenced +imul edx, esi, 0x13c3 +mov ebx, dword [ebp - 0x130] +mov ecx, dword [ebp - 0x128] +mov dword [ebp - 0x108], 0 +mov al, byte [edi + edx + 0x381b] +lea edx, [edi + edx + 0x49c2] +mov dword [ebp - 0x100], ebx +mov dword [ebp - 0x12c], ecx +mov dword [ebp - 0x120], edx +mov byte [ebp - 0x141], al +imul eax, esi, 0x48 +add eax, edi -loc_fffc1033: ; not directly referenced -cmp dword [ebp - 0xca8], 0 -je loc_fffc0e87 ; je 0xfffc0e87 -mov cl, byte [ebp - 0xcac] -mov eax, 0x55 -mov edx, 0x449a -shl eax, cl -movzx ecx, al -mov eax, dword [ebp - 0xc7c] -call fcn_fffae566 ; call 0xfffae566 -jmp near loc_fffc0e87 ; jmp 0xfffc0e87 +loc_fffc08f3: ; not directly referenced +mov cl, byte [ebp - 0x108] +mov edx, 1 +shl edx, cl +test byte [ebp - 0x141], dl +jne short loc_fffc0936 ; jne 0xfffc0936 -loc_fffc1065: ; not directly referenced -mov eax, dword [ebp - 0xc88] -lea ecx, [edi + 1] -mov byte [ebp - 0xca4], 1 -sar eax, cl -cmp byte [ebp - 0xca0], 4 -mov dword [ebp - 0xcb8], eax -jne short loc_fffc1098 ; jne 0xfffc1098 -mov eax, dword [ebp - 0xc7c] -mov al, byte [eax + 0x2488] -mov byte [ebp - 0xca4], al +loc_fffc0908: ; not directly referenced +inc dword [ebp - 0x108] +add eax, 0x90 +add dword [ebp - 0x120], 0x18 +add dword [ebp - 0x12c], 0x20 +add dword [ebp - 0x100], 4 +cmp dword [ebp - 0x108], 2 +jne short loc_fffc08f3 ; jne 0xfffc08f3 +jmp near loc_fffc0893 ; jmp 0xfffc0893 -loc_fffc1098: ; not directly referenced -xor esi, esi +loc_fffc0936: ; not directly referenced +cmp byte [ebp - 0xfc], 0 +jne short loc_fffc094b ; jne 0xfffc094b +mov ebx, dword [ebp - 0x100] +mov dword [ebx], 0xffffffff -loc_fffc109a: ; not directly referenced -mov eax, esi -cmp byte [ebp - 0xca4], al -jbe loc_fffc0eaf ; jbe 0xfffc0eaf -push 0 -mov eax, dword [ebp - 0xcb0] -push dword [ebp - 0xcb8] -mov ecx, dword [ebp - 0xcd0] -push 0 -push 0 -push esi -push dword [ebp - 0xc80] -push edi -push 0 -push 0 -mov eax, dword [eax + esi*4] -inc esi -imul eax, dword [ebp + ecx*4 - 0xc04] -mov ecx, 0x18 -cdq -idiv ecx -push eax -push dword [ebp - 0xcb4] -push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp short loc_fffc109a ; jmp 0xfffc109a +loc_fffc094b: ; not directly referenced +mov dl, byte [edi + 0x2489] +mov byte [ebp - 0x124], dl +xor edx, edx -loc_fffc10f7: ; not directly referenced -imul eax, dword [ebp - 0xcb0], 9 -mov byte [ebp - 0xcb8], 0 -mov dword [ebp - 0xca4], eax -mov eax, dword [ebp - 0xcfc] -add eax, dword [ebp - 0xca4] -mov dword [ebp - 0xcf8], eax +loc_fffc0959: ; not directly referenced +cmp byte [ebp - 0x124], dl +jbe short loc_fffc0987 ; jbe 0xfffc0987 +mov ebx, dword [ebp - 0x100] +mov ecx, dword [eax + edx*8 + 0x2915] +cmp dword [eax + edx*8 + 0x2911], ecx +cmovbe ecx, dword [eax + edx*8 + 0x2911] +cmp ecx, dword [ebx] +cmova ecx, dword [ebx] +inc edx +mov dword [ebx], ecx +jmp short loc_fffc0959 ; jmp 0xfffc0959 -loc_fffc111d: ; not directly referenced -mov edx, dword [ebp - 0xc7c] -mov al, byte [ebp - 0xcb8] -cmp al, byte [edx + 0x2488] -jae loc_fffc0f27 ; jae 0xfffc0f27 -mov eax, dword [ebp - 0xcc4] -mov edi, dword [ebp - 0xca4] -movzx ecx, byte [ebp - 0xcb8] -mov esi, dword [ebp - 0xcbc] -lea edx, [eax + edi] -add edx, ecx -lea eax, [esi + edx*8] -mov esi, dword [esi + edx*8] -mov dword [ebp - 0xcd0], eax -mov eax, dword [eax + 4] -mov dword [ebp - 0xcd4], esi -mov edx, eax -sub edx, esi -mov dword [ebp - 0xcf4], edx -test bl, bl -jne short loc_fffc119a ; jne 0xfffc119a -add eax, dword [ebp - 0xcd4] +loc_fffc0987: ; not directly referenced xor edx, edx -lea esi, [edi + ecx] -mov edi, 0xa -mov dword [ebp + esi*4 - 0xb10], 0 -div edi -mov dword [ebp + esi*4 - 0xb58], eax - -loc_fffc119a: ; not directly referenced -mov eax, dword [ebp - 0xca4] -lea esi, [eax + ecx] -mov eax, dword [ebp - 0xce0] -mov edi, esi -mov esi, dword [ebp + esi*4 - 0xb58] -mov edx, dword [ebp + edi*4 - 0xba0] -imul esi, dword [ebp + eax*4 - 0xc3c] -imul edx, dword [ebp + eax*4 - 0xc58] -add edx, esi -mov esi, dword [ebp - 0xcf8] -imul edx, dword [ebp - 0xcf4] -add dword [ebp + edi*4 - 0xb10], edx -cmp dword [ebp + eax*4 - 0xc04], 0 -lea edx, [esi + ecx] -mov esi, dword [ebp - 0xcd4] -mov dword [ebp + edx*8 - 0x888], esi -mov esi, dword [ebp - 0xcd0] -mov esi, dword [esi + 4] -mov dword [ebp + edx*8 - 0x884], esi -jns short loc_fffc1248 ; jns 0xfffc1248 -cmp bl, 6 -je short loc_fffc1248 ; je 0xfffc1248 -cmp dword [ebp + eax*4 - 0xc00], 0 -jle short loc_fffc1248 ; jle 0xfffc1248 -mov eax, dword [ebp - 0xcc4] -mov edx, dword [ebp - 0xca4] -mov esi, dword [ebp + edi*8 - 0x888] -add edx, eax -mov eax, dword [ebp - 0xcbc] -add ecx, edx -mov dword [eax + ecx*8], esi -mov ecx, dword [ebp - 0xcd0] -mov eax, dword [ebp + edi*8 - 0x884] -mov dword [ecx + 4], eax - -loc_fffc1248: ; not directly referenced -inc byte [ebp - 0xcb8] -jmp near loc_fffc111d ; jmp 0xfffc111d - -loc_fffc1253: ; not directly referenced -movzx ebx, byte [ebp - 0xca4] -lea ecx, [esi + esi*8] -mov edi, dword [ebp - 0xcdc] -mov eax, dword [ebp - 0xcd8] -add ecx, ebx -imul edi, dword [ebp + ecx*4 - 0xb58] -imul eax, dword [ebp + ecx*4 - 0xba0] -add edi, eax -je loc_fffc19a2 ; je 0xfffc19a2 -mov edx, dword [ebp + ecx*4 - 0xb10] -mov eax, edx -sar eax, 0x1f -or eax, 1 -movsx eax, al -imul eax, edi -imul edi, edi, 0x14 -imul eax, eax, 0xa -add eax, edx -cdq -idiv edi -cmp byte [ebp - 0xc9a], 1 -mov edi, eax -mov dword [ebp + ecx*4 - 0xb10], eax -jne short loc_fffc1310 ; jne 0xfffc1310 -cmp byte [ebp - 0xccc], 0 -jne short loc_fffc12cb ; jne 0xfffc12cb -mov ecx, dword [ebp - 0xcd0] -add byte [ebx + ecx + 0x104a], al -loc_fffc12cb: ; not directly referenced -cmp byte [ebp - 0xccc], 1 -sete dl -cmp byte [ebp - 0xc9c], 0 -sete al -or dl, al -je short loc_fffc1345 ; je 0xfffc1345 -mov edx, dword [ebp - 0xcd0] -mov eax, edi -mov ecx, dword [ebp - 0xc80] -add byte [ebx + edx + 0x106e], al -mov edx, esi -push eax -mov eax, dword [ebp - 0xc7c] -push 0 -push 0xff -push ebx -call fcn_fffa7499 ; call 0xfffa7499 -jmp short loc_fffc1342 ; jmp 0xfffc1342 +loc_fffc0989: ; not directly referenced +mov ecx, dword [ebp - 0x120] +movzx ecx, byte [ecx + edx + 0x10] +test cl, cl +je loc_fffc0908 ; je 0xfffc0908 +mov dword [ebp - 0x104], 0 +mov dword [ebp - 0x118], 0xffffffff +mov dword [ebp - 0x114], 0xffffffff -loc_fffc1310: ; not directly referenced -mov eax, dword [ebp - 0xcd4] -mov edx, esi -mov ecx, dword [ebp - 0xcb0] -add eax, ebx -add word [ecx + eax*2 + 0x169], di -mov eax, dword [ebp - 0xc7c] -push ecx -mov ecx, dword [ebp - 0xc80] -push 0 -push 0xff -push ebx -call fcn_fffa73b0 ; call 0xfffa73b0 +loc_fffc09ba: ; not directly referenced +mov bl, byte [ebp - 0x104] +cmp byte [ebp - 0x124], bl +jbe short loc_fffc0a1d ; jbe 0xfffc0a1d +mov ebx, dword [ebp - 0x104] +bt ecx, ebx +jae short loc_fffc0a15 ; jae 0xfffc0a15 +mov dword [ebp - 0x148], edx +mov edx, dword [ebp - 0x114] +cmp edx, dword [eax + ebx*8 + 0x2911] +cmova edx, dword [eax + ebx*8 + 0x2911] +mov dword [ebp - 0x114], edx +mov edx, dword [ebp - 0x118] +cmp edx, dword [eax + ebx*8 + 0x2915] +cmova edx, dword [eax + ebx*8 + 0x2915] +mov dword [ebp - 0x118], edx +mov edx, dword [ebp - 0x148] -loc_fffc1342: ; not directly referenced -add esp, 0x10 +loc_fffc0a15: ; not directly referenced +inc dword [ebp - 0x104] +jmp short loc_fffc09ba ; jmp 0xfffc09ba -loc_fffc1345: ; not directly referenced -imul edi, edi, 0xa -xor ecx, ecx -lea edx, [esi + esi*8] +loc_fffc0a1d: ; not directly referenced +mov ecx, dword [ebp - 0xfc] +movzx ebx, byte [ebp + ecx - 0xe8] +mov ecx, dword [ebp - 0x118] +sub ecx, dword [ebp - 0x114] +mov dword [ebp - 0x104], ebx +mov ebx, dword [ebp - 0x104] +imul ebx, ecx +mov ecx, dword [ebp - 0x12c] +add dword [ecx + edx*4], ebx +inc edx +cmp edx, 8 +jne loc_fffc0989 ; jne 0xfffc0989 +jmp near loc_fffc0908 ; jmp 0xfffc0908 -loc_fffc134d: ; not directly referenced -movzx eax, cl -imul eax, eax, 0x12 +loc_fffc0a5e: ; not directly referenced +inc dword [ebp - 0xfc] +cmp dword [ebp - 0xfc], 3 +jne loc_fffc0751 ; jne 0xfffc0751 +movzx edx, word [ebp - 0x138] +movzx eax, word [ebp - 0x13c] +mov dword [ebp - 0x120], edi +mov dword [ebp - 0xfc], 0 add eax, edx -add eax, ebx -add dword [ebp + eax*8 - 0x888], edi -sub dword [ebp + eax*8 - 0x884], edi -mov al, 7 -cmp byte [ebp - 0xc99], 0 -cmove ecx, eax -inc ecx -cmp cl, 6 -jbe short loc_fffc134d ; jbe 0xfffc134d -lea ecx, [esi + esi*8] -mov edi, dword [ebp - 0xcbc] -lea eax, [ecx + ebx] -mov edx, dword [ebp + eax*8 - 0x888] -add ecx, dword [ebp - 0xcc4] -inc byte [ebp - 0xca4] -add ebx, ecx -mov dword [edi + ebx*8], edx -mov eax, dword [ebp + eax*8 - 0x884] -mov dword [edi + ebx*8 + 4], eax -jmp near loc_fffc0f9c ; jmp 0xfffc0f9c - -loc_fffc13ab: ; not directly referenced -cmp byte [ebp - 0xcee], 0 -je loc_fffc0cba ; je 0xfffc0cba -cmp byte [ebp - 0xc99], 0 -jne short loc_fffc140e ; jne 0xfffc140e - -loc_fffc13c1: ; not directly referenced -mov eax, dword [ebp - 0xc98] -and eax, 1 -mov dword [ebp - 0xcb0], eax -je short loc_fffc13e7 ; je 0xfffc13e7 -mov eax, dword [ebp - 0xc7c] -mov ecx, 0xffff3001 -mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c +mov dword [ebp - 0x12c], eax +movsx eax, byte [ebp - 0x11c] +sar dword [ebp - 0x12c], 2 +imul esi, eax, 0xa +imul eax, eax, 0x14 +mov dword [ebp - 0x138], esi +mov dword [ebp - 0x13c], eax +mov eax, dword [ebp - 0x134] +mov dword [ebp - 0x130], eax +lea eax, [edi + 0x49c2] +mov dword [ebp - 0x114], eax +lea eax, [ebp - 0xa8] +mov dword [ebp - 0x11c], eax +lea eax, [ebp - 0x98] +mov dword [ebp - 0x124], eax -loc_fffc13e7: ; not directly referenced -cmp dword [ebp - 0xca8], 0 -je loc_fffc1493 ; je 0xfffc1493 -mov eax, dword [ebp - 0xc7c] -mov ecx, 0xffff3001 -mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc1493 ; jmp 0xfffc1493 +loc_fffc0ae7: ; not directly referenced +mov eax, dword [ebp - 0x10c] +mov esi, dword [ebp - 0xfc] +bt eax, esi +jae loc_fffc0d02 ; jae 0xfffc0d02 +mov eax, dword [ebp - 0x114] +mov dword [ebp - 0x100], 0 +lea esi, [eax - 0x126b] +mov dword [ebp - 0x134], esi +mov esi, dword [ebp - 0x120] +mov dword [ebp - 0x108], eax +mov dword [ebp - 0x128], esi +mov esi, dword [ebp - 0x124] -loc_fffc140e: ; not directly referenced -sub esp, 0xc -mov ecx, dword [ebp - 0xc80] -lea eax, [ebp - 0xc68] -mov edx, dword [ebp - 0xc88] -push eax -lea ebx, [ebp - 0xbe8] -push ebx -lea eax, [ebp - 0xba0] -push eax -lea eax, [ebp - 0xc71] -push eax -mov eax, dword [ebp - 0xc7c] -push dword [ebp - 0xcb4] -call fcn_fffc0855 ; call 0xfffc0855 -add esp, 0x20 -test eax, eax -je loc_fffc13c1 ; je 0xfffc13c1 -push edi -mov edi, dword [ebp - 0xc7c] -push 0x18 -movzx eax, byte [edi + 0x2488] -push eax -push ebx -mov ebx, dword [ebp - 0xc84] -mov eax, ebx -call dword [eax + 0x64] ; ucall -add esp, 0xc -push 0x18 -movzx eax, byte [edi + 0x2488] -push eax -lea eax, [ebp - 0xbc4] +loc_fffc0b30: ; not directly referenced +mov ebx, dword [ebp - 0x114] +mov cl, byte [ebp - 0x100] +mov dword [ebp - 0x104], 1 +shl dword [ebp - 0x104], cl +mov al, byte [ebp - 0x104] +test byte [ebx - 0x11a7], al +je loc_fffc0cbe ; je 0xfffc0cbe +mov eax, dword [ebp - 0x108] +mov ebx, dword [ebp - 0x11c] +mov edx, dword [ebp - 0x100] +mov ecx, dword [ebp - 0x12c] +mov ax, word [eax + 0xc] +or al, 0x80 +cmp dword [ebx + edx*4], ecx +jbe short loc_fffc0bac ; jbe 0xfffc0bac +imul edx, edx, 0x70 +mov ebx, dword [ebp - 0x134] +and eax, 0xffffff80 +or eax, 0xd +mov word [ebx + edx + 0x109f], ax +mov ebx, dword [ebp - 0x108] +mov word [ebx + 0xc], ax +movzx eax, ax +push edx +push edx push eax -mov eax, ebx -call dword [eax + 0x64] ; ucall -add esp, 0x10 -jmp near loc_fffc13c1 ; jmp 0xfffc13c1 - -loc_fffc1493: ; not directly referenced -movzx eax, byte [ebp - 0xc9b] -mov byte [ebp - 0xc98], 0 -mov dword [ebp - 0xcd0], eax +push 6 +jmp short loc_fffc0c08 ; jmp 0xfffc0c08 -loc_fffc14a7: ; not directly referenced -lea eax, [ebp - 0xbe8] +loc_fffc0bac: ; not directly referenced +mov eax, dword [ebp - 0x108] xor ebx, ebx -mov dword [ebp - 0xcac], eax -movzx eax, byte [ebp - 0xc98] -lea edi, [ebp - 0x498] -mov dword [ebp - 0xcc4], eax - -loc_fffc14c8: ; not directly referenced -mov eax, dword [ebp - 0xc88] -bt eax, ebx -jb loc_fffc1582 ; jb 0xfffc1582 - -loc_fffc14d7: ; not directly referenced -mov eax, dword [ebp - 0xc84] -inc ebx -push esi -push 8 -push 0x90 -push edi -add edi, 0x240 -call dword [eax + 0x64] ; ucall -add esp, 0x10 -add dword [ebp - 0xcac], 0x24 -cmp ebx, 2 -jne short loc_fffc14c8 ; jne 0xfffc14c8 -movzx eax, byte [ebp - 0xc98] -mov ebx, dword [ebp - 0xc7c] -mov edx, dword [ebp - 0xc88] -mov dword [ebp - 0xcd4], eax -imul eax, eax, 0x90 -mov byte [ebx + 0x248c], 1 -push ecx -mov ecx, dword [ebp - 0xc80] -push dword [ebp - 0xcd0] -lea eax, [ebp + eax - 0x888] +mov ecx, dword [ebp - 0x104] +mov edx, dword [ebp - 0xfc] +mov ax, word [eax + 6] +mov word [ebp - 0x118], ax +or word [ebp - 0x118], 0x10 push eax -lea eax, [ebp - 0x498] push eax -mov eax, ebx -call fcn_fffbfaf9 ; call 0xfffbfaf9 -lea eax, [ebp - 0xac8] +movzx eax, word [ebp - 0x118] +push eax +mov eax, edi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -mov dword [ebp - 0xcac], eax -lea eax, [ebp - 0xba0] -xor ebx, ebx -mov dword [ebp - 0xcc4], eax -lea eax, [ebp - 0xb58] -mov dword [ebp - 0xcb8], eax -lea eax, [ebp - 0x498] -mov dword [ebp - 0xccc], eax -jmp near loc_fffc1640 ; jmp 0xfffc1640 - -loc_fffc1582: ; not directly referenced -mov eax, dword [ebp - 0xc88] -lea ecx, [ebx + 1] -mov byte [ebp - 0xca4], 1 -sar eax, cl -cmp byte [ebp - 0xca0], 4 -mov dword [ebp - 0xcb8], eax -jne short loc_fffc15b5 ; jne 0xfffc15b5 -mov eax, dword [ebp - 0xc7c] -mov al, byte [eax + 0x2488] -mov byte [ebp - 0xca4], al -loc_fffc15b5: ; not directly referenced -xor esi, esi +loc_fffc0be9: ; not directly referenced +mov eax, dword [ebp - 0x108] +movzx ecx, byte [eax + ebx + 0x10] +test cl, cl +jne short loc_fffc0c23 ; jne 0xfffc0c23 -loc_fffc15b7: ; not directly referenced -mov eax, esi -cmp byte [ebp - 0xca4], al -jbe loc_fffc14d7 ; jbe 0xfffc14d7 -push 0 -mov eax, dword [ebp - 0xcac] -mov ecx, 0x18 -push dword [ebp - 0xcb8] -mov edx, dword [ebp - 0xcc4] -push 0 -push 0 -push esi -push dword [ebp - 0xc80] +loc_fffc0bf8: ; not directly referenced +mov eax, dword [ebp - 0x118] push ebx -push 0 -push 0 -mov eax, dword [eax + esi*4] -inc esi -imul eax, dword [ebp + edx*4 - 0xc04] -cdq -idiv ecx +push ebx +and eax, 0xffef push eax -push dword [ebp - 0xcb4] -push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp short loc_fffc15b7 ; jmp 0xfffc15b7 - -loc_fffc1614: ; not directly referenced -inc ebx -add dword [ebp - 0xcac], 0x120 -add dword [ebp - 0xccc], 0x240 -add dword [ebp - 0xcc4], 0x24 -add dword [ebp - 0xcb8], 0x24 -cmp ebx, 2 -je loc_fffc16f0 ; je 0xfffc16f0 - -loc_fffc1640: ; not directly referenced -mov eax, dword [ebp - 0xc88] -bt eax, ebx -jae short loc_fffc1614 ; jae 0xfffc1614 -mov eax, dword [ebp - 0xc7c] -xor edx, edx -mov esi, dword [ebp - 0xccc] -mov al, byte [eax + 0x2488] -mov byte [ebp - 0xce0], al -mov eax, dword [ebp - 0xcac] -mov dword [ebp - 0xca4], eax - -loc_fffc1671: ; not directly referenced -cmp byte [ebp - 0xce0], dl -jbe short loc_fffc1614 ; jbe 0xfffc1614 -mov eax, dword [ebp - 0xcb8] -mov edi, dword [ebp - 0xcd4] -mov ecx, dword [eax + edx*4] -mov eax, dword [ebp - 0xcc4] -imul ecx, dword [ebp + edi*4 - 0xc3c] -mov eax, dword [eax + edx*4] -imul eax, dword [ebp + edi*4 - 0xc58] -add eax, ecx -mov dword [ebp - 0xcf4], eax -xor eax, eax - -loc_fffc16ab: ; not directly referenced -mov edi, dword [esi + eax*2 + 4] -add edi, dword [esi + eax*2] -sub edi, 0x10 -cmp byte [ebp - 0xc98], 0 -jne short loc_fffc16cb ; jne 0xfffc16cb -mov ecx, dword [ebp - 0xca4] -mov dword [ecx + eax], 0 - -loc_fffc16cb: ; not directly referenced -mov ecx, dword [ebp - 0xca4] -imul edi, dword [ebp - 0xcf4] -add dword [ecx + eax], edi -add eax, 4 -cmp eax, 0x20 -jne short loc_fffc16ab ; jne 0xfffc16ab -inc edx -add esi, 0x40 -add dword [ebp - 0xca4], 0x20 -jmp short loc_fffc1671 ; jmp 0xfffc1671 - -loc_fffc16f0: ; not directly referenced -mov bl, byte [ebp - 0xc98] -mov al, 7 -cmp byte [ebp - 0xc99], 0 -cmove ebx, eax -mov byte [ebp - 0xc98], bl -inc byte [ebp - 0xc98] -cmp byte [ebp - 0xc98], 6 -jbe loc_fffc14a7 ; jbe 0xfffc14a7 -mov eax, dword [ebp - 0xc7c] -xor edi, edi -mov ebx, dword [ebp - 0xcc8] -mov dword [ebp - 0xcac], 0 -add eax, 0x3756 -mov dword [ebp - 0xcb8], eax -imul eax, dword [ebp - 0xc80], 0xd8 -mov dword [ebp - 0xcc4], ebx -add eax, 0x282 -mov dword [ebp - 0xcf4], eax - -loc_fffc1759: ; not directly referenced -mov eax, dword [ebp - 0xc88] -bt eax, edi -jae loc_fffc18f5 ; jae 0xfffc18f5 -mov eax, dword [ebp - 0xc7c] -mov edx, edi -mov ecx, 0xffff0001 -shl edx, 0xa -add edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c -lea eax, [edi + edi*8] -mov byte [ebp - 0xc98], 0 -mov dword [ebp - 0xce0], eax +push 3 -loc_fffc1793: ; not directly referenced -mov eax, dword [ebp - 0xc7c] -movzx eax, byte [eax + 0x2488] -cmp byte [ebp - 0xc98], al -jae loc_fffc18df ; jae 0xfffc18df -movzx eax, byte [ebp - 0xc98] -mov edx, dword [ebp - 0xcdc] -mov ebx, dword [ebp - 0xcd8] -mov dword [ebp - 0xca4], 0 -mov esi, eax -mov dword [ebp - 0xccc], eax -mov eax, dword [ebp - 0xce0] -add eax, esi -imul ebx, dword [ebp + eax*4 - 0xba0] -imul edx, dword [ebp + eax*4 - 0xb58] -mov eax, 1 -add edx, ebx -cmovne eax, edx -xor ecx, ecx -mov ebx, eax -add ebx, eax -mov dword [ebp - 0xcd4], ebx -imul ebx, esi, 0x18 -add esi, dword [ebp - 0xcac] -add ebx, dword [ebp - 0xcf4] -add ebx, dword [ebp - 0xcb8] -mov dword [ebp - 0xcc8], eax -shl esi, 5 -lea eax, [ebp - 0xac8] -add esi, eax +loc_fffc0c08: ; not directly referenced +mov ecx, dword [ebp - 0x104] +mov eax, edi +mov edx, dword [ebp - 0xfc] +call fcn_fffa96cb ; call 0xfffa96cb +add esp, 0x10 +jmp near loc_fffc0cbe ; jmp 0xfffc0cbe -loc_fffc1825: ; not directly referenced -mov edx, dword [esi + ecx] +loc_fffc0c23: ; not directly referenced +mov edx, dword [esi + ebx*4] +mov dword [ebp - 0x140], ecx mov eax, edx sar eax, 0x1f or eax, 1 movsx eax, al -imul eax, dword [ebp - 0xcc8] +imul eax, dword [ebp - 0x138] add eax, edx cdq -idiv dword [ebp - 0xcd4] -cmp byte [ebp - 0xc9a], 1 -jne short loc_fffc1851 ; jne 0xfffc1851 -movzx edx, byte [ebx] -jmp short loc_fffc1858 ; jmp 0xfffc1858 - -loc_fffc1851: ; not directly referenced -movzx edx, byte [ebx + 0x360] - -loc_fffc1858: ; not directly referenced -add eax, edx -cmp eax, 0xf -jle short loc_fffc1868 ; jle 0xfffc1868 -mov dword [esi + ecx], 0xf -jmp short loc_fffc1875 ; jmp 0xfffc1875 - -loc_fffc1868: ; not directly referenced -test eax, eax -mov edx, 0 -cmovs eax, edx -mov dword [esi + ecx], eax - -loc_fffc1875: ; not directly referenced -cmp byte [ebp - 0xc9a], 1 -mov eax, dword [esi + ecx] -jne short loc_fffc1885 ; jne 0xfffc1885 -mov byte [ebx], al -jmp short loc_fffc188b ; jmp 0xfffc188b - -loc_fffc1885: ; not directly referenced -mov byte [ebx + 0x360], al - -loc_fffc188b: ; not directly referenced -mov eax, dword [esi + ecx] -add ebx, 3 -shl eax, cl -add ecx, 4 -or dword [ebp - 0xca4], eax -cmp ecx, 0x20 -jne short loc_fffc1825 ; jne 0xfffc1825 +idiv dword [ebp - 0x13c] +mov dword [esi + ebx*4], eax +push 2 push 0 +push 1 push 0 +push ecx +push dword [ebp - 0x100] +push dword [ebp - 0xfc] push 0 push 0 -push dword [ebp - 0xccc] -push dword [ebp - 0xc80] +push eax +push 5 push edi -push 0 -push 0 -push dword [ebp - 0xca4] -push dword [ebp - 0xcd0] -push dword [ebp - 0xc7c] -call fcn_fffcc900 ; call 0xfffcc900 +call fcn_fffcd268 ; call 0xfffcd268 +mov al, byte [edi + 0x2489] add esp, 0x30 -inc byte [ebp - 0xc98] -jmp near loc_fffc1793 ; jmp 0xfffc1793 +mov byte [ebp - 0x141], al +xor eax, eax -loc_fffc18df: ; not directly referenced -push edx +loc_fffc0c7d: ; not directly referenced +cmp byte [ebp - 0x141], al +jbe short loc_fffc0caf ; jbe 0xfffc0caf +mov edx, dword [ebp - 0x140] +bt edx, eax +jae short loc_fffc0cac ; jae 0xfffc0cac +mov edx, dword [ebp - 0x128] +imul ecx, dword [esi + ebx*4], 0xa +add dword [edx + eax*8 + 0x2911], ecx +imul ecx, dword [esi + ebx*4], 0xfffffff6 +add dword [edx + eax*8 + 0x2915], ecx + +loc_fffc0cac: ; not directly referenced +inc eax +jmp short loc_fffc0c7d ; jmp 0xfffc0c7d + +loc_fffc0caf: ; not directly referenced +inc ebx +cmp ebx, 8 +jne loc_fffc0be9 ; jne 0xfffc0be9 +jmp near loc_fffc0bf8 ; jmp 0xfffc0bf8 + +loc_fffc0cbe: ; not directly referenced +inc dword [ebp - 0x100] +add esi, 0x20 +add dword [ebp - 0x108], 0x18 +add dword [ebp - 0x128], 0x90 +cmp dword [ebp - 0x100], 2 +jne loc_fffc0b30 ; jne 0xfffc0b30 +push ecx push 0 +movzx eax, byte [edi + 0x2489] push eax -mov eax, dword [ebp - 0xc84] -push dword [ebp - 0xcc4] +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x130] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc18f5: ; not directly referenced -inc edi -add dword [ebp - 0xcc4], 0xcc -add dword [ebp - 0xcac], 9 -add dword [ebp - 0xcb8], 0x13c3 -cmp edi, 2 -jne loc_fffc1759 ; jne 0xfffc1759 -cmp dword [ebp - 0xcb0], 0 -je short loc_fffc1938 ; je 0xfffc1938 -mov eax, dword [ebp - 0xc7c] -mov ecx, 0xffff3001 -mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffc1938: ; not directly referenced -cmp dword [ebp - 0xca8], 0 -je short loc_fffc1956 ; je 0xfffc1956 -mov eax, dword [ebp - 0xc7c] -mov ecx, 0xffff3001 -mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffc1956: ; not directly referenced -cmp dword [ebp - 0xcb0], 0 -je short loc_fffc1974 ; je 0xfffc1974 -mov eax, dword [ebp - 0xc7c] -mov ecx, 0xffff0001 -mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffc1974: ; not directly referenced -cmp dword [ebp - 0xca8], 0 -je loc_fffc0cba ; je 0xfffc0cba -mov eax, dword [ebp - 0xc7c] -mov ecx, 0xffff0001 -mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc0cba ; jmp 0xfffc0cba - -loc_fffc199b: ; not directly referenced -mov eax, 2 -jmp short loc_fffc19a7 ; jmp 0xfffc19a7 - -loc_fffc19a2: ; not directly referenced -mov eax, 1 - -loc_fffc19a7: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffc19af: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x1040 -mov edi, dword [eax + 0x5edc] -mov dword [ebp - 0x101c], edx -mov dl, byte [ebp + 0x10] -mov dword [ebp - 0xffc], eax -mov esi, dword [ebp + 8] -mov dword [ebp - 0x1000], ecx -mov ebx, dword [ebp + 0xc] -mov byte [ebp - 0xff7], 0 -mov byte [ebp - 0x1008], dl -mov edx, dword [eax + 0x2443] -mov eax, dword [eax + 0x188b] -push 0 -push 0x10 -mov dword [ebp - 0x102c], eax -lea eax, [ebp - 0xfe8] -push eax -mov dword [ebp - 0x1038], esi -mov byte [ebp - 0xff6], 0xf8 -mov byte [ebp - 0xff5], 8 -mov byte [ebp - 0xff4], 1 -mov byte [ebp - 0xff3], 1 -mov byte [ebp - 0xff2], 1 -mov dword [ebp - 0x1010], edx -call dword [edx + 0x5c] ; ucall -mov ecx, dword [ebp - 0x1000] -add esp, 0x10 -xor eax, eax +loc_fffc0d02: ; not directly referenced +inc dword [ebp - 0xfc] +add dword [ebp - 0x130], 0xcc +add dword [ebp - 0x114], 0x13c3 +add dword [ebp - 0x124], 0x40 +add dword [ebp - 0x120], 0x48 +add dword [ebp - 0x11c], 8 +cmp dword [ebp - 0xfc], 2 +jne loc_fffc0ae7 ; jne 0xfffc0ae7 +jmp near loc_fffc1272 ; jmp 0xfffc1272 -loc_fffc1a43: ; not directly referenced -mov byte [ebp + eax - 0xff1], al -inc eax -cmp eax, 9 -jne short loc_fffc1a43 ; jne 0xfffc1a43 -mov eax, dword [ebp - 0xffc] +loc_fffc0d43: ; not directly referenced +mov ecx, 1 +mov edx, 5 +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 +xor ecx, ecx +mov edx, 5 +mov word [ebp - 0x118], ax +mov eax, edi +call fcn_fffaab72 ; call 0xfffaab72 +mov word [ebp - 0x11c], ax +mov al, byte [ebx + 0x15] +shr al, 6 +movzx edx, al +movzx eax, byte [ebx + 0x16] +and eax, 0x1f +shl eax, 2 +or eax, edx +mov esi, eax +mov dl, al +or edx, 0xffffff80 +shr esi, 6 +cmove edx, eax +mov byte [ebp - 0xeb], dl +mov cl, byte [ebx + 0x14] +movsx dx, dl +movzx eax, byte [ebx + 0x15] +lea edx, [edx + edx*4] +shr cl, 7 +and eax, 0x3f +movzx ecx, cl +add eax, eax +or eax, ecx +mov esi, eax +mov cl, al +or ecx, 0xffffff80 +shr esi, 6 +cmove ecx, eax +add edx, edx +mov byte [ebp - 0xea], cl +movsx cx, cl sub esp, 0xc -movzx edx, cl -push 2 -mov ecx, 0xf -call fcn_fffb26ca ; call 0xfffb26ca -add esp, 0x10 -xor eax, eax -mov byte [ebp - 0x1004], 0 -mov dl, 3 - -loc_fffc1a76: ; not directly referenced -movzx ecx, al -mov cl, byte [ebp + ecx - 0xff4] -add byte [ebp - 0x1004], cl -cmp byte [ebp - 0x1008], 0 -cmove eax, edx -inc eax -cmp al, 2 -jbe short loc_fffc1a76 ; jbe 0xfffc1a76 -mov esi, dword [ebp - 0x1004] -mov eax, esi -test al, al -mov al, 1 -cmove esi, eax -dec bl -mov eax, esi -mov byte [ebp - 0x1004], al -jne short loc_fffc1ad7 ; jne 0xfffc1ad7 -push 1 -push 0 -push 1 -push 0 -push 0 -push 0 -push 0 -push 1 +mov word [ebp - 0xe8], dx +movzx edx, byte [edi + 0x248f] +lea ecx, [ecx + ecx*4] +add ecx, ecx +mov eax, edi +mov word [ebp - 0xe6], cx +mov ecx, 0x11 push 0 -push 0x88888888 -push 0xa -push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 - -loc_fffc1ad7: ; not directly referenced -mov eax, dword [ebp - 0xffc] +call fcn_fffae9e2 ; call 0xfffae9e2 +mov al, byte [ebp - 0xed] +lea esi, [edi + 0x3757] +add esp, 0x10 +mov byte [ebp - 0xfc], 0 +mov byte [ebp - 0x10c], al +mov al, byte [ebp - 0xee] +add byte [ebp - 0x10c], al +mov al, byte [ebp - 0xec] +add byte [ebp - 0x10c], al +lea eax, [ebx + 0x70] xor ebx, ebx -mov byte [ebp - 0x1000], 0 -lea esi, [eax + 0x381a] -lea eax, [edi + 0x70] -mov dword [ebp - 0x1028], eax -mov edi, eax +mov dword [ebp - 0x128], eax +mov dword [ebp - 0x104], eax -loc_fffc1af7: ; not directly referenced -movzx ecx, byte [esi] +loc_fffc0e3c: ; not directly referenced +cmp dword [esi], 2 +jne short loc_fffc0e74 ; jne 0xfffc0e74 +movzx ecx, byte [esi + 0xc4] mov edx, ebx -mov eax, dword [ebp - 0xffc] -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x1000], al -cmp dword [esi - 0xc4], 2 -jne short loc_fffc1b34 ; jne 0xfffc1b34 -mov eax, dword [ebp - 0xffc] -push ecx +mov eax, edi +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0xfc], al +push edx push 0 -movzx eax, byte [eax + 0x2488] +movzx eax, byte [edi + 0x2489] push eax -mov eax, dword [ebp - 0x1010] -push edi +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x104] call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc1b34: ; not directly referenced +loc_fffc0e74: ; not directly referenced inc ebx add esi, 0x13c3 -add edi, 0xcc +add dword [ebp - 0x104], 0xcc cmp ebx, 2 -jne short loc_fffc1af7 ; jne 0xfffc1af7 -mov eax, dword [ebp - 0xffc] -mov ecx, 1 -push edx -push edx -push 0xf -lea edi, [eax + 0x2490] -push 0 -mov edx, edi -mov dword [ebp - 0x1014], edi -call fcn_fffa7e6c ; call 0xfffa7e6c -movzx eax, byte [ebp - 0x1000] -lea ecx, [ebp - 0xfd8] -mov esi, dword [ebp - 0x101c] -add esp, 0x10 -mov dword [ebp - 0x100c], 0 -mov dword [ebp - 0x1000], eax - -loc_fffc1b90: ; not directly referenced -mov eax, dword [ebp - 0x1000] -mov edi, dword [ebp - 0x100c] -bt eax, edi -jae short loc_fffc1bf5 ; jae 0xfffc1bf5 -mov eax, dword [ebp - 0xffc] -xor edi, edi -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x1018], al -jmp short loc_fffc1beb ; jmp 0xfffc1beb +jne short loc_fffc0e3c ; jne 0xfffc0e3c +lea eax, [edi + 0x2491] +mov ecx, 2 +mov dword [ebp - 0x114], eax +mov edx, eax +mov eax, edi +call fcn_fffa668b ; call 0xfffa668b +movzx eax, byte [ebp - 0xfc] +lea ebx, [edi + 0x2b51] +xor ecx, ecx +mov dword [ebp - 0xfc], eax -loc_fffc1bb7: ; not directly referenced -cmp byte [ebp - 0x1008], 0 -je short loc_fffc1c2d ; je 0xfffc1c2d -mov eax, dword [esi + edi*8 + 0x244] -mov ebx, 0x14 +loc_fffc0eb9: ; not directly referenced +mov eax, dword [ebp - 0xfc] +mov dword [ebp + ecx*4 - 0xdc], 0 +bt eax, ecx +jae short loc_fffc0ef1 ; jae 0xfffc0ef1 +mov eax, dword [ebx + 4] +mov esi, 0x14 xor edx, edx -add eax, dword [esi + edi*8 + 0x240] -div ebx -mov dword [ecx + edi*4], eax - -loc_fffc1bda: ; not directly referenced -mov eax, dword [ecx + edi*4] -dec eax -cmp eax, 0xb -jbe short loc_fffc1bea ; jbe 0xfffc1bea -mov dword [ecx + edi*4], 0xc - -loc_fffc1bea: ; not directly referenced -inc edi +add eax, dword [ebx] +div esi +mov si, 0xc +lea edx, [eax - 1] +cmp edx, 0xb +cmovbe esi, eax +mov dword [ebp + ecx*4 - 0xdc], esi -loc_fffc1beb: ; not directly referenced +loc_fffc0ef1: ; not directly referenced +inc ecx +add ebx, 0x48 +cmp ecx, 2 +jne short loc_fffc0eb9 ; jne 0xfffc0eb9 +mov edx, dword [ebp - 0x114] +mov cl, 5 mov eax, edi -cmp byte [ebp - 0x1018], al -ja short loc_fffc1bb7 ; ja 0xfffc1bb7 - -loc_fffc1bf5: ; not directly referenced -inc dword [ebp - 0x100c] -add ecx, 0x24 -add esi, 0x48 -cmp dword [ebp - 0x100c], 2 -jne short loc_fffc1b90 ; jne 0xfffc1b90 -push eax -mov edx, dword [ebp - 0x1014] -mov ecx, 4 -push eax -mov eax, dword [ebp - 0xffc] -xor edi, edi -push 0xf -push 0 -call fcn_fffa7e6c ; call 0xfffa7e6c -add esp, 0x10 -jmp short loc_fffc1c36 ; jmp 0xfffc1c36 - -loc_fffc1c2d: ; not directly referenced -mov dword [ecx + edi*4], 1 -jmp short loc_fffc1bda ; jmp 0xfffc1bda +call fcn_fffa668b ; call 0xfffa668b +mov dword [ebp - 0xd4], 0 +mov dword [ebp - 0xb8], 0x7fffffff +mov dword [ebp - 0xa8], 0x7fffffff +mov dword [ebp - 0xd0], 0 +mov dword [ebp - 0xb4], 0x7fffffff +mov dword [ebp - 0xa4], 0x7fffffff +mov dword [ebp - 0x104], 0 -loc_fffc1c36: ; not directly referenced -mov eax, edi -xor ebx, ebx -movzx esi, al +loc_fffc0f4f: ; not directly referenced +xor esi, esi -loc_fffc1c3d: ; not directly referenced -mov eax, dword [ebp - 0x1000] -bt eax, ebx -jae short loc_fffc1c55 ; jae 0xfffc1c55 -lea eax, [ebx + ebx*8] -xor ecx, ecx -mov dword [ebp - 0x100c], eax -jmp short loc_fffc1cc1 ; jmp 0xfffc1cc1 +loc_fffc0f51: ; not directly referenced +mov eax, dword [ebp - 0xfc] +bt eax, esi +jb short loc_fffc0f95 ; jb 0xfffc0f95 -loc_fffc1c55: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffc1c3d ; jne 0xfffc1c3d +loc_fffc0f5c: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffc0f51 ; jne 0xfffc0f51 push eax -mov ecx, dword [ebp - 0x1000] +mov edx, dword [ebp - 0x114] push eax -mov edx, dword [ebp - 0x1014] -lea eax, [ebp - 0xfe8] +mov ecx, dword [ebp - 0xfc] +push 0 +lea eax, [ebp - 0xc8] push eax +mov eax, edi push 0x36 -lea eax, [ebp - 0xff1] -push eax -mov eax, dword [ebp - 0xffc] -push 4 -push 0xff +push 1 +push 5 push 0 -call fcn_fffd13ed ; call 0xfffd13ed -mov eax, edi -mov ebx, dword [ebp - 0x101c] -movzx eax, al +call fcn_fffc66ae ; call 0xfffc66ae +lea edx, [edi + 0x2915] add esp, 0x20 -imul ecx, eax, 0x90 -lea edx, [ebp - 0xf90] -mov dword [ebp - 0x100c], ebx +xor eax, eax +jmp short loc_fffc0ff3 ; jmp 0xfffc0ff3 + +loc_fffc0f95: ; not directly referenced +mov eax, dword [ebp - 0x104] +mov ecx, 0xc xor ebx, ebx -mov dword [ebp - 0x1034], eax -lea esi, [ebp + ecx - 0xf48] -jmp near loc_fffc1d55 ; jmp 0xfffc1d55 +movsx eax, byte [ebp + eax - 0xf1] +imul eax, dword [ebp + esi*4 - 0xdc] +cdq +idiv ecx +mov dword [ebp - 0x120], eax -loc_fffc1cc1: ; not directly referenced -mov eax, dword [ebp - 0xffc] -cmp cl, byte [eax + 0x2488] -jae short loc_fffc1c55 ; jae 0xfffc1c55 -push 2 -mov edx, dword [ebp - 0x100c] -movzx eax, cl +loc_fffc0fbb: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffc0f5c ; jae 0xfffc0f5c +push 1 +movzx eax, bl push 0 +inc ebx push 1 push 0 push eax -add edx, eax -movsx eax, byte [ebp + esi - 0xff7] -imul eax, dword [ebp + edx*4 - 0xfd8] -mov dword [ebp - 0x1018], ecx -mov ecx, 0xc push 0 -push ebx -cdq -idiv ecx +push esi push 0 push 0 -push eax -push 1 -push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 -mov ecx, dword [ebp - 0x1018] +push dword [ebp - 0x120] +push 2 +push edi +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -inc ecx -jmp short loc_fffc1cc1 ; jmp 0xfffc1cc1 - -loc_fffc1d22: ; not directly referenced -mov eax, dword [ebp - 0xffc] -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x1030], al -xor eax, eax - -loc_fffc1d36: ; not directly referenced -cmp byte [ebp - 0x1030], al -ja short loc_fffc1d62 ; ja 0xfffc1d62 - -loc_fffc1d3e: ; not directly referenced -inc ebx -add edx, 0x24 -add esi, 0x48 -add dword [ebp - 0x100c], 0x48 -cmp ebx, 2 -je loc_fffc1ddb ; je 0xfffc1ddb +jmp short loc_fffc0fbb ; jmp 0xfffc0fbb -loc_fffc1d55: ; not directly referenced -mov eax, dword [ebp - 0x1000] -bt eax, ebx -jb short loc_fffc1d22 ; jb 0xfffc1d22 -jmp short loc_fffc1d3e ; jmp 0xfffc1d3e +loc_fffc0fea: ; not directly referenced +inc eax +add edx, 0x48 +cmp eax, 2 +je short loc_fffc1045 ; je 0xfffc1045 -loc_fffc1d62: ; not directly referenced -mov dword [ebp - 0x103c], edx -mov edx, dword [ebp - 0x100c] -mov ecx, dword [edx + eax*8 + 4] -mov edx, dword [edx + eax*8] -mov dword [ebp - 0x1018], ecx -sub ecx, edx -mov dword [ebp - 0x1024], ecx -mov ecx, edi -test cl, cl -mov dword [ebp - 0x1020], edx -mov edx, dword [ebp - 0x103c] -jne short loc_fffc1d9c ; jne 0xfffc1d9c -mov dword [edx + eax*4], 0 +loc_fffc0ff3: ; not directly referenced +mov esi, dword [ebp - 0xfc] +bt esi, eax +jae short loc_fffc0fea ; jae 0xfffc0fea +mov ebx, dword [ebp - 0x104] +mov ecx, dword [edx - 4] +mov esi, dword [edx] +movzx ebx, byte [ebp + ebx - 0xee] +sub esi, ecx +imul ebx, esi +add dword [ebp + eax*4 - 0xd4], ebx +mov ebx, dword [ebp + eax*4 - 0xb8] +cmp ecx, ebx +cmovg ecx, ebx +mov dword [ebp + eax*4 - 0xb8], ecx +mov ecx, dword [ebp + eax*4 - 0xa8] +cmp dword [edx], ecx +cmovle ecx, dword [edx] +mov dword [ebp + eax*4 - 0xa8], ecx +jmp short loc_fffc0fea ; jmp 0xfffc0fea -loc_fffc1d9c: ; not directly referenced -mov dword [ebp - 0x103c], eax -mov eax, dword [ebp - 0x1034] -movzx eax, byte [ebp + eax - 0xff4] -imul eax, dword [ebp - 0x1024] -mov ecx, eax -mov eax, dword [ebp - 0x103c] -add dword [edx + eax*4], ecx -mov ecx, dword [ebp - 0x1020] -mov dword [esi + eax*8], ecx -mov ecx, dword [ebp - 0x1018] -mov dword [esi + eax*8 + 4], ecx -inc eax -jmp near loc_fffc1d36 ; jmp 0xfffc1d36 +loc_fffc1045: ; not directly referenced +inc dword [ebp - 0x104] +cmp dword [ebp - 0x104], 3 +jne loc_fffc0f4f ; jne 0xfffc0f4f +xor eax, eax +xor ebx, ebx -loc_fffc1ddb: ; not directly referenced -cmp byte [ebp - 0x1008], 0 -mov al, 3 -cmove edi, eax -inc edi -mov eax, edi -cmp al, 2 -jbe loc_fffc1c36 ; jbe 0xfffc1c36 -movsx eax, byte [ebp - 0x1004] -mov dword [ebp - 0x1004], 0 -mov dword [ebp - 0x1018], eax +loc_fffc105c: ; not directly referenced +movsx ecx, word [ebp + eax - 0xe8] +mov edx, dword [ebp + eax*2 - 0xb8] +sub edx, ecx +cmovs edx, ebx +add ecx, dword [ebp + eax*2 - 0xa8] +mov dword [ebp + eax*2 - 0xb8], edx +cmovs ecx, ebx +cmp ecx, edx +cmovle edx, ecx +mov dword [ebp + eax*2 - 0xa8], ecx +mov dword [ebp + eax*2 - 0x98], edx +add eax, 2 +cmp eax, 4 +jne short loc_fffc105c ; jne 0xfffc105c +movsx eax, byte [ebp - 0x10c] +xor ebx, ebx +movzx edx, word [ebp - 0x118] +imul esi, eax, 0xa imul eax, eax, 0x14 -mov dword [ebp - 0x1030], eax -mov eax, dword [ebp - 0xffc] -add eax, 0x3756 -mov dword [ebp - 0x1034], eax -mov dword [ebp - 0x1014], eax -mov eax, dword [ebp - 0x1028] -mov dword [ebp - 0x1024], eax +mov dword [ebp - 0x120], esi +mov dword [ebp - 0x124], eax +movzx eax, word [ebp - 0x11c] +add eax, edx +mov dword [ebp - 0x10c], eax +lea eax, [edi + 0x2911] +mov dword [ebp - 0x114], eax +mov eax, dword [ebp - 0x128] +sar dword [ebp - 0x10c], 2 +mov dword [ebp - 0x104], eax -loc_fffc1e35: ; not directly referenced -mov eax, dword [ebp - 0x1000] -mov ebx, dword [ebp - 0x1004] +loc_fffc10ec: ; not directly referenced +mov eax, dword [ebp - 0xfc] bt eax, ebx -jae loc_fffc1f9d ; jae 0xfffc1f9d -lea eax, [ebx + ebx*8] -mov byte [ebp - 0x100c], 0 -mov dword [ebp - 0x1020], eax - -loc_fffc1e5a: ; not directly referenced -mov eax, dword [ebp - 0xffc] -movzx eax, byte [eax + 0x2488] -cmp byte [ebp - 0x100c], al -jae loc_fffc1f62 ; jae 0xfffc1f62 -movzx ebx, byte [ebp - 0x100c] -mov eax, dword [ebp - 0x1020] -lea ecx, [eax + ebx] -mov eax, dword [ebp + ecx*4 - 0xf90] -cdq -or edx, 1 -movsx edi, dl -imul edi, dword [ebp - 0x1018] -imul esi, edi, 0xa -mov edi, dword [ebp - 0x1014] -add eax, esi -cdq -idiv dword [ebp - 0x1030] -mov dword [ebp + ecx*4 - 0xf90], eax +jae loc_fffc1257 ; jae 0xfffc1257 +mov edx, dword [ebp + ebx*4 - 0xd4] +mov eax, edx +sar eax, 0x1f +or eax, 1 +movsx eax, al +imul eax, dword [ebp - 0x120] +add eax, edx cdq -mov ecx, 2 -mov esi, eax -idiv ecx -add byte [edi + ebx + 0x101d], al -xor edi, edi +idiv dword [ebp - 0x124] +cmp dword [ebp - 0x108], 0x306d0 +sete dl +cmp dword [ebp - 0x100], 3 +mov dword [ebp + ebx*4 - 0xd4], eax +seta al +test al, dl +jne short loc_fffc115a ; jne 0xfffc115a +cmp dword [ebp - 0x100], 0 +setne cl +cmp dword [ebp - 0x108], 0x40670 +sete al +test cl, al +je short loc_fffc1185 ; je 0xfffc1185 -loc_fffc1ec4: ; not directly referenced -mov edx, dword [ebp - 0x1014] -mov eax, 1 -mov ecx, edi -shl eax, cl -test byte [edx + 0xc4], al -je short loc_fffc1efa ; je 0xfffc1efa -mov edx, dword [ebp - 0x1004] -mov ecx, edi -push eax -mov eax, dword [ebp - 0xffc] -push 0 -push 0xff -push ebx -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 +loc_fffc115a: ; not directly referenced +mov eax, dword [ebp - 0x10c] +cmp dword [ebp + ebx*4 - 0x98], eax +jbe short loc_fffc1185 ; jbe 0xfffc1185 +movsx eax, byte [ebp + ebx - 0xeb] +mov dword [ebp + ebx*4 - 0xe4], 0 +neg eax +mov dword [ebp + ebx*4 - 0xd4], eax -loc_fffc1efa: ; not directly referenced -inc edi -cmp edi, 4 -jne short loc_fffc1ec4 ; jne 0xfffc1ec4 -imul edi, esi, 0xa -xor ecx, ecx -imul esi, esi, 0xfffffff6 -mov dl, 3 +loc_fffc1185: ; not directly referenced +mov eax, dword [ebp + ebx*4 - 0xe4] +mov esi, dword [ebp - 0x104] +mov byte [edi + ebx + 0x369e], al +cmp byte [esi + 0x61], 0 +jle short loc_fffc11fc ; jle 0xfffc11fc +cmp dword [ebp - 0x100], 3 +sete cl +test cl, dl +jne short loc_fffc11d2 ; jne 0xfffc11d2 +cmp dword [ebp - 0x100], 0 +sete cl +cmp dword [ebp - 0x108], 0x40670 +sete byte [ebp - 0x118] +xor edx, edx +test byte [ebp - 0x118], cl +je short loc_fffc11db ; je 0xfffc11db -loc_fffc1f0a: ; not directly referenced -movzx eax, cl -imul eax, eax, 0x12 -add eax, dword [ebp - 0x1020] -add eax, ebx -add dword [ebp + eax*8 - 0xf48], edi -add dword [ebp + eax*8 - 0xf44], esi -cmp byte [ebp - 0x1008], 0 -cmove ecx, edx -inc ecx -cmp cl, 2 -jbe short loc_fffc1f0a ; jbe 0xfffc1f0a -add ebx, dword [ebp - 0x1020] -mov edi, dword [ebp - 0x101c] -inc byte [ebp - 0x100c] -mov eax, dword [ebp + ebx*8 - 0xf48] -mov dword [edi + ebx*8], eax -mov eax, dword [ebp + ebx*8 - 0xf44] -mov dword [edi + ebx*8 + 4], eax -jmp near loc_fffc1e5a ; jmp 0xfffc1e5a +loc_fffc11d2: ; not directly referenced +mov esi, dword [ebp - 0x104] +mov dl, byte [esi + 0x73] -loc_fffc1f62: ; not directly referenced -push ebx -push 0 +loc_fffc11db: ; not directly referenced +sub dl, byte [ebp + ebx - 0xeb] +add edx, 3 +movsx esi, dl +cmp dword [ebp + ebx*4 - 0xd4], esi +jle short loc_fffc11fc ; jle 0xfffc11fc +test eax, eax +je short loc_fffc11fc ; je 0xfffc11fc +mov dword [ebp + ebx*4 - 0xd4], esi + +loc_fffc11fc: ; not directly referenced +mov eax, dword [ebp - 0xfc] +lea ecx, [ebx + 1] +push 2 +mov esi, dword [ebp + ebx*4 - 0xd4] +sar eax, cl push eax -mov eax, dword [ebp - 0x1010] -push dword [ebp - 0x1024] -call dword [eax + 0x64] ; ucall -mov edx, dword [ebp - 0x1004] -mov ecx, 1 -mov dword [esp], 0 -mov eax, dword [ebp - 0xffc] push 1 push 0 -push 2 +push 7 push 0 -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 - -loc_fffc1f9d: ; not directly referenced -inc dword [ebp - 0x1004] -add dword [ebp - 0x1024], 0xcc -add dword [ebp - 0x1014], 0x13c3 -cmp dword [ebp - 0x1004], 2 -jne loc_fffc1e35 ; jne 0xfffc1e35 -cmp dword [ebp - 0x102c], 1 -sete dl -cmp byte [ebp - 0x1038], 0 -setne cl -mov al, cl -and eax, edx -xor eax, 1 -test al, cl -je loc_fffc23fc ; je 0xfffc23fc -cmp dl, 1 -sbb eax, eax -mov dword [ebp - 0x100c], eax -and byte [ebp - 0x100c], 0xfd -add byte [ebp - 0x100c], 4 -test byte [ebp - 0x1000], 1 -je short loc_fffc201e ; je 0xfffc201e -mov eax, dword [ebp - 0xffc] -mov ecx, 0xffff3001 -mov edx, 0x4098 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffc201e: ; not directly referenced -test byte [ebp - 0x1000], 2 -je short loc_fffc203c ; je 0xfffc203c -mov eax, dword [ebp - 0xffc] -mov ecx, 0xffff3001 -mov edx, 0x4498 -call fcn_fffae58c ; call 0xfffae58c - -loc_fffc203c: ; not directly referenced -mov byte [ebp - 0x1004], 0 - -loc_fffc2043: ; not directly referenced -movzx edi, byte [ebp - 0x1004] -xor ebx, ebx - -loc_fffc204c: ; not directly referenced -mov eax, dword [ebp - 0x1000] -bt eax, ebx -jb short loc_fffc208d ; jb 0xfffc208d +push ebx +push 0 +push 0 +push esi +push 5 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov ecx, dword [ebp - 0x114] +imul eax, esi, 0xa +imul esi, esi, 0xfffffff6 +add esp, 0x2c +add dword [ecx], eax +add dword [ecx + 4], esi +push 0 +movzx eax, byte [edi + 0x2489] +push eax +mov eax, dword [ebp - 0x110] +push dword [ebp - 0x104] +call dword [eax + 0x64] ; ucall +add esp, 0x10 -loc_fffc2057: ; not directly referenced +loc_fffc1257: ; not directly referenced inc ebx +add dword [ebp - 0x114], 0x48 +add dword [ebp - 0x104], 0xcc cmp ebx, 2 -jne short loc_fffc204c ; jne 0xfffc204c -movzx eax, byte [ebp - 0x1004] -lea ebx, [ebp - 0xf48] -mov dword [ebp - 0x1014], 0 -mov dword [ebp - 0x1030], eax -imul eax, eax, 0x90 -add eax, ebx -mov dword [ebp - 0x1038], eax -jmp near loc_fffc215d ; jmp 0xfffc215d - -loc_fffc208d: ; not directly referenced -lea eax, [ebx + ebx*8] -xor ecx, ecx -mov dword [ebp - 0x1014], eax -mov dword [ebp - 0x101c], eax +jne loc_fffc10ec ; jne 0xfffc10ec -loc_fffc209e: ; not directly referenced -mov eax, dword [ebp - 0xffc] -cmp cl, byte [eax + 0x2488] -jae short loc_fffc2057 ; jae 0xfffc2057 -mov eax, dword [ebp - 0x101c] -movzx esi, cl -mov dword [ebp - 0x1020], ecx -mov ecx, 0xc -push 1 +loc_fffc1272: ; not directly referenced +push 2 push 0 -lea edx, [eax + esi] -movsx eax, byte [ebp + edi - 0xff7] -imul eax, dword [ebp + edx*4 - 0xfd8] push 1 push 0 -push esi -cdq -idiv ecx push 0 -push ebx push 0 push 0 -push eax push 1 -push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 -mov ecx, dword [ebp - 0x1020] -lea eax, [ebp - 0xd98] -add esi, dword [ebp - 0x1014] +push 0 +push 0 +push 2 +push edi +call fcn_fffcd268 ; call 0xfffcd268 add esp, 0x30 -shl esi, 6 -add esi, eax -xor eax, eax - -loc_fffc2110: ; not directly referenced -mov dword [esi + eax + 4], 8 -mov dword [esi + eax], 8 -add eax, 8 -cmp eax, 0x40 -jne short loc_fffc2110 ; jne 0xfffc2110 -inc ecx -jmp near loc_fffc209e ; jmp 0xfffc209e - -loc_fffc212d: ; not directly referenced -mov eax, dword [ebp - 0x1000] -bt eax, edx -jb short loc_fffc219d ; jb 0xfffc219d - -loc_fffc2138: ; not directly referenced -inc edx -add dword [ebp - 0x101c], 0x24 -cmp edx, 2 -jne short loc_fffc212d ; jne 0xfffc212d -inc dword [ebp - 0x1014] -mov al, byte [ebp - 0x1014] -cmp byte [ebp - 0x100c], al -jbe loc_fffc2233 ; jbe 0xfffc2233 +mov byte [edi + 0x247b], 0 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffc215d: ; not directly referenced -mov eax, dword [ebp - 0xffc] -lea esi, [ebp - 0xd98] -mov edx, dword [ebp - 0x1000] -mov byte [eax + 0x248c], 1 -push ecx -push 0xa -push dword [ebp - 0x1038] +fcn_fffc12a0: ; not directly referenced +push ebp +mov ebp, esp +push edi push esi -mov esi, dword [ebp - 0x1014] -mov ecx, esi -call fcn_fffbfaf9 ; call 0xfffbfaf9 -lea eax, [esi + esi*8] -add esp, 0x10 -mov dword [ebp - 0x101c], eax -xor edx, edx -jmp short loc_fffc212d ; jmp 0xfffc212d - -loc_fffc219d: ; not directly referenced -mov eax, dword [ebp - 0xffc] +push ebx +sub esp, 0x230 +mov edi, dword [ebp + 8] +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x1fc], eax +mov eax, dword [edi + 0x2444] +mov esi, eax +mov dword [ebp - 0x21c], eax +mov eax, dword [edi + 0x188b] +push 0 +push 0x10 +mov dword [ebp - 0x220], eax +lea eax, [ebp - 0x1d8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 2 +lea eax, [ebp - 0x1dc] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x1b0 +lea eax, [ebp - 0x1c8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +mov al, byte [edi + 0x2441] xor ecx, ecx -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x102c], al -lea eax, [edx + edx*8] -mov dword [ebp - 0x1020], eax - -loc_fffc21ba: ; not directly referenced -cmp cl, byte [ebp - 0x102c] -je loc_fffc2138 ; je 0xfffc2138 -mov eax, dword [ebp - 0x1030] -movzx ebx, cl -movzx eax, byte [ebp + eax - 0xff4] -mov dword [ebp - 0x1024], eax -mov eax, dword [ebp - 0x1020] -lea edi, [ebx + eax] -add ebx, dword [ebp - 0x101c] -lea eax, [ebp - 0xd98] -shl edi, 6 -add edi, eax -shl ebx, 5 -lea eax, [ebp - 0x918] -add ebx, eax -xor eax, eax - -loc_fffc2204: ; not directly referenced -mov esi, dword [edi + eax*2 + 4] -add esi, dword [edi + eax*2] -sub esi, 0x10 -cmp byte [ebp - 0x1004], 0 -jne short loc_fffc221e ; jne 0xfffc221e -mov dword [ebx + eax], 0 +mov byte [ebp - 0x1d9], 0 +mov byte [ebp - 0x1da], 0 +mov byte [ebp - 0x216], al +mov eax, dword [edi + 0x2481] +mov dword [esp], edi +cmp eax, 3 +sete cl +cmp eax, 2 +mov ebx, ecx +sete byte [ebp - 0x217] +mov dword [ebp - 0x208], ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +cmp ebx, 1 +lea ecx, [edi + 0x2491] +mov dword [ebp - 0x1f8], edi +mov dword [ebp - 0x1f0], 0 +mov dword [ebp - 0x214], ecx +mov dword [ebp - 0x200], eax +sbb eax, eax +and eax, 7 +add eax, 0xa +movzx eax, al +mov dword [ebp - 0x22c], eax -loc_fffc221e: ; not directly referenced -imul esi, dword [ebp - 0x1024] -add dword [ebx + eax], esi -add eax, 4 -cmp eax, 0x20 -jne short loc_fffc2204 ; jne 0xfffc2204 -inc ecx -jmp short loc_fffc21ba ; jmp 0xfffc21ba +loc_fffc1389: ; not directly referenced +mov eax, dword [ebp - 0x1fc] +xor ebx, ebx +mov cl, byte [ebp - 0x1f0] +mov dword [ebp - 0x1ec], 1 +shl dword [ebp - 0x1ec], cl +add eax, 0x70 +mov dword [ebp - 0x204], eax +mov byte [ebp - 0x1f4], 0 -loc_fffc2233: ; not directly referenced -mov bl, byte [ebp - 0x1004] -mov al, 3 -cmp byte [ebp - 0x1008], 0 -cmove ebx, eax -mov byte [ebp - 0x1004], bl -inc byte [ebp - 0x1004] -cmp byte [ebp - 0x1004], 2 -jbe loc_fffc2043 ; jbe 0xfffc2043 -mov edi, dword [ebp - 0x1018] +loc_fffc13b7: ; not directly referenced +mov ecx, dword [ebp - 0x1ec] +mov edx, ebx mov eax, edi -add eax, edi -xor edi, edi -mov dword [ebp - 0x102c], eax -mov eax, dword [ebp - 0x1034] -mov dword [ebp - 0x1008], eax -mov eax, dword [ebp - 0x1028] -mov dword [ebp - 0x1024], eax - -loc_fffc2288: ; not directly referenced -mov eax, dword [ebp - 0x1000] -bt eax, edi -jae loc_fffc23de ; jae 0xfffc23de -imul eax, edi, 0x24 -mov dword [ebp - 0x1004], 0 -mov dword [ebp - 0x1020], eax - -loc_fffc22aa: ; not directly referenced -imul eax, dword [ebp - 0x1004], 0xd8 -mov byte [ebp - 0x1014], 0 -add eax, 0x942 -mov dword [ebp - 0x1030], eax +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x1f4], al +movzx eax, byte [ebp - 0x1f4] +bt eax, ebx +mov esi, eax +jae short loc_fffc13f7 ; jae 0xfffc13f7 +push ecx +push 0 +movzx eax, byte [edi + 0x2489] +push eax +mov eax, dword [ebp - 0x21c] +push dword [ebp - 0x204] +call dword [eax + 0x64] ; ucall +add esp, 0x10 -loc_fffc22c6: ; not directly referenced -mov eax, dword [ebp - 0xffc] -mov bl, byte [ebp - 0x1014] -movzx eax, byte [eax + 0x2488] -cmp bl, al -jae loc_fffc23a9 ; jae 0xfffc23a9 -movzx eax, bl -mov ebx, dword [ebp - 0x1020] -xor ecx, ecx -imul esi, eax, 0x18 -add esi, dword [ebp - 0x1030] -add esi, dword [ebp - 0x1008] -add ebx, eax -shl ebx, 5 -lea edx, [ebp - 0x918] -add ebx, edx -mov dword [ebp - 0x101c], 0 -mov dword [ebp - 0x1028], eax +loc_fffc13f7: ; not directly referenced +inc ebx +add dword [ebp - 0x204], 0xcc +cmp ebx, 2 +jne short loc_fffc13b7 ; jne 0xfffc13b7 +cmp byte [ebp - 0x1f4], 0 +je loc_fffc1932 ; je 0xfffc1932 +sub esp, 0xc +mov ecx, 0x11 +push 0 +mov edx, esi +mov eax, edi +xor bl, bl +call fcn_fffae9e2 ; call 0xfffae9e2 +add esp, 0x10 -loc_fffc2318: ; not directly referenced -mov edx, dword [ebx + ecx] -mov eax, edx -sar eax, 0x1f -or eax, 1 -movsx eax, al -imul eax, dword [ebp - 0x1018] -add eax, edx -cdq -idiv dword [ebp - 0x102c] -movzx edx, byte [esi] -add eax, edx -cmp eax, 0xf -jle short loc_fffc2349 ; jle 0xfffc2349 -mov dword [ebx + ecx], 0xf -jmp short loc_fffc2356 ; jmp 0xfffc2356 +loc_fffc142c: ; not directly referenced +mov dl, bl +cmp bl, 3 +je short loc_fffc1495 ; je 0xfffc1495 +cmp bl, 1 +jne short loc_fffc1441 ; jne 0xfffc1441 +mov byte [edi + 0x248c], 9 +jmp short loc_fffc144d ; jmp 0xfffc144d -loc_fffc2349: ; not directly referenced -test eax, eax -mov edx, 0 -cmovs eax, edx -mov dword [ebx + ecx], eax +loc_fffc1441: ; not directly referenced +cmp bl, 4 +jne short loc_fffc144d ; jne 0xfffc144d +mov byte [edi + 0x248c], 0 -loc_fffc2356: ; not directly referenced -mov eax, dword [ebx + ecx] -add esi, 3 -mov byte [esi - 3], al -shl eax, cl -add ecx, 4 -or dword [ebp - 0x101c], eax -cmp ecx, 0x20 -jne short loc_fffc2318 ; jne 0xfffc2318 -push 2 +loc_fffc144d: ; not directly referenced +lea eax, [edx - 4] +cmp al, 2 +sbb eax, eax +and eax, 0x17 +add eax, 0x1f +cmp dl, 5 +sete dl +test byte [ebp - 0x217], dl +mov dl, 0x25 +lea ecx, [ebp - 0x1d8] +cmovne eax, edx +push edx +movzx eax, al +push edx +mov edx, dword [ebp - 0x214] push 0 +push ecx +mov ecx, esi +push eax +mov eax, edi +push 1 +push ebx +push dword [ebp - 0x1f0] +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x20 + +loc_fffc1495: ; not directly referenced +inc ebx +cmp ebx, 7 +jne short loc_fffc142c ; jne 0xfffc142c +push eax +mov ecx, dword [ebp - 0x22c] +mov edx, esi +push eax +mov eax, edi +push dword [ebp - 0x1ec] push 0 +call fcn_fffaea71 ; call 0xfffaea71 +add esp, 0x10 +cmp dword [ebp - 0x208], 0 +je short loc_fffc14e8 ; je 0xfffc14e8 +push eax +mov ecx, esi push 0 -push dword [ebp - 0x1028] -push dword [ebp - 0x1004] -push edi +xor edx, edx push 0 +push 0x20 push 0 -push dword [ebp - 0x101c] -push 0xa -push dword [ebp - 0xffc] -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -inc byte [ebp - 0x1014] -jmp near loc_fffc22c6 ; jmp 0xfffc22c6 +lea eax, [ebp - 0x1da] +push eax +mov eax, edi +push 0xff +push dword [ebp - 0x1ec] +call fcn_fffcffd1 ; call 0xfffcffd1 +jmp short loc_fffc150b ; jmp 0xfffc150b -loc_fffc23a9: ; not directly referenced -inc dword [ebp - 0x1004] -mov dl, byte [ebp - 0x1004] -add dword [ebp - 0x1020], 9 -cmp byte [ebp - 0x100c], dl -ja loc_fffc22aa ; ja 0xfffc22aa -push edx -push 0 +loc_fffc14e8: ; not directly referenced +push 1 +mov ecx, esi +push 1 +xor edx, edx +lea eax, [ebp - 0x1dc] push eax -mov eax, dword [ebp - 0x1010] -push dword [ebp - 0x1024] -call dword [eax + 0x64] ; ucall -add esp, 0x10 +mov eax, edi +push 1 +push 0x40 +push 0xffffffffffffffc0 +push 3 +push 0xff +call fcn_fffcf65b ; call 0xfffcf65b -loc_fffc23de: ; not directly referenced -inc edi -add dword [ebp - 0x1024], 0xcc -add dword [ebp - 0x1008], 0x13c3 -cmp edi, 2 -jne loc_fffc2288 ; jne 0xfffc2288 +loc_fffc150b: ; not directly referenced +add esp, 0x20 +cmp byte [ebp - 0x216], 0 +sete dl +cmp dword [ebp - 0x220], 1 +sete al +test dl, al +jne loc_fffc15e2 ; jne 0xfffc15e2 -loc_fffc23fc: ; not directly referenced -mov eax, dword [ebp - 0xffc] -mov byte [eax + 0x247a], 0 -push 2 +loc_fffc152a: ; not directly referenced +push edx push 0 -push 1 push 0 +push 3 +push 0xff push 0 push 0 +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c push 0 -push 1 push 0 +push 3 +push 0xff push 0 push 1 -push eax -call fcn_fffcc900 ; call 0xfffcc900 -lea esp, [ebp - 0xc] +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +lea eax, [ebp - 0x1d8] +mov edx, dword [ebp - 0x214] +pop ecx +mov ecx, esi pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffc242d: ; not directly referenced -push ebp -mov ebp, esp -push esi -push ebx -mov ebx, dword [ebp + 8] -push edx -movzx ecx, byte [ebx + 0x248e] -lea esi, [ebx + 0x2490] -mov eax, ebx +mov ebx, dword [ebp - 0x1f0] push 0 -mov edx, esi -push 1 -push 1 -call fcn_fffc19af ; call 0xfffc19af -add esp, 0x10 -test eax, eax -jne short loc_fffc2473 ; jne 0xfffc2473 push eax -movzx ecx, byte [ebx + 0x248e] -mov edx, esi +mov eax, edi +push 0x36 push 1 -mov eax, ebx -push 0 -push 0 -call fcn_fffc19af ; call 0xfffc19af +push 0xd +push ebx +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +lea edx, [ebp - 0x1c8] +mov dword [ebp - 0x200], eax +mov eax, edi +call fcn_fffb7100 ; call 0xfffb7100 +imul eax, ebx, 0xd8 +mov edx, ebx +add edx, ebx add esp, 0x10 +lea ecx, [edi + ebx*4] +add edx, edi +mov dword [ebp - 0x210], ecx +mov ecx, dword [ebp - 0x1f8] +add eax, 0x281 +mov dword [ebp - 0x20c], edx +mov dword [ebp - 0x1f4], 0 +mov dword [ebp - 0x228], eax +jmp near loc_fffc17a9 ; jmp 0xfffc17a9 -loc_fffc2473: ; not directly referenced -lea esp, [ebp - 8] -pop ebx -pop esi -pop ebp -ret +loc_fffc15e2: ; not directly referenced +xor ebx, ebx -fcn_fffc247a: ; not directly referenced -push ebp -xor ecx, ecx -mov ebp, esp -push edi -push esi +loc_fffc15e4: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc1641 ; jne 0xfffc1641 +push eax +push 0 +push 0 +push 3 +push 0xff +push 0 push ebx -sub esp, 0x40 -mov eax, dword [ebp + 8] -mov dword [ebp - 0x3c], 0 -add eax, 0x3756 -mov dword [ebp - 0x2c], eax - -loc_fffc2497: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffc24cb ; ja 0xfffc24cb -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc24cb ; jne 0xfffc24cb - -loc_fffc24ab: ; not directly referenced -inc ecx -add dword [ebp - 0x3c], 0x23 -add dword [ebp - 0x2c], 8 -cmp ecx, 4 -jne short loc_fffc2497 ; jne 0xfffc2497 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48dd -jmp near loc_fffc2642 ; jmp 0xfffc2642 - -loc_fffc24cb: ; not directly referenced -mov eax, dword [ebp + 8] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x28], 0 -add eax, 0x49bf -mov dword [ebp - 0x40], eax -imul eax, ecx, 0x2e -mov dword [ebp - 0x44], eax -mov eax, dword [ebp - 0x2c] -mov dword [ebp - 0x30], eax -mov eax, dword [ebp - 0x3c] -lea esi, [eax + 0x18b] -add eax, 0xbb -mov dword [ebp - 0x48], esi -mov dword [ebp - 0x4c], eax - -loc_fffc2505: ; not directly referenced -mov eax, dword [ebp + 8] -mov ebx, dword [ebp - 0x28] -mov esi, dword [ebp - 0x40] -mov dword [ebp - 0x24], 0 -lea ebx, [eax + ebx + 0x1973] - -loc_fffc251c: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffc2601 ; jne 0xfffc2601 -mov eax, dword [ebp - 0x44] -mov edi, dword [ebp - 0x24] -mov eax, dword [esi + eax - 0xf2] -mov dword [ebp - 0x20], eax -mov eax, dword [ebp - 0x30] -mov edx, dword [eax + edi + 0xc9] -mov eax, dword [eax + edi + 0xcd] -mov dword [ebp - 0x34], edx -mov dword [ebp - 0x38], eax -cmp ecx, 1 -je short loc_fffc25a1 ; je 0xfffc25a1 -jb short loc_fffc25ad ; jb 0xfffc25ad -cmp ecx, 3 -ja short loc_fffc25ad ; ja 0xfffc25ad -cmp ecx, 2 -mov dl, byte [esi] -jne short loc_fffc256c ; jne 0xfffc256c -and dl, 1 -jne short loc_fffc2573 ; jne 0xfffc2573 -xor eax, eax -jmp short loc_fffc25e9 ; jmp 0xfffc25e9 - -loc_fffc256c: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffc25e9 ; je 0xfffc25e9 +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +cmp byte [edi + 0x36ca], 2 +jne short loc_fffc1641 ; jne 0xfffc1641 +mov ecx, dword [ebp - 0x1fc] +imul eax, ebx, 0xcc +mov edx, ebx +push 0 +push 1 +movzx eax, byte [ecx + eax + 0xe2] +mov ecx, 0xff +push eax +mov eax, edi +push 1 +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 -loc_fffc2573: ; not directly referenced -mov edx, dword [esi - 0x21] -mov eax, dword [ebp - 0x4c] -mov edi, dword [ebp - 0x48] -and edx, 0xfffffffd -add eax, ebx -add edi, ebx -dec edx -cmovne eax, edi -xor edi, edi -cmp byte [esi + 1], 0x13 -movzx edx, byte [eax + 7] -jne short loc_fffc2597 ; jne 0xfffc2597 -movsx edi, byte [eax + 0x1d] +loc_fffc1641: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffc15e4 ; jne 0xfffc15e4 +sub esp, 0xc +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +cmp dword [ebp - 0x208], 0 +jne short loc_fffc16bd ; jne 0xfffc16bd +mov ecx, dword [ebp - 0x1f8] +mov edx, 6 +mov eax, dword [ecx + 0x3211] +mov dword [ecx + 0x3219], eax +mov eax, dword [ecx + 0x3215] +mov dword [ecx + 0x321d], eax +mov eax, dword [ecx + 0x3259] +mov dword [ecx + 0x3261], eax +mov eax, dword [ecx + 0x325d] +mov dword [ecx + 0x3265], eax +lea eax, [ebp - 0x1dc] +mov ecx, esi +push 1 +push 1 +push eax +mov eax, edi +push 0 +push 0x40 +push 0xffffffffffffffc0 +push 3 +push 0xff +call fcn_fffcf65b ; call 0xfffcf65b +add esp, 0x20 +jmp short loc_fffc16cc ; jmp 0xfffc16cc -loc_fffc2597: ; not directly referenced -xor eax, eax -cmp dword [ebp - 0x20], 0 -je short loc_fffc25e9 ; je 0xfffc25e9 -jmp short loc_fffc25d3 ; jmp 0xfffc25d3 +loc_fffc16bd: ; not directly referenced +mov ecx, dword [ebp - 0x1ec] +mov edx, esi +mov eax, edi +call fcn_fffcb062 ; call 0xfffcb062 -loc_fffc25a1: ; not directly referenced -movzx eax, word [ebx + 0x258] -test ax, ax -jne short loc_fffc25e9 ; jne 0xfffc25e9 +loc_fffc16cc: ; not directly referenced +mov ebx, dword [ebp - 0x1f8] +mov dword [ebp - 0x1f4], 0 + +loc_fffc16dc: ; not directly referenced +imul eax, dword [ebp - 0x1f4], 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc175d ; jne 0xfffc175d +mov eax, dword [ebx + 0x3219] +cmp dword [ebx + 0x3211], eax +cmovbe eax, dword [ebx + 0x3211] +mov dword [ebx + 0x3211], eax +mov eax, dword [ebx + 0x321d] +cmp dword [ebx + 0x3215], eax +cmovbe eax, dword [ebx + 0x3215] +mov dword [ebx + 0x3215], eax +cmp byte [edi + 0x36ca], 2 +jne short loc_fffc175d ; jne 0xfffc175d +mov edx, dword [ebp - 0x1f4] +mov ecx, dword [ebp - 0x1fc] +push 0 +push 1 +imul eax, edx, 0xcc +movzx eax, byte [ecx + eax + 0xe2] +mov ecx, 0xff +neg eax +push eax +mov eax, edi +push 1 +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 -loc_fffc25ad: ; not directly referenced -xor eax, eax -cmp dword [ebp - 0x20], 0 -je short loc_fffc25e9 ; je 0xfffc25e9 -mov eax, dword [esi - 0x21] -and eax, 0xfffffffd -dec eax -jne short loc_fffc25c8 ; jne 0xfffc25c8 -movzx edx, byte [ebx + 0x5a] -movsx edi, byte [ebx + 0x6c] -jmp short loc_fffc25d3 ; jmp 0xfffc25d3 +loc_fffc175d: ; not directly referenced +inc dword [ebp - 0x1f4] +add ebx, 0x48 +cmp dword [ebp - 0x1f4], 2 +jne loc_fffc16dc ; jne 0xfffc16dc +jmp near loc_fffc152a ; jmp 0xfffc152a -loc_fffc25c8: ; not directly referenced -movzx edx, byte [ebx + 0x61] -movsx edi, byte [ebx + 0xc2] +loc_fffc1778: ; not directly referenced +add dword [ebp - 0x1f4], 0x13c3 +add ecx, 0x48 +add dword [ebp - 0x210], 0x13c3 +add dword [ebp - 0x20c], 0x13c3 +cmp dword [ebp - 0x1f4], 0x2786 +je loc_fffc1932 ; je 0xfffc1932 -loc_fffc25d3: ; not directly referenced -imul edx, dword [ebp - 0x34] -mov eax, dword [ebp - 0x20] -imul edi, dword [ebp - 0x38] -lea eax, [eax + edx - 1] +loc_fffc17a9: ; not directly referenced +mov ebx, dword [ebp - 0x1f4] +mov al, byte [ebp - 0x1ec] +test byte [edi + ebx + 0x381b], al +je short loc_fffc1778 ; je 0xfffc1778 +mov eax, dword [ebp - 0x1f4] +mov ebx, 0xa xor edx, edx -add eax, edi -div dword [ebp - 0x20] +mov esi, 0xa +mov byte [ebp - 0x204], 0 +lea eax, [edi + eax + 0x3757] +mov dword [ebp - 0x224], eax +mov eax, dword [ecx + 0x3211] +div ebx +mov ebx, dword [ebp - 0x210] +xor edx, edx +mov byte [ebx + 0x39c8], al +mov eax, dword [ecx + 0x3215] +div esi +xor edx, edx +mov byte [ebx + 0x39c9], al +mov eax, dword [ecx + 0x3451] +div esi +xor edx, edx +mov byte [ebx + 0x39cb], al +mov eax, dword [ecx + 0x3455] +div esi +xor edx, edx +mov byte [ebx + 0x39ca], al +mov eax, dword [ecx + 0x2d91] +mov ebx, dword [ebp - 0x20c] +div esi +xor edx, edx +mov byte [ebx + 0x4758], al +mov eax, dword [ecx + 0x2d95] +div esi +xor edx, edx +mov byte [ebx + 0x4759], al +mov eax, dword [ecx + 0x2fd1] +div esi +xor edx, edx +mov byte [ebx + 0x4760], al +mov eax, dword [ecx + 0x2fd5] +div esi +mov byte [ebx + 0x4761], al -loc_fffc25e9: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 0x14 -mov edi, 0x14 -cmova eax, edi -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffc186e: ; not directly referenced +mov al, byte [ebp - 0x204] +cmp al, byte [edi + 0x2489] +jae loc_fffc1778 ; jae 0xfffc1778 +movzx ebx, al +imul ebx, ebx, 0x18 +add ebx, dword [ebp - 0x228] +add ebx, dword [ebp - 0x224] +mov byte [ebp - 0x215], 8 -loc_fffc2601: ; not directly referenced -add dword [ebp - 0x24], 0x20 -add esi, 0x128 -add ebx, 0x277 -cmp dword [ebp - 0x24], 0x40 -jne loc_fffc251c ; jne 0xfffc251c -add dword [ebp - 0x28], 0x54a -add dword [ebp - 0x40], 0x13c3 -add dword [ebp - 0x30], 0x13c3 -cmp dword [ebp - 0x28], 0xa94 -jne loc_fffc2505 ; jne 0xfffc2505 -jmp near loc_fffc24ab ; jmp 0xfffc24ab +loc_fffc1899: ; not directly referenced +mov eax, dword [ecx + 0x26d1] +mov esi, 0xa +xor edx, edx +add ebx, 3 +div esi +xor edx, edx +mov byte [ebx - 3], al +mov eax, dword [ecx + 0x26d5] +div esi +xor edx, edx +mov byte [ebx - 1], al +mov eax, dword [ecx + 0x2b51] +div esi +xor edx, edx +mov byte [ebx + 0x35d], al +mov eax, dword [ecx + 0x2b55] +div esi +xor edx, edx +mov byte [ebx + 0x35f], al +mov eax, dword [ecx + 0x2491] +div esi +xor edx, edx +mov byte [ebx + 0x6bf], al +mov eax, dword [ecx + 0x2495] +div esi +xor edx, edx +mov byte [ebx + 0x6bd], al +mov eax, dword [ecx + 0x2911] +div esi +xor edx, edx +mov byte [ebx + 0xa1f], al +mov eax, dword [ecx + 0x2915] +div esi +mov byte [ebx + 0xa1d], al +dec byte [ebp - 0x215] +jne loc_fffc1899 ; jne 0xfffc1899 +inc byte [ebp - 0x204] +jmp near loc_fffc186e ; jmp 0xfffc186e -loc_fffc2642: ; not directly referenced -cmp ecx, 1 -ja short loc_fffc2653 ; ja 0xfffc2653 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je short loc_fffc267d ; je 0xfffc267d +loc_fffc1932: ; not directly referenced +inc dword [ebp - 0x1f0] +add dword [ebp - 0x1f8], 0x90 +cmp dword [ebp - 0x1f0], 4 +jne loc_fffc1389 ; jne 0xfffc1389 +cmp dword [edi + 0x3757], 2 +jne short loc_fffc1966 ; jne 0xfffc1966 +xor ecx, ecx +mov edx, 0x4198 +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b -loc_fffc2653: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffc1966: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc197d ; jne 0xfffc197d +xor ecx, ecx +mov edx, 0x4598 +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b -loc_fffc267d: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffc2642 ; jne 0xfffc2642 -add esp, 0x40 -mov eax, 1 +loc_fffc197d: ; not directly referenced +mov eax, dword [ebp - 0x200] +lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp ret -fcn_fffc2693: ; not directly referenced +fcn_fffc198b: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi +xor esi, esi push ebx -sub esp, 0x44 -mov eax, dword [ebp + 8] -mov dword [ebp - 0x40], 0 -add eax, 0x3756 -mov dword [ebp - 0x30], eax - -loc_fffc26b0: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffc26e4 ; ja 0xfffc26e4 -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc26e4 ; jne 0xfffc26e4 - -loc_fffc26c4: ; not directly referenced -inc ecx -add dword [ebp - 0x40], 0x23 -add dword [ebp - 0x30], 8 -cmp ecx, 4 -jne short loc_fffc26b0 ; jne 0xfffc26b0 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48db -jmp near loc_fffc28c1 ; jmp 0xfffc28c1 - -loc_fffc26e4: ; not directly referenced -mov eax, dword [ebp + 8] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x28], 0 -add eax, 0x49bf -mov dword [ebp - 0x44], eax -imul eax, ecx, 0x2e -mov dword [ebp - 0x48], eax -mov eax, dword [ebp - 0x30] -mov dword [ebp - 0x34], eax -mov eax, dword [ebp - 0x40] -lea ebx, [eax + 0x18b] -add eax, 0xbb -mov dword [ebp - 0x4c], ebx -mov dword [ebp - 0x50], eax - -loc_fffc271e: ; not directly referenced -mov eax, dword [ebp + 8] -mov ebx, dword [ebp - 0x28] -mov dword [ebp - 0x2c], 0 -lea ebx, [eax + ebx + 0x1973] -mov eax, dword [ebp - 0x44] -mov dword [ebp - 0x20], eax - -loc_fffc2738: ; not directly referenced -mov eax, dword [ebp - 0x20] -cmp dword [eax - 0xf6], 2 -jne loc_fffc287f ; jne 0xfffc287f -mov edi, dword [ebp - 0x48] -mov esi, dword [ebp - 0x2c] -mov edx, dword [eax + edi - 0xf2] -mov edi, dword [ebp - 0x34] -mov dword [ebp - 0x24], edx -mov edx, dword [edi + esi + 0xc9] -mov edi, dword [edi + esi + 0xcd] -mov dword [ebp - 0x38], edx -mov dword [ebp - 0x3c], edi -cmp ecx, 1 -je loc_fffc27fd ; je 0xfffc27fd -jb loc_fffc2809 ; jb 0xfffc2809 -cmp ecx, 3 -ja loc_fffc2809 ; ja 0xfffc2809 -cmp ecx, 2 -mov dl, byte [eax] -jne short loc_fffc279a ; jne 0xfffc279a -and dl, 1 -jne short loc_fffc27a5 ; jne 0xfffc27a5 -xor eax, eax -jmp near loc_fffc2865 ; jmp 0xfffc2865 +add esp, 0xffffff80 +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x60] +mov byte [ebp - 0x67], 5 +mov byte [ebp - 0x66], 2 +mov eax, dword [ebx + 0x5edd] +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +mov dword [ebp - 0x6c], eax +mov al, byte [ebx + 0x248f] +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +mov byte [ebp - 0x6d], al +mov eax, dword [ebx + 0x188b] +mov dword [ebp - 0x74], eax +mov eax, dword [ebx + 0x2444] +push 0 +push 5 +push edi +call dword [eax + 0x60] ; ucall +movzx edx, byte [ebp - 0x67] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x66] +mov ecx, 1 +mov word [ebp - 0x60], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +add esp, 0x10 +mov word [ebp - 0x5e], ax -loc_fffc279a: ; not directly referenced -xor eax, eax -and dl, 2 -je loc_fffc2865 ; je 0xfffc2865 +loc_fffc1a0c: ; not directly referenced +mov eax, 1 +mov ecx, esi +shl eax, cl +test byte [ebx + 0x248e], al +je short loc_fffc1a48 ; je 0xfffc1a48 +push edx +mov ecx, 3 +push 2 +push 0 +push 0xf +push 0xb +push 0 +push edi +lea edx, [ebp - 0x65] +push edx +push 2 +lea edx, [ebp - 0x67] +push edx +push 4 +push eax +mov eax, ebx +lea edx, [ebp - 0x56] +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 -loc_fffc27a5: ; not directly referenced -mov eax, dword [ebp - 0x20] -mov esi, dword [ebp - 0x50] -mov edx, dword [ebp - 0x4c] -mov eax, dword [eax - 0x21] -lea edi, [esi + ebx] -add edx, ebx -and eax, 0xfffffffd -dec eax -cmovne edi, edx -xor edx, edx -mov al, byte [edi + 9] -shr al, 4 -movzx esi, al -movzx eax, byte [edi + 0xb] -shl esi, 8 -or esi, eax -mov eax, dword [ebp - 0x20] -cmp byte [eax + 1], 0x13 -jne short loc_fffc27de ; jne 0xfffc27de -movsx edx, byte [edi + 0x1e] +loc_fffc1a48: ; not directly referenced +inc esi +cmp esi, 4 +jne short loc_fffc1a0c ; jne 0xfffc1a0c +push eax +mov ecx, 3 +push eax +mov eax, ebx +push 0 +push 0xf +push 0 +push 0 +push 0 +push 2 +lea edx, [ebx + 0x2491] +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 +cmp dword [ebp - 0x74], 1 +jne loc_fffc1b55 ; jne 0xfffc1b55 +lea eax, [ebx + 0x3757] +mov edi, dword [ebp - 0x6c] +mov dword [ebp - 0x78], eax +movzx eax, byte [ebp - 0x6d] +mov dword [ebp - 0x6c], 0 +add edi, 0x1c +mov dword [ebp - 0x80], eax -loc_fffc27de: ; not directly referenced -xor eax, eax -cmp dword [ebp - 0x24], 0 -je short loc_fffc2865 ; je 0xfffc2865 -mov edi, dword [ebp - 0x24] -imul esi, dword [ebp - 0x38] -imul edx, dword [ebp - 0x3c] -lea eax, [edi + esi - 1] -add eax, edx -xor edx, edx -div edi -jmp short loc_fffc2865 ; jmp 0xfffc2865 +loc_fffc1a98: ; not directly referenced +mov eax, dword [ebp - 0x80] +mov ecx, dword [ebp - 0x6c] +bt eax, ecx +jb short loc_fffc1abe ; jb 0xfffc1abe -loc_fffc27fd: ; not directly referenced -movzx eax, word [ebx + 0x256] -test ax, ax -jne short loc_fffc2865 ; jne 0xfffc2865 +loc_fffc1aa3: ; not directly referenced +inc dword [ebp - 0x6c] +add edi, 0xcc +add dword [ebp - 0x78], 0x13c3 +cmp dword [ebp - 0x6c], 2 +jne short loc_fffc1a98 ; jne 0xfffc1a98 +jmp near loc_fffc1b55 ; jmp 0xfffc1b55 -loc_fffc2809: ; not directly referenced -xor eax, eax -cmp dword [ebp - 0x24], 0 -je short loc_fffc2865 ; je 0xfffc2865 -mov eax, dword [ebp - 0x20] -mov eax, dword [eax - 0x21] -and eax, 0xfffffffd -dec eax -jne short loc_fffc2835 ; jne 0xfffc2835 -mov al, byte [ebx + 0x5d] -movsx edi, byte [ebx + 0x6e] -shr al, 4 -movzx esi, al -movzx eax, byte [ebx + 0x5f] -shl esi, 8 -or esi, eax -jmp short loc_fffc284e ; jmp 0xfffc284e +loc_fffc1abe: ; not directly referenced +mov byte [ebp - 0x6d], 0 -loc_fffc2835: ; not directly referenced -mov al, byte [ebx + 0x63] -movsx edi, byte [ebx + 0xc0] -shr al, 4 +loc_fffc1ac2: ; not directly referenced +mov al, byte [ebp - 0x6d] +cmp al, byte [ebx + 0x2489] +jae short loc_fffc1aa3 ; jae 0xfffc1aa3 +mov edx, dword [ebp - 0x78] movzx esi, al -movzx eax, byte [ebx + 0x65] -shl esi, 8 -or esi, eax - -loc_fffc284e: ; not directly referenced -mov eax, dword [ebp - 0x24] -xor edx, edx -imul esi, dword [ebp - 0x38] -imul edi, dword [ebp - 0x3c] -lea esi, [eax + esi - 1] -lea eax, [esi + edi] -div dword [ebp - 0x24] +mov byte [ebp - 0x74], 0 +mov cl, byte [edx + 0xc4] +add esi, edx +mov dword [ebp - 0x7c], esi +mov byte [ebp - 0x6e], cl +xor ecx, ecx -loc_fffc2865: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 0xfff -mov edi, 0xfff -cmova eax, edi -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffc1ae7: ; not directly referenced +mov eax, 1 +shl eax, cl +test byte [ebp - 0x6e], al +je short loc_fffc1b13 ; je 0xfffc1b13 +mov eax, dword [ebp - 0x7c] +lea esi, [ecx + ecx*8] +mov al, byte [eax + esi + 0x24d] +mov dl, al +and eax, 0xf +shr dl, 4 +shl edx, 2 +cmp dl, al +setne al +or byte [ebp - 0x74], al -loc_fffc287f: ; not directly referenced -add dword [ebp - 0x2c], 0x20 -add ebx, 0x277 -add dword [ebp - 0x20], 0x128 -cmp dword [ebp - 0x2c], 0x40 -jne loc_fffc2738 ; jne 0xfffc2738 -add dword [ebp - 0x28], 0x54a -add dword [ebp - 0x44], 0x13c3 -add dword [ebp - 0x34], 0x13c3 -cmp dword [ebp - 0x28], 0xa94 -jne loc_fffc271e ; jne 0xfffc271e -jmp near loc_fffc26c4 ; jmp 0xfffc26c4 +loc_fffc1b13: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc1ae7 ; jne 0xfffc1ae7 +cmp byte [ebx + 0x240e], 1 +je short loc_fffc1b28 ; je 0xfffc1b28 +cmp byte [ebp - 0x74], 1 +jne short loc_fffc1b4d ; jne 0xfffc1b4d -loc_fffc28c1: ; not directly referenced -cmp ecx, 1 -ja short loc_fffc28d2 ; ja 0xfffc28d2 -mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -je short loc_fffc28fc ; je 0xfffc28fc +loc_fffc1b28: ; not directly referenced +movzx esi, byte [ebp - 0x6d] +mov eax, ebx +mov edx, dword [ebp - 0x6c] +mov ecx, esi +add esi, 8 +call fcn_fffa71bc ; call 0xfffa71bc +or byte [edi + esi*4 + 0xb], 1 +mov ecx, dword [edi + esi*4 + 8] +mov edx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc28d2: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffc1b4d: ; not directly referenced +inc byte [ebp - 0x6d] +jmp near loc_fffc1ac2 ; jmp 0xfffc1ac2 -loc_fffc28fc: ; not directly referenced -inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffc28c1 ; jne 0xfffc28c1 -add esp, 0x44 -mov eax, 1 +loc_fffc1b55: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffc2912: ; not directly referenced +fcn_fffc1b5f: ; not directly referenced push ebp -xor ecx, ecx mov ebp, esp push edi push esi push ebx -sub esp, 0x3c -mov dword [ebp - 0x28], 0 - -loc_fffc2924: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffc2954 ; ja 0xfffc2954 -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc2954 ; jne 0xfffc2954 - -loc_fffc2938: ; not directly referenced -inc ecx -add dword [ebp - 0x28], 0x23 -cmp ecx, 4 -jne short loc_fffc2924 ; jne 0xfffc2924 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48d9 -jmp near loc_fffc2ac3 ; jmp 0xfffc2ac3 - -loc_fffc2954: ; not directly referenced -mov eax, dword [ebp + 8] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -add eax, 0x49bf -mov dword [ebp - 0x30], eax -imul eax, ecx, 0x2e -mov dword [ebp - 0x3c], eax -lea eax, [ecx*8 - 0x1269] -mov dword [ebp - 0x44], eax -mov eax, dword [ebp - 0x28] -add eax, 0x18b -mov dword [ebp - 0x48], eax +sub esp, 0x540 +mov esi, dword [ebp + 0xc] +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x4fa] +mov dword [ebp - 0x520], edx +mov edx, dword [ebp + 0x14] +mov dword [ebp - 0x51c], eax +mov dword [ebp - 0x52c], esi +mov esi, dword [ebp + 0x18] +mov dword [ebp - 0x524], ecx +mov ecx, 0xa +mov dword [ebp - 0x538], edx +mov dword [ebp - 0x528], ebx +mov ebx, dword [ebp + 0x10] +mov dword [ebp - 0x530], esi +mov esi, dword [ebp + 0x20] +mov byte [ebp - 0x507], 4 +mov byte [ebp - 0x506], 1 +mov byte [ebp - 0x505], 5 +mov eax, esi +mov dword [ebp - 0x534], esi +mov esi, ref_fffd541c ; mov esi, 0xfffd541c +mov byte [ebp - 0x541], al +lea eax, [ebp - 0x4f0] +mov byte [ebp - 0x504], 2 +mov byte [ebp - 0x50b], 4 +mov byte [ebp - 0x50a], 1 +mov byte [ebp - 0x509], 5 +mov byte [ebp - 0x508], 2 +mov byte [ebp - 0x4ff], 1 +mov byte [ebp - 0x4fe], 2 +mov byte [ebp - 0x4fd], 0 +mov byte [ebp - 0x4fc], 0 +mov byte [ebp - 0x4fb], 0 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov edi, dword [ebp - 0x51c] +mov dword [ebp - 0x503], 0 +mov esi, dword [edi + 0x2444] +push 0xff +push 0x4d8 +push eax +call dword [esi + 0x5c] ; ucall +add esp, 0xc +push 0xff +push 0x54e +push dword [ebp - 0x520] +call dword [esi + 0x5c] ; ucall +mov cl, byte [ebp - 0x524] +mov al, byte [ebp - 0x528] +and cl, byte [edi + 0x248f] +and al, byte [edi + 0x248e] +add esp, 0x10 +mov byte [ebp - 0x50d], 0 +mov edx, dword [ebp - 0x538] +movzx esi, cl +mov edi, eax +xor eax, eax +and cl, 1 +je short loc_fffc1caf ; je 0xfffc1caf +mov ecx, dword [ebp - 0x51c] +mov eax, edi +and al, byte [ecx + 0x381b] +test al, al +mov byte [ebp - 0x50d], al +setne al -loc_fffc2989: ; not directly referenced -mov eax, dword [ebp - 0x44] -mov edi, dword [ebp - 0x30] -mov ebx, dword [ebp - 0x20] -mov dword [ebp - 0x24], 0 -add eax, edi -mov dword [ebp - 0x34], eax -mov eax, dword [ebp + 8] -lea ebx, [eax + ebx + 0x1973] -mov eax, dword [ebp - 0x28] -add eax, 0xbb -mov dword [ebp - 0x40], eax +loc_fffc1caf: ; not directly referenced +and esi, 2 +mov byte [ebp - 0x50c], 0 +je short loc_fffc1cd9 ; je 0xfffc1cd9 +mov esi, dword [ebp - 0x51c] +mov ecx, edi +and cl, byte [esi + 0x4bde] +mov esi, eax +or esi, 2 +test cl, cl +mov byte [ebp - 0x50c], cl +cmovne eax, esi -loc_fffc29b3: ; not directly referenced -cmp dword [edi - 0xf6], 2 -jne loc_fffc2a89 ; jne 0xfffc2a89 -mov eax, dword [ebp - 0x3c] -mov edx, dword [ebp - 0x24] -mov esi, dword [edi + eax - 0xf2] -mov eax, dword [ebp - 0x34] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x2c], eax -cmp ecx, 1 -je short loc_fffc2a2c ; je 0xfffc2a2c -jb short loc_fffc2a38 ; jb 0xfffc2a38 -cmp ecx, 3 -ja short loc_fffc2a38 ; ja 0xfffc2a38 -cmp ecx, 2 -mov dl, byte [edi] -jne short loc_fffc29f6 ; jne 0xfffc29f6 -and dl, 1 -jne short loc_fffc29fd ; jne 0xfffc29fd -xor eax, eax -jmp short loc_fffc2a71 ; jmp 0xfffc2a71 +loc_fffc1cd9: ; not directly referenced +mov cl, byte [ebx] +movzx eax, al +mov esi, dword [ebp - 0x520] +mov dword [ebp - 0x524], eax +mov byte [esi], cl +mov cl, byte [edx] +mov byte [esi + 4], cl +mov cl, byte [ebx + 1] +mov byte [esi + 1], cl +mov cl, byte [edx + 1] +mov byte [esi + 5], cl +mov cl, byte [ebx + 2] +mov byte [esi + 2], cl +mov cl, byte [edx + 2] +mov byte [esi + 6], cl +mov cl, byte [ebx + 3] +mov bl, byte [ebp - 0x530] +mov byte [esi + 3], cl +mov dl, byte [edx + 3] +mov byte [esi + 8], bl +mov byte [esi + 7], dl +mov edx, eax +movzx eax, byte [ebp - 0x52c] +push ecx +push ecx +mov ecx, esi +push 1 +push eax +mov eax, dword [ebp - 0x51c] +call fcn_fffafe03 ; call 0xfffafe03 +add esp, 0x10 +cmp dword [ebp + 0x24], 0 +je short loc_fffc1d84 ; je 0xfffc1d84 +mov esi, dword [ebp - 0x51c] +push ecx +mov ecx, dword [ebp - 0x524] +push 0 +push 0 +lea ebx, [esi + 0x2491] +mov eax, esi +push 0 +mov edx, ebx +call fcn_fffbf98a ; call 0xfffbf98a +mov ecx, dword [ebp - 0x524] +pop eax +mov eax, esi +pop edx +mov edx, ebx +push 0 +push 0xf +push 0 +push 0 +push 0 +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 -loc_fffc29f6: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffc2a71 ; je 0xfffc2a71 +loc_fffc1d84: ; not directly referenced +cmp dword [ebp + 0x28], 0 +je short loc_fffc1dbd ; je 0xfffc1dbd +mov ebx, dword [ebp - 0x51c] +sub esp, 0xc +push ebx +call fcn_fffc054a ; call 0xfffc054a +mov ecx, dword [ebp - 0x524] +pop eax +mov eax, ebx +pop edx +lea edx, [ebx + 0x2491] +push 0 +push 0xf +push 0 +push 0 +push 0 +push 2 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 -loc_fffc29fd: ; not directly referenced -mov eax, dword [ebp - 0x40] -mov edx, dword [edi - 0x21] -add eax, ebx -mov dword [ebp - 0x38], eax -mov eax, dword [ebp - 0x48] -and edx, 0xfffffffd -add eax, ebx -dec edx -cmove eax, dword [ebp - 0x38] -mov dl, byte [eax + 9] -movzx eax, byte [eax + 0xa] -and edx, 0xf -shl edx, 8 -or edx, eax +loc_fffc1dbd: ; not directly referenced +mov ebx, dword [ebp - 0x520] +mov edx, edi +xor ecx, ecx +mov al, byte [ebp - 0x534] +movzx edi, dl +mov dword [ebp - 0x52c], edi +mov byte [ebx + 0x539], al +lea eax, [ebx + 0x534] +mov dword [ebp - 0x538], eax +mov eax, dword [ebp + 0x1c] +lea ebx, [ebp - 0x507] +mov dword [ebp - 0x530], eax xor eax, eax -test esi, esi -je short loc_fffc2a71 ; je 0xfffc2a71 -jmp short loc_fffc2a65 ; jmp 0xfffc2a65 -loc_fffc2a2c: ; not directly referenced -movzx eax, word [ebx + 0x254] -test ax, ax -jne short loc_fffc2a71 ; jne 0xfffc2a71 +loc_fffc1df9: ; not directly referenced +mov dl, byte [ebp - 0x530] +sub edx, dword [ebp + 0x1c] +cmp dl, byte [ebp - 0x541] +jae loc_fffc226f ; jae 0xfffc226f +mov edi, dword [ebp - 0x530] +mov esi, dword [ebp - 0x538] +mov dl, byte [edi] +mov byte [esi], dl +cmp byte [edi], 6 +ja loc_fffc21a3 ; ja 0xfffc21a3 +movzx edx, byte [edi] +jmp dword [edx*4 + ref_fffd5428] ; ujmp: jmp dword [edx*4 - 0x2abd8] -loc_fffc2a38: ; not directly referenced -xor eax, eax -test esi, esi -je short loc_fffc2a71 ; je 0xfffc2a71 -mov eax, dword [edi - 0x21] -and eax, 0xfffffffd -dec eax -jne short loc_fffc2a56 ; jne 0xfffc2a56 -mov dl, byte [ebx + 0x5d] -movzx eax, byte [ebx + 0x5e] -and edx, 0xf -shl edx, 8 -jmp short loc_fffc2a63 ; jmp 0xfffc2a63 +loc_fffc1e31: ; not directly referenced +push eax +mov ecx, dword [ebp - 0x524] +push 1 +push 0 +push 0xf +push 0xc +push 0xfffffffffffffff5 +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +mov eax, dword [ebp - 0x51c] +push 2 +lea ebx, [ebp - 0x509] +push ebx +push 0 +push dword [ebp - 0x52c] +lea esi, [ebp - 0x3f8] +mov edx, esi +call fcn_fffcb1dd ; call 0xfffcb1dd +mov eax, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edi, [eax + 0x14f] +mov eax, 1 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov cl, 2 +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 -loc_fffc2a56: ; not directly referenced -mov dl, byte [ebx + 0x63] -movzx eax, byte [ebx + 0x64] -and edx, 0xf -shl edx, 8 +loc_fffc1e96: ; not directly referenced +push eax +mov ecx, dword [ebp - 0x524] +push 0 +push 9 +push 0xf +push 6 +push 0xfffffffffffffff6 +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +mov eax, dword [ebp - 0x51c] +push 2 +lea ebx, [ebp - 0x50b] +push ebx +push 1 +push dword [ebp - 0x52c] +lea esi, [ebp - 0x110] +mov edx, esi +call fcn_fffcb1dd ; call 0xfffcb1dd +mov eax, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edi, [eax + 0x437] +mov eax, 4 +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov cl, 2 +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 -loc_fffc2a63: ; not directly referenced -or edx, eax +loc_fffc1efb: ; not directly referenced +lea eax, [ebp - 0x208] +xor ebx, ebx +mov dword [ebp - 0x534], eax -loc_fffc2a65: ; not directly referenced -imul edx, dword [ebp - 0x2c] -lea eax, [esi + edx - 1] -xor edx, edx -div esi +loc_fffc1f09: ; not directly referenced +mov eax, dword [ebp - 0x52c] +bt eax, ebx +jb short loc_fffc1f33 ; jb 0xfffc1f33 -loc_fffc2a71: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 0x28 -mov esi, 0x28 -cmova eax, esi -cmp eax, edx -cmovb eax, edx -mov dword [ebp + ecx*4 - 0x1c], eax +loc_fffc1f14: ; not directly referenced +inc ebx +add dword [ebp - 0x534], 0x3e +cmp ebx, 4 +jne short loc_fffc1f09 ; jne 0xfffc1f09 +mov cl, 2 +mov eax, 3 +lea ebx, [ebp - 0x509] +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 -loc_fffc2a89: ; not directly referenced -add dword [ebp - 0x24], 0x20 -add edi, 0x128 -add ebx, 0x277 -cmp dword [ebp - 0x24], 0x40 -jne loc_fffc29b3 ; jne 0xfffc29b3 -add dword [ebp - 0x20], 0x54a -add dword [ebp - 0x30], 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffc2989 ; jne 0xfffc2989 -jmp near loc_fffc2938 ; jmp 0xfffc2938 +loc_fffc1f33: ; not directly referenced +push edi +mov esi, dword [ebp - 0x534] +mov cl, bl +push 2 +push 0 +push 0xf +push 0xb +mov edx, esi +push 0 +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +push 2 +lea eax, [ebp - 0x509] +push eax +mov eax, dword [ebp - 0x51c] +push 4 +mov dword [ebp - 0x528], 1 +shl dword [ebp - 0x528], cl +push dword [ebp - 0x528] +mov ecx, dword [ebp - 0x524] +call fcn_fffcb1dd ; call 0xfffcb1dd +imul eax, ebx, 0x3e +mov edi, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edx, [ebp - 0x4f0] +lea edi, [edi + eax + 0x33f] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +lea ecx, [ebp - 0x50d] +lea edi, [ebp - 0x50b] -loc_fffc2ac3: ; not directly referenced -cmp ecx, 1 -ja short loc_fffc2ad4 ; ja 0xfffc2ad4 -mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -je short loc_fffc2afe ; je 0xfffc2afe +loc_fffc1fb4: ; not directly referenced +movzx esi, byte [ecx] +test dword [ebp - 0x528], esi +je short loc_fffc1fef ; je 0xfffc1fef +mov si, word [edx + eax + 0x30c] +cmp si, word [edx + 0x30c] +jae short loc_fffc1fd7 ; jae 0xfffc1fd7 +mov word [edx + 0x30c], si -loc_fffc2ad4: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x14] -mov word [eax], dx -mov word [eax - 0x1173], dx -mov word [eax + 0x128], dx -mov word [eax + 0x13c3], dx -mov word [eax + 0x250], dx -mov word [eax + 0x14eb], dx +loc_fffc1fd7: ; not directly referenced +mov si, word [edx + eax + 0x310] +cmp si, word [edx + 0x310] +jae short loc_fffc1fef ; jae 0xfffc1fef +mov word [edx + 0x310], si -loc_fffc2afe: ; not directly referenced +loc_fffc1fef: ; not directly referenced inc ecx -add eax, 0x2e -cmp ecx, 2 -jne short loc_fffc2ac3 ; jne 0xfffc2ac3 -add esp, 0x3c -mov eax, 1 -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffc2b14: ; not directly referenced -push ebp -xor ecx, ecx -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x30 +add edx, 2 +cmp ecx, edi +je loc_fffc1f14 ; je 0xfffc1f14 +jmp short loc_fffc1fb4 ; jmp 0xfffc1fb4 -loc_fffc2b1f: ; not directly referenced -lea eax, [ecx - 2] -cmp eax, 1 -ja short loc_fffc2b4b ; ja 0xfffc2b4b -mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc2b4b ; jne 0xfffc2b4b +loc_fffc1ffd: ; not directly referenced +mov eax, dword [ebp - 0x51c] +lea ebx, [ebp - 0x300] +mov dword [ebp - 0x534], ebx +cmp dword [eax + 0x188b], 1 +setne al +xor ebx, ebx +lea eax, [eax + eax + 0xc] +movsx eax, al +mov dword [ebp - 0x53c], eax -loc_fffc2b33: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffc2b1f ; jne 0xfffc2b1f -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48d7 -jmp near loc_fffc2ca4 ; jmp 0xfffc2ca4 +loc_fffc2028: ; not directly referenced +mov eax, dword [ebp - 0x52c] +bt eax, ebx +jb short loc_fffc2052 ; jb 0xfffc2052 -loc_fffc2b4b: ; not directly referenced -mov eax, dword [ebp + 8] -lea esi, [ecx*8 - 0x1269] -mov dword [ebp + ecx*4 - 0x1c], 0 -mov dword [ebp - 0x20], 0 -mov dword [ebp - 0x38], esi -add eax, 0x49bf -mov dword [ebp - 0x2c], eax -imul eax, ecx, 0x2e -mov dword [ebp - 0x30], eax -imul eax, ecx, 0x23 -add eax, 0xbb -mov dword [ebp - 0x3c], eax +loc_fffc2033: ; not directly referenced +inc ebx +add dword [ebp - 0x534], 0x3e +cmp ebx, 4 +jne short loc_fffc2028 ; jne 0xfffc2028 +mov cl, 2 +mov eax, 2 +lea ebx, [ebp - 0x50b] +jmp near loc_fffc21a3 ; jmp 0xfffc21a3 -loc_fffc2b80: ; not directly referenced -mov eax, dword [ebp - 0x38] -mov edi, dword [ebp - 0x2c] -mov ebx, dword [ebp - 0x20] -mov dword [ebp - 0x24], 0 -add eax, edi -mov dword [ebp - 0x34], eax -mov eax, dword [ebp + 8] -lea ebx, [eax + ebx + 0x1973] +loc_fffc2052: ; not directly referenced +push esi +mov cl, bl +mov esi, dword [ebp - 0x534] +push 0 +push 9 +push 0xf +push dword [ebp - 0x53c] +mov edx, esi +lea eax, [ebp - 0x4fa] +mov dword [ebp - 0x528], 1 +shl dword [ebp - 0x528], cl +push 0 +mov ecx, dword [ebp - 0x524] +push eax +lea eax, [ebp - 0x4ff] +push eax +push 2 +lea eax, [ebp - 0x50b] +push eax +mov eax, dword [ebp - 0x51c] +push 5 +push dword [ebp - 0x528] +call fcn_fffcb1dd ; call 0xfffcb1dd +imul eax, ebx, 0x3e +mov edi, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edx, [ebp - 0x4f0] +lea edi, [edi + eax + 0x247] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +lea ecx, [ebp - 0x50d] -loc_fffc2b9f: ; not directly referenced -cmp dword [edi - 0xf6], 2 -jne loc_fffc2c6a ; jne 0xfffc2c6a -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x24] -mov esi, dword [edi + eax - 0xf2] -mov eax, dword [ebp - 0x34] -mov eax, dword [eax + edx + 0xc9] -mov dword [ebp - 0x28], eax -cmp ecx, 1 -je short loc_fffc2c0d ; je 0xfffc2c0d -jb short loc_fffc2c19 ; jb 0xfffc2c19 -cmp ecx, 3 -ja short loc_fffc2c19 ; ja 0xfffc2c19 -cmp ecx, 2 -mov dl, byte [edi] -jne short loc_fffc2be2 ; jne 0xfffc2be2 -and dl, 1 -jne short loc_fffc2be9 ; jne 0xfffc2be9 -xor eax, eax -jmp short loc_fffc2c52 ; jmp 0xfffc2c52 +loc_fffc20d1: ; not directly referenced +movzx esi, byte [ecx] +test dword [ebp - 0x528], esi +je short loc_fffc210c ; je 0xfffc210c +mov si, word [edx + eax + 0x214] +cmp si, word [edx + 0x214] +jae short loc_fffc20f4 ; jae 0xfffc20f4 +mov word [edx + 0x214], si -loc_fffc2be2: ; not directly referenced -xor eax, eax -and dl, 2 -je short loc_fffc2c52 ; je 0xfffc2c52 +loc_fffc20f4: ; not directly referenced +mov si, word [edx + eax + 0x218] +cmp si, word [edx + 0x218] +jae short loc_fffc210c ; jae 0xfffc210c +mov word [edx + 0x218], si -loc_fffc2be9: ; not directly referenced -mov eax, dword [ebp - 0x3c] -add eax, ebx -mov dl, byte [eax + 0x12] -movzx eax, byte [eax + 0x13] -and edx, 0xf -shl edx, 8 -or edx, eax -xor eax, eax -test esi, esi -je short loc_fffc2c52 ; je 0xfffc2c52 -imul edx, dword [ebp - 0x28] -lea eax, [esi + edx - 1] -jmp short loc_fffc2c4e ; jmp 0xfffc2c4e +loc_fffc210c: ; not directly referenced +inc ecx +add edx, 2 +lea edi, [ebp - 0x50b] +cmp ecx, edi +je loc_fffc2033 ; je 0xfffc2033 +jmp short loc_fffc20d1 ; jmp 0xfffc20d1 -loc_fffc2c0d: ; not directly referenced -movzx eax, word [ebx + 0x252] -test ax, ax -jne short loc_fffc2c52 ; jne 0xfffc2c52 +loc_fffc2120: ; not directly referenced +mov eax, dword [ebp - 0x51c] +cmp dword [eax + 0x188b], 1 +jne short loc_fffc2140 ; jne 0xfffc2140 +call fcn_fffaac56 ; call 0xfffaac56 +mov edx, 0x2f +mov eax, 8 +jmp short loc_fffc2147 ; jmp 0xfffc2147 -loc_fffc2c19: ; not directly referenced +loc_fffc2140: ; not directly referenced +mov edx, 7 xor eax, eax -test esi, esi -je short loc_fffc2c52 ; je 0xfffc2c52 -mov eax, dword [edi - 0x21] -and eax, 0xfffffffd -dec eax -jne short loc_fffc2c37 ; jne 0xfffc2c37 -mov al, byte [ebx + 0x64] -movzx edx, byte [ebx + 0x65] -and eax, 0xf -shl eax, 8 -jmp short loc_fffc2c44 ; jmp 0xfffc2c44 - -loc_fffc2c37: ; not directly referenced -mov al, byte [ebx + 0x6c] -movzx edx, byte [ebx + 0x6d] -and eax, 0xf -shl eax, 8 -loc_fffc2c44: ; not directly referenced -or eax, edx -imul eax, dword [ebp - 0x28] -lea eax, [esi + eax - 1] +loc_fffc2147: ; not directly referenced +push ecx +mov ecx, dword [ebp - 0x524] +push 0 +push 9 +push 0xf +push edx +push eax +lea eax, [ebp - 0x4fa] +push eax +lea eax, [ebp - 0x4ff] +push eax +mov eax, dword [ebp - 0x51c] +push 2 +lea ebx, [ebp - 0x50b] +push ebx +push 6 +push dword [ebp - 0x52c] +lea edx, [ebp - 0x4f0] +lea esi, [ebp - 0x4f0] +call fcn_fffcb1dd ; call 0xfffcb1dd +mov eax, dword [ebp - 0x520] +mov ecx, 0x3e +add esp, 0x30 +lea edi, [eax + 0x57] +xor eax, eax +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov cl, 2 + +loc_fffc21a3: ; not directly referenced +imul edi, eax, 0x7c +mov dword [ebp - 0x528], 0 +mov dword [ebp - 0x53c], edi + +loc_fffc21b6: ; not directly referenced +mov edi, dword [ebp - 0x528] +cmp byte [ebp + edi - 0x50d], 0 +je loc_fffc224b ; je 0xfffc224b +mov edi, dword [ebp - 0x53c] +lea edx, [ebp - 0x4f0] +add edi, dword [ebp - 0x528] +add edi, edi +add edi, edx +mov dword [ebp - 0x540], edi +xor edi, edi +jmp short loc_fffc2245 ; jmp 0xfffc2245 + +loc_fffc21ea: ; not directly referenced +mov dl, byte [ebx + edi] +xor esi, esi +mov byte [ebp - 0x534], dl +cmp dl, 0x21 +ja short loc_fffc2204 ; ja 0xfffc2204 +movzx esi, dl +movzx esi, byte [esi + ref_fffd58e0] ; movzx esi, byte [esi - 0x2a720] + +loc_fffc2204: ; not directly referenced +mov edx, esi +movzx esi, dl +mov dl, byte [ebp - 0x534] +mov dword [ebp - 0x548], eax +mov eax, dword [ebp - 0x520] +mov byte [ebp + esi - 0x503], dl +mov edx, dword [ebp - 0x528] +add esi, esi +lea edx, [edx + esi + 0x20] +mov esi, dword [ebp - 0x540] +mov si, word [esi + edi*4 + 0x24] +inc edi +mov word [eax + edx*2 + 3], si +mov eax, dword [ebp - 0x548] + +loc_fffc2245: ; not directly referenced +mov edx, edi +cmp cl, dl +ja short loc_fffc21ea ; ja 0xfffc21ea + +loc_fffc224b: ; not directly referenced +inc dword [ebp - 0x528] +cmp dword [ebp - 0x528], 2 +jne loc_fffc21b6 ; jne 0xfffc21b6 +inc dword [ebp - 0x530] +inc dword [ebp - 0x538] +jmp near loc_fffc1df9 ; jmp 0xfffc1df9 + +loc_fffc226f: ; not directly referenced +mov eax, dword [ebp - 0x520] +lea ebx, [ebp - 0x503] +mov dword [ebp - 0x524], ebx +mov byte [ebp - 0x52c], 0 +mov byte [eax + 0x52f], 0 +mov dword [ebp - 0x528], eax + +loc_fffc2295: ; not directly referenced +mov eax, dword [ebp - 0x524] +mov bl, byte [eax] +test bl, bl +je loc_fffc2348 ; je 0xfffc2348 +mov ecx, dword [ebp - 0x520] +xor esi, esi +movzx eax, byte [ebp - 0x52c] +mov edi, dword [ebp - 0x51c] +mov byte [ecx + eax + 0x530], bl +lea eax, [ecx + eax*4] +inc byte [ecx + 0x52f] +add edi, 0x49bf +mov dword [ebp - 0x530], eax +movzx eax, bl +mov dword [ebp - 0x534], eax + +loc_fffc22df: ; not directly referenced +cmp byte [ebp + esi - 0x50d], 0 +je short loc_fffc2336 ; je 0xfffc2336 +mov edx, dword [ebp - 0x534] +mov ecx, 1 +mov eax, dword [ebp - 0x51c] +call fcn_fffaab72 ; call 0xfffaab72 +cmp bl, 2 +jne short loc_fffc2317 ; jne 0xfffc2317 +cmp byte [edi + 0x128], 5 +mov dl, byte [edi] +je short loc_fffc2314 ; je 0xfffc2314 +cmp dl, 5 +jne short loc_fffc2317 ; jne 0xfffc2317 + +loc_fffc2314: ; not directly referenced +add eax, 0x50 + +loc_fffc2317: ; not directly referenced +mov ecx, dword [ebp - 0x528] +mov dx, word [ecx + esi*2 + 0x43] +mov ecx, dword [ebp - 0x530] +cmp dx, ax +cmovbe eax, edx +mov word [ecx + esi*2 + 0x53a], ax + +loc_fffc2336: ; not directly referenced +inc esi +add edi, 0x13c3 +cmp esi, 2 +jne short loc_fffc22df ; jne 0xfffc22df +inc byte [ebp - 0x52c] + +loc_fffc2348: ; not directly referenced +inc dword [ebp - 0x524] +add dword [ebp - 0x528], 4 +lea eax, [ebp - 0x4ff] +cmp dword [ebp - 0x524], eax +jne loc_fffc2295 ; jne 0xfffc2295 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc236f: ; not directly referenced +push ebp +xor ecx, ecx +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x40 +mov eax, dword [ebp + 8] +mov dword [ebp - 0x3c], 0 +add eax, 0x3757 +mov dword [ebp - 0x2c], eax + +loc_fffc238c: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffc23c0 ; ja 0xfffc23c0 +mov eax, dword [ebp + 8] +cmp byte [eax + 0x374a], 0 +jne short loc_fffc23c0 ; jne 0xfffc23c0 + +loc_fffc23a0: ; not directly referenced +inc ecx +add dword [ebp - 0x3c], 0x23 +add dword [ebp - 0x2c], 8 +cmp ecx, 4 +jne short loc_fffc238c ; jne 0xfffc238c +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48de +jmp near loc_fffc2537 ; jmp 0xfffc2537 + +loc_fffc23c0: ; not directly referenced +mov eax, dword [ebp + 8] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x28], 0 +add eax, 0x49c0 +mov dword [ebp - 0x40], eax +imul eax, ecx, 0x2e +mov dword [ebp - 0x44], eax +mov eax, dword [ebp - 0x2c] +mov dword [ebp - 0x30], eax +mov eax, dword [ebp - 0x3c] +lea esi, [eax + 0x18b] +add eax, 0xbb +mov dword [ebp - 0x48], esi +mov dword [ebp - 0x4c], eax + +loc_fffc23fa: ; not directly referenced +mov eax, dword [ebp + 8] +mov ebx, dword [ebp - 0x28] +mov esi, dword [ebp - 0x40] +mov dword [ebp - 0x24], 0 +lea ebx, [eax + ebx + 0x1973] + +loc_fffc2411: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffc24f6 ; jne 0xfffc24f6 +mov eax, dword [ebp - 0x44] +mov edi, dword [ebp - 0x24] +mov eax, dword [esi + eax - 0xf2] +mov dword [ebp - 0x20], eax +mov eax, dword [ebp - 0x30] +mov edx, dword [eax + edi + 0xc9] +mov eax, dword [eax + edi + 0xcd] +mov dword [ebp - 0x34], edx +mov dword [ebp - 0x38], eax +cmp ecx, 1 +je short loc_fffc2496 ; je 0xfffc2496 +jb short loc_fffc24a2 ; jb 0xfffc24a2 +cmp ecx, 3 +ja short loc_fffc24a2 ; ja 0xfffc24a2 +cmp ecx, 2 +mov dl, byte [esi] +jne short loc_fffc2461 ; jne 0xfffc2461 +and dl, 1 +jne short loc_fffc2468 ; jne 0xfffc2468 +xor eax, eax +jmp short loc_fffc24de ; jmp 0xfffc24de + +loc_fffc2461: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffc24de ; je 0xfffc24de + +loc_fffc2468: ; not directly referenced +mov edx, dword [esi - 0x21] +mov eax, dword [ebp - 0x4c] +mov edi, dword [ebp - 0x48] +and edx, 0xfffffffd +add eax, ebx +add edi, ebx +dec edx +cmovne eax, edi +xor edi, edi +cmp byte [esi + 1], 0x13 +movzx edx, byte [eax + 7] +jne short loc_fffc248c ; jne 0xfffc248c +movsx edi, byte [eax + 0x1d] + +loc_fffc248c: ; not directly referenced +xor eax, eax +cmp dword [ebp - 0x20], 0 +je short loc_fffc24de ; je 0xfffc24de +jmp short loc_fffc24c8 ; jmp 0xfffc24c8 + +loc_fffc2496: ; not directly referenced +movzx eax, word [ebx + 0x258] +test ax, ax +jne short loc_fffc24de ; jne 0xfffc24de + +loc_fffc24a2: ; not directly referenced +xor eax, eax +cmp dword [ebp - 0x20], 0 +je short loc_fffc24de ; je 0xfffc24de +mov eax, dword [esi - 0x21] +and eax, 0xfffffffd +dec eax +jne short loc_fffc24bd ; jne 0xfffc24bd +movzx edx, byte [ebx + 0x5a] +movsx edi, byte [ebx + 0x6c] +jmp short loc_fffc24c8 ; jmp 0xfffc24c8 + +loc_fffc24bd: ; not directly referenced +movzx edx, byte [ebx + 0x61] +movsx edi, byte [ebx + 0xc2] -loc_fffc2c4e: ; not directly referenced +loc_fffc24c8: ; not directly referenced +imul edx, dword [ebp - 0x34] +mov eax, dword [ebp - 0x20] +imul edi, dword [ebp - 0x38] +lea eax, [eax + edx - 1] xor edx, edx -div esi +add eax, edi +div dword [ebp - 0x20] -loc_fffc2c52: ; not directly referenced +loc_fffc24de: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x1c] -cmp eax, 0x36 -mov esi, 0x36 -cmova eax, esi +cmp eax, 0x14 +mov edi, 0x14 +cmova eax, edi cmp eax, edx cmovb eax, edx mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffc2c6a: ; not directly referenced +loc_fffc24f6: ; not directly referenced add dword [ebp - 0x24], 0x20 -add edi, 0x128 +add esi, 0x128 add ebx, 0x277 cmp dword [ebp - 0x24], 0x40 -jne loc_fffc2b9f ; jne 0xfffc2b9f -add dword [ebp - 0x20], 0x54a -add dword [ebp - 0x2c], 0x13c3 -cmp dword [ebp - 0x20], 0xa94 -jne loc_fffc2b80 ; jne 0xfffc2b80 -jmp near loc_fffc2b33 ; jmp 0xfffc2b33 +jne loc_fffc2411 ; jne 0xfffc2411 +add dword [ebp - 0x28], 0x54a +add dword [ebp - 0x40], 0x13c3 +add dword [ebp - 0x30], 0x13c3 +cmp dword [ebp - 0x28], 0xa94 +jne loc_fffc23fa ; jne 0xfffc23fa +jmp near loc_fffc23a0 ; jmp 0xfffc23a0 -loc_fffc2ca4: ; not directly referenced +loc_fffc2537: ; not directly referenced cmp ecx, 1 -ja short loc_fffc2cb5 ; ja 0xfffc2cb5 -mov edi, dword [ebp + 8] -cmp byte [edi + 0x3749], 0 -je short loc_fffc2cdf ; je 0xfffc2cdf +ja short loc_fffc2548 ; ja 0xfffc2548 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je short loc_fffc2572 ; je 0xfffc2572 -loc_fffc2cb5: ; not directly referenced +loc_fffc2548: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -46728,12 +46033,12 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffc2cdf: ; not directly referenced +loc_fffc2572: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffc2ca4 ; jne 0xfffc2ca4 -add esp, 0x30 +jne short loc_fffc2537 ; jne 0xfffc2537 +add esp, 0x40 mov eax, 1 pop ebx pop esi @@ -46741,199 +46046,199 @@ pop edi pop ebp ret -fcn_fffc2cf5: ; not directly referenced +fcn_fffc2588: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi push ebx -xor ebx, ebx -sub esp, 0x34 -mov dword [ebp - 0x20], 0xc +sub esp, 0x44 +mov eax, dword [ebp + 8] +mov dword [ebp - 0x40], 0 +add eax, 0x3757 +mov dword [ebp - 0x30], eax -loc_fffc2d07: ; not directly referenced -lea eax, [ebx - 2] +loc_fffc25a5: ; not directly referenced +lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffc2d1f ; ja 0xfffc2d1f -mov esi, dword [ebp + 8] -cmp byte [esi + 0x3749], 0 -je loc_fffc2f1e ; je 0xfffc2f1e +ja short loc_fffc25d9 ; ja 0xfffc25d9 +mov eax, dword [ebp + 8] +cmp byte [eax + 0x374a], 0 +jne short loc_fffc25d9 ; jne 0xfffc25d9 -loc_fffc2d1f: ; not directly referenced -imul esi, ebx, 0x2e -imul eax, eax, 0x23 -lea edi, [ebx*8 + 0x3756] -mov dword [ebp + ebx*4 - 0x1c], 0 -mov dword [ebp - 0x34], esi -mov dword [ebp - 0x24], 0 -mov dword [ebp - 0x40], edi -mov dword [ebp - 0x30], eax +loc_fffc25b9: ; not directly referenced +inc ecx +add dword [ebp - 0x40], 0x23 +add dword [ebp - 0x30], 8 +cmp ecx, 4 +jne short loc_fffc25a5 ; jne 0xfffc25a5 +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48dc +jmp near loc_fffc27b6 ; jmp 0xfffc27b6 -loc_fffc2d44: ; not directly referenced -mov edi, dword [ebp - 0x24] -mov esi, dword [ebp - 0x40] +loc_fffc25d9: ; not directly referenced +mov eax, dword [ebp + 8] +mov dword [ebp + ecx*4 - 0x1c], 0 mov dword [ebp - 0x28], 0 -imul eax, edi, 0x13c3 -imul edx, edi, 0x54a -mov edi, dword [ebp + 8] -lea ecx, [esi + eax] -mov esi, dword [ebp + 8] -add ecx, dword [ebp + 8] -lea edi, [edi + edx + 0x1973] -mov dword [ebp - 0x3c], ecx -lea esi, [esi + eax + 0x49bf] +add eax, 0x49c0 +mov dword [ebp - 0x44], eax +imul eax, ecx, 0x2e +mov dword [ebp - 0x48], eax +mov eax, dword [ebp - 0x30] +mov dword [ebp - 0x34], eax +mov eax, dword [ebp - 0x40] +lea ebx, [eax + 0x18b] +add eax, 0xbb +mov dword [ebp - 0x4c], ebx +mov dword [ebp - 0x50], eax -loc_fffc2d7a: ; not directly referenced -cmp dword [esi - 0xf6], 2 -jne loc_fffc2ef7 ; jne 0xfffc2ef7 -mov eax, dword [ebp - 0x34] -mov edx, dword [ebp - 0x28] -mov ecx, dword [esi + eax - 0xf2] -mov eax, dword [ebp - 0x3c] -mov eax, dword [eax + edx + 0xc9] -mov edx, dword [esi - 0x21] -mov dword [ebp - 0x38], eax -mov eax, 0x12 -cmp edx, 2 -cmovne eax, dword [ebp - 0x20] +loc_fffc2613: ; not directly referenced +mov eax, dword [ebp + 8] +mov ebx, dword [ebp - 0x28] +mov dword [ebp - 0x2c], 0 +lea ebx, [eax + ebx + 0x1973] +mov eax, dword [ebp - 0x44] mov dword [ebp - 0x20], eax -cmp ebx, 1 -je short loc_fffc2e16 ; je 0xfffc2e16 -jb short loc_fffc2e26 ; jb 0xfffc2e26 -cmp ebx, 3 -ja short loc_fffc2e26 ; ja 0xfffc2e26 -mov al, byte [esi] -cmp ebx, 2 -mov byte [ebp - 0x29], al -jne short loc_fffc2dd4 ; jne 0xfffc2dd4 -test al, 1 -jne short loc_fffc2de0 ; jne 0xfffc2de0 -xor eax, eax -jmp near loc_fffc2ee2 ; jmp 0xfffc2ee2 -loc_fffc2dd4: ; not directly referenced +loc_fffc262d: ; not directly referenced +mov eax, dword [ebp - 0x20] +cmp dword [eax - 0xf6], 2 +jne loc_fffc2774 ; jne 0xfffc2774 +mov edi, dword [ebp - 0x48] +mov esi, dword [ebp - 0x2c] +mov edx, dword [eax + edi - 0xf2] +mov edi, dword [ebp - 0x34] +mov dword [ebp - 0x24], edx +mov edx, dword [edi + esi + 0xc9] +mov edi, dword [edi + esi + 0xcd] +mov dword [ebp - 0x38], edx +mov dword [ebp - 0x3c], edi +cmp ecx, 1 +je loc_fffc26f2 ; je 0xfffc26f2 +jb loc_fffc26fe ; jb 0xfffc26fe +cmp ecx, 3 +ja loc_fffc26fe ; ja 0xfffc26fe +cmp ecx, 2 +mov dl, byte [eax] +jne short loc_fffc268f ; jne 0xfffc268f +and dl, 1 +jne short loc_fffc269a ; jne 0xfffc269a xor eax, eax -test byte [ebp - 0x29], 2 -je loc_fffc2ee2 ; je 0xfffc2ee2 +jmp near loc_fffc275a ; jmp 0xfffc275a -loc_fffc2de0: ; not directly referenced -and edx, 0xfffffffd -mov eax, dword [ebp - 0x30] -dec edx -jne short loc_fffc2df3 ; jne 0xfffc2df3 -movzx edx, byte [edi + eax + 0x106] -jmp short loc_fffc2dfb ; jmp 0xfffc2dfb +loc_fffc268f: ; not directly referenced +xor eax, eax +and dl, 2 +je loc_fffc275a ; je 0xfffc275a -loc_fffc2df3: ; not directly referenced -movzx edx, byte [edi + eax + 0x1d6] +loc_fffc269a: ; not directly referenced +mov eax, dword [ebp - 0x20] +mov esi, dword [ebp - 0x50] +mov edx, dword [ebp - 0x4c] +mov eax, dword [eax - 0x21] +lea edi, [esi + ebx] +add edx, ebx +and eax, 0xfffffffd +dec eax +cmovne edi, edx +xor edx, edx +mov al, byte [edi + 9] +shr al, 4 +movzx esi, al +movzx eax, byte [edi + 0xb] +shl esi, 8 +or esi, eax +mov eax, dword [ebp - 0x20] +cmp byte [eax + 1], 0x13 +jne short loc_fffc26d3 ; jne 0xfffc26d3 +movsx edx, byte [edi + 0x1e] -loc_fffc2dfb: ; not directly referenced +loc_fffc26d3: ; not directly referenced xor eax, eax -test ecx, ecx -je loc_fffc2ee2 ; je 0xfffc2ee2 -imul edx, dword [ebp - 0x38] -lea eax, [ecx + edx - 1] +cmp dword [ebp - 0x24], 0 +je short loc_fffc275a ; je 0xfffc275a +mov edi, dword [ebp - 0x24] +imul esi, dword [ebp - 0x38] +imul edx, dword [ebp - 0x3c] +lea eax, [edi + esi - 1] +add eax, edx xor edx, edx -div ecx -jmp near loc_fffc2ee2 ; jmp 0xfffc2ee2 +div edi +jmp short loc_fffc275a ; jmp 0xfffc275a -loc_fffc2e16: ; not directly referenced -movzx eax, word [edi + 0x250] +loc_fffc26f2: ; not directly referenced +movzx eax, word [ebx + 0x256] test ax, ax -jne loc_fffc2ee2 ; jne 0xfffc2ee2 +jne short loc_fffc275a ; jne 0xfffc275a -loc_fffc2e26: ; not directly referenced -cmp edx, 3 -jne short loc_fffc2e65 ; jne 0xfffc2e65 -mov eax, 9 -cmp ecx, 0x105944 -jbe loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 7 -cmp ecx, 0x16e360 -jbe loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 5 -cmp ecx, 0x1c9c38 -jbe loc_fffc2ee2 ; jbe 0xfffc2ee2 -cmp ecx, 0x2625a1 -sbb eax, eax -and eax, 4 -jmp short loc_fffc2ee2 ; jmp 0xfffc2ee2 +loc_fffc26fe: ; not directly referenced +xor eax, eax +cmp dword [ebp - 0x24], 0 +je short loc_fffc275a ; je 0xfffc275a +mov eax, dword [ebp - 0x20] +mov eax, dword [eax - 0x21] +and eax, 0xfffffffd +dec eax +jne short loc_fffc272a ; jne 0xfffc272a +mov al, byte [ebx + 0x5d] +movsx edi, byte [ebx + 0x6e] +shr al, 4 +movzx esi, al +movzx eax, byte [ebx + 0x5f] +shl esi, 8 +or esi, eax +jmp short loc_fffc2743 ; jmp 0xfffc2743 -loc_fffc2e65: ; not directly referenced -cmp edx, 2 -jne short loc_fffc2ea2 ; jne 0xfffc2ea2 -mov eax, 0x12 -cmp ecx, 0xbbcce -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 0xc -cmp ecx, 0xcb735 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 0xb -cmp ecx, 0xe5010 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 0xa -cmp ecx, 0x105944 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -cmp ecx, 0x1312d1 -sbb eax, eax -and eax, 9 -jmp short loc_fffc2ee2 ; jmp 0xfffc2ee2 +loc_fffc272a: ; not directly referenced +mov al, byte [ebx + 0x63] +movsx edi, byte [ebx + 0xc0] +shr al, 4 +movzx esi, al +movzx eax, byte [ebx + 0x65] +shl esi, 8 +or esi, eax -loc_fffc2ea2: ; not directly referenced -mov eax, 0xa -cmp ecx, 0xe5010 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 9 -cmp ecx, 0x105944 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 8 -cmp ecx, 0x1312d0 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 7 -cmp ecx, 0x16e360 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -mov al, 6 -cmp ecx, 0x1c9c38 -jbe short loc_fffc2ee2 ; jbe 0xfffc2ee2 -cmp ecx, 0x2625a1 -sbb eax, eax -and eax, 5 +loc_fffc2743: ; not directly referenced +mov eax, dword [ebp - 0x24] +xor edx, edx +imul esi, dword [ebp - 0x38] +imul edi, dword [ebp - 0x3c] +lea esi, [eax + esi - 1] +lea eax, [esi + edi] +div dword [ebp - 0x24] -loc_fffc2ee2: ; not directly referenced -mov edx, dword [ebp - 0x20] -cmp eax, edx -cmova eax, edx -mov edx, dword [ebp + ebx*4 - 0x1c] +loc_fffc275a: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, 0xfff +mov edi, 0xfff +cmova eax, edi cmp eax, edx cmovb eax, edx -mov dword [ebp + ebx*4 - 0x1c], eax - -loc_fffc2ef7: ; not directly referenced -add dword [ebp - 0x28], 0x20 -add esi, 0x128 -add edi, 0x277 -cmp dword [ebp - 0x28], 0x40 -jne loc_fffc2d7a ; jne 0xfffc2d7a -inc dword [ebp - 0x24] -cmp dword [ebp - 0x24], 2 -jne loc_fffc2d44 ; jne 0xfffc2d44 +mov dword [ebp + ecx*4 - 0x1c], eax -loc_fffc2f1e: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffc2d07 ; jne 0xfffc2d07 -mov eax, dword [ebp + 8] -mov ecx, 0xfffffffe -add eax, 0x48d5 +loc_fffc2774: ; not directly referenced +add dword [ebp - 0x2c], 0x20 +add ebx, 0x277 +add dword [ebp - 0x20], 0x128 +cmp dword [ebp - 0x2c], 0x40 +jne loc_fffc262d ; jne 0xfffc262d +add dword [ebp - 0x28], 0x54a +add dword [ebp - 0x44], 0x13c3 +add dword [ebp - 0x34], 0x13c3 +cmp dword [ebp - 0x28], 0xa94 +jne loc_fffc2613 ; jne 0xfffc2613 +jmp near loc_fffc25b9 ; jmp 0xfffc25b9 -loc_fffc2f35: ; not directly referenced +loc_fffc27b6: ; not directly referenced cmp ecx, 1 -ja short loc_fffc2f46 ; ja 0xfffc2f46 +ja short loc_fffc27c7 ; ja 0xfffc27c7 mov ebx, dword [ebp + 8] -cmp byte [ebx + 0x3749], 0 -je short loc_fffc2f70 ; je 0xfffc2f70 +cmp byte [ebx + 0x374a], 0 +je short loc_fffc27f1 ; je 0xfffc27f1 -loc_fffc2f46: ; not directly referenced +loc_fffc27c7: ; not directly referenced mov edx, dword [ebp + ecx*4 - 0x14] mov word [eax], dx mov word [eax - 0x1173], dx @@ -46942,12 +46247,12 @@ mov word [eax + 0x13c3], dx mov word [eax + 0x250], dx mov word [eax + 0x14eb], dx -loc_fffc2f70: ; not directly referenced +loc_fffc27f1: ; not directly referenced inc ecx add eax, 0x2e cmp ecx, 2 -jne short loc_fffc2f35 ; jne 0xfffc2f35 -add esp, 0x34 +jne short loc_fffc27b6 ; jne 0xfffc27b6 +add esp, 0x44 mov eax, 1 pop ebx pop esi @@ -46955,84 +46260,660 @@ pop edi pop ebp ret -fcn_fffc2f86: ; not directly referenced +fcn_fffc2807: ; not directly referenced push ebp +xor ecx, ecx mov ebp, esp push edi push esi -xor esi, esi push ebx -sub esp, 0x24 +sub esp, 0x3c +mov dword [ebp - 0x28], 0 -loc_fffc2f91: ; not directly referenced -lea eax, [esi - 2] +loc_fffc2819: ; not directly referenced +lea eax, [ecx - 2] cmp eax, 1 -ja short loc_fffc2fb8 ; ja 0xfffc2fb8 +ja short loc_fffc2849 ; ja 0xfffc2849 mov eax, dword [ebp + 8] -cmp byte [eax + 0x3749], 0 -jne short loc_fffc2fb8 ; jne 0xfffc2fb8 - -loc_fffc2fa5: ; not directly referenced -inc esi -cmp esi, 4 -jne short loc_fffc2f91 ; jne 0xfffc2f91 -add esp, 0x24 -mov eax, 1 -pop ebx -pop esi -pop edi -pop ebp -ret +cmp byte [eax + 0x374a], 0 +jne short loc_fffc2849 ; jne 0xfffc2849 -loc_fffc2fb8: ; not directly referenced +loc_fffc282d: ; not directly referenced +inc ecx +add dword [ebp - 0x28], 0x23 +cmp ecx, 4 +jne short loc_fffc2819 ; jne 0xfffc2819 mov eax, dword [ebp + 8] -mov byte [ebp - 0x1f], 2 -add eax, 0x1973 -mov dword [ebp - 0x24], eax +mov ecx, 0xfffffffe +add eax, 0x48da +jmp near loc_fffc29b8 ; jmp 0xfffc29b8 + +loc_fffc2849: ; not directly referenced mov eax, dword [ebp + 8] -add eax, 0x3756 -mov dword [ebp - 0x14], eax -lea eax, [esi*8] -mov dword [ebp - 0x28], eax -lea eax, [esi + esi + 0xf8] -mov dword [ebp - 0x2c], eax -lea eax, [esi - 2] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +add eax, 0x49c0 mov dword [ebp - 0x30], eax +imul eax, ecx, 0x2e +mov dword [ebp - 0x3c], eax +lea eax, [ecx*8 - 0x1269] +mov dword [ebp - 0x44], eax +mov eax, dword [ebp - 0x28] +add eax, 0x18b +mov dword [ebp - 0x48], eax -loc_fffc2fec: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov ecx, dword [ebp - 0x24] -mov edi, dword [ebp - 0x28] -mov dword [ebp - 0x10], 0 -add eax, ecx -mov dword [ebp - 0x1c], eax -mov eax, dword [ebp - 0x14] +loc_fffc287e: ; not directly referenced +mov eax, dword [ebp - 0x44] +mov edi, dword [ebp - 0x30] +mov ebx, dword [ebp - 0x20] +mov dword [ebp - 0x24], 0 +add eax, edi +mov dword [ebp - 0x34], eax +mov eax, dword [ebp + 8] +lea ebx, [eax + ebx + 0x1973] +mov eax, dword [ebp - 0x28] +add eax, 0xbb +mov dword [ebp - 0x40], eax + +loc_fffc28a8: ; not directly referenced +cmp dword [edi - 0xf6], 2 +jne loc_fffc297e ; jne 0xfffc297e +mov eax, dword [ebp - 0x3c] +mov edx, dword [ebp - 0x24] +mov esi, dword [edi + eax - 0xf2] +mov eax, dword [ebp - 0x34] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x2c], eax +cmp ecx, 1 +je short loc_fffc2921 ; je 0xfffc2921 +jb short loc_fffc292d ; jb 0xfffc292d +cmp ecx, 3 +ja short loc_fffc292d ; ja 0xfffc292d +cmp ecx, 2 +mov dl, byte [edi] +jne short loc_fffc28eb ; jne 0xfffc28eb +and dl, 1 +jne short loc_fffc28f2 ; jne 0xfffc28f2 +xor eax, eax +jmp short loc_fffc2966 ; jmp 0xfffc2966 + +loc_fffc28eb: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffc2966 ; je 0xfffc2966 + +loc_fffc28f2: ; not directly referenced +mov eax, dword [ebp - 0x40] +mov edx, dword [edi - 0x21] +add eax, ebx +mov dword [ebp - 0x38], eax +mov eax, dword [ebp - 0x48] +and edx, 0xfffffffd +add eax, ebx +dec edx +cmove eax, dword [ebp - 0x38] +mov dl, byte [eax + 9] +movzx eax, byte [eax + 0xa] +and edx, 0xf +shl edx, 8 +or edx, eax +xor eax, eax +test esi, esi +je short loc_fffc2966 ; je 0xfffc2966 +jmp short loc_fffc295a ; jmp 0xfffc295a + +loc_fffc2921: ; not directly referenced +movzx eax, word [ebx + 0x254] +test ax, ax +jne short loc_fffc2966 ; jne 0xfffc2966 + +loc_fffc292d: ; not directly referenced +xor eax, eax +test esi, esi +je short loc_fffc2966 ; je 0xfffc2966 +mov eax, dword [edi - 0x21] +and eax, 0xfffffffd +dec eax +jne short loc_fffc294b ; jne 0xfffc294b +mov dl, byte [ebx + 0x5d] +movzx eax, byte [ebx + 0x5e] +and edx, 0xf +shl edx, 8 +jmp short loc_fffc2958 ; jmp 0xfffc2958 + +loc_fffc294b: ; not directly referenced +mov dl, byte [ebx + 0x63] +movzx eax, byte [ebx + 0x64] +and edx, 0xf +shl edx, 8 + +loc_fffc2958: ; not directly referenced +or edx, eax + +loc_fffc295a: ; not directly referenced +imul edx, dword [ebp - 0x2c] +lea eax, [esi + edx - 1] +xor edx, edx +div esi + +loc_fffc2966: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, 0x28 +mov esi, 0x28 +cmova eax, esi +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax + +loc_fffc297e: ; not directly referenced +add dword [ebp - 0x24], 0x20 +add edi, 0x128 +add ebx, 0x277 +cmp dword [ebp - 0x24], 0x40 +jne loc_fffc28a8 ; jne 0xfffc28a8 +add dword [ebp - 0x20], 0x54a +add dword [ebp - 0x30], 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffc287e ; jne 0xfffc287e +jmp near loc_fffc282d ; jmp 0xfffc282d + +loc_fffc29b8: ; not directly referenced +cmp ecx, 1 +ja short loc_fffc29c9 ; ja 0xfffc29c9 +mov ebx, dword [ebp + 8] +cmp byte [ebx + 0x374a], 0 +je short loc_fffc29f3 ; je 0xfffc29f3 + +loc_fffc29c9: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffc29f3: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffc29b8 ; jne 0xfffc29b8 +add esp, 0x3c +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc2a09: ; not directly referenced +push ebp +xor ecx, ecx +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x30 + +loc_fffc2a14: ; not directly referenced +lea eax, [ecx - 2] +cmp eax, 1 +ja short loc_fffc2a40 ; ja 0xfffc2a40 +mov eax, dword [ebp + 8] +cmp byte [eax + 0x374a], 0 +jne short loc_fffc2a40 ; jne 0xfffc2a40 + +loc_fffc2a28: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc2a14 ; jne 0xfffc2a14 +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48d8 +jmp near loc_fffc2b99 ; jmp 0xfffc2b99 + +loc_fffc2a40: ; not directly referenced +mov eax, dword [ebp + 8] +lea esi, [ecx*8 - 0x1269] +mov dword [ebp + ecx*4 - 0x1c], 0 +mov dword [ebp - 0x20], 0 +mov dword [ebp - 0x38], esi +add eax, 0x49c0 +mov dword [ebp - 0x2c], eax +imul eax, ecx, 0x2e +mov dword [ebp - 0x30], eax +imul eax, ecx, 0x23 +add eax, 0xbb +mov dword [ebp - 0x3c], eax + +loc_fffc2a75: ; not directly referenced +mov eax, dword [ebp - 0x38] +mov edi, dword [ebp - 0x2c] +mov ebx, dword [ebp - 0x20] +mov dword [ebp - 0x24], 0 +add eax, edi +mov dword [ebp - 0x34], eax +mov eax, dword [ebp + 8] +lea ebx, [eax + ebx + 0x1973] + +loc_fffc2a94: ; not directly referenced +cmp dword [edi - 0xf6], 2 +jne loc_fffc2b5f ; jne 0xfffc2b5f +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x24] +mov esi, dword [edi + eax - 0xf2] +mov eax, dword [ebp - 0x34] +mov eax, dword [eax + edx + 0xc9] +mov dword [ebp - 0x28], eax +cmp ecx, 1 +je short loc_fffc2b02 ; je 0xfffc2b02 +jb short loc_fffc2b0e ; jb 0xfffc2b0e +cmp ecx, 3 +ja short loc_fffc2b0e ; ja 0xfffc2b0e +cmp ecx, 2 +mov dl, byte [edi] +jne short loc_fffc2ad7 ; jne 0xfffc2ad7 +and dl, 1 +jne short loc_fffc2ade ; jne 0xfffc2ade +xor eax, eax +jmp short loc_fffc2b47 ; jmp 0xfffc2b47 + +loc_fffc2ad7: ; not directly referenced +xor eax, eax +and dl, 2 +je short loc_fffc2b47 ; je 0xfffc2b47 + +loc_fffc2ade: ; not directly referenced +mov eax, dword [ebp - 0x3c] +add eax, ebx +mov dl, byte [eax + 0x12] +movzx eax, byte [eax + 0x13] +and edx, 0xf +shl edx, 8 +or edx, eax +xor eax, eax +test esi, esi +je short loc_fffc2b47 ; je 0xfffc2b47 +imul edx, dword [ebp - 0x28] +lea eax, [esi + edx - 1] +jmp short loc_fffc2b43 ; jmp 0xfffc2b43 + +loc_fffc2b02: ; not directly referenced +movzx eax, word [ebx + 0x252] +test ax, ax +jne short loc_fffc2b47 ; jne 0xfffc2b47 + +loc_fffc2b0e: ; not directly referenced +xor eax, eax +test esi, esi +je short loc_fffc2b47 ; je 0xfffc2b47 +mov eax, dword [edi - 0x21] +and eax, 0xfffffffd +dec eax +jne short loc_fffc2b2c ; jne 0xfffc2b2c +mov al, byte [ebx + 0x64] +movzx edx, byte [ebx + 0x65] +and eax, 0xf +shl eax, 8 +jmp short loc_fffc2b39 ; jmp 0xfffc2b39 + +loc_fffc2b2c: ; not directly referenced +mov al, byte [ebx + 0x6c] +movzx edx, byte [ebx + 0x6d] +and eax, 0xf +shl eax, 8 + +loc_fffc2b39: ; not directly referenced +or eax, edx +imul eax, dword [ebp - 0x28] +lea eax, [esi + eax - 1] + +loc_fffc2b43: ; not directly referenced +xor edx, edx +div esi + +loc_fffc2b47: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x1c] +cmp eax, 0x36 +mov esi, 0x36 +cmova eax, esi +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ecx*4 - 0x1c], eax + +loc_fffc2b5f: ; not directly referenced +add dword [ebp - 0x24], 0x20 +add edi, 0x128 +add ebx, 0x277 +cmp dword [ebp - 0x24], 0x40 +jne loc_fffc2a94 ; jne 0xfffc2a94 +add dword [ebp - 0x20], 0x54a +add dword [ebp - 0x2c], 0x13c3 +cmp dword [ebp - 0x20], 0xa94 +jne loc_fffc2a75 ; jne 0xfffc2a75 +jmp near loc_fffc2a28 ; jmp 0xfffc2a28 + +loc_fffc2b99: ; not directly referenced +cmp ecx, 1 +ja short loc_fffc2baa ; ja 0xfffc2baa +mov edi, dword [ebp + 8] +cmp byte [edi + 0x374a], 0 +je short loc_fffc2bd4 ; je 0xfffc2bd4 + +loc_fffc2baa: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffc2bd4: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffc2b99 ; jne 0xfffc2b99 +add esp, 0x30 +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc2bea: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +xor ebx, ebx +sub esp, 0x34 +mov dword [ebp - 0x20], 0xc + +loc_fffc2bfc: ; not directly referenced +lea eax, [ebx - 2] +cmp eax, 1 +ja short loc_fffc2c14 ; ja 0xfffc2c14 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x374a], 0 +je loc_fffc2e13 ; je 0xfffc2e13 + +loc_fffc2c14: ; not directly referenced +imul esi, ebx, 0x2e +imul eax, eax, 0x23 +lea edi, [ebx*8 + 0x3757] +mov dword [ebp + ebx*4 - 0x1c], 0 +mov dword [ebp - 0x34], esi +mov dword [ebp - 0x24], 0 +mov dword [ebp - 0x40], edi +mov dword [ebp - 0x30], eax + +loc_fffc2c39: ; not directly referenced +mov edi, dword [ebp - 0x24] +mov esi, dword [ebp - 0x40] +mov dword [ebp - 0x28], 0 +imul eax, edi, 0x13c3 +imul edx, edi, 0x54a +mov edi, dword [ebp + 8] +lea ecx, [esi + eax] +mov esi, dword [ebp + 8] +add ecx, dword [ebp + 8] +lea edi, [edi + edx + 0x1973] +mov dword [ebp - 0x3c], ecx +lea esi, [esi + eax + 0x49c0] + +loc_fffc2c6f: ; not directly referenced +cmp dword [esi - 0xf6], 2 +jne loc_fffc2dec ; jne 0xfffc2dec +mov eax, dword [ebp - 0x34] +mov edx, dword [ebp - 0x28] +mov ecx, dword [esi + eax - 0xf2] +mov eax, dword [ebp - 0x3c] +mov eax, dword [eax + edx + 0xc9] +mov edx, dword [esi - 0x21] +mov dword [ebp - 0x38], eax +mov eax, 0x12 +cmp edx, 2 +cmovne eax, dword [ebp - 0x20] +mov dword [ebp - 0x20], eax +cmp ebx, 1 +je short loc_fffc2d0b ; je 0xfffc2d0b +jb short loc_fffc2d1b ; jb 0xfffc2d1b +cmp ebx, 3 +ja short loc_fffc2d1b ; ja 0xfffc2d1b +mov al, byte [esi] +cmp ebx, 2 +mov byte [ebp - 0x29], al +jne short loc_fffc2cc9 ; jne 0xfffc2cc9 +test al, 1 +jne short loc_fffc2cd5 ; jne 0xfffc2cd5 +xor eax, eax +jmp near loc_fffc2dd7 ; jmp 0xfffc2dd7 + +loc_fffc2cc9: ; not directly referenced +xor eax, eax +test byte [ebp - 0x29], 2 +je loc_fffc2dd7 ; je 0xfffc2dd7 + +loc_fffc2cd5: ; not directly referenced +and edx, 0xfffffffd +mov eax, dword [ebp - 0x30] +dec edx +jne short loc_fffc2ce8 ; jne 0xfffc2ce8 +movzx edx, byte [edi + eax + 0x106] +jmp short loc_fffc2cf0 ; jmp 0xfffc2cf0 + +loc_fffc2ce8: ; not directly referenced +movzx edx, byte [edi + eax + 0x1d6] + +loc_fffc2cf0: ; not directly referenced +xor eax, eax +test ecx, ecx +je loc_fffc2dd7 ; je 0xfffc2dd7 +imul edx, dword [ebp - 0x38] +lea eax, [ecx + edx - 1] +xor edx, edx +div ecx +jmp near loc_fffc2dd7 ; jmp 0xfffc2dd7 + +loc_fffc2d0b: ; not directly referenced +movzx eax, word [edi + 0x250] +test ax, ax +jne loc_fffc2dd7 ; jne 0xfffc2dd7 + +loc_fffc2d1b: ; not directly referenced +cmp edx, 3 +jne short loc_fffc2d5a ; jne 0xfffc2d5a +mov eax, 9 +cmp ecx, 0x105944 +jbe loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 7 +cmp ecx, 0x16e360 +jbe loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 5 +cmp ecx, 0x1c9c38 +jbe loc_fffc2dd7 ; jbe 0xfffc2dd7 +cmp ecx, 0x2625a1 +sbb eax, eax +and eax, 4 +jmp short loc_fffc2dd7 ; jmp 0xfffc2dd7 + +loc_fffc2d5a: ; not directly referenced +cmp edx, 2 +jne short loc_fffc2d97 ; jne 0xfffc2d97 +mov eax, 0x12 +cmp ecx, 0xbbcce +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 0xc +cmp ecx, 0xcb735 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 0xb +cmp ecx, 0xe5010 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 0xa +cmp ecx, 0x105944 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +cmp ecx, 0x1312d1 +sbb eax, eax +and eax, 9 +jmp short loc_fffc2dd7 ; jmp 0xfffc2dd7 + +loc_fffc2d97: ; not directly referenced +mov eax, 0xa +cmp ecx, 0xe5010 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 9 +cmp ecx, 0x105944 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 8 +cmp ecx, 0x1312d0 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 7 +cmp ecx, 0x16e360 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +mov al, 6 +cmp ecx, 0x1c9c38 +jbe short loc_fffc2dd7 ; jbe 0xfffc2dd7 +cmp ecx, 0x2625a1 +sbb eax, eax +and eax, 5 + +loc_fffc2dd7: ; not directly referenced +mov edx, dword [ebp - 0x20] +cmp eax, edx +cmova eax, edx +mov edx, dword [ebp + ebx*4 - 0x1c] +cmp eax, edx +cmovb eax, edx +mov dword [ebp + ebx*4 - 0x1c], eax + +loc_fffc2dec: ; not directly referenced +add dword [ebp - 0x28], 0x20 +add esi, 0x128 +add edi, 0x277 +cmp dword [ebp - 0x28], 0x40 +jne loc_fffc2c6f ; jne 0xfffc2c6f +inc dword [ebp - 0x24] +cmp dword [ebp - 0x24], 2 +jne loc_fffc2c39 ; jne 0xfffc2c39 + +loc_fffc2e13: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffc2bfc ; jne 0xfffc2bfc +mov eax, dword [ebp + 8] +mov ecx, 0xfffffffe +add eax, 0x48d6 + +loc_fffc2e2a: ; not directly referenced +cmp ecx, 1 +ja short loc_fffc2e3b ; ja 0xfffc2e3b +mov ebx, dword [ebp + 8] +cmp byte [ebx + 0x374a], 0 +je short loc_fffc2e65 ; je 0xfffc2e65 + +loc_fffc2e3b: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x14] +mov word [eax], dx +mov word [eax - 0x1173], dx +mov word [eax + 0x128], dx +mov word [eax + 0x13c3], dx +mov word [eax + 0x250], dx +mov word [eax + 0x14eb], dx + +loc_fffc2e65: ; not directly referenced +inc ecx +add eax, 0x2e +cmp ecx, 2 +jne short loc_fffc2e2a ; jne 0xfffc2e2a +add esp, 0x34 +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc2e7b: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +xor esi, esi +push ebx +sub esp, 0x24 + +loc_fffc2e86: ; not directly referenced +lea eax, [esi - 2] +cmp eax, 1 +ja short loc_fffc2ead ; ja 0xfffc2ead +mov eax, dword [ebp + 8] +cmp byte [eax + 0x374a], 0 +jne short loc_fffc2ead ; jne 0xfffc2ead + +loc_fffc2e9a: ; not directly referenced +inc esi +cmp esi, 4 +jne short loc_fffc2e86 ; jne 0xfffc2e86 +add esp, 0x24 +mov eax, 1 +pop ebx +pop esi +pop edi +pop ebp +ret + +loc_fffc2ead: ; not directly referenced +mov eax, dword [ebp + 8] +mov byte [ebp - 0x1f], 2 +add eax, 0x1973 +mov dword [ebp - 0x24], eax +mov eax, dword [ebp + 8] +add eax, 0x3757 +mov dword [ebp - 0x14], eax +lea eax, [esi*8] +mov dword [ebp - 0x28], eax +lea eax, [esi + esi + 0xf8] +mov dword [ebp - 0x2c], eax +lea eax, [esi - 2] +mov dword [ebp - 0x30], eax + +loc_fffc2ee1: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov ecx, dword [ebp - 0x24] +mov edi, dword [ebp - 0x28] +mov dword [ebp - 0x10], 0 +add eax, ecx +mov dword [ebp - 0x1c], eax +mov eax, dword [ebp - 0x14] add edi, eax -loc_fffc3006: ; not directly referenced +loc_fffc2efb: ; not directly referenced mov eax, dword [ebp - 0x14] mov ebx, dword [ebp - 0x10] cmp dword [eax + ebx + 0x1173], 2 -jne loc_fffc317b ; jne 0xfffc317b +jne loc_fffc3070 ; jne 0xfffc3070 cmp dword [ebp - 0x30], 1 -ja loc_fffc30e8 ; ja 0xfffc30e8 +ja loc_fffc2fdd ; ja 0xfffc2fdd cmp esi, 2 mov al, byte [eax + ebx + 0x1269] -jne short loc_fffc3034 ; jne 0xfffc3034 +jne short loc_fffc2f29 ; jne 0xfffc2f29 test al, 1 -jmp short loc_fffc3036 ; jmp 0xfffc3036 +jmp short loc_fffc2f2b ; jmp 0xfffc2f2b -loc_fffc3034: ; not directly referenced +loc_fffc2f29: ; not directly referenced test al, 2 -loc_fffc3036: ; not directly referenced -je loc_fffc30cf ; je 0xfffc30cf +loc_fffc2f2b: ; not directly referenced +je loc_fffc2fc4 ; je 0xfffc2fc4 mov eax, dword [ebp - 0x14] mov ebx, dword [ebp - 0x10] mov eax, dword [eax + ebx + 0x1248] and eax, 0xfffffffd dec eax -jne short loc_fffc3068 ; jne 0xfffc3068 +jne short loc_fffc2f5d ; jne 0xfffc2f5d mov al, byte [ecx + 0x100] mov dl, al and eax, 0xf @@ -47040,9 +46921,9 @@ shr dl, 4 mov byte [ebp - 0x18], al mov eax, dword [ebp - 0x1c] mov byte [ebp - 0x1d], dl -jmp short loc_fffc3084 ; jmp 0xfffc3084 +jmp short loc_fffc2f79 ; jmp 0xfffc2f79 -loc_fffc3068: ; not directly referenced +loc_fffc2f5d: ; not directly referenced mov al, byte [ecx + 0x1d0] mov dl, al and eax, 0xf @@ -47052,7 +46933,7 @@ shr dl, 4 mov byte [ebp - 0x1d], dl add eax, 0xd0 -loc_fffc3084: ; not directly referenced +loc_fffc2f79: ; not directly referenced mov bl, byte [eax] mov edx, dword [ebp - 0x10] mov byte [ebp - 0x1e], bl @@ -47060,9 +46941,9 @@ movzx ebx, byte [eax + 1] mov eax, dword [ebp - 0x14] cmp byte [eax + edx + 0x126a], 0x12 mov eax, 0 -je short loc_fffc30bd ; je 0xfffc30bd +je short loc_fffc2fb2 ; je 0xfffc2fb2 cmp byte [ebp - 0x18], 0 -je short loc_fffc30bd ; je 0xfffc30bd +je short loc_fffc2fb2 ; je 0xfffc2fb2 movzx edx, byte [ebp - 0x1d] imul eax, edx, 0x3e8 movzx edx, byte [ebp - 0x18] @@ -47070,26 +46951,26 @@ mov dword [ebp - 0x18], edx cdq idiv dword [ebp - 0x18] -loc_fffc30bd: ; not directly referenced +loc_fffc2fb2: ; not directly referenced mov dword [edi + 0xcd], eax xor eax, eax test bl, bl -je short loc_fffc3144 ; je 0xfffc3144 +je short loc_fffc3039 ; je 0xfffc3039 movzx eax, byte [ebp - 0x1e] -jmp short loc_fffc313b ; jmp 0xfffc313b +jmp short loc_fffc3030 ; jmp 0xfffc3030 -loc_fffc30cf: ; not directly referenced +loc_fffc2fc4: ; not directly referenced mov dword [edi + 0xcd], 0 mov dword [edi + 0xc9], 0 -jmp near loc_fffc317b ; jmp 0xfffc317b +jmp near loc_fffc3070 ; jmp 0xfffc3070 -loc_fffc30e8: ; not directly referenced +loc_fffc2fdd: ; not directly referenced mov eax, dword [ebp - 0x14] mov ebx, dword [ebp - 0x10] mov eax, dword [eax + ebx + 0x1248] and eax, 0xfffffffd dec eax -jne short loc_fffc314c ; jne 0xfffc314c +jne short loc_fffc3041 ; jne 0xfffc3041 mov dl, byte [ecx + 0x51] movzx ebx, byte [ecx + 0x53] mov al, dl @@ -47099,7 +46980,7 @@ mov al, byte [ecx + 0x52] mov byte [ebp - 0x1d], al xor eax, eax and dl, 0xf -je short loc_fffc312b ; je 0xfffc312b +je short loc_fffc3020 ; je 0xfffc3020 movzx eax, byte [ebp - 0x18] movzx edx, dl mov dword [ebp - 0x18], edx @@ -47107,23 +46988,23 @@ imul eax, eax, 0x3e8 cdq idiv dword [ebp - 0x18] -loc_fffc312b: ; not directly referenced +loc_fffc3020: ; not directly referenced mov dword [edi + 0xcd], eax xor eax, eax test bl, bl -je short loc_fffc3144 ; je 0xfffc3144 +je short loc_fffc3039 ; je 0xfffc3039 movzx eax, byte [ebp - 0x1d] -loc_fffc313b: ; not directly referenced +loc_fffc3030: ; not directly referenced imul eax, eax, 0xf4240 cdq idiv ebx -loc_fffc3144: ; not directly referenced +loc_fffc3039: ; not directly referenced mov dword [edi + 0xc9], eax -jmp short loc_fffc317b ; jmp 0xfffc317b +jmp short loc_fffc3070 ; jmp 0xfffc3070 -loc_fffc314c: ; not directly referenced +loc_fffc3041: ; not directly referenced mov al, byte [ecx + 0x59] shr al, 2 and eax, 3 @@ -47138,20 +47019,20 @@ sbb eax, eax and eax, 0x3e8 mov dword [edi + 0xcd], eax -loc_fffc317b: ; not directly referenced +loc_fffc3070: ; not directly referenced add dword [ebp - 0x10], 0x128 add edi, 0x20 add ecx, 0x277 add dword [ebp - 0x1c], 0x277 cmp dword [ebp - 0x10], 0x250 -jne loc_fffc3006 ; jne 0xfffc3006 +jne loc_fffc2efb ; jne 0xfffc2efb add dword [ebp - 0x24], 0x54a add dword [ebp - 0x14], 0x13c3 dec byte [ebp - 0x1f] -jne loc_fffc2fec ; jne 0xfffc2fec -jmp near loc_fffc2fa5 ; jmp 0xfffc2fa5 +jne loc_fffc2ee1 ; jne 0xfffc2ee1 +jmp near loc_fffc2e9a ; jmp 0xfffc2e9a -fcn_fffc31bb: ; not directly referenced +fcn_fffc30b0: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -47159,63 +47040,63 @@ mov ecx, dword [ebp + 0xc] mov edx, dword [eax + 0xd5] and edx, 0xfffffffd dec edx -jne short loc_fffc31d5 ; jne 0xfffc31d5 +jne short loc_fffc30ca ; jne 0xfffc30ca mov dl, byte [ecx + 0x29] -jmp short loc_fffc31d8 ; jmp 0xfffc31d8 +jmp short loc_fffc30cd ; jmp 0xfffc30cd -loc_fffc31d5: ; not directly referenced +loc_fffc30ca: ; not directly referenced mov dl, byte [ecx + 7] -loc_fffc31d8: ; not directly referenced +loc_fffc30cd: ; not directly referenced and edx, 0xf cmp edx, 8 -ja short loc_fffc3234 ; ja 0xfffc3234 -jmp dword [edx*4 + ref_fffd5988] ; ujmp: jmp dword [edx*4 - 0x2a678] +ja short loc_fffc3129 ; ja 0xfffc3129 +jmp dword [edx*4 + ref_fffd5444] ; ujmp: jmp dword [edx*4 - 0x2abbc] -loc_fffc31e7: ; not directly referenced +loc_fffc30dc: ; not directly referenced mov byte [eax + 0xf4], 0 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc31f0: ; not directly referenced +loc_fffc30e5: ; not directly referenced mov byte [eax + 0xf4], 2 -loc_fffc31f7: ; not directly referenced +loc_fffc30ec: ; not directly referenced mov eax, 1 -jmp short loc_fffc323d ; jmp 0xfffc323d +jmp short loc_fffc3132 ; jmp 0xfffc3132 -loc_fffc31fe: ; not directly referenced +loc_fffc30f3: ; not directly referenced mov byte [eax + 0xf4], 3 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3207: ; not directly referenced +loc_fffc30fc: ; not directly referenced mov byte [eax + 0xf4], 4 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3210: ; not directly referenced +loc_fffc3105: ; not directly referenced mov byte [eax + 0xf4], 5 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3219: ; not directly referenced +loc_fffc310e: ; not directly referenced mov byte [eax + 0xf4], 6 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3222: ; not directly referenced +loc_fffc3117: ; not directly referenced mov byte [eax + 0xf4], 7 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc322b: ; not directly referenced +loc_fffc3120: ; not directly referenced mov byte [eax + 0xf4], 8 -jmp short loc_fffc31f7 ; jmp 0xfffc31f7 +jmp short loc_fffc30ec ; jmp 0xfffc30ec -loc_fffc3234: ; not directly referenced +loc_fffc3129: ; not directly referenced mov byte [eax + 0xf4], 0 xor eax, eax -loc_fffc323d: ; not directly referenced +loc_fffc3132: ; not directly referenced pop ebp ret -fcn_fffc323f: ; not directly referenced +fcn_fffc3134: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -47225,7 +47106,7 @@ mov ebx, dword [ebp + 8] mov ecx, dword [eax + 0xd5] and ecx, 0xfffffffd dec ecx -jne short loc_fffc32a9 ; jne 0xfffc32a9 +jne short loc_fffc319e ; jne 0xfffc319e mov cl, byte [edx + 0x1f] shr cl, 7 mov byte [eax + 0xd1], cl @@ -47235,12 +47116,12 @@ and ecx, 1 mov byte [eax + 0xd2], cl xor ecx, ecx test byte [edx + 0x1f], 4 -je short loc_fffc3287 ; je 0xfffc3287 +je short loc_fffc317c ; je 0xfffc317c xor ecx, ecx cmp byte [ebx + 0x18b7], 0 setne cl -loc_fffc3287: ; not directly referenced +loc_fffc317c: ; not directly referenced mov byte [eax + 0xd0], cl mov cl, byte [edx + 0x1f] shr cl, 1 @@ -47249,33 +47130,33 @@ mov byte [eax + 0xd4], cl mov dl, byte [edx + 0x1f] and edx, 1 mov byte [eax + 0xd3], dl -jmp short loc_fffc32cc ; jmp 0xfffc32cc +jmp short loc_fffc31c1 ; jmp 0xfffc31c1 -loc_fffc32a9: ; not directly referenced +loc_fffc319e: ; not directly referenced mov byte [eax + 0xd1], 0 mov byte [eax + 0xd2], 0 mov byte [eax + 0xd0], 0 mov byte [eax + 0xd4], 0 mov byte [eax + 0xd3], 0 -loc_fffc32cc: ; not directly referenced +loc_fffc31c1: ; not directly referenced xor edx, edx cmp byte [eax + 0xd0], 0 -jne short loc_fffc32ec ; jne 0xfffc32ec +jne short loc_fffc31e1 ; jne 0xfffc31e1 cmp byte [eax + 0xd3], 0 -je short loc_fffc32ec ; je 0xfffc32ec +je short loc_fffc31e1 ; je 0xfffc31e1 xor edx, edx cmp byte [ebx + 0x18b8], 0 setne dl -loc_fffc32ec: ; not directly referenced +loc_fffc31e1: ; not directly referenced mov byte [eax + 0xcf], dl mov eax, 1 pop ebx pop ebp ret -fcn_fffc32fa: ; not directly referenced +fcn_fffc31ef: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 0x10] @@ -47285,62 +47166,62 @@ mov ebx, dword [ecx + 0xd5] mov edx, ebx and edx, 0xfffffffd dec edx -jne short loc_fffc3317 ; jne 0xfffc3317 +jne short loc_fffc320c ; jne 0xfffc320c mov dl, byte [eax + 0x3f] -jmp short loc_fffc331d ; jmp 0xfffc331d +jmp short loc_fffc3212 ; jmp 0xfffc3212 -loc_fffc3317: ; not directly referenced +loc_fffc320c: ; not directly referenced mov dl, byte [eax + 0x83] -loc_fffc331d: ; not directly referenced +loc_fffc3212: ; not directly referenced and edx, 1 mov eax, 1 mov byte [ecx + 0xce], dl cmp ebx, 2 -jne short loc_fffc3340 ; jne 0xfffc3340 +jne short loc_fffc3235 ; jne 0xfffc3235 dec dl -jne short loc_fffc3340 ; jne 0xfffc3340 +jne short loc_fffc3235 ; jne 0xfffc3235 xor eax, eax cmp dword [ecx + 0xd9], 3 sete al -loc_fffc3340: ; not directly referenced +loc_fffc3235: ; not directly referenced pop ebx pop ebp ret -fcn_fffc3343: ; not directly referenced +fcn_fffc3238: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] mov eax, dword [edx + 0xd5] and eax, 0xfffffffd dec eax -jne short loc_fffc336e ; jne 0xfffc336e +jne short loc_fffc3263 ; jne 0xfffc3263 mov eax, dword [ebp + 0xc] mov al, byte [eax + 8] shr al, 3 and eax, 3 dec al -jne short loc_fffc336e ; jne 0xfffc336e +jne short loc_fffc3263 ; jne 0xfffc3263 mov byte [edx + 0xcc], 1 -jmp short loc_fffc3375 ; jmp 0xfffc3375 +jmp short loc_fffc326a ; jmp 0xfffc326a -loc_fffc336e: ; not directly referenced +loc_fffc3263: ; not directly referenced mov byte [edx + 0xcc], 0 -loc_fffc3375: ; not directly referenced +loc_fffc326a: ; not directly referenced mov eax, 1 pop ebp ret -fcn_fffc337c: ; not directly referenced +fcn_fffc3271: ; not directly referenced push ebp mov ecx, 8 mov ebp, esp push edi push esi -mov esi, ref_fffd59ac ; mov esi, 0xfffd59ac +mov esi, ref_fffd5468 ; mov esi, 0xfffd5468 push ebx sub esp, 0x20 mov ebx, dword [ebp + 0x10] @@ -47348,10 +47229,10 @@ lea edi, [ebp - 0x2c] rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov dl, byte [ebx + 0xf1] test dl, dl -je short loc_fffc33e6 ; je 0xfffc33e6 +je short loc_fffc32db ; je 0xfffc32db mov al, byte [ebx + 0xf3] cmp al, 7 -ja short loc_fffc33e6 ; ja 0xfffc33e6 +ja short loc_fffc32db ; ja 0xfffc32db movzx ecx, al movzx eax, byte [ebx + 0xf0] imul eax, dword [ebp + ecx*4 - 0x2c] @@ -47362,16 +47243,16 @@ movzx edx, byte [ebx + 0xed] imul eax, edx lea edx, [eax - 0x200] cmp edx, 0x3e00 -ja short loc_fffc33e6 ; ja 0xfffc33e6 +ja short loc_fffc32db ; ja 0xfffc32db mov dword [ebx + 0xe1], eax mov eax, 1 -jmp short loc_fffc33f2 ; jmp 0xfffc33f2 +jmp short loc_fffc32e7 ; jmp 0xfffc32e7 -loc_fffc33e6: ; not directly referenced +loc_fffc32db: ; not directly referenced mov dword [ebx + 0xe1], 0 xor eax, eax -loc_fffc33f2: ; not directly referenced +loc_fffc32e7: ; not directly referenced add esp, 0x20 pop ebx pop esi @@ -47379,7 +47260,7 @@ pop edi pop ebp ret -fcn_fffc33fa: ; not directly referenced +fcn_fffc32ef: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47387,32 +47268,32 @@ mov ecx, dword [ebp + 0xc] mov eax, dword [edx + 0xd5] and eax, 0xfffffffd dec eax -jne short loc_fffc3414 ; jne 0xfffc3414 +jne short loc_fffc3309 ; jne 0xfffc3309 mov al, byte [ecx + 7] -jmp short loc_fffc3417 ; jmp 0xfffc3417 +jmp short loc_fffc330c ; jmp 0xfffc330c -loc_fffc3414: ; not directly referenced +loc_fffc3309: ; not directly referenced mov al, byte [ecx + 0xc] -loc_fffc3417: ; not directly referenced +loc_fffc330c: ; not directly referenced shr al, 3 and eax, 7 inc eax cmp al, 2 -ja short loc_fffc342f ; ja 0xfffc342f +ja short loc_fffc3324 ; ja 0xfffc3324 mov byte [edx + 0xed], al mov eax, 1 -jmp short loc_fffc3438 ; jmp 0xfffc3438 +jmp short loc_fffc332d ; jmp 0xfffc332d -loc_fffc342f: ; not directly referenced +loc_fffc3324: ; not directly referenced mov byte [edx + 0xed], 0 xor eax, eax -loc_fffc3438: ; not directly referenced +loc_fffc332d: ; not directly referenced pop ebp ret -fcn_fffc343a: ; not directly referenced +fcn_fffc332f: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47423,17 +47304,17 @@ mov ecx, dword [edx + 0xd5] and ecx, 0xfffffffd dec ecx mov cl, byte [eax + 4] -jne short loc_fffc3478 ; jne 0xfffc3478 +jne short loc_fffc336d ; jne 0xfffc336d and ecx, 0xf mov byte [edx + 0xf3], cl test byte [eax + 4], 0x70 -jne short loc_fffc34c3 ; jne 0xfffc34c3 +jne short loc_fffc33b8 ; jne 0xfffc33b8 mov byte [edx + 0xee], 8 mov eax, 1 mov byte [edx + 0xef], 0 -jmp short loc_fffc34c5 ; jmp 0xfffc34c5 +jmp short loc_fffc33ba ; jmp 0xfffc33ba -loc_fffc3478: ; not directly referenced +loc_fffc336d: ; not directly referenced and ecx, 0xf mov byte [edx + 0xf3], cl mov al, byte [eax + 4] @@ -47444,32 +47325,32 @@ and ecx, 3 mov esi, eax xor eax, eax cmp cl, 1 -ja short loc_fffc34aa ; ja 0xfffc34aa +ja short loc_fffc339f ; ja 0xfffc339f mov eax, 4 shl eax, cl mov byte [edx + 0xee], al mov eax, 1 -loc_fffc34aa: ; not directly referenced +loc_fffc339f: ; not directly referenced lea ecx, [esi - 1] cmp cl, 1 -ja short loc_fffc34c3 ; ja 0xfffc34c3 +ja short loc_fffc33b8 ; ja 0xfffc33b8 mov ebx, 1 mov ecx, esi shl ebx, cl mov byte [edx + 0xef], bl -jmp short loc_fffc34c5 ; jmp 0xfffc34c5 +jmp short loc_fffc33ba ; jmp 0xfffc33ba -loc_fffc34c3: ; not directly referenced +loc_fffc33b8: ; not directly referenced xor eax, eax -loc_fffc34c5: ; not directly referenced +loc_fffc33ba: ; not directly referenced pop ebx pop esi pop ebp ret -fcn_fffc34c9: ; not directly referenced +fcn_fffc33be: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47477,30 +47358,30 @@ mov ecx, dword [ebp + 0xc] mov eax, dword [edx + 0xd5] and eax, 0xfffffffd dec eax -jne short loc_fffc34e3 ; jne 0xfffc34e3 +jne short loc_fffc33d8 ; jne 0xfffc33d8 mov al, byte [ecx + 8] -jmp short loc_fffc34e6 ; jmp 0xfffc34e6 +jmp short loc_fffc33db ; jmp 0xfffc33db -loc_fffc34e3: ; not directly referenced +loc_fffc33d8: ; not directly referenced mov al, byte [ecx + 0xd] -loc_fffc34e6: ; not directly referenced +loc_fffc33db: ; not directly referenced and eax, 7 cmp al, 3 -jne short loc_fffc34fb ; jne 0xfffc34fb +jne short loc_fffc33f0 ; jne 0xfffc33f0 mov byte [edx + 0xf0], 0x40 mov eax, 1 -jmp short loc_fffc3504 ; jmp 0xfffc3504 +jmp short loc_fffc33f9 ; jmp 0xfffc33f9 -loc_fffc34fb: ; not directly referenced +loc_fffc33f0: ; not directly referenced mov byte [edx + 0xf0], 0 xor eax, eax -loc_fffc3504: ; not directly referenced +loc_fffc33f9: ; not directly referenced pop ebp ret -fcn_fffc3506: ; not directly referenced +fcn_fffc33fb: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0xc] @@ -47511,65 +47392,65 @@ mov dl, byte [edx + 5] mov eax, dword [eax + 0x1887] and edx, 7 cmp dl, 2 -je short loc_fffc3567 ; je 0xfffc3567 +je short loc_fffc345c ; je 0xfffc345c cmp dl, 3 -je short loc_fffc3592 ; je 0xfffc3592 +je short loc_fffc3487 ; je 0xfffc3487 dec dl -jne short loc_fffc35a4 ; jne 0xfffc35a4 +jne short loc_fffc3499 ; jne 0xfffc3499 cmp eax, 0x40650 -je short loc_fffc355c ; je 0xfffc355c +je short loc_fffc3451 ; je 0xfffc3451 cmp eax, 0x40660 sete bl cmp eax, 0x306c0 sete dl or bl, dl -jne short loc_fffc355c ; jne 0xfffc355c +jne short loc_fffc3451 ; jne 0xfffc3451 cmp eax, 0x40670 sete bl cmp eax, 0x306d0 sete dl or bl, dl -je short loc_fffc356e ; je 0xfffc356e +je short loc_fffc3463 ; je 0xfffc3463 -loc_fffc355c: ; not directly referenced +loc_fffc3451: ; not directly referenced mov word [ecx + 0xe9], 0x400 -jmp short loc_fffc358b ; jmp 0xfffc358b +jmp short loc_fffc3480 ; jmp 0xfffc3480 -loc_fffc3567: ; not directly referenced +loc_fffc345c: ; not directly referenced cmp eax, 0x40650 -je short loc_fffc3582 ; je 0xfffc3582 +je short loc_fffc3477 ; je 0xfffc3477 -loc_fffc356e: ; not directly referenced +loc_fffc3463: ; not directly referenced cmp eax, 0x40670 sete dl cmp eax, 0x306d0 sete al or dl, al -je short loc_fffc35a4 ; je 0xfffc35a4 +je short loc_fffc3499 ; je 0xfffc3499 -loc_fffc3582: ; not directly referenced +loc_fffc3477: ; not directly referenced mov word [ecx + 0xe9], 0x800 -loc_fffc358b: ; not directly referenced +loc_fffc3480: ; not directly referenced mov eax, 1 -jmp short loc_fffc35af ; jmp 0xfffc35af +jmp short loc_fffc34a4 ; jmp 0xfffc34a4 -loc_fffc3592: ; not directly referenced +loc_fffc3487: ; not directly referenced cmp eax, 0x40650 -jne short loc_fffc35a4 ; jne 0xfffc35a4 +jne short loc_fffc3499 ; jne 0xfffc3499 mov word [ecx + 0xe9], 0x1000 -jmp short loc_fffc358b ; jmp 0xfffc358b +jmp short loc_fffc3480 ; jmp 0xfffc3480 -loc_fffc35a4: ; not directly referenced +loc_fffc3499: ; not directly referenced mov word [ecx + 0xe9], 0 xor eax, eax -loc_fffc35af: ; not directly referenced +loc_fffc34a4: ; not directly referenced pop ebx pop ebp ret -fcn_fffc35b2: ; not directly referenced +fcn_fffc34a7: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -47578,42 +47459,42 @@ mov al, byte [eax + 5] shr al, 3 and eax, 7 cmp al, 4 -ja short loc_fffc3613 ; ja 0xfffc3613 +ja short loc_fffc3508 ; ja 0xfffc3508 movzx eax, al -jmp dword [eax*4 + ref_fffd59cc] ; ujmp: jmp dword [eax*4 - 0x2a634] +jmp dword [eax*4 + ref_fffd5488] ; ujmp: jmp dword [eax*4 - 0x2ab78] -loc_fffc35d2: ; not directly referenced +loc_fffc34c7: ; not directly referenced mov dword [edx + 0xe5], 0x1000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc35de: ; not directly referenced +loc_fffc34d3: ; not directly referenced mov dword [edx + 0xe5], 0x2000 -loc_fffc35e8: ; not directly referenced +loc_fffc34dd: ; not directly referenced mov eax, 1 -jmp short loc_fffc361f ; jmp 0xfffc361f +jmp short loc_fffc3514 ; jmp 0xfffc3514 -loc_fffc35ef: ; not directly referenced +loc_fffc34e4: ; not directly referenced mov dword [edx + 0xe5], 0x4000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc35fb: ; not directly referenced +loc_fffc34f0: ; not directly referenced mov dword [edx + 0xe5], 0x8000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc3607: ; not directly referenced +loc_fffc34fc: ; not directly referenced mov dword [edx + 0xe5], 0x10000 -jmp short loc_fffc35e8 ; jmp 0xfffc35e8 +jmp short loc_fffc34dd ; jmp 0xfffc34dd -loc_fffc3613: ; not directly referenced +loc_fffc3508: ; not directly referenced mov dword [edx + 0xe5], 0 xor eax, eax -loc_fffc361f: ; not directly referenced +loc_fffc3514: ; not directly referenced pop ebp ret -fcn_fffc3621: ; not directly referenced +fcn_fffc3516: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] @@ -47621,46 +47502,46 @@ mov ecx, dword [ebp + 0xc] mov edx, dword [eax + 0xd5] and edx, 0xfffffffd dec edx -jne short loc_fffc363b ; jne 0xfffc363b +jne short loc_fffc3530 ; jne 0xfffc3530 mov dl, byte [ecx + 7] -jmp short loc_fffc363e ; jmp 0xfffc363e +jmp short loc_fffc3533 ; jmp 0xfffc3533 -loc_fffc363b: ; not directly referenced +loc_fffc3530: ; not directly referenced mov dl, byte [ecx + 0xc] -loc_fffc363e: ; not directly referenced +loc_fffc3533: ; not directly referenced and edx, 7 mov byte [eax + 0xf2], dl mov dl, byte [eax + 0xf2] cmp dl, 2 -je short loc_fffc3664 ; je 0xfffc3664 +je short loc_fffc3559 ; je 0xfffc3559 cmp dl, 3 -je short loc_fffc3672 ; je 0xfffc3672 +je short loc_fffc3567 ; je 0xfffc3567 dec dl -jne short loc_fffc367b ; jne 0xfffc367b +jne short loc_fffc3570 ; jne 0xfffc3570 mov byte [eax + 0xf1], 8 -jmp short loc_fffc366b ; jmp 0xfffc366b +jmp short loc_fffc3560 ; jmp 0xfffc3560 -loc_fffc3664: ; not directly referenced +loc_fffc3559: ; not directly referenced mov byte [eax + 0xf1], 0x10 -loc_fffc366b: ; not directly referenced +loc_fffc3560: ; not directly referenced mov eax, 1 -jmp short loc_fffc3684 ; jmp 0xfffc3684 +jmp short loc_fffc3579 ; jmp 0xfffc3579 -loc_fffc3672: ; not directly referenced +loc_fffc3567: ; not directly referenced mov byte [eax + 0xf1], 0x20 -jmp short loc_fffc366b ; jmp 0xfffc366b +jmp short loc_fffc3560 ; jmp 0xfffc3560 -loc_fffc367b: ; not directly referenced +loc_fffc3570: ; not directly referenced mov byte [eax + 0xf1], 0 xor eax, eax -loc_fffc3684: ; not directly referenced +loc_fffc3579: ; not directly referenced pop ebp ret -fcn_fffc3686: ; not directly referenced +fcn_fffc357b: ; not directly referenced push ebp mov ebp, esp push edi @@ -47678,11 +47559,11 @@ mov cl, byte [ebx + 2] shr byte [ebp - 0xd], 1 and byte [ebp - 0xd], 1 cmp cl, 0xc -je loc_fffc3749 ; je 0xfffc3749 +je loc_fffc363e ; je 0xfffc363e cmp cl, 0xf1 -je short loc_fffc370a ; je 0xfffc370a +je short loc_fffc35ff ; je 0xfffc35ff cmp cl, 0xb -jne loc_fffc376a ; jne 0xfffc376a +jne loc_fffc365f ; jne 0xfffc365f mov dword [edx + 0xd5], 1 mov cl, byte [ebx + 3] add ebx, 0xb0 @@ -47693,119 +47574,119 @@ sete cl cmp eax, 0x40650 sete al or cl, al -je loc_fffc3814 ; je 0xfffc3814 +je loc_fffc3709 ; je 0xfffc3709 cmp byte [ebp - 0xd], 0 -je short loc_fffc3780 ; je 0xfffc3780 -jmp near loc_fffc3814 ; jmp 0xfffc3814 +je short loc_fffc3675 ; je 0xfffc3675 +jmp near loc_fffc3709 ; jmp 0xfffc3709 -loc_fffc370a: ; not directly referenced +loc_fffc35ff: ; not directly referenced cmp eax, 0x40650 -je short loc_fffc3728 ; je 0xfffc3728 +je short loc_fffc361d ; je 0xfffc361d cmp eax, 0x40660 sete cl cmp eax, 0x306c0 sete al or cl, al -jne short loc_fffc3728 ; jne 0xfffc3728 +jne short loc_fffc361d ; jne 0xfffc361d dec edi -jne short loc_fffc3749 ; jne 0xfffc3749 +jne short loc_fffc363e ; jne 0xfffc363e -loc_fffc3728: ; not directly referenced +loc_fffc361d: ; not directly referenced mov dword [edx + 0xd5], 3 mov al, byte [ebx + 3] add ebx, 0xb0 and eax, 0xf mov dword [edx + 0xd9], eax -jmp near loc_fffc3814 ; jmp 0xfffc3814 +jmp near loc_fffc3709 ; jmp 0xfffc3709 -loc_fffc3749: ; not directly referenced +loc_fffc363e: ; not directly referenced mov dword [edx + 0xd5], 2 mov al, byte [ebx + 3] add ebx, 0x180 and eax, 0xf mov dword [edx + 0xd9], eax -jmp near loc_fffc3814 ; jmp 0xfffc3814 +jmp near loc_fffc3709 ; jmp 0xfffc3709 -loc_fffc376a: ; not directly referenced +loc_fffc365f: ; not directly referenced mov dword [edx + 0xd5], 0 xor ebx, ebx mov dword [edx + 0xd9], 0 -loc_fffc3780: ; not directly referenced +loc_fffc3675: ; not directly referenced xor eax, eax -loc_fffc3782: ; not directly referenced +loc_fffc3677: ; not directly referenced mov byte [edx + 0xf6], 0 test eax, eax -je loc_fffc383c ; je 0xfffc383c +je loc_fffc3731 ; je 0xfffc3731 cmp word [ebx], 0x4a0c mov eax, dword [esi + 0x18a7] -jne short loc_fffc37bf ; jne 0xfffc37bf +jne short loc_fffc36b4 ; jne 0xfffc36b4 mov cl, byte [ebx + 3] and ecx, 0xfffffffe cmp cl, 0x12 -jne short loc_fffc37bf ; jne 0xfffc37bf +jne short loc_fffc36b4 ; jne 0xfffc36b4 cmp eax, 2 -jne short loc_fffc37b4 ; jne 0xfffc37b4 +jne short loc_fffc36a9 ; jne 0xfffc36a9 test byte [ebx + 2], 1 -jmp short loc_fffc37bd ; jmp 0xfffc37bd +jmp short loc_fffc36b2 ; jmp 0xfffc36b2 -loc_fffc37b4: ; not directly referenced +loc_fffc36a9: ; not directly referenced cmp eax, 3 -jne short loc_fffc37cd ; jne 0xfffc37cd +jne short loc_fffc36c2 ; jne 0xfffc36c2 test byte [ebx + 2], 2 -loc_fffc37bd: ; not directly referenced -jne short loc_fffc37cd ; jne 0xfffc37cd +loc_fffc36b2: ; not directly referenced +jne short loc_fffc36c2 ; jne 0xfffc36c2 -loc_fffc37bf: ; not directly referenced +loc_fffc36b4: ; not directly referenced sub eax, 2 cmp eax, 1 seta al movzx eax, al -jmp short loc_fffc37d9 ; jmp 0xfffc37d9 +jmp short loc_fffc36ce ; jmp 0xfffc36ce -loc_fffc37cd: ; not directly referenced -or byte [esi + 0x3749], 1 +loc_fffc36c2: ; not directly referenced +or byte [esi + 0x374a], 1 mov eax, 1 -loc_fffc37d9: ; not directly referenced +loc_fffc36ce: ; not directly referenced cmp word [ebx], 0x4a0c -jne short loc_fffc383c ; jne 0xfffc383c +jne short loc_fffc3731 ; jne 0xfffc3731 movzx edi, byte [ebx + 3] mov esi, edi and esi, 0xfffffffe mov ecx, esi cmp cl, 0x12 -jne short loc_fffc37f8 ; jne 0xfffc37f8 +jne short loc_fffc36ed ; jne 0xfffc36ed mov ecx, edi mov byte [edx + 0xf7], cl -loc_fffc37f8: ; not directly referenced +loc_fffc36ed: ; not directly referenced test byte [ebx + 2], 1 -je short loc_fffc3805 ; je 0xfffc3805 +je short loc_fffc36fa ; je 0xfffc36fa or byte [edx + 0xf6], 1 -loc_fffc3805: ; not directly referenced +loc_fffc36fa: ; not directly referenced test byte [ebx + 2], 2 -je short loc_fffc383c ; je 0xfffc383c +je short loc_fffc3731 ; je 0xfffc3731 or byte [edx + 0xf6], 2 -jmp short loc_fffc383c ; jmp 0xfffc383c +jmp short loc_fffc3731 ; jmp 0xfffc3731 -loc_fffc3814: ; not directly referenced +loc_fffc3709: ; not directly referenced mov eax, dword [edx + 0xd9] lea ecx, [eax - 2] xor eax, eax cmp ecx, 6 -ja loc_fffc3782 ; ja 0xfffc3782 +ja loc_fffc3677 ; ja 0xfffc3677 mov eax, 1 shl eax, cl test al, 0x43 setne al movzx eax, al -jmp near loc_fffc3782 ; jmp 0xfffc3782 +jmp near loc_fffc3677 ; jmp 0xfffc3677 -loc_fffc383c: ; not directly referenced +loc_fffc3731: ; not directly referenced add esp, 1 pop ebx pop esi @@ -47813,7 +47694,7 @@ pop edi pop ebp ret -fcn_fffc3844: ; not directly referenced +fcn_fffc3739: ; not directly referenced push ebp mov ebp, esp movzx eax, byte [ebp + 0x10] @@ -47829,7 +47710,7 @@ shl eax, 0x14 add eax, edx ret -fcn_fffc3868: ; not directly referenced +fcn_fffc375d: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -47848,7 +47729,7 @@ movzx edx, dx or eax, edx ret -fcn_fffc3896: ; not directly referenced +fcn_fffc378b: ; not directly referenced push ebp mov ebp, esp push edi @@ -47857,26 +47738,26 @@ push ebx sub esp, 0x2c mov ebx, dword [ebp + 8] mov dword [ebp - 0x1c], 0 -mov eax, dword [ebx + 0x2443] +mov eax, dword [ebx + 0x2444] lea edi, [ebx + 0xfb9] mov dword [ebp - 0x20], eax mov al, byte [ebx + 0xfb8] -mov byte [ebx + 0x3755], al +mov byte [ebx + 0x3756], al mov eax, dword [ebx + 0xfb4] -mov dword [ebx + 0x374e], eax +mov dword [ebx + 0x374f], eax -loc_fffc38d0: ; not directly referenced +loc_fffc37c5: ; not directly referenced imul esi, dword [ebp - 0x1c], 0x13c3 xor edx, edx mov eax, dword [edi + 4] -lea ecx, [ebx + esi + 0x3756] -mov dword [ebx + esi + 0x3816], eax +lea ecx, [ebx + esi + 0x3757] +mov dword [ebx + esi + 0x3817], eax mov al, byte [edi + 8] -mov byte [ebx + esi + 0x381a], al +mov byte [ebx + esi + 0x381b], al mov eax, dword [edi] -mov dword [ebx + esi + 0x3756], eax +mov dword [ebx + esi + 0x3757], eax -loc_fffc38fd: ; not directly referenced +loc_fffc37f2: ; not directly referenced push eax push 0x2e lea eax, [edi + edx + 9] @@ -47892,9 +47773,9 @@ add esp, 0x10 mov ecx, dword [ebp - 0x24] add edx, 0x2e cmp edx, 0xb8 -jne short loc_fffc38fd ; jne 0xfffc38fd +jne short loc_fffc37f2 ; jne 0xfffc37f2 imul eax, dword [ebp - 0x1c], 0x54a -lea esi, [ebx + esi + 0x48c9] +lea esi, [ebx + esi + 0x48ca] mov dword [ebp - 0x24], esi lea edx, [edi + 0x313] mov byte [ebp - 0x29], 2 @@ -47902,12 +47783,12 @@ lea esi, [ebx + eax + 0x1afb] lea eax, [edi + 0xc1] mov dword [ebp - 0x28], eax -loc_fffc3955: ; not directly referenced +loc_fffc384a: ; not directly referenced mov eax, dword [ebp - 0x28] mov eax, dword [eax] lea ecx, [eax - 1] cmp ecx, 1 -ja short loc_fffc39d5 ; ja 0xfffc39d5 +ja short loc_fffc38ca ; ja 0xfffc38ca push eax mov eax, dword [ebp - 0x20] push 0x128 @@ -47918,16 +47799,16 @@ call dword [eax + 0x58] ; ucall mov edx, dword [ebp - 0x30] add esp, 0x10 cmp byte [esi - 0x13e], 0xc -jne short loc_fffc39a1 ; jne 0xfffc39a1 +jne short loc_fffc3896 ; jne 0xfffc3896 mov cl, byte [edx - 2] mov eax, esi mov byte [esi - 0x13d], cl mov cl, byte [edx - 1] mov byte [esi - 0x133], cl mov ecx, 0x1d -jmp short loc_fffc39be ; jmp 0xfffc39be +jmp short loc_fffc38b3 ; jmp 0xfffc38b3 -loc_fffc39a1: ; not directly referenced +loc_fffc3896: ; not directly referenced mov al, byte [edx - 2] mov ecx, 0x1f mov byte [esi - 0x13d], al @@ -47935,7 +47816,7 @@ mov al, byte [edx - 1] mov byte [esi - 0x138], al lea eax, [esi - 0xcb] -loc_fffc39be: ; not directly referenced +loc_fffc38b3: ; not directly referenced sub esp, 4 push ecx push edx @@ -47945,32 +47826,32 @@ mov dword [ebp - 0x30], edx call dword [eax + 0x58] ; ucall add esp, 0x10 mov edx, dword [ebp - 0x30] -jmp short loc_fffc39da ; jmp 0xfffc39da +jmp short loc_fffc38cf ; jmp 0xfffc38cf -loc_fffc39d5: ; not directly referenced +loc_fffc38ca: ; not directly referenced mov ecx, dword [ebp - 0x24] mov dword [ecx], eax -loc_fffc39da: ; not directly referenced +loc_fffc38cf: ; not directly referenced add dword [ebp - 0x28], 0x128 add esi, 0x277 add edx, 0x21 add dword [ebp - 0x24], 0x128 dec byte [ebp - 0x29] -jne loc_fffc3955 ; jne 0xfffc3955 +jne loc_fffc384a ; jne 0xfffc384a inc dword [ebp - 0x1c] add edi, 0x433 cmp dword [ebp - 0x1c], 2 -jne loc_fffc38d0 ; jne 0xfffc38d0 +jne loc_fffc37c5 ; jne 0xfffc37c5 mov eax, dword [ebx + 0x182c] xor ecx, ecx -mov dword [ebx + 0x3735], eax +mov dword [ebx + 0x3736], eax mov eax, dword [ebx + 0x1830] -mov dword [ebx + 0x3739], eax +mov dword [ebx + 0x373a], eax mov eax, dword [ebx + 0x1834] -mov dword [ebx + 0x373d], eax +mov dword [ebx + 0x373e], eax mov eax, dword [ebx + 0x1838] -mov dword [ebx + 0x3741], eax +mov dword [ebx + 0x3742], eax mov eax, dword [ebx + 0xfa4] mov dword [ebx + 0x1887], eax mov eax, dword [ebx + 0xfa0] @@ -47980,38 +47861,38 @@ mov dword [ebx + 0x188b], eax mov al, byte [ebx + 0x1842] mov byte [ebx + 0x190d], al mov eax, dword [ebx + 0x181f] -mov dword [ebx + 0x36d7], eax +mov dword [ebx + 0x36d8], eax mov eax, dword [ebx + 0x1823] -mov dword [ebx + 0x36df], eax +mov dword [ebx + 0x36e0], eax mov al, byte [ebx + 0x182b] -mov byte [ebx + 0x36e7], al +mov byte [ebx + 0x36e8], al mov eax, dword [ebx + 0x1827] -mov dword [ebx + 0x36e3], eax +mov dword [ebx + 0x36e4], eax mov al, byte [ebx + 0x183c] -mov byte [ebx + 0x3748], al +mov byte [ebx + 0x3749], al mov eax, dword [ebx + 0x183d] -mov dword [ebx + 0x2480], eax +mov dword [ebx + 0x2481], eax mov al, byte [ebx + 0x1841] -mov byte [ebx + 0x3749], al +mov byte [ebx + 0x374a], al mov al, byte [ebx + 0x184c] -mov byte [ebx + 0x36ca], al +mov byte [ebx + 0x36cb], al mov eax, dword [ebx + 0x1843] -mov dword [ebx + 0x36cb], eax +mov dword [ebx + 0x36cc], eax mov eax, dword [ebx + 0x1847] mov dword [ebx + 0x1912], eax mov al, byte [ebx + 0x184b] mov byte [ebx + 0x1916], al mov al, byte [ebx + 0x184d] -mov byte [ebx + 0x36a8], al +mov byte [ebx + 0x36a9], al -loc_fffc3aff: ; not directly referenced +loc_fffc39f4: ; not directly referenced mov eax, dword [ebx + ecx + 0x184e] mov edx, dword [ebx + ecx + 0x1852] -mov dword [ebx + ecx + 0x36a9], eax -mov dword [ebx + ecx + 0x36ad], edx +mov dword [ebx + ecx + 0x36aa], eax +mov dword [ebx + ecx + 0x36ae], edx add ecx, 8 cmp ecx, 0x20 -jne short loc_fffc3aff ; jne 0xfffc3aff +jne short loc_fffc39f4 ; jne 0xfffc39f4 lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -48020,7 +47901,7 @@ pop edi pop ebp ret -fcn_fffc3b2d: ; not directly referenced +fcn_fffc3a22: ; not directly referenced push ebp mov ebp, esp push ebx @@ -48028,32 +47909,32 @@ sub esp, 0x10 mov ebx, dword [ebp + 8] mov al, byte [ebx + 0x18b1] mov ecx, dword [ebx + 0x18cd] -mov byte [ebx + 0x2479], 0 -mov byte [ebx + 0x3748], al +mov byte [ebx + 0x247a], 0 +mov byte [ebx + 0x3749], al mov al, byte [ebx + 0x23ff] lea edx, [ecx + 0x18] -mov byte [ebx + 0x3745], al -mov eax, dword [ebx + 0x2443] +mov byte [ebx + 0x3746], al +mov eax, dword [ebx + 0x2444] push edx call dword [eax + 0x20] ; ucall add esp, 0x10 mov edx, eax shr edx, 0x10 test ax, ax -jne short loc_fffc3b80 ; jne 0xfffc3b80 +jne short loc_fffc3a75 ; jne 0xfffc3a75 cmp dx, 1 -jbe short loc_fffc3b80 ; jbe 0xfffc3b80 +jbe short loc_fffc3a75 ; jbe 0xfffc3a75 mov al, dl -jmp short loc_fffc3b86 ; jmp 0xfffc3b86 +jmp short loc_fffc3a7b ; jmp 0xfffc3a7b -loc_fffc3b80: ; not directly referenced +loc_fffc3a75: ; not directly referenced mov al, byte [ebx + 0x2401] -loc_fffc3b86: ; not directly referenced +loc_fffc3a7b: ; not directly referenced mov ecx, dword [ebx + 0x18cd] sub esp, 0xc -mov byte [ebx + 0x3747], al -mov eax, dword [ebx + 0x2443] +mov byte [ebx + 0x3748], al +mov eax, dword [ebx + 0x2444] lea edx, [ecx + 0x28] push edx call dword [eax + 0x20] ; ucall @@ -48061,37 +47942,37 @@ add esp, 0x10 mov edx, eax shr edx, 0x10 test ax, ax -jne short loc_fffc3bb9 ; jne 0xfffc3bb9 +jne short loc_fffc3aae ; jne 0xfffc3aae cmp dx, 1 -jbe short loc_fffc3bb9 ; jbe 0xfffc3bb9 +jbe short loc_fffc3aae ; jbe 0xfffc3aae mov al, dl -jmp short loc_fffc3bbf ; jmp 0xfffc3bbf +jmp short loc_fffc3ab4 ; jmp 0xfffc3ab4 -loc_fffc3bb9: ; not directly referenced +loc_fffc3aae: ; not directly referenced mov al, byte [ebx + 0x2400] -loc_fffc3bbf: ; not directly referenced -mov byte [ebx + 0x3746], al +loc_fffc3ab4: ; not directly referenced +mov byte [ebx + 0x3747], al xor eax, eax mov ebx, dword [ebp - 4] leave ret -fcn_fffc3bcc: ; not directly referenced +fcn_fffc3ac1: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffc3bd3: ; not directly referenced +fcn_fffc3ac8: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_fffc3bda: ; not directly referenced +fcn_fffc3acf: ; not directly referenced push ebp and edx, 0xff00 mov ebp, esp @@ -48106,7 +47987,7 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffc3bf5: ; not directly referenced +fcn_fffc3aea: ; not directly referenced push ebp movzx ecx, dl mov ebp, esp @@ -48121,205 +48002,205 @@ mov ebx, dword [ebp - 4] leave ret -fcn_fffc3c0d: +fcn_fffc3b02: push ebp mov ebp, esp push esi push ebx -mov esi, dword [eax + 0x2443] +mov esi, dword [eax + 0x2444] lea ebx, [edx - 0xd] -mov ecx, dword [eax + 0x2480] +mov ecx, dword [eax + 0x2481] cmp ebx, 0x36 -ja loc_fffc3dad ; ja 0xfffc3dad -jmp dword [ebx*4 + ref_fffd59e0] ; ujmp: jmp dword [ebx*4 - 0x2a620] +ja loc_fffc3ca2 ; ja 0xfffc3ca2 +jmp dword [ebx*4 + ref_fffd549c] ; ujmp: jmp dword [ebx*4 - 0x2ab64] -loc_fffc3c31: +loc_fffc3b26: cmp ecx, 3 -je loc_fffc3dad ; je 0xfffc3dad +je loc_fffc3ca2 ; je 0xfffc3ca2 mov bl, byte [eax + 0x2403] -jmp short loc_fffc3c98 ; jmp 0xfffc3c98 +jmp short loc_fffc3b8d ; jmp 0xfffc3b8d -loc_fffc3c42: +loc_fffc3b37: mov bl, byte [eax + 0x2403] -jmp short loc_fffc3cc0 ; jmp 0xfffc3cc0 +jmp short loc_fffc3bb5 ; jmp 0xfffc3bb5 -loc_fffc3c4a: +loc_fffc3b3f: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d09 ; jmp 0xfffc3d09 +jmp near loc_fffc3bfe ; jmp 0xfffc3bfe -loc_fffc3c55: +loc_fffc3b4a: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d14 ; jmp 0xfffc3d14 +jmp near loc_fffc3c09 ; jmp 0xfffc3c09 -loc_fffc3c60: +loc_fffc3b55: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d87 ; jmp 0xfffc3d87 +jmp near loc_fffc3c7c ; jmp 0xfffc3c7c -loc_fffc3c6b: +loc_fffc3b60: mov bl, byte [eax + 0x2403] -jmp short loc_fffc3cdd ; jmp 0xfffc3cdd +jmp short loc_fffc3bd2 ; jmp 0xfffc3bd2 -loc_fffc3c73: +loc_fffc3b68: mov bl, byte [eax + 0x2403] -jmp near loc_fffc3d1f ; jmp 0xfffc3d1f +jmp near loc_fffc3c14 ; jmp 0xfffc3c14 -loc_fffc3c7e: +loc_fffc3b73: movsx ebx, byte [eax + 0x2403] -jmp near loc_fffc3d51 ; jmp 0xfffc3d51 +jmp near loc_fffc3c46 ; jmp 0xfffc3c46 -loc_fffc3c8a: +loc_fffc3b7f: cmp ecx, 2 -jmp near loc_fffc3d7c ; jmp 0xfffc3d7c +jmp near loc_fffc3c71 ; jmp 0xfffc3c71 -loc_fffc3c92: +loc_fffc3b87: mov bl, byte [eax + 0x2404] -loc_fffc3c98: +loc_fffc3b8d: not ebx -jmp near loc_fffc3d25 ; jmp 0xfffc3d25 +jmp near loc_fffc3c1a ; jmp 0xfffc3c1a -loc_fffc3c9f: +loc_fffc3b94: mov bl, byte [eax + 0x2406] -jmp short loc_fffc3cdd ; jmp 0xfffc3cdd +jmp short loc_fffc3bd2 ; jmp 0xfffc3bd2 -loc_fffc3ca7: +loc_fffc3b9c: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3d87 ; jmp 0xfffc3d87 +jmp near loc_fffc3c7c ; jmp 0xfffc3c7c -loc_fffc3cb2: +loc_fffc3ba7: mov bl, byte [eax + 0x2406] -jmp short loc_fffc3d14 ; jmp 0xfffc3d14 +jmp short loc_fffc3c09 ; jmp 0xfffc3c09 -loc_fffc3cba: +loc_fffc3baf: mov bl, byte [eax + 0x2404] -loc_fffc3cc0: +loc_fffc3bb5: shr bl, 1 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3cc4: +loc_fffc3bb9: mov bl, byte [eax + 0x2404] -jmp short loc_fffc3d09 ; jmp 0xfffc3d09 +jmp short loc_fffc3bfe ; jmp 0xfffc3bfe -loc_fffc3ccc: +loc_fffc3bc1: mov bl, byte [eax + 0x2404] -jmp near loc_fffc3d87 ; jmp 0xfffc3d87 +jmp near loc_fffc3c7c ; jmp 0xfffc3c7c -loc_fffc3cd7: +loc_fffc3bcc: mov bl, byte [eax + 0x2404] -loc_fffc3cdd: +loc_fffc3bd2: shr bl, 5 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3ce2: +loc_fffc3bd7: mov bl, byte [eax + 0x2404] -jmp short loc_fffc3d1f ; jmp 0xfffc3d1f +jmp short loc_fffc3c14 ; jmp 0xfffc3c14 -loc_fffc3cea: +loc_fffc3bdf: movsx ebx, byte [eax + 0x2404] -jmp short loc_fffc3d51 ; jmp 0xfffc3d51 +jmp short loc_fffc3c46 ; jmp 0xfffc3c46 -loc_fffc3cf3: +loc_fffc3be8: mov bl, byte [eax + 0x2405] -jmp short loc_fffc3c98 ; jmp 0xfffc3c98 +jmp short loc_fffc3b8d ; jmp 0xfffc3b8d -loc_fffc3cfb: +loc_fffc3bf0: mov bl, byte [eax + 0x2405] -jmp short loc_fffc3cc0 ; jmp 0xfffc3cc0 +jmp short loc_fffc3bb5 ; jmp 0xfffc3bb5 -loc_fffc3d03: +loc_fffc3bf8: mov bl, byte [eax + 0x2405] -loc_fffc3d09: +loc_fffc3bfe: shr bl, 2 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3d0e: +loc_fffc3c03: mov bl, byte [eax + 0x2405] -loc_fffc3d14: +loc_fffc3c09: shr bl, 3 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3d19: +loc_fffc3c0e: mov bl, byte [eax + 0x2405] -loc_fffc3d1f: +loc_fffc3c14: shr bl, 6 -loc_fffc3d22: +loc_fffc3c17: xor ebx, 1 -loc_fffc3d25: +loc_fffc3c1a: and ebx, 1 -jmp near loc_fffc3daf ; jmp 0xfffc3daf +jmp near loc_fffc3ca4 ; jmp 0xfffc3ca4 -loc_fffc3d2d: +loc_fffc3c22: mov ebx, 1 test byte [eax + 0x2405], 0x20 -je short loc_fffc3daf ; je 0xfffc3daf +je short loc_fffc3ca4 ; je 0xfffc3ca4 cmp dword [eax + 0x188b], 0 -loc_fffc3d42: +loc_fffc3c37: sete bl -loc_fffc3d45: +loc_fffc3c3a: movzx ebx, bl -jmp short loc_fffc3daf ; jmp 0xfffc3daf +jmp short loc_fffc3ca4 ; jmp 0xfffc3ca4 -loc_fffc3d4a: +loc_fffc3c3f: movsx ebx, byte [eax + 0x2405] -loc_fffc3d51: +loc_fffc3c46: not ebx shr ebx, 0x1f -jmp short loc_fffc3daf ; jmp 0xfffc3daf +jmp short loc_fffc3ca4 ; jmp 0xfffc3ca4 -loc_fffc3d58: +loc_fffc3c4d: mov ebx, 1 test byte [eax + 0x2406], 1 -je short loc_fffc3daf ; je 0xfffc3daf +je short loc_fffc3ca4 ; je 0xfffc3ca4 -loc_fffc3d66: +loc_fffc3c5b: cmp ecx, 3 -jmp short loc_fffc3d42 ; jmp 0xfffc3d42 +jmp short loc_fffc3c37 ; jmp 0xfffc3c37 -loc_fffc3d6b: +loc_fffc3c60: mov ebx, 1 test byte [eax + 0x2404], 8 -je short loc_fffc3daf ; je 0xfffc3daf +je short loc_fffc3ca4 ; je 0xfffc3ca4 -loc_fffc3d79: +loc_fffc3c6e: cmp ecx, 3 -loc_fffc3d7c: +loc_fffc3c71: setne bl -jmp short loc_fffc3d45 ; jmp 0xfffc3d45 +jmp short loc_fffc3c3a ; jmp 0xfffc3c3a -loc_fffc3d81: +loc_fffc3c76: mov bl, byte [eax + 0x2405] -loc_fffc3d87: +loc_fffc3c7c: shr bl, 4 -jmp short loc_fffc3d22 ; jmp 0xfffc3d22 +jmp short loc_fffc3c17 ; jmp 0xfffc3c17 -loc_fffc3d8c: +loc_fffc3c81: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3cc0 ; jmp 0xfffc3cc0 +jmp near loc_fffc3bb5 ; jmp 0xfffc3bb5 -loc_fffc3d97: +loc_fffc3c8c: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3d09 ; jmp 0xfffc3d09 +jmp near loc_fffc3bfe ; jmp 0xfffc3bfe -loc_fffc3da2: +loc_fffc3c97: mov bl, byte [eax + 0x2406] -jmp near loc_fffc3d1f ; jmp 0xfffc3d1f +jmp near loc_fffc3c14 ; jmp 0xfffc3c14 -loc_fffc3dad: +loc_fffc3ca2: xor ebx, ebx -loc_fffc3daf: +loc_fffc3ca4: push ecx push 0 push edx @@ -48332,7 +48213,7 @@ pop esi pop ebp ret -fcn_fffc3dc3: +fcn_fffc3cb8: push ebp xor ecx, ecx mov ebp, esp @@ -48340,33 +48221,33 @@ push esi push ebx sub esp, 0x400 -loc_fffc3dd0: +loc_fffc3cc5: mov ebx, ecx mov esi, 8 -loc_fffc3dd7: +loc_fffc3ccc: test bl, 1 -je short loc_fffc3de6 ; je 0xfffc3de6 +je short loc_fffc3cdb ; je 0xfffc3cdb shr ebx, 1 xor ebx, 0xedb88320 -jmp short loc_fffc3de8 ; jmp 0xfffc3de8 +jmp short loc_fffc3cdd ; jmp 0xfffc3cdd -loc_fffc3de6: +loc_fffc3cdb: shr ebx, 1 -loc_fffc3de8: +loc_fffc3cdd: dec esi -jne short loc_fffc3dd7 ; jne 0xfffc3dd7 +jne short loc_fffc3ccc ; jne 0xfffc3ccc mov dword [ebp + ecx*4 - 0x408], ebx inc ecx cmp ecx, 0x100 -jne short loc_fffc3dd0 ; jne 0xfffc3dd0 +jne short loc_fffc3cc5 ; jne 0xfffc3cc5 or ecx, 0xffffffff xor ebx, ebx -loc_fffc3e00: +loc_fffc3cf5: cmp ebx, edx -je short loc_fffc3e1b ; je 0xfffc3e1b +je short loc_fffc3d10 ; je 0xfffc3d10 mov esi, ecx xor cl, byte [eax + ebx] inc ebx @@ -48374,9 +48255,9 @@ shr esi, 8 movzx ecx, cl xor esi, dword [ebp + ecx*4 - 0x408] mov ecx, esi -jmp short loc_fffc3e00 ; jmp 0xfffc3e00 +jmp short loc_fffc3cf5 ; jmp 0xfffc3cf5 -loc_fffc3e1b: +loc_fffc3d10: add esp, 0x400 mov eax, ecx pop ebx @@ -48385,9 +48266,9 @@ pop esi pop ebp ret -fcn_fffc3e29: +fcn_fffc3d1e: cmp dword [eax + 0x39], 1 -jne loc_fffc3f07 ; jne 0xfffc3f07 +jne loc_fffc3dfc ; jne 0xfffc3dfc push ebp add eax, 0x369 mov ebp, esp @@ -48399,11 +48280,11 @@ mov ebx, dword [edx + 9] mov dword [ebp - 0x10], eax mov byte [ebp - 0x11], 2 -loc_fffc3e4b: +loc_fffc3d40: mov ecx, dword [ebp - 0x10] xor esi, esi -loc_fffc3e50: +loc_fffc3d45: movzx edi, byte [ebx + 0x10] mov word [ecx - 0x18], di mov di, word [ebx + 8] @@ -48425,15 +48306,15 @@ mov word [ecx - 8], di mov di, word [ebx + 0xc] mov word [ecx - 2], di cmp byte [edx], 5 -jbe short loc_fffc3eae ; jbe 0xfffc3eae +jbe short loc_fffc3da3 ; jbe 0xfffc3da3 mov di, word [ebx + 0x68] mov word [ecx], di -jmp short loc_fffc3eb3 ; jmp 0xfffc3eb3 +jmp short loc_fffc3da8 ; jmp 0xfffc3da8 -loc_fffc3eae: +loc_fffc3da3: mov word [ecx], 0 -loc_fffc3eb3: +loc_fffc3da8: mov di, word [ebx + 0x16] inc esi add ecx, 0x277 @@ -48446,1803 +48327,1486 @@ mov word [ecx - 0x26d], di mov di, word [ebx + 0x18] mov word [ecx - 0x26b], di cmp al, 2 -jne loc_fffc3e50 ; jne 0xfffc3e50 +jne loc_fffc3d45 ; jne 0xfffc3d45 add dword [ebp - 0x10], 0x54a dec byte [ebp - 0x11] -jne loc_fffc3e4b ; jne 0xfffc3e4b +jne loc_fffc3d40 ; jne 0xfffc3d40 add esp, 5 pop ebx pop esi pop edi pop ebp -loc_fffc3f07: +loc_fffc3dfc: ret -fcn_fffc3f08: ; not directly referenced +fcn_fffc3dfd: ; not directly referenced push ebp mov ebp, esp push edi push esi +mov esi, eax push ebx -sub esp, 0x3c -mov ebx, dword [ebp + 8] -cmp dword [ebx + 0x1887], 0x306d0 -je short loc_fffc3f54 ; je 0xfffc3f54 - -loc_fffc3f20: ; not directly referenced -mov ecx, 0x14 -mov edx, 0x5f08 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebx + 0x3756], 2 -jne loc_fffc407f ; jne 0xfffc407f -mov ecx, 0x3000 -mov edx, 0x48a8 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc407f ; jmp 0xfffc407f - -loc_fffc3f54: ; not directly referenced -cmp byte [ebx + 0x18ed], 0 -je short loc_fffc3f20 ; je 0xfffc3f20 -mov eax, dword [ebx + 0x36e8] -sub eax, 2 -cmp eax, 1 -ja short loc_fffc3f20 ; ja 0xfffc3f20 -mov dl, 0x10 +xor ebx, ebx +sub esp, 0x2c +mov eax, dword [eax + 0x2481] +mov dword [ebp - 0x2c], ecx +lea edi, [esi + 0x3757] +mov byte [ebp - 0x25], dl +mov dword [ebp - 0x24], eax -loc_fffc3f6d: ; not directly referenced -mov eax, ebx -mov dword [ebp - 0x2c], edx -call fcn_fffb0e8a ; call 0xfffb0e8a -mov edx, dword [ebp - 0x2c] -dec dl -jne short loc_fffc3f6d ; jne 0xfffc3f6d -cmp dword [ebx + 0x36e8], 3 -jne short loc_fffc3f20 ; jne 0xfffc3f20 -mov eax, dword [ebx + 0x2443] -mov esi, dword [ebx + 0x5edc] -push edi +loc_fffc3e1f: ; not directly referenced +cmp dword [edi], 2 +jne loc_fffc3f1b ; jne 0xfffc3f1b +mov dl, byte [ebp - 0x25] +and dl, byte [edi + 0xc4] +je loc_fffc3f1b ; je 0xfffc3f1b +mov eax, dword [ebp - 0x2c] +movzx ecx, dl +mov dword [ebp - 0x20], ecx +movzx eax, byte [eax + ebx] +push edx push 0 -push 0x10 -lea edi, [ebp - 0x28] -push edi -mov dword [ebp - 0x3c], eax -call dword [eax + 0x5c] ; ucall -lea eax, [ebx + 0x3756] -add esp, 0x10 -mov dword [ebp - 0x30], eax -lea eax, [esi + 0x70] -mov dword [ebp - 0x34], eax -lea eax, [ebx + 0x2490] -mov dword [ebp - 0x2c], 0 -mov dword [ebp - 0x40], eax -mov dword [ebp - 0x44], edi - -loc_fffc3fc7: ; not directly referenced -mov eax, dword [ebp - 0x30] -cmp dword [eax], 2 -je short loc_fffc3feb ; je 0xfffc3feb +push eax +push 3 +push ecx +push 0 +push ebx +push esi +mov dword [ebp - 0x1c], eax +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +xor edx, edx -loc_fffc3fcf: ; not directly referenced -inc dword [ebp - 0x2c] -add dword [ebp - 0x30], 0x13c3 -add dword [ebp - 0x34], 0xcc -cmp dword [ebp - 0x2c], 2 -jne short loc_fffc3fc7 ; jne 0xfffc3fc7 -jmp near loc_fffc3f20 ; jmp 0xfffc3f20 +loc_fffc3e5c: ; not directly referenced +mov eax, dword [ebp - 0x20] +bt eax, edx +jae short loc_fffc3e71 ; jae 0xfffc3e71 +movzx edx, byte [edi + edx + 0x245] +add edx, dword [ebp - 0x1c] +jmp short loc_fffc3e79 ; jmp 0xfffc3e79 -loc_fffc3feb: ; not directly referenced -mov cl, byte [ebp - 0x2c] -xor esi, esi -xor edx, edx -mov dword [ebp - 0x38], 1 -shl dword [ebp - 0x38], cl +loc_fffc3e71: ; not directly referenced +inc edx +cmp edx, 4 +jne short loc_fffc3e5c ; jne 0xfffc3e5c +xor dl, dl -loc_fffc3ffc: ; not directly referenced -mov edi, dword [ebp - 0x30] -mov eax, 1 -mov ecx, esi -shl eax, cl -test byte [edi + 0xc4], al -je short loc_fffc4074 ; je 0xfffc4074 -test edx, edx -jne short loc_fffc4074 ; jne 0xfffc4074 -mov edx, dword [ebp - 0x2c] -mov ecx, eax -mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 -movzx edi, al -test dword [ebp - 0x38], edi -je short loc_fffc403f ; je 0xfffc403f +loc_fffc3e79: ; not directly referenced push ecx push 0 -movzx eax, byte [ebx + 0x2488] -push eax -mov eax, dword [ebp - 0x3c] -push dword [ebp - 0x34] -call dword [eax + 0x64] ; ucall -add esp, 0x10 - -loc_fffc403f: ; not directly referenced -sub esp, 0xc -mov ecx, 0x11 +push edx +push 1 +push dword [ebp - 0x20] +push 4 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c +mov edx, dword [ebp - 0x1c] push 0 -mov edx, edi -mov eax, ebx -call fcn_fffb26ca ; call 0xfffb26ca -mov ecx, edi -pop eax -mov eax, ebx -pop edx -mov edx, dword [ebp - 0x40] +add edx, dword [edi + 0x111] +push edx +push 1 +push dword [ebp - 0x20] +push 2 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c +mov edx, dword [ebp - 0x1c] push 0 -push dword [ebp - 0x44] +add edx, dword [edi + 0x119] +push edx push 1 +push dword [ebp - 0x20] push 1 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +cmp dword [ebp - 0x24], 3 +jne short loc_fffc3efd ; jne 0xfffc3efd +mov eax, dword [ebp - 0x1c] +add dword [edi + 0x111], eax +push edx +push 0 +mov edx, dword [edi + 0x115] +add edx, eax +push edx +push 2 +push dword [ebp - 0x20] push 2 +push ebx push esi -call fcn_fffc6051 ; call 0xfffc6051 +call fcn_fffabc7a ; call 0xfffabc7a +mov edx, dword [ebp - 0x1c] add esp, 0x20 -mov edx, 1 - -loc_fffc4074: ; not directly referenced -inc esi -cmp esi, 4 -jne short loc_fffc3ffc ; jne 0xfffc3ffc -jmp near loc_fffc3fcf ; jmp 0xfffc3fcf +sub dword [edi + 0x111], edx -loc_fffc407f: ; not directly referenced -cmp dword [ebx + 0x4b19], 2 -jne short loc_fffc4099 ; jne 0xfffc4099 -mov ecx, 0x3000 -mov edx, 0x48b0 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c +loc_fffc3efd: ; not directly referenced +mov edx, dword [ebp - 0x1c] +push eax +push 0 +add edx, dword [edi + 0x109] +push edx +push 1 +push dword [ebp - 0x20] +push 3 +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffc4099: ; not directly referenced -mov eax, ebx -call fcn_fffae778 ; call 0xfffae778 +loc_fffc3f1b: ; not directly referenced +inc ebx +add edi, 0x13c3 +cmp ebx, 2 +jne loc_fffc3e1f ; jne 0xfffc3e1f +sub esp, 0xc +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d lea esp, [ebp - 0xc] -xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffc40aa: ; not directly referenced +fcn_fffc3f3c: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x60 -mov edi, dword [ebp + 8] -mov eax, dword [edi + 0x5edc] -mov esi, dword [edi + 0x188b] -mov dword [ebp - 0x44], eax -mov eax, dword [edi + 0x2443] -mov ebx, eax -mov dword [ebp - 0x48], eax -mov eax, dword [edi + 0x1887] -mov dword [ebp - 0x4c], eax -mov eax, dword [edi + 0x1883] -mov dword [ebp - 0x50], eax -mov al, byte [edi + 0x248d] +mov ebx, edx +sub esp, 0x3d0 +mov edi, dword [ebp + 0xc] +mov dword [ebp - 0x3cc], ecx +mov ecx, dword [ebp + 0x14] +mov byte [ebp - 0x38e], dl +mov dl, byte [ebp + 8] +mov esi, dword [ebp + 0x10] +mov dword [ebp - 0x34c], eax +xor eax, eax +cmp bl, 0xc +mov dword [ebp - 0x37c], ecx +mov ecx, dword [ebp + 0x24] +mov dword [ebp - 0x374], edi +mov byte [ebp - 0x3a4], dl +mov edx, edi +lea edi, [ebp - 0x2e0] +mov dword [ebp - 0x380], ecx +mov ecx, dword [ebp + 0x2c] +mov byte [ebp - 0x34d], dl +mov edx, esi +mov byte [ebp - 0x364], dl +mov dl, byte [ebp + 0x20] +mov dword [ebp - 0x378], esi +mov esi, ref_fffd5578 ; mov esi, 0xfffd5578 +mov dword [ebp - 0x384], ecx +mov ecx, 0xb +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0x321] +mov byte [ebp - 0x38f], dl +mov dl, byte [ebp + 0x28] +mov word [ebp - 0x2d8], 7 +mov word [ebp - 0x2d2], 0x3ff +mov word [ebp - 0x2bc], 1 +mov byte [ebp - 0x34e], dl +mov cl, 0xd +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +lea edi, [ebp - 0x302] +mov esi, ref_fffd5588 ; mov esi, 0xfffd5588 +mov word [ebp - 0x2b6], 1 +mov cl, 4 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov eax, dword [ebp - 0x34c] +lea edi, [ebp - 0x288] +mov esi, ref_fffd5598 ; mov esi, 0xfffd5598 +mov byte [ebp - 0x33e], 0 +mov byte [ebp - 0x33d], 0 +mov word [ebp - 0x32c], 0 +mov dword [ebp - 0x32a], 0 +mov cl, 0xc +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, dword [eax + 0x2444] +mov esi, 0xa +mov al, 0x14 +cmovne esi, eax +push 0 +mov eax, esi +push 2 +mov byte [ebp - 0x3b6], al +lea eax, [ebp - 0x33a] +push eax +mov dword [ebp - 0x326], 7 +mov byte [ebp - 0x322], 0 +call dword [edi + 0x60] ; ucall +add esp, 0xc +push 0 +push 2 +lea eax, [ebp - 0x33c] +push eax +call dword [edi + 0x5c] ; ucall +add esp, 0xc push 0 push 0x10 -mov byte [ebp - 0x5b], al -lea eax, [ebp - 0x28] +lea eax, [ebp - 0x314] push eax -mov eax, ebx -call dword [eax + 0x5c] ; ucall +call dword [edi + 0x5c] ; ucall +add esp, 0xc +push 0x2c +lea eax, [ebp - 0x2e0] +push eax +lea eax, [ebp - 0x2b4] +push eax +call dword [edi + 0x58] ; ucall add esp, 0x10 -cmp byte [edi + 0x36c9], 0 -jne short loc_fffc410e ; jne 0xfffc410e -xor ebx, ebx -test esi, esi -je loc_fffc4551 ; je 0xfffc4551 +xor eax, eax -loc_fffc410e: ; not directly referenced -cmp dword [edi + 0x2480], 3 -mov ecx, 0xa -sete bl -jne short loc_fffc4156 ; jne 0xfffc4156 -cmp dword [ebp - 0x50], 3 -sete dl -cmp dword [ebp - 0x4c], 0x306d0 +loc_fffc40b2: ; not directly referenced +mov byte [ebp + eax - 0x335], al +inc eax +cmp eax, 9 +jne short loc_fffc40b2 ; jne 0xfffc40b2 +cmp bl, 0xc sete al -test dl, al -jne loc_fffc453a ; jne 0xfffc453a -cmp dword [ebp - 0x50], 0 -sete dl -cmp dword [ebp - 0x4c], 0x40670 +mov byte [ebp - 0x34f], al +movzx eax, al +mov dword [ebp - 0x354], eax +lea eax, [ebx - 8] +cmp al, 1 +setbe dl +cmp bl, 0xb sete al -test dl, al -jne loc_fffc453a ; jne 0xfffc453a -mov ecx, 6 +or dl, al +mov dword [ebp - 0x35c], 1 +jne short loc_fffc40fe ; jne 0xfffc40fe +xor eax, eax +cmp bl, 0xa +sete al +mov dword [ebp - 0x35c], eax -loc_fffc4156: ; not directly referenced -mov dword [ebp - 0x58], 0 +loc_fffc40fe: ; not directly referenced +mov al, byte [ebp - 0x33d] +mov esi, dword [ebp - 0x34c] +movzx ecx, byte [ebp - 0x38e] +mov dword [ebp - 0x358], 0 +mov byte [ebp - 0x360], al +mov al, byte [ebp - 0x33e] +add esi, 0x381b +mov dword [ebp - 0x388], ecx + +loc_fffc4133: ; not directly referenced +mov cl, byte [esi] +test cl, cl +je loc_fffc41f7 ; je 0xfffc41f7 +mov dl, cl +and edx, 0xc +cmp dl, 0xc +je short loc_fffc415d ; je 0xfffc415d +mov dl, cl +and edx, 3 +cmp dl, 3 +sete dl +movzx edx, dl +mov dword [ebp - 0x370], edx +jmp short loc_fffc4167 ; jmp 0xfffc4167 loc_fffc415d: ; not directly referenced -mov eax, dword [ebp - 0x44] -mov al, byte [eax + 0x14] -and eax, 0x7f -mov dl, al -or edx, 0xffffff80 -test al, 0x40 -cmovne eax, edx -cbw -lea eax, [eax + eax*4] -add eax, eax -dec esi -mov word [ebp - 0x5a], ax -sete al -test al, bl -je loc_fffc428d ; je 0xfffc428d -mov eax, dword [ebp - 0x44] -lea ebx, [ebp - 0x34] -mov dword [ebp - 0x40], 0 -lea esi, [eax + 0x1c] +mov dword [ebp - 0x370], 1 -loc_fffc4197: ; not directly referenced -cmp byte [esi + 0xb5], 0 +loc_fffc4167: ; not directly referenced +test byte [ebp - 0x34e], cl +je loc_fffc41f7 ; je 0xfffc41f7 +mov cl, byte [ebp - 0x358] +mov edx, 1 +shl edx, cl +mov ecx, dword [ebp - 0x388] +mov dword [ebp - 0x368], edx +mov cl, byte [ebp + ecx - 0x321] +mov byte [ebp - 0x36c], cl +and cl, 2 je short loc_fffc41b9 ; je 0xfffc41b9 - -loc_fffc41a0: ; not directly referenced -inc dword [ebp - 0x40] -add esi, 0xcc -cmp dword [ebp - 0x40], 2 -jne short loc_fffc4197 ; jne 0xfffc4197 -mov ecx, 0xa -jmp near loc_fffc428d ; jmp 0xfffc428d +mov cl, byte [ebp - 0x360] +mov dl, byte [ebp - 0x368] +or edx, ecx +cmp dword [esi - 4], 2 +cmove ecx, edx +mov byte [ebp - 0x360], cl loc_fffc41b9: ; not directly referenced -imul eax, dword [ebp - 0x40], 0x13c3 -mov byte [esi + 0xb5], 0xff -mov dword [ebp - 0x3c], 0 -mov dword [ebp - 0x60], eax +test byte [ebp - 0x36c], 1 +je short loc_fffc41cb ; je 0xfffc41cb +cmp dword [ebp - 0x370], 0 +jne short loc_fffc41d4 ; jne 0xfffc41d4 -loc_fffc41d1: ; not directly referenced -mov cl, byte [ebp - 0x3c] -mov eax, 1 -shl eax, cl -mov ecx, dword [ebp - 0x60] -test byte [edi + ecx + 0x381a], al -jne short loc_fffc41f2 ; jne 0xfffc41f2 +loc_fffc41cb: ; not directly referenced +cmp dword [ebp - 0x354], 0 +je short loc_fffc41da ; je 0xfffc41da -loc_fffc41e7: ; not directly referenced -inc dword [ebp - 0x3c] -cmp dword [ebp - 0x3c], 4 -jne short loc_fffc41d1 ; jne 0xfffc41d1 -jmp short loc_fffc41a0 ; jmp 0xfffc41a0 +loc_fffc41d4: ; not directly referenced +or eax, dword [ebp - 0x368] -loc_fffc41f2: ; not directly referenced -mov ecx, dword [ebp - 0x3c] -mov edx, dword [ebp - 0x40] -movzx eax, cl -lea eax, [esi + eax*4 + 0xb6] -mov dword [ebp - 0x54], eax -push eax -push eax -mov eax, edi -push ebx -push 5 -call fcn_fffa686d ; call 0xfffa686d -mov ecx, dword [ebp - 0x3c] -pop eax -pop edx -mov edx, dword [ebp - 0x40] -lea eax, [ebp - 0x30] -push eax -mov eax, edi -push 6 -call fcn_fffa686d ; call 0xfffa686d -mov edx, dword [ebp - 0x40] -pop ecx -pop eax -mov ecx, dword [ebp - 0x3c] -lea eax, [ebp - 0x2c] -push eax -mov eax, edi -push 7 -call fcn_fffa686d ; call 0xfffa686d -add esp, 0x10 -xor eax, eax +loc_fffc41da: ; not directly referenced +cmp dword [ebp - 0x35c], 0 +je short loc_fffc41f7 ; je 0xfffc41f7 +mov edx, dword [ebp - 0x358] +movzx ecx, al +bt ecx, edx +jb short loc_fffc41f7 ; jb 0xfffc41f7 +or eax, dword [ebp - 0x368] + +loc_fffc41f7: ; not directly referenced +inc dword [ebp - 0x358] +add esi, 0x13c3 +cmp dword [ebp - 0x358], 2 +jne loc_fffc4133 ; jne 0xfffc4133 +mov dl, byte [ebp - 0x360] +mov cl, byte [ebp - 0x374] +cmp byte [ebp - 0x378], cl +mov byte [ebp - 0x33e], al +mov byte [ebp - 0x33d], dl +setle cl +or al, dl +mov byte [ebp - 0x358], al +sete al +or cl, al +je short loc_fffc424a ; je 0xfffc424a loc_fffc4240: ; not directly referenced -mov dl, byte [eax + ebx] -mov ecx, dword [ebp - 0x54] -mov byte [ecx + eax], dl -mov dl, byte [eax + ebx] -cmp dl, 1 -je short loc_fffc4258 ; je 0xfffc4258 -cmp dl, 3 -je short loc_fffc426d ; je 0xfffc426d -jmp short loc_fffc4282 ; jmp 0xfffc4282 +mov eax, 1 +jmp near loc_fffc4f9d ; jmp 0xfffc4f9d -loc_fffc4258: ; not directly referenced -cmp byte [eax + ebp - 0x30], 1 -jne short loc_fffc426d ; jne 0xfffc426d -cmp byte [ebp + eax - 0x2c], 0 -jne short loc_fffc426d ; jne 0xfffc426d -mov byte [esi + 0xb5], 1 +loc_fffc424a: ; not directly referenced +mov eax, dword [ebp - 0x34c] +mov byte [eax + 0x248c], 3 +lea eax, [ebx - 6] +cmp al, 1 +ja short loc_fffc4279 ; ja 0xfffc4279 +mov eax, dword [ebp - 0x34c] +mov edx, 1 +mov ecx, 4 +mov byte [eax + 0x248c], 5 +mov al, 0xd +jmp short loc_fffc429b ; jmp 0xfffc429b -loc_fffc426d: ; not directly referenced -cmp byte [eax + ebp - 0x30], 0 -jne short loc_fffc4282 ; jne 0xfffc4282 -cmp byte [ebp + eax - 0x2c], 0 -jne short loc_fffc4282 ; jne 0xfffc4282 -mov byte [esi + 0xb5], 1 +loc_fffc4279: ; not directly referenced +cmp dword [ebp - 0x35c], 0 +je short loc_fffc42a2 ; je 0xfffc42a2 +mov eax, dword [ebp - 0x34c] +mov edx, 1 +mov ecx, 5 +mov byte [eax + 0x248c], 6 +mov al, 0xd -loc_fffc4282: ; not directly referenced -inc eax -cmp eax, 4 -jne short loc_fffc4240 ; jne 0xfffc4240 -jmp near loc_fffc41e7 ; jmp 0xfffc41e7 +loc_fffc429b: ; not directly referenced +mov esi, 0x80 +jmp short loc_fffc42c4 ; jmp 0xfffc42c4 -loc_fffc428d: ; not directly referenced -movzx edx, byte [edi + 0x248e] -sub esp, 0xc -mov eax, edi -push 0 -xor ebx, ebx -call fcn_fffb2759 ; call 0xfffb2759 -mov eax, dword [ebp - 0x44] -add esp, 0x10 -mov byte [ebp - 0x3c], 0 -lea esi, [eax + 0x70] +loc_fffc42a2: ; not directly referenced +cmp byte [ebp - 0x34f], 1 +sbb eax, eax +xor edx, edx +and eax, 0xfffffffd +xor ecx, ecx +add eax, 0x10 +cmp byte [ebp - 0x34f], 1 +sbb esi, esi +and esi, 0x7c +add esi, 4 -loc_fffc42af: ; not directly referenced -imul eax, ebx, 0x13c3 -mov edx, ebx -movzx ecx, byte [edi + eax + 0x381a] -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x3c], al -movzx ecx, byte [ebp - 0x3c] -bt ecx, ebx -jae short loc_fffc42ed ; jae 0xfffc42ed -push edx +loc_fffc42c4: ; not directly referenced +movzx eax, al +movzx esi, si +mov dword [ebp - 0x35c], ebx +mov ebx, dword [ebp - 0x34c] +mov word [ebp - 0x32c], ax +movzx eax, byte [ebp - 0x37c] +mov dword [ebp - 0x2a0], edx +mov dword [ebp - 0x294], edx +mov bl, byte [ebx + 0x248c] +mov edx, eax +movzx eax, byte [ebp - 0x358] push 0 -movzx eax, byte [edi + 0x2488] -mov dword [ebp - 0x40], ecx -push eax -mov eax, dword [ebp - 0x48] -push esi -call dword [eax + 0x64] ; ucall -mov ecx, dword [ebp - 0x40] -add esp, 0x10 - -loc_fffc42ed: ; not directly referenced -inc ebx -add esi, 0xcc -cmp ebx, 2 -jne short loc_fffc42af ; jne 0xfffc42af -push eax -push eax push 0 -lea eax, [ebp - 0x28] -push eax -mov eax, edi -push 0x36 push 0 -push 0xd -lea edx, [edi + 0x2490] +mov byte [ebp - 0x322], bl +mov ebx, eax +mov dword [ebp - 0x3a0], eax +lea eax, [ebp - 0x32c] +push eax push 0 -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x14 -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -mov eax, dword [ebp - 0x58] -add esp, 0x10 -movsx edx, word [ebp - 0x5a] -xor ecx, ecx -mov dword [ebp - 0x48], 0x3e8 -mov dword [ebp - 0x54], 0 -add eax, 0x1e -mov dword [ebp - 0x40], 0x7fffffff -sub eax, edx -mov dword [ebp - 0x3c], 0x7fffffff - -loc_fffc434c: ; not directly referenced -imul edx, ecx, 0x13c3 -cmp dword [edi + edx + 0x3756], 2 -jne short loc_fffc43a9 ; jne 0xfffc43a9 -imul edx, ecx, 0x48 -mov esi, dword [ebp - 0x3c] -mov ebx, dword [edi + edx + 0x3450] -mov edx, dword [edi + edx + 0x3454] -cmp esi, ebx -cmovle ebx, esi -mov esi, dword [ebp - 0x40] -mov dword [ebp - 0x3c], ebx -mov ebx, dword [ebp - 0x44] -cmp esi, edx -cmovle edx, esi -mov esi, dword [ebp - 0x48] -mov dword [ebp - 0x40], edx -imul edx, ecx, 0xcc -cmp byte [ebx + edx + 0xd1], 0 +lea eax, [ebp - 0x2b4] +push eax +push edx +push esi +mov dword [ebp - 0x358], edx +mov edx, ebx +mov ebx, dword [ebp - 0x34c] +mov eax, ebx +call fcn_fffae425 ; call 0xfffae425 +add esp, 0x20 +lea eax, [esi - 1] +mov esi, ebx +call fcn_fffb396b ; call 0xfffb396b +mov cl, byte [ebp - 0x358] mov edx, 1 -cmovle edx, dword [ebp - 0x54] -cmovg esi, eax -mov dword [ebp - 0x48], esi -mov dword [ebp - 0x54], edx - -loc_fffc43a9: ; not directly referenced -inc ecx -cmp ecx, 2 -jne short loc_fffc434c ; jne 0xfffc434c -mov eax, dword [ebp - 0x40] -sub eax, dword [ebp - 0x3c] -cdq -idiv ecx -cmp dword [ebp - 0x50], 3 -seta dl -cmp dword [ebp - 0x4c], 0x306d0 -mov dword [ebp - 0x44], eax -sete al -test dl, al -jne short loc_fffc43ea ; jne 0xfffc43ea -cmp dword [ebp - 0x50], 0 -mov ebx, 1 -setne dl -cmp dword [ebp - 0x4c], 0x40670 +sub ecx, eax +mov eax, edx +shl eax, cl +mov ecx, eax +mov al, 1 +test cl, cl +cmovg eax, ecx +mov byte [ebx + 0x248d], al +mov ebx, dword [ebp - 0x35c] +movzx ecx, byte [esi + 0x2489] +mov dword [ebp - 0x35c], 0 +lea eax, [ebx - 0xa] +cmp al, 1 +mov byte [ebp - 0x3b5], al +setbe al +movzx eax, al +shl edx, cl +cmp bl, 0xa +mov bl, byte [ebp - 0x364] +mov dword [ebp - 0x38c], eax +lea eax, [edx - 1] +mov dl, byte [ebp - 0x34d] +mov word [ebp - 0x3a2], ax sete al -test dl, al -je short loc_fffc4449 ; je 0xfffc4449 +lea eax, [eax + eax - 1] +mov cl, al +mov byte [ebp - 0x358], al +mov al, byte [ebp - 0x378] +cmove eax, edx +mov dl, al +mov byte [ebp - 0x34d], al +mov al, byte [ebp - 0x374] +cmove eax, ebx +add esi, 0x3757 +mov byte [ebp - 0x364], al +mov al, byte [ebp - 0x384] +imul eax, ecx +sub edx, eax +mov byte [ebp - 0x350], al +movzx eax, dl +mov dword [ebp - 0x36c], eax -loc_fffc43ea: ; not directly referenced -cmp dword [edi + 0x2480], 2 -mov ebx, 1 -je short loc_fffc4449 ; je 0xfffc4449 -movsx eax, word [ebp - 0x5a] -mov ecx, 1 -mov edx, 0xd -mov esi, eax -mov dword [ebp - 0x4c], eax -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -mov ecx, dword [ebp - 0x40] -mov edx, esi -add ecx, esi -mov esi, 0 -cmovs ecx, esi -mov esi, dword [ebp - 0x3c] -sub esi, edx -mov edx, esi -mov esi, 0 -cmovs edx, esi -cmp ecx, edx -cmovle edx, ecx -shr ax, 1 -movzx eax, ax -cmp edx, eax -jbe short loc_fffc4449 ; jbe 0xfffc4449 -mov eax, dword [ebp - 0x4c] -xor bl, bl -neg eax -mov dword [ebp - 0x44], eax +loc_fffc43ff: ; not directly referenced +cmp dword [esi], 2 +je short loc_fffc4476 ; je 0xfffc4476 -loc_fffc4449: ; not directly referenced -mov eax, dword [ebp - 0x48] -cmp dword [ebp - 0x44], eax -mov byte [edi + 0x369f], bl -setg al -test byte [ebp - 0x54], al -je short loc_fffc4469 ; je 0xfffc4469 -mov eax, dword [ebp - 0x48] -test ebx, ebx -cmove eax, dword [ebp - 0x44] -mov dword [ebp - 0x44], eax +loc_fffc4404: ; not directly referenced +add dword [ebp - 0x35c], 9 +add esi, 0x13c3 +cmp dword [ebp - 0x35c], 0x12 +jne short loc_fffc43ff ; jne 0xfffc43ff +movzx eax, byte [ebp - 0x380] +movzx edi, byte [ebp - 0x38e] +mov dword [ebp - 0x37c], 0 +mov dword [ebp - 0x3b0], eax +imul eax, eax, 0x90 +mov dword [ebp - 0x398], edi +movzx edi, byte [ebp - 0x34e] +mov dword [ebp - 0x3c4], eax +mov al, byte [ebp - 0x364] +mov dword [ebp - 0x39c], edi +mov byte [ebp - 0x36c], al +mov al, byte [ebp - 0x34d] +mov byte [ebp - 0x374], al +xor eax, eax +jmp near loc_fffc469c ; jmp 0xfffc469c -loc_fffc4469: ; not directly referenced -mov eax, dword [ebp - 0x44] -mov ecx, 0xa -push 0 -push 0 -push 0 -cdq -idiv ecx -push 0 +loc_fffc4476: ; not directly referenced +mov ebx, dword [ebp - 0x34c] +push ecx +push dword [ebp - 0x36c] +movzx eax, byte [ebx + 0x2489] push eax -push 1 -push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x14 -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -mov edx, 0xd -xor ecx, ecx -mov dword [ebp - 0x48], eax -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -mov esi, dword [ebp - 0x40] +mov eax, dword [ebp - 0x35c] +lea eax, [ebp + eax - 0x2f2] +push eax +call dword [edi + 0x5c] ; ucall +mov al, byte [ebx + 0x2489] add esp, 0x10 -mov ebx, dword [ebp - 0x3c] -lea edx, [esi + ebx] -shr ax, 1 -movzx eax, ax -cmp edx, eax -jb short loc_fffc44d0 ; jb 0xfffc44d0 +xor edx, edx +mov byte [ebp - 0x368], al -loc_fffc44b7: ; not directly referenced -mov esi, dword [ebp - 0x44] -lea eax, [edi + 0x3450] -xor ecx, ecx -mov ebx, dword [ebp - 0x40] -mov edx, dword [ebp - 0x3c] -sub ebx, esi -add edx, esi -mov esi, ebx -jmp short loc_fffc44f4 ; jmp 0xfffc44f4 +loc_fffc44ad: ; not directly referenced +cmp dl, byte [ebp - 0x368] +je loc_fffc4404 ; je 0xfffc4404 +movzx ecx, dl +add ecx, dword [ebp - 0x35c] +lea eax, [ebp - 0x258] +mov byte [ebp - 0x360], 0 +add ecx, ecx +add ecx, eax +xor eax, eax -loc_fffc44d0: ; not directly referenced -cmp byte [edi + 0x1965], 0 -je short loc_fffc44b7 ; je 0xfffc44b7 -cmp dword [edi + 0x188b], 1 -mov ebx, 0xc -jne short loc_fffc44b7 ; jne 0xfffc44b7 -jmp short loc_fffc4551 ; jmp 0xfffc4551 +loc_fffc44d5: ; not directly referenced +mov bl, byte [ebp - 0x3a4] +cmp byte [ebp - 0x360], bl +je short loc_fffc4523 ; je 0xfffc4523 +mov bl, byte [ebp - 0x38f] +test bl, bl +je short loc_fffc4516 ; je 0xfffc4516 +mov word [ecx + eax], 0x500 +cmp bl, 1 +jbe short loc_fffc44ff ; jbe 0xfffc44ff +mov word [ecx + eax + 0x24], 0x500 -loc_fffc44e9: ; not directly referenced -inc ecx +loc_fffc44ff: ; not directly referenced +cmp byte [ebp - 0x38f], 1 +mov word [ecx + eax + 0x48], 0x500 +jbe short loc_fffc4516 ; jbe 0xfffc4516 +mov word [ecx + eax + 0x6c], 0x500 + +loc_fffc4516: ; not directly referenced +inc byte [ebp - 0x360] add eax, 0x90 -cmp ecx, 4 -je short loc_fffc4507 ; je 0xfffc4507 +jmp short loc_fffc44d5 ; jmp 0xfffc44d5 -loc_fffc44f4: ; not directly referenced -mov ebx, 1 -shl ebx, cl -test byte [ebp - 0x5b], bl -je short loc_fffc44e9 ; je 0xfffc44e9 -mov dword [eax], edx -mov dword [eax + 4], esi -jmp short loc_fffc44e9 ; jmp 0xfffc44e9 +loc_fffc4523: ; not directly referenced +inc edx +jmp short loc_fffc44ad ; jmp 0xfffc44ad -loc_fffc4507: ; not directly referenced -cmp dword [edi + 0x3756], 2 -jne short loc_fffc451e ; jne 0xfffc451e -xor cl, cl -mov edx, 0x4198 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 +loc_fffc4526: ; not directly referenced +test al, al +jne loc_fffc46b8 ; jne 0xfffc46b8 +mov al, byte [ebp - 0x34d] +sub eax, dword [ebp - 0x374] +imul eax, dword [ebp - 0x358] +mov byte [ebp - 0x38d], al +dec al +sete al +test byte [ebp - 0x34f], al +je short loc_fffc4578 ; je 0xfffc4578 +mov al, byte [ebp - 0x36c] +add ecx, dword [ebp - 0x374] +neg byte [ebp - 0x358] +mov byte [ebp - 0x374], dl +mov byte [ebp - 0x34d], al +mov byte [ebp - 0x36c], cl -loc_fffc451e: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -mov ebx, dword [ebp - 0x48] -jne short loc_fffc4551 ; jne 0xfffc4551 -xor ecx, ecx -mov edx, 0x4598 -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -jmp short loc_fffc4551 ; jmp 0xfffc4551 +loc_fffc4578: ; not directly referenced +movzx eax, byte [ebp - 0x34d] +xor esi, esi +mov edi, eax +shl edi, 0x18 +mov dword [ebp - 0x360], edi +mov edi, 0x48dc +mov dword [ebp - 0x368], eax -loc_fffc453a: ; not directly referenced -mov eax, dword [ebp - 0x44] -mov ecx, 6 -imul eax, dword [eax + 0x1b4], 0xa -mov dword [ebp - 0x58], eax -jmp near loc_fffc415d ; jmp 0xfffc415d +loc_fffc4597: ; not directly referenced +imul eax, esi, 0x13c3 +mov ebx, dword [ebp - 0x34c] +mov al, byte [ebx + eax + 0x381b] +mov ebx, dword [ebp - 0x3a0] +bt ebx, esi +jb loc_fffc46e2 ; jb 0xfffc46e2 -loc_fffc4551: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, ebx -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffc45b9: ; not directly referenced +inc esi +add edi, 8 +cmp esi, 2 +jne short loc_fffc4597 ; jne 0xfffc4597 +mov al, byte [ebp - 0x34d] +sub eax, dword [ebp - 0x358] +mov dword [ebp - 0x3a8], 0 +mov dword [ebp - 0x368], 0 +mov byte [ebp - 0x390], al +mov al, byte [ebp - 0x350] +sub byte [ebp - 0x390], al -fcn_fffc455b: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 8 -mov esi, dword [ebp + 8] -mov ebx, dword [ebp + 0x14] -mov dword [ebp - 0x10], esi -mov esi, dword [ebp + 0xc] -mov edi, ebx -shr edi, 0x1d -and edi, 1 -mov dword [ebp - 0x14], esi -mov esi, dword [ebp + 0x10] -cmp ax, di -jne short loc_fffc45f0 ; jne 0xfffc45f0 -test dword [ebp + 0x18], 0x800 -jne short loc_fffc45d4 ; jne 0xfffc45d4 +loc_fffc45f4: ; not directly referenced +mov eax, dword [ebp - 0x368] +movzx eax, byte [ebp + eax - 0x33e] +mov byte [ebp - 0x3a3], al +test al, al +je loc_fffc4e37 ; je 0xfffc4e37 +mov dword [ebp - 0x35c], eax +xor esi, esi +imul eax, dword [ebp - 0x368], 6 +mov dword [ebp - 0x364], eax + +loc_fffc4625: ; not directly referenced +mov eax, dword [ebp - 0x35c] +bt eax, esi +jb loc_fffc4802 ; jb 0xfffc4802 + +loc_fffc4634: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffc4625 ; jne 0xfffc4625 +mov eax, dword [ebp - 0x35c] +mov byte [ebp - 0x360], 0 +and eax, 2 +mov dword [ebp - 0x3b4], eax +mov eax, dword [ebp + 0x1c] +mov dword [ebp - 0x394], eax + +loc_fffc4659: ; not directly referenced +mov al, byte [ebp - 0x394] +sub eax, dword [ebp + 0x1c] +mov byte [ebp - 0x364], al +cmp al, byte [ebp - 0x38f] +jae short loc_fffc467d ; jae 0xfffc467d +cmp byte [ebp - 0x360], 0 +je loc_fffc48b2 ; je 0xfffc48b2 + +loc_fffc467d: ; not directly referenced +cmp dword [ebp - 0x368], 1 +jne loc_fffc4e43 ; jne 0xfffc4e43 + +loc_fffc468a: ; not directly referenced +mov al, byte [ebp - 0x358] +add byte [ebp - 0x34d], al +mov al, byte [ebp - 0x360] + +loc_fffc469c: ; not directly referenced +mov edi, dword [ebp - 0x358] +mov dl, byte [ebp - 0x36c] +mov ecx, edi +add edx, edi +cmp byte [ebp - 0x34d], dl +jne loc_fffc4526 ; jne 0xfffc4526 + +loc_fffc46b8: ; not directly referenced +cmp dword [ebp - 0x354], 1 +jne loc_fffc4e66 ; jne 0xfffc4e66 +mov al, byte [ebp - 0x374] +add eax, dword [ebp - 0x358] +neg byte [ebp - 0x358] +mov byte [ebp - 0x36c], al +jmp near loc_fffc4e66 ; jmp 0xfffc4e66 + +loc_fffc46e2: ; not directly referenced +and al, byte [ebp - 0x34e] +mov byte [ebp - 0x364], al +je loc_fffc45b9 ; je 0xfffc45b9 +mov ebx, dword [ebp - 0x34c] +mov edx, edi mov eax, ebx -shr eax, 0xc -and eax, 1 -cmp dx, ax -jne short loc_fffc45f0 ; jne 0xfffc45f0 +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +mov dword [ebp - 0x34c], ebx +xor al, al +or eax, dword [ebp - 0x398] +mov ecx, eax mov eax, ebx -shr eax, 0xb -and eax, 1 -cmp cx, ax -jne short loc_fffc45f0 ; jne 0xfffc45f0 +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x34c] +lea ebx, [edi - 4] mov edx, ebx -shr edx, 8 -and edx, 7 - -loc_fffc45ae: ; not directly referenced -xor eax, eax -cmp word [ebp - 0x10], dx -jne short loc_fffc45f2 ; jne 0xfffc45f2 +call fcn_fffb331f ; call 0xfffb331f mov edx, ebx -shr edx, 0xd -cmp word [ebp - 0x14], dx -jne short loc_fffc45f2 ; jne 0xfffc45f2 -movzx ebx, bl -and esi, 0xfffffff8 -shl ebx, 3 -xor eax, eax -cmp si, bx -sete al -jmp short loc_fffc45f2 ; jmp 0xfffc45f2 - -loc_fffc45d4: ; not directly referenced -test dx, dx -jne short loc_fffc45f0 ; jne 0xfffc45f0 -mov eax, ebx -shr eax, 0xc -and eax, 1 -cmp cx, ax -jne short loc_fffc45f0 ; jne 0xfffc45f0 +lea ebx, [edi + 0x10] +and eax, 0xffffff +or eax, dword [ebp - 0x360] +mov ecx, eax +mov eax, dword [ebp - 0x34c] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x34c] mov edx, ebx -shr edx, 8 -and edx, 0xf -jmp short loc_fffc45ae ; jmp 0xfffc45ae +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +lea ebx, [edi + 0xc] +xor al, al +or eax, dword [ebp - 0x398] +mov ecx, eax +mov eax, dword [ebp - 0x34c] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp - 0x34c] +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +and eax, 0xffffff +or eax, dword [ebp - 0x360] +mov ecx, eax +mov eax, dword [ebp - 0x34c] +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x38c], 0 +mov byte [ebp - 0x35c], 1 +je short loc_fffc47b9 ; je 0xfffc47b9 +mov eax, dword [ebp - 0x34c] +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x35c], al -loc_fffc45f0: ; not directly referenced -xor eax, eax +loc_fffc47b9: ; not directly referenced +movzx eax, byte [ebp - 0x364] +xor ebx, ebx +mov dword [ebp - 0x364], eax -loc_fffc45f2: ; not directly referenced -pop edx -pop ecx -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffc47c8: ; not directly referenced +cmp byte [ebp - 0x35c], bl +jbe loc_fffc45b9 ; jbe 0xfffc45b9 +sub esp, 0xc +mov eax, dword [ebp - 0x34c] +mov ecx, ebx +push dword [ebp - 0x364] +mov edx, esi +inc ebx +push 0 +push 0 +push dword [ebp - 0x368] +push dword [ebp - 0x398] +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 +jmp short loc_fffc47c8 ; jmp 0xfffc47c8 -fcn_fffc45f9: ; not directly referenced -push ebp -xor eax, eax -mov ebp, esp -mov ecx, 8 -push edi -mov edx, 0xcf8 -push esi -push ebx -lea edi, [ebp - 0xe8] -sub esp, 0x198 -mov ebx, dword [ebp + 8] -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0xf8] -mov dword [ebp - 0xbc], fcn_fffaafc2 ; mov dword [ebp - 0xbc], 0xfffaafc2 -mov dword [ebp - 0xb0], fcn_fffaafda ; mov dword [ebp - 0xb0], 0xfffaafda -mov dword [ebp - 0x5c], fcn_fffab0f8 ; mov dword [ebp - 0x5c], 0xfffab0f8 -mov dword [ebp - 0x58], fcn_fffab0ef ; mov dword [ebp - 0x58], 0xfffab0ef -mov dword [ebp - 0xa4], fcn_fffb3d4e ; mov dword [ebp - 0xa4], 0xfffb3d4e -mov cl, 4 -rep stosd ; rep stosd dword es:[edi], eax -mov eax, 0x80000048 -mov dword [ebp - 0xa0], fcn_fffb3dc0 ; mov dword [ebp - 0xa0], 0xfffb3dc0 -mov dword [ebp - 0x7c], fcn_fffc3868 ; mov dword [ebp - 0x7c], 0xfffc3868 -mov dword [ebp - 0x78], fcn_fffc3844 ; mov dword [ebp - 0x78], 0xfffc3844 -out dx, eax -push 0xcfc -call fcn_fffaafc2 ; call 0xfffaafc2 -add esp, 0x10 -mov esi, eax -test al, 1 -jne short loc_fffc468a ; jne 0xfffc468a +loc_fffc4802: ; not directly referenced +imul eax, esi, 0x13c3 +mov edi, dword [ebp - 0x34c] +mov dl, byte [ebp - 0x34e] +and dl, byte [edi + eax + 0x381b] +je loc_fffc4634 ; je 0xfffc4634 +cmp dword [ebp - 0x354], 0 +mov eax, 0x3210 +jne short loc_fffc484c ; jne 0xfffc484c +movzx ecx, dl +movzx ecx, byte [ebp + ecx - 0x302] +cmp cl, 0xf +je short loc_fffc484c ; je 0xfffc484c +add ecx, dword [ebp - 0x364] +mov eax, dword [ebp + ecx*4 - 0x288] -loc_fffc4683: ; not directly referenced -xor eax, eax -jmp near loc_fffc5449 ; jmp 0xfffc5449 +loc_fffc484c: ; not directly referenced +mov dword [ebp - 0x360], 0 +xor ebx, ebx +movzx edx, dl -loc_fffc468a: ; not directly referenced -push 0x60 -mov edi, dword [ebp - 0xb0] -push 0 -push 0 -push 0 -call dword [ebp - 0x7c] ; ucall -pop edx -pop ecx +loc_fffc485b: ; not directly referenced +test eax, eax +je short loc_fffc4881 ; je 0xfffc4881 +mov cl, al +and ecx, 0xf +shr eax, 4 +bt edx, ecx +movzx edi, cl +jae short loc_fffc485b ; jae 0xfffc485b +lea ecx, [ebx*4] +inc ebx +shl edi, cl +or dword [ebp - 0x360], edi +jmp short loc_fffc485b ; jmp 0xfffc485b + +loc_fffc4881: ; not directly referenced +mov edi, dword [ebp - 0x34c] +lea edx, [esi*4 + 0x4930] +dec ebx +mov ecx, dword [ebp - 0x360] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +movzx ecx, bl +mov eax, edi +lea edx, [esi*8 + 0x48ef] +call fcn_fffb335b ; call 0xfffb335b +jmp near loc_fffc4634 ; jmp 0xfffc4634 + +loc_fffc48b2: ; not directly referenced +mov eax, dword [ebp - 0x394] +cmp dword [ebp - 0x354], 0 +mov bl, byte [eax] +je short loc_fffc4906 ; je 0xfffc4906 +mov edi, dword [ebp - 0x360] +lea ecx, [ebp - 0x33c] +test byte [ebp - 0x3a3], 1 +mov edx, dword [ebp - 0x39c] +mov eax, edi +cmovne eax, ebx +cmp dword [ebp - 0x3b4], 0 +mov byte [ebp - 0x33c], al +mov eax, edi +cmovne eax, ebx +mov byte [ebp - 0x33b], al +mov eax, dword [ebp - 0x34c] +call fcn_fffc3dfd ; call 0xfffc3dfd +jmp short loc_fffc4976 ; jmp 0xfffc4976 + +loc_fffc4906: ; not directly referenced +cmp byte [ebp - 0x368], 1 +movzx eax, bl +jne short loc_fffc493f ; jne 0xfffc493f +mov esi, dword [ebp - 0x35c] +sub esp, 0xc +mov ecx, 3 +mov edi, dword [ebp - 0x34c] +neg ebx push eax -push 0xcf8 -call edi -mov dword [esp], 0xcfc -call dword [ebp - 0xbc] ; ucall +mov edx, esi +mov eax, edi +call fcn_fffcff73 ; call 0xfffcff73 +movzx eax, bl +mov ecx, 0xc +mov dword [esp], eax +jmp short loc_fffc496a ; jmp 0xfffc496a + +loc_fffc493f: ; not directly referenced +mov esi, dword [ebp - 0x35c] +sub esp, 0xc +mov ecx, 5 +mov edi, dword [ebp - 0x34c] +neg ebx +push eax +mov edx, esi +mov eax, edi +call fcn_fffcff73 ; call 0xfffcff73 +movzx eax, bl +mov ecx, 0xa +mov dword [esp], eax + +loc_fffc496a: ; not directly referenced +mov edx, esi +mov eax, edi +call fcn_fffcff73 ; call 0xfffcff73 add esp, 0x10 -test al, 1 -je short loc_fffc4683 ; je 0xfffc4683 -and eax, 0xfffffff8 -mov edi, eax -call fcn_fffa6801 ; call 0xfffa6801 -mov dword [ebp - 0x12c], 0 -cmp eax, 0x40660 -setne cl -cmp eax, 0x306c0 -setne dl -test cl, dl -je short loc_fffc46f2 ; je 0xfffc46f2 -cmp eax, 0x40650 -setne al -movzx eax, al -mov dword [ebp - 0x12c], eax -loc_fffc46f2: ; not directly referenced -push 0xbc -and esi, 0xfffffffe -push 0 -push 0 -push 0 -call dword [ebp - 0x78] ; ucall -add eax, edi -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -push 0x90 -push 0 -push 0 -push 0 -mov dword [ebp - 0x168], eax -call dword [ebp - 0x78] ; ucall -add esp, 0x14 -add eax, edi -push eax -call dword [ebp - 0xa0] ; ucall -push 0x98 -push 0 -push 0 -push 0 -mov dword [ebp - 0x184], edx -mov dword [ebp - 0x180], eax -call dword [ebp - 0x78] ; ucall -add esp, 0x14 -add edi, eax -push edi -call dword [ebp - 0xa0] ; ucall -mov dword [ebp - 0x188], eax -lea eax, [esi + 0x5024] -mov dword [ebp - 0x18c], edx -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x14c], eax -lea eax, [esi + 0x5014] -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x150], eax -lea eax, [esi + 0x5000] -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x114], eax -lea eax, [esi + 0x5004] -add esi, 0x5008 -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [esp], esi -mov edi, eax -call dword [ebp - 0xa4] ; ucall -mov cl, byte [ebx + 4] -add esp, 0x10 -mov dx, word [ebx + 5] -mov dword [ebp - 0x104], edi -mov dword [ebp - 0xfc], 0 -mov byte [ebp - 0x110], cl -mov cl, byte [ebx + 3] -mov word [ebp - 0x12e], dx -mov dx, word [ebx + 7] -mov dword [ebp - 0x100], eax -mov byte [ebp - 0x134], cl -mov cl, byte [ebx + 2] -mov word [ebp - 0x130], dx -mov dl, byte [ebx + 1] -mov al, cl -or eax, edx -mov byte [ebp - 0x151], cl -test al, 0xfe -je short loc_fffc481b ; je 0xfffc481b +loc_fffc4976: ; not directly referenced +movzx ebx, byte [ebp - 0x364] +mov dword [ebp - 0x388], 0 +imul ebx, ebx, 0x24 +add ebx, dword [ebp - 0x3a8] +mov dword [ebp - 0x3c8], ebx -loc_fffc4814: ; not directly referenced -xor eax, eax -jmp near loc_fffc5449 ; jmp 0xfffc5449 +loc_fffc4996: ; not directly referenced +mov al, byte [ebp - 0x388] +cmp byte [ebp - 0x3a4], al +jbe loc_fffc4ddd ; jbe 0xfffc4ddd +mov eax, dword [ebp - 0x3cc] +mov edi, dword [ebp - 0x388] +mov bl, byte [eax + edi] +test bl, bl +je loc_fffc4240 ; je 0xfffc4240 +movzx eax, bl +mov dword [ebp - 0x378], eax +mov byte [ebp - 0x370], 0 +cmp bl, 0x21 +ja short loc_fffc49e0 ; ja 0xfffc49e0 +mov al, byte [eax + ref_fffd58e0] ; mov al, byte [eax - 0x2a720] +mov byte [ebp - 0x370], al -loc_fffc481b: ; not directly referenced -movzx eax, dl -movzx edx, byte [ebp - 0x151] -mov esi, dword [ebp + eax*4 - 0x104] -mov dword [ebp - 0x140], eax -mov dword [ebp - 0x16c], 0 +loc_fffc49e0: ; not directly referenced +mov esi, dword [ebp - 0x34c] +xor ecx, ecx +mov edx, dword [ebp - 0x378] mov eax, esi -shr eax, 0x10 -and eax, 1 -xor eax, edx -mov edx, esi -movzx eax, ax -test eax, eax -mov dword [ebp - 0x148], eax -mov dword [ebp - 0x170], eax -lea eax, [ebp - 0xc4] -je short loc_fffc4868 ; je 0xfffc4868 -call fcn_fffc3bda ; call 0xfffc3bda -jmp short loc_fffc486d ; jmp 0xfffc486d - -loc_fffc4868: ; not directly referenced -call fcn_fffc3bf5 ; call 0xfffc3bf5 +call fcn_fffaab72 ; call 0xfffaab72 +cmp dword [esi + 0x2481], 2 +mov word [ebp - 0x3b8], ax +jne short loc_fffc4a1a ; jne 0xfffc4a1a +cmp bl, 0x11 +sete dl +cmp bl, 5 +sete al +or dl, al +jne short loc_fffc4a54 ; jne 0xfffc4a54 +cmp bl, 0x21 +je short loc_fffc4a54 ; je 0xfffc4a54 -loc_fffc486d: ; not directly referenced -mov dword [ebp - 0x124], edx -mov edx, dword [ebp - 0x124] -mov dword [ebp - 0x128], eax -mov eax, dword [ebp - 0x128] -mov edi, edx -or edi, eax -je short loc_fffc4814 ; je 0xfffc4814 -movzx eax, byte [ebp - 0x134] -mov dword [ebp - 0x144], eax -test al, 0xfe -jne loc_fffc4814 ; jne 0xfffc4814 -cmp dword [ebp - 0x148], 0 -mov ebx, esi -je short loc_fffc48b0 ; je 0xfffc48b0 -shr ebx, 0x12 -jmp short loc_fffc48b3 ; jmp 0xfffc48b3 +loc_fffc4a1a: ; not directly referenced +cmp bl, 0x10 +sete dl +cmp bl, 4 +sete al +or dl, al +jne short loc_fffc4a58 ; jne 0xfffc4a58 +cmp bl, 5 +sete dl +cmp bl, 0x20 +sete al +or dl, al +jne short loc_fffc4a58 ; jne 0xfffc4a58 +cmp bl, 0x21 +sete al +cmp bl, 0x11 +sete dl +or eax, edx +cmp al, 1 +sbb ebx, ebx +and ebx, 0xffffffe9 +add ebx, 0x36 +jmp short loc_fffc4a5a ; jmp 0xfffc4a5a -loc_fffc48b0: ; not directly referenced -shr ebx, 0x11 +loc_fffc4a54: ; not directly referenced +mov bl, 0x25 +jmp short loc_fffc4a5a ; jmp 0xfffc4a5a -loc_fffc48b3: ; not directly referenced -and ebx, 1 -cmp byte [ebp - 0x134], 0 -mov eax, ebx -setne cl -xor eax, 1 -mov byte [ebp - 0x152], cl -test cl, al -jne loc_fffc4814 ; jne 0xfffc4814 -cmp dword [ebp - 0x148], 0 -mov ecx, esi -mov edx, dword [ebp - 0x114] -lea eax, [ebp - 0xc4] -je short loc_fffc48fe ; je 0xfffc48fe -call fcn_fffb8408 ; call 0xfffb8408 -test esi, 0x100000 -mov word [ebp - 0x118], ax -jmp short loc_fffc4910 ; jmp 0xfffc4910 +loc_fffc4a58: ; not directly referenced +mov bl, 0x36 -loc_fffc48fe: ; not directly referenced -call fcn_fffb8396 ; call 0xfffb8396 -test esi, 0x80000 -mov word [ebp - 0x118], ax +loc_fffc4a5a: ; not directly referenced +xor eax, eax +mov dl, 1 -loc_fffc4910: ; not directly referenced -je short loc_fffc4919 ; je 0xfffc4919 -mov eax, 0x10 -jmp short loc_fffc4930 ; jmp 0xfffc4930 +loc_fffc4a5e: ; not directly referenced +mov esi, dword [ebp - 0x35c] +bt esi, eax +jae short loc_fffc4ab7 ; jae 0xfffc4ab7 +imul esi, eax, 0x13c3 +mov edi, dword [ebp - 0x34c] +mov cl, byte [ebp - 0x34e] +test byte [edi + esi + 0x381b], cl +je short loc_fffc4ab7 ; je 0xfffc4ab7 +cmp byte [ebp - 0x3b5], 2 +ja short loc_fffc4aa6 ; ja 0xfffc4aa6 +mov di, word [ebp - 0x3a2] +cmp word [ebp + eax*2 - 0x33a], di +mov edi, 0 +cmovne edx, edi +jmp short loc_fffc4ab7 ; jmp 0xfffc4ab7 -loc_fffc4919: ; not directly referenced -mov eax, dword [ebp - 0x114] -shr eax, 0xa -and eax, 1 -cmp eax, 1 -sbb eax, eax -and eax, 0xffffffe8 -add eax, 0x20 +loc_fffc4aa6: ; not directly referenced +cmp word [ebp + eax*2 - 0x33a], 0 +mov edi, 0 +cmove edx, edi -loc_fffc4930: ; not directly referenced -mov edi, dword [ebp - 0x114] -shr edi, 0xb -mov dword [ebp - 0x13c], edi -movzx edi, byte [ebp - 0x110] -and dword [ebp - 0x13c], 1 -cmp ax, 8 -sete dl -mov byte [ebp - 0x120], dl -and edx, dword [ebp - 0x13c] -mov dword [ebp - 0x138], edi -movzx eax, dl -shl eax, 3 -or eax, 7 -not eax -test edi, eax -jne loc_fffc4814 ; jne 0xfffc4814 -push eax -mov al, byte [ebp - 0x118] -add eax, ebx -add edx, eax -movzx edx, dl -push edx -push dword [ebp - 0x124] -push dword [ebp - 0x128] -call dword [ebp - 0x58] ; ucall -movzx edi, word [ebp - 0x130] -add esp, 0x10 -mov dword [ebp - 0x160], eax -neg eax -mov dword [ebp - 0x15c], edx -test eax, edi -jne loc_fffc4814 ; jne 0xfffc4814 -movzx eax, word [ebp - 0x12e] -mov cl, byte [ebp - 0x118] -mov edx, eax -mov dword [ebp - 0x174], eax -mov eax, 1 -shl eax, cl -dec eax -movzx eax, ax -not eax -test edx, eax -jne loc_fffc4814 ; jne 0xfffc4814 -mov eax, esi -shr eax, 0x15 -mov dword [ebp - 0x178], eax -and eax, 1 -mov dword [ebp - 0x158], eax -mov eax, esi -shr eax, 0x1a -mov dword [ebp - 0x17c], eax -and eax, 1 -mov dword [ebp - 0x164], eax -mov eax, esi -shr eax, 0x16 -mov dword [ebp - 0x128], eax -and dword [ebp - 0x128], 1 -cmp dword [ebp - 0x13c], 0 -je loc_fffc4d7f ; je 0xfffc4d7f -push eax -mov eax, dword [ebp - 0x110] -xor edx, edx -push 8 +loc_fffc4ab7: ; not directly referenced +inc eax +cmp eax, 2 +jne short loc_fffc4a5e ; jne 0xfffc4a5e +test dl, dl +jne loc_fffc4dd6 ; jne 0xfffc4dd6 +mov edi, dword [ebp - 0x34c] +mov ecx, dword [ebp - 0x378] push edx -and eax, 3 -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 2 -mov dword [ebp - 0x190], eax -mov al, byte [ebp - 0x110] -mov dword [ebp - 0x194], edx -xor edx, edx push edx -and eax, 4 -movzx eax, al -push eax -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -mov dword [ebp - 0x118], eax -mov eax, dword [ebp - 0x190] -or dword [ebp - 0x118], eax -mov eax, dword [ebp - 0x194] -mov dword [ebp - 0x13c], edx -mov edx, dword [ebp - 0x5c] -or dword [ebp - 0x13c], eax -test byte [ebp - 0x164], bl -je loc_fffc4b64 ; je 0xfffc4b64 -mov ecx, esi -mov ebx, 1 -shr ecx, 0x1b -and ecx, 7 -add ecx, 4 -shl ebx, cl -dec ebx -cmp byte [ebp - 0x120], 1 -push esi -mov esi, dword [ebp - 0x144] -sbb eax, eax -add eax, 0xb -push eax -mov eax, dword [ebp - 0x130] -shl esi, cl -and eax, ebx -movzx ebx, bx -not ebx -movzx eax, ax -and ebx, edi -or eax, esi -add ebx, ebx -or eax, ebx -mov ebx, eax -sar ebx, 0x1f -push ebx -push eax -call edx -add esp, 0xc -push 7 +mov eax, edi +add eax, 0x2491 +push 0xf +mov edx, eax +push 0 mov esi, eax -mov al, byte [ebp - 0x110] -mov ebx, edx -xor edx, edx -push edx -and eax, 8 -movzx eax, al -push eax -call dword [ebp - 0x5c] ; ucall +mov dword [ebp - 0x3bc], eax +mov eax, edi +call fcn_fffa7e1a ; call 0xfffa7e1a add esp, 0x10 -or eax, esi -or edx, ebx -or eax, dword [ebp - 0x118] -or edx, dword [ebp - 0x13c] -cmp dword [ebp - 0x128], 0 -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -je loc_fffc4d3e ; je 0xfffc4d3e -cmp byte [ebp - 0x120], 0 -mov eax, dword [ebp - 0x58] -jne loc_fffc4cc9 ; jne 0xfffc4cc9 -push ebx -push 3 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -mov edi, ebx -and eax, 0x300 -xor eax, ecx -mov esi, eax -jmp near loc_fffc4d20 ; jmp 0xfffc4d20 - -loc_fffc4b64: ; not directly referenced -cmp byte [ebp - 0x120], 1 -sbb eax, eax -test byte [ebp - 0x158], bl -je loc_fffc4c25 ; je 0xfffc4c25 -add eax, 0xc -xor ebx, ebx -push ecx -push eax -push ebx -push edi -call edx -add esp, 0xc -push 0xa -mov esi, eax -movzx eax, byte [ebp - 0x134] -mov ebx, edx -xor edx, edx -push edx +test eax, eax +jne loc_fffc4f9d ; jne 0xfffc4f9d push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 8 -or esi, eax -mov al, byte [ebp - 0x110] -or ebx, edx -xor edx, edx -push edx -or esi, dword [ebp - 0x118] -and eax, 8 -movzx eax, al -or ebx, dword [ebp - 0x13c] +movzx ebx, bl +mov ecx, dword [ebp - 0x35c] push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -or esi, eax -or ebx, edx -cmp dword [ebp - 0x128], 0 -mov dword [ebp - 0x110], esi -mov dword [ebp - 0x10c], ebx -je loc_fffc4d3e ; je 0xfffc4d3e -cmp byte [ebp - 0x120], 0 -mov eax, dword [ebp - 0x58] -je loc_fffc4cc9 ; je 0xfffc4cc9 -push esi -push 5 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -add esp, 0xc -push 0xc -mov edi, ebx -and eax, 0xf00 -xor eax, ecx -mov esi, eax -jmp near loc_fffc4d25 ; jmp 0xfffc4d25 - -loc_fffc4c25: ; not directly referenced -add eax, 0xb -push ebx -xor ebx, ebx +mov edx, esi +lea eax, [ebp - 0x314] push eax push ebx -push edi -call edx -add esp, 0xc -push 7 -mov esi, eax -mov al, byte [ebp - 0x110] -mov ebx, edx -xor edx, edx -push edx -and eax, 8 -movzx eax, al -push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -or eax, esi -or edx, ebx -or eax, dword [ebp - 0x118] -or edx, dword [ebp - 0x13c] -cmp byte [ebp - 0x152], 0 -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -je short loc_fffc4cb0 ; je 0xfffc4cb0 -cmp byte [ebp - 0x120], 1 -push ecx -sbb eax, eax -add eax, 0xb +lea eax, [ebp - 0x335] push eax -push dword [ebp - 0x15c] -push dword [ebp - 0x160] -call dword [ebp - 0x5c] ; ucall -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -add esp, 0x10 -or eax, ecx -or edx, ebx -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx - -loc_fffc4cb0: ; not directly referenced -cmp dword [ebp - 0x128], 0 -je loc_fffc4d3e ; je 0xfffc4d3e -cmp byte [ebp - 0x120], 0 -mov eax, dword [ebp - 0x58] -je short loc_fffc4cf8 ; je 0xfffc4cf8 +mov eax, edi +push dword [ebp - 0x378] +push 0xff +push dword [ebp - 0x3b0] +call fcn_fffd16df ; call 0xfffd16df +add esp, 0x20 +mov dword [ebp - 0x37c], eax +test eax, eax +jne loc_fffc4f97 ; jne 0xfffc4f97 +imul eax, dword [ebp - 0x388], 0x90 +mov esi, 0x64 +add eax, dword [ebp - 0x3c8] +mov bl, byte [ebp - 0x370] +lea edi, [ebp - 0x2f2] +mov dword [ebp - 0x364], edi +lea eax, [ebp + eax - 0x258] +mov dword [ebp - 0x384], eax +movzx eax, byte [ebp - 0x3b6] +movzx edi, bl +imul edi, edi, 0x240 +add edi, dword [ebp + 0x18] +add edi, dword [ebp - 0x3c4] +sub esi, eax +mov byte [ebp - 0x380], 1 +mov dword [ebp - 0x3d4], esi +mov dword [ebp - 0x3ac], edi +xor edi, edi -loc_fffc4cc9: ; not directly referenced -push edx -push 4 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov ecx, dword [ebp - 0x110] -mov ebx, dword [ebp - 0x10c] -add esp, 0xc -push 0xb -mov edi, ebx -and eax, 0x700 -xor eax, ecx -mov esi, eax -jmp short loc_fffc4d25 ; jmp 0xfffc4d25 +loc_fffc4ba3: ; not directly referenced +imul eax, edi, 0x13c3 +mov esi, dword [ebp - 0x34c] +mov al, byte [esi + eax + 0x381b] +mov esi, dword [ebp - 0x35c] +bt esi, edi +jae loc_fffc4d7a ; jae 0xfffc4d7a +test byte [ebp - 0x34e], al +je loc_fffc4d7a ; je 0xfffc4d7a +mov eax, dword [ebp - 0x34c] +xor ecx, ecx +mov al, byte [eax + 0x2489] +mov byte [ebp - 0x3bf], al -loc_fffc4cf8: ; not directly referenced -push edi -push 3 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -mov edx, dword [ebp - 0x110] -mov ecx, dword [ebp - 0x10c] -mov edi, ecx -and eax, 0x300 -xor eax, edx -mov esi, eax +loc_fffc4be5: ; not directly referenced +cmp byte [ebp - 0x3bf], cl +jbe loc_fffc4d7a ; jbe 0xfffc4d7a +mov eax, dword [ebp - 0x3ac] +mov dword [ebp - 0x370], 1 +shl dword [ebp - 0x370], cl +movzx ebx, word [eax + ecx*8 + 4] +movzx edx, word [eax + ecx*8] +mov esi, ebx +lea eax, [ebx + edx] +sub esi, edx +add eax, eax +mov word [ebp - 0x3be], ax +sub eax, esi +add si, word [ebp - 0x3be] +cmp bx, dx +mov ebx, dword [ebp - 0x370] +cmovbe eax, esi +mov si, word [ebp + edi*2 - 0x33a] +and bx, si +mov word [ebp - 0x3be], bx +je short loc_fffc4c56 ; je 0xfffc4c56 +cmp dword [ebp - 0x354], 0 +je loc_fffc4d74 ; je 0xfffc4d74 -loc_fffc4d20: ; not directly referenced -add esp, 0xc -push 0xa +loc_fffc4c56: ; not directly referenced +mov edx, eax +mov ebx, 2 +sar dx, 0xf +idiv bx +cmp ax, word [ebp - 0x3b8] +jae short loc_fffc4cae ; jae 0xfffc4cae +cmp dword [ebp - 0x354], 1 +jne loc_fffc4d0a ; jne 0xfffc4d0a +cmp byte [ebp - 0x38d], 0 +mov byte [ebp - 0x380], 0 +jne loc_fffc4d74 ; jne 0xfffc4d74 +mov ax, word [ebp - 0x3a2] +mov word [ebp + edi*2 - 0x33a], ax +mov al, byte [ebp - 0x38d] +mov byte [ebp - 0x380], al +jmp near loc_fffc4d74 ; jmp 0xfffc4d74 -loc_fffc4d25: ; not directly referenced -push edi -push esi -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -mov dword [ebp - 0x10c], edi -and eax, 1 -xor eax, esi -mov dword [ebp - 0x110], eax +loc_fffc4cae: ; not directly referenced +cmp byte [ebp - 0x38d], 0 +jne short loc_fffc4cd0 ; jne 0xfffc4cd0 +mov esi, dword [ebp - 0x384] +cmp word [esi + ecx*2], ax +jbe loc_fffc4d74 ; jbe 0xfffc4d74 +mov word [esi + ecx*2], ax +jmp near loc_fffc4d74 ; jmp 0xfffc4d74 -loc_fffc4d3e: ; not directly referenced -mov cx, word [ebp - 0x12e] -mov ebx, dword [ebp - 0x10c] -shr cx, 2 -and ecx, 0x3ffe -mov eax, ecx +loc_fffc4cd0: ; not directly referenced +movzx eax, ax +mov ebx, 0x64 +mov dword [ebp - 0x3d0], eax +mov eax, dword [ebp - 0x384] +movzx eax, word [eax + ecx*2] +imul eax, dword [ebp - 0x3d4] cdq -mov eax, ecx -mov dword [ebp - 0x120], ecx -mov ecx, dword [ebp - 0x110] -mov dword [ebp - 0x11c], edx -or eax, ecx -mov esi, eax -mov eax, dword [ebp - 0x11c] -or eax, ebx -mov edi, eax -jmp near loc_fffc4f98 ; jmp 0xfffc4f98 +idiv ebx +cmp dword [ebp - 0x3d0], eax +jge short loc_fffc4d26 ; jge 0xfffc4d26 +cmp dword [ebp - 0x354], 0 +mov byte [ebp - 0x380], 0 +jne short loc_fffc4d74 ; jne 0xfffc4d74 -loc_fffc4d7f: ; not directly referenced -test byte [ebp - 0x164], bl -je short loc_fffc4de3 ; je 0xfffc4de3 -mov ebx, esi -mov eax, 1 -shr ebx, 0x1b -and ebx, 7 -lea ecx, [ebx + 4] -shl eax, cl -mov ecx, eax -dec ecx -movzx eax, cx -and ecx, dword [ebp - 0x130] -not eax -and eax, edi -add eax, eax -movzx ecx, cx -push esi -or eax, ecx -push 0xa -cdq -push edx -push eax -call dword [ebp - 0x58] ; ucall -lea ecx, [ebx + 0xe] -mov ebx, dword [ebp - 0x144] -shl ebx, cl -mov ecx, dword [ebp - 0x138] -shl ecx, 7 -or ebx, ecx -mov edi, ebx -or eax, ebx -sar edi, 0x1f -mov dword [ebp - 0x110], eax -or edx, edi -jmp near loc_fffc4eec ; jmp 0xfffc4eec +loc_fffc4d0a: ; not directly referenced +or esi, dword [ebp - 0x370] +mov al, byte [ebp - 0x390] +mov word [ebp + edi*2 - 0x33a], si +mov esi, dword [ebp - 0x364] +jmp short loc_fffc4d71 ; jmp 0xfffc4d71 -loc_fffc4de3: ; not directly referenced -test byte [ebp - 0x158], bl -je loc_fffc4ea2 ; je 0xfffc4ea2 -push ebx -xor edx, edx -push 0xb -push edx -push edi -xor edi, edi -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 9 -mov dword [ebp - 0x110], eax -movzx eax, byte [ebp - 0x134] -mov dword [ebp - 0x120], edx -xor edx, edx -push edx -push eax -call dword [ebp - 0x5c] ; ucall -mov esi, dword [ebp - 0x138] -add esp, 0xc -push 8 -push edi -push esi -mov dword [ebp - 0x134], eax -mov dword [ebp - 0x13c], edx -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 7 -push edi -push esi -mov ebx, eax -call dword [ebp - 0x5c] ; ucall -mov edi, dword [ebp - 0x134] -and ebx, 0x400 -or edi, dword [ebp - 0x110] -add esp, 0x10 -mov edx, edi -or edx, ebx -and eax, 0x180 -mov edi, edx -or edi, eax -mov eax, dword [ebp - 0x13c] -or eax, dword [ebp - 0x120] -cmp dword [ebp - 0x128], 0 -mov dword [ebp - 0x110], edi -mov dword [ebp - 0x10c], eax -je loc_fffc4f2f ; je 0xfffc4f2f -mov ebx, dword [ebp - 0x110] -push ecx -mov esi, dword [ebp - 0x10c] -push 4 -mov edi, ebx -and edi, 0x7800 -jmp short loc_fffc4f15 ; jmp 0xfffc4f15 +loc_fffc4d26: ; not directly referenced +cmp dword [ebp - 0x354], 1 +jne short loc_fffc4d5f ; jne 0xfffc4d5f +mov ebx, dword [ebp - 0x370] +cmp word [ebp - 0x3be], bx +je short loc_fffc4d74 ; je 0xfffc4d74 +mov al, byte [ebp - 0x34d] +or esi, ebx +mov edx, dword [ebp - 0x364] +sub eax, dword [ebp - 0x350] +mov word [ebp + edi*2 - 0x33a], si +mov byte [edx + ecx], al +jmp short loc_fffc4d74 ; jmp 0xfffc4d74 -loc_fffc4ea2: ; not directly referenced -mov ebx, dword [ebp - 0x138] -mov eax, edi -shl eax, 0xa -shl ebx, 7 -or ebx, eax -mov eax, ebx -sar eax, 0x1f -cmp byte [ebp - 0x152], 0 -mov dword [ebp - 0x110], ebx -mov dword [ebp - 0x10c], eax -je short loc_fffc4ef5 ; je 0xfffc4ef5 -push edx -push 0xa -push dword [ebp - 0x15c] -push dword [ebp - 0x160] -call dword [ebp - 0x5c] ; ucall -or edx, dword [ebp - 0x10c] -or ebx, eax -mov dword [ebp - 0x110], ebx +loc_fffc4d5f: ; not directly referenced +mov al, byte [ebp - 0x34d] +mov esi, dword [ebp - 0x364] +sub eax, dword [ebp - 0x350] -loc_fffc4eec: ; not directly referenced -mov dword [ebp - 0x10c], edx -add esp, 0x10 +loc_fffc4d71: ; not directly referenced +mov byte [esi + ecx], al -loc_fffc4ef5: ; not directly referenced -cmp dword [ebp - 0x128], 0 -je short loc_fffc4f2f ; je 0xfffc4f2f -mov ebx, dword [ebp - 0x110] -mov esi, dword [ebp - 0x10c] -push eax -push 3 -mov edi, ebx -and edi, 0x1c00 +loc_fffc4d74: ; not directly referenced +inc ecx +jmp near loc_fffc4be5 ; jmp 0xfffc4be5 -loc_fffc4f15: ; not directly referenced -xor edx, edx -push edx -push edi -call dword [ebp - 0x58] ; ucall +loc_fffc4d7a: ; not directly referenced +inc edi +add dword [ebp - 0x384], 0x12 +add dword [ebp - 0x364], 9 +add dword [ebp - 0x3ac], 0x48 +cmp edi, 2 +jne loc_fffc4ba3 ; jne 0xfffc4ba3 +cmp byte [ebp - 0x380], 0 +je short loc_fffc4dcb ; je 0xfffc4dcb +sub esp, 0xc +mov ecx, dword [ebp - 0x378] +push dword [ebp - 0x3b0] +mov edx, dword [ebp - 0x3bc] +mov eax, dword [ebp - 0x34c] +call fcn_fffa7d46 ; call 0xfffa7d46 add esp, 0x10 -xor eax, ebx -xor edx, esi -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx +mov dword [ebp - 0x37c], eax -loc_fffc4f2f: ; not directly referenced -cmp word [ebp - 0x118], 9 -jne short loc_fffc4f4d ; jne 0xfffc4f4d -push eax -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -jmp short loc_fffc4f69 ; jmp 0xfffc4f69 +loc_fffc4dcb: ; not directly referenced +inc dword [ebp - 0x388] +jmp near loc_fffc4996 ; jmp 0xfffc4996 -loc_fffc4f4d: ; not directly referenced -cmp word [ebp - 0x118], 0xb -jne short loc_fffc4f78 ; jne 0xfffc4f78 -push eax -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x5c] ; ucall +loc_fffc4dd6: ; not directly referenced +mov byte [ebp - 0x360], 1 -loc_fffc4f69: ; not directly referenced -mov dword [ebp - 0x110], eax +loc_fffc4ddd: ; not directly referenced +cmp dword [ebp - 0x354], 0 +je short loc_fffc4e0d ; je 0xfffc4e0d +mov edx, dword [ebp - 0x39c] +lea ecx, [ebp - 0x33c] +mov eax, dword [ebp - 0x34c] +mov byte [ebp - 0x33c], 0 +mov byte [ebp - 0x33b], 0 +call fcn_fffc3dfd ; call 0xfffc3dfd +jmp short loc_fffc4e2c ; jmp 0xfffc4e2c + +loc_fffc4e0d: ; not directly referenced +mov ecx, dword [ebp - 0x39c] +sub esp, 0xc +mov edx, dword [ebp - 0x35c] +mov eax, dword [ebp - 0x34c] +push 0 +call fcn_fffcff73 ; call 0xfffcff73 add esp, 0x10 -mov dword [ebp - 0x10c], edx -loc_fffc4f78: ; not directly referenced -mov ax, word [ebp - 0x12e] -mov edx, dword [ebp - 0x110] -mov ecx, dword [ebp - 0x10c] -shr ax, 3 -movzx eax, ax -or eax, edx -mov edi, ecx -mov esi, eax +loc_fffc4e2c: ; not directly referenced +inc dword [ebp - 0x394] +jmp near loc_fffc4659 ; jmp 0xfffc4659 -loc_fffc4f98: ; not directly referenced -mov eax, dword [ebp - 0x140] -mov ebx, dword [ebp + eax*4 - 0x104] -lea eax, [ebp - 0xc4] -mov edx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 -mov dword [ebp - 0x110], eax -lea eax, [ebp - 0xc4] -mov dword [ebp - 0x10c], edx -mov edx, ebx -call fcn_fffc3bda ; call 0xfffc3bda -mov ecx, dword [ebp - 0x17c] -or ecx, dword [ebp - 0x178] -and cl, 1 -je short loc_fffc5033 ; je 0xfffc5033 -cmp edi, edx -ja short loc_fffc502d ; ja 0xfffc502d -jb short loc_fffc4fe6 ; jb 0xfffc4fe6 -cmp esi, eax -jae short loc_fffc502d ; jae 0xfffc502d +loc_fffc4e37: ; not directly referenced +mov byte [ebp - 0x360], 0 +jmp near loc_fffc467d ; jmp 0xfffc467d -loc_fffc4fe6: ; not directly referenced -push eax -push 1 -push edi -push esi -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 9 -push dword [ebp - 0x16c] -push dword [ebp - 0x170] -mov ebx, edx -mov dword [ebp - 0x110], eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -mov ecx, eax -mov eax, esi -and eax, 0x1ff -or edx, ebx -or ecx, eax -mov eax, dword [ebp - 0x110] -mov edi, edx -and eax, 0xfffffc00 -or ecx, eax -mov esi, ecx -jmp short loc_fffc5048 ; jmp 0xfffc5048 +loc_fffc4e43: ; not directly referenced +add dword [ebp - 0x3a8], 0x48 +cmp byte [ebp - 0x360], 0 +jne loc_fffc468a ; jne 0xfffc468a +mov dword [ebp - 0x368], 1 +jmp near loc_fffc45f4 ; jmp 0xfffc45f4 -loc_fffc502d: ; not directly referenced -add esi, eax -adc edi, edx -jmp short loc_fffc5048 ; jmp 0xfffc5048 +loc_fffc4e66: ; not directly referenced +movzx eax, byte [ebp - 0x38e] +xor esi, esi +mov dword [ebp - 0x35c], eax -loc_fffc5033: ; not directly referenced -cmp dword [ebp - 0x148], 0 -je short loc_fffc5048 ; je 0xfffc5048 -add esi, dword [ebp - 0x110] -adc edi, dword [ebp - 0x10c] +loc_fffc4e75: ; not directly referenced +mov eax, dword [ebp - 0x3a0] +bt eax, esi +jae loc_fffc4f8d ; jae 0xfffc4f8d +imul eax, esi, 0x13c3 +mov edi, dword [ebp - 0x34c] +mov bl, byte [ebp - 0x34e] +and bl, byte [edi + eax + 0x381b] +mov byte [ebp - 0x354], bl +je loc_fffc4f8d ; je 0xfffc4f8d +movzx ebx, byte [ebp - 0x36c] +lea edi, [esi + esi*8] +lea eax, [ebp - 0x18] +mov byte [ebp - 0x34d], 0 +add edi, eax -loc_fffc5048: ; not directly referenced -mov ebx, dword [ebp - 0x114] -mov eax, ebx -and eax, 3 -cmp eax, dword [ebp - 0x140] -push eax -movzx eax, byte [ebp - 0x150] -push 0x16 -setne byte [ebp - 0x110] -xor edx, edx -push edx +loc_fffc4ebf: ; not directly referenced +mov ecx, dword [ebp - 0x34c] +mov al, byte [ebp - 0x34d] +cmp al, byte [ecx + 0x2489] +jae loc_fffc4f5c ; jae 0xfffc4f5c +cmp byte [ebp - 0x358], 1 +jne short loc_fffc4ef6 ; jne 0xfffc4ef6 +movzx eax, byte [ebp - 0x34d] +movzx eax, byte [eax + edi - 0x2da] +cmp bl, al +cmovg ebx, eax +jmp short loc_fffc4f13 ; jmp 0xfffc4f13 + +loc_fffc4ef6: ; not directly referenced +cmp byte [ebp - 0x358], 0xff +jne short loc_fffc4f13 ; jne 0xfffc4f13 +movzx eax, byte [ebp - 0x34d] +movzx eax, byte [eax + edi - 0x2da] +cmp bl, al +cmovl ebx, eax + +loc_fffc4f13: ; not directly referenced +cmp dword [ebp - 0x38c], 0 +je short loc_fffc4f51 ; je 0xfffc4f51 +movzx eax, byte [ebp - 0x354] +sub esp, 0xc +mov edx, esi +movzx ecx, byte [ebp - 0x34d] push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 2 -mov dword [ebp - 0x128], eax -mov eax, dword [ebp - 0x150] -mov dword [ebp - 0x118], edx -xor edx, edx -push edx -and eax, 0xff000000 +push 1 +push 1 +movzx eax, byte [ecx + edi - 0x2da] push eax -call dword [ebp - 0x5c] ; ucall -mov ecx, ebx -add esp, 0x10 -shr ecx, 6 -mov dword [ebp - 0x120], ecx -and dword [ebp - 0x120], 1 -cmp dword [ebp - 0x12c], 1 -jne short loc_fffc50c0 ; jne 0xfffc50c0 -mov ebx, dword [ebp - 0x128] -mov ecx, dword [ebp - 0x118] -jmp short loc_fffc50c4 ; jmp 0xfffc50c4 +mov eax, dword [ebp - 0x34c] +push dword [ebp - 0x35c] +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 -loc_fffc50c0: ; not directly referenced -mov ebx, eax -mov ecx, edx +loc_fffc4f51: ; not directly referenced +inc byte [ebp - 0x34d] +jmp near loc_fffc4ebf ; jmp 0xfffc4ebf -loc_fffc50c4: ; not directly referenced -cmp dword [ebp - 0x120], 0 -je short loc_fffc510b ; je 0xfffc510b -mov ebx, dword [ebp - 0x114] +loc_fffc4f5c: ; not directly referenced +cmp dword [ebp - 0x38c], 0 +jne short loc_fffc4f8d ; jne 0xfffc4f8d +movzx eax, byte [ebp - 0x354] +sub esp, 0xc +xor ecx, ecx +mov edx, esi push eax -shr ebx, 7 -and ebx, 7 -push ebx -add ebx, 0x16 -push 0 -push 0x400000 -call dword [ebp - 0x5c] ; ucall -movzx eax, byte [ebp - 0x110] -add esp, 0xc +mov eax, dword [ebp - 0x34c] +push 1 +push 1 push ebx -xor edx, edx -push edx -push eax -call dword [ebp - 0x5c] ; ucall -mov ecx, eax -mov ebx, edx -or ecx, esi -or ebx, edi -mov eax, ecx -mov edx, ebx -jmp near loc_fffc51ca ; jmp 0xfffc51ca +push dword [ebp - 0x35c] +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 -loc_fffc510b: ; not directly referenced -cmp edi, ecx -ja loc_fffc51ea ; ja 0xfffc51ea -jb short loc_fffc511d ; jb 0xfffc511d -cmp esi, ebx -jae loc_fffc51ea ; jae 0xfffc51ea +loc_fffc4f8d: ; not directly referenced +inc esi +cmp esi, 2 +jne loc_fffc4e75 ; jne 0xfffc4e75 -loc_fffc511d: ; not directly referenced -push ebx -push 1 +loc_fffc4f97: ; not directly referenced +mov eax, dword [ebp - 0x37c] + +loc_fffc4f9d: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc4fa5: ; not directly referenced +push ebp +mov ebp, esp push edi push esi -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -mov dword [ebp - 0x120], eax -mov dword [ebp - 0x11c], edx -test dword [ebp - 0x14c], 0x800000 -je loc_fffc51cf ; je 0xfffc51cf -mov edi, dword [ebp - 0x14c] +push ebx +xor ebx, ebx +sub esp, 0x2c +mov eax, dword [ebp + 8] +mov byte [ebp - 0x1c], 4 +mov byte [ebp - 0x1b], 1 +mov byte [ebp - 0x1a], 5 +mov eax, dword [eax + 0x5edd] +mov byte [ebp - 0x19], 2 +mov byte [ebp - 0x22], 4 +mov byte [ebp - 0x21], 1 +lea edx, [eax + 0x1c] +xor eax, eax +mov byte [ebp - 0x20], 5 +mov byte [ebp - 0x1f], 2 +mov byte [ebp - 0x1e], 0xf9 +mov byte [ebp - 0x1d], 7 +mov dword [ebp - 0x30], 0 +mov dword [ebp - 0x2c], 0 + +loc_fffc4ff4: ; not directly referenced +mov edi, dword [ebp + 8] +mov cl, byte [edi + eax + 0x381b] +test cl, cl +je short loc_fffc505c ; je 0xfffc505c +cmp dword [ebp - 0x2c], 0 +mov ebx, 1 +jne short loc_fffc501a ; jne 0xfffc501a +xor ebx, ebx +cmp dword [edi + eax + 0x3817], 2 +sete bl + +loc_fffc501a: ; not directly referenced +cmp dword [ebp - 0x30], 0 +mov edi, 1 +mov dword [ebp - 0x2c], ebx +jne short loc_fffc5041 ; jne 0xfffc5041 +mov esi, ecx +and esi, 0xc +mov ebx, esi +cmp bl, 0xc +je short loc_fffc5041 ; je 0xfffc5041 +and ecx, 3 +xor ebx, ebx +cmp cl, 3 +sete bl +mov edi, ebx + +loc_fffc5041: ; not directly referenced +movzx ecx, byte [edx + 0xa5] +mov bl, byte [edx + 0xa4] +mov dword [ebp - 0x30], edi +and ecx, 3 +shr bl, 6 +shl ecx, 2 +or ebx, ecx + +loc_fffc505c: ; not directly referenced +add eax, 0x13c3 +add edx, 0xcc +cmp eax, 0x2786 +jne short loc_fffc4ff4 ; jne 0xfffc4ff4 +mov eax, dword [ebp + 8] +mov edx, 1 +lea edi, [ebp - 0x1e] +call fcn_fffaa9ee ; call 0xfffaa9ee +mov eax, dword [ebp + 8] +mov edx, 0xa +lea esi, [eax + 0x2491] push ecx -mov esi, edi -shr esi, 0x15 -and esi, 3 -push esi -push edx -push eax -call dword [ebp - 0x58] ; ucall -mov edx, dword [ebp - 0x11c] -add esp, 0xc +push ecx +push 1 +push 0xf +push 0 +push 2 +push edi push esi +push 0xc +push 3 push 0 +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov eax, dword [ebp + 8] push 1 -mov ebx, eax -mov eax, dword [ebp - 0x120] -and ebx, 1 -mov dword [ebp - 0x120], edx -or ebx, eax -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -xor ecx, ecx -not eax -not edx -and dword [ebp - 0x120], edx -mov edx, edi -and ebx, eax -and dx, 0x3fff -and edx, ebx -xor eax, eax -movzx edx, dx - -loc_fffc519c: ; not directly referenced -mov edi, edx -sar edi, cl -inc ecx -xor eax, edi -cmp ecx, 0xe -jne short loc_fffc519c ; jne 0xfffc519c -xor eax, dword [ebp - 0x110] -xor edx, edx +mov edx, 0xb +push 0xf +push 0 +push 2 push edi push esi -and eax, 1 -push edx -push eax -call dword [ebp - 0x5c] ; ucall -mov esi, edx -mov ecx, eax -or esi, dword [ebp - 0x120] -or ecx, ebx -mov eax, ecx -mov edx, esi - -loc_fffc51ca: ; not directly referenced -add esp, 0x10 -jmp short loc_fffc5203 ; jmp 0xfffc5203 - -loc_fffc51cf: ; not directly referenced -movzx ecx, byte [ebp - 0x110] -mov ebx, dword [ebp - 0x120] -mov esi, dword [ebp - 0x11c] -or ecx, ebx -mov eax, ecx -mov edx, esi -jmp short loc_fffc5203 ; jmp 0xfffc5203 - -loc_fffc51ea: ; not directly referenced -cmp dword [ebp - 0x12c], 1 -jne short loc_fffc51ff ; jne 0xfffc51ff -mov eax, dword [ebp - 0x128] -mov edx, dword [ebp - 0x118] - -loc_fffc51ff: ; not directly referenced -add eax, esi -adc edx, edi - -loc_fffc5203: ; not directly referenced -mov edi, dword [ebp - 0x180] -push ecx -push 6 +push 0xc +push 0 +push 0xfffffffffffffffe +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 +cmp dword [ebp - 0x2c], 0 +je short loc_fffc5151 ; je 0xfffc5151 push edx -and edi, 0xfff00000 -mov dword [ebp - 0x110], edi -mov edi, dword [ebp - 0x184] -push eax -and edi, 0x7f -mov dword [ebp - 0x10c], edi -mov edi, dword [ebp - 0x188] -or edi, 0xfffff -mov dword [ebp - 0x120], edi -mov edi, dword [ebp - 0x18c] -and edi, 0x7f -mov dword [ebp - 0x11c], edi -mov edi, 1 -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -cmp edx, dword [ebp - 0x10c] -ja short loc_fffc5269 ; ja 0xfffc5269 -jb short loc_fffc5267 ; jb 0xfffc5267 -cmp eax, dword [ebp - 0x110] -jae short loc_fffc5269 ; jae 0xfffc5269 - -loc_fffc5267: ; not directly referenced -xor edi, edi - -loc_fffc5269: ; not directly referenced -mov esi, 1 -cmp edx, dword [ebp - 0x11c] -jb short loc_fffc5282 ; jb 0xfffc5282 -ja short loc_fffc5280 ; ja 0xfffc5280 -cmp eax, dword [ebp - 0x120] -jbe short loc_fffc5282 ; jbe 0xfffc5282 - -loc_fffc5280: ; not directly referenced -xor esi, esi - -loc_fffc5282: ; not directly referenced -mov ecx, dword [ebp + 0xc] -and edi, esi -mov ebx, edi -movzx edi, bl -mov dword [ecx], eax -mov dword [ecx + 4], edx -test edi, edi -jne loc_fffc5322 ; jne 0xfffc5322 -mov esi, dword [ebp - 0x10c] -cmp dword [ebp - 0x11c], esi -jb short loc_fffc5322 ; jb 0xfffc5322 -ja short loc_fffc52b7 ; ja 0xfffc52b7 -mov esi, dword [ebp - 0x110] -cmp dword [ebp - 0x120], esi -jbe short loc_fffc5322 ; jbe 0xfffc5322 - -loc_fffc52b7: ; not directly referenced -mov esi, dword [ebp - 0x168] -xor ebx, ebx -mov dword [ebp - 0x124], ebx -and esi, 0xfff00000 -mov ecx, esi -add ecx, dword [ebp - 0x120] -adc ebx, dword [ebp - 0x11c] -sub ecx, dword [ebp - 0x110] -sbb ebx, dword [ebp - 0x10c] -mov dword [ebp - 0x128], esi -cmp edx, ebx -ja short loc_fffc5322 ; ja 0xfffc5322 -jb short loc_fffc52f5 ; jb 0xfffc52f5 -cmp eax, ecx -ja short loc_fffc5322 ; ja 0xfffc5322 - -loc_fffc52f5: ; not directly referenced -cmp edx, 0 -ja short loc_fffc52fe ; ja 0xfffc52fe -cmp eax, esi -jb short loc_fffc5322 ; jb 0xfffc5322 - -loc_fffc52fe: ; not directly referenced -mov ecx, dword [ebp - 0x110] -sub ecx, dword [ebp - 0x128] -mov ebx, dword [ebp - 0x10c] -sbb ebx, dword [ebp - 0x124] -add ecx, eax -mov eax, dword [ebp + 0xc] -adc ebx, edx -mov dword [eax], ecx -mov dword [eax + 4], ebx - -loc_fffc5322: ; not directly referenced -cmp dword [ebp - 0x12c], 1 -jne loc_fffc541b ; jne 0xfffc541b -lea ebx, [ebp - 0xe8] -lea esi, [ebp - 0xc8] - -loc_fffc533b: ; not directly referenced -push eax -mov eax, dword [ebp + 0xc] -mov edx, dword [eax + 4] -mov eax, dword [eax] -push dword [ebx + 4] -push dword [ebx] -mov ecx, edx -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -mov edx, eax +mov eax, dword [ebp + 8] +push edx +mov edx, 1 +push 0 +push 0xf +push 0 +push 2 push edi -lea eax, [ebp - 0xc4] -call fcn_fffb726f ; call 0xfffb726f -add esp, 0x10 -test eax, eax -jne loc_fffc4814 ; jne 0xfffc4814 -add ebx, 8 -cmp ebx, esi -jne short loc_fffc533b ; jne 0xfffc533b -movzx eax, byte [ebp - 0x151] -xor ebx, ebx -mov dword [ebp - 0x110], eax -movzx eax, word [ebp - 0x130] -mov dword [ebp - 0x120], eax - -loc_fffc5393: ; not directly referenced -mov edi, dword [ebp + ebx*2 - 0xe4] -mov esi, dword [ebp + ebx*2 - 0xe8] -push ecx -push 0x3f +push esi +push 0xc +push 7 +push 6 +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov eax, dword [ebp + 8] +push 0 +mov edx, 3 +push 0xf +push 0 +push 2 push edi push esi -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -test al, 1 -je short loc_fffc540f ; je 0xfffc540f -sub esp, 0xc -mov ecx, dword [ebp - 0x144] -push dword [ebp - 0x114] -push dword [ebp + ebx - 0xf8] -push dword [ebp - 0x174] -push dword [ebp - 0x120] -push dword [ebp - 0x138] -mov edx, dword [ebp - 0x110] -mov eax, dword [ebp - 0x140] -call fcn_fffc455b ; call 0xfffc455b -add esp, 0x20 -test eax, eax -je short loc_fffc540f ; je 0xfffc540f -mov edx, dword [ebp + 0xc] -mov eax, esi -and eax, 0xffffffc0 -mov dword [edx], eax -mov eax, edi -and eax, 0x7f -mov dword [edx + 4], eax -push edx -push 0x3e +push 0xc +push 8 +push 7 +push 2 +lea ecx, [ebp - 0x20] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov edx, 7 +push 0 +push 0xf +push 0 +push 2 push edi push esi -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -jmp short loc_fffc541b ; jmp 0xfffc541b - -loc_fffc540f: ; not directly referenced -add ebx, 4 -cmp ebx, 0x10 -jne loc_fffc5393 ; jne 0xfffc5393 +lea eax, [ebx + 1] +push 0xc +movsx eax, al +push eax +lea eax, [ebx - 1] +movsx eax, al +push eax +mov eax, dword [ebp + 8] +push 4 +lea ecx, [ebp - 0x1c] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 -loc_fffc541b: ; not directly referenced -mov eax, dword [ebp + 0xc] +loc_fffc5151: ; not directly referenced +cmp dword [ebp - 0x30], 0 +je short loc_fffc51d0 ; je 0xfffc51d0 +push eax xor edx, edx -mov ebx, dword [eax] -mov esi, dword [eax + 4] push eax -movzx eax, word [ebp - 0x12e] -push 3 -push edx +mov eax, dword [ebp + 8] +push 0 +push 0xf +push 0 +push 2 +lea edi, [ebp - 0x1e] +push edi +push esi +push 0xc +push 7 +push 6 +push 2 +lea ecx, [ebp - 0x22] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov eax, dword [ebp + 8] +push 0 +mov edx, 2 +push 0xf +push 0 +push 2 +push edi +push esi +push 0xc +push 8 +push 7 +push 2 +lea ecx, [ebp - 0x20] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x28 +mov edx, 6 +push 0 +push 0xf +push 0 +push 2 +push edi +push esi +lea eax, [ebx + 1] +dec ebx +push 0xc +movsx eax, al push eax -call dword [ebp - 0x5c] ; ucall -mov edi, dword [ebp + 0xc] -add esp, 0x10 -mov dword [edi + 4], esi -and eax, 0x3f -or eax, ebx -mov dword [edi], eax -mov eax, 1 +mov eax, dword [ebp + 8] +movsx ebx, bl +push ebx +push 4 +lea ecx, [ebp - 0x1c] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 -loc_fffc5449: ; not directly referenced +loc_fffc51d0: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -50250,132 +49814,188 @@ pop edi pop ebp ret -fcn_fffc5451: ; not directly referenced +fcn_fffc51d8: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 0xc] - -loc_fffc545d: ; not directly referenced -mov eax, dword [0xff7d0178] -mov esi, 0xff7d0004 -xor edi, edi -mov dword [ebp - 0x1c], eax +xor ebx, ebx +sub esp, 0x3c +mov edi, dword [ebp + 8] +mov byte [ebp - 0x1a], 1 +mov byte [ebp - 0x19], 0x19 +mov dword [ebp - 0x38], 0 +mov eax, dword [edi + 0x5edd] +mov dword [ebp - 0x30], eax -loc_fffc546c: ; not directly referenced -cmp edi, dword [ebp - 0x1c] -je short loc_fffc548b ; je 0xfffc548b -push ecx -add esi, 0xc -push ecx -push dword [ebx + 4] -push dword [esi + 0x7c] -call fcn_fffb884e ; call 0xfffb884e -add esp, 0x10 -test al, al -jne short loc_fffc5498 ; jne 0xfffc5498 -inc edi -jmp short loc_fffc546c ; jmp 0xfffc546c +loc_fffc51fe: ; not directly referenced +mov esi, 1 +mov cl, bl +shl esi, cl +mov eax, esi +test byte [edi + 0x248e], al +je loc_fffc52ae ; je 0xfffc52ae +test byte [edi + 0x381b], al +je short loc_fffc523d ; je 0xfffc523d +mov cl, byte [edi + ebx + 0x4768] +mov dl, 0xf +movsx eax, byte [edi + ebx + 0x476c] +cmp cl, 0xf +cmovbe edx, ecx +mov cl, al +mov byte [ebp - 0x29], dl +sub ecx, edx +jmp short loc_fffc5245 ; jmp 0xfffc5245 -loc_fffc548b: ; not directly referenced -cmp edi, 0x13 -ja short loc_fffc54f2 ; ja 0xfffc54f2 -lea eax, [edi + 1] -mov dword [0xff7d0178], eax +loc_fffc523d: ; not directly referenced +mov byte [ebp - 0x29], 0xf +xor eax, eax +xor ecx, ecx -loc_fffc5498: ; not directly referenced -imul edi, edi, 0xc -mov ecx, 3 -mov esi, ebx -add edi, 0xff7d0088 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, 0xff7d017c -xor esi, esi +loc_fffc5245: ; not directly referenced +mov edx, esi +test byte [edi + 0x4bde], dl +je short loc_fffc526f ; je 0xfffc526f +movsx ecx, byte [edi + ebx + 0x5b2f] +mov dl, byte [ebp - 0x29] +cmp al, cl +cmovb eax, ecx +mov cl, byte [edi + ebx + 0x5b2b] +cmp dl, cl +cmova edx, ecx +mov cl, al +sub ecx, edx -loc_fffc54b1: ; not directly referenced -cmp esi, dword [0xff7d026c] -jae short loc_fffc54e1 ; jae 0xfffc54e1 +loc_fffc526f: ; not directly referenced +mov dl, 0 +test cl, cl +cmovs ecx, edx push edx +movzx ecx, cl push edx -push dword [ebx + 4] -push dword [edi + 4] -call fcn_fffb884e ; call 0xfffb884e -add esp, 0x10 -test al, al -je short loc_fffc54db ; je 0xfffc54db +push 0 +push esi +push ebx +push 1 +lea esi, [ebp - 0x19] +push esi +lea edx, [edi + 0x2491] +push edx +mov edx, 0xc +push 0xa push eax -push dword [ebx + 8] -push edi -push dword [ebp + 8] -call dword [edi + 8] ; ucall -add esp, 0x10 +mov eax, edi +push ecx +push 1 +lea ecx, [ebp - 0x1a] +call fcn_fffc3f3c ; call 0xfffc3f3c +add esp, 0x30 +mov dword [ebp - 0x38], eax +dec eax +je loc_fffc53c0 ; je 0xfffc53c0 -loc_fffc54db: ; not directly referenced -inc esi -add edi, 0xc -jmp short loc_fffc54b1 ; jmp 0xfffc54b1 +loc_fffc52ae: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffc51fe ; jne 0xfffc51fe +mov esi, dword [ebp - 0x30] +lea ebx, [edi + 0x3757] +mov dword [ebp - 0x34], 0 +add esi, 0x1c -loc_fffc54e1: ; not directly referenced -mov eax, dword [ebx] -add ebx, 0xc -test eax, eax -jns loc_fffc545d ; jns 0xfffc545d -xor eax, eax -jmp short loc_fffc54f7 ; jmp 0xfffc54f7 +loc_fffc52cb: ; not directly referenced +cmp dword [ebx], 2 +je short loc_fffc52ed ; je 0xfffc52ed -loc_fffc54f2: ; not directly referenced -mov eax, 0x80000009 +loc_fffc52d0: ; not directly referenced +inc dword [ebp - 0x34] +add ebx, 0x13c3 +add esi, 0xcc +cmp dword [ebp - 0x34], 2 +jne short loc_fffc52cb ; jne 0xfffc52cb +mov eax, dword [ebp - 0x38] +jmp near loc_fffc53c5 ; jmp 0xfffc53c5 -loc_fffc54f7: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffc52ed: ; not directly referenced +mov al, byte [esi + 0xa1] +movzx edx, byte [esi + 0xa2] +mov byte [ebp - 0x29], 0 +shr al, 7 +and edx, 7 +movzx eax, al +add edx, edx +or edx, eax +mov al, byte [esi + 0xa2] +shr al, 3 +and eax, 0xf +cmp al, dl +cmovb eax, edx +xor edx, edx +lea eax, [eax + eax - 8] +test al, al +cmovns edx, eax +mov al, byte [ebx + 0xc4] +xor ecx, ecx +mov byte [ebp - 0x2a], dl +mov byte [ebp - 0x30], al -fcn_fffc54ff: ; not directly referenced -push ebp -mov ebp, esp -push edi -xor edi, edi -push esi -push ebx -mov ebx, 0xff7d0088 -sub esp, 0x1c -mov eax, dword [0xff7d0178] -mov dword [ebp - 0x1c], eax +loc_fffc5335: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x30], dl +je short loc_fffc5353 ; je 0xfffc5353 +mov al, byte [ebp - 0x29] +mov dl, byte [ebx + ecx + 0x1015] +cmp al, dl +cmovb eax, edx +mov byte [ebp - 0x29], al -loc_fffc5517: ; not directly referenced -cmp edi, dword [ebp - 0x1c] -je short loc_fffc5544 ; je 0xfffc5544 -push eax -mov esi, ebx +loc_fffc5353: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc5335 ; jne 0xfffc5335 +mov al, byte [ebp - 0x29] +sub al, byte [ebp - 0x2a] +mov dword [ebp - 0x30], 0 +movzx eax, al +mov dword [ebp - 0x3c], eax + +loc_fffc536c: ; not directly referenced +mov cl, byte [ebp - 0x30] +mov eax, 1 +shl eax, cl +test byte [ebx + 0xc4], al +je short loc_fffc53b2 ; je 0xfffc53b2 +mov ecx, dword [ebp - 0x30] +mov dl, byte [ebp - 0x29] +sub dl, byte [ebx + ecx + 0x1015] +movsx ecx, byte [ebp - 0x2a] +movzx edx, dl +cmp edx, ecx +jle short loc_fffc53b2 ; jle 0xfffc53b2 +sub esp, 0xc +mov edx, dword [ebp - 0x34] +xor ecx, ecx push eax -add ebx, 0xc -push dword [ebx - 8] -push dword [ebp + 0xc] -call fcn_fffb884e ; call 0xfffb884e -add esp, 0x10 -test al, al -je short loc_fffc5541 ; je 0xfffc5541 -mov eax, dword [ebp + 0x18] -mov edx, dword [esi + 8] -mov dword [eax], edx -xor eax, eax -jmp short loc_fffc5549 ; jmp 0xfffc5549 +mov eax, edi +push 0 +push 1 +push dword [ebp - 0x3c] +push 0xc +call fcn_fffb4652 ; call 0xfffb4652 +add esp, 0x20 -loc_fffc5541: ; not directly referenced -inc edi -jmp short loc_fffc5517 ; jmp 0xfffc5517 +loc_fffc53b2: ; not directly referenced +inc dword [ebp - 0x30] +cmp dword [ebp - 0x30], 4 +jne short loc_fffc536c ; jne 0xfffc536c +jmp near loc_fffc52d0 ; jmp 0xfffc52d0 -loc_fffc5544: ; not directly referenced -mov eax, 0x8000000e +loc_fffc53c0: ; not directly referenced +mov eax, 0x19 -loc_fffc5549: ; not directly referenced +loc_fffc53c5: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -50383,1020 +50003,711 @@ pop edi pop ebp ret -fcn_fffc5551: +fcn_fffc53cd: ; not directly referenced push ebp mov ebp, esp +push edi +push esi push ebx -push edx -mov ebx, dword [ebp + 0xc] - -loc_fffc5559: -mov ax, word [ebx] -cmp ax, 0xffff -je short loc_fffc5570 ; je 0xfffc5570 -cmp ax, 4 -je short loc_fffc5574 ; je 0xfffc5574 - -loc_fffc5568: -movzx eax, word [ebx + 2] -add ebx, eax -jmp short loc_fffc5559 ; jmp 0xfffc5559 - -loc_fffc5570: -xor eax, eax -jmp short loc_fffc558b ; jmp 0xfffc558b +sub esp, 0x3c +mov ebx, dword [ebp + 8] +cmp dword [ebx + 0x1887], 0x306d0 +je short loc_fffc5419 ; je 0xfffc5419 -loc_fffc5574: -push eax -push eax -lea eax, [ebx + 8] -push eax -push dword [ebp + 8] -call fcn_fffb884e ; call 0xfffb884e -add esp, 0x10 -test al, al -je short loc_fffc5568 ; je 0xfffc5568 +loc_fffc53e5: ; not directly referenced +mov ecx, 0x14 +mov edx, 0x5f08 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebx + 0x3757], 2 +jne loc_fffc5544 ; jne 0xfffc5544 +mov ecx, 0x3000 +mov edx, 0x48a8 mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffc5544 ; jmp 0xfffc5544 -loc_fffc558b: -mov ebx, dword [ebp - 4] -leave -ret +loc_fffc5419: ; not directly referenced +cmp byte [ebx + 0x18ed], 0 +je short loc_fffc53e5 ; je 0xfffc53e5 +mov eax, dword [ebx + 0x36e9] +sub eax, 2 +cmp eax, 1 +ja short loc_fffc53e5 ; ja 0xfffc53e5 +mov dl, 0x10 -fcn_fffc5590: ; not directly referenced -push ebp -mov ebp, esp +loc_fffc5432: ; not directly referenced +mov eax, ebx +mov dword [ebp - 0x2c], edx +call fcn_fffaa4a9 ; call 0xfffaa4a9 +mov edx, dword [ebp - 0x2c] +dec dl +jne short loc_fffc5432 ; jne 0xfffc5432 +cmp dword [ebx + 0x36e9], 3 +jne short loc_fffc53e5 ; jne 0xfffc53e5 +mov eax, dword [ebx + 0x2444] +mov esi, dword [ebx + 0x5edd] push edi -push esi -push ebx -sub esp, 0x2c -mov eax, dword [ebp + 0x10] -mov dword [ebp - 0x2c], eax -lea eax, [ebp - 0x20] -push eax -push 0 -push 0 -push ref_fffd60dc ; push 0xfffd60dc -call fcn_fffab40f ; call 0xfffab40f -lea eax, [ebp - 0x24] -push eax push 0 -push 0 -push ref_fffd604c ; push 0xfffd604c -call fcn_fffab40f ; call 0xfffab40f -mov eax, dword [0xff7d0084] -add esp, 0x14 -mov eax, dword [eax + 0x14] -lea ebx, [eax + 0xb0040] -push ebx -mov dword [ebp - 0x30], eax -call fcn_fffb3d4e ; call 0xfffb3d4e -add esp, 0x10 -mov edx, eax -shr edx, 0x10 -and edx, 0xf -cmp dl, 2 -je loc_fffc57da ; je 0xfffc57da -movzx edx, ah -xor eax, eax -and dl, 0xf0 -jne loc_fffc57dc ; jne 0xfffc57dc -call fcn_fffb481e ; call 0xfffb481e -cmp eax, 2 -je loc_fffc5699 ; je 0xfffc5699 - -loc_fffc560d: ; not directly referenced -mov eax, dword [0xff7d0084] -sub esp, 0xc -mov edi, dword [eax + 0x14] -lea eax, [edi + 0x70] -add edi, 0x74 -push eax -call fcn_fffb3d4e ; call 0xfffb3d4e -mov dword [esp], edi -mov esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -shr esi, 4 -mov ecx, dword [ebp - 0x2c] -mov edi, dword [ebp - 0x30] -shl eax, 0x1c -add eax, esi -shr eax, 0x10 -mov esi, eax -or eax, 0x10800000 -or esi, 0x10000000 -test cl, cl -cmovs esi, eax -mov eax, ecx -and eax, 0x7f -add edi, 0xb004c -shl eax, 0x18 -mov dword [esp], edi -or esi, eax -call fcn_fffb3d4e ; call 0xfffb3d4e -pop eax -pop edx -push esi -mov esi, 0x1389 +push 0x10 +lea edi, [ebp - 0x28] push edi -call fcn_fffb3d84 ; call 0xfffb3d84 -mov eax, dword [ebp - 0x24] -add esp, 0xc -push 0x44c -push eax -push dword [ebp + 8] -call dword [eax + 4] ; ucall -mov dword [esp], ebx -call fcn_fffb3d4e ; call 0xfffb3d4e -add esp, 0x10 -jmp near loc_fffc57ba ; jmp 0xfffc57ba - -loc_fffc5699: ; not directly referenced -mov eax, dword [0xfed70044] -test al, 1 -je loc_fffc560d ; je 0xfffc560d -mov eax, dword [ebp - 0x20] -cmp byte [eax + 1], 0 -jne loc_fffc560d ; jne 0xfffc560d -cmp byte [ebp - 0x2c], 1 -je loc_fffc560d ; je 0xfffc560d -lea eax, [ebp - 0x1c] -mov esi, ref_fffd668c ; mov esi, 0xfffd668c -push ecx -push eax -push 0x20 -push 4 -call fcn_fffab5ba ; call 0xfffab5ba -mov eax, dword [ebp - 0x1c] -mov ecx, 4 -lea edi, [eax + 8] -add eax, 0x18 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -pop esi -pop edi -push 8 -push eax -call fcn_fffac673 ; call 0xfffac673 -call fcn_fffab5f3 ; call 0xfffab5f3 -pop edx -pop ecx -push eax -push ref_fffd668c ; push 0xfffd668c -call fcn_fffc5551 ; call 0xfffc5551 +mov dword [ebp - 0x3c], eax +call dword [eax + 0x5c] ; ucall +lea eax, [ebx + 0x3757] add esp, 0x10 -mov edx, eax -test eax, eax -je loc_fffc560d ; je 0xfffc560d -mov eax, dword [ebp + 0x14] -mov esi, 0x166 -mov dword [edx + 0x1c], 0 -mov dword [edx + 0x18], eax - -loc_fffc571b: ; not directly referenced -mov eax, dword [0xfed70044] -test al, 2 -je short loc_fffc5756 ; je 0xfffc5756 -mov esi, dword [edx + 0x18] -xor edi, edi -mov dword [0xfed70080], esi -mov dword [0xfed70084], edi -mov dword [0xfed7000c], 3 -cmp dword [ebp + 0x18], 0x20 -jne short loc_fffc574f ; jne 0xfffc574f -mov dword [0xfed70040], 0 - -loc_fffc574f: ; not directly referenced -mov esi, 0x48 -jmp short loc_fffc578e ; jmp 0xfffc578e +mov dword [ebp - 0x30], eax +lea eax, [esi + 0x70] +mov dword [ebp - 0x34], eax +lea eax, [ebx + 0x2491] +mov dword [ebp - 0x2c], 0 +mov dword [ebp - 0x40], eax +mov dword [ebp - 0x44], edi -loc_fffc5756: ; not directly referenced -mov eax, dword [ebp - 0x24] -mov dword [ebp - 0x34], edx -push edx -push 0x8c -push eax -push dword [ebp + 8] -call dword [eax + 4] ; ucall -mov edx, dword [ebp - 0x34] -add esp, 0x10 -dec esi -jne short loc_fffc571b ; jne 0xfffc571b -jmp short loc_fffc574f ; jmp 0xfffc574f +loc_fffc548c: ; not directly referenced +mov eax, dword [ebp - 0x30] +cmp dword [eax], 2 +je short loc_fffc54b0 ; je 0xfffc54b0 -loc_fffc5774: ; not directly referenced -mov eax, dword [ebp - 0x24] -push edi -push 0x8c -push eax -push dword [ebp + 8] -call dword [eax + 4] ; ucall -add esp, 0x10 -dec esi -je loc_fffc560d ; je 0xfffc560d +loc_fffc5494: ; not directly referenced +inc dword [ebp - 0x2c] +add dword [ebp - 0x30], 0x13c3 +add dword [ebp - 0x34], 0xcc +cmp dword [ebp - 0x2c], 2 +jne short loc_fffc548c ; jne 0xfffc548c +jmp near loc_fffc53e5 ; jmp 0xfffc53e5 -loc_fffc578e: ; not directly referenced -mov eax, dword [0xfed7000c] -test eax, eax -jne short loc_fffc5774 ; jne 0xfffc5774 -jmp near loc_fffc560d ; jmp 0xfffc560d +loc_fffc54b0: ; not directly referenced +mov cl, byte [ebp - 0x2c] +xor esi, esi +xor edx, edx +mov dword [ebp - 0x38], 1 +shl dword [ebp - 0x38], cl -loc_fffc579c: ; not directly referenced -dec esi -je short loc_fffc57c4 ; je 0xfffc57c4 -mov eax, dword [ebp - 0x24] +loc_fffc54c1: ; not directly referenced +mov edi, dword [ebp - 0x30] +mov eax, 1 +mov ecx, esi +shl eax, cl +test byte [edi + 0xc4], al +je short loc_fffc5539 ; je 0xfffc5539 +test edx, edx +jne short loc_fffc5539 ; jne 0xfffc5539 +mov edx, dword [ebp - 0x2c] +mov ecx, eax +mov eax, ebx +call fcn_fffad317 ; call 0xfffad317 +movzx edi, al +test dword [ebp - 0x38], edi +je short loc_fffc5504 ; je 0xfffc5504 push ecx -push 0x3e8 +push 0 +movzx eax, byte [ebx + 0x2489] push eax -push dword [ebp + 8] -call dword [eax + 4] ; ucall -mov dword [esp], ebx -call fcn_fffb3d4e ; call 0xfffb3d4e +mov eax, dword [ebp - 0x3c] +push dword [ebp - 0x34] +call dword [eax + 0x64] ; ucall add esp, 0x10 -loc_fffc57ba: ; not directly referenced -mov edx, eax -shr edx, 0x18 -and dl, 0xf0 -je short loc_fffc579c ; je 0xfffc579c +loc_fffc5504: ; not directly referenced +sub esp, 0xc +mov ecx, 0x11 +push 0 +mov edx, edi +mov eax, ebx +call fcn_fffae9e2 ; call 0xfffae9e2 +mov ecx, edi +pop eax +mov eax, ebx +pop edx +mov edx, dword [ebp - 0x40] +push 0 +push dword [ebp - 0x44] +push 1 +push 1 +push 2 +push esi +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x20 +mov edx, 1 -loc_fffc57c4: ; not directly referenced -shr eax, 0x19 -push edx -and eax, 7 -push edx -push eax -push dword [ebp + 8] -call fcn_fffb8736 ; call 0xfffb8736 -add esp, 0x10 -jmp short loc_fffc57dc ; jmp 0xfffc57dc +loc_fffc5539: ; not directly referenced +inc esi +cmp esi, 4 +jne short loc_fffc54c1 ; jne 0xfffc54c1 +jmp near loc_fffc5494 ; jmp 0xfffc5494 -loc_fffc57da: ; not directly referenced -xor eax, eax +loc_fffc5544: ; not directly referenced +cmp dword [ebx + 0x4b1a], 2 +jne short loc_fffc555e ; jne 0xfffc555e +mov ecx, 0x3000 +mov edx, 0x48b0 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc57dc: ; not directly referenced +loc_fffc555e: ; not directly referenced +mov eax, ebx +call fcn_fffb34af ; call 0xfffb34af lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffc57e4: ; not directly referenced +fcn_fffc556f: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x4c +sub esp, 0x60 mov edi, dword [ebp + 8] -mov dword [ebp - 0x40], 0 -mov eax, dword [edi + 0x5edc] -mov esi, dword [edi + 0x18a7] +mov eax, dword [edi + 0x5edd] +mov esi, dword [edi + 0x188b] mov dword [ebp - 0x44], eax -mov eax, dword [edi + 0x188b] -mov dword [ebp - 0x34], eax -mov al, byte [edi + 0x36c9] -inc eax -cmp byte [edi + 0x1965], 1 -mov byte [edi + 0x36c9], al -jne short loc_fffc5831 ; jne 0xfffc5831 +mov eax, dword [edi + 0x2444] +mov ebx, eax +mov dword [ebp - 0x54], eax +mov eax, dword [edi + 0x1887] +mov dword [ebp - 0x4c], eax +mov eax, dword [edi + 0x1883] +mov dword [ebp - 0x50], eax +mov al, byte [edi + 0x248e] +push 0 +push 0x10 +mov byte [ebp - 0x63], al +lea eax, [ebp - 0x28] +push eax +mov eax, ebx +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp byte [edi + 0x36ca], 0 +jne short loc_fffc55d3 ; jne 0xfffc55d3 xor ebx, ebx -cmp dword [ebp - 0x34], 1 -sete bl -mov dword [ebp - 0x40], ebx +test esi, esi +je loc_fffc5aa5 ; je 0xfffc5aa5 -loc_fffc5831: ; not directly referenced -cmp dword [edi + 0x2480], 3 +loc_fffc55d3: ; not directly referenced +cmp dword [edi + 0x2481], 3 +mov dl, 0xa sete bl -dec al -movzx ecx, bl -mov dword [ebp - 0x48], ecx -mov ecx, 0xa -jne short loc_fffc58c2 ; jne 0xfffc58c2 -cmp dword [ebp - 0x34], 1 -jne short loc_fffc58ac ; jne 0xfffc58ac -cmp dword [edi + 0x3756], 2 -jne short loc_fffc587e ; jne 0xfffc587e -cmp byte [edi + 0x190c], 0 -jne short loc_fffc587e ; jne 0xfffc587e -mov eax, dword [ebp - 0x44] -mov edx, 0x4004 -and byte [eax + 0xbf], 0xdf -mov ecx, dword [eax + 0xbc] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +jne short loc_fffc5615 ; jne 0xfffc5615 +cmp dword [ebp - 0x50], 3 +sete dl +cmp dword [ebp - 0x4c], 0x306d0 +sete al +test dl, al +jne loc_fffc5a91 ; jne 0xfffc5a91 +cmp dword [ebp - 0x50], 0 +sete dl +cmp dword [ebp - 0x4c], 0x40670 +sete al +test dl, al +jne loc_fffc5a91 ; jne 0xfffc5a91 +mov dl, 6 -loc_fffc587e: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffc58ac ; jne 0xfffc58ac -cmp byte [edi + 0x190c], 0 -jne short loc_fffc58ac ; jne 0xfffc58ac +loc_fffc5615: ; not directly referenced +mov dword [ebp - 0x58], 0 + +loc_fffc561c: ; not directly referenced mov eax, dword [ebp - 0x44] -mov edx, 0x4404 -and byte [eax + 0x18b], 0xdf -mov ecx, dword [eax + 0x188] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +mov al, byte [eax + 0x14] +and eax, 0x7f +mov cl, al +or ecx, 0xffffff80 +test al, 0x40 +cmovne eax, ecx +cbw +lea eax, [eax + eax*4] +add eax, eax +dec esi +mov word [ebp - 0x62], ax +sete al +test al, bl +je loc_fffc5749 ; je 0xfffc5749 +mov eax, dword [ebp - 0x44] +lea ebx, [ebp - 0x34] +mov dword [ebp - 0x40], 0 +lea esi, [eax + 0x1c] -loc_fffc58ac: ; not directly referenced -cmp dword [ebp - 0x34], 0 -sete dl -xor eax, eax -or dl, bl -jne loc_fffc6049 ; jne 0xfffc6049 -mov ecx, 6 +loc_fffc5656: ; not directly referenced +cmp byte [esi + 0xb5], 0 +je short loc_fffc5675 ; je 0xfffc5675 -loc_fffc58c2: ; not directly referenced -mov al, byte [edi + 0x248d] -sub esp, 0xc -mov byte [ebp - 0x35], al -movzx eax, byte [edi + 0x248e] -push 1 -mov dword [ebp - 0x3c], eax -mov edx, eax -mov eax, edi -call fcn_fffb2759 ; call 0xfffb2759 -add esp, 0x10 -cmp dword [ebp - 0x48], 0 -jne loc_fffc5bb3 ; jne 0xfffc5bb3 -cmp dword [edi + 0x3756], 2 -je short loc_fffc590b ; je 0xfffc590b -cmp dword [edi + 0x4b19], 2 -mov al, 0x40 -jne short loc_fffc5928 ; jne 0xfffc5928 -mov eax, 1 -jmp short loc_fffc590d ; jmp 0xfffc590d +loc_fffc565f: ; not directly referenced +inc dword [ebp - 0x40] +add esi, 0xcc +cmp dword [ebp - 0x40], 2 +jne short loc_fffc5656 ; jne 0xfffc5656 +mov dl, 0xa +jmp near loc_fffc5749 ; jmp 0xfffc5749 -loc_fffc590b: ; not directly referenced -xor eax, eax +loc_fffc5675: ; not directly referenced +imul eax, dword [ebp - 0x40], 0x13c3 +mov byte [esi + 0xb5], 0xff +mov dword [ebp - 0x3c], 0 +mov dword [ebp - 0x5c], eax -loc_fffc590d: ; not directly referenced -imul eax, eax, 0x13c3 -mov dl, 0x55 -imul esi, esi, 0x2e -add esi, eax -mov al, 0x40 -cmp word [edi + esi + 0x375e], 2 -cmove eax, edx +loc_fffc568d: ; not directly referenced +mov cl, byte [ebp - 0x3c] +mov eax, 1 +shl eax, cl +mov ecx, dword [ebp - 0x5c] +test byte [edi + ecx + 0x381b], al +jne short loc_fffc56ae ; jne 0xfffc56ae -loc_fffc5928: ; not directly referenced -mov byte [ebp - 0x21], al -lea esi, [edi + 0x381a] -xor ebx, ebx -mov byte [ebp - 0x22], al -mov byte [ebp - 0x1f], 0x40 -mov byte [ebp - 0x20], 0x40 +loc_fffc56a3: ; not directly referenced +inc dword [ebp - 0x3c] +cmp dword [ebp - 0x3c], 4 +jne short loc_fffc568d ; jne 0xfffc568d +jmp short loc_fffc565f ; jmp 0xfffc565f -loc_fffc593e: ; not directly referenced -cmp dword [esi - 0xc4], 2 -jne short loc_fffc59b4 ; jne 0xfffc59b4 -push ecx -push 1 -movzx eax, byte [esi + 0x17d] -neg eax -push eax -push 1 -movzx eax, byte [esi] -push eax -push 0 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -movzx eax, byte [ebp + ebx - 0x22] -add esp, 0x1c -push 1 -push eax -push 1 -movzx eax, byte [esi] -push eax -push 2 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -movzx eax, byte [ebp + ebx - 0x22] -add esp, 0x1c -push 1 +loc_fffc56ae: ; not directly referenced +mov ecx, dword [ebp - 0x3c] +mov edx, dword [ebp - 0x40] +movzx eax, cl +lea eax, [esi + eax*4 + 0xb6] +mov dword [ebp - 0x48], eax push eax -push 1 -movzx eax, byte [esi] push eax -push 1 +mov eax, edi push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -movzx eax, byte [ebp + ebx - 0x20] -add esp, 0x1c -push 1 +push 5 +call fcn_fffa681b ; call 0xfffa681b +mov ecx, dword [ebp - 0x3c] +pop eax +pop edx +mov edx, dword [ebp - 0x40] +lea eax, [ebp - 0x30] push eax -push 1 -movzx eax, byte [esi] +mov eax, edi +push 6 +call fcn_fffa681b ; call 0xfffa681b +mov edx, dword [ebp - 0x40] +pop ecx +pop eax +mov ecx, dword [ebp - 0x3c] +lea eax, [ebp - 0x2c] push eax -push 4 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 - -loc_fffc59b4: ; not directly referenced -inc ebx -add esi, 0x13c3 -cmp ebx, 2 -jne loc_fffc593e ; jne 0xfffc593e -movzx ebx, byte [ebp - 0x35] mov eax, edi -push edx -push edx -xor edx, edx -push 0 -push 1 -mov ecx, ebx -call fcn_fffcf9c9 ; call 0xfffcf9c9 -mov cl, byte [ebp - 0x40] +push 7 +call fcn_fffa681b ; call 0xfffa681b add esp, 0x10 -and ecx, 1 -mov byte [ebp - 0x2c], cl -test eax, eax -setne dl -test cl, dl -jne loc_fffc6049 ; jne 0xfffc6049 -cmp byte [edi + 0x36c9], 2 -je short loc_fffc5a0d ; je 0xfffc5a0d +xor eax, eax -loc_fffc59fb: ; not directly referenced -cmp byte [edi + 0x36c9], 2 -jne loc_fffc5ac2 ; jne 0xfffc5ac2 -jmp near loc_fffc5aa1 ; jmp 0xfffc5aa1 +loc_fffc56fc: ; not directly referenced +mov dl, byte [eax + ebx] +mov ecx, dword [ebp - 0x48] +mov byte [ecx + eax], dl +mov dl, byte [eax + ebx] +cmp dl, 1 +je short loc_fffc5714 ; je 0xfffc5714 +cmp dl, 3 +je short loc_fffc5729 ; je 0xfffc5729 +jmp short loc_fffc573e ; jmp 0xfffc573e -loc_fffc5a0d: ; not directly referenced -push eax -mov edx, 2 -push eax -mov ecx, ebx -lea esi, [ebp - 0x22] +loc_fffc5714: ; not directly referenced +cmp byte [eax + ebp - 0x30], 1 +jne short loc_fffc5729 ; jne 0xfffc5729 +cmp byte [ebp + eax - 0x2c], 0 +jne short loc_fffc5729 ; jne 0xfffc5729 +mov byte [esi + 0xb5], 1 + +loc_fffc5729: ; not directly referenced +cmp byte [eax + ebp - 0x30], 0 +jne short loc_fffc573e ; jne 0xfffc573e +cmp byte [ebp + eax - 0x2c], 0 +jne short loc_fffc573e ; jne 0xfffc573e +mov byte [esi + 0xb5], 1 + +loc_fffc573e: ; not directly referenced +inc eax +cmp eax, 4 +jne short loc_fffc56fc ; jne 0xfffc56fc +jmp near loc_fffc56a3 ; jmp 0xfffc56a3 + +loc_fffc5749: ; not directly referenced +movzx eax, dl +xor esi, esi +mov dword [ebp - 0x60], eax +lea eax, [edi + 0x2491] +mov dword [ebp - 0x68], eax + +loc_fffc575a: ; not directly referenced +mov eax, dword [ebp - 0x44] +mov ecx, esi +xor ebx, ebx +mov dword [ebp - 0x3c], 1 +shl dword [ebp - 0x3c], cl +add eax, 0x70 +mov dword [ebp - 0x48], eax +mov byte [ebp - 0x40], 0 + +loc_fffc5775: ; not directly referenced +mov ecx, dword [ebp - 0x3c] +mov edx, ebx mov eax, edi -push esi -push 1 -call fcn_fffcf9c9 ; call 0xfffcf9c9 -add esp, 0x10 -test eax, eax -setne dl -test byte [ebp - 0x2c], dl -jne loc_fffc6049 ; jne 0xfffc6049 +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x40], al +movzx eax, byte [ebp - 0x40] +bt eax, ebx +mov dword [ebp - 0x5c], eax +jae short loc_fffc57a7 ; jae 0xfffc57a7 push eax -mov edx, 1 +push 0 +movzx eax, byte [edi + 0x2489] push eax -mov ecx, ebx -push esi -mov eax, edi -push 1 -call fcn_fffcf9c9 ; call 0xfffcf9c9 +mov eax, dword [ebp - 0x54] +push dword [ebp - 0x48] +call dword [eax + 0x64] ; ucall add esp, 0x10 -test eax, eax -setne dl -test byte [ebp - 0x2c], dl -jne loc_fffc6049 ; jne 0xfffc6049 -xor ebx, ebx -lea esi, [ebp - 0x20] - -loc_fffc5a5d: ; not directly referenced -mov cl, bl -mov eax, 1 -shl eax, cl -mov cl, 0xc -cmp bl, 2 -cmovne ecx, eax -and cl, byte [ebp - 0x35] -jne short loc_fffc5a7b ; jne 0xfffc5a7b -loc_fffc5a73: ; not directly referenced +loc_fffc57a7: ; not directly referenced inc ebx -cmp ebx, 3 -jne short loc_fffc5a5d ; jne 0xfffc5a5d -jmp short loc_fffc59fb ; jmp 0xfffc59fb - -loc_fffc5a7b: ; not directly referenced +add dword [ebp - 0x48], 0xcc +cmp ebx, 2 +jne short loc_fffc5775 ; jne 0xfffc5775 +cmp byte [ebp - 0x40], 0 +je short loc_fffc57f7 ; je 0xfffc57f7 push eax -mov edx, 4 +mov ebx, dword [ebp - 0x5c] push eax -movzx ecx, cl -push esi +mov ecx, dword [ebp - 0x60] mov eax, edi -push 1 -call fcn_fffcf9c9 ; call 0xfffcf9c9 +push dword [ebp - 0x3c] +mov edx, ebx +push 0 +call fcn_fffaea71 ; call 0xfffaea71 +lea eax, [ebp - 0x28] +pop edx +pop ecx +mov ecx, ebx +mov edx, dword [ebp - 0x68] +push 0 +push eax +mov eax, edi +push 0x36 +push 0 +push 0xd +push esi +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -test eax, eax -setne dl -test byte [ebp - 0x2c], dl -je short loc_fffc5a73 ; je 0xfffc5a73 -jmp near loc_fffc6049 ; jmp 0xfffc6049 - -loc_fffc5aa1: ; not directly referenced -lea ebx, [edi + 0x3756] -mov dword [ebp - 0x2c], 0 -loc_fffc5aae: ; not directly referenced -cmp dword [ebx], 2 -je short loc_fffc5ae2 ; je 0xfffc5ae2 +loc_fffc57f7: ; not directly referenced +inc esi +cmp esi, 4 +jne loc_fffc575a ; jne 0xfffc575a +mov eax, dword [ebp - 0x44] +mov dword [ebp - 0x5c], edi +mov dword [ebp - 0x44], 0 +mov dword [ebp - 0x48], 0x3e8 +add eax, 0xd1 +mov dword [ebp - 0x60], eax +mov eax, dword [ebp - 0x58] +mov dword [ebp - 0x54], 0 +mov dword [ebp - 0x40], 0x7fffffff +mov dword [ebp - 0x3c], 0x7fffffff +add eax, 0x1e +mov dword [ebp - 0x68], eax +movsx eax, word [ebp - 0x62] +sub dword [ebp - 0x68], eax -loc_fffc5ab3: ; not directly referenced -inc dword [ebp - 0x2c] -add ebx, 0x13c3 -cmp dword [ebp - 0x2c], 2 -jne short loc_fffc5aae ; jne 0xfffc5aae +loc_fffc5842: ; not directly referenced +mov eax, dword [ebp - 0x44] +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffc58ea ; jne 0xfffc58ea +mov al, byte [edi + eax + 0x381b] +mov edx, 0x7fffffff +mov esi, dword [ebp - 0x5c] +mov dword [ebp - 0x58], 0 +mov byte [ebp - 0x64], al +mov eax, 0x7fffffff -loc_fffc5ac2: ; not directly referenced -cmp dword [edi + 0x3756], 2 -jne loc_fffc5b8b ; jne 0xfffc5b8b -xor ecx, ecx -mov edx, 0x4198 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -jmp near loc_fffc5b8b ; jmp 0xfffc5b8b +loc_fffc5871: ; not directly referenced +mov cl, byte [ebp - 0x58] +mov ebx, 1 +shl ebx, cl +test byte [ebp - 0x64], bl +je short loc_fffc589a ; je 0xfffc589a +cmp edx, dword [esi + 0x3451] +cmovg edx, dword [esi + 0x3451] +cmp eax, dword [esi + 0x3455] +cmovg eax, dword [esi + 0x3455] -loc_fffc5ae2: ; not directly referenced -mov eax, dword [ebx + 0x109] -cmp dword [ebx + 0x111], eax -cmovbe eax, dword [ebx + 0x111] -cmp dword [ebp - 0x48], 0 -je short loc_fffc5b20 ; je 0xfffc5b20 -mov esi, dword [ebx + 0x115] -cmp dword [ebx + 0x11d], esi -cmovbe esi, dword [ebx + 0x11d] +loc_fffc589a: ; not directly referenced +inc dword [ebp - 0x58] +add esi, 0x90 +cmp dword [ebp - 0x58], 4 +jne short loc_fffc5871 ; jne 0xfffc5871 +mov esi, dword [ebp - 0x3c] +mov ecx, dword [ebp - 0x48] +cmp esi, edx +cmovg esi, edx +mov dword [ebp - 0x3c], esi +mov esi, dword [ebp - 0x40] cmp esi, eax -cmova esi, eax - -loc_fffc5b13: ; not directly referenced -mov al, byte [ebx + 0xc4] -xor ecx, ecx -mov byte [ebp - 0x30], al -jmp short loc_fffc5b2d ; jmp 0xfffc5b2d - -loc_fffc5b20: ; not directly referenced -mov esi, dword [ebx + 0x119] -cmp eax, esi -cmovbe esi, eax -jmp short loc_fffc5b13 ; jmp 0xfffc5b13 - -loc_fffc5b2d: ; not directly referenced -mov edx, 1 -shl edx, cl -test byte [ebp - 0x30], dl -je short loc_fffc5b53 ; je 0xfffc5b53 -movzx eax, byte [ebx + ecx + 0x249] -movzx edx, byte [ebx + ecx + 0x245] -cmp eax, edx -cmovbe edx, eax -cmp esi, edx -cmova esi, edx - -loc_fffc5b53: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffc5b2d ; jne 0xfffc5b2d -push 1 -mov edx, dword [ebp - 0x2c] -mov eax, esi -push 1 -neg eax -push eax -mov cl, 0xff -push 1 -mov eax, edi -call fcn_fffb0cb4 ; call 0xfffb0cb4 -mov edx, dword [ebp - 0x44] -mov ecx, esi -imul eax, dword [ebp - 0x2c], 0xcc -add esp, 0x10 -mov byte [edx + eax + 0xe2], cl -jmp near loc_fffc5ab3 ; jmp 0xfffc5ab3 - -loc_fffc5b8b: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffc5ba2 ; jne 0xfffc5ba2 -xor ecx, ecx -mov edx, 0x4598 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffc5ba2: ; not directly referenced -sub esp, 0xc -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -jmp near loc_fffc6049 ; jmp 0xfffc6049 - -loc_fffc5bb3: ; not directly referenced -mov eax, dword [edi + 0x385f] -mov edx, 3 -xor ebx, ebx -mov ecx, dword [ebp - 0x3c] -mov byte [ebp - 0x1e], al -mov eax, dword [edi + 0x3867] -mov byte [ebp - 0x1a], al -mov eax, dword [edi + 0x4c22] -mov byte [ebp - 0x1d], al -mov eax, dword [edi + 0x4c2a] -mov byte [ebp - 0x19], al -movzx eax, byte [ebp - 0x35] -mov esi, eax -mov dword [ebp - 0x30], eax -push eax -push 1 -push 1 -push 0x14 -push 1 -lea eax, [ebp - 0x1e] -push eax -mov eax, edi -push 1 -push esi -call fcn_fffcfd43 ; call 0xfffcfd43 -add esp, 0x20 -mov dword [ebp - 0x2c], 0 +cmovg esi, eax +mov dword [ebp - 0x40], esi +mov esi, dword [ebp - 0x5c] +mov dword [esi + 0x3455], eax +mov eax, dword [ebp - 0x60] +mov dword [esi + 0x3451], edx +cmp byte [eax], 0 +mov eax, 1 +cmovg ecx, dword [ebp - 0x68] +cmovle eax, dword [ebp - 0x54] +mov dword [ebp - 0x48], ecx +mov dword [ebp - 0x54], eax -loc_fffc5c0b: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5c89 ; jne 0xfffc5c89 -imul ecx, ebx, 0x48 -mov esi, 0xa -xor edx, edx -mov eax, dword [edi + ecx + 0x3210] -div esi -xor edx, edx -mov dword [ebp - 0x50], eax -mov eax, dword [edi + ecx + 0x3214] +loc_fffc58ea: ; not directly referenced +add dword [ebp - 0x44], 0x13c3 +add dword [ebp - 0x5c], 0x48 +add dword [ebp - 0x60], 0xcc +cmp dword [ebp - 0x44], 0x2786 +jne loc_fffc5842 ; jne 0xfffc5842 +mov eax, dword [ebp - 0x40] mov ecx, 2 -div esi -mov esi, dword [ebp - 0x50] -mov edx, esi -movsx edx, dl -mov dword [ebp - 0x4c], eax -movsx eax, byte [ebp - 0x4c] -sub eax, edx +sub eax, dword [ebp - 0x3c] cdq idiv ecx -mov cl, byte [ebp - 0x4c] -mov edx, 0xc -add ecx, esi -cmp cl, 0x11 -cmova edx, dword [ebp - 0x2c] -mov dword [ebp - 0x2c], edx -push edx -push 1 -add al, byte [ebp + ebx - 0x1e] -mov byte [ebp + ebx - 0x1e], al -movzx eax, al -push eax -push 1 -push dword [ebp - 0x30] -push 3 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 - -loc_fffc5c89: ; not directly referenced -inc ebx -cmp ebx, 2 -jne loc_fffc5c0b ; jne 0xfffc5c0b -mov al, byte [ebp - 0x40] -and eax, 1 -mov bl, al -mov byte [ebp - 0x40], al -mov eax, dword [ebp - 0x2c] -test eax, eax +cmp dword [ebp - 0x50], 3 +seta dl +cmp dword [ebp - 0x4c], 0x306d0 +mov dword [ebp - 0x44], eax +sete al +test dl, al +jne short loc_fffc5949 ; jne 0xfffc5949 +cmp dword [ebp - 0x50], 0 +mov esi, 1 setne dl -test bl, dl -jne loc_fffc6049 ; jne 0xfffc6049 -push eax -mov ecx, dword [ebp - 0x3c] -mov edx, 2 -push 1 -xor ebx, ebx -push 1 -push 0x14 -push 1 -lea eax, [ebp - 0x1a] -push eax +cmp dword [ebp - 0x4c], 0x40670 +sete al +test dl, al +je short loc_fffc59a3 ; je 0xfffc59a3 + +loc_fffc5949: ; not directly referenced +cmp dword [edi + 0x2481], 2 +mov esi, 1 +je short loc_fffc59a3 ; je 0xfffc59a3 +mov ecx, 1 +mov edx, 0xd +movsx ebx, word [ebp - 0x62] mov eax, edi -push 1 -push dword [ebp - 0x30] -call fcn_fffcfd43 ; call 0xfffcfd43 -add esp, 0x20 +call fcn_fffaab72 ; call 0xfffaab72 +mov ecx, dword [ebp - 0x40] +mov edx, 0 +add ecx, ebx +cmovs ecx, edx +mov edx, dword [ebp - 0x3c] +mov word [ebp - 0x4c], ax +mov eax, 0 +sub edx, ebx +cmovs edx, eax +cmp ecx, edx +cmovle edx, ecx +shr word [ebp - 0x4c], 1 +movzx eax, word [ebp - 0x4c] +cmp edx, eax +jbe short loc_fffc59a3 ; jbe 0xfffc59a3 +neg ebx +xor si, si +mov dword [ebp - 0x44], ebx -loc_fffc5cd4: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5d52 ; jne 0xfffc5d52 -imul ecx, ebx, 0x48 -mov esi, 0xa -xor edx, edx -mov eax, dword [edi + ecx + 0x3210] -div esi -xor edx, edx -mov dword [ebp - 0x50], eax -mov eax, dword [edi + ecx + 0x3214] -mov ecx, 2 -div esi -mov esi, dword [ebp - 0x50] -mov edx, esi -movsx edx, dl -mov dword [ebp - 0x4c], eax -movsx eax, byte [ebp - 0x4c] -sub eax, edx +loc_fffc59a3: ; not directly referenced +mov eax, esi +mov byte [edi + 0x36a0], al +mov eax, dword [ebp - 0x48] +cmp dword [ebp - 0x44], eax +setg al +test byte [ebp - 0x54], al +je short loc_fffc59c5 ; je 0xfffc59c5 +mov eax, dword [ebp - 0x48] +test esi, esi +cmove eax, dword [ebp - 0x44] +mov dword [ebp - 0x44], eax + +loc_fffc59c5: ; not directly referenced +mov eax, dword [ebp - 0x44] +mov ecx, 0xa +push 0 +push 0 +push 0 cdq idiv ecx -mov cl, byte [ebp - 0x4c] -mov edx, 0xc -add ecx, esi -cmp cl, 0x11 -cmova edx, dword [ebp - 0x2c] -push esi -push 1 -mov dword [ebp - 0x2c], edx -add al, byte [ebp + ebx - 0x1a] -mov byte [ebp + ebx - 0x1a], al -movzx eax, al +push 0 push eax push 1 -push dword [ebp - 0x30] push 2 -push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 - -loc_fffc5d52: ; not directly referenced -inc ebx -cmp ebx, 2 -jne loc_fffc5cd4 ; jne 0xfffc5cd4 -mov eax, dword [ebp - 0x2c] -test eax, eax -setne dl -test byte [ebp - 0x40], dl -jne loc_fffc6049 ; jne 0xfffc6049 -mov eax, dword [edi + 0x386b] -mov edx, 2 -xor bl, bl -mov byte [ebp - 0x1a], al -mov eax, dword [edi + 0x3873] -mov byte [ebp - 0x1c], al -mov eax, dword [edi + 0x4c2e] -mov byte [ebp - 0x19], al -mov eax, dword [edi + 0x4c36] -push ecx -mov ecx, dword [ebp - 0x3c] -push 1 -push 1 -push 0x14 -push 1 -mov byte [ebp - 0x1b], al -lea eax, [ebp - 0x1a] -push eax +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +mov edx, 0xd +xor ecx, ecx +mov dword [ebp - 0x48], eax mov eax, edi -push 2 -push dword [ebp - 0x30] -call fcn_fffcfd43 ; call 0xfffcfd43 -add esp, 0x20 +call fcn_fffaab72 ; call 0xfffaab72 +mov edx, dword [ebp - 0x40] +add esp, 0x10 +add edx, dword [ebp - 0x3c] +shr ax, 1 +movzx eax, ax +cmp edx, eax +jb short loc_fffc5a27 ; jb 0xfffc5a27 -loc_fffc5db7: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5e35 ; jne 0xfffc5e35 -imul ecx, ebx, 0x48 -mov esi, 0xa -xor edx, edx -mov eax, dword [edi + ecx + 0x3210] -div esi -xor edx, edx -mov dword [ebp - 0x50], eax -mov eax, dword [edi + ecx + 0x3214] -mov ecx, 2 -div esi -mov esi, dword [ebp - 0x50] -mov edx, esi -movsx edx, dl -mov dword [ebp - 0x4c], eax -movsx eax, byte [ebp - 0x4c] -sub eax, edx -cdq -idiv ecx -mov cl, byte [ebp - 0x4c] -mov edx, 0xc -add ecx, esi -cmp cl, 0x11 -cmova edx, dword [ebp - 0x2c] -mov dword [ebp - 0x2c], edx -push edx -push 1 -add al, byte [ebp + ebx - 0x1a] -mov byte [ebp + ebx - 0x1a], al -movzx eax, al -push eax -push 2 -push dword [ebp - 0x30] -push 2 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +loc_fffc5a10: ; not directly referenced +mov edx, dword [ebp - 0x44] +lea eax, [edi + 0x3451] +xor ecx, ecx +mov ebx, dword [ebp - 0x3c] +mov esi, dword [ebp - 0x40] +add ebx, edx +sub esi, edx +jmp short loc_fffc5a4b ; jmp 0xfffc5a4b -loc_fffc5e35: ; not directly referenced -inc ebx -cmp ebx, 2 -jne loc_fffc5db7 ; jne 0xfffc5db7 -mov eax, dword [ebp - 0x2c] -test eax, eax -setne dl -test byte [ebp - 0x40], dl -jne loc_fffc6049 ; jne 0xfffc6049 -push eax -mov ecx, dword [ebp - 0x3c] -mov edx, 1 -push 1 -xor bl, bl -push 1 -push 0x14 -push 1 -lea eax, [ebp - 0x1c] -push eax -mov eax, edi -push 2 -push dword [ebp - 0x30] -call fcn_fffcfd43 ; call 0xfffcfd43 -add esp, 0x20 +loc_fffc5a27: ; not directly referenced +cmp byte [edi + 0x1965], 0 +je short loc_fffc5a10 ; je 0xfffc5a10 +cmp dword [edi + 0x188b], 1 +mov ebx, 0xc +jne short loc_fffc5a10 ; jne 0xfffc5a10 +jmp short loc_fffc5aa5 ; jmp 0xfffc5aa5 -loc_fffc5e76: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne short loc_fffc5ef4 ; jne 0xfffc5ef4 -imul ecx, ebx, 0x48 -mov esi, 0xa -xor edx, edx -mov eax, dword [edi + ecx + 0x3210] -div esi -xor edx, edx -mov dword [ebp - 0x4c], eax -mov eax, dword [edi + ecx + 0x3214] -mov ecx, 2 -div esi -mov esi, dword [ebp - 0x4c] -mov edx, esi -movsx edx, dl -mov dword [ebp - 0x3c], eax -movsx eax, byte [ebp - 0x3c] -sub eax, edx -cdq -idiv ecx -mov cl, byte [ebp - 0x3c] -mov edx, 0xc -add ecx, esi -cmp cl, 0x11 -cmova edx, dword [ebp - 0x2c] -push esi -push 1 -mov dword [ebp - 0x2c], edx -add al, byte [ebp + ebx - 0x1c] -mov byte [ebp + ebx - 0x1c], al -movzx eax, al -push eax -push 2 -push dword [ebp - 0x30] -push 1 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +loc_fffc5a40: ; not directly referenced +inc ecx +add eax, 0x90 +cmp ecx, 4 +je short loc_fffc5a5e ; je 0xfffc5a5e -loc_fffc5ef4: ; not directly referenced -inc ebx -cmp ebx, 2 -jne loc_fffc5e76 ; jne 0xfffc5e76 -mov eax, dword [ebp - 0x2c] -test eax, eax -setne dl -test byte [ebp - 0x40], dl -jne loc_fffc6049 ; jne 0xfffc6049 -lea eax, [edi + 0x3756] -mov bx, 0x4908 -mov dword [ebp - 0x2c], eax +loc_fffc5a4b: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x63], dl +je short loc_fffc5a40 ; je 0xfffc5a40 +mov dword [eax], ebx +mov dword [eax + 4], esi +jmp short loc_fffc5a40 ; jmp 0xfffc5a40 -loc_fffc5f1c: ; not directly referenced -mov eax, dword [ebp - 0x2c] -cmp dword [eax], 2 -jne loc_fffc5fc5 ; jne 0xfffc5fc5 -xor ecx, ecx -mov edx, ebx -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -xor eax, eax -mov edx, 0x80080020 -mov ecx, eax -or ecx, 0x80000 -and ecx, 0xfffff807 -or ecx, 8 -mov eax, ecx -push ecx -push ecx -push edx -lea esi, [ebx + ebx - 0x4900] -push eax -mov edx, esi -mov eax, edi -call fcn_fffae7cf ; call 0xfffae7cf -mov edx, ebx -mov ecx, 0x2c08 -shl edx, 8 -mov eax, edi -sub edx, 0x48c668 -call fcn_fffae58c ; call 0xfffae58c -lea edx, [ebx + 0x50] -mov ecx, 0xff -mov eax, edi -call fcn_fffae566 ; call 0xfffae566 -add esp, 0x10 -cmp dword [ebp - 0x34], 1 -jne short loc_fffc5f9f ; jne 0xfffc5f9f -lea edx, [ebx + 0x51] -mov ecx, 0xff +loc_fffc5a5e: ; not directly referenced +cmp dword [edi + 0x3757], 2 +jne short loc_fffc5a75 ; jne 0xfffc5a75 +xor cl, cl +mov edx, 0x4198 mov eax, edi -call fcn_fffae566 ; call 0xfffae566 +call fcn_fffb335b ; call 0xfffb335b -loc_fffc5f9f: ; not directly referenced -push ecx -mov eax, edi -push ecx -push 0 -push 0 -lea edx, [esi - 0x38] -call fcn_fffae7cf ; call 0xfffae7cf -pop eax +loc_fffc5a75: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +mov ebx, dword [ebp - 0x48] +jne short loc_fffc5aa5 ; jne 0xfffc5aa5 +xor ecx, ecx +mov edx, 0x4598 mov eax, edi -pop edx -lea edx, [esi - 0x28] -push 0 -push 0x3f8 -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 +call fcn_fffb335b ; call 0xfffb335b +jmp short loc_fffc5aa5 ; jmp 0xfffc5aa5 -loc_fffc5fc5: ; not directly referenced -add ebx, 4 -add dword [ebp - 0x2c], 0x13c3 -cmp ebx, 0x4910 -jne loc_fffc5f1c ; jne 0xfffc5f1c -xor bx, bx -lea esi, [ebp - 0x20] +loc_fffc5a91: ; not directly referenced +mov eax, dword [ebp - 0x44] +mov dl, 6 +imul eax, dword [eax + 0x1b4], 0xa +mov dword [ebp - 0x58], eax +jmp near loc_fffc561c ; jmp 0xfffc561c -loc_fffc5fe1: ; not directly referenced -mov eax, 1 -mov cl, bl -shl eax, cl -test byte [ebp - 0x35], al -jne short loc_fffc5ffa ; jne 0xfffc5ffa +loc_fffc5aa5: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, ebx +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffc5fef: ; not directly referenced -inc ebx -cmp ebx, 4 -jne short loc_fffc5fe1 ; jne 0xfffc5fe1 -jmp near loc_fffc59fb ; jmp 0xfffc59fb +fcn_fffc5aaf: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 0xc] -loc_fffc5ffa: ; not directly referenced -test byte [edi + 0x381a], al -jne short loc_fffc6008 ; jne 0xfffc6008 -mov byte [ebp - 0x20], 0 -jmp short loc_fffc6012 ; jmp 0xfffc6012 +loc_fffc5abb: ; not directly referenced +mov eax, dword [0xff7d0178] +mov esi, 0xff7d0004 +xor edi, edi +mov dword [ebp - 0x1c], eax -loc_fffc6008: ; not directly referenced -mov dl, byte [edi + ebx + 0x399b] -mov byte [ebp - 0x20], dl +loc_fffc5aca: ; not directly referenced +cmp edi, dword [ebp - 0x1c] +je short loc_fffc5ae9 ; je 0xfffc5ae9 +push ecx +add esi, 0xc +push ecx +push dword [ebx + 4] +push dword [esi + 0x7c] +call fcn_fffb6951 ; call 0xfffb6951 +add esp, 0x10 +test al, al +jne short loc_fffc5af6 ; jne 0xfffc5af6 +inc edi +jmp short loc_fffc5aca ; jmp 0xfffc5aca -loc_fffc6012: ; not directly referenced -test byte [edi + 0x4bdd], al -je short loc_fffc6026 ; je 0xfffc6026 -mov dl, byte [edi + ebx + 0x4d5e] -mov byte [ebp - 0x1f], dl -jmp short loc_fffc602a ; jmp 0xfffc602a +loc_fffc5ae9: ; not directly referenced +cmp edi, 0x13 +ja short loc_fffc5b50 ; ja 0xfffc5b50 +lea eax, [edi + 1] +mov dword [0xff7d0178], eax -loc_fffc6026: ; not directly referenced -mov byte [ebp - 0x1f], 0 +loc_fffc5af6: ; not directly referenced +imul edi, edi, 0xc +mov ecx, 3 +mov esi, ebx +add edi, 0xff7d0088 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, 0xff7d017c +xor esi, esi -loc_fffc602a: ; not directly referenced +loc_fffc5b0f: ; not directly referenced +cmp esi, dword [0xff7d026c] +jae short loc_fffc5b3f ; jae 0xfffc5b3f push edx -mov ecx, eax push edx -mov edx, 4 -push esi +push dword [ebx + 4] +push dword [edi + 4] +call fcn_fffb6951 ; call 0xfffb6951 +add esp, 0x10 +test al, al +je short loc_fffc5b39 ; je 0xfffc5b39 push eax -mov eax, edi -call fcn_fffcf9c9 ; call 0xfffcf9c9 +push dword [ebx + 8] +push edi +push dword [ebp + 8] +call dword [edi + 8] ; ucall add esp, 0x10 + +loc_fffc5b39: ; not directly referenced +inc esi +add edi, 0xc +jmp short loc_fffc5b0f ; jmp 0xfffc5b0f + +loc_fffc5b3f: ; not directly referenced +mov eax, dword [ebx] +add ebx, 0xc test eax, eax -setne dl -test byte [ebp - 0x40], dl -je short loc_fffc5fef ; je 0xfffc5fef +jns loc_fffc5abb ; jns 0xfffc5abb +xor eax, eax +jmp short loc_fffc5b55 ; jmp 0xfffc5b55 + +loc_fffc5b50: ; not directly referenced +mov eax, 0x80000009 -loc_fffc6049: ; not directly referenced +loc_fffc5b55: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -51404,1263 +50715,1065 @@ pop edi pop ebp ret -fcn_fffc6051: ; not directly referenced +fcn_fffc5b5d: ; not directly referenced push ebp mov ebp, esp push edi -mov edi, eax +xor edi, edi push esi push ebx -sub esp, 0xdc -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x4c], ecx -mov ebx, dword [ebp + 8] -mov byte [ebp - 0x70], cl -mov cl, byte [ebp + 0x10] -mov dword [ebp - 0x50], edx -xor edx, edx -mov dword [ebp - 0x5c], eax -mov byte [ebp - 0xc8], bl -mov byte [ebp - 0xb1], cl -mov cl, byte [ebp + 0x14] -mov byte [ebp - 0x6d], al -mov byte [ebp - 0x6f], cl -mov ecx, dword [edi + 0x2443] -mov dword [ebp - 0xb8], ecx -cmp al, 0x21 -ja short loc_fffc60a5 ; ja 0xfffc60a5 -movzx eax, byte [ebp - 0x5c] -mov dl, byte [eax + ref_fffd5f1c] ; mov dl, byte [eax - 0x2a0e4] - -loc_fffc60a5: ; not directly referenced -mov eax, dword [edi + 0x188b] -cmp byte [edi + 0x248b], 1 -mov esi, dword [edi + 0x2480] -mov dword [ebp - 0x88], eax -jne short loc_fffc60da ; jne 0xfffc60da -mov al, byte [edi + 0x248c] -lea ecx, [eax + 4] -mov byte [ebp - 0x24], al -mov byte [ebp - 0x23], al -add eax, 2 -mov byte [ebp - 0x22], cl -mov byte [ebp - 0x21], al -jmp short loc_fffc60ea ; jmp 0xfffc60ea +mov ebx, 0xff7d0088 +sub esp, 0x1c +mov eax, dword [0xff7d0178] +mov dword [ebp - 0x1c], eax -loc_fffc60da: ; not directly referenced -mov byte [ebp - 0x24], 1 -mov byte [ebp - 0x23], 1 -mov byte [ebp - 0x22], 1 -mov byte [ebp - 0x21], 1 - -loc_fffc60ea: ; not directly referenced -mov eax, dword [ebp - 0x5c] -mov dword [ebp - 0x9c], 1 -cmp al, 0x21 -sete cl -cmp al, 0x11 -sete al -or cl, al -jne short loc_fffc6114 ; jne 0xfffc6114 +loc_fffc5b75: ; not directly referenced +cmp edi, dword [ebp - 0x1c] +je short loc_fffc5ba2 ; je 0xfffc5ba2 +push eax +mov esi, ebx +push eax +add ebx, 0xc +push dword [ebx - 8] +push dword [ebp + 0xc] +call fcn_fffb6951 ; call 0xfffb6951 +add esp, 0x10 +test al, al +je short loc_fffc5b9f ; je 0xfffc5b9f +mov eax, dword [ebp + 0x18] +mov edx, dword [esi + 8] +mov dword [eax], edx xor eax, eax -cmp byte [ebp - 0x5c], 5 -sete al -mov dword [ebp - 0x9c], eax +jmp short loc_fffc5ba7 ; jmp 0xfffc5ba7 -loc_fffc6114: ; not directly referenced -cmp byte [ebp - 0x5c], 0xd -mov dword [ebp - 0x74], 0 -jne short loc_fffc613b ; jne 0xfffc613b -movzx eax, byte [ebp - 0x4c] -mov dword [ebp - 0x54], edx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov edx, dword [ebp - 0x54] -cmp al, 1 -seta al -movzx eax, al -mov dword [ebp - 0x74], eax +loc_fffc5b9f: ; not directly referenced +inc edi +jmp short loc_fffc5b75 ; jmp 0xfffc5b75 -loc_fffc613b: ; not directly referenced -mov eax, 2 -cmp bl, 3 -ja loc_fffc6e98 ; ja 0xfffc6e98 -mov al, byte [ebp - 0x5c] -movzx edx, dl -mov dword [ebp - 0x68], 1 -mov dword [ebp - 0x7c], 0 -mov byte [ebp - 0x6e], 0 -shr al, 4 -inc eax -mov byte [ebp - 0xa1], al +loc_fffc5ba2: ; not directly referenced +mov eax, 0x8000000e + +loc_fffc5ba7: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc5baf: +push ebp +mov ebp, esp +push ebx +push edx +mov ebx, dword [ebp + 0xc] + +loc_fffc5bb7: +mov ax, word [ebx] +cmp ax, 0xffff +je short loc_fffc5bce ; je 0xfffc5bce +cmp ax, 4 +je short loc_fffc5bd2 ; je 0xfffc5bd2 + +loc_fffc5bc6: +movzx eax, word [ebx + 2] +add ebx, eax +jmp short loc_fffc5bb7 ; jmp 0xfffc5bb7 + +loc_fffc5bce: xor eax, eax -cmp esi, 3 -sete al -cmp esi, 2 -mov dword [ebp - 0x8c], eax -movzx eax, bl -sete byte [ebp - 0xa2] -mov cl, al -imul edx, edx, 0x240 -mov dword [ebp - 0x64], eax -imul eax, eax, 0x90 -add edx, dword [ebp - 0x50] -shl dword [ebp - 0x68], cl -shr bl, 1 -mov esi, eax -movzx ebx, bl -mov dword [ebp - 0xdc], eax -movzx eax, byte [ebp - 0x4c] -mov dword [ebp - 0x54], edx -add edx, esi -mov dword [ebp - 0xac], ebx -mov dword [ebp - 0x94], edx -mov dword [ebp - 0x6c], eax -sar eax, 1 -mov dword [ebp - 0xa0], eax -mov eax, dword [ebp - 0xc8] -and dword [ebp - 0xa0], 1 -mov dword [ebp - 0x4c], 0 -and eax, 1 -mov dword [ebp - 0x84], 0 -mov byte [ebp - 0x58], 0 -mov dword [ebp - 0xe0], eax +jmp short loc_fffc5be9 ; jmp 0xfffc5be9 -loc_fffc61f5: ; not directly referenced -mov esi, dword [ebp - 0xb8] -mov ebx, dword [ebp - 0x4c] +loc_fffc5bd2: push eax -push 0 -push 4 -lea eax, [ebp - 0x28] push eax -mov eax, esi -mov byte [ebp - 0x80], bl -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x40] +lea eax, [ebx + 8] push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -mov cl, byte [ebp - 0x6f] +push dword [ebp + 8] +call fcn_fffb6951 ; call 0xfffb6951 add esp, 0x10 -lea esi, [edi + 0x3756] -mov dword [ebp - 0xa8], esi -mov dword [ebp - 0x50], esi -mov al, cl -neg eax -test bl, bl -cmovne eax, ecx -xor ebx, ebx -mov byte [ebp - 0xb0], al -mov eax, dword [ebp - 0x7c] -add eax, dword [ebp - 0xdc] -add eax, dword [ebp - 0x54] -mov dword [ebp - 0x90], eax -mov dword [ebp - 0x60], eax -movzx eax, byte [ebp - 0x58] -imul eax, eax, 0x12 -mov dword [ebp - 0xcc], eax - -loc_fffc6267: ; not directly referenced -mov al, byte [ebp - 0x6f] -mov byte [ebp + ebx - 0x3e], 0x7f -mov dword [ebp + ebx*4 - 0x20], 0 -mov byte [ebp + ebx - 0x3a], 0 -mov byte [ebp + ebx - 0x42], al -mov eax, dword [ebp - 0x6c] -mov byte [ebp + ebx - 0x3c], 0 -bt eax, ebx -jb short loc_fffc629e ; jb 0xfffc629e -mov word [ebp + ebx*2 - 0x28], 1 -mov byte [ebp + ebx - 0x40], 1 -jmp near loc_fffc64cc ; jmp 0xfffc64cc +test al, al +je short loc_fffc5bc6 ; je 0xfffc5bc6 +mov eax, ebx -loc_fffc629e: ; not directly referenced -cmp byte [ebp - 0x6d], 1 -jne short loc_fffc62dd ; jne 0xfffc62dd -mov al, byte [edi + 0x2488] -xor esi, esi -mov byte [ebp - 0x78], al +loc_fffc5be9: +mov ebx, dword [ebp - 4] +leave +ret -loc_fffc62af: ; not directly referenced -mov eax, esi -cmp byte [ebp - 0x78], al -jbe loc_fffc646d ; jbe 0xfffc646d +fcn_fffc5bee: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x2c +mov eax, dword [ebp + 0x10] +mov dword [ebp - 0x2c], eax +lea eax, [ebp - 0x20] push eax -movzx eax, byte [ebp + ebx - 0x42] -mov ecx, 0xff -mov edx, ebx +push 0 +push 0 +push ref_fffd63d8 ; push 0xfffd63d8 +call fcn_fffb020b ; call 0xfffb020b +lea eax, [ebp - 0x24] push eax -mov eax, edi -push dword [ebp - 0x4c] -push esi -inc esi -call fcn_fffaec68 ; call 0xfffaec68 +push 0 +push 0 +push ref_fffd6348 ; push 0xfffd6348 +call fcn_fffb020b ; call 0xfffb020b +mov eax, dword [0xff7d0084] +add esp, 0x14 +mov eax, dword [eax + 0x14] +lea ebx, [eax + 0xb0040] +push ebx +mov dword [ebp - 0x30], eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 add esp, 0x10 -mov byte [ebp + ebx - 0x42], al -jmp short loc_fffc62af ; jmp 0xfffc62af - -loc_fffc62dd: ; not directly referenced -cmp byte [ebp - 0x6d], 0xd -je short loc_fffc62f9 ; je 0xfffc62f9 -cmp dword [ebp - 0x88], 1 -sete al -test byte [ebp - 0x9c], al -je loc_fffc637d ; je 0xfffc637d +mov edx, eax +shr edx, 0x10 +and edx, 0xf +cmp dl, 2 +je loc_fffc5e38 ; je 0xfffc5e38 +movzx edx, ah +xor eax, eax +and dl, 0xf0 +jne loc_fffc5e3a ; jne 0xfffc5e3a +call fcn_fffb91ff ; call 0xfffb91ff +cmp eax, 2 +je loc_fffc5cf7 ; je 0xfffc5cf7 -loc_fffc62f9: ; not directly referenced -cmp byte [ebp - 0x6d], 0xd -mov edx, dword [edi + 0x5edc] -jne short loc_fffc630d ; jne 0xfffc630d -mov al, byte [edx + 0x14] +loc_fffc5c6b: ; not directly referenced +mov eax, dword [0xff7d0084] +sub esp, 0xc +mov edi, dword [eax + 0x14] +lea eax, [edi + 0x70] +add edi, 0x74 +push eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +mov dword [esp], edi +mov esi, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +shr esi, 4 +mov ecx, dword [ebp - 0x2c] +mov edi, dword [ebp - 0x30] +shl eax, 0x1c +add eax, esi +shr eax, 0x10 +mov esi, eax +or eax, 0x10800000 +or esi, 0x10000000 +test cl, cl +cmovs esi, eax +mov eax, ecx and eax, 0x7f -jmp short loc_fffc6334 ; jmp 0xfffc6334 - -loc_fffc630d: ; not directly referenced -test bl, bl -jne short loc_fffc6323 ; jne 0xfffc6323 -mov al, byte [edx + 0x15] -movzx edx, byte [edx + 0x16] -shr al, 6 -and edx, 0x1f -shl edx, 2 -jmp short loc_fffc6332 ; jmp 0xfffc6332 - -loc_fffc6323: ; not directly referenced -mov al, byte [edx + 0x14] -movzx edx, byte [edx + 0x15] -shr al, 7 -and edx, 0x3f -add edx, edx +add edi, 0xb004c +shl eax, 0x18 +mov dword [esp], edi +or esi, eax +call fcn_fffb3fc4 ; call 0xfffb3fc4 +pop eax +pop edx +push esi +mov esi, 0x1389 +push edi +call fcn_fffb3ffa ; call 0xfffb3ffa +mov eax, dword [ebp - 0x24] +add esp, 0xc +push 0x44c +push eax +push dword [ebp + 8] +call dword [eax + 4] ; ucall +mov dword [esp], ebx +call fcn_fffb3fc4 ; call 0xfffb3fc4 +add esp, 0x10 +jmp near loc_fffc5e18 ; jmp 0xfffc5e18 -loc_fffc6332: ; not directly referenced -or eax, edx +loc_fffc5cf7: ; not directly referenced +mov eax, dword [0xfed70044] +test al, 1 +je loc_fffc5c6b ; je 0xfffc5c6b +mov eax, dword [ebp - 0x20] +cmp byte [eax + 1], 0 +jne loc_fffc5c6b ; jne 0xfffc5c6b +cmp byte [ebp - 0x2c], 1 +je loc_fffc5c6b ; je 0xfffc5c6b +lea eax, [ebp - 0x1c] +mov esi, ref_fffd6988 ; mov esi, 0xfffd6988 +push ecx +push eax +push 0x20 +push 4 +call fcn_fffb0564 ; call 0xfffb0564 +mov eax, dword [ebp - 0x1c] +mov ecx, 4 +lea edi, [eax + 8] +add eax, 0x18 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +pop esi +pop edi +push 8 +push eax +call fcn_fffb067f ; call 0xfffb067f +call fcn_fffb059d ; call 0xfffb059d +pop edx +pop ecx +push eax +push ref_fffd6988 ; push 0xfffd6988 +call fcn_fffc5baf ; call 0xfffc5baf +add esp, 0x10 +mov edx, eax +test eax, eax +je loc_fffc5c6b ; je 0xfffc5c6b +mov eax, dword [ebp + 0x14] +mov esi, 0x166 +mov dword [edx + 0x1c], 0 +mov dword [edx + 0x18], eax -loc_fffc6334: ; not directly referenced -mov esi, dword [ebp - 0xb0] -mov dl, al -or edx, 0xffffff80 -test al, 0xc0 -cmovne eax, edx -lea ecx, [eax + esi] -mov esi, dword [ebp - 0x80] -cmp cl, 0xca -mov byte [ebp - 0x78], cl -setl cl -xor esi, 1 -mov edx, esi -test dl, cl -je short loc_fffc6361 ; je 0xfffc6361 -lea edx, [eax + 0x36] -jmp short loc_fffc6374 ; jmp 0xfffc6374 +loc_fffc5d79: ; not directly referenced +mov eax, dword [0xfed70044] +test al, 2 +je short loc_fffc5db4 ; je 0xfffc5db4 +mov esi, dword [edx + 0x18] +xor edi, edi +mov dword [0xfed70080], esi +mov dword [0xfed70084], edi +mov dword [0xfed7000c], 3 +cmp dword [ebp + 0x18], 0x20 +jne short loc_fffc5dad ; jne 0xfffc5dad +mov dword [0xfed70040], 0 -loc_fffc6361: ; not directly referenced -cmp byte [ebp - 0x78], 0x36 -mov dl, byte [ebp - 0x6f] -setg cl -test byte [ebp - 0x4c], cl -je short loc_fffc6374 ; je 0xfffc6374 -mov dl, 0x36 -sub edx, eax +loc_fffc5dad: ; not directly referenced +mov esi, 0x48 +jmp short loc_fffc5dec ; jmp 0xfffc5dec -loc_fffc6374: ; not directly referenced -mov byte [ebp + ebx - 0x42], dl -jmp near loc_fffc646d ; jmp 0xfffc646d +loc_fffc5db4: ; not directly referenced +mov eax, dword [ebp - 0x24] +mov dword [ebp - 0x34], edx +push edx +push 0x8c +push eax +push dword [ebp + 8] +call dword [eax + 4] ; ucall +mov edx, dword [ebp - 0x34] +add esp, 0x10 +dec esi +jne short loc_fffc5d79 ; jne 0xfffc5d79 +jmp short loc_fffc5dad ; jmp 0xfffc5dad -loc_fffc637d: ; not directly referenced -cmp byte [ebp - 0x6d], 0xc -jne loc_fffc646d ; jne 0xfffc646d -cmp dword [ebp - 0x8c], 1 -mov ecx, dword [ebp - 0x50] -sbb eax, eax -mov dword [ebp - 0x78], eax -mov esi, dword [ecx + 0x11d] -mov eax, dword [ecx + 0x111] -mov cl, byte [ecx + 0xc4] -add byte [ebp - 0x78], 4 -cmp byte [ebp - 0x80], 0 -mov byte [ebp - 0x98], cl -jne short loc_fffc6409 ; jne 0xfffc6409 -cmp eax, esi -cmovae eax, esi -xor ecx, ecx -mov esi, 1 +loc_fffc5dd2: ; not directly referenced +mov eax, dword [ebp - 0x24] +push edi +push 0x8c +push eax +push dword [ebp + 8] +call dword [eax + 4] ; ucall +add esp, 0x10 +dec esi +je loc_fffc5c6b ; je 0xfffc5c6b -loc_fffc63c4: ; not directly referenced -mov edx, esi -shl edx, cl -test byte [ebp - 0x98], dl -je short loc_fffc63df ; je 0xfffc63df -mov edx, dword [ebp - 0x50] -mov dl, byte [edx + ecx + 0x245] -cmp al, dl -cmova eax, edx +loc_fffc5dec: ; not directly referenced +mov eax, dword [0xfed7000c] +test eax, eax +jne short loc_fffc5dd2 ; jne 0xfffc5dd2 +jmp near loc_fffc5c6b ; jmp 0xfffc5c6b -loc_fffc63df: ; not directly referenced -inc ecx -cmp byte [ebp - 0x78], cl -ja short loc_fffc63c4 ; ja 0xfffc63c4 -cmp dword [ebp - 0x8c], 0 -je short loc_fffc645e ; je 0xfffc645e -mov esi, dword [ebp - 0x50] -mov edx, dword [esi + 0x109] -cmp al, dl -cmovae eax, edx -mov edx, dword [esi + 0x115] -cmp al, dl -cmovae eax, edx -jmp short loc_fffc645e ; jmp 0xfffc645e +loc_fffc5dfa: ; not directly referenced +dec esi +je short loc_fffc5e22 ; je 0xfffc5e22 +mov eax, dword [ebp - 0x24] +push ecx +push 0x3e8 +push eax +push dword [ebp + 8] +call dword [eax + 4] ; ucall +mov dword [esp], ebx +call fcn_fffb3fc4 ; call 0xfffb3fc4 +add esp, 0x10 -loc_fffc6409: ; not directly referenced -cmp eax, esi -mov dl, al -cmovbe edx, esi -xor ecx, ecx -mov esi, 1 +loc_fffc5e18: ; not directly referenced +mov edx, eax +shr edx, 0x18 +and dl, 0xf0 +je short loc_fffc5dfa ; je 0xfffc5dfa -loc_fffc6417: ; not directly referenced -mov eax, esi -shl eax, cl -test byte [ebp - 0x98], al -je short loc_fffc6432 ; je 0xfffc6432 -mov eax, dword [ebp - 0x50] -mov al, byte [eax + ecx + 0x245] -cmp dl, al -cmovb edx, eax +loc_fffc5e22: ; not directly referenced +shr eax, 0x19 +push edx +and eax, 7 +push edx +push eax +push dword [ebp + 8] +call fcn_fffb6839 ; call 0xfffb6839 +add esp, 0x10 +jmp short loc_fffc5e3a ; jmp 0xfffc5e3a -loc_fffc6432: ; not directly referenced -inc ecx -cmp byte [ebp - 0x78], cl -ja short loc_fffc6417 ; ja 0xfffc6417 -cmp dword [ebp - 0x8c], 0 -je short loc_fffc645a ; je 0xfffc645a -mov esi, dword [ebp - 0x50] -mov eax, dword [esi + 0x109] -cmp dl, al -cmovbe edx, eax -mov eax, dword [esi + 0x115] -cmp dl, al -cmovbe edx, eax +loc_fffc5e38: ; not directly referenced +xor eax, eax -loc_fffc645a: ; not directly referenced -mov al, 0x7f -sub eax, edx +loc_fffc5e3a: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffc645e: ; not directly referenced -movzx esi, byte [ebp - 0x6f] -mov ecx, esi -cmp al, cl -cmova eax, esi -mov byte [ebp + ebx - 0x42], al +fcn_fffc5e42: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x4c +mov edi, dword [ebp + 8] +mov dword [ebp - 0x3c], 0 +mov eax, dword [edi + 0x5edd] +mov esi, dword [edi + 0x18a7] +mov dword [ebp - 0x40], eax +mov eax, dword [edi + 0x188b] +mov dword [ebp - 0x34], eax +mov al, byte [edi + 0x36ca] +inc eax +cmp byte [edi + 0x1965], 1 +mov byte [edi + 0x36ca], al +jne short loc_fffc5e8f ; jne 0xfffc5e8f +xor ebx, ebx +cmp dword [ebp - 0x34], 1 +sete bl +mov dword [ebp - 0x3c], ebx -loc_fffc646d: ; not directly referenced -mov esi, dword [ebp - 0x60] +loc_fffc5e8f: ; not directly referenced +cmp dword [edi + 0x2481], 3 +sete bl +dec al +movzx ecx, bl +mov dword [ebp - 0x44], ecx mov ecx, 0xa -xor edx, edx -mov eax, dword [esi] -div ecx -mov dword [esi], eax -movzx edx, byte [ebp + ebx - 0x42] -cmp eax, edx -jbe short loc_fffc6488 ; jbe 0xfffc6488 -mov dword [esi], edx +jne short loc_fffc5f20 ; jne 0xfffc5f20 +cmp dword [ebp - 0x34], 1 +jne short loc_fffc5f0a ; jne 0xfffc5f0a +cmp dword [edi + 0x3757], 2 +jne short loc_fffc5edc ; jne 0xfffc5edc +cmp byte [edi + 0x190c], 0 +jne short loc_fffc5edc ; jne 0xfffc5edc +mov eax, dword [ebp - 0x40] +mov edx, 0x4004 +and byte [eax + 0xbf], 0xdf +mov ecx, dword [eax + 0xbc] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc6488: ; not directly referenced -cmp dword [ebp - 0x74], 0 -je short loc_fffc64ab ; je 0xfffc64ab -mov eax, dword [ebp - 0x60] -mov esi, dword [ebp - 0x54] -mov edx, dword [eax] -imul eax, dword [ebp - 0x64], 0x24 -add eax, dword [ebp - 0xcc] -add eax, dword [ebp - 0x4c] -cmp dword [esi + eax*4], edx -jbe short loc_fffc64ab ; jbe 0xfffc64ab -mov dword [esi + eax*4], edx +loc_fffc5edc: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc5f0a ; jne 0xfffc5f0a +cmp byte [edi + 0x190c], 0 +jne short loc_fffc5f0a ; jne 0xfffc5f0a +mov eax, dword [ebp - 0x40] +mov edx, 0x4404 +and byte [eax + 0x18b], 0xdf +mov ecx, dword [eax + 0x188] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc64ab: ; not directly referenced -mov eax, dword [ebp - 0x60] +loc_fffc5f0a: ; not directly referenced +cmp dword [ebp - 0x34], 0 +sete dl +xor eax, eax +or dl, bl +jne loc_fffc66a6 ; jne 0xfffc66a6 +mov ecx, 6 + +loc_fffc5f20: ; not directly referenced +movzx eax, byte [edi + 0x248e] +movzx ebx, byte [edi + 0x248f] +push edx +push edx +push eax +push 1 mov edx, ebx -xor ecx, ecx -shl edx, 0xa -add edx, 0x40f0 -mov eax, dword [eax] -mov byte [ebp + ebx - 0x3a], al -mov byte [ebp + ebx - 0x3c], al +mov byte [ebp - 0x45], al +mov dword [ebp - 0x30], eax mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +mov dword [ebp - 0x38], ebx +call fcn_fffaea71 ; call 0xfffaea71 +add esp, 0x10 +cmp dword [ebp - 0x44], 0 +jne loc_fffc6217 ; jne 0xfffc6217 +cmp dword [edi + 0x3757], 2 +je short loc_fffc5f6d ; je 0xfffc5f6d +cmp dword [edi + 0x4b1a], 2 +mov al, 0x40 +jne short loc_fffc5f8a ; jne 0xfffc5f8a +mov eax, 1 +jmp short loc_fffc5f6f ; jmp 0xfffc5f6f -loc_fffc64cc: ; not directly referenced -inc ebx -add dword [ebp - 0x60], 0x48 -add dword [ebp - 0x50], 0x13c3 -cmp ebx, 2 -jne loc_fffc6267 ; jne 0xfffc6267 -cmp dword [ebp - 0x74], 0 -jne short loc_fffc64f9 ; jne 0xfffc64f9 +loc_fffc5f6d: ; not directly referenced +xor eax, eax -loc_fffc64e7: ; not directly referenced -mov eax, dword [ebp - 0x4c] -lea eax, [eax + eax - 1] -mov dword [ebp - 0xd8], eax -jmp near loc_fffc66b2 ; jmp 0xfffc66b2 +loc_fffc5f6f: ; not directly referenced +imul eax, eax, 0x13c3 +mov dl, 0x55 +imul esi, esi, 0x2e +add esi, eax +mov al, 0x40 +cmp word [edi + esi + 0x375f], 2 +cmove eax, edx -loc_fffc64f9: ; not directly referenced -test byte [ebp - 0x70], 1 -je short loc_fffc652a ; je 0xfffc652a -movzx eax, byte [ebp - 0x58] -imul edx, dword [ebp - 0x64], 0x24 -mov esi, dword [ebp - 0x54] -mov ebx, dword [ebp - 0x94] -imul eax, eax, 0x12 -mov ecx, dword [ebp - 0x7c] -add eax, edx -add eax, dword [ebp - 0x4c] -mov edx, dword [esi + eax*4] -mov dword [ebx + ecx], edx -mov eax, dword [esi + eax*4] -mov byte [ebp - 0x3a], al -mov byte [ebp - 0x3c], al - -loc_fffc652a: ; not directly referenced -cmp dword [ebp - 0xa0], 0 -je short loc_fffc64e7 ; je 0xfffc64e7 -movzx eax, byte [ebp - 0x58] -imul edx, dword [ebp - 0x64], 0x24 -mov esi, dword [ebp - 0x54] -mov ebx, dword [ebp - 0x94] -imul eax, eax, 0x12 -mov ecx, dword [ebp - 0x7c] -add eax, edx -add eax, dword [ebp - 0x4c] -mov edx, dword [esi + eax*4] -mov dword [ebx + ecx + 0x48], edx -mov eax, dword [esi + eax*4] -mov byte [ebp - 0x39], al -mov byte [ebp - 0x3b], al -jmp short loc_fffc64e7 ; jmp 0xfffc64e7 - -loc_fffc6561: ; not directly referenced -cmp byte [ebp - 0x6d], 0xc -jne loc_fffc67ac ; jne 0xfffc67ac -mov eax, dword [ebp - 0x60] -cmp byte [ebp - 0x6e], 0 -mov al, byte [eax + 0xc4] -setne dl -cmp dword [ebp + 0x1c], 0 -mov byte [ebp - 0x78], al -setne al -test dl, al -jne loc_fffc66fa ; jne 0xfffc66fa +loc_fffc5f8a: ; not directly referenced +mov byte [ebp - 0x21], al +lea esi, [edi + 0x381b] +xor ebx, ebx +mov byte [ebp - 0x22], al +mov byte [ebp - 0x1f], 0x40 +mov byte [ebp - 0x20], 0x40 -loc_fffc658d: ; not directly referenced -cmp dword [ebp - 0x88], 0 -movzx ecx, byte [ebp - 0x78] -jne loc_fffc6795 ; jne 0xfffc6795 -push esi -push 0 -push dword [ebp - 0x50] -push 3 +loc_fffc5fa0: ; not directly referenced +cmp dword [esi - 0xc4], 2 +jne short loc_fffc6016 ; jne 0xfffc6016 push ecx +push 1 +movzx eax, byte [esi + 0x17d] +neg eax +push eax +push 1 +movzx eax, byte [esi] +push eax push 0 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a +movzx eax, byte [ebp + ebx - 0x22] +add esp, 0x1c +push 1 +push eax +push 1 +movzx eax, byte [esi] +push eax +push 2 +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +movzx eax, byte [ebp + ebx - 0x22] +add esp, 0x1c +push 1 +push eax +push 1 +movzx eax, byte [esi] +push eax +push 1 +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +movzx eax, byte [ebp + ebx - 0x20] +add esp, 0x1c +push 1 +push eax +push 1 +movzx eax, byte [esi] +push eax +push 4 +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -loc_fffc65b3: ; not directly referenced +loc_fffc6016: ; not directly referenced inc ebx -add dword [ebp - 0x60], 0x13c3 +add esi, 0x13c3 cmp ebx, 2 -je loc_fffc6648 ; je 0xfffc6648 - -loc_fffc65c4: ; not directly referenced -mov eax, dword [ebp - 0x6c] -bt eax, ebx -jae short loc_fffc65b3 ; jae 0xfffc65b3 -imul eax, ebx, 0x48 -mov ecx, dword [ebp - 0x90] -mov esi, dword [ebp - 0xd8] -imul esi, dword [ecx + eax] -cmp byte [ebp - 0x6d], 0xd -mov dword [ebp - 0x50], esi -jne loc_fffc6561 ; jne 0xfffc6561 -cmp byte [ebp - 0x6e], 0 -setne dl -cmp dword [ebp + 0x1c], 0 -setne al -test dl, al -je short loc_fffc661e ; je 0xfffc661e -push 0 -push 0 -push 0 -push 0 -push 0 +jne loc_fffc5fa0 ; jne 0xfffc5fa0 +mov ecx, dword [ebp - 0x30] +mov eax, edi +push edx +push edx +xor edx, edx push 0 -push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x14 -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +push 1 +call fcn_fffcfc57 ; call 0xfffcfc57 +mov cl, byte [ebp - 0x3c] add esp, 0x10 +and ecx, 1 +mov byte [ebp - 0x2c], cl +test eax, eax +setne dl +test cl, dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +cmp byte [edi + 0x36ca], 2 +je short loc_fffc606c ; je 0xfffc606c -loc_fffc661e: ; not directly referenced -push 0 -push 0 -push 0 -push 0 -push dword [ebp - 0x50] -push 0 -push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 -cmp dword [ebp + 0x1c], 0 -jne short loc_fffc6648 ; jne 0xfffc6648 -sub esp, 0xc -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 +loc_fffc605a: ; not directly referenced +cmp byte [edi + 0x36ca], 2 +jne loc_fffc6126 ; jne 0xfffc6126 +jmp near loc_fffc6105 ; jmp 0xfffc6105 -loc_fffc6648: ; not directly referenced +loc_fffc606c: ; not directly referenced +mov ecx, dword [ebp - 0x30] +lea ebx, [ebp - 0x22] +mov edx, 2 push eax -xor eax, eax -movzx ecx, byte [edi + 0x248b] -cmp dword [ebp - 0x80], 0 -mov edx, dword [ebp - 0x6c] -push 0 -sete al push eax -lea eax, [ebp - 0x24] +mov eax, edi +push ebx +push 1 +call fcn_fffcfc57 ; call 0xfffcfc57 +add esp, 0x10 +test eax, eax +setne dl +test byte [ebp - 0x2c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +mov ecx, dword [ebp - 0x30] +mov edx, 1 +push eax push eax mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 +push ebx +push 1 +call fcn_fffcfc57 ; call 0xfffcfc57 add esp, 0x10 -mov byte [ebp - 0x6e], al -movzx eax, al -or dword [ebp - 0xb0], eax -cmp byte [ebp - 0xb1], 0 -jne loc_fffc689e ; jne 0xfffc689e -movzx eax, byte [ebp - 0xa1] -dec eax -cmp dword [ebp - 0x80], eax -jae loc_fffc689e ; jae 0xfffc689e -movzx eax, byte [ebp - 0x70] -cmp dword [ebp - 0xb0], eax -jne loc_fffc689e ; jne 0xfffc689e +test eax, eax +setne dl +test byte [ebp - 0x2c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +xor ebx, ebx +lea esi, [ebp - 0x20] -loc_fffc66a7: ; not directly referenced -cmp word [ebp - 0x28], 0 -jne loc_fffc6c97 ; jne 0xfffc6c97 +loc_fffc60be: ; not directly referenced +mov cl, bl +mov eax, 1 +shl eax, cl +mov cl, 0xc +cmp bl, 2 +cmovne ecx, eax +and cl, byte [ebp - 0x45] +jne short loc_fffc60df ; jne 0xfffc60df -loc_fffc66b2: ; not directly referenced -mov ecx, 4 -mov edx, 0x4800 +loc_fffc60d4: ; not directly referenced +inc ebx +cmp ebx, 3 +jne short loc_fffc60be ; jne 0xfffc60be +jmp near loc_fffc605a ; jmp 0xfffc605a + +loc_fffc60df: ; not directly referenced +push eax +mov edx, 4 +push eax +movzx ecx, cl +push esi mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov dword [ebp - 0xb0], 0 -mov dword [ebp - 0x80], 0 +push 1 +call fcn_fffcfc57 ; call 0xfffcfc57 +add esp, 0x10 +test eax, eax +setne dl +test byte [ebp - 0x2c], dl +je short loc_fffc60d4 ; je 0xfffc60d4 +jmp near loc_fffc66a6 ; jmp 0xfffc66a6 -loc_fffc66d4: ; not directly referenced -movzx eax, byte [ebp - 0xa1] -cmp dword [ebp - 0x80], eax -jae short loc_fffc66a7 ; jae 0xfffc66a7 -mov eax, dword [ebp - 0xa8] -xor ebx, ebx -mov dword [ebp - 0x98], 0 -mov dword [ebp - 0x60], eax -jmp near loc_fffc65c4 ; jmp 0xfffc65c4 +loc_fffc6105: ; not directly referenced +lea ebx, [edi + 0x3757] +mov dword [ebp - 0x2c], 0 -loc_fffc66fa: ; not directly referenced -cmp dword [ebp - 0x98], 0 -jne loc_fffc658d ; jne 0xfffc658d -cmp dword [ebp - 0x8c], 0 -jne short loc_fffc672b ; jne 0xfffc672b +loc_fffc6112: ; not directly referenced +cmp dword [ebx], 2 +je short loc_fffc6146 ; je 0xfffc6146 -loc_fffc6710: ; not directly referenced -sub esp, 0xc -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -mov dword [ebp - 0x98], 1 -jmp near loc_fffc658d ; jmp 0xfffc658d +loc_fffc6117: ; not directly referenced +inc dword [ebp - 0x2c] +add ebx, 0x13c3 +cmp dword [ebp - 0x2c], 2 +jne short loc_fffc6112 ; jne 0xfffc6112 -loc_fffc672b: ; not directly referenced -movzx eax, byte [ebp - 0x6e] -xor esi, esi -mov dword [ebp - 0xcc], eax -movzx eax, byte [ebp - 0x78] -mov dword [ebp - 0x98], eax +loc_fffc6126: ; not directly referenced +cmp dword [edi + 0x3757], 2 +jne loc_fffc61ef ; jne 0xfffc61ef +xor ecx, ecx +mov edx, 0x4198 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +jmp near loc_fffc61ef ; jmp 0xfffc61ef -loc_fffc6741: ; not directly referenced -mov eax, dword [ebp - 0xcc] -bt eax, esi -jae short loc_fffc678a ; jae 0xfffc678a -cmp dword [ebp - 0x88], 0 -jne short loc_fffc6770 ; jne 0xfffc6770 -push eax -push 0 -push 0 -push 3 -push dword [ebp - 0x98] -push 0 -push esi -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -jmp short loc_fffc678a ; jmp 0xfffc678a +loc_fffc6146: ; not directly referenced +mov eax, dword [ebx + 0x109] +cmp dword [ebx + 0x111], eax +cmovbe eax, dword [ebx + 0x111] +cmp dword [ebp - 0x44], 0 +je short loc_fffc6184 ; je 0xfffc6184 +mov esi, dword [ebx + 0x115] +cmp dword [ebx + 0x11d], esi +cmovbe esi, dword [ebx + 0x11d] +cmp esi, eax +cmova esi, eax -loc_fffc6770: ; not directly referenced -push 0 -mov ecx, dword [ebp - 0x98] -mov edx, ebx -push 0 +loc_fffc6177: ; not directly referenced +mov al, byte [ebx + 0xc4] +xor ecx, ecx +mov byte [ebp - 0x30], al +jmp short loc_fffc6191 ; jmp 0xfffc6191 + +loc_fffc6184: ; not directly referenced +mov esi, dword [ebx + 0x119] +cmp eax, esi +cmovbe esi, eax +jmp short loc_fffc6177 ; jmp 0xfffc6177 + +loc_fffc6191: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x30], dl +je short loc_fffc61b7 ; je 0xfffc61b7 +movzx eax, byte [ebx + ecx + 0x249] +movzx edx, byte [ebx + ecx + 0x245] +cmp eax, edx +cmovbe edx, eax +cmp esi, edx +cmova esi, edx + +loc_fffc61b7: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc6191 ; jne 0xfffc6191 +push 1 +mov edx, dword [ebp - 0x2c] +mov eax, esi +push 1 +neg eax +push eax +mov cl, 0xff +push 1 mov eax, edi -push 0 -push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +call fcn_fffac68e ; call 0xfffac68e +mov edx, dword [ebp - 0x40] +mov ecx, esi +imul eax, dword [ebp - 0x2c], 0xcc add esp, 0x10 +mov byte [edx + eax + 0xe2], cl +jmp near loc_fffc6117 ; jmp 0xfffc6117 -loc_fffc678a: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffc6741 ; jne 0xfffc6741 -jmp near loc_fffc6710 ; jmp 0xfffc6710 +loc_fffc61ef: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc6206 ; jne 0xfffc6206 +xor ecx, ecx +mov edx, 0x4598 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc6795: ; not directly referenced -push 0 -mov edx, ebx -push 0 +loc_fffc6206: ; not directly referenced +sub esp, 0xc +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +jmp near loc_fffc66a6 ; jmp 0xfffc66a6 + +loc_fffc6217: ; not directly referenced +mov eax, dword [edi + 0x3860] +mov edx, 3 +xor ebx, ebx +mov ecx, dword [ebp - 0x38] +mov byte [ebp - 0x1e], al +mov eax, dword [edi + 0x3868] +mov byte [ebp - 0x1a], al +mov eax, dword [edi + 0x4c23] +mov byte [ebp - 0x1d], al +mov eax, dword [edi + 0x4c2b] +mov byte [ebp - 0x19], al +push eax +push 1 +push 1 +push 0x14 +push 1 +lea eax, [ebp - 0x1e] +push eax mov eax, edi -push dword [ebp - 0x50] -push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -jmp near loc_fffc6844 ; jmp 0xfffc6844 +push 1 +push dword [ebp - 0x30] +call fcn_fffcffd1 ; call 0xfffcffd1 +add esp, 0x20 +mov dword [ebp - 0x2c], 0 -loc_fffc67ac: ; not directly referenced -mov eax, dword [ebp - 0x6c] -lea ecx, [ebx + 1] -sar eax, cl -mov cl, byte [ebp - 0x6d] -mov dword [ebp - 0x78], eax -cmp cl, 5 -sete al -test byte [ebp - 0xa2], al -jne short loc_fffc67d2 ; jne 0xfffc67d2 +loc_fffc6268: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc62e6 ; jne 0xfffc62e6 +imul ecx, ebx, 0x48 +mov esi, 0xa xor edx, edx -movzx esi, cl -jmp near loc_fffc6891 ; jmp 0xfffc6891 - -loc_fffc67d2: ; not directly referenced -imul edx, dword [ebp - 0xe0], 0x18 -imul eax, dword [ebp - 0xac], 0x128 -mov esi, dword [ebp - 0x60] -mov ecx, dword [ebp - 0x68] -add eax, edx -lea esi, [esi + eax + 0x1266] -mov ax, word [esi + 0xb] -push edx +mov eax, dword [edi + ecx + 0x3211] +div esi +xor edx, edx +mov dword [ebp - 0x50], eax +mov eax, dword [edi + ecx + 0x3215] +mov ecx, 2 +div esi +mov esi, dword [ebp - 0x50] +mov edx, esi +movsx edx, dl +mov dword [ebp - 0x4c], eax +movsx eax, byte [ebp - 0x4c] +sub eax, edx +cdq +idiv ecx +mov cl, byte [ebp - 0x4c] +mov edx, 0xc +add ecx, esi +cmp cl, 0x11 +cmova edx, dword [ebp - 0x2c] +mov dword [ebp - 0x2c], edx push edx -mov edx, ebx -or eax, 0x10 -movzx eax, ax +push 1 +add al, byte [ebp + ebx - 0x1e] +mov byte [ebp + ebx - 0x1e], al +movzx eax, al push eax -mov eax, edi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -push dword [ebp - 0x78] push 1 -push 0xff -push dword [ebp - 0x68] -push dword [ebp - 0x50] -push 0 +push dword [ebp - 0x30] +push 3 push ebx push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -mov ax, word [esi + 0xb] -add esp, 0x28 -mov ecx, dword [ebp - 0x68] -mov edx, ebx -and eax, 0xffef +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 + +loc_fffc62e6: ; not directly referenced +inc ebx +cmp ebx, 2 +jne loc_fffc6268 ; jne 0xfffc6268 +mov al, byte [ebp - 0x3c] +and eax, 1 +mov bl, al +mov byte [ebp - 0x3c], al +mov eax, dword [ebp - 0x2c] +test eax, eax +setne dl +test bl, dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +push eax +mov ecx, dword [ebp - 0x38] +mov edx, 2 +push 1 +xor ebx, ebx +push 1 +push 0x14 +push 1 +lea eax, [ebp - 0x1a] push eax mov eax, edi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -mov dword [ebp - 0x84], eax - -loc_fffc6844: ; not directly referenced -add esp, 0x10 -jmp near loc_fffc65b3 ; jmp 0xfffc65b3 +push 1 +push dword [ebp - 0x30] +call fcn_fffcffd1 ; call 0xfffcffd1 +add esp, 0x20 -loc_fffc684c: ; not directly referenced +loc_fffc6331: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc63af ; jne 0xfffc63af +imul ecx, ebx, 0x48 +mov esi, 0xa +xor edx, edx +mov eax, dword [edi + ecx + 0x3211] +div esi +xor edx, edx +mov dword [ebp - 0x50], eax +mov eax, dword [edi + ecx + 0x3215] +mov ecx, 2 +div esi +mov esi, dword [ebp - 0x50] +mov edx, esi +movsx edx, dl +mov dword [ebp - 0x4c], eax +movsx eax, byte [ebp - 0x4c] +sub eax, edx +cdq +idiv ecx +mov cl, byte [ebp - 0x4c] +mov edx, 0xc +add ecx, esi +cmp cl, 0x11 +cmova edx, dword [ebp - 0x2c] +push esi push 1 -movzx eax, dl -push dword [ebp - 0x78] -mov dword [ebp - 0xcc], edx -push 0 -push 0 +mov dword [ebp - 0x2c], edx +add al, byte [ebp + ebx - 0x1a] +mov byte [ebp + ebx - 0x1a], al +movzx eax, al push eax -push 0xff +push 1 +push dword [ebp - 0x30] +push 2 push ebx -push 0 -push dword [ebp - 0x80] -push dword [ebp - 0x50] -push esi push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -cmp dword [ebp - 0x9c], 0 -mov dword [ebp - 0x84], eax -jne loc_fffc65b3 ; jne 0xfffc65b3 -mov edx, dword [ebp - 0xcc] -inc edx - -loc_fffc6891: ; not directly referenced -cmp dl, byte [edi + 0x2488] -jb short loc_fffc684c ; jb 0xfffc684c -jmp near loc_fffc65b3 ; jmp 0xfffc65b3 - -loc_fffc689e: ; not directly referenced -mov eax, dword [ebp - 0x90] -xor ebx, ebx -mov dword [ebp - 0x98], eax -jmp short loc_fffc68c6 ; jmp 0xfffc68c6 - -loc_fffc68ae: ; not directly referenced -cmp byte [ebp + ebx - 0x40], 1 -jne short loc_fffc68d0 ; jne 0xfffc68d0 +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffc68b5: ; not directly referenced +loc_fffc63af: ; not directly referenced inc ebx -add dword [ebp - 0x98], 0x48 cmp ebx, 2 -je loc_fffc6bb5 ; je 0xfffc6bb5 - -loc_fffc68c6: ; not directly referenced -cmp word [ebp + ebx*2 - 0x28], 1 -mov al, bl -je short loc_fffc68ae ; je 0xfffc68ae - -loc_fffc68d0: ; not directly referenced -mov esi, dword [ebp - 0x6c] -bt esi, ebx -jae short loc_fffc68b5 ; jae 0xfffc68b5 -xor esi, esi -mov edx, ebx -cmp dword [ebp - 0x74], 0 -cmove esi, eax -mov eax, esi -shl edx, 0xa -add edx, 0x4114 -mov byte [ebp - 0x58], al -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov esi, dword [ebp - 0x98] -mov dl, byte [ebp + ebx - 0x3e] -mov esi, dword [esi] -mov ecx, esi -sub ecx, edx -and eax, 0x7fffff -mov dword [ebp - 0x78], eax -movzx eax, byte [ebp - 0x58] -mov dword [ebp - 0x50], esi -mov byte [ebp - 0x60], cl -jne loc_fffc69cb ; jne 0xfffc69cb -mov cl, byte [ebp - 0x50] -cmp cl, byte [ebp + eax - 0x3c] -jne short loc_fffc698c ; jne 0xfffc698c -cmp byte [ebp - 0x60], 0 -jns short loc_fffc6951 ; jns 0xfffc6951 -cmp byte [ebp + eax - 0x3a], cl -jne short loc_fffc6941 ; jne 0xfffc6941 - -loc_fffc6935: ; not directly referenced -mov al, byte [ebp - 0x50] -mov byte [ebp + ebx - 0x3e], al -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 - -loc_fffc6941: ; not directly referenced -mov dword [ebp - 0x2c], 1 - -loc_fffc6948: ; not directly referenced +jne loc_fffc6331 ; jne 0xfffc6331 mov eax, dword [ebp - 0x2c] test eax, eax -jne short loc_fffc6948 ; jne 0xfffc6948 -jmp short loc_fffc6935 ; jmp 0xfffc6935 - -loc_fffc6951: ; not directly referenced -cmp byte [ebp - 0x60], 1 -jne short loc_fffc696d ; jne 0xfffc696d -mov eax, dword [ebp + ebx*4 - 0x20] -shr eax, 8 -xor ah, ah -mov dword [ebp + ebx*4 - 0x20], eax -mov al, byte [ebp - 0x50] -mov byte [ebx + ebp - 0x3e], al -jmp short loc_fffc69b3 ; jmp 0xfffc69b3 +setne dl +test byte [ebp - 0x3c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +mov eax, dword [edi + 0x386c] +mov edx, 2 +xor bl, bl +mov byte [ebp - 0x1a], al +mov eax, dword [edi + 0x3874] +mov byte [ebp - 0x1c], al +mov eax, dword [edi + 0x4c2f] +mov byte [ebp - 0x19], al +mov eax, dword [edi + 0x4c37] +push ecx +mov ecx, dword [ebp - 0x38] +push 1 +push 1 +push 0x14 +push 1 +mov byte [ebp - 0x1b], al +lea eax, [ebp - 0x1a] +push eax +mov eax, edi +push 2 +push dword [ebp - 0x30] +call fcn_fffcffd1 ; call 0xfffcffd1 +add esp, 0x20 -loc_fffc696d: ; not directly referenced -xor eax, eax -cmp byte [ebp - 0x60], 2 -je loc_fffc6a1d ; je 0xfffc6a1d -mov dword [ebp - 0x30], 1 - -loc_fffc6980: ; not directly referenced -mov eax, dword [ebp - 0x30] -test eax, eax -jne short loc_fffc6980 ; jne 0xfffc6980 -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 - -loc_fffc698c: ; not directly referenced -mov cl, byte [ebp - 0x50] -cmp cl, byte [ebp + eax - 0x3a] -jne loc_fffc6b0b ; jne 0xfffc6b0b -cmp word [ebp + ebx*2 - 0x28], 1 -je loc_fffc68b5 ; je 0xfffc68b5 -cmp byte [ebp - 0x60], 0xff -jne short loc_fffc69bf ; jne 0xfffc69bf -and dword [ebp + ebx*4 - 0x20], 0xffffff00 - -loc_fffc69b3: ; not directly referenced -mov word [ebp + ebx*2 - 0x28], 1 -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 - -loc_fffc69bf: ; not directly referenced -mov al, byte [ebp - 0x50] -mov byte [ebx + ebp - 0x3e], al -jmp near loc_fffc6b02 ; jmp 0xfffc6b02 - -loc_fffc69cb: ; not directly referenced -mov cl, byte [ebp + eax - 0x3c] -mov byte [ebp - 0xcc], cl -cmp byte [ebp - 0x50], cl -jne short loc_fffc6a3f ; jne 0xfffc6a3f -cmp byte [ebp - 0x60], 2 -jle short loc_fffc69f3 ; jle 0xfffc69f3 -mov dword [ebp - 0x34], 1 - -loc_fffc69e7: ; not directly referenced -mov eax, dword [ebp - 0x34] -test eax, eax -jne short loc_fffc69e7 ; jne 0xfffc69e7 -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 - -loc_fffc69f3: ; not directly referenced -mov eax, dword [ebp - 0x78] -je short loc_fffc6a1d ; je 0xfffc6a1d -call fcn_fffaebf8 ; call 0xfffaebf8 -mov edx, dword [ebp + ebx*4 - 0x20] -mov byte [ebp + ebx - 0x40], 0 -and edx, 0xff00ffff -movzx eax, al -shl eax, 0x10 -or eax, edx -mov dword [ebp + ebx*4 - 0x20], eax -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 - -loc_fffc6a1d: ; not directly referenced -call fcn_fffaebf8 ; call 0xfffaebf8 -mov edx, dword [ebp + ebx*4 - 0x20] -mov byte [ebp + ebx - 0x40], 1 -and edx, 0xffffff -shl eax, 0x18 -or eax, edx -mov dword [ebp + ebx*4 - 0x20], eax -jmp near loc_fffc6b19 ; jmp 0xfffc6b19 - -loc_fffc6a3f: ; not directly referenced -mov cl, byte [ebp - 0x50] -cmp cl, byte [ebp + eax - 0x3a] -jne loc_fffc6b0b ; jne 0xfffc6b0b -inc dl -je short loc_fffc6ac9 ; je 0xfffc6ac9 -cmp byte [ebp - 0x60], 0 -jg short loc_fffc6ac9 ; jg 0xfffc6ac9 -movsx eax, byte [ebp - 0x60] -mov esi, eax -mov eax, dword [ebp - 0x78] -call fcn_fffaebf8 ; call 0xfffaebf8 -mov ecx, dword [ebp + ebx*4 - 0x20] -mov edx, 1 -sub edx, esi -shl edx, 3 -mov dword [ebp - 0xd4], ecx -lea ecx, [edx + 0x1f] -mov dword [ebp - 0xd0], eax -mov eax, esi -xor esi, esi -cmp cl, 0x3e -ja short loc_fffc6abb ; ja 0xfffc6abb -mov esi, eax -mov eax, 0xff -lea ecx, [esi*8 + 8] -movzx esi, byte [ebp - 0xd0] -shl eax, cl -not eax -and eax, dword [ebp - 0xd4] -shl esi, cl -mov cl, dl -or esi, eax -test dl, dl -jle short loc_fffc6ab7 ; jle 0xfffc6ab7 -shl esi, cl -jmp short loc_fffc6abb ; jmp 0xfffc6abb - -loc_fffc6ab7: ; not directly referenced -neg ecx -shr esi, cl - -loc_fffc6abb: ; not directly referenced -mov al, byte [ebp - 0x50] -mov dword [ebp + ebx*4 - 0x20], esi -dec eax -mov byte [ebp + ebx - 0x3e], al -jmp short loc_fffc6aec ; jmp 0xfffc6aec - -loc_fffc6ac9: ; not directly referenced -mov eax, dword [ebp - 0x78] -mov esi, dword [ebp + ebx*4 - 0x20] -call fcn_fffaebf8 ; call 0xfffaebf8 -movzx edx, si -and esi, 0xff0000 -shr esi, 8 -add esi, eax -shl esi, 0x10 -or esi, edx -mov dword [ebp + ebx*4 - 0x20], esi - -loc_fffc6aec: ; not directly referenced -mov al, byte [ebp - 0xcc] -cmp byte [ebp - 0x50], al -jae short loc_fffc6afc ; jae 0xfffc6afc -mov byte [ebp + ebx - 0x40], 1 - -loc_fffc6afc: ; not directly referenced -cmp byte [ebp - 0x60], 0 -jg short loc_fffc6b19 ; jg 0xfffc6b19 - -loc_fffc6b02: ; not directly referenced -mov word [ebp + ebx*2 - 0x28], 0 -jmp short loc_fffc6b19 ; jmp 0xfffc6b19 - -loc_fffc6b0b: ; not directly referenced -mov dword [ebp - 0x38], 1 - -loc_fffc6b12: ; not directly referenced -mov eax, dword [ebp - 0x38] -test eax, eax -jne short loc_fffc6b12 ; jne 0xfffc6b12 - -loc_fffc6b19: ; not directly referenced -mov al, byte [ebp + ebx - 0x42] -cmp byte [ebp - 0x50], al -jne short loc_fffc6b27 ; jne 0xfffc6b27 -mov byte [ebp + ebx - 0x40], 1 - -loc_fffc6b27: ; not directly referenced -cmp dword [ebp - 0x78], 0 -jne short loc_fffc6b42 ; jne 0xfffc6b42 -cmp al, byte [ebp + ebx - 0x3e] -jne short loc_fffc6b42 ; jne 0xfffc6b42 -cmp word [ebp + ebx*2 - 0x28], 1 -jne short loc_fffc6b42 ; jne 0xfffc6b42 -mov word [ebp + ebx*4 - 0x1e], 0xfffe - -loc_fffc6b42: ; not directly referenced -cmp byte [ebp - 0x50], 0 -jne short loc_fffc6b66 ; jne 0xfffc6b66 -cmp dword [ebp - 0x78], 0 -mov word [ebp + ebx*2 - 0x28], 1 -je short loc_fffc6b66 ; je 0xfffc6b66 -mov byte [ebp + ebx - 0x40], 1 -mov byte [ebp + ebx - 0x3e], 0 -mov word [ebp + ebx*4 - 0x1e], 0x707 - -loc_fffc6b66: ; not directly referenced -cmp dword [ebp - 0x74], 0 -jne loc_fffc68b5 ; jne 0xfffc68b5 -cmp word [ebp + ebx*2 - 0x28], 1 -jne short loc_fffc6b9c ; jne 0xfffc6b9c -cmp byte [ebp + ebx - 0x40], 1 -je loc_fffc68b5 ; je 0xfffc68b5 -mov al, byte [ebp + ebx - 0x3c] -mov esi, dword [ebp - 0x98] -inc eax -mov byte [ebp + ebx - 0x3c], al -movzx eax, al -mov dword [esi], eax -jmp near loc_fffc68b5 ; jmp 0xfffc68b5 - -loc_fffc6b9c: ; not directly referenced -mov al, byte [ebp + ebx - 0x3a] -mov ecx, dword [ebp - 0x98] -dec eax -mov byte [ebp + ebx - 0x3a], al +loc_fffc6414: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc6492 ; jne 0xfffc6492 +imul ecx, ebx, 0x48 +mov esi, 0xa +xor edx, edx +mov eax, dword [edi + ecx + 0x3211] +div esi +xor edx, edx +mov dword [ebp - 0x50], eax +mov eax, dword [edi + ecx + 0x3215] +mov ecx, 2 +div esi +mov esi, dword [ebp - 0x50] +mov edx, esi +movsx edx, dl +mov dword [ebp - 0x4c], eax +movsx eax, byte [ebp - 0x4c] +sub eax, edx +cdq +idiv ecx +mov cl, byte [ebp - 0x4c] +mov edx, 0xc +add ecx, esi +cmp cl, 0x11 +cmova edx, dword [ebp - 0x2c] +mov dword [ebp - 0x2c], edx +push edx +push 1 +add al, byte [ebp + ebx - 0x1a] +mov byte [ebp + ebx - 0x1a], al movzx eax, al -mov dword [ecx], eax -jmp near loc_fffc68b5 ; jmp 0xfffc68b5 - -loc_fffc6bb5: ; not directly referenced -cmp dword [ebp - 0x74], 0 -je loc_fffc6c8f ; je 0xfffc6c8f -cmp word [ebp - 0x28], 1 -jne loc_fffc6c7b ; jne 0xfffc6c7b -cmp word [ebp - 0x26], 1 -jne loc_fffc6c7b ; jne 0xfffc6c7b -cmp byte [ebp - 0x40], 1 -jne short loc_fffc6be5 ; jne 0xfffc6be5 -cmp byte [ebp - 0x3f], 1 -je loc_fffc6c8f ; je 0xfffc6c8f - -loc_fffc6be5: ; not directly referenced -movzx eax, byte [ebp - 0x58] -mov bl, byte [ebp + eax - 0x3c] -lea edx, [ebx + 1] -mov byte [ebp + eax - 0x3c], dl - -loc_fffc6bf4: ; not directly referenced -imul ecx, dword [ebp - 0x64], 0x24 -movzx edx, dl -imul eax, eax, 0x12 -mov ebx, dword [ebp - 0x54] -add eax, ecx -add eax, dword [ebp - 0x4c] -mov dword [ebx + eax*4], edx -test byte [ebp - 0x70], 1 -je short loc_fffc6c3f ; je 0xfffc6c3f -movzx eax, byte [ebp - 0x58] -imul ecx, dword [ebp - 0x64], 0x24 -mov ebx, dword [ebp - 0x54] -mov esi, dword [ebp - 0x7c] -imul edx, eax, 0x12 -add edx, ecx -add edx, dword [ebp - 0x4c] -mov edx, dword [ebx + edx*4] -mov ebx, dword [ebp - 0x94] -mov dword [ebx + esi], edx -mov dl, byte [ebp + eax - 0x3a] -mov al, byte [ebp + eax - 0x3c] -mov byte [ebp - 0x3a], dl -mov byte [ebp - 0x3c], al - -loc_fffc6c3f: ; not directly referenced -cmp dword [ebp - 0xa0], 0 -je short loc_fffc6c8f ; je 0xfffc6c8f -movzx eax, byte [ebp - 0x58] -imul ecx, dword [ebp - 0x64], 0x24 -mov ebx, dword [ebp - 0x94] -mov esi, dword [ebp - 0x7c] -imul edx, eax, 0x12 -add edx, ecx -mov ecx, dword [ebp - 0x54] -add edx, dword [ebp - 0x4c] -mov edx, dword [ecx + edx*4] -mov dword [ebx + esi + 0x48], edx -mov dl, byte [ebp + eax - 0x3a] -mov al, byte [ebp + eax - 0x3c] -mov byte [ebp - 0x39], dl -mov byte [ebp - 0x3b], al -jmp short loc_fffc6c8f ; jmp 0xfffc6c8f - -loc_fffc6c7b: ; not directly referenced -movzx eax, byte [ebp - 0x58] -mov bl, byte [ebp + eax - 0x3a] -lea edx, [ebx - 1] -mov byte [ebp + eax - 0x3a], dl -jmp near loc_fffc6bf4 ; jmp 0xfffc6bf4 - -loc_fffc6c8f: ; not directly referenced -inc dword [ebp - 0x80] -jmp near loc_fffc66d4 ; jmp 0xfffc66d4 - -loc_fffc6c97: ; not directly referenced -cmp byte [ebp - 0x40], 0 -je loc_fffc66b2 ; je 0xfffc66b2 -cmp word [ebp - 0x26], 0 -je loc_fffc66b2 ; je 0xfffc66b2 -cmp byte [ebp - 0x3f], 0 -je loc_fffc66b2 ; je 0xfffc66b2 -xor ebx, ebx - -loc_fffc6cb8: ; not directly referenced -mov eax, dword [ebp - 0x6c] -bt eax, ebx -jae short loc_fffc6d0d ; jae 0xfffc6d0d -cmp byte [ebp - 0xb1], 0 -je short loc_fffc6cf9 ; je 0xfffc6cf9 -mov edx, dword [ebp + ebx*4 - 0x20] -sub esp, 0xc -movzx eax, byte [ebp + ebx - 0x3e] -push dword [ebp + 0x18] -mov ecx, edx -shr edx, 0x10 -shr ecx, 0x18 -movzx edx, dl -call fcn_fffaa348 ; call 0xfffaa348 -imul edx, ebx, 0x48 -mov ecx, dword [ebp - 0x90] -add esp, 0x10 -mov dword [ecx + edx], eax -jmp short loc_fffc6d0d ; jmp 0xfffc6d0d - -loc_fffc6cf9: ; not directly referenced -movzx edx, byte [ebp + ebx - 0x3e] -imul eax, ebx, 0x48 -mov esi, dword [ebp - 0x90] -imul edx, edx, 0xa -mov dword [esi + eax], edx +push eax +push 2 +push dword [ebp - 0x30] +push 2 +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffc6d0d: ; not directly referenced +loc_fffc6492: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffc6cb8 ; jne 0xfffc6cb8 -inc dword [ebp - 0x4c] -add dword [ebp - 0x7c], 4 -cmp dword [ebp - 0x4c], 2 -jne loc_fffc61f5 ; jne 0xfffc61f5 -cmp byte [ebp - 0x5c], 0xd -jne short loc_fffc6d46 ; jne 0xfffc6d46 -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 +jne loc_fffc6414 ; jne 0xfffc6414 +mov eax, dword [ebp - 0x2c] +test eax, eax +setne dl +test byte [ebp - 0x3c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +push eax +mov ecx, dword [ebp - 0x38] +mov edx, 1 +push 1 +xor bl, bl +push 1 +push 0x14 +push 1 +lea eax, [ebp - 0x1c] +push eax +mov eax, edi push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb +push dword [ebp - 0x30] +call fcn_fffcffd1 ; call 0xfffcffd1 add esp, 0x20 -jmp near loc_fffc6e84 ; jmp 0xfffc6e84 - -loc_fffc6d46: ; not directly referenced -cmp byte [ebp - 0x5c], 0xc -jne short loc_fffc6d9a ; jne 0xfffc6d9a -xor ebx, ebx -loc_fffc6d4e: ; not directly referenced +loc_fffc64d3: ; not directly referenced imul eax, ebx, 0x13c3 -cmp dword [ebp - 0x88], 0 -movzx ecx, byte [edi + eax + 0x381a] -jne short loc_fffc6d7b ; jne 0xfffc6d7b +cmp dword [edi + eax + 0x3757], 2 +jne short loc_fffc6551 ; jne 0xfffc6551 +imul ecx, ebx, 0x48 +mov esi, 0xa +xor edx, edx +mov eax, dword [edi + ecx + 0x3211] +div esi +xor edx, edx +mov dword [ebp - 0x4c], eax +mov eax, dword [edi + ecx + 0x3215] +mov ecx, 2 +div esi +mov esi, dword [ebp - 0x4c] +mov edx, esi +movsx edx, dl +mov dword [ebp - 0x38], eax +movsx eax, byte [ebp - 0x38] +sub eax, edx +cdq +idiv ecx +mov cl, byte [ebp - 0x38] +mov edx, 0xc +add ecx, esi +cmp cl, 0x11 +cmova edx, dword [ebp - 0x2c] push esi -push 0 -push 0 -push 3 -push ecx -push 0 +push 1 +mov dword [ebp - 0x2c], edx +add al, byte [ebp + ebx - 0x1c] +mov byte [ebp + ebx - 0x1c], al +movzx eax, al +push eax +push 2 +push dword [ebp - 0x30] +push 1 push ebx push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -jmp short loc_fffc6d8f ; jmp 0xfffc6d8f - -loc_fffc6d7b: ; not directly referenced -push 0 -mov edx, ebx -push 0 -mov eax, edi -push 0 -push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -add esp, 0x10 -loc_fffc6d8f: ; not directly referenced +loc_fffc6551: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffc6d4e ; jne 0xfffc6d4e -jmp near loc_fffc6e84 ; jmp 0xfffc6e84 - -loc_fffc6d9a: ; not directly referenced -cmp byte [ebp - 0x5c], 5 -sete al -test byte [ebp - 0xa2], al -je loc_fffc6e5c ; je 0xfffc6e5c -mov edx, dword [ebp - 0xc8] -xor ebx, ebx -mov eax, dword [ebp - 0xa8] -and edx, 1 -mov dword [ebp - 0x4c], eax -imul edx, edx, 0x18 -imul eax, dword [ebp - 0xac], 0x128 -add eax, edx -mov dword [ebp - 0x58], eax +jne loc_fffc64d3 ; jne 0xfffc64d3 +mov eax, dword [ebp - 0x2c] +test eax, eax +setne dl +test byte [ebp - 0x3c], dl +jne loc_fffc66a6 ; jne 0xfffc66a6 +lea eax, [edi + 0x3757] +mov bx, 0x4908 +mov dword [ebp - 0x2c], eax -loc_fffc6dd3: ; not directly referenced -mov esi, dword [ebp - 0x6c] -lea eax, [ebx + 1] -mov cl, al -mov edx, dword [ebp - 0x58] -mov dword [ebp - 0x50], eax -sar esi, cl -mov ecx, dword [ebp - 0x4c] -mov dword [ebp - 0x54], esi -lea esi, [ecx + edx + 0x1266] -mov ecx, dword [ebp - 0x68] -mov ax, word [esi + 0xb] -push edx -push edx +loc_fffc6579: ; not directly referenced +mov eax, dword [ebp - 0x2c] +cmp dword [eax], 2 +jne loc_fffc6622 ; jne 0xfffc6622 +xor ecx, ecx mov edx, ebx -or eax, 0x10 -movzx eax, ax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +xor eax, eax +mov edx, 0x80080020 +mov ecx, eax +or ecx, 0x80000 +and ecx, 0xfffff807 +or ecx, 8 +mov eax, ecx +push ecx +push ecx +push edx +lea esi, [ebx + ebx - 0x4900] push eax +mov edx, esi mov eax, edi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -push dword [ebp - 0x54] -push 1 -push 0xff -push dword [ebp - 0x68] -push 0 -push 0 -push ebx -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -mov ax, word [esi + 0xb] -add esp, 0x28 -mov ecx, dword [ebp - 0x68] +call fcn_fffb3506 ; call 0xfffb3506 mov edx, ebx -and eax, 0xffef -push eax +mov ecx, 0x2c08 +shl edx, 8 mov eax, edi -push 3 -call fcn_fffafd52 ; call 0xfffafd52 -mov ebx, dword [ebp - 0x50] +sub edx, 0x48c668 +call fcn_fffb3381 ; call 0xfffb3381 +lea edx, [ebx + 0x50] +mov ecx, 0xff +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b add esp, 0x10 -add dword [ebp - 0x4c], 0x13c3 -mov dword [ebp - 0x84], eax -cmp ebx, 2 -jne loc_fffc6dd3 ; jne 0xfffc6dd3 -jmp short loc_fffc6e84 ; jmp 0xfffc6e84 +cmp dword [ebp - 0x34], 1 +jne short loc_fffc65fc ; jne 0xfffc65fc +lea edx, [ebx + 0x51] +mov ecx, 0xff +mov eax, edi +call fcn_fffb335b ; call 0xfffb335b -loc_fffc6e5c: ; not directly referenced -push 2 -movzx eax, byte [ebp - 0x5c] -push 0 -push 0 -push 0 -push 0 -push 0 +loc_fffc65fc: ; not directly referenced +push ecx +mov eax, edi +push ecx push 0 -push 1 push 0 +lea edx, [esi - 0x38] +call fcn_fffb3506 ; call 0xfffb3506 +pop eax +mov eax, edi +pop edx +lea edx, [esi - 0x28] push 0 -push eax -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov dword [ebp - 0x84], eax +push 0x3f8 +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 + +loc_fffc6622: ; not directly referenced +add ebx, 4 +add dword [ebp - 0x2c], 0x13c3 +cmp ebx, 0x4910 +jne loc_fffc6579 ; jne 0xfffc6579 +xor bx, bx +lea esi, [ebp - 0x20] + +loc_fffc663e: ; not directly referenced +mov eax, 1 +mov cl, bl +shl eax, cl +test byte [ebp - 0x45], al +jne short loc_fffc6657 ; jne 0xfffc6657 + +loc_fffc664c: ; not directly referenced +inc ebx +cmp ebx, 4 +jne short loc_fffc663e ; jne 0xfffc663e +jmp near loc_fffc605a ; jmp 0xfffc605a + +loc_fffc6657: ; not directly referenced +test byte [edi + 0x381b], al +jne short loc_fffc6665 ; jne 0xfffc6665 +mov byte [ebp - 0x20], 0 +jmp short loc_fffc666f ; jmp 0xfffc666f + +loc_fffc6665: ; not directly referenced +mov dl, byte [edi + ebx + 0x399c] +mov byte [ebp - 0x20], dl + +loc_fffc666f: ; not directly referenced +test byte [edi + 0x4bde], al +je short loc_fffc6683 ; je 0xfffc6683 +mov dl, byte [edi + ebx + 0x4d5f] +mov byte [ebp - 0x1f], dl +jmp short loc_fffc6687 ; jmp 0xfffc6687 + +loc_fffc6683: ; not directly referenced +mov byte [ebp - 0x1f], 0 -loc_fffc6e84: ; not directly referenced +loc_fffc6687: ; not directly referenced +push edx +mov ecx, eax +push edx +mov edx, 4 +push esi +push eax mov eax, edi -xor ecx, ecx -mov edx, 0x4cf0 -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, dword [ebp - 0x84] +call fcn_fffcfc57 ; call 0xfffcfc57 +add esp, 0x10 +test eax, eax +setne dl +test byte [ebp - 0x3c], dl +je short loc_fffc664c ; je 0xfffc664c -loc_fffc6e98: ; not directly referenced +loc_fffc66a6: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -52668,1489 +51781,1362 @@ pop edi pop ebp ret -fcn_fffc6ea0: ; not directly referenced +fcn_fffc66ae: ; not directly referenced push ebp -mov ecx, 8 mov ebp, esp push edi +mov edi, eax push esi push ebx -sub esp, 0x178 -mov eax, dword [ebp + 8] -lea edi, [ebp - 0xe8] -mov edx, dword [ebp + 0xc] -mov dword [ebp - 0xbc], fcn_fffaafc2 ; mov dword [ebp - 0xbc], 0xfffaafc2 -mov dword [ebp - 0xb0], fcn_fffaafda ; mov dword [ebp - 0xb0], 0xfffaafda -mov dword [ebp - 0x130], eax -xor eax, eax -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0xf8] -mov dword [ebp - 0x12c], edx -mov edx, 0xcf8 -mov dword [ebp - 0x5c], fcn_fffab0f8 ; mov dword [ebp - 0x5c], 0xfffab0f8 -mov dword [ebp - 0x58], fcn_fffab0ef ; mov dword [ebp - 0x58], 0xfffab0ef -mov dword [ebp - 0xa4], fcn_fffb3d4e ; mov dword [ebp - 0xa4], 0xfffb3d4e -mov dword [ebp - 0xa0], fcn_fffb3dc0 ; mov dword [ebp - 0xa0], 0xfffb3dc0 -mov cl, 4 -rep stosd ; rep stosd dword es:[edi], eax -mov eax, 0x80000048 -mov dword [ebp - 0x7c], fcn_fffc3868 ; mov dword [ebp - 0x7c], 0xfffc3868 -mov dword [ebp - 0x78], fcn_fffc3844 ; mov dword [ebp - 0x78], 0xfffc3844 -out dx, eax -push 0xcfc -call fcn_fffaafc2 ; call 0xfffaafc2 -add esp, 0x10 -mov ebx, eax -test al, 1 -jne short loc_fffc6f40 ; jne 0xfffc6f40 +sub esp, 0xdc +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x4c], ecx +mov ebx, dword [ebp + 8] +mov byte [ebp - 0x70], cl +mov cl, byte [ebp + 0x10] +mov dword [ebp - 0x50], edx +xor edx, edx +mov dword [ebp - 0x5c], eax +mov byte [ebp - 0xc8], bl +mov byte [ebp - 0xb1], cl +mov cl, byte [ebp + 0x14] +mov byte [ebp - 0x6d], al +mov byte [ebp - 0x6f], cl +mov ecx, dword [edi + 0x2444] +mov dword [ebp - 0xb8], ecx +cmp al, 0x21 +ja short loc_fffc6702 ; ja 0xfffc6702 +movzx eax, byte [ebp - 0x5c] +mov dl, byte [eax + ref_fffd58e0] ; mov dl, byte [eax - 0x2a720] -loc_fffc6f39: ; not directly referenced -xor eax, eax -jmp near loc_fffc82ec ; jmp 0xfffc82ec +loc_fffc6702: ; not directly referenced +mov eax, dword [edi + 0x188b] +cmp byte [edi + 0x248c], 1 +mov esi, dword [edi + 0x2481] +mov dword [ebp - 0x88], eax +jne short loc_fffc6737 ; jne 0xfffc6737 +mov al, byte [edi + 0x248d] +lea ecx, [eax + 4] +mov byte [ebp - 0x24], al +mov byte [ebp - 0x23], al +add eax, 2 +mov byte [ebp - 0x22], cl +mov byte [ebp - 0x21], al +jmp short loc_fffc6747 ; jmp 0xfffc6747 -loc_fffc6f40: ; not directly referenced -push 0x60 -mov esi, dword [ebp - 0xb0] -push 0 -push 0 -push 0 -call dword [ebp - 0x7c] ; ucall -pop edi -pop edx -push eax -push 0xcf8 -call esi -mov dword [esp], 0xcfc -call dword [ebp - 0xbc] ; ucall -add esp, 0x10 -test al, 1 -je short loc_fffc6f39 ; je 0xfffc6f39 -and eax, 0xfffffff8 -mov esi, eax -call fcn_fffa6801 ; call 0xfffa6801 -mov dword [ebp - 0x144], 0 -cmp eax, 0x40660 -setne cl -cmp eax, 0x306c0 -setne dl -test cl, dl -je short loc_fffc6fa8 ; je 0xfffc6fa8 -cmp eax, 0x40650 -setne al +loc_fffc6737: ; not directly referenced +mov byte [ebp - 0x24], 1 +mov byte [ebp - 0x23], 1 +mov byte [ebp - 0x22], 1 +mov byte [ebp - 0x21], 1 + +loc_fffc6747: ; not directly referenced +mov eax, dword [ebp - 0x5c] +mov dword [ebp - 0x9c], 1 +cmp al, 0x21 +sete cl +cmp al, 0x11 +sete al +or cl, al +jne short loc_fffc6771 ; jne 0xfffc6771 +xor eax, eax +cmp byte [ebp - 0x5c], 5 +sete al +mov dword [ebp - 0x9c], eax + +loc_fffc6771: ; not directly referenced +cmp byte [ebp - 0x5c], 0xd +mov dword [ebp - 0x74], 0 +jne short loc_fffc6798 ; jne 0xfffc6798 +movzx eax, byte [ebp - 0x4c] +mov dword [ebp - 0x54], edx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x54] +cmp al, 1 +seta al movzx eax, al -mov dword [ebp - 0x144], eax +mov dword [ebp - 0x74], eax -loc_fffc6fa8: ; not directly referenced -push 0xbc -and ebx, 0xfffffffe -push 0 -push 0 -push 0 -call dword [ebp - 0x78] ; ucall -add eax, esi -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -push 0x90 -push 0 -push 0 -push 0 -mov dword [ebp - 0x160], eax -call dword [ebp - 0x78] ; ucall -add esp, 0x14 -add eax, esi -push eax -call dword [ebp - 0xa0] ; ucall -push 0x98 -push 0 -push 0 -push 0 -mov dword [ebp - 0x150], edx -mov dword [ebp - 0x138], eax -call dword [ebp - 0x78] ; ucall -add esp, 0x14 -add esi, eax -push esi -call dword [ebp - 0xa0] ; ucall -mov edi, eax -lea eax, [ebx + 0x5024] -or edi, 0xfffff -mov dword [ebp - 0x164], edx -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x154], eax -lea eax, [ebx + 0x5014] -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x140], eax -lea eax, [ebx + 0x5000] -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [ebp - 0x148], eax -lea eax, [ebx + 0x5004] -add ebx, 0x5008 -mov dword [esp], eax -call dword [ebp - 0xa4] ; ucall -mov dword [esp], ebx +loc_fffc6798: ; not directly referenced +mov eax, 2 +cmp bl, 3 +ja loc_fffc74f5 ; ja 0xfffc74f5 +mov al, byte [ebp - 0x5c] +movzx edx, dl +mov dword [ebp - 0x68], 1 +mov dword [ebp - 0x7c], 0 +mov byte [ebp - 0x6e], 0 +shr al, 4 +inc eax +mov byte [ebp - 0xa1], al +xor eax, eax +cmp esi, 3 +sete al +cmp esi, 2 +mov dword [ebp - 0x8c], eax +movzx eax, bl +sete byte [ebp - 0xa2] +mov cl, al +imul edx, edx, 0x240 +mov dword [ebp - 0x64], eax +imul eax, eax, 0x90 +add edx, dword [ebp - 0x50] +shl dword [ebp - 0x68], cl +shr bl, 1 mov esi, eax -call dword [ebp - 0xa4] ; ucall -mov ecx, dword [ebp - 0x138] -add esp, 0xc -mov ebx, dword [ebp - 0x140] -mov edx, dword [ebp - 0x164] -push 0x16 -and ecx, 0xfff00000 -mov dword [ebp - 0x110], ecx -mov ecx, dword [ebp - 0x150] -mov dword [ebp - 0x138], edi -xor edi, edi -and edx, 0x7f -push edi -and ecx, 0x7f -mov dword [ebp - 0x10c], ecx -movzx ecx, bl -push ecx -mov dword [ebp - 0x104], esi -mov esi, ecx -mov dword [ebp - 0x100], eax -mov dword [ebp - 0xfc], 0 -mov dword [ebp - 0x134], edx -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 0x16 -push edi -mov edi, ebx -push esi -mov dword [ebp - 0x150], eax -mov dword [ebp - 0x14c], edx -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -xor edx, edx -push 0xe -mov eax, ebx -and eax, 0xff00 -push edx +movzx ebx, bl +mov dword [ebp - 0xdc], eax +movzx eax, byte [ebp - 0x4c] +mov dword [ebp - 0x54], edx +add edx, esi +mov dword [ebp - 0xac], ebx +mov dword [ebp - 0x94], edx +mov dword [ebp - 0x6c], eax +sar eax, 1 +mov dword [ebp - 0xa0], eax +mov eax, dword [ebp - 0xc8] +and dword [ebp - 0xa0], 1 +mov dword [ebp - 0x4c], 0 +and eax, 1 +mov dword [ebp - 0x84], 0 +mov byte [ebp - 0x58], 0 +mov dword [ebp - 0xe0], eax + +loc_fffc6852: ; not directly referenced +mov esi, dword [ebp - 0xb8] +mov ebx, dword [ebp - 0x4c] push eax -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -mov eax, ebx -push 6 -and eax, 0xff0000 -xor edx, edx -and edi, 0xff000000 -push edx +push 0 +push 4 +lea eax, [ebp - 0x28] push eax -call dword [ebp - 0x5c] ; ucall +mov eax, esi +mov byte [ebp - 0x80], bl +call dword [eax + 0x5c] ; ucall add esp, 0xc +push 0 push 2 -mov dword [ebp - 0x168], edx -xor edx, edx -push edx -push edi -mov dword [ebp - 0x164], eax -call dword [ebp - 0x5c] ; ucall -mov dword [ebp - 0x140], eax -mov eax, dword [ebp - 0x148] -mov dword [ebp - 0x13c], edx -and eax, 1 -mov ebx, dword [ebp + eax*4 - 0x104] -lea eax, [ebp - 0xc4] -mov edx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 -mov esi, eax -mov edi, edx -lea eax, [ebp - 0xc4] -mov edx, ebx -call fcn_fffc3bda ; call 0xfffc3bda -add eax, esi -adc edx, edi +lea eax, [ebp - 0x40] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +mov cl, byte [ebp - 0x6f] add esp, 0x10 -cmp dword [ebp - 0x144], 1 -jne short loc_fffc718e ; jne 0xfffc718e -add eax, dword [ebp - 0x150] -adc edx, dword [ebp - 0x14c] -jmp short loc_fffc719a ; jmp 0xfffc719a - -loc_fffc718e: ; not directly referenced -add eax, dword [ebp - 0x140] -adc edx, dword [ebp - 0x13c] - -loc_fffc719a: ; not directly referenced -mov esi, eax -mov eax, dword [ebp - 0x10c] -mov edi, edx -cmp dword [ebp - 0x134], eax -jb loc_fffc729e ; jb 0xfffc729e -ja short loc_fffc71c4 ; ja 0xfffc71c4 -mov eax, dword [ebp - 0x110] -cmp dword [ebp - 0x138], eax -jbe loc_fffc729e ; jbe 0xfffc729e - -loc_fffc71c4: ; not directly referenced -mov eax, dword [ebp - 0x160] -mov cl, 1 -mov ebx, dword [ebp - 0x134] -mov dword [ebp - 0x15c], 0 -and eax, 0xfff00000 -mov edx, eax -mov dword [ebp - 0x160], eax -cmp dword [ebp - 0x12c], ebx -jb short loc_fffc7203 ; jb 0xfffc7203 -ja short loc_fffc7201 ; ja 0xfffc7201 -mov ebx, dword [ebp - 0x138] -cmp dword [ebp - 0x130], ebx -jbe short loc_fffc7203 ; jbe 0xfffc7203 +lea esi, [edi + 0x3757] +mov dword [ebp - 0xa8], esi +mov dword [ebp - 0x50], esi +mov al, cl +neg eax +test bl, bl +cmovne eax, ecx +xor ebx, ebx +mov byte [ebp - 0xb0], al +mov eax, dword [ebp - 0x7c] +add eax, dword [ebp - 0xdc] +add eax, dword [ebp - 0x54] +mov dword [ebp - 0x90], eax +mov dword [ebp - 0x60], eax +movzx eax, byte [ebp - 0x58] +imul eax, eax, 0x12 +mov dword [ebp - 0xcc], eax -loc_fffc7201: ; not directly referenced -xor ecx, ecx +loc_fffc68c4: ; not directly referenced +mov al, byte [ebp - 0x6f] +mov byte [ebp + ebx - 0x3e], 0x7f +mov dword [ebp + ebx*4 - 0x20], 0 +mov byte [ebp + ebx - 0x3a], 0 +mov byte [ebp + ebx - 0x42], al +mov eax, dword [ebp - 0x6c] +mov byte [ebp + ebx - 0x3c], 0 +bt eax, ebx +jb short loc_fffc68fb ; jb 0xfffc68fb +mov word [ebp + ebx*2 - 0x28], 1 +mov byte [ebp + ebx - 0x40], 1 +jmp near loc_fffc6b29 ; jmp 0xfffc6b29 -loc_fffc7203: ; not directly referenced -mov eax, dword [ebp - 0x10c] -mov bl, 1 -cmp dword [ebp - 0x12c], eax -ja short loc_fffc7225 ; ja 0xfffc7225 -jb short loc_fffc7223 ; jb 0xfffc7223 -mov eax, dword [ebp - 0x110] -cmp dword [ebp - 0x130], eax -jae short loc_fffc7225 ; jae 0xfffc7225 +loc_fffc68fb: ; not directly referenced +cmp byte [ebp - 0x6d], 1 +jne short loc_fffc693a ; jne 0xfffc693a +mov al, byte [edi + 0x2489] +xor esi, esi +mov byte [ebp - 0x78], al -loc_fffc7223: ; not directly referenced -xor ebx, ebx +loc_fffc690c: ; not directly referenced +mov eax, esi +cmp byte [ebp - 0x78], al +jbe loc_fffc6aca ; jbe 0xfffc6aca +push eax +movzx eax, byte [ebp + ebx - 0x42] +mov ecx, 0xff +mov edx, ebx +push eax +mov eax, edi +push dword [ebp - 0x4c] +push esi +inc esi +call fcn_fffb399f ; call 0xfffb399f +add esp, 0x10 +mov byte [ebp + ebx - 0x42], al +jmp short loc_fffc690c ; jmp 0xfffc690c -loc_fffc7225: ; not directly referenced -test cl, bl -je short loc_fffc724f ; je 0xfffc724f -mov eax, dword [ebp - 0x160] -mov edx, dword [ebp - 0x15c] -sub eax, dword [ebp - 0x110] -sbb edx, dword [ebp - 0x10c] -add eax, dword [ebp - 0x130] -adc edx, dword [ebp - 0x12c] -jmp short loc_fffc72aa ; jmp 0xfffc72aa +loc_fffc693a: ; not directly referenced +cmp byte [ebp - 0x6d], 0xd +je short loc_fffc6956 ; je 0xfffc6956 +cmp dword [ebp - 0x88], 1 +sete al +test byte [ebp - 0x9c], al +je loc_fffc69da ; je 0xfffc69da -loc_fffc724f: ; not directly referenced -cmp dword [ebp - 0x12c], 0 -ja short loc_fffc7260 ; ja 0xfffc7260 -cmp dword [ebp - 0x130], edx -jb short loc_fffc729e ; jb 0xfffc729e +loc_fffc6956: ; not directly referenced +cmp byte [ebp - 0x6d], 0xd +mov edx, dword [edi + 0x5edd] +jne short loc_fffc696a ; jne 0xfffc696a +mov al, byte [edx + 0x14] +and eax, 0x7f +jmp short loc_fffc6991 ; jmp 0xfffc6991 -loc_fffc7260: ; not directly referenced -mov eax, dword [ebp - 0x160] -mov edx, dword [ebp - 0x15c] -add eax, dword [ebp - 0x138] -adc edx, dword [ebp - 0x134] -sub eax, dword [ebp - 0x110] -sbb edx, dword [ebp - 0x10c] -cmp dword [ebp - 0x12c], edx -ja short loc_fffc729e ; ja 0xfffc729e -jb loc_fffc826e ; jb 0xfffc826e -cmp dword [ebp - 0x130], eax -jbe loc_fffc826e ; jbe 0xfffc826e +loc_fffc696a: ; not directly referenced +test bl, bl +jne short loc_fffc6980 ; jne 0xfffc6980 +mov al, byte [edx + 0x15] +movzx edx, byte [edx + 0x16] +shr al, 6 +and edx, 0x1f +shl edx, 2 +jmp short loc_fffc698f ; jmp 0xfffc698f -loc_fffc729e: ; not directly referenced -mov eax, dword [ebp - 0x130] -mov edx, dword [ebp - 0x12c] +loc_fffc6980: ; not directly referenced +mov al, byte [edx + 0x14] +movzx edx, byte [edx + 0x15] +shr al, 7 +and edx, 0x3f +add edx, edx -loc_fffc72aa: ; not directly referenced -push ecx -push 6 -push edx -push eax -call dword [ebp - 0x58] ; ucall -mov ebx, dword [ebp - 0x148] -add esp, 0x10 -shr ebx, 6 -and ebx, 1 -cmp dword [ebp - 0x144], 1 -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -jne short loc_fffc72f7 ; jne 0xfffc72f7 -push edx -push 1 -push dword [ebp - 0x14c] -push dword [ebp - 0x150] -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -mov dword [ebp - 0x164], eax -mov dword [ebp - 0x168], edx +loc_fffc698f: ; not directly referenced +or eax, edx -loc_fffc72f7: ; not directly referenced -test ebx, ebx -je short loc_fffc7360 ; je 0xfffc7360 -cmp dword [ebp - 0x10c], edi -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc7315 ; jb 0xfffc7315 -cmp dword [ebp - 0x110], esi -jae loc_fffc826e ; jae 0xfffc826e +loc_fffc6991: ; not directly referenced +mov esi, dword [ebp - 0xb0] +mov dl, al +or edx, 0xffffff80 +test al, 0xc0 +cmovne eax, edx +lea ecx, [eax + esi] +mov esi, dword [ebp - 0x80] +cmp cl, 0xca +mov byte [ebp - 0x78], cl +setl cl +xor esi, 1 +mov edx, esi +test dl, cl +je short loc_fffc69be ; je 0xfffc69be +lea edx, [eax + 0x36] +jmp short loc_fffc69d1 ; jmp 0xfffc69d1 -loc_fffc7315: ; not directly referenced -push eax -mov eax, dword [ebp - 0x148] -shr eax, 7 -and eax, 7 -push eax -push 0 -push 0x400000 -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -cmp dword [ebp - 0x10c], edx -jb loc_fffc74a0 ; jb 0xfffc74a0 -ja short loc_fffc734a ; ja 0xfffc734a -cmp dword [ebp - 0x110], eax -jb loc_fffc74a0 ; jb 0xfffc74a0 +loc_fffc69be: ; not directly referenced +cmp byte [ebp - 0x78], 0x36 +mov dl, byte [ebp - 0x6f] +setg cl +test byte [ebp - 0x4c], cl +je short loc_fffc69d1 ; je 0xfffc69d1 +mov dl, 0x36 +sub edx, eax -loc_fffc734a: ; not directly referenced -sub dword [ebp - 0x110], eax -mov edi, 1 -sbb dword [ebp - 0x10c], edx -jmp near loc_fffc74a2 ; jmp 0xfffc74a2 +loc_fffc69d1: ; not directly referenced +mov byte [ebp + ebx - 0x42], dl +jmp near loc_fffc6aca ; jmp 0xfffc6aca -loc_fffc7360: ; not directly referenced -mov eax, dword [ebp - 0x168] -cmp dword [ebp - 0x10c], eax -ja loc_fffc744d ; ja 0xfffc744d -jb short loc_fffc7386 ; jb 0xfffc7386 -mov eax, dword [ebp - 0x164] -cmp dword [ebp - 0x110], eax -jae loc_fffc744d ; jae 0xfffc744d +loc_fffc69da: ; not directly referenced +cmp byte [ebp - 0x6d], 0xc +jne loc_fffc6aca ; jne 0xfffc6aca +cmp dword [ebp - 0x8c], 1 +mov ecx, dword [ebp - 0x50] +sbb eax, eax +mov dword [ebp - 0x78], eax +mov esi, dword [ecx + 0x11d] +mov eax, dword [ecx + 0x111] +mov cl, byte [ecx + 0xc4] +add byte [ebp - 0x78], 4 +cmp byte [ebp - 0x80], 0 +mov byte [ebp - 0x98], cl +jne short loc_fffc6a66 ; jne 0xfffc6a66 +cmp eax, esi +cmovae eax, esi +xor ecx, ecx +mov esi, 1 -loc_fffc7386: ; not directly referenced -test dword [ebp - 0x154], 0x800000 -je loc_fffc7421 ; je 0xfffc7421 -mov eax, dword [ebp - 0x154] -mov edx, 1 -xor edi, edi -mov esi, eax -and ax, 0x3fff -shr esi, 0x15 -and esi, 3 -mov ecx, esi +loc_fffc6a21: ; not directly referenced +mov edx, esi shl edx, cl -xor ecx, ecx -or eax, edx -and eax, dword [ebp - 0x110] -movzx eax, ax +test byte [ebp - 0x98], dl +je short loc_fffc6a3c ; je 0xfffc6a3c +mov edx, dword [ebp - 0x50] +mov dl, byte [edx + ecx + 0x245] +cmp al, dl +cmova eax, edx -loc_fffc73c0: ; not directly referenced -mov edx, eax -sar edx, cl +loc_fffc6a3c: ; not directly referenced inc ecx -xor edi, edx -cmp ecx, 0xe -jne short loc_fffc73c0 ; jne 0xfffc73c0 -push eax -and edi, 1 -push esi -push 0 -push 1 -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push esi -mov ebx, eax -mov ecx, edx -mov eax, dword [ebp - 0x110] -mov edx, dword [ebp - 0x10c] -not ebx -not ecx -and ebx, eax -and ecx, edx -xor edx, edx -mov dword [ebp - 0x138], ecx -mov ecx, ebx -and ecx, 1 -push edx -push ecx -call dword [ebp - 0x5c] ; ucall -mov ecx, dword [ebp - 0x138] -add esp, 0x10 -or ebx, eax -or ecx, edx -mov dword [ebp - 0x110], ebx -mov dword [ebp - 0x10c], ecx -jmp short loc_fffc742a ; jmp 0xfffc742a +cmp byte [ebp - 0x78], cl +ja short loc_fffc6a21 ; ja 0xfffc6a21 +cmp dword [ebp - 0x8c], 0 +je short loc_fffc6abb ; je 0xfffc6abb +mov esi, dword [ebp - 0x50] +mov edx, dword [esi + 0x109] +cmp al, dl +cmovae eax, edx +mov edx, dword [esi + 0x115] +cmp al, dl +cmovae eax, edx +jmp short loc_fffc6abb ; jmp 0xfffc6abb -loc_fffc7421: ; not directly referenced -mov edi, dword [ebp - 0x110] -and edi, 1 +loc_fffc6a66: ; not directly referenced +cmp eax, esi +mov dl, al +cmovbe edx, esi +xor ecx, ecx +mov esi, 1 -loc_fffc742a: ; not directly referenced -push eax -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -jmp short loc_fffc74a2 ; jmp 0xfffc74a2 +loc_fffc6a74: ; not directly referenced +mov eax, esi +shl eax, cl +test byte [ebp - 0x98], al +je short loc_fffc6a8f ; je 0xfffc6a8f +mov eax, dword [ebp - 0x50] +mov al, byte [eax + ecx + 0x245] +cmp dl, al +cmovb edx, eax -loc_fffc744d: ; not directly referenced -cmp dword [ebp - 0x10c], edi -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc7467 ; jb 0xfffc7467 -cmp dword [ebp - 0x110], esi -jae loc_fffc826e ; jae 0xfffc826e +loc_fffc6a8f: ; not directly referenced +inc ecx +cmp byte [ebp - 0x78], cl +ja short loc_fffc6a74 ; ja 0xfffc6a74 +cmp dword [ebp - 0x8c], 0 +je short loc_fffc6ab7 ; je 0xfffc6ab7 +mov esi, dword [ebp - 0x50] +mov eax, dword [esi + 0x109] +cmp dl, al +cmovbe edx, eax +mov eax, dword [esi + 0x115] +cmp dl, al +cmovbe edx, eax -loc_fffc7467: ; not directly referenced -cmp dword [ebp - 0x144], 1 -jne short loc_fffc7488 ; jne 0xfffc7488 -mov eax, dword [ebp - 0x150] -mov edx, dword [ebp - 0x14c] -mov dword [ebp - 0x140], eax -mov dword [ebp - 0x13c], edx +loc_fffc6ab7: ; not directly referenced +mov al, 0x7f +sub eax, edx -loc_fffc7488: ; not directly referenced -mov eax, dword [ebp - 0x140] -mov edx, dword [ebp - 0x13c] -sub dword [ebp - 0x110], eax -sbb dword [ebp - 0x10c], edx +loc_fffc6abb: ; not directly referenced +movzx esi, byte [ebp - 0x6f] +mov ecx, esi +cmp al, cl +cmova eax, esi +mov byte [ebp + ebx - 0x42], al -loc_fffc74a0: ; not directly referenced -xor edi, edi +loc_fffc6aca: ; not directly referenced +mov esi, dword [ebp - 0x60] +mov ecx, 0xa +xor edx, edx +mov eax, dword [esi] +div ecx +mov dword [esi], eax +movzx edx, byte [ebp + ebx - 0x42] +cmp eax, edx +jbe short loc_fffc6ae5 ; jbe 0xfffc6ae5 +mov dword [esi], edx -loc_fffc74a2: ; not directly referenced -mov eax, dword [ebp - 0x148] -movzx edi, di -lea ecx, [edi + edi] -shr eax, cl -and eax, 1 -mov word [ebp - 0x158], ax -movzx eax, ax -mov ebx, dword [ebp + eax*4 - 0x104] -mov dword [ebp - 0x16c], eax -lea eax, [ebp - 0xc4] -mov edx, ebx -call fcn_fffc3bf5 ; call 0xfffc3bf5 -mov dword [ebp - 0x138], eax -lea eax, [ebp - 0xc4] -mov dword [ebp - 0x134], edx -mov edx, ebx -call fcn_fffc3bda ; call 0xfffc3bda -mov ecx, ebx -shr ecx, 0x16 -mov dword [ebp - 0x150], ecx -and dword [ebp - 0x150], 1 -mov dword [ebp - 0x140], eax -mov eax, ebx -shr eax, 0x15 -mov edi, eax -mov dword [ebp - 0x13c], edx +loc_fffc6ae5: ; not directly referenced +cmp dword [ebp - 0x74], 0 +je short loc_fffc6b08 ; je 0xfffc6b08 +mov eax, dword [ebp - 0x60] +mov esi, dword [ebp - 0x54] +mov edx, dword [eax] +imul eax, dword [ebp - 0x64], 0x24 +add eax, dword [ebp - 0xcc] +add eax, dword [ebp - 0x4c] +cmp dword [esi + eax*4], edx +jbe short loc_fffc6b08 ; jbe 0xfffc6b08 +mov dword [esi + eax*4], edx + +loc_fffc6b08: ; not directly referenced +mov eax, dword [ebp - 0x60] mov edx, ebx -and edi, 1 -shr edx, 0x1a -mov dword [ebp - 0x164], edi -mov edi, edx -or eax, edx -and edi, 1 -mov dword [ebp - 0x168], edi -test al, 1 -je loc_fffc75fd ; je 0xfffc75fd -push eax -push 1 -push dword [ebp - 0x13c] -push dword [ebp - 0x140] -call dword [ebp - 0x5c] ; ucall -add esp, 0x10 -cmp dword [ebp - 0x10c], edx -ja short loc_fffc75b1 ; ja 0xfffc75b1 -jb short loc_fffc755f ; jb 0xfffc755f -cmp dword [ebp - 0x110], eax -jae short loc_fffc75b1 ; jae 0xfffc75b1 +xor ecx, ecx +shl edx, 0xa +add edx, 0x40f0 +mov eax, dword [eax] +mov byte [ebp + ebx - 0x3a], al +mov byte [ebp + ebx - 0x3c], al +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc755f: ; not directly referenced -push eax -push 9 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov esi, eax -call dword [ebp - 0x58] ; ucall -mov ecx, dword [ebp - 0x110] -and esi, 1 -add esp, 0x10 -and ecx, 0x1ff -and eax, 0xfffffe00 -or eax, ecx -mov dword [ebp - 0x110], eax -mov dword [ebp - 0x10c], edx -jmp near loc_fffc766e ; jmp 0xfffc766e +loc_fffc6b29: ; not directly referenced +inc ebx +add dword [ebp - 0x60], 0x48 +add dword [ebp - 0x50], 0x13c3 +cmp ebx, 2 +jne loc_fffc68c4 ; jne 0xfffc68c4 +cmp dword [ebp - 0x74], 0 +jne short loc_fffc6b56 ; jne 0xfffc6b56 -loc_fffc75b1: ; not directly referenced -mov eax, dword [ebp - 0x140] -mov edx, dword [ebp - 0x13c] -add eax, dword [ebp - 0x138] -adc edx, dword [ebp - 0x134] -cmp dword [ebp - 0x10c], edx -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc75e3 ; jb 0xfffc75e3 -cmp dword [ebp - 0x110], eax -jae loc_fffc826e ; jae 0xfffc826e +loc_fffc6b44: ; not directly referenced +mov eax, dword [ebp - 0x4c] +lea eax, [eax + eax - 1] +mov dword [ebp - 0xd8], eax +jmp near loc_fffc6d0f ; jmp 0xfffc6d0f -loc_fffc75e3: ; not directly referenced -mov eax, dword [ebp - 0x140] -mov edx, dword [ebp - 0x13c] -sub dword [ebp - 0x110], eax -sbb dword [ebp - 0x10c], edx -jmp short loc_fffc766c ; jmp 0xfffc766c +loc_fffc6b56: ; not directly referenced +test byte [ebp - 0x70], 1 +je short loc_fffc6b87 ; je 0xfffc6b87 +movzx eax, byte [ebp - 0x58] +imul edx, dword [ebp - 0x64], 0x24 +mov esi, dword [ebp - 0x54] +mov ebx, dword [ebp - 0x94] +imul eax, eax, 0x12 +mov ecx, dword [ebp - 0x7c] +add eax, edx +add eax, dword [ebp - 0x4c] +mov edx, dword [esi + eax*4] +mov dword [ebx + ecx], edx +mov eax, dword [esi + eax*4] +mov byte [ebp - 0x3a], al +mov byte [ebp - 0x3c], al -loc_fffc75fd: ; not directly referenced -mov eax, dword [ebp - 0x134] -cmp dword [ebp - 0x10c], eax -jb short loc_fffc766c ; jb 0xfffc766c -ja short loc_fffc761b ; ja 0xfffc761b -mov eax, dword [ebp - 0x138] -cmp dword [ebp - 0x110], eax -jb short loc_fffc766c ; jb 0xfffc766c +loc_fffc6b87: ; not directly referenced +cmp dword [ebp - 0xa0], 0 +je short loc_fffc6b44 ; je 0xfffc6b44 +movzx eax, byte [ebp - 0x58] +imul edx, dword [ebp - 0x64], 0x24 +mov esi, dword [ebp - 0x54] +mov ebx, dword [ebp - 0x94] +imul eax, eax, 0x12 +mov ecx, dword [ebp - 0x7c] +add eax, edx +add eax, dword [ebp - 0x4c] +mov edx, dword [esi + eax*4] +mov dword [ebx + ecx + 0x48], edx +mov eax, dword [esi + eax*4] +mov byte [ebp - 0x39], al +mov byte [ebp - 0x3b], al +jmp short loc_fffc6b44 ; jmp 0xfffc6b44 -loc_fffc761b: ; not directly referenced -mov eax, dword [ebp - 0x140] -mov edx, dword [ebp - 0x13c] -add eax, dword [ebp - 0x138] -adc edx, dword [ebp - 0x134] -cmp dword [ebp - 0x10c], edx -ja loc_fffc826e ; ja 0xfffc826e -jb short loc_fffc764d ; jb 0xfffc764d -cmp dword [ebp - 0x110], eax -jae loc_fffc826e ; jae 0xfffc826e +loc_fffc6bbe: ; not directly referenced +cmp byte [ebp - 0x6d], 0xc +jne loc_fffc6e09 ; jne 0xfffc6e09 +mov eax, dword [ebp - 0x60] +cmp byte [ebp - 0x6e], 0 +mov al, byte [eax + 0xc4] +setne dl +cmp dword [ebp + 0x1c], 0 +mov byte [ebp - 0x78], al +setne al +test dl, al +jne loc_fffc6d57 ; jne 0xfffc6d57 -loc_fffc764d: ; not directly referenced -mov eax, dword [ebp - 0x138] -mov esi, 1 -mov edx, dword [ebp - 0x134] -sub dword [ebp - 0x110], eax -sbb dword [ebp - 0x10c], edx -jmp short loc_fffc766e ; jmp 0xfffc766e +loc_fffc6bea: ; not directly referenced +cmp dword [ebp - 0x88], 0 +movzx ecx, byte [ebp - 0x78] +jne loc_fffc6df2 ; jne 0xfffc6df2 +push esi +push 0 +push dword [ebp - 0x50] +push 3 +push ecx +push 0 +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffc766c: ; not directly referenced -xor esi, esi +loc_fffc6c10: ; not directly referenced +inc ebx +add dword [ebp - 0x60], 0x13c3 +cmp ebx, 2 +je loc_fffc6ca5 ; je 0xfffc6ca5 -loc_fffc766e: ; not directly referenced -mov eax, dword [ebp - 0x148] -shr eax, 0xa -mov dword [ebp - 0x154], eax -mov eax, ebx -shr eax, 0x10 -and eax, 1 -mov word [ebp - 0x118], ax -and dword [ebp - 0x154], 1 -xor word [ebp - 0x118], si -test si, si -je short loc_fffc76d9 ; je 0xfffc76d9 -mov edx, dword [ebp - 0x148] -mov eax, ebx -mov ecx, ebx -shr eax, 0x12 -mov edi, dword [ebp - 0x140] -mov dword [ebp - 0x138], eax -lea eax, [ebp - 0xc4] -and dword [ebp - 0x138], 1 -call fcn_fffb8408 ; call 0xfffb8408 -test ebx, 0x100000 -mov word [ebp - 0x116], ax -jmp short loc_fffc7711 ; jmp 0xfffc7711 +loc_fffc6c21: ; not directly referenced +mov eax, dword [ebp - 0x6c] +bt eax, ebx +jae short loc_fffc6c10 ; jae 0xfffc6c10 +imul eax, ebx, 0x48 +mov ecx, dword [ebp - 0x90] +mov esi, dword [ebp - 0xd8] +imul esi, dword [ecx + eax] +cmp byte [ebp - 0x6d], 0xd +mov dword [ebp - 0x50], esi +jne loc_fffc6bbe ; jne 0xfffc6bbe +cmp byte [ebp - 0x6e], 0 +setne dl +cmp dword [ebp + 0x1c], 0 +setne al +test dl, al +je short loc_fffc6c7b ; je 0xfffc6c7b +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 2 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 -loc_fffc76d9: ; not directly referenced -mov edx, dword [ebp - 0x148] -mov eax, ebx -mov ecx, ebx -shr eax, 0x11 -mov edi, dword [ebp - 0x138] -mov dword [ebp - 0x138], eax -lea eax, [ebp - 0xc4] -and dword [ebp - 0x138], 1 -call fcn_fffb8396 ; call 0xfffb8396 -test ebx, 0x80000 -mov word [ebp - 0x116], ax +loc_fffc6c7b: ; not directly referenced +push 0 +push 0 +push 0 +push 0 +push dword [ebp - 0x50] +push 0 +push 2 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 +cmp dword [ebp + 0x1c], 0 +jne short loc_fffc6ca5 ; jne 0xfffc6ca5 +sub esp, 0xc +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 -loc_fffc7711: ; not directly referenced -je short loc_fffc771a ; je 0xfffc771a -mov esi, 0x10 -jmp short loc_fffc7729 ; jmp 0xfffc7729 +loc_fffc6ca5: ; not directly referenced +push eax +xor eax, eax +movzx ecx, byte [edi + 0x248c] +cmp dword [ebp - 0x80], 0 +mov edx, dword [ebp - 0x6c] +push 0 +sete al +push eax +lea eax, [ebp - 0x24] +push eax +mov eax, edi +call fcn_fffaa5b3 ; call 0xfffaa5b3 +add esp, 0x10 +mov byte [ebp - 0x6e], al +movzx eax, al +or dword [ebp - 0xb0], eax +cmp byte [ebp - 0xb1], 0 +jne loc_fffc6efb ; jne 0xfffc6efb +movzx eax, byte [ebp - 0xa1] +dec eax +cmp dword [ebp - 0x80], eax +jae loc_fffc6efb ; jae 0xfffc6efb +movzx eax, byte [ebp - 0x70] +cmp dword [ebp - 0xb0], eax +jne loc_fffc6efb ; jne 0xfffc6efb -loc_fffc771a: ; not directly referenced -cmp dword [ebp - 0x154], 1 -sbb esi, esi -and esi, 0xffffffe8 -add esi, 0x20 +loc_fffc6d04: ; not directly referenced +cmp word [ebp - 0x28], 0 +jne loc_fffc72f4 ; jne 0xfffc72f4 -loc_fffc7729: ; not directly referenced -mov eax, dword [ebp - 0x148] -shr eax, 0xb -mov dword [ebp - 0x140], eax -and dword [ebp - 0x140], 1 -cmp dword [ebp - 0x144], 1 -jne short loc_fffc7762 ; jne 0xfffc7762 -mov eax, dword [ebp - 0x110] -mov edx, eax -shr dx, 1 -cmp dword [ebp - 0x140], 0 -cmovne eax, edx -shl eax, 3 -jmp short loc_fffc779a ; jmp 0xfffc779a +loc_fffc6d0f: ; not directly referenced +mov ecx, 4 +mov edx, 0x4800 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov dword [ebp - 0xb0], 0 +mov dword [ebp - 0x80], 0 + +loc_fffc6d31: ; not directly referenced +movzx eax, byte [ebp - 0xa1] +cmp dword [ebp - 0x80], eax +jae short loc_fffc6d04 ; jae 0xfffc6d04 +mov eax, dword [ebp - 0xa8] +xor ebx, ebx +mov dword [ebp - 0x98], 0 +mov dword [ebp - 0x60], eax +jmp near loc_fffc6c21 ; jmp 0xfffc6c21 + +loc_fffc6d57: ; not directly referenced +cmp dword [ebp - 0x98], 0 +jne loc_fffc6bea ; jne 0xfffc6bea +cmp dword [ebp - 0x8c], 0 +jne short loc_fffc6d88 ; jne 0xfffc6d88 -loc_fffc7762: ; not directly referenced +loc_fffc6d6d: ; not directly referenced +sub esp, 0xc +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +mov dword [ebp - 0x98], 1 +jmp near loc_fffc6bea ; jmp 0xfffc6bea + +loc_fffc6d88: ; not directly referenced +movzx eax, byte [ebp - 0x6e] +xor esi, esi +mov dword [ebp - 0xcc], eax +movzx eax, byte [ebp - 0x78] +mov dword [ebp - 0x98], eax + +loc_fffc6d9e: ; not directly referenced +mov eax, dword [ebp - 0xcc] +bt eax, esi +jae short loc_fffc6de7 ; jae 0xfffc6de7 +cmp dword [ebp - 0x88], 0 +jne short loc_fffc6dcd ; jne 0xfffc6dcd push eax +push 0 +push 0 push 3 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x5c] ; ucall -add esp, 0xc -push 3 -push dword [ebp - 0x12c] -push dword [ebp - 0x130] -mov dword [ebp - 0x160], eax -call dword [ebp - 0x58] ; ucall +push dword [ebp - 0x98] +push 0 +push esi +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +jmp short loc_fffc6de7 ; jmp 0xfffc6de7 + +loc_fffc6dcd: ; not directly referenced +push 0 +mov ecx, dword [ebp - 0x98] +mov edx, ebx +push 0 +mov eax, edi +push 0 +push 0 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -and eax, 7 -or eax, dword [ebp - 0x160] -loc_fffc779a: ; not directly referenced -mov cl, byte [ebp - 0x116] -mov edx, 1 -shl edx, cl -lea ecx, [edx - 1] -mov word [ebp - 0x160], cx -and word [ebp - 0x160], ax -mov eax, dword [ebp - 0x160] -cmp dword [ebp - 0x140], 0 -mov word [ebp - 0x156], ax -je loc_fffc7cd6 ; je 0xfffc7cd6 -push ecx -push 8 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -mov ecx, dword [ebp - 0x110] +loc_fffc6de7: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffc6d9e ; jne 0xfffc6d9e +jmp near loc_fffc6d6d ; jmp 0xfffc6d6d + +loc_fffc6df2: ; not directly referenced +push 0 +mov edx, ebx +push 0 +mov eax, edi +push dword [ebp - 0x50] +push 0 +call fcn_fffac68e ; call 0xfffac68e +jmp near loc_fffc6ea1 ; jmp 0xfffc6ea1 + +loc_fffc6e09: ; not directly referenced +mov eax, dword [ebp - 0x6c] +lea ecx, [ebx + 1] +sar eax, cl +mov cl, byte [ebp - 0x6d] +mov dword [ebp - 0x78], eax +cmp cl, 5 +sete al +test byte [ebp - 0xa2], al +jne short loc_fffc6e2f ; jne 0xfffc6e2f xor edx, edx -add esp, 0xc -push 2 -and ecx, 1 +movzx esi, cl +jmp near loc_fffc6eee ; jmp 0xfffc6eee + +loc_fffc6e2f: ; not directly referenced +imul edx, dword [ebp - 0xe0], 0x18 +imul eax, dword [ebp - 0xac], 0x128 +mov esi, dword [ebp - 0x60] +mov ecx, dword [ebp - 0x68] +add eax, edx +lea esi, [esi + eax + 0x1266] +mov ax, word [esi + 0xb] push edx -push ecx -mov dword [ebp - 0x114], eax -call dword [ebp - 0x5c] ; ucall -mov ecx, dword [ebp - 0x114] -add esp, 0x10 -and ecx, 3 -mov word [ebp - 0x114], cx -or word [ebp - 0x114], ax -mov al, byte [ebp - 0x168] -test byte [ebp - 0x138], al -mov eax, dword [ebp - 0x58] -je loc_fffc7a04 ; je 0xfffc7a04 -shr ebx, 0x1b -and ebx, 7 -cmp si, 8 -jne loc_fffc794a ; jne 0xfffc794a push edx -push 7 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -add esp, 0x10 -mov esi, eax -and esi, 8 -or esi, dword [ebp - 0x114] -cmp dword [ebp - 0x150], 0 -jne short loc_fffc786f ; jne 0xfffc786f -mov word [ebp - 0x114], si -jmp short loc_fffc78dd ; jmp 0xfffc78dd - -loc_fffc786f: ; not directly referenced +mov edx, ebx +or eax, 0x10 +movzx eax, ax push eax -push 0xc -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 9 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov dword [ebp - 0x114], eax -call dword [ebp - 0x58] ; ucall -mov ecx, dword [ebp - 0x114] -add esp, 0xc -push 0xb -push dword [ebp - 0x10c] -and ecx, 3 -mov word [ebp - 0x114], cx -and eax, 4 -push dword [ebp - 0x110] -xor word [ebp - 0x114], ax -xor word [ebp - 0x114], si -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 8 -xor word [ebp - 0x114], ax - -loc_fffc78dd: ; not directly referenced -lea eax, [ebx + 0xf] -movzx ebx, bx -push ecx -movzx eax, al +mov eax, edi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +push dword [ebp - 0x78] +push 1 +push 0xff +push dword [ebp - 0x68] +push dword [ebp - 0x50] +push 0 +push ebx +push edi +call fcn_fffcce33 ; call 0xfffcce33 +mov ax, word [esi + 0xb] +add esp, 0x28 +mov ecx, dword [ebp - 0x68] +mov edx, ebx +and eax, 0xffef push eax -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 0xb -push dword [ebp - 0x10c] -and eax, 1 -push dword [ebp - 0x110] -mov word [ebp - 0x116], ax -call dword [ebp - 0x58] ; ucall -lea ecx, [ebx + 4] -mov edx, 1 -shl edx, cl -dec edx -mov ecx, edx -not ecx -mov esi, eax -and edx, eax -shr si, 1 mov eax, edi -mov word [ebp - 0x128], si -shr eax, 0xc -and word [ebp - 0x128], cx -or word [ebp - 0x128], dx -jmp near loc_fffc79f4 ; jmp 0xfffc79f4 +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +mov dword [ebp - 0x84], eax -loc_fffc794a: ; not directly referenced -cmp dword [ebp - 0x150], 0 -je short loc_fffc798c ; je 0xfffc798c -push edx -push 0xb -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -add esp, 0xc -push 8 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov esi, eax -call dword [ebp - 0x58] ; ucall -and esi, 3 +loc_fffc6ea1: ; not directly referenced add esp, 0x10 -and eax, 4 -xor esi, eax -xor word [ebp - 0x114], si +jmp near loc_fffc6c10 ; jmp 0xfffc6c10 -loc_fffc798c: ; not directly referenced -lea eax, [ebx + 0xe] -movzx ebx, bx -push esi -movzx eax, al +loc_fffc6ea9: ; not directly referenced +push 1 +movzx eax, dl +push dword [ebp - 0x78] +mov dword [ebp - 0xcc], edx +push 0 +push 0 push eax -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 0xa -push dword [ebp - 0x10c] -and eax, 1 -push dword [ebp - 0x110] -mov word [ebp - 0x116], ax -call dword [ebp - 0x58] ; ucall -lea ecx, [ebx + 4] -mov edx, 1 -shl edx, cl -dec edx -mov ecx, edx -not ecx -mov esi, eax -and edx, eax -shr si, 1 -mov eax, edi -mov word [ebp - 0x128], si -shr eax, 0xb -and word [ebp - 0x128], cx -or word [ebp - 0x128], dx +push 0xff +push ebx +push 0 +push dword [ebp - 0x80] +push dword [ebp - 0x50] +push esi +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +cmp dword [ebp - 0x9c], 0 +mov dword [ebp - 0x84], eax +jne loc_fffc6c10 ; jne 0xfffc6c10 +mov edx, dword [ebp - 0xcc] +inc edx -loc_fffc79f4: ; not directly referenced -dec eax +loc_fffc6eee: ; not directly referenced +cmp dl, byte [edi + 0x2489] +jb short loc_fffc6ea9 ; jb 0xfffc6ea9 +jmp near loc_fffc6c10 ; jmp 0xfffc6c10 -loc_fffc79f5: ; not directly referenced -and word [ebp - 0x128], ax +loc_fffc6efb: ; not directly referenced +mov eax, dword [ebp - 0x90] +xor ebx, ebx +mov dword [ebp - 0x98], eax +jmp short loc_fffc6f23 ; jmp 0xfffc6f23 -loc_fffc79fc: ; not directly referenced -add esp, 0x10 -jmp near loc_fffc8107 ; jmp 0xfffc8107 +loc_fffc6f0b: ; not directly referenced +cmp byte [ebp + ebx - 0x40], 1 +jne short loc_fffc6f2d ; jne 0xfffc6f2d -loc_fffc7a04: ; not directly referenced -mov cl, byte [ebp - 0x164] -test byte [ebp - 0x138], cl -je loc_fffc7b71 ; je 0xfffc7b71 -push ecx -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -add esp, 0x10 -and eax, 1 -cmp si, 8 -mov word [ebp - 0x116], ax -mov eax, dword [ebp - 0x58] -jne loc_fffc7aed ; jne 0xfffc7aed -push edx -push 8 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -add esp, 0x10 -and eax, 8 -or word [ebp - 0x114], ax -cmp dword [ebp - 0x150], 0 -je short loc_fffc7ad6 ; je 0xfffc7ad6 -push eax -push 0xd -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov ebx, eax -call dword [ebp - 0x58] ; ucall -and ebx, 3 -mov esi, dword [ebp - 0x10c] -add esp, 0xc -push 0xd -push esi -and eax, 4 -xor ebx, eax -xor word [ebp - 0x114], bx -mov ebx, dword [ebp - 0x110] -push ebx -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 0xf -push esi -push ebx -and eax, 8 -xor word [ebp - 0x114], ax -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 1 -xor word [ebp - 0x116], ax +loc_fffc6f12: ; not directly referenced +inc ebx +add dword [ebp - 0x98], 0x48 +cmp ebx, 2 +je loc_fffc7212 ; je 0xfffc7212 -loc_fffc7ad6: ; not directly referenced -push esi -push 0xc -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -shr edi, 0xc -jmp short loc_fffc7b62 ; jmp 0xfffc7b62 +loc_fffc6f23: ; not directly referenced +cmp word [ebp + ebx*2 - 0x28], 1 +mov al, bl +je short loc_fffc6f0b ; je 0xfffc6f0b -loc_fffc7aed: ; not directly referenced -cmp dword [ebp - 0x150], 0 -je short loc_fffc7b4d ; je 0xfffc7b4d -push ebx -push 0xc -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -add esp, 0xc -push 9 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov ebx, eax -call dword [ebp - 0x58] ; ucall -and ebx, 3 -add esp, 0xc -push 0xe -push dword [ebp - 0x10c] -and eax, 4 -push dword [ebp - 0x110] -xor ebx, eax -xor word [ebp - 0x114], bx -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 1 -xor word [ebp - 0x116], ax +loc_fffc6f2d: ; not directly referenced +mov esi, dword [ebp - 0x6c] +bt esi, ebx +jae short loc_fffc6f12 ; jae 0xfffc6f12 +xor esi, esi +mov edx, ebx +cmp dword [ebp - 0x74], 0 +cmove esi, eax +mov eax, esi +shl edx, 0xa +add edx, 0x4114 +mov byte [ebp - 0x58], al +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov esi, dword [ebp - 0x98] +mov dl, byte [ebp + ebx - 0x3e] +mov esi, dword [esi] +mov ecx, esi +sub ecx, edx +and eax, 0x7fffff +mov dword [ebp - 0x78], eax +movzx eax, byte [ebp - 0x58] +mov dword [ebp - 0x50], esi +mov byte [ebp - 0x60], cl +jne loc_fffc7028 ; jne 0xfffc7028 +mov cl, byte [ebp - 0x50] +cmp cl, byte [ebp + eax - 0x3c] +jne short loc_fffc6fe9 ; jne 0xfffc6fe9 +cmp byte [ebp - 0x60], 0 +jns short loc_fffc6fae ; jns 0xfffc6fae +cmp byte [ebp + eax - 0x3a], cl +jne short loc_fffc6f9e ; jne 0xfffc6f9e -loc_fffc7b4d: ; not directly referenced -push ecx -push 0xb -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -shr edi, 0xb +loc_fffc6f92: ; not directly referenced +mov al, byte [ebp - 0x50] +mov byte [ebp + ebx - 0x3e], al +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc7b62: ; not directly referenced -lea edi, [edi - 1] -mov word [ebp - 0x128], di -jmp near loc_fffc79f5 ; jmp 0xfffc79f5 +loc_fffc6f9e: ; not directly referenced +mov dword [ebp - 0x2c], 1 -loc_fffc7b71: ; not directly referenced -mov edx, edi -shr edx, 1 -test dword [ebp - 0x110], edx -setne dl -mov ecx, edx -and ecx, dword [ebp - 0x138] -mov word [ebp - 0x116], cx -cmp si, 8 -jne loc_fffc7c68 ; jne 0xfffc7c68 -push edx -push 7 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -add esp, 0x10 -mov ebx, eax -and ebx, 8 -or ebx, dword [ebp - 0x114] -cmp dword [ebp - 0x150], 0 -jne short loc_fffc7bc8 ; jne 0xfffc7bc8 -mov word [ebp - 0x114], bx -jmp short loc_fffc7c2c ; jmp 0xfffc7c2c +loc_fffc6fa5: ; not directly referenced +mov eax, dword [ebp - 0x2c] +test eax, eax +jne short loc_fffc6fa5 ; jne 0xfffc6fa5 +jmp short loc_fffc6f92 ; jmp 0xfffc6f92 -loc_fffc7bc8: ; not directly referenced -push eax -push 0xc -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 9 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov esi, eax -call dword [ebp - 0x58] ; ucall -and esi, 3 -mov word [ebp - 0x114], si -add esp, 0xc -push 0xb -push dword [ebp - 0x10c] -and eax, 4 -push dword [ebp - 0x110] -xor word [ebp - 0x114], ax -xor word [ebp - 0x114], bx -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 8 -xor word [ebp - 0x114], ax +loc_fffc6fae: ; not directly referenced +cmp byte [ebp - 0x60], 1 +jne short loc_fffc6fca ; jne 0xfffc6fca +mov eax, dword [ebp + ebx*4 - 0x20] +shr eax, 8 +xor ah, ah +mov dword [ebp + ebx*4 - 0x20], eax +mov al, byte [ebp - 0x50] +mov byte [ebx + ebp - 0x3e], al +jmp short loc_fffc7010 ; jmp 0xfffc7010 -loc_fffc7c2c: ; not directly referenced -push esi -push 0xb -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -xor edx, edx -add esp, 0xc -mov ebx, eax -mov eax, dword [ebp - 0x138] -add eax, 0xb -push eax -push edx -push edi -call dword [ebp - 0x58] ; ucall -dec eax -mov word [ebp - 0x128], ax -and word [ebp - 0x128], bx -jmp near loc_fffc79fc ; jmp 0xfffc79fc +loc_fffc6fca: ; not directly referenced +xor eax, eax +cmp byte [ebp - 0x60], 2 +je loc_fffc707a ; je 0xfffc707a +mov dword [ebp - 0x30], 1 -loc_fffc7c68: ; not directly referenced -cmp dword [ebp - 0x150], 0 -je short loc_fffc7caa ; je 0xfffc7caa -push ebx -push 0xb -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call eax -add esp, 0xc -push 8 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov ebx, eax -call dword [ebp - 0x58] ; ucall -and ebx, 3 -add esp, 0x10 -and eax, 4 -xor ebx, eax -xor word [ebp - 0x114], bx +loc_fffc6fdd: ; not directly referenced +mov eax, dword [ebp - 0x30] +test eax, eax +jne short loc_fffc6fdd ; jne 0xfffc6fdd +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc7caa: ; not directly referenced -push ecx -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -mov ecx, dword [ebp - 0x138] -add ecx, 0xa -shr edi, cl -lea esi, [edi - 1] -mov word [ebp - 0x128], si -jmp near loc_fffc79f5 ; jmp 0xfffc79f5 +loc_fffc6fe9: ; not directly referenced +mov cl, byte [ebp - 0x50] +cmp cl, byte [ebp + eax - 0x3a] +jne loc_fffc7168 ; jne 0xfffc7168 +cmp word [ebp + ebx*2 - 0x28], 1 +je loc_fffc6f12 ; je 0xfffc6f12 +cmp byte [ebp - 0x60], 0xff +jne short loc_fffc701c ; jne 0xfffc701c +and dword [ebp + ebx*4 - 0x20], 0xffffff00 -loc_fffc7cd6: ; not directly referenced -cmp word [ebp - 0x116], 9 -jne short loc_fffc7d0d ; jne 0xfffc7d0d -push edx -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x5c] ; ucall -mov ecx, dword [ebp - 0x144] -add esp, 0x10 -dec ecx -mov dword [ebp - 0x110], eax -lea eax, [edi + edi] -mov dword [ebp - 0x10c], edx -jmp short loc_fffc7d43 ; jmp 0xfffc7d43 +loc_fffc7010: ; not directly referenced +mov word [ebp + ebx*2 - 0x28], 1 +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc7d0d: ; not directly referenced -cmp word [ebp - 0x116], 0xb -jne short loc_fffc7d46 ; jne 0xfffc7d46 -push eax -push 1 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -mov dword [ebp - 0x110], eax -mov eax, edi -shr eax, 1 -cmp dword [ebp - 0x144], 1 -mov dword [ebp - 0x10c], edx +loc_fffc701c: ; not directly referenced +mov al, byte [ebp - 0x50] +mov byte [ebx + ebp - 0x3e], al +jmp near loc_fffc715f ; jmp 0xfffc715f -loc_fffc7d43: ; not directly referenced -cmove edi, eax +loc_fffc7028: ; not directly referenced +mov cl, byte [ebp + eax - 0x3c] +mov byte [ebp - 0xcc], cl +cmp byte [ebp - 0x50], cl +jne short loc_fffc709c ; jne 0xfffc709c +cmp byte [ebp - 0x60], 2 +jle short loc_fffc7050 ; jle 0xfffc7050 +mov dword [ebp - 0x34], 1 -loc_fffc7d46: ; not directly referenced -mov al, byte [ebp - 0x168] -test byte [ebp - 0x138], al -je loc_fffc7e1d ; je 0xfffc7e1d -shr ebx, 0x1b -and ebx, 7 -push eax -lea eax, [ebx + 0xe] +loc_fffc7044: ; not directly referenced +mov eax, dword [ebp - 0x34] +test eax, eax +jne short loc_fffc7044 ; jne 0xfffc7044 +jmp near loc_fffc7176 ; jmp 0xfffc7176 + +loc_fffc7050: ; not directly referenced +mov eax, dword [ebp - 0x78] +je short loc_fffc707a ; je 0xfffc707a +call fcn_fffb392f ; call 0xfffb392f +mov edx, dword [ebp + ebx*4 - 0x20] +mov byte [ebp + ebx - 0x40], 0 +and edx, 0xff00ffff movzx eax, al -push eax -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 7 -push dword [ebp - 0x10c] -and eax, 1 -push dword [ebp - 0x110] -mov word [ebp - 0x116], ax -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 7 -cmp dword [ebp - 0x150], 0 -mov word [ebp - 0x114], ax -je short loc_fffc7dc8 ; je 0xfffc7dc8 -push eax -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 7 -xor word [ebp - 0x114], ax +shl eax, 0x10 +or eax, edx +mov dword [ebp + ebx*4 - 0x20], eax +jmp near loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc7dc8: ; not directly referenced -push eax -movzx ebx, bx -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -lea ecx, [ebx + 4] +loc_fffc707a: ; not directly referenced +call fcn_fffb392f ; call 0xfffb392f +mov edx, dword [ebp + ebx*4 - 0x20] +mov byte [ebp + ebx - 0x40], 1 +and edx, 0xffffff +shl eax, 0x18 +or eax, edx +mov dword [ebp + ebx*4 - 0x20], eax +jmp near loc_fffc7176 ; jmp 0xfffc7176 + +loc_fffc709c: ; not directly referenced +mov cl, byte [ebp - 0x50] +cmp cl, byte [ebp + eax - 0x3a] +jne loc_fffc7168 ; jne 0xfffc7168 +inc dl +je short loc_fffc7126 ; je 0xfffc7126 +cmp byte [ebp - 0x60], 0 +jg short loc_fffc7126 ; jg 0xfffc7126 +movsx eax, byte [ebp - 0x60] +mov esi, eax +mov eax, dword [ebp - 0x78] +call fcn_fffb392f ; call 0xfffb392f +mov ecx, dword [ebp + ebx*4 - 0x20] mov edx, 1 -shl edx, cl -lea ecx, [edx - 1] -mov ebx, ecx -add esp, 0x10 -not ebx -mov edx, eax -and eax, ecx -shr dx, 1 -and edx, ebx -or edx, eax -mov al, byte [ebp - 0x144] -lea ecx, [eax + 0xa] -mov eax, edi -shr eax, cl +sub edx, esi +shl edx, 3 +mov dword [ebp - 0xd4], ecx +lea ecx, [edx + 0x1f] +mov dword [ebp - 0xd0], eax +mov eax, esi +xor esi, esi +cmp cl, 0x3e +ja short loc_fffc7118 ; ja 0xfffc7118 +mov esi, eax +mov eax, 0xff +lea ecx, [esi*8 + 8] +movzx esi, byte [ebp - 0xd0] +shl eax, cl +not eax +and eax, dword [ebp - 0xd4] +shl esi, cl +mov cl, dl +or esi, eax +test dl, dl +jle short loc_fffc7114 ; jle 0xfffc7114 +shl esi, cl +jmp short loc_fffc7118 ; jmp 0xfffc7118 + +loc_fffc7114: ; not directly referenced +neg ecx +shr esi, cl + +loc_fffc7118: ; not directly referenced +mov al, byte [ebp - 0x50] +mov dword [ebp + ebx*4 - 0x20], esi dec eax -mov word [ebp - 0x128], ax -and word [ebp - 0x128], dx -jmp near loc_fffc8107 ; jmp 0xfffc8107 +mov byte [ebp + ebx - 0x3e], al +jmp short loc_fffc7149 ; jmp 0xfffc7149 -loc_fffc7e1d: ; not directly referenced -mov al, byte [ebp - 0x164] -test byte [ebp - 0x138], al -je loc_fffc7ef8 ; je 0xfffc7ef8 -cmp dword [ebp - 0x150], 0 -je short loc_fffc7e62 ; je 0xfffc7e62 -mov esi, dword [ebp - 0x10c] -mov ebx, dword [ebp - 0x110] -push eax -push 4 -push esi -push ebx -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -mov dword [ebp - 0x10c], esi -and eax, 0x780 -xor eax, ebx -mov dword [ebp - 0x110], eax +loc_fffc7126: ; not directly referenced +mov eax, dword [ebp - 0x78] +mov esi, dword [ebp + ebx*4 - 0x20] +call fcn_fffb392f ; call 0xfffb392f +movzx edx, si +and esi, 0xff0000 +shr esi, 8 +add esi, eax +shl esi, 0x10 +or esi, edx +mov dword [ebp + ebx*4 - 0x20], esi -loc_fffc7e62: ; not directly referenced -mov esi, dword [ebp - 0x10c] -mov ebx, dword [ebp - 0x110] -push eax -push 9 -push esi -push ebx -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 8 -push esi -push ebx -mov dword [ebp - 0x110], ebx -and eax, 1 -mov word [ebp - 0x116], ax -mov dword [ebp - 0x10c], esi -call dword [ebp - 0x58] ; ucall -add esp, 0xc -push 7 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -mov ebx, eax -call dword [ebp - 0x58] ; ucall -add esp, 0xc -and ebx, 4 -push 0xb -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -and eax, 3 -mov word [ebp - 0x114], ax -or word [ebp - 0x114], bx -call dword [ebp - 0x58] ; ucall -mov cl, byte [ebp - 0x144] -add esp, 0x10 -add ecx, 0xa -shr edi, cl -lea edi, [edi - 1] -mov word [ebp - 0x128], di -and word [ebp - 0x128], ax -jmp near loc_fffc8107 ; jmp 0xfffc8107 +loc_fffc7149: ; not directly referenced +mov al, byte [ebp - 0xcc] +cmp byte [ebp - 0x50], al +jae short loc_fffc7159 ; jae 0xfffc7159 +mov byte [ebp + ebx - 0x40], 1 -loc_fffc7ef8: ; not directly referenced -cmp dword [ebp - 0x144], 1 -jne loc_fffc7f9a ; jne 0xfffc7f9a -mov ecx, dword [ebp - 0x110] -mov eax, edi -shr eax, 1 -mov ebx, dword [ebp - 0x10c] -push esi -push 7 -test ecx, eax -setne al -and eax, dword [ebp - 0x138] -push ebx -push ecx -mov word [ebp - 0x116], ax -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 7 -cmp dword [ebp - 0x150], 0 -mov word [ebp - 0x114], ax -je short loc_fffc7f64 ; je 0xfffc7f64 -push ebx -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 7 -xor word [ebp - 0x114], ax +loc_fffc7159: ; not directly referenced +cmp byte [ebp - 0x60], 0 +jg short loc_fffc7176 ; jg 0xfffc7176 -loc_fffc7f64: ; not directly referenced -push ecx -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -mov ecx, dword [ebp - 0x138] -add esp, 0x10 -add ecx, 0xa -shr edi, cl -lea esi, [edi - 1] -mov word [ebp - 0x128], si -and word [ebp - 0x128], ax -jmp near loc_fffc8114 ; jmp 0xfffc8114 +loc_fffc715f: ; not directly referenced +mov word [ebp + ebx*2 - 0x28], 0 +jmp short loc_fffc7176 ; jmp 0xfffc7176 -loc_fffc7f9a: ; not directly referenced -cmp dword [ebp - 0x138], 0 -je loc_fffc8089 ; je 0xfffc8089 -mov al, byte [ebp - 0x154] -and eax, 1 -cmp word [ebp - 0x116], 0xb -sete dl -test dl, al -je short loc_fffc7fdf ; je 0xfffc7fdf -cmp edi, 0x4000000 -je short loc_fffc7fda ; je 0xfffc7fda -cmp edi, 0x8000000 -jne loc_fffc8257 ; jne 0xfffc8257 -mov edi, 0x4000000 -jmp short loc_fffc7fdf ; jmp 0xfffc7fdf +loc_fffc7168: ; not directly referenced +mov dword [ebp - 0x38], 1 -loc_fffc7fda: ; not directly referenced -mov edi, 0x2000000 +loc_fffc716f: ; not directly referenced +mov eax, dword [ebp - 0x38] +test eax, eax +jne short loc_fffc716f ; jne 0xfffc716f -loc_fffc7fdf: ; not directly referenced -cmp word [ebp - 0x116], 9 -sete dl -test dl, al -je short loc_fffc7ffb ; je 0xfffc7ffb -cmp edi, 0x1000000 -je short loc_fffc805d ; je 0xfffc805d -jmp near loc_fffc8257 ; jmp 0xfffc8257 +loc_fffc7176: ; not directly referenced +mov al, byte [ebp + ebx - 0x42] +cmp byte [ebp - 0x50], al +jne short loc_fffc7184 ; jne 0xfffc7184 +mov byte [ebp + ebx - 0x40], 1 -loc_fffc7ffb: ; not directly referenced -cmp edi, 0x2000000 -je short loc_fffc805d ; je 0xfffc805d -ja short loc_fffc8025 ; ja 0xfffc8025 -cmp edi, 0x800000 -je short loc_fffc8045 ; je 0xfffc8045 -cmp edi, 0x1000000 -jne loc_fffc8257 ; jne 0xfffc8257 -mov eax, 0x17 -mov esi, 0x7ffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +loc_fffc7184: ; not directly referenced +cmp dword [ebp - 0x78], 0 +jne short loc_fffc719f ; jne 0xfffc719f +cmp al, byte [ebp + ebx - 0x3e] +jne short loc_fffc719f ; jne 0xfffc719f +cmp word [ebp + ebx*2 - 0x28], 1 +jne short loc_fffc719f ; jne 0xfffc719f +mov word [ebp + ebx*4 - 0x1e], 0xfffe -loc_fffc8025: ; not directly referenced -cmp edi, 0x4000000 -je short loc_fffc8051 ; je 0xfffc8051 -cmp edi, 0x8000000 -jne loc_fffc8257 ; jne 0xfffc8257 -mov eax, 0x1a -mov esi, 0x3fffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +loc_fffc719f: ; not directly referenced +cmp byte [ebp - 0x50], 0 +jne short loc_fffc71c3 ; jne 0xfffc71c3 +cmp dword [ebp - 0x78], 0 +mov word [ebp + ebx*2 - 0x28], 1 +je short loc_fffc71c3 ; je 0xfffc71c3 +mov byte [ebp + ebx - 0x40], 1 +mov byte [ebp + ebx - 0x3e], 0 +mov word [ebp + ebx*4 - 0x1e], 0x707 -loc_fffc8045: ; not directly referenced -mov eax, 0x16 -mov esi, 0x3ffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +loc_fffc71c3: ; not directly referenced +cmp dword [ebp - 0x74], 0 +jne loc_fffc6f12 ; jne 0xfffc6f12 +cmp word [ebp + ebx*2 - 0x28], 1 +jne short loc_fffc71f9 ; jne 0xfffc71f9 +cmp byte [ebp + ebx - 0x40], 1 +je loc_fffc6f12 ; je 0xfffc6f12 +mov al, byte [ebp + ebx - 0x3c] +mov esi, dword [ebp - 0x98] +inc eax +mov byte [ebp + ebx - 0x3c], al +movzx eax, al +mov dword [esi], eax +jmp near loc_fffc6f12 ; jmp 0xfffc6f12 -loc_fffc8051: ; not directly referenced -mov eax, 0x19 -mov esi, 0x1fffc00 -jmp short loc_fffc8067 ; jmp 0xfffc8067 +loc_fffc71f9: ; not directly referenced +mov al, byte [ebp + ebx - 0x3a] +mov ecx, dword [ebp - 0x98] +dec eax +mov byte [ebp + ebx - 0x3a], al +movzx eax, al +mov dword [ecx], eax +jmp near loc_fffc6f12 ; jmp 0xfffc6f12 -loc_fffc805d: ; not directly referenced -mov eax, 0x18 -mov esi, 0xfffc00 +loc_fffc7212: ; not directly referenced +cmp dword [ebp - 0x74], 0 +je loc_fffc72ec ; je 0xfffc72ec +cmp word [ebp - 0x28], 1 +jne loc_fffc72d8 ; jne 0xfffc72d8 +cmp word [ebp - 0x26], 1 +jne loc_fffc72d8 ; jne 0xfffc72d8 +cmp byte [ebp - 0x40], 1 +jne short loc_fffc7242 ; jne 0xfffc7242 +cmp byte [ebp - 0x3f], 1 +je loc_fffc72ec ; je 0xfffc72ec -loc_fffc8067: ; not directly referenced -push edx +loc_fffc7242: ; not directly referenced +movzx eax, byte [ebp - 0x58] +mov bl, byte [ebp + eax - 0x3c] +lea edx, [ebx + 1] +mov byte [ebp + eax - 0x3c], dl + +loc_fffc7251: ; not directly referenced +imul ecx, dword [ebp - 0x64], 0x24 +movzx edx, dl +imul eax, eax, 0x12 +mov ebx, dword [ebp - 0x54] +add eax, ecx +add eax, dword [ebp - 0x4c] +mov dword [ebx + eax*4], edx +test byte [ebp - 0x70], 1 +je short loc_fffc729c ; je 0xfffc729c +movzx eax, byte [ebp - 0x58] +imul ecx, dword [ebp - 0x64], 0x24 +mov ebx, dword [ebp - 0x54] +mov esi, dword [ebp - 0x7c] +imul edx, eax, 0x12 +add edx, ecx +add edx, dword [ebp - 0x4c] +mov edx, dword [ebx + edx*4] +mov ebx, dword [ebp - 0x94] +mov dword [ebx + esi], edx +mov dl, byte [ebp + eax - 0x3a] +mov al, byte [ebp + eax - 0x3c] +mov byte [ebp - 0x3a], dl +mov byte [ebp - 0x3c], al + +loc_fffc729c: ; not directly referenced +cmp dword [ebp - 0xa0], 0 +je short loc_fffc72ec ; je 0xfffc72ec +movzx eax, byte [ebp - 0x58] +imul ecx, dword [ebp - 0x64], 0x24 +mov ebx, dword [ebp - 0x94] +mov esi, dword [ebp - 0x7c] +imul edx, eax, 0x12 +add edx, ecx +mov ecx, dword [ebp - 0x54] +add edx, dword [ebp - 0x4c] +mov edx, dword [ecx + edx*4] +mov dword [ebx + esi + 0x48], edx +mov dl, byte [ebp + eax - 0x3a] +mov al, byte [ebp + eax - 0x3c] +mov byte [ebp - 0x39], dl +mov byte [ebp - 0x3b], al +jmp short loc_fffc72ec ; jmp 0xfffc72ec + +loc_fffc72d8: ; not directly referenced +movzx eax, byte [ebp - 0x58] +mov bl, byte [ebp + eax - 0x3a] +lea edx, [ebx - 1] +mov byte [ebp + eax - 0x3a], dl +jmp near loc_fffc7251 ; jmp 0xfffc7251 + +loc_fffc72ec: ; not directly referenced +inc dword [ebp - 0x80] +jmp near loc_fffc6d31 ; jmp 0xfffc6d31 + +loc_fffc72f4: ; not directly referenced +cmp byte [ebp - 0x40], 0 +je loc_fffc6d0f ; je 0xfffc6d0f +cmp word [ebp - 0x26], 0 +je loc_fffc6d0f ; je 0xfffc6d0f +cmp byte [ebp - 0x3f], 0 +je loc_fffc6d0f ; je 0xfffc6d0f xor ebx, ebx -push eax -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall + +loc_fffc7315: ; not directly referenced +mov eax, dword [ebp - 0x6c] +bt eax, ebx +jae short loc_fffc736a ; jae 0xfffc736a +cmp byte [ebp - 0xb1], 0 +je short loc_fffc7356 ; je 0xfffc7356 +mov edx, dword [ebp + ebx*4 - 0x20] +sub esp, 0xc +movzx eax, byte [ebp + ebx - 0x3e] +push dword [ebp + 0x18] +mov ecx, edx +shr edx, 0x10 +shr ecx, 0x18 +movzx edx, dl +call fcn_fffac986 ; call 0xfffac986 +imul edx, ebx, 0x48 +mov ecx, dword [ebp - 0x90] add esp, 0x10 -and eax, 1 -mov word [ebp - 0x116], ax -jmp short loc_fffc809a ; jmp 0xfffc809a +mov dword [ecx + edx], eax +jmp short loc_fffc736a ; jmp 0xfffc736a -loc_fffc8089: ; not directly referenced -mov word [ebp - 0x116], 0 -mov esi, 0xfffffc00 -or ebx, 0xffffffff +loc_fffc7356: ; not directly referenced +movzx edx, byte [ebp + ebx - 0x3e] +imul eax, ebx, 0x48 +mov esi, dword [ebp - 0x90] +imul edx, edx, 0xa +mov dword [esi + eax], edx -loc_fffc809a: ; not directly referenced -push eax -push 7 -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 7 -cmp dword [ebp - 0x150], 0 -mov word [ebp - 0x114], ax -je short loc_fffc80e1 ; je 0xfffc80e1 +loc_fffc736a: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffc7315 ; jne 0xfffc7315 +inc dword [ebp - 0x4c] +add dword [ebp - 0x7c], 4 +cmp dword [ebp - 0x4c], 2 +jne loc_fffc6852 ; jne 0xfffc6852 +cmp byte [ebp - 0x5c], 0xd +jne short loc_fffc73a3 ; jne 0xfffc73a3 +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 2 push edi -push 0xa -push dword [ebp - 0x10c] -push dword [ebp - 0x110] -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -and eax, 7 -xor word [ebp - 0x114], ax +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 +jmp near loc_fffc74e1 ; jmp 0xfffc74e1 -loc_fffc80e1: ; not directly referenced -mov edi, dword [ebp - 0x10c] -mov ecx, esi -mov esi, dword [ebp - 0x110] -and edi, ebx +loc_fffc73a3: ; not directly referenced +cmp byte [ebp - 0x5c], 0xc +jne short loc_fffc73f7 ; jne 0xfffc73f7 +xor ebx, ebx + +loc_fffc73ab: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [ebp - 0x88], 0 +movzx ecx, byte [edi + eax + 0x381b] +jne short loc_fffc73d8 ; jne 0xfffc73d8 +push esi +push 0 +push 0 +push 3 +push ecx +push 0 push ebx -and ecx, esi -push 0xa push edi -push ecx -call dword [ebp - 0x58] ; ucall -mov word [ebp - 0x128], ax -jmp near loc_fffc8252 ; jmp 0xfffc8252 +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +jmp short loc_fffc73ec ; jmp 0xfffc73ec -loc_fffc8107: ; not directly referenced -cmp dword [ebp - 0x144], 1 -jne loc_fffc8262 ; jne 0xfffc8262 +loc_fffc73d8: ; not directly referenced +push 0 +mov edx, ebx +push 0 +mov eax, edi +push 0 +push 0 +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 -loc_fffc8114: ; not directly referenced -movzx esi, word [ebp - 0x116] +loc_fffc73ec: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffc73ab ; jne 0xfffc73ab +jmp near loc_fffc74e1 ; jmp 0xfffc74e1 + +loc_fffc73f7: ; not directly referenced +cmp byte [ebp - 0x5c], 5 +sete al +test byte [ebp - 0xa2], al +je loc_fffc74b9 ; je 0xfffc74b9 +mov edx, dword [ebp - 0xc8] xor ebx, ebx -movzx edi, word [ebp - 0x118] +mov eax, dword [ebp - 0xa8] +and edx, 1 +mov dword [ebp - 0x4c], eax +imul edx, edx, 0x18 +imul eax, dword [ebp - 0xac], 0x128 +add eax, edx +mov dword [ebp - 0x58], eax -loc_fffc8124: ; not directly referenced -push ecx -push 0x3f -push dword [ebp + ebx*2 - 0xe4] -push dword [ebp + ebx*2 - 0xe8] -call dword [ebp - 0x58] ; ucall -add esp, 0x10 -test al, 1 -je short loc_fffc8181 ; je 0xfffc8181 -sub esp, 0xc -movzx eax, word [ebp - 0x160] -mov ecx, esi -push dword [ebp - 0x148] -mov edx, edi -push dword [ebp + ebx - 0xf8] +loc_fffc7430: ; not directly referenced +mov esi, dword [ebp - 0x6c] +lea eax, [ebx + 1] +mov cl, al +mov edx, dword [ebp - 0x58] +mov dword [ebp - 0x50], eax +sar esi, cl +mov ecx, dword [ebp - 0x4c] +mov dword [ebp - 0x54], esi +lea esi, [ecx + edx + 0x1266] +mov ecx, dword [ebp - 0x68] +mov ax, word [esi + 0xb] +push edx +push edx +mov edx, ebx +or eax, 0x10 +movzx eax, ax push eax -movzx eax, word [ebp - 0x128] +mov eax, edi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +push dword [ebp - 0x54] +push 1 +push 0xff +push dword [ebp - 0x68] +push 0 +push 0 +push ebx +push edi +call fcn_fffcce33 ; call 0xfffcce33 +mov ax, word [esi + 0xb] +add esp, 0x28 +mov ecx, dword [ebp - 0x68] +mov edx, ebx +and eax, 0xffef push eax -movzx eax, word [ebp - 0x114] +mov eax, edi +push 3 +call fcn_fffa96cb ; call 0xfffa96cb +mov ebx, dword [ebp - 0x50] +add esp, 0x10 +add dword [ebp - 0x4c], 0x13c3 +mov dword [ebp - 0x84], eax +cmp ebx, 2 +jne loc_fffc7430 ; jne 0xfffc7430 +jmp short loc_fffc74e1 ; jmp 0xfffc74e1 + +loc_fffc74b9: ; not directly referenced +push 2 +movzx eax, byte [ebp - 0x5c] +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0 push eax -mov eax, dword [ebp - 0x16c] -call fcn_fffc455b ; call 0xfffc455b -add esp, 0x20 -test eax, eax -jne loc_fffc826e ; jne 0xfffc826e +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov dword [ebp - 0x84], eax -loc_fffc8181: ; not directly referenced -add ebx, 4 -cmp ebx, 0x10 -jne short loc_fffc8124 ; jne 0xfffc8124 -xor bl, bl +loc_fffc74e1: ; not directly referenced +mov eax, edi +xor ecx, ecx +mov edx, 0x4cf0 +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, dword [ebp - 0x84] -loc_fffc818b: ; not directly referenced -push edx -mov ecx, dword [ebp - 0x12c] -push dword [ebp + ebx*8 - 0xe4] -push dword [ebp + ebx*8 - 0xe8] -mov edx, dword [ebp - 0x130] -lea eax, [ebp - 0xc4] -push 0 -call fcn_fffb726f ; call 0xfffb726f +loc_fffc74f5: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffc74fd: ; not directly referenced +push ebp +mov eax, 0x80000002 +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x1c +mov ebx, dword [ebp + 0x20] +mov ecx, dword [ebp + 0x10] +mov esi, dword [ebp + 0x14] +mov edi, dword [ebp + 0x18] +test ebx, ebx +je loc_fffc75d3 ; je 0xfffc75d3 +cmp ecx, 0xb +ja loc_fffc75d3 ; ja 0xfffc75d3 +push eax +mov edx, ecx +push dword [ebp + 0x1c] +mov eax, 1 +mov dword [ebp - 0x1c], ecx +push edi +push esi +call fcn_fffb05d3 ; call 0xfffb05d3 add esp, 0x10 +mov ecx, dword [ebp - 0x1c] test eax, eax -je short loc_fffc822c ; je 0xfffc822c -mov eax, dword [ebp + ebx*4 - 0xf8] -mov edx, eax -shr edx, 0x1d -mov esi, edx -mov edx, eax -and esi, 1 -shr edx, 0xc -cmp dword [ebp - 0x140], 0 -mov word [ebp - 0x158], si -jne loc_fffc82c1 ; jne 0xfffc82c1 -mov edi, edx -mov edx, eax -and edi, 1 -shr edx, 0xb -mov word [ebp - 0x118], di -mov esi, edx -mov edi, eax -and esi, 1 -shr edi, 8 -mov word [ebp - 0x116], si -mov esi, edi -and esi, 7 -mov word [ebp - 0x114], si +js loc_fffc75d3 ; js 0xfffc75d3 +mov al, byte [ecx + ref_fffd6138] ; mov al, byte [ecx - 0x29ec8] +mov dword [ebp - 0x24], 0 +mov byte [ebp - 0x1e], al +mov eax, ecx +and eax, 3 +mov dword [ebp - 0x1c], eax +movzx eax, byte [eax + ref_fffd6144] ; movzx eax, byte [eax - 0x29ebc] +dec eax +test ebx, eax +movzx eax, byte [ecx + ref_fffd6144] ; movzx eax, byte [ecx - 0x29ebc] +sete byte [ebp - 0x1d] +mov dword [ebp - 0x28], eax -loc_fffc8212: ; not directly referenced -mov edi, eax -movzx eax, al -shr edi, 0xd -shl eax, 3 -mov dword [ebp - 0x128], edi -mov word [ebp - 0x156], ax -jmp short loc_fffc8236 ; jmp 0xfffc8236 +loc_fffc757b: ; not directly referenced +cmp dword [ebp + 0x1c], 0 +je short loc_fffc75d1 ; je 0xfffc75d1 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffc758d ; jne 0xfffc758d +mov dl, byte [ebx] +mov byte [esi], dl +jmp short loc_fffc75c0 ; jmp 0xfffc75c0 -loc_fffc822c: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffc818b ; jne 0xfffc818b +loc_fffc758d: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffc75a1 ; jne 0xfffc75a1 +movzx eax, word [ebx] +push edx +push edx +push eax +push esi +call fcn_fffb3fa0 ; call 0xfffb3fa0 +jmp short loc_fffc75b1 ; jmp 0xfffc75b1 -loc_fffc8236: ; not directly referenced +loc_fffc75a1: ; not directly referenced +cmp dword [ebp - 0x1c], 2 +jne short loc_fffc75b6 ; jne 0xfffc75b6 push eax -push 3 -push dword [ebp - 0x12c] -push dword [ebp - 0x130] -call dword [ebp - 0x58] ; ucall -and eax, 7 -or word [ebp - 0x156], ax +push eax +push dword [ebx] +push esi +call fcn_fffb3ffa ; call 0xfffb3ffa -loc_fffc8252: ; not directly referenced +loc_fffc75b1: ; not directly referenced add esp, 0x10 -jmp short loc_fffc8262 ; jmp 0xfffc8262 - -loc_fffc8257: ; not directly referenced -mov word [ebp - 0x116], 0 -jmp short loc_fffc8278 ; jmp 0xfffc8278 - -loc_fffc8262: ; not directly referenced -mov dword [ebp - 0x140], 1 -jmp short loc_fffc8278 ; jmp 0xfffc8278 +jmp short loc_fffc75c0 ; jmp 0xfffc75c0 -loc_fffc826e: ; not directly referenced -mov dword [ebp - 0x140], 0 +loc_fffc75b6: ; not directly referenced +mov eax, dword [ebx] +mov edx, dword [ebx + 4] +mov dword [esi], eax +mov dword [esi + 4], edx -loc_fffc8278: ; not directly referenced -mov eax, dword [ebp + 0x10] -mov ecx, dword [ebp - 0x128] -mov si, word [ebp - 0x156] -mov byte [eax], 0 -mov edi, eax -mov al, byte [ebp - 0x158] -mov word [edi + 7], cx -mov word [edi + 5], si -mov byte [edi + 1], al -mov al, byte [ebp - 0x118] -mov byte [edi + 2], al -mov al, byte [ebp - 0x116] -mov byte [edi + 3], al -mov al, byte [ebp - 0x114] -mov byte [edi + 4], al -mov al, byte [ebp - 0x140] -jmp short loc_fffc82ec ; jmp 0xfffc82ec +loc_fffc75c0: ; not directly referenced +movzx eax, byte [ebp - 0x1e] +add esi, dword [ebp - 0x28] +adc edi, dword [ebp - 0x24] +dec dword [ebp + 0x1c] +add ebx, eax +jmp short loc_fffc757b ; jmp 0xfffc757b -loc_fffc82c1: ; not directly referenced -mov esi, edx -mov edi, eax -and esi, 1 -shr edi, 8 -mov word [ebp - 0x116], si -mov esi, edi -and esi, 0xf -mov word [ebp - 0x114], si -mov word [ebp - 0x118], 0 -jmp near loc_fffc8212 ; jmp 0xfffc8212 +loc_fffc75d1: ; not directly referenced +xor eax, eax -loc_fffc82ec: ; not directly referenced +loc_fffc75d3: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -54158,1470 +53144,1518 @@ pop edi pop ebp ret -fcn_fffc82f4: ; not directly referenced +fcn_fffc75db: ; not directly referenced push ebp mov ebp, esp push edi +mov edi, eax push esi push ebx -sub esp, 0x4c -mov eax, dword [ebp + 8] -call fcn_fffb0e8a ; call 0xfffb0e8a -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -call fcn_fffa6828 ; call 0xfffa6828 -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -mov ecx, 0xf -mov edx, 0x4d94 -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 3 -jne loc_fffc849f ; jne 0xfffc849f -mov ecx, 0xf -mov edx, 0x4d90 -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp + 8] -mov edx, 0x5030 -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5030 -or eax, 0x400000 -mov ecx, eax -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp + 8] -mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffc839d ; jne 0xfffc839d -movzx ecx, byte [eax + 0x47e8] -mov edx, 0x4192 -call fcn_fffae566 ; call 0xfffae566 - -loc_fffc839d: ; not directly referenced +mov ebx, ref_fffd5904 ; mov ebx, 0xfffd5904 +sub esp, 0x2c mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffc83ba ; jne 0xfffc83ba -movzx ecx, byte [eax + 0x5bab] -mov edx, 0x4592 -call fcn_fffae566 ; call 0xfffae566 +mov dword [ebp - 0x28], ecx +mov byte [ebp - 0x21], cl +mov dword [ebp - 0x2c], edx +mov esi, dword [eax] +mov eax, dword [edi + 0x188b] +mov dword [ebp - 0x1c], eax -loc_fffc83ba: ; not directly referenced -mov eax, dword [ebp + 8] -mov edx, 0xbb8 -xor ebx, ebx -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp + 8] -lea edi, [eax + 0x3756] +loc_fffc7602: ; not directly referenced +mov al, byte [ebx + 4] +and eax, 1 +cmp eax, dword [ebp - 0x2c] +jne short loc_fffc765b ; jne 0xfffc765b +movzx eax, word [ebx] +mov dword [ebp - 0x20], eax +sub dword [ebp - 0x20], esi -loc_fffc83d2: ; not directly referenced -cmp dword [edi], 2 -je short loc_fffc83f4 ; je 0xfffc83f4 +loc_fffc7616: ; not directly referenced +mov eax, dword [ebp - 0x20] +lea edx, [esi + eax] +movzx eax, word [ebx + 2] +cmp edx, eax +ja short loc_fffc765b ; ja 0xfffc765b +cmp dword [ebp - 0x1c], 0 +jne short loc_fffc7630 ; jne 0xfffc7630 +test byte [ebx + 4], 2 +jmp short loc_fffc763a ; jmp 0xfffc763a -loc_fffc83d7: ; not directly referenced -inc ebx -add edi, 0x13c3 -cmp ebx, 2 -jne short loc_fffc83d2 ; jne 0xfffc83d2 -mov eax, dword [ebp + 8] -mov edx, 0x96 -xor esi, esi -call fcn_fffa834b ; call 0xfffa834b -jmp short loc_fffc8471 ; jmp 0xfffc8471 +loc_fffc7630: ; not directly referenced +cmp dword [ebp - 0x1c], 1 +jne short loc_fffc7656 ; jne 0xfffc7656 +test byte [ebx + 4], 4 -loc_fffc83f4: ; not directly referenced -mov dword [ebp - 0x30], 0 +loc_fffc763a: ; not directly referenced +je short loc_fffc7656 ; je 0xfffc7656 +cmp byte [ebp - 0x21], 1 +jne short loc_fffc764d ; jne 0xfffc764d +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov dword [esi], eax +jmp short loc_fffc7656 ; jmp 0xfffc7656 -loc_fffc83fb: ; not directly referenced -mov cl, byte [ebp - 0x30] -mov eax, 1 -shl eax, cl -test byte [edi + 0xc4], al -jne short loc_fffc8418 ; jne 0xfffc8418 +loc_fffc764d: ; not directly referenced +mov ecx, dword [esi] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc840d: ; not directly referenced -inc dword [ebp - 0x30] -cmp dword [ebp - 0x30], 4 -jne short loc_fffc83fb ; jne 0xfffc83fb -jmp short loc_fffc83d7 ; jmp 0xfffc83d7 +loc_fffc7656: ; not directly referenced +add esi, 4 +jmp short loc_fffc7616 ; jmp 0xfffc7616 -loc_fffc8418: ; not directly referenced -mov esi, dword [ebp + 8] -cmp byte [esi + 0x247c], 0 -je short loc_fffc8451 ; je 0xfffc8451 -push 0 -mov ecx, eax -mov eax, dword [ebp + 8] -lea esi, [ebp - 0x24] -mov edx, ebx -push esi -push 0 -push 7 -mov dword [ebp - 0x24], 0x8600 -call fcn_fffafb06 ; call 0xfffafb06 +loc_fffc765b: ; not directly referenced +add ebx, 5 +cmp ebx, ref_fffd6138 ; cmp ebx, 0xfffd6138 +jne short loc_fffc7602 ; jne 0xfffc7602 mov eax, dword [ebp + 8] -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -add esp, 0x10 +cmp byte [ebp - 0x28], 0 +mov dword [eax], esi +jne short loc_fffc768e ; jne 0xfffc768e +mov edx, 0x5f09 +mov eax, edi +mov ecx, 1 +call fcn_fffb335b ; call 0xfffb335b +mov edx, 0x96 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffc8451: ; not directly referenced -mov eax, dword [ebp + 8] -mov edx, ebx -push ecx -mov ecx, dword [ebp - 0x30] -push 1 -push 0xfc -push 0x3f -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -mov esi, eax -test eax, eax -je short loc_fffc840d ; je 0xfffc840d +loc_fffc768e: ; not directly referenced +add esp, 0x2c +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffc8471: ; not directly referenced +fcn_fffc7698: ; not directly referenced +push ebp +mov ebp, esp mov eax, dword [ebp + 8] -cmp byte [eax + 0x247c], 0 -je short loc_fffc848b ; je 0xfffc848b -sub esp, 0xc -push eax -call fcn_fffb1d2f ; call 0xfffb1d2f -add esp, 0x10 -mov esi, eax +mov ecx, dword [eax + 0x5edd] +lea edx, [ecx + 0x1b8] +xor ecx, ecx +mov dword [ebp + 8], edx +mov edx, 1 +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db -loc_fffc848b: ; not directly referenced +fcn_fffc76ba: ; not directly referenced +push ebp +mov ebp, esp mov eax, dword [ebp + 8] +mov edx, dword [eax + 0x5edd] +lea ecx, [eax + 0x1c] +mov byte [eax + 0x247d], 1 +add edx, 0x1b8 +mov dword [edx], ecx xor ecx, ecx -mov edx, 0x4d94 -call fcn_fffaeb7c ; call 0xfffaeb7c -jmp near loc_fffc9120 ; jmp 0xfffc9120 +mov dword [ebp + 8], edx +xor edx, edx +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db -loc_fffc849f: ; not directly referenced -mov eax, dword [ebp + 8] -mov edx, dword [eax + 0x1887] -mov esi, dword [eax + 0x2443] -cmp edx, 0x306d0 -sete al -cmp edx, 0x40650 -sete dl -or eax, edx -movzx eax, al -mov dword [ebp - 0x34], eax -mov edi, eax +fcn_fffc76e5: ; not directly referenced +push ebp +mov ebp, esp +sub esp, 8 mov eax, dword [ebp + 8] -mov ebx, dword [eax + 0x18c1] -push 0xf0 -push 0 -push 0x1f -push 0 -call dword [esi + 0x4c] ; ucall -add ebx, eax -mov dword [esp], ebx -xor ebx, ebx -call dword [esi + 0x20] ; ucall -add esp, 0x10 -mov dword [ebp - 0x30], eax -and dword [ebp - 0x30], 0xfffffffe -test edi, edi -je short loc_fffc851b ; je 0xfffc851b -mov eax, dword [ebp - 0x30] +mov edx, dword [eax + 0x5edd] +cmp byte [edx + 0x1c4], 1 +jne short loc_fffc7709 ; jne 0xfffc7709 sub esp, 0xc -lea edi, [eax + 0x333c] -push edi -call dword [esi + 0x20] ; ucall -mov ebx, eax -pop eax -or ebx, 0x4000000 -pop edx -push ebx -push edi -call dword [esi + 0x30] ; ucall -add esp, 0x10 - -loc_fffc851b: ; not directly referenced -mov eax, dword [ebp + 8] -mov ecx, 0x102 -mov edx, 0x5030 -mov edi, 0x102 -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp + 8] -mov ecx, 0xf -mov edx, 0x4d90 -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x34], 0 -je short loc_fffc8564 ; je 0xfffc8564 -push eax -and ebx, 0xfbffffff -push eax -mov eax, dword [ebp - 0x30] -push ebx -add eax, 0x333c push eax -call dword [esi + 0x30] ; ucall +call fcn_fffc76ba ; call 0xfffc76ba add esp, 0x10 -jmp short loc_fffc8585 ; jmp 0xfffc8585 -loc_fffc8564: ; not directly referenced -mov eax, dword [ebp + 8] -mov edx, 0x5030 -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5030 -mov edi, eax -mov eax, dword [ebp + 8] -and edi, 0xfffffffd -mov ecx, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffc7709: ; not directly referenced +xor eax, eax +leave +ret -loc_fffc8585: ; not directly referenced -mov eax, dword [ebp + 8] -mov edx, 0xc8 -mov ecx, dword [ebp + 8] -mov eax, dword [eax + 0x18a7] -mov ecx, dword [ecx + eax*4 + 0x3735] -test ecx, ecx -je loc_fffc8636 ; je 0xfffc8636 -mov eax, dword [ebp + 8] -cmp byte [eax + 0x2479], 0 -jne loc_fffc8636 ; jne 0xfffc8636 -mov edx, dword [eax + 0x2443] -mov dword [ebp - 0x3c], ecx -push ecx -movzx eax, byte [eax + 0x187f] -mov dword [ebp - 0x38], edx -push eax -mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x18b0] -push eax -mov eax, dword [ebp + 8] -push dword [eax + 0x18c1] -call dword [edx + 0x88] ; ucall -mov ecx, dword [ebp - 0x3c] -add esp, 0x10 -cmp ecx, eax -je short loc_fffc861a ; je 0xfffc861a -mov eax, dword [ebp + 8] -push ecx -mov edx, dword [ebp - 0x38] -movzx eax, byte [eax + 0x187f] -push eax -mov eax, dword [ebp + 8] -movzx eax, byte [eax + 0x18b0] -push eax +fcn_fffc770d: ; not directly referenced +push ebp +mov ebp, esp mov eax, dword [ebp + 8] -push dword [eax + 0x18c1] -call dword [edx + 0x8c] ; ucall -add esp, 0x10 +mov ecx, dword [eax + 0x5edd] +lea edx, [ecx + 0x1b8] +mov ecx, 1 +mov dword [ebp + 8], edx +mov edx, 1 +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db -loc_fffc861a: ; not directly referenced -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x18ee] -mov dword [ebp - 0x38], eax -lea edx, [eax + 0xc8] +fcn_fffc7732: ; not directly referenced +push ebp +mov ebp, esp mov eax, dword [ebp + 8] -mov byte [eax + 0x2479], 1 +mov edx, dword [eax + 0x5edd] +lea ecx, [eax + 0x1c] +mov dword [edx + 0x1b8], ecx +add edx, 0x1b8 +mov ecx, 1 +mov dword [ebp + 8], edx +xor edx, edx +pop ebp +jmp near fcn_fffc75db ; jmp 0xfffc75db -loc_fffc8636: ; not directly referenced -imul edx, edx, 0xf -mov eax, dword [ebp + 8] -call fcn_fffa834b ; call 0xfffa834b -cmp dword [ebp - 0x34], 0 -je short loc_fffc8661 ; je 0xfffc8661 -push eax -or ebx, 0x4000000 -push eax -mov eax, dword [ebp - 0x30] +fcn_fffc775d: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi push ebx -add eax, 0x333c -push eax -call dword [esi + 0x30] ; ucall -add esp, 0x10 -jmp short loc_fffc8673 ; jmp 0xfffc8673 +sub esp, 0x2cc +mov edi, dword [ebp + 8] +mov dword [ebp - 0x268], 1 +mov eax, dword [edi + 0x5edd] +mov edx, dword [edi + 0x2481] +mov ecx, dword [edi + 0x1883] +mov dword [ebp - 0x260], eax +mov eax, dword [edi + 0x2444] +cmp edx, 3 +mov dword [ebp - 0x28c], ecx +mov dword [ebp - 0x2a4], eax +sete al +movzx ebx, al +mov dword [ebp - 0x288], ebx +mov ebx, dword [edi + 0x1887] +mov esi, ebx +mov dword [ebp - 0x2b0], ebx +mov ebx, dword [edi + 0x188b] +mov dword [ebp - 0x290], ebx +xor ebx, ebx +cmp edx, 2 +sete bl +cmp esi, 0x306d0 +mov dword [ebp - 0x2b4], ebx +sete bl +cmp ecx, 3 +setbe dl +mov byte [ebp - 0x27b], bl +test bl, dl +jne short loc_fffc780c ; jne 0xfffc780c +test ecx, ecx +sete dl +xor ebx, ebx +cmp esi, 0x40670 +sete bl +mov dword [ebp - 0x268], ebx +and dword [ebp - 0x268], edx -loc_fffc8661: ; not directly referenced -mov eax, dword [ebp + 8] -or edi, 2 -mov edx, 0x5030 -mov ecx, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffc780c: ; not directly referenced +and al, byte [ebp - 0x27b] +cmp dword [ebp - 0x290], 1 +movzx eax, al +mov dword [ebp - 0x2b8], eax +mov eax, dword [ebp - 0x260] +movzx eax, byte [eax + 0x1c5] +mov dword [ebp - 0x298], eax +movzx eax, byte [edi + 0x1965] +mov dword [ebp - 0x284], eax +jne short loc_fffc7889 ; jne 0xfffc7889 +cmp dword [ebp - 0x28c], 4 +mov byte [ebp - 0x27a], 0x10 +mov byte [ebp - 0x280], 0xf0 +setbe al +test byte [ebp - 0x27b], al +mov byte [ebp - 0x279], 4 +je short loc_fffc789e ; je 0xfffc789e +cmp dword [edi + 0x36d8], 0x640 +mov eax, 0 +cmovbe eax, dword [ebp - 0x284] +mov dword [ebp - 0x284], eax +jmp short loc_fffc789e ; jmp 0xfffc789e -loc_fffc8673: ; not directly referenced -mov eax, dword [ebp + 8] -mov edx, 0x1d4c -or edi, 0x400000 -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp + 8] -mov ecx, edi -mov edx, 0x5030 -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp + 8] -mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp + 8] -cmp dword [eax + 0x3756], 2 -jne short loc_fffc86bf ; jne 0xfffc86bf -movzx ecx, byte [eax + 0x381a] -mov edx, 0x4192 -call fcn_fffae566 ; call 0xfffae566 +loc_fffc7889: ; not directly referenced +mov byte [ebp - 0x27a], 8 +mov byte [ebp - 0x280], 0xf8 +mov byte [ebp - 0x279], 1 -loc_fffc86bf: ; not directly referenced -mov eax, dword [ebp + 8] -cmp dword [eax + 0x4b19], 2 -jne short loc_fffc86dc ; jne 0xfffc86dc -movzx ecx, byte [eax + 0x4bdd] -mov edx, 0x4592 -call fcn_fffae566 ; call 0xfffae566 +loc_fffc789e: ; not directly referenced +mov ebx, dword [ebp - 0x260] +lea eax, [edi + 0x3757] +xor esi, esi +mov dword [ebp - 0x264], eax +mov dword [ebp - 0x25c], eax +add ebx, 0x1c +mov dword [ebp - 0x2a8], ebx +mov dword [ebp - 0x270], ebx -loc_fffc86dc: ; not directly referenced -mov eax, dword [ebp + 8] -mov edx, 1 -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp + 8] -cmp dword [eax + 0x2480], 2 -jne loc_fffc8ce3 ; jne 0xfffc8ce3 -mov edi, dword [eax + 0x36d7] -xor eax, eax -cmp edi, 0x640 -jbe short loc_fffc8714 ; jbe 0xfffc8714 -cmp edi, 0x961 -sbb eax, eax -add eax, 2 +loc_fffc78c7: ; not directly referenced +mov eax, dword [ebp - 0x25c] +mov byte [ebp + esi - 0x252], 0 +cmp dword [eax], 2 +je short loc_fffc78f9 ; je 0xfffc78f9 -loc_fffc8714: ; not directly referenced -mov esi, dword [ebp + 8] -cmp al, 3 -mov bl, 3 -cmovbe ebx, eax -xor eax, eax -and ebx, 3 -shl ebx, 9 -add esi, 0x374e -mov byte [ebp - 0x30], 0 -mov dword [ebp - 0x34], esi +loc_fffc78da: ; not directly referenced +inc esi +add dword [ebp - 0x25c], 0x13c3 +add dword [ebp - 0x270], 0xcc +cmp esi, 2 +jne short loc_fffc78c7 ; jne 0xfffc78c7 +jmp near loc_fffc798a ; jmp 0xfffc798a -loc_fffc8733: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x30], 1 -setbe dl -test cl, dl -je loc_fffc87f6 ; je 0xfffc87f6 -movzx edx, byte [ebp - 0x30] -xor eax, eax -mov ecx, dword [ebp + 8] -imul esi, edx, 0x13c3 -add ecx, esi -cmp dword [ecx + 0x3756], 2 -jne loc_fffc87ee ; jne 0xfffc87ee -mov eax, dword [ebp - 0x34] -lea eax, [eax + esi + 8] -test byte [ecx + 0x381a], 1 -je short loc_fffc879e ; je 0xfffc879e -mov esi, dword [ebp + 8] -cmp byte [esi + 0x247b], 0 -jne short loc_fffc8795 ; jne 0xfffc8795 -mov word [eax + 0x1271], bx -mov word [eax + 0x1289], bx +loc_fffc78f9: ; not directly referenced +mov eax, dword [ebp - 0x25c] +xor ecx, ecx +mov edx, 1 +mov al, byte [eax + 0xc4] -loc_fffc878f: ; not directly referenced -mov word [ebp - 0x24], bx -jmp short loc_fffc879e ; jmp 0xfffc879e +loc_fffc790c: ; not directly referenced +mov ebx, edx +shl ebx, cl +test al, bl +je short loc_fffc791b ; je 0xfffc791b +mov byte [ebp + esi - 0x252], cl -loc_fffc8795: ; not directly referenced -mov bx, word [eax + 0x1271] -jmp short loc_fffc878f ; jmp 0xfffc878f +loc_fffc791b: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffc790c ; jne 0xfffc790c +mov byte [ebp - 0x26c], 0 + +loc_fffc7928: ; not directly referenced +mov al, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc78da ; jae 0xfffc78da +movzx ecx, byte [ebp - 0x26c] +mov eax, dword [ebp - 0x270] +mov edx, dword [ebp - 0x298] +mov ebx, dword [eax + ecx*4 + 0x28] +or ebx, 0x60 +mov eax, ebx +and eax, 0xffbfffff +test edx, edx +mov edx, dword [ebp - 0x2b4] +cmovne ebx, eax +mov eax, ebx +and eax, 0xffdfffff +test edx, edx +mov edx, esi +cmovne ebx, eax +mov eax, edi +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0x26c] +jmp short loc_fffc7928 ; jmp 0xfffc7928 -loc_fffc879e: ; not directly referenced -imul ecx, edx, 0x13c3 -mov esi, dword [ebp + 8] -test byte [esi + ecx + 0x381a], 4 -je short loc_fffc87d7 ; je 0xfffc87d7 -cmp byte [esi + 0x247b], 0 -jne short loc_fffc87ce ; jne 0xfffc87ce -mov word [eax + 0x1399], bx -mov word [eax + 0x13b1], bx +loc_fffc798a: ; not directly referenced +cmp dword [ebp - 0x298], 0 +je short loc_fffc79e7 ; je 0xfffc79e7 +mov edx, 0x3a28 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x3a28 +mov dword [ebp - 0x2ac], eax +mov eax, edi +and dword [ebp - 0x2ac], 0xfffffffd +mov ecx, dword [ebp - 0x2ac] +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +or ah, 1 +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x96 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 -loc_fffc87c8: ; not directly referenced -mov word [ebp - 0x22], bx -jmp short loc_fffc87d7 ; jmp 0xfffc87d7 +loc_fffc79e7: ; not directly referenced +movzx eax, byte [ebp - 0x280] +mov dword [ebp - 0x278], 1 +mov dword [ebp - 0x270], 0 +mov dword [ebp - 0x2c8], eax -loc_fffc87ce: ; not directly referenced -mov bx, word [eax + 0x1399] -jmp short loc_fffc87c8 ; jmp 0xfffc87c8 +loc_fffc7a08: ; not directly referenced +mov esi, dword [ebp - 0x278] +mov eax, esi +mov byte [ebp - 0x274], al +test al, al +je short loc_fffc7a30 ; je 0xfffc7a30 +cmp dword [ebp - 0x290], 0 +sete al +or al, byte [ebp - 0x268] +jne loc_fffc81ea ; jne 0xfffc81ea -loc_fffc87d7: ; not directly referenced -sub esp, 0xc -mov ecx, 3 -lea eax, [ebp - 0x24] +loc_fffc7a30: ; not directly referenced +mov esi, dword [ebp - 0x2a4] push eax -mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +push 0 +push 0x24 +lea eax, [ebp - 0x1c8] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x24 +lea eax, [ebp - 0x1ec] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push dword [ebp - 0x2c8] +lea eax, [ebp - 0x234] +push 0x12 +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0xff +push 0x12 +lea eax, [ebp - 0x210] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x12 +lea eax, [ebp - 0x222] +push eax +mov eax, esi +call dword [eax + 0x5c] ; ucall +mov esi, dword [ebp - 0x264] add esp, 0x10 +mov dword [ebp - 0x26c], 0 -loc_fffc87ee: ; not directly referenced -inc byte [ebp - 0x30] -jmp near loc_fffc8733 ; jmp 0xfffc8733 - -loc_fffc87f6: ; not directly referenced -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -mov bl, 4 -movzx eax, byte [eax + 0x247d] -mov dword [ebp - 0x34], eax -cmp edi, 0x535 -jbe short loc_fffc882c ; jbe 0xfffc882c -mov bl, 5 -cmp edi, 0x74b -jbe short loc_fffc882c ; jbe 0xfffc882c -cmp edi, 0x961 -sbb ebx, ebx -add ebx, 7 - -loc_fffc882c: ; not directly referenced -sub ebx, 4 -mov al, 3 -cmp bl, 3 -cmova ebx, eax -mov eax, dword [ebp + 8] -xor esi, esi -and ebx, 7 -shl ebx, 0xa -or bl, 0x8d -mov byte [ebp - 0x30], 0 -lea edi, [eax + 0x374e] - -loc_fffc884f: ; not directly referenced -test esi, esi -sete dl -cmp byte [ebp - 0x30], 1 -setbe al -test dl, al -je loc_fffc891d ; je 0xfffc891d -movzx edx, byte [ebp - 0x30] -xor esi, esi -mov ecx, dword [ebp + 8] -imul eax, edx, 0x13c3 -add ecx, eax -cmp dword [ecx + 0x3756], 2 -jne loc_fffc8915 ; jne 0xfffc8915 -lea eax, [edi + eax + 8] -test byte [ecx + 0x381a], 1 -je short loc_fffc88bd ; je 0xfffc88bd -mov esi, dword [ebp + 8] -cmp byte [esi + 0x247b], 0 -je short loc_fffc88a7 ; je 0xfffc88a7 - -loc_fffc889a: ; not directly referenced -mov bx, word [eax + 0x1277] - -loc_fffc88a1: ; not directly referenced -mov word [ebp - 0x24], bx -jmp short loc_fffc88bd ; jmp 0xfffc88bd - -loc_fffc88a7: ; not directly referenced -cmp dword [ebp - 0x34], 0 -jne short loc_fffc889a ; jne 0xfffc889a -mov word [eax + 0x1277], bx -mov word [eax + 0x128f], bx -jmp short loc_fffc88a1 ; jmp 0xfffc88a1 - -loc_fffc88bd: ; not directly referenced -imul ecx, edx, 0x13c3 -mov esi, dword [ebp + 8] -test byte [esi + ecx + 0x381a], 4 -je short loc_fffc88fc ; je 0xfffc88fc -cmp byte [esi + 0x247b], 0 -je short loc_fffc88e6 ; je 0xfffc88e6 +loc_fffc7aad: ; not directly referenced +cmp dword [esi], 2 +je short loc_fffc7ae9 ; je 0xfffc7ae9 -loc_fffc88d9: ; not directly referenced -mov bx, word [eax + 0x139f] +loc_fffc7ab2: ; not directly referenced +inc dword [ebp - 0x26c] +add esi, 0x13c3 +cmp dword [ebp - 0x26c], 2 +jne short loc_fffc7aad ; jne 0xfffc7aad +mov al, byte [ebp - 0x280] +mov byte [ebp - 0x29c], 0 +mov byte [ebp - 0x25c], al +imul eax, dword [ebp - 0x278], 0x12 +mov dword [ebp - 0x2c0], eax +jmp short loc_fffc7b59 ; jmp 0xfffc7b59 -loc_fffc88e0: ; not directly referenced -mov word [ebp - 0x22], bx -jmp short loc_fffc88fc ; jmp 0xfffc88fc +loc_fffc7ae9: ; not directly referenced +xor ebx, ebx -loc_fffc88e6: ; not directly referenced -cmp dword [ebp - 0x34], 0 -jne short loc_fffc88d9 ; jne 0xfffc88d9 -mov word [eax + 0x139f], bx -mov word [eax + 0x13b7], bx -jmp short loc_fffc88e0 ; jmp 0xfffc88e0 +loc_fffc7aeb: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffc7ab2 ; jae 0xfffc7ab2 +movzx eax, bl +mov dword [ebp - 0x270], eax +mov byte [esi + eax + 0x101d], 0 +mov dword [ebp - 0x25c], 0 -loc_fffc88fc: ; not directly referenced -sub esp, 0xc -mov ecx, 6 -lea eax, [ebp - 0x24] +loc_fffc7b0e: ; not directly referenced +mov cl, byte [ebp - 0x25c] +mov eax, 1 +shl eax, cl +test byte [esi + 0xc4], al +je short loc_fffc7b47 ; je 0xfffc7b47 push eax -mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +mov ecx, dword [ebp - 0x25c] +mov eax, edi +push 0 +mov edx, dword [ebp - 0x26c] +push 0xff +push dword [ebp - 0x270] +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -mov esi, eax -loc_fffc8915: ; not directly referenced -inc byte [ebp - 0x30] -jmp near loc_fffc884f ; jmp 0xfffc884f +loc_fffc7b47: ; not directly referenced +inc dword [ebp - 0x25c] +cmp dword [ebp - 0x25c], 4 +jne short loc_fffc7b0e ; jne 0xfffc7b0e +inc ebx +jmp short loc_fffc7aeb ; jmp 0xfffc7aeb -loc_fffc891d: ; not directly referenced -mov dword [ebp - 0x38], esi -test esi, esi -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -mov ebx, 0x20 -mov byte [ebp - 0x30], 0 -add eax, 0x374e -mov dword [ebp - 0x40], eax +loc_fffc7b59: ; not directly referenced +cmp byte [ebp - 0x274], 0 +jne short loc_fffc7b8f ; jne 0xfffc7b8f +push 0 +movsx eax, byte [ebp - 0x25c] +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push eax +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov dword [ebp - 0x270], eax +jmp short loc_fffc7be3 ; jmp 0xfffc7be3 -loc_fffc893c: ; not directly referenced -test esi, esi -sete dl -cmp byte [ebp - 0x30], 1 -setbe al -test dl, al -je loc_fffc8a13 ; je 0xfffc8a13 -movzx eax, byte [ebp - 0x30] -imul edx, eax, 0x13c3 -mov dword [ebp - 0x34], eax -mov eax, dword [ebp + 8] -add eax, edx -cmp dword [eax + 0x3756], 2 -jne loc_fffc8a08 ; jne 0xfffc8a08 -mov edi, dword [ebp - 0x40] -mov dword [ebp - 0x3c], eax -lea esi, [edi + edx + 0x127d] -xor edi, edi +loc_fffc7b8f: ; not directly referenced +push 0 +mov bl, byte [ebp - 0x25c] +push 0 +push 0 +push 0 +push 0 +and ebx, 1 +push 0 +movzx eax, bl +push 0 +push 1 +push 0 +push eax +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov esi, dword [ebp - 0x25c] +mov dl, 2 +add esp, 0x30 +mov dword [ebp - 0x270], eax +mov eax, esi +cbw +idiv dl +mov edx, esi +shr dl, 7 +mov byte [ebp - 0x29c], al +test bl, dl +je short loc_fffc7be3 ; je 0xfffc7be3 +dec eax +mov byte [ebp - 0x29c], al -loc_fffc897e: ; not directly referenced -mov ecx, edi -mov eax, 1 -shl eax, cl -mov ecx, dword [ebp - 0x3c] -test byte [ecx + 0x381a], al -je short loc_fffc89dc ; je 0xfffc89dc -mov eax, dword [ebp + 8] -cmp byte [eax + 0x247b], 0 -je short loc_fffc89a3 ; je 0xfffc89a3 -mov bx, word [esi] -jmp short loc_fffc89d7 ; jmp 0xfffc89d7 +loc_fffc7be3: ; not directly referenced +mov eax, edi +or edx, 0xffffffff +call fcn_fffac864 ; call 0xfffac864 +mov eax, dword [ebp - 0x264] +mov dword [ebp - 0x26c], 0 +mov dword [ebp - 0x294], eax -loc_fffc89a3: ; not directly referenced -mov edx, dword [ebp - 0x34] -mov eax, dword [ebp + 8] -call fcn_fffa6c42 ; call 0xfffa6c42 -test eax, eax -je loc_fffc8ec5 ; je 0xfffc8ec5 -movzx ecx, byte [eax + 2] -sub esp, 0xc -mov edx, dword [ebp + 8] -lea eax, [ebp - 0x2a] -push ebx -call fcn_fffa6cab ; call 0xfffa6cab -mov bx, word [ebp - 0x2a] -add esp, 0x10 -mov word [esi], bx -mov word [esi + 0x18], bx +loc_fffc7c03: ; not directly referenced +mov eax, dword [ebp - 0x294] +cmp dword [eax], 2 +jne loc_fffc7d84 ; jne 0xfffc7d84 +cmp byte [ebp - 0x274], 1 +je short loc_fffc7c8f ; je 0xfffc7c8f -loc_fffc89d7: ; not directly referenced -mov word [ebp + edi - 0x24], bx +loc_fffc7c1b: ; not directly referenced +mov esi, dword [ebp - 0x26c] +mov ecx, 0xff +mov ebx, dword [ebp - 0x260] +imul eax, esi, 0xcc +mov edx, esi +mov ebx, dword [ebx + eax + 0x1c] +movzx eax, byte [ebp + esi - 0x252] +or ebx, 0x100000 +and eax, 3 +and ebx, 0xff1fffff +shl eax, 0x16 +or ebx, eax +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +or ebx, 0x1000008 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, edi +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +lea eax, [esi + esi*8] +lea esi, [ebp - 0x18] +add eax, esi +mov byte [ebp - 0x2a0], 0 +mov dword [ebp - 0x2bc], eax +jmp short loc_fffc7d04 ; jmp 0xfffc7d04 -loc_fffc89dc: ; not directly referenced -add edi, 2 -add esi, 0x128 -cmp edi, 4 -jne short loc_fffc897e ; jne 0xfffc897e -sub esp, 0xc -mov edx, dword [ebp - 0x34] -mov ecx, 5 -lea eax, [ebp - 0x24] +loc_fffc7c8f: ; not directly referenced +mov byte [ebp - 0x2a0], 0 + +loc_fffc7c96: ; not directly referenced +mov al, byte [ebp - 0x2a0] +cmp al, byte [edi + 0x2489] +jae loc_fffc7c1b ; jae 0xfffc7c1b +mov ebx, dword [ebp - 0x294] +movzx esi, byte [ebp - 0x2a0] +mov al, byte [ebp - 0x29c] +mov byte [ebx + esi + 0x101d], al +xor ebx, ebx + +loc_fffc7cc4: ; not directly referenced +mov cl, bl +mov eax, 1 +shl eax, cl +mov ecx, dword [ebp - 0x294] +test byte [ecx + 0xc4], al +je short loc_fffc7cf6 ; je 0xfffc7cf6 +mov edx, dword [ebp - 0x26c] +mov ecx, ebx push eax -mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 +mov eax, edi +push 0 +push 0xff +push esi +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -mov esi, eax -jmp short loc_fffc8a0b ; jmp 0xfffc8a0b -loc_fffc8a08: ; not directly referenced -mov esi, dword [ebp - 0x38] +loc_fffc7cf6: ; not directly referenced +inc ebx +cmp ebx, 4 +jne short loc_fffc7cc4 ; jne 0xfffc7cc4 +inc byte [ebp - 0x2a0] +jmp short loc_fffc7c96 ; jmp 0xfffc7c96 + +loc_fffc7d04: ; not directly referenced +mov al, byte [ebp - 0x2a0] +cmp al, byte [edi + 0x2489] +jae short loc_fffc7d64 ; jae 0xfffc7d64 +movzx esi, byte [ebp - 0x2a0] +mov eax, edi +mov edx, dword [ebp - 0x26c] +mov ecx, esi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +movzx edx, al +movzx eax, dx +mov dword [ebp - 0x2c4], edx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x2c4] +add esi, dword [ebp - 0x2bc] +inc byte [ebp - 0x2a0] +and byte [esi - 0x1f8], dl +neg eax +mov byte [esi - 0x22e], al +jmp short loc_fffc7d04 ; jmp 0xfffc7d04 -loc_fffc8a0b: ; not directly referenced -inc byte [ebp - 0x30] -jmp near loc_fffc893c ; jmp 0xfffc893c +loc_fffc7d64: ; not directly referenced +mov edx, dword [ebp - 0x26c] +mov ecx, 0xff +mov eax, edi +and ebx, 0xfffffff7 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffc8a13: ; not directly referenced -test esi, esi -jne loc_fffc9116 ; jne 0xfffc9116 -mov edi, dword [ebp + 8] -xor ebx, ebx -xor eax, eax -mov byte [ebp - 0x30], 0 -add edi, 0x374e +loc_fffc7d84: ; not directly referenced +inc dword [ebp - 0x26c] +add dword [ebp - 0x294], 0x13c3 +cmp dword [ebp - 0x26c], 2 +jne loc_fffc7c03 ; jne 0xfffc7c03 +mov eax, edi +mov edx, 0x11111111 +call fcn_fffac864 ; call 0xfffac864 +mov eax, dword [ebp - 0x264] +xor esi, esi +mov dword [ebp - 0x2a0], eax -loc_fffc8a2c: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x30], 1 -setbe dl -test cl, dl -je loc_fffc8aec ; je 0xfffc8aec -movzx edx, byte [ebp - 0x30] -xor eax, eax -mov ecx, dword [ebp + 8] -imul esi, edx, 0x13c3 -add ecx, esi -cmp dword [ecx + 0x3756], 2 -jne loc_fffc8ae4 ; jne 0xfffc8ae4 -lea eax, [edi + esi + 8] -test byte [ecx + 0x381a], 1 -je short loc_fffc8a94 ; je 0xfffc8a94 -mov esi, dword [ebp + 8] -cmp byte [esi + 0x247b], 0 -jne short loc_fffc8a8b ; jne 0xfffc8a8b -mov word [eax + 0x1273], bx -mov word [eax + 0x128b], bx +loc_fffc7dbb: ; not directly referenced +mov eax, dword [ebp - 0x2a0] +cmp dword [eax], 2 +jne loc_fffc7f4c ; jne 0xfffc7f4c +imul eax, esi, 0xcc +mov ebx, dword [ebp - 0x260] +mov ecx, 0xff +mov edx, esi +mov ebx, dword [ebx + eax + 0x1c] +movzx eax, byte [ebp + esi - 0x252] +or ebx, 0x100000 +and eax, 3 +and ebx, 0xff1fffff +shl eax, 0x16 +or ebx, eax +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +or ebx, 0x1000008 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, edi +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +lea eax, [esi + esi*8] +lea ecx, [ebp - 0x18] +add ecx, eax +mov byte [ebp - 0x294], 0 +mov dword [ebp - 0x2bc], eax +mov dword [ebp - 0x2c4], ecx -loc_fffc8a85: ; not directly referenced -mov word [ebp - 0x24], bx -jmp short loc_fffc8a94 ; jmp 0xfffc8a94 +loc_fffc7e3c: ; not directly referenced +mov al, byte [ebp - 0x294] +cmp al, byte [edi + 0x2489] +jae loc_fffc7f30 ; jae 0xfffc7f30 +movzx eax, byte [ebp - 0x294] +mov edx, esi +mov ecx, eax +mov dword [ebp - 0x26c], eax +mov eax, edi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +movzx ecx, al +movzx eax, cx +mov dword [ebp - 0x2cc], ecx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x2c4] +add edx, dword [ebp - 0x26c] +mov ecx, dword [ebp - 0x2cc] +or byte [edx - 0x20a], cl +add al, byte [edx - 0x22e] +mov byte [edx - 0x22e], al +cmp al, byte [edx - 0x21c] +jle short loc_fffc7eff ; jle 0xfffc7eff +mov byte [edx - 0x21c], al +mov eax, dword [ebp - 0x2c0] +lea ecx, [ebp - 0x18] +add eax, dword [ebp - 0x2bc] +add eax, ecx +mov cl, byte [ebp - 0x25c] +add eax, dword [ebp - 0x26c] +cmp byte [ebp - 0x274], 0 +mov byte [eax - 0x1b0], cl +mov byte [eax - 0x1d4], cl +jne short loc_fffc7f25 ; jne 0xfffc7f25 +mov ecx, dword [ebp - 0x2a0] +mov edx, dword [ebp - 0x26c] +mov al, byte [ebp - 0x25c] +mov byte [ecx + edx + 0x101d], al +jmp short loc_fffc7f25 ; jmp 0xfffc7f25 -loc_fffc8a8b: ; not directly referenced -mov bx, word [eax + 0x1273] -jmp short loc_fffc8a85 ; jmp 0xfffc8a85 +loc_fffc7eff: ; not directly referenced +jne short loc_fffc7f25 ; jne 0xfffc7f25 +mov eax, dword [ebp - 0x2c0] +lea ecx, [ebp - 0x18] +add eax, dword [ebp - 0x2bc] +mov edx, dword [ebp - 0x26c] +add eax, ecx +mov cl, byte [ebp - 0x25c] +mov byte [edx + eax - 0x1b0], cl -loc_fffc8a94: ; not directly referenced -imul ecx, edx, 0x13c3 -mov esi, dword [ebp + 8] -test byte [esi + ecx + 0x381a], 4 -je short loc_fffc8acd ; je 0xfffc8acd -cmp byte [esi + 0x247b], 0 -jne short loc_fffc8ac4 ; jne 0xfffc8ac4 -mov word [eax + 0x139b], bx -mov word [eax + 0x13b3], bx +loc_fffc7f25: ; not directly referenced +inc byte [ebp - 0x294] +jmp near loc_fffc7e3c ; jmp 0xfffc7e3c -loc_fffc8abe: ; not directly referenced -mov word [ebp - 0x22], bx -jmp short loc_fffc8acd ; jmp 0xfffc8acd +loc_fffc7f30: ; not directly referenced +mov ecx, 0xff +mov edx, esi +mov eax, edi +and ebx, 0xfffffff7 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffc8ac4: ; not directly referenced -mov bx, word [eax + 0x139b] -jmp short loc_fffc8abe ; jmp 0xfffc8abe +loc_fffc7f4c: ; not directly referenced +inc esi +add dword [ebp - 0x2a0], 0x13c3 +cmp esi, 2 +jne loc_fffc7dbb ; jne 0xfffc7dbb +inc byte [ebp - 0x25c] +mov al, byte [ebp - 0x27a] +cmp byte [ebp - 0x25c], al +jle loc_fffc7b59 ; jle 0xfffc7b59 +push 0 +xor ebx, ebx +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0 +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov eax, dword [ebp - 0x264] +add esp, 0x30 +mov dword [ebp - 0x25c], eax +imul eax, dword [ebp - 0x278], 0x12 +mov dword [ebp - 0x2a0], eax -loc_fffc8acd: ; not directly referenced -sub esp, 0xc -mov ecx, 4 -lea eax, [ebp - 0x24] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 +loc_fffc7fb2: ; not directly referenced +mov eax, dword [ebp - 0x25c] +mov dword [ebp + ebx*4 - 0x250], 0 +cmp dword [eax], 2 +je short loc_fffc7fdd ; je 0xfffc7fdd -loc_fffc8ae4: ; not directly referenced -inc byte [ebp - 0x30] -jmp near loc_fffc8a2c ; jmp 0xfffc8a2c +loc_fffc7fc8: ; not directly referenced +inc ebx +add dword [ebp - 0x25c], 0x13c3 +cmp ebx, 2 +jne short loc_fffc7fb2 ; jne 0xfffc7fb2 +jmp near loc_fffc8122 ; jmp 0xfffc8122 -loc_fffc8aec: ; not directly referenced -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -mov byte [ebp - 0x30], 0 -add eax, 0x374e -mov dword [ebp - 0x48], eax -mov eax, dword [ebp + 8] -imul eax, dword [eax + 0x18a7], 0x2e -mov dword [ebp - 0x4c], eax +loc_fffc7fdd: ; not directly referenced +lea eax, [ebx + ebx*8] +lea esi, [ebp - 0x18] +add esi, eax +mov byte [ebp - 0x294], 0 +mov dword [ebp - 0x29c], eax +mov dword [ebp - 0x2bc], esi -loc_fffc8b12: ; not directly referenced -test esi, esi -sete dl -cmp byte [ebp - 0x30], 1 -setbe al -test dl, al -je loc_fffc8c8a ; je 0xfffc8c8a -movzx eax, byte [ebp - 0x30] -mov edi, dword [ebp + 8] -mov dword [ebp - 0x38], eax -imul eax, eax, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffc8c80 ; jne 0xfffc8c80 -mov edi, dword [ebp - 0x48] -lea edi, [edi + eax + 8] -mov eax, dword [ebp - 0x4c] -movzx eax, word [edi + eax + 0xc] -cmp ax, 0xc -ja short loc_fffc8b5e ; ja 0xfffc8b5e -sub eax, 9 -jmp short loc_fffc8b6c ; jmp 0xfffc8b6c +loc_fffc7ff8: ; not directly referenced +mov al, byte [ebp - 0x294] +cmp al, byte [edi + 0x2489] +jae short loc_fffc7fc8 ; jae 0xfffc7fc8 +mov ecx, dword [ebp - 0x2a0] +lea eax, [ebp - 0x18] +add ecx, dword [ebp - 0x29c] +movzx esi, byte [ebp - 0x294] +add ecx, eax +add ecx, esi +mov dl, byte [ecx - 0x1d4] +mov al, byte [ecx - 0x1b0] +sub eax, edx +mov byte [ecx - 0x168], al +mov cl, 2 +cbw +idiv cl +add eax, edx +cmp dword [ebp - 0x268], 0 +mov dl, al +je short loc_fffc807b ; je 0xfffc807b +mov ecx, dword [ebp - 0x2bc] +mov byte [esi + ecx - 0x1e6], al +movsx eax, al +push 0 +push 0 +push 0 +push 0 +push esi +push 0xff +push ebx +push 0 +push 0 +push eax +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +jmp near loc_fffc8117 ; jmp 0xfffc8117 -loc_fffc8b5e: ; not directly referenced -sub eax, 0xe -mov ecx, 2 -cdq -idiv ecx -or eax, 4 +loc_fffc807b: ; not directly referenced +cmp byte [ebp - 0x274], 0 +jne short loc_fffc8091 ; jne 0xfffc8091 +lea eax, [edx - 1] +test dl, dl +lea ecx, [edx + 1] +cmovns eax, ecx +mov dl, al -loc_fffc8b6c: ; not directly referenced -and eax, 7 -lea ebx, [eax*8] -imul eax, dword [ebp - 0x38], 0x13c3 -add eax, dword [ebp + 8] -mov dword [ebp - 0x3c], 0 -mov dword [ebp - 0x40], eax -movzx eax, byte [ebp - 0x30] -mov dword [ebp - 0x44], eax +loc_fffc8091: ; not directly referenced +movsx eax, dl +mov cl, 2 +add dword [ebp + ebx*4 - 0x250], eax +movsx ax, dl +idiv cl +mov ecx, dword [ebp - 0x25c] +mov edx, dword [ebp - 0x2a0] +add edx, dword [ebp - 0x29c] +mov dword [ebp - 0x26c], 0 +mov byte [ecx + esi + 0x101d], al +lea ecx, [ebp - 0x18] +add edx, ecx +mov byte [esi + edx - 0x18c], al -loc_fffc8b91: ; not directly referenced -mov esi, dword [ebp - 0x3c] -mov eax, esi -mov ecx, esi -mov byte [ebp - 0x34], al +loc_fffc80d2: ; not directly referenced +mov cl, byte [ebp - 0x26c] mov eax, 1 +mov edx, dword [ebp - 0x25c] shl eax, cl -mov ecx, dword [ebp - 0x40] -test byte [ecx + 0x381a], al -je loc_fffc8c54 ; je 0xfffc8c54 -mov eax, dword [ebp + 8] -cmp byte [eax + 0x247b], 0 -je short loc_fffc8bd4 ; je 0xfffc8bd4 -mov eax, esi -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -mov bx, word [edi + eax + 0x126f] -jmp short loc_fffc8c47 ; jmp 0xfffc8c47 +test byte [edx + 0xc4], al +je short loc_fffc8108 ; je 0xfffc8108 +push ecx +mov ecx, dword [ebp - 0x26c] +mov edx, ebx +push 0 +mov eax, edi +push 0xff +push esi +call fcn_fffa7447 ; call 0xfffa7447 +add esp, 0x10 -loc_fffc8bd4: ; not directly referenced -mov edx, dword [ebp - 0x38] -mov eax, dword [ebp + 8] -call fcn_fffa6c42 ; call 0xfffa6c42 -test eax, eax -je loc_fffc8ec5 ; je 0xfffc8ec5 -mov dl, byte [eax] -cmp dl, 0x78 -je short loc_fffc8c08 ; je 0xfffc8c08 -ja short loc_fffc8bf7 ; ja 0xfffc8bf7 -mov al, 4 -cmp dl, 0x50 -jmp short loc_fffc8c02 ; jmp 0xfffc8c02 +loc_fffc8108: ; not directly referenced +inc dword [ebp - 0x26c] +cmp dword [ebp - 0x26c], 4 +jne short loc_fffc80d2 ; jne 0xfffc80d2 -loc_fffc8bf7: ; not directly referenced -mov al, 2 -cmp dl, 0xf0 -je short loc_fffc8c0a ; je 0xfffc8c0a -mov al, 3 -inc dl +loc_fffc8117: ; not directly referenced +inc byte [ebp - 0x294] +jmp near loc_fffc7ff8 ; jmp 0xfffc7ff8 + +loc_fffc8122: ; not directly referenced +cmp dword [ebp - 0x290], 0 +sete al +or al, byte [ebp - 0x268] +jne loc_fffc81ea ; jne 0xfffc81ea +cmp byte [ebp - 0x274], 1 +je loc_fffc81ea ; je 0xfffc81ea +mov eax, dword [ebp - 0x264] +lea edx, [ebp - 0x180] +lea ecx, [ebp - 0x1a4] +mov dword [ebp - 0x25c], eax -loc_fffc8c02: ; not directly referenced -je short loc_fffc8c0a ; je 0xfffc8c0a +loc_fffc815d: ; not directly referenced +mov eax, dword [ebp - 0x25c] +cmp dword [eax], 2 +jne short loc_fffc81cc ; jne 0xfffc81cc +mov al, byte [edi + 0x2489] +mov byte [ebp - 0x26c], al xor eax, eax -jmp short loc_fffc8c0a ; jmp 0xfffc8c0a -loc_fffc8c08: ; not directly referenced -mov al, 1 +loc_fffc8176: ; not directly referenced +cmp byte [ebp - 0x26c], al +jbe short loc_fffc81cc ; jbe 0xfffc81cc +cmp dword [ebp - 0x284], 0 +je short loc_fffc81c9 ; je 0xfffc81c9 +movsx esi, byte [edx + eax + 0x12] +movsx ebx, byte [edx + eax] +sub ebx, esi +mov esi, ebx +sar esi, 0x1f +xor ebx, esi +sub ebx, esi +cmp ebx, 4 +jle short loc_fffc81c9 ; jle 0xfffc81c9 +movsx esi, byte [ecx + eax + 0x12] +movsx ebx, byte [ecx + eax] +sub ebx, esi +mov esi, ebx +sar esi, 0x1f +xor ebx, esi +sub ebx, esi +mov esi, 5 +cmp ebx, 3 +cmovl esi, dword [ebp - 0x270] +mov dword [ebp - 0x270], esi -loc_fffc8c0a: ; not directly referenced -shl eax, 9 -and bh, 0xf1 -mov edx, dword [ebp - 0x44] -or ebx, eax -mov al, byte [ebp - 0x34] -sub esp, 0xc -shr al, 1 -movzx esi, al -movzx eax, bx -mov ecx, esi -imul esi, esi, 0x128 -push eax -mov eax, dword [ebp + 8] -add esi, edi -call fcn_fffa8733 ; call 0xfffa8733 -add esp, 0x10 -mov word [esi + 0x126f], bx -mov word [esi + 0x1287], bx +loc_fffc81c9: ; not directly referenced +inc eax +jmp short loc_fffc8176 ; jmp 0xfffc8176 -loc_fffc8c47: ; not directly referenced -mov al, byte [ebp - 0x34] -shr al, 1 -movzx eax, al -mov word [ebp + eax*2 - 0x24], bx +loc_fffc81cc: ; not directly referenced +add edx, 9 +add ecx, 9 +lea eax, [ebp - 0x16e] +add dword [ebp - 0x25c], 0x13c3 +cmp edx, eax +jne loc_fffc815d ; jne 0xfffc815d -loc_fffc8c54: ; not directly referenced -add dword [ebp - 0x3c], 2 -cmp dword [ebp - 0x3c], 4 -jne loc_fffc8b91 ; jne 0xfffc8b91 -sub esp, 0xc -mov edx, dword [ebp - 0x38] -mov ecx, 2 -lea eax, [ebp - 0x24] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -mov esi, eax -jmp short loc_fffc8c82 ; jmp 0xfffc8c82 +loc_fffc81ea: ; not directly referenced +dec dword [ebp - 0x278] +cmp dword [ebp - 0x278], 0xffffffff +jne loc_fffc7a08 ; jne 0xfffc7a08 +cmp dword [ebp - 0x290], 1 +jne loc_fffc8321 ; jne 0xfffc8321 +cmp dword [ebp - 0x270], 5 +mov eax, 5 +sete cl +cmp dword [ebp - 0x284], 0 +setne dl +test cl, dl +jne loc_fffc8a14 ; jne 0xfffc8a14 +cmp dword [ebp - 0x28c], 3 +seta al +test byte [ebp - 0x27b], al +jne short loc_fffc8258 ; jne 0xfffc8258 +cmp dword [ebp - 0x28c], 0 +setne dl +cmp dword [ebp - 0x2b0], 0x40670 +sete al +test dl, al +je short loc_fffc82ca ; je 0xfffc82ca -loc_fffc8c80: ; not directly referenced -xor esi, esi +loc_fffc8258: ; not directly referenced +mov eax, dword [ebp - 0x250] +movzx ecx, byte [edi + 0x2489] +add eax, dword [ebp - 0x24c] +add ecx, ecx +cdq +idiv ecx +mov dword [ebp - 0x250], eax -loc_fffc8c82: ; not directly referenced -inc byte [ebp - 0x30] -jmp near loc_fffc8b12 ; jmp 0xfffc8b12 +loc_fffc8276: ; not directly referenced +cmp dword [edi + 0x3757], 2 +mov eax, dword [ebp - 0x250] +jne short loc_fffc8291 ; jne 0xfffc8291 +mov ebx, dword [ebp - 0x260] +mov dword [ebx + 0xe3], eax -loc_fffc8c8a: ; not directly referenced -test esi, esi -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -call fcn_fffac67c ; call 0xfffac67c -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -mov edx, 1 -call fcn_fffb14e1 ; call 0xfffb14e1 -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -xor ecx, ecx -mov edx, 3 -call fcn_fffb1bed ; call 0xfffb1bed -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -mov byte [eax + 0x247d], 1 -jmp near loc_fffc9116 ; jmp 0xfffc9116 +loc_fffc8291: ; not directly referenced +cmp dword [edi + 0x4b1a], 2 +jne short loc_fffc82a6 ; jne 0xfffc82a6 +mov ebx, dword [ebp - 0x260] +mov dword [ebx + 0x1af], eax -loc_fffc8ce3: ; not directly referenced -mov edi, dword [ebp + 8] -xor eax, eax -mov byte [ebp - 0x30], 0 -add edi, 0x374e -mov dword [ebp - 0x4c], edi -mov edi, dword [ebp + 8] -imul edi, dword [edi + 0x18a7], 0x2e -mov dword [ebp - 0x50], edi +loc_fffc82a6: ; not directly referenced +mov esi, dword [ebp - 0x260] +mov ebx, eax +cmp dword [ebp - 0x288], 0 +mov dword [esi + 0x1b4], eax +je short loc_fffc82d6 ; je 0xfffc82d6 +mov ebx, 3 +cmp eax, 3 +cmovle ebx, eax +jmp short loc_fffc82d6 ; jmp 0xfffc82d6 -loc_fffc8d02: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x30], 1 -setbe dl -test cl, dl -je loc_fffc8eb2 ; je 0xfffc8eb2 -movzx eax, byte [ebp - 0x30] -imul edx, eax, 0x13c3 -mov dword [ebp - 0x34], eax -mov eax, dword [ebp + 8] -add eax, edx -cmp dword [eax + 0x3756], 2 -jne loc_fffc8ea8 ; jne 0xfffc8ea8 -mov edi, dword [ebp - 0x4c] -mov dword [ebp - 0x44], eax -mov eax, dword [ebp - 0x34] -lea esi, [edi + edx + 8] -mov edi, dword [ebp - 0x50] -mov dword [ebp - 0x48], eax -mov di, word [esi + edi + 0xc] -mov word [ebp - 0x38], di -mov edi, dword [ebp - 0x38] -mov dword [ebp - 0x38], 0 -lea ebx, [edi - 5] -and ebx, 7 -shl ebx, 3 +loc_fffc82ca: ; not directly referenced +mov dword [ebp - 0x250], 0xfffffff0 +jmp short loc_fffc8276 ; jmp 0xfffc8276 -loc_fffc8d64: ; not directly referenced -mov edi, dword [ebp - 0x38] -mov eax, edi -mov ecx, edi -mov edi, dword [ebp - 0x44] -mov byte [ebp - 0x3c], al -mov eax, 1 -shl eax, cl -test byte [edi + 0x381a], al -je loc_fffc8e7e ; je 0xfffc8e7e -mov eax, dword [ebp + 8] -cmp byte [eax + 0x247b], 0 -je short loc_fffc8daa ; je 0xfffc8daa -mov al, cl -shr al, 1 -movzx eax, al -imul eax, eax, 0x128 -mov bx, word [esi + eax + 0x126f] -jmp near loc_fffc8e71 ; jmp 0xfffc8e71 +loc_fffc82d6: ; not directly referenced +push 1 +push 0 +push 0 +push 0xff +push ebx +push 1 +push 0 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 +push 1 +push 0 +push 0 +push 0xff +push ebx +push 1 +push 1 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 +push 0 +push 0 +push 0 +push 0xff +push ebx +push 1 +push 2 +push edi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 -loc_fffc8daa: ; not directly referenced -mov al, byte [ebp - 0x3c] -shr al, 1 -movzx edi, al -mov byte [ebp - 0x40], al -imul eax, edi, 0x128 -cmp byte [esi + eax + 0x1243], 1 -jne short loc_fffc8de3 ; jne 0xfffc8de3 -mov eax, dword [ebp + 8] -cmp byte [eax + 0x190d], 0 -je short loc_fffc8df8 ; je 0xfffc8df8 -cmp dword [eax + 0x36cb], 1 -jne short loc_fffc8df8 ; jne 0xfffc8df8 -cmp byte [eax + 0x247f], 1 -je short loc_fffc8df8 ; je 0xfffc8df8 +loc_fffc8321: ; not directly referenced +mov eax, dword [ebp - 0x2a4] +lea ebx, [ebp - 0x15c] +push edx +push 0 +push 0xa2 +push ebx +call dword [eax + 0x5c] ; ucall +add esp, 0xc +mov eax, dword [ebp - 0x2a4] +push 0 +push 0xa2 +lea esi, [ebp - 0xba] +push esi +call dword [eax + 0x5c] ; ucall +add esp, 0x10 +cmp dword [ebp - 0x288], 1 +mov dword [ebp - 0x260], 1 +mov dword [ebp - 0x290], esi +sbb eax, eax +mov dword [ebp - 0x270], eax +add byte [ebp - 0x270], 9 +mov dword [ebp - 0x294], ebx -loc_fffc8de3: ; not directly referenced -imul eax, edi, 0x128 -cmp byte [esi + eax + 0x1242], 1 -sete al +loc_fffc8382: ; not directly referenced +mov al, byte [ebp - 0x260] +xor ecx, ecx xor edx, edx -jmp short loc_fffc8dfc ; jmp 0xfffc8dfc +mov byte [ebp - 0x278], al -loc_fffc8df8: ; not directly referenced -xor eax, eax -mov dl, 1 +loc_fffc8392: ; not directly referenced +mov eax, dword [ebp - 0x260] +shl eax, cl +add ecx, 4 +add edx, eax +cmp ecx, 0x20 +jne short loc_fffc8392 ; jne 0xfffc8392 +mov eax, edi +call fcn_fffac864 ; call 0xfffac864 +mov eax, dword [ebp - 0x2a8] +mov dword [ebp - 0x25c], 0 +mov dword [ebp - 0x274], eax +mov eax, dword [ebp - 0x260] +and eax, 0xf +mov dword [ebp - 0x284], eax +shl dword [ebp - 0x284], 9 -loc_fffc8dfc: ; not directly referenced -and edx, 1 -and bl, 0x3f -shl edx, 6 -and eax, 1 -shl eax, 7 -or ebx, edx -mov edx, dword [ebp - 0x34] +loc_fffc83d7: ; not directly referenced +imul eax, dword [ebp - 0x25c], 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffc85c8 ; jne 0xfffc85c8 +cmp dword [ebp - 0x288], 0 +jne short loc_fffc8462 ; jne 0xfffc8462 + +loc_fffc83f8: ; not directly referenced +mov esi, dword [ebp - 0x25c] +mov ecx, 0xff +mov eax, dword [ebp - 0x274] +mov edx, esi +mov ebx, dword [eax] +movzx eax, byte [ebp + esi - 0x252] +or ebx, 0x100000 +and eax, 3 +and ebx, 0xff1fffff +shl eax, 0x16 or ebx, eax -mov eax, dword [ebp + 8] -mov ecx, edi -call fcn_fffa69ea ; call 0xfffa69ea -test eax, eax -je loc_fffc8ec5 ; je 0xfffc8ec5 -movzx eax, byte [eax] -xor edx, edx -cmp al, 0x78 -ja short loc_fffc8e37 ; ja 0xfffc8e37 -mov cl, 0x3c -div cl -test ah, 0x3f -cmove edx, eax +mov eax, edi +call fcn_fffa7236 ; call 0xfffa7236 +or ebx, 0x1000008 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, edi +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +imul eax, esi, 0x51 +mov byte [ebp - 0x26c], 0 +mov dword [ebp - 0x28c], eax +jmp near loc_fffc853e ; jmp 0xfffc853e -loc_fffc8e37: ; not directly referenced -and edx, 3 -and bh, 0xf9 -movzx ecx, byte [ebp - 0x40] -shl edx, 9 -sub esp, 0xc -or ebx, edx -mov edx, dword [ebp - 0x48] -movzx eax, bx -imul edi, edi, 0x128 -push eax -mov eax, dword [ebp + 8] -add edi, esi -call fcn_fffa8733 ; call 0xfffa8733 -add esp, 0x10 -mov word [edi + 0x126f], bx -mov word [edi + 0x1287], bx +loc_fffc8462: ; not directly referenced +mov byte [ebp - 0x26c], 0 -loc_fffc8e71: ; not directly referenced -mov al, byte [ebp - 0x3c] -shr al, 1 -movzx eax, al -mov word [ebp + eax*2 - 0x24], bx +loc_fffc8469: ; not directly referenced +mov al, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc83f8 ; jae 0xfffc83f8 +movzx esi, byte [ebp - 0x26c] +mov eax, dword [ebp - 0x274] +mov ecx, dword [ebp - 0x298] +mov edx, dword [ebp - 0x25c] +lea eax, [eax + esi*4] +mov dword [ebp - 0x280], eax +mov eax, dword [eax + 0x28] +and ah, 0xe1 +or eax, dword [ebp - 0x284] +or eax, 0x60 +mov ebx, eax +and eax, 0xfffffe7f +and ebx, 0xffbffe7f +test ecx, ecx +mov ecx, dword [ebp - 0x2b4] +cmove ebx, eax +mov eax, ebx +and eax, 0xffdfffff +test ecx, ecx +mov ecx, esi +cmovne ebx, eax +mov eax, edi +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x2b8], 0 +je short loc_fffc8510 ; je 0xfffc8510 +mov edx, dword [ebp - 0x25c] +mov ecx, esi +mov eax, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov esi, dword [ebp - 0x280] +mov ecx, dword [esi + 4] +mov edx, eax +mov eax, edi +and ecx, 0xc7ffffff +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc8e7e: ; not directly referenced -add dword [ebp - 0x38], 2 -cmp dword [ebp - 0x38], 4 -jne loc_fffc8d64 ; jne 0xfffc8d64 -sub esp, 0xc -mov edx, dword [ebp - 0x34] -mov ecx, 2 -lea eax, [ebp - 0x24] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffc8eaa ; jmp 0xfffc8eaa +loc_fffc8510: ; not directly referenced +inc byte [ebp - 0x26c] +jmp near loc_fffc8469 ; jmp 0xfffc8469 -loc_fffc8ea8: ; not directly referenced -xor eax, eax +loc_fffc851b: ; not directly referenced +mov eax, dword [ebp - 0x280] +bt eax, edx +jae short loc_fffc8597 ; jae 0xfffc8597 +mov al, byte [ebp - 0x278] +mov byte [ecx + edx], al -loc_fffc8eaa: ; not directly referenced -inc byte [ebp - 0x30] -jmp near loc_fffc8d02 ; jmp 0xfffc8d02 +loc_fffc852f: ; not directly referenced +inc edx +cmp byte [ebp - 0x270], dl +ja short loc_fffc851b ; ja 0xfffc851b +inc byte [ebp - 0x26c] + +loc_fffc853e: ; not directly referenced +mov al, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc85a8 ; jae 0xfffc85a8 +movzx esi, byte [ebp - 0x26c] +mov eax, edi +mov edx, dword [ebp - 0x25c] +mov ecx, esi +call fcn_fffa75c5 ; call 0xfffa75c5 +lea esi, [esi + esi*8] +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +xor edx, edx +add esi, dword [ebp - 0x28c] +mov dword [ebp - 0x280], eax +mov eax, dword [ebp - 0x290] +and dword [ebp - 0x280], 0x1ff +lea ecx, [eax + esi] +add esi, dword [ebp - 0x294] +jmp short loc_fffc851b ; jmp 0xfffc851b -loc_fffc8eb2: ; not directly referenced -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -xor eax, eax -xor ebx, ebx -lea edi, [ebp - 0x24] -jmp short loc_fffc8f07 ; jmp 0xfffc8f07 +loc_fffc8597: ; not directly referenced +cmp byte [esi + edx], 0 +jne short loc_fffc852f ; jne 0xfffc852f +mov al, byte [ebp - 0x278] +mov byte [esi + edx], al +jmp short loc_fffc852f ; jmp 0xfffc852f -loc_fffc8ec5: ; not directly referenced -mov esi, 1 -jmp near loc_fffc9116 ; jmp 0xfffc9116 +loc_fffc85a8: ; not directly referenced +mov edx, dword [ebp - 0x25c] +mov ecx, 0xff +mov eax, edi +and ebx, 0xfffffff7 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, ebx +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffc8ecf: ; not directly referenced -movzx edx, bl -mov esi, dword [ebp + 8] -xor eax, eax -imul ecx, edx, 0x13c3 -cmp dword [esi + ecx + 0x3756], 2 -jne short loc_fffc8f06 ; jne 0xfffc8f06 -sub esp, 0xc -mov ecx, 3 -push edi +loc_fffc85c8: ; not directly referenced +inc dword [ebp - 0x25c] +add dword [ebp - 0x274], 0xcc +cmp dword [ebp - 0x25c], 2 +jne loc_fffc83d7 ; jne 0xfffc83d7 +inc dword [ebp - 0x260] +cmp dword [ebp - 0x260], 0x10 +jne loc_fffc8382 ; jne 0xfffc8382 +mov eax, dword [ebp - 0x2a8] +mov dword [ebp - 0x25c], 0 +mov dword [ebp - 0x280], eax +mov eax, dword [ebp - 0x264] +mov dword [ebp - 0x260], eax + +loc_fffc861a: ; not directly referenced +mov eax, dword [ebp - 0x260] +cmp dword [eax], 2 +je short loc_fffc864d ; je 0xfffc864d + +loc_fffc8625: ; not directly referenced +inc dword [ebp - 0x25c] +add dword [ebp - 0x260], 0x13c3 +add dword [ebp - 0x280], 0xcc +cmp dword [ebp - 0x25c], 2 +jne short loc_fffc861a ; jne 0xfffc861a +jmp near loc_fffc87fb ; jmp 0xfffc87fb + +loc_fffc864d: ; not directly referenced +mov esi, dword [ebp - 0x25c] +mov byte [ebp - 0x26c], 0 +imul ebx, esi, 0x51 mov eax, esi -mov word [ebp - 0x24], 0 -mov word [ebp - 0x22], 0 -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 +shl eax, 8 +mov dword [ebp - 0x29c], eax +add eax, 0x4c +mov dword [ebp - 0x28c], eax +mov dword [ebp - 0x284], ebx -loc_fffc8f06: ; not directly referenced -inc ebx +loc_fffc8677: ; not directly referenced +movzx eax, byte [ebp - 0x26c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc8625 ; jae 0xfffc8625 +mov ebx, eax +mov dword [ebp - 0x274], eax +lea eax, [eax + eax*8] +add eax, dword [ebp - 0x284] +lea esi, [ebp - 0x15c] +mov dword [ebp - 0x278], 0 +add esi, eax +mov dword [ebp - 0x294], esi +lea esi, [ebp - 0xba] +add eax, esi +mov dword [ebp - 0x290], eax +imul eax, ebx, 0x18 +xor ebx, ebx +mov dword [ebp - 0x2a0], eax -loc_fffc8f07: ; not directly referenced -test eax, eax -sete cl -cmp bl, 1 -setbe dl -test cl, dl -jne short loc_fffc8ecf ; jne 0xfffc8ecf -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -call fcn_fffb1a87 ; call 0xfffb1a87 -mov esi, eax -test eax, eax -jne loc_fffc9116 ; jne 0xfffc9116 -lea edi, [ebp - 0x24] -mov esi, ref_fffd5abc ; mov esi, 0xfffd5abc -mov ecx, 3 -mov ebx, 0x100 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [ebp + 8] +loc_fffc86c8: ; not directly referenced +mov eax, dword [ebp - 0x294] +mov dl, byte [eax + ebx] +mov eax, dword [ebp - 0x290] +movsx ecx, byte [eax + ebx] +mov al, 0xf +test dl, dl +je short loc_fffc86f4 ; je 0xfffc86f4 xor eax, eax -mov byte [ebp - 0x34], 0 -add edi, 0x374e -mov dword [ebp - 0x3c], edi -mov edi, dword [ebp + 8] -imul edi, dword [edi + 0x18a7], 0x2e -mov dword [ebp - 0x40], edi - -loc_fffc8f65: ; not directly referenced -test eax, eax -sete cl -cmp byte [ebp - 0x34], 1 -setbe dl -test cl, dl -je loc_fffc90e3 ; je 0xfffc90e3 -movzx eax, byte [ebp - 0x34] -mov edi, dword [ebp + 8] -mov dword [ebp - 0x38], eax -imul eax, eax, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffc90d9 ; jne 0xfffc90d9 -mov edi, dword [ebp - 0x3c] -lea edi, [edi + eax + 8] -mov eax, dword [ebp - 0x40] -add eax, edi -mov cx, word [eax + 0xa] -movzx eax, word [eax + 0x2a] -mov word [ebp - 0x30], cx -cmp ax, 4 -jbe loc_fffc90eb ; jbe 0xfffc90eb -cmp ax, 0xa -setne cl -cmp ax, 8 -seta dl -test cl, dl -je short loc_fffc8fe0 ; je 0xfffc8fe0 -mov edx, eax -and edx, 0xfffffffd -cmp dx, 0xc -je short loc_fffc8fe0 ; je 0xfffc8fe0 -cmp ax, 0x10 -jne loc_fffc90eb ; jne 0xfffc90eb +test cl, cl +je short loc_fffc86f4 ; je 0xfffc86f4 +movsx eax, dl +mov esi, 2 +add eax, ecx +cdq +idiv esi -loc_fffc8fe0: ; not directly referenced -mov esi, dword [ebp - 0x30] -movzx eax, byte [ebp + eax - 0x29] -cmp si, 0xc -sbb ecx, ecx -and ebx, 0xffffff8b -mov esi, ebx -mov bl, byte [ebp - 0x30] -mov edx, ecx -and edx, 0xfffffff8 -and eax, 7 -add edx, 0xc -lea ecx, [ecx*4 + 4] -sub ebx, edx -and ecx, 4 -mov dl, bl -or esi, ecx -and edx, 7 -shl edx, 4 -or esi, edx -shl eax, 9 -and si, 0xf1ff -or esi, eax -mov eax, dword [ebp + 8] -mov ebx, esi -mov al, byte [eax + 0x1906] +loc_fffc86f4: ; not directly referenced +cmp dword [ebp - 0x288], 0 +je short loc_fffc8755 ; je 0xfffc8755 +cmp bl, 8 +jne short loc_fffc8755 ; jne 0xfffc8755 +mov dl, 0xf cmp al, 6 -setne cl -cmp al, 1 -seta dl -and bh, 0xef -test cl, dl -jne short loc_fffc904c ; jne 0xfffc904c -cmp al, 1 -setbe al -and eax, 1 -shl eax, 0xc -or ebx, eax - -loc_fffc904c: ; not directly referenced -imul eax, dword [ebp - 0x38], 0x13c3 -mov esi, dword [ebp + 8] -test byte [esi + eax + 0x381a], 1 -je short loc_fffc9086 ; je 0xfffc9086 -cmp byte [esi + 0x247b], 0 -jne short loc_fffc907d ; jne 0xfffc907d -mov word [edi + 0x126b], bx -mov word [edi + 0x1283], bx +jg short loc_fffc870e ; jg 0xfffc870e +lea edx, [eax + 8] +and edx, 0xf -loc_fffc9077: ; not directly referenced -mov word [ebp - 0x28], bx -jmp short loc_fffc9086 ; jmp 0xfffc9086 +loc_fffc870e: ; not directly referenced +mov eax, dword [ebp - 0x274] +and edx, 0xf +mov esi, dword [ebp - 0x280] +add edx, edx +lea ecx, [eax + 8] +mov al, byte [esi + ecx*4 + 9] +and eax, 0xffffffe1 +or eax, edx +mov byte [esi + ecx*4 + 9], al -loc_fffc907d: ; not directly referenced -mov bx, word [edi + 0x126b] -jmp short loc_fffc9077 ; jmp 0xfffc9077 +loc_fffc872f: ; not directly referenced +mov eax, dword [ebp - 0x274] +mov esi, dword [ebp - 0x28c] +shl eax, 9 +lea ebx, [eax + esi] +mov dword [ebp - 0x274], ebx +mov ebx, dword [ebp - 0x29c] +lea esi, [ebx + eax + 0x50] +xor ebx, ebx +jmp short loc_fffc879f ; jmp 0xfffc879f -loc_fffc9086: ; not directly referenced -imul eax, dword [ebp - 0x38], 0x13c3 -mov ecx, dword [ebp + 8] -test byte [ecx + eax + 0x381a], 4 -je short loc_fffc90c0 ; je 0xfffc90c0 -cmp byte [ecx + 0x247b], 0 -jne short loc_fffc90b7 ; jne 0xfffc90b7 -mov word [edi + 0x1393], bx -mov word [edi + 0x13ab], bx +loc_fffc8755: ; not directly referenced +mov edx, eax +lea esi, [ebx + ebx*2] +and edx, 0xf +add esi, dword [ebp - 0x2a0] +add esi, dword [ebp - 0x260] +lea ecx, [ebx*4] +shl edx, cl +add dword [ebp - 0x278], edx +xor edx, edx -loc_fffc90b1: ; not directly referenced -mov word [ebp - 0x26], bx -jmp short loc_fffc90c0 ; jmp 0xfffc90c0 +loc_fffc877a: ; not directly referenced +imul ecx, edx, 0xd8 +inc edx +mov byte [esi + ecx + 0x942], al +cmp byte [ebp - 0x279], dl +ja short loc_fffc877a ; ja 0xfffc877a +inc ebx +cmp byte [ebp - 0x270], bl +ja loc_fffc86c8 ; ja 0xfffc86c8 +jmp short loc_fffc872f ; jmp 0xfffc872f -loc_fffc90b7: ; not directly referenced -mov bx, word [edi + 0x1393] -jmp short loc_fffc90b1 ; jmp 0xfffc90b1 +loc_fffc879f: ; not directly referenced +mov eax, dword [edi + 0x188b] +mov edx, dword [ebp - 0x274] +test eax, eax +je short loc_fffc87b5 ; je 0xfffc87b5 +xor edx, edx +dec eax +cmove edx, esi -loc_fffc90c0: ; not directly referenced +loc_fffc87b5: ; not directly referenced +mov ecx, dword [ebp - 0x278] +mov eax, edi +inc ebx +add esi, 4 +call fcn_fffb3381 ; call 0xfffb3381 +cmp bl, byte [ebp - 0x279] +jb short loc_fffc879f ; jb 0xfffc879f sub esp, 0xc -mov edx, dword [ebp - 0x38] -xor ecx, ecx -lea eax, [ebp - 0x28] -push eax -mov eax, dword [ebp + 8] -call fcn_fffb14b3 ; call 0xfffb14b3 -add esp, 0x10 -jmp short loc_fffc90db ; jmp 0xfffc90db +mov edx, dword [ebp - 0x25c] +mov ecx, 1 +push 0 +mov eax, edi +push 1 +push 0 +push 0 +push 0 +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +inc byte [ebp - 0x26c] +jmp near loc_fffc8677 ; jmp 0xfffc8677 -loc_fffc90d9: ; not directly referenced -xor eax, eax +loc_fffc87fb: ; not directly referenced +cmp dword [ebp - 0x268], 0 +jne short loc_fffc8854 ; jne 0xfffc8854 -loc_fffc90db: ; not directly referenced -inc byte [ebp - 0x34] -jmp near loc_fffc8f65 ; jmp 0xfffc8f65 +loc_fffc8804: ; not directly referenced +cmp dword [ebp - 0x298], 0 +je loc_fffc894e ; je 0xfffc894e +mov ecx, dword [ebp - 0x2ac] +mov eax, edi +mov edx, 0x3a28 +or ecx, 2 +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x5f08 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5f08 +or ah, 1 +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0xe1 +mov eax, edi +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp near loc_fffc894e ; jmp 0xfffc894e -loc_fffc90e3: ; not directly referenced -mov esi, eax -test eax, eax -jne short loc_fffc9116 ; jne 0xfffc9116 -jmp short loc_fffc90f2 ; jmp 0xfffc90f2 +loc_fffc8854: ; not directly referenced +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0 +push 4 +push edi +call fcn_fffcd268 ; call 0xfffcd268 +mov ebx, dword [ebp - 0x264] +add esp, 0x30 +mov dword [ebp - 0x260], 0 -loc_fffc90eb: ; not directly referenced -mov esi, 0xd -jmp short loc_fffc9116 ; jmp 0xfffc9116 +loc_fffc8883: ; not directly referenced +cmp dword [ebx], 2 +je short loc_fffc88a3 ; je 0xfffc88a3 -loc_fffc90f2: ; not directly referenced -mov eax, dword [ebp + 8] -xor ecx, ecx -mov edx, 3 -call fcn_fffb1bed ; call 0xfffb1bed -mov esi, eax -test eax, eax -jne short loc_fffc9116 ; jne 0xfffc9116 -mov eax, dword [ebp + 8] -xor ecx, ecx -mov edx, 0x4d94 -call fcn_fffae58c ; call 0xfffae58c +loc_fffc8888: ; not directly referenced +inc dword [ebp - 0x260] +add ebx, 0x13c3 +cmp dword [ebp - 0x260], 2 +je loc_fffc8804 ; je 0xfffc8804 +jmp short loc_fffc8883 ; jmp 0xfffc8883 -loc_fffc9116: ; not directly referenced -mov eax, dword [ebp + 8] -mov byte [eax + 0x247b], 1 +loc_fffc88a3: ; not directly referenced +imul eax, dword [ebp - 0x260], 9 +lea edx, [ebp - 0x18] +mov byte [ebp - 0x264], 0 +add eax, edx +mov dword [ebp - 0x268], eax -loc_fffc9120: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, esi -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffc88bc: ; not directly referenced +mov al, byte [ebp - 0x264] +cmp al, byte [edi + 0x2489] +jae short loc_fffc8888 ; jae 0xfffc8888 +movzx esi, byte [ebp - 0x264] +mov eax, dword [ebp - 0x268] +mov dword [ebp - 0x25c], 0 +mov dl, byte [esi + eax - 0x1e6] +test dl, dl +lea eax, [edx - 1] +lea ecx, [edx + 1] +mov dl, 2 +cmovns eax, ecx +cbw +idiv dl +mov byte [ebx + esi + 0x101d], al -fcn_fffc912a: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax +loc_fffc8900: ; not directly referenced +mov cl, byte [ebp - 0x25c] +mov eax, 1 +shl eax, cl +test byte [ebx + 0xc4], al +je short loc_fffc8934 ; je 0xfffc8934 +mov ecx, dword [ebp - 0x25c] +push eax +mov edx, dword [ebp - 0x260] +mov eax, edi +push 0 +push 0xff push esi -mov esi, edx -push ebx -sub esp, 0x50 -mov eax, dword [ebp + 8] -push 1 -push 7 -mov dword [ebp - 0x48], eax -mov eax, dword [edi + 0x2443] -mov byte [ebp - 0x49], dl -lea edx, [ebp - 0x27] -push edx -mov byte [ebp - 0x4b], cl -call dword [eax + 0x5c] ; ucall -mov ecx, esi +call fcn_fffa7447 ; call 0xfffa7447 add esp, 0x10 -movzx esi, cl -xor eax, eax -lea edx, [edi + 0x3756] -mov dword [ebp - 0x40], esi - -loc_fffc9167: ; not directly referenced -mov esi, dword [ebp - 0x40] -bt esi, eax -jae loc_fffc9234 ; jae 0xfffc9234 -mov esi, dword [edx + 0x109] -mov ecx, dword [edx + 0x111] -mov dword [ebp + eax*4 - 0x20], 0 -mov dword [ebp - 0x3c], esi -mov ebx, esi -mov esi, dword [edx + 0x11d] -cmp byte [edx + 0x11d], bl -mov bl, byte [ebp - 0x3c] -cmovg esi, ebx -mov ebx, esi -cmp bl, cl -cmovg esi, ecx -mov ebx, esi -cmp bl, byte [edx + 0x115] -mov bl, byte [edx + 0x115] -cmovg esi, ebx -mov ebx, esi -mov esi, dword [edx + 0x11d] -mov byte [ebp + eax - 0x2f], bl -mov bl, byte [ebp - 0x3c] -cmp byte [edx + 0x11d], bl -cmovge ebx, esi -mov esi, dword [edx + 0x115] -cmp bl, cl -cmovl ebx, ecx -mov cl, byte [edx + 0xc4] -cmp bl, byte [edx + 0x115] -cmovl ebx, esi -mov byte [ebp - 0x44], cl -xor ecx, ecx -mov byte [ebp + eax - 0x2d], bl - -loc_fffc91f1: ; not directly referenced -mov ebx, 1 -shl ebx, cl -test byte [ebp - 0x44], bl -je short loc_fffc922c ; je 0xfffc922c -mov bl, byte [edx + ecx + 0x245] -movzx esi, byte [ebp + eax - 0x2f] -cmp bl, byte [ebp + eax - 0x2f] -mov byte [ebp - 0x3c], bl -cmovle esi, ebx -mov ebx, esi -movzx esi, byte [ebp + eax - 0x2d] -mov byte [ebp + eax - 0x2f], bl -mov bl, byte [ebp - 0x3c] -cmp bl, byte [ebp + eax - 0x2d] -cmovl ebx, esi -mov byte [ebp + eax - 0x2d], bl - -loc_fffc922c: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffc91f1 ; jne 0xfffc91f1 -jmp short loc_fffc9246 ; jmp 0xfffc9246 -loc_fffc9234: ; not directly referenced -mov dword [ebp + eax*4 - 0x20], 1 -mov byte [ebp + eax - 0x2f], 0 -mov byte [ebp + eax - 0x2d], 0x7f +loc_fffc8934: ; not directly referenced +inc dword [ebp - 0x25c] +cmp dword [ebp - 0x25c], 4 +jne short loc_fffc8900 ; jne 0xfffc8900 +inc byte [ebp - 0x264] +jmp near loc_fffc88bc ; jmp 0xfffc88bc -loc_fffc9246: ; not directly referenced -inc eax -add edx, 0x13c3 -cmp eax, 2 -jne loc_fffc9167 ; jne 0xfffc9167 -cmp byte [ebp - 0x48], 0 -je short loc_fffc9281 ; je 0xfffc9281 -mov dl, byte [ebp - 0x2d] -mov al, 0x5f -cmp byte [ebp - 0x2d], 0x5f -mov dword [ebp - 0x3c], 1 -cmovl edx, eax -mov byte [ebp - 0x2b], dl -mov dl, byte [ebp - 0x2c] -cmp byte [ebp - 0x2c], 0x5f -cmovge eax, edx -mov byte [ebp - 0x2a], al -jmp short loc_fffc92a4 ; jmp 0xfffc92a4 +loc_fffc894e: ; not directly referenced +mov esi, dword [ebp - 0x2a8] +xor ebx, ebx -loc_fffc9281: ; not directly referenced -mov dl, byte [ebp - 0x2f] -mov al, 0x20 -cmp byte [ebp - 0x2f], 0x20 -mov dword [ebp - 0x3c], 0xffffffff -cmovg edx, eax -mov byte [ebp - 0x2b], dl -mov dl, byte [ebp - 0x2e] -cmp byte [ebp - 0x2e], 0x20 -cmovle eax, edx -mov byte [ebp - 0x2a], al +loc_fffc8956: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffc89fd ; jne 0xfffc89fd +mov byte [ebp - 0x25c], 0 -loc_fffc92a4: ; not directly referenced -mov al, byte [ebp - 0x2b] -mov dword [ebp - 0x44], 0 -mov byte [ebp - 0x29], al -mov al, byte [ebp - 0x2a] -mov byte [ebp - 0x28], al -mov eax, dword [ebp - 0x40] -sar eax, 1 -mov dword [ebp - 0x48], eax -mov al, byte [ebp - 0x49] -and dword [ebp - 0x48], 1 -and eax, 1 -mov byte [ebp - 0x4c], al +loc_fffc8971: ; not directly referenced +mov al, byte [ebp - 0x25c] +cmp al, byte [edi + 0x2489] +jae short loc_fffc89e4 ; jae 0xfffc89e4 +movzx eax, byte [ebp - 0x25c] +mov edx, ebx +mov ecx, eax +mov dword [ebp - 0x260], eax +mov eax, edi +call fcn_fffa71bc ; call 0xfffa71bc +mov ecx, dword [ebp - 0x260] +lea ecx, [esi + ecx*4] +mov dword [ebp - 0x264], ecx +mov ecx, dword [ecx + 0x28] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x2b8], 0 +je short loc_fffc89dc ; je 0xfffc89dc +mov ecx, dword [ebp - 0x260] +mov edx, ebx +mov eax, edi +call fcn_fffa71f9 ; call 0xfffa71f9 +mov ecx, dword [ebp - 0x264] +mov ecx, dword [ecx + 4] +mov edx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffc92cc: ; not directly referenced -mov eax, dword [ebp - 0x3c] -xor ebx, ebx -add dword [ebp - 0x44], eax +loc_fffc89dc: ; not directly referenced +inc byte [ebp - 0x25c] +jmp short loc_fffc8971 ; jmp 0xfffc8971 -loc_fffc92d4: ; not directly referenced -mov eax, dword [ebp - 0x40] -bt eax, ebx -jae short loc_fffc930b ; jae 0xfffc930b -mov al, byte [ebp - 0x3c] +loc_fffc89e4: ; not directly referenced +mov ecx, 0xff mov edx, ebx -add byte [ebp + ebx - 0x2b], al -imul eax, ebx, 0x13c3 -mov cl, byte [ebp - 0x4b] -and cl, byte [edi + eax + 0x381a] mov eax, edi -push 0 -push 0 -push dword [ebp - 0x44] -movzx ecx, cl -push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -add esp, 0x10 +call fcn_fffa7236 ; call 0xfffa7236 +mov ecx, dword [esi] +mov edx, eax +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffc930b: ; not directly referenced +loc_fffc89fd: ; not directly referenced inc ebx +add esi, 0xcc cmp ebx, 2 -jne short loc_fffc92d4 ; jne 0xfffc92d4 -sub esp, 0xc -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0xc -movzx ecx, byte [edi + 0x248b] -mov edx, dword [ebp - 0x40] -lea eax, [ebp - 0x27] -push 0 -push 1 -push eax +jne loc_fffc8956 ; jne 0xfffc8956 mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 -add esp, 0x10 -xor ecx, ecx -mov byte [ebp - 0x4a], al - -loc_fffc933e: ; not directly referenced -mov eax, 1 -shl eax, cl -test byte [ebp - 0x49], al -je short loc_fffc93c0 ; je 0xfffc93c0 -cmp dword [ebp + ecx*4 - 0x20], 0 -jne short loc_fffc93c0 ; jne 0xfffc93c0 -test byte [ebp - 0x4a], al -je short loc_fffc9389 ; je 0xfffc9389 -mov bl, byte [ebp + ecx - 0x2b] -mov dl, byte [ebp + ecx - 0x29] -mov dword [ebp + ecx*4 - 0x20], 1 -movsx eax, bl -sub eax, dword [ebp - 0x3c] -movsx esi, dl -cmp eax, esi -jns short loc_fffc937c ; jns 0xfffc937c -mov al, byte [ebp - 0x3c] -add eax, edx -sub eax, ebx -jmp short loc_fffc9383 ; jmp 0xfffc9383 - -loc_fffc937c: ; not directly referenced -mov al, bl -sub eax, dword [ebp - 0x3c] -sub eax, edx - -loc_fffc9383: ; not directly referenced -mov esi, dword [ebp + 0xc] -mov byte [esi + ecx], al - -loc_fffc9389: ; not directly referenced -mov al, byte [ebp + ecx - 0x2b] -cmp al, 0x7f -sete bl -test al, al -sete dl -or bl, dl -je short loc_fffc93c0 ; je 0xfffc93c0 -mov bl, byte [ebp + ecx - 0x29] -movsx edx, al -movsx esi, byte [ebp + ecx - 0x29] -mov dword [ebp + ecx*4 - 0x20], 1 -sub ebx, eax -sub al, byte [ebp + ecx - 0x29] -cmp edx, esi -cmovns ebx, eax -mov eax, dword [ebp + 0xc] -mov byte [eax + ecx], bl - -loc_fffc93c0: ; not directly referenced -inc ecx -cmp ecx, 2 -jne loc_fffc933e ; jne 0xfffc933e -cmp byte [ebp - 0x4c], 0 -mov al, 1 -je short loc_fffc93d9 ; je 0xfffc93d9 -cmp dword [ebp - 0x20], 0 -setne al - -loc_fffc93d9: ; not directly referenced -cmp dword [ebp - 0x48], 0 -je short loc_fffc93e9 ; je 0xfffc93e9 -cmp dword [ebp - 0x1c], 0 -je loc_fffc92cc ; je 0xfffc92cc +call fcn_fffaa4a9 ; call 0xfffaa4a9 -loc_fffc93e9: ; not directly referenced -test al, al -je loc_fffc92cc ; je 0xfffc92cc +loc_fffc8a14: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -55629,3122 +54663,3064 @@ pop edi pop ebp ret -fcn_fffc93f9: ; not directly referenced +fcn_fffc8a1c: ; not directly referenced push ebp mov ebp, esp -push edi push esi push ebx -mov ebx, eax -sub esp, 0x30 -mov edi, dword [ebx + 0x2443] -movzx eax, cl -push 0 -push 4 -lea esi, [ebp - 0x1a] -push esi -mov byte [ebp - 0x31], dl -mov byte [ebp - 0x30], cl -mov dword [ebp - 0x2c], eax -call dword [edi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 4 -lea eax, [ebp - 0x1c] -push eax -call dword [edi + 0x5c] ; ucall -mov ecx, dword [ebp - 0x2c] -xor edx, edx -mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 -mov ecx, dword [ebp - 0x2c] -mov edx, 1 -mov edi, eax -mov eax, ebx -call fcn_fffaac43 ; call 0xfffaac43 -pop ecx -mov ecx, dword [ebp - 0x2c] -or eax, edi -movzx edi, al -pop eax -mov edx, edi +mov ebx, dword [ebp + 8] +push edx +push edx +movzx ecx, byte [ebx + 0x248f] +lea esi, [ebx + 0x2491] mov eax, ebx -push esi -xor esi, esi push 0 -call fcn_fffc912a ; call 0xfffc912a -add esp, 0x10 - -loc_fffc9467: ; not directly referenced -bt edi, esi -jae short loc_fffc9493 ; jae 0xfffc9493 -imul eax, esi, 0x13c3 -mov cl, byte [ebp - 0x30] mov edx, esi -and cl, byte [ebx + eax + 0x381a] -mov eax, ebx -push 0 -push 0 -push 0 -movzx ecx, cl +push 0xf +push 1 push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -add esp, 0x10 - -loc_fffc9493: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffc9467 ; jne 0xfffc9467 -sub esp, 0xc -xor si, si -push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 -mov ecx, dword [ebp - 0x2c] -pop eax -pop edx -mov edx, edi -lea eax, [ebp - 0x1c] -push eax -mov eax, ebx push 1 -call fcn_fffc912a ; call 0xfffc912a -add esp, 0x10 +push 2 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 +test eax, eax +jne short loc_fffc8a90 ; jne 0xfffc8a90 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffc8a6f ; jne 0xfffc8a6f +cmp dword [ebx + 0x2481], 1 +jne short loc_fffc8a6f ; jne 0xfffc8a6f +mov ecx, 2 +mov edx, esi +mov eax, ebx +call fcn_fffbd7ee ; call 0xfffbd7ee -loc_fffc94bc: ; not directly referenced -bt edi, esi -jae short loc_fffc94e8 ; jae 0xfffc94e8 -imul eax, esi, 0x13c3 -mov cl, byte [ebp - 0x30] +loc_fffc8a6f: ; not directly referenced +push eax mov edx, esi -and cl, byte [ebx + eax + 0x381a] +push eax +movzx ecx, byte [ebx + 0x248f] mov eax, ebx +push 1 +push 0xf push 0 push 0 push 0 -movzx ecx, cl -push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -add esp, 0x10 - -loc_fffc94e8: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffc94bc ; jne 0xfffc94bc -sub esp, 0xc -xor edi, edi -push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 -movzx eax, byte [ebp - 0x31] -lea esi, [ebx + 0x3218] -add esp, 0x10 -mov dword [ebp - 0x30], eax - -loc_fffc9509: ; not directly referenced -mov eax, dword [ebp - 0x30] -bt eax, edi -jb short loc_fffc9522 ; jb 0xfffc9522 +push 2 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 -loc_fffc9511: ; not directly referenced -inc edi -add esi, 0x48 -cmp edi, 2 -jne short loc_fffc9509 ; jne 0xfffc9509 -lea esp, [ebp - 0xc] +loc_fffc8a90: ; not directly referenced +lea esp, [ebp - 8] pop ebx pop esi -pop edi pop ebp ret -loc_fffc9522: ; not directly referenced -push 0 -mov ecx, dword [ebp - 0x2c] -mov edx, edi -push 0 -mov eax, ebx -push 0 -push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -movzx edx, byte [ebp + edi - 0x1c] -add esp, 0x10 -movzx eax, byte [ebp + edi - 0x1a] -imul edx, edx, 0xa -imul eax, eax, 0xa -mov dword [esi], edx -mov dword [esi + 4], eax -mov dword [esi + 0x90], edx -mov dword [esi + 0x94], eax -mov dword [esi + 0x120], edx -mov dword [esi + 0x124], eax -mov dword [esi + 0x1b0], edx -mov dword [esi + 0x1b4], eax -jmp short loc_fffc9511 ; jmp 0xfffc9511 - -fcn_fffc9574: ; not directly referenced +fcn_fffc8a97: ; not directly referenced push ebp -mov eax, 0x80000002 mov ebp, esp -push edi push esi push ebx -sub esp, 0x1c -mov ebx, dword [ebp + 0x20] -mov ecx, dword [ebp + 0x10] -mov esi, dword [ebp + 0x14] -mov edi, dword [ebp + 0x18] -test ebx, ebx -je loc_fffc964a ; je 0xfffc964a -cmp ecx, 0xb -ja loc_fffc964a ; ja 0xfffc964a -push eax -mov edx, ecx -push dword [ebp + 0x1c] -mov eax, 1 -mov dword [ebp - 0x1c], ecx -push edi -push esi -call fcn_fffac5c7 ; call 0xfffac5c7 -add esp, 0x10 -mov ecx, dword [ebp - 0x1c] -test eax, eax -js loc_fffc964a ; js 0xfffc964a -mov al, byte [ecx + ref_fffd5ac8] ; mov al, byte [ecx - 0x2a538] -mov dword [ebp - 0x24], 0 -mov byte [ebp - 0x1e], al -mov eax, ecx -and eax, 3 -mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_fffd5ad4] ; movzx eax, byte [eax - 0x2a52c] -dec eax -test ebx, eax -movzx eax, byte [ecx + ref_fffd5ad4] ; movzx eax, byte [ecx - 0x2a52c] -sete byte [ebp - 0x1d] -mov dword [ebp - 0x28], eax - -loc_fffc95f2: ; not directly referenced -cmp dword [ebp + 0x1c], 0 -je short loc_fffc9648 ; je 0xfffc9648 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffc9604 ; jne 0xfffc9604 -mov dl, byte [ebx] -mov byte [esi], dl -jmp short loc_fffc9637 ; jmp 0xfffc9637 - -loc_fffc9604: ; not directly referenced -cmp dword [ebp - 0x1c], 1 -jne short loc_fffc9618 ; jne 0xfffc9618 -movzx eax, word [ebx] +mov ebx, dword [ebp + 8] push edx push edx -push eax -push esi -call fcn_fffb3d20 ; call 0xfffb3d20 -jmp short loc_fffc9628 ; jmp 0xfffc9628 +movzx ecx, byte [ebx + 0x248f] +lea esi, [ebx + 0x2491] +mov eax, ebx +push 0 +mov edx, esi +push 0xf +push 1 +push 0 +push 1 +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 +test eax, eax +jne short loc_fffc8b02 ; jne 0xfffc8b02 +cmp dword [ebx + 0x188b], 1 +jne short loc_fffc8ae1 ; jne 0xfffc8ae1 +mov ecx, 1 +mov edx, esi +mov eax, ebx +call fcn_fffbd7ee ; call 0xfffbd7ee -loc_fffc9618: ; not directly referenced -cmp dword [ebp - 0x1c], 2 -jne short loc_fffc962d ; jne 0xfffc962d +loc_fffc8ae1: ; not directly referenced push eax +mov edx, esi push eax -push dword [ebx] -push esi -call fcn_fffb3d84 ; call 0xfffb3d84 - -loc_fffc9628: ; not directly referenced -add esp, 0x10 -jmp short loc_fffc9637 ; jmp 0xfffc9637 - -loc_fffc962d: ; not directly referenced -mov eax, dword [ebx] -mov edx, dword [ebx + 4] -mov dword [esi], eax -mov dword [esi + 4], edx - -loc_fffc9637: ; not directly referenced -movzx eax, byte [ebp - 0x1e] -add esi, dword [ebp - 0x28] -adc edi, dword [ebp - 0x24] -dec dword [ebp + 0x1c] -add ebx, eax -jmp short loc_fffc95f2 ; jmp 0xfffc95f2 - -loc_fffc9648: ; not directly referenced -xor eax, eax +movzx ecx, byte [ebx + 0x248f] +mov eax, ebx +push 1 +push 0xf +push 0 +push 1 +push 0 +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 -loc_fffc964a: ; not directly referenced -lea esp, [ebp - 0xc] +loc_fffc8b02: ; not directly referenced +lea esp, [ebp - 8] pop ebx pop esi -pop edi pop ebp ret -fcn_fffc9652: ; not directly referenced +fcn_fffc8b09: ; not directly referenced push ebp +mov ecx, 8 mov ebp, esp push edi push esi push ebx -sub esp, 0x2cc -mov edi, dword [ebp + 8] -mov dword [ebp - 0x264], 1 -mov eax, dword [edi + 0x5edc] -mov edx, dword [edi + 0x2480] -mov dword [ebp - 0x260], eax -mov eax, dword [edi + 0x2443] -cmp edx, 3 -mov dword [ebp - 0x2a8], eax -sete al -movzx ebx, al -mov dword [ebp - 0x28c], ebx -mov ebx, dword [edi + 0x1887] -mov esi, ebx -mov dword [ebp - 0x2b0], ebx -mov ebx, dword [edi + 0x1883] -mov ecx, ebx -mov dword [ebp - 0x290], ebx -mov ebx, dword [edi + 0x188b] -mov dword [ebp - 0x294], ebx -xor ebx, ebx -cmp edx, 2 -sete bl -cmp esi, 0x306d0 -mov dword [ebp - 0x2b4], ebx -sete bl -cmp ecx, 3 -setbe dl -mov byte [ebp - 0x27b], bl -test bl, dl -jne short loc_fffc9703 ; jne 0xfffc9703 -test ecx, ecx -sete dl -xor ebx, ebx -cmp esi, 0x40670 -sete bl -mov dword [ebp - 0x264], ebx -and dword [ebp - 0x264], edx +sub esp, 0x178 +mov eax, dword [ebp + 8] +lea edi, [ebp - 0xe8] +mov edx, dword [ebp + 0xc] +mov dword [ebp - 0xbc], fcn_fffb00dc ; mov dword [ebp - 0xbc], 0xfffb00dc +mov dword [ebp - 0xb0], fcn_fffb0086 ; mov dword [ebp - 0xb0], 0xfffb0086 +mov dword [ebp - 0x130], eax +xor eax, eax +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0xf8] +mov dword [ebp - 0x12c], edx +mov edx, 0xcf8 +mov dword [ebp - 0x5c], fcn_fffb01d3 ; mov dword [ebp - 0x5c], 0xfffb01d3 +mov dword [ebp - 0x58], fcn_fffb01ca ; mov dword [ebp - 0x58], 0xfffb01ca +mov dword [ebp - 0xa4], fcn_fffb3fc4 ; mov dword [ebp - 0xa4], 0xfffb3fc4 +mov dword [ebp - 0xa0], fcn_fffb401c ; mov dword [ebp - 0xa0], 0xfffb401c +mov cl, 4 +rep stosd ; rep stosd dword es:[edi], eax +mov eax, 0x80000048 +mov dword [ebp - 0x7c], fcn_fffc375d ; mov dword [ebp - 0x7c], 0xfffc375d +mov dword [ebp - 0x78], fcn_fffc3739 ; mov dword [ebp - 0x78], 0xfffc3739 +out dx, eax +push 0xcfc +call fcn_fffb00dc ; call 0xfffb00dc +add esp, 0x10 +mov ebx, eax +test al, 1 +jne short loc_fffc8ba9 ; jne 0xfffc8ba9 -loc_fffc9703: ; not directly referenced -and al, byte [ebp - 0x27b] -cmp dword [ebp - 0x294], 1 -movzx eax, al -mov dword [ebp - 0x2b8], eax -mov eax, dword [ebp - 0x260] -movzx eax, byte [eax + 0x1c5] -mov dword [ebp - 0x298], eax -movzx eax, byte [edi + 0x1965] -mov dword [ebp - 0x288], eax -jne short loc_fffc9780 ; jne 0xfffc9780 -cmp dword [ebp - 0x290], 4 -mov byte [ebp - 0x27a], 0x10 -mov byte [ebp - 0x280], 0xf0 -setbe al -test byte [ebp - 0x27b], al -mov byte [ebp - 0x279], 4 -je short loc_fffc9795 ; je 0xfffc9795 -cmp dword [edi + 0x36d7], 0x640 -mov eax, 0 -cmovbe eax, dword [ebp - 0x288] -mov dword [ebp - 0x288], eax -jmp short loc_fffc9795 ; jmp 0xfffc9795 +loc_fffc8ba2: ; not directly referenced +xor eax, eax +jmp near loc_fffc9f55 ; jmp 0xfffc9f55 -loc_fffc9780: ; not directly referenced -mov byte [ebp - 0x27a], 8 -mov byte [ebp - 0x280], 0xf8 -mov byte [ebp - 0x279], 1 +loc_fffc8ba9: ; not directly referenced +push 0x60 +mov esi, dword [ebp - 0xb0] +push 0 +push 0 +push 0 +call dword [ebp - 0x7c] ; ucall +pop edi +pop edx +push eax +push 0xcf8 +call esi +mov dword [esp], 0xcfc +call dword [ebp - 0xbc] ; ucall +add esp, 0x10 +test al, 1 +je short loc_fffc8ba2 ; je 0xfffc8ba2 +and eax, 0xfffffff8 +mov esi, eax +call fcn_fffa67af ; call 0xfffa67af +mov dword [ebp - 0x144], 0 +cmp eax, 0x40660 +setne cl +cmp eax, 0x306c0 +setne dl +test cl, dl +je short loc_fffc8c11 ; je 0xfffc8c11 +cmp eax, 0x40650 +setne al +movzx eax, al +mov dword [ebp - 0x144], eax -loc_fffc9795: ; not directly referenced -mov eax, dword [ebp - 0x260] -xor esi, esi -add eax, 0x1c -mov dword [ebp - 0x2a0], eax -mov dword [ebp - 0x268], eax - -loc_fffc97ac: ; not directly referenced -imul eax, esi, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -je short loc_fffc97ce ; je 0xfffc97ce - -loc_fffc97bc: ; not directly referenced -inc esi -add dword [ebp - 0x268], 0xcc -cmp esi, 2 -jne short loc_fffc97ac ; jne 0xfffc97ac -jmp short loc_fffc9837 ; jmp 0xfffc9837 - -loc_fffc97ce: ; not directly referenced -mov byte [ebp - 0x25c], 0 - -loc_fffc97d5: ; not directly referenced -mov al, byte [ebp - 0x25c] -cmp al, byte [edi + 0x2488] -jae short loc_fffc97bc ; jae 0xfffc97bc -movzx ecx, byte [ebp - 0x25c] -mov eax, dword [ebp - 0x268] -mov edx, dword [ebp - 0x298] -mov ebx, dword [eax + ecx*4 + 0x28] -or ebx, 0x60 -mov eax, ebx -and eax, 0xffbfffff -test edx, edx -mov edx, dword [ebp - 0x2b4] -cmovne ebx, eax -mov eax, ebx -and eax, 0xffdfffff -test edx, edx -mov edx, esi -cmovne ebx, eax -mov eax, edi -call fcn_fffa720e ; call 0xfffa720e -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0x25c] -jmp short loc_fffc97d5 ; jmp 0xfffc97d5 - -loc_fffc9837: ; not directly referenced -cmp dword [ebp - 0x298], 0 -je short loc_fffc9894 ; je 0xfffc9894 -mov edx, 0x3a28 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x3a28 -mov dword [ebp - 0x2ac], eax -mov eax, edi -and dword [ebp - 0x2ac], 0xfffffffd -mov ecx, dword [ebp - 0x2ac] -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -or ah, 1 -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x96 -mov eax, edi -call fcn_fffa834b ; call 0xfffa834b - -loc_fffc9894: ; not directly referenced -movzx eax, byte [ebp - 0x280] -mov dword [ebp - 0x278], 1 -mov dword [ebp - 0x26c], 0 -mov dword [ebp - 0x2c8], eax - -loc_fffc98b5: ; not directly referenced -mov ebx, dword [ebp - 0x278] -mov byte [ebp - 0x270], bl -test bl, bl -je short loc_fffc98db ; je 0xfffc98db -cmp dword [ebp - 0x294], 0 -sete al -or al, byte [ebp - 0x264] -jne loc_fffca060 ; jne 0xfffca060 - -loc_fffc98db: ; not directly referenced -mov esi, dword [ebp - 0x2a8] -push eax +loc_fffc8c11: ; not directly referenced +push 0xbc +and ebx, 0xfffffffe push 0 -push 0x24 -lea eax, [ebp - 0x1c8] -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -add esp, 0xc push 0 -push 0x24 -lea eax, [ebp - 0x1ec] +push 0 +call dword [ebp - 0x78] ; ucall +add eax, esi +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +push 0x90 +push 0 +push 0 +push 0 +mov dword [ebp - 0x160], eax +call dword [ebp - 0x78] ; ucall +add esp, 0x14 +add eax, esi push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall +call dword [ebp - 0xa0] ; ucall +push 0x98 +push 0 +push 0 +push 0 +mov dword [ebp - 0x150], edx +mov dword [ebp - 0x138], eax +call dword [ebp - 0x78] ; ucall +add esp, 0x14 +add esi, eax +push esi +call dword [ebp - 0xa0] ; ucall +mov edi, eax +lea eax, [ebx + 0x5024] +or edi, 0xfffff +mov dword [ebp - 0x164], edx +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x154], eax +lea eax, [ebx + 0x5014] +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x140], eax +lea eax, [ebx + 0x5000] +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x148], eax +lea eax, [ebx + 0x5004] +add ebx, 0x5008 +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [esp], ebx +mov esi, eax +call dword [ebp - 0xa4] ; ucall +mov ecx, dword [ebp - 0x138] add esp, 0xc -push dword [ebp - 0x2c8] -lea eax, [ebp - 0x234] -push 0x12 -push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall +mov ebx, dword [ebp - 0x140] +mov edx, dword [ebp - 0x164] +push 0x16 +and ecx, 0xfff00000 +mov dword [ebp - 0x110], ecx +mov ecx, dword [ebp - 0x150] +mov dword [ebp - 0x138], edi +xor edi, edi +and edx, 0x7f +push edi +and ecx, 0x7f +mov dword [ebp - 0x10c], ecx +movzx ecx, bl +push ecx +mov dword [ebp - 0x104], esi +mov esi, ecx +mov dword [ebp - 0x100], eax +mov dword [ebp - 0xfc], 0 +mov dword [ebp - 0x134], edx +call dword [ebp - 0x5c] ; ucall add esp, 0xc -push 0xff -push 0x12 -lea eax, [ebp - 0x210] +push 0x16 +push edi +mov edi, ebx +push esi +mov dword [ebp - 0x150], eax +mov dword [ebp - 0x14c], edx +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +xor edx, edx +push 0xe +mov eax, ebx +and eax, 0xff00 +push edx push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall +call dword [ebp - 0x5c] ; ucall add esp, 0xc -push 0 -push 0x12 -lea eax, [ebp - 0x222] +mov eax, ebx +push 6 +and eax, 0xff0000 +xor edx, edx +and edi, 0xff000000 +push edx push eax -mov eax, esi -call dword [eax + 0x5c] ; ucall -lea eax, [edi + 0x3756] +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 2 +mov dword [ebp - 0x168], edx +xor edx, edx +push edx +push edi +mov dword [ebp - 0x164], eax +call dword [ebp - 0x5c] ; ucall +mov dword [ebp - 0x140], eax +mov eax, dword [ebp - 0x148] +mov dword [ebp - 0x13c], edx +and eax, 1 +mov ebx, dword [ebp + eax*4 - 0x104] +lea eax, [ebp - 0xc4] +mov edx, ebx +call fcn_fffc3aea ; call 0xfffc3aea +mov esi, eax +mov edi, edx +lea eax, [ebp - 0xc4] +mov edx, ebx +call fcn_fffc3acf ; call 0xfffc3acf +add eax, esi +adc edx, edi add esp, 0x10 -mov dword [ebp - 0x274], eax +cmp dword [ebp - 0x144], 1 +jne short loc_fffc8df7 ; jne 0xfffc8df7 +add eax, dword [ebp - 0x150] +adc edx, dword [ebp - 0x14c] +jmp short loc_fffc8e03 ; jmp 0xfffc8e03 + +loc_fffc8df7: ; not directly referenced +add eax, dword [ebp - 0x140] +adc edx, dword [ebp - 0x13c] + +loc_fffc8e03: ; not directly referenced mov esi, eax -mov dword [ebp - 0x268], 0 +mov eax, dword [ebp - 0x10c] +mov edi, edx +cmp dword [ebp - 0x134], eax +jb loc_fffc8f07 ; jb 0xfffc8f07 +ja short loc_fffc8e2d ; ja 0xfffc8e2d +mov eax, dword [ebp - 0x110] +cmp dword [ebp - 0x138], eax +jbe loc_fffc8f07 ; jbe 0xfffc8f07 -loc_fffc9960: ; not directly referenced -cmp dword [esi], 2 -je short loc_fffc999c ; je 0xfffc999c +loc_fffc8e2d: ; not directly referenced +mov eax, dword [ebp - 0x160] +mov cl, 1 +mov ebx, dword [ebp - 0x134] +mov dword [ebp - 0x15c], 0 +and eax, 0xfff00000 +mov edx, eax +mov dword [ebp - 0x160], eax +cmp dword [ebp - 0x12c], ebx +jb short loc_fffc8e6c ; jb 0xfffc8e6c +ja short loc_fffc8e6a ; ja 0xfffc8e6a +mov ebx, dword [ebp - 0x138] +cmp dword [ebp - 0x130], ebx +jbe short loc_fffc8e6c ; jbe 0xfffc8e6c -loc_fffc9965: ; not directly referenced -inc dword [ebp - 0x268] -add esi, 0x13c3 -cmp dword [ebp - 0x268], 2 -jne short loc_fffc9960 ; jne 0xfffc9960 -mov al, byte [ebp - 0x280] -mov byte [ebp - 0x29c], 0 -mov byte [ebp - 0x25c], al -imul eax, dword [ebp - 0x278], 0x12 -mov dword [ebp - 0x2c0], eax -jmp short loc_fffc9a0c ; jmp 0xfffc9a0c +loc_fffc8e6a: ; not directly referenced +xor ecx, ecx + +loc_fffc8e6c: ; not directly referenced +mov eax, dword [ebp - 0x10c] +mov bl, 1 +cmp dword [ebp - 0x12c], eax +ja short loc_fffc8e8e ; ja 0xfffc8e8e +jb short loc_fffc8e8c ; jb 0xfffc8e8c +mov eax, dword [ebp - 0x110] +cmp dword [ebp - 0x130], eax +jae short loc_fffc8e8e ; jae 0xfffc8e8e -loc_fffc999c: ; not directly referenced +loc_fffc8e8c: ; not directly referenced xor ebx, ebx -loc_fffc999e: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffc9965 ; jae 0xfffc9965 -movzx eax, bl -mov dword [ebp - 0x26c], eax -mov byte [esi + eax + 0x101d], 0 -mov dword [ebp - 0x25c], 0 +loc_fffc8e8e: ; not directly referenced +test cl, bl +je short loc_fffc8eb8 ; je 0xfffc8eb8 +mov eax, dword [ebp - 0x160] +mov edx, dword [ebp - 0x15c] +sub eax, dword [ebp - 0x110] +sbb edx, dword [ebp - 0x10c] +add eax, dword [ebp - 0x130] +adc edx, dword [ebp - 0x12c] +jmp short loc_fffc8f13 ; jmp 0xfffc8f13 -loc_fffc99c1: ; not directly referenced -mov cl, byte [ebp - 0x25c] -mov eax, 1 -shl eax, cl -test byte [esi + 0xc4], al -je short loc_fffc99fa ; je 0xfffc99fa -push eax -mov ecx, dword [ebp - 0x25c] -mov eax, edi -push 0 -mov edx, dword [ebp - 0x268] -push 0xff -push dword [ebp - 0x26c] -call fcn_fffa7499 ; call 0xfffa7499 -add esp, 0x10 +loc_fffc8eb8: ; not directly referenced +cmp dword [ebp - 0x12c], 0 +ja short loc_fffc8ec9 ; ja 0xfffc8ec9 +cmp dword [ebp - 0x130], edx +jb short loc_fffc8f07 ; jb 0xfffc8f07 -loc_fffc99fa: ; not directly referenced -inc dword [ebp - 0x25c] -cmp dword [ebp - 0x25c], 4 -jne short loc_fffc99c1 ; jne 0xfffc99c1 -inc ebx -jmp short loc_fffc999e ; jmp 0xfffc999e +loc_fffc8ec9: ; not directly referenced +mov eax, dword [ebp - 0x160] +mov edx, dword [ebp - 0x15c] +add eax, dword [ebp - 0x138] +adc edx, dword [ebp - 0x134] +sub eax, dword [ebp - 0x110] +sbb edx, dword [ebp - 0x10c] +cmp dword [ebp - 0x12c], edx +ja short loc_fffc8f07 ; ja 0xfffc8f07 +jb loc_fffc9ed7 ; jb 0xfffc9ed7 +cmp dword [ebp - 0x130], eax +jbe loc_fffc9ed7 ; jbe 0xfffc9ed7 -loc_fffc9a0c: ; not directly referenced -cmp byte [ebp - 0x270], 0 -jne short loc_fffc9a42 ; jne 0xfffc9a42 -push 0 -movsx eax, byte [ebp - 0x25c] -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 -push 1 -push 0 -push eax -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov dword [ebp - 0x26c], eax -jmp short loc_fffc9a96 ; jmp 0xfffc9a96 +loc_fffc8f07: ; not directly referenced +mov eax, dword [ebp - 0x130] +mov edx, dword [ebp - 0x12c] -loc_fffc9a42: ; not directly referenced -push 0 -mov bl, byte [ebp - 0x25c] -push 0 -push 0 -push 0 -push 0 +loc_fffc8f13: ; not directly referenced +push ecx +push 6 +push edx +push eax +call dword [ebp - 0x58] ; ucall +mov ebx, dword [ebp - 0x148] +add esp, 0x10 +shr ebx, 6 and ebx, 1 -push 0 -movzx eax, bl -push 0 +cmp dword [ebp - 0x144], 1 +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +jne short loc_fffc8f60 ; jne 0xfffc8f60 +push edx push 1 -push 0 -push eax -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov esi, dword [ebp - 0x25c] -mov dl, 2 -add esp, 0x30 -mov dword [ebp - 0x26c], eax -mov eax, esi -cbw -idiv dl -mov edx, esi -shr dl, 7 -mov byte [ebp - 0x29c], al -test bl, dl -je short loc_fffc9a96 ; je 0xfffc9a96 -dec eax -mov byte [ebp - 0x29c], al +push dword [ebp - 0x14c] +push dword [ebp - 0x150] +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +mov dword [ebp - 0x164], eax +mov dword [ebp - 0x168], edx -loc_fffc9a96: ; not directly referenced -mov eax, edi -or edx, 0xffffffff -call fcn_fffaa226 ; call 0xfffaa226 -mov eax, dword [ebp - 0x274] -mov dword [ebp - 0x268], 0 -mov dword [ebp - 0x284], eax +loc_fffc8f60: ; not directly referenced +test ebx, ebx +je short loc_fffc8fc9 ; je 0xfffc8fc9 +cmp dword [ebp - 0x10c], edi +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc8f7e ; jb 0xfffc8f7e +cmp dword [ebp - 0x110], esi +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffc9ab6: ; not directly referenced -mov eax, dword [ebp - 0x284] -cmp dword [eax], 2 -jne loc_fffc9c1d ; jne 0xfffc9c1d -cmp byte [ebp - 0x270], 1 -je short loc_fffc9b2c ; je 0xfffc9b2c +loc_fffc8f7e: ; not directly referenced +push eax +mov eax, dword [ebp - 0x148] +shr eax, 7 +and eax, 7 +push eax +push 0 +push 0x400000 +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +cmp dword [ebp - 0x10c], edx +jb loc_fffc9109 ; jb 0xfffc9109 +ja short loc_fffc8fb3 ; ja 0xfffc8fb3 +cmp dword [ebp - 0x110], eax +jb loc_fffc9109 ; jb 0xfffc9109 -loc_fffc9ace: ; not directly referenced -mov esi, dword [ebp - 0x268] -mov ecx, 0xff -mov ebx, dword [ebp - 0x260] -imul eax, esi, 0xcc -mov edx, esi -mov ebx, dword [ebx + eax + 0x1c] -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -and ebx, 0xfe0ffff7 -or ebx, 0x1100008 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, edi -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -lea eax, [esi + esi*8] -lea esi, [ebp - 0x18] -add eax, esi -mov byte [ebp - 0x2a4], 0 -mov dword [ebp - 0x2bc], eax -jmp short loc_fffc9b9d ; jmp 0xfffc9b9d +loc_fffc8fb3: ; not directly referenced +sub dword [ebp - 0x110], eax +mov edi, 1 +sbb dword [ebp - 0x10c], edx +jmp near loc_fffc910b ; jmp 0xfffc910b -loc_fffc9b2c: ; not directly referenced -mov byte [ebp - 0x2a4], 0 +loc_fffc8fc9: ; not directly referenced +mov eax, dword [ebp - 0x168] +cmp dword [ebp - 0x10c], eax +ja loc_fffc90b6 ; ja 0xfffc90b6 +jb short loc_fffc8fef ; jb 0xfffc8fef +mov eax, dword [ebp - 0x164] +cmp dword [ebp - 0x110], eax +jae loc_fffc90b6 ; jae 0xfffc90b6 -loc_fffc9b33: ; not directly referenced -mov al, byte [ebp - 0x2a4] -cmp al, byte [edi + 0x2488] -jae short loc_fffc9ace ; jae 0xfffc9ace -mov ebx, dword [ebp - 0x284] -movzx esi, byte [ebp - 0x2a4] -mov al, byte [ebp - 0x29c] -mov byte [ebx + esi + 0x101d], al -xor ebx, ebx +loc_fffc8fef: ; not directly referenced +test dword [ebp - 0x154], 0x800000 +je loc_fffc908a ; je 0xfffc908a +mov eax, dword [ebp - 0x154] +mov edx, 1 +xor edi, edi +mov esi, eax +and ax, 0x3fff +shr esi, 0x15 +and esi, 3 +mov ecx, esi +shl edx, cl +xor ecx, ecx +or eax, edx +and eax, dword [ebp - 0x110] +movzx eax, ax -loc_fffc9b5d: ; not directly referenced -mov cl, bl -mov eax, 1 -shl eax, cl -mov ecx, dword [ebp - 0x284] -test byte [ecx + 0xc4], al -je short loc_fffc9b8f ; je 0xfffc9b8f -mov edx, dword [ebp - 0x268] -mov ecx, ebx +loc_fffc9029: ; not directly referenced +mov edx, eax +sar edx, cl +inc ecx +xor edi, edx +cmp ecx, 0xe +jne short loc_fffc9029 ; jne 0xfffc9029 push eax -mov eax, edi +and edi, 1 +push esi push 0 -push 0xff +push 1 +call dword [ebp - 0x5c] ; ucall +add esp, 0xc push esi -call fcn_fffa7499 ; call 0xfffa7499 +mov ebx, eax +mov ecx, edx +mov eax, dword [ebp - 0x110] +mov edx, dword [ebp - 0x10c] +not ebx +not ecx +and ebx, eax +and ecx, edx +xor edx, edx +mov dword [ebp - 0x138], ecx +mov ecx, ebx +and ecx, 1 +push edx +push ecx +call dword [ebp - 0x5c] ; ucall +mov ecx, dword [ebp - 0x138] add esp, 0x10 +or ebx, eax +or ecx, edx +mov dword [ebp - 0x110], ebx +mov dword [ebp - 0x10c], ecx +jmp short loc_fffc9093 ; jmp 0xfffc9093 -loc_fffc9b8f: ; not directly referenced -inc ebx -cmp ebx, 4 -jne short loc_fffc9b5d ; jne 0xfffc9b5d -inc byte [ebp - 0x2a4] -jmp short loc_fffc9b33 ; jmp 0xfffc9b33 +loc_fffc908a: ; not directly referenced +mov edi, dword [ebp - 0x110] +and edi, 1 -loc_fffc9b9d: ; not directly referenced -mov al, byte [ebp - 0x2a4] -cmp al, byte [edi + 0x2488] -jae short loc_fffc9bfd ; jae 0xfffc9bfd -movzx esi, byte [ebp - 0x2a4] -mov eax, edi -mov edx, dword [ebp - 0x268] -mov ecx, esi -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -movzx edx, al -movzx eax, dx -mov dword [ebp - 0x2c4], edx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov edx, dword [ebp - 0x2c4] -add esi, dword [ebp - 0x2bc] -inc byte [ebp - 0x2a4] -and byte [esi - 0x1f8], dl -neg eax -mov byte [esi - 0x22e], al -jmp short loc_fffc9b9d ; jmp 0xfffc9b9d +loc_fffc9093: ; not directly referenced +push eax +push 1 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +jmp short loc_fffc910b ; jmp 0xfffc910b -loc_fffc9bfd: ; not directly referenced -mov edx, dword [ebp - 0x268] -mov ecx, 0xff -mov eax, edi -and ebx, 0xfffffff7 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffc90b6: ; not directly referenced +cmp dword [ebp - 0x10c], edi +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc90d0 ; jb 0xfffc90d0 +cmp dword [ebp - 0x110], esi +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffc9c1d: ; not directly referenced -inc dword [ebp - 0x268] -add dword [ebp - 0x284], 0x13c3 -cmp dword [ebp - 0x268], 2 -jne loc_fffc9ab6 ; jne 0xfffc9ab6 -mov eax, edi -mov edx, 0x11111111 -call fcn_fffaa226 ; call 0xfffaa226 -mov eax, dword [ebp - 0x274] -xor esi, esi -mov dword [ebp - 0x2a4], eax +loc_fffc90d0: ; not directly referenced +cmp dword [ebp - 0x144], 1 +jne short loc_fffc90f1 ; jne 0xfffc90f1 +mov eax, dword [ebp - 0x150] +mov edx, dword [ebp - 0x14c] +mov dword [ebp - 0x140], eax +mov dword [ebp - 0x13c], edx -loc_fffc9c54: ; not directly referenced -mov eax, dword [ebp - 0x2a4] -cmp dword [eax], 2 -jne loc_fffc9dce ; jne 0xfffc9dce -mov ebx, dword [ebp - 0x260] -imul eax, esi, 0xcc -mov ecx, 0xff -mov edx, esi -mov eax, dword [ebx + eax + 0x1c] -lea ebx, [ebp - 0x18] -mov dword [ebp - 0x268], eax -mov eax, edi -and dword [ebp - 0x268], 0xfe0ffff7 -or dword [ebp - 0x268], 0x1100008 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [ebp - 0x268] -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, edi -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -lea eax, [esi + esi*8] -add ebx, eax -mov byte [ebp - 0x284], 0 -mov dword [ebp - 0x2bc], eax -mov dword [ebp - 0x2c4], ebx +loc_fffc90f1: ; not directly referenced +mov eax, dword [ebp - 0x140] +mov edx, dword [ebp - 0x13c] +sub dword [ebp - 0x110], eax +sbb dword [ebp - 0x10c], edx -loc_fffc9cd1: ; not directly referenced -mov al, byte [ebp - 0x284] -cmp al, byte [edi + 0x2488] -jae loc_fffc9dac ; jae 0xfffc9dac -movzx ebx, byte [ebp - 0x284] -mov edx, esi -mov eax, edi +loc_fffc9109: ; not directly referenced +xor edi, edi + +loc_fffc910b: ; not directly referenced +mov eax, dword [ebp - 0x148] +movzx edi, di +lea ecx, [edi + edi] +shr eax, cl +and eax, 1 +mov word [ebp - 0x158], ax +movzx eax, ax +mov ebx, dword [ebp + eax*4 - 0x104] +mov dword [ebp - 0x16c], eax +lea eax, [ebp - 0xc4] +mov edx, ebx +call fcn_fffc3aea ; call 0xfffc3aea +mov dword [ebp - 0x138], eax +lea eax, [ebp - 0xc4] +mov dword [ebp - 0x134], edx +mov edx, ebx +call fcn_fffc3acf ; call 0xfffc3acf mov ecx, ebx -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -movzx ecx, al -movzx eax, cx -mov dword [ebp - 0x2cc], ecx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov ecx, dword [ebp - 0x2c4] -lea edx, [ecx + ebx] -mov ecx, dword [ebp - 0x2cc] -or byte [edx - 0x20a], cl -add al, byte [edx - 0x22e] -mov byte [edx - 0x22e], al -cmp al, byte [edx - 0x21c] -jle short loc_fffc9d81 ; jle 0xfffc9d81 -mov byte [edx - 0x21c], al -mov eax, dword [ebp - 0x2c0] -lea ecx, [ebp - 0x18] -add eax, dword [ebp - 0x2bc] -add eax, ecx -mov cl, byte [ebp - 0x25c] -add eax, ebx -cmp byte [ebp - 0x270], 0 -mov byte [eax - 0x1b0], cl -mov byte [eax - 0x1d4], cl -jne short loc_fffc9da1 ; jne 0xfffc9da1 -mov ecx, dword [ebp - 0x2a4] -mov al, byte [ebp - 0x25c] -mov byte [ecx + ebx + 0x101d], al -jmp short loc_fffc9da1 ; jmp 0xfffc9da1 - -loc_fffc9d81: ; not directly referenced -jne short loc_fffc9da1 ; jne 0xfffc9da1 -mov eax, dword [ebp - 0x2c0] -lea ecx, [ebp - 0x18] -add eax, dword [ebp - 0x2bc] -add eax, ecx -mov cl, byte [ebp - 0x25c] -mov byte [ebx + eax - 0x1b0], cl - -loc_fffc9da1: ; not directly referenced -inc byte [ebp - 0x284] -jmp near loc_fffc9cd1 ; jmp 0xfffc9cd1 - -loc_fffc9dac: ; not directly referenced -mov ecx, 0xff -mov edx, esi -mov ebx, dword [ebp - 0x268] -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -and ebx, 0xfffffff7 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c - -loc_fffc9dce: ; not directly referenced -inc esi -add dword [ebp - 0x2a4], 0x13c3 -cmp esi, 2 -jne loc_fffc9c54 ; jne 0xfffc9c54 -inc byte [ebp - 0x25c] -mov al, byte [ebp - 0x27a] -cmp byte [ebp - 0x25c], al -jle loc_fffc9a0c ; jle 0xfffc9a0c -push 0 -xor ebx, ebx -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 +shr ecx, 0x16 +mov dword [ebp - 0x150], ecx +and dword [ebp - 0x150], 1 +mov dword [ebp - 0x140], eax +mov eax, ebx +shr eax, 0x15 +mov edi, eax +mov dword [ebp - 0x13c], edx +mov edx, ebx +and edi, 1 +shr edx, 0x1a +mov dword [ebp - 0x164], edi +mov edi, edx +or eax, edx +and edi, 1 +mov dword [ebp - 0x168], edi +test al, 1 +je loc_fffc9266 ; je 0xfffc9266 +push eax push 1 -push 0 -push 0 -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov eax, dword [ebp - 0x274] -add esp, 0x30 -mov dword [ebp - 0x25c], eax -imul eax, dword [ebp - 0x278], 0x12 -mov dword [ebp - 0x2a4], eax - -loc_fffc9e34: ; not directly referenced -mov eax, dword [ebp - 0x25c] -mov dword [ebp + ebx*4 - 0x250], 0 -cmp dword [eax], 2 -je short loc_fffc9e5f ; je 0xfffc9e5f - -loc_fffc9e4a: ; not directly referenced -inc ebx -add dword [ebp - 0x25c], 0x13c3 -cmp ebx, 2 -jne short loc_fffc9e34 ; jne 0xfffc9e34 -jmp near loc_fffc9fa4 ; jmp 0xfffc9fa4 - -loc_fffc9e5f: ; not directly referenced -lea eax, [ebx + ebx*8] -lea esi, [ebp - 0x18] -add esi, eax -mov byte [ebp - 0x284], 0 -mov dword [ebp - 0x29c], eax -mov dword [ebp - 0x2bc], esi +push dword [ebp - 0x13c] +push dword [ebp - 0x140] +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +cmp dword [ebp - 0x10c], edx +ja short loc_fffc921a ; ja 0xfffc921a +jb short loc_fffc91c8 ; jb 0xfffc91c8 +cmp dword [ebp - 0x110], eax +jae short loc_fffc921a ; jae 0xfffc921a -loc_fffc9e7a: ; not directly referenced -mov al, byte [ebp - 0x284] -cmp al, byte [edi + 0x2488] -jae short loc_fffc9e4a ; jae 0xfffc9e4a -mov ecx, dword [ebp - 0x2a4] -lea eax, [ebp - 0x18] -add ecx, dword [ebp - 0x29c] -movzx esi, byte [ebp - 0x284] -add ecx, eax -add ecx, esi -mov dl, byte [ecx - 0x1d4] -mov al, byte [ecx - 0x1b0] -sub eax, edx -mov byte [ecx - 0x168], al -mov cl, 2 -cbw -idiv cl -add eax, edx -cmp dword [ebp - 0x264], 0 -mov dl, al -je short loc_fffc9efd ; je 0xfffc9efd -mov ecx, dword [ebp - 0x2bc] -mov byte [esi + ecx - 0x1e6], al -movsx eax, al -push 0 -push 0 -push 0 -push 0 -push esi -push 0xff -push ebx -push 0 -push 0 +loc_fffc91c8: ; not directly referenced push eax -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -jmp near loc_fffc9f99 ; jmp 0xfffc9f99 - -loc_fffc9efd: ; not directly referenced -cmp byte [ebp - 0x270], 0 -jne short loc_fffc9f13 ; jne 0xfffc9f13 -lea eax, [edx - 1] -test dl, dl -lea ecx, [edx + 1] -cmovns eax, ecx -mov dl, al - -loc_fffc9f13: ; not directly referenced -movsx eax, dl -mov cl, 2 -add dword [ebp + ebx*4 - 0x250], eax -movsx ax, dl -idiv cl -mov ecx, dword [ebp - 0x25c] -mov edx, dword [ebp - 0x2a4] -add edx, dword [ebp - 0x29c] -mov dword [ebp - 0x268], 0 -mov byte [ecx + esi + 0x101d], al -lea ecx, [ebp - 0x18] -add edx, ecx -mov byte [esi + edx - 0x18c], al - -loc_fffc9f54: ; not directly referenced -mov cl, byte [ebp - 0x268] -mov eax, 1 -mov edx, dword [ebp - 0x25c] -shl eax, cl -test byte [edx + 0xc4], al -je short loc_fffc9f8a ; je 0xfffc9f8a -push ecx -mov ecx, dword [ebp - 0x268] -mov edx, ebx -push 0 -mov eax, edi -push 0xff -push esi -call fcn_fffa7499 ; call 0xfffa7499 +push 9 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 1 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +mov esi, eax +call dword [ebp - 0x58] ; ucall +mov ecx, dword [ebp - 0x110] +and esi, 1 add esp, 0x10 +and ecx, 0x1ff +and eax, 0xfffffe00 +or eax, ecx +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +jmp near loc_fffc92d7 ; jmp 0xfffc92d7 -loc_fffc9f8a: ; not directly referenced -inc dword [ebp - 0x268] -cmp dword [ebp - 0x268], 4 -jne short loc_fffc9f54 ; jne 0xfffc9f54 - -loc_fffc9f99: ; not directly referenced -inc byte [ebp - 0x284] -jmp near loc_fffc9e7a ; jmp 0xfffc9e7a - -loc_fffc9fa4: ; not directly referenced -cmp dword [ebp - 0x294], 0 -sete al -or al, byte [ebp - 0x264] -jne loc_fffca060 ; jne 0xfffca060 -cmp byte [ebp - 0x270], 1 -je loc_fffca060 ; je 0xfffca060 -lea edx, [ebp - 0x180] -lea ecx, [ebp - 0x1a4] - -loc_fffc9fd3: ; not directly referenced -mov eax, dword [ebp - 0x274] -cmp dword [eax], 2 -jne short loc_fffca042 ; jne 0xfffca042 -mov al, byte [edi + 0x2488] -mov byte [ebp - 0x25c], al -xor eax, eax +loc_fffc921a: ; not directly referenced +mov eax, dword [ebp - 0x140] +mov edx, dword [ebp - 0x13c] +add eax, dword [ebp - 0x138] +adc edx, dword [ebp - 0x134] +cmp dword [ebp - 0x10c], edx +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc924c ; jb 0xfffc924c +cmp dword [ebp - 0x110], eax +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffc9fec: ; not directly referenced -cmp byte [ebp - 0x25c], al -jbe short loc_fffca042 ; jbe 0xfffca042 -cmp dword [ebp - 0x288], 0 -je short loc_fffca03f ; je 0xfffca03f -movsx esi, byte [edx + eax + 0x12] -movsx ebx, byte [edx + eax] -sub ebx, esi -mov esi, ebx -sar esi, 0x1f -xor ebx, esi -sub ebx, esi -cmp ebx, 4 -jle short loc_fffca03f ; jle 0xfffca03f -movsx esi, byte [ecx + eax + 0x12] -movsx ebx, byte [ecx + eax] -sub ebx, esi -mov esi, ebx -sar esi, 0x1f -xor ebx, esi -sub ebx, esi -mov esi, 5 -cmp ebx, 3 -cmovl esi, dword [ebp - 0x26c] -mov dword [ebp - 0x26c], esi +loc_fffc924c: ; not directly referenced +mov eax, dword [ebp - 0x140] +mov edx, dword [ebp - 0x13c] +sub dword [ebp - 0x110], eax +sbb dword [ebp - 0x10c], edx +jmp short loc_fffc92d5 ; jmp 0xfffc92d5 -loc_fffca03f: ; not directly referenced -inc eax -jmp short loc_fffc9fec ; jmp 0xfffc9fec +loc_fffc9266: ; not directly referenced +mov eax, dword [ebp - 0x134] +cmp dword [ebp - 0x10c], eax +jb short loc_fffc92d5 ; jb 0xfffc92d5 +ja short loc_fffc9284 ; ja 0xfffc9284 +mov eax, dword [ebp - 0x138] +cmp dword [ebp - 0x110], eax +jb short loc_fffc92d5 ; jb 0xfffc92d5 -loc_fffca042: ; not directly referenced -add edx, 9 -add ecx, 9 -lea eax, [ebp - 0x16e] -add dword [ebp - 0x274], 0x13c3 -cmp edx, eax -jne loc_fffc9fd3 ; jne 0xfffc9fd3 +loc_fffc9284: ; not directly referenced +mov eax, dword [ebp - 0x140] +mov edx, dword [ebp - 0x13c] +add eax, dword [ebp - 0x138] +adc edx, dword [ebp - 0x134] +cmp dword [ebp - 0x10c], edx +ja loc_fffc9ed7 ; ja 0xfffc9ed7 +jb short loc_fffc92b6 ; jb 0xfffc92b6 +cmp dword [ebp - 0x110], eax +jae loc_fffc9ed7 ; jae 0xfffc9ed7 -loc_fffca060: ; not directly referenced -dec dword [ebp - 0x278] -cmp dword [ebp - 0x278], 0xffffffff -jne loc_fffc98b5 ; jne 0xfffc98b5 -cmp dword [ebp - 0x294], 1 -jne loc_fffca197 ; jne 0xfffca197 -cmp dword [ebp - 0x26c], 5 -mov eax, 5 -sete cl -cmp dword [ebp - 0x288], 0 -setne dl -test cl, dl -jne loc_fffca879 ; jne 0xfffca879 -cmp dword [ebp - 0x290], 3 -seta al -test byte [ebp - 0x27b], al -jne short loc_fffca0ce ; jne 0xfffca0ce -cmp dword [ebp - 0x290], 0 -setne dl -cmp dword [ebp - 0x2b0], 0x40670 -sete al -test dl, al -je short loc_fffca140 ; je 0xfffca140 +loc_fffc92b6: ; not directly referenced +mov eax, dword [ebp - 0x138] +mov esi, 1 +mov edx, dword [ebp - 0x134] +sub dword [ebp - 0x110], eax +sbb dword [ebp - 0x10c], edx +jmp short loc_fffc92d7 ; jmp 0xfffc92d7 -loc_fffca0ce: ; not directly referenced -mov eax, dword [ebp - 0x250] -movzx ecx, byte [edi + 0x2488] -add eax, dword [ebp - 0x24c] -add ecx, ecx -cdq -idiv ecx -mov dword [ebp - 0x250], eax +loc_fffc92d5: ; not directly referenced +xor esi, esi -loc_fffca0ec: ; not directly referenced -cmp dword [edi + 0x3756], 2 -mov eax, dword [ebp - 0x250] -jne short loc_fffca107 ; jne 0xfffca107 -mov ebx, dword [ebp - 0x260] -mov dword [ebx + 0xe3], eax +loc_fffc92d7: ; not directly referenced +mov eax, dword [ebp - 0x148] +shr eax, 0xa +mov dword [ebp - 0x154], eax +mov eax, ebx +shr eax, 0x10 +and eax, 1 +mov word [ebp - 0x118], ax +and dword [ebp - 0x154], 1 +xor word [ebp - 0x118], si +test si, si +je short loc_fffc9342 ; je 0xfffc9342 +mov edx, dword [ebp - 0x148] +mov eax, ebx +mov ecx, ebx +shr eax, 0x12 +mov edi, dword [ebp - 0x140] +mov dword [ebp - 0x138], eax +lea eax, [ebp - 0xc4] +and dword [ebp - 0x138], 1 +call fcn_fffb8ec5 ; call 0xfffb8ec5 +test ebx, 0x100000 +mov word [ebp - 0x116], ax +jmp short loc_fffc937a ; jmp 0xfffc937a -loc_fffca107: ; not directly referenced -cmp dword [edi + 0x4b19], 2 -jne short loc_fffca11c ; jne 0xfffca11c -mov ebx, dword [ebp - 0x260] -mov dword [ebx + 0x1af], eax +loc_fffc9342: ; not directly referenced +mov edx, dword [ebp - 0x148] +mov eax, ebx +mov ecx, ebx +shr eax, 0x11 +mov edi, dword [ebp - 0x138] +mov dword [ebp - 0x138], eax +lea eax, [ebp - 0xc4] +and dword [ebp - 0x138], 1 +call fcn_fffb8f37 ; call 0xfffb8f37 +test ebx, 0x80000 +mov word [ebp - 0x116], ax -loc_fffca11c: ; not directly referenced -mov ebx, dword [ebp - 0x260] -cmp dword [ebp - 0x28c], 0 -mov dword [ebx + 0x1b4], eax -mov ebx, eax -je short loc_fffca14c ; je 0xfffca14c -mov ebx, 3 -cmp eax, 3 -cmovle ebx, eax -jmp short loc_fffca14c ; jmp 0xfffca14c +loc_fffc937a: ; not directly referenced +je short loc_fffc9383 ; je 0xfffc9383 +mov esi, 0x10 +jmp short loc_fffc9392 ; jmp 0xfffc9392 -loc_fffca140: ; not directly referenced -mov dword [ebp - 0x250], 0xfffffff0 -jmp short loc_fffca0ec ; jmp 0xfffca0ec +loc_fffc9383: ; not directly referenced +cmp dword [ebp - 0x154], 1 +sbb esi, esi +and esi, 0xffffffe8 +add esi, 0x20 -loc_fffca14c: ; not directly referenced -push 1 -push 0 -push 0 -push 0xff -push ebx -push 1 -push 0 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 -push 1 -push 0 -push 0 -push 0xff -push ebx -push 1 -push 1 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 -push 0 -push 0 -push 0 -push 0xff -push ebx -push 1 -push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 +loc_fffc9392: ; not directly referenced +mov eax, dword [ebp - 0x148] +shr eax, 0xb +mov dword [ebp - 0x140], eax +and dword [ebp - 0x140], 1 +cmp dword [ebp - 0x144], 1 +jne short loc_fffc93cb ; jne 0xfffc93cb +mov eax, dword [ebp - 0x110] +mov edx, eax +shr dx, 1 +cmp dword [ebp - 0x140], 0 +cmovne eax, edx +shl eax, 3 +jmp short loc_fffc9403 ; jmp 0xfffc9403 -loc_fffca197: ; not directly referenced -mov eax, dword [ebp - 0x2a8] -lea ebx, [ebp - 0x15c] -push edx -push 0 -push 0xa2 -push ebx -call dword [eax + 0x5c] ; ucall +loc_fffc93cb: ; not directly referenced +push eax +push 3 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x5c] ; ucall add esp, 0xc -mov eax, dword [ebp - 0x2a8] -push 0 -push 0xa2 -lea esi, [ebp - 0xba] -push esi -call dword [eax + 0x5c] ; ucall +push 3 +push dword [ebp - 0x12c] +push dword [ebp - 0x130] +mov dword [ebp - 0x160], eax +call dword [ebp - 0x58] ; ucall add esp, 0x10 -cmp dword [ebp - 0x28c], 1 -mov dword [ebp - 0x260], 1 -mov dword [ebp - 0x288], esi -sbb eax, eax -mov dword [ebp - 0x26c], eax -add byte [ebp - 0x26c], 9 -mov dword [ebp - 0x290], ebx +and eax, 7 +or eax, dword [ebp - 0x160] -loc_fffca1f8: ; not directly referenced -mov al, byte [ebp - 0x260] -xor ecx, ecx +loc_fffc9403: ; not directly referenced +mov cl, byte [ebp - 0x116] +mov edx, 1 +shl edx, cl +lea ecx, [edx - 1] +mov word [ebp - 0x160], cx +and word [ebp - 0x160], ax +mov eax, dword [ebp - 0x160] +cmp dword [ebp - 0x140], 0 +mov word [ebp - 0x156], ax +je loc_fffc993f ; je 0xfffc993f +push ecx +push 8 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +mov ecx, dword [ebp - 0x110] xor edx, edx -mov byte [ebp - 0x278], al - -loc_fffca208: ; not directly referenced -mov eax, dword [ebp - 0x260] -shl eax, cl -add ecx, 4 -add edx, eax -cmp ecx, 0x20 -jne short loc_fffca208 ; jne 0xfffca208 -mov eax, edi -call fcn_fffaa226 ; call 0xfffaa226 -mov eax, dword [ebp - 0x2a0] -mov dword [ebp - 0x25c], 0 -mov dword [ebp - 0x270], eax -mov eax, dword [ebp - 0x260] -and eax, 0xf -mov dword [ebp - 0x280], eax -shl dword [ebp - 0x280], 9 +add esp, 0xc +push 2 +and ecx, 1 +push edx +push ecx +mov dword [ebp - 0x114], eax +call dword [ebp - 0x5c] ; ucall +mov ecx, dword [ebp - 0x114] +add esp, 0x10 +and ecx, 3 +mov word [ebp - 0x114], cx +or word [ebp - 0x114], ax +mov al, byte [ebp - 0x168] +test byte [ebp - 0x138], al +mov eax, dword [ebp - 0x58] +je loc_fffc966d ; je 0xfffc966d +shr ebx, 0x1b +and ebx, 7 +cmp si, 8 +jne loc_fffc95b3 ; jne 0xfffc95b3 +push edx +push 7 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +add esp, 0x10 +mov esi, eax +and esi, 8 +or esi, dword [ebp - 0x114] +cmp dword [ebp - 0x150], 0 +jne short loc_fffc94d8 ; jne 0xfffc94d8 +mov word [ebp - 0x114], si +jmp short loc_fffc9546 ; jmp 0xfffc9546 -loc_fffca24d: ; not directly referenced -imul eax, dword [ebp - 0x25c], 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffca428 ; jne 0xfffca428 -cmp dword [ebp - 0x28c], 0 -jne short loc_fffca2c2 ; jne 0xfffca2c2 +loc_fffc94d8: ; not directly referenced +push eax +push 0xc +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 9 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +mov dword [ebp - 0x114], eax +call dword [ebp - 0x58] ; ucall +mov ecx, dword [ebp - 0x114] +add esp, 0xc +push 0xb +push dword [ebp - 0x10c] +and ecx, 3 +mov word [ebp - 0x114], cx +and eax, 4 +push dword [ebp - 0x110] +xor word [ebp - 0x114], ax +xor word [ebp - 0x114], si +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 8 +xor word [ebp - 0x114], ax -loc_fffca26e: ; not directly referenced -mov eax, dword [ebp - 0x270] -mov ecx, 0xff -mov esi, dword [ebp - 0x25c] -mov ebx, dword [eax] -mov eax, edi -mov edx, esi -call fcn_fffa7288 ; call 0xfffa7288 -and ebx, 0xfe0ffff7 -or ebx, 0x1100008 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffc9546: ; not directly referenced +lea eax, [ebx + 0xf] +movzx ebx, bx +push ecx +movzx eax, al +push eax +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 0xb +push dword [ebp - 0x10c] +and eax, 1 +push dword [ebp - 0x110] +mov word [ebp - 0x116], ax +call dword [ebp - 0x58] ; ucall +lea ecx, [ebx + 4] +mov edx, 1 +shl edx, cl +dec edx +mov ecx, edx +not ecx +mov esi, eax +and edx, eax +shr si, 1 mov eax, edi -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -imul eax, esi, 0x51 -mov byte [ebp - 0x268], 0 -mov dword [ebp - 0x284], eax -jmp near loc_fffca39e ; jmp 0xfffca39e +mov word [ebp - 0x128], si +shr eax, 0xc +and word [ebp - 0x128], cx +or word [ebp - 0x128], dx +jmp near loc_fffc965d ; jmp 0xfffc965d -loc_fffca2c2: ; not directly referenced -mov byte [ebp - 0x268], 0 +loc_fffc95b3: ; not directly referenced +cmp dword [ebp - 0x150], 0 +je short loc_fffc95f5 ; je 0xfffc95f5 +push edx +push 0xb +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +add esp, 0xc +push 8 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +mov esi, eax +call dword [ebp - 0x58] ; ucall +and esi, 3 +add esp, 0x10 +and eax, 4 +xor esi, eax +xor word [ebp - 0x114], si -loc_fffca2c9: ; not directly referenced -mov al, byte [ebp - 0x268] -cmp al, byte [edi + 0x2488] -jae short loc_fffca26e ; jae 0xfffca26e -movzx esi, byte [ebp - 0x268] -mov eax, dword [ebp - 0x270] -mov ecx, dword [ebp - 0x298] -mov edx, dword [ebp - 0x25c] -lea eax, [eax + esi*4] -mov dword [ebp - 0x274], eax -mov eax, dword [eax + 0x28] -and ah, 0xe1 -or eax, dword [ebp - 0x280] -or eax, 0x60 -mov ebx, eax -and eax, 0xfffffe7f -and ebx, 0xffbffe7f -test ecx, ecx -mov ecx, dword [ebp - 0x2b4] -cmove ebx, eax -mov eax, ebx -and eax, 0xffdfffff -test ecx, ecx -mov ecx, esi -cmovne ebx, eax -mov eax, edi -call fcn_fffa720e ; call 0xfffa720e -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x2b8], 0 -je short loc_fffca370 ; je 0xfffca370 -mov edx, dword [ebp - 0x25c] -mov ecx, esi -mov eax, edi -call fcn_fffa724b ; call 0xfffa724b -mov esi, dword [ebp - 0x274] -mov ecx, dword [esi + 4] -mov edx, eax +loc_fffc95f5: ; not directly referenced +lea eax, [ebx + 0xe] +movzx ebx, bx +push esi +movzx eax, al +push eax +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 0xa +push dword [ebp - 0x10c] +and eax, 1 +push dword [ebp - 0x110] +mov word [ebp - 0x116], ax +call dword [ebp - 0x58] ; ucall +lea ecx, [ebx + 4] +mov edx, 1 +shl edx, cl +dec edx +mov ecx, edx +not ecx +mov esi, eax +and edx, eax +shr si, 1 mov eax, edi -and ecx, 0xc7ffffff -call fcn_fffae58c ; call 0xfffae58c +mov word [ebp - 0x128], si +shr eax, 0xb +and word [ebp - 0x128], cx +or word [ebp - 0x128], dx -loc_fffca370: ; not directly referenced -inc byte [ebp - 0x268] -jmp near loc_fffca2c9 ; jmp 0xfffca2c9 +loc_fffc965d: ; not directly referenced +dec eax -loc_fffca37b: ; not directly referenced -mov eax, dword [ebp - 0x274] -bt eax, edx -jae short loc_fffca3f7 ; jae 0xfffca3f7 -mov al, byte [ebp - 0x278] -mov byte [ecx + edx], al +loc_fffc965e: ; not directly referenced +and word [ebp - 0x128], ax -loc_fffca38f: ; not directly referenced -inc edx -cmp byte [ebp - 0x26c], dl -ja short loc_fffca37b ; ja 0xfffca37b -inc byte [ebp - 0x268] - -loc_fffca39e: ; not directly referenced -mov al, byte [ebp - 0x268] -cmp al, byte [edi + 0x2488] -jae short loc_fffca408 ; jae 0xfffca408 -movzx esi, byte [ebp - 0x268] -mov eax, edi -mov edx, dword [ebp - 0x25c] -mov ecx, esi -call fcn_fffa7617 ; call 0xfffa7617 -lea esi, [esi + esi*8] -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -xor edx, edx -add esi, dword [ebp - 0x284] -mov dword [ebp - 0x274], eax -mov eax, dword [ebp - 0x288] -and dword [ebp - 0x274], 0x1ff -lea ecx, [eax + esi] -add esi, dword [ebp - 0x290] -jmp short loc_fffca37b ; jmp 0xfffca37b +loc_fffc9665: ; not directly referenced +add esp, 0x10 +jmp near loc_fffc9d70 ; jmp 0xfffc9d70 -loc_fffca3f7: ; not directly referenced -cmp byte [esi + edx], 0 -jne short loc_fffca38f ; jne 0xfffca38f -mov al, byte [ebp - 0x278] -mov byte [esi + edx], al -jmp short loc_fffca38f ; jmp 0xfffca38f +loc_fffc966d: ; not directly referenced +mov cl, byte [ebp - 0x164] +test byte [ebp - 0x138], cl +je loc_fffc97da ; je 0xfffc97da +push ecx +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +add esp, 0x10 +and eax, 1 +cmp si, 8 +mov word [ebp - 0x116], ax +mov eax, dword [ebp - 0x58] +jne loc_fffc9756 ; jne 0xfffc9756 +push edx +push 8 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +add esp, 0x10 +and eax, 8 +or word [ebp - 0x114], ax +cmp dword [ebp - 0x150], 0 +je short loc_fffc973f ; je 0xfffc973f +push eax +push 0xd +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +mov ebx, eax +call dword [ebp - 0x58] ; ucall +and ebx, 3 +mov esi, dword [ebp - 0x10c] +add esp, 0xc +push 0xd +push esi +and eax, 4 +xor ebx, eax +xor word [ebp - 0x114], bx +mov ebx, dword [ebp - 0x110] +push ebx +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 0xf +push esi +push ebx +and eax, 8 +xor word [ebp - 0x114], ax +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 1 +xor word [ebp - 0x116], ax -loc_fffca408: ; not directly referenced -mov edx, dword [ebp - 0x25c] -mov ecx, 0xff -mov eax, edi -and ebx, 0xfffffff7 -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, ebx -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffc973f: ; not directly referenced +push esi +push 0xc +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +shr edi, 0xc +jmp short loc_fffc97cb ; jmp 0xfffc97cb -loc_fffca428: ; not directly referenced -inc dword [ebp - 0x25c] -add dword [ebp - 0x270], 0xcc -cmp dword [ebp - 0x25c], 2 -jne loc_fffca24d ; jne 0xfffca24d -inc dword [ebp - 0x260] -cmp dword [ebp - 0x260], 0x10 -jne loc_fffca1f8 ; jne 0xfffca1f8 -mov ebx, dword [ebp - 0x2a0] -lea eax, [edi + 0x3756] -mov dword [ebp - 0x280], eax -mov dword [ebp - 0x260], eax -mov dword [ebp - 0x25c], 0 -mov dword [ebp - 0x278], ebx +loc_fffc9756: ; not directly referenced +cmp dword [ebp - 0x150], 0 +je short loc_fffc97b6 ; je 0xfffc97b6 +push ebx +push 0xc +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +add esp, 0xc +push 9 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +mov ebx, eax +call dword [ebp - 0x58] ; ucall +and ebx, 3 +add esp, 0xc +push 0xe +push dword [ebp - 0x10c] +and eax, 4 +push dword [ebp - 0x110] +xor ebx, eax +xor word [ebp - 0x114], bx +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 1 +xor word [ebp - 0x116], ax -loc_fffca480: ; not directly referenced -mov eax, dword [ebp - 0x260] -cmp dword [eax], 2 -je short loc_fffca4b3 ; je 0xfffca4b3 +loc_fffc97b6: ; not directly referenced +push ecx +push 0xb +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +shr edi, 0xb -loc_fffca48b: ; not directly referenced -inc dword [ebp - 0x25c] -add dword [ebp - 0x260], 0x13c3 -add dword [ebp - 0x278], 0xcc -cmp dword [ebp - 0x25c], 2 -jne short loc_fffca480 ; jne 0xfffca480 -jmp near loc_fffca660 ; jmp 0xfffca660 +loc_fffc97cb: ; not directly referenced +lea edi, [edi - 1] +mov word [ebp - 0x128], di +jmp near loc_fffc965e ; jmp 0xfffc965e -loc_fffca4b3: ; not directly referenced -mov esi, dword [ebp - 0x25c] -mov byte [ebp - 0x268], 0 -mov eax, esi -imul esi, esi, 0x51 -shl eax, 8 -mov dword [ebp - 0x29c], eax -add eax, 0x4c -mov dword [ebp - 0x288], eax -mov dword [ebp - 0x284], esi +loc_fffc97da: ; not directly referenced +mov edx, edi +shr edx, 1 +test dword [ebp - 0x110], edx +setne dl +mov ecx, edx +and ecx, dword [ebp - 0x138] +mov word [ebp - 0x116], cx +cmp si, 8 +jne loc_fffc98d1 ; jne 0xfffc98d1 +push edx +push 7 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +add esp, 0x10 +mov ebx, eax +and ebx, 8 +or ebx, dword [ebp - 0x114] +cmp dword [ebp - 0x150], 0 +jne short loc_fffc9831 ; jne 0xfffc9831 +mov word [ebp - 0x114], bx +jmp short loc_fffc9895 ; jmp 0xfffc9895 -loc_fffca4dd: ; not directly referenced -movzx eax, byte [ebp - 0x268] -cmp al, byte [edi + 0x2488] -jae short loc_fffca48b ; jae 0xfffca48b +loc_fffc9831: ; not directly referenced +push eax +push 0xc +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 9 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] mov esi, eax -mov dword [ebp - 0x270], eax -lea eax, [eax + eax*8] -add eax, dword [ebp - 0x284] -lea ebx, [ebp - 0x15c] -lea edx, [ebp - 0xba] -add ebx, eax -add eax, edx -mov dword [ebp - 0x294], eax -imul eax, esi, 0x18 -mov dword [ebp - 0x2a4], ebx -xor ebx, ebx -mov dword [ebp - 0x274], 0 -mov dword [ebp - 0x290], eax - -loc_fffca52e: ; not directly referenced -mov eax, dword [ebp - 0x2a4] -mov dl, byte [eax + ebx] -mov eax, dword [ebp - 0x294] -movsx ecx, byte [eax + ebx] -mov al, 0xf -test dl, dl -je short loc_fffca55a ; je 0xfffca55a -xor eax, eax -test cl, cl -je short loc_fffca55a ; je 0xfffca55a -movsx eax, dl -mov esi, 2 -add eax, ecx -cdq -idiv esi - -loc_fffca55a: ; not directly referenced -cmp dword [ebp - 0x28c], 0 -je short loc_fffca5ba ; je 0xfffca5ba -cmp bl, 8 -jne short loc_fffca5ba ; jne 0xfffca5ba -mov dl, 0xf -cmp al, 6 -jg short loc_fffca574 ; jg 0xfffca574 -lea edx, [eax + 8] -and edx, 0xf - -loc_fffca574: ; not directly referenced -mov eax, dword [ebp - 0x270] -and edx, 0xf -mov esi, dword [ebp - 0x278] -add edx, edx -lea ecx, [eax + 8] -mov al, byte [esi + ecx*4 + 9] -and eax, 0xffffffe1 -or eax, edx -mov byte [esi + ecx*4 + 9], al - -loc_fffca595: ; not directly referenced -mov eax, dword [ebp - 0x270] -mov ebx, dword [ebp - 0x288] -mov esi, dword [ebp - 0x29c] -shl eax, 9 -add ebx, eax -mov dword [ebp - 0x270], ebx -lea esi, [esi + eax + 0x50] -xor ebx, ebx -jmp short loc_fffca604 ; jmp 0xfffca604 - -loc_fffca5ba: ; not directly referenced -mov edx, eax -lea esi, [ebx + ebx*2] -and edx, 0xf -add esi, dword [ebp - 0x290] -add esi, dword [ebp - 0x260] -lea ecx, [ebx*4] -shl edx, cl -add dword [ebp - 0x274], edx -xor edx, edx - -loc_fffca5df: ; not directly referenced -imul ecx, edx, 0xd8 -inc edx -mov byte [esi + ecx + 0x942], al -cmp byte [ebp - 0x279], dl -ja short loc_fffca5df ; ja 0xfffca5df -inc ebx -cmp byte [ebp - 0x26c], bl -ja loc_fffca52e ; ja 0xfffca52e -jmp short loc_fffca595 ; jmp 0xfffca595 +call dword [ebp - 0x58] ; ucall +and esi, 3 +mov word [ebp - 0x114], si +add esp, 0xc +push 0xb +push dword [ebp - 0x10c] +and eax, 4 +push dword [ebp - 0x110] +xor word [ebp - 0x114], ax +xor word [ebp - 0x114], bx +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 8 +xor word [ebp - 0x114], ax -loc_fffca604: ; not directly referenced -mov eax, dword [edi + 0x188b] -mov edx, dword [ebp - 0x270] -test eax, eax -je short loc_fffca61a ; je 0xfffca61a +loc_fffc9895: ; not directly referenced +push esi +push 0xb +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall xor edx, edx +add esp, 0xc +mov ebx, eax +mov eax, dword [ebp - 0x138] +add eax, 0xb +push eax +push edx +push edi +call dword [ebp - 0x58] ; ucall dec eax -cmove edx, esi - -loc_fffca61a: ; not directly referenced -mov ecx, dword [ebp - 0x274] -mov eax, edi -inc ebx -add esi, 4 -call fcn_fffae58c ; call 0xfffae58c -cmp bl, byte [ebp - 0x279] -jb short loc_fffca604 ; jb 0xfffca604 -sub esp, 0xc -mov edx, dword [ebp - 0x25c] -mov ecx, 1 -push 0 -mov eax, edi -push 1 -push 0 -push 0 -push 0 -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 -inc byte [ebp - 0x268] -jmp near loc_fffca4dd ; jmp 0xfffca4dd +mov word [ebp - 0x128], ax +and word [ebp - 0x128], bx +jmp near loc_fffc9665 ; jmp 0xfffc9665 -loc_fffca660: ; not directly referenced -cmp dword [ebp - 0x264], 0 -jne short loc_fffca6b9 ; jne 0xfffca6b9 +loc_fffc98d1: ; not directly referenced +cmp dword [ebp - 0x150], 0 +je short loc_fffc9913 ; je 0xfffc9913 +push ebx +push 0xb +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +add esp, 0xc +push 8 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +mov ebx, eax +call dword [ebp - 0x58] ; ucall +and ebx, 3 +add esp, 0x10 +and eax, 4 +xor ebx, eax +xor word [ebp - 0x114], bx -loc_fffca669: ; not directly referenced -cmp dword [ebp - 0x298], 0 -je loc_fffca7b3 ; je 0xfffca7b3 -mov ecx, dword [ebp - 0x2ac] -mov eax, edi -mov edx, 0x3a28 -or ecx, 2 -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x5f08 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x5f08 -or ah, 1 -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0xe1 -mov eax, edi -call fcn_fffa834b ; call 0xfffa834b -jmp near loc_fffca7b3 ; jmp 0xfffca7b3 +loc_fffc9913: ; not directly referenced +push ecx +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +mov ecx, dword [ebp - 0x138] +add ecx, 0xa +shr edi, cl +lea esi, [edi - 1] +mov word [ebp - 0x128], si +jmp near loc_fffc965e ; jmp 0xfffc965e -loc_fffca6b9: ; not directly referenced -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 +loc_fffc993f: ; not directly referenced +cmp word [ebp - 0x116], 9 +jne short loc_fffc9976 ; jne 0xfffc9976 +push edx push 1 -push 0 -push 0 -push 4 -push edi -call fcn_fffcc900 ; call 0xfffcc900 -mov ebx, dword [ebp - 0x280] -add esp, 0x30 -mov dword [ebp - 0x260], 0 - -loc_fffca6e8: ; not directly referenced -cmp dword [ebx], 2 -je short loc_fffca708 ; je 0xfffca708 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x5c] ; ucall +mov ecx, dword [ebp - 0x144] +add esp, 0x10 +dec ecx +mov dword [ebp - 0x110], eax +lea eax, [edi + edi] +mov dword [ebp - 0x10c], edx +jmp short loc_fffc99ac ; jmp 0xfffc99ac -loc_fffca6ed: ; not directly referenced -inc dword [ebp - 0x260] -add ebx, 0x13c3 -cmp dword [ebp - 0x260], 2 -je loc_fffca669 ; je 0xfffca669 -jmp short loc_fffca6e8 ; jmp 0xfffca6e8 +loc_fffc9976: ; not directly referenced +cmp word [ebp - 0x116], 0xb +jne short loc_fffc99af ; jne 0xfffc99af +push eax +push 1 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +mov dword [ebp - 0x110], eax +mov eax, edi +shr eax, 1 +cmp dword [ebp - 0x144], 1 +mov dword [ebp - 0x10c], edx -loc_fffca708: ; not directly referenced -imul eax, dword [ebp - 0x260], 9 -lea esi, [ebp - 0x18] -mov byte [ebp - 0x264], 0 -add eax, esi -mov dword [ebp - 0x268], eax +loc_fffc99ac: ; not directly referenced +cmove edi, eax -loc_fffca721: ; not directly referenced -mov al, byte [ebp - 0x264] -cmp al, byte [edi + 0x2488] -jae short loc_fffca6ed ; jae 0xfffca6ed -movzx esi, byte [ebp - 0x264] -mov eax, dword [ebp - 0x268] -mov dword [ebp - 0x25c], 0 -mov dl, byte [esi + eax - 0x1e6] -test dl, dl -lea eax, [edx - 1] -lea ecx, [edx + 1] -mov dl, 2 -cmovns eax, ecx -cbw -idiv dl -mov byte [ebx + esi + 0x101d], al +loc_fffc99af: ; not directly referenced +mov al, byte [ebp - 0x168] +test byte [ebp - 0x138], al +je loc_fffc9a86 ; je 0xfffc9a86 +shr ebx, 0x1b +and ebx, 7 +push eax +lea eax, [ebx + 0xe] +movzx eax, al +push eax +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 7 +push dword [ebp - 0x10c] +and eax, 1 +push dword [ebp - 0x110] +mov word [ebp - 0x116], ax +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 7 +cmp dword [ebp - 0x150], 0 +mov word [ebp - 0x114], ax +je short loc_fffc9a31 ; je 0xfffc9a31 +push eax +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 7 +xor word [ebp - 0x114], ax -loc_fffca765: ; not directly referenced -mov cl, byte [ebp - 0x25c] -mov eax, 1 -shl eax, cl -test byte [ebx + 0xc4], al -je short loc_fffca799 ; je 0xfffca799 -mov ecx, dword [ebp - 0x25c] +loc_fffc9a31: ; not directly referenced push eax -mov edx, dword [ebp - 0x260] +movzx ebx, bx +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +lea ecx, [ebx + 4] +mov edx, 1 +shl edx, cl +lea ecx, [edx - 1] +mov ebx, ecx +add esp, 0x10 +not ebx +mov edx, eax +and eax, ecx +shr dx, 1 +and edx, ebx +or edx, eax +mov al, byte [ebp - 0x144] +lea ecx, [eax + 0xa] mov eax, edi -push 0 -push 0xff +shr eax, cl +dec eax +mov word [ebp - 0x128], ax +and word [ebp - 0x128], dx +jmp near loc_fffc9d70 ; jmp 0xfffc9d70 + +loc_fffc9a86: ; not directly referenced +mov al, byte [ebp - 0x164] +test byte [ebp - 0x138], al +je loc_fffc9b61 ; je 0xfffc9b61 +cmp dword [ebp - 0x150], 0 +je short loc_fffc9acb ; je 0xfffc9acb +mov esi, dword [ebp - 0x10c] +mov ebx, dword [ebp - 0x110] +push eax +push 4 push esi -call fcn_fffa7499 ; call 0xfffa7499 +push ebx +call dword [ebp - 0x58] ; ucall add esp, 0x10 +mov dword [ebp - 0x10c], esi +and eax, 0x780 +xor eax, ebx +mov dword [ebp - 0x110], eax -loc_fffca799: ; not directly referenced -inc dword [ebp - 0x25c] -cmp dword [ebp - 0x25c], 4 -jne short loc_fffca765 ; jne 0xfffca765 -inc byte [ebp - 0x264] -jmp near loc_fffca721 ; jmp 0xfffca721 - -loc_fffca7b3: ; not directly referenced -mov esi, dword [ebp - 0x2a0] -xor ebx, ebx - -loc_fffca7bb: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [edi + eax + 0x3756], 2 -jne loc_fffca862 ; jne 0xfffca862 -mov byte [ebp - 0x25c], 0 +loc_fffc9acb: ; not directly referenced +mov esi, dword [ebp - 0x10c] +mov ebx, dword [ebp - 0x110] +push eax +push 9 +push esi +push ebx +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 8 +push esi +push ebx +mov dword [ebp - 0x110], ebx +and eax, 1 +mov word [ebp - 0x116], ax +mov dword [ebp - 0x10c], esi +call dword [ebp - 0x58] ; ucall +add esp, 0xc +push 7 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +mov ebx, eax +call dword [ebp - 0x58] ; ucall +add esp, 0xc +and ebx, 4 +push 0xb +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +and eax, 3 +mov word [ebp - 0x114], ax +or word [ebp - 0x114], bx +call dword [ebp - 0x58] ; ucall +mov cl, byte [ebp - 0x144] +add esp, 0x10 +add ecx, 0xa +shr edi, cl +lea edi, [edi - 1] +mov word [ebp - 0x128], di +and word [ebp - 0x128], ax +jmp near loc_fffc9d70 ; jmp 0xfffc9d70 -loc_fffca7d6: ; not directly referenced -mov al, byte [ebp - 0x25c] -cmp al, byte [edi + 0x2488] -jae short loc_fffca849 ; jae 0xfffca849 -movzx eax, byte [ebp - 0x25c] -mov edx, ebx -mov ecx, eax -mov dword [ebp - 0x260], eax -mov eax, edi -call fcn_fffa720e ; call 0xfffa720e -mov ecx, dword [ebp - 0x260] -lea ecx, [esi + ecx*4] -mov dword [ebp - 0x264], ecx -mov ecx, dword [ecx + 0x28] -mov edx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x2b8], 0 -je short loc_fffca841 ; je 0xfffca841 -mov ecx, dword [ebp - 0x260] -mov edx, ebx -mov eax, edi -call fcn_fffa724b ; call 0xfffa724b -mov ecx, dword [ebp - 0x264] -mov ecx, dword [ecx + 4] -mov edx, eax +loc_fffc9b61: ; not directly referenced +cmp dword [ebp - 0x144], 1 +jne loc_fffc9c03 ; jne 0xfffc9c03 +mov ecx, dword [ebp - 0x110] mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +shr eax, 1 +mov ebx, dword [ebp - 0x10c] +push esi +push 7 +test ecx, eax +setne al +and eax, dword [ebp - 0x138] +push ebx +push ecx +mov word [ebp - 0x116], ax +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 7 +cmp dword [ebp - 0x150], 0 +mov word [ebp - 0x114], ax +je short loc_fffc9bcd ; je 0xfffc9bcd +push ebx +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 7 +xor word [ebp - 0x114], ax -loc_fffca841: ; not directly referenced -inc byte [ebp - 0x25c] -jmp short loc_fffca7d6 ; jmp 0xfffca7d6 +loc_fffc9bcd: ; not directly referenced +push ecx +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +mov ecx, dword [ebp - 0x138] +add esp, 0x10 +add ecx, 0xa +shr edi, cl +lea esi, [edi - 1] +mov word [ebp - 0x128], si +and word [ebp - 0x128], ax +jmp near loc_fffc9d7d ; jmp 0xfffc9d7d -loc_fffca849: ; not directly referenced -mov ecx, 0xff -mov edx, ebx -mov eax, edi -call fcn_fffa7288 ; call 0xfffa7288 -mov ecx, dword [esi] -mov edx, eax -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +loc_fffc9c03: ; not directly referenced +cmp dword [ebp - 0x138], 0 +je loc_fffc9cf2 ; je 0xfffc9cf2 +mov al, byte [ebp - 0x154] +and eax, 1 +cmp word [ebp - 0x116], 0xb +sete dl +test dl, al +je short loc_fffc9c48 ; je 0xfffc9c48 +cmp edi, 0x4000000 +je short loc_fffc9c43 ; je 0xfffc9c43 +cmp edi, 0x8000000 +jne loc_fffc9ec0 ; jne 0xfffc9ec0 +mov edi, 0x4000000 +jmp short loc_fffc9c48 ; jmp 0xfffc9c48 -loc_fffca862: ; not directly referenced -inc ebx -add esi, 0xcc -cmp ebx, 2 -jne loc_fffca7bb ; jne 0xfffca7bb -mov eax, edi -call fcn_fffb0e8a ; call 0xfffb0e8a +loc_fffc9c43: ; not directly referenced +mov edi, 0x2000000 -loc_fffca879: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffc9c48: ; not directly referenced +cmp word [ebp - 0x116], 9 +sete dl +test dl, al +je short loc_fffc9c64 ; je 0xfffc9c64 +cmp edi, 0x1000000 +je short loc_fffc9cc6 ; je 0xfffc9cc6 +jmp near loc_fffc9ec0 ; jmp 0xfffc9ec0 -fcn_fffca881: ; not directly referenced -push ebp -mov ebp, esp -push esi -push ebx -mov ebx, dword [ebp + 8] +loc_fffc9c64: ; not directly referenced +cmp edi, 0x2000000 +je short loc_fffc9cc6 ; je 0xfffc9cc6 +ja short loc_fffc9c8e ; ja 0xfffc9c8e +cmp edi, 0x800000 +je short loc_fffc9cae ; je 0xfffc9cae +cmp edi, 0x1000000 +jne loc_fffc9ec0 ; jne 0xfffc9ec0 +mov eax, 0x17 +mov esi, 0x7ffc00 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 + +loc_fffc9c8e: ; not directly referenced +cmp edi, 0x4000000 +je short loc_fffc9cba ; je 0xfffc9cba +cmp edi, 0x8000000 +jne loc_fffc9ec0 ; jne 0xfffc9ec0 +mov eax, 0x1a +mov esi, 0x3fffc00 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 + +loc_fffc9cae: ; not directly referenced +mov eax, 0x16 +mov esi, 0x3ffc00 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 + +loc_fffc9cba: ; not directly referenced +mov eax, 0x19 +mov esi, 0x1fffc00 +jmp short loc_fffc9cd0 ; jmp 0xfffc9cd0 + +loc_fffc9cc6: ; not directly referenced +mov eax, 0x18 +mov esi, 0xfffc00 + +loc_fffc9cd0: ; not directly referenced push edx +xor ebx, ebx +push eax +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 1 +mov word [ebp - 0x116], ax +jmp short loc_fffc9d03 ; jmp 0xfffc9d03 + +loc_fffc9cf2: ; not directly referenced +mov word [ebp - 0x116], 0 +mov esi, 0xfffffc00 +or ebx, 0xffffffff + +loc_fffc9d03: ; not directly referenced +push eax +push 7 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 7 +cmp dword [ebp - 0x150], 0 +mov word [ebp - 0x114], ax +je short loc_fffc9d4a ; je 0xfffc9d4a +push edi +push 0xa +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +and eax, 7 +xor word [ebp - 0x114], ax + +loc_fffc9d4a: ; not directly referenced +mov edi, dword [ebp - 0x10c] +mov ecx, esi +mov esi, dword [ebp - 0x110] +and edi, ebx +push ebx +and ecx, esi +push 0xa +push edi +push ecx +call dword [ebp - 0x58] ; ucall +mov word [ebp - 0x128], ax +jmp near loc_fffc9ebb ; jmp 0xfffc9ebb + +loc_fffc9d70: ; not directly referenced +cmp dword [ebp - 0x144], 1 +jne loc_fffc9ecb ; jne 0xfffc9ecb + +loc_fffc9d7d: ; not directly referenced +movzx esi, word [ebp - 0x116] +xor ebx, ebx +movzx edi, word [ebp - 0x118] + +loc_fffc9d8d: ; not directly referenced +push ecx +push 0x3f +push dword [ebp + ebx*2 - 0xe4] +push dword [ebp + ebx*2 - 0xe8] +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +test al, 1 +je short loc_fffc9dea ; je 0xfffc9dea +sub esp, 0xc +movzx eax, word [ebp - 0x160] +mov ecx, esi +push dword [ebp - 0x148] +mov edx, edi +push dword [ebp + ebx - 0xf8] +push eax +movzx eax, word [ebp - 0x128] +push eax +movzx eax, word [ebp - 0x114] +push eax +mov eax, dword [ebp - 0x16c] +call fcn_fffce2bd ; call 0xfffce2bd +add esp, 0x20 +test eax, eax +jne loc_fffc9ed7 ; jne 0xfffc9ed7 + +loc_fffc9dea: ; not directly referenced +add ebx, 4 +cmp ebx, 0x10 +jne short loc_fffc9d8d ; jne 0xfffc9d8d +xor bl, bl + +loc_fffc9df4: ; not directly referenced push edx -movzx ecx, byte [ebx + 0x248e] -lea esi, [ebx + 0x2490] -mov eax, ebx -push 0 -mov edx, esi -push 0xf -push 1 +mov ecx, dword [ebp - 0x12c] +push dword [ebp + ebx*8 - 0xe4] +push dword [ebp + ebx*8 - 0xe8] +mov edx, dword [ebp - 0x130] +lea eax, [ebp - 0xc4] push 0 -push 1 -push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 +call fcn_fffb6511 ; call 0xfffb6511 +add esp, 0x10 test eax, eax -jne short loc_fffca8f5 ; jne 0xfffca8f5 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffca8d4 ; jne 0xfffca8d4 -cmp dword [ebx + 0x2480], 1 -jne short loc_fffca8d4 ; jne 0xfffca8d4 -mov ecx, 2 -mov edx, esi -mov eax, ebx -call fcn_fffbd80c ; call 0xfffbd80c +je short loc_fffc9e95 ; je 0xfffc9e95 +mov eax, dword [ebp + ebx*4 - 0xf8] +mov edx, eax +shr edx, 0x1d +mov esi, edx +mov edx, eax +and esi, 1 +shr edx, 0xc +cmp dword [ebp - 0x140], 0 +mov word [ebp - 0x158], si +jne loc_fffc9f2a ; jne 0xfffc9f2a +mov edi, edx +mov edx, eax +and edi, 1 +shr edx, 0xb +mov word [ebp - 0x118], di +mov esi, edx +mov edi, eax +and esi, 1 +shr edi, 8 +mov word [ebp - 0x116], si +mov esi, edi +and esi, 7 +mov word [ebp - 0x114], si -loc_fffca8d4: ; not directly referenced -push eax -mov edx, esi +loc_fffc9e7b: ; not directly referenced +mov edi, eax +movzx eax, al +shr edi, 0xd +shl eax, 3 +mov dword [ebp - 0x128], edi +mov word [ebp - 0x156], ax +jmp short loc_fffc9e9f ; jmp 0xfffc9e9f + +loc_fffc9e95: ; not directly referenced +inc ebx +cmp ebx, 4 +jne loc_fffc9df4 ; jne 0xfffc9df4 + +loc_fffc9e9f: ; not directly referenced push eax -movzx ecx, byte [ebx + 0x248e] -mov eax, ebx -push 1 -push 0xf -push 0 -push 0 -push 0 -push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 +push 3 +push dword [ebp - 0x12c] +push dword [ebp - 0x130] +call dword [ebp - 0x58] ; ucall +and eax, 7 +or word [ebp - 0x156], ax -loc_fffca8f5: ; not directly referenced -lea esp, [ebp - 8] +loc_fffc9ebb: ; not directly referenced +add esp, 0x10 +jmp short loc_fffc9ecb ; jmp 0xfffc9ecb + +loc_fffc9ec0: ; not directly referenced +mov word [ebp - 0x116], 0 +jmp short loc_fffc9ee1 ; jmp 0xfffc9ee1 + +loc_fffc9ecb: ; not directly referenced +mov dword [ebp - 0x140], 1 +jmp short loc_fffc9ee1 ; jmp 0xfffc9ee1 + +loc_fffc9ed7: ; not directly referenced +mov dword [ebp - 0x140], 0 + +loc_fffc9ee1: ; not directly referenced +mov eax, dword [ebp + 0x10] +mov ecx, dword [ebp - 0x128] +mov si, word [ebp - 0x156] +mov byte [eax], 0 +mov edi, eax +mov al, byte [ebp - 0x158] +mov word [edi + 7], cx +mov word [edi + 5], si +mov byte [edi + 1], al +mov al, byte [ebp - 0x118] +mov byte [edi + 2], al +mov al, byte [ebp - 0x116] +mov byte [edi + 3], al +mov al, byte [ebp - 0x114] +mov byte [edi + 4], al +mov al, byte [ebp - 0x140] +jmp short loc_fffc9f55 ; jmp 0xfffc9f55 + +loc_fffc9f2a: ; not directly referenced +mov esi, edx +mov edi, eax +and esi, 1 +shr edi, 8 +mov word [ebp - 0x116], si +mov esi, edi +and esi, 0xf +mov word [ebp - 0x114], si +mov word [ebp - 0x118], 0 +jmp near loc_fffc9e7b ; jmp 0xfffc9e7b + +loc_fffc9f55: ; not directly referenced +lea esp, [ebp - 0xc] pop ebx pop esi +pop edi pop ebp ret -fcn_fffca8fc: ; not directly referenced +fcn_fffc9f5d: ; not directly referenced push ebp mov ebp, esp +push edi push esi push ebx -mov ebx, dword [ebp + 8] -push edx -push edx -movzx ecx, byte [ebx + 0x248e] -lea esi, [ebx + 0x2490] -mov eax, ebx +sub esp, 0x4c +mov eax, dword [ebp + 8] +call fcn_fffaa4a9 ; call 0xfffaa4a9 +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +call fcn_fffa67d6 ; call 0xfffa67d6 +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +mov ecx, 0xf +mov edx, 0x4d94 +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 3 +jne loc_fffca108 ; jne 0xfffca108 +mov ecx, 0xf +mov edx, 0x4d90 +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp + 8] +mov edx, 0x5030 +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5030 +or eax, 0x400000 +mov ecx, eax +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp + 8] +mov edx, 1 +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp + 8] +cmp dword [eax + 0x3757], 2 +jne short loc_fffca006 ; jne 0xfffca006 +movzx ecx, byte [eax + 0x47e9] +mov edx, 0x4192 +call fcn_fffb335b ; call 0xfffb335b + +loc_fffca006: ; not directly referenced +mov eax, dword [ebp + 8] +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffca023 ; jne 0xfffca023 +movzx ecx, byte [eax + 0x5bac] +mov edx, 0x4592 +call fcn_fffb335b ; call 0xfffb335b + +loc_fffca023: ; not directly referenced +mov eax, dword [ebp + 8] +mov edx, 0xbb8 +xor ebx, ebx +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp + 8] +lea edi, [eax + 0x3757] + +loc_fffca03b: ; not directly referenced +cmp dword [edi], 2 +je short loc_fffca05d ; je 0xfffca05d + +loc_fffca040: ; not directly referenced +inc ebx +add edi, 0x13c3 +cmp ebx, 2 +jne short loc_fffca03b ; jne 0xfffca03b +mov eax, dword [ebp + 8] +mov edx, 0x96 +xor esi, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +jmp short loc_fffca0da ; jmp 0xfffca0da + +loc_fffca05d: ; not directly referenced +mov dword [ebp - 0x30], 0 + +loc_fffca064: ; not directly referenced +mov cl, byte [ebp - 0x30] +mov eax, 1 +shl eax, cl +test byte [edi + 0xc4], al +jne short loc_fffca081 ; jne 0xfffca081 + +loc_fffca076: ; not directly referenced +inc dword [ebp - 0x30] +cmp dword [ebp - 0x30], 4 +jne short loc_fffca064 ; jne 0xfffca064 +jmp short loc_fffca040 ; jmp 0xfffca040 + +loc_fffca081: ; not directly referenced +mov esi, dword [ebp + 8] +cmp byte [esi + 0x247d], 0 +je short loc_fffca0ba ; je 0xfffca0ba push 0 -mov edx, esi -push 0xf -push 1 +mov ecx, eax +mov eax, dword [ebp + 8] +lea esi, [ebp - 0x24] +mov edx, ebx +push esi push 0 +push 7 +mov dword [ebp - 0x24], 0x8600 +call fcn_fffa947f ; call 0xfffa947f +mov eax, dword [ebp + 8] +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +add esp, 0x10 + +loc_fffca0ba: ; not directly referenced +mov eax, dword [ebp + 8] +mov edx, ebx +push ecx +mov ecx, dword [ebp - 0x30] push 1 -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 +push 0xfc +push 0x3f +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +mov esi, eax test eax, eax -jne short loc_fffca967 ; jne 0xfffca967 -cmp dword [ebx + 0x188b], 1 -jne short loc_fffca946 ; jne 0xfffca946 -mov ecx, 1 -mov edx, esi -mov eax, ebx -call fcn_fffbd80c ; call 0xfffbd80c +je short loc_fffca076 ; je 0xfffca076 -loc_fffca946: ; not directly referenced -push eax -mov edx, esi +loc_fffca0da: ; not directly referenced +mov eax, dword [ebp + 8] +cmp byte [eax + 0x247d], 0 +je short loc_fffca0f4 ; je 0xfffca0f4 +sub esp, 0xc push eax -movzx ecx, byte [ebx + 0x248e] -mov eax, ebx -push 1 -push 0xf -push 0 -push 1 -push 0 -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 +call fcn_fffae06f ; call 0xfffae06f +add esp, 0x10 +mov esi, eax -loc_fffca967: ; not directly referenced -lea esp, [ebp - 8] -pop ebx -pop esi -pop ebp -ret +loc_fffca0f4: ; not directly referenced +mov eax, dword [ebp + 8] +xor ecx, ecx +mov edx, 0x4d94 +call fcn_fffb38b3 ; call 0xfffb38b3 +jmp near loc_fffcad89 ; jmp 0xfffcad89 -fcn_fffca96e: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -push ebx -sub esp, 0xad10 -mov esi, dword [ebp + 0x20] -mov ebx, dword [ebp + 0x24] -mov dword [ebp - 0xacb4], edx -mov dl, byte [ebp + 0x14] -mov dword [ebp - 0xac88], ecx -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0xacb0], esi -mov dword [ebp - 0xacac], ebx -mov ebx, dword [ebp + 0x28] -mov byte [ebp - 0xace6], dl -mov edx, esi -mov esi, dword [edi + 0x5edc] -mov byte [ebp - 0xac90], dl -mov dl, byte [ebp - 0xacac] -mov dword [ebp - 0xac98], eax -mov ecx, ebx -mov byte [ebp - 0xac8c], al -mov byte [ebp - 0xaca1], dl -mov dl, cl -mov ecx, dword [edi + 0x2480] -mov dword [ebp - 0xaca0], edx -mov dl, byte [ebp + 0x30] -mov dword [ebp - 0xac94], ebx -mov ebx, dword [ebp + 0x2c] -mov dword [ebp - 0xaca8], esi -mov esi, dword [edi + 0x2443] -mov dword [ebp - 0xacc4], ecx -mov byte [ebp - 0xad09], dl -mov edx, dword [edi + 0x188b] -mov dword [ebp - 0xacc0], edx -dec edx -sete dl -cmp al, 6 +loc_fffca108: ; not directly referenced +mov eax, dword [ebp + 8] +mov edx, dword [eax + 0x1887] +mov esi, dword [eax + 0x2444] +cmp edx, 0x306d0 sete al -mov byte [ebp - 0xacbb], dl -mov byte [ebp - 0xace7], al -and eax, edx +cmp edx, 0x40650 +sete dl +or eax, edx movzx eax, al -mov dword [ebp - 0xacc8], eax -mov al, byte [ebp - 0xac88] -and al, byte [edi + 0x248e] -push 0 -push 0x5ab4 -mov byte [ebp - 0xac88], al +mov dword [ebp - 0x34], eax +mov edi, eax mov eax, dword [ebp + 8] -and al, byte [edi + 0x248d] -mov byte [ebp - 0xac9c], al -lea eax, [ebp - 0x5acc] -push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0xff -push 0x3e -push dword [ebp - 0xacb4] -call dword [esi + 0x5c] ; ucall -lea eax, [ebp - 0xabcc] -add esp, 0xc +mov ebx, dword [eax + 0x18c1] +push 0xf0 push 0 -push 0x280 -push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc +push 0x1f push 0 -push 0x80 -lea eax, [ebp - 0xac4c] -push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x680 -lea eax, [ebp - 0xa94c] -push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0xac75] -push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x10 -lea eax, [ebp - 0xac5c] +call dword [esi + 0x4c] ; ucall +add ebx, eax +mov dword [esp], ebx +xor ebx, ebx +call dword [esi + 0x20] ; ucall +add esp, 0x10 +mov dword [ebp - 0x30], eax +and dword [ebp - 0x30], 0xfffffffe +test edi, edi +je short loc_fffca184 ; je 0xfffca184 +mov eax, dword [ebp - 0x30] +sub esp, 0xc +lea edi, [eax + 0x333c] +push edi +call dword [esi + 0x20] ; ucall +mov ebx, eax +pop eax +or ebx, 0x4000000 +pop edx +push ebx +push edi +call dword [esi + 0x30] ; ucall +add esp, 0x10 + +loc_fffca184: ; not directly referenced +mov eax, dword [ebp + 8] +mov ecx, 0x102 +mov edx, 0x5030 +mov edi, 0x102 +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp + 8] +mov ecx, 0xf +mov edx, 0x4d90 +call fcn_fffb3381 ; call 0xfffb3381 +cmp dword [ebp - 0x34], 0 +je short loc_fffca1cd ; je 0xfffca1cd push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0xac73] +and ebx, 0xfbffffff push eax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x4800 -lea eax, [ebp - 0xa2cc] +mov eax, dword [ebp - 0x30] +push ebx +add eax, 0x333c push eax -call dword [esi + 0x5c] ; ucall -mov edx, dword [ebp - 0xaca0] +call dword [esi + 0x30] ; ucall add esp, 0x10 -xor eax, eax - -loc_fffcab02: ; not directly referenced -mov byte [ebp + eax - 0xac71], al -inc eax -cmp eax, 9 -jne short loc_fffcab02 ; jne 0xfffcab02 -mov byte [edi + 0x247a], 0 -cmp bl, 9 -jne short loc_fffcab24 ; jne 0xfffcab24 -mov dl, byte [ebp - 0xac94] -dec edx -jmp short loc_fffcab33 ; jmp 0xfffcab33 +jmp short loc_fffca1ee ; jmp 0xfffca1ee -loc_fffcab24: ; not directly referenced -mov al, byte [ebp - 0xac94] -sub eax, 3 -cmp bl, 0xa -cmove edx, eax +loc_fffca1cd: ; not directly referenced +mov eax, dword [ebp + 8] +mov edx, 0x5030 +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x5030 +mov edi, eax +mov eax, dword [ebp + 8] +and edi, 0xfffffffd +mov ecx, edi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffcab33: ; not directly referenced -mov ecx, dword [ebp - 0xac98] -mov al, cl -sub eax, 0xa -cmp cl, 0xf -sete cl -cmp al, 2 -mov byte [ebp - 0xacbc], al -setbe al -or al, cl -mov byte [ebp - 0xac94], cl -movzx ecx, dl -movzx edx, byte [ebp - 0xac88] -je short loc_fffcab7e ; je 0xfffcab7e -sub esp, 0xc -mov eax, edi -push 0 -call fcn_fffb2759 ; call 0xfffb2759 +loc_fffca1ee: ; not directly referenced +mov eax, dword [ebp + 8] +mov edx, 0xc8 +mov ecx, dword [ebp + 8] +mov eax, dword [eax + 0x18a7] +mov ecx, dword [ecx + eax*4 + 0x3736] +test ecx, ecx +je loc_fffca29f ; je 0xfffca29f +mov eax, dword [ebp + 8] +cmp byte [eax + 0x247a], 0 +jne loc_fffca29f ; jne 0xfffca29f +mov edx, dword [eax + 0x2444] +mov dword [ebp - 0x3c], ecx +push ecx +movzx eax, byte [eax + 0x187f] +mov dword [ebp - 0x38], edx +push eax +mov eax, dword [ebp + 8] +movzx eax, byte [eax + 0x18b0] +push eax +mov eax, dword [ebp + 8] +push dword [eax + 0x18c1] +call dword [edx + 0x88] ; ucall +mov ecx, dword [ebp - 0x3c] add esp, 0x10 -mov dword [ebp - 0xacf0], 1 -jmp short loc_fffcab97 ; jmp 0xfffcab97 - -loc_fffcab7e: ; not directly referenced -sub esp, 0xc -mov eax, edi -push 0 -call fcn_fffb26ca ; call 0xfffb26ca +cmp ecx, eax +je short loc_fffca283 ; je 0xfffca283 +mov eax, dword [ebp + 8] +push ecx +mov edx, dword [ebp - 0x38] +movzx eax, byte [eax + 0x187f] +push eax +mov eax, dword [ebp + 8] +movzx eax, byte [eax + 0x18b0] +push eax +mov eax, dword [ebp + 8] +push dword [eax + 0x18c1] +call dword [edx + 0x8c] ; ucall add esp, 0x10 -mov dword [ebp - 0xacf0], 0 - -loc_fffcab97: ; not directly referenced -test bl, bl -je short loc_fffcaba1 ; je 0xfffcaba1 -mov byte [edi + 0x248b], bl -loc_fffcaba1: ; not directly referenced -mov eax, dword [ebp - 0xaca8] -xor ebx, ebx -mov byte [ebp - 0xaca3], 0 -add eax, 0x70 -mov dword [ebp - 0xaca0], eax -movzx eax, byte [ebp - 0xac88] -mov dword [ebp - 0xac88], eax +loc_fffca283: ; not directly referenced +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x18ee] +mov dword [ebp - 0x38], eax +lea edx, [eax + 0xc8] +mov eax, dword [ebp + 8] +mov byte [eax + 0x247a], 1 -loc_fffcabc6: ; not directly referenced -mov eax, dword [ebp - 0xac88] -bt eax, ebx -jae short loc_fffcac14 ; jae 0xfffcac14 -imul eax, ebx, 0x13c3 -mov cl, byte [ebp - 0xac9c] -mov edx, ebx -and cl, byte [edi + eax + 0x381a] -mov eax, edi -mov byte [ebp + ebx - 0xac75], cl -movzx ecx, cl -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0xaca3], al +loc_fffca29f: ; not directly referenced +imul edx, edx, 0xf +mov eax, dword [ebp + 8] +call fcn_fffa82f9 ; call 0xfffa82f9 +cmp dword [ebp - 0x34], 0 +je short loc_fffca2ca ; je 0xfffca2ca push eax -movzx eax, byte [edi + 0x2488] -push 0 +or ebx, 0x4000000 push eax -push dword [ebp - 0xaca0] -call dword [esi + 0x5c] ; ucall +mov eax, dword [ebp - 0x30] +push ebx +add eax, 0x333c +push eax +call dword [esi + 0x30] ; ucall add esp, 0x10 +jmp short loc_fffca2dc ; jmp 0xfffca2dc -loc_fffcac14: ; not directly referenced -inc ebx -add dword [ebp - 0xaca0], 0xcc -cmp ebx, 2 -jne short loc_fffcabc6 ; jne 0xfffcabc6 -cmp byte [ebp - 0xaca3], 0 -je loc_fffcbd35 ; je 0xfffcbd35 -movzx esi, byte [ebp - 0xac9c] +loc_fffca2ca: ; not directly referenced +mov eax, dword [ebp + 8] +or edi, 2 +mov edx, 0x5030 +mov ecx, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffca2dc: ; not directly referenced +mov eax, dword [ebp + 8] +mov edx, 0x1d4c +or edi, 0x400000 +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp + 8] +mov ecx, edi +mov edx, 0x5030 +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, dword [ebp + 8] +mov edx, 1 +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp + 8] +cmp dword [eax + 0x3757], 2 +jne short loc_fffca328 ; jne 0xfffca328 +movzx ecx, byte [eax + 0x381b] +mov edx, 0x4192 +call fcn_fffb335b ; call 0xfffb335b + +loc_fffca328: ; not directly referenced +mov eax, dword [ebp + 8] +cmp dword [eax + 0x4b1a], 2 +jne short loc_fffca345 ; jne 0xfffca345 +movzx ecx, byte [eax + 0x4bde] +mov edx, 0x4592 +call fcn_fffb335b ; call 0xfffb335b + +loc_fffca345: ; not directly referenced +mov eax, dword [ebp + 8] +mov edx, 1 +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp + 8] +cmp dword [eax + 0x2481], 2 +jne loc_fffca94c ; jne 0xfffca94c +mov edi, dword [eax + 0x36d8] xor eax, eax -mov dword [ebp - 0xacec], esi +cmp edi, 0x640 +jbe short loc_fffca37d ; jbe 0xfffca37d +cmp edi, 0x961 +sbb eax, eax +add eax, 2 -loc_fffcac40: ; not directly referenced -mov esi, dword [ebp - 0xacec] -mov byte [ebp - 0xaca4], al -bt esi, eax -jb short loc_fffcac5e ; jb 0xfffcac5e -inc eax -cmp eax, 4 -jne short loc_fffcac40 ; jne 0xfffcac40 -mov byte [ebp - 0xaca4], 0 +loc_fffca37d: ; not directly referenced +mov esi, dword [ebp + 8] +cmp al, 3 +mov bl, 3 +cmovbe ebx, eax +xor eax, eax +and ebx, 3 +shl ebx, 9 +add esi, 0x374f +mov byte [ebp - 0x30], 0 +mov dword [ebp - 0x34], esi -loc_fffcac5e: ; not directly referenced -mov ecx, dword [ebp - 0xac98] -mov al, byte [edi + 0x2488] -mov bl, al -mov al, cl -sub eax, 7 -cmp al, 5 -mov byte [ebp - 0xace8], al -setbe al -or al, byte [ebp - 0xac94] -mov al, 1 -cmovne ebx, eax -mov eax, ecx -cmp cl, 3 +loc_fffca39c: ; not directly referenced +test eax, eax sete cl -cmp al, 1 +cmp byte [ebp - 0x30], 1 setbe dl -mov eax, 1 -or cl, dl -mov byte [ebp - 0xaca2], bl -jne short loc_fffcacaf ; jne 0xfffcacaf +test cl, dl +je loc_fffca45f ; je 0xfffca45f +movzx edx, byte [ebp - 0x30] xor eax, eax -cmp byte [ebp - 0xac98], 2 -sete al +mov ecx, dword [ebp + 8] +imul esi, edx, 0x13c3 +add ecx, esi +cmp dword [ecx + 0x3757], 2 +jne loc_fffca457 ; jne 0xfffca457 +mov eax, dword [ebp - 0x34] +lea eax, [eax + esi + 8] +test byte [ecx + 0x381b], 1 +je short loc_fffca407 ; je 0xfffca407 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x247c], 0 +jne short loc_fffca3fe ; jne 0xfffca3fe +mov word [eax + 0x1271], bx +mov word [eax + 0x1289], bx -loc_fffcacaf: ; not directly referenced -mov dword [ebp - 0xaccc], eax -xor eax, 1 -test byte [ebp - 0xacbb], al -je short loc_fffcacd9 ; je 0xfffcacd9 -cmp byte [ebp - 0xacbc], 1 -setbe al -or eax, dword [ebp - 0xac94] -movzx eax, al -mov dword [ebp - 0xaccc], eax +loc_fffca3f8: ; not directly referenced +mov word [ebp - 0x24], bx +jmp short loc_fffca407 ; jmp 0xfffca407 -loc_fffcacd9: ; not directly referenced -cmp dword [ebp - 0xaccc], 0 -mov byte [ebp - 0xac88], 0 -je loc_fffcae2f ; je 0xfffcae2f -xor esi, esi -xor ebx, ebx -cmp byte [ebp - 0xac98], 1 -jne short loc_fffcad17 ; jne 0xfffcad17 -mov edx, 0x3a04 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -cmp dword [ebp - 0xacc0], 0 -mov esi, eax -je loc_fffcadb4 ; je 0xfffcadb4 -jmp short loc_fffcad4e ; jmp 0xfffcad4e +loc_fffca3fe: ; not directly referenced +mov bx, word [eax + 0x1271] +jmp short loc_fffca3f8 ; jmp 0xfffca3f8 -loc_fffcad17: ; not directly referenced -mov edx, 0x3a00 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -cmp dword [ebp - 0xacc0], 0 -mov ebx, eax -jne short loc_fffcad4e ; jne 0xfffcad4e -mov ecx, dword [ebp - 0xac98] -cmp cl, 2 -je short loc_fffcad44 ; je 0xfffcad44 -cmp cl, 3 -je short loc_fffcad49 ; je 0xfffcad49 -test cl, cl -jne short loc_fffcadbd ; jne 0xfffcadbd -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +loc_fffca407: ; not directly referenced +imul ecx, edx, 0x13c3 +mov esi, dword [ebp + 8] +test byte [esi + ecx + 0x381b], 4 +je short loc_fffca440 ; je 0xfffca440 +cmp byte [esi + 0x247c], 0 +jne short loc_fffca437 ; jne 0xfffca437 +mov word [eax + 0x1399], bx +mov word [eax + 0x13b1], bx -loc_fffcad44: ; not directly referenced -shr eax, 0x1a -jmp short loc_fffcad93 ; jmp 0xfffcad93 +loc_fffca431: ; not directly referenced +mov word [ebp - 0x22], bx +jmp short loc_fffca440 ; jmp 0xfffca440 -loc_fffcad49: ; not directly referenced -shr eax, 0x14 -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +loc_fffca437: ; not directly referenced +mov bx, word [eax + 0x1399] +jmp short loc_fffca431 ; jmp 0xfffca431 -loc_fffcad4e: ; not directly referenced -mov edx, 0x3a08 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, 0x3a0c -mov dword [ebp - 0xac88], eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov eax, dword [ebp - 0xac98] -cmp al, 0xf -ja short loc_fffcadc1 ; ja 0xfffcadc1 -movzx eax, al -mov ecx, dword [ebp - 0xac88] -jmp dword [eax*4 + ref_fffd5ae0] ; ujmp: jmp dword [eax*4 - 0x2a520] +loc_fffca440: ; not directly referenced +sub esp, 0xc +mov ecx, 3 +lea eax, [ebp - 0x24] +push eax +mov eax, dword [ebp + 8] +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 -loc_fffcad86: ; not directly referenced -mov al, bl -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +loc_fffca457: ; not directly referenced +inc byte [ebp - 0x30] +jmp near loc_fffca39c ; jmp 0xfffca39c -loc_fffcad8a: ; not directly referenced -mov eax, esi -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +loc_fffca45f: ; not directly referenced +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +mov bl, 4 +movzx eax, byte [eax + 0x247e] +mov dword [ebp - 0x34], eax +cmp edi, 0x535 +jbe short loc_fffca495 ; jbe 0xfffca495 +mov bl, 5 +cmp edi, 0x74b +jbe short loc_fffca495 ; jbe 0xfffca495 +cmp edi, 0x961 +sbb ebx, ebx +add ebx, 7 -loc_fffcad8e: ; not directly referenced -shr ebx, 0x14 -mov al, bl +loc_fffca495: ; not directly referenced +sub ebx, 4 +mov al, 3 +cmp bl, 3 +cmova ebx, eax +mov eax, dword [ebp + 8] +xor esi, esi +and ebx, 7 +shl ebx, 0xa +or bl, 0x8d +mov byte [ebp - 0x30], 0 +lea edi, [eax + 0x374f] -loc_fffcad93: ; not directly referenced -and eax, 0x1f -mov byte [ebp - 0xac88], al -mov al, 0x1f -jmp short loc_fffcadca ; jmp 0xfffcadca +loc_fffca4b8: ; not directly referenced +test esi, esi +sete dl +cmp byte [ebp - 0x30], 1 +setbe al +test dl, al +je loc_fffca586 ; je 0xfffca586 +movzx edx, byte [ebp - 0x30] +xor esi, esi +mov ecx, dword [ebp + 8] +imul eax, edx, 0x13c3 +add ecx, eax +cmp dword [ecx + 0x3757], 2 +jne loc_fffca57e ; jne 0xfffca57e +lea eax, [edi + eax + 8] +test byte [ecx + 0x381b], 1 +je short loc_fffca526 ; je 0xfffca526 +mov esi, dword [ebp + 8] +cmp byte [esi + 0x247c], 0 +je short loc_fffca510 ; je 0xfffca510 -loc_fffcada0: ; not directly referenced -shr ebx, 0x1a -mov dword [ebp - 0xac88], ebx -jmp short loc_fffcadbd ; jmp 0xfffcadbd +loc_fffca503: ; not directly referenced +mov bx, word [eax + 0x1277] -loc_fffcadab: ; not directly referenced -mov eax, ecx -shr eax, 0xc -jmp short loc_fffcadb4 ; jmp 0xfffcadb4 +loc_fffca50a: ; not directly referenced +mov word [ebp - 0x24], bx +jmp short loc_fffca526 ; jmp 0xfffca526 -loc_fffcadb2: ; not directly referenced -mov al, cl +loc_fffca510: ; not directly referenced +cmp dword [ebp - 0x34], 0 +jne short loc_fffca503 ; jne 0xfffca503 +mov word [eax + 0x1277], bx +mov word [eax + 0x128f], bx +jmp short loc_fffca50a ; jmp 0xfffca50a -loc_fffcadb4: ; not directly referenced -and eax, 0x3f -mov byte [ebp - 0xac88], al +loc_fffca526: ; not directly referenced +imul ecx, edx, 0x13c3 +mov esi, dword [ebp + 8] +test byte [esi + ecx + 0x381b], 4 +je short loc_fffca565 ; je 0xfffca565 +cmp byte [esi + 0x247c], 0 +je short loc_fffca54f ; je 0xfffca54f -loc_fffcadbd: ; not directly referenced -mov al, 0x3f -jmp short loc_fffcadca ; jmp 0xfffcadca +loc_fffca542: ; not directly referenced +mov bx, word [eax + 0x139f] -loc_fffcadc1: ; not directly referenced -mov al, 0x3f -mov byte [ebp - 0xac88], 0 +loc_fffca549: ; not directly referenced +mov word [ebp - 0x22], bx +jmp short loc_fffca565 ; jmp 0xfffca565 -loc_fffcadca: ; not directly referenced -cmp byte [ebp - 0xac98], 0xa +loc_fffca54f: ; not directly referenced +cmp dword [ebp - 0x34], 0 +jne short loc_fffca542 ; jne 0xfffca542 +mov word [eax + 0x139f], bx +mov word [eax + 0x13b7], bx +jmp short loc_fffca549 ; jmp 0xfffca549 + +loc_fffca565: ; not directly referenced +sub esp, 0xc +mov ecx, 6 +lea eax, [ebp - 0x24] +push eax +mov eax, dword [ebp + 8] +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +mov esi, eax + +loc_fffca57e: ; not directly referenced +inc byte [ebp - 0x30] +jmp near loc_fffca4b8 ; jmp 0xfffca4b8 + +loc_fffca586: ; not directly referenced +mov dword [ebp - 0x38], esi +test esi, esi +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +mov ebx, 0x20 +mov byte [ebp - 0x30], 0 +add eax, 0x374f +mov dword [ebp - 0x40], eax + +loc_fffca5a5: ; not directly referenced +test esi, esi sete dl -or dl, byte [ebp - 0xac94] -jne short loc_fffcae01 ; jne 0xfffcae01 -mov esi, dword [ebp - 0xacb0] -mov bl, byte [ebp - 0xac88] -mov ecx, esi -lea edx, [ebx + ecx - 3] -mov bl, byte [ebp - 0xac90] -sub ecx, edx -test dl, dl -cmovs ebx, ecx -mov byte [ebp - 0xac90], bl +cmp byte [ebp - 0x30], 1 +setbe al +test dl, al +je loc_fffca67c ; je 0xfffca67c +movzx eax, byte [ebp - 0x30] +imul edx, eax, 0x13c3 +mov dword [ebp - 0x34], eax +mov eax, dword [ebp + 8] +add eax, edx +cmp dword [eax + 0x3757], 2 +jne loc_fffca671 ; jne 0xfffca671 +mov edi, dword [ebp - 0x40] +mov dword [ebp - 0x3c], eax +lea esi, [edi + edx + 0x127d] +xor edi, edi -loc_fffcae01: ; not directly referenced -movzx esi, byte [ebp - 0xaca1] -sub eax, 3 -sub eax, dword [ebp - 0xac88] -cmp al, byte [ebp - 0xacac] -cmovs esi, eax -mov eax, esi -mov esi, dword [ebp - 0xac90] -mov ebx, esi -cmp al, bl -cmovl eax, esi -mov byte [ebp - 0xaca1], al +loc_fffca5e7: ; not directly referenced +mov ecx, edi +mov eax, 1 +shl eax, cl +mov ecx, dword [ebp - 0x3c] +test byte [ecx + 0x381b], al +je short loc_fffca645 ; je 0xfffca645 +mov eax, dword [ebp + 8] +cmp byte [eax + 0x247c], 0 +je short loc_fffca60c ; je 0xfffca60c +mov bx, word [esi] +jmp short loc_fffca640 ; jmp 0xfffca640 -loc_fffcae2f: ; not directly referenced -mov eax, dword [ebp + 0x1c] -mov dword [ebp - 0xace4], eax -movzx eax, byte [ebp - 0xaca4] -imul esi, eax, 0x90 -mov dword [ebp - 0xacd8], eax -mov dword [ebp - 0xad08], esi -add esi, 4 -mov dword [ebp - 0xad00], esi -mov esi, dword [ebp + 0x10] -mov dword [ebp - 0xacb8], esi -movzx esi, byte [ebp - 0xace6] -mov word [ebp - 0xacba], si +loc_fffca60c: ; not directly referenced +mov edx, dword [ebp - 0x34] +mov eax, dword [ebp + 8] +call fcn_fffa6bf0 ; call 0xfffa6bf0 +test eax, eax +je loc_fffcab2e ; je 0xfffcab2e +movzx ecx, byte [eax + 2] +sub esp, 0xc +mov edx, dword [ebp + 8] +lea eax, [ebp - 0x2a] +push ebx +call fcn_fffa6c59 ; call 0xfffa6c59 +mov bx, word [ebp - 0x2a] +add esp, 0x10 +mov word [esi], bx +mov word [esi + 0x18], bx -loc_fffcae71: ; not directly referenced -mov eax, dword [ebp + 0x10] -mov esi, dword [ebp - 0xacb8] -mov word [ebp - 0xad04], ax -sub esi, eax -cmp si, word [ebp - 0xacba] -jae loc_fffcb350 ; jae 0xfffcb350 -mov eax, dword [ebp - 0xacb8] -mov al, byte [eax] -mov cl, al -mov byte [ebp - 0xac98], al -movzx eax, al -mov ebx, eax -mov dword [ebp - 0xacb0], eax -xor eax, eax -cmp cl, 0x21 -ja short loc_fffcaeb9 ; ja 0xfffcaeb9 -movzx eax, byte [ebx + ref_fffd5f1c] ; movzx eax, byte [ebx - 0x2a0e4] +loc_fffca640: ; not directly referenced +mov word [ebp + edi - 0x24], bx -loc_fffcaeb9: ; not directly referenced -cmp al, 8 -mov ebx, 8 -cmovbe ebx, eax -mov al, byte [ebp - 0xac98] -sub eax, 0xc -mov byte [ebp - 0xacdc], al -cmp al, 1 -jbe short loc_fffcaefa ; jbe 0xfffcaefa -push eax -mov ecx, dword [ebp - 0xacb0] +loc_fffca645: ; not directly referenced +add edi, 2 +add esi, 0x128 +cmp edi, 4 +jne short loc_fffca5e7 ; jne 0xfffca5e7 +sub esp, 0xc +mov edx, dword [ebp - 0x34] +mov ecx, 5 +lea eax, [ebp - 0x24] push eax -mov eax, edi -push dword [ebp - 0xacec] -push dword [ebp - 0xacd8] -lea edx, [edi + 0x2490] -call fcn_fffa7e6c ; call 0xfffa7e6c +mov eax, dword [ebp + 8] +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 +mov esi, eax +jmp short loc_fffca674 ; jmp 0xfffca674 -loc_fffcaefa: ; not directly referenced -cmp dword [ebp - 0xacc4], 2 -jne short loc_fffcaf27 ; jne 0xfffcaf27 -mov al, byte [ebp - 0xac98] -mov byte [ebp - 0xac9c], 0x25 -cmp al, 0x11 -sete dl -cmp al, 5 -sete al -or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 -cmp byte [ebp - 0xac98], 0x21 -je short loc_fffcaf83 ; je 0xfffcaf83 +loc_fffca671: ; not directly referenced +mov esi, dword [ebp - 0x38] -loc_fffcaf27: ; not directly referenced -mov al, byte [ebp - 0xac98] -mov byte [ebp - 0xac9c], 0x36 -cmp al, 0x10 -sete dl -cmp al, 4 -sete al -or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 -mov al, byte [ebp - 0xac98] -cmp al, 5 -sete dl -cmp al, 0x20 -sete al -or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 -mov al, byte [ebp - 0xac98] -cmp al, 0x21 -sete dl -cmp al, 0x11 -sete al -or dl, al -jne short loc_fffcaf83 ; jne 0xfffcaf83 -mov al, byte [ebp - 0xac98] -cmp al, 0xd -je short loc_fffcaf83 ; je 0xfffcaf83 -cmp al, 0xc -mov cl, 0x1f -mov al, 0x40 -cmove ecx, eax -mov byte [ebp - 0xac9c], cl +loc_fffca674: ; not directly referenced +inc byte [ebp - 0x30] +jmp near loc_fffca5a5 ; jmp 0xfffca5a5 -loc_fffcaf83: ; not directly referenced -mov eax, dword [ebp - 0xace4] -mov ecx, 0x14 -xor edx, edx -movzx esi, si -mov ax, word [eax] -div cx -mov cl, byte [ebp - 0xac9c] -movzx edx, cl -cmp dx, ax -cmova ecx, eax -imul ebx, ebx, 0x240 -lea eax, [edi + 0x2490] -mov dword [ebp - 0xace0], eax -mov byte [ebp - 0xac9c], cl -add eax, ebx -add eax, dword [ebp - 0xad00] -add ebx, dword [ebp - 0xad08] -mov dword [ebp - 0xad04], eax -imul eax, esi, 0x1200 -mov dword [ebp - 0xacf8], ebx -mov dword [ebp - 0xacfc], eax -movsx eax, byte [ebp - 0xac90] -mov byte [ebp - 0xaca0], al -mov dword [ebp - 0xad10], eax -movzx eax, byte [ebp - 0xaca3] -mov dword [ebp - 0xacac], eax +loc_fffca67c: ; not directly referenced +test esi, esi +jne loc_fffcad7f ; jne 0xfffcad7f +mov edi, dword [ebp + 8] +xor ebx, ebx +xor eax, eax +mov byte [ebp - 0x30], 0 +add edi, 0x374f -loc_fffcb006: ; not directly referenced -mov al, byte [ebp - 0xaca0] -cmp byte [ebp - 0xaca1], al -jl loc_fffcb33e ; jl 0xfffcb33e -movsx eax, byte [ebp - 0xaca0] -mov dword [ebp - 0xacd0], eax -mov eax, dword [ebp - 0xad10] -sub dword [ebp - 0xacd0], eax -cmp dword [ebp - 0xacc8], 0 -jne short loc_fffcb04d ; jne 0xfffcb04d +loc_fffca695: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x30], 1 +setbe dl +test cl, dl +je loc_fffca755 ; je 0xfffca755 +movzx edx, byte [ebp - 0x30] +xor eax, eax +mov ecx, dword [ebp + 8] +imul esi, edx, 0x13c3 +add ecx, esi +cmp dword [ecx + 0x3757], 2 +jne loc_fffca74d ; jne 0xfffca74d +lea eax, [edi + esi + 8] +test byte [ecx + 0x381b], 1 +je short loc_fffca6fd ; je 0xfffca6fd +mov esi, dword [ebp + 8] +cmp byte [esi + 0x247c], 0 +jne short loc_fffca6f4 ; jne 0xfffca6f4 +mov word [eax + 0x1273], bx +mov word [eax + 0x128b], bx -loc_fffcb03a: ; not directly referenced -movsx ax, byte [ebp - 0xaca0] -xor ebx, ebx -mov word [ebp - 0xacf4], ax -jmp short loc_fffcb0a4 ; jmp 0xfffcb0a4 +loc_fffca6ee: ; not directly referenced +mov word [ebp - 0x24], bx +jmp short loc_fffca6fd ; jmp 0xfffca6fd -loc_fffcb04d: ; not directly referenced -movsx ax, byte [ebp - 0xaca0] -mov dl, 8 -mov esi, dword [ebp - 0xaca8] -idiv dl -movsx ecx, ah -mov dl, al -cmp cl, 1 -movsx eax, al -setle bl -test dl, dl -mov al, byte [esi + eax + 0x1bc] +loc_fffca6f4: ; not directly referenced +mov bx, word [eax + 0x1273] +jmp short loc_fffca6ee ; jmp 0xfffca6ee + +loc_fffca6fd: ; not directly referenced +imul ecx, edx, 0x13c3 +mov esi, dword [ebp + 8] +test byte [esi + ecx + 0x381b], 4 +je short loc_fffca736 ; je 0xfffca736 +cmp byte [esi + 0x247c], 0 +jne short loc_fffca72d ; jne 0xfffca72d +mov word [eax + 0x139b], bx +mov word [eax + 0x13b3], bx + +loc_fffca727: ; not directly referenced +mov word [ebp - 0x22], bx +jmp short loc_fffca736 ; jmp 0xfffca736 + +loc_fffca72d: ; not directly referenced +mov bx, word [eax + 0x139b] +jmp short loc_fffca727 ; jmp 0xfffca727 + +loc_fffca736: ; not directly referenced +sub esp, 0xc +mov ecx, 4 +lea eax, [ebp - 0x24] +push eax +mov eax, dword [ebp + 8] +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 + +loc_fffca74d: ; not directly referenced +inc byte [ebp - 0x30] +jmp near loc_fffca695 ; jmp 0xfffca695 + +loc_fffca755: ; not directly referenced +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +mov byte [ebp - 0x30], 0 +add eax, 0x374f +mov dword [ebp - 0x48], eax +mov eax, dword [ebp + 8] +imul eax, dword [eax + 0x18a7], 0x2e +mov dword [ebp - 0x4c], eax + +loc_fffca77b: ; not directly referenced +test esi, esi sete dl -test bl, dl -jne loc_fffcb333 ; jne 0xfffcb333 -mov edx, 1 -shl edx, cl -test al, dl -je short loc_fffcb03a ; je 0xfffcb03a -jmp near loc_fffcb333 ; jmp 0xfffcb333 +cmp byte [ebp - 0x30], 1 +setbe al +test dl, al +je loc_fffca8f3 ; je 0xfffca8f3 +movzx eax, byte [ebp - 0x30] +mov edi, dword [ebp + 8] +mov dword [ebp - 0x38], eax +imul eax, eax, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffca8e9 ; jne 0xfffca8e9 +mov edi, dword [ebp - 0x48] +lea edi, [edi + eax + 8] +mov eax, dword [ebp - 0x4c] +movzx eax, word [edi + eax + 0xc] +cmp ax, 0xc +ja short loc_fffca7c7 ; ja 0xfffca7c7 +sub eax, 9 +jmp short loc_fffca7d5 ; jmp 0xfffca7d5 -loc_fffcb091: ; not directly referenced -cmp byte [ebp - 0xacbb], 0 -jne short loc_fffcb113 ; jne 0xfffcb113 +loc_fffca7c7: ; not directly referenced +sub eax, 0xe +mov ecx, 2 +cdq +idiv ecx +or eax, 4 -loc_fffcb09a: ; not directly referenced -inc ebx -cmp ebx, 2 -je loc_fffcb14a ; je 0xfffcb14a +loc_fffca7d5: ; not directly referenced +and eax, 7 +lea ebx, [eax*8] +imul eax, dword [ebp - 0x38], 0x13c3 +add eax, dword [ebp + 8] +mov dword [ebp - 0x3c], 0 +mov dword [ebp - 0x40], eax +movzx eax, byte [ebp - 0x30] +mov dword [ebp - 0x44], eax -loc_fffcb0a4: ; not directly referenced -mov eax, dword [ebp - 0xacac] -bt eax, ebx -jae short loc_fffcb09a ; jae 0xfffcb09a +loc_fffca7fa: ; not directly referenced +mov esi, dword [ebp - 0x3c] +mov eax, esi +mov ecx, esi +mov byte [ebp - 0x34], al +mov eax, 1 +shl eax, cl +mov ecx, dword [ebp - 0x40] +test byte [ecx + 0x381b], al +je loc_fffca8bd ; je 0xfffca8bd +mov eax, dword [ebp + 8] +cmp byte [eax + 0x247c], 0 +je short loc_fffca83d ; je 0xfffca83d +mov eax, esi +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +mov bx, word [edi + eax + 0x126f] +jmp short loc_fffca8b0 ; jmp 0xfffca8b0 + +loc_fffca83d: ; not directly referenced +mov edx, dword [ebp - 0x38] +mov eax, dword [ebp + 8] +call fcn_fffa6bf0 ; call 0xfffa6bf0 +test eax, eax +je loc_fffcab2e ; je 0xfffcab2e +mov dl, byte [eax] +cmp dl, 0x78 +je short loc_fffca871 ; je 0xfffca871 +ja short loc_fffca860 ; ja 0xfffca860 +mov al, 4 +cmp dl, 0x50 +jmp short loc_fffca86b ; jmp 0xfffca86b + +loc_fffca860: ; not directly referenced +mov al, 2 +cmp dl, 0xf0 +je short loc_fffca873 ; je 0xfffca873 +mov al, 3 +inc dl + +loc_fffca86b: ; not directly referenced +je short loc_fffca873 ; je 0xfffca873 xor eax, eax -cmp byte [ebp - 0xac8c], 7 -jne short loc_fffcb0d0 ; jne 0xfffcb0d0 -imul edx, ebx, 0x13c3 -cmp dword [edi + edx + 0x3816], 2 -mov edx, 0x20 -cmove eax, edx +jmp short loc_fffca873 ; jmp 0xfffca873 -loc_fffcb0d0: ; not directly referenced -xor esi, esi -mov word [ebp - 0xacd4], ax +loc_fffca871: ; not directly referenced +mov al, 1 -loc_fffcb0d9: ; not directly referenced -mov eax, esi -cmp byte [ebp - 0xaca2], al -jbe short loc_fffcb091 ; jbe 0xfffcb091 -mov eax, dword [ebp - 0xacf4] -mov edx, ebx -add eax, dword [ebp - 0xacd4] -push 0 -movzx ecx, byte [ebp + ebx - 0xac75] -cwde -push eax -movzx eax, byte [ebp - 0xac8c] +loc_fffca873: ; not directly referenced +shl eax, 9 +and bh, 0xf1 +mov edx, dword [ebp - 0x44] +or ebx, eax +mov al, byte [ebp - 0x34] +sub esp, 0xc +shr al, 1 +movzx esi, al +movzx eax, bx +mov ecx, esi +imul esi, esi, 0x128 push eax -mov eax, edi -push esi -inc esi -call fcn_fffafdb2 ; call 0xfffafdb2 +mov eax, dword [ebp + 8] +add esi, edi +call fcn_fffa86e1 ; call 0xfffa86e1 add esp, 0x10 -jmp short loc_fffcb0d9 ; jmp 0xfffcb0d9 - -loc_fffcb113: ; not directly referenced -mov al, byte [ebp - 0xac8c] -and eax, 0xfffffff7 -dec al -jne loc_fffcb09a ; jne 0xfffcb09a -mov eax, dword [ebp - 0xaca8] -cmp byte [eax + 0x1c5], 0 -je loc_fffcb09a ; je 0xfffcb09a -xor ecx, ecx -mov edx, 1 -mov eax, edi -call fcn_fffb9560 ; call 0xfffb9560 -jmp near loc_fffcb09a ; jmp 0xfffcb09a +mov word [esi + 0x126f], bx +mov word [esi + 0x1287], bx -loc_fffcb14a: ; not directly referenced -cmp byte [ebp - 0xacdc], 1 -ja loc_fffcb1ec ; ja 0xfffcb1ec -cmp dword [ebp - 0xacc4], 3 -je short loc_fffcb1a5 ; je 0xfffcb1a5 +loc_fffca8b0: ; not directly referenced +mov al, byte [ebp - 0x34] +shr al, 1 +movzx eax, al +mov word [ebp + eax*2 - 0x24], bx -loc_fffcb160: ; not directly referenced -push eax -mov ecx, dword [ebp - 0xacac] -push eax -mov edx, dword [ebp - 0xace0] -push 1 -lea eax, [ebp - 0xac5c] -push eax -movzx eax, byte [ebp - 0xac9c] +loc_fffca8bd: ; not directly referenced +add dword [ebp - 0x3c], 2 +cmp dword [ebp - 0x3c], 4 +jne loc_fffca7fa ; jne 0xfffca7fa +sub esp, 0xc +mov edx, dword [ebp - 0x38] +mov ecx, 2 +lea eax, [ebp - 0x24] push eax -mov eax, edi -push 0 -push dword [ebp - 0xacb0] -push dword [ebp - 0xacd8] -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x14 -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +mov eax, dword [ebp + 8] +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 -jmp near loc_fffcb228 ; jmp 0xfffcb228 +mov esi, eax +jmp short loc_fffca8eb ; jmp 0xfffca8eb -loc_fffcb1a5: ; not directly referenced -mov eax, dword [ebp - 0xad04] -xor edx, edx +loc_fffca8e9: ; not directly referenced +xor esi, esi + +loc_fffca8eb: ; not directly referenced +inc byte [ebp - 0x30] +jmp near loc_fffca77b ; jmp 0xfffca77b + +loc_fffca8f3: ; not directly referenced +test esi, esi +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +call fcn_fffad6b6 ; call 0xfffad6b6 +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +mov edx, 1 +call fcn_fffad821 ; call 0xfffad821 +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] xor ecx, ecx +mov edx, 3 +call fcn_fffadf2d ; call 0xfffadf2d +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +mov byte [eax + 0x247e], 1 +jmp near loc_fffcad7f ; jmp 0xfffcad7f -loc_fffcb1af: ; not directly referenced -cmp dword [edi + edx + 0x3756], 2 -jne short loc_fffcb1d5 ; jne 0xfffcb1d5 -mov ebx, dword [eax - 4] -cmp ebx, 0x29 -lea esi, [ebx - 0x28] -mov ebx, dword [eax] -cmovb esi, ecx -mov dword [eax - 4], esi -cmp ebx, 0x29 -lea esi, [ebx - 0x28] -cmovb esi, ecx -mov dword [eax], esi +loc_fffca94c: ; not directly referenced +mov edi, dword [ebp + 8] +xor eax, eax +mov byte [ebp - 0x30], 0 +add edi, 0x374f +mov dword [ebp - 0x4c], edi +mov edi, dword [ebp + 8] +imul edi, dword [edi + 0x18a7], 0x2e +mov dword [ebp - 0x50], edi -loc_fffcb1d5: ; not directly referenced -add edx, 0x13c3 -add eax, 0x48 -cmp edx, 0x2786 -je loc_fffcb160 ; je 0xfffcb160 -jmp short loc_fffcb1af ; jmp 0xfffcb1af +loc_fffca96b: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x30], 1 +setbe dl +test cl, dl +je loc_fffcab1b ; je 0xfffcab1b +movzx eax, byte [ebp - 0x30] +imul edx, eax, 0x13c3 +mov dword [ebp - 0x34], eax +mov eax, dword [ebp + 8] +add eax, edx +cmp dword [eax + 0x3757], 2 +jne loc_fffcab11 ; jne 0xfffcab11 +mov edi, dword [ebp - 0x4c] +mov dword [ebp - 0x44], eax +mov eax, dword [ebp - 0x34] +lea esi, [edi + edx + 8] +mov edi, dword [ebp - 0x50] +mov dword [ebp - 0x48], eax +mov di, word [esi + edi + 0xc] +mov word [ebp - 0x38], di +mov edi, dword [ebp - 0x38] +mov dword [ebp - 0x38], 0 +lea ebx, [edi - 5] +and ebx, 7 +shl ebx, 3 -loc_fffcb1ec: ; not directly referenced -push eax -mov ecx, dword [ebp - 0xacac] -push eax -mov edx, dword [ebp - 0xace0] -lea eax, [ebp - 0xac5c] -push eax -movzx eax, byte [ebp - 0xac9c] -push eax -lea eax, [ebp - 0xac71] -push eax -mov eax, dword [ebp - 0xacd8] -push dword [ebp - 0xacb0] -push eax -push eax +loc_fffca9cd: ; not directly referenced +mov edi, dword [ebp - 0x38] mov eax, edi -call fcn_fffd13ed ; call 0xfffd13ed -add esp, 0x20 +mov ecx, edi +mov edi, dword [ebp - 0x44] +mov byte [ebp - 0x3c], al +mov eax, 1 +shl eax, cl +test byte [edi + 0x381b], al +je loc_fffcaae7 ; je 0xfffcaae7 +mov eax, dword [ebp + 8] +cmp byte [eax + 0x247c], 0 +je short loc_fffcaa13 ; je 0xfffcaa13 +mov al, cl +shr al, 1 +movzx eax, al +imul eax, eax, 0x128 +mov bx, word [esi + eax + 0x126f] +jmp near loc_fffcaada ; jmp 0xfffcaada -loc_fffcb228: ; not directly referenced -movsx eax, byte [ebp - 0xacd0] -xor ecx, ecx -mov esi, dword [ebp - 0xacfc] -imul eax, eax, 0x48 -lea eax, [esi + eax + 4] -lea eax, [ebp + eax - 0xa2cc] -mov dword [ebp - 0xacd4], eax +loc_fffcaa13: ; not directly referenced +mov al, byte [ebp - 0x3c] +shr al, 1 +movzx edi, al +mov byte [ebp - 0x40], al +imul eax, edi, 0x128 +cmp byte [esi + eax + 0x1243], 1 +jne short loc_fffcaa4c ; jne 0xfffcaa4c +mov eax, dword [ebp + 8] +cmp byte [eax + 0x190d], 0 +je short loc_fffcaa61 ; je 0xfffcaa61 +cmp dword [eax + 0x36cc], 1 +jne short loc_fffcaa61 ; jne 0xfffcaa61 +cmp byte [eax + 0x2480], 1 +je short loc_fffcaa61 ; je 0xfffcaa61 -loc_fffcb24b: ; not directly referenced -mov eax, dword [ebp - 0xacac] -bt eax, ecx -jae loc_fffcb322 ; jae 0xfffcb322 -imul esi, ecx, 0x48 -mov eax, dword [ebp - 0xacd4] -add esi, dword [ebp - 0xacf8] -lea ebx, [eax - 4] -add esi, edi +loc_fffcaa4c: ; not directly referenced +imul eax, edi, 0x128 +cmp byte [esi + eax + 0x1242], 1 +sete al +xor edx, edx +jmp short loc_fffcaa65 ; jmp 0xfffcaa65 -loc_fffcb26e: ; not directly referenced -mov al, byte [edi + 0x2488] -mov word [ebp - 0xacd0], 0xffff -mov byte [ebp - 0xacf4], al +loc_fffcaa61: ; not directly referenced xor eax, eax +mov dl, 1 -loc_fffcb285: ; not directly referenced -cmp byte [ebp - 0xacf4], al -jbe short loc_fffcb2c0 ; jbe 0xfffcb2c0 -mov edx, dword [esi + eax*8 + 0x2490] -mov word [ebx + eax*4], dx -mov edx, dword [ebp - 0xacd0] -cmp dx, word [esi + eax*8 + 0x2490] -cmova dx, word [esi + eax*8 + 0x2490] -inc eax -cmp byte [ebp - 0xacdc], 1 -mov word [ebp - 0xacd0], dx -ja short loc_fffcb285 ; ja 0xfffcb285 - -loc_fffcb2c0: ; not directly referenced -cmp byte [ebp - 0xaca2], 1 -jne short loc_fffcb2d2 ; jne 0xfffcb2d2 -mov eax, dword [ebp - 0xacd0] -mov word [ebx], ax +loc_fffcaa65: ; not directly referenced +and edx, 1 +and bl, 0x3f +shl edx, 6 +and eax, 1 +shl eax, 7 +or ebx, edx +mov edx, dword [ebp - 0x34] +or ebx, eax +mov eax, dword [ebp + 8] +mov ecx, edi +call fcn_fffa6998 ; call 0xfffa6998 +test eax, eax +je loc_fffcab2e ; je 0xfffcab2e +movzx eax, byte [eax] +xor edx, edx +cmp al, 0x78 +ja short loc_fffcaaa0 ; ja 0xfffcaaa0 +mov cl, 0x3c +div cl +test ah, 0x3f +cmove edx, eax -loc_fffcb2d2: ; not directly referenced -cmp byte [ebp - 0xac94], 0 -je short loc_fffcb310 ; je 0xfffcb310 -mov al, byte [ebp - 0xac98] -cmp al, 0xc -je short loc_fffcb2ee ; je 0xfffcb2ee -cmp al, 0xd -jne short loc_fffcb310 ; jne 0xfffcb310 -jmp near loc_fffcbd2b ; jmp 0xfffcbd2b +loc_fffcaaa0: ; not directly referenced +and edx, 3 +and bh, 0xf9 +movzx ecx, byte [ebp - 0x40] +shl edx, 9 +sub esp, 0xc +or ebx, edx +mov edx, dword [ebp - 0x48] +movzx eax, bx +imul edi, edi, 0x128 +push eax +mov eax, dword [ebp + 8] +add edi, esi +call fcn_fffa86e1 ; call 0xfffa86e1 +add esp, 0x10 +mov word [edi + 0x126f], bx +mov word [edi + 0x1287], bx -loc_fffcb2ee: ; not directly referenced -mov eax, 0x8c +loc_fffcaada: ; not directly referenced +mov al, byte [ebp - 0x3c] +shr al, 1 +movzx eax, al +mov word [ebp + eax*2 - 0x24], bx -loc_fffcb2f3: ; not directly referenced -cmp word [ebx], ax -ja short loc_fffcb310 ; ja 0xfffcb310 +loc_fffcaae7: ; not directly referenced +add dword [ebp - 0x38], 2 +cmp dword [ebp - 0x38], 4 +jne loc_fffca9cd ; jne 0xfffca9cd sub esp, 0xc -push edi -mov dword [ebp - 0xacd0], ecx -call fcn_fffc82f4 ; call 0xfffc82f4 -mov ecx, dword [ebp - 0xacd0] +mov edx, dword [ebp - 0x34] +mov ecx, 2 +lea eax, [ebp - 0x24] +push eax +mov eax, dword [ebp + 8] +call fcn_fffad688 ; call 0xfffad688 add esp, 0x10 +jmp short loc_fffcab13 ; jmp 0xfffcab13 -loc_fffcb310: ; not directly referenced -add ebx, 2 -add esi, 4 -cmp ebx, dword [ebp - 0xacd4] -jne loc_fffcb26e ; jne 0xfffcb26e +loc_fffcab11: ; not directly referenced +xor eax, eax -loc_fffcb322: ; not directly referenced -inc ecx -add dword [ebp - 0xacd4], 0x24 -cmp ecx, 2 -jne loc_fffcb24b ; jne 0xfffcb24b +loc_fffcab13: ; not directly referenced +inc byte [ebp - 0x30] +jmp near loc_fffca96b ; jmp 0xfffca96b -loc_fffcb333: ; not directly referenced -inc byte [ebp - 0xaca0] -jmp near loc_fffcb006 ; jmp 0xfffcb006 +loc_fffcab1b: ; not directly referenced +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +xor eax, eax +xor ebx, ebx +lea edi, [ebp - 0x24] +jmp short loc_fffcab70 ; jmp 0xfffcab70 -loc_fffcb33e: ; not directly referenced -add dword [ebp - 0xace4], 2 -inc dword [ebp - 0xacb8] -jmp near loc_fffcae71 ; jmp 0xfffcae71 +loc_fffcab2e: ; not directly referenced +mov esi, 1 +jmp near loc_fffcad7f ; jmp 0xfffcad7f -loc_fffcb350: ; not directly referenced -movsx esi, byte [ebp - 0xaca1] -movsx eax, byte [ebp - 0xac90] -mov dword [ebp - 0xac98], 0 -mov dword [ebp - 0xacd4], esi -sub dword [ebp - 0xacd4], eax -mov esi, dword [ebp - 0xacd4] -mov dword [ebp - 0xacd0], eax +loc_fffcab38: ; not directly referenced +movzx edx, bl +mov esi, dword [ebp + 8] +xor eax, eax +imul ecx, edx, 0x13c3 +cmp dword [esi + ecx + 0x3757], 2 +jne short loc_fffcab6f ; jne 0xfffcab6f +sub esp, 0xc +mov ecx, 3 +push edi mov eax, esi -mov byte [ebp - 0xad00], al -inc eax -mov byte [ebp - 0xacac], al -lea eax, [ebp - 0x5acc] -mov dword [ebp - 0xacf8], eax -lea eax, [edi + 0x3756] -mov dword [ebp - 0xacb0], eax -mov eax, dword [ebp - 0xacb4] -mov dword [ebp - 0xace0], eax -movzx eax, byte [ebp - 0xace6] -mov dword [ebp - 0xad08], eax -shl eax, 6 -mov dword [ebp - 0xacdc], eax +mov word [ebp - 0x24], 0 +mov word [ebp - 0x22], 0 +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 -loc_fffcb3c9: ; not directly referenced -movzx eax, byte [ebp - 0xaca3] -mov esi, dword [ebp - 0xac98] -mov dword [ebp - 0xace4], eax -bt eax, esi -jae loc_fffcbabc ; jae 0xfffcbabc -mov eax, dword [ebp - 0xacf8] -mov dword [ebp - 0xac9c], 0 -mov dword [ebp - 0xacec], eax +loc_fffcab6f: ; not directly referenced +inc ebx -loc_fffcb3fb: ; not directly referenced -mov al, byte [ebp - 0xac9c] -cmp byte [ebp - 0xaca2], al -jbe loc_fffcbabc ; jbe 0xfffcbabc -imul eax, dword [ebp - 0xac98], 9 -mov word [ebp - 0xacd8], 0 -mov dword [ebp - 0xacfc], eax +loc_fffcab70: ; not directly referenced +test eax, eax +sete cl +cmp bl, 1 +setbe dl +test cl, dl +jne short loc_fffcab38 ; jne 0xfffcab38 +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +call fcn_fffaddc7 ; call 0xfffaddc7 +mov esi, eax +test eax, eax +jne loc_fffcad7f ; jne 0xfffcad7f +lea edi, [ebp - 0x24] +mov esi, ref_fffd6150 ; mov esi, 0xfffd6150 +mov ecx, 3 +mov ebx, 0x100 +rep movsd ; rep movsd dword es:[edi], dword ptr [esi] +mov edi, dword [ebp + 8] +xor eax, eax +mov byte [ebp - 0x34], 0 +add edi, 0x374f +mov dword [ebp - 0x3c], edi +mov edi, dword [ebp + 8] +imul edi, dword [edi + 0x18a7], 0x2e +mov dword [ebp - 0x40], edi -loc_fffcb423: ; not directly referenced -mov ax, word [ebp - 0xacba] -mov esi, dword [ebp - 0xacd8] -cmp si, ax -jae loc_fffcb5de ; jae 0xfffcb5de -mov al, byte [ebp - 0xac90] -movzx ebx, si -mov byte [ebp - 0xaca0], al -mov eax, ebx -shl eax, 6 -mov dword [ebp - 0xacb8], eax +loc_fffcabce: ; not directly referenced +test eax, eax +sete cl +cmp byte [ebp - 0x34], 1 +setbe dl +test cl, dl +je loc_fffcad4c ; je 0xfffcad4c +movzx eax, byte [ebp - 0x34] +mov edi, dword [ebp + 8] +mov dword [ebp - 0x38], eax +imul eax, eax, 0x13c3 +cmp dword [edi + eax + 0x3757], 2 +jne loc_fffcad42 ; jne 0xfffcad42 +mov edi, dword [ebp - 0x3c] +lea edi, [edi + eax + 8] +mov eax, dword [ebp - 0x40] +add eax, edi +mov cx, word [eax + 0xa] +movzx eax, word [eax + 0x2a] +mov word [ebp - 0x30], cx +cmp ax, 4 +jbe loc_fffcad54 ; jbe 0xfffcad54 +cmp ax, 0xa +setne cl +cmp ax, 8 +seta dl +test cl, dl +je short loc_fffcac49 ; je 0xfffcac49 +mov edx, eax +and edx, 0xfffffffd +cmp dx, 0xc +je short loc_fffcac49 ; je 0xfffcac49 +cmp ax, 0x10 +jne loc_fffcad54 ; jne 0xfffcad54 -loc_fffcb453: ; not directly referenced -mov al, byte [ebp - 0xaca0] -cmp byte [ebp - 0xaca1], al -jl loc_fffcb5d2 ; jl 0xfffcb5d2 -mov al, byte [ebp - 0xaca0] -sub eax, dword [ebp - 0xacd0] -movsx esi, al -mov eax, dword [ebp - 0xacb8] -add eax, esi -cmp dword [ebp - 0xacc8], 0 -mov word [ebp + eax*2 - 0xabcc], 0 -je short loc_fffcb4df ; je 0xfffcb4df -movsx ax, byte [ebp - 0xaca0] -mov dl, 8 -mov ecx, dword [ebp - 0xaca8] -idiv dl -mov byte [ebp - 0xace6], ah -mov dl, al -movsx eax, al -cmp byte [ebp - 0xace6], 1 -mov al, byte [ecx + eax + 0x1bc] -setle cl -test dl, dl -sete dl +loc_fffcac49: ; not directly referenced +mov esi, dword [ebp - 0x30] +movzx eax, byte [ebp + eax - 0x29] +cmp si, 0xc +sbb ecx, ecx +and ebx, 0xffffff8b +mov esi, ebx +mov bl, byte [ebp - 0x30] +mov edx, ecx +and edx, 0xfffffff8 +and eax, 7 +add edx, 0xc +lea ecx, [ecx*4 + 4] +sub ebx, edx +and ecx, 4 +mov dl, bl +or esi, ecx +and edx, 7 +shl edx, 4 +or esi, edx +shl eax, 9 +and si, 0xf1ff +or esi, eax +mov eax, dword [ebp + 8] +mov ebx, esi +mov al, byte [eax + 0x1906] +cmp al, 6 +setne cl +cmp al, 1 +seta dl +and bh, 0xef test cl, dl -jne loc_fffcb5c7 ; jne 0xfffcb5c7 -mov cl, byte [ebp - 0xace6] -mov edx, 1 -shl edx, cl -test al, dl -jne loc_fffcb5c7 ; jne 0xfffcb5c7 +jne short loc_fffcacb5 ; jne 0xfffcacb5 +cmp al, 1 +setbe al +and eax, 1 +shl eax, 0xc +or ebx, eax -loc_fffcb4df: ; not directly referenced -mov eax, dword [ebp + 0x10] -mov al, byte [eax + ebx] -lea edx, [eax - 4] -cmp dl, 1 -setbe cl -cmp al, 0x21 -sete dl -or cl, dl -jne short loc_fffcb503 ; jne 0xfffcb503 -cmp al, 0x20 -je short loc_fffcb503 ; je 0xfffcb503 -cmp al, 0xd -jne loc_fffcb587 ; jne 0xfffcb587 +loc_fffcacb5: ; not directly referenced +imul eax, dword [ebp - 0x38], 0x13c3 +mov esi, dword [ebp + 8] +test byte [esi + eax + 0x381b], 1 +je short loc_fffcacef ; je 0xfffcacef +cmp byte [esi + 0x247c], 0 +jne short loc_fffcace6 ; jne 0xfffcace6 +mov word [edi + 0x126b], bx +mov word [edi + 0x1283], bx -loc_fffcb503: ; not directly referenced -mov eax, dword [ebp + 0x18] -imul ecx, esi, 0x12 -movzx edx, byte [eax + ebx] -imul eax, ebx, 0x480 -add eax, ecx -mov ecx, edx -add eax, dword [ebp - 0xacfc] -add eax, dword [ebp - 0xac9c] -imul cx, word [ebp + eax*4 - 0xa2ca] -imul edx, dword [ebp + eax*4 - 0xa2cc] -mov word [ebp - 0xace6], dx -mov eax, edx -mov edx, ecx -sub dx, word [ebp - 0xace6] -add eax, ecx -add eax, eax -mov word [ebp - 0xacf4], dx -mov edx, eax -sub eax, dword [ebp - 0xacf4] -add edx, dword [ebp - 0xacf4] -cmp cx, word [ebp - 0xace6] -mov ecx, 2 -cmovbe eax, edx -mov edx, eax -sar dx, 0xf -idiv cx -add esi, dword [ebp - 0xacb8] -mov word [ebp + esi*2 - 0xabcc], ax -jmp short loc_fffcb5c7 ; jmp 0xfffcb5c7 +loc_fffcace0: ; not directly referenced +mov word [ebp - 0x28], bx +jmp short loc_fffcacef ; jmp 0xfffcacef -loc_fffcb587: ; not directly referenced -mov ecx, dword [ebp + 0x18] -mov eax, dword [ebp - 0xacb8] -movzx edx, byte [ecx + ebx] -imul ecx, ebx, 0x480 -add eax, esi -imul esi, esi, 0x12 -add esi, ecx -add esi, dword [ebp - 0xacfc] -add esi, dword [ebp - 0xac9c] -movzx ecx, word [ebp + esi*4 - 0xa2ca] -add ecx, dword [ebp + esi*4 - 0xa2cc] -imul ecx, edx -mov word [ebp + eax*2 - 0xabcc], cx +loc_fffcace6: ; not directly referenced +mov bx, word [edi + 0x126b] +jmp short loc_fffcace0 ; jmp 0xfffcace0 -loc_fffcb5c7: ; not directly referenced -inc byte [ebp - 0xaca0] -jmp near loc_fffcb453 ; jmp 0xfffcb453 +loc_fffcacef: ; not directly referenced +imul eax, dword [ebp - 0x38], 0x13c3 +mov ecx, dword [ebp + 8] +test byte [ecx + eax + 0x381b], 4 +je short loc_fffcad29 ; je 0xfffcad29 +cmp byte [ecx + 0x247c], 0 +jne short loc_fffcad20 ; jne 0xfffcad20 +mov word [edi + 0x1393], bx +mov word [edi + 0x13ab], bx -loc_fffcb5d2: ; not directly referenced -inc word [ebp - 0xacd8] -jmp near loc_fffcb423 ; jmp 0xfffcb423 +loc_fffcad1a: ; not directly referenced +mov word [ebp - 0x26], bx +jmp short loc_fffcad29 ; jmp 0xfffcad29 -loc_fffcb5de: ; not directly referenced -cmp byte [ebp - 0xac8c], 0xc -mov byte [ebp - 0xaca0], 1 -sete bl -cmp byte [ebp - 0xace8], 2 -mov byte [ebp - 0xace6], bl -setbe al -or al, bl -jne loc_fffcb73c ; jne 0xfffcb73c -cmp byte [ebp - 0xace7], 0 -je short loc_fffcb666 ; je 0xfffcb666 -cmp byte [ebp - 0xacbb], 0 -mov byte [ebp - 0xaca0], 3 -je loc_fffcb73c ; je 0xfffcb73c -mov al, byte [ebp - 0xaca1] -push ecx -push ecx -mov ecx, 8 -push 3 -lea ebx, [eax + 1] -sub ebx, dword [ebp - 0xac90] -push 0 -lea eax, [ebp - 0xabcc] -movzx ebx, bl -mov edx, ebx -call fcn_fffa7047 ; call 0xfffa7047 -mov ecx, 8 -mov edx, ebx -pop esi -pop eax -lea eax, [ebp - 0xab4c] -push 3 -push 0 -jmp near loc_fffcb6eb ; jmp 0xfffcb6eb +loc_fffcad20: ; not directly referenced +mov bx, word [edi + 0x1393] +jmp short loc_fffcad1a ; jmp 0xfffcad1a -loc_fffcb666: ; not directly referenced -cmp byte [ebp - 0xac8c], 5 -jne loc_fffcb6fc ; jne 0xfffcb6fc -cmp dword [ebp - 0xacc0], 0 -je short loc_fffcb68e ; je 0xfffcb68e -movzx eax, byte [ebp - 0xacd4] -mov ebx, 1 +loc_fffcad29: ; not directly referenced +sub esp, 0xc +mov edx, dword [ebp - 0x38] xor ecx, ecx -mov dl, 4 -jmp short loc_fffcb69b ; jmp 0xfffcb69b - -loc_fffcb68e: ; not directly referenced -movzx eax, byte [ebp - 0xacac] -xor ebx, ebx -mov cl, 2 -mov dl, 5 +lea eax, [ebp - 0x28] +push eax +mov eax, dword [ebp + 8] +call fcn_fffad688 ; call 0xfffad688 +add esp, 0x10 +jmp short loc_fffcad44 ; jmp 0xfffcad44 -loc_fffcb69b: ; not directly referenced -movzx esi, cl -movzx ecx, dl -mov dword [ebp - 0xaca0], esi -mov edx, eax -push esi -push esi -push 1 -push dword [ebp - 0xaca0] -lea esi, [ebp - 0xabcc] -lea eax, [ebx + ebx] -add eax, esi -mov esi, edx -mov dword [ebp - 0xacb8], ecx -call fcn_fffa7047 ; call 0xfffa7047 -mov ecx, dword [ebp - 0xacb8] -pop eax -pop edx -mov edx, esi -lea eax, [ebp + ebx - 0xabcc] -lea eax, [eax + ebx + 0x80] -push 1 -push dword [ebp - 0xaca0] +loc_fffcad42: ; not directly referenced +xor eax, eax -loc_fffcb6eb: ; not directly referenced -call fcn_fffa7047 ; call 0xfffa7047 -add esp, 0x10 -mov byte [ebp - 0xaca0], 1 -jmp short loc_fffcb73c ; jmp 0xfffcb73c +loc_fffcad44: ; not directly referenced +inc byte [ebp - 0x34] +jmp near loc_fffcabce ; jmp 0xfffcabce -loc_fffcb6fc: ; not directly referenced -cmp byte [ebp - 0xac8c], 0xa -mov byte [ebp - 0xaca0], 5 -sete al -or al, byte [ebp - 0xac94] -jne short loc_fffcb73c ; jne 0xfffcb73c -cmp byte [ebp - 0xacac], 6 -mov byte [ebp - 0xaca0], 7 -jg short loc_fffcb73c ; jg 0xfffcb73c -mov al, byte [ebp - 0xad00] -mov esi, dword [ebp - 0xacac] -test al, al -cmove eax, esi -mov byte [ebp - 0xaca0], al +loc_fffcad4c: ; not directly referenced +mov esi, eax +test eax, eax +jne short loc_fffcad7f ; jne 0xfffcad7f +jmp short loc_fffcad5b ; jmp 0xfffcad5b -loc_fffcb73c: ; not directly referenced -mov dword [ebp - 0xacd8], 0 +loc_fffcad54: ; not directly referenced +mov esi, 0xd +jmp short loc_fffcad7f ; jmp 0xfffcad7f -loc_fffcb746: ; not directly referenced -movsx ebx, byte [ebp - 0xacd8] -movsx esi, byte [ebp - 0xacac] -movzx eax, byte [ebp - 0xac8c] -cmp ebx, esi -mov dword [ebp - 0xacb8], eax -jge loc_fffcb9c9 ; jge 0xfffcb9c9 -movsx eax, byte [ebp - 0xac88] -push edx -push edx -mov edx, dword [ebp - 0xac98] -mov ecx, eax -mov dword [ebp - 0xacf4], eax -mov al, byte [ebp - 0xac90] -add eax, dword [ebp - 0xacd8] -mov dword [ebp - 0xac68], 0 -movsx esi, al -lea eax, [ebp - 0xac68] -push eax -mov eax, edi -push 0 -push ecx +loc_fffcad5b: ; not directly referenced +mov eax, dword [ebp + 8] xor ecx, ecx -push esi -push dword [ebp - 0xacb8] -push dword [ebp - 0xac9c] -call fcn_fffb887d ; call 0xfffb887d -add esp, 0x20 -cmp byte [ebp - 0xac8c], 0xa -mov word [ebp + ebx*2 - 0xac4c], ax -sete al -mov byte [ebp - 0xacfc], al -or al, byte [ebp - 0xace6] -jne short loc_fffcb7e5 ; jne 0xfffcb7e5 -cmp byte [ebp - 0xac94], 0 -je short loc_fffcb811 ; je 0xfffcb811 +mov edx, 3 +call fcn_fffadf2d ; call 0xfffadf2d +mov esi, eax +test eax, eax +jne short loc_fffcad7f ; jne 0xfffcad7f +mov eax, dword [ebp + 8] +xor ecx, ecx +mov edx, 0x4d94 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffcb7e5: ; not directly referenced -imul eax, ebx, 0x1a -mov edx, dword [ebp - 0xac68] -lea ecx, [ebp - 0x18] -add eax, ecx -mov ecx, dword [ebp - 0xac64] -mov dword [eax - 0xa91e], edx -mov dword [eax - 0xa932], ecx -mov ecx, dword [ebp - 0xac60] -mov dword [eax - 0xa92e], ecx +loc_fffcad7f: ; not directly referenced +mov eax, dword [ebp + 8] +mov byte [eax + 0x247c], 1 -loc_fffcb811: ; not directly referenced -cmp byte [ebp - 0xacbc], 1 -setbe al -or al, byte [ebp - 0xac94] -je short loc_fffcb8a0 ; je 0xfffcb8a0 -push eax -mov edx, dword [ebp - 0xac98] -xor ecx, ecx -push eax -lea eax, [ebp - 0xac68] -push eax -mov eax, edi -push 0 -push dword [ebp - 0xacf4] -mov dword [ebp - 0xac68], 1 +loc_fffcad89: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, esi +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffcad93: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax push esi -push dword [ebp - 0xacb8] -push dword [ebp - 0xac9c] -imul esi, ebx, 0x1a -call fcn_fffb887d ; call 0xfffb887d -add esp, 0x20 -lea ecx, [ebp - 0x18] -lea edx, [ecx + esi] -mov word [ebp + esi - 0xa94c], ax -mov al, byte [ebp - 0xacfc] -or al, byte [ebp - 0xac94] -je short loc_fffcb8a0 ; je 0xfffcb8a0 -mov eax, dword [ebp - 0xac64] -mov dword [edx - 0xa92a], eax -mov eax, dword [ebp - 0xac60] -mov dword [edx - 0xa926], eax -mov eax, dword [ebp - 0xac68] -mov dword [edx - 0xa922], eax +mov esi, edx +push ebx +sub esp, 0x50 +mov eax, dword [ebp + 8] +push 1 +push 7 +mov dword [ebp - 0x48], eax +mov eax, dword [edi + 0x2444] +mov byte [ebp - 0x49], dl +lea edx, [ebp - 0x27] +push edx +mov byte [ebp - 0x4b], cl +call dword [eax + 0x5c] ; ucall +mov ecx, esi +add esp, 0x10 +movzx esi, cl +xor eax, eax +lea edx, [edi + 0x3757] +mov dword [ebp - 0x40], esi -loc_fffcb8a0: ; not directly referenced -imul edx, ebx, 0x1a -mov ax, word [ebp + ebx*2 - 0xac4c] -mov esi, dword [ebp - 0xacdc] -mov ecx, eax -add cx, word [ebp + edx - 0xa94c] -cmp dword [ebp - 0xacc8], 0 -lea edx, [esi + ebx] -mov word [ebp + edx*2 - 0xabcc], cx -je short loc_fffcb8e1 ; je 0xfffcb8e1 -mov esi, 0x3e8 -xor edx, edx -div si -mov word [ebp + ebx*2 - 0xac4c], ax +loc_fffcadd0: ; not directly referenced +mov esi, dword [ebp - 0x40] +bt esi, eax +jae loc_fffcae9d ; jae 0xfffcae9d +mov esi, dword [edx + 0x109] +mov ecx, dword [edx + 0x111] +mov dword [ebp + eax*4 - 0x20], 0 +mov dword [ebp - 0x3c], esi +mov ebx, esi +mov esi, dword [edx + 0x11d] +cmp byte [edx + 0x11d], bl +mov bl, byte [ebp - 0x3c] +cmovg esi, ebx +mov ebx, esi +cmp bl, cl +cmovg esi, ecx +mov ebx, esi +cmp bl, byte [edx + 0x115] +mov bl, byte [edx + 0x115] +cmovg esi, ebx +mov ebx, esi +mov esi, dword [edx + 0x11d] +mov byte [ebp + eax - 0x2f], bl +mov bl, byte [ebp - 0x3c] +cmp byte [edx + 0x11d], bl +cmovge ebx, esi +mov esi, dword [edx + 0x115] +cmp bl, cl +cmovl ebx, ecx +mov cl, byte [edx + 0xc4] +cmp bl, byte [edx + 0x115] +cmovl ebx, esi +mov byte [ebp - 0x44], cl +xor ecx, ecx +mov byte [ebp + eax - 0x2d], bl -loc_fffcb8e1: ; not directly referenced -mov al, byte [ebp - 0xac8c] -test al, al -sete dl -cmp al, 9 -sete al -or dl, al -jne short loc_fffcb8fe ; jne 0xfffcb8fe -cmp byte [ebp - 0xac8c], 1 -jne short loc_fffcb91a ; jne 0xfffcb91a +loc_fffcae5a: ; not directly referenced +mov ebx, 1 +shl ebx, cl +test byte [ebp - 0x44], bl +je short loc_fffcae95 ; je 0xfffcae95 +mov bl, byte [edx + ecx + 0x245] +movzx esi, byte [ebp + eax - 0x2f] +cmp bl, byte [ebp + eax - 0x2f] +mov byte [ebp - 0x3c], bl +cmovle esi, ebx +mov ebx, esi +movzx esi, byte [ebp + eax - 0x2d] +mov byte [ebp + eax - 0x2f], bl +mov bl, byte [ebp - 0x3c] +cmp bl, byte [ebp + eax - 0x2d] +cmovl ebx, esi +mov byte [ebp + eax - 0x2d], bl -loc_fffcb8fe: ; not directly referenced -mov eax, dword [ebp - 0xacdc] -movzx ecx, cx -lea esi, [eax + ebx] -mov eax, 0xdb88 -cdq -idiv ecx -mov word [ebp + esi*2 - 0xabcc], ax +loc_fffcae95: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffcae5a ; jne 0xfffcae5a +jmp short loc_fffcaeaf ; jmp 0xfffcaeaf -loc_fffcb91a: ; not directly referenced -cmp byte [ebp - 0xac8c], 4 -jne loc_fffcb9be ; jne 0xfffcb9be -mov eax, dword [ebp - 0xacb0] -cmp dword [eax + 0xc0], 1 -jne loc_fffcb9be ; jne 0xfffcb9be -movzx edx, byte [eax + 0xc4] -xor eax, eax +loc_fffcae9d: ; not directly referenced +mov dword [ebp + eax*4 - 0x20], 1 +mov byte [ebp + eax - 0x2f], 0 +mov byte [ebp + eax - 0x2d], 0x7f -loc_fffcb943: ; not directly referenced -bt edx, eax -jb short loc_fffcb950 ; jb 0xfffcb950 +loc_fffcaeaf: ; not directly referenced inc eax -cmp eax, 4 -jne short loc_fffcb943 ; jne 0xfffcb943 -jmp short loc_fffcb956 ; jmp 0xfffcb956 - -loc_fffcb950: ; not directly referenced -mov byte [ebp - 0xaca4], al - -loc_fffcb956: ; not directly referenced -cmp dword [ebp - 0xacc4], 3 -jne short loc_fffcb971 ; jne 0xfffcb971 +add edx, 0x13c3 +cmp eax, 2 +jne loc_fffcadd0 ; jne 0xfffcadd0 +cmp byte [ebp - 0x48], 0 +je short loc_fffcaeea ; je 0xfffcaeea +mov dl, byte [ebp - 0x2d] +mov al, 0x5f +cmp byte [ebp - 0x2d], 0x5f +mov dword [ebp - 0x3c], 1 +cmovl edx, eax +mov byte [ebp - 0x2b], dl +mov dl, byte [ebp - 0x2c] +cmp byte [ebp - 0x2c], 0x5f +cmovge eax, edx +mov byte [ebp - 0x2a], al +jmp short loc_fffcaf0d ; jmp 0xfffcaf0d -loc_fffcb95f: ; not directly referenced -add ebx, dword [ebp - 0xacdc] -mov word [ebp + ebx*2 - 0xabcc], 1 -jmp short loc_fffcb9be ; jmp 0xfffcb9be +loc_fffcaeea: ; not directly referenced +mov dl, byte [ebp - 0x2f] +mov al, 0x20 +cmp byte [ebp - 0x2f], 0x20 +mov dword [ebp - 0x3c], 0xffffffff +cmovg edx, eax +mov byte [ebp - 0x2b], dl +mov dl, byte [ebp - 0x2e] +cmp byte [ebp - 0x2e], 0x20 +cmovle eax, edx +mov byte [ebp - 0x2a], al -loc_fffcb971: ; not directly referenced -mov al, byte [ebp - 0xaca4] -mov esi, dword [ebp - 0xacb0] -mov edx, eax -shr al, 1 -and edx, 1 -movzx eax, al -imul edx, edx, 0x18 -imul eax, eax, 0x128 -add eax, edx -mov ax, word [esi + eax + 0x126d] -mov ecx, eax -mov edx, eax -shr cx, 9 -shr dx, 6 -and ecx, 1 -and edx, 1 -shl ecx, 2 -add edx, edx -shr ax, 2 -or edx, ecx +loc_fffcaf0d: ; not directly referenced +mov al, byte [ebp - 0x2b] +mov dword [ebp - 0x44], 0 +mov byte [ebp - 0x29], al +mov al, byte [ebp - 0x2a] +mov byte [ebp - 0x28], al +mov eax, dword [ebp - 0x40] +sar eax, 1 +mov dword [ebp - 0x48], eax +mov al, byte [ebp - 0x49] +and dword [ebp - 0x48], 1 and eax, 1 -or dl, al -je short loc_fffcb95f ; je 0xfffcb95f +mov byte [ebp - 0x4c], al -loc_fffcb9be: ; not directly referenced -inc dword [ebp - 0xacd8] -jmp near loc_fffcb746 ; jmp 0xfffcb746 +loc_fffcaf35: ; not directly referenced +mov eax, dword [ebp - 0x3c] +xor ebx, ebx +add dword [ebp - 0x44], eax -loc_fffcb9c9: ; not directly referenced -sub esp, 0xc -mov edx, dword [ebp - 0xac98] -push dword [ebp - 0xacb8] -movzx eax, byte [ebp - 0xacac] -lea ebx, [ebp - 0xabcc] -movzx ecx, byte [ebp + edx - 0xac75] -push 1 -push dword [ebp - 0xad08] -push dword [ebp + 0x18] -push dword [ebp + 0x10] -push eax -mov eax, edi -push 0x40 -push ebx -push 0 -call fcn_fffb97c0 ; call 0xfffb97c0 -movsx eax, byte [ebp - 0xad09] -add esp, 0x2c -mov ecx, ebx -push eax -movzx eax, byte [ebp - 0xaca0] -push dword [ebp + 0x1c] -push dword [ebp - 0xacf0] -push eax -mov eax, edi -push dword [ebp + 0x18] -push esi -mov esi, dword [ebp - 0xacec] -push 0x40 -mov edx, esi -call fcn_fffa5d2d ; call 0xfffa5d2d -movsx bx, byte [esi + 2] -add esp, 0x20 -add bx, word [esi] -xor edx, edx -cmp byte [ebp - 0xac8c], 7 -jne short loc_fffcba66 ; jne 0xfffcba66 -mov eax, dword [ebp - 0xacb0] -cmp dword [eax + 0xc0], 2 -mov eax, 0x20 -cmove edx, eax - -loc_fffcba66: ; not directly referenced -movsx ax, byte [ebp - 0xac90] -push 1 -mov esi, dword [ebp - 0xac9c] -sub eax, edx -mov edx, dword [ebp - 0xac98] -add ebx, eax -movsx eax, bx -push eax +loc_fffcaf3d: ; not directly referenced +mov eax, dword [ebp - 0x40] +bt eax, ebx +jae short loc_fffcaf74 ; jae 0xfffcaf74 +mov al, byte [ebp - 0x3c] +mov edx, ebx +add byte [ebp + ebx - 0x2b], al +imul eax, ebx, 0x13c3 +mov cl, byte [ebp - 0x4b] +and cl, byte [edi + eax + 0x381b] mov eax, edi -push dword [ebp - 0xacb8] -movzx ecx, byte [ebp + edx - 0xac75] -push esi -call fcn_fffafdb2 ; call 0xfffafdb2 -mov ecx, dword [ebp - 0xace0] +push 0 +push 0 +push dword [ebp - 0x44] +movzx ecx, cl +push 0 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -inc dword [ebp - 0xac9c] -add dword [ebp - 0xacec], 0x50a -mov word [ecx + esi*2], bx -jmp near loc_fffcb3fb ; jmp 0xfffcb3fb - -loc_fffcbabc: ; not directly referenced -inc dword [ebp - 0xac98] -add dword [ebp - 0xacf8], 0x2d5a -add dword [ebp - 0xace0], 0x12 -add dword [ebp - 0xacb0], 0x13c3 -cmp dword [ebp - 0xac98], 2 -jne loc_fffcb3c9 ; jne 0xfffcb3c9 -cmp dword [ebp - 0xaccc], 0 -je short loc_fffcbb0b ; je 0xfffcbb0b -mov eax, dword [ebp - 0xaca8] -mov edx, 0x2008 -mov ecx, dword [eax + 0x18] -mov eax, edi -or ecx, 0x20 -call fcn_fffae58c ; call 0xfffae58c -loc_fffcbb0b: ; not directly referenced -lea eax, [edi + 0x2490] -xor esi, esi -mov dword [ebp - 0xac94], eax - -loc_fffcbb19: ; not directly referenced -mov eax, dword [ebp - 0xacb4] -cmp word [ebp - 0xacba], si -jbe loc_fffcbc10 ; jbe 0xfffcbc10 -mov dword [ebp - 0xac88], eax -imul eax, esi, 0x480 -xor edx, edx -mov dword [ebp - 0xac90], eax - -loc_fffcbb40: ; not directly referenced -mov eax, dword [ebp - 0xace4] -bt eax, edx -jb short loc_fffcbb77 ; jb 0xfffcbb77 - -loc_fffcbb4b: ; not directly referenced -inc edx -add dword [ebp - 0xac88], 0x12 -cmp edx, 2 -jne short loc_fffcbb40 ; jne 0xfffcbb40 -mov eax, dword [ebp + 0x10] +loc_fffcaf74: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffcaf3d ; jne 0xfffcaf3d sub esp, 0xc -mov edx, dword [ebp - 0xac94] -movzx ecx, byte [eax + esi] -mov eax, edi -inc esi +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0xc +movzx ecx, byte [edi + 0x248c] +mov edx, dword [ebp - 0x40] +lea eax, [ebp - 0x27] push 0 -call fcn_fffa7d98 ; call 0xfffa7d98 +push 1 +push eax +mov eax, edi +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 -jmp short loc_fffcbb19 ; jmp 0xfffcbb19 - -loc_fffcbb77: ; not directly referenced -mov eax, dword [ebp + 0x10] -xor ebx, ebx -movzx eax, byte [eax + esi] -cmp al, 0x21 -ja short loc_fffcbb8b ; ja 0xfffcbb8b -movzx ebx, byte [eax + ref_fffd5f1c] ; movzx ebx, byte [eax - 0x2a0e4] - -loc_fffcbb8b: ; not directly referenced -imul ebx, ebx, 0x240 -imul eax, edx, 0x48 -add eax, ebx -add eax, edi -lea ebx, [edx + edx*8] -mov ecx, eax -mov dword [ebp - 0xac8c], ebx -xor eax, eax - -loc_fffcbba5: ; not directly referenced -cmp byte [ebp - 0xaca2], al -jbe short loc_fffcbb4b ; jbe 0xfffcbb4b -mov ebx, dword [ebp - 0xac88] -movsx ebx, word [ebx + eax*2] -sub ebx, dword [ebp - 0xacd0] -imul ebx, ebx, 0x12 -add ebx, dword [ebp - 0xac90] -add ebx, dword [ebp - 0xac8c] -add ebx, eax -movzx ebx, word [ebp + ebx*4 - 0xa2cc] -mov dword [ecx + eax*8 + 0x2490], ebx -mov ebx, dword [ebp - 0xac88] -movsx ebx, word [ebx + eax*2] -sub ebx, dword [ebp - 0xacd0] -imul ebx, ebx, 0x12 -add ebx, dword [ebp - 0xac90] -add ebx, dword [ebp - 0xac8c] -add ebx, eax -movzx ebx, word [ebp + ebx*4 - 0xa2ca] -mov dword [ecx + eax*8 + 0x2494], ebx -inc eax -jmp short loc_fffcbba5 ; jmp 0xfffcbba5 - -loc_fffcbc10: ; not directly referenced -mov esi, dword [ebp + 0x10] -add eax, 0x24 -mov byte [eax + 0x18], 4 -mov dword [ebp - 0xac90], eax - -loc_fffcbc20: ; not directly referenced -mov ecx, esi -sub ecx, dword [ebp - 0xad04] -cmp cx, word [ebp - 0xacba] -jae loc_fffcbd22 ; jae 0xfffcbd22 -movzx edx, byte [esi] -xor eax, eax -cmp dl, 0x21 -ja short loc_fffcbc46 ; ja 0xfffcbc46 -movzx eax, byte [edx + ref_fffd5f1c] ; movzx eax, byte [edx - 0x2a0e4] - -loc_fffcbc46: ; not directly referenced -mov ebx, dword [ebp - 0xacb4] -movzx ecx, cx -imul eax, eax, 0x240 -mov dword [ebp - 0xac88], 0 -lea ebx, [ebx + ecx*2] -mov dword [ebp - 0xac94], ebx -mov ebx, dword [ebp - 0xac90] -add eax, edi -mov dword [ebp - 0xac8c], ebx - -loc_fffcbc76: ; not directly referenced -mov ecx, dword [ebp - 0xace4] -mov edx, dword [ebp - 0xac88] -bt ecx, edx -jae short loc_fffcbcf8 ; jae 0xfffcbcf8 -xor edx, edx - -loc_fffcbc89: ; not directly referenced -cmp dl, byte [ebp - 0xaca2] -jae short loc_fffcbce6 ; jae 0xfffcbce6 -test dl, dl -jne short loc_fffcbca3 ; jne 0xfffcbca3 -mov ecx, dword [eax + 0x2490] -add ecx, dword [eax + 0x2494] -jmp short loc_fffcbcda ; jmp 0xfffcbcda - -loc_fffcbca3: ; not directly referenced -mov ecx, dword [eax + edx*8 + 0x2494] -mov ebx, dword [eax + edx*8 + 0x2490] -mov dword [ebp - 0xac9c], eax -mov eax, dword [ebp - 0xac8c] -mov dword [ebp - 0xac98], ecx -add ecx, ebx -movzx eax, word [eax] -cmp eax, ecx -mov eax, dword [ebp - 0xac9c] -jbe short loc_fffcbce3 ; jbe 0xfffcbce3 -mov ecx, ebx -add ecx, dword [ebp - 0xac98] +xor ecx, ecx +mov byte [ebp - 0x4a], al -loc_fffcbcda: ; not directly referenced -mov ebx, dword [ebp - 0xac8c] -mov word [ebx], cx +loc_fffcafa7: ; not directly referenced +mov eax, 1 +shl eax, cl +test byte [ebp - 0x49], al +je short loc_fffcb029 ; je 0xfffcb029 +cmp dword [ebp + ecx*4 - 0x20], 0 +jne short loc_fffcb029 ; jne 0xfffcb029 +test byte [ebp - 0x4a], al +je short loc_fffcaff2 ; je 0xfffcaff2 +mov bl, byte [ebp + ecx - 0x2b] +mov dl, byte [ebp + ecx - 0x29] +mov dword [ebp + ecx*4 - 0x20], 1 +movsx eax, bl +sub eax, dword [ebp - 0x3c] +movsx esi, dl +cmp eax, esi +jns short loc_fffcafe5 ; jns 0xfffcafe5 +mov al, byte [ebp - 0x3c] +add eax, edx +sub eax, ebx +jmp short loc_fffcafec ; jmp 0xfffcafec -loc_fffcbce3: ; not directly referenced -inc edx -jmp short loc_fffcbc89 ; jmp 0xfffcbc89 +loc_fffcafe5: ; not directly referenced +mov al, bl +sub eax, dword [ebp - 0x3c] +sub eax, edx -loc_fffcbce6: ; not directly referenced -mov dl, byte [esi] -mov ecx, dword [ebp - 0xac94] -mov ebx, dword [ebp - 0xac88] -mov byte [ecx + ebx + 0x34], dl +loc_fffcafec: ; not directly referenced +mov esi, dword [ebp + 0xc] +mov byte [esi + ecx], al -loc_fffcbcf8: ; not directly referenced -inc dword [ebp - 0xac88] -add eax, 0x48 -add dword [ebp - 0xac8c], 2 -cmp dword [ebp - 0xac88], 2 -jne loc_fffcbc76 ; jne 0xfffcbc76 -add dword [ebp - 0xac90], 4 -inc esi -jmp near loc_fffcbc20 ; jmp 0xfffcbc20 +loc_fffcaff2: ; not directly referenced +mov al, byte [ebp + ecx - 0x2b] +cmp al, 0x7f +sete bl +test al, al +sete dl +or bl, dl +je short loc_fffcb029 ; je 0xfffcb029 +mov bl, byte [ebp + ecx - 0x29] +movsx edx, al +movsx esi, byte [ebp + ecx - 0x29] +mov dword [ebp + ecx*4 - 0x20], 1 +sub ebx, eax +sub al, byte [ebp + ecx - 0x29] +cmp edx, esi +cmovns ebx, eax +mov eax, dword [ebp + 0xc] +mov byte [eax + ecx], bl -loc_fffcbd22: ; not directly referenced -mov byte [edi + 0x247a], 0 -jmp short loc_fffcbd35 ; jmp 0xfffcbd35 +loc_fffcb029: ; not directly referenced +inc ecx +cmp ecx, 2 +jne loc_fffcafa7 ; jne 0xfffcafa7 +cmp byte [ebp - 0x4c], 0 +mov al, 1 +je short loc_fffcb042 ; je 0xfffcb042 +cmp dword [ebp - 0x20], 0 +setne al -loc_fffcbd2b: ; not directly referenced -mov eax, 0xdc -jmp near loc_fffcb2f3 ; jmp 0xfffcb2f3 +loc_fffcb042: ; not directly referenced +cmp dword [ebp - 0x48], 0 +je short loc_fffcb052 ; je 0xfffcb052 +cmp dword [ebp - 0x1c], 0 +je loc_fffcaf35 ; je 0xfffcaf35 -loc_fffcbd35: ; not directly referenced +loc_fffcb052: ; not directly referenced +test al, al +je loc_fffcaf35 ; je 0xfffcaf35 lea esp, [ebp - 0xc] pop ebx pop esi @@ -58752,233 +57728,126 @@ pop edi pop ebp ret -fcn_fffcbd3d: ; not directly referenced +fcn_fffcb062: ; not directly referenced push ebp mov ebp, esp +push edi push esi push ebx -sub esp, 0x54 -mov ebx, dword [ebp + 8] -lea esi, [ebp - 0x50] -mov byte [ebp - 0x57], 4 -mov byte [ebp - 0x56], 1 -mov eax, dword [ebx + 0x2443] +mov ebx, eax +sub esp, 0x30 +mov edi, dword [ebx + 0x2444] +movzx eax, cl push 0 -push 5 +push 4 +lea esi, [ebp - 0x1a] push esi -mov byte [ebp - 0x55], 1 -mov byte [ebp - 0x54], 2 -mov byte [ebp - 0x53], 1 -mov byte [ebp - 0x52], 0 -mov byte [ebp - 0x51], 0 -call dword [eax + 0x60] ; ucall -movzx edx, byte [ebp - 0x57] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x56] -mov ecx, 1 -mov word [ebp - 0x50], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -add esp, 0x10 -cmp dword [ebx + 0x2480], 3 -mov word [ebp - 0x4e], ax -jne short loc_fffcbdd5 ; jne 0xfffcbdd5 -push eax -mov ecx, 3 -push 0 -push 0 -push 0xf -push 2 +mov byte [ebp - 0x31], dl +mov byte [ebp - 0x30], cl +mov dword [ebp - 0x2c], eax +call dword [edi + 0x5c] ; ucall +add esp, 0xc push 0 -push esi -lea eax, [ebp - 0x55] -push eax -push 2 -lea eax, [ebp - 0x57] +push 4 +lea eax, [ebp - 0x1c] push eax +call dword [edi + 0x5c] ; ucall +mov ecx, dword [ebp - 0x2c] +xor edx, edx +mov eax, ebx +call fcn_fffad317 ; call 0xfffad317 +mov ecx, dword [ebp - 0x2c] +mov edx, 1 +mov edi, eax +mov eax, ebx +call fcn_fffad317 ; call 0xfffad317 +pop ecx +mov ecx, dword [ebp - 0x2c] +or eax, edi +movzx edi, al +pop eax +mov edx, edi mov eax, ebx -push 9 -push 0xf -lea edx, [ebp - 0x46] -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 - -loc_fffcbdd5: ; not directly referenced -lea esp, [ebp - 8] -xor eax, eax -pop ebx -pop esi -pop ebp -ret - -fcn_fffcbdde: ; not directly referenced -push ebp -mov ebp, esp -push edi push esi -push ebx -add esp, 0xffffff80 -mov edi, dword [ebp + 8] -lea edx, [ebp - 0x60] -mov byte [ebp - 0x6f], 4 -mov byte [ebp - 0x6e], 1 -mov eax, dword [edi + 0x2443] -mov ebx, dword [edi + 0x1887] -mov esi, dword [edi + 0x5edc] +xor esi, esi push 0 -push 5 -push edx -mov byte [ebp - 0x6a], 1 -mov byte [ebp - 0x69], 2 -mov byte [ebp - 0x68], 1 -mov byte [ebp - 0x67], 0 -mov byte [ebp - 0x66], 0 -mov byte [ebp - 0x6d], 4 -mov byte [ebp - 0x6c], 1 -mov byte [ebp - 0x6b], 0xb -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 2 -mov byte [ebp - 0x62], 1 -mov byte [ebp - 0x61], 0 -call dword [eax + 0x60] ; ucall -mov edx, 0x3a04 -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a +call fcn_fffcad93 ; call 0xfffcad93 add esp, 0x10 -mov edx, dword [edi + 0x2480] -and eax, 0x3f -cmp ebx, 0x306d0 -mov byte [ebp - 0x88], al -sete al -cmp ebx, 0x40650 -sete cl -or al, cl -je short loc_fffcbe8f ; je 0xfffcbe8f -cmp edx, 3 -je short loc_fffcbeb2 ; je 0xfffcbeb2 -mov byte [ebp - 0x85], 9 -mov byte [ebp - 0x7e], 0x1e -mov word [ebp - 0x80], 0xe6 -jmp short loc_fffcbea0 ; jmp 0xfffcbea0 - -loc_fffcbe8f: ; not directly referenced -mov byte [ebp - 0x85], 9 -mov byte [ebp - 0x7e], 0x1e -mov word [ebp - 0x80], 0xb4 - -loc_fffcbea0: ; not directly referenced -lea eax, [ebp - 0x6a] -mov dword [ebp - 0x84], eax -lea eax, [ebp - 0x6f] -mov byte [ebp - 0x7d], 2 -jmp short loc_fffcbed3 ; jmp 0xfffcbed3 - -loc_fffcbeb2: ; not directly referenced -lea eax, [ebp - 0x65] -mov dword [ebp - 0x84], eax -lea eax, [ebp - 0x6d] -mov byte [ebp - 0x85], 0xa -mov byte [ebp - 0x7e], 0x50 -mov word [ebp - 0x80], 0xe6 -mov byte [ebp - 0x7d], 3 - -loc_fffcbed3: ; not directly referenced -mov dword [ebp - 0x7c], eax -xor ebx, ebx -loc_fffcbed8: ; not directly referenced -mov eax, dword [ebp - 0x7c] -mov ecx, 1 -movzx edx, byte [eax + ebx] -mov eax, edi -call fcn_fffb13cf ; call 0xfffb13cf -mov word [ebp + ebx*2 - 0x60], ax -inc ebx -cmp byte [ebp - 0x7d], bl -ja short loc_fffcbed8 ; ja 0xfffcbed8 -mov ecx, dword [esi + 0xc] -mov esi, ecx -shr ecx, 0xf -mov al, cl -and eax, 0x1f -shr esi, 3 -and esi, 1 -and cl, 0x10 -lea edx, [eax - 0x20] -cmove edx, eax -mov eax, edi -movsx edx, dl -call fcn_fffa6cfe ; call 0xfffa6cfe -movzx ecx, byte [ebp - 0x88] +loc_fffcb0d0: ; not directly referenced +bt edi, esi +jae short loc_fffcb0fc ; jae 0xfffcb0fc +imul eax, esi, 0x13c3 +mov cl, byte [ebp - 0x30] mov edx, esi -xor edx, 1 -movzx esi, dl -shl esi, 4 -mov ebx, eax -movzx eax, dl -shl eax, 4 -xor edx, edx -add eax, ecx -imul ebx, eax -movzx eax, byte [ebp - 0x88] -mov word [ebp - 0x88], ax +and cl, byte [ebx + eax + 0x381b] mov eax, ebx -div word [ebp - 0x80] -mov ecx, eax -movzx eax, bx -movzx ebx, byte [ebp - 0x7e] -cdq -sub ecx, esi -sub ecx, dword [ebp - 0x88] -idiv ebx -mov dl, 0xf0 -sub eax, esi -sub eax, dword [ebp - 0x88] -cmp cx, 0xfff1 -cmovge edx, ecx -movsx ecx, dl -add edx, 0x17 -movsx esi, al -lea ebx, [ecx + 0x17] -cmp esi, ebx -cmovg eax, edx -push edx -movzx edx, byte [ebp - 0x85] -cmp al, 0xf push 0 -push edx -mov dl, 0xf -cmovle edx, eax -push 0x11 -movsx edx, dl -push edx -push ecx -mov ecx, 3 -lea eax, [ebp - 0x60] -push eax -movzx eax, byte [ebp - 0x7d] -push dword [ebp - 0x84] -lea edx, [ebp - 0x56] +push 0 +push 0 +movzx ecx, cl +push 0 +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 + +loc_fffcb0fc: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffcb0d0 ; jne 0xfffcb0d0 +sub esp, 0xc +xor si, si +push ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +mov ecx, dword [ebp - 0x2c] +pop eax +pop edx +mov edx, edi +lea eax, [ebp - 0x1c] push eax -mov eax, edi -push dword [ebp - 0x7c] +mov eax, ebx push 1 -push 0xf -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x28 -mov eax, edi +call fcn_fffcad93 ; call 0xfffcad93 +add esp, 0x10 + +loc_fffcb125: ; not directly referenced +bt edi, esi +jae short loc_fffcb151 ; jae 0xfffcb151 +imul eax, esi, 0x13c3 +mov cl, byte [ebp - 0x30] +mov edx, esi +and cl, byte [ebx + eax + 0x381b] +mov eax, ebx push 0 -mov ecx, 3 -push 0x11 push 0 push 0 +movzx ecx, cl push 0 -lea edx, [edi + 0x2490] -push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 + +loc_fffcb151: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffcb125 ; jne 0xfffcb125 +sub esp, 0xc +xor edi, edi +push ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +movzx eax, byte [ebp - 0x31] +lea esi, [ebx + 0x3219] +add esp, 0x10 +mov dword [ebp - 0x30], eax + +loc_fffcb172: ; not directly referenced +mov eax, dword [ebp - 0x30] +bt eax, edi +jb short loc_fffcb18b ; jb 0xfffcb18b + +loc_fffcb17a: ; not directly referenced +inc edi +add esi, 0x48 +cmp edi, 2 +jne short loc_fffcb172 ; jne 0xfffcb172 lea esp, [ebp - 0xc] pop ebx pop esi @@ -58986,3788 +57855,3499 @@ pop edi pop ebp ret -fcn_fffcbfee: ; not directly referenced +loc_fffcb18b: ; not directly referenced +push 0 +mov ecx, dword [ebp - 0x2c] +mov edx, edi +push 0 +mov eax, ebx +push 0 +push 0 +call fcn_fffac68e ; call 0xfffac68e +movzx edx, byte [ebp + edi - 0x1c] +add esp, 0x10 +movzx eax, byte [ebp + edi - 0x1a] +imul edx, edx, 0xa +imul eax, eax, 0xa +mov dword [esi], edx +mov dword [esi + 4], eax +mov dword [esi + 0x90], edx +mov dword [esi + 0x94], eax +mov dword [esi + 0x120], edx +mov dword [esi + 0x124], eax +mov dword [esi + 0x1b0], edx +mov dword [esi + 0x1b4], eax +jmp short loc_fffcb17a ; jmp 0xfffcb17a + +fcn_fffcb1dd: ; not directly referenced push ebp -mov ecx, 0xa mov ebp, esp push edi +mov edi, eax push esi -mov esi, ref_fffd5b20 ; mov esi, 0xfffd5b20 push ebx -sub esp, 0x7c -mov eax, dword [ebp + 8] -lea edi, [ebp - 0x60] -mov byte [ebp - 0x6e], 4 -lea ebx, [ebp - 0x60] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov byte [ebp - 0x6d], 1 -lea esi, [eax + 0x3756] -mov byte [ebp - 0x6c], 5 -mov byte [ebp - 0x6b], 2 -mov byte [ebp - 0x70], 5 -mov byte [ebp - 0x6f], 2 -mov byte [ebp - 0x6a], 1 -mov byte [ebp - 0x69], 2 -mov byte [ebp - 0x68], 1 -mov byte [ebp - 0x67], 2 -mov byte [ebp - 0x66], 0 -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 0 -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -mov dword [ebp - 0x7c], 0 - -loc_fffcc059: ; not directly referenced -cmp dword [esi], 2 -jne loc_fffcc10d ; jne 0xfffcc10d -mov cl, byte [ebp - 0x7c] -mov edi, 1 -shl edi, cl -cmp dword [esi + 0xc0], 2 -jne short loc_fffcc0e3 ; jne 0xfffcc0e3 -push edx -mov ecx, edi -push 0 +sub esp, 0xad10 +mov esi, dword [ebp + 0x20] +mov ebx, dword [ebp + 0x24] +mov dword [ebp - 0xacb4], edx +mov dl, byte [ebp + 0x14] +mov dword [ebp - 0xac88], ecx +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0xacb0], esi +mov dword [ebp - 0xacac], ebx +mov ebx, dword [ebp + 0x28] +mov byte [ebp - 0xace6], dl +mov edx, esi +mov esi, dword [edi + 0x5edd] +mov byte [ebp - 0xac90], dl +mov dl, byte [ebp - 0xacac] +mov dword [ebp - 0xac98], eax +mov ecx, ebx +mov byte [ebp - 0xac8c], al +mov byte [ebp - 0xaca1], dl +mov dl, cl +mov ecx, dword [edi + 0x2481] +mov dword [ebp - 0xaca0], edx +mov dl, byte [ebp + 0x30] +mov dword [ebp - 0xac94], ebx +mov ebx, dword [ebp + 0x2c] +mov dword [ebp - 0xaca8], esi +mov esi, dword [edi + 0x2444] +mov dword [ebp - 0xacc4], ecx +mov byte [ebp - 0xad09], dl +mov edx, dword [edi + 0x188b] +mov dword [ebp - 0xacc0], edx +dec edx +sete dl +cmp al, 6 +sete al +mov byte [ebp - 0xacbb], dl +mov byte [ebp - 0xace7], al +and eax, edx +movzx eax, al +mov dword [ebp - 0xacc8], eax +mov al, byte [ebp - 0xac88] +and al, byte [edi + 0x248f] push 0 -push 0xf -push 4 -push 1 -push ebx -lea eax, [ebp - 0x6a] -push eax -push 4 -lea eax, [ebp - 0x6e] -push eax +push 0x5ab4 +mov byte [ebp - 0xac9c], al mov eax, dword [ebp + 8] -push 7 -push 0xf -lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x2c -mov ecx, edi -push 0 -push 0 -push 0xf -push 2 -push 1 -push ebx -lea eax, [ebp - 0x65] +and al, byte [edi + 0x248e] +mov byte [ebp - 0xac88], al +lea eax, [ebp - 0x5acc] push eax -push 2 -lea eax, [ebp - 0x70] +call dword [esi + 0x5c] ; ucall +add esp, 0xc +push 0xff +push 0x3e +push dword [ebp - 0xacb4] +call dword [esi + 0x5c] ; ucall +lea eax, [ebp - 0xabcc] +add esp, 0xc +push 0 +push 0x280 push eax -mov eax, dword [ebp + 8] -push 8 -push 3 -lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x2c +call dword [esi + 0x5c] ; ucall +add esp, 0xc push 0 +push 0x80 +lea eax, [ebp - 0xac4c] +push eax +call dword [esi + 0x5c] ; ucall +add esp, 0xc push 0 -push 0xf -push 2 -push 1 -push ebx -lea eax, [ebp - 0x65] +push 0x680 +lea eax, [ebp - 0xa94c] push eax +call dword [esi + 0x5c] ; ucall +add esp, 0xc +push 0 push 2 -lea eax, [ebp - 0x70] -push eax -push 8 -push 0xc -jmp short loc_fffcc0fd ; jmp 0xfffcc0fd - -loc_fffcc0e3: ; not directly referenced +lea eax, [ebp - 0xac75] push eax +call dword [esi + 0x5c] ; ucall +add esp, 0xc push 0 +push 0x10 +lea eax, [ebp - 0xac5c] +push eax +call dword [esi + 0x5c] ; ucall +add esp, 0xc push 0 -push 0xf push 2 -push 0 -push ebx -lea eax, [ebp - 0x65] +lea eax, [ebp - 0xac73] push eax -push 2 -lea eax, [ebp - 0x70] +call dword [esi + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x4800 +lea eax, [ebp - 0xa2cc] push eax -push 7 -push 0xf +call dword [esi + 0x5c] ; ucall +mov edx, dword [ebp - 0xaca0] +add esp, 0x10 +xor eax, eax -loc_fffcc0fd: ; not directly referenced -mov eax, dword [ebp + 8] -mov ecx, edi -lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 +loc_fffcb371: ; not directly referenced +mov byte [ebp + eax - 0xac71], al +inc eax +cmp eax, 9 +jne short loc_fffcb371 ; jne 0xfffcb371 +mov byte [edi + 0x247b], 0 +cmp bl, 9 +jne short loc_fffcb393 ; jne 0xfffcb393 +mov dl, byte [ebp - 0xac94] +dec edx +jmp short loc_fffcb3a2 ; jmp 0xfffcb3a2 -loc_fffcc10d: ; not directly referenced -inc dword [ebp - 0x7c] -add esi, 0x13c3 -cmp dword [ebp - 0x7c], 2 -jne loc_fffcc059 ; jne 0xfffcc059 -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcb393: ; not directly referenced +mov al, byte [ebp - 0xac94] +sub eax, 3 +cmp bl, 0xa +cmove edx, eax -fcn_fffcc12a: ; not directly referenced -push ebp -mov ecx, 0xa -mov ebp, esp -push edi -push esi -mov esi, ref_fffd5b2c ; mov esi, 0xfffd5b2c -push ebx -sub esp, 0x5c -mov ebx, dword [ebp + 8] -lea edi, [ebp - 0x60] -mov byte [ebp - 0x67], 5 -mov byte [ebp - 0x66], 2 -mov eax, dword [ebx + 0x1887] -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 0 -cmp eax, 0x306d0 -sete dl -cmp eax, 0x40650 -sete al -or dl, al -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -je short loc_fffcc1e4 ; je 0xfffcc1e4 -mov cl, 1 -mov edx, 5 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -mov edx, dword [ebp - 0x60] -mov ecx, 1 -cmp ax, dx -cmovae edx, eax -mov eax, ebx -mov word [ebp - 0x60], dx -mov edx, 2 -call fcn_fffb13cf ; call 0xfffb13cf -mov dx, word [ebp - 0x5e] -mov ecx, 3 -cmp ax, dx -cmovae edx, eax -push eax -push 0 -push 0 -push 0xf -push 8 -push 0xfffffffffffffff1 -lea eax, [ebp - 0x60] -push eax -lea eax, [ebp - 0x65] +loc_fffcb3a2: ; not directly referenced +mov ecx, dword [ebp - 0xac98] +mov al, cl +sub eax, 0xa +cmp cl, 0xf +sete cl +cmp al, 2 +mov byte [ebp - 0xacbc], al +setbe al +or al, cl +mov byte [ebp - 0xac94], cl +movzx ecx, dl +movzx edx, byte [ebp - 0xac9c] +je short loc_fffcb3f4 ; je 0xfffcb3f4 push eax -push 2 -lea eax, [ebp - 0x67] push eax -mov eax, ebx -push 2 -push 0xf -mov word [ebp - 0x5e], dx -lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 - -loc_fffcc1e4: ; not directly referenced -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffcc1ee: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -mov byte [ebp - 0x67], 0xd -mov byte [ebp - 0x66], 0xc -mov byte [ebp - 0x65], 1 -cmp dword [ebx + 0x188b], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -jne loc_fffcc2f7 ; jne 0xfffcc2f7 -movzx esi, byte [ebx + 0x248e] -lea ecx, [ebp - 0x60] -movzx edi, byte [ebx + 0x248d] +movzx eax, byte [ebp - 0xac88] push eax -mov eax, dword [ebx + 0x2443] -push 0 -push 5 -push ecx -call dword [eax + 0x60] ; ucall -movzx edx, byte [ebp - 0x67] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x66] -mov ecx, 1 -mov word [ebp - 0x60], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -add esp, 0xc -mov ecx, edi -push 0 -push 0 -push 0xf -push 0 -push 0xfffffffffffffff8 -lea edi, [ebp - 0x67] -mov word [ebp - 0x5e], ax -mov eax, esi -lea esi, [ebp - 0x60] -push esi -lea esi, [ebp - 0x65] -push esi -push 2 -push edi -push 0xf -push ecx -lea edx, [ebp - 0x56] -mov dword [ebp - 0x6c], ecx -mov ecx, eax -mov dword [ebp - 0x70], eax -mov eax, ebx -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 -mov edx, 0x3a08 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, eax -shr edx, 0x12 -shr eax, 0xc -and edx, 0x3f -and eax, 0x3f -cmp dl, al -push ecx -cmovle eax, edx -mov ecx, dword [ebp - 0x70] -mov dl, 5 -push 0 -sub edx, eax -push 0 -cmp dl, 0xf8 -mov al, 0xf8 -push 0xf -cmovge eax, edx +mov eax, edi push 0 -movsx eax, al -push eax -mov eax, ebx -lea edx, [ebp - 0x60] -push edx -push esi -push 2 -push edi -push 0xa -push dword [ebp - 0x6c] -lea edx, [ebp - 0x56] -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 +call fcn_fffaea71 ; call 0xfffaea71 +add esp, 0x10 +mov dword [ebp - 0xacf0], 1 +jmp short loc_fffcb40d ; jmp 0xfffcb40d -loc_fffcc2f7: ; not directly referenced +loc_fffcb3f4: ; not directly referenced sub esp, 0xc -push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffcc30a: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x6c -mov ebx, dword [ebp + 8] -mov byte [ebp - 0x67], 0xd -mov byte [ebp - 0x66], 0xc -mov byte [ebp - 0x65], 1 -cmp dword [ebx + 0x188b], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -jne short loc_fffcc3b3 ; jne 0xfffcc3b3 -movzx eax, byte [ebx + 0x248d] -lea esi, [ebp - 0x60] -movzx edi, byte [ebx + 0x248e] -mov dword [ebp - 0x6c], eax -push eax -mov eax, dword [ebx + 0x2443] -push 0 -push 5 -push esi -call dword [eax + 0x60] ; ucall -movzx edx, byte [ebp - 0x67] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x66] -mov ecx, 1 -mov word [ebp - 0x60], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -add esp, 0xc -mov ecx, edi -push 0 -push 0 -push 0xf -push 3 +mov eax, edi push 0 -push esi -lea edx, [ebp - 0x56] -mov word [ebp - 0x5e], ax -lea eax, [ebp - 0x65] -push eax -push 2 -lea eax, [ebp - 0x67] -push eax -mov eax, dword [ebp - 0x6c] -push 0xc -push eax -mov eax, ebx -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 +call fcn_fffae9e2 ; call 0xfffae9e2 +add esp, 0x10 +mov dword [ebp - 0xacf0], 0 -loc_fffcc3b3: ; not directly referenced -sub esp, 0xc -push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 -lea esp, [ebp - 0xc] -xor eax, eax -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcb40d: ; not directly referenced +test bl, bl +je short loc_fffcb417 ; je 0xfffcb417 +mov byte [edi + 0x248c], bl -fcn_fffcc3c6: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, ecx -push esi -push ebx -mov ebx, eax -sub esp, 0x70 -mov eax, dword [eax + 0x2443] -push 0 -push 5 -lea esi, [ebp - 0x60] -push esi -mov dword [ebp - 0x6c], edx -mov byte [ebp - 0x67], 5 -mov byte [ebp - 0x66], 2 -mov byte [ebp - 0x65], 1 -mov byte [ebp - 0x64], 2 -mov byte [ebp - 0x63], 1 -mov byte [ebp - 0x62], 0 -mov byte [ebp - 0x61], 0 -call dword [eax + 0x60] ; ucall -movzx edx, byte [ebp - 0x67] -mov ecx, 1 -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -movzx edx, byte [ebp - 0x66] -mov ecx, 1 -mov word [ebp - 0x60], ax -mov eax, ebx -call fcn_fffb13cf ; call 0xfffb13cf -add esp, 0xc -movzx ecx, byte [ebp - 0x6c] -cmp dword [ebx + 0x188b], 1 -push 1 -push 0 -push 0xf -push 0xa -lea edx, [ebp - 0x56] -mov word [ebp - 0x5e], ax -sbb eax, eax -and eax, 4 -sub eax, 0x11 -movsx eax, al -push eax -push esi -lea eax, [ebp - 0x65] -push eax -push 2 -lea eax, [ebp - 0x67] +loc_fffcb417: ; not directly referenced +mov eax, dword [ebp - 0xaca8] +xor ebx, ebx +mov byte [ebp - 0xaca3], 0 +add eax, 0x70 +mov dword [ebp - 0xaca0], eax +movzx eax, byte [ebp - 0xac9c] +mov dword [ebp - 0xac9c], eax + +loc_fffcb43c: ; not directly referenced +mov eax, dword [ebp - 0xac9c] +bt eax, ebx +jae short loc_fffcb48a ; jae 0xfffcb48a +imul eax, ebx, 0x13c3 +mov cl, byte [ebp - 0xac88] +mov edx, ebx +and cl, byte [edi + eax + 0x381b] +mov eax, edi +mov byte [ebp + ebx - 0xac75], cl +movzx ecx, cl +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0xaca3], al push eax -mov eax, ebx +movzx eax, byte [edi + 0x2489] push 0 -push 0xf -call fcn_fffca96e ; call 0xfffca96e -add esp, 0x30 -xor eax, eax -cmp dword [ebp + 8], 0 -je short loc_fffcc493 ; je 0xfffcc493 -push eax -mov ecx, 3 push eax -mov eax, ebx -push 0 -push edi -push 0 -push 0 -push 0 -push 2 -lea edx, [ebx + 0x2490] -call fcn_fffc0a2d ; call 0xfffc0a2d -add esp, 0x20 +push dword [ebp - 0xaca0] +call dword [esi + 0x5c] ; ucall +add esp, 0x10 -loc_fffcc493: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcb48a: ; not directly referenced +inc ebx +add dword [ebp - 0xaca0], 0xcc +cmp ebx, 2 +jne short loc_fffcb43c ; jne 0xfffcb43c +cmp byte [ebp - 0xaca3], 0 +je loc_fffcc5ab ; je 0xfffcc5ab +movzx esi, byte [ebp - 0xac88] +xor eax, eax +mov dword [ebp - 0xacec], esi -fcn_fffcc49b: ; not directly referenced -push ebp -mov ecx, 0xf -mov ebp, esp -mov edx, 3 -mov eax, dword [ebp + 8] -mov dword [ebp + 8], 1 -pop ebp -jmp near fcn_fffcc3c6 ; jmp 0xfffcc3c6 +loc_fffcb4b6: ; not directly referenced +mov esi, dword [ebp - 0xacec] +mov byte [ebp - 0xaca4], al +bt esi, eax +jb short loc_fffcb4d4 ; jb 0xfffcb4d4 +inc eax +cmp eax, 4 +jne short loc_fffcb4b6 ; jne 0xfffcb4b6 +mov byte [ebp - 0xaca4], 0 -fcn_fffcc4b8: ; not directly referenced -push ebp -mov ebp, esp -mov ecx, dword [ebp + 0x10] -mov eax, dword [ebp + 0x18] -mov edx, dword [ebp + 0x1c] -mov dword [ecx], eax -mov dword [ecx + 4], edx -pop ebp -ret - -fcn_fffcc4cb: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x3c -mov eax, dword [ebp + 0x14] -mov ebx, dword [ebp + 0xc] -mov edi, dword [ebp + 8] -mov edx, dword [ebp + 0x10] -mov dword [ebp - 0x2c], eax -mov eax, dword [ebp + 0x20] -mov dword [ebp - 0x24], ebx -mov byte [ebp - 0x32], bl -mov byte [ebp - 0x31], dl -mov dword [ebp - 0x3c], eax -mov eax, dword [ebp + 0x24] -mov dword [ebp - 0x40], eax -mov al, byte [ebp + 0x18] -mov byte [ebp - 0x33], al -mov al, byte [ebp + 0x1c] -mov byte [ebp - 0x34], al -mov eax, dword [edi + 0x5edc] -cmp bl, 1 -ja loc_fffcc70e ; ja 0xfffcc70e -cmp dword [edi + 0x2480], 2 -jne loc_fffcc70e ; jne 0xfffcc70e -movzx eax, byte [ebp - 0x24] -mov dword [ebp - 0x1c], 0 -mov dword [ebp - 0x38], eax -imul eax, eax, 0x13c3 -lea ebx, [edi + eax + 0x3756] -add eax, edi -mov dword [ebp - 0x48], eax - -loc_fffcc540: ; not directly referenced -mov cl, byte [ebp - 0x1c] -mov edx, 1 -shl edx, cl -test byte [ebp - 0x33], dl -je loc_fffcc6f7 ; je 0xfffcc6f7 -mov eax, dword [ebp - 0x48] -test byte [eax + 0x381a], dl -je loc_fffcc6f7 ; je 0xfffcc6f7 -mov esi, dword [ebp - 0x1c] -imul eax, esi, 0x18 -mov dword [ebp - 0x30], eax -mov ax, word [ebx + eax + 0x1277] -mov word [ebp - 0x28], ax -or word [ebp - 0x28], 0x80 -mov eax, dword [ebp - 0x28] -cmp dword [ebp - 0x3c], 0 -mov word [ebp - 0x20], ax -je loc_fffcc666 ; je 0xfffcc666 -movzx eax, byte [ebp - 0x34] -imul esi, esi, 0x70 -mov dword [ebp - 0x28], 0 -mov dword [ebp - 0x30], eax -movzx eax, byte [ebp - 0x32] -add esi, ebx -mov dword [ebp - 0x44], eax - -loc_fffcc5a8: ; not directly referenced -mov eax, dword [ebp - 0x30] -mov edx, dword [ebp - 0x28] -bt eax, edx -jae loc_fffcc651 ; jae 0xfffcc651 -mov cx, word [esi + 0x109f] +loc_fffcb4d4: ; not directly referenced +mov ecx, dword [ebp - 0xac98] +mov al, byte [edi + 0x2489] +mov bl, al mov al, cl -and ecx, 0x3f -and eax, 0x7f -mov dl, al -or edx, 0xffffffc0 -test al, 0x60 -cmove edx, ecx -lea eax, [edx - 0xd] -cmp dl, 0xc -jg short loc_fffcc5e3 ; jg 0xfffcc5e3 +sub eax, 7 +cmp al, 5 +mov byte [ebp - 0xace8], al +setbe al +or al, byte [ebp - 0xac94] +mov al, 1 +cmovne ebx, eax +mov eax, ecx +cmp cl, 3 +sete cl +cmp al, 1 +setbe dl +mov eax, 1 +or cl, dl +mov byte [ebp - 0xaca2], bl +jne short loc_fffcb525 ; jne 0xfffcb525 xor eax, eax -cmp dl, 0xe4 -lea ecx, [edx + 0x1b] -cmovle eax, ecx +cmp byte [ebp - 0xac98], 2 +sete al -loc_fffcc5e3: ; not directly referenced -add eax, dword [ebp - 0x2c] -cmp al, 0x25 -jg short loc_fffcc5f4 ; jg 0xfffcc5f4 -cmp al, 0xdb -jl short loc_fffcc5fb ; jl 0xfffcc5fb -test al, al -jns short loc_fffcc5f6 ; jns 0xfffcc5f6 -jmp short loc_fffcc5fd ; jmp 0xfffcc5fd +loc_fffcb525: ; not directly referenced +mov dword [ebp - 0xaccc], eax +xor eax, 1 +test byte [ebp - 0xacbb], al +je short loc_fffcb54f ; je 0xfffcb54f +cmp byte [ebp - 0xacbc], 1 +setbe al +or eax, dword [ebp - 0xac94] +movzx eax, al +mov dword [ebp - 0xaccc], eax -loc_fffcc5f4: ; not directly referenced -mov al, 0x25 +loc_fffcb54f: ; not directly referenced +cmp dword [ebp - 0xaccc], 0 +mov byte [ebp - 0xac88], 0 +je loc_fffcb6a5 ; je 0xfffcb6a5 +xor esi, esi +xor ebx, ebx +cmp byte [ebp - 0xac98], 1 +jne short loc_fffcb58d ; jne 0xfffcb58d +mov edx, 0x3a04 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +cmp dword [ebp - 0xacc0], 0 +mov esi, eax +je loc_fffcb62a ; je 0xfffcb62a +jmp short loc_fffcb5c4 ; jmp 0xfffcb5c4 -loc_fffcc5f6: ; not directly referenced -add eax, 0xd -jmp short loc_fffcc600 ; jmp 0xfffcc600 +loc_fffcb58d: ; not directly referenced +mov edx, 0x3a00 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +cmp dword [ebp - 0xacc0], 0 +mov ebx, eax +jne short loc_fffcb5c4 ; jne 0xfffcb5c4 +mov ecx, dword [ebp - 0xac98] +cmp cl, 2 +je short loc_fffcb5ba ; je 0xfffcb5ba +cmp cl, 3 +je short loc_fffcb5bf ; je 0xfffcb5bf +test cl, cl +jne short loc_fffcb633 ; jne 0xfffcb633 +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcc5fb: ; not directly referenced -mov al, 0xdb +loc_fffcb5ba: ; not directly referenced +shr eax, 0x1a +jmp short loc_fffcb609 ; jmp 0xfffcb609 -loc_fffcc5fd: ; not directly referenced -sub eax, 0x1b +loc_fffcb5bf: ; not directly referenced +shr eax, 0x14 +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcc600: ; not directly referenced -and eax, 0x7f -mov cl, byte [ebp - 0x28] -mov dl, al -and eax, 0x3f -shr dl, 6 -and word [ebp - 0x20], 0xff80 -and edx, 1 -shl edx, 6 -or word [ebp - 0x20], dx -or word [ebp - 0x20], ax -mov eax, 1 -push edx -mov edx, dword [ebp - 0x44] -shl eax, cl -mov ecx, dword [ebp - 0x1c] -push eax -movzx eax, word [ebp - 0x20] -push 6 -push eax +loc_fffcb5c4: ; not directly referenced +mov edx, 0x3a08 mov eax, edi -call fcn_fffaa285 ; call 0xfffaa285 -add esp, 0x10 -cmp byte [ebp - 0x31], 0 -je short loc_fffcc651 ; je 0xfffcc651 -mov eax, dword [ebp - 0x20] -mov word [esi + 0x109f], ax +call fcn_fffb331f ; call 0xfffb331f +mov edx, 0x3a0c +mov dword [ebp - 0xac88], eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov eax, dword [ebp - 0xac98] +cmp al, 0xf +ja short loc_fffcb637 ; ja 0xfffcb637 +movzx eax, al +mov ecx, dword [ebp - 0xac88] +jmp dword [eax*4 + ref_fffd615c] ; ujmp: jmp dword [eax*4 - 0x29ea4] -loc_fffcc651: ; not directly referenced -inc dword [ebp - 0x28] -add esi, 0xe -cmp dword [ebp - 0x28], 8 -jne loc_fffcc5a8 ; jne 0xfffcc5a8 -jmp near loc_fffcc6f7 ; jmp 0xfffcc6f7 +loc_fffcb5fc: ; not directly referenced +mov al, bl +jmp short loc_fffcb62a ; jmp 0xfffcb62a -loc_fffcc666: ; not directly referenced -mov eax, dword [ebp - 0x30] -mov si, word [ebx + eax + 0x1277] -mov ecx, esi -and esi, 0x3f -and ecx, 0x7f +loc_fffcb600: ; not directly referenced +mov eax, esi +jmp short loc_fffcb62a ; jmp 0xfffcb62a + +loc_fffcb604: ; not directly referenced +shr ebx, 0x14 +mov al, bl + +loc_fffcb609: ; not directly referenced +and eax, 0x1f +mov byte [ebp - 0xac88], al +mov al, 0x1f +jmp short loc_fffcb640 ; jmp 0xfffcb640 + +loc_fffcb616: ; not directly referenced +shr ebx, 0x1a +mov dword [ebp - 0xac88], ebx +jmp short loc_fffcb633 ; jmp 0xfffcb633 + +loc_fffcb621: ; not directly referenced +mov eax, ecx +shr eax, 0xc +jmp short loc_fffcb62a ; jmp 0xfffcb62a + +loc_fffcb628: ; not directly referenced mov al, cl -or eax, 0xffffffc0 -and cl, 0x60 -cmove eax, esi -lea ecx, [eax - 0xd] -cmp al, 0xc -jg short loc_fffcc695 ; jg 0xfffcc695 -xor ecx, ecx -cmp al, 0xe4 -lea esi, [eax + 0x1b] -cmovle ecx, esi -loc_fffcc695: ; not directly referenced -add ecx, dword [ebp - 0x2c] -cmp cl, 0x25 -jg short loc_fffcc6a8 ; jg 0xfffcc6a8 -cmp cl, 0xdb -jl short loc_fffcc6af ; jl 0xfffcc6af -test cl, cl -js short loc_fffcc6b1 ; js 0xfffcc6b1 -jmp short loc_fffcc6aa ; jmp 0xfffcc6aa +loc_fffcb62a: ; not directly referenced +and eax, 0x3f +mov byte [ebp - 0xac88], al -loc_fffcc6a8: ; not directly referenced -mov cl, 0x25 +loc_fffcb633: ; not directly referenced +mov al, 0x3f +jmp short loc_fffcb640 ; jmp 0xfffcb640 -loc_fffcc6aa: ; not directly referenced -add ecx, 0xd -jmp short loc_fffcc6b4 ; jmp 0xfffcc6b4 +loc_fffcb637: ; not directly referenced +mov al, 0x3f +mov byte [ebp - 0xac88], 0 -loc_fffcc6af: ; not directly referenced -mov cl, 0xdb +loc_fffcb640: ; not directly referenced +cmp byte [ebp - 0xac98], 0xa +sete dl +or dl, byte [ebp - 0xac94] +jne short loc_fffcb677 ; jne 0xfffcb677 +mov esi, dword [ebp - 0xacb0] +mov bl, byte [ebp - 0xac88] +mov ecx, esi +lea edx, [ebx + ecx - 3] +mov bl, byte [ebp - 0xac90] +sub ecx, edx +test dl, dl +cmovs ebx, ecx +mov byte [ebp - 0xac90], bl -loc_fffcc6b1: ; not directly referenced -sub ecx, 0x1b +loc_fffcb677: ; not directly referenced +movzx esi, byte [ebp - 0xaca1] +sub eax, 3 +sub eax, dword [ebp - 0xac88] +cmp al, byte [ebp - 0xacac] +cmovs esi, eax +mov eax, esi +mov esi, dword [ebp - 0xac90] +mov ebx, esi +cmp al, bl +cmovl eax, esi +mov byte [ebp - 0xaca1], al -loc_fffcc6b4: ; not directly referenced -and ecx, 0x7f -mov esi, dword [ebp - 0x28] -mov al, cl -and ecx, 0x3f -shr al, 6 -and eax, 1 -shl eax, 6 -and esi, 0xffffff80 -or esi, eax -or esi, ecx -mov ecx, edx -mov edx, dword [ebp - 0x38] -push eax +loc_fffcb6a5: ; not directly referenced +mov eax, dword [ebp + 0x1c] +mov dword [ebp - 0xace4], eax +movzx eax, byte [ebp - 0xaca4] +imul esi, eax, 0x90 +mov dword [ebp - 0xacd8], eax +mov dword [ebp - 0xad08], esi +add esi, 4 +mov dword [ebp - 0xad00], esi +mov esi, dword [ebp + 0x10] +mov dword [ebp - 0xacb8], esi +movzx esi, byte [ebp - 0xace6] +mov word [ebp - 0xacba], si + +loc_fffcb6e7: ; not directly referenced +mov eax, dword [ebp + 0x10] +mov esi, dword [ebp - 0xacb8] +mov word [ebp - 0xad04], ax +sub esi, eax +cmp si, word [ebp - 0xacba] +jae loc_fffcbbc6 ; jae 0xfffcbbc6 +mov eax, dword [ebp - 0xacb8] +mov al, byte [eax] +mov cl, al +mov byte [ebp - 0xac98], al +movzx eax, al +mov ebx, eax +mov dword [ebp - 0xacb0], eax +xor eax, eax +cmp cl, 0x21 +ja short loc_fffcb72f ; ja 0xfffcb72f +movzx eax, byte [ebx + ref_fffd58e0] ; movzx eax, byte [ebx - 0x2a720] + +loc_fffcb72f: ; not directly referenced +cmp al, 8 +mov ebx, 8 +cmovbe ebx, eax +mov al, byte [ebp - 0xac98] +sub eax, 0xc +mov byte [ebp - 0xacdc], al +cmp al, 1 +jbe short loc_fffcb770 ; jbe 0xfffcb770 push eax -movzx eax, si +mov ecx, dword [ebp - 0xacb0] push eax mov eax, edi -push 6 -call fcn_fffafd52 ; call 0xfffafd52 +push dword [ebp - 0xacec] +push dword [ebp - 0xacd8] +lea edx, [edi + 0x2491] +call fcn_fffa7e1a ; call 0xfffa7e1a add esp, 0x10 -cmp byte [ebp - 0x31], 0 -je short loc_fffcc6f7 ; je 0xfffcc6f7 -mov eax, dword [ebp - 0x30] -mov word [ebx + eax + 0x1277], si -loc_fffcc6f7: ; not directly referenced -inc dword [ebp - 0x1c] -cmp dword [ebp - 0x1c], 2 -jne loc_fffcc540 ; jne 0xfffcc540 -mov ebx, 0x40000000 -jmp near loc_fffcc866 ; jmp 0xfffcc866 +loc_fffcb770: ; not directly referenced +cmp dword [ebp - 0xacc4], 2 +jne short loc_fffcb79d ; jne 0xfffcb79d +mov al, byte [ebp - 0xac98] +mov byte [ebp - 0xac9c], 0x25 +cmp al, 0x11 +sete dl +cmp al, 5 +sete al +or dl, al +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 +cmp byte [ebp - 0xac98], 0x21 +je short loc_fffcb7f9 ; je 0xfffcb7f9 -loc_fffcc70e: ; not directly referenced -mov ebx, dword [ebp - 0x24] -cmp bl, 1 -je short loc_fffcc73b ; je 0xfffcc73b -jb short loc_fffcc729 ; jb 0xfffcc729 -cmp bl, 2 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 -mov cl, byte [eax + 0x14] -and ecx, 0x7f -jmp short loc_fffcc74c ; jmp 0xfffcc74c +loc_fffcb79d: ; not directly referenced +mov al, byte [ebp - 0xac98] +mov byte [ebp - 0xac9c], 0x36 +cmp al, 0x10 +sete dl +cmp al, 4 +sete al +or dl, al +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 +mov al, byte [ebp - 0xac98] +cmp al, 5 +sete dl +cmp al, 0x20 +sete al +or dl, al +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 +mov al, byte [ebp - 0xac98] +cmp al, 0x21 +sete dl +cmp al, 0x11 +sete al +or dl, al +jne short loc_fffcb7f9 ; jne 0xfffcb7f9 +mov al, byte [ebp - 0xac98] +cmp al, 0xd +je short loc_fffcb7f9 ; je 0xfffcb7f9 +cmp al, 0xc +mov cl, 0x1f +mov al, 0x40 +cmove ecx, eax +mov byte [ebp - 0xac9c], cl -loc_fffcc729: ; not directly referenced -movzx ebx, byte [eax + 0x16] -mov cl, byte [eax + 0x15] -and ebx, 0x1f -shr cl, 6 -shl ebx, 2 -jmp short loc_fffcc74a ; jmp 0xfffcc74a +loc_fffcb7f9: ; not directly referenced +mov eax, dword [ebp - 0xace4] +mov ecx, 0x14 +xor edx, edx +movzx esi, si +mov ax, word [eax] +div cx +mov cl, byte [ebp - 0xac9c] +movzx edx, cl +cmp dx, ax +cmova ecx, eax +imul ebx, ebx, 0x240 +lea eax, [edi + 0x2491] +mov dword [ebp - 0xace0], eax +mov byte [ebp - 0xac9c], cl +add eax, ebx +add eax, dword [ebp - 0xad00] +add ebx, dword [ebp - 0xad08] +mov dword [ebp - 0xad04], eax +imul eax, esi, 0x1200 +mov dword [ebp - 0xacf8], ebx +mov dword [ebp - 0xacfc], eax +movsx eax, byte [ebp - 0xac90] +mov byte [ebp - 0xaca0], al +mov dword [ebp - 0xad10], eax +movzx eax, byte [ebp - 0xaca3] +mov dword [ebp - 0xacac], eax -loc_fffcc73b: ; not directly referenced -movzx ebx, byte [eax + 0x15] -mov cl, byte [eax + 0x14] -and ebx, 0x3f -shr cl, 7 -add ebx, ebx +loc_fffcb87c: ; not directly referenced +mov al, byte [ebp - 0xaca0] +cmp byte [ebp - 0xaca1], al +jl loc_fffcbbb4 ; jl 0xfffcbbb4 +movsx eax, byte [ebp - 0xaca0] +mov dword [ebp - 0xacd0], eax +mov eax, dword [ebp - 0xad10] +sub dword [ebp - 0xacd0], eax +cmp dword [ebp - 0xacc8], 0 +jne short loc_fffcb8c3 ; jne 0xfffcb8c3 -loc_fffcc74a: ; not directly referenced -or ecx, ebx +loc_fffcb8b0: ; not directly referenced +movsx ax, byte [ebp - 0xaca0] +xor ebx, ebx +mov word [ebp - 0xacf4], ax +jmp short loc_fffcb91a ; jmp 0xfffcb91a -loc_fffcc74c: ; not directly referenced -mov bl, cl -mov esi, 0xffffffca -or ebx, 0xffffff80 -test cl, 0xc0 -cmovne ecx, ebx -mov ebx, 0x36 -movsx ecx, cl -add ecx, dword [ebp - 0x2c] -cmp ecx, 0xffffffca -cmovge esi, ecx -cmp esi, 0x36 -cmovle ebx, esi +loc_fffcb8c3: ; not directly referenced +movsx ax, byte [ebp - 0xaca0] +mov dl, 8 +mov esi, dword [ebp - 0xaca8] +idiv dl +movsx ecx, ah +mov dl, al +cmp cl, 1 +movsx eax, al +setle bl test dl, dl -je short loc_fffcc7e6 ; je 0xfffcc7e6 -mov edx, dword [ebp - 0x24] -cmp dl, 1 -je short loc_fffcc7c1 ; je 0xfffcc7c1 -jb short loc_fffcc79c ; jb 0xfffcc79c -cmp dl, 2 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 -mov dl, byte [eax + 0x14] -mov cl, bl -and ecx, 0x7f -and edx, 0xffffff80 -or edx, ecx -mov byte [eax + 0x14], dl -jmp short loc_fffcc7e6 ; jmp 0xfffcc7e6 +mov al, byte [esi + eax + 0x1bc] +sete dl +test bl, dl +jne loc_fffcbba9 ; jne 0xfffcbba9 +mov edx, 1 +shl edx, cl +test al, dl +je short loc_fffcb8b0 ; je 0xfffcb8b0 +jmp near loc_fffcbba9 ; jmp 0xfffcbba9 -loc_fffcc79c: ; not directly referenced -mov dl, byte [eax + 0x15] -mov cl, bl -shl ecx, 6 -and edx, 0x3f -or edx, ecx -mov ecx, ebx -mov byte [eax + 0x15], dl -mov dl, byte [eax + 0x16] -shr ecx, 2 -and ecx, 0x1f -and edx, 0xffffffe0 -or edx, ecx -mov byte [eax + 0x16], dl -jmp short loc_fffcc7e6 ; jmp 0xfffcc7e6 +loc_fffcb907: ; not directly referenced +cmp byte [ebp - 0xacbb], 0 +jne short loc_fffcb989 ; jne 0xfffcb989 -loc_fffcc7c1: ; not directly referenced -mov dl, byte [eax + 0x14] -mov ecx, ebx -and ecx, 1 -shl ecx, 7 -and edx, 0x7f -or edx, ecx -mov ecx, ebx -mov byte [eax + 0x14], dl -mov dl, byte [eax + 0x15] -shr ecx, 1 -and ecx, 0x3f -and edx, 0xffffffc0 -or edx, ecx -mov byte [eax + 0x15], dl +loc_fffcb910: ; not directly referenced +inc ebx +cmp ebx, 2 +je loc_fffcb9c0 ; je 0xfffcb9c0 -loc_fffcc7e6: ; not directly referenced -cmp dword [edi + 0x188b], 1 -mov eax, 0xf84 -mov edx, 0xf78 -cmove edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov edx, dword [ebp - 0x24] -cmp dl, 1 -je short loc_fffcc837 ; je 0xfffcc837 -jb short loc_fffcc823 ; jb 0xfffcc823 -cmp dl, 2 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 -and ebx, 0x7f -and eax, 0xffffff80 -or eax, ebx -mov ebx, 0x20000000 -jmp short loc_fffcc849 ; jmp 0xfffcc849 +loc_fffcb91a: ; not directly referenced +mov eax, dword [ebp - 0xacac] +bt eax, ebx +jae short loc_fffcb910 ; jae 0xfffcb910 +xor eax, eax +cmp byte [ebp - 0xac8c], 7 +jne short loc_fffcb946 ; jne 0xfffcb946 +imul edx, ebx, 0x13c3 +cmp dword [edi + edx + 0x3817], 2 +mov edx, 0x20 +cmove eax, edx -loc_fffcc823: ; not directly referenced -and ebx, 0x7f -and eax, 0xffe03fff -shl ebx, 0xe -or eax, ebx -mov ebx, 0x40000000 -jmp short loc_fffcc849 ; jmp 0xfffcc849 +loc_fffcb946: ; not directly referenced +xor esi, esi +mov word [ebp - 0xacd4], ax -loc_fffcc837: ; not directly referenced -and ebx, 0x7f -and eax, 0xffffc07f -shl ebx, 7 -or eax, ebx -mov ebx, 0x80000000 +loc_fffcb94f: ; not directly referenced +mov eax, esi +cmp byte [ebp - 0xaca2], al +jbe short loc_fffcb907 ; jbe 0xfffcb907 +mov eax, dword [ebp - 0xacf4] +mov edx, ebx +add eax, dword [ebp - 0xacd4] +push 0 +movzx ecx, byte [ebp + ebx - 0xac75] +cwde +push eax +movzx eax, byte [ebp - 0xac8c] +push eax +mov eax, edi +push esi +inc esi +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 +jmp short loc_fffcb94f ; jmp 0xfffcb94f -loc_fffcc849: ; not directly referenced -cmp dword [edi + 0x188b], 1 -mov ecx, 0xf84 -mov edx, 0xf78 -cmove edx, ecx -mov ecx, eax +loc_fffcb989: ; not directly referenced +mov al, byte [ebp - 0xac8c] +and eax, 0xfffffff7 +dec al +jne loc_fffcb910 ; jne 0xfffcb910 +mov eax, dword [ebp - 0xaca8] +cmp byte [eax + 0x1c5], 0 +je loc_fffcb910 ; je 0xfffcb910 +xor ecx, ecx +mov edx, 1 mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c +call fcn_fffb7663 ; call 0xfffb7663 +jmp near loc_fffcb910 ; jmp 0xfffcb910 -loc_fffcc866: ; not directly referenced -cmp byte [ebp - 0x40], 0 -jne loc_fffcc8f8 ; jne 0xfffcc8f8 -cmp dword [edi + 0x2480], 2 -jne short loc_fffcc884 ; jne 0xfffcc884 -cmp byte [ebp - 0x24], 1 -mov edx, 3 -jbe short loc_fffcc8ce ; jbe 0xfffcc8ce +loc_fffcb9c0: ; not directly referenced +cmp byte [ebp - 0xacdc], 1 +ja loc_fffcba62 ; ja 0xfffcba62 +cmp dword [ebp - 0xacc4], 3 +je short loc_fffcba1b ; je 0xfffcba1b -loc_fffcc884: ; not directly referenced -cmp dword [edi + 0x188b], 1 -mov cl, 0x4b -mov byte [ebp - 0x1c], 0 -sete al -mov esi, eax -mov al, 0x32 -lea esi, [esi + esi*4 + 5] -cmovne ecx, eax - -loc_fffcc89f: ; not directly referenced -cmp dword [edi + 0x188b], 1 -mov eax, 0xf84 -mov edx, 0xf78 -mov dword [ebp - 0x20], ecx -cmove edx, eax +loc_fffcb9d6: ; not directly referenced +push eax +mov ecx, dword [ebp - 0xacac] +push eax +mov edx, dword [ebp - 0xace0] +push 1 +lea eax, [ebp - 0xac5c] +push eax +movzx eax, byte [ebp - 0xac9c] +push eax mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov ecx, dword [ebp - 0x20] -and eax, ebx -cmp eax, ebx -jne short loc_fffcc8dc ; jne 0xfffcc8dc - -loc_fffcc8c6: ; not directly referenced -mov eax, esi -movzx esi, al -imul edx, esi, 0xf +push 0 +push dword [ebp - 0xacb0] +push dword [ebp - 0xacd8] +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x14 +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +jmp near loc_fffcba9e ; jmp 0xfffcba9e -loc_fffcc8ce: ; not directly referenced -lea esp, [ebp - 0xc] -mov eax, edi -pop ebx -pop esi -pop edi -pop ebp -jmp near fcn_fffa834b ; jmp 0xfffa834b +loc_fffcba1b: ; not directly referenced +mov eax, dword [ebp - 0xad04] +xor edx, edx +xor ecx, ecx -loc_fffcc8dc: ; not directly referenced -mov edx, 0xf -mov eax, edi -mov dword [ebp - 0x20], ecx -call fcn_fffa834b ; call 0xfffa834b -mov ecx, dword [ebp - 0x20] -inc byte [ebp - 0x1c] -cmp byte [ebp - 0x1c], cl -jb short loc_fffcc89f ; jb 0xfffcc89f -jmp short loc_fffcc8c6 ; jmp 0xfffcc8c6 +loc_fffcba25: ; not directly referenced +cmp dword [edi + edx + 0x3757], 2 +jne short loc_fffcba4b ; jne 0xfffcba4b +mov ebx, dword [eax - 4] +cmp ebx, 0x29 +lea esi, [ebx - 0x28] +mov ebx, dword [eax] +cmovb esi, ecx +mov dword [eax - 4], esi +cmp ebx, 0x29 +lea esi, [ebx - 0x28] +cmovb esi, ecx +mov dword [eax], esi -loc_fffcc8f8: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcba4b: ; not directly referenced +add edx, 0x13c3 +add eax, 0x48 +cmp edx, 0x2786 +je loc_fffcb9d6 ; je 0xfffcb9d6 +jmp short loc_fffcba25 ; jmp 0xfffcba25 -fcn_fffcc900: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x4c -mov eax, dword [ebp + 0x18] -mov esi, dword [ebp + 0x20] -mov edi, dword [ebp + 0x2c] -mov ecx, dword [ebp + 0xc] -mov dword [ebp - 0x30], eax -mov ebx, dword [ebp + 0x1c] -mov byte [ebp - 0x2b], al -mov eax, esi -mov edx, dword [ebp + 0x24] -mov byte [ebp - 0x48], al +loc_fffcba62: ; not directly referenced +push eax +mov ecx, dword [ebp - 0xacac] +push eax +mov edx, dword [ebp - 0xace0] +lea eax, [ebp - 0xac5c] +push eax +movzx eax, byte [ebp - 0xac9c] +push eax +lea eax, [ebp - 0xac71] +push eax +mov eax, dword [ebp - 0xacd8] +push dword [ebp - 0xacb0] +push eax +push eax mov eax, edi -mov byte [ebp - 0x29], al -mov al, byte [ebp + 0x30] -cmp cl, 6 -mov dword [ebp - 0x40], ebx -mov byte [ebp - 0x2c], bl -sete bl -cmp cl, 3 -mov dword [ebp - 0x20], esi -mov byte [ebp - 0x50], al -mov eax, dword [ebp + 8] -mov dword [ebp - 0x44], edx -mov dword [ebp - 0x34], edi -mov byte [ebp - 0x49], dl -mov eax, dword [eax + 0x5edc] -mov byte [ebp - 0x2a], bl -mov dword [ebp - 0x38], eax -setbe al -or al, bl -jne short loc_fffcc98e ; jne 0xfffcc98e -lea eax, [ecx - 8] -cmp al, 2 -jbe short loc_fffcc992 ; jbe 0xfffcc992 -mov eax, dword [ebp + 8] -mov bl, 0x36 -cmp dword [eax + 0x2480], 2 -jne short loc_fffcc998 ; jne 0xfffcc998 -cmp cl, 0x11 -sete dl -cmp cl, 5 -sete al -or dl, al -jne short loc_fffcc996 ; jne 0xfffcc996 -cmp cl, 0x21 -jne short loc_fffcc998 ; jne 0xfffcc998 -jmp short loc_fffcc9a9 ; jmp 0xfffcc9a9 - -loc_fffcc98e: ; not directly referenced -mov bl, 0x1f -jmp short loc_fffcc998 ; jmp 0xfffcc998 - -loc_fffcc992: ; not directly referenced -mov bl, 0xff -jmp short loc_fffcc998 ; jmp 0xfffcc998 - -loc_fffcc996: ; not directly referenced -mov bl, 0x25 +call fcn_fffd16df ; call 0xfffd16df +add esp, 0x20 -loc_fffcc998: ; not directly referenced -cmp cl, 0x1f -ja short loc_fffcc9ab ; ja 0xfffcc9ab -mov eax, dword [ebp + 0x14] -lea esi, [eax + eax - 1] -mov eax, dword [ebp + 0x10] -jmp short loc_fffcc9d6 ; jmp 0xfffcc9d6 +loc_fffcba9e: ; not directly referenced +movsx eax, byte [ebp - 0xacd0] +xor ecx, ecx +mov esi, dword [ebp - 0xacfc] +imul eax, eax, 0x48 +lea eax, [esi + eax + 4] +lea eax, [ebp + eax - 0xa2cc] +mov dword [ebp - 0xacd4], eax -loc_fffcc9a9: ; not directly referenced -mov bl, 0x25 +loc_fffcbac1: ; not directly referenced +mov eax, dword [ebp - 0xacac] +bt eax, ecx +jae loc_fffcbb98 ; jae 0xfffcbb98 +imul esi, ecx, 0x48 +mov eax, dword [ebp - 0xacd4] +add esi, dword [ebp - 0xacf8] +lea ebx, [eax - 4] +add esi, edi -loc_fffcc9ab: ; not directly referenced -imul esi, dword [ebp + 0x14], 3 -mov edi, 2 -lea eax, [esi - 5] -imul eax, dword [ebp + 0x14] -cdq -idiv edi -cmp dword [ebp + 0x14], 0 -mov esi, eax -mov eax, dword [ebp + 0x10] -mov dword [ebp - 0x1c], eax -jne short loc_fffcc9d9 ; jne 0xfffcc9d9 -lea eax, [eax + eax*4] -mov di, 4 -cdq -idiv edi +loc_fffcbae4: ; not directly referenced +mov al, byte [edi + 0x2489] +mov word [ebp - 0xacd0], 0xffff +mov byte [ebp - 0xacf4], al +xor eax, eax -loc_fffcc9d6: ; not directly referenced -mov dword [ebp - 0x1c], eax +loc_fffcbafb: ; not directly referenced +cmp byte [ebp - 0xacf4], al +jbe short loc_fffcbb36 ; jbe 0xfffcbb36 +mov edx, dword [esi + eax*8 + 0x2491] +mov word [ebx + eax*4], dx +mov edx, dword [ebp - 0xacd0] +cmp dx, word [esi + eax*8 + 0x2491] +cmova dx, word [esi + eax*8 + 0x2491] +inc eax +cmp byte [ebp - 0xacdc], 1 +mov word [ebp - 0xacd0], dx +ja short loc_fffcbafb ; ja 0xfffcbafb -loc_fffcc9d9: ; not directly referenced -mov eax, dword [ebp + 0x10] -mov edi, 3 -imul eax, esi -movzx esi, bl -cdq -idiv edi -cmp dword [ebp - 0x1c], esi -jg short loc_fffcc9f9 ; jg 0xfffcc9f9 -mov edi, dword [ebp - 0x1c] -neg esi -cmp edi, esi -cmovge esi, edi +loc_fffcbb36: ; not directly referenced +cmp byte [ebp - 0xaca2], 1 +jne short loc_fffcbb48 ; jne 0xfffcbb48 +mov eax, dword [ebp - 0xacd0] +mov word [ebx], ax -loc_fffcc9f9: ; not directly referenced -mov ebx, dword [ebp - 0x20] -cmp eax, 0xffffffe1 -mov edx, 0xffffffe1 -cmovge edx, eax -mov edi, 0x1f -cmp edx, 0x1f -cmovle edi, edx -xor eax, eax -mov edx, dword [ebp + 8] -cmp bl, 0xff -cmovne eax, ebx -mov byte [ebp - 0x24], al -movzx eax, byte [ebp - 0x40] -mov ebx, eax -mov dword [ebp - 0x20], eax -imul eax, eax, 0x13c3 -lea eax, [edx + eax + 0x3756] -mov dword [ebp - 0x28], eax -movzx eax, byte [ebp - 0x44] -mov edx, eax -mov dword [ebp - 0x1c], eax -imul eax, ebx, 0xcc -mov ebx, dword [ebp - 0x38] -lea eax, [ebx + eax + 0x1c] -lea eax, [eax + edx*4] -mov dword [ebp - 0x3c], eax -mov ebx, dword [eax + 0x54] -cmp cl, 0x21 -ja loc_fffccfba ; ja 0xfffccfba -movzx eax, cl -jmp dword [eax*4 + ref_fffd5b38] ; ujmp: jmp dword [eax*4 - 0x2a4c8] +loc_fffcbb48: ; not directly referenced +cmp byte [ebp - 0xac94], 0 +je short loc_fffcbb86 ; je 0xfffcbb86 +mov al, byte [ebp - 0xac98] +cmp al, 0xc +je short loc_fffcbb64 ; je 0xfffcbb64 +cmp al, 0xd +jne short loc_fffcbb86 ; jne 0xfffcbb86 +jmp near loc_fffcc5a1 ; jmp 0xfffcc5a1 -loc_fffcca6b: ; not directly referenced -and esi, 0x3f -and ebx, 0xffffffc0 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +loc_fffcbb64: ; not directly referenced +mov eax, 0x8c -loc_fffcca76: ; not directly referenced -and esi, 0x3f -and ebx, 0xfffff03f -shl esi, 6 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +loc_fffcbb69: ; not directly referenced +cmp word [ebx], ax +ja short loc_fffcbb86 ; ja 0xfffcbb86 +sub esp, 0xc +push edi +mov dword [ebp - 0xacd0], ecx +call fcn_fffc9f5d ; call 0xfffc9f5d +mov ecx, dword [ebp - 0xacd0] +add esp, 0x10 -loc_fffcca87: ; not directly referenced -and esi, 0x3f -and ebx, 0xfffc0fff -shl esi, 0xc -jmp near loc_fffccc11 ; jmp 0xfffccc11 +loc_fffcbb86: ; not directly referenced +add ebx, 2 +add esi, 4 +cmp ebx, dword [ebp - 0xacd4] +jne loc_fffcbae4 ; jne 0xfffcbae4 -loc_fffcca98: ; not directly referenced -and esi, 0x3f -and ebx, 0xff03ffff -shl esi, 0x12 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +loc_fffcbb98: ; not directly referenced +inc ecx +add dword [ebp - 0xacd4], 0x24 +cmp ecx, 2 +jne loc_fffcbac1 ; jne 0xfffcbac1 -loc_fffccaa9: ; not directly referenced -and esi, 0x7f -and ebx, 0x80ffffff -shl esi, 0x18 -jmp near loc_fffccc11 ; jmp 0xfffccc11 +loc_fffcbba9: ; not directly referenced +inc byte [ebp - 0xaca0] +jmp near loc_fffcb87c ; jmp 0xfffcb87c -loc_fffccaba: ; not directly referenced -mov ebx, dword [ebp - 0x20] -mov eax, dword [ebp + 8] -shl ebx, 0xa -add ebx, 0x4028 -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -cmp esi, 0 -mov edi, eax -mov eax, dword [ebp - 0x28] -mov eax, dword [eax + 0x1019] -jle short loc_fffccae7 ; jle 0xfffccae7 -lea esi, [esi + esi - 0x10] -dec eax -jmp short loc_fffccaee ; jmp 0xfffccaee +loc_fffcbbb4: ; not directly referenced +add dword [ebp - 0xace4], 2 +inc dword [ebp - 0xacb8] +jmp near loc_fffcb6e7 ; jmp 0xfffcb6e7 -loc_fffccae7: ; not directly referenced -je short loc_fffccaee ; je 0xfffccaee -lea esi, [esi + esi + 0x10] +loc_fffcbbc6: ; not directly referenced +movsx esi, byte [ebp - 0xaca1] +movsx eax, byte [ebp - 0xac90] +mov dword [ebp - 0xac98], 0 +mov dword [ebp - 0xacd4], esi +sub dword [ebp - 0xacd4], eax +mov esi, dword [ebp - 0xacd4] +mov dword [ebp - 0xacd0], eax +mov eax, esi +mov byte [ebp - 0xad00], al inc eax +mov byte [ebp - 0xacac], al +lea eax, [ebp - 0x5acc] +mov dword [ebp - 0xacf8], eax +lea eax, [edi + 0x3757] +mov dword [ebp - 0xacb0], eax +mov eax, dword [ebp - 0xacb4] +mov dword [ebp - 0xace0], eax +movzx eax, byte [ebp - 0xace6] +mov dword [ebp - 0xad08], eax +shl eax, 6 +mov dword [ebp - 0xacdc], eax -loc_fffccaee: ; not directly referenced -movzx ecx, byte [ebp - 0x24] -and eax, 0x3f -and edi, 0xffc0ffff -mov edx, dword [ebp - 0x1c] -shl eax, 0x10 -or edi, eax -lea eax, [ecx + ecx*8] -lea eax, [edx + eax + 0xd8] -mov edx, dword [ebp - 0x28] -movzx eax, word [edx + eax*2 + 1] -push edx -add esi, eax -mov eax, 0x1ff -cmp esi, 0x1ff -cmovle eax, esi -xor edx, edx -test eax, eax -cmovns edx, eax -mov eax, dword [ebp + 8] -push edx -mov edx, dword [ebp - 0x20] -push 0 -push dword [ebp - 0x1c] -call fcn_fffa7499 ; call 0xfffa7499 -mov eax, dword [ebp + 8] -mov ecx, edi -mov edx, ebx -call fcn_fffae58c ; call 0xfffae58c -add esp, 0x10 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +loc_fffcbc3f: ; not directly referenced +movzx eax, byte [ebp - 0xaca3] +mov esi, dword [ebp - 0xac98] +mov dword [ebp - 0xace4], eax +bt eax, esi +jae loc_fffcc332 ; jae 0xfffcc332 +mov eax, dword [ebp - 0xacf8] +mov dword [ebp - 0xac9c], 0 +mov dword [ebp - 0xacec], eax -loc_fffccb52: ; not directly referenced -movzx eax, byte [ebp - 0x50] -xor ebx, ebx -mov dword [ebp - 0x28], eax -movzx eax, byte [ebp - 0x48] -mov dword [ebp - 0x48], eax +loc_fffcbc71: ; not directly referenced +mov al, byte [ebp - 0xac9c] +cmp byte [ebp - 0xaca2], al +jbe loc_fffcc332 ; jbe 0xfffcc332 +imul eax, dword [ebp - 0xac98], 9 +mov word [ebp - 0xacd8], 0 +mov dword [ebp - 0xacfc], eax -loc_fffccb62: ; not directly referenced -imul eax, ebx, 0x13c3 -mov edx, dword [ebp + 8] -cmp dword [edx + eax + 0x3756], 2 -jne short loc_fffccbb1 ; jne 0xfffccbb1 -cmp byte [ebp - 0x2c], bl -sete dl -cmp byte [ebp - 0x2b], 1 -sete al -or dl, al -je short loc_fffccbb1 ; je 0xfffccbb1 -push dword [ebp - 0x28] -xor eax, eax -cmp byte [ebp - 0x49], 0 -mov dword [ebp - 0x50], ecx -setne al -push eax -movzx eax, byte [ebp - 0x29] -push dword [ebp - 0x1c] -push dword [ebp - 0x48] -push esi -push eax -push ebx -push dword [ebp + 8] -call fcn_fffcc4cb ; call 0xfffcc4cb -mov ecx, dword [ebp - 0x50] -add esp, 0x20 +loc_fffcbc99: ; not directly referenced +mov ax, word [ebp - 0xacba] +mov esi, dword [ebp - 0xacd8] +cmp si, ax +jae loc_fffcbe54 ; jae 0xfffcbe54 +mov al, byte [ebp - 0xac90] +movzx ebx, si +mov byte [ebp - 0xaca0], al +mov eax, ebx +shl eax, 6 +mov dword [ebp - 0xacb8], eax -loc_fffccbb1: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffccb62 ; jne 0xfffccb62 -cmp cl, 0x21 +loc_fffcbcc9: ; not directly referenced +mov al, byte [ebp - 0xaca0] +cmp byte [ebp - 0xaca1], al +jl loc_fffcbe48 ; jl 0xfffcbe48 +mov al, byte [ebp - 0xaca0] +sub eax, dword [ebp - 0xacd0] +movsx esi, al +mov eax, dword [ebp - 0xacb8] +add eax, esi +cmp dword [ebp - 0xacc8], 0 +mov word [ebp + eax*2 - 0xabcc], 0 +je short loc_fffcbd55 ; je 0xfffcbd55 +movsx ax, byte [ebp - 0xaca0] +mov dl, 8 +mov ecx, dword [ebp - 0xaca8] +idiv dl +mov byte [ebp - 0xace6], ah +mov dl, al +movsx eax, al +cmp byte [ebp - 0xace6], 1 +mov al, byte [ecx + eax + 0x1bc] +setle cl +test dl, dl sete dl -cmp cl, 0x11 -sete al -or dl, al -je loc_fffcd148 ; je 0xfffcd148 -mov eax, dword [ebp - 0x3c] -mov ebx, dword [eax + 0x54] -mov eax, edi -and eax, 0x3f -shl eax, 0xc -and ebx, 0xfffc0fff -jmp short loc_fffccbf7 ; jmp 0xfffccbf7 +test cl, dl +jne loc_fffcbe3d ; jne 0xfffcbe3d +mov cl, byte [ebp - 0xace6] +mov edx, 1 +shl edx, cl +test al, dl +jne loc_fffcbe3d ; jne 0xfffcbe3d -loc_fffccbe1: ; not directly referenced -and esi, 0x7f -mov eax, edi -shl esi, 0x18 -and ebx, 0x80fff03f -and eax, 0x3f -or ebx, esi -shl eax, 6 +loc_fffcbd55: ; not directly referenced +mov eax, dword [ebp + 0x10] +mov al, byte [eax + ebx] +lea edx, [eax - 4] +cmp dl, 1 +setbe cl +cmp al, 0x21 +sete dl +or cl, dl +jne short loc_fffcbd79 ; jne 0xfffcbd79 +cmp al, 0x20 +je short loc_fffcbd79 ; je 0xfffcbd79 +cmp al, 0xd +jne loc_fffcbdfd ; jne 0xfffcbdfd -loc_fffccbf7: ; not directly referenced -or ebx, eax -jmp near loc_fffccfc4 ; jmp 0xfffccfc4 +loc_fffcbd79: ; not directly referenced +mov eax, dword [ebp + 0x18] +imul ecx, esi, 0x12 +movzx edx, byte [eax + ebx] +imul eax, ebx, 0x480 +add eax, ecx +mov ecx, edx +add eax, dword [ebp - 0xacfc] +add eax, dword [ebp - 0xac9c] +imul cx, word [ebp + eax*4 - 0xa2ca] +imul edx, dword [ebp + eax*4 - 0xa2cc] +mov word [ebp - 0xace6], dx +mov eax, edx +mov edx, ecx +sub dx, word [ebp - 0xace6] +add eax, ecx +add eax, eax +mov word [ebp - 0xacf4], dx +mov edx, eax +sub eax, dword [ebp - 0xacf4] +add edx, dword [ebp - 0xacf4] +cmp cx, word [ebp - 0xace6] +mov ecx, 2 +cmovbe eax, edx +mov edx, eax +sar dx, 0xf +idiv cx +add esi, dword [ebp - 0xacb8] +mov word [ebp + esi*2 - 0xabcc], ax +jmp short loc_fffcbe3d ; jmp 0xfffcbe3d -loc_fffccbfe: ; not directly referenced -and esi, 0x3f -and ebx, 0xff000fff -mov eax, esi -shl eax, 0xc -shl esi, 0x12 -or ebx, eax +loc_fffcbdfd: ; not directly referenced +mov ecx, dword [ebp + 0x18] +mov eax, dword [ebp - 0xacb8] +movzx edx, byte [ecx + ebx] +imul ecx, ebx, 0x480 +add eax, esi +imul esi, esi, 0x12 +add esi, ecx +add esi, dword [ebp - 0xacfc] +add esi, dword [ebp - 0xac9c] +movzx ecx, word [ebp + esi*4 - 0xa2ca] +add ecx, dword [ebp + esi*4 - 0xa2cc] +imul ecx, edx +mov word [ebp + eax*2 - 0xabcc], cx -loc_fffccc11: ; not directly referenced -or ebx, esi -jmp near loc_fffccfc4 ; jmp 0xfffccfc4 +loc_fffcbe3d: ; not directly referenced +inc byte [ebp - 0xaca0] +jmp near loc_fffcbcc9 ; jmp 0xfffcbcc9 -loc_fffccc18: ; not directly referenced -cmp byte [ebp - 0x30], 0 -movzx ebx, byte [ebp - 0x24] -je loc_fffcccca ; je 0xfffcccca -mov eax, dword [ebp + 8] -lea edx, [ebx*4 + 0x3630] -xor edi, edi -mov ecx, dword [ebp + 0x10] -call fcn_fffaeb7c ; call 0xfffaeb7c -imul eax, ebx, 0xd8 -mov dword [ebp - 0x20], eax +loc_fffcbe48: ; not directly referenced +inc word [ebp - 0xacd8] +jmp near loc_fffcbc99 ; jmp 0xfffcbc99 -loc_fffccc43: ; not directly referenced -sub esp, 0xc -mov eax, dword [ebp + 8] -mov ecx, 1 -push 1 -mov edx, edi +loc_fffcbe54: ; not directly referenced +cmp byte [ebp - 0xac8c], 0xc +mov byte [ebp - 0xaca0], 1 +sete bl +cmp byte [ebp - 0xace8], 2 +mov byte [ebp - 0xace6], bl +setbe al +or al, bl +jne loc_fffcbfb2 ; jne 0xfffcbfb2 +cmp byte [ebp - 0xace7], 0 +je short loc_fffcbedc ; je 0xfffcbedc +cmp byte [ebp - 0xacbb], 0 +mov byte [ebp - 0xaca0], 3 +je loc_fffcbfb2 ; je 0xfffcbfb2 +mov al, byte [ebp - 0xaca1] +push ecx +push ecx +mov ecx, 8 +push 3 +lea ebx, [eax + 1] +sub ebx, dword [ebp - 0xac90] push 0 +lea eax, [ebp - 0xabcc] +movzx ebx, bl +mov edx, ebx +call fcn_fffa6ff5 ; call 0xfffa6ff5 +mov ecx, 8 +mov edx, ebx +pop esi +pop eax +lea eax, [ebp - 0xab4c] +push 3 push 0 -push dword [ebp + 0x34] -push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 -cmp byte [ebp - 0x29], 0 -jne short loc_fffccc73 ; jne 0xfffccc73 +jmp near loc_fffcbf61 ; jmp 0xfffcbf61 -loc_fffccc68: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffccc43 ; jne 0xfffccc43 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +loc_fffcbedc: ; not directly referenced +cmp byte [ebp - 0xac8c], 5 +jne loc_fffcbf72 ; jne 0xfffcbf72 +cmp dword [ebp - 0xacc0], 0 +je short loc_fffcbf04 ; je 0xfffcbf04 +movzx eax, byte [ebp - 0xacd4] +mov ebx, 1 +xor ecx, ecx +mov dl, 4 +jmp short loc_fffcbf11 ; jmp 0xfffcbf11 -loc_fffccc73: ; not directly referenced -imul eax, edi, 0x13c3 -add eax, dword [ebp - 0x20] -mov byte [ebp - 0x1c], 0 -mov dword [ebp - 0x24], eax +loc_fffcbf04: ; not directly referenced +movzx eax, byte [ebp - 0xacac] +xor ebx, ebx +mov cl, 2 +mov dl, 5 -loc_fffccc83: ; not directly referenced -mov eax, dword [ebp + 8] -mov cl, byte [ebp - 0x1c] -cmp cl, byte [eax + 0x2488] -jae short loc_fffccc68 ; jae 0xfffccc68 +loc_fffcbf11: ; not directly referenced movzx esi, cl -imul esi, esi, 0x18 -add esi, dword [ebp - 0x24] -add esi, eax -xor eax, eax -mov dword [ebp - 0x28], esi - -loc_fffccca1: ; not directly referenced -mov esi, dword [ebp + 0x10] -lea ecx, [eax*4] -lea edx, [eax + eax*2] -inc eax -sar esi, cl -mov ecx, esi -mov esi, dword [ebp - 0x28] -and ecx, 0xf -mov byte [esi + edx + 0x3d38], cl -cmp eax, 8 -jne short loc_fffccca1 ; jne 0xfffccca1 -inc byte [ebp - 0x1c] -jmp short loc_fffccc83 ; jmp 0xfffccc83 - -loc_fffcccca: ; not directly referenced -mov edi, dword [ebp - 0x1c] -mov esi, dword [ebp - 0x20] -mov ecx, dword [ebp + 0x10] -mov eax, edi -shl eax, 7 -lea edx, [eax + ebx + 0xc] -mov eax, esi -shl eax, 6 -add edx, eax -mov eax, dword [ebp + 8] -shl edx, 2 -call fcn_fffae58c ; call 0xfffae58c -sub esp, 0xc -mov eax, dword [ebp + 8] +movzx ecx, dl +mov dword [ebp - 0xaca0], esi +mov edx, eax +push esi +push esi push 1 -xor ecx, ecx -push 0 +push dword [ebp - 0xaca0] +lea esi, [ebp - 0xabcc] +lea eax, [ebx + ebx] +add eax, esi +mov esi, edx +mov dword [ebp - 0xacb8], ecx +call fcn_fffa6ff5 ; call 0xfffa6ff5 +mov ecx, dword [ebp - 0xacb8] +pop eax +pop edx mov edx, esi -push edi -push dword [ebp + 0x34] -push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 -cmp byte [ebp - 0x34], 0 -je loc_fffcd148 ; je 0xfffcd148 -imul eax, dword [ebp - 0x1c], 0x18 -xor ecx, ecx -imul ebx, ebx, 0xd8 -add ebx, eax -xor eax, eax -add ebx, dword [ebp - 0x28] - -loc_fffccd26: ; not directly referenced -mov edx, dword [ebp + 0x10] -sar edx, cl -add ecx, 4 -and edx, 0xf -mov byte [ebx + eax + 0x5e2], dl -add eax, 3 -cmp ecx, 0x20 -jne short loc_fffccd26 ; jne 0xfffccd26 -jmp near loc_fffcd148 ; jmp 0xfffcd148 - -loc_fffccd45: ; not directly referenced -cmp byte [ebp - 0x30], 0 -movzx ebx, byte [ebp - 0x24] -je loc_fffccdf7 ; je 0xfffccdf7 -mov eax, dword [ebp + 8] -lea edx, [ebx*4 + 0x3610] -xor edi, edi -mov ecx, dword [ebp + 0x10] -call fcn_fffaeb7c ; call 0xfffaeb7c -imul eax, ebx, 0xd8 -mov dword [ebp - 0x24], eax - -loc_fffccd70: ; not directly referenced -sub esp, 0xc -mov eax, dword [ebp + 8] -mov ecx, 1 -push 0 -mov edx, edi +lea eax, [ebp + ebx - 0xabcc] +lea eax, [eax + ebx + 0x80] push 1 -push 0 -push dword [ebp + 0x34] -push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 -cmp byte [ebp - 0x29], 0 -jne short loc_fffccda0 ; jne 0xfffccda0 - -loc_fffccd95: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffccd70 ; jne 0xfffccd70 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +push dword [ebp - 0xaca0] -loc_fffccda0: ; not directly referenced -imul eax, edi, 0x13c3 -add eax, dword [ebp - 0x24] -mov byte [ebp - 0x1c], 0 -mov dword [ebp - 0x20], eax +loc_fffcbf61: ; not directly referenced +call fcn_fffa6ff5 ; call 0xfffa6ff5 +add esp, 0x10 +mov byte [ebp - 0xaca0], 1 +jmp short loc_fffcbfb2 ; jmp 0xfffcbfb2 -loc_fffccdb0: ; not directly referenced -mov eax, dword [ebp + 8] -mov cl, byte [ebp - 0x1c] -cmp cl, byte [eax + 0x2488] -jae short loc_fffccd95 ; jae 0xfffccd95 -movzx esi, cl -imul esi, esi, 0x18 -add esi, dword [ebp - 0x20] -add esi, eax -xor eax, eax -mov dword [ebp - 0x28], esi +loc_fffcbf72: ; not directly referenced +cmp byte [ebp - 0xac8c], 0xa +mov byte [ebp - 0xaca0], 5 +sete al +or al, byte [ebp - 0xac94] +jne short loc_fffcbfb2 ; jne 0xfffcbfb2 +cmp byte [ebp - 0xacac], 6 +mov byte [ebp - 0xaca0], 7 +jg short loc_fffcbfb2 ; jg 0xfffcbfb2 +mov al, byte [ebp - 0xad00] +mov esi, dword [ebp - 0xacac] +test al, al +cmove eax, esi +mov byte [ebp - 0xaca0], al -loc_fffccdce: ; not directly referenced -mov esi, dword [ebp + 0x10] -lea ecx, [eax*4] -lea edx, [eax + eax*2] -inc eax -sar esi, cl -mov ecx, esi -mov esi, dword [ebp - 0x28] -and ecx, 0xf -mov byte [esi + edx + 0x39d8], cl -cmp eax, 8 -jne short loc_fffccdce ; jne 0xfffccdce -inc byte [ebp - 0x1c] -jmp short loc_fffccdb0 ; jmp 0xfffccdb0 +loc_fffcbfb2: ; not directly referenced +mov dword [ebp - 0xacd8], 0 -loc_fffccdf7: ; not directly referenced -mov edi, dword [ebp - 0x1c] -mov esi, dword [ebp - 0x20] -mov ecx, dword [ebp + 0x10] +loc_fffcbfbc: ; not directly referenced +movsx ebx, byte [ebp - 0xacd8] +movsx esi, byte [ebp - 0xacac] +movzx eax, byte [ebp - 0xac8c] +cmp ebx, esi +mov dword [ebp - 0xacb8], eax +jge loc_fffcc23f ; jge 0xfffcc23f +movsx eax, byte [ebp - 0xac88] +push edx +push edx +mov edx, dword [ebp - 0xac98] +mov ecx, eax +mov dword [ebp - 0xacf4], eax +mov al, byte [ebp - 0xac90] +add eax, dword [ebp - 0xacd8] +mov dword [ebp - 0xac68], 0 +movsx esi, al +lea eax, [ebp - 0xac68] +push eax mov eax, edi -shl eax, 7 -lea edx, [eax + ebx + 4] -mov eax, esi -shl eax, 6 -add edx, eax -mov eax, dword [ebp + 8] -shl edx, 2 -call fcn_fffae58c ; call 0xfffae58c -sub esp, 0xc -mov eax, dword [ebp + 8] push 0 +push ecx xor ecx, ecx -push 1 -mov edx, esi -push edi -push dword [ebp + 0x34] -push ebx -call fcn_fffa72c5 ; call 0xfffa72c5 +push esi +push dword [ebp - 0xacb8] +push dword [ebp - 0xac9c] +call fcn_fffb6980 ; call 0xfffb6980 add esp, 0x20 -cmp byte [ebp - 0x34], 0 -je loc_fffcd148 ; je 0xfffcd148 -imul eax, dword [ebp - 0x1c], 0x18 -xor ecx, ecx -imul ebx, ebx, 0xd8 -add ebx, eax -xor eax, eax -add ebx, dword [ebp - 0x28] - -loc_fffcce53: ; not directly referenced -mov edx, dword [ebp + 0x10] -sar edx, cl -add ecx, 4 -and edx, 0xf -mov byte [ebx + eax + 0x282], dl -add eax, 3 -cmp ecx, 0x20 -jne short loc_fffcce53 ; jne 0xfffcce53 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +cmp byte [ebp - 0xac8c], 0xa +mov word [ebp + ebx*2 - 0xac4c], ax +sete al +mov byte [ebp - 0xacfc], al +or al, byte [ebp - 0xace6] +jne short loc_fffcc05b ; jne 0xfffcc05b +cmp byte [ebp - 0xac94], 0 +je short loc_fffcc087 ; je 0xfffcc087 -loc_fffcce72: ; not directly referenced -cmp byte [ebp - 0x30], 0 -movzx edi, byte [ebp - 0x24] -je loc_fffccf1d ; je 0xfffccf1d -mov eax, dword [ebp + 8] -xor ebx, ebx -mov edx, dword [ebp + 0x10] -call fcn_fffaa226 ; call 0xfffaa226 -imul eax, edi, 0xd8 -mov dword [ebp - 0x20], eax +loc_fffcc05b: ; not directly referenced +imul eax, ebx, 0x1a +mov edx, dword [ebp - 0xac68] +lea ecx, [ebp - 0x18] +add eax, ecx +mov ecx, dword [ebp - 0xac64] +mov dword [eax - 0xa91e], edx +mov dword [eax - 0xa932], ecx +mov ecx, dword [ebp - 0xac60] +mov dword [eax - 0xa92e], ecx -loc_fffcce96: ; not directly referenced -sub esp, 0xc -mov eax, dword [ebp + 8] -mov ecx, 1 -push 0 -mov edx, ebx -push 1 +loc_fffcc087: ; not directly referenced +cmp byte [ebp - 0xacbc], 1 +setbe al +or al, byte [ebp - 0xac94] +je short loc_fffcc116 ; je 0xfffcc116 +push eax +mov edx, dword [ebp - 0xac98] +xor ecx, ecx +push eax +lea eax, [ebp - 0xac68] +push eax +mov eax, edi push 0 -push dword [ebp + 0x34] -push edi -call fcn_fffa72c5 ; call 0xfffa72c5 +push dword [ebp - 0xacf4] +mov dword [ebp - 0xac68], 1 +push esi +push dword [ebp - 0xacb8] +push dword [ebp - 0xac9c] +imul esi, ebx, 0x1a +call fcn_fffb6980 ; call 0xfffb6980 add esp, 0x20 -cmp byte [ebp - 0x29], 0 -jne short loc_fffccec6 ; jne 0xfffccec6 +lea ecx, [ebp - 0x18] +lea edx, [ecx + esi] +mov word [ebp + esi - 0xa94c], ax +mov al, byte [ebp - 0xacfc] +or al, byte [ebp - 0xac94] +je short loc_fffcc116 ; je 0xfffcc116 +mov eax, dword [ebp - 0xac64] +mov dword [edx - 0xa92a], eax +mov eax, dword [ebp - 0xac60] +mov dword [edx - 0xa926], eax +mov eax, dword [ebp - 0xac68] +mov dword [edx - 0xa922], eax -loc_fffccebb: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffcce96 ; jne 0xfffcce96 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +loc_fffcc116: ; not directly referenced +imul edx, ebx, 0x1a +mov ax, word [ebp + ebx*2 - 0xac4c] +mov esi, dword [ebp - 0xacdc] +mov ecx, eax +add cx, word [ebp + edx - 0xa94c] +cmp dword [ebp - 0xacc8], 0 +lea edx, [esi + ebx] +mov word [ebp + edx*2 - 0xabcc], cx +je short loc_fffcc157 ; je 0xfffcc157 +mov esi, 0x3e8 +xor edx, edx +div si +mov word [ebp + ebx*2 - 0xac4c], ax -loc_fffccec6: ; not directly referenced -imul eax, ebx, 0x13c3 -add eax, dword [ebp - 0x20] -mov byte [ebp - 0x1c], 0 -mov dword [ebp - 0x24], eax +loc_fffcc157: ; not directly referenced +mov al, byte [ebp - 0xac8c] +test al, al +sete dl +cmp al, 9 +sete al +or dl, al +jne short loc_fffcc174 ; jne 0xfffcc174 +cmp byte [ebp - 0xac8c], 1 +jne short loc_fffcc190 ; jne 0xfffcc190 -loc_fffcced6: ; not directly referenced -mov eax, dword [ebp + 8] -mov cl, byte [ebp - 0x1c] -cmp cl, byte [eax + 0x2488] -jae short loc_fffccebb ; jae 0xfffccebb -movzx esi, cl -imul esi, esi, 0x18 -add esi, dword [ebp - 0x24] -add esi, eax +loc_fffcc174: ; not directly referenced +mov eax, dword [ebp - 0xacdc] +movzx ecx, cx +lea esi, [eax + ebx] +mov eax, 0xdb88 +cdq +idiv ecx +mov word [ebp + esi*2 - 0xabcc], ax + +loc_fffcc190: ; not directly referenced +cmp byte [ebp - 0xac8c], 4 +jne loc_fffcc234 ; jne 0xfffcc234 +mov eax, dword [ebp - 0xacb0] +cmp dword [eax + 0xc0], 1 +jne loc_fffcc234 ; jne 0xfffcc234 +movzx edx, byte [eax + 0xc4] xor eax, eax -mov dword [ebp - 0x28], esi -loc_fffccef4: ; not directly referenced -mov esi, dword [ebp + 0x10] -lea ecx, [eax*4] -lea edx, [eax + eax*2] +loc_fffcc1b9: ; not directly referenced +bt edx, eax +jb short loc_fffcc1c6 ; jb 0xfffcc1c6 inc eax -sar esi, cl -mov ecx, esi -mov esi, dword [ebp - 0x28] -and ecx, 0xf -mov byte [esi + edx + 0x4098], cl -cmp eax, 8 -jne short loc_fffccef4 ; jne 0xfffccef4 -inc byte [ebp - 0x1c] -jmp short loc_fffcced6 ; jmp 0xfffcced6 +cmp eax, 4 +jne short loc_fffcc1b9 ; jne 0xfffcc1b9 +jmp short loc_fffcc1cc ; jmp 0xfffcc1cc -loc_fffccf1d: ; not directly referenced -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x188b] -test eax, eax -jne short loc_fffccf3c ; jne 0xfffccf3c -mov edx, dword [ebp - 0x20] -mov eax, dword [ebp - 0x1c] -shl edx, 8 -shl eax, 9 -lea edx, [edx + eax + 0x4c] -jmp short loc_fffccf55 ; jmp 0xfffccf55 +loc_fffcc1c6: ; not directly referenced +mov byte [ebp - 0xaca4], al -loc_fffccf3c: ; not directly referenced -dec eax -jne short loc_fffccf53 ; jne 0xfffccf53 -mov eax, dword [ebp - 0x20] -shl eax, 8 -lea edx, [eax + edi*4 + 0x50] -mov eax, dword [ebp - 0x1c] -shl eax, 9 -add edx, eax -jmp short loc_fffccf55 ; jmp 0xfffccf55 +loc_fffcc1cc: ; not directly referenced +cmp dword [ebp - 0xacc4], 3 +jne short loc_fffcc1e7 ; jne 0xfffcc1e7 -loc_fffccf53: ; not directly referenced -xor edx, edx +loc_fffcc1d5: ; not directly referenced +add ebx, dword [ebp - 0xacdc] +mov word [ebp + ebx*2 - 0xabcc], 1 +jmp short loc_fffcc234 ; jmp 0xfffcc234 -loc_fffccf55: ; not directly referenced -mov ecx, dword [ebp + 0x10] -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c +loc_fffcc1e7: ; not directly referenced +mov al, byte [ebp - 0xaca4] +mov esi, dword [ebp - 0xacb0] +mov edx, eax +shr al, 1 +and edx, 1 +movzx eax, al +imul edx, edx, 0x18 +imul eax, eax, 0x128 +add eax, edx +mov ax, word [esi + eax + 0x126d] +mov ecx, eax +mov edx, eax +shr cx, 9 +shr dx, 6 +and ecx, 1 +and edx, 1 +shl ecx, 2 +add edx, edx +shr ax, 2 +or edx, ecx +and eax, 1 +or dl, al +je short loc_fffcc1d5 ; je 0xfffcc1d5 + +loc_fffcc234: ; not directly referenced +inc dword [ebp - 0xacd8] +jmp near loc_fffcbfbc ; jmp 0xfffcbfbc + +loc_fffcc23f: ; not directly referenced sub esp, 0xc -mov edx, dword [ebp - 0x20] -push 0 -mov eax, dword [ebp + 8] -xor ecx, ecx +mov edx, dword [ebp - 0xac98] +push dword [ebp - 0xacb8] +movzx eax, byte [ebp - 0xacac] +lea ebx, [ebp - 0xabcc] +movzx ecx, byte [ebp + edx - 0xac75] push 1 -push dword [ebp - 0x1c] -push dword [ebp + 0x34] -push edi -call fcn_fffa72c5 ; call 0xfffa72c5 +push dword [ebp - 0xad08] +push dword [ebp + 0x18] +push dword [ebp + 0x10] +push eax +mov eax, edi +push 0x40 +push ebx +push 0 +call fcn_fffb78c3 ; call 0xfffb78c3 +movsx eax, byte [ebp - 0xad09] +add esp, 0x2c +mov ecx, ebx +push eax +movzx eax, byte [ebp - 0xaca0] +push dword [ebp + 0x1c] +push dword [ebp - 0xacf0] +push eax +mov eax, edi +push dword [ebp + 0x18] +push esi +mov esi, dword [ebp - 0xacec] +push 0x40 +mov edx, esi +call fcn_fffa5cdb ; call 0xfffa5cdb +movsx bx, byte [esi + 2] add esp, 0x20 -cmp byte [ebp - 0x34], 0 -je loc_fffcd148 ; je 0xfffcd148 -imul eax, dword [ebp - 0x1c], 0x18 -xor ecx, ecx -imul edx, edi, 0xd8 -add edx, eax -xor eax, eax -add edx, dword [ebp - 0x28] - -loc_fffccf9b: ; not directly referenced -mov ebx, dword [ebp + 0x10] -sar ebx, cl -add ecx, 4 -and ebx, 0xf -mov byte [edx + eax + 0x942], bl -add eax, 3 -cmp ecx, 0x20 -jne short loc_fffccf9b ; jne 0xfffccf9b -jmp near loc_fffcd148 ; jmp 0xfffcd148 - -loc_fffccfba: ; not directly referenced -mov eax, 2 -jmp near loc_fffcd14a ; jmp 0xfffcd14a - -loc_fffccfc4: ; not directly referenced -test cl, cl -sete dl -cmp cl, 0xb -sete al -or dl, al -jne short loc_fffcd01d ; jne 0xfffcd01d -cmp cl, 4 -sete dl -cmp cl, 1 -sete al -or dl, al -jne short loc_fffcd01d ; jne 0xfffcd01d -cmp cl, 0x20 -sete dl -cmp cl, 0x10 -sete al -or dl, al -jne short loc_fffcd01d ; jne 0xfffcd01d -mov dl, byte [ebp - 0x2a] -lea eax, [ecx - 2] -cmp al, 1 -setbe al -or dl, al -jne short loc_fffcd014 ; jne 0xfffcd014 -cmp cl, 0x21 -sete al -cmp cl, 0x11 -mov esi, eax -sete al -or esi, eax -jmp short loc_fffcd019 ; jmp 0xfffcd019 +add bx, word [esi] +xor edx, edx +cmp byte [ebp - 0xac8c], 7 +jne short loc_fffcc2dc ; jne 0xfffcc2dc +mov eax, dword [ebp - 0xacb0] +cmp dword [eax + 0xc0], 2 +mov eax, 0x20 +cmove edx, eax -loc_fffcd014: ; not directly referenced -mov esi, 1 +loc_fffcc2dc: ; not directly referenced +movsx ax, byte [ebp - 0xac90] +push 1 +mov esi, dword [ebp - 0xac9c] +sub eax, edx +mov edx, dword [ebp - 0xac98] +add ebx, eax +movsx eax, bx +push eax +mov eax, edi +push dword [ebp - 0xacb8] +movzx ecx, byte [ebp + edx - 0xac75] +push esi +call fcn_fffa972b ; call 0xfffa972b +mov ecx, dword [ebp - 0xace0] +add esp, 0x10 +inc dword [ebp - 0xac9c] +add dword [ebp - 0xacec], 0x50a +mov word [ecx + esi*2], bx +jmp near loc_fffcbc71 ; jmp 0xfffcbc71 -loc_fffcd019: ; not directly referenced -xor edi, edi -jmp short loc_fffcd024 ; jmp 0xfffcd024 +loc_fffcc332: ; not directly referenced +inc dword [ebp - 0xac98] +add dword [ebp - 0xacf8], 0x2d5a +add dword [ebp - 0xace0], 0x12 +add dword [ebp - 0xacb0], 0x13c3 +cmp dword [ebp - 0xac98], 2 +jne loc_fffcbc3f ; jne 0xfffcbc3f +cmp dword [ebp - 0xaccc], 0 +je short loc_fffcc381 ; je 0xfffcc381 +mov eax, dword [ebp - 0xaca8] +mov edx, 0x2008 +mov ecx, dword [eax + 0x18] +mov eax, edi +or ecx, 0x20 +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffcd01d: ; not directly referenced +loc_fffcc381: ; not directly referenced +lea eax, [edi + 0x2491] xor esi, esi -mov edi, 1 - -loc_fffcd024: ; not directly referenced -cmp byte [ebp - 0x30], 0 -mov edx, 0x3670 -je loc_fffcd0d4 ; je 0xfffcd0d4 -mov eax, dword [ebp + 8] -mov ecx, ebx -cmp dword [eax + 0x188b], 1 -mov eax, 0x367c -cmove edx, eax -mov eax, dword [ebp + 8] -call fcn_fffaeb7c ; call 0xfffaeb7c -mov eax, dword [ebp - 0x38] -mov dword [ebp - 0x1c], 0 -add eax, 0x1c -mov dword [ebp - 0x20], eax -mov eax, esi -movzx esi, al -mov eax, edi -movzx edi, al +mov dword [ebp - 0xac94], eax -loc_fffcd069: ; not directly referenced -imul eax, dword [ebp - 0x1c], 0x13c3 -mov ecx, dword [ebp + 8] -cmp dword [ecx + eax + 0x3756], 2 -je short loc_fffcd092 ; je 0xfffcd092 +loc_fffcc38f: ; not directly referenced +mov eax, dword [ebp - 0xacb4] +cmp word [ebp - 0xacba], si +jbe loc_fffcc486 ; jbe 0xfffcc486 +mov dword [ebp - 0xac88], eax +imul eax, esi, 0x480 +xor edx, edx +mov dword [ebp - 0xac90], eax -loc_fffcd07d: ; not directly referenced -inc dword [ebp - 0x1c] -add dword [ebp - 0x20], 0xcc -cmp dword [ebp - 0x1c], 2 -jne short loc_fffcd069 ; jne 0xfffcd069 -jmp near loc_fffcd148 ; jmp 0xfffcd148 +loc_fffcc3b6: ; not directly referenced +mov eax, dword [ebp - 0xace4] +bt eax, edx +jb short loc_fffcc3ed ; jb 0xfffcc3ed -loc_fffcd092: ; not directly referenced +loc_fffcc3c1: ; not directly referenced +inc edx +add dword [ebp - 0xac88], 0x12 +cmp edx, 2 +jne short loc_fffcc3b6 ; jne 0xfffcc3b6 +mov eax, dword [ebp + 0x10] sub esp, 0xc -movzx eax, byte [ebp - 0x24] -mov ecx, 1 -push esi -mov edx, dword [ebp - 0x1c] -push edi +mov edx, dword [ebp - 0xac94] +movzx ecx, byte [eax + esi] +mov eax, edi +inc esi push 0 -push dword [ebp + 0x34] -push eax -mov eax, dword [ebp + 8] -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 -xor eax, eax +call fcn_fffa7d46 ; call 0xfffa7d46 +add esp, 0x10 +jmp short loc_fffcc38f ; jmp 0xfffcc38f -loc_fffcd0b6: ; not directly referenced -mov ecx, dword [ebp + 8] -cmp al, byte [ecx + 0x2488] -jae short loc_fffcd07d ; jae 0xfffcd07d -cmp byte [ebp - 0x29], 0 -je short loc_fffcd0d1 ; je 0xfffcd0d1 -mov ecx, dword [ebp - 0x20] -movzx edx, al -mov dword [ecx + edx*4 + 0x54], ebx +loc_fffcc3ed: ; not directly referenced +mov eax, dword [ebp + 0x10] +xor ebx, ebx +movzx eax, byte [eax + esi] +cmp al, 0x21 +ja short loc_fffcc401 ; ja 0xfffcc401 +movzx ebx, byte [eax + ref_fffd58e0] ; movzx ebx, byte [eax - 0x2a720] + +loc_fffcc401: ; not directly referenced +imul ebx, ebx, 0x240 +imul eax, edx, 0x48 +add eax, ebx +add eax, edi +lea ebx, [edx + edx*8] +mov ecx, eax +mov dword [ebp - 0xac8c], ebx +xor eax, eax -loc_fffcd0d1: ; not directly referenced +loc_fffcc41b: ; not directly referenced +cmp byte [ebp - 0xaca2], al +jbe short loc_fffcc3c1 ; jbe 0xfffcc3c1 +mov ebx, dword [ebp - 0xac88] +movsx ebx, word [ebx + eax*2] +sub ebx, dword [ebp - 0xacd0] +imul ebx, ebx, 0x12 +add ebx, dword [ebp - 0xac90] +add ebx, dword [ebp - 0xac8c] +add ebx, eax +movzx ebx, word [ebp + ebx*4 - 0xa2cc] +mov dword [ecx + eax*8 + 0x2491], ebx +mov ebx, dword [ebp - 0xac88] +movsx ebx, word [ebx + eax*2] +sub ebx, dword [ebp - 0xacd0] +imul ebx, ebx, 0x12 +add ebx, dword [ebp - 0xac90] +add ebx, dword [ebp - 0xac8c] +add ebx, eax +movzx ebx, word [ebp + ebx*4 - 0xa2ca] +mov dword [ecx + eax*8 + 0x2495], ebx inc eax -jmp short loc_fffcd0b6 ; jmp 0xfffcd0b6 +jmp short loc_fffcc41b ; jmp 0xfffcc41b -loc_fffcd0d4: ; not directly referenced -cmp byte [ebp - 0x40], 1 -ja short loc_fffcd0f8 ; ja 0xfffcd0f8 -mov edx, dword [ebp - 0x20] -shl edx, 8 -cmp byte [ebp - 0x44], 8 -jbe short loc_fffcd0ee ; jbe 0xfffcd0ee -add edx, 0x3070 -jmp short loc_fffcd0f8 ; jmp 0xfffcd0f8 +loc_fffcc486: ; not directly referenced +mov esi, dword [ebp + 0x10] +add eax, 0x24 +mov byte [eax + 0x18], 4 +mov dword [ebp - 0xac90], eax -loc_fffcd0ee: ; not directly referenced -mov eax, dword [ebp - 0x1c] -shl eax, 9 -lea edx, [edx + eax + 0x70] +loc_fffcc496: ; not directly referenced +mov ecx, esi +sub ecx, dword [ebp - 0xad04] +cmp cx, word [ebp - 0xacba] +jae loc_fffcc598 ; jae 0xfffcc598 +movzx edx, byte [esi] +xor eax, eax +cmp dl, 0x21 +ja short loc_fffcc4bc ; ja 0xfffcc4bc +movzx eax, byte [edx + ref_fffd58e0] ; movzx eax, byte [edx - 0x2a720] -loc_fffcd0f8: ; not directly referenced -mov ecx, dword [ebp + 8] -lea eax, [edx + 0xc] -cmp dword [ecx + 0x188b], 1 +loc_fffcc4bc: ; not directly referenced +mov ebx, dword [ebp - 0xacb4] +movzx ecx, cx +imul eax, eax, 0x240 +mov dword [ebp - 0xac88], 0 +lea ebx, [ebx + ecx*2] +mov dword [ebp - 0xac94], ebx +mov ebx, dword [ebp - 0xac90] +add eax, edi +mov dword [ebp - 0xac8c], ebx + +loc_fffcc4ec: ; not directly referenced +mov ecx, dword [ebp - 0xace4] +mov edx, dword [ebp - 0xac88] +bt ecx, edx +jae short loc_fffcc56e ; jae 0xfffcc56e +xor edx, edx + +loc_fffcc4ff: ; not directly referenced +cmp dl, byte [ebp - 0xaca2] +jae short loc_fffcc55c ; jae 0xfffcc55c +test dl, dl +jne short loc_fffcc519 ; jne 0xfffcc519 +mov ecx, dword [eax + 0x2491] +add ecx, dword [eax + 0x2495] +jmp short loc_fffcc550 ; jmp 0xfffcc550 + +loc_fffcc519: ; not directly referenced +mov ecx, dword [eax + edx*8 + 0x2495] +mov ebx, dword [eax + edx*8 + 0x2491] +mov dword [ebp - 0xac9c], eax +mov eax, dword [ebp - 0xac8c] +mov dword [ebp - 0xac98], ecx +add ecx, ebx +movzx eax, word [eax] +cmp eax, ecx +mov eax, dword [ebp - 0xac9c] +jbe short loc_fffcc559 ; jbe 0xfffcc559 mov ecx, ebx -cmove edx, eax -mov eax, dword [ebp + 8] -call fcn_fffae58c ; call 0xfffae58c -mov eax, esi -sub esp, 0xc -movzx esi, al -mov eax, edi -mov edx, dword [ebp - 0x20] -push esi -movzx edi, al -movzx eax, byte [ebp - 0x24] -push edi -xor ecx, ecx -push dword [ebp - 0x1c] -push dword [ebp + 0x34] -push eax -mov eax, dword [ebp + 8] -call fcn_fffa72c5 ; call 0xfffa72c5 -add esp, 0x20 -cmp byte [ebp - 0x34], 0 -je short loc_fffcd148 ; je 0xfffcd148 -mov eax, dword [ebp - 0x3c] -mov dword [eax + 0x54], ebx +add ecx, dword [ebp - 0xac98] -loc_fffcd148: ; not directly referenced -xor eax, eax +loc_fffcc550: ; not directly referenced +mov ebx, dword [ebp - 0xac8c] +mov word [ebx], cx -loc_fffcd14a: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcc559: ; not directly referenced +inc edx +jmp short loc_fffcc4ff ; jmp 0xfffcc4ff -fcn_fffcd152: -push ebp -mov ebp, esp -push ebx -sub esp, 0x14 -mov eax, dword [ebp + 0xc] -lea ebx, [eax - 4] -cmp byte [ebx + 0x18], 1 -je short loc_fffcd1a5 ; je 0xfffcd1a5 -mov eax, dword [ebx + 0x14] -test eax, eax -jne short loc_fffcd17f ; jne 0xfffcd17f +loc_fffcc55c: ; not directly referenced +mov dl, byte [esi] +mov ecx, dword [ebp - 0xac94] +mov ebx, dword [ebp - 0xac88] +mov byte [ecx + ebx + 0x34], dl -loc_fffcd16c: -mov eax, dword [ebx + 0x10] -mov ecx, ebx -mov edx, dword [ebp + 8] -mov byte [ebx + 0x18], 1 -call fcn_fffa1e8f ; call 0xfffa1e8f -jmp short loc_fffcd1a7 ; jmp 0xfffcd1a7 +loc_fffcc56e: ; not directly referenced +inc dword [ebp - 0xac88] +add eax, 0x48 +add dword [ebp - 0xac8c], 2 +cmp dword [ebp - 0xac88], 2 +jne loc_fffcc4ec ; jne 0xfffcc4ec +add dword [ebp - 0xac90], 4 +inc esi +jmp near loc_fffcc496 ; jmp 0xfffcc496 -loc_fffcd17f: -test byte [eax + 1], 1 -je short loc_fffcd16c ; je 0xfffcd16c -lea eax, [ebp - 0xc] -push eax -push 0 -push 0 -push ref_fffd65ec ; push 0xfffd65ec -call fcn_fffab40f ; call 0xfffab40f -add esp, 0x10 -test eax, eax -je short loc_fffcd16c ; je 0xfffcd16c -mov eax, 0x80000006 -jmp short loc_fffcd1a7 ; jmp 0xfffcd1a7 +loc_fffcc598: ; not directly referenced +mov byte [edi + 0x247b], 0 +jmp short loc_fffcc5ab ; jmp 0xfffcc5ab -loc_fffcd1a5: -xor eax, eax +loc_fffcc5a1: ; not directly referenced +mov eax, 0xdc +jmp near loc_fffcbb69 ; jmp 0xfffcbb69 -loc_fffcd1a7: -mov ebx, dword [ebp - 4] -leave +loc_fffcc5ab: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp ret -fcn_fffcd1ac: ; not directly referenced +fcn_fffcc5b3: ; not directly referenced push ebp mov ebp, esp push edi push esi -mov esi, eax push ebx -sub esp, 0x190 +sub esp, 0x60 mov ebx, dword [ebp + 8] -mov dword [ebp - 0x14c], edx -mov edx, dword [esi + 0x5edc] -lea eax, [ebp - 0x13f] -push 1 -mov edi, dword [ebp + 0xc] -push 7 +mov byte [ebp - 0x67], 4 +lea esi, [ebp - 0x60] +mov byte [ebp - 0x66], 1 +mov byte [ebp - 0x65], 1 +mov edi, dword [ebx + 0x2444] +push 0 +push 8 +mov eax, dword [ebx + 0x5edd] +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +add eax, 0x1bc push eax -mov dword [ebp - 0x180], edx -mov edx, dword [esi + 0x2443] -mov dword [ebp - 0x16c], ecx -mov byte [ebp - 0x151], cl -mov dword [ebp - 0x184], edx -call dword [edx + 0x5c] ; ucall -mov eax, dword [ebp - 0x16c] -add esp, 0x10 -mov edx, dword [ebp - 0x14c] -cmp al, 0xb -setne cl -dec eax -cmp al, 1 -seta al -test cl, al -mov byte [ebp - 0x152], cl -jne loc_fffcd946 ; jne 0xfffcd946 -cmp byte [ebp - 0x16c], 0xb -movzx edx, dl -jne short loc_fffcd25f ; jne 0xfffcd25f -sub esp, 0xc -mov eax, esi -lea ecx, [edi - 3] +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +call dword [edi + 0x5c] ; ucall +add esp, 0xc push 0 -movzx ecx, cl -call fcn_fffb26ca ; call 0xfffb26ca +push 5 +push esi +call dword [edi + 0x60] ; ucall +movzx edx, byte [ebp - 0x67] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x66] +mov ecx, 1 +mov word [ebp - 0x60], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 add esp, 0x10 -dec bl -mov byte [esi + 0x248b], 0xa -je short loc_fffcd258 ; je 0xfffcd258 - -loc_fffcd24c: ; not directly referenced -mov dword [ebp - 0x158], 0 -jmp short loc_fffcd2ac ; jmp 0xfffcd2ac - -loc_fffcd258: ; not directly referenced +cmp dword [ebx + 0x188b], 1 +mov word [ebp - 0x5e], ax +jne short loc_fffcc64e ; jne 0xfffcc64e +mov eax, ebx +call fcn_fffaac56 ; call 0xfffaac56 mov eax, 8 -jmp short loc_fffcd285 ; jmp 0xfffcd285 +mov edx, 0x2f +add word [ebp - 0x5e], 0x28 +jmp short loc_fffcc655 ; jmp 0xfffcc655 -loc_fffcd25f: ; not directly referenced -sub esp, 0xc -mov eax, edi -movzx ecx, al -mov eax, esi -push 0 -call fcn_fffb26ca ; call 0xfffb26ca -add esp, 0x10 -dec bl -jne short loc_fffcd24c ; jne 0xfffcd24c -cmp byte [ebp - 0x16c], 1 -jne short loc_fffcd258 ; jne 0xfffcd258 -mov eax, 9 +loc_fffcc64e: ; not directly referenced +xor eax, eax +mov edx, 7 -loc_fffcd285: ; not directly referenced -push 1 -push 0 -push 1 -push 0 -push 0 -push 0 +loc_fffcc655: ; not directly referenced +push ecx +mov ecx, 3 push 0 -push 1 push 0 -push 0x88888888 +push 0xf +push edx push eax push esi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov dword [ebp - 0x158], eax - -loc_fffcd2ac: ; not directly referenced -lea eax, [esi + 0x3756] -mov dword [ebp - 0x178], eax -movzx eax, byte [ebp - 0x151] -mov dword [ebp - 0x150], 0 -mov dword [ebp - 0x164], 0 -mov dword [ebp - 0x17c], eax - -loc_fffcd2d9: ; not directly referenced -mov edi, dword [ebp - 0x180] -xor ebx, ebx -mov eax, dword [ebp - 0x150] -mov dword [ebp - 0x170], 1 -mov byte [ebp - 0x15c], 0 -add edi, 0x70 -mov cl, al -mov dword [ebp - 0x160], edi -mov edi, dword [ebp - 0x178] -lea eax, [eax + eax*8] -shl dword [ebp - 0x170], cl -mov dword [ebp - 0x174], eax - -loc_fffcd318: ; not directly referenced -mov ecx, dword [ebp - 0x170] -mov edx, ebx -mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x15c], al -movzx eax, byte [ebp - 0x15c] -bt eax, ebx -mov dword [ebp - 0x168], eax -jae loc_fffcd434 ; jae 0xfffcd434 -mov eax, dword [ebp - 0x174] -mov byte [ebp - 0x14c], 0 -add eax, edi -mov dword [ebp - 0x188], eax - -loc_fffcd358: ; not directly referenced -movzx eax, byte [esi + 0x2488] -cmp byte [ebp - 0x14c], al -jb short loc_fffcd396 ; jb 0xfffcd396 - -loc_fffcd367: ; not directly referenced -push edx -push 0 +lea eax, [ebp - 0x65] push eax -mov eax, dword [ebp - 0x184] -push dword [ebp - 0x160] -call dword [eax + 0x64] ; ucall -mov edx, ebx -xor ecx, ecx -shl edx, 0xa -mov eax, esi -add edx, 0x40f0 -call fcn_fffae58c ; call 0xfffae58c -add esp, 0x10 -jmp near loc_fffcd434 ; jmp 0xfffcd434 - -loc_fffcd396: ; not directly referenced -cmp byte [ebp - 0x152], 0 -je short loc_fffcd367 ; je 0xfffcd367 -cmp byte [ebp - 0x151], 1 -jne short loc_fffcd3e0 ; jne 0xfffcd3e0 -movzx eax, byte [ebp - 0x14c] -mov ecx, dword [ebp - 0x188] -lea edx, [ecx + eax] -mov ecx, dword [ebp - 0x150] -mov byte [edx + 0x104a], 0x20 -mov byte [edx + 0x106e], 0x20 -push edx -mov edx, ebx -push 0 -push 0xff +push 2 +lea eax, [ebp - 0x67] push eax -mov eax, esi -call fcn_fffa7499 ; call 0xfffa7499 -jmp short loc_fffcd426 ; jmp 0xfffcd426 - -loc_fffcd3e0: ; not directly referenced -cmp byte [ebp - 0x151], 2 -jne short loc_fffcd429 ; jne 0xfffcd429 -movzx eax, byte [ebp - 0x14c] -mov ecx, dword [ebp - 0x174] -lea edx, [eax + ecx] -add edx, edx -add edx, edi -mov cx, word [edx + 0x121] -add ecx, 0x20 -mov word [edx + 0x169], cx -mov edx, ebx -push ecx -mov ecx, dword [ebp - 0x150] +mov eax, ebx +push 6 +lea edx, [ebp - 0x56] +push 0xf +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x28 +mov eax, ebx push 0 -push 0xff -push eax -mov eax, esi -call fcn_fffa73b0 ; call 0xfffa73b0 - -loc_fffcd426: ; not directly referenced -add esp, 0x10 - -loc_fffcd429: ; not directly referenced -inc byte [ebp - 0x14c] -jmp near loc_fffcd358 ; jmp 0xfffcd358 - -loc_fffcd434: ; not directly referenced -inc ebx -add edi, 0x13c3 -add dword [ebp - 0x160], 0xcc -cmp ebx, 2 -jne loc_fffcd318 ; jne 0xfffcd318 -cmp byte [ebp - 0x15c], 0 -je loc_fffcd91b ; je 0xfffcd91b -mov edi, 0xffffffe1 - -loc_fffcd460: ; not directly referenced -cmp byte [ebp - 0x151], 0xb -jne short loc_fffcd4ba ; jne 0xfffcd4ba -xor ebx, ebx - -loc_fffcd46b: ; not directly referenced -mov eax, dword [ebp - 0x168] -bt eax, ebx -jb short loc_fffcd47e ; jb 0xfffcd47e - -loc_fffcd476: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffcd46b ; jne 0xfffcd46b -jmp short loc_fffcd4dc ; jmp 0xfffcd4dc - -loc_fffcd47e: ; not directly referenced -xor edx, edx - -loc_fffcd480: ; not directly referenced -cmp dl, byte [esi + 0x2488] -jae short loc_fffcd476 ; jae 0xfffcd476 -push 1 -movzx eax, dl +mov ecx, 3 +push 0xf push 0 push 0 push 0 -push eax -push dword [ebp - 0x150] -mov dword [ebp - 0x14c], edx +lea edx, [ebx + 0x2491] +push 1 +call fcn_fffbea08 ; call 0xfffbea08 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffcc6a5: ; not directly referenced +push ebp +mov ebp, esp +push esi push ebx +sub esp, 0x54 +mov ebx, dword [ebp + 8] +lea esi, [ebp - 0x50] +mov byte [ebp - 0x57], 4 +mov byte [ebp - 0x56], 1 +mov eax, dword [ebx + 0x2444] push 0 -push 0 -push edi -push 0xb +push 5 push esi -call fcn_fffcc900 ; call 0xfffcc900 -mov edx, dword [ebp - 0x14c] -add esp, 0x30 -inc edx -jmp short loc_fffcd480 ; jmp 0xfffcd480 - -loc_fffcd4ba: ; not directly referenced -push 1 -push 0 -push 0 -push 0 -push 0 +mov byte [ebp - 0x55], 1 +mov byte [ebp - 0x54], 2 +mov byte [ebp - 0x53], 1 +mov byte [ebp - 0x52], 0 +mov byte [ebp - 0x51], 0 +call dword [eax + 0x60] ; ucall +movzx edx, byte [ebp - 0x57] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x56] +mov ecx, 1 +mov word [ebp - 0x50], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +add esp, 0x10 +cmp dword [ebx + 0x2481], 3 +mov word [ebp - 0x4e], ax +jne short loc_fffcc73d ; jne 0xfffcc73d +push eax +mov ecx, 3 push 0 push 0 -push 1 +push 0xf +push 2 push 0 -push edi -push dword [ebp - 0x17c] push esi -call fcn_fffcc900 ; call 0xfffcc900 +lea eax, [ebp - 0x55] +push eax +push 2 +lea eax, [ebp - 0x57] +push eax +mov eax, ebx +push 9 +push 0xf +lea edx, [ebp - 0x46] +call fcn_fffcb1dd ; call 0xfffcb1dd add esp, 0x30 -loc_fffcd4dc: ; not directly referenced -movzx ecx, byte [esi + 0x248b] -lea eax, [ebp - 0x13f] +loc_fffcc73d: ; not directly referenced +lea esp, [ebp - 8] +xor eax, eax +pop ebx +pop esi +pop ebp +ret + +fcn_fffcc746: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi push ebx -mov edx, dword [ebp - 0x168] +add esp, 0xffffff80 +mov edi, dword [ebp + 8] +lea edx, [ebp - 0x60] +mov byte [ebp - 0x6f], 4 +mov byte [ebp - 0x6e], 1 +mov eax, dword [edi + 0x2444] +mov ebx, dword [edi + 0x1887] +mov esi, dword [edi + 0x5edd] push 0 -push 1 -push eax -mov eax, esi -call fcn_fffb0f94 ; call 0xfffb0f94 -lea eax, [ebp - 0x60] +push 5 +push edx +mov byte [ebp - 0x6a], 1 +mov byte [ebp - 0x69], 2 +mov byte [ebp - 0x68], 1 +mov byte [ebp - 0x67], 0 +mov byte [ebp - 0x66], 0 +mov byte [ebp - 0x6d], 4 +mov byte [ebp - 0x6c], 1 +mov byte [ebp - 0x6b], 0xb +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 2 +mov byte [ebp - 0x62], 1 +mov byte [ebp - 0x61], 0 +call dword [eax + 0x60] ; ucall +mov edx, 0x3a04 +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f add esp, 0x10 -mov dword [ebp - 0x14c], eax -lea eax, [ebp - 0xa8] -mov dword [ebp - 0x158], eax -lea eax, [ebp - 0x138] -mov dword [ebp - 0x15c], eax -lea eax, [edi - 1] -lea ebx, [ebp - 0xf0] -mov dword [ebp - 0x160], 0 -mov dword [ebp - 0x190], eax +mov edx, dword [edi + 0x2481] +and eax, 0x3f +cmp ebx, 0x306d0 +mov byte [ebp - 0x88], al +sete al +cmp ebx, 0x40650 +sete cl +or al, cl +je short loc_fffcc7f7 ; je 0xfffcc7f7 +cmp edx, 3 +je short loc_fffcc81a ; je 0xfffcc81a +mov byte [ebp - 0x85], 9 +mov byte [ebp - 0x7e], 0x1e +mov word [ebp - 0x80], 0xe6 +jmp short loc_fffcc808 ; jmp 0xfffcc808 -loc_fffcd539: ; not directly referenced -mov eax, dword [ebp - 0x168] -mov ecx, dword [ebp - 0x160] -bt eax, ecx -jb short loc_fffcd576 ; jb 0xfffcd576 +loc_fffcc7f7: ; not directly referenced +mov byte [ebp - 0x85], 9 +mov byte [ebp - 0x7e], 0x1e +mov word [ebp - 0x80], 0xb4 -loc_fffcd54a: ; not directly referenced -inc dword [ebp - 0x160] -add ebx, 0x24 -add dword [ebp - 0x14c], 0x24 -add dword [ebp - 0x158], 0x24 -add dword [ebp - 0x15c], 0x24 -cmp dword [ebp - 0x160], 2 -jne short loc_fffcd539 ; jne 0xfffcd539 -jmp near loc_fffcd689 ; jmp 0xfffcd689 +loc_fffcc808: ; not directly referenced +lea eax, [ebp - 0x6a] +mov dword [ebp - 0x84], eax +lea eax, [ebp - 0x6f] +mov byte [ebp - 0x7d], 2 +jmp short loc_fffcc83b ; jmp 0xfffcc83b -loc_fffcd576: ; not directly referenced -mov edx, dword [ebp - 0x160] -mov eax, esi -shl edx, 0xa -add edx, 0x40ec -call fcn_fffae52a ; call 0xfffae52a -mov cl, byte [esi + 0x2488] -mov byte [ebp - 0x170], cl -xor ecx, ecx -movzx eax, ax -mov dword [ebp - 0x18c], eax +loc_fffcc81a: ; not directly referenced +lea eax, [ebp - 0x65] +mov dword [ebp - 0x84], eax +lea eax, [ebp - 0x6d] +mov byte [ebp - 0x85], 0xa +mov byte [ebp - 0x7e], 0x50 +mov word [ebp - 0x80], 0xe6 +mov byte [ebp - 0x7d], 3 -loc_fffcd5a3: ; not directly referenced -cmp byte [ebp - 0x170], cl -jbe short loc_fffcd54a ; jbe 0xfffcd54a -mov eax, dword [ebp - 0x18c] -sar eax, cl -and eax, 1 -xor eax, 1 -cmp edi, 0xffffffe1 -jne short loc_fffcd61f ; jne 0xfffcd61f -test eax, eax -mov eax, dword [ebp - 0x14c] -je short loc_fffcd5f5 ; je 0xfffcd5f5 -mov dword [eax + ecx*4], 0xffffffe1 -mov eax, dword [ebp - 0x158] -mov dword [ebx + ecx*4], 0xffffffe1 -mov dword [eax + ecx*4], 0xffffffe1 -mov eax, dword [ebp - 0x15c] -mov dword [eax + ecx*4], 0xffffffe1 -jmp near loc_fffcd683 ; jmp 0xfffcd683 - -loc_fffcd5f5: ; not directly referenced -mov dword [eax + ecx*4], 0xffffffdf -mov eax, dword [ebp - 0x158] -mov dword [ebx + ecx*4], 0xffffffdf -mov dword [eax + ecx*4], 0xffffffdf -mov eax, dword [ebp - 0x15c] -mov dword [eax + ecx*4], 0xffffffdf -jmp short loc_fffcd683 ; jmp 0xfffcd683 - -loc_fffcd61f: ; not directly referenced -test eax, eax -je short loc_fffcd683 ; je 0xfffcd683 -mov eax, dword [ebp - 0x190] -cmp dword [ebx + ecx*4], eax -je short loc_fffcd637 ; je 0xfffcd637 -mov eax, dword [ebp - 0x15c] -mov dword [eax + ecx*4], edi +loc_fffcc83b: ; not directly referenced +mov dword [ebp - 0x7c], eax +xor ebx, ebx -loc_fffcd637: ; not directly referenced -mov eax, dword [ebp - 0x15c] -mov dword [ebx + ecx*4], edi -mov eax, dword [eax + ecx*4] -mov edx, eax -mov dword [ebp - 0x174], eax +loc_fffcc840: ; not directly referenced +mov eax, dword [ebp - 0x7c] +mov ecx, 1 +movzx edx, byte [eax + ebx] mov eax, edi -sub eax, edx -mov edx, dword [ebp - 0x158] -mov dword [ebp - 0x188], eax -mov eax, dword [ebp - 0x14c] -mov eax, dword [eax + ecx*4] -sub eax, dword [edx + ecx*4] -cmp dword [ebp - 0x188], eax -jle short loc_fffcd683 ; jle 0xfffcd683 -mov eax, edx -mov edx, dword [ebp - 0x174] -mov dword [eax + ecx*4], edx -mov eax, dword [ebp - 0x14c] -mov dword [eax + ecx*4], edi - -loc_fffcd683: ; not directly referenced -inc ecx -jmp near loc_fffcd5a3 ; jmp 0xfffcd5a3 - -loc_fffcd689: ; not directly referenced -inc edi -cmp edi, 0x20 -jne loc_fffcd460 ; jne 0xfffcd460 -push 2 -push 0 -push 0 -push 0 -push 0 -push 0 +call fcn_fffaab72 ; call 0xfffaab72 +mov word [ebp + ebx*2 - 0x60], ax +inc ebx +cmp byte [ebp - 0x7d], bl +ja short loc_fffcc840 ; ja 0xfffcc840 +mov ecx, dword [esi + 0xc] +mov esi, ecx +shr ecx, 0xf +mov al, cl +and eax, 0x1f +shr esi, 3 +and esi, 1 +and cl, 0x10 +lea edx, [eax - 0x20] +cmove edx, eax +mov eax, edi +movsx edx, dl +call fcn_fffa6cac ; call 0xfffa6cac +movzx ecx, byte [ebp - 0x88] +mov edx, esi +xor edx, 1 +movzx esi, dl +shl esi, 4 +mov ebx, eax +movzx eax, dl +shl eax, 4 +xor edx, edx +add eax, ecx +imul ebx, eax +movzx eax, byte [ebp - 0x88] +mov word [ebp - 0x88], ax +mov eax, ebx +div word [ebp - 0x80] +mov ecx, eax +movzx eax, bx +movzx ebx, byte [ebp - 0x7e] +cdq +sub ecx, esi +sub ecx, dword [ebp - 0x88] +idiv ebx +mov dl, 0xf0 +sub eax, esi +sub eax, dword [ebp - 0x88] +cmp cx, 0xfff1 +cmovge edx, ecx +movsx ecx, dl +add edx, 0x17 +movsx esi, al +lea ebx, [ecx + 0x17] +cmp esi, ebx +cmovg eax, edx +push edx +movzx edx, byte [ebp - 0x85] +cmp al, 0xf push 0 +push edx +mov dl, 0xf +cmovle edx, eax +push 0x11 +movsx edx, dl +push edx +push ecx +mov ecx, 3 +lea eax, [ebp - 0x60] +push eax +movzx eax, byte [ebp - 0x7d] +push dword [ebp - 0x84] +lea edx, [ebp - 0x56] +push eax +mov eax, edi +push dword [ebp - 0x7c] push 1 +push 0xf +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x28 +mov eax, edi push 0 +mov ecx, 3 +push 0x11 push 0 -push dword [ebp - 0x17c] -push esi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov dword [ebp - 0x14c], 0 -mov dword [ebp - 0x158], eax -mov eax, dword [ebp - 0x178] -mov dword [ebp - 0x15c], eax -mov eax, dword [ebp - 0x150] -lea ebx, [eax + eax*8] -imul eax, eax, 0x12 -mov dword [ebp - 0x170], ebx -mov dword [ebp - 0x174], eax - -loc_fffcd6ea: ; not directly referenced -mov eax, dword [ebp - 0x168] -mov ebx, dword [ebp - 0x14c] -bt eax, ebx -jae loc_fffcd8fe ; jae 0xfffcd8fe -mov eax, dword [ebp - 0x170] -add eax, dword [ebp - 0x15c] -mov byte [ebp - 0x160], 0 -mov dword [ebp - 0x188], eax - -loc_fffcd718: ; not directly referenced -mov al, byte [ebp - 0x160] -cmp al, byte [esi + 0x2488] -jae loc_fffcd8b8 ; jae 0xfffcd8b8 -movzx eax, byte [ebp - 0x160] -imul edx, dword [ebp - 0x14c], 9 -add edx, eax -mov ebx, dword [ebp + edx*4 - 0x60] -mov edx, dword [ebp + edx*4 - 0xa8] -mov ecx, ebx -sub ecx, edx -cmp ecx, 7 -jg short loc_fffcd769 ; jg 0xfffcd769 -cmp byte [esi + 0x1965], 0 -mov ecx, 9 -cmove ecx, dword [ebp - 0x158] -mov dword [ebp - 0x158], ecx -jmp short loc_fffcd773 ; jmp 0xfffcd773 - -loc_fffcd769: ; not directly referenced -sar ecx, 1 -add ecx, edx -mov dword [ebp - 0x164], ecx - -loc_fffcd773: ; not directly referenced -imul edi, edx, 0xfffffff6 -imul ecx, edx, 0xa -test edx, edx -cmovs ecx, edi -imul edx, ebx, 0xa -imul edi, ebx, 0xfffffff6 -test ebx, ebx -cmovs edx, edi -cmp byte [ebp - 0x151], 1 -jne short loc_fffcd7d1 ; jne 0xfffcd7d1 -imul ebx, dword [ebp - 0x14c], 9 -add ebx, dword [ebp - 0x174] -mov edi, dword [ebp - 0x188] -lea ebx, [eax + ebx + 0x50] -mov dword [esi + ebx*8 + 0x2450], ecx -mov ecx, dword [ebp - 0x164] -mov dword [esi + ebx*8 + 0x2454], edx -lea edx, [edi + eax] -add byte [edx + 0x104a], cl -add byte [edx + 0x106e], cl -jmp near loc_fffcd88e ; jmp 0xfffcd88e - -loc_fffcd7d1: ; not directly referenced -cmp byte [ebp - 0x151], 2 -jne short loc_fffcd83d ; jne 0xfffcd83d -imul ebx, dword [ebp - 0x14c], 9 -add ebx, dword [ebp - 0x174] -mov edi, dword [ebp - 0x164] -lea ebx, [eax + ebx + 0xe0] -mov dword [esi + ebx*8 + 0x2454], edx -movzx edx, byte [ebp - 0x160] -mov dword [esi + ebx*8 + 0x2450], ecx -mov ebx, dword [ebp - 0x15c] -add edx, dword [ebp - 0x170] -add edx, edx -add word [ebx + edx + 0x169], di -push ecx -mov edx, dword [ebp - 0x14c] -mov ecx, dword [ebp - 0x150] push 0 -push 0xff -push eax -mov eax, esi -call fcn_fffa73b0 ; call 0xfffa73b0 -jmp short loc_fffcd8aa ; jmp 0xfffcd8aa - -loc_fffcd83d: ; not directly referenced -cmp byte [ebp - 0x151], 0xb -jne short loc_fffcd8ad ; jne 0xfffcd8ad -imul ebx, dword [ebp - 0x14c], 9 -add ebx, dword [ebp - 0x174] -mov edi, dword [ebp - 0x164] -lea ebx, [eax + ebx + 0x128] -mov dword [esi + ebx*8 + 0x2454], edx -movzx edx, byte [ebp - 0x160] -mov dword [esi + ebx*8 + 0x2450], ecx -lea ecx, [edi + edi] -mov edi, dword [ebp - 0x15c] -add edx, dword [ebp - 0x170] -add edx, edx -add word [edi + edx + 0x1b1], cx - -loc_fffcd88e: ; not directly referenced -mov ecx, dword [ebp - 0x150] -push edx -mov edx, dword [ebp - 0x14c] push 0 -push 0xff -push eax -mov eax, esi -call fcn_fffa7499 ; call 0xfffa7499 - -loc_fffcd8aa: ; not directly referenced -add esp, 0x10 - -loc_fffcd8ad: ; not directly referenced -inc byte [ebp - 0x160] -jmp near loc_fffcd718 ; jmp 0xfffcd718 - -loc_fffcd8b8: ; not directly referenced -cmp byte [ebp - 0x151], 0xb -jne short loc_fffcd8fe ; jne 0xfffcd8fe -mov ebx, dword [ebp - 0x14c] -mov eax, esi -shl ebx, 0xa -add ebx, 0x4028 -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edi, dword [ebp - 0x15c] -movzx edx, byte [edi + 0x1019] -and eax, 0xffc0ffff -and edx, 0x3f -shl edx, 0x10 -or eax, edx -mov edx, ebx -mov ecx, eax -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c - -loc_fffcd8fe: ; not directly referenced -inc dword [ebp - 0x14c] -add dword [ebp - 0x15c], 0x13c3 -cmp dword [ebp - 0x14c], 2 -jne loc_fffcd6ea ; jne 0xfffcd6ea - -loc_fffcd91b: ; not directly referenced -inc dword [ebp - 0x150] -cmp dword [ebp - 0x150], 4 -jne loc_fffcd2d9 ; jne 0xfffcd2d9 -cmp byte [ebp - 0x16c], 0xb -mov ebx, dword [ebp - 0x158] -jne short loc_fffcd94b ; jne 0xfffcd94b -mov eax, esi -call fcn_fffb0e8a ; call 0xfffb0e8a -jmp short loc_fffcd94b ; jmp 0xfffcd94b - -loc_fffcd946: ; not directly referenced -mov ebx, 2 - -loc_fffcd94b: ; not directly referenced +lea edx, [edi + 0x2491] +push 1 +call fcn_fffbea08 ; call 0xfffbea08 lea esp, [ebp - 0xc] -mov eax, ebx pop ebx pop esi pop edi pop ebp ret -fcn_fffcd955: ; not directly referenced +fcn_fffcc956: ; not directly referenced push ebp +mov ecx, 0xa mov ebp, esp push edi push esi -mov esi, eax +mov esi, ref_fffd619c ; mov esi, 0xfffd619c push ebx -xor ebx, ebx -sub esp, 0x2c -mov eax, dword [eax + 0x2480] -mov dword [ebp - 0x2c], ecx -lea edi, [esi + 0x3756] -mov byte [ebp - 0x25], dl -mov dword [ebp - 0x24], eax +sub esp, 0x7c +mov eax, dword [ebp + 8] +lea edi, [ebp - 0x60] +mov byte [ebp - 0x6e], 4 +lea ebx, [ebp - 0x60] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov byte [ebp - 0x6d], 1 +lea esi, [eax + 0x3757] +mov byte [ebp - 0x6c], 5 +mov byte [ebp - 0x6b], 2 +mov byte [ebp - 0x70], 5 +mov byte [ebp - 0x6f], 2 +mov byte [ebp - 0x6a], 1 +mov byte [ebp - 0x69], 2 +mov byte [ebp - 0x68], 1 +mov byte [ebp - 0x67], 2 +mov byte [ebp - 0x66], 0 +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 0 +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +mov dword [ebp - 0x7c], 0 -loc_fffcd977: ; not directly referenced -cmp dword [edi], 2 -jne loc_fffcda73 ; jne 0xfffcda73 -mov dl, byte [ebp - 0x25] -and dl, byte [edi + 0xc4] -je loc_fffcda73 ; je 0xfffcda73 -mov eax, dword [ebp - 0x2c] -movzx ecx, dl -mov dword [ebp - 0x20], ecx -movzx eax, byte [eax + ebx] +loc_fffcc9c1: ; not directly referenced +cmp dword [esi], 2 +jne loc_fffcca75 ; jne 0xfffcca75 +mov cl, byte [ebp - 0x7c] +mov edi, 1 +shl edi, cl +cmp dword [esi + 0xc0], 2 +jne short loc_fffcca4b ; jne 0xfffcca4b push edx +mov ecx, edi push 0 -push eax -push 3 -push ecx -push 0 -push ebx -push esi -mov dword [ebp - 0x1c], eax -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -xor edx, edx - -loc_fffcd9b4: ; not directly referenced -mov eax, dword [ebp - 0x20] -bt eax, edx -jae short loc_fffcd9c9 ; jae 0xfffcd9c9 -movzx edx, byte [edi + edx + 0x245] -add edx, dword [ebp - 0x1c] -jmp short loc_fffcd9d1 ; jmp 0xfffcd9d1 - -loc_fffcd9c9: ; not directly referenced -inc edx -cmp edx, 4 -jne short loc_fffcd9b4 ; jne 0xfffcd9b4 -xor dl, dl - -loc_fffcd9d1: ; not directly referenced -push ecx push 0 -push edx -push 1 -push dword [ebp - 0x20] +push 0xf push 4 -push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c -mov edx, dword [ebp - 0x1c] -push 0 -add edx, dword [edi + 0x111] -push edx push 1 -push dword [ebp - 0x20] -push 2 push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c -mov edx, dword [ebp - 0x1c] +lea eax, [ebp - 0x6a] +push eax +push 4 +lea eax, [ebp - 0x6e] +push eax +mov eax, dword [ebp + 8] +push 7 +push 0xf +lea edx, [ebp - 0x56] +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x2c +mov ecx, edi push 0 -add edx, dword [edi + 0x119] -push edx -push 1 -push dword [ebp - 0x20] +push 0 +push 0xf +push 2 push 1 push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -cmp dword [ebp - 0x24], 3 -jne short loc_fffcda55 ; jne 0xfffcda55 -mov eax, dword [ebp - 0x1c] -add dword [edi + 0x111], eax -push edx -push 0 -mov edx, dword [edi + 0x115] -add edx, eax -push edx +lea eax, [ebp - 0x65] +push eax push 2 -push dword [ebp - 0x20] +lea eax, [ebp - 0x70] +push eax +mov eax, dword [ebp + 8] +push 8 +push 3 +lea edx, [ebp - 0x56] +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x2c +push 0 +push 0 +push 0xf push 2 +push 1 push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov edx, dword [ebp - 0x1c] -add esp, 0x20 -sub dword [edi + 0x111], edx +lea eax, [ebp - 0x65] +push eax +push 2 +lea eax, [ebp - 0x70] +push eax +push 8 +push 0xc +jmp short loc_fffcca65 ; jmp 0xfffcca65 -loc_fffcda55: ; not directly referenced -mov edx, dword [ebp - 0x1c] +loc_fffcca4b: ; not directly referenced push eax push 0 -add edx, dword [edi + 0x109] -push edx -push 1 -push dword [ebp - 0x20] -push 3 +push 0 +push 0xf +push 2 +push 0 push ebx -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +lea eax, [ebp - 0x65] +push eax +push 2 +lea eax, [ebp - 0x70] +push eax +push 7 +push 0xf -loc_fffcda73: ; not directly referenced -inc ebx -add edi, 0x13c3 -cmp ebx, 2 -jne loc_fffcd977 ; jne 0xfffcd977 -sub esp, 0xc -push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +loc_fffcca65: ; not directly referenced +mov eax, dword [ebp + 8] +mov ecx, edi +lea edx, [ebp - 0x56] +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 + +loc_fffcca75: ; not directly referenced +inc dword [ebp - 0x7c] +add esi, 0x13c3 +cmp dword [ebp - 0x7c], 2 +jne loc_fffcc9c1 ; jne 0xfffcc9c1 lea esp, [ebp - 0xc] +xor eax, eax pop ebx pop esi pop edi pop ebp ret -fcn_fffcda94: ; not directly referenced +fcn_fffcca92: ; not directly referenced push ebp +mov ecx, 0xa mov ebp, esp push edi push esi +mov esi, ref_fffd61a8 ; mov esi, 0xfffd61a8 push ebx -mov ebx, edx -sub esp, 0x3d0 -mov edi, dword [ebp + 0xc] -mov dword [ebp - 0x3cc], ecx -mov ecx, dword [ebp + 0x14] -mov byte [ebp - 0x38e], dl -mov dl, byte [ebp + 8] -mov esi, dword [ebp + 0x10] -mov dword [ebp - 0x34c], eax -xor eax, eax -cmp bl, 0xc -mov dword [ebp - 0x37c], ecx -mov ecx, dword [ebp + 0x24] -mov dword [ebp - 0x374], edi -mov byte [ebp - 0x3a4], dl -mov edx, edi -lea edi, [ebp - 0x2e0] -mov dword [ebp - 0x380], ecx -mov ecx, dword [ebp + 0x2c] -mov byte [ebp - 0x34d], dl -mov edx, esi -mov byte [ebp - 0x364], dl -mov dl, byte [ebp + 0x20] -mov dword [ebp - 0x378], esi -mov esi, ref_fffd5bc0 ; mov esi, 0xfffd5bc0 -mov dword [ebp - 0x384], ecx -mov ecx, 0xb -rep stosd ; rep stosd dword es:[edi], eax -lea edi, [ebp - 0x321] -mov byte [ebp - 0x38f], dl -mov dl, byte [ebp + 0x28] -mov word [ebp - 0x2d8], 7 -mov word [ebp - 0x2d2], 0x3ff -mov word [ebp - 0x2bc], 1 -mov byte [ebp - 0x34e], dl -mov cl, 0xd +sub esp, 0x5c +mov ebx, dword [ebp + 8] +lea edi, [ebp - 0x60] +mov byte [ebp - 0x67], 5 +mov byte [ebp - 0x66], 2 +mov eax, dword [ebx + 0x1887] +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 0 +cmp eax, 0x306d0 +sete dl +cmp eax, 0x40650 +sete al +or dl, al +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -lea edi, [ebp - 0x302] -mov esi, ref_fffd5bd0 ; mov esi, 0xfffd5bd0 -mov word [ebp - 0x2b6], 1 -mov cl, 4 -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov eax, dword [ebp - 0x34c] -lea edi, [ebp - 0x288] -mov esi, ref_fffd5be0 ; mov esi, 0xfffd5be0 -mov byte [ebp - 0x33e], 0 -mov byte [ebp - 0x33d], 0 -mov word [ebp - 0x32c], 0 -mov dword [ebp - 0x32a], 0 -mov cl, 0xc -rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, dword [eax + 0x2443] -mov esi, 0xa -mov al, 0x14 -cmovne esi, eax -push 0 -mov eax, esi -push 2 -mov byte [ebp - 0x3b6], al -lea eax, [ebp - 0x33a] +je short loc_fffccb4c ; je 0xfffccb4c +mov cl, 1 +mov edx, 5 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +mov edx, dword [ebp - 0x60] +mov ecx, 1 +cmp ax, dx +cmovae edx, eax +mov eax, ebx +mov word [ebp - 0x60], dx +mov edx, 2 +call fcn_fffaab72 ; call 0xfffaab72 +mov dx, word [ebp - 0x5e] +mov ecx, 3 +cmp ax, dx +cmovae edx, eax push eax -mov dword [ebp - 0x326], 7 -mov byte [ebp - 0x322], 0 -call dword [edi + 0x60] ; ucall -add esp, 0xc push 0 -push 2 -lea eax, [ebp - 0x33c] -push eax -call dword [edi + 0x5c] ; ucall +push 0 +push 0xf +push 8 +push 0xfffffffffffffff1 +lea eax, [ebp - 0x60] +push eax +lea eax, [ebp - 0x65] +push eax +push 2 +lea eax, [ebp - 0x67] +push eax +mov eax, ebx +push 2 +push 0xf +mov word [ebp - 0x5e], dx +lea edx, [ebp - 0x56] +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 + +loc_fffccb4c: ; not directly referenced +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffccb56: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x6c +mov ebx, dword [ebp + 8] +mov byte [ebp - 0x67], 0xd +mov byte [ebp - 0x66], 0xc +mov byte [ebp - 0x65], 1 +cmp dword [ebx + 0x188b], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +jne loc_fffccc5f ; jne 0xfffccc5f +movzx esi, byte [ebx + 0x248f] +lea ecx, [ebp - 0x60] +movzx edi, byte [ebx + 0x248e] +push eax +mov eax, dword [ebx + 0x2444] +push 0 +push 5 +push ecx +call dword [eax + 0x60] ; ucall +movzx edx, byte [ebp - 0x67] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x66] +mov ecx, 1 +mov word [ebp - 0x60], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 add esp, 0xc +mov ecx, edi push 0 -push 0x10 -lea eax, [ebp - 0x314] +push 0 +push 0xf +push 0 +push 0xfffffffffffffff8 +lea edi, [ebp - 0x67] +mov word [ebp - 0x5e], ax +mov eax, esi +lea esi, [ebp - 0x60] +push esi +lea esi, [ebp - 0x65] +push esi +push 2 +push edi +push 0xf +push ecx +lea edx, [ebp - 0x56] +mov dword [ebp - 0x6c], ecx +mov ecx, eax +mov dword [ebp - 0x70], eax +mov eax, ebx +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 +mov edx, 0x3a08 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edx, eax +shr edx, 0x12 +shr eax, 0xc +and edx, 0x3f +and eax, 0x3f +cmp dl, al +push ecx +cmovle eax, edx +mov ecx, dword [ebp - 0x70] +mov dl, 5 +push 0 +sub edx, eax +push 0 +cmp dl, 0xf8 +mov al, 0xf8 +push 0xf +cmovge eax, edx +push 0 +movsx eax, al push eax -call dword [edi + 0x5c] ; ucall +mov eax, ebx +lea edx, [ebp - 0x60] +push edx +push esi +push 2 +push edi +push 0xa +push dword [ebp - 0x6c] +lea edx, [ebp - 0x56] +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 + +loc_fffccc5f: ; not directly referenced +sub esp, 0xc +push ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +lea esp, [ebp - 0xc] +xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffccc72: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x6c +mov ebx, dword [ebp + 8] +mov byte [ebp - 0x67], 0xd +mov byte [ebp - 0x66], 0xc +mov byte [ebp - 0x65], 1 +cmp dword [ebx + 0x188b], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +jne short loc_fffccd1b ; jne 0xfffccd1b +movzx eax, byte [ebx + 0x248e] +lea esi, [ebp - 0x60] +movzx edi, byte [ebx + 0x248f] +mov dword [ebp - 0x6c], eax +push eax +mov eax, dword [ebx + 0x2444] +push 0 +push 5 +push esi +call dword [eax + 0x60] ; ucall +movzx edx, byte [ebp - 0x67] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x66] +mov ecx, 1 +mov word [ebp - 0x60], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 add esp, 0xc -push 0x2c -lea eax, [ebp - 0x2e0] +mov ecx, edi +push 0 +push 0 +push 0xf +push 3 +push 0 +push esi +lea edx, [ebp - 0x56] +mov word [ebp - 0x5e], ax +lea eax, [ebp - 0x65] push eax -lea eax, [ebp - 0x2b4] +push 2 +lea eax, [ebp - 0x67] push eax -call dword [edi + 0x58] ; ucall -add esp, 0x10 +mov eax, dword [ebp - 0x6c] +push 0xc +push eax +mov eax, ebx +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 + +loc_fffccd1b: ; not directly referenced +sub esp, 0xc +push ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +lea esp, [ebp - 0xc] xor eax, eax +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffcdc0a: ; not directly referenced -mov byte [ebp + eax - 0x335], al -inc eax -cmp eax, 9 -jne short loc_fffcdc0a ; jne 0xfffcdc0a -cmp bl, 0xc -sete al -mov byte [ebp - 0x34f], al -movzx eax, al -mov dword [ebp - 0x354], eax -lea eax, [ebx - 8] -cmp al, 1 -setbe dl -cmp bl, 0xb -sete al -or dl, al -mov dword [ebp - 0x35c], 1 -jne short loc_fffcdc56 ; jne 0xfffcdc56 +fcn_fffccd2e: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, ecx +push esi +push ebx +mov ebx, eax +sub esp, 0x70 +mov eax, dword [eax + 0x2444] +push 0 +push 5 +lea esi, [ebp - 0x60] +push esi +mov dword [ebp - 0x6c], edx +mov byte [ebp - 0x67], 5 +mov byte [ebp - 0x66], 2 +mov byte [ebp - 0x65], 1 +mov byte [ebp - 0x64], 2 +mov byte [ebp - 0x63], 1 +mov byte [ebp - 0x62], 0 +mov byte [ebp - 0x61], 0 +call dword [eax + 0x60] ; ucall +movzx edx, byte [ebp - 0x67] +mov ecx, 1 +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +movzx edx, byte [ebp - 0x66] +mov ecx, 1 +mov word [ebp - 0x60], ax +mov eax, ebx +call fcn_fffaab72 ; call 0xfffaab72 +add esp, 0xc +movzx ecx, byte [ebp - 0x6c] +cmp dword [ebx + 0x188b], 1 +push 1 +push 0 +push 0xf +push 0xa +lea edx, [ebp - 0x56] +mov word [ebp - 0x5e], ax +sbb eax, eax +and eax, 4 +sub eax, 0x11 +movsx eax, al +push eax +push esi +lea eax, [ebp - 0x65] +push eax +push 2 +lea eax, [ebp - 0x67] +push eax +mov eax, ebx +push 0 +push 0xf +call fcn_fffcb1dd ; call 0xfffcb1dd +add esp, 0x30 xor eax, eax -cmp bl, 0xa -sete al -mov dword [ebp - 0x35c], eax +cmp dword [ebp + 8], 0 +je short loc_fffccdfb ; je 0xfffccdfb +push eax +mov ecx, 3 +push eax +mov eax, ebx +push 0 +push edi +push 0 +push 0 +push 0 +push 2 +lea edx, [ebx + 0x2491] +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 -loc_fffcdc56: ; not directly referenced -mov al, byte [ebp - 0x33d] -mov esi, dword [ebp - 0x34c] -movzx ecx, byte [ebp - 0x38e] -mov dword [ebp - 0x358], 0 -mov byte [ebp - 0x360], al -mov al, byte [ebp - 0x33e] -add esi, 0x381a -mov dword [ebp - 0x388], ecx +loc_fffccdfb: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffcdc8b: ; not directly referenced -mov cl, byte [esi] -test cl, cl -je loc_fffcdd4f ; je 0xfffcdd4f -mov dl, cl -and edx, 0xc -cmp dl, 0xc -je short loc_fffcdcb5 ; je 0xfffcdcb5 -mov dl, cl -and edx, 3 -cmp dl, 3 -sete dl -movzx edx, dl -mov dword [ebp - 0x370], edx -jmp short loc_fffcdcbf ; jmp 0xfffcdcbf +fcn_fffcce03: ; not directly referenced +push ebp +mov ecx, 0xf +mov ebp, esp +mov edx, 3 +mov eax, dword [ebp + 8] +mov dword [ebp + 8], 1 +pop ebp +jmp near fcn_fffccd2e ; jmp 0xfffccd2e -loc_fffcdcb5: ; not directly referenced -mov dword [ebp - 0x370], 1 +fcn_fffcce20: ; not directly referenced +push ebp +mov ebp, esp +mov ecx, dword [ebp + 0x10] +mov eax, dword [ebp + 0x18] +mov edx, dword [ebp + 0x1c] +mov dword [ecx], eax +mov dword [ecx + 4], edx +pop ebp +ret -loc_fffcdcbf: ; not directly referenced -test byte [ebp - 0x34e], cl -je loc_fffcdd4f ; je 0xfffcdd4f -mov cl, byte [ebp - 0x358] +fcn_fffcce33: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x3c +mov eax, dword [ebp + 0x14] +mov ebx, dword [ebp + 0xc] +mov edi, dword [ebp + 8] +mov edx, dword [ebp + 0x10] +mov dword [ebp - 0x2c], eax +mov eax, dword [ebp + 0x20] +mov dword [ebp - 0x24], ebx +mov byte [ebp - 0x32], bl +mov byte [ebp - 0x31], dl +mov dword [ebp - 0x3c], eax +mov eax, dword [ebp + 0x24] +mov dword [ebp - 0x40], eax +mov al, byte [ebp + 0x18] +mov byte [ebp - 0x33], al +mov al, byte [ebp + 0x1c] +mov byte [ebp - 0x34], al +mov eax, dword [edi + 0x5edd] +cmp bl, 1 +ja loc_fffcd076 ; ja 0xfffcd076 +cmp dword [edi + 0x2481], 2 +jne loc_fffcd076 ; jne 0xfffcd076 +movzx eax, byte [ebp - 0x24] +mov dword [ebp - 0x1c], 0 +mov dword [ebp - 0x38], eax +imul eax, eax, 0x13c3 +lea ebx, [edi + eax + 0x3757] +add eax, edi +mov dword [ebp - 0x48], eax + +loc_fffccea8: ; not directly referenced +mov cl, byte [ebp - 0x1c] mov edx, 1 shl edx, cl -mov ecx, dword [ebp - 0x388] -mov dword [ebp - 0x368], edx -mov cl, byte [ebp + ecx - 0x321] -mov byte [ebp - 0x36c], cl -and cl, 2 -je short loc_fffcdd11 ; je 0xfffcdd11 -mov cl, byte [ebp - 0x360] -mov dl, byte [ebp - 0x368] -or edx, ecx -cmp dword [esi - 4], 2 -cmove ecx, edx -mov byte [ebp - 0x360], cl +test byte [ebp - 0x33], dl +je loc_fffcd05f ; je 0xfffcd05f +mov eax, dword [ebp - 0x48] +test byte [eax + 0x381b], dl +je loc_fffcd05f ; je 0xfffcd05f +mov esi, dword [ebp - 0x1c] +imul eax, esi, 0x18 +mov dword [ebp - 0x30], eax +mov ax, word [ebx + eax + 0x1277] +mov word [ebp - 0x28], ax +or word [ebp - 0x28], 0x80 +mov eax, dword [ebp - 0x28] +cmp dword [ebp - 0x3c], 0 +mov word [ebp - 0x20], ax +je loc_fffccfce ; je 0xfffccfce +movzx eax, byte [ebp - 0x34] +imul esi, esi, 0x70 +mov dword [ebp - 0x28], 0 +mov dword [ebp - 0x30], eax +movzx eax, byte [ebp - 0x32] +add esi, ebx +mov dword [ebp - 0x44], eax -loc_fffcdd11: ; not directly referenced -test byte [ebp - 0x36c], 1 -je short loc_fffcdd23 ; je 0xfffcdd23 -cmp dword [ebp - 0x370], 0 -jne short loc_fffcdd2c ; jne 0xfffcdd2c +loc_fffccf10: ; not directly referenced +mov eax, dword [ebp - 0x30] +mov edx, dword [ebp - 0x28] +bt eax, edx +jae loc_fffccfb9 ; jae 0xfffccfb9 +mov cx, word [esi + 0x109f] +mov al, cl +and ecx, 0x3f +and eax, 0x7f +mov dl, al +or edx, 0xffffffc0 +test al, 0x60 +cmove edx, ecx +lea eax, [edx - 0xd] +cmp dl, 0xc +jg short loc_fffccf4b ; jg 0xfffccf4b +xor eax, eax +cmp dl, 0xe4 +lea ecx, [edx + 0x1b] +cmovle eax, ecx -loc_fffcdd23: ; not directly referenced -cmp dword [ebp - 0x354], 0 -je short loc_fffcdd32 ; je 0xfffcdd32 +loc_fffccf4b: ; not directly referenced +add eax, dword [ebp - 0x2c] +cmp al, 0x25 +jg short loc_fffccf5c ; jg 0xfffccf5c +cmp al, 0xdb +jl short loc_fffccf63 ; jl 0xfffccf63 +test al, al +jns short loc_fffccf5e ; jns 0xfffccf5e +jmp short loc_fffccf65 ; jmp 0xfffccf65 -loc_fffcdd2c: ; not directly referenced -or eax, dword [ebp - 0x368] +loc_fffccf5c: ; not directly referenced +mov al, 0x25 -loc_fffcdd32: ; not directly referenced -cmp dword [ebp - 0x35c], 0 -je short loc_fffcdd4f ; je 0xfffcdd4f -mov edx, dword [ebp - 0x358] -movzx ecx, al -bt ecx, edx -jb short loc_fffcdd4f ; jb 0xfffcdd4f -or eax, dword [ebp - 0x368] +loc_fffccf5e: ; not directly referenced +add eax, 0xd +jmp short loc_fffccf68 ; jmp 0xfffccf68 -loc_fffcdd4f: ; not directly referenced -inc dword [ebp - 0x358] -add esi, 0x13c3 -cmp dword [ebp - 0x358], 2 -jne loc_fffcdc8b ; jne 0xfffcdc8b -mov dl, byte [ebp - 0x360] -mov cl, byte [ebp - 0x374] -cmp byte [ebp - 0x378], cl -mov byte [ebp - 0x33e], al -mov byte [ebp - 0x33d], dl -setle cl -or al, dl -mov byte [ebp - 0x358], al -sete al -or cl, al -je short loc_fffcdda2 ; je 0xfffcdda2 +loc_fffccf63: ; not directly referenced +mov al, 0xdb + +loc_fffccf65: ; not directly referenced +sub eax, 0x1b -loc_fffcdd98: ; not directly referenced +loc_fffccf68: ; not directly referenced +and eax, 0x7f +mov cl, byte [ebp - 0x28] +mov dl, al +and eax, 0x3f +shr dl, 6 +and word [ebp - 0x20], 0xff80 +and edx, 1 +shl edx, 6 +or word [ebp - 0x20], dx +or word [ebp - 0x20], ax mov eax, 1 -jmp near loc_fffceaf5 ; jmp 0xfffceaf5 +push edx +mov edx, dword [ebp - 0x44] +shl eax, cl +mov ecx, dword [ebp - 0x1c] +push eax +movzx eax, word [ebp - 0x20] +push 6 +push eax +mov eax, edi +call fcn_fffac8c3 ; call 0xfffac8c3 +add esp, 0x10 +cmp byte [ebp - 0x31], 0 +je short loc_fffccfb9 ; je 0xfffccfb9 +mov eax, dword [ebp - 0x20] +mov word [esi + 0x109f], ax -loc_fffcdda2: ; not directly referenced -mov eax, dword [ebp - 0x34c] -mov byte [eax + 0x248b], 3 -lea eax, [ebx - 6] -cmp al, 1 -ja short loc_fffcddd1 ; ja 0xfffcddd1 -mov eax, dword [ebp - 0x34c] -mov edx, 1 -mov ecx, 4 -mov byte [eax + 0x248b], 5 -mov al, 0xd -jmp short loc_fffcddf3 ; jmp 0xfffcddf3 +loc_fffccfb9: ; not directly referenced +inc dword [ebp - 0x28] +add esi, 0xe +cmp dword [ebp - 0x28], 8 +jne loc_fffccf10 ; jne 0xfffccf10 +jmp near loc_fffcd05f ; jmp 0xfffcd05f -loc_fffcddd1: ; not directly referenced -cmp dword [ebp - 0x35c], 0 -je short loc_fffcddfa ; je 0xfffcddfa -mov eax, dword [ebp - 0x34c] -mov edx, 1 -mov ecx, 5 -mov byte [eax + 0x248b], 6 -mov al, 0xd +loc_fffccfce: ; not directly referenced +mov eax, dword [ebp - 0x30] +mov si, word [ebx + eax + 0x1277] +mov ecx, esi +and esi, 0x3f +and ecx, 0x7f +mov al, cl +or eax, 0xffffffc0 +and cl, 0x60 +cmove eax, esi +lea ecx, [eax - 0xd] +cmp al, 0xc +jg short loc_fffccffd ; jg 0xfffccffd +xor ecx, ecx +cmp al, 0xe4 +lea esi, [eax + 0x1b] +cmovle ecx, esi -loc_fffcddf3: ; not directly referenced -mov esi, 0x80 -jmp short loc_fffcde1c ; jmp 0xfffcde1c +loc_fffccffd: ; not directly referenced +add ecx, dword [ebp - 0x2c] +cmp cl, 0x25 +jg short loc_fffcd010 ; jg 0xfffcd010 +cmp cl, 0xdb +jl short loc_fffcd017 ; jl 0xfffcd017 +test cl, cl +js short loc_fffcd019 ; js 0xfffcd019 +jmp short loc_fffcd012 ; jmp 0xfffcd012 -loc_fffcddfa: ; not directly referenced -cmp byte [ebp - 0x34f], 1 -sbb eax, eax -xor edx, edx -and eax, 0xfffffffd -xor ecx, ecx -add eax, 0x10 -cmp byte [ebp - 0x34f], 1 -sbb esi, esi -and esi, 0x7c -add esi, 4 +loc_fffcd010: ; not directly referenced +mov cl, 0x25 -loc_fffcde1c: ; not directly referenced -movzx eax, al -movzx esi, si -mov dword [ebp - 0x35c], ebx -mov ebx, dword [ebp - 0x34c] -mov word [ebp - 0x32c], ax -movzx eax, byte [ebp - 0x37c] -mov dword [ebp - 0x2a0], edx -mov dword [ebp - 0x294], edx -mov bl, byte [ebx + 0x248b] -mov edx, eax -movzx eax, byte [ebp - 0x358] -push 0 -push 0 -push 0 -mov byte [ebp - 0x322], bl -mov ebx, eax -mov dword [ebp - 0x3a0], eax -lea eax, [ebp - 0x32c] -push eax -push 0 -lea eax, [ebp - 0x2b4] -push eax -push edx -push esi -mov dword [ebp - 0x358], edx -mov edx, ebx -mov ebx, dword [ebp - 0x34c] -mov eax, ebx -call fcn_fffb20e5 ; call 0xfffb20e5 -add esp, 0x20 -lea eax, [esi - 1] -mov esi, ebx -call fcn_fffaec34 ; call 0xfffaec34 -mov cl, byte [ebp - 0x358] -mov edx, 1 -sub ecx, eax -mov eax, edx -shl eax, cl -mov ecx, eax -mov al, 1 -test cl, cl -cmovg eax, ecx -mov byte [ebx + 0x248c], al -mov ebx, dword [ebp - 0x35c] -movzx ecx, byte [esi + 0x2488] -mov dword [ebp - 0x35c], 0 -lea eax, [ebx - 0xa] -cmp al, 1 -mov byte [ebp - 0x3b5], al -setbe al -movzx eax, al -shl edx, cl -cmp bl, 0xa -mov bl, byte [ebp - 0x364] -mov dword [ebp - 0x38c], eax -lea eax, [edx - 1] -mov dl, byte [ebp - 0x34d] -mov word [ebp - 0x3a2], ax -sete al -lea eax, [eax + eax - 1] -mov cl, al -mov byte [ebp - 0x358], al -mov al, byte [ebp - 0x378] -cmove eax, edx -mov dl, al -mov byte [ebp - 0x34d], al -mov al, byte [ebp - 0x374] -cmove eax, ebx -add esi, 0x3756 -mov byte [ebp - 0x364], al -mov al, byte [ebp - 0x384] -imul eax, ecx -sub edx, eax -mov byte [ebp - 0x350], al -movzx eax, dl -mov dword [ebp - 0x36c], eax +loc_fffcd012: ; not directly referenced +add ecx, 0xd +jmp short loc_fffcd01c ; jmp 0xfffcd01c -loc_fffcdf57: ; not directly referenced -cmp dword [esi], 2 -je short loc_fffcdfce ; je 0xfffcdfce +loc_fffcd017: ; not directly referenced +mov cl, 0xdb -loc_fffcdf5c: ; not directly referenced -add dword [ebp - 0x35c], 9 -add esi, 0x13c3 -cmp dword [ebp - 0x35c], 0x12 -jne short loc_fffcdf57 ; jne 0xfffcdf57 -movzx eax, byte [ebp - 0x380] -movzx edi, byte [ebp - 0x38e] -mov dword [ebp - 0x37c], 0 -mov dword [ebp - 0x3b0], eax -imul eax, eax, 0x90 -mov dword [ebp - 0x398], edi -movzx edi, byte [ebp - 0x34e] -mov dword [ebp - 0x3c4], eax -mov al, byte [ebp - 0x364] -mov dword [ebp - 0x39c], edi -mov byte [ebp - 0x36c], al -mov al, byte [ebp - 0x34d] -mov byte [ebp - 0x374], al -xor eax, eax -jmp near loc_fffce1f4 ; jmp 0xfffce1f4 +loc_fffcd019: ; not directly referenced +sub ecx, 0x1b -loc_fffcdfce: ; not directly referenced -mov ebx, dword [ebp - 0x34c] -push ecx -push dword [ebp - 0x36c] -movzx eax, byte [ebx + 0x2488] +loc_fffcd01c: ; not directly referenced +and ecx, 0x7f +mov esi, dword [ebp - 0x28] +mov al, cl +and ecx, 0x3f +shr al, 6 +and eax, 1 +shl eax, 6 +and esi, 0xffffff80 +or esi, eax +or esi, ecx +mov ecx, edx +mov edx, dword [ebp - 0x38] push eax -mov eax, dword [ebp - 0x35c] -lea eax, [ebp + eax - 0x2f2] push eax -call dword [edi + 0x5c] ; ucall -mov al, byte [ebx + 0x2488] +movzx eax, si +push eax +mov eax, edi +push 6 +call fcn_fffa96cb ; call 0xfffa96cb add esp, 0x10 -xor edx, edx -mov byte [ebp - 0x368], al +cmp byte [ebp - 0x31], 0 +je short loc_fffcd05f ; je 0xfffcd05f +mov eax, dword [ebp - 0x30] +mov word [ebx + eax + 0x1277], si -loc_fffce005: ; not directly referenced -cmp dl, byte [ebp - 0x368] -je loc_fffcdf5c ; je 0xfffcdf5c -movzx ecx, dl -add ecx, dword [ebp - 0x35c] -lea eax, [ebp - 0x258] -mov byte [ebp - 0x360], 0 -add ecx, ecx -add ecx, eax -xor eax, eax +loc_fffcd05f: ; not directly referenced +inc dword [ebp - 0x1c] +cmp dword [ebp - 0x1c], 2 +jne loc_fffccea8 ; jne 0xfffccea8 +mov ebx, 0x40000000 +jmp near loc_fffcd1ce ; jmp 0xfffcd1ce -loc_fffce02d: ; not directly referenced -mov bl, byte [ebp - 0x3a4] -cmp byte [ebp - 0x360], bl -je short loc_fffce07b ; je 0xfffce07b -mov bl, byte [ebp - 0x38f] -test bl, bl -je short loc_fffce06e ; je 0xfffce06e -mov word [ecx + eax], 0x500 +loc_fffcd076: ; not directly referenced +mov ebx, dword [ebp - 0x24] cmp bl, 1 -jbe short loc_fffce057 ; jbe 0xfffce057 -mov word [ecx + eax + 0x24], 0x500 - -loc_fffce057: ; not directly referenced -cmp byte [ebp - 0x38f], 1 -mov word [ecx + eax + 0x48], 0x500 -jbe short loc_fffce06e ; jbe 0xfffce06e -mov word [ecx + eax + 0x6c], 0x500 - -loc_fffce06e: ; not directly referenced -inc byte [ebp - 0x360] -add eax, 0x90 -jmp short loc_fffce02d ; jmp 0xfffce02d - -loc_fffce07b: ; not directly referenced -inc edx -jmp short loc_fffce005 ; jmp 0xfffce005 - -loc_fffce07e: ; not directly referenced -test al, al -jne loc_fffce210 ; jne 0xfffce210 -mov al, byte [ebp - 0x34d] -sub eax, dword [ebp - 0x374] -imul eax, dword [ebp - 0x358] -mov byte [ebp - 0x38d], al -dec al -sete al -test byte [ebp - 0x34f], al -je short loc_fffce0d0 ; je 0xfffce0d0 -mov al, byte [ebp - 0x36c] -add ecx, dword [ebp - 0x374] -neg byte [ebp - 0x358] -mov byte [ebp - 0x374], dl -mov byte [ebp - 0x34d], al -mov byte [ebp - 0x36c], cl - -loc_fffce0d0: ; not directly referenced -movzx eax, byte [ebp - 0x34d] -xor esi, esi -mov edi, eax -shl edi, 0x18 -mov dword [ebp - 0x360], edi -mov edi, 0x48dc -mov dword [ebp - 0x368], eax - -loc_fffce0ef: ; not directly referenced -imul eax, esi, 0x13c3 -mov ebx, dword [ebp - 0x34c] -mov al, byte [ebx + eax + 0x381a] -mov ebx, dword [ebp - 0x3a0] -bt ebx, esi -jb loc_fffce23a ; jb 0xfffce23a +je short loc_fffcd0a3 ; je 0xfffcd0a3 +jb short loc_fffcd091 ; jb 0xfffcd091 +cmp bl, 2 +jne loc_fffcd260 ; jne 0xfffcd260 +mov cl, byte [eax + 0x14] +and ecx, 0x7f +jmp short loc_fffcd0b4 ; jmp 0xfffcd0b4 -loc_fffce111: ; not directly referenced -inc esi -add edi, 8 -cmp esi, 2 -jne short loc_fffce0ef ; jne 0xfffce0ef -mov al, byte [ebp - 0x34d] -sub eax, dword [ebp - 0x358] -mov dword [ebp - 0x3a8], 0 -mov dword [ebp - 0x368], 0 -mov byte [ebp - 0x390], al -mov al, byte [ebp - 0x350] -sub byte [ebp - 0x390], al +loc_fffcd091: ; not directly referenced +movzx ebx, byte [eax + 0x16] +mov cl, byte [eax + 0x15] +and ebx, 0x1f +shr cl, 6 +shl ebx, 2 +jmp short loc_fffcd0b2 ; jmp 0xfffcd0b2 -loc_fffce14c: ; not directly referenced -mov eax, dword [ebp - 0x368] -movzx eax, byte [ebp + eax - 0x33e] -mov byte [ebp - 0x3a3], al -test al, al -je loc_fffce98f ; je 0xfffce98f -mov dword [ebp - 0x35c], eax -xor esi, esi -imul eax, dword [ebp - 0x368], 6 -mov dword [ebp - 0x364], eax +loc_fffcd0a3: ; not directly referenced +movzx ebx, byte [eax + 0x15] +mov cl, byte [eax + 0x14] +and ebx, 0x3f +shr cl, 7 +add ebx, ebx -loc_fffce17d: ; not directly referenced -mov eax, dword [ebp - 0x35c] -bt eax, esi -jb loc_fffce35a ; jb 0xfffce35a +loc_fffcd0b2: ; not directly referenced +or ecx, ebx -loc_fffce18c: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffce17d ; jne 0xfffce17d -mov eax, dword [ebp - 0x35c] -mov byte [ebp - 0x360], 0 -and eax, 2 -mov dword [ebp - 0x3b4], eax -mov eax, dword [ebp + 0x1c] -mov dword [ebp - 0x394], eax +loc_fffcd0b4: ; not directly referenced +mov bl, cl +mov esi, 0xffffffca +or ebx, 0xffffff80 +test cl, 0xc0 +cmovne ecx, ebx +mov ebx, 0x36 +movsx ecx, cl +add ecx, dword [ebp - 0x2c] +cmp ecx, 0xffffffca +cmovge esi, ecx +cmp esi, 0x36 +cmovle ebx, esi +test dl, dl +je short loc_fffcd14e ; je 0xfffcd14e +mov edx, dword [ebp - 0x24] +cmp dl, 1 +je short loc_fffcd129 ; je 0xfffcd129 +jb short loc_fffcd104 ; jb 0xfffcd104 +cmp dl, 2 +jne loc_fffcd260 ; jne 0xfffcd260 +mov dl, byte [eax + 0x14] +mov cl, bl +and ecx, 0x7f +and edx, 0xffffff80 +or edx, ecx +mov byte [eax + 0x14], dl +jmp short loc_fffcd14e ; jmp 0xfffcd14e -loc_fffce1b1: ; not directly referenced -mov al, byte [ebp - 0x394] -sub eax, dword [ebp + 0x1c] -mov byte [ebp - 0x364], al -cmp al, byte [ebp - 0x38f] -jae short loc_fffce1d5 ; jae 0xfffce1d5 -cmp byte [ebp - 0x360], 0 -je loc_fffce40a ; je 0xfffce40a +loc_fffcd104: ; not directly referenced +mov dl, byte [eax + 0x15] +mov cl, bl +shl ecx, 6 +and edx, 0x3f +or edx, ecx +mov ecx, ebx +mov byte [eax + 0x15], dl +mov dl, byte [eax + 0x16] +shr ecx, 2 +and ecx, 0x1f +and edx, 0xffffffe0 +or edx, ecx +mov byte [eax + 0x16], dl +jmp short loc_fffcd14e ; jmp 0xfffcd14e -loc_fffce1d5: ; not directly referenced -cmp dword [ebp - 0x368], 1 -jne loc_fffce99b ; jne 0xfffce99b +loc_fffcd129: ; not directly referenced +mov dl, byte [eax + 0x14] +mov ecx, ebx +and ecx, 1 +shl ecx, 7 +and edx, 0x7f +or edx, ecx +mov ecx, ebx +mov byte [eax + 0x14], dl +mov dl, byte [eax + 0x15] +shr ecx, 1 +and ecx, 0x3f +and edx, 0xffffffc0 +or edx, ecx +mov byte [eax + 0x15], dl -loc_fffce1e2: ; not directly referenced -mov al, byte [ebp - 0x358] -add byte [ebp - 0x34d], al -mov al, byte [ebp - 0x360] +loc_fffcd14e: ; not directly referenced +cmp dword [edi + 0x188b], 1 +mov eax, 0xf84 +mov edx, 0xf78 +cmove edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov edx, dword [ebp - 0x24] +cmp dl, 1 +je short loc_fffcd19f ; je 0xfffcd19f +jb short loc_fffcd18b ; jb 0xfffcd18b +cmp dl, 2 +jne loc_fffcd260 ; jne 0xfffcd260 +and ebx, 0x7f +and eax, 0xffffff80 +or eax, ebx +mov ebx, 0x20000000 +jmp short loc_fffcd1b1 ; jmp 0xfffcd1b1 -loc_fffce1f4: ; not directly referenced -mov edi, dword [ebp - 0x358] -mov dl, byte [ebp - 0x36c] -mov ecx, edi -add edx, edi -cmp byte [ebp - 0x34d], dl -jne loc_fffce07e ; jne 0xfffce07e +loc_fffcd18b: ; not directly referenced +and ebx, 0x7f +and eax, 0xffe03fff +shl ebx, 0xe +or eax, ebx +mov ebx, 0x40000000 +jmp short loc_fffcd1b1 ; jmp 0xfffcd1b1 -loc_fffce210: ; not directly referenced -cmp dword [ebp - 0x354], 1 -jne loc_fffce9be ; jne 0xfffce9be -mov al, byte [ebp - 0x374] -add eax, dword [ebp - 0x358] -neg byte [ebp - 0x358] -mov byte [ebp - 0x36c], al -jmp near loc_fffce9be ; jmp 0xfffce9be +loc_fffcd19f: ; not directly referenced +and ebx, 0x7f +and eax, 0xffffc07f +shl ebx, 7 +or eax, ebx +mov ebx, 0x80000000 -loc_fffce23a: ; not directly referenced -and al, byte [ebp - 0x34e] -mov byte [ebp - 0x364], al -je loc_fffce111 ; je 0xfffce111 -mov ebx, dword [ebp - 0x34c] -mov edx, edi -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -mov dword [ebp - 0x34c], ebx -xor al, al -or eax, dword [ebp - 0x398] -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x34c] -lea ebx, [edi - 4] -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -lea ebx, [edi + 0x10] -and eax, 0xffffff -or eax, dword [ebp - 0x360] -mov ecx, eax -mov eax, dword [ebp - 0x34c] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x34c] -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -lea ebx, [edi + 0xc] -xor al, al -or eax, dword [ebp - 0x398] -mov ecx, eax -mov eax, dword [ebp - 0x34c] -call fcn_fffae58c ; call 0xfffae58c -mov eax, dword [ebp - 0x34c] -mov edx, ebx -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -and eax, 0xffffff -or eax, dword [ebp - 0x360] +loc_fffcd1b1: ; not directly referenced +cmp dword [edi + 0x188b], 1 +mov ecx, 0xf84 +mov edx, 0xf78 +cmove edx, ecx mov ecx, eax -mov eax, dword [ebp - 0x34c] -call fcn_fffae58c ; call 0xfffae58c -cmp dword [ebp - 0x38c], 0 -mov byte [ebp - 0x35c], 1 -je short loc_fffce311 ; je 0xfffce311 -mov eax, dword [ebp - 0x34c] -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x35c], al - -loc_fffce311: ; not directly referenced -movzx eax, byte [ebp - 0x364] -xor ebx, ebx -mov dword [ebp - 0x364], eax - -loc_fffce320: ; not directly referenced -cmp byte [ebp - 0x35c], bl -jbe loc_fffce111 ; jbe 0xfffce111 -sub esp, 0xc -mov eax, dword [ebp - 0x34c] -mov ecx, ebx -push dword [ebp - 0x364] -mov edx, esi -inc ebx -push 0 -push 0 -push dword [ebp - 0x368] -push dword [ebp - 0x398] -call fcn_fffb579d ; call 0xfffb579d -add esp, 0x20 -jmp short loc_fffce320 ; jmp 0xfffce320 - -loc_fffce35a: ; not directly referenced -imul eax, esi, 0x13c3 -mov edi, dword [ebp - 0x34c] -mov dl, byte [ebp - 0x34e] -and dl, byte [edi + eax + 0x381a] -je loc_fffce18c ; je 0xfffce18c -cmp dword [ebp - 0x354], 0 -mov eax, 0x3210 -jne short loc_fffce3a4 ; jne 0xfffce3a4 -movzx ecx, dl -movzx ecx, byte [ebp + ecx - 0x302] -cmp cl, 0xf -je short loc_fffce3a4 ; je 0xfffce3a4 -add ecx, dword [ebp - 0x364] -mov eax, dword [ebp + ecx*4 - 0x288] - -loc_fffce3a4: ; not directly referenced -mov dword [ebp - 0x360], 0 -xor ebx, ebx -movzx edx, dl +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 -loc_fffce3b3: ; not directly referenced -test eax, eax -je short loc_fffce3d9 ; je 0xfffce3d9 -mov cl, al -and ecx, 0xf -shr eax, 4 -bt edx, ecx -movzx edi, cl -jae short loc_fffce3b3 ; jae 0xfffce3b3 -lea ecx, [ebx*4] -inc ebx -shl edi, cl -or dword [ebp - 0x360], edi -jmp short loc_fffce3b3 ; jmp 0xfffce3b3 +loc_fffcd1ce: ; not directly referenced +cmp byte [ebp - 0x40], 0 +jne loc_fffcd260 ; jne 0xfffcd260 +cmp dword [edi + 0x2481], 2 +jne short loc_fffcd1ec ; jne 0xfffcd1ec +cmp byte [ebp - 0x24], 1 +mov edx, 3 +jbe short loc_fffcd236 ; jbe 0xfffcd236 -loc_fffce3d9: ; not directly referenced -mov edi, dword [ebp - 0x34c] -lea edx, [esi*4 + 0x4930] -dec ebx -mov ecx, dword [ebp - 0x360] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -movzx ecx, bl -mov eax, edi -lea edx, [esi*8 + 0x48ef] -call fcn_fffae566 ; call 0xfffae566 -jmp near loc_fffce18c ; jmp 0xfffce18c +loc_fffcd1ec: ; not directly referenced +cmp dword [edi + 0x188b], 1 +mov cl, 0x4b +mov byte [ebp - 0x1c], 0 +sete al +mov esi, eax +mov al, 0x32 +lea esi, [esi + esi*4 + 5] +cmovne ecx, eax -loc_fffce40a: ; not directly referenced -mov eax, dword [ebp - 0x394] -cmp dword [ebp - 0x354], 0 -mov bl, byte [eax] -je short loc_fffce45e ; je 0xfffce45e -mov edi, dword [ebp - 0x360] -lea ecx, [ebp - 0x33c] -test byte [ebp - 0x3a3], 1 -mov edx, dword [ebp - 0x39c] -mov eax, edi -cmovne eax, ebx -cmp dword [ebp - 0x3b4], 0 -mov byte [ebp - 0x33c], al +loc_fffcd207: ; not directly referenced +cmp dword [edi + 0x188b], 1 +mov eax, 0xf84 +mov edx, 0xf78 +mov dword [ebp - 0x20], ecx +cmove edx, eax mov eax, edi -cmovne eax, ebx -mov byte [ebp - 0x33b], al -mov eax, dword [ebp - 0x34c] -call fcn_fffcd955 ; call 0xfffcd955 -jmp short loc_fffce4ce ; jmp 0xfffce4ce +call fcn_fffb331f ; call 0xfffb331f +mov ecx, dword [ebp - 0x20] +and eax, ebx +cmp eax, ebx +jne short loc_fffcd244 ; jne 0xfffcd244 -loc_fffce45e: ; not directly referenced -cmp byte [ebp - 0x368], 1 -movzx eax, bl -jne short loc_fffce497 ; jne 0xfffce497 -mov esi, dword [ebp - 0x35c] -sub esp, 0xc -mov ecx, 3 -mov edi, dword [ebp - 0x34c] -neg ebx -push eax -mov edx, esi -mov eax, edi -call fcn_fffcfce5 ; call 0xfffcfce5 -movzx eax, bl -mov ecx, 0xc -mov dword [esp], eax -jmp short loc_fffce4c2 ; jmp 0xfffce4c2 +loc_fffcd22e: ; not directly referenced +mov eax, esi +movzx esi, al +imul edx, esi, 0xf -loc_fffce497: ; not directly referenced -mov esi, dword [ebp - 0x35c] -sub esp, 0xc -mov ecx, 5 -mov edi, dword [ebp - 0x34c] -neg ebx -push eax -mov edx, esi +loc_fffcd236: ; not directly referenced +lea esp, [ebp - 0xc] mov eax, edi -call fcn_fffcfce5 ; call 0xfffcfce5 -movzx eax, bl -mov ecx, 0xa -mov dword [esp], eax +pop ebx +pop esi +pop edi +pop ebp +jmp near fcn_fffa82f9 ; jmp 0xfffa82f9 -loc_fffce4c2: ; not directly referenced -mov edx, esi +loc_fffcd244: ; not directly referenced +mov edx, 0xf mov eax, edi -call fcn_fffcfce5 ; call 0xfffcfce5 -add esp, 0x10 - -loc_fffce4ce: ; not directly referenced -movzx ebx, byte [ebp - 0x364] -mov dword [ebp - 0x388], 0 -imul ebx, ebx, 0x24 -add ebx, dword [ebp - 0x3a8] -mov dword [ebp - 0x3c8], ebx +mov dword [ebp - 0x20], ecx +call fcn_fffa82f9 ; call 0xfffa82f9 +mov ecx, dword [ebp - 0x20] +inc byte [ebp - 0x1c] +cmp byte [ebp - 0x1c], cl +jb short loc_fffcd207 ; jb 0xfffcd207 +jmp short loc_fffcd22e ; jmp 0xfffcd22e -loc_fffce4ee: ; not directly referenced -mov al, byte [ebp - 0x388] -cmp byte [ebp - 0x3a4], al -jbe loc_fffce935 ; jbe 0xfffce935 -mov eax, dword [ebp - 0x3cc] -mov edi, dword [ebp - 0x388] -mov bl, byte [eax + edi] -test bl, bl -je loc_fffcdd98 ; je 0xfffcdd98 -movzx eax, bl -mov dword [ebp - 0x378], eax -mov byte [ebp - 0x370], 0 -cmp bl, 0x21 -ja short loc_fffce538 ; ja 0xfffce538 -mov al, byte [eax + ref_fffd5f1c] ; mov al, byte [eax - 0x2a0e4] -mov byte [ebp - 0x370], al +loc_fffcd260: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffce538: ; not directly referenced -mov esi, dword [ebp - 0x34c] -xor ecx, ecx -mov edx, dword [ebp - 0x378] +fcn_fffcd268: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x4c +mov eax, dword [ebp + 0x18] +mov esi, dword [ebp + 0x20] +mov edi, dword [ebp + 0x2c] +mov ecx, dword [ebp + 0xc] +mov dword [ebp - 0x30], eax +mov ebx, dword [ebp + 0x1c] +mov byte [ebp - 0x2b], al mov eax, esi -call fcn_fffb13cf ; call 0xfffb13cf -cmp dword [esi + 0x2480], 2 -mov word [ebp - 0x3b8], ax -jne short loc_fffce572 ; jne 0xfffce572 -cmp bl, 0x11 +mov edx, dword [ebp + 0x24] +mov byte [ebp - 0x48], al +mov eax, edi +mov byte [ebp - 0x29], al +mov al, byte [ebp + 0x30] +cmp cl, 6 +mov dword [ebp - 0x40], ebx +mov byte [ebp - 0x2c], bl +sete bl +cmp cl, 3 +mov dword [ebp - 0x20], esi +mov byte [ebp - 0x50], al +mov eax, dword [ebp + 8] +mov dword [ebp - 0x44], edx +mov dword [ebp - 0x34], edi +mov byte [ebp - 0x49], dl +mov eax, dword [eax + 0x5edd] +mov byte [ebp - 0x2a], bl +mov dword [ebp - 0x38], eax +setbe al +or al, bl +jne short loc_fffcd2f6 ; jne 0xfffcd2f6 +lea eax, [ecx - 8] +cmp al, 2 +jbe short loc_fffcd2fa ; jbe 0xfffcd2fa +mov eax, dword [ebp + 8] +mov bl, 0x36 +cmp dword [eax + 0x2481], 2 +jne short loc_fffcd300 ; jne 0xfffcd300 +cmp cl, 0x11 sete dl -cmp bl, 5 +cmp cl, 5 sete al or dl, al -jne short loc_fffce5ac ; jne 0xfffce5ac -cmp bl, 0x21 -je short loc_fffce5ac ; je 0xfffce5ac +jne short loc_fffcd2fe ; jne 0xfffcd2fe +cmp cl, 0x21 +jne short loc_fffcd300 ; jne 0xfffcd300 +jmp short loc_fffcd311 ; jmp 0xfffcd311 -loc_fffce572: ; not directly referenced -cmp bl, 0x10 -sete dl -cmp bl, 4 -sete al -or dl, al -jne short loc_fffce5b0 ; jne 0xfffce5b0 -cmp bl, 5 -sete dl -cmp bl, 0x20 -sete al -or dl, al -jne short loc_fffce5b0 ; jne 0xfffce5b0 -cmp bl, 0x21 -sete al -cmp bl, 0x11 -sete dl -or eax, edx -cmp al, 1 -sbb ebx, ebx -and ebx, 0xffffffe9 -add ebx, 0x36 -jmp short loc_fffce5b2 ; jmp 0xfffce5b2 +loc_fffcd2f6: ; not directly referenced +mov bl, 0x1f +jmp short loc_fffcd300 ; jmp 0xfffcd300 + +loc_fffcd2fa: ; not directly referenced +mov bl, 0xff +jmp short loc_fffcd300 ; jmp 0xfffcd300 -loc_fffce5ac: ; not directly referenced +loc_fffcd2fe: ; not directly referenced mov bl, 0x25 -jmp short loc_fffce5b2 ; jmp 0xfffce5b2 -loc_fffce5b0: ; not directly referenced -mov bl, 0x36 +loc_fffcd300: ; not directly referenced +cmp cl, 0x1f +ja short loc_fffcd313 ; ja 0xfffcd313 +mov eax, dword [ebp + 0x14] +lea esi, [eax + eax - 1] +mov eax, dword [ebp + 0x10] +jmp short loc_fffcd33e ; jmp 0xfffcd33e + +loc_fffcd311: ; not directly referenced +mov bl, 0x25 + +loc_fffcd313: ; not directly referenced +imul esi, dword [ebp + 0x14], 3 +mov edi, 2 +lea eax, [esi - 5] +imul eax, dword [ebp + 0x14] +cdq +idiv edi +cmp dword [ebp + 0x14], 0 +mov esi, eax +mov eax, dword [ebp + 0x10] +mov dword [ebp - 0x1c], eax +jne short loc_fffcd341 ; jne 0xfffcd341 +lea eax, [eax + eax*4] +mov di, 4 +cdq +idiv edi + +loc_fffcd33e: ; not directly referenced +mov dword [ebp - 0x1c], eax + +loc_fffcd341: ; not directly referenced +mov eax, dword [ebp + 0x10] +mov edi, 3 +imul eax, esi +movzx esi, bl +cdq +idiv edi +cmp dword [ebp - 0x1c], esi +jg short loc_fffcd361 ; jg 0xfffcd361 +mov edi, dword [ebp - 0x1c] +neg esi +cmp edi, esi +cmovge esi, edi -loc_fffce5b2: ; not directly referenced +loc_fffcd361: ; not directly referenced +mov ebx, dword [ebp - 0x20] +cmp eax, 0xffffffe1 +mov edx, 0xffffffe1 +cmovge edx, eax +mov edi, 0x1f +cmp edx, 0x1f +cmovle edi, edx xor eax, eax -mov dl, 1 +mov edx, dword [ebp + 8] +cmp bl, 0xff +cmovne eax, ebx +mov byte [ebp - 0x24], al +movzx eax, byte [ebp - 0x40] +mov ebx, eax +mov dword [ebp - 0x20], eax +imul eax, eax, 0x13c3 +lea eax, [edx + eax + 0x3757] +mov dword [ebp - 0x28], eax +movzx eax, byte [ebp - 0x44] +mov edx, eax +mov dword [ebp - 0x1c], eax +imul eax, ebx, 0xcc +mov ebx, dword [ebp - 0x38] +lea eax, [ebx + eax + 0x1c] +lea eax, [eax + edx*4] +mov dword [ebp - 0x3c], eax +mov ebx, dword [eax + 0x54] +cmp cl, 0x21 +ja loc_fffcd922 ; ja 0xfffcd922 +movzx eax, cl +jmp dword [eax*4 + ref_fffd61b4] ; ujmp: jmp dword [eax*4 - 0x29e4c] -loc_fffce5b6: ; not directly referenced -mov esi, dword [ebp - 0x35c] -bt esi, eax -jae short loc_fffce60f ; jae 0xfffce60f -imul esi, eax, 0x13c3 -mov edi, dword [ebp - 0x34c] -mov cl, byte [ebp - 0x34e] -test byte [edi + esi + 0x381a], cl -je short loc_fffce60f ; je 0xfffce60f -cmp byte [ebp - 0x3b5], 2 -ja short loc_fffce5fe ; ja 0xfffce5fe -mov di, word [ebp - 0x3a2] -cmp word [ebp + eax*2 - 0x33a], di -mov edi, 0 -cmovne edx, edi -jmp short loc_fffce60f ; jmp 0xfffce60f +loc_fffcd3d3: ; not directly referenced +and esi, 0x3f +and ebx, 0xffffffc0 +jmp near loc_fffcd579 ; jmp 0xfffcd579 -loc_fffce5fe: ; not directly referenced -cmp word [ebp + eax*2 - 0x33a], 0 -mov edi, 0 -cmove edx, edi +loc_fffcd3de: ; not directly referenced +and esi, 0x3f +and ebx, 0xfffff03f +shl esi, 6 +jmp near loc_fffcd579 ; jmp 0xfffcd579 + +loc_fffcd3ef: ; not directly referenced +and esi, 0x3f +and ebx, 0xfffc0fff +shl esi, 0xc +jmp near loc_fffcd579 ; jmp 0xfffcd579 + +loc_fffcd400: ; not directly referenced +and esi, 0x3f +and ebx, 0xff03ffff +shl esi, 0x12 +jmp near loc_fffcd579 ; jmp 0xfffcd579 + +loc_fffcd411: ; not directly referenced +and esi, 0x7f +and ebx, 0x80ffffff +shl esi, 0x18 +jmp near loc_fffcd579 ; jmp 0xfffcd579 + +loc_fffcd422: ; not directly referenced +mov ebx, dword [ebp - 0x20] +mov eax, dword [ebp + 8] +shl ebx, 0xa +add ebx, 0x4028 +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +cmp esi, 0 +mov edi, eax +mov eax, dword [ebp - 0x28] +mov eax, dword [eax + 0x1019] +jle short loc_fffcd44f ; jle 0xfffcd44f +lea esi, [esi + esi - 0x10] +dec eax +jmp short loc_fffcd456 ; jmp 0xfffcd456 -loc_fffce60f: ; not directly referenced +loc_fffcd44f: ; not directly referenced +je short loc_fffcd456 ; je 0xfffcd456 +lea esi, [esi + esi + 0x10] inc eax -cmp eax, 2 -jne short loc_fffce5b6 ; jne 0xfffce5b6 -test dl, dl -jne loc_fffce92e ; jne 0xfffce92e -mov edi, dword [ebp - 0x34c] -mov ecx, dword [ebp - 0x378] + +loc_fffcd456: ; not directly referenced +movzx ecx, byte [ebp - 0x24] +and eax, 0x3f +and edi, 0xffc0ffff +mov edx, dword [ebp - 0x1c] +shl eax, 0x10 +or edi, eax +lea eax, [ecx + ecx*8] +lea eax, [edx + eax + 0xd8] +mov edx, dword [ebp - 0x28] +movzx eax, word [edx + eax*2 + 1] push edx +add esi, eax +mov eax, 0x1ff +cmp esi, 0x1ff +cmovle eax, esi +xor edx, edx +test eax, eax +cmovns edx, eax +mov eax, dword [ebp + 8] push edx -mov eax, edi -add eax, 0x2490 -push 0xf -mov edx, eax +mov edx, dword [ebp - 0x20] push 0 -mov esi, eax -mov dword [ebp - 0x3bc], eax -mov eax, edi -call fcn_fffa7e6c ; call 0xfffa7e6c +push dword [ebp - 0x1c] +call fcn_fffa7447 ; call 0xfffa7447 +mov eax, dword [ebp + 8] +mov ecx, edi +mov edx, ebx +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -test eax, eax -jne loc_fffceaf5 ; jne 0xfffceaf5 -push eax -movzx ebx, bl -mov ecx, dword [ebp - 0x35c] +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 + +loc_fffcd4ba: ; not directly referenced +movzx eax, byte [ebp - 0x50] +xor ebx, ebx +mov dword [ebp - 0x28], eax +movzx eax, byte [ebp - 0x48] +mov dword [ebp - 0x48], eax + +loc_fffcd4ca: ; not directly referenced +imul eax, ebx, 0x13c3 +mov edx, dword [ebp + 8] +cmp dword [edx + eax + 0x3757], 2 +jne short loc_fffcd519 ; jne 0xfffcd519 +cmp byte [ebp - 0x2c], bl +sete dl +cmp byte [ebp - 0x2b], 1 +sete al +or dl, al +je short loc_fffcd519 ; je 0xfffcd519 +push dword [ebp - 0x28] +xor eax, eax +cmp byte [ebp - 0x49], 0 +mov dword [ebp - 0x50], ecx +setne al push eax -mov edx, esi -lea eax, [ebp - 0x314] +movzx eax, byte [ebp - 0x29] +push dword [ebp - 0x1c] +push dword [ebp - 0x48] +push esi push eax push ebx -lea eax, [ebp - 0x335] -push eax -mov eax, edi -push dword [ebp - 0x378] -push 0xff -push dword [ebp - 0x3b0] -call fcn_fffd13ed ; call 0xfffd13ed +push dword [ebp + 8] +call fcn_fffcce33 ; call 0xfffcce33 +mov ecx, dword [ebp - 0x50] add esp, 0x20 -mov dword [ebp - 0x37c], eax -test eax, eax -jne loc_fffceaef ; jne 0xfffceaef -imul eax, dword [ebp - 0x388], 0x90 -mov esi, 0x64 -add eax, dword [ebp - 0x3c8] -mov bl, byte [ebp - 0x370] -lea edi, [ebp - 0x2f2] -mov dword [ebp - 0x364], edi -lea eax, [ebp + eax - 0x258] -mov dword [ebp - 0x384], eax -movzx eax, byte [ebp - 0x3b6] -movzx edi, bl -imul edi, edi, 0x240 -add edi, dword [ebp + 0x18] -add edi, dword [ebp - 0x3c4] -sub esi, eax -mov byte [ebp - 0x380], 1 -mov dword [ebp - 0x3d4], esi -mov dword [ebp - 0x3ac], edi -xor edi, edi - -loc_fffce6fb: ; not directly referenced -imul eax, edi, 0x13c3 -mov esi, dword [ebp - 0x34c] -mov al, byte [esi + eax + 0x381a] -mov esi, dword [ebp - 0x35c] -bt esi, edi -jae loc_fffce8d2 ; jae 0xfffce8d2 -test byte [ebp - 0x34e], al -je loc_fffce8d2 ; je 0xfffce8d2 -mov eax, dword [ebp - 0x34c] -xor ecx, ecx -mov al, byte [eax + 0x2488] -mov byte [ebp - 0x3bf], al - -loc_fffce73d: ; not directly referenced -cmp byte [ebp - 0x3bf], cl -jbe loc_fffce8d2 ; jbe 0xfffce8d2 -mov eax, dword [ebp - 0x3ac] -mov dword [ebp - 0x370], 1 -shl dword [ebp - 0x370], cl -movzx ebx, word [eax + ecx*8 + 4] -movzx edx, word [eax + ecx*8] -mov esi, ebx -lea eax, [ebx + edx] -sub esi, edx -add eax, eax -mov word [ebp - 0x3be], ax -sub eax, esi -add si, word [ebp - 0x3be] -cmp bx, dx -mov ebx, dword [ebp - 0x370] -cmovbe eax, esi -mov si, word [ebp + edi*2 - 0x33a] -and bx, si -mov word [ebp - 0x3be], bx -je short loc_fffce7ae ; je 0xfffce7ae -cmp dword [ebp - 0x354], 0 -je loc_fffce8cc ; je 0xfffce8cc - -loc_fffce7ae: ; not directly referenced -mov edx, eax -mov ebx, 2 -sar dx, 0xf -idiv bx -cmp ax, word [ebp - 0x3b8] -jae short loc_fffce806 ; jae 0xfffce806 -cmp dword [ebp - 0x354], 1 -jne loc_fffce862 ; jne 0xfffce862 -cmp byte [ebp - 0x38d], 0 -mov byte [ebp - 0x380], 0 -jne loc_fffce8cc ; jne 0xfffce8cc -mov ax, word [ebp - 0x3a2] -mov word [ebp + edi*2 - 0x33a], ax -mov al, byte [ebp - 0x38d] -mov byte [ebp - 0x380], al -jmp near loc_fffce8cc ; jmp 0xfffce8cc -loc_fffce806: ; not directly referenced -cmp byte [ebp - 0x38d], 0 -jne short loc_fffce828 ; jne 0xfffce828 -mov esi, dword [ebp - 0x384] -cmp word [esi + ecx*2], ax -jbe loc_fffce8cc ; jbe 0xfffce8cc -mov word [esi + ecx*2], ax -jmp near loc_fffce8cc ; jmp 0xfffce8cc +loc_fffcd519: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffcd4ca ; jne 0xfffcd4ca +cmp cl, 0x21 +sete dl +cmp cl, 0x11 +sete al +or dl, al +je loc_fffcdab0 ; je 0xfffcdab0 +mov eax, dword [ebp - 0x3c] +mov ebx, dword [eax + 0x54] +mov eax, edi +and eax, 0x3f +shl eax, 0xc +and ebx, 0xfffc0fff +jmp short loc_fffcd55f ; jmp 0xfffcd55f -loc_fffce828: ; not directly referenced -movzx eax, ax -mov ebx, 0x64 -mov dword [ebp - 0x3d0], eax -mov eax, dword [ebp - 0x384] -movzx eax, word [eax + ecx*2] -imul eax, dword [ebp - 0x3d4] -cdq -idiv ebx -cmp dword [ebp - 0x3d0], eax -jge short loc_fffce87e ; jge 0xfffce87e -cmp dword [ebp - 0x354], 0 -mov byte [ebp - 0x380], 0 -jne short loc_fffce8cc ; jne 0xfffce8cc +loc_fffcd549: ; not directly referenced +and esi, 0x7f +mov eax, edi +shl esi, 0x18 +and ebx, 0x80fff03f +and eax, 0x3f +or ebx, esi +shl eax, 6 -loc_fffce862: ; not directly referenced -or esi, dword [ebp - 0x370] -mov al, byte [ebp - 0x390] -mov word [ebp + edi*2 - 0x33a], si -mov esi, dword [ebp - 0x364] -jmp short loc_fffce8c9 ; jmp 0xfffce8c9 +loc_fffcd55f: ; not directly referenced +or ebx, eax +jmp near loc_fffcd92c ; jmp 0xfffcd92c -loc_fffce87e: ; not directly referenced -cmp dword [ebp - 0x354], 1 -jne short loc_fffce8b7 ; jne 0xfffce8b7 -mov ebx, dword [ebp - 0x370] -cmp word [ebp - 0x3be], bx -je short loc_fffce8cc ; je 0xfffce8cc -mov al, byte [ebp - 0x34d] -or esi, ebx -mov edx, dword [ebp - 0x364] -sub eax, dword [ebp - 0x350] -mov word [ebp + edi*2 - 0x33a], si -mov byte [edx + ecx], al -jmp short loc_fffce8cc ; jmp 0xfffce8cc +loc_fffcd566: ; not directly referenced +and esi, 0x3f +and ebx, 0xff000fff +mov eax, esi +shl eax, 0xc +shl esi, 0x12 +or ebx, eax -loc_fffce8b7: ; not directly referenced -mov al, byte [ebp - 0x34d] -mov esi, dword [ebp - 0x364] -sub eax, dword [ebp - 0x350] +loc_fffcd579: ; not directly referenced +or ebx, esi +jmp near loc_fffcd92c ; jmp 0xfffcd92c -loc_fffce8c9: ; not directly referenced -mov byte [esi + ecx], al +loc_fffcd580: ; not directly referenced +cmp byte [ebp - 0x30], 0 +movzx ebx, byte [ebp - 0x24] +je loc_fffcd632 ; je 0xfffcd632 +mov eax, dword [ebp + 8] +lea edx, [ebx*4 + 0x3630] +xor edi, edi +mov ecx, dword [ebp + 0x10] +call fcn_fffb38b3 ; call 0xfffb38b3 +imul eax, ebx, 0xd8 +mov dword [ebp - 0x20], eax -loc_fffce8cc: ; not directly referenced -inc ecx -jmp near loc_fffce73d ; jmp 0xfffce73d +loc_fffcd5ab: ; not directly referenced +sub esp, 0xc +mov eax, dword [ebp + 8] +mov ecx, 1 +push 1 +mov edx, edi +push 0 +push 0 +push dword [ebp + 0x34] +push ebx +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +cmp byte [ebp - 0x29], 0 +jne short loc_fffcd5db ; jne 0xfffcd5db -loc_fffce8d2: ; not directly referenced +loc_fffcd5d0: ; not directly referenced inc edi -add dword [ebp - 0x384], 0x12 -add dword [ebp - 0x364], 9 -add dword [ebp - 0x3ac], 0x48 cmp edi, 2 -jne loc_fffce6fb ; jne 0xfffce6fb -cmp byte [ebp - 0x380], 0 -je short loc_fffce923 ; je 0xfffce923 -sub esp, 0xc -mov ecx, dword [ebp - 0x378] -push dword [ebp - 0x3b0] -mov edx, dword [ebp - 0x3bc] -mov eax, dword [ebp - 0x34c] -call fcn_fffa7d98 ; call 0xfffa7d98 -add esp, 0x10 -mov dword [ebp - 0x37c], eax +jne short loc_fffcd5ab ; jne 0xfffcd5ab +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffce923: ; not directly referenced -inc dword [ebp - 0x388] -jmp near loc_fffce4ee ; jmp 0xfffce4ee +loc_fffcd5db: ; not directly referenced +imul eax, edi, 0x13c3 +add eax, dword [ebp - 0x20] +mov byte [ebp - 0x1c], 0 +mov dword [ebp - 0x24], eax -loc_fffce92e: ; not directly referenced -mov byte [ebp - 0x360], 1 +loc_fffcd5eb: ; not directly referenced +mov eax, dword [ebp + 8] +mov cl, byte [ebp - 0x1c] +cmp cl, byte [eax + 0x2489] +jae short loc_fffcd5d0 ; jae 0xfffcd5d0 +movzx esi, cl +imul esi, esi, 0x18 +add esi, dword [ebp - 0x24] +add esi, eax +xor eax, eax +mov dword [ebp - 0x28], esi -loc_fffce935: ; not directly referenced -cmp dword [ebp - 0x354], 0 -je short loc_fffce965 ; je 0xfffce965 -mov edx, dword [ebp - 0x39c] -lea ecx, [ebp - 0x33c] -mov eax, dword [ebp - 0x34c] -mov byte [ebp - 0x33c], 0 -mov byte [ebp - 0x33b], 0 -call fcn_fffcd955 ; call 0xfffcd955 -jmp short loc_fffce984 ; jmp 0xfffce984 +loc_fffcd609: ; not directly referenced +mov esi, dword [ebp + 0x10] +lea ecx, [eax*4] +lea edx, [eax + eax*2] +inc eax +sar esi, cl +mov ecx, esi +mov esi, dword [ebp - 0x28] +and ecx, 0xf +mov byte [esi + edx + 0x3d39], cl +cmp eax, 8 +jne short loc_fffcd609 ; jne 0xfffcd609 +inc byte [ebp - 0x1c] +jmp short loc_fffcd5eb ; jmp 0xfffcd5eb -loc_fffce965: ; not directly referenced -mov ecx, dword [ebp - 0x39c] +loc_fffcd632: ; not directly referenced +mov edi, dword [ebp - 0x1c] +mov esi, dword [ebp - 0x20] +mov ecx, dword [ebp + 0x10] +mov eax, edi +shl eax, 7 +lea edx, [eax + ebx + 0xc] +mov eax, esi +shl eax, 6 +add edx, eax +mov eax, dword [ebp + 8] +shl edx, 2 +call fcn_fffb3381 ; call 0xfffb3381 sub esp, 0xc -mov edx, dword [ebp - 0x35c] -mov eax, dword [ebp - 0x34c] +mov eax, dword [ebp + 8] +push 1 +xor ecx, ecx push 0 -call fcn_fffcfce5 ; call 0xfffcfce5 -add esp, 0x10 - -loc_fffce984: ; not directly referenced -inc dword [ebp - 0x394] -jmp near loc_fffce1b1 ; jmp 0xfffce1b1 - -loc_fffce98f: ; not directly referenced -mov byte [ebp - 0x360], 0 -jmp near loc_fffce1d5 ; jmp 0xfffce1d5 - -loc_fffce99b: ; not directly referenced -add dword [ebp - 0x3a8], 0x48 -cmp byte [ebp - 0x360], 0 -jne loc_fffce1e2 ; jne 0xfffce1e2 -mov dword [ebp - 0x368], 1 -jmp near loc_fffce14c ; jmp 0xfffce14c - -loc_fffce9be: ; not directly referenced -movzx eax, byte [ebp - 0x38e] -xor esi, esi -mov dword [ebp - 0x35c], eax - -loc_fffce9cd: ; not directly referenced -mov eax, dword [ebp - 0x3a0] -bt eax, esi -jae loc_fffceae5 ; jae 0xfffceae5 -imul eax, esi, 0x13c3 -mov edi, dword [ebp - 0x34c] -mov bl, byte [ebp - 0x34e] -and bl, byte [edi + eax + 0x381a] -mov byte [ebp - 0x354], bl -je loc_fffceae5 ; je 0xfffceae5 -movzx ebx, byte [ebp - 0x36c] -lea edi, [esi + esi*8] -lea eax, [ebp - 0x18] -mov byte [ebp - 0x34d], 0 -add edi, eax - -loc_fffcea17: ; not directly referenced -mov ecx, dword [ebp - 0x34c] -mov al, byte [ebp - 0x34d] -cmp al, byte [ecx + 0x2488] -jae loc_fffceab4 ; jae 0xfffceab4 -cmp byte [ebp - 0x358], 1 -jne short loc_fffcea4e ; jne 0xfffcea4e -movzx eax, byte [ebp - 0x34d] -movzx eax, byte [eax + edi - 0x2da] -cmp bl, al -cmovg ebx, eax -jmp short loc_fffcea6b ; jmp 0xfffcea6b - -loc_fffcea4e: ; not directly referenced -cmp byte [ebp - 0x358], 0xff -jne short loc_fffcea6b ; jne 0xfffcea6b -movzx eax, byte [ebp - 0x34d] -movzx eax, byte [eax + edi - 0x2da] -cmp bl, al -cmovl ebx, eax - -loc_fffcea6b: ; not directly referenced -cmp dword [ebp - 0x38c], 0 -je short loc_fffceaa9 ; je 0xfffceaa9 -movzx eax, byte [ebp - 0x354] -sub esp, 0xc mov edx, esi -movzx ecx, byte [ebp - 0x34d] -push eax -push 1 -push 1 -movzx eax, byte [ecx + edi - 0x2da] -push eax -mov eax, dword [ebp - 0x34c] -push dword [ebp - 0x35c] -call fcn_fffb579d ; call 0xfffb579d +push edi +push dword [ebp + 0x34] +push ebx +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 +cmp byte [ebp - 0x34], 0 +je loc_fffcdab0 ; je 0xfffcdab0 +imul eax, dword [ebp - 0x1c], 0x18 +xor ecx, ecx +imul ebx, ebx, 0xd8 +add ebx, eax +xor eax, eax +add ebx, dword [ebp - 0x28] -loc_fffceaa9: ; not directly referenced -inc byte [ebp - 0x34d] -jmp near loc_fffcea17 ; jmp 0xfffcea17 +loc_fffcd68e: ; not directly referenced +mov edx, dword [ebp + 0x10] +sar edx, cl +add ecx, 4 +and edx, 0xf +mov byte [ebx + eax + 0x5e2], dl +add eax, 3 +cmp ecx, 0x20 +jne short loc_fffcd68e ; jne 0xfffcd68e +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffceab4: ; not directly referenced -cmp dword [ebp - 0x38c], 0 -jne short loc_fffceae5 ; jne 0xfffceae5 -movzx eax, byte [ebp - 0x354] +loc_fffcd6ad: ; not directly referenced +cmp byte [ebp - 0x30], 0 +movzx ebx, byte [ebp - 0x24] +je loc_fffcd75f ; je 0xfffcd75f +mov eax, dword [ebp + 8] +lea edx, [ebx*4 + 0x3610] +xor edi, edi +mov ecx, dword [ebp + 0x10] +call fcn_fffb38b3 ; call 0xfffb38b3 +imul eax, ebx, 0xd8 +mov dword [ebp - 0x24], eax + +loc_fffcd6d8: ; not directly referenced sub esp, 0xc -xor ecx, ecx -mov edx, esi -push eax -mov eax, dword [ebp - 0x34c] -push 1 +mov eax, dword [ebp + 8] +mov ecx, 1 +push 0 +mov edx, edi push 1 +push 0 +push dword [ebp + 0x34] push ebx -push dword [ebp - 0x35c] -call fcn_fffb579d ; call 0xfffb579d +call fcn_fffa7273 ; call 0xfffa7273 add esp, 0x20 +cmp byte [ebp - 0x29], 0 +jne short loc_fffcd708 ; jne 0xfffcd708 -loc_fffceae5: ; not directly referenced -inc esi -cmp esi, 2 -jne loc_fffce9cd ; jne 0xfffce9cd - -loc_fffceaef: ; not directly referenced -mov eax, dword [ebp - 0x37c] +loc_fffcd6fd: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffcd6d8 ; jne 0xfffcd6d8 +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffceaf5: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcd708: ; not directly referenced +imul eax, edi, 0x13c3 +add eax, dword [ebp - 0x24] +mov byte [ebp - 0x1c], 0 +mov dword [ebp - 0x20], eax -fcn_fffceafd: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -xor ebx, ebx -sub esp, 0x2c +loc_fffcd718: ; not directly referenced mov eax, dword [ebp + 8] -mov byte [ebp - 0x1c], 4 -mov byte [ebp - 0x1b], 1 -mov byte [ebp - 0x1a], 5 -mov eax, dword [eax + 0x5edc] -mov byte [ebp - 0x19], 2 -mov byte [ebp - 0x22], 4 -mov byte [ebp - 0x21], 1 -lea edx, [eax + 0x1c] +mov cl, byte [ebp - 0x1c] +cmp cl, byte [eax + 0x2489] +jae short loc_fffcd6fd ; jae 0xfffcd6fd +movzx esi, cl +imul esi, esi, 0x18 +add esi, dword [ebp - 0x20] +add esi, eax xor eax, eax -mov byte [ebp - 0x20], 5 -mov byte [ebp - 0x1f], 2 -mov byte [ebp - 0x1e], 0xf9 -mov byte [ebp - 0x1d], 7 -mov dword [ebp - 0x30], 0 -mov dword [ebp - 0x2c], 0 +mov dword [ebp - 0x28], esi -loc_fffceb4c: ; not directly referenced -mov edi, dword [ebp + 8] -mov cl, byte [edi + eax + 0x381a] -test cl, cl -je short loc_fffcebb4 ; je 0xfffcebb4 -cmp dword [ebp - 0x2c], 0 -mov ebx, 1 -jne short loc_fffceb72 ; jne 0xfffceb72 -xor ebx, ebx -cmp dword [edi + eax + 0x3816], 2 -sete bl +loc_fffcd736: ; not directly referenced +mov esi, dword [ebp + 0x10] +lea ecx, [eax*4] +lea edx, [eax + eax*2] +inc eax +sar esi, cl +mov ecx, esi +mov esi, dword [ebp - 0x28] +and ecx, 0xf +mov byte [esi + edx + 0x39d9], cl +cmp eax, 8 +jne short loc_fffcd736 ; jne 0xfffcd736 +inc byte [ebp - 0x1c] +jmp short loc_fffcd718 ; jmp 0xfffcd718 -loc_fffceb72: ; not directly referenced -cmp dword [ebp - 0x30], 0 -mov edi, 1 -mov dword [ebp - 0x2c], ebx -jne short loc_fffceb99 ; jne 0xfffceb99 -mov esi, ecx -and esi, 0xc -mov ebx, esi -cmp bl, 0xc -je short loc_fffceb99 ; je 0xfffceb99 -and ecx, 3 -xor ebx, ebx -cmp cl, 3 -sete bl -mov edi, ebx +loc_fffcd75f: ; not directly referenced +mov edi, dword [ebp - 0x1c] +mov esi, dword [ebp - 0x20] +mov ecx, dword [ebp + 0x10] +mov eax, edi +shl eax, 7 +lea edx, [eax + ebx + 4] +mov eax, esi +shl eax, 6 +add edx, eax +mov eax, dword [ebp + 8] +shl edx, 2 +call fcn_fffb3381 ; call 0xfffb3381 +sub esp, 0xc +mov eax, dword [ebp + 8] +push 0 +xor ecx, ecx +push 1 +mov edx, esi +push edi +push dword [ebp + 0x34] +push ebx +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +cmp byte [ebp - 0x34], 0 +je loc_fffcdab0 ; je 0xfffcdab0 +imul eax, dword [ebp - 0x1c], 0x18 +xor ecx, ecx +imul ebx, ebx, 0xd8 +add ebx, eax +xor eax, eax +add ebx, dword [ebp - 0x28] -loc_fffceb99: ; not directly referenced -movzx ecx, byte [edx + 0xa5] -mov bl, byte [edx + 0xa4] -mov dword [ebp - 0x30], edi -and ecx, 3 -shr bl, 6 -shl ecx, 2 -or ebx, ecx +loc_fffcd7bb: ; not directly referenced +mov edx, dword [ebp + 0x10] +sar edx, cl +add ecx, 4 +and edx, 0xf +mov byte [ebx + eax + 0x282], dl +add eax, 3 +cmp ecx, 0x20 +jne short loc_fffcd7bb ; jne 0xfffcd7bb +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 -loc_fffcebb4: ; not directly referenced -add eax, 0x13c3 -add edx, 0xcc -cmp eax, 0x2786 -jne short loc_fffceb4c ; jne 0xfffceb4c +loc_fffcd7da: ; not directly referenced +cmp byte [ebp - 0x30], 0 +movzx edi, byte [ebp - 0x24] +je loc_fffcd885 ; je 0xfffcd885 mov eax, dword [ebp + 8] -mov edx, 1 -lea edi, [ebp - 0x1e] -call fcn_fffb0b30 ; call 0xfffb0b30 +xor ebx, ebx +mov edx, dword [ebp + 0x10] +call fcn_fffac864 ; call 0xfffac864 +imul eax, edi, 0xd8 +mov dword [ebp - 0x20], eax + +loc_fffcd7fe: ; not directly referenced +sub esp, 0xc mov eax, dword [ebp + 8] -mov edx, 0xa -lea esi, [eax + 0x2490] -push ecx -push ecx +mov ecx, 1 +push 0 +mov edx, ebx push 1 -push 0xf push 0 -push 2 +push dword [ebp + 0x34] push edi -push esi -push 0xc -push 3 +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +cmp byte [ebp - 0x29], 0 +jne short loc_fffcd82e ; jne 0xfffcd82e + +loc_fffcd823: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffcd7fe ; jne 0xfffcd7fe +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 + +loc_fffcd82e: ; not directly referenced +imul eax, ebx, 0x13c3 +add eax, dword [ebp - 0x20] +mov byte [ebp - 0x1c], 0 +mov dword [ebp - 0x24], eax + +loc_fffcd83e: ; not directly referenced +mov eax, dword [ebp + 8] +mov cl, byte [ebp - 0x1c] +cmp cl, byte [eax + 0x2489] +jae short loc_fffcd823 ; jae 0xfffcd823 +movzx esi, cl +imul esi, esi, 0x18 +add esi, dword [ebp - 0x24] +add esi, eax +xor eax, eax +mov dword [ebp - 0x28], esi + +loc_fffcd85c: ; not directly referenced +mov esi, dword [ebp + 0x10] +lea ecx, [eax*4] +lea edx, [eax + eax*2] +inc eax +sar esi, cl +mov ecx, esi +mov esi, dword [ebp - 0x28] +and ecx, 0xf +mov byte [esi + edx + 0x4099], cl +cmp eax, 8 +jne short loc_fffcd85c ; jne 0xfffcd85c +inc byte [ebp - 0x1c] +jmp short loc_fffcd83e ; jmp 0xfffcd83e + +loc_fffcd885: ; not directly referenced +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x188b] +test eax, eax +jne short loc_fffcd8a4 ; jne 0xfffcd8a4 +mov edx, dword [ebp - 0x20] +mov eax, dword [ebp - 0x1c] +shl edx, 8 +shl eax, 9 +lea edx, [edx + eax + 0x4c] +jmp short loc_fffcd8bd ; jmp 0xfffcd8bd + +loc_fffcd8a4: ; not directly referenced +dec eax +jne short loc_fffcd8bb ; jne 0xfffcd8bb +mov eax, dword [ebp - 0x20] +shl eax, 8 +lea edx, [eax + edi*4 + 0x50] +mov eax, dword [ebp - 0x1c] +shl eax, 9 +add edx, eax +jmp short loc_fffcd8bd ; jmp 0xfffcd8bd + +loc_fffcd8bb: ; not directly referenced +xor edx, edx + +loc_fffcd8bd: ; not directly referenced +mov ecx, dword [ebp + 0x10] +mov eax, dword [ebp + 8] +call fcn_fffb3381 ; call 0xfffb3381 +sub esp, 0xc +mov edx, dword [ebp - 0x20] push 0 -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 mov eax, dword [ebp + 8] +xor ecx, ecx push 1 -mov edx, 0xb -push 0xf -push 0 -push 2 +push dword [ebp - 0x1c] +push dword [ebp + 0x34] push edi -push esi -push 0xc -push 0 -push 0xfffffffffffffffe -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 -cmp dword [ebp - 0x2c], 0 -je short loc_fffceca9 ; je 0xfffceca9 -push edx +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +cmp byte [ebp - 0x34], 0 +je loc_fffcdab0 ; je 0xfffcdab0 +imul eax, dword [ebp - 0x1c], 0x18 +xor ecx, ecx +imul edx, edi, 0xd8 +add edx, eax +xor eax, eax +add edx, dword [ebp - 0x28] + +loc_fffcd903: ; not directly referenced +mov ebx, dword [ebp + 0x10] +sar ebx, cl +add ecx, 4 +and ebx, 0xf +mov byte [edx + eax + 0x942], bl +add eax, 3 +cmp ecx, 0x20 +jne short loc_fffcd903 ; jne 0xfffcd903 +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 + +loc_fffcd922: ; not directly referenced +mov eax, 2 +jmp near loc_fffcdab2 ; jmp 0xfffcdab2 + +loc_fffcd92c: ; not directly referenced +test cl, cl +sete dl +cmp cl, 0xb +sete al +or dl, al +jne short loc_fffcd985 ; jne 0xfffcd985 +cmp cl, 4 +sete dl +cmp cl, 1 +sete al +or dl, al +jne short loc_fffcd985 ; jne 0xfffcd985 +cmp cl, 0x20 +sete dl +cmp cl, 0x10 +sete al +or dl, al +jne short loc_fffcd985 ; jne 0xfffcd985 +mov dl, byte [ebp - 0x2a] +lea eax, [ecx - 2] +cmp al, 1 +setbe al +or dl, al +jne short loc_fffcd97c ; jne 0xfffcd97c +cmp cl, 0x21 +sete al +cmp cl, 0x11 +mov esi, eax +sete al +or esi, eax +jmp short loc_fffcd981 ; jmp 0xfffcd981 + +loc_fffcd97c: ; not directly referenced +mov esi, 1 + +loc_fffcd981: ; not directly referenced +xor edi, edi +jmp short loc_fffcd98c ; jmp 0xfffcd98c + +loc_fffcd985: ; not directly referenced +xor esi, esi +mov edi, 1 + +loc_fffcd98c: ; not directly referenced +cmp byte [ebp - 0x30], 0 +mov edx, 0x3670 +je loc_fffcda3c ; je 0xfffcda3c mov eax, dword [ebp + 8] -push edx -mov edx, 1 -push 0 -push 0xf -push 0 -push 2 -push edi -push esi -push 0xc -push 7 -push 6 -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 +mov ecx, ebx +cmp dword [eax + 0x188b], 1 +mov eax, 0x367c +cmove edx, eax mov eax, dword [ebp + 8] -push 0 -mov edx, 3 -push 0xf -push 0 -push 2 -push edi +call fcn_fffb38b3 ; call 0xfffb38b3 +mov eax, dword [ebp - 0x38] +mov dword [ebp - 0x1c], 0 +add eax, 0x1c +mov dword [ebp - 0x20], eax +mov eax, esi +movzx esi, al +mov eax, edi +movzx edi, al + +loc_fffcd9d1: ; not directly referenced +imul eax, dword [ebp - 0x1c], 0x13c3 +mov ecx, dword [ebp + 8] +cmp dword [ecx + eax + 0x3757], 2 +je short loc_fffcd9fa ; je 0xfffcd9fa + +loc_fffcd9e5: ; not directly referenced +inc dword [ebp - 0x1c] +add dword [ebp - 0x20], 0xcc +cmp dword [ebp - 0x1c], 2 +jne short loc_fffcd9d1 ; jne 0xfffcd9d1 +jmp near loc_fffcdab0 ; jmp 0xfffcdab0 + +loc_fffcd9fa: ; not directly referenced +sub esp, 0xc +movzx eax, byte [ebp - 0x24] +mov ecx, 1 push esi -push 0xc -push 8 -push 7 -push 2 -lea ecx, [ebp - 0x20] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 -mov edx, 7 -push 0 -push 0xf -push 0 -push 2 +mov edx, dword [ebp - 0x1c] push edi -push esi -lea eax, [ebx + 1] -push 0xc -movsx eax, al -push eax -lea eax, [ebx - 1] -movsx eax, al +push 0 +push dword [ebp + 0x34] push eax mov eax, dword [ebp + 8] -push 4 -lea ecx, [ebp - 0x1c] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +xor eax, eax -loc_fffceca9: ; not directly referenced -cmp dword [ebp - 0x30], 0 -je short loc_fffced28 ; je 0xfffced28 -push eax -xor edx, edx -push eax -mov eax, dword [ebp + 8] -push 0 -push 0xf -push 0 -push 2 -lea edi, [ebp - 0x1e] -push edi -push esi -push 0xc -push 7 -push 6 -push 2 -lea ecx, [ebp - 0x22] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 +loc_fffcda1e: ; not directly referenced +mov ecx, dword [ebp + 8] +cmp al, byte [ecx + 0x2489] +jae short loc_fffcd9e5 ; jae 0xfffcd9e5 +cmp byte [ebp - 0x29], 0 +je short loc_fffcda39 ; je 0xfffcda39 +mov ecx, dword [ebp - 0x20] +movzx edx, al +mov dword [ecx + edx*4 + 0x54], ebx + +loc_fffcda39: ; not directly referenced +inc eax +jmp short loc_fffcda1e ; jmp 0xfffcda1e + +loc_fffcda3c: ; not directly referenced +cmp byte [ebp - 0x40], 1 +ja short loc_fffcda60 ; ja 0xfffcda60 +mov edx, dword [ebp - 0x20] +shl edx, 8 +cmp byte [ebp - 0x44], 8 +jbe short loc_fffcda56 ; jbe 0xfffcda56 +add edx, 0x3070 +jmp short loc_fffcda60 ; jmp 0xfffcda60 + +loc_fffcda56: ; not directly referenced +mov eax, dword [ebp - 0x1c] +shl eax, 9 +lea edx, [edx + eax + 0x70] + +loc_fffcda60: ; not directly referenced +mov ecx, dword [ebp + 8] +lea eax, [edx + 0xc] +cmp dword [ecx + 0x188b], 1 +mov ecx, ebx +cmove edx, eax mov eax, dword [ebp + 8] -push 0 -mov edx, 2 -push 0xf -push 0 -push 2 -push edi +call fcn_fffb3381 ; call 0xfffb3381 +mov eax, esi +sub esp, 0xc +movzx esi, al +mov eax, edi +mov edx, dword [ebp - 0x20] push esi -push 0xc -push 8 -push 7 -push 2 -lea ecx, [ebp - 0x20] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x28 -mov edx, 6 -push 0 -push 0xf -push 0 -push 2 +movzx edi, al +movzx eax, byte [ebp - 0x24] push edi -push esi -lea eax, [ebx + 1] -dec ebx -push 0xc -movsx eax, al +xor ecx, ecx +push dword [ebp - 0x1c] +push dword [ebp + 0x34] push eax mov eax, dword [ebp + 8] -movsx ebx, bl -push ebx -push 4 -lea ecx, [ebp - 0x1c] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 +call fcn_fffa7273 ; call 0xfffa7273 +add esp, 0x20 +cmp byte [ebp - 0x34], 0 +je short loc_fffcdab0 ; je 0xfffcdab0 +mov eax, dword [ebp - 0x3c] +mov dword [eax + 0x54], ebx + +loc_fffcdab0: ; not directly referenced +xor eax, eax -loc_fffced28: ; not directly referenced +loc_fffcdab2: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -62775,2524 +61355,1817 @@ pop edi pop ebp ret -fcn_fffced30: ; not directly referenced +fcn_fffcdaba: push ebp mov ebp, esp -push edi -push esi push ebx -xor ebx, ebx -sub esp, 0x3c -mov edi, dword [ebp + 8] -mov byte [ebp - 0x1a], 1 -mov byte [ebp - 0x19], 0x19 -mov dword [ebp - 0x38], 0 -mov eax, dword [edi + 0x5edc] -mov dword [ebp - 0x30], eax +sub esp, 0x14 +mov eax, dword [ebp + 0xc] +lea ebx, [eax - 4] +cmp byte [ebx + 0x18], 1 +je short loc_fffcdb0d ; je 0xfffcdb0d +mov eax, dword [ebx + 0x14] +test eax, eax +jne short loc_fffcdae7 ; jne 0xfffcdae7 -loc_fffced56: ; not directly referenced -mov esi, 1 -mov cl, bl -shl esi, cl -mov eax, esi -test byte [edi + 0x248d], al -je loc_fffcee06 ; je 0xfffcee06 -test byte [edi + 0x381a], al -je short loc_fffced95 ; je 0xfffced95 -mov cl, byte [edi + ebx + 0x4767] -mov dl, 0xf -movsx eax, byte [edi + ebx + 0x476b] -cmp cl, 0xf -cmovbe edx, ecx -mov cl, al -mov byte [ebp - 0x29], dl -sub ecx, edx -jmp short loc_fffced9d ; jmp 0xfffced9d +loc_fffcdad4: +mov eax, dword [ebx + 0x10] +mov ecx, ebx +mov edx, dword [ebp + 8] +mov byte [ebx + 0x18], 1 +call fcn_fffa1e98 ; call 0xfffa1e98 +jmp short loc_fffcdb0f ; jmp 0xfffcdb0f -loc_fffced95: ; not directly referenced -mov byte [ebp - 0x29], 0xf +loc_fffcdae7: +test byte [eax + 1], 1 +je short loc_fffcdad4 ; je 0xfffcdad4 +lea eax, [ebp - 0xc] +push eax +push 0 +push 0 +push ref_fffd68e8 ; push 0xfffd68e8 +call fcn_fffb020b ; call 0xfffb020b +add esp, 0x10 +test eax, eax +je short loc_fffcdad4 ; je 0xfffcdad4 +mov eax, 0x80000006 +jmp short loc_fffcdb0f ; jmp 0xfffcdb0f + +loc_fffcdb0d: xor eax, eax -xor ecx, ecx -loc_fffced9d: ; not directly referenced -mov edx, esi -test byte [edi + 0x4bdd], dl -je short loc_fffcedc7 ; je 0xfffcedc7 -movsx ecx, byte [edi + ebx + 0x5b2e] -mov dl, byte [ebp - 0x29] -cmp al, cl -cmovb eax, ecx -mov cl, byte [edi + ebx + 0x5b2a] -cmp dl, cl -cmova edx, ecx -mov cl, al -sub ecx, edx +loc_fffcdb0f: +mov ebx, dword [ebp - 4] +leave +ret -loc_fffcedc7: ; not directly referenced -mov dl, 0 -test cl, cl -cmovs ecx, edx -push edx -movzx ecx, cl -push edx -push 0 +fcn_fffcdb14: ; not directly referenced +push ebp +mov ebp, esp +push edi push esi +mov esi, eax push ebx +sub esp, 0x190 +mov ebx, dword [ebp + 8] +mov dword [ebp - 0x14c], edx +mov edx, dword [esi + 0x5edd] +lea eax, [ebp - 0x13f] push 1 -lea esi, [ebp - 0x19] -push esi -lea edx, [edi + 0x2490] -push edx -mov edx, 0xc -push 0xa +mov edi, dword [ebp + 0xc] +push 7 push eax -mov eax, edi -push ecx -push 1 -lea ecx, [ebp - 0x1a] -call fcn_fffcda94 ; call 0xfffcda94 -add esp, 0x30 -mov dword [ebp - 0x38], eax +mov dword [ebp - 0x180], edx +mov edx, dword [esi + 0x2444] +mov dword [ebp - 0x16c], ecx +mov byte [ebp - 0x151], cl +mov dword [ebp - 0x184], edx +call dword [edx + 0x5c] ; ucall +mov eax, dword [ebp - 0x16c] +add esp, 0x10 +mov edx, dword [ebp - 0x14c] +cmp al, 0xb +setne cl dec eax -je loc_fffcef18 ; je 0xfffcef18 +cmp al, 1 +seta al +test cl, al +mov byte [ebp - 0x152], cl +jne loc_fffce2ae ; jne 0xfffce2ae +cmp byte [ebp - 0x16c], 0xb +movzx edx, dl +jne short loc_fffcdbc7 ; jne 0xfffcdbc7 +sub esp, 0xc +mov eax, esi +lea ecx, [edi - 3] +push 0 +movzx ecx, cl +call fcn_fffae9e2 ; call 0xfffae9e2 +add esp, 0x10 +dec bl +mov byte [esi + 0x248c], 0xa +je short loc_fffcdbc0 ; je 0xfffcdbc0 -loc_fffcee06: ; not directly referenced -inc ebx -cmp ebx, 4 -jne loc_fffced56 ; jne 0xfffced56 -mov esi, dword [ebp - 0x30] -lea ebx, [edi + 0x3756] -mov dword [ebp - 0x34], 0 -add esi, 0x1c - -loc_fffcee23: ; not directly referenced -cmp dword [ebx], 2 -je short loc_fffcee45 ; je 0xfffcee45 - -loc_fffcee28: ; not directly referenced -inc dword [ebp - 0x34] -add ebx, 0x13c3 -add esi, 0xcc -cmp dword [ebp - 0x34], 2 -jne short loc_fffcee23 ; jne 0xfffcee23 -mov eax, dword [ebp - 0x38] -jmp near loc_fffcef1d ; jmp 0xfffcef1d - -loc_fffcee45: ; not directly referenced -mov al, byte [esi + 0xa1] -movzx edx, byte [esi + 0xa2] -mov byte [ebp - 0x29], 0 -shr al, 7 -and edx, 7 -movzx eax, al -add edx, edx -or edx, eax -mov al, byte [esi + 0xa2] -shr al, 3 -and eax, 0xf -cmp al, dl -cmovb eax, edx -xor edx, edx -lea eax, [eax + eax - 8] -test al, al -cmovns edx, eax -mov al, byte [ebx + 0xc4] -xor ecx, ecx -mov byte [ebp - 0x2a], dl -mov byte [ebp - 0x30], al - -loc_fffcee8d: ; not directly referenced -mov edx, 1 -shl edx, cl -test byte [ebp - 0x30], dl -je short loc_fffceeab ; je 0xfffceeab -mov al, byte [ebp - 0x29] -mov dl, byte [ebx + ecx + 0x1015] -cmp al, dl -cmovb eax, edx -mov byte [ebp - 0x29], al +loc_fffcdbb4: ; not directly referenced +mov dword [ebp - 0x158], 0 +jmp short loc_fffcdc14 ; jmp 0xfffcdc14 -loc_fffceeab: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffcee8d ; jne 0xfffcee8d -mov al, byte [ebp - 0x29] -sub al, byte [ebp - 0x2a] -mov dword [ebp - 0x30], 0 -movzx eax, al -mov dword [ebp - 0x3c], eax +loc_fffcdbc0: ; not directly referenced +mov eax, 8 +jmp short loc_fffcdbed ; jmp 0xfffcdbed -loc_fffceec4: ; not directly referenced -mov cl, byte [ebp - 0x30] -mov eax, 1 -shl eax, cl -test byte [ebx + 0xc4], al -je short loc_fffcef0a ; je 0xfffcef0a -mov ecx, dword [ebp - 0x30] -mov dl, byte [ebp - 0x29] -sub dl, byte [ebx + ecx + 0x1015] -movsx ecx, byte [ebp - 0x2a] -movzx edx, dl -cmp edx, ecx -jle short loc_fffcef0a ; jle 0xfffcef0a +loc_fffcdbc7: ; not directly referenced sub esp, 0xc -mov edx, dword [ebp - 0x34] -xor ecx, ecx -push eax mov eax, edi +movzx ecx, al +mov eax, esi push 0 +call fcn_fffae9e2 ; call 0xfffae9e2 +add esp, 0x10 +dec bl +jne short loc_fffcdbb4 ; jne 0xfffcdbb4 +cmp byte [ebp - 0x16c], 1 +jne short loc_fffcdbc0 ; jne 0xfffcdbc0 +mov eax, 9 + +loc_fffcdbed: ; not directly referenced push 1 -push dword [ebp - 0x3c] -push 0xc -call fcn_fffb579d ; call 0xfffb579d -add esp, 0x20 +push 0 +push 1 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0x88888888 +push eax +push esi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov dword [ebp - 0x158], eax -loc_fffcef0a: ; not directly referenced -inc dword [ebp - 0x30] -cmp dword [ebp - 0x30], 4 -jne short loc_fffceec4 ; jne 0xfffceec4 -jmp near loc_fffcee28 ; jmp 0xfffcee28 +loc_fffcdc14: ; not directly referenced +lea eax, [esi + 0x3757] +mov dword [ebp - 0x178], eax +movzx eax, byte [ebp - 0x151] +mov dword [ebp - 0x150], 0 +mov dword [ebp - 0x164], 0 +mov dword [ebp - 0x17c], eax -loc_fffcef18: ; not directly referenced -mov eax, 0x19 +loc_fffcdc41: ; not directly referenced +mov edi, dword [ebp - 0x180] +xor ebx, ebx +mov eax, dword [ebp - 0x150] +mov dword [ebp - 0x170], 1 +mov byte [ebp - 0x15c], 0 +add edi, 0x70 +mov cl, al +mov dword [ebp - 0x160], edi +mov edi, dword [ebp - 0x178] +lea eax, [eax + eax*8] +shl dword [ebp - 0x170], cl +mov dword [ebp - 0x174], eax -loc_fffcef1d: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcdc80: ; not directly referenced +mov ecx, dword [ebp - 0x170] +mov edx, ebx +mov eax, esi +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x15c], al +movzx eax, byte [ebp - 0x15c] +bt eax, ebx +mov dword [ebp - 0x168], eax +jae loc_fffcdd9c ; jae 0xfffcdd9c +mov eax, dword [ebp - 0x174] +mov byte [ebp - 0x14c], 0 +add eax, edi +mov dword [ebp - 0x188], eax -fcn_fffcef25: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -sub esp, 0x40 -mov al, byte [ebp + 8] -mov edi, dword [ebp + 0xc] -mov ebx, dword [ebp + 0x18] -mov byte [ebp - 0x41], dl -mov edx, dword [esi + 0x2443] +loc_fffcdcc0: ; not directly referenced +movzx eax, byte [esi + 0x2489] +cmp byte [ebp - 0x14c], al +jb short loc_fffcdcfe ; jb 0xfffcdcfe + +loc_fffcdccf: ; not directly referenced +push edx push 0 -push 2 -mov byte [ebp - 0x33], al -mov eax, edi -mov byte [ebp - 0x34], al -lea eax, [ebp - 0x23] -push eax -mov byte [ebp - 0x32], cl -mov dword [ebp - 0x30], ecx -mov dword [ebp - 0x2c], edx -mov byte [ebp - 0x42], bl -call dword [edx + 0x5c] ; ucall -add esp, 0xc -mov edx, dword [ebp - 0x2c] -push 1 -push 7 -lea eax, [ebp - 0x1f] push eax -call dword [edx + 0x5c] ; ucall +mov eax, dword [ebp - 0x184] +push dword [ebp - 0x160] +call dword [eax + 0x64] ; ucall +mov edx, ebx +xor ecx, ecx +shl edx, 0xa +mov eax, esi +add edx, 0x40f0 +call fcn_fffb3381 ; call 0xfffb3381 add esp, 0x10 -mov ecx, dword [ebp - 0x30] -cmp dword [esi + 0x188b], 1 -mov dword [ebp - 0x2c], 0 -jne short loc_fffcefbc ; jne 0xfffcefbc -xor eax, eax -cmp dword [esi + 0x2480], 3 -sete al -mov dword [ebp - 0x2c], eax -jne short loc_fffcefbc ; jne 0xfffcefbc -test bl, bl -je short loc_fffcefa2 ; je 0xfffcefa2 -mov eax, dword [ebp + 0x10] -jmp short loc_fffcefa5 ; jmp 0xfffcefa5 +jmp near loc_fffcdd9c ; jmp 0xfffcdd9c -loc_fffcefa2: ; not directly referenced -mov eax, dword [ebp + 0x14] +loc_fffcdcfe: ; not directly referenced +cmp byte [ebp - 0x152], 0 +je short loc_fffcdccf ; je 0xfffcdccf +cmp byte [ebp - 0x151], 1 +jne short loc_fffcdd48 ; jne 0xfffcdd48 +movzx eax, byte [ebp - 0x14c] +mov ecx, dword [ebp - 0x188] +lea edx, [ecx + eax] +mov ecx, dword [ebp - 0x150] +mov byte [edx + 0x104a], 0x20 +mov byte [edx + 0x106e], 0x20 +push edx +mov edx, ebx +push 0 +push 0xff +push eax +mov eax, esi +call fcn_fffa7447 ; call 0xfffa7447 +jmp short loc_fffcdd8e ; jmp 0xfffcdd8e -loc_fffcefa5: ; not directly referenced -mov al, byte [eax] -mov byte [ebp - 0x21], al -test bl, bl -jne short loc_fffcefb3 ; jne 0xfffcefb3 -mov eax, dword [ebp + 0x14] -jmp short loc_fffcefb6 ; jmp 0xfffcefb6 +loc_fffcdd48: ; not directly referenced +cmp byte [ebp - 0x151], 2 +jne short loc_fffcdd91 ; jne 0xfffcdd91 +movzx eax, byte [ebp - 0x14c] +mov ecx, dword [ebp - 0x174] +lea edx, [eax + ecx] +add edx, edx +add edx, edi +mov cx, word [edx + 0x121] +add ecx, 0x20 +mov word [edx + 0x169], cx +mov edx, ebx +push ecx +mov ecx, dword [ebp - 0x150] +push 0 +push 0xff +push eax +mov eax, esi +call fcn_fffa735e ; call 0xfffa735e -loc_fffcefb3: ; not directly referenced -mov eax, dword [ebp + 0x10] +loc_fffcdd8e: ; not directly referenced +add esp, 0x10 -loc_fffcefb6: ; not directly referenced -mov al, byte [eax + 1] -mov byte [ebp - 0x20], al +loc_fffcdd91: ; not directly referenced +inc byte [ebp - 0x14c] +jmp near loc_fffcdcc0 ; jmp 0xfffcdcc0 -loc_fffcefbc: ; not directly referenced -movzx eax, cl -mov dword [ebp - 0x38], eax -sar eax, 1 -mov dword [ebp - 0x40], eax -movzx eax, byte [ebp - 0x42] -shr edi, 1 -mov dword [ebp - 0x30], edi -and dword [ebp - 0x40], 1 -and dword [ebp - 0x30], 1 -mov dword [ebp - 0x48], eax -movzx eax, byte [ebp - 0x41] -mov dword [ebp - 0x3c], eax +loc_fffcdd9c: ; not directly referenced +inc ebx +add edi, 0x13c3 +add dword [ebp - 0x160], 0xcc +cmp ebx, 2 +jne loc_fffcdc80 ; jne 0xfffcdc80 +cmp byte [ebp - 0x15c], 0 +je loc_fffce283 ; je 0xfffce283 +mov edi, 0xffffffe1 -loc_fffcefe2: ; not directly referenced -xor edi, edi +loc_fffcddc8: ; not directly referenced +cmp byte [ebp - 0x151], 0xb +jne short loc_fffcde22 ; jne 0xfffcde22 +xor ebx, ebx -loc_fffcefe4: ; not directly referenced -mov eax, dword [ebp - 0x38] -bt eax, edi -jb short loc_fffceff4 ; jb 0xfffceff4 +loc_fffcddd3: ; not directly referenced +mov eax, dword [ebp - 0x168] +bt eax, ebx +jb short loc_fffcdde6 ; jb 0xfffcdde6 -loc_fffcefec: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffcefe4 ; jne 0xfffcefe4 -jmp short loc_fffcf061 ; jmp 0xfffcf061 +loc_fffcddde: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffcddd3 ; jne 0xfffcddd3 +jmp short loc_fffcde44 ; jmp 0xfffcde44 -loc_fffceff4: ; not directly referenced -mov eax, dword [ebp + 0x14] -mov bl, byte [ebp - 0x33] -movzx edx, byte [eax + edi] -mov eax, dword [ebp + 0x10] -movzx eax, byte [eax + edi] -add eax, edx -imul edx, edi, 0x13c3 -add eax, dword [ebp - 0x48] -sar eax, 1 -mov byte [ebp + edi - 0x23], al -and bl, byte [esi + edx + 0x381a] -test byte [ebp - 0x34], 1 -je short loc_fffcf03d ; je 0xfffcf03d -push edx -movzx eax, al -push 0 -push eax -movzx eax, bl -push 1 -push eax -push dword [ebp - 0x3c] -push edi -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +loc_fffcdde6: ; not directly referenced +xor edx, edx -loc_fffcf03d: ; not directly referenced -cmp dword [ebp - 0x30], 0 -je short loc_fffcefec ; je 0xfffcefec -push eax -movzx eax, byte [ebp + edi - 0x23] -movzx ebx, bl +loc_fffcdde8: ; not directly referenced +cmp dl, byte [esi + 0x2489] +jae short loc_fffcddde ; jae 0xfffcddde +push 1 +movzx eax, dl +push 0 +push 0 push 0 push eax -push 2 +push dword [ebp - 0x150] +mov dword [ebp - 0x14c], edx push ebx -push dword [ebp - 0x3c] +push 0 +push 0 push edi +push 0xb push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -jmp short loc_fffcefec ; jmp 0xfffcefec - -loc_fffcf061: ; not directly referenced -cmp dword [ebp - 0x2c], 0 -jne short loc_fffcf073 ; jne 0xfffcf073 -sub esp, 0xc -push esi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 - -loc_fffcf073: ; not directly referenced -xor ebx, ebx -mov byte [ebp - 0x31], 0 -lea edi, [ebp - 0x1f] +call fcn_fffcd268 ; call 0xfffcd268 +mov edx, dword [ebp - 0x14c] +add esp, 0x30 +inc edx +jmp short loc_fffcdde8 ; jmp 0xfffcdde8 -loc_fffcf07c: ; not directly referenced -mov eax, dword [ebp + 0x1c] +loc_fffcde22: ; not directly referenced +push 1 push 0 push 0 push 0 push 0 -movsx eax, byte [eax + ebx] -push eax push 0 -push 2 -push esi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x1c -movzx ecx, byte [esi + 0x248b] -mov edx, dword [ebp - 0x38] -mov eax, esi push 0 push 1 +push 0 push edi -call fcn_fffb0f94 ; call 0xfffb0f94 -add esp, 0x10 -or byte [ebp - 0x31], al -mov al, byte [ebp - 0x32] -cmp byte [ebp - 0x31], al -jne short loc_fffcf0da ; jne 0xfffcf0da - -loc_fffcf0bd: ; not directly referenced -cmp byte [ebp - 0x31], 0 -setne al -test byte [ebp - 0x2c], al -je loc_fffcf154 ; je 0xfffcf154 -mov al, byte [ebp - 0x34] -xor edi, edi -and eax, 1 -mov byte [ebp - 0x43], al -jmp short loc_fffcf0e2 ; jmp 0xfffcf0e2 - -loc_fffcf0da: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffcf07c ; jne 0xfffcf07c -jmp short loc_fffcf0bd ; jmp 0xfffcf0bd - -loc_fffcf0e2: ; not directly referenced -mov eax, dword [ebp - 0x38] -bt eax, edi -jb short loc_fffcf0fe ; jb 0xfffcf0fe - -loc_fffcf0ea: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffcf0e2 ; jne 0xfffcf0e2 -sub esp, 0xc +push dword [ebp - 0x17c] push esi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -jmp short loc_fffcf154 ; jmp 0xfffcf154 +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 -loc_fffcf0fe: ; not directly referenced -imul edx, edi, 0x13c3 -mov bl, byte [ebp - 0x33] -and bl, byte [esi + edx + 0x381a] -cmp byte [ebp - 0x43], 0 -je short loc_fffcf130 ; je 0xfffcf130 -movzx edx, byte [ebp + edi - 0x21] -push eax +loc_fffcde44: ; not directly referenced +movzx ecx, byte [esi + 0x248c] +lea eax, [ebp - 0x13f] +push ebx +mov edx, dword [ebp - 0x168] push 0 -push edx -movzx edx, bl push 1 -push edx -push dword [ebp - 0x3c] -push edi -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +push eax +mov eax, esi +call fcn_fffaa5b3 ; call 0xfffaa5b3 +lea eax, [ebp - 0x60] +add esp, 0x10 +mov dword [ebp - 0x14c], eax +lea eax, [ebp - 0xa8] +mov dword [ebp - 0x158], eax +lea eax, [ebp - 0x138] +mov dword [ebp - 0x15c], eax +lea eax, [edi - 1] +lea ebx, [ebp - 0xf0] +mov dword [ebp - 0x160], 0 +mov dword [ebp - 0x190], eax -loc_fffcf130: ; not directly referenced -cmp dword [ebp - 0x30], 0 -je short loc_fffcf0ea ; je 0xfffcf0ea -movzx edx, byte [ebp + edi - 0x21] -movzx ebx, bl -push ecx -push 0 -push edx -push 2 -push ebx -push dword [ebp - 0x3c] -push edi -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -jmp short loc_fffcf0ea ; jmp 0xfffcf0ea +loc_fffcdea1: ; not directly referenced +mov eax, dword [ebp - 0x168] +mov ecx, dword [ebp - 0x160] +bt eax, ecx +jb short loc_fffcdede ; jb 0xfffcdede -loc_fffcf154: ; not directly referenced -xor ecx, ecx -mov eax, 1 +loc_fffcdeb2: ; not directly referenced +inc dword [ebp - 0x160] +add ebx, 0x24 +add dword [ebp - 0x14c], 0x24 +add dword [ebp - 0x158], 0x24 +add dword [ebp - 0x15c], 0x24 +cmp dword [ebp - 0x160], 2 +jne short loc_fffcdea1 ; jne 0xfffcdea1 +jmp near loc_fffcdff1 ; jmp 0xfffcdff1 -loc_fffcf15b: ; not directly referenced -mov edx, eax -shl edx, cl -test byte [ebp - 0x32], dl -je short loc_fffcf1a4 ; je 0xfffcf1a4 -mov ebx, dword [ebp + 0x10] -mov edi, dword [ebp + 0x14] -mov bl, byte [ebx + ecx] -cmp byte [edi + ecx], bl -jbe short loc_fffcf1a4 ; jbe 0xfffcf1a4 -and dl, byte [ebp - 0x31] -cmp byte [ebp - 0x42], 0 -je short loc_fffcf18d ; je 0xfffcf18d -test dl, dl -mov dl, byte [ebp + ecx - 0x23] -je short loc_fffcf188 ; je 0xfffcf188 -dec edx -mov ebx, edi -jmp short loc_fffcf1a1 ; jmp 0xfffcf1a1 +loc_fffcdede: ; not directly referenced +mov edx, dword [ebp - 0x160] +mov eax, esi +shl edx, 0xa +add edx, 0x40ec +call fcn_fffb331f ; call 0xfffb331f +mov cl, byte [esi + 0x2489] +mov byte [ebp - 0x170], cl +xor ecx, ecx +movzx eax, ax +mov dword [ebp - 0x18c], eax -loc_fffcf188: ; not directly referenced -mov ebx, dword [ebp + 0x10] -jmp short loc_fffcf1a1 ; jmp 0xfffcf1a1 +loc_fffcdf0b: ; not directly referenced +cmp byte [ebp - 0x170], cl +jbe short loc_fffcdeb2 ; jbe 0xfffcdeb2 +mov eax, dword [ebp - 0x18c] +sar eax, cl +and eax, 1 +xor eax, 1 +cmp edi, 0xffffffe1 +jne short loc_fffcdf87 ; jne 0xfffcdf87 +test eax, eax +mov eax, dword [ebp - 0x14c] +je short loc_fffcdf5d ; je 0xfffcdf5d +mov dword [eax + ecx*4], 0xffffffe1 +mov eax, dword [ebp - 0x158] +mov dword [ebx + ecx*4], 0xffffffe1 +mov dword [eax + ecx*4], 0xffffffe1 +mov eax, dword [ebp - 0x15c] +mov dword [eax + ecx*4], 0xffffffe1 +jmp near loc_fffcdfeb ; jmp 0xfffcdfeb -loc_fffcf18d: ; not directly referenced -test dl, dl -mov dl, byte [ebp + ecx - 0x23] -je short loc_fffcf19e ; je 0xfffcf19e -mov edi, dword [ebp + 0x10] -inc edx -mov byte [edi + ecx], dl -jmp short loc_fffcf1a4 ; jmp 0xfffcf1a4 +loc_fffcdf5d: ; not directly referenced +mov dword [eax + ecx*4], 0xffffffdf +mov eax, dword [ebp - 0x158] +mov dword [ebx + ecx*4], 0xffffffdf +mov dword [eax + ecx*4], 0xffffffdf +mov eax, dword [ebp - 0x15c] +mov dword [eax + ecx*4], 0xffffffdf +jmp short loc_fffcdfeb ; jmp 0xfffcdfeb -loc_fffcf19e: ; not directly referenced -mov ebx, dword [ebp + 0x14] +loc_fffcdf87: ; not directly referenced +test eax, eax +je short loc_fffcdfeb ; je 0xfffcdfeb +mov eax, dword [ebp - 0x190] +cmp dword [ebx + ecx*4], eax +je short loc_fffcdf9f ; je 0xfffcdf9f +mov eax, dword [ebp - 0x15c] +mov dword [eax + ecx*4], edi -loc_fffcf1a1: ; not directly referenced -mov byte [ebx + ecx], dl +loc_fffcdf9f: ; not directly referenced +mov eax, dword [ebp - 0x15c] +mov dword [ebx + ecx*4], edi +mov eax, dword [eax + ecx*4] +mov edx, eax +mov dword [ebp - 0x174], eax +mov eax, edi +sub eax, edx +mov edx, dword [ebp - 0x158] +mov dword [ebp - 0x188], eax +mov eax, dword [ebp - 0x14c] +mov eax, dword [eax + ecx*4] +sub eax, dword [edx + ecx*4] +cmp dword [ebp - 0x188], eax +jle short loc_fffcdfeb ; jle 0xfffcdfeb +mov eax, edx +mov edx, dword [ebp - 0x174] +mov dword [eax + ecx*4], edx +mov eax, dword [ebp - 0x14c] +mov dword [eax + ecx*4], edi -loc_fffcf1a4: ; not directly referenced +loc_fffcdfeb: ; not directly referenced inc ecx -cmp ecx, 2 -jne short loc_fffcf15b ; jne 0xfffcf15b -mov al, 1 -test byte [ebp - 0x32], 1 -je short loc_fffcf1bf ; je 0xfffcf1bf -mov eax, dword [ebp + 0x10] -mov ecx, dword [ebp + 0x14] -mov al, byte [eax] -cmp byte [ecx], al -setbe al - -loc_fffcf1bf: ; not directly referenced -cmp dword [ebp - 0x40], 0 -je short loc_fffcf1d7 ; je 0xfffcf1d7 -mov ecx, dword [ebp + 0x10] -mov edi, dword [ebp + 0x14] -mov cl, byte [ecx + 1] -cmp byte [edi + 1], cl -ja loc_fffcefe2 ; ja 0xfffcefe2 +jmp near loc_fffcdf0b ; jmp 0xfffcdf0b -loc_fffcf1d7: ; not directly referenced -test al, al -je loc_fffcefe2 ; je 0xfffcefe2 +loc_fffcdff1: ; not directly referenced +inc edi +cmp edi, 0x20 +jne loc_fffcddc8 ; jne 0xfffcddc8 +push 2 push 0 -xor edi, edi push 0 push 0 push 0 push 0 push 0 -push 2 -push esi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 -cmp dword [ebp - 0x2c], 0 -jne short loc_fffcf20f ; jne 0xfffcf20f - -loc_fffcf1fe: ; not directly referenced -sub esp, 0xc +push 1 +push 0 +push 0 +push dword [ebp - 0x17c] push esi -call fcn_fffc82f4 ; call 0xfffc82f4 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -loc_fffcf20f: ; not directly referenced -mov al, byte [ebp - 0x34] -and eax, 1 -mov byte [ebp - 0x31], al -movzx eax, byte [ebp - 0x41] -mov dword [ebp - 0x2c], eax - -loc_fffcf21f: ; not directly referenced -mov eax, dword [ebp - 0x38] -bt eax, edi -jb short loc_fffcf22f ; jb 0xfffcf22f +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov dword [ebp - 0x14c], 0 +mov dword [ebp - 0x158], eax +mov eax, dword [ebp - 0x178] +mov dword [ebp - 0x15c], eax +mov eax, dword [ebp - 0x150] +lea ebx, [eax + eax*8] +imul eax, eax, 0x12 +mov dword [ebp - 0x170], ebx +mov dword [ebp - 0x174], eax -loc_fffcf227: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffcf21f ; jne 0xfffcf21f -jmp short loc_fffcf1fe ; jmp 0xfffcf1fe +loc_fffce052: ; not directly referenced +mov eax, dword [ebp - 0x168] +mov ebx, dword [ebp - 0x14c] +bt eax, ebx +jae loc_fffce266 ; jae 0xfffce266 +mov eax, dword [ebp - 0x170] +add eax, dword [ebp - 0x15c] +mov byte [ebp - 0x160], 0 +mov dword [ebp - 0x188], eax -loc_fffcf22f: ; not directly referenced -imul edx, edi, 0x13c3 -mov bl, byte [ebp - 0x33] -and bl, byte [esi + edx + 0x381a] -cmp byte [ebp - 0x31], 0 -je short loc_fffcf261 ; je 0xfffcf261 -push edx -movzx edx, byte [ebp + edi - 0x21] -push 0 -push edx -movzx edx, bl -push 1 -push edx -push dword [ebp - 0x2c] -push edi -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 - -loc_fffcf261: ; not directly referenced -cmp dword [ebp - 0x30], 0 -je short loc_fffcf227 ; je 0xfffcf227 -movzx edx, byte [ebp + edi - 0x21] -movzx ebx, bl -push eax -push 0 -push edx -push 2 -push ebx -push dword [ebp - 0x2c] -push edi -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -jmp short loc_fffcf227 ; jmp 0xfffcf227 +loc_fffce080: ; not directly referenced +mov al, byte [ebp - 0x160] +cmp al, byte [esi + 0x2489] +jae loc_fffce220 ; jae 0xfffce220 +movzx eax, byte [ebp - 0x160] +imul edx, dword [ebp - 0x14c], 9 +add edx, eax +mov ebx, dword [ebp + edx*4 - 0x60] +mov edx, dword [ebp + edx*4 - 0xa8] +mov ecx, ebx +sub ecx, edx +cmp ecx, 7 +jg short loc_fffce0d1 ; jg 0xfffce0d1 +cmp byte [esi + 0x1965], 0 +mov ecx, 9 +cmove ecx, dword [ebp - 0x158] +mov dword [ebp - 0x158], ecx +jmp short loc_fffce0db ; jmp 0xfffce0db -fcn_fffcf285: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -xor ebx, ebx -sub esp, 0x40 -mov al, byte [ebp + 8] -push 1 -movzx edi, byte [ebp + 0xc] -push 7 -mov byte [ebp - 0x31], al -mov eax, dword [ebp + 0x14] -mov byte [ebp - 0x2a], dl -lea edx, [ebp - 0x27] -push edx -mov word [ebp - 0x2c], ax -mov eax, dword [ebp + 0x18] -mov byte [ebp - 0x29], cl -mov dword [ebp - 0x1c], 0 -mov dword [ebp - 0x20], 0 -mov word [ebp - 0x34], ax -mov eax, dword [esi + 0x2443] -call dword [eax + 0x5c] ; ucall -movzx eax, byte [ebp - 0x29] -add esp, 0x10 -mov dword [ebp - 0x3c], edi -mov dword [ebp - 0x30], eax +loc_fffce0d1: ; not directly referenced +sar ecx, 1 +add ecx, edx +mov dword [ebp - 0x164], ecx -loc_fffcf2dc: ; not directly referenced -movsx eax, bx -xor edi, edi -mov dword [ebp - 0x38], eax +loc_fffce0db: ; not directly referenced +imul edi, edx, 0xfffffff6 +imul ecx, edx, 0xa +test edx, edx +cmovs ecx, edi +imul edx, ebx, 0xa +imul edi, ebx, 0xfffffff6 +test ebx, ebx +cmovs edx, edi +cmp byte [ebp - 0x151], 1 +jne short loc_fffce139 ; jne 0xfffce139 +imul ebx, dword [ebp - 0x14c], 9 +add ebx, dword [ebp - 0x174] +mov edi, dword [ebp - 0x188] +lea ebx, [eax + ebx + 0x50] +mov dword [esi + ebx*8 + 0x2451], ecx +mov ecx, dword [ebp - 0x164] +mov dword [esi + ebx*8 + 0x2455], edx +lea edx, [edi + eax] +add byte [edx + 0x104a], cl +add byte [edx + 0x106e], cl +jmp near loc_fffce1f6 ; jmp 0xfffce1f6 -loc_fffcf2e4: ; not directly referenced -mov eax, dword [ebp - 0x30] -bt eax, edi -jae short loc_fffcf318 ; jae 0xfffcf318 -cmp dword [ebp + edi*4 - 0x20], 0 -jne short loc_fffcf318 ; jne 0xfffcf318 -mov eax, dword [ebp + 0x10] -push edx +loc_fffce139: ; not directly referenced +cmp byte [ebp - 0x151], 2 +jne short loc_fffce1a5 ; jne 0xfffce1a5 +imul ebx, dword [ebp - 0x14c], 9 +add ebx, dword [ebp - 0x174] +mov edi, dword [ebp - 0x164] +lea ebx, [eax + ebx + 0xe0] +mov dword [esi + ebx*8 + 0x2455], edx +movzx edx, byte [ebp - 0x160] +mov dword [esi + ebx*8 + 0x2451], ecx +mov ebx, dword [ebp - 0x15c] +add edx, dword [ebp - 0x170] +add edx, edx +add word [ebx + edx + 0x169], di +push ecx +mov edx, dword [ebp - 0x14c] +mov ecx, dword [ebp - 0x150] push 0 -movzx edx, byte [eax + edi] -add edx, dword [ebp - 0x38] -push edx -movzx edx, byte [ebp - 0x31] -push dword [ebp - 0x3c] -push edx -movzx edx, byte [ebp - 0x2a] -push edx -push edi -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +push 0xff +push eax +mov eax, esi +call fcn_fffa735e ; call 0xfffa735e +jmp short loc_fffce212 ; jmp 0xfffce212 -loc_fffcf318: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffcf2e4 ; jne 0xfffcf2e4 -cmp dword [ebp + 0x20], 0 -jne short loc_fffcf330 ; jne 0xfffcf330 -sub esp, 0xc -push esi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 +loc_fffce1a5: ; not directly referenced +cmp byte [ebp - 0x151], 0xb +jne short loc_fffce215 ; jne 0xfffce215 +imul ebx, dword [ebp - 0x14c], 9 +add ebx, dword [ebp - 0x174] +mov edi, dword [ebp - 0x164] +lea ebx, [eax + ebx + 0x128] +mov dword [esi + ebx*8 + 0x2455], edx +movzx edx, byte [ebp - 0x160] +mov dword [esi + ebx*8 + 0x2451], ecx +lea ecx, [edi + edi] +mov edi, dword [ebp - 0x15c] +add edx, dword [ebp - 0x170] +add edx, edx +add word [edi + edx + 0x1b1], cx -loc_fffcf330: ; not directly referenced -mov edx, dword [ebp - 0x30] -push eax -movzx ecx, byte [esi + 0x248b] +loc_fffce1f6: ; not directly referenced +mov ecx, dword [ebp - 0x150] +push edx +mov edx, dword [ebp - 0x14c] push 0 -push 1 -lea eax, [ebp - 0x27] +push 0xff push eax mov eax, esi -call fcn_fffb0f94 ; call 0xfffb0f94 -mov dl, bl -add esp, 0x10 -neg edx -test bx, bx -cmovns edx, ebx -test byte [ebp - 0x29], 1 -je short loc_fffcf375 ; je 0xfffcf375 -cmp dword [ebp - 0x20], 0 -jne short loc_fffcf375 ; jne 0xfffcf375 -test al, 1 -je short loc_fffcf370 ; je 0xfffcf370 -mov dword [ebp - 0x20], 1 -jmp short loc_fffcf375 ; jmp 0xfffcf375 - -loc_fffcf370: ; not directly referenced -mov ecx, dword [ebp + 0x1c] -mov byte [ecx], dl +call fcn_fffa7447 ; call 0xfffa7447 -loc_fffcf375: ; not directly referenced -test byte [ebp - 0x29], 2 -je short loc_fffcf394 ; je 0xfffcf394 -cmp dword [ebp - 0x1c], 0 -jne short loc_fffcf394 ; jne 0xfffcf394 -test al, 2 -jne short loc_fffcf38d ; jne 0xfffcf38d -mov eax, dword [ebp + 0x1c] -mov byte [eax + 1], dl -jmp short loc_fffcf394 ; jmp 0xfffcf394 +loc_fffce212: ; not directly referenced +add esp, 0x10 -loc_fffcf38d: ; not directly referenced -mov dword [ebp - 0x1c], 1 +loc_fffce215: ; not directly referenced +inc byte [ebp - 0x160] +jmp near loc_fffce080 ; jmp 0xfffce080 -loc_fffcf394: ; not directly referenced -mov eax, dword [ebp - 0x34] -add ebx, eax -test ax, ax -jle short loc_fffcf3a7 ; jle 0xfffcf3a7 -cmp bx, word [ebp - 0x2c] -setg al -jmp short loc_fffcf3ae ; jmp 0xfffcf3ae +loc_fffce220: ; not directly referenced +cmp byte [ebp - 0x151], 0xb +jne short loc_fffce266 ; jne 0xfffce266 +mov ebx, dword [ebp - 0x14c] +mov eax, esi +shl ebx, 0xa +add ebx, 0x4028 +mov edx, ebx +call fcn_fffb331f ; call 0xfffb331f +mov edi, dword [ebp - 0x15c] +movzx edx, byte [edi + 0x1019] +and eax, 0xffc0ffff +and edx, 0x3f +shl edx, 0x10 +or eax, edx +mov edx, ebx +mov ecx, eax +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffcf3a7: ; not directly referenced -cmp bx, word [ebp - 0x2c] -setl al +loc_fffce266: ; not directly referenced +inc dword [ebp - 0x14c] +add dword [ebp - 0x15c], 0x13c3 +cmp dword [ebp - 0x14c], 2 +jne loc_fffce052 ; jne 0xfffce052 -loc_fffcf3ae: ; not directly referenced -cmp dword [ebp - 0x20], 0 -movzx eax, al -je short loc_fffcf3bd ; je 0xfffcf3bd -cmp dword [ebp - 0x1c], 0 -jne short loc_fffcf3c5 ; jne 0xfffcf3c5 +loc_fffce283: ; not directly referenced +inc dword [ebp - 0x150] +cmp dword [ebp - 0x150], 4 +jne loc_fffcdc41 ; jne 0xfffcdc41 +cmp byte [ebp - 0x16c], 0xb +mov ebx, dword [ebp - 0x158] +jne short loc_fffce2b3 ; jne 0xfffce2b3 +mov eax, esi +call fcn_fffaa4a9 ; call 0xfffaa4a9 +jmp short loc_fffce2b3 ; jmp 0xfffce2b3 -loc_fffcf3bd: ; not directly referenced -test eax, eax -je loc_fffcf2dc ; je 0xfffcf2dc +loc_fffce2ae: ; not directly referenced +mov ebx, 2 -loc_fffcf3c5: ; not directly referenced +loc_fffce2b3: ; not directly referenced lea esp, [ebp - 0xc] +mov eax, ebx pop ebx pop esi pop edi pop ebp ret -fcn_fffcf3cd: ; not directly referenced +fcn_fffce2bd: ; not directly referenced push ebp mov ebp, esp push edi -mov edi, eax push esi -mov esi, edx push ebx -sub esp, 0x90 -mov eax, dword [ebp + 0x10] -push 1 -push 7 -mov ebx, eax -mov dword [ebp - 0x78], eax -mov al, byte [ebp + 8] -mov byte [ebp - 0x89], bl -mov ebx, dword [edi + 0x2443] -mov dword [ebp - 0x88], edx -mov byte [ebp - 0x69], dl -mov byte [ebp - 0x6a], al -mov al, byte [ebp + 0xc] -mov byte [ebp - 0x68], cl -mov byte [ebp - 0x74], al -mov al, byte [ebp + 0x14] -mov byte [ebp - 0x7c], al -mov al, byte [ebp + 0x18] -mov byte [ebp - 0x8a], al -lea eax, [ebp - 0x4f] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x53] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x51] -push eax -call dword [ebx + 0x5c] ; ucall +sub esp, 8 +mov esi, dword [ebp + 8] +mov ebx, dword [ebp + 0x14] +mov dword [ebp - 0x10], esi +mov esi, dword [ebp + 0xc] +mov edi, ebx +shr edi, 0x1d +and edi, 1 +mov dword [ebp - 0x14], esi +mov esi, dword [ebp + 0x10] +cmp ax, di +jne short loc_fffce352 ; jne 0xfffce352 +test dword [ebp + 0x18], 0x800 +jne short loc_fffce336 ; jne 0xfffce336 +mov eax, ebx +shr eax, 0xc +and eax, 1 +cmp dx, ax +jne short loc_fffce352 ; jne 0xfffce352 +mov eax, ebx +shr eax, 0xb +and eax, 1 +cmp cx, ax +jne short loc_fffce352 ; jne 0xfffce352 +mov edx, ebx +shr edx, 8 +and edx, 7 + +loc_fffce310: ; not directly referenced xor eax, eax -add esp, 0x10 -cmp dword [edi + 0x2480], 3 +cmp word [ebp - 0x10], dx +jne short loc_fffce354 ; jne 0xfffce354 +mov edx, ebx +shr edx, 0xd +cmp word [ebp - 0x14], dx +jne short loc_fffce354 ; jne 0xfffce354 +movzx ebx, bl +and esi, 0xfffffff8 +shl ebx, 3 +xor eax, eax +cmp si, bx sete al -mov dword [ebp - 0x60], eax -mov eax, esi -cmp al, 6 -je short loc_fffcf489 ; je 0xfffcf489 +jmp short loc_fffce354 ; jmp 0xfffce354 -loc_fffcf457: ; not directly referenced -cmp dword [ebp - 0x60], 1 -sbb eax, eax -mov dword [ebp - 0x60], eax -movsx ax, byte [ebp - 0x78] -and byte [ebp - 0x60], 4 -add byte [ebp - 0x60], 2 -mov word [ebp - 0x6c], ax -mov word [ebp - 0x64], ax -mov al, byte [ebp - 0x7c] -sub eax, dword [ebp - 0x60] -movzx eax, al -mov dword [ebp - 0x94], eax -jmp near loc_fffcf604 ; jmp 0xfffcf604 +loc_fffce336: ; not directly referenced +test dx, dx +jne short loc_fffce352 ; jne 0xfffce352 +mov eax, ebx +shr eax, 0xc +and eax, 1 +cmp cx, ax +jne short loc_fffce352 ; jne 0xfffce352 +mov edx, ebx +shr edx, 8 +and edx, 0xf +jmp short loc_fffce310 ; jmp 0xfffce310 -loc_fffcf489: ; not directly referenced -movzx esi, byte [ebp - 0x68] -lea eax, [edi + 0x3756] -mov dword [ebp - 0x5c], eax +loc_fffce352: ; not directly referenced xor eax, eax -mov dword [ebp - 0x70], esi - -loc_fffcf49b: ; not directly referenced -mov esi, dword [ebp - 0x70] -bt esi, eax -jae loc_fffcf567 ; jae 0xfffcf567 -mov esi, dword [ebp - 0x5c] -mov ebx, dword [esi + 0x111] -mov ecx, dword [esi + 0x11d] -cmp bl, cl -mov esi, ecx -cmovl esi, ebx -cmp cl, bl -mov edx, esi -mov esi, dword [ebp - 0x5c] -cmovbe ecx, ebx -mov byte [ebp + eax - 0x53], dl -mov byte [ebp + eax - 0x51], cl -xor ecx, ecx -mov dl, byte [esi + 0xc4] -mov byte [ebp - 0x64], dl - -loc_fffcf4da: ; not directly referenced -mov ebx, 1 -shl ebx, cl -test byte [ebp - 0x64], bl -je short loc_fffcf512 ; je 0xfffcf512 -mov esi, dword [ebp - 0x5c] -mov bl, byte [esi + ecx + 0x245] -movzx esi, byte [ebp + eax - 0x53] -cmp bl, byte [ebp + eax - 0x53] -cmovle esi, ebx -mov edx, esi -movzx esi, byte [ebp + eax - 0x51] -cmp bl, byte [ebp + eax - 0x51] -mov byte [ebp + eax - 0x53], dl -cmovb ebx, esi -mov byte [ebp + eax - 0x51], bl - -loc_fffcf512: ; not directly referenced -inc ecx -cmp ecx, 4 -jne short loc_fffcf4da ; jne 0xfffcf4da -cmp dword [ebp - 0x60], 0 -je short loc_fffcf559 ; je 0xfffcf559 -mov ecx, dword [ebp - 0x5c] -mov esi, dword [ecx + 0x109] -mov ecx, dword [ecx + 0x115] -mov edx, esi -mov ebx, esi -cmp cl, dl -mov dl, byte [ebp + eax - 0x53] -cmovl ebx, ecx -cmp bl, byte [ebp + eax - 0x53] -cmovg ebx, edx -mov edx, esi -mov byte [ebp + eax - 0x53], bl -mov bl, byte [ebp + eax - 0x51] -cmp bl, dl -cmovbe ebx, esi -cmp bl, cl -cmovbe ebx, ecx -mov byte [ebp + eax - 0x51], bl - -loc_fffcf559: ; not directly referenced -mov cl, 0x7f -neg byte [ebp + eax - 0x53] -sub cl, byte [ebp + eax - 0x51] -mov byte [ebp + eax - 0x51], cl -loc_fffcf567: ; not directly referenced -inc eax -add dword [ebp - 0x5c], 0x13c3 -cmp eax, 2 -jne loc_fffcf49b ; jne 0xfffcf49b -jmp near loc_fffcf457 ; jmp 0xfffcf457 - -loc_fffcf57d: ; not directly referenced -mov eax, dword [ebp - 0x70] -bt eax, ebx -jb loc_fffcf62c ; jb 0xfffcf62c +loc_fffce354: ; not directly referenced +pop edx +pop ecx +pop ebx +pop esi +pop edi +pop ebp +ret -loc_fffcf589: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffcf57d ; jne 0xfffcf57d -sub esp, 0xc +fcn_fffce35b: ; not directly referenced +push ebp +xor eax, eax +mov ebp, esp +mov ecx, 8 push edi -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 -cmp dword [ebp + 0x24], 0 -je loc_fffcf67f ; je 0xfffcf67f -movzx ecx, byte [edi + 0x248b] -push eax -mov edx, dword [ebp - 0x70] -push 0 -push 1 -lea eax, [ebp - 0x4f] -push eax -mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 -add esp, 0x10 -mov byte [ebp - 0x5c], al - -loc_fffcf5c5: ; not directly referenced -cmp byte [ebp - 0x69], 6 -je loc_fffcf6d8 ; je 0xfffcf6d8 - -loc_fffcf5cf: ; not directly referenced -movzx eax, byte [ebp - 0x60] -mov edx, esi -xor ecx, ecx -sub edx, eax -mov dword [ebp - 0x70], eax -movsx eax, byte [ebp - 0x89] -mov dword [ebp - 0x80], edx - -loc_fffcf5e6: ; not directly referenced -mov edx, 1 -shl edx, cl -test byte [ebp - 0x68], dl -jne loc_fffcf712 ; jne 0xfffcf712 - -loc_fffcf5f6: ; not directly referenced -inc ecx -cmp ecx, 2 -jne short loc_fffcf5e6 ; jne 0xfffcf5e6 -movzx eax, byte [ebp - 0x60] -add word [ebp - 0x64], ax - -loc_fffcf604: ; not directly referenced -movzx eax, byte [ebp - 0x7c] -movsx esi, word [ebp - 0x64] -mov dword [ebp - 0x5c], eax -cmp esi, eax -jg loc_fffcf7f0 ; jg 0xfffcf7f0 -movzx eax, byte [ebp - 0x68] -xor ebx, ebx -mov dword [ebp - 0x70], eax -movzx eax, byte [ebp - 0x74] -mov dword [ebp - 0x5c], eax -jmp near loc_fffcf57d ; jmp 0xfffcf57d - -loc_fffcf62c: ; not directly referenced -imul eax, ebx, 0x13c3 -mov cl, byte [ebp - 0x6a] -and cl, byte [edi + eax + 0x381a] -movzx eax, byte [ebp - 0x69] -movzx ecx, cl -cmp al, 6 -je short loc_fffcf65f ; je 0xfffcf65f -push edx -push 0 +mov edx, 0xcf8 push esi -push dword [ebp - 0x5c] -push ecx -push eax push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 -jmp near loc_fffcf589 ; jmp 0xfffcf589 +lea edi, [ebp - 0xe8] +sub esp, 0x198 +mov ebx, dword [ebp + 8] +rep stosd ; rep stosd dword es:[edi], eax +lea edi, [ebp - 0xf8] +mov dword [ebp - 0xbc], fcn_fffb00dc ; mov dword [ebp - 0xbc], 0xfffb00dc +mov dword [ebp - 0xb0], fcn_fffb0086 ; mov dword [ebp - 0xb0], 0xfffb0086 +mov dword [ebp - 0x5c], fcn_fffb01d3 ; mov dword [ebp - 0x5c], 0xfffb01d3 +mov dword [ebp - 0x58], fcn_fffb01ca ; mov dword [ebp - 0x58], 0xfffb01ca +mov dword [ebp - 0xa4], fcn_fffb3fc4 ; mov dword [ebp - 0xa4], 0xfffb3fc4 +mov cl, 4 +rep stosd ; rep stosd dword es:[edi], eax +mov eax, 0x80000048 +mov dword [ebp - 0xa0], fcn_fffb401c ; mov dword [ebp - 0xa0], 0xfffb401c +mov dword [ebp - 0x7c], fcn_fffc375d ; mov dword [ebp - 0x7c], 0xfffc375d +mov dword [ebp - 0x78], fcn_fffc3739 ; mov dword [ebp - 0x78], 0xfffc3739 +out dx, eax +push 0xcfc +call fcn_fffb00dc ; call 0xfffb00dc +add esp, 0x10 +mov esi, eax +test al, 1 +jne short loc_fffce3ec ; jne 0xfffce3ec -loc_fffcf65f: ; not directly referenced +loc_fffce3e5: ; not directly referenced xor eax, eax -mov edx, ebx -cmp dword [ebp + 0x20], 0 -sete al -push eax -mov eax, edi +jmp near loc_fffcf1ab ; jmp 0xfffcf1ab + +loc_fffce3ec: ; not directly referenced +push 0x60 +mov edi, dword [ebp - 0xb0] push 0 -push esi push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +push 0 +call dword [ebp - 0x7c] ; ucall +pop edx +pop ecx +push eax +push 0xcf8 +call edi +mov dword [esp], 0xcfc +call dword [ebp - 0xbc] ; ucall add esp, 0x10 -jmp near loc_fffcf589 ; jmp 0xfffcf589 - -loc_fffcf67f: ; not directly referenced -xor ebx, ebx -mov byte [ebp - 0x5c], 0 +test al, 1 +je short loc_fffce3e5 ; je 0xfffce3e5 +and eax, 0xfffffff8 +mov edi, eax +call fcn_fffa67af ; call 0xfffa67af +mov dword [ebp - 0x12c], 0 +cmp eax, 0x40660 +setne cl +cmp eax, 0x306c0 +setne dl +test cl, dl +je short loc_fffce454 ; je 0xfffce454 +cmp eax, 0x40650 +setne al +movzx eax, al +mov dword [ebp - 0x12c], eax -loc_fffcf685: ; not directly referenced -mov eax, dword [ebp + 0x1c] +loc_fffce454: ; not directly referenced +push 0xbc +and esi, 0xfffffffe push 0 push 0 push 0 +call dword [ebp - 0x78] ; ucall +add eax, edi +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +push 0x90 push 0 -movsx eax, byte [eax + ebx] -push eax push 0 -push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x1c -movzx ecx, byte [edi + 0x248b] -mov edx, dword [ebp - 0x70] -lea eax, [ebp - 0x4f] push 0 -push 1 +mov dword [ebp - 0x168], eax +call dword [ebp - 0x78] ; ucall +add esp, 0x14 +add eax, edi push eax -mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 -add esp, 0x10 -or byte [ebp - 0x5c], al -mov al, byte [ebp - 0x68] -cmp byte [ebp - 0x5c], al -je loc_fffcf5c5 ; je 0xfffcf5c5 -inc ebx -cmp ebx, 2 -jne short loc_fffcf685 ; jne 0xfffcf685 -jmp near loc_fffcf5c5 ; jmp 0xfffcf5c5 - -loc_fffcf6d8: ; not directly referenced -movsx ax, byte [ebp - 0x53] -cmp word [ebp - 0x64], ax -jge short loc_fffcf6e9 ; jge 0xfffcf6e9 - -loc_fffcf6e3: ; not directly referenced -or byte [ebp - 0x5c], 1 -jmp short loc_fffcf6f1 ; jmp 0xfffcf6f1 - -loc_fffcf6e9: ; not directly referenced -movzx eax, byte [ebp - 0x51] -cmp esi, eax -jg short loc_fffcf6e3 ; jg 0xfffcf6e3 - -loc_fffcf6f1: ; not directly referenced -movsx ax, byte [ebp - 0x52] -cmp word [ebp - 0x64], ax -jge short loc_fffcf705 ; jge 0xfffcf705 - -loc_fffcf6fc: ; not directly referenced -or byte [ebp - 0x5c], 2 -jmp near loc_fffcf5cf ; jmp 0xfffcf5cf - -loc_fffcf705: ; not directly referenced -movzx eax, byte [ebp - 0x50] -cmp esi, eax -jg short loc_fffcf6fc ; jg 0xfffcf6fc -jmp near loc_fffcf5cf ; jmp 0xfffcf5cf - -loc_fffcf712: ; not directly referenced -test byte [ebp - 0x5c], dl -mov ebx, dword [ebp - 0x6c] -sete dl -movzx edx, dl -cmp word [ebp - 0x64], bx -jne short loc_fffcf767 ; jne 0xfffcf767 -test edx, edx -je short loc_fffcf745 ; je 0xfffcf745 -mov dword [ebp + ecx*4 - 0x20], eax -mov dword [ebp + ecx*4 - 0x28], eax -mov dword [ebp + ecx*4 - 0x30], eax -mov dword [ebp + ecx*4 - 0x38], eax -mov dword [ebp + ecx*4 - 0x40], eax -mov dword [ebp + ecx*4 - 0x48], eax -jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6 - -loc_fffcf745: ; not directly referenced -mov edx, eax -sub edx, dword [ebp - 0x70] -mov dword [ebp + ecx*4 - 0x20], edx -mov dword [ebp + ecx*4 - 0x28], edx -mov dword [ebp + ecx*4 - 0x30], edx -mov dword [ebp + ecx*4 - 0x38], edx -mov dword [ebp + ecx*4 - 0x40], edx -mov dword [ebp + ecx*4 - 0x48], edx -jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6 - -loc_fffcf767: ; not directly referenced -test edx, edx -je loc_fffcf5f6 ; je 0xfffcf5f6 -mov ebx, dword [ebp - 0x80] -cmp dword [ebp + ecx*4 - 0x40], ebx -jne short loc_fffcf77c ; jne 0xfffcf77c -mov dword [ebp + ecx*4 - 0x40], esi - -loc_fffcf77c: ; not directly referenced -mov ebx, dword [ebp - 0x80] -cmp dword [ebp + ecx*4 - 0x30], ebx -mov dword [ebp + ecx*4 - 0x30], esi -je short loc_fffcf78d ; je 0xfffcf78d -mov dword [ebp + ecx*4 - 0x38], esi - -loc_fffcf78d: ; not directly referenced -cmp esi, dword [ebp - 0x94] -jl short loc_fffcf7b3 ; jl 0xfffcf7b3 -cmp dword [ebp + ecx*4 - 0x48], eax -jne short loc_fffcf7b3 ; jne 0xfffcf7b3 -cmp byte [ebp - 0x8a], 0 -je short loc_fffcf7b3 ; je 0xfffcf7b3 -mov edx, dword [ebp + ecx*4 - 0x40] -sub edx, eax -add edx, dword [ebp - 0x70] -add edx, esi -mov dword [ebp + ecx*4 - 0x30], edx +call dword [ebp - 0xa0] ; ucall +push 0x98 +push 0 +push 0 +push 0 +mov dword [ebp - 0x184], edx +mov dword [ebp - 0x180], eax +call dword [ebp - 0x78] ; ucall +add esp, 0x14 +add edi, eax +push edi +call dword [ebp - 0xa0] ; ucall +mov dword [ebp - 0x188], eax +lea eax, [esi + 0x5024] +mov dword [ebp - 0x18c], edx +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x14c], eax +lea eax, [esi + 0x5014] +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x150], eax +lea eax, [esi + 0x5000] +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [ebp - 0x114], eax +lea eax, [esi + 0x5004] +add esi, 0x5008 +mov dword [esp], eax +call dword [ebp - 0xa4] ; ucall +mov dword [esp], esi +mov edi, eax +call dword [ebp - 0xa4] ; ucall +mov cl, byte [ebx + 4] +add esp, 0x10 +mov dx, word [ebx + 5] +mov dword [ebp - 0x104], edi +mov dword [ebp - 0xfc], 0 +mov byte [ebp - 0x110], cl +mov cl, byte [ebx + 3] +mov word [ebp - 0x12e], dx +mov dx, word [ebx + 7] +mov dword [ebp - 0x100], eax +mov byte [ebp - 0x134], cl +mov cl, byte [ebx + 2] +mov word [ebp - 0x130], dx +mov dl, byte [ebx + 1] +mov al, cl +or eax, edx +mov byte [ebp - 0x151], cl +test al, 0xfe +je short loc_fffce57d ; je 0xfffce57d -loc_fffcf7b3: ; not directly referenced -mov edx, dword [ebp + ecx*4 - 0x30] -mov ebx, dword [ebp + ecx*4 - 0x38] -mov dword [ebp - 0x84], edx -sub edx, ebx -mov dword [ebp - 0x90], edx -mov edx, dword [ebp + ecx*4 - 0x20] -sub edx, dword [ebp + ecx*4 - 0x28] -cmp dword [ebp - 0x90], edx -jle loc_fffcf5f6 ; jle 0xfffcf5f6 -mov dword [ebp + ecx*4 - 0x28], ebx -mov ebx, dword [ebp - 0x84] -mov dword [ebp + ecx*4 - 0x20], ebx -jmp near loc_fffcf5f6 ; jmp 0xfffcf5f6 +loc_fffce576: ; not directly referenced +xor eax, eax +jmp near loc_fffcf1ab ; jmp 0xfffcf1ab -loc_fffcf7f0: ; not directly referenced -movzx eax, byte [ebp - 0x60] -mov ecx, 2 -xor ebx, ebx -mov esi, dword [ebp - 0x5c] -lea eax, [eax + eax*2] -mov dword [ebp - 0x7c], eax -movsx eax, byte [ebp - 0x78] -add esi, eax -mov dword [ebp - 0x78], eax +loc_fffce57d: ; not directly referenced +movzx eax, dl +movzx edx, byte [ebp - 0x151] +mov esi, dword [ebp + eax*4 - 0x104] +mov dword [ebp - 0x140], eax +mov dword [ebp - 0x16c], 0 mov eax, esi -cdq -idiv ecx -mov dword [ebp - 0x70], eax -movzx eax, byte [ebp - 0x68] -mov dword [ebp - 0x68], eax -movzx eax, byte [ebp - 0x74] -mov dword [ebp - 0x74], eax +shr eax, 0x10 +and eax, 1 +xor eax, edx +mov edx, esi +movzx eax, ax +test eax, eax +mov dword [ebp - 0x148], eax +mov dword [ebp - 0x170], eax +lea eax, [ebp - 0xc4] +je short loc_fffce5ca ; je 0xfffce5ca +call fcn_fffc3acf ; call 0xfffc3acf +jmp short loc_fffce5cf ; jmp 0xfffce5cf -loc_fffcf823: ; not directly referenced -mov eax, dword [ebp - 0x68] -bt eax, ebx -jb short loc_fffcf837 ; jb 0xfffcf837 +loc_fffce5ca: ; not directly referenced +call fcn_fffc3aea ; call 0xfffc3aea -loc_fffcf82b: ; not directly referenced -inc ebx -cmp ebx, 2 -je loc_fffcf90e ; je 0xfffcf90e -jmp short loc_fffcf823 ; jmp 0xfffcf823 +loc_fffce5cf: ; not directly referenced +mov dword [ebp - 0x124], edx +mov edx, dword [ebp - 0x124] +mov dword [ebp - 0x128], eax +mov eax, dword [ebp - 0x128] +mov edi, edx +or edi, eax +je short loc_fffce576 ; je 0xfffce576 +movzx eax, byte [ebp - 0x134] +mov dword [ebp - 0x144], eax +test al, 0xfe +jne loc_fffce576 ; jne 0xfffce576 +cmp dword [ebp - 0x148], 0 +mov ebx, esi +je short loc_fffce612 ; je 0xfffce612 +shr ebx, 0x12 +jmp short loc_fffce615 ; jmp 0xfffce615 -loc_fffcf837: ; not directly referenced -mov esi, dword [ebp + ebx*4 - 0x20] -mov eax, dword [ebp + ebx*4 - 0x28] +loc_fffce612: ; not directly referenced +shr ebx, 0x11 + +loc_fffce615: ; not directly referenced +and ebx, 1 +cmp byte [ebp - 0x134], 0 +mov eax, ebx +setne cl +xor eax, 1 +mov byte [ebp - 0x152], cl +test cl, al +jne loc_fffce576 ; jne 0xfffce576 +cmp dword [ebp - 0x148], 0 mov ecx, esi -mov dword [ebp - 0x60], eax -sub ecx, eax -cmp ecx, dword [ebp - 0x7c] -jl short loc_fffcf855 ; jl 0xfffcf855 -mov edx, dword [ebp - 0x5c] -sub edx, dword [ebp - 0x78] -cmp ecx, edx -jl short loc_fffcf86c ; jl 0xfffcf86c +mov edx, dword [ebp - 0x114] +lea eax, [ebp - 0xc4] +je short loc_fffce660 ; je 0xfffce660 +call fcn_fffb8ec5 ; call 0xfffb8ec5 +test esi, 0x100000 +mov word [ebp - 0x118], ax +jmp short loc_fffce672 ; jmp 0xfffce672 -loc_fffcf855: ; not directly referenced -cmp byte [edi + 0x1965], 0 -je short loc_fffcf87b ; je 0xfffcf87b -cmp dword [edi + 0x188b], 1 -jne short loc_fffcf87b ; jne 0xfffcf87b -jmp near loc_fffcf9bc ; jmp 0xfffcf9bc +loc_fffce660: ; not directly referenced +call fcn_fffb8f37 ; call 0xfffb8f37 +test esi, 0x80000 +mov word [ebp - 0x118], ax -loc_fffcf86c: ; not directly referenced -mov eax, dword [ebp - 0x60] -mov ecx, 2 -add eax, esi -cdq -idiv ecx -jmp short loc_fffcf87e ; jmp 0xfffcf87e +loc_fffce672: ; not directly referenced +je short loc_fffce67b ; je 0xfffce67b +mov eax, 0x10 +jmp short loc_fffce692 ; jmp 0xfffce692 -loc_fffcf87b: ; not directly referenced -mov eax, dword [ebp - 0x70] +loc_fffce67b: ; not directly referenced +mov eax, dword [ebp - 0x114] +shr eax, 0xa +and eax, 1 +cmp eax, 1 +sbb eax, eax +and eax, 0xffffffe8 +add eax, 0x20 -loc_fffcf87e: ; not directly referenced -imul edx, ebx, 0x13c3 -mov cl, byte [ebp - 0x6a] -and cl, byte [edi + edx + 0x381a] -cmp dword [ebp + 0x20], 0 -mov byte [ebp - 0x64], cl -jne short loc_fffcf8ba ; jne 0xfffcf8ba -mov dl, byte [ebp - 0x69] -cmp dl, 6 -je short loc_fffcf8ba ; je 0xfffcf8ba -sub esp, 4 -push 1 -push eax -movzx eax, cl -push dword [ebp - 0x74] -push eax +loc_fffce692: ; not directly referenced +mov edi, dword [ebp - 0x114] +shr edi, 0xb +mov dword [ebp - 0x13c], edi +movzx edi, byte [ebp - 0x110] +and dword [ebp - 0x13c], 1 +cmp ax, 8 +sete dl +mov byte [ebp - 0x120], dl +and edx, dword [ebp - 0x13c] +mov dword [ebp - 0x138], edi movzx eax, dl +shl eax, 3 +or eax, 7 +not eax +test edi, eax +jne loc_fffce576 ; jne 0xfffce576 push eax -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 - -loc_fffcf8ba: ; not directly referenced -mov edx, dword [ebp - 0x60] -movzx ecx, byte [ebp - 0x64] -mov eax, edx -sar eax, 0x1f -xor edx, eax -sub edx, eax -imul eax, edx, 0xa -imul edx, ebx, 0x48 -mov dword [ebp - 0x64], ecx -mov dword [ebp - 0x60], eax -mov eax, esi -sar eax, 0x1f -add edx, edi -xor esi, eax -sub esi, eax -xor eax, eax -imul esi, esi, 0xa - -loc_fffcf8e6: ; not directly referenced -mov ecx, dword [ebp - 0x64] -bt ecx, eax -jae short loc_fffcf8fd ; jae 0xfffcf8fd -mov ecx, dword [ebp - 0x60] -mov dword [edx + 0x3214], esi -mov dword [edx + 0x3210], ecx - -loc_fffcf8fd: ; not directly referenced -inc eax -add edx, 0x90 -cmp eax, 4 -jne short loc_fffcf8e6 ; jne 0xfffcf8e6 -jmp near loc_fffcf82b ; jmp 0xfffcf82b - -loc_fffcf90e: ; not directly referenced -cmp dword [ebp + 0x24], 0 -jne short loc_fffcf92b ; jne 0xfffcf92b -push 0 -push 0 -push 0 -push 0 -push 0 -push 0 -push 2 -push edi -call fcn_fffcc4cb ; call 0xfffcc4cb -add esp, 0x20 - -loc_fffcf92b: ; not directly referenced -cmp byte [ebp - 0x88], 6 -je short loc_fffcf942 ; je 0xfffcf942 - -loc_fffcf934: ; not directly referenced -sub esp, 0xc -push edi -call fcn_fffc82f4 ; call 0xfffc82f4 +mov al, byte [ebp - 0x118] +add eax, ebx +add edx, eax +movzx edx, dl +push edx +push dword [ebp - 0x124] +push dword [ebp - 0x128] +call dword [ebp - 0x58] ; ucall +movzx edi, word [ebp - 0x130] add esp, 0x10 -jmp short loc_fffcf9c1 ; jmp 0xfffcf9c1 - -loc_fffcf942: ; not directly referenced -xor ebx, ebx - -loc_fffcf944: ; not directly referenced -mov eax, dword [ebp - 0x68] -bt eax, ebx -jb short loc_fffcf954 ; jb 0xfffcf954 - -loc_fffcf94c: ; not directly referenced -inc ebx -cmp ebx, 2 -je short loc_fffcf934 ; je 0xfffcf934 -jmp short loc_fffcf944 ; jmp 0xfffcf944 - -loc_fffcf954: ; not directly referenced -imul eax, ebx, 0x13c3 -mov dl, byte [ebp - 0x6a] -and dl, byte [edi + eax + 0x381a] -xor eax, eax -cmp dword [ebp + 0x20], 0 -movzx esi, dl -mov edx, ebx -sete al -mov ecx, esi +mov dword [ebp - 0x160], eax +neg eax +mov dword [ebp - 0x15c], edx +test eax, edi +jne loc_fffce576 ; jne 0xfffce576 +movzx eax, word [ebp - 0x12e] +mov cl, byte [ebp - 0x118] +mov edx, eax +mov dword [ebp - 0x174], eax +mov eax, 1 +shl eax, cl +dec eax +movzx eax, ax +not eax +test edx, eax +jne loc_fffce576 ; jne 0xfffce576 +mov eax, esi +shr eax, 0x15 +mov dword [ebp - 0x178], eax +and eax, 1 +mov dword [ebp - 0x158], eax +mov eax, esi +shr eax, 0x1a +mov dword [ebp - 0x17c], eax +and eax, 1 +mov dword [ebp - 0x164], eax +mov eax, esi +shr eax, 0x16 +mov dword [ebp - 0x128], eax +and dword [ebp - 0x128], 1 +cmp dword [ebp - 0x13c], 0 +je loc_fffceae1 ; je 0xfffceae1 push eax -mov eax, edi -push 0 -push 0 -push 0 -call fcn_fffb0cb4 ; call 0xfffb0cb4 -imul eax, ebx, 0x48 -add esp, 0x10 +mov eax, dword [ebp - 0x110] xor edx, edx -add eax, edi - -loc_fffcf98c: ; not directly referenced -bt esi, edx -jae short loc_fffcf9af ; jae 0xfffcf9af -mov ecx, dword [eax + 0x3210] -mov dword [ebp - 0x5c], ecx -mov ecx, dword [eax + 0x3214] -mov dword [eax + 0x3210], ecx -mov ecx, dword [ebp - 0x5c] -mov dword [eax + 0x3214], ecx - -loc_fffcf9af: ; not directly referenced -inc edx -add eax, 0x90 -cmp edx, 4 -jne short loc_fffcf98c ; jne 0xfffcf98c -jmp short loc_fffcf94c ; jmp 0xfffcf94c - -loc_fffcf9bc: ; not directly referenced -mov eax, 0xc - -loc_fffcf9c1: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret - -fcn_fffcf9c9: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -sub esp, 0x40 -mov edi, dword [ebp + 8] -mov dword [ebp - 0x2c], eax -mov dword [ebp - 0x44], ecx -mov byte [ebp - 0x3d], cl -mov esi, edi -mov ebx, esi -mov esi, eax -mov byte [ebp - 0x3e], bl -mov ebx, dword [eax + 0x2443] -lea eax, [ebp - 0x24] -push 0 -push 2 +push 8 +push edx +and eax, 3 push eax -mov dword [ebp - 0x3c], edx -mov dword [ebp - 0x38], edi -mov edi, dword [ebp + 0xc] -mov byte [ebp - 0x1a], 0xf8 -mov byte [ebp - 0x19], 8 -call dword [ebx + 0x5c] ; ucall +call dword [ebp - 0x5c] ; ucall add esp, 0xc -push 0 push 2 -lea eax, [ebp - 0x22] +mov dword [ebp - 0x190], eax +mov al, byte [ebp - 0x110] +mov dword [ebp - 0x194], edx +xor edx, edx +push edx +and eax, 4 +movzx eax, al push eax -call dword [ebx + 0x5c] ; ucall +call dword [ebp - 0x58] ; ucall add esp, 0x10 -cmp byte [ebp - 0x3c], 0 -setne cl -cmp dword [esi + 0x2480], 3 -mov byte [ebp - 0x30], cl -sete al -test cl, al -je short loc_fffcfa69 ; je 0xfffcfa69 -mov al, byte [edi] -xor ecx, ecx -lea edx, [eax - 0x20] -cmp al, 0x21 -cmovb edx, ecx -cmp al, 0x5e -lea ebx, [eax + 0x20] -mov al, byte [edi + 1] -mov byte [ebp - 0x1e], dl -mov dl, 0x7f -cmova ebx, edx -mov byte [ebp - 0x1c], bl -cmp al, 0x21 -lea ebx, [eax - 0x20] -cmovae ecx, ebx -cmp al, 0x5e -mov byte [ebp - 0x1d], cl -lea ecx, [eax + 0x20] -cmovbe edx, ecx -mov byte [ebp - 0x1b], dl -jmp short loc_fffcfa86 ; jmp 0xfffcfa86 - -loc_fffcfa69: ; not directly referenced +mov dword [ebp - 0x118], eax +mov eax, dword [ebp - 0x190] +or dword [ebp - 0x118], eax +mov eax, dword [ebp - 0x194] +mov dword [ebp - 0x13c], edx +mov edx, dword [ebp - 0x5c] +or dword [ebp - 0x13c], eax +test byte [ebp - 0x164], bl +je loc_fffce8c6 ; je 0xfffce8c6 +mov ecx, esi +mov ebx, 1 +shr ecx, 0x1b +and ecx, 7 +add ecx, 4 +shl ebx, cl +dec ebx +cmp byte [ebp - 0x120], 1 +push esi +mov esi, dword [ebp - 0x144] +sbb eax, eax +add eax, 0xb push eax -push 0 -push 2 -lea eax, [ebp - 0x1e] +mov eax, dword [ebp - 0x130] +shl esi, cl +and eax, ebx +movzx ebx, bx +not ebx +movzx eax, ax +and ebx, edi +or eax, esi +add ebx, ebx +or eax, ebx +mov ebx, eax +sar ebx, 0x1f +push ebx push eax -call dword [ebx + 0x5c] ; ucall +call edx add esp, 0xc -push 0x7f -push 2 -lea eax, [ebp - 0x1c] +push 7 +mov esi, eax +mov al, byte [ebp - 0x110] +mov ebx, edx +xor edx, edx +push edx +and eax, 8 +movzx eax, al push eax -call dword [ebx + 0x5c] ; ucall +call dword [ebp - 0x5c] ; ucall add esp, 0x10 +or eax, esi +or edx, ebx +or eax, dword [ebp - 0x118] +or edx, dword [ebp - 0x13c] +cmp dword [ebp - 0x128], 0 +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +je loc_fffceaa0 ; je 0xfffceaa0 +cmp byte [ebp - 0x120], 0 +mov eax, dword [ebp - 0x58] +jne loc_fffcea2b ; jne 0xfffcea2b +push ebx +push 3 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +mov edi, ebx +and eax, 0x300 +xor eax, ecx +mov esi, eax +jmp near loc_fffcea82 ; jmp 0xfffcea82 -loc_fffcfa86: ; not directly referenced -test edi, edi -mov eax, 1 -sete dl -test byte [ebp - 0x30], dl -jne loc_fffcfcdd ; jne 0xfffcfcdd -movzx esi, byte [ebp - 0x3d] +loc_fffce8c6: ; not directly referenced +cmp byte [ebp - 0x120], 1 +sbb eax, eax +test byte [ebp - 0x158], bl +je loc_fffce987 ; je 0xfffce987 +add eax, 0xc xor ebx, ebx -mov byte [ebp - 0x34], 0 - -loc_fffcfaa3: ; not directly referenced -mov eax, dword [ebp - 0x2c] -mov ecx, esi -mov edx, ebx -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0x34], al -cmp byte [ebp - 0x30], 0 -je short loc_fffcfabf ; je 0xfffcfabf -mov al, byte [edi + ebx] -mov byte [ebp + ebx - 0x20], al - -loc_fffcfabf: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffcfaa3 ; jne 0xfffcfaa3 -cmp byte [ebp - 0x3c], 0 -jne loc_fffcfbe2 ; jne 0xfffcfbe2 -mov eax, dword [ebp - 0x2c] -cmp dword [eax + 0x188b], 0 -je short loc_fffcfae5 ; je 0xfffcfae5 -mov al, byte [ebp - 0x44] -and eax, 5 -cmp al, 5 -je short loc_fffcfb15 ; je 0xfffcfb15 - -loc_fffcfae5: ; not directly referenced -push 0 -movzx ecx, byte [ebp - 0x34] -xor edx, edx -push 0 -lea eax, [ebp - 0x1a] -push eax -movzx eax, byte [ebp - 0x1c] -push 1 -push eax -movsx eax, byte [ebp - 0x1e] -push eax -movzx eax, byte [ebp - 0x38] -push eax -mov eax, dword [ebp - 0x2c] -push esi -call fcn_fffcf3cd ; call 0xfffcf3cd -add esp, 0x20 -jmp near loc_fffcfcdd ; jmp 0xfffcfcdd - -loc_fffcfb15: ; not directly referenced -movzx edi, byte [ebp - 0x3e] -xor eax, eax -mov dword [ebp - 0x30], 0 -mov dword [ebp - 0x38], edi - -loc_fffcfb25: ; not directly referenced -mov cl, byte [ebp - 0x30] -mov ebx, 3 -xor esi, esi -mov edi, dword [ebp - 0x2c] -shl ebx, cl -mov byte [ebp - 0x34], bl -add edi, 0x3756 - -loc_fffcfb3d: ; not directly referenced -cmp dword [edi], 2 -jne short loc_fffcfb77 ; jne 0xfffcfb77 -cmp byte [ebp - 0x34], 3 -mov ecx, 0x40 -mov dword [ebp - 0x3c], eax -mov edx, 0xffffffc0 +push ecx push eax -push 1 -cmove edx, ecx -push edx -push 1 -mov dl, byte [edi + 0xc4] -and edx, 0xc -push edx -push 0 -push esi -push dword [ebp - 0x2c] -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x3c] -add esp, 0x20 - -loc_fffcfb77: ; not directly referenced -inc esi -add edi, 0x13c3 -cmp esi, 2 -jne short loc_fffcfb3d ; jne 0xfffcfb3d -test byte [ebp - 0x3d], bl -je short loc_fffcfbcf ; je 0xfffcfbcf -mov edi, dword [ebp - 0x2c] -mov ecx, ebx -xor edx, edx -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 -mov ecx, ebx -mov edx, 1 +push ebx +push edi +call edx +add esp, 0xc +push 0xa mov esi, eax -mov eax, edi -call fcn_fffaac43 ; call 0xfffaac43 +movzx eax, byte [ebp - 0x134] +mov ebx, edx xor edx, edx -push 0 -push 0 -or eax, esi -movzx ecx, al -lea eax, [ebp - 0x1a] -push eax -movzx eax, byte [ebp - 0x1c] -push 1 +push edx push eax -movsx eax, byte [ebp - 0x1e] +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 8 +or esi, eax +mov al, byte [ebp - 0x110] +or ebx, edx +xor edx, edx +push edx +or esi, dword [ebp - 0x118] +and eax, 8 +movzx eax, al +or ebx, dword [ebp - 0x13c] push eax -mov eax, edi -push dword [ebp - 0x38] -push ebx -call fcn_fffcf3cd ; call 0xfffcf3cd -add esp, 0x20 - -loc_fffcfbcf: ; not directly referenced -add dword [ebp - 0x30], 2 -cmp dword [ebp - 0x30], 4 -je loc_fffcfcdd ; je 0xfffcfcdd -jmp near loc_fffcfb25 ; jmp 0xfffcfb25 +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +or esi, eax +or ebx, edx +cmp dword [ebp - 0x128], 0 +mov dword [ebp - 0x110], esi +mov dword [ebp - 0x10c], ebx +je loc_fffceaa0 ; je 0xfffceaa0 +cmp byte [ebp - 0x120], 0 +mov eax, dword [ebp - 0x58] +je loc_fffcea2b ; je 0xfffcea2b +push esi +push 5 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +add esp, 0xc +push 0xc +mov edi, ebx +and eax, 0xf00 +xor eax, ecx +mov esi, eax +jmp near loc_fffcea87 ; jmp 0xfffcea87 -loc_fffcfbe2: ; not directly referenced -movzx eax, byte [ebp - 0x38] -push ebx -push ebx -lea ebx, [ebp - 0x1a] -mov edx, eax -mov dword [ebp - 0x30], eax -movzx eax, byte [ebp - 0x34] -push ebx -push 0 -lea ebx, [ebp - 0x20] -mov ecx, eax -mov dword [ebp - 0x38], eax -movzx eax, byte [ebp - 0x3c] +loc_fffce987: ; not directly referenced +add eax, 0xb push ebx -mov dword [ebp - 0x3c], eax -lea eax, [ebp - 0x1e] -push eax -mov eax, dword [ebp - 0x2c] -push edx -mov edx, dword [ebp - 0x3c] -push esi -call fcn_fffcef25 ; call 0xfffcef25 -mov al, byte [ebp - 0x20] -add esp, 0x18 -lea edx, [ebp - 0x1a] -mov ecx, dword [ebp - 0x38] -mov byte [ebp - 0x24], al -mov al, byte [ebp - 0x1f] -mov byte [ebp - 0x23], al -mov al, byte [edi] -mov byte [ebp - 0x20], al -mov al, byte [edi + 1] -push edx -mov edx, dword [ebp - 0x3c] -push 1 -mov byte [ebp - 0x1f], al -lea eax, [ebp - 0x1c] +xor ebx, ebx push eax -mov eax, dword [ebp - 0x2c] push ebx -push dword [ebp - 0x30] -push esi -xor esi, esi -call fcn_fffcef25 ; call 0xfffcef25 -mov al, byte [ebp - 0x20] -add esp, 0x20 -mov dword [ebp - 0x34], 0 -mov byte [ebp - 0x22], al -mov al, byte [ebp - 0x1f] -mov byte [ebp - 0x21], al - -loc_fffcfc67: ; not directly referenced -mov eax, dword [ebp - 0x38] -bt eax, esi -jae short loc_fffcfcd4 ; jae 0xfffcfcd4 -mov ebx, dword [ebp - 0x2c] -imul eax, esi, 0x13c3 -mov cl, byte [ebp - 0x3d] -movzx edx, byte [ebp + esi - 0x22] -and cl, byte [ebx + eax + 0x381a] -mov bl, dl -mov byte [ebp - 0x44], cl -movzx ecx, byte [ebp + esi - 0x24] -sub ebx, ecx -cmp dl, 0x7f -jne short loc_fffcfca1 ; jne 0xfffcfca1 -test cl, cl -jne short loc_fffcfca1 ; jne 0xfffcfca1 -mov al, byte [edi + esi] -jmp short loc_fffcfcb6 ; jmp 0xfffcfcb6 - -loc_fffcfca1: ; not directly referenced -lea eax, [ecx + edx + 1] -mov edx, 0xc -shr eax, 1 -cmp bl, 0x11 -cmova edx, dword [ebp - 0x34] -mov dword [ebp - 0x34], edx - -loc_fffcfcb6: ; not directly referenced +push edi +call edx +add esp, 0xc +push 7 +mov esi, eax +mov al, byte [ebp - 0x110] +mov ebx, edx +xor edx, edx push edx +and eax, 8 movzx eax, al -push 1 push eax -movzx eax, byte [ebp - 0x44] -push dword [ebp - 0x30] +call dword [ebp - 0x5c] ; ucall +add esp, 0x10 +or eax, esi +or edx, ebx +or eax, dword [ebp - 0x118] +or edx, dword [ebp - 0x13c] +cmp byte [ebp - 0x152], 0 +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +je short loc_fffcea12 ; je 0xfffcea12 +cmp byte [ebp - 0x120], 1 +push ecx +sbb eax, eax +add eax, 0xb push eax -push dword [ebp - 0x3c] -push esi -push dword [ebp - 0x2c] -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 - -loc_fffcfcd4: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffcfc67 ; jne 0xfffcfc67 -mov eax, dword [ebp - 0x34] +push dword [ebp - 0x15c] +push dword [ebp - 0x160] +call dword [ebp - 0x5c] ; ucall +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +add esp, 0x10 +or eax, ecx +or edx, ebx +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx -loc_fffcfcdd: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcea12: ; not directly referenced +cmp dword [ebp - 0x128], 0 +je loc_fffceaa0 ; je 0xfffceaa0 +cmp byte [ebp - 0x120], 0 +mov eax, dword [ebp - 0x58] +je short loc_fffcea5a ; je 0xfffcea5a -fcn_fffcfce5: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, edx -push esi +loc_fffcea2b: ; not directly referenced +push edx +push 4 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov ecx, dword [ebp - 0x110] +mov ebx, dword [ebp - 0x10c] +add esp, 0xc +push 0xb +mov edi, ebx +and eax, 0x700 +xor eax, ecx mov esi, eax -push ebx -xor ebx, ebx -sub esp, 0x1c -mov byte [ebp - 0x19], cl -movzx ecx, byte [ebp + 8] +jmp short loc_fffcea87 ; jmp 0xfffcea87 -loc_fffcfcfb: ; not directly referenced -bt edi, ebx -jae short loc_fffcfd2e ; jae 0xfffcfd2e -imul eax, ebx, 0x13c3 -mov dl, byte [ebp - 0x19] -and dl, byte [esi + eax + 0x381a] -movzx eax, dl -je short loc_fffcfd2e ; je 0xfffcfd2e -push edx -push 0 -push ecx +loc_fffcea5a: ; not directly referenced +push edi push 3 -push eax -push 0 -push ebx -push esi -mov dword [ebp - 0x20], ecx -call fcn_fffa9178 ; call 0xfffa9178 -mov ecx, dword [ebp - 0x20] -add esp, 0x20 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call eax +mov edx, dword [ebp - 0x110] +mov ecx, dword [ebp - 0x10c] +mov edi, ecx +and eax, 0x300 +xor eax, edx +mov esi, eax -loc_fffcfd2e: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffcfcfb ; jne 0xfffcfcfb -mov dword [ebp + 8], esi -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -jmp near fcn_fffc82f4 ; jmp 0xfffc82f4 +loc_fffcea82: ; not directly referenced +add esp, 0xc +push 0xa -fcn_fffcfd43: ; not directly referenced -push ebp -mov ebp, esp +loc_fffcea87: ; not directly referenced push edi push esi -push ebx -mov ebx, eax -sub esp, 0x3c -mov edi, dword [ebp + 0xc] -mov eax, dword [ebp + 8] -mov dword [ebp - 0x2c], ecx -mov esi, dword [ebx + 0x2443] -mov dword [ebp - 0x30], edx -mov edx, dword [ebp + 0x18] -mov ecx, edi -inc cl -mov dword [ebp - 0x3c], eax -mov eax, dword [ebp + 0x14] -je short loc_fffcfd80 ; je 0xfffcfd80 -movsx cx, dl -movzx edx, dl -mov word [ebp - 0x34], cx -neg word [ebp - 0x34] -jmp short loc_fffcfd8b ; jmp 0xfffcfd8b +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +mov dword [ebp - 0x10c], edi +and eax, 1 +xor eax, esi +mov dword [ebp - 0x110], eax -loc_fffcfd80: ; not directly referenced -mov edx, 0x20 -mov word [ebp - 0x34], 0xffe0 +loc_fffceaa0: ; not directly referenced +mov cx, word [ebp - 0x12e] +mov ebx, dword [ebp - 0x10c] +shr cx, 2 +and ecx, 0x3ffe +mov eax, ecx +cdq +mov eax, ecx +mov dword [ebp - 0x120], ecx +mov ecx, dword [ebp - 0x110] +mov dword [ebp - 0x11c], edx +or eax, ecx +mov esi, eax +mov eax, dword [ebp - 0x11c] +or eax, ebx +mov edi, eax +jmp near loc_fffcecfa ; jmp 0xfffcecfa -loc_fffcfd8b: ; not directly referenced -push ecx -movzx eax, al -push 0 -inc eax -lea ecx, [ebp - 0x1c] -push 2 -push ecx -mov dword [ebp - 0x44], edx -mov dword [ebp - 0x40], ecx -mov word [ebp - 0x36], ax -call dword [esi + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0x1a] -push eax -call dword [esi + 0x5c] ; ucall -movzx ecx, byte [ebp - 0x2c] -add esp, 0xc -movzx edx, byte [ebp - 0x30] -mov eax, edi -push dword [ebp + 0x1c] -movzx edi, al -movzx eax, word [ebp - 0x36] -mov dword [ebp - 0x2c], ecx -mov ecx, dword [ebp - 0x40] -mov dword [ebp - 0x30], edx -mov edx, dword [ebp - 0x44] -movzx esi, byte [ebp - 0x3c] -push ecx -mov ecx, dword [ebp - 0x2c] -push eax -movsx edx, dx -push edx -mov edx, dword [ebp - 0x30] -mov eax, ebx -push dword [ebp + 0x10] -push edi +loc_fffceae1: ; not directly referenced +test byte [ebp - 0x164], bl +je short loc_fffceb45 ; je 0xfffceb45 +mov ebx, esi +mov eax, 1 +shr ebx, 0x1b +and ebx, 7 +lea ecx, [ebx + 4] +shl eax, cl +mov ecx, eax +dec ecx +movzx eax, cx +and ecx, dword [ebp - 0x130] +not eax +and eax, edi +add eax, eax +movzx ecx, cx push esi -call fcn_fffcf285 ; call 0xfffcf285 -add esp, 0x20 -cmp dword [ebp + 0x1c], 0 -je short loc_fffcfe37 ; je 0xfffcfe37 -xor eax, eax - -loc_fffcfdfd: ; not directly referenced -mov ecx, dword [ebp - 0x2c] -bt ecx, eax -jae short loc_fffcfe25 ; jae 0xfffcfe25 -mov ecx, dword [ebp + 0x10] -push edx -push 0 -movzx edx, byte [ecx + eax] -mov dword [ebp - 0x3c], eax +or eax, ecx +push 0xa +cdq push edx -push edi -push esi -push dword [ebp - 0x30] push eax -push ebx -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x3c] -add esp, 0x20 +call dword [ebp - 0x58] ; ucall +lea ecx, [ebx + 0xe] +mov ebx, dword [ebp - 0x144] +shl ebx, cl +mov ecx, dword [ebp - 0x138] +shl ecx, 7 +or ebx, ecx +mov edi, ebx +or eax, ebx +sar edi, 0x1f +mov dword [ebp - 0x110], eax +or edx, edi +jmp near loc_fffcec4e ; jmp 0xfffcec4e -loc_fffcfe25: ; not directly referenced -inc eax -cmp eax, 2 -jne short loc_fffcfdfd ; jne 0xfffcfdfd -sub esp, 0xc +loc_fffceb45: ; not directly referenced +test byte [ebp - 0x158], bl +je loc_fffcec04 ; je 0xfffcec04 push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 -add esp, 0x10 - -loc_fffcfe37: ; not directly referenced -push ecx -mov edx, dword [ebp - 0x30] -push dword [ebp + 0x1c] -lea eax, [ebp - 0x1a] -mov ecx, dword [ebp - 0x2c] -push eax -mov ax, word [ebp - 0x36] -neg eax -cwde -push eax -movsx eax, word [ebp - 0x34] +xor edx, edx +push 0xb +push edx +push edi +xor edi, edi +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 9 +mov dword [ebp - 0x110], eax +movzx eax, byte [ebp - 0x134] +mov dword [ebp - 0x120], edx +xor edx, edx +push edx push eax -mov eax, ebx -push dword [ebp + 0x10] +call dword [ebp - 0x5c] ; ucall +mov esi, dword [ebp - 0x138] +add esp, 0xc +push 8 push edi push esi -call fcn_fffcf285 ; call 0xfffcf285 -add esp, 0x20 -cmp dword [ebp + 0x1c], 0 -je short loc_fffcfea3 ; je 0xfffcfea3 -xor eax, eax - -loc_fffcfe69: ; not directly referenced -mov ecx, dword [ebp - 0x2c] -bt ecx, eax -jae short loc_fffcfe91 ; jae 0xfffcfe91 -push edx -mov edx, dword [ebp + 0x10] -push 0 -mov dword [ebp - 0x34], eax -movzx edx, byte [edx + eax] -push edx +mov dword [ebp - 0x134], eax +mov dword [ebp - 0x13c], edx +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 7 push edi push esi -push dword [ebp - 0x30] -push eax -push ebx -call fcn_fffa9178 ; call 0xfffa9178 -mov eax, dword [ebp - 0x34] -add esp, 0x20 - -loc_fffcfe91: ; not directly referenced -inc eax -cmp eax, 2 -jne short loc_fffcfe69 ; jne 0xfffcfe69 -sub esp, 0xc -push ebx -call fcn_fffc82f4 ; call 0xfffc82f4 +mov ebx, eax +call dword [ebp - 0x5c] ; ucall +mov edi, dword [ebp - 0x134] +and ebx, 0x400 +or edi, dword [ebp - 0x110] add esp, 0x10 +mov edx, edi +or edx, ebx +and eax, 0x180 +mov edi, edx +or edi, eax +mov eax, dword [ebp - 0x13c] +or eax, dword [ebp - 0x120] +cmp dword [ebp - 0x128], 0 +mov dword [ebp - 0x110], edi +mov dword [ebp - 0x10c], eax +je loc_fffcec91 ; je 0xfffcec91 +mov ebx, dword [ebp - 0x110] +push ecx +mov esi, dword [ebp - 0x10c] +push 4 +mov edi, ebx +and edi, 0x7800 +jmp short loc_fffcec77 ; jmp 0xfffcec77 -loc_fffcfea3: ; not directly referenced -xor eax, eax +loc_fffcec04: ; not directly referenced +mov ebx, dword [ebp - 0x138] +mov eax, edi +shl eax, 0xa +shl ebx, 7 +or ebx, eax +mov eax, ebx +sar eax, 0x1f +cmp byte [ebp - 0x152], 0 +mov dword [ebp - 0x110], ebx +mov dword [ebp - 0x10c], eax +je short loc_fffcec57 ; je 0xfffcec57 +push edx +push 0xa +push dword [ebp - 0x15c] +push dword [ebp - 0x160] +call dword [ebp - 0x5c] ; ucall +or edx, dword [ebp - 0x10c] +or ebx, eax +mov dword [ebp - 0x110], ebx -loc_fffcfea5: ; not directly referenced -mov edi, dword [ebp - 0x2c] -bt edi, eax -jb short loc_fffcfebe ; jb 0xfffcfebe +loc_fffcec4e: ; not directly referenced +mov dword [ebp - 0x10c], edx +add esp, 0x10 -loc_fffcfead: ; not directly referenced -inc eax -add ebx, 0x48 -cmp eax, 2 -jne short loc_fffcfea5 ; jne 0xfffcfea5 -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffcec57: ; not directly referenced +cmp dword [ebp - 0x128], 0 +je short loc_fffcec91 ; je 0xfffcec91 +mov ebx, dword [ebp - 0x110] +mov esi, dword [ebp - 0x10c] +push eax +push 3 +mov edi, ebx +and edi, 0x1c00 -loc_fffcfebe: ; not directly referenced -mov ecx, ebx +loc_fffcec77: ; not directly referenced xor edx, edx - -loc_fffcfec2: ; not directly referenced -bt esi, edx -jae short loc_fffcfee3 ; jae 0xfffcfee3 -movzx edi, byte [ebp + eax - 0x1a] -imul edi, edi, 0xa -mov dword [ecx + 0x3210], edi -movzx edi, byte [ebp + eax - 0x1c] -imul edi, edi, 0xa -mov dword [ecx + 0x3214], edi - -loc_fffcfee3: ; not directly referenced -inc edx -add ecx, 0x90 -cmp edx, 4 -jne short loc_fffcfec2 ; jne 0xfffcfec2 -jmp short loc_fffcfead ; jmp 0xfffcfead - -fcn_fffcfef1: ; not directly referenced -push ebp -mov ebp, esp +push edx push edi -push esi -push ebx -sub esp, 0xfc -mov esi, dword [ebp + 8] -mov dword [ebp - 0xd4], 0 -mov eax, dword [esi + 0x2443] -mov dword [ebp - 0xd8], eax -mov eax, dword [esi + 0x5edc] -mov dword [ebp - 0xdc], eax -lea eax, [esi + 0x2490] -mov dword [ebp - 0xe0], eax -mov eax, dword [esi + 0x188b] -mov dword [ebp - 0xe4], eax -mov al, byte [esi + 0x2441] -mov byte [ebp - 0xf9], al -test byte [esi + 0x2405], 0x20 -je short loc_fffcff61 ; je 0xfffcff61 -xor eax, eax -cmp dword [ebp - 0xe4], 1 -sete al -mov dword [ebp - 0xd4], eax +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +xor eax, ebx +xor edx, esi +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx -loc_fffcff61: ; not directly referenced -cmp dword [esi + 0x2480], 3 -mov edi, dword [ebp - 0xd8] -push ebx -sete al -push 0 -push 0x10 -lea ebx, [ebp - 0xa8] -mov byte [ebp - 0xfa], al -movzx eax, al -mov dword [ebp - 0xcc], eax -mov eax, edi -push ebx -call dword [eax + 0x5c] ; ucall -add esp, 0xc -push 0 -push 2 -lea eax, [ebp - 0xb0] +loc_fffcec91: ; not directly referenced +cmp word [ebp - 0x118], 9 +jne short loc_fffcecaf ; jne 0xfffcecaf push eax -mov eax, edi -call dword [eax + 0x5c] ; ucall -add esp, 0xc -mov eax, edi -push 0xff -lea edx, [ebp - 0x98] -push 0x80 -push edx -mov dword [ebp - 0xbc], edx -call dword [eax + 0x5c] ; ucall +push 1 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x58] ; ucall +jmp short loc_fffceccb ; jmp 0xfffceccb + +loc_fffcecaf: ; not directly referenced +cmp word [ebp - 0x118], 0xb +jne short loc_fffcecda ; jne 0xfffcecda +push eax +push 1 +push dword [ebp - 0x10c] +push dword [ebp - 0x110] +call dword [ebp - 0x5c] ; ucall + +loc_fffceccb: ; not directly referenced +mov dword [ebp - 0x110], eax add esp, 0x10 -mov edx, dword [ebp - 0xbc] -cmp dword [ebp - 0xcc], 1 -mov byte [ebp - 0xad], 0 -mov byte [ebp - 0xae], 0 -sbb eax, eax -and eax, 7 -add eax, 0xa -cmp dword [ebp - 0xd4], 1 -movzx eax, al -mov dword [ebp - 0xf8], edx -mov dword [ebp - 0xec], edx -sbb edi, edi -mov dword [ebp - 0xc8], edi -mov edi, esi -and dword [ebp - 0xc8], 0xfffffff8 -add dword [ebp - 0xc8], 0xd -mov dword [ebp - 0xc4], 0 -mov dword [ebp - 0xc0], 0 -mov dword [ebp - 0xf4], ebx -mov dword [ebp - 0x100], eax +mov dword [ebp - 0x10c], edx -loc_fffd0037: ; not directly referenced -mov eax, dword [ebp - 0xdc] -xor ebx, ebx -mov cl, byte [ebp - 0xc4] -mov dword [ebp - 0xd0], 1 -shl dword [ebp - 0xd0], cl -add eax, 0x70 -mov dword [ebp - 0xf0], eax -mov byte [ebp - 0xe8], 0 +loc_fffcecda: ; not directly referenced +mov ax, word [ebp - 0x12e] +mov edx, dword [ebp - 0x110] +mov ecx, dword [ebp - 0x10c] +shr ax, 3 +movzx eax, ax +or eax, edx +mov edi, ecx +mov esi, eax -loc_fffd0065: ; not directly referenced -mov ecx, dword [ebp - 0xd0] +loc_fffcecfa: ; not directly referenced +mov eax, dword [ebp - 0x140] +mov ebx, dword [ebp + eax*4 - 0x104] +lea eax, [ebp - 0xc4] mov edx, ebx -mov eax, esi -call fcn_fffaac43 ; call 0xfffaac43 -or byte [ebp - 0xe8], al -movzx eax, byte [ebp - 0xe8] -bt eax, ebx -mov dword [ebp - 0xbc], eax -jae short loc_fffd00a9 ; jae 0xfffd00a9 -push ecx -push 0 -movzx eax, byte [esi + 0x2488] +call fcn_fffc3aea ; call 0xfffc3aea +mov dword [ebp - 0x110], eax +lea eax, [ebp - 0xc4] +mov dword [ebp - 0x10c], edx +mov edx, ebx +call fcn_fffc3acf ; call 0xfffc3acf +mov ecx, dword [ebp - 0x17c] +or ecx, dword [ebp - 0x178] +and cl, 1 +je short loc_fffced95 ; je 0xfffced95 +cmp edi, edx +ja short loc_fffced8f ; ja 0xfffced8f +jb short loc_fffced48 ; jb 0xfffced48 +cmp esi, eax +jae short loc_fffced8f ; jae 0xfffced8f + +loc_fffced48: ; not directly referenced push eax -mov eax, dword [ebp - 0xd8] -push dword [ebp - 0xf0] -call dword [eax + 0x64] ; ucall +push 1 +push edi +push esi +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 9 +push dword [ebp - 0x16c] +push dword [ebp - 0x170] +mov ebx, edx +mov dword [ebp - 0x110], eax +call dword [ebp - 0x5c] ; ucall add esp, 0x10 - -loc_fffd00a9: ; not directly referenced -inc ebx -add dword [ebp - 0xf0], 0xcc -cmp ebx, 2 -jne short loc_fffd0065 ; jne 0xfffd0065 -cmp byte [ebp - 0xe8], 0 -je loc_fffd03c2 ; je 0xfffd03c2 -mov edx, dword [ebp - 0xbc] -sub esp, 0xc -mov ecx, 0x11 -push 0 +mov ecx, eax mov eax, esi -mov bl, 1 -call fcn_fffb26ca ; call 0xfffb26ca -add esp, 0x10 +and eax, 0x1ff +or edx, ebx +or ecx, eax +mov eax, dword [ebp - 0x110] +mov edi, edx +and eax, 0xfffffc00 +or ecx, eax +mov esi, ecx +jmp short loc_fffcedaa ; jmp 0xfffcedaa -loc_fffd00e2: ; not directly referenced -cmp ebx, 3 -je short loc_fffd0142 ; je 0xfffd0142 -cmp ebx, 1 -jne short loc_fffd00f5 ; jne 0xfffd00f5 -mov byte [esi + 0x248b], 9 -jmp short loc_fffd0101 ; jmp 0xfffd0101 +loc_fffced8f: ; not directly referenced +add esi, eax +adc edi, edx +jmp short loc_fffcedaa ; jmp 0xfffcedaa -loc_fffd00f5: ; not directly referenced -cmp ebx, 4 -jne short loc_fffd0101 ; jne 0xfffd0101 -mov byte [esi + 0x248b], 0 +loc_fffced95: ; not directly referenced +cmp dword [ebp - 0x148], 0 +je short loc_fffcedaa ; je 0xfffcedaa +add esi, dword [ebp - 0x110] +adc edi, dword [ebp - 0x10c] -loc_fffd0101: ; not directly referenced -lea eax, [ebx - 4] -mov ecx, dword [ebp - 0xbc] +loc_fffcedaa: ; not directly referenced +mov ebx, dword [ebp - 0x114] +mov eax, ebx +and eax, 3 +cmp eax, dword [ebp - 0x140] +push eax +movzx eax, byte [ebp - 0x150] +push 0x16 +setne byte [ebp - 0x110] +xor edx, edx push edx -cmp eax, 2 +push eax +call dword [ebp - 0x5c] ; ucall +add esp, 0xc +push 2 +mov dword [ebp - 0x128], eax +mov eax, dword [ebp - 0x150] +mov dword [ebp - 0x118], edx +xor edx, edx push edx -sbb eax, eax -mov edx, dword [ebp - 0xe0] -push 0 -and eax, 0x17 -push dword [ebp - 0xf4] -add eax, 0x1f -movzx eax, al +and eax, 0xff000000 push eax -mov eax, esi -push 1 -push ebx -push dword [ebp - 0xc4] -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x20 -mov dword [ebp - 0xc0], eax - -loc_fffd0142: ; not directly referenced -inc ebx -cmp ebx, 6 -jne short loc_fffd00e2 ; jne 0xfffd00e2 -cmp dword [ebp - 0xd4], 0 -je loc_fffd03c2 ; je 0xfffd03c2 -mov ecx, dword [ebp - 0x100] -sub esp, 0xc -mov eax, esi -mov edx, dword [ebp - 0xbc] -push 0 -call fcn_fffb2759 ; call 0xfffb2759 +call dword [ebp - 0x5c] ; ucall +mov ecx, ebx add esp, 0x10 -cmp dword [ebp - 0xcc], 0 -je short loc_fffd01a5 ; je 0xfffd01a5 +shr ecx, 6 +mov dword [ebp - 0x120], ecx +and dword [ebp - 0x120], 1 +cmp dword [ebp - 0x12c], 1 +jne short loc_fffcee22 ; jne 0xfffcee22 +mov ebx, dword [ebp - 0x128] +mov ecx, dword [ebp - 0x118] +jmp short loc_fffcee26 ; jmp 0xfffcee26 + +loc_fffcee22: ; not directly referenced +mov ebx, eax +mov ecx, edx + +loc_fffcee26: ; not directly referenced +cmp dword [ebp - 0x120], 0 +je short loc_fffcee6d ; je 0xfffcee6d +mov ebx, dword [ebp - 0x114] push eax -mov ecx, dword [ebp - 0xbc] -xor edx, edx -push 0 -push 0 -push 0x20 +shr ebx, 7 +and ebx, 7 +push ebx +add ebx, 0x16 push 0 -lea eax, [ebp - 0xae] -push eax -mov eax, esi -push 0xff -push dword [ebp - 0xd0] -call fcn_fffcfd43 ; call 0xfffcfd43 -jmp short loc_fffd01f5 ; jmp 0xfffd01f5 - -loc_fffd01a5: ; not directly referenced -push 1 -mov ecx, dword [ebp - 0xbc] +push 0x400000 +call dword [ebp - 0x5c] ; ucall +movzx eax, byte [ebp - 0x110] +add esp, 0xc +push ebx xor edx, edx -push 1 -lea eax, [ebp - 0xb0] +push edx push eax -mov eax, esi -push 1 -push 0x40 -push 0xffffffffffffffc0 -push 3 -push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd -mov ebx, dword [ebp - 0xec] -mov eax, dword [edi + 0x3210] -mov dword [ebx], eax -mov eax, dword [edi + 0x3214] -mov dword [ebx + 4], eax -mov eax, dword [edi + 0x3258] -mov dword [ebx + 0x10], eax -mov eax, dword [edi + 0x325c] -mov dword [ebx + 0x14], eax +call dword [ebp - 0x5c] ; ucall +mov ecx, eax +mov ebx, edx +or ecx, esi +or ebx, edi +mov eax, ecx +mov edx, ebx +jmp near loc_fffcef2c ; jmp 0xfffcef2c -loc_fffd01f5: ; not directly referenced -add esp, 0x20 -cmp byte [ebp - 0xf9], 0 -je short loc_fffd0278 ; je 0xfffd0278 +loc_fffcee6d: ; not directly referenced +cmp edi, ecx +ja loc_fffcef4c ; ja 0xfffcef4c +jb short loc_fffcee7f ; jb 0xfffcee7f +cmp esi, ebx +jae loc_fffcef4c ; jae 0xfffcef4c -loc_fffd0201: ; not directly referenced -push ecx -push 0 -push 0 -push 3 -push 0xff -push 0 -push 0 -push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c -push 0 -push 0 -push 3 -push 0xff -push 0 +loc_fffcee7f: ; not directly referenced +push ebx push 1 +push edi push esi -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x14 -push esi -call fcn_fffc82f4 ; call 0xfffc82f4 -mov ecx, dword [ebp - 0xbc] -pop ebx -pop eax -mov eax, esi -mov edx, dword [ebp - 0xe0] -push 0 -push dword [ebp - 0xf4] -push 0x36 -push 0 -push 0xd -push dword [ebp - 0xc4] -call fcn_fffc6051 ; call 0xfffc6051 -add esp, 0x14 -push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +call dword [ebp - 0x5c] ; ucall add esp, 0x10 -mov dword [ebp - 0xc0], eax -jmp near loc_fffd03c2 ; jmp 0xfffd03c2 - -loc_fffd0278: ; not directly referenced -xor ebx, ebx - -loc_fffd027a: ; not directly referenced -imul eax, ebx, 0x13c3 -cmp dword [esi + eax + 0x3756], 2 -jne short loc_fffd02ce ; jne 0xfffd02ce +mov dword [ebp - 0x120], eax +mov dword [ebp - 0x11c], edx +test dword [ebp - 0x14c], 0x800000 +je loc_fffcef31 ; je 0xfffcef31 +mov edi, dword [ebp - 0x14c] +push ecx +mov esi, edi +shr esi, 0x15 +and esi, 3 +push esi push edx -push 0 -push 0 -push 3 -push 0xff -push 0 -push ebx +push eax +call dword [ebp - 0x58] ; ucall +mov edx, dword [ebp - 0x11c] +add esp, 0xc push esi -call fcn_fffa9178 ; call 0xfffa9178 -mov ecx, dword [ebp - 0xdc] -imul eax, ebx, 0xcc -add esp, 0x20 -mov edx, ebx push 0 push 1 -movzx eax, byte [ecx + eax + 0xe2] -mov ecx, 0xff -push eax -mov eax, esi -push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +mov ebx, eax +mov eax, dword [ebp - 0x120] +and ebx, 1 +mov dword [ebp - 0x120], edx +or ebx, eax +call dword [ebp - 0x5c] ; ucall add esp, 0x10 +xor ecx, ecx +not eax +not edx +and dword [ebp - 0x120], edx +mov edx, edi +and ebx, eax +and dx, 0x3fff +and edx, ebx +xor eax, eax +movzx edx, dx -loc_fffd02ce: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffd027a ; jne 0xfffd027a -sub esp, 0xc +loc_fffceefe: ; not directly referenced +mov edi, edx +sar edi, cl +inc ecx +xor eax, edi +cmp ecx, 0xe +jne short loc_fffceefe ; jne 0xfffceefe +xor eax, dword [ebp - 0x110] +xor edx, edx +push edi push esi -call fcn_fffc82f4 ; call 0xfffc82f4 +and eax, 1 +push edx +push eax +call dword [ebp - 0x5c] ; ucall +mov esi, edx +mov ecx, eax +or esi, dword [ebp - 0x120] +or ecx, ebx +mov eax, ecx +mov edx, esi + +loc_fffcef2c: ; not directly referenced add esp, 0x10 -cmp dword [ebp - 0xcc], 0 -je short loc_fffd0316 ; je 0xfffd0316 -mov ecx, dword [ebp - 0xd0] -mov eax, esi -mov edx, dword [ebp - 0xbc] -call fcn_fffc93f9 ; call 0xfffc93f9 +jmp short loc_fffcef65 ; jmp 0xfffcef65 -loc_fffd02fc: ; not directly referenced -mov eax, dword [ebp - 0xec] -mov ebx, edi -mov dword [ebp - 0xc0], 0 -mov dword [ebp - 0xd0], eax -jmp short loc_fffd0362 ; jmp 0xfffd0362 +loc_fffcef31: ; not directly referenced +movzx ecx, byte [ebp - 0x110] +mov ebx, dword [ebp - 0x120] +mov esi, dword [ebp - 0x11c] +or ecx, ebx +mov eax, ecx +mov edx, esi +jmp short loc_fffcef65 ; jmp 0xfffcef65 -loc_fffd0316: ; not directly referenced -push 1 -mov ecx, dword [ebp - 0xbc] -mov edx, 6 -push 1 -lea eax, [ebp - 0xb0] -push eax -mov eax, esi -push 0 -push 0x40 -push 0xffffffffffffffc0 -push 3 -push 0xff -call fcn_fffcf3cd ; call 0xfffcf3cd -add esp, 0x20 -jmp short loc_fffd02fc ; jmp 0xfffd02fc +loc_fffcef4c: ; not directly referenced +cmp dword [ebp - 0x12c], 1 +jne short loc_fffcef61 ; jne 0xfffcef61 +mov eax, dword [ebp - 0x128] +mov edx, dword [ebp - 0x118] -loc_fffd0345: ; not directly referenced -inc dword [ebp - 0xc0] -add ebx, 0x48 -add dword [ebp - 0xd0], 0x10 -cmp dword [ebp - 0xc0], 2 -je loc_fffd0201 ; je 0xfffd0201 +loc_fffcef61: ; not directly referenced +add eax, esi +adc edx, edi -loc_fffd0362: ; not directly referenced -imul eax, dword [ebp - 0xc0], 0x13c3 -cmp dword [esi + eax + 0x3756], 2 -jne short loc_fffd0345 ; jne 0xfffd0345 -mov eax, dword [ebx + 0x3210] -mov edx, dword [ebp - 0xd0] -mov ecx, dword [ebp - 0xdc] -mov dword [edx + 8], eax -mov eax, dword [ebx + 0x3214] -mov dword [edx + 0xc], eax -mov edx, dword [ebp - 0xc0] -push 0 -push 1 -imul eax, edx, 0xcc -movzx eax, byte [ecx + eax + 0xe2] -mov ecx, 0xff -neg eax +loc_fffcef65: ; not directly referenced +mov edi, dword [ebp - 0x180] +push ecx +push 6 +push edx +and edi, 0xfff00000 +mov dword [ebp - 0x110], edi +mov edi, dword [ebp - 0x184] push eax -mov eax, esi -push 1 -call fcn_fffb0cb4 ; call 0xfffb0cb4 +and edi, 0x7f +mov dword [ebp - 0x10c], edi +mov edi, dword [ebp - 0x188] +or edi, 0xfffff +mov dword [ebp - 0x120], edi +mov edi, dword [ebp - 0x18c] +and edi, 0x7f +mov dword [ebp - 0x11c], edi +mov edi, 1 +call dword [ebp - 0x5c] ; ucall add esp, 0x10 -jmp short loc_fffd0345 ; jmp 0xfffd0345 - -loc_fffd03c2: ; not directly referenced -inc dword [ebp - 0xc4] -add edi, 0x90 -add dword [ebp - 0xec], 0x20 -cmp dword [ebp - 0xc4], 4 -jne loc_fffd0037 ; jne 0xfffd0037 -cmp dword [ebp - 0xcc], 0 -jne short loc_fffd0439 ; jne 0xfffd0439 -mov eax, dword [ebp - 0xf8] -lea edx, [esi + 0x3210] -lea ebx, [ebp - 0x18] - -loc_fffd03fa: ; not directly referenced -mov ecx, dword [eax] -cmp dword [eax + 8], ecx -cmovbe ecx, dword [eax + 8] -mov dword [edx], ecx -mov ecx, dword [eax + 4] -cmp dword [eax + 0xc], ecx -cmovbe ecx, dword [eax + 0xc] -mov dword [edx + 4], ecx -mov ecx, dword [eax + 0x18] -cmp dword [eax + 0x10], ecx -cmovbe ecx, dword [eax + 0x10] -mov dword [edx + 0x48], ecx -mov ecx, dword [eax + 0x1c] -cmp dword [eax + 0x14], ecx -cmovbe ecx, dword [eax + 0x14] -add eax, 0x20 -add edx, 0x90 -mov dword [edx - 0x44], ecx -cmp eax, ebx -jne short loc_fffd03fa ; jne 0xfffd03fa +cmp edx, dword [ebp - 0x10c] +ja short loc_fffcefcb ; ja 0xfffcefcb +jb short loc_fffcefc9 ; jb 0xfffcefc9 +cmp eax, dword [ebp - 0x110] +jae short loc_fffcefcb ; jae 0xfffcefcb -loc_fffd0439: ; not directly referenced -mov dword [ebp - 0xcc], 0 +loc_fffcefc9: ; not directly referenced xor edi, edi -mov dword [ebp - 0xd0], 0 -mov byte [ebp - 0xc4], 0 - -loc_fffd0456: ; not directly referenced -mov byte [ebp - 0xbc], 0 - -loc_fffd045d: ; not directly referenced -mov cl, byte [ebp - 0xc4] -mov eax, 1 -movzx edx, byte [ebp - 0xbc] -movzx ebx, cl -shl eax, cl -imul ecx, edx, 0x13c3 -test byte [esi + ecx + 0x381a], al -je loc_fffd0601 ; je 0xfffd0601 -imul ebx, ebx, 0x90 -imul edx, edx, 0x48 -mov dword [ebp - 0xd4], edi -lea eax, [ebx + edx] -mov ebx, 1 -mov dword [ebp - 0xe8], eax - -loc_fffd04a4: ; not directly referenced -lea eax, [ebx - 6] -cmp eax, 5 -setbe dl -cmp ebx, 3 -sete al -or dl, al -jne loc_fffd05de ; jne 0xfffd05de -mov ecx, 2 -mov edx, ebx -movzx edi, byte [ebx + ref_fffd5f1c] ; movzx edi, byte [ebx - 0x2a0e4] -mov eax, esi -call fcn_fffb13cf ; call 0xfffb13cf -mov ecx, 0xa -xor edx, edx -imul edi, edi, 0x240 -div cx -mov word [ebp - 0xec], ax -push eax -push 0xffff -push 2 -lea eax, [ebp - 0xac] -push eax -mov eax, dword [ebp - 0xd8] -call dword [eax + 0x60] ; ucall -lea eax, [ebx - 0xc] -add esp, 0x10 -add edi, dword [ebp - 0xe0] -xor ecx, ecx -add edi, dword [ebp - 0xe8] -mov dword [ebp - 0xf0], eax -mov dword [ebp - 0xdc], edi - -loc_fffd051f: ; not directly referenced -mov eax, dword [ebp - 0xdc] -xor edx, edx -mov edi, 0xa -mov eax, dword [eax + ecx*2] -div di -mov dx, word [ecx + ebp - 0xac] -cmp ax, dx -cmovbe edx, eax -mov word [ecx + ebp - 0xac], dx -cmp ax, word [ebp - 0xec] -ja short loc_fffd05ac ; ja 0xfffd05ac -cmp ebx, 4 -sete dl -cmp ebx, 1 -sete al -or dl, al -jne short loc_fffd058c ; jne 0xfffd058c -cmp ebx, 5 -sete dl -cmp ebx, 2 -sete al -or dl, al -jne short loc_fffd0598 ; jne 0xfffd0598 -cmp dword [ebp - 0xf0], 1 -mov eax, 1 -cmova eax, dword [ebp - 0xcc] -mov dword [ebp - 0xcc], eax -jmp short loc_fffd05a2 ; jmp 0xfffd05a2 - -loc_fffd058c: ; not directly referenced -mov dword [ebp - 0xd0], 1 -jmp short loc_fffd05a2 ; jmp 0xfffd05a2 -loc_fffd0598: ; not directly referenced -mov dword [ebp - 0xd4], 1 +loc_fffcefcb: ; not directly referenced +mov esi, 1 +cmp edx, dword [ebp - 0x11c] +jb short loc_fffcefe4 ; jb 0xfffcefe4 +ja short loc_fffcefe2 ; ja 0xfffcefe2 +cmp eax, dword [ebp - 0x120] +jbe short loc_fffcefe4 ; jbe 0xfffcefe4 -loc_fffd05a2: ; not directly referenced -mov dword [ebp - 0xc0], 0x1c +loc_fffcefe2: ; not directly referenced +xor esi, esi -loc_fffd05ac: ; not directly referenced -add ecx, 2 -cmp ecx, 4 -jne loc_fffd051f ; jne 0xfffd051f -mov eax, dword [ebp - 0xd0] -mov edi, dword [ebp - 0xd4] -dec eax -jne short loc_fffd05de ; jne 0xfffd05de -cmp edi, 1 -jne short loc_fffd05de ; jne 0xfffd05de -cmp dword [ebp - 0xcc], 1 -je short loc_fffd05f3 ; je 0xfffd05f3 -cmp dword [ebp - 0xe4], 0 -je short loc_fffd05f3 ; je 0xfffd05f3 +loc_fffcefe4: ; not directly referenced +mov ecx, dword [ebp + 0xc] +and edi, esi +mov ebx, edi +movzx edi, bl +mov dword [ecx], eax +mov dword [ecx + 4], edx +test edi, edi +jne loc_fffcf084 ; jne 0xfffcf084 +mov esi, dword [ebp - 0x10c] +cmp dword [ebp - 0x11c], esi +jb short loc_fffcf084 ; jb 0xfffcf084 +ja short loc_fffcf019 ; ja 0xfffcf019 +mov esi, dword [ebp - 0x110] +cmp dword [ebp - 0x120], esi +jbe short loc_fffcf084 ; jbe 0xfffcf084 -loc_fffd05de: ; not directly referenced -inc ebx -cmp ebx, dword [ebp - 0xc8] -jbe loc_fffd04a4 ; jbe 0xfffd04a4 -mov edi, dword [ebp - 0xd4] -jmp short loc_fffd0601 ; jmp 0xfffd0601 +loc_fffcf019: ; not directly referenced +mov esi, dword [ebp - 0x168] +xor ebx, ebx +mov dword [ebp - 0x124], ebx +and esi, 0xfff00000 +mov ecx, esi +add ecx, dword [ebp - 0x120] +adc ebx, dword [ebp - 0x11c] +sub ecx, dword [ebp - 0x110] +sbb ebx, dword [ebp - 0x10c] +mov dword [ebp - 0x128], esi +cmp edx, ebx +ja short loc_fffcf084 ; ja 0xfffcf084 +jb short loc_fffcf057 ; jb 0xfffcf057 +cmp eax, ecx +ja short loc_fffcf084 ; ja 0xfffcf084 -loc_fffd05f3: ; not directly referenced -mov byte [ebp - 0xc4], 4 -mov byte [ebp - 0xbc], 2 +loc_fffcf057: ; not directly referenced +cmp edx, 0 +ja short loc_fffcf060 ; ja 0xfffcf060 +cmp eax, esi +jb short loc_fffcf084 ; jb 0xfffcf084 -loc_fffd0601: ; not directly referenced -inc byte [ebp - 0xbc] -cmp byte [ebp - 0xbc], 1 -jbe loc_fffd045d ; jbe 0xfffd045d -inc byte [ebp - 0xc4] -cmp byte [ebp - 0xc4], 3 -jbe loc_fffd0456 ; jbe 0xfffd0456 -cmp dword [ebp - 0xc0], 0x1c -jne loc_fffd079e ; jne 0xfffd079e -mov dl, byte [ebp - 0xfa] -xor edx, 1 -cmp dword [ebp - 0xe4], 1 -sete al -test dl, al -jne short loc_fffd0655 ; jne 0xfffd0655 +loc_fffcf060: ; not directly referenced +mov ecx, dword [ebp - 0x110] +sub ecx, dword [ebp - 0x128] +mov ebx, dword [ebp - 0x10c] +sbb ebx, dword [ebp - 0x124] +add ecx, eax +mov eax, dword [ebp + 0xc] +adc ebx, edx +mov dword [eax], ecx +mov dword [eax + 4], ebx -loc_fffd064b: ; not directly referenced -mov eax, 1 -jmp near loc_fffd06e5 ; jmp 0xfffd06e5 +loc_fffcf084: ; not directly referenced +cmp dword [ebp - 0x12c], 1 +jne loc_fffcf17d ; jne 0xfffcf17d +lea ebx, [ebp - 0xe8] +lea esi, [ebp - 0xc8] -loc_fffd0655: ; not directly referenced -lea eax, [esi + 0x3756] -mov ebx, 0x4020 -mov dword [ebp - 0xc4], eax +loc_fffcf09d: ; not directly referenced +push eax +mov eax, dword [ebp + 0xc] +mov edx, dword [eax + 4] +mov eax, dword [eax] +push dword [ebx + 4] +push dword [ebx] +mov ecx, edx +mov dword [ebp - 0x110], eax +mov dword [ebp - 0x10c], edx +mov edx, eax +push edi +lea eax, [ebp - 0xc4] +call fcn_fffb6511 ; call 0xfffb6511 +add esp, 0x10 +test eax, eax +jne loc_fffce576 ; jne 0xfffce576 +add ebx, 8 +cmp ebx, esi +jne short loc_fffcf09d ; jne 0xfffcf09d +movzx eax, byte [ebp - 0x151] +xor ebx, ebx +mov dword [ebp - 0x110], eax +movzx eax, word [ebp - 0x130] +mov dword [ebp - 0x120], eax -loc_fffd0666: ; not directly referenced -mov eax, dword [ebp - 0xc4] -cmp dword [eax], 2 -jne short loc_fffd06ae ; jne 0xfffd06ae -mov edx, ebx -mov eax, esi -call fcn_fffae52a ; call 0xfffae52a -mov edx, ebx -mov dword [ebp - 0xbc], eax -mov eax, esi -or dword [ebp - 0xbc], 0x40000000 -mov ecx, dword [ebp - 0xbc] -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp - 0xbc] -mov edx, ebx +loc_fffcf0f5: ; not directly referenced +mov edi, dword [ebp + ebx*2 - 0xe4] +mov esi, dword [ebp + ebx*2 - 0xe8] +push ecx +push 0x3f +push edi +push esi +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +test al, 1 +je short loc_fffcf171 ; je 0xfffcf171 +sub esp, 0xc +mov ecx, dword [ebp - 0x144] +push dword [ebp - 0x114] +push dword [ebp + ebx - 0xf8] +push dword [ebp - 0x174] +push dword [ebp - 0x120] +push dword [ebp - 0x138] +mov edx, dword [ebp - 0x110] +mov eax, dword [ebp - 0x140] +call fcn_fffce2bd ; call 0xfffce2bd +add esp, 0x20 +test eax, eax +je short loc_fffcf171 ; je 0xfffcf171 +mov edx, dword [ebp + 0xc] mov eax, esi -and ecx, 0xbfffffff -call fcn_fffae58c ; call 0xfffae58c - -loc_fffd06ae: ; not directly referenced -add ebx, 0x400 -add dword [ebp - 0xc4], 0x13c3 -cmp ebx, 0x4820 -jne short loc_fffd0666 ; jne 0xfffd0666 -jmp short loc_fffd064b ; jmp 0xfffd064b - -loc_fffd06c8: ; not directly referenced -cmp eax, 4 -sete cl -cmp eax, 1 -sete dl -or cl, dl -je short loc_fffd06ee ; je 0xfffd06ee - -loc_fffd06d8: ; not directly referenced -inc eax -cmp eax, dword [ebp - 0xc8] -ja loc_fffd079e ; ja 0xfffd079e - -loc_fffd06e5: ; not directly referenced -cmp dword [ebp - 0xd0], 0 -je short loc_fffd06c8 ; je 0xfffd06c8 - -loc_fffd06ee: ; not directly referenced -test edi, edi -jne short loc_fffd0702 ; jne 0xfffd0702 -cmp eax, 5 -sete cl -cmp eax, 2 -sete dl -or cl, dl -jne short loc_fffd06d8 ; jne 0xfffd06d8 - -loc_fffd0702: ; not directly referenced -cmp dword [ebp - 0xcc], 0 -jne short loc_fffd0713 ; jne 0xfffd0713 -lea edx, [eax - 0xc] -cmp edx, 1 -jbe short loc_fffd06d8 ; jbe 0xfffd06d8 - -loc_fffd0713: ; not directly referenced -cmp eax, 3 -je short loc_fffd06d8 ; je 0xfffd06d8 -lea edx, [eax - 6] -cmp edx, 5 -jbe short loc_fffd06d8 ; jbe 0xfffd06d8 -mov dword [ebp - 0xbc], 0 -mov byte [ebp - 0xd4], al - -loc_fffd0730: ; not directly referenced -mov ecx, dword [esi + 0x5edc] -mov ecx, dword [ecx + 4] -mov dword [ebp - 0xc4], ecx -mov ebx, ecx -xor ecx, ecx - -loc_fffd0743: ; not directly referenced -mov dl, byte [ebp - 0xd4] -cmp dl, byte [ebx] -jne short loc_fffd075a ; jne 0xfffd075a -mov edx, dword [ebp - 0xbc] -movzx ebx, word [ebx + edx*2 + 1] -jmp short loc_fffd0765 ; jmp 0xfffd0765 +and eax, 0xffffffc0 +mov dword [edx], eax +mov eax, edi +and eax, 0x7f +mov dword [edx + 4], eax +push edx +push 0x3e +push edi +push esi +call dword [ebp - 0x58] ; ucall +add esp, 0x10 +jmp short loc_fffcf17d ; jmp 0xfffcf17d -loc_fffd075a: ; not directly referenced -inc ecx -add ebx, 7 -cmp ecx, 0xb -jne short loc_fffd0743 ; jne 0xfffd0743 -xor ebx, ebx +loc_fffcf171: ; not directly referenced +add ebx, 4 +cmp ebx, 0x10 +jne loc_fffcf0f5 ; jne 0xfffcf0f5 -loc_fffd0765: ; not directly referenced -add ebx, 0x28 -mov edx, 0xffff -imul ecx, ecx, 7 -add ecx, dword [ebp - 0xc4] -cmp ebx, 0xffff -cmovg ebx, edx -mov edx, dword [ebp - 0xbc] -inc dword [ebp - 0xbc] -cmp dword [ebp - 0xbc], 2 -mov word [ecx + edx*2 + 1], bx -jne short loc_fffd0730 ; jne 0xfffd0730 -jmp near loc_fffd06d8 ; jmp 0xfffd06d8 +loc_fffcf17d: ; not directly referenced +mov eax, dword [ebp + 0xc] +xor edx, edx +mov ebx, dword [eax] +mov esi, dword [eax + 4] +push eax +movzx eax, word [ebp - 0x12e] +push 3 +push edx +push eax +call dword [ebp - 0x5c] ; ucall +mov edi, dword [ebp + 0xc] +add esp, 0x10 +mov dword [edi + 4], esi +and eax, 0x3f +or eax, ebx +mov dword [edi], eax +mov eax, 1 -loc_fffd079e: ; not directly referenced -mov eax, dword [ebp - 0xc0] +loc_fffcf1ab: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -65300,872 +63173,336 @@ pop edi pop ebp ret -fcn_fffd07ac: ; not directly referenced +fcn_fffcf1b3: ; not directly referenced push ebp -mov ecx, 0xa mov ebp, esp push edi push esi -mov esi, ref_fffd5f40 ; mov esi, 0xfffd5f40 +mov esi, eax push ebx -sub esp, 0xe0f0 -mov eax, dword [ebp + 8] -lea edi, [ebp - 0xe044] -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -mov byte [ebp - 0xe06e], 6 -mov eax, dword [eax + 0x5edc] -mov byte [ebp - 0xe069], 0 -mov byte [ebp - 0xe068], 4 -mov byte [ebp - 0xe065], 6 -mov edi, eax -mov dword [ebp - 0xe0e0], eax -mov eax, dword [ebp + 8] -mov byte [ebp - 0xe064], 0 -mov byte [ebp - 0xe063], 4 -mov byte [ebp - 0xe056], 1 -mov ebx, dword [eax + 0x2443] -movzx eax, byte [eax + 0x2488] -mov byte [ebp - 0xe055], 1 -mov byte [ebp - 0xe054], 1 -mov byte [ebp - 0xe053], 1 -mov dword [ebp - 0xe0d0], eax -mov eax, dword [ebp + 8] -mov byte [ebp - 0xe052], 1 -mov byte [ebp - 0xe051], 1 -mov byte [ebp - 0xe050], 1 -mov esi, dword [eax + 0x1887] -mov eax, dword [eax + 0x188b] -mov byte [ebp - 0xe04f], 1 -mov byte [ebp - 0xe04e], 0 -mov byte [ebp - 0xe04d], 0 -mov byte [ebp - 0xe067], 6 -mov byte [ebp - 0xe066], 5 -mov dword [ebp - 0xe088], eax -mov eax, dword [ebp + 8] -mov eax, dword [eax + 0x2480] -push 0 -push 0x50a -mov dword [ebp - 0xe0e4], eax -lea eax, [ebp - 0xdea0] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0xd97e -lea eax, [ebp - 0xd996] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc -push 0 -push 0x19a -lea eax, [ebp - 0xe03a] -push eax -call dword [ebx + 0x5c] ; ucall -add esp, 0xc +sub esp, 0x40 +mov al, byte [ebp + 8] +mov edi, dword [ebp + 0xc] +mov ebx, dword [ebp + 0x18] +mov byte [ebp - 0x41], dl +mov edx, dword [esi + 0x2444] push 0 push 2 -lea eax, [ebp - 0xe06d] +mov byte [ebp - 0x33], al +mov eax, edi +mov byte [ebp - 0x34], al +lea eax, [ebp - 0x23] push eax -call dword [ebx + 0x5c] ; ucall +mov byte [ebp - 0x32], cl +mov dword [ebp - 0x30], ecx +mov dword [ebp - 0x2c], edx +mov byte [ebp - 0x42], bl +call dword [edx + 0x5c] ; ucall add esp, 0xc -push 0 -push 8 -lea eax, [ebp - 0xe04c] +mov edx, dword [ebp - 0x2c] +push 1 +push 7 +lea eax, [ebp - 0x1f] push eax -call dword [ebx + 0x5c] ; ucall +call dword [edx + 0x5c] ; ucall add esp, 0x10 -cmp esi, 0x306d0 -sete bl -cmp esi, 0x40650 -sete al -or ebx, eax -mov al, bl -xor eax, 1 -cmp byte [edi + 0x1c5], 1 -mov byte [ebp - 0xe0ba], al -mov eax, edi -mov word [ebp - 0xe07a], 0 -sbb edi, edi -not edi -and edi, 0x10 -cmp byte [eax + 0x1c5], 1 -mov eax, dword [ebp + 8] -mov byte [ebp - 0xe07c], 0 -sbb esi, esi -mov dword [ebp - 0xe0b8], esi -mov al, byte [eax + 0x248e] -mov dword [ebp - 0xe098], esi -and byte [ebp - 0xe0b8], 0xe -and byte [ebp - 0xe098], 0xfc -add byte [ebp - 0xe0b8], 2 -add byte [ebp - 0xe098], 6 -mov byte [ebp - 0xe0b9], al -mov eax, dword [ebp + 8] -and byte [ebp - 0xe0b9], 3 -movzx esi, byte [ebp - 0xe0b9] -mov dword [ebp - 0xe0a8], 0 -mov al, byte [eax + 0x248d] -mov dword [ebp - 0xe0a0], 0 -mov dword [ebp - 0xe080], esi -mov byte [ebp - 0xe0c0], al -mov eax, dword [ebp + 8] -and byte [ebp - 0xe0c0], 0xf -lea edx, [eax + 0x39b5] +mov ecx, dword [ebp - 0x30] +cmp dword [esi + 0x188b], 1 +mov dword [ebp - 0x2c], 0 +jne short loc_fffcf24a ; jne 0xfffcf24a xor eax, eax +cmp dword [esi + 0x2481], 3 +sete al +mov dword [ebp - 0x2c], eax +jne short loc_fffcf24a ; jne 0xfffcf24a +test bl, bl +je short loc_fffcf230 ; je 0xfffcf230 +mov eax, dword [ebp + 0x10] +jmp short loc_fffcf233 ; jmp 0xfffcf233 -loc_fffd09b9: ; not directly referenced -mov esi, dword [ebp - 0xe080] -bt esi, eax -jae loc_fffd0a91 ; jae 0xfffd0a91 -cmp dword [edx - 0x19f], 2 -lea ecx, [eax*4] -jne short loc_fffd09f3 ; jne 0xfffd09f3 -mov esi, 3 -shl esi, cl -mov ecx, esi -mov dword [ebp - 0xe0a0], 1 -or byte [ebp - 0xe07c], cl -jmp short loc_fffd0a0c ; jmp 0xfffd0a0c - -loc_fffd09f3: ; not directly referenced -mov esi, 1 -shl esi, cl -mov ecx, esi -or byte [ebp - 0xe07c], cl -mov dword [ebp - 0xe0a8], 1 - -loc_fffd0a0c: ; not directly referenced -mov esi, dword [ebp + 8] -mov cl, byte [ebp - 0xe0c0] -and cl, byte [edx - 0x19b] -mov esi, dword [esi + 0x2480] -mov byte [ebp + eax - 0xe06d], cl -cmp esi, 3 -setne cl -add ecx, ecx -cmp dword [ebp - 0xe088], 1 -mov byte [ebp + eax*2 - 0xe062], cl -jne short loc_fffd0a5d ; jne 0xfffd0a5d -mov cl, byte [edx - 0x12] -and ecx, 0x30 -cmp cl, 0x30 -mov ecx, 3 -cmovne cx, word [ebp - 0xe07a] -mov word [ebp - 0xe07a], cx - -loc_fffd0a5d: ; not directly referenced -cmp esi, 3 -setne cl -add ecx, ecx -cmp dword [ebp - 0xe088], 1 -mov byte [ebp + eax*2 - 0xe061], cl -jne short loc_fffd0a91 ; jne 0xfffd0a91 -mov cl, byte [edx] -mov esi, 3 -and ecx, 0x30 -cmp cl, 0x30 -cmovne si, word [ebp - 0xe07a] -mov word [ebp - 0xe07a], si +loc_fffcf230: ; not directly referenced +mov eax, dword [ebp + 0x14] -loc_fffd0a91: ; not directly referenced -inc eax -add edx, 0x13c3 -cmp eax, 2 -jne loc_fffd09b9 ; jne 0xfffd09b9 -cmp dword [ebp - 0xe0a0], 0 -jne short loc_fffd0ac8 ; jne 0xfffd0ac8 +loc_fffcf233: ; not directly referenced +mov al, byte [eax] +mov byte [ebp - 0x21], al test bl, bl -je short loc_fffd0aea ; je 0xfffd0aea -mov eax, dword [ebp + 8] -test byte [eax + 0x2404], 0x20 -lea eax, [ebp - 0xe051] -mov dword [ebp - 0xe0a4], eax -jne short loc_fffd0b05 ; jne 0xfffd0b05 -jmp short loc_fffd0af6 ; jmp 0xfffd0af6 +jne short loc_fffcf241 ; jne 0xfffcf241 +mov eax, dword [ebp + 0x14] +jmp short loc_fffcf244 ; jmp 0xfffcf244 -loc_fffd0ac8: ; not directly referenced -lea eax, [ebp - 0xe056] -mov dword [ebp - 0xe0a4], eax -lea esi, [ebp - 0xe065] -mov byte [ebp - 0xe09c], 3 -mov byte [ebp - 0xe07b], 2 -jmp short loc_fffd0b19 ; jmp 0xfffd0b19 +loc_fffcf241: ; not directly referenced +mov eax, dword [ebp + 0x10] -loc_fffd0aea: ; not directly referenced -lea eax, [ebp - 0xe051] -mov dword [ebp - 0xe0a4], eax +loc_fffcf244: ; not directly referenced +mov al, byte [eax + 1] +mov byte [ebp - 0x20], al -loc_fffd0af6: ; not directly referenced -mov byte [ebp - 0xe09c], 1 -lea esi, [ebp - 0xe06e] -jmp short loc_fffd0b12 ; jmp 0xfffd0b12 +loc_fffcf24a: ; not directly referenced +movzx eax, cl +mov dword [ebp - 0x38], eax +sar eax, 1 +mov dword [ebp - 0x40], eax +movzx eax, byte [ebp - 0x42] +shr edi, 1 +mov dword [ebp - 0x30], edi +and dword [ebp - 0x40], 1 +and dword [ebp - 0x30], 1 +mov dword [ebp - 0x48], eax +movzx eax, byte [ebp - 0x41] +mov dword [ebp - 0x3c], eax -loc_fffd0b05: ; not directly referenced -mov byte [ebp - 0xe09c], 2 -lea esi, [ebp - 0xe067] +loc_fffcf270: ; not directly referenced +xor edi, edi -loc_fffd0b12: ; not directly referenced -mov byte [ebp - 0xe07b], 1 +loc_fffcf272: ; not directly referenced +mov eax, dword [ebp - 0x38] +bt eax, edi +jb short loc_fffcf282 ; jb 0xfffcf282 -loc_fffd0b19: ; not directly referenced -cmp dword [ebp - 0xe088], 0 -je short loc_fffd0b41 ; je 0xfffd0b41 -mov dx, word [ebp - 0xe07a] -mov ebx, dword [ebp - 0xe088] -mov eax, edx -add eax, 0xc -dec ebx -cmovne eax, edx -mov word [ebp - 0xe07a], ax -jmp short loc_fffd0b4a ; jmp 0xfffd0b4a +loc_fffcf27a: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffcf272 ; jne 0xfffcf272 +jmp short loc_fffcf2ef ; jmp 0xfffcf2ef -loc_fffd0b41: ; not directly referenced -mov word [ebp - 0xe07a], 0xc +loc_fffcf282: ; not directly referenced +mov eax, dword [ebp + 0x14] +mov bl, byte [ebp - 0x33] +movzx edx, byte [eax + edi] +mov eax, dword [ebp + 0x10] +movzx eax, byte [eax + edi] +add eax, edx +imul edx, edi, 0x13c3 +add eax, dword [ebp - 0x48] +sar eax, 1 +mov byte [ebp + edi - 0x23], al +and bl, byte [esi + edx + 0x381b] +test byte [ebp - 0x34], 1 +je short loc_fffcf2cb ; je 0xfffcf2cb +push edx +movzx eax, al +push 0 +push eax +movzx eax, bl +push 1 +push eax +push dword [ebp - 0x3c] +push edi +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffd0b4a: ; not directly referenced -lea eax, [edi - 0x10] -mov byte [ebp - 0xe0bc], al -movzx eax, byte [ebp - 0xe098] -mov byte [ebp - 0xe084], 0 -mov byte [ebp - 0xe0c8], 0 -mov dword [ebp - 0xe0f4], eax -movzx eax, byte [ebp - 0xe0ba] -mov dword [ebp - 0xe0dc], eax +loc_fffcf2cb: ; not directly referenced +cmp dword [ebp - 0x30], 0 +je short loc_fffcf27a ; je 0xfffcf27a +push eax +movzx eax, byte [ebp + edi - 0x23] +movzx ebx, bl +push 0 +push eax +push 2 +push ebx +push dword [ebp - 0x3c] +push edi +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +jmp short loc_fffcf27a ; jmp 0xfffcf27a -loc_fffd0b7b: ; not directly referenced -movsx eax, byte [ebp - 0xe0c8] -cmp eax, dword [ebp - 0xe0f4] -jge loc_fffd0d6d ; jge 0xfffd0d6d -movzx eax, byte [ebp - 0xe07b] -xor edi, edi -add eax, dword [ebp - 0xe0dc] -mov dword [ebp - 0xe0d8], eax +loc_fffcf2ef: ; not directly referenced +cmp dword [ebp - 0x2c], 0 +jne short loc_fffcf301 ; jne 0xfffcf301 +sub esp, 0xc +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 -loc_fffd0ba3: ; not directly referenced -mov bl, byte [ebp - 0xe0ba] -mov al, bl -add eax, edi -mov dl, al -mov byte [ebp - 0xe0bb], al -movsx eax, al -cmp eax, dword [ebp - 0xe0d8] -jge loc_fffd0d56 ; jge 0xfffd0d56 -mov al, dl -add eax, 2 -mov byte [ebp - 0xe0e5], al -mov al, bl -lea eax, [eax + edi - 1] -mov byte [ebp - 0xe098], al -movsx eax, word [ebp - 0xe07a] -mov dword [ebp - 0xe0ec], eax -movzx eax, byte [ebp - 0xe09c] -mov dword [ebp - 0xe0f0], eax - -loc_fffd0bf5: ; not directly referenced -movsx eax, byte [ebp - 0xe098] -cmp eax, dword [ebp - 0xe0d8] -je loc_fffd0d38 ; je 0xfffd0d38 -cmp eax, dword [ebp - 0xe0dc] -jl loc_fffd0d38 ; jl 0xfffd0d38 -cmp byte [ebp - 0xe098], 1 -mov dword [ebp - 0xe0cc], 0 -sete dl -cmp byte [ebp - 0xe0bb], 1 -sete al -or dl, al -je short loc_fffd0c42 ; je 0xfffd0c42 -mov eax, dword [ebp - 0xe0a0] -mov dword [ebp - 0xe0cc], eax - -loc_fffd0c42: ; not directly referenced +loc_fffcf301: ; not directly referenced xor ebx, ebx +mov byte [ebp - 0x31], 0 +lea edi, [ebp - 0x1f] -loc_fffd0c44: ; not directly referenced -mov eax, dword [ebp - 0xe080] -bt eax, ebx -jb short loc_fffd0c57 ; jb 0xfffd0c57 - -loc_fffd0c4f: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffd0c44 ; jne 0xfffd0c44 -jmp short loc_fffd0cd2 ; jmp 0xfffd0cd2 - -loc_fffd0c57: ; not directly referenced -mov al, byte [ebp - 0xe0bb] -mov byte [ebp - 0xe0c4], 0 -mov byte [ebp + ebx*2 - 0xe05e], al -mov al, byte [ebp - 0xe098] -mov byte [ebp + ebx*2 - 0xe05d], al - -loc_fffd0c78: ; not directly referenced -movzx eax, byte [ebp - 0xe0c4] -mov dword [ebp - 0xe0d4], eax -cmp eax, dword [ebp - 0xe0d0] -jae short loc_fffd0c4f ; jae 0xfffd0c4f -push 1 -mov eax, dword [ebp + 8] -xor ecx, ecx +loc_fffcf30a: ; not directly referenced +mov eax, dword [ebp + 0x1c] push 0 -mov edx, ebx push 0 -push dword [ebp - 0xe0d4] -call fcn_fffafdb2 ; call 0xfffafdb2 -movzx ecx, byte [ebp + ebx - 0xe06d] -mov edx, ebx -push 1 -mov eax, dword [ebp + 8] -push dword [ebp - 0xe0ec] -push 4 -push dword [ebp - 0xe0d4] -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x20 -inc byte [ebp - 0xe0c4] -jmp short loc_fffd0c78 ; jmp 0xfffd0c78 - -loc_fffd0cd2: ; not directly referenced -cmp byte [ebp - 0xe084], 0x28 -ja short loc_fffd0d38 ; ja 0xfffd0d38 -movzx eax, byte [ebp - 0xe084] -sub esp, 0xc push 0 -mov ecx, dword [ebp - 0xe080] -push dword [ebp - 0xe0cc] -push dword [ebp - 0xe0f0] -imul eax, eax, 0x54e -push esi -lea edx, [ebp + eax - 0xd996] -movsx eax, byte [ebp - 0xe0bc] -push eax -lea eax, [ebp - 0xe062] -push eax -lea eax, [ebp - 0xe05e] -push eax -movzx eax, byte [ebp - 0xe0c0] push 0 +movsx eax, byte [eax + ebx] push eax -mov eax, dword [ebp + 8] -call fcn_fffbf2e9 ; call 0xfffbf2e9 -add esp, 0x30 -inc byte [ebp - 0xe084] - -loc_fffd0d38: ; not directly referenced -inc byte [ebp - 0xe098] -mov al, byte [ebp - 0xe0e5] -cmp byte [ebp - 0xe098], al -jne loc_fffd0bf5 ; jne 0xfffd0bf5 -inc edi -jmp near loc_fffd0ba3 ; jmp 0xfffd0ba3 - -loc_fffd0d56: ; not directly referenced -mov al, byte [ebp - 0xe0b8] -inc byte [ebp - 0xe0c8] -add byte [ebp - 0xe0bc], al -jmp near loc_fffd0b7b ; jmp 0xfffd0b7b - -loc_fffd0d6d: ; not directly referenced -movzx eax, byte [ebp - 0xe07c] -xor ebx, ebx -mov dword [ebp - 0xe09c], eax -movzx eax, byte [ebp - 0xe084] -mov dword [ebp - 0xe0b8], eax - -loc_fffd0d89: ; not directly referenced -mov eax, dword [ebp - 0xe080] -mov byte [ebp + ebx - 0xe06b], 0 -bt eax, ebx -jae loc_fffd0efc ; jae 0xfffd0efc -mov al, byte [ebp - 0xd467] -mov byte [ebp - 0xe098], 0 -mov byte [ebp - 0xe07b], al - -loc_fffd0db3: ; not directly referenced -mov edi, dword [ebp - 0xe098] -mov al, byte [ebp - 0xe084] -mov edx, edi -cmp dl, al -je short loc_fffd0e08 ; je 0xfffd0e08 -movzx ecx, dl -imul esi, ecx, 0x2a7 -add ecx, ecx -lea eax, [ebp - 0xd996] -add esi, ebx -add esi, esi -add esi, eax -lea eax, [ebp - 0xe03a] -add ecx, eax -xor eax, eax - -loc_fffd0de6: ; not directly referenced -cmp byte [ebp - 0xe07b], al -jbe short loc_fffd0e00 ; jbe 0xfffd0e00 -imul edi, eax, 0x52 -mov dx, word [esi + eax*4 + 0x53a] -inc eax -mov word [ecx + edi], dx -jmp short loc_fffd0de6 ; jmp 0xfffd0de6 - -loc_fffd0e00: ; not directly referenced -inc byte [ebp - 0xe098] -jmp short loc_fffd0db3 ; jmp 0xfffd0db3 - -loc_fffd0e08: ; not directly referenced -mov eax, dword [ebp - 0xe09c] -lea ecx, [ebx*4] -sub esp, 0xc -mov edi, dword [ebp - 0xe0a4] -lea esi, [ebp - 0xe03a] -mov edx, ebx -push 7 push 0 -sar eax, cl -mov ecx, eax -movzx eax, byte [ebp - 0xd467] -push eax -push edi -lea eax, [ebp - 0xd466] -push eax -push dword [ebp - 0xe0b8] -lea eax, [ebp - 0xd996] -push 0x29 +push 2 push esi -push eax -mov eax, dword [ebp + 8] -call fcn_fffb97c0 ; call 0xfffb97c0 -add esp, 0x2c -mov ecx, esi +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x1c +movzx ecx, byte [esi + 0x248c] +mov edx, dword [ebp - 0x38] +mov eax, esi push 0 -lea eax, [ebp - 0xe044] -push eax -movsx eax, byte [ebp - 0xe084] -push 1 push 1 push edi -push eax -mov eax, dword [ebp + 8] -push 0x29 -lea edx, [ebp - 0xdea0] -call fcn_fffa5d2d ; call 0xfffa5d2d -movsx di, byte [ebp - 0xde9e] -lea eax, [ebp - 0xd996] -add edi, dword [ebp - 0xdea0] -mov cl, bl -mov edx, 1 -add esp, 0x18 -shl edx, cl -movsx edi, di -imul esi, edi, 0x54e -imul edi, edi, 0x2a7 -push 0 -push 0 -add eax, esi -mov ecx, eax -mov eax, dword [ebp + 8] -add edi, ebx -call fcn_fffb3a79 ; call 0xfffb3a79 -mov al, byte [ebp + edi*2 - 0xd996] +call fcn_fffaa5b3 ; call 0xfffaa5b3 add esp, 0x10 -mov byte [ebp + ebx*2 - 0xe05a], al -mov al, byte [ebp + edi*2 - 0xd995] -mov byte [ebp + ebx*2 - 0xe059], al -lea eax, [ebp + esi - 0xd996] -mov dl, byte [eax + 8] -mov eax, dword [eax + 9] -mov byte [ebp + ebx - 0xe06b], dl -mov dword [ebp + ebx*4 - 0xe04c], eax - -loc_fffd0efc: ; not directly referenced -inc ebx -cmp ebx, 2 -jne loc_fffd0d89 ; jne 0xfffd0d89 -test byte [ebp - 0xe080], 1 -je short loc_fffd0f1f ; je 0xfffd0f1f -mov al, byte [ebp - 0xe06b] -mov bl, 1 -mov byte [ebp - 0xe084], al -jmp short loc_fffd0f28 ; jmp 0xfffd0f28 +or byte [ebp - 0x31], al +mov al, byte [ebp - 0x32] +cmp byte [ebp - 0x31], al +jne short loc_fffcf368 ; jne 0xfffcf368 -loc_fffd0f1f: ; not directly referenced -mov byte [ebp - 0xe084], 0 -xor ebx, ebx +loc_fffcf34b: ; not directly referenced +cmp byte [ebp - 0x31], 0 +setne al +test byte [ebp - 0x2c], al +je loc_fffcf3e2 ; je 0xfffcf3e2 +mov al, byte [ebp - 0x34] +xor edi, edi +and eax, 1 +mov byte [ebp - 0x43], al +jmp short loc_fffcf370 ; jmp 0xfffcf370 -loc_fffd0f28: ; not directly referenced -mov eax, dword [ebp - 0xe080] -shr eax, 1 -je short loc_fffd0f41 ; je 0xfffd0f41 -mov al, byte [ebp - 0xe06a] +loc_fffcf368: ; not directly referenced inc ebx -add byte [ebp - 0xe084], al -jmp short loc_fffd0f47 ; jmp 0xfffd0f47 - -loc_fffd0f41: ; not directly referenced -test bl, bl -je short loc_fffd0f5a ; je 0xfffd0f5a -mov bl, 1 +cmp ebx, 2 +jne short loc_fffcf30a ; jne 0xfffcf30a +jmp short loc_fffcf34b ; jmp 0xfffcf34b -loc_fffd0f47: ; not directly referenced -movsx eax, byte [ebp - 0xe084] -movzx ecx, bl -cdq -idiv ecx -mov byte [ebp - 0xe084], al +loc_fffcf370: ; not directly referenced +mov eax, dword [ebp - 0x38] +bt eax, edi +jb short loc_fffcf38c ; jb 0xfffcf38c -loc_fffd0f5a: ; not directly referenced -movzx ecx, byte [ebp - 0xe084] +loc_fffcf378: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffcf370 ; jne 0xfffcf370 sub esp, 0xc -xor edx, edx -mov eax, dword [ebp + 8] -push 1 -call fcn_fffa83c9 ; call 0xfffa83c9 +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d add esp, 0x10 -mov edi, eax -cmp bl, 2 -je short loc_fffd0fd2 ; je 0xfffd0fd2 +jmp short loc_fffcf3e2 ; jmp 0xfffcf3e2 -loc_fffd0f7a: ; not directly referenced -mov eax, dword [ebp + 8] -mov esi, dword [ebp - 0xe080] -push edx -push 0 -add eax, 0x2490 -mov edx, eax -mov edi, eax -mov dword [ebp - 0xe0b8], eax -mov eax, dword [ebp + 8] -mov ecx, esi -push 0 -push 0 -call fcn_fffc19af ; call 0xfffc19af -mov eax, dword [ebp + 8] -mov edx, edi -pop ecx -mov ecx, esi -pop ebx -push 0 -push 0xf -push 0 -push 0 +loc_fffcf38c: ; not directly referenced +imul edx, edi, 0x13c3 +mov bl, byte [ebp - 0x33] +and bl, byte [esi + edx + 0x381b] +cmp byte [ebp - 0x43], 0 +je short loc_fffcf3be ; je 0xfffcf3be +movzx edx, byte [ebp + edi - 0x21] +push eax push 0 +push edx +movzx edx, bl push 1 -call fcn_fffc0a2d ; call 0xfffc0a2d +push edx +push dword [ebp - 0x3c] +push edi +push esi +call fcn_fffabc7a ; call 0xfffabc7a add esp, 0x20 -cmp dword [ebp - 0xe0e4], 3 -jne loc_fffd105e ; jne 0xfffd105e -jmp near loc_fffd110a ; jmp 0xfffd110a - -loc_fffd0fd2: ; not directly referenced -mov esi, dword [ebp - 0xe0e0] -xor ebx, ebx -add esi, 0x1c - -loc_fffd0fdd: ; not directly referenced -mov eax, dword [ebp - 0xe080] -bt eax, ebx -jb short loc_fffd0ff6 ; jb 0xfffd0ff6 - -loc_fffd0fe8: ; not directly referenced -inc ebx -add esi, 0xcc -cmp ebx, 2 -jne short loc_fffd0fdd ; jne 0xfffd0fdd -jmp short loc_fffd0f7a ; jmp 0xfffd0f7a - -loc_fffd0ff6: ; not directly referenced -sub dword [ebp + ebx*4 - 0xe04c], edi -mov byte [ebp - 0xe098], 0 -loc_fffd1004: ; not directly referenced -mov edx, dword [ebp + 8] -mov al, byte [ebp - 0xe098] -cmp al, byte [edx + 0x2488] -jae short loc_fffd0fe8 ; jae 0xfffd0fe8 -movzx edx, byte [ebp - 0xe098] -push 1 -lea eax, [edx + 0x1c] -mov cl, byte [esi + eax*4 + 9] -movzx eax, byte [esi + eax*4 + 0xa] -shr cl, 4 -and eax, 1 -movzx ecx, cl -shl eax, 4 -or eax, ecx -mov ecx, 0xf -add eax, dword [ebp + ebx*4 - 0xe04c] -cwde -push eax -mov eax, dword [ebp + 8] -push 1 +loc_fffcf3be: ; not directly referenced +cmp dword [ebp - 0x30], 0 +je short loc_fffcf378 ; je 0xfffcf378 +movzx edx, byte [ebp + edi - 0x21] +movzx ebx, bl +push ecx +push 0 push edx -mov edx, ebx -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 -inc byte [ebp - 0xe098] -jmp short loc_fffd1004 ; jmp 0xfffd1004 +push 2 +push ebx +push dword [ebp - 0x3c] +push edi +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +jmp short loc_fffcf378 ; jmp 0xfffcf378 -loc_fffd105e: ; not directly referenced -mov eax, dword [ebp + 8] -cmp dword [ebp - 0xe0a8], 0 -mov byte [ebp - 0xe07b], 1 -mov al, byte [eax + 0x2411] -sete dl -test byte [ebp - 0xe0a0], dl -jne short loc_fffd1092 ; jne 0xfffd1092 -test al, al -mov edi, 1 -cmove edi, eax -mov eax, edi -mov byte [ebp - 0xe07b], al +loc_fffcf3e2: ; not directly referenced +xor ecx, ecx +mov eax, 1 -loc_fffd1092: ; not directly referenced -lea eax, [ebp - 0xe062] -mov dword [ebp - 0xe09c], eax -movsx eax, byte [ebp - 0xe084] -mov dword [ebp - 0xe098], 0 -mov dword [ebp - 0xe0c8], eax +loc_fffcf3e9: ; not directly referenced +mov edx, eax +shl edx, cl +test byte [ebp - 0x32], dl +je short loc_fffcf432 ; je 0xfffcf432 +mov ebx, dword [ebp + 0x10] +mov edi, dword [ebp + 0x14] +mov bl, byte [ebx + ecx] +cmp byte [edi + ecx], bl +jbe short loc_fffcf432 ; jbe 0xfffcf432 +and dl, byte [ebp - 0x31] +cmp byte [ebp - 0x42], 0 +je short loc_fffcf41b ; je 0xfffcf41b +test dl, dl +mov dl, byte [ebp + ecx - 0x23] +je short loc_fffcf416 ; je 0xfffcf416 +dec edx +mov ebx, edi +jmp short loc_fffcf42f ; jmp 0xfffcf42f -loc_fffd10b5: ; not directly referenced -mov eax, dword [ebp - 0xe098] -mov ebx, 3 -mov ecx, eax -add ecx, eax -mov eax, dword [ebp + 8] -shl ebx, cl -test byte [eax + 0x248d], bl -jne short loc_fffd1143 ; jne 0xfffd1143 +loc_fffcf416: ; not directly referenced +mov ebx, dword [ebp + 0x10] +jmp short loc_fffcf42f ; jmp 0xfffcf42f -loc_fffd10d1: ; not directly referenced -inc dword [ebp - 0xe098] -inc dword [ebp - 0xe09c] -cmp dword [ebp - 0xe098], 2 -jne short loc_fffd10b5 ; jne 0xfffd10b5 -movsx edi, word [ebp - 0xe07a] -xor ebx, ebx +loc_fffcf41b: ; not directly referenced +test dl, dl +mov dl, byte [ebp + ecx - 0x23] +je short loc_fffcf42c ; je 0xfffcf42c +mov edi, dword [ebp + 0x10] +inc edx +mov byte [edi + ecx], dl +jmp short loc_fffcf432 ; jmp 0xfffcf432 -loc_fffd10ef: ; not directly referenced -mov eax, dword [ebp + 8] -xor esi, esi -movzx eax, byte [eax + 0x248e] -bt eax, ebx -jb loc_fffd1379 ; jb 0xfffd1379 +loc_fffcf42c: ; not directly referenced +mov ebx, dword [ebp + 0x14] -loc_fffd1104: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffd10ef ; jne 0xfffd10ef +loc_fffcf42f: ; not directly referenced +mov byte [ebx + ecx], dl -loc_fffd110a: ; not directly referenced -mov eax, dword [ebp + 8] -sub esp, 0xc -xor ecx, ecx -movzx edx, byte [eax + 0x248e] -push 0 -call fcn_fffcc3c6 ; call 0xfffcc3c6 -add esp, 0x10 -cmp dword [ebp - 0xe088], 0 -jne loc_fffd13a8 ; jne 0xfffd13a8 -sub esp, 0xc -push dword [ebp + 8] -call fcn_fffbdcd9 ; call 0xfffbdcd9 -add esp, 0x10 -jmp near loc_fffd13a8 ; jmp 0xfffd13a8 +loc_fffcf432: ; not directly referenced +inc ecx +cmp ecx, 2 +jne short loc_fffcf3e9 ; jne 0xfffcf3e9 +mov al, 1 +test byte [ebp - 0x32], 1 +je short loc_fffcf44d ; je 0xfffcf44d +mov eax, dword [ebp + 0x10] +mov ecx, dword [ebp + 0x14] +mov al, byte [eax] +cmp byte [ecx], al +setbe al -loc_fffd1143: ; not directly referenced -test byte [ebp - 0xe06d], bl -setne al -mov dl, al -or edx, 2 -test byte [ebp - 0xe06c], bl -cmovne eax, edx -xor esi, esi -and al, byte [ebp - 0xe0b9] -lea edx, [ebp - 0xd996] -mov edi, edx -movzx eax, al -mov dword [ebp - 0xe0a4], eax +loc_fffcf44d: ; not directly referenced +cmp dword [ebp - 0x40], 0 +je short loc_fffcf465 ; je 0xfffcf465 +mov ecx, dword [ebp + 0x10] +mov edi, dword [ebp + 0x14] +mov cl, byte [ecx + 1] +cmp byte [edi + 1], cl +ja loc_fffcf270 ; ja 0xfffcf270 -loc_fffd1173: ; not directly referenced -mov al, byte [ebp - 0xe07b] -sub esp, 0xc -mov edx, dword [ebp - 0xe09c] -mov ecx, dword [ebp - 0xe0a4] -add eax, esi +loc_fffcf465: ; not directly referenced test al, al -mov byte [edx], al -mov byte [edx + 2], al -sete al -mov edx, edi -and eax, dword [ebp - 0xe0a8] -add edi, 0x54e -push eax -push 0 -push 2 -lea eax, [ebp - 0xe069] -push eax -push dword [ebp - 0xe0c8] -lea eax, [ebp - 0xe062] -push eax -lea eax, [ebp - 0xe05a] -push eax -mov eax, dword [ebp + 8] -push 1 -push ebx -call fcn_fffbf2e9 ; call 0xfffbf2e9 -lea eax, [esi + 1] -inc esi -mov byte [ebp - 0xe0a0], al -mov al, byte [ebp - 0xe07b] -add esp, 0x30 -add eax, esi -cmp al, 2 -jbe short loc_fffd1173 ; jbe 0xfffd1173 -movsx eax, byte [ebp - 0xe0a0] -mov cl, byte [ebp - 0xe098] -mov dword [ebp - 0xe084], 1 -shl dword [ebp - 0xe084], cl -movzx ebx, al -mov dword [ebp - 0xe080], 0 -mov dword [ebp - 0xe0c0], ebx -mov dword [ebp - 0xe0c4], eax - -loc_fffd121c: ; not directly referenced -mov eax, dword [ebp - 0xe0a4] -mov edx, dword [ebp - 0xe080] -bt eax, edx -jae loc_fffd1361 ; jae 0xfffd1361 -mov al, byte [ebp - 0xd467] -xor edx, edx -mov byte [ebp - 0xe07c], al - -loc_fffd123f: ; not directly referenced -movzx ecx, dl -imul ebx, ecx, 0x2a7 -add ecx, ecx -add ebx, dword [ebp - 0xe080] -lea eax, [ebp - 0xd996] -add ebx, ebx -add ebx, eax -lea eax, [ebp - 0xe03a] -add ecx, eax -xor eax, eax - -loc_fffd1264: ; not directly referenced -cmp byte [ebp - 0xe07c], al -jbe short loc_fffd127e ; jbe 0xfffd127e -imul esi, eax, 0x52 -mov di, word [ebx + eax*4 + 0x53a] -inc eax -mov word [ecx + esi], di -jmp short loc_fffd1264 ; jmp 0xfffd1264 - -loc_fffd127e: ; not directly referenced -inc edx -cmp dl, byte [ebp - 0xe0a0] -jne short loc_fffd123f ; jne 0xfffd123f -movzx eax, byte [ebp - 0xd467] -sub esp, 0xc -push 8 -mov ecx, dword [ebp - 0xe084] -push 0 -mov edx, dword [ebp - 0xe080] -lea ebx, [ebp - 0xe051] -push eax -push ebx -lea eax, [ebp - 0xd466] -push eax -push dword [ebp - 0xe0c0] -lea esi, [ebp - 0xe03a] -lea eax, [ebp - 0xd996] -lea edi, [ebp - 0xd996] -push 0x29 -push esi -push eax -mov eax, dword [ebp + 8] -call fcn_fffb97c0 ; call 0xfffb97c0 -add esp, 0x2c -mov ecx, esi +je loc_fffcf270 ; je 0xfffcf270 push 0 -lea eax, [ebp - 0xe044] -push eax -mov eax, dword [ebp + 8] -push 1 -push 1 -push ebx -push dword [ebp - 0xe0c4] -lea edx, [ebp - 0xdea0] -push 0x29 -call fcn_fffa5d2d ; call 0xfffa5d2d -movsx si, byte [ebp - 0xde9e] -add esp, 0x18 -add esi, dword [ebp - 0xdea0] -mov edx, 1 +xor edi, edi push 0 -push 1 -movsx esi, si -imul eax, esi, 0x54e -imul esi, esi, 0x2a7 -lea ebx, [edi + eax] -mov edi, dword [ebp - 0xe080] -mov eax, dword [ebp + 8] -mov ecx, edi -add esi, edi -shl edx, cl -mov ecx, ebx -call fcn_fffb3a79 ; call 0xfffb3a79 -add esi, esi -mov edx, edi -lea eax, [ebp - 0x18] -mov edi, dword [ebp - 0xe09c] -add esp, 0x10 -add esi, eax -mov eax, dword [ebp - 0xe098] -mov al, byte [eax + esi - 0xd97a] -mov byte [edi + edx*2], al - -loc_fffd1361: ; not directly referenced -inc dword [ebp - 0xe080] -cmp dword [ebp - 0xe080], 2 -jne loc_fffd121c ; jne 0xfffd121c -jmp near loc_fffd10d1 ; jmp 0xfffd10d1 - -loc_fffd1379: ; not directly referenced -mov eax, esi -movzx eax, al -cmp eax, dword [ebp - 0xe0d0] -jae loc_fffd1104 ; jae 0xfffd1104 -push 1 -movzx ecx, byte [ebp + ebx - 0xe06d] -mov edx, ebx -push edi -inc esi -push 4 -push eax -mov eax, dword [ebp + 8] -call fcn_fffafdb2 ; call 0xfffafdb2 -add esp, 0x10 -jmp short loc_fffd1379 ; jmp 0xfffd1379 - -loc_fffd13a8: ; not directly referenced -push eax -mov edx, dword [ebp - 0xe0b8] -push eax -mov eax, dword [ebp + 8] -movzx ecx, byte [eax + 0x248e] push 0 -push 0xf push 0 push 0 push 0 push 2 -call fcn_fffc0a2d ; call 0xfffc0a2d +push esi +call fcn_fffcce33 ; call 0xfffcce33 add esp, 0x20 -cmp dword [ebp - 0xe088], 1 -jne short loc_fffd13e5 ; jne 0xfffd13e5 -sub esp, 0xc -push dword [ebp + 8] -call fcn_fffbdcd9 ; call 0xfffbdcd9 -add esp, 0x10 +cmp dword [ebp - 0x2c], 0 +jne short loc_fffcf49d ; jne 0xfffcf49d -loc_fffd13e5: ; not directly referenced +loc_fffcf48c: ; not directly referenced +sub esp, 0xc +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d lea esp, [ebp - 0xc] pop ebx pop esi @@ -66173,2632 +63510,2891 @@ pop edi pop ebp ret -fcn_fffd13ed: ; not directly referenced +loc_fffcf49d: ; not directly referenced +mov al, byte [ebp - 0x34] +and eax, 1 +mov byte [ebp - 0x31], al +movzx eax, byte [ebp - 0x41] +mov dword [ebp - 0x2c], eax + +loc_fffcf4ad: ; not directly referenced +mov eax, dword [ebp - 0x38] +bt eax, edi +jb short loc_fffcf4bd ; jb 0xfffcf4bd + +loc_fffcf4b5: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffcf4ad ; jne 0xfffcf4ad +jmp short loc_fffcf48c ; jmp 0xfffcf48c + +loc_fffcf4bd: ; not directly referenced +imul edx, edi, 0x13c3 +mov bl, byte [ebp - 0x33] +and bl, byte [esi + edx + 0x381b] +cmp byte [ebp - 0x31], 0 +je short loc_fffcf4ef ; je 0xfffcf4ef +push edx +movzx edx, byte [ebp + edi - 0x21] +push 0 +push edx +movzx edx, bl +push 1 +push edx +push dword [ebp - 0x2c] +push edi +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 + +loc_fffcf4ef: ; not directly referenced +cmp dword [ebp - 0x30], 0 +je short loc_fffcf4b5 ; je 0xfffcf4b5 +movzx edx, byte [ebp + edi - 0x21] +movzx ebx, bl +push eax +push 0 +push edx +push 2 +push ebx +push dword [ebp - 0x2c] +push edi +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +jmp short loc_fffcf4b5 ; jmp 0xfffcf4b5 + +fcn_fffcf513: ; not directly referenced push ebp mov ebp, esp push edi -mov edi, eax push esi +mov esi, eax push ebx -sub esp, 0x10c -mov eax, dword [ebp + 0x10] -mov byte [ebp - 0xfa], cl -mov cl, byte [ebp + 0xc] -mov ebx, dword [ebp + 8] -mov dword [ebp - 0xbc], edx -mov dword [ebp - 0xe4], eax -mov byte [ebp - 0xd4], cl -mov ecx, eax -mov byte [ebp - 0xeb], al -mov al, byte [ebp + 0x18] -mov byte [ebp - 0xec], bl -mov byte [ebp - 0xd3], al -mov eax, dword [edi + 0x2443] -mov dword [ebp - 0xf8], eax -mov al, cl -shr al, 4 -inc eax -mov byte [ebp - 0xf9], al -xor eax, eax -cmp cl, 0x21 -ja short loc_fffd1460 ; ja 0xfffd1460 -movzx eax, byte [ebp - 0xe4] -movzx eax, byte [eax + ref_fffd5f1c] ; movzx eax, byte [eax - 0x2a0e4] +xor ebx, ebx +sub esp, 0x40 +mov al, byte [ebp + 8] +push 1 +movzx edi, byte [ebp + 0xc] +push 7 +mov byte [ebp - 0x31], al +mov eax, dword [ebp + 0x14] +mov byte [ebp - 0x2a], dl +lea edx, [ebp - 0x27] +push edx +mov word [ebp - 0x2c], ax +mov eax, dword [ebp + 0x18] +mov byte [ebp - 0x29], cl +mov dword [ebp - 0x1c], 0 +mov dword [ebp - 0x20], 0 +mov word [ebp - 0x34], ax +mov eax, dword [esi + 0x2444] +call dword [eax + 0x5c] ; ucall +movzx eax, byte [ebp - 0x29] +add esp, 0x10 +mov dword [ebp - 0x3c], edi +mov dword [ebp - 0x30], eax -loc_fffd1460: ; not directly referenced -mov ecx, dword [ebp - 0xe4] -mov dword [ebp - 0xd8], 1 -cmp cl, 0x21 -sete dl -cmp cl, 0x11 -sete cl -or dl, cl -jne short loc_fffd1492 ; jne 0xfffd1492 -xor ecx, ecx -cmp byte [ebp - 0xe4], 5 -sete cl -mov dword [ebp - 0xd8], ecx +loc_fffcf56a: ; not directly referenced +movsx eax, bx +xor edi, edi +mov dword [ebp - 0x38], eax -loc_fffd1492: ; not directly referenced -movzx ecx, byte [edi + 0x2488] -mov esi, 1 -shl esi, cl -dec esi -cmp byte [edi + 0x248b], 1 -mov word [ebp - 0xea], si -jne short loc_fffd151e ; jne 0xfffd151e -mov cl, byte [edi + 0x248c] -lea esi, [ecx + 4] -mov byte [ebp - 0x9a], cl -mov edx, esi -mov byte [ebp - 0x99], cl -add ecx, 2 -mov byte [ebp - 0x98], dl -mov byte [ebp - 0x97], cl +loc_fffcf572: ; not directly referenced +mov eax, dword [ebp - 0x30] +bt eax, edi +jae short loc_fffcf5a6 ; jae 0xfffcf5a6 +cmp dword [ebp + edi*4 - 0x20], 0 +jne short loc_fffcf5a6 ; jne 0xfffcf5a6 +mov eax, dword [ebp + 0x10] +push edx +push 0 +movzx edx, byte [eax + edi] +add edx, dword [ebp - 0x38] +push edx +movzx edx, byte [ebp - 0x31] +push dword [ebp - 0x3c] +push edx +movzx edx, byte [ebp - 0x2a] +push edx +push edi +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffd14d7: ; not directly referenced -imul eax, eax, 0x240 -movzx ebx, bl -add eax, dword [ebp - 0xbc] -mov dword [ebp - 0xc4], 0 -mov byte [ebp - 0xd2], 0 -mov dword [ebp - 0xc8], eax -imul eax, ebx, 0x24 -mov dword [ebp - 0x110], eax -movzx eax, byte [ebp - 0xec] -mov dword [ebp - 0x118], eax -imul eax, eax, 0x12 -mov dword [ebp - 0xd0], eax -jmp short loc_fffd1559 ; jmp 0xfffd1559 +loc_fffcf5a6: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffcf572 ; jne 0xfffcf572 +cmp dword [ebp + 0x20], 0 +jne short loc_fffcf5be ; jne 0xfffcf5be +sub esp, 0xc +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 -loc_fffd151e: ; not directly referenced -mov byte [ebp - 0x9a], 1 -mov byte [ebp - 0x99], 1 -mov byte [ebp - 0x98], 1 -mov byte [ebp - 0x97], 1 -jmp short loc_fffd14d7 ; jmp 0xfffd14d7 +loc_fffcf5be: ; not directly referenced +mov edx, dword [ebp - 0x30] +push eax +movzx ecx, byte [esi + 0x248c] +push 0 +push 1 +lea eax, [ebp - 0x27] +push eax +mov eax, esi +call fcn_fffaa5b3 ; call 0xfffaa5b3 +mov dl, bl +add esp, 0x10 +neg edx +test bx, bx +cmovns edx, ebx +test byte [ebp - 0x29], 1 +je short loc_fffcf603 ; je 0xfffcf603 +cmp dword [ebp - 0x20], 0 +jne short loc_fffcf603 ; jne 0xfffcf603 +test al, 1 +je short loc_fffcf5fe ; je 0xfffcf5fe +mov dword [ebp - 0x20], 1 +jmp short loc_fffcf603 ; jmp 0xfffcf603 -loc_fffd153c: ; not directly referenced -inc ebx -cmp ebx, 2 -jne loc_fffd1f38 ; jne 0xfffd1f38 -inc dword [ebp - 0xc4] -cmp dword [ebp - 0xc4], 2 -je loc_fffd1fc4 ; je 0xfffd1fc4 +loc_fffcf5fe: ; not directly referenced +mov ecx, dword [ebp + 0x1c] +mov byte [ecx], dl -loc_fffd1559: ; not directly referenced -mov ebx, dword [ebp - 0xf8] -lea eax, [ebp - 0xa2] -xor esi, esi -push ecx +loc_fffcf603: ; not directly referenced +test byte [ebp - 0x29], 2 +je short loc_fffcf622 ; je 0xfffcf622 +cmp dword [ebp - 0x1c], 0 +jne short loc_fffcf622 ; jne 0xfffcf622 +test al, 2 +jne short loc_fffcf61b ; jne 0xfffcf61b +mov eax, dword [ebp + 0x1c] +mov byte [eax + 1], dl +jmp short loc_fffcf622 ; jmp 0xfffcf622 + +loc_fffcf61b: ; not directly referenced +mov dword [ebp - 0x1c], 1 + +loc_fffcf622: ; not directly referenced +mov eax, dword [ebp - 0x34] +add ebx, eax +test ax, ax +jle short loc_fffcf635 ; jle 0xfffcf635 +cmp bx, word [ebp - 0x2c] +setg al +jmp short loc_fffcf63c ; jmp 0xfffcf63c + +loc_fffcf635: ; not directly referenced +cmp bx, word [ebp - 0x2c] +setl al + +loc_fffcf63c: ; not directly referenced +cmp dword [ebp - 0x20], 0 +movzx eax, al +je short loc_fffcf64b ; je 0xfffcf64b +cmp dword [ebp - 0x1c], 0 +jne short loc_fffcf653 ; jne 0xfffcf653 + +loc_fffcf64b: ; not directly referenced +test eax, eax +je loc_fffcf56a ; je 0xfffcf56a + +loc_fffcf653: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffcf65b: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +mov esi, edx +push ebx +sub esp, 0x90 +mov eax, dword [ebp + 0x10] +push 1 +push 7 +mov ebx, eax +mov dword [ebp - 0x78], eax +mov al, byte [ebp + 8] +mov byte [ebp - 0x89], bl +mov ebx, dword [edi + 0x2444] +mov dword [ebp - 0x88], edx +mov byte [ebp - 0x69], dl +mov byte [ebp - 0x6a], al +mov al, byte [ebp + 0xc] +mov byte [ebp - 0x68], cl +mov byte [ebp - 0x74], al +mov al, byte [ebp + 0x14] +mov byte [ebp - 0x7c], al +mov al, byte [ebp + 0x18] +mov byte [ebp - 0x8a], al +lea eax, [ebp - 0x4f] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc push 0 -push 4 +push 2 +lea eax, [ebp - 0x53] push eax -mov eax, ebx -call dword [eax + 0x5c] ; ucall +call dword [ebx + 0x5c] ; ucall add esp, 0xc push 0 -push 4 -lea eax, [ebp - 0x9e] +push 2 +lea eax, [ebp - 0x51] push eax -mov eax, ebx -call dword [eax + 0x5c] ; ucall -lea eax, [ebp - 0x72] +call dword [ebx + 0x5c] ; ucall +xor eax, eax add esp, 0x10 -mov dword [ebp - 0xbc], eax +cmp dword [edi + 0x2481], 3 +sete al +mov dword [ebp - 0x60], eax +mov eax, esi +cmp al, 6 +je short loc_fffcf717 ; je 0xfffcf717 -loc_fffd1591: ; not directly referenced -movzx eax, byte [ebp - 0xfa] -bt eax, esi -mov dword [ebp - 0xe0], eax -jb short loc_fffd15bf ; jb 0xfffd15bf -mov ax, word [ebp - 0xea] -mov word [ebp + esi*2 - 0xa2], ax -mov word [ebp + esi*2 - 0x9e], ax -jmp near loc_fffd1766 ; jmp 0xfffd1766 +loc_fffcf6e5: ; not directly referenced +cmp dword [ebp - 0x60], 1 +sbb eax, eax +mov dword [ebp - 0x60], eax +movsx ax, byte [ebp - 0x78] +and byte [ebp - 0x60], 4 +add byte [ebp - 0x60], 2 +mov word [ebp - 0x6c], ax +mov word [ebp - 0x64], ax +mov al, byte [ebp - 0x7c] +sub eax, dword [ebp - 0x60] +movzx eax, al +mov dword [ebp - 0x94], eax +jmp near loc_fffcf892 ; jmp 0xfffcf892 -loc_fffd15bf: ; not directly referenced -mov eax, dword [ebp - 0xbc] -mov byte [ebp - 0xc0], 0 -mov byte [eax], 0x7f -mov eax, esi -shl eax, 0xa -add eax, 0x40f0 -mov dword [ebp - 0xf0], eax -lea eax, [esi + esi*8] -mov dword [ebp - 0xe8], eax +loc_fffcf717: ; not directly referenced +movzx esi, byte [ebp - 0x68] +lea eax, [edi + 0x3757] +mov dword [ebp - 0x5c], eax +xor eax, eax +mov dword [ebp - 0x70], esi -loc_fffd15e8: ; not directly referenced -mov al, byte [ebp - 0xc0] -cmp al, byte [edi + 0x2488] -jae loc_fffd171e ; jae 0xfffd171e -movzx eax, byte [ebp - 0xc0] -lea ecx, [ebp - 0x18] -mov ebx, eax -mov dword [ebp - 0xcc], eax -lea eax, [esi + esi*8] -lea edx, [ecx + eax] -add eax, ebx -mov dword [ebp + eax*4 - 0x60], 0 -movzx eax, byte [ebp - 0xd3] -cmp byte [ebp - 0xeb], 1 -mov byte [ebx + edx - 0x7e], 0x7f -mov byte [ebp - 0xd1], al -jne short loc_fffd1659 ; jne 0xfffd1659 -push edx -movzx ecx, byte [ebp - 0xd4] +loc_fffcf729: ; not directly referenced +mov esi, dword [ebp - 0x70] +bt esi, eax +jae loc_fffcf7f5 ; jae 0xfffcf7f5 +mov esi, dword [ebp - 0x5c] +mov ebx, dword [esi + 0x111] +mov ecx, dword [esi + 0x11d] +cmp bl, cl +mov esi, ecx +cmovl esi, ebx +cmp cl, bl mov edx, esi -push eax -mov eax, edi -push dword [ebp - 0xc4] -push ebx -call fcn_fffaec68 ; call 0xfffaec68 -add esp, 0x10 -mov byte [ebp - 0xd1], al - -loc_fffd1659: ; not directly referenced -lea eax, [esi + esi*8] -xor edx, edx -mov dword [ebp - 0xdc], eax -mov eax, dword [ebp - 0xd0] -mov ecx, 0xa -mov ebx, dword [ebp - 0xdc] -add ebx, eax -mov eax, dword [ebp - 0xc8] -add ebx, dword [ebp - 0xcc] -add ebx, ebx -add ebx, dword [ebp - 0xc4] -mov eax, dword [eax + ebx*4] -div ecx -movzx edx, byte [ebp - 0xd1] -cmp eax, edx -cmova eax, edx -mov edx, dword [ebp - 0xc8] -cmp dword [ebp - 0xd8], 1 -mov dword [edx + ebx*4], eax -jne short loc_fffd16d2 ; jne 0xfffd16d2 -mov ebx, dword [ebp - 0xbc] -movzx edx, byte [ebx] -cmp eax, edx -jae short loc_fffd16e9 ; jae 0xfffd16e9 -mov ebx, dword [ebp - 0xe8] -mov byte [ebp + ebx - 0x84], al -mov ebx, dword [ebp - 0xbc] -mov byte [ebx], al -jmp short loc_fffd16e9 ; jmp 0xfffd16e9 +mov esi, dword [ebp - 0x5c] +cmovbe ecx, ebx +mov byte [ebp + eax - 0x53], dl +mov byte [ebp + eax - 0x51], cl +xor ecx, ecx +mov dl, byte [esi + 0xc4] +mov byte [ebp - 0x64], dl -loc_fffd16d2: ; not directly referenced -mov ecx, dword [ebp - 0xdc] -lea ebx, [ebp - 0x18] -add ecx, ebx -add ecx, dword [ebp - 0xcc] -mov byte [ecx - 0x6c], al -mov byte [ecx - 0x5a], al +loc_fffcf768: ; not directly referenced +mov ebx, 1 +shl ebx, cl +test byte [ebp - 0x64], bl +je short loc_fffcf7a0 ; je 0xfffcf7a0 +mov esi, dword [ebp - 0x5c] +mov bl, byte [esi + ecx + 0x245] +movzx esi, byte [ebp + eax - 0x53] +cmp bl, byte [ebp + eax - 0x53] +cmovle esi, ebx +mov edx, esi +movzx esi, byte [ebp + eax - 0x51] +cmp bl, byte [ebp + eax - 0x51] +mov byte [ebp + eax - 0x53], dl +cmovb ebx, esi +mov byte [ebp + eax - 0x51], bl -loc_fffd16e9: ; not directly referenced -movzx eax, byte [ebp - 0xc0] -mov ebx, dword [ebp + 0x14] -movzx ecx, byte [ebx + eax] -mov eax, dword [ebp - 0xf0] -mov ebx, dword [ebp - 0xcc] -and ecx, 0x7f -or ch, 1 -lea edx, [eax + ebx*4] -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -inc byte [ebp - 0xc0] -jmp near loc_fffd15e8 ; jmp 0xfffd15e8 +loc_fffcf7a0: ; not directly referenced +inc ecx +cmp ecx, 4 +jne short loc_fffcf768 ; jne 0xfffcf768 +cmp dword [ebp - 0x60], 0 +je short loc_fffcf7e7 ; je 0xfffcf7e7 +mov ecx, dword [ebp - 0x5c] +mov esi, dword [ecx + 0x109] +mov ecx, dword [ecx + 0x115] +mov edx, esi +mov ebx, esi +cmp cl, dl +mov dl, byte [ebp + eax - 0x53] +cmovl ebx, ecx +cmp bl, byte [ebp + eax - 0x53] +cmovg ebx, edx +mov edx, esi +mov byte [ebp + eax - 0x53], bl +mov bl, byte [ebp + eax - 0x51] +cmp bl, dl +cmovbe ebx, esi +cmp bl, cl +cmovbe ebx, ecx +mov byte [ebp + eax - 0x51], bl -loc_fffd171e: ; not directly referenced -cmp dword [ebp - 0xd8], 1 -jne short loc_fffd1766 ; jne 0xfffd1766 -lea edx, [esi + esi*8] -xor eax, eax -add edx, dword [ebp - 0xd0] -mov dword [ebp - 0xc0], edx +loc_fffcf7e7: ; not directly referenced +mov cl, 0x7f +neg byte [ebp + eax - 0x53] +sub cl, byte [ebp + eax - 0x51] +mov byte [ebp + eax - 0x51], cl -loc_fffd1738: ; not directly referenced -cmp al, byte [edi + 0x2488] -jae short loc_fffd1766 ; jae 0xfffd1766 -mov ebx, dword [ebp - 0xbc] -movzx ecx, al +loc_fffcf7f5: ; not directly referenced inc eax -add ecx, dword [ebp - 0xc0] -mov edx, dword [ebp - 0xc8] -movzx ebx, byte [ebx] -add ecx, ecx -add ecx, dword [ebp - 0xc4] -mov dword [edx + ecx*4], ebx -jmp short loc_fffd1738 ; jmp 0xfffd1738 +add dword [ebp - 0x5c], 0x13c3 +cmp eax, 2 +jne loc_fffcf729 ; jne 0xfffcf729 +jmp near loc_fffcf6e5 ; jmp 0xfffcf6e5 -loc_fffd1766: ; not directly referenced -inc esi -add dword [ebp - 0xbc], 9 -cmp esi, 2 -jne loc_fffd1591 ; jne 0xfffd1591 -mov eax, dword [ebp - 0xc4] -lea esi, [eax + eax - 1] -mov dword [ebp - 0x114], esi -mov esi, dword [ebp - 0xc8] -add eax, dword [ebp - 0x110] -lea eax, [esi + eax*4] -mov dword [ebp - 0xf0], eax +loc_fffcf80b: ; not directly referenced +mov eax, dword [ebp - 0x70] +bt eax, ebx +jb loc_fffcf8ba ; jb 0xfffcf8ba -loc_fffd179c: ; not directly referenced -mov ecx, 4 -mov edx, 0x4800 +loc_fffcf817: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffcf80b ; jne 0xfffcf80b +sub esp, 0xc +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +cmp dword [ebp + 0x24], 0 +je loc_fffcf90d ; je 0xfffcf90d +movzx ecx, byte [edi + 0x248c] +push eax +mov edx, dword [ebp - 0x70] +push 0 +push 1 +lea eax, [ebp - 0x4f] +push eax mov eax, edi -xor esi, esi -call fcn_fffae58c ; call 0xfffae58c +call fcn_fffaa5b3 ; call 0xfffaa5b3 +add esp, 0x10 +mov byte [ebp - 0x5c], al -loc_fffd17af: ; not directly referenced -movzx eax, byte [ebp - 0xf9] +loc_fffcf853: ; not directly referenced +cmp byte [ebp - 0x69], 6 +je loc_fffcf966 ; je 0xfffcf966 + +loc_fffcf85d: ; not directly referenced +movzx eax, byte [ebp - 0x60] +mov edx, esi +xor ecx, ecx +sub edx, eax +mov dword [ebp - 0x70], eax +movsx eax, byte [ebp - 0x89] +mov dword [ebp - 0x80], edx + +loc_fffcf874: ; not directly referenced +mov edx, 1 +shl edx, cl +test byte [ebp - 0x68], dl +jne loc_fffcf9a0 ; jne 0xfffcf9a0 + +loc_fffcf884: ; not directly referenced +inc ecx +cmp ecx, 2 +jne short loc_fffcf874 ; jne 0xfffcf874 +movzx eax, byte [ebp - 0x60] +add word [ebp - 0x64], ax + +loc_fffcf892: ; not directly referenced +movzx eax, byte [ebp - 0x7c] +movsx esi, word [ebp - 0x64] +mov dword [ebp - 0x5c], eax cmp esi, eax -jae loc_fffd1883 ; jae 0xfffd1883 +jg loc_fffcfa7e ; jg 0xfffcfa7e +movzx eax, byte [ebp - 0x68] xor ebx, ebx +mov dword [ebp - 0x70], eax +movzx eax, byte [ebp - 0x74] +mov dword [ebp - 0x5c], eax +jmp near loc_fffcf80b ; jmp 0xfffcf80b -loc_fffd17c0: ; not directly referenced -mov eax, dword [ebp - 0xe0] -bt eax, ebx -jb short loc_fffd17fd ; jb 0xfffd17fd +loc_fffcf8ba: ; not directly referenced +imul eax, ebx, 0x13c3 +mov cl, byte [ebp - 0x6a] +and cl, byte [edi + eax + 0x381b] +movzx eax, byte [ebp - 0x69] +movzx ecx, cl +cmp al, 6 +je short loc_fffcf8ed ; je 0xfffcf8ed +push edx +push 0 +push esi +push dword [ebp - 0x5c] +push ecx +push eax +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 +jmp near loc_fffcf817 ; jmp 0xfffcf817 -loc_fffd17cb: ; not directly referenced -inc ebx -cmp ebx, 2 -jne short loc_fffd17c0 ; jne 0xfffd17c0 +loc_fffcf8ed: ; not directly referenced xor eax, eax -mov edx, dword [ebp - 0xe0] -test esi, esi -push ecx -movzx ecx, byte [edi + 0x248b] +mov edx, ebx +cmp dword [ebp + 0x20], 0 sete al -push 0 -inc esi -push eax -lea eax, [ebp - 0x9a] push eax mov eax, edi -call fcn_fffb0f94 ; call 0xfffb0f94 +push 0 +push esi +push 0 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -jmp short loc_fffd17af ; jmp 0xfffd17af +jmp near loc_fffcf817 ; jmp 0xfffcf817 -loc_fffd17fd: ; not directly referenced -mov eax, dword [ebp - 0xe0] -lea ecx, [ebx + 1] -xor edx, edx -sar eax, cl -mov dword [ebp - 0xbc], eax +loc_fffcf90d: ; not directly referenced +xor ebx, ebx +mov byte [ebp - 0x5c], 0 -loc_fffd1810: ; not directly referenced -cmp dl, byte [edi + 0x2488] -jae short loc_fffd17cb ; jae 0xfffd17cb -push 1 -movzx eax, dl -push dword [ebp - 0xbc] -lea ecx, [ebx + ebx*8] -add ecx, dword [ebp - 0xd0] -mov dword [ebp - 0xc0], edx -mov edx, dword [ebp - 0xc8] +loc_fffcf913: ; not directly referenced +mov eax, dword [ebp + 0x1c] push 0 push 0 -push eax -add eax, ecx -mov ecx, dword [ebp - 0x114] -push dword [ebp - 0x118] -add eax, eax -add eax, dword [ebp - 0xc4] -push ebx push 0 -push esi -imul ecx, dword [edx + eax*4] -movzx eax, byte [ebp - 0xeb] -push ecx +push 0 +movsx eax, byte [eax + ebx] push eax +push 0 +push 2 push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov edx, dword [ebp - 0xc0] -cmp dword [ebp - 0xd8], 0 -jne loc_fffd17cb ; jne 0xfffd17cb -inc edx -jmp short loc_fffd1810 ; jmp 0xfffd1810 +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x1c +movzx ecx, byte [edi + 0x248c] +mov edx, dword [ebp - 0x70] +lea eax, [ebp - 0x4f] +push 0 +push 1 +push eax +mov eax, edi +call fcn_fffaa5b3 ; call 0xfffaa5b3 +add esp, 0x10 +or byte [ebp - 0x5c], al +mov al, byte [ebp - 0x68] +cmp byte [ebp - 0x5c], al +je loc_fffcf853 ; je 0xfffcf853 +inc ebx +cmp ebx, 2 +jne short loc_fffcf913 ; jne 0xfffcf913 +jmp near loc_fffcf853 ; jmp 0xfffcf853 -loc_fffd1883: ; not directly referenced -xor esi, esi +loc_fffcf966: ; not directly referenced +movsx ax, byte [ebp - 0x53] +cmp word [ebp - 0x64], ax +jge short loc_fffcf977 ; jge 0xfffcf977 -loc_fffd1885: ; not directly referenced -mov eax, dword [ebp - 0xe0] -bt eax, esi -jae loc_fffd1edf ; jae 0xfffd1edf -mov eax, esi -shl eax, 0xa -add eax, 0x4114 -mov dword [ebp - 0x10c], eax -mov byte [ebp - 0xe8], 0 - -loc_fffd18ab: ; not directly referenced -mov al, byte [ebp - 0xe8] -cmp al, byte [edi + 0x2488] -jae loc_fffd1e18 ; jae 0xfffd1e18 -mov cl, byte [ebp - 0xe8] -movzx eax, cl -mov dword [ebp - 0xbc], eax -mov eax, 1 -shl eax, cl -mov ebx, eax -mov dword [ebp - 0xc0], eax -mov ax, word [ebp + esi*2 - 0x9e] -and ax, word [ebp + esi*2 - 0xa2] -test bx, ax -jne loc_fffd1e0d ; jne 0xfffd1e0d -xor eax, eax -mov bl, cl -mov edx, dword [ebp - 0x10c] -cmp dword [ebp - 0xd8], 1 -cmovne eax, ebx -mov ebx, dword [ebp - 0xbc] -mov byte [ebp - 0xd2], al -mov eax, edi -lea edx, [edx + ebx*4] -call fcn_fffae52a ; call 0xfffae52a -mov edx, dword [ebp - 0xd0] -lea ebx, [esi + esi*8] -mov ecx, dword [ebp - 0xbc] -add edx, ebx -add edx, ecx -mov dword [ebp - 0xdc], eax -mov eax, dword [ebp - 0xc8] -add edx, edx -add edx, dword [ebp - 0xc4] -mov edx, dword [eax + edx*4] -lea eax, [ebp - 0x18] -add eax, ebx -add ecx, eax -mov dword [ebp - 0xf4], eax -mov al, byte [ecx - 0x7e] -mov dword [ebp - 0xcc], edx -mov byte [ebp - 0x100], al -sub edx, eax -mov eax, dword [ebp - 0xdc] -mov byte [ebp - 0xd1], dl -mov edx, dword [ebp - 0xf4] -and eax, 0x7fffff -mov dword [ebp - 0xdc], eax -movzx eax, byte [ebp - 0xd2] -jne loc_fffd1abc ; jne 0xfffd1abc -add edx, eax -mov al, byte [ebp - 0xcc] -cmp al, byte [edx - 0x6c] -jne loc_fffd1a4e ; jne 0xfffd1a4e -cmp byte [ebp - 0xd1], 0 -jns short loc_fffd19e2 ; jns 0xfffd19e2 -cmp byte [edx - 0x5a], al -jne short loc_fffd19cc ; jne 0xfffd19cc - -loc_fffd19af: ; not directly referenced -lea ebx, [ebp - 0x18] -mov ecx, dword [ebp - 0xbc] -lea eax, [esi + esi*8] -add eax, ebx -mov bl, byte [ebp - 0xcc] -mov byte [ecx + eax - 0x7e], bl -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 - -loc_fffd19cc: ; not directly referenced -mov dword [ebp - 0xa8], 1 - -loc_fffd19d6: ; not directly referenced -mov eax, dword [ebp - 0xa8] -test eax, eax -jne short loc_fffd19d6 ; jne 0xfffd19d6 -jmp short loc_fffd19af ; jmp 0xfffd19af - -loc_fffd19e2: ; not directly referenced -cmp byte [ebp - 0xd1], 1 -jne short loc_fffd1a1a ; jne 0xfffd1a1a -add ebx, dword [ebp - 0xbc] -mov eax, dword [ebp + ebx*4 - 0x60] -shr eax, 8 -xor ah, ah -mov dword [ebp + ebx*4 - 0x60], eax -mov al, byte [ebp - 0xcc] -mov byte [ecx - 0x7e], al -mov eax, dword [ebp - 0xc0] -or word [ebp + esi*2 - 0xa2], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcf971: ; not directly referenced +or byte [ebp - 0x5c], 1 +jmp short loc_fffcf97f ; jmp 0xfffcf97f -loc_fffd1a1a: ; not directly referenced -cmp byte [ebp - 0xd1], 2 -jne short loc_fffd1a35 ; jne 0xfffd1a35 -xor eax, eax -call fcn_fffaebf8 ; call 0xfffaebf8 -add ebx, dword [ebp - 0xbc] -jmp near loc_fffd1b3b ; jmp 0xfffd1b3b +loc_fffcf977: ; not directly referenced +movzx eax, byte [ebp - 0x51] +cmp esi, eax +jg short loc_fffcf971 ; jg 0xfffcf971 -loc_fffd1a35: ; not directly referenced -mov dword [ebp - 0xac], 1 +loc_fffcf97f: ; not directly referenced +movsx ax, byte [ebp - 0x52] +cmp word [ebp - 0x64], ax +jge short loc_fffcf993 ; jge 0xfffcf993 -loc_fffd1a3f: ; not directly referenced -mov eax, dword [ebp - 0xac] -test eax, eax -jne short loc_fffd1a3f ; jne 0xfffd1a3f -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcf98a: ; not directly referenced +or byte [ebp - 0x5c], 2 +jmp near loc_fffcf85d ; jmp 0xfffcf85d -loc_fffd1a4e: ; not directly referenced -mov al, byte [ebp - 0xcc] -cmp al, byte [edx - 0x5a] -jne loc_fffd1c91 ; jne 0xfffd1c91 -mov ax, word [ebp + esi*2 - 0xa2] -test word [ebp - 0xc0], ax -jne loc_fffd1e0d ; jne 0xfffd1e0d -cmp byte [ebp - 0xd1], 0xff -jne short loc_fffd1a9c ; jne 0xfffd1a9c -add ebx, dword [ebp - 0xbc] -or eax, dword [ebp - 0xc0] -and dword [ebp + ebx*4 - 0x60], 0xffffff00 -mov word [ebp + esi*2 - 0xa2], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcf993: ; not directly referenced +movzx eax, byte [ebp - 0x50] +cmp esi, eax +jg short loc_fffcf98a ; jg 0xfffcf98a +jmp near loc_fffcf85d ; jmp 0xfffcf85d -loc_fffd1a9c: ; not directly referenced -mov edx, dword [ebp - 0xc0] -mov bl, byte [ebp - 0xcc] -not edx -and edx, eax -mov byte [ecx - 0x7e], bl -mov word [ebp + esi*2 - 0xa2], dx -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcf9a0: ; not directly referenced +test byte [ebp - 0x5c], dl +mov ebx, dword [ebp - 0x6c] +sete dl +movzx edx, dl +cmp word [ebp - 0x64], bx +jne short loc_fffcf9f5 ; jne 0xfffcf9f5 +test edx, edx +je short loc_fffcf9d3 ; je 0xfffcf9d3 +mov dword [ebp + ecx*4 - 0x20], eax +mov dword [ebp + ecx*4 - 0x28], eax +mov dword [ebp + ecx*4 - 0x30], eax +mov dword [ebp + ecx*4 - 0x38], eax +mov dword [ebp + ecx*4 - 0x40], eax +mov dword [ebp + ecx*4 - 0x48], eax +jmp near loc_fffcf884 ; jmp 0xfffcf884 -loc_fffd1abc: ; not directly referenced -add edx, eax -mov al, byte [edx - 0x6c] -mov byte [ebp - 0xf4], al -cmp byte [ebp - 0xcc], al -jne loc_fffd1b61 ; jne 0xfffd1b61 -cmp byte [ebp - 0xd1], 2 -jle short loc_fffd1af5 ; jle 0xfffd1af5 -mov dword [ebp - 0xb0], 1 +loc_fffcf9d3: ; not directly referenced +mov edx, eax +sub edx, dword [ebp - 0x70] +mov dword [ebp + ecx*4 - 0x20], edx +mov dword [ebp + ecx*4 - 0x28], edx +mov dword [ebp + ecx*4 - 0x30], edx +mov dword [ebp + ecx*4 - 0x38], edx +mov dword [ebp + ecx*4 - 0x40], edx +mov dword [ebp + ecx*4 - 0x48], edx +jmp near loc_fffcf884 ; jmp 0xfffcf884 -loc_fffd1ae6: ; not directly referenced -mov eax, dword [ebp - 0xb0] -test eax, eax -jne short loc_fffd1ae6 ; jne 0xfffd1ae6 -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcf9f5: ; not directly referenced +test edx, edx +je loc_fffcf884 ; je 0xfffcf884 +mov ebx, dword [ebp - 0x80] +cmp dword [ebp + ecx*4 - 0x40], ebx +jne short loc_fffcfa0a ; jne 0xfffcfa0a +mov dword [ebp + ecx*4 - 0x40], esi -loc_fffd1af5: ; not directly referenced -mov eax, dword [ebp - 0xbc] -lea ebx, [ebx + eax] -mov eax, dword [ebp - 0xdc] -je short loc_fffd1b36 ; je 0xfffd1b36 -call fcn_fffaebf8 ; call 0xfffaebf8 -mov edx, dword [ebp + ebx*4 - 0x60] -and edx, 0xff00ffff -movzx eax, al -shl eax, 0x10 -or eax, edx -mov dword [ebp + ebx*4 - 0x60], eax -mov eax, dword [ebp - 0xc0] -not eax -and word [ebp + esi*2 - 0x9e], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcfa0a: ; not directly referenced +mov ebx, dword [ebp - 0x80] +cmp dword [ebp + ecx*4 - 0x30], ebx +mov dword [ebp + ecx*4 - 0x30], esi +je short loc_fffcfa1b ; je 0xfffcfa1b +mov dword [ebp + ecx*4 - 0x38], esi -loc_fffd1b36: ; not directly referenced -call fcn_fffaebf8 ; call 0xfffaebf8 +loc_fffcfa1b: ; not directly referenced +cmp esi, dword [ebp - 0x94] +jl short loc_fffcfa41 ; jl 0xfffcfa41 +cmp dword [ebp + ecx*4 - 0x48], eax +jne short loc_fffcfa41 ; jne 0xfffcfa41 +cmp byte [ebp - 0x8a], 0 +je short loc_fffcfa41 ; je 0xfffcfa41 +mov edx, dword [ebp + ecx*4 - 0x40] +sub edx, eax +add edx, dword [ebp - 0x70] +add edx, esi +mov dword [ebp + ecx*4 - 0x30], edx -loc_fffd1b3b: ; not directly referenced -mov edx, dword [ebp + ebx*4 - 0x60] -shl eax, 0x18 -and edx, 0xffffff -or eax, edx -mov dword [ebp + ebx*4 - 0x60], eax -mov eax, dword [ebp - 0xc0] -or word [ebp + esi*2 - 0x9e], ax -jmp near loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcfa41: ; not directly referenced +mov edx, dword [ebp + ecx*4 - 0x30] +mov ebx, dword [ebp + ecx*4 - 0x38] +mov dword [ebp - 0x84], edx +sub edx, ebx +mov dword [ebp - 0x90], edx +mov edx, dword [ebp + ecx*4 - 0x20] +sub edx, dword [ebp + ecx*4 - 0x28] +cmp dword [ebp - 0x90], edx +jle loc_fffcf884 ; jle 0xfffcf884 +mov dword [ebp + ecx*4 - 0x28], ebx +mov ebx, dword [ebp - 0x84] +mov dword [ebp + ecx*4 - 0x20], ebx +jmp near loc_fffcf884 ; jmp 0xfffcf884 -loc_fffd1b61: ; not directly referenced -mov al, byte [ebp - 0xcc] -cmp al, byte [edx - 0x5a] -jne loc_fffd1c91 ; jne 0xfffd1c91 -cmp byte [ebp - 0x100], 0xff -je loc_fffd1c27 ; je 0xfffd1c27 -cmp byte [ebp - 0xd1], 0 -jg loc_fffd1c27 ; jg 0xfffd1c27 -movsx eax, byte [ebp - 0xd1] -mov dword [ebp - 0x100], eax -mov eax, dword [ebp - 0xdc] -call fcn_fffaebf8 ; call 0xfffaebf8 -mov edx, 1 -add ebx, dword [ebp - 0xbc] -mov ebx, dword [ebp + ebx*4 - 0x60] -mov dword [ebp - 0x104], eax -mov eax, dword [ebp - 0x100] -mov dword [ebp - 0x108], ebx +loc_fffcfa7e: ; not directly referenced +movzx eax, byte [ebp - 0x60] +mov ecx, 2 xor ebx, ebx -sub edx, eax -shl edx, 3 -lea ecx, [edx + 0x1f] -cmp cl, 0x3e -ja short loc_fffd1c03 ; ja 0xfffd1c03 -mov cl, al -movzx ebx, byte [ebp - 0x104] -mov eax, 0xff -lea ecx, [ecx*8 + 8] -shl eax, cl -not eax -and eax, dword [ebp - 0x108] -shl ebx, cl -mov cl, dl -or ebx, eax -test dl, dl -jle short loc_fffd1bff ; jle 0xfffd1bff -shl ebx, cl -jmp short loc_fffd1c03 ; jmp 0xfffd1c03 - -loc_fffd1bff: ; not directly referenced -neg ecx -shr ebx, cl +mov esi, dword [ebp - 0x5c] +lea eax, [eax + eax*2] +mov dword [ebp - 0x7c], eax +movsx eax, byte [ebp - 0x78] +add esi, eax +mov dword [ebp - 0x78], eax +mov eax, esi +cdq +idiv ecx +mov dword [ebp - 0x70], eax +movzx eax, byte [ebp - 0x68] +mov dword [ebp - 0x68], eax +movzx eax, byte [ebp - 0x74] +mov dword [ebp - 0x74], eax -loc_fffd1c03: ; not directly referenced -mov ecx, dword [ebp - 0xbc] -lea eax, [esi + esi*8] -lea edx, [eax + ecx] -mov dword [ebp + edx*4 - 0x60], ebx -lea ebx, [ebp - 0x18] -add eax, ebx -mov bl, byte [ebp - 0xcc] -lea edx, [ebx - 1] -mov byte [ecx + eax - 0x7e], dl -jmp short loc_fffd1c5a ; jmp 0xfffd1c5a +loc_fffcfab1: ; not directly referenced +mov eax, dword [ebp - 0x68] +bt eax, ebx +jb short loc_fffcfac5 ; jb 0xfffcfac5 -loc_fffd1c27: ; not directly referenced -mov ebx, dword [ebp - 0xbc] -lea eax, [esi + esi*8] -lea edx, [eax + ebx] -mov eax, dword [ebp - 0xdc] -mov ebx, dword [ebp + edx*4 - 0x60] -mov dword [ebp - 0x100], edx -call fcn_fffaebf8 ; call 0xfffaebf8 -mov edx, dword [ebp - 0x100] -movzx ebx, bx -shl eax, 0x10 -or eax, ebx -mov dword [ebp + edx*4 - 0x60], eax +loc_fffcfab9: ; not directly referenced +inc ebx +cmp ebx, 2 +je loc_fffcfb9c ; je 0xfffcfb9c +jmp short loc_fffcfab1 ; jmp 0xfffcfab1 -loc_fffd1c5a: ; not directly referenced -mov al, byte [ebp - 0xf4] -cmp byte [ebp - 0xcc], al -jae short loc_fffd1c76 ; jae 0xfffd1c76 -mov eax, dword [ebp - 0xc0] -or word [ebp + esi*2 - 0x9e], ax +loc_fffcfac5: ; not directly referenced +mov esi, dword [ebp + ebx*4 - 0x20] +mov eax, dword [ebp + ebx*4 - 0x28] +mov ecx, esi +mov dword [ebp - 0x60], eax +sub ecx, eax +cmp ecx, dword [ebp - 0x7c] +jl short loc_fffcfae3 ; jl 0xfffcfae3 +mov edx, dword [ebp - 0x5c] +sub edx, dword [ebp - 0x78] +cmp ecx, edx +jl short loc_fffcfafa ; jl 0xfffcfafa -loc_fffd1c76: ; not directly referenced -cmp byte [ebp - 0xd1], 0 -jg short loc_fffd1ca5 ; jg 0xfffd1ca5 -mov eax, dword [ebp - 0xc0] -not eax -and word [ebp + esi*2 - 0xa2], ax -jmp short loc_fffd1ca5 ; jmp 0xfffd1ca5 +loc_fffcfae3: ; not directly referenced +cmp byte [edi + 0x1965], 0 +je short loc_fffcfb09 ; je 0xfffcfb09 +cmp dword [edi + 0x188b], 1 +jne short loc_fffcfb09 ; jne 0xfffcfb09 +jmp near loc_fffcfc4a ; jmp 0xfffcfc4a -loc_fffd1c91: ; not directly referenced -mov dword [ebp - 0xb4], 1 +loc_fffcfafa: ; not directly referenced +mov eax, dword [ebp - 0x60] +mov ecx, 2 +add eax, esi +cdq +idiv ecx +jmp short loc_fffcfb0c ; jmp 0xfffcfb0c -loc_fffd1c9b: ; not directly referenced -mov eax, dword [ebp - 0xb4] -test eax, eax -jne short loc_fffd1c9b ; jne 0xfffd1c9b +loc_fffcfb09: ; not directly referenced +mov eax, dword [ebp - 0x70] -loc_fffd1ca5: ; not directly referenced -cmp byte [ebp - 0xeb], 1 -movzx eax, byte [ebp - 0xd3] -jne short loc_fffd1cd6 ; jne 0xfffd1cd6 -push edx -movzx ecx, byte [ebp - 0xd4] -mov edx, esi +loc_fffcfb0c: ; not directly referenced +imul edx, ebx, 0x13c3 +mov cl, byte [ebp - 0x6a] +and cl, byte [edi + edx + 0x381b] +cmp dword [ebp + 0x20], 0 +mov byte [ebp - 0x64], cl +jne short loc_fffcfb48 ; jne 0xfffcfb48 +mov dl, byte [ebp - 0x69] +cmp dl, 6 +je short loc_fffcfb48 ; je 0xfffcfb48 +sub esp, 4 +push 1 push eax -mov eax, edi -push dword [ebp - 0xc4] -push dword [ebp - 0xbc] -call fcn_fffaec68 ; call 0xfffaec68 -add esp, 0x10 - -loc_fffd1cd6: ; not directly referenced -cmp byte [ebp - 0xcc], al -jne short loc_fffd1cec ; jne 0xfffd1cec -mov ebx, dword [ebp - 0xc0] -or word [ebp + esi*2 - 0x9e], bx - -loc_fffd1cec: ; not directly referenced -cmp dword [ebp - 0xdc], 0 -jne short loc_fffd1d23 ; jne 0xfffd1d23 -lea ebx, [ebp - 0x18] -lea edx, [esi + esi*8] -lea ecx, [ebx + edx] -mov ebx, dword [ebp - 0xbc] -cmp al, byte [ebx + ecx - 0x7e] -jne short loc_fffd1d23 ; jne 0xfffd1d23 -mov eax, dword [ebp - 0xc0] -test word [ebp + esi*2 - 0xa2], ax -je short loc_fffd1d23 ; je 0xfffd1d23 -add edx, ebx -mov word [ebp + edx*4 - 0x5e], 0xfffe - -loc_fffd1d23: ; not directly referenced -cmp byte [ebp - 0xcc], 0 -jne short loc_fffd1d68 ; jne 0xfffd1d68 -mov eax, dword [ebp - 0xc0] -or word [ebp + esi*2 - 0xa2], ax -cmp dword [ebp - 0xdc], 0 -je short loc_fffd1d68 ; je 0xfffd1d68 -lea ebx, [ebp - 0x18] -or word [ebp + esi*2 - 0x9e], ax -lea eax, [esi + esi*8] -lea edx, [ebx + eax] -mov ebx, dword [ebp - 0xbc] -add eax, ebx -mov byte [ebx + edx - 0x7e], 0 -mov word [ebp + eax*4 - 0x5e], 0x707 - -loc_fffd1d68: ; not directly referenced -cmp dword [ebp - 0xd8], 0 -jne loc_fffd1e0d ; jne 0xfffd1e0d -mov cx, word [ebp + esi*2 - 0x9e] -mov dx, word [ebp + esi*2 - 0xa2] -mov eax, ecx -and eax, edx -test word [ebp - 0xc0], ax -jne short loc_fffd1e0d ; jne 0xfffd1e0d -cmp dword [ebp - 0xdc], 0 -movzx eax, byte [ebp - 0xd2] -jne short loc_fffd1dc1 ; jne 0xfffd1dc1 -test word [ebp - 0xc0], cx -jne short loc_fffd1db6 ; jne 0xfffd1db6 -lea ecx, [esi + esi*8] -lea ebx, [ebp - 0x18] -lea edx, [ebx + ecx] -jmp short loc_fffd1de0 ; jmp 0xfffd1de0 - -loc_fffd1db6: ; not directly referenced -lea ecx, [esi + esi*8] -lea ebx, [ebp - 0x18] -lea edx, [ebx + ecx] -jmp short loc_fffd1dd3 ; jmp 0xfffd1dd3 - -loc_fffd1dc1: ; not directly referenced -test word [ebp - 0xc0], dx -lea ecx, [esi + esi*8] -lea ebx, [ebp - 0x18] -lea edx, [ebx + ecx] -jne short loc_fffd1de0 ; jne 0xfffd1de0 - -loc_fffd1dd3: ; not directly referenced -add eax, edx -mov bl, byte [eax - 0x5a] -lea edx, [ebx - 1] -mov byte [eax - 0x5a], dl -jmp short loc_fffd1deb ; jmp 0xfffd1deb - -loc_fffd1de0: ; not directly referenced -add eax, edx -mov bl, byte [eax - 0x6c] -lea edx, [ebx + 1] -mov byte [eax - 0x6c], dl - -loc_fffd1deb: ; not directly referenced -mov eax, dword [ebp - 0xd0] -movzx edx, dl -add eax, ecx -mov ecx, dword [ebp - 0xc8] -add eax, dword [ebp - 0xbc] -add eax, eax -add eax, dword [ebp - 0xc4] -mov dword [ecx + eax*4], edx - -loc_fffd1e0d: ; not directly referenced -inc byte [ebp - 0xe8] -jmp near loc_fffd18ab ; jmp 0xfffd18ab - -loc_fffd1e18: ; not directly referenced -cmp dword [ebp - 0xd8], 1 -jne loc_fffd1edf ; jne 0xfffd1edf -mov ax, word [ebp + esi*2 - 0xa2] -mov bx, word [ebp - 0xea] -mov edx, eax -and dx, word [ebp + esi*2 - 0x9e] -cmp dx, bx -je loc_fffd1edf ; je 0xfffd1edf -lea edx, [esi + esi*8] -lea ecx, [ebp - 0x18] -add edx, ecx -cmp ax, bx -movzx eax, byte [ebp - 0xd2] -je short loc_fffd1e8f ; je 0xfffd1e8f -add eax, edx -mov ebx, dword [ebp - 0xf0] -mov cl, byte [eax - 0x5a] -dec ecx -mov byte [eax - 0x5a], cl -imul eax, esi, 0x48 -movzx ecx, cl -mov dword [ebx + eax], ecx +movzx eax, cl +push dword [ebp - 0x74] +push eax +movzx eax, dl +push eax +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffd1e73: ; not directly referenced -imul eax, esi, 0x48 -lea ebx, [esi + esi*8] -add ebx, dword [ebp - 0xd0] -mov dword [ebp - 0xbc], eax +loc_fffcfb48: ; not directly referenced +mov edx, dword [ebp - 0x60] +movzx ecx, byte [ebp - 0x64] +mov eax, edx +sar eax, 0x1f +xor edx, eax +sub edx, eax +imul eax, edx, 0xa +imul edx, ebx, 0x48 +mov dword [ebp - 0x64], ecx +mov dword [ebp - 0x60], eax +mov eax, esi +sar eax, 0x1f +add edx, edi +xor esi, eax +sub esi, eax xor eax, eax -mov dword [ebp - 0xc0], ebx -jmp short loc_fffd1ea9 ; jmp 0xfffd1ea9 +imul esi, esi, 0xa -loc_fffd1e8f: ; not directly referenced -add edx, eax -mov ecx, dword [ebp - 0xf0] -mov al, byte [edx - 0x6c] -inc eax -mov byte [edx - 0x6c], al -imul edx, esi, 0x48 -movzx eax, al -mov dword [ecx + edx], eax -jmp short loc_fffd1e73 ; jmp 0xfffd1e73 +loc_fffcfb74: ; not directly referenced +mov ecx, dword [ebp - 0x64] +bt ecx, eax +jae short loc_fffcfb8b ; jae 0xfffcfb8b +mov ecx, dword [ebp - 0x60] +mov dword [edx + 0x3215], esi +mov dword [edx + 0x3211], ecx -loc_fffd1ea9: ; not directly referenced -cmp al, byte [edi + 0x2488] -jae short loc_fffd1edf ; jae 0xfffd1edf -mov ebx, dword [ebp - 0xbc] -mov edx, dword [ebp - 0xf0] -mov edx, dword [edx + ebx] -mov ebx, dword [ebp - 0xc8] -mov ecx, edx -movzx edx, al -add edx, dword [ebp - 0xc0] +loc_fffcfb8b: ; not directly referenced inc eax -add edx, edx -add edx, dword [ebp - 0xc4] -mov dword [ebx + edx*4], ecx -jmp short loc_fffd1ea9 ; jmp 0xfffd1ea9 - -loc_fffd1edf: ; not directly referenced -inc esi -cmp esi, 2 -jne loc_fffd1885 ; jne 0xfffd1885 -mov si, word [ebp - 0xea] -mov eax, esi -and ax, word [ebp - 0xa2] -cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c -mov eax, esi -and ax, word [ebp - 0x9e] -cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c -mov eax, esi -and eax, dword [ebp - 0xa0] -cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c -mov eax, esi -and eax, dword [ebp - 0x9c] -cmp ax, si -jne loc_fffd179c ; jne 0xfffd179c -xor ebx, ebx - -loc_fffd1f38: ; not directly referenced -mov eax, dword [ebp - 0xe0] -bt eax, ebx -jae loc_fffd153c ; jae 0xfffd153c -mov byte [ebp - 0xbc], 0 - -loc_fffd1f4e: ; not directly referenced -mov al, byte [ebp - 0xbc] -cmp al, byte [edi + 0x2488] -jae loc_fffd153c ; jae 0xfffd153c -movzx esi, byte [ebp - 0xbc] -lea eax, [ebx + ebx*8] -sub esp, 0xc -mov dword [ebp - 0xc0], eax -add eax, esi -mov edx, dword [ebp + eax*4 - 0x60] -lea eax, [ebp - 0x18] -add eax, dword [ebp - 0xc0] -movzx eax, byte [esi + eax - 0x7e] -mov ecx, edx -push dword [ebp + 0x1c] -shr edx, 0x10 -shr ecx, 0x18 -movzx edx, dl -call fcn_fffaa348 ; call 0xfffaa348 -mov edx, dword [ebp - 0xc0] -add esp, 0x10 -add edx, dword [ebp - 0xd0] -mov ecx, dword [ebp - 0xc8] -inc byte [ebp - 0xbc] -add esi, edx -add esi, esi -add esi, dword [ebp - 0xc4] -mov dword [ecx + esi*4], eax -jmp short loc_fffd1f4e ; jmp 0xfffd1f4e - -loc_fffd1fc4: ; not directly referenced -cmp byte [ebp - 0xe4], 0xb -je short loc_fffd1ffb ; je 0xfffd1ffb +add edx, 0x90 +cmp eax, 4 +jne short loc_fffcfb74 ; jne 0xfffcfb74 +jmp near loc_fffcfab9 ; jmp 0xfffcfab9 -loc_fffd1fcd: ; not directly referenced -push 2 -movzx eax, byte [ebp - 0xe4] -xor ebx, ebx -push 0 -push 0 +loc_fffcfb9c: ; not directly referenced +cmp dword [ebp + 0x24], 0 +jne short loc_fffcfbb9 ; jne 0xfffcfbb9 push 0 push 0 push 0 push 0 -push 1 push 0 push 0 -push eax +push 2 push edi -call fcn_fffcc900 ; call 0xfffcc900 -add esp, 0x30 -mov esi, eax -jmp near loc_fffd20a3 ; jmp 0xfffd20a3 +call fcn_fffcce33 ; call 0xfffcce33 +add esp, 0x20 -loc_fffd1ffb: ; not directly referenced -movzx eax, byte [ebp - 0xec] +loc_fffcfbb9: ; not directly referenced +cmp byte [ebp - 0x88], 6 +je short loc_fffcfbd0 ; je 0xfffcfbd0 + +loc_fffcfbc2: ; not directly referenced +sub esp, 0xc +push edi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +jmp short loc_fffcfc4f ; jmp 0xfffcfc4f + +loc_fffcfbd0: ; not directly referenced xor ebx, ebx -mov dword [ebp - 0xc4], eax -loc_fffd200a: ; not directly referenced -mov eax, dword [ebp - 0xe0] +loc_fffcfbd2: ; not directly referenced +mov eax, dword [ebp - 0x68] bt eax, ebx -jb short loc_fffd201d ; jb 0xfffd201d +jb short loc_fffcfbe2 ; jb 0xfffcfbe2 -loc_fffd2015: ; not directly referenced +loc_fffcfbda: ; not directly referenced inc ebx cmp ebx, 2 -jne short loc_fffd200a ; jne 0xfffd200a -jmp short loc_fffd1fcd ; jmp 0xfffd1fcd - -loc_fffd201d: ; not directly referenced -mov eax, ebx -imul esi, ebx, 0x13c3 -shl eax, 0xa -add eax, 0x4028 -mov dword [ebp - 0xc0], eax -mov byte [ebp - 0xbc], 0 +je short loc_fffcfbc2 ; je 0xfffcfbc2 +jmp short loc_fffcfbd2 ; jmp 0xfffcfbd2 -loc_fffd203a: ; not directly referenced -mov al, byte [ebp - 0xbc] -cmp al, byte [edi + 0x2488] -jae short loc_fffd2015 ; jae 0xfffd2015 -push eax -movzx eax, byte [ebp - 0xbc] +loc_fffcfbe2: ; not directly referenced +imul eax, ebx, 0x13c3 +mov dl, byte [ebp - 0x6a] +and dl, byte [edi + eax + 0x381b] +xor eax, eax +cmp dword [ebp + 0x20], 0 +movzx esi, dl mov edx, ebx -mov ecx, dword [ebp - 0xc4] -push 0 -push 0xff +sete al +mov ecx, esi push eax mov eax, edi -call fcn_fffa7499 ; call 0xfffa7499 -mov edx, dword [ebp - 0xc0] -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -movzx edx, byte [edi + esi + 0x476f] -and edx, 0x3f -shl edx, 0x10 -and eax, 0xffc0ffff -or eax, edx -mov edx, dword [ebp - 0xc0] -mov ecx, eax -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +push 0 +push 0 +push 0 +call fcn_fffac68e ; call 0xfffac68e +imul eax, ebx, 0x48 add esp, 0x10 -inc byte [ebp - 0xbc] -jmp short loc_fffd203a ; jmp 0xfffd203a +xor edx, edx +add eax, edi -loc_fffd20a3: ; not directly referenced -cmp bl, byte [edi + 0x2488] -jae short loc_fffd20c1 ; jae 0xfffd20c1 -movzx eax, bl -xor ecx, ecx -lea edx, [eax*4 + 0x4cf0] -mov eax, edi -call fcn_fffaeb7c ; call 0xfffaeb7c -inc ebx -jmp short loc_fffd20a3 ; jmp 0xfffd20a3 +loc_fffcfc1a: ; not directly referenced +bt esi, edx +jae short loc_fffcfc3d ; jae 0xfffcfc3d +mov ecx, dword [eax + 0x3211] +mov dword [ebp - 0x5c], ecx +mov ecx, dword [eax + 0x3215] +mov dword [eax + 0x3211], ecx +mov ecx, dword [ebp - 0x5c] +mov dword [eax + 0x3215], ecx + +loc_fffcfc3d: ; not directly referenced +inc edx +add eax, 0x90 +cmp edx, 4 +jne short loc_fffcfc1a ; jne 0xfffcfc1a +jmp short loc_fffcfbda ; jmp 0xfffcfbda + +loc_fffcfc4a: ; not directly referenced +mov eax, 0xc -loc_fffd20c1: ; not directly referenced +loc_fffcfc4f: ; not directly referenced lea esp, [ebp - 0xc] -mov eax, esi pop ebx pop esi pop edi pop ebp ret -fcn_fffd20cb: ; not directly referenced +fcn_fffcfc57: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx -sub esp, 0x4c -mov ebx, dword [ebp + 8] -mov eax, dword [ebx + 0x2443] -lea ecx, [ebx + 0x5f98] -movzx esi, byte [ebx + 0x18ed] -mov dword [ebx + 0x3711], 0 -mov dword [ebp - 0x3c], eax -mov eax, dword [ebx + 0x188b] -mov dword [ebp - 0x40], eax -lea eax, [ebx + 0x3812] - -loc_fffd2106: ; not directly referenced -cmp dword [eax - 0xbc], 2 -mov dword [eax], 0 -jne short loc_fffd214a ; jne 0xfffd214a -cmp dword [eax + 0x10b7], 2 -jne short loc_fffd2126 ; jne 0xfffd2126 -mov edx, dword [eax + 0x1198] -mov dword [eax], edx - -loc_fffd2126: ; not directly referenced -cmp dword [eax + 0x11df], 2 -jne short loc_fffd2137 ; jne 0xfffd2137 -mov edx, dword [eax + 0x12c0] -add dword [eax], edx - -loc_fffd2137: ; not directly referenced -mov edx, dword [ebx + 0x2484] -cmp dword [eax], edx -cmovbe edx, dword [eax] -mov dword [eax], edx -add dword [ebx + 0x3711], edx - -loc_fffd214a: ; not directly referenced -add eax, 0x13c3 -cmp eax, ecx -jne short loc_fffd2106 ; jne 0xfffd2106 -mov edi, dword [ebx + 0x3711] -mov eax, dword [ebx + 0x18d9] -mov ecx, edi -sub ecx, dword [ebx + 0x18d5] -cmp byte [ebx + 0x2402], 0 -mov dword [ebx + 0x36ec], ecx -je short loc_fffd218c ; je 0xfffd218c -cmp edi, 0x1000 -ja short loc_fffd218c ; ja 0xfffd218c -shr edi, 1 -mov edx, 0x1000 -sub edx, edi -cmp eax, edx -cmovb eax, edx - -loc_fffd218c: ; not directly referenced -mov edx, 0x1000 -sub edx, eax -cmp edx, ecx -cmovbe ecx, edx -mov dword [ebx + 0x36f0], ecx -test esi, esi -je short loc_fffd21cc ; je 0xfffd21cc -mov eax, dword [ebx + 0x3812] -mov edx, dword [ebx + 0x4bd5] -cmp eax, edx -je short loc_fffd21cc ; je 0xfffd21cc -test eax, eax -je short loc_fffd21cc ; je 0xfffd21cc -test edx, edx -je short loc_fffd21cc ; je 0xfffd21cc -cmp edx, eax -cmova edx, eax -add edx, edx -cmp ecx, edx -cmovbe edx, ecx -mov dword [ebx + 0x36f0], edx - -loc_fffd21cc: ; not directly referenced -mov eax, dword [ebx + 0x36f0] -sub eax, dword [ebx + 0x246d] -mov edi, dword [ebx + 0x18c1] -mov dword [ebx + 0x36f4], eax -sub eax, dword [ebx + 0x2471] -mov dword [ebx + 0x36f8], eax -mov eax, dword [ebp - 0x3c] -push 0x50 +sub esp, 0x40 +mov edi, dword [ebp + 8] +mov dword [ebp - 0x2c], eax +mov dword [ebp - 0x44], ecx +mov byte [ebp - 0x3d], cl +mov esi, edi +mov ebx, esi +mov esi, eax +mov byte [ebp - 0x3e], bl +mov ebx, dword [eax + 0x2444] +lea eax, [ebp - 0x24] push 0 +push 2 +push eax +mov dword [ebp - 0x3c], edx +mov dword [ebp - 0x38], edi +mov edi, dword [ebp + 0xc] +mov byte [ebp - 0x1a], 0xf8 +mov byte [ebp - 0x19], 8 +call dword [ebx + 0x5c] ; ucall +add esp, 0xc push 0 +push 2 +lea eax, [ebp - 0x22] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0x10 +cmp byte [ebp - 0x3c], 0 +setne cl +cmp dword [esi + 0x2481], 3 +mov byte [ebp - 0x30], cl +sete al +test cl, al +je short loc_fffcfcf7 ; je 0xfffcfcf7 +mov al, byte [edi] +xor ecx, ecx +lea edx, [eax - 0x20] +cmp al, 0x21 +cmovb edx, ecx +cmp al, 0x5e +lea ebx, [eax + 0x20] +mov al, byte [edi + 1] +mov byte [ebp - 0x1e], dl +mov dl, 0x7f +cmova ebx, edx +mov byte [ebp - 0x1c], bl +cmp al, 0x21 +lea ebx, [eax - 0x20] +cmovae ecx, ebx +cmp al, 0x5e +mov byte [ebp - 0x1d], cl +lea ecx, [eax + 0x20] +cmovbe edx, ecx +mov byte [ebp - 0x1b], dl +jmp short loc_fffcfd14 ; jmp 0xfffcfd14 + +loc_fffcfcf7: ; not directly referenced +push eax push 0 -call dword [eax + 0x4c] ; ucall -add edi, eax -mov eax, dword [ebp - 0x3c] -mov dword [esp], edi -call dword [eax + 0x20] ; ucall +push 2 +lea eax, [ebp - 0x1e] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0x7f +push 2 +lea eax, [ebp - 0x1c] +push eax +call dword [ebx + 0x5c] ; ucall add esp, 0x10 -mov ecx, dword [ebx + 0x246d] -cmp dword [ebp - 0x40], 0 -jne short loc_fffd2275 ; jne 0xfffd2275 -xor edx, edx -cmp byte [ebx + 0x18b3], 1 + +loc_fffcfd14: ; not directly referenced +test edi, edi +mov eax, 1 sete dl -and ah, 0xbc -mov edi, edx -mov edx, 3 -shl edi, 0xe -cmp dword [ebx + 0x2471], 3 -cmovbe edx, dword [ebx + 0x2471] -or eax, edi -and edx, 3 -shl edx, 8 -or eax, edx -cmp ecx, 0x400 -jne short loc_fffd2257 ; jne 0xfffd2257 -and al, 7 -or al, 0x88 -jmp short loc_fffd22b9 ; jmp 0xfffd22b9 +test byte [ebp - 0x30], dl +jne loc_fffcff6b ; jne 0xfffcff6b +movzx esi, byte [ebp - 0x3d] +xor ebx, ebx +mov byte [ebp - 0x34], 0 -loc_fffd2257: ; not directly referenced -mov dl, 0x1f -cmp ecx, 0x3ff -ja short loc_fffd2269 ; ja 0xfffd2269 -shr ecx, 5 -mov dl, cl -and edx, 0x1f +loc_fffcfd31: ; not directly referenced +mov eax, dword [ebp - 0x2c] +mov ecx, esi +mov edx, ebx +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0x34], al +cmp byte [ebp - 0x30], 0 +je short loc_fffcfd4d ; je 0xfffcfd4d +mov al, byte [edi + ebx] +mov byte [ebp + ebx - 0x20], al -loc_fffd2269: ; not directly referenced -and edx, 0x1f -and al, 7 -shl edx, 3 -or eax, edx -jmp short loc_fffd22b9 ; jmp 0xfffd22b9 +loc_fffcfd4d: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffcfd31 ; jne 0xfffcfd31 +cmp byte [ebp - 0x3c], 0 +jne loc_fffcfe70 ; jne 0xfffcfe70 +mov eax, dword [ebp - 0x2c] +cmp dword [eax + 0x188b], 0 +je short loc_fffcfd73 ; je 0xfffcfd73 +mov al, byte [ebp - 0x44] +and eax, 5 +cmp al, 5 +je short loc_fffcfda3 ; je 0xfffcfda3 -loc_fffd2275: ; not directly referenced +loc_fffcfd73: ; not directly referenced +push 0 +movzx ecx, byte [ebp - 0x34] xor edx, edx -mov edi, dword [ebx + 0x2471] -cmp byte [ebx + 0x18b3], 1 -sete dl -and eax, 0xfffffffb -shl edx, 2 -or eax, edx -mov dl, 3 -cmp edi, 7 -ja short loc_fffd229d ; ja 0xfffd229d -shr edi, 1 -mov edx, edi -and edx, 3 +push 0 +lea eax, [ebp - 0x1a] +push eax +movzx eax, byte [ebp - 0x1c] +push 1 +push eax +movsx eax, byte [ebp - 0x1e] +push eax +movzx eax, byte [ebp - 0x38] +push eax +mov eax, dword [ebp - 0x2c] +push esi +call fcn_fffcf65b ; call 0xfffcf65b +add esp, 0x20 +jmp near loc_fffcff6b ; jmp 0xfffcff6b -loc_fffd229d: ; not directly referenced -and edx, 3 -and al, 0x3f -shl edx, 6 -mov edi, ecx -or eax, edx -mov dl, 0xff -shr edi, 5 -cmp ecx, 0x1fff -cmovbe edx, edi -mov ah, dl +loc_fffcfda3: ; not directly referenced +movzx edi, byte [ebp - 0x3e] +xor eax, eax +mov dword [ebp - 0x30], 0 +mov dword [ebp - 0x38], edi -loc_fffd22b9: ; not directly referenced -mov ecx, dword [ebx + 0x36f8] -mov dword [ebx + 0x36fc], eax -mov eax, dword [ebx + 0x18dd] -mov edx, dword [ebx + 0x18e5] -mov dword [ebp - 0x40], ecx -sub dword [ebp - 0x40], eax -neg eax -and eax, dword [ebp - 0x40] -mov dword [ebx + 0x372d], edx -mov dword [ebx + 0x3700], eax -test esi, esi -jne short loc_fffd2312 ; jne 0xfffd2312 +loc_fffcfdb3: ; not directly referenced +mov cl, byte [ebp - 0x30] +mov ebx, 3 +xor esi, esi +mov edi, dword [ebp - 0x2c] +shl ebx, cl +mov byte [ebp - 0x34], bl +add edi, 0x3757 -loc_fffd22ec: ; not directly referenced -mov eax, dword [ebp - 0x40] -sub eax, dword [ebx + 0x3700] -je loc_fffd23fb ; je 0xfffd23fb -sub dword [ebx + 0x36f8], eax -sub dword [ebx + 0x36f4], eax -sub dword [ebx + 0x36f0], eax -jmp near loc_fffd23fb ; jmp 0xfffd23fb - -loc_fffd2312: ; not directly referenced -or edx, 0xffffffff -sub edx, dword [ebx + 0x18e9] -mov dword [ebp - 0x4c], 0 -lea esi, [ebp - 0x2a] -mov dword [ebp - 0x48], 0 -add eax, edx -shl eax, 0x14 -mov dword [ebp - 0x50], eax +loc_fffcfdcb: ; not directly referenced +cmp dword [edi], 2 +jne short loc_fffcfe05 ; jne 0xfffcfe05 +cmp byte [ebp - 0x34], 3 +mov ecx, 0x40 +mov dword [ebp - 0x3c], eax +mov edx, 0xffffffc0 +push eax +push 1 +cmove edx, ecx +push edx +push 1 +mov dl, byte [edi + 0xc4] +and edx, 0xc +push edx +push 0 +push esi +push dword [ebp - 0x2c] +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x3c] +add esp, 0x20 -loc_fffd2334: ; not directly referenced -mov ecx, dword [ebp - 0x48] -imul eax, ecx, 0x13c3 -mov byte [ebp - 0x44], cl -cmp dword [ebx + eax + 0x3756], 2 -jne loc_fffd23e6 ; jne 0xfffd23e6 +loc_fffcfe05: ; not directly referenced +inc esi +add edi, 0x13c3 +cmp esi, 2 +jne short loc_fffcfdcb ; jne 0xfffcfdcb +test byte [ebp - 0x3d], bl +je short loc_fffcfe5d ; je 0xfffcfe5d +mov edi, dword [ebp - 0x2c] +mov ecx, ebx +xor edx, edx +mov eax, edi +call fcn_fffad317 ; call 0xfffad317 +mov ecx, ebx +mov edx, 1 +mov esi, eax +mov eax, edi +call fcn_fffad317 ; call 0xfffad317 +xor edx, edx +push 0 +push 0 +or eax, esi +movzx ecx, al +lea eax, [ebp - 0x1a] +push eax +movzx eax, byte [ebp - 0x1c] +push 1 +push eax +movsx eax, byte [ebp - 0x1e] +push eax +mov eax, edi +push dword [ebp - 0x38] +push ebx +call fcn_fffcf65b ; call 0xfffcf65b +add esp, 0x20 + +loc_fffcfe5d: ; not directly referenced +add dword [ebp - 0x30], 2 +cmp dword [ebp - 0x30], 4 +je loc_fffcff6b ; je 0xfffcff6b +jmp near loc_fffcfdb3 ; jmp 0xfffcfdb3 -loc_fffd234e: ; not directly referenced +loc_fffcfe70: ; not directly referenced +movzx eax, byte [ebp - 0x38] +push ebx +push ebx +lea ebx, [ebp - 0x1a] +mov edx, eax +mov dword [ebp - 0x30], eax +movzx eax, byte [ebp - 0x34] +push ebx +push 0 +lea ebx, [ebp - 0x20] +mov ecx, eax +mov dword [ebp - 0x38], eax +movzx eax, byte [ebp - 0x3c] +push ebx +mov dword [ebp - 0x3c], eax +lea eax, [ebp - 0x1e] push eax +mov eax, dword [ebp - 0x2c] +push edx +mov edx, dword [ebp - 0x3c] push esi -push dword [ebp - 0x4c] -push dword [ebp - 0x50] -call fcn_fffc6ea0 ; call 0xfffc6ea0 -mov al, byte [ebp - 0x44] -add dword [ebp - 0x50], 0x40 -adc dword [ebp - 0x4c], 0 -add esp, 0x10 -cmp byte [esi + 1], al -jne short loc_fffd234e ; jne 0xfffd234e -mov ax, word [esi + 7] -movzx ecx, byte [esi + 5] -mov edx, eax -movzx edi, ah -movzx eax, byte [esi + 3] -shl edx, 0x18 -shl ecx, 3 -or ecx, edx -movzx edx, byte [esi + 4] -and eax, 7 -shl eax, 0x18 -and edx, 0xf -shl edx, 0x10 -or edi, edx -or edi, eax -cmp byte [ebp - 0x44], 1 -lea edx, [ebp - 0x30] +call fcn_fffcf1b3 ; call 0xfffcf1b3 +mov al, byte [ebp - 0x20] +add esp, 0x18 +lea edx, [ebp - 0x1a] +mov ecx, dword [ebp - 0x38] +mov byte [ebp - 0x24], al +mov al, byte [ebp - 0x1f] +mov byte [ebp - 0x23], al +mov al, byte [edi] +mov byte [ebp - 0x20], al +mov al, byte [edi + 1] push edx -sbb eax, eax -not eax -and eax, 0x200 -push ecx -or eax, 0x1e -push eax -mov eax, dword [ebp - 0x3c] +mov edx, dword [ebp - 0x3c] push 1 -call dword [eax + 0x84] ; ucall -add esp, 0x10 -cmp byte [ebp - 0x44], 1 -lea ecx, [ebp - 0x30] -push ecx -sbb eax, eax -and eax, 0xfffffe00 -add eax, 0x300 -push edi -or eax, 0x1e +mov byte [ebp - 0x1f], al +lea eax, [ebp - 0x1c] push eax -mov eax, dword [ebp - 0x3c] -push 1 -call dword [eax + 0x84] ; ucall -add esp, 0x10 +mov eax, dword [ebp - 0x2c] +push ebx +push dword [ebp - 0x30] +push esi +xor esi, esi +call fcn_fffcf1b3 ; call 0xfffcf1b3 +mov al, byte [ebp - 0x20] +add esp, 0x20 +mov dword [ebp - 0x34], 0 +mov byte [ebp - 0x22], al +mov al, byte [ebp - 0x1f] +mov byte [ebp - 0x21], al -loc_fffd23e6: ; not directly referenced -inc dword [ebp - 0x48] -add esi, 9 -cmp dword [ebp - 0x48], 2 -jne loc_fffd2334 ; jne 0xfffd2334 -jmp near loc_fffd22ec ; jmp 0xfffd22ec +loc_fffcfef5: ; not directly referenced +mov eax, dword [ebp - 0x38] +bt eax, esi +jae short loc_fffcff62 ; jae 0xfffcff62 +mov ebx, dword [ebp - 0x2c] +imul eax, esi, 0x13c3 +mov cl, byte [ebp - 0x3d] +movzx edx, byte [ebp + esi - 0x22] +and cl, byte [ebx + eax + 0x381b] +mov bl, dl +mov byte [ebp - 0x44], cl +movzx ecx, byte [ebp + esi - 0x24] +sub ebx, ecx +cmp dl, 0x7f +jne short loc_fffcff2f ; jne 0xfffcff2f +test cl, cl +jne short loc_fffcff2f ; jne 0xfffcff2f +mov al, byte [edi + esi] +jmp short loc_fffcff44 ; jmp 0xfffcff44 -loc_fffd23fb: ; not directly referenced -cmp byte [ebx + 0x18b6], 0 -mov eax, dword [ebx + 0x36ec] -je short loc_fffd2446 ; je 0xfffd2446 -mov ecx, dword [ebx + 0x36f0] -cmp eax, ecx -jbe short loc_fffd2446 ; jbe 0xfffd2446 -mov edx, 0x1000 -cmp eax, 0x1000 -mov esi, edx -cmovbe edx, eax -cmovae esi, eax -add edx, esi -sub edx, ecx -mov dword [ebx + 0x370d], edx -dec edx -mov byte [ebx + 0x3704], 1 -mov dword [ebx + 0x3705], esi -mov dword [ebx + 0x3709], edx -jmp short loc_fffd2453 ; jmp 0xfffd2453 - -loc_fffd2446: ; not directly referenced -mov byte [ebx + 0x3704], 0 -mov dword [ebx + 0x370d], eax - -loc_fffd2453: ; not directly referenced -cmp byte [ebx + 0x3745], 0 -je short loc_fffd24bf ; je 0xfffd24bf -cmp byte [ebx + 0x2402], 0 -je short loc_fffd247b ; je 0xfffd247b -cmp dword [ebx + 0x3711], 0x1000 -mov edx, eax -ja short loc_fffd2487 ; ja 0xfffd2487 -mov edx, dword [ebx + 0x370d] -jmp short loc_fffd2487 ; jmp 0xfffd2487 +loc_fffcff2f: ; not directly referenced +lea eax, [ecx + edx + 1] +mov edx, 0xc +shr eax, 1 +cmp bl, 0x11 +cmova edx, dword [ebp - 0x34] +mov dword [ebp - 0x34], edx -loc_fffd247b: ; not directly referenced -mov edx, dword [ebx + 0x3700] -sub edx, dword [ebx + 0x18e5] +loc_fffcff44: ; not directly referenced +push edx +movzx eax, al +push 1 +push eax +movzx eax, byte [ebp - 0x44] +push dword [ebp - 0x30] +push eax +push dword [ebp - 0x3c] +push esi +push dword [ebp - 0x2c] +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 -loc_fffd2487: ; not directly referenced -movzx ecx, byte [ebx + 0x3747] -shl ecx, 3 -mov dword [ebx + 0x3721], ecx -not ecx -add edx, ecx -movzx ecx, byte [ebx + 0x3746] -and edx, 0xffffffc0 -mov dword [ebx + 0x371d], edx -shl ecx, 3 -sub edx, ecx -sub edx, 0x40 -mov dword [ebx + 0x3729], ecx -mov dword [ebx + 0x3725], edx +loc_fffcff62: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffcfef5 ; jne 0xfffcfef5 +mov eax, dword [ebp - 0x34] -loc_fffd24bf: ; not directly referenced -mov dword [ebx + 0x3715], eax -mov eax, dword [ebx + 0x18d5] -mov edx, dword [ebx + 0x3711] -mov esi, dword [ebx + 0x2443] -mov dword [ebx + 0x3719], eax -mov eax, dword [ebx + 0x18cd] -mov dword [ebp - 0x40], eax -mov eax, dword [ebx + 0x18c1] -push 0xa0 -push 0 +loc_fffcff6b: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffcff73: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, edx +push esi +mov esi, eax +push ebx +xor ebx, ebx +sub esp, 0x1c +mov byte [ebp - 0x19], cl +movzx ecx, byte [ebp + 8] + +loc_fffcff89: ; not directly referenced +bt edi, ebx +jae short loc_fffcffbc ; jae 0xfffcffbc +imul eax, ebx, 0x13c3 +mov dl, byte [ebp - 0x19] +and dl, byte [esi + eax + 0x381b] +movzx eax, dl +je short loc_fffcffbc ; je 0xfffcffbc +push edx push 0 -mov edi, eax -mov dword [ebp - 0x3c], eax -mov eax, edx -shr edx, 0xc -and edx, 0x7f -shl eax, 0x14 +push ecx +push 3 +push eax push 0 -mov dword [ebp - 0x48], edx -mov dword [ebp - 0x44], eax -call dword [esi + 0x4c] ; ucall -pop ecx -mov dword [ebp - 0x3c], edi -lea edi, [eax + edi] -pop eax -push dword [ebp - 0x44] +push ebx +push esi +mov dword [ebp - 0x20], ecx +call fcn_fffabc7a ; call 0xfffabc7a +mov ecx, dword [ebp - 0x20] +add esp, 0x20 + +loc_fffcffbc: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffcff89 ; jne 0xfffcff89 +mov dword [ebp + 8], esi +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +jmp near fcn_fffc9f5d ; jmp 0xfffc9f5d + +fcn_fffcffd1: ; not directly referenced +push ebp +mov ebp, esp push edi -call dword [esi + 0x30] ; ucall -lea ecx, [edi + 4] -pop eax -pop edx -mov edx, dword [ebp - 0x48] -push edx +push esi +push ebx +mov ebx, eax +sub esp, 0x3c +mov edi, dword [ebp + 0xc] +mov eax, dword [ebp + 8] +mov dword [ebp - 0x2c], ecx +mov esi, dword [ebx + 0x2444] +mov dword [ebp - 0x30], edx +mov edx, dword [ebp + 0x18] +mov ecx, edi +inc cl +mov dword [ebp - 0x3c], eax +mov eax, dword [ebp + 0x14] +je short loc_fffd000e ; je 0xfffd000e +movsx cx, dl +movzx edx, dl +mov word [ebp - 0x34], cx +neg word [ebp - 0x34] +jmp short loc_fffd0019 ; jmp 0xfffd0019 + +loc_fffd000e: ; not directly referenced +mov edx, 0x20 +mov word [ebp - 0x34], 0xffe0 + +loc_fffd0019: ; not directly referenced push ecx -call dword [esi + 0x30] ; ucall -movzx edi, word [ebx + 0x36f0] -push 0xbc -push 0 +movzx eax, al push 0 +inc eax +lea ecx, [ebp - 0x1c] +push 2 +push ecx +mov dword [ebp - 0x44], edx +mov dword [ebp - 0x40], ecx +mov word [ebp - 0x36], ax +call dword [esi + 0x5c] ; ucall +add esp, 0xc push 0 -call dword [esi + 0x4c] ; ucall -shl edi, 0x14 -add esp, 0x18 -push edi -mov edi, dword [ebp - 0x3c] -add eax, edi +push 2 +lea eax, [ebp - 0x1a] push eax -call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x370d] -push 0xa8 -push 0 -push 0 -mov eax, edx -shr edx, 0xc -and edx, 0x7f -shl eax, 0x14 -mov dword [ebp - 0x48], edx -push 0 -mov dword [ebp - 0x44], eax -call dword [esi + 0x4c] ; ucall -add esp, 0x18 -push dword [ebp - 0x44] -lea edi, [eax + edi] +call dword [esi + 0x5c] ; ucall +movzx ecx, byte [ebp - 0x2c] +add esp, 0xc +movzx edx, byte [ebp - 0x30] +mov eax, edi +push dword [ebp + 0x1c] +movzx edi, al +movzx eax, word [ebp - 0x36] +mov dword [ebp - 0x2c], ecx +mov ecx, dword [ebp - 0x40] +mov dword [ebp - 0x30], edx +mov edx, dword [ebp - 0x44] +movzx esi, byte [ebp - 0x3c] +push ecx +mov ecx, dword [ebp - 0x2c] +push eax +movsx edx, dx +push edx +mov edx, dword [ebp - 0x30] +mov eax, ebx +push dword [ebp + 0x10] push edi -call dword [esi + 0x30] ; ucall -mov edx, dword [ebp - 0x48] -pop ecx -pop eax -lea ecx, [edi + 4] +push esi +call fcn_fffcf513 ; call 0xfffcf513 +add esp, 0x20 +cmp dword [ebp + 0x1c], 0 +je short loc_fffd00c5 ; je 0xfffd00c5 +xor eax, eax + +loc_fffd008b: ; not directly referenced +mov ecx, dword [ebp - 0x2c] +bt ecx, eax +jae short loc_fffd00b3 ; jae 0xfffd00b3 +mov ecx, dword [ebp + 0x10] push edx -push ecx -call dword [esi + 0x30] ; ucall -add esp, 0x10 -cmp byte [ebx + 0x3704], 0 -je loc_fffd2626 ; je 0xfffd2626 -mov edx, dword [ebx + 0x3705] -push 0x90 -push 0 -push 0 -mov eax, edx -shr edx, 0xc -and edx, 0x7f -shl eax, 0x14 push 0 -mov dword [ebp - 0x48], edx -mov dword [ebp - 0x44], eax -call dword [esi + 0x4c] ; ucall -mov ecx, dword [ebp - 0x3c] -lea edi, [eax + ecx] -pop eax -pop edx -push dword [ebp - 0x44] -push edi -call dword [esi + 0x30] ; ucall -mov edx, dword [ebp - 0x48] -pop ecx -pop eax -lea ecx, [edi + 4] +movzx edx, byte [ecx + eax] +mov dword [ebp - 0x3c], eax push edx +push edi +push esi +push dword [ebp - 0x30] +push eax +push ebx +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x3c] +add esp, 0x20 + +loc_fffd00b3: ; not directly referenced +inc eax +cmp eax, 2 +jne short loc_fffd008b ; jne 0xfffd008b +sub esp, 0xc +push ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 + +loc_fffd00c5: ; not directly referenced push ecx -call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x3709] -push 0x98 +mov edx, dword [ebp - 0x30] +push dword [ebp + 0x1c] +lea eax, [ebp - 0x1a] +mov ecx, dword [ebp - 0x2c] +push eax +mov ax, word [ebp - 0x36] +neg eax +cwde +push eax +movsx eax, word [ebp - 0x34] +push eax +mov eax, ebx +push dword [ebp + 0x10] +push edi +push esi +call fcn_fffcf513 ; call 0xfffcf513 +add esp, 0x20 +cmp dword [ebp + 0x1c], 0 +je short loc_fffd0131 ; je 0xfffd0131 +xor eax, eax + +loc_fffd00f7: ; not directly referenced +mov ecx, dword [ebp - 0x2c] +bt ecx, eax +jae short loc_fffd011f ; jae 0xfffd011f +push edx +mov edx, dword [ebp + 0x10] push 0 +mov dword [ebp - 0x34], eax +movzx edx, byte [edx + eax] +push edx +push edi +push esi +push dword [ebp - 0x30] +push eax +push ebx +call fcn_fffabc7a ; call 0xfffabc7a +mov eax, dword [ebp - 0x34] +add esp, 0x20 + +loc_fffd011f: ; not directly referenced +inc eax +cmp eax, 2 +jne short loc_fffd00f7 ; jne 0xfffd00f7 +sub esp, 0xc +push ebx +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 + +loc_fffd0131: ; not directly referenced +xor eax, eax + +loc_fffd0133: ; not directly referenced +mov edi, dword [ebp - 0x2c] +bt edi, eax +jb short loc_fffd014c ; jb 0xfffd014c + +loc_fffd013b: ; not directly referenced +inc eax +add ebx, 0x48 +cmp eax, 2 +jne short loc_fffd0133 ; jne 0xfffd0133 +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +loc_fffd014c: ; not directly referenced +mov ecx, ebx +xor edx, edx + +loc_fffd0150: ; not directly referenced +bt esi, edx +jae short loc_fffd0171 ; jae 0xfffd0171 +movzx edi, byte [ebp + eax - 0x1a] +imul edi, edi, 0xa +mov dword [ecx + 0x3211], edi +movzx edi, byte [ebp + eax - 0x1c] +imul edi, edi, 0xa +mov dword [ecx + 0x3215], edi + +loc_fffd0171: ; not directly referenced +inc edx +add ecx, 0x90 +cmp edx, 4 +jne short loc_fffd0150 ; jne 0xfffd0150 +jmp short loc_fffd013b ; jmp 0xfffd013b + +fcn_fffd017f: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0xfc +mov esi, dword [ebp + 8] +mov dword [ebp - 0xd4], 0 +mov eax, dword [esi + 0x2444] +mov dword [ebp - 0xd8], eax +mov eax, dword [esi + 0x5edd] +mov dword [ebp - 0xdc], eax +lea eax, [esi + 0x2491] +mov dword [ebp - 0xe0], eax +mov eax, dword [esi + 0x188b] +mov dword [ebp - 0xe4], eax +mov al, byte [esi + 0x2441] +mov byte [ebp - 0xf9], al +test byte [esi + 0x2405], 0x20 +je short loc_fffd01ef ; je 0xfffd01ef +xor eax, eax +cmp dword [ebp - 0xe4], 1 +sete al +mov dword [ebp - 0xd4], eax + +loc_fffd01ef: ; not directly referenced +cmp dword [esi + 0x2481], 3 +mov edi, dword [ebp - 0xd8] +push ebx +sete al push 0 -mov eax, edx -shr edx, 0xc -and edx, 0x7f -shl eax, 0x14 -mov dword [ebp - 0x48], edx +push 0x10 +lea ebx, [ebp - 0xa8] +mov byte [ebp - 0xfa], al +movzx eax, al +mov dword [ebp - 0xd0], eax +mov eax, edi +push ebx +call dword [eax + 0x5c] ; ucall +add esp, 0xc push 0 -mov dword [ebp - 0x44], eax -call dword [esi + 0x4c] ; ucall -mov ecx, dword [ebp - 0x3c] -add esp, 0x18 -push dword [ebp - 0x44] -lea edi, [eax + ecx] -push edi -call dword [esi + 0x30] ; ucall -lea ecx, [edi + 4] -pop eax -pop edx -mov edx, dword [ebp - 0x48] +push 2 +lea eax, [ebp - 0xb0] +push eax +mov eax, edi +call dword [eax + 0x5c] ; ucall +add esp, 0xc +mov eax, edi +push 0xff +lea edx, [ebp - 0x98] +push 0x80 push edx -push ecx -call dword [esi + 0x30] ; ucall +mov dword [ebp - 0xbc], edx +call dword [eax + 0x5c] ; ucall add esp, 0x10 +mov edx, dword [ebp - 0xbc] +cmp dword [ebp - 0xd0], 1 +mov byte [ebp - 0xad], 0 +mov byte [ebp - 0xae], 0 +sbb eax, eax +and eax, 7 +add eax, 0xa +cmp dword [ebp - 0xd4], 1 +movzx eax, al +mov byte [esi + 0x2443], 0 +mov dword [ebp - 0xf8], edx +sbb edi, edi +mov dword [ebp - 0xcc], edi +mov edi, esi +and dword [ebp - 0xcc], 0xfffffff8 +add dword [ebp - 0xcc], 0xd +mov dword [ebp - 0xec], edx +mov dword [ebp - 0xc8], 0 +mov dword [ebp - 0xc0], 0 +mov dword [ebp - 0xf4], ebx +mov dword [ebp - 0x100], eax -loc_fffd2626: ; not directly referenced -push 0xb8 -push 0 +loc_fffd02cc: ; not directly referenced +mov eax, dword [ebp - 0xdc] +xor ebx, ebx +mov cl, byte [ebp - 0xc8] +mov dword [ebp - 0xc4], 1 +shl dword [ebp - 0xc4], cl +add eax, 0x70 +mov dword [ebp - 0xf0], eax +mov byte [ebp - 0xe8], 0 + +loc_fffd02fa: ; not directly referenced +mov ecx, dword [ebp - 0xc4] +mov edx, ebx +mov eax, esi +call fcn_fffad317 ; call 0xfffad317 +or byte [ebp - 0xe8], al +movzx eax, byte [ebp - 0xe8] +bt eax, ebx +mov dword [ebp - 0xbc], eax +jae short loc_fffd033e ; jae 0xfffd033e +push ecx push 0 +movzx eax, byte [esi + 0x2489] +push eax +mov eax, dword [ebp - 0xd8] +push dword [ebp - 0xf0] +call dword [eax + 0x64] ; ucall +add esp, 0x10 + +loc_fffd033e: ; not directly referenced +inc ebx +add dword [ebp - 0xf0], 0xcc +cmp ebx, 2 +jne short loc_fffd02fa ; jne 0xfffd02fa +cmp byte [ebp - 0xe8], 0 +je loc_fffd065c ; je 0xfffd065c +mov edx, dword [ebp - 0xbc] +sub esp, 0xc +mov ecx, 0x11 push 0 -call dword [esi + 0x4c] ; ucall -movzx edx, word [ebx + 0x3700] -pop edi -pop ecx -add eax, dword [ebp - 0x3c] -shl edx, 0x14 +mov eax, esi +mov bl, 1 +call fcn_fffae9e2 ; call 0xfffae9e2 +add esp, 0x10 + +loc_fffd0377: ; not directly referenced +cmp ebx, 3 +je short loc_fffd03d7 ; je 0xfffd03d7 +cmp ebx, 1 +jne short loc_fffd038a ; jne 0xfffd038a +mov byte [esi + 0x248c], 9 +jmp short loc_fffd0396 ; jmp 0xfffd0396 + +loc_fffd038a: ; not directly referenced +cmp ebx, 4 +jne short loc_fffd0396 ; jne 0xfffd0396 +mov byte [esi + 0x248c], 0 + +loc_fffd0396: ; not directly referenced +lea eax, [ebx - 4] +mov ecx, dword [ebp - 0xbc] +push edx +cmp eax, 2 push edx +sbb eax, eax +mov edx, dword [ebp - 0xe0] +push 0 +and eax, 0x17 +push dword [ebp - 0xf4] +add eax, 0x1f +movzx eax, al push eax -call dword [esi + 0x30] ; ucall +mov eax, esi +push 1 +push ebx +push dword [ebp - 0xc8] +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x20 +mov dword [ebp - 0xc0], eax + +loc_fffd03d7: ; not directly referenced +inc ebx +cmp ebx, 6 +jne short loc_fffd0377 ; jne 0xfffd0377 +cmp dword [ebp - 0xd4], 0 +je loc_fffd065c ; je 0xfffd065c +push eax +mov ecx, dword [ebp - 0x100] +push eax +mov edx, dword [ebp - 0xbc] +mov eax, esi +push dword [ebp - 0xc4] +push 0 +call fcn_fffaea71 ; call 0xfffaea71 add esp, 0x10 -cmp dword [ebx + 0x372d], 0 -je short loc_fffd2689 ; je 0xfffd2689 -push 0x5c +cmp dword [ebp - 0xd0], 0 +je short loc_fffd043f ; je 0xfffd043f +push eax +mov ecx, dword [ebp - 0xbc] +xor edx, edx push 0 push 0 +push 0x20 push 0 -call dword [esi + 0x4c] ; ucall -mov ecx, dword [ebp - 0x3c] -lea edi, [eax + ecx] -mov dword [esp], edi -call dword [esi + 0x20] ; ucall -movzx edx, byte [ebx + 0x372d] -shl edx, 4 -and eax, 0xfffff00f -or eax, edx -pop edx -or eax, 4 -pop ecx +lea eax, [ebp - 0xae] push eax -push edi -call dword [esi + 0x30] ; ucall -add esp, 0x10 +mov eax, esi +push 0xff +push dword [ebp - 0xc4] +call fcn_fffcffd1 ; call 0xfffcffd1 +jmp short loc_fffd048f ; jmp 0xfffd048f -loc_fffd2689: ; not directly referenced -push 0xb0 +loc_fffd043f: ; not directly referenced +push 1 +mov ecx, dword [ebp - 0xbc] +xor edx, edx +push 1 +lea eax, [ebp - 0xb0] +push eax +mov eax, esi +push 1 +push 0x40 +push 0xffffffffffffffc0 +push 3 +push 0xff +call fcn_fffcf65b ; call 0xfffcf65b +mov ebx, dword [ebp - 0xec] +mov eax, dword [edi + 0x3211] +mov dword [ebx], eax +mov eax, dword [edi + 0x3215] +mov dword [ebx + 4], eax +mov eax, dword [edi + 0x3259] +mov dword [ebx + 0x10], eax +mov eax, dword [edi + 0x325d] +mov dword [ebx + 0x14], eax + +loc_fffd048f: ; not directly referenced +add esp, 0x20 +cmp byte [ebp - 0xf9], 0 +je short loc_fffd0512 ; je 0xfffd0512 + +loc_fffd049b: ; not directly referenced +push ecx push 0 push 0 +push 3 +push 0xff push 0 -call dword [esi + 0x4c] ; ucall -movzx edx, word [ebx + 0x36f4] -pop ecx -pop edi -mov edi, dword [ebp - 0x3c] -shl edx, 0x14 -push edx -add eax, edi -push eax -call dword [esi + 0x30] ; ucall -push 0xb4 push 0 +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c push 0 push 0 -call dword [esi + 0x4c] ; ucall -movzx edx, word [ebx + 0x36f8] -add esp, 0x18 -shl edx, 0x14 -push edx -add eax, edi -push eax -call dword [esi + 0x30] ; ucall -mov eax, dword [ebx + 0x3719] -add esp, 0x10 -test eax, eax -je loc_fffd2764 ; je 0xfffd2764 -mov edi, 0x80000 -sub edi, eax -push 0x78 -mov edx, edi +push 3 +push 0xff push 0 -shl edx, 0x14 +push 1 +push esi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x14 +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d +mov ecx, dword [ebp - 0xbc] +pop ebx +pop eax +mov eax, esi +mov edx, dword [ebp - 0xe0] push 0 -or dh, 8 +push dword [ebp - 0xf4] +push 0x36 push 0 -shr edi, 0xc -mov dword [ebp - 0x44], edx -and edi, 0x7f -call dword [esi + 0x4c] ; ucall -mov ecx, dword [ebp - 0x3c] -add ecx, eax -pop eax -pop edx -mov edx, dword [ebp - 0x44] -mov dword [ebp - 0x44], ecx +push 0xd +push dword [ebp - 0xc8] +call fcn_fffc66ae ; call 0xfffc66ae +add esp, 0x14 +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +mov dword [ebp - 0xc0], eax +jmp near loc_fffd065c ; jmp 0xfffd065c + +loc_fffd0512: ; not directly referenced +xor ebx, ebx + +loc_fffd0514: ; not directly referenced +imul eax, ebx, 0x13c3 +cmp dword [esi + eax + 0x3757], 2 +jne short loc_fffd0568 ; jne 0xfffd0568 push edx -push ecx -call dword [esi + 0x30] ; ucall -pop ecx -mov ecx, dword [ebp - 0x44] -pop eax -add ecx, 4 -push edi -push ecx -call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x3715] -push 0x70 push 0 push 0 -mov eax, edx -shr edx, 0xc -and edx, 0x7f -shl eax, 0x14 -mov dword [ebp - 0x48], edx +push 3 +push 0xff push 0 -mov dword [ebp - 0x44], eax -call dword [esi + 0x4c] ; ucall -mov ecx, dword [ebp - 0x3c] -add esp, 0x18 -push dword [ebp - 0x44] -lea edi, [eax + ecx] -push edi -call dword [esi + 0x30] ; ucall -lea ecx, [edi + 4] -pop eax -pop edx -mov edx, dword [ebp - 0x48] -push edx -push ecx -call dword [esi + 0x30] ; ucall +push ebx +push esi +call fcn_fffabc7a ; call 0xfffabc7a +mov ecx, dword [ebp - 0xdc] +imul eax, ebx, 0xcc +add esp, 0x20 +mov edx, ebx +push 0 +push 1 +movzx eax, byte [ecx + eax + 0xe2] +mov ecx, 0xff +push eax +mov eax, esi +push 1 +call fcn_fffac68e ; call 0xfffac68e add esp, 0x10 -loc_fffd2764: ; not directly referenced -push 0x50 -push 0 +loc_fffd0568: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffd0514 ; jne 0xfffd0514 +sub esp, 0xc +push esi +call fcn_fffc9f5d ; call 0xfffc9f5d +add esp, 0x10 +cmp dword [ebp - 0xd0], 0 +je short loc_fffd05b0 ; je 0xfffd05b0 +mov ecx, dword [ebp - 0xc4] +mov eax, esi +mov edx, dword [ebp - 0xbc] +call fcn_fffcb062 ; call 0xfffcb062 + +loc_fffd0596: ; not directly referenced +mov eax, dword [ebp - 0xec] +mov ebx, edi +mov dword [ebp - 0xc0], 0 +mov dword [ebp - 0xc4], eax +jmp short loc_fffd05fc ; jmp 0xfffd05fc + +loc_fffd05b0: ; not directly referenced +push 1 +mov ecx, dword [ebp - 0xbc] +mov edx, 6 +push 1 +lea eax, [ebp - 0xb0] +push eax +mov eax, esi push 0 +push 0x40 +push 0xffffffffffffffc0 +push 3 +push 0xff +call fcn_fffcf65b ; call 0xfffcf65b +add esp, 0x20 +jmp short loc_fffd0596 ; jmp 0xfffd0596 + +loc_fffd05df: ; not directly referenced +inc dword [ebp - 0xc0] +add ebx, 0x48 +add dword [ebp - 0xc4], 0x10 +cmp dword [ebp - 0xc0], 2 +je loc_fffd049b ; je 0xfffd049b + +loc_fffd05fc: ; not directly referenced +imul eax, dword [ebp - 0xc0], 0x13c3 +cmp dword [esi + eax + 0x3757], 2 +jne short loc_fffd05df ; jne 0xfffd05df +mov eax, dword [ebx + 0x3211] +mov edx, dword [ebp - 0xc4] +mov ecx, dword [ebp - 0xdc] +mov dword [edx + 8], eax +mov eax, dword [ebx + 0x3215] +mov dword [edx + 0xc], eax +mov edx, dword [ebp - 0xc0] push 0 -call dword [esi + 0x4c] ; ucall -pop edx -pop ecx -push dword [ebx + 0x36fc] -add eax, dword [ebp - 0x3c] -push eax -call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x371d] -pop edi -pop eax -mov eax, dword [ebx + 0x3721] -mov edi, dword [ebp - 0x40] -add eax, edx -shr eax, 3 -shr edx, 3 -shl eax, 0x10 -or eax, edx -push eax -mov eax, edi -add eax, 0x18 -push eax -call dword [esi + 0x30] ; ucall -pop eax -mov eax, dword [ebx + 0x371d] -pop edx -shl eax, 0xe -push eax -mov eax, edi -add eax, 0x10 -push eax -call dword [esi + 0x30] ; ucall -pop ecx -pop eax -mov eax, dword [ebx + 0x371d] -and eax, 0x40000 -shr eax, 0x12 -push eax -mov eax, edi -add eax, 0x14 -push eax -call dword [esi + 0x30] ; ucall -mov edx, dword [ebx + 0x3725] -pop eax -mov eax, dword [ebx + 0x3729] -pop ecx -add eax, edx -shr eax, 3 -shr edx, 3 -shl eax, 0x10 -or eax, edx -push eax -mov eax, edi -add eax, 0x28 -push eax -call dword [esi + 0x30] ; ucall -pop eax -mov eax, dword [ebx + 0x3725] -pop edx -shl eax, 0xe -push eax -mov eax, edi -add eax, 0x20 -push eax -call dword [esi + 0x30] ; ucall -pop ecx -pop eax -mov eax, dword [ebx + 0x3725] -and eax, 0x40000 -shr eax, 0x12 -or eax, 4 -push eax -mov eax, edi -add eax, 0x24 +push 1 +imul eax, edx, 0xcc +movzx eax, byte [ecx + eax + 0xe2] +mov ecx, 0xff +neg eax push eax -call dword [esi + 0x30] ; ucall -xor eax, eax -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +mov eax, esi +push 1 +call fcn_fffac68e ; call 0xfffac68e +add esp, 0x10 +jmp short loc_fffd05df ; jmp 0xfffd05df -loc_fffd2836: -push esi -push edi -mov esi, dword [esp + 0x10] -mov edi, dword [esp + 0xc] -mov edx, dword [esp + 0x14] -cmp edi, esi -je short loc_fffd2865 ; je 0xfffd2865 -cmp edx, 0 -je short loc_fffd2865 ; je 0xfffd2865 -lea eax, [esi + edx - 1] -cmp esi, edi -jae short loc_fffd2860 ; jae 0xfffd2860 -cmp eax, edi -jb short loc_fffd2860 ; jb 0xfffd2860 -mov esi, eax -lea edi, [edi + edx - 1] -std +loc_fffd065c: ; not directly referenced +inc dword [ebp - 0xc8] +add edi, 0x90 +add dword [ebp - 0xec], 0x20 +cmp dword [ebp - 0xc8], 4 +jne loc_fffd02cc ; jne 0xfffd02cc +cmp dword [ebp - 0xd0], 0 +jne short loc_fffd06d3 ; jne 0xfffd06d3 +mov eax, dword [ebp - 0xf8] +lea edx, [esi + 0x3211] +lea ebx, [ebp - 0x18] -loc_fffd2860: -mov ecx, edx -rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -cld +loc_fffd0694: ; not directly referenced +mov ecx, dword [eax] +cmp dword [eax + 8], ecx +cmovbe ecx, dword [eax + 8] +mov dword [edx], ecx +mov ecx, dword [eax + 4] +cmp dword [eax + 0xc], ecx +cmovbe ecx, dword [eax + 0xc] +mov dword [edx + 4], ecx +mov ecx, dword [eax + 0x18] +cmp dword [eax + 0x10], ecx +cmovbe ecx, dword [eax + 0x10] +mov dword [edx + 0x48], ecx +mov ecx, dword [eax + 0x1c] +cmp dword [eax + 0x14], ecx +cmovbe ecx, dword [eax + 0x14] +add eax, 0x20 +add edx, 0x90 +mov dword [edx - 0x44], ecx +cmp eax, ebx +jne short loc_fffd0694 ; jne 0xfffd0694 -loc_fffd2865: -mov eax, dword [esp + 0xc] -pop edi -pop esi -ret +loc_fffd06d3: ; not directly referenced +mov dword [ebp - 0xd0], 0 +xor edi, edi +mov dword [ebp - 0xc8], 0 +mov byte [ebp - 0xc4], 0 -loc_fffd286c: -push edi -xor eax, eax -mov edi, dword [esp + 8] -mov ecx, dword [esp + 0xc] -mov edx, ecx -shr ecx, 2 -and edx, 3 -push edi -rep stosd ; rep stosd dword es:[edi], eax -mov ecx, edx -rep stosb ; rep stosb byte es:[edi], al -pop eax -pop edi -ret +loc_fffd06f0: ; not directly referenced +mov byte [ebp - 0xbc], 0 -fcn_fffd2889: -mov eax, dword [esp + 8] -mov ecx, dword [esp + 0xc] -xor edx, edx -div ecx -mov eax, dword [esp + 4] -div ecx -mov eax, edx -ret +loc_fffd06f7: ; not directly referenced +mov cl, byte [ebp - 0xc4] +mov eax, 1 +movzx edx, byte [ebp - 0xbc] +movzx ebx, cl +shl eax, cl +imul ecx, edx, 0x13c3 +test byte [esi + ecx + 0x381b], al +je loc_fffd08b4 ; je 0xfffd08b4 +imul ebx, ebx, 0x90 +imul edx, edx, 0x48 +mov dword [ebp - 0xd4], edi +lea eax, [ebx + edx] +mov ebx, 1 +mov dword [ebp - 0xe8], eax -fcn_fffd289e: -mov eax, dword [esp + 8] -mov ecx, dword [esp + 0xc] +loc_fffd073e: ; not directly referenced +lea eax, [ebx - 6] +cmp eax, 5 +setbe dl +cmp ebx, 3 +sete al +or dl, al +jne loc_fffd0891 ; jne 0xfffd0891 +mov ecx, 2 +mov edx, ebx +movzx edi, byte [ebx + ref_fffd58e0] ; movzx edi, byte [ebx - 0x2a720] +mov eax, esi +call fcn_fffaab72 ; call 0xfffaab72 +mov ecx, 0xa xor edx, edx -div ecx +imul edi, edi, 0x240 +div cx +mov word [ebp - 0xec], ax push eax -mov eax, dword [esp + 8] -div ecx -pop edx -ret - -fcn_fffd28b3: -mov ecx, dword [esp + 0xc] -mov eax, dword [esp + 8] -xor edx, edx -div ecx +push 0xffff +push 2 +lea eax, [ebp - 0xac] push eax -mov eax, dword [esp + 8] -div ecx -mov ecx, dword [esp + 0x14] -jecxz loc_fffd28ce ; jecxz 0xfffd28ce -mov dword [ecx], edx - -loc_fffd28ce: -pop edx -ret +mov eax, dword [ebp - 0xd8] +call dword [eax + 0x60] ; ucall +lea eax, [ebx - 0xc] +add esp, 0x10 +add edi, dword [ebp - 0xe0] +xor ecx, ecx +add edi, dword [ebp - 0xe8] +mov dword [ebp - 0xf0], eax +mov dword [ebp - 0xdc], edi -fcn_fffd28d0: -push ebx -push ebp -mov ebp, esp -mov eax, dword [ebp + 0xc] -cpuid -push ecx -mov ecx, dword [ebp + 0x10] -jecxz loc_fffd28e1 ; jecxz 0xfffd28e1 -mov dword [ecx], eax +loc_fffd07b9: ; not directly referenced +mov eax, dword [ebp - 0xdc] +xor edx, edx +mov edi, 0xa +mov eax, dword [eax + ecx*2] +div di +mov dx, word [ecx + ebp - 0xac] +cmp ax, dx +cmovbe edx, eax +mov word [ecx + ebp - 0xac], dx +cmp ax, word [ebp - 0xec] +ja short loc_fffd085f ; ja 0xfffd085f +cmp ebx, 4 +sete dl +cmp ebx, 1 +sete al +or dl, al +je short loc_fffd080e ; je 0xfffd080e +or byte [esi + 0x2443], 1 +mov dword [ebp - 0xc8], 1 +jmp short loc_fffd082f ; jmp 0xfffd082f -loc_fffd28e1: -mov ecx, dword [ebp + 0x14] -jecxz loc_fffd28e8 ; jecxz 0xfffd28e8 -mov dword [ecx], ebx +loc_fffd080e: ; not directly referenced +cmp ebx, 5 +sete dl +cmp ebx, 2 +sete al +or dl, al +je short loc_fffd083b ; je 0xfffd083b +or byte [esi + 0x2443], 2 +mov dword [ebp - 0xd4], 1 -loc_fffd28e8: -mov ecx, dword [ebp + 0x18] -jecxz loc_fffd28ef ; jecxz 0xfffd28ef -pop dword [ecx] +loc_fffd082f: ; not directly referenced +mov dword [ebp - 0xc0], 0x1c +jmp short loc_fffd085f ; jmp 0xfffd085f -loc_fffd28ef: -mov ecx, dword [ebp + 0x1c] -jecxz loc_fffd28f6 ; jecxz 0xfffd28f6 -mov dword [ecx], edx +loc_fffd083b: ; not directly referenced +cmp dword [ebp - 0xf0], 1 +mov dword [ebp - 0xc0], 0x1c +ja short loc_fffd085f ; ja 0xfffd085f +or byte [esi + 0x2443], 4 +mov dword [ebp - 0xd0], 1 -loc_fffd28f6: -mov eax, dword [ebp + 0xc] -leave -pop ebx -ret +loc_fffd085f: ; not directly referenced +add ecx, 2 +cmp ecx, 4 +jne loc_fffd07b9 ; jne 0xfffd07b9 +mov eax, dword [ebp - 0xc8] +mov edi, dword [ebp - 0xd4] +dec eax +jne short loc_fffd0891 ; jne 0xfffd0891 +cmp edi, 1 +jne short loc_fffd0891 ; jne 0xfffd0891 +cmp dword [ebp - 0xd0], 1 +je short loc_fffd08a6 ; je 0xfffd08a6 +cmp dword [ebp - 0xe4], 0 +je short loc_fffd08a6 ; je 0xfffd08a6 -loc_fffd28fc: ; not directly referenced -mov cl, byte [esp + 0xc] -xor eax, eax -mov edx, dword [esp + 4] -test cl, 0x20 -cmove eax, edx -cmove edx, dword [esp + 8] -shld edx, eax, cl -shl eax, cl -ret +loc_fffd0891: ; not directly referenced +inc ebx +cmp ebx, dword [ebp - 0xcc] +jbe loc_fffd073e ; jbe 0xfffd073e +mov edi, dword [ebp - 0xd4] +jmp short loc_fffd08b4 ; jmp 0xfffd08b4 -loc_fffd2917: -mov cl, byte [esp + 0xc] -xor edx, edx -mov eax, dword [esp + 8] -test cl, 0x20 -cmove edx, eax -cmove eax, dword [esp + 4] -shrd eax, edx, cl -shr edx, cl -ret +loc_fffd08a6: ; not directly referenced +mov byte [ebp - 0xc4], 4 +mov byte [ebp - 0xbc], 2 -loc_fffd2932: -push edi -mov ecx, dword [esp + 0xc] -mov al, byte [esp + 0x10] -mov ah, al -shrd edx, eax, 0x10 -shld eax, edx, 0x10 -mov edx, ecx -mov edi, dword [esp + 8] -shr ecx, 2 -rep stosd ; rep stosd dword es:[edi], eax -mov ecx, edx -and ecx, 3 -rep stosb ; rep stosb byte es:[edi], al -mov eax, dword [esp + 8] -pop edi -ret +loc_fffd08b4: ; not directly referenced +inc byte [ebp - 0xbc] +cmp byte [ebp - 0xbc], 1 +jbe loc_fffd06f7 ; jbe 0xfffd06f7 +inc byte [ebp - 0xc4] +cmp byte [ebp - 0xc4], 3 +jbe loc_fffd06f0 ; jbe 0xfffd06f0 +cmp dword [ebp - 0xc0], 0x1c +jne loc_fffd0a51 ; jne 0xfffd0a51 +mov dl, byte [ebp - 0xfa] +xor edx, 1 +cmp dword [ebp - 0xe4], 1 +sete al +test dl, al +jne short loc_fffd0908 ; jne 0xfffd0908 -fcn_fffd295d: -push edi -mov eax, dword [esp + 0x10] -mov edi, dword [esp + 8] -mov ecx, dword [esp + 0xc] -rep stosd ; rep stosd dword es:[edi], eax -mov eax, dword [esp + 8] -pop edi -ret +loc_fffd08fe: ; not directly referenced +mov eax, 1 +jmp near loc_fffd0998 ; jmp 0xfffd0998 -loc_fffd2972: ; not directly referenced -mov ecx, dword [esp + 0xc] -mov eax, ecx -imul ecx, dword [esp + 8] -mul dword [esp + 4] -add edx, ecx -ret +loc_fffd0908: ; not directly referenced +lea eax, [esi + 0x3757] +mov ebx, 0x4020 +mov dword [ebp - 0xc4], eax -loc_fffd2984: ; not directly referenced -mov ecx, dword [esp + 0x10] -test ecx, ecx -jne short loc_fffd299f ; jne 0xfffd299f -mov ecx, dword [esp + 0x14] -jecxz loc_fffd299a ; jecxz 0xfffd299a -and dword [ecx + 4], 0 -mov dword [esp + 0x10], ecx +loc_fffd0919: ; not directly referenced +mov eax, dword [ebp - 0xc4] +cmp dword [eax], 2 +jne short loc_fffd0961 ; jne 0xfffd0961 +mov edx, ebx +mov eax, esi +call fcn_fffb331f ; call 0xfffb331f +mov edx, ebx +mov dword [ebp - 0xbc], eax +mov eax, esi +or dword [ebp - 0xbc], 0x40000000 +mov ecx, dword [ebp - 0xbc] +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp - 0xbc] +mov edx, ebx +mov eax, esi +and ecx, 0xbfffffff +call fcn_fffb3381 ; call 0xfffb3381 -loc_fffd299a: ; not directly referenced -jmp near fcn_fffd28b3 ; jmp 0xfffd28b3 +loc_fffd0961: ; not directly referenced +add ebx, 0x400 +add dword [ebp - 0xc4], 0x13c3 +cmp ebx, 0x4820 +jne short loc_fffd0919 ; jne 0xfffd0919 +jmp short loc_fffd08fe ; jmp 0xfffd08fe -loc_fffd299f: ; not directly referenced -push ebx -push esi -push edi -mov edx, dword [esp + 0x14] -mov eax, dword [esp + 0x10] -mov edi, edx -mov esi, eax -mov ebx, dword [esp + 0x18] +loc_fffd097b: ; not directly referenced +cmp eax, 4 +sete cl +cmp eax, 1 +sete dl +or cl, dl +je short loc_fffd09a1 ; je 0xfffd09a1 -loc_fffd29b2: ; not directly referenced -shr edx, 1 -rcr eax, 1 -shrd ebx, ecx, 1 -shr ecx, 1 -jne short loc_fffd29b2 ; jne 0xfffd29b2 -div ebx -mov ebx, eax -mov ecx, dword [esp + 0x1c] -mul dword [esp + 0x18] -imul ecx, ebx -add edx, ecx -mov ecx, dword [esp + 0x20] -jb short loc_fffd29df ; jb 0xfffd29df -cmp edi, edx -ja short loc_fffd29ea ; ja 0xfffd29ea -jb short loc_fffd29df ; jb 0xfffd29df -cmp esi, eax -jae short loc_fffd29ea ; jae 0xfffd29ea +loc_fffd098b: ; not directly referenced +inc eax +cmp eax, dword [ebp - 0xcc] +ja loc_fffd0a51 ; ja 0xfffd0a51 -loc_fffd29df: ; not directly referenced -dec ebx -jecxz loc_fffd29f5 ; jecxz 0xfffd29f5 -sub eax, dword [esp + 0x18] -sbb edx, dword [esp + 0x1c] +loc_fffd0998: ; not directly referenced +cmp dword [ebp - 0xc8], 0 +je short loc_fffd097b ; je 0xfffd097b -loc_fffd29ea: ; not directly referenced -jecxz loc_fffd29f5 ; jecxz 0xfffd29f5 -sub esi, eax -sbb edi, edx -mov dword [ecx], esi -mov dword [ecx + 4], edi +loc_fffd09a1: ; not directly referenced +test edi, edi +jne short loc_fffd09b5 ; jne 0xfffd09b5 +cmp eax, 5 +sete cl +cmp eax, 2 +sete dl +or cl, dl +jne short loc_fffd098b ; jne 0xfffd098b -loc_fffd29f5: ; not directly referenced -mov eax, ebx -xor edx, edx -pop edi -pop esi -pop ebx -ret +loc_fffd09b5: ; not directly referenced +cmp dword [ebp - 0xd0], 0 +jne short loc_fffd09c6 ; jne 0xfffd09c6 +lea edx, [eax - 0xc] +cmp edx, 1 +jbe short loc_fffd098b ; jbe 0xfffd098b -loc_fffd29fd: -db 0x53 +loc_fffd09c6: ; not directly referenced +cmp eax, 3 +je short loc_fffd098b ; je 0xfffd098b +lea edx, [eax - 6] +cmp edx, 5 +jbe short loc_fffd098b ; jbe 0xfffd098b +mov dword [ebp - 0xbc], 0 +mov byte [ebp - 0xd4], al -fcn_fffd29fe: ; not directly referenced -push ebp -mov ebp, esp -mov eax, dword [ebp + 0xc] -mov ecx, dword [ebp + 0x10] -cpuid -push ecx -mov ecx, dword [ebp + 0x14] -jecxz loc_fffd2a11 ; jecxz 0xfffd2a11 -mov dword [ecx], eax +loc_fffd09e3: ; not directly referenced +mov ecx, dword [esi + 0x5edd] +mov ecx, dword [ecx + 4] +mov dword [ebp - 0xc4], ecx +mov ebx, ecx +xor ecx, ecx -loc_fffd2a11: ; not directly referenced -mov ecx, dword [ebp + 0x18] -jecxz loc_fffd2a18 ; jecxz 0xfffd2a18 -mov dword [ecx], ebx +loc_fffd09f6: ; not directly referenced +mov dl, byte [ebp - 0xd4] +cmp dl, byte [ebx] +jne short loc_fffd0a0d ; jne 0xfffd0a0d +mov edx, dword [ebp - 0xbc] +movzx ebx, word [ebx + edx*2 + 1] +jmp short loc_fffd0a18 ; jmp 0xfffd0a18 -loc_fffd2a18: ; not directly referenced -mov ecx, dword [ebp + 0x20] -jecxz loc_fffd2a1f ; jecxz 0xfffd2a1f -mov dword [ecx], edx +loc_fffd0a0d: ; not directly referenced +inc ecx +add ebx, 7 +cmp ecx, 0xb +jne short loc_fffd09f6 ; jne 0xfffd09f6 +xor ebx, ebx -loc_fffd2a1f: ; not directly referenced -mov ecx, dword [ebp + 0x1c] -jecxz loc_fffd2a26 ; jecxz 0xfffd2a26 -pop dword [ecx] +loc_fffd0a18: ; not directly referenced +add ebx, 0x28 +mov edx, 0xffff +imul ecx, ecx, 7 +add ecx, dword [ebp - 0xc4] +cmp ebx, 0xffff +cmovg ebx, edx +mov edx, dword [ebp - 0xbc] +inc dword [ebp - 0xbc] +cmp dword [ebp - 0xbc], 2 +mov word [ecx + edx*2 + 1], bx +jne short loc_fffd09e3 ; jne 0xfffd09e3 +jmp near loc_fffd098b ; jmp 0xfffd098b -loc_fffd2a26: ; not directly referenced -mov eax, dword [ebp + 0xc] -leave +loc_fffd0a51: ; not directly referenced +mov eax, dword [ebp - 0xc0] +lea esp, [ebp - 0xc] pop ebx +pop esi +pop edi +pop ebp ret -fcn_fffd2a2c: ; not directly referenced +fcn_fffd0a5f: ; not directly referenced push ebp +mov ecx, 0xa mov ebp, esp push edi push esi -xor esi, esi +mov esi, ref_fffd623c ; mov esi, 0xfffd623c push ebx -mov ebx, eax -sub esp, 0x1c -mov dword [ebp - 0x1c], edx - -loc_fffd2a3c: ; not directly referenced -lea eax, [esi*8 + 0x48a8] -mov dword [ebp - 0x20], eax -mov edx, eax -mov eax, ebx -call fcn_fffae548 ; call 0xfffae548 -mov edi, dword [ebp - 0x1c] -bt edi, esi -mov ecx, eax -jae short loc_fffd2a61 ; jae 0xfffd2a61 -and ch, 0xcf -or ch, 0x18 -jmp short loc_fffd2a64 ; jmp 0xfffd2a64 +sub esp, 0xe100 +mov eax, dword [ebp + 8] +lea edi, [ebp - 0xe044] +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +mov byte [ebp - 0xe06e], 6 +mov eax, dword [eax + 0x5edd] +mov byte [ebp - 0xe069], 0 +mov byte [ebp - 0xe068], 4 +mov byte [ebp - 0xe065], 6 +mov esi, eax +mov dword [ebp - 0xe0f4], eax +mov eax, dword [ebp + 8] +mov byte [ebp - 0xe064], 0 +mov byte [ebp - 0xe063], 4 +mov byte [ebp - 0xe056], 1 +mov ebx, dword [eax + 0x2444] +movzx eax, byte [eax + 0x2489] +mov byte [ebp - 0xe055], 1 +mov byte [ebp - 0xe054], 1 +mov byte [ebp - 0xe053], 1 +mov dword [ebp - 0xe0e4], eax +mov eax, dword [ebp + 8] +mov byte [ebp - 0xe052], 1 +mov byte [ebp - 0xe051], 1 +mov byte [ebp - 0xe050], 1 +mov edi, dword [eax + 0x1887] +mov eax, dword [eax + 0x188b] +mov byte [ebp - 0xe04f], 1 +mov byte [ebp - 0xe04e], 0 +mov byte [ebp - 0xe04d], 0 +mov byte [ebp - 0xe067], 6 +mov byte [ebp - 0xe066], 5 +mov dword [ebp - 0xe084], eax +mov eax, dword [ebp + 8] +mov eax, dword [eax + 0x2481] +push 0 +push 0x50a +mov dword [ebp - 0xe0f8], eax +lea eax, [ebp - 0xdea0] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0xd97e +lea eax, [ebp - 0xd996] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 0x19a +lea eax, [ebp - 0xe03a] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 2 +lea eax, [ebp - 0xe06d] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0xc +push 0 +push 8 +lea eax, [ebp - 0xe04c] +push eax +call dword [ebx + 0x5c] ; ucall +add esp, 0x10 +cmp edi, 0x306d0 +sete bl +cmp edi, 0x40650 +sete al +or ebx, eax +mov al, bl +xor eax, 1 +mov byte [ebp - 0xe0a8], al +mov eax, dword [ebp + 8] +cmp byte [esi + 0x1c5], 1 +mov word [ebp - 0xe07a], 0 +mov byte [ebp - 0xe0c0], 0 +mov al, byte [eax + 0x248f] +sbb esi, esi +mov dword [ebp - 0xe098], esi +mov dword [ebp - 0xe0d8], esi +mov dword [ebp - 0xe0b8], esi +mov byte [ebp - 0xe0c1], al +mov eax, dword [ebp + 8] +and byte [ebp - 0xe0c1], 3 +movzx esi, byte [ebp - 0xe0c1] +not byte [ebp - 0xe098] +mov al, byte [eax + 0x248e] +and byte [ebp - 0xe0d8], 0xe +and byte [ebp - 0xe0b8], 0xfc +and byte [ebp - 0xe098], 0x10 +add byte [ebp - 0xe0d8], 2 +add byte [ebp - 0xe0b8], 6 +mov byte [ebp - 0xe0c8], al +mov eax, dword [ebp + 8] +and byte [ebp - 0xe0c8], 0xf +mov dword [ebp - 0xe0bc], 0 +lea edx, [eax + 0x39b6] +xor eax, eax +mov dword [ebp - 0xe09c], 0 +mov dword [ebp - 0xe080], esi -loc_fffd2a61: ; not directly referenced -and ch, 0xf7 +loc_fffd0c6f: ; not directly referenced +mov esi, dword [ebp - 0xe080] +bt esi, eax +jae loc_fffd0d47 ; jae 0xfffd0d47 +cmp dword [edx - 0x19f], 2 +lea ecx, [eax*4] +jne short loc_fffd0ca9 ; jne 0xfffd0ca9 +mov esi, 3 +shl esi, cl +mov ecx, esi +mov dword [ebp - 0xe09c], 1 +or byte [ebp - 0xe0c0], cl +jmp short loc_fffd0cc2 ; jmp 0xfffd0cc2 -loc_fffd2a64: ; not directly referenced -push edi -mov eax, ebx -push edi -inc esi -push edx -mov edx, dword [ebp - 0x20] -push ecx -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 -cmp esi, 2 -jne short loc_fffd2a3c ; jne 0xfffd2a3c -mov ecx, 2 -mov edx, 0x4d98 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov ecx, 1 -mov edx, 0x4800 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x4800 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -xor ecx, ecx -mov edx, 0x4d98 -mov esi, eax -mov eax, ebx -and esi, 0xfffffffe -call fcn_fffae58c ; call 0xfffae58c +loc_fffd0ca9: ; not directly referenced +mov esi, 1 +shl esi, cl mov ecx, esi -mov edx, 0x4800 -or ecx, 2 -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov edx, 0x4800 -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -xor esi, esi +or byte [ebp - 0xe0c0], cl +mov dword [ebp - 0xe0bc], 1 -loc_fffd2adb: ; not directly referenced -mov eax, dword [ebp - 0x1c] -bt eax, esi -jae short loc_fffd2b0a ; jae 0xfffd2b0a -lea edi, [esi*8 + 0x48a8] -mov eax, ebx -mov edx, edi -call fcn_fffae548 ; call 0xfffae548 -mov ecx, eax -and ch, 0xf7 -mov eax, ecx -push ecx -push ecx -push edx -mov edx, edi -push eax -mov eax, ebx -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 +loc_fffd0cc2: ; not directly referenced +mov esi, dword [ebp + 8] +mov cl, byte [ebp - 0xe0c8] +and cl, byte [edx - 0x19b] +mov esi, dword [esi + 0x2481] +mov byte [ebp + eax - 0xe06d], cl +cmp esi, 3 +setne cl +add ecx, ecx +cmp dword [ebp - 0xe084], 1 +mov byte [ebp + eax*2 - 0xe062], cl +jne short loc_fffd0d13 ; jne 0xfffd0d13 +mov cl, byte [edx - 0x12] +and ecx, 0x30 +cmp cl, 0x30 +mov ecx, 3 +cmovne cx, word [ebp - 0xe07a] +mov word [ebp - 0xe07a], cx -loc_fffd2b0a: ; not directly referenced -inc esi -cmp esi, 2 -jne short loc_fffd2adb ; jne 0xfffd2adb -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffd0d13: ; not directly referenced +cmp esi, 3 +setne cl +add ecx, ecx +cmp dword [ebp - 0xe084], 1 +mov byte [ebp + eax*2 - 0xe061], cl +jne short loc_fffd0d47 ; jne 0xfffd0d47 +mov cl, byte [edx] +mov esi, 3 +and ecx, 0x30 +cmp cl, 0x30 +cmovne si, word [ebp - 0xe07a] +mov word [ebp - 0xe07a], si -fcn_fffd2b18: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, edx -shl esi, 0xa -push ebx -mov ebx, eax -lea edi, [esi + 0x41a0] -sub esp, 0x2c -mov edx, edi -mov byte [ebp - 0x29], cl -call fcn_fffae52a ; call 0xfffae52a -mov edx, edi -and eax, 0xfffffccc -or eax, 0x111 -mov ecx, eax -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp + 0x10] -lea edx, [esi + 0x41a4] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp + 0x14] -lea edx, [esi + 0x41a8] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -mov ecx, dword [ebp + 0x18] -lea edx, [esi + 0x41ac] -mov eax, ebx -call fcn_fffae58c ; call 0xfffae58c -lea edx, [esi + 0x41bc] -mov eax, ebx -xor ecx, ecx -call fcn_fffae58c ; call 0xfffae58c -lea eax, [esi + 0x41c0] -mov dword [ebp - 0x28], eax +loc_fffd0d47: ; not directly referenced +inc eax +add edx, 0x13c3 +cmp eax, 2 +jne loc_fffd0c6f ; jne 0xfffd0c6f mov eax, dword [ebp + 8] -mov dword [ebp - 0x20], 0 -mov dword [ebp - 0x1c], 0 -mov dword [ebp - 0x24], 0 -lea esi, [eax + 4] +cmp byte [eax + 0x189e], 1 +jne short loc_fffd0d93 ; jne 0xfffd0d93 +cmp edi, 0x40670 +sete al +test byte [ebp - 0xe09c], al +je short loc_fffd0d93 ; je 0xfffd0d93 +mov eax, dword [ebp + 8] +mov edi, dword [ebp - 0xe0a8] +test byte [eax + 0x2443], 2 +mov al, 2 +cmovne edi, eax +mov eax, edi +mov byte [ebp - 0xe0a8], al +jmp short loc_fffd0dba ; jmp 0xfffd0dba -loc_fffd2bb0: ; not directly referenced -mov eax, dword [ebp - 0x24] -cmp eax, dword [ebp + 0xc] -je loc_fffd2c4b ; je 0xfffd2c4b -mov ecx, dword [esi - 4] -add esi, 0xc -movzx eax, byte [esi - 0xc] -mov edx, ecx -mov edi, ecx -and edx, 0x7c -or ah, 0x80 -shl edx, 6 -and edi, 1 -or eax, edx -mov edx, ecx -and edx, 2 -add edi, edi -shr edx, 1 -and ecx, 0x380 -or edx, edi -mov edi, dword [esi - 0xc] -shl ecx, 0x11 -or edx, 4 -shl edx, 8 -and edi, 0x300 -shl edi, 5 -or eax, edi -mov word [ebp - 0x20], ax -mov eax, dword [ebp - 0x20] -and eax, 0xf0ffffff -or eax, ecx -mov cl, byte [ebp - 0x29] -mov dword [ebp - 0x20], eax -mov eax, dword [ebp - 0x1c] -and ah, 0xf0 -or eax, edx -mov edx, dword [esi - 8] -and eax, 0xfffffff0 -shl edx, cl -not edx -and edx, 0xf -or eax, edx -mov edx, dword [ebp - 0x28] -mov dword [ebp - 0x1c], eax -push eax -push eax -mov eax, ebx -push dword [ebp - 0x1c] -push dword [ebp - 0x20] -call fcn_fffae7cf ; call 0xfffae7cf -add esp, 0x10 -inc dword [ebp - 0x24] -jmp near loc_fffd2bb0 ; jmp 0xfffd2bb0 +loc_fffd0d93: ; not directly referenced +cmp dword [ebp - 0xe09c], 0 +jne short loc_fffd0dba ; jne 0xfffd0dba +test bl, bl +je short loc_fffd0dda ; je 0xfffd0dda +mov eax, dword [ebp + 8] +test byte [eax + 0x2404], 0x20 +lea eax, [ebp - 0xe051] +mov dword [ebp - 0xe0a0], eax +jne short loc_fffd0df5 ; jne 0xfffd0df5 +jmp short loc_fffd0de6 ; jmp 0xfffd0de6 -loc_fffd2c4b: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffd0dba: ; not directly referenced +lea eax, [ebp - 0xe056] +mov edi, 2 +mov dword [ebp - 0xe0a0], eax +lea esi, [ebp - 0xe065] +mov byte [ebp - 0xe088], 3 +jmp short loc_fffd0e07 ; jmp 0xfffd0e07 -fcn_fffd2c53: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -mov esi, eax -push ebx -sub esp, 0x2c -cmp dword [ebp + 8], 1 -je short loc_fffd2c90 ; je 0xfffd2c90 -jb short loc_fffd2c80 ; jb 0xfffd2c80 -cmp dword [ebp + 8], 2 -jne loc_fffd2d7c ; jne 0xfffd2d7c -mov dword [ebp - 0x24], 0xa8 -mov dword [ebp - 0x20], 0x2a -jmp short loc_fffd2c9e ; jmp 0xfffd2c9e +loc_fffd0dda: ; not directly referenced +lea eax, [ebp - 0xe051] +mov dword [ebp - 0xe0a0], eax -loc_fffd2c80: ; not directly referenced -mov dword [ebp - 0x24], 0xa4 -mov dword [ebp - 0x20], 0x29 -jmp short loc_fffd2c9e ; jmp 0xfffd2c9e +loc_fffd0de6: ; not directly referenced +mov byte [ebp - 0xe088], 1 +lea esi, [ebp - 0xe06e] +jmp short loc_fffd0e02 ; jmp 0xfffd0e02 -loc_fffd2c90: ; not directly referenced -mov dword [ebp - 0x24], 0xc0 -mov dword [ebp - 0x20], 0x30 +loc_fffd0df5: ; not directly referenced +mov byte [ebp - 0xe088], 2 +lea esi, [ebp - 0xe067] -loc_fffd2c9e: ; not directly referenced -lea eax, [esi + 0x381a] -xor ebx, ebx -mov dword [ebp - 0x28], eax -movzx eax, dl -mov dword [ebp - 0x30], eax -movzx eax, cl -mov dword [ebp - 0x34], eax +loc_fffd0e02: ; not directly referenced +mov edi, 1 -loc_fffd2cb5: ; not directly referenced -mov eax, dword [ebp - 0x30] -bt eax, ebx -jae loc_fffd2d67 ; jae 0xfffd2d67 -mov eax, dword [ebp - 0x28] -movzx edi, byte [eax + 0xfce] -mov eax, ebx -shl eax, 0xa -add eax, 0x4190 -mov edx, eax -and edi, 0xf -shl edi, 0x10 -or edi, 0xf -mov dword [ebp - 0x2c], eax -mov ecx, edi -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c -mov edx, 1 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -mov dword [ebp - 0x1c], 0 +loc_fffd0e07: ; not directly referenced +cmp dword [ebp - 0xe084], 0 +je short loc_fffd0e2f ; je 0xfffd0e2f +mov dx, word [ebp - 0xe07a] +mov ebx, dword [ebp - 0xe084] +mov eax, edx +add eax, 0xc +dec ebx +cmovne eax, edx +mov word [ebp - 0xe07a], ax +jmp short loc_fffd0e38 ; jmp 0xfffd0e38 -loc_fffd2cff: ; not directly referenced -mov cl, byte [ebp - 0x1c] -mov eax, 1 -mov edx, dword [ebp - 0x28] -shl eax, cl -test byte [edx], al -jne short loc_fffd2d1b ; jne 0xfffd2d1b +loc_fffd0e2f: ; not directly referenced +mov word [ebp - 0xe07a], 0xc -loc_fffd2d10: ; not directly referenced -inc dword [ebp - 0x1c] -cmp dword [ebp - 0x1c], 4 -jne short loc_fffd2cff ; jne 0xfffd2cff -jmp short loc_fffd2d43 ; jmp 0xfffd2d43 +loc_fffd0e38: ; not directly referenced +mov al, byte [ebp - 0xe098] +mov byte [ebp - 0xe0c2], 0 +mov byte [ebp - 0xe098], 0 +sub eax, 0x10 +mov byte [ebp - 0xe0c3], al +movzx eax, byte [ebp - 0xe0b8] +mov dword [ebp - 0xe104], eax +movzx eax, byte [ebp - 0xe0a8] +mov dword [ebp - 0xe0f0], eax -loc_fffd2d1b: ; not directly referenced -mov eax, dword [ebp - 0x34] -mov edx, dword [ebp - 0x1c] -bt eax, edx -jae short loc_fffd2d10 ; jae 0xfffd2d10 -push eax -mov ecx, edx -push 1 -mov edx, ebx -push dword [ebp - 0x24] -mov eax, esi -push dword [ebp - 0x20] -call fcn_fffaa505 ; call 0xfffaa505 -add esp, 0x10 -test eax, eax -je short loc_fffd2d10 ; je 0xfffd2d10 -jmp short loc_fffd2d81 ; jmp 0xfffd2d81 +loc_fffd0e6f: ; not directly referenced +movsx eax, byte [ebp - 0xe0c2] +cmp eax, dword [ebp - 0xe104] +jge loc_fffd105f ; jge 0xfffd105f +mov al, byte [ebp - 0xe0a8] +mov byte [ebp - 0xe0a4], al +mov eax, edi +movzx eax, al +add eax, dword [ebp - 0xe0f0] +mov dword [ebp - 0xe0ec], eax -loc_fffd2d43: ; not directly referenced -cmp dword [ebp + 8], 2 -je short loc_fffd2d67 ; je 0xfffd2d67 -mov edx, 1 -mov eax, esi -call fcn_fffa834b ; call 0xfffa834b -mov edx, dword [ebp - 0x2c] -and edi, 0xfff0ffff -mov ecx, edi -mov eax, esi -call fcn_fffae58c ; call 0xfffae58c +loc_fffd0e9f: ; not directly referenced +mov dl, byte [ebp - 0xe0a4] +movsx eax, dl +cmp eax, dword [ebp - 0xe0ec] +jge loc_fffd1048 ; jge 0xfffd1048 +mov al, dl +add eax, 2 +mov byte [ebp - 0xe0c4], al +mov al, dl +dec eax +mov byte [ebp - 0xe0b8], al +movsx eax, word [ebp - 0xe07a] +mov dword [ebp - 0xe0fc], eax +movzx eax, byte [ebp - 0xe088] +mov dword [ebp - 0xe100], eax + +loc_fffd0ee2: ; not directly referenced +movsx eax, byte [ebp - 0xe0b8] +cmp eax, dword [ebp - 0xe0ec] +je loc_fffd1025 ; je 0xfffd1025 +cmp eax, dword [ebp - 0xe0f0] +jl loc_fffd1025 ; jl 0xfffd1025 +cmp byte [ebp - 0xe0b8], 1 +mov dword [ebp - 0xe0e0], 0 +sete dl +cmp byte [ebp - 0xe0a4], 1 +sete al +or dl, al +je short loc_fffd0f2f ; je 0xfffd0f2f +mov eax, dword [ebp - 0xe09c] +mov dword [ebp - 0xe0e0], eax + +loc_fffd0f2f: ; not directly referenced +xor ebx, ebx + +loc_fffd0f31: ; not directly referenced +mov eax, dword [ebp - 0xe080] +bt eax, ebx +jb short loc_fffd0f44 ; jb 0xfffd0f44 -loc_fffd2d67: ; not directly referenced +loc_fffd0f3c: ; not directly referenced inc ebx -add dword [ebp - 0x28], 0x13c3 cmp ebx, 2 -jne loc_fffd2cb5 ; jne 0xfffd2cb5 -xor eax, eax -jmp short loc_fffd2d81 ; jmp 0xfffd2d81 +jne short loc_fffd0f31 ; jne 0xfffd0f31 +jmp short loc_fffd0fbf ; jmp 0xfffd0fbf -loc_fffd2d7c: ; not directly referenced -mov eax, 1 - -loc_fffd2d81: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffd0f44: ; not directly referenced +mov al, byte [ebp - 0xe0a4] +mov byte [ebp - 0xe0dc], 0 +mov byte [ebp + ebx*2 - 0xe05e], al +mov al, byte [ebp - 0xe0b8] +mov byte [ebp + ebx*2 - 0xe05d], al -fcn_fffd2d89: ; not directly referenced -push ebp -mov ebp, esp -push edi -push esi -push ebx -mov ebx, eax -sub esp, 0x50 -mov al, byte [ebp + 8] +loc_fffd0f65: ; not directly referenced +movzx eax, byte [ebp - 0xe0dc] +mov dword [ebp - 0xe0e8], eax +cmp eax, dword [ebp - 0xe0e4] +jae short loc_fffd0f3c ; jae 0xfffd0f3c +push 1 +mov eax, dword [ebp + 8] +xor ecx, ecx push 0 -push 2 -mov byte [ebp - 0x34], al -mov eax, dword [ebx + 0x2443] -mov byte [ebp - 0x33], cl -lea ecx, [ebp - 0x1a] -push ecx -mov dword [ebp - 0x2c], edx -call dword [eax + 0x5c] ; ucall -mov edx, dword [ebp - 0x2c] -add esp, 0x10 -mov byte [ebp - 0x2c], 0x60 -movzx eax, dl -mov edi, eax -mov ecx, edi -mov dword [ebp - 0x48], eax -mov eax, 1 -shl eax, cl -test byte [ebx + 0x381a], al -mov byte [ebp - 0x32], al -setne dl -mov cl, dl -or ecx, 2 -test byte [ebx + 0x4bdd], al -movzx eax, al -mov dword [ebp - 0x38], eax -cmovne edx, ecx -movzx eax, dl -mov dword [ebp - 0x50], eax - -loc_fffd2df2: ; not directly referenced -movzx esi, byte [ebp - 0x2c] -xor edi, edi - -loc_fffd2df8: ; not directly referenced -imul eax, edi, 0x13c3 -mov cl, byte [ebp - 0x32] -test byte [ebx + eax + 0x381a], cl -je short loc_fffd2e47 ; je 0xfffd2e47 -push eax +mov edx, ebx push 0 -push esi -push 3 -push dword [ebp - 0x38] +push dword [ebp - 0xe0e8] +call fcn_fffa972b ; call 0xfffa972b +movzx ecx, byte [ebp + ebx - 0xe06d] +mov edx, ebx push 1 -push edi -push ebx -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c +mov eax, dword [ebp + 8] +push dword [ebp - 0xe0fc] +push 4 +push dword [ebp - 0xe0e8] +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x20 +inc byte [ebp - 0xe0dc] +jmp short loc_fffd0f65 ; jmp 0xfffd0f65 + +loc_fffd0fbf: ; not directly referenced +cmp byte [ebp - 0xe098], 0x28 +ja short loc_fffd1025 ; ja 0xfffd1025 +movzx eax, byte [ebp - 0xe098] +sub esp, 0xc push 0 +mov ecx, dword [ebp - 0xe080] +push dword [ebp - 0xe0e0] +push dword [ebp - 0xe100] +imul eax, eax, 0x54e push esi -push 3 -push dword [ebp - 0x38] -push 2 -push edi -push ebx -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x1c +lea edx, [ebp + eax - 0xd996] +movsx eax, byte [ebp - 0xe0c3] +push eax +lea eax, [ebp - 0xe062] +push eax +lea eax, [ebp - 0xe05e] +push eax +movzx eax, byte [ebp - 0xe0c8] push 0 -push esi -push 3 -push dword [ebp - 0x38] -push 3 -push edi -push ebx -call fcn_fffa9178 ; call 0xfffa9178 -add esp, 0x20 +push eax +mov eax, dword [ebp + 8] +call fcn_fffc1b5f ; call 0xfffc1b5f +add esp, 0x30 +inc byte [ebp - 0xe098] -loc_fffd2e47: ; not directly referenced -inc edi -cmp edi, 2 -jne short loc_fffd2df8 ; jne 0xfffd2df8 -mov edx, dword [ebp - 0x50] -mov eax, ebx -xor esi, esi -call fcn_fffd2a2c ; call 0xfffd2a2c -mov eax, ebx -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -mov edi, dword [ebp + 0xc] -imul eax, dword [ebp - 0x48], 9 -mov dword [ebp - 0x4c], eax +loc_fffd1025: ; not directly referenced +inc byte [ebp - 0xe0b8] +mov al, byte [ebp - 0xe0c4] +cmp byte [ebp - 0xe0b8], al +jne loc_fffd0ee2 ; jne 0xfffd0ee2 +inc byte [ebp - 0xe0a4] +jmp near loc_fffd0e9f ; jmp 0xfffd0e9f + +loc_fffd1048: ; not directly referenced +mov al, byte [ebp - 0xe0d8] +inc byte [ebp - 0xe0c2] +add byte [ebp - 0xe0c3], al +jmp near loc_fffd0e6f ; jmp 0xfffd0e6f + +loc_fffd105f: ; not directly referenced +movzx eax, byte [ebp - 0xe0c0] +xor ebx, ebx +mov dword [ebp - 0xe0a4], eax +movzx eax, byte [ebp - 0xe098] +mov dword [ebp - 0xe0a8], eax -loc_fffd2e6f: ; not directly referenced -imul eax, esi, 0x13c3 -mov dword [ebp - 0x40], eax -mov ecx, eax -mov al, byte [ebp - 0x32] -test byte [ebx + ecx + 0x381a], al -jne short loc_fffd2e90 ; jne 0xfffd2e90 -mov byte [ebp + esi - 0x1a], 0xff -jmp near loc_fffd2f40 ; jmp 0xfffd2f40 +loc_fffd107b: ; not directly referenced +mov eax, dword [ebp - 0xe080] +mov byte [ebp + ebx - 0xe06b], 0 +bt eax, ebx +jae loc_fffd11ee ; jae 0xfffd11ee +mov al, byte [ebp - 0xd467] +mov byte [ebp - 0xe088], 0 +mov byte [ebp - 0xe0b8], al -loc_fffd2e90: ; not directly referenced -cmp byte [ebp + esi - 0x1a], 0xff -je loc_fffd2f40 ; je 0xfffd2f40 -imul eax, esi, 0x54a -mov byte [ebp - 0x31], 0 -lea eax, [ebx + eax + 0x196b] -mov dword [ebp - 0x44], eax +loc_fffd10a5: ; not directly referenced +mov edi, dword [ebp - 0xe088] +mov al, byte [ebp - 0xe098] +mov edx, edi +cmp dl, al +je short loc_fffd10fa ; je 0xfffd10fa +movzx ecx, dl +imul esi, ecx, 0x2a7 +add ecx, ecx +lea eax, [ebp - 0xd996] +add esi, ebx +add esi, esi +add esi, eax +lea eax, [ebp - 0xe03a] +add ecx, eax +xor eax, eax -loc_fffd2eaf: ; not directly referenced -mov al, byte [ebp - 0x31] -cmp al, byte [ebx + 0x2488] -jae loc_fffd2f40 ; jae 0xfffd2f40 -mov cl, byte [ebp - 0x31] -mov edx, dword [ebp - 0x40] -mov dword [ebp - 0x30], 1 -shl dword [ebp - 0x30], cl -movzx eax, cl -mov ecx, dword [ebp - 0x44] -cmp byte [ebx + edx + 0x49ba], 0x20 -mov dword [ebp - 0x3c], eax -mov al, byte [ecx + eax + 0x4f6] -jne short loc_fffd2ef5 ; jne 0xfffd2ef5 -test al, 2 -je short loc_fffd2ef5 ; je 0xfffd2ef5 -mov al, byte [ebp - 0x30] -or byte [ebp + esi - 0x1a], al -jmp short loc_fffd2f38 ; jmp 0xfffd2f38 - -loc_fffd2ef5: ; not directly referenced -mov ecx, dword [ebp - 0x3c] -mov edx, esi -mov eax, ebx -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, ebx -call fcn_fffae52a ; call 0xfffae52a -mov dl, byte [ebp + esi - 0x1a] -test byte [ebp - 0x30], dl -jne short loc_fffd2f38 ; jne 0xfffd2f38 -movzx eax, al -mov dword [ebp - 0x54], edx -call fcn_fffaeba2 ; call 0xfffaeba2 -cmp al, 4 -je short loc_fffd2f38 ; je 0xfffd2f38 -mov eax, dword [ebp - 0x3c] -mov cl, byte [ebp - 0x2c] -mov edx, dword [ebp - 0x54] -add eax, dword [ebp - 0x4c] -or edx, dword [ebp - 0x30] -mov byte [edi + eax], cl -mov byte [esi + ebp - 0x1a], dl +loc_fffd10d8: ; not directly referenced +cmp byte [ebp - 0xe0b8], al +jbe short loc_fffd10f2 ; jbe 0xfffd10f2 +imul edi, eax, 0x52 +mov dx, word [esi + eax*4 + 0x53a] +inc eax +mov word [ecx + edi], dx +jmp short loc_fffd10d8 ; jmp 0xfffd10d8 -loc_fffd2f38: ; not directly referenced -inc byte [ebp - 0x31] -jmp near loc_fffd2eaf ; jmp 0xfffd2eaf +loc_fffd10f2: ; not directly referenced +inc byte [ebp - 0xe088] +jmp short loc_fffd10a5 ; jmp 0xfffd10a5 -loc_fffd2f40: ; not directly referenced -inc esi -add edi, 0x24 -cmp esi, 2 -jne loc_fffd2e6f ; jne 0xfffd2e6f -cmp byte [ebp - 0x1a], 0xff -jne short loc_fffd2f59 ; jne 0xfffd2f59 -cmp byte [ebp - 0x19], 0xff -je short loc_fffd2f86 ; je 0xfffd2f86 +loc_fffd10fa: ; not directly referenced +mov eax, dword [ebp - 0xe0a4] +lea ecx, [ebx*4] +sub esp, 0xc +mov edi, dword [ebp - 0xe0a0] +lea esi, [ebp - 0xe03a] +mov edx, ebx +push 7 +push 0 +sar eax, cl +mov ecx, eax +movzx eax, byte [ebp - 0xd467] +push eax +push edi +lea eax, [ebp - 0xd466] +push eax +push dword [ebp - 0xe0a8] +lea eax, [ebp - 0xd996] +push 0x29 +push esi +push eax +mov eax, dword [ebp + 8] +call fcn_fffb78c3 ; call 0xfffb78c3 +add esp, 0x2c +mov ecx, esi +push 0 +lea eax, [ebp - 0xe044] +push eax +movsx eax, byte [ebp - 0xe098] +push 1 +push 1 +push edi +push eax +mov eax, dword [ebp + 8] +push 0x29 +lea edx, [ebp - 0xdea0] +call fcn_fffa5cdb ; call 0xfffa5cdb +movsx di, byte [ebp - 0xde9e] +lea eax, [ebp - 0xd996] +add edi, dword [ebp - 0xdea0] +mov cl, bl +mov edx, 1 +add esp, 0x18 +shl edx, cl +movsx edi, di +imul esi, edi, 0x54e +imul edi, edi, 0x2a7 +push 0 +push 0 +add eax, esi +mov ecx, eax +mov eax, dword [ebp + 8] +add edi, ebx +call fcn_fffafe03 ; call 0xfffafe03 +mov al, byte [ebp + edi*2 - 0xd996] +add esp, 0x10 +mov byte [ebp + ebx*2 - 0xe05a], al +mov al, byte [ebp + edi*2 - 0xd995] +mov byte [ebp + ebx*2 - 0xe059], al +lea eax, [ebp + esi - 0xd996] +mov dl, byte [eax + 8] +mov eax, dword [eax + 9] +mov byte [ebp + ebx - 0xe06b], dl +mov dword [ebp + ebx*4 - 0xe04c], eax -loc_fffd2f59: ; not directly referenced -mov al, byte [ebp - 0x34] -add byte [ebp - 0x2c], al -test al, al -jle short loc_fffd2f6e ; jle 0xfffd2f6e -mov al, byte [ebp - 0x33] -cmp byte [ebp - 0x2c], al -seta al -jmp short loc_fffd2f7b ; jmp 0xfffd2f7b +loc_fffd11ee: ; not directly referenced +inc ebx +cmp ebx, 2 +jne loc_fffd107b ; jne 0xfffd107b +test byte [ebp - 0xe080], 1 +je short loc_fffd1211 ; je 0xfffd1211 +mov al, byte [ebp - 0xe06b] +mov bl, 1 +mov byte [ebp - 0xe098], al +jmp short loc_fffd121a ; jmp 0xfffd121a -loc_fffd2f6e: ; not directly referenced -movzx eax, byte [ebp - 0x33] -movsx edx, byte [ebp - 0x2c] -cmp edx, eax -setl al +loc_fffd1211: ; not directly referenced +mov byte [ebp - 0xe098], 0 +xor ebx, ebx -loc_fffd2f7b: ; not directly referenced -movzx eax, al -test eax, eax -je loc_fffd2df2 ; je 0xfffd2df2 +loc_fffd121a: ; not directly referenced +mov eax, dword [ebp - 0xe080] +shr eax, 1 +je short loc_fffd1233 ; je 0xfffd1233 +mov al, byte [ebp - 0xe06a] +inc ebx +add byte [ebp - 0xe098], al +jmp short loc_fffd1239 ; jmp 0xfffd1239 -loc_fffd2f86: ; not directly referenced -lea esp, [ebp - 0xc] -pop ebx -pop esi -pop edi -pop ebp -ret +loc_fffd1233: ; not directly referenced +test bl, bl +je short loc_fffd124c ; je 0xfffd124c +mov bl, 1 -fcn_fffd2f8e: ; not directly referenced -push ebp -mov ebp, esp -push edi -mov edi, eax -push esi -mov esi, ecx -push ebx -mov ebx, edx -sub esp, 0x70 -mov al, byte [ebp + 8] -push 0 -push 2 -lea edx, [ebp - 0x2c] -mov byte [ebp - 0x53], al -mov eax, dword [edi + 0x2443] -mov byte [ebp - 0x52], cl -push edx -call dword [eax + 0x5c] ; ucall +loc_fffd1239: ; not directly referenced +movsx eax, byte [ebp - 0xe098] movzx ecx, bl -mov eax, 1 -shl eax, cl -add esp, 0x10 -mov byte [ebp - 0x3e], al -movzx eax, al -mov dword [ebp - 0x50], eax -lea eax, [ecx + ecx*8] -mov dword [ebp - 0x60], eax -mov eax, esi -movzx eax, al -mov byte [ebp - 0x40], 0 -mov byte [ebp - 0x3d], 0x40 -mov dword [ebp - 0x64], eax +cdq +idiv ecx +mov byte [ebp - 0xe098], al -loc_fffd2fe3: ; not directly referenced -movzx esi, byte [ebp - 0x3d] -xor ebx, ebx +loc_fffd124c: ; not directly referenced +movzx ecx, byte [ebp - 0xe098] +sub esp, 0xc +xor edx, edx +mov eax, dword [ebp + 8] +push 1 +call fcn_fffa8377 ; call 0xfffa8377 +add esp, 0x10 +mov edi, eax +cmp bl, 2 +je short loc_fffd12c4 ; je 0xfffd12c4 -loc_fffd2fe9: ; not directly referenced -imul eax, ebx, 0x13c3 -mov dl, byte [ebp - 0x3e] -test byte [edi + eax + 0x381a], dl -je short loc_fffd3010 ; je 0xfffd3010 -push eax +loc_fffd126c: ; not directly referenced +mov eax, dword [ebp + 8] +mov esi, dword [ebp - 0xe080] +push edx +push 0 +add eax, 0x2491 +mov edx, eax +mov edi, eax +mov dword [ebp - 0xe0a8], eax +mov eax, dword [ebp + 8] +mov ecx, esi +push 0 +push 0 +call fcn_fffbf98a ; call 0xfffbf98a +mov eax, dword [ebp + 8] +mov edx, edi +pop ecx +mov ecx, esi +pop ebx +push 0 +push 0xf +push 0 +push 0 push 0 -push esi push 1 -push dword [ebp - 0x50] -push 4 -push ebx -push edi -call fcn_fffa9178 ; call 0xfffa9178 +call fcn_fffbea08 ; call 0xfffbea08 add esp, 0x20 +cmp dword [ebp - 0xe0f8], 3 +jne loc_fffd1350 ; jne 0xfffd1350 +jmp near loc_fffd13fc ; jmp 0xfffd13fc + +loc_fffd12c4: ; not directly referenced +mov esi, dword [ebp - 0xe0f4] +xor ebx, ebx +add esi, 0x1c + +loc_fffd12cf: ; not directly referenced +mov eax, dword [ebp - 0xe080] +bt eax, ebx +jb short loc_fffd12e8 ; jb 0xfffd12e8 -loc_fffd3010: ; not directly referenced +loc_fffd12da: ; not directly referenced inc ebx +add esi, 0xcc cmp ebx, 2 -jne short loc_fffd2fe9 ; jne 0xfffd2fe9 -mov dword [ebp - 0x3c], 0 +jne short loc_fffd12cf ; jne 0xfffd12cf +jmp short loc_fffd126c ; jmp 0xfffd126c -loc_fffd301d: ; not directly referenced -mov al, byte [ebp - 0x3e] -test byte [edi + 0x381a], al -je short loc_fffd3069 ; je 0xfffd3069 -or byte [ebp - 0x40], 1 -mov edx, 0x41a4 -cmp dword [ebp - 0x3c], 1 -mov eax, edi -sbb ecx, ecx -and ecx, 0xffffc000 -add ecx, 0x7000 -call fcn_fffae58c ; call 0xfffae58c -mov ecx, 0x4000 -mov edx, 0x41a8 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -xor ecx, ecx -mov edx, 0x41ac -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffd12e8: ; not directly referenced +sub dword [ebp + ebx*4 - 0xe04c], edi +mov byte [ebp - 0xe088], 0 -loc_fffd3069: ; not directly referenced -mov al, byte [ebp - 0x3e] -test byte [edi + 0x4bdd], al -je short loc_fffd30b5 ; je 0xfffd30b5 -or byte [ebp - 0x40], 2 -mov edx, 0x45a4 -cmp dword [ebp - 0x3c], 1 -mov eax, edi -sbb ecx, ecx -and ecx, 0xffffc000 -add ecx, 0x7000 -call fcn_fffae58c ; call 0xfffae58c -mov ecx, 0x4000 -mov edx, 0x45a8 -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c -xor ecx, ecx -mov edx, 0x45ac -mov eax, edi -call fcn_fffae58c ; call 0xfffae58c +loc_fffd12f6: ; not directly referenced +mov edx, dword [ebp + 8] +mov al, byte [ebp - 0xe088] +cmp al, byte [edx + 0x2489] +jae short loc_fffd12da ; jae 0xfffd12da +movzx edx, byte [ebp - 0xe088] +push 1 +lea eax, [edx + 0x1c] +mov cl, byte [esi + eax*4 + 9] +movzx eax, byte [esi + eax*4 + 0xa] +shr cl, 4 +and eax, 1 +movzx ecx, cl +shl eax, 4 +or eax, ecx +mov ecx, 0xf +add eax, dword [ebp + ebx*4 - 0xe04c] +cwde +push eax +mov eax, dword [ebp + 8] +push 1 +push edx +mov edx, ebx +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 +inc byte [ebp - 0xe088] +jmp short loc_fffd12f6 ; jmp 0xfffd12f6 -loc_fffd30b5: ; not directly referenced -movzx edx, byte [ebp - 0x40] -mov eax, edi -xor esi, esi -call fcn_fffd2a2c ; call 0xfffd2a2c +loc_fffd1350: ; not directly referenced +mov eax, dword [ebp + 8] +cmp dword [ebp - 0xe0bc], 0 +mov byte [ebp - 0xe0a0], 1 +mov al, byte [eax + 0x2411] +sete dl +test byte [ebp - 0xe09c], dl +jne short loc_fffd1384 ; jne 0xfffd1384 +test al, al +mov edi, 1 +cmove edi, eax mov eax, edi -mov edx, 0xf -call fcn_fffa834b ; call 0xfffa834b -mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x48], eax +mov byte [ebp - 0xe0a0], al -loc_fffd30d4: ; not directly referenced -imul eax, esi, 0x13c3 -mov dword [ebp - 0x5c], eax -mov ebx, eax -mov al, byte [ebp - 0x3e] -test byte [edi + ebx + 0x381a], al -jne short loc_fffd30f5 ; jne 0xfffd30f5 -mov byte [ebp + esi - 0x2c], 0xff -jmp near loc_fffd31d4 ; jmp 0xfffd31d4 +loc_fffd1384: ; not directly referenced +lea eax, [ebp - 0xe062] +mov dword [ebp - 0xe09c], eax +movsx eax, byte [ebp - 0xe098] +mov dword [ebp - 0xe088], 0 +mov dword [ebp - 0xe0dc], eax -loc_fffd30f5: ; not directly referenced -cmp byte [ebp + esi - 0x2c], 0xff -je loc_fffd31d4 ; je 0xfffd31d4 -imul eax, esi, 0x54a -lea ebx, [ebp - 0x18] -mov byte [ebp - 0x3f], 0 -lea eax, [edi + eax + 0x196b] -mov dword [ebp - 0x58], eax -lea eax, [esi + esi*8] -add eax, ebx -mov dword [ebp - 0x4c], eax +loc_fffd13a7: ; not directly referenced +mov eax, dword [ebp - 0xe088] +mov ebx, 3 +mov ecx, eax +add ecx, eax +mov eax, dword [ebp + 8] +shl ebx, cl +test byte [eax + 0x248e], bl +jne short loc_fffd1435 ; jne 0xfffd1435 -loc_fffd311f: ; not directly referenced -mov al, byte [ebp - 0x3f] -cmp al, byte [edi + 0x2488] -jae loc_fffd31d4 ; jae 0xfffd31d4 -mov edx, dword [ebp - 0x5c] -mov cl, byte [ebp - 0x3f] -mov eax, dword [ebp - 0x58] -mov dword [ebp - 0x44], 1 -shl dword [ebp - 0x44], cl -cmp byte [edi + edx + 0x49ba], 0x20 -movzx ebx, cl -mov al, byte [eax + ebx + 0x4f6] -jne short loc_fffd3162 ; jne 0xfffd3162 -test al, 2 -je short loc_fffd3162 ; je 0xfffd3162 -mov al, byte [ebp - 0x44] -or byte [ebp + esi - 0x2c], al -jmp short loc_fffd31cc ; jmp 0xfffd31cc +loc_fffd13c3: ; not directly referenced +inc dword [ebp - 0xe088] +inc dword [ebp - 0xe09c] +cmp dword [ebp - 0xe088], 2 +jne short loc_fffd13a7 ; jne 0xfffd13a7 +movsx edi, word [ebp - 0xe07a] +xor ebx, ebx -loc_fffd3162: ; not directly referenced -mov ecx, ebx -mov edx, esi -mov eax, edi -call fcn_fffa7617 ; call 0xfffa7617 -mov edx, eax -mov eax, edi -call fcn_fffae52a ; call 0xfffae52a -mov cl, byte [ebp + esi - 0x2c] -test byte [ebp - 0x44], cl -jne short loc_fffd31cc ; jne 0xfffd31cc -cmp dword [ebp - 0x3c], 0 -movzx edx, al -jne short loc_fffd3191 ; jne 0xfffd3191 -mov eax, dword [ebp - 0x4c] -mov byte [ebx + eax - 0x12], dl -jmp short loc_fffd31cc ; jmp 0xfffd31cc +loc_fffd13e1: ; not directly referenced +mov eax, dword [ebp + 8] +xor esi, esi +movzx eax, byte [eax + 0x248f] +bt eax, ebx +jb loc_fffd166b ; jb 0xfffd166b -loc_fffd3191: ; not directly referenced -mov eax, dword [ebp - 0x4c] -mov dword [ebp - 0x6c], ecx -mov dword [ebp - 0x68], edx -mov al, byte [ebx + eax - 0x12] -mov byte [ebp - 0x51], al -mov eax, edx -call fcn_fffaeba2 ; call 0xfffaeba2 -mov edx, dword [ebp - 0x68] -mov ecx, dword [ebp - 0x6c] -cmp al, 4 -jne short loc_fffd31b7 ; jne 0xfffd31b7 -cmp byte [ebp - 0x51], dl -jne short loc_fffd31cc ; jne 0xfffd31cc +loc_fffd13f6: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffd13e1 ; jne 0xfffd13e1 -loc_fffd31b7: ; not directly referenced -mov eax, dword [ebp - 0x60] -mov edx, dword [ebp - 0x48] -or ecx, dword [ebp - 0x44] -add eax, ebx -mov bl, byte [ebp - 0x3d] -mov byte [ebp + esi - 0x2c], cl -mov byte [edx + eax], bl +loc_fffd13fc: ; not directly referenced +mov eax, dword [ebp + 8] +sub esp, 0xc +xor ecx, ecx +movzx edx, byte [eax + 0x248f] +push 0 +call fcn_fffccd2e ; call 0xfffccd2e +add esp, 0x10 +cmp dword [ebp - 0xe084], 0 +jne loc_fffd169a ; jne 0xfffd169a +sub esp, 0xc +push dword [ebp + 8] +call fcn_fffc054a ; call 0xfffc054a +add esp, 0x10 +jmp near loc_fffd169a ; jmp 0xfffd169a -loc_fffd31cc: ; not directly referenced -inc byte [ebp - 0x3f] -jmp near loc_fffd311f ; jmp 0xfffd311f +loc_fffd1435: ; not directly referenced +test byte [ebp - 0xe06d], bl +setne al +mov dl, al +or edx, 2 +test byte [ebp - 0xe06c], bl +cmovne eax, edx +xor esi, esi +and al, byte [ebp - 0xe0c1] +lea edx, [ebp - 0xd996] +mov edi, edx +movzx eax, al +mov dword [ebp - 0xe0a4], eax -loc_fffd31d4: ; not directly referenced +loc_fffd1465: ; not directly referenced +mov al, byte [ebp - 0xe0a0] +sub esp, 0xc +mov edx, dword [ebp - 0xe09c] +mov ecx, dword [ebp - 0xe0a4] +add eax, esi +test al, al +mov byte [edx], al +mov byte [edx + 2], al +sete al +mov edx, edi +and eax, dword [ebp - 0xe0bc] +add edi, 0x54e +push eax +push 0 +push 2 +lea eax, [ebp - 0xe069] +push eax +push dword [ebp - 0xe0dc] +lea eax, [ebp - 0xe062] +push eax +lea eax, [ebp - 0xe05a] +push eax +mov eax, dword [ebp + 8] +push 1 +push ebx +call fcn_fffc1b5f ; call 0xfffc1b5f +lea eax, [esi + 1] inc esi -add dword [ebp - 0x48], 0x24 -cmp esi, 2 -jne loc_fffd30d4 ; jne 0xfffd30d4 -inc dword [ebp - 0x3c] -cmp dword [ebp - 0x3c], 2 -jne loc_fffd301d ; jne 0xfffd301d -cmp byte [ebp - 0x2c], 0xff -jne short loc_fffd31fb ; jne 0xfffd31fb -cmp byte [ebp - 0x2b], 0xff -je short loc_fffd3225 ; je 0xfffd3225 +mov byte [ebp - 0xe0b8], al +mov al, byte [ebp - 0xe0a0] +add esp, 0x30 +add eax, esi +cmp al, 2 +jbe short loc_fffd1465 ; jbe 0xfffd1465 +movsx eax, byte [ebp - 0xe0b8] +mov cl, byte [ebp - 0xe088] +mov dword [ebp - 0xe098], 1 +shl dword [ebp - 0xe098], cl +movzx ebx, al +mov dword [ebp - 0xe080], 0 +mov dword [ebp - 0xe0c0], ebx +mov dword [ebp - 0xe0c8], eax -loc_fffd31fb: ; not directly referenced -mov al, byte [ebp - 0x53] -add byte [ebp - 0x3d], al -test al, al -jle short loc_fffd3210 ; jle 0xfffd3210 -mov al, byte [ebp - 0x52] -cmp byte [ebp - 0x3d], al -seta al -jmp short loc_fffd321a ; jmp 0xfffd321a +loc_fffd150e: ; not directly referenced +mov eax, dword [ebp - 0xe0a4] +mov ebx, dword [ebp - 0xe080] +bt eax, ebx +jae loc_fffd1653 ; jae 0xfffd1653 +mov al, byte [ebp - 0xd467] +xor edx, edx +mov byte [ebp - 0xe0d8], al -loc_fffd3210: ; not directly referenced -movsx eax, byte [ebp - 0x3d] -cmp eax, dword [ebp - 0x64] -setl al +loc_fffd1531: ; not directly referenced +movzx ecx, dl +imul ebx, ecx, 0x2a7 +add ecx, ecx +add ebx, dword [ebp - 0xe080] +lea eax, [ebp - 0xd996] +add ebx, ebx +add ebx, eax +lea eax, [ebp - 0xe03a] +add ecx, eax +xor eax, eax + +loc_fffd1556: ; not directly referenced +cmp byte [ebp - 0xe0d8], al +jbe short loc_fffd1570 ; jbe 0xfffd1570 +imul esi, eax, 0x52 +mov di, word [ebx + eax*4 + 0x53a] +inc eax +mov word [ecx + esi], di +jmp short loc_fffd1556 ; jmp 0xfffd1556 + +loc_fffd1570: ; not directly referenced +inc edx +cmp dl, byte [ebp - 0xe0b8] +jne short loc_fffd1531 ; jne 0xfffd1531 +movzx eax, byte [ebp - 0xd467] +sub esp, 0xc +push 8 +mov ecx, dword [ebp - 0xe098] +push 0 +mov edx, dword [ebp - 0xe080] +lea ebx, [ebp - 0xe051] +push eax +push ebx +lea eax, [ebp - 0xd466] +push eax +push dword [ebp - 0xe0c0] +lea esi, [ebp - 0xe03a] +lea eax, [ebp - 0xd996] +lea edi, [ebp - 0xd996] +push 0x29 +push esi +push eax +mov eax, dword [ebp + 8] +call fcn_fffb78c3 ; call 0xfffb78c3 +add esp, 0x2c +mov ecx, esi +push 0 +lea eax, [ebp - 0xe044] +push eax +mov eax, dword [ebp + 8] +push 1 +push 1 +push ebx +push dword [ebp - 0xe0c8] +lea edx, [ebp - 0xdea0] +push 0x29 +call fcn_fffa5cdb ; call 0xfffa5cdb +movsx si, byte [ebp - 0xde9e] +add esp, 0x18 +add esi, dword [ebp - 0xdea0] +mov edx, 1 +push 0 +push 1 +movsx esi, si +imul eax, esi, 0x54e +imul esi, esi, 0x2a7 +lea ebx, [edi + eax] +mov edi, dword [ebp - 0xe080] +mov eax, dword [ebp + 8] +mov ecx, edi +add esi, edi +shl edx, cl +mov ecx, ebx +call fcn_fffafe03 ; call 0xfffafe03 +add esi, esi +mov edx, edi +lea eax, [ebp - 0x18] +mov edi, dword [ebp - 0xe09c] +add esp, 0x10 +add esi, eax +mov eax, dword [ebp - 0xe088] +mov al, byte [eax + esi - 0xd97a] +mov byte [edi + edx*2], al + +loc_fffd1653: ; not directly referenced +inc dword [ebp - 0xe080] +cmp dword [ebp - 0xe080], 2 +jne loc_fffd150e ; jne 0xfffd150e +jmp near loc_fffd13c3 ; jmp 0xfffd13c3 -loc_fffd321a: ; not directly referenced +loc_fffd166b: ; not directly referenced +mov eax, esi movzx eax, al -test eax, eax -je loc_fffd2fe3 ; je 0xfffd2fe3 +cmp eax, dword [ebp - 0xe0e4] +jae loc_fffd13f6 ; jae 0xfffd13f6 +push 1 +movzx ecx, byte [ebp + ebx - 0xe06d] +mov edx, ebx +push edi +inc esi +push 4 +push eax +mov eax, dword [ebp + 8] +call fcn_fffa972b ; call 0xfffa972b +add esp, 0x10 +jmp short loc_fffd166b ; jmp 0xfffd166b + +loc_fffd169a: ; not directly referenced +push eax +mov edx, dword [ebp - 0xe0a8] +push eax +mov eax, dword [ebp + 8] +movzx ecx, byte [eax + 0x248f] +push 0 +push 0xf +push 0 +push 0 +push 0 +push 2 +call fcn_fffbea08 ; call 0xfffbea08 +add esp, 0x20 +cmp dword [ebp - 0xe084], 1 +jne short loc_fffd16d7 ; jne 0xfffd16d7 +sub esp, 0xc +push dword [ebp + 8] +call fcn_fffc054a ; call 0xfffc054a +add esp, 0x10 -loc_fffd3225: ; not directly referenced +loc_fffd16d7: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -68806,885 +66402,2939 @@ pop edi pop ebp ret -loc_fffd322d: -db 0x66 -db 0x90 -db 0x90 - -ref_fffd3230: -dd 0x00000801 -dd 0x01000402 - -ref_fffd3238: -dd 0x4000f001 -dd 0x02005a01 -dd 0x011800dc -dd 0x9004005a -dd 0xa0020801 -dd 0x01900500 -dd 0x00a00208 -dd 0xe000f010 -dd 0x11000001 -dd 0x01e000f0 -dd 0xc0200000 -dd 0x00018000 -dd 0x00c02100 -dd 0x00000180 -dd 0x2200be0b -dd 0x0c000001 -dd 0x01900118 -dd 0x080d008c -dd 0xbe028002 -dd 0x00000000 +fcn_fffd16df: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +push ebx +sub esp, 0x10c +mov eax, dword [ebp + 0x10] +mov byte [ebp - 0xfa], cl +mov cl, byte [ebp + 0xc] +mov ebx, dword [ebp + 8] +mov dword [ebp - 0xbc], edx +mov dword [ebp - 0xe4], eax +mov byte [ebp - 0xd4], cl +mov ecx, eax +mov byte [ebp - 0xeb], al +mov al, byte [ebp + 0x18] +mov byte [ebp - 0xec], bl +mov byte [ebp - 0xd3], al +mov eax, dword [edi + 0x2444] +mov dword [ebp - 0xf8], eax +mov al, cl +shr al, 4 +inc eax +mov byte [ebp - 0xf9], al +xor eax, eax +cmp cl, 0x21 +ja short loc_fffd1752 ; ja 0xfffd1752 +movzx eax, byte [ebp - 0xe4] +movzx eax, byte [eax + ref_fffd58e0] ; movzx eax, byte [eax - 0x2a720] -ref_fffd3288: -dd 0x4443524d -dd 0x90906600 +loc_fffd1752: ; not directly referenced +mov ecx, dword [ebp - 0xe4] +mov dword [ebp - 0xd8], 1 +cmp cl, 0x21 +sete dl +cmp cl, 0x11 +sete cl +or dl, cl +jne short loc_fffd1784 ; jne 0xfffd1784 +xor ecx, ecx +cmp byte [ebp - 0xe4], 5 +sete cl +mov dword [ebp - 0xd8], ecx -ref_fffd3290: -dd 0x05010400 -dd 0x07030602 -dd 0x00000008 +loc_fffd1784: ; not directly referenced +movzx ecx, byte [edi + 0x2489] +mov esi, 1 +shl esi, cl +dec esi +cmp byte [edi + 0x248c], 1 +mov word [ebp - 0xea], si +jne short loc_fffd1810 ; jne 0xfffd1810 +mov cl, byte [edi + 0x248d] +lea esi, [ecx + 4] +mov byte [ebp - 0x9a], cl +mov edx, esi +mov byte [ebp - 0x99], cl +add ecx, 2 +mov byte [ebp - 0x98], dl +mov byte [ebp - 0x97], cl -ref_fffd329c: -dd 0xff830000 -dd 0xffe1ffc2 -dd 0x007d00fa -dd 0x001f003e +loc_fffd17c9: ; not directly referenced +imul eax, eax, 0x240 +movzx ebx, bl +add eax, dword [ebp - 0xbc] +mov dword [ebp - 0xc4], 0 +mov byte [ebp - 0xd2], 0 +mov dword [ebp - 0xc8], eax +imul eax, ebx, 0x24 +mov dword [ebp - 0x110], eax +movzx eax, byte [ebp - 0xec] +mov dword [ebp - 0x118], eax +imul eax, eax, 0x12 +mov dword [ebp - 0xd0], eax +jmp short loc_fffd184b ; jmp 0xfffd184b -ref_fffd32ac: -dd 0x02030304 -dd 0x02030404 -dd 0x03030405 -dd 0x03040405 -dd 0x03040405 -dd 0x02030304 -dd 0x02030404 -dd 0x03030405 -dd 0x03040405 -dd 0x03030404 +loc_fffd1810: ; not directly referenced +mov byte [ebp - 0x9a], 1 +mov byte [ebp - 0x99], 1 +mov byte [ebp - 0x98], 1 +mov byte [ebp - 0x97], 1 +jmp short loc_fffd17c9 ; jmp 0xfffd17c9 -ref_fffd32d4: -dd 0x05060605 -dd 0x05060605 -dd 0x06060604 -dd 0x05060607 -dd 0x05060607 -dd 0x06060607 +loc_fffd182e: ; not directly referenced +inc ebx +cmp ebx, 2 +jne loc_fffd222a ; jne 0xfffd222a +inc dword [ebp - 0xc4] +cmp dword [ebp - 0xc4], 2 +je loc_fffd22b6 ; je 0xfffd22b6 -ref_fffd32ec: -dd loc_fffa6b75 -dd loc_fffa6ab2 -dd loc_fffa6ae7 -dd loc_fffa6b47 -dd loc_fffa6a85 -dd loc_fffa6b75 -dd loc_fffa6b75 - -ref_fffd3308: -dd loc_fffa83ff -dd loc_fffa840d -dd loc_fffa841d -dd loc_fffa850b -dd loc_fffa8432 -dd loc_fffa843d -dd loc_fffa844a -dd loc_fffa847b -dd loc_fffa8498 - -ref_fffd332c: -dd loc_fffa8691 -dd loc_fffa86c5 -dd loc_fffa8702 -dd loc_fffa86e1 -dd loc_fffa8691 -dd loc_fffa86c5 -dd loc_fffa86e1 -dd loc_fffa8636 - -ref_fffd334c: -dd 0x50f00050 -dd 0x0000f000 -dd 0x00000000 +loc_fffd184b: ; not directly referenced +mov ebx, dword [ebp - 0xf8] +lea eax, [ebp - 0xa2] +xor esi, esi +push ecx +push 0 +push 4 +push eax +mov eax, ebx +call dword [eax + 0x5c] ; ucall +add esp, 0xc +push 0 +push 4 +lea eax, [ebp - 0x9e] +push eax +mov eax, ebx +call dword [eax + 0x5c] ; ucall +lea eax, [ebp - 0x72] +add esp, 0x10 +mov dword [ebp - 0xbc], eax -ref_fffd3358: -dd 0x50f00050 -dd 0x0000f000 -dd 0x00000000 +loc_fffd1883: ; not directly referenced +movzx eax, byte [ebp - 0xfa] +bt eax, esi +mov dword [ebp - 0xe0], eax +jb short loc_fffd18b1 ; jb 0xfffd18b1 +mov ax, word [ebp - 0xea] +mov word [ebp + esi*2 - 0xa2], ax +mov word [ebp + esi*2 - 0x9e], ax +jmp near loc_fffd1a58 ; jmp 0xfffd1a58 -ref_fffd3364: -dd 0x3c3c3c3c -dd 0x283c283c -dd 0x283c283c -dd 0x3c3c3c3c -dd 0x283c283c -dd 0x283c283c +loc_fffd18b1: ; not directly referenced +mov eax, dword [ebp - 0xbc] +mov byte [ebp - 0xc0], 0 +mov byte [eax], 0x7f +mov eax, esi +shl eax, 0xa +add eax, 0x40f0 +mov dword [ebp - 0xf0], eax +lea eax, [esi + esi*8] +mov dword [ebp - 0xe8], eax -ref_fffd337c: -dd 0x3c3c3c3c -dd 0x1e3c1e3c -dd 0x1e3c1e3c -dd 0x3c3c3c3c -dd 0x1e3c1e3c -dd 0x1e3c1e3c +loc_fffd18da: ; not directly referenced +mov al, byte [ebp - 0xc0] +cmp al, byte [edi + 0x2489] +jae loc_fffd1a10 ; jae 0xfffd1a10 +movzx eax, byte [ebp - 0xc0] +lea ecx, [ebp - 0x18] +mov ebx, eax +mov dword [ebp - 0xcc], eax +lea eax, [esi + esi*8] +lea edx, [ecx + eax] +add eax, ebx +mov dword [ebp + eax*4 - 0x60], 0 +movzx eax, byte [ebp - 0xd3] +cmp byte [ebp - 0xeb], 1 +mov byte [ebx + edx - 0x7e], 0x7f +mov byte [ebp - 0xd1], al +jne short loc_fffd194b ; jne 0xfffd194b +push edx +movzx ecx, byte [ebp - 0xd4] +mov edx, esi +push eax +mov eax, edi +push dword [ebp - 0xc4] +push ebx +call fcn_fffb399f ; call 0xfffb399f +add esp, 0x10 +mov byte [ebp - 0xd1], al -ref_fffd3394: -dd 0x00780078 -dd 0x00000000 +loc_fffd194b: ; not directly referenced +lea eax, [esi + esi*8] +xor edx, edx +mov dword [ebp - 0xdc], eax +mov eax, dword [ebp - 0xd0] +mov ecx, 0xa +mov ebx, dword [ebp - 0xdc] +add ebx, eax +mov eax, dword [ebp - 0xc8] +add ebx, dword [ebp - 0xcc] +add ebx, ebx +add ebx, dword [ebp - 0xc4] +mov eax, dword [eax + ebx*4] +div ecx +movzx edx, byte [ebp - 0xd1] +cmp eax, edx +cmova eax, edx +mov edx, dword [ebp - 0xc8] +cmp dword [ebp - 0xd8], 1 +mov dword [edx + ebx*4], eax +jne short loc_fffd19c4 ; jne 0xfffd19c4 +mov ebx, dword [ebp - 0xbc] +movzx edx, byte [ebx] +cmp eax, edx +jae short loc_fffd19db ; jae 0xfffd19db +mov ebx, dword [ebp - 0xe8] +mov byte [ebp + ebx - 0x84], al +mov ebx, dword [ebp - 0xbc] +mov byte [ebx], al +jmp short loc_fffd19db ; jmp 0xfffd19db -ref_fffd339c: -dd 0x003c003c -dd 0x1e3c1e3c -dd 0x1e3c1e3c -dd 0x003c003c -dd 0x1e3c1e3c -dd 0x1e3c1e3c +loc_fffd19c4: ; not directly referenced +mov ecx, dword [ebp - 0xdc] +lea ebx, [ebp - 0x18] +add ecx, ebx +add ecx, dword [ebp - 0xcc] +mov byte [ecx - 0x6c], al +mov byte [ecx - 0x5a], al -ref_fffd33b4: -dd 0x28002800 -dd 0x1e3c1e3c -dd 0x1e3c1e3c -dd 0x28002800 -dd 0x1e3c1e3c -dd 0x1e3c1e3c +loc_fffd19db: ; not directly referenced +movzx eax, byte [ebp - 0xc0] +mov ebx, dword [ebp + 0x14] +movzx ecx, byte [ebx + eax] +mov eax, dword [ebp - 0xf0] +mov ebx, dword [ebp - 0xcc] +and ecx, 0x7f +or ch, 1 +lea edx, [eax + ebx*4] +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +inc byte [ebp - 0xc0] +jmp near loc_fffd18da ; jmp 0xfffd18da -ref_fffd33cc: -dd 0x00780078 -dd 0x00000000 +loc_fffd1a10: ; not directly referenced +cmp dword [ebp - 0xd8], 1 +jne short loc_fffd1a58 ; jne 0xfffd1a58 +lea edx, [esi + esi*8] +xor eax, eax +add edx, dword [ebp - 0xd0] +mov dword [ebp - 0xc0], edx -ref_fffd33d4: -dd fcn_fffc3686 -dd fcn_fffc3621 -dd fcn_fffc34c9 -dd fcn_fffc33fa -dd fcn_fffc343a -dd fcn_fffc337c -dd fcn_fffc35b2 -dd fcn_fffc3506 -dd fcn_fffc3343 -dd fcn_fffc32fa -dd fcn_fffc323f -dd fcn_fffc31bb -dd fcn_fffac83c - -ref_fffd3408: -dd fcn_fffc2f86 -dd fcn_fffaeda5 -dd fcn_fffa7852 -dd fcn_fffc2cf5 -dd fcn_fffc2912 -dd fcn_fffc2693 -dd fcn_fffc247a -dd fcn_fffae2eb -dd fcn_fffae11e -dd fcn_fffadc1a -dd fcn_fffada63 -dd fcn_fffc2b14 -dd fcn_fffad8ba -dd fcn_fffad37a -dd fcn_fffad193 -dd fcn_fffacfea -dd fcn_fffadfa3 -dd fcn_fffade28 -dd fcn_fffad70d -dd fcn_fffad560 -dd fcn_ffface9c -dd fcn_fffacd4e -dd fcn_fffacb8e -dd fcn_fffac879 - -ref_fffd3468: -dd 0x00000000 -dd 0x00010105 -dd 0x01050100 +loc_fffd1a2a: ; not directly referenced +cmp al, byte [edi + 0x2489] +jae short loc_fffd1a58 ; jae 0xfffd1a58 +mov ebx, dword [ebp - 0xbc] +movzx ecx, al +inc eax +add ecx, dword [ebp - 0xc0] +mov edx, dword [ebp - 0xc8] +movzx ebx, byte [ebx] +add ecx, ecx +add ecx, dword [ebp - 0xc4] +mov dword [edx + ecx*4], ebx +jmp short loc_fffd1a2a ; jmp 0xfffd1a2a -ref_fffd3474: -dd 0x00000000 -dd 0x04000101 -dd 0x01050000 +loc_fffd1a58: ; not directly referenced +inc esi +add dword [ebp - 0xbc], 9 +cmp esi, 2 +jne loc_fffd1883 ; jne 0xfffd1883 +mov eax, dword [ebp - 0xc4] +lea esi, [eax + eax - 1] +mov dword [ebp - 0x114], esi +mov esi, dword [ebp - 0xc8] +add eax, dword [ebp - 0x110] +lea eax, [esi + eax*4] +mov dword [ebp - 0xf0], eax -ref_fffd3480: -dd 0x01000001 -dd 0x04010101 -dd 0x01050100 +loc_fffd1a8e: ; not directly referenced +mov ecx, 4 +mov edx, 0x4800 +mov eax, edi +xor esi, esi +call fcn_fffb3381 ; call 0xfffb3381 -ref_fffd348c: -dd 0x00000000 -dd 0x04000103 -dd 0x01070000 +loc_fffd1aa1: ; not directly referenced +movzx eax, byte [ebp - 0xf9] +cmp esi, eax +jae loc_fffd1b75 ; jae 0xfffd1b75 +xor ebx, ebx -ref_fffd3498: -dd 0x00000000 -dd 0x04000003 -dd 0x00070000 +loc_fffd1ab2: ; not directly referenced +mov eax, dword [ebp - 0xe0] +bt eax, ebx +jb short loc_fffd1aef ; jb 0xfffd1aef -ref_fffd34a4: -dd 0x00010000 -dd 0x04000103 -dd 0x01070001 +loc_fffd1abd: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffd1ab2 ; jne 0xfffd1ab2 +xor eax, eax +mov edx, dword [ebp - 0xe0] +test esi, esi +push ecx +movzx ecx, byte [edi + 0x248c] +sete al +push 0 +inc esi +push eax +lea eax, [ebp - 0x9a] +push eax +mov eax, edi +call fcn_fffaa5b3 ; call 0xfffaa5b3 +add esp, 0x10 +jmp short loc_fffd1aa1 ; jmp 0xfffd1aa1 -ref_fffd34b0: -dd 0xffffffff +loc_fffd1aef: ; not directly referenced +mov eax, dword [ebp - 0xe0] +lea ecx, [ebx + 1] +xor edx, edx +sar eax, cl +mov dword [ebp - 0xbc], eax -ref_fffd34b4: -dd 0x7fffffff +loc_fffd1b02: ; not directly referenced +cmp dl, byte [edi + 0x2489] +jae short loc_fffd1abd ; jae 0xfffd1abd +push 1 +movzx eax, dl +push dword [ebp - 0xbc] +lea ecx, [ebx + ebx*8] +add ecx, dword [ebp - 0xd0] +mov dword [ebp - 0xc0], edx +mov edx, dword [ebp - 0xc8] +push 0 +push 0 +push eax +add eax, ecx +mov ecx, dword [ebp - 0x114] +push dword [ebp - 0x118] +add eax, eax +add eax, dword [ebp - 0xc4] +push ebx +push 0 +push esi +imul ecx, dword [edx + eax*4] +movzx eax, byte [ebp - 0xeb] +push ecx +push eax +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov edx, dword [ebp - 0xc0] +cmp dword [ebp - 0xd8], 0 +jne loc_fffd1abd ; jne 0xfffd1abd +inc edx +jmp short loc_fffd1b02 ; jmp 0xfffd1b02 -ref_fffd34b8: -dd 0x2625a000 -dd 0x00032000 -dd 0x84800300 -dd 0x03e8001e -dd 0x38020000 -dd 0x2b001c9c -dd 0x01000004 -dd 0x00196e6a -dd 0x000004b0 -dd 0x16e36002 -dd 0x00053500 -dd 0xcc5b0100 -dd 0x05780015 -dd 0xd0020000 -dd 0x40001312 -dd 0x03000006 -dd 0x0010f447 -dd 0x00000708 -dd 0x10594402 -dd 0x00074b00 -dd 0x42400100 -dd 0x07d0000f -dd 0x10020000 -dd 0x55000e50 -dd 0x01000008 -dd 0x000ddf22 -dd 0x00000898 -dd 0x0cb73502 -dd 0x00096000 -dd 0xbcce0300 -dd 0x0a28000b -dd 0xb0020000 -dd 0x6b000b71 -dd 0x0100000a -dd 0x000ae62d -dd 0x00000af0 -dd 0x0a675a02 -dd 0x000b7500 -dd 0x2c2a0100 -dd 0x0bb8000a -dd 0x68020000 -dd 0x80000989 -dd 0x0300000c -dd 0x00000000 -dd 0x00000000 -dd 0x90906600 +loc_fffd1b75: ; not directly referenced +xor esi, esi -ref_fffd3570: -dd 0x86186186 -dd 0x18618618 -dd 0x30c30c30 -dd 0xa28a28a2 -dd 0x8a28a28a -dd 0x14514514 -dd 0x28a28a28 -dd 0x92492492 -dd 0x24924924 +loc_fffd1b77: ; not directly referenced +mov eax, dword [ebp - 0xe0] +bt eax, esi +jae loc_fffd21d1 ; jae 0xfffd21d1 +mov eax, esi +shl eax, 0xa +add eax, 0x4114 +mov dword [ebp - 0x10c], eax +mov byte [ebp - 0xe8], 0 -ref_fffd3594: -dd 0x00a10ca1 -dd 0x00ef0d08 -dd 0x00ad0a1e +loc_fffd1b9d: ; not directly referenced +mov al, byte [ebp - 0xe8] +cmp al, byte [edi + 0x2489] +jae loc_fffd210a ; jae 0xfffd210a +mov cl, byte [ebp - 0xe8] +movzx eax, cl +mov dword [ebp - 0xbc], eax +mov eax, 1 +shl eax, cl +mov ebx, eax +mov dword [ebp - 0xc0], eax +mov ax, word [ebp + esi*2 - 0x9e] +and ax, word [ebp + esi*2 - 0xa2] +test bx, ax +jne loc_fffd20ff ; jne 0xfffd20ff +xor eax, eax +mov bl, cl +mov edx, dword [ebp - 0x10c] +cmp dword [ebp - 0xd8], 1 +cmovne eax, ebx +mov ebx, dword [ebp - 0xbc] +mov byte [ebp - 0xd2], al +mov eax, edi +lea edx, [edx + ebx*4] +call fcn_fffb331f ; call 0xfffb331f +mov edx, dword [ebp - 0xd0] +lea ebx, [esi + esi*8] +mov ecx, dword [ebp - 0xbc] +add edx, ebx +add edx, ecx +mov dword [ebp - 0xdc], eax +mov eax, dword [ebp - 0xc8] +add edx, edx +add edx, dword [ebp - 0xc4] +mov edx, dword [eax + edx*4] +lea eax, [ebp - 0x18] +add eax, ebx +add ecx, eax +mov dword [ebp - 0xf4], eax +mov al, byte [ecx - 0x7e] +mov dword [ebp - 0xcc], edx +mov byte [ebp - 0x100], al +sub edx, eax +mov eax, dword [ebp - 0xdc] +mov byte [ebp - 0xd1], dl +mov edx, dword [ebp - 0xf4] +and eax, 0x7fffff +mov dword [ebp - 0xdc], eax +movzx eax, byte [ebp - 0xd2] +jne loc_fffd1dae ; jne 0xfffd1dae +add edx, eax +mov al, byte [ebp - 0xcc] +cmp al, byte [edx - 0x6c] +jne loc_fffd1d40 ; jne 0xfffd1d40 +cmp byte [ebp - 0xd1], 0 +jns short loc_fffd1cd4 ; jns 0xfffd1cd4 +cmp byte [edx - 0x5a], al +jne short loc_fffd1cbe ; jne 0xfffd1cbe -ref_fffd35a0: -dd 0x00010000 -dd 0x02000201 -dd 0x00030900 -dd 0x7801001f -dd 0x01007d00 -dd 0x01480140 -dd 0x5c014909 -dd 0x00200101 -dd 0x7e010077 -dd 0x0100ff00 -dd 0x017f015d -dd 0x83018001 -dd 0x01840101 -dd 0x89010188 -dd 0x0101a701 -dd 0x01ca01ac -dd 0x00000001 +loc_fffd1ca1: ; not directly referenced +lea ebx, [ebp - 0x18] +mov ecx, dword [ebp - 0xbc] +lea eax, [esi + esi*8] +add eax, ebx +mov bl, byte [ebp - 0xcc] +mov byte [ecx + eax - 0x7e], bl +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -ref_fffd35e4: -dd 0x00010000 -dd 0x02000201 -dd 0x00030900 -dd 0x3c010029 -dd 0x01003f00 -dd 0x007f0075 -dd 0x91008009 -dd 0x00270100 -dd 0x4001003b -dd 0x01007d00 -dd 0x00b300b0 -dd 0xb800b401 -dd 0x00b90100 -dd 0xdc0100d7 -dd 0x0100fa00 +loc_fffd1cbe: ; not directly referenced +mov dword [ebp - 0xa8], 1 -ref_fffd3620: -dd 0x20445053 -dd 0x90906600 +loc_fffd1cc8: ; not directly referenced +mov eax, dword [ebp - 0xa8] +test eax, eax +jne short loc_fffd1cc8 ; jne 0xfffd1cc8 +jmp short loc_fffd1ca1 ; jmp 0xfffd1ca1 -ref_fffd3628: -dd 0x02010000 -dd 0x06050403 -dd 0x08080707 -dd 0x0a090909 -dd 0x00000a0a +loc_fffd1cd4: ; not directly referenced +cmp byte [ebp - 0xd1], 1 +jne short loc_fffd1d0c ; jne 0xfffd1d0c +add ebx, dword [ebp - 0xbc] +mov eax, dword [ebp + ebx*4 - 0x60] +shr eax, 8 +xor ah, ah +mov dword [ebp + ebx*4 - 0x60], eax +mov al, byte [ebp - 0xcc] +mov byte [ecx - 0x7e], al +mov eax, dword [ebp - 0xc0] +or word [ebp + esi*2 - 0xa2], ax +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 -ref_fffd363c: -dd 0x003c0000 -dd 0x48004806 -dd 0x004c0600 -dd 0x5002004c -dd 0x04005000 -dd 0x00540054 -dd 0x58005806 -dd 0x005c0400 -dd 0x6006005c -dd 0x06006000 -dd 0x00640064 -dd 0x60006002 -dd 0x00640700 -dd 0x68030064 -dd 0x06006800 -dd 0x0070006c -dd 0x78007407 -dd 0x00740600 -dd 0x7c070074 -dd 0x04008c00 -dd 0x00800080 -dd 0x3c010005 -dd 0x01480601 -dd 0x4c060148 -dd 0x02014c01 -dd 0x01500150 -dd 0x54015404 -dd 0x01580601 -dd 0x5c040158 -dd 0x06015c01 -dd 0x01600160 -dd 0x64016406 -dd 0x01600201 -dd 0x64070160 -dd 0x03016401 -dd 0x01680168 -dd 0x70016c06 -dd 0x01740701 -dd 0x74060178 -dd 0x07017401 -dd 0x018c017c -dd 0x80018004 -dd 0x02000501 -dd 0x4806023c -dd 0x06024802 -dd 0x024c024c -dd 0x50025002 -dd 0x02540402 -dd 0x58060254 -dd 0x04025802 -dd 0x025c025c -dd 0x60026006 -dd 0x02640602 -dd 0x60020264 -dd 0x07026002 -dd 0x02640264 -dd 0x68026803 -dd 0x026c0602 -dd 0x74070270 -dd 0x06027802 -dd 0x02740274 -dd 0x8c027c07 -dd 0x02800402 -dd 0x00050280 -dd 0x06033c03 -dd 0x03480348 -dd 0x4c034c06 -dd 0x03500203 -dd 0x54040350 -dd 0x06035403 -dd 0x03580358 -dd 0x5c035c04 -dd 0x03600603 -dd 0x64060360 -dd 0x02036403 -dd 0x03600360 -dd 0x64036407 -dd 0x03680303 -dd 0x6c060368 -dd 0x07037003 -dd 0x03780374 -dd 0x74037406 -dd 0x037c0703 -dd 0x8004038c -dd 0x05038003 -dd 0x043c0400 -dd 0x48044806 -dd 0x044c0604 -dd 0x5002044c -dd 0x04045004 -dd 0x04540454 -dd 0x58045806 -dd 0x045c0404 -dd 0x6006045c -dd 0x06046004 -dd 0x04640464 -dd 0x60046002 -dd 0x04640704 -dd 0x68030464 -dd 0x06046804 -dd 0x0470046c -dd 0x78047407 -dd 0x04740604 -dd 0x7c070474 -dd 0x04048c04 -dd 0x04800480 -dd 0x3c050005 -dd 0x05480605 -dd 0x4c060548 -dd 0x02054c05 -dd 0x05500550 -dd 0x54055404 -dd 0x05580605 -dd 0x5c040558 -dd 0x06055c05 -dd 0x05600560 -dd 0x64056406 -dd 0x05600205 -dd 0x64070560 -dd 0x03056405 -dd 0x05680568 -dd 0x70056c06 -dd 0x05740705 -dd 0x74060578 -dd 0x07057405 -dd 0x058c057c -dd 0x80058004 -dd 0x06000505 -dd 0x4806063c -dd 0x06064806 -dd 0x064c064c -dd 0x50065002 -dd 0x06540406 -dd 0x58060654 -dd 0x04065806 -dd 0x065c065c -dd 0x60066006 -dd 0x06640606 -dd 0x60020664 -dd 0x07066006 -dd 0x06640664 -dd 0x68066803 -dd 0x066c0606 -dd 0x74070670 -dd 0x06067806 -dd 0x06740674 -dd 0x8c067c07 -dd 0x06800406 -dd 0x00050680 -dd 0x06073c07 -dd 0x07480748 -dd 0x4c074c06 -dd 0x07500207 -dd 0x54040750 -dd 0x06075407 -dd 0x07580758 -dd 0x5c075c04 -dd 0x07600607 -dd 0x64060760 -dd 0x02076407 -dd 0x07600760 -dd 0x64076407 -dd 0x07680307 -dd 0x6c060768 -dd 0x07077007 -dd 0x07780774 -dd 0x74077406 -dd 0x077c0707 -dd 0x8004078c -dd 0x05078007 -dd 0x083c0800 -dd 0x48084806 -dd 0x084c0608 -dd 0x5002084c -dd 0x04085008 -dd 0x08540854 -dd 0x58085806 -dd 0x085c0408 -dd 0x6006085c -dd 0x06086008 -dd 0x08640864 -dd 0x60086002 -dd 0x08640708 -dd 0x68030864 -dd 0x06086808 -dd 0x0870086c -dd 0x78087407 -dd 0x08740608 -dd 0x7c070874 -dd 0x04088c08 -dd 0x08800880 -dd 0x3c090005 -dd 0x09480609 -dd 0x4c060948 -dd 0x02094c09 -dd 0x09500950 -dd 0x54095404 -dd 0x09580609 -dd 0x5c040958 -dd 0x06095c09 -dd 0x09600960 -dd 0x64096406 -dd 0x09600209 -dd 0x64070960 -dd 0x03096409 -dd 0x09680968 -dd 0x70096c06 -dd 0x09740709 -dd 0x74060978 -dd 0x07097409 -dd 0x098c097c -dd 0x80098004 -dd 0x0a000509 -dd 0x48060a3c -dd 0x060a480a -dd 0x0a4c0a4c -dd 0x500a5002 -dd 0x0a54040a -dd 0x58060a54 -dd 0x040a580a -dd 0x0a5c0a5c -dd 0x600a6006 -dd 0x0a64060a -dd 0x60020a64 -dd 0x070a600a -dd 0x0a640a64 -dd 0x680a6803 -dd 0x0a6c060a -dd 0x74070a70 -dd 0x060a780a -dd 0x0a740a74 -dd 0x8c0a7c07 -dd 0x0a80040a -dd 0x00050a80 -dd 0x060b3c0b -dd 0x0b480b48 -dd 0x4c0b4c06 -dd 0x0b50020b -dd 0x54040b50 -dd 0x060b540b -dd 0x0b580b58 -dd 0x5c0b5c04 -dd 0x0b60060b -dd 0x64060b60 -dd 0x020b640b -dd 0x0b600b60 -dd 0x640b6407 -dd 0x0b68030b -dd 0x6c060b68 -dd 0x070b700b -dd 0x0b780b74 -dd 0x740b7406 -dd 0x0b7c070b -dd 0x80040b8c -dd 0x050b800b -dd 0x0c3c0c00 -dd 0x480c4806 -dd 0x0c4c060c -dd 0x50020c4c -dd 0x040c500c -dd 0x0c540c54 -dd 0x580c5806 -dd 0x0c5c040c -dd 0x60060c5c -dd 0x060c600c -dd 0x0c640c64 -dd 0x600c6002 -dd 0x0c64070c -dd 0x68030c64 -dd 0x060c680c -dd 0x0c700c6c -dd 0x780c7407 -dd 0x0c74060c -dd 0x7c070c74 -dd 0x040c8c0c -dd 0x0c800c80 -dd 0x3c0d0005 -dd 0x0d48060d -dd 0x4c060d48 -dd 0x020d4c0d -dd 0x0d500d50 -dd 0x540d5404 -dd 0x0d58060d -dd 0x5c040d58 -dd 0x060d5c0d -dd 0x0d600d60 -dd 0x640d6406 -dd 0x0d60020d -dd 0x64070d60 -dd 0x030d640d -dd 0x0d680d68 -dd 0x700d6c06 -dd 0x0d74070d -dd 0x74060d78 -dd 0x070d740d -dd 0x0d8c0d7c -dd 0x800d8004 -dd 0x0e00050d -dd 0x48060e3c -dd 0x060e480e -dd 0x0e4c0e4c -dd 0x500e5002 -dd 0x0e54040e -dd 0x58060e54 -dd 0x040e580e -dd 0x0e5c0e5c -dd 0x600e6006 -dd 0x0e64060e -dd 0x60020e64 -dd 0x070e600e -dd 0x0e640e64 -dd 0x680e6803 -dd 0x0e6c060e -dd 0x74070e70 -dd 0x060e780e -dd 0x0e740e74 -dd 0x8c0e7c07 -dd 0x0e80040e -dd 0x00050e80 -dd 0x060f3c0f -dd 0x0f480f48 -dd 0x4c0f4c06 -dd 0x0f50020f -dd 0x54040f50 -dd 0x060f540f -dd 0x0f580f58 -dd 0x5c0f5c04 -dd 0x0f60060f -dd 0x64060f60 -dd 0x020f640f -dd 0x0f600f60 -dd 0x640f6407 -dd 0x0f68030f -dd 0x6c060f68 -dd 0x070f700f -dd 0x0f780f74 -dd 0x740f7406 -dd 0x0f7c070f -dd 0x80040f8c -dd 0x050f800f -dd 0x0f840f84 -dd 0x3c100005 -dd 0x10480610 -dd 0x4c061048 -dd 0x02104c10 -dd 0x10501050 -dd 0x54105404 -dd 0x10580610 -dd 0x5c041058 -dd 0x06105c10 -dd 0x10601060 -dd 0x64106406 -dd 0x10600210 -dd 0x64071060 -dd 0x03106410 -dd 0x10681068 -dd 0x70106c06 -dd 0x10740710 -dd 0x74061078 -dd 0x07107410 -dd 0x108c107c -dd 0x80108004 -dd 0x11000510 -dd 0x4806113c -dd 0x06114811 -dd 0x114c114c -dd 0x50115002 -dd 0x11540411 -dd 0x58061154 -dd 0x04115811 -dd 0x115c115c -dd 0x60116006 -dd 0x11640611 -dd 0x60021164 -dd 0x07116011 -dd 0x11641164 -dd 0x68116803 -dd 0x116c0611 -dd 0x74071170 -dd 0x06117811 -dd 0x11741174 -dd 0x8c117c07 -dd 0x11800411 -dd 0x04051180 -dd 0x06120812 -dd 0x121c1214 -dd 0x20122006 -dd 0x13040412 -dd 0x14061308 -dd 0x06131c13 -dd 0x13201320 -dd 0x0c140404 -dd 0x15040614 -dd 0x0006150c -dd 0x04180018 -dd 0x18101808 -dd 0x18181806 -dd 0x18200418 -dd 0x00041820 -dd 0x04190019 -dd 0x19101908 -dd 0x18191806 -dd 0x19200419 -dd 0x04041920 -dd 0x061a0c1a -dd 0x1b0c1b04 -dd 0x1c1c1406 -dd 0x1c20061c -dd 0x14041c20 -dd 0x061d1c1d -dd 0x1d201d20 -dd 0x04200004 -dd 0x20080720 -dd 0xb8062008 -dd 0x022bb82b -dd 0x36783678 -dd 0x283a0004 -dd 0x3a2c063a -dd 0x30043a2c -dd 0x043a343a -dd 0x40044000 -dd 0x04400406 -dd 0x40080740 -dd 0x1006400c -dd 0x07401440 -dd 0x40184018 -dd 0x20402005 -dd 0x40240740 -dd 0x2c064028 -dd 0x04403840 -dd 0x40ac40a4 -dd 0xcc40b404 -dd 0x40d00440 -dd 0xd40640d0 -dd 0x0440d440 -dd 0x42104210 -dd 0x24422004 -dd 0x42280642 -dd 0x8c044244 -dd 0x04429042 -dd 0x42944294 -dd 0x98429806 -dd 0x429c0442 -dd 0xa006429c -dd 0x0742a042 -dd 0x42ac42a4 -dd 0xe842e405 -dd 0x42ec0542 -dd 0x280742fc -dd 0x07432843 -dd 0x43744340 -dd 0x90438c05 -dd 0x44000643 -dd 0x04064404 -dd 0x07440444 -dd 0x440c4408 -dd 0x14441006 -dd 0x44180744 -dd 0x20054418 -dd 0x07442044 -dd 0x44284424 -dd 0x38442c06 -dd 0x44a40444 -dd 0xb40444ac -dd 0x0444cc44 -dd 0x44d044d0 -dd 0xd444d406 -dd 0x46100444 -dd 0x20044610 -dd 0x06462446 -dd 0x46444628 -dd 0x90468c04 -dd 0x46940446 -dd 0x98064694 -dd 0x04469846 -dd 0x469c469c -dd 0xa046a006 -dd 0x46a40746 -dd 0xe40546ac -dd 0x0546e846 -dd 0x46fc46ec -dd 0x28472807 -dd 0x47400747 -dd 0x8c054774 -dd 0x06479047 -dd 0x48c048a8 -dd 0xf448d802 -dd 0x49080248 -dd 0x6802491c -dd 0x04496849 -dd 0x498c4980 -dd 0x444e3802 -dd 0x5000024e -dd 0x04065000 -dd 0x07500850 -dd 0x5018500c -dd 0x1c501c06 -dd 0x50200750 -dd 0x38065034 -dd 0x02503c50 -dd 0x50585040 -dd 0x5c505c06 -dd 0x50600250 -dd 0x64075060 -dd 0x02507c50 -dd 0x50845080 -dd 0x8c508806 -dd 0x50900250 -dd 0x98065094 -dd 0x02509c50 -dd 0x50a450a0 -dd 0xac50a806 -dd 0x50b00250 -dd 0xd00650cc -dd 0x0250dc50 -dd 0x58805880 -dd 0x88588407 -dd 0x588c0758 -dd 0x9005588c -dd 0x07589c58 -dd 0x58a458a4 -dd 0xdc58d006 -dd 0x58e00758 -dd 0xb80758e4 -dd 0x0759b859 +loc_fffd1d0c: ; not directly referenced +cmp byte [ebp - 0xd1], 2 +jne short loc_fffd1d27 ; jne 0xfffd1d27 +xor eax, eax +call fcn_fffb392f ; call 0xfffb392f +add ebx, dword [ebp - 0xbc] +jmp near loc_fffd1e2d ; jmp 0xfffd1e2d + +loc_fffd1d27: ; not directly referenced +mov dword [ebp - 0xac], 1 + +loc_fffd1d31: ; not directly referenced +mov eax, dword [ebp - 0xac] +test eax, eax +jne short loc_fffd1d31 ; jne 0xfffd1d31 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 + +loc_fffd1d40: ; not directly referenced +mov al, byte [ebp - 0xcc] +cmp al, byte [edx - 0x5a] +jne loc_fffd1f83 ; jne 0xfffd1f83 +mov ax, word [ebp + esi*2 - 0xa2] +test word [ebp - 0xc0], ax +jne loc_fffd20ff ; jne 0xfffd20ff +cmp byte [ebp - 0xd1], 0xff +jne short loc_fffd1d8e ; jne 0xfffd1d8e +add ebx, dword [ebp - 0xbc] +or eax, dword [ebp - 0xc0] +and dword [ebp + ebx*4 - 0x60], 0xffffff00 +mov word [ebp + esi*2 - 0xa2], ax +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 + +loc_fffd1d8e: ; not directly referenced +mov edx, dword [ebp - 0xc0] +mov bl, byte [ebp - 0xcc] +not edx +and edx, eax +mov byte [ecx - 0x7e], bl +mov word [ebp + esi*2 - 0xa2], dx +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 + +loc_fffd1dae: ; not directly referenced +add edx, eax +mov al, byte [edx - 0x6c] +mov byte [ebp - 0xf4], al +cmp byte [ebp - 0xcc], al +jne loc_fffd1e53 ; jne 0xfffd1e53 +cmp byte [ebp - 0xd1], 2 +jle short loc_fffd1de7 ; jle 0xfffd1de7 +mov dword [ebp - 0xb0], 1 + +loc_fffd1dd8: ; not directly referenced +mov eax, dword [ebp - 0xb0] +test eax, eax +jne short loc_fffd1dd8 ; jne 0xfffd1dd8 +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 + +loc_fffd1de7: ; not directly referenced +mov eax, dword [ebp - 0xbc] +lea ebx, [ebx + eax] +mov eax, dword [ebp - 0xdc] +je short loc_fffd1e28 ; je 0xfffd1e28 +call fcn_fffb392f ; call 0xfffb392f +mov edx, dword [ebp + ebx*4 - 0x60] +and edx, 0xff00ffff +movzx eax, al +shl eax, 0x10 +or eax, edx +mov dword [ebp + ebx*4 - 0x60], eax +mov eax, dword [ebp - 0xc0] +not eax +and word [ebp + esi*2 - 0x9e], ax +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 + +loc_fffd1e28: ; not directly referenced +call fcn_fffb392f ; call 0xfffb392f + +loc_fffd1e2d: ; not directly referenced +mov edx, dword [ebp + ebx*4 - 0x60] +shl eax, 0x18 +and edx, 0xffffff +or eax, edx +mov dword [ebp + ebx*4 - 0x60], eax +mov eax, dword [ebp - 0xc0] +or word [ebp + esi*2 - 0x9e], ax +jmp near loc_fffd1f97 ; jmp 0xfffd1f97 + +loc_fffd1e53: ; not directly referenced +mov al, byte [ebp - 0xcc] +cmp al, byte [edx - 0x5a] +jne loc_fffd1f83 ; jne 0xfffd1f83 +cmp byte [ebp - 0x100], 0xff +je loc_fffd1f19 ; je 0xfffd1f19 +cmp byte [ebp - 0xd1], 0 +jg loc_fffd1f19 ; jg 0xfffd1f19 +movsx eax, byte [ebp - 0xd1] +mov dword [ebp - 0x100], eax +mov eax, dword [ebp - 0xdc] +call fcn_fffb392f ; call 0xfffb392f +mov edx, 1 +add ebx, dword [ebp - 0xbc] +mov ebx, dword [ebp + ebx*4 - 0x60] +mov dword [ebp - 0x104], eax +mov eax, dword [ebp - 0x100] +mov dword [ebp - 0x108], ebx +xor ebx, ebx +sub edx, eax +shl edx, 3 +lea ecx, [edx + 0x1f] +cmp cl, 0x3e +ja short loc_fffd1ef5 ; ja 0xfffd1ef5 +mov cl, al +movzx ebx, byte [ebp - 0x104] +mov eax, 0xff +lea ecx, [ecx*8 + 8] +shl eax, cl +not eax +and eax, dword [ebp - 0x108] +shl ebx, cl +mov cl, dl +or ebx, eax +test dl, dl +jle short loc_fffd1ef1 ; jle 0xfffd1ef1 +shl ebx, cl +jmp short loc_fffd1ef5 ; jmp 0xfffd1ef5 + +loc_fffd1ef1: ; not directly referenced +neg ecx +shr ebx, cl + +loc_fffd1ef5: ; not directly referenced +mov ecx, dword [ebp - 0xbc] +lea eax, [esi + esi*8] +lea edx, [eax + ecx] +mov dword [ebp + edx*4 - 0x60], ebx +lea ebx, [ebp - 0x18] +add eax, ebx +mov bl, byte [ebp - 0xcc] +lea edx, [ebx - 1] +mov byte [ecx + eax - 0x7e], dl +jmp short loc_fffd1f4c ; jmp 0xfffd1f4c + +loc_fffd1f19: ; not directly referenced +mov ebx, dword [ebp - 0xbc] +lea eax, [esi + esi*8] +lea edx, [eax + ebx] +mov eax, dword [ebp - 0xdc] +mov ebx, dword [ebp + edx*4 - 0x60] +mov dword [ebp - 0x100], edx +call fcn_fffb392f ; call 0xfffb392f +mov edx, dword [ebp - 0x100] +movzx ebx, bx +shl eax, 0x10 +or eax, ebx +mov dword [ebp + edx*4 - 0x60], eax + +loc_fffd1f4c: ; not directly referenced +mov al, byte [ebp - 0xf4] +cmp byte [ebp - 0xcc], al +jae short loc_fffd1f68 ; jae 0xfffd1f68 +mov eax, dword [ebp - 0xc0] +or word [ebp + esi*2 - 0x9e], ax + +loc_fffd1f68: ; not directly referenced +cmp byte [ebp - 0xd1], 0 +jg short loc_fffd1f97 ; jg 0xfffd1f97 +mov eax, dword [ebp - 0xc0] +not eax +and word [ebp + esi*2 - 0xa2], ax +jmp short loc_fffd1f97 ; jmp 0xfffd1f97 + +loc_fffd1f83: ; not directly referenced +mov dword [ebp - 0xb4], 1 + +loc_fffd1f8d: ; not directly referenced +mov eax, dword [ebp - 0xb4] +test eax, eax +jne short loc_fffd1f8d ; jne 0xfffd1f8d + +loc_fffd1f97: ; not directly referenced +cmp byte [ebp - 0xeb], 1 +movzx eax, byte [ebp - 0xd3] +jne short loc_fffd1fc8 ; jne 0xfffd1fc8 +push edx +movzx ecx, byte [ebp - 0xd4] +mov edx, esi +push eax +mov eax, edi +push dword [ebp - 0xc4] +push dword [ebp - 0xbc] +call fcn_fffb399f ; call 0xfffb399f +add esp, 0x10 + +loc_fffd1fc8: ; not directly referenced +cmp byte [ebp - 0xcc], al +jne short loc_fffd1fde ; jne 0xfffd1fde +mov ebx, dword [ebp - 0xc0] +or word [ebp + esi*2 - 0x9e], bx + +loc_fffd1fde: ; not directly referenced +cmp dword [ebp - 0xdc], 0 +jne short loc_fffd2015 ; jne 0xfffd2015 +lea ebx, [ebp - 0x18] +lea edx, [esi + esi*8] +lea ecx, [ebx + edx] +mov ebx, dword [ebp - 0xbc] +cmp al, byte [ebx + ecx - 0x7e] +jne short loc_fffd2015 ; jne 0xfffd2015 +mov eax, dword [ebp - 0xc0] +test word [ebp + esi*2 - 0xa2], ax +je short loc_fffd2015 ; je 0xfffd2015 +add edx, ebx +mov word [ebp + edx*4 - 0x5e], 0xfffe + +loc_fffd2015: ; not directly referenced +cmp byte [ebp - 0xcc], 0 +jne short loc_fffd205a ; jne 0xfffd205a +mov eax, dword [ebp - 0xc0] +or word [ebp + esi*2 - 0xa2], ax +cmp dword [ebp - 0xdc], 0 +je short loc_fffd205a ; je 0xfffd205a +lea ebx, [ebp - 0x18] +or word [ebp + esi*2 - 0x9e], ax +lea eax, [esi + esi*8] +lea edx, [ebx + eax] +mov ebx, dword [ebp - 0xbc] +add eax, ebx +mov byte [ebx + edx - 0x7e], 0 +mov word [ebp + eax*4 - 0x5e], 0x707 + +loc_fffd205a: ; not directly referenced +cmp dword [ebp - 0xd8], 0 +jne loc_fffd20ff ; jne 0xfffd20ff +mov cx, word [ebp + esi*2 - 0x9e] +mov dx, word [ebp + esi*2 - 0xa2] +mov eax, ecx +and eax, edx +test word [ebp - 0xc0], ax +jne short loc_fffd20ff ; jne 0xfffd20ff +cmp dword [ebp - 0xdc], 0 +movzx eax, byte [ebp - 0xd2] +jne short loc_fffd20b3 ; jne 0xfffd20b3 +test word [ebp - 0xc0], cx +jne short loc_fffd20a8 ; jne 0xfffd20a8 +lea ecx, [esi + esi*8] +lea ebx, [ebp - 0x18] +lea edx, [ebx + ecx] +jmp short loc_fffd20d2 ; jmp 0xfffd20d2 + +loc_fffd20a8: ; not directly referenced +lea ecx, [esi + esi*8] +lea ebx, [ebp - 0x18] +lea edx, [ebx + ecx] +jmp short loc_fffd20c5 ; jmp 0xfffd20c5 + +loc_fffd20b3: ; not directly referenced +test word [ebp - 0xc0], dx +lea ecx, [esi + esi*8] +lea ebx, [ebp - 0x18] +lea edx, [ebx + ecx] +jne short loc_fffd20d2 ; jne 0xfffd20d2 + +loc_fffd20c5: ; not directly referenced +add eax, edx +mov bl, byte [eax - 0x5a] +lea edx, [ebx - 1] +mov byte [eax - 0x5a], dl +jmp short loc_fffd20dd ; jmp 0xfffd20dd + +loc_fffd20d2: ; not directly referenced +add eax, edx +mov bl, byte [eax - 0x6c] +lea edx, [ebx + 1] +mov byte [eax - 0x6c], dl + +loc_fffd20dd: ; not directly referenced +mov eax, dword [ebp - 0xd0] +movzx edx, dl +add eax, ecx +mov ecx, dword [ebp - 0xc8] +add eax, dword [ebp - 0xbc] +add eax, eax +add eax, dword [ebp - 0xc4] +mov dword [ecx + eax*4], edx + +loc_fffd20ff: ; not directly referenced +inc byte [ebp - 0xe8] +jmp near loc_fffd1b9d ; jmp 0xfffd1b9d + +loc_fffd210a: ; not directly referenced +cmp dword [ebp - 0xd8], 1 +jne loc_fffd21d1 ; jne 0xfffd21d1 +mov ax, word [ebp + esi*2 - 0xa2] +mov bx, word [ebp - 0xea] +mov edx, eax +and dx, word [ebp + esi*2 - 0x9e] +cmp dx, bx +je loc_fffd21d1 ; je 0xfffd21d1 +lea edx, [esi + esi*8] +lea ecx, [ebp - 0x18] +add edx, ecx +cmp ax, bx +movzx eax, byte [ebp - 0xd2] +je short loc_fffd2181 ; je 0xfffd2181 +add eax, edx +mov ebx, dword [ebp - 0xf0] +mov cl, byte [eax - 0x5a] +dec ecx +mov byte [eax - 0x5a], cl +imul eax, esi, 0x48 +movzx ecx, cl +mov dword [ebx + eax], ecx + +loc_fffd2165: ; not directly referenced +imul eax, esi, 0x48 +lea ebx, [esi + esi*8] +add ebx, dword [ebp - 0xd0] +mov dword [ebp - 0xbc], eax +xor eax, eax +mov dword [ebp - 0xc0], ebx +jmp short loc_fffd219b ; jmp 0xfffd219b + +loc_fffd2181: ; not directly referenced +add edx, eax +mov ecx, dword [ebp - 0xf0] +mov al, byte [edx - 0x6c] +inc eax +mov byte [edx - 0x6c], al +imul edx, esi, 0x48 +movzx eax, al +mov dword [ecx + edx], eax +jmp short loc_fffd2165 ; jmp 0xfffd2165 + +loc_fffd219b: ; not directly referenced +cmp al, byte [edi + 0x2489] +jae short loc_fffd21d1 ; jae 0xfffd21d1 +mov ebx, dword [ebp - 0xbc] +mov edx, dword [ebp - 0xf0] +mov edx, dword [edx + ebx] +mov ebx, dword [ebp - 0xc8] +mov ecx, edx +movzx edx, al +add edx, dword [ebp - 0xc0] +inc eax +add edx, edx +add edx, dword [ebp - 0xc4] +mov dword [ebx + edx*4], ecx +jmp short loc_fffd219b ; jmp 0xfffd219b + +loc_fffd21d1: ; not directly referenced +inc esi +cmp esi, 2 +jne loc_fffd1b77 ; jne 0xfffd1b77 +mov si, word [ebp - 0xea] +mov eax, esi +and ax, word [ebp - 0xa2] +cmp ax, si +jne loc_fffd1a8e ; jne 0xfffd1a8e +mov eax, esi +and ax, word [ebp - 0x9e] +cmp ax, si +jne loc_fffd1a8e ; jne 0xfffd1a8e +mov eax, esi +and eax, dword [ebp - 0xa0] +cmp ax, si +jne loc_fffd1a8e ; jne 0xfffd1a8e +mov eax, esi +and eax, dword [ebp - 0x9c] +cmp ax, si +jne loc_fffd1a8e ; jne 0xfffd1a8e +xor ebx, ebx + +loc_fffd222a: ; not directly referenced +mov eax, dword [ebp - 0xe0] +bt eax, ebx +jae loc_fffd182e ; jae 0xfffd182e +mov byte [ebp - 0xbc], 0 + +loc_fffd2240: ; not directly referenced +mov al, byte [ebp - 0xbc] +cmp al, byte [edi + 0x2489] +jae loc_fffd182e ; jae 0xfffd182e +movzx esi, byte [ebp - 0xbc] +lea eax, [ebx + ebx*8] +sub esp, 0xc +mov dword [ebp - 0xc0], eax +add eax, esi +mov edx, dword [ebp + eax*4 - 0x60] +lea eax, [ebp - 0x18] +add eax, dword [ebp - 0xc0] +movzx eax, byte [esi + eax - 0x7e] +mov ecx, edx +push dword [ebp + 0x1c] +shr edx, 0x10 +shr ecx, 0x18 +movzx edx, dl +call fcn_fffac986 ; call 0xfffac986 +mov edx, dword [ebp - 0xc0] +add esp, 0x10 +add edx, dword [ebp - 0xd0] +mov ecx, dword [ebp - 0xc8] +inc byte [ebp - 0xbc] +add esi, edx +add esi, esi +add esi, dword [ebp - 0xc4] +mov dword [ecx + esi*4], eax +jmp short loc_fffd2240 ; jmp 0xfffd2240 + +loc_fffd22b6: ; not directly referenced +cmp byte [ebp - 0xe4], 0xb +je short loc_fffd22ed ; je 0xfffd22ed + +loc_fffd22bf: ; not directly referenced +push 2 +movzx eax, byte [ebp - 0xe4] +xor ebx, ebx +push 0 +push 0 +push 0 +push 0 +push 0 +push 0 +push 1 +push 0 +push 0 +push eax +push edi +call fcn_fffcd268 ; call 0xfffcd268 +add esp, 0x30 +mov esi, eax +jmp near loc_fffd2395 ; jmp 0xfffd2395 + +loc_fffd22ed: ; not directly referenced +movzx eax, byte [ebp - 0xec] +xor ebx, ebx +mov dword [ebp - 0xc4], eax + +loc_fffd22fc: ; not directly referenced +mov eax, dword [ebp - 0xe0] +bt eax, ebx +jb short loc_fffd230f ; jb 0xfffd230f + +loc_fffd2307: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffd22fc ; jne 0xfffd22fc +jmp short loc_fffd22bf ; jmp 0xfffd22bf + +loc_fffd230f: ; not directly referenced +mov eax, ebx +imul esi, ebx, 0x13c3 +shl eax, 0xa +add eax, 0x4028 +mov dword [ebp - 0xc0], eax +mov byte [ebp - 0xbc], 0 + +loc_fffd232c: ; not directly referenced +mov al, byte [ebp - 0xbc] +cmp al, byte [edi + 0x2489] +jae short loc_fffd2307 ; jae 0xfffd2307 +push eax +movzx eax, byte [ebp - 0xbc] +mov edx, ebx +mov ecx, dword [ebp - 0xc4] +push 0 +push 0xff +push eax +mov eax, edi +call fcn_fffa7447 ; call 0xfffa7447 +mov edx, dword [ebp - 0xc0] +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +movzx edx, byte [edi + esi + 0x4770] +and edx, 0x3f +shl edx, 0x10 +and eax, 0xffc0ffff +or eax, edx +mov edx, dword [ebp - 0xc0] +mov ecx, eax +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +add esp, 0x10 +inc byte [ebp - 0xbc] +jmp short loc_fffd232c ; jmp 0xfffd232c + +loc_fffd2395: ; not directly referenced +cmp bl, byte [edi + 0x2489] +jae short loc_fffd23b3 ; jae 0xfffd23b3 +movzx eax, bl +xor ecx, ecx +lea edx, [eax*4 + 0x4cf0] +mov eax, edi +call fcn_fffb38b3 ; call 0xfffb38b3 +inc ebx +jmp short loc_fffd2395 ; jmp 0xfffd2395 + +loc_fffd23b3: ; not directly referenced +lea esp, [ebp - 0xc] +mov eax, esi +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffd23bd: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +sub esp, 0x4c +mov ebx, dword [ebp + 8] +mov eax, dword [ebx + 0x2444] +lea ecx, [ebx + 0x5f99] +movzx esi, byte [ebx + 0x18ed] +mov dword [ebx + 0x3712], 0 +mov dword [ebp - 0x3c], eax +mov eax, dword [ebx + 0x188b] +mov dword [ebp - 0x40], eax +lea eax, [ebx + 0x3813] + +loc_fffd23f8: ; not directly referenced +cmp dword [eax - 0xbc], 2 +mov dword [eax], 0 +jne short loc_fffd243c ; jne 0xfffd243c +cmp dword [eax + 0x10b7], 2 +jne short loc_fffd2418 ; jne 0xfffd2418 +mov edx, dword [eax + 0x1198] +mov dword [eax], edx + +loc_fffd2418: ; not directly referenced +cmp dword [eax + 0x11df], 2 +jne short loc_fffd2429 ; jne 0xfffd2429 +mov edx, dword [eax + 0x12c0] +add dword [eax], edx + +loc_fffd2429: ; not directly referenced +mov edx, dword [ebx + 0x2485] +cmp dword [eax], edx +cmovbe edx, dword [eax] +mov dword [eax], edx +add dword [ebx + 0x3712], edx + +loc_fffd243c: ; not directly referenced +add eax, 0x13c3 +cmp eax, ecx +jne short loc_fffd23f8 ; jne 0xfffd23f8 +mov edi, dword [ebx + 0x3712] +mov eax, dword [ebx + 0x18d9] +mov ecx, edi +sub ecx, dword [ebx + 0x18d5] +cmp byte [ebx + 0x2402], 0 +mov dword [ebx + 0x36ed], ecx +je short loc_fffd247e ; je 0xfffd247e +cmp edi, 0x1000 +ja short loc_fffd247e ; ja 0xfffd247e +shr edi, 1 +mov edx, 0x1000 +sub edx, edi +cmp eax, edx +cmovb eax, edx + +loc_fffd247e: ; not directly referenced +mov edx, 0x1000 +sub edx, eax +cmp edx, ecx +cmovbe ecx, edx +mov dword [ebx + 0x36f1], ecx +test esi, esi +je short loc_fffd24be ; je 0xfffd24be +mov eax, dword [ebx + 0x3813] +mov edx, dword [ebx + 0x4bd6] +cmp eax, edx +je short loc_fffd24be ; je 0xfffd24be +test eax, eax +je short loc_fffd24be ; je 0xfffd24be +test edx, edx +je short loc_fffd24be ; je 0xfffd24be +cmp edx, eax +cmova edx, eax +add edx, edx +cmp ecx, edx +cmovbe edx, ecx +mov dword [ebx + 0x36f1], edx + +loc_fffd24be: ; not directly referenced +mov eax, dword [ebx + 0x36f1] +sub eax, dword [ebx + 0x246e] +mov edi, dword [ebx + 0x18c1] +mov dword [ebx + 0x36f5], eax +sub eax, dword [ebx + 0x2472] +mov dword [ebx + 0x36f9], eax +mov eax, dword [ebp - 0x3c] +push 0x50 +push 0 +push 0 +push 0 +call dword [eax + 0x4c] ; ucall +add edi, eax +mov eax, dword [ebp - 0x3c] +mov dword [esp], edi +call dword [eax + 0x20] ; ucall +add esp, 0x10 +mov ecx, dword [ebx + 0x246e] +cmp dword [ebp - 0x40], 0 +jne short loc_fffd2567 ; jne 0xfffd2567 +xor edx, edx +cmp byte [ebx + 0x18b3], 1 +sete dl +and ah, 0xbc +mov edi, edx +mov edx, 3 +shl edi, 0xe +cmp dword [ebx + 0x2472], 3 +cmovbe edx, dword [ebx + 0x2472] +or eax, edi +and edx, 3 +shl edx, 8 +or eax, edx +cmp ecx, 0x400 +jne short loc_fffd2549 ; jne 0xfffd2549 +and al, 7 +or al, 0x88 +jmp short loc_fffd25ab ; jmp 0xfffd25ab + +loc_fffd2549: ; not directly referenced +mov dl, 0x1f +cmp ecx, 0x3ff +ja short loc_fffd255b ; ja 0xfffd255b +shr ecx, 5 +mov dl, cl +and edx, 0x1f + +loc_fffd255b: ; not directly referenced +and edx, 0x1f +and al, 7 +shl edx, 3 +or eax, edx +jmp short loc_fffd25ab ; jmp 0xfffd25ab + +loc_fffd2567: ; not directly referenced +xor edx, edx +mov edi, dword [ebx + 0x2472] +cmp byte [ebx + 0x18b3], 1 +sete dl +and eax, 0xfffffffb +shl edx, 2 +or eax, edx +mov dl, 3 +cmp edi, 7 +ja short loc_fffd258f ; ja 0xfffd258f +shr edi, 1 +mov edx, edi +and edx, 3 + +loc_fffd258f: ; not directly referenced +and edx, 3 +and al, 0x3f +shl edx, 6 +mov edi, ecx +or eax, edx +mov dl, 0xff +shr edi, 5 +cmp ecx, 0x1fff +cmovbe edx, edi +mov ah, dl + +loc_fffd25ab: ; not directly referenced +mov ecx, dword [ebx + 0x36f9] +mov dword [ebx + 0x36fd], eax +mov eax, dword [ebx + 0x18dd] +mov edx, dword [ebx + 0x18e5] +mov dword [ebp - 0x40], ecx +sub dword [ebp - 0x40], eax +neg eax +and eax, dword [ebp - 0x40] +mov dword [ebx + 0x372e], edx +mov dword [ebx + 0x3701], eax +test esi, esi +jne short loc_fffd2604 ; jne 0xfffd2604 + +loc_fffd25de: ; not directly referenced +mov eax, dword [ebp - 0x40] +sub eax, dword [ebx + 0x3701] +je loc_fffd26ed ; je 0xfffd26ed +sub dword [ebx + 0x36f9], eax +sub dword [ebx + 0x36f5], eax +sub dword [ebx + 0x36f1], eax +jmp near loc_fffd26ed ; jmp 0xfffd26ed + +loc_fffd2604: ; not directly referenced +or edx, 0xffffffff +sub edx, dword [ebx + 0x18e9] +mov dword [ebp - 0x4c], 0 +lea esi, [ebp - 0x2a] +mov dword [ebp - 0x48], 0 +add eax, edx +shl eax, 0x14 +mov dword [ebp - 0x50], eax + +loc_fffd2626: ; not directly referenced +mov ecx, dword [ebp - 0x48] +imul eax, ecx, 0x13c3 +mov byte [ebp - 0x44], cl +cmp dword [ebx + eax + 0x3757], 2 +jne loc_fffd26d8 ; jne 0xfffd26d8 + +loc_fffd2640: ; not directly referenced +push eax +push esi +push dword [ebp - 0x4c] +push dword [ebp - 0x50] +call fcn_fffc8b09 ; call 0xfffc8b09 +mov al, byte [ebp - 0x44] +add dword [ebp - 0x50], 0x40 +adc dword [ebp - 0x4c], 0 +add esp, 0x10 +cmp byte [esi + 1], al +jne short loc_fffd2640 ; jne 0xfffd2640 +mov ax, word [esi + 7] +movzx ecx, byte [esi + 5] +mov edx, eax +movzx edi, ah +movzx eax, byte [esi + 3] +shl edx, 0x18 +shl ecx, 3 +or ecx, edx +movzx edx, byte [esi + 4] +and eax, 7 +shl eax, 0x18 +and edx, 0xf +shl edx, 0x10 +or edi, edx +or edi, eax +cmp byte [ebp - 0x44], 1 +lea edx, [ebp - 0x30] +push edx +sbb eax, eax +not eax +and eax, 0x200 +push ecx +or eax, 0x1e +push eax +mov eax, dword [ebp - 0x3c] +push 1 +call dword [eax + 0x84] ; ucall +add esp, 0x10 +cmp byte [ebp - 0x44], 1 +lea ecx, [ebp - 0x30] +push ecx +sbb eax, eax +and eax, 0xfffffe00 +add eax, 0x300 +push edi +or eax, 0x1e +push eax +mov eax, dword [ebp - 0x3c] +push 1 +call dword [eax + 0x84] ; ucall +add esp, 0x10 + +loc_fffd26d8: ; not directly referenced +inc dword [ebp - 0x48] +add esi, 9 +cmp dword [ebp - 0x48], 2 +jne loc_fffd2626 ; jne 0xfffd2626 +jmp near loc_fffd25de ; jmp 0xfffd25de + +loc_fffd26ed: ; not directly referenced +cmp byte [ebx + 0x18b6], 0 +mov eax, dword [ebx + 0x36ed] +je short loc_fffd2738 ; je 0xfffd2738 +mov ecx, dword [ebx + 0x36f1] +cmp eax, ecx +jbe short loc_fffd2738 ; jbe 0xfffd2738 +mov edx, 0x1000 +cmp eax, 0x1000 +mov esi, edx +cmovbe edx, eax +cmovae esi, eax +add edx, esi +sub edx, ecx +mov dword [ebx + 0x370e], edx +dec edx +mov byte [ebx + 0x3705], 1 +mov dword [ebx + 0x3706], esi +mov dword [ebx + 0x370a], edx +jmp short loc_fffd2745 ; jmp 0xfffd2745 + +loc_fffd2738: ; not directly referenced +mov byte [ebx + 0x3705], 0 +mov dword [ebx + 0x370e], eax + +loc_fffd2745: ; not directly referenced +cmp byte [ebx + 0x3746], 0 +je short loc_fffd27b1 ; je 0xfffd27b1 +cmp byte [ebx + 0x2402], 0 +je short loc_fffd276d ; je 0xfffd276d +cmp dword [ebx + 0x3712], 0x1000 +mov edx, eax +ja short loc_fffd2779 ; ja 0xfffd2779 +mov edx, dword [ebx + 0x370e] +jmp short loc_fffd2779 ; jmp 0xfffd2779 + +loc_fffd276d: ; not directly referenced +mov edx, dword [ebx + 0x3701] +sub edx, dword [ebx + 0x18e5] + +loc_fffd2779: ; not directly referenced +movzx ecx, byte [ebx + 0x3748] +shl ecx, 3 +mov dword [ebx + 0x3722], ecx +not ecx +add edx, ecx +movzx ecx, byte [ebx + 0x3747] +and edx, 0xffffffc0 +mov dword [ebx + 0x371e], edx +shl ecx, 3 +sub edx, ecx +sub edx, 0x40 +mov dword [ebx + 0x372a], ecx +mov dword [ebx + 0x3726], edx + +loc_fffd27b1: ; not directly referenced +mov dword [ebx + 0x3716], eax +mov eax, dword [ebx + 0x18d5] +mov edx, dword [ebx + 0x3712] +mov esi, dword [ebx + 0x2444] +mov dword [ebx + 0x371a], eax +mov eax, dword [ebx + 0x18cd] +mov dword [ebp - 0x40], eax +mov eax, dword [ebx + 0x18c1] +push 0xa0 +push 0 +push 0 +mov edi, eax +mov dword [ebp - 0x3c], eax +mov eax, edx +shr edx, 0xc +and edx, 0x7f +shl eax, 0x14 +push 0 +mov dword [ebp - 0x48], edx +mov dword [ebp - 0x44], eax +call dword [esi + 0x4c] ; ucall +pop ecx +mov dword [ebp - 0x3c], edi +lea edi, [eax + edi] +pop eax +push dword [ebp - 0x44] +push edi +call dword [esi + 0x30] ; ucall +lea ecx, [edi + 4] +pop eax +pop edx +mov edx, dword [ebp - 0x48] +push edx +push ecx +call dword [esi + 0x30] ; ucall +movzx edi, word [ebx + 0x36f1] +push 0xbc +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +shl edi, 0x14 +add esp, 0x18 +push edi +mov edi, dword [ebp - 0x3c] +add eax, edi +push eax +call dword [esi + 0x30] ; ucall +mov edx, dword [ebx + 0x370e] +push 0xa8 +push 0 +push 0 +mov eax, edx +shr edx, 0xc +and edx, 0x7f +shl eax, 0x14 +mov dword [ebp - 0x48], edx +push 0 +mov dword [ebp - 0x44], eax +call dword [esi + 0x4c] ; ucall +add esp, 0x18 +push dword [ebp - 0x44] +lea edi, [eax + edi] +push edi +call dword [esi + 0x30] ; ucall +mov edx, dword [ebp - 0x48] +pop ecx +pop eax +lea ecx, [edi + 4] +push edx +push ecx +call dword [esi + 0x30] ; ucall +add esp, 0x10 +cmp byte [ebx + 0x3705], 0 +je loc_fffd2918 ; je 0xfffd2918 +mov edx, dword [ebx + 0x3706] +push 0x90 +push 0 +push 0 +mov eax, edx +shr edx, 0xc +and edx, 0x7f +shl eax, 0x14 +push 0 +mov dword [ebp - 0x48], edx +mov dword [ebp - 0x44], eax +call dword [esi + 0x4c] ; ucall +mov ecx, dword [ebp - 0x3c] +lea edi, [eax + ecx] +pop eax +pop edx +push dword [ebp - 0x44] +push edi +call dword [esi + 0x30] ; ucall +mov edx, dword [ebp - 0x48] +pop ecx +pop eax +lea ecx, [edi + 4] +push edx +push ecx +call dword [esi + 0x30] ; ucall +mov edx, dword [ebx + 0x370a] +push 0x98 +push 0 +push 0 +mov eax, edx +shr edx, 0xc +and edx, 0x7f +shl eax, 0x14 +mov dword [ebp - 0x48], edx +push 0 +mov dword [ebp - 0x44], eax +call dword [esi + 0x4c] ; ucall +mov ecx, dword [ebp - 0x3c] +add esp, 0x18 +push dword [ebp - 0x44] +lea edi, [eax + ecx] +push edi +call dword [esi + 0x30] ; ucall +lea ecx, [edi + 4] +pop eax +pop edx +mov edx, dword [ebp - 0x48] +push edx +push ecx +call dword [esi + 0x30] ; ucall +add esp, 0x10 + +loc_fffd2918: ; not directly referenced +push 0xb8 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +movzx edx, word [ebx + 0x3701] +pop edi +pop ecx +add eax, dword [ebp - 0x3c] +shl edx, 0x14 +push edx +push eax +call dword [esi + 0x30] ; ucall +add esp, 0x10 +cmp dword [ebx + 0x372e], 0 +je short loc_fffd297b ; je 0xfffd297b +push 0x5c +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +mov ecx, dword [ebp - 0x3c] +lea edi, [eax + ecx] +mov dword [esp], edi +call dword [esi + 0x20] ; ucall +movzx edx, byte [ebx + 0x372e] +shl edx, 4 +and eax, 0xfffff00f +or eax, edx +pop edx +or eax, 4 +pop ecx +push eax +push edi +call dword [esi + 0x30] ; ucall +add esp, 0x10 + +loc_fffd297b: ; not directly referenced +push 0xb0 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +movzx edx, word [ebx + 0x36f5] +pop ecx +pop edi +mov edi, dword [ebp - 0x3c] +shl edx, 0x14 +push edx +add eax, edi +push eax +call dword [esi + 0x30] ; ucall +push 0xb4 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +movzx edx, word [ebx + 0x36f9] +add esp, 0x18 +shl edx, 0x14 +push edx +add eax, edi +push eax +call dword [esi + 0x30] ; ucall +mov eax, dword [ebx + 0x371a] +add esp, 0x10 +test eax, eax +je loc_fffd2a56 ; je 0xfffd2a56 +mov edi, 0x80000 +sub edi, eax +push 0x78 +mov edx, edi +push 0 +shl edx, 0x14 +push 0 +or dh, 8 +push 0 +shr edi, 0xc +mov dword [ebp - 0x44], edx +and edi, 0x7f +call dword [esi + 0x4c] ; ucall +mov ecx, dword [ebp - 0x3c] +add ecx, eax +pop eax +pop edx +mov edx, dword [ebp - 0x44] +mov dword [ebp - 0x44], ecx +push edx +push ecx +call dword [esi + 0x30] ; ucall +pop ecx +mov ecx, dword [ebp - 0x44] +pop eax +add ecx, 4 +push edi +push ecx +call dword [esi + 0x30] ; ucall +mov edx, dword [ebx + 0x3716] +push 0x70 +push 0 +push 0 +mov eax, edx +shr edx, 0xc +and edx, 0x7f +shl eax, 0x14 +mov dword [ebp - 0x48], edx +push 0 +mov dword [ebp - 0x44], eax +call dword [esi + 0x4c] ; ucall +mov ecx, dword [ebp - 0x3c] +add esp, 0x18 +push dword [ebp - 0x44] +lea edi, [eax + ecx] +push edi +call dword [esi + 0x30] ; ucall +lea ecx, [edi + 4] +pop eax +pop edx +mov edx, dword [ebp - 0x48] +push edx +push ecx +call dword [esi + 0x30] ; ucall +add esp, 0x10 + +loc_fffd2a56: ; not directly referenced +push 0x50 +push 0 +push 0 +push 0 +call dword [esi + 0x4c] ; ucall +pop edx +pop ecx +push dword [ebx + 0x36fd] +add eax, dword [ebp - 0x3c] +push eax +call dword [esi + 0x30] ; ucall +mov edx, dword [ebx + 0x371e] +pop edi +pop eax +mov eax, dword [ebx + 0x3722] +mov edi, dword [ebp - 0x40] +add eax, edx +shr eax, 3 +shr edx, 3 +shl eax, 0x10 +or eax, edx +push eax +mov eax, edi +add eax, 0x18 +push eax +call dword [esi + 0x30] ; ucall +pop eax +mov eax, dword [ebx + 0x371e] +pop edx +shl eax, 0xe +push eax +mov eax, edi +add eax, 0x10 +push eax +call dword [esi + 0x30] ; ucall +pop ecx +pop eax +mov eax, dword [ebx + 0x371e] +and eax, 0x40000 +shr eax, 0x12 +push eax +mov eax, edi +add eax, 0x14 +push eax +call dword [esi + 0x30] ; ucall +mov edx, dword [ebx + 0x3726] +pop eax +mov eax, dword [ebx + 0x372a] +pop ecx +add eax, edx +shr eax, 3 +shr edx, 3 +shl eax, 0x10 +or eax, edx +push eax +mov eax, edi +add eax, 0x28 +push eax +call dword [esi + 0x30] ; ucall +pop eax +mov eax, dword [ebx + 0x3726] +pop edx +shl eax, 0xe +push eax +mov eax, edi +add eax, 0x20 +push eax +call dword [esi + 0x30] ; ucall +pop ecx +pop eax +mov eax, dword [ebx + 0x3726] +and eax, 0x40000 +shr eax, 0x12 +or eax, 4 +push eax +mov eax, edi +add eax, 0x24 +push eax +call dword [esi + 0x30] ; ucall +xor eax, eax +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +loc_fffd2b28: +push esi +push edi +mov esi, dword [esp + 0x10] +mov edi, dword [esp + 0xc] +mov edx, dword [esp + 0x14] +cmp edi, esi +je short loc_fffd2b57 ; je 0xfffd2b57 +cmp edx, 0 +je short loc_fffd2b57 ; je 0xfffd2b57 +lea eax, [esi + edx - 1] +cmp esi, edi +jae short loc_fffd2b52 ; jae 0xfffd2b52 +cmp eax, edi +jb short loc_fffd2b52 ; jb 0xfffd2b52 +mov esi, eax +lea edi, [edi + edx - 1] +std + +loc_fffd2b52: +mov ecx, edx +rep movsb ; rep movsb byte es:[edi], byte ptr [esi] +cld + +loc_fffd2b57: +mov eax, dword [esp + 0xc] +pop edi +pop esi +ret + +loc_fffd2b5e: +push edi +xor eax, eax +mov edi, dword [esp + 8] +mov ecx, dword [esp + 0xc] +mov edx, ecx +shr ecx, 2 +and edx, 3 +push edi +rep stosd ; rep stosd dword es:[edi], eax +mov ecx, edx +rep stosb ; rep stosb byte es:[edi], al +pop eax +pop edi +ret + +fcn_fffd2b7b: +mov eax, dword [esp + 8] +mov ecx, dword [esp + 0xc] +xor edx, edx +div ecx +mov eax, dword [esp + 4] +div ecx +mov eax, edx +ret + +fcn_fffd2b90: +mov eax, dword [esp + 8] +mov ecx, dword [esp + 0xc] +xor edx, edx +div ecx +push eax +mov eax, dword [esp + 8] +div ecx +pop edx +ret + +fcn_fffd2ba5: +mov ecx, dword [esp + 0xc] +mov eax, dword [esp + 8] +xor edx, edx +div ecx +push eax +mov eax, dword [esp + 8] +div ecx +mov ecx, dword [esp + 0x14] +jecxz loc_fffd2bc0 ; jecxz 0xfffd2bc0 +mov dword [ecx], edx + +loc_fffd2bc0: +pop edx +ret + +fcn_fffd2bc2: +push ebx + +fcn_fffd2bc3: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0xc] +cpuid +push ecx +mov ecx, dword [ebp + 0x10] +jecxz loc_fffd2bd3 ; jecxz 0xfffd2bd3 +mov dword [ecx], eax + +loc_fffd2bd3: +mov ecx, dword [ebp + 0x14] +jecxz loc_fffd2bda ; jecxz 0xfffd2bda +mov dword [ecx], ebx + +loc_fffd2bda: +mov ecx, dword [ebp + 0x18] +jecxz loc_fffd2be1 ; jecxz 0xfffd2be1 +pop dword [ecx] + +loc_fffd2be1: +mov ecx, dword [ebp + 0x1c] +jecxz loc_fffd2be8 ; jecxz 0xfffd2be8 +mov dword [ecx], edx + +loc_fffd2be8: +mov eax, dword [ebp + 0xc] +leave +pop ebx +ret + +loc_fffd2bee: ; not directly referenced +mov cl, byte [esp + 0xc] +xor eax, eax +mov edx, dword [esp + 4] +test cl, 0x20 +cmove eax, edx +cmove edx, dword [esp + 8] +shld edx, eax, cl +shl eax, cl +ret + +loc_fffd2c09: +mov cl, byte [esp + 0xc] +xor edx, edx +mov eax, dword [esp + 8] +test cl, 0x20 +cmove edx, eax +cmove eax, dword [esp + 4] +shrd eax, edx, cl +shr edx, cl +ret + +loc_fffd2c24: +push edi +mov ecx, dword [esp + 0xc] +mov al, byte [esp + 0x10] +mov ah, al +shrd edx, eax, 0x10 +shld eax, edx, 0x10 +mov edx, ecx +mov edi, dword [esp + 8] +shr ecx, 2 +rep stosd ; rep stosd dword es:[edi], eax +mov ecx, edx +and ecx, 3 +rep stosb ; rep stosb byte es:[edi], al +mov eax, dword [esp + 8] +pop edi +ret + +fcn_fffd2c4f: +push edi +mov eax, dword [esp + 0x10] +mov edi, dword [esp + 8] +mov ecx, dword [esp + 0xc] +rep stosd ; rep stosd dword es:[edi], eax +mov eax, dword [esp + 8] +pop edi +ret + +loc_fffd2c64: ; not directly referenced +mov ecx, dword [esp + 0xc] +mov eax, ecx +imul ecx, dword [esp + 8] +mul dword [esp + 4] +add edx, ecx +ret + +loc_fffd2c76: ; not directly referenced +mov ecx, dword [esp + 0x10] +test ecx, ecx +jne short loc_fffd2c91 ; jne 0xfffd2c91 +mov ecx, dword [esp + 0x14] +jecxz loc_fffd2c8c ; jecxz 0xfffd2c8c +and dword [ecx + 4], 0 +mov dword [esp + 0x10], ecx + +loc_fffd2c8c: ; not directly referenced +jmp near fcn_fffd2ba5 ; jmp 0xfffd2ba5 + +loc_fffd2c91: ; not directly referenced +push ebx +push esi +push edi +mov edx, dword [esp + 0x14] +mov eax, dword [esp + 0x10] +mov edi, edx +mov esi, eax +mov ebx, dword [esp + 0x18] + +loc_fffd2ca4: ; not directly referenced +shr edx, 1 +rcr eax, 1 +shrd ebx, ecx, 1 +shr ecx, 1 +jne short loc_fffd2ca4 ; jne 0xfffd2ca4 +div ebx +mov ebx, eax +mov ecx, dword [esp + 0x1c] +mul dword [esp + 0x18] +imul ecx, ebx +add edx, ecx +mov ecx, dword [esp + 0x20] +jb short loc_fffd2cd1 ; jb 0xfffd2cd1 +cmp edi, edx +ja short loc_fffd2cdc ; ja 0xfffd2cdc +jb short loc_fffd2cd1 ; jb 0xfffd2cd1 +cmp esi, eax +jae short loc_fffd2cdc ; jae 0xfffd2cdc + +loc_fffd2cd1: ; not directly referenced +dec ebx +jecxz loc_fffd2ce7 ; jecxz 0xfffd2ce7 +sub eax, dword [esp + 0x18] +sbb edx, dword [esp + 0x1c] + +loc_fffd2cdc: ; not directly referenced +jecxz loc_fffd2ce7 ; jecxz 0xfffd2ce7 +sub esi, eax +sbb edi, edx +mov dword [ecx], esi +mov dword [ecx + 4], edi + +loc_fffd2ce7: ; not directly referenced +mov eax, ebx +xor edx, edx +pop edi +pop esi +pop ebx +ret + +loc_fffd2cef: +db 0x53 + +fcn_fffd2cf0: ; not directly referenced +push ebp +mov ebp, esp +mov eax, dword [ebp + 0xc] +mov ecx, dword [ebp + 0x10] +cpuid +push ecx +mov ecx, dword [ebp + 0x14] +jecxz loc_fffd2d03 ; jecxz 0xfffd2d03 +mov dword [ecx], eax + +loc_fffd2d03: ; not directly referenced +mov ecx, dword [ebp + 0x18] +jecxz loc_fffd2d0a ; jecxz 0xfffd2d0a +mov dword [ecx], ebx + +loc_fffd2d0a: ; not directly referenced +mov ecx, dword [ebp + 0x20] +jecxz loc_fffd2d11 ; jecxz 0xfffd2d11 +mov dword [ecx], edx + +loc_fffd2d11: ; not directly referenced +mov ecx, dword [ebp + 0x1c] +jecxz loc_fffd2d18 ; jecxz 0xfffd2d18 +pop dword [ecx] + +loc_fffd2d18: ; not directly referenced +mov eax, dword [ebp + 0xc] +leave +pop ebx +ret + +fcn_fffd2d1e: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +xor esi, esi +push ebx +mov ebx, eax +sub esp, 0x1c +mov dword [ebp - 0x1c], edx + +loc_fffd2d2e: ; not directly referenced +lea eax, [esi*8 + 0x48a8] +mov dword [ebp - 0x20], eax +mov edx, eax +mov eax, ebx +call fcn_fffb333d ; call 0xfffb333d +mov edi, dword [ebp - 0x1c] +bt edi, esi +mov ecx, eax +jae short loc_fffd2d53 ; jae 0xfffd2d53 +and ch, 0xcf +or ch, 0x18 +jmp short loc_fffd2d56 ; jmp 0xfffd2d56 + +loc_fffd2d53: ; not directly referenced +and ch, 0xf7 + +loc_fffd2d56: ; not directly referenced +push edi +mov eax, ebx +push edi +inc esi +push edx +mov edx, dword [ebp - 0x20] +push ecx +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 +cmp esi, 2 +jne short loc_fffd2d2e ; jne 0xfffd2d2e +mov ecx, 2 +mov edx, 0x4d98 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, 1 +mov edx, 0x4800 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x4800 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +xor ecx, ecx +mov edx, 0x4d98 +mov esi, eax +mov eax, ebx +and esi, 0xfffffffe +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, esi +mov edx, 0x4800 +or ecx, 2 +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 0x4800 +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +xor esi, esi + +loc_fffd2dcd: ; not directly referenced +mov eax, dword [ebp - 0x1c] +bt eax, esi +jae short loc_fffd2dfc ; jae 0xfffd2dfc +lea edi, [esi*8 + 0x48a8] +mov eax, ebx +mov edx, edi +call fcn_fffb333d ; call 0xfffb333d +mov ecx, eax +and ch, 0xf7 +mov eax, ecx +push ecx +push ecx +push edx +mov edx, edi +push eax +mov eax, ebx +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 + +loc_fffd2dfc: ; not directly referenced +inc esi +cmp esi, 2 +jne short loc_fffd2dcd ; jne 0xfffd2dcd +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffd2e0a: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, edx +shl esi, 0xa +push ebx +mov ebx, eax +lea edi, [esi + 0x41a0] +sub esp, 0x2c +mov edx, edi +mov byte [ebp - 0x29], cl +call fcn_fffb331f ; call 0xfffb331f +mov edx, edi +and eax, 0xfffffccc +or eax, 0x111 +mov ecx, eax +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp + 0x10] +lea edx, [esi + 0x41a4] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp + 0x14] +lea edx, [esi + 0x41a8] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, dword [ebp + 0x18] +lea edx, [esi + 0x41ac] +mov eax, ebx +call fcn_fffb3381 ; call 0xfffb3381 +lea edx, [esi + 0x41bc] +mov eax, ebx +xor ecx, ecx +call fcn_fffb3381 ; call 0xfffb3381 +lea eax, [esi + 0x41c0] +mov dword [ebp - 0x28], eax +mov eax, dword [ebp + 8] +mov dword [ebp - 0x20], 0 +mov dword [ebp - 0x1c], 0 +mov dword [ebp - 0x24], 0 +lea esi, [eax + 4] + +loc_fffd2ea2: ; not directly referenced +mov eax, dword [ebp - 0x24] +cmp eax, dword [ebp + 0xc] +je loc_fffd2f3d ; je 0xfffd2f3d +mov ecx, dword [esi - 4] +add esi, 0xc +movzx eax, byte [esi - 0xc] +mov edx, ecx +mov edi, ecx +and edx, 0x7c +or ah, 0x80 +shl edx, 6 +and edi, 1 +or eax, edx +mov edx, ecx +and edx, 2 +add edi, edi +shr edx, 1 +and ecx, 0x380 +or edx, edi +mov edi, dword [esi - 0xc] +shl ecx, 0x11 +or edx, 4 +shl edx, 8 +and edi, 0x300 +shl edi, 5 +or eax, edi +mov word [ebp - 0x20], ax +mov eax, dword [ebp - 0x20] +and eax, 0xf0ffffff +or eax, ecx +mov cl, byte [ebp - 0x29] +mov dword [ebp - 0x20], eax +mov eax, dword [ebp - 0x1c] +and ah, 0xf0 +or eax, edx +mov edx, dword [esi - 8] +and eax, 0xfffffff0 +shl edx, cl +not edx +and edx, 0xf +or eax, edx +mov edx, dword [ebp - 0x28] +mov dword [ebp - 0x1c], eax +push eax +push eax +mov eax, ebx +push dword [ebp - 0x1c] +push dword [ebp - 0x20] +call fcn_fffb3506 ; call 0xfffb3506 +add esp, 0x10 +inc dword [ebp - 0x24] +jmp near loc_fffd2ea2 ; jmp 0xfffd2ea2 + +loc_fffd2f3d: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffd2f45: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +push ebx +mov ebx, eax +sub esp, 0x50 +mov al, byte [ebp + 8] +push 0 +push 2 +mov byte [ebp - 0x34], al +mov eax, dword [ebx + 0x2444] +mov byte [ebp - 0x33], cl +lea ecx, [ebp - 0x1a] +push ecx +mov dword [ebp - 0x2c], edx +call dword [eax + 0x5c] ; ucall +mov edx, dword [ebp - 0x2c] +add esp, 0x10 +mov byte [ebp - 0x2c], 0x60 +movzx eax, dl +mov edi, eax +mov ecx, edi +mov dword [ebp - 0x48], eax +mov eax, 1 +shl eax, cl +test byte [ebx + 0x381b], al +mov byte [ebp - 0x32], al +setne dl +mov cl, dl +or ecx, 2 +test byte [ebx + 0x4bde], al +movzx eax, al +mov dword [ebp - 0x38], eax +cmovne edx, ecx +movzx eax, dl +mov dword [ebp - 0x50], eax + +loc_fffd2fae: ; not directly referenced +movzx esi, byte [ebp - 0x2c] +xor edi, edi + +loc_fffd2fb4: ; not directly referenced +imul eax, edi, 0x13c3 +mov cl, byte [ebp - 0x32] +test byte [ebx + eax + 0x381b], cl +je short loc_fffd3003 ; je 0xfffd3003 +push eax +push 0 +push esi +push 3 +push dword [ebp - 0x38] +push 1 +push edi +push ebx +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c +push 0 +push esi +push 3 +push dword [ebp - 0x38] +push 2 +push edi +push ebx +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x1c +push 0 +push esi +push 3 +push dword [ebp - 0x38] +push 3 +push edi +push ebx +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 + +loc_fffd3003: ; not directly referenced +inc edi +cmp edi, 2 +jne short loc_fffd2fb4 ; jne 0xfffd2fb4 +mov edx, dword [ebp - 0x50] +mov eax, ebx +xor esi, esi +call fcn_fffd2d1e ; call 0xfffd2d1e +mov eax, ebx +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +mov edi, dword [ebp + 0xc] +imul eax, dword [ebp - 0x48], 9 +mov dword [ebp - 0x4c], eax + +loc_fffd302b: ; not directly referenced +imul eax, esi, 0x13c3 +mov dword [ebp - 0x40], eax +mov ecx, eax +mov al, byte [ebp - 0x32] +test byte [ebx + ecx + 0x381b], al +jne short loc_fffd304c ; jne 0xfffd304c +mov byte [ebp + esi - 0x1a], 0xff +jmp near loc_fffd30fc ; jmp 0xfffd30fc + +loc_fffd304c: ; not directly referenced +cmp byte [ebp + esi - 0x1a], 0xff +je loc_fffd30fc ; je 0xfffd30fc +imul eax, esi, 0x54a +mov byte [ebp - 0x31], 0 +lea eax, [ebx + eax + 0x196b] +mov dword [ebp - 0x44], eax + +loc_fffd306b: ; not directly referenced +mov al, byte [ebp - 0x31] +cmp al, byte [ebx + 0x2489] +jae loc_fffd30fc ; jae 0xfffd30fc +mov cl, byte [ebp - 0x31] +mov edx, dword [ebp - 0x40] +mov dword [ebp - 0x30], 1 +shl dword [ebp - 0x30], cl +movzx eax, cl +mov ecx, dword [ebp - 0x44] +cmp byte [ebx + edx + 0x49bb], 0x20 +mov dword [ebp - 0x3c], eax +mov al, byte [ecx + eax + 0x4f6] +jne short loc_fffd30b1 ; jne 0xfffd30b1 +test al, 2 +je short loc_fffd30b1 ; je 0xfffd30b1 +mov al, byte [ebp - 0x30] +or byte [ebp + esi - 0x1a], al +jmp short loc_fffd30f4 ; jmp 0xfffd30f4 + +loc_fffd30b1: ; not directly referenced +mov ecx, dword [ebp - 0x3c] +mov edx, esi +mov eax, ebx +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, ebx +call fcn_fffb331f ; call 0xfffb331f +mov dl, byte [ebp + esi - 0x1a] +test byte [ebp - 0x30], dl +jne short loc_fffd30f4 ; jne 0xfffd30f4 +movzx eax, al +mov dword [ebp - 0x54], edx +call fcn_fffb38d9 ; call 0xfffb38d9 +cmp al, 4 +je short loc_fffd30f4 ; je 0xfffd30f4 +mov eax, dword [ebp - 0x3c] +mov cl, byte [ebp - 0x2c] +mov edx, dword [ebp - 0x54] +add eax, dword [ebp - 0x4c] +or edx, dword [ebp - 0x30] +mov byte [edi + eax], cl +mov byte [esi + ebp - 0x1a], dl + +loc_fffd30f4: ; not directly referenced +inc byte [ebp - 0x31] +jmp near loc_fffd306b ; jmp 0xfffd306b + +loc_fffd30fc: ; not directly referenced +inc esi +add edi, 0x24 +cmp esi, 2 +jne loc_fffd302b ; jne 0xfffd302b +cmp byte [ebp - 0x1a], 0xff +jne short loc_fffd3115 ; jne 0xfffd3115 +cmp byte [ebp - 0x19], 0xff +je short loc_fffd3142 ; je 0xfffd3142 + +loc_fffd3115: ; not directly referenced +mov al, byte [ebp - 0x34] +add byte [ebp - 0x2c], al +test al, al +jle short loc_fffd312a ; jle 0xfffd312a +mov al, byte [ebp - 0x33] +cmp byte [ebp - 0x2c], al +seta al +jmp short loc_fffd3137 ; jmp 0xfffd3137 + +loc_fffd312a: ; not directly referenced +movzx eax, byte [ebp - 0x33] +movsx edx, byte [ebp - 0x2c] +cmp edx, eax +setl al + +loc_fffd3137: ; not directly referenced +movzx eax, al +test eax, eax +je loc_fffd2fae ; je 0xfffd2fae + +loc_fffd3142: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffd314a: ; not directly referenced +push ebp +mov ebp, esp +push edi +push esi +mov esi, eax +push ebx +sub esp, 0x2c +cmp dword [ebp + 8], 1 +je short loc_fffd3187 ; je 0xfffd3187 +jb short loc_fffd3177 ; jb 0xfffd3177 +cmp dword [ebp + 8], 2 +jne loc_fffd3273 ; jne 0xfffd3273 +mov dword [ebp - 0x24], 0xa8 +mov dword [ebp - 0x20], 0x2a +jmp short loc_fffd3195 ; jmp 0xfffd3195 + +loc_fffd3177: ; not directly referenced +mov dword [ebp - 0x24], 0xa4 +mov dword [ebp - 0x20], 0x29 +jmp short loc_fffd3195 ; jmp 0xfffd3195 + +loc_fffd3187: ; not directly referenced +mov dword [ebp - 0x24], 0xc0 +mov dword [ebp - 0x20], 0x30 + +loc_fffd3195: ; not directly referenced +lea eax, [esi + 0x381b] +xor ebx, ebx +mov dword [ebp - 0x28], eax +movzx eax, dl +mov dword [ebp - 0x30], eax +movzx eax, cl +mov dword [ebp - 0x34], eax + +loc_fffd31ac: ; not directly referenced +mov eax, dword [ebp - 0x30] +bt eax, ebx +jae loc_fffd325e ; jae 0xfffd325e +mov eax, dword [ebp - 0x28] +movzx edi, byte [eax + 0xfce] +mov eax, ebx +shl eax, 0xa +add eax, 0x4190 +mov edx, eax +and edi, 0xf +shl edi, 0x10 +or edi, 0xf +mov dword [ebp - 0x2c], eax +mov ecx, edi +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 +mov edx, 1 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +mov dword [ebp - 0x1c], 0 + +loc_fffd31f6: ; not directly referenced +mov cl, byte [ebp - 0x1c] +mov eax, 1 +mov edx, dword [ebp - 0x28] +shl eax, cl +test byte [edx], al +jne short loc_fffd3212 ; jne 0xfffd3212 + +loc_fffd3207: ; not directly referenced +inc dword [ebp - 0x1c] +cmp dword [ebp - 0x1c], 4 +jne short loc_fffd31f6 ; jne 0xfffd31f6 +jmp short loc_fffd323a ; jmp 0xfffd323a + +loc_fffd3212: ; not directly referenced +mov eax, dword [ebp - 0x34] +mov edx, dword [ebp - 0x1c] +bt eax, edx +jae short loc_fffd3207 ; jae 0xfffd3207 +push eax +mov ecx, edx +push 1 +mov edx, ebx +push dword [ebp - 0x24] +mov eax, esi +push dword [ebp - 0x20] +call fcn_fffacb43 ; call 0xfffacb43 +add esp, 0x10 +test eax, eax +je short loc_fffd3207 ; je 0xfffd3207 +jmp short loc_fffd3278 ; jmp 0xfffd3278 + +loc_fffd323a: ; not directly referenced +cmp dword [ebp + 8], 2 +je short loc_fffd325e ; je 0xfffd325e +mov edx, 1 +mov eax, esi +call fcn_fffa82f9 ; call 0xfffa82f9 +mov edx, dword [ebp - 0x2c] +and edi, 0xfff0ffff +mov ecx, edi +mov eax, esi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffd325e: ; not directly referenced +inc ebx +add dword [ebp - 0x28], 0x13c3 +cmp ebx, 2 +jne loc_fffd31ac ; jne 0xfffd31ac +xor eax, eax +jmp short loc_fffd3278 ; jmp 0xfffd3278 + +loc_fffd3273: ; not directly referenced +mov eax, 1 + +loc_fffd3278: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +fcn_fffd3280: ; not directly referenced +push ebp +mov ebp, esp +push edi +mov edi, eax +push esi +mov esi, ecx +push ebx +mov ebx, edx +sub esp, 0x70 +mov al, byte [ebp + 8] +push 0 +push 2 +lea edx, [ebp - 0x2c] +mov byte [ebp - 0x53], al +mov eax, dword [edi + 0x2444] +mov byte [ebp - 0x52], cl +push edx +call dword [eax + 0x5c] ; ucall +movzx ecx, bl +mov eax, 1 +shl eax, cl +add esp, 0x10 +mov byte [ebp - 0x3e], al +movzx eax, al +mov dword [ebp - 0x50], eax +lea eax, [ecx + ecx*8] +mov dword [ebp - 0x60], eax +mov eax, esi +movzx eax, al +mov byte [ebp - 0x40], 0 +mov byte [ebp - 0x3d], 0x40 +mov dword [ebp - 0x64], eax + +loc_fffd32d5: ; not directly referenced +movzx esi, byte [ebp - 0x3d] +xor ebx, ebx + +loc_fffd32db: ; not directly referenced +imul eax, ebx, 0x13c3 +mov dl, byte [ebp - 0x3e] +test byte [edi + eax + 0x381b], dl +je short loc_fffd3302 ; je 0xfffd3302 +push eax +push 0 +push esi +push 1 +push dword [ebp - 0x50] +push 4 +push ebx +push edi +call fcn_fffabc7a ; call 0xfffabc7a +add esp, 0x20 + +loc_fffd3302: ; not directly referenced +inc ebx +cmp ebx, 2 +jne short loc_fffd32db ; jne 0xfffd32db +mov dword [ebp - 0x3c], 0 + +loc_fffd330f: ; not directly referenced +mov al, byte [ebp - 0x3e] +test byte [edi + 0x381b], al +je short loc_fffd335b ; je 0xfffd335b +or byte [ebp - 0x40], 1 +mov edx, 0x41a4 +cmp dword [ebp - 0x3c], 1 +mov eax, edi +sbb ecx, ecx +and ecx, 0xffffc000 +add ecx, 0x7000 +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, 0x4000 +mov edx, 0x41a8 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +xor ecx, ecx +mov edx, 0x41ac +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffd335b: ; not directly referenced +mov al, byte [ebp - 0x3e] +test byte [edi + 0x4bde], al +je short loc_fffd33a7 ; je 0xfffd33a7 +or byte [ebp - 0x40], 2 +mov edx, 0x45a4 +cmp dword [ebp - 0x3c], 1 +mov eax, edi +sbb ecx, ecx +and ecx, 0xffffc000 +add ecx, 0x7000 +call fcn_fffb3381 ; call 0xfffb3381 +mov ecx, 0x4000 +mov edx, 0x45a8 +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 +xor ecx, ecx +mov edx, 0x45ac +mov eax, edi +call fcn_fffb3381 ; call 0xfffb3381 + +loc_fffd33a7: ; not directly referenced +movzx edx, byte [ebp - 0x40] +mov eax, edi +xor esi, esi +call fcn_fffd2d1e ; call 0xfffd2d1e +mov eax, edi +mov edx, 0xf +call fcn_fffa82f9 ; call 0xfffa82f9 +mov eax, dword [ebp + 0xc] +mov dword [ebp - 0x48], eax + +loc_fffd33c6: ; not directly referenced +imul eax, esi, 0x13c3 +mov dword [ebp - 0x5c], eax +mov ebx, eax +mov al, byte [ebp - 0x3e] +test byte [edi + ebx + 0x381b], al +jne short loc_fffd33e7 ; jne 0xfffd33e7 +mov byte [ebp + esi - 0x2c], 0xff +jmp near loc_fffd34c6 ; jmp 0xfffd34c6 + +loc_fffd33e7: ; not directly referenced +cmp byte [ebp + esi - 0x2c], 0xff +je loc_fffd34c6 ; je 0xfffd34c6 +imul eax, esi, 0x54a +lea ebx, [ebp - 0x18] +mov byte [ebp - 0x3f], 0 +lea eax, [edi + eax + 0x196b] +mov dword [ebp - 0x58], eax +lea eax, [esi + esi*8] +add eax, ebx +mov dword [ebp - 0x4c], eax + +loc_fffd3411: ; not directly referenced +mov al, byte [ebp - 0x3f] +cmp al, byte [edi + 0x2489] +jae loc_fffd34c6 ; jae 0xfffd34c6 +mov edx, dword [ebp - 0x5c] +mov cl, byte [ebp - 0x3f] +mov eax, dword [ebp - 0x58] +mov dword [ebp - 0x44], 1 +shl dword [ebp - 0x44], cl +cmp byte [edi + edx + 0x49bb], 0x20 +movzx ebx, cl +mov al, byte [eax + ebx + 0x4f6] +jne short loc_fffd3454 ; jne 0xfffd3454 +test al, 2 +je short loc_fffd3454 ; je 0xfffd3454 +mov al, byte [ebp - 0x44] +or byte [ebp + esi - 0x2c], al +jmp short loc_fffd34be ; jmp 0xfffd34be + +loc_fffd3454: ; not directly referenced +mov ecx, ebx +mov edx, esi +mov eax, edi +call fcn_fffa75c5 ; call 0xfffa75c5 +mov edx, eax +mov eax, edi +call fcn_fffb331f ; call 0xfffb331f +mov cl, byte [ebp + esi - 0x2c] +test byte [ebp - 0x44], cl +jne short loc_fffd34be ; jne 0xfffd34be +cmp dword [ebp - 0x3c], 0 +movzx edx, al +jne short loc_fffd3483 ; jne 0xfffd3483 +mov eax, dword [ebp - 0x4c] +mov byte [ebx + eax - 0x12], dl +jmp short loc_fffd34be ; jmp 0xfffd34be + +loc_fffd3483: ; not directly referenced +mov eax, dword [ebp - 0x4c] +mov dword [ebp - 0x6c], ecx +mov dword [ebp - 0x68], edx +mov al, byte [ebx + eax - 0x12] +mov byte [ebp - 0x51], al +mov eax, edx +call fcn_fffb38d9 ; call 0xfffb38d9 +mov edx, dword [ebp - 0x68] +mov ecx, dword [ebp - 0x6c] +cmp al, 4 +jne short loc_fffd34a9 ; jne 0xfffd34a9 +cmp byte [ebp - 0x51], dl +jne short loc_fffd34be ; jne 0xfffd34be + +loc_fffd34a9: ; not directly referenced +mov eax, dword [ebp - 0x60] +mov edx, dword [ebp - 0x48] +or ecx, dword [ebp - 0x44] +add eax, ebx +mov bl, byte [ebp - 0x3d] +mov byte [ebp + esi - 0x2c], cl +mov byte [edx + eax], bl + +loc_fffd34be: ; not directly referenced +inc byte [ebp - 0x3f] +jmp near loc_fffd3411 ; jmp 0xfffd3411 + +loc_fffd34c6: ; not directly referenced +inc esi +add dword [ebp - 0x48], 0x24 +cmp esi, 2 +jne loc_fffd33c6 ; jne 0xfffd33c6 +inc dword [ebp - 0x3c] +cmp dword [ebp - 0x3c], 2 +jne loc_fffd330f ; jne 0xfffd330f +cmp byte [ebp - 0x2c], 0xff +jne short loc_fffd34ed ; jne 0xfffd34ed +cmp byte [ebp - 0x2b], 0xff +je short loc_fffd3517 ; je 0xfffd3517 + +loc_fffd34ed: ; not directly referenced +mov al, byte [ebp - 0x53] +add byte [ebp - 0x3d], al +test al, al +jle short loc_fffd3502 ; jle 0xfffd3502 +mov al, byte [ebp - 0x52] +cmp byte [ebp - 0x3d], al +seta al +jmp short loc_fffd350c ; jmp 0xfffd350c + +loc_fffd3502: ; not directly referenced +movsx eax, byte [ebp - 0x3d] +cmp eax, dword [ebp - 0x64] +setl al + +loc_fffd350c: ; not directly referenced +movzx eax, al +test eax, eax +je loc_fffd32d5 ; je 0xfffd32d5 + +loc_fffd3517: ; not directly referenced +lea esp, [ebp - 0xc] +pop ebx +pop esi +pop edi +pop ebp +ret + +loc_fffd351f: +db 0x90 + +ref_fffd3520: +dd 0x02000801 +dd 0x00000602 + +ref_fffd3528: +dd 0x4000f001 +dd 0x02005a01 +dd 0x011800dc +dd 0x9004005a +dd 0xa0020801 +dd 0x01900500 +dd 0x00a00208 +dd 0xe000f010 +dd 0x11000001 +dd 0x01e000f0 +dd 0xc0200000 +dd 0x00018000 +dd 0x00c02100 +dd 0x00000180 +dd 0x2200be0b +dd 0x0c000001 +dd 0x01900118 +dd 0x080d008c +dd 0xbe028002 +dd 0x00000000 + +ref_fffd3578: +dd 0x4443524d +dd 0x90906600 + +ref_fffd3580: +dd 0x05010400 +dd 0x07030602 +dd 0x00000008 + +ref_fffd358c: +dd 0xff830000 +dd 0xffe1ffc2 +dd 0x007d00fa +dd 0x001f003e + +ref_fffd359c: +dd 0x02030304 +dd 0x02030404 +dd 0x03030405 +dd 0x03040405 +dd 0x03040405 +dd 0x02030304 +dd 0x02030404 +dd 0x03030405 +dd 0x03040405 +dd 0x03030404 + +ref_fffd35c4: +dd 0x05060605 +dd 0x05060605 +dd 0x06060604 +dd 0x05060607 +dd 0x05060607 +dd 0x06060607 + +ref_fffd35dc: +dd loc_fffa6b23 +dd loc_fffa6a60 +dd loc_fffa6a95 +dd loc_fffa6af5 +dd loc_fffa6a33 +dd loc_fffa6b23 +dd loc_fffa6b23 + +ref_fffd35f8: +dd loc_fffa83ad +dd loc_fffa83bb +dd loc_fffa83cb +dd loc_fffa84b9 +dd loc_fffa83e0 +dd loc_fffa83eb +dd loc_fffa83f8 +dd loc_fffa8429 +dd loc_fffa8446 + +ref_fffd361c: +dd loc_fffa863f +dd loc_fffa8673 +dd loc_fffa86b0 +dd loc_fffa868f +dd loc_fffa863f +dd loc_fffa8673 +dd loc_fffa868f +dd loc_fffa85e4 + +ref_fffd363c: +dd 0x50f00050 +dd 0x0000f000 +dd 0x00000000 + +ref_fffd3648: +dd 0x50f00050 +dd 0x0000f000 +dd 0x00000000 + +ref_fffd3654: +db '<<<<<(<(<(<(<<<<<(<(<(<(' + +ref_fffd366c: +dd 0x3c3c3c3c +dd 0x1e3c1e3c +dd 0x1e3c1e3c +dd 0x3c3c3c3c +dd 0x1e3c1e3c +dd 0x1e3c1e3c + +ref_fffd3684: +dd 0x00780078 +dd 0x00000000 + +ref_fffd368c: +dd 0x003c003c +dd 0x1e3c1e3c +dd 0x1e3c1e3c +dd 0x003c003c +dd 0x1e3c1e3c +dd 0x1e3c1e3c + +ref_fffd36a4: +dd 0x28002800 +dd 0x1e3c1e3c +dd 0x1e3c1e3c +dd 0x28002800 +dd 0x1e3c1e3c +dd 0x1e3c1e3c + +ref_fffd36bc: +dd 0x00780078 +dd 0x00000000 -ref_fffd3e70: +ref_fffd36c4: dd 0x02000100 dd 0x08000400 dd 0x20001000 dd 0x80004000 -ref_fffd3e80: +ref_fffd36d4: +dd 0x86186186 +dd 0x18618618 +dd 0x30c30c30 +dd 0xa28a28a2 +dd 0x8a28a28a +dd 0x14514514 +dd 0x28a28a28 +dd 0x92492492 +dd 0x24924924 + +ref_fffd36f8: +dd 0x00a10ca1 +dd 0x00ef0d08 +dd 0x00ad0a1e + +ref_fffd3704: dd 0x00100000 dd 0x00110001 dd 0x00800081 -ref_fffd3e8c: +ref_fffd3710: dd 0x00010000 dd 0x00030002 dd 0x00050004 dd 0x00070006 -ref_fffd3e9c: +ref_fffd3720: +dd 0x00000000 +dd 0x00010105 +dd 0x01050100 + +ref_fffd372c: +dd 0x00000000 +dd 0x04000101 +dd 0x01050000 + +ref_fffd3738: +dd 0x01000001 +dd 0x04010101 +dd 0x01050100 + +ref_fffd3744: +dd 0x00000000 +dd 0x04000103 +dd 0x01070000 + +ref_fffd3750: +dd 0x00000000 +dd 0x04000003 +dd 0x00070000 + +ref_fffd375c: +dd 0x00010000 +dd 0x04000103 +dd 0x01070001 + +ref_fffd3768: +dd fcn_fffc357b +dd fcn_fffc3516 +dd fcn_fffc33be +dd fcn_fffc32ef +dd fcn_fffc332f +dd fcn_fffc3271 +dd fcn_fffc34a7 +dd fcn_fffc33fb +dd fcn_fffc3238 +dd fcn_fffc31ef +dd fcn_fffc3134 +dd fcn_fffc30b0 +dd fcn_fffb1631 + +ref_fffd379c: +dd fcn_fffc2e7b +dd fcn_fffb3adc +dd fcn_fffa7800 +dd fcn_fffc2bea +dd fcn_fffc2807 +dd fcn_fffc2588 +dd fcn_fffc236f +dd fcn_fffb30e0 +dd fcn_fffb2f13 +dd fcn_fffb2a0f +dd fcn_fffb2858 +dd fcn_fffc2a09 +dd fcn_fffb26af +dd fcn_fffb216f +dd fcn_fffb1f88 +dd fcn_fffb1ddf +dd fcn_fffb2d98 +dd fcn_fffb2c1d +dd fcn_fffb2502 +dd fcn_fffb2355 +dd fcn_fffb1c91 +dd fcn_fffb1b43 +dd fcn_fffb1983 +dd fcn_fffb166e + +ref_fffd37fc: +dd 0xffffffff + +ref_fffd3800: +dd 0x7fffffff + +ref_fffd3804: +dd 0x2625a000 +dd 0x00032000 +dd 0x84800300 +dd 0x03e8001e +dd 0x38020000 +dd 0x2b001c9c +dd 0x01000004 +dd 0x00196e6a +dd 0x000004b0 +dd 0x16e36002 +dd 0x00053500 +dd 0xcc5b0100 +dd 0x05780015 +dd 0xd0020000 +dd 0x40001312 +dd 0x03000006 +dd 0x0010f447 +dd 0x00000708 +dd 0x10594402 +dd 0x00074b00 +dd 0x42400100 +dd 0x07d0000f +dd 0x10020000 +dd 0x55000e50 +dd 0x01000008 +dd 0x000ddf22 +dd 0x00000898 +dd 0x0cb73502 +dd 0x00096000 +dd 0xbcce0300 +dd 0x0a28000b +dd 0xb0020000 +dd 0x6b000b71 +dd 0x0100000a +dd 0x000ae62d +dd 0x00000af0 +dd 0x0a675a02 +dd 0x000b7500 +dd 0x2c2a0100 +dd 0x0bb8000a +dd 0x68020000 +dd 0x80000989 +dd 0x0300000c +dd 0x00000000 +dd 0x00000000 +dd 0x90906600 + +ref_fffd38bc: dd 0x00000000 dd 0x00000000 dd 0x00070000 @@ -69697,92 +69347,113 @@ dd 0x00000000 dd 0x00010001 dd 0x00350049 -ref_fffd3ec8: +ref_fffd38e8: dd 0x00000401 dd 0x00000203 -ref_fffd3ed0: +ref_fffd38f0: dd 0x00010001 dd 0x00000307 -ref_fffd3ed8: +ref_fffd38f8: dd 0x00010000 dd 0x90660000 -ref_fffd3ee0: -dd loc_fffb407d -dd loc_fffb40ab -dd loc_fffb40e5 -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb415f -dd loc_fffb4103 -dd loc_fffb4136 - -ref_fffd3f10: -dd loc_fffb4beb -dd loc_fffb4bdc -dd loc_fffb4bfa -dd loc_fffb4c84 -dd loc_fffb4c84 -dd loc_fffb4c84 - -ref_fffd3f28: -dd loc_fffb52b2 -dd loc_fffb52ad -dd loc_fffb52d3 -dd loc_fffb52c6 -dd loc_fffb530f -dd loc_fffb52f1 -dd loc_fffb5344 -dd loc_fffb535a -dd loc_fffb53b3 -dd loc_fffb5399 -dd loc_fffb53cc -dd loc_fffb5414 - -ref_fffd3f58: -dd loc_fffb56de -dd loc_fffb561b -dd loc_fffb5559 -dd loc_fffb561b -dd loc_fffb56a0 -dd loc_fffb561b -dd loc_fffb5705 -dd loc_fffb56ef -dd loc_fffb56a0 -dd loc_fffb553a - -ref_fffd3f80: -dd loc_fffb57eb -dd loc_fffb5802 -dd loc_fffb5819 -dd loc_fffb582d -dd loc_fffb5841 -dd loc_fffb5858 -dd loc_fffb586f -dd loc_fffb5883 -dd loc_fffb58be -dd loc_fffb58d5 -dd loc_fffb592a -dd loc_fffb599b -dd loc_fffb59fe -dd loc_fffb5b1f -dd loc_fffb5b53 - -ref_fffd3fbc: +ref_fffd3900: +dd 0x00010000 +dd 0x02000201 +dd 0x00030900 +dd 0x7801001f +dd 0x01007d00 +dd 0x01480140 +dd 0x5c014909 +dd 0x00200101 +dd 0x7e010077 +dd 0x0100ff00 +dd 0x017f015d +dd 0x83018001 +dd 0x01840101 +dd 0x89010188 +dd 0x0101a701 +dd 0x01ca01ac +dd 0x00000001 + +ref_fffd3944: +dd 0x00010000 +dd 0x02000201 +dd 0x00030900 +dd 0x3c010029 +dd 0x01003f00 +dd 0x007f0075 +dd 0x91008009 +dd 0x00270100 +dd 0x4001003b +dd 0x01007d00 +dd 0x00b300b0 +dd 0xb800b401 +dd 0x00b90100 +dd 0xdc0100d7 +dd 0x0100fa00 + +ref_fffd3980: +dd 0x20445053 +dd 0x90906600 + +ref_fffd3988: +dd 0x02010000 +dd 0x06050403 +dd 0x08080707 +dd 0x0a090909 +dd 0x90660a0a + +ref_fffd399c: +dd loc_fffb4110 +dd loc_fffb413e +dd loc_fffb4178 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb41f2 +dd loc_fffb4196 +dd loc_fffb41c9 + +ref_fffd39cc: +dd loc_fffb46a0 +dd loc_fffb46b7 +dd loc_fffb46ce +dd loc_fffb46e2 +dd loc_fffb46f6 +dd loc_fffb470d +dd loc_fffb4724 +dd loc_fffb4738 +dd loc_fffb4773 +dd loc_fffb478a +dd loc_fffb47df +dd loc_fffb4850 +dd loc_fffb48b3 +dd loc_fffb49d4 +dd loc_fffb4a08 + +ref_fffd3a08: +dd loc_fffb4c55 +dd loc_fffb4c46 +dd loc_fffb4c64 +dd loc_fffb4cee +dd loc_fffb4cee +dd loc_fffb4cee + +ref_fffd3a20: db 'CbAllocatePool',0x00,0x00 -ref_fffd3fcc: +ref_fffd3a30: dd 0x00000000 dd 0xe0566b04 dd 0x060a0302 -ref_fffd3fd8: +ref_fffd3a3c: dd 0x008a2601 dd 0xee84a905 dd 0x03060402 @@ -69808,7 +69479,7 @@ dd 0x008e1401 dd 0xdb385b04 dd 0x05090302 -ref_fffd4038: +ref_fffd3a9c: dd 0x00000062 dd 0x44ab8703 dd 0x42220805 @@ -69830,7 +69501,7 @@ dd 0x98020000 dd 0x090573a3 dd 0x00000034 -ref_fffd4088: +ref_fffd3aec: dd 0x00669263 dd 0x82ca6a04 dd 0x63081009 @@ -71350,16 +71021,20 @@ dd 0x4f145324 dd 0x887d0200 dd 0x1804023c -ref_fffd5840: +ref_fffd52a4: +dd 0x283c7800 +dd 0x9066141e + +ref_fffd52ac: db '0000000000000000',0x00,0x00,0x00,0x00 -ref_fffd5854: +ref_fffd52c0: db ' ',0x00,0x00,0x00,0x00 -ref_fffd5868: +ref_fffd52d4: db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ',0x00,0x00,0x00,0x00 -ref_fffd5890: +ref_fffd52fc: dd 0x00000001 dd 0x00000002 dd 0x00000004 @@ -71369,14 +71044,36 @@ dd 0x00000020 dd 0x00000040 dd 0x00000000 -ref_fffd58b0: +ref_fffd531c: db ' +-#0!^',0x00 -ref_fffd58b8: -dd 0x283c7800 -dd 0x9066141e - -ref_fffd58c0: +ref_fffd5324: +dd loc_fffb955b +dd loc_fffb9556 +dd loc_fffb957c +dd loc_fffb956f +dd loc_fffb95b8 +dd loc_fffb959a +dd loc_fffb95ed +dd loc_fffb9603 +dd loc_fffb965c +dd loc_fffb9642 +dd loc_fffb9675 +dd loc_fffb96bd + +ref_fffd5354: +dd loc_fffb9987 +dd loc_fffb98c4 +dd loc_fffb9802 +dd loc_fffb98c4 +dd loc_fffb9949 +dd loc_fffb98c4 +dd loc_fffb99ae +dd loc_fffb9998 +dd loc_fffb9949 +dd loc_fffb97e3 + +ref_fffd537c: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -71384,44 +71081,25 @@ dd 0x00000001 dd 0x00000000 dd 0x00000001 -ref_fffd58d8: +ref_fffd5394: dd 0x01010101 dd 0x00010101 -ref_fffd58e0: +ref_fffd539c: dd 0xfb0af600 dd 0x000ff105 -ref_fffd58e8: +ref_fffd53a4: dd 0x00aaaaaa dd 0x00cccccc dd 0x00f0f0f0 -ref_fffd58f4: +ref_fffd53b0: dd 0x00a10ca1 dd 0x00ef0d08 dd 0x00ad0a1e -ref_fffd5900: -dd 0x05000500 -dd 0x00000000 -dd 0x00000000 - -ref_fffd590c: -dd 0x08c009b0 -dd 0x00000000 -dd 0x00000000 - -ref_fffd5918: -dd loc_fffbf5bb -dd loc_fffbf620 -dd loc_fffbf92d -dd loc_fffbf92d -dd loc_fffbf685 -dd loc_fffbf787 -dd loc_fffbf8aa - -ref_fffd5934: +ref_fffd53bc: dd 0x00000006 dd 0x00000002 dd 0x00000001 @@ -71430,7 +71108,7 @@ dd 0x00000002 dd 0x00000001 dd 0x00000000 -ref_fffd5950: +ref_fffd53d8: dd 0x00000000 dd 0x00000001 dd 0x00000002 @@ -71439,7 +71117,7 @@ dd 0x00000001 dd 0x00000002 dd 0x00000003 -ref_fffd596c: +ref_fffd53f4: dd 0x00000000 dd 0xfffffffa dd 0xfffffff4 @@ -71448,18 +71126,37 @@ dd 0x00000006 dd 0x0000000c dd 0x00000012 -ref_fffd5988: -dd loc_fffc31e7 -dd loc_fffc3222 -dd loc_fffc3219 -dd loc_fffc3210 -dd loc_fffc3207 -dd loc_fffc31fe -dd loc_fffc31f0 -dd loc_fffc3234 -dd loc_fffc322b - -ref_fffd59ac: +ref_fffd5410: +dd 0x05000500 +dd 0x00000000 +dd 0x00000000 + +ref_fffd541c: +dd 0x08c009b0 +dd 0x00000000 +dd 0x00000000 + +ref_fffd5428: +dd loc_fffc1e31 +dd loc_fffc1e96 +dd loc_fffc21a3 +dd loc_fffc21a3 +dd loc_fffc1efb +dd loc_fffc1ffd +dd loc_fffc2120 + +ref_fffd5444: +dd loc_fffc30dc +dd loc_fffc3117 +dd loc_fffc310e +dd loc_fffc3105 +dd loc_fffc30fc +dd loc_fffc30f3 +dd loc_fffc30e5 +dd loc_fffc3129 +dd loc_fffc3120 + +ref_fffd5468: dd 0x00000020 dd 0x00000040 dd 0x00000080 @@ -71469,492 +71166,1023 @@ dd 0x00000400 dd 0x00000800 dd 0x00001000 -ref_fffd59cc: -dd loc_fffc35d2 -dd loc_fffc35de -dd loc_fffc35ef -dd loc_fffc35fb -dd loc_fffc3607 - -ref_fffd59e0: -dd loc_fffc3c31 -dd loc_fffc3d79 -dd loc_fffc3c42 -dd loc_fffc3c4a -dd loc_fffc3c55 +ref_fffd5488: +dd loc_fffc34c7 +dd loc_fffc34d3 +dd loc_fffc34e4 +dd loc_fffc34f0 +dd loc_fffc34fc + +ref_fffd549c: +dd loc_fffc3b26 +dd loc_fffc3c6e +dd loc_fffc3b37 +dd loc_fffc3b3f +dd loc_fffc3b4a +dd loc_fffc3b55 +dd loc_fffc3b60 +dd loc_fffc3b68 +dd loc_fffc3b73 +dd loc_fffc3b7f +dd loc_fffc3b94 +dd loc_fffc3b87 +dd loc_fffc3ba7 +dd loc_fffc3baf +dd loc_fffc3b9c +dd loc_fffc3bb9 +dd loc_fffc3bc1 +dd loc_fffc3bcc +dd loc_fffc3bd7 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3bdf +dd loc_fffc3be8 +dd loc_fffc3bf0 +dd loc_fffc3bf8 +dd loc_fffc3c03 +dd loc_fffc3c0e +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c22 +dd loc_fffc3c3f +dd loc_fffc3c4d dd loc_fffc3c60 -dd loc_fffc3c6b -dd loc_fffc3c73 -dd loc_fffc3c7e -dd loc_fffc3c8a -dd loc_fffc3c9f -dd loc_fffc3c92 -dd loc_fffc3cb2 -dd loc_fffc3cba -dd loc_fffc3ca7 -dd loc_fffc3cc4 -dd loc_fffc3ccc -dd loc_fffc3cd7 -dd loc_fffc3ce2 -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3cea -dd loc_fffc3cf3 -dd loc_fffc3cfb -dd loc_fffc3d03 -dd loc_fffc3d0e -dd loc_fffc3d19 -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d2d -dd loc_fffc3d4a -dd loc_fffc3d58 -dd loc_fffc3d6b -dd loc_fffc3dad -dd loc_fffc3d8c -dd loc_fffc3d97 -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3da2 -dd loc_fffc3dad -dd loc_fffc3d66 -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3dad -dd loc_fffc3d81 - -ref_fffd5abc: -dd 0x04030201 -dd 0x06000500 -dd 0x00000700 +dd loc_fffc3ca2 +dd loc_fffc3c81 +dd loc_fffc3c8c +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3c97 +dd loc_fffc3ca2 +dd loc_fffc3c5b +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3ca2 +dd loc_fffc3c76 + +ref_fffd5578: +dd 0x02010201 +dd 0x02010201 +dd 0x03030303 +dd 0x00000000 + +ref_fffd5588: +dd 0x040f0f0f +dd 0x010f030f +dd 0x0f0f0f0f +dd 0x000f0205 + +ref_fffd5598: +dd 0x32320101 +dd 0x20101010 +dd 0x23232320 +dd 0x00000020 +dd 0x00000010 +dd 0x00000023 +dd 0x21303120 +dd 0x00002120 +dd 0x00003020 +dd 0x00000020 +dd 0x00000000 +dd 0x00000000 + +ref_fffd55c8: +dd fcn_fffb7ecd +dd 0x0000dd1b +dd 0xff320000 +dd fcn_fffc378b +dd 0x0001dd1c +dd 0xff3e0000 +dd fcn_fffc3ac1 +dd 0x0004dd1e +dd 0xff3f0000 +dd fcn_fffac0c5 +dd 0x0005dd1f +dd 0xff3f0000 +dd fcn_fffac2dd +dd 0x0003dd20 +dd 0xff310000 +dd fcn_fffc3a22 +dd 0x0006dd21 +dd 0xff3f0000 +dd fcn_fffab2f0 +dd 0x0007dd22 +dd 0xff3f0000 +dd fcn_fffa2b43 +dd 0x0008dd23 +dd 0xff3f0000 +dd fcn_fffd23bd +dd 0x0009dd24 +dd 0xff3f0000 +dd fcn_fffc9f5d +dd 0x000add26 +dd 0xff310000 +dd fcn_fffa91a0 +dd 0x000bdd27 +dd 0xff330000 +dd fcn_fffc775d +dd 0x000fdd29 +dd 0xff310000 +dd fcn_fffb9c7d +dd 0x000ddd28 +dd 0xff310000 +dd fcn_fffae06f +dd 0x000edd25 +dd 0xff310000 +dd fcn_fffaec3c +dd 0x0011dd2b +dd 0xff310000 +dd fcn_fffbcdaf +dd 0x0010dd2a +dd 0xff310000 +dd fcn_fffbb9e6 +dd 0x0012dd2c +dd 0xff310000 +dd fcn_fffbd78e +dd 0x0014dd2e +dd 0xff310000 +dd fcn_fffbd7ae +dd 0x0015dd2f +dd 0xff310000 +dd fcn_fffada2f +dd 0x0016dd4a +dd 0xff310000 +dd fcn_fffc556f +dd 0x0024dd3a +dd 0xff310000 +dd fcn_fffa8788 +dd 0x0038dd3d +dd 0xff310000 +dd fcn_fffc5e42 +dd 0x0027dd3e +dd 0xff310000 +dd fcn_fffb757f +dd 0x0021dd49 +dd 0xff310000 +dd fcn_fffcc6a5 +dd 0x0017dd46 +dd 0xff310000 +dd fcn_fffd0a5f +dd 0x0018dd30 +dd 0xff310000 +dd fcn_fffcc956 +dd 0x0019dd30 +dd 0xff310000 +dd fcn_fffcce03 +dd 0x001add32 +dd 0xff310000 +dd fcn_fffc198b +dd 0x001cdd33 +dd 0xff310000 +dd fcn_fffcc746 +dd 0x001ddd35 +dd 0xff310000 +dd fcn_fffcca92 +dd 0x001bdd45 +dd 0xff310000 +dd fcn_fffcc5b3 +dd 0x001fdd37 +dd 0xff310000 +dd fcn_fffc0455 +dd 0x001edd36 +dd 0xff310000 +dd fcn_fffccb56 +dd 0x0028dd4b +dd 0xff310000 +dd fcn_fffccc72 +dd 0x0029dd4c +dd 0xff310000 +dd fcn_fffb4517 +dd 0x0020dd41 +dd 0xff310000 +dd fcn_fffacbf4 +dd 0x0006dd21 +dd 0xff310000 +dd fcn_fffa8788 +dd 0x0038dd3d +dd 0xff310000 +dd fcn_fffc5e42 +dd 0x0027dd3e +dd 0xff310000 +dd fcn_fffc556f +dd 0x0024dd3a +dd 0xff310000 +dd fcn_fffc054a +dd 0x0025dd3b +dd 0xff310000 +dd fcn_fffc0408 +dd 0x0026dd3c +dd 0xff310000 +dd fcn_fffc8a1c +dd 0x0022dd38 +dd 0xff310000 +dd fcn_fffc8a97 +dd 0x0023dd39 +dd 0xff310000 +dd fcn_fffbd7ce +dd 0x002fdd47 +dd 0xff310000 +dd fcn_fffc51d8 +dd 0x002ddd3f +dd 0xff310000 +dd fcn_fffc4fa5 +dd 0x002edd40 +dd 0xff310000 +dd fcn_fffd017f +dd 0x0043dd58 +dd 0x01310000 +dd fcn_fffc12a0 +dd 0x0031dd44 +dd 0xff310000 +dd fcn_fffb757f +dd 0x0021dd49 +dd 0xff310000 +dd fcn_fffa7602 +dd 0x0045dd48 +dd 0xff310000 +dd fcn_fffc7732 +dd 0x0030dd42 +dd 0xff310000 +dd fcn_fffc76e5 +dd 0x0044dd7f +dd 0xff310000 +dd fcn_fffb4e8f +dd 0x0039dd50 +dd 0xff310000 +dd fcn_fffc770d +dd 0x0030dd42 +dd 0xff310000 +dd fcn_fffb657d +dd 0x0030dd42 +dd 0xff310000 +dd fcn_fffc76ba +dd 0x0033dd43 +dd 0xff3e0000 +dd fcn_fffc9f5d +dd 0x000add26 +dd 0xff320000 +dd fcn_fffc76e5 +dd 0x0044dd7f +dd 0xff360000 +dd fcn_fffc7698 +dd 0x0033dd43 +dd 0xff3e0000 +dd fcn_fffa8c9b +dd 0x003add51 +dd 0xff3f0000 +dd fcn_fffae330 +dd 0x0034dd70 +dd 0xff3c0000 +dd fcn_fffc53cd +dd 0x0035dd71 +dd 0xff3e0000 +dd fcn_fffa8a11 +dd 0x0036dd5b +dd 0xff310000 +dd fcn_fffad3f0 +dd 0x0037dd5c +dd 0xff330000 +dd fcn_fffb352d +dd 0x003bdd5d +dd 0xff3f0000 + +ref_fffd58e0: +dd 0x00030104 +dd 0x00050200 +dd 0x04000000 +dd 0x00000706 +dd 0x00000200 +dd 0x00000000 +dd 0x00000000 +dd 0x00000000 +dd 0x90660200 + +ref_fffd5904: +dd 0x003c0000 +dd 0x48004806 +dd 0x004c0600 +dd 0x5002004c +dd 0x04005000 +dd 0x00540054 +dd 0x58005806 +dd 0x005c0400 +dd 0x6006005c +dd 0x06006000 +dd 0x00640064 +dd 0x60006002 +dd 0x00640700 +dd 0x68030064 +dd 0x06006800 +dd 0x0070006c +dd 0x78007407 +dd 0x00740600 +dd 0x7c070074 +dd 0x04008c00 +dd 0x00800080 +dd 0x3c010005 +dd 0x01480601 +dd 0x4c060148 +dd 0x02014c01 +dd 0x01500150 +dd 0x54015404 +dd 0x01580601 +dd 0x5c040158 +dd 0x06015c01 +dd 0x01600160 +dd 0x64016406 +dd 0x01600201 +dd 0x64070160 +dd 0x03016401 +dd 0x01680168 +dd 0x70016c06 +dd 0x01740701 +dd 0x74060178 +dd 0x07017401 +dd 0x018c017c +dd 0x80018004 +dd 0x02000501 +dd 0x4806023c +dd 0x06024802 +dd 0x024c024c +dd 0x50025002 +dd 0x02540402 +dd 0x58060254 +dd 0x04025802 +dd 0x025c025c +dd 0x60026006 +dd 0x02640602 +dd 0x60020264 +dd 0x07026002 +dd 0x02640264 +dd 0x68026803 +dd 0x026c0602 +dd 0x74070270 +dd 0x06027802 +dd 0x02740274 +dd 0x8c027c07 +dd 0x02800402 +dd 0x00050280 +dd 0x06033c03 +dd 0x03480348 +dd 0x4c034c06 +dd 0x03500203 +dd 0x54040350 +dd 0x06035403 +dd 0x03580358 +dd 0x5c035c04 +dd 0x03600603 +dd 0x64060360 +dd 0x02036403 +dd 0x03600360 +dd 0x64036407 +dd 0x03680303 +dd 0x6c060368 +dd 0x07037003 +dd 0x03780374 +dd 0x74037406 +dd 0x037c0703 +dd 0x8004038c +dd 0x05038003 +dd 0x043c0400 +dd 0x48044806 +dd 0x044c0604 +dd 0x5002044c +dd 0x04045004 +dd 0x04540454 +dd 0x58045806 +dd 0x045c0404 +dd 0x6006045c +dd 0x06046004 +dd 0x04640464 +dd 0x60046002 +dd 0x04640704 +dd 0x68030464 +dd 0x06046804 +dd 0x0470046c +dd 0x78047407 +dd 0x04740604 +dd 0x7c070474 +dd 0x04048c04 +dd 0x04800480 +dd 0x3c050005 +dd 0x05480605 +dd 0x4c060548 +dd 0x02054c05 +dd 0x05500550 +dd 0x54055404 +dd 0x05580605 +dd 0x5c040558 +dd 0x06055c05 +dd 0x05600560 +dd 0x64056406 +dd 0x05600205 +dd 0x64070560 +dd 0x03056405 +dd 0x05680568 +dd 0x70056c06 +dd 0x05740705 +dd 0x74060578 +dd 0x07057405 +dd 0x058c057c +dd 0x80058004 +dd 0x06000505 +dd 0x4806063c +dd 0x06064806 +dd 0x064c064c +dd 0x50065002 +dd 0x06540406 +dd 0x58060654 +dd 0x04065806 +dd 0x065c065c +dd 0x60066006 +dd 0x06640606 +dd 0x60020664 +dd 0x07066006 +dd 0x06640664 +dd 0x68066803 +dd 0x066c0606 +dd 0x74070670 +dd 0x06067806 +dd 0x06740674 +dd 0x8c067c07 +dd 0x06800406 +dd 0x00050680 +dd 0x06073c07 +dd 0x07480748 +dd 0x4c074c06 +dd 0x07500207 +dd 0x54040750 +dd 0x06075407 +dd 0x07580758 +dd 0x5c075c04 +dd 0x07600607 +dd 0x64060760 +dd 0x02076407 +dd 0x07600760 +dd 0x64076407 +dd 0x07680307 +dd 0x6c060768 +dd 0x07077007 +dd 0x07780774 +dd 0x74077406 +dd 0x077c0707 +dd 0x8004078c +dd 0x05078007 +dd 0x083c0800 +dd 0x48084806 +dd 0x084c0608 +dd 0x5002084c +dd 0x04085008 +dd 0x08540854 +dd 0x58085806 +dd 0x085c0408 +dd 0x6006085c +dd 0x06086008 +dd 0x08640864 +dd 0x60086002 +dd 0x08640708 +dd 0x68030864 +dd 0x06086808 +dd 0x0870086c +dd 0x78087407 +dd 0x08740608 +dd 0x7c070874 +dd 0x04088c08 +dd 0x08800880 +dd 0x3c090005 +dd 0x09480609 +dd 0x4c060948 +dd 0x02094c09 +dd 0x09500950 +dd 0x54095404 +dd 0x09580609 +dd 0x5c040958 +dd 0x06095c09 +dd 0x09600960 +dd 0x64096406 +dd 0x09600209 +dd 0x64070960 +dd 0x03096409 +dd 0x09680968 +dd 0x70096c06 +dd 0x09740709 +dd 0x74060978 +dd 0x07097409 +dd 0x098c097c +dd 0x80098004 +dd 0x0a000509 +dd 0x48060a3c +dd 0x060a480a +dd 0x0a4c0a4c +dd 0x500a5002 +dd 0x0a54040a +dd 0x58060a54 +dd 0x040a580a +dd 0x0a5c0a5c +dd 0x600a6006 +dd 0x0a64060a +dd 0x60020a64 +dd 0x070a600a +dd 0x0a640a64 +dd 0x680a6803 +dd 0x0a6c060a +dd 0x74070a70 +dd 0x060a780a +dd 0x0a740a74 +dd 0x8c0a7c07 +dd 0x0a80040a +dd 0x00050a80 +dd 0x060b3c0b +dd 0x0b480b48 +dd 0x4c0b4c06 +dd 0x0b50020b +dd 0x54040b50 +dd 0x060b540b +dd 0x0b580b58 +dd 0x5c0b5c04 +dd 0x0b60060b +dd 0x64060b60 +dd 0x020b640b +dd 0x0b600b60 +dd 0x640b6407 +dd 0x0b68030b +dd 0x6c060b68 +dd 0x070b700b +dd 0x0b780b74 +dd 0x740b7406 +dd 0x0b7c070b +dd 0x80040b8c +dd 0x050b800b +dd 0x0c3c0c00 +dd 0x480c4806 +dd 0x0c4c060c +dd 0x50020c4c +dd 0x040c500c +dd 0x0c540c54 +dd 0x580c5806 +dd 0x0c5c040c +dd 0x60060c5c +dd 0x060c600c +dd 0x0c640c64 +dd 0x600c6002 +dd 0x0c64070c +dd 0x68030c64 +dd 0x060c680c +dd 0x0c700c6c +dd 0x780c7407 +dd 0x0c74060c +dd 0x7c070c74 +dd 0x040c8c0c +dd 0x0c800c80 +dd 0x3c0d0005 +dd 0x0d48060d +dd 0x4c060d48 +dd 0x020d4c0d +dd 0x0d500d50 +dd 0x540d5404 +dd 0x0d58060d +dd 0x5c040d58 +dd 0x060d5c0d +dd 0x0d600d60 +dd 0x640d6406 +dd 0x0d60020d +dd 0x64070d60 +dd 0x030d640d +dd 0x0d680d68 +dd 0x700d6c06 +dd 0x0d74070d +dd 0x74060d78 +dd 0x070d740d +dd 0x0d8c0d7c +dd 0x800d8004 +dd 0x0e00050d +dd 0x48060e3c +dd 0x060e480e +dd 0x0e4c0e4c +dd 0x500e5002 +dd 0x0e54040e +dd 0x58060e54 +dd 0x040e580e +dd 0x0e5c0e5c +dd 0x600e6006 +dd 0x0e64060e +dd 0x60020e64 +dd 0x070e600e +dd 0x0e640e64 +dd 0x680e6803 +dd 0x0e6c060e +dd 0x74070e70 +dd 0x060e780e +dd 0x0e740e74 +dd 0x8c0e7c07 +dd 0x0e80040e +dd 0x00050e80 +dd 0x060f3c0f +dd 0x0f480f48 +dd 0x4c0f4c06 +dd 0x0f50020f +dd 0x54040f50 +dd 0x060f540f +dd 0x0f580f58 +dd 0x5c0f5c04 +dd 0x0f60060f +dd 0x64060f60 +dd 0x020f640f +dd 0x0f600f60 +dd 0x640f6407 +dd 0x0f68030f +dd 0x6c060f68 +dd 0x070f700f +dd 0x0f780f74 +dd 0x740f7406 +dd 0x0f7c070f +dd 0x80040f8c +dd 0x050f800f +dd 0x0f840f84 +dd 0x3c100005 +dd 0x10480610 +dd 0x4c061048 +dd 0x02104c10 +dd 0x10501050 +dd 0x54105404 +dd 0x10580610 +dd 0x5c041058 +dd 0x06105c10 +dd 0x10601060 +dd 0x64106406 +dd 0x10600210 +dd 0x64071060 +dd 0x03106410 +dd 0x10681068 +dd 0x70106c06 +dd 0x10740710 +dd 0x74061078 +dd 0x07107410 +dd 0x108c107c +dd 0x80108004 +dd 0x11000510 +dd 0x4806113c +dd 0x06114811 +dd 0x114c114c +dd 0x50115002 +dd 0x11540411 +dd 0x58061154 +dd 0x04115811 +dd 0x115c115c +dd 0x60116006 +dd 0x11640611 +dd 0x60021164 +dd 0x07116011 +dd 0x11641164 +dd 0x68116803 +dd 0x116c0611 +dd 0x74071170 +dd 0x06117811 +dd 0x11741174 +dd 0x8c117c07 +dd 0x11800411 +dd 0x04051180 +dd 0x06120812 +dd 0x121c1214 +dd 0x20122006 +dd 0x13040412 +dd 0x14061308 +dd 0x06131c13 +dd 0x13201320 +dd 0x0c140404 +dd 0x15040614 +dd 0x0006150c +dd 0x04180018 +dd 0x18101808 +dd 0x18181806 +dd 0x18200418 +dd 0x00041820 +dd 0x04190019 +dd 0x19101908 +dd 0x18191806 +dd 0x19200419 +dd 0x04041920 +dd 0x061a0c1a +dd 0x1b0c1b04 +dd 0x1c1c1406 +dd 0x1c20061c +dd 0x14041c20 +dd 0x061d1c1d +dd 0x1d201d20 +dd 0x04200004 +dd 0x20080720 +dd 0xb8062008 +dd 0x022bb82b +dd 0x36783678 +dd 0x283a0004 +dd 0x3a2c063a +dd 0x30043a2c +dd 0x043a343a +dd 0x40044000 +dd 0x04400406 +dd 0x40080740 +dd 0x1006400c +dd 0x07401440 +dd 0x40184018 +dd 0x20402005 +dd 0x40240740 +dd 0x2c064028 +dd 0x04403840 +dd 0x40ac40a4 +dd 0xcc40b404 +dd 0x40d00440 +dd 0xd40640d0 +dd 0x0440d440 +dd 0x42104210 +dd 0x24422004 +dd 0x42280642 +dd 0x8c044244 +dd 0x04429042 +dd 0x42944294 +dd 0x98429806 +dd 0x429c0442 +dd 0xa006429c +dd 0x0742a042 +dd 0x42ac42a4 +dd 0xe842e405 +dd 0x42ec0542 +dd 0x280742fc +dd 0x07432843 +dd 0x43744340 +dd 0x90438c05 +dd 0x44000643 +dd 0x04064404 +dd 0x07440444 +dd 0x440c4408 +dd 0x14441006 +dd 0x44180744 +dd 0x20054418 +dd 0x07442044 +dd 0x44284424 +dd 0x38442c06 +dd 0x44a40444 +dd 0xb40444ac +dd 0x0444cc44 +dd 0x44d044d0 +dd 0xd444d406 +dd 0x46100444 +dd 0x20044610 +dd 0x06462446 +dd 0x46444628 +dd 0x90468c04 +dd 0x46940446 +dd 0x98064694 +dd 0x04469846 +dd 0x469c469c +dd 0xa046a006 +dd 0x46a40746 +dd 0xe40546ac +dd 0x0546e846 +dd 0x46fc46ec +dd 0x28472807 +dd 0x47400747 +dd 0x8c054774 +dd 0x06479047 +dd 0x48c048a8 +dd 0xf448d802 +dd 0x49080248 +dd 0x6802491c +dd 0x04496849 +dd 0x498c4980 +dd 0x444e3802 +dd 0x5000024e +dd 0x04065000 +dd 0x07500850 +dd 0x5018500c +dd 0x1c501c06 +dd 0x50200750 +dd 0x38065034 +dd 0x02503c50 +dd 0x50585040 +dd 0x5c505c06 +dd 0x50600250 +dd 0x64075060 +dd 0x02507c50 +dd 0x50845080 +dd 0x8c508806 +dd 0x50900250 +dd 0x98065094 +dd 0x02509c50 +dd 0x50a450a0 +dd 0xac50a806 +dd 0x50b00250 +dd 0xd00650cc +dd 0x0250dc50 +dd 0x58805880 +dd 0x88588407 +dd 0x588c0758 +dd 0x9005588c +dd 0x07589c58 +dd 0x58a458a4 +dd 0xdc58d006 +dd 0x58e00758 +dd 0xb80758e4 +dd 0x0759b859 -ref_fffd5ac8: +ref_fffd6138: dd 0x08040201 dd 0x08040201 dd 0x00000000 -ref_fffd5ad4: +ref_fffd6144: dd 0x08040201 dd 0x00000000 dd 0x08040201 -ref_fffd5ae0: -dd loc_fffcad86 -dd loc_fffcad8a -dd loc_fffcad8e -dd loc_fffcada0 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadab -dd loc_fffcadb2 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadc1 -dd loc_fffcadab - -ref_fffd5b20: +ref_fffd6150: +dd 0x04030201 +dd 0x06000500 +dd 0x00000700 + +ref_fffd615c: +dd loc_fffcb5fc +dd loc_fffcb600 +dd loc_fffcb604 +dd loc_fffcb616 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb621 +dd loc_fffcb628 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb637 +dd loc_fffcb621 + +ref_fffd619c: dd 0x08c009b0 dd 0x08c009b0 dd 0x00000000 -ref_fffd5b2c: +ref_fffd61a8: dd 0x08c009b0 dd 0x00000000 dd 0x90660000 -ref_fffd5b38: -dd loc_fffcca6b -dd loc_fffcca76 -dd loc_fffcca87 -dd loc_fffcca98 -dd loc_fffccaa9 -dd loc_fffccb52 -dd loc_fffccbfe -dd loc_fffccfba -dd loc_fffccc18 -dd loc_fffccd45 -dd loc_fffcce72 -dd loc_fffccaba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccbe1 -dd loc_fffccb52 -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccfba -dd loc_fffccbe1 -dd loc_fffccb52 - -ref_fffd5bc0: -dd 0x02010201 -dd 0x02010201 -dd 0x03030303 -dd 0x00000000 - -ref_fffd5bd0: -dd 0x040f0f0f -dd 0x010f030f -dd 0x0f0f0f0f -dd 0x000f0205 - -ref_fffd5be0: -dd 0x32320101 -dd 0x20101010 -dd 0x23232320 -dd 0x00000020 -dd 0x00000010 -dd 0x00000023 -dd 0x21303120 -dd 0x00002120 -dd 0x00003020 -dd 0x00000020 -dd 0x00000000 -dd 0x00000000 - -ref_fffd5c10: -dd fcn_fffb7458 -dd 0x0000dd1b -dd 0xff320000 -dd fcn_fffc3896 -dd 0x0001dd1c -dd 0xff3e0000 -dd fcn_fffc3bcc -dd 0x0004dd1e -dd 0xff3f0000 -dd fcn_fffa95c3 -dd 0x0005dd1f -dd 0xff3f0000 -dd fcn_fffa97db -dd 0x0003dd20 -dd 0xff310000 -dd fcn_fffc3b2d -dd 0x0006dd21 -dd 0xff3f0000 -dd fcn_fffa87ee -dd 0x0007dd22 -dd 0xff3f0000 -dd fcn_fffa2b14 -dd 0x0008dd23 -dd 0xff3f0000 -dd fcn_fffd20cb -dd 0x0009dd24 -dd 0xff3f0000 -dd fcn_fffc82f4 -dd 0x000add26 -dd 0xff310000 -dd fcn_fffab126 -dd 0x000bdd27 -dd 0xff330000 -dd fcn_fffc9652 -dd 0x000fdd29 -dd 0xff310000 -dd fcn_fffb9c9b -dd 0x000ddd28 -dd 0xff310000 -dd fcn_fffb1d2f -dd 0x000edd25 -dd 0xff310000 -dd fcn_fffb28b2 -dd 0x0011dd2b -dd 0xff310000 -dd fcn_fffbcdcd -dd 0x0010dd2a -dd 0xff310000 -dd fcn_fffbba04 -dd 0x0012dd2c -dd 0xff310000 -dd fcn_fffbd7ac -dd 0x0014dd2e -dd 0xff310000 -dd fcn_fffbd7cc -dd 0x0015dd2f -dd 0xff310000 -dd fcn_fffb16ef -dd 0x0016dd4a -dd 0xff310000 -dd fcn_fffc40aa -dd 0x0024dd3a -dd 0xff310000 -dd fcn_fffaf0ee -dd 0x0038dd3d -dd 0xff310000 -dd fcn_fffc57e4 -dd 0x0027dd3e -dd 0xff310000 -dd fcn_fffb947c -dd 0x0021dd49 -dd 0xff310000 -dd fcn_fffcbd3d -dd 0x0017dd46 -dd 0xff310000 -dd fcn_fffd07ac -dd 0x0018dd30 -dd 0xff310000 -dd fcn_fffcbfee -dd 0x0019dd30 -dd 0xff310000 -dd fcn_fffcc49b -dd 0x001add32 -dd 0xff310000 -dd fcn_fffbf115 -dd 0x001cdd33 -dd 0xff310000 -dd fcn_fffcbdde -dd 0x001ddd35 -dd 0xff310000 -dd fcn_fffcc12a -dd 0x001bdd45 -dd 0xff310000 -dd fcn_fffbdbe7 -dd 0x001fdd37 -dd 0xff310000 -dd fcn_fffbdaf2 -dd 0x001edd36 -dd 0xff310000 -dd fcn_fffcc1ee -dd 0x0028dd4b -dd 0xff310000 -dd fcn_fffcc30a -dd 0x0029dd4c -dd 0xff310000 -dd fcn_fffb4484 -dd 0x0020dd41 -dd 0xff310000 -dd fcn_fffaf0ee -dd 0x0038dd3d -dd 0xff310000 -dd fcn_fffc57e4 -dd 0x0027dd3e -dd 0xff310000 -dd fcn_fffc40aa -dd 0x0024dd3a -dd 0xff310000 -dd fcn_fffbdcd9 -dd 0x0025dd3b -dd 0xff310000 -dd fcn_fffc242d -dd 0x0026dd3c -dd 0xff310000 -dd fcn_fffca881 -dd 0x0022dd38 -dd 0xff310000 -dd fcn_fffca8fc -dd 0x0023dd39 -dd 0xff310000 -dd fcn_fffbd7ec -dd 0x002fdd47 -dd 0xff310000 -dd fcn_fffced30 -dd 0x002ddd3f -dd 0xff310000 -dd fcn_fffceafd -dd 0x002edd40 -dd 0xff310000 -dd fcn_fffcfef1 -dd 0x0043dd58 -dd 0x01310000 -dd fcn_fffbea2f -dd 0x0031dd44 -dd 0xff310000 -dd fcn_fffb947c -dd 0x0021dd49 -dd 0xff310000 -dd fcn_fffa7654 -dd 0x0045dd48 -dd 0xff310000 -dd fcn_fffae645 -dd 0x0030dd42 -dd 0xff310000 -dd fcn_fffa5ce0 -dd 0x0044dd7f -dd 0xff310000 -dd fcn_fffb5bed -dd 0x0039dd50 -dd 0xff310000 -dd fcn_fffa5d08 -dd 0x0030dd42 -dd 0xff310000 -dd fcn_fffb847a -dd 0x0030dd42 -dd 0xff310000 -dd fcn_fffa5cb5 -dd 0x0033dd43 -dd 0xff3e0000 -dd fcn_fffc82f4 -dd 0x000add26 -dd 0xff320000 -dd fcn_fffa5ce0 -dd 0x0044dd7f -dd 0xff360000 -dd fcn_fffa5c93 -dd 0x0033dd43 -dd 0xff3e0000 -dd fcn_fffaf601 -dd 0x003add51 -dd 0xff3f0000 -dd fcn_fffb1ff0 -dd 0x0034dd70 -dd 0xff3c0000 -dd fcn_fffc3f08 -dd 0x0035dd71 -dd 0xff3e0000 -dd fcn_fffaf377 -dd 0x0036dd5b -dd 0xff310000 -dd fcn_fffaad1c -dd 0x0037dd5c -dd 0xff330000 -dd fcn_fffae7f6 -dd 0x003bdd5d -dd 0xff3f0000 - -ref_fffd5f1c: -dd 0x00030104 -dd 0x00050200 -dd 0x04000000 -dd 0x00000706 -dd 0x00000200 -dd 0x00000000 -dd 0x00000000 -dd 0x00000000 -dd 0x90660200 - -ref_fffd5f40: +ref_fffd61b4: +dd loc_fffcd3d3 +dd loc_fffcd3de +dd loc_fffcd3ef +dd loc_fffcd400 +dd loc_fffcd411 +dd loc_fffcd4ba +dd loc_fffcd566 +dd loc_fffcd922 +dd loc_fffcd580 +dd loc_fffcd6ad +dd loc_fffcd7da +dd loc_fffcd422 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd549 +dd loc_fffcd4ba +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd922 +dd loc_fffcd549 +dd loc_fffcd4ba + +ref_fffd623c: dd 0x0bb80bb8 dd 0x00000000 db 0x00 db 0x00 -ref_fffd5f4a: +ref_fffd6246: db 'Invalid PEI data version, %d != %d',0x0a,0x00 -ref_fffd5f6e: +ref_fffd626a: db 'MRC: S3 Resume',0x0a,0x00 -ref_fffd5f7e: +ref_fffd627a: db 'Initializing Policy',0x0a,0x00 -ref_fffd5f93: +ref_fffd628f: db 'Installing common PPI',0x0a,0x00 -ref_fffd5faa: +ref_fffd62a6: db 'Initializing Memory',0x0a,0x00 -ref_fffd5fbf: +ref_fffd62bb: db 'MRC: Done.',0x0a,0x00 -ref_fffd5fcb: +ref_fffd62c7: db 'MRC: Starting...',0x0a,0x00 -ref_fffd5fdd: +ref_fffd62d9: db '%s:%d pool cookie corrupted...',0x0a,0x00 -ref_fffd5ffd: +ref_fffd62f9: db '%s:%d failed to allocate %d bytes...',0x0a,0x00 -ref_fffd6023: +ref_fffd631f: db 'hljztL',0x00 -ref_fffd602a: +ref_fffd6326: db '(null)',0x00,0x00,0x00,0x00 -ref_fffd6034: +ref_fffd6330: dd 0xe6af1f7b dd 0x46dafc3f dd 0xb4a328a8 dd 0x8242a457 -ref_fffd6044: +ref_fffd6340: dd 0x00000000 -dd fcn_fffb4a3c +dd fcn_fffb9485 -ref_fffd604c: +ref_fffd6348: dd 0x1f4c6f90 dd 0x48d8b06b dd 0xe5ba01a2 dd 0x567dcdf1 -ref_fffd605c: +; FIXME: fix up for a PPI +ref_fffd6358: db 0x01 -dd fcn_fffb3f4b -dd fcn_fffb878b -dd fcn_fffc5590 -dd fcn_fffb8736 +dd fcn_fffb915b +dd fcn_fffb688e +dd fcn_fffc5bee +dd fcn_fffb6839 db 0x00, 0x00, 0x00 -ref_fffd6070: +ref_fffd636c: dd 0x794a0deb dd 0x4e7bc971 dd 0xbfd0f28a dd 0x9826ca3c -ref_fffd6080: +ref_fffd637c: dd 0x80000010 -dd ref_fffd6034 +dd ref_fffd6330 dd 0x00000000 -ref_fffd608c: -dd fcn_fffb7600 -dd fcn_fffc9574 -dd fcn_fffb6fd2 -dd fcn_fffb6f06 -dd fcn_fffab024 -dd fcn_fffb3f19 -dd fcn_fffaafcb -dd fcn_fffaafb4 -dd fcn_fffab02d -dd fcn_fffb3f35 -dd fcn_fffaafe6 -dd fcn_fffaafbd -dd fcn_fffb3d44 -dd fcn_fffb3d11 -dd fcn_fffb3d75 -dd fcn_fffb3dcd -dd fcn_fffb3da6 -dd fcn_fffb3d2e -dd fcn_fffb3d91 -dd fcn_fffcc4b8 - -ref_fffd60dc: +ref_fffd6388: +dd fcn_fffb456f +dd fcn_fffc74fd +dd fcn_fffb61a8 +dd fcn_fffb6275 +dd fcn_fffb4038 +dd fcn_fffb00aa +dd fcn_fffb00e5 +dd fcn_fffb0092 +dd fcn_fffb0197 +dd fcn_fffb00c6 +dd fcn_fffb406a +dd fcn_fffb009b +dd fcn_fffb3e63 +dd fcn_fffb3e54 +dd fcn_fffb3feb +dd fcn_fffb4029 +dd fcn_fffb3e3c +dd fcn_fffb3fae +dd fcn_fffb4007 +dd fcn_fffcce20 + +ref_fffd63d8: dd 0x98191174 dd 0x41060b26 dd 0x45d002af dd 0x2b05e851 -ref_fffd60ec: +ref_fffd63e8: dd 0xaf4a1998 dd 0x45454949 dd 0xe7c14c9c dd 0x56e042c0 -ref_fffd60fc: +ref_fffd63f8: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -71962,7 +72190,7 @@ dd 0x32163148 dd 0x3250314c dd 0x76543150 -ref_fffd6114: +ref_fffd6410: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -71976,7 +72204,7 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_fffd6144: +ref_fffd6440: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -71987,7 +72215,7 @@ dd 0x00063158 dd 0x55443164 dd 0x00073168 -ref_fffd6168: +ref_fffd6464: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -71999,10 +72227,10 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_fffd6190: +ref_fffd648c: dd 0xa6a4a2a0 -ref_fffd6194: +ref_fffd6490: dd 0x422b8086 dd 0x02ffffff dd 0x00000001 @@ -72256,89 +72484,89 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_fffd6584: +ref_fffd6880: dd 0x50031131 dd 0x43ef4f24 dd 0x3773afb7 dd 0xac0ef794 -ref_fffd6594: +ref_fffd6890: dd 0x80000010 -dd ref_fffd604c -dd ref_fffd6044 +dd ref_fffd6348 +dd ref_fffd6340 -ref_fffd65a0: +ref_fffd689c: dd 0x433e0f9f dd 0x410a05ae dd 0x29bfc3a0 dd 0xac25cb8e -ref_fffd65b0: +ref_fffd68ac: dd 0xf894643d dd 0x42d1c449 dd 0xbd85a88e dd 0xde5bc6d8 -ref_fffd65c0: +ref_fffd68bc: dd 0xf8d5438e dd 0x481d26e1 dd 0xd6303cb6 dd 0x20a4f4ef -ref_fffd65d0: +ref_fffd68cc: dd 0x4c10d934 dd 0x45a438e6 dd 0x792a249a dd 0x7fcb3db9 -ref_fffd65e0: +ref_fffd68dc: dd 0x80000010 -dd ref_fffd6070 -dd ref_fffd605c +dd ref_fffd636c +dd ref_fffd6358 -ref_fffd65ec: +ref_fffd68e8: dd 0x3d0e663a dd 0x4489dc72 dd 0x9ee4c587 dd 0x52a473e7 -ref_fffd65fc: +ref_fffd68f8: dd 0x3e14d361 dd 0x42e4c7d7 dd 0xebb907ae dd 0x2aed9648 -ref_fffd660c: +ref_fffd6908: dd 0x87f22dcb dd 0x41057304 dd 0x71317cbb dd 0x3bc2cc43 -ref_fffd661c: +ref_fffd6918: dd 0x573eaf99 dd 0x46b5f445 dd 0x4abcd5a5 dd 0xf3983593 -ref_fffd662c: +ref_fffd6928: dd 0x9ca93627 dd 0x4324b65b dd 0xb4c002a2 dd 0x43457661 -ref_fffd663c: +ref_fffd6938: dd 0x17865dc0 dd 0x4da80b8b dd 0x467c428b dd 0x4dca5cb8 -ref_fffd664c: +ref_fffd6948: dd 0xf38d1338 dd 0x4fb6af7a dd 0x9c1adb91 dd 0x0d578321 -ref_fffd665c: +ref_fffd6958: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -72352,7 +72580,7 @@ dd 0x00000155 dd 0x00000155 dd 0x00000001 -ref_fffd668c: +ref_fffd6988: dd 0x1e94f097 dd 0x40895acd dd 0xa5b9e3b2 diff --git a/src/soc/intel/broadwell/refcode/broadwell_refcode.asm b/src/soc/intel/broadwell/refcode/broadwell_refcode.asm index 4ceeb64950..24f3c32753 100644 --- a/src/soc/intel/broadwell/refcode/broadwell_refcode.asm +++ b/src/soc/intel/broadwell/refcode/broadwell_refcode.asm @@ -1,20 +1,15 @@ ;; Generated with r2dumpbin (https://github.com/mytbk/r2dumpbin) - -;; First convert the ELF file to binary, and pad it to MemSiz of -;; the loadable segment: -;; objcopy -O binary refcode.elf refcode.bin -;; fallocate -l 201288 refcode.bin - -;; Then get the relocation addresses: -;; readelf -r refcode.elf | cut -d' ' -f1 | grep '^[0-9]' \ -;; | sed -e 's/^/0x/g' -e 's/$/,/g' > refcode_reloc.txt - -;; Run these in r2 before running dumpbin.py: -;; f va @ 0 -;; f reloc:refcode_reloc.txt @ 0 +;; +;; objcopy -O binary broadwell_refcode_librem.elf refcode.bin +;; fallocate -l 201464 refcode.bin +;; readelf -r broadwell_refcode_librem.elf | cut -d' ' -f1 \ +;; | grep '^[0-9]' | sed -e 's/^/0x/g' -e 's/$/,/g' \ +;; > refcode_reloc.txt +;; +;; [0x00000000]> f va @ 0 +;; [0x00000000]> f reloc:refcode_reloc.txt bits 32 - global refcode_entry refcode_entry: @@ -35,39 +30,39 @@ push ebx sub esp, 0x1c mov esi, dword [ebp + 8] push esi -call fcn_000163a4 ; call 0x163a4 +call fcn_00016434 ; call 0x16434 add esp, 0x10 mov ebx, eax test eax, eax je loc_000000c4 ; je 0xc4 sub esp, 0xc -push ref_000205f8 ; push 0x205f8 -call fcn_000153ce ; call 0x153ce +push ref_00020688 ; push 0x20688 +call fcn_0001545e ; call 0x1545e pop eax pop edx push ebx push 0 -call fcn_0000dfb2 ; call 0xdfb2 -mov dword [esp], ref_0002060a ; mov dword [esp], 0x2060a -call fcn_000153ce ; call 0x153ce +call fcn_0000e020 ; call 0xe020 +mov dword [esp], ref_0002069a ; mov dword [esp], 0x2069a +call fcn_0001545e ; call 0x1545e pop ecx pop eax push ebx push 0 call fcn_0000058b ; call 0x58b -mov dword [esp], ref_00020625 ; mov dword [esp], 0x20625 -call fcn_000153ce ; call 0x153ce +mov dword [esp], ref_000206b5 ; mov dword [esp], 0x206b5 +call fcn_0001545e ; call 0x1545e add esp, 0xc push 0 push 0 push ebx -call fcn_0000d811 ; call 0xd811 +call fcn_0000d87f ; call 0xd87f lea eax, [ebp - 0xc] push eax push 0 push 0 -push ref_0002912c ; push 0x2912c -call fcn_00019699 ; call 0x19699 +push ref_000291dc ; push 0x291dc +call fcn_0001975d ; call 0x1975d mov eax, dword [ebp - 0xc] add esp, 0x20 movzx edx, byte [eax] @@ -76,15 +71,15 @@ push edx push dword [esi + 0x1a] push dword [esi + 0x1e] push eax -call fcn_000116c1 ; call 0x116c1 +call fcn_00011751 ; call 0x11751 mov eax, dword [ebp - 0xc] pop edx pop ecx push dword [eax + 4] push eax -call fcn_0001501f ; call 0x1501f -mov dword [esp], ref_00020637 ; mov dword [esp], 0x20637 -call fcn_000153ce ; call 0x153ce +call fcn_000150af ; call 0x150af +mov dword [esp], ref_000206c7 ; mov dword [esp], 0x206c7 +call fcn_0001545e ; call 0x1545e add esp, 0x10 xor eax, eax jmp short loc_000000c7 ; jmp 0xc7 @@ -108,41 +103,41 @@ sub esp, 0x14 push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov ebx, eax lea eax, [ebp - 0xc] and ebx, 0xfffffffe push eax push 0 push 0 -push ref_0002925c ; push 0x2925c -call fcn_00019699 ; call 0x19699 +push ref_0002930c ; push 0x2930c +call fcn_0001975d ; call 0x1975d add esp, 0x20 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al je short loc_0000014a ; je 0x14a test esi, esi jns short loc_0000014a ; jns 0x14a -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000132 ; je 0x132 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000132: ; not directly referenced push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x126 -push ref_00020678 ; push 0x20678 -call fcn_000153fc ; call 0x153fc +push ref_00020708 ; push 0x20708 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_0000014a: ; not directly referenced @@ -151,16 +146,16 @@ push 0x600 push 0xfffff9ff lea eax, [ebx + 0x5f00] push eax -call fcn_00018aa4 ; call 0x18aa4 -call fcn_000153e9 ; call 0x153e9 +call fcn_00018b68 ; call 0x18b68 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al je short loc_0000017e ; je 0x17e push edx push edx -push ref_000206a8 ; push 0x206a8 +push ref_00020738 ; push 0x20738 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_0000017e: ; not directly referenced @@ -169,7 +164,7 @@ add ebx, 0x5da8 push eax push 3 push ebx -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 lea esp, [ebp - 8] xor eax, eax pop ebx @@ -182,13 +177,13 @@ push ebp mov ebp, esp push esi push ebx -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 mov esi, eax -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 sub esp, 0xc -push ref_000294ac ; push 0x294ac +push ref_0002955c ; push 0x2955c mov ebx, eax -call fcn_00019039 ; call 0x19039 +call fcn_000190fd ; call 0x190fd add esp, 0x10 test eax, eax je short loc_000001c4 ; je 0x1c4 @@ -196,14 +191,14 @@ cmp byte [eax + 0x4a], 0 jne short loc_00000228 ; jne 0x228 loc_000001c4: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000001de ; je 0x1de push eax push eax -push ref_000206e4 ; push 0x206e4 +push ref_00020774 ; push 0x20774 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000001de: ; not directly referenced @@ -217,7 +212,7 @@ push esi push 0 push 1 push 0x2e7 -call fcn_0001784b ; call 0x1784b +call fcn_0001790f ; call 0x1790f add esp, 0x10 loc_000001fc: ; not directly referenced @@ -231,13 +226,13 @@ push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 1 sub eax, 0xffffff80 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 loc_00000228: ; not directly referenced @@ -256,14 +251,14 @@ push esi push ebx sub esp, 0xc mov ebx, dword [ebp + 8] -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 push edx mov esi, eax push 0 and esi, 0xffffffef push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc xor edx, edx mov edi, eax @@ -274,7 +269,7 @@ or eax, 1 push eax lea eax, [edi + 0x48] push eax -call fcn_00017e64 ; call 0x17e64 +call fcn_00017f28 ; call 0x17f28 mov eax, dword [ebx + 1] add esp, 0xc xor edx, edx @@ -285,7 +280,7 @@ push eax lea eax, [edi + 0x68] add edi, 0x40 push eax -call fcn_00017e64 ; call 0x17e64 +call fcn_00017f28 ; call 0x17f28 mov eax, dword [ebx + 1] add esp, 0xc xor edx, edx @@ -294,7 +289,7 @@ push edx or eax, 1 push eax push edi -call fcn_00017e64 ; call 0x17e64 +call fcn_00017f28 ; call 0x17f28 mov ecx, dword [ebx + 1] add esp, 0xc xor edx, edx @@ -305,7 +300,7 @@ push eax mov eax, dword [ecx + 4] add eax, 0x5420 push eax -call fcn_00017e64 ; call 0x17e64 +call fcn_00017f28 ; call 0x17f28 add esp, 0x10 cmp esi, 0x40660 jne short loc_000002e8 ; jne 0x2e8 @@ -319,7 +314,7 @@ push eax mov eax, dword [ecx + 4] add eax, 0x5408 push eax -call fcn_00017e64 ; call 0x17e64 +call fcn_00017f28 ; call 0x17f28 add esp, 0x10 loc_000002e8: @@ -340,7 +335,7 @@ mov eax, dword [eax + 1] mov eax, dword [eax + 4] add eax, 0x5f00 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 leave ret @@ -357,35 +352,35 @@ lea eax, [ebp - 0x20] push eax push 0x73 push 4 -call fcn_0001971b ; call 0x1971b +call fcn_000197df ; call 0x197df mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al je short loc_00000371 ; je 0x371 test esi, esi jns short loc_00000371 ; jns 0x371 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000359 ; je 0x359 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000359: push edi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x18b -push ref_00020678 ; push 0x20678 -call fcn_000153fc ; call 0x153fc +push ref_00020708 ; push 0x20708 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_00000371: mov eax, dword [ebp - 0x20] -mov esi, ref_000294ac ; mov esi, 0x294ac +mov esi, ref_0002955c ; mov esi, 0x2955c mov ecx, 4 lea edi, [eax + 8] add eax, 0x18 @@ -394,21 +389,21 @@ push edi push edi push 8 push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff pop eax mov eax, dword [ebp - 0x20] pop edx add eax, 0x20 push 8 push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff mov eax, dword [ebp - 0x20] pop ecx pop esi add eax, 0x29 push 0x21 push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff mov eax, dword [ebp - 0x20] add esp, 0x10 mov byte [eax + 0x28], 0 @@ -431,31 +426,31 @@ lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_000291dc ; push 0x291dc -call fcn_00019699 ; call 0x19699 +push ref_0002928c ; push 0x2928c +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al je short loc_00000434 ; je 0x434 test ebx, ebx jns short loc_00000434 ; jns 0x434 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_0000041c ; je 0x41c push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_0000041c: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x1a6 -push ref_00020678 ; push 0x20678 -call fcn_000153fc ; call 0x153fc +push ref_00020708 ; push 0x20708 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_00000434: @@ -474,7 +469,7 @@ mov eax, dword [eax + 9] mov eax, dword [eax + 4] push dword [eax + 0x1c] push dword [eax + 0x18] -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f add esp, 0x10 mov byte [ebx + 0x19], al @@ -491,14 +486,14 @@ mov dl, byte [edx + 0x301] mov byte [eax + 0x21], dl loc_00000489: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000004a3 ; je 0x4a3 push eax push eax -push ref_000206fe ; push 0x206fe +push ref_0002078e ; push 0x2078e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000004a3: @@ -516,69 +511,69 @@ mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000004cf ; je 0x4cf push eax push eax -push ref_00020715 ; push 0x20715 +push ref_000207a5 ; push 0x207a5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000004cf: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000004ea ; je 0x4ea push eax push 2 -push ref_00020759 ; push 0x20759 +push ref_000207e9 ; push 0x207e9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000004ea: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000505 ; je 0x505 push eax -push 4 -push ref_0002079d ; push 0x2079d +push 6 +push ref_0002082d ; push 0x2082d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000505: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000520 ; je 0x520 push eax push 0 -push ref_000207e1 ; push 0x207e1 +push ref_00020871 ; push 0x20871 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000520: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_0000053b ; je 0x53b push eax push 0 -push ref_00020825 ; push 0x20825 +push ref_000208b5 ; push 0x208b5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_0000053b: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000555 ; je 0x555 push eax push eax -push ref_00020869 ; push 0x20869 +push ref_000208f9 ; push 0x208f9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000555: @@ -590,15 +585,15 @@ mov eax, dword [ebx + 1] mov eax, dword [eax + 8] add eax, 0x71c push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop edx pop ecx -push 0x2040000 +push 0x2060000 mov eax, dword [ebx + 1] mov eax, dword [eax + 8] add eax, 0x720 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f xor eax, eax mov ebx, dword [ebp - 4] leave @@ -612,48 +607,48 @@ push esi push ebx sub esp, 0x1c mov esi, dword [ebp + 0xc] -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov edi, eax lea eax, [ebp - 0x24] push eax push 0 push 0 -push ref_0002925c ; push 0x2925c -call fcn_00019699 ; call 0x19699 +push ref_0002930c ; push 0x2930c +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al je short loc_000005f7 ; je 0x5f7 test ebx, ebx jns short loc_000005f7 ; jns 0x5f7 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000005df ; je 0x5df push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000005df: push ebx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x8e -push ref_00020678 ; push 0x20678 -call fcn_000153fc ; call 0x153fc +push ref_00020708 ; push 0x20708 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_000005f7: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000611 ; je 0x611 push ecx push ecx -push ref_000208ad ; push 0x208ad +push ref_0002093d ; push 0x2093d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000611: @@ -665,15 +660,15 @@ pop edx push dword [ebp - 0x24] push esi call fcn_00000311 ; call 0x311 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al je short loc_00000644 ; je 0x644 push eax push eax -push ref_000208c2 ; push 0x208c2 +push ref_00020952 ; push 0x20952 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000644: @@ -689,14 +684,14 @@ or bl, al je short loc_00000684 ; je 0x684 loc_00000668: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000006b0 ; je 0x6b0 push ecx push ecx -push ref_000208e2 ; push 0x208e2 +push ref_00020972 ; push 0x20972 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 jmp short loc_000006b0 ; jmp 0x6b0 @@ -707,10 +702,10 @@ push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 jne short loc_00000668 ; jne 0x668 @@ -721,20 +716,20 @@ push edx push edx push dword [ebp - 0x24] push esi -call fcn_000020ad ; call 0x20ad +call fcn_0000211b ; call 0x211b add esp, 0x10 test bl, bl je short loc_000006de ; je 0x6de loc_000006c2: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000706 ; je 0x706 push eax push eax -push ref_000208f4 ; push 0x208f4 +push ref_00020984 ; push 0x20984 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 jmp short loc_00000706 ; jmp 0x706 @@ -747,10 +742,10 @@ push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 jne short loc_000006c2 ; jne 0x6c2 @@ -761,18 +756,18 @@ push eax push eax push dword [ebp - 0x24] push esi -call fcn_00004a9a ; call 0x4a9a +call fcn_00004b08 ; call 0x4b08 add esp, 0x10 loc_00000714: -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_0000072e ; je 0x72e push eax push eax -push ref_0002090a ; push 0x2090a +push ref_0002099a ; push 0x2099a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_0000072e: @@ -780,16 +775,16 @@ push eax push eax push dword [ebp - 0x24] push esi -call fcn_000015f5 ; call 0x15f5 -call fcn_000153e9 ; call 0x153e9 +call fcn_00001663 ; call 0x1663 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al je short loc_00000756 ; je 0x756 push eax push eax -push ref_00020921 ; push 0x20921 +push ref_000209b1 ; push 0x209b1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000756: @@ -798,15 +793,15 @@ push edi push dword [ebp - 0x24] push esi call fcn_000009ac ; call 0x9ac -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al je short loc_0000077e ; je 0x77e push ebx push ebx -push ref_00020949 ; push 0x20949 +push ref_000209d9 ; push 0x209d9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_0000077e: @@ -814,64 +809,64 @@ push ecx push ecx push dword [ebp - 0x24] push esi -call fcn_00001ddb ; call 0x1ddb -call fcn_000153e9 ; call 0x153e9 +call fcn_00001e49 ; call 0x1e49 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al je short loc_000007a6 ; je 0x7a6 push edx push edx -push ref_00020969 ; push 0x20969 +push ref_000209f9 ; push 0x209f9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000007a6: sub esp, 0xc push dword [ebp - 0x24] call fcn_000002f0 ; call 0x2f0 -mov dword [esp], ref_00026e34 ; mov dword [esp], 0x26e34 -call fcn_000196bb ; call 0x196bb +mov dword [esp], ref_00026ee4 ; mov dword [esp], 0x26ee4 +call fcn_0001977f ; call 0x1977f mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al je short loc_00000804 ; je 0x804 test ebx, ebx jns short loc_00000804 ; jns 0x804 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000007ec ; je 0x7ec push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000007ec: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xde -push ref_00020678 ; push 0x20678 -call fcn_000153fc ; call 0x153fc +push ref_00020708 ; push 0x20708 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_00000804: sub esp, 0xc lea eax, [ebp - 0x20] push eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al je short loc_00000831 ; je 0x831 push eax push dword [ebp - 0x20] -push ref_00020986 ; push 0x20986 +push ref_00020a16 ; push 0x20a16 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000831: @@ -879,40 +874,40 @@ test ebx, ebx jne short loc_000008a9 ; jne 0x8a9 cmp dword [ebp - 0x20], 0x11 jne short loc_000008a9 ; jne 0x8a9 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000855 ; je 0x855 push eax push eax -push ref_0002099a ; push 0x2099a +push ref_00020a2a ; push 0x20a2a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000855: sub esp, 0xc -push ref_00026e28 ; push 0x26e28 -call fcn_000196bb ; call 0x196bb +push ref_00026ed8 ; push 0x26ed8 +call fcn_0001977f ; call 0x1977f mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al je loc_00000949 ; je 0x949 test ebx, ebx jns loc_00000949 ; jns 0x949 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000899 ; je 0x899 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000899: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xe8 jmp near loc_0000093c ; jmp 0x93c @@ -921,86 +916,86 @@ lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_0002927c ; push 0x2927c +push ref_0002932c ; push 0x2932c mov dword [ebp - 0x1c], 0 -call fcn_00019699 ; call 0x19699 +call fcn_0001975d ; call 0x1975d mov eax, dword [ebp - 0x1c] add esp, 0x10 test eax, eax je short loc_00000949 ; je 0x949 test byte [eax + 1], 1 je short loc_00000949 ; je 0x949 -call fcn_00016597 ; call 0x16597 +call fcn_00016627 ; call 0x16627 dec al jne short loc_00000949 ; jne 0x949 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_000008f5 ; je 0x8f5 push edi push edi -push ref_000209be ; push 0x209be +push ref_00020a4e ; push 0x20a4e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_000008f5: sub esp, 0xc -push ref_00026e28 ; push 0x26e28 -call fcn_000196bb ; call 0x196bb +push ref_00026ed8 ; push 0x26ed8 +call fcn_0001977f ; call 0x1977f mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al je short loc_00000949 ; je 0x949 test ebx, ebx jns short loc_00000949 ; jns 0x949 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000931 ; je 0x931 push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000931: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xf8 loc_0000093c: -push ref_00020678 ; push 0x20678 -call fcn_000153fc ; call 0x153fc +push ref_00020708 ; push 0x20708 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_00000949: sub esp, 0xc -push ref_00026e40 ; push 0x26e40 -call fcn_00019667 ; call 0x19667 +push ref_00026ef0 ; push 0x26ef0 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al je short loc_0000099d ; je 0x99d test ebx, ebx jns short loc_0000099d ; jns 0x99d -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000985 ; je 0x985 push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000985: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x102 -push ref_00020678 ; push 0x20678 -call fcn_000153fc ; call 0x153fc +push ref_00020708 ; push 0x20708 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_0000099d: @@ -1026,23 +1021,23 @@ push esi push ebx sub esp, 0x3c mov ebx, dword [ebp + 0xc] -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov dword [ebp - 0x34], 0 -mov esi, eax +mov edi, eax mov eax, dword [ebx + 0x11] cmp byte [eax + 0xb], 0 jne short loc_000009f7 ; jne 0x9f7 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 xor ebx, ebx test al, al -je loc_00000ca8 ; je 0xca8 +je loc_00000d16 ; je 0xd16 push ecx push ecx -push ref_000209f3 ; push 0x209f3 +push ref_00020a83 ; push 0x20a83 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_00000ca8 ; jmp 0xca8 +jmp near loc_00000d16 ; jmp 0xd16 loc_000009f7: push eax @@ -1050,88 +1045,138 @@ push eax push 7 lea eax, [ebp - 0x26] push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff pop eax pop edx lea eax, [ebp - 0x1f] push 7 push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff lea eax, [ebp - 0x30] push eax push 0 push 0 -push ref_000290ec ; push 0x290ec -call fcn_00019699 ; call 0x19699 +push ref_0002919c ; push 0x2919c +call fcn_0001975d ; call 0x1975d add esp, 0x20 mov dword [ebp - 0x3c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al je short loc_00000a6c ; je 0xa6c cmp dword [ebp - 0x3c], 0 jns short loc_00000a6c ; jns 0xa6c -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al je short loc_00000a57 ; je 0xa57 push eax push dword [ebp - 0x3c] -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 loc_00000a57: -push edi -push ref_00020664 ; push 0x20664 +push esi +push ref_000206f4 ; push 0x206f4 push 0x54 -push ref_00020a33 ; push 0x20a33 -call fcn_000153fc ; call 0x153fc +push ref_00020ac3 ; push 0x20ac3 +call fcn_0001548c ; call 0x1548c add esp, 0x10 loc_00000a6c: -cmp esi, 0x40670 -jne short loc_00000ad8 ; jne 0xad8 -mov eax, dword [ebx + 0x11] -cmp byte [eax + 0x10], 0 -je short loc_00000ad8 ; je 0xad8 -call fcn_000153e9 ; call 0x153e9 -test al, al -je short loc_00000a9e ; je 0xa9e -push esi -mov eax, dword [ebx + 0x11] -movzx eax, byte [eax + 0x10] -push eax -push ref_00020a61 ; push 0x20a61 -push 0x40 -call fcn_000153f7 ; call 0x153f7 -add esp, 0x10 - -loc_00000a9e: -push eax +push ecx +and edi, 0xfff0ff0 push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 -pop edx +call fcn_00017ed8 ; call 0x17ed8 +add esp, 0x10 +cmp edi, 0x40670 +jne loc_00000b4a ; jne 0xb4a mov edx, dword [ebx + 0x11] -pop ecx -mov dl, byte [edx + 0x10] +cmp byte [edx + 0x10], 0 +je loc_00000b4a ; je 0xb4a and eax, 0xfffffffe -add eax, 0x5e08 -and edx, 0x7f -or edx, 0x80000000 +mov esi, eax +mov eax, dword [ebx + 9] +mov eax, dword [eax + 0x64] +cmp eax, 0x7735940 +je short loc_00000ada ; je 0xada +ja short loc_00000ac6 ; ja 0xac6 +cmp eax, 0x5f5e100 +jne short loc_00000af3 ; jne 0xaf3 +push edx push edx +push 1 +jmp short loc_00000ae4 ; jmp 0xae4 + +loc_00000ac6: +cmp eax, 0x9f437c0 +je short loc_00000ae0 ; je 0xae0 +cmp eax, 0xee6b280 +jne short loc_00000af3 ; jne 0xaf3 +push eax +push eax +push 0xe +jmp short loc_00000ae4 ; jmp 0xae4 + +loc_00000ada: +push eax push eax -call fcn_00017dcb ; call 0x17dcb +push 6 +jmp short loc_00000ae4 ; jmp 0xae4 + +loc_00000ae0: +push eax +push eax +push 0xa + +loc_00000ae4: +lea eax, [esi + 0x5da0] +push eax +call fcn_00017e8f ; call 0x17e8f +add esp, 0x10 + +loc_00000af3: +push eax +push eax +push 0x80000014 +lea eax, [esi + 0x5da4] +push eax +call fcn_00017e8f ; call 0x17e8f +call fcn_00015479 ; call 0x15479 +add esp, 0x10 +test al, al +je short loc_00000b2a ; je 0xb2a +push eax +mov eax, dword [ebx + 0x11] +movzx eax, byte [eax + 0x10] +push eax +push ref_00020af1 ; push 0x20af1 +push 0x40 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00000ad8: +loc_00000b2a: +push eax +add esi, 0x5e08 +push eax +mov eax, dword [ebx + 0x11] +mov al, byte [eax + 0x10] +and eax, 0x7f +or eax, 0x80000000 +push eax +push esi +call fcn_00017e8f ; call 0x17e8f +add esp, 0x10 + +loc_00000b4a: mov dword [ebp - 0x40], 1 -loc_00000adf: +loc_00000b51: mov ecx, dword [ebp - 0x40] cmp cl, 1 mov eax, ecx @@ -1141,17 +1186,17 @@ sub eax, 3 cmp al, 2 mov byte [ebp - 0x43], cl setbe byte [ebp - 0x42] -jbe short loc_00000b03 ; jbe 0xb03 +jbe short loc_00000b75 ; jbe 0xb75 test cl, cl -je loc_00000c98 ; je 0xc98 +je loc_00000d06 ; je 0xd06 -loc_00000b03: +loc_00000b75: push ecx push ecx push 5 lea eax, [ebp - 0x2b] push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff mov al, byte [ebp - 0x41] pop esi pop edi @@ -1160,25 +1205,25 @@ lea eax, [ebp - 0x34] push eax lea eax, [ebp - 0x2b] push eax -call fcn_0001d2de ; call 0x1d2de +call fcn_0001d3a2 ; call 0x1d3a2 add esp, 0x10 cmp dword [ebp - 0x34], 0 mov dword [ebp - 0x3c], eax -jne loc_00000c77 ; jne 0xc77 +jne loc_00000ce5 ; jne 0xce5 cmp byte [ebp - 0x2a], 0 -jne short loc_00000b4b ; jne 0xb4b +jne short loc_00000bbd ; jne 0xbbd cmp byte [ebp - 0x29], 0 -jne short loc_00000b4b ; jne 0xb4b +jne short loc_00000bbd ; jne 0xbbd cmp byte [ebp - 0x28], 0 -je loc_00000c61 ; je 0xc61 +je loc_00000ccf ; je 0xccf -loc_00000b4b: +loc_00000bbd: push edi push edi push 7 lea edi, [ebp - 0x26] push edi -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff mov al, byte [ebp - 0x41] mov byte [ebp - 0x20], al pop eax @@ -1186,38 +1231,38 @@ pop edx lea eax, [ebp - 0x34] push eax push edi -call fcn_0001d131 ; call 0x1d131 +call fcn_0001d1f5 ; call 0x1d1f5 add esp, 0x10 mov dword [ebp - 0x3c], eax test eax, eax -jne loc_00000c98 ; jne 0xc98 +jne loc_00000d06 ; jne 0xd06 cmp dword [ebp - 0x34], 0 -jne loc_00000c98 ; jne 0xc98 +jne loc_00000d06 ; jne 0xd06 push esi push esi push 7 lea esi, [ebp - 0x1f] push esi -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff mov al, byte [ebp - 0x41] add esp, 0x10 cmp byte [ebp - 0x43], 0 mov byte [ebp - 0x19], al -je short loc_00000c08 ; je 0xc08 +je short loc_00000c7a ; je 0xc7a mov eax, dword [ebx + 0x11] mov dx, word [eax + 6] mov byte [ebp - 0x1f], dl mov dl, byte [eax + 0xa] mov byte [ebp - 0x1e], dl test dl, dl -jne short loc_00000bb8 ; jne 0xbb8 +jne short loc_00000c2a ; jne 0xc2a mov dx, word [eax + 4] -jmp short loc_00000bbc ; jmp 0xbbc +jmp short loc_00000c2e ; jmp 0xc2e -loc_00000bb8: +loc_00000c2a: mov dx, word [eax + 2] -loc_00000bbc: +loc_00000c2e: mov word [ebp - 0x1d], dx mov ax, word [eax] push ecx @@ -1225,12 +1270,12 @@ push 7 push edi push esi mov word [ebp - 0x1b], ax -call fcn_00016fa3 ; call 0x16fa3 +call fcn_00017067 ; call 0x17067 add esp, 0x10 test al, al -loc_00000bd6: -je loc_00000c98 ; je 0xc98 +loc_00000c48: +je loc_00000d06 ; je 0xd06 mov eax, dword [ebp - 0x30] sub esp, 0xc push 0x3c @@ -1243,86 +1288,84 @@ push edx push edx mov edi, esp rep movsb ; rep movsb byte es:[edi], byte ptr [esi] -call fcn_0001d1b8 ; call 0x1d1b8 +call fcn_0001d27c ; call 0x1d27c add esp, 0x10 mov esi, eax test eax, eax -je short loc_00000c44 ; je 0xc44 -jmp short loc_00000c4a ; jmp 0xc4a +je short loc_00000cb2 ; je 0xcb2 +jmp short loc_00000cb8 ; jmp 0xcb8 -loc_00000c08: +loc_00000c7a: cmp byte [ebp - 0x42], 0 -je loc_00000c98 ; je 0xc98 -movzx edi, byte [ebp - 0x41] -mov eax, edi -cmp al, 4 +je loc_00000d06 ; je 0xd06 +mov cl, byte [ebp - 0x41] mov eax, dword [ebx + 0x11] -je short loc_00000c2c ; je 0xc2c -mov ecx, edi +cmp cl, 4 +je short loc_00000c9a ; je 0xc9a cmp cl, 5 -je short loc_00000c32 ; je 0xc32 +je short loc_00000ca0 ; je 0xca0 mov ax, word [eax + 8] -jmp short loc_00000c36 ; jmp 0xc36 +jmp short loc_00000ca4 ; jmp 0xca4 -loc_00000c2c: +loc_00000c9a: mov ax, word [eax + 0xc] -jmp short loc_00000c36 ; jmp 0xc36 +jmp short loc_00000ca4 ; jmp 0xca4 -loc_00000c32: +loc_00000ca0: mov ax, word [eax + 0xe] -loc_00000c36: +loc_00000ca4: mov word [ebp - 0x1b], ax mov ax, word [ebp - 0x22] cmp word [ebp - 0x1b], ax -jmp short loc_00000bd6 ; jmp 0xbd6 +jmp short loc_00000c48 ; jmp 0xc48 -loc_00000c44: +loc_00000cb2: cmp dword [ebp - 0x34], 0 -je short loc_00000c98 ; je 0xc98 +je short loc_00000d06 ; je 0xd06 -loc_00000c4a: -call fcn_000153e9 ; call 0x153e9 +loc_00000cb8: +call fcn_00015479 ; call 0x15479 mov dword [ebp - 0x3c], esi test al, al -je short loc_00000c98 ; je 0xc98 +je short loc_00000d06 ; je 0xd06 push dword [ebp - 0x34] push esi -push ref_00020a87 ; push 0x20a87 -jmp short loc_00000c8b ; jmp 0xc8b +push ref_00020b17 ; push 0x20b17 +jmp short loc_00000cf9 ; jmp 0xcf9 -loc_00000c61: -call fcn_000153e9 ; call 0x153e9 +loc_00000ccf: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00000c98 ; je 0xc98 +je short loc_00000d06 ; je 0xd06 push eax push dword [ebp - 0x40] -push ref_00020ad0 ; push 0x20ad0 +push ref_00020b60 ; push 0x20b60 push 0x40 -jmp short loc_00000c90 ; jmp 0xc90 +jmp short loc_00000cfe ; jmp 0xcfe -loc_00000c77: -call fcn_000153e9 ; call 0x153e9 +loc_00000ce5: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00000c98 ; je 0xc98 +je short loc_00000d06 ; je 0xd06 push dword [ebp - 0x40] push dword [ebp - 0x34] -push ref_00020af9 ; push 0x20af9 +push ref_00020b89 ; push 0x20b89 -loc_00000c8b: +loc_00000cf9: push 0x80000000 -loc_00000c90: -call fcn_000153f7 ; call 0x153f7 +loc_00000cfe: +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00000c98: +loc_00000d06: inc dword [ebp - 0x40] cmp dword [ebp - 0x40], 6 -jne loc_00000adf ; jne 0xadf +jne loc_00000b51 ; jne 0xb51 mov ebx, dword [ebp - 0x3c] -loc_00000ca8: +loc_00000d16: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -1331,7 +1374,7 @@ pop edi pop ebp ret -fcn_00000cb2: +fcn_00000d20: push ebp mov ebp, esp push edi @@ -1344,53 +1387,53 @@ mov dword [eax], 0 push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x1c], eax add eax, 0xb mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp al, 6 -je short loc_00000d67 ; je 0xd67 +je short loc_00000dd5 ; je 0xdd5 -loc_00000cec: +loc_00000d5a: mov eax, dword [ebp - 0x1c] sub esp, 0xc lea ebx, [esi + eax] push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edi, eax pop eax pop edx push 0 push ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop ecx pop eax push 0xffffffffffffffff push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 cmp edi, eax -je short loc_00000d28 ; je 0xd28 +je short loc_00000d96 ; je 0xd96 test edi, 1 -je short loc_00000d36 ; je 0xd36 +je short loc_00000da4 ; je 0xda4 -loc_00000d28: +loc_00000d96: push ecx push ecx push edi push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -jmp short loc_00000d5f ; jmp 0xd5f +jmp short loc_00000dcd ; jmp 0xdcd -loc_00000d36: +loc_00000da4: sub esp, 0xc push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp + 0x14] and eax, 0xfffffff0 sub dword [edx], eax @@ -1399,18 +1442,18 @@ pop edx push edi and edi, 6 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 cmp edi, 4 lea eax, [esi + 4] cmove esi, eax -loc_00000d5f: +loc_00000dcd: add esi, 4 cmp esi, 0x24 -jbe short loc_00000cec ; jbe 0xcec +jbe short loc_00000d5a ; jbe 0xd5a -loc_00000d67: +loc_00000dd5: lea esp, [ebp - 0xc] pop ebx pop esi @@ -1418,7 +1461,7 @@ pop edi pop ebp ret -fcn_00000d6f: +fcn_00000ddd: push ebp mov ebp, esp push edi @@ -1433,25 +1476,25 @@ mov byte [ebp - 0x19], al movzx eax, al mov dword [ebp - 0x20], eax -loc_00000d8b: +loc_00000df9: push eax push 0 push esi push dword [ebp - 0x20] -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov ebx, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je loc_00000e2d ; je 0xe2d +je loc_00000e9b ; je 0xe9b sub esp, 0xc lea eax, [ebx + 0xa] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x604 -jne short loc_00000e2d ; jne 0xe2d +jne short loc_00000e9b ; jne 0xe9b mov al, byte [ebp - 0x19] inc eax mov byte [ebp - 0x19], al @@ -1460,7 +1503,7 @@ push eax push dword [ebp - 0x20] lea eax, [ebx + 0x18] push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 movzx edi, byte [ebp - 0x19] lea eax, [ebx + 0x19] pop edx @@ -1468,24 +1511,24 @@ add ebx, 0x1a pop ecx push edi push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 pop eax pop edx push 0xff push ebx -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0xc push 0 push 0 push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx pop edx push 0 push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 mov dword [esp], edi -call fcn_00000d6f ; call 0xd6f +call fcn_00000ddd ; call 0xddd pop ecx mov edi, eax pop eax @@ -1493,15 +1536,15 @@ mov eax, edi movzx eax, al push eax push ebx -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 mov eax, edi add esp, 0x10 mov byte [ebp - 0x19], al -loc_00000e2d: +loc_00000e9b: inc esi cmp esi, 0x20 -jne loc_00000d8b ; jne 0xd8b +jne loc_00000df9 ; jne 0xdf9 mov eax, edi test al, al mov al, byte [ebp - 0x24] @@ -1513,7 +1556,7 @@ pop edi pop ebp ret -fcn_00000e49: +fcn_00000eb7: push ebp mov ebp, esp push edi @@ -1524,85 +1567,85 @@ lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_0002901c ; push 0x2901c +push ref_000290cc ; push 0x290cc mov dword [ebp - 0x20], 0 -call fcn_00019699 ; call 0x19699 +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00000eb2 ; je 0xeb2 +je short loc_00000f20 ; je 0xf20 test ebx, ebx -jns short loc_00000eb2 ; jns 0xeb2 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00000f20 ; jns 0xf20 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00000e9a ; je 0xe9a +je short loc_00000f08 ; je 0xf08 push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00000e9a: +loc_00000f08: push ebx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x2d0 -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00000eb2: +loc_00000f20: mov byte [ebp - 0x29], 0 mov esi, 0x10100 xor ebx, ebx -loc_00000ebd: -call fcn_0001c0fb ; call 0x1c0fb +loc_00000f2b: +call fcn_0001c1bf ; call 0x1c1bf cmp bl, al -jae loc_00000f52 ; jae 0xf52 +jae loc_00000fc0 ; jae 0xfc0 movzx eax, bl push ecx push eax push 0x1c push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov edi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_00000f4c ; je 0xf4c +je short loc_00000fba ; je 0xfba push eax push eax push esi lea eax, [edi + 0x18] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [edi + 0x19] add edi, 0x1a mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b pop edx pop ecx push 0xff push edi mov esi, eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0xc mov eax, esi push 0 movzx esi, al push 0 push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0 push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 mov dword [esp], esi -call fcn_00000d6f ; call 0xd6f +call fcn_00000ddd ; call 0xddd movzx esi, al mov byte [ebp - 0x29], al pop eax @@ -1610,66 +1653,66 @@ pop edx push esi inc esi push edi -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 shl esi, 8 add esp, 0x10 -loc_00000f4c: +loc_00000fba: inc ebx -jmp near loc_00000ebd ; jmp 0xebd +jmp near loc_00000f2b ; jmp 0xf2b -loc_00000f52: +loc_00000fc0: mov byte [ebp - 0x2b], 0 mov byte [ebp - 0x2d], 1 -loc_00000f5a: +loc_00000fc8: mov al, byte [ebp - 0x29] mov dl, byte [ebp - 0x2d] cmp dl, al -ja loc_00001071 ; ja 0x1071 +ja loc_000010df ; ja 0x10df xor ebx, ebx movzx esi, dl -loc_00000f6d: +loc_00000fdb: push eax push 0 push ebx push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov edi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je loc_00001035 ; je 0x1035 +je loc_000010a3 ; je 0x10a3 sub esp, 0xc add edi, 0xe push edi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x2c], 0 mov byte [ebp - 0x2a], al sar byte [ebp - 0x2a], 7 and byte [ebp - 0x2a], 7 -loc_00000faa: +loc_00001018: movzx edi, byte [ebp - 0x2c] push eax push edi push ebx push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_00001026 ; je 0x1026 +je short loc_00001094 ; je 0x1094 lea eax, [ebp - 0x20] push eax push edi push ebx push esi -call fcn_00000cb2 ; call 0xcb2 +call fcn_00000d20 ; call 0xd20 mov ecx, dword [ebp + 0xc] add esp, 0xc mov eax, dword [ebp - 0x20] @@ -1677,110 +1720,110 @@ add dword [ecx], eax push edi push ebx push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xa mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x300 -jne short loc_00001026 ; jne 0x1026 +jne short loc_00001094 ; jne 0x1094 cmp byte [ebp - 0x2b], 1 -je short loc_00001022 ; je 0x1022 +je short loc_00001090 ; je 0x1090 mov eax, dword [ebp + 0x10] mov dword [eax], 2 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001022 ; je 0x1022 +je short loc_00001090 ; je 0x1090 push eax push eax -push ref_00020b74 ; push 0x20b74 +push ref_00020c04 ; push 0x20c04 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001022: +loc_00001090: mov byte [ebp - 0x2b], 1 -loc_00001026: +loc_00001094: inc byte [ebp - 0x2c] mov al, byte [ebp - 0x2a] cmp byte [ebp - 0x2c], al -jbe loc_00000faa ; jbe 0xfaa +jbe loc_00001018 ; jbe 0x1018 -loc_00001035: +loc_000010a3: inc ebx cmp ebx, 0x20 -jne loc_00000f6d ; jne 0xf6d +jne loc_00000fdb ; jne 0xfdb inc byte [ebp - 0x2d] -jmp near loc_00000f5a ; jmp 0xf5a +jmp near loc_00000fc8 ; jmp 0xfc8 -loc_00001047: +loc_000010b5: movzx edi, byte [ebp - 0x29] xor ebx, ebx -loc_0000104d: +loc_000010bb: push eax push 0 push ebx push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_0000107b ; jne 0x107b +jne short loc_000010e9 ; jne 0x10e9 -loc_00001068: +loc_000010d6: inc ebx cmp ebx, 0x20 -jne short loc_0000104d ; jne 0x104d +jne short loc_000010bb ; jne 0x10bb dec byte [ebp - 0x29] -loc_00001071: +loc_000010df: cmp byte [ebp - 0x29], 0 -jne short loc_00001047 ; jne 0x1047 +jne short loc_000010b5 ; jne 0x10b5 xor ebx, ebx -jmp short loc_000010a2 ; jmp 0x10a2 +jmp short loc_00001110 ; jmp 0x1110 -loc_0000107b: +loc_000010e9: sub esp, 0xc lea eax, [esi + 0xa] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x604 -jne short loc_00001068 ; jne 0x1068 +jne short loc_000010d6 ; jne 0x10d6 push eax add esi, 0x18 push eax push 0 push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -jmp short loc_00001068 ; jmp 0x1068 +jmp short loc_000010d6 ; jmp 0x10d6 -loc_000010a2: -call fcn_0001c0fb ; call 0x1c0fb +loc_00001110: +call fcn_0001c1bf ; call 0x1c1bf cmp bl, al -jae short loc_000010cc ; jae 0x10cc +jae short loc_0000113a ; jae 0x113a push eax movzx eax, bl push eax inc ebx push 0x1c push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0 add eax, 0x18 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -jmp short loc_000010a2 ; jmp 0x10a2 +jmp short loc_00001110 ; jmp 0x1110 -loc_000010cc: +loc_0000113a: lea esp, [ebp - 0xc] pop ebx pop esi @@ -1788,7 +1831,7 @@ pop edi pop ebp ret -fcn_000010d4: +fcn_00001142: push ebp mov ebp, esp push edi @@ -1804,7 +1847,7 @@ push ecx mov dword [ebp - 0x38], ecx mov dword [ebp - 0x34], edx mov dword [ebp - 0x30], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax pop eax pop edx @@ -1812,54 +1855,54 @@ lea eax, [ebx + 0x19] add ebx, 0x1a push 1 push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 pop ecx pop esi lea esi, [ebp - 0x1c] push 0xff push ebx -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0xc push 0 push 0 push 1 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edi pop edx push 0 push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 mov dword [esp], 1 -call fcn_00000d6f ; call 0xd6f +call fcn_00000ddd ; call 0xddd add esp, 0x10 mov byte [ebp - 0x2b], 0 mov byte [ebp - 0x2a], 1 mov byte [ebp - 0x29], al -loc_0000114e: +loc_000011bc: mov al, byte [ebp - 0x29] mov dl, byte [ebp - 0x2a] cmp dl, al -ja loc_000011e3 ; ja 0x11e3 +ja loc_00001251 ; ja 0x1251 xor ebx, ebx movzx edi, dl -loc_00001161: +loc_000011cf: push eax push 0 push ebx push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_000011b4 ; je 0x11b4 +je short loc_00001222 ; je 0x1222 push esi push 0 push ebx push edi -call fcn_00000cb2 ; call 0xcb2 +call fcn_00000d20 ; call 0xd20 mov ecx, dword [ebp + 0x14] add esp, 0xc mov eax, dword [ebp - 0x1c] @@ -1867,82 +1910,82 @@ add dword [ecx], eax push 0 push ebx push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xa mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x300 -je short loc_000011b0 ; je 0x11b0 +je short loc_0000121e ; je 0x121e dec ax -jne short loc_000011b4 ; jne 0x11b4 +jne short loc_00001222 ; jne 0x1222 -loc_000011b0: +loc_0000121e: mov byte [ebp - 0x2b], 1 -loc_000011b4: +loc_00001222: inc ebx cmp ebx, 0x20 -jne short loc_00001161 ; jne 0x1161 +jne short loc_000011cf ; jne 0x11cf inc byte [ebp - 0x2a] -jmp short loc_0000114e ; jmp 0x114e +jmp short loc_000011bc ; jmp 0x11bc -loc_000011bf: +loc_0000122d: push eax push 0 push ebx push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_000011f1 ; jne 0x11f1 +jne short loc_0000125f ; jne 0x125f -loc_000011da: +loc_00001248: inc ebx cmp ebx, 0x20 -jne short loc_000011bf ; jne 0x11bf +jne short loc_0000122d ; jne 0x122d dec byte [ebp - 0x29] -loc_000011e3: +loc_00001251: mov al, byte [ebp - 0x29] test al, al -je short loc_00001218 ; je 0x1218 +je short loc_00001286 ; je 0x1286 xor ebx, ebx movzx edi, al -jmp short loc_000011bf ; jmp 0x11bf +jmp short loc_0000122d ; jmp 0x122d -loc_000011f1: +loc_0000125f: sub esp, 0xc lea eax, [esi + 0xa] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x604 -jne short loc_000011da ; jne 0x11da +jne short loc_00001248 ; jne 0x1248 push eax add esi, 0x18 push eax push 0 push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -jmp short loc_000011da ; jmp 0x11da +jmp short loc_00001248 ; jmp 0x1248 -loc_00001218: +loc_00001286: push eax push dword [ebp - 0x30] push dword [ebp - 0x34] push dword [ebp - 0x38] -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0 add eax, 0x18 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov al, byte [ebp - 0x2b] lea esp, [ebp - 0xc] pop ebx @@ -1951,13 +1994,13 @@ pop edi pop ebp ret -fcn_0000123f: +fcn_000012ad: push ebp mov ecx, 0xf mov ebp, esp push edi push esi -mov esi, ref_00020310 ; mov esi, 0x20310 +mov esi, ref_000203a0 ; mov esi, 0x203a0 push ebx sub esp, 0x50 mov al, byte [ebp + 0xc] @@ -1971,26 +2014,26 @@ mov byte [ebp - 0x4f], al mov al, byte [ebp + 0x14] mov dword [ebp - 0x2c], 0 mov byte [ebp - 0x50], al -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0 push 0 mov esi, eax mov dword [ebp - 0x48], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x54 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0xc push 0 push 2 push 0 mov word [ebp - 0x3c], ax and word [ebp - 0x3c], 0xe -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov byte [ebp - 0x39], 0xff inc ax @@ -1999,7 +2042,7 @@ setne byte [ebp - 0x4e] add eax, 0xe mov dword [ebp - 0x54], eax -loc_000012ca: +loc_00001338: mov al, byte [edi] mov bx, word [edi + 3] mov cl, al @@ -2015,110 +2058,110 @@ movzx eax, dl push eax movzx eax, cl push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov esi, eax test word [ebp - 0x3c], bx -je loc_000014c6 ; je 0x14c6 +je loc_00001534 ; je 0x1534 sub esp, 0xc lea eax, [eax + 0xba] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x40 -je loc_000014c6 ; je 0x14c6 +je loc_00001534 ; je 0x1534 push edx push 0x10100 push 0xff0000ff lea eax, [esi + 0x18] push eax mov dword [ebp - 0x40], eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop ecx pop ebx mov ebx, dword [ebp - 0x48] push 0 push ebx -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 mov dword [esp], ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je loc_000014c6 ; je 0x14c6 +je loc_00001534 ; je 0x1534 sub esp, 0xc push dword [ebp - 0x54] -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x44], 0 mov bl, al sar bl, 7 and ebx, 7 -loc_0000136d: +loc_000013db: movzx edx, byte [ebp - 0x44] push eax push edx push 0 push 1 mov dword [ebp - 0x58], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_000013aa ; je 0x13aa +je short loc_00001418 ; je 0x1418 mov edx, dword [ebp - 0x58] lea eax, [ebp - 0x2c] push eax push edx push 0 push 1 -call fcn_00000cb2 ; call 0xcb2 +call fcn_00000d20 ; call 0xd20 mov ecx, dword [ebp + 0x18] add esp, 0x10 mov eax, dword [ebp - 0x2c] add dword [ecx], eax -loc_000013aa: +loc_00001418: inc byte [ebp - 0x44] cmp byte [ebp - 0x44], bl -jbe short loc_0000136d ; jbe 0x136d +jbe short loc_000013db ; jbe 0x13db mov eax, dword [ebp - 0x48] sub esp, 0xc add eax, 0xb push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp al, 3 -jne short loc_00001442 ; jne 0x1442 +jne short loc_000014b0 ; jne 0x14b0 cmp byte [ebp - 0x4f], 0 -jne short loc_000013ea ; jne 0x13ea +jne short loc_00001458 ; jne 0x1458 cmp byte [ebp - 0x4e], 0 -je short loc_000013de ; je 0x13de +je short loc_0000144c ; je 0x144c cmp byte [ebp - 0x50], 0 -je loc_000014b4 ; je 0x14b4 +je loc_00001522 ; je 0x1522 -loc_000013de: +loc_0000144c: mov eax, dword [ebp + 0x10] cmp dword [eax], 2 -je loc_000014b4 ; je 0x14b4 +je loc_00001522 ; je 0x1522 -loc_000013ea: +loc_00001458: mov eax, dword [ebp + 0x10] cmp dword [eax], 1 -je loc_0000153f ; je 0x153f +je loc_000015ad ; je 0x15ad push ebx add esi, 0x3e push ebx push 0x18 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov eax, dword [ebp + 0x10] mov dword [eax], 1 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je loc_00001545 ; je 0x1545 +je loc_000015b3 ; je 0x15b3 movzx edx, byte [ebp - 0x3a] movzx eax, byte [ebp - 0x4d] movzx ebx, byte [ebp - 0x4c] @@ -2128,15 +2171,15 @@ push eax push ebx push edx push eax -push ref_00020b95 ; push 0x20b95 +push ref_00020c25 ; push 0x20c25 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -jmp near loc_00001545 ; jmp 0x1545 +jmp near loc_000015b3 ; jmp 0x15b3 -loc_00001442: +loc_000014b0: cmp al, 6 -jne short loc_000014b4 ; jne 0x14b4 +jne short loc_00001522 ; jne 0x1522 push dword [ebp + 0x18] movzx edx, byte [ebp - 0x3a] movzx ebx, byte [ebp - 0x4d] @@ -2146,61 +2189,61 @@ push ebx push eax mov dword [ebp - 0x44], eax mov dword [ebp - 0x4c], edx -call fcn_000010d4 ; call 0x10d4 +call fcn_00001142 ; call 0x1142 add esp, 0x10 dec al -jne short loc_000014b4 ; jne 0x14b4 +jne short loc_00001522 ; jne 0x1522 mov eax, dword [ebp + 0x10] cmp dword [eax], 1 -je short loc_000014b4 ; je 0x14b4 +je short loc_00001522 ; je 0x1522 push eax add esi, 0x3e push eax push 0x18 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov eax, dword [ebp + 0x10] mov dword [eax], 1 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov cl, byte [ebp - 0x3a] add esp, 0x10 mov edx, dword [ebp - 0x4c] mov byte [ebp - 0x39], cl test al, al -je short loc_000014b4 ; je 0x14b4 +je short loc_00001522 ; je 0x1522 push esi push edx push ebx push dword [ebp - 0x44] push edx push ebx -push ref_00020b95 ; push 0x20b95 +push ref_00020c25 ; push 0x20c25 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_000014b4: +loc_00001522: push ecx push ecx push 0xff0000ff push dword [ebp - 0x40] -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_000014c6: +loc_00001534: add edi, 5 lea eax, [ebp - 0x18] cmp edi, eax -jne loc_000012ca ; jne 0x12ca +jne loc_00001338 ; jne 0x1338 cmp byte [ebp - 0x39], 0xff -je short loc_00001550 ; je 0x1550 +je short loc_000015be ; je 0x15be lea ebx, [ebp - 0x27] mov byte [ebp - 0x3a], 0 -loc_000014e1: +loc_0000154f: mov al, byte [ebp - 0x3a] cmp byte [ebp - 0x39], al -je short loc_00001531 ; je 0x1531 +je short loc_0000159f ; je 0x159f push edx movzx esi, byte [ebx + 2] push esi @@ -2209,46 +2252,46 @@ push edi movzx ecx, byte [ebx] push ecx mov dword [ebp - 0x40], ecx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx pop edx push 4 add eax, 0x3e push eax -call fcn_00018863 ; call 0x18863 -call fcn_000153e9 ; call 0x153e9 +call fcn_00018927 ; call 0x18927 +call fcn_00015479 ; call 0x15479 add esp, 0x10 mov ecx, dword [ebp - 0x40] test al, al -je short loc_00001531 ; je 0x1531 +je short loc_0000159f ; je 0x159f push eax push esi push edi push ecx push esi push edi -push ref_00020bc6 ; push 0x20bc6 +push ref_00020c56 ; push 0x20c56 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00001531: +loc_0000159f: inc byte [ebp - 0x3a] add ebx, 5 cmp byte [ebp - 0x3a], 3 -jne short loc_000014e1 ; jne 0x14e1 -jmp short loc_00001550 ; jmp 0x1550 +jne short loc_0000154f ; jne 0x154f +jmp short loc_000015be ; jmp 0x15be -loc_0000153f: +loc_000015ad: mov al, byte [ebp - 0x39] mov byte [ebp - 0x3a], al -loc_00001545: +loc_000015b3: mov al, byte [ebp - 0x3a] mov byte [ebp - 0x39], al -jmp near loc_000014b4 ; jmp 0x14b4 +jmp near loc_00001522 ; jmp 0x1522 -loc_00001550: +loc_000015be: lea esp, [ebp - 0xc] pop ebx pop esi @@ -2256,7 +2299,7 @@ pop edi pop ebp ret -fcn_00001558: +fcn_000015c6: push ebp mov ebp, esp push edi @@ -2274,20 +2317,20 @@ push edi mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x20] mov dword [ebp - 0x24], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov ecx, eax -loc_00001589: +loc_000015f7: and ecx, dword [ebp - 0x20] cmp ecx, dword [ebp - 0x24] -je short loc_000015bc ; je 0x15bc +je short loc_0000162a ; je 0x162a cmp bx, 0xbb8 -je short loc_000015bc ; je 0x15bc +je short loc_0000162a ; je 0x162a sub esp, 0xc inc ebx push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc push 0x3e8 push esi @@ -2296,25 +2339,25 @@ mov dword [ebp - 0x28], eax call dword [esi + 4] ; ucall add esp, 0x10 mov ecx, dword [ebp - 0x28] -jmp short loc_00001589 ; jmp 0x1589 +jmp short loc_000015f7 ; jmp 0x15f7 -loc_000015bc: -call fcn_000153f0 ; call 0x153f0 +loc_0000162a: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000015ed ; je 0x15ed +je short loc_0000165b ; je 0x165b cmp bx, 0xbb8 -jne short loc_000015ed ; jne 0x15ed -mov dword [ebp + 0x10], ref_00020bee ; mov dword [ebp + 0x10], 0x20bee +jne short loc_0000165b ; jne 0x165b +mov dword [ebp + 0x10], ref_00020c7e ; mov dword [ebp + 0x10], 0x20c7e mov dword [ebp + 0xc], 0x41b -mov dword [ebp + 8], ref_00020b42 ; mov dword [ebp + 8], 0x20b42 +mov dword [ebp + 8], ref_00020bd2 ; mov dword [ebp + 8], 0x20bd2 lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_000153fc ; jmp 0x153fc +jmp near fcn_0001548c ; jmp 0x1548c -loc_000015ed: +loc_0000165b: lea esp, [ebp - 0xc] pop ebx pop esi @@ -2322,7 +2365,7 @@ pop edi pop ebp ret -fcn_000015f5: +fcn_00001663: push ebp mov ebp, esp push edi @@ -2336,110 +2379,110 @@ push 0 mov dword [ebp - 0x30], 0 mov dword [ebp - 0x2c], 0 mov dword [ebp - 0x28], 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 2 push 0 mov ebx, eax mov dword [ebp - 0x4c], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x44], eax mov eax, ebx add eax, 0x48 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebp - 0x54], eax -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov dword [ebp - 0x3c], eax lea eax, [ebp - 0x1c] mov dword [esp], eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000169e ; je 0x169e +je short loc_0000170c ; je 0x170c test ebx, ebx -jns short loc_0000169e ; jns 0x169e -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000170c ; jns 0x170c +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001689 ; je 0x1689 +je short loc_000016f7 ; je 0x16f7 push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001689: +loc_000016f7: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x55 -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000169e: +loc_0000170c: lea eax, [ebp - 0x20] push eax push 0 push 0 -push ref_0002912c ; push 0x2912c -call fcn_00019699 ; call 0x19699 +push ref_000291dc ; push 0x291dc +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000016f4 ; je 0x16f4 +je short loc_00001762 ; je 0x1762 test ebx, ebx -jns short loc_000016f4 ; jns 0x16f4 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00001762 ; jns 0x1762 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000016df ; je 0x16df +je short loc_0000174d ; je 0x174d push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000016df: +loc_0000174d: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x60 -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000016f4: +loc_00001762: mov eax, dword [ebp - 0x4c] lea ebx, [eax + 0x50] push eax push eax push 2 push ebx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 pop eax push dword [ebp - 0x44] mov dword [ebp - 0x34], 0 -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp byte [edi], 0x10 mov word [ebp - 0x40], ax -jbe short loc_00001729 ; jbe 0x1729 +jbe short loc_00001797 ; jbe 0x1797 mov eax, dword [edi + 1] cmp byte [eax + 0x33], 0 -jne short loc_0000175c ; jne 0x175c +jne short loc_000017ca ; jne 0x17ca -loc_00001729: +loc_00001797: lea esi, [ebp - 0x34] push eax push esi lea edx, [ebp - 0x30] push edx push dword [ebp + 8] -call fcn_00000e49 ; call 0xe49 +call fcn_00000eb7 ; call 0xeb7 lea edx, [ebp - 0x2c] mov dword [esp], edx mov edx, dword [edi + 5] @@ -2450,37 +2493,37 @@ mov eax, dword [edi + 0xd] movzx eax, byte [eax + 4] push eax push dword [ebp + 8] -call fcn_0000123f ; call 0x123f +call fcn_000012ad ; call 0x12ad add esp, 0x20 -loc_0000175c: +loc_000017ca: mov eax, dword [edi + 5] mov eax, dword [eax + 8] test eax, eax -jne short loc_000017aa ; jne 0x17aa -call fcn_000153e9 ; call 0x153e9 +jne short loc_00001818 ; jne 0x1818 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001780 ; je 0x1780 +je short loc_000017ee ; je 0x17ee push esi push esi -push ref_00020c03 ; push 0x20c03 +push ref_00020c93 ; push 0x20c93 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001780: -call fcn_000153f0 ; call 0x153f0 +loc_000017ee: +call fcn_00015480 ; call 0x15480 test al, al -je loc_00001cc0 ; je 0x1cc0 +je loc_00001d2e ; je 0x1d2e push ebx -push ref_00020c4e ; push 0x20c4e +push ref_00020cde ; push 0x20cde push 0x83 -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp near loc_00001cc0 ; jmp 0x1cc0 +jmp near loc_00001d2e ; jmp 0x1d2e -loc_000017aa: +loc_00001818: mov edx, dword [ebp - 0x3c] cmp edx, 0x40650 sete cl @@ -2489,17 +2532,17 @@ sete dl or dl, cl mov byte [ebp - 0x47], cl mov byte [ebp - 0x45], dl -jne short loc_000017da ; jne 0x17da +jne short loc_00001848 ; jne 0x1848 mov edx, eax and edx, 0xff000000 cmp dword [ebp - 0x3c], 0x40660 -jne short loc_000017e1 ; jne 0x17e1 +jne short loc_0000184f ; jne 0x184f -loc_000017da: +loc_00001848: and eax, 0xffc00000 mov edx, eax -loc_000017e1: +loc_0000184f: mov eax, dword [ebp - 0x44] cmp word [ebp - 0x40], 0xffff setne byte [ebp - 0x46] @@ -2510,9 +2553,9 @@ push eax push eax push edx push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx push 6 @@ -2522,140 +2565,140 @@ and dword [ebp - 0x40], 0xfffffff0 add eax, 4 push eax mov dword [ebp - 0x50], eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 cmp byte [ebp - 0x46], 0 -je loc_00001a8c ; je 0x1a8c +je loc_00001afa ; je 0x1afa cmp dword [ebp - 0x34], 0 mov eax, dword [edi + 5] -je short loc_0000183c ; je 0x183c +je short loc_000018aa ; je 0x18aa cmp byte [eax + 6], 0 -jne short loc_00001842 ; jne 0x1842 +jne short loc_000018b0 ; jne 0x18b0 -loc_0000183c: +loc_000018aa: cmp byte [eax + 5], 0 -jne short loc_0000184c ; jne 0x184c +jne short loc_000018ba ; jne 0x18ba -loc_00001842: +loc_000018b0: cmp byte [eax + 5], 1 -jne loc_00001a8c ; jne 0x1a8c +jne loc_00001afa ; jne 0x1afa -loc_0000184c: -call fcn_000153e9 ; call 0x153e9 +loc_000018ba: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001866 ; je 0x1866 +je short loc_000018d4 ; je 0x18d4 push eax push eax -push ref_00020c5c ; push 0x20c5c +push ref_00020cec ; push 0x20cec push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001866: +loc_000018d4: push eax push eax mov eax, dword [ebp - 0x20] push 1 push dword [eax + 4] -call fcn_0001c50d ; call 0x1c50d +call fcn_0001c5d1 ; call 0x1c5d1 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000018bc ; je 0x18bc +je short loc_0000192a ; je 0x192a test esi, esi -jns short loc_000018bc ; jns 0x18bc -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000192a ; jns 0x192a +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000018a4 ; je 0x18a4 +je short loc_00001912 ; je 0x1912 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000018a4: +loc_00001912: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xae -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000018bc: +loc_0000192a: mov eax, dword [edi + 5] cmp byte [ebp - 0x45], 0 movzx esi, byte [eax + 4] -jne short loc_000018d2 ; jne 0x18d2 +jne short loc_00001940 ; jne 0x1940 cmp dword [ebp - 0x3c], 0x40660 -jne short loc_000018f4 ; jne 0x18f4 +jne short loc_00001962 ; jne 0x1962 -loc_000018d2: +loc_00001940: push eax push eax push 0xff07 push ebx -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 pop eax pop edx lea eax, [esi*8] movzx esi, al push esi push ebx -call fcn_0001866c ; call 0x1866c -jmp short loc_00001913 ; jmp 0x1913 +call fcn_00018730 ; call 0x18730 +jmp short loc_00001981 ; jmp 0x1981 -loc_000018f4: +loc_00001962: push eax push eax push 0xff push ebx -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 shl esi, 8 pop edx and esi, 0x3f00 pop ecx push esi push ebx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 -loc_00001913: +loc_00001981: mov eax, dword [edi + 5] add esp, 0x10 cmp word [eax + 2], 0 mov eax, dword [ebp - 0x44] lea esi, [eax + 0x62] -je short loc_00001995 ; je 0x1995 +je short loc_00001a03 ; je 0x1a03 cmp byte [ebp - 0x45], 0 -jne short loc_00001935 ; jne 0x1935 +jne short loc_000019a3 ; jne 0x19a3 cmp dword [ebp - 0x3c], 0x40660 -jne short loc_0000194b ; jne 0x194b +jne short loc_000019b9 ; jne 0x19b9 -loc_00001935: +loc_000019a3: push eax push 0x200 push 0xfcff push ebx -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 -jmp short loc_00001995 ; jmp 0x1995 +jmp short loc_00001a03 ; jmp 0x1a03 -loc_0000194b: -call fcn_000153f0 ; call 0x153f0 +loc_000019b9: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00001976 ; je 0x1976 +je short loc_000019e4 ; je 0x19e4 mov eax, dword [edi + 5] cmp word [eax + 2], 3 -jbe short loc_00001976 ; jbe 0x1976 +jbe short loc_000019e4 ; jbe 0x19e4 push eax -push ref_00020c6a ; push 0x20c6a +push ref_00020cfa ; push 0x20cfa push 0xd0 -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00001976: +loc_000019e4: push eax mov eax, dword [edi + 5] movzx eax, word [eax + 2] @@ -2664,17 +2707,17 @@ movzx eax, al push eax push 0xff3f push ebx -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 -jmp short loc_000019b8 ; jmp 0x19b8 +jmp short loc_00001a26 ; jmp 0x1a26 -loc_00001995: +loc_00001a03: cmp byte [ebp - 0x45], 0 -jne short loc_000019a4 ; jne 0x19a4 +jne short loc_00001a12 ; jne 0x1a12 cmp dword [ebp - 0x3c], 0x40660 -jne short loc_000019b8 ; jne 0x19b8 +jne short loc_00001a26 ; jne 0x1a26 -loc_000019a4: +loc_00001a12: push eax mov eax, dword [edi + 5] mov al, byte [eax + 7] @@ -2682,180 +2725,180 @@ add eax, eax movzx eax, al push eax push 0xf9 -jmp short loc_000019c6 ; jmp 0x19c6 +jmp short loc_00001a34 ; jmp 0x1a34 -loc_000019b8: +loc_00001a26: push eax mov eax, dword [edi + 5] movzx eax, byte [eax + 7] push eax push 0xe0 -loc_000019c6: +loc_00001a34: push esi -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a mov eax, dword [edi + 5] add esp, 0x10 cmp byte [eax + 6], 0 -je short loc_00001a04 ; je 0x1a04 +je short loc_00001a72 ; je 0x1a72 cmp dword [ebp - 0x34], 0 -je short loc_00001a04 ; je 0x1a04 +je short loc_00001a72 ; je 0x1a72 push ecx push ecx push 2 push ebx -call fcn_00018863 ; call 0x18863 -call fcn_000153e9 ; call 0x153e9 +call fcn_00018927 ; call 0x18927 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00001a14 ; je 0x1a14 +je short loc_00001a82 ; je 0x1a82 push edx push edx -push ref_00020c96 ; push 0x20c96 +push ref_00020d26 ; push 0x20d26 push 0x40 -call fcn_000153f7 ; call 0x153f7 -jmp short loc_00001a11 ; jmp 0x1a11 +call fcn_00015487 ; call 0x15487 +jmp short loc_00001a7f ; jmp 0x1a7f -loc_00001a04: +loc_00001a72: push eax push eax push 0xfffd push ebx -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 -loc_00001a11: +loc_00001a7f: add esp, 0x10 -loc_00001a14: +loc_00001a82: mov eax, dword [ebp - 0x3c] cmp eax, 0x40670 -je short loc_00001a25 ; je 0x1a25 +je short loc_00001a93 ; je 0x1a93 cmp eax, 0x306d0 -jne short loc_00001a3d ; jne 0x1a3d +jne short loc_00001aab ; jne 0x1aab -loc_00001a25: +loc_00001a93: push eax push eax mov eax, dword [ebp - 0x40] push 0x4000 add eax, 0x6c004 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00001a3d: +loc_00001aab: cmp byte [edi], 0xd -jbe short loc_00001a66 ; jbe 0x1a66 +jbe short loc_00001ad4 ; jbe 0x1ad4 mov eax, dword [edi + 5] cmp byte [eax + 0xc], 1 -jne short loc_00001a66 ; jne 0x1a66 +jne short loc_00001ad4 ; jne 0x1ad4 cmp dword [ebp - 0x1c], 0x11 -je short loc_00001a66 ; je 0x1a66 +je short loc_00001ad4 ; je 0x1ad4 push eax push eax mov eax, dword [ebp - 0x40] push 8 add eax, 0xc7204 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00001a66: +loc_00001ad4: push eax push eax push 0xfff9 push dword [ebp - 0x50] -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 lea eax, [ebp - 0x28] push eax push 0 push 2 push 0 -call fcn_00000cb2 ; call 0xcb2 +call fcn_00000d20 ; call 0xd20 add esp, 0x20 -jmp near loc_00001c56 ; jmp 0x1c56 +jmp near loc_00001cc4 ; jmp 0x1cc4 -loc_00001a8c: +loc_00001afa: push eax push eax mov eax, dword [ebp - 0x20] push 0 push dword [eax + 4] -call fcn_0001c50d ; call 0x1c50d +call fcn_0001c5d1 ; call 0x1c5d1 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00001ae2 ; je 0x1ae2 +je short loc_00001b50 ; je 0x1b50 test esi, esi -jns short loc_00001ae2 ; jns 0x1ae2 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00001b50 ; jns 0x1b50 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001aca ; je 0x1aca +je short loc_00001b38 ; je 0x1b38 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001aca: +loc_00001b38: push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x106 -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00001ae2: +loc_00001b50: lea eax, [ebp - 0x24] push eax push 0 push 0 -push ref_0002901c ; push 0x2901c -call fcn_00019699 ; call 0x19699 +push ref_000290cc ; push 0x290cc +call fcn_0001975d ; call 0x1975d mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00001b3b ; je 0x1b3b +je short loc_00001ba9 ; je 0x1ba9 test esi, esi -jns short loc_00001b3b ; jns 0x1b3b -call fcn_000153e9 ; call 0x153e9 +jns short loc_00001ba9 ; jns 0x1ba9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001b23 ; je 0x1b23 +je short loc_00001b91 ; je 0x1b91 push ecx push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001b23: +loc_00001b91: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x108 -push ref_00020b42 ; push 0x20b42 -call fcn_000153fc ; call 0x153fc +push ref_00020bd2 ; push 0x20bd2 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00001b3b: +loc_00001ba9: cmp dword [ebp - 0x3c], 0x306d0 -je short loc_00001b4e ; je 0x1b4e +je short loc_00001bbc ; je 0x1bbc cmp byte [ebp - 0x47], 0 -je loc_00001bdd ; je 0x1bdd +je loc_00001c4b ; je 0x1c4b -loc_00001b4e: +loc_00001bbc: push eax mov eax, dword [ebp - 0x40] push 0x80000000 push 0xffffffffffffffff add eax, 0x130040 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp byte [ebp - 0x46], 0 -je short loc_00001b8f ; je 0x1b8f +je short loc_00001bfd ; je 0x1bfd push eax mov eax, dword [ebp - 0x40] xor edx, edx @@ -2866,10 +2909,10 @@ push edx push eax push dword [ebp - 0x24] push dword [ebp + 8] -call fcn_00001558 ; call 0x1558 +call fcn_000015c6 ; call 0x15c6 add esp, 0x20 -loc_00001b8f: +loc_00001bfd: mov esi, dword [ebp - 0x54] push eax push 1 @@ -2877,7 +2920,7 @@ push 0xffffffffffffffff and esi, 0xfffffffe lea eax, [esi + 0x5f0c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp - 0x24] add esp, 0xc push 1 @@ -2886,7 +2929,7 @@ push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 cmp byte [ebp - 0x46], 0 -je short loc_00001bdd ; je 0x1bdd +je short loc_00001c4b ; je 0x1c4b push eax xor edx, edx push 0 @@ -2896,46 +2939,46 @@ push edx push esi push dword [ebp - 0x24] push dword [ebp + 8] -call fcn_00001558 ; call 0x1558 +call fcn_000015c6 ; call 0x15c6 add esp, 0x20 -loc_00001bdd: +loc_00001c4b: push eax push eax push 0xfff9 push dword [ebp - 0x50] -call fcn_00018890 ; call 0x18890 -call fcn_000153e9 ; call 0x153e9 +call fcn_00018954 ; call 0x18954 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00001c09 ; je 0x1c09 +je short loc_00001c77 ; je 0x1c77 push eax push eax -push ref_00020cd6 ; push 0x20cd6 +push ref_00020d66 ; push 0x20d66 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001c09: +loc_00001c77: cmp byte [ebp - 0x45], 0 -jne short loc_00001c18 ; jne 0x1c18 +jne short loc_00001c86 ; jne 0x1c86 cmp dword [ebp - 0x3c], 0x40660 -jne short loc_00001c22 ; jne 0x1c22 +jne short loc_00001c90 ; jne 0x1c90 -loc_00001c18: +loc_00001c86: push esi push 2 push 0xfc07 -jmp short loc_00001c27 ; jmp 0x1c27 +jmp short loc_00001c95 ; jmp 0x1c95 -loc_00001c22: +loc_00001c90: push ecx push 2 push 0x3f -loc_00001c27: +loc_00001c95: push ebx -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 mov eax, dword [edi + 5] add esp, 0x10 mov word [eax + 2], 0 @@ -2947,10 +2990,10 @@ push edx push 0xef add eax, 0x54 push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d add esp, 0x10 -loc_00001c56: +loc_00001cc4: mov eax, dword [ebp - 0x2c] mov esi, dword [ebp - 0x30] mov ebx, dword [ebp - 0x28] @@ -2959,39 +3002,39 @@ push eax push eax push 0 push dword [ebp - 0x58] -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e mov eax, dword [edi + 9] add esp, 0x10 cmp byte [eax + 3], 0 -jne short loc_00001cc0 ; jne 0x1cc0 +jne short loc_00001d2e ; jne 0x1d2e add esi, dword [ebp - 0x3c] mov edx, dword [edi + 5] add ebx, esi cmp ebx, 0x3fffffff -jbe short loc_00001c91 ; jbe 0x1c91 +jbe short loc_00001cff ; jbe 0x1cff mov word [edx], 0x800 -jmp short loc_00001cc0 ; jmp 0x1cc0 +jmp short loc_00001d2e ; jmp 0x1d2e -loc_00001c91: +loc_00001cff: cmp ebx, 0x2fffffff -jbe short loc_00001ca0 ; jbe 0x1ca0 +jbe short loc_00001d0e ; jbe 0x1d0e mov word [edx], 0x700 -jmp short loc_00001cc0 ; jmp 0x1cc0 +jmp short loc_00001d2e ; jmp 0x1d2e -loc_00001ca0: +loc_00001d0e: cmp ebx, 0x1fffffff -jbe short loc_00001caf ; jbe 0x1caf +jbe short loc_00001d1d ; jbe 0x1d1d mov word [edx], 0x600 -jmp short loc_00001cc0 ; jmp 0x1cc0 +jmp short loc_00001d2e ; jmp 0x1d2e -loc_00001caf: +loc_00001d1d: cmp ebx, 0x10000000 sbb eax, eax xor al, al add ax, 0x500 mov word [edx], ax -loc_00001cc0: +loc_00001d2e: lea esp, [ebp - 0xc] pop ebx pop esi @@ -2999,7 +3042,7 @@ pop edi pop ebp ret -fcn_00001cc8: +fcn_00001d36: push ebp xor ecx, ecx mov ebp, esp @@ -3012,55 +3055,55 @@ mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov dword [ebp - 0x1c], 0 -loc_00001ce5: +loc_00001d53: mov eax, dword [esi + ecx*4] mov ebx, edx shl ebx, cl inc ecx or byte [ebp + eax - 0x1c], bl cmp ecx, 8 -jne short loc_00001ce5 ; jne 0x1ce5 +jne short loc_00001d53 ; jne 0x1d53 xor ebx, ebx -loc_00001cf8: +loc_00001d66: cmp byte [esi + ebx*2 + 0x20], 1 mov cl, bl -jne short loc_00001d4f ; jne 0x1d4f +jne short loc_00001dbd ; jne 0x1dbd movzx eax, byte [esi + ebx*2 + 0x21] movzx edx, byte [ebp + ebx - 0x1c] shl eax, 0x18 or edx, 0x80000000 or edx, eax cmp bl, 2 -je short loc_00001d31 ; je 0x1d31 +je short loc_00001d9f ; je 0x1d9f cmp bl, 3 -je short loc_00001d38 ; je 0x1d38 +je short loc_00001da6 ; je 0x1da6 dec cl mov eax, 0x14 mov ecx, 0x20 cmove eax, ecx -jmp short loc_00001d3d ; jmp 0x1d3d +jmp short loc_00001dab ; jmp 0x1dab -loc_00001d31: +loc_00001d9f: mov eax, 0x2c -jmp short loc_00001d3d ; jmp 0x1d3d +jmp short loc_00001dab ; jmp 0x1dab -loc_00001d38: +loc_00001da6: mov eax, 0x38 -loc_00001d3d: +loc_00001dab: push ecx add eax, edi push edx push 0xf8ffff01 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00001d4f: +loc_00001dbd: inc ebx cmp ebx, 4 -jne short loc_00001cf8 ; jne 0x1cf8 +jne short loc_00001d66 ; jne 0x1d66 push eax xor eax, eax cmp byte [esi + 0x22], 1 @@ -3069,7 +3112,7 @@ add edi, 4 push eax push 0xf8 push edi -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -3078,7 +3121,7 @@ pop edi pop ebp ret -fcn_00001d78: +fcn_00001de6: push ebp mov ebp, esp push edi @@ -3088,16 +3131,16 @@ push ebx sub esp, 0xc mov ebx, dword [ebp + 0xc] -loc_00001d86: +loc_00001df4: mov ecx, dword [ebp + 8] mov eax, edi cmp byte [ecx + edi*2 + 0x20], 1 -je short loc_00001da2 ; je 0x1da2 +je short loc_00001e10 ; je 0x1e10 -loc_00001d92: +loc_00001e00: inc edi cmp edi, 4 -jne short loc_00001d86 ; jne 0x1d86 +jne short loc_00001df4 ; jne 0x1df4 lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -3106,37 +3149,37 @@ pop edi pop ebp ret -loc_00001da2: +loc_00001e10: cmp al, 2 -je short loc_00001dbb ; je 0x1dbb +je short loc_00001e29 ; je 0x1e29 cmp al, 3 -je short loc_00001dc2 ; je 0x1dc2 +je short loc_00001e30 ; je 0x1e30 dec al mov esi, 0x1a mov eax, 0x26 cmove esi, eax -jmp short loc_00001dc7 ; jmp 0x1dc7 +jmp short loc_00001e35 ; jmp 0x1e35 -loc_00001dbb: +loc_00001e29: mov esi, 0x32 -jmp short loc_00001dc7 ; jmp 0x1dc7 +jmp short loc_00001e35 ; jmp 0x1e35 -loc_00001dc2: +loc_00001e30: mov esi, 0x3e -loc_00001dc7: +loc_00001e35: add esi, ebx -loc_00001dc9: +loc_00001e37: sub esp, 0xc push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -jne short loc_00001dc9 ; jne 0x1dc9 -jmp short loc_00001d92 ; jmp 0x1d92 +jne short loc_00001e37 ; jne 0x1e37 +jmp short loc_00001e00 ; jmp 0x1e00 -fcn_00001ddb: +fcn_00001e49: push ebp mov ebp, esp push edi @@ -3147,115 +3190,115 @@ mov ebx, dword [ebp + 0xc] push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax add esi, 0x68 lea eax, [eax + 0x48] mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov dword [esp], esi -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 and eax, 0xfffffffe mov edi, edx mov esi, eax -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov dword [ebp - 0x30], eax lea eax, [ebp - 0x20] push eax push 0 push 0 -push ref_000290fc ; push 0x290fc -call fcn_00019699 ; call 0x19699 +push ref_000291ac ; push 0x291ac +call fcn_0001975d ; call 0x1975d add esp, 0x20 mov dword [ebp - 0x2c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00001e74 ; je 0x1e74 +je short loc_00001ee2 ; je 0x1ee2 cmp dword [ebp - 0x2c], 0 -jns short loc_00001e74 ; jns 0x1e74 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00001ee2 ; jns 0x1ee2 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001e5f ; je 0x1e5f +je short loc_00001ecd ; je 0x1ecd push eax push dword [ebp - 0x2c] -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001e5f: +loc_00001ecd: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x3e -push ref_00020ceb ; push 0x20ceb -call fcn_000153fc ; call 0x153fc +push ref_00020d7b ; push 0x20d7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00001e74: +loc_00001ee2: lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_000290cc ; push 0x290cc -call fcn_00019699 ; call 0x19699 +push ref_0002917c ; push 0x2917c +call fcn_0001975d ; call 0x1975d mov dword [ebp - 0x2c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00001ecf ; je 0x1ecf +je short loc_00001f3d ; je 0x1f3d cmp dword [ebp - 0x2c], 0 -jns short loc_00001ecf ; jns 0x1ecf -call fcn_000153e9 ; call 0x153e9 +jns short loc_00001f3d ; jns 0x1f3d +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001eba ; je 0x1eba +je short loc_00001f28 ; je 0x1f28 push edx push dword [ebp - 0x2c] -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001eba: +loc_00001f28: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x41 -push ref_00020ceb ; push 0x20ceb -call fcn_000153fc ; call 0x153fc +push ref_00020d7b ; push 0x20d7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00001ecf: +loc_00001f3d: mov eax, dword [ebp - 0x30] cmp eax, 0x40660 -je short loc_00001f1a ; je 0x1f1a +je short loc_00001f88 ; je 0x1f88 cmp eax, 0x306c0 -je short loc_00001f1a ; je 0x1f1a +je short loc_00001f88 ; je 0x1f88 cmp eax, 0x40670 -je short loc_00001efc ; je 0x1efc +je short loc_00001f6a ; je 0x1f6a -loc_00001ee7: +loc_00001f55: push eax push eax push 2 lea eax, [esi + 0xa78] push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -jmp short loc_00001f1a ; jmp 0x1f1a +jmp short loc_00001f88 ; jmp 0x1f88 -loc_00001efc: +loc_00001f6a: push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -je short loc_00001ee7 ; je 0x1ee7 +je short loc_00001f55 ; je 0x1f55 -loc_00001f1a: +loc_00001f88: mov edx, dword [ebx + 0xd] mov eax, dword [ebp - 0x1c] mov dl, byte [edx] @@ -3268,97 +3311,97 @@ mov dl, byte [edx + 2] mov byte [eax + 0x26], dl xor eax, eax -loc_00001f39: +loc_00001fa7: mov edx, dword [ebp - 0x1c] lea ebx, [edx + eax*4] mov ecx, dword [ebx] cmp ecx, 1 -jne short loc_00001f4c ; jne 0x1f4c +jne short loc_00001fba ; jne 0x1fba cmp byte [edx + 0x22], 0 -jmp short loc_00001f60 ; jmp 0x1f60 +jmp short loc_00001fce ; jmp 0x1fce -loc_00001f4c: +loc_00001fba: cmp ecx, 2 -jne short loc_00001f57 ; jne 0x1f57 +jne short loc_00001fc5 ; jne 0x1fc5 cmp byte [edx + 0x24], 0 -jmp short loc_00001f60 ; jmp 0x1f60 +jmp short loc_00001fce ; jmp 0x1fce -loc_00001f57: +loc_00001fc5: cmp ecx, 3 -jne short loc_00001f68 ; jne 0x1f68 +jne short loc_00001fd6 ; jne 0x1fd6 cmp byte [edx + 0x26], 0 -loc_00001f60: -jne short loc_00001f68 ; jne 0x1f68 +loc_00001fce: +jne short loc_00001fd6 ; jne 0x1fd6 mov dword [ebx], 0 -loc_00001f68: +loc_00001fd6: inc eax cmp eax, 8 -jne short loc_00001f39 ; jne 0x1f39 +jne short loc_00001fa7 ; jne 0x1fa7 push eax push edi push esi push dword [ebp - 0x1c] -call fcn_00001cc8 ; call 0x1cc8 +call fcn_00001d36 ; call 0x1d36 mov eax, dword [ebp - 0x20] call dword [eax + 4] ; ucall mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00001fc3 ; je 0x1fc3 +je short loc_00002031 ; je 0x2031 test ebx, ebx -jns short loc_00001fc3 ; jns 0x1fc3 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00002031 ; jns 0x2031 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001fae ; je 0x1fae +je short loc_0000201c ; je 0x201c push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001fae: +loc_0000201c: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x62 -push ref_00020ceb ; push 0x20ceb -call fcn_000153fc ; call 0x153fc +push ref_00020d7b ; push 0x20d7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00001fc3: +loc_00002031: push ecx push edi push esi push dword [ebp - 0x1c] -call fcn_00001d78 ; call 0x1d78 -call fcn_000153f0 ; call 0x153f0 +call fcn_00001de6 ; call 0x1de6 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00002010 ; je 0x2010 +je short loc_0000207e ; je 0x207e test ebx, ebx -jns short loc_00002010 ; jns 0x2010 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000207e ; jns 0x207e +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00001ffb ; je 0x1ffb +je short loc_00002069 ; je 0x2069 push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00001ffb: +loc_00002069: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x68 -push ref_00020ceb ; push 0x20ceb -call fcn_000153fc ; call 0x153fc +push ref_00020d7b ; push 0x20d7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00002010: +loc_0000207e: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -3367,7 +3410,7 @@ pop edi pop ebp ret -fcn_0000201a: +fcn_00002088: push ebp mov ebp, esp push ebx @@ -3377,21 +3420,21 @@ push 0x20 lea eax, [ebx + 0x88] add ebx, 0x8a push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000203b: +loc_000020a9: sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ah, 8 -jne short loc_0000203b ; jne 0x203b +jne short loc_000020a9 ; jne 0x20a9 mov ebx, dword [ebp - 4] leave ret -fcn_00002051: +fcn_000020bf: push ebp mov ebp, esp push ebx @@ -3401,23 +3444,23 @@ push 0x20000000 push 0xdfffffff lea eax, [ebx + 0x258] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x6b5 push 0xfffff800 lea eax, [ebx + 0x208] add ebx, 0x22c push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 mov dword [ebp + 8], ebx mov ebx, dword [ebp - 4] mov dword [ebp + 0x10], 0x2020 mov dword [ebp + 0xc], 0xffff0000 leave -jmp near fcn_00018aa4 ; jmp 0x18aa4 +jmp near fcn_00018b68 ; jmp 0x18b68 -fcn_000020ad: +fcn_0000211b: push ebp mov ebp, esp push edi @@ -3427,72 +3470,72 @@ sub esp, 0x30 push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax lea eax, [eax + 0x48] add ebx, 0x68 mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov dword [esp], ebx mov dword [ebp - 0x30], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov ebx, eax lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_0002912c ; push 0x2912c +push ref_000291dc ; push 0x291dc mov dword [ebp - 0x2c], edx -call fcn_00019699 ; call 0x19699 +call fcn_0001975d ; call 0x1975d add esp, 0x20 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000213a ; je 0x213a +je short loc_000021a8 ; je 0x21a8 test esi, esi -jns short loc_0000215c ; jns 0x215c -call fcn_000153e9 ; call 0x153e9 +jns short loc_000021ca ; jns 0x21ca +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00002122 ; je 0x2122 +je short loc_00002190 ; je 0x2190 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00002122: +loc_00002190: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x13f -push ref_00020ceb ; push 0x20ceb -call fcn_000153fc ; call 0x153fc +push ref_00020d7b ; push 0x20d7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000213a: +loc_000021a8: test esi, esi -jns short loc_0000215c ; jns 0x215c -call fcn_000153e9 ; call 0x153e9 +jns short loc_000021ca ; jns 0x21ca +call fcn_00015479 ; call 0x15479 test al, al -je loc_000023a3 ; je 0x23a3 +je loc_00002411 ; je 0x2411 push edi push edi -push ref_00020d1a ; push 0x20d1a +push ref_00020daa ; push 0x20daa push 0x80000000 -jmp near loc_000022ee ; jmp 0x22ee +jmp near loc_0000235c ; jmp 0x235c -loc_0000215c: -call fcn_000153e9 ; call 0x153e9 +loc_000021ca: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00002176 ; je 0x2176 +je short loc_000021e4 ; je 0x21e4 push esi push esi -push ref_00020d49 ; push 0x20d49 +push ref_00020dd9 ; push 0x20dd9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00002176: +loc_000021e4: and ebx, 0xfffffffe mov edi, dword [ebp - 0x2c] sub esp, 0xc @@ -3505,24 +3548,24 @@ push esi and ebx, 0xfffffffe push ebx push dword [ebp + 0xc] -call fcn_000041e9 ; call 0x41e9 +call fcn_00004257 ; call 0x4257 add esp, 0x20 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000021b5 ; je 0x21b5 +je short loc_00002223 ; je 0x2223 push ecx push ecx -push ref_00020d58 ; push 0x20d58 +push ref_00020de8 ; push 0x20de8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000021b5: +loc_00002223: push edx push dword [ebp - 0x2c] push ebx push dword [ebp + 0xc] -call fcn_00002051 ; call 0x2051 +call fcn_000020bf ; call 0x20bf mov ecx, dword [ebp + 0xc] add esp, 0x10 mov eax, dword [ecx + 0xd] @@ -3530,57 +3573,57 @@ cmp byte [eax + 3], 0 mov eax, dword [ebp - 0x2c] lea eax, [eax + 0x84] mov dword [ebp - 0x30], eax -jne short loc_00002200 ; jne 0x2200 +jne short loc_0000226e ; jne 0x226e -loc_000021dd: -call fcn_000153e9 ; call 0x153e9 +loc_0000224b: +call fcn_00015479 ; call 0x15479 test al, al -je loc_0000239c ; je 0x239c +je loc_0000240a ; je 0x240a push eax push eax -push ref_00020d78 ; push 0x20d78 +push ref_00020e08 ; push 0x20e08 push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_0000239c ; jmp 0x239c +jmp near loc_0000240a ; jmp 0x240a -loc_00002200: +loc_0000226e: mov eax, dword [ebp - 0x1c] sub esp, 0xc mov eax, dword [eax + 4] add eax, 0x21a4 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 and eax, 0xf dec al -je short loc_000021dd ; je 0x21dd +je short loc_0000224b ; je 0x224b push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xe4 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, 0x400000 -jne short loc_000021dd ; jne 0x21dd +jne short loc_0000224b ; jne 0x224b lea eax, [ebp - 0x20] push eax push 0 push 0 -push ref_000290fc ; push 0x290fc -call fcn_00019699 ; call 0x19699 +push ref_000291ac ; push 0x291ac +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00002269 ; je 0x2269 +je short loc_000022d7 ; je 0x22d7 test ebx, ebx -js loc_000022fb ; js 0x22fb +js loc_00002369 ; js 0x2369 -loc_00002269: +loc_000022d7: mov eax, dword [ebp - 0x20] mov bl, 1 call dword [eax + 8] ; ucall @@ -3588,13 +3631,13 @@ push eax push 2 push 0xfffffffffffffff0 push dword [ebp - 0x30] -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00002281: +loc_000022ef: sub esp, 0xc push dword [ebp - 0x30] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc and eax, 0xf push eax @@ -3602,110 +3645,110 @@ mov eax, dword [ebp - 0x2c] push 0xfffffffffffffff0 add eax, 0x98 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop ecx pop eax push edi push esi -call fcn_0000201a ; call 0x201a +call fcn_00002088 ; call 0x2088 mov eax, dword [ebp - 0x2c] add esp, 0x10 test bl, bl lea ebx, [eax + 0x8a] -jne short loc_00002335 ; jne 0x2335 +jne short loc_000023a3 ; jne 0x23a3 -loc_000022bc: +loc_0000232a: sub esp, 0xc xor esi, esi push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je loc_000023a3 ; je 0x23a3 +je loc_00002411 ; je 0x2411 mov eax, ebx and eax, 0xf shr bx, 4 push eax and ebx, 0x3f push ebx -push ref_00020dcf ; push 0x20dcf +push ref_00020e5f ; push 0x20e5f push 0x40 -loc_000022ee: -call fcn_000153f7 ; call 0x153f7 +loc_0000235c: +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_000023a3 ; jmp 0x23a3 +jmp near loc_00002411 ; jmp 0x2411 -loc_000022fb: -call fcn_000153e9 ; call 0x153e9 +loc_00002369: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00002318 ; je 0x2318 +je short loc_00002386 ; je 0x2386 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00002318: +loc_00002386: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x15f -push ref_00020ceb ; push 0x20ceb -call fcn_000153fc ; call 0x153fc +push ref_00020d7b ; push 0x20d7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp near loc_00002269 ; jmp 0x2269 +jmp near loc_000022d7 ; jmp 0x22d7 -loc_00002335: +loc_000023a3: sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0xf cmp ax, 2 -je short loc_00002366 ; je 0x2366 +je short loc_000023d4 ; je 0x23d4 -loc_0000234a: -call fcn_000153e9 ; call 0x153e9 +loc_000023b8: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000238b ; je 0x238b +je short loc_000023f9 ; je 0x23f9 push edx push edx -push ref_00020db0 ; push 0x20db0 +push ref_00020e40 ; push 0x20e40 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0000238b ; jmp 0x238b +jmp short loc_000023f9 ; jmp 0x23f9 -loc_00002366: +loc_000023d4: mov eax, dword [ebp - 0x1c] sub esp, 0xc mov eax, dword [eax + 4] add eax, 0x21aa push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0xf cmp ax, 2 -jne short loc_0000234a ; jne 0x234a -jmp near loc_000022bc ; jmp 0x22bc +jne short loc_000023b8 ; jne 0x23b8 +jmp near loc_0000232a ; jmp 0x232a -loc_0000238b: +loc_000023f9: push eax push eax push edi push esi -call fcn_0000201a ; call 0x201a +call fcn_00002088 ; call 0x2088 add esp, 0x10 -jmp near loc_000022bc ; jmp 0x22bc +jmp near loc_0000232a ; jmp 0x232a -loc_0000239c: +loc_0000240a: xor ebx, ebx -jmp near loc_00002281 ; jmp 0x2281 +jmp near loc_000022ef ; jmp 0x22ef -loc_000023a3: +loc_00002411: lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -3714,7 +3757,7 @@ pop edi pop ebp ret -fcn_000023ad: +fcn_0000241b: push ebp mov ebp, esp push edi @@ -3730,17 +3773,17 @@ mov eax, dword [ebp + 0xc] mov edi, eax mov eax, dword [ebp + 0x10] mov dword [ebp - 0x1c], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x54 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 shr ebx, 1 add esp, 0x10 and ebx, 7 test al, al -je short loc_00002412 ; je 0x2412 +je short loc_00002480 ; je 0x2480 movzx edx, byte [ebp - 0x1c] mov eax, edi push ecx @@ -3752,17 +3795,17 @@ push eax push ecx push edx push eax -push ref_00020dec ; push 0x20dec +push ref_00020e7c ; push 0x20e7c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00002412: +loc_00002480: movzx edx, byte [ebp - 0x1c] mov eax, 2 sub eax, edx bt ebx, eax -jae loc_000024b6 ; jae 0x24b6 +jae loc_00002524 ; jae 0x2524 mov eax, edi push ecx movzx eax, al @@ -3771,67 +3814,67 @@ push eax mov eax, esi movzx eax, al push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 0xb2] add esi, 0x11a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov dword [esp], esi mov ebx, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov esi, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00002484 ; je 0x2484 +je short loc_000024f2 ; je 0x24f2 mov eax, ebx and eax, 0xf shr bx, 4 push eax and ebx, 0x3f push ebx -push ref_00020e02 ; push 0x20e02 +push ref_00020e92 ; push 0x20e92 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00002484: -call fcn_000153e9 ; call 0x153e9 +loc_000024f2: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000024a4 ; je 0x24a4 +je short loc_00002512 ; je 0x2512 shr si, 1 and esi, 1 push eax push esi -push ref_00020e1b ; push 0x20e1b +push ref_00020eab ; push 0x20eab push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000024a4: -call fcn_000153e9 ; call 0x153e9 +loc_00002512: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000024d9 ; je 0x24d9 -mov dword [ebp + 0xc], ref_00021e91 ; mov dword [ebp + 0xc], 0x21e91 -jmp short loc_000024c6 ; jmp 0x24c6 +je short loc_00002547 ; je 0x2547 +mov dword [ebp + 0xc], ref_00021f21 ; mov dword [ebp + 0xc], 0x21f21 +jmp short loc_00002534 ; jmp 0x2534 -loc_000024b6: -call fcn_000153e9 ; call 0x153e9 +loc_00002524: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000024d9 ; je 0x24d9 -mov dword [ebp + 0xc], ref_000216c1 ; mov dword [ebp + 0xc], 0x216c1 +je short loc_00002547 ; je 0x2547 +mov dword [ebp + 0xc], ref_00021751 ; mov dword [ebp + 0xc], 0x21751 -loc_000024c6: +loc_00002534: mov dword [ebp + 8], 0x40 lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_000153f7 ; jmp 0x153f7 +jmp near fcn_00015487 ; jmp 0x15487 -loc_000024d9: +loc_00002547: lea esp, [ebp - 0xc] pop ebx pop esi @@ -3839,7 +3882,7 @@ pop edi pop ebp ret -fcn_000024e1: +fcn_0000254f: push ebp mov ebp, esp push edi @@ -3857,38 +3900,38 @@ movzx eax, al push eax movzx eax, cl push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0 push 0 mov edi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x54 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, 2 add esp, 0x10 sub edx, ebx shr eax, 1 and eax, 7 bt eax, edx -jae loc_000025be ; jae 0x25be +jae loc_0000262c ; jae 0x262c sub esp, 0xc add edi, 0x11a push edi xor esi, esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, eax shr dx, 1 and edx, 1 -loc_00002559: +loc_000025c7: cmp esi, 0x63 -ja short loc_0000258b ; ja 0x258b +ja short loc_000025f9 ; ja 0x25f9 test dx, dx -je short loc_0000258b ; je 0x258b +je short loc_000025f9 ; je 0x25f9 push eax mov eax, dword [ebp + 0xc] inc esi @@ -3897,19 +3940,19 @@ push dword [ebp + 0xc] push dword [ebp + 8] call dword [eax + 4] ; ucall mov dword [esp], edi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, eax shr dx, 1 and edx, 1 -jmp short loc_00002559 ; jmp 0x2559 +jmp short loc_000025c7 ; jmp 0x25c7 -loc_0000258b: +loc_000025f9: mov dword [ebp - 0x24], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x24] test al, al -je short loc_000025be ; je 0x25be +je short loc_0000262c ; je 0x262c sub esp, 0xc movzx eax, byte [ebp - 0x20] movzx edx, dx @@ -3921,12 +3964,12 @@ push eax push edx push ebx push eax -push ref_00020e3a ; push 0x20e3a +push ref_00020eca ; push 0x20eca push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x30 -loc_000025be: +loc_0000262c: lea esp, [ebp - 0xc] pop ebx pop esi @@ -3934,7 +3977,7 @@ pop edi pop ebp ret -fcn_000025c6: +fcn_00002634: push ebp mov ebp, esp push edi @@ -3945,185 +3988,185 @@ mov esi, dword [ebp + 0x14] lea eax, [ebp - 0x1c] mov ebx, dword [ebp + 0x18] push eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00002625 ; je 0x2625 +je short loc_00002693 ; je 0x2693 test edi, edi -jns short loc_00002625 ; jns 0x2625 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00002693 ; jns 0x2693 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000260d ; je 0x260d +je short loc_0000267b ; je 0x267b push ecx push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000260d: +loc_0000267b: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xa0 -push ref_00020e7c ; push 0x20e7c -call fcn_000153fc ; call 0x153fc +push ref_00020f0c ; push 0x20f0c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00002625: +loc_00002693: cmp dword [ebp - 0x1c], 0x11 -jne short loc_00002631 ; jne 0x2631 +jne short loc_0000269f ; jne 0x269f -loc_0000262b: +loc_00002699: test esi, esi -jne short loc_00002648 ; jne 0x2648 -jmp short loc_00002642 ; jmp 0x2642 +jne short loc_000026b6 ; jne 0x26b6 +jmp short loc_000026b0 ; jmp 0x26b0 -loc_00002631: +loc_0000269f: sub esp, 0xc push 1 -call fcn_0001c25d ; call 0x1c25d +call fcn_0001c321 ; call 0x1c321 add esp, 0x10 dec al -je short loc_0000262b ; je 0x262b +je short loc_00002699 ; je 0x2699 -loc_00002642: +loc_000026b0: mov byte [ebp - 0x2a], 0xf8 -jmp short loc_00002676 ; jmp 0x2676 +jmp short loc_000026e4 ; jmp 0x26e4 -loc_00002648: +loc_000026b6: cmp byte [esi + 0x28], 0 -je short loc_00002642 ; je 0x2642 +je short loc_000026b0 ; je 0x26b0 mov al, byte [esi + 0x46] mov byte [ebp - 0x2a], al test al, al -je short loc_00002642 ; je 0x2642 -call fcn_000153e9 ; call 0x153e9 +je short loc_000026b0 ; je 0x26b0 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00002676 ; je 0x2676 +je short loc_000026e4 ; je 0x26e4 push eax movzx eax, byte [esi + 0x46] push eax -push ref_00020eb0 ; push 0x20eb0 +push ref_00020f40 ; push 0x20f40 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00002676: -call fcn_000153e9 ; call 0x153e9 +loc_000026e4: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00002694 ; je 0x2694 +je short loc_00002702 ; je 0x2702 push eax movzx eax, byte [ebp - 0x2a] push eax -push ref_00020eda ; push 0x20eda +push ref_00020f6a ; push 0x20f6a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00002694: +loc_00002702: cmp bl, 2 -je short loc_000026a5 ; je 0x26a5 +je short loc_00002713 ; je 0x2713 xor edi, edi mov al, 6 cmp bl, 3 cmove edi, eax -jmp short loc_000026aa ; jmp 0x26aa +jmp short loc_00002718 ; jmp 0x2718 -loc_000026a5: +loc_00002713: mov edi, 4 -loc_000026aa: +loc_00002718: mov al, byte [ebp - 0x2a] mov byte [ebp - 0x2b], 0 mov byte [ebp - 0x29], 0 or eax, edi mov byte [ebp - 0x2d], al -loc_000026ba: +loc_00002728: xor ebx, ebx mov byte [ebp - 0x2c], 1 -loc_000026c0: +loc_0000272e: mov dl, byte [ebp - 0x2c] mov al, dl and eax, edi cmp dl, al -jne short loc_000026fc ; jne 0x26fc +jne short loc_0000276a ; jne 0x276a cmp byte [ebp - 0x2b], 0 -jne loc_0000276b ; jne 0x276b -call fcn_000153e9 ; call 0x153e9 +jne loc_000027d9 ; jne 0x27d9 +call fcn_00015479 ; call 0x15479 test al, al -je loc_0000276b ; je 0x276b +je loc_000027d9 ; je 0x27d9 push eax push ebx push 1 push 0 push ebx push 1 -push ref_00020eff ; push 0x20eff +push ref_00020f8f ; push 0x20f8f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -jmp short loc_0000276b ; jmp 0x276b +jmp short loc_000027d9 ; jmp 0x27d9 -loc_000026fc: +loc_0000276a: mov al, byte [ebp - 0x29] mov cl, byte [ebp - 0x2c] or al, byte [ebp - 0x2a] and eax, ecx cmp cl, al -je short loc_0000276b ; je 0x276b -call fcn_000153e9 ; call 0x153e9 +je short loc_000027d9 ; je 0x27d9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000272c ; je 0x272c +je short loc_0000279a ; je 0x279a push eax push ebx push 1 push 0 push ebx push 1 -push ref_00020f30 ; push 0x20f30 +push ref_00020fc0 ; push 0x20fc0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_0000272c: +loc_0000279a: push eax push ebx push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x11a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -jne short loc_0000276b ; jne 0x276b -call fcn_000153e9 ; call 0x153e9 +jne short loc_000027d9 ; jne 0x27d9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00002765 ; je 0x2765 +je short loc_000027d3 ; je 0x27d3 push eax push eax -push ref_00020f50 ; push 0x20f50 +push ref_00020fe0 ; push 0x20fe0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00002765: +loc_000027d3: mov al, byte [ebp - 0x2c] or byte [ebp - 0x29], al -loc_0000276b: +loc_000027d9: inc ebx shl byte [ebp - 0x2c], 1 cmp ebx, 3 -jne loc_000026c0 ; jne 0x26c0 +jne loc_0000272e ; jne 0x272e mov al, byte [ebp - 0x2d] or al, byte [ebp - 0x29] inc al -je short loc_000027a4 ; je 0x27a4 +je short loc_00002812 ; je 0x2812 push ecx mov eax, dword [ebp + 0xc] push 0x3e8 @@ -4133,38 +4176,38 @@ call dword [eax + 4] ; ucall inc byte [ebp - 0x2b] add esp, 0x10 cmp byte [ebp - 0x2b], 0x64 -jne loc_000026ba ; jne 0x26ba +jne loc_00002728 ; jne 0x2728 -loc_000027a4: -call fcn_000153e9 ; call 0x153e9 +loc_00002812: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000027c2 ; je 0x27c2 +je short loc_00002830 ; je 0x2830 movzx eax, byte [ebp - 0x2b] push edx push eax -push ref_00020f6e ; push 0x20f6e +push ref_00020ffe ; push 0x20ffe push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000027c2: +loc_00002830: test esi, esi -je short loc_000027ec ; je 0x27ec +je short loc_0000285a ; je 0x285a mov al, byte [ebp - 0x29] not eax mov byte [esi + 0x46], al -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000027ec ; je 0x27ec +je short loc_0000285a ; je 0x285a push eax movzx eax, byte [esi + 0x46] push eax -push ref_00020f84 ; push 0x20f84 +push ref_00021014 ; push 0x21014 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000027ec: +loc_0000285a: lea esp, [ebp - 0xc] pop ebx pop esi @@ -4172,7 +4215,7 @@ pop edi pop ebp ret -fcn_000027f4: +fcn_00002862: push ebp mov ebp, esp push edi @@ -4187,44 +4230,44 @@ movzx eax, byte [ebp + 0xc] push eax movzx eax, byte [ebp + 8] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 0x34] mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp al, 0xff -jne short loc_0000285a ; jne 0x285a +jne short loc_000028c8 ; jne 0x28c8 -loc_0000282b: +loc_00002899: xor eax, eax -jmp short loc_00002862 ; jmp 0x2862 +jmp short loc_000028d0 ; jmp 0x28d0 -loc_0000282f: +loc_0000289d: mov edi, eax sub esp, 0xc and edi, 0xfc lea ebx, [edi + esi] push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp al, byte [ebp - 0x19] -je short loc_00002860 ; je 0x2860 +je short loc_000028ce ; je 0x28ce sub esp, 0xc lea edx, [ebx + 1] push edx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 -loc_0000285a: +loc_000028c8: test al, al -jne short loc_0000282f ; jne 0x282f -jmp short loc_0000282b ; jmp 0x282b +jne short loc_0000289d ; jne 0x289d +jmp short loc_00002899 ; jmp 0x2899 -loc_00002860: +loc_000028ce: mov eax, edi -loc_00002862: +loc_000028d0: lea esp, [ebp - 0xc] pop ebx pop esi @@ -4232,7 +4275,7 @@ pop edi pop ebp ret -fcn_0000286a: +fcn_000028d8: push ebp mov ebp, esp push edi @@ -4248,49 +4291,49 @@ push eax movzx eax, byte [ebp + 0x10] push eax push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 test bl, bl -je loc_0000296c ; je 0x296c +je loc_000029da ; je 0x29da mov esi, eax lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_0002901c ; push 0x2901c -call fcn_00019699 ; call 0x19699 +push ref_000290cc ; push 0x290cc +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000028f5 ; je 0x28f5 +je short loc_00002963 ; je 0x2963 test ebx, ebx -jns short loc_000028f5 ; jns 0x28f5 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00002963 ; jns 0x2963 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000028dd ; je 0x28dd +je short loc_0000294b ; je 0x294b push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000028dd: +loc_0000294b: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x146 -push ref_00020e7c ; push 0x20e7c -call fcn_000153fc ; call 0x153fc +push ref_00020f0c ; push 0x20f0c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000028f5: +loc_00002963: push eax push eax push 0x10 lea ebx, [esi + 0xb0] push ebx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov eax, dword [ebp - 0x1c] add esp, 0xc push 0x3e8 @@ -4302,17 +4345,17 @@ add esp, 0x10 xor edx, edx dec eax cmp al, 7 -ja short loc_0000292c ; ja 0x292c +ja short loc_0000299a ; ja 0x299a movzx eax, al -movzx edx, byte [eax + ref_00020338] ; movzx edx, byte [eax + 0x20338] +movzx edx, byte [eax + ref_000203c8] ; movzx edx, byte [eax + 0x203c8] -loc_0000292c: +loc_0000299a: push eax add esi, 0x224 push edx push 0xffffffffffffffe0 push esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp - 0x1c] add esp, 0xc push 0x3e8 @@ -4323,7 +4366,7 @@ pop edx pop ecx push 0xffef push ebx -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 mov eax, dword [ebp - 0x1c] add esp, 0xc push 0x186a0 @@ -4332,7 +4375,7 @@ push edi call dword [eax + 4] ; ucall add esp, 0x10 -loc_0000296c: +loc_000029da: lea esp, [ebp - 0xc] pop ebx pop esi @@ -4340,7 +4383,7 @@ pop edi pop ebp ret -fcn_00002974: +fcn_000029e2: push ebp mov ebp, esp push edi @@ -4369,31 +4412,31 @@ add edx, 0x100000 or ebx, eax or ebx, edx test ecx, ecx -jne short loc_000029d0 ; jne 0x29d0 +jne short loc_00002a3e ; jne 0x2a3e mov dword [ebp + 0xc], ebx add esi, edi -jmp short loc_000029e3 ; jmp 0x29e3 +jmp short loc_00002a51 ; jmp 0x2a51 -loc_000029d0: +loc_00002a3e: push eax push 0 push ecx push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov dword [ebp + 0xc], ebx add esi, eax -loc_000029e3: +loc_00002a51: mov dword [ebp + 8], esi lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_000029f2: +fcn_00002a60: push ebp mov ebp, esp push edi @@ -4406,24 +4449,24 @@ shr ebx, 1 shl ebx, 5 add ebx, 0x914 test esi, esi -jne short loc_00002a1b ; jne 0x2a1b +jne short loc_00002a89 ; jne 0x2a89 mov eax, dword [ebp + 8] sub esp, 0xc add eax, ebx push eax -jmp short loc_00002a2b ; jmp 0x2a2b +jmp short loc_00002a99 ; jmp 0x2a99 -loc_00002a1b: +loc_00002a89: push edi push 0 push esi push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, ebx mov dword [esp], eax -loc_00002a2b: -call fcn_00017d8a ; call 0x17d8a +loc_00002a99: +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp + 0x10] add esp, 0x10 mov edi, dword [ebp + 0x14] @@ -4439,28 +4482,28 @@ add ecx, 0x100000 or edi, eax or edi, ecx test esi, esi -jne short loc_00002a6d ; jne 0x2a6d +jne short loc_00002adb ; jne 0x2adb push esi add ebx, dword [ebp + 8] push esi -jmp short loc_00002a7c ; jmp 0x2a7c +jmp short loc_00002aea ; jmp 0x2aea -loc_00002a6d: +loc_00002adb: push eax push 0 push esi push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx add ebx, eax -loc_00002a7c: +loc_00002aea: push edi push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 lea esp, [ebp - 0xc] pop ebx @@ -4471,7 +4514,7 @@ shr eax, 1 and eax, 0x3fff ret -fcn_00002a9d: +fcn_00002b0b: push ebp mov ebp, esp push edi @@ -4484,99 +4527,99 @@ mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x14] mov dword [ebp - 0x24], edx mov dword [ebp - 0x20], eax -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov dword [ebp - 0x1c], eax -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 mov edx, dword [ebp - 0x24] cmp dl, 1 -je short loc_00002ad4 ; je 0x2ad4 +je short loc_00002b42 ; je 0x2b42 cmp dl, 2 -je short loc_00002af8 ; je 0x2af8 -jmp short loc_00002b34 ; jmp 0x2b34 +je short loc_00002b66 ; je 0x2b66 +jmp short loc_00002ba2 ; jmp 0x2ba2 -loc_00002ad4: +loc_00002b42: lea edi, [ebx - 8] cmp bl, 7 -ja short loc_00002b36 ; ja 0x2b36 -call fcn_000153e9 ; call 0x153e9 +ja short loc_00002ba4 ; ja 0x2ba4 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00002bc1 ; je 0x2bc1 +je loc_00002c2f ; je 0x2c2f movzx ebx, bl mov dword [ebp + 0x14], ebx mov dword [ebp + 0x10], 1 -jmp short loc_00002b1a ; jmp 0x2b1a +jmp short loc_00002b88 ; jmp 0x2b88 -loc_00002af8: +loc_00002b66: lea edi, [ebx - 0xc] cmp bl, 0xb -ja short loc_00002b36 ; ja 0x2b36 -call fcn_000153e9 ; call 0x153e9 +ja short loc_00002ba4 ; ja 0x2ba4 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00002bc1 ; je 0x2bc1 +je loc_00002c2f ; je 0x2c2f movzx ebx, bl mov dword [ebp + 0x14], ebx mov dword [ebp + 0x10], 2 -loc_00002b1a: -mov dword [ebp + 0xc], ref_00020fa6 ; mov dword [ebp + 0xc], 0x20fa6 +loc_00002b88: +mov dword [ebp + 0xc], ref_00021036 ; mov dword [ebp + 0xc], 0x21036 mov dword [ebp + 8], 2 lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_000153f7 ; jmp 0x153f7 +jmp near fcn_00015487 ; jmp 0x15487 -loc_00002b34: +loc_00002ba2: mov edi, ebx -loc_00002b36: +loc_00002ba4: mov ecx, esi movzx esi, byte [ebp - 0x20] test cl, cl -je short loc_00002b5c ; je 0x2b5c +je short loc_00002bca ; je 0x2bca test edi, 1 -jne short loc_00002b52 ; jne 0x2b52 +jne short loc_00002bc0 ; jne 0x2bc0 shl esi, 8 mov ebx, 0xfffff0ff -jmp short loc_00002b8d ; jmp 0x2b8d +jmp short loc_00002bfb ; jmp 0x2bfb -loc_00002b52: +loc_00002bc0: shl esi, 0x18 mov ebx, 0xf0ffffff -jmp short loc_00002b8d ; jmp 0x2b8d +jmp short loc_00002bfb ; jmp 0x2bfb -loc_00002b5c: +loc_00002bca: test eax, eax -je short loc_00002b78 ; je 0x2b78 +je short loc_00002be6 ; je 0x2be6 cmp dword [ebp - 0x1c], 0x40670 -jne short loc_00002b78 ; jne 0x2b78 +jne short loc_00002be6 ; jne 0x2be6 -loc_00002b69: +loc_00002bd7: test edi, 1 -jne short loc_00002b85 ; jne 0x2b85 +jne short loc_00002bf3 ; jne 0x2bf3 -loc_00002b71: +loc_00002bdf: mov ebx, 0xfffffff0 -jmp short loc_00002b8d ; jmp 0x2b8d +jmp short loc_00002bfb ; jmp 0x2bfb -loc_00002b78: +loc_00002be6: cmp bl, 7 -jbe short loc_00002b69 ; jbe 0x2b69 +jbe short loc_00002bd7 ; jbe 0x2bd7 test edi, 1 -jne short loc_00002b71 ; jne 0x2b71 +jne short loc_00002bdf ; jne 0x2bdf -loc_00002b85: +loc_00002bf3: shl esi, 0x10 mov ebx, 0xfff0ffff -loc_00002b8d: +loc_00002bfb: movzx edx, dl push eax push edx push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edx, edi add esp, 0x10 shr dl, 1 @@ -4590,9 +4633,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018aa4 ; jmp 0x18aa4 +jmp near fcn_00018b68 ; jmp 0x18b68 -loc_00002bc1: +loc_00002c2f: lea esp, [ebp - 0xc] pop ebx pop esi @@ -4600,7 +4643,7 @@ pop edi pop ebp ret -fcn_00002bc9: +fcn_00002c37: push ebp mov ebp, esp push edi @@ -4609,73 +4652,73 @@ push ebx sub esp, 0x1c mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0x14] -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov dword [ebp - 0x1c], eax -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 mov dword [ebp - 0x20], eax xor eax, eax -loc_00002bea: +loc_00002c58: cmp byte [ebx + eax], 9 -jbe short loc_00002bf4 ; jbe 0x2bf4 +jbe short loc_00002c62 ; jbe 0x2c62 mov byte [ebx + eax], 8 -loc_00002bf4: +loc_00002c62: mov edi, dword [ebp + 0xc] cmp byte [edi + eax], 9 -jbe short loc_00002c01 ; jbe 0x2c01 +jbe short loc_00002c6f ; jbe 0x2c6f mov byte [edi + eax], 7 -loc_00002c01: +loc_00002c6f: mov edi, dword [ebp + 0x10] cmp byte [edi + eax], 6 -jbe short loc_00002c0e ; jbe 0x2c0e +jbe short loc_00002c7c ; jbe 0x2c7c mov byte [edi + eax], 2 -loc_00002c0e: +loc_00002c7c: inc eax cmp eax, 0x10 -jne short loc_00002bea ; jne 0x2bea +jne short loc_00002c58 ; jne 0x2c58 push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 1 push 1 push 0 mov edi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 1 push 0 mov dword [ebp - 0x28], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 cmp esi, 2 mov ecx, dword [ebp - 0x28] mov dword [ebp - 0x24], eax -je loc_00002da9 ; je 0x2da9 +je loc_00002e17 ; je 0x2e17 cmp esi, 3 -je short loc_00002c6d ; je 0x2c6d +je short loc_00002cdb ; je 0x2cdb test esi, esi -jne loc_0000314a ; jne 0x314a +jne loc_000031b8 ; jne 0x31b8 add edi, 0xda0 xor esi, esi -jmp near loc_00002f4c ; jmp 0x2f4c +jmp near loc_00002fba ; jmp 0x2fba -loc_00002c6d: +loc_00002cdb: cmp dword [ebp - 0x20], 0 lea ecx, [edi + 0xda0] -je short loc_00002ce4 ; je 0x2ce4 +je short loc_00002d52 ; je 0x2d52 cmp dword [ebp - 0x1c], 0x40670 -jne short loc_00002ce4 ; jne 0x2ce4 +jne short loc_00002d52 ; jne 0x2d52 mov edi, ecx xor esi, esi -loc_00002c86: +loc_00002cf4: mov ecx, dword [ebp + 0x10] push eax mov eax, dword [ebp + 0xc] @@ -4702,16 +4745,16 @@ push eax push 0x80f080f0 push edi add edi, 4 -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, 8 -jne short loc_00002c86 ; jne 0x2c86 -jmp near loc_0000314a ; jmp 0x314a +jne short loc_00002cf4 ; jne 0x2cf4 +jmp near loc_000031b8 ; jmp 0x31b8 -loc_00002ce4: +loc_00002d52: xor esi, esi -loc_00002ce6: +loc_00002d54: push eax mov eax, dword [ebp + 0xc] mov dword [ebp - 0x1c], ecx @@ -4738,15 +4781,15 @@ or edx, eax push edx push 0x80f080f0 push ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov ecx, dword [ebp - 0x1c] add esp, 0x10 add ecx, 4 cmp esi, 4 -jne short loc_00002ce6 ; jne 0x2ce6 +jne short loc_00002d54 ; jne 0x2d54 add edi, 0xdb0 -loc_00002d4b: +loc_00002db9: mov ecx, dword [ebp + 0x10] push eax mov eax, dword [ebp + 0xc] @@ -4773,23 +4816,23 @@ push eax push 0x80f080f0 push edi add edi, 4 -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, 8 -jne short loc_00002d4b ; jne 0x2d4b -jmp near loc_0000314a ; jmp 0x314a +jne short loc_00002db9 ; jne 0x2db9 +jmp near loc_000031b8 ; jmp 0x31b8 -loc_00002da9: +loc_00002e17: sub ecx, edi xor esi, esi cmp dword [ebp - 0x20], 0 lea edx, [edi + 0xda0] mov edi, ecx -je loc_00002e8c ; je 0x2e8c +je loc_00002efa ; je 0x2efa cmp dword [ebp - 0x1c], 0x40670 -jne loc_00002e8c ; jne 0x2e8c +jne loc_00002efa ; jne 0x2efa -loc_00002dcc: +loc_00002e3a: mov ecx, dword [ebp + 0x10] push eax mov eax, dword [ebp + 0xc] @@ -4815,7 +4858,7 @@ or eax, ecx push eax push 0x80f080f0 push edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp + 0xc] add esp, 0xc mov ecx, dword [ebp + 0x10] @@ -4843,15 +4886,15 @@ push eax push 0x80f080f0 lea eax, [edi + edx] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov edx, dword [ebp - 0x1c] add esp, 0x10 add edx, 4 cmp esi, 4 -jne loc_00002dcc ; jne 0x2dcc -jmp near loc_0000314a ; jmp 0x314a +jne loc_00002e3a ; jne 0x2e3a +jmp near loc_000031b8 ; jmp 0x31b8 -loc_00002e8c: +loc_00002efa: mov ecx, dword [ebp + 0x10] push eax mov eax, dword [ebp + 0xc] @@ -4877,7 +4920,7 @@ or eax, ecx push eax push 0x80f080f0 push edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp + 0xc] add esp, 0xc mov ecx, dword [ebp + 0x10] @@ -4905,15 +4948,15 @@ push eax push 0x80f080f0 lea eax, [edi + edx] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov edx, dword [ebp - 0x1c] add esp, 0x10 add edx, 4 cmp esi, 4 -jne loc_00002e8c ; jne 0x2e8c -jmp near loc_0000314a ; jmp 0x314a +jne loc_00002efa ; jne 0x2efa +jmp near loc_000031b8 ; jmp 0x31b8 -loc_00002f4c: +loc_00002fba: mov dword [ebp - 0x28], ecx mov eax, dword [ebp + 0xc] push ecx @@ -4941,22 +4984,22 @@ push eax push 0x80f080f0 push edi add edi, 4 -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, 4 mov ecx, dword [ebp - 0x28] -jne short loc_00002f4c ; jne 0x2f4c +jne short loc_00002fba ; jne 0x2fba cmp dword [ebp - 0x20], 0 lea edi, [ecx + 0xda0] -je loc_0000308c ; je 0x308c +je loc_000030fa ; je 0x30fa cmp dword [ebp - 0x1c], 0x40670 -jne loc_0000308c ; jne 0x308c +jne loc_000030fa ; jne 0x30fa mov eax, dword [ebp - 0x24] xor si, si sub eax, ecx mov dword [ebp - 0x1c], eax -loc_00002fd3: +loc_00003041: mov eax, dword [ebp + 0xc] push edx mov edx, dword [ebp + 0x10] @@ -4981,7 +5024,7 @@ or eax, edx push eax push 0x80f080f0 push edi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov ecx, dword [ebp + 0x10] add esp, 0xc mov eax, dword [ebp + 0xc] @@ -5009,19 +5052,19 @@ push 0x80f080f0 add eax, edi add edi, 4 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, 2 -je loc_0000314a ; je 0x314a -jmp near loc_00002fd3 ; jmp 0x2fd3 +je loc_000031b8 ; je 0x31b8 +jmp near loc_00003041 ; jmp 0x3041 -loc_0000308c: +loc_000030fa: mov eax, dword [ebp - 0x24] xor esi, esi sub eax, ecx mov dword [ebp - 0x1c], eax -loc_00003096: +loc_00003104: mov edx, dword [ebp + 0x10] push eax mov eax, dword [ebp + 0xc] @@ -5046,7 +5089,7 @@ or eax, edx push eax push 0x80f080f0 push edi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov ecx, dword [ebp + 0x10] add esp, 0xc mov eax, dword [ebp + 0xc] @@ -5074,12 +5117,12 @@ push 0x80f080f0 add eax, edi add edi, 4 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, 2 -jne loc_00003096 ; jne 0x3096 +jne loc_00003104 ; jne 0x3104 -loc_0000314a: +loc_000031b8: lea esp, [ebp - 0xc] pop ebx pop esi @@ -5087,7 +5130,7 @@ pop edi pop ebp ret -fcn_00003152: +fcn_000031c0: push ebp mov ebp, esp sub esp, 8 @@ -5100,12 +5143,12 @@ lea edx, [eax + 0x19] add eax, 9 push edx push eax -call fcn_00002bc9 ; call 0x2bc9 +call fcn_00002c37 ; call 0x2c37 add esp, 0x10 leave ret -fcn_00003177: +fcn_000031e5: push ebp mov ebp, esp push edi @@ -5120,18 +5163,18 @@ lea edi, [edx + edx*2] mov dword [ebp - 0x14], edx add edi, eax -loc_00003199: +loc_00003207: mov eax, dword [ebp - 0x14] cmp dword [ebp - 0x10], eax -ja short loc_000031d2 ; ja 0x31d2 +ja short loc_00003240 ; ja 0x3240 mov eax, edi -loc_000031a3: +loc_00003211: cmp eax, ecx -je short loc_000031ca ; je 0x31ca +je short loc_00003238 ; je 0x3238 mov bl, byte [eax - 3] cmp bl, byte [eax] -jbe short loc_000031c5 ; jbe 0x31c5 +jbe short loc_00003233 ; jbe 0x3233 mov dx, word [eax] mov si, word [eax - 2] mov byte [eax], bl @@ -5140,16 +5183,16 @@ mov dl, byte [eax + 2] mov word [eax + 1], si mov byte [eax - 1], dl -loc_000031c5: +loc_00003233: sub eax, 3 -jmp short loc_000031a3 ; jmp 0x31a3 +jmp short loc_00003211 ; jmp 0x3211 -loc_000031ca: +loc_00003238: inc dword [ebp - 0x10] add ecx, 3 -jmp short loc_00003199 ; jmp 0x3199 +jmp short loc_00003207 ; jmp 0x3207 -loc_000031d2: +loc_00003240: pop eax pop edx pop ebx @@ -5158,7 +5201,7 @@ pop edi pop ebp ret -fcn_000031d9: +fcn_00003247: push ebp mov ebp, esp mov edx, dword [ebp + 8] @@ -5170,7 +5213,7 @@ lea eax, [eax + eax*2] movzx eax, byte [edx + eax] ret -fcn_000031ef: +fcn_0000325d: push ebp mov ebp, esp push edi @@ -5181,19 +5224,19 @@ mov ebx, dword [ebp + 0x1c] push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 1 push dword [ebp + 0x14] push 0 mov esi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push dword [ebp + 0x14] push 0 mov dword [ebp - 0xc88], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ecx, 0xa cmp dword [ebp + 0x18], 0x10 pop edi @@ -5205,63 +5248,63 @@ mov dword [ebp - 0xc98], eax lea eax, [ebp - 0xc78] push 0xc60 push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff add esp, 0x10 cmp ebx, 2 -je short loc_0000327b ; je 0x327b +je short loc_000032e9 ; je 0x32e9 cmp ebx, 1 setb byte [ebp - 0xc7a] setb byte [ebp - 0xc79] -jmp short loc_00003289 ; jmp 0x3289 +jmp short loc_000032f7 ; jmp 0x32f7 -loc_0000327b: +loc_000032e9: mov byte [ebp - 0xc7a], 0 mov byte [ebp - 0xc79], 1 -loc_00003289: -call fcn_000153e9 ; call 0x153e9 +loc_000032f7: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000032a3 ; je 0x32a3 +je short loc_00003311 ; je 0x3311 push ecx push ecx -push ref_00020fe7 ; push 0x20fe7 +push ref_00021077 ; push 0x21077 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000032a3: +loc_00003311: push edx push edx lea eax, [esi + 0xb0] push 0x10 push eax mov dword [ebp - 0xc9c], eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 cmp byte [ebp - 0xc79], 0 -je short loc_000032dd ; je 0x32dd +je short loc_0000334b ; je 0x334b push eax push eax mov eax, dword [ebp - 0xc88] push 0x10 add eax, 0xb0 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_000032dd: +loc_0000334b: cmp byte [ebp - 0xc7a], 0 -je short loc_000032fe ; je 0x32fe +je short loc_0000336c ; je 0x336c mov eax, dword [ebp - 0xc8c] push edi push edi push 0x10 add eax, 0xb0 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_000032fe: +loc_0000336c: mov eax, dword [ebp + 0xc] push ecx push 0x2710 @@ -5274,35 +5317,35 @@ pop esi mov dword [ebp - 0xca0], eax push 0xa800 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp byte [ebp - 0xc79], 0 -je short loc_00003350 ; je 0x3350 +je short loc_000033be ; je 0x33be mov eax, dword [ebp - 0xc88] push edx push edx push 0xa800 add eax, 0xc20 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00003350: +loc_000033be: cmp byte [ebp - 0xc7a], 0 -je short loc_00003374 ; je 0x3374 +je short loc_000033e2 ; je 0x33e2 push eax push eax mov eax, dword [ebp - 0xc8c] push 0xa800 add eax, 0xc20 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00003374: +loc_000033e2: mov dword [ebp - 0xc80], 0 -loc_0000337e: +loc_000033ec: mov eax, dword [ebp - 0xc80] mov ecx, 0x64 xor edx, edx @@ -5310,19 +5353,19 @@ sub esp, 0xc xor ebx, ebx div ecx push eax -call fcn_0001a76d ; call 0x1a76d +call fcn_0001a831 ; call 0x1a831 add esp, 0x10 -loc_0000339b: +loc_00003409: cmp ebx, dword [ebp + 0x18] -je short loc_000033ca ; je 0x33ca +je short loc_00003438 ; je 0x3438 sub esp, 0xc push 1 push 0x39 push ebx push dword [ebp + 0x14] push 0 -call fcn_00002974 ; call 0x2974 +call fcn_000029e2 ; call 0x29e2 add esp, 0x14 push 0xc push 0x3a @@ -5330,11 +5373,11 @@ push ebx inc ebx push dword [ebp + 0x14] push 0 -call fcn_00002974 ; call 0x2974 +call fcn_000029e2 ; call 0x29e2 add esp, 0x20 -jmp short loc_0000339b ; jmp 0x339b +jmp short loc_00003409 ; jmp 0x3409 -loc_000033ca: +loc_00003438: push eax mov eax, dword [ebp + 0xc] push dword [ebp - 0xc98] @@ -5346,74 +5389,74 @@ mov dword [ebp - 0xc90], eax mov dword [ebp - 0xc84], 0 add esp, 0x10 -loc_000033f6: +loc_00003464: mov eax, dword [ebp - 0xc84] cmp eax, dword [ebp + 0x18] -je loc_00003509 ; je 0x3509 +je loc_00003577 ; je 0x3577 imul eax, eax, 0xc6 mov edi, dword [ebp - 0xc90] xor ebx, ebx mov dword [ebp - 0xc94], eax -loc_00003419: +loc_00003487: lea eax, [ebx + 0x31] mov esi, 1 push eax push dword [ebp - 0xc84] push dword [ebp + 0x14] push 0 -call fcn_000029f2 ; call 0x29f2 +call fcn_00002a60 ; call 0x2a60 movzx edx, word [edi + 1] add esp, 0x10 and eax, 0x3f mov byte [ebp - 0xc7b], al -loc_00003442: +loc_000034b0: cmp esi, edx -ja short loc_0000346c ; ja 0x346c +ja short loc_000034da ; ja 0x34da lea eax, [esi + esi*2] mov cl, byte [ebp - 0xc7b] cmp byte [edi + eax], cl -jne short loc_00003469 ; jne 0x3469 +jne short loc_000034d7 ; jne 0x34d7 imul edx, ebx, 0x21 add eax, dword [ebp - 0xc94] add eax, edx inc word [ebp + eax - 0xc77] -jmp short loc_000034e7 ; jmp 0x34e7 +jmp short loc_00003555 ; jmp 0x3555 -loc_00003469: +loc_000034d7: inc esi -jmp short loc_00003442 ; jmp 0x3442 +jmp short loc_000034b0 ; jmp 0x34b0 -loc_0000346c: +loc_000034da: cmp esi, 0xb -jne short loc_000034be ; jne 0x34be -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000352c ; jne 0x352c +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000349f ; je 0x349f +je short loc_0000350d ; je 0x350d push eax push 0xa push dword [ebp - 0xc80] push ebx push dword [ebp - 0xc84] push dword [ebp + 0x14] -push ref_00021012 ; push 0x21012 +push ref_000210a2 ; push 0x210a2 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_0000349f: +loc_0000350d: cmp dword [ebp + 0x18], 0x10 -jne loc_00003691 ; jne 0x3691 +jne loc_000036ff ; jne 0x36ff sub esp, 0xc push 0xee -loc_000034b1: -call fcn_0001a76d ; call 0x1a76d +loc_0000351f: +call fcn_0001a831 ; call 0x1a831 add esp, 0x10 -call fcn_00017175 ; call 0x17175 +call fcn_00017239 ; call 0x17239 -loc_000034be: +loc_0000352c: imul eax, ebx, 0x21 lea esi, [esi + esi*2] add esi, dword [ebp - 0xc94] @@ -5423,60 +5466,60 @@ mov al, byte [ebp - 0xc7b] mov word [ebp + esi - 0xc77], 1 mov byte [ebp + esi - 0xc78], al -loc_000034e7: +loc_00003555: inc ebx add edi, 0x21 cmp ebx, 6 -jne loc_00003419 ; jne 0x3419 +jne loc_00003487 ; jne 0x3487 inc dword [ebp - 0xc84] add dword [ebp - 0xc90], 0xc6 -jmp near loc_000033f6 ; jmp 0x33f6 +jmp near loc_00003464 ; jmp 0x3464 -loc_00003509: +loc_00003577: cmp dword [ebp - 0xc80], 0x64 -jbe short loc_00003546 ; jbe 0x3546 +jbe short loc_000035b4 ; jbe 0x35b4 lea ecx, [ebp - 0xc78] xor edx, edx -loc_0000351a: +loc_00003588: cmp edx, dword [ebp + 0x18] -jne short loc_00003523 ; jne 0x3523 +jne short loc_00003591 ; jne 0x3591 -loc_0000351f: +loc_0000358d: xor edi, edi -jmp short loc_0000359d ; jmp 0x359d +jmp short loc_0000360b ; jmp 0x360b -loc_00003523: +loc_00003591: xor eax, eax -loc_00003525: +loc_00003593: mov di, word [ecx + eax + 1] lea ebx, [edi - 2] cmp bx, 2 -jbe short loc_00003546 ; jbe 0x3546 +jbe short loc_000035b4 ; jbe 0x35b4 add eax, 0x21 cmp eax, 0xc6 -jne short loc_00003525 ; jne 0x3525 +jne short loc_00003593 ; jne 0x3593 inc edx add ecx, 0xc6 -jmp short loc_0000351a ; jmp 0x351a +jmp short loc_00003588 ; jmp 0x3588 -loc_00003546: +loc_000035b4: inc dword [ebp - 0xc80] cmp dword [ebp - 0xc80], 0x1f4 -jne loc_0000337e ; jne 0x337e -jmp short loc_0000351f ; jmp 0x351f +jne loc_000033ec ; jne 0x33ec +jmp short loc_0000358d ; jmp 0x358d -loc_0000355e: +loc_000035cc: imul eax, esi, 0x21 sub esp, 0xc add eax, dword [ebp - 0xc80] lea edx, [ebp - 0xc78] lea ebx, [edx + eax] push ebx -call fcn_00003177 ; call 0x3177 +call fcn_000031e5 ; call 0x31e5 mov dword [esp], ebx -call fcn_000031d9 ; call 0x31d9 +call fcn_00003247 ; call 0x3247 mov dword [esp], eax lea eax, [esi + 0x31] inc esi @@ -5484,51 +5527,51 @@ push eax push edi push dword [ebp + 0x14] push 0 -call fcn_00002974 ; call 0x2974 +call fcn_000029e2 ; call 0x29e2 add esp, 0x20 cmp esi, 6 -jne short loc_0000355e ; jne 0x355e +jne short loc_000035cc ; jne 0x35cc inc edi -loc_0000359d: +loc_0000360b: cmp edi, dword [ebp + 0x18] -je short loc_000035b2 ; je 0x35b2 +je short loc_00003620 ; je 0x3620 imul eax, edi, 0xc6 xor esi, esi mov dword [ebp - 0xc80], eax -jmp short loc_0000355e ; jmp 0x355e +jmp short loc_000035cc ; jmp 0x35cc -loc_000035b2: +loc_00003620: push eax push eax push 0 push dword [ebp - 0xca0] -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 cmp byte [ebp - 0xc79], 0 -je short loc_000035e5 ; je 0x35e5 +je short loc_00003653 ; je 0x3653 push eax push eax mov eax, dword [ebp - 0xc88] push 0 add eax, 0xc20 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_000035e5: +loc_00003653: cmp byte [ebp - 0xc7a], 0 -je short loc_00003606 ; je 0x3606 +je short loc_00003674 ; je 0x3674 push eax push eax mov eax, dword [ebp - 0xc8c] push 0 add eax, 0xc20 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_00003606: +loc_00003674: mov eax, dword [ebp + 0xc] push ebx push 0x3e8 @@ -5539,49 +5582,49 @@ pop esi pop edi push 0xffef push dword [ebp - 0xc9c] -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 cmp byte [ebp - 0xc79], 0 -je short loc_00003651 ; je 0x3651 +je short loc_000036bf ; je 0x36bf mov eax, dword [ebp - 0xc88] push ecx push ecx push 0xffef add eax, 0xb0 push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 -loc_00003651: +loc_000036bf: cmp byte [ebp - 0xc7a], 0 -je short loc_00003675 ; je 0x3675 +je short loc_000036e3 ; je 0x36e3 mov eax, dword [ebp - 0xc8c] push edx push edx push 0xffef add eax, 0xb0 push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 -loc_00003675: -call fcn_000153e9 ; call 0x153e9 +loc_000036e3: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000369e ; je 0x369e +je short loc_0000370c ; je 0x370c push eax push eax -push ref_0002106e ; push 0x2106e +push ref_000210fe ; push 0x210fe push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0000369e ; jmp 0x369e +jmp short loc_0000370c ; jmp 0x370c -loc_00003691: +loc_000036ff: sub esp, 0xc push 0xed -jmp near loc_000034b1 ; jmp 0x34b1 +jmp near loc_0000351f ; jmp 0x351f -loc_0000369e: +loc_0000370c: lea esp, [ebp - 0xc] pop ebx pop esi @@ -5589,7 +5632,7 @@ pop edi pop ebp ret -fcn_000036a6: +fcn_00003714: push ebp mov ebp, esp push edi @@ -5601,24 +5644,24 @@ push 0 mov esi, dword [ebp + 0x18] push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov edi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_00003711 ; je 0x3711 +je short loc_0000377f ; je 0x377f sub esp, 0xc add edi, 0x214 push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test ax, ax -je short loc_00003711 ; je 0x3711 +je short loc_0000377f ; je 0x377f shr eax, 0x10 and eax, 0xf cmp eax, 6 -jbe short loc_00003711 ; jbe 0x3711 +jbe short loc_0000377f ; jbe 0x377f push eax movzx ebx, bl push eax @@ -5630,10 +5673,10 @@ push 1 push ebx push dword [ebp + 0x10] push dword [ebp + 8] -call fcn_000031ef ; call 0x31ef +call fcn_0000325d ; call 0x325d add esp, 0x20 -loc_00003711: +loc_0000377f: lea esp, [ebp - 0xc] pop ebx pop esi @@ -5641,7 +5684,7 @@ pop edi pop ebp ret -fcn_00003719: +fcn_00003787: push ebp mov ebp, esp push edi @@ -5653,42 +5696,42 @@ mov edi, dword [ebp + 0x14] mov dword [ebp - 0x38], eax lea eax, [ebp - 0x1c] push eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000377b ; je 0x377b +je short loc_000037e9 ; je 0x37e9 test ebx, ebx -jns short loc_0000377b ; jns 0x377b -call fcn_000153e9 ; call 0x153e9 +jns short loc_000037e9 ; jns 0x37e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003763 ; je 0x3763 +je short loc_000037d1 ; je 0x37d1 push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00003763: +loc_000037d1: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x5bc -push ref_00020e7c ; push 0x20e7c -call fcn_000153fc ; call 0x153fc +push ref_00020f0c ; push 0x20f0c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000377b: +loc_000037e9: imul eax, dword [ebp + 0x1c], 7 add eax, dword [ebp + 0x18] mov ebx, dword [ebp + 0x18] mov byte [ebp - 0x29], 0 mov dword [ebp - 0x30], eax -loc_0000378c: +loc_000037fa: cmp ebx, dword [ebp - 0x30] -je loc_00003837 ; je 0x3837 +je loc_000038a5 ; je 0x38a5 movzx eax, byte [ebx + 2] push edx push eax @@ -5697,27 +5740,27 @@ movzx eax, byte [ebx + 1] push eax movzx eax, byte [ebx] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_0000382f ; je 0x382f +je short loc_0000389d ; je 0x389d sub esp, 0xc lea eax, [esi + 0x11a] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -je short loc_0000382f ; je 0x382f +je short loc_0000389d ; je 0x389d sub esp, 0xc lea eax, [esi + 0xba] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 0x40 -je short loc_0000382f ; je 0x382f +je short loc_0000389d ; je 0x389d mov cl, byte [ebp - 0x34] mov eax, 1 lea edx, [esi + 0xb0] @@ -5729,52 +5772,52 @@ push eax push eax push 0x10 push edx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 pop eax pop edx push 0x200 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov edx, dword [ebp - 0x34] pop ecx pop esi push 0xffef push edx -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 -loc_0000382f: +loc_0000389d: add ebx, 7 -jmp near loc_0000378c ; jmp 0x378c +jmp near loc_000037fa ; jmp 0x37fa -loc_00003837: +loc_000038a5: cmp byte [ebp - 0x29], 0 -je loc_0000395d ; je 0x395d +je loc_000039cb ; je 0x39cb cmp dword [ebp - 0x1c], 0x11 -jne short loc_0000384d ; jne 0x384d +jne short loc_000038bb ; jne 0x38bb -loc_00003847: +loc_000038b5: test edi, edi -jne short loc_00003860 ; jne 0x3860 -jmp short loc_00003870 ; jmp 0x3870 +jne short loc_000038ce ; jne 0x38ce +jmp short loc_000038de ; jmp 0x38de -loc_0000384d: +loc_000038bb: sub esp, 0xc push 1 -call fcn_0001c25d ; call 0x1c25d +call fcn_0001c321 ; call 0x1c321 add esp, 0x10 dec al -jne short loc_00003870 ; jne 0x3870 -jmp short loc_00003847 ; jmp 0x3847 +jne short loc_000038de ; jne 0x38de +jmp short loc_000038b5 ; jmp 0x38b5 -loc_00003860: +loc_000038ce: cmp byte [edi + 0x28], 0 -je short loc_00003870 ; je 0x3870 +je short loc_000038de ; je 0x38de cmp byte [edi + 0x46], 0 -je short loc_00003870 ; je 0x3870 +je short loc_000038de ; je 0x38de mov byte [edi + 0x46], 0 -loc_00003870: +loc_000038de: movzx esi, byte [ebp - 0x38] sub esp, 0xc push esi @@ -5782,15 +5825,15 @@ push edi push dword [ebp + 0xc] push dword [ebp + 0x10] push dword [ebp + 8] -call fcn_000025c6 ; call 0x25c6 +call fcn_00002634 ; call 0x2634 movzx eax, byte [ebp - 0x29] add esp, 0x20 mov ebx, dword [ebp + 0x18] mov dword [ebp - 0x38], eax -loc_00003894: +loc_00003902: cmp ebx, dword [ebp - 0x30] -je short loc_000038d9 ; je 0x38d9 +je short loc_00003947 ; je 0x3947 mov al, byte [ebx] movzx ecx, byte [ebx + 1] mov byte [ebp - 0x29], al @@ -5799,75 +5842,75 @@ movzx edx, al mov dword [ebp - 0x34], edx mov edx, dword [ebp - 0x38] bt edx, eax -jae short loc_000038d4 ; jae 0x38d4 +jae short loc_00003942 ; jae 0x3942 push eax movzx edx, byte [ebp - 0x29] push dword [ebp - 0x34] push ecx push edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0x20 add eax, 0xb0 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_000038d4: +loc_00003942: add ebx, 7 -jmp short loc_00003894 ; jmp 0x3894 +jmp short loc_00003902 ; jmp 0x3902 -loc_000038d9: +loc_00003947: cmp dword [ebp - 0x1c], 0x11 -jne short loc_000038e5 ; jne 0x38e5 +jne short loc_00003953 ; jne 0x3953 -loc_000038df: +loc_0000394d: test edi, edi -jne short loc_000038f8 ; jne 0x38f8 -jmp short loc_00003908 ; jmp 0x3908 +jne short loc_00003966 ; jne 0x3966 +jmp short loc_00003976 ; jmp 0x3976 -loc_000038e5: +loc_00003953: sub esp, 0xc push 1 -call fcn_0001c25d ; call 0x1c25d +call fcn_0001c321 ; call 0x1c321 add esp, 0x10 dec al -jne short loc_00003908 ; jne 0x3908 -jmp short loc_000038df ; jmp 0x38df +jne short loc_00003976 ; jne 0x3976 +jmp short loc_0000394d ; jmp 0x394d -loc_000038f8: +loc_00003966: cmp byte [edi + 0x28], 0 -je short loc_00003908 ; je 0x3908 +je short loc_00003976 ; je 0x3976 cmp byte [edi + 0x46], 0 -je short loc_00003908 ; je 0x3908 +je short loc_00003976 ; je 0x3976 mov byte [edi + 0x46], 0 -loc_00003908: +loc_00003976: sub esp, 0xc push esi push edi push dword [ebp + 0xc] push dword [ebp + 0x10] push dword [ebp + 8] -call fcn_000025c6 ; call 0x25c6 +call fcn_00002634 ; call 0x2634 add esp, 0x20 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003938 ; je 0x3938 +je short loc_000039a6 ; je 0x39a6 push edx push edx -push ref_00021098 ; push 0x21098 +push ref_00021128 ; push 0x21128 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00003938: +loc_000039a6: mov ebx, dword [ebp + 0x18] -loc_0000393b: +loc_000039a9: cmp ebx, dword [ebp - 0x30] -je short loc_0000395d ; je 0x395d +je short loc_000039cb ; je 0x39cb push eax movzx eax, byte [ebx + 2] add ebx, 7 @@ -5876,11 +5919,11 @@ movzx eax, byte [ebx - 6] push eax movzx eax, byte [ebx - 7] push eax -call fcn_000023ad ; call 0x23ad +call fcn_0000241b ; call 0x241b add esp, 0x10 -jmp short loc_0000393b ; jmp 0x393b +jmp short loc_000039a9 ; jmp 0x39a9 -loc_0000395d: +loc_000039cb: lea esp, [ebp - 0xc] pop ebx pop esi @@ -5888,7 +5931,7 @@ pop edi pop ebp ret -fcn_00003965: +fcn_000039d3: push ebp mov ebp, esp push edi @@ -5913,66 +5956,66 @@ mov byte [ebp - 0x19], cl mov byte [ebp - 0x1a], dl push edi push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je loc_00003a9d ; je 0x3a9d +je loc_00003b0b ; je 0x3b0b mov eax, dword [ebx + 0xd] movzx ebx, byte [ebp - 0x20] mov dl, byte [eax + ebx + 5] test dl, dl -jne short loc_000039fc ; jne 0x39fc -call fcn_000153e9 ; call 0x153e9 +jne short loc_00003a6a ; jne 0x3a6a +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000039e6 ; je 0x39e6 +je short loc_00003a54 ; je 0x3a54 push ebx push ebx -push ref_000210c3 ; push 0x210c3 +push ref_00021153 ; push 0x21153 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000039e6: +loc_00003a54: sub esp, 0xc lea eax, [esi + 0xac] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ebx, eax and ebx, 0xf -jmp short loc_00003a22 ; jmp 0x3a22 +jmp short loc_00003a90 ; jmp 0x3a90 -loc_000039fc: +loc_00003a6a: movzx ebx, dl mov dword [ebp - 0x20], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x20] test al, al -je short loc_00003a25 ; je 0x3a25 +je short loc_00003a93 ; je 0x3a93 movzx edx, dl push ecx push edx -push ref_000210c9 ; push 0x210c9 +push ref_00021159 ; push 0x21159 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 -loc_00003a22: +loc_00003a90: add esp, 0x10 -loc_00003a25: +loc_00003a93: cmp byte [ebp - 0x24], 0 -jne short loc_00003a37 ; jne 0x3a37 +jne short loc_00003aa5 ; jne 0x3aa5 cmp bx, 2 mov eax, 2 cmova ebx, eax -loc_00003a37: -call fcn_000153e9 ; call 0x153e9 +loc_00003aa5: +call fcn_00015479 ; call 0x15479 movzx ebx, bx test al, al -je short loc_00003a5f ; je 0x3a5f +je short loc_00003acd ; je 0x3acd mov ecx, dword [ebp - 0x28] movzx eax, byte [ebp - 0x19] push ebx @@ -5981,12 +6024,12 @@ push edi push eax push ecx push edi -push ref_000210de ; push 0x210de +push ref_0002116e ; push 0x2116e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00003a5f: +loc_00003acd: push eax movzx eax, byte [ebp - 0x1a] shl eax, 4 @@ -5996,7 +6039,7 @@ push 0xfffffc00 lea eax, [esi + 0xac] add esi, 0xd0 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 mov dword [ebp + 0x10], ebx mov dword [ebp + 8], esi @@ -6006,9 +6049,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_000188bd ; jmp 0x188bd +jmp near fcn_00018981 ; jmp 0x18981 -loc_00003a9d: +loc_00003b0b: lea esp, [ebp - 0xc] pop ebx pop esi @@ -6016,7 +6059,7 @@ pop edi pop ebp ret -fcn_00003aa5: +fcn_00003b13: push ebp mov ebp, esp push ebx @@ -6027,49 +6070,49 @@ movzx eax, byte [ebp + 0x10] push eax movzx eax, byte [ebp + 0xc] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0x2020 push 0xffff0000 mov ebx, eax lea eax, [eax + 0x22c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x20000000 push 0xdfffffff lea eax, [ebx + 0x258] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 lea eax, [ebx + 0x11a] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -jne short loc_00003b33 ; jne 0x3b33 +jne short loc_00003ba1 ; jne 0x3ba1 push eax push eax push 0x20 lea eax, [ebx + 0xb0] add ebx, 0xb2 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_00003b22: +loc_00003b90: sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ah, 8 -jne short loc_00003b22 ; jne 0x3b22 +jne short loc_00003b90 ; jne 0x3b90 -loc_00003b33: +loc_00003ba1: mov ebx, dword [ebp - 4] leave ret -fcn_00003b38: +fcn_00003ba6: push ebp mov ebp, esp push edi @@ -6079,32 +6122,32 @@ sub esp, 0x20 push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov ebx, eax and ebx, 0xfffffffe lea eax, [ebx + 0x7400] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebp - 0x1c], eax lea eax, [ebx + 0x7404] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edi, eax lea eax, [ebx + 0x7408] add ebx, 0x740c mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], ebx xor ebx, ebx mov esi, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 xor ecx, ecx -loc_00003ba2: +loc_00003c10: mov eax, dword [ebp - 0x1c] mov edx, edi shr edx, cl @@ -6115,25 +6158,25 @@ and eax, 7 add eax, edx add ebx, eax cmp ecx, 0x18 -jne short loc_00003ba2 ; jne 0x3ba2 +jne short loc_00003c10 ; jne 0x3c10 cmp bl, 0x28 -jbe short loc_00003be5 ; jbe 0x3be5 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_00003c53 ; jbe 0x3c53 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003c10 ; je 0x3c10 +je short loc_00003c7e ; je 0x3c7e movzx ebx, bl push ebx push 0x28 -push ref_0002110b ; push 0x2110b +push ref_0002119b ; push 0x2119b push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_00003c10 ; jmp 0x3c10 +jmp short loc_00003c7e ; jmp 0x3c7e -loc_00003be5: -call fcn_000153e9 ; call 0x153e9 +loc_00003c53: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003c10 ; je 0x3c10 +je short loc_00003c7e ; je 0x3c7e mov al, 0x28 movzx edx, bl sub eax, ebx @@ -6143,44 +6186,44 @@ lea ecx, [edx + eax] push ecx push eax push edx -push ref_00021159 ; push 0x21159 +push ref_000211e9 ; push 0x211e9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00003c10: +loc_00003c7e: xor ecx, ecx xor eax, eax -loc_00003c14: +loc_00003c82: mov edx, esi shr edx, cl add ecx, 3 and edx, 7 add eax, edx cmp ecx, 0x18 -jne short loc_00003c14 ; jne 0x3c14 +jne short loc_00003c82 ; jne 0x3c82 shr esi, 0x18 and esi, 0x3f lea ebx, [eax + esi] cmp bl, 0x47 -jbe short loc_00003c56 ; jbe 0x3c56 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_00003cc4 ; jbe 0x3cc4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003c81 ; je 0x3c81 +je short loc_00003cef ; je 0x3cef movzx ebx, bl push ebx push 0x47 -push ref_00021189 ; push 0x21189 +push ref_00021219 ; push 0x21219 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_00003c81 ; jmp 0x3c81 +jmp short loc_00003cef ; jmp 0x3cef -loc_00003c56: -call fcn_000153e9 ; call 0x153e9 +loc_00003cc4: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003c81 ; je 0x3c81 +je short loc_00003cef ; je 0x3cef mov al, 0x47 movzx edx, bl sub eax, ebx @@ -6190,12 +6233,12 @@ lea ecx, [edx + eax] push ecx push eax push edx -push ref_000211d7 ; push 0x211d7 +push ref_00021267 ; push 0x21267 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00003c81: +loc_00003cef: lea esp, [ebp - 0xc] pop ebx pop esi @@ -6203,7 +6246,7 @@ pop edi pop ebp ret -fcn_00003c89: +fcn_00003cf7: push ebp mov ebp, esp push edi @@ -6219,138 +6262,138 @@ mov eax, dword [ebp + 0xc] mov dword [ebp - 0x40], eax mov eax, dword [ebp + 0x10] mov dword [ebp - 0x44], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov ebx, eax and ebx, 0xfffffffe lea eax, [ebx + 0x7410] mov dword [esp], eax mov dword [ebp - 0x48], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edi, eax lea eax, [ebx + 0x7418] mov dword [esp], eax mov dword [ebp - 0x5c], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax lea eax, [ebx + 0x7454] mov dword [esp], eax mov dword [ebp - 0x60], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00003d19 ; je 0x3d19 +je short loc_00003d87 ; je 0x3d87 sub esp, 0xc push ebx push esi push edi -push ref_00021207 ; push 0x21207 +push ref_00021297 ; push 0x21297 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00003d19: +loc_00003d87: cmp byte [ebp - 0x3c], 0 mov word [ebp - 0x28], 0 -jne short loc_00003d4c ; jne 0x3d4c +jne short loc_00003dba ; jne 0x3dba push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xb2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0x3f0 shr eax, 4 mov dword [ebp - 0x28], eax -loc_00003d4c: +loc_00003dba: cmp byte [ebp - 0x40], 0 mov word [ebp - 0x38], 0 -jne short loc_00003d7f ; jne 0x3d7f +jne short loc_00003ded ; jne 0x3ded push ecx push 1 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xb2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0x3f0 shr eax, 4 mov dword [ebp - 0x38], eax -loc_00003d7f: +loc_00003ded: cmp byte [ebp - 0x44], 0 mov word [ebp - 0x58], 0 -jne short loc_00003db2 ; jne 0x3db2 +jne short loc_00003e20 ; jne 0x3e20 push edx push 2 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xb2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0x3f0 shr eax, 4 mov dword [ebp - 0x58], eax -loc_00003db2: -call fcn_000153e9 ; call 0x153e9 +loc_00003e20: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003dd4 ; je 0x3dd4 +je short loc_00003e42 ; je 0x3e42 movzx eax, word [ebp - 0x28] push eax movzx eax, byte [ebp - 0x3c] push eax -push ref_00021235 ; push 0x21235 +push ref_000212c5 ; push 0x212c5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00003dd4: -call fcn_000153e9 ; call 0x153e9 +loc_00003e42: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003df6 ; je 0x3df6 +je short loc_00003e64 ; je 0x3e64 movzx eax, word [ebp - 0x38] push eax movzx eax, byte [ebp - 0x40] push eax -push ref_0002125b ; push 0x2125b +push ref_000212eb ; push 0x212eb push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00003df6: -call fcn_000153e9 ; call 0x153e9 +loc_00003e64: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003e18 ; je 0x3e18 +je short loc_00003e86 ; je 0x3e86 movzx eax, word [ebp - 0x58] push eax movzx eax, byte [ebp - 0x44] push eax -push ref_00021281 ; push 0x21281 +push ref_00021311 ; push 0x21311 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00003e18: +loc_00003e86: mov al, byte [ebp - 0x40] or al, byte [ebp - 0x3c] -jne short loc_00003e64 ; jne 0x3e64 +jne short loc_00003ed2 ; jne 0x3ed2 cmp word [ebp - 0x28], 8 -jne short loc_00003e64 ; jne 0x3e64 +jne short loc_00003ed2 ; jne 0x3ed2 cmp word [ebp - 0x38], 8 -jne short loc_00003e64 ; jne 0x3e64 +jne short loc_00003ed2 ; jne 0x3ed2 mov eax, edi and edi, 0x7c00 and eax, 0xfffffc1f @@ -6367,15 +6410,15 @@ and eax, 0xfffff03f shr ebx, 6 or ebx, eax -loc_00003e64: +loc_00003ed2: cmp word [ebp - 0x58], 4 -jne loc_00003efb ; jne 0x3efb +jne loc_00003f69 ; jne 0x3f69 cmp byte [ebp - 0x44], 0 -jne loc_00003efb ; jne 0x3efb +jne loc_00003f69 ; jne 0x3f69 cmp word [ebp - 0x28], 4 -jne short loc_00003ebc ; jne 0x3ebc +jne short loc_00003f2a ; jne 0x3f2a cmp byte [ebp - 0x3c], 0 -jne short loc_00003ebc ; jne 0x3ebc +jne short loc_00003f2a ; jne 0x3f2a mov eax, edi and edi, 0xf8000 and eax, 0xfffffc1f @@ -6392,11 +6435,11 @@ and eax, 0xfffff03f shr ebx, 0xc or ebx, eax -loc_00003ebc: +loc_00003f2a: cmp word [ebp - 0x38], 4 -jne short loc_00003efb ; jne 0x3efb +jne short loc_00003f69 ; jne 0x3f69 cmp byte [ebp - 0x40], 0 -jne short loc_00003efb ; jne 0x3efb +jne short loc_00003f69 ; jne 0x3f69 mov eax, edi and edi, 0xf8000 and ah, 0x83 @@ -6413,30 +6456,30 @@ and eax, 0xfffc0fff shr ebx, 6 or ebx, eax -loc_00003efb: -call fcn_000153e9 ; call 0x153e9 +loc_00003f69: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00003f19 ; je 0x3f19 +je short loc_00003f87 ; je 0x3f87 sub esp, 0xc push ebx push esi push edi -push ref_000212a7 ; push 0x212a7 +push ref_00021337 ; push 0x21337 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00003f19: +loc_00003f87: push eax push edi push 0xfe000000 push dword [ebp - 0x48] -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push esi push 0xfe000000 push dword [ebp - 0x5c] -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp - 0x60] add esp, 0x10 mov dword [ebp + 0x10], ebx @@ -6447,9 +6490,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018aa4 ; jmp 0x18aa4 +jmp near fcn_00018b68 ; jmp 0x18b68 -fcn_00003f58: +fcn_00003fc6: push ebp mov ebp, esp push edi @@ -6460,7 +6503,7 @@ mov eax, dword [ebp + 0xc] mov esi, dword [ebp + 0x10] mov ebx, dword [ebp + 8] mov dword [ebp - 0x1c], eax -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 movzx ebx, bl mov edi, eax push eax @@ -6470,90 +6513,90 @@ push eax movzx eax, byte [ebp - 0x1c] push eax push ebx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0x1f push 0xfffffeff mov ebx, eax lea eax, [eax + 0x224] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, esi add esp, 0x10 test al, al -jne short loc_00003fb0 ; jne 0x3fb0 +jne short loc_0000401e ; jne 0x401e cmp byte [ebp - 0x1c], 1 -je short loc_00003fc2 ; je 0x3fc2 +je short loc_00004030 ; je 0x4030 -loc_00003fb0: +loc_0000401e: cmp edi, 0x40660 -je short loc_00004000 ; je 0x4000 +je short loc_0000406e ; je 0x406e cmp edi, 0x306c0 -jne short loc_00004014 ; jne 0x4014 -jmp short loc_00004000 ; jmp 0x4000 +jne short loc_00004082 ; jne 0x4082 +jmp short loc_0000406e ; jmp 0x406e -loc_00003fc2: +loc_00004030: push eax push 0 push 0xefffffff lea eax, [ebx + 0x490] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 lea eax, [ebx + 0xa18] add esp, 0x10 lea esi, [ebx + 0x918] mov dword [ebp - 0x1c], eax -loc_00003fe8: +loc_00004056: push eax push 0 push 0xfffffffffffffff3 push esi add esi, 0x20 -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jne short loc_00003fe8 ; jne 0x3fe8 -jmp short loc_00003fb0 ; jmp 0x3fb0 +jne short loc_00004056 ; jne 0x4056 +jmp short loc_0000401e ; jmp 0x401e -loc_00004000: +loc_0000406e: push eax push 0x10 push 0xffffffffffffffef lea eax, [ebx + 0xd14] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00004014: +loc_00004082: sub esp, 0xc lea esi, [ebx + 0x308] push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx push eax push esi lea esi, [ebx + 0x314] -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edi pop edx push eax push esi lea esi, [ebx + 0x32c] add ebx, 0x330 -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop ecx pop edi push eax push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -6562,9 +6605,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_0000407d: +fcn_000040eb: push ebp mov ebp, esp push edi @@ -6582,60 +6625,60 @@ lea eax, [esi + 0x6c04] or ebx, 0x80000000 mov dword [ebp - 0x20], eax -loc_000040b2: +loc_00004120: push ecx push ecx push dword [ebp + 0x14] push dword [ebp - 0x20] -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push ebx push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 mov edx, 0x64 -loc_000040d0: +loc_0000413e: sub esp, 0xc push edi mov dword [ebp - 0x24], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, eax -jns short loc_0000410c ; jns 0x410c +jns short loc_0000417a ; jns 0x417a mov edx, dword [ebp - 0x24] dec edx -jne short loc_000040d0 ; jne 0x40d0 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000413e ; jne 0x413e +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000410c ; je 0x410c +je short loc_0000417a ; je 0x417a push edx push edx push dword [ebp + 0x14] push dword [ebp + 0xc] push esi push 0x64 -push ref_000212d4 ; push 0x212d4 +push ref_00021364 ; push 0x21364 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_0000410c: +loc_0000417a: sub esp, 0xc push edi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, eax cmp ax, 0x40 -je short loc_00004154 ; je 0x4154 +je short loc_000041c2 ; je 0x41c2 dec dword [ebp - 0x1c] -jne short loc_000040b2 ; jne 0x40b2 +jne short loc_00004120 ; jne 0x4120 mov dword [ebp - 0x1c], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x1c] test al, al -je short loc_00004154 ; je 0x4154 +je short loc_000041c2 ; je 0x41c2 movzx edx, dx push eax push edx @@ -6643,12 +6686,12 @@ push dword [ebp + 0x14] push dword [ebp + 0xc] push esi push 0xa -push ref_00021321 ; push 0x21321 +push ref_000213b1 ; push 0x213b1 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00004154: +loc_000041c2: lea esp, [ebp - 0xc] pop ebx pop esi @@ -6656,7 +6699,7 @@ pop edi pop ebp ret -fcn_0000415c: +fcn_000041ca: push ebp mov ebp, esp push edi @@ -6673,14 +6716,14 @@ cmp al, 1 lea ecx, [edx - 0x13] sbb ebx, ebx cmp cx, 1 -jbe short loc_00004189 ; jbe 0x4189 +jbe short loc_000041f7 ; jbe 0x41f7 add ebx, 4 -jmp short loc_0000418c ; jmp 0x418c +jmp short loc_000041fa ; jmp 0x41fa -loc_00004189: +loc_000041f7: add ebx, 2 -loc_0000418c: +loc_000041fa: push ebx cmp al, 1 push 0 @@ -6689,29 +6732,29 @@ push 2 add esi, 8 push edi mov dword [ebp - 0x1c], edx -call fcn_0000407d ; call 0x407d +call fcn_000040eb ; call 0x40eb mov edx, dword [ebp - 0x1c] push dword [ebp + 0xc] movzx edx, dx push 0 push edx push edi -call fcn_0000407d ; call 0x407d +call fcn_000040eb ; call 0x40eb add esp, 0x20 push dword [ebp + 0x14] push 0 push esi push edi -call fcn_0000407d ; call 0x407d +call fcn_000040eb ; call 0x40eb lea eax, [edi + 0x6c04] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e push ebx push 0 push 3 push edi mov dword [ebp - 0x1c], eax -call fcn_0000407d ; call 0x407d +call fcn_000040eb ; call 0x40eb mov eax, dword [ebp - 0x1c] lea esp, [ebp - 0xc] pop ebx @@ -6720,7 +6763,7 @@ pop edi pop ebp ret -fcn_000041e9: +fcn_00004257: push ebp mov ebp, esp push edi @@ -6731,7 +6774,7 @@ sub esp, 0x1c mov eax, dword [ebp + 0x18] mov ebx, dword [ebp + 0x10] mov dword [ebp - 0x28], eax -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 cmp dword [ebp + 0x14], 1 mov dword [ebp - 0x20], eax mov eax, 4 @@ -6743,9 +6786,9 @@ mov dword [ebp - 0x1c], eax lea eax, [ebx + 0xa00] mov dword [ebp - 0x24], eax -loc_00004226: +loc_00004294: test ebx, ebx -je short loc_0000423a ; je 0x423a +je short loc_000042a8 ; je 0x42a8 push eax mov eax, esi shl eax, 4 @@ -6753,14 +6796,14 @@ add eax, dword [ebp - 0x24] push 0xc push 0xffffffffffffffe0 push eax -jmp short loc_0000425a ; jmp 0x425a +jmp short loc_000042c8 ; jmp 0x42c8 -loc_0000423a: +loc_000042a8: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc lea edx, [esi + 0xa0] push 0xc @@ -6769,26 +6812,26 @@ push 0xffffffffffffffe0 add edx, eax push edx -loc_0000425a: +loc_000042c8: inc esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, edi -jb short loc_00004226 ; jb 0x4226 +jb short loc_00004294 ; jb 0x4294 test ebx, ebx -jne loc_000042f7 ; jne 0x42f7 +jne loc_00004365 ; jne 0x4365 cmp byte [ebp - 0x28], 1 mov edi, 2 mov eax, 0xc cmove edi, eax xor esi, esi -loc_00004282: +loc_000042f0: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push edi @@ -6797,10 +6840,10 @@ shl edx, 5 push 0xffffffffffffffe0 lea eax, [eax + edx + 0x904] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_00004282 ; jb 0x4282 +jb short loc_000042f0 ; jb 0x42f0 cmp byte [ebp - 0x28], 1 mov edi, 3 mov eax, 0xe @@ -6808,12 +6851,12 @@ cmove edi, eax xor esi, esi shl edi, 5 -loc_000042c6: +loc_00004334: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push edi @@ -6822,32 +6865,32 @@ shl edx, 5 push 0xfffffc1f lea eax, [eax + edx + 0x904] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_000042c6 ; jb 0x42c6 +jb short loc_00004334 ; jb 0x4334 -loc_000042f7: +loc_00004365: xor esi, esi lea edi, [ebx + 0x90c] -loc_000042ff: +loc_0000436d: test ebx, ebx -je short loc_00004317 ; je 0x4317 +je short loc_00004385 ; je 0x4385 mov eax, esi push ecx push 0x120 shl eax, 5 push 0xfffff81f add eax, edi -jmp short loc_0000433d ; jmp 0x433d +jmp short loc_000043ab ; jmp 0x43ab -loc_00004317: +loc_00004385: push edx push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push 0x120 @@ -6855,23 +6898,23 @@ shl edx, 5 push 0xfffff81f lea eax, [eax + edx + 0x90c] -loc_0000433d: +loc_000043ab: push eax inc esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_000042ff ; jb 0x42ff +jb short loc_0000436d ; jb 0x436d test ebx, ebx -jne loc_000043d6 ; jne 0x43d6 +jne loc_00004444 ; jne 0x4444 xor esi, esi -loc_00004356: +loc_000043c4: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push 0xa00000 @@ -6880,27 +6923,27 @@ shl edx, 5 push 0xfe1fffff lea eax, [eax + edx + 0x90c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_00004356 ; jb 0x4356 +jb short loc_000043c4 ; jb 0x43c4 xor esi, esi -loc_0000438d: +loc_000043fb: mov eax, dword [ebp + 8] mov edi, 0x200 cmp byte [eax], 2 -jbe short loc_000043a5 ; jbe 0x43a5 +jbe short loc_00004413 ; jbe 0x4413 mov eax, dword [eax + 0xd] movzx edi, byte [eax + esi + 0x54] shl edi, 6 -loc_000043a5: +loc_00004413: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push edi @@ -6909,22 +6952,22 @@ shl edx, 5 push 0xfffffc3f lea eax, [eax + edx + 0x910] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_0000438d ; jb 0x438d +jb short loc_000043fb ; jb 0x43fb -loc_000043d6: +loc_00004444: xor esi, esi lea edi, [ebx + 0x910] -jmp short loc_00004412 ; jmp 0x4412 +jmp short loc_00004480 ; jmp 0x4480 -loc_000043e0: +loc_0000444e: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push 0 @@ -6932,26 +6975,26 @@ shl edx, 5 push 0xffffc3ff lea eax, [eax + edx + 0x910] -loc_00004403: +loc_00004471: push eax inc esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jae short loc_00004427 ; jae 0x4427 +jae short loc_00004495 ; jae 0x4495 -loc_00004412: +loc_00004480: test ebx, ebx -je short loc_000043e0 ; je 0x43e0 +je short loc_0000444e ; je 0x444e push eax mov eax, esi push 0 shl eax, 5 push 0xffffc3ff add eax, edi -jmp short loc_00004403 ; jmp 0x4403 +jmp short loc_00004471 ; jmp 0x4471 -loc_00004427: +loc_00004495: mov eax, dword [ebp - 0x20] cmp eax, 0x40660 sete dl @@ -6959,27 +7002,27 @@ cmp eax, 0x306c0 sete al or dl, al mov byte [ebp - 0x24], dl -je short loc_00004495 ; je 0x4495 +je short loc_00004503 ; je 0x4503 xor esi, esi lea edi, [ebx + 0x80c] -loc_00004449: +loc_000044b7: test ebx, ebx -je short loc_0000445e ; je 0x445e +je short loc_000044cc ; je 0x44cc push eax mov eax, esi push 0 shl eax, 5 push 0xffe3ffff add eax, edi -jmp short loc_00004481 ; jmp 0x4481 +jmp short loc_000044ef ; jmp 0x44ef -loc_0000445e: +loc_000044cc: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push 0 @@ -6987,33 +7030,33 @@ shl edx, 5 push 0xffe3ffff lea eax, [eax + edx + 0x80c] -loc_00004481: +loc_000044ef: push eax inc esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_00004449 ; jb 0x4449 -jmp near loc_00004571 ; jmp 0x4571 +jb short loc_000044b7 ; jb 0x44b7 +jmp near loc_000045df ; jmp 0x45df -loc_00004495: +loc_00004503: cmp dword [ebp - 0x20], 0x40670 -jne loc_0000457e ; jne 0x457e +jne loc_000045ec ; jne 0x45ec push ecx push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -je short loc_000044f7 ; je 0x44f7 +je short loc_00004565 ; je 0x4565 -loc_000044c0: +loc_0000452e: test ebx, ebx -je loc_000045af ; je 0x45af +je loc_0000461d ; je 0x461d cmp byte [ebp - 0x28], 1 mov edx, 0x1c000000 mov eax, 0x6000000 @@ -7023,211 +7066,211 @@ push eax push 0xc1ffffff lea eax, [ebx + 0xc00] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp byte [ebp - 0x24], 0 -je short loc_000044ff ; je 0x44ff -jmp short loc_0000451d ; jmp 0x451d +je short loc_0000456d ; je 0x456d +jmp short loc_0000458b ; jmp 0x458b -loc_000044f7: +loc_00004565: test ebx, ebx -je loc_00004852 ; je 0x4852 +je loc_000048c0 ; je 0x48c0 -loc_000044ff: +loc_0000456d: push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -je short loc_0000453a ; je 0x453a +je short loc_000045a8 ; je 0x45a8 -loc_0000451d: +loc_0000458b: push eax push 0x40 push 0xfffffc0f lea eax, [ebx + 0xc08] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp byte [ebp - 0x24], 0 -jne short loc_00004558 ; jne 0x4558 +jne short loc_000045c6 ; jne 0x45c6 -loc_0000453a: +loc_000045a8: push edi push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -je short loc_00004586 ; je 0x4586 +je short loc_000045f4 ; je 0x45f4 -loc_00004558: +loc_000045c6: push esi push 0 push 0xe07fffff lea eax, [ebx + 0xc0c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 -loc_0000456c: +loc_000045da: add esp, 0x10 -jmp short loc_000045af ; jmp 0x45af +jmp short loc_0000461d ; jmp 0x461d -loc_00004571: +loc_000045df: cmp dword [ebp - 0x20], 0x40670 -je loc_000044c0 ; je 0x44c0 +je loc_0000452e ; je 0x452e -loc_0000457e: +loc_000045ec: test ebx, ebx -je loc_00004852 ; je 0x4852 +je loc_000048c0 ; je 0x48c0 -loc_00004586: +loc_000045f4: push 0 push 0x15 push 0xc0c8001 push dword [ebp + 0xc] -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca and eax, 0xe07fffff push eax push 0x16 push 0xc0c8001 push dword [ebp + 0xc] -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca add esp, 0x20 -loc_000045af: +loc_0000461d: cmp byte [ebp - 0x24], 0 -je short loc_000045f6 ; je 0x45f6 +je short loc_00004664 ; je 0x4664 test ebx, ebx -je short loc_000045d2 ; je 0x45d2 +je short loc_00004640 ; je 0x4640 push ecx push 0x13 push 0xffffffffffffffe0 lea eax, [ebx + 0xc28] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -jmp near loc_000046d0 ; jmp 0x46d0 +jmp near loc_0000473e ; jmp 0x473e -loc_000045d2: +loc_00004640: push edx push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0x13 push 0xffffffffffffffe0 add eax, 0xc28 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -jmp short loc_000045fe ; jmp 0x45fe +jmp short loc_0000466c ; jmp 0x466c -loc_000045f6: +loc_00004664: test ebx, ebx -jne loc_000046d0 ; jne 0x46d0 +jne loc_0000473e ; jne 0x473e -loc_000045fe: +loc_0000466c: push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0xffbf add eax, 0xc38 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 1 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0xffbf add eax, 0xc38 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 2 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0xffbf add eax, 0xc38 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 0xfffc add eax, 0x260 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 1 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 0xfffc add eax, 0x260 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 2 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 0xfffc add eax, 0x260 push eax -call fcn_000188bd ; call 0x188bd -jmp short loc_000046f4 ; jmp 0x46f4 +call fcn_00018981 ; call 0x18981 +jmp short loc_00004762 ; jmp 0x4762 -loc_000046d0: +loc_0000473e: push eax push 0 push 0xffffffffffffffbf lea eax, [ebx + 0xc38] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 2 push 0xfffffffffffffffc lea eax, [ebx + 0x260] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 -loc_000046f4: +loc_00004762: add esp, 0x10 xor esi, esi lea edi, [ebx + 0x900] -loc_000046ff: +loc_0000476d: test ebx, ebx -je short loc_00004715 ; je 0x4715 +je short loc_00004783 ; je 0x4783 push eax mov eax, esi push 0 @@ -7235,14 +7278,14 @@ shl eax, 5 push 0xf3ffffff add eax, edi push eax -jmp short loc_00004735 ; jmp 0x4735 +jmp short loc_000047a3 ; jmp 0x47a3 -loc_00004715: +loc_00004783: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc lea edx, [esi + 0x48] push 0 @@ -7251,32 +7294,32 @@ push 0xf3ffffff add edx, eax push edx -loc_00004735: -call fcn_00018aa4 ; call 0x18aa4 +loc_000047a3: +call fcn_00018b68 ; call 0x18b68 inc esi add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_000046ff ; jb 0x46ff +jb short loc_0000476d ; jb 0x476d xor esi, esi lea edi, [ebx + 0x904] -loc_0000474b: +loc_000047b9: test ebx, ebx -je short loc_00004763 ; je 0x4763 +je short loc_000047d1 ; je 0x47d1 push eax mov eax, esi push 0xc00 shl eax, 5 push 0xfffff3ff add eax, edi -jmp short loc_00004789 ; jmp 0x4789 +jmp short loc_000047f7 ; jmp 0x47f7 -loc_00004763: +loc_000047d1: push eax push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, esi push 0xc00 @@ -7284,22 +7327,22 @@ shl edx, 5 push 0xfffff3ff lea eax, [eax + edx + 0x904] -loc_00004789: +loc_000047f7: push eax inc esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, dword [ebp - 0x1c] -jb short loc_0000474b ; jb 0x474b +jb short loc_000047b9 ; jb 0x47b9 test ebx, ebx -jne loc_00004894 ; jne 0x4894 +jne loc_00004902 ; jne 0x4902 -loc_000047a0: +loc_0000480e: push esi push 0 push dword [ebp + 0x14] push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc mov edx, ebx push 0xe000000 @@ -7308,36 +7351,36 @@ shl edx, 5 push 0xc1ffffff lea eax, [eax + edx + 0x90c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp ebx, dword [ebp - 0x1c] -jb short loc_000047a0 ; jb 0x47a0 +jb short loc_0000480e ; jb 0x480e cmp dword [ebp - 0x20], 0x40670 -jne short loc_00004802 ; jne 0x4802 +jne short loc_00004870 ; jne 0x4870 cmp byte [ebp - 0x24], 0 -jne short loc_00004809 ; jne 0x4809 +jne short loc_00004877 ; jne 0x4877 push ecx push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -jne short loc_00004809 ; jne 0x4809 +jne short loc_00004877 ; jne 0x4877 -loc_00004802: +loc_00004870: xor esi, esi or ebx, 0xffffffff -jmp short loc_00004813 ; jmp 0x4813 +jmp short loc_00004881 ; jmp 0x4881 -loc_00004809: +loc_00004877: mov esi, 0x124 mov ebx, 0xfffffedb -loc_00004813: +loc_00004881: push edx and ebx, 0xc7ffffff push 0 @@ -7346,29 +7389,29 @@ push 1 xor edi, edi push 0 mov dword [ebp - 0x20], ebx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 lea ebx, [eax + 0x91c] -loc_00004839: +loc_000048a7: push eax inc edi push esi push dword [ebp - 0x20] push ebx add ebx, 0x20 -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp edi, dword [ebp - 0x1c] -jb short loc_00004839 ; jb 0x4839 -jmp short loc_00004894 ; jmp 0x4894 +jb short loc_000048a7 ; jb 0x48a7 +jmp short loc_00004902 ; jmp 0x4902 -loc_00004852: +loc_000048c0: push 0 push 0x15 push 0xc008001 push dword [ebp + 0xc] -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca add esp, 0x10 and eax, 0xc1ffffff mov edx, eax @@ -7380,10 +7423,10 @@ push edx push 0x16 push 0xc008001 push dword [ebp + 0xc] -call fcn_0000415c ; call 0x415c -jmp near loc_0000456c ; jmp 0x456c +call fcn_000041ca ; call 0x41ca +jmp near loc_000045da ; jmp 0x45da -loc_00004894: +loc_00004902: lea esp, [ebp - 0xc] pop ebx pop esi @@ -7391,7 +7434,7 @@ pop edi pop ebp ret -fcn_0000489c: +fcn_0000490a: push ebp mov ebp, esp push esi @@ -7400,56 +7443,56 @@ sub esp, 0x10 mov eax, dword [ebp + 0x10] mov ebx, dword [ebp + 0xc] mov dword [ebp - 0xc], eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000048c7 ; je 0x48c7 +je short loc_00004935 ; je 0x4935 push edx push edx -push ref_0002138a ; push 0x2138a +push ref_0002141a ; push 0x2141a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000048c7: +loc_00004935: test bl, bl -jne short loc_000048db ; jne 0x48db +jne short loc_00004949 ; jne 0x4949 cmp byte [ebp - 0xc], 3 sete al lea esi, [eax*4 + 4] -jmp short loc_000048fd ; jmp 0x48fd +jmp short loc_0000496b ; jmp 0x496b -loc_000048db: +loc_00004949: cmp bl, 1 -jne short loc_000048f6 ; jne 0x48f6 +jne short loc_00004964 ; jne 0x4964 cmp byte [ebp - 0xc], 2 mov esi, 4 -je short loc_000048fd ; je 0x48fd +je short loc_0000496b ; je 0x496b -loc_000048eb: +loc_00004959: cmp byte [ebp - 0xc], 1 sbb esi, esi and esi, 2 -jmp short loc_000048fd ; jmp 0x48fd +jmp short loc_0000496b ; jmp 0x496b -loc_000048f6: +loc_00004964: cmp bl, 2 -je short loc_000048eb ; je 0x48eb +je short loc_00004959 ; je 0x4959 xor esi, esi -loc_000048fd: -call fcn_000153e9 ; call 0x153e9 +loc_0000496b: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000491c ; je 0x491c +je short loc_0000498a ; je 0x498a push eax mov eax, esi movzx eax, al push eax -push ref_000213a6 ; push 0x213a6 +push ref_00021436 ; push 0x21436 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000491c: +loc_0000498a: lea esp, [ebp - 8] mov eax, esi pop ebx @@ -7457,7 +7500,7 @@ pop esi pop ebp ret -fcn_00004925: +fcn_00004993: push ebp mov ebp, esp push edi @@ -7473,115 +7516,115 @@ mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0x10] mov edi, ebx mov dword [ebp - 0x20], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00004969 ; je 0x4969 +je short loc_000049d7 ; je 0x49d7 push eax push eax -push ref_000213be ; push 0x213be +push ref_0002144e ; push 0x2144e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004969: +loc_000049d7: test bl, bl -jne short loc_00004994 ; jne 0x4994 -call fcn_000153e9 ; call 0x153e9 +jne short loc_00004a02 ; jne 0x4a02 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00004a92 ; je 0x4a92 -mov dword [ebp + 0xc], ref_000213e2 ; mov dword [ebp + 0xc], 0x213e2 +je loc_00004b00 ; je 0x4b00 +mov dword [ebp + 0xc], ref_00021472 ; mov dword [ebp + 0xc], 0x21472 mov dword [ebp + 8], 0x40 lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_000153f7 ; jmp 0x153f7 +jmp near fcn_00015487 ; jmp 0x15487 -loc_00004994: +loc_00004a02: sub esp, 0xc lea eax, [esi + 0xd0c] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 xor ecx, ecx test eax, 0x100000 -je short loc_000049d1 ; je 0x49d1 -call fcn_000153e9 ; call 0x153e9 +je short loc_00004a3f ; je 0x4a3f +call fcn_00015479 ; call 0x15479 mov cl, 1 test al, al -je short loc_000049d1 ; je 0x49d1 +je short loc_00004a3f ; je 0x4a3f push eax push eax -push ref_00021403 ; push 0x21403 +push ref_00021493 ; push 0x21493 push 0x40 mov dword [ebp - 0x24], ecx -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 mov ecx, dword [ebp - 0x24] add esp, 0x10 -loc_000049d1: +loc_00004a3f: cmp byte [ebp - 0x1c], 0 -jne short loc_000049f4 ; jne 0x49f4 +jne short loc_00004a62 ; jne 0x4a62 cmp byte [ebp - 0x20], 3 -jne short loc_000049e7 ; jne 0x49e7 +jne short loc_00004a55 ; jne 0x4a55 xor edx, edx -loc_000049df: +loc_00004a4d: test cl, cl -jne short loc_00004a2a ; jne 0x4a2a +jne short loc_00004a98 ; jne 0x4a98 -loc_000049e3: +loc_00004a51: mov dl, 8 -jmp short loc_00004a18 ; jmp 0x4a18 +jmp short loc_00004a86 ; jmp 0x4a86 -loc_000049e7: +loc_00004a55: mov dl, 4 mov al, dl sub eax, ebx test cl, cl cmove edx, eax -jmp short loc_00004a2a ; jmp 0x4a2a +jmp short loc_00004a98 ; jmp 0x4a98 -loc_000049f4: +loc_00004a62: cmp byte [ebp - 0x1c], 1 -jne short loc_00004a1c ; jne 0x4a1c +jne short loc_00004a8a ; jne 0x4a8a cmp byte [ebp - 0x20], 2 -jne short loc_00004a08 ; jne 0x4a08 +jne short loc_00004a76 ; jne 0x4a76 xor edx, edx test cl, cl -jne short loc_00004a2a ; jne 0x4a2a -jmp short loc_000049e3 ; jmp 0x49e3 +jne short loc_00004a98 ; jne 0x4a98 +jmp short loc_00004a51 ; jmp 0x4a51 -loc_00004a08: +loc_00004a76: xor edx, edx cmp byte [ebp - 0x20], 0 -jne short loc_00004a2a ; jne 0x4a2a +jne short loc_00004a98 ; jne 0x4a98 mov dl, 2 test cl, cl -jne short loc_00004a2a ; jne 0x4a2a +jne short loc_00004a98 ; jne 0x4a98 mov dl, 6 -loc_00004a18: +loc_00004a86: sub edx, ebx -jmp short loc_00004a2a ; jmp 0x4a2a +jmp short loc_00004a98 ; jmp 0x4a98 -loc_00004a1c: +loc_00004a8a: xor edx, edx cmp byte [ebp - 0x1c], 2 -jne short loc_00004a2a ; jne 0x4a2a +jne short loc_00004a98 ; jne 0x4a98 cmp byte [ebp - 0x20], 0 -je short loc_000049df ; je 0x49df +je short loc_00004a4d ; je 0x4a4d -loc_00004a2a: +loc_00004a98: mov dword [ebp - 0x20], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x20] test al, al -je short loc_00004a60 ; je 0x4a60 +je short loc_00004ace ; je 0x4ace movzx eax, dl movzx ebx, bl push ecx @@ -7592,22 +7635,22 @@ push eax movzx eax, byte [ebp - 0x1c] push eax push 0 -push ref_0002141c ; push 0x2141c +push ref_000214ac ; push 0x214ac push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 mov edx, dword [ebp - 0x20] add esp, 0x20 -loc_00004a60: +loc_00004ace: xor ebx, ebx add esi, 0x91c -loc_00004a68: +loc_00004ad6: lea eax, [edx + ebx] mov ecx, edi inc ebx cmp cl, bl -jb short loc_00004a92 ; jb 0x4a92 +jb short loc_00004b00 ; jb 0x4b00 mov dword [ebp - 0x1c], edx movzx eax, al push edx @@ -7616,12 +7659,12 @@ shl eax, 5 push 0x80000000 add eax, esi push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 mov edx, dword [ebp - 0x1c] -jmp short loc_00004a68 ; jmp 0x4a68 +jmp short loc_00004ad6 ; jmp 0x4ad6 -loc_00004a92: +loc_00004b00: lea esp, [ebp - 0xc] pop ebx pop esi @@ -7629,13 +7672,13 @@ pop edi pop ebp ret -fcn_00004a9a: +fcn_00004b08: push ebp mov ecx, 0x15 mov ebp, esp push edi push esi -mov esi, ref_00020320 ; mov esi, 0x20320 +mov esi, ref_000203b0 ; mov esi, 0x203b0 push ebx add esp, 0xffffff80 lea edi, [ebp - 0x2d] @@ -7643,207 +7686,207 @@ rep movsb ; rep movsb byte es:[edi], byte ptr [esi] push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 1 push 0 mov edi, eax mov dword [ebp - 0x78], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 1 push 1 push 0 mov ebx, eax mov dword [ebp - 0x40], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 1 push 0 mov dword [ebp - 0x50], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0 push 1 mov dword [ebp - 0x54], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x64], eax lea eax, [edi + 0x48] mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov esi, eax lea eax, [edi + 0x68] mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov eax, dword [ebp + 0xc] mov byte [ebp - 0x38], 0 mov eax, dword [eax + 0xd] mov cl, byte [eax + 0x40] mov dword [esp], ebx mov byte [ebp - 0x4a], cl -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_00004b5f ; jne 0x4b5f -call fcn_000153e9 ; call 0x153e9 +jne short loc_00004bcd ; jne 0x4bcd +call fcn_00015479 ; call 0x15479 test al, al -je loc_00005cda ; je 0x5cda +je loc_00005d48 ; je 0x5d48 push eax push eax -push ref_00021437 ; push 0x21437 +push ref_000214c7 ; push 0x214c7 push 0x40 -call fcn_000153f7 ; call 0x153f7 -jmp near loc_00005c93 ; jmp 0x5c93 +call fcn_00015487 ; call 0x15487 +jmp near loc_00005d01 ; jmp 0x5d01 -loc_00004b5f: +loc_00004bcd: push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x504 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e shr eax, 0x10 and eax, 3 mov byte [ebp - 0x48], al -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00004ba2 ; je 0x4ba2 +je short loc_00004c10 ; je 0x4c10 push eax movzx eax, byte [ebp - 0x48] push eax -push ref_00021454 ; push 0x21454 +push ref_000214e4 ; push 0x214e4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004ba2: +loc_00004c10: lea eax, [ebp - 0x34] push eax push 0 push 0 -push ref_0002901c ; push 0x2901c -call fcn_00019699 ; call 0x19699 +push ref_000290cc ; push 0x290cc +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00004bfb ; je 0x4bfb +je short loc_00004c69 ; je 0x4c69 test ebx, ebx -jns short loc_00004bfb ; jns 0x4bfb -call fcn_000153e9 ; call 0x153e9 +jns short loc_00004c69 ; jns 0x4c69 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00004be3 ; je 0x4be3 +je short loc_00004c51 ; je 0x4c51 push edi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004be3: +loc_00004c51: push ebx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x67c -push ref_00020e7c ; push 0x20e7c -call fcn_000153fc ; call 0x153fc +push ref_00020f0c ; push 0x20f0c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00004bfb: +loc_00004c69: mov al, byte [ebp - 0x48] test al, al -je short loc_00004c0c ; je 0x4c0c +je short loc_00004c7a ; je 0x4c7a cmp al, 2 -jne short loc_00004c14 ; jne 0x4c14 +jne short loc_00004c82 ; jne 0x4c82 mov byte [ebp - 0x28], 8 -jmp short loc_00004c14 ; jmp 0x4c14 +jmp short loc_00004c82 ; jmp 0x4c82 -loc_00004c0c: +loc_00004c7a: mov byte [ebp - 0x28], 8 mov byte [ebp - 0x21], 4 -loc_00004c14: -call fcn_0001c58d ; call 0x1c58d +loc_00004c82: +call fcn_0001c651 ; call 0x1c651 mov ebx, 1 mov dword [ebp - 0x58], eax -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 push ecx push 0 push 0 push 0 mov dword [ebp - 0x44], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xe8 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, 0x100000 -je short loc_00004c68 ; je 0x4c68 -call fcn_000153e9 ; call 0x153e9 +je short loc_00004cd6 ; je 0x4cd6 +call fcn_00015479 ; call 0x15479 xor ebx, ebx test al, al -je short loc_00004c68 ; je 0x4c68 +je short loc_00004cd6 ; je 0x4cd6 push edx push edx -push ref_0002146b ; push 0x2146b +push ref_000214fb ; push 0x214fb push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004c68: +loc_00004cd6: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x3b], 2 -jne short loc_00004c78 ; jne 0x4c78 +jne short loc_00004ce6 ; jne 0x4ce6 mov byte [eax + 0x3b], 1 -loc_00004c78: +loc_00004ce6: mov eax, dword [ebp + 0xc] cmp byte [eax], 1 -ja short loc_00004c8c ; ja 0x4c8c +ja short loc_00004cfa ; ja 0x4cfa -loc_00004c80: +loc_00004cee: mov dword [ebp - 0x3c], 0 -jmp near loc_00004d55 ; jmp 0x4d55 +jmp near loc_00004dc3 ; jmp 0x4dc3 -loc_00004c8c: +loc_00004cfa: sub esp, 0xc -push ref_000294ac ; push 0x294ac -call fcn_00019039 ; call 0x19039 +push ref_0002955c ; push 0x2955c +call fcn_000190fd ; call 0x190fd add esp, 0x10 mov dword [ebp - 0x3c], eax test eax, eax -je short loc_00004c80 ; je 0x4c80 +je short loc_00004cee ; je 0x4cee mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp dword [eax + 0x44], 0 -jne short loc_00004cc3 ; jne 0x4cc3 +jne short loc_00004d31 ; jne 0x4d31 -loc_00004caf: +loc_00004d1d: mov eax, dword [ebp + 0xc] mov ecx, dword [ebp - 0x3c] mov eax, dword [eax + 0xd] mov al, byte [eax + 0x3b] mov byte [ecx + 0x45], al -jmp near loc_00004d55 ; jmp 0x4d55 +jmp near loc_00004dc3 ; jmp 0x4dc3 -loc_00004cc3: -call fcn_000153e9 ; call 0x153e9 +loc_00004d31: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00004cde ; je 0x4cde +je short loc_00004d4c ; je 0x4d4c push eax push 0x21 -push ref_0002147f ; push 0x2147f +push ref_0002150f ; push 0x2150f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004cde: +loc_00004d4c: push eax mov eax, dword [ebp + 0xc] push 0x21 @@ -7853,49 +7896,49 @@ push dword [eax + 0x44] mov eax, edi add eax, 0x29 push eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov eax, dword [ebp + 0xc] add esp, 0x10 mov byte [edi + 0x28], 1 mov eax, dword [eax + 0xd] mov al, byte [eax + 0x3b] cmp byte [edi + 0x45], al -je short loc_00004caf ; je 0x4caf +je short loc_00004d1d ; je 0x4d1d dec al -je short loc_00004caf ; je 0x4caf -call fcn_000153e9 ; call 0x153e9 +je short loc_00004d1d ; je 0x4d1d +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00004d2b ; je 0x4d2b +je short loc_00004d99 ; je 0x4d99 push eax push eax -push ref_000214b1 ; push 0x214b1 +push ref_00021541 ; push 0x21541 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004d2b: +loc_00004d99: xor eax, eax -loc_00004d2d: +loc_00004d9b: mov ecx, dword [ebp - 0x3c] xor edx, edx mov dword [ecx + eax + 0x29], 0 -loc_00004d3a: +loc_00004da8: mov ecx, dword [ebp - 0x3c] mov byte [ecx + edx + 0x35], 0 inc edx cmp edx, 0x10 -jne short loc_00004d3a ; jne 0x4d3a +jne short loc_00004da8 ; jne 0x4da8 add eax, 4 cmp eax, 0xc -jne short loc_00004d2d ; jne 0x4d2d -jmp near loc_00004caf ; jmp 0x4caf +jne short loc_00004d9b ; jne 0x4d9b +jmp near loc_00004d1d ; jmp 0x4d1d -loc_00004d55: +loc_00004dc3: lea edi, [ebp - 0x2d] -loc_00004d58: +loc_00004dc6: push dword [ebp + 0xc] add edi, 7 movzx eax, byte [edi - 5] @@ -7904,22 +7947,22 @@ movzx eax, byte [edi - 6] push eax movzx eax, byte [edi - 7] push eax -call fcn_00003f58 ; call 0x3f58 +call fcn_00003fc6 ; call 0x3fc6 lea eax, [ebp - 0x18] add esp, 0x10 cmp edi, eax -jne short loc_00004d58 ; jne 0x4d58 -call fcn_000153e9 ; call 0x153e9 +jne short loc_00004dc6 ; jne 0x4dc6 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00004d96 ; je 0x4d96 +je short loc_00004e04 ; je 0x4e04 push eax push eax -push ref_000214ea ; push 0x214ea +push ref_0002157a ; push 0x2157a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004d96: +loc_00004e04: movzx eax, byte [ebp - 0x4a] sub esp, 0xc and esi, 0xfffffffe @@ -7928,64 +7971,64 @@ push 1 push 0 push esi push dword [ebp + 0xc] -call fcn_000041e9 ; call 0x41e9 +call fcn_00004257 ; call 0x4257 add esp, 0x20 cmp bl, 1 -jne short loc_00004df2 ; jne 0x4df2 +jne short loc_00004e60 ; jne 0x4e60 mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 8], 0 -je short loc_00004df2 ; je 0x4df2 -call fcn_000153e9 ; call 0x153e9 +je short loc_00004e60 ; je 0x4e60 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00004ddc ; je 0x4ddc +je short loc_00004e4a ; je 0x4e4a push eax push eax -push ref_000214f9 ; push 0x214f9 +push ref_00021589 ; push 0x21589 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00004ddc: +loc_00004e4a: push eax movzx eax, byte [ebp - 0x48] push eax movzx eax, byte [ebp - 0x44] push eax push dword [ebp + 0xc] -call fcn_00003152 ; call 0x3152 +call fcn_000031c0 ; call 0x31c0 add esp, 0x10 -loc_00004df2: +loc_00004e60: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x39], 2 -jne short loc_00004e02 ; jne 0x4e02 +jne short loc_00004e70 ; jne 0x4e70 mov byte [eax + 0x39], 0 -loc_00004e02: +loc_00004e70: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x39], 1 -jne loc_00004e9c ; jne 0x4e9c +jne loc_00004f0a ; jne 0x4f0a mov eax, dword [ebp - 0x40] sub esp, 0xc lea edx, [eax + 0xd0] push edx mov dword [ebp - 0x60], edx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [ebp - 0x4a], ax mov eax, dword [ebp - 0x50] and word [ebp - 0x4a], 0xf lea edi, [eax + 0xd0] mov dword [esp], edi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [ebp - 0x4c], ax mov eax, dword [ebp - 0x54] and word [ebp - 0x4c], 0xf lea esi, [eax + 0xd0] mov dword [esp], esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edx, dword [ebp - 0x60] add esp, 0xc push 1 @@ -7993,31 +8036,31 @@ push 0xfff0 push edx mov word [ebp - 0x5a], ax and word [ebp - 0x5a], 0xf -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 1 push 0xfff0 push edi -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 1 push 0xfff0 push esi -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 -jmp short loc_00004eae ; jmp 0x4eae +jmp short loc_00004f1c ; jmp 0x4f1c -loc_00004e9c: +loc_00004f0a: mov word [ebp - 0x5a], 0 mov word [ebp - 0x4c], 0 mov word [ebp - 0x4a], 0 -loc_00004eae: +loc_00004f1c: movzx eax, byte [ebp - 0x44] xor esi, esi mov dword [ebp - 0x6c], eax -loc_00004eb7: +loc_00004f25: push edi push ebx push dword [ebp - 0x6c] @@ -8028,15 +8071,15 @@ push eax push dword [ebp + 0xc] push dword [ebp - 0x34] push dword [ebp + 8] -call fcn_00003965 ; call 0x3965 +call fcn_000039d3 ; call 0x39d3 add esp, 0x20 cmp esi, 3 -jne short loc_00004eb7 ; jne 0x4eb7 +jne short loc_00004f25 ; jne 0x4f25 mov eax, dword [ebp + 0xc] cmp byte [eax], 2 -ja loc_00004f95 ; ja 0x4f95 +ja loc_00005003 ; ja 0x5003 -loc_00004ee4: +loc_00004f52: mov esi, dword [ebp - 0x40] sub esp, 0xc mov eax, esi @@ -8044,27 +8087,27 @@ add eax, 0xdd8 push eax mov edi, eax mov dword [ebp - 0x60], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop ecx pop ebx or eax, 0x8002 push eax push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop edi pop eax mov eax, esi add eax, 0xc24 push 0xfffeffff push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop eax mov eax, dword [ebp - 0x50] pop edx add eax, 0xc24 push 0xfffeffff push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e mov eax, dword [ebp - 0x54] pop ecx pop ebx @@ -8072,7 +8115,7 @@ lea ebx, [ebp - 0x2d] add eax, 0xc24 push 0xfffeffff push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e movzx eax, byte [ebp - 0x48] mov esi, dword [ebp - 0x3c] mov dword [esp], eax @@ -8082,7 +8125,7 @@ push dword [ebp + 0xc] push dword [ebp - 0x34] push dword [ebp + 8] mov dword [ebp - 0x68], eax -call fcn_000025c6 ; call 0x25c6 +call fcn_00002634 ; call 0x2634 add esp, 0x1c push edi push 3 @@ -8093,18 +8136,18 @@ xor esi, esi push dword [ebp - 0x34] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00003719 ; call 0x3719 +call fcn_00003787 ; call 0x3787 mov eax, dword [ebp - 0x64] add esp, 0x20 add eax, 0xc mov dword [ebp - 0x70], eax -jmp near loc_0000502c ; jmp 0x502c +jmp near loc_0000509a ; jmp 0x509a -loc_00004f95: +loc_00005003: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x52], 1 -jne loc_00004ee4 ; jne 0x4ee4 +jne loc_00004f52 ; jne 0x4f52 push edx mov al, byte [eax + 0x53] xor ebx, ebx @@ -8116,53 +8159,53 @@ mov eax, edi push 0xfff0ffff add eax, 0xd0c push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 lea esi, [edi + 0xa00] add esp, 0x10 -loc_00004fd0: +loc_0000503e: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp bl, byte [eax + 0x53] -jne short loc_00004fea ; jne 0x4fea +jne short loc_00005058 ; jne 0x5058 push eax push eax push 0xfffffdff push esi -call fcn_00018a7a ; call 0x18a7a -jmp short loc_00004ff7 ; jmp 0x4ff7 +call fcn_00018b3e ; call 0x18b3e +jmp short loc_00005065 ; jmp 0x5065 -loc_00004fea: +loc_00005058: push edi push edi push 0x200 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 -loc_00004ff7: +loc_00005065: inc ebx add esp, 0x10 add esi, 0x10 cmp bl, 0x10 -jne short loc_00004fd0 ; jne 0x4fd0 -jmp near loc_00004ee4 ; jmp 0x4ee4 +jne short loc_0000503e ; jne 0x503e +jmp near loc_00004f52 ; jmp 0x4f52 -loc_00005008: +loc_00005076: sub esp, 0xc lea eax, [edi + 0xba] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 0x40 -jne short loc_00005053 ; jne 0x5053 +jne short loc_000050c1 ; jne 0x50c1 -loc_0000501e: +loc_0000508c: add ebx, 7 lea eax, [ebp - 0x18] cmp ebx, eax -je loc_000050bc ; je 0x50bc +je loc_0000512a ; je 0x512a -loc_0000502c: +loc_0000509a: push ecx movzx eax, byte [ebx + 2] push eax @@ -8170,40 +8213,40 @@ movzx eax, byte [ebx + 1] push eax movzx eax, byte [ebx] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov edi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_00005008 ; jne 0x5008 -jmp short loc_0000501e ; jmp 0x501e +jne short loc_00005076 ; jne 0x5076 +jmp short loc_0000508c ; jmp 0x508c -loc_00005053: +loc_000050c1: mov byte [ebx + 4], 1 add edi, 0x18 push ecx push 0x10100 push 0xff0000ff push edi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx push 0 push dword [ebp - 0x64] -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 push 0x10 push 0 push 0 push 1 -call fcn_000027f4 ; call 0x27f4 +call fcn_00002862 ; call 0x2862 add esp, 0x20 test eax, eax -je short loc_000050a7 ; je 0x50a7 +je short loc_00005115 ; je 0x5115 add eax, dword [ebp - 0x70] sub esp, 0xc push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0xf cmp al, 3 @@ -8211,33 +8254,33 @@ mov byte [ebx + 6], al mov al, 1 cmovae esi, eax -loc_000050a7: +loc_00005115: push edx push edx push 0xff0000ff push edi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -jmp near loc_0000501e ; jmp 0x501e +jmp near loc_0000508c ; jmp 0x508c -loc_000050bc: -call fcn_000153e9 ; call 0x153e9 +loc_0000512a: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000050d6 ; je 0x50d6 +je short loc_00005144 ; je 0x5144 push eax push eax -push ref_00021513 ; push 0x21513 +push ref_000215a3 ; push 0x215a3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000050d6: +loc_00005144: lea ebx, [ebp - 0x2d] -loc_000050d9: -call fcn_000153e9 ; call 0x153e9 +loc_00005147: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00005107 ; je 0x5107 +je short loc_00005175 ; je 0x5175 push eax push eax movzx eax, byte [ebx + 6] @@ -8248,71 +8291,71 @@ movzx eax, byte [ebx + 2] push eax movzx eax, byte [ebx + 1] push eax -push ref_0002152d ; push 0x2152d +push ref_000215bd ; push 0x215bd push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00005107: +loc_00005175: add ebx, 7 lea eax, [ebp - 0x18] cmp ebx, eax -jne short loc_000050d9 ; jne 0x50d9 +jne short loc_00005147 ; jne 0x5147 mov eax, esi test al, al -jne short loc_0000512c ; jne 0x512c +jne short loc_0000519a ; jne 0x519a -loc_00005117: +loc_00005185: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x39], 1 -jne loc_00005321 ; jne 0x5321 -jmp near loc_0000528a ; jmp 0x528a +jne loc_0000538f ; jne 0x538f +jmp near loc_000052f8 ; jmp 0x52f8 -loc_0000512c: +loc_0000519a: mov eax, dword [ebp - 0x58] cmp eax, 0x40660 -je short loc_0000513d ; je 0x513d +je short loc_000051ab ; je 0x51ab cmp eax, 0x306c0 -jne short loc_0000514a ; jne 0x514a +jne short loc_000051b8 ; jne 0x51b8 -loc_0000513d: +loc_000051ab: xor ebx, ebx lea esi, [ebp - 0x38] lea edi, [ebp - 0x35] -jmp near loc_000051cc ; jmp 0x51cc +jmp near loc_0000523a ; jmp 0x523a -loc_0000514a: +loc_000051b8: cmp dword [ebp - 0x58], 0x40670 -jne short loc_00005117 ; jne 0x5117 +jne short loc_00005185 ; jne 0x5185 push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -jne short loc_0000513d ; jne 0x513d -jmp short loc_00005117 ; jmp 0x5117 +jne short loc_000051ab ; jne 0x51ab +jmp short loc_00005185 ; jmp 0x5185 -loc_00005173: +loc_000051e1: cmp bl, 0xc -je short loc_000051de ; je 0x51de +je short loc_0000524c ; je 0x524c test bl, bl -jne short loc_00005189 ; jne 0x5189 +jne short loc_000051f7 ; jne 0x51f7 push eax push eax push esi push 0 -loc_00005181: -call fcn_0000930f ; call 0x930f +loc_000051ef: +call fcn_0000937d ; call 0x937d add esp, 0x10 -loc_00005189: +loc_000051f7: sub esp, 0xc movzx ecx, byte [ebp - 0x38] push edi @@ -8327,7 +8370,7 @@ mov dword [ebp - 0x74], edx mov ecx, dword [eax + 0xd] movzx ecx, byte [ecx + ebx + 0x19] push ecx -call fcn_0000936b ; call 0x936b +call fcn_000093d9 ; call 0x93d9 mov edx, dword [ebp - 0x74] add esp, 0x20 mov eax, dword [ebp - 0x70] @@ -8336,54 +8379,54 @@ push edx push eax push ebx inc ebx -call fcn_00009450 ; call 0x9450 +call fcn_000094be ; call 0x94be add esp, 0x10 cmp ebx, 0x10 -je short loc_000051eb ; je 0x51eb +je short loc_00005259 ; je 0x5259 -loc_000051cc: +loc_0000523a: cmp bl, 8 -jne short loc_00005173 ; jne 0x5173 +jne short loc_000051e1 ; jne 0x51e1 cmp byte [ebp - 0x22], 0 -je short loc_00005189 ; je 0x5189 +je short loc_000051f7 ; je 0x51f7 push eax push eax push esi push 8 -jmp short loc_00005181 ; jmp 0x5181 +jmp short loc_000051ef ; jmp 0x51ef -loc_000051de: +loc_0000524c: cmp byte [ebp - 0x1b], 0 -je short loc_00005189 ; je 0x5189 +je short loc_000051f7 ; je 0x51f7 push eax push eax push esi push 0xc -jmp short loc_00005181 ; jmp 0x5181 +jmp short loc_000051ef ; jmp 0x51ef -loc_000051eb: +loc_00005259: cmp dword [ebp - 0x44], 0 -je short loc_00005215 ; je 0x5215 +je short loc_00005283 ; je 0x5283 cmp dword [ebp - 0x58], 0x40670 -jne short loc_00005215 ; jne 0x5215 +jne short loc_00005283 ; jne 0x5283 mov edi, dword [ebp - 0x60] sub esp, 0xc push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx and ah, 0x7f push eax push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_00005215: +loc_00005283: lea ebx, [ebp - 0x2d] -loc_00005218: +loc_00005286: cmp byte [ebx + 4], 0 -je short loc_00005257 ; je 0x5257 +je short loc_000052c5 ; je 0x52c5 push eax movzx eax, byte [ebx + 2] push eax @@ -8391,7 +8434,7 @@ movzx eax, byte [ebx + 1] push eax movzx eax, byte [ebx] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax pop eax pop edx @@ -8399,57 +8442,57 @@ lea eax, [esi + 0xd98] add esi, 0xb0 push 1 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop ecx pop edi push 0x20 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_00005257: +loc_000052c5: add ebx, 7 lea eax, [ebp - 0x18] cmp ebx, eax -jne short loc_00005218 ; jne 0x5218 +jne short loc_00005286 ; jne 0x5286 lea ebx, [ebp - 0x2d] -loc_00005264: +loc_000052d2: cmp byte [ebx + 4], 0 -je short loc_0000527b ; je 0x527b +je short loc_000052e9 ; je 0x52e9 push 0 push ebx push dword [ebp - 0x34] push dword [ebp + 8] -call fcn_00005ce2 ; call 0x5ce2 +call fcn_00005d50 ; call 0x5d50 add esp, 0x10 -loc_0000527b: +loc_000052e9: add ebx, 7 lea eax, [ebp - 0x18] cmp ebx, eax -jne short loc_00005264 ; jne 0x5264 -jmp near loc_00005117 ; jmp 0x5117 +jne short loc_000052d2 ; jne 0x52d2 +jmp near loc_00005185 ; jmp 0x5185 -loc_0000528a: -call fcn_000153e9 ; call 0x153e9 +loc_000052f8: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000052a4 ; je 0x52a4 +je short loc_00005312 ; je 0x5312 push eax push eax -push ref_00021565 ; push 0x21565 +push ref_000215f5 ; push 0x215f5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000052a4: +loc_00005312: sub esp, 0xc push dword [ebp - 0x68] push dword [ebp - 0x6c] push dword [ebp - 0x34] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_000036a6 ; call 0x36a6 +call fcn_00003714 ; call 0x3714 movzx eax, word [ebp - 0x4a] add esp, 0x1c push eax @@ -8457,7 +8500,7 @@ mov eax, dword [ebp - 0x40] push 0xfff0 add eax, 0xd0 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 movzx eax, word [ebp - 0x4c] add esp, 0xc push eax @@ -8465,7 +8508,7 @@ mov eax, dword [ebp - 0x50] push 0xfff0 add eax, 0xd0 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 movzx eax, word [ebp - 0x5a] add esp, 0xc push eax @@ -8473,7 +8516,7 @@ mov eax, dword [ebp - 0x54] push 0xfff0 add eax, 0xd0 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 mov eax, dword [ebp - 0x34] add esp, 0xc push 0x186a0 @@ -8482,58 +8525,58 @@ push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 -loc_00005321: +loc_0000538f: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x3b], 2 -jne short loc_00005331 ; jne 0x5331 +jne short loc_0000539f ; jne 0x539f mov byte [eax + 0x3b], 1 -loc_00005331: +loc_0000539f: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x3b], 1 -jne short loc_00005351 ; jne 0x5351 +jne short loc_000053bf ; jne 0x53bf push dword [ebp - 0x3c] push dword [ebp - 0x34] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00008275 ; call 0x8275 +call fcn_000082e3 ; call 0x82e3 add esp, 0x10 -loc_00005351: +loc_000053bf: cmp dword [ebp - 0x58], 0x40670 sete al cmp dword [ebp - 0x44], 0 mov byte [ebp - 0x74], al -je short loc_00005371 ; je 0x5371 +je short loc_000053df ; je 0x53df test al, al -je short loc_00005371 ; je 0x5371 +je short loc_000053df ; je 0x53df push edi push edi push 0x4000 -jmp short loc_00005378 ; jmp 0x5378 +jmp short loc_000053e6 ; jmp 0x53e6 -loc_00005371: +loc_000053df: push esi push esi push 0xc000 -loc_00005378: +loc_000053e6: push dword [ebp - 0x60] -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000539d ; je 0x539d +je short loc_0000540b ; je 0x540b push ebx push ebx -push ref_00021580 ; push 0x21580 +push ref_00021610 ; push 0x21610 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000539d: +loc_0000540b: mov eax, dword [ebp - 0x64] lea edi, [ebp - 0x2d] mov byte [ebp - 0x60], 0 @@ -8544,7 +8587,7 @@ mov byte [ebp - 0x5a], 0 mov byte [ebp - 0x4a], 0 mov dword [ebp - 0x80], eax -loc_000053bd: +loc_0000542b: mov al, byte [edi] mov ecx, dword [ebp - 0x3c] mov byte [ebp - 0x5c], al @@ -8555,13 +8598,13 @@ mov byte [ebp - 0x6c], al movzx eax, byte [edi + 3] mov byte [ebp - 0x4c], al test ecx, ecx -je short loc_000053ea ; je 0x53ea +je short loc_00005458 ; je 0x5458 mov edx, dword [ebp + 0xc] mov edx, dword [edx + 0xd] mov dl, byte [edx + eax + 0x5c] mov byte [ecx + eax + 0x47], dl -loc_000053ea: +loc_00005458: movzx eax, byte [ebp - 0x6c] push ecx push eax @@ -8569,62 +8612,62 @@ movzx eax, byte [ebp - 0x5b] push eax movzx eax, byte [ebp - 0x5c] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] -je short loc_0000541c ; je 0x541c +je short loc_0000548a ; je 0x548a cmp byte [edi + 4], 0 -jne short loc_0000542b ; jne 0x542b +jne short loc_00005499 ; jne 0x5499 -loc_0000541c: +loc_0000548a: cmp byte [eax + 4], 0 -je loc_00005720 ; je 0x5720 -jmp near loc_000056fa ; jmp 0x56fa +je loc_0000578e ; je 0x578e +jmp near loc_00005768 ; jmp 0x5768 -loc_0000542b: +loc_00005499: cmp byte [eax + 4], 0 -jne short loc_0000547a ; jne 0x547a +jne short loc_000054e8 ; jne 0x54e8 push eax push 0x10100 push 0xff0000ff lea ebx, [esi + 0x18] push ebx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx push 0 push dword [ebp - 0x64] -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 lea eax, [esi + 0x11a] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -jne loc_00005720 ; jne 0x5720 +jne loc_0000578e ; jne 0x578e push eax push eax push 0xff0000ff push ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_0000547a: +loc_000054e8: mov eax, dword [ebp + 0xc] cmp byte [eax], 0xf -jbe short loc_000054cf ; jbe 0x54cf +jbe short loc_0000553d ; jbe 0x553d movzx ebx, byte [ebp - 0x4c] mov eax, dword [eax + 0xd] cmp byte [eax + ebx + 0x61], 0 -je short loc_000054cf ; je 0x54cf +je short loc_0000553d ; je 0x553d sub esp, 0xc lea eax, [esi + 0xb2] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ecx, dword [ebp + 0xc] add esp, 0x10 mov edx, dword [ecx + 0xd] @@ -8632,31 +8675,31 @@ and eax, 0x3f0 sar eax, 4 movzx edx, byte [edx + ebx + 0x61] cmp dl, al -je short loc_000054cf ; je 0x54cf +je short loc_0000553d ; je 0x553d movzx eax, byte [ebp - 0x6c] push eax movzx eax, byte [ebp - 0x5b] push eax push edx push dword [ebp + 8] -call fcn_0000286a ; call 0x286a +call fcn_000028d8 ; call 0x28d8 add esp, 0x10 -loc_000054cf: +loc_0000553d: mov eax, dword [ebp + 0xc] cmp byte [eax], 7 -jbe short loc_000054eb ; jbe 0x54eb +jbe short loc_00005559 ; jbe 0x5559 mov edx, dword [eax + 0xd] movzx eax, byte [ebp - 0x4c] mov bl, byte [edx + eax + 0x5c] cmp bl, 0xff -jne loc_0000560f ; jne 0x560f +jne loc_0000567d ; jne 0x567d -loc_000054eb: +loc_00005559: sub esp, 0xc lea eax, [esi + 0xac] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc push 0x10100 push 0xff0000ff @@ -8665,67 +8708,67 @@ push ebx shr eax, 4 and eax, 0x3f mov byte [ebp - 0x79], al -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop edx pop ecx push 0 push dword [ebp - 0x64] -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop eax push dword [ebp - 0x64] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 inc eax -jne short loc_0000557e ; jne 0x557e +jne short loc_000055ec ; jne 0x55ec sub esp, 0xc add esi, 0xb2 push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov esi, eax and esi, 0x3f0 sar esi, 4 mov eax, esi mov byte [ebp - 0x70], al -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_000055aa ; je 0x55aa +je short loc_00005618 ; je 0x5618 movzx eax, byte [ebp - 0x6c] sub esp, 0xc push esi push eax movzx eax, byte [ebp - 0x5b] push eax -push ref_0002159c ; push 0x2159c +push ref_0002162c ; push 0x2162c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -jmp short loc_000055aa ; jmp 0x55aa +jmp short loc_00005618 ; jmp 0x5618 -loc_0000557e: +loc_000055ec: push 0x10 push 0 push 0 push 1 -call fcn_000027f4 ; call 0x27f4 +call fcn_00002862 ; call 0x2862 add esp, 0x10 test eax, eax -je short loc_000055aa ; je 0x55aa +je short loc_00005618 ; je 0x5618 add eax, dword [ebp - 0x80] sub esp, 0xc push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 shr eax, 4 and eax, 0x3f mov byte [ebp - 0x70], al -loc_000055aa: +loc_00005618: push eax push eax push 0xff0000ff push ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e mov cl, byte [ebp - 0x79] add esp, 0x10 mov bl, byte [ebp - 0x70] @@ -8739,10 +8782,10 @@ mov al, dl shr al, 1 mov dword [ebp - 0x84], edx mov byte [ebp - 0x60], al -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x84] test al, al -je short loc_00005633 ; je 0x5633 +je short loc_000056a1 ; je 0x56a1 push eax movzx edx, dl push eax @@ -8753,215 +8796,215 @@ push edx push eax movzx eax, byte [ebp - 0x79] push eax -push ref_00021608 ; push 0x21608 +push ref_00021698 ; push 0x21698 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -jmp short loc_00005633 ; jmp 0x5633 +jmp short loc_000056a1 ; jmp 0x56a1 -loc_0000560f: +loc_0000567d: test bl, bl -je short loc_00005633 ; je 0x5633 -call fcn_000153e9 ; call 0x153e9 +je short loc_000056a1 ; je 0x56a1 +call fcn_00015479 ; call 0x15479 mov byte [ebp - 0x60], bl test al, al -je short loc_00005633 ; je 0x5633 +je short loc_000056a1 ; je 0x56a1 push eax movzx eax, bl push eax -push ref_0002167b ; push 0x2167b +push ref_0002170b ; push 0x2170b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00005633: +loc_000056a1: mov eax, dword [ebp - 0x58] cmp eax, 0x40660 -je short loc_00005644 ; je 0x5644 +je short loc_000056b2 ; je 0x56b2 cmp eax, 0x306c0 -jne short loc_0000564a ; jne 0x564a +jne short loc_000056b8 ; jne 0x56b8 -loc_00005644: +loc_000056b2: test bl, bl -je short loc_000056c6 ; je 0x56c6 -jmp short loc_00005670 ; jmp 0x5670 +je short loc_00005734 ; je 0x5734 +jmp short loc_000056de ; jmp 0x56de -loc_0000564a: +loc_000056b8: cmp byte [ebp - 0x74], 0 -je short loc_000056c6 ; je 0x56c6 +je short loc_00005734 ; je 0x5734 push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -jne short loc_00005644 ; jne 0x5644 -jmp short loc_000056c6 ; jmp 0x56c6 +jne short loc_000056b2 ; jne 0x56b2 +jmp short loc_00005734 ; jmp 0x5734 -loc_00005670: +loc_000056de: movzx esi, byte [ebp - 0x6c] push eax push dword [ebp - 0x68] push esi push dword [ebp + 8] -call fcn_0000489c ; call 0x489c +call fcn_0000490a ; call 0x490a add esp, 0x10 mov bl, al cmp byte [ebp - 0x60], al -jbe short loc_000056ad ; jbe 0x56ad -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0000571b ; jbe 0x571b +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000056b0 ; je 0x56b0 +je short loc_0000571e ; je 0x571e push eax movzx eax, bl push eax -push ref_00021646 ; push 0x21646 +push ref_000216d6 ; push 0x216d6 push 0x80000040 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_000056b0 ; jmp 0x56b0 +jmp short loc_0000571e ; jmp 0x571e -loc_000056ad: +loc_0000571b: mov bl, byte [ebp - 0x60] -loc_000056b0: +loc_0000571e: movzx eax, bl push eax push dword [ebp - 0x68] push esi push dword [ebp + 8] -call fcn_00004925 ; call 0x4925 +call fcn_00004993 ; call 0x4993 add esp, 0x10 mov byte [ebp - 0x60], bl -loc_000056c6: -call fcn_000153e9 ; call 0x153e9 +loc_00005734: +call fcn_00015479 ; call 0x15479 movzx esi, byte [ebp - 0x6c] movzx ebx, byte [ebp - 0x5b] test al, al -je short loc_000056e8 ; je 0x56e8 +je short loc_00005756 ; je 0x5756 push esi push ebx -push ref_00021690 ; push 0x21690 +push ref_00021720 ; push 0x21720 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000056e8: +loc_00005756: movzx eax, byte [ebp - 0x5c] push esi push ebx push eax push dword [ebp + 0xc] -call fcn_00003aa5 ; call 0x3aa5 +call fcn_00003b13 ; call 0x3b13 add esp, 0x10 -loc_000056fa: +loc_00005768: cmp byte [ebp - 0x4c], 0 -jne short loc_00005706 ; jne 0x5706 +jne short loc_00005774 ; jne 0x5774 cmp byte [ebp - 0x48], 3 -je short loc_00005763 ; je 0x5763 +je short loc_000057d1 ; je 0x57d1 -loc_00005706: +loc_00005774: cmp byte [ebp - 0x4c], 1 -jne short loc_00005712 ; jne 0x5712 +jne short loc_00005780 ; jne 0x5780 cmp byte [ebp - 0x48], 2 -je short loc_0000577b ; je 0x577b +je short loc_000057e9 ; je 0x57e9 -loc_00005712: +loc_00005780: cmp byte [ebp - 0x4c], 2 -jne short loc_00005753 ; jne 0x5753 +jne short loc_000057c1 ; jne 0x57c1 cmp byte [ebp - 0x48], 0 -je short loc_0000577f ; je 0x577f -jmp short loc_00005753 ; jmp 0x5753 +je short loc_000057ed ; je 0x57ed +jmp short loc_000057c1 ; jmp 0x57c1 -loc_00005720: +loc_0000578e: mov al, byte [ebp - 0x48] cmp al, 3 -je short loc_0000576d ; je 0x576d +je short loc_000057db ; je 0x57db cmp al, 2 -jne short loc_00005737 ; jne 0x5737 +jne short loc_000057a5 ; jne 0x57a5 cmp byte [ebp - 0x4c], 0 mov byte [ebp - 0x44], 1 -je short loc_0000574f ; je 0x574f -jmp short loc_00005767 ; jmp 0x5767 +je short loc_000057bd ; je 0x57bd +jmp short loc_000057d5 ; jmp 0x57d5 -loc_00005737: +loc_000057a5: cmp byte [ebp - 0x48], 0 -jne short loc_00005753 ; jne 0x5753 +jne short loc_000057c1 ; jne 0x57c1 cmp byte [ebp - 0x4c], 0 -je short loc_0000574f ; je 0x574f +je short loc_000057bd ; je 0x57bd cmp byte [ebp - 0x4c], 1 -jne short loc_0000577b ; jne 0x577b +jne short loc_000057e9 ; jne 0x57e9 mov byte [ebp - 0x5a], 1 -jmp short loc_00005753 ; jmp 0x5753 +jmp short loc_000057c1 ; jmp 0x57c1 -loc_0000574f: +loc_000057bd: mov byte [ebp - 0x4a], 1 -loc_00005753: +loc_000057c1: add edi, 7 lea eax, [ebp - 0x18] cmp edi, eax -jne loc_000053bd ; jne 0x53bd -jmp short loc_0000577f ; jmp 0x577f +jne loc_0000542b ; jne 0x542b +jmp short loc_000057ed ; jmp 0x57ed -loc_00005763: +loc_000057d1: mov byte [ebp - 0x44], 1 -loc_00005767: +loc_000057d5: mov byte [ebp - 0x5a], 1 -jmp short loc_0000577f ; jmp 0x577f +jmp short loc_000057ed ; jmp 0x57ed -loc_0000576d: +loc_000057db: mov byte [ebp - 0x44], 1 mov byte [ebp - 0x5a], 1 mov byte [ebp - 0x4a], 1 -jmp short loc_0000577f ; jmp 0x577f +jmp short loc_000057ed ; jmp 0x57ed -loc_0000577b: +loc_000057e9: mov byte [ebp - 0x44], 1 -loc_0000577f: +loc_000057ed: mov dl, byte [ebp - 0x44] xor ebx, ebx mov al, byte [ebp - 0x5a] xor edx, 1 xor eax, 1 or dl, al -je short loc_00005798 ; je 0x5798 +je short loc_00005806 ; je 0x5806 mov bl, byte [ebp - 0x4a] mov byte [ebp - 0x4a], 0 -loc_00005798: +loc_00005806: sub esp, 0xc mov esi, 1 push dword [ebp - 0x40] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_000057cb ; jne 0x57cb -call fcn_000153e9 ; call 0x153e9 +jne short loc_00005839 ; jne 0x5839 +call fcn_00015479 ; call 0x15479 xor esi, esi test al, al -je short loc_000057cb ; je 0x57cb +je short loc_00005839 ; je 0x5839 push ecx push ecx -push ref_000216bb ; push 0x216bb +push ref_0002174b ; push 0x2174b push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000057cb: +loc_00005839: or bl, byte [ebp - 0x4a] -je loc_000058fa ; je 0x58fa +je loc_00005968 ; je 0x5968 mov eax, esi test al, al -je loc_000058fa ; je 0x58fa +je loc_00005968 ; je 0x5968 mov edi, dword [ebp - 0x40] mov ebx, 0x3e9 push eax @@ -8970,7 +9013,7 @@ push 0x100 mov eax, edi add eax, 0x224 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 lea esi, [edi + 0x464] pop eax mov eax, edi @@ -8978,19 +9021,19 @@ pop edx add eax, 0xb0 push 0x10 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_00005814: +loc_00005882: sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x3f cmp eax, 2 -je short loc_0000583e ; je 0x583e +je short loc_000058ac ; je 0x58ac dec bx -je short loc_0000583e ; je 0x583e +je short loc_000058ac ; je 0x58ac mov eax, dword [ebp - 0x34] push edi push 0x64 @@ -8998,104 +9041,104 @@ push eax push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 -jmp short loc_00005814 ; jmp 0x5814 +jmp short loc_00005882 ; jmp 0x5882 -loc_0000583e: +loc_000058ac: mov eax, dword [ebp - 0x40] push esi push 0x20 push 0xcf add eax, 0xc20 push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a mov eax, dword [ebp - 0x58] add esp, 0x10 cmp eax, 0x40660 -je short loc_00005868 ; je 0x5868 +je short loc_000058d6 ; je 0x58d6 cmp eax, 0x306c0 -jne short loc_0000588b ; jne 0x588b +jne short loc_000058f9 ; jne 0x58f9 -loc_00005868: +loc_000058d6: mov edi, dword [ebp - 0x68] push ebx push edi push 0 push dword [ebp + 8] -call fcn_0000489c ; call 0x489c +call fcn_0000490a ; call 0x490a movzx eax, al push eax push edi push 0 push dword [ebp + 8] -call fcn_00004925 ; call 0x4925 +call fcn_00004993 ; call 0x4993 add esp, 0x20 -jmp short loc_000058af ; jmp 0x58af +jmp short loc_0000591d ; jmp 0x591d -loc_0000588b: +loc_000058f9: cmp byte [ebp - 0x74], 0 -je short loc_000058af ; je 0x58af +je short loc_0000591d ; je 0x591d push ecx push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -jne short loc_00005868 ; jne 0x5868 +jne short loc_000058d6 ; jne 0x58d6 -loc_000058af: +loc_0000591d: cmp byte [ebp - 0x4a], 0 -je short loc_000058fa ; je 0x58fa +je short loc_00005968 ; je 0x5968 push eax push eax mov eax, dword [ebp - 0x40] push 0x40000000 add eax, 0xd20 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop eax mov eax, dword [ebp - 0x78] pop edx add eax, 0x54 push 0xf7 push eax -call fcn_00018699 ; call 0x18699 -call fcn_000153e9 ; call 0x153e9 +call fcn_0001875d ; call 0x1875d +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_000058fa ; je 0x58fa +je short loc_00005968 ; je 0x5968 push eax push eax -push ref_000216bb ; push 0x216bb +push ref_0002174b ; push 0x2174b push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000058fa: +loc_00005968: sub esp, 0xc mov bl, 1 push dword [ebp - 0x50] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_0000592a ; jne 0x592a -call fcn_000153e9 ; call 0x153e9 +jne short loc_00005998 ; jne 0x5998 +call fcn_00015479 ; call 0x15479 xor ebx, ebx test al, al -je short loc_0000592a ; je 0x592a +je short loc_00005998 ; je 0x5998 push edi push edi -push ref_000216cc ; push 0x216cc +push ref_0002175c ; push 0x2175c push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000592a: +loc_00005998: test byte [ebp - 0x5a], bl -je loc_00005a4f ; je 0x5a4f +je loc_00005abd ; je 0x5abd mov edi, dword [ebp - 0x50] push ecx push ecx @@ -9103,7 +9146,7 @@ push 0x100 mov eax, edi add eax, 0x224 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov eax, edi pop ebx add eax, 0xb0 @@ -9111,22 +9154,22 @@ pop esi mov ebx, 0x3e9 push 0x10 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 mov eax, dword [ebp - 0x40] add esp, 0x10 lea esi, [eax + 0x464] -loc_0000596c: +loc_000059da: sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 shr eax, 8 and eax, 0x3f cmp eax, 2 -je short loc_00005999 ; je 0x5999 +je short loc_00005a07 ; je 0x5a07 dec bx -je short loc_00005999 ; je 0x5999 +je short loc_00005a07 ; je 0x5a07 mov eax, dword [ebp - 0x34] push edx push 0x64 @@ -9134,102 +9177,102 @@ push eax push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 -jmp short loc_0000596c ; jmp 0x596c +jmp short loc_000059da ; jmp 0x59da -loc_00005999: +loc_00005a07: push eax mov eax, dword [ebp - 0x50] push 0x20 push 0xcf add eax, 0xc20 push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a mov eax, dword [ebp - 0x58] add esp, 0x10 cmp eax, 0x40660 -je short loc_000059c3 ; je 0x59c3 +je short loc_00005a31 ; je 0x5a31 cmp eax, 0x306c0 -jne short loc_000059e6 ; jne 0x59e6 +jne short loc_00005a54 ; jne 0x5a54 -loc_000059c3: +loc_00005a31: mov esi, dword [ebp - 0x68] push eax push esi push 1 push dword [ebp + 8] -call fcn_0000489c ; call 0x489c +call fcn_0000490a ; call 0x490a movzx eax, al push eax push esi push 1 push dword [ebp + 8] -call fcn_00004925 ; call 0x4925 +call fcn_00004993 ; call 0x4993 add esp, 0x20 -jmp short loc_00005a0a ; jmp 0x5a0a +jmp short loc_00005a78 ; jmp 0x5a78 -loc_000059e6: +loc_00005a54: cmp byte [ebp - 0x74], 0 -je short loc_00005a0a ; je 0x5a0a +je short loc_00005a78 ; je 0x5a78 push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -jne short loc_000059c3 ; jne 0x59c3 +jne short loc_00005a31 ; jne 0x5a31 -loc_00005a0a: +loc_00005a78: mov eax, dword [ebp - 0x50] push esi push esi push 0x40000000 add eax, 0xd20 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop edi pop eax mov eax, dword [ebp - 0x78] push 0xfb add eax, 0x54 push eax -call fcn_00018699 ; call 0x18699 -call fcn_000153e9 ; call 0x153e9 +call fcn_0001875d ; call 0x1875d +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00005a4f ; je 0x5a4f +je short loc_00005abd ; je 0x5abd push ebx push ebx -push ref_000216cc ; push 0x216cc +push ref_0002175c ; push 0x2175c push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00005a4f: +loc_00005abd: sub esp, 0xc mov bl, 1 push dword [ebp - 0x54] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_00005a7f ; jne 0x5a7f -call fcn_000153e9 ; call 0x153e9 +jne short loc_00005aed ; jne 0x5aed +call fcn_00015479 ; call 0x15479 xor ebx, ebx test al, al -je short loc_00005a7f ; je 0x5a7f +je short loc_00005aed ; je 0x5aed push ecx push ecx -push ref_000216dd ; push 0x216dd +push ref_0002176d ; push 0x2176d push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00005a7f: +loc_00005aed: test byte [ebp - 0x44], bl -je loc_00005ba4 ; je 0x5ba4 +je loc_00005c12 ; je 0x5c12 mov edi, dword [ebp - 0x54] mov ebx, 0x3e9 push eax @@ -9238,29 +9281,29 @@ push 0x100 mov eax, edi add eax, 0x224 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop eax mov eax, edi pop edx add eax, 0xb0 push 0x10 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 mov eax, dword [ebp - 0x40] add esp, 0x10 lea esi, [eax + 0x464] -loc_00005ac1: +loc_00005b2f: sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 shr eax, 0x10 and eax, 0x3f cmp eax, 2 -je short loc_00005aee ; je 0x5aee +je short loc_00005b5c ; je 0x5b5c dec bx -je short loc_00005aee ; je 0x5aee +je short loc_00005b5c ; je 0x5b5c mov eax, dword [ebp - 0x34] push edi push 0x64 @@ -9268,84 +9311,84 @@ push eax push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 -jmp short loc_00005ac1 ; jmp 0x5ac1 +jmp short loc_00005b2f ; jmp 0x5b2f -loc_00005aee: +loc_00005b5c: mov eax, dword [ebp - 0x54] push esi push 0x20 push 0xcf add eax, 0xc20 push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a mov eax, dword [ebp - 0x58] add esp, 0x10 cmp eax, 0x40660 -je short loc_00005b18 ; je 0x5b18 +je short loc_00005b86 ; je 0x5b86 cmp eax, 0x306c0 -jne short loc_00005b3b ; jne 0x5b3b +jne short loc_00005ba9 ; jne 0x5ba9 -loc_00005b18: +loc_00005b86: mov edi, dword [ebp - 0x68] push ebx push edi push 2 push dword [ebp + 8] -call fcn_0000489c ; call 0x489c +call fcn_0000490a ; call 0x490a movzx eax, al push eax push edi push 2 push dword [ebp + 8] -call fcn_00004925 ; call 0x4925 +call fcn_00004993 ; call 0x4993 add esp, 0x20 -jmp short loc_00005b5f ; jmp 0x5b5f +jmp short loc_00005bcd ; jmp 0x5bcd -loc_00005b3b: +loc_00005ba9: cmp byte [ebp - 0x74], 0 -je short loc_00005b5f ; je 0x5b5f +je short loc_00005bcd ; je 0x5bcd push ecx push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -jne short loc_00005b18 ; jne 0x5b18 +jne short loc_00005b86 ; jne 0x5b86 -loc_00005b5f: +loc_00005bcd: mov eax, dword [ebp - 0x54] push edi push edi push 0x40000000 add eax, 0xd20 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop eax mov eax, dword [ebp - 0x78] pop edx add eax, 0x54 push 0xfd push eax -call fcn_00018699 ; call 0x18699 -call fcn_000153e9 ; call 0x153e9 +call fcn_0001875d ; call 0x1875d +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00005ba4 ; je 0x5ba4 +je short loc_00005c12 ; je 0x5c12 push esi push esi -push ref_000216dd ; push 0x216dd +push ref_0002176d ; push 0x2176d push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00005ba4: +loc_00005c12: lea ebx, [ebp - 0x2d] -loc_00005ba7: +loc_00005c15: movzx eax, byte [ebx + 2] sub esp, 0xc add ebx, 7 @@ -9357,25 +9400,25 @@ push esi push dword [ebp - 0x34] push dword [ebp + 8] mov dword [ebp - 0x48], eax -call fcn_000024e1 ; call 0x24e1 +call fcn_0000254f ; call 0x254f mov eax, dword [ebp - 0x48] add esp, 0x1c push eax push edi push esi -call fcn_000023ad ; call 0x23ad +call fcn_0000241b ; call 0x241b lea eax, [ebp - 0x18] add esp, 0x10 cmp ebx, eax -jne short loc_00005ba7 ; jne 0x5ba7 +jne short loc_00005c15 ; jne 0x5c15 mov edi, dword [ebp - 0x3c] test edi, edi -je loc_00005c71 ; je 0x5c71 +je loc_00005cdf ; je 0x5cdf mov eax, dword [ebp - 0x40] sub esp, 0xc add eax, 0x11a push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 shr ax, 1 xor eax, 1 mov bl, al @@ -9383,7 +9426,7 @@ mov eax, dword [ebp - 0x50] and ebx, 1 add eax, 0x11a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov dl, bl or edx, 2 test al, 2 @@ -9391,7 +9434,7 @@ mov eax, dword [ebp - 0x54] cmove ebx, edx add eax, 0x11a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov dl, bl add esp, 0x10 or edx, 4 @@ -9399,31 +9442,31 @@ test al, 2 cmove ebx, edx not ebx cmp byte [edi + 0x46], bl -je short loc_00005c71 ; je 0x5c71 -call fcn_000153e9 ; call 0x153e9 +je short loc_00005cdf ; je 0x5cdf +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00005c6b ; je 0x5c6b +je short loc_00005cd9 ; je 0x5cd9 movzx eax, bl push eax mov eax, dword [ebp - 0x3c] movzx eax, byte [eax + 0x46] push eax -push ref_000216ee ; push 0x216ee +push ref_0002177e ; push 0x2177e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00005c6b: +loc_00005cd9: mov eax, dword [ebp - 0x3c] mov byte [eax + 0x46], bl -loc_00005c71: +loc_00005cdf: mov eax, dword [ebp + 0xc] cmp byte [eax], 0xa -ja short loc_00005c98 ; ja 0x5c98 +ja short loc_00005d06 ; ja 0x5d06 -loc_00005c79: -call fcn_00003b38 ; call 0x3b38 +loc_00005ce7: +call fcn_00003ba6 ; call 0x3ba6 movzx eax, byte [ebp - 0x44] push ebx push eax @@ -9431,20 +9474,20 @@ movzx eax, byte [ebp - 0x5a] push eax movzx eax, byte [ebp - 0x4a] push eax -call fcn_00003c89 ; call 0x3c89 +call fcn_00003cf7 ; call 0x3cf7 -loc_00005c93: +loc_00005d01: add esp, 0x10 -jmp short loc_00005cda ; jmp 0x5cda +jmp short loc_00005d48 ; jmp 0x5d48 -loc_00005c98: +loc_00005d06: mov eax, dword [ebp + 0xc] mov eax, dword [eax + 0xd] cmp byte [eax + 0x5f], 1 -jne short loc_00005c79 ; jne 0x5c79 +jne short loc_00005ce7 ; jne 0x5ce7 lea ebx, [ebp - 0x2d] -loc_00005ca7: +loc_00005d15: push eax movzx eax, byte [ebx + 2] add ebx, 7 @@ -9453,20 +9496,20 @@ movzx eax, byte [ebx - 6] push eax movzx eax, byte [ebx - 7] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 1 add eax, 0x25c push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 lea eax, [ebp - 0x18] add esp, 0x10 cmp ebx, eax -jne short loc_00005ca7 ; jne 0x5ca7 -jmp short loc_00005c79 ; jmp 0x5c79 +jne short loc_00005d15 ; jne 0x5d15 +jmp short loc_00005ce7 ; jmp 0x5ce7 -loc_00005cda: +loc_00005d48: lea esp, [ebp - 0xc] pop ebx pop esi @@ -9474,7 +9517,7 @@ pop edi pop ebp ret -fcn_00005ce2: +fcn_00005d50: push ebp mov ebp, esp push edi @@ -9491,20 +9534,20 @@ push 0 seta bl mov dword [ebp - 0x20], eax mov byte [ebp - 0x19], al -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 add esp, 0x10 mov dword [ebp - 0x24], eax mov eax, edi test al, al -jne short loc_00005d6f ; jne 0x5d6f +jne short loc_00005ddd ; jne 0x5ddd test bl, bl -je short loc_00005d6f ; je 0x5d6f +je short loc_00005ddd ; je 0x5ddd xor edi, edi -loc_00005d28: +loc_00005d96: push eax movzx eax, byte [esi + 2] push eax @@ -9512,13 +9555,13 @@ movzx eax, byte [esi + 1] push eax movzx eax, byte [esi] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xd2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -jne short loc_00005d75 ; jne 0x5d75 +jne short loc_00005de3 ; jne 0x5de3 push ecx mov eax, dword [ebp + 0xc] inc edi @@ -9528,40 +9571,40 @@ push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 cmp edi, 0x64 -jne short loc_00005d28 ; jne 0x5d28 +jne short loc_00005d96 ; jne 0x5d96 xor eax, eax -jmp short loc_00005d77 ; jmp 0x5d77 +jmp short loc_00005de5 ; jmp 0x5de5 -loc_00005d6f: +loc_00005ddd: xor eax, eax xor edi, edi -jmp short loc_00005d77 ; jmp 0x5d77 +jmp short loc_00005de5 ; jmp 0x5de5 -loc_00005d75: +loc_00005de3: mov al, 1 -loc_00005d77: +loc_00005de5: test al, al -je short loc_00005d87 ; je 0x5d87 +je short loc_00005df5 ; je 0x5df5 test bl, bl -je short loc_00005d87 ; je 0x5d87 +je short loc_00005df5 ; je 0x5df5 -loc_00005d7f: +loc_00005ded: mov ebx, dword [ebp - 0x24] and ebx, 0xfffffffe -jmp short loc_00005dae ; jmp 0x5dae +jmp short loc_00005e1c ; jmp 0x5e1c -loc_00005d87: +loc_00005df5: test bl, bl -je short loc_00005d7f ; je 0x5d7f +je short loc_00005ded ; je 0x5ded cmp byte [ebp - 0x20], 0 -jne short loc_00005d7f ; jne 0x5d7f +jne short loc_00005ded ; jne 0x5ded -loc_00005d91: +loc_00005dff: mov eax, 0x80000012 -jmp short loc_00005e0f ; jmp 0x5e0f +jmp short loc_00005e7d ; jmp 0x5e7d -loc_00005d98: +loc_00005e06: push eax mov eax, dword [ebp + 0xc] inc edi @@ -9571,16 +9614,16 @@ push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 -loc_00005dae: +loc_00005e1c: cmp edi, 0x63 -ja short loc_00005d91 ; ja 0x5d91 +ja short loc_00005dff ; ja 0x5dff cmp byte [ebp - 0x19], 0 -je short loc_00005de0 ; je 0x5de0 +je short loc_00005e4e ; je 0x5e4e push 0 push 0x13 push 0x4648080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca movzx ecx, byte [esi + 2] add esp, 0x10 shl ecx, 3 @@ -9588,12 +9631,12 @@ shr eax, cl and eax, 0x3f cmp eax, 0x10 -loc_00005dda: -jne short loc_00005d98 ; jne 0x5d98 +loc_00005e48: +jne short loc_00005e06 ; jne 0x5e06 xor eax, eax -jmp short loc_00005e0f ; jmp 0x5e0f +jmp short loc_00005e7d ; jmp 0x5e7d -loc_00005de0: +loc_00005e4e: push edx movzx eax, byte [esi + 2] push eax @@ -9601,17 +9644,17 @@ movzx eax, byte [esi + 1] push eax movzx eax, byte [esi] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x214 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 shr eax, 0x10 and eax, 0xf cmp eax, 7 -jmp short loc_00005dda ; jmp 0x5dda +jmp short loc_00005e48 ; jmp 0x5e48 -loc_00005e0f: +loc_00005e7d: lea esp, [ebp - 0xc] pop ebx pop esi @@ -9619,7 +9662,7 @@ pop edi pop ebp ret -fcn_00005e17: +fcn_00005e85: push ebp mov ebp, esp push edi @@ -9631,100 +9674,100 @@ push 0 mov edi, dword [ebp + 0xc] push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 2] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, eax and eax, 0xfffffffd cmp ax, 0x8c44 -je short loc_00005eae ; je 0x5eae +je short loc_00005f1c ; je 0x5f1c lea eax, [edx + 0x73b2] cmp ax, 2 -jbe short loc_00005eae ; jbe 0x5eae +jbe short loc_00005f1c ; jbe 0x5f1c lea eax, [edx + 0x73b7] cmp ax, 3 -jbe short loc_00005eae ; jbe 0x5eae +jbe short loc_00005f1c ; jbe 0x5f1c lea eax, [edx + 0x73bf] cmp ax, 1 -jbe short loc_00005eae ; jbe 0x5eae +jbe short loc_00005f1c ; jbe 0x5f1c cmp dx, 0x8c58 -je short loc_00005eae ; je 0x5eae +je short loc_00005f1c ; je 0x5f1c mov eax, edx and eax, 0xfffffffb cmp ax, 0x8c52 -je short loc_00005eae ; je 0x5eae +je short loc_00005f1c ; je 0x5f1c mov eax, edx and eax, 0xfffffff7 cmp ax, 0x8c54 -je short loc_00005eae ; je 0x5eae +je short loc_00005f1c ; je 0x5f1c lea eax, [edx + 0x63bf] cmp ax, 6 -jbe short loc_00005eae ; jbe 0x5eae +jbe short loc_00005f1c ; jbe 0x5f1c add dx, 0x733f cmp dx, 5 -jbe short loc_00005eae ; jbe 0x5eae +jbe short loc_00005f1c ; jbe 0x5f1c -loc_00005ea4: +loc_00005f12: mov eax, 0x80000003 -jmp near loc_00005fa0 ; jmp 0x5fa0 +jmp near loc_0000600e ; jmp 0x600e -loc_00005eae: +loc_00005f1c: sub esp, 0xc add esi, 0x48 push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and ax, 0xfffc mov word [ebp - 0x20], ax -je short loc_00005ea4 ; je 0x5ea4 +je short loc_00005f12 ; je 0x5f12 cmp bl, 0x1f -jbe short loc_00005f0b ; jbe 0x5f0b +jbe short loc_00005f79 ; jbe 0x5f79 cmp bl, 0x3f -ja short loc_00005ee7 ; ja 0x5ee7 +ja short loc_00005f55 ; ja 0x5f55 lea ecx, [ebx - 0x20] mov esi, 0x30 mov word [ebp - 0x1c], 0x38 mov word [ebp - 0x1a], 0x34 -jmp short loc_00005f1b ; jmp 0x5f1b +jmp short loc_00005f89 ; jmp 0x5f89 -loc_00005ee7: +loc_00005f55: mov eax, 0x80000002 cmp bl, 0x5f -ja loc_00005fa0 ; ja 0x5fa0 +ja loc_0000600e ; ja 0x600e lea ecx, [ebx - 0x40] mov esi, 0x40 mov word [ebp - 0x1c], 0x48 mov word [ebp - 0x1a], 0x44 -jmp short loc_00005f1b ; jmp 0x5f1b +jmp short loc_00005f89 ; jmp 0x5f89 -loc_00005f0b: +loc_00005f79: mov cl, bl xor esi, esi mov word [ebp - 0x1c], 0xc mov word [ebp - 0x1a], 4 -loc_00005f1b: +loc_00005f89: mov dword [ebp - 0x24], ecx and edi, 1 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov ecx, dword [ebp - 0x24] test al, al mov eax, edi movzx edi, al -je short loc_00005f49 ; je 0x5f49 +je short loc_00005fb7 ; je 0x5fb7 push edi movzx ebx, bl push ebx -push ref_00021725 ; push 0x21725 +push ref_000217b5 ; push 0x217b5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 mov ecx, dword [ebp - 0x24] add esp, 0x10 -loc_00005f49: +loc_00005fb7: movzx ebx, word [ebp - 0x20] mov edx, 1 push eax @@ -9735,7 +9778,7 @@ add esi, ebx push esi mov dword [ebp - 0x24], ecx mov dword [ebp - 0x20], edx -call fcn_0001829f ; call 0x1829f +call fcn_00018363 ; call 0x18363 mov edx, dword [ebp - 0x20] movzx eax, word [ebp - 0x1a] mov esi, edx @@ -9745,11 +9788,11 @@ pop ecx add eax, ebx push esi push eax -call fcn_000182c9 ; call 0x182c9 +call fcn_0001838d ; call 0x1838d movzx eax, word [ebp - 0x1c] add ebx, eax mov dword [esp], ebx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 mov ecx, dword [ebp - 0x24] shl edi, cl and eax, esi @@ -9758,11 +9801,11 @@ or eax, edi pop edx push eax push ebx -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 add esp, 0x10 xor eax, eax -loc_00005fa0: +loc_0000600e: lea esp, [ebp - 0xc] pop ebx pop esi @@ -9770,30 +9813,30 @@ pop edi pop ebp ret -fcn_00005fa8: +fcn_00006016: push ebp mov ebp, esp push ebx push ebx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00005fca ; je 0x5fca +je short loc_00006038 ; je 0x6038 push ecx push ecx -push ref_0002173b ; push 0x2173b +push ref_000217cb ; push 0x217cb push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00005fca: +loc_00006038: cmp byte [ebx], 2 mov eax, 0x80000003 -jbe short loc_00005ff7 ; jbe 0x5ff7 +jbe short loc_00006065 ; jbe 0x6065 mov edx, dword [ebx + 0xd] mov edx, dword [edx + 0x4c] cmp byte [edx], 1 -jne short loc_00005ff7 ; jne 0x5ff7 +jne short loc_00006065 ; jne 0x6065 mov eax, dword [edx + 1] push edx push edx @@ -9802,38 +9845,38 @@ and edx, 1 push edx movzx eax, byte [eax] push eax -call fcn_00005e17 ; call 0x5e17 +call fcn_00005e85 ; call 0x5e85 add esp, 0x10 -loc_00005ff7: +loc_00006065: mov ebx, dword [ebp - 4] leave ret -fcn_00005ffc: +fcn_0000606a: push ebp mov ebp, esp push esi push ebx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000601e ; je 0x601e +je short loc_0000608c ; je 0x608c push ecx push ecx -push ref_00021756 ; push 0x21756 +push ref_000217e6 ; push 0x217e6 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000601e: +loc_0000608c: cmp byte [ebx], 2 mov esi, 0x80000003 -jbe short loc_0000604f ; jbe 0x604f +jbe short loc_000060bd ; jbe 0x60bd mov eax, dword [ebx + 0xd] mov eax, dword [eax + 0x4c] cmp byte [eax], 1 -jne short loc_0000604f ; jne 0x604f +jne short loc_000060bd ; jne 0x60bd mov eax, dword [eax + 1] xor esi, esi push edx @@ -9844,10 +9887,10 @@ and edx, 1 push edx movzx eax, byte [eax] push eax -call fcn_00005e17 ; call 0x5e17 +call fcn_00005e85 ; call 0x5e85 add esp, 0x10 -loc_0000604f: +loc_000060bd: lea esp, [ebp - 8] mov eax, esi pop ebx @@ -9855,7 +9898,7 @@ pop esi pop ebp ret -fcn_00006058: +fcn_000060c6: push ebp mov ebp, esp push edi @@ -9865,44 +9908,44 @@ sub esp, 0x1c mov edi, dword [ebp + 8] mov ebx, dword [ebp + 0xc] mov esi, dword [ebp + 0x10] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006084 ; je 0x6084 +je short loc_000060f2 ; je 0x60f2 push eax push eax -push ref_00021773 ; push 0x21773 +push ref_00021803 ; push 0x21803 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006084: +loc_000060f2: xor edx, edx -loc_00006086: +loc_000060f4: push eax push edx push 1 push 0 mov dword [ebp - 0x1c], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0x10 add eax, 0xb0 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov edx, dword [ebp - 0x1c] add esp, 0x10 inc edx cmp edx, 3 -jne short loc_00006086 ; jne 0x6086 +jne short loc_000060f4 ; jne 0x60f4 sub esp, 0xc push esi -call fcn_00005fa8 ; call 0x5fa8 +call fcn_00006016 ; call 0x6016 add esp, 0x10 mov edx, eax test eax, eax -js short loc_00006103 ; js 0x6103 +js short loc_00006171 ; js 0x6171 push eax push 0x64 push ebx @@ -9911,51 +9954,51 @@ call dword [ebx + 4] ; ucall add esp, 0x10 xor ebx, ebx -loc_000060ce: +loc_0000613c: push edi push ebx inc ebx push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0xffef add eax, 0xb0 push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 cmp ebx, 3 -jne short loc_000060ce ; jne 0x60ce +jne short loc_0000613c ; jne 0x613c mov dword [ebp + 8], esi lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_00005ffc ; jmp 0x5ffc +jmp near fcn_0000606a ; jmp 0x606a -loc_00006103: +loc_00006171: xor ebx, ebx -loc_00006105: +loc_00006173: push eax push ebx inc ebx push 1 push 0 mov dword [ebp - 0x1c], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0xffef add eax, 0xb0 push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 cmp ebx, 3 mov edx, dword [ebp - 0x1c] -jne short loc_00006105 ; jne 0x6105 +jne short loc_00006173 ; jne 0x6173 lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -9964,23 +10007,23 @@ pop edi pop ebp ret -fcn_0000613b: ; not directly referenced +fcn_000061a9: ; not directly referenced push ebp mov ebp, esp push esi push ebx mov ebx, dword [ebp + 0x10] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000615d ; je 0x615d +je short loc_000061cb ; je 0x61cb push ecx push ecx -push ref_0002178d ; push 0x2178d +push ref_0002181d ; push 0x2181d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000615d: ; not directly referenced +loc_000061cb: ; not directly referenced push edx movzx eax, byte [ebx + 2] push eax @@ -9988,36 +10031,36 @@ movzx eax, byte [ebx + 1] push eax movzx eax, byte [ebx] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx lea esi, [eax + 0x3e] pop eax push 0x40 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 pop eax pop edx push 0xffbf push esi -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 push 0 push ebx push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00005ce2 ; call 0x5ce2 +call fcn_00005d50 ; call 0x5d50 add esp, 0x20 mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000061b8 ; je 0x61b8 +je short loc_00006226 ; je 0x6226 push eax push eax -push ref_000217a3 ; push 0x217a3 +push ref_00021833 ; push 0x21833 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000061b8: ; not directly referenced +loc_00006226: ; not directly referenced lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -10025,7 +10068,7 @@ pop esi pop ebp ret -fcn_000061c1: ; not directly referenced +fcn_0000622f: ; not directly referenced push ebp mov ebp, esp push edi @@ -10033,16 +10076,16 @@ push esi push ebx sub esp, 0x1c mov esi, dword [ebp + 0x10] -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov edi, eax push eax push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 add esp, 0x10 cmp edi, 0x40660 sete byte [ebp - 0x19] @@ -10050,19 +10093,19 @@ cmp edi, 0x306c0 mov ebx, eax sete al or byte [ebp - 0x19], al -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006220 ; je 0x6220 +je short loc_0000628e ; je 0x628e push eax push eax -push ref_000217b3 ; push 0x217b3 +push ref_00021843 ; push 0x21843 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006220: ; not directly referenced +loc_0000628e: ; not directly referenced cmp edi, 0x40670 -jne short loc_0000624e ; jne 0x624e +jne short loc_000062bc ; jne 0x62bc push eax movzx eax, byte [esi + 2] push eax @@ -10070,127 +10113,127 @@ movzx eax, byte [esi + 1] push eax movzx eax, byte [esi] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0x10 add eax, 0xc24 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_0000624e: ; not directly referenced +loc_000062bc: ; not directly referenced cmp byte [ebp - 0x19], 0 -je loc_000062e9 ; je 0x62e9 +je loc_00006357 ; je 0x6357 push 0 and ebx, 0xfffffffe push 0x13 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca and eax, 0xfffffffd push eax push 0x14 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca add esp, 0x20 push 0 push 0x13 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca or eax, 1 push eax push 0x14 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca add esp, 0x20 push 0 push 0x13 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca or ah, 0x20 push eax push 0x14 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca add esp, 0x20 push 0 push 0x13 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca and eax, 0xfffffffe push eax push 0x14 push 0x4448080 push ebx -call fcn_0000415c ; call 0x415c +call fcn_000041ca ; call 0x41ca add esp, 0x20 -jmp short loc_00006361 ; jmp 0x6361 +jmp short loc_000063cf ; jmp 0x63cf -loc_000062e9: ; not directly referenced +loc_00006357: ; not directly referenced push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0xfffffffffffffffd add eax, 0x444 push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0xc push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ebx pop edx push 1 add eax, 0x444 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx pop ebx push 0x2000 add eax, 0x444 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0xfffffffffffffffe add eax, 0x444 push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_00006361: ; not directly referenced +loc_000063cf: ; not directly referenced movzx eax, byte [ebp - 0x19] push eax push esi push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00005ce2 ; call 0x5ce2 +call fcn_00005d50 ; call 0x5d50 add esp, 0x10 mov ebx, eax cmp edi, 0x40670 -jne short loc_000063a5 ; jne 0x63a5 +jne short loc_00006413 ; jne 0x6413 push edx movzx eax, byte [esi + 2] push eax @@ -10198,27 +10241,27 @@ movzx eax, byte [esi + 1] push eax movzx eax, byte [esi] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx pop esi push 0xffffffffffffffef add eax, 0xc24 push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_000063a5: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00006413: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000063bf ; je 0x63bf +je short loc_0000642d ; je 0x642d push eax push eax -push ref_000217a3 ; push 0x217a3 +push ref_00021833 ; push 0x21833 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000063bf: ; not directly referenced +loc_0000642d: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -10227,7 +10270,7 @@ pop edi pop ebp ret -fcn_000063c9: +fcn_00006437: push ebp mov ebp, esp push ebx @@ -10239,39 +10282,39 @@ movzx eax, byte [ebx + 1] push eax movzx eax, byte [ebx] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx pop edx push 0x20 add eax, 0xb0 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 push 0 push ebx push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00005ce2 ; call 0x5ce2 +call fcn_00005d50 ; call 0x5d50 add esp, 0x20 mov ebx, eax test eax, eax -jns short loc_00006426 ; jns 0x6426 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00006494 ; jns 0x6494 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006426 ; je 0x6426 +je short loc_00006494 ; je 0x6494 push eax push eax -push ref_000217c5 ; push 0x217c5 +push ref_00021855 ; push 0x21855 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006426: +loc_00006494: mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_0000642d: +fcn_0000649b: push ebp mov ebp, esp sub esp, 0xc @@ -10282,16 +10325,16 @@ movzx edx, byte [eax + 1] push edx movzx eax, byte [eax] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xb2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 leave shr ax, 4 and eax, 0x3f ret -fcn_0000645f: +fcn_000064cd: push ebp mov ebp, esp push edi @@ -10306,29 +10349,29 @@ movzx eax, byte [esi + 1] push eax movzx eax, byte [esi] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], esi mov edi, eax -call fcn_0000642d ; call 0x642d +call fcn_0000649b ; call 0x649b add esp, 0x10 mov dl, al cmp al, bl -jae loc_00006551 ; jae 0x6551 +jae loc_000065bf ; jae 0x65bf mov dword [ebp - 0x1c], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x1c] test al, al -je short loc_000064be ; je 0x64be +je short loc_0000652c ; je 0x652c movzx edx, dl movzx eax, bl push edx push eax -push ref_000217dd ; push 0x217dd +push ref_0002186d ; push 0x2186d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000064be: +loc_0000652c: movzx eax, bl push ecx push eax @@ -10337,12 +10380,12 @@ lea edx, [edi + 0x224] add edi, 0xb0 push edx mov dword [ebp - 0x1c], edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx push 0x10 push edi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov eax, dword [ebp + 0xc] add esp, 0xc push 1 @@ -10353,58 +10396,58 @@ pop ecx pop eax push 0xffef push edi -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 push 0 push esi push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00005ce2 ; call 0x5ce2 +call fcn_00005d50 ; call 0x5d50 mov edx, dword [ebp - 0x1c] add esp, 0x18 push 0x1f push edx mov edi, eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 test edi, edi -js short loc_00006576 ; js 0x6576 +js short loc_000065e4 ; js 0x65e4 sub esp, 0xc push esi -call fcn_0000642d ; call 0x642d +call fcn_0000649b ; call 0x649b add esp, 0x10 cmp al, bl -jne short loc_00006555 ; jne 0x6555 -call fcn_000153e9 ; call 0x153e9 +jne short loc_000065c3 ; jne 0x65c3 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006551 ; je 0x6551 +je short loc_000065bf ; je 0x65bf push edx push edx -push ref_00021801 ; push 0x21801 +push ref_00021891 ; push 0x21891 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006551: +loc_000065bf: xor ebx, ebx -jmp short loc_00006578 ; jmp 0x6578 +jmp short loc_000065e6 ; jmp 0x65e6 -loc_00006555: -call fcn_000153e9 ; call 0x153e9 +loc_000065c3: +call fcn_00015479 ; call 0x15479 mov ebx, 0x80000007 test al, al -je short loc_00006578 ; je 0x6578 +je short loc_000065e6 ; je 0x65e6 push eax push eax -push ref_0002181c ; push 0x2181c +push ref_000218ac ; push 0x218ac push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_00006578 ; jmp 0x6578 +jmp short loc_000065e6 ; jmp 0x65e6 -loc_00006576: +loc_000065e4: mov ebx, edi -loc_00006578: +loc_000065e6: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -10413,7 +10456,7 @@ pop edi pop ebp ret -fcn_00006582: +fcn_000065f0: push ebp mov ebp, esp sub esp, 0xc @@ -10424,15 +10467,15 @@ movzx edx, byte [eax + 1] push edx movzx eax, byte [eax] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xb2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 leave and eax, 0xf ret -fcn_000065b0: +fcn_0000661e: push ebp mov ebp, esp push edi @@ -10446,71 +10489,71 @@ mov edi, dword [ebp + 0x18] mov dword [ebp - 0x2c], eax mov eax, dword [ebp + 0x20] mov dword [ebp - 0x30], eax -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov dword [ebp - 0x1c], eax -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 mov dword [ebp - 0x20], eax test esi, esi -je short loc_000065f4 ; je 0x65f4 +je short loc_00006662 ; je 0x6662 cmp byte [ebx], 1 -jbe short loc_000065f0 ; jbe 0x65f0 +jbe short loc_0000665e ; jbe 0x665e mov eax, dword [ebx + 0xd] cmp byte [eax + 0x48], 0 -jne short loc_000065f4 ; jne 0x65f4 +jne short loc_00006662 ; jne 0x6662 -loc_000065f0: +loc_0000665e: mov byte [esi + 0x71], 1 -loc_000065f4: +loc_00006662: push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0x8000 add eax, 0xdd8 push eax mov dword [ebp - 0x24], eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push ebx push dword [ebp + 0x14] push dword [ebp + 8] -call fcn_00006058 ; call 0x6058 +call fcn_000060c6 ; call 0x60c6 add esp, 0x10 mov esi, eax test eax, eax -jns short loc_0000663f ; jns 0x663f -call fcn_000153e9 ; call 0x153e9 +jns short loc_000066ad ; jns 0x66ad +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006659 ; je 0x6659 +je short loc_000066c7 ; je 0x66c7 push eax push esi -push ref_00021834 ; push 0x21834 -jmp short loc_0000664f ; jmp 0x664f +push ref_000218c4 ; push 0x218c4 +jmp short loc_000066bd ; jmp 0x66bd -loc_0000663f: -call fcn_000153e9 ; call 0x153e9 +loc_000066ad: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006659 ; je 0x6659 +je short loc_000066c7 ; je 0x66c7 push eax push eax -push ref_00021841 ; push 0x21841 +push ref_000218d1 ; push 0x218d1 -loc_0000664f: +loc_000066bd: push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006659: +loc_000066c7: mov al, byte [edi] movzx ecx, byte [edi + 2] movzx edx, byte [edi + 1] mov byte [ebp - 0x25], al -loc_00006666: +loc_000066d4: push ebx movzx ebx, byte [ebp - 0x25] push ecx @@ -10518,71 +10561,71 @@ push edx push ebx mov dword [ebp - 0x38], ecx mov dword [ebp - 0x34], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xd2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, dword [ebp - 0x34] mov ecx, dword [ebp - 0x38] test al, 2 -je short loc_00006666 ; je 0x6666 +je short loc_000066d4 ; je 0x66d4 sub esp, 0xc push ecx push edx push ebx push dword [ebp + 0x14] push dword [ebp + 8] -call fcn_000024e1 ; call 0x24e1 +call fcn_0000254f ; call 0x254f add esp, 0x20 cmp dword [ebp - 0x20], 0 -je short loc_000066c8 ; je 0x66c8 +je short loc_00006736 ; je 0x6736 cmp dword [ebp - 0x1c], 0x40670 -jne short loc_000066c8 ; jne 0x66c8 +jne short loc_00006736 ; jne 0x6736 push ecx push ecx push 0xffff7fff push dword [ebp - 0x24] -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_000066c8: +loc_00006736: sub esp, 0xc push edi -call fcn_0000642d ; call 0x642d +call fcn_0000649b ; call 0x649b add esp, 0x10 cmp al, byte [ebp - 0x30] -jae short loc_000066fb ; jae 0x66fb -call fcn_000153e9 ; call 0x153e9 +jae short loc_00006769 ; jae 0x6769 +call fcn_00015479 ; call 0x15479 mov esi, 0x80000012 test al, al -je short loc_000066fb ; je 0x66fb +je short loc_00006769 ; je 0x6769 push edx push edx -push ref_0002184b ; push 0x2184b +push ref_000218db ; push 0x218db push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000066fb: +loc_00006769: sub esp, 0xc push edi -call fcn_00006582 ; call 0x6582 +call fcn_000065f0 ; call 0x65f0 add esp, 0x10 cmp al, byte [ebp - 0x2c] -jae short loc_0000672e ; jae 0x672e -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000679c ; jae 0x679c +call fcn_00015479 ; call 0x15479 mov esi, 0x80000012 test al, al -je short loc_0000672e ; je 0x672e +je short loc_0000679c ; je 0x679c push eax push eax -push ref_00021863 ; push 0x21863 +push ref_000218f3 ; push 0x218f3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000672e: +loc_0000679c: lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -10591,7 +10634,7 @@ pop edi pop ebp ret -fcn_00006738: +fcn_000067a6: push ebp mov ebp, esp push edi @@ -10604,41 +10647,41 @@ mov eax, dword [ebp + 0x10] mov edi, dword [ebp + 0xc] push esi mov dword [ebp - 0x1c], eax -call fcn_00006582 ; call 0x6582 +call fcn_000065f0 ; call 0x65f0 mov edx, edi add esp, 0x10 cmp dl, al -je short loc_0000677a ; je 0x677a -call fcn_000153e9 ; call 0x153e9 +je short loc_000067e8 ; je 0x67e8 +call fcn_00015479 ; call 0x15479 mov bl, 1 test al, al -je short loc_0000677a ; je 0x677a +je short loc_000067e8 ; je 0x67e8 push edx push edx -push ref_0002187b ; push 0x2187b +push ref_0002190b ; push 0x2190b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000677a: +loc_000067e8: sub esp, 0xc push esi -call fcn_0000642d ; call 0x642d +call fcn_0000649b ; call 0x649b add esp, 0x10 cmp byte [ebp - 0x1c], al -je short loc_000067a7 ; je 0x67a7 -call fcn_000153e9 ; call 0x153e9 +je short loc_00006815 ; je 0x6815 +call fcn_00015479 ; call 0x15479 mov bl, 1 test al, al -je short loc_000067a7 ; je 0x67a7 +je short loc_00006815 ; je 0x6815 push eax push eax -push ref_0002189a ; push 0x2189a +push ref_0002192a ; push 0x2192a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000067a7: +loc_00006815: lea esp, [ebp - 0xc] mov al, bl pop ebx @@ -10647,7 +10690,7 @@ pop edi pop ebp ret -fcn_000067b1: +fcn_0000681f: push ebp mov ebp, esp push edi @@ -10658,70 +10701,70 @@ sub esp, 0x28 mov edi, dword [ebp + 0x10] mov ebx, dword [ebp + 0x14] push edi -call fcn_00006582 ; call 0x6582 +call fcn_000065f0 ; call 0x65f0 add esp, 0x10 mov dl, al cmp al, bl -jae loc_00006859 ; jae 0x6859 +jae loc_000068c7 ; jae 0x68c7 mov dword [ebp - 0x1c], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x1c] test al, al -je short loc_000067fb ; je 0x67fb +je short loc_00006869 ; je 0x6869 movzx edx, dl movzx eax, bl push edx push eax -push ref_000218b9 ; push 0x218b9 +push ref_00021949 ; push 0x21949 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000067fb: +loc_00006869: push ecx push edi push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_000063c9 ; call 0x63c9 +call fcn_00006437 ; call 0x6437 add esp, 0x10 mov esi, eax test eax, eax -jns short loc_00006818 ; jns 0x6818 -call fcn_000153e9 ; call 0x153e9 -jmp short loc_00006832 ; jmp 0x6832 +jns short loc_00006886 ; jns 0x6886 +call fcn_00015479 ; call 0x15479 +jmp short loc_000068a0 ; jmp 0x68a0 -loc_00006818: +loc_00006886: sub esp, 0xc push edi -call fcn_00006582 ; call 0x6582 +call fcn_000065f0 ; call 0x65f0 add esp, 0x10 cmp al, bl -jae short loc_0000683f ; jae 0x683f -call fcn_000153e9 ; call 0x153e9 +jae short loc_000068ad ; jae 0x68ad +call fcn_00015479 ; call 0x15479 mov esi, 0x80000007 -loc_00006832: +loc_000068a0: test al, al -je short loc_00006859 ; je 0x6859 +je short loc_000068c7 ; je 0x68c7 push edx push edx -push ref_000218e3 ; push 0x218e3 -jmp short loc_0000684f ; jmp 0x684f +push ref_00021973 ; push 0x21973 +jmp short loc_000068bd ; jmp 0x68bd -loc_0000683f: -call fcn_000153e9 ; call 0x153e9 +loc_000068ad: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006859 ; je 0x6859 +je short loc_000068c7 ; je 0x68c7 push eax push eax -push ref_00021900 ; push 0x21900 +push ref_00021990 ; push 0x21990 -loc_0000684f: +loc_000068bd: push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006859: +loc_000068c7: lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -10730,7 +10773,7 @@ pop edi pop ebp ret -fcn_00006863: +fcn_000068d1: push ebp mov ebp, esp push edi @@ -10752,25 +10795,25 @@ push esi push ebx push edi mov dword [ebp - 0x20], eax -call fcn_0000645f ; call 0x645f +call fcn_000064cd ; call 0x64cd add esp, 0x10 test eax, eax movzx eax, byte [ebp - 0x1c] mov dword [ebp - 0x1c], eax -js short loc_000068b9 ; js 0x68b9 +js short loc_00006927 ; js 0x6927 -loc_000068a5: +loc_00006913: push dword [ebp - 0x1c] push esi push ebx push edi -call fcn_000067b1 ; call 0x67b1 +call fcn_0000681f ; call 0x681f add esp, 0x10 test eax, eax -jns short loc_000068f6 ; jns 0x68f6 -jmp short loc_000068da ; jmp 0x68da +jns short loc_00006964 ; jns 0x6964 +jmp short loc_00006948 ; jmp 0x6948 -loc_000068b9: +loc_00006927: push eax push dword [ebp - 0x20] push dword [ebp - 0x1c] @@ -10779,13 +10822,13 @@ push ebx push dword [ebp - 0x28] push dword [ebp - 0x24] push edi -call fcn_000065b0 ; call 0x65b0 +call fcn_0000661e ; call 0x661e add esp, 0x20 test eax, eax -jns short loc_000068a5 ; jns 0x68a5 -jmp near loc_0000695e ; jmp 0x695e +jns short loc_00006913 ; jns 0x6913 +jmp near loc_000069cc ; jmp 0x69cc -loc_000068da: +loc_00006948: push ecx push dword [ebp - 0x20] push dword [ebp - 0x1c] @@ -10794,39 +10837,39 @@ push ebx push dword [ebp - 0x28] push dword [ebp - 0x24] push edi -call fcn_000065b0 ; call 0x65b0 +call fcn_0000661e ; call 0x661e add esp, 0x20 test eax, eax -js short loc_0000695e ; js 0x695e +js short loc_000069cc ; js 0x69cc -loc_000068f6: +loc_00006964: push 0 push esi push ebx push edi -call fcn_00005ce2 ; call 0x5ce2 +call fcn_00005d50 ; call 0x5d50 add esp, 0x10 test eax, eax -jns short loc_0000695e ; jns 0x695e -call fcn_000153e9 ; call 0x153e9 +jns short loc_000069cc ; jns 0x69cc +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006921 ; je 0x6921 +je short loc_0000698f ; je 0x698f push edx push edx -push ref_00021920 ; push 0x21920 +push ref_000219b0 ; push 0x219b0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006921: +loc_0000698f: push eax push esi push ebx push edi -call fcn_000063c9 ; call 0x63c9 +call fcn_00006437 ; call 0x6437 add esp, 0x10 test eax, eax -jns short loc_0000695e ; jns 0x695e +jns short loc_000069cc ; jns 0x69cc mov eax, dword [ebp - 0x20] mov dword [ebp + 0x18], esi mov dword [ebp + 0x14], ebx @@ -10843,9 +10886,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_000065b0 ; jmp 0x65b0 +jmp near fcn_0000661e ; jmp 0x661e -loc_0000695e: +loc_000069cc: lea esp, [ebp - 0xc] pop ebx pop esi @@ -10853,7 +10896,7 @@ pop edi pop ebp ret -fcn_00006966: ; not directly referenced +fcn_000069d4: ; not directly referenced push ebp mov ebp, esp push ebx @@ -10862,34 +10905,34 @@ lea eax, [ebp - 0xc] push eax push 0 push 0 -push ref_0002908c ; push 0x2908c -call fcn_00019699 ; call 0x19699 +push ref_0002913c ; push 0x2913c +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000069c6 ; je 0x69c6 +je short loc_00006a34 ; je 0x6a34 test ebx, ebx -jns short loc_000069c6 ; jns 0x69c6 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00006a34 ; jns 0x6a34 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000069ae ; je 0x69ae +je short loc_00006a1c ; je 0x6a1c push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000069ae: ; not directly referenced +loc_00006a1c: ; not directly referenced push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x2de -push ref_0002193e ; push 0x2193e -call fcn_000153fc ; call 0x153fc +push ref_000219ce ; push 0x219ce +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000069c6: ; not directly referenced +loc_00006a34: ; not directly referenced mov eax, dword [ebp - 0xc] push edx push edx @@ -10901,58 +10944,58 @@ mov ebx, dword [ebp - 4] leave ret -fcn_000069d8: +fcn_00006a46: push ebp mov eax, 1 mov ebp, esp mov edx, dword [ebp + 8] cmp byte [edx], 2 -jbe short loc_000069fa ; jbe 0x69fa +jbe short loc_00006a68 ; jbe 0x6a68 mov eax, dword [edx + 0xd] mov edx, 1 mov ax, word [eax + 0x50] test ax, ax cmove eax, edx -loc_000069fa: +loc_00006a68: pop ebp ret -fcn_000069fc: +fcn_00006a6a: push ebp mov eax, 2 mov ebp, esp mov edx, dword [ebp + 8] cmp byte [edx], 0x12 -jbe short loc_00006a1e ; jbe 0x6a1e +jbe short loc_00006a8c ; jbe 0x6a8c mov eax, dword [edx + 0xd] mov edx, 2 mov ax, word [eax + 0x67] test ax, ax cmove eax, edx -loc_00006a1e: +loc_00006a8c: pop ebp ret -fcn_00006a20: +fcn_00006a8e: push ebp mov eax, 0x2710 mov ebp, esp mov edx, dword [ebp + 8] cmp byte [edx], 0x12 -jbe short loc_00006a42 ; jbe 0x6a42 +jbe short loc_00006ab0 ; jbe 0x6ab0 mov eax, dword [edx + 0xd] mov edx, 0x2710 mov ax, word [eax + 0x65] test ax, ax cmove eax, edx -loc_00006a42: +loc_00006ab0: pop ebp ret -fcn_00006a44: +fcn_00006ab2: push ebp mov ebp, esp push edi @@ -10962,15 +11005,15 @@ sub esp, 0x30 push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 0x504] add esi, 0xd0c mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], esi mov ebx, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc push 0 push 0 @@ -10979,47 +11022,47 @@ shr ebx, 0x10 shr eax, 0x14 and eax, 1 mov byte [ebp - 0x2b], al -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov dword [ebp - 0x34], eax and ebx, 3 -je short loc_00006ab1 ; je 0x6ab1 +je short loc_00006b1f ; je 0x6b1f cmp ebx, 2 -jne short loc_00006ac4 ; jne 0x6ac4 +jne short loc_00006b32 ; jne 0x6b32 mov byte [ebp - 0x1e], 8 mov esi, 2 mov byte [ebp - 0x1d], 8 -jmp short loc_00006acd ; jmp 0x6acd +jmp short loc_00006b3b ; jmp 0x6b3b -loc_00006ab1: +loc_00006b1f: mov byte [ebp - 0x1e], 8 mov esi, 3 mov byte [ebp - 0x1d], 4 mov byte [ebp - 0x1c], 4 -jmp short loc_00006acd ; jmp 0x6acd +jmp short loc_00006b3b ; jmp 0x6b3b -loc_00006ac4: +loc_00006b32: mov byte [ebp - 0x1e], 0x10 mov esi, 1 -loc_00006acd: +loc_00006b3b: mov eax, dword [ebp + 0xc] xor ebx, ebx mov byte [eax], 0 -loc_00006ad5: +loc_00006b43: cmp byte [ebp + ebx - 0x1e], 0 -je short loc_00006b08 ; je 0x6b08 +je short loc_00006b76 ; je 0x6b76 push eax push ebx push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_00006b08 ; je 0x6b08 +je short loc_00006b76 ; je 0x6b76 mov eax, dword [ebp + 0xc] mov dl, byte [eax] movzx eax, dl @@ -11028,29 +11071,29 @@ mov byte [ebp + eax - 0x1b], bl mov eax, dword [ebp + 0xc] mov byte [eax], dl -loc_00006b08: +loc_00006b76: inc ebx mov eax, esi cmp al, bl -ja short loc_00006ad5 ; ja 0x6ad5 +ja short loc_00006b43 ; ja 0x6b43 mov eax, dword [ebp + 0xc] cmp byte [eax], 3 -jbe short loc_00006b3c ; jbe 0x6b3c -call fcn_000153e9 ; call 0x153e9 +jbe short loc_00006baa ; jbe 0x6baa +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006b36 ; je 0x6b36 +je short loc_00006ba4 ; je 0x6ba4 push eax push dword [ebp + 0xc] -push ref_0002197c ; push 0x2197c +push ref_00021a0c ; push 0x21a0c push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006b36: +loc_00006ba4: mov eax, dword [ebp + 0xc] mov byte [eax], 3 -loc_00006b3c: +loc_00006baa: mov eax, dword [ebp + 0x10] mov byte [ebp - 0x2a], 0 mov byte [eax], 0 @@ -11062,11 +11105,11 @@ and byte [ebp - 0x29], 0xf add eax, 0xc mov dword [ebp - 0x38], eax -loc_00006b5b: +loc_00006bc9: mov edi, dword [ebp + 0xc] mov al, byte [ebp - 0x2a] cmp al, byte [edi] -jae loc_00006dde ; jae 0x6dde +jae loc_00006e4c ; jae 0x6e4c movzx ebx, byte [ebp - 0x2a] movzx eax, byte [ebp + ebx - 0x1b] shl ebx, 5 @@ -11084,119 +11127,119 @@ push eax push edi push 1 push 0 -call fcn_000023ad ; call 0x23ad +call fcn_0000241b ; call 0x241b mov dword [esp], ebx -call fcn_0000642d ; call 0x642d +call fcn_0000649b ; call 0x649b add esp, 0x10 xor edx, edx xor ecx, ecx mov byte [ebp - 0x2c], al mov byte [ebx + 0x1c], al -loc_00006bb7: +loc_00006c25: mov byte [ebp - 0x30], dl cmp dl, byte [ebp - 0x2c] -jae short loc_00006bf6 ; jae 0x6bf6 +jae short loc_00006c64 ; jae 0x6c64 mov eax, dword [ebp + 0x10] cmp byte [eax], 0 -je short loc_00006bd2 ; je 0x6bd2 +je short loc_00006c40 ; je 0x6c40 cmp byte [ebp - 0x30], 1 -ja short loc_00006bd2 ; ja 0x6bd2 +ja short loc_00006c40 ; ja 0x6c40 dec byte [ebx + 0x1c] -jmp short loc_00006bf3 ; jmp 0x6bf3 +jmp short loc_00006c61 ; jmp 0x6c61 -loc_00006bd2: +loc_00006c40: cmp cl, 0xf -ja short loc_00006bf2 ; ja 0x6bf2 +ja short loc_00006c60 ; ja 0x6c60 cmp byte [ebp - 0x2b], 0 movzx esi, cl -jne short loc_00006be8 ; jne 0x6be8 +jne short loc_00006c56 ; jne 0x6c56 mov al, byte [ebp - 0x30] add al, byte [ebp - 0x29] -jmp short loc_00006bee ; jmp 0x6bee +jmp short loc_00006c5c ; jmp 0x6c5c -loc_00006be8: +loc_00006c56: mov al, byte [ebp - 0x29] sub eax, dword [ebp - 0x30] -loc_00006bee: +loc_00006c5c: mov byte [ebx + esi + 0xc], al -loc_00006bf2: +loc_00006c60: inc ecx -loc_00006bf3: +loc_00006c61: inc edx -jmp short loc_00006bb7 ; jmp 0x6bb7 +jmp short loc_00006c25 ; jmp 0x6c25 -loc_00006bf6: +loc_00006c64: cmp byte [ebx + 0x1c], 0x10 -jbe short loc_00006c21 ; jbe 0x6c21 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_00006c8f ; jbe 0x6c8f +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006c1d ; je 0x6c1d +je short loc_00006c8b ; je 0x6c8b push eax movzx eax, byte [ebx + 0x1c] push eax -push ref_000219c3 ; push 0x219c3 +push ref_00021a53 ; push 0x21a53 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006c1d: +loc_00006c8b: mov byte [ebx + 0x1c], 0x10 -loc_00006c21: +loc_00006c8f: push eax push edi push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 0xac] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, eax and edx, 0xf cmp edx, 3 mov dword [ebp - 0x30], edx -je short loc_00006c79 ; je 0x6c79 -call fcn_000153e9 ; call 0x153e9 +je short loc_00006ce7 ; je 0x6ce7 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x30] test al, al -je short loc_00006c70 ; je 0x6c70 +je short loc_00006cde ; je 0x6cde push edx push edi push 1 push 0 push edi push 1 -push ref_000219f9 ; push 0x219f9 +push ref_00021a89 ; push 0x21a89 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00006c70: +loc_00006cde: mov byte [ebx + 0xb], 0 -jmp near loc_00006dbe ; jmp 0x6dbe +jmp near loc_00006e2c ; jmp 0x6e2c -loc_00006c79: -call fcn_000153e9 ; call 0x153e9 +loc_00006ce7: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006c9a ; je 0x6c9a +je short loc_00006d08 ; je 0x6d08 push eax push edi push 1 push 0 push edi push 1 -push ref_00021a44 ; push 0x21a44 +push ref_00021ad4 ; push 0x21ad4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00006c9a: +loc_00006d08: push ecx push 0x10100 push 0xff0000ff @@ -11204,72 +11247,72 @@ lea eax, [esi + 0x18] add esi, 0x11a push eax mov dword [ebp - 0x30], eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx push 0 push dword [ebp - 0x34] -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop ecx push dword [ebp - 0x34] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebx + 7], eax mov dword [esp], esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -je short loc_00006d17 ; je 0x6d17 +je short loc_00006d85 ; je 0x6d85 mov byte [ebx + 0xb], 0 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006d04 ; je 0x6d04 +je short loc_00006d72 ; je 0x6d72 push 3 push edi push 1 push 0 push edi push 1 -push ref_00021a76 ; push 0x21a76 +push ref_00021b06 ; push 0x21b06 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00006d04: +loc_00006d72: push edx push edi push 1 push 0 -call fcn_000023ad ; call 0x23ad +call fcn_0000241b ; call 0x241b add esp, 0x10 -jmp near loc_00006dac ; jmp 0x6dac +jmp near loc_00006e1a ; jmp 0x6e1a -loc_00006d17: +loc_00006d85: push 0x10 push 0 push 0 push 1 -call fcn_000027f4 ; call 0x27f4 +call fcn_00002862 ; call 0x2862 add esp, 0x10 test eax, eax -jne short loc_00006d49 ; jne 0x6d49 +jne short loc_00006db7 ; jne 0x6db7 mov byte [ebx + 0xb], 0 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006dac ; je 0x6dac +je short loc_00006e1a ; je 0x6e1a push 3 push edi push 1 push 0 push edi push 1 -push ref_00021abc ; push 0x21abc -jmp short loc_00006da2 ; jmp 0x6da2 +push ref_00021b4c ; push 0x21b4c +jmp short loc_00006e10 ; jmp 0x6e10 -loc_00006d49: +loc_00006db7: add eax, dword [ebp - 0x38] sub esp, 0xc push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dl, al and eax, 0xf @@ -11277,47 +11320,47 @@ and edx, 0xf mov esi, eax mov byte [ebx + 6], dl cmp eax, 2 -ja short loc_00006d87 ; ja 0x6d87 +ja short loc_00006df5 ; ja 0x6df5 mov byte [ebx + 0xb], 0 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006dac ; je 0x6dac +je short loc_00006e1a ; je 0x6e1a push esi push edi push 1 push 0 push edi push 1 -push ref_00021b0b ; push 0x21b0b -jmp short loc_00006da2 ; jmp 0x6da2 +push ref_00021b9b ; push 0x21b9b +jmp short loc_00006e10 ; jmp 0x6e10 -loc_00006d87: +loc_00006df5: mov byte [ebx + 0xb], 1 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006dac ; je 0x6dac +je short loc_00006e1a ; je 0x6e1a push esi push edi push 1 push 0 push edi push 1 -push ref_00021b55 ; push 0x21b55 +push ref_00021be5 ; push 0x21be5 -loc_00006da2: +loc_00006e10: push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00006dac: +loc_00006e1a: push eax push eax push 0xff0000ff push dword [ebp - 0x30] -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_00006dbe: +loc_00006e2c: mov al, byte [ebp + edi - 0x1e] mov cl, byte [ebp - 0x29] lea edx, [ecx + eax] @@ -11327,9 +11370,9 @@ mov al, cl cmovne edx, eax mov byte [ebp - 0x29], dl inc byte [ebp - 0x2a] -jmp near loc_00006b5b ; jmp 0x6b5b +jmp near loc_00006bc9 ; jmp 0x6bc9 -loc_00006dde: +loc_00006e4c: lea esp, [ebp - 0xc] pop ebx pop esi @@ -11337,21 +11380,21 @@ pop edi pop ebp ret -fcn_00006de6: +fcn_00006e54: push ebp mov ebp, esp mov edx, dword [ebp + 8] cmp byte [ebp + 0xc], 0 mov al, dl -je short loc_00006df8 ; je 0x6df8 +je short loc_00006e66 ; je 0x6e66 mov al, 0xf sub eax, edx -loc_00006df8: +loc_00006e66: pop ebp ret -fcn_00006dfa: +fcn_00006e68: push ebp mov ebp, esp sub esp, 0xc @@ -11366,12 +11409,12 @@ pop edx movzx eax, byte [eax + 2] push eax push dword [ebp + 0x18] -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 sub eax, dword [ebp + 0x20] leave ret -fcn_00006e24: +fcn_00006e92: push ebp mov ebp, esp push edi @@ -11385,15 +11428,15 @@ mov bl, byte [ebp + 0x30] mov byte [ebp - 0x53], al mov al, byte [ebp + 0x2c] mov byte [ebp - 0x52], al -call fcn_000069fc ; call 0x69fc +call fcn_00006a6a ; call 0x6a6a push esi push esi push 1 mov esi, eax -call fcn_0000961e ; call 0x961e +call fcn_0000968c ; call 0x968c add esp, 0x10 test eax, eax -js loc_00007085 ; js 0x7085 +js loc_000070f3 ; js 0x70f3 mov eax, dword [ebp + 0x20] mov dword [ebp - 0x4c], eax movzx eax, si @@ -11401,11 +11444,11 @@ mov dword [ebp - 0x58], eax movzx eax, bl mov dword [ebp - 0x50], eax -loc_00006e6f: +loc_00006edd: mov al, byte [ebp - 0x4c] sub eax, dword [ebp + 0x20] cmp al, byte [ebp - 0x53] -jae loc_00007078 ; jae 0x7078 +jae loc_000070e6 ; jae 0x70e6 push ecx push ecx lea eax, [ebp - 0x39] @@ -11413,7 +11456,7 @@ push eax mov eax, dword [ebp - 0x4c] movzx ebx, byte [eax] push ebx -call fcn_000098fd ; call 0x98fd +call fcn_0000996b ; call 0x996b mov eax, dword [ebp + 0x34] add esp, 0x10 mov byte [ebp - 0x51], 0 @@ -11421,50 +11464,50 @@ lea eax, [eax + ebx*4] xor ebx, ebx mov dword [ebp - 0x60], eax -loc_00006ea2: +loc_00006f10: test bl, bl -jne loc_00007070 ; jne 0x7070 +jne loc_000070de ; jne 0x70de cmp byte [ebp - 0x51], 2 -ja loc_00007070 ; ja 0x7070 +ja loc_000070de ; ja 0x70de push eax push eax movzx eax, byte [edi + 2] push eax push dword [ebp + 0x1c] -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 mov esi, eax pop eax pop edx lea eax, [ebp - 0x39] push eax push 5 -call fcn_000099b5 ; call 0x99b5 +call fcn_00009a23 ; call 0x9a23 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00006f19 ; je 0x6f19 +je short loc_00006f87 ; je 0x6f87 test ebx, ebx -jns short loc_00006f19 ; jns 0x6f19 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00006f87 ; jns 0x6f87 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006f01 ; je 0x6f01 +je short loc_00006f6f ; je 0x6f6f push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006f01: +loc_00006f6f: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x350 -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00006f19: +loc_00006f87: push ebx push esi push edi @@ -11473,64 +11516,64 @@ push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006dfa ; call 0x6dfa +call fcn_00006e68 ; call 0x6e68 add esp, 0x20 cmp eax, dword [ebp - 0x58] -jb short loc_00006f3f ; jb 0x6f3f +jb short loc_00006fad ; jb 0x6fad -loc_00006f38: +loc_00006fa6: xor ebx, ebx -jmp near loc_00007001 ; jmp 0x7001 +jmp near loc_0000706f ; jmp 0x706f -loc_00006f3f: +loc_00006fad: movzx ebx, byte [ebp - 0x52] push ecx push dword [ebp - 0x50] push ebx push edi -call fcn_00006738 ; call 0x6738 +call fcn_000067a6 ; call 0x67a6 add esp, 0x10 test al, al -jne short loc_00006f38 ; jne 0x6f38 +jne short loc_00006fa6 ; jne 0x6fa6 push eax push eax movzx eax, byte [edi + 2] push eax push dword [ebp + 0x1c] -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 mov dword [ebp - 0x5c], eax pop eax pop edx lea eax, [ebp - 0x39] push eax push 0xfffffffffffffffa -call fcn_000099b5 ; call 0x99b5 +call fcn_00009a23 ; call 0x9a23 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00006fbb ; je 0x6fbb +je short loc_00007029 ; je 0x7029 test esi, esi -jns short loc_00006fbb ; jns 0x6fbb -call fcn_000153e9 ; call 0x153e9 +jns short loc_00007029 ; jns 0x7029 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00006fa3 ; je 0x6fa3 +je short loc_00007011 ; je 0x7011 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00006fa3: +loc_00007011: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x35f -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00006fbb: +loc_00007029: push esi push dword [ebp - 0x5c] push edi @@ -11539,33 +11582,33 @@ push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006dfa ; call 0x6dfa +call fcn_00006e68 ; call 0x6e68 add esp, 0x20 cmp eax, dword [ebp - 0x58] -jae loc_00006f38 ; jae 0x6f38 +jae loc_00006fa6 ; jae 0x6fa6 push ecx push dword [ebp - 0x50] push ebx push edi -call fcn_00006738 ; call 0x6738 +call fcn_000067a6 ; call 0x67a6 add esp, 0x10 test al, al -jne loc_00006f38 ; jne 0x6f38 +jne loc_00006fa6 ; jne 0x6fa6 mov eax, dword [ebp - 0x60] mov bl, 1 mov dword [eax], 0xbb8 -loc_00007001: +loc_0000706f: sub esp, 0xc lea eax, [ebp - 0x39] push eax -call fcn_00009992 ; call 0x9992 +call fcn_00009a00 ; call 0x9a00 movzx eax, byte [ebp - 0x52] add esp, 0x10 mov byte [ebp - 0x5c], 3 mov dword [ebp - 0x64], eax -loc_0000701b: +loc_00007089: push edx push dword [ebp - 0x50] push dword [ebp - 0x64] @@ -11574,11 +11617,11 @@ push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006863 ; call 0x6863 +call fcn_000068d1 ; call 0x68d1 add esp, 0x20 mov esi, eax test eax, eax -jns short loc_00007068 ; jns 0x7068 +jns short loc_000070d6 ; jns 0x70d6 push eax mov eax, dword [ebp + 0x14] push 0x2710 @@ -11587,29 +11630,29 @@ push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 dec byte [ebp - 0x5c] -jne short loc_0000701b ; jne 0x701b +jne short loc_00007089 ; jne 0x7089 sub esp, 0xc push 0 -call fcn_0000961e ; call 0x961e +call fcn_0000968c ; call 0x968c add esp, 0x10 mov eax, esi -jmp short loc_00007085 ; jmp 0x7085 +jmp short loc_000070f3 ; jmp 0x70f3 -loc_00007068: +loc_000070d6: inc byte [ebp - 0x51] -jmp near loc_00006ea2 ; jmp 0x6ea2 +jmp near loc_00006f10 ; jmp 0x6f10 -loc_00007070: +loc_000070de: inc dword [ebp - 0x4c] -jmp near loc_00006e6f ; jmp 0x6e6f +jmp near loc_00006edd ; jmp 0x6edd -loc_00007078: +loc_000070e6: sub esp, 0xc push 0 -call fcn_0000961e ; call 0x961e +call fcn_0000968c ; call 0x968c add esp, 0x10 -loc_00007085: +loc_000070f3: lea esp, [ebp - 0xc] pop ebx pop esi @@ -11617,7 +11660,7 @@ pop edi pop ebp ret -fcn_0000708d: ; not directly referenced +fcn_000070fb: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 8] @@ -11633,7 +11676,7 @@ pop ebx pop ebp ret -fcn_000070a7: +fcn_00007115: push ebp xor eax, eax mov ebp, esp @@ -11641,21 +11684,21 @@ mov ecx, dword [ebp + 8] push esi push ebx test ecx, ecx -je short loc_000070f0 ; je 0x70f0 +je short loc_0000715e ; je 0x715e xor ebx, ebx mov esi, 0xa9e -loc_000070bc: +loc_0000712a: cmp ecx, 0x10f -jbe short loc_000070d5 ; jbe 0x70d5 +jbe short loc_00007143 ; jbe 0x7143 imul eax, ecx, 0x3e8 xor edx, edx add ebx, 0x64 div esi mov ecx, eax -jmp short loc_000070bc ; jmp 0x70bc +jmp short loc_0000712a ; jmp 0x712a -loc_000070d5: +loc_00007143: imul eax, ecx, 0xfffffff0 xor edx, edx add eax, 0x2d3a @@ -11665,13 +11708,13 @@ sub eax, 0xeefac div ecx add eax, ebx -loc_000070f0: +loc_0000715e: pop ebx pop esi pop ebp ret -fcn_000070f4: +fcn_00007162: push ebp mov ebp, esp push edi @@ -11686,31 +11729,31 @@ cmp eax, 0x9c40 cmova eax, ebx imul eax, eax, 0x64 push eax -call fcn_000070a7 ; call 0x70a7 +call fcn_00007115 ; call 0x7115 cmp esi, 0x9c40 cmova esi, ebx imul esi, esi, 0x64 mov dword [ebp - 0x10], eax mov dword [esp], esi -call fcn_000070a7 ; call 0x70a7 +call fcn_00007115 ; call 0x7115 cmp dword [ebp + 0x10], 0x9c40 cmovbe ebx, dword [ebp + 0x10] imul ebx, ebx, 0x64 mov esi, eax mov dword [esp], ebx -call fcn_000070a7 ; call 0x70a7 +call fcn_00007115 ; call 0x7115 test edi, edi pop edx mov edx, dword [ebp - 0x10] mov ebx, eax -js short loc_00007178 ; js 0x7178 +js short loc_000071e6 ; js 0x71e6 cmp esi, eax lea ecx, [edi - 1] -jne short loc_0000715f ; jne 0x715f +jne short loc_000071cd ; jne 0x71cd imul eax, ecx, 0x64 -jmp short loc_0000716f ; jmp 0x716f +jmp short loc_000071dd ; jmp 0x71dd -loc_0000715f: +loc_000071cd: sub edx, eax sub esi, ebx imul eax, edx, 0x64 @@ -11719,20 +11762,20 @@ imul ecx, ecx, 0x64 div esi add eax, ecx -loc_0000716f: +loc_000071dd: xor ecx, ecx test eax, eax cmovns ecx, eax -jmp short loc_0000719e ; jmp 0x719e +jmp short loc_0000720c ; jmp 0x720c -loc_00007178: +loc_000071e6: cmp esi, eax lea ecx, [edi + 1] -jne short loc_00007184 ; jne 0x7184 +jne short loc_000071f2 ; jne 0x71f2 imul ecx, ecx, 0x64 -jmp short loc_0000719e ; jmp 0x719e +jmp short loc_0000720c ; jmp 0x720c -loc_00007184: +loc_000071f2: sub edx, eax sub esi, ebx imul eax, edx, 0x64 @@ -11744,7 +11787,7 @@ mov eax, 0 test ecx, ecx cmovg ecx, eax -loc_0000719e: +loc_0000720c: lea esp, [ebp - 0xc] mov eax, ecx pop ebx @@ -11753,7 +11796,7 @@ pop edi pop ebp ret -fcn_000071a8: +fcn_00007216: push ebp mov ebp, esp push edi @@ -11768,7 +11811,7 @@ mov al, byte [ebp + 0x2c] mov byte [ebp - 0x2c], al mov al, byte [ebp + 0x34] mov byte [ebp - 0x41], al -call fcn_000069d8 ; call 0x69d8 +call fcn_00006a46 ; call 0x6a46 mov ecx, dword [ebp + 0x20] pop edi mov dword [ebp - 0x40], ebx @@ -11776,36 +11819,36 @@ mov dword [ebp - 0x38], ecx movzx eax, ax mov dword [ebp - 0x34], eax -loc_000071df: +loc_0000724d: mov bl, byte [ebp - 0x38] sub ebx, dword [ebp + 0x20] cmp bl, byte [ebp - 0x42] -jae loc_00007626 ; jae 0x7626 +jae loc_00007694 ; jae 0x7694 mov eax, dword [ebp - 0x38] mov ecx, dword [ebp + 0x38] cmp byte [ebp - 0x41], 0 movzx eax, byte [eax] mov byte [ebp - 0x19], al mov dword [ecx + eax*4], 0 -je short loc_00007229 ; je 0x7229 +je short loc_00007297 ; je 0x7297 mov esi, dword [ebp + 0xc] push edx push edx mov edx, dword [esi + 1] push dword [edx + 4] push eax -call fcn_00009516 ; call 0x9516 +call fcn_00009584 ; call 0x9584 movzx eax, byte [ebp - 0x19] pop ecx pop esi push 1 push eax -call fcn_000094b3 ; call 0x94b3 +call fcn_00009521 ; call 0x9521 add esp, 0x10 -loc_00007229: +loc_00007297: test bl, bl -je short loc_0000724a ; je 0x724a +je short loc_000072b8 ; je 0x72b8 mov eax, dword [ebp - 0x38] xor esi, esi mov ecx, dword [ebp + 0x38] @@ -11816,22 +11859,22 @@ cdq idiv ecx dec eax cmovns esi, eax -jmp short loc_0000724c ; jmp 0x724c +jmp short loc_000072ba ; jmp 0x72ba -loc_0000724a: +loc_000072b8: xor esi, esi -loc_0000724c: +loc_000072ba: mov byte [ebp - 0x2b], 0 mov byte [ebp - 0x29], 1 mov dword [ebp - 0x3c], 0xffffffff mov byte [ebp - 0x2a], 0 -loc_0000725f: +loc_000072cd: cmp byte [ebp - 0x2b], 0x1d -ja loc_000075b2 ; ja 0x75b2 +ja loc_00007620 ; ja 0x7620 cmp byte [ebp - 0x2a], 1 -ja loc_000075b2 ; ja 0x75b2 +ja loc_00007620 ; ja 0x7620 push eax push eax mov eax, dword [ebp + 0x28] @@ -11839,7 +11882,7 @@ inc byte [ebp - 0x2b] movzx eax, byte [eax + 2] push eax push dword [ebp + 0x1c] -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 add esp, 0xc mov edi, eax mov eax, esi @@ -11848,33 +11891,33 @@ push eax push 1 lea eax, [ebp - 0x19] push eax -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000072e5 ; je 0x72e5 +je short loc_00007353 ; je 0x7353 test ebx, ebx -jns short loc_000072e5 ; jns 0x72e5 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00007353 ; jns 0x7353 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000072cd ; je 0x72cd +je short loc_0000733b ; je 0x733b push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000072cd: +loc_0000733b: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x1f0 -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000072e5: +loc_00007353: push eax push edi push dword [ebp + 0x28] @@ -11883,75 +11926,75 @@ push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006dfa ; call 0x6dfa +call fcn_00006e68 ; call 0x6e68 add esp, 0x20 mov edi, eax cmp eax, dword [ebp - 0x34] -jb short loc_0000731e ; jb 0x731e +jb short loc_0000738c ; jb 0x738c test esi, esi -jne short loc_00007324 ; jne 0x7324 +jne short loc_00007392 ; jne 0x7392 movzx eax, byte [ebp - 0x19] mov bl, 1 mov ecx, dword [ebp + 0x38] mov dword [ecx + eax*4], 0 -jmp short loc_0000732a ; jmp 0x732a +jmp short loc_00007398 ; jmp 0x7398 -loc_0000731e: +loc_0000738c: mov byte [ebp - 0x29], 1 -jmp short loc_00007328 ; jmp 0x7328 +jmp short loc_00007396 ; jmp 0x7396 -loc_00007324: +loc_00007392: mov byte [ebp - 0x29], 0xff -loc_00007328: +loc_00007396: xor ebx, ebx -loc_0000732a: +loc_00007398: mov al, byte [ebp - 0x29] add eax, esi mov byte [ebp - 0x30], al movzx eax, byte [ebp - 0x2c] mov dword [ebp - 0x4c], eax -loc_00007339: +loc_000073a7: test bl, 1 -jne loc_0000748e ; jne 0x748e +jne loc_000074fc ; jne 0x74fc cmp byte [ebp - 0x30], 0x18 -ja loc_0000748e ; ja 0x748e +ja loc_000074fc ; ja 0x74fc push ebx push dword [ebp - 0x40] push dword [ebp - 0x4c] push dword [ebp + 0x28] -call fcn_00006738 ; call 0x6738 +call fcn_000067a6 ; call 0x67a6 add esp, 0x10 mov bl, al test al, al -je short loc_0000739a ; je 0x739a +je short loc_00007408 ; je 0x7408 cmp byte [ebp - 0x29], 0xff -je loc_000074ad ; je 0x74ad +je loc_0000751b ; je 0x751b cmp byte [ebp - 0x30], 0 movzx eax, byte [ebp - 0x19] -jne short loc_00007387 ; jne 0x7387 +jne short loc_000073f5 ; jne 0x73f5 mov esi, dword [ebp + 0x38] mov dword [esi + eax*4], 0 -jmp near loc_000074bc ; jmp 0x74bc +jmp near loc_0000752a ; jmp 0x752a -loc_00007387: +loc_000073f5: movsx edx, byte [ebp - 0x30] mov esi, dword [ebp + 0x38] dec edx imul edx, edx, 0x64 mov dword [esi + eax*4], edx -jmp near loc_000074bc ; jmp 0x74bc +jmp near loc_0000752a ; jmp 0x752a -loc_0000739a: +loc_00007408: mov eax, dword [ebp + 0x28] push ecx push ecx movzx eax, byte [eax + 2] push eax push dword [ebp + 0x1c] -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 add esp, 0xc mov dword [ebp - 0x48], eax movzx eax, byte [ebp - 0x30] @@ -11959,33 +12002,33 @@ push eax push 1 lea eax, [ebp - 0x19] push eax -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00007409 ; je 0x7409 +je short loc_00007477 ; je 0x7477 test esi, esi -jns short loc_00007409 ; jns 0x7409 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00007477 ; jns 0x7477 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000073f1 ; je 0x73f1 +je short loc_0000745f ; je 0x745f push edx push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000073f1: +loc_0000745f: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x21b -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00007409: +loc_00007477: push eax push dword [ebp - 0x48] push dword [ebp + 0x28] @@ -11994,13 +12037,13 @@ push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006dfa ; call 0x6dfa +call fcn_00006e68 ; call 0x6e68 add esp, 0x20 cmp byte [ebp - 0x29], 0xff mov esi, eax -jne short loc_00007454 ; jne 0x7454 +jne short loc_000074c2 ; jne 0x74c2 cmp eax, dword [ebp - 0x34] -jae short loc_00007481 ; jae 0x7481 +jae short loc_000074ef ; jae 0x74ef movzx eax, byte [ebp - 0x19] mov ecx, dword [ebp + 0x38] lea ebx, [ecx + eax*4] @@ -12009,14 +12052,14 @@ push eax push esi push edi push dword [ebp - 0x34] -call fcn_000070f4 ; call 0x70f4 +call fcn_00007162 ; call 0x7162 add esp, 0x10 mov dword [ebx], eax -jmp short loc_000074d3 ; jmp 0x74d3 +jmp short loc_00007541 ; jmp 0x7541 -loc_00007454: +loc_000074c2: cmp eax, dword [ebp - 0x34] -jb short loc_00007481 ; jb 0x7481 +jb short loc_000074ef ; jb 0x74ef movzx eax, byte [ebp - 0x19] mov edx, dword [ebp + 0x38] lea edx, [edx + eax*4] @@ -12027,45 +12070,45 @@ push edi mov edi, esi push esi push dword [ebp - 0x34] -call fcn_000070f4 ; call 0x70f4 +call fcn_00007162 ; call 0x7162 mov edx, dword [ebp - 0x48] add esp, 0x10 mov dword [edx], eax -jmp short loc_000074bc ; jmp 0x74bc +jmp short loc_0000752a ; jmp 0x752a -loc_00007481: +loc_000074ef: mov al, byte [ebp - 0x29] mov edi, esi add byte [ebp - 0x30], al -jmp near loc_00007339 ; jmp 0x7339 +jmp near loc_000073a7 ; jmp 0x73a7 -loc_0000748e: +loc_000074fc: cmp byte [ebp - 0x29], 0xff -jne short loc_000074bc ; jne 0x74bc +jne short loc_0000752a ; jne 0x752a cmp edi, dword [ebp - 0x34] -jb short loc_000074d3 ; jb 0x74d3 +jb short loc_00007541 ; jb 0x7541 test bl, bl -jne short loc_000074d3 ; jne 0x74d3 +jne short loc_00007541 ; jne 0x7541 movzx eax, byte [ebp - 0x19] mov esi, dword [ebp + 0x38] mov dword [esi + eax*4], 0 -jmp short loc_000074d3 ; jmp 0x74d3 +jmp short loc_00007541 ; jmp 0x7541 -loc_000074ad: +loc_0000751b: mov byte [ebp - 0x29], 1 mov dword [ebp - 0x3c], 0xffffffff mov byte [ebp - 0x2a], 0 -loc_000074bc: +loc_0000752a: cmp edi, dword [ebp - 0x34] -jae short loc_000074d3 ; jae 0x74d3 +jae short loc_00007541 ; jae 0x7541 test bl, bl -jne short loc_000074d3 ; jne 0x74d3 +jne short loc_00007541 ; jne 0x7541 movzx eax, byte [ebp - 0x19] mov ecx, dword [ebp + 0x38] mov dword [ecx + eax*4], 0x9c4 -loc_000074d3: +loc_00007541: movzx eax, byte [ebp - 0x19] mov ecx, 0x64 xor esi, esi @@ -12079,7 +12122,7 @@ mov dword [ebp - 0x30], edi dec eax cmovns esi, eax cmp ecx, 0xffffffff -je short loc_00007516 ; je 0x7516 +je short loc_00007584 ; je 0x7584 mov edx, ecx mov eax, edi sub eax, ecx @@ -12094,48 +12137,48 @@ mov al, cl cmovle eax, edx mov byte [ebp - 0x2a], al -loc_00007516: +loc_00007584: movzx ebx, byte [ebp - 0x2c] push eax push dword [ebp - 0x40] push ebx push dword [ebp + 0x28] -call fcn_00006738 ; call 0x6738 +call fcn_000067a6 ; call 0x67a6 add esp, 0x10 test al, al -je short loc_00007583 ; je 0x7583 +je short loc_000075f1 ; je 0x75f1 push eax push 0 push 1 lea eax, [ebp - 0x19] push eax -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00007583 ; je 0x7583 +je short loc_000075f1 ; je 0x75f1 test edi, edi -jns short loc_00007583 ; jns 0x7583 -call fcn_000153e9 ; call 0x153e9 +jns short loc_000075f1 ; jns 0x75f1 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000756b ; je 0x756b +je short loc_000075d9 ; je 0x75d9 push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000756b: +loc_000075d9: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x252 -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00007583: +loc_000075f1: push edi push dword [ebp - 0x40] push ebx @@ -12144,65 +12187,65 @@ push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006863 ; call 0x6863 +call fcn_000068d1 ; call 0x68d1 add esp, 0x20 test eax, eax -js loc_00007628 ; js 0x7628 +js loc_00007696 ; js 0x7696 mov eax, dword [ebp - 0x30] mov dword [ebp - 0x3c], eax -jmp near loc_0000725f ; jmp 0x725f +jmp near loc_000072cd ; jmp 0x72cd -loc_000075b2: +loc_00007620: push ebx push 0 push 1 lea eax, [ebp - 0x19] push eax -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00007607 ; je 0x7607 +je short loc_00007675 ; je 0x7675 test ebx, ebx -jns short loc_00007607 ; jns 0x7607 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00007675 ; jns 0x7675 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000075ef ; je 0x75ef +je short loc_0000765d ; je 0x765d push ecx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000075ef: +loc_0000765d: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x262 -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00007607: +loc_00007675: cmp byte [ebp - 0x41], 0 -je short loc_0000761e ; je 0x761e +je short loc_0000768c ; je 0x768c push eax push eax movzx eax, byte [ebp - 0x19] push 0 push eax -call fcn_000094b3 ; call 0x94b3 +call fcn_00009521 ; call 0x9521 add esp, 0x10 -loc_0000761e: +loc_0000768c: inc dword [ebp - 0x38] -jmp near loc_000071df ; jmp 0x71df +jmp near loc_0000724d ; jmp 0x724d -loc_00007626: +loc_00007694: xor eax, eax -loc_00007628: +loc_00007696: lea esp, [ebp - 0xc] pop ebx pop esi @@ -12210,7 +12253,7 @@ pop edi pop ebp ret -fcn_00007630: +fcn_0000769e: push ebp mov ebp, esp push edi @@ -12226,7 +12269,7 @@ mov al, byte [ebp + 0x2c] mov byte [ebp - 0x1c], al mov al, byte [ebp + 0x30] mov byte [ebp - 0x31], al -call fcn_000069d8 ; call 0x69d8 +call fcn_00006a46 ; call 0x6a46 movzx ecx, bl pop edx mov byte [ebp - 0x1b], 0 @@ -12238,51 +12281,51 @@ mov byte [ebp - 0x1a], 0 mov dword [ebp - 0x30], ecx mov dword [ebp - 0x24], eax -loc_0000767f: +loc_000076ed: cmp byte [ebp - 0x1b], 0x1d -ja loc_000079df ; ja 0x79df +ja loc_00007a4d ; ja 0x7a4d cmp byte [ebp - 0x1a], 1 -ja loc_000079df ; ja 0x79df +ja loc_00007a4d ; ja 0x7a4d push eax push eax movzx eax, byte [edi + 2] inc byte [ebp - 0x1b] push eax push dword [ebp + 0x1c] -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 add esp, 0xc mov esi, eax movzx eax, byte [ebp - 0x20] push eax push dword [ebp - 0x30] push dword [ebp + 0x20] -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00007701 ; je 0x7701 +je short loc_0000776f ; je 0x776f test ebx, ebx -jns short loc_00007701 ; jns 0x7701 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000776f ; jns 0x776f +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000076e9 ; je 0x76e9 +je short loc_00007757 ; je 0x7757 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000076e9: +loc_00007757: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x29f -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00007701: +loc_0000776f: push eax push esi push edi @@ -12291,31 +12334,31 @@ push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006dfa ; call 0x6dfa +call fcn_00006e68 ; call 0x6e68 mov ecx, dword [ebp - 0x24] add esp, 0x20 mov dword [ebp - 0x28], eax cmp eax, ecx -jb short loc_0000773d ; jb 0x773d +jb short loc_000077ab ; jb 0x77ab cmp dword [ebp - 0x20], 0 -jne short loc_00007743 ; jne 0x7743 +jne short loc_000077b1 ; jne 0x77b1 movzx eax, byte [edi + 2] mov bl, 1 mov ecx, dword [ebp + 0x34] mov dword [ecx + eax*4], 0 -jmp short loc_00007749 ; jmp 0x7749 +jmp short loc_000077b7 ; jmp 0x77b7 -loc_0000773d: +loc_000077ab: mov byte [ebp - 0x19], 1 -jmp short loc_00007747 ; jmp 0x7747 +jmp short loc_000077b5 ; jmp 0x77b5 -loc_00007743: +loc_000077b1: mov byte [ebp - 0x19], 0xff -loc_00007747: +loc_000077b5: xor ebx, ebx -loc_00007749: +loc_000077b7: mov al, byte [ebp - 0x20] add al, byte [ebp - 0x19] mov byte [ebp - 0x20], al @@ -12324,76 +12367,76 @@ mov dword [ebp - 0x40], eax movzx eax, byte [ebp - 0x1c] mov dword [ebp - 0x44], eax -loc_00007760: +loc_000077ce: test bl, 1 -jne loc_000078b3 ; jne 0x78b3 +jne loc_00007921 ; jne 0x7921 cmp byte [ebp - 0x20], 0x18 -ja loc_000078b3 ; ja 0x78b3 +ja loc_00007921 ; ja 0x7921 push eax push dword [ebp - 0x40] push dword [ebp - 0x44] push edi -call fcn_00006738 ; call 0x6738 +call fcn_000067a6 ; call 0x67a6 add esp, 0x10 test al, al mov bl, al movzx eax, byte [edi + 2] -je short loc_000077bf ; je 0x77bf +je short loc_0000782d ; je 0x782d cmp byte [ebp - 0x19], 0 -js loc_000078d5 ; js 0x78d5 +js loc_00007943 ; js 0x7943 cmp byte [ebp - 0x20], 0 -jne short loc_000077ac ; jne 0x77ac +jne short loc_0000781a ; jne 0x781a mov ecx, dword [ebp + 0x34] mov dword [ecx + eax*4], 0 -jmp near loc_000078e4 ; jmp 0x78e4 +jmp near loc_00007952 ; jmp 0x7952 -loc_000077ac: +loc_0000781a: movsx edx, byte [ebp - 0x20] mov ecx, dword [ebp + 0x34] dec edx imul edx, edx, 0x64 mov dword [ecx + eax*4], edx -jmp near loc_000078e4 ; jmp 0x78e4 +jmp near loc_00007952 ; jmp 0x7952 -loc_000077bf: +loc_0000782d: push esi push esi push eax push dword [ebp + 0x1c] -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 add esp, 0xc mov dword [ebp - 0x38], eax movzx eax, byte [ebp - 0x20] push eax push dword [ebp - 0x30] push dword [ebp + 0x20] -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00007827 ; je 0x7827 +je short loc_00007895 ; je 0x7895 test esi, esi -jns short loc_00007827 ; jns 0x7827 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00007895 ; jns 0x7895 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000780f ; je 0x780f +je short loc_0000787d ; je 0x787d push ecx push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000780f: +loc_0000787d: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x2ca -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00007827: +loc_00007895: push eax push dword [ebp - 0x38] push edi @@ -12402,13 +12445,13 @@ push dword [ebp + 0x18] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006dfa ; call 0x6dfa +call fcn_00006e68 ; call 0x6e68 add esp, 0x20 cmp byte [ebp - 0x19], 0 mov esi, eax -jns short loc_00007875 ; jns 0x7875 +jns short loc_000078e3 ; jns 0x78e3 cmp eax, dword [ebp - 0x24] -jae short loc_000078a5 ; jae 0x78a5 +jae short loc_00007913 ; jae 0x7913 movzx eax, byte [edi + 2] mov ebx, dword [ebp + 0x34] lea ebx, [ebx + eax*4] @@ -12417,14 +12460,14 @@ push eax push esi push dword [ebp - 0x28] push dword [ebp - 0x24] -call fcn_000070f4 ; call 0x70f4 +call fcn_00007162 ; call 0x7162 add esp, 0x10 mov dword [ebx], eax -jmp near loc_000078fe ; jmp 0x78fe +jmp near loc_0000796c ; jmp 0x796c -loc_00007875: +loc_000078e3: cmp eax, dword [ebp - 0x24] -jb short loc_000078a5 ; jb 0x78a5 +jb short loc_00007913 ; jb 0x7913 movzx eax, byte [edi + 2] mov edx, dword [ebp + 0x34] lea edx, [edx + eax*4] @@ -12434,48 +12477,48 @@ push eax push dword [ebp - 0x28] push esi push dword [ebp - 0x24] -call fcn_000070f4 ; call 0x70f4 +call fcn_00007162 ; call 0x7162 mov edx, dword [ebp - 0x38] add esp, 0x10 mov dword [ebp - 0x28], esi mov dword [edx], eax -jmp short loc_000078e4 ; jmp 0x78e4 +jmp short loc_00007952 ; jmp 0x7952 -loc_000078a5: +loc_00007913: mov al, byte [ebp - 0x19] add byte [ebp - 0x20], al mov dword [ebp - 0x28], esi -jmp near loc_00007760 ; jmp 0x7760 +jmp near loc_000077ce ; jmp 0x77ce -loc_000078b3: +loc_00007921: cmp byte [ebp - 0x19], 0 -jns short loc_000078e4 ; jns 0x78e4 +jns short loc_00007952 ; jns 0x7952 mov eax, dword [ebp - 0x24] cmp dword [ebp - 0x28], eax -jb short loc_000078fe ; jb 0x78fe +jb short loc_0000796c ; jb 0x796c test bl, bl -jne short loc_000078fe ; jne 0x78fe +jne short loc_0000796c ; jne 0x796c movzx eax, byte [edi + 2] mov ebx, dword [ebp + 0x34] mov dword [ebx + eax*4], 0 -jmp short loc_000078fe ; jmp 0x78fe +jmp short loc_0000796c ; jmp 0x796c -loc_000078d5: +loc_00007943: mov byte [ebp - 0x19], 1 mov dword [ebp - 0x2c], 0xffffffff mov byte [ebp - 0x1a], 0 -loc_000078e4: +loc_00007952: mov eax, dword [ebp - 0x24] cmp dword [ebp - 0x28], eax -jae short loc_000078fe ; jae 0x78fe +jae short loc_0000796c ; jae 0x796c test bl, bl -jne short loc_000078fe ; jne 0x78fe +jne short loc_0000796c ; jne 0x796c movzx eax, byte [edi + 2] mov ebx, dword [ebp + 0x34] mov dword [ebx + eax*4], 0x9c4 -loc_000078fe: +loc_0000796c: movzx eax, byte [edi + 2] mov ecx, dword [ebp + 0x34] mov esi, dword [ecx + eax*4] @@ -12491,7 +12534,7 @@ cmovs ecx, edx mov dword [ebp - 0x20], ecx mov ecx, dword [ebp - 0x2c] cmp ecx, 0xffffffff -je short loc_00007946 ; je 0x7946 +je short loc_000079b4 ; je 0x79b4 mov edx, ecx mov eax, esi sub eax, ecx @@ -12506,48 +12549,48 @@ mov al, cl cmovle eax, edx mov byte [ebp - 0x1a], al -loc_00007946: +loc_000079b4: movzx esi, byte [ebp - 0x31] movzx ebx, byte [ebp - 0x1c] push eax push esi push ebx push edi -call fcn_00006738 ; call 0x6738 +call fcn_000067a6 ; call 0x67a6 add esp, 0x10 test al, al -je short loc_000079b8 ; je 0x79b8 +je short loc_00007a26 ; je 0x7a26 push eax push 0 push dword [ebp - 0x30] push dword [ebp + 0x20] -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov dword [ebp - 0x2c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000079b8 ; je 0x79b8 +je short loc_00007a26 ; je 0x7a26 cmp dword [ebp - 0x2c], 0 -jns short loc_000079b8 ; jns 0x79b8 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00007a26 ; jns 0x7a26 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000079a0 ; je 0x79a0 +je short loc_00007a0e ; je 0x7a0e push eax push dword [ebp - 0x2c] -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000079a0: +loc_00007a0e: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x301 -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000079b8: +loc_00007a26: push eax push esi push ebx @@ -12556,53 +12599,53 @@ push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006863 ; call 0x6863 +call fcn_000068d1 ; call 0x68d1 add esp, 0x20 test eax, eax -js short loc_00007a3c ; js 0x7a3c +js short loc_00007aaa ; js 0x7aaa mov eax, dword [ebp - 0x28] mov dword [ebp - 0x2c], eax -jmp near loc_0000767f ; jmp 0x767f +jmp near loc_000076ed ; jmp 0x76ed -loc_000079df: +loc_00007a4d: movzx eax, byte [ebp - 0x3c] push ecx push 0 push eax push dword [ebp + 0x20] -call fcn_00009b95 ; call 0x9b95 +call fcn_00009c03 ; call 0x9c03 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 xor edx, edx test al, al -je short loc_00007a3e ; je 0x7a3e +je short loc_00007aac ; je 0x7aac test ebx, ebx -jns short loc_00007a3e ; jns 0x7a3e -call fcn_000153e9 ; call 0x153e9 +jns short loc_00007aac ; jns 0x7aac +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00007a20 ; je 0x7a20 +je short loc_00007a8e ; je 0x7a8e push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00007a20: +loc_00007a8e: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x311 -push ref_00021b85 ; push 0x21b85 -call fcn_000153fc ; call 0x153fc +push ref_00021c15 ; push 0x21c15 +call fcn_0001548c ; call 0x1548c add esp, 0x10 xor edx, edx -jmp short loc_00007a3e ; jmp 0x7a3e +jmp short loc_00007aac ; jmp 0x7aac -loc_00007a3c: +loc_00007aaa: mov edx, eax -loc_00007a3e: +loc_00007aac: lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -12611,7 +12654,7 @@ pop edi pop ebp ret -fcn_00007a48: +fcn_00007ab6: push ebp xor eax, eax mov ebp, esp @@ -12622,12 +12665,12 @@ sub esp, 0x1c mov edx, dword [ebp + 0x20] mov ecx, dword [ebp + 0x24] -loc_00007a59: +loc_00007ac7: mov edi, dword [ebp + 0x2c] mov dword [edi + eax], 0xffffffff add eax, 4 cmp eax, 0x40 -jne short loc_00007a59 ; jne 0x7a59 +jne short loc_00007ac7 ; jne 0x7ac7 movzx eax, cl xor edi, edi shl eax, 5 @@ -12635,37 +12678,37 @@ lea eax, [edx + eax + 0xc] lea esi, [edx + 0xc] mov dword [ebp - 0x20], eax -loc_00007a7d: +loc_00007aeb: cmp esi, dword [ebp - 0x20] -je loc_00007b8f ; je 0x7b8f +je loc_00007bfd ; je 0x7bfd mov al, byte [esi + 0x10] cmp byte [esi + 0x11], 0 mov byte [ebp - 0x19], al -je loc_00007b87 ; je 0x7b87 +je loc_00007bf5 ; je 0x7bf5 cmp byte [esi + 0x12], 1 -je loc_00007b87 ; je 0x7b87 +je loc_00007bf5 ; je 0x7bf5 cmp byte [esi - 1], 0 mov cl, 3 lea ebx, [esi - 0xc] -jne short loc_00007ab9 ; jne 0x7ab9 +jne short loc_00007b27 ; jne 0x7b27 sub esp, 0xc push ebx -call fcn_00006582 ; call 0x6582 +call fcn_000065f0 ; call 0x65f0 add esp, 0x10 mov cl, al -loc_00007ab9: +loc_00007b27: sub esp, 0xc push ebx mov dword [ebp - 0x24], ecx -call fcn_0000642d ; call 0x642d +call fcn_0000649b ; call 0x649b add esp, 0x10 mov ecx, dword [ebp - 0x24] cmp dword [ebp + 0x28], 1 -je short loc_00007b3d ; je 0x7b3d -jb short loc_00007b08 ; jb 0x7b08 +je short loc_00007bab ; je 0x7bab +jb short loc_00007b76 ; jb 0x7b76 cmp dword [ebp + 0x28], 2 -jne loc_00007b6d ; jne 0x7b6d +jne loc_00007bdb ; jne 0x7bdb push dword [ebp + 0x2c] movzx eax, al movzx ecx, cl @@ -12681,10 +12724,10 @@ push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00006e24 ; call 0x6e24 -jmp short loc_00007b66 ; jmp 0x7b66 +call fcn_00006e92 ; call 0x6e92 +jmp short loc_00007bd4 ; jmp 0x7bd4 -loc_00007b08: +loc_00007b76: sub esp, 0xc movzx eax, al push dword [ebp + 0x2c] @@ -12702,12 +12745,12 @@ push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_000071a8 ; call 0x71a8 +call fcn_00007216 ; call 0x7216 add esp, 0x40 mov edi, eax -jmp short loc_00007b87 ; jmp 0x7b87 +jmp short loc_00007bf5 ; jmp 0x7bf5 -loc_00007b3d: +loc_00007bab: push dword [ebp + 0x2c] movzx eax, al movzx ecx, cl @@ -12723,29 +12766,29 @@ push dword [ebp + 0x14] push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00007630 ; call 0x7630 +call fcn_0000769e ; call 0x769e -loc_00007b66: +loc_00007bd4: mov edi, eax add esp, 0x30 -jmp short loc_00007b87 ; jmp 0x7b87 +jmp short loc_00007bf5 ; jmp 0x7bf5 -loc_00007b6d: -call fcn_000153e9 ; call 0x153e9 +loc_00007bdb: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00007b87 ; je 0x7b87 +je short loc_00007bf5 ; je 0x7bf5 push eax push eax -push ref_00021bb7 ; push 0x21bb7 +push ref_00021c47 ; push 0x21c47 push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00007b87: +loc_00007bf5: add esi, 0x20 -jmp near loc_00007a7d ; jmp 0x7a7d +jmp near loc_00007aeb ; jmp 0x7aeb -loc_00007b8f: +loc_00007bfd: lea esp, [ebp - 0xc] mov eax, edi pop ebx @@ -12754,7 +12797,7 @@ pop edi pop ebp ret -fcn_00007b99: +fcn_00007c07: push ebp mov ebp, esp movzx eax, byte [ebp + 0xc] @@ -12763,9 +12806,9 @@ shl eax, 4 lea eax, [edx + eax + 0xc] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017d8a ; jmp 0x17d8a +jmp near fcn_00017e4e ; jmp 0x17e4e -fcn_00007bb3: +fcn_00007c21: push ebp mov ebp, esp push edi @@ -12778,63 +12821,63 @@ mov ebx, dword [ebp + 8] push 1 push 0 mov dword [ebp - 0x20], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 1 push 1 push 0 mov esi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 1 push 0 mov edi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x1c], eax pop eax pop edx lea eax, [ebx + 0x6430] push 3 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x6434] add ebx, 0x6438 push 0x76543210 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [esi + 0x630] push 0xb push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [esi + 0x600] add esi, 0x604 push 0x60b push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0x76543980 push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [edi + 0x600] add edi, 0x604 pop ecx pop esi push 0x60b push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0x76543280 push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov edi, dword [ebp - 0x1c] pop ecx pop esi @@ -12842,19 +12885,19 @@ mov eax, edi push 0xb add eax, 0x600 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax mov eax, edi pop edx add eax, 0x604 push 0x76543210 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop esi push 0x680000 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov eax, dword [ebp - 0x20] add esp, 0x10 mov dword [ebp + 0xc], 0xa @@ -12865,9 +12908,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00007cce: +fcn_00007d3c: push ebp mov ebp, esp push edi @@ -12880,63 +12923,63 @@ mov ebx, dword [ebp + 8] push 1 push 0 mov dword [ebp - 0x20], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 1 push 1 push 0 mov esi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 1 push 0 mov edi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x1c], eax pop eax pop edx lea eax, [ebx + 0x6430] push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x6434] add ebx, 0x6438 push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [esi + 0x630] push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [esi + 0x600] add esi, 0x604 push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0 push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [edi + 0x600] add edi, 0x604 pop ecx pop esi push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0 push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov edi, dword [ebp - 0x1c] pop ecx pop esi @@ -12944,19 +12987,19 @@ mov eax, edi push 0 add eax, 0x600 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax mov eax, edi pop edx add eax, 0x604 push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop esi push 0 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov eax, dword [ebp - 0x20] add esp, 0x10 mov dword [ebp + 0xc], 0 @@ -12967,9 +13010,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00007dd4: +fcn_00007e42: push ebp mov ebp, esp push ebx @@ -12977,10 +13020,10 @@ sub esp, 8 push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x60 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx push 0x4000 @@ -12988,25 +13031,25 @@ mov ebx, eax and ebx, 0xfffffff8 lea eax, [ebx + 0x54] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 0 push 0xfed85000 lea eax, [ebx + 0x38010] add ebx, 0x38004 push eax -call fcn_00017e64 ; call 0x17e64 +call fcn_00017f28 ; call 0x17f28 pop eax pop edx push 2 push ebx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov eax, 0xfed85000 mov ebx, dword [ebp - 4] leave ret -fcn_00007e36: +fcn_00007ea4: push ebp mov ebp, esp push ebx @@ -13014,10 +13057,10 @@ sub esp, 8 push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x60 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx push 0xfffd @@ -13025,25 +13068,25 @@ mov ebx, eax and ebx, 0xfffffff8 lea eax, [ebx + 0x38004] push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0xc push 0 push 0xfff lea eax, [ebx + 0x38010] add ebx, 0x54 push eax -call fcn_00018c3e ; call 0x18c3e +call fcn_00018d02 ; call 0x18d02 pop eax pop edx push 0xffffbfff push ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 mov ebx, dword [ebp - 4] leave ret -fcn_00007e99: +fcn_00007f07: push ebp mov ebp, esp push ebx @@ -13051,87 +13094,87 @@ sub esp, 0xc mov ebx, dword [ebp + 8] push 0x40000 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [ebx + 4] push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x10] push 0x40000 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [ebx + 0x14] push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x20] push 0x40000 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [ebx + 0x24] push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 8] push 0xff000000 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [ebx + 0x18] push 0xff000000 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x28] push 0xff000000 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [ebx + 0xc] push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x1c] add ebx, 0x2c push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 mov ebx, dword [ebp - 4] leave ret -fcn_00007f54: +fcn_00007fc2: push ebp mov ebp, esp push ebx sub esp, 0x10 mov ebx, dword [ebp + 8] push dword [ebp + 0xc] -call fcn_00007e99 ; call 0x7e99 -call fcn_00007e36 ; call 0x7e36 +call fcn_00007f07 ; call 0x7f07 +call fcn_00007ea4 ; call 0x7ea4 mov eax, dword [ebx + 1] add esp, 0x10 mov ebx, dword [ebp - 4] @@ -13140,9 +13183,9 @@ mov dword [ebp + 0xc], edx mov eax, dword [eax + 4] mov dword [ebp + 8], eax leave -jmp near fcn_00007cce ; jmp 0x7cce +jmp near fcn_00007d3c ; jmp 0x7d3c -fcn_00007f86: +fcn_00007ff4: push ebp mov ebp, esp push edi @@ -13155,24 +13198,24 @@ mov esi, dword [ebp + 0x10] mov edi, dword [ebp + 0xc] lea eax, [ebx + 4] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx lea eax, [ebx + 0x14] push 0xa101 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x24] push 0xa102 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0x110000 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0xc push 0x3e8 push esi @@ -13182,14 +13225,14 @@ pop ecx pop esi push 0x22100 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop edi pop eax lea eax, [ebx + 0x10] add ebx, 0x20 push 0x22101 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], 0x22102 @@ -13198,9 +13241,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00008019: +fcn_00008087: push ebp mov ebp, esp push ebx @@ -13209,22 +13252,22 @@ mov eax, dword [ebp + 0xc] mov eax, dword [eax + 1] push dword [eax + 0x18] push dword [eax + 4] -call fcn_00007bb3 ; call 0x7bb3 -call fcn_00007dd4 ; call 0x7dd4 +call fcn_00007c21 ; call 0x7c21 +call fcn_00007e42 ; call 0x7e42 mov ebx, eax mov dword [esp], eax -call fcn_00007e99 ; call 0x7e99 +call fcn_00007f07 ; call 0x7f07 add esp, 0xc push dword [ebp + 0x10] push dword [ebp + 8] push ebx -call fcn_00007f86 ; call 0x7f86 +call fcn_00007ff4 ; call 0x7ff4 mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_00008056: ; not directly referenced +fcn_000080c4: ; not directly referenced push ebp mov ebp, esp push edi @@ -13235,7 +13278,7 @@ mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] push ebx -call fcn_00007e99 ; call 0x7e99 +call fcn_00007f07 ; call 0x7f07 add esp, 0x10 mov dword [ebp + 0x10], edi mov dword [ebp + 0xc], esi @@ -13245,9 +13288,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00007f86 ; jmp 0x7f86 +jmp near fcn_00007ff4 ; jmp 0x7ff4 -fcn_00008086: +fcn_000080f4: push ebp mov ebp, esp push edi @@ -13259,159 +13302,159 @@ mov ebx, dword [ebp + 0xc] mov edi, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax cmp bl, 0xf -ja loc_000081d9 ; ja 0x81d9 +ja loc_00008247 ; ja 0x8247 mov esi, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000080c3 ; je 0x80c3 +je short loc_00008131 ; je 0x8131 push eax movzx eax, bl push eax -push ref_00021bd7 ; push 0x21bd7 +push ref_00021c67 ; push 0x21c67 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000080c3: +loc_00008131: mov eax, dword [ebp + 8] mov al, byte [eax + 0x1d] test al, al -je loc_0000815b ; je 0x815b +je loc_000081c9 ; je 0x81c9 mov edx, dword [ebp + 8] cmp byte [edx + 0x1f], 0 -je short loc_00008122 ; je 0x8122 -call fcn_000153e9 ; call 0x153e9 +je short loc_00008190 ; je 0x8190 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000080f8 ; je 0x80f8 +je short loc_00008166 ; je 0x8166 push eax movzx eax, byte [ebp - 0x1c] push eax -push ref_00021bed ; push 0x21bed +push ref_00021c7d ; push 0x21c7d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000080f8: +loc_00008166: test edi, edi -je loc_000081c5 ; je 0x81c5 -call fcn_000153e9 ; call 0x153e9 +je loc_00008233 ; je 0x8233 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000811a ; je 0x811a +je short loc_00008188 ; je 0x8188 push eax push eax -push ref_00021c1a ; push 0x21c1a +push ref_00021caa ; push 0x21caa push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000811a: +loc_00008188: movzx ebx, bl mov al, byte [ebp - 0x1c] -jmp short loc_00008155 ; jmp 0x8155 +jmp short loc_000081c3 ; jmp 0x81c3 -loc_00008122: +loc_00008190: test edi, edi -je short loc_0000815b ; je 0x815b +je short loc_000081c9 ; je 0x81c9 mov eax, dword [ebp + 0x10] movzx ebx, bl mov eax, dword [eax + 0xd] movzx esi, byte [eax + ebx + 0x19] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00008153 ; je 0x8153 +je short loc_000081c1 ; je 0x81c1 push eax mov eax, esi movzx eax, al push eax -push ref_00021c00 ; push 0x21c00 +push ref_00021c90 ; push 0x21c90 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00008153: +loc_000081c1: mov eax, esi -loc_00008155: +loc_000081c3: mov byte [edi + ebx + 0x35], al -jmp short loc_000081c5 ; jmp 0x81c5 +jmp short loc_00008233 ; jmp 0x8233 -loc_0000815b: +loc_000081c9: mov ecx, dword [ebp + 8] cmp byte [ecx + 0x1f], 0 -jne short loc_00008191 ; jne 0x8191 +jne short loc_000081ff ; jne 0x81ff test edi, edi -jne loc_00008200 ; jne 0x8200 +jne loc_0000826e ; jne 0x826e mov eax, dword [ebp + 0x10] movzx ebx, bl mov eax, dword [eax + 0xd] movzx esi, byte [eax + ebx + 0x19] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000081c5 ; je 0x81c5 +je short loc_00008233 ; je 0x8233 mov eax, esi movzx eax, al push ebx push eax -push ref_00021c38 ; push 0x21c38 -jmp short loc_000081bb ; jmp 0x81bb +push ref_00021cc8 ; push 0x21cc8 +jmp short loc_00008229 ; jmp 0x8229 -loc_00008191: +loc_000081ff: mov esi, 7 test al, al -jne short loc_000081c5 ; jne 0x81c5 +jne short loc_00008233 ; jne 0x8233 test edi, edi -je short loc_000081c5 ; je 0x81c5 +je short loc_00008233 ; je 0x8233 -loc_0000819e: +loc_0000820c: movzx ebx, bl movzx esi, byte [edi + ebx + 0x35] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000081c5 ; je 0x81c5 +je short loc_00008233 ; je 0x8233 mov eax, esi movzx eax, al push ecx push eax -push ref_00021c53 ; push 0x21c53 +push ref_00021ce3 ; push 0x21ce3 -loc_000081bb: +loc_00008229: push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000081c5: -call fcn_000153e9 ; call 0x153e9 +loc_00008233: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000820b ; je 0x820b +je short loc_00008279 ; je 0x8279 push edx push edx -push ref_00021e91 ; push 0x21e91 +push ref_00021f21 ; push 0x21f21 push 0x40 -jmp short loc_000081f6 ; jmp 0x81f6 +jmp short loc_00008264 ; jmp 0x8264 -loc_000081d9: -call fcn_000153e9 ; call 0x153e9 +loc_00008247: +call fcn_00015479 ; call 0x15479 mov esi, 7 test al, al -je short loc_0000820b ; je 0x820b +je short loc_00008279 ; je 0x8279 movzx ebx, bl push eax push ebx -push ref_00021c71 ; push 0x21c71 +push ref_00021d01 ; push 0x21d01 push 0x80000000 -loc_000081f6: -call fcn_000153f7 ; call 0x153f7 +loc_00008264: +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0000820b ; jmp 0x820b +jmp short loc_00008279 ; jmp 0x8279 -loc_00008200: +loc_0000826e: mov esi, 7 test al, al -jne short loc_000081c5 ; jne 0x81c5 -jmp short loc_0000819e ; jmp 0x819e +jne short loc_00008233 ; jne 0x8233 +jmp short loc_0000820c ; jmp 0x820c -loc_0000820b: +loc_00008279: lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -13420,93 +13463,93 @@ pop edi pop ebp ret -fcn_00008215: +fcn_00008283: push ebp mov ebp, esp mov eax, dword [ebp + 8] mov ecx, dword [eax + 0xd] xor eax, eax -loc_00008220: +loc_0000828e: movzx edx, byte [ecx + eax + 5] cmp edx, 3 -je short loc_00008238 ; je 0x8238 +je short loc_000082a6 ; je 0x82a6 test edx, edx -je short loc_00008238 ; je 0x8238 +je short loc_000082a6 ; je 0x82a6 inc eax cmp eax, 3 -jne short loc_00008220 ; jne 0x8220 +jne short loc_0000828e ; jne 0x828e xor eax, eax -jmp short loc_0000823a ; jmp 0x823a +jmp short loc_000082a8 ; jmp 0x82a8 -loc_00008238: +loc_000082a6: mov al, 1 -loc_0000823a: +loc_000082a8: pop ebp ret -fcn_0000823c: +fcn_000082aa: push ebp mov ebp, esp sub esp, 8 mov eax, dword [ebp + 8] cmp byte [eax], 0x12 -jbe short loc_00008254 ; jbe 0x8254 +jbe short loc_000082c2 ; jbe 0x82c2 mov eax, dword [eax + 0xd] mov al, byte [eax + 0x64] cmp al, 1 -jbe short loc_0000826f ; jbe 0x826f +jbe short loc_000082dd ; jbe 0x82dd -loc_00008254: -call fcn_0001c58d ; call 0x1c58d +loc_000082c2: +call fcn_0001c651 ; call 0x1c651 cmp eax, 0x40660 -je short loc_0000826b ; je 0x826b +je short loc_000082d9 ; je 0x82d9 cmp eax, 0x306c0 -loc_00008265: -je short loc_0000826b ; je 0x826b +loc_000082d3: +je short loc_000082d9 ; je 0x82d9 mov al, 1 -jmp short loc_00008273 ; jmp 0x8273 +jmp short loc_000082e1 ; jmp 0x82e1 -loc_0000826b: +loc_000082d9: xor eax, eax -jmp short loc_00008273 ; jmp 0x8273 +jmp short loc_000082e1 ; jmp 0x82e1 -loc_0000826f: +loc_000082dd: test al, al -jmp short loc_00008265 ; jmp 0x8265 +jmp short loc_000082d3 ; jmp 0x82d3 -loc_00008273: +loc_000082e1: leave ret -fcn_00008275: +fcn_000082e3: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x41c -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov dword [ebp - 0x3ec], eax -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 push ebx push 0 push 1 push 0 mov dword [ebp - 0x3f4], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x3f8], eax add eax, 0xd0c mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov byte [ebp - 0x3ee], 3 mov ebx, eax mov eax, dword [ebp + 0xc] cmp byte [eax], 0x12 -jbe short loc_000082e3 ; jbe 0x82e3 +jbe short loc_00008351 ; jbe 0x8351 mov eax, dword [eax + 0xd] mov edi, 3 cmp byte [eax + 0x69], 1 @@ -13515,7 +13558,7 @@ cmove edi, eax mov eax, edi mov byte [ebp - 0x3ee], al -loc_000082e3: +loc_00008351: mov byte [ebp - 0x2a2], 7 xor eax, eax mov byte [ebp - 0x261], 3 @@ -13528,39 +13571,39 @@ mov byte [ebp - 0xdb], 6 mov byte [ebp - 0x9a], 9 mov byte [ebp - 0x59], 4 -loc_00008328: +loc_00008396: mov dword [ebp + eax*4 - 0x3c4], 0xffffffff mov dword [ebp + eax*4 - 0x384], 0xffffffff mov byte [ebp + eax - 0x3d4], 7 inc eax cmp eax, 0x10 -jne short loc_00008328 ; jne 0x8328 -call fcn_000153e9 ; call 0x153e9 +jne short loc_00008396 ; jne 0x8396 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00008366 ; je 0x8366 +je short loc_000083d4 ; je 0x83d4 push ecx push ecx -push ref_00021c82 ; push 0x21c82 +push ref_00021d12 ; push 0x21d12 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00008366: +loc_000083d4: sub esp, 0xc push dword [ebp + 0xc] -call fcn_00008215 ; call 0x8215 +call fcn_00008283 ; call 0x8283 add esp, 0x10 test al, al -jne short loc_00008391 ; jne 0x8391 -call fcn_000153e9 ; call 0x153e9 +jne short loc_000083ff ; jne 0x83ff +call fcn_00015479 ; call 0x15479 test al, al -je loc_00009307 ; je 0x9307 +je loc_00009375 ; je 0x9375 push edx push edx -push ref_00021c9a ; push 0x21c9a -jmp near loc_00008dde ; jmp 0x8dde +push ref_00021d2a ; push 0x21d2a +jmp near loc_00008e4c ; jmp 0x8e4c -loc_00008391: +loc_000083ff: shr ebx, 0x14 sub esp, 0xc mov al, bl @@ -13572,82 +13615,82 @@ mov eax, dword [eax + 0xd] mov ax, word [eax + 0x3c] push dword [ebp + 0xc] mov word [ebp - 0x404], ax -call fcn_00006a20 ; call 0x6a20 +call fcn_00006a8e ; call 0x6a8e add esp, 0x10 mov word [ebp - 0x40c], ax test bl, bl -jne short loc_000083dd ; jne 0x83dd -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000844b ; jne 0x844b +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000083f7 ; je 0x83f7 +je short loc_00008465 ; je 0x8465 push eax push eax -push ref_00021cb7 ; push 0x21cb7 -jmp short loc_000083ed ; jmp 0x83ed +push ref_00021d47 ; push 0x21d47 +jmp short loc_0000845b ; jmp 0x845b -loc_000083dd: -call fcn_000153e9 ; call 0x153e9 +loc_0000844b: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000083f7 ; je 0x83f7 +je short loc_00008465 ; je 0x8465 push eax push eax -push ref_00021cd2 ; push 0x21cd2 +push ref_00021d62 ; push 0x21d62 -loc_000083ed: +loc_0000845b: push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000083f7: +loc_00008465: cmp dword [ebp + 0x14], 0 mov byte [ebp - 0x3d9], 0 -je loc_00008509 ; je 0x8509 +je loc_00008577 ; je 0x8577 mov eax, dword [ebp + 0x14] cmp byte [eax + 0x28], 0 -je loc_00008509 ; je 0x8509 +je loc_00008577 ; je 0x8577 lea eax, [ebp - 0x3d8] push eax push 0 push 0 -push ref_0002914c ; push 0x2914c -call fcn_00019699 ; call 0x19699 +push ref_000291fc ; push 0x291fc +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00008471 ; je 0x8471 +je short loc_000084df ; je 0x84df test ebx, ebx -jns short loc_00008471 ; jns 0x8471 -call fcn_000153e9 ; call 0x153e9 +jns short loc_000084df ; jns 0x84df +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00008459 ; je 0x8459 +je short loc_000084c7 ; je 0x84c7 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00008459: +loc_000084c7: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xd6 -push ref_00021cec ; push 0x21cec -call fcn_000153fc ; call 0x153fc +push ref_00021d7c ; push 0x21d7c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00008471: -call fcn_000153e9 ; call 0x153e9 +loc_000084df: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000848b ; je 0x848b +je short loc_000084f9 ; je 0x84f9 push eax push eax -push ref_00021d24 ; push 0x21d24 +push ref_00021db4 ; push 0x21db4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000848b: +loc_000084f9: push eax lea eax, [ebp - 0x3d9] push eax @@ -13656,43 +13699,43 @@ push 0 push dword [ebp + 8] call dword [eax + 5] ; ucall mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000084e8 ; je 0x84e8 +je short loc_00008556 ; je 0x8556 test ebx, ebx -jns short loc_000084e8 ; jns 0x84e8 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00008556 ; jns 0x8556 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000084d0 ; je 0x84d0 +je short loc_0000853e ; je 0x853e push edi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000084d0: +loc_0000853e: push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xd9 -push ref_00021cec ; push 0x21cec -call fcn_000153fc ; call 0x153fc +push ref_00021d7c ; push 0x21d7c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000084e8: -call fcn_000153e9 ; call 0x153e9 +loc_00008556: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00008509 ; je 0x8509 +je short loc_00008577 ; je 0x8577 movzx eax, byte [ebp - 0x3d9] push ebx push eax -push ref_00021d41 ; push 0x21d41 +push ref_00021dd1 ; push 0x21dd1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00008509: +loc_00008577: lea eax, [ebp - 0x3df] xor ebx, ebx push ecx @@ -13701,12 +13744,12 @@ lea eax, [ebp - 0x3de] push eax lea eax, [ebp - 0x302] push eax -call fcn_00006a44 ; call 0x6a44 +call fcn_00006ab2 ; call 0x6ab2 add esp, 0x10 -loc_00008529: +loc_00008597: cmp bl, byte [ebp - 0x3de] -jae loc_000085bf ; jae 0x85bf +jae loc_0000862d ; jae 0x862d movzx eax, bl shl eax, 5 lea esi, [ebp + eax - 0x302] @@ -13717,50 +13760,50 @@ push edx movzx edx, byte [esi + 1] push edx push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xb2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0xf cmp ax, 3 -je short loc_0000857a ; je 0x857a +je short loc_000085e8 ; je 0x85e8 cmp byte [esi + 0xb], 0 -jne short loc_0000857d ; jne 0x857d +jne short loc_000085eb ; jne 0x85eb -loc_0000857a: +loc_000085e8: inc ebx -jmp short loc_00008529 ; jmp 0x8529 +jmp short loc_00008597 ; jmp 0x8597 -loc_0000857d: +loc_000085eb: mov eax, dword [ebp - 0x3f8] push ebx push ebx push 0x8000 lea esi, [eax + 0xdd8] push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push dword [ebp + 0xc] push dword [ebp + 0x10] push dword [ebp + 8] -call fcn_00006058 ; call 0x6058 +call fcn_000060c6 ; call 0x60c6 add esp, 0x10 test eax, eax -jns loc_00008e12 ; jns 0x8e12 +jns loc_00008e80 ; jns 0x8e80 -loc_000085b2: +loc_00008620: cmp dword [ebp - 0x3f4], 0 -jne loc_00008ded ; jne 0x8ded +jne loc_00008e5b ; jne 0x8e5b -loc_000085bf: +loc_0000862d: mov byte [ebp - 0x3f4], 0 mov byte [ebp - 0x3ec], 0 -loc_000085cd: +loc_0000863b: mov cl, byte [ebp - 0x3de] cmp byte [ebp - 0x3ec], cl -jae loc_00008718 ; jae 0x8718 +jae loc_00008786 ; jae 0x8786 movzx ebx, byte [ebp - 0x3ec] mov edx, ebx shl edx, 5 @@ -13773,27 +13816,27 @@ mov byte [ebp - 0x400], cl mov cl, byte [eax + 2] mov byte [ebp - 0x408], cl movzx edx, cl -je short loc_0000863d ; je 0x863d +je short loc_000086ab ; je 0x86ab mov esi, dword [ebp + 0x14] cmp byte [esi + 0x28], 0 -je loc_00008e98 ; je 0x8e98 +je loc_00008f06 ; je 0x8f06 mov eax, dword [eax + 7] mov edi, 1 cmp dword [esi + edx*4 + 0x29], eax -jne loc_00008e9a ; jne 0x8e9a +jne loc_00008f08 ; jne 0x8f08 xor esi, esi -jmp short loc_00008644 ; jmp 0x8644 +jmp short loc_000086b2 ; jmp 0x86b2 -loc_0000863d: +loc_000086ab: mov esi, 1 xor edi, edi -loc_00008644: +loc_000086b2: mov dword [ebp - 0x410], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 mov edx, dword [ebp - 0x410] test al, al -je short loc_0000868a ; je 0x868a +je short loc_000086f8 ; je 0x86f8 mov ecx, esi sub esp, 0xc movzx eax, byte [ebp - 0x400] @@ -13808,12 +13851,12 @@ push eax push ecx push edx push eax -push ref_00021d69 ; push 0x21d69 +push ref_00021df9 ; push 0x21df9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x30 -loc_0000868a: +loc_000086f8: push eax movzx eax, byte [ebp - 0x408] push eax @@ -13821,83 +13864,83 @@ movzx eax, byte [ebp - 0x400] push eax movzx eax, byte [ebp - 0x3fc] push eax -call fcn_000023ad ; call 0x23ad +call fcn_0000241b ; call 0x241b mov eax, edi mov ecx, esi xor eax, 1 add esp, 0x10 or cl, al -jne short loc_000086d0 ; jne 0x86d0 +jne short loc_0000873e ; jne 0x873e cmp byte [ebp - 0x3d9], 0 -jne short loc_000086d0 ; jne 0x86d0 +jne short loc_0000873e ; jne 0x873e mov eax, dword [ebp + 0xc] cmp byte [eax], 1 -jbe short loc_000086df ; jbe 0x86df +jbe short loc_0000874d ; jbe 0x874d mov eax, dword [eax + 0xd] cmp byte [eax + 0x48], 1 -jne short loc_000086df ; jne 0x86df +jne short loc_0000874d ; jne 0x874d -loc_000086d0: +loc_0000873e: mov eax, ebx shl eax, 5 mov byte [ebp + eax - 0x2e5], 1 -jmp short loc_000086ec ; jmp 0x86ec +jmp short loc_0000875a ; jmp 0x875a -loc_000086df: +loc_0000874d: mov eax, ebx shl eax, 5 mov byte [ebp + eax - 0x2e5], 0 -loc_000086ec: +loc_0000875a: shl ebx, 5 lea eax, [ebp - 0x18] add ebx, eax cmp byte [ebx - 0x2df], 0 -jne short loc_00008706 ; jne 0x8706 +jne short loc_00008774 ; jne 0x8774 mov byte [ebx - 0x2cd], 0 -jmp short loc_0000870d ; jmp 0x870d +jmp short loc_0000877b ; jmp 0x877b -loc_00008706: +loc_00008774: mov byte [ebp - 0x3f4], 1 -loc_0000870d: +loc_0000877b: inc byte [ebp - 0x3ec] -jmp near loc_000085cd ; jmp 0x85cd +jmp near loc_0000863b ; jmp 0x863b -loc_00008718: +loc_00008786: cmp byte [ebp - 0x3f4], 0 -je short loc_0000872b ; je 0x872b +je short loc_00008799 ; je 0x8799 lea edx, [ebp - 0x302] xor eax, eax -jmp short loc_0000874e ; jmp 0x874e +jmp short loc_000087bc ; jmp 0x87bc -loc_0000872b: -call fcn_000153e9 ; call 0x153e9 +loc_00008799: +call fcn_00015479 ; call 0x15479 test al, al -je loc_00009307 ; je 0x9307 +je loc_00009375 ; je 0x9375 push ecx push ecx -push ref_00021db4 ; push 0x21db4 -jmp near loc_00008dde ; jmp 0x8dde +push ref_00021e44 ; push 0x21e44 +jmp near loc_00008e4c ; jmp 0x8e4c -loc_00008744: +loc_000087b2: add edx, 0x20 cmp byte [edx - 3], 1 -je short loc_0000875e ; je 0x875e +je short loc_000087cc ; je 0x87cc inc eax -loc_0000874e: +loc_000087bc: cmp al, cl -jne short loc_00008744 ; jne 0x8744 +jne short loc_000087b2 ; jne 0x87b2 mov byte [ebp - 0x3ee], 0 -jmp near loc_000088fe ; jmp 0x88fe +jmp near loc_0000896c ; jmp 0x896c -loc_0000875e: +loc_000087cc: push eax push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00008019 ; call 0x8019 +call fcn_00008087 ; call 0x8087 pop edx pop ecx push 0x2000 @@ -13906,7 +13949,7 @@ mov eax, dword [ebp - 0x3f8] add eax, 0x444 push eax mov dword [ebp - 0x410], eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 lea eax, [ebp - 0x2a2] add esp, 0x10 mov dword [ebp - 0x3ec], eax @@ -13916,21 +13959,21 @@ mov dword [ebp - 0x414], eax movzx eax, word [ebp - 0x404] mov dword [ebp - 0x418], eax -loc_000087c1: +loc_0000882f: xor eax, eax -loc_000087c3: +loc_00008831: mov edi, dword [ebp - 0x3ec] mov dword [edi + eax + 1], 0 add eax, 4 cmp eax, 0x40 -jne short loc_000087c3 ; jne 0x87c3 +jne short loc_00008831 ; jne 0x8831 mov byte [ebp - 0x3fc], 0 -loc_000087e0: +loc_0000884e: movzx eax, byte [ebp - 0x3de] cmp byte [ebp - 0x3fc], al -jb loc_00008eb7 ; jb 0x8eb7 +jb loc_00008f25 ; jb 0x8f25 mov esi, dword [ebp - 0x3ec] push ebx push ebx @@ -13946,109 +13989,109 @@ push dword [ebp + 0x10] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00007a48 ; call 0x7a48 +call fcn_00007ab6 ; call 0x7ab6 add esp, 0x30 test eax, eax -js loc_00009176 ; js 0x9176 +js loc_000091e4 ; js 0x91e4 -loc_00008831: +loc_0000889f: sub esp, 0xc push dword [ebp + 0xc] -call fcn_0000823c ; call 0x823c +call fcn_000082aa ; call 0x82aa add esp, 0x10 test al, al -jne loc_00009193 ; jne 0x9193 +jne loc_00009201 ; jne 0x9201 -loc_00008847: +loc_000088b5: inc byte [ebp - 0x408] mov al, byte [ebp - 0x3ee] add dword [ebp - 0x3ec], 0x41 cmp byte [ebp - 0x408], al -jb loc_000087c1 ; jb 0x87c1 +jb loc_0000882f ; jb 0x882f push eax xor edi, edi push eax push 0xffffdfff push dword [ebp - 0x410] lea ebx, [ebp - 0x384] -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop eax pop edx push dword [ebp - 0x3f4] push dword [ebp + 0xc] -call fcn_00007f54 ; call 0x7f54 +call fcn_00007fc2 ; call 0x7fc2 add esp, 0x10 lea edx, [ebp - 0x2a2] -loc_00008899: +loc_00008907: lea eax, [ebp - 0x3c4] -loc_0000889f: +loc_0000890d: mov dword [eax], 0xffffffff add eax, 4 cmp eax, ebx -jne short loc_0000889f ; jne 0x889f +jne short loc_0000890d ; jne 0x890d xor eax, eax -loc_000088ae: +loc_0000891c: mov esi, dword [edx + eax*4 + 1] cmp esi, 0xffffffff -je short loc_000088be ; je 0x88be +je short loc_0000892c ; je 0x892c mov dword [ebp + eax*4 - 0x3c4], esi -loc_000088be: +loc_0000892c: mov esi, dword [ebp + eax*4 - 0x3c4] cmp esi, dword [ebx + eax*4] -jle short loc_000088d6 ; jle 0x88d6 +jle short loc_00008944 ; jle 0x8944 mov cl, byte [edx] mov dword [ebx + eax*4], esi mov byte [ebp + eax - 0x3d4], cl -loc_000088d6: +loc_00008944: inc eax cmp eax, 0x10 -jne short loc_000088ae ; jne 0x88ae +jne short loc_0000891c ; jne 0x891c inc edi add edx, 0x41 mov eax, edi cmp al, byte [ebp - 0x3ee] -jb short loc_00008899 ; jb 0x8899 +jb short loc_00008907 ; jb 0x8907 cmp byte [ebp - 0x3df], 0 -jne loc_0000920a ; jne 0x920a +jne loc_00009278 ; jne 0x9278 -loc_000088f7: +loc_00008965: mov byte [ebp - 0x3ee], 1 -loc_000088fe: +loc_0000896c: mov byte [ebp - 0x3ec], 0 -loc_00008905: +loc_00008973: mov al, byte [ebp - 0x3ec] cmp al, byte [ebp - 0x3de] -jae loc_00008a52 ; jae 0x8a52 +jae loc_00008ac0 ; jae 0x8ac0 movzx edi, byte [ebp - 0x3ec] mov eax, edi shl eax, 5 lea ecx, [ebp + eax - 0x302] cmp byte [ecx + 0xb], 0 mov al, byte [ecx + 2] -je loc_00008a47 ; je 0x8a47 +je loc_00008ab5 ; je 0x8ab5 cmp byte [ebp - 0x3df], 0 -jne short loc_00008952 ; jne 0x8952 +jne short loc_000089c0 ; jne 0x89c0 -loc_00008940: +loc_000089ae: shl edi, 5 xor ebx, ebx lea eax, [ebp - 0x18] mov edx, edi lea edi, [eax + edi] -jmp near loc_000089fa ; jmp 0x89fa +jmp near loc_00008a68 ; jmp 0x8a68 -loc_00008952: +loc_000089c0: cmp al, 1 -je short loc_00008972 ; je 0x8972 +je short loc_000089e0 ; je 0x89e0 cmp al, 2 -je short loc_0000898e ; je 0x898e +je short loc_000089fc ; je 0x89fc mov bl, byte [ebp - 0x3ed] cmp bl, 1 sbb esi, esi @@ -14056,9 +14099,9 @@ neg ebx and esi, 0xfffffff2 and ebx, 0xe add esi, 0xf -jmp short loc_000089a8 ; jmp 0x89a8 +jmp short loc_00008a16 ; jmp 0x8a16 -loc_00008972: +loc_000089e0: mov al, byte [ebp - 0x3ed] cmp al, 1 sbb esi, esi @@ -14068,9 +14111,9 @@ cmp al, 1 sbb ebx, ebx and ebx, 2 add ebx, 6 -jmp short loc_000089a8 ; jmp 0x89a8 +jmp short loc_00008a16 ; jmp 0x8a16 -loc_0000898e: +loc_000089fc: mov al, byte [ebp - 0x3ed] cmp al, 1 sbb esi, esi @@ -14081,15 +14124,15 @@ sbb ebx, ebx and ebx, 0xa add ebx, 2 -loc_000089a8: +loc_00008a16: mov eax, edi shl eax, 5 mov dword [ebp - 0x3f4], eax -loc_000089b3: +loc_00008a21: mov eax, esi cmp bl, al -ja short loc_00008940 ; ja 0x8940 +ja short loc_000089ae ; ja 0x89ae movzx ecx, bl sub esp, 0xc movzx eax, byte [ebp + ecx - 0x3d4] @@ -14102,15 +14145,15 @@ lea eax, [ebp - 0x302] add eax, dword [ebp - 0x3f4] push ecx push eax -call fcn_00008086 ; call 0x8086 +call fcn_000080f4 ; call 0x80f4 mov ecx, dword [ebp - 0x3f8] add esp, 0x20 mov byte [ebp + ecx - 0x3d4], al -jmp short loc_000089b3 ; jmp 0x89b3 +jmp short loc_00008a21 ; jmp 0x8a21 -loc_000089fa: +loc_00008a68: cmp bl, byte [edi - 0x2ce] -jae short loc_00008a47 ; jae 0x8a47 +jae short loc_00008ab5 ; jae 0x8ab5 movzx eax, bl sub esp, 0xc movzx esi, byte [eax + edi - 0x2de] @@ -14124,51 +14167,51 @@ lea eax, [ebp - 0x302] add eax, edx push esi push eax -call fcn_00008086 ; call 0x8086 +call fcn_000080f4 ; call 0x80f4 add esp, 0x20 mov edx, dword [ebp - 0x3f4] mov byte [ebp + esi - 0x3d4], al -jmp short loc_000089fa ; jmp 0x89fa +jmp short loc_00008a68 ; jmp 0x8a68 -loc_00008a47: +loc_00008ab5: inc byte [ebp - 0x3ec] -jmp near loc_00008905 ; jmp 0x8905 +jmp near loc_00008973 ; jmp 0x8973 -loc_00008a52: +loc_00008ac0: cmp byte [ebp - 0x3ee], 0 -je short loc_00008a8e ; je 0x8a8e +je short loc_00008afc ; je 0x8afc xor ebx, ebx -loc_00008a5d: +loc_00008acb: push ecx push ebx inc ebx push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop esi pop edi push 0x10 add eax, 0xb0 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 cmp ebx, 3 -jne short loc_00008a5d ; jne 0x8a5d +jne short loc_00008acb ; jne 0x8acb sub esp, 0xc push dword [ebp + 0xc] -call fcn_00005fa8 ; call 0x5fa8 +call fcn_00006016 ; call 0x6016 add esp, 0x10 -loc_00008a8e: +loc_00008afc: movzx eax, byte [ebp - 0x3ed] mov byte [ebp - 0x3ec], 0 mov dword [ebp - 0x3f8], eax -loc_00008aa2: +loc_00008b10: mov al, byte [ebp - 0x3ec] cmp al, byte [ebp - 0x3de] -jae loc_00008d1f ; jae 0x8d1f +jae loc_00008d8d ; jae 0x8d8d movzx eax, byte [ebp - 0x3ec] mov dword [ebp - 0x3fc], eax shl eax, 5 @@ -14182,25 +14225,25 @@ movzx ebx, byte [edi + 1] mov byte [ebp - 0x3ed], cl push ebx push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 cmp byte [edi + 0xb], 0 mov dword [ebp - 0x400], eax -jne short loc_00008b1b ; jne 0x8b1b -call fcn_000153e9 ; call 0x153e9 +jne short loc_00008b89 ; jne 0x8b89 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00008d14 ; je 0x8d14 +je loc_00008d82 ; je 0x8d82 push esi push ebx -push ref_00021e3a ; push 0x21e3a +push ref_00021eca ; push 0x21eca push 0x40 -call fcn_000153f7 ; call 0x153f7 -jmp near loc_00008d11 ; jmp 0x8d11 +call fcn_00015487 ; call 0x15487 +jmp near loc_00008d7f ; jmp 0x8d7f -loc_00008b1b: +loc_00008b89: mov cl, byte [ebp - 0x3ed] cmp cl, 1 -je short loc_00008b39 ; je 0x8b39 +je short loc_00008ba7 ; je 0x8ba7 cmp cl, 2 mov al, 0xd mov bl, 1 @@ -14208,13 +14251,13 @@ mov dl, 0 cmove ebx, eax mov al, 0xc cmove edx, eax -jmp short loc_00008b3d ; jmp 0x8b3d +jmp short loc_00008bab ; jmp 0x8bab -loc_00008b39: +loc_00008ba7: mov bl, 9 mov dl, 8 -loc_00008b3d: +loc_00008bab: push eax push eax lea eax, [ebp - 0x3da] @@ -14222,27 +14265,27 @@ push eax movzx eax, dl push eax mov dword [ebp - 0x3f4], edx -call fcn_0000930f ; call 0x930f +call fcn_0000937d ; call 0x937d add esp, 0x10 mov edx, dword [ebp - 0x3f4] cmp byte [ebp - 0x3df], 0 -je short loc_00008b76 ; je 0x8b76 +je short loc_00008be4 ; je 0x8be4 movzx eax, byte [ebp - 0x3ed] mov dword [ebp - 0x404], eax -jmp short loc_00008b91 ; jmp 0x8b91 +jmp short loc_00008bff ; jmp 0x8bff -loc_00008b76: +loc_00008be4: mov eax, dword [ebp - 0x3fc] lea esi, [ebp - 0x18] xor edx, edx shl eax, 5 add eax, esi mov dword [ebp - 0x3f4], eax -jmp near loc_00008c25 ; jmp 0x8c25 +jmp near loc_00008c93 ; jmp 0x8c93 -loc_00008b91: +loc_00008bff: cmp dl, bl -ja short loc_00008b76 ; ja 0x8b76 +ja short loc_00008be4 ; ja 0x8be4 push edi movzx esi, dl push edi @@ -14250,7 +14293,7 @@ push dword [ebp - 0x3f8] lea edi, [ebp - 0x3dd] mov dword [ebp - 0x40c], edx push esi -call fcn_00006de6 ; call 0x6de6 +call fcn_00006e54 ; call 0x6e54 movzx ecx, byte [ebp - 0x3da] movzx eax, al movzx eax, byte [ebp + eax - 0x3d4] @@ -14264,7 +14307,7 @@ push ecx push edx mov dword [ebp - 0x3f4], edx mov dword [ebp - 0x408], eax -call fcn_0000936b ; call 0x936b +call fcn_000093d9 ; call 0x93d9 mov eax, dword [ebp - 0x408] add esp, 0x20 lea ecx, [ebp - 0x3db] @@ -14272,21 +14315,21 @@ push ecx push eax push edi push esi -call fcn_00009450 ; call 0x9450 +call fcn_000094be ; call 0x94be push esi push dword [ebp - 0x404] push dword [ebp - 0x3f4] push 1 -call fcn_00002a9d ; call 0x2a9d +call fcn_00002b0b ; call 0x2b0b mov edx, dword [ebp - 0x40c] add esp, 0x20 inc edx -jmp near loc_00008b91 ; jmp 0x8b91 +jmp near loc_00008bff ; jmp 0x8bff -loc_00008c25: +loc_00008c93: mov eax, dword [ebp - 0x3f4] cmp dl, byte [eax - 0x2ce] -jae loc_00008ce9 ; jae 0x8ce9 +jae loc_00008d57 ; jae 0x8d57 mov edi, dword [ebp - 0x3f4] movzx eax, dl push ecx @@ -14298,7 +14341,7 @@ lea edi, [ebp - 0x3dc] mov dword [ebp - 0x404], edx lea esi, [ebp - 0x3dd] push eax -call fcn_00006de6 ; call 0x6de6 +call fcn_00006e54 ; call 0x6e54 movzx ecx, byte [ebp - 0x3da] mov dword [ebp - 0x3fc], eax lea eax, [ebp - 0x3db] @@ -14309,7 +14352,7 @@ push ecx movzx ecx, byte [ebx + 0xc] movzx ecx, byte [ebp + ecx - 0x3d4] push ecx -call fcn_0000936b ; call 0x936b +call fcn_000093d9 ; call 0x93d9 mov eax, dword [ebp - 0x3fc] add esp, 0x20 lea ecx, [ebp - 0x3db] @@ -14319,7 +14362,7 @@ push esi movzx eax, al push eax mov dword [ebp - 0x3fc], eax -call fcn_00009450 ; call 0x9450 +call fcn_000094be ; call 0x94be mov eax, dword [ebp - 0x3fc] push eax movzx eax, byte [ebp - 0x3ed] @@ -14328,13 +14371,13 @@ movzx eax, byte [ebx + 0xc] movzx eax, byte [ebp + eax - 0x3d4] push eax push 1 -call fcn_00002a9d ; call 0x2a9d +call fcn_00002b0b ; call 0x2b0b mov edx, dword [ebp - 0x404] add esp, 0x20 inc edx -jmp near loc_00008c25 ; jmp 0x8c25 +jmp near loc_00008c93 ; jmp 0x8c93 -loc_00008ce9: +loc_00008d57: mov edi, dword [ebp - 0x400] push esi push esi @@ -14342,25 +14385,25 @@ push 1 mov eax, edi add eax, 0xd98 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop eax mov eax, edi pop edx add eax, 0xb0 push 0x20 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 -loc_00008d11: +loc_00008d7f: add esp, 0x10 -loc_00008d14: +loc_00008d82: inc byte [ebp - 0x3ec] -jmp near loc_00008aa2 ; jmp 0x8aa2 +jmp near loc_00008b10 ; jmp 0x8b10 -loc_00008d1f: +loc_00008d8d: cmp byte [ebp - 0x3ee], 0 -je short loc_00008d70 ; je 0x8d70 +je short loc_00008dde ; je 0x8dde push ebx mov eax, dword [ebp + 0x10] xor ebx, ebx @@ -14370,33 +14413,33 @@ push dword [ebp + 8] call dword [eax + 4] ; ucall add esp, 0x10 -loc_00008d3c: +loc_00008daa: push edi push ebx inc ebx push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0xffef add eax, 0xb0 push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 cmp ebx, 3 -jne short loc_00008d3c ; jne 0x8d3c +jne short loc_00008daa ; jne 0x8daa sub esp, 0xc push dword [ebp + 0xc] -call fcn_00005ffc ; call 0x5ffc +call fcn_0000606a ; call 0x606a add esp, 0x10 -loc_00008d70: +loc_00008dde: xor edx, edx -loc_00008d72: +loc_00008de0: cmp dl, byte [ebp - 0x3de] -jae short loc_00008dca ; jae 0x8dca +jae short loc_00008e38 ; jae 0x8e38 movzx eax, dl shl eax, 5 lea ecx, [ebp + eax - 0x302] @@ -14410,48 +14453,48 @@ push eax push dword [ebp + 0x10] push dword [ebp + 8] mov dword [ebp - 0x3ec], edx -call fcn_00005ce2 ; call 0x5ce2 +call fcn_00005d50 ; call 0x5d50 add esp, 0xc push edi push esi push ebx -call fcn_000023ad ; call 0x23ad +call fcn_0000241b ; call 0x241b mov edx, dword [ebp - 0x3ec] add esp, 0x10 inc edx -jmp short loc_00008d72 ; jmp 0x8d72 +jmp short loc_00008de0 ; jmp 0x8de0 -loc_00008dca: -call fcn_000153e9 ; call 0x153e9 +loc_00008e38: +call fcn_00015479 ; call 0x15479 test al, al -je loc_00009307 ; je 0x9307 +je loc_00009375 ; je 0x9375 push esi push esi -push ref_00021e75 ; push 0x21e75 +push ref_00021f05 ; push 0x21f05 -loc_00008dde: +loc_00008e4c: push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_00009307 ; jmp 0x9307 +jmp near loc_00009375 ; jmp 0x9375 -loc_00008ded: +loc_00008e5b: cmp dword [ebp - 0x3ec], 0x40670 -jne loc_000085bf ; jne 0x85bf +jne loc_0000862d ; jne 0x862d push eax push eax push 0xffff7fff push esi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -jmp near loc_000085bf ; jmp 0x85bf +jmp near loc_0000862d ; jmp 0x862d -loc_00008e12: +loc_00008e80: xor ebx, ebx -loc_00008e14: +loc_00008e82: cmp bl, byte [ebp - 0x3de] -jae loc_000085b2 ; jae 0x85b2 +jae loc_00008620 ; jae 0x8620 movzx eax, bl shl eax, 5 lea edx, [ebp + eax - 0x302] @@ -14460,7 +14503,7 @@ movzx ecx, byte [edx + 2] movzx edx, byte [edx + 1] mov byte [ebp - 0x3fc], al -loc_00008e42: +loc_00008eb0: movzx edi, byte [ebp - 0x3fc] push eax push ecx @@ -14468,15 +14511,15 @@ push edx push edi mov dword [ebp - 0x408], ecx mov dword [ebp - 0x400], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xd2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, dword [ebp - 0x400] mov ecx, dword [ebp - 0x408] test al, 2 -je short loc_00008e42 ; je 0x8e42 +je short loc_00008eb0 ; je 0x8eb0 sub esp, 0xc inc ebx push ecx @@ -14484,23 +14527,23 @@ push edx push edi push dword [ebp + 0x10] push dword [ebp + 8] -call fcn_000024e1 ; call 0x24e1 +call fcn_0000254f ; call 0x254f add esp, 0x20 -jmp near loc_00008e14 ; jmp 0x8e14 +jmp near loc_00008e82 ; jmp 0x8e82 -loc_00008e98: +loc_00008f06: xor edi, edi -loc_00008e9a: +loc_00008f08: mov eax, ebx mov esi, dword [ebp + 0x14] shl eax, 5 mov eax, dword [ebp + eax - 0x2fb] mov dword [esi + edx*4 + 0x29], eax mov esi, 1 -jmp near loc_00008644 ; jmp 0x8644 +jmp near loc_000086b2 ; jmp 0x86b2 -loc_00008eb7: +loc_00008f25: movzx eax, byte [ebp - 0x3fc] lea edi, [ebp - 0x18] mov dword [ebp - 0x400], eax @@ -14517,26 +14560,26 @@ movzx ebx, byte [edi + 1] mov byte [ebp - 0x3f8], cl push ebx push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 cmp byte [edi + 0xb], 0 mov dword [ebp - 0x404], eax -jne short loc_00008f2c ; jne 0x8f2c -call fcn_000153e9 ; call 0x153e9 +jne short loc_00008f9a ; jne 0x8f9a +call fcn_00015479 ; call 0x15479 test al, al -je loc_0000916b ; je 0x916b +je loc_000091d9 ; je 0x91d9 push esi push ebx -push ref_00021de4 ; push 0x21de4 +push ref_00021e74 ; push 0x21e74 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_0000916b ; jmp 0x916b +jmp near loc_000091d9 ; jmp 0x91d9 -loc_00008f2c: +loc_00008f9a: mov cl, byte [ebp - 0x3f8] cmp cl, 1 -je short loc_00008f4d ; je 0x8f4d +je short loc_00008fbb ; je 0x8fbb cmp cl, 2 mov al, 0xd mov esi, 1 @@ -14544,20 +14587,20 @@ mov bl, 0 cmove esi, eax mov al, 0xc cmove ebx, eax -jmp short loc_00008f54 ; jmp 0x8f54 +jmp short loc_00008fc2 ; jmp 0x8fc2 -loc_00008f4d: +loc_00008fbb: mov esi, 9 mov bl, 8 -loc_00008f54: +loc_00008fc2: push edi push edi lea eax, [ebp - 0x3da] push eax movzx eax, bl push eax -call fcn_0000930f ; call 0x930f +call fcn_0000937d ; call 0x937d lea edi, [ebp - 0x3db] lea eax, [ebp - 0x3dc] mov dword [esp], edi @@ -14569,26 +14612,26 @@ push eax mov eax, dword [ebp - 0x3ec] movzx eax, byte [eax] push eax -call fcn_0000936b ; call 0x936b +call fcn_000093d9 ; call 0x93d9 add esp, 0x20 cmp byte [ebp - 0x3df], 0 -je short loc_00008fab ; je 0x8fab +je short loc_00009019 ; je 0x9019 mov edx, edi movzx edi, byte [ebp - 0x3f8] -jmp short loc_00008fbe ; jmp 0x8fbe +jmp short loc_0000902c ; jmp 0x902c -loc_00008fab: +loc_00009019: mov esi, dword [ebp - 0x400] lea eax, [ebp - 0x18] xor edx, edx shl esi, 5 lea edi, [eax + esi] -jmp short loc_0000900d ; jmp 0x900d +jmp short loc_0000907b ; jmp 0x907b -loc_00008fbe: +loc_0000902c: mov eax, esi cmp bl, al -ja short loc_00008fab ; ja 0x8fab +ja short loc_00009019 ; ja 0x9019 push edx movzx eax, bl lea ecx, [ebp - 0x3dc] @@ -14599,7 +14642,7 @@ push ecx push eax mov dword [ebp - 0x420], edx mov dword [ebp - 0x41c], eax -call fcn_00009450 ; call 0x9450 +call fcn_000094be ; call 0x94be mov eax, dword [ebp - 0x41c] push eax mov eax, dword [ebp - 0x3ec] @@ -14607,15 +14650,15 @@ push edi movzx eax, byte [eax] push eax push 1 -call fcn_00002a9d ; call 0x2a9d +call fcn_00002b0b ; call 0x2b0b add esp, 0x20 mov edx, dword [ebp - 0x420] -jmp short loc_00008fbe ; jmp 0x8fbe +jmp short loc_0000902c ; jmp 0x902c -loc_0000900d: +loc_0000907b: lea ebx, [edi - 0x2da] cmp dl, byte [edi - 0x2ce] -jae short loc_00009081 ; jae 0x9081 +jae short loc_000090ef ; jae 0x90ef push ebx movzx eax, dl push ebx @@ -14623,7 +14666,7 @@ push dword [ebp - 0x414] movzx eax, byte [eax + edi - 0x2de] mov dword [ebp - 0x41c], edx push eax -call fcn_00006de6 ; call 0x6de6 +call fcn_00006e54 ; call 0x6e54 movzx ebx, al lea eax, [ebp - 0x3db] push eax @@ -14632,7 +14675,7 @@ push eax lea eax, [ebp - 0x3dd] push eax push ebx -call fcn_00009450 ; call 0x9450 +call fcn_000094be ; call 0x94be movzx eax, byte [ebp - 0x3f8] add esp, 0x20 push ebx @@ -14641,13 +14684,13 @@ mov eax, dword [ebp - 0x3ec] movzx eax, byte [eax] push eax push 1 -call fcn_00002a9d ; call 0x2a9d +call fcn_00002b0b ; call 0x2b0b mov edx, dword [ebp - 0x41c] add esp, 0x10 inc edx -jmp short loc_0000900d ; jmp 0x900d +jmp short loc_0000907b ; jmp 0x907b -loc_00009081: +loc_000090ef: mov eax, dword [ebp - 0x404] lea edi, [ebp + esi - 0x302] push ecx @@ -14655,23 +14698,23 @@ push ecx push 1 add eax, 0xd98 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push edi push dword [ebp + 0x10] push dword [ebp + 8] -call fcn_000063c9 ; call 0x63c9 +call fcn_00006437 ; call 0x6437 mov eax, dword [ebp - 0x404] lea esi, [eax + 0xb2] mov dword [esp], esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0xf cmp ax, 3 -je short loc_0000910b ; je 0x910b +je short loc_00009179 ; je 0x9179 sub esp, 0xc push edi -call fcn_0000642d ; call 0x642d +call fcn_0000649b ; call 0x649b add esp, 0xc movzx eax, al push eax @@ -14681,25 +14724,25 @@ push dword [ebp + 0x10] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_000065b0 ; call 0x65b0 +call fcn_0000661e ; call 0x661e add esp, 0x14 push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0xf cmp ax, 3 -je short loc_0000910b ; je 0x910b +je short loc_00009179 ; je 0x9179 mov byte [ebx + 0xe], 1 -jmp short loc_0000916b ; jmp 0x916b +jmp short loc_000091d9 ; jmp 0x91d9 -loc_0000910b: +loc_00009179: movzx esi, byte [ebp - 0x3f8] push edi push edi mov edi, dword [ebp - 0x3f4] push esi push edi -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 add esp, 0xc mov ebx, eax mov eax, dword [ebp + 0xc] @@ -14714,35 +14757,35 @@ pop eax pop edx push esi push edi -call fcn_00007b99 ; call 0x7b99 +call fcn_00007c07 ; call 0x7c07 add esp, 0x10 cmp eax, ebx mov eax, dword [ebp - 0x400] -je short loc_00009160 ; je 0x9160 +je short loc_000091ce ; je 0x91ce shl eax, 5 mov byte [ebp + eax - 0x2e4], 1 -jmp short loc_0000916b ; jmp 0x916b +jmp short loc_000091d9 ; jmp 0x91d9 -loc_00009160: +loc_000091ce: shl eax, 5 mov byte [ebp + eax - 0x2e3], 1 -loc_0000916b: +loc_000091d9: inc byte [ebp - 0x3fc] -jmp near loc_000087e0 ; jmp 0x87e0 +jmp near loc_0000884e ; jmp 0x884e -loc_00009176: +loc_000091e4: xor eax, eax -loc_00009178: +loc_000091e6: mov edi, dword [ebp - 0x3ec] mov dword [edi + eax + 1], 0 add eax, 4 cmp eax, 0x40 -jne short loc_00009178 ; jne 0x9178 -jmp near loc_00008831 ; jmp 0x8831 +jne short loc_000091e6 ; jne 0x91e6 +jmp near loc_0000889f ; jmp 0x889f -loc_00009193: +loc_00009201: push ecx push ecx lea eax, [ebp - 0x344] @@ -14759,44 +14802,44 @@ push dword [ebp + 0x10] push dword [ebp + 0x14] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00007a48 ; call 0x7a48 +call fcn_00007ab6 ; call 0x7ab6 add esp, 0x30 test eax, eax -js loc_00008847 ; js 0x8847 +js loc_000088b5 ; js 0x88b5 xor eax, eax -loc_000091d9: +loc_00009247: mov edx, dword [ebp + eax - 0x344] cmp edx, 0xffffffff -je short loc_000091fd ; je 0x91fd +je short loc_0000926b ; je 0x926b mov esi, dword [ebp - 0x3ec] mov ecx, dword [esi + eax + 1] cmp ecx, 0x18f -jle short loc_000091fd ; jle 0x91fd +jle short loc_0000926b ; jle 0x926b add edx, ecx mov dword [esi + eax + 1], edx -loc_000091fd: +loc_0000926b: add eax, 4 cmp eax, 0x40 -jne short loc_000091d9 ; jne 0x91d9 -jmp near loc_00008847 ; jmp 0x8847 +jne short loc_00009247 ; jne 0x9247 +jmp near loc_000088b5 ; jmp 0x88b5 -loc_0000920a: +loc_00009278: mov byte [ebp - 0x3ec], 0 -loc_00009211: +loc_0000927f: mov al, byte [ebp - 0x3ec] cmp al, byte [ebp - 0x3de] -jae loc_000088f7 ; jae 0x88f7 +jae loc_00008965 ; jae 0x8965 movzx eax, byte [ebp - 0x3ec] shl eax, 5 mov al, byte [ebp + eax - 0x300] cmp al, 1 -je short loc_0000925f ; je 0x925f +je short loc_000092cd ; je 0x92cd cmp al, 2 mov al, byte [ebp - 0x3ed] -je short loc_00009285 ; je 0x9285 +je short loc_000092f3 ; je 0x92f3 cmp al, 1 mov bl, al sbb edi, edi @@ -14808,9 +14851,9 @@ cmp al, 1 sbb edx, edx and edx, 0xfffffff5 add edx, 0xd -jmp short loc_000092a1 ; jmp 0x92a1 +jmp short loc_0000930f ; jmp 0x930f -loc_0000925f: +loc_000092cd: mov al, byte [ebp - 0x3ed] cmp al, 1 sbb edi, edi @@ -14824,9 +14867,9 @@ cmp al, 1 sbb edx, edx and edx, 5 add edx, 5 -jmp short loc_000092a1 ; jmp 0x92a1 +jmp short loc_0000930f ; jmp 0x930f -loc_00009285: +loc_000092f3: cmp al, 1 sbb edi, edi and edi, 0xa @@ -14840,13 +14883,13 @@ sbb edx, edx and edx, 0xd inc edx -loc_000092a1: +loc_0000930f: movzx esi, dl cmp dword [ebp + esi*4 - 0x384], 0xffffffff -je short loc_000092fc ; je 0x92fc -call fcn_000153e9 ; call 0x153e9 +je short loc_0000936a ; je 0x936a +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000092d4 ; je 0x92d4 +je short loc_00009342 ; je 0x9342 mov eax, edi sub esp, 0xc movzx eax, al @@ -14854,28 +14897,28 @@ push eax movzx eax, bl push eax push esi -push ref_00021e09 ; push 0x21e09 +push ref_00021e99 ; push 0x21e99 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_000092d4: +loc_00009342: mov eax, edi cmp bl, al -ja short loc_000092fc ; ja 0x92fc +ja short loc_0000936a ; ja 0x936a mov ecx, dword [ebp + esi*4 - 0x384] movzx eax, bl inc ebx mov dword [ebp + eax*4 - 0x384], ecx mov cl, byte [ebp + esi - 0x3d4] mov byte [ebp + eax - 0x3d4], cl -jmp short loc_000092d4 ; jmp 0x92d4 +jmp short loc_00009342 ; jmp 0x9342 -loc_000092fc: +loc_0000936a: inc byte [ebp - 0x3ec] -jmp near loc_00009211 ; jmp 0x9211 +jmp near loc_0000927f ; jmp 0x927f -loc_00009307: +loc_00009375: lea esp, [ebp - 0xc] pop ebx pop esi @@ -14883,7 +14926,7 @@ pop edi pop ebp ret -fcn_0000930f: +fcn_0000937d: push ebp mov ebp, esp push esi @@ -14893,7 +14936,7 @@ push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx lea ebx, [eax + 0x814] @@ -14903,16 +14946,16 @@ shl edx, 0x13 or edx, 0x2840000 push edx push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax pop eax pop edx shr esi, 6 push 0 push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov eax, dword [ebp + 0xc] mov edx, esi and edx, 0x3f @@ -14924,7 +14967,7 @@ pop esi pop ebp ret -fcn_0000936b: +fcn_000093d9: push ebp mov ebp, esp push edi @@ -14935,65 +14978,65 @@ mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] cmp bl, 9 -ja short loc_000093b7 ; ja 0x93b7 +ja short loc_00009425 ; ja 0x9425 movzx ebx, bl -jmp dword [ebx*4 + ref_00020340] ; ujmp: jmp dword [ebx*4 + 0x20340] +jmp dword [ebx*4 + ref_000203d0] ; ujmp: jmp dword [ebx*4 + 0x203d0] -loc_0000938c: +loc_000093fa: mov ecx, 0xffffff38 -jmp near loc_0000944c ; jmp 0x944c +jmp near loc_000094ba ; jmp 0x94ba -loc_00009396: +loc_00009404: mov ecx, 0xffffff83 -jmp near loc_0000944c ; jmp 0x944c +jmp near loc_000094ba ; jmp 0x94ba -loc_000093a0: +loc_0000940e: xor ecx, ecx -jmp near loc_0000944c ; jmp 0x944c +jmp near loc_000094ba ; jmp 0x94ba -loc_000093a7: +loc_00009415: mov ecx, 0xffffff83 -jmp short loc_000093dc ; jmp 0x93dc +jmp short loc_0000944a ; jmp 0x944a -loc_000093ae: +loc_0000941c: xor ecx, ecx mov eax, 0xffffff5a -jmp short loc_000093ed ; jmp 0x93ed +jmp short loc_0000945b ; jmp 0x945b -loc_000093b7: -call fcn_000153e9 ; call 0x153e9 +loc_00009425: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000093e3 ; je 0x93e3 +je short loc_00009451 ; je 0x9451 movzx ebx, bl push eax push ebx -push ref_00021e93 ; push 0x21e93 +push ref_00021f23 ; push 0x21f23 push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_000093e3 ; jmp 0x93e3 +jmp short loc_00009451 ; jmp 0x9451 -loc_000093d6: +loc_00009444: xor ecx, ecx -jmp short loc_000093e8 ; jmp 0x93e8 +jmp short loc_00009456 ; jmp 0x9456 -loc_000093da: +loc_00009448: xor ecx, ecx -loc_000093dc: +loc_0000944a: mov eax, 0xffffff83 -jmp short loc_000093ed ; jmp 0x93ed +jmp short loc_0000945b ; jmp 0x945b -loc_000093e3: +loc_00009451: mov ecx, 0xffffff38 -loc_000093e8: +loc_00009456: mov eax, 0xffffff9c -loc_000093ed: +loc_0000945b: neg eax -loc_000093ef: +loc_0000945d: mov ebx, ecx mov edx, esi movzx edx, dl @@ -15029,18 +15072,18 @@ pop edi pop ebp ret -loc_00009440: +loc_000094ae: mov ecx, 0xffffff06 -jmp short loc_0000944c ; jmp 0x944c +jmp short loc_000094ba ; jmp 0x94ba -loc_00009447: +loc_000094b5: mov ecx, 0xffffff59 -loc_0000944c: +loc_000094ba: xor eax, eax -jmp short loc_000093ef ; jmp 0x93ef +jmp short loc_0000945d ; jmp 0x945d -fcn_00009450: +fcn_000094be: push ebp mov ebp, esp mov eax, dword [ebp + 0x14] @@ -15063,13 +15106,13 @@ push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push ebx lea esi, [eax + 0x814] push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 mov dword [ebp + 8], esi mov dword [ebp + 0xc], 0 @@ -15077,9 +15120,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_000094b3: +fcn_00009521: push ebp mov ebp, esp push esi @@ -15090,20 +15133,20 @@ push ecx push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edx, esi add esp, 0x10 shr bl, 1 test dl, dl movzx ebx, bl -je short loc_000094f7 ; je 0x94f7 +je short loc_00009565 ; je 0x9565 push edx push 6 shl ebx, 5 push 0xfffffffffffffff9 lea eax, [eax + ebx + 0x900] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 lea esp, [ebp - 8] pop ebx @@ -15111,7 +15154,7 @@ pop esi pop ebp ret -loc_000094f7: +loc_00009565: shl ebx, 5 lea eax, [eax + ebx + 0x900] mov dword [ebp + 0xc], 0xfffffff9 @@ -15120,49 +15163,49 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00018a7a ; jmp 0x18a7a +jmp near fcn_00018b3e ; jmp 0x18b3e -fcn_00009516: +fcn_00009584: push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 cmp eax, 0x40660 -je short loc_000095ac ; je 0x95ac +je short loc_0000961a ; je 0x961a cmp eax, 0x306c0 -je short loc_000095ac ; je 0x95ac +je short loc_0000961a ; je 0x961a cmp eax, 0x40670 -je short loc_00009554 ; je 0x9554 +je short loc_000095c2 ; je 0x95c2 -loc_0000953b: -call fcn_000153e9 ; call 0x153e9 +loc_000095a9: +call fcn_00015479 ; call 0x15479 test al, al -je loc_00009617 ; je 0x9617 -mov dword [ebp + 0xc], ref_00021ede ; mov dword [ebp + 0xc], 0x21ede -jmp near loc_00009605 ; jmp 0x9605 +je loc_00009685 ; je 0x9685 +mov dword [ebp + 0xc], ref_00021f6e ; mov dword [ebp + 0xc], 0x21f6e +jmp near loc_00009673 ; jmp 0x9673 -loc_00009554: +loc_000095c2: push edx push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -je short loc_0000953b ; je 0x953b +je short loc_000095a9 ; je 0x95a9 -loc_00009572: +loc_000095e0: push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edx, ebx add esp, 0xc and edx, 1 @@ -15175,123 +15218,123 @@ shl ebx, 5 push 0x3fffffff lea eax, [eax + ebx + 0x80c] push eax -call fcn_00018aa4 ; call 0x18aa4 -jmp short loc_000095f0 ; jmp 0x95f0 +call fcn_00018b68 ; call 0x18b68 +jmp short loc_0000965e ; jmp 0x965e -loc_000095ac: +loc_0000961a: cmp eax, 0x40670 -je short loc_00009572 ; je 0x9572 +je short loc_000095e0 ; je 0x95e0 cmp eax, 0x40660 -je short loc_000095c1 ; je 0x95c1 +je short loc_0000962f ; je 0x962f cmp eax, 0x306c0 -jne short loc_000095f5 ; jne 0x95f5 +jne short loc_00009663 ; jne 0x9663 -loc_000095c1: +loc_0000962f: push 0x1000c movzx ebx, bl push 0 push 2 push esi -call fcn_0000407d ; call 0x407d +call fcn_000040eb ; call 0x40eb push 0 push ebx push 0x1011 push esi -call fcn_0000407d ; call 0x407d +call fcn_000040eb ; call 0x40eb add esp, 0x20 push 0 push 0 push 3 push esi -call fcn_0000407d ; call 0x407d +call fcn_000040eb ; call 0x40eb -loc_000095f0: +loc_0000965e: add esp, 0x10 -jmp short loc_00009617 ; jmp 0x9617 +jmp short loc_00009685 ; jmp 0x9685 -loc_000095f5: -call fcn_000153e9 ; call 0x153e9 +loc_00009663: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00009617 ; je 0x9617 -mov dword [ebp + 0xc], ref_00021f11 ; mov dword [ebp + 0xc], 0x21f11 +je short loc_00009685 ; je 0x9685 +mov dword [ebp + 0xc], ref_00021fa1 ; mov dword [ebp + 0xc], 0x21fa1 -loc_00009605: +loc_00009673: mov dword [ebp + 8], 2 lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_000153f7 ; jmp 0x153f7 +jmp near fcn_00015487 ; jmp 0x15487 -loc_00009617: +loc_00009685: lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0000961e: +fcn_0000968c: push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov ebx, eax -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 cmp ebx, 0x40670 -je short loc_0000963e ; je 0x963e +je short loc_000096ac ; je 0x96ac -loc_0000963a: +loc_000096a8: xor edx, edx -jmp short loc_000096a9 ; jmp 0x96a9 +jmp short loc_00009717 ; jmp 0x9717 -loc_0000963e: +loc_000096ac: mov edx, 0x80000003 test eax, eax -je short loc_000096a9 ; je 0x96a9 +je short loc_00009717 ; je 0x9717 mov eax, esi xor ebx, ebx test al, al -je short loc_0000967c ; je 0x967c +je short loc_000096ea ; je 0x96ea -loc_0000964f: +loc_000096bd: push esi push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0x10 lea eax, [eax + ebx + 0x90c] add ebx, 0x20 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp ebx, 0x100 -jne short loc_0000964f ; jne 0x964f -jmp short loc_0000963a ; jmp 0x963a +jne short loc_000096bd ; jne 0x96bd +jmp short loc_000096a8 ; jmp 0x96a8 -loc_0000967c: +loc_000096ea: push eax push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0xffffffffffffffef lea eax, [eax + ebx + 0x90c] add ebx, 0x20 push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 cmp ebx, 0x100 -jne short loc_0000967c ; jne 0x967c -jmp short loc_0000963a ; jmp 0x963a +jne short loc_000096ea ; jne 0x96ea +jmp short loc_000096a8 ; jmp 0x96a8 -loc_000096a9: +loc_00009717: lea esp, [ebp - 8] mov eax, edx pop ebx @@ -15299,7 +15342,7 @@ pop esi pop ebp ret -fcn_000096b2: +fcn_00009720: push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -15317,7 +15360,7 @@ push 0x31 push esi push 1 push 0 -call fcn_00002974 ; call 0x2974 +call fcn_000029e2 ; call 0x29e2 add esp, 0x20 mov dword [ebp + 0x18], ebx mov dword [ebp + 0x10], esi @@ -15328,9 +15371,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00002974 ; jmp 0x2974 +jmp near fcn_000029e2 ; jmp 0x29e2 -fcn_00009706: +fcn_00009774: push ebp mov ebp, esp push ebx @@ -15340,7 +15383,7 @@ push 0x31 push ebx push 1 push 0 -call fcn_000029f2 ; call 0x29f2 +call fcn_00002a60 ; call 0x2a60 mov edx, dword [ebp + 0x10] mov ecx, eax and ecx, 0x3f @@ -15353,7 +15396,7 @@ push 0x32 push ebx push 1 push 0 -call fcn_000029f2 ; call 0x29f2 +call fcn_00002a60 ; call 0x2a60 mov edx, dword [ebp + 0x18] add esp, 0x20 mov ecx, eax @@ -15367,7 +15410,7 @@ mov ebx, dword [ebp - 4] leave ret -fcn_00009759: +fcn_000097c7: push ebp mov ebp, esp push edi @@ -15378,17 +15421,17 @@ mov ecx, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov edx, dword [ebp + 0x14] cmp ecx, 0x20 -jne short loc_0000977e ; jne 0x977e +jne short loc_000097ec ; jne 0x97ec mov dword [ebx], 0 mov dword [edx], 0x20 -jmp short loc_000097d1 ; jmp 0x97d1 +jmp short loc_0000983f ; jmp 0x983f -loc_0000977e: +loc_000097ec: mov eax, 0 -jbe short loc_000097a2 ; jbe 0x97a2 +jbe short loc_00009810 ; jbe 0x9810 lea esi, [ecx - 0x20] -loc_00009788: +loc_000097f6: mov ecx, dword [ebp + 8] mov edi, esi sub ecx, eax @@ -15397,17 +15440,17 @@ mov ecx, edi add ecx, 0x20 lea edi, [eax + 1] cmp ecx, 0x3f -jle short loc_000097cd ; jle 0x97cd +jle short loc_0000983b ; jle 0x983b mov eax, edi -jmp short loc_00009788 ; jmp 0x9788 +jmp short loc_000097f6 ; jmp 0x97f6 -loc_000097a2: +loc_00009810: mov esi, 0x20 mov edi, esi sub edi, ecx mov dword [ebp - 0x14], edi -loc_000097ae: +loc_0000981c: mov ecx, dword [ebp + 8] mov edi, dword [ebp - 0x14] sub ecx, eax @@ -15418,15 +15461,15 @@ mov dword [ebp - 0x10], edi mov edi, esi sub edi, ecx mov ecx, edi -jns short loc_000097cd ; jns 0x97cd +jns short loc_0000983b ; jns 0x983b mov eax, dword [ebp - 0x10] -jmp short loc_000097ae ; jmp 0x97ae +jmp short loc_0000981c ; jmp 0x981c -loc_000097cd: +loc_0000983b: mov dword [ebx], eax mov dword [edx], ecx -loc_000097d1: +loc_0000983f: pop eax pop edx pop ebx @@ -15435,7 +15478,7 @@ pop edi pop ebp ret -fcn_000097d8: +fcn_00009846: push ebp mov ebp, esp push ebx @@ -15447,45 +15490,45 @@ lea eax, [ebp - 0xc] push eax push ebx push dword [ebp + 8] -call fcn_00009759 ; call 0x9759 +call fcn_000097c7 ; call 0x97c7 add esp, 0x10 cmp ebx, 0x20 -jbe short loc_0000981b ; jbe 0x981b +jbe short loc_00009889 ; jbe 0x9889 mov eax, dword [ebp - 0xc] test eax, eax -jne short loc_0000980a ; jne 0x980a +jne short loc_00009878 ; jne 0x9878 -loc_00009802: +loc_00009870: mov eax, dword [ebp - 8] sub eax, 0x20 -jmp short loc_00009832 ; jmp 0x9832 +jmp short loc_000098a0 ; jmp 0x98a0 -loc_0000980a: +loc_00009878: mov edx, dword [ebp - 8] add eax, 0xfffffff shl eax, 4 lea eax, [edx + eax - 0x10] -jmp short loc_00009832 ; jmp 0x9832 +jmp short loc_000098a0 ; jmp 0x98a0 -loc_0000981b: -je short loc_00009830 ; je 0x9830 +loc_00009889: +je short loc_0000989e ; je 0x989e mov eax, dword [ebp - 0xc] test eax, eax -je short loc_00009802 ; je 0x9802 +je short loc_00009870 ; je 0x9870 imul eax, eax, 0xffffffef mov edx, dword [ebp - 8] lea eax, [edx + eax - 0x20] -jmp short loc_00009832 ; jmp 0x9832 +jmp short loc_000098a0 ; jmp 0x98a0 -loc_00009830: +loc_0000989e: xor eax, eax -loc_00009832: +loc_000098a0: mov ebx, dword [ebp - 4] leave ret -fcn_00009837: +fcn_000098a5: push ebp mov eax, 0x80000002 mov ebp, esp @@ -15494,94 +15537,94 @@ push esi push ebx lea ecx, [edx + 0x53] cmp ecx, 0xa2 -ja loc_000098f6 ; ja 0x98f6 +ja loc_00009964 ; ja 0x9964 cmp edx, 0 -je loc_000098e3 ; je 0x98e3 +je loc_00009951 ; je 0x9951 lea eax, [edx + 0x20] mov ebx, 0 mov edx, eax -jle short loc_000098b1 ; jle 0x98b1 +jle short loc_0000991f ; jle 0x991f -loc_00009868: +loc_000098d6: test ebx, ebx -jne short loc_00009875 ; jne 0x9875 +jne short loc_000098e3 ; jne 0x98e3 mov esi, edx cmp edx, 0x3f -jg short loc_00009897 ; jg 0x9897 -jmp short loc_000098ea ; jmp 0x98ea +jg short loc_00009905 ; jg 0x9905 +jmp short loc_00009958 ; jmp 0x9958 -loc_00009875: +loc_000098e3: mov esi, eax cmp eax, 0x3f -jg short loc_00009897 ; jg 0x9897 -call fcn_000153f0 ; call 0x153f0 +jg short loc_00009905 ; jg 0x9905 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000098ea ; je 0x98ea +je short loc_00009958 ; je 0x9958 cmp esi, 0x2e -jg short loc_000098ea ; jg 0x98ea +jg short loc_00009958 ; jg 0x9958 push edx -push ref_00021f2c ; push 0x21f2c +push ref_00021fbc ; push 0x21fbc push 0x1ad -jmp short loc_000098d4 ; jmp 0x98d4 +jmp short loc_00009942 ; jmp 0x9942 -loc_00009897: +loc_00009905: inc ebx sub eax, 0x10 cmp ebx, 4 -jne short loc_00009868 ; jne 0x9868 -jmp short loc_000098ea ; jmp 0x98ea +jne short loc_000098d6 ; jne 0x98d6 +jmp short loc_00009958 ; jmp 0x9958 -loc_000098a2: +loc_00009910: mov esi, edx test edx, edx -jns short loc_000098ea ; jns 0x98ea +jns short loc_00009958 ; jns 0x9958 -loc_000098a8: +loc_00009916: inc ebx add eax, 0x11 cmp ebx, 4 -je short loc_000098ea ; je 0x98ea +je short loc_00009958 ; je 0x9958 -loc_000098b1: +loc_0000991f: test ebx, ebx -je short loc_000098a2 ; je 0x98a2 +je short loc_00009910 ; je 0x9910 mov esi, eax test eax, eax -js short loc_000098a8 ; js 0x98a8 -call fcn_000153f0 ; call 0x153f0 +js short loc_00009916 ; js 0x9916 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000098ea ; je 0x98ea +je short loc_00009958 ; je 0x9958 cmp esi, 0x11 -jle short loc_000098ea ; jle 0x98ea +jle short loc_00009958 ; jle 0x9958 push eax -push ref_00021f77 ; push 0x21f77 +push ref_00022007 ; push 0x22007 push 0x1bc -loc_000098d4: -push ref_00021f3c ; push 0x21f3c -call fcn_000153fc ; call 0x153fc +loc_00009942: +push ref_00021fcc ; push 0x21fcc +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_000098ea ; jmp 0x98ea +jmp short loc_00009958 ; jmp 0x9958 -loc_000098e3: +loc_00009951: mov esi, 0x20 xor ebx, ebx -loc_000098ea: +loc_00009958: mov eax, dword [ebp + 0xc] mov dword [eax], ebx mov eax, dword [ebp + 0x10] mov dword [eax], esi xor eax, eax -loc_000098f6: +loc_00009964: lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_000098fd: +fcn_0000996b: push ebp mov ebp, esp push esi @@ -15600,7 +15643,7 @@ push edx movzx edx, al push edx mov dword [ebp - 0x1c], eax -call fcn_00009706 ; call 0x9706 +call fcn_00009774 ; call 0x9774 mov eax, dword [ebp - 0x1c] add esp, 0x18 mov edx, dword [ebp - 0x14] @@ -15610,7 +15653,7 @@ mov dword [ebx + 5], edx mov dword [ebx + 1], eax push edx push eax -call fcn_000097d8 ; call 0x97d8 +call fcn_00009846 ; call 0x9846 mov edx, dword [ebp - 0xc] mov dword [ebx + 0x11], edx mov dword [ebx + 9], eax @@ -15620,7 +15663,7 @@ pop ecx pop esi push edx push eax -call fcn_000097d8 ; call 0x97d8 +call fcn_00009846 ; call 0x9846 mov edx, dword [ebx + 9] mov ecx, 0x4f mov esi, ecx @@ -15645,7 +15688,7 @@ pop esi pop ebp ret -fcn_00009992: +fcn_00009a00: push ebp mov ebp, esp sub esp, 0x14 @@ -15656,12 +15699,12 @@ push dword [eax + 5] push dword [eax + 1] movzx eax, byte [eax] push eax -call fcn_000096b2 ; call 0x96b2 +call fcn_00009720 ; call 0x9720 add esp, 0x20 leave ret -fcn_000099b5: +fcn_00009a23: push ebp mov ebp, esp push esi @@ -15676,10 +15719,10 @@ push eax mov eax, dword [ebx + 9] add eax, esi push eax -call fcn_00009837 ; call 0x9837 +call fcn_000098a5 ; call 0x98a5 add esp, 0x10 test eax, eax -js short loc_00009a13 ; js 0x9a13 +js short loc_00009a81 ; js 0x9a81 push eax lea eax, [ebp - 0xc] push eax @@ -15687,10 +15730,10 @@ lea eax, [ebp - 0x10] push eax add esi, dword [ebx + 0x15] push esi -call fcn_00009837 ; call 0x9837 +call fcn_000098a5 ; call 0x98a5 add esp, 0x10 test eax, eax -js short loc_00009a13 ; js 0x9a13 +js short loc_00009a81 ; js 0x9a81 sub esp, 0xc push dword [ebp - 0xc] push dword [ebp - 0x10] @@ -15698,18 +15741,18 @@ push dword [ebp - 0x14] push dword [ebp - 0x18] movzx eax, byte [ebx] push eax -call fcn_000096b2 ; call 0x96b2 +call fcn_00009720 ; call 0x9720 add esp, 0x20 xor eax, eax -loc_00009a13: +loc_00009a81: lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00009a1a: +fcn_00009a88: push ebp mov ebp, esp push edi @@ -15722,36 +15765,36 @@ mov esi, dword [ebp + 8] mov byte [edx], 0 mov byte [ebp - 0xd], al -loc_00009a32: +loc_00009aa0: mov eax, esi sub eax, dword [ebp + 8] cmp al, byte [ebp - 0xd] -jae short loc_00009a62 ; jae 0x9a62 +jae short loc_00009ad0 ; jae 0x9ad0 mov al, byte [esi] xor edi, edi movzx ecx, byte [edx] shr al, 1 -loc_00009a45: +loc_00009ab3: mov ebx, edi cmp cl, bl -jbe short loc_00009a57 ; jbe 0x9a57 +jbe short loc_00009ac5 ; jbe 0x9ac5 mov ebx, dword [ebp + 0x10] inc edi cmp byte [ebx + edi - 1], al -jne short loc_00009a45 ; jne 0x9a45 -jmp short loc_00009a5f ; jmp 0x9a5f +jne short loc_00009ab3 ; jne 0x9ab3 +jmp short loc_00009acd ; jmp 0x9acd -loc_00009a57: +loc_00009ac5: mov ebx, dword [ebp + 0x10] mov byte [ebx + ecx], al inc byte [edx] -loc_00009a5f: +loc_00009acd: inc esi -jmp short loc_00009a32 ; jmp 0x9a32 +jmp short loc_00009aa0 ; jmp 0x9aa0 -loc_00009a62: +loc_00009ad0: add esp, 1 xor eax, eax pop ebx @@ -15760,7 +15803,7 @@ pop edi pop ebp ret -fcn_00009a6c: +fcn_00009ada: push ebp mov ebp, esp push edi @@ -15784,24 +15827,24 @@ mov edi, dword [ebp + 0x1c] mov dword [ebp - 0x38], ebx mov byte [ebp - 0x21], 0 mov dword [ebp - 0x3c], edi -call fcn_00009a1a ; call 0x9a1a +call fcn_00009a88 ; call 0x9a88 add esp, 0xc push 0 push 1 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edx, dword [ebp + 8] add esp, 0x10 mov ebx, eax lea edi, [eax + 0xa00] -loc_00009ac4: +loc_00009b32: mov al, byte [ebp + 8] mov byte [ebp - 0x30], al mov al, dl sub eax, dword [ebp + 8] cmp al, byte [ebp - 0x29] -jae short loc_00009af5 ; jae 0x9af5 +jae short loc_00009b63 ; jae 0x9b63 push ecx push ecx push 0xfffffbff @@ -15810,13 +15853,13 @@ mov dword [ebp - 0x30], edx shl eax, 4 add eax, edi push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e mov edx, dword [ebp - 0x30] add esp, 0x10 inc edx -jmp short loc_00009ac4 ; jmp 0x9ac4 +jmp short loc_00009b32 ; jmp 0x9b32 -loc_00009af5: +loc_00009b63: movzx eax, byte [ebp - 0x34] shl esi, 0x1c xor edx, edx @@ -15825,9 +15868,9 @@ shl eax, 0xa or esi, eax shl edi, 0xb -loc_00009b0a: +loc_00009b78: cmp dl, byte [ebp - 0x21] -jae short loc_00009b56 ; jae 0x9b56 +jae short loc_00009bc4 ; jae 0x9bc4 movzx eax, dl movzx ecx, byte [ebp + eax - 0x20] mov dword [ebp - 0x38], edx @@ -15839,30 +15882,30 @@ push 0xeffc03ff lea eax, [ecx + 0x900] push eax mov dword [ebp - 0x34], ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov ecx, dword [ebp - 0x34] add esp, 0xc push edi push 0xfffe07ff add ecx, 0x90c push ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov edx, dword [ebp - 0x38] add esp, 0x10 inc edx -jmp short loc_00009b0a ; jmp 0x9b0a +jmp short loc_00009b78 ; jmp 0x9b78 -loc_00009b56: +loc_00009bc4: add ebx, 0xa00 mov esi, dword [ebp + 8] cmp byte [ebp - 0x3c], 0 -je short loc_00009b8b ; je 0x9b8b +je short loc_00009bf9 ; je 0x9bf9 -loc_00009b65: +loc_00009bd3: mov eax, esi sub eax, dword [ebp - 0x30] cmp al, byte [ebp - 0x29] -jae short loc_00009b8b ; jae 0x9b8b +jae short loc_00009bf9 ; jae 0x9bf9 push eax inc esi push eax @@ -15871,11 +15914,11 @@ movzx eax, byte [esi - 1] shl eax, 4 add eax, ebx push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -jmp short loc_00009b65 ; jmp 0x9b65 +jmp short loc_00009bd3 ; jmp 0x9bd3 -loc_00009b8b: +loc_00009bf9: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -15884,7 +15927,7 @@ pop edi pop ebp ret -fcn_00009b95: +fcn_00009c03: push ebp mov ebp, esp push edi @@ -15896,34 +15939,34 @@ mov edi, dword [ebp + 8] mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0x10] test al, al -je short loc_00009bda ; je 0x9bda +je short loc_00009c48 ; je 0x9c48 mov esi, eax -mov eax, ref_00026e4c ; mov eax, 0x26e4c +mov eax, ref_00026efc ; mov eax, 0x26efc -loc_00009bb5: +loc_00009c23: mov dl, byte [eax + 1] movzx ecx, byte [eax] movzx ebx, byte [eax + 3] mov byte [ebp - 0x1d], dl mov edx, esi cmp byte [eax + 2], dl -je short loc_00009be6 ; je 0x9be6 +je short loc_00009c54 ; je 0x9c54 add eax, 4 -cmp eax, ref_00026eac ; cmp eax, 0x26eac -jne short loc_00009bb5 ; jne 0x9bb5 +cmp eax, ref_00026f5c ; cmp eax, 0x26f5c +jne short loc_00009c23 ; jne 0x9c23 mov eax, 0x80000002 -jmp short loc_00009bff ; jmp 0x9bff +jmp short loc_00009c6d ; jmp 0x9c6d -loc_00009bda: +loc_00009c48: push edx push edx push 0 push 0 push 0 push 0 -jmp short loc_00009bf1 ; jmp 0x9bf1 +jmp short loc_00009c5f ; jmp 0x9c5f -loc_00009be6: +loc_00009c54: push eax movzx edx, byte [ebp - 0x1d] push eax @@ -15932,14 +15975,14 @@ push ebx push ecx push edx -loc_00009bf1: +loc_00009c5f: movzx eax, byte [ebp - 0x1c] push eax push edi -call fcn_00009a6c ; call 0x9a6c +call fcn_00009ada ; call 0x9ada add esp, 0x20 -loc_00009bff: +loc_00009c6d: lea esp, [ebp - 0xc] pop ebx pop esi @@ -15947,7 +15990,7 @@ pop edi pop ebp ret -fcn_00009c07: +fcn_00009c75: push ebp mov ebp, esp push esi @@ -15955,53 +15998,53 @@ mov esi, dword [ebp + 8] push ebx lea ebx, [esi + 0x2338] -loc_00009c15: +loc_00009c83: sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_00009c15 ; jne 0x9c15 +jne short loc_00009c83 ; jne 0x9c83 push eax push eax push dword [ebp + 0xc] lea eax, [esi + 0x2330] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0xc push 0x700 push 0xff push ebx -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 lea eax, [esi + 0x2334] add esi, 0x233a pop edx pop ecx push dword [ebp + 0x10] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0xf000 push esi -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop ecx pop esi push 1 push ebx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_00009c7a: +loc_00009ce8: sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_00009c7a ; jne 0x9c7a +jne short loc_00009ce8 ; jne 0x9ce8 sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 and eax, 6 cmp al, 1 @@ -16014,7 +16057,7 @@ pop esi pop ebp ret -fcn_00009cab: +fcn_00009d19: push ebp mov ebp, esp push esi @@ -16022,61 +16065,61 @@ mov esi, dword [ebp + 8] push ebx lea ebx, [esi + 0x2338] -loc_00009cb9: +loc_00009d27: sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_00009cb9 ; jne 0x9cb9 +jne short loc_00009d27 ; jne 0x9d27 push eax push eax push dword [ebp + 0xc] lea eax, [esi + 0x2330] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0xc push 0x600 push 0xff push ebx -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 lea eax, [esi + 0x233a] pop edx pop ecx push 0xf000 push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop eax pop edx push 1 push ebx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_00009d0d: +loc_00009d7b: sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_00009d0d ; jne 0x9d0d +jne short loc_00009d7b ; jne 0x9d7b sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov edx, 0x80000007 test al, 6 -jne short loc_00009d4b ; jne 0x9d4b +jne short loc_00009db9 ; jne 0x9db9 sub esp, 0xc add esi, 0x2334 push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp + 0x10] add esp, 0x10 mov dword [edx], eax xor edx, edx -loc_00009d4b: +loc_00009db9: lea esp, [ebp - 8] mov eax, edx pop ebx @@ -16084,7 +16127,7 @@ pop esi pop ebp ret -fcn_00009d54: +fcn_00009dc2: push ebp mov ebp, esp push edi @@ -16097,45 +16140,45 @@ mov edi, dword [ebp + 0x14] push eax push esi push dword [ebp + 8] -call fcn_00009cab ; call 0x9cab +call fcn_00009d19 ; call 0x9d19 add esp, 0x10 mov ebx, eax test eax, eax -jns short loc_00009dd2 ; jns 0x9dd2 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00009e40 ; jns 0x9e40 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00009d9c ; je 0x9d9c +je short loc_00009e0a ; je 0x9e0a sub esp, 0xc push edi push dword [ebp + 0x10] push esi -push ref_00021f87 ; push 0x21f87 +push ref_00022017 ; push 0x22017 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00009d9c: -call fcn_000153f0 ; call 0x153f0 +loc_00009e0a: +call fcn_00015480 ; call 0x15480 mov edx, ebx test al, al -je loc_00009e55 ; je 0x9e55 -call fcn_000153e9 ; call 0x153e9 +je loc_00009ec3 ; je 0x9ec3 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00009dc8 ; je 0x9dc8 +je short loc_00009e36 ; je 0x9e36 push edi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00009dc8: +loc_00009e36: push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x34 -jmp short loc_00009e46 ; jmp 0x9e46 +jmp short loc_00009eb4 ; jmp 0x9eb4 -loc_00009dd2: +loc_00009e40: mov eax, dword [ebp + 0x10] and eax, dword [ebp - 0x1c] push ecx @@ -16144,51 +16187,51 @@ push eax push esi push dword [ebp + 8] mov dword [ebp - 0x1c], eax -call fcn_00009c07 ; call 0x9c07 +call fcn_00009c75 ; call 0x9c75 add esp, 0x10 mov ebx, eax mov edx, eax test eax, eax -jns short loc_00009e55 ; jns 0x9e55 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00009ec3 ; jns 0x9ec3 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00009e16 ; je 0x9e16 +je short loc_00009e84 ; je 0x9e84 sub esp, 0xc push edi push dword [ebp + 0x10] push esi -push ref_00021ff4 ; push 0x21ff4 +push ref_00022084 ; push 0x22084 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00009e16: -call fcn_000153f0 ; call 0x153f0 +loc_00009e84: +call fcn_00015480 ; call 0x15480 mov edx, ebx test al, al -je short loc_00009e55 ; je 0x9e55 -call fcn_000153e9 ; call 0x153e9 +je short loc_00009ec3 ; je 0x9ec3 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00009e3e ; je 0x9e3e +je short loc_00009eac ; je 0x9eac push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00009e3e: +loc_00009eac: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x40 -loc_00009e46: -push ref_00021fc0 ; push 0x21fc0 -call fcn_000153fc ; call 0x153fc +loc_00009eb4: +push ref_00022050 ; push 0x22050 +call fcn_0001548c ; call 0x1548c add esp, 0x10 mov edx, ebx -loc_00009e55: +loc_00009ec3: lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -16197,7 +16240,7 @@ pop edi pop ebp ret -fcn_00009e5f: ; not directly referenced +fcn_00009ecd: ; not directly referenced push ebp mov ebp, esp push edi @@ -16208,19 +16251,19 @@ mov ebx, dword [ebp + 8] mov edi, dword [ebp + 0x14] lea esi, [ebx + 0x2338] -loc_00009e74: ; not directly referenced +loc_00009ee2: ; not directly referenced sub esp, 0xc push esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_00009e74 ; jne 0x9e74 +jne short loc_00009ee2 ; jne 0x9ee2 push ecx push ecx push dword [ebp + 0xc] lea eax, [ebx + 0x2330] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov eax, dword [ebp + 0x10] add esp, 0xc shl eax, 8 @@ -16228,7 +16271,7 @@ movzx eax, ax push eax push 0xff push esi -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 pop eax mov eax, edi pop edx @@ -16237,67 +16280,67 @@ or edi, 0xf000 lea eax, [ebx + 0x233a] push edi push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 mov eax, dword [ebp + 0x10] add esp, 0x10 lea ecx, [eax - 1] cmp ecx, 6 -ja short loc_00009ef6 ; ja 0x9ef6 +ja short loc_00009f64 ; ja 0x9f64 mov eax, 1 shl eax, cl test al, 0x55 -je short loc_00009ef6 ; je 0x9ef6 +je short loc_00009f64 ; je 0x9f64 mov eax, dword [ebp + 0x18] push edx push edx push dword [eax] lea eax, [ebx + 0x2334] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_00009ef6: ; not directly referenced +loc_00009f64: ; not directly referenced push eax push eax push 1 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_00009f03: ; not directly referenced +loc_00009f71: ; not directly referenced sub esp, 0xc push esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_00009f03 ; jne 0x9f03 +jne short loc_00009f71 ; jne 0x9f71 sub esp, 0xc push esi mov esi, 0x80000007 -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov edx, dword [ebp + 0x1c] add esp, 0x10 and eax, 6 mov byte [edx], al test al, al -jne short loc_00009f5d ; jne 0x9f5d +jne short loc_00009fcb ; jne 0x9fcb xor esi, esi cmp dword [ebp + 0x10], 6 -ja short loc_00009f5d ; ja 0x9f5d +ja short loc_00009fcb ; ja 0x9fcb mov cl, byte [ebp + 0x10] mov eax, 1 shl eax, cl test al, 0x55 -je short loc_00009f5d ; je 0x9f5d +je short loc_00009fcb ; je 0x9fcb sub esp, 0xc add ebx, 0x2334 push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp + 0x18] add esp, 0x10 mov dword [edx], eax -loc_00009f5d: ; not directly referenced +loc_00009fcb: ; not directly referenced lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -16306,7 +16349,7 @@ pop edi pop ebp ret -fcn_00009f67: ; not directly referenced +fcn_00009fd5: ; not directly referenced push ebp mov ebp, esp push edi @@ -16321,11 +16364,11 @@ movzx eax, byte [ebp + 0xc] push eax movzx eax, byte [ebp + 8] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 0xe] mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov edx, 0x14 and eax, 0x7f cmp al, 2 @@ -16333,45 +16376,45 @@ mov eax, 0x34 cmovne edx, eax add edx, esi mov dword [esp], edx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 xor ecx, ecx mov bl, al and ebx, 0xfffffffc -loc_00009fbd: ; not directly referenced +loc_0000a02b: ; not directly referenced test bl, bl -je short loc_00009ff7 ; je 0x9ff7 +je short loc_0000a065 ; je 0xa065 inc cl -je short loc_00009ff7 ; je 0x9ff7 +je short loc_0000a065 ; je 0xa065 movzx edi, bl sub esp, 0xc add edi, esi push edi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp al, byte [ebp - 0x19] mov cl, al mov dword [ebp - 0x20], ecx -je short loc_00009ffb ; je 0x9ffb +je short loc_0000a069 ; je 0xa069 sub esp, 0xc inc edi push edi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov ecx, dword [ebp - 0x20] mov bl, al and ebx, 0xfffffffc -jmp short loc_00009fbd ; jmp 0x9fbd +jmp short loc_0000a02b ; jmp 0xa02b -loc_00009ff7: ; not directly referenced +loc_0000a065: ; not directly referenced xor eax, eax -jmp short loc_00009ffd ; jmp 0x9ffd +jmp short loc_0000a06b ; jmp 0xa06b -loc_00009ffb: ; not directly referenced +loc_0000a069: ; not directly referenced mov al, bl -loc_00009ffd: ; not directly referenced +loc_0000a06b: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -16379,7 +16422,7 @@ pop edi pop ebp ret -fcn_0000a005: ; not directly referenced +fcn_0000a073: ; not directly referenced push ebp mov ebp, esp push edi @@ -16396,43 +16439,43 @@ movzx eax, byte [ebp + 0xc] push eax movzx eax, byte [ebp + 8] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov dword [ebp - 0x1c], eax -loc_0000a036: ; not directly referenced +loc_0000a0a4: ; not directly referenced test bx, bx -je short loc_0000a076 ; je 0xa076 +je short loc_0000a0e4 ; je 0xa0e4 inc si -je short loc_0000a076 ; je 0xa076 +je short loc_0000a0e4 ; je 0xa0e4 mov eax, dword [ebp - 0x1c] movzx ecx, bx sub esp, 0xc lea edi, [ecx + eax] push edi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov esi, eax cmp ax, word [ebp - 0x1e] -je short loc_0000a07a ; je 0xa07a +je short loc_0000a0e8 ; je 0xa0e8 sub esp, 0xc lea ecx, [edi + 2] push ecx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov ebx, eax shr bx, 4 and ebx, 0xfffffffc -jmp short loc_0000a036 ; jmp 0xa036 +jmp short loc_0000a0a4 ; jmp 0xa0a4 -loc_0000a076: ; not directly referenced +loc_0000a0e4: ; not directly referenced xor eax, eax -jmp short loc_0000a07c ; jmp 0xa07c +jmp short loc_0000a0ea ; jmp 0xa0ea -loc_0000a07a: ; not directly referenced +loc_0000a0e8: ; not directly referenced mov eax, ebx -loc_0000a07c: ; not directly referenced +loc_0000a0ea: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -16440,7 +16483,7 @@ pop edi pop ebp ret -fcn_0000a084: ; not directly referenced +fcn_0000a0f2: ; not directly referenced push ebp mov ebp, esp push edi @@ -16461,26 +16504,26 @@ mov dword [ebp - 0x30], edx mov dword [ebp - 0x1c], eax mov byte [ebp - 0x24], al mov byte [ebp - 0x28], bl -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edx, dword [ebp - 0x30] push 2 push edx push edi push esi mov dword [ebp - 0x2c], eax -call fcn_0000a005 ; call 0xa005 +call fcn_0000a073 ; call 0xa073 add esp, 0x20 mov edx, 0x80000003 mov ecx, dword [ebp - 0x2c] test ax, ax -je loc_0000a1a8 ; je 0xa1a8 +je loc_0000a216 ; je 0xa216 movzx eax, ax lea esi, [ecx + eax + 0x14] push eax push 1 push 0xf0 push esi -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a mov cl, byte [ebp - 0x20] mov eax, 1 pop edx @@ -16491,16 +16534,16 @@ mov dword [ebp - 0x20], eax push eax push esi movzx esi, bl -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 movzx edi, byte [ebp - 0x1c] add esp, 0xc push 0 push esi push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xe mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x1c], 0 mov bl, al @@ -16511,25 +16554,25 @@ mov dword [ebp - 0x28], eax movzx eax, byte [ebp - 0x24] mov dword [ebp - 0x24], eax -loc_0000a146: ; not directly referenced +loc_0000a1b4: ; not directly referenced movzx edx, byte [ebp - 0x1c] push eax push edx push esi push edi mov dword [ebp - 0x30], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edx, dword [ebp - 0x30] push 2 push edx push dword [ebp - 0x28] push dword [ebp - 0x24] mov dword [ebp - 0x2c], eax -call fcn_0000a005 ; call 0xa005 +call fcn_0000a073 ; call 0xa073 add esp, 0x20 mov ecx, dword [ebp - 0x2c] test ax, ax -je short loc_0000a19e ; je 0xa19e +je short loc_0000a20c ; je 0xa20c movzx eax, ax lea edx, [ecx + eax + 0x14] push eax @@ -16537,22 +16580,22 @@ push 1 push 0xf0 push edx mov dword [ebp - 0x2c], edx -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a pop edx mov edx, dword [ebp - 0x2c] pop ecx push dword [ebp - 0x20] push edx -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0x10 -loc_0000a19e: ; not directly referenced +loc_0000a20c: ; not directly referenced inc byte [ebp - 0x1c] cmp byte [ebp - 0x1c], bl -jbe short loc_0000a146 ; jbe 0xa146 +jbe short loc_0000a1b4 ; jbe 0xa1b4 xor edx, edx -loc_0000a1a8: ; not directly referenced +loc_0000a216: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -16561,7 +16604,7 @@ pop edi pop ebp ret -fcn_0000a1b2: ; not directly referenced +fcn_0000a220: ; not directly referenced push ebp mov ebp, esp push edi @@ -16583,33 +16626,33 @@ mov dword [ebp - 0x24], ecx mov dword [ebp - 0x1c], eax mov byte [ebp - 0x38], bl mov byte [ebp - 0x3c], al -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ecx, dword [ebp - 0x24] push 0x10 push ecx push esi push edi mov dword [ebp - 0x20], eax -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x20 test al, al -jne short loc_0000a209 ; jne 0xa209 +jne short loc_0000a277 ; jne 0xa277 -loc_0000a1ff: ; not directly referenced +loc_0000a26d: ; not directly referenced mov eax, 0x80000003 -jmp near loc_0000a374 ; jmp 0xa374 +jmp near loc_0000a3e2 ; jmp 0xa3e2 -loc_0000a209: ; not directly referenced +loc_0000a277: ; not directly referenced movzx eax, al sub esp, 0xc add eax, dword [ebp - 0x20] lea esi, [eax + 0x12] push esi mov dword [ebp - 0x28], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ah, 0x10 -je short loc_0000a1ff ; je 0xa1ff +je short loc_0000a26d ; je 0xa26d movzx eax, byte [ebp - 0x1c] movzx edx, bl push ecx @@ -16618,40 +16661,40 @@ push eax push edx mov dword [ebp - 0x34], edx mov dword [ebp - 0x30], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax lea eax, [eax + 0xe] mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x1c], al sar byte [ebp - 0x1c], 7 and byte [ebp - 0x1c], 7 cmp byte [ebp - 0x2c], 0 -jne short loc_0000a298 ; jne 0xa298 +jne short loc_0000a306 ; jne 0xa306 sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x8086 -jne short loc_0000a298 ; jne 0xa298 +jne short loc_0000a306 ; jne 0xa306 sub esp, 0xc add ebx, 2 push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x93c -jne short loc_0000a298 ; jne 0xa298 +jne short loc_0000a306 ; jne 0xa306 push eax push eax mov eax, dword [ebp - 0x20] push 0x40 add eax, 0x70 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_0000a298: ; not directly referenced +loc_0000a306: ; not directly referenced movzx eax, byte [ebp - 0x3c] xor ebx, ebx mov byte [ebp - 0x24], 0 @@ -16659,92 +16702,92 @@ mov dword [ebp - 0x3c], eax movzx eax, byte [ebp - 0x38] mov dword [ebp - 0x40], eax -loc_0000a2ac: ; not directly referenced +loc_0000a31a: ; not directly referenced push edi movzx edi, byte [ebp - 0x24] push edi push dword [ebp - 0x30] push dword [ebp - 0x34] -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a push 0x10 push edi push dword [ebp - 0x3c] push dword [ebp - 0x40] mov dword [ebp - 0x38], eax -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x20 test al, al -je short loc_0000a31a ; je 0xa31a +je short loc_0000a388 ; je 0xa388 mov edi, dword [ebp - 0x38] movzx eax, al sub esp, 0xc add edi, eax lea eax, [edi + 0x12] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ah, 0x10 -je short loc_0000a31a ; je 0xa31a +je short loc_0000a388 ; je 0xa388 test bl, bl -jne short loc_0000a308 ; jne 0xa308 +jne short loc_0000a376 ; jne 0xa376 mov eax, dword [ebp - 0x28] push ebx push ebx push 0x40 add eax, 0x10 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000a308: ; not directly referenced +loc_0000a376: ; not directly referenced push ecx add edi, 0x10 push ecx mov bl, 1 push 0x40 push edi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000a31a: ; not directly referenced +loc_0000a388: ; not directly referenced inc byte [ebp - 0x24] mov al, byte [ebp - 0x1c] cmp byte [ebp - 0x24], al -jbe short loc_0000a2ac ; jbe 0xa2ac +jbe short loc_0000a31a ; jbe 0xa31a cmp bl, 1 sbb ebx, ebx and ebx, 0x80000003 cmp byte [ebp - 0x2c], 0 -jne short loc_0000a34e ; jne 0xa34e +jne short loc_0000a3bc ; jne 0xa3bc mov eax, dword [ebp - 0x20] push edx push edx push 0x1040 add eax, 0xd4 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_0000a34e: ; not directly referenced +loc_0000a3bc: ; not directly referenced push eax push eax mov eax, dword [ebp - 0x28] push 0x20 add eax, 0x10 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000a361: ; not directly referenced +loc_0000a3cf: ; not directly referenced sub esp, 0xc push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ah, 8 -jne short loc_0000a361 ; jne 0xa361 +jne short loc_0000a3cf ; jne 0xa3cf mov eax, ebx -loc_0000a374: ; not directly referenced +loc_0000a3e2: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -16752,7 +16795,7 @@ pop edi pop ebp ret -fcn_0000a37c: ; not directly referenced +fcn_0000a3ea: ; not directly referenced push ebp mov ebp, esp push edi @@ -16766,11 +16809,11 @@ mov dword [ebp - 0x1c], eax mov byte [ebp - 0x24], bl mov dword [ebp - 0x28], esi mov byte [ebp - 0x20], al -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 2 -je short loc_0000a3e0 ; je 0xa3e0 +je short loc_0000a44e ; je 0xa44e -loc_0000a3a4: ; not directly referenced +loc_0000a412: ; not directly referenced movzx edi, byte [ebp - 0x1c] movzx esi, bl xor ebx, ebx @@ -16778,10 +16821,10 @@ push ecx push 0 push edi push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xe mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x1c], al movzx eax, byte [ebp - 0x20] @@ -16790,22 +16833,22 @@ and byte [ebp - 0x1c], 7 mov dword [ebp - 0x20], eax movzx eax, byte [ebp - 0x24] mov dword [ebp - 0x24], eax -jmp short loc_0000a447 ; jmp 0xa447 +jmp short loc_0000a4b5 ; jmp 0xa4b5 -loc_0000a3e0: ; not directly referenced +loc_0000a44e: ; not directly referenced push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edi, eax lea eax, [eax + 0xf0] add edi, 0x48 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], edi mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edi, eax pop eax and edi, 0xfffc @@ -16815,78 +16858,78 @@ push eax mov eax, esi and eax, 0xffffc000 push eax -call fcn_0001c307 ; call 0x1c307 +call fcn_0001c3cb ; call 0x1c3cb movzx eax, al lea eax, [edi + eax*8 + 0x190] mov dword [esp], eax -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 test al, 1 -je loc_0000a3a4 ; je 0xa3a4 -jmp near loc_0000a4e9 ; jmp 0xa4e9 +je loc_0000a412 ; je 0xa412 +jmp near loc_0000a557 ; jmp 0xa557 -loc_0000a447: ; not directly referenced +loc_0000a4b5: ; not directly referenced push 0x10 movzx ecx, bl push ecx push dword [ebp - 0x20] push dword [ebp - 0x24] mov dword [ebp - 0x28], ecx -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x10 mov ecx, dword [ebp - 0x28] test al, al mov dl, al -jne short loc_0000a471 ; jne 0xa471 +jne short loc_0000a4df ; jne 0xa4df -loc_0000a467: ; not directly referenced +loc_0000a4d5: ; not directly referenced inc ebx cmp bl, byte [ebp - 0x1c] -jbe short loc_0000a447 ; jbe 0xa447 +jbe short loc_0000a4b5 ; jbe 0xa4b5 xor ebx, ebx -jmp short loc_0000a4a1 ; jmp 0xa4a1 +jmp short loc_0000a50f ; jmp 0xa50f -loc_0000a471: ; not directly referenced +loc_0000a4df: ; not directly referenced push eax push ecx push edi push esi mov dword [ebp - 0x28], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edx, dword [ebp - 0x28] movzx edx, dl lea eax, [eax + edx + 0xc] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, 0x40000 -jne short loc_0000a467 ; jne 0xa467 -jmp short loc_0000a4e9 ; jmp 0xa4e9 +jne short loc_0000a4d5 ; jne 0xa4d5 +jmp short loc_0000a557 ; jmp 0xa557 -loc_0000a49b: ; not directly referenced +loc_0000a509: ; not directly referenced inc ebx cmp bl, byte [ebp - 0x1c] -ja short loc_0000a4e9 ; ja 0xa4e9 +ja short loc_0000a557 ; ja 0xa557 -loc_0000a4a1: ; not directly referenced +loc_0000a50f: ; not directly referenced push 0x10 movzx ecx, bl push ecx push dword [ebp - 0x20] push dword [ebp - 0x24] mov dword [ebp - 0x28], ecx -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x10 mov ecx, dword [ebp - 0x28] test al, al mov dl, al -je short loc_0000a49b ; je 0xa49b +je short loc_0000a509 ; je 0xa509 push eax push ecx push edi push esi mov dword [ebp - 0x28], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx mov edx, dword [ebp - 0x28] pop ecx @@ -16894,11 +16937,11 @@ movzx edx, dl push 0x100 lea eax, [eax + edx + 0x10] push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -jmp short loc_0000a49b ; jmp 0xa49b +jmp short loc_0000a509 ; jmp 0xa509 -loc_0000a4e9: ; not directly referenced +loc_0000a557: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -16906,7 +16949,7 @@ pop edi pop ebp ret -fcn_0000a4f1: ; not directly referenced +fcn_0000a55f: ; not directly referenced push ebp mov ebp, esp push edi @@ -16924,10 +16967,10 @@ push edx push edi mov byte [ebp - 0x1a], bl mov dword [ebp - 0x20], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xe mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x19], 0 mov dword [ebp - 0x28], edi @@ -16937,32 +16980,32 @@ sar bl, 7 and ebx, 7 mov dword [ebp - 0x24], eax -loc_0000a53f: ; not directly referenced +loc_0000a5ad: ; not directly referenced push ecx movzx ecx, byte [ebp - 0x19] push ecx push dword [ebp - 0x20] mov dword [ebp - 0x2c], ecx push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_0000a5c3 ; je 0xa5c3 +je short loc_0000a631 ; je 0xa631 mov ecx, dword [ebp - 0x2c] push 0x10 push ecx push dword [ebp - 0x24] push dword [ebp - 0x28] -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x10 test al, al -je short loc_0000a5c3 ; je 0xa5c3 +je short loc_0000a631 ; je 0xa631 cmp byte [ebp - 0x1a], 1 movzx eax, al -jne short loc_0000a5a5 ; jne 0xa5a5 +jne short loc_0000a613 ; jne 0xa613 push edx mov edx, dword [ebp + 0x10] lea eax, [esi + eax + 8] @@ -16972,26 +17015,26 @@ movzx ecx, cx push ecx push 0xff1f push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 -jmp short loc_0000a5c3 ; jmp 0xa5c3 +jmp short loc_0000a631 ; jmp 0xa631 -loc_0000a5a5: ; not directly referenced +loc_0000a613: ; not directly referenced sub esp, 0xc lea eax, [esi + eax + 4] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov esi, dword [ebp + 0x10] add esp, 0x10 and eax, 7 cmp word [esi], ax -jbe short loc_0000a5c3 ; jbe 0xa5c3 +jbe short loc_0000a631 ; jbe 0xa631 mov word [esi], ax -loc_0000a5c3: ; not directly referenced +loc_0000a631: ; not directly referenced inc byte [ebp - 0x19] cmp byte [ebp - 0x19], bl -jbe loc_0000a53f ; jbe 0xa53f +jbe loc_0000a5ad ; jbe 0xa5ad lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -17000,7 +17043,7 @@ pop edi pop ebp ret -fcn_0000a5d9: ; not directly referenced +fcn_0000a647: ; not directly referenced push ebp mov ebp, esp push edi @@ -17016,7 +17059,7 @@ movzx edi, bl push eax movzx eax, byte [ebp + 8] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 mov dword [ebp - 0x20], eax @@ -17024,10 +17067,10 @@ mov eax, esi movzx esi, al push esi push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xe mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 xor ecx, ecx mov byte [ebp - 0x19], 0 @@ -17035,7 +17078,7 @@ mov dl, al sar dl, 7 and edx, 7 -loc_0000a62f: ; not directly referenced +loc_0000a69d: ; not directly referenced movzx eax, byte [ebp - 0x19] mov dword [ebp - 0x28], edx push edx @@ -17043,50 +17086,50 @@ push eax push esi push edi mov dword [ebp - 0x24], ecx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax lea eax, [eax + 0xb] mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov byte [ebp - 0x1a], al lea eax, [ebx + 0xa] add ebx, 9 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov dword [esp], ebx mov byte [ebp - 0x1b], al -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov ecx, dword [ebp - 0x24] cmp byte [ebp - 0x1b], 0 mov edx, dword [ebp - 0x28] -jne short loc_0000a68a ; jne 0xa68a +jne short loc_0000a6f8 ; jne 0xa6f8 cmp byte [ebp - 0x1a], 8 -jne short loc_0000a68a ; jne 0xa68a +jne short loc_0000a6f8 ; jne 0xa6f8 cmp al, 0x20 -je short loc_0000a688 ; je 0xa688 +je short loc_0000a6f6 ; je 0xa6f6 cmp al, 0x10 -jne short loc_0000a68a ; jne 0xa68a +jne short loc_0000a6f8 ; jne 0xa6f8 -loc_0000a688: ; not directly referenced +loc_0000a6f6: ; not directly referenced mov cl, 1 -loc_0000a68a: ; not directly referenced +loc_0000a6f8: ; not directly referenced inc byte [ebp - 0x19] cmp byte [ebp - 0x19], dl -jbe short loc_0000a62f ; jbe 0xa62f +jbe short loc_0000a69d ; jbe 0xa69d test cl, cl -jne short loc_0000a6ab ; jne 0xa6ab +jne short loc_0000a719 ; jne 0xa719 push eax push eax mov eax, dword [ebp - 0x20] push 2 add eax, 0xd4 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000a6ab: ; not directly referenced +loc_0000a719: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -17095,43 +17138,43 @@ pop edi pop ebp ret -fcn_0000a6b5: ; not directly referenced +fcn_0000a723: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000a6f0 ; je 0xa6f0 +je short loc_0000a75e ; je 0xa75e mov ax, word [esi] and eax, 0x1c00 cmp eax, 0x1400 -jbe short loc_0000a6f0 ; jbe 0xa6f0 +jbe short loc_0000a75e ; jbe 0xa75e push edx -push ref_0002202e ; push 0x2202e +push ref_000220be ; push 0x220be push 0x275 -push ref_00022076 ; push 0x22076 -call fcn_000153fc ; call 0x153fc +push ref_00022106 ; push 0x22106 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000a6f0: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0000a75e: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000a71f ; je 0xa71f +je short loc_0000a78d ; je 0xa78d mov eax, ebx and eax, 0x1c00 cmp eax, 0x1400 -jbe short loc_0000a71f ; jbe 0xa71f +jbe short loc_0000a78d ; jbe 0xa78d push eax -push ref_000220c4 ; push 0x220c4 +push ref_00022154 ; push 0x22154 push 0x276 -push ref_00022076 ; push 0x22076 -call fcn_000153fc ; call 0x153fc +push ref_00022106 ; push 0x22106 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000a71f: ; not directly referenced +loc_0000a78d: ; not directly referenced mov cx, word [esi] mov eax, ecx and ecx, 0x1c00 @@ -17140,7 +17183,7 @@ and eax, 0x3ff lea ecx, [ecx + ecx*4] shl eax, cl test eax, eax -je short loc_0000a757 ; je 0xa757 +je short loc_0000a7c5 ; je 0xa7c5 mov ecx, ebx mov edx, ebx and ecx, 0x1c00 @@ -17149,25 +17192,25 @@ sar ecx, 0xa lea ecx, [ecx + ecx*4] shl edx, cl cmp eax, edx -jle short loc_0000a75a ; jle 0xa75a +jle short loc_0000a7c8 ; jle 0xa7c8 -loc_0000a757: ; not directly referenced +loc_0000a7c5: ; not directly referenced mov word [esi], bx -loc_0000a75a: ; not directly referenced +loc_0000a7c8: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0000a761: ; not directly referenced +fcn_0000a7cf: ; not directly referenced push ebp mov ecx, 4 mov ebp, esp push edi push esi -mov esi, ref_00020368 ; mov esi, 0x20368 +mov esi, ref_000203f8 ; mov esi, 0x203f8 push ebx sub esp, 0x6c mov eax, dword [ebp + 0x28] @@ -17178,7 +17221,7 @@ mov word [ebp - 0x6a], ax mov al, byte [ebp + 0x4c] mov byte [ebp - 0x58], bl mov byte [ebp - 0x6c], al -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x3c], 0 mov dword [ebp - 0x5c], eax movzx eax, bl @@ -17192,353 +17235,353 @@ mov dword [ebp - 0x70], eax add eax, 4 mov dword [ebp - 0x74], eax -loc_0000a7bb: ; not directly referenced +loc_0000a829: ; not directly referenced push eax push 0 push dword [ebp - 0x3c] push dword [ebp - 0x54] -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov ebx, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_0000a7ea ; jne 0xa7ea +jne short loc_0000a858 ; jne 0xa858 -loc_0000a7da: ; not directly referenced +loc_0000a848: ; not directly referenced inc dword [ebp - 0x3c] cmp dword [ebp - 0x3c], 0x20 -jne short loc_0000a7bb ; jne 0xa7bb +jne short loc_0000a829 ; jne 0xa829 xor eax, eax -jmp near loc_0000afa4 ; jmp 0xafa4 +jmp near loc_0000b012 ; jmp 0xb012 -loc_0000a7ea: ; not directly referenced +loc_0000a858: ; not directly referenced sub esp, 0xc add ebx, 0xe push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x57], 0 mov byte [ebp - 0x55], al sar byte [ebp - 0x55], 7 and byte [ebp - 0x55], 7 -loc_0000a808: ; not directly referenced +loc_0000a876: ; not directly referenced movzx ebx, byte [ebp - 0x57] push edi mov esi, dword [ebp - 0x54] push ebx push dword [ebp - 0x3c] push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov edi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je loc_0000af84 ; je 0xaf84 +je loc_0000aff2 ; je 0xaff2 push 0x10 push ebx push dword [ebp - 0x3c] push esi -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x10 mov byte [ebp - 0x60], al test al, al -je loc_0000af98 ; je 0xaf98 +je loc_0000b006 ; je 0xb006 sub esp, 0xc push edi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [ebp - 0x46], ax lea eax, [edi + 2] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [ebp - 0x48], ax lea eax, [edi + 8] mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp dword [ebp - 0x5c], 2 mov byte [ebp - 0x56], al -jne loc_0000a99e ; jne 0xa99e -call fcn_0001bff9 ; call 0x1bff9 +jne loc_0000aa0c ; jne 0xaa0c +call fcn_0001c0bd ; call 0x1c0bd cmp eax, 2 -jne short loc_0000a8bf ; jne 0xa8bf +jne short loc_0000a92d ; jne 0xa92d cmp word [ebp - 0x46], 0x8086 -jne short loc_0000a8bf ; jne 0xa8bf +jne short loc_0000a92d ; jne 0xa92d sub esp, 0xc lea eax, [edi + 0xa] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x280 -jne short loc_0000a8bf ; jne 0xa8bf +jne short loc_0000a92d ; jne 0xa92d mov eax, dword [ebp + 8] push esi push esi push 0xfc add eax, 0x418 push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d add esp, 0x10 -loc_0000a8bf: ; not directly referenced +loc_0000a92d: ; not directly referenced mov eax, dword [ebp - 0x48] xor ecx, ecx sub ax, 0x8b1 mov word [ebp - 0x40], ax -loc_0000a8cc: ; not directly referenced +loc_0000a93a: ; not directly referenced movzx edx, cl cmp edx, dword [ebp + 0x14] -jae short loc_0000a945 ; jae 0xa945 +jae short loc_0000a9b3 ; jae 0xa9b3 imul edx, edx, 0x18 add edx, dword [ebp + 0x18] mov esi, edx test byte [edx + 8], 2 -je short loc_0000a942 ; je 0xa942 +je short loc_0000a9b0 ; je 0xa9b0 mov ax, word [ebp - 0x46] cmp ax, word [edx] -jne short loc_0000a942 ; jne 0xa942 +jne short loc_0000a9b0 ; jne 0xa9b0 mov eax, dword [ebp - 0x48] cmp ax, word [edx + 2] -jne short loc_0000a942 ; jne 0xa942 +jne short loc_0000a9b0 ; jne 0xa9b0 mov al, byte [edx + 4] cmp byte [ebp - 0x56], al -je short loc_0000a900 ; je 0xa900 +je short loc_0000a96e ; je 0xa96e inc al -jne short loc_0000a942 ; jne 0xa942 +jne short loc_0000a9b0 ; jne 0xa9b0 -loc_0000a900: ; not directly referenced +loc_0000a96e: ; not directly referenced cmp word [ebp - 0x46], 0x8086 -je short loc_0000a91d ; je 0xa91d +je short loc_0000a98b ; je 0xa98b -loc_0000a908: ; not directly referenced +loc_0000a976: ; not directly referenced mov ax, word [esi + 0xa] mov ecx, dword [esi + 0xc] mov word [ebp - 0x40], ax mov dword [ebp - 0x50], ecx test ax, ax -jne short loc_0000a974 ; jne 0xa974 -jmp short loc_0000a94c ; jmp 0xa94c +jne short loc_0000a9e2 ; jne 0xa9e2 +jmp short loc_0000a9ba ; jmp 0xa9ba -loc_0000a91d: ; not directly referenced +loc_0000a98b: ; not directly referenced cmp word [ebp - 0x40], 3 mov dword [ebp - 0x44], ecx -ja short loc_0000a908 ; ja 0xa908 +ja short loc_0000a976 ; ja 0xa976 movzx eax, word [esi + 0xa] sub esp, 0xc add eax, edi push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov ecx, dword [ebp - 0x44] cmp ax, 0xcafe -je short loc_0000a908 ; je 0xa908 +je short loc_0000a976 ; je 0xa976 -loc_0000a942: ; not directly referenced +loc_0000a9b0: ; not directly referenced inc ecx -jmp short loc_0000a8cc ; jmp 0xa8cc +jmp short loc_0000a93a ; jmp 0xa93a -loc_0000a945: ; not directly referenced +loc_0000a9b3: ; not directly referenced mov dword [ebp - 0x50], 0x1f -loc_0000a94c: ; not directly referenced +loc_0000a9ba: ; not directly referenced push 0x1e push ebx push dword [ebp - 0x3c] push dword [ebp - 0x54] -call fcn_0000a005 ; call 0xa005 +call fcn_0000a073 ; call 0xa073 add esp, 0x10 mov dword [ebp - 0x44], 0 mov dword [ebp - 0x4c], 0 mov word [ebp - 0x40], ax test ax, ax -je short loc_0000a9b9 ; je 0xa9b9 +je short loc_0000aa27 ; je 0xaa27 -loc_0000a974: ; not directly referenced +loc_0000a9e2: ; not directly referenced mov eax, dword [ebp - 0x74] sub esp, 0xc add eax, dword [ebp + 8] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebp - 0x4c], eax movzx eax, word [ebp - 0x40] lea eax, [edi + eax + 4] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dword [ebp - 0x44], eax -jmp short loc_0000a9b9 ; jmp 0xa9b9 +jmp short loc_0000aa27 ; jmp 0xaa27 -loc_0000a99e: ; not directly referenced +loc_0000aa0c: ; not directly referenced mov dword [ebp - 0x50], 0x1f mov dword [ebp - 0x44], 0 mov dword [ebp - 0x4c], 0 mov word [ebp - 0x40], 0 -loc_0000a9b9: ; not directly referenced +loc_0000aa27: ; not directly referenced movzx esi, byte [ebp - 0x60] sub esp, 0xc add esi, edi lea eax, [esi + 0x24] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x800 mov dword [ebp - 0x60], eax -je short loc_0000a9e1 ; je 0xa9e1 +je short loc_0000aa4f ; je 0xaa4f mov eax, dword [ebp + 0x3c] cmp byte [eax + 0x12], 1 -je short loc_0000a9e7 ; je 0xa9e7 +je short loc_0000aa55 ; je 0xaa55 -loc_0000a9e1: ; not directly referenced +loc_0000aa4f: ; not directly referenced mov eax, dword [ebp + 0x48] mov byte [eax], 0 -loc_0000a9e7: ; not directly referenced +loc_0000aa55: ; not directly referenced cmp dword [ebp + 0x20], 1 -ja loc_0000aced ; ja 0xaced +ja loc_0000ad5b ; ja 0xad5b lea eax, [esi + 0xc] sub esp, 0xc push eax mov dword [ebp - 0x60], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, 0x40000 -jne short loc_0000aa10 ; jne 0xaa10 +jne short loc_0000aa7e ; jne 0xaa7e mov eax, dword [ebp + 0x44] mov byte [eax], 0 -loc_0000aa10: ; not directly referenced +loc_0000aa7e: ; not directly referenced sub esp, 0xc push dword [ebp - 0x60] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 shr bx, 0xa add esp, 0x10 and ebx, 3 test al, al -je short loc_0000aa46 ; je 0xaa46 +je short loc_0000aab4 ; je 0xaab4 movzx eax, bx push eax push dword [ebp - 0x3c] -push ref_0002210b ; push 0x2210b +push ref_0002219b ; push 0x2219b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000aa46: ; not directly referenced +loc_0000aab4: ; not directly referenced cmp dword [ebp + 0x20], 0 -jne loc_0000aba5 ; jne 0xaba5 +jne loc_0000ac13 ; jne 0xac13 lea eax, [esi + 4] sub esp, 0xc push eax mov dword [ebp - 0x68], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ax, ax -js short loc_0000aa87 ; js 0xaa87 -call fcn_000153e9 ; call 0x153e9 +js short loc_0000aaf5 ; js 0xaaf5 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000aa81 ; je 0xaa81 +je short loc_0000aaef ; je 0xaaef push ecx push ecx -push ref_00022135 ; push 0x22135 +push ref_000221c5 ; push 0x221c5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000aa81: ; not directly referenced +loc_0000aaef: ; not directly referenced mov eax, dword [ebp + 0x40] mov byte [eax], 1 -loc_0000aa87: ; not directly referenced +loc_0000aaf5: ; not directly referenced sub esp, 0xc xor esi, esi lea eax, [edi + 0xb] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov byte [ebp - 0x6b], al lea eax, [edi + 0xa] mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 -loc_0000aaa6: ; not directly referenced +loc_0000ab14: ; not directly referenced mov ecx, esi movzx edx, cl cmp edx, dword [ebp + 0x14] -jae short loc_0000ab03 ; jae 0xab03 +jae short loc_0000ab71 ; jae 0xab71 imul edx, edx, 0x18 add edx, dword [ebp + 0x18] test byte [edx + 8], 1 -je short loc_0000ab00 ; je 0xab00 +je short loc_0000ab6e ; je 0xab6e mov cx, word [edx] cmp cx, word [ebp - 0x46] -je short loc_0000aac9 ; je 0xaac9 +je short loc_0000ab37 ; je 0xab37 inc cx -jne short loc_0000ab00 ; jne 0xab00 +jne short loc_0000ab6e ; jne 0xab6e -loc_0000aac9: ; not directly referenced +loc_0000ab37: ; not directly referenced mov cx, word [edx + 2] cmp cx, word [ebp - 0x48] -je short loc_0000aad7 ; je 0xaad7 +je short loc_0000ab45 ; je 0xab45 inc cx -jne short loc_0000ab00 ; jne 0xab00 +jne short loc_0000ab6e ; jne 0xab6e -loc_0000aad7: ; not directly referenced +loc_0000ab45: ; not directly referenced mov cl, byte [edx + 4] cmp cl, byte [ebp - 0x56] -je short loc_0000aae3 ; je 0xaae3 +je short loc_0000ab51 ; je 0xab51 inc cl -jne short loc_0000ab00 ; jne 0xab00 +jne short loc_0000ab6e ; jne 0xab6e -loc_0000aae3: ; not directly referenced +loc_0000ab51: ; not directly referenced mov cl, byte [edx + 5] cmp cl, byte [ebp - 0x6b] -je short loc_0000aaef ; je 0xaaef +je short loc_0000ab5d ; je 0xab5d inc cl -jne short loc_0000ab00 ; jne 0xab00 +jne short loc_0000ab6e ; jne 0xab6e -loc_0000aaef: ; not directly referenced +loc_0000ab5d: ; not directly referenced mov cl, byte [edx + 6] cmp cl, al -jne short loc_0000aafc ; jne 0xaafc +jne short loc_0000ab6a ; jne 0xab6a -loc_0000aaf6: ; not directly referenced +loc_0000ab64: ; not directly referenced movzx ebx, byte [edx + 7] -jmp short loc_0000ab03 ; jmp 0xab03 +jmp short loc_0000ab71 ; jmp 0xab71 -loc_0000aafc: ; not directly referenced +loc_0000ab6a: ; not directly referenced inc cl -je short loc_0000aaf6 ; je 0xaaf6 +je short loc_0000ab64 ; je 0xab64 -loc_0000ab00: ; not directly referenced +loc_0000ab6e: ; not directly referenced inc esi -jmp short loc_0000aaa6 ; jmp 0xaaa6 +jmp short loc_0000ab14 ; jmp 0xab14 -loc_0000ab03: ; not directly referenced +loc_0000ab71: ; not directly referenced test bl, 2 -je short loc_0000ab54 ; je 0xab54 +je short loc_0000abc2 ; je 0xabc2 mov ecx, dword [ebp + 0xc] sub esp, 0xc mov eax, dword [ebp + 8] lea eax, [eax + ecx + 0xc] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop ecx push dword [ebp - 0x60] mov esi, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e and esi, 0x38000 pop edx push dword [ebp - 0x68] and eax, 0x38000 cmp eax, esi cmovae esi, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e shr esi, 6 mov edx, ebx and edx, 0xfffffffd @@ -17547,26 +17590,26 @@ and eax, 0xe00 cmp esi, eax cmova ebx, edx -loc_0000ab54: ; not directly referenced +loc_0000abc2: ; not directly referenced test bl, 1 -je short loc_0000aba5 ; je 0xaba5 +je short loc_0000ac13 ; je 0xac13 mov ecx, dword [ebp + 0xc] sub esp, 0xc mov eax, dword [ebp + 8] lea eax, [eax + ecx + 0xc] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax pop eax and esi, 0x7000 push dword [ebp - 0x60] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx push dword [ebp - 0x68] and eax, 0x7000 cmp eax, esi cmovae esi, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e shr esi, 6 mov edx, ebx and edx, 0xfffffffe @@ -17575,39 +17618,39 @@ and eax, 0x1c0 cmp esi, eax cmova ebx, edx -loc_0000aba5: ; not directly referenced +loc_0000ac13: ; not directly referenced mov eax, dword [ebp + 0x1c] and word [eax], bx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000abca ; je 0xabca +je short loc_0000ac38 ; je 0xac38 movzx ebx, bx push ebx push dword [ebp - 0x3c] -push ref_00022168 ; push 0x22168 +push ref_000221f8 ; push 0x221f8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000abca: ; not directly referenced +loc_0000ac38: ; not directly referenced cmp dword [ebp - 0x5c], 2 -jne short loc_0000ac4a ; jne 0xac4a +jne short loc_0000acb8 ; jne 0xacb8 cmp word [ebp - 0x40], 0 -je short loc_0000ac4a ; je 0xac4a +je short loc_0000acb8 ; je 0xacb8 cmp word [ebp - 0x6a], 0 -je short loc_0000ac4a ; je 0xac4a +je short loc_0000acb8 ; je 0xacb8 mov eax, dword [ebp - 0x4c] and eax, 0x1f cmp eax, 0x1f -jne short loc_0000ac4a ; jne 0xac4a +jne short loc_0000acb8 ; jne 0xacb8 mov ecx, dword [ebp - 0x50] mov eax, dword [ebp - 0x44] and eax, ecx cmp eax, ecx -jne short loc_0000ac4a ; jne 0xac4a +jne short loc_0000acb8 ; jne 0xacb8 mov eax, dword [ebp + 0x3c] cmp byte [eax + 0x11], 0 -je short loc_0000ac4a ; je 0xac4a +je short loc_0000acb8 ; je 0xacb8 mov eax, dword [ebp + 0x2c] mov ebx, dword [ebp + 0x30] mov byte [eax], 1 @@ -17620,10 +17663,10 @@ shr ecx, 0x13 and edx, 3 and ecx, 0x1f cmp eax, dword [ebx] -jbe short loc_0000ac23 ; jbe 0xac23 +jbe short loc_0000ac91 ; jbe 0xac91 mov dword [ebx], eax -loc_0000ac23: ; not directly referenced +loc_0000ac91: ; not directly referenced mov eax, dword [ebp + 0x38] movzx edx, dl movzx ecx, cl @@ -17634,42 +17677,42 @@ imul ebx, ecx mov eax, dword [ebp + eax*4 - 0x28] imul eax, dword [esi] cmp ebx, eax -jbe short loc_0000ac4a ; jbe 0xac4a +jbe short loc_0000acb8 ; jbe 0xacb8 mov eax, dword [ebp + 0x38] mov dword [esi], ecx mov dword [eax], edx -loc_0000ac4a: ; not directly referenced +loc_0000acb8: ; not directly referenced mov eax, dword [ebp + 0x24] xor edx, edx mov ebx, dword [eax] -loc_0000ac51: ; not directly referenced +loc_0000acbf: ; not directly referenced movzx esi, dl cmp esi, dword [ebp + 0x14] -jae loc_0000ae9a ; jae 0xae9a +jae loc_0000af08 ; jae 0xaf08 imul esi, esi, 0x18 add esi, dword [ebp + 0x18] test byte [esi + 8], 4 -je short loc_0000ace7 ; je 0xace7 +je short loc_0000ad55 ; je 0xad55 mov ax, word [ebp - 0x46] cmp word [esi], ax -jne short loc_0000ace7 ; jne 0xace7 +jne short loc_0000ad55 ; jne 0xad55 mov ax, word [esi + 2] cmp ax, word [ebp - 0x48] -je short loc_0000ac80 ; je 0xac80 +je short loc_0000acee ; je 0xacee inc ax -jne short loc_0000ace7 ; jne 0xace7 +jne short loc_0000ad55 ; jne 0xad55 -loc_0000ac80: ; not directly referenced +loc_0000acee: ; not directly referenced mov al, byte [esi + 4] cmp al, byte [ebp - 0x56] -jne short loc_0000acb7 ; jne 0xacb7 +jne short loc_0000ad25 ; jne 0xad25 -loc_0000ac88: ; not directly referenced +loc_0000acf6: ; not directly referenced movzx eax, word [esi + 0x12] test ax, ax -jns short loc_0000acbd ; jns 0xacbd +jns short loc_0000ad2b ; jns 0xad2b push ecx mov edx, ebx push ecx @@ -17679,60 +17722,60 @@ lea eax, [ebp - 0x2a] push eax shr edx, 0x10 mov word [ebp - 0x2a], dx -call fcn_0000a6b5 ; call 0xa6b5 +call fcn_0000a723 ; call 0xa723 movzx eax, word [ebp - 0x2a] add esp, 0x10 shl eax, 0x10 or ebx, eax -jmp short loc_0000acbd ; jmp 0xacbd +jmp short loc_0000ad2b ; jmp 0xad2b -loc_0000acb7: ; not directly referenced +loc_0000ad25: ; not directly referenced inc al -jne short loc_0000ace7 ; jne 0xace7 -jmp short loc_0000ac88 ; jmp 0xac88 +jne short loc_0000ad55 ; jne 0xad55 +jmp short loc_0000acf6 ; jmp 0xacf6 -loc_0000acbd: ; not directly referenced +loc_0000ad2b: ; not directly referenced movzx eax, word [esi + 0x10] test ax, ax -jns short loc_0000acdd ; jns 0xacdd +jns short loc_0000ad4b ; jns 0xad4b push edx push edx push eax lea eax, [ebp - 0x2a] push eax mov word [ebp - 0x2a], bx -call fcn_0000a6b5 ; call 0xa6b5 +call fcn_0000a723 ; call 0xa723 mov bx, word [ebp - 0x2a] add esp, 0x10 -loc_0000acdd: ; not directly referenced +loc_0000ad4b: ; not directly referenced mov eax, dword [ebp + 0x24] mov dword [eax], ebx -jmp near loc_0000ae9a ; jmp 0xae9a +jmp near loc_0000af08 ; jmp 0xaf08 -loc_0000ace7: ; not directly referenced +loc_0000ad55: ; not directly referenced inc edx -jmp near loc_0000ac51 ; jmp 0xac51 +jmp near loc_0000acbf ; jmp 0xacbf -loc_0000aced: ; not directly referenced +loc_0000ad5b: ; not directly referenced cmp dword [ebp + 0x20], 2 -jne loc_0000ae9a ; jne 0xae9a +jne loc_0000af08 ; jne 0xaf08 cmp dword [ebp - 0x5c], 2 -jne loc_0000adba ; jne 0xadba +jne loc_0000ae28 ; jne 0xae28 cmp word [ebp - 0x40], 0 -je loc_0000adba ; je 0xadba +je loc_0000ae28 ; je 0xae28 mov eax, dword [ebp + 0x2c] cmp byte [eax], 0 -je loc_0000adba ; je 0xadba +je loc_0000ae28 ; je 0xae28 mov eax, dword [ebp - 0x4c] and eax, 0x1f cmp eax, 0x1f -jne loc_0000adba ; jne 0xadba +jne loc_0000ae28 ; jne 0xae28 mov eax, dword [ebp - 0x44] mov ecx, dword [ebp - 0x50] and eax, ecx cmp eax, ecx -jne loc_0000adba ; jne 0xadba +jne loc_0000ae28 ; jne 0xae28 push eax mov eax, dword [ebp + 0x34] movzx edx, word [ebp - 0x40] @@ -17745,14 +17788,14 @@ push eax push 0xffffff07 push ecx mov dword [ebp - 0x40], ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp + 0x38] add esp, 0xc mov ecx, dword [ebp - 0x40] push dword [eax] push 0xfffffffffffffffc push ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov edx, dword [ebp - 0x44] add esp, 0xc push 0x40a00000 @@ -17760,44 +17803,44 @@ push 0x1c00ffff add edx, 8 push edx mov dword [ebp - 0x40], edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp + 0x3c] add esp, 0x10 mov edx, dword [ebp - 0x40] mov al, byte [eax + 0x11] cmp al, 1 -je short loc_0000ada8 ; je 0xada8 +je short loc_0000ae16 ; je 0xae16 cmp al, 2 setne al movzx eax, al lea eax, [eax + eax + 0xd] -jmp short loc_0000adad ; jmp 0xadad +jmp short loc_0000ae1b ; jmp 0xae1b -loc_0000ada8: ; not directly referenced +loc_0000ae16: ; not directly referenced mov eax, 0xe -loc_0000adad: ; not directly referenced +loc_0000ae1b: ; not directly referenced push ecx push eax push 0xffffffffffffffe0 push edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_0000adba: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ae28: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000addc ; je 0xaddc +je short loc_0000ae4a ; je 0xae4a mov eax, dword [ebp + 0x1c] movzx eax, word [eax] push eax push dword [ebp - 0x3c] -push ref_00022197 ; push 0x22197 +push ref_00022227 ; push 0x22227 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000addc: ; not directly referenced +loc_0000ae4a: ; not directly referenced push eax mov eax, dword [ebp + 0x1c] movzx eax, word [eax] @@ -17805,31 +17848,31 @@ push eax push 0xfffc lea eax, [esi + 0x10] push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 cmp dword [ebp - 0x60], 0 -je short loc_0000ae17 ; je 0xae17 +je short loc_0000ae85 ; je 0xae85 mov eax, dword [ebp + 0x3c] cmp byte [eax + 0x12], 1 -jne short loc_0000ae17 ; jne 0xae17 +jne short loc_0000ae85 ; jne 0xae85 push ecx add esi, 0x28 push ecx push 0x400 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_0000ae17: ; not directly referenced +loc_0000ae85: ; not directly referenced push 0x18 push ebx push dword [ebp - 0x3c] push dword [ebp - 0x54] -call fcn_0000a005 ; call 0xa005 +call fcn_0000a073 ; call 0xa073 add esp, 0x10 movzx ebx, ax test bx, bx -je short loc_0000ae9a ; je 0xae9a +je short loc_0000af08 ; je 0xaf08 mov eax, dword [ebp + 0x24] lea esi, [ebp - 0x2a] add ebx, edi @@ -17842,7 +17885,7 @@ push edx push edx push eax push esi -call fcn_0000a6b5 ; call 0xa6b5 +call fcn_0000a723 ; call 0xa723 movzx eax, word [ebp - 0x2a] add esp, 0xc push eax @@ -17850,7 +17893,7 @@ push 0xe000 lea eax, [ebx + 4] add ebx, 6 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 mov eax, dword [ebp + 0x3c] mov edx, dword [ebp - 0x40] pop ecx @@ -17860,40 +17903,40 @@ mov word [ebp - 0x2a], dx pop edx push eax push esi -call fcn_0000a6b5 ; call 0xa6b5 +call fcn_0000a723 ; call 0xa723 movzx eax, word [ebp - 0x2a] add esp, 0xc push eax push 0xe000 push ebx -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 -loc_0000ae9a: ; not directly referenced +loc_0000af08: ; not directly referenced sub esp, 0xc lea eax, [edi + 0xb] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp al, 6 -jne loc_0000af84 ; jne 0xaf84 +jne loc_0000aff2 ; jne 0xaff2 sub esp, 0xc mov bl, 1 lea eax, [edi + 0x19] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, al -jne short loc_0000af04 ; jne 0xaf04 +jne short loc_0000af72 ; jne 0xaf72 mov eax, dword [ebp + 8] sub esp, 0xc add eax, 0x1a push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov bl, byte [ebp - 0x58] add esp, 0x10 cmp al, bl -jbe loc_0000af9f ; jbe 0xaf9f +jbe loc_0000b00d ; jbe 0xb00d movzx eax, al shl eax, 0x10 or eax, dword [ebp - 0x64] @@ -17902,15 +17945,15 @@ push eax push 0xff000000 lea eax, [edi + 0x18] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov al, bl add esp, 0x10 inc eax xor ebx, ebx -loc_0000af04: ; not directly referenced +loc_0000af72: ; not directly referenced cmp al, byte [ebp - 0x58] -jbe short loc_0000af84 ; jbe 0xaf84 +jbe short loc_0000aff2 ; jbe 0xaff2 movzx esi, al movzx eax, byte [ebp - 0x6c] push ecx @@ -17933,46 +17976,46 @@ push dword [ebp + 0x14] push esi push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_0000a761 ; call 0xa761 +call fcn_0000a7cf ; call 0xa7cf add esp, 0x50 cmp eax, 0x8000000e -jne short loc_0000af6d ; jne 0xaf6d -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000afdb ; jne 0xafdb +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000af6d ; je 0xaf6d +je short loc_0000afdb ; je 0xafdb push edx push esi -push ref_000221c4 ; push 0x221c4 +push ref_00022254 ; push 0x22254 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000af6d: ; not directly referenced +loc_0000afdb: ; not directly referenced test bl, bl -jne short loc_0000af84 ; jne 0xaf84 +jne short loc_0000aff2 ; jne 0xaff2 push eax push eax push 0xff000000 lea eax, [edi + 0x18] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_0000af84: ; not directly referenced +loc_0000aff2: ; not directly referenced inc byte [ebp - 0x57] mov al, byte [ebp - 0x55] cmp byte [ebp - 0x57], al -jbe loc_0000a808 ; jbe 0xa808 -jmp near loc_0000a7da ; jmp 0xa7da +jbe loc_0000a876 ; jbe 0xa876 +jmp near loc_0000a848 ; jmp 0xa848 -loc_0000af98: ; not directly referenced +loc_0000b006: ; not directly referenced mov eax, 0x8000000e -jmp short loc_0000afa4 ; jmp 0xafa4 +jmp short loc_0000b012 ; jmp 0xb012 -loc_0000af9f: ; not directly referenced +loc_0000b00d: ; not directly referenced mov eax, 0x80000009 -loc_0000afa4: ; not directly referenced +loc_0000b012: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -17980,7 +18023,7 @@ pop edi pop ebp ret -fcn_0000afac: ; not directly referenced +fcn_0000b01a: ; not directly referenced push ebp mov ebp, esp push edi @@ -18000,9 +18043,9 @@ mov edx, dword [ebp + 0x2c] mov dword [ebp - 0x5c], ecx mov dword [ebp - 0x40], eax mov dword [ebp - 0x60], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov ecx, edi add esp, 0xc movzx ecx, cl @@ -18016,11 +18059,11 @@ mov dword [ebp - 0x48], eax push ecx push edi mov dword [ebp - 0x50], ecx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edi, eax lea eax, [esi + 0xf0] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ecx, dword [ebp + 0x28] mov edx, dword [ebp + 0x34] mov dword [ebp - 0x24], 0 @@ -18031,16 +18074,16 @@ mov dword [ebp - 0x40], eax mov dword [esp], edi mov dword [ebp - 0x1c], 0 mov byte [ebp - 0x29], 0 -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je loc_0000b26b ; je 0xb26b +je loc_0000b2d9 ; je 0xb2d9 cmp dword [ebp - 0x48], 2 -jne short loc_0000b0a5 ; jne 0xb0a5 +jne short loc_0000b113 ; jne 0xb113 sub esp, 0xc lea eax, [esi + 0x48] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov esi, dword [ebp - 0x40] and esi, 0xffffc000 mov ebx, eax @@ -18049,49 +18092,49 @@ and ebx, 0xfffc pop edx push dword [ebp - 0x3c] push esi -call fcn_0001c307 ; call 0x1c307 +call fcn_0001c3cb ; call 0x1c3cb movzx eax, al lea eax, [ebx + eax*8 + 0x190] mov dword [esp], eax -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 test al, 1 -jne short loc_0000b0a5 ; jne 0xb0a5 +jne short loc_0000b113 ; jne 0xb113 mov eax, dword [ebp + 0x34] mov byte [eax], 1 -loc_0000b0a5: ; not directly referenced +loc_0000b113: ; not directly referenced push 0x10 push dword [ebp - 0x3c] push dword [ebp - 0x50] push dword [ebp - 0x54] -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x10 movzx eax, al mov dword [ebp - 0x4c], eax test eax, eax -jne short loc_0000b0ee ; jne 0xb0ee -call fcn_000153f0 ; call 0x153f0 +jne short loc_0000b15c ; jne 0xb15c +call fcn_00015480 ; call 0x15480 mov ebx, 0x80000003 test al, al -je loc_0000b26b ; je 0xb26b +je loc_0000b2d9 ; je 0xb2d9 push esi -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x4f7 -push ref_00022076 ; push 0x22076 -call fcn_000153fc ; call 0x153fc -jmp near loc_0000b268 ; jmp 0xb268 +push ref_00022106 ; push 0x22106 +call fcn_0001548c ; call 0x1548c +jmp near loc_0000b2d6 ; jmp 0xb2d6 -loc_0000b0ee: ; not directly referenced +loc_0000b15c: ; not directly referenced mov eax, dword [ebp - 0x4c] sub esp, 0xc lea esi, [eax + edi] lea eax, [esi + 0x24] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e lea eax, [esi + 0xc] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ecx, dword [ebp + 0x30] add esp, 0x10 mov edx, dword [ebp + 0x24] @@ -18100,25 +18143,25 @@ and eax, 3 mov word [ecx], ax mov dl, byte [edx + 0x10] cmp dl, 4 -je short loc_0000b134 ; je 0xb134 +je short loc_0000b1a2 ; je 0xb1a2 and eax, edx mov word [ecx], ax mov dword [ebp - 0x40], 1 -jmp short loc_0000b13b ; jmp 0xb13b +jmp short loc_0000b1a9 ; jmp 0xb1a9 -loc_0000b134: ; not directly referenced +loc_0000b1a2: ; not directly referenced mov dword [ebp - 0x40], 0 -loc_0000b13b: ; not directly referenced +loc_0000b1a9: ; not directly referenced sub esp, 0xc lea eax, [edi + 0x19] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x41], 1 mov bl, al test al, al -jne short loc_0000b17d ; jne 0xb17d +jne short loc_0000b1eb ; jne 0xb1eb mov ebx, dword [ebp - 0x58] movzx edx, byte [ebp - 0x5c] push ecx @@ -18130,58 +18173,58 @@ push eax push 0xff0000ff lea eax, [edi + 0x18] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 mov byte [ebp - 0x41], 0 -loc_0000b17d: ; not directly referenced +loc_0000b1eb: ; not directly referenced sub esp, 0xc add esi, 0x1a push esi xor esi, esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp dword [ebp - 0x48], 2 mov dword [ebp - 0x28], 0 mov word [ebp - 0x58], ax -jne short loc_0000b1fd ; jne 0xb1fd +jne short loc_0000b26b ; jne 0xb26b push 0x1e push dword [ebp - 0x3c] push dword [ebp - 0x50] push dword [ebp - 0x54] -call fcn_0000a005 ; call 0xa005 +call fcn_0000a073 ; call 0xa073 add esp, 0x10 mov esi, eax test ax, ax -je short loc_0000b1fd ; je 0xb1fd +je short loc_0000b26b ; je 0xb26b movzx eax, ax sub esp, 0xc lea edx, [edi + eax + 4] push edx mov dword [ebp - 0x3c], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x3c] mov dword [esp], edx movzx eax, ah mov dword [ebp - 0x24], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x3c] mov dword [esp], edx shr eax, 0x10 and eax, 3 mov dword [ebp - 0x1c], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 shr eax, 0x13 and eax, 0x1f mov dword [ebp - 0x20], eax -loc_0000b1fd: ; not directly referenced +loc_0000b26b: ; not directly referenced xor eax, eax test bl, bl -je short loc_0000b250 ; je 0xb250 +je short loc_0000b2be ; je 0xb2be test byte [ebp - 0x58], 0x40 -je short loc_0000b250 ; je 0xb250 +je short loc_0000b2be ; je 0xb2be movzx eax, byte [ebp - 0x60] movzx ecx, si movzx ebx, bl @@ -18210,24 +18253,24 @@ push dword [ebp + 0x14] push ebx push dword [ebp - 0x4c] push edi -call fcn_0000a761 ; call 0xa761 +call fcn_0000a7cf ; call 0xa7cf add esp, 0x50 -loc_0000b250: ; not directly referenced +loc_0000b2be: ; not directly referenced cmp byte [ebp - 0x41], 0 mov ebx, eax -jne short loc_0000b26b ; jne 0xb26b +jne short loc_0000b2d9 ; jne 0xb2d9 push eax add edi, 0x18 push eax push 0xff0000ff push edi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e -loc_0000b268: ; not directly referenced +loc_0000b2d6: ; not directly referenced add esp, 0x10 -loc_0000b26b: ; not directly referenced +loc_0000b2d9: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -18236,7 +18279,7 @@ pop edi pop ebp ret -fcn_0000b275: ; not directly referenced +fcn_0000b2e3: ; not directly referenced push ebp mov ebp, esp push edi @@ -18262,9 +18305,9 @@ mov ecx, dword [ebp + 0x34] mov dword [ebp - 0x6c], ecx mov ecx, dword [ebp + 0x3c] mov dword [ebp - 0x70], ecx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb add esp, 0xc mov dword [ebp - 0x44], eax mov eax, edi @@ -18277,11 +18320,11 @@ mov dword [ebp - 0x60], eax movzx eax, byte [ebp - 0x3c] push eax mov dword [ebp - 0x64], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [ebx + 0xf0] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebp - 0x28], 0 mov dword [ebp - 0x24], 0 mov dword [ebp - 0x20], 0 @@ -18292,96 +18335,96 @@ mov eax, dword [ebp + 0x28] and dword [ebp - 0x48], 0xffffc000 mov byte [eax], 0 mov dword [esp], esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_0000b34d ; jne 0xb34d -call fcn_000153f0 ; call 0x153f0 +jne short loc_0000b3bb ; jne 0xb3bb +call fcn_00015480 ; call 0x15480 mov ebx, 0x8000000e test al, al -je loc_0000b8fb ; je 0xb8fb +je loc_0000b969 ; je 0xb969 push ecx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x5ca -jmp short loc_0000b3c7 ; jmp 0xb3c7 +jmp short loc_0000b435 ; jmp 0xb435 -loc_0000b34d: ; not directly referenced +loc_0000b3bb: ; not directly referenced cmp dword [ebp - 0x44], 2 -jne short loc_0000b38f ; jne 0xb38f +jne short loc_0000b3fd ; jne 0xb3fd sub esp, 0xc add ebx, 0x48 push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ebx, eax pop eax and ebx, 0xfffc pop edx push edi push dword [ebp - 0x48] -call fcn_0001c307 ; call 0x1c307 +call fcn_0001c3cb ; call 0x1c3cb movzx eax, al lea eax, [ebx + eax*8 + 0x190] mov dword [esp], eax -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 test al, 1 -jne short loc_0000b38f ; jne 0xb38f +jne short loc_0000b3fd ; jne 0xb3fd mov byte [ebp - 0x31], 1 -loc_0000b38f: ; not directly referenced +loc_0000b3fd: ; not directly referenced push 0x10 push edi push dword [ebp - 0x60] push dword [ebp - 0x64] -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x10 movzx eax, al mov dword [ebp - 0x50], eax test eax, eax -jne short loc_0000b3d9 ; jne 0xb3d9 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0000b447 ; jne 0xb447 +call fcn_00015480 ; call 0x15480 mov ebx, 0x80000003 test al, al -je loc_0000b8fb ; je 0xb8fb +je loc_0000b969 ; je 0xb969 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x5dc -loc_0000b3c7: ; not directly referenced -push ref_00022076 ; push 0x22076 -call fcn_000153fc ; call 0x153fc +loc_0000b435: ; not directly referenced +push ref_00022106 ; push 0x22106 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp near loc_0000b8fb ; jmp 0xb8fb +jmp near loc_0000b969 ; jmp 0xb969 -loc_0000b3d9: ; not directly referenced +loc_0000b447: ; not directly referenced mov eax, dword [ebp - 0x50] sub esp, 0xc add eax, esi mov dword [ebp - 0x4c], eax add eax, 0x24 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test ah, 8 -je short loc_0000b414 ; je 0xb414 +je short loc_0000b482 ; je 0xb482 mov eax, dword [ebp + 0x24] cmp byte [eax + 0x12], 1 -jne short loc_0000b414 ; jne 0xb414 +jne short loc_0000b482 ; jne 0xb482 push eax push eax mov eax, dword [ebp - 0x4c] push 0x400 add eax, 0x28 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_0000b414: ; not directly referenced +loc_0000b482: ; not directly referenced mov eax, dword [ebp - 0x4c] sub esp, 0xc add eax, 0xc push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ecx, dword [ebp + 0x24] add esp, 0x10 mov dl, byte [ecx + 0x10] @@ -18389,25 +18432,25 @@ shr ax, 0xa and eax, 3 mov word [ebp - 0x2e], ax cmp dl, 4 -je short loc_0000b449 ; je 0xb449 +je short loc_0000b4b7 ; je 0xb4b7 and eax, edx mov ebx, 1 mov word [ebp - 0x2e], ax -jmp short loc_0000b44b ; jmp 0xb44b +jmp short loc_0000b4b9 ; jmp 0xb4b9 -loc_0000b449: ; not directly referenced +loc_0000b4b7: ; not directly referenced xor ebx, ebx -loc_0000b44b: ; not directly referenced +loc_0000b4b9: ; not directly referenced sub esp, 0xc lea eax, [esi + 0x19] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x51], 1 mov byte [ebp - 0x3c], al test al, al -jne short loc_0000b492 ; jne 0xb492 +jne short loc_0000b500 ; jne 0xb500 movzx edx, byte [ebp - 0x58] push eax movzx eax, byte [ebp - 0x40] @@ -18418,58 +18461,58 @@ push eax push 0xff0000ff lea eax, [esi + 0x18] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov al, byte [ebp - 0x40] add esp, 0x10 mov byte [ebp - 0x51], 0 mov byte [ebp - 0x3c], al -loc_0000b492: ; not directly referenced +loc_0000b500: ; not directly referenced mov eax, dword [ebp - 0x4c] sub esp, 0xc add eax, 0x1a push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp dword [ebp - 0x44], 2 mov dword [ebp - 0x2c], 0 mov word [ebp - 0x40], 0 mov word [ebp - 0x58], ax -jne short loc_0000b510 ; jne 0xb510 +jne short loc_0000b57e ; jne 0xb57e push 0x1e push edi push dword [ebp - 0x60] push dword [ebp - 0x64] -call fcn_0000a005 ; call 0xa005 +call fcn_0000a073 ; call 0xa073 add esp, 0x10 mov word [ebp - 0x40], ax test ax, ax -je short loc_0000b510 ; je 0xb510 +je short loc_0000b57e ; je 0xb57e movzx eax, ax sub esp, 0xc lea edi, [esi + eax + 4] push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], edi movzx eax, ah mov dword [ebp - 0x28], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], edi shr eax, 0x10 and eax, 3 mov dword [ebp - 0x20], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 shr eax, 0x13 and eax, 0x1f mov dword [ebp - 0x24], eax -loc_0000b510: ; not directly referenced +loc_0000b57e: ; not directly referenced xor edi, edi cmp byte [ebp - 0x3c], 0 -je loc_0000b61b ; je 0xb61b +je loc_0000b689 ; je 0xb689 test byte [ebp - 0x58], 0x40 -je loc_0000b61b ; je 0xb61b +je loc_0000b689 ; je 0xb689 movzx eax, byte [ebp - 0x5c] push edi push edi @@ -18500,14 +18543,14 @@ push dword [ebp + 0x14] push eax push dword [ebp - 0x50] push esi -call fcn_0000a761 ; call 0xa761 +call fcn_0000a7cf ; call 0xa7cf add esp, 0x50 mov edi, eax mov eax, dword [ebp + 0x24] cmp byte [eax + 0x12], 1 -jne loc_0000b61b ; jne 0xb61b +jne loc_0000b689 ; jne 0xb689 cmp byte [eax + 0x18], 1 -jne short loc_0000b5a2 ; jne 0xb5a2 +jne short loc_0000b610 ; jne 0xb610 mov ecx, dword [ebp + 0x24] mov eax, dword [ebp - 0x2c] movzx edx, word [ecx + 0x1a] @@ -18519,10 +18562,10 @@ shl edx, 0xa or eax, edx mov dword [ebp - 0x2c], eax -loc_0000b5a2: ; not directly referenced +loc_0000b610: ; not directly referenced mov eax, dword [ebp + 0x24] cmp byte [eax + 0x1c], 1 -jne short loc_0000b5cc ; jne 0xb5cc +jne short loc_0000b63a ; jne 0xb63a mov ecx, dword [ebp + 0x24] movzx eax, word [ebp - 0x2c] movzx edx, byte [ecx + 0x1d] @@ -18534,16 +18577,16 @@ shl edx, 0x10 or eax, edx mov dword [ebp - 0x2c], eax -loc_0000b5cc: ; not directly referenced +loc_0000b63a: ; not directly referenced mov eax, dword [ebp - 0x2c] test eax, eax -je short loc_0000b61b ; je 0xb61b +je short loc_0000b689 ; je 0xb689 push edx push edx push eax lea eax, [esi + 0x400] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov eax, dword [ebp + 0x24] pop ecx mov ecx, dword [ebp + 0x24] @@ -18562,15 +18605,15 @@ cmove eax, edx push eax lea eax, [esi + 0x404] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_0000b61b: ; not directly referenced +loc_0000b689: ; not directly referenced cmp dword [ebp - 0x44], 2 -jne loc_0000b814 ; jne 0xb814 +jne loc_0000b882 ; jne 0xb882 mov eax, dword [ebp + 0x28] cmp byte [eax], 0 -je loc_0000b6cd ; je 0xb6cd +je loc_0000b73b ; je 0xb73b push eax mov eax, dword [ebp - 0x28] movzx edx, word [ebp - 0x40] @@ -18581,7 +18624,7 @@ lea ebx, [edx + 8] push 0xffff00ff push ebx mov dword [ebp - 0x60], edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp - 0x24] add esp, 0xc mov edx, dword [ebp - 0x60] @@ -18591,81 +18634,81 @@ add edx, 0xc push eax push 0xffffff04 push edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x40a00000 push 0x1c00ffff push ebx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 test byte [ebp - 0x2e], 2 -je short loc_0000b6a3 ; je 0xb6a3 +je short loc_0000b711 ; je 0xb711 cmp byte [ebp - 0x31], 0 -je short loc_0000b6a3 ; je 0xb6a3 +je short loc_0000b711 ; je 0xb711 push ecx push ecx push 1 lea eax, [esi + 0x420] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_0000b6a3: ; not directly referenced +loc_0000b711: ; not directly referenced mov eax, dword [ebp + 0x24] mov al, byte [eax + 0x11] cmp al, 1 -je short loc_0000b6bb ; je 0xb6bb +je short loc_0000b729 ; je 0xb729 cmp al, 2 setne al movzx eax, al lea eax, [eax + eax + 0xd] -jmp short loc_0000b6c0 ; jmp 0xb6c0 +jmp short loc_0000b72e ; jmp 0xb72e -loc_0000b6bb: ; not directly referenced +loc_0000b729: ; not directly referenced mov eax, 0xe -loc_0000b6c0: ; not directly referenced +loc_0000b72e: ; not directly referenced push edx push eax push 0xffffffffffffffe0 push ebx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_0000b6cd: ; not directly referenced +loc_0000b73b: ; not directly referenced test byte [ebp - 0x2e], 2 -je loc_0000b814 ; je 0xb814 +je loc_0000b882 ; je 0xb882 cmp byte [ebp - 0x31], 0 -je loc_0000b814 ; je 0xb814 +je loc_0000b882 ; je 0xb882 mov eax, dword [ebp + 0x28] cmp byte [eax], 0 -je short loc_0000b6ff ; je 0xb6ff +je short loc_0000b76d ; je 0xb76d push eax push eax push 0xfffdffff lea eax, [esi + 0x420] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_0000b6ff: ; not directly referenced +loc_0000b76d: ; not directly referenced push ebx push ebx push 0x20000000 lea eax, [esi + 0x420] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp byte [ebp - 0x68], 0 -je loc_0000b814 ; je 0xb814 +je loc_0000b882 ; je 0xb882 cmp byte [ebp - 0x6c], 0 -je loc_0000b814 ; je 0xb814 +je loc_0000b882 ; je 0xb882 mov edi, dword [ebp - 0x48] push eax push eax push 0 push edi -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f pop edx pop ecx lea edx, [ebp - 0x2f] @@ -18678,40 +18721,40 @@ push eax push 4 push 0xe00000e0 push edi -call fcn_00009e5f ; call 0x9e5f +call fcn_00009ecd ; call 0x9ecd add esp, 0x20 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000b79b ; je 0xb79b +je short loc_0000b809 ; je 0xb809 test ebx, ebx -jns short loc_0000b79b ; jns 0xb79b -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000b809 ; jns 0xb809 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000b783 ; je 0xb783 +je short loc_0000b7f1 ; je 0xb7f1 push edi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000b783: ; not directly referenced +loc_0000b7f1: ; not directly referenced push ebx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x6b4 -push ref_00022076 ; push 0x22076 -call fcn_000153fc ; call 0x153fc +push ref_00022106 ; push 0x22106 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000b79b: ; not directly referenced +loc_0000b809: ; not directly referenced mov edi, dword [ebp - 0x48] push eax push eax push 0 push edi or dword [ebp - 0x1c], 0x4000 -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f pop edx pop ecx lea edx, [ebp - 0x2f] @@ -18724,35 +18767,35 @@ push eax push 5 push 0xe00000e0 push edi -call fcn_00009e5f ; call 0x9e5f +call fcn_00009ecd ; call 0x9ecd add esp, 0x20 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000b814 ; je 0xb814 +je short loc_0000b882 ; je 0xb882 test edi, edi -jns short loc_0000b814 ; jns 0xb814 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000b882 ; jns 0xb882 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000b7fc ; je 0xb7fc +je short loc_0000b86a ; je 0xb86a push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000b7fc: ; not directly referenced +loc_0000b86a: ; not directly referenced push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x6be -push ref_00022076 ; push 0x22076 -call fcn_000153fc ; call 0x153fc +push ref_00022106 ; push 0x22106 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000b814: ; not directly referenced +loc_0000b882: ; not directly referenced cmp byte [ebp - 0x70], 1 -jne short loc_0000b834 ; jne 0xb834 +jne short loc_0000b8a2 ; jne 0xb8a2 push eax movzx eax, word [ebp - 0x2e] push eax @@ -18760,25 +18803,25 @@ mov eax, dword [ebp - 0x4c] push 0xfffc add eax, 0x10 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 -loc_0000b834: ; not directly referenced +loc_0000b8a2: ; not directly referenced cmp byte [ebp - 0x30], 0 -je short loc_0000b851 ; je 0xb851 +je short loc_0000b8bf ; je 0xb8bf push eax push 0x18 push 0xe3 lea eax, [esi + 0xd4] push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 -loc_0000b851: ; not directly referenced +loc_0000b8bf: ; not directly referenced cmp byte [ebp - 0x3c], 0 -je short loc_0000b8a9 ; je 0xb8a9 +je short loc_0000b917 ; je 0xb917 test byte [ebp - 0x58], 0x40 -je short loc_0000b8a9 ; je 0xb8a9 +je short loc_0000b917 ; je 0xb917 movzx eax, byte [ebp - 0x5c] push ebx push ebx @@ -18809,47 +18852,47 @@ push dword [ebp + 0x14] push eax push dword [ebp - 0x50] push esi -call fcn_0000a761 ; call 0xa761 +call fcn_0000a7cf ; call 0xa7cf add esp, 0x50 mov edi, eax -loc_0000b8a9: ; not directly referenced +loc_0000b917: ; not directly referenced cmp byte [ebp - 0x51], 0 -jne short loc_0000b8c2 ; jne 0xb8c2 +jne short loc_0000b930 ; jne 0xb930 push ecx push ecx push 0xff0000ff lea eax, [esi + 0x18] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_0000b8c2: ; not directly referenced +loc_0000b930: ; not directly referenced mov ebx, edi test edi, edi -js short loc_0000b8fb ; js 0xb8fb +js short loc_0000b969 ; js 0xb969 cmp word [ebp - 0x2e], 3 -jne short loc_0000b8fb ; jne 0xb8fb +jne short loc_0000b969 ; jne 0xb969 cmp dword [ebp - 0x44], 2 lea ebx, [esi + 0xe8] -jne short loc_0000b8ec ; jne 0xb8ec +jne short loc_0000b95a ; jne 0xb95a push edx push 8 push 0xf3 push ebx -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 -loc_0000b8ec: ; not directly referenced +loc_0000b95a: ; not directly referenced push eax push eax push 2 push ebx mov ebx, edi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000b8fb: ; not directly referenced +loc_0000b969: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -18858,7 +18901,7 @@ pop edi pop ebp ret -fcn_0000b905: ; not directly referenced +fcn_0000b973: ; not directly referenced push ebp mov ebp, esp push edi @@ -18881,15 +18924,15 @@ mov dword [ebp - 0x24], edi mov dword [ebp - 0x28], edx mov byte [ebp - 0x1f], bl mov dword [ebp - 0x1c], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edi, eax lea eax, [eax + 0x19] mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x1e], al test al, al -jne short loc_0000b97d ; jne 0xb97d +jne short loc_0000b9eb ; jne 0xb9eb mov eax, esi movzx edx, bl movzx eax, al @@ -18902,106 +18945,106 @@ push eax push 0xff000000 lea eax, [edi + 0x18] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -jmp short loc_0000b995 ; jmp 0xb995 +jmp short loc_0000ba03 ; jmp 0xba03 -loc_0000b97d: ; not directly referenced +loc_0000b9eb: ; not directly referenced sub esp, 0xc lea eax, [edi + 0x1a] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x1f], al mov al, byte [ebp - 0x1e] mov byte [ebp - 0x1d], al -loc_0000b995: ; not directly referenced +loc_0000ba03: ; not directly referenced push 0x10 push dword [ebp - 0x24] push dword [ebp - 0x28] push dword [ebp - 0x1c] -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 movzx eax, al lea eax, [edi + eax + 2] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, 0xf0 sar eax, 4 cmp al, 5 -jne short loc_0000b9e7 ; jne 0xb9e7 +jne short loc_0000ba55 ; jne 0xba55 sub esp, 0xc lea eax, [edi + 0xe] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x7f -je short loc_0000b9e7 ; je 0xb9e7 +je short loc_0000ba55 ; je 0xba55 -loc_0000b9d6: ; not directly referenced +loc_0000ba44: ; not directly referenced mov al, byte [ebp - 0x1d] xor ebx, ebx inc eax movzx eax, al mov dword [ebp - 0x34], eax -jmp near loc_0000baea ; jmp 0xbaea +jmp near loc_0000bb58 ; jmp 0xbb58 -loc_0000b9e7: ; not directly referenced +loc_0000ba55: ; not directly referenced push eax movzx eax, byte [ebp - 0x1d] mov ebx, 0x186a0 push 0 push 0 push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax pop eax pop edx push 0 push esi -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0x10 -loc_0000ba0a: ; not directly referenced +loc_0000ba78: ; not directly referenced sub esp, 0xc push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_0000b9d6 ; jne 0xb9d6 +jne short loc_0000ba44 ; jne 0xba44 sub esp, 0xc push 0xa -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec ebx -jne short loc_0000ba0a ; jne 0xba0a -jmp near loc_0000bbb8 ; jmp 0xbbb8 +jne short loc_0000ba78 ; jne 0xba78 +jmp near loc_0000bc26 ; jmp 0xbc26 -loc_0000ba2f: ; not directly referenced +loc_0000ba9d: ; not directly referenced push 0 push dword [ebp + 0x1c] push ebx push esi -call fcn_0000a4f1 ; call 0xa4f1 +call fcn_0000a55f ; call 0xa55f add esp, 0x10 cmp byte [ebp - 0x2d], 0 -jne short loc_0000ba5a ; jne 0xba5a +jne short loc_0000bac8 ; jne 0xbac8 sub esp, 0xc push ebx push esi push dword [ebp - 0x24] push dword [ebp - 0x28] push dword [ebp - 0x1c] -call fcn_0000a5d9 ; call 0xa5d9 +call fcn_0000a647 ; call 0xa647 add esp, 0x20 -loc_0000ba5a: ; not directly referenced +loc_0000bac8: ; not directly referenced push 0x10 push 0 push ebx push esi -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 movzx edx, al mov cl, al add edx, dword [ebp - 0x2c] @@ -19009,19 +19052,19 @@ mov dword [ebp - 0x4c], ecx lea eax, [edx + 2] mov dword [ebp - 0x38], edx mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [ebp - 0x48], ax mov eax, dword [ebp - 0x2c] add eax, 0xb mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov edx, dword [ebp - 0x38] mov ecx, dword [ebp - 0x4c] cmp al, 6 -je short loc_0000bb10 ; je 0xbb10 +je short loc_0000bb7e ; je 0xbb7e -loc_0000ba9d: ; not directly referenced +loc_0000bb0b: ; not directly referenced push edx push edx push 0 @@ -19030,49 +19073,49 @@ push esi push dword [ebp - 0x24] push dword [ebp - 0x28] push dword [ebp - 0x1c] -call fcn_0000a084 ; call 0xa084 +call fcn_0000a0f2 ; call 0xa0f2 add esp, 0x14 push ebx push esi push dword [ebp - 0x24] push dword [ebp - 0x28] push dword [ebp - 0x1c] -call fcn_0000a1b2 ; call 0xa1b2 +call fcn_0000a220 ; call 0xa220 add esp, 0x1c push dword [ebp - 0x24] push ebx push esi -call fcn_0000a37c ; call 0xa37c +call fcn_0000a3ea ; call 0xa3ea push 1 push dword [ebp + 0x1c] push ebx push esi -call fcn_0000a4f1 ; call 0xa4f1 +call fcn_0000a55f ; call 0xa55f add esp, 0x20 -loc_0000bae0: ; not directly referenced +loc_0000bb4e: ; not directly referenced inc ebx cmp ebx, 0x20 -je loc_0000bb9b ; je 0xbb9b +je loc_0000bc09 ; je 0xbc09 -loc_0000baea: ; not directly referenced +loc_0000bb58: ; not directly referenced movzx esi, byte [ebp - 0x1d] push eax push 0 push ebx push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov dword [ebp - 0x2c], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne loc_0000ba2f ; jne 0xba2f -jmp short loc_0000bae0 ; jmp 0xbae0 +jne loc_0000ba9d ; jne 0xba9d +jmp short loc_0000bb4e ; jmp 0xbb4e -loc_0000bb10: ; not directly referenced +loc_0000bb7e: ; not directly referenced test cl, cl -je short loc_0000ba9d ; je 0xba9d +je short loc_0000bb0b ; je 0xbb0b mov ecx, dword [ebp - 0x48] sub esp, 0xc add edx, 0x1a @@ -19080,20 +19123,20 @@ push edx and ecx, 0xf0 sar ecx, 4 mov dword [ebp - 0x2c], ecx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ecx, dword [ebp - 0x2c] add esp, 0x10 cmp cl, 5 -je short loc_0000bb4b ; je 0xbb4b +je short loc_0000bbb9 ; je 0xbbb9 cmp cl, 6 -jne loc_0000ba9d ; jne 0xba9d +jne loc_0000bb0b ; jne 0xbb0b test al, 0x40 -je loc_0000ba9d ; je 0xba9d +je loc_0000bb0b ; je 0xbb0b -loc_0000bb4b: ; not directly referenced +loc_0000bbb9: ; not directly referenced mov al, byte [ebp - 0x1d] cmp byte [ebp - 0x1f], al -jbe short loc_0000bb71 ; jbe 0xbb71 +jbe short loc_0000bbdf ; jbe 0xbbdf push eax push eax movzx eax, byte [ebp - 0x1f] @@ -19103,50 +19146,50 @@ push dword [ebp - 0x34] push 0 push ebx push esi -call fcn_0000b905 ; call 0xb905 +call fcn_0000b973 ; call 0xb973 add esp, 0x20 -jmp near loc_0000ba9d ; jmp 0xba9d +jmp near loc_0000bb0b ; jmp 0xbb0b -loc_0000bb71: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0000bbdf: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je loc_0000ba9d ; je 0xba9d +je loc_0000bb0b ; je 0xbb0b push ecx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x7aa -push ref_00022076 ; push 0x22076 -call fcn_000153fc ; call 0x153fc +push ref_00022106 ; push 0x22106 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp near loc_0000ba9d ; jmp 0xba9d +jmp near loc_0000bb0b ; jmp 0xbb0b -loc_0000bb9b: ; not directly referenced +loc_0000bc09: ; not directly referenced xor bl, bl cmp byte [ebp - 0x1e], 0 -jne short loc_0000bbd6 ; jne 0xbbd6 +jne short loc_0000bc44 ; jne 0xbc44 push eax push eax push 0xff000000 lea eax, [edi + 0x18] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -jmp short loc_0000bbd6 ; jmp 0xbbd6 +jmp short loc_0000bc44 ; jmp 0xbc44 -loc_0000bbb8: ; not directly referenced +loc_0000bc26: ; not directly referenced cmp byte [ebp - 0x1e], 0 -jne short loc_0000bbd1 ; jne 0xbbd1 +jne short loc_0000bc3f ; jne 0xbc3f push eax push eax push 0xff000000 lea eax, [edi + 0x18] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_0000bbd1: ; not directly referenced +loc_0000bc3f: ; not directly referenced mov ebx, 0x8000000e -loc_0000bbd6: ; not directly referenced +loc_0000bc44: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -19155,7 +19198,7 @@ pop edi pop ebp ret -fcn_0000bbe0: ; not directly referenced +fcn_0000bc4e: ; not directly referenced push ebp mov ebp, esp push edi @@ -19172,45 +19215,45 @@ push edi push esi push ebx mov dword [ebp - 0x34], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x2c], eax add eax, 0x5a mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, 0x8000000e test al, 0x40 -je loc_0000bcc0 ; je 0xbcc0 +je loc_0000bd2e ; je 0xbd2e push 0x10 push edi push esi push ebx -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x10 test al, al -jne short loc_0000bc66 ; jne 0xbc66 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0000bcd4 ; jne 0xbcd4 +call fcn_00015480 ; call 0x15480 mov edx, 0x80000003 test al, al -je short loc_0000bcc0 ; je 0xbcc0 +je short loc_0000bd2e ; je 0xbd2e push ecx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x81d -push ref_00022076 ; push 0x22076 +push ref_00022106 ; push 0x22106 mov dword [ebp - 0x2c], edx -call fcn_000153fc ; call 0x153fc +call fcn_0001548c ; call 0x1548c add esp, 0x10 mov edx, dword [ebp - 0x2c] -jmp short loc_0000bcc0 ; jmp 0xbcc0 +jmp short loc_0000bd2e ; jmp 0xbd2e -loc_0000bc66: ; not directly referenced +loc_0000bcd4: ; not directly referenced movzx eax, al sub esp, 0xc add eax, dword [ebp - 0x2c] mov dword [ebp - 0x2c], eax add eax, 4 push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 and eax, 7 mov word [ebp - 0x1a], ax pop eax @@ -19224,7 +19267,7 @@ push eax push edi push esi push ebx -call fcn_0000b905 ; call 0xb905 +call fcn_0000b973 ; call 0xb973 mov cx, word [ebp - 0x1a] add esp, 0x1c shl ecx, 5 @@ -19235,11 +19278,11 @@ push ecx push 0xff1f add eax, 8 push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 mov edx, ebx -loc_0000bcc0: ; not directly referenced +loc_0000bd2e: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -19248,100 +19291,100 @@ pop edi pop ebp ret -fcn_0000bcca: ; not directly referenced +fcn_0000bd38: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000bcec ; je 0xbcec +je short loc_0000bd5a ; je 0xbd5a push ebx push ebx -push ref_00022203 ; push 0x22203 +push ref_00022293 ; push 0x22293 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000bcec: ; not directly referenced +loc_0000bd5a: ; not directly referenced push ecx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov ebx, eax and ebx, 0xffffc000 cmp dword [ebp + 8], 1 -je short loc_0000bd53 ; je 0xbd53 -jb short loc_0000bd22 ; jb 0xbd22 +je short loc_0000bdc1 ; je 0xbdc1 +jb short loc_0000bd90 ; jb 0xbd90 cmp dword [ebp + 8], 2 -jne short loc_0000bd88 ; jne 0xbd88 +jne short loc_0000bdf6 ; jne 0xbdf6 push edx push edx -jmp short loc_0000bd77 ; jmp 0xbd77 +jmp short loc_0000bde5 ; jmp 0xbde5 -loc_0000bd22: ; not directly referenced +loc_0000bd90: ; not directly referenced sub esp, 0xc lea eax, [ebx + 0x38f4] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_0000bd3f ; jne 0xbd3f +jne short loc_0000bdad ; jne 0xbdad mov word [esi], 0 -jmp short loc_0000bda2 ; jmp 0xbda2 +jmp short loc_0000be10 ; jmp 0xbe10 -loc_0000bd3f: ; not directly referenced +loc_0000bdad: ; not directly referenced sub esp, 0xc add ebx, 0x38f8 push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [esi], ax -jmp short loc_0000bd85 ; jmp 0xbd85 +jmp short loc_0000bdf3 ; jmp 0xbdf3 -loc_0000bd53: ; not directly referenced +loc_0000bdc1: ; not directly referenced push ecx push ecx movzx eax, word [esi] push eax lea eax, [ebx + 0x38f8] push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop esi pop eax lea eax, [ebx + 0x38f4] push 1 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop eax pop edx -loc_0000bd77: ; not directly referenced +loc_0000bde5: ; not directly referenced push 1 add ebx, 0x38f0 push ebx -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 -loc_0000bd85: ; not directly referenced +loc_0000bdf3: ; not directly referenced add esp, 0x10 -loc_0000bd88: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000bdf6: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000bda2 ; je 0xbda2 +je short loc_0000be10 ; je 0xbe10 push eax push eax -push ref_0002221d ; push 0x2221d +push ref_000222ad ; push 0x222ad push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000bda2: ; not directly referenced +loc_0000be10: ; not directly referenced lea esp, [ebp - 8] xor eax, eax pop ebx @@ -19349,7 +19392,7 @@ pop esi pop ebp ret -fcn_0000bdab: ; not directly referenced +fcn_0000be19: ; not directly referenced push ebp mov ebp, esp push ebx @@ -19358,258 +19401,258 @@ mov eax, dword [ebp + 8] push dword [ebp + 0xc] lea ebx, [eax + 0x3418] push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 mov dword [ebp + 8], ebx mov ebx, dword [ebp - 4] leave -jmp near fcn_00017d8a ; jmp 0x17d8a +jmp near fcn_00017e4e ; jmp 0x17e4e -fcn_0000bdd3: ; not directly referenced +fcn_0000be41: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x1c -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000bdf9 ; je 0xbdf9 +je short loc_0000be67 ; je 0xbe67 push eax push eax -push ref_00022235 ; push 0x22235 +push ref_000222c5 ; push 0x222c5 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000bdf9: ; not directly referenced +loc_0000be67: ; not directly referenced lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_0002906c ; push 0x2906c -call fcn_00019699 ; call 0x19699 +push ref_0002911c ; push 0x2911c +call fcn_0001975d ; call 0x1975d add esp, 0x10 test eax, eax -jne short loc_0000be7c ; jne 0xbe7c +jne short loc_0000beea ; jne 0xbeea mov edx, dword [ebp - 0x1c] xor ebx, ebx xor esi, esi -loc_0000be19: ; not directly referenced +loc_0000be87: ; not directly referenced lea eax, [ebx + 0x18] cmp word [edx + eax - 0x16], 0 -je short loc_0000be29 ; je 0xbe29 +je short loc_0000be97 ; je 0xbe97 inc esi mov ebx, eax -jmp short loc_0000be19 ; jmp 0xbe19 +jmp short loc_0000be87 ; jmp 0xbe87 -loc_0000be29: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000be97: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000be43 ; je 0xbe43 +je short loc_0000beb1 ; je 0xbeb1 push eax push esi -push ref_00022253 ; push 0x22253 +push ref_000222e3 ; push 0x222e3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000be43: ; not directly referenced +loc_0000beb1: ; not directly referenced push eax push ebx push dword [ebp - 0x1c] -push ref_00028f48 ; push 0x28f48 -call fcn_000192a8 ; call 0x192a8 +push ref_00028ff8 ; push 0x28ff8 +call fcn_0001936c ; call 0x1936c mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000be7c ; je 0xbe7c +je short loc_0000beea ; je 0xbeea test ebx, ebx -jne short loc_0000be7c ; jne 0xbe7c +jne short loc_0000beea ; jne 0xbeea push eax -push ref_00022284 ; push 0x22284 +push ref_00022314 ; push 0x22314 push 0x8f5 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000be7c: ; not directly referenced +loc_0000beea: ; not directly referenced xor ebx, ebx -loc_0000be7e: ; not directly referenced +loc_0000beec: ; not directly referenced lea eax, [ebp - 0x20] push eax push 0 push ebx -push ref_0002912c ; push 0x2912c -call fcn_00019699 ; call 0x19699 +push ref_000291dc ; push 0x291dc +call fcn_0001975d ; call 0x1975d add esp, 0x10 test eax, eax -je short loc_0000bec8 ; je 0xbec8 -call fcn_000153f0 ; call 0x153f0 +je short loc_0000bf36 ; je 0xbf36 +call fcn_00015480 ; call 0x15480 test al, al -je loc_0000c033 ; je 0xc033 +je loc_0000c0a1 ; je 0xc0a1 test ebx, ebx -jne loc_0000c033 ; jne 0xc033 +jne loc_0000c0a1 ; jne 0xc0a1 push eax -push ref_000222ba ; push 0x222ba +push ref_0002234a ; push 0x2234a push 0x908 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp near loc_0000c033 ; jmp 0xc033 +jmp near loc_0000c0a1 ; jmp 0xc0a1 -loc_0000bec8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000bf36: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000bee9 ; je 0xbee9 +je short loc_0000bf57 ; je 0xbf57 mov eax, dword [ebp - 0x20] push edi movzx eax, byte [eax + 1] push eax -push ref_000222c5 ; push 0x222c5 +push ref_00022355 ; push 0x22355 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000bee9: ; not directly referenced +loc_0000bf57: ; not directly referenced push esi push 0x5ac push dword [ebp - 0x20] -push ref_00028f58 ; push 0x28f58 -call fcn_000192a8 ; call 0x192a8 +push ref_00029008 ; push 0x29008 +call fcn_0001936c ; call 0x1936c mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000bf26 ; je 0xbf26 +je short loc_0000bf94 ; je 0xbf94 test esi, esi -jne short loc_0000bf26 ; jne 0xbf26 +jne short loc_0000bf94 ; jne 0xbf94 push ecx -push ref_00022284 ; push 0x22284 +push ref_00022314 ; push 0x22314 push 0x90e -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000bf26: ; not directly referenced +loc_0000bf94: ; not directly referenced push eax mov eax, dword [ebp - 0x20] push 0 push 0x1f movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax and esi, 0xffffc000 lea eax, [esi + 0x3418] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebp - 0x24], eax pop eax pop edx lea eax, [ebp - 0x24] push eax push dword [ebp - 0x20] -call fcn_000121ef ; call 0x121ef +call fcn_0001227f ; call 0x1227f mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000bfb3 ; je 0xbfb3 +je short loc_0000c021 ; je 0xc021 test edi, edi -jns short loc_0000bfb3 ; jns 0xbfb3 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c021 ; jns 0xc021 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000bf9b ; je 0xbf9b +je short loc_0000c009 ; je 0xc009 push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000bf9b: ; not directly referenced +loc_0000c009: ; not directly referenced push edi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x91d -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000bfb3: ; not directly referenced +loc_0000c021: ; not directly referenced mov eax, dword [ebp - 0x20] cmp byte [eax + 0x370], 0 -je short loc_0000c00b ; je 0xc00b +je short loc_0000c079 ; je 0xc079 push edx push edx push 0 push eax -call fcn_00012d98 ; call 0x12d98 +call fcn_00012e28 ; call 0x12e28 pop ecx push dword [ebp - 0x20] -call fcn_00012e22 ; call 0x12e22 +call fcn_00012eb2 ; call 0x12eb2 add esp, 0x10 test eax, eax -jns short loc_0000c01f ; jns 0xc01f +jns short loc_0000c08d ; jns 0xc08d mov eax, dword [ebp - 0x20] cmp byte [eax + 0x370], 2 -jne short loc_0000c01f ; jne 0xc01f -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000c08d ; jne 0xc08d +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000bfff ; je 0xbfff +je short loc_0000c06d ; je 0xc06d push eax push eax -push ref_000222fa ; push 0x222fa +push ref_0002238a ; push 0x2238a push 2 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000bfff: ; not directly referenced +loc_0000c06d: ; not directly referenced push edi push edi push 0xc0 push dword [ebp - 0x20] -jmp short loc_0000c013 ; jmp 0xc013 +jmp short loc_0000c081 ; jmp 0xc081 -loc_0000c00b: ; not directly referenced +loc_0000c079: ; not directly referenced push ecx push ecx push 0xc0 push eax -loc_0000c013: ; not directly referenced -call fcn_00012d98 ; call 0x12d98 +loc_0000c081: ; not directly referenced +call fcn_00012e28 ; call 0x12e28 add esp, 0x10 or dword [ebp - 0x24], 0x10 -loc_0000c01f: ; not directly referenced +loc_0000c08d: ; not directly referenced push edx inc ebx push edx push dword [ebp - 0x24] push esi -call fcn_0000bdab ; call 0xbdab +call fcn_0000be19 ; call 0xbe19 add esp, 0x10 -jmp near loc_0000be7e ; jmp 0xbe7e +jmp near loc_0000beec ; jmp 0xbeec -loc_0000c033: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000c0a1: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c050 ; je 0xc050 +je short loc_0000c0be ; je 0xc0be push eax push eax -push ref_0002232e ; push 0x2232e +push ref_000223be ; push 0x223be push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c050: ; not directly referenced +loc_0000c0be: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -19618,7 +19661,7 @@ pop edi pop ebp ret -fcn_0000c05a: +fcn_0000c0c8: push ebp mov ebp, esp push edi @@ -19627,25 +19670,25 @@ push ebx sub esp, 0x2c mov eax, dword [ebp + 0x18] mov dword [ebp - 0x28], eax -call fcn_0001bb39 ; call 0x1bb39 +call fcn_0001bbfd ; call 0x1bbfd sub esp, 0xc mov edi, eax mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x10] add eax, 0x410 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x19], al mov eax, edi dec eax mov dword [ebp - 0x24], eax cmp eax, 0xf -ja short loc_0000c0ba ; ja 0xc0ba +ja short loc_0000c128 ; ja 0xc128 mov cl, byte [ebp - 0x24] mov eax, 1 xor esi, esi -mov edx, ref_0002788c ; mov edx, 0x2788c +mov edx, ref_0002793c ; mov edx, 0x2793c shl eax, cl and eax, 0x8007 cmovne esi, edx @@ -19653,95 +19696,95 @@ cmp eax, 1 sbb ebx, ebx not ebx and ebx, 0x49 -jmp short loc_0000c0be ; jmp 0xc0be +jmp short loc_0000c12c ; jmp 0xc12c -loc_0000c0ba: +loc_0000c128: xor esi, esi xor ebx, ebx -loc_0000c0be: +loc_0000c12c: add esi, 8 mov word [ebp - 0x2c], 0 -loc_0000c0c7: +loc_0000c135: cmp word [ebp - 0x2c], bx -je short loc_0000c12d ; je 0xc12d +je short loc_0000c19b ; je 0xc19b push dword [esi] push dword [esi - 4] push dword [esi - 8] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c124 ; je 0xc124 +je short loc_0000c192 ; je 0xc192 test edi, edi -jns short loc_0000c124 ; jns 0xc124 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c192 ; jns 0xc192 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c10c ; je 0xc10c +je short loc_0000c17a ; je 0xc17a push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c10c: +loc_0000c17a: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x147 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c124: +loc_0000c192: inc word [ebp - 0x2c] add esi, 0xc -jmp short loc_0000c0c7 ; jmp 0xc0c7 +jmp short loc_0000c135 ; jmp 0xc135 -loc_0000c12d: +loc_0000c19b: mov eax, dword [ebp - 0x20] cmp eax, 0x22 -ja short loc_0000c14b ; ja 0xc14b +ja short loc_0000c1b9 ; ja 0xc1b9 cmp eax, 0x20 -jae short loc_0000c158 ; jae 0xc158 +jae short loc_0000c1c6 ; jae 0xc1c6 cmp eax, 1 -jb short loc_0000c170 ; jb 0xc170 +jb short loc_0000c1de ; jb 0xc1de cmp eax, 3 -jbe short loc_0000c164 ; jbe 0xc164 +jbe short loc_0000c1d2 ; jbe 0xc1d2 cmp eax, 0x10 -je short loc_0000c164 ; je 0xc164 -jmp short loc_0000c170 ; jmp 0xc170 +je short loc_0000c1d2 ; je 0xc1d2 +jmp short loc_0000c1de ; jmp 0xc1de -loc_0000c14b: +loc_0000c1b9: mov eax, dword [ebp - 0x20] sub eax, 0x41 cmp eax, 2 -jbe short loc_0000c176 ; jbe 0xc176 -jmp short loc_0000c170 ; jmp 0xc170 +jbe short loc_0000c1e4 ; jbe 0xc1e4 +jmp short loc_0000c1de ; jmp 0xc1de -loc_0000c158: -mov edx, ref_00028064 ; mov edx, 0x28064 +loc_0000c1c6: +mov edx, ref_00028114 ; mov edx, 0x28114 mov eax, 0x49 -jmp short loc_0000c180 ; jmp 0xc180 +jmp short loc_0000c1ee ; jmp 0xc1ee -loc_0000c164: -mov edx, ref_00027bf8 ; mov edx, 0x27bf8 +loc_0000c1d2: +mov edx, ref_00027ca8 ; mov edx, 0x27ca8 mov eax, 0x24 -jmp short loc_0000c180 ; jmp 0xc180 +jmp short loc_0000c1ee ; jmp 0xc1ee -loc_0000c170: +loc_0000c1de: xor edx, edx xor eax, eax -jmp short loc_0000c180 ; jmp 0xc180 +jmp short loc_0000c1ee ; jmp 0xc1ee -loc_0000c176: -mov edx, ref_000287e8 ; mov edx, 0x287e8 +loc_0000c1e4: +mov edx, ref_00028898 ; mov edx, 0x28898 mov eax, 0x4d -loc_0000c180: +loc_0000c1ee: imul eax, eax, 0xc mov esi, edx add eax, edx @@ -19752,118 +19795,118 @@ and eax, 0x10 and ebx, 0x20 mov byte [ebp - 0x2c], al -loc_0000c198: +loc_0000c206: cmp esi, dword [ebp - 0x30] -je loc_0000c25c ; je 0xc25c +je loc_0000c2ca ; je 0xc2ca cmp dword [ebp + 0xc], 2 -jne short loc_0000c1d8 ; jne 0xc1d8 +jne short loc_0000c246 ; jne 0xc246 mov eax, dword [esi] and eax, 0xfe00 cmp eax, 0x2000 -je short loc_0000c1ec ; je 0xc1ec +je short loc_0000c25a ; je 0xc25a cmp eax, 0x2200 -je short loc_0000c1f9 ; je 0xc1f9 +je short loc_0000c267 ; je 0xc267 cmp eax, 0x2400 -jne short loc_0000c1c9 ; jne 0xc1c9 +jne short loc_0000c237 ; jne 0xc237 test byte [ebp - 0x19], 0x40 -jmp short loc_0000c1fb ; jmp 0xc1fb +jmp short loc_0000c269 ; jmp 0xc269 -loc_0000c1c9: +loc_0000c237: cmp eax, 0x2600 -jne short loc_0000c1fd ; jne 0xc1fd +jne short loc_0000c26b ; jne 0xc26b cmp byte [ebp - 0x19], 0 -jns short loc_0000c1fd ; jns 0xc1fd -jmp short loc_0000c254 ; jmp 0xc254 +jns short loc_0000c26b ; jns 0xc26b +jmp short loc_0000c2c2 ; jmp 0xc2c2 -loc_0000c1d8: +loc_0000c246: cmp dword [ebp + 0xc], 1 -jne short loc_0000c1fd ; jne 0xc1fd +jne short loc_0000c26b ; jne 0xc26b mov eax, dword [esi] and eax, 0xfe00 cmp eax, 0x2000 -jne short loc_0000c1f2 ; jne 0xc1f2 +jne short loc_0000c260 ; jne 0xc260 -loc_0000c1ec: +loc_0000c25a: cmp byte [ebp - 0x2c], 0 -jmp short loc_0000c1fb ; jmp 0xc1fb +jmp short loc_0000c269 ; jmp 0xc269 -loc_0000c1f2: +loc_0000c260: cmp eax, 0x2200 -jne short loc_0000c1fd ; jne 0xc1fd +jne short loc_0000c26b ; jne 0xc26b -loc_0000c1f9: +loc_0000c267: test bl, bl -loc_0000c1fb: -jne short loc_0000c254 ; jne 0xc254 +loc_0000c269: +jne short loc_0000c2c2 ; jne 0xc2c2 -loc_0000c1fd: +loc_0000c26b: push dword [esi + 8] push dword [esi + 4] push dword [esi] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c254 ; je 0xc254 +je short loc_0000c2c2 ; je 0xc2c2 test edi, edi -jns short loc_0000c254 ; jns 0xc254 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c2c2 ; jns 0xc2c2 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c23c ; je 0xc23c +je short loc_0000c2aa ; je 0xc2aa push edx push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c23c: +loc_0000c2aa: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x178 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c254: +loc_0000c2c2: add esi, 0xc -jmp near loc_0000c198 ; jmp 0xc198 +jmp near loc_0000c206 ; jmp 0xc206 -loc_0000c25c: +loc_0000c2ca: mov ecx, dword [ebp - 0x28] mov eax, ecx and eax, 0xfffffffb cmp ax, 0x8c4b -je short loc_0000c2a4 ; je 0xc2a4 +je short loc_0000c312 ; je 0xc312 mov eax, ecx and eax, 0xfffffff7 cmp ax, 0x8c41 -je short loc_0000c2a4 ; je 0xc2a4 +je short loc_0000c312 ; je 0xc312 mov eax, ecx add ax, 0x63bf cmp ax, 6 -jbe short loc_0000c2a4 ; jbe 0xc2a4 +jbe short loc_0000c312 ; jbe 0xc312 cmp word [ebp - 0x28], 0x8cc5 -je short loc_0000c2a4 ; je 0xc2a4 +je short loc_0000c312 ; je 0xc312 mov eax, ecx and eax, 0xfffffffd cmp ax, 0x8cc1 -je short loc_0000c2a4 ; je 0xc2a4 +je short loc_0000c312 ; je 0xc312 mov eax, ecx add ax, 0x633f cmp ax, 0xa -ja loc_0000c471 ; ja 0xc471 +ja loc_0000c4df ; ja 0xc4df -loc_0000c2a4: +loc_0000c312: cmp dword [ebp - 0x24], 0xf -ja short loc_0000c2cf ; ja 0xc2cf +ja short loc_0000c33d ; ja 0xc33d mov cl, byte [ebp - 0x24] mov eax, 1 xor esi, esi -mov edx, ref_00027544 ; mov edx, 0x27544 +mov edx, ref_000275f4 ; mov edx, 0x275f4 shl eax, cl and eax, 0x8007 cmovne esi, edx @@ -19871,95 +19914,95 @@ cmp eax, 1 sbb ebx, ebx not ebx and ebx, 4 -jmp short loc_0000c2d3 ; jmp 0xc2d3 +jmp short loc_0000c341 ; jmp 0xc341 -loc_0000c2cf: +loc_0000c33d: xor esi, esi xor ebx, ebx -loc_0000c2d3: +loc_0000c341: add esi, 8 mov word [ebp - 0x28], 0 -loc_0000c2dc: +loc_0000c34a: cmp word [ebp - 0x28], bx -je short loc_0000c342 ; je 0xc342 +je short loc_0000c3b0 ; je 0xc3b0 push dword [esi] push dword [esi - 4] push dword [esi - 8] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c339 ; je 0xc339 +je short loc_0000c3a7 ; je 0xc3a7 test edi, edi -jns short loc_0000c339 ; jns 0xc339 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c3a7 ; jns 0xc3a7 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c321 ; je 0xc321 +je short loc_0000c38f ; je 0xc38f push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c321: +loc_0000c38f: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x19b -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c339: +loc_0000c3a7: inc word [ebp - 0x28] add esi, 0xc -jmp short loc_0000c2dc ; jmp 0xc2dc +jmp short loc_0000c34a ; jmp 0xc34a -loc_0000c342: +loc_0000c3b0: mov eax, dword [ebp - 0x20] cmp eax, 0x22 -ja short loc_0000c360 ; ja 0xc360 +ja short loc_0000c3ce ; ja 0xc3ce cmp eax, 0x20 -jae short loc_0000c36d ; jae 0xc36d +jae short loc_0000c3db ; jae 0xc3db cmp eax, 1 -jb short loc_0000c385 ; jb 0xc385 +jb short loc_0000c3f3 ; jb 0xc3f3 cmp eax, 3 -jbe short loc_0000c379 ; jbe 0xc379 +jbe short loc_0000c3e7 ; jbe 0xc3e7 cmp eax, 0x10 -je short loc_0000c379 ; je 0xc379 -jmp short loc_0000c385 ; jmp 0xc385 +je short loc_0000c3e7 ; je 0xc3e7 +jmp short loc_0000c3f3 ; jmp 0xc3f3 -loc_0000c360: +loc_0000c3ce: mov eax, dword [ebp - 0x20] sub eax, 0x41 cmp eax, 2 -jbe short loc_0000c38b ; jbe 0xc38b -jmp short loc_0000c385 ; jmp 0xc385 +jbe short loc_0000c3f9 ; jbe 0xc3f9 +jmp short loc_0000c3f3 ; jmp 0xc3f3 -loc_0000c36d: -mov edx, ref_00027fec ; mov edx, 0x27fec +loc_0000c3db: +mov edx, ref_0002809c ; mov edx, 0x2809c mov eax, 4 -jmp short loc_0000c395 ; jmp 0xc395 +jmp short loc_0000c403 ; jmp 0xc403 -loc_0000c379: -mov edx, ref_00027574 ; mov edx, 0x27574 +loc_0000c3e7: +mov edx, ref_00027624 ; mov edx, 0x27624 mov eax, 2 -jmp short loc_0000c395 ; jmp 0xc395 +jmp short loc_0000c403 ; jmp 0xc403 -loc_0000c385: +loc_0000c3f3: xor edx, edx xor eax, eax -jmp short loc_0000c395 ; jmp 0xc395 +jmp short loc_0000c403 ; jmp 0xc403 -loc_0000c38b: -mov edx, ref_000287e8 ; mov edx, 0x287e8 +loc_0000c3f9: +mov edx, ref_00028898 ; mov edx, 0x28898 mov eax, 0x4d -loc_0000c395: +loc_0000c403: imul eax, eax, 0xc mov esi, edx add eax, edx @@ -19970,93 +20013,93 @@ and eax, 0x10 and ebx, 0x20 mov byte [ebp - 0x28], al -loc_0000c3ad: +loc_0000c41b: cmp esi, dword [ebp - 0x2c] -je loc_0000c4fb ; je 0xc4fb +je loc_0000c569 ; je 0xc569 cmp dword [ebp + 0xc], 2 -jne short loc_0000c3ed ; jne 0xc3ed +jne short loc_0000c45b ; jne 0xc45b mov eax, dword [esi] and eax, 0xfe00 cmp eax, 0x2000 -je short loc_0000c401 ; je 0xc401 +je short loc_0000c46f ; je 0xc46f cmp eax, 0x2200 -je short loc_0000c40e ; je 0xc40e +je short loc_0000c47c ; je 0xc47c cmp eax, 0x2400 -jne short loc_0000c3de ; jne 0xc3de +jne short loc_0000c44c ; jne 0xc44c test byte [ebp - 0x19], 0x40 -jmp short loc_0000c410 ; jmp 0xc410 +jmp short loc_0000c47e ; jmp 0xc47e -loc_0000c3de: +loc_0000c44c: cmp eax, 0x2600 -jne short loc_0000c412 ; jne 0xc412 +jne short loc_0000c480 ; jne 0xc480 cmp byte [ebp - 0x19], 0 -jns short loc_0000c412 ; jns 0xc412 -jmp short loc_0000c469 ; jmp 0xc469 +jns short loc_0000c480 ; jns 0xc480 +jmp short loc_0000c4d7 ; jmp 0xc4d7 -loc_0000c3ed: +loc_0000c45b: cmp dword [ebp + 0xc], 1 -jne short loc_0000c412 ; jne 0xc412 +jne short loc_0000c480 ; jne 0xc480 mov eax, dword [esi] and eax, 0xfe00 cmp eax, 0x2000 -jne short loc_0000c407 ; jne 0xc407 +jne short loc_0000c475 ; jne 0xc475 -loc_0000c401: +loc_0000c46f: cmp byte [ebp - 0x28], 0 -jmp short loc_0000c410 ; jmp 0xc410 +jmp short loc_0000c47e ; jmp 0xc47e -loc_0000c407: +loc_0000c475: cmp eax, 0x2200 -jne short loc_0000c412 ; jne 0xc412 +jne short loc_0000c480 ; jne 0xc480 -loc_0000c40e: +loc_0000c47c: test bl, bl -loc_0000c410: -jne short loc_0000c469 ; jne 0xc469 +loc_0000c47e: +jne short loc_0000c4d7 ; jne 0xc4d7 -loc_0000c412: +loc_0000c480: push dword [esi + 8] push dword [esi + 4] push dword [esi] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c469 ; je 0xc469 +je short loc_0000c4d7 ; je 0xc4d7 test edi, edi -jns short loc_0000c469 ; jns 0xc469 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c4d7 ; jns 0xc4d7 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c451 ; je 0xc451 +je short loc_0000c4bf ; je 0xc4bf push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c451: +loc_0000c4bf: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x1cc -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c469: +loc_0000c4d7: add esi, 0xc -jmp near loc_0000c3ad ; jmp 0xc3ad +jmp near loc_0000c41b ; jmp 0xc41b -loc_0000c471: +loc_0000c4df: cmp dword [ebp - 0x24], 0xf -ja loc_0000c52d ; ja 0xc52d +ja loc_0000c59b ; ja 0xc59b mov cl, byte [ebp - 0x24] mov eax, 1 xor esi, esi -mov edx, ref_000274fc ; mov edx, 0x274fc +mov edx, ref_000275ac ; mov edx, 0x275ac shl eax, cl and eax, 0x8007 cmovne esi, edx @@ -20065,24 +20108,24 @@ sbb ebx, ebx not ebx and ebx, 4 -loc_0000c49e: +loc_0000c50c: add esi, 8 mov word [ebp - 0x28], 0 -loc_0000c4a7: +loc_0000c515: cmp word [ebp - 0x28], bx -jne loc_0000c536 ; jne 0xc536 +jne loc_0000c5a4 ; jne 0xc5a4 cmp dword [ebp - 0x20], 0x10 -je loc_0000c5a8 ; je 0xc5a8 +je loc_0000c616 ; je 0xc616 mov eax, dword [ebp - 0x20] -jbe loc_0000c599 ; jbe 0xc599 +jbe loc_0000c607 ; jbe 0xc607 sub eax, 0x20 cmp eax, 2 -ja loc_0000c59f ; ja 0xc59f -mov edx, ref_00027fbc ; mov edx, 0x27fbc +ja loc_0000c60d ; ja 0xc60d +mov edx, ref_0002806c ; mov edx, 0x2806c mov eax, 4 -loc_0000c4da: +loc_0000c548: imul eax, eax, 0xc mov esi, edx add eax, edx @@ -20093,17 +20136,17 @@ and eax, 0x10 and ebx, 0x20 mov byte [ebp - 0x28], al -loc_0000c4f2: +loc_0000c560: cmp esi, dword [ebp - 0x2c] -jne loc_0000c5b7 ; jne 0xc5b7 +jne loc_0000c625 ; jne 0xc625 -loc_0000c4fb: +loc_0000c569: cmp dword [ebp - 0x24], 0xf -ja loc_0000c672 ; ja 0xc672 +ja loc_0000c6e0 ; ja 0xc6e0 mov cl, byte [ebp - 0x24] mov eax, 1 xor edi, edi -mov edx, ref_00027394 ; mov edx, 0x27394 +mov edx, ref_00027444 ; mov edx, 0x27444 shl eax, cl and eax, 0x8007 cmovne edi, edx @@ -20111,190 +20154,190 @@ cmp eax, 1 sbb eax, eax not eax and eax, 0x14 -jmp near loc_0000c676 ; jmp 0xc676 +jmp near loc_0000c6e4 ; jmp 0xc6e4 -loc_0000c52d: +loc_0000c59b: xor esi, esi xor ebx, ebx -jmp near loc_0000c49e ; jmp 0xc49e +jmp near loc_0000c50c ; jmp 0xc50c -loc_0000c536: +loc_0000c5a4: push dword [esi] push dword [esi - 4] push dword [esi - 8] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c58d ; je 0xc58d +je short loc_0000c5fb ; je 0xc5fb test edi, edi -jns short loc_0000c58d ; jns 0xc58d -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c5fb ; jns 0xc5fb +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c575 ; je 0xc575 +je short loc_0000c5e3 ; je 0xc5e3 push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c575: +loc_0000c5e3: push edi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x1e8 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c58d: +loc_0000c5fb: inc word [ebp - 0x28] add esi, 0xc -jmp near loc_0000c4a7 ; jmp 0xc4a7 +jmp near loc_0000c515 ; jmp 0xc515 -loc_0000c599: +loc_0000c607: dec eax cmp eax, 2 -jbe short loc_0000c5a8 ; jbe 0xc5a8 +jbe short loc_0000c616 ; jbe 0xc616 -loc_0000c59f: +loc_0000c60d: xor edx, edx xor eax, eax -jmp near loc_0000c4da ; jmp 0xc4da +jmp near loc_0000c548 ; jmp 0xc548 -loc_0000c5a8: -mov edx, ref_0002752c ; mov edx, 0x2752c +loc_0000c616: +mov edx, ref_000275dc ; mov edx, 0x275dc mov eax, 2 -jmp near loc_0000c4da ; jmp 0xc4da +jmp near loc_0000c548 ; jmp 0xc548 -loc_0000c5b7: +loc_0000c625: cmp dword [ebp + 0xc], 2 -jne short loc_0000c5ee ; jne 0xc5ee +jne short loc_0000c65c ; jne 0xc65c mov eax, dword [esi] and eax, 0xfe00 cmp eax, 0x2000 -je short loc_0000c602 ; je 0xc602 +je short loc_0000c670 ; je 0xc670 cmp eax, 0x2200 -je short loc_0000c60f ; je 0xc60f +je short loc_0000c67d ; je 0xc67d cmp eax, 0x2400 -jne short loc_0000c5df ; jne 0xc5df +jne short loc_0000c64d ; jne 0xc64d test byte [ebp - 0x19], 0x40 -jmp short loc_0000c611 ; jmp 0xc611 +jmp short loc_0000c67f ; jmp 0xc67f -loc_0000c5df: +loc_0000c64d: cmp eax, 0x2600 -jne short loc_0000c613 ; jne 0xc613 +jne short loc_0000c681 ; jne 0xc681 cmp byte [ebp - 0x19], 0 -jns short loc_0000c613 ; jns 0xc613 -jmp short loc_0000c66a ; jmp 0xc66a +jns short loc_0000c681 ; jns 0xc681 +jmp short loc_0000c6d8 ; jmp 0xc6d8 -loc_0000c5ee: +loc_0000c65c: cmp dword [ebp + 0xc], 1 -jne short loc_0000c613 ; jne 0xc613 +jne short loc_0000c681 ; jne 0xc681 mov eax, dword [esi] and eax, 0xfe00 cmp eax, 0x2000 -jne short loc_0000c608 ; jne 0xc608 +jne short loc_0000c676 ; jne 0xc676 -loc_0000c602: +loc_0000c670: cmp byte [ebp - 0x28], 0 -jmp short loc_0000c611 ; jmp 0xc611 +jmp short loc_0000c67f ; jmp 0xc67f -loc_0000c608: +loc_0000c676: cmp eax, 0x2200 -jne short loc_0000c613 ; jne 0xc613 +jne short loc_0000c681 ; jne 0xc681 -loc_0000c60f: +loc_0000c67d: test bl, bl -loc_0000c611: -jne short loc_0000c66a ; jne 0xc66a +loc_0000c67f: +jne short loc_0000c6d8 ; jne 0xc6d8 -loc_0000c613: +loc_0000c681: push dword [esi + 8] push dword [esi + 4] push dword [esi] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c66a ; je 0xc66a +je short loc_0000c6d8 ; je 0xc6d8 test edi, edi -jns short loc_0000c66a ; jns 0xc66a -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c6d8 ; jns 0xc6d8 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c652 ; je 0xc652 +je short loc_0000c6c0 ; je 0xc6c0 push ecx push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c652: +loc_0000c6c0: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x213 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c66a: +loc_0000c6d8: add esi, 0xc -jmp near loc_0000c4f2 ; jmp 0xc4f2 +jmp near loc_0000c560 ; jmp 0xc560 -loc_0000c672: +loc_0000c6e0: xor edi, edi xor eax, eax -loc_0000c676: +loc_0000c6e4: movzx eax, ax imul eax, eax, 0xc mov word [ebp - 0x24], 0 lea eax, [edi + eax + 8] mov dword [ebp - 0x30], eax -loc_0000c689: -call fcn_0001c11d ; call 0x1c11d +loc_0000c6f7: +call fcn_0001c1e1 ; call 0x1c1e1 mov edx, dword [ebp - 0x24] movzx eax, al cmp dx, ax -jae loc_0000c75c ; jae 0xc75c +jae loc_0000c7ca ; jae 0xc7ca movzx eax, dx xor esi, esi imul eax, eax, 0x12 add eax, dword [ebp + 8] mov dword [ebp - 0x28], eax -loc_0000c6ab: +loc_0000c719: mov eax, dword [ebp - 0x28] mov word [ebp - 0x34], si cmp byte [eax + esi*2 + 0x1e4], 1 -je short loc_0000c6c8 ; je 0xc6c8 +je short loc_0000c736 ; je 0xc736 -loc_0000c6bc: +loc_0000c72a: inc esi cmp esi, 3 -jne short loc_0000c6ab ; jne 0xc6ab +jne short loc_0000c719 ; jne 0xc719 inc word [ebp - 0x24] -jmp short loc_0000c689 ; jmp 0xc689 +jmp short loc_0000c6f7 ; jmp 0xc6f7 -loc_0000c6c8: +loc_0000c736: lea ebx, [edi + 8] -loc_0000c6cb: +loc_0000c739: cmp ebx, dword [ebp - 0x30] -je short loc_0000c6bc ; je 0xc6bc +je short loc_0000c72a ; je 0xc72a mov eax, dword [ebp - 0x24] cmp word [ebx - 8], ax -jne short loc_0000c754 ; jne 0xc754 +jne short loc_0000c7c2 ; jne 0xc7c2 mov eax, dword [ebp - 0x34] cmp word [ebx - 6], ax -jne short loc_0000c754 ; jne 0xc754 +jne short loc_0000c7c2 ; jne 0xc7c2 mov eax, dword [ebp - 0x28] mov edx, dword [ebx] movzx ecx, byte [eax + esi*2 + 0x1e3] @@ -20306,76 +20349,76 @@ push eax push edx push dword [ebx - 4] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov dword [ebp - 0x2c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c754 ; je 0xc754 +je short loc_0000c7c2 ; je 0xc7c2 cmp dword [ebp - 0x2c], 0 -jns short loc_0000c754 ; jns 0xc754 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c7c2 ; jns 0xc7c2 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c73c ; je 0xc73c +je short loc_0000c7aa ; je 0xc7aa push eax push dword [ebp - 0x2c] -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c73c: +loc_0000c7aa: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x234 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c754: +loc_0000c7c2: add ebx, 0xc -jmp near loc_0000c6cb ; jmp 0xc6cb +jmp near loc_0000c739 ; jmp 0xc739 -loc_0000c75c: +loc_0000c7ca: mov eax, dword [ebp - 0x20] cmp eax, 0x22 -ja short loc_0000c77a ; ja 0xc77a +ja short loc_0000c7e8 ; ja 0xc7e8 cmp eax, 0x20 -jae short loc_0000c78c ; jae 0xc78c +jae short loc_0000c7fa ; jae 0xc7fa cmp eax, 1 -jb short loc_0000c79f ; jb 0xc79f +jb short loc_0000c80d ; jb 0xc80d cmp eax, 3 -jbe short loc_0000c793 ; jbe 0xc793 +jbe short loc_0000c801 ; jbe 0xc801 cmp eax, 0x10 -je short loc_0000c793 ; je 0xc793 -jmp short loc_0000c79f ; jmp 0xc79f +je short loc_0000c801 ; je 0xc801 +jmp short loc_0000c80d ; jmp 0xc80d -loc_0000c77a: +loc_0000c7e8: mov eax, dword [ebp - 0x20] -mov esi, ref_000286b0 ; mov esi, 0x286b0 +mov esi, ref_00028760 ; mov esi, 0x28760 sub eax, 0x41 cmp eax, 2 -jbe short loc_0000c7a5 ; jbe 0xc7a5 -jmp short loc_0000c79f ; jmp 0xc79f +jbe short loc_0000c813 ; jbe 0xc813 +jmp short loc_0000c80d ; jmp 0xc80d -loc_0000c78c: -mov esi, ref_00027ecc ; mov esi, 0x27ecc -jmp short loc_0000c7a5 ; jmp 0xc7a5 +loc_0000c7fa: +mov esi, ref_00027f7c ; mov esi, 0x27f7c +jmp short loc_0000c813 ; jmp 0xc813 -loc_0000c793: -mov esi, ref_00027484 ; mov esi, 0x27484 +loc_0000c801: +mov esi, ref_00027534 ; mov esi, 0x27534 mov eax, 0xa -jmp short loc_0000c7aa ; jmp 0xc7aa +jmp short loc_0000c818 ; jmp 0xc818 -loc_0000c79f: +loc_0000c80d: xor esi, esi xor eax, eax -jmp short loc_0000c7aa ; jmp 0xc7aa +jmp short loc_0000c818 ; jmp 0xc818 -loc_0000c7a5: +loc_0000c813: mov eax, 0x14 -loc_0000c7aa: +loc_0000c818: imul eax, eax, 0xc mov cl, byte [ebp - 0x19] mov word [ebp - 0x24], 0 @@ -20388,87 +20431,87 @@ mov al, cl and eax, 0x10 mov byte [ebp - 0x30], al -loc_0000c7cd: -call fcn_0001c11d ; call 0x1c11d +loc_0000c83b: +call fcn_0001c1e1 ; call 0x1c1e1 mov ecx, dword [ebp - 0x24] movzx eax, al cmp cx, ax -jae loc_0000c912 ; jae 0xc912 +jae loc_0000c980 ; jae 0xc980 movzx eax, cx imul eax, eax, 0x12 add eax, dword [ebp + 8] mov dword [ebp - 0x20], 0 mov dword [ebp - 0x28], eax -loc_0000c7f4: +loc_0000c862: mov eax, dword [ebp - 0x20] mov edx, dword [ebp - 0x28] mov word [ebp - 0x1c], ax cmp byte [edx + eax*2 + 0x1e4], 1 -je short loc_0000c817 ; je 0xc817 +je short loc_0000c885 ; je 0xc885 -loc_0000c808: +loc_0000c876: inc dword [ebp - 0x20] cmp dword [ebp - 0x20], 3 -jne short loc_0000c7f4 ; jne 0xc7f4 +jne short loc_0000c862 ; jne 0xc862 inc word [ebp - 0x24] -jmp short loc_0000c7cd ; jmp 0xc7cd +jmp short loc_0000c83b ; jmp 0xc83b -loc_0000c817: +loc_0000c885: lea ebx, [esi + 4] -loc_0000c81a: +loc_0000c888: cmp ebx, dword [ebp - 0x34] -je short loc_0000c808 ; je 0xc808 +je short loc_0000c876 ; je 0xc876 mov eax, dword [ebp - 0x24] cmp word [ebx - 4], ax -jne loc_0000c90a ; jne 0xc90a +jne loc_0000c978 ; jne 0xc978 mov eax, dword [ebp - 0x1c] cmp word [ebx - 2], ax -jne loc_0000c90a ; jne 0xc90a +jne loc_0000c978 ; jne 0xc978 cmp dword [ebp + 0xc], 2 -jne short loc_0000c873 ; jne 0xc873 +jne short loc_0000c8e1 ; jne 0xc8e1 mov eax, dword [ebx] and eax, 0xfe00 cmp eax, 0x2000 -je short loc_0000c887 ; je 0xc887 +je short loc_0000c8f5 ; je 0xc8f5 cmp eax, 0x2200 -je short loc_0000c894 ; je 0xc894 +je short loc_0000c902 ; je 0xc902 cmp eax, 0x2400 -jne short loc_0000c861 ; jne 0xc861 +jne short loc_0000c8cf ; jne 0xc8cf test byte [ebp - 0x19], 0x40 -jmp short loc_0000c898 ; jmp 0xc898 +jmp short loc_0000c906 ; jmp 0xc906 -loc_0000c861: +loc_0000c8cf: cmp eax, 0x2600 -jne short loc_0000c89a ; jne 0xc89a +jne short loc_0000c908 ; jne 0xc908 cmp byte [ebp - 0x19], 0 -jns short loc_0000c89a ; jns 0xc89a -jmp near loc_0000c90a ; jmp 0xc90a +jns short loc_0000c908 ; jns 0xc908 +jmp near loc_0000c978 ; jmp 0xc978 -loc_0000c873: +loc_0000c8e1: cmp dword [ebp + 0xc], 1 -jne short loc_0000c89a ; jne 0xc89a +jne short loc_0000c908 ; jne 0xc908 mov eax, dword [ebx] and eax, 0xfe00 cmp eax, 0x2000 -jne short loc_0000c88d ; jne 0xc88d +jne short loc_0000c8fb ; jne 0xc8fb -loc_0000c887: +loc_0000c8f5: cmp byte [ebp - 0x30], 0 -jmp short loc_0000c898 ; jmp 0xc898 +jmp short loc_0000c906 ; jmp 0xc906 -loc_0000c88d: +loc_0000c8fb: cmp eax, 0x2200 -jne short loc_0000c89a ; jne 0xc89a +jne short loc_0000c908 ; jne 0xc908 -loc_0000c894: +loc_0000c902: cmp byte [ebp - 0x2c], 0 -loc_0000c898: -jne short loc_0000c90a ; jne 0xc90a +loc_0000c906: +jne short loc_0000c978 ; jne 0xc978 -loc_0000c89a: +loc_0000c908: mov eax, dword [ebp - 0x28] mov ecx, dword [ebp - 0x20] movzx edi, byte [eax + ecx*2 + 0x1e3] @@ -20481,47 +20524,47 @@ push eax push ecx push dword [ebx] push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000c90a ; je 0xc90a +je short loc_0000c978 ; je 0xc978 test edi, edi -jns short loc_0000c90a ; jns 0xc90a -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000c978 ; jns 0xc978 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c8f2 ; je 0xc8f2 +je short loc_0000c960 ; je 0xc960 push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c8f2: +loc_0000c960: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x271 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000c90a: +loc_0000c978: add ebx, 0xc -jmp near loc_0000c81a ; jmp 0xc81a +jmp near loc_0000c888 ; jmp 0xc888 -loc_0000c912: +loc_0000c980: mov eax, dword [ebp + 8] xor ebx, ebx cmp byte [eax], 8 -ja short loc_0000c923 ; ja 0xc923 +ja short loc_0000c991 ; ja 0xc991 -loc_0000c91c: +loc_0000c98a: xor eax, eax -jmp near loc_0000cb86 ; jmp 0xcb86 +jmp near loc_0000cbf4 ; jmp 0xcbf4 -loc_0000c923: +loc_0000c991: mov cl, byte [ebp - 0x19] mov al, cl and eax, 0x10 @@ -20530,235 +20573,235 @@ mov al, cl shr al, 7 mov byte [ebp - 0x28], al -loc_0000c936: -call fcn_0001c11d ; call 0x1c11d +loc_0000c9a4: +call fcn_0001c1e1 ; call 0x1c1e1 movzx eax, al cmp bx, ax -jae short loc_0000c91c ; jae 0xc91c +jae short loc_0000c98a ; jae 0xc98a cmp dword [ebp + 0xc], 1 -jne short loc_0000c971 ; jne 0xc971 +jne short loc_0000c9df ; jne 0xc9df cmp bx, 4 -jne short loc_0000c955 ; jne 0xc955 +jne short loc_0000c9c3 ; jne 0xc9c3 cmp byte [ebp - 0x20], 0 -jmp short loc_0000c95f ; jmp 0xc95f +jmp short loc_0000c9cd ; jmp 0xc9cd -loc_0000c955: +loc_0000c9c3: cmp bx, 5 -jne short loc_0000c965 ; jne 0xc965 +jne short loc_0000c9d3 ; jne 0xc9d3 test byte [ebp - 0x19], 0x20 -loc_0000c95f: -jne loc_0000cb80 ; jne 0xcb80 +loc_0000c9cd: +jne loc_0000cbee ; jne 0xcbee -loc_0000c965: +loc_0000c9d3: movzx eax, bx -mov edi, dword [eax*4 + ref_00020390] ; mov edi, dword [eax*4 + 0x20390] -jmp short loc_0000c9b2 ; jmp 0xc9b2 +mov edi, dword [eax*4 + ref_00020420] ; mov edi, dword [eax*4 + 0x20420] +jmp short loc_0000ca20 ; jmp 0xca20 -loc_0000c971: +loc_0000c9df: test bx, bx -jne short loc_0000c980 ; jne 0xc980 +jne short loc_0000c9ee ; jne 0xc9ee cmp byte [ebp - 0x28], 0 -jne loc_0000cb80 ; jne 0xcb80 +jne loc_0000cbee ; jne 0xcbee -loc_0000c980: +loc_0000c9ee: cmp bx, 1 -jne short loc_0000c98c ; jne 0xc98c +jne short loc_0000c9fa ; jne 0xc9fa test byte [ebp - 0x19], 0x40 -jmp short loc_0000c9a2 ; jmp 0xc9a2 +jmp short loc_0000ca10 ; jmp 0xca10 -loc_0000c98c: +loc_0000c9fa: cmp bx, 2 -jne short loc_0000c998 ; jne 0xc998 +jne short loc_0000ca06 ; jne 0xca06 test byte [ebp - 0x19], 0x20 -jmp short loc_0000c9a2 ; jmp 0xc9a2 +jmp short loc_0000ca10 ; jmp 0xca10 -loc_0000c998: +loc_0000ca06: cmp bx, 3 -jne short loc_0000c9a8 ; jne 0xc9a8 +jne short loc_0000ca16 ; jne 0xca16 cmp byte [ebp - 0x20], 0 -loc_0000c9a2: -jne loc_0000cb80 ; jne 0xcb80 +loc_0000ca10: +jne loc_0000cbee ; jne 0xcbee -loc_0000c9a8: +loc_0000ca16: movzx eax, bx -mov edi, dword [eax*4 + ref_00020378] ; mov edi, dword [eax*4 + 0x20378] +mov edi, dword [eax*4 + ref_00020408] ; mov edi, dword [eax*4 + 0x20408] -loc_0000c9b2: +loc_0000ca20: movzx esi, bx imul eax, esi, 0x12 add eax, dword [ebp + 8] test byte [eax + 0x1ed], 1 -je short loc_0000ca32 ; je 0xca32 +je short loc_0000caa0 ; je 0xcaa0 movzx eax, byte [eax + 0x1e9] cmp al, 0x80 -jbe short loc_0000ca17 ; jbe 0xca17 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0000ca85 ; jbe 0xca85 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000c9ec ; je 0xc9ec +je short loc_0000ca5a ; je 0xca5a push eax push eax -push ref_0002234a ; push 0x2234a +push ref_000223da ; push 0x223da push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000c9ec: -call fcn_000153f0 ; call 0x153f0 +loc_0000ca5a: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000ca0d ; je 0xca0d +je short loc_0000ca7b ; je 0xca7b push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x295 -loc_0000ca00: -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +loc_0000ca6e: +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000ca0d: +loc_0000ca7b: mov eax, 0x80000002 -jmp near loc_0000cb86 ; jmp 0xcb86 +jmp near loc_0000cbf4 ; jmp 0xcbf4 -loc_0000ca17: +loc_0000ca85: shl eax, 0x10 push eax push 0xff00ffff lea eax, [edi + 0x88] push eax push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_0000ca32: +loc_0000caa0: imul eax, esi, 0x12 add eax, dword [ebp + 8] test byte [eax + 0x1ed], 2 -je short loc_0000ca9a ; je 0xca9a +je short loc_0000cb08 ; je 0xcb08 movzx eax, byte [eax + 0x1ea] cmp al, 0x80 -jbe short loc_0000ca7f ; jbe 0xca7f -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0000caed ; jbe 0xcaed +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ca69 ; je 0xca69 +je short loc_0000cad7 ; je 0xcad7 push edi push edi -push ref_00022378 ; push 0x22378 +push ref_00022408 ; push 0x22408 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ca69: -call fcn_000153f0 ; call 0x153f0 +loc_0000cad7: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000ca0d ; je 0xca0d +je short loc_0000ca7b ; je 0xca7b push esi -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x2a5 -jmp short loc_0000ca00 ; jmp 0xca00 +jmp short loc_0000ca6e ; jmp 0xca6e -loc_0000ca7f: +loc_0000caed: shl eax, 0x10 push eax push 0xff00ffff lea eax, [edi + 0x8c] push eax push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_0000ca9a: +loc_0000cb08: imul eax, esi, 0x12 add eax, dword [ebp + 8] test byte [eax + 0x1ed], 4 -je short loc_0000cafc ; je 0xcafc +je short loc_0000cb6a ; je 0xcb6a movzx eax, byte [eax + 0x1eb] lea edx, [eax - 0x39] cmp dl, 0x47 -jbe short loc_0000caf2 ; jbe 0xcaf2 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0000cb60 ; jbe 0xcb60 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000cad5 ; je 0xcad5 +je short loc_0000cb43 ; je 0xcb43 push ebx push ebx -push ref_000223a7 ; push 0x223a7 +push ref_00022437 ; push 0x22437 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000cad5: -call fcn_000153f0 ; call 0x153f0 +loc_0000cb43: +call fcn_00015480 ; call 0x15480 test al, al -je loc_0000ca0d ; je 0xca0d +je loc_0000ca7b ; je 0xca7b push ecx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x2b9 -jmp near loc_0000ca00 ; jmp 0xca00 +jmp near loc_0000ca6e ; jmp 0xca6e -loc_0000caf2: +loc_0000cb60: shl eax, 8 mov edx, 0xffff00ff -jmp short loc_0000cb01 ; jmp 0xcb01 +jmp short loc_0000cb6f ; jmp 0xcb6f -loc_0000cafc: +loc_0000cb6a: xor eax, eax or edx, 0xffffffff -loc_0000cb01: +loc_0000cb6f: imul esi, esi, 0x12 add esi, dword [ebp + 8] test byte [esi + 0x1ed], 8 -je short loc_0000cb67 ; je 0xcb67 +je short loc_0000cbd5 ; je 0xcbd5 mov cl, byte [esi + 0x1ec] lea esi, [ecx - 0x45] mov byte [ebp - 0x24], cl mov ecx, esi cmp cl, 0x3b -jbe short loc_0000cb5d ; jbe 0xcb5d -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0000cbcb ; jbe 0xcbcb +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000cb40 ; je 0xcb40 +je short loc_0000cbae ; je 0xcbae push edx push edx -push ref_000223d0 ; push 0x223d0 +push ref_00022460 ; push 0x22460 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000cb40: -call fcn_000153f0 ; call 0x153f0 +loc_0000cbae: +call fcn_00015480 ; call 0x15480 test al, al -je loc_0000ca0d ; je 0xca0d +je loc_0000ca7b ; je 0xca7b push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x2c6 -jmp near loc_0000ca00 ; jmp 0xca00 +jmp near loc_0000ca6e ; jmp 0xca6e -loc_0000cb5d: +loc_0000cbcb: movzx ecx, byte [ebp - 0x24] xor dl, dl or eax, ecx -jmp short loc_0000cb6c ; jmp 0xcb6c +jmp short loc_0000cbda ; jmp 0xcbda -loc_0000cb67: +loc_0000cbd5: cmp edx, 0xffffffff -je short loc_0000cb80 ; je 0xcb80 +je short loc_0000cbee ; je 0xcbee -loc_0000cb6c: +loc_0000cbda: push eax add edi, 0x90 push edx push edi push dword [ebp + 0x14] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_0000cb80: +loc_0000cbee: inc ebx -jmp near loc_0000c936 ; jmp 0xc936 +jmp near loc_0000c9a4 ; jmp 0xc9a4 -loc_0000cb86: +loc_0000cbf4: lea esp, [ebp - 0xc] pop ebx pop esi @@ -20766,115 +20809,115 @@ pop edi pop ebp ret -fcn_0000cb8e: +fcn_0000cbfc: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x2c -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000cbb1 ; je 0xcbb1 +je short loc_0000cc1f ; je 0xcc1f push eax push eax -push ref_000223fa ; push 0x223fa +push ref_0002248a ; push 0x2248a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000cbb1: -call fcn_0001bef7 ; call 0x1bef7 +loc_0000cc1f: +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x2c], eax push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax lea eax, [eax + 0xf0] add ebx, 2 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], ebx mov dword [ebp - 0x30], eax and dword [ebp - 0x30], 0xffffc000 -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0xc push 2 push 0x1f push 0 mov ebx, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0x1c push 0 mov esi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a lea edi, [esi + 0x92] mov dword [esp], edi mov dword [ebp - 0x34], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0xf setne byte [ebp - 0x35] cmp dword [ebp - 0x2c], 1 -jne loc_0000ce71 ; jne 0xce71 +jne loc_0000cedf ; jne 0xcedf sub esp, 0xc push edi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x30 -je short loc_0000cca6 ; je 0xcca6 +je short loc_0000cd14 ; je 0xcd14 -loc_0000cc3e: +loc_0000ccac: push eax lea eax, [ebp - 0x1c] push eax push 0xea000aac push dword [ebp - 0x30] -call fcn_00009cab ; call 0x9cab +call fcn_00009d19 ; call 0x9d19 mov eax, dword [ebp - 0x1c] add esp, 0x10 and eax, 0x30 cmp eax, 0x20 -je loc_0000ce14 ; je 0xce14 -call fcn_000153e9 ; call 0x153e9 +je loc_0000ce82 ; je 0xce82 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000cc7f ; je 0xcc7f +je short loc_0000cced ; je 0xcced push eax push eax -push ref_00022411 ; push 0x22411 +push ref_000224a1 ; push 0x224a1 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000cc7f: -call fcn_000153f0 ; call 0x153f0 +loc_0000cced: +call fcn_00015480 ; call 0x15480 test al, al -je loc_0000ce14 ; je 0xce14 +je loc_0000ce82 ; je 0xce82 push eax -push ref_00024b36 ; push 0x24b36 +push ref_00024be5 ; push 0x24be5 push 0x32e -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc -jmp near loc_0000ce11 ; jmp 0xce11 +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c +jmp near loc_0000ce7f ; jmp 0xce7f -loc_0000cca6: +loc_0000cd14: cmp byte [ebp - 0x35], 1 -je short loc_0000cc3e ; je 0xcc3e +je short loc_0000ccac ; je 0xccac push eax push 0x60 -loc_0000ccaf: +loc_0000cd1d: push 0x3f lea eax, [esi + 0x90] push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 -loc_0000ccc0: +loc_0000cd2e: push eax push 0x183 push 0xfffffe00 @@ -20882,79 +20925,79 @@ lea eax, [esi + 0x94] push eax lea esi, [esi + 0x98] mov dword [ebp - 0x1c], 0xfffffe00 -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx push 0x8000 push edi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 movzx eax, bx mov dword [esp], eax push dword [ebp - 0x30] push dword [ebp - 0x34] push dword [ebp - 0x2c] push dword [ebp + 8] -call fcn_0000c05a ; call 0xc05a +call fcn_0000c0c8 ; call 0xc0c8 mov eax, ebx add esp, 0x20 and eax, 0xfffffffd cmp ax, 0x8c44 -je loc_0000ce30 ; je 0xce30 +je loc_0000ce9e ; je 0xce9e lea eax, [ebx + 0x73b2] cmp ax, 2 -jbe loc_0000ce30 ; jbe 0xce30 +jbe loc_0000ce9e ; jbe 0xce9e cmp bx, 0x8c5c -je loc_0000ce30 ; je 0xce30 +je loc_0000ce9e ; je 0xce9e lea eax, [ebx + 0x73b7] cmp ax, 3 -jbe loc_0000ce30 ; jbe 0xce30 +jbe loc_0000ce9e ; jbe 0xce9e lea eax, [ebx + 0x73bf] cmp ax, 1 -jbe loc_0000ce30 ; jbe 0xce30 +jbe loc_0000ce9e ; jbe 0xce9e lea eax, [ebx + 0x63bf] cmp ax, 6 -jbe loc_0000ce30 ; jbe 0xce30 +jbe loc_0000ce9e ; jbe 0xce9e lea eax, [ebx + 0x733f] cmp ax, 5 -jbe loc_0000ce30 ; jbe 0xce30 +jbe loc_0000ce9e ; jbe 0xce9e add bx, 0x633f cmp bx, 0xa -jbe loc_0000ce30 ; jbe 0xce30 +jbe loc_0000ce9e ; jbe 0xce9e -loc_0000cd84: +loc_0000cdf2: push ebx push ebx push 0x80000 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 0x200 push 0xffffe27f push esi mov dword [ebp - 0x1c], 0xffffe27f -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx push 0x100000 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 0x20 push 0xffffffffffffff9f push esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop ecx pop ebx push 0x40000 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov eax, dword [ebp - 0x34] add eax, 0x410 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp dword [ebp - 0x2c], 1 -jne short loc_0000ce45 ; jne 0xce45 +jne short loc_0000ceb3 ; jne 0xceb3 mov dl, al and edx, 0x10 cmp dl, 1 @@ -20965,45 +21008,45 @@ mov cl, dl or ecx, 0x20 test al, 0x20 -loc_0000ce02: +loc_0000ce70: cmove edx, ecx -loc_0000ce05: +loc_0000ce73: push ecx movzx edx, dl push ecx push edx push edi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 -loc_0000ce11: +loc_0000ce7f: add esp, 0x10 -loc_0000ce14: -call fcn_000153e9 ; call 0x153e9 +loc_0000ce82: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ce89 ; je 0xce89 +je short loc_0000cef7 ; je 0xcef7 push eax push eax -push ref_0002245f ; push 0x2245f +push ref_000224ef ; push 0x224ef push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0000ce89 ; jmp 0xce89 +jmp short loc_0000cef7 ; jmp 0xcef7 -loc_0000ce30: +loc_0000ce9e: push eax push eax push 0x400000 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -jmp near loc_0000cd84 ; jmp 0xcd84 +jmp near loc_0000cdf2 ; jmp 0xcdf2 -loc_0000ce45: +loc_0000ceb3: xor edx, edx cmp dword [ebp - 0x2c], 2 -jne short loc_0000ce05 ; jne 0xce05 +jne short loc_0000ce73 ; jne 0xce73 mov dl, al not edx shr dl, 7 @@ -21018,18 +21061,18 @@ cmove edx, ecx mov cl, dl or ecx, 8 test al, 0x10 -jmp short loc_0000ce02 ; jmp 0xce02 +jmp short loc_0000ce70 ; jmp 0xce70 -loc_0000ce71: +loc_0000cedf: cmp byte [ebp - 0x35], 1 -je short loc_0000ce14 ; je 0xce14 +je short loc_0000ce82 ; je 0xce82 cmp dword [ebp - 0x2c], 2 -jne loc_0000ccc0 ; jne 0xccc0 +jne loc_0000cd2e ; jne 0xcd2e push ecx push 0x40 -jmp near loc_0000ccaf ; jmp 0xccaf +jmp near loc_0000cd1d ; jmp 0xcd1d -loc_0000ce89: +loc_0000cef7: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -21038,7 +21081,7 @@ pop edi pop ebp ret -fcn_0000ce93: +fcn_0000cf01: push ebp mov ebp, esp push edi @@ -21049,11 +21092,11 @@ mov ebx, dword [ebp + 8] mov eax, dword [ebx + 4] add eax, 0x3414 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov esi, eax pop eax push dword [ebx + 4] -call fcn_0001bdcc ; call 0x1bdcc +call fcn_0001be90 ; call 0x1be90 movzx edx, byte [ebx + 0x37e] add esp, 0x10 mov edi, eax @@ -21062,71 +21105,71 @@ shr al, 5 xor eax, 1 and eax, 1 cmp edx, eax -je loc_0000d0b7 ; je 0xd0b7 +je loc_0000d125 ; je 0xd125 lea eax, [ebp - 0x1c] push eax push 0 push 0 -push ref_0002908c ; push 0x2908c -call fcn_00019699 ; call 0x19699 +push ref_0002913c ; push 0x2913c +call fcn_0001975d ; call 0x1975d mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000cf30 ; je 0xcf30 +je short loc_0000cf9e ; je 0xcf9e test esi, esi -jns short loc_0000cf30 ; jns 0xcf30 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000cf9e ; jns 0xcf9e +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000cf18 ; je 0xcf18 +je short loc_0000cf86 ; je 0xcf86 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000cf18: +loc_0000cf86: push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x467 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000cf30: +loc_0000cf9e: mov eax, dword [ebx + 4] sub esp, 0xc add eax, 0x3420 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, al -jns short loc_0000cf71 ; jns 0xcf71 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000cfdf ; jns 0xcfdf +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000cf65 ; je 0xcf65 +je short loc_0000cfd3 ; je 0xcfd3 push ecx push ecx -push ref_00022474 ; push 0x22474 +push ref_00022504 ; push 0x22504 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000cf65: +loc_0000cfd3: push edx mov eax, dword [ebp - 0x1c] push edx push 4 -jmp near loc_0000d0b1 ; jmp 0xd0b1 +jmp near loc_0000d11f ; jmp 0xd11f -loc_0000cf71: +loc_0000cfdf: xor esi, esi mov eax, edi cmp byte [ebx + 0x37e], 0 -je short loc_0000cfa8 ; je 0xcfa8 +je short loc_0000d016 ; je 0xd016 dec al -jne loc_0000d04e ; jne 0xd04e +jne loc_0000d0bc ; jne 0xd0bc push eax mov esi, 1 push eax @@ -21134,46 +21177,46 @@ push 0xdf mov eax, dword [ebx + 4] add eax, 0x3414 push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d add esp, 0x10 -jmp near loc_0000d04e ; jmp 0xd04e +jmp near loc_0000d0bc ; jmp 0xd0bc -loc_0000cfa8: +loc_0000d016: dec al -jne loc_0000d039 ; jne 0xd039 +jne loc_0000d0a7 ; jne 0xd0a7 push eax push 0 push 0x19 movzx eax, byte [ebx + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a lea edi, [eax + 0x10] mov esi, eax mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebp - 0x34], eax pop eax pop edx push dword [ebx + 0x1a] push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [esi + 4] mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 pop ecx mov dword [ebp - 0x2c], esi mov word [ebp - 0x2e], ax pop eax push 2 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e and eax, 0xffff8000 lea edx, [eax + 0x5b54] mov dword [esp], edx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ecx, eax pop eax movzx eax, word [ebp - 0x2e] @@ -21182,71 +21225,71 @@ pop edx mov esi, ecx push eax push dword [ebp - 0x2c] -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop ecx mov ecx, dword [ebp - 0x34] pop eax push ecx push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_0000d039: +loc_0000d0a7: push edi push edi push 0x20 mov eax, dword [ebx + 4] add eax, 0x3414 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000d04e: +loc_0000d0bc: mov eax, dword [ebx + 4] sub esp, 0xc add eax, 0x3414 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov eax, esi add esp, 0x10 test al, al -je short loc_0000d0b7 ; je 0xd0b7 -call fcn_000153e9 ; call 0x153e9 +je short loc_0000d125 ; je 0xd125 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000d085 ; je 0xd085 +je short loc_0000d0f3 ; je 0xd0f3 push esi push esi -push ref_000224c8 ; push 0x224c8 +push ref_00022558 ; push 0x22558 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000d085: +loc_0000d0f3: mov eax, dword [ebx + 4] sub esp, 0xc add eax, 0x3428 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, 3 test al, 2 -jne short loc_0000d0ab ; jne 0xd0ab +jne short loc_0000d119 ; jne 0xd119 cmp byte [ebx + 0x11], 1 sbb edx, edx add edx, 5 -loc_0000d0ab: +loc_0000d119: mov eax, dword [ebp - 0x1c] push ecx push ecx push edx -loc_0000d0b1: +loc_0000d11f: push eax call dword [eax] ; ucall add esp, 0x10 -loc_0000d0b7: +loc_0000d125: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -21255,7 +21298,7 @@ pop edi pop ebp ret -fcn_0000d0c1: +fcn_0000d12f: push ebp mov ebp, esp push edi @@ -21267,45 +21310,45 @@ mov byte [ebp - 0x1c], 0x1d mov byte [ebp - 0x1b], 0 mov byte [ebp - 0x1a], 0x1a mov byte [ebp - 0x19], 0 -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb push edi push 0 push 0x1f push 0 mov esi, eax mov dword [ebp - 0x34], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 2 push 0x1f mov dword [ebp - 0x38], eax movzx eax, byte [ebx + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 dec esi mov dword [ebp - 0x30], 0 mov edi, eax -jne short loc_0000d128 ; jne 0xd128 +jne short loc_0000d196 ; jne 0xd196 push ecx push 5 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov dword [ebp - 0x30], eax -loc_0000d128: +loc_0000d196: push eax push 0 push 0x1c push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax mov eax, dword [ebp - 0x38] add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebp - 0x40], eax pop eax mov eax, dword [ebp - 0x38] @@ -21313,15 +21356,15 @@ pop edx add eax, 0xac push 0xffefffff push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 mov byte [ebp - 0x3c], 0 mov byte [ebp - 0x29], 0 -loc_0000d169: -call fcn_0001c0fb ; call 0x1c0fb +loc_0000d1d7: +call fcn_0001c1bf ; call 0x1c1bf cmp byte [ebp - 0x29], al -jae short loc_0000d1f0 ; jae 0xd1f0 +jae short loc_0000d25e ; jae 0xd25e movzx edx, byte [ebp - 0x29] push eax push edx @@ -21329,13 +21372,13 @@ push 0x1c movzx eax, byte [ebx + 1] mov dword [ebp - 0x48], edx push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov dword [ebp - 0x44], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_0000d1e8 ; je 0xd1e8 +je short loc_0000d256 ; je 0xd256 mov edx, dword [ebp - 0x48] mov ecx, dword [ebp - 0x44] imul edx, edx, 0x2c @@ -21348,48 +21391,48 @@ inc edx push ecx mov dword [ebp - 0x48], edx mov dword [ebp - 0x44], ecx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edx, dword [ebp - 0x48] add esp, 0x10 movzx edx, dx and eax, 0xf cmp eax, edx -je short loc_0000d1e8 ; je 0xd1e8 +je short loc_0000d256 ; je 0xd256 mov ecx, dword [ebp - 0x44] push eax push edx push 0xfff0 push ecx -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 mov byte [ebp - 0x3c], 1 -loc_0000d1e8: +loc_0000d256: inc byte [ebp - 0x29] -jmp near loc_0000d169 ; jmp 0xd169 +jmp near loc_0000d1d7 ; jmp 0xd1d7 -loc_0000d1f0: +loc_0000d25e: cmp byte [ebp - 0x3c], 0 -je short loc_0000d206 ; je 0xd206 +je short loc_0000d274 ; je 0xd274 sub esp, 0xc push 0x186a0 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 -loc_0000d206: +loc_0000d274: push eax push 0x80 push 0x9f lea eax, [esi + 0xf4] push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 mov byte [ebp - 0x29], 0 -loc_0000d224: -call fcn_0001c181 ; call 0x1c181 +loc_0000d292: +call fcn_0001c245 ; call 0x1c245 cmp byte [ebp - 0x29], al -jae short loc_0000d274 ; jae 0xd274 +jae short loc_0000d2e2 ; jae 0xd2e2 movzx eax, byte [ebp - 0x29] push ecx movzx edx, byte [ebp + eax*2 - 0x1b] @@ -21398,11 +21441,11 @@ push edx push eax movzx eax, byte [ebx + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a lea edx, [eax + 0x88] mov dword [esp], edx mov dword [ebp - 0x3c], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx mov edx, dword [ebp - 0x3c] pop ecx @@ -21410,14 +21453,14 @@ and eax, 0xfffffffb push eax push edx mov dword [ebp - 0x20], eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 inc byte [ebp - 0x29] -jmp short loc_0000d224 ; jmp 0xd224 +jmp short loc_0000d292 ; jmp 0xd292 -loc_0000d274: +loc_0000d2e2: cmp byte [ebx + 0x364], 1 -jne short loc_0000d2c3 ; jne 0xd2c3 +jne short loc_0000d331 ; jne 0xd331 push eax mov eax, dword [ebx + 0x368] shr eax, 0xc @@ -21428,168 +21471,168 @@ push 0xfffffffffffffffc mov eax, dword [ebx + 4] add eax, 0x3404 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebx + 4] add eax, 0x3404 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop eax pop edx push 1 mov eax, dword [ebx + 0x368] add eax, 0x10 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_0000d2c3: +loc_0000d331: cmp byte [ebx + 0xc], 0 mov eax, dword [ebx + 4] -jne short loc_0000d2dd ; jne 0xd2dd +jne short loc_0000d34b ; jne 0xd34b push ecx add eax, 0x3410 push ecx push 0xfffffffffffffffb push eax -call fcn_00018a7a ; call 0x18a7a -jmp short loc_0000d2ec ; jmp 0xd2ec +call fcn_00018b3e ; call 0x18b3e +jmp short loc_0000d35a ; jmp 0xd35a -loc_0000d2dd: +loc_0000d34b: push edx add eax, 0x3410 push edx push 4 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 -loc_0000d2ec: +loc_0000d35a: mov eax, dword [ebx + 4] add esp, 0x10 sub esp, 0xc add eax, 0x3410 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 cmp dword [ebp - 0x34], 1 -jne loc_0000d3d7 ; jne 0xd3d7 +jne loc_0000d445 ; jne 0xd445 cmp dword [ebx + 0x1db], 0 -jne loc_0000d3b0 ; jne 0xd3b0 +jne loc_0000d41e ; jne 0xd41e push eax add esi, 0x410 push 0x70 push 0xffffff00 lea eax, [edi + 0x34] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx lea eax, [edi + 0x70] push 0xffff00ff push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop ecx pop eax lea eax, [edi + 0x90] push 0x1f push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d mov dword [esp], esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 and eax, 0x30 cmp al, 0x30 -je short loc_0000d3b0 ; je 0xd3b0 +je short loc_0000d41e ; je 0xd41e sub esp, 0xc push esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x10 -jne short loc_0000d388 ; jne 0xd388 +jne short loc_0000d3f6 ; jne 0xd3f6 push eax push eax mov eax, dword [ebp - 0x30] push 1 add eax, 0x92 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0000d388: +loc_0000d3f6: sub esp, 0xc push esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x20 -jne loc_0000d422 ; jne 0xd422 +jne loc_0000d490 ; jne 0xd490 mov eax, dword [ebp - 0x30] push esi push esi push 2 add eax, 0x92 push eax -call fcn_0001866c ; call 0x1866c -jmp short loc_0000d41f ; jmp 0xd41f +call fcn_00018730 ; call 0x18730 +jmp short loc_0000d48d ; jmp 0xd48d -loc_0000d3b0: +loc_0000d41e: push ecx push ecx push 0x2000000 mov eax, dword [ebx + 4] add eax, 0x3418 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov eax, dword [ebx + 4] add eax, 0x3418 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a -jmp short loc_0000d41f ; jmp 0xd41f +call fcn_00017e4e ; call 0x17e4e +jmp short loc_0000d48d ; jmp 0xd48d -loc_0000d3d7: +loc_0000d445: cmp dword [ebp - 0x34], 2 -jne short loc_0000d422 ; jne 0xd422 +jne short loc_0000d490 ; jne 0xd490 cmp dword [ebx + 0x1db], 3 -jne short loc_0000d422 ; jne 0xd422 +jne short loc_0000d490 ; jne 0xd490 push eax push eax push 0x3f lea eax, [edi + 0x90] push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d pop eax pop edx lea eax, [edi + 0xa0] push 0 push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0xc push 0x8000 push 0xffff7fff lea eax, [edi + 0xa4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 -loc_0000d41f: +loc_0000d48d: add esp, 0x10 -loc_0000d422: +loc_0000d490: cmp dword [ebx + 0x1db], 2 -jne short loc_0000d453 ; jne 0xd453 +jne short loc_0000d4c1 ; jne 0xd4c1 mov eax, dword [ebp - 0x38] sub esp, 0xc add eax, 2 push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0xc push 0x80 push 0x3f lea eax, [edi + 0x90] push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 -loc_0000d453: +loc_0000d4c1: cmp dword [ebp - 0x34], 2 -jne loc_0000d551 ; jne 0xd551 +jne loc_0000d5bf ; jne 0xd5bf mov ebx, dword [ebp - 0x40] push esi lea esi, [ebp - 0x20] @@ -21597,22 +21640,22 @@ push esi push 0xed00015c and ebx, 0xffffc000 push ebx -call fcn_00009cab ; call 0x9cab +call fcn_00009d19 ; call 0x9d19 add esp, 0x10 mov edi, eax test eax, eax -jns short loc_0000d49b ; jns 0xd49b -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000d509 ; jns 0xd509 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000d4b7 ; je 0xd4b7 +je short loc_0000d525 ; je 0xd525 push ecx push edi -push ref_000224fd ; push 0x224fd +push ref_0002258d ; push 0x2258d push 0x80000000 -call fcn_000153f7 ; call 0x153f7 -jmp short loc_0000d4b4 ; jmp 0xd4b4 +call fcn_00015487 ; call 0x15487 +jmp short loc_0000d522 ; jmp 0xd522 -loc_0000d49b: +loc_0000d509: mov eax, dword [ebp - 0x20] push edx and ah, 0xf7 @@ -21621,32 +21664,32 @@ push eax push 0xed00015c push ebx mov dword [ebp - 0x20], eax -call fcn_00009c07 ; call 0x9c07 +call fcn_00009c75 ; call 0x9c75 -loc_0000d4b4: +loc_0000d522: add esp, 0x10 -loc_0000d4b7: +loc_0000d525: push edi push esi push 0xed000118 push ebx -call fcn_00009cab ; call 0x9cab +call fcn_00009d19 ; call 0x9d19 add esp, 0x10 mov edi, eax test eax, eax -jns short loc_0000d4e9 ; jns 0xd4e9 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000d557 ; jns 0xd557 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000d504 ; je 0xd504 +je short loc_0000d572 ; je 0xd572 push ecx push edi -push ref_00022520 ; push 0x22520 +push ref_000225b0 ; push 0x225b0 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 -jmp short loc_0000d501 ; jmp 0xd501 +call fcn_00015487 ; call 0x15487 +jmp short loc_0000d56f ; jmp 0xd56f -loc_0000d4e9: +loc_0000d557: mov eax, dword [ebp - 0x20] push edx or eax, 0xc00000 @@ -21654,32 +21697,32 @@ push eax push 0xed000118 push ebx mov dword [ebp - 0x20], eax -call fcn_00009c07 ; call 0x9c07 +call fcn_00009c75 ; call 0x9c75 -loc_0000d501: +loc_0000d56f: add esp, 0x10 -loc_0000d504: +loc_0000d572: push edi push esi push 0xed000120 push ebx -call fcn_00009cab ; call 0x9cab +call fcn_00009d19 ; call 0x9d19 add esp, 0x10 mov esi, eax test eax, eax -jns short loc_0000d536 ; jns 0xd536 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000d5a4 ; jns 0xd5a4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000d551 ; je 0xd551 +je short loc_0000d5bf ; je 0xd5bf push ecx push esi -push ref_00022543 ; push 0x22543 +push ref_000225d3 ; push 0x225d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 -jmp short loc_0000d54e ; jmp 0xd54e +call fcn_00015487 ; call 0x15487 +jmp short loc_0000d5bc ; jmp 0xd5bc -loc_0000d536: +loc_0000d5a4: mov eax, dword [ebp - 0x20] push edx or eax, 0x240000 @@ -21687,12 +21730,12 @@ push eax push 0xed000120 push ebx mov dword [ebp - 0x20], eax -call fcn_00009c07 ; call 0x9c07 +call fcn_00009c75 ; call 0x9c75 -loc_0000d54e: +loc_0000d5bc: add esp, 0x10 -loc_0000d551: +loc_0000d5bf: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -21701,7 +21744,7 @@ pop edi pop ebp ret -fcn_0000d55b: +fcn_0000d5c9: push ebp mov ebp, esp push edi @@ -21713,13 +21756,13 @@ push 6 push 0x1f movzx eax, byte [ebx + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0 push 0 mov edi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, dword [ebx + 0x1a] pop ecx pop eax @@ -21727,98 +21770,98 @@ mov dword [ebp - 0x1c], edi lea edi, [edi + 0x40] push esi push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax mov eax, dword [ebp - 0x1c] pop edx add eax, 0x44 push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax push 1 push edi -call fcn_00018a50 ; call 0x18a50 -call fcn_0001bef7 ; call 0x1bef7 +call fcn_00018b14 ; call 0x18b14 +call fcn_0001bfbb ; call 0x1bfbb add esp, 0x10 cmp eax, 2 lea eax, [esi + 0x10] -jne short loc_0000d5ca ; jne 0xd5ca +jne short loc_0000d638 ; jne 0xd638 push edx push edx push 0x14a -jmp short loc_0000d5d1 ; jmp 0xd5d1 +jmp short loc_0000d63f ; jmp 0xd63f -loc_0000d5ca: +loc_0000d638: push ecx push ecx push 0x154 -loc_0000d5d1: +loc_0000d63f: push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 add esp, 0x10 push eax push eax push 0xff lea eax, [esi + 6] push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 pop eax pop edx lea eax, [esi + 0x80] push 0xff push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 pop ecx pop eax lea eax, [esi + 0x84] push 0 push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 pop eax pop edx lea eax, [esi + 0x82] push 0 push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0xc push 0x403c push 0xffff8003 mov eax, dword [ebx + 4] add eax, 0x38b0 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebx + 4] add eax, 0x38b4 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test ah, 0x40 -je short loc_0000d660 ; je 0xd660 +je short loc_0000d6ce ; je 0xd6ce push eax add esi, 0xa push eax push 1 push esi -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0x10 -loc_0000d660: +loc_0000d6ce: push ecx push ecx push 0xfffffffffffffffe push edi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop esi pop eax push 0 push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 test byte [ebx + 0x426], 1 -je loc_0000d70d ; je 0xd70d +je loc_0000d77b ; je 0xd77b mov cl, byte [ebx + 0x432] mov dl, byte [ebx + 0x436] mov eax, ecx @@ -21842,7 +21885,7 @@ push 0xfff0fff mov eax, dword [ebx + 4] add eax, 0x33d4 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov al, byte [ebx + 0x432] add esp, 0xc shl eax, 8 @@ -21856,10 +21899,10 @@ push 0xfffff0ff mov eax, dword [ebx + 4] add eax, 0x33c8 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_0000d70d: +loc_0000d77b: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -21868,7 +21911,7 @@ pop edi pop ebp ret -fcn_0000d717: +fcn_0000d785: push ebp mov ebp, esp push edi @@ -21880,33 +21923,33 @@ mov eax, dword [edi + 4] mov bl, byte [edi + 0x361] lea esi, [eax + 0x31fe] push esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp bl, al -je short loc_0000d765 ; je 0xd765 +je short loc_0000d7d3 ; je 0xd7d3 push ebx push ebx push 0xfeff push esi -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 movzx eax, byte [edi + 0x361] add esp, 0xc push eax push 0xff00 push esi -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 -loc_0000d765: +loc_0000d7d3: push eax push eax push 0x100 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 mov dword [esp], esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov dword [esp], esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b pop edx pop ecx push 0 @@ -21917,45 +21960,45 @@ or ebx, 0xfec00010 or eax, 0xfec00000 push eax mov dword [ebp - 0x1c], eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dl, byte [edi + 0x360] add esp, 0x10 movzx ecx, dl shr eax, 0x18 cmp ecx, eax -je short loc_0000d7e4 ; je 0xd7e4 +je short loc_0000d852 ; je 0xd852 cmp dl, 0xf -ja short loc_0000d7e4 ; ja 0xd7e4 +ja short loc_0000d852 ; ja 0xd852 push edx push edx push 0 push dword [ebp - 0x1c] -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 pop ecx pop eax movzx eax, byte [edi + 0x360] shl eax, 0x18 push eax push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_0000d7e4: -call fcn_0001bef7 ; call 0x1bef7 +loc_0000d852: +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 2 -jne short loc_0000d807 ; jne 0xd807 +jne short loc_0000d875 ; jne 0xd875 cmp byte [edi + 0x362], 0 -jne short loc_0000d807 ; jne 0xd807 +jne short loc_0000d875 ; jne 0xd875 push eax push eax push 0x800 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_0000d807: +loc_0000d875: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -21964,79 +22007,79 @@ pop edi pop ebp ret -fcn_0000d811: +fcn_0000d87f: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x1c -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000d834 ; je 0xd834 +je short loc_0000d8a2 ; je 0xd8a2 push eax push eax -push ref_00022566 ; push 0x22566 +push ref_000225f6 ; push 0x225f6 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000d834: +loc_0000d8a2: push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a lea esi, [eax + 0xf0] mov ebx, eax mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e lea eax, [ebp - 0x20] push eax push 0 push 0 -push ref_0002912c ; push 0x2912c -call fcn_00019699 ; call 0x19699 +push ref_000291dc ; push 0x291dc +call fcn_0001975d ; call 0x1975d add esp, 0x20 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000d8a9 ; je 0xd8a9 +je short loc_0000d917 ; je 0xd917 test edi, edi -jns short loc_0000d8a9 ; jns 0xd8a9 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000d917 ; jns 0xd917 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000d891 ; je 0xd891 +je short loc_0000d8ff ; je 0xd8ff push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000d891: +loc_0000d8ff: push edi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x7c4 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000d8a9: -call fcn_000153f0 ; call 0x153f0 +loc_0000d917: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000d8d5 ; je 0xd8d5 +je short loc_0000d943 ; je 0xd943 mov eax, dword [ebp - 0x20] test word [eax + 4], 0x3fff -je short loc_0000d8d5 ; je 0xd8d5 +je short loc_0000d943 ; je 0xd943 push ecx -push ref_0002257f ; push 0x2257f +push ref_0002260f ; push 0x2260f push 0x7d5 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000d8d5: +loc_0000d943: push eax mov eax, dword [ebp - 0x20] mov eax, dword [eax + 4] @@ -22044,7 +22087,7 @@ or eax, 1 push eax push 0x3fff push esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 lea esi, [ebx + 0x40] pop eax mov eax, dword [ebp - 0x20] @@ -22052,54 +22095,54 @@ pop edx movzx eax, word [eax + 8] push eax push esi -call fcn_00017dcb ; call 0x17dcb -call fcn_000153f0 ; call 0x153f0 +call fcn_00017e8f ; call 0x17e8f +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000d93e ; je 0xd93e +je short loc_0000d9ac ; je 0xd9ac sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x20] add esp, 0x10 movzx edx, word [edx + 8] and eax, 0xfffc cmp eax, edx -je short loc_0000d93e ; je 0xd93e +je short loc_0000d9ac ; je 0xd9ac push edi -push ref_000225ba ; push 0x225ba +push ref_0002264a ; push 0x2264a push 0x7e1 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000d93e: +loc_0000d9ac: mov eax, dword [ebp - 0x20] cmp word [eax + 8], 0 lea eax, [ebx + 0x44] -je short loc_0000d95a ; je 0xd95a +je short loc_0000d9c8 ; je 0xd9c8 push esi push esi push 0x80 push eax -call fcn_0001866c ; call 0x1866c -jmp short loc_0000d964 ; jmp 0xd964 +call fcn_00018730 ; call 0x18730 +jmp short loc_0000d9d2 ; jmp 0xd9d2 -loc_0000d95a: +loc_0000d9c8: push ecx push ecx push 0x7f push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d -loc_0000d964: +loc_0000d9d2: add esp, 0x10 push eax push eax push 2 lea eax, [ebx + 0xa6] push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 lea esi, [ebx + 0x48] pop eax mov eax, dword [ebp - 0x20] @@ -22107,47 +22150,47 @@ pop edx movzx eax, word [eax + 0xa] push eax push esi -call fcn_00017dcb ; call 0x17dcb -call fcn_000153f0 ; call 0x153f0 +call fcn_00017e8f ; call 0x17e8f +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000d9ca ; je 0xd9ca +je short loc_0000da38 ; je 0xda38 sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x20] add esp, 0x10 movzx edx, word [edx + 0xa] and eax, 0xfffc cmp eax, edx -je short loc_0000d9ca ; je 0xd9ca +je short loc_0000da38 ; je 0xda38 push eax -push ref_00022601 ; push 0x22601 +push ref_00022691 ; push 0x22691 push 0x800 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000d9ca: +loc_0000da38: mov eax, dword [ebp - 0x20] cmp word [eax + 0xa], 0 lea eax, [ebx + 0x4c] -je short loc_0000d9e3 ; je 0xd9e3 +je short loc_0000da51 ; je 0xda51 push edi push edi push 0x10 push eax -call fcn_0001866c ; call 0x1866c -jmp short loc_0000d9f0 ; jmp 0xd9f0 +call fcn_00018730 ; call 0x18730 +jmp short loc_0000da5e ; jmp 0xda5e -loc_0000d9e3: +loc_0000da51: push esi push esi push 0xef push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d -loc_0000d9f0: +loc_0000da5e: mov eax, dword [ebp - 0x20] add esp, 0x10 mov dl, byte [eax + 0x40e] @@ -22166,196 +22209,196 @@ and edx, 0x22 push edx push eax push ebx -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a pop ebx push dword [ebp - 0x20] -call fcn_0000cb8e ; call 0xcb8e +call fcn_0000cbfc ; call 0xcbfc mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000da74 ; je 0xda74 +je short loc_0000dae2 ; je 0xdae2 test ebx, ebx -jns short loc_0000da74 ; jns 0xda74 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000dae2 ; jns 0xdae2 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000da5c ; je 0xda5c +je short loc_0000daca ; je 0xdaca push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000da5c: +loc_0000daca: push edi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x828 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000da74: +loc_0000dae2: sub esp, 0xc push dword [ebp - 0x20] -call fcn_000113df ; call 0x113df +call fcn_0001146f ; call 0x1146f mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000dac6 ; je 0xdac6 +je short loc_0000db34 ; je 0xdb34 test ebx, ebx -jns short loc_0000dac6 ; jns 0xdac6 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000db34 ; jns 0xdb34 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000daae ; je 0xdaae +je short loc_0000db1c ; je 0xdb1c push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000daae: +loc_0000db1c: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x82a -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000dac6: +loc_0000db34: sub esp, 0xc push dword [ebp - 0x20] -call fcn_0000ce93 ; call 0xce93 +call fcn_0000cf01 ; call 0xcf01 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000db18 ; je 0xdb18 +je short loc_0000db86 ; je 0xdb86 test ebx, ebx -jns short loc_0000db18 ; jns 0xdb18 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000db86 ; jns 0xdb86 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000db00 ; je 0xdb00 +je short loc_0000db6e ; je 0xdb6e push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000db00: +loc_0000db6e: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x82d -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000db18: +loc_0000db86: sub esp, 0xc push dword [ebp - 0x20] -call fcn_0000d0c1 ; call 0xd0c1 +call fcn_0000d12f ; call 0xd12f mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000db6a ; je 0xdb6a +je short loc_0000dbd8 ; je 0xdbd8 test ebx, ebx -jns short loc_0000db6a ; jns 0xdb6a -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000dbd8 ; jns 0xdbd8 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000db52 ; je 0xdb52 +je short loc_0000dbc0 ; je 0xdbc0 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000db52: +loc_0000dbc0: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x830 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000db6a: +loc_0000dbd8: sub esp, 0xc push dword [ebp - 0x20] -call fcn_0000d55b ; call 0xd55b +call fcn_0000d5c9 ; call 0xd5c9 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000dbbc ; je 0xdbbc +je short loc_0000dc2a ; je 0xdc2a test ebx, ebx -jns short loc_0000dbbc ; jns 0xdbbc -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000dc2a ; jns 0xdc2a +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dba4 ; je 0xdba4 +je short loc_0000dc12 ; je 0xdc12 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dba4: +loc_0000dc12: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x832 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000dbbc: +loc_0000dc2a: sub esp, 0xc push dword [ebp - 0x20] -call fcn_0000d717 ; call 0xd717 +call fcn_0000d785 ; call 0xd785 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000dc0e ; je 0xdc0e +je short loc_0000dc7c ; je 0xdc7c test ebx, ebx -jns short loc_0000dc0e ; jns 0xdc0e -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000dc7c ; jns 0xdc7c +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dbf6 ; je 0xdbf6 +je short loc_0000dc64 ; je 0xdc64 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dbf6: +loc_0000dc64: push edi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x834 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000dc0e: +loc_0000dc7c: sub esp, 0xc lea eax, [ebp - 0x1c] push eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 add esp, 0x10 test eax, eax -js short loc_0000dc98 ; js 0xdc98 +js short loc_0000dd06 ; js 0xdd06 mov eax, dword [ebp - 0x1c] cmp eax, 0x11 -je short loc_0000dc98 ; je 0xdc98 +je short loc_0000dd06 ; je 0xdd06 cmp eax, 0x20 -je short loc_0000dc98 ; je 0xdc98 +je short loc_0000dd06 ; je 0xdd06 mov eax, dword [ebp - 0x20] cmp byte [eax + 0x339], 0 -je short loc_0000dc98 ; je 0xdc98 +je short loc_0000dd06 ; je 0xdd06 movzx ecx, byte [eax] add eax, 0x284 mov edx, dword [eax - 0x26a] @@ -22363,73 +22406,73 @@ push ecx push edx push edx push eax -call fcn_000116c1 ; call 0x116c1 +call fcn_00011751 ; call 0x11751 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000dc98 ; je 0xdc98 +je short loc_0000dd06 ; je 0xdd06 test ebx, ebx -jns short loc_0000dc98 ; jns 0xdc98 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000dd06 ; jns 0xdd06 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dc80 ; je 0xdc80 +je short loc_0000dcee ; je 0xdcee push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dc80: +loc_0000dcee: push ebx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x848 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000dc98: -call fcn_000153e9 ; call 0x153e9 +loc_0000dd06: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dcb2 ; je 0xdcb2 +je short loc_0000dd20 ; je 0xdd20 push ecx push ecx -push ref_0002264a ; push 0x2264a +push ref_000226da ; push 0x226da push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dcb2: +loc_0000dd20: sub esp, 0xc -push ref_00026ec4 ; push 0x26ec4 -call fcn_00019667 ; call 0x19667 +push ref_00026f74 ; push 0x26f74 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000dd06 ; je 0xdd06 +je short loc_0000dd74 ; je 0xdd74 test ebx, ebx -jns short loc_0000dd06 ; jns 0xdd06 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000dd74 ; jns 0xdd74 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dcee ; je 0xdcee +je short loc_0000dd5c ; je 0xdd5c push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dcee: +loc_0000dd5c: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x853 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000dd06: +loc_0000dd74: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -22438,7 +22481,7 @@ pop edi pop ebp ret -fcn_0000dd10: ; not directly referenced +fcn_0000dd7e: ; not directly referenced push ebp mov ebp, esp push edi @@ -22446,24 +22489,24 @@ push esi push ebx sub esp, 0x1c mov ebx, dword [ebp + 0xc] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dd36 ; je 0xdd36 +je short loc_0000dda4 ; je 0xdda4 push eax push eax -push ref_00022661 ; push 0x22661 +push ref_000226f1 ; push 0x226f1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dd36: ; not directly referenced +loc_0000dda4: ; not directly referenced cmp byte [ebx], 5 -jbe loc_0000ddcb ; jbe 0xddcb +jbe loc_0000de39 ; jbe 0xde39 xor edx, edx -loc_0000dd41: ; not directly referenced +loc_0000ddaf: ; not directly referenced cmp dl, byte [ebx + 0x526] -jae short loc_0000dd72 ; jae 0xdd72 +jae short loc_0000dde0 ; jae 0xdde0 movzx eax, dl mov esi, dword [ebp + 8] push edi @@ -22473,18 +22516,18 @@ push dword [eax + 0x4e2] add esi, dword [eax + 0x4de] mov dword [ebp - 0x1c], edx push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov edx, dword [ebp - 0x1c] add esp, 0x10 inc edx -jmp short loc_0000dd41 ; jmp 0xdd41 +jmp short loc_0000ddaf ; jmp 0xddaf -loc_0000dd72: ; not directly referenced +loc_0000dde0: ; not directly referenced xor edx, edx -loc_0000dd74: ; not directly referenced +loc_0000dde2: ; not directly referenced cmp dl, byte [ebx + 0x553] -jae short loc_0000dda8 ; jae 0xdda8 +jae short loc_0000de16 ; jae 0xde16 movzx eax, dl lea eax, [ebx + eax*4] push esi @@ -22495,45 +22538,45 @@ push ecx movzx eax, word [eax + 0x527] add eax, dword [ebp + 8] push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 mov edx, dword [ebp - 0x1c] add esp, 0x10 inc edx -jmp short loc_0000dd74 ; jmp 0xdd74 +jmp short loc_0000dde2 ; jmp 0xdde2 -loc_0000dda8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000de16: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je loc_0000de59 ; je 0xde59 +je loc_0000dec7 ; je 0xdec7 push eax push eax -push ref_00022688 ; push 0x22688 +push ref_00022718 ; push 0x22718 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_0000de59 ; jmp 0xde59 +jmp near loc_0000dec7 ; jmp 0xdec7 -loc_0000ddcb: ; not directly referenced -call fcn_0001bef7 ; call 0x1bef7 -mov esi, ref_00026eec ; mov esi, 0x26eec -mov edx, ref_00026f10 ; mov edx, 0x26f10 -mov edi, ref_00026f28 ; mov edi, 0x26f28 +loc_0000de39: ; not directly referenced +call fcn_0001bfbb ; call 0x1bfbb +mov esi, ref_00026f9c ; mov esi, 0x26f9c +mov edx, ref_00026fc0 ; mov edx, 0x26fc0 +mov edi, ref_00026fd8 ; mov edi, 0x26fd8 cmp eax, 2 sete bl setne cl cmovne esi, edx movzx ebx, bl -mov edx, ref_00026f50 ; mov edx, 0x26f50 +mov edx, ref_00027000 ; mov edx, 0x27000 movzx ecx, cl cmovne edi, edx add ecx, 5 lea ebx, [ebx + ebx*2 + 6] xor edx, edx -loc_0000de02: ; not directly referenced +loc_0000de70: ; not directly referenced movzx eax, dl cmp eax, ecx -jae short loc_0000de2e ; jae 0xde2e +jae short loc_0000de9c ; jae 0xde9c mov dword [ebp - 0x20], ecx lea eax, [edi + eax*8] push ecx @@ -22543,21 +22586,21 @@ push dword [eax + 4] add ecx, dword [eax] mov dword [ebp - 0x1c], edx push ecx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov edx, dword [ebp - 0x1c] add esp, 0x10 mov ecx, dword [ebp - 0x20] inc edx -jmp short loc_0000de02 ; jmp 0xde02 +jmp short loc_0000de70 ; jmp 0xde70 -loc_0000de2e: ; not directly referenced +loc_0000de9c: ; not directly referenced xor edi, edi -loc_0000de30: ; not directly referenced +loc_0000de9e: ; not directly referenced mov eax, edi movzx eax, al cmp eax, ebx -jae loc_0000dda8 ; jae 0xdda8 +jae loc_0000de16 ; jae 0xde16 lea eax, [esi + eax*4] inc edi push edx @@ -22567,11 +22610,11 @@ push edx movzx eax, word [eax] add eax, dword [ebp + 8] push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 add esp, 0x10 -jmp short loc_0000de30 ; jmp 0xde30 +jmp short loc_0000de9e ; jmp 0xde9e -loc_0000de59: ; not directly referenced +loc_0000dec7: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -22580,50 +22623,50 @@ pop edi pop ebp ret -fcn_0000de63: +fcn_0000ded1: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0xc -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000de86 ; je 0xde86 +je short loc_0000def4 ; je 0xdef4 push ebx push ebx -push ref_000226ad ; push 0x226ad +push ref_0002273d ; push 0x2273d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000de86: +loc_0000def4: push ecx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edi, eax lea eax, [eax + 0xa4] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 4 -je loc_0000df64 ; je 0xdf64 +je loc_0000dfd2 ; je 0xdfd2 push ecx push ecx push 1 push dword [ebp + 8] -call fcn_0001bd8b ; call 0x1bd8b +call fcn_0001be4f ; call 0x1be4f mov dword [esp], 0x70 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 pop esi mov bl, al pop eax and ebx, 0xffffff80 push 0 push dword [ebp + 8] -call fcn_0001bd8b ; call 0x1bd8b +call fcn_0001be4f ; call 0x1be4f mov dl, bl or ebx, 0xb or edx, 0xa @@ -22633,53 +22676,53 @@ movzx esi, dl pop edx push esi push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 pop ecx pop edx and eax, 0x8f or eax, 0x60 push eax push 0x71 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop ecx pop eax push ebx push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop eax pop edx push 0x80 push 0x71 -call fcn_00017ebb ; call 0x17ebb +call fcn_00017f7f ; call 0x17f7f pop ecx pop eax push esi push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 pop edx pop ecx and eax, 0x8f or eax, 0x20 push eax push 0x71 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop esi pop eax push ebx push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop eax pop edx push 0x7f push 0x71 -call fcn_00017ee8 ; call 0x17ee8 +call fcn_00017fac ; call 0x17fac add esp, 0x10 -loc_0000df64: +loc_0000dfd2: mov eax, dword [ebp + 8] add edi, 0xdc push edx @@ -22687,24 +22730,24 @@ push edx push 0x10 lea esi, [eax + 0x3310] push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0xc push 8 push 0xf3 push edi -call fcn_000186c6 ; call 0x186c6 -call fcn_000153e9 ; call 0x153e9 +call fcn_0001878a ; call 0x1878a +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_0000dfaa ; je 0xdfaa +je short loc_0000e018 ; je 0xe018 push eax push eax -push ref_000226c5 ; push 0x226c5 +push ref_00022755 ; push 0x22755 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dfaa: +loc_0000e018: lea esp, [ebp - 0xc] pop ebx pop esi @@ -22712,217 +22755,217 @@ pop edi pop ebp ret -fcn_0000dfb2: +fcn_0000e020: push ebp mov ebp, esp push esi push ebx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dfd1 ; je 0xdfd1 +je short loc_0000e03f ; je 0xe03f push esi push esi -push ref_000226db ; push 0x226db +push ref_0002276b ; push 0x2276b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dfd1: -call fcn_0001bcb1 ; call 0x1bcb1 +loc_0000e03f: +call fcn_0001bd75 ; call 0x1bd75 test al, al -jne short loc_0000e018 ; jne 0xe018 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000e086 ; jne 0xe086 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000dff7 ; je 0xdff7 +je short loc_0000e065 ; je 0xe065 push ebx push ebx -push ref_000226f8 ; push 0x226f8 +push ref_00022788 ; push 0x22788 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000dff7: -call fcn_000153f0 ; call 0x153f0 +loc_0000e065: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0000e018 ; je 0xe018 +je short loc_0000e086 ; je 0xe086 push ecx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x974 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000e018: +loc_0000e086: push edx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 and ebx, 0xffffc000 add esp, 0x10 test al, al -je short loc_0000e056 ; je 0xe056 +je short loc_0000e0c4 ; je 0xe0c4 push eax push eax -push ref_00022732 ; push 0x22732 +push ref_000227c2 ; push 0x227c2 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e056: -call fcn_000153f0 ; call 0x153f0 +loc_0000e0c4: +call fcn_00015480 ; call 0x15480 sub esp, 0xc push ebx -call fcn_0000de63 ; call 0xde63 +call fcn_0000ded1 ; call 0xded1 mov dword [esp], 0xc -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov ebx, eax test eax, eax -jne short loc_0000e0a0 ; jne 0xe0a0 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000e10e ; jne 0xe10e +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e096 ; je 0xe096 +je short loc_0000e104 ; je 0xe104 push eax push eax -push ref_0002275b ; push 0x2275b +push ref_000227eb ; push 0x227eb -loc_0000e089: +loc_0000e0f7: push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e096: +loc_0000e104: mov ebx, 0x80000009 -jmp near loc_0000e1f4 ; jmp 0xe1f4 +jmp near loc_0000e262 ; jmp 0xe262 -loc_0000e0a0: +loc_0000e10e: sub esp, 0xc push 0x28 -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov esi, eax test eax, eax -jne short loc_0000e0c5 ; jne 0xe0c5 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000e133 ; jne 0xe133 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e096 ; je 0xe096 +je short loc_0000e104 ; je 0xe104 push eax push eax -push ref_00022791 ; push 0x22791 -jmp short loc_0000e089 ; jmp 0xe089 +push ref_00022821 ; push 0x22821 +jmp short loc_0000e0f7 ; jmp 0xe0f7 -loc_0000e0c5: +loc_0000e133: push eax push 0x28 -push ref_00026f80 ; push 0x26f80 +push ref_00027030 ; push 0x27030 push esi -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov dword [ebx], 0x80000010 -mov dword [ebx + 4], ref_000290cc ; mov dword [ebx + 4], 0x290cc +mov dword [ebx + 4], ref_0002917c ; mov dword [ebx + 4], 0x2917c mov dword [ebx + 8], esi mov dword [esp], ebx -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000e132 ; je 0xe132 +je short loc_0000e1a0 ; je 0xe1a0 test ebx, ebx -jns short loc_0000e132 ; jns 0xe132 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000e1a0 ; jns 0xe1a0 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e11a ; je 0xe11a +je short loc_0000e188 ; je 0xe188 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e11a: +loc_0000e188: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x99d -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000e132: +loc_0000e1a0: sub esp, 0xc -push ref_00026ed0 ; push 0x26ed0 -call fcn_00019667 ; call 0x19667 +push ref_00026f80 ; push 0x26f80 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000e186 ; je 0xe186 +je short loc_0000e1f4 ; je 0xe1f4 test ebx, ebx -jns short loc_0000e186 ; jns 0xe186 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000e1f4 ; jns 0xe1f4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e16e ; je 0xe16e +je short loc_0000e1dc ; je 0xe1dc push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e16e: +loc_0000e1dc: push ebx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x9a3 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000e186: +loc_0000e1f4: sub esp, 0xc -push ref_00026eac ; push 0x26eac -call fcn_000196bb ; call 0x196bb +push ref_00026f5c ; push 0x26f5c +call fcn_0001977f ; call 0x1977f mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0000e1da ; je 0xe1da +je short loc_0000e248 ; je 0xe248 test ebx, ebx -jns short loc_0000e1da ; jns 0xe1da -call fcn_000153e9 ; call 0x153e9 +jns short loc_0000e248 ; jns 0xe248 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e1c2 ; je 0xe1c2 +je short loc_0000e230 ; je 0xe230 push ecx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e1c2: +loc_0000e230: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x9a9 -push ref_00022290 ; push 0x22290 -call fcn_000153fc ; call 0x153fc +push ref_00022320 ; push 0x22320 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0000e1da: -call fcn_000153e9 ; call 0x153e9 +loc_0000e248: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e1f4 ; je 0xe1f4 +je short loc_0000e262 ; je 0xe262 push eax push eax -push ref_000227c3 ; push 0x227c3 +push ref_00022853 ; push 0x22853 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e1f4: +loc_0000e262: lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -22930,350 +22973,350 @@ pop esi pop ebp ret -fcn_0000e1fd: ; not directly referenced +fcn_0000e26b: ; not directly referenced push ebp mov ebp, esp push esi push ebx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e21f ; je 0xe21f +je short loc_0000e28d ; je 0xe28d push edx push edx -push ref_000227de ; push 0x227de +push ref_0002286e ; push 0x2286e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e21f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e28d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e240 ; je 0xe240 +je short loc_0000e2ae ; je 0xe2ae push eax movzx eax, byte [ebx + 0xb4] push eax -push ref_00022814 ; push 0x22814 +push ref_000228a4 ; push 0x228a4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e240: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e2ae: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e261 ; je 0xe261 +je short loc_0000e2cf ; je 0xe2cf push eax movzx eax, byte [ebx + 0xb5] push eax -push ref_00022814 ; push 0x22814 +push ref_000228a4 ; push 0x228a4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e261: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e2cf: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e27f ; je 0xe27f +je short loc_0000e2ed ; je 0xe2ed push eax movzx eax, byte [ebx + 1] push eax -push ref_00022828 ; push 0x22828 +push ref_000228b8 ; push 0x228b8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e27f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e2ed: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e29d ; je 0xe29d +je short loc_0000e30b ; je 0xe30b push eax movzx eax, byte [ebx + 9] push eax -push ref_00022838 ; push 0x22838 +push ref_000228c8 ; push 0x228c8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e29d: ; not directly referenced +loc_0000e30b: ; not directly referenced xor esi, esi -loc_0000e29f: ; not directly referenced -call fcn_0001c19d ; call 0x1c19d +loc_0000e30d: ; not directly referenced +call fcn_0001c261 ; call 0x1c261 movzx eax, al cmp esi, eax -jae short loc_0000e2ec ; jae 0xe2ec -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000e35a ; jae 0xe35a +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e2ca ; je 0xe2ca +je short loc_0000e338 ; je 0xe338 movzx eax, byte [ebx + esi*8 + 0x2c] push eax push esi -push ref_00022848 ; push 0x22848 +push ref_000228d8 ; push 0x228d8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e2ca: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e338: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e2e9 ; je 0xe2e9 +je short loc_0000e357 ; je 0xe357 movzx eax, byte [ebx + esi*8 + 0x32] push eax push esi -push ref_00022867 ; push 0x22867 +push ref_000228f7 ; push 0x228f7 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e2e9: ; not directly referenced +loc_0000e357: ; not directly referenced inc esi -jmp short loc_0000e29f ; jmp 0xe29f +jmp short loc_0000e30d ; jmp 0xe30d -loc_0000e2ec: ; not directly referenced +loc_0000e35a: ; not directly referenced xor esi, esi -loc_0000e2ee: ; not directly referenced -call fcn_0001c234 ; call 0x1c234 +loc_0000e35c: ; not directly referenced +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp esi, eax -jae short loc_0000e31f ; jae 0xe31f -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000e38d ; jae 0xe38d +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e31c ; je 0xe31c +je short loc_0000e38a ; je 0xe38a movzx eax, byte [ebx + esi*4 + 0x9c] push eax push esi -push ref_00022888 ; push 0x22888 +push ref_00022918 ; push 0x22918 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e31c: ; not directly referenced +loc_0000e38a: ; not directly referenced inc esi -jmp short loc_0000e2ee ; jmp 0xe2ee +jmp short loc_0000e35c ; jmp 0xe35c -loc_0000e31f: ; not directly referenced +loc_0000e38d: ; not directly referenced xor esi, esi -loc_0000e321: ; not directly referenced -call fcn_0001c181 ; call 0x1c181 +loc_0000e38f: ; not directly referenced +call fcn_0001c245 ; call 0x1c245 movzx eax, al cmp esi, eax -jae short loc_0000e34e ; jae 0xe34e -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000e3bc ; jae 0xe3bc +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e34b ; je 0xe34b +je short loc_0000e3b9 ; je 0xe3b9 movzx eax, byte [ebx + esi*8] push eax push esi -push ref_000228a9 ; push 0x228a9 +push ref_00022939 ; push 0x22939 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e34b: ; not directly referenced +loc_0000e3b9: ; not directly referenced inc esi -jmp short loc_0000e321 ; jmp 0xe321 +jmp short loc_0000e38f ; jmp 0xe38f -loc_0000e34e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e3bc: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e36c ; je 0xe36c +je short loc_0000e3da ; je 0xe3da push eax movzx eax, byte [ebx + 0x10] push eax -push ref_000228c9 ; push 0x228c9 +push ref_00022959 ; push 0x22959 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e36c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e3da: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e38a ; je 0xe38a +je short loc_0000e3f8 ; je 0xe3f8 push eax movzx eax, byte [ebx + 0x11] push eax -push ref_000228e2 ; push 0x228e2 +push ref_00022972 ; push 0x22972 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e38a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e3f8: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e3a8 ; je 0xe3a8 +je short loc_0000e416 ; je 0xe416 push esi movzx eax, byte [ebx + 0x12] push eax -push ref_00022905 ; push 0x22905 +push ref_00022995 ; push 0x22995 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e3a8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e416: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e3c6 ; je 0xe3c6 +je short loc_0000e434 ; je 0xe434 push ecx movzx eax, byte [ebx + 0x13] push eax -push ref_0002291e ; push 0x2291e +push ref_000229ae ; push 0x229ae push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e3c6: ; not directly referenced +loc_0000e434: ; not directly referenced xor esi, esi -loc_0000e3c8: ; not directly referenced -call fcn_0001c1d4 ; call 0x1c1d4 +loc_0000e436: ; not directly referenced +call fcn_0001c298 ; call 0x1c298 movzx eax, al cmp esi, eax -jae short loc_0000e40a ; jae 0xe40a +jae short loc_0000e478 ; jae 0xe478 cmp byte [ebx + esi + 0x14], 0 -jne short loc_0000e3ed ; jne 0xe3ed -call fcn_000153e9 ; call 0x153e9 +jne short loc_0000e45b ; jne 0xe45b +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e407 ; je 0xe407 +je short loc_0000e475 ; je 0xe475 push edx push esi -push ref_0002293d ; push 0x2293d -jmp short loc_0000e3fd ; jmp 0xe3fd +push ref_000229cd ; push 0x229cd +jmp short loc_0000e46b ; jmp 0xe46b -loc_0000e3ed: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e45b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e407 ; je 0xe407 +je short loc_0000e475 ; je 0xe475 push eax push esi -push ref_00022972 ; push 0x22972 +push ref_00022a02 ; push 0x22a02 -loc_0000e3fd: ; not directly referenced +loc_0000e46b: ; not directly referenced push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e407: ; not directly referenced +loc_0000e475: ; not directly referenced inc esi -jmp short loc_0000e3c8 ; jmp 0xe3c8 +jmp short loc_0000e436 ; jmp 0xe436 -loc_0000e40a: ; not directly referenced +loc_0000e478: ; not directly referenced xor esi, esi -loc_0000e40c: ; not directly referenced -call fcn_0001c234 ; call 0x1c234 +loc_0000e47a: ; not directly referenced +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp esi, eax -jae short loc_0000e43a ; jae 0xe43a -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000e4a8 ; jae 0xe4a8 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e437 ; je 0xe437 +je short loc_0000e4a5 ; je 0xe4a5 movzx eax, byte [ebx + esi + 0x22] push eax push esi -push ref_000229a7 ; push 0x229a7 +push ref_00022a37 ; push 0x22a37 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e437: ; not directly referenced +loc_0000e4a5: ; not directly referenced inc esi -jmp short loc_0000e40c ; jmp 0xe40c +jmp short loc_0000e47a ; jmp 0xe47a -loc_0000e43a: ; not directly referenced +loc_0000e4a8: ; not directly referenced xor esi, esi -loc_0000e43c: ; not directly referenced -call fcn_0001c19d ; call 0x1c19d +loc_0000e4aa: ; not directly referenced +call fcn_0001c261 ; call 0x1c261 movzx eax, al cmp esi, eax -jae short loc_0000e4a8 ; jae 0xe4a8 -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000e516 ; jae 0xe516 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e467 ; je 0xe467 +je short loc_0000e4d5 ; je 0xe4d5 movzx eax, byte [ebx + esi*8 + 0x2d] push eax push esi -push ref_000229db ; push 0x229db +push ref_00022a6b ; push 0x22a6b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e467: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e4d5: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e486 ; je 0xe486 +je short loc_0000e4f4 ; je 0xe4f4 movzx eax, byte [ebx + esi*8 + 0x2e] push eax push esi -push ref_00022a00 ; push 0x22a00 +push ref_00022a90 ; push 0x22a90 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e486: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e4f4: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e4a5 ; je 0xe4a5 +je short loc_0000e513 ; je 0xe513 movzx eax, byte [ebx + esi*8 + 0x2f] push eax push esi -push ref_00022a30 ; push 0x22a30 +push ref_00022ac0 ; push 0x22ac0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e4a5: ; not directly referenced +loc_0000e513: ; not directly referenced inc esi -jmp short loc_0000e43c ; jmp 0xe43c +jmp short loc_0000e4aa ; jmp 0xe4aa -loc_0000e4a8: ; not directly referenced +loc_0000e516: ; not directly referenced xor esi, esi -loc_0000e4aa: ; not directly referenced -call fcn_0001c234 ; call 0x1c234 +loc_0000e518: ; not directly referenced +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp esi, eax -jae short loc_0000e4fd ; jae 0xe4fd -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000e56b ; jae 0xe56b +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e4d8 ; je 0xe4d8 +je short loc_0000e546 ; je 0xe546 movzx eax, byte [ebx + esi*4 + 0x9d] push eax push esi -push ref_00022a60 ; push 0x22a60 +push ref_00022af0 ; push 0x22af0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e4d8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e546: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e4fa ; je 0xe4fa +je short loc_0000e568 ; je 0xe568 movzx eax, byte [ebx + esi*4 + 0x9e] push eax push esi -push ref_00022a85 ; push 0x22a85 +push ref_00022b15 ; push 0x22b15 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e4fa: ; not directly referenced +loc_0000e568: ; not directly referenced inc esi -jmp short loc_0000e4aa ; jmp 0xe4aa +jmp short loc_0000e518 ; jmp 0xe518 -loc_0000e4fd: ; not directly referenced +loc_0000e56b: ; not directly referenced xor esi, esi -loc_0000e4ff: ; not directly referenced -call fcn_0001c158 ; call 0x1c158 +loc_0000e56d: ; not directly referenced +call fcn_0001c21c ; call 0x1c21c movzx eax, al cmp esi, eax -jae short loc_0000e53d ; jae 0xe53d -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000e5ab ; jae 0xe5ab +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e53a ; je 0xe53a +je short loc_0000e5a8 ; je 0xe5a8 mov ax, word [ebx + esi*8 + 0x30] sub esp, 0xc mov edx, eax @@ -23283,175 +23326,175 @@ push edx movzx eax, ax push eax push esi -push ref_00022aac ; push 0x22aac +push ref_00022b3c ; push 0x22b3c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_0000e53a: ; not directly referenced +loc_0000e5a8: ; not directly referenced inc esi -jmp short loc_0000e4ff ; jmp 0xe4ff +jmp short loc_0000e56d ; jmp 0xe56d -loc_0000e53d: ; not directly referenced +loc_0000e5ab: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0000e544: ; not directly referenced +fcn_0000e5b2: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e566 ; je 0xe566 +je short loc_0000e5d4 ; je 0xe5d4 push eax push eax -push ref_00022aca ; push 0x22aca +push ref_00022b5a ; push 0x22b5a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e566: ; not directly referenced +loc_0000e5d4: ; not directly referenced xor ebx, ebx -loc_0000e568: ; not directly referenced -call fcn_0001c234 ; call 0x1c234 +loc_0000e5d6: ; not directly referenced +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp ebx, eax -jae loc_0000e6aa ; jae 0xe6aa -call fcn_000153e9 ; call 0x153e9 +jae loc_0000e718 ; jae 0xe718 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e596 ; je 0xe596 +je short loc_0000e604 ; je 0xe604 movzx eax, byte [esi + ebx*8] push eax push ebx -push ref_00022b09 ; push 0x22b09 +push ref_00022b99 ; push 0x22b99 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e596: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e604: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e5b5 ; je 0xe5b5 +je short loc_0000e623 ; je 0xe623 movzx eax, byte [esi + ebx*8 + 1] push eax push ebx -push ref_00022b3a ; push 0x22b3a +push ref_00022bca ; push 0x22bca push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e5b5: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e623: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e5d4 ; je 0xe5d4 +je short loc_0000e642 ; je 0xe642 movzx eax, byte [esi + ebx*8 + 2] push eax push ebx -push ref_00022b6e ; push 0x22b6e +push ref_00022bfe ; push 0x22bfe push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e5d4: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e642: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e5f5 ; je 0xe5f5 +je short loc_0000e663 ; je 0xe663 mov al, byte [esi + ebx*8 + 3] and eax, 1 push eax push ebx -push ref_00022b9b ; push 0x22b9b +push ref_00022c2b ; push 0x22c2b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e5f5: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e663: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e618 ; je 0xe618 +je short loc_0000e686 ; je 0xe686 mov al, byte [esi + ebx*8 + 3] shr al, 1 movzx eax, al push eax push ebx -push ref_00022bc5 ; push 0x22bc5 +push ref_00022c55 ; push 0x22c55 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e618: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e686: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e639 ; je 0xe639 +je short loc_0000e6a7 ; je 0xe6a7 mov al, byte [esi + ebx*8 + 4] and eax, 1 push eax push ebx -push ref_00022bf7 ; push 0x22bf7 +push ref_00022c87 ; push 0x22c87 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e639: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e6a7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e65c ; je 0xe65c +je short loc_0000e6ca ; je 0xe6ca mov al, byte [esi + ebx*8 + 4] shr al, 1 and eax, 1 push eax push ebx -push ref_00022c2e ; push 0x22c2e +push ref_00022cbe ; push 0x22cbe push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e65c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e6ca: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e680 ; je 0xe680 +je short loc_0000e6ee ; je 0xe6ee mov al, byte [esi + ebx*8 + 4] shr al, 2 and eax, 1 push eax push ebx -push ref_00022c68 ; push 0x22c68 +push ref_00022cf8 ; push 0x22cf8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e680: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e6ee: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e6a4 ; je 0xe6a4 +je short loc_0000e712 ; je 0xe712 mov al, byte [esi + ebx*8 + 4] shr al, 3 and eax, 1 push eax push ebx -push ref_00022c9b ; push 0x22c9b +push ref_00022d2b ; push 0x22d2b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e6a4: ; not directly referenced +loc_0000e712: ; not directly referenced inc ebx -jmp near loc_0000e568 ; jmp 0xe568 +jmp near loc_0000e5d6 ; jmp 0xe5d6 -loc_0000e6aa: ; not directly referenced +loc_0000e718: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0000e6b1: ; not directly referenced +fcn_0000e71f: ; not directly referenced push ebp mov ebp, esp push edi @@ -23459,520 +23502,520 @@ push esi push ebx sub esp, 0xc mov esi, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e6d7 ; je 0xe6d7 +je short loc_0000e745 ; je 0xe745 push eax push eax -push ref_00022cc7 ; push 0x22cc7 +push ref_00022d57 ; push 0x22d57 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e6d7: ; not directly referenced +loc_0000e745: ; not directly referenced lea edi, [esi + 0x1e] xor ebx, ebx -loc_0000e6dc: ; not directly referenced -call fcn_0001c0fb ; call 0x1c0fb +loc_0000e74a: ; not directly referenced +call fcn_0001c1bf ; call 0x1c1bf movzx eax, al cmp ebx, eax -jae loc_0000eb32 ; jae 0xeb32 -call fcn_000153e9 ; call 0x153e9 +jae loc_0000eba0 ; jae 0xeba0 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e70f ; je 0xe70f +je short loc_0000e77d ; je 0xe77d imul eax, ebx, 0x2c mov al, byte [esi + eax] and eax, 1 push eax push ebx -push ref_00022cfe ; push 0x22cfe +push ref_00022d8e ; push 0x22d8e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e70f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e77d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e734 ; je 0xe734 +je short loc_0000e7a2 ; je 0xe7a2 imul eax, ebx, 0x2c mov al, byte [esi + eax] shr al, 1 and eax, 1 push eax push ebx -push ref_00022d19 ; push 0x22d19 +push ref_00022da9 ; push 0x22da9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e734: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e7a2: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e75a ; je 0xe75a +je short loc_0000e7c8 ; je 0xe7c8 imul eax, ebx, 0x2c mov al, byte [esi + eax] shr al, 2 and eax, 1 push eax push ebx -push ref_00022d31 ; push 0x22d31 +push ref_00022dc1 ; push 0x22dc1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e75a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e7c8: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e780 ; je 0xe780 +je short loc_0000e7ee ; je 0xe7ee imul eax, ebx, 0x2c mov al, byte [esi + eax] shr al, 3 and eax, 1 push eax push ebx -push ref_00022d54 ; push 0x22d54 +push ref_00022de4 ; push 0x22de4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e780: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e7ee: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e7a6 ; je 0xe7a6 +je short loc_0000e814 ; je 0xe814 imul eax, ebx, 0x2c mov al, byte [esi + eax] shr al, 4 and eax, 1 push eax push ebx -push ref_00022d6f ; push 0x22d6f +push ref_00022dff ; push 0x22dff push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e7a6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e814: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e7cc ; je 0xe7cc +je short loc_0000e83a ; je 0xe83a imul eax, ebx, 0x2c mov al, byte [esi + eax] shr al, 5 and eax, 1 push eax push ebx -push ref_00022d88 ; push 0x22d88 +push ref_00022e18 ; push 0x22e18 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e7cc: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e83a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e7f2 ; je 0xe7f2 +je short loc_0000e860 ; je 0xe860 imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] shr al, 1 and eax, 1 push eax push ebx -push ref_00022da3 ; push 0x22da3 +push ref_00022e33 ; push 0x22e33 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e7f2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e860: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e819 ; je 0xe819 +je short loc_0000e887 ; je 0xe887 imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] shr al, 2 and eax, 1 push eax push ebx -push ref_00022dcf ; push 0x22dcf +push ref_00022e5f ; push 0x22e5f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e819: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e887: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e840 ; je 0xe840 +je short loc_0000e8ae ; je 0xe8ae imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] shr al, 3 and eax, 1 push eax push ebx -push ref_00022df3 ; push 0x22df3 +push ref_00022e83 ; push 0x22e83 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e840: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e8ae: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e867 ; je 0xe867 +je short loc_0000e8d5 ; je 0xe8d5 imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] shr al, 4 and eax, 1 push eax push ebx -push ref_00022e19 ; push 0x22e19 +push ref_00022ea9 ; push 0x22ea9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e867: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e8d5: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e88e ; je 0xe88e +je short loc_0000e8fc ; je 0xe8fc imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] shr al, 5 and eax, 1 push eax push ebx -push ref_00022e43 ; push 0x22e43 +push ref_00022ed3 ; push 0x22ed3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e88e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e8fc: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e8b5 ; je 0xe8b5 +je short loc_0000e923 ; je 0xe923 imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] shr al, 6 and eax, 1 push eax push ebx -push ref_00022e63 ; push 0x22e63 +push ref_00022ef3 ; push 0x22ef3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e8b5: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e923: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e8dc ; je 0xe8dc +je short loc_0000e94a ; je 0xe94a imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] shr al, 7 movzx eax, al push eax push ebx -push ref_00022e8e ; push 0x22e8e +push ref_00022f1e ; push 0x22f1e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e8dc: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e94a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e900 ; je 0xe900 +je short loc_0000e96e ; je 0xe96e imul eax, ebx, 0x2c mov al, byte [esi + eax + 5] and eax, 1 push eax push ebx -push ref_00022ebc ; push 0x22ebc +push ref_00022f4c ; push 0x22f4c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e900: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e96e: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e924 ; je 0xe924 +je short loc_0000e992 ; je 0xe992 imul eax, ebx, 0x2c mov al, byte [esi + eax + 4] and eax, 1 push eax push ebx -push ref_00022eed ; push 0x22eed +push ref_00022f7d ; push 0x22f7d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e924: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e992: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e94a ; je 0xe94a +je short loc_0000e9b8 ; je 0xe9b8 imul eax, ebx, 0x2c mov al, byte [esi + eax] shr al, 6 and eax, 1 push eax push ebx -push ref_00022f17 ; push 0x22f17 +push ref_00022fa7 ; push 0x22fa7 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e94a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e9b8: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e968 ; je 0xe968 +je short loc_0000e9d6 ; je 0xe9d6 movzx eax, byte [edi - 0x16] push eax push ebx -push ref_00022f3f ; push 0x22f3f +push ref_00022fcf ; push 0x22fcf push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e968: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e9d6: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e986 ; je 0xe986 +je short loc_0000e9f4 ; je 0xe9f4 movzx eax, byte [edi - 0x15] push eax push ebx -push ref_00022f5c ; push 0x22f5c +push ref_00022fec ; push 0x22fec push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e986: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000e9f4: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e9a4 ; je 0xe9a4 +je short loc_0000ea12 ; je 0xea12 movzx eax, byte [edi - 0x14] push eax push ebx -push ref_00022f7e ; push 0x22f7e +push ref_0002300e ; push 0x2300e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e9a4: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ea12: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e9c2 ; je 0xe9c2 +je short loc_0000ea30 ; je 0xea30 movzx eax, byte [edi - 0x13] push eax push ebx -push ref_00022fa4 ; push 0x22fa4 +push ref_00023034 ; push 0x23034 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e9c2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ea30: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e9e0 ; je 0xe9e0 +je short loc_0000ea4e ; je 0xea4e movzx eax, byte [edi - 0xe] push eax push ebx -push ref_00022fc9 ; push 0x22fc9 +push ref_00023059 ; push 0x23059 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e9e0: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ea4e: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000e9fe ; je 0xe9fe +je short loc_0000ea6c ; je 0xea6c movzx eax, byte [edi - 0xd] push eax push ebx -push ref_00022fe1 ; push 0x22fe1 +push ref_00023071 ; push 0x23071 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000e9fe: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ea6c: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ea1c ; je 0xea1c +je short loc_0000ea8a ; je 0xea8a movzx eax, byte [edi - 0xc] push eax push ebx -push ref_00023000 ; push 0x23000 +push ref_00023090 ; push 0x23090 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ea1c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ea8a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ea3a ; je 0xea3a +je short loc_0000eaa8 ; je 0xeaa8 movzx eax, byte [edi - 0xb] push eax push ebx -push ref_0002301d ; push 0x2301d +push ref_000230ad ; push 0x230ad push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ea3a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eaa8: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ea58 ; je 0xea58 +je short loc_0000eac6 ; je 0xeac6 movzx eax, word [edi - 0xa] push eax push ebx -push ref_0002303e ; push 0x2303e +push ref_000230ce ; push 0x230ce push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ea58: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eac6: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ea76 ; je 0xea76 +je short loc_0000eae4 ; je 0xeae4 movzx eax, word [edi - 8] push eax push ebx -push ref_00023064 ; push 0x23064 +push ref_000230f4 ; push 0x230f4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ea76: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eae4: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ea94 ; je 0xea94 +je short loc_0000eb02 ; je 0xeb02 movzx eax, byte [edi - 6] push eax push ebx -push ref_0002308c ; push 0x2308c +push ref_0002311c ; push 0x2311c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ea94: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eb02: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eab2 ; je 0xeab2 +je short loc_0000eb20 ; je 0xeb20 movzx eax, byte [edi - 5] push eax push ebx -push ref_000230b8 ; push 0x230b8 +push ref_00023148 ; push 0x23148 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eab2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eb20: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ead0 ; je 0xead0 +je short loc_0000eb3e ; je 0xeb3e movzx eax, word [edi - 4] push eax push ebx -push ref_000230ea ; push 0x230ea +push ref_0002317a ; push 0x2317a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ead0: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eb3e: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eaee ; je 0xeaee +je short loc_0000eb5c ; je 0xeb5c movzx eax, byte [edi - 2] push eax push ebx -push ref_00023117 ; push 0x23117 +push ref_000231a7 ; push 0x231a7 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eaee: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eb5c: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eb0c ; je 0xeb0c +je short loc_0000eb7a ; je 0xeb7a movzx eax, byte [edi - 1] push eax push ebx -push ref_00023146 ; push 0x23146 +push ref_000231d6 ; push 0x231d6 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eb0c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eb7a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eb29 ; je 0xeb29 +je short loc_0000eb97 ; je 0xeb97 movzx eax, word [edi] push eax push ebx -push ref_0002317b ; push 0x2317b +push ref_0002320b ; push 0x2320b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eb29: ; not directly referenced +loc_0000eb97: ; not directly referenced inc ebx add edi, 0x2c -jmp near loc_0000e6dc ; jmp 0xe6dc +jmp near loc_0000e74a ; jmp 0xe74a -loc_0000eb32: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eba0: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eb53 ; je 0xeb53 +je short loc_0000ebc1 ; je 0xebc1 push edi movzx eax, byte [esi + 0x160] push eax -push ref_000231ab ; push 0x231ab +push ref_0002323b ; push 0x2323b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eb53: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ebc1: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eb74 ; je 0xeb74 +je short loc_0000ebe2 ; je 0xebe2 push ebx movzx eax, byte [esi + 0x161] push eax -push ref_000231c1 ; push 0x231c1 +push ref_00023251 ; push 0x23251 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eb74: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ebe2: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eb95 ; je 0xeb95 +je short loc_0000ec03 ; je 0xec03 push ecx movzx eax, byte [esi + 0x162] push eax -push ref_000231d7 ; push 0x231d7 +push ref_00023267 ; push 0x23267 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eb95: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ec03: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ebb6 ; je 0xebb6 +je short loc_0000ec24 ; je 0xec24 push edx movzx eax, byte [esi + 0x163] push eax -push ref_000231f1 ; push 0x231f1 +push ref_00023281 ; push 0x23281 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ebb6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ec24: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ebd9 ; je 0xebd9 +je short loc_0000ec47 ; je 0xec47 push eax mov al, byte [esi + 0x164] and eax, 1 push eax -push ref_00023210 ; push 0x23210 +push ref_000232a0 ; push 0x232a0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ebd9: ; not directly referenced +loc_0000ec47: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -23980,7 +24023,7 @@ pop edi pop ebp ret -fcn_0000ebe1: ; not directly referenced +fcn_0000ec4f: ; not directly referenced push ebp mov ebp, esp push edi @@ -23988,184 +24031,184 @@ push esi push ebx sub esp, 0xc mov esi, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ec07 ; je 0xec07 +je short loc_0000ec75 ; je 0xec75 push edi push edi -push ref_0002322f ; push 0x2322f +push ref_000232bf ; push 0x232bf push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ec07: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ec75: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ec24 ; je 0xec24 +je short loc_0000ec92 ; je 0xec92 push ebx movzx eax, byte [esi] push eax -push ref_000233c4 ; push 0x233c4 +push ref_00023454 ; push 0x23454 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ec24: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ec92: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ec40 ; je 0xec40 +je short loc_0000ecae ; je 0xecae push ecx push dword [esi + 1] -push ref_00023266 ; push 0x23266 +push ref_000232f6 ; push 0x232f6 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ec40: ; not directly referenced +loc_0000ecae: ; not directly referenced lea edi, [esi + 0xd] xor ebx, ebx -loc_0000ec45: ; not directly referenced -call fcn_0001c11d ; call 0x1c11d +loc_0000ecb3: ; not directly referenced +call fcn_0001c1e1 ; call 0x1c1e1 movzx eax, al cmp ebx, eax -jae loc_0000efe4 ; jae 0xefe4 -call fcn_000153e9 ; call 0x153e9 +jae loc_0000f052 ; jae 0xf052 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ec79 ; je 0xec79 +je short loc_0000ece7 ; je 0xece7 imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] and eax, 1 push eax push ebx -push ref_00022848 ; push 0x22848 +push ref_000228d8 ; push 0x228d8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ec79: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ece7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ec9f ; je 0xec9f +je short loc_0000ed0d ; je 0xed0d imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] shr al, 1 and eax, 1 push eax push ebx -push ref_00023275 ; push 0x23275 +push ref_00023305 ; push 0x23305 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ec9f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ed0d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ecc6 ; je 0xecc6 +je short loc_0000ed34 ; je 0xed34 imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] shr al, 2 and eax, 1 push eax push ebx -push ref_00023294 ; push 0x23294 +push ref_00023324 ; push 0x23324 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ecc6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ed34: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eced ; je 0xeced +je short loc_0000ed5b ; je 0xed5b imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] shr al, 3 and eax, 1 push eax push ebx -push ref_000232b7 ; push 0x232b7 +push ref_00023347 ; push 0x23347 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eced: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ed5b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ed14 ; je 0xed14 +je short loc_0000ed82 ; je 0xed82 imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] shr al, 4 and eax, 1 push eax push ebx -push ref_000232d7 ; push 0x232d7 +push ref_00023367 ; push 0x23367 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ed14: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ed82: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ed3b ; je 0xed3b +je short loc_0000eda9 ; je 0xeda9 imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] shr al, 5 and eax, 1 push eax push ebx -push ref_000232f5 ; push 0x232f5 +push ref_00023385 ; push 0x23385 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ed3b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eda9: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ed62 ; je 0xed62 +je short loc_0000edd0 ; je 0xedd0 imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] shr al, 6 and eax, 1 push eax push ebx -push ref_0002331c ; push 0x2331c +push ref_000233ac ; push 0x233ac push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ed62: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000edd0: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ed89 ; je 0xed89 +je short loc_0000edf7 ; je 0xedf7 imul eax, ebx, 0x12 mov al, byte [esi + eax + 5] shr al, 7 movzx eax, al push eax push ebx -push ref_0002333a ; push 0x2333a +push ref_000233ca ; push 0x233ca push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ed89: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000edf7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000edad ; je 0xedad +je short loc_0000ee1b ; je 0xee1b imul eax, ebx, 0x12 mov al, byte [esi + eax + 6] and eax, 0xf push eax push ebx -push ref_00023362 ; push 0x23362 +push ref_000233f2 ; push 0x233f2 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000edad: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ee1b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ede1 ; je 0xede1 +je short loc_0000ee4f ; je 0xee4f imul edx, ebx, 0x12 add edx, esi mov al, byte [edx + 6] @@ -24177,315 +24220,315 @@ shl eax, 4 or eax, ecx push eax push ebx -push ref_0002337f ; push 0x2337f +push ref_0002340f ; push 0x2340f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ede1: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ee4f: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000edff ; je 0xedff +je short loc_0000ee6d ; je 0xee6d movzx eax, byte [edi - 3] push eax push ebx -push ref_0002339e ; push 0x2339e +push ref_0002342e ; push 0x2342e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000edff: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ee6d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ee1d ; je 0xee1d +je short loc_0000ee8b ; je 0xee8b movzx eax, byte [edi - 4] push eax push ebx -push ref_000233d1 ; push 0x233d1 +push ref_00023461 ; push 0x23461 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ee1d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ee8b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ee3b ; je 0xee3b +je short loc_0000eea9 ; je 0xeea9 movzx eax, byte [edi - 1] push eax push ebx -push ref_00023402 ; push 0x23402 +push ref_00023492 ; push 0x23492 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ee3b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eea9: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ee59 ; je 0xee59 +je short loc_0000eec7 ; je 0xeec7 movzx eax, byte [edi - 2] push eax push ebx -push ref_00023435 ; push 0x23435 +push ref_000234c5 ; push 0x234c5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ee59: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eec7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ee77 ; je 0xee77 +je short loc_0000eee5 ; je 0xeee5 movzx eax, byte [edi + 1] push eax push ebx -push ref_00023466 ; push 0x23466 +push ref_000234f6 ; push 0x234f6 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ee77: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000eee5: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ee94 ; je 0xee94 +je short loc_0000ef02 ; je 0xef02 movzx eax, byte [edi] push eax push ebx -push ref_00023499 ; push 0x23499 +push ref_00023529 ; push 0x23529 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ee94: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ef02: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eeb6 ; je 0xeeb6 +je short loc_0000ef24 ; je 0xef24 imul eax, ebx, 0x12 movzx eax, byte [esi + eax + 0xf] push eax push ebx -push ref_000234ca ; push 0x234ca +push ref_0002355a ; push 0x2355a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eeb6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ef24: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eed8 ; je 0xeed8 +je short loc_0000ef46 ; je 0xef46 imul eax, ebx, 0x12 movzx eax, byte [esi + eax + 0x10] push eax push ebx -push ref_00023500 ; push 0x23500 +push ref_00023590 ; push 0x23590 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eed8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ef46: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000eefa ; je 0xeefa +je short loc_0000ef68 ; je 0xef68 imul eax, ebx, 0x12 movzx eax, byte [esi + eax + 0x11] push eax push ebx -push ref_00023537 ; push 0x23537 +push ref_000235c7 ; push 0x235c7 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000eefa: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ef68: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ef1c ; je 0xef1c +je short loc_0000ef8a ; je 0xef8a imul eax, ebx, 0x12 movzx eax, byte [esi + eax + 0x12] push eax push ebx -push ref_00023568 ; push 0x23568 +push ref_000235f8 ; push 0x235f8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ef1c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ef8a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ef40 ; je 0xef40 +je short loc_0000efae ; je 0xefae imul eax, ebx, 0x12 mov al, byte [esi + eax + 0x13] and eax, 1 push eax push ebx -push ref_0002359a ; push 0x2359a +push ref_0002362a ; push 0x2362a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ef40: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000efae: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ef66 ; je 0xef66 +je short loc_0000efd4 ; je 0xefd4 imul eax, ebx, 0x12 mov al, byte [esi + eax + 0x13] shr al, 1 and eax, 1 push eax push ebx -push ref_000235d6 ; push 0x235d6 +push ref_00023666 ; push 0x23666 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ef66: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000efd4: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ef8d ; je 0xef8d +je short loc_0000effb ; je 0xeffb imul eax, ebx, 0x12 mov al, byte [esi + eax + 0x13] shr al, 2 and eax, 1 push eax push ebx -push ref_00023613 ; push 0x23613 +push ref_000236a3 ; push 0x236a3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ef8d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000effb: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000efb4 ; je 0xefb4 +je short loc_0000f022 ; je 0xf022 imul eax, ebx, 0x12 mov al, byte [esi + eax + 0x13] shr al, 3 and eax, 1 push eax push ebx -push ref_0002364a ; push 0x2364a +push ref_000236da ; push 0x236da push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000efb4: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f022: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000efdb ; je 0xefdb +je short loc_0000f049 ; je 0xf049 imul eax, ebx, 0x12 mov al, byte [esi + eax + 7] shr al, 6 and eax, 1 push eax push ebx -push ref_00023682 ; push 0x23682 +push ref_00023712 ; push 0x23712 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000efdb: ; not directly referenced +loc_0000f049: ; not directly referenced inc ebx add edi, 0x12 -jmp near loc_0000ec45 ; jmp 0xec45 +jmp near loc_0000ecb3 ; jmp 0xecb3 -loc_0000efe4: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f052: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f004 ; je 0xf004 +je short loc_0000f072 ; je 0xf072 push edx mov al, byte [esi + 0x71] and eax, 1 push eax -push ref_000236b9 ; push 0x236b9 +push ref_00023749 ; push 0x23749 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f004: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f072: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f026 ; je 0xf026 +je short loc_0000f094 ; je 0xf094 push eax mov al, byte [esi + 0x71] shr al, 1 and eax, 1 push eax -push ref_000236cf ; push 0x236cf +push ref_0002375f ; push 0x2375f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f026: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f094: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f049 ; je 0xf049 +je short loc_0000f0b7 ; je 0xf0b7 push eax mov al, byte [esi + 0x71] shr al, 2 and eax, 1 push eax -push ref_000236db ; push 0x236db +push ref_0002376b ; push 0x2376b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f049: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f0b7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f06c ; je 0xf06c +je short loc_0000f0da ; je 0xf0da push eax mov al, byte [esi + 0x71] shr al, 3 and eax, 1 push eax -push ref_000236e7 ; push 0x236e7 +push ref_00023777 ; push 0x23777 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f06c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f0da: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f08f ; je 0xf08f +je short loc_0000f0fd ; je 0xf0fd push eax mov al, byte [esi + 0x71] shr al, 4 and eax, 1 push eax -push ref_000236f4 ; push 0x236f4 +push ref_00023784 ; push 0x23784 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f08f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f0fd: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f0b2 ; je 0xf0b2 +je short loc_0000f120 ; je 0xf120 push eax mov al, byte [esi + 0x71] shr al, 5 and eax, 1 push eax -push ref_00023700 ; push 0x23700 +push ref_00023790 ; push 0x23790 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f0b2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f120: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f0d5 ; je 0xf0d5 +je short loc_0000f143 ; je 0xf143 push eax mov al, byte [esi + 0x71] shr al, 6 and eax, 1 push eax -push ref_0002370b ; push 0x2370b +push ref_0002379b ; push 0x2379b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f0d5: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f143: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f103 ; je 0xf103 +je short loc_0000f171 ; je 0xf171 push edi mov al, byte [esi + 0x71] shr al, 7 @@ -24495,187 +24538,187 @@ and eax, 1 add eax, eax or eax, edx push eax -push ref_0002371e ; push 0x2371e +push ref_000237ae ; push 0x237ae push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f103: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f171: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f125 ; je 0xf125 +je short loc_0000f193 ; je 0xf193 push ebx mov al, byte [esi + 0x72] shr al, 1 and eax, 1 push eax -push ref_00023730 ; push 0x23730 +push ref_000237c0 ; push 0x237c0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f125: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f193: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f148 ; je 0xf148 +je short loc_0000f1b6 ; je 0xf1b6 push ecx mov al, byte [esi + 0x72] shr al, 2 and eax, 1 push eax -push ref_00023740 ; push 0x23740 +push ref_000237d0 ; push 0x237d0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f148: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f1b6: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f16b ; je 0xf16b +je short loc_0000f1d9 ; je 0xf1d9 push edx mov al, byte [esi + 0x72] shr al, 3 and eax, 1 push eax -push ref_00023750 ; push 0x23750 +push ref_000237e0 ; push 0x237e0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f16b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f1d9: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f18e ; je 0xf18e +je short loc_0000f1fc ; je 0xf1fc push eax mov al, byte [esi + 0x72] shr al, 4 and eax, 1 push eax -push ref_0002375f ; push 0x2375f +push ref_000237ef ; push 0x237ef push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f18e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f1fc: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f1aa ; je 0xf1aa +je short loc_0000f218 ; je 0xf218 push eax push dword [esi + 0x75] -push ref_00023772 ; push 0x23772 +push ref_00023802 ; push 0x23802 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f1aa: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f218: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f1c8 ; je 0xf1c8 +je short loc_0000f236 ; je 0xf236 push eax movzx eax, byte [esi + 0x7d] push eax -push ref_00023785 ; push 0x23785 +push ref_00023815 ; push 0x23815 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f1c8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f236: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f1e6 ; je 0xf1e6 +je short loc_0000f254 ; je 0xf254 push eax movzx eax, byte [esi + 0x79] push eax -push ref_0002379b ; push 0x2379b +push ref_0002382b ; push 0x2382b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f1e6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f254: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f204 ; je 0xf204 +je short loc_0000f272 ; je 0xf272 push eax movzx eax, byte [esi + 0x7a] push eax -push ref_000237aa ; push 0x237aa +push ref_0002383a ; push 0x2383a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f204: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f272: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f222 ; je 0xf222 +je short loc_0000f290 ; je 0xf290 push eax movzx eax, byte [esi + 0x7b] push eax -push ref_000237bb ; push 0x237bb +push ref_0002384b ; push 0x2384b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f222: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f290: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f240 ; je 0xf240 +je short loc_0000f2ae ; je 0xf2ae push edi movzx eax, byte [esi + 0x7c] push eax -push ref_000237cd ; push 0x237cd +push ref_0002385d ; push 0x2385d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f240: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f2ae: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f25e ; je 0xf25e +je short loc_0000f2cc ; je 0xf2cc push ebx movzx eax, byte [esi + 0x7e] push eax -push ref_000237e0 ; push 0x237e0 +push ref_00023870 ; push 0x23870 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f25e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f2cc: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f27c ; je 0xf27c +je short loc_0000f2ea ; je 0xf2ea push ecx movzx eax, byte [esi + 0x7f] push eax -push ref_000237fb ; push 0x237fb +push ref_0002388b ; push 0x2388b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f27c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f2ea: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f29d ; je 0xf29d +je short loc_0000f30b ; je 0xf30b push edx movzx eax, byte [esi + 0x80] push eax -push ref_0002381c ; push 0x2381c +push ref_000238ac ; push 0x238ac push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f29d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f30b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f2be ; je 0xf2be +je short loc_0000f32c ; je 0xf32c push eax movzx eax, byte [esi + 0x81] push eax -push ref_00023845 ; push 0x23845 +push ref_000238d5 ; push 0x238d5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f2be: ; not directly referenced +loc_0000f32c: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -24683,1100 +24726,1100 @@ pop edi pop ebp ret -fcn_0000f2c6: ; not directly referenced +fcn_0000f334: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f2e8 ; je 0xf2e8 +je short loc_0000f356 ; je 0xf356 push eax push eax -push ref_0002386a ; push 0x2386a +push ref_000238fa ; push 0x238fa push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f2e8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f356: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f305 ; je 0xf305 +je short loc_0000f373 ; je 0xf373 push eax movzx eax, byte [ebx] push eax -push ref_000238a3 ; push 0x238a3 +push ref_00023933 ; push 0x23933 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f305: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f373: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f323 ; je 0xf323 +je short loc_0000f391 ; je 0xf391 push eax movzx eax, byte [ebx + 1] push eax -push ref_000238b2 ; push 0x238b2 +push ref_00023942 ; push 0x23942 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f323: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f391: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f341 ; je 0xf341 +je short loc_0000f3af ; je 0xf3af push eax movzx eax, byte [ebx + 2] push eax -push ref_000238c2 ; push 0x238c2 +push ref_00023952 ; push 0x23952 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f341: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f3af: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f35f ; je 0xf35f +je short loc_0000f3cd ; je 0xf3cd push eax movzx eax, byte [ebx + 3] push eax -push ref_00022f69 ; push 0x22f69 +push ref_00022ff9 ; push 0x22ff9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f35f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f3cd: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f37d ; je 0xf37d +je short loc_0000f3eb ; je 0xf3eb push ecx movzx eax, byte [ebx + 4] push eax -push ref_000238d5 ; push 0x238d5 +push ref_00023965 ; push 0x23965 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f37d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f3eb: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f39b ; je 0xf39b +je short loc_0000f409 ; je 0xf409 push edx movzx eax, byte [ebx + 5] push eax -push ref_000238e4 ; push 0x238e4 +push ref_00023974 ; push 0x23974 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f39b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f409: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f3b9 ; je 0xf3b9 +je short loc_0000f427 ; je 0xf427 push eax movzx eax, byte [ebx + 6] push eax -push ref_000238fa ; push 0x238fa +push ref_0002398a ; push 0x2398a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f3b9: ; not directly referenced +loc_0000f427: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0000f3be: ; not directly referenced +fcn_0000f42c: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f3e0 ; je 0xf3e0 +je short loc_0000f44e ; je 0xf44e push eax push eax -push ref_00023911 ; push 0x23911 +push ref_000239a1 ; push 0x239a1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f3e0: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f44e: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f3fd ; je 0xf3fd +je short loc_0000f46b ; je 0xf46b push eax movzx eax, byte [ebx] push eax -push ref_00023948 ; push 0x23948 +push ref_000239d8 ; push 0x239d8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f3fd: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f46b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f41b ; je 0xf41b +je short loc_0000f489 ; je 0xf489 push eax movzx eax, byte [ebx + 8] push eax -push ref_00023954 ; push 0x23954 +push ref_000239e4 ; push 0x239e4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f41b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f489: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f439 ; je 0xf439 +je short loc_0000f4a7 ; je 0xf4a7 push eax movzx eax, byte [ebx + 1] push eax -push ref_00023962 ; push 0x23962 +push ref_000239f2 ; push 0x239f2 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f439: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f4a7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f457 ; je 0xf457 +je short loc_0000f4c5 ; je 0xf4c5 push ecx movzx eax, byte [ebx + 2] push eax -push ref_00023971 ; push 0x23971 +push ref_00023a01 ; push 0x23a01 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f457: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f4c5: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f475 ; je 0xf475 +je short loc_0000f4e3 ; je 0xf4e3 push edx movzx eax, byte [ebx + 3] push eax -push ref_00023983 ; push 0x23983 +push ref_00023a13 ; push 0x23a13 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f475: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f4e3: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f491 ; je 0xf491 +je short loc_0000f4ff ; je 0xf4ff push eax push dword [ebx + 4] -push ref_00023997 ; push 0x23997 +push ref_00023a27 ; push 0x23a27 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f491: ; not directly referenced +loc_0000f4ff: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0000f496: ; not directly referenced +fcn_0000f504: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f4b8 ; je 0xf4b8 +je short loc_0000f526 ; je 0xf526 push eax push eax -push ref_000239a1 ; push 0x239a1 +push ref_00023a31 ; push 0x23a31 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f4b8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f526: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f4d7 ; je 0xf4d7 +je short loc_0000f545 ; je 0xf545 push eax mov al, byte [ebx] and eax, 1 push eax -push ref_000239dd ; push 0x239dd +push ref_00023a6d ; push 0x23a6d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f4d7: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f545: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f4f8 ; je 0xf4f8 +je short loc_0000f566 ; je 0xf566 push eax mov al, byte [ebx] shr al, 1 and eax, 1 push eax -push ref_000239ed ; push 0x239ed +push ref_00023a7d ; push 0x23a7d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f4f8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f566: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f51a ; je 0xf51a +je short loc_0000f588 ; je 0xf588 push eax mov al, byte [ebx] shr al, 2 and eax, 1 push eax -push ref_00023a01 ; push 0x23a01 +push ref_00023a91 ; push 0x23a91 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f51a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f588: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f53c ; je 0xf53c +je short loc_0000f5aa ; je 0xf5aa push ecx mov al, byte [ebx] shr al, 3 and eax, 1 push eax -push ref_00023a14 ; push 0x23a14 +push ref_00023aa4 ; push 0x23aa4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f53c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f5aa: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f55e ; je 0xf55e +je short loc_0000f5cc ; je 0xf5cc push edx mov al, byte [ebx] shr al, 4 and eax, 1 push eax -push ref_00023a22 ; push 0x23a22 +push ref_00023ab2 ; push 0x23ab2 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f55e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f5cc: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f580 ; je 0xf580 +je short loc_0000f5ee ; je 0xf5ee push eax mov al, byte [ebx] shr al, 5 and eax, 1 push eax -push ref_00023a31 ; push 0x23a31 +push ref_00023ac1 ; push 0x23ac1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f580: ; not directly referenced +loc_0000f5ee: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0000f585: ; not directly referenced +fcn_0000f5f3: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f5a7 ; je 0xf5a7 +je short loc_0000f615 ; je 0xf615 push eax push eax -push ref_00023a3e ; push 0x23a3e +push ref_00023ace ; push 0x23ace push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f5a7: ; not directly referenced +loc_0000f615: ; not directly referenced xor ebx, ebx -loc_0000f5a9: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f617: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f5c9 ; je 0xf5c9 +je short loc_0000f637 ; je 0xf637 mov al, byte [esi + ebx*8] and eax, 1 push eax push ebx -push ref_00023a81 ; push 0x23a81 +push ref_00023b11 ; push 0x23b11 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f5c9: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f637: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f5eb ; je 0xf5eb +je short loc_0000f659 ; je 0xf659 mov al, byte [esi + ebx*8] shr al, 1 and eax, 1 push eax push ebx -push ref_00023aa1 ; push 0x23aa1 +push ref_00023b31 ; push 0x23b31 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f5eb: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f659: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f60a ; je 0xf60a +je short loc_0000f678 ; je 0xf678 movzx eax, word [esi + ebx*8 + 4] push eax push ebx -push ref_00023ac0 ; push 0x23ac0 +push ref_00023b50 ; push 0x23b50 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f60a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f678: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f629 ; je 0xf629 +je short loc_0000f697 ; je 0xf697 movzx eax, word [esi + ebx*8 + 6] push eax push ebx -push ref_00023ade ; push 0x23ade +push ref_00023b6e ; push 0x23b6e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f629: ; not directly referenced +loc_0000f697: ; not directly referenced inc ebx cmp ebx, 5 -jne loc_0000f5a9 ; jne 0xf5a9 +jne loc_0000f617 ; jne 0xf617 lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0000f63a: ; not directly referenced +fcn_0000f6a8: ; not directly referenced push ebp mov ebp, esp push esi push ebx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f65c ; je 0xf65c +je short loc_0000f6ca ; je 0xf6ca push eax push eax -push ref_00023afb ; push 0x23afb +push ref_00023b8b ; push 0x23b8b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f65c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f6ca: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f679 ; je 0xf679 +je short loc_0000f6e7 ; je 0xf6e7 push eax movzx eax, byte [ebx] push eax -push ref_000233c4 ; push 0x233c4 +push ref_00023454 ; push 0x23454 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f679: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f6e7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f697 ; je 0xf697 +je short loc_0000f705 ; je 0xf705 push eax movzx eax, word [ebx + 2] push eax -push ref_00023b33 ; push 0x23b33 +push ref_00023bc3 ; push 0x23bc3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f697: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f705: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f6b5 ; je 0xf6b5 +je short loc_0000f723 ; je 0xf723 push esi movzx eax, byte [ebx + 7] push eax -push ref_00023b45 ; push 0x23b45 +push ref_00023bd5 ; push 0x23bd5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f6b5: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f723: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f6cf ; je 0xf6cf +je short loc_0000f73d ; je 0xf73d push ecx push ecx -push ref_00023b61 ; push 0x23b61 +push ref_00023bf1 ; push 0x23bf1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f6cf: ; not directly referenced +loc_0000f73d: ; not directly referenced xor esi, esi -loc_0000f6d1: ; not directly referenced +loc_0000f73f: ; not directly referenced movzx eax, byte [ebx + 7] cmp esi, eax -jae short loc_0000f6fb ; jae 0xf6fb -call fcn_000153e9 ; call 0x153e9 +jae short loc_0000f769 ; jae 0xf769 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f6f8 ; je 0xf6f8 +je short loc_0000f766 ; je 0xf766 push edx movzx eax, byte [ebx + esi + 8] push eax -push ref_00023b7b ; push 0x23b7b +push ref_00023c0b ; push 0x23c0b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f6f8: ; not directly referenced +loc_0000f766: ; not directly referenced inc esi -jmp short loc_0000f6d1 ; jmp 0xf6d1 +jmp short loc_0000f73f ; jmp 0xf73f -loc_0000f6fb: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f769: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f715 ; je 0xf715 +je short loc_0000f783 ; je 0xf783 push eax push eax -push ref_00023b82 ; push 0x23b82 +push ref_00023c12 ; push 0x23c12 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f715: ; not directly referenced +loc_0000f783: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0000f71c: ; not directly referenced +fcn_0000f78a: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f73e ; je 0xf73e +je short loc_0000f7ac ; je 0xf7ac push eax push eax -push ref_00023b86 ; push 0x23b86 +push ref_00023c16 ; push 0x23c16 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f73e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f7ac: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f75b ; je 0xf75b +je short loc_0000f7c9 ; je 0xf7c9 push eax movzx eax, byte [ebx] push eax -push ref_000233c4 ; push 0x233c4 +push ref_00023454 ; push 0x23454 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f75b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f7c9: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f779 ; je 0xf779 +je short loc_0000f7e7 ; je 0xf7e7 push eax movzx eax, byte [ebx + 1] push eax -push ref_00023bbf ; push 0x23bbf +push ref_00023c4f ; push 0x23c4f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f779: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f7e7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f797 ; je 0xf797 +je short loc_0000f805 ; je 0xf805 push ecx movzx eax, byte [ebx + 2] push eax -push ref_00023bc9 ; push 0x23bc9 +push ref_00023c59 ; push 0x23c59 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f797: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f805: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f7b5 ; je 0xf7b5 +je short loc_0000f823 ; je 0xf823 push edx movzx eax, byte [ebx + 2] push eax -push ref_00023bc9 ; push 0x23bc9 +push ref_00023c59 ; push 0x23c59 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f7b5: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f823: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f7d3 ; je 0xf7d3 +je short loc_0000f841 ; je 0xf841 push eax movzx eax, word [ebx + 4] push eax -push ref_00023bdb ; push 0x23bdb +push ref_00023c6b ; push 0x23c6b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f7d3: ; not directly referenced +loc_0000f841: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0000f7d8: ; not directly referenced +fcn_0000f846: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f7fa ; je 0xf7fa +je short loc_0000f868 ; je 0xf868 push eax push eax -push ref_00023bf0 ; push 0x23bf0 +push ref_00023c80 ; push 0x23c80 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f7fa: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f868: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f819 ; je 0xf819 +je short loc_0000f887 ; je 0xf887 push eax mov al, byte [ebx] and eax, 1 push eax -push ref_00023c25 ; push 0x23c25 +push ref_00023cb5 ; push 0x23cb5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f819: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f887: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f83a ; je 0xf83a +je short loc_0000f8a8 ; je 0xf8a8 push eax mov al, byte [ebx] shr al, 1 and eax, 1 push eax -push ref_00023c4b ; push 0x23c4b +push ref_00023cdb ; push 0x23cdb push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f83a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f8a8: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f85c ; je 0xf85c +je short loc_0000f8ca ; je 0xf8ca push ecx mov al, byte [ebx] shr al, 2 and eax, 1 push eax -push ref_00023c75 ; push 0x23c75 +push ref_00023d05 ; push 0x23d05 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f85c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f8ca: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f87e ; je 0xf87e +je short loc_0000f8ec ; je 0xf8ec push edx mov al, byte [ebx] shr al, 3 and eax, 1 push eax -push ref_00023c9f ; push 0x23c9f +push ref_00023d2f ; push 0x23d2f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f87e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f8ec: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f8a0 ; je 0xf8a0 +je short loc_0000f90e ; je 0xf90e push eax mov al, byte [ebx] shr al, 4 and eax, 1 push eax -push ref_00023cc9 ; push 0x23cc9 +push ref_00023d59 ; push 0x23d59 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f8a0: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f90e: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f8c0 ; je 0xf8c0 +je short loc_0000f92e ; je 0xf92e push eax mov al, byte [ebx + 4] and eax, 1 push eax -push ref_00023cf1 ; push 0x23cf1 +push ref_00023d81 ; push 0x23d81 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f8c0: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f92e: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f8e2 ; je 0xf8e2 +je short loc_0000f950 ; je 0xf950 push eax mov al, byte [ebx + 4] shr al, 1 and eax, 1 push eax -push ref_00023d0d ; push 0x23d0d +push ref_00023d9d ; push 0x23d9d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f8e2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f950: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f905 ; je 0xf905 +je short loc_0000f973 ; je 0xf973 push eax mov al, byte [ebx + 4] shr al, 2 and eax, 1 push eax -push ref_00023d30 ; push 0x23d30 +push ref_00023dc0 ; push 0x23dc0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f905: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f973: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f928 ; je 0xf928 +je short loc_0000f996 ; je 0xf996 push eax mov al, byte [ebx + 4] shr al, 3 and eax, 1 push eax -push ref_00023d54 ; push 0x23d54 +push ref_00023de4 ; push 0x23de4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f928: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f996: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f94b ; je 0xf94b +je short loc_0000f9b9 ; je 0xf9b9 push eax mov al, byte [ebx + 4] shr al, 4 and eax, 1 push eax -push ref_00023d78 ; push 0x23d78 +push ref_00023e08 ; push 0x23e08 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f94b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f9b9: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f96e ; je 0xf96e +je short loc_0000f9dc ; je 0xf9dc push ecx mov al, byte [ebx + 4] shr al, 5 and eax, 1 push eax -push ref_00023d96 ; push 0x23d96 +push ref_00023e26 ; push 0x23e26 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f96e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f9dc: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f98a ; je 0xf98a +je short loc_0000f9f8 ; je 0xf9f8 push edx push dword [ebx + 8] -push ref_00023dba ; push 0x23dba +push ref_00023e4a ; push 0x23e4a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f98a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000f9f8: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f9a6 ; je 0xf9a6 +je short loc_0000fa14 ; je 0xfa14 push eax push dword [ebx + 0xc] -push ref_00023dcd ; push 0x23dcd +push ref_00023e5d ; push 0x23e5d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f9a6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fa14: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f9c2 ; je 0xf9c2 +je short loc_0000fa30 ; je 0xfa30 push eax push dword [ebx + 0x10] -push ref_00023de5 ; push 0x23de5 +push ref_00023e75 ; push 0x23e75 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f9c2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fa30: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f9de ; je 0xf9de +je short loc_0000fa4c ; je 0xfa4c push eax push dword [ebx + 0x14] -push ref_00023dfd ; push 0x23dfd +push ref_00023e8d ; push 0x23e8d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f9de: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fa4c: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000f9fa ; je 0xf9fa +je short loc_0000fa68 ; je 0xfa68 push eax push dword [ebx + 0x18] -push ref_00023e16 ; push 0x23e16 +push ref_00023ea6 ; push 0x23ea6 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000f9fa: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fa68: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fa1a ; je 0xfa1a +je short loc_0000fa88 ; je 0xfa88 push eax mov al, byte [ebx + 0x1c] and eax, 1 push eax -push ref_00023e2d ; push 0x23e2d +push ref_00023ebd ; push 0x23ebd push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fa1a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fa88: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fa3c ; je 0xfa3c +je short loc_0000faaa ; je 0xfaaa push eax mov al, byte [ebx + 0x1c] shr al, 1 and eax, 1 push eax -push ref_00023e3f ; push 0x23e3f +push ref_00023ecf ; push 0x23ecf push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fa3c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000faaa: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fa5f ; je 0xfa5f +je short loc_0000facd ; je 0xfacd push ecx mov al, byte [ebx + 0x1c] shr al, 2 and eax, 1 push eax -push ref_00023e53 ; push 0x23e53 +push ref_00023ee3 ; push 0x23ee3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fa5f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000facd: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fa82 ; je 0xfa82 +je short loc_0000faf0 ; je 0xfaf0 push edx mov al, byte [ebx + 0x1c] shr al, 3 and eax, 1 push eax -push ref_00023e65 ; push 0x23e65 +push ref_00023ef5 ; push 0x23ef5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fa82: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000faf0: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000faa0 ; je 0xfaa0 +je short loc_0000fb0e ; je 0xfb0e push eax movzx eax, byte [ebx + 0x20] push eax -push ref_00023e7c ; push 0x23e7c +push ref_00023f0c ; push 0x23f0c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000faa0: ; not directly referenced +loc_0000fb0e: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0000faa5: ; not directly referenced +fcn_0000fb13: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fac7 ; je 0xfac7 +je short loc_0000fb35 ; je 0xfb35 push eax push eax -push ref_00023e8f ; push 0x23e8f +push ref_00023f1f ; push 0x23f1f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fac7: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fb35: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fae6 ; je 0xfae6 +je short loc_0000fb54 ; je 0xfb54 push eax mov al, byte [ebx] and eax, 1 push eax -push ref_00023ec5 ; push 0x23ec5 +push ref_00023f55 ; push 0x23f55 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fae6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fb54: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fb07 ; je 0xfb07 +je short loc_0000fb75 ; je 0xfb75 push eax mov al, byte [ebx] shr al, 1 and eax, 1 push eax -push ref_00023ed3 ; push 0x23ed3 +push ref_00023f63 ; push 0x23f63 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fb07: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fb75: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fb29 ; je 0xfb29 +je short loc_0000fb97 ; je 0xfb97 push eax mov al, byte [ebx] shr al, 2 and eax, 1 push eax -push ref_00023ee4 ; push 0x23ee4 +push ref_00023f74 ; push 0x23f74 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fb29: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fb97: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fb4b ; je 0xfb4b +je short loc_0000fbb9 ; je 0xfbb9 push ecx mov al, byte [ebx] shr al, 3 and eax, 1 push eax -push ref_000237cd ; push 0x237cd +push ref_0002385d ; push 0x2385d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fb4b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fbb9: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fb6d ; je 0xfb6d +je short loc_0000fbdb ; je 0xfbdb push edx mov al, byte [ebx] shr al, 4 and eax, 1 push eax -push ref_00023ef1 ; push 0x23ef1 +push ref_00023f81 ; push 0x23f81 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fb6d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fbdb: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fb8f ; je 0xfb8f +je short loc_0000fbfd ; je 0xfbfd push eax mov al, byte [ebx] shr al, 5 and eax, 1 push eax -push ref_00023f07 ; push 0x23f07 +push ref_00023f97 ; push 0x23f97 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fb8f: ; not directly referenced +loc_0000fbfd: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0000fb94: ; not directly referenced +fcn_0000fc02: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fbb6 ; je 0xfbb6 +je short loc_0000fc24 ; je 0xfc24 push eax push eax -push ref_00023f1c ; push 0x23f1c +push ref_00023fac ; push 0x23fac push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fbb6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fc24: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fbd3 ; je 0xfbd3 +je short loc_0000fc41 ; je 0xfc41 push ecx movzx eax, byte [ebx] push eax -push ref_00023f57 ; push 0x23f57 +push ref_00023fe7 ; push 0x23fe7 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fbd3: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fc41: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fbef ; je 0xfbef +je short loc_0000fc5d ; je 0xfc5d push edx push dword [ebx + 4] -push ref_00023f68 ; push 0x23f68 +push ref_00023ff8 ; push 0x23ff8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fbef: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fc5d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fc0b ; je 0xfc0b +je short loc_0000fc79 ; je 0xfc79 push eax push dword [ebx + 8] -push ref_00023f77 ; push 0x23f77 +push ref_00024007 ; push 0x24007 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fc0b: ; not directly referenced +loc_0000fc79: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0000fc10: ; not directly referenced +fcn_0000fc7e: ; not directly referenced push ebp mov ebp, esp push esi push ebx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fc32 ; je 0xfc32 +je short loc_0000fca0 ; je 0xfca0 push ecx push ecx -push ref_00023f8d ; push 0x23f8d +push ref_0002401d ; push 0x2401d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fc32: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fca0: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fc51 ; je 0xfc51 +je short loc_0000fcbf ; je 0xfcbf push edx mov al, byte [ebx] and eax, 1 push eax -push ref_00023fc7 ; push 0x23fc7 +push ref_00024057 ; push 0x24057 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fc51: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fcbf: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fc72 ; je 0xfc72 +je short loc_0000fce0 ; je 0xfce0 push eax mov al, byte [ebx] shr al, 1 and eax, 1 push eax -push ref_00023fe8 ; push 0x23fe8 +push ref_00024078 ; push 0x24078 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fc72: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fce0: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fc94 ; je 0xfc94 +je short loc_0000fd02 ; je 0xfd02 push eax mov al, byte [ebx] shr al, 2 and eax, 1 push eax -push ref_00024008 ; push 0x24008 +push ref_00024098 ; push 0x24098 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fc94: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fd02: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fcb6 ; je 0xfcb6 +je short loc_0000fd24 ; je 0xfd24 push eax mov al, byte [ebx] shr al, 3 and eax, 1 push eax -push ref_0002402b ; push 0x2402b +push ref_000240bb ; push 0x240bb push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fcb6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fd24: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fce0 ; je 0xfce0 +je short loc_0000fd4e ; je 0xfd4e push eax movzx eax, byte [ebx + 5] movzx edx, byte [ebx + 4] @@ -25784,15 +25827,15 @@ and eax, 1 shl eax, 8 or eax, edx push eax -push ref_0002404d ; push 0x2404d +push ref_000240dd ; push 0x240dd push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fce0: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fd4e: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fd0e ; je 0xfd0e +je short loc_0000fd7c ; je 0xfd7c push eax mov al, byte [ebx + 5] shr al, 1 @@ -25802,15 +25845,15 @@ and eax, 3 shl eax, 7 or eax, edx push eax -push ref_00024087 ; push 0x24087 +push ref_00024117 ; push 0x24117 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fd0e: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fd7c: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fd3d ; je 0xfd3d +je short loc_0000fdab ; je 0xfdab push eax mov al, byte [ebx + 6] shr al, 2 @@ -25820,1345 +25863,1359 @@ and eax, 7 shl eax, 6 or eax, edx push eax -push ref_000240c1 ; push 0x240c1 +push ref_00024151 ; push 0x24151 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fd3d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fdab: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fd60 ; je 0xfd60 +je short loc_0000fdce ; je 0xfdce push esi mov al, byte [ebx + 7] shr al, 3 and eax, 1 push eax -push ref_000240fb ; push 0x240fb +push ref_0002418b ; push 0x2418b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fd60: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fdce: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fd83 ; je 0xfd83 +je short loc_0000fdf1 ; je 0xfdf1 push ecx mov al, byte [ebx + 7] shr al, 4 and eax, 1 push eax -push ref_00024124 ; push 0x24124 +push ref_000241b4 ; push 0x241b4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fd83: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fdf1: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fda6 ; je 0xfda6 +je short loc_0000fe14 ; je 0xfe14 push edx mov al, byte [ebx + 7] shr al, 5 and eax, 1 push eax -push ref_00024154 ; push 0x24154 +push ref_000241e4 ; push 0x241e4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fda6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fe14: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fdc9 ; je 0xfdc9 +je short loc_0000fe37 ; je 0xfe37 push eax mov al, byte [ebx + 7] shr al, 6 and eax, 1 push eax -push ref_0002417b ; push 0x2417b +push ref_0002420b ; push 0x2420b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fdc9: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fe37: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fdec ; je 0xfdec +je short loc_0000fe5a ; je 0xfe5a push eax mov al, byte [ebx + 7] shr al, 7 movzx eax, al push eax -push ref_000241ac ; push 0x241ac +push ref_0002423c ; push 0x2423c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fdec: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fe5a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fe0c ; je 0xfe0c +je short loc_0000fe7a ; je 0xfe7a push eax mov al, byte [ebx + 0xc] and eax, 1 push eax -push ref_000241df ; push 0x241df +push ref_0002426f ; push 0x2426f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fe0c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fe7a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fe2c ; je 0xfe2c +je short loc_0000fe9a ; je 0xfe9a push eax mov al, byte [ebx + 0xd] and eax, 3 push eax -push ref_00024209 ; push 0x24209 +push ref_00024299 ; push 0x24299 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fe2c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fe9a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fe4f ; je 0xfe4f +je short loc_0000febd ; je 0xfebd push eax mov al, byte [ebx + 0xd] shr al, 2 and eax, 3 push eax -push ref_0002422f ; push 0x2422f +push ref_000242bf ; push 0x242bf push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fe4f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000febd: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fe72 ; je 0xfe72 +je short loc_0000fee0 ; je 0xfee0 push eax mov al, byte [ebx + 0xd] shr al, 4 and eax, 3 push eax -push ref_00024255 ; push 0x24255 +push ref_000242e5 ; push 0x242e5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fe72: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fee0: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fe95 ; je 0xfe95 +je short loc_0000ff03 ; je 0xff03 push esi mov al, byte [ebx + 0xd] shr al, 6 movzx eax, al push eax -push ref_0002427b ; push 0x2427b +push ref_0002430b ; push 0x2430b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fe95: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ff03: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000feb7 ; je 0xfeb7 +je short loc_0000ff25 ; je 0xff25 push ecx mov al, byte [ebx + 0xc] shr al, 1 and eax, 1 push eax -push ref_000242a1 ; push 0x242a1 +push ref_00024331 ; push 0x24331 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000feb7: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ff25: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fed7 ; je 0xfed7 +je short loc_0000ff45 ; je 0xff45 push edx mov al, byte [ebx + 0x10] and eax, 3 push eax -push ref_000242d2 ; push 0x242d2 +push ref_00024362 ; push 0x24362 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fed7: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ff45: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000fefa ; je 0xfefa +je short loc_0000ff68 ; je 0xff68 push eax mov al, byte [ebx + 0x10] shr al, 2 and eax, 3 push eax -push ref_000242f6 ; push 0x242f6 +push ref_00024386 ; push 0x24386 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000fefa: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ff68: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ff1d ; je 0xff1d +je short loc_0000ff8b ; je 0xff8b push eax mov al, byte [ebx + 0x10] shr al, 4 and eax, 3 push eax -push ref_0002431a ; push 0x2431a +push ref_000243aa ; push 0x243aa push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ff1d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ff8b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ff40 ; je 0xff40 +je short loc_0000ffae ; je 0xffae push eax mov al, byte [ebx + 0x10] shr al, 6 movzx eax, al push eax -push ref_0002433e ; push 0x2433e +push ref_000243ce ; push 0x243ce push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ff40: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ffae: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ff60 ; je 0xff60 +je short loc_0000ffce ; je 0xffce push eax mov al, byte [ebx + 0x12] and eax, 3 push eax -push ref_00024364 ; push 0x24364 +push ref_000243f4 ; push 0x243f4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ff60: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000ffce: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ff83 ; je 0xff83 +je short loc_0000fff1 ; je 0xfff1 push eax mov al, byte [ebx + 0x12] shr al, 2 and eax, 1 push eax -push ref_0002438b ; push 0x2438b +push ref_0002441b ; push 0x2441b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ff83: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0000fff1: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ffa3 ; je 0xffa3 +je short loc_00010011 ; je 0x10011 push eax mov al, byte [ebx + 0x11] and eax, 3 push eax -push ref_000243b6 ; push 0x243b6 +push ref_00024446 ; push 0x24446 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ffa3: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010011: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ffc6 ; je 0xffc6 +je short loc_00010034 ; je 0x10034 push esi mov al, byte [ebx + 0x11] shr al, 2 and eax, 3 push eax -push ref_000243da ; push 0x243da +push ref_0002446a ; push 0x2446a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ffc6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010034: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0000ffe9 ; je 0xffe9 +je short loc_00010057 ; je 0x10057 push ecx mov al, byte [ebx + 0x11] shr al, 4 and eax, 3 push eax -push ref_000243fe ; push 0x243fe +push ref_0002448e ; push 0x2448e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0000ffe9: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010057: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001000c ; je 0x1000c +je short loc_0001007a ; je 0x1007a push edx mov al, byte [ebx + 0x11] shr al, 6 movzx eax, al push eax -push ref_00024422 ; push 0x24422 +push ref_000244b2 ; push 0x244b2 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001000c: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001007a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001002f ; je 0x1002f +je short loc_0001009d ; je 0x1009d push eax mov al, byte [ebx + 0x12] shr al, 3 and eax, 3 push eax -push ref_00024448 ; push 0x24448 +push ref_000244d8 ; push 0x244d8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001002f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001009d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010052 ; je 0x10052 +je short loc_000100c0 ; je 0x100c0 push eax mov al, byte [ebx + 0x12] shr al, 5 and eax, 1 push eax -push ref_0002446f ; push 0x2446f +push ref_000244ff ; push 0x244ff push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010052: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000100c0: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010075 ; je 0x10075 +je short loc_000100e3 ; je 0x100e3 push eax mov al, byte [ebx + 0x12] shr al, 6 and eax, 1 push eax -push ref_0002449a ; push 0x2449a +push ref_0002452a ; push 0x2452a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010075: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000100e3: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010095 ; je 0x10095 +je short loc_00010103 ; je 0x10103 push eax mov al, byte [ebx + 0x14] and eax, 1 push eax -push ref_000244c9 ; push 0x244c9 +push ref_00024559 ; push 0x24559 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010095: ; not directly referenced +loc_00010103: ; not directly referenced mov esi, 2 -loc_0001009a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010108: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000100bb ; je 0x100bb +je short loc_00010129 ; je 0x10129 push eax mov al, byte [ebx + esi*4 + 0x18] and eax, 1 push eax -push ref_000244e7 ; push 0x244e7 +push ref_00024577 ; push 0x24577 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000100bb: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010129: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000100de ; je 0x100de +je short loc_0001014c ; je 0x1014c push eax mov al, byte [ebx + esi*4 + 0x18] shr al, 1 and eax, 1 push eax -push ref_0002451c ; push 0x2451c +push ref_000245ac ; push 0x245ac push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000100de: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001014c: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010102 ; je 0x10102 +je short loc_00010170 ; je 0x10170 push ecx mov al, byte [ebx + esi*4 + 0x18] shr al, 2 and eax, 1 push eax -push ref_00024555 ; push 0x24555 +push ref_000245e5 ; push 0x245e5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010102: ; not directly referenced +loc_00010170: ; not directly referenced inc esi cmp esi, 4 -jne short loc_0001009a ; jne 0x1009a -call fcn_000153e9 ; call 0x153e9 +jne short loc_00010108 ; jne 0x10108 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010126 ; je 0x10126 +je short loc_00010194 ; je 0x10194 push edx movzx eax, word [ebx + 0x28] push eax -push ref_0002458a ; push 0x2458a +push ref_0002461a ; push 0x2461a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010126: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010194: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010144 ; je 0x10144 +je short loc_000101b2 ; je 0x101b2 push eax movzx eax, byte [ebx + 0x2a] push eax -push ref_0002459d ; push 0x2459d +push ref_0002462d ; push 0x2462d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010144: ; not directly referenced +loc_000101b2: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0001014b: ; not directly referenced +fcn_000101b9: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001016d ; je 0x1016d +je short loc_000101db ; je 0x101db push eax push eax -push ref_000245bf ; push 0x245bf +push ref_0002464f ; push 0x2464f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001016d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000101db: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001018a ; je 0x1018a +je short loc_000101f8 ; je 0x101f8 push eax movzx eax, word [ebx] push eax -push ref_000245f9 ; push 0x245f9 +push ref_00024689 ; push 0x24689 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001018a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000101f8: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000101a8 ; je 0x101a8 +je short loc_00010216 ; je 0x10216 push ecx movzx eax, word [ebx + 2] push eax -push ref_00024611 ; push 0x24611 +push ref_000246a1 ; push 0x246a1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000101a8: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010216: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000101c6 ; je 0x101c6 +je short loc_00010234 ; je 0x10234 push edx movzx eax, byte [ebx + 4] push eax -push ref_00024623 ; push 0x24623 +push ref_000246b3 ; push 0x246b3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000101c6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010234: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000101e4 ; je 0x101e4 +je short loc_00010252 ; je 0x10252 push eax movzx eax, byte [ebx + 5] push eax -push ref_0002462e ; push 0x2462e +push ref_000246be ; push 0x246be push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000101e4: ; not directly referenced +loc_00010252: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_000101e9: ; not directly referenced +fcn_00010257: ; not directly referenced push ebp mov ebp, esp push ebx push ebx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001020b ; je 0x1020b +je short loc_00010279 ; je 0x10279 push ecx push ecx -push ref_0002463a ; push 0x2463a +push ref_000246ca ; push 0x246ca push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001020b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010279: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010228 ; je 0x10228 +je short loc_00010296 ; je 0x10296 push edx movzx eax, byte [ebx] push eax -push ref_000233c4 ; push 0x233c4 +push ref_00023454 ; push 0x23454 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010228: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010296: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010246 ; je 0x10246 +je short loc_000102b4 ; je 0x102b4 push eax movzx eax, byte [ebx + 1] push eax -push ref_0002300d ; push 0x2300d +push ref_0002309d ; push 0x2309d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010246: ; not directly referenced +loc_000102b4: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0001024b: ; not directly referenced +fcn_000102b9: ; not directly referenced push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001026d ; je 0x1026d +je short loc_000102db ; je 0x102db push eax push eax -push ref_00024670 ; push 0x24670 +push ref_00024700 ; push 0x24700 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001026d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000102db: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010290 ; je 0x10290 +je short loc_000102fe ; je 0x102fe push eax mov al, byte [ebx + 8] shr al, 7 movzx eax, al push eax -push ref_000246ac ; push 0x246ac +push ref_0002473c ; push 0x2473c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010290: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000102fe: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000102ad ; je 0x102ad +je short loc_0001031b ; je 0x1031b push eax movzx eax, byte [ebx] push eax -push ref_000246bf ; push 0x246bf +push ref_0002474f ; push 0x2474f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000102ad: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001031b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000102cb ; je 0x102cb +je short loc_00010339 ; je 0x10339 push eax movzx eax, byte [ebx + 1] push eax -push ref_000246d1 ; push 0x246d1 +push ref_00024761 ; push 0x24761 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000102cb: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010339: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000102e9 ; je 0x102e9 +je short loc_00010357 ; je 0x10357 push eax movzx eax, byte [ebx + 2] push eax -push ref_000246e4 ; push 0x246e4 +push ref_00024774 ; push 0x24774 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000102e9: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010357: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010307 ; je 0x10307 +je short loc_00010375 ; je 0x10375 push eax movzx eax, byte [ebx + 3] push eax -push ref_000246f7 ; push 0x246f7 +push ref_00024787 ; push 0x24787 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010307: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010375: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010325 ; je 0x10325 +je short loc_00010393 ; je 0x10393 push ecx movzx eax, byte [ebx + 4] push eax -push ref_0002470a ; push 0x2470a +push ref_0002479a ; push 0x2479a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010325: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010393: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010343 ; je 0x10343 +je short loc_000103b1 ; je 0x103b1 push edx movzx eax, byte [ebx + 5] push eax -push ref_0002471d ; push 0x2471d +push ref_000247ad ; push 0x247ad push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010343: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000103b1: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010361 ; je 0x10361 +je short loc_000103cf ; je 0x103cf push eax movzx eax, byte [ebx + 6] push eax -push ref_00024731 ; push 0x24731 +push ref_000247c1 ; push 0x247c1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010361: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000103cf: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001037f ; je 0x1037f +je short loc_000103ed ; je 0x103ed push eax movzx eax, byte [ebx + 7] push eax -push ref_00024745 ; push 0x24745 +push ref_000247d5 ; push 0x247d5 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001037f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000103ed: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001039f ; je 0x1039f +je short loc_0001040d ; je 0x1040d push eax mov al, byte [ebx + 8] and eax, 1 push eax -push ref_00024758 ; push 0x24758 +push ref_000247e8 ; push 0x247e8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001039f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001040d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000103c1 ; je 0x103c1 +je short loc_0001042f ; je 0x1042f push eax mov al, byte [ebx + 8] shr al, 1 and eax, 1 push eax -push ref_00024770 ; push 0x24770 +push ref_00024800 ; push 0x24800 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000103c1: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001042f: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000103e4 ; je 0x103e4 +je short loc_00010452 ; je 0x10452 push eax mov al, byte [ebx + 8] shr al, 2 and eax, 1 push eax -push ref_00024788 ; push 0x24788 +push ref_00024818 ; push 0x24818 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000103e4: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010452: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010407 ; je 0x10407 +je short loc_00010475 ; je 0x10475 push eax mov al, byte [ebx + 8] shr al, 3 and eax, 1 push eax -push ref_0002479b ; push 0x2479b +push ref_0002482b ; push 0x2482b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010407: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010475: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001042a ; je 0x1042a +je short loc_00010498 ; je 0x10498 push ecx mov al, byte [ebx + 8] shr al, 4 and eax, 1 push eax -push ref_000247b6 ; push 0x247b6 +push ref_00024846 ; push 0x24846 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001042a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010498: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001044d ; je 0x1044d +je short loc_000104bb ; je 0x104bb push edx mov al, byte [ebx + 8] shr al, 5 and eax, 1 push eax -push ref_000247cf ; push 0x247cf +push ref_0002485f ; push 0x2485f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001044d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000104bb: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010470 ; je 0x10470 +je short loc_000104de ; je 0x104de push eax mov al, byte [ebx + 8] shr al, 6 and eax, 1 push eax -push ref_000247e9 ; push 0x247e9 +push ref_00024879 ; push 0x24879 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010470: ; not directly referenced +loc_000104de: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00010475: ; not directly referenced +fcn_000104e3: ; not directly referenced push ebp mov ebp, esp push ebx -push eax +push edx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010497 ; je 0x10497 +je short loc_00010505 ; je 0x10505 push eax push eax -push ref_000247fc ; push 0x247fc +push ref_0002488c ; push 0x2488c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010497: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010505: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000104b6 ; je 0x104b6 +je short loc_00010524 ; je 0x10524 push eax mov al, byte [ebx] and eax, 1 push eax -push ref_000233c4 ; push 0x233c4 +push ref_00023454 ; push 0x23454 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000104b6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010524: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000104d7 ; je 0x104d7 +je short loc_00010545 ; je 0x10545 push eax mov al, byte [ebx] shr al, 1 and eax, 1 push eax -push ref_00024838 ; push 0x24838 +push ref_000248c8 ; push 0x248c8 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000104d7: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010545: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000104f9 ; je 0x104f9 +je short loc_00010567 ; je 0x10567 push eax mov al, byte [ebx] shr al, 2 and eax, 1 push eax -push ref_0002484f ; push 0x2484f +push ref_000248df ; push 0x248df push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000104f9: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010567: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001051b ; je 0x1051b +je short loc_00010589 ; je 0x10589 push eax mov al, byte [ebx] shr al, 5 and eax, 1 push eax -push ref_0002486b ; push 0x2486b +push ref_000248fb ; push 0x248fb push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001051b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010589: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001053d ; je 0x1053d -push ecx +je short loc_000105ab ; je 0x105ab +push eax mov al, byte [ebx] shr al, 3 and eax, 1 push eax -push ref_00024889 ; push 0x24889 +push ref_00024919 ; push 0x24919 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001053d: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000105ab: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001055f ; je 0x1055f -push edx +je short loc_000105cd ; je 0x105cd +push ecx mov al, byte [ebx] shr al, 4 and eax, 1 push eax -push ref_000248a8 ; push 0x248a8 +push ref_00024938 ; push 0x24938 +push 0x40 +call fcn_00015487 ; call 0x15487 +add esp, 0x10 + +loc_000105cd: ; not directly referenced +call fcn_00015479 ; call 0x15479 +test al, al +je short loc_000105ef ; je 0x105ef +push edx +mov al, byte [ebx] +shr al, 6 +movzx eax, al +push eax +push ref_00024958 ; push 0x24958 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001055f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000105ef: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001057b ; je 0x1057b +je short loc_0001060b ; je 0x1060b push eax push dword [ebx + 4] -push ref_000248c8 ; push 0x248c8 +push ref_00024977 ; push 0x24977 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001057b: ; not directly referenced +loc_0001060b: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00010580: ; not directly referenced +fcn_00010610: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000105a2 ; je 0x105a2 +je short loc_00010632 ; je 0x10632 push eax push eax -push ref_000248e2 ; push 0x248e2 +push ref_00024991 ; push 0x24991 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000105a2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010632: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000105bf ; je 0x105bf +je short loc_0001064f ; je 0x1064f push eax movzx eax, byte [ebx] push eax -push ref_0002491b ; push 0x2491b +push ref_000249ca ; push 0x249ca push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000105bf: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001064f: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000105dd ; je 0x105dd +je short loc_0001066d ; je 0x1066d push eax movzx eax, byte [ebx + 1] push eax -push ref_0002492f ; push 0x2492f +push ref_000249de ; push 0x249de push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000105dd: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001066d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000105fb ; je 0x105fb +je short loc_0001068b ; je 0x1068b push eax movzx eax, byte [ebx + 8] push eax -push ref_0002493f ; push 0x2493f +push ref_000249ee ; push 0x249ee push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000105fb: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001068b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010619 ; je 0x10619 +je short loc_000106a9 ; je 0x106a9 push ecx movzx eax, byte [ebx + 9] push eax -push ref_00024953 ; push 0x24953 +push ref_00024a02 ; push 0x24a02 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010619: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000106a9: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010635 ; je 0x10635 +je short loc_000106c5 ; je 0x106c5 push edx push dword [ebx + 0xa] -push ref_00024967 ; push 0x24967 +push ref_00024a16 ; push 0x24a16 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010635: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000106c5: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010651 ; je 0x10651 +je short loc_000106e1 ; je 0x106e1 push eax push dword [ebx + 0xe] -push ref_0002497d ; push 0x2497d +push ref_00024a2c ; push 0x24a2c push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010651: ; not directly referenced +loc_000106e1: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00010656: ; not directly referenced +fcn_000106e6: ; not directly referenced push ebp mov ebp, esp push esi push ebx mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010678 ; je 0x10678 +je short loc_00010708 ; je 0x10708 push eax push eax -push ref_0002498f ; push 0x2498f +push ref_00024a3e ; push 0x24a3e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010678: ; not directly referenced +loc_00010708: ; not directly referenced xor esi, esi -loc_0001067a: ; not directly referenced +loc_0001070a: ; not directly referenced mov eax, esi cmp al, byte [ebx + 0x48] -jae short loc_000106c7 ; jae 0x106c7 -call fcn_000153e9 ; call 0x153e9 +jae short loc_00010757 ; jae 0x10757 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000106a2 ; je 0x106a2 +je short loc_00010732 ; je 0x10732 mov eax, esi movzx eax, al push dword [ebx + eax*8] push eax -push ref_000249cb ; push 0x249cb +push ref_00024a7a ; push 0x24a7a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000106a2: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010732: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000106c4 ; je 0x106c4 +je short loc_00010754 ; je 0x10754 mov eax, esi movzx eax, al push dword [ebx + eax*8 + 4] push eax -push ref_000249e3 ; push 0x249e3 +push ref_00024a92 ; push 0x24a92 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000106c4: ; not directly referenced +loc_00010754: ; not directly referenced inc esi -jmp short loc_0001067a ; jmp 0x1067a +jmp short loc_0001070a ; jmp 0x1070a -loc_000106c7: ; not directly referenced +loc_00010757: ; not directly referenced xor esi, esi -loc_000106c9: ; not directly referenced +loc_00010759: ; not directly referenced mov eax, esi cmp al, byte [ebx + 0x75] -jae short loc_0001071b ; jae 0x1071b -call fcn_000153e9 ; call 0x153e9 +jae short loc_000107ab ; jae 0x107ab +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000106f4 ; je 0x106f4 +je short loc_00010784 ; je 0x10784 mov eax, esi movzx eax, al movzx edx, word [ebx + eax*4 + 0x49] push edx push eax -push ref_000249fd ; push 0x249fd +push ref_00024aac ; push 0x24aac push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000106f4: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010784: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010718 ; je 0x10718 +je short loc_000107a8 ; je 0x107a8 mov eax, esi movzx eax, al movzx edx, word [ebx + eax*4 + 0x4b] push edx push eax -push ref_00024a15 ; push 0x24a15 +push ref_00024ac4 ; push 0x24ac4 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010718: ; not directly referenced +loc_000107a8: ; not directly referenced inc esi -jmp short loc_000106c9 ; jmp 0x106c9 +jmp short loc_00010759 ; jmp 0x10759 -loc_0001071b: ; not directly referenced +loc_000107ab: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00010722: ; not directly referenced +fcn_000107b2: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010744 ; je 0x10744 +je short loc_000107d4 ; je 0x107d4 push eax push eax -push ref_00024a2f ; push 0x24a2f +push ref_00024ade ; push 0x24ade push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010744: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000107d4: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010761 ; je 0x10761 +je short loc_000107f1 ; je 0x107f1 push eax movzx eax, byte [ebx] push eax -push ref_00024a81 ; push 0x24a81 +push ref_00024b30 ; push 0x24b30 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010761: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000107f1: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001077f ; je 0x1077f +je short loc_0001080f ; je 0x1080f push eax movzx eax, byte [ebx + 1] push eax -push ref_000238b2 ; push 0x238b2 +push ref_00023942 ; push 0x23942 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001077f: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001080f: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001079b ; je 0x1079b +je short loc_0001082b ; je 0x1082b push eax push dword [ebx + 4] -push ref_00024a90 ; push 0x24a90 +push ref_00024b3f ; push 0x24b3f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001079b: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001082b: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000107b9 ; je 0x107b9 +je short loc_00010849 ; je 0x10849 push eax movzx eax, word [ebx + 8] push eax -push ref_00024a9b ; push 0x24a9b +push ref_00024b4a ; push 0x24b4a push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000107b9: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010849: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000107d7 ; je 0x107d7 +je short loc_00010867 ; je 0x10867 push ecx movzx eax, word [ebx + 0xa] push eax -push ref_00024aa8 ; push 0x24aa8 +push ref_00024b57 ; push 0x24b57 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000107d7: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010867: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000107f5 ; je 0x107f5 +je short loc_00010885 ; je 0x10885 push edx movzx eax, byte [ebx + 0xc] push eax -push ref_00024ab7 ; push 0x24ab7 +push ref_00024b66 ; push 0x24b66 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000107f5: ; not directly referenced +loc_00010885: ; not directly referenced sub esp, 0xc lea eax, [ebx + 0x10] push eax -call fcn_00010580 ; call 0x10580 +call fcn_00010610 ; call 0x10610 lea eax, [ebx + 0x36] mov dword [esp], eax -call fcn_0001014b ; call 0x1014b +call fcn_000101b9 ; call 0x101b9 lea eax, [ebx + 0x46] mov dword [esp], eax -call fcn_0000e6b1 ; call 0xe6b1 +call fcn_0000e71f ; call 0xe71f lea eax, [ebx + 0x1da] mov dword [esp], eax -call fcn_0000ebe1 ; call 0xebe1 +call fcn_0000ec4f ; call 0xec4f lea eax, [ebx + 0x284] mov dword [esp], eax -call fcn_0000e1fd ; call 0xe1fd +call fcn_0000e26b ; call 0xe26b lea eax, [ebx + 0x57c] mov dword [esp], eax -call fcn_0000e544 ; call 0xe544 +call fcn_0000e5b2 ; call 0xe5b2 lea eax, [ebx + 0x35c] mov dword [esp], eax -call fcn_0000f2c6 ; call 0xf2c6 +call fcn_0000f334 ; call 0xf334 lea eax, [ebx + 0x364] mov dword [esp], eax -call fcn_0000f3be ; call 0xf3be +call fcn_0000f42c ; call 0xf42c lea eax, [ebx + 0x370] mov dword [esp], eax -call fcn_0000f71c ; call 0xf71c +call fcn_0000f78a ; call 0xf78a lea eax, [ebx + 0x37e] mov dword [esp], eax -call fcn_000101e9 ; call 0x101e9 +call fcn_00010257 ; call 0x10257 lea eax, [ebx + 0x386] mov dword [esp], eax -call fcn_0000f63a ; call 0xf63a +call fcn_0000f6a8 ; call 0xf6a8 lea eax, [ebx + 0x40e] mov dword [esp], eax -call fcn_0000f496 ; call 0xf496 +call fcn_0000f504 ; call 0xf504 lea eax, [ebx + 0x554] mov dword [esp], eax -call fcn_0000f585 ; call 0xf585 +call fcn_0000f5f3 ; call 0xf5f3 lea eax, [ebx + 0x412] mov dword [esp], eax -call fcn_0000fc10 ; call 0xfc10 +call fcn_0000fc7e ; call 0xfc7e lea eax, [ebx + 0x442] mov dword [esp], eax -call fcn_0000f7d8 ; call 0xf7d8 +call fcn_0000f846 ; call 0xf846 lea eax, [ebx + 0x46a] mov dword [esp], eax -call fcn_0000faa5 ; call 0xfaa5 +call fcn_0000fb13 ; call 0xfb13 lea eax, [ebx + 0x476] mov dword [esp], eax -call fcn_0000fb94 ; call 0xfb94 +call fcn_0000fc02 ; call 0xfc02 lea eax, [ebx + 0x486] mov dword [esp], eax -call fcn_00010475 ; call 0x10475 +call fcn_000104e3 ; call 0x104e3 lea eax, [ebx + 0x496] add ebx, 0x4de mov dword [esp], eax -call fcn_0001024b ; call 0x1024b +call fcn_000102b9 ; call 0x102b9 mov dword [esp], ebx -call fcn_00010656 ; call 0x10656 -call fcn_000153e9 ; call 0x153e9 +call fcn_000106e6 ; call 0x106e6 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00010922 ; je 0x10922 +je short loc_000109b2 ; je 0x109b2 push eax push eax -push ref_00024ac9 ; push 0x24ac9 +push ref_00024b78 ; push 0x24b78 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010922: ; not directly referenced +loc_000109b2: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00010927: ; not directly referenced +fcn_000109b7: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00010956 ; je 0x10956 +je short loc_000109e6 ; je 0x109e6 cmp dword [ebx + 4], 0 -jne short loc_00010956 ; jne 0x10956 +jne short loc_000109e6 ; jne 0x109e6 push eax -push ref_00024b1b ; push 0x24b1b -push 0x2bf -push ref_00024b38 ; push 0x24b38 -call fcn_000153fc ; call 0x153fc +push ref_00024bca ; push 0x24bca +push 0x2c0 +push ref_00024be7 ; push 0x24be7 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00010956: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_000109e6: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001097e ; je 0x1097e +je short loc_00010a0e ; je 0x10a0e cmp word [ebx + 8], 0 -jne short loc_0001097e ; jne 0x1097e +jne short loc_00010a0e ; jne 0x10a0e push eax -push ref_00024b63 ; push 0x24b63 -push 0x2c0 -push ref_00024b38 ; push 0x24b38 -call fcn_000153fc ; call 0x153fc +push ref_00024c12 ; push 0x24c12 +push 0x2c1 +push ref_00024be7 ; push 0x24be7 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001097e: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00010a0e: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000109a6 ; je 0x109a6 +je short loc_00010a36 ; je 0x10a36 cmp word [ebx + 0xa], 0 -jne short loc_000109a6 ; jne 0x109a6 +jne short loc_00010a36 ; jne 0x10a36 push eax -push ref_00024b82 ; push 0x24b82 -push 0x2c1 -push ref_00024b38 ; push 0x24b38 -call fcn_000153fc ; call 0x153fc +push ref_00024c31 ; push 0x24c31 +push 0x2c2 +push ref_00024be7 ; push 0x24be7 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000109a6: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00010a36: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000109cd ; je 0x109cd +je short loc_00010a5d ; je 0x10a5d cmp dword [ebx + 0x1a], 0 -jne short loc_000109cd ; jne 0x109cd +jne short loc_00010a5d ; jne 0x10a5d push eax -push ref_00024ba3 ; push 0x24ba3 -push 0x2c2 -push ref_00024b38 ; push 0x24b38 -call fcn_000153fc ; call 0x153fc +push ref_00024c52 ; push 0x24c52 +push 0x2c3 +push ref_00024be7 ; push 0x24be7 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000109cd: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00010a5d: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000109f7 ; je 0x109f7 +je short loc_00010a87 ; je 0x10a87 cmp dword [ebx + 0x1e], 0xffff -ja short loc_000109f7 ; ja 0x109f7 +ja short loc_00010a87 ; ja 0x10a87 push ecx -push ref_00024bd8 ; push 0x24bd8 -push 0x2c3 -push ref_00024b38 ; push 0x24b38 -call fcn_000153fc ; call 0x153fc +push ref_00024c87 ; push 0x24c87 +push 0x2c4 +push ref_00024be7 ; push 0x24be7 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000109f7: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00010a87: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00010a1f ; je 0x10a1f +je short loc_00010aaf ; je 0x10aaf cmp word [ebx + 0x22], 0 -jne short loc_00010a1f ; jne 0x10a1f +jne short loc_00010aaf ; jne 0x10aaf push edx -push ref_00024c0f ; push 0x24c0f -push 0x2c4 -push ref_00024b38 ; push 0x24b38 -call fcn_000153fc ; call 0x153fc +push ref_00024cbe ; push 0x24cbe +push 0x2c5 +push ref_00024be7 ; push 0x24be7 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00010a1f: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00010aaf: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00010a47 ; je 0x10a47 +je short loc_00010ad7 ; je 0x10ad7 cmp word [ebx + 0x24], 0xf -ja short loc_00010a47 ; ja 0x10a47 +ja short loc_00010ad7 ; ja 0x10ad7 push eax -push ref_00024c43 ; push 0x24c43 -push 0x2c5 -push ref_00024b38 ; push 0x24b38 -call fcn_000153fc ; call 0x153fc +push ref_00024cf2 ; push 0x24cf2 +push 0x2c6 +push ref_00024be7 ; push 0x24be7 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00010a47: ; not directly referenced +loc_00010ad7: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00010a4c: ; not directly referenced +fcn_00010adc: ; not directly referenced push ebp mov ebp, esp push esi @@ -27173,49 +27230,49 @@ and edx, 0xf000000 or eax, 0x80000000 or eax, edx cmp cl, 1 -je short loc_00010a93 ; je 0x10a93 -jb short loc_00010a8b ; jb 0x10a8b +je short loc_00010b23 ; je 0x10b23 +jb short loc_00010b1b ; jb 0x10b1b cmp cl, 2 -je short loc_00010a9b ; je 0x10a9b +je short loc_00010b2b ; je 0x10b2b cmp cl, 3 -jne short loc_00010acd ; jne 0x10acd +jne short loc_00010b5d ; jne 0x10b5d add ebx, 0x2040 -jmp short loc_00010aa1 ; jmp 0x10aa1 +jmp short loc_00010b31 ; jmp 0x10b31 -loc_00010a8b: ; not directly referenced +loc_00010b1b: ; not directly referenced add ebx, 0x2014 -jmp short loc_00010aa1 ; jmp 0x10aa1 +jmp short loc_00010b31 ; jmp 0x10b31 -loc_00010a93: ; not directly referenced +loc_00010b23: ; not directly referenced add ebx, 0x2020 -jmp short loc_00010aa1 ; jmp 0x10aa1 +jmp short loc_00010b31 ; jmp 0x10b31 -loc_00010a9b: ; not directly referenced +loc_00010b2b: ; not directly referenced add ebx, 0x2030 -loc_00010aa1: ; not directly referenced +loc_00010b31: ; not directly referenced push edx xor esi, esi push eax push 0xf0ffff01 push ebx mov dword [ebp - 0xc], ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov ecx, dword [ebp - 0xc] add esp, 0x10 dec ecx cmp cl, 1 -ja short loc_00010ad2 ; ja 0x10ad2 +ja short loc_00010b62 ; ja 0x10b62 sub esp, 0xc push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 -jmp short loc_00010ad2 ; jmp 0x10ad2 +jmp short loc_00010b62 ; jmp 0x10b62 -loc_00010acd: ; not directly referenced +loc_00010b5d: ; not directly referenced mov esi, 0x80000002 -loc_00010ad2: ; not directly referenced +loc_00010b62: ; not directly referenced lea esp, [ebp - 8] mov eax, esi pop ebx @@ -27223,7 +27280,7 @@ pop esi pop ebp ret -fcn_00010adb: ; not directly referenced +fcn_00010b6b: ; not directly referenced push ebp mov ebp, esp push ebx @@ -27231,48 +27288,48 @@ push eax mov eax, dword [ebp + 0xc] mov ebx, dword [ebp + 8] cmp al, 1 -je short loc_00010b04 ; je 0x10b04 -jb short loc_00010afc ; jb 0x10afc +je short loc_00010b94 ; je 0x10b94 +jb short loc_00010b8c ; jb 0x10b8c cmp al, 2 -je short loc_00010b0c ; je 0x10b0c +je short loc_00010b9c ; je 0x10b9c cmp al, 3 -jne short loc_00010b24 ; jne 0x10b24 +jne short loc_00010bb4 ; jne 0x10bb4 add ebx, 0x2046 -jmp short loc_00010b12 ; jmp 0x10b12 +jmp short loc_00010ba2 ; jmp 0x10ba2 -loc_00010afc: ; not directly referenced +loc_00010b8c: ; not directly referenced add ebx, 0x201a -jmp short loc_00010b12 ; jmp 0x10b12 +jmp short loc_00010ba2 ; jmp 0x10ba2 -loc_00010b04: ; not directly referenced +loc_00010b94: ; not directly referenced add ebx, 0x2026 -jmp short loc_00010b12 ; jmp 0x10b12 +jmp short loc_00010ba2 ; jmp 0x10ba2 -loc_00010b0c: ; not directly referenced +loc_00010b9c: ; not directly referenced add ebx, 0x2036 -loc_00010b12: ; not directly referenced +loc_00010ba2: ; not directly referenced sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -jne short loc_00010b12 ; jne 0x10b12 -jmp short loc_00010b2b ; jmp 0x10b2b +jne short loc_00010ba2 ; jne 0x10ba2 +jmp short loc_00010bbb ; jmp 0x10bbb -loc_00010b24: ; not directly referenced +loc_00010bb4: ; not directly referenced mov eax, 0x80000002 -jmp short loc_00010b2d ; jmp 0x10b2d +jmp short loc_00010bbd ; jmp 0x10bbd -loc_00010b2b: ; not directly referenced +loc_00010bbb: ; not directly referenced xor eax, eax -loc_00010b2d: ; not directly referenced +loc_00010bbd: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00010b32: ; not directly referenced +fcn_00010bc2: ; not directly referenced push ebp mov ebp, esp push edi @@ -27283,43 +27340,43 @@ lea eax, [ebp - 0x20] push eax push 0 push 0 -push ref_000290cc ; push 0x290cc +push ref_0002917c ; push 0x2917c mov dword [ebp - 0x1c], 0 -call fcn_00019699 ; call 0x19699 +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00010b9b ; je 0x10b9b +je short loc_00010c2b ; je 0x10c2b test ebx, ebx -jns short loc_00010b9b ; jns 0x10b9b -call fcn_000153e9 ; call 0x153e9 +jns short loc_00010c2b ; jns 0x10c2b +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010b83 ; je 0x10b83 +je short loc_00010c13 ; je 0x10c13 push edi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010b83: ; not directly referenced +loc_00010c13: ; not directly referenced push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xa7 -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00010b9b: ; not directly referenced +loc_00010c2b: ; not directly referenced push ebx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc push 0x200000 push 0xff0fffff @@ -27327,38 +27384,38 @@ mov esi, eax and esi, 0xffffc000 lea edi, [esi + 0x50] push edi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp - 0x20] add esp, 0x10 cmp byte [eax + 0x24], 1 -jne short loc_00010bee ; jne 0x10bee +jne short loc_00010c7e ; jne 0x10c7e push ecx push ecx push 0xa0000 push edi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00010bee: ; not directly referenced +loc_00010c7e: ; not directly referenced sub esp, 0xc xor ebx, ebx push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 -loc_00010bfc: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010c8c: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010c1b ; je 0x10c1b +je short loc_00010cab ; je 0x10cab mov eax, dword [ebp - 0x20] push dword [eax + ebx*4] push ebx -push ref_00024c9f ; push 0x24c9f +push ref_00024d4e ; push 0x24d4e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010c1b: ; not directly referenced +loc_00010cab: ; not directly referenced mov eax, dword [ebp - 0x20] mov cl, bl mov edx, dword [eax + ebx*4] @@ -27367,14 +27424,14 @@ inc ebx shl eax, cl or byte [ebp + edx - 0x1c], al cmp ebx, 8 -jne short loc_00010bfc ; jne 0x10bfc +jne short loc_00010c8c ; jne 0x10c8c xor bl, bl -loc_00010c36: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010cc6: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al lea eax, [ebx + ebx] -je short loc_00010c6a ; je 0x10c6a +je short loc_00010cfa ; je 0x10cfa mov edx, eax sub esp, 0xc add edx, dword [ebp - 0x20] @@ -27384,54 +27441,54 @@ push ecx movzx edx, byte [edx + 0x21] push edx push ebx -push ref_00024caf ; push 0x24caf +push ref_00024d5e ; push 0x24d5e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 mov eax, dword [ebp - 0x2c] add esp, 0x20 -loc_00010c6a: ; not directly referenced +loc_00010cfa: ; not directly referenced add eax, dword [ebp - 0x20] cmp byte [eax + 0x20], 1 -jne short loc_00010c88 ; jne 0x10c88 +jne short loc_00010d18 ; jne 0x10d18 movzx edx, byte [ebp + ebx - 0x1c] push edx movzx eax, byte [eax + 0x21] push eax push ebx push esi -call fcn_00010a4c ; call 0x10a4c +call fcn_00010adc ; call 0x10adc add esp, 0x10 -loc_00010c88: ; not directly referenced +loc_00010d18: ; not directly referenced inc ebx cmp ebx, 4 -jne short loc_00010c36 ; jne 0x10c36 +jne short loc_00010cc6 ; jne 0x10cc6 push edx xor bl, bl push edx push 0x80000000 push edi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 -loc_00010ca8: ; not directly referenced +loc_00010d38: ; not directly referenced mov eax, dword [ebp - 0x20] cmp byte [eax + ebx*2 + 0x20], 1 -jne short loc_00010cbe ; jne 0x10cbe +jne short loc_00010d4e ; jne 0x10d4e push eax push eax push ebx push esi -call fcn_00010adb ; call 0x10adb +call fcn_00010b6b ; call 0x10b6b add esp, 0x10 -loc_00010cbe: ; not directly referenced +loc_00010d4e: ; not directly referenced inc ebx cmp ebx, 4 -jne short loc_00010ca8 ; jne 0x10ca8 +jne short loc_00010d38 ; jne 0x10d38 lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -27440,67 +27497,67 @@ pop edi pop ebp ret -fcn_00010cce: ; not directly referenced +fcn_00010d5e: ; not directly referenced push ebp mov ebp, esp push ebx push eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb dec eax -jne loc_00010d64 ; jne 0x10d64 -call fcn_000153e9 ; call 0x153e9 +jne loc_00010df4 ; jne 0x10df4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010cf9 ; je 0x10cf9 +je short loc_00010d89 ; je 0x10d89 push ebx push ebx -push ref_00024ccc ; push 0x24ccc +push ref_00024d7b ; push 0x24d7b push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010cf9: ; not directly referenced +loc_00010d89: ; not directly referenced push ecx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ebx, eax and ebx, 0xffffc000 lea eax, [ebx + 0x21a4] mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0xf cmp eax, 2 -jne short loc_00010d4a ; jne 0x10d4a +jne short loc_00010dda ; jne 0x10dda push edx add ebx, 0x21b0 push 2 push 0xf0 push ebx -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 -loc_00010d4a: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00010dda: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010d64 ; je 0x10d64 +je short loc_00010df4 ; je 0x10df4 push eax push eax -push ref_00024ce4 ; push 0x24ce4 +push ref_00024d93 ; push 0x24d93 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010d64: ; not directly referenced +loc_00010df4: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00010d69: +fcn_00010df9: push ebp mov ebp, esp push edi @@ -27511,127 +27568,127 @@ mov eax, dword [ebp + 0x14] mov ebx, dword [ebp + 0x10] add eax, 0x410 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov byte [ebp - 0x1b], al cmp ebx, 0x22 -ja short loc_00010da4 ; ja 0x10da4 +ja short loc_00010e34 ; ja 0x10e34 cmp ebx, 0x20 -jae short loc_00010dae ; jae 0x10dae +jae short loc_00010e3e ; jae 0x10e3e cmp ebx, 1 -jb short loc_00010dc6 ; jb 0x10dc6 +jb short loc_00010e56 ; jb 0x10e56 cmp ebx, 3 -jbe short loc_00010dba ; jbe 0x10dba +jbe short loc_00010e4a ; jbe 0x10e4a cmp ebx, 0x10 -je short loc_00010dba ; je 0x10dba -jmp short loc_00010dc6 ; jmp 0x10dc6 +je short loc_00010e4a ; je 0x10e4a +jmp short loc_00010e56 ; jmp 0x10e56 -loc_00010da4: +loc_00010e34: lea eax, [ebx - 0x41] cmp eax, 2 -jbe short loc_00010dcc ; jbe 0x10dcc -jmp short loc_00010dc6 ; jmp 0x10dc6 +jbe short loc_00010e5c ; jbe 0x10e5c +jmp short loc_00010e56 ; jmp 0x10e56 -loc_00010dae: -mov esi, ref_000284d8 ; mov esi, 0x284d8 +loc_00010e3e: +mov esi, ref_00028588 ; mov esi, 0x28588 mov edi, 0x14 -jmp short loc_00010dd6 ; jmp 0x10dd6 +jmp short loc_00010e66 ; jmp 0x10e66 -loc_00010dba: -mov esi, ref_000275ec ; mov esi, 0x275ec +loc_00010e4a: +mov esi, ref_0002769c ; mov esi, 0x2769c mov edi, 0x24 -jmp short loc_00010dd6 ; jmp 0x10dd6 +jmp short loc_00010e66 ; jmp 0x10e66 -loc_00010dc6: +loc_00010e56: xor esi, esi xor edi, edi -jmp short loc_00010dd6 ; jmp 0x10dd6 +jmp short loc_00010e66 ; jmp 0x10e66 -loc_00010dcc: -mov esi, ref_00028ca4 ; mov esi, 0x28ca4 +loc_00010e5c: +mov esi, ref_00028d54 ; mov esi, 0x28d54 mov edi, 0x16 -loc_00010dd6: +loc_00010e66: add esi, 8 mov word [ebp - 0x1a], 0 -loc_00010ddf: +loc_00010e6f: cmp word [ebp - 0x1a], di -je short loc_00010e4a ; je 0x10e4a +je short loc_00010eda ; je 0x10eda push dword [esi] push dword [esi - 4] push dword [esi - 8] push dword [ebp + 0x18] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov dword [ebp - 0x20], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00010e41 ; je 0x10e41 +je short loc_00010ed1 ; je 0x10ed1 cmp dword [ebp - 0x20], 0 -jns short loc_00010e41 ; jns 0x10e41 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00010ed1 ; jns 0x10ed1 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010e29 ; je 0x10e29 +je short loc_00010eb9 ; je 0x10eb9 push eax push dword [ebp - 0x20] -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010e29: +loc_00010eb9: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x173 -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00010e41: +loc_00010ed1: inc word [ebp - 0x1a] add esi, 0xc -jmp short loc_00010ddf ; jmp 0x10ddf +jmp short loc_00010e6f ; jmp 0x10e6f -loc_00010e4a: +loc_00010eda: cmp ebx, 0x22 -ja short loc_00010e65 ; ja 0x10e65 +ja short loc_00010ef5 ; ja 0x10ef5 cmp ebx, 0x20 -jae short loc_00010e6f ; jae 0x10e6f +jae short loc_00010eff ; jae 0x10eff cmp ebx, 1 -jb short loc_00010e87 ; jb 0x10e87 +jb short loc_00010f17 ; jb 0x10f17 cmp ebx, 3 -jbe short loc_00010e7b ; jbe 0x10e7b +jbe short loc_00010f0b ; jbe 0x10f0b cmp ebx, 0x10 -je short loc_00010e7b ; je 0x10e7b -jmp short loc_00010e87 ; jmp 0x10e87 +je short loc_00010f0b ; je 0x10f0b +jmp short loc_00010f17 ; jmp 0x10f17 -loc_00010e65: +loc_00010ef5: sub ebx, 0x41 cmp ebx, 2 -jbe short loc_00010e8d ; jbe 0x10e8d -jmp short loc_00010e87 ; jmp 0x10e87 +jbe short loc_00010f1d ; jbe 0x10f1d +jmp short loc_00010f17 ; jmp 0x10f17 -loc_00010e6f: -mov edi, ref_000283d0 ; mov edi, 0x283d0 +loc_00010eff: +mov edi, ref_00028480 ; mov edi, 0x28480 mov esi, 0x16 -jmp short loc_00010e97 ; jmp 0x10e97 +jmp short loc_00010f27 ; jmp 0x10f27 -loc_00010e7b: -mov edi, ref_0002779c ; mov edi, 0x2779c +loc_00010f0b: +mov edi, ref_0002784c ; mov edi, 0x2784c mov esi, 0x14 -jmp short loc_00010e97 ; jmp 0x10e97 +jmp short loc_00010f27 ; jmp 0x10f27 -loc_00010e87: +loc_00010f17: xor edi, edi xor esi, esi -jmp short loc_00010e97 ; jmp 0x10e97 +jmp short loc_00010f27 ; jmp 0x10f27 -loc_00010e8d: -mov edi, ref_00028b84 ; mov edi, 0x28b84 +loc_00010f1d: +mov edi, ref_00028c34 ; mov edi, 0x28c34 mov esi, 0x18 -loc_00010e97: +loc_00010f27: mov dl, byte [ebp - 0x1b] imul esi, esi, 0xc mov al, dl @@ -27642,87 +27699,87 @@ mov al, dl and eax, 0xc mov byte [ebp - 0x20], al -loc_00010eaf: +loc_00010f3f: cmp edi, esi -je loc_00010f5a ; je 0x10f5a +je loc_00010fea ; je 0x10fea cmp dword [ebp + 0xc], 2 -jne short loc_00010ed4 ; jne 0x10ed4 +jne short loc_00010f64 ; jne 0x10f64 mov eax, dword [edi] and eax, 0xfe00 cmp eax, 0x2400 -je short loc_00010ef5 ; je 0x10ef5 +je short loc_00010f85 ; je 0x10f85 cmp eax, 0x2600 -jne short loc_00010efb ; jne 0x10efb -jmp short loc_00010ee8 ; jmp 0x10ee8 +jne short loc_00010f8b ; jne 0x10f8b +jmp short loc_00010f78 ; jmp 0x10f78 -loc_00010ed4: +loc_00010f64: cmp dword [ebp + 0xc], 1 -jne short loc_00010efb ; jne 0x10efb +jne short loc_00010f8b ; jne 0x10f8b mov eax, dword [edi] and eax, 0xfe00 cmp eax, 0x2c00 -jne short loc_00010eee ; jne 0x10eee +jne short loc_00010f7e ; jne 0x10f7e -loc_00010ee8: +loc_00010f78: cmp byte [ebp - 0x20], 8 -jmp short loc_00010ef9 ; jmp 0x10ef9 +jmp short loc_00010f89 ; jmp 0x10f89 -loc_00010eee: +loc_00010f7e: cmp eax, 0x2e00 -jne short loc_00010efb ; jne 0x10efb +jne short loc_00010f8b ; jne 0x10f8b -loc_00010ef5: +loc_00010f85: cmp byte [ebp - 0x1a], 2 -loc_00010ef9: -jne short loc_00010f52 ; jne 0x10f52 +loc_00010f89: +jne short loc_00010fe2 ; jne 0x10fe2 -loc_00010efb: +loc_00010f8b: push dword [edi + 8] push dword [edi + 4] push dword [edi] push dword [ebp + 0x18] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00010f52 ; je 0x10f52 +je short loc_00010fe2 ; je 0x10fe2 test ebx, ebx -jns short loc_00010f52 ; jns 0x10f52 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00010fe2 ; jns 0x10fe2 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010f3a ; je 0x10f3a +je short loc_00010fca ; je 0x10fca push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010f3a: +loc_00010fca: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x1a4 -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00010f52: +loc_00010fe2: add edi, 0xc -jmp near loc_00010eaf ; jmp 0x10eaf +jmp near loc_00010f3f ; jmp 0x10f3f -loc_00010f5a: +loc_00010fea: mov eax, dword [ebp + 8] xor ebx, ebx cmp byte [eax], 8 -ja short loc_00010f6b ; ja 0x10f6b +ja short loc_00010ffb ; ja 0x10ffb -loc_00010f64: +loc_00010ff4: xor eax, eax -jmp near loc_0001119f ; jmp 0x1119f +jmp near loc_0001122f ; jmp 0x1122f -loc_00010f6b: +loc_00010ffb: mov cl, byte [ebp - 0x1b] mov al, cl and eax, 0xc @@ -27731,198 +27788,198 @@ mov al, cl and eax, 3 mov byte [ebp - 0x20], al -loc_00010f7e: -call fcn_0001c234 ; call 0x1c234 +loc_0001100e: +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp ebx, eax -jae short loc_00010f64 ; jae 0x10f64 +jae short loc_00010ff4 ; jae 0x10ff4 cmp ebx, 2 -jne short loc_00010f95 ; jne 0x10f95 +jne short loc_00011025 ; jne 0x11025 cmp byte [ebp - 0x20], 2 -jmp short loc_00010f9e ; jmp 0x10f9e +jmp short loc_0001102e ; jmp 0x1102e -loc_00010f95: +loc_00011025: cmp ebx, 3 -jne short loc_00010fa4 ; jne 0x10fa4 +jne short loc_00011034 ; jne 0x11034 cmp byte [ebp - 0x1b], 8 -loc_00010f9e: -jne loc_00011199 ; jne 0x11199 +loc_0001102e: +jne loc_00011229 ; jne 0x11229 -loc_00010fa4: +loc_00011034: cmp dword [ebp + 0xc], 1 -jne short loc_00010fb3 ; jne 0x10fb3 -mov esi, dword [ebx*4 + ref_000203c0] ; mov esi, dword [ebx*4 + 0x203c0] -jmp short loc_00010fba ; jmp 0x10fba +jne short loc_00011043 ; jne 0x11043 +mov esi, dword [ebx*4 + ref_00020450] ; mov esi, dword [ebx*4 + 0x20450] +jmp short loc_0001104a ; jmp 0x1104a -loc_00010fb3: -mov esi, dword [ebx*4 + ref_000203a8] ; mov esi, dword [ebx*4 + 0x203a8] +loc_00011043: +mov esi, dword [ebx*4 + ref_00020438] ; mov esi, dword [ebx*4 + 0x20438] -loc_00010fba: +loc_0001104a: mov ecx, dword [ebp + 8] lea eax, [ebx + 0xae] test byte [ecx + eax*8 + 0x10], 1 -je short loc_00011029 ; je 0x11029 +je short loc_000110b9 ; je 0x110b9 movzx eax, byte [ecx + eax*8 + 0xc] lea edx, [eax - 0x69] cmp dl, 0x17 -jbe short loc_0001101f ; jbe 0x1101f -call fcn_000153e9 ; call 0x153e9 +jbe short loc_000110af ; jbe 0x110af +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00010ff4 ; je 0x10ff4 +je short loc_00011084 ; je 0x11084 push eax push eax -push ref_00024cfa ; push 0x24cfa +push ref_00024da9 ; push 0x24da9 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00010ff4: -call fcn_000153f0 ; call 0x153f0 +loc_00011084: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00011015 ; je 0x11015 +je short loc_000110a5 ; je 0x110a5 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x1bd -loc_00011008: -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +loc_00011098: +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00011015: +loc_000110a5: mov eax, 0x80000002 -jmp near loc_0001119f ; jmp 0x1119f +jmp near loc_0001122f ; jmp 0x1122f -loc_0001101f: +loc_000110af: shl eax, 0x10 mov edx, 0xff00ffff -jmp short loc_0001102e ; jmp 0x1102e +jmp short loc_000110be ; jmp 0x110be -loc_00011029: +loc_000110b9: xor eax, eax or edx, 0xffffffff -loc_0001102e: +loc_000110be: mov edi, dword [ebp + 8] lea ecx, [ebx + 0xae] test byte [edi + ecx*8 + 0x10], 2 -je short loc_0001108f ; je 0x1108f +je short loc_0001111f ; je 0x1111f mov cl, byte [edi + ecx*8 + 0xd] lea edi, [ecx - 0x80] mov byte [ebp - 0x1a], cl mov ecx, edi cmp cl, 0x1c -jbe short loc_00011082 ; jbe 0x11082 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_00011112 ; jbe 0x11112 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001106c ; je 0x1106c +je short loc_000110fc ; je 0x110fc push edi push edi -push ref_00024d29 ; push 0x24d29 +push ref_00024dd8 ; push 0x24dd8 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001106c: -call fcn_000153f0 ; call 0x153f0 +loc_000110fc: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00011015 ; je 0x11015 +je short loc_000110a5 ; je 0x110a5 push esi -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x1ca -jmp short loc_00011008 ; jmp 0x11008 +jmp short loc_00011098 ; jmp 0x11098 -loc_00011082: +loc_00011112: movzx ecx, byte [ebp - 0x1a] xor dh, dh shl ecx, 8 or eax, ecx -jmp short loc_00011094 ; jmp 0x11094 +jmp short loc_00011124 ; jmp 0x11124 -loc_0001108f: +loc_0001111f: cmp edx, 0xffffffff -je short loc_000110a8 ; je 0x110a8 +je short loc_00011138 ; je 0x11138 -loc_00011094: +loc_00011124: push eax push edx lea eax, [esi + 0x88] push eax push dword [ebp + 0x18] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_000110a8: +loc_00011138: mov ecx, dword [ebp + 8] lea eax, [ebx + 0xae] test byte [ecx + eax*8 + 0x10], 4 -je short loc_0001111a ; je 0x1111a +je short loc_000111aa ; je 0x111aa movzx eax, byte [ecx + eax*8 + 0xe] lea edx, [eax - 0x39] cmp dl, 0x47 -jbe short loc_000110ff ; jbe 0x110ff -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0001118f ; jbe 0x1118f +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000110e2 ; je 0x110e2 +je short loc_00011172 ; je 0x11172 push ebx push ebx -push ref_00024d5b ; push 0x24d5b +push ref_00024e0a ; push 0x24e0a push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000110e2: -call fcn_000153f0 ; call 0x153f0 +loc_00011172: +call fcn_00015480 ; call 0x15480 test al, al -je loc_00011015 ; je 0x11015 +je loc_000110a5 ; je 0x110a5 push ecx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x1e2 -jmp near loc_00011008 ; jmp 0x11008 +jmp near loc_00011098 ; jmp 0x11098 -loc_000110ff: +loc_0001118f: shl eax, 8 push eax push 0xffff00ff lea eax, [esi + 0x90] push eax push dword [ebp + 0x18] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_0001111a: +loc_000111aa: mov ecx, dword [ebp + 8] lea eax, [ebx + 0xae] test byte [ecx + eax*8 + 0x10], 8 -je short loc_00011199 ; je 0x11199 +je short loc_00011229 ; je 0x11229 mov cl, byte [ecx + eax*8 + 0xf] mov dl, cl shr dl, 1 lea eax, [edx + 0x43] and eax, 0x7f cmp al, 0xd -jbe short loc_00011176 ; jbe 0x11176 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_00011206 ; jbe 0x11206 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00011159 ; je 0x11159 +je short loc_000111e9 ; je 0x111e9 push edx push edx -push ref_00024d86 ; push 0x24d86 +push ref_00024e35 ; push 0x24e35 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00011159: -call fcn_000153f0 ; call 0x153f0 +loc_000111e9: +call fcn_00015480 ; call 0x15480 test al, al -je loc_00011015 ; je 0x11015 +je loc_000110a5 ; je 0x110a5 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x1f3 -jmp near loc_00011008 ; jmp 0x11008 +jmp near loc_00011098 ; jmp 0x11098 -loc_00011176: +loc_00011206: and ecx, 1 movzx edx, dl shl ecx, 7 @@ -27932,14 +27989,14 @@ push ecx push 0xffffff00 push esi push dword [ebp + 0x18] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_00011199: +loc_00011229: inc ebx -jmp near loc_00010f7e ; jmp 0x10f7e +jmp near loc_0001100e ; jmp 0x1100e -loc_0001119f: +loc_0001122f: lea esp, [ebp - 0xc] pop ebx pop esi @@ -27947,7 +28004,7 @@ pop edi pop ebp ret -fcn_000111a7: +fcn_00011237: push ebp mov ebp, esp push edi @@ -27961,190 +28018,190 @@ lea eax, [esi + 0x410] add esi, 0xfc push eax mov dword [ebp - 0x1c], ecx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov dword [esp], esi mov edi, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ecx, dword [ebp - 0x1c] add esp, 0x10 cmp ecx, 0x22 -ja short loc_00011200 ; ja 0x11200 +ja short loc_00011290 ; ja 0x11290 cmp ecx, 0x20 -jae short loc_0001121a ; jae 0x1121a +jae short loc_000112aa ; jae 0x112aa cmp ecx, 1 -jb loc_000113d5 ; jb 0x113d5 +jb loc_00011465 ; jb 0x11465 cmp ecx, 3 -jbe short loc_00011213 ; jbe 0x11213 +jbe short loc_000112a3 ; jbe 0x112a3 cmp ecx, 0x10 -je short loc_00011213 ; je 0x11213 -jmp near loc_000113d5 ; jmp 0x113d5 +je short loc_000112a3 ; je 0x112a3 +jmp near loc_00011465 ; jmp 0x11465 -loc_00011200: +loc_00011290: sub ecx, 0x41 cmp ecx, 2 -ja loc_000113d5 ; ja 0x113d5 -mov ecx, ref_000287a0 ; mov ecx, 0x287a0 -jmp short loc_0001121f ; jmp 0x1121f +ja loc_00011465 ; ja 0x11465 +mov ecx, ref_00028850 ; mov ecx, 0x28850 +jmp short loc_000112af ; jmp 0x112af -loc_00011213: -mov ecx, ref_0002758c ; mov ecx, 0x2758c -jmp short loc_0001121f ; jmp 0x1121f +loc_000112a3: +mov ecx, ref_0002763c ; mov ecx, 0x2763c +jmp short loc_000112af ; jmp 0x112af -loc_0001121a: -mov ecx, ref_0002801c ; mov ecx, 0x2801c +loc_000112aa: +mov ecx, ref_000280cc ; mov ecx, 0x280cc -loc_0001121f: +loc_000112af: test eax, 0x80000 -je loc_000113d5 ; je 0x113d5 +je loc_00011465 ; je 0x11465 and eax, 0x70000 mov edx, eax shr edx, 0x10 cmp dword [ebp + 0xc], 2 -jne short loc_0001129d ; jne 0x1129d +jne short loc_0001132d ; jne 0x1132d cmp dl, 5 -ja loc_000113d5 ; ja 0x113d5 +ja loc_00011465 ; ja 0x11465 imul edx, edx, 0xc add ecx, edx push dword [ecx + 8] push dword [ecx + 4] push dword [ecx] push ebx -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je loc_000113d5 ; je 0x113d5 +je loc_00011465 ; je 0x11465 test ebx, ebx -jns loc_000113d5 ; jns 0x113d5 -call fcn_000153e9 ; call 0x153e9 +jns loc_00011465 ; jns 0x11465 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001128d ; je 0x1128d +je short loc_0001131d ; je 0x1131d push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001128d: +loc_0001131d: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x241 -jmp near loc_000113c8 ; jmp 0x113c8 +jmp near loc_00011458 ; jmp 0x11458 -loc_0001129d: +loc_0001132d: cmp dword [ebp + 0xc], 1 -jne loc_000113d5 ; jne 0x113d5 +jne loc_00011465 ; jne 0x11465 test dl, dl -jne short loc_00011312 ; jne 0x11312 +jne short loc_000113a2 ; jne 0x113a2 mov eax, edi and eax, 3 dec al -jne loc_000113d5 ; jne 0x113d5 +jne loc_00011465 ; jne 0x11465 imul edx, edx, 0xc add ecx, edx push dword [ecx + 8] push dword [ecx + 4] push dword [ecx] push ebx -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je loc_000113d5 ; je 0x113d5 +je loc_00011465 ; je 0x11465 test ebx, ebx -jns loc_000113d5 ; jns 0x113d5 -call fcn_000153e9 ; call 0x153e9 +jns loc_00011465 ; jns 0x11465 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00011302 ; je 0x11302 +je short loc_00011392 ; je 0x11392 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00011302: +loc_00011392: push edi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x24d -jmp near loc_000113c8 ; jmp 0x113c8 +jmp near loc_00011458 ; jmp 0x11458 -loc_00011312: +loc_000113a2: cmp dl, 1 -jne short loc_0001137b ; jne 0x1137b +jne short loc_0001140b ; jne 0x1140b mov eax, edi and eax, 0xc cmp al, 4 -jne loc_000113d5 ; jne 0x113d5 +jne loc_00011465 ; jne 0x11465 imul edx, edx, 0xc add ecx, edx push dword [ecx + 8] push dword [ecx + 4] push dword [ecx] push ebx -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je loc_000113d5 ; je 0x113d5 +je loc_00011465 ; je 0x11465 test ebx, ebx -jns loc_000113d5 ; jns 0x113d5 -call fcn_000153e9 ; call 0x153e9 +jns loc_00011465 ; jns 0x11465 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001136e ; je 0x1136e +je short loc_000113fe ; je 0x113fe push esi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001136e: +loc_000113fe: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x257 -jmp short loc_000113c8 ; jmp 0x113c8 +jmp short loc_00011458 ; jmp 0x11458 -loc_0001137b: +loc_0001140b: imul edx, edx, 0xc add ecx, edx push dword [ecx + 8] push dword [ecx + 4] push dword [ecx] push ebx -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000113d5 ; je 0x113d5 +je short loc_00011465 ; je 0x11465 test ebx, ebx -jns short loc_000113d5 ; jns 0x113d5 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00011465 ; jns 0x11465 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000113bd ; je 0x113bd +je short loc_0001144d ; je 0x1144d push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000113bd: +loc_0001144d: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x260 -loc_000113c8: -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +loc_00011458: +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000113d5: +loc_00011465: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -28153,14 +28210,14 @@ pop edi pop ebp ret -fcn_000113df: +fcn_0001146f: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x1c -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov esi, eax mov eax, dword [ebp + 8] mov ebx, dword [eax + 4] @@ -28168,24 +28225,24 @@ push edi push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0x1c push 0 mov edi, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc add edi, 2 push 0 push 0x14 push 0 mov dword [ebp - 0x20], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], edi mov dword [ebp - 0x24], eax -call fcn_00017cfe ; call 0x17cfe -call fcn_0001bb39 ; call 0x1bb39 +call fcn_00017dc2 ; call 0x17dc2 +call fcn_0001bbfd ; call 0x1bbfd movzx eax, al mov dword [ebp - 0x1c], eax pop eax @@ -28193,156 +28250,156 @@ pop edx lea eax, [ebx + 0x2088] push 0x109000 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [ebx + 0x20ac] pop ecx pop edi push 0x40000000 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp esi, 1 -jne short loc_000114a2 ; jne 0x114a2 +jne short loc_00011532 ; jne 0x11532 push eax push eax push 0x1b lea edi, [ebx + 0x2340] push edi -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 add esp, 0xc push 0x3a0000 push 0xff00ffff push edi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 lea eax, [ebx + 0x2324] pop edx pop ecx push 0x854c74 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_000114a2: +loc_00011532: sub esp, 0xc push ebx push dword [ebp - 0x20] push dword [ebp - 0x1c] push esi push dword [ebp + 8] -call fcn_00010d69 ; call 0x10d69 +call fcn_00010df9 ; call 0x10df9 add esp, 0x20 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000114fc ; je 0x114fc +je short loc_0001158c ; je 0x1158c test edi, edi -jns short loc_000114fc ; jns 0x114fc -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001158c ; jns 0x1158c +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000114e4 ; je 0x114e4 +je short loc_00011574 ; je 0x11574 push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000114e4: +loc_00011574: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x34e -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000114fc: +loc_0001158c: sub esp, 0xc push ebx push dword [ebp - 0x20] push dword [ebp - 0x1c] push esi push dword [ebp + 8] -call fcn_000111a7 ; call 0x111a7 +call fcn_00011237 ; call 0x11237 add esp, 0x20 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00011556 ; je 0x11556 +je short loc_000115e6 ; je 0x115e6 test esi, esi -jns short loc_00011556 ; jns 0x11556 -call fcn_000153e9 ; call 0x153e9 +jns short loc_000115e6 ; jns 0x115e6 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001153e ; je 0x1153e +je short loc_000115ce ; je 0x115ce push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001153e: +loc_000115ce: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x350 -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00011556: -call fcn_0001bef7 ; call 0x1bef7 +loc_000115e6: +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 2 -je short loc_0001156e ; je 0x1156e +je short loc_000115fe ; je 0x115fe -loc_00011560: -call fcn_0001bef7 ; call 0x1bef7 +loc_000115f0: +call fcn_0001bfbb ; call 0x1bfbb dec eax -jne loc_00011613 ; jne 0x11613 -jmp short loc_000115bb ; jmp 0x115bb +jne loc_000116a3 ; jne 0x116a3 +jmp short loc_0001164b ; jmp 0x1164b -loc_0001156e: +loc_000115fe: mov byte [ebp - 0x1c], 0 -loc_00011572: -call fcn_0001c0fb ; call 0x1c0fb +loc_00011602: +call fcn_0001c1bf ; call 0x1c1bf cmp byte [ebp - 0x1c], al -jae short loc_00011560 ; jae 0x11560 +jae short loc_000115f0 ; jae 0x115f0 push eax movzx eax, byte [ebp - 0x1c] push eax push 0x1c push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov edi, eax pop eax pop edx lea eax, [edi + 0x110] push 0x31c1 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 lea edx, [edi + 0x104] pop ecx pop eax push 0x17d010 push edx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 inc byte [ebp - 0x1c] -jmp short loc_00011572 ; jmp 0x11572 +jmp short loc_00011602 ; jmp 0x11602 -loc_000115bb: +loc_0001164b: sub esp, 0xc lea eax, [ebx + 0x2320] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, 0x20000 test al, 2 -jne short loc_000115fa ; jne 0x115fa +jne short loc_0001168a ; jne 0x1168a mov eax, dword [ebp - 0x20] sub esp, 0xc add eax, 0xf5 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 and eax, 1 cmp al, 1 @@ -28350,71 +28407,71 @@ sbb edx, edx xor dx, dx add edx, 0x20000 -loc_000115fa: +loc_0001168a: or dh, 0x30 push eax push edx push 0xfffc0fff lea eax, [ebx + 0x21a4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00011613: +loc_000116a3: push edi push edi push 0xfffffffffffffff0 lea eax, [ebx + 0x2348] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e mov eax, dword [ebp - 0x24] add esp, 0xc push 0x10000 push 0xffffff7f add eax, 0xb0 push eax -call fcn_00018aa4 ; call 0x18aa4 -call fcn_0001bef7 ; call 0x1bef7 +call fcn_00018b68 ; call 0x18b68 +call fcn_0001bfbb ; call 0x1bfbb add esp, 0x10 cmp eax, 2 -jne short loc_000116b7 ; jne 0x116b7 +jne short loc_00011747 ; jne 0x11747 push ecx push ecx push 0x10 lea eax, [ebx + 0x260c] push eax -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 push 0x3100 push 0xffffceff push 0xec000106 push ebx -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x20 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000116b7 ; je 0x116b7 +je short loc_00011747 ; je 0x11747 test esi, esi -jns short loc_000116b7 ; jns 0x116b7 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00011747 ; jns 0x11747 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001169f ; je 0x1169f +je short loc_0001172f ; je 0x1172f push edx push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001169f: +loc_0001172f: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x3b8 -push ref_00024c76 ; push 0x24c76 -call fcn_000153fc ; call 0x153fc +push ref_00024d25 ; push 0x24d25 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000116b7: +loc_00011747: lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -28423,7 +28480,7 @@ pop edi pop ebp ret -fcn_000116c1: +fcn_00011751: push ebp mov ebp, esp push edi @@ -28431,79 +28488,79 @@ push esi push ebx sub esp, 0x1c mov esi, dword [ebp + 0x14] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000116e7 ; je 0x116e7 +je short loc_00011777 ; je 0x11777 push eax push eax -push ref_00024db6 ; push 0x24db6 +push ref_00024e65 ; push 0x24e65 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000116e7: +loc_00011777: cmp dword [ebp + 8], 0 mov ebx, 0x80000002 -je loc_0001180f ; je 0x1180f -call fcn_000153e9 ; call 0x153e9 +je loc_0001189f ; je 0x1189f +call fcn_00015479 ; call 0x15479 test al, al mov eax, esi movzx ebx, al -je short loc_00011715 ; je 0x11715 +je short loc_000117a5 ; je 0x117a5 push eax push ebx -push ref_00024dd1 ; push 0x24dd1 +push ref_00024e80 ; push 0x24e80 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00011715: -call fcn_000153e9 ; call 0x153e9 +loc_000117a5: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00011731 ; je 0x11731 +je short loc_000117c1 ; je 0x117c1 push eax push dword [ebp + 0xc] -push ref_00024de2 ; push 0x24de2 +push ref_00024e91 ; push 0x24e91 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00011731: -call fcn_000153e9 ; call 0x153e9 +loc_000117c1: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001174d ; je 0x1174d +je short loc_000117dd ; je 0x117dd push eax push dword [ebp + 0x10] -push ref_00024dfa ; push 0x24dfa +push ref_00024ea9 ; push 0x24ea9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001174d: -call fcn_000153e9 ; call 0x153e9 +loc_000117dd: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00011767 ; je 0x11767 +je short loc_000117f7 ; je 0x117f7 push eax push eax -push ref_00021e91 ; push 0x21e91 +push ref_00021f21 ; push 0x21f21 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00011767: +loc_000117f7: push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edi, eax and edi, 0xffffc000 lea esi, [edi + 0x3418] mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc push ebx mov dword [ebp - 0x1c], eax @@ -28514,54 +28571,54 @@ push 0 push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] -call fcn_00015137 ; call 0x15137 +call fcn_000151c7 ; call 0x151c7 add esp, 0x20 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000117f9 ; je 0x117f9 +je short loc_00011889 ; je 0x11889 test ebx, ebx -jns short loc_000117f9 ; jns 0x117f9 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00011889 ; jns 0x11889 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000117e1 ; je 0x117e1 +je short loc_00011871 ; je 0x11871 push edi push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000117e1: +loc_00011871: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x82 -push ref_00024e12 ; push 0x24e12 -call fcn_000153fc ; call 0x153fc +push ref_00024ec1 ; push 0x24ec1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000117f9: +loc_00011889: push edx push edx push dword [ebp - 0x1c] push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 -loc_0001180f: -call fcn_000153e9 ; call 0x153e9 +loc_0001189f: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00011829 ; je 0x11829 +je short loc_000118b9 ; je 0x118b9 push eax push eax -push ref_00024e3b ; push 0x24e3b +push ref_00024eea ; push 0x24eea push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00011829: +loc_000118b9: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -28570,60 +28627,60 @@ pop edi pop ebp ret -fcn_00011833: ; not directly referenced +fcn_000118c3: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0x14 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00011854 ; je 0x11854 +je short loc_000118e4 ; je 0x118e4 push edx push edx -push ref_00024e54 ; push 0x24e54 +push ref_00024f03 ; push 0x24f03 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00011854: ; not directly referenced +loc_000118e4: ; not directly referenced lea eax, [ebp - 0xc] push eax push 0 push 0 -push ref_0002910c ; push 0x2910c -call fcn_00019699 ; call 0x19699 +push ref_000291bc ; push 0x291bc +call fcn_0001975d ; call 0x1975d add esp, 0x10 mov ebx, eax test eax, eax -jne short loc_00011889 ; jne 0x11889 +jne short loc_00011919 ; jne 0x11919 mov eax, dword [ebp - 0xc] movzx edx, byte [eax] push edx push dword [eax + 0xe] push dword [eax + 6] push dword [eax + 1] -call fcn_000116c1 ; call 0x116c1 +call fcn_00011751 ; call 0x11751 add esp, 0x10 mov ebx, eax -loc_00011889: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00011919: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000118a3 ; je 0x118a3 +je short loc_00011933 ; je 0x11933 push eax push eax -push ref_00024e6a ; push 0x24e6a +push ref_00024f19 ; push 0x24f19 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000118a3: ; not directly referenced +loc_00011933: ; not directly referenced mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_000118aa: ; not directly referenced +fcn_0001193a: ; not directly referenced push ebp mov ebp, esp push edi @@ -28634,9 +28691,9 @@ mov eax, dword [ebp + 0x14] mov ebx, dword [ebp + 0xc] mov esi, dword [ebp + 8] mov dword [ebp - 0x28], eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x1c], eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd mov eax, dword [ebp + 0x10] movzx eax, byte [eax + 1] push ecx @@ -28647,38 +28704,38 @@ push eax push 0x1c push edi mov dword [ebp - 0x2c], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0x1f push edi mov ebx, eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebp - 0x38], eax pop eax pop edx push 0 push dword [ebp + 0x18] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax push 0x1c push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a push 0x10 push dword [ebp - 0x2c] push 0x1c push edi mov dword [ebp - 0x20], eax -call fcn_00009f67 ; call 0x9f67 +call fcn_00009fd5 ; call 0x9fd5 add esp, 0x20 movzx eax, al mov ecx, eax mov dword [ebp - 0x3c], eax mov eax, 0x80000003 test ecx, ecx -je loc_00011ddc ; je 0x11ddc +je loc_00011e6c ; je 0x11e6c sub esp, 0xc mov eax, esi lea edx, [ebx + 0x64] @@ -28686,7 +28743,7 @@ movzx esi, al push edx imul esi, esi, 0x2c mov dword [ebp - 0x24], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edi, dword [ebp + 0x10] pop edx pop ecx @@ -28700,11 +28757,11 @@ cmovne ecx, eax and ecx, 0xfff3ffff push ecx push edx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [ebx + 0x68] mov dword [esp], eax mov dword [ebp - 0x24], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 pop edx pop ecx mov edx, eax @@ -28715,17 +28772,17 @@ cmovne edx, eax movzx edx, dx push edx push dword [ebp - 0x24] -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 add esp, 0xc push 0x14140000 push 0xffff lea eax, [ebx + 0x318] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov eax, dword [ebp - 0x20] add eax, 0xf5 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0xc mov edi, dword [ebp + 0x10] lea ecx, [ebx + 0x4c] @@ -28740,42 +28797,42 @@ add eax, 0x20000 push eax push 0xfffc7fff push ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x743a361b push 0 lea eax, [ebx + 0x314] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x18000 lea eax, [ebx + 0xd8] push 0xfffc7fff push eax mov dword [ebp - 0x20], eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x854c74 push 0xff000000 lea eax, [ebx + 0x33c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x2000000 push 0xfdffffff push dword [ebp - 0x20] -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x8000008 push 0xf7fffff7 push dword [ebp - 0x20] -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx lea eax, [ebx + 0xf5] push 0xf push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d mov al, byte [esi + 4] pop ecx pop edx @@ -28789,7 +28846,7 @@ cmove eax, edx push eax lea eax, [ebx + 0x100] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dl, byte [edi + 6] add esp, 0xc and edx, 0x20 @@ -28807,63 +28864,63 @@ push edx push eax lea eax, [ebx + 0x50] push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 cmp dword [ebp - 0x1c], 2 -jne short loc_00011aff ; jne 0x11aff +jne short loc_00011b8f ; jne 0x11b8f push ecx push 0x1000c0 push 0xffcffe3f lea eax, [ebx + 0x320] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00011aff: ; not directly referenced +loc_00011b8f: ; not directly referenced mov dl, byte [esi + 0xb] cmp dl, 9 -je short loc_00011b1d ; je 0x11b1d +je short loc_00011bad ; je 0x11bad sub edx, 3 xor eax, eax cmp dl, 3 -ja short loc_00011b22 ; ja 0x11b22 +ja short loc_00011bb2 ; ja 0x11bb2 movzx edx, dl -movzx eax, byte [edx + ref_000203d8] ; movzx eax, byte [edx + 0x203d8] -jmp short loc_00011b22 ; jmp 0x11b22 +movzx eax, byte [edx + ref_00020468] ; movzx eax, byte [edx + 0x20468] +jmp short loc_00011bb2 ; jmp 0x11bb2 -loc_00011b1d: ; not directly referenced +loc_00011bad: ; not directly referenced mov eax, 0x10 -loc_00011b22: ; not directly referenced +loc_00011bb2: ; not directly referenced push edx push eax push 0xffe0 push dword [ebp - 0x24] -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 mov dl, byte [edi + 6] add esp, 0x10 test dl, 4 -je short loc_00011ba8 ; je 0x11ba8 +je short loc_00011c38 ; je 0x11c38 sub esp, 0xc push dword [ebp - 0x30] shl edx, 0x1c sar edx, 0x1f and edx, 0x60 mov dword [ebp - 0x24], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, dword [ebp - 0x24] and eax, 0x3f0 cmp eax, 0x10 -jne short loc_00011b68 ; jne 0x11b68 +jne short loc_00011bf8 ; jne 0x11bf8 or dh, 0xb2 -jmp short loc_00011b8c ; jmp 0x11b8c +jmp short loc_00011c1c ; jmp 0x11c1c -loc_00011b68: ; not directly referenced +loc_00011bf8: ; not directly referenced sub esp, 0xc push dword [ebp - 0x30] mov dword [ebp - 0x24], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x24] add esp, 0x10 mov ecx, edx @@ -28872,7 +28929,7 @@ and eax, 0x3f0 cmp eax, 0x10 cmova edx, ecx -loc_00011b8c: ; not directly referenced +loc_00011c1c: ; not directly referenced push eax movzx eax, byte [esi + 0xa] shl eax, 0x13 @@ -28881,10 +28938,10 @@ push eax push 0x6001f lea eax, [ebx + 0x54] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00011ba8: ; not directly referenced +loc_00011c38: ; not directly referenced mov eax, dword [ebp + 0x10] sub esp, 0xc movzx eax, byte [eax + 0x19] @@ -28895,34 +28952,34 @@ push eax push dword [ebp - 0x2c] push 0x1c push dword [ebp - 0x34] -call fcn_0000bbe0 ; call 0xbbe0 +call fcn_0000bc4e ; call 0xbc4e add esp, 0x20 mov byte [ebp - 0x24], 1 test eax, eax -je short loc_00011bea ; je 0x11bea +je short loc_00011c7a ; je 0x11c7a push eax push eax push 2 lea eax, [ebx + 0xd4] push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 mov byte [ebp - 0x24], 0 -loc_00011bea: ; not directly referenced +loc_00011c7a: ; not directly referenced test byte [edi + 6], 8 -jne short loc_00011bfe ; jne 0x11bfe +jne short loc_00011c8e ; jne 0x11c8e mov cl, byte [ebp - 0x24] mov al, cl lea eax, [eax + eax - 3] lea edx, [ecx + ecx] -jmp short loc_00011c02 ; jmp 0x11c02 +jmp short loc_00011c92 ; jmp 0x11c92 -loc_00011bfe: ; not directly referenced +loc_00011c8e: ; not directly referenced mov al, 0xfd xor edx, edx -loc_00011c02: ; not directly referenced +loc_00011c92: ; not directly referenced movzx edx, dl movzx eax, al push ecx @@ -28930,7 +28987,7 @@ push edx push eax lea eax, [ebx + 0xe0] push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a mov dl, byte [esi + 4] add esp, 0xc mov al, dl @@ -28956,7 +29013,7 @@ push eax push 0xfff0 lea eax, [ebx + 0x48] push eax -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 mov dl, byte [esi + 4] add esp, 0xc mov al, dl @@ -28982,66 +29039,66 @@ movzx eax, ax push eax push 0xfff0 push esi -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0x10 test byte [edi + 6], 0x10 -je loc_00011d3e ; je 0x11d3e +je loc_00011dce ; je 0x11dce push eax push eax push 0xfff7 push esi -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0xc push 0x80000000 push 0xfffffffffffffffe push dword [ebp - 0x20] -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp dword [ebp - 0x1c], 2 -jne short loc_00011ce6 ; jne 0x11ce6 +jne short loc_00011d76 ; jne 0x11d76 movzx esi, word [ebp - 0x28] add esi, 0x8c -jmp short loc_00011cf3 ; jmp 0x11cf3 +jmp short loc_00011d83 ; jmp 0x11d83 -loc_00011ce6: ; not directly referenced +loc_00011d76: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_00011d14 ; jne 0x11d14 +jne short loc_00011da4 ; jne 0x11da4 movzx esi, word [ebp - 0x28] add esi, 0x20 -loc_00011cf3: ; not directly referenced +loc_00011d83: ; not directly referenced sub esp, 0xc push esi -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 test ah, 2 -je short loc_00011d14 ; je 0x11d14 +je short loc_00011da4 ; je 0x11da4 push eax push eax push 0x200 push esi -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 add esp, 0x10 -loc_00011d14: ; not directly referenced +loc_00011da4: ; not directly referenced mov esi, dword [ebp - 0x38] sub esp, 0xc add esi, 0xa0 push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ah, 4 -jne short loc_00011d3e ; jne 0x11d3e +jne short loc_00011dce ; jne 0x11dce push eax push eax push 0x400 push esi -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_00011d3e: ; not directly referenced +loc_00011dce: ; not directly referenced test byte [edi + 6], 8 -je short loc_00011dc3 ; je 0x11dc3 +je short loc_00011e53 ; je 0x11e53 mov esi, dword [ebp - 0x3c] push eax push eax @@ -29050,64 +29107,64 @@ add esi, ebx lea eax, [esi + 0x1a] add esi, 0x18 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0xc push 9 push 0xffdf push esi -call fcn_000188bd ; call 0x188bd +call fcn_00018981 ; call 0x18981 add esp, 0xc push 0x40000000 push 0xfffffffffffffffd push dword [ebp - 0x20] -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp dword [ebp - 0x1c], 2 -jne short loc_00011d93 ; jne 0x11d93 +jne short loc_00011e23 ; jne 0x11e23 movzx eax, word [ebp - 0x28] push ecx push ecx push 2 add eax, 0x8c -jmp short loc_00011da4 ; jmp 0x11da4 +jmp short loc_00011e34 ; jmp 0x11e34 -loc_00011d93: ; not directly referenced +loc_00011e23: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_00011dad ; jne 0x11dad +jne short loc_00011e3d ; jne 0x11e3d movzx eax, word [ebp - 0x28] push edx push edx push 2 add eax, 0x20 -loc_00011da4: ; not directly referenced +loc_00011e34: ; not directly referenced push eax -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 add esp, 0x10 -loc_00011dad: ; not directly referenced +loc_00011e3d: ; not directly referenced push eax add ebx, 0x108 push eax push 0x4000 push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00011dc3: ; not directly referenced +loc_00011e53: ; not directly referenced cmp byte [ebp - 0x24], 1 -je short loc_00011dda ; je 0x11dda +je short loc_00011e6a ; je 0x11e6a mov al, byte [edi + 6] and eax, 8 cmp al, 1 sbb eax, eax and eax, 0x8000000e -jmp short loc_00011ddc ; jmp 0x11ddc +jmp short loc_00011e6c ; jmp 0x11e6c -loc_00011dda: ; not directly referenced +loc_00011e6a: ; not directly referenced xor eax, eax -loc_00011ddc: ; not directly referenced +loc_00011e6c: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -29115,7 +29172,7 @@ pop edi pop ebp ret -fcn_00011de4: ; not directly referenced +fcn_00011e74: ; not directly referenced push ebp mov ebp, esp push edi @@ -29126,88 +29183,88 @@ sub esp, 0x2c mov eax, dword [ebp + 8] mov dword [ebp - 0x2c], eax mov byte [ebp - 0x20], al -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x1c], eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd movzx edi, byte [ebp - 0x20] mov dword [ebp - 0x28], eax -loc_00011e0c: ; not directly referenced -call fcn_0001c0fb ; call 0x1c0fb +loc_00011e9c: ; not directly referenced +call fcn_0001c1bf ; call 0x1c1bf movzx eax, al cmp ebx, eax -jae loc_00011f11 ; jae 0x11f11 +jae loc_00011fa1 ; jae 0x11fa1 cmp dword [ebp - 0x1c], 2 mov byte [ebp - 0x21], 0 -jne short loc_00011e60 ; jne 0x11e60 +jne short loc_00011ef0 ; jne 0x11ef0 push ecx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 and eax, 0xfffc lea eax, [eax + ebx*8 + 0x190] mov dword [esp], eax -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 and eax, 1 xor eax, 1 and eax, 1 mov byte [ebp - 0x21], al -loc_00011e60: ; not directly referenced +loc_00011ef0: ; not directly referenced mov eax, 1 mov cl, bl shl eax, cl test dword [ebp + 0x10], eax -je loc_00012080 ; je 0x12080 +je loc_00012110 ; je 0x12110 test dword [ebp + 0x14], eax -jne loc_00012103 ; jne 0x12103 +jne loc_00012193 ; jne 0x12193 push esi push esi push ebx push dword [ebp + 0x18] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax push 0x1c push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax pop eax pop edx lea eax, [esi + 0xe1] push 3 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 cmp dword [ebp - 0x1c], 2 -jne short loc_00011ed9 ; jne 0x11ed9 +jne short loc_00011f69 ; jne 0x11f69 push ecx push ecx push 0x40 lea eax, [esi + 0xe2] push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0xc push 8 push 0xf3 lea eax, [esi + 0xe8] push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 -loc_00011ed9: ; not directly referenced +loc_00011f69: ; not directly referenced push eax push eax push 3 lea eax, [esi + 0xe8] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 cmp dword [ebp - 0x28], 2 pop eax mov eax, 0x20 @@ -29217,173 +29274,173 @@ cmove eax, edx add esi, 0x324 push eax push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -jmp near loc_00012103 ; jmp 0x12103 +jmp near loc_00012193 ; jmp 0x12193 -loc_00011f11: ; not directly referenced +loc_00011fa1: ; not directly referenced xor ebx, ebx cmp dword [ebp - 0x1c], 2 -jne loc_00011ff4 ; jne 0x11ff4 +jne loc_00012084 ; jne 0x12084 mov eax, dword [ebp + 0x10] movzx edi, byte [ebp - 0x20] and eax, 0xf mov dword [ebp - 0x1c], eax -loc_00011f2a: ; not directly referenced -call fcn_0001c0fb ; call 0x1c0fb +loc_00011fba: ; not directly referenced +call fcn_0001c1bf ; call 0x1c1bf movzx eax, al cmp ebx, eax -jae short loc_00011fb4 ; jae 0x11fb4 +jae short loc_00012044 ; jae 0x12044 push esi push esi push ebx push dword [ebp + 0x18] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax push 0x1c push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov edx, eax lea eax, [ebx - 4] cmp eax, 1 -jbe short loc_00011f61 ; jbe 0x11f61 +jbe short loc_00011ff1 ; jbe 0x11ff1 test ebx, ebx -jne short loc_00011fae ; jne 0x11fae +jne short loc_0001203e ; jne 0x1203e -loc_00011f61: ; not directly referenced +loc_00011ff1: ; not directly referenced push ecx push ecx lea esi, [edx + 0xe1] push 0x3c push esi mov dword [ebp - 0x20], edx -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 mov eax, dword [ebp - 0x1c] add esp, 0x10 mov edx, dword [ebp - 0x20] or eax, ebx -je short loc_00011f8e ; je 0x11f8e +je short loc_0001201e ; je 0x1201e mov eax, dword [ebp + 0x10] bt eax, ebx -jb short loc_00011fae ; jb 0x11fae +jb short loc_0001203e ; jb 0x1203e cmp ebx, 3 -jbe short loc_00011fae ; jbe 0x11fae +jbe short loc_0001203e ; jbe 0x1203e -loc_00011f8e: ; not directly referenced +loc_0001201e: ; not directly referenced push eax add edx, 0xe2 push eax push 1 push edx -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop eax pop edx push 0x80 push esi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_00011fae: ; not directly referenced +loc_0001203e: ; not directly referenced inc ebx -jmp near loc_00011f2a ; jmp 0x11f2a +jmp near loc_00011fba ; jmp 0x11fba -loc_00011fb4: ; not directly referenced +loc_00012044: ; not directly referenced test byte [ebp + 0x10], 0x3f -jne loc_0001210b ; jne 0x1210b +jne loc_0001219b ; jne 0x1219b push ecx push ecx push 0 push dword [ebp + 0x18] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax movzx eax, byte [ebp - 0x2c] push 0x1c push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ebx pop esi push 0x40 add eax, 0xe1 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -jmp near loc_0001210b ; jmp 0x1210b +jmp near loc_0001219b ; jmp 0x1219b -loc_00011ff4: ; not directly referenced +loc_00012084: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne loc_0001210b ; jne 0x1210b +jne loc_0001219b ; jne 0x1219b movzx edi, byte [ebp - 0x20] -loc_00012002: ; not directly referenced -call fcn_0001c0fb ; call 0x1c0fb +loc_00012092: ; not directly referenced +call fcn_0001c1bf ; call 0x1c1bf movzx eax, al cmp ebx, eax -jae loc_0001210b ; jae 0x1210b +jae loc_0001219b ; jae 0x1219b mov eax, dword [ebp + 0x14] bt eax, ebx -jb short loc_0001207b ; jb 0x1207b +jb short loc_0001210b ; jb 0x1210b push esi push esi push ebx push dword [ebp + 0x18] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax push 0x1c push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a lea esi, [eax + 0xe1] mov dword [ebp - 0x1c], eax pop eax pop edx push 0x3c push esi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 mov eax, 0xf mov cl, bl shl eax, cl add esp, 0x10 mov edx, dword [ebp - 0x1c] test dword [ebp + 0x10], eax -jne short loc_0001207b ; jne 0x1207b +jne short loc_0001210b ; jne 0x1210b push eax add edx, 0xe2 push eax push 1 push edx -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop edx pop ecx push 0x80 push esi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_0001207b: ; not directly referenced +loc_0001210b: ; not directly referenced add ebx, 4 -jmp short loc_00012002 ; jmp 0x12002 +jmp short loc_00012092 ; jmp 0x12092 -loc_00012080: ; not directly referenced +loc_00012110: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_000120fd ; jne 0x120fd +jne short loc_0001218d ; jne 0x1218d push esi push esi push ebx push dword [ebp + 0x18] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax push 0x1c push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax pop eax pop edx @@ -29391,46 +29448,46 @@ lea eax, [esi + 0xe2] add esi, 0x420 push 0x30 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop ecx pop eax push 0x80000000 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_000120c8: ; not directly referenced +loc_00012158: ; not directly referenced cmp byte [ebp - 0x21], 0 -je short loc_000120fd ; je 0x120fd +je short loc_0001218d ; je 0x1218d push eax push eax push ebx push dword [ebp + 0x18] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax push 0x1c push edi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 0x60000000 add eax, 0x420 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_000120fd: ; not directly referenced +loc_0001218d: ; not directly referenced inc ebx -jmp near loc_00011e0c ; jmp 0x11e0c +jmp near loc_00011e9c ; jmp 0x11e9c -loc_00012103: ; not directly referenced +loc_00012193: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_000120fd ; jne 0x120fd -jmp short loc_000120c8 ; jmp 0x120c8 +jne short loc_0001218d ; jne 0x1218d +jmp short loc_00012158 ; jmp 0x12158 -loc_0001210b: ; not directly referenced +loc_0001219b: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -29439,7 +29496,7 @@ pop edi pop ebp ret -fcn_00012115: ; not directly referenced +fcn_000121a5: ; not directly referenced push ebp mov ebp, esp push edi @@ -29450,75 +29507,75 @@ mov ebx, dword [ebp + 0xc] mov esi, dword [ebp + 8] mov edi, dword [ebp + 0x10] push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -jne short loc_00012151 ; jne 0x12151 -call fcn_000153e9 ; call 0x153e9 +jne short loc_000121e1 ; jne 0x121e1 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00012151 ; je 0x12151 +je short loc_000121e1 ; je 0x121e1 push edx push ebx -push ref_00024e7e ; push 0x24e7e +push ref_00024f2d ; push 0x24f2d push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00012151: ; not directly referenced +loc_000121e1: ; not directly referenced sub esp, 0xc add ebx, 0xfc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and ax, 0xc000 cmp ax, 0x8000 -je short loc_00012182 ; je 0x12182 +je short loc_00012212 ; je 0x12212 cmp ax, 0xc000 -je short loc_0001217b ; je 0x1217b +je short loc_0001220b ; je 0x1220b xor ebx, ebx cmp ax, 0x4000 -jne short loc_00012187 ; jne 0x12187 +jne short loc_00012217 ; jne 0x12217 -loc_0001217b: ; not directly referenced +loc_0001220b: ; not directly referenced mov ebx, 2 -jmp short loc_00012187 ; jmp 0x12187 +jmp short loc_00012217 ; jmp 0x12217 -loc_00012182: ; not directly referenced +loc_00012212: ; not directly referenced mov ebx, 0x22 -loc_00012187: ; not directly referenced -call fcn_0001bef7 ; call 0x1bef7 +loc_00012217: ; not directly referenced +call fcn_0001bfbb ; call 0x1bfbb dec eax -jne short loc_000121d4 ; jne 0x121d4 +jne short loc_00012264 ; jne 0x12264 push eax push 4 push 0x1c movzx eax, byte [edi + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xfc mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and ax, 0xc000 cmp ax, 0x8000 -je short loc_000121cc ; je 0x121cc +je short loc_0001225c ; je 0x1225c cmp ax, 0xc000 -je short loc_000121d1 ; je 0x121d1 +je short loc_00012261 ; je 0x12261 mov edx, ebx or dh, 2 cmp ax, 0x4000 cmove ebx, edx -jmp short loc_000121d4 ; jmp 0x121d4 +jmp short loc_00012264 ; jmp 0x12264 -loc_000121cc: ; not directly referenced +loc_0001225c: ; not directly referenced or bh, 0x22 -jmp short loc_000121d4 ; jmp 0x121d4 +jmp short loc_00012264 ; jmp 0x12264 -loc_000121d1: ; not directly referenced +loc_00012261: ; not directly referenced or bh, 2 -loc_000121d4: ; not directly referenced +loc_00012264: ; not directly referenced movzx ebx, bx add esi, 0x103c mov dword [ebp + 0xc], ebx @@ -29528,27 +29585,27 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_000121ef: ; not directly referenced +fcn_0001227f: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x4c -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00012212 ; je 0x12212 +je short loc_000122a2 ; je 0x122a2 push esi push esi -push ref_00024e93 ; push 0x24e93 +push ref_00024f42 ; push 0x24f42 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00012212: ; not directly referenced -call fcn_0001bef7 ; call 0x1bef7 +loc_000122a2: ; not directly referenced +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x2c], eax push eax mov eax, dword [ebp + 8] @@ -29556,16 +29613,16 @@ push 0 push 0x1f movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax lea eax, [eax + 0xf0] add ebx, 0x40 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], ebx mov dword [ebp - 0x30], eax and dword [ebp - 0x30], 0xffffc000 -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edi, dword [ebp - 0x30] mov word [ebp - 0x3e], ax pop eax @@ -29573,7 +29630,7 @@ pop edx and word [ebp - 0x3e], 0xfffc push 0 push edi -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax @@ -29581,14 +29638,14 @@ mov eax, dword [ebp + 8] push 0x1c movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx pop ebx push 4 push edi mov esi, eax mov dword [ebp - 0x34], eax -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax @@ -29596,9 +29653,9 @@ mov eax, dword [ebp + 8] push 0x1c movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax -call fcn_0001c0fb ; call 0x1c0fb +call fcn_0001c1bf ; call 0x1c1bf add esp, 0xc push 5 push 0xf5 @@ -29606,295 +29663,295 @@ mov byte [ebp - 0x39], al mov eax, esi add eax, 0xf5 push eax -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0xc push dword [ebp + 8] push esi push edi -call fcn_00012115 ; call 0x12115 +call fcn_000121a5 ; call 0x121a5 mov eax, esi add eax, 0xfc mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov esi, eax and eax, 0xc000 cmp eax, 0x8000 -je short loc_00012308 ; je 0x12308 +je short loc_00012398 ; je 0x12398 cmp eax, 0xc000 -je short loc_0001230f ; je 0x1230f +je short loc_0001239f ; je 0x1239f cmp eax, 0x4000 sete al movzx eax, al mov edi, eax add edi, eax -jmp short loc_00012314 ; jmp 0x12314 +jmp short loc_000123a4 ; jmp 0x123a4 -loc_00012308: ; not directly referenced +loc_00012398: ; not directly referenced mov edi, 0xa -jmp short loc_00012314 ; jmp 0x12314 +jmp short loc_000123a4 ; jmp 0x123a4 -loc_0001230f: ; not directly referenced +loc_0001239f: ; not directly referenced mov edi, 0xe -loc_00012314: ; not directly referenced +loc_000123a4: ; not directly referenced cmp dword [ebp - 0x2c], 1 -jne short loc_0001235c ; jne 0x1235c +jne short loc_000123ec ; jne 0x123ec sub esp, 0xc add ebx, 0xfc push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0xc000 cmp eax, 0x8000 -je short loc_0001234e ; je 0x1234e +je short loc_000123de ; je 0x123de cmp eax, 0xc000 -je short loc_00012356 ; je 0x12356 +je short loc_000123e6 ; je 0x123e6 mov edx, edi or edx, 0x20 cmp eax, 0x4000 cmove edi, edx -jmp short loc_0001235c ; jmp 0x1235c +jmp short loc_000123ec ; jmp 0x123ec -loc_0001234e: ; not directly referenced +loc_000123de: ; not directly referenced or edi, 0xa0 -jmp short loc_0001235c ; jmp 0x1235c +jmp short loc_000123ec ; jmp 0x123ec -loc_00012356: ; not directly referenced +loc_000123e6: ; not directly referenced or edi, 0xe0 -loc_0001235c: ; not directly referenced +loc_000123ec: ; not directly referenced mov eax, dword [ebp - 0x30] sub esp, 0xc mov bl, 0xff add eax, 0x3414 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test esi, 0x80000 -je short loc_00012389 ; je 0x12389 +je short loc_00012419 ; je 0x12419 test al, 0x20 -jne short loc_00012389 ; jne 0x12389 +jne short loc_00012419 ; jne 0x12419 and esi, 0x70000 mov ebx, esi shr ebx, 0x10 -loc_00012389: ; not directly referenced +loc_00012419: ; not directly referenced cmp dword [ebp - 0x2c], 1 -jne short loc_000123b4 ; jne 0x123b4 +jne short loc_00012444 ; jne 0x12444 mov eax, dword [ebp - 0x34] sub esp, 0xc add eax, 0x410 push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 0x11 -je short loc_000123af ; je 0x123af +je short loc_0001243f ; je 0x1243f test bl, bl -jne short loc_000123f5 ; jne 0x123f5 +jne short loc_00012485 ; jne 0x12485 test al, 0x10 -jne short loc_000123f5 ; jne 0x123f5 +jne short loc_00012485 ; jne 0x12485 -loc_000123af: ; not directly referenced +loc_0001243f: ; not directly referenced or edi, 1 -jmp short loc_000123f5 ; jmp 0x123f5 +jmp short loc_00012485 ; jmp 0x12485 -loc_000123b4: ; not directly referenced +loc_00012444: ; not directly referenced cmp dword [ebp - 0x2c], 2 -jne short loc_00012405 ; jne 0x12405 +jne short loc_00012495 ; jne 0x12495 mov eax, dword [ebp - 0x34] sub esp, 0xc lea esi, [eax + 0x410] push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 3 -jne short loc_000123db ; jne 0x123db +jne short loc_0001246b ; jne 0x1246b -loc_000123d3: ; not directly referenced +loc_00012463: ; not directly referenced or edi, 1 -jmp near loc_00012b91 ; jmp 0x12b91 +jmp near loc_00012c21 ; jmp 0x12c21 -loc_000123db: ; not directly referenced +loc_0001246b: ; not directly referenced sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 3 cmp eax, 2 -jne loc_00012b91 ; jne 0x12b91 -jmp short loc_000123d3 ; jmp 0x123d3 +jne loc_00012c21 ; jne 0x12c21 +jmp short loc_00012463 ; jmp 0x12463 -loc_000123f5: ; not directly referenced +loc_00012485: ; not directly referenced test al, 0x24 -je short loc_00012402 ; je 0x12402 +je short loc_00012492 ; je 0x12492 cmp bl, 1 -jne short loc_00012405 ; jne 0x12405 +jne short loc_00012495 ; jne 0x12495 test al, 0x20 -loc_00012400: ; not directly referenced -jne short loc_00012405 ; jne 0x12405 +loc_00012490: ; not directly referenced +jne short loc_00012495 ; jne 0x12495 -loc_00012402: ; not directly referenced +loc_00012492: ; not directly referenced or edi, 2 -loc_00012405: ; not directly referenced +loc_00012495: ; not directly referenced cmp dword [ebp - 0x2c], 1 sete dl mov byte [ebp - 0x3b], dl cmp bl, 2 -jne short loc_0001241e ; jne 0x1241e +jne short loc_000124ae ; jne 0x124ae mov eax, edi or eax, 4 test dl, dl cmovne edi, eax -loc_0001241e: ; not directly referenced +loc_000124ae: ; not directly referenced cmp dword [ebp - 0x2c], 2 sete cl mov byte [ebp - 0x3c], cl test bl, bl -jne short loc_00012436 ; jne 0x12436 +jne short loc_000124c6 ; jne 0x124c6 mov eax, edi or eax, 4 test cl, cl cmovne edi, eax -loc_00012436: ; not directly referenced +loc_000124c6: ; not directly referenced cmp bl, 3 -jne short loc_00012447 ; jne 0x12447 +jne short loc_000124d7 ; jne 0x124d7 mov eax, edi or eax, 8 cmp byte [ebp - 0x3b], 0 cmovne edi, eax -loc_00012447: ; not directly referenced +loc_000124d7: ; not directly referenced cmp bl, 1 -jne short loc_00012458 ; jne 0x12458 +jne short loc_000124e8 ; jne 0x124e8 mov eax, edi or eax, 8 cmp byte [ebp - 0x3c], 0 cmovne edi, eax -loc_00012458: ; not directly referenced +loc_000124e8: ; not directly referenced cmp bl, 4 -jne short loc_00012468 ; jne 0x12468 +jne short loc_000124f8 ; jne 0x124f8 cmp byte [ebp - 0x3b], 0 -je short loc_00012468 ; je 0x12468 +je short loc_000124f8 ; je 0x124f8 or edi, 0x10 -jmp short loc_0001247c ; jmp 0x1247c +jmp short loc_0001250c ; jmp 0x1250c -loc_00012468: ; not directly referenced +loc_000124f8: ; not directly referenced cmp byte [ebp - 0x3c], 0 -je short loc_0001247c ; je 0x1247c +je short loc_0001250c ; je 0x1250c mov eax, edi lea edx, [ebx - 2] or eax, 0x10 cmp dl, 3 cmovbe edi, eax -loc_0001247c: ; not directly referenced +loc_0001250c: ; not directly referenced cmp bl, 5 -jne short loc_0001248c ; jne 0x1248c +jne short loc_0001251c ; jne 0x1251c cmp byte [ebp - 0x3b], 0 -je short loc_0001248c ; je 0x1248c +je short loc_0001251c ; je 0x1251c or edi, 0x20 -jmp short loc_000124b8 ; jmp 0x124b8 +jmp short loc_00012548 ; jmp 0x12548 -loc_0001248c: ; not directly referenced +loc_0001251c: ; not directly referenced cmp byte [ebp - 0x3c], 0 -je short loc_000124b2 ; je 0x124b2 +je short loc_00012542 ; je 0x12542 mov eax, dword [ebp - 0x34] sub esp, 0xc add eax, 0x410 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, edi add esp, 0x10 or edx, 0x20 test al, 0xf0 cmove edi, edx -jmp short loc_000124cc ; jmp 0x124cc +jmp short loc_0001255c ; jmp 0x1255c -loc_000124b2: ; not directly referenced +loc_00012542: ; not directly referenced cmp byte [ebp - 0x3b], 0 -je short loc_000124cc ; je 0x124cc +je short loc_0001255c ; je 0x1255c -loc_000124b8: ; not directly referenced +loc_00012548: ; not directly referenced cmp bl, 6 -jne short loc_000124c2 ; jne 0x124c2 +jne short loc_00012552 ; jne 0x12552 or edi, 0x40 -jmp short loc_000124cc ; jmp 0x124cc +jmp short loc_0001255c ; jmp 0x1255c -loc_000124c2: ; not directly referenced +loc_00012552: ; not directly referenced mov eax, edi or al, 0x80 cmp bl, 7 cmove edi, eax -loc_000124cc: ; not directly referenced +loc_0001255c: ; not directly referenced mov eax, dword [ebp - 0x30] sub esp, 0xc add eax, 0x1030 push eax mov dword [ebp - 0x4c], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dword [ebp - 0x48], 0xff test eax, 0x400000 -je short loc_0001250f ; je 0x1250f +je short loc_0001259f ; je 0x1259f mov eax, dword [ebp + 8] cmp byte [eax + 0x1a6], 0 -je short loc_0001250f ; je 0x1250f -call fcn_000153f0 ; call 0x153f0 +je short loc_0001259f ; je 0x1259f +call fcn_00015480 ; call 0x15480 mov eax, dword [ebp + 8] movzx eax, byte [eax + 0x1a7] mov dword [ebp - 0x48], eax -loc_0001250f: ; not directly referenced +loc_0001259f: ; not directly referenced xor ecx, ecx mov eax, 0x10000 mov dword [ebp - 0x34], 0 mov edx, 1 -loc_00012522: ; not directly referenced +loc_000125b2: ; not directly referenced cmp byte [ebp - 0x39], cl -jbe short loc_00012549 ; jbe 0x12549 +jbe short loc_000125d9 ; jbe 0x125d9 imul ebx, ecx, 0x2c mov esi, dword [ebp + 8] test byte [esi + ebx + 0x46], 1 -je short loc_00012546 ; je 0x12546 +je short loc_000125d6 ; je 0x125d6 mov esi, dword [ebp + 0xc] mov ebx, eax shl ebx, cl test dword [esi], ebx -jne short loc_00012546 ; jne 0x12546 +jne short loc_000125d6 ; jne 0x125d6 mov ebx, edx shl ebx, cl or dword [ebp - 0x34], ebx -loc_00012546: ; not directly referenced +loc_000125d6: ; not directly referenced inc ecx -jmp short loc_00012522 ; jmp 0x12522 +jmp short loc_000125b2 ; jmp 0x125b2 -loc_00012549: ; not directly referenced +loc_000125d9: ; not directly referenced cmp dword [ebp - 0x34], 0 -je short loc_00012556 ; je 0x12556 +je short loc_000125e6 ; je 0x125e6 mov eax, edi not eax and dword [ebp - 0x34], eax -loc_00012556: ; not directly referenced +loc_000125e6: ; not directly referenced mov eax, dword [ebp + 8] mov byte [ebp - 0x3a], 0xff cmp byte [eax + 0x1a9], 0 -jne short loc_000125bc ; jne 0x125bc +jne short loc_0001264c ; jne 0x1264c xor eax, eax -loc_00012568: ; not directly referenced +loc_000125f8: ; not directly referenced mov dl, al cmp al, byte [ebp - 0x39] -jae short loc_00012586 ; jae 0x12586 +jae short loc_00012616 ; jae 0x12616 imul ecx, eax, 0x2c mov esi, dword [ebp + 8] cmp byte [esi + ecx + 0x4f], 0 @@ -29902,65 +29959,65 @@ mov cl, byte [ebp - 0x3a] cmove ecx, edx inc eax mov byte [ebp - 0x3a], cl -jmp short loc_00012568 ; jmp 0x12568 +jmp short loc_000125f8 ; jmp 0x125f8 -loc_00012586: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00012616: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000125af ; je 0x125af +je short loc_0001263f ; je 0x1263f mov al, byte [ebp - 0x39] cmp byte [ebp - 0x3a], al -jbe short loc_000125af ; jbe 0x125af +jbe short loc_0001263f ; jbe 0x1263f push eax -push ref_00024ead ; push 0x24ead +push ref_00024f5c ; push 0x24f5c push 0x173 -push ref_00024ecc ; push 0x24ecc -call fcn_000153fc ; call 0x153fc +push ref_00024f7b ; push 0x24f7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000125af: ; not directly referenced +loc_0001263f: ; not directly referenced mov cl, byte [ebp - 0x3a] mov eax, 1 shl eax, cl or dword [ebp - 0x34], eax -loc_000125bc: ; not directly referenced +loc_0001264c: ; not directly referenced sub esp, 0xc lea eax, [ebp - 0x20] push eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001260f ; je 0x1260f +je short loc_0001269f ; je 0x1269f test ebx, ebx -jns short loc_0001260f ; jns 0x1260f -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001269f ; jns 0x1269f +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000125f7 ; je 0x125f7 +je short loc_00012687 ; je 0x12687 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000125f7: ; not directly referenced +loc_00012687: ; not directly referenced push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x181 -push ref_00024ecc ; push 0x24ecc -call fcn_000153fc ; call 0x153fc +push ref_00024f7b ; push 0x24f7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001260f: ; not directly referenced +loc_0001269f: ; not directly referenced cmp dword [ebp - 0x20], 0x11 -je short loc_00012649 ; je 0x12649 +je short loc_000126d9 ; je 0x126d9 mov eax, dword [ebp + 8] mov dword [ebp - 0x38], 0 cmp byte [eax], 9 -jbe short loc_00012650 ; jbe 0x12650 +jbe short loc_000126e0 ; jbe 0x126e0 mov edx, dword [ebp + 8] mov al, byte [eax + 0x1aa] movzx ecx, byte [edx + 0x1ab] @@ -29970,28 +30027,28 @@ mov dword [ebp - 0x38], ecx and dword [ebp - 0x38], 7 shl dword [ebp - 0x38], 7 or dword [ebp - 0x38], eax -jmp short loc_00012650 ; jmp 0x12650 +jmp short loc_000126e0 ; jmp 0x126e0 -loc_00012649: ; not directly referenced +loc_000126d9: ; not directly referenced mov dword [ebp - 0x38], 0x3e8 -loc_00012650: ; not directly referenced +loc_000126e0: ; not directly referenced movzx eax, word [ebp - 0x3e] mov dword [ebp - 0x2c], 0 mov dword [ebp - 0x44], 0 mov dword [ebp - 0x58], eax -loc_00012665: ; not directly referenced +loc_000126f5: ; not directly referenced mov edx, dword [ebp - 0x2c] mov al, byte [ebp - 0x39] mov byte [ebp - 0x3e], dl cmp dl, al -jae loc_00012a30 ; jae 0x12a30 +jae loc_00012ac0 ; jae 0x12ac0 push eax push eax push dword [ebp - 0x2c] push dword [ebp - 0x30] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax @@ -29999,18 +30056,18 @@ mov eax, dword [ebp + 8] push 0x1c movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd add esp, 0x10 cmp eax, 2 -jne short loc_000126e4 ; jne 0x126e4 +jne short loc_00012774 ; jne 0x12774 cmp byte [ebp - 0x3c], 0 -je short loc_000126e4 ; je 0x126e4 +je short loc_00012774 ; je 0x12774 mov edx, dword [ebp + 8] mov eax, 0x2000430 cmp byte [edx], 7 -jbe short loc_000126d2 ; jbe 0x126d2 +jbe short loc_00012762 ; jbe 0x12762 imul eax, dword [ebp - 0x2c], 0x2c mov al, byte [edx + eax + 0x46] shr al, 7 @@ -30019,24 +30076,24 @@ sbb eax, eax and eax, 0xfffffffd add eax, 0x2000433 -loc_000126d2: ; not directly referenced +loc_00012762: ; not directly referenced push esi push esi push eax lea eax, [ebx + 0x418] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_000126e4: ; not directly referenced +loc_00012774: ; not directly referenced cmp byte [ebp - 0x3e], 0 -jne loc_000127d9 ; jne 0x127d9 +jne loc_00012869 ; jne 0x12869 mov esi, dword [ebp - 0x30] push eax push eax push 0 push esi -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f pop edx pop ecx lea edx, [ebp - 0x21] @@ -30049,40 +30106,40 @@ push eax push 4 push 0xe00000e0 push esi -call fcn_00009e5f ; call 0x9e5f +call fcn_00009ecd ; call 0x9ecd add esp, 0x20 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00012760 ; je 0x12760 +je short loc_000127f0 ; je 0x127f0 test esi, esi -jns short loc_00012760 ; jns 0x12760 -call fcn_000153e9 ; call 0x153e9 +jns short loc_000127f0 ; jns 0x127f0 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00012748 ; je 0x12748 +je short loc_000127d8 ; je 0x127d8 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00012748: ; not directly referenced +loc_000127d8: ; not directly referenced push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x1ab -push ref_00024ecc ; push 0x24ecc -call fcn_000153fc ; call 0x153fc +push ref_00024f7b ; push 0x24f7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00012760: ; not directly referenced +loc_000127f0: ; not directly referenced mov esi, dword [ebp - 0x30] push ecx push ecx push 0 push esi or dword [ebp - 0x1c], 0x300000 -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f pop edx pop ecx lea ecx, [ebp - 0x21] @@ -30095,161 +30152,161 @@ push eax push 5 push 0xe00000e0 push esi -call fcn_00009e5f ; call 0x9e5f +call fcn_00009ecd ; call 0x9ecd add esp, 0x20 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000127d9 ; je 0x127d9 +je short loc_00012869 ; je 0x12869 test esi, esi -jns short loc_000127d9 ; jns 0x127d9 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00012869 ; jns 0x12869 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000127c1 ; je 0x127c1 +je short loc_00012851 ; je 0x12851 push edx push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000127c1: ; not directly referenced +loc_00012851: ; not directly referenced push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x1b5 -push ref_00024ecc ; push 0x24ecc -call fcn_000153fc ; call 0x153fc +push ref_00024f7b ; push 0x24f7b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000127d9: ; not directly referenced +loc_00012869: ; not directly referenced mov cl, byte [ebp - 0x2c] mov esi, 1 shl esi, cl mov eax, esi and eax, edi mov dword [ebp - 0x50], eax -jne loc_00012bbc ; jne 0x12bbc +jne loc_00012c4c ; jne 0x12c4c push eax push eax push 0x100 lea eax, [ebx + 0x42] push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 lea edx, [ebx + 0x5a] mov dword [esp], edx mov dword [ebp - 0x54], edx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, dword [ebp - 0x54] test al, 0x40 -jne loc_000128a9 ; jne 0x128a9 +jne loc_00012939 ; jne 0x12939 imul eax, dword [ebp - 0x2c], 0x2c mov ecx, dword [ebp + 8] test byte [ecx + eax + 0x46], 8 -jne short loc_000128a9 ; jne 0x128a9 +jne short loc_00012939 ; jne 0x12939 mov eax, dword [ebp - 0x48] cmp dword [ebp - 0x2c], eax -je short loc_000128a9 ; je 0x128a9 +je short loc_00012939 ; je 0x12939 push eax mov esi, 0x1f4 push eax push 0x4000000 lea eax, [ebx + 0x338] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 lea eax, [ebx + 0x328] add esp, 0x10 mov dword [ebp - 0x54], eax -loc_00012856: ; not directly referenced +loc_000128e6: ; not directly referenced sub esp, 0xc push dword [ebp - 0x54] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0xff000000 cmp eax, 0x1000000 -jne short loc_00012897 ; jne 0x12897 +jne short loc_00012927 ; jne 0x12927 -loc_00012870: ; not directly referenced +loc_00012900: ; not directly referenced push eax push eax push 0x8000000 lea eax, [ebx + 0x408] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov cl, byte [ebp - 0x2c] mov eax, 0x10000 mov edx, dword [ebp + 0xc] shl eax, cl or dword [edx], eax -jmp near loc_000129c5 ; jmp 0x129c5 +jmp near loc_00012a55 ; jmp 0x12a55 -loc_00012897: ; not directly referenced +loc_00012927: ; not directly referenced sub esp, 0xc push 0x64 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec esi -jne short loc_00012856 ; jne 0x12856 -jmp short loc_00012870 ; jmp 0x12870 +jne short loc_000128e6 ; jne 0x128e6 +jmp short loc_00012900 ; jmp 0x12900 -loc_000128a9: ; not directly referenced +loc_00012939: ; not directly referenced test dword [ebp - 0x34], esi -jne short loc_000128e2 ; jne 0x128e2 +jne short loc_00012972 ; jne 0x12972 sub esp, 0xc push edx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 0x40 -je short loc_000128ce ; je 0x128ce +je short loc_0001295e ; je 0x1295e push eax push eax push 0x10 lea eax, [ebx + 0x50] push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_000128ce: ; not directly referenced +loc_0001295e: ; not directly referenced mov cl, byte [ebp - 0x2c] mov eax, 0x10000 mov edx, dword [ebp + 0xc] shl eax, cl or dword [edx], eax -jmp near loc_000129c8 ; jmp 0x129c8 +jmp near loc_00012a58 ; jmp 0x12a58 -loc_000128e2: ; not directly referenced +loc_00012972: ; not directly referenced sub esp, 0xc lea eax, [ebx + 0xe0] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 cmp dword [ebp - 0x20], 0x11 -jne short loc_000128fe ; jne 0x128fe +jne short loc_0001298e ; jne 0x1298e test al, 2 -je short loc_0001292c ; je 0x1292c +je short loc_000129bc ; je 0x129bc -loc_000128fe: ; not directly referenced +loc_0001298e: ; not directly referenced lea esi, [ebx + 0x52] -loc_00012901: ; not directly referenced +loc_00012991: ; not directly referenced mov eax, dword [ebp - 0x38] cmp dword [ebp - 0x44], eax -jae short loc_0001292c ; jae 0x1292c +jae short loc_000129bc ; jae 0x129bc sub esp, 0xc push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test ah, 0x20 -jne short loc_0001292c ; jne 0x1292c +jne short loc_000129bc ; jne 0x129bc sub esp, 0xc push 0x64 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 inc dword [ebp - 0x44] -jmp short loc_00012901 ; jmp 0x12901 +jmp short loc_00012991 ; jmp 0x12991 -loc_0001292c: ; not directly referenced +loc_000129bc: ; not directly referenced sub esp, 0xc mov eax, dword [ebp - 0x2c] push dword [ebp - 0x30] @@ -30257,109 +30314,109 @@ push dword [ebp - 0x58] push dword [ebp + 8] push eax push eax -call fcn_000118aa ; call 0x118aa +call fcn_0001193a ; call 0x1193a add esp, 0x20 test eax, eax -js short loc_0001296c ; js 0x1296c -call fcn_000153e9 ; call 0x153e9 +js short loc_000129fc ; js 0x129fc +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001296c ; je 0x1296c +je short loc_000129fc ; je 0x129fc mov eax, dword [ebp - 0x2c] push dword [ebp - 0x34] inc eax push eax -push ref_00024efa ; push 0x24efa +push ref_00024fa9 ; push 0x24fa9 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001296c: ; not directly referenced +loc_000129fc: ; not directly referenced imul eax, dword [ebp - 0x2c], 0x2c mov ecx, dword [ebp + 8] test byte [ecx + eax + 0x46], 0x40 -je short loc_000129c8 ; je 0x129c8 +je short loc_00012a58 ; je 0x12a58 sub esp, 0xc lea eax, [ebx + 0x328] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x780000 cmp eax, 0x380000 -jne short loc_000129c8 ; jne 0x129c8 +jne short loc_00012a58 ; jne 0x12a58 push eax push eax push 0x10 lea esi, [ebx + 0x50] push esi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop eax pop edx lea eax, [ebx + 0xe8] push 0x2000 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 pop ecx pop eax push 0xef push esi -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d -loc_000129c5: ; not directly referenced +loc_00012a55: ; not directly referenced add esp, 0x10 -loc_000129c8: ; not directly referenced +loc_00012a58: ; not directly referenced sub esp, 0xc push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 inc eax -je short loc_00012a28 ; je 0x12a28 +je short loc_00012ab8 ; je 0x12ab8 cmp byte [ebp - 0x3b], 0 -je short loc_000129e3 ; je 0x129e3 +je short loc_00012a73 ; je 0x12a73 test byte [ebp - 0x3e], 0xfb -jmp short loc_000129f7 ; jmp 0x129f7 +jmp short loc_00012a87 ; jmp 0x12a87 -loc_000129e3: ; not directly referenced +loc_00012a73: ; not directly referenced cmp byte [ebp - 0x3c], 0 -je short loc_00012a0f ; je 0x12a0f +je short loc_00012a9f ; je 0x12a9f mov cl, byte [ebp - 0x3e] mov al, cl sub eax, 4 cmp al, 1 -jbe short loc_000129f9 ; jbe 0x129f9 +jbe short loc_00012a89 ; jbe 0x12a89 test cl, cl -loc_000129f7: ; not directly referenced -jne short loc_00012a0f ; jne 0x12a0f +loc_00012a87: ; not directly referenced +jne short loc_00012a9f ; jne 0x12a9f -loc_000129f9: ; not directly referenced +loc_00012a89: ; not directly referenced push eax push eax push 0xf3 lea eax, [ebx + 0xf7] push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d add esp, 0x10 -loc_00012a0f: ; not directly referenced +loc_00012a9f: ; not directly referenced cmp dword [ebp - 0x50], 0 -jne short loc_00012a28 ; jne 0x12a28 +jne short loc_00012ab8 ; jne 0x12ab8 push esi add ebx, 0xd4 push esi push 2 push ebx -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_00012a28: ; not directly referenced +loc_00012ab8: ; not directly referenced inc dword [ebp - 0x2c] -jmp near loc_00012665 ; jmp 0x12665 +jmp near loc_000126f5 ; jmp 0x126f5 -loc_00012a30: ; not directly referenced +loc_00012ac0: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x1a9], 0 -jne short loc_00012a6e ; jne 0x12a6e +jne short loc_00012afe ; jne 0x12afe mov eax, dword [ebp + 0xc] mov ecx, 8 sub cl, byte [ebp - 0x39] @@ -30370,7 +30427,7 @@ mov ecx, edx shr ecx, 0x10 and ecx, eax cmp ecx, eax -je short loc_00012a6e ; je 0x12a6e +je short loc_00012afe ; je 0x12afe mov cl, byte [ebp - 0x3a] mov eax, 0x10000 shl eax, cl @@ -30379,26 +30436,26 @@ and eax, edx mov edx, dword [ebp + 0xc] mov dword [edx], eax -loc_00012a6e: ; not directly referenced +loc_00012afe: ; not directly referenced sub esp, 0xc push dword [ebp - 0x4c] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, 0x400000 -je short loc_00012ad6 ; je 0x12ad6 +je short loc_00012b66 ; je 0x12b66 mov eax, dword [ebp + 8] cmp byte [eax + 0x1a6], 0 -je short loc_00012ad6 ; je 0x12ad6 +je short loc_00012b66 ; je 0x12b66 movzx eax, byte [eax + 0x1a7] mov ecx, dword [ebp + 8] imul edx, eax, 0x2c test byte [ecx + edx + 0x46], 1 -je short loc_00012ad6 ; je 0x12ad6 +je short loc_00012b66 ; je 0x12b66 push edx push edx push eax push dword [ebp - 0x30] -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f add esp, 0xc movzx eax, al push eax @@ -30406,21 +30463,21 @@ mov eax, dword [ebp + 8] push 0x1c movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop ecx pop ebx push 3 add eax, 0xec push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00012ad6: ; not directly referenced +loc_00012b66: ; not directly referenced mov edx, dword [ebp + 8] mov eax, dword [ebp + 0xc] cmp byte [edx + 0x1a8], 0 mov eax, dword [eax] -je short loc_00012b05 ; je 0x12b05 +je short loc_00012b95 ; je 0x12b95 sub esp, 0xc push dword [ebp - 0x30] shr eax, 0x10 @@ -30431,41 +30488,41 @@ push eax push edx movzx eax, byte [edx + 1] push eax -call fcn_00011de4 ; call 0x11de4 +call fcn_00011e74 ; call 0x11e74 add esp, 0x20 -loc_00012b05: ; not directly referenced +loc_00012b95: ; not directly referenced xor ebx, ebx -loc_00012b07: ; not directly referenced +loc_00012b97: ; not directly referenced cmp byte [ebp - 0x39], bl -jbe short loc_00012b47 ; jbe 0x12b47 +jbe short loc_00012bd7 ; jbe 0x12bd7 push eax mov eax, dword [ebp + 8] push ebx push 0x1c movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [esp], eax mov esi, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 inc ax -je short loc_00012b44 ; je 0x12b44 +je short loc_00012bd4 ; je 0x12bd4 push edi add esi, 0x320 push edi push 0x1800000 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00012b44: ; not directly referenced +loc_00012bd4: ; not directly referenced inc ebx -jmp short loc_00012b07 ; jmp 0x12b07 +jmp short loc_00012b97 ; jmp 0x12b97 -loc_00012b47: ; not directly referenced +loc_00012bd7: ; not directly referenced mov edi, dword [ebp - 0x30] push edx push edx @@ -30473,50 +30530,50 @@ push 0x80000080 mov eax, edi add eax, 0x2314 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov eax, edi pop ecx add eax, 0x1114 pop ebx push 0xc000 push eax -call fcn_00018863 ; call 0x18863 -call fcn_000153e9 ; call 0x153e9 +call fcn_00018927 ; call 0x18927 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00012bd0 ; je 0x12bd0 +je short loc_00012c60 ; je 0x12c60 push eax push eax -push ref_00024f2c ; push 0x24f2c +push ref_00024fdb ; push 0x24fdb push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_00012bd0 ; jmp 0x12bd0 +jmp short loc_00012c60 ; jmp 0x12c60 -loc_00012b91: ; not directly referenced +loc_00012c21: ; not directly referenced sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 0xc -je loc_00012402 ; je 0x12402 +je loc_00012492 ; je 0x12492 sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0xc cmp eax, 8 -jmp near loc_00012400 ; jmp 0x12400 +jmp near loc_00012490 ; jmp 0x12490 -loc_00012bbc: ; not directly referenced +loc_00012c4c: ; not directly referenced mov cl, byte [ebp - 0x2c] mov eax, 0x10000 shl eax, cl mov ecx, dword [ebp + 0xc] or dword [ecx], eax -jmp near loc_000129c8 ; jmp 0x129c8 +jmp near loc_00012a58 ; jmp 0x12a58 -loc_00012bd0: ; not directly referenced +loc_00012c60: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -30525,7 +30582,7 @@ pop edi pop ebp ret -fcn_00012bda: ; not directly referenced +fcn_00012c6a: ; not directly referenced push ebp mov ebp, esp push edi @@ -30536,27 +30593,27 @@ sub esp, 0xc mov edi, dword [ebp + 0xc] mov esi, dword [ebp + 0x10] -loc_00012bee: ; not directly referenced +loc_00012c7e: ; not directly referenced sub esp, 0xc push dword [ebp + 8] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 and eax, edi cmp ax, si -je short loc_00012c1a ; je 0x12c1a +je short loc_00012caa ; je 0x12caa sub esp, 0xc push 0x64 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec ebx -jne short loc_00012bee ; jne 0x12bee +jne short loc_00012c7e ; jne 0x12c7e mov eax, 0x80000012 -jmp short loc_00012c1c ; jmp 0x12c1c +jmp short loc_00012cac ; jmp 0x12cac -loc_00012c1a: ; not directly referenced +loc_00012caa: ; not directly referenced xor eax, eax -loc_00012c1c: ; not directly referenced +loc_00012cac: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -30564,7 +30621,7 @@ pop edi pop ebp ret -fcn_00012c24: ; not directly referenced +fcn_00012cb4: ; not directly referenced push ebp mov ebp, esp push edi @@ -30578,85 +30635,85 @@ push 1 lea ebx, [esi + 0x68] push ebx mov dword [ebp - 0x1c], eax -call fcn_00012bda ; call 0x12bda +call fcn_00012c6a ; call 0x12c6a add esp, 0x10 test eax, eax -jns short loc_00012c60 ; jns 0x12c60 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00012cf0 ; jns 0x12cf0 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00012cea ; je 0x12cea +je loc_00012d7a ; je 0x12d7a push eax push eax -push ref_00024f44 ; push 0x24f44 -jmp short loc_00012cdd ; jmp 0x12cdd +push ref_00024ff3 ; push 0x24ff3 +jmp short loc_00012d6d ; jmp 0x12d6d -loc_00012c60: ; not directly referenced +loc_00012cf0: ; not directly referenced mov eax, dword [ebp + 0xc] push ecx push ecx push dword [eax] lea eax, [esi + 0x60] push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop edi pop eax push 3 push ebx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0xc push 0 push 1 push ebx -call fcn_00012bda ; call 0x12bda +call fcn_00012c6a ; call 0x12c6a add esp, 0x10 mov edi, eax test eax, eax -jns short loc_00012c9f ; jns 0x12c9f +jns short loc_00012d2f ; jns 0x12d2f push edx push edx push 0xfffe push ebx -call fcn_00018890 ; call 0x18890 -jmp short loc_00012cc8 ; jmp 0x12cc8 +call fcn_00018954 ; call 0x18954 +jmp short loc_00012d58 ; jmp 0x12d58 -loc_00012c9f: ; not directly referenced +loc_00012d2f: ; not directly referenced xor edi, edi cmp byte [ebp - 0x1c], 1 -jne short loc_00012cef ; jne 0x12cef +jne short loc_00012d7f ; jne 0x12d7f sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -je short loc_00012ccd ; je 0x12ccd +je short loc_00012d5d ; je 0x12d5d sub esp, 0xc add esi, 0x64 push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp + 0xc] mov dword [edx], eax -loc_00012cc8: ; not directly referenced +loc_00012d58: ; not directly referenced add esp, 0x10 -jmp short loc_00012cef ; jmp 0x12cef +jmp short loc_00012d7f ; jmp 0x12d7f -loc_00012ccd: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00012d5d: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00012cea ; je 0x12cea +je short loc_00012d7a ; je 0x12d7a push eax push eax -push ref_00024f73 ; push 0x24f73 +push ref_00025022 ; push 0x25022 -loc_00012cdd: ; not directly referenced +loc_00012d6d: ; not directly referenced push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00012cea: ; not directly referenced +loc_00012d7a: ; not directly referenced mov edi, 0x80000007 -loc_00012cef: ; not directly referenced +loc_00012d7f: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edi pop ebx @@ -30665,7 +30722,7 @@ pop edi pop ebp ret -fcn_00012cf9: ; not directly referenced +fcn_00012d89: ; not directly referenced push ebp mov ebp, esp push edi @@ -30676,60 +30733,60 @@ mov al, byte [ebp + 0xc] mov byte [ebp - 0x29], al mov al, byte [ebp + 0x10] mov byte [ebp - 0x2a], al -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00012d35 ; je 0x12d35 +je short loc_00012dc5 ; je 0x12dc5 cmp dword [ebp + 8], 0 -jne short loc_00012d35 ; jne 0x12d35 +jne short loc_00012dc5 ; jne 0x12dc5 push eax -push ref_00024f96 ; push 0x24f96 +push ref_00025045 ; push 0x25045 push 0x96 -push ref_00024faa ; push 0x24faa -call fcn_000153fc ; call 0x153fc +push ref_00025059 ; push 0x25059 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00012d35: ; not directly referenced +loc_00012dc5: ; not directly referenced xor ebx, ebx lea esi, [ebp - 0x1c] -loc_00012d3a: ; not directly referenced +loc_00012dca: ; not directly referenced push esi push 0 push ebx -push ref_0002907c ; push 0x2907c +push ref_0002912c ; push 0x2912c mov dword [ebp - 0x1c], 0 -call fcn_00019699 ; call 0x19699 +call fcn_0001975d ; call 0x1975d add esp, 0x10 test eax, eax -jne short loc_00012d88 ; jne 0x12d88 +jne short loc_00012e18 ; jne 0x12e18 mov edx, dword [ebp - 0x1c] test edx, edx -je short loc_00012d88 ; je 0x12d88 +je short loc_00012e18 ; je 0x12e18 movzx ecx, word [edx] movzx edi, word [edx + 2] shl ecx, 0x10 or ecx, edi cmp ecx, dword [ebp + 8] -jne short loc_00012d88 ; jne 0x12d88 +jne short loc_00012e18 ; jne 0x12e18 mov cl, byte [edx + 4] cmp cl, 0xff -je short loc_00012d7b ; je 0x12d7b +je short loc_00012e0b ; je 0x12e0b cmp cl, byte [ebp - 0x29] -jne short loc_00012d88 ; jne 0x12d88 +jne short loc_00012e18 ; jne 0x12e18 -loc_00012d7b: ; not directly referenced +loc_00012e0b: ; not directly referenced mov dl, byte [edx + 5] cmp dl, 0xff -je short loc_00012d8d ; je 0x12d8d +je short loc_00012e1d ; je 0x12e1d cmp dl, byte [ebp - 0x2a] -je short loc_00012d8d ; je 0x12d8d +je short loc_00012e1d ; je 0x12e1d -loc_00012d88: ; not directly referenced +loc_00012e18: ; not directly referenced inc ebx test eax, eax -je short loc_00012d3a ; je 0x12d3a +je short loc_00012dca ; je 0x12dca -loc_00012d8d: ; not directly referenced +loc_00012e1d: ; not directly referenced mov eax, dword [ebp - 0x1c] lea esp, [ebp - 0xc] pop ebx @@ -30738,7 +30795,7 @@ pop edi pop ebp ret -fcn_00012d98: ; not directly referenced +fcn_00012e28: ; not directly referenced push ebp mov ebp, esp push esi @@ -30750,38 +30807,38 @@ push 0 push 0x1f movzx eax, byte [ebx + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 lea edx, [eax + 0x63bf] cmp dx, 6 -jbe short loc_00012dd6 ; jbe 0x12dd6 +jbe short loc_00012e66 ; jbe 0x12e66 add ax, 0x633f cmp ax, 0xa -ja short loc_00012e19 ; ja 0x12e19 +ja short loc_00012ea9 ; ja 0x12ea9 -loc_00012dd6: ; not directly referenced +loc_00012e66: ; not directly referenced push ecx push 0 push 0x1b movzx eax, byte [ebx + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00012e04 ; je 0x12e04 +je short loc_00012e94 ; je 0x12e94 push edx push edx -push ref_00024fd2 ; push 0x24fd2 +push ref_00025081 ; push 0x25081 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00012e04: ; not directly referenced +loc_00012e94: ; not directly referenced push eax mov eax, esi movzx esi, al @@ -30789,10 +30846,10 @@ add ebx, 0x42 push esi push 0x3f push ebx -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a add esp, 0x10 -loc_00012e19: ; not directly referenced +loc_00012ea9: ; not directly referenced lea esp, [ebp - 8] xor eax, eax pop ebx @@ -30800,27 +30857,27 @@ pop esi pop ebp ret -fcn_00012e22: ; not directly referenced +fcn_00012eb2: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x4c -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00012e45 ; je 0x12e45 +je short loc_00012ed5 ; je 0x12ed5 push eax push eax -push ref_00025017 ; push 0x25017 +push ref_000250c6 ; push 0x250c6 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00012e45: ; not directly referenced +loc_00012ed5: ; not directly referenced mov eax, dword [ebp + 8] mov esi, dword [eax + 4] -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb lea edi, [esi + 0x2030] mov dword [ebp - 0x2c], eax push eax @@ -30829,7 +30886,7 @@ push 0 push 0x1b movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0x1f @@ -30838,72 +30895,72 @@ mov eax, dword [ebp + 8] lea esi, [ebx + 0x120] movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, eax -jns short loc_00012edf ; jns 0x12edf +jns short loc_00012f6f ; jns 0x12f6f sub esp, 0xc push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc and eax, 0xfe or eax, 0x2000000 push eax push 0xf8ffff01 push esi -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp dword [ebp - 0x2c], 1 -jne short loc_00012edf ; jne 0x12edf +jne short loc_00012f6f ; jne 0x12f6f push eax push eax push 0xf7ff lea eax, [ebx + 0x78] push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 -loc_00012edf: ; not directly referenced +loc_00012f6f: ; not directly referenced sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, 0x7000000 -je short loc_00012f33 ; je 0x12f33 +je short loc_00012fc3 ; je 0x12fc3 push eax push eax push 0xffffff01 lea eax, [ebx + 0x114] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 cmp dword [ebp - 0x2c], 1 -jne short loc_00012f1d ; jne 0x12f1d +jne short loc_00012fad ; jne 0x12fad push edi push edi push 0x80000000 push esi -call fcn_00018a50 ; call 0x18a50 -jmp short loc_00012f30 ; jmp 0x12f30 +call fcn_00018b14 ; call 0x18b14 +jmp short loc_00012fc0 ; jmp 0x12fc0 -loc_00012f1d: ; not directly referenced +loc_00012fad: ; not directly referenced cmp dword [ebp - 0x2c], 2 -jne short loc_00012f33 ; jne 0x12f33 +jne short loc_00012fc3 ; jne 0x12fc3 push ecx push ecx push 0x7fffffff push esi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e -loc_00012f30: ; not directly referenced +loc_00012fc0: ; not directly referenced add esp, 0x10 -loc_00012f33: ; not directly referenced +loc_00012fc3: ; not directly referenced mov eax, dword [ebp + 8] lea ecx, [ebx + 0x10] mov dword [ebp - 0x40], ecx @@ -30913,149 +30970,149 @@ push edx push eax push ecx mov dword [ebp - 0x34], eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [ebx + 0x14] pop ecx pop esi mov dword [ebp - 0x44], eax push 0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f lea eax, [ebx + 4] pop edi pop edx mov dword [ebp - 0x48], eax push 2 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 cmp dword [ebp - 0x2c], 1 -jne short loc_00012f9e ; jne 0x12f9e +jne short loc_0001302e ; jne 0x1302e push esi push esi push 0x10 lea eax, [ebx + 0x43] push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop edi pop eax lea eax, [ebx + 0xc0] push 0x20000 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 mov eax, 0x4000 -jmp short loc_00012fbe ; jmp 0x12fbe +jmp short loc_0001304e ; jmp 0x1304e -loc_00012f9e: ; not directly referenced +loc_0001302e: ; not directly referenced xor eax, eax cmp dword [ebp - 0x2c], 2 -jne short loc_00012fbe ; jne 0x12fbe +jne short loc_0001304e ; jne 0x1304e push ecx push ecx push 0xbf lea eax, [ebx + 0x43] push eax -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d add esp, 0x10 mov eax, 0x1000000 -loc_00012fbe: ; not directly referenced +loc_0001304e: ; not directly referenced push edx push edx push eax lea eax, [ebx + 0xc4] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp dword [ebp - 0x2c], 1 -jne short loc_00012fec ; jne 0x12fec +jne short loc_0001307c ; jne 0x1307c push eax push eax push 0x7fffffff lea eax, [ebx + 0xd0] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_00012fec: ; not directly referenced +loc_0001307c: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x372], 0 -jne short loc_00013007 ; jne 0x13007 +jne short loc_00013097 ; jne 0x13097 push eax push eax push 0x7f lea eax, [ebx + 0x4d] push eax -call fcn_00018699 ; call 0x18699 -jmp short loc_00013033 ; jmp 0x13033 +call fcn_0001875d ; call 0x1875d +jmp short loc_000130c3 ; jmp 0x130c3 -loc_00013007: ; not directly referenced +loc_00013097: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x373], 0 -je short loc_00013036 ; je 0x13036 +je short loc_000130c6 ; je 0x130c6 sub esp, 0xc lea eax, [ebx + 0x4d] push eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 test al, 1 -jne short loc_00013036 ; jne 0x13036 +jne short loc_000130c6 ; jne 0x130c6 push edi push edi push 1 lea eax, [ebx + 0x4c] push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 -loc_00013033: ; not directly referenced +loc_000130c3: ; not directly referenced add esp, 0x10 -loc_00013036: ; not directly referenced +loc_000130c6: ; not directly referenced cmp dword [ebp - 0x2c], 2 -jne short loc_00013069 ; jne 0x13069 +jne short loc_000130f9 ; jne 0x130f9 push eax push eax mov eax, dword [ebp - 0x34] push 1 add eax, 0x12 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 pop eax pop edx lea eax, [ebx + 0x41] push 1 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 lea eax, [ebx + 0x42] pop ecx pop esi push 4 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 -loc_00013069: ; not directly referenced +loc_000130f9: ; not directly referenced mov edi, dword [ebp - 0x34] push eax push eax push 1 lea esi, [edi + 8] push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 1 push 1 push esi -call fcn_00012bda ; call 0x12bda +call fcn_00012c6a ; call 0x12c6a mov dword [esp], edi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 pop edx pop ecx movzx eax, ax push eax push edi -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 mov ecx, 3 cmp dword [ebp - 0x2c], 2 pop eax @@ -31066,62 +31123,62 @@ lea edx, [edi + 0xe] push eax push edx mov dword [ebp - 0x3c], edx -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop ecx pop edi push 0xfffffffffffffffe push esi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0xc push 0 push 1 push esi -call fcn_00012bda ; call 0x12bda +call fcn_00012c6a ; call 0x12c6a add esp, 0x10 mov edi, eax test eax, eax -jns short loc_000130f0 ; jns 0x130f0 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00013180 ; jns 0x13180 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00013407 ; je 0x13407 +je loc_00013497 ; je 0x13497 push eax push eax -push ref_0002502e ; push 0x2502e -jmp short loc_00013136 ; jmp 0x13136 +push ref_000250dd ; push 0x250dd +jmp short loc_000131c6 ; jmp 0x131c6 -loc_000130f0: ; not directly referenced +loc_00013180: ; not directly referenced push edi push edi push 1 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov eax, dword [ebp + 8] movzx eax, word [eax + 0x374] mov dword [esp], eax -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0xc push 1 push 1 push esi -call fcn_00012bda ; call 0x12bda +call fcn_00012c6a ; call 0x12c6a add esp, 0x10 mov edi, eax test eax, eax -jns short loc_00013148 ; jns 0x13148 -call fcn_000153e9 ; call 0x153e9 +jns short loc_000131d8 ; jns 0x131d8 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00013407 ; je 0x13407 +je loc_00013497 ; je 0x13497 push ecx push ecx -push ref_00025069 ; push 0x25069 +push ref_00025118 ; push 0x25118 -loc_00013136: ; not directly referenced +loc_000131c6: ; not directly referenced push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_00013407 ; jmp 0x13407 +jmp near loc_00013497 ; jmp 0x13497 -loc_00013148: ; not directly referenced +loc_000131d8: ; not directly referenced cmp dword [ebp - 0x2c], 2 mov edx, 3 mov eax, 0xf @@ -31130,11 +31187,11 @@ cmove eax, edx xor edx, edx mov word [ebp - 0x38], ax -loc_00013164: ; not directly referenced +loc_000131f4: ; not directly referenced sub esp, 0xc push dword [ebp - 0x3c] mov dword [ebp - 0x4c], edx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov edx, dword [ebp - 0x4c] add esp, 0x10 mov byte [ebp - 0x2d], al @@ -31142,56 +31199,56 @@ mov al, byte [ebp - 0x38] and byte [ebp - 0x2d], al mov al, byte [ebp - 0x2d] cmp al, dl -jne short loc_0001318c ; jne 0x1318c +jne short loc_0001321c ; jne 0x1321c test al, al -jne short loc_000131db ; jne 0x131db +jne short loc_0001326b ; jne 0x1326b -loc_0001318c: ; not directly referenced +loc_0001321c: ; not directly referenced sub esp, 0xc push 0x64 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec edi -je short loc_000131a1 ; je 0x131a1 +je short loc_00013231 ; je 0x13231 mov dl, byte [ebp - 0x2d] -jmp short loc_00013164 ; jmp 0x13164 +jmp short loc_000131f4 ; jmp 0x131f4 -loc_000131a1: ; not directly referenced +loc_00013231: ; not directly referenced cmp byte [ebp - 0x2d], 0 -jne short loc_000131db ; jne 0x131db -call fcn_000153e9 ; call 0x153e9 +jne short loc_0001326b ; jne 0x1326b +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000131c4 ; je 0x131c4 +je short loc_00013254 ; je 0x13254 push edx push edx -push ref_000250a4 ; push 0x250a4 +push ref_00025153 ; push 0x25153 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000131c4: ; not directly referenced +loc_00013254: ; not directly referenced push eax mov edi, 0x80000007 push eax push 0xfffffffffffffffe push esi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -jmp near loc_00013407 ; jmp 0x13407 +jmp near loc_00013497 ; jmp 0x13497 -loc_000131db: ; not directly referenced +loc_0001326b: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x371], 1 -jne short loc_000131fa ; jne 0x131fa +jne short loc_0001328a ; jne 0x1328a push eax add ebx, 0x54 push eax push 0x100 push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_000131fa: ; not directly referenced +loc_0001328a: ; not directly referenced xor eax, eax cmp dword [ebp - 0x2c], 2 mov byte [ebp - 0x2c], 0 @@ -31199,25 +31256,25 @@ setne al lea eax, [eax + eax + 2] mov word [ebp - 0x3c], ax -loc_0001320f: ; not directly referenced +loc_0001329f: ; not directly referenced movzx eax, byte [ebp - 0x2c] cmp ax, word [ebp - 0x3c] -jae loc_00013405 ; jae 0x13405 +jae loc_00013495 ; jae 0x13495 test byte [ebp - 0x2d], 1 -jne short loc_00013240 ; jne 0x13240 -call fcn_000153e9 ; call 0x153e9 +jne short loc_000132d0 ; jne 0x132d0 +call fcn_00015479 ; call 0x15479 test al, al -je loc_000133fa ; je 0x133fa +je loc_0001348a ; je 0x1348a push eax movzx eax, byte [ebp - 0x2c] push eax -push ref_000250c3 ; push 0x250c3 -jmp near loc_00013345 ; jmp 0x13345 +push ref_00025172 ; push 0x25172 +jmp near loc_000133d5 ; jmp 0x133d5 -loc_00013240: ; not directly referenced +loc_000132d0: ; not directly referenced mov eax, dword [ebp + 8] cmp byte [eax + 0x371], 0 -je short loc_0001326b ; je 0x1326b +je short loc_000132fb ; je 0x132fb mov cl, byte [ebp - 0x2c] push eax push eax @@ -31228,10 +31285,10 @@ push eax mov eax, dword [ebp - 0x34] add eax, 0xc push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_0001326b: ; not directly referenced +loc_000132fb: ; not directly referenced movzx ebx, byte [ebp - 0x2c] mov eax, ebx shl eax, 0x1c @@ -31243,20 +31300,20 @@ push 1 lea eax, [ebp - 0x24] push eax push dword [ebp - 0x34] -call fcn_00012c24 ; call 0x12c24 +call fcn_00012cb4 ; call 0x12cb4 add esp, 0x10 mov edi, eax test eax, eax -jns short loc_000132b0 ; jns 0x132b0 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00013340 ; jns 0x13340 +call fcn_00015479 ; call 0x15479 test al, al -je loc_00013407 ; je 0x13407 +je loc_00013497 ; je 0x13497 push eax push eax -push ref_000250e0 ; push 0x250e0 -jmp near loc_00013136 ; jmp 0x13136 +push ref_0002518f ; push 0x2518f +jmp near loc_000131c6 ; jmp 0x131c6 -loc_000132b0: ; not directly referenced +loc_00013340: ; not directly referenced mov eax, dword [ebp - 0x38] push esi push 1 @@ -31265,63 +31322,63 @@ mov dword [ebp - 0x20], eax lea eax, [ebp - 0x20] push eax push dword [ebp - 0x34] -call fcn_00012c24 ; call 0x12c24 +call fcn_00012cb4 ; call 0x12cb4 add esp, 0x10 mov edi, eax test eax, eax -jns short loc_000132ec ; jns 0x132ec -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001337c ; jns 0x1337c +call fcn_00015479 ; call 0x15479 test al, al -je loc_00013407 ; je 0x13407 +je loc_00013497 ; je 0x13497 push ecx push ecx -push ref_00025114 ; push 0x25114 -jmp near loc_00013136 ; jmp 0x13136 +push ref_000251c3 ; push 0x251c3 +jmp near loc_000131c6 ; jmp 0x131c6 -loc_000132ec: ; not directly referenced +loc_0001337c: ; not directly referenced mov eax, dword [ebp - 0x20] movzx eax, ah mov dword [ebp - 0x20], eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00013317 ; je 0x13317 +je short loc_000133a7 ; je 0x133a7 sub esp, 0xc push dword [ebp - 0x20] push dword [ebp - 0x24] push ebx -push ref_00025140 ; push 0x25140 +push ref_000251ef ; push 0x251ef push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00013317: ; not directly referenced +loc_000133a7: ; not directly referenced movzx eax, byte [ebp - 0x20] push edx push ebx push eax push dword [ebp - 0x24] -call fcn_00012cf9 ; call 0x12cf9 +call fcn_00012d89 ; call 0x12d89 add esp, 0x10 mov esi, eax test eax, eax -jne short loc_00013357 ; jne 0x13357 -call fcn_000153e9 ; call 0x153e9 +jne short loc_000133e7 ; jne 0x133e7 +call fcn_00015479 ; call 0x15479 test al, al -je loc_000133fa ; je 0x133fa +je loc_0001348a ; je 0x1348a push eax push dword [ebp - 0x24] -push ref_00025170 ; push 0x25170 +push ref_0002521f ; push 0x2521f -loc_00013345: ; not directly referenced +loc_000133d5: ; not directly referenced push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp near loc_000133fa ; jmp 0x133fa +jmp near loc_0001348a ; jmp 0x1348a -loc_00013357: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_000133e7: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00013388 ; je 0x13388 +je short loc_00013418 ; je 0x13418 push eax movzx eax, word [esi + 6] push eax @@ -31333,34 +31390,34 @@ movzx eax, word [esi + 2] push eax movzx eax, word [esi] push eax -push ref_000251b6 ; push 0x251b6 +push ref_00025265 ; push 0x25265 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_00013388: ; not directly referenced +loc_00013418: ; not directly referenced xor ebx, ebx -loc_0001338a: ; not directly referenced +loc_0001341a: ; not directly referenced movzx eax, word [esi + 6] cmp ebx, eax -jae short loc_000133fa ; jae 0x133fa +jae short loc_0001348a ; jae 0x1348a mov eax, dword [esi + ebx*4 + 0xc] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000133c2 ; je 0x133c2 +je short loc_00013452 ; je 0x13452 mov eax, dword [ebp - 0x1c] shr eax, 0x1c -je short loc_000133c2 ; je 0x133c2 +je short loc_00013452 ; je 0x13452 push eax -push ref_0002520c ; push 0x2520c +push ref_000252bb ; push 0x252bb push 0x26a -push ref_00024faa ; push 0x24faa -call fcn_000153fc ; call 0x153fc +push ref_00025059 ; push 0x25059 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000133c2: ; not directly referenced +loc_00013452: ; not directly referenced mov eax, dword [ebp - 0x38] or dword [ebp - 0x1c], eax push eax @@ -31368,59 +31425,59 @@ push 0 lea eax, [ebp - 0x1c] push eax push dword [ebp - 0x34] -call fcn_00012c24 ; call 0x12c24 +call fcn_00012cb4 ; call 0x12cb4 add esp, 0x10 mov edi, eax test eax, eax -jns short loc_000133f7 ; jns 0x133f7 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00013487 ; jns 0x13487 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00013407 ; je 0x13407 +je short loc_00013497 ; je 0x13497 push eax push dword [ebp - 0x24] -push ref_00025226 ; push 0x25226 -jmp near loc_00013136 ; jmp 0x13136 +push ref_000252d5 ; push 0x252d5 +jmp near loc_000131c6 ; jmp 0x131c6 -loc_000133f7: ; not directly referenced +loc_00013487: ; not directly referenced inc ebx -jmp short loc_0001338a ; jmp 0x1338a +jmp short loc_0001341a ; jmp 0x1341a -loc_000133fa: ; not directly referenced +loc_0001348a: ; not directly referenced inc byte [ebp - 0x2c] shr byte [ebp - 0x2d], 1 -jmp near loc_0001320f ; jmp 0x1320f +jmp near loc_0001329f ; jmp 0x1329f -loc_00013405: ; not directly referenced +loc_00013495: ; not directly referenced xor edi, edi -loc_00013407: ; not directly referenced +loc_00013497: ; not directly referenced push edx push edx push 0xfffd push dword [ebp - 0x48] -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 pop ecx pop ebx push 0 push dword [ebp - 0x40] -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop esi pop eax push 0 push dword [ebp - 0x44] -call fcn_00017dcb ; call 0x17dcb -call fcn_000153e9 ; call 0x153e9 +call fcn_00017e8f ; call 0x17e8f +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_0001344b ; je 0x1344b +je short loc_000134db ; je 0x134db push eax push eax -push ref_0002525a ; push 0x2525a +push ref_00025309 ; push 0x25309 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001344b: ; not directly referenced +loc_000134db: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edi pop ebx @@ -31429,7 +31486,7 @@ pop edi pop ebp ret -fcn_00013455: +fcn_000134e5: push ebp mov ebp, esp push edi @@ -31440,27 +31497,27 @@ sub esp, 0xc mov esi, dword [ebp + 0xc] lea edi, [esi + 0x20] -loc_00013469: +loc_000134f9: sub esp, 0xc push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 2 -je short loc_00013489 ; je 0x13489 +je short loc_00013519 ; je 0x13519 sub esp, 0xc push 0x64 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec ebx -jne short loc_00013469 ; jne 0x13469 +jne short loc_000134f9 ; jne 0x134f9 -loc_00013489: +loc_00013519: sub esp, 0xc push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 2 -jne short loc_000134b2 ; jne 0x134b2 +jne short loc_00013542 ; jne 0x13542 add esi, 0x60 mov dword [ebp + 8], esi mov dword [ebp + 0xc], 1 @@ -31469,9 +31526,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -loc_000134b2: +loc_00013542: lea esp, [ebp - 0xc] pop ebx pop esi @@ -31479,7 +31536,7 @@ pop edi pop ebp ret -fcn_000134ba: +fcn_0001354a: push ebp mov ebp, esp push edi @@ -31489,18 +31546,18 @@ sub esp, 0x18 mov ebx, dword [ebp + 0x14] lea esi, [ebx + 0x84] push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 1 -je short loc_00013502 ; je 0x13502 +je short loc_00013592 ; je 0x13592 -loc_000134d9: +loc_00013569: sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 1 -je short loc_00013547 ; je 0x13547 +je short loc_000135d7 ; je 0x135d7 sub ebx, 0xffffff80 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], 2 @@ -31509,38 +31566,38 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018863 ; jmp 0x18863 +jmp near fcn_00018927 ; jmp 0x18927 -loc_00013502: +loc_00013592: sub esp, 0xc lea edi, [ebx + 0x80] push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx and eax, 0xfffffffe push eax push edi mov edi, 0xc8 -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_00013525: +loc_000135b5: sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 1 -jne short loc_000134d9 ; jne 0x134d9 +jne short loc_00013569 ; jne 0x13569 sub esp, 0xc push 0x64 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec edi -jne short loc_00013525 ; jne 0x13525 -jmp short loc_000134d9 ; jmp 0x134d9 +jne short loc_000135b5 ; jne 0x135b5 +jmp short loc_00013569 ; jmp 0x13569 -loc_00013547: +loc_000135d7: lea esp, [ebp - 0xc] pop ebx pop esi @@ -31548,7 +31605,7 @@ pop edi pop ebp ret -fcn_0001354f: +fcn_000135df: push ebp mov ebp, esp push edi @@ -31559,123 +31616,123 @@ movzx eax, byte [ebp + 0x10] mov byte [ebp - 0x19], 0 mov dword [ebp - 0x2c], eax -loc_00013563: -call fcn_0001c181 ; call 0x1c181 +loc_000135f3: +call fcn_0001c245 ; call 0x1c245 cmp byte [ebp - 0x19], al -jae loc_00013764 ; jae 0x13764 +jae loc_000137f4 ; jae 0x137f4 movzx esi, byte [ebp - 0x19] push ecx -movzx eax, byte [esi + esi + ref_00020461] ; movzx eax, byte [esi + esi + 0x20461] +movzx eax, byte [esi + esi + ref_000204f1] ; movzx eax, byte [esi + esi + 0x204f1] push eax -movzx eax, byte [esi + esi + ref_00020460] ; movzx eax, byte [esi + esi + 0x20460] +movzx eax, byte [esi + esi + ref_000204f0] ; movzx eax, byte [esi + esi + 0x204f0] push eax push dword [ebp - 0x2c] mov dword [ebp - 0x28], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov ebx, eax mov eax, dword [ebp + 8] lea eax, [eax + esi*8] cmp byte [eax], 0 mov dword [ebp - 0x24], eax -jne short loc_000135c0 ; jne 0x135c0 +jne short loc_00013650 ; jne 0x13650 push edi push edi push 0 lea eax, [ebx + 0x10] add ebx, 4 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax pop edx push 0 push ebx -jmp near loc_0001371f ; jmp 0x1371f +jmp near loc_000137af ; jmp 0x137af -loc_000135c0: +loc_00013650: mov eax, dword [ebp + 8] cmp byte [eax + 0x13], 1 -jne short loc_000135dc ; jne 0x135dc +jne short loc_0001366c ; jne 0x1366c push esi push esi push 0xfffc lea eax, [ebx + 0x78] push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 -loc_000135dc: +loc_0001366c: sub esp, 0xc lea edi, [ebx + 0x10] push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, eax -jne short loc_0001361f ; jne 0x1361f +jne short loc_000136af ; jne 0x136af sub esp, 0xc lea eax, [ebx + 4] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 2 -jne short loc_0001361f ; jne 0x1361f +jne short loc_000136af ; jne 0x136af push ecx push ecx push dword [ebp + 0xc] push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 mov esi, dword [ebp + 0xc] mov byte [ebp - 0x1a], 0 mov word [ebp - 0x1c], 0 -jmp short loc_00013640 ; jmp 0x13640 +jmp short loc_000136d0 ; jmp 0x136d0 -loc_0001361f: +loc_000136af: sub esp, 0xc push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax lea eax, [ebx + 4] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov byte [ebp - 0x1a], 1 mov word [ebp - 0x1c], ax -loc_00013640: +loc_000136d0: push edx push edx lea eax, [ebx + 4] push 6 push eax mov dword [ebp - 0x20], eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 cmp byte [ebp - 0x1a], 0 -jne short loc_00013669 ; jne 0x13669 +jne short loc_000136f9 ; jne 0x136f9 push eax push eax push 2 lea eax, [esi + 0x20] push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 -loc_00013669: +loc_000136f9: push eax push eax push 1 lea edx, [ebx + 0x80] push edx mov dword [ebp - 0x34], edx -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 lea ecx, [esi + 4] push 0 push 0xf push 0xc push ecx mov dword [ebp - 0x30], ecx -call fcn_00018b02 ; call 0x18b02 +call fcn_00018bc6 ; call 0x18bc6 mov eax, dword [ebp - 0x24] add esp, 0x20 mov ecx, dword [ebp - 0x30] @@ -31687,82 +31744,82 @@ push eax push 3 push 0 push ecx -call fcn_00018b02 ; call 0x18b02 +call fcn_00018bc6 ; call 0x18bc6 pop eax pop edx mov edx, dword [ebp - 0x34] push 0xfffe push edx -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 lea edx, [ebx + 0x78] mov dword [esp], edx mov dword [ebp - 0x24], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop ecx pop edx mov edx, dword [ebp - 0x24] or eax, 4 push eax push edx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop ecx pop eax lea eax, [ebx + 0x7c] add ebx, 0x8c push 0x4080 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx and eax, 0xfbfff4ff or eax, 0x20400 push eax push ebx -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 cmp byte [ebp - 0x1a], 0 -je short loc_00013726 ; je 0x13726 +je short loc_000137b6 ; je 0x137b6 movzx eax, word [ebp - 0x1c] push esi push esi push eax push dword [ebp - 0x20] -loc_0001371f: -call fcn_00017d40 ; call 0x17d40 -jmp short loc_00013759 ; jmp 0x13759 +loc_000137af: +call fcn_00017e04 ; call 0x17e04 +jmp short loc_000137e9 ; jmp 0x137e9 -loc_00013726: +loc_000137b6: mov eax, dword [ebp + 8] cmp byte [eax + 0xb5], 0 -je short loc_00013740 ; je 0x13740 +je short loc_000137d0 ; je 0x137d0 push ebx push ebx push esi push dword [ebp - 0x28] -call fcn_00013455 ; call 0x13455 +call fcn_000134e5 ; call 0x134e5 add esp, 0x10 -loc_00013740: +loc_000137d0: push eax push eax push 0xfff9 push dword [ebp - 0x20] -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 pop edx pop ecx push 0 push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f -loc_00013759: +loc_000137e9: add esp, 0x10 inc byte [ebp - 0x19] -jmp near loc_00013563 ; jmp 0x13563 +jmp near loc_000135f3 ; jmp 0x135f3 -loc_00013764: +loc_000137f4: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -31771,7 +31828,7 @@ pop edi pop ebp ret -fcn_0001376e: +fcn_000137fe: push ebp mov ebp, esp push edi @@ -31784,59 +31841,59 @@ mov ebx, dword [ebp + 0xc] mov edi, dword [ebp + 0x18] mov dword [ebp - 0x24], ecx mov dword [ebp - 0x20], eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov esi, eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd mov dword [ebp - 0x1c], eax -call fcn_0001bb39 ; call 0x1bb39 +call fcn_0001bbfd ; call 0x1bbfd mov eax, dword [ebp - 0x20] cmp byte [eax + 0x10], 0 -je loc_00013ba6 ; je 0x13ba6 +je loc_00013c36 ; je 0x13c36 cmp esi, 1 -jne short loc_000137dc ; jne 0x137dc +jne short loc_0001386c ; jne 0x1386c sub esp, 0xc lea eax, [edi + 0xe0] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, 0x15000000 and eax, 0x18 sub eax, 8 cmp eax, 0x10 -ja short loc_000137d8 ; ja 0x137d8 -mov edx, dword [eax*4 + ref_000203dc] ; mov edx, dword [eax*4 + 0x203dc] +ja short loc_00013868 ; ja 0x13868 +mov edx, dword [eax*4 + ref_0002046c] ; mov edx, dword [eax*4 + 0x2046c] -loc_000137d8: +loc_00013868: push eax push edx -jmp short loc_000137e8 ; jmp 0x137e8 +jmp short loc_00013878 ; jmp 0x13878 -loc_000137dc: +loc_0001386c: cmp dword [ebp - 0x1c], 2 -jne short loc_000137f9 ; jne 0x137f9 +jne short loc_00013889 ; jne 0x13889 push ecx push 0xf000000 -loc_000137e8: +loc_00013878: push 0xffffff lea eax, [ebx + 4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000137f9: +loc_00013889: push eax push eax push 0xc401 lea eax, [edi + 0x44] push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 pop eax pop edx lea eax, [edi + 0x46] push 0xf push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0xc mov edx, 0xe0000000 cmp esi, 1 @@ -31849,163 +31906,163 @@ push edx push eax lea eax, [edi + 0x50] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x200000a push 0xff00 lea eax, [ebx + 0xc] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x600 push 0xffffffffffffffdf lea eax, [ebx + 0x10] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 cmp esi, 2 -jne short loc_000138b6 ; jne 0x138b6 +jne short loc_00013946 ; jne 0x13946 cmp dword [ebp - 0x1c], 1 -jne short loc_00013891 ; jne 0x13891 +jne short loc_00013921 ; jne 0x13921 push eax add edi, 0xb0 push 0x20000 push 0xffff9fff push edi -call fcn_00018aa4 ; call 0x18aa4 -jmp short loc_000138ae ; jmp 0x138ae +call fcn_00018b68 ; call 0x18b68 +jmp short loc_0001393e ; jmp 0x1393e -loc_00013891: +loc_00013921: cmp dword [ebp - 0x1c], 2 -jne loc_000139ca ; jne 0x139ca +jne loc_00013a5a ; jne 0x13a5a push eax add edi, 0xa8 push eax push 0x22000 push edi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 -loc_000138ae: +loc_0001393e: add esp, 0x10 -jmp near loc_000139ca ; jmp 0x139ca +jmp near loc_00013a5a ; jmp 0x13a5a -loc_000138b6: +loc_00013946: cmp esi, 1 -jne short loc_000138ea ; jne 0x138ea +jne short loc_0001397a ; jne 0x1397a push eax push eax push 0xfff7ffff lea eax, [ebx + 0x8008] push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0xc push 0x110000 -loc_000138d6: +loc_00013966: push 0xfffffeff lea eax, [ebx + 0x8058] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000138ea: +loc_0001397a: push ecx push ecx push 0x2040000 lea eax, [ebx + 0x8060] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop edi pop eax lea eax, [ebx + 0x8090] push 0x4100 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop eax pop edx lea eax, [ebx + 0x8094] push 0xa04000 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 0x40 push 0xfffeffff lea eax, [ebx + 0x80e0] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0xc00 push 0xffff8dff lea eax, [ebx + 0x80ec] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 lea eax, [ebx + 0x80f0] pop ecx pop edi push 0xffefffff push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 cmp esi, 2 -jne short loc_000139d5 ; jne 0x139d5 +jne short loc_00013a65 ; jne 0x13a65 push edi push edi push 0x2000000 lea eax, [ebx + 0x80fc] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0xc push 0x100800 push 0xfffffefb lea eax, [ebx + 0x8110] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0xff00f03c push 0 lea eax, [ebx + 0x8140] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx lea eax, [ebx + 0x8144] push 0x1c0 push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -jmp near loc_00013b97 ; jmp 0x13b97 +jmp near loc_00013c27 ; jmp 0x13c27 -loc_000139ca: +loc_00013a5a: push eax push 0x10000 -jmp near loc_000138d6 ; jmp 0x138d6 +jmp near loc_00013966 ; jmp 0x13966 -loc_000139d5: +loc_00013a65: cmp esi, 1 -jne loc_00013b97 ; jne 0x13b97 +jne loc_00013c27 ; jne 0x13c27 push ecx xor edi, edi push 0x100800 push 0xfffffffffffffffb lea eax, [ebx + 0x8110] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0xff03c132 push 0 lea eax, [ebx + 0x8140] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x100 push 0xffffff3f lea eax, [ebx + 0x8144] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 mov eax, 0x202000 -loc_00013a2b: +loc_00013abb: push ecx not eax push edi @@ -32013,104 +32070,104 @@ push eax lea edx, [ebx + 0x8154] push edx mov dword [ebp - 0x28], edx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx mov edx, dword [ebp - 0x28] push 0xfffffffffffffff7 push edx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 cmp esi, 2 -jne loc_00013af0 ; jne 0x13af0 +jne loc_00013b80 ; jne 0x13b80 push ecx push ecx push 3 lea eax, [ebx + 0x8164] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov eax, dword [ebp - 0x1c] add esp, 0x10 cmp eax, 1 -je short loc_00013a80 ; je 0x13a80 +je short loc_00013b10 ; je 0x13b10 cmp eax, 2 mov eax, 0xe403f cmove edi, eax -jmp short loc_00013a85 ; jmp 0x13a85 +jmp short loc_00013b15 ; jmp 0x13b15 -loc_00013a80: +loc_00013b10: mov edi, 0xe0038 -loc_00013a85: +loc_00013b15: push eax push edi push 0xfff00000 lea eax, [ebx + 0x816c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx lea eax, [ebx + 0x8174] push 0x1400c0a push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0xc push 0x33200a3 push 0 lea eax, [ebx + 0x817c] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0xcb0028 push 0 lea eax, [ebx + 0x8180] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc push 0x64001e push 0 lea eax, [ebx + 0x8184] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00013af0: +loc_00013b80: cmp esi, 2 sete dl cmp dword [ebp - 0x1c], 1 -jne short loc_00013b05 ; jne 0x13b05 +jne short loc_00013b95 ; jne 0x13b95 mov eax, 0x5000000 test dl, dl -jne short loc_00013b16 ; jne 0x13b16 +jne short loc_00013ba6 ; jne 0x13ba6 -loc_00013b05: +loc_00013b95: cmp dword [ebp - 0x1c], 2 mov eax, 0x1000000 mov ecx, 0x5000000 cmove eax, ecx -loc_00013b16: +loc_00013ba6: push ecx push ecx push eax lea eax, [ebx + 0x8188] push eax mov dword [ebp - 0x28], edx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp dword [ebp - 0x1c], 2 -jne short loc_00013ba6 ; jne 0x13ba6 +jne short loc_00013c36 ; jne 0x13c36 mov edx, dword [ebp - 0x28] test dl, dl -je short loc_00013ba6 ; je 0x13ba6 +je short loc_00013c36 ; je 0x13c36 cmp byte [ebp - 0x24], 7 -jbe short loc_00013ba6 ; jbe 0x13ba6 +jbe short loc_00013c36 ; jbe 0x13c36 push edx push 2 push 0xfffffffffffffff9 lea eax, [ebx + 0x8098] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov ecx, dword [ebp - 0x20] add esp, 0xc mov edx, 0x1737d @@ -32122,7 +32179,7 @@ push 0xfffd8000 lea eax, [ebx + 0x8198] add ebx, 0x819c push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], 0xfffffff0 @@ -32131,14 +32188,14 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018a7a ; jmp 0x18a7a +jmp near fcn_00018b3e ; jmp 0x18b3e -loc_00013b97: +loc_00013c27: mov eax, 0x200000 mov edi, 0x2000 -jmp near loc_00013a2b ; jmp 0x13a2b +jmp near loc_00013abb ; jmp 0x13abb -loc_00013ba6: +loc_00013c36: lea esp, [ebp - 0xc] pop ebx pop esi @@ -32146,36 +32203,36 @@ pop edi pop ebp ret -fcn_00013bae: +fcn_00013c3e: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x1c -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov esi, eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd mov edi, eax -call fcn_0001bb39 ; call 0x1bb39 +call fcn_0001bbfd ; call 0x1bbfd mov eax, dword [ebp + 8] push ebx push 0 push 0x14 movzx eax, byte [eax + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a push 0xc0 push 0xffffffffffffffff push 0xe5004001 push dword [ebp + 0xc] mov ebx, eax -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x14 lea edx, [ebx + 0x40] push edx mov dword [ebp - 0x20], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx mov edx, dword [ebp - 0x20] mov ecx, eax @@ -32186,7 +32243,7 @@ mov dword [ebp - 0x1c], ecx pop ecx push eax push edx -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop eax mov eax, dword [ebp - 0x1c] pop edx @@ -32196,52 +32253,52 @@ movzx eax, al push eax lea eax, [ebx + 0x42] push eax -call fcn_00017ce1 ; call 0x17ce1 +call fcn_00017da5 ; call 0x17da5 pop ecx pop eax lea eax, [ebx + 0x44] push 0x288 push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 cmp esi, 1 -je short loc_00013c6c ; je 0x13c6c +je short loc_00013cfc ; je 0x13cfc mov eax, 0xc0 cmp esi, 2 -jne short loc_00013c71 ; jne 0x13c71 +jne short loc_00013d01 ; jne 0x13d01 mov eax, 0x40040 cmp edi, 2 mov edx, 0x40000 cmovne eax, edx -jmp short loc_00013c71 ; jmp 0x13c71 +jmp short loc_00013d01 ; jmp 0x13d01 -loc_00013c6c: +loc_00013cfc: mov eax, 0x40 -loc_00013c71: +loc_00013d01: push ecx push ecx push eax lea eax, [ebx + 0xa0] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp edi, 2 -jne short loc_00013c92 ; jne 0x13c92 +jne short loc_00013d22 ; jne 0x13d22 mov eax, 0x1800 cmp esi, 2 -je short loc_00013c94 ; je 0x13c94 +je short loc_00013d24 ; je 0x13d24 -loc_00013c92: +loc_00013d22: xor eax, eax -loc_00013c94: +loc_00013d24: push edx add ebx, 0xa4 push eax push 0xffffdfff push ebx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 lea esp, [ebp - 0xc] pop ebx @@ -32250,7 +32307,7 @@ pop edi pop ebp ret -fcn_00013cb2: +fcn_00013d42: push ebp mov ebp, esp push edi @@ -32261,110 +32318,110 @@ mov edx, dword [ebp + 0xc] mov esi, dword [ebp + 0x10] mov ebx, dword [ebp + 0x18] mov dword [ebp - 0x1c], edx -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov edi, eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd mov edx, dword [ebp - 0x1c] cmp eax, 1 sete cl cmp edi, 1 -jne loc_00013ddd ; jne 0x13ddd +jne loc_00013e6d ; jne 0x13e6d test cl, cl -je loc_00013ddd ; je 0x13ddd +je loc_00013e6d ; je 0x13e6d mov eax, dword [ebp + 8] sub esp, 0xc lea edi, [eax + 0xe0] push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, dword [ebp - 0x1c] and eax, 6 cmp eax, 4 -je short loc_00013d2d ; je 0x13d2d +je short loc_00013dbd ; je 0x13dbd cmp eax, 6 -je short loc_00013d22 ; je 0x13d22 +je short loc_00013db2 ; je 0x13db2 cmp eax, 2 -jne short loc_00013d38 ; jne 0x13d38 +jne short loc_00013dc8 ; jne 0x13dc8 mov byte [edx], 0xc mov dword [ebx], 0x3f3f -jmp short loc_00013d41 ; jmp 0x13d41 +jmp short loc_00013dd1 ; jmp 0x13dd1 -loc_00013d22: +loc_00013db2: mov byte [edx], 8 mov dword [ebx], 0xf0f -jmp short loc_00013d41 ; jmp 0x13d41 +jmp short loc_00013dd1 ; jmp 0x13dd1 -loc_00013d2d: +loc_00013dbd: mov byte [edx], 0xa mov dword [ebx], 0xf3f -jmp short loc_00013d41 ; jmp 0x13d41 +jmp short loc_00013dd1 ; jmp 0x13dd1 -loc_00013d38: +loc_00013dc8: mov byte [edx], 0xe mov dword [ebx], 0x3fff -loc_00013d41: +loc_00013dd1: or dword [ebx], 0xf0 sub esp, 0xc push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x18 cmp eax, 0x10 -je short loc_00013d87 ; je 0x13d87 +je short loc_00013e17 ; je 0x13e17 cmp eax, 0x18 -je short loc_00013d76 ; je 0x13d76 +je short loc_00013e06 ; je 0x13e06 cmp eax, 8 -jne short loc_00013d98 ; jne 0x13d98 +jne short loc_00013e28 ; jne 0x13e28 mov eax, dword [ebp + 0x14] mov byte [eax], 4 mov eax, dword [ebp + 0x1c] mov dword [eax], 0xf -jmp short loc_00013da7 ; jmp 0x13da7 +jmp short loc_00013e37 ; jmp 0x13e37 -loc_00013d76: +loc_00013e06: mov eax, dword [ebp + 0x14] mov byte [eax], 0 mov eax, dword [ebp + 0x1c] mov dword [eax], 0 -jmp short loc_00013da7 ; jmp 0x13da7 +jmp short loc_00013e37 ; jmp 0x13e37 -loc_00013d87: +loc_00013e17: mov eax, dword [ebp + 0x14] mov byte [eax], 2 mov eax, dword [ebp + 0x1c] mov dword [eax], 3 -jmp short loc_00013da7 ; jmp 0x13da7 +jmp short loc_00013e37 ; jmp 0x13e37 -loc_00013d98: +loc_00013e28: mov eax, dword [ebp + 0x14] mov byte [eax], 6 mov eax, dword [ebp + 0x1c] mov dword [eax], 0x3f -loc_00013da7: +loc_00013e37: sub esp, 0xc push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x20 -je short loc_00013dcf ; je 0x13dcf +je short loc_00013e5f ; je 0x13e5f cmp eax, 0x20 -jne loc_00013ea5 ; jne 0x13ea5 +jne loc_00013f35 ; jne 0x13f35 mov byte [esi], 0 and dword [ebx], 0xffffbfff -jmp near loc_00013ea5 ; jmp 0x13ea5 +jmp near loc_00013f35 ; jmp 0x13f35 -loc_00013dcf: +loc_00013e5f: mov byte [esi], 1 or dword [ebx], 0x4000 -jmp near loc_00013ea5 ; jmp 0x13ea5 +jmp near loc_00013f35 ; jmp 0x13f35 -loc_00013ddd: +loc_00013e6d: cmp edi, 2 -jne short loc_00013e37 ; jne 0x13e37 +jne short loc_00013ec7 ; jne 0x13ec7 test cl, cl -je short loc_00013e37 ; je 0x13e37 +je short loc_00013ec7 ; je 0x13ec7 mov eax, dword [ebp + 0x14] sub esp, 0xc mov byte [edx], 8 @@ -32375,63 +32432,63 @@ mov dword [eax], 0xf mov eax, dword [ebp + 8] lea edi, [eax + 0xe0] push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x20 -je short loc_00013e2c ; je 0x13e2c +je short loc_00013ebc ; je 0x13ebc cmp eax, 0x20 -jne loc_00013ea5 ; jne 0x13ea5 +jne loc_00013f35 ; jne 0x13f35 mov byte [esi], 0 and dword [ebx], 0xfffffeff -jmp short loc_00013ea5 ; jmp 0x13ea5 +jmp short loc_00013f35 ; jmp 0x13f35 -loc_00013e2c: +loc_00013ebc: mov byte [esi], 1 or dword [ebx], 0x100 -jmp short loc_00013ea5 ; jmp 0x13ea5 +jmp short loc_00013f35 ; jmp 0x13f35 -loc_00013e37: +loc_00013ec7: cmp eax, 2 -jne short loc_00013ea5 ; jne 0x13ea5 +jne short loc_00013f35 ; jne 0x13f35 mov eax, dword [ebp + 8] sub esp, 0xc mov dword [ebp - 0x1c], edx lea edi, [eax + 0xe0] push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, dword [ebp - 0x1c] test al, 2 -je short loc_00013e69 ; je 0x13e69 +je short loc_00013ef9 ; je 0x13ef9 mov byte [edx], 8 mov dword [ebx], 0xff mov byte [esi], 0 -jmp short loc_00013e96 ; jmp 0x13e96 +jmp short loc_00013f26 ; jmp 0x13f26 -loc_00013e69: +loc_00013ef9: sub esp, 0xc mov byte [edx], 0xa mov dword [ebx], 0xff push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 0x20 -jne short loc_00013e8d ; jne 0x13e8d +jne short loc_00013f1d ; jne 0x13f1d mov byte [esi], 1 or dword [ebx], 0x400 -jmp short loc_00013e96 ; jmp 0x13e96 +jmp short loc_00013f26 ; jmp 0x13f26 -loc_00013e8d: +loc_00013f1d: mov byte [esi], 0 and dword [ebx], 0xfffffbff -loc_00013e96: +loc_00013f26: mov eax, dword [ebp + 0x14] mov byte [eax], 4 mov eax, dword [ebp + 0x1c] mov dword [eax], 0xf -loc_00013ea5: +loc_00013f35: lea esp, [ebp - 0xc] pop ebx pop esi @@ -32439,67 +32496,67 @@ pop edi pop ebp ret -fcn_00013ead: +fcn_00013f3d: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x3c -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd mov ebx, eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp ebx, 1 -jne short loc_00013ee6 ; jne 0x13ee6 +jne short loc_00013f76 ; jne 0x13f76 cmp eax, 2 -je short loc_00013f02 ; je 0x13f02 -mov ecx, ref_0002731c ; mov ecx, 0x2731c +je short loc_00013f92 ; je 0x13f92 +mov ecx, ref_000273cc ; mov ecx, 0x273cc xor edx, edx mov edi, ecx dec eax -mov eax, ref_00027358 ; mov eax, 0x27358 +mov eax, ref_00027408 ; mov eax, 0x27408 cmovne edi, edx cmove edx, eax mov dword [ebp - 0x34], edx -jmp short loc_00013f0e ; jmp 0x13f0e +jmp short loc_00013f9e ; jmp 0x13f9e -loc_00013ee6: -mov edx, ref_000272d0 ; mov edx, 0x272d0 +loc_00013f76: +mov edx, ref_00027380 ; mov edx, 0x27380 xor eax, eax mov edi, edx cmp ebx, 2 -mov edx, ref_000272e0 ; mov edx, 0x272e0 +mov edx, ref_00027390 ; mov edx, 0x27390 cmovne edi, eax cmove eax, edx mov dword [ebp - 0x34], eax -jmp short loc_00013f0e ; jmp 0x13f0e +jmp short loc_00013f9e ; jmp 0x13f9e -loc_00013f02: -mov edi, ref_0002730c ; mov edi, 0x2730c -mov dword [ebp - 0x34], ref_00027334 ; mov dword [ebp - 0x34], 0x27334 +loc_00013f92: +mov edi, ref_000273bc ; mov edi, 0x273bc +mov dword [ebp - 0x34], ref_000273e4 ; mov dword [ebp - 0x34], 0x273e4 -loc_00013f0e: +loc_00013f9e: test edi, edi -je short loc_00013f18 ; je 0x13f18 +je short loc_00013fa8 ; je 0x13fa8 cmp dword [ebp - 0x34], 0 -jne short loc_00013f42 ; jne 0x13f42 +jne short loc_00013fd2 ; jne 0x13fd2 -loc_00013f18: -call fcn_000153f0 ; call 0x153f0 +loc_00013fa8: +call fcn_00015480 ; call 0x15480 test al, al -je loc_0001480b ; je 0x1480b +je loc_0001489b ; je 0x1489b push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x601 -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp near loc_0001480b ; jmp 0x1480b +jmp near loc_0001489b ; jmp 0x1489b -loc_00013f42: +loc_00013fd2: mov eax, dword [ebp + 8] cmp byte [eax + 0x10], 0 -je loc_0001480b ; je 0x1480b +je loc_0001489b ; je 0x1489b push eax push eax lea eax, [ebp - 0x20] @@ -32513,46 +32570,46 @@ push eax lea eax, [ebp - 0x27] push eax push dword [ebp + 0x18] -call fcn_00013cb2 ; call 0x13cb2 +call fcn_00013d42 ; call 0x13d42 mov eax, dword [ebp + 0xc] add esp, 0x14 add eax, 0x10 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ecx, dword [ebp + 0xc] shr eax, 0x10 lea ebx, [ecx + eax*4] mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00013faf ; je 0x13faf +je short loc_0001403f ; je 0x1403f push eax push ebx -push ref_0002529d ; push 0x2529d +push ref_0002534c ; push 0x2534c push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 -loc_00013fac: +loc_0001403c: add esp, 0x10 -loc_00013faf: +loc_0001403f: mov eax, esi cmp al, 0xa -jne short loc_00014033 ; jne 0x14033 +jne short loc_000140c3 ; jne 0x140c3 sub esp, 0xc lea eax, [ebx + 0x20] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 1 -je loc_0001404f ; je 0x1404f +je loc_000140df ; je 0x140df sub esp, 0xc add ebx, 0x24 push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e movzx edx, byte [ebp - 0x25] add esp, 0x10 mov dword [ebp - 0x2c], 0 @@ -32560,50 +32617,50 @@ shr eax, 0x18 add eax, 0x47 shl eax, 4 -loc_00013fef: +loc_0001407f: cmp dword [ebp - 0x2c], edx -jae short loc_00014026 ; jae 0x14026 +jae short loc_000140b6 ; jae 0x140b6 mov ecx, dword [ebp - 0x2c] cmp eax, dword [edi + ecx*4] -jne short loc_00014021 ; jne 0x14021 -call fcn_000153e9 ; call 0x153e9 +jne short loc_000140b1 ; jne 0x140b1 +call fcn_00015479 ; call 0x15479 mov byte [ebp - 0x2d], 1 test al, al -je short loc_0001405a ; je 0x1405a +je short loc_000140ea ; je 0x140ea push esi push dword [ebp - 0x2c] -push ref_000252ca ; push 0x252ca +push ref_00025379 ; push 0x25379 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0001405a ; jmp 0x1405a +jmp short loc_000140ea ; jmp 0x140ea -loc_00014021: +loc_000140b1: inc dword [ebp - 0x2c] -jmp short loc_00013fef ; jmp 0x13fef +jmp short loc_0001407f ; jmp 0x1407f -loc_00014026: +loc_000140b6: mov dword [ebp - 0x2c], 0xffffffff mov byte [ebp - 0x2d], 1 -jmp short loc_0001405a ; jmp 0x1405a +jmp short loc_000140ea ; jmp 0x140ea -loc_00014033: +loc_000140c3: mov eax, esi movzx esi, ah test esi, esi -je short loc_0001404f ; je 0x1404f +je short loc_000140df ; je 0x140df lea ebx, [ebx + esi*4] sub esp, 0xc push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax -jmp near loc_00013fac ; jmp 0x13fac +jmp near loc_0001403c ; jmp 0x1403c -loc_0001404f: +loc_000140df: mov dword [ebp - 0x2c], 0xffffffff mov byte [ebp - 0x2d], 0 -loc_0001405a: +loc_000140ea: mov eax, dword [ebp + 0x18] push ebx push dword [ebp - 0x24] @@ -32611,7 +32668,7 @@ add eax, 0xd4 mov dword [ebp - 0x38], eax push 0xffff8000 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0xc mov eax, dword [ebp + 0x18] push dword [ebp - 0x20] @@ -32619,53 +32676,53 @@ add eax, 0xdc push 0xffffffffffffffc0 push eax mov dword [ebp - 0x3c], eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 lea eax, [ebp - 0x1c] mov dword [esp], eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 add esp, 0x10 cmp dword [ebp - 0x1c], 0x11 -je loc_0001480b ; je 0x1480b +je loc_0001489b ; je 0x1489b mov eax, dword [ebp + 0x1c] sub esp, 0xc add eax, 0xa2 push eax mov dword [ebp - 0x40], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 0x20 -je short loc_00014138 ; je 0x14138 +je short loc_000141c8 ; je 0x141c8 mov eax, dword [ebp + 0x1c] sub esp, 0xc add eax, 0xac push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, 0x10000 -je short loc_00014138 ; je 0x14138 +je short loc_000141c8 ; je 0x141c8 sub esp, 0xc push dword [ebp - 0x3c] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x3f cmp byte [ebp - 0x2d], 0 -je short loc_000140fe ; je 0x140fe +je short loc_0001418e ; je 0x1418e mov cl, byte [ebp - 0x2c] mov edx, 1 shl edx, cl or eax, edx -loc_000140fe: +loc_0001418e: push edx push eax mov eax, dword [ebp + 0x18] push 0xffffffffffffffc0 add eax, 0xd8 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop ecx push dword [ebp - 0x38] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc and eax, 0x7fff push eax @@ -32673,162 +32730,162 @@ mov eax, dword [ebp + 0x18] push 0xffff8000 add eax, 0xd0 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00014138: +loc_000141c8: mov eax, dword [ebp + 8] cmp byte [eax + 0xb5], 0 -jne short loc_0001415c ; jne 0x1415c +jne short loc_000141ec ; jne 0x141ec push eax push eax mov eax, dword [ebp + 0x1c] push 0xfffeffff add eax, 0xac push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_0001415c: +loc_000141ec: mov eax, dword [ebp + 8] mov esi, 1 mov al, byte [eax + 0x11] test al, al -je loc_00014240 ; je 0x14240 +je loc_000142d0 ; je 0x142d0 xor esi, esi dec al -jne loc_00014240 ; jne 0x14240 +jne loc_000142d0 ; jne 0x142d0 mov eax, dword [ebp + 8] mov al, byte [eax + 0x10] cmp al, 2 sete cl dec al mov esi, ecx -jne loc_00014240 ; jne 0x14240 +jne loc_000142d0 ; jne 0x142d0 sub esp, 0xc push dword [ebp - 0x40] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 0x20 -jne short loc_000141aa ; jne 0x141aa +jne short loc_0001423a ; jne 0x1423a -loc_000141a0: +loc_00014230: mov esi, 2 -jmp near loc_00014240 ; jmp 0x14240 +jmp near loc_000142d0 ; jmp 0x142d0 -loc_000141aa: +loc_0001423a: mov bl, byte [ebp - 0x2d] xor esi, esi and ebx, 1 -loc_000141b2: +loc_00014242: movzx eax, byte [ebp - 0x25] cmp esi, eax -jae short loc_000141dd ; jae 0x141dd +jae short loc_0001426d ; jae 0x1426d cmp esi, dword [ebp - 0x2c] -jne short loc_000141c3 ; jne 0x141c3 +jne short loc_00014253 ; jne 0x14253 test bl, bl -jne short loc_000141da ; jne 0x141da +jne short loc_0001426a ; jne 0x1426a -loc_000141c3: +loc_00014253: push eax mov eax, dword [ebp + 0xc] push 0x80000000 push 0xfffffffffffffffd add eax, dword [edi + esi*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000141da: +loc_0001426a: inc esi -jmp short loc_000141b2 ; jmp 0x141b2 +jmp short loc_00014242 ; jmp 0x14242 -loc_000141dd: +loc_0001426d: mov al, byte [ebp - 0x2d] mov ebx, 0xa and eax, 1 mov byte [ebp - 0x2e], al -loc_000141eb: +loc_0001427b: xor esi, esi xor edx, edx -loc_000141ef: +loc_0001427f: movzx eax, byte [ebp - 0x25] cmp edx, eax -jae short loc_0001421f ; jae 0x1421f +jae short loc_000142af ; jae 0x142af cmp edx, dword [ebp - 0x2c] -jne short loc_00014202 ; jne 0x14202 +jne short loc_00014292 ; jne 0x14292 cmp byte [ebp - 0x2e], 0 -jne short loc_0001421c ; jne 0x1421c +jne short loc_000142ac ; jne 0x142ac -loc_00014202: +loc_00014292: mov eax, dword [ebp + 0xc] sub esp, 0xc add eax, dword [edi + edx*4] mov dword [ebp - 0x44], edx push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x44] add esp, 0x10 or esi, eax -loc_0001421c: +loc_000142ac: inc edx -jmp short loc_000141ef ; jmp 0x141ef +jmp short loc_0001427f ; jmp 0x1427f -loc_0001421f: +loc_000142af: sub esp, 0xc push 0x2710 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 and esi, 0x10 -je loc_000141a0 ; je 0x141a0 +je loc_00014230 ; je 0x14230 dec ebx -jne short loc_000141eb ; jne 0x141eb -jmp near loc_000141a0 ; jmp 0x141a0 +jne short loc_0001427b ; jne 0x1427b +jmp near loc_00014230 ; jmp 0x14230 -loc_00014240: +loc_000142d0: cmp byte [ebp - 0x25], 0 -je loc_00014476 ; je 0x14476 +je loc_00014506 ; je 0x14506 mov eax, esi dec al -jne loc_00014476 ; jne 0x14476 +jne loc_00014506 ; jne 0x14506 mov eax, dword [ebp + 0x18] sub esp, 0xc lea ebx, [eax + 0xd0] push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, eax -je short loc_00014271 ; je 0x14271 +je short loc_00014301 ; je 0x14301 -loc_0001426d: +loc_000142fd: xor esi, esi -jmp short loc_000142bf ; jmp 0x142bf +jmp short loc_0001434f ; jmp 0x1434f -loc_00014271: +loc_00014301: mov eax, dword [ebp + 0x18] sub esp, 0xc add eax, 0xd8 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test eax, eax -jne short loc_0001426d ; jne 0x1426d -jmp near loc_00014476 ; jmp 0x14476 +jne short loc_000142fd ; jne 0x142fd +jmp near loc_00014506 ; jmp 0x14506 -loc_0001428e: +loc_0001431e: mov ecx, dword [ebp - 0x34] sub esp, 0xc mov eax, dword [ebp + 0xc] add eax, dword [ecx + esi*4] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 1 -je short loc_000142be ; je 0x142be +je short loc_0001434e ; je 0x1434e mov ecx, dword [ebp - 0x34] push eax mov eax, dword [ebp + 0xc] @@ -32836,62 +32893,62 @@ push 0x10 push 0xfffffffffffffffd add eax, dword [ecx + esi*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000142be: +loc_0001434e: inc esi -loc_000142bf: +loc_0001434f: movzx eax, byte [ebp - 0x27] cmp esi, eax -jb short loc_0001428e ; jb 0x1428e +jb short loc_0001431e ; jb 0x1431e mov dword [ebp - 0x38], 0xa -loc_000142ce: +loc_0001435e: xor esi, esi xor edx, edx -loc_000142d2: +loc_00014362: movzx eax, byte [ebp - 0x27] cmp edx, eax -jae short loc_000142fa ; jae 0x142fa +jae short loc_0001438a ; jae 0x1438a mov ecx, dword [ebp - 0x34] sub esp, 0xc mov eax, dword [ebp + 0xc] mov dword [ebp - 0x3c], edx add eax, dword [ecx + edx*4] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x3c] add esp, 0x10 inc edx or esi, eax -jmp short loc_000142d2 ; jmp 0x142d2 +jmp short loc_00014362 ; jmp 0x14362 -loc_000142fa: +loc_0001438a: sub esp, 0xc push 0x2710 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 and esi, 0x10 -je short loc_00014314 ; je 0x14314 +je short loc_000143a4 ; je 0x143a4 dec dword [ebp - 0x38] -jne short loc_000142ce ; jne 0x142ce +jne short loc_0001435e ; jne 0x1435e -loc_00014314: +loc_000143a4: push esi push esi push 0xffff8000 push ebx xor ebx, ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_00014326: +loc_000143b6: movzx eax, byte [ebp - 0x27] cmp ebx, eax -jae short loc_0001434b ; jae 0x1434b +jae short loc_000143db ; jae 0x143db push ecx mov ecx, dword [ebp - 0x34] push 0xfe0000 @@ -32900,13 +32957,13 @@ push 0xfffffffffffffffd add eax, dword [ecx + ebx*4] inc ebx push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -jmp short loc_00014326 ; jmp 0x14326 +jmp short loc_000143b6 ; jmp 0x143b6 -loc_0001434b: +loc_000143db: cmp byte [ebp - 0x26], 0 -je short loc_0001436b ; je 0x1436b +je short loc_000143fb ; je 0x143fb push edx mov edx, dword [ebp - 0x34] push 0xfe0000 @@ -32914,47 +32971,47 @@ mov ecx, dword [ebp + 0xc] push 0xfffffffffffffffd add ecx, dword [edx + eax*4] push ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_0001436b: +loc_000143fb: mov bl, byte [ebp - 0x2d] xor esi, esi and ebx, 1 -loc_00014373: +loc_00014403: movzx eax, byte [ebp - 0x25] cmp esi, eax -jae short loc_0001439e ; jae 0x1439e +jae short loc_0001442e ; jae 0x1442e cmp esi, dword [ebp - 0x2c] -jne short loc_00014384 ; jne 0x14384 +jne short loc_00014414 ; jne 0x14414 test bl, bl -jne short loc_0001439b ; jne 0x1439b +jne short loc_0001442b ; jne 0x1442b -loc_00014384: +loc_00014414: push eax mov eax, dword [ebp + 0xc] push 0x80000000 push 0xfffffffffffffffd add eax, dword [edi + esi*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_0001439b: +loc_0001442b: inc esi -jmp short loc_00014373 ; jmp 0x14373 +jmp short loc_00014403 ; jmp 0x14403 -loc_0001439e: +loc_0001442e: cmp byte [ebp - 0x2d], 0 mov eax, 0xffffffc0 -je short loc_000143b6 ; je 0x143b6 +je short loc_00014446 ; je 0x14446 mov cl, byte [ebp - 0x2c] mov eax, 1 shl eax, cl or eax, 0xffffffc0 -loc_000143b6: +loc_00014446: push ebx push ebx mov ebx, 0xa @@ -32962,122 +33019,122 @@ push eax mov eax, dword [ebp + 0x18] add eax, 0xd8 push eax -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e mov al, byte [ebp - 0x2d] add esp, 0x10 and eax, 1 mov byte [ebp - 0x38], al -loc_000143d8: +loc_00014468: xor esi, esi xor edx, edx -loc_000143dc: +loc_0001446c: movzx eax, byte [ebp - 0x25] cmp edx, eax -jae short loc_0001440c ; jae 0x1440c +jae short loc_0001449c ; jae 0x1449c cmp edx, dword [ebp - 0x2c] -jne short loc_000143ef ; jne 0x143ef +jne short loc_0001447f ; jne 0x1447f cmp byte [ebp - 0x38], 0 -jne short loc_00014409 ; jne 0x14409 +jne short loc_00014499 ; jne 0x14499 -loc_000143ef: +loc_0001447f: mov eax, dword [ebp + 0xc] sub esp, 0xc add eax, dword [edi + edx*4] mov dword [ebp - 0x3c], edx push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x3c] add esp, 0x10 or esi, eax -loc_00014409: +loc_00014499: inc edx -jmp short loc_000143dc ; jmp 0x143dc +jmp short loc_0001446c ; jmp 0x1446c -loc_0001440c: +loc_0001449c: sub esp, 0xc push 0x2710 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 and esi, 0x10 -je short loc_00014424 ; je 0x14424 +je short loc_000144b4 ; je 0x144b4 dec ebx -jne short loc_000143d8 ; jne 0x143d8 +jne short loc_00014468 ; jne 0x14468 -loc_00014424: +loc_000144b4: mov bl, byte [ebp - 0x2d] xor esi, esi and ebx, 1 -loc_0001442c: +loc_000144bc: movzx eax, byte [ebp - 0x25] cmp esi, eax -jae short loc_00014457 ; jae 0x14457 +jae short loc_000144e7 ; jae 0x144e7 cmp esi, dword [ebp - 0x2c] -jne short loc_0001443d ; jne 0x1443d +jne short loc_000144cd ; jne 0x144cd test bl, bl -jne short loc_00014454 ; jne 0x14454 +jne short loc_000144e4 ; jne 0x144e4 -loc_0001443d: +loc_000144cd: push ecx mov eax, dword [ebp + 0xc] push 0xfe0000 push 0xfffffffffffffffd add eax, dword [edi + esi*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00014454: +loc_000144e4: inc esi -jmp short loc_0001442c ; jmp 0x1442c +jmp short loc_000144bc ; jmp 0x144bc -loc_00014457: +loc_000144e7: mov eax, dword [ebp + 0xc] push esi push esi push 1 lea ebx, [eax + 0x80] push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop eax pop edx push 0xfffffffffffffffe push ebx -call fcn_00018a7a ; call 0x18a7a -jmp short loc_000144e0 ; jmp 0x144e0 +call fcn_00018b3e ; call 0x18b3e +jmp short loc_00014570 ; jmp 0x14570 -loc_00014476: +loc_00014506: cmp byte [ebp - 0x25], 0 -je loc_0001458f ; je 0x1458f +je loc_0001461f ; je 0x1461f mov eax, esi cmp al, 2 -jne short loc_000144e8 ; jne 0x144e8 +jne short loc_00014578 ; jne 0x14578 sub esp, 0xc push dword [ebp - 0x3c] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0x3f cmp byte [ebp - 0x2d], 0 -je short loc_000144a9 ; je 0x144a9 +je short loc_00014539 ; je 0x14539 mov cl, byte [ebp - 0x2c] mov edx, 1 shl edx, cl or eax, edx -loc_000144a9: +loc_00014539: push edx push eax mov eax, dword [ebp + 0x18] push 0xffffffffffffffc0 add eax, 0xd8 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop ecx push dword [ebp - 0x38] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0xc and eax, 0x7fff push eax @@ -33085,109 +33142,109 @@ mov eax, dword [ebp + 0x18] push 0xffff8000 add eax, 0xd0 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 -loc_000144e0: +loc_00014570: add esp, 0x10 -jmp near loc_0001458f ; jmp 0x1458f +jmp near loc_0001461f ; jmp 0x1461f -loc_000144e8: +loc_00014578: sub esp, 0xc push dword [ebp - 0x40] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 test al, 0x20 -je loc_0001458f ; je 0x1458f +je loc_0001461f ; je 0x1461f mov bl, byte [ebp - 0x2d] xor esi, esi and ebx, 1 -loc_00014506: +loc_00014596: movzx eax, byte [ebp - 0x25] cmp esi, eax -jae short loc_00014531 ; jae 0x14531 +jae short loc_000145c1 ; jae 0x145c1 cmp esi, dword [ebp - 0x2c] -jne short loc_00014517 ; jne 0x14517 +jne short loc_000145a7 ; jne 0x145a7 test bl, bl -jne short loc_0001452e ; jne 0x1452e +jne short loc_000145be ; jne 0x145be -loc_00014517: +loc_000145a7: push eax mov eax, dword [ebp + 0xc] push 0x80000000 push 0xfffffffffffffffd add eax, dword [edi + esi*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_0001452e: +loc_000145be: inc esi -jmp short loc_00014506 ; jmp 0x14506 +jmp short loc_00014596 ; jmp 0x14596 -loc_00014531: +loc_000145c1: mov al, byte [ebp - 0x2d] mov dword [ebp - 0x38], 0 and eax, 1 mov byte [ebp - 0x3c], al -loc_00014541: +loc_000145d1: cmp esi, dword [ebp - 0x2c] -jne short loc_0001454e ; jne 0x1454e +jne short loc_000145de ; jne 0x145de xor ebx, ebx cmp byte [ebp - 0x3c], 0 -jne short loc_00014584 ; jne 0x14584 +jne short loc_00014614 ; jne 0x14614 -loc_0001454e: +loc_000145de: xor ebx, ebx xor esi, esi -loc_00014552: +loc_000145e2: movzx eax, byte [ebp - 0x25] cmp esi, eax -jae short loc_00014571 ; jae 0x14571 +jae short loc_00014601 ; jae 0x14601 mov eax, dword [ebp + 0xc] sub esp, 0xc add eax, dword [edi + esi*4] inc esi push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 or ebx, eax -jmp short loc_00014552 ; jmp 0x14552 +jmp short loc_000145e2 ; jmp 0x145e2 -loc_00014571: +loc_00014601: sub esp, 0xc push 0x2710 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 inc dword [ebp - 0x38] -loc_00014584: +loc_00014614: and bl, 0x10 -je short loc_0001458f ; je 0x1458f +je short loc_0001461f ; je 0x1461f cmp dword [ebp - 0x38], 9 -jbe short loc_00014541 ; jbe 0x14541 +jbe short loc_000145d1 ; jbe 0x145d1 -loc_0001458f: +loc_0001461f: mov eax, dword [ebp + 8] xor ebx, ebx cmp byte [eax + 0x13], 1 -jne loc_000147cc ; jne 0x147cc +jne loc_0001485c ; jne 0x1485c -loc_0001459e: +loc_0001462e: movzx eax, byte [ebp - 0x27] cmp ebx, eax -jae short loc_000145d9 ; jae 0x145d9 +jae short loc_00014669 ; jae 0x14669 mov ecx, dword [ebp - 0x34] sub esp, 0xc mov eax, dword [ebp + 0xc] add eax, dword [ecx + ebx*4] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 1 -je short loc_000145d6 ; je 0x145d6 +je short loc_00014666 ; je 0x14666 push ecx mov ecx, dword [ebp - 0x34] push 0x10 @@ -33195,68 +33252,68 @@ mov eax, dword [ebp + 0xc] push 0xfffffffffffffffd add eax, dword [ecx + ebx*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000145d6: +loc_00014666: inc ebx -jmp short loc_0001459e ; jmp 0x1459e +jmp short loc_0001462e ; jmp 0x1462e -loc_000145d9: +loc_00014669: mov ebx, 0xa -loc_000145de: +loc_0001466e: xor esi, esi xor edx, edx -loc_000145e2: +loc_00014672: movzx eax, byte [ebp - 0x27] cmp edx, eax -jae short loc_0001460a ; jae 0x1460a +jae short loc_0001469a ; jae 0x1469a mov ecx, dword [ebp - 0x34] sub esp, 0xc mov eax, dword [ebp + 0xc] mov dword [ebp - 0x38], edx add eax, dword [ecx + edx*4] push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x38] add esp, 0x10 inc edx or esi, eax -jmp short loc_000145e2 ; jmp 0x145e2 +jmp short loc_00014672 ; jmp 0x14672 -loc_0001460a: +loc_0001469a: sub esp, 0xc push 0x2710 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 and esi, 0x10 -je short loc_00014622 ; je 0x14622 +je short loc_000146b2 ; je 0x146b2 dec ebx -jne short loc_000145de ; jne 0x145de +jne short loc_0001466e ; jne 0x1466e -loc_00014622: +loc_000146b2: movzx edx, byte [ebp - 0x27] xor eax, eax xor ecx, ecx mov ebx, 1 -loc_0001462f: +loc_000146bf: cmp ecx, edx -jae short loc_00014646 ; jae 0x14646 +jae short loc_000146d6 ; jae 0x146d6 mov esi, dword [ebp + 8] cmp byte [esi + ecx + 0x14], 1 -jne short loc_00014643 ; jne 0x14643 +jne short loc_000146d3 ; jne 0x146d3 mov esi, ebx shl esi, cl or eax, esi -loc_00014643: +loc_000146d3: inc ecx -jmp short loc_0001462f ; jmp 0x1462f +jmp short loc_000146bf ; jmp 0x146bf -loc_00014646: +loc_000146d6: push edx xor ebx, ebx push eax @@ -33264,13 +33321,13 @@ mov eax, dword [ebp + 0x18] push 0xffff8000 add eax, 0xd0 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_00014660: +loc_000146f0: movzx eax, byte [ebp - 0x27] cmp ebx, eax -jae short loc_00014685 ; jae 0x14685 +jae short loc_00014715 ; jae 0x14715 mov ecx, dword [ebp - 0x34] push esi mov eax, dword [ebp + 0xc] @@ -33279,13 +33336,13 @@ push 0xfffffffffffffffd add eax, dword [ecx + ebx*4] inc ebx push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -jmp short loc_00014660 ; jmp 0x14660 +jmp short loc_000146f0 ; jmp 0x146f0 -loc_00014685: +loc_00014715: cmp byte [ebp - 0x26], 0 -je short loc_000146a5 ; je 0x146a5 +je short loc_00014735 ; je 0x14735 mov edx, dword [ebp - 0x34] push ebx mov ecx, dword [ebp + 0xc] @@ -33293,65 +33350,65 @@ push 0xfe0000 push 0xfffffffffffffffd add ecx, dword [edx + eax*4] push ecx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000146a5: +loc_00014735: mov bl, byte [ebp - 0x2d] xor esi, esi and ebx, 1 -loc_000146ad: +loc_0001473d: movzx edx, byte [ebp - 0x25] cmp esi, edx -jae short loc_000146d8 ; jae 0x146d8 +jae short loc_00014768 ; jae 0x14768 cmp esi, dword [ebp - 0x2c] -jne short loc_000146be ; jne 0x146be +jne short loc_0001474e ; jne 0x1474e test bl, bl -jne short loc_000146d5 ; jne 0x146d5 +jne short loc_00014765 ; jne 0x14765 -loc_000146be: +loc_0001474e: push ecx mov eax, dword [ebp + 0xc] push 0x80000000 push 0xfffffffffffffffd add eax, dword [edi + esi*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000146d5: +loc_00014765: inc esi -jmp short loc_000146ad ; jmp 0x146ad +jmp short loc_0001473d ; jmp 0x1473d -loc_000146d8: +loc_00014768: xor eax, eax xor ecx, ecx mov ebx, 1 -loc_000146e1: +loc_00014771: cmp ecx, edx -je short loc_000146f8 ; je 0x146f8 +je short loc_00014788 ; je 0x14788 mov esi, dword [ebp + 8] cmp byte [esi + ecx + 0x22], 1 -jne short loc_000146f5 ; jne 0x146f5 +jne short loc_00014785 ; jne 0x14785 mov esi, ebx shl esi, cl or eax, esi -loc_000146f5: +loc_00014785: inc ecx -jmp short loc_000146e1 ; jmp 0x146e1 +jmp short loc_00014771 ; jmp 0x14771 -loc_000146f8: +loc_00014788: cmp byte [ebp - 0x2d], 0 -je short loc_0001470a ; je 0x1470a +je short loc_0001479a ; je 0x1479a mov cl, byte [ebp - 0x2c] mov edx, 1 shl edx, cl or eax, edx -loc_0001470a: +loc_0001479a: push edx mov ebx, 0xa push eax @@ -33359,101 +33416,101 @@ mov eax, dword [ebp + 0x18] push 0xffffffffffffffc0 add eax, 0xd8 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov al, byte [ebp - 0x2d] add esp, 0x10 and eax, 1 mov byte [ebp - 0x38], al -loc_0001472d: +loc_000147bd: xor esi, esi xor edx, edx -loc_00014731: +loc_000147c1: movzx eax, byte [ebp - 0x25] cmp edx, eax -jae short loc_00014761 ; jae 0x14761 +jae short loc_000147f1 ; jae 0x147f1 cmp edx, dword [ebp - 0x2c] -jne short loc_00014744 ; jne 0x14744 +jne short loc_000147d4 ; jne 0x147d4 cmp byte [ebp - 0x38], 0 -jne short loc_0001475e ; jne 0x1475e +jne short loc_000147ee ; jne 0x147ee -loc_00014744: +loc_000147d4: mov eax, dword [ebp + 0xc] sub esp, 0xc add eax, dword [edi + edx*4] mov dword [ebp - 0x3c], edx push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x3c] add esp, 0x10 or esi, eax -loc_0001475e: +loc_000147ee: inc edx -jmp short loc_00014731 ; jmp 0x14731 +jmp short loc_000147c1 ; jmp 0x147c1 -loc_00014761: +loc_000147f1: sub esp, 0xc push 0x2710 -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 and esi, 0x10 -je short loc_00014779 ; je 0x14779 +je short loc_00014809 ; je 0x14809 dec ebx -jne short loc_0001472d ; jne 0x1472d +jne short loc_000147bd ; jne 0x147bd -loc_00014779: +loc_00014809: mov bl, byte [ebp - 0x2d] xor esi, esi and ebx, 1 -loc_00014781: +loc_00014811: movzx eax, byte [ebp - 0x25] cmp esi, eax -jae short loc_000147ac ; jae 0x147ac +jae short loc_0001483c ; jae 0x1483c cmp esi, dword [ebp - 0x2c] -jne short loc_00014792 ; jne 0x14792 +jne short loc_00014822 ; jne 0x14822 test bl, bl -jne short loc_000147a9 ; jne 0x147a9 +jne short loc_00014839 ; jne 0x14839 -loc_00014792: +loc_00014822: push eax mov eax, dword [ebp + 0xc] push 0xfe0000 push 0xfffffffffffffffd add eax, dword [edi + esi*4] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 -loc_000147a9: +loc_00014839: inc esi -jmp short loc_00014781 ; jmp 0x14781 +jmp short loc_00014811 ; jmp 0x14811 -loc_000147ac: +loc_0001483c: mov eax, dword [ebp + 0xc] lea ebx, [eax + 0x80] push eax push eax push 1 push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 pop edx pop ecx push 0xfffffffffffffffe push ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e add esp, 0x10 -loc_000147cc: +loc_0001485c: mov eax, dword [ebp + 8] test byte [eax + 0x10], 0xfd -je short loc_0001480b ; je 0x1480b +je short loc_0001489b ; je 0x1489b cmp byte [eax + 0x11], 0 -je short loc_0001480b ; je 0x1480b +je short loc_0001489b ; je 0x1489b cmp byte [eax + 0xb5], 0 -je short loc_0001480b ; je 0x1480b +je short loc_0001489b ; je 0x1489b movzx eax, byte [ebp - 0x25] push eax movzx eax, byte [ebp - 0x27] @@ -33467,10 +33524,10 @@ movzx eax, al push 0 push 0x14 push eax -call fcn_000134ba ; call 0x134ba +call fcn_0001354a ; call 0x1354a add esp, 0x20 -loc_0001480b: +loc_0001489b: lea esp, [ebp - 0xc] pop ebx pop esi @@ -33478,7 +33535,7 @@ pop edi pop ebp ret -fcn_00014813: +fcn_000148a3: push ebp mov ebp, esp push edi @@ -33488,187 +33545,187 @@ sub esp, 0x44 push 0x10 lea eax, [ebp - 0x38] push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff pop eax pop edx lea eax, [ebp - 0x28] push 0x10 push eax -call fcn_00016f3b ; call 0x16f3b -call fcn_0001bef7 ; call 0x1bef7 +call fcn_00016fff ; call 0x16fff +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x40], eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd mov edx, dword [ebp + 8] add esp, 0x10 cmp byte [edx + 0x10], 0 -je loc_00014ac0 ; je 0x14ac0 +je loc_00014b50 ; je 0x14b50 cmp eax, 1 -jne loc_0001498b ; jne 0x1498b +jne loc_00014a1b ; jne 0x14a1b mov dword [ebp - 0x3c], 0 xor edi, edi xor ebx, ebx -loc_00014865: -call fcn_0001c19d ; call 0x1c19d +loc_000148f5: +call fcn_0001c261 ; call 0x1c261 movzx eax, al cmp ebx, eax -jae short loc_000148ea ; jae 0x148ea +jae short loc_0001497a ; jae 0x1497a mov eax, dword [ebp + 8] movzx ecx, byte [eax + ebx*8 + 0x2d] cmp cl, 8 -je short loc_000148e4 ; je 0x148e4 +je short loc_00014974 ; je 0x14974 cmp ebx, 7 -ja short loc_000148ac ; ja 0x148ac +ja short loc_0001493c ; ja 0x1493c cmp cl, 3 -jbe short loc_0001489e ; jbe 0x1489e -call fcn_000153f0 ; call 0x153f0 +jbe short loc_0001492e ; jbe 0x1492e +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000148e4 ; je 0x148e4 +je short loc_00014974 ; je 0x14974 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x9c4 -jmp short loc_000148c7 ; jmp 0x148c7 +jmp short loc_00014957 ; jmp 0x14957 -loc_0001489e: +loc_0001492e: lea ecx, [ebx + ecx*8] mov eax, 1 shl eax, cl or edi, eax -jmp short loc_000148e4 ; jmp 0x148e4 +jmp short loc_00014974 ; jmp 0x14974 -loc_000148ac: +loc_0001493c: lea eax, [ecx - 4] cmp al, 3 -jbe short loc_000148d6 ; jbe 0x148d6 -call fcn_000153f0 ; call 0x153f0 +jbe short loc_00014966 ; jbe 0x14966 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000148e4 ; je 0x148e4 +je short loc_00014974 ; je 0x14974 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x9d0 -loc_000148c7: -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +loc_00014957: +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_000148e4 ; jmp 0x148e4 +jmp short loc_00014974 ; jmp 0x14974 -loc_000148d6: +loc_00014966: lea ecx, [ebx + ecx*8 - 0x28] mov eax, 1 shl eax, cl or dword [ebp - 0x3c], eax -loc_000148e4: +loc_00014974: inc ebx -jmp near loc_00014865 ; jmp 0x14865 +jmp near loc_000148f5 ; jmp 0x148f5 -loc_000148ea: +loc_0001497a: xor ebx, ebx xor esi, esi xor edx, edx -loc_000148f0: +loc_00014980: mov dword [ebp - 0x44], edx -call fcn_0001c234 ; call 0x1c234 +call fcn_0001c2f8 ; call 0x1c2f8 mov edx, dword [ebp - 0x44] movzx eax, al cmp edx, eax -jae short loc_00014933 ; jae 0x14933 +jae short loc_000149c3 ; jae 0x149c3 mov eax, dword [ebp + 8] movzx eax, byte [eax + edx*4 + 0x9d] cmp al, 8 -je short loc_00014930 ; je 0x14930 +je short loc_000149c0 ; je 0x149c0 cmp al, 3 -ja short loc_00014923 ; ja 0x14923 +ja short loc_000149b3 ; ja 0x149b3 lea ecx, [edx + eax*8] mov eax, 1 shl eax, cl or esi, eax -jmp short loc_00014930 ; jmp 0x14930 +jmp short loc_000149c0 ; jmp 0x149c0 -loc_00014923: +loc_000149b3: lea ecx, [edx + eax*8 - 0x20] mov eax, 1 shl eax, cl or ebx, eax -loc_00014930: +loc_000149c0: inc edx -jmp short loc_000148f0 ; jmp 0x148f0 +jmp short loc_00014980 ; jmp 0x14980 -loc_00014933: +loc_000149c3: mov eax, dword [ebp + 0xc] push ecx push ecx push edi add eax, 0xc0 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop edi pop eax mov eax, dword [ebp + 0xc] push esi add eax, 0xc8 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 cmp dword [ebp - 0x40], 1 -jne loc_00014ac0 ; jne 0x14ac0 +jne loc_00014b50 ; jne 0x14b50 push eax push eax mov eax, dword [ebp + 0xc] push dword [ebp - 0x3c] add eax, 0xc4 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f pop eax mov eax, dword [ebp + 0xc] pop edx add eax, 0xcc push ebx push eax -call fcn_00017dcb ; call 0x17dcb -jmp near loc_00014abd ; jmp 0x14abd +call fcn_00017e8f ; call 0x17e8f +jmp near loc_00014b4d ; jmp 0x14b4d -loc_0001498b: +loc_00014a1b: xor ebx, ebx cmp eax, 2 -jne loc_00014a9f ; jne 0x14a9f +jne loc_00014b2f ; jne 0x14b2f -loc_00014996: -call fcn_0001c234 ; call 0x1c234 +loc_00014a26: +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp ebx, eax -jae short loc_000149e9 ; jae 0x149e9 +jae short loc_00014a79 ; jae 0x14a79 mov eax, dword [ebp + 8] mov al, byte [eax + ebx*4 + 0x9d] cmp al, 8 -je short loc_000149e6 ; je 0x149e6 +je short loc_00014a76 ; je 0x14a76 movzx esi, al -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000149d9 ; je 0x149d9 +je short loc_00014a69 ; je 0x14a69 cmp esi, 3 -jbe short loc_000149d9 ; jbe 0x149d9 +jbe short loc_00014a69 ; jbe 0x14a69 push eax -push ref_000252ee ; push 0x252ee +push ref_0002539d ; push 0x2539d push 0x9fd -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000149d9: +loc_00014a69: mov eax, 1 mov cl, bl shl eax, cl or dword [ebp + esi*4 - 0x28], eax -loc_000149e6: +loc_00014a76: inc ebx -jmp short loc_00014996 ; jmp 0x14996 +jmp short loc_00014a26 ; jmp 0x14a26 -loc_000149e9: +loc_00014a79: mov edx, dword [ebp + 0xc] mov eax, dword [ebp + 0xc] lea edi, [edx + 0xd0] @@ -33680,81 +33737,81 @@ mov esi, eax mov dword [ebp - 0x40], eax lea ebx, [ebp + edi - 0x28] -loc_00014a0a: +loc_00014a9a: push eax push eax push dword [ebx + esi - 0xc0] push esi add esi, 4 -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 cmp esi, dword [ebp - 0x3c] -jne short loc_00014a0a ; jne 0x14a0a +jne short loc_00014a9a ; jne 0x14a9a xor ebx, ebx -loc_00014a26: -call fcn_0001c1fd ; call 0x1c1fd +loc_00014ab6: +call fcn_0001c2c1 ; call 0x1c2c1 movzx eax, al cmp ebx, eax -jae short loc_00014a76 ; jae 0x14a76 +jae short loc_00014b06 ; jae 0x14b06 mov eax, dword [ebp + 8] mov al, byte [eax + ebx*8 + 0x2d] cmp al, 8 -je short loc_00014a73 ; je 0x14a73 +je short loc_00014b03 ; je 0x14b03 movzx esi, al -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00014a66 ; je 0x14a66 +je short loc_00014af6 ; je 0x14af6 cmp esi, 3 -jbe short loc_00014a66 ; jbe 0x14a66 +jbe short loc_00014af6 ; jbe 0x14af6 push ecx -push ref_000252ee ; push 0x252ee +push ref_0002539d ; push 0x2539d push 0xa0d -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00014a66: +loc_00014af6: mov eax, 1 mov cl, bl shl eax, cl or dword [ebp + esi*4 - 0x38], eax -loc_00014a73: +loc_00014b03: inc ebx -jmp short loc_00014a26 ; jmp 0x14a26 +jmp short loc_00014ab6 ; jmp 0x14ab6 -loc_00014a76: +loc_00014b06: mov eax, dword [ebp + 0xc] lea esi, [ebp + edi - 0x38] lea ebx, [eax + 0xb0] -loc_00014a83: +loc_00014b13: push edx push edx push dword [esi + ebx - 0xb0] push ebx add ebx, 4 -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 cmp ebx, dword [ebp - 0x40] -jne short loc_00014a83 ; jne 0x14a83 -jmp short loc_00014ac0 ; jmp 0x14ac0 +jne short loc_00014b13 ; jne 0x14b13 +jmp short loc_00014b50 ; jmp 0x14b50 -loc_00014a9f: -call fcn_000153f0 ; call 0x153f0 +loc_00014b2f: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00014ac0 ; je 0x14ac0 +je short loc_00014b50 ; je 0x14b50 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0xa16 -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c -loc_00014abd: +loc_00014b4d: add esp, 0x10 -loc_00014ac0: +loc_00014b50: lea esp, [ebp - 0xc] pop ebx pop esi @@ -33762,7 +33819,7 @@ pop edi pop ebp ret -fcn_00014ac8: +fcn_00014b58: push ebp mov ebp, esp push edi @@ -33776,83 +33833,83 @@ mov esi, dword [ebp + 8] mov dword [ebp - 0x24], eax mov eax, dword [ebp + 0x10] mov dword [ebp - 0x28], eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x20], 0 mov dword [ebp - 0x1c], eax -loc_00014af3: -call fcn_0001c1d4 ; call 0x1c1d4 +loc_00014b83: +call fcn_0001c298 ; call 0x1c298 movzx eax, al cmp ebx, eax -jae short loc_00014b79 ; jae 0x14b79 +jae short loc_00014c09 ; jae 0x14c09 movzx ecx, byte [esi + ebx*8 + 0x2d] cmp cl, 8 -je short loc_00014b73 ; je 0x14b73 +je short loc_00014c03 ; je 0x14c03 cmp ebx, 7 -ja short loc_00014b37 ; ja 0x14b37 +ja short loc_00014bc7 ; ja 0x14bc7 cmp cl, 3 -jbe short loc_00014b29 ; jbe 0x14b29 -call fcn_000153f0 ; call 0x153f0 +jbe short loc_00014bb9 ; jbe 0x14bb9 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00014b73 ; je 0x14b73 +je short loc_00014c03 ; je 0x14c03 push ecx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0xa69 -jmp short loc_00014b58 ; jmp 0x14b58 +jmp short loc_00014be8 ; jmp 0x14be8 -loc_00014b29: +loc_00014bb9: lea ecx, [ebx + ecx*8] mov eax, 1 shl eax, cl or edi, eax -jmp short loc_00014b73 ; jmp 0x14b73 +jmp short loc_00014c03 ; jmp 0x14c03 -loc_00014b37: +loc_00014bc7: cmp dword [ebp - 0x1c], 1 -jne short loc_00014b73 ; jne 0x14b73 +jne short loc_00014c03 ; jne 0x14c03 lea eax, [ecx - 4] cmp al, 3 -jbe short loc_00014b67 ; jbe 0x14b67 -call fcn_000153f0 ; call 0x153f0 +jbe short loc_00014bf7 ; jbe 0x14bf7 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00014b73 ; je 0x14b73 +je short loc_00014c03 ; je 0x14c03 push edx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0xa76 -loc_00014b58: -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +loc_00014be8: +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_00014b73 ; jmp 0x14b73 +jmp short loc_00014c03 ; jmp 0x14c03 -loc_00014b67: +loc_00014bf7: mov eax, dword [ebp - 0x1c] lea ecx, [ebx + ecx*8 - 0x28] shl eax, cl or dword [ebp - 0x20], eax -loc_00014b73: +loc_00014c03: inc ebx -jmp near loc_00014af3 ; jmp 0x14af3 +jmp near loc_00014b83 ; jmp 0x14b83 -loc_00014b79: +loc_00014c09: cmp byte [esi], 1 -jne short loc_00014b90 ; jne 0x14b90 +jne short loc_00014c20 ; jne 0x14c20 push eax push eax mov eax, dword [ebp - 0x24] push edi add eax, 0x74 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 -loc_00014b90: +loc_00014c20: cmp dword [ebp - 0x1c], 1 -jne short loc_00014bb7 ; jne 0x14bb7 +jne short loc_00014c47 ; jne 0x14c47 cmp byte [esi + 8], 1 -jne short loc_00014bb7 ; jne 0x14bb7 +jne short loc_00014c47 ; jne 0x14c47 mov eax, dword [ebp - 0x20] mov dword [ebp + 0xc], eax mov eax, dword [ebp - 0x28] @@ -33863,9 +33920,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -loc_00014bb7: +loc_00014c47: lea esp, [ebp - 0xc] pop ebx pop esi @@ -33873,7 +33930,7 @@ pop edi pop ebp ret -fcn_00014bbf: +fcn_00014c4f: push ebp mov ebp, esp push edi @@ -33882,7 +33939,7 @@ push ebx xor ebx, ebx sub esp, 0x1c mov esi, dword [ebp + 8] -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0xc] add eax, 0x64 @@ -33890,17 +33947,17 @@ mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x10] lea edi, [eax + 0x64] -loc_00014be4: -call fcn_0001c1d4 ; call 0x1c1d4 +loc_00014c74: +call fcn_0001c298 ; call 0x1c298 movzx eax, al cmp ebx, eax -jae loc_00014c81 ; jae 0x14c81 +jae loc_00014d11 ; jae 0x14d11 cmp ebx, 7 -ja short loc_00014c35 ; ja 0x14c35 +ja short loc_00014cc5 ; ja 0x14cc5 cmp byte [esi], 1 -jne short loc_00014c35 ; jne 0x14c35 +jne short loc_00014cc5 ; jne 0x14cc5 cmp byte [esi + ebx*8 + 0x2c], 0 -jne short loc_00014c1b ; jne 0x14c1b +jne short loc_00014cab ; jne 0x14cab push eax mov cl, bl push eax @@ -33908,10 +33965,10 @@ mov eax, 1 shl eax, cl push eax push dword [ebp - 0x20] -call fcn_0001866c ; call 0x1866c -jmp short loc_00014c32 ; jmp 0x14c32 +call fcn_00018730 ; call 0x18730 +jmp short loc_00014cc2 ; jmp 0x14cc2 -loc_00014c1b: +loc_00014cab: push ecx mov eax, 0xfffffffe push ecx @@ -33920,21 +33977,21 @@ rol eax, cl movzx eax, al push eax push dword [ebp - 0x20] -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d -loc_00014c32: +loc_00014cc2: add esp, 0x10 -loc_00014c35: +loc_00014cc5: cmp dword [ebp - 0x1c], 1 -jne short loc_00014c7b ; jne 0x14c7b +jne short loc_00014d0b ; jne 0x14d0b cmp ebx, 0xd -ja short loc_00014c7b ; ja 0x14c7b +ja short loc_00014d0b ; ja 0x14d0b cmp byte [esi + 8], 1 -jne short loc_00014c7b ; jne 0x14c7b +jne short loc_00014d0b ; jne 0x14d0b cmp byte [esi + ebx*8 + 0x2c], 0 lea ecx, [ebx - 8] -jne short loc_00014c63 ; jne 0x14c63 +jne short loc_00014cf3 ; jne 0x14cf3 mov eax, dword [ebp - 0x1c] push edx push edx @@ -33942,10 +33999,10 @@ shl eax, cl movzx ecx, al push ecx push edi -call fcn_0001866c ; call 0x1866c -jmp short loc_00014c78 ; jmp 0x14c78 +call fcn_00018730 ; call 0x18730 +jmp short loc_00014d08 ; jmp 0x14d08 -loc_00014c63: +loc_00014cf3: push eax push eax mov eax, dword [ebp - 0x1c] @@ -33955,16 +34012,16 @@ not ecx movzx ecx, cl push ecx push edi -call fcn_00018699 ; call 0x18699 +call fcn_0001875d ; call 0x1875d -loc_00014c78: +loc_00014d08: add esp, 0x10 -loc_00014c7b: +loc_00014d0b: inc ebx -jmp near loc_00014be4 ; jmp 0x14be4 +jmp near loc_00014c74 ; jmp 0x14c74 -loc_00014c81: +loc_00014d11: lea esp, [ebp - 0xc] pop ebx pop esi @@ -33972,7 +34029,7 @@ pop edi pop ebp ret -fcn_00014c89: +fcn_00014d19: push ebp mov ebp, esp push edi @@ -33981,89 +34038,89 @@ push ebx sub esp, 0x1c mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp byte [esi + 0x10], 0 mov dword [ebp - 0x1c], eax -je loc_00014d7a ; je 0x14d7a +je loc_00014e0a ; je 0x14e0a lea eax, [edi + 0xe4] sub esp, 0xc push eax mov dword [ebp - 0x20], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 xor edx, edx mov ebx, eax and ebx, 0x7fff -loc_00014cc9: +loc_00014d59: mov dword [ebp - 0x24], edx -call fcn_0001c19d ; call 0x1c19d +call fcn_0001c261 ; call 0x1c261 mov edx, dword [ebp - 0x24] movzx eax, al cmp edx, eax -jae short loc_00014d08 ; jae 0x14d08 +jae short loc_00014d98 ; jae 0x14d98 cmp dword [ebp - 0x1c], 1 mov ecx, edx -jne short loc_00014cea ; jne 0x14cea -mov ecx, dword [edx*4 + ref_00020420] ; mov ecx, dword [edx*4 + 0x20420] +jne short loc_00014d7a ; jne 0x14d7a +mov ecx, dword [edx*4 + ref_000204b0] ; mov ecx, dword [edx*4 + 0x204b0] -loc_00014cea: +loc_00014d7a: cmp byte [esi + edx*8 + 0x2c], 0 -jne short loc_00014cfc ; jne 0x14cfc +jne short loc_00014d8c ; jne 0x14d8c mov eax, 1 shl eax, cl or ebx, eax -jmp short loc_00014d05 ; jmp 0x14d05 +jmp short loc_00014d95 ; jmp 0x14d95 -loc_00014cfc: +loc_00014d8c: mov eax, 0xfffffffe rol eax, cl and ebx, eax -loc_00014d05: +loc_00014d95: inc edx -jmp short loc_00014cc9 ; jmp 0x14cc9 +jmp short loc_00014d59 ; jmp 0x14d59 -loc_00014d08: +loc_00014d98: lea eax, [edi + 0xe8] sub esp, 0xc push eax mov dword [ebp - 0x1c], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 xor ecx, ecx mov edi, eax and edi, 0x3f -loc_00014d24: +loc_00014db4: mov dword [ebp - 0x24], ecx -call fcn_0001c234 ; call 0x1c234 +call fcn_0001c2f8 ; call 0x1c2f8 mov ecx, dword [ebp - 0x24] movzx eax, al cmp ecx, eax -jae short loc_00014d57 ; jae 0x14d57 +jae short loc_00014de7 ; jae 0x14de7 cmp byte [esi + ecx*4 + 0x9c], 0 -je short loc_00014d4b ; je 0x14d4b +je short loc_00014ddb ; je 0x14ddb mov eax, 0xfffffffe rol eax, cl and edi, eax -jmp short loc_00014d54 ; jmp 0x14d54 +jmp short loc_00014de4 ; jmp 0x14de4 -loc_00014d4b: +loc_00014ddb: mov eax, 1 shl eax, cl or edi, eax -loc_00014d54: +loc_00014de4: inc ecx -jmp short loc_00014d24 ; jmp 0x14d24 +jmp short loc_00014db4 ; jmp 0x14db4 -loc_00014d57: +loc_00014de7: push eax push eax push ebx push dword [ebp - 0x20] -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov eax, dword [ebp - 0x1c] add esp, 0x10 mov dword [ebp + 0xc], edi @@ -34073,9 +34130,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -loc_00014d7a: +loc_00014e0a: lea esp, [ebp - 0xc] pop ebx pop esi @@ -34083,7 +34140,7 @@ pop edi pop ebp ret -fcn_00014d82: +fcn_00014e12: push ebp mov ebp, esp sub esp, 0x10 @@ -34091,12 +34148,12 @@ mov eax, dword [ebp + 8] push 0x100 add eax, 0x7a push eax -call fcn_00018863 ; call 0x18863 +call fcn_00018927 ; call 0x18927 add esp, 0x10 leave ret -fcn_00014d9e: +fcn_00014e2e: push ebp mov ebp, esp push ebx @@ -34105,27 +34162,27 @@ mov edx, dword [ebp + 8] mov eax, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] cmp byte [edx + 0x10], 0 -je short loc_00014dd7 ; je 0x14dd7 +je short loc_00014e67 ; je 0x14e67 push edx push edx push eax lea eax, [ebx + 0x10] add ebx, 4 push eax -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f add esp, 0x10 mov dword [ebp + 8], ebx mov ebx, dword [ebp - 4] mov dword [ebp + 0xc], 6 leave -jmp near fcn_00018863 ; jmp 0x18863 +jmp near fcn_00018927 ; jmp 0x18927 -loc_00014dd7: +loc_00014e67: mov ebx, dword [ebp - 4] leave ret -fcn_00014ddc: +fcn_00014e6c: push ebp mov ebp, esp push ebx @@ -34133,27 +34190,27 @@ push edx mov eax, dword [ebp + 8] mov ebx, dword [ebp + 0x10] cmp byte [eax + 0x10], 0 -je short loc_00014e16 ; je 0x14e16 +je short loc_00014ea6 ; je 0x14ea6 push eax push eax push 0xfff9 lea eax, [ebx + 4] add ebx, 0x10 push eax -call fcn_00018890 ; call 0x18890 +call fcn_00018954 ; call 0x18954 add esp, 0x10 mov dword [ebp + 8], ebx mov ebx, dword [ebp - 4] mov dword [ebp + 0xc], 0 leave -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -loc_00014e16: +loc_00014ea6: mov ebx, dword [ebp - 4] leave ret -fcn_00014e1b: +fcn_00014eab: push ebp mov ebp, esp push edi @@ -34162,11 +34219,11 @@ push ebx sub esp, 0x1c mov esi, dword [ebp + 0x10] mov edi, dword [ebp + 8] -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov dword [ebp - 0x24], eax -call fcn_0001bb39 ; call 0x1bb39 +call fcn_0001bbfd ; call 0x1bbfd mov ebx, eax -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd cmp ebx, 0x40 seta byte [ebp - 0x19] cmp eax, 2 @@ -34181,14 +34238,14 @@ push eax push 0 push 0xe5007f04 push esi -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_00014e71: -call fcn_0001c19d ; call 0x1c19d +loc_00014f01: +call fcn_0001c261 ; call 0x1c261 movzx eax, al cmp ebx, eax -jae loc_00014f31 ; jae 0x14f31 +jae loc_00014fc1 ; jae 0x14fc1 inc ebx mov eax, ebx push 0 @@ -34198,38 +34255,38 @@ mov dword [ebp - 0x28], eax sub eax, 0x1affbff1 push eax push esi -call fcn_00009d54 ; call 0x9d54 -call fcn_000153f0 ; call 0x153f0 +call fcn_00009dc2 ; call 0x9dc2 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00014ec5 ; je 0x14ec5 +je short loc_00014f55 ; je 0x14f55 cmp byte [edi + ebx*8 + 0x27], 7 -jbe short loc_00014ec5 ; jbe 0x14ec5 +jbe short loc_00014f55 ; jbe 0x14f55 push edx -push ref_000252f8 ; push 0x252f8 +push ref_000253a7 ; push 0x253a7 push 0xc0b -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00014ec5: +loc_00014f55: mov al, byte [edi + ebx*8 + 0x27] and eax, 7 mov dword [ebp - 0x20], eax shl dword [ebp - 0x20], 0xb -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00014efb ; je 0x14efb +je short loc_00014f8b ; je 0x14f8b cmp byte [edi + ebx*8 + 0x26], 7 -jbe short loc_00014efb ; jbe 0x14efb +jbe short loc_00014f8b ; jbe 0x14f8b push eax -push ref_00025334 ; push 0x25334 +push ref_000253e3 ; push 0x253e3 push 0xc0d -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00014efb: +loc_00014f8b: mov al, byte [edi + ebx*8 + 0x26] and eax, 7 shl eax, 8 @@ -34244,27 +34301,27 @@ push 0xffff80ff sub eax, 0x1affc000 push eax push esi -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -jmp near loc_00014e71 ; jmp 0x14e71 +jmp near loc_00014f01 ; jmp 0x14f01 -loc_00014f31: +loc_00014fc1: push 0x180000 push 0xffffffffffffffff push 0xe5007f14 push esi -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 cmp dword [ebp - 0x24], 2 -jne short loc_00014f61 ; jne 0x14f61 +jne short loc_00014ff1 ; jne 0x14ff1 push 0 push 0xff3fffff push 0xe5007f02 push esi -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_00014f61: +loc_00014ff1: lea esp, [ebp - 0xc] pop ebx pop esi @@ -34272,7 +34329,7 @@ pop edi pop ebp ret -fcn_00014f69: +fcn_00014ff9: push ebp mov ebp, esp push edi @@ -34281,42 +34338,42 @@ push ebx sub esp, 0x1c mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0xc] -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 2 -jne short loc_00014f9e ; jne 0x14f9e +jne short loc_0001502e ; jne 0x1502e cmp byte [esi + 0x284], 0 -jne short loc_00014f9e ; jne 0x14f9e +jne short loc_0001502e ; jne 0x1502e push ecx push ecx push 5 lea eax, [ebx + 0x3a84] push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -loc_00014f9e: +loc_0001502e: push 0xc0 push 0xffffffffffffffff push 0xe5004001 push ebx xor ebx, ebx -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 add esp, 0x10 -loc_00014fb5: -call fcn_0001c181 ; call 0x1c181 +loc_00015045: +call fcn_0001c245 ; call 0x1c245 cmp bl, al -jae short loc_00015017 ; jae 0x15017 +jae short loc_000150a7 ; jae 0x150a7 movzx edi, bl push eax -movzx eax, byte [edi + edi + ref_00020461] ; movzx eax, byte [edi + edi + 0x20461] +movzx eax, byte [edi + edi + ref_000204f1] ; movzx eax, byte [edi + edi + 0x204f1] push eax -movzx eax, byte [edi + edi + ref_00020460] ; movzx eax, byte [edi + edi + 0x20460] +movzx eax, byte [edi + edi + ref_000204f0] ; movzx eax, byte [edi + edi + 0x204f0] add edi, 0x50 push eax movzx eax, byte [esi + 1] push eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a cmp byte [esi + edi*8 + 4], 1 pop edx sbb edx, edx @@ -34329,18 +34386,18 @@ lea eax, [ecx + 0xdc] mov dword [ebp - 0x1c], ecx push edx push eax -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov ecx, dword [ebp - 0x1c] pop eax pop edx add ecx, 0x78 push 3 push ecx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 -jmp short loc_00014fb5 ; jmp 0x14fb5 +jmp short loc_00015045 ; jmp 0x15045 -loc_00015017: +loc_000150a7: lea esp, [ebp - 0xc] pop ebx pop esi @@ -34348,7 +34405,7 @@ pop edi pop ebp ret -fcn_0001501f: +fcn_000150af: push ebp mov ebp, esp push esi @@ -34359,7 +34416,7 @@ push eax push eax push esi push ebx -call fcn_00014f69 ; call 0x14f69 +call fcn_00014ff9 ; call 0x14ff9 add esp, 0x10 mov dword [ebp + 0xc], esi mov dword [ebp + 8], ebx @@ -34367,25 +34424,25 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00013bae ; jmp 0x13bae +jmp near fcn_00013c3e ; jmp 0x13c3e -fcn_00015047: +fcn_000150d7: push ebp mov edx, 0x18 mov ebp, esp push edi push esi -mov esi, ref_00027120 ; mov esi, 0x27120 +mov esi, ref_000271d0 ; mov esi, 0x271d0 push ebx mov ebx, 0x24 sub esp, 0x1c mov eax, dword [ebp + 0x10] mov edi, dword [ebp + 8] dec al -mov eax, ref_00027000 ; mov eax, 0x27000 +mov eax, ref_000270b0 ; mov eax, 0x270b0 cmovne ebx, edx cmovne esi, eax -call fcn_0001c234 ; call 0x1c234 +call fcn_0001c2f8 ; call 0x1c2f8 mov dword [ebp - 0x20], 0 movzx ecx, al mov eax, ebx @@ -34397,17 +34454,17 @@ mov word [ebp - 0x1c], ax lea eax, [edi + ecx*4 + 0x9e] mov dword [ebp - 0x24], eax -loc_0001509d: +loc_0001512d: cmp ebx, dword [ebp - 0x24] -je loc_0001512f ; je 0x1512f +je loc_000151bf ; je 0x151bf cmp byte [ebx], 1 -jne short loc_00015121 ; jne 0x15121 +jne short loc_000151b1 ; jne 0x151b1 mov byte [ebp - 0x19], 0 -loc_000150af: +loc_0001513f: movzx eax, byte [ebp - 0x19] cmp ax, word [ebp - 0x1c] -jae short loc_00015121 ; jae 0x15121 +jae short loc_000151b1 ; jae 0x151b1 movzx eax, byte [ebp - 0x19] add eax, dword [ebp - 0x20] imul eax, eax, 0xc @@ -34416,43 +34473,43 @@ push dword [eax + 8] push dword [eax + 4] push dword [eax] push dword [ebp + 0xc] -call fcn_00009d54 ; call 0x9d54 +call fcn_00009dc2 ; call 0x9dc2 mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001511c ; je 0x1511c +je short loc_000151ac ; je 0x151ac test edi, edi -jns short loc_0001511c ; jns 0x1511c -call fcn_000153e9 ; call 0x153e9 +jns short loc_000151ac ; jns 0x151ac +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00015104 ; je 0x15104 +je short loc_00015194 ; je 0x15194 push edx push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00015104: +loc_00015194: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xcbb -push ref_0002526f ; push 0x2526f -call fcn_000153fc ; call 0x153fc +push ref_0002531e ; push 0x2531e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001511c: +loc_000151ac: inc byte [ebp - 0x19] -jmp short loc_000150af ; jmp 0x150af +jmp short loc_0001513f ; jmp 0x1513f -loc_00015121: +loc_000151b1: mov eax, dword [ebp - 0x28] add ebx, 4 add dword [ebp - 0x20], eax -jmp near loc_0001509d ; jmp 0x1509d +jmp near loc_0001512d ; jmp 0x1512d -loc_0001512f: +loc_000151bf: lea esp, [ebp - 0xc] pop ebx pop esi @@ -34460,7 +34517,7 @@ pop edi pop ebp ret -fcn_00015137: +fcn_000151c7: push ebp mov ebp, esp push edi @@ -34472,18 +34529,18 @@ mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0x1c] mov dword [ebp - 0x34], eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00015169 ; je 0x15169 +je short loc_000151f9 ; je 0x151f9 push eax push eax -push ref_00025370 ; push 0x25370 +push ref_0002541f ; push 0x2541f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00015169: -call fcn_0001bef7 ; call 0x1bef7 +loc_000151f9: +call fcn_0001bfbb ; call 0x1bfbb mov edx, esi movzx esi, dl mov dword [ebp - 0x20], eax @@ -34491,61 +34548,61 @@ push eax push 0 push 0x1f push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0x14 push esi mov dword [ebp - 0x2c], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push 0 push 0x1d push esi mov dword [ebp - 0x24], eax -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 cmp dword [ebp - 0x20], 1 mov dword [ebp - 0x1c], 0 mov dword [ebp - 0x30], eax -jne short loc_000151c5 ; jne 0x151c5 +jne short loc_00015255 ; jne 0x15255 push ecx push 0 push 0x1a push esi -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0x10 mov dword [ebp - 0x1c], eax -loc_000151c5: +loc_00015255: mov eax, dword [ebp - 0x2c] sub esp, 0xc add eax, 0x40 push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [ebp - 0x48], ax mov eax, dword [ebp - 0x2c] add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp byte [ebx], 0 -jne short loc_000151f4 ; jne 0x151f4 +jne short loc_00015284 ; jne 0x15284 or dword [edi], 0x8000 -loc_000151f4: +loc_00015284: cmp dword [ebp - 0x20], 1 -jne short loc_00015206 ; jne 0x15206 +jne short loc_00015296 ; jne 0x15296 cmp byte [ebx + 8], 0 -jne short loc_00015206 ; jne 0x15206 +jne short loc_00015296 ; jne 0x15296 or dword [edi], 0x2000 -loc_00015206: +loc_00015296: cmp byte [ebx + 0x10], 0 -jne short loc_00015212 ; jne 0x15212 +jne short loc_000152a2 ; jne 0x152a2 or dword [edi], 0x8000000 -loc_00015212: +loc_000152a2: push edx movzx edi, ax movzx eax, byte [ebp - 0x34] @@ -34557,31 +34614,31 @@ push eax push esi push dword [ebp + 0xc] push ebx -call fcn_0001354f ; call 0x1354f +call fcn_000135df ; call 0x135df mov esi, dword [ebp - 0x24] add esp, 0x1c push esi push dword [ebp + 0x10] push ebx -call fcn_00014d9e ; call 0x14d9e +call fcn_00014e2e ; call 0x14e2e mov dword [esp], esi push edi push dword [ebp - 0x28] push dword [ebp + 0x10] push ebx -call fcn_0001376e ; call 0x1376e +call fcn_000137fe ; call 0x137fe add esp, 0x20 cmp byte [ebp - 0x34], 7 -jbe short loc_00015268 ; jbe 0x15268 +jbe short loc_000152f8 ; jbe 0x152f8 movzx eax, byte [ebp - 0x20] push ecx push eax push dword [ebp + 0x18] push ebx -call fcn_00015047 ; call 0x15047 +call fcn_000150d7 ; call 0x150d7 add esp, 0x10 -loc_00015268: +loc_000152f8: push eax mov esi, dword [ebp - 0x24] push eax @@ -34591,31 +34648,31 @@ push edi push dword [ebp - 0x28] push dword [ebp + 0x10] push ebx -call fcn_00013ead ; call 0x13ead +call fcn_00013f3d ; call 0x13f3d add esp, 0x1c push dword [ebp - 0x1c] push dword [ebp - 0x30] push ebx -call fcn_00014ac8 ; call 0x14ac8 +call fcn_00014b58 ; call 0x14b58 pop eax pop edx push esi push ebx -call fcn_00014813 ; call 0x14813 +call fcn_000148a3 ; call 0x148a3 add esp, 0xc push dword [ebp + 0x18] push edi push ebx -call fcn_00014e1b ; call 0x14e1b +call fcn_00014eab ; call 0x14eab add esp, 0x10 cmp byte [ebx + 0xb4], 1 -jne short loc_00015303 ; jne 0x15303 +jne short loc_00015393 ; jne 0x15393 mov esi, dword [ebp - 0x48] sub esp, 0xc and esi, 0xfffc add esi, 0x3c push esi -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 pop ecx mov edi, eax pop eax @@ -34625,64 +34682,64 @@ and edi, 0xfffd movzx eax, ax push eax push esi -call fcn_00018e63 ; call 0x18e63 +call fcn_00018f27 ; call 0x18f27 add esp, 0xc push dword [ebp - 0x1c] push dword [ebp - 0x30] push ebx -call fcn_00014bbf ; call 0x14bbf +call fcn_00014c4f ; call 0x14c4f pop eax pop edx push dword [ebp - 0x24] push ebx -call fcn_00014c89 ; call 0x14c89 +call fcn_00014d19 ; call 0x14d19 pop ecx pop eax push edi push esi -call fcn_00018e63 ; call 0x18e63 +call fcn_00018f27 ; call 0x18f27 add esp, 0x10 -loc_00015303: +loc_00015393: cmp byte [ebx + 1], 1 -jne short loc_0001531c ; jne 0x1531c +jne short loc_000153ac ; jne 0x153ac cmp byte [ebx], 1 -jne short loc_0001531c ; jne 0x1531c +jne short loc_000153ac ; jne 0x153ac sub esp, 0xc push dword [ebp - 0x30] -call fcn_00014d82 ; call 0x14d82 +call fcn_00014e12 ; call 0x14e12 add esp, 0x10 -loc_0001531c: +loc_000153ac: cmp dword [ebp - 0x20], 1 -jne short loc_0001533c ; jne 0x1533c +jne short loc_000153cc ; jne 0x153cc cmp byte [ebx + 9], 1 -jne short loc_0001533c ; jne 0x1533c +jne short loc_000153cc ; jne 0x153cc cmp byte [ebx + 8], 1 -jne short loc_0001533c ; jne 0x1533c +jne short loc_000153cc ; jne 0x153cc sub esp, 0xc push dword [ebp - 0x1c] -call fcn_00014d82 ; call 0x14d82 +call fcn_00014e12 ; call 0x14e12 add esp, 0x10 -loc_0001533c: +loc_000153cc: push edx push dword [ebp - 0x24] push dword [ebp + 0x10] push ebx -call fcn_00014ddc ; call 0x14ddc -call fcn_000153e9 ; call 0x153e9 +call fcn_00014e6c ; call 0x14e6c +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00015366 ; je 0x15366 +je short loc_000153f6 ; je 0x153f6 push eax push eax -push ref_00025389 ; push 0x25389 +push ref_00025438 ; push 0x25438 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00015366: +loc_000153f6: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -34691,7 +34748,7 @@ pop edi pop ebp ret -fcn_00015370: ; not directly referenced +fcn_00015400: ; not directly referenced push ebp mov ebp, esp push esi @@ -34700,18 +34757,18 @@ push ebx mov ebx, dword [ebp + 0xc] add esi, ebx -loc_0001537d: ; not directly referenced +loc_0001540d: ; not directly referenced cmp ebx, esi -je short loc_00015394 ; je 0x15394 +je short loc_00015424 ; je 0x15424 inc ebx movzx eax, byte [ebx - 1] sub esp, 0xc push eax -call fcn_0001638a ; call 0x1638a +call fcn_0001641a ; call 0x1641a add esp, 0x10 -jmp short loc_0001537d ; jmp 0x1537d +jmp short loc_0001540d ; jmp 0x1540d -loc_00015394: ; not directly referenced +loc_00015424: ; not directly referenced lea esp, [ebp - 8] or eax, 0xffffffff pop ebx @@ -34719,7 +34776,7 @@ pop esi pop ebp ret -fcn_0001539e: ; not directly referenced +fcn_0001542e: ; not directly referenced push ebp mov ebp, esp push ebx @@ -34729,18 +34786,18 @@ push 0x80 movzx eax, bx movzx ebx, bh push eax -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop eax pop edx push 0x90 push ebx -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea add esp, 0x10 mov ebx, dword [ebp - 4] leave ret -fcn_000153ce: +fcn_0001545e: push ebp mov ebp, esp sub esp, 8 @@ -34748,38 +34805,38 @@ lea eax, [ebp + 0xc] push eax push dword [ebp + 8] push 0 -push fcn_00015370 ; push 0x15370 -call fcn_0001551c ; call 0x1551c +push fcn_00015400 ; push 0x15400 +call fcn_000155ac ; call 0x155ac leave ret -fcn_000153e9: +fcn_00015479: push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_000153f0: +fcn_00015480: push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_000153f7: +fcn_00015487: push ebp mov ebp, esp pop ebp ret -fcn_000153fc: +fcn_0001548c: push ebp mov ebp, esp pop ebp ret -fcn_00015401: +fcn_00015491: push ebp mov ebp, esp push edi @@ -34789,9 +34846,9 @@ push ebx mov ebx, edx sub esp, 0x1c -loc_0001540e: +loc_0001549e: test ebx, ebx -jle short loc_0001543e ; jle 0x1543e +jle short loc_000154ce ; jle 0x154ce push eax mov eax, dword [ebp + 8] cmp ebx, 0x10 @@ -34807,19 +34864,19 @@ add esp, 0x10 mov ecx, dword [ebp - 0x1c] test eax, eax mov dword [edx], eax -jne short loc_00015442 ; jne 0x15442 +jne short loc_000154d2 ; jne 0x154d2 or eax, 0xffffffff -jmp short loc_00015446 ; jmp 0x15446 +jmp short loc_000154d6 ; jmp 0x154d6 -loc_0001543e: +loc_000154ce: xor eax, eax -jmp short loc_00015446 ; jmp 0x15446 +jmp short loc_000154d6 ; jmp 0x154d6 -loc_00015442: +loc_000154d2: sub ebx, esi -jmp short loc_0001540e ; jmp 0x1540e +jmp short loc_0001549e ; jmp 0x1549e -loc_00015446: +loc_000154d6: lea esp, [ebp - 0xc] pop ebx pop esi @@ -34827,7 +34884,7 @@ pop edi pop ebp ret -fcn_0001544e: +fcn_000154de: push ebp mov ebp, esp push edi @@ -34838,31 +34895,31 @@ push ebx mov ebx, edx sub esp, 0xc test ecx, ecx -jne short loc_0001546f ; jne 0x1546f +jne short loc_000154ff ; jne 0x154ff -loc_00015461: +loc_000154f1: cmp dword [ebp + 8], 0 -je short loc_000154a7 ; je 0x154a7 +je short loc_00015537 ; je 0x15537 cmp dword [ebp + 0xc], 0 -je short loc_000154a7 ; je 0x154a7 -jmp short loc_00015490 ; jmp 0x15490 +je short loc_00015537 ; je 0x15537 +jmp short loc_00015520 ; jmp 0x15520 -loc_0001546f: +loc_000154ff: sub esp, 0xc mov ecx, eax push edx -mov eax, ref_000204c8 ; mov eax, 0x204c8 +mov eax, ref_00020558 ; mov eax, 0x20558 mov edx, edi -call fcn_00015401 ; call 0x15401 +call fcn_00015491 ; call 0x15491 add esp, 0x10 test eax, eax -jns short loc_00015461 ; jns 0x15461 +jns short loc_000154f1 ; jns 0x154f1 -loc_00015488: +loc_00015518: or eax, 0xffffffff -jmp near loc_00015514 ; jmp 0x15514 +jmp near loc_000155a4 ; jmp 0x155a4 -loc_00015490: +loc_00015520: push edx push dword [ebp + 0xc] push dword [ebp + 8] @@ -34871,32 +34928,32 @@ call esi add esp, 0x10 mov dword [ebx], eax test eax, eax -je short loc_00015488 ; je 0x15488 +je short loc_00015518 ; je 0x15518 add edi, dword [ebp + 0xc] -loc_000154a7: +loc_00015537: cmp dword [ebp + 0x10], 0 -jne short loc_000154b8 ; jne 0x154b8 +jne short loc_00015548 ; jne 0x15548 -loc_000154ad: +loc_0001553d: add edi, dword [ebp + 0x10] cmp dword [ebp + 0x18], 0 -je short loc_000154e8 ; je 0x154e8 -jmp short loc_000154d4 ; jmp 0x154d4 +je short loc_00015578 ; je 0x15578 +jmp short loc_00015564 ; jmp 0x15564 -loc_000154b8: +loc_00015548: mov edx, dword [ebp + 0x10] sub esp, 0xc mov ecx, esi push ebx -mov eax, ref_000204b4 ; mov eax, 0x204b4 -call fcn_00015401 ; call 0x15401 +mov eax, ref_00020544 ; mov eax, 0x20544 +call fcn_00015491 ; call 0x15491 add esp, 0x10 test eax, eax -jns short loc_000154ad ; jns 0x154ad -jmp short loc_00015488 ; jmp 0x15488 +jns short loc_0001553d ; jns 0x1553d +jmp short loc_00015518 ; jmp 0x15518 -loc_000154d4: +loc_00015564: push eax push dword [ebp + 0x18] push dword [ebp + 0x14] @@ -34905,27 +34962,27 @@ call esi add esp, 0x10 mov dword [ebx], eax test eax, eax -je short loc_00015488 ; je 0x15488 +je short loc_00015518 ; je 0x15518 -loc_000154e8: +loc_00015578: add edi, dword [ebp + 0x18] cmp dword [ebp + 0x1c], 0 -je short loc_0001550f ; je 0x1550f +je short loc_0001559f ; je 0x1559f mov edx, dword [ebp + 0x1c] sub esp, 0xc mov ecx, esi push ebx -mov eax, ref_000204c8 ; mov eax, 0x204c8 -call fcn_00015401 ; call 0x15401 +mov eax, ref_00020558 ; mov eax, 0x20558 +call fcn_00015491 ; call 0x15491 add esp, 0x10 test eax, eax -js loc_00015488 ; js 0x15488 +js loc_00015518 ; js 0x15518 -loc_0001550f: +loc_0001559f: mov eax, dword [ebp + 0x1c] add eax, edi -loc_00015514: +loc_000155a4: lea esp, [ebp - 0xc] pop ebx pop esi @@ -34933,7 +34990,7 @@ pop edi pop ebp ret -fcn_0001551c: +fcn_000155ac: push ebp mov ebp, esp push edi @@ -34943,61 +35000,61 @@ sub esp, 0xec mov eax, dword [ebp + 0x10] mov ebx, dword [ebp + 0x14] test eax, eax -je short loc_00015580 ; je 0x15580 +je short loc_00015610 ; je 0x15610 mov dword [ebp - 0xe0], 0 mov dword [ebp - 0xd4], 0 -jmp short loc_000155a1 ; jmp 0x155a1 +jmp short loc_00015631 ; jmp 0x15631 -loc_00015548: +loc_000155d8: cmp dl, 0x2a -jne loc_000155dc ; jne 0x155dc +jne loc_0001566c ; jne 0x1566c mov ecx, dword [ebx] lea eax, [ebx + 4] mov dword [ebp - 0xc4], ecx test ecx, ecx -jns short loc_0001556d ; jns 0x1556d +jns short loc_000155fd ; jns 0x155fd neg dword [ebp - 0xc4] or dword [ebp - 0xb4], 4 -loc_0001556d: +loc_000155fd: inc edi mov ebx, eax -loc_00015570: +loc_00015600: cmp dword [ebp - 0xc4], 0x1f4 -jle loc_00015634 ; jle 0x15634 +jle loc_000156c4 ; jle 0x156c4 -loc_00015580: +loc_00015610: or eax, 0xffffffff -jmp near loc_000160e6 ; jmp 0x160e6 +jmp near loc_00016176 ; jmp 0x16176 -loc_00015588: +loc_00015618: test dl, dl -je short loc_00015594 ; je 0x15594 +je short loc_00015624 ; je 0x15624 inc esi -loc_0001558d: +loc_0001561d: mov dl, byte [esi] cmp dl, 0x25 -jne short loc_00015588 ; jne 0x15588 +jne short loc_00015618 ; jne 0x15618 -loc_00015594: +loc_00015624: mov edi, esi sub edi, eax -jne short loc_000155ae ; jne 0x155ae +jne short loc_0001563e ; jne 0x1563e -loc_0001559a: +loc_0001562a: cmp byte [esi], 0 -jne short loc_000155c9 ; jne 0x155c9 +jne short loc_00015659 ; jne 0x15659 mov eax, esi -loc_000155a1: +loc_00015631: cmp byte [eax], 0 -je loc_000160ab ; je 0x160ab +je loc_0001613b ; je 0x1613b mov esi, eax -jmp short loc_0001558d ; jmp 0x1558d +jmp short loc_0001561d ; jmp 0x1561d -loc_000155ae: +loc_0001563e: push edx push edi push eax @@ -35006,235 +35063,235 @@ call dword [ebp + 8] ; ucall add esp, 0x10 mov dword [ebp + 0xc], eax test eax, eax -je short loc_00015580 ; je 0x15580 +je short loc_00015610 ; je 0x15610 add dword [ebp - 0xd4], edi -jmp short loc_0001559a ; jmp 0x1559a +jmp short loc_0001562a ; jmp 0x1562a -loc_000155c9: +loc_00015659: lea edi, [esi + 1] mov dword [ebp - 0xb4], 0 -loc_000155d6: +loc_00015666: mov dl, byte [edi] test dl, dl -jne short loc_000155e8 ; jne 0x155e8 +jne short loc_00015678 ; jne 0x15678 -loc_000155dc: +loc_0001566c: mov dword [ebp - 0xc4], 0 -jmp short loc_00015624 ; jmp 0x15624 +jmp short loc_000156b4 ; jmp 0x156b4 -loc_000155e8: -mov eax, ref_000204ac ; mov eax, 0x204ac +loc_00015678: +mov eax, ref_0002053c ; mov eax, 0x2053c -loc_000155ed: +loc_0001567d: mov cl, byte [eax] cmp cl, dl -je loc_000160b3 ; je 0x160b3 +je loc_00016143 ; je 0x16143 test cl, cl -je loc_00015548 ; je 0x15548 +je loc_000155d8 ; je 0x155d8 inc eax -jmp short loc_000155ed ; jmp 0x155ed +jmp short loc_0001567d ; jmp 0x1567d -loc_00015602: +loc_00015692: cmp dword [ebp - 0xc4], 0x1f3 -jg loc_00015570 ; jg 0x15570 +jg loc_00015600 ; jg 0x15600 imul edx, dword [ebp - 0xc4], 0xa inc edi lea eax, [edx + eax - 0x30] mov dword [ebp - 0xc4], eax -loc_00015624: +loc_000156b4: movsx eax, byte [edi] lea edx, [eax - 0x30] cmp dl, 9 -jbe short loc_00015602 ; jbe 0x15602 -jmp near loc_00015570 ; jmp 0x15570 +jbe short loc_00015692 ; jbe 0x15692 +jmp near loc_00015600 ; jmp 0x15600 -loc_00015634: +loc_000156c4: cmp byte [edi], 0x2e mov dword [ebp - 0xc0], 0xffffffff -jne short loc_000156ad ; jne 0x156ad +jne short loc_0001573d ; jne 0x1573d cmp byte [edi + 1], 0x2a -je short loc_00015656 ; je 0x15656 +je short loc_000156e6 ; je 0x156e6 inc edi mov dword [ebp - 0xc0], 0 -jmp short loc_00015692 ; jmp 0x15692 +jmp short loc_00015722 ; jmp 0x15722 -loc_00015656: +loc_000156e6: lea eax, [ebx + 4] mov ebx, dword [ebx] mov dword [ebp - 0xc0], ebx cmp ebx, 0x1f4 -jg loc_00015580 ; jg 0x15580 +jg loc_00015610 ; jg 0x15610 add edi, 2 mov ebx, eax -jmp short loc_000156ad ; jmp 0x156ad +jmp short loc_0001573d ; jmp 0x1573d -loc_00015674: +loc_00015704: cmp dword [ebp - 0xc0], 0x1f3 -jg short loc_0001569d ; jg 0x1569d +jg short loc_0001572d ; jg 0x1572d imul edx, dword [ebp - 0xc0], 0xa inc edi lea eax, [edx + eax - 0x30] mov dword [ebp - 0xc0], eax -loc_00015692: +loc_00015722: movsx eax, byte [edi] lea edx, [eax - 0x30] cmp dl, 9 -jbe short loc_00015674 ; jbe 0x15674 +jbe short loc_00015704 ; jbe 0x15704 -loc_0001569d: +loc_0001572d: cmp dword [ebp - 0xc0], 0x1f4 -jg loc_00015580 ; jg 0x15580 +jg loc_00015610 ; jg 0x15610 -loc_000156ad: +loc_0001573d: cmp byte [edi], 0x3a mov dword [ebp - 0xb0], 0 -jne short loc_0001571f ; jne 0x1571f +jne short loc_000157af ; jne 0x157af cmp byte [edi + 1], 0x2a -jne short loc_00015706 ; jne 0x15706 +jne short loc_00015796 ; jne 0x15796 mov esi, dword [ebx] lea eax, [ebx + 4] mov dword [ebp - 0xb0], esi test esi, esi -js short loc_000156db ; js 0x156db +js short loc_0001576b ; js 0x1576b cmp esi, 0x24 -jle short loc_000156e5 ; jle 0x156e5 -jmp near loc_00015580 ; jmp 0x15580 +jle short loc_00015775 ; jle 0x15775 +jmp near loc_00015610 ; jmp 0x15610 -loc_000156db: +loc_0001576b: mov dword [ebp - 0xb0], 0 -loc_000156e5: +loc_00015775: add edi, 2 mov ebx, eax -jmp short loc_0001571f ; jmp 0x1571f +jmp short loc_000157af ; jmp 0x157af -loc_000156ec: +loc_0001577c: cmp dword [ebp - 0xb0], 0x23 -jg short loc_00015712 ; jg 0x15712 +jg short loc_000157a2 ; jg 0x157a2 imul ecx, dword [ebp - 0xb0], 0xa lea eax, [ecx + eax - 0x30] mov dword [ebp - 0xb0], eax -loc_00015706: +loc_00015796: inc edi movsx eax, byte [edi] lea edx, [eax - 0x30] cmp dl, 9 -jbe short loc_000156ec ; jbe 0x156ec +jbe short loc_0001577c ; jbe 0x1577c -loc_00015712: +loc_000157a2: cmp dword [ebp - 0xb0], 0x24 -jg loc_00015580 ; jg 0x15580 +jg loc_00015610 ; jg 0x15610 -loc_0001571f: +loc_000157af: cmp byte [edi], 0x5b mov dword [ebp - 0xcc], 0 -jne short loc_00015758 ; jne 0x15758 +jne short loc_000157e8 ; jne 0x157e8 lea eax, [edi + 1] not edi mov dword [ebp - 0xe0], eax mov esi, edi -loc_0001573b: +loc_000157cb: mov dl, byte [eax] lea edi, [eax + esi] mov dword [ebp - 0xcc], edi test dl, dl -je loc_00015580 ; je 0x15580 +je loc_00015610 ; je 0x15610 cmp dl, 0x5d lea eax, [eax + 1] -jne short loc_0001573b ; jne 0x1573b +jne short loc_000157cb ; jne 0x157cb mov edi, eax -loc_00015758: +loc_000157e8: mov al, byte [edi] -mov esi, ref_000253a0 ; mov esi, 0x253a0 +mov esi, ref_0002544f ; mov esi, 0x2544f test al, al -je short loc_00015790 ; je 0x15790 +je short loc_00015820 ; je 0x15820 -loc_00015763: +loc_000157f3: mov dl, byte [esi] cmp dl, al -je short loc_00015774 ; je 0x15774 +je short loc_00015804 ; je 0x15804 test dl, dl -je short loc_00015770 ; je 0x15770 +je short loc_00015800 ; je 0x15800 inc esi -jmp short loc_00015763 ; jmp 0x15763 +jmp short loc_000157f3 ; jmp 0x157f3 -loc_00015770: +loc_00015800: xor eax, eax -jmp short loc_00015790 ; jmp 0x15790 +jmp short loc_00015820 ; jmp 0x15820 -loc_00015774: +loc_00015804: mov dl, byte [edi + 1] lea esi, [edi + 1] test dl, dl -je loc_000160cb ; je 0x160cb +je loc_0001615b ; je 0x1615b cmp dl, al -jne loc_000160cb ; jne 0x160cb +jne loc_0001615b ; jne 0x1615b or eax, 1 add edi, 2 -loc_00015790: +loc_00015820: mov dl, byte [edi] test dl, dl -jne short loc_000157a0 ; jne 0x157a0 +jne short loc_00015830 ; jne 0x15830 mov eax, dword [ebx] add ebx, 4 -jmp near loc_000155a1 ; jmp 0x155a1 +jmp near loc_00015631 ; jmp 0x15631 -loc_000157a0: +loc_00015830: mov byte [ebp - 0xb8], 0 cmp dl, 0x43 -jne short loc_000157c2 ; jne 0x157c2 +jne short loc_00015852 ; jne 0x15852 mov cl, byte [edi + 1] lea esi, [edi + 1] mov byte [ebp - 0xb8], cl test cl, cl -je loc_00015580 ; je 0x15580 +je loc_00015610 ; je 0x15610 mov edi, esi -loc_000157c2: +loc_00015852: mov byte [ebp - 0xa3], dl cmp dl, 0x6e -jne short loc_00015823 ; jne 0x15823 +jne short loc_000158b3 ; jne 0x158b3 mov edx, dword [ebx] test edx, edx -je loc_000160df ; je 0x160df +je loc_0001616f ; je 0x1616f cmp al, 0x68 -jne short loc_000157e9 ; jne 0x157e9 +jne short loc_00015879 ; jne 0x15879 mov eax, dword [ebp - 0xd4] mov word [edx], ax -jmp near loc_000160df ; jmp 0x160df +jmp near loc_0001616f ; jmp 0x1616f -loc_000157e9: +loc_00015879: cmp al, 0x69 -jne short loc_000157fa ; jne 0x157fa +jne short loc_0001588a ; jne 0x1588a mov al, byte [ebp - 0xd4] mov byte [edx], al -jmp near loc_000160df ; jmp 0x160df +jmp near loc_0001616f ; jmp 0x1616f -loc_000157fa: +loc_0001588a: cmp al, 0x6c -je short loc_00015816 ; je 0x15816 +je short loc_000158a6 ; je 0x158a6 cmp al, 0x6a -jne short loc_00015816 ; jne 0x15816 +jne short loc_000158a6 ; jne 0x158a6 mov eax, dword [ebp - 0xd4] mov dword [edx + 4], 0 mov dword [edx], eax -jmp near loc_000160df ; jmp 0x160df +jmp near loc_0001616f ; jmp 0x1616f -loc_00015816: +loc_000158a6: mov eax, dword [ebp - 0xd4] mov dword [edx], eax -jmp near loc_000160df ; jmp 0x160df +jmp near loc_0001616f ; jmp 0x1616f -loc_00015823: +loc_000158b3: cmp dl, 0x25 -jne short loc_00015850 ; jne 0x15850 +jne short loc_000158e0 ; jne 0x158e0 push eax xor ecx, ecx push eax @@ -35247,28 +35304,28 @@ push 0 push 0 push 0 lea edx, [ebp + 0xc] -call fcn_0001544e ; call 0x1544e +call fcn_000154de ; call 0x154de add esp, 0x20 -jmp near loc_00016095 ; jmp 0x16095 +jmp near loc_00016125 ; jmp 0x16125 -loc_00015850: +loc_000158e0: mov esi, edx and esi, 0xffffffdf mov ecx, esi cmp cl, 0x43 -jne short loc_000158d4 ; jne 0x158d4 +jne short loc_00015964 ; jne 0x15964 cmp dl, 0x63 -jne short loc_0001586e ; jne 0x1586e +jne short loc_000158fe ; jne 0x158fe mov eax, dword [ebx] add ebx, 4 mov byte [ebp - 0x9a], al -jmp short loc_0001587a ; jmp 0x1587a +jmp short loc_0001590a ; jmp 0x1590a -loc_0001586e: +loc_000158fe: mov al, byte [ebp - 0xb8] mov byte [ebp - 0x9a], al -loc_0001587a: +loc_0001590a: mov esi, dword [ebp - 0xc0] mov eax, 1 test esi, esi @@ -35278,7 +35335,7 @@ cmovg eax, esi xor esi, esi mov dword [ebp - 0xb0], eax -loc_00015897: +loc_00015927: push eax xor ecx, ecx push eax @@ -35291,42 +35348,42 @@ push 0 push 0 push 0 lea edx, [ebp + 0xc] -call fcn_0001544e ; call 0x1544e +call fcn_000154de ; call 0x154de add esp, 0x20 cmp eax, 0xffffffff -je loc_00015580 ; je 0x15580 +je loc_00015610 ; je 0x15610 add esi, eax dec dword [ebp - 0xb0] -jne short loc_00015897 ; jne 0x15897 +jne short loc_00015927 ; jne 0x15927 mov eax, esi -jmp near loc_00016095 ; jmp 0x16095 +jmp near loc_00016125 ; jmp 0x16125 -loc_000158d4: +loc_00015964: cmp dl, 0x73 -jne loc_0001596b ; jne 0x1596b +jne loc_000159fb ; jne 0x159fb lea eax, [ebx + 4] -mov edx, ref_000253a7 ; mov edx, 0x253a7 +mov edx, ref_00025456 ; mov edx, 0x25456 mov dword [ebp - 0xb0], eax mov eax, dword [ebx] test eax, eax cmove eax, edx mov edx, eax -loc_000158f4: +loc_00015984: cmp byte [edx], 0 -je short loc_000158fc ; je 0x158fc +je short loc_0001598c ; je 0x1598c inc edx -jmp short loc_000158f4 ; jmp 0x158f4 +jmp short loc_00015984 ; jmp 0x15984 -loc_000158fc: +loc_0001598c: mov ebx, dword [ebp - 0xc0] sub edx, eax test ebx, ebx -js short loc_0001590d ; js 0x1590d +js short loc_0001599d ; js 0x1599d cmp edx, ebx cmovg edx, ebx -loc_0001590d: +loc_0001599d: mov esi, dword [ebp - 0xc4] xor ecx, ecx mov ebx, esi @@ -35336,13 +35393,13 @@ mov esi, dword [ebp - 0xb4] cmovl ecx, ebx xor ebx, ebx and esi, 4 -je short loc_0001592f ; je 0x1592f +je short loc_000159bf ; je 0x159bf mov ebx, ecx xor ecx, ecx -loc_0001592f: +loc_000159bf: test byte [ebp - 0xb4], 0x40 -je short loc_00015947 ; je 0x15947 +je short loc_000159d7 ; je 0x159d7 add ebx, ecx xor ecx, ecx test esi, esi @@ -35351,7 +35408,7 @@ add ecx, ebx sar ecx, 1 sub ebx, ecx -loc_00015947: +loc_000159d7: push esi push esi push ebx @@ -35362,47 +35419,47 @@ push 0 push 0 push 0 lea edx, [ebp + 0xc] -call fcn_0001544e ; call 0x1544e +call fcn_000154de ; call 0x154de add esp, 0x20 mov ebx, dword [ebp - 0xb0] -jmp near loc_00016095 ; jmp 0x16095 +jmp near loc_00016125 ; jmp 0x16125 -loc_0001596b: +loc_000159fb: cmp dl, 0x70 -jne short loc_00015997 ; jne 0x15997 +jne short loc_00015a27 ; jne 0x15a27 mov byte [ebp - 0xa3], 0x58 xor eax, eax mov dword [ebp - 0xc0], 8 mov dword [ebp - 0xc4], 8 mov dword [ebp - 0xb4], 0x28 -loc_00015997: +loc_00015a27: mov dl, byte [ebp - 0xa3] cmp dl, 0x69 sete cl mov byte [ebp - 0xc8], dl mov byte [ebp - 0xd8], cl cmp dl, 0x64 -je short loc_000159bf ; je 0x159bf +je short loc_00015a4f ; je 0x15a4f test cl, cl -jne short loc_000159bf ; jne 0x159bf +jne short loc_00015a4f ; jne 0x15a4f xor esi, esi cmp dl, 0x49 -jne short loc_000159ee ; jne 0x159ee +jne short loc_00015a7e ; jne 0x15a7e -loc_000159bf: +loc_00015a4f: mov dl, byte [ebp - 0xc8] mov esi, 0xa and dword [ebp - 0xb4], 0xfffffff7 or dword [ebp - 0xb4], 0x80 and edx, 0xffffffdf cmp dl, 0x49 -jne short loc_000159ee ; jne 0x159ee +jne short loc_00015a7e ; jne 0x15a7e mov ecx, dword [ebp - 0xb0] test ecx, ecx cmovne esi, ecx -loc_000159ee: +loc_00015a7e: mov dl, byte [ebp - 0xc8] and edx, 0xffffffdf cmp dl, 0x58 @@ -35412,68 +35469,68 @@ mov byte [ebp - 0xbc], cl mov ecx, 0x10 cmovne esi, ecx cmp dl, 0x55 -jne short loc_00015a22 ; jne 0x15a22 +jne short loc_00015ab2 ; jne 0x15ab2 mov ecx, dword [ebp - 0xb0] mov esi, 0xa test ecx, ecx cmovne esi, ecx -loc_00015a22: +loc_00015ab2: mov cl, byte [ebp - 0xc8] cmp cl, 0x6f -je short loc_00015a3c ; je 0x15a3c +je short loc_00015acc ; je 0x15acc cmp cl, 0x62 -je short loc_00015a43 ; je 0x15a43 +je short loc_00015ad3 ; je 0x15ad3 cmp esi, 1 -ja short loc_00015a48 ; ja 0x15a48 -jmp near loc_00015580 ; jmp 0x15580 +ja short loc_00015ad8 ; ja 0x15ad8 +jmp near loc_00015610 ; jmp 0x15610 -loc_00015a3c: +loc_00015acc: mov esi, 8 -jmp short loc_00015a48 ; jmp 0x15a48 +jmp short loc_00015ad8 ; jmp 0x15ad8 -loc_00015a43: +loc_00015ad3: mov esi, 2 -loc_00015a48: +loc_00015ad8: test byte [ebp - 0xb4], 0x80 -je loc_00015b0d ; je 0x15b0d +je loc_00015b9d ; je 0x15b9d cmp al, 0x6c -jne short loc_00015a5e ; jne 0x15a5e +jne short loc_00015aee ; jne 0x15aee lea eax, [ebx + 4] -jmp short loc_00015a65 ; jmp 0x15a65 +jmp short loc_00015af5 ; jmp 0x15af5 -loc_00015a5e: +loc_00015aee: cmp al, 0x6a -jne short loc_00015a6f ; jne 0x15a6f +jne short loc_00015aff ; jne 0x15aff lea eax, [ebx + 8] -loc_00015a65: +loc_00015af5: mov dword [ebp - 0xb8], eax -loc_00015a6b: +loc_00015afb: mov edx, dword [ebx] -jmp short loc_00015a93 ; jmp 0x15a93 +jmp short loc_00015b23 ; jmp 0x15b23 -loc_00015a6f: +loc_00015aff: lea edx, [ebx + 4] cmp al, 0x7a mov dword [ebp - 0xb8], edx -je short loc_00015a6b ; je 0x15a6b +je short loc_00015afb ; je 0x15afb mov edx, dword [ebx] cmp al, 0x74 -je short loc_00015a93 ; je 0x15a93 +je short loc_00015b23 ; je 0x15b23 cmp al, 0x68 -jne short loc_00015a8b ; jne 0x15a8b +jne short loc_00015b1b ; jne 0x15b1b movsx edx, dx -jmp short loc_00015a93 ; jmp 0x15a93 +jmp short loc_00015b23 ; jmp 0x15b23 -loc_00015a8b: +loc_00015b1b: movsx ecx, dl cmp al, 0x69 cmove edx, ecx -loc_00015a93: +loc_00015b23: mov ecx, edx sar ecx, 0x1f mov eax, ecx @@ -35483,158 +35540,158 @@ mov dword [ebp - 0xb0], eax sar eax, 0x1f mov dword [ebp - 0xac], eax test edx, edx -jns short loc_00015aba ; jns 0x15aba +jns short loc_00015b4a ; jns 0x15b4a mov byte [ebp - 0xa2], 0x2d -jmp short loc_00015ae0 ; jmp 0x15ae0 +jmp short loc_00015b70 ; jmp 0x15b70 -loc_00015aba: +loc_00015b4a: test byte [ebp - 0xb4], 2 -je short loc_00015acc ; je 0x15acc +je short loc_00015b5c ; je 0x15b5c mov byte [ebp - 0xa2], 0x2b -jmp short loc_00015ae0 ; jmp 0x15ae0 +jmp short loc_00015b70 ; jmp 0x15b70 -loc_00015acc: +loc_00015b5c: mov eax, dword [ebp - 0xb4] and eax, 1 neg eax and eax, 0x20 mov byte [ebp - 0xa2], al -loc_00015ae0: +loc_00015b70: cmp byte [ebp - 0xa2], 0 mov dword [ebp - 0xd0], 0 -je loc_00015bc4 ; je 0x15bc4 +je loc_00015c54 ; je 0x15c54 or dword [ebp - 0xb4], 8 mov dword [ebp - 0xd0], 1 -jmp near loc_00015bc4 ; jmp 0x15bc4 +jmp near loc_00015c54 ; jmp 0x15c54 -loc_00015b0d: +loc_00015b9d: cmp al, 0x6c -jne short loc_00015b20 ; jne 0x15b20 +jne short loc_00015bb0 ; jne 0x15bb0 lea eax, [ebx + 4] xor edx, edx mov dword [ebp - 0xb8], eax mov eax, dword [ebx] -jmp short loc_00015b32 ; jmp 0x15b32 +jmp short loc_00015bc2 ; jmp 0x15bc2 -loc_00015b20: +loc_00015bb0: cmp al, 0x6a -jne short loc_00015b40 ; jne 0x15b40 +jne short loc_00015bd0 ; jne 0x15bd0 lea eax, [ebx + 8] mov edx, dword [ebx + 4] mov dword [ebp - 0xb8], eax mov eax, dword [ebx] -loc_00015b32: +loc_00015bc2: mov dword [ebp - 0xb0], eax mov dword [ebp - 0xac], edx -jmp short loc_00015bb3 ; jmp 0x15bb3 +jmp short loc_00015c43 ; jmp 0x15c43 -loc_00015b40: +loc_00015bd0: lea edx, [ebx + 4] cmp al, 0x7a mov dword [ebp - 0xb8], edx -jne short loc_00015b60 ; jne 0x15b60 +jne short loc_00015bf0 ; jne 0x15bf0 mov eax, dword [ebx] mov dword [ebp - 0xb0], eax sar eax, 0x1f mov dword [ebp - 0xac], eax -jmp short loc_00015bb3 ; jmp 0x15bb3 +jmp short loc_00015c43 ; jmp 0x15c43 -loc_00015b60: +loc_00015bf0: cmp al, 0x74 -jne short loc_00015b77 ; jne 0x15b77 +jne short loc_00015c07 ; jne 0x15c07 mov eax, dword [ebx] mov dword [ebp - 0xb0], eax sar eax, 0x1f mov dword [ebp - 0xac], eax -jmp short loc_00015bb3 ; jmp 0x15bb3 +jmp short loc_00015c43 ; jmp 0x15c43 -loc_00015b77: +loc_00015c07: mov edx, dword [ebx] mov dword [ebp - 0xac], 0 mov dword [ebp - 0xb0], edx cmp al, 0x68 -jne short loc_00015b98 ; jne 0x15b98 +jne short loc_00015c28 ; jne 0x15c28 movzx edx, dx mov dword [ebp - 0xb0], edx -jmp short loc_00015ba9 ; jmp 0x15ba9 +jmp short loc_00015c39 ; jmp 0x15c39 -loc_00015b98: +loc_00015c28: cmp al, 0x69 -jne short loc_00015bb3 ; jne 0x15bb3 +jne short loc_00015c43 ; jne 0x15c43 movzx eax, byte [ebp - 0xb0] mov dword [ebp - 0xb0], eax -loc_00015ba9: +loc_00015c39: mov dword [ebp - 0xac], 0 -loc_00015bb3: +loc_00015c43: mov byte [ebp - 0xa2], 0x30 mov dword [ebp - 0xd0], 0 -loc_00015bc4: +loc_00015c54: mov eax, dword [ebp - 0xb0] mov edx, dword [ebp - 0xac] mov ebx, eax or ebx, edx setne al -je short loc_00015bf2 ; je 0x15bf2 +je short loc_00015c82 ; je 0x15c82 cmp byte [ebp - 0xc8], 0x6f mov edx, 1 cmovne edx, dword [ebp - 0xd0] mov dword [ebp - 0xd0], edx -loc_00015bf2: +loc_00015c82: cmp byte [ebp - 0xbc], 0 -jne short loc_00015c04 ; jne 0x15c04 +jne short loc_00015c94 ; jne 0x15c94 cmp byte [ebp - 0xc8], 0x62 -jne short loc_00015c32 ; jne 0x15c32 +jne short loc_00015cc2 ; jne 0x15cc2 -loc_00015c04: +loc_00015c94: test byte [ebp - 0xb4], 0x20 -jne short loc_00015c19 ; jne 0x15c19 +jne short loc_00015ca9 ; jne 0x15ca9 test al, al -je short loc_00015c32 ; je 0x15c32 +je short loc_00015cc2 ; je 0x15cc2 mov al, byte [ebp - 0xc8] -jmp short loc_00015c22 ; jmp 0x15c22 +jmp short loc_00015cb2 ; jmp 0x15cb2 -loc_00015c19: +loc_00015ca9: mov al, byte [ebp - 0xc8] or eax, 0x20 -loc_00015c22: +loc_00015cb2: mov byte [ebp - 0xa1], al mov dword [ebp - 0xd0], 2 -loc_00015c32: +loc_00015cc2: test byte [ebp - 0xb4], 8 -je short loc_00015c49 ; je 0x15c49 +je short loc_00015cd9 ; je 0x15cd9 lea eax, [ebp - 0xa2] mov dword [ebp - 0xec], eax -jmp short loc_00015c5d ; jmp 0x15c5d +jmp short loc_00015ced ; jmp 0x15ced -loc_00015c49: +loc_00015cd9: mov dword [ebp - 0xec], 0 mov dword [ebp - 0xd0], 0 -loc_00015c5d: +loc_00015ced: cmp esi, 0xa -jne short loc_00015cc8 ; jne 0x15cc8 +jne short loc_00015d58 ; jne 0x15d58 mov dword [ebp - 0xbc], 0 lea esi, [ebp - 0xa0] -loc_00015c72: +loc_00015d02: mov edx, dword [ebp - 0xac] mov eax, dword [ebp - 0xb0] mov ebx, edx or ebx, eax -je loc_00015e16 ; je 0x15e16 +je loc_00015ea6 ; je 0x15ea6 push esi push 0xa push dword [ebp - 0xac] push dword [ebp - 0xb0] -call fcn_0001743e ; call 0x1743e +call fcn_00017502 ; call 0x17502 mov bl, byte [ebp - 0xa0] add esp, 0x10 inc dword [ebp - 0xbc] @@ -35644,58 +35701,58 @@ mov dword [ebp - 0xac], edx lea edx, [ebx + 0x30] neg eax mov byte [eax + ebp - 0x18], dl -jmp short loc_00015c72 ; jmp 0x15c72 +jmp short loc_00015d02 ; jmp 0x15d02 -loc_00015cc8: +loc_00015d58: cmp byte [ebp - 0xc8], 0x75 sete byte [ebp - 0xdc] cmp esi, 8 sete dl cmp esi, 2 -je short loc_00015cf9 ; je 0x15cf9 +je short loc_00015d89 ; je 0x15d89 test dl, dl -jne short loc_00015cf9 ; jne 0x15cf9 +jne short loc_00015d89 ; jne 0x15d89 cmp esi, 0x10 -je short loc_00015cf9 ; je 0x15cf9 +je short loc_00015d89 ; je 0x15d89 mov dword [ebp - 0xbc], 0 -jmp near loc_00015dfd ; jmp 0x15dfd +jmp near loc_00015e8d ; jmp 0x15e8d -loc_00015cf9: +loc_00015d89: lea eax, [esi - 1] cmp esi, 0x10 -je short loc_00015d0e ; je 0x15d0e +je short loc_00015d9e ; je 0x15d9e cmp dl, 1 sbb ecx, ecx and ecx, 0xfffffffe add ecx, 3 -jmp short loc_00015d13 ; jmp 0x15d13 +jmp short loc_00015da3 ; jmp 0x15da3 -loc_00015d0e: +loc_00015d9e: mov ecx, 4 -loc_00015d13: +loc_00015da3: mov dword [ebp - 0xbc], 0 -loc_00015d1d: +loc_00015dad: mov esi, dword [ebp - 0xac] mov ebx, dword [ebp - 0xb0] mov edx, esi or edx, ebx -je loc_00015e16 ; je 0x15e16 +je loc_00015ea6 ; je 0x15ea6 mov edx, dword [ebp - 0xb0] and edx, eax cmp byte [ebp - 0xc8], 0x78 -mov dl, byte [edx + ref_00020464] ; mov dl, byte [edx + 0x20464] -je short loc_00015d5c ; je 0x15d5c +mov dl, byte [edx + ref_000204f4] ; mov dl, byte [edx + 0x204f4] +je short loc_00015dec ; je 0x15dec cmp byte [ebp - 0xd8], 0 -jne short loc_00015d5c ; jne 0x15d5c +jne short loc_00015dec ; jne 0x15dec cmp byte [ebp - 0xdc], 0 -je short loc_00015d5f ; je 0x15d5f +je short loc_00015def ; je 0x15def -loc_00015d5c: +loc_00015dec: or edx, 0x20 -loc_00015d5f: +loc_00015def: inc dword [ebp - 0xbc] mov esi, dword [ebp - 0xbc] mov ebx, dword [ebp - 0xb0] @@ -35710,22 +35767,22 @@ cmovne ebx, esi cmovne esi, edx mov dword [ebp - 0xb0], ebx mov dword [ebp - 0xac], esi -jmp short loc_00015d1d ; jmp 0x15d1d +jmp short loc_00015dad ; jmp 0x15dad -loc_00015d9b: +loc_00015e2b: push eax push esi push dword [ebp - 0xac] push dword [ebp - 0xb0] -call fcn_000173ac ; call 0x173ac +call fcn_00017470 ; call 0x17470 add esp, 0x10 cmp byte [ebp - 0xdc], 0 -mov al, byte [eax + ref_00020464] ; mov al, byte [eax + 0x20464] -jne short loc_00015e11 ; jne 0x15e11 +mov al, byte [eax + ref_000204f4] ; mov al, byte [eax + 0x204f4] +jne short loc_00015ea1 ; jne 0x15ea1 cmp byte [ebp - 0xd8], 0 -jne short loc_00015e11 ; jne 0x15e11 +jne short loc_00015ea1 ; jne 0x15ea1 -loc_00015dc9: +loc_00015e59: inc dword [ebp - 0xbc] mov edx, dword [ebp - 0xbc] neg edx @@ -35734,27 +35791,27 @@ push eax push esi push dword [ebp - 0xac] push dword [ebp - 0xb0] -call fcn_000173f5 ; call 0x173f5 +call fcn_000174b9 ; call 0x174b9 add esp, 0x10 mov dword [ebp - 0xb0], eax mov dword [ebp - 0xac], edx -loc_00015dfd: +loc_00015e8d: mov edx, dword [ebp - 0xac] mov eax, dword [ebp - 0xb0] mov ebx, edx or ebx, eax -jne short loc_00015d9b ; jne 0x15d9b -jmp short loc_00015e16 ; jmp 0x15e16 +jne short loc_00015e2b ; jne 0x15e2b +jmp short loc_00015ea6 ; jmp 0x15ea6 -loc_00015e11: +loc_00015ea1: or eax, 0x20 -jmp short loc_00015dc9 ; jmp 0x15dc9 +jmp short loc_00015e59 ; jmp 0x15e59 -loc_00015e16: +loc_00015ea6: cmp dword [ebp - 0xcc], 0 mov dword [ebp - 0xe8], 0 -je loc_00015fd0 ; je 0x15fd0 +je loc_00016060 ; je 0x16060 mov eax, dword [ebp - 0xe0] mov ebx, dword [ebp - 0xcc] mov ecx, dword [ebp - 0xbc] @@ -35766,41 +35823,41 @@ xor eax, eax mov dword [ebp - 0xb0], ecx mov byte [ebp - 0xe4], 0 -loc_00015e68: +loc_00015ef8: cmp dword [ebp - 0xb0], 0 -je loc_00015fd0 ; je 0x15fd0 +je loc_00016060 ; je 0x16060 cmp dword [ebp - 0xcc], 0 -je loc_000160d2 ; je 0x160d2 +je loc_00016162 ; je 0x16162 mov ebx, dword [ebp - 0xd8] mov al, byte [ebx] cmp al, 0x2d -je loc_00015fd0 ; je 0x15fd0 +je loc_00016060 ; je 0x16060 cmp al, 0x2a -je short loc_00015eb3 ; je 0x15eb3 +je short loc_00015f43 ; je 0x15f43 mov ecx, dword [ebp - 0xcc] mov edx, 1 xor eax, eax sub ebx, ecx mov dword [ebp - 0xdc], ecx mov dword [ebp - 0xe4], ebx -jmp short loc_00015f03 ; jmp 0x15f03 +jmp short loc_00015f93 ; jmp 0x15f93 -loc_00015eb3: +loc_00015f43: mov eax, dword [ebp - 0xb8] lea esi, [eax + 4] mov eax, dword [eax] test eax, eax -js loc_00015fca ; js 0x15fca +js loc_0001605a ; js 0x1605a mov ecx, dword [ebp - 0xd8] mov edx, dword [ebp - 0xcc] mov dword [ebp - 0xb8], esi dec ecx dec edx mov dword [ebp - 0xdc], edx -jne short loc_00015f39 ; jne 0x15f39 -jmp near loc_00015fd0 ; jmp 0x15fd0 +jne short loc_00015fc9 ; jne 0x15fc9 +jmp near loc_00016060 ; jmp 0x16060 -loc_00015ee7: +loc_00015f77: movsx esi, bl sub esi, 0x30 imul esi, edx @@ -35808,9 +35865,9 @@ imul ebx, edx, 0xa add eax, esi dec dword [ebp - 0xdc] mov edx, ebx -je loc_00015fd0 ; je 0x15fd0 +je loc_00016060 ; je 0x16060 -loc_00015f03: +loc_00015f93: mov ebx, dword [ebp - 0xdc] mov esi, dword [ebp - 0xe4] mov dword [ebp - 0xf0], eax @@ -35824,9 +35881,9 @@ sub esi, 0x30 mov eax, esi cmp al, 9 mov eax, dword [ebp - 0xf0] -jbe short loc_00015ee7 ; jbe 0x15ee7 +jbe short loc_00015f77 ; jbe 0x15f77 -loc_00015f39: +loc_00015fc9: mov dl, byte [ecx] lea ebx, [ecx - 1] mov ecx, dword [ebp - 0xdc] @@ -35835,26 +35892,26 @@ mov byte [ebp - 0xe4], dl dec ecx mov dword [ebp - 0xcc], ecx test eax, eax -je short loc_00015fbb ; je 0x15fbb +je short loc_0001604b ; je 0x1604b -loc_00015f5b: +loc_00015feb: mov esi, dword [ebp - 0xb0] cmp esi, eax -jle short loc_00015fd0 ; jle 0x15fd0 +jle short loc_00016060 ; jle 0x16060 lea ecx, [ebp - 0x9a] sub esi, eax add ecx, dword [ebp - 0xc8] xor edx, edx -loc_00015f75: +loc_00016005: cmp edx, esi -je short loc_00015f83 ; je 0x15f83 +je short loc_00016013 ; je 0x16013 mov bl, byte [ecx + edx] mov byte [ecx + edx - 1], bl inc edx -jmp short loc_00015f75 ; jmp 0x15f75 +jmp short loc_00016005 ; jmp 0x16005 -loc_00015f83: +loc_00016013: mov ecx, dword [ebp - 0xb0] dec dword [ebp - 0xc8] add ecx, dword [ebp - 0xc8] @@ -35864,26 +35921,26 @@ sub ecx, eax inc dword [ebp - 0xe8] mov byte [ebp + ecx - 0x9a], bl mov dword [ebp - 0xb0], edx -jmp near loc_00015e68 ; jmp 0x15e68 +jmp near loc_00015ef8 ; jmp 0x15ef8 -loc_00015fbb: +loc_0001604b: cmp dword [ebp - 0xcc], 0 -jne loc_00015e68 ; jne 0x15e68 -jmp short loc_00015fd0 ; jmp 0x15fd0 +jne loc_00015ef8 ; jne 0x15ef8 +jmp short loc_00016060 ; jmp 0x16060 -loc_00015fca: +loc_0001605a: mov dword [ebp - 0xb8], esi -loc_00015fd0: +loc_00016060: cmp dword [ebp - 0xc0], 0 -js short loc_00015fe2 ; js 0x15fe2 +js short loc_00016072 ; js 0x16072 and dword [ebp - 0xb4], 0xffffffef -jmp short loc_00015fec ; jmp 0x15fec +jmp short loc_0001607c ; jmp 0x1607c -loc_00015fe2: +loc_00016072: mov dword [ebp - 0xc0], 1 -loc_00015fec: +loc_0001607c: mov ebx, dword [ebp - 0xbc] mov eax, dword [ebp - 0xc0] add eax, dword [ebp - 0xe8] @@ -35901,13 +35958,13 @@ cmovl ecx, edx mov edx, dword [ebp - 0xb4] xor eax, eax and edx, 4 -je short loc_0001602f ; je 0x1602f +je short loc_000160bf ; je 0x160bf mov eax, ecx xor ecx, ecx -loc_0001602f: +loc_000160bf: test byte [ebp - 0xb4], 0x40 -je short loc_00016047 ; je 0x16047 +je short loc_000160d7 ; je 0x160d7 add eax, ecx xor ecx, ecx test edx, edx @@ -35916,15 +35973,15 @@ add ecx, eax sar ecx, 1 sub eax, ecx -loc_00016047: +loc_000160d7: sub esi, dword [ebp - 0xbc] mov edx, esi test byte [ebp - 0xb4], 0x10 -je short loc_0001605c ; je 0x1605c +je short loc_000160ec ; je 0x160ec add edx, ecx xor ecx, ecx -loc_0001605c: +loc_000160ec: mov esi, dword [ebp - 0xbc] push ebx push ebx @@ -35939,45 +35996,45 @@ push edx push dword [ebp - 0xd0] push dword [ebp - 0xec] lea edx, [ebp + 0xc] -call fcn_0001544e ; call 0x1544e +call fcn_000154de ; call 0x154de mov ebx, dword [ebp - 0xb8] add esp, 0x20 -loc_00016095: +loc_00016125: test eax, eax -js loc_00015580 ; js 0x15580 +js loc_00015610 ; js 0x15610 -loc_0001609d: +loc_0001612d: add dword [ebp - 0xd4], eax lea eax, [edi + 1] -jmp near loc_000155a1 ; jmp 0x155a1 +jmp near loc_00015631 ; jmp 0x15631 -loc_000160ab: +loc_0001613b: mov eax, dword [ebp - 0xd4] -jmp short loc_000160e6 ; jmp 0x160e6 +jmp short loc_00016176 ; jmp 0x16176 -loc_000160b3: -sub eax, ref_000204ac ; sub eax, 0x204ac +loc_00016143: +sub eax, ref_0002053c ; sub eax, 0x2053c inc edi -mov eax, dword [eax*4 + ref_0002048c] ; mov eax, dword [eax*4 + 0x2048c] +mov eax, dword [eax*4 + ref_0002051c] ; mov eax, dword [eax*4 + 0x2051c] or dword [ebp - 0xb4], eax -jmp near loc_000155d6 ; jmp 0x155d6 +jmp near loc_00015666 ; jmp 0x15666 -loc_000160cb: +loc_0001615b: mov edi, esi -jmp near loc_00015790 ; jmp 0x15790 +jmp near loc_00015820 ; jmp 0x15820 -loc_000160d2: +loc_00016162: test eax, eax -jne loc_00015f5b ; jne 0x15f5b -jmp near loc_00015fd0 ; jmp 0x15fd0 +jne loc_00015feb ; jne 0x15feb +jmp near loc_00016060 ; jmp 0x16060 -loc_000160df: +loc_0001616f: add ebx, 4 xor eax, eax -jmp short loc_0001609d ; jmp 0x1609d +jmp short loc_0001612d ; jmp 0x1612d -loc_000160e6: +loc_00016176: lea esp, [ebp - 0xc] pop ebx pop esi @@ -35985,9 +36042,9 @@ pop edi pop ebp ret -fcn_000160ee: ; not directly referenced +fcn_0001617e: ; not directly referenced push ebp -mov edx, dword [ref_00029b08] ; mov edx, dword [0x29b08] +mov edx, dword [ref_00029bb8] ; mov edx, dword [0x29bb8] mov ebp, esp mov eax, dword [ebp + 0xc] mov dword [eax], edx @@ -35995,37 +36052,37 @@ xor eax, eax pop ebp ret -fcn_00016100: ; not directly referenced +fcn_00016190: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] pop ebp -mov dword [ref_00029b08], eax ; mov dword [0x29b08], eax +mov dword [ref_00029bb8], eax ; mov dword [0x29bb8], eax xor eax, eax ret -fcn_0001610f: ; not directly referenced +fcn_0001619f: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_00016116: ; not directly referenced +fcn_000161a6: ; not directly referenced push ebp mov ebp, esp pop ebp -jmp near fcn_0001707a ; jmp 0x1707a +jmp near fcn_0001713e ; jmp 0x1713e -fcn_0001611f: ; not directly referenced +fcn_000161af: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, eax push edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016175 ; je 0x16175 +je short loc_00016205 ; je 0x16205 movzx eax, byte [ebx + 0xf] sub esp, 0xc push eax @@ -36048,17 +36105,17 @@ push eax movzx eax, word [ebx + 4] push eax push dword [ebx] -push ref_000253ae ; push 0x253ae +push ref_0002545d ; push 0x2545d push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x40 -loc_00016175: ; not directly referenced +loc_00016205: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0001617a: ; not directly referenced +fcn_0001620a: ; not directly referenced push ebp mov ebp, esp push edi @@ -36067,82 +36124,82 @@ push ebx sub esp, 0xc mov ebx, dword [ebp + 0xc] -loc_00016186: ; not directly referenced -mov esi, ref_00029a8c ; mov esi, 0x29a8c +loc_00016216: ; not directly referenced +mov esi, ref_00029b3c ; mov esi, 0x29b3c xor edi, edi -loc_0001618d: ; not directly referenced -cmp edi, dword [ref_00029c00] ; cmp edi, dword [0x29c00] -jae short loc_000161d7 ; jae 0x161d7 +loc_0001621d: ; not directly referenced +cmp edi, dword [ref_00029cb0] ; cmp edi, dword [0x29cb0] +jae short loc_00016267 ; jae 0x16267 push eax add esi, 0xc push eax push dword [ebx + 4] push dword [esi + 0x7c] -call fcn_00016e24 ; call 0x16e24 +call fcn_00016ee8 ; call 0x16ee8 add esp, 0x10 test al, al -je short loc_000161d4 ; je 0x161d4 -call fcn_000153e9 ; call 0x153e9 +je short loc_00016264 ; je 0x16264 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000161ca ; je 0x161ca +je short loc_0001625a ; je 0x1625a push esi -push ref_000204f4 ; push 0x204f4 -push ref_000253e2 ; push 0x253e2 +push ref_00020584 ; push 0x20584 +push ref_00025491 ; push 0x25491 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000161ca: ; not directly referenced +loc_0001625a: ; not directly referenced mov eax, dword [ebx + 4] -call fcn_0001611f ; call 0x1611f -jmp short loc_000161d7 ; jmp 0x161d7 +call fcn_000161af ; call 0x161af +jmp short loc_00016267 ; jmp 0x16267 -loc_000161d4: ; not directly referenced +loc_00016264: ; not directly referenced inc edi -jmp short loc_0001618d ; jmp 0x1618d +jmp short loc_0001621d ; jmp 0x1621d -loc_000161d7: ; not directly referenced -cmp edi, dword [ref_00029c00] ; cmp edi, dword [0x29c00] -jne short loc_00016214 ; jne 0x16214 +loc_00016267: ; not directly referenced +cmp edi, dword [ref_00029cb0] ; cmp edi, dword [0x29cb0] +jne short loc_000162a4 ; jne 0x162a4 cmp edi, 0x13 -jbe short loc_0001620c ; jbe 0x1620c -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0001629c ; jbe 0x1629c +call fcn_00015479 ; call 0x15479 mov ebx, 0x80000009 test al, al -je short loc_0001626c ; je 0x1626c +je short loc_000162fc ; je 0x162fc push ecx -push ref_000204f4 ; push 0x204f4 -push ref_000253f6 ; push 0x253f6 +push ref_00020584 ; push 0x20584 +push ref_000254a5 ; push 0x254a5 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0001626c ; jmp 0x1626c +jmp short loc_000162fc ; jmp 0x162fc -loc_0001620c: ; not directly referenced +loc_0001629c: ; not directly referenced lea eax, [edi + 1] -mov dword [ref_00029c00], eax ; mov dword [0x29c00], eax +mov dword [ref_00029cb0], eax ; mov dword [0x29cb0], eax -loc_00016214: ; not directly referenced +loc_000162a4: ; not directly referenced imul edi, edi, 0xc mov ecx, 3 mov esi, ebx -add edi, ref_00029b10 ; add edi, 0x29b10 +add edi, ref_00029bc0 ; add edi, 0x29bc0 rep movsd ; rep movsd dword es:[edi], dword ptr [esi] -mov edi, ref_00029c04 ; mov edi, 0x29c04 +mov edi, ref_00029cb4 ; mov edi, 0x29cb4 xor esi, esi -loc_0001622d: ; not directly referenced -cmp esi, dword [ref_00029cf4] ; cmp esi, dword [0x29cf4] -jae short loc_0001625d ; jae 0x1625d +loc_000162bd: ; not directly referenced +cmp esi, dword [ref_00029da4] ; cmp esi, dword [0x29da4] +jae short loc_000162ed ; jae 0x162ed push edx push edx push dword [ebx + 4] push dword [edi + 4] -call fcn_00016e24 ; call 0x16e24 +call fcn_00016ee8 ; call 0x16ee8 add esp, 0x10 test al, al -je short loc_00016257 ; je 0x16257 +je short loc_000162e7 ; je 0x162e7 push eax push dword [ebx + 8] push edi @@ -36150,19 +36207,19 @@ push dword [ebp + 8] call dword [edi + 8] ; ucall add esp, 0x10 -loc_00016257: ; not directly referenced +loc_000162e7: ; not directly referenced inc esi add edi, 0xc -jmp short loc_0001622d ; jmp 0x1622d +jmp short loc_000162bd ; jmp 0x162bd -loc_0001625d: ; not directly referenced +loc_000162ed: ; not directly referenced mov eax, dword [ebx] add ebx, 0xc test eax, eax -jns loc_00016186 ; jns 0x16186 +jns loc_00016216 ; jns 0x16216 xor ebx, ebx -loc_0001626c: ; not directly referenced +loc_000162fc: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -36171,56 +36228,56 @@ pop edi pop ebp ret -fcn_00016276: ; not directly referenced +fcn_00016306: ; not directly referenced push ebp mov ebp, esp push edi push esi -mov esi, ref_00029b10 ; mov esi, 0x29b10 +mov esi, ref_00029bc0 ; mov esi, 0x29bc0 push ebx xor ebx, ebx sub esp, 0xc -loc_00016286: ; not directly referenced -cmp ebx, dword [ref_00029c00] ; cmp ebx, dword [0x29c00] -jae short loc_000162b6 ; jae 0x162b6 +loc_00016316: ; not directly referenced +cmp ebx, dword [ref_00029cb0] ; cmp ebx, dword [0x29cb0] +jae short loc_00016346 ; jae 0x16346 push eax mov edi, esi push eax add esi, 0xc push dword [esi - 8] push dword [ebp + 0xc] -call fcn_00016e24 ; call 0x16e24 +call fcn_00016ee8 ; call 0x16ee8 add esp, 0x10 test al, al -je short loc_000162b3 ; je 0x162b3 +je short loc_00016343 ; je 0x16343 mov eax, dword [ebp + 0x18] mov edx, dword [edi + 8] mov dword [eax], edx xor eax, eax -jmp short loc_000162e4 ; jmp 0x162e4 +jmp short loc_00016374 ; jmp 0x16374 -loc_000162b3: ; not directly referenced +loc_00016343: ; not directly referenced inc ebx -jmp short loc_00016286 ; jmp 0x16286 +jmp short loc_00016316 ; jmp 0x16316 -loc_000162b6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_00016346: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_000162d7 ; je 0x162d7 +je short loc_00016367 ; je 0x16367 push ebx -push ref_000204dc ; push 0x204dc -push ref_00025411 ; push 0x25411 +push ref_0002056c ; push 0x2056c +push ref_000254c0 ; push 0x254c0 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_000162d7: ; not directly referenced +loc_00016367: ; not directly referenced mov eax, dword [ebp + 0xc] -call fcn_0001611f ; call 0x1611f +call fcn_000161af ; call 0x161af mov eax, 0x8000000e -loc_000162e4: ; not directly referenced +loc_00016374: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -36228,7 +36285,7 @@ pop edi pop ebp ret -fcn_000162ec: ; not directly referenced +fcn_0001637c: ; not directly referenced push ebp xor eax, eax mov ebp, esp @@ -36236,49 +36293,49 @@ push edi push esi push ebx sub esp, 0xc -mov ebx, dword [ref_00029cf4] ; mov ebx, dword [0x29cf4] +mov ebx, dword [ref_00029da4] ; mov ebx, dword [0x29da4] imul edx, ebx, 0xc -loc_00016300: ; not directly referenced +loc_00016390: ; not directly referenced cmp ebx, 0x13 -jbe short loc_00016325 ; jbe 0x16325 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_000163b5 ; jbe 0x163b5 +call fcn_00015479 ; call 0x15479 mov esi, 0x80000009 test al, al -je short loc_0001636c ; je 0x1636c +je short loc_000163fc ; je 0x163fc push eax -push ref_000204e8 ; push 0x204e8 -push ref_0002542e ; push 0x2542e +push ref_00020578 ; push 0x20578 +push ref_000254dd ; push 0x254dd push 0x80000000 -jmp short loc_00016364 ; jmp 0x16364 +jmp short loc_000163f4 ; jmp 0x163f4 -loc_00016325: ; not directly referenced +loc_000163b5: ; not directly referenced mov esi, dword [ebp + 0xc] inc ebx mov ecx, 3 -mov dword [ref_00029cf4], ebx ; mov dword [0x29cf4], ebx -lea edi, [eax + edx + ref_00029c04] ; lea edi, [eax + edx + 0x29c04] +mov dword [ref_00029da4], ebx ; mov dword [0x29da4], ebx +lea edi, [eax + edx + ref_00029cb4] ; lea edi, [eax + edx + 0x29cb4] add esi, eax rep movsd ; rep movsd dword es:[edi], dword ptr [esi] mov edi, dword [ebp + 0xc] mov ecx, dword [edi + eax] add eax, 0xc test ecx, ecx -jns short loc_00016300 ; jns 0x16300 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00016390 ; jns 0x16390 +call fcn_00015479 ; call 0x15479 xor esi, esi test al, al -je short loc_0001636c ; je 0x1636c +je short loc_000163fc ; je 0x163fc push ebx -push ref_000204e8 ; push 0x204e8 -push ref_0002544e ; push 0x2544e +push ref_00020578 ; push 0x20578 +push ref_000254fd ; push 0x254fd push 0x40 -loc_00016364: ; not directly referenced -call fcn_000153f7 ; call 0x153f7 +loc_000163f4: ; not directly referenced +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001636c: ; not directly referenced +loc_000163fc: ; not directly referenced lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -36287,37 +36344,37 @@ pop edi pop ebp ret -fcn_00016376: ; not directly referenced +fcn_00016406: ; not directly referenced push ebp -mov eax, ref_00029a8c ; mov eax, 0x29a8c +mov eax, ref_00029b3c ; mov eax, 0x29b3c mov ebp, esp pop ebp ret -fcn_00016380: +fcn_00016410: push ebp -mov eax, dword [ref_00029b0c] ; mov eax, dword [0x29b0c] +mov eax, dword [ref_00029bbc] ; mov eax, dword [0x29bbc] mov ebp, esp pop ebp ret -fcn_0001638a: ; not directly referenced -mov eax, dword [ref_00029cfc] ; mov eax, dword [0x29cfc] +fcn_0001641a: ; not directly referenced +mov eax, dword [ref_00029dac] ; mov eax, dword [0x29dac] push ebp mov ebp, esp mov edx, dword [ebp + 8] test eax, eax -je short loc_000163a2 ; je 0x163a2 +je short loc_00016432 ; je 0x16432 movzx edx, dl mov dword [ebp + 8], edx pop ebp jmp eax -loc_000163a2: ; not directly referenced +loc_00016432: ; not directly referenced pop ebp ret -fcn_000163a4: +fcn_00016434: push ebp mov ebp, esp push ebx @@ -36325,163 +36382,163 @@ push eax mov ebx, dword [ebp + 8] mov eax, dword [ebx] cmp eax, 0x16 -je short loc_000163cb ; je 0x163cb +je short loc_0001645b ; je 0x1645b push ebx push 0x16 push eax -push ref_0002545f ; push 0x2545f -call fcn_000153ce ; call 0x153ce +push ref_0002550e ; push 0x2550e +call fcn_0001545e ; call 0x1545e add esp, 0x10 xor eax, eax -jmp near loc_00016524 ; jmp 0x16524 +jmp near loc_000165b4 ; jmp 0x165b4 -loc_000163cb: +loc_0001645b: mov eax, dword [ebx + 0xca] push ecx push ecx push 0x270 -push ref_00029a8c ; push 0x29a8c -mov dword [ref_00029cfc], eax ; mov dword [0x29cfc], eax -call fcn_00016f3b ; call 0x16f3b +push ref_00029b3c ; push 0x29b3c +mov dword [ref_00029dac], eax ; mov dword [0x29dac], eax +call fcn_00016fff ; call 0x16fff add esp, 0x10 -mov dword [ref_00029b0c], ebx ; mov dword [0x29b0c], ebx +mov dword [ref_00029bbc], ebx ; mov dword [0x29bbc], ebx cmp dword [ebx + 8], 3 -mov dword [ref_00029a8c], 0xfeaddeaf ; mov dword [0x29a8c], 0xfeaddeaf -jne short loc_00016425 ; jne 0x16425 +mov dword [ref_00029b3c], 0xfeaddeaf ; mov dword [0x29b3c], 0xfeaddeaf +jne short loc_000164b5 ; jne 0x164b5 cmp dword [ebx + 0x8f6], 0 -je short loc_00016425 ; je 0x16425 +je short loc_000164b5 ; je 0x164b5 sub esp, 0xc -push ref_00025483 ; push 0x25483 -call fcn_000153ce ; call 0x153ce +push ref_00025532 ; push 0x25532 +call fcn_0001545e ; call 0x1545e add esp, 0x10 -mov dword [ref_00029b08], 0x11 ; mov dword [0x29b08], 0x11 -jmp short loc_0001642f ; jmp 0x1642f +mov dword [ref_00029bb8], 0x11 ; mov dword [0x29bb8], 0x11 +jmp short loc_000164bf ; jmp 0x164bf -loc_00016425: -mov dword [ref_00029b08], 6 ; mov dword [0x29b08], 6 +loc_000164b5: +mov dword [ref_00029bb8], 6 ; mov dword [0x29bb8], 6 -loc_0001642f: +loc_000164bf: sub esp, 0xc -push ref_00029a88 ; push 0x29a88 -mov dword [ref_00029b14], ref_00028fec ; mov dword [0x29b14], 0x28fec -mov dword [ref_00029c00], 1 ; mov dword [0x29c00], 1 -mov dword [ref_00029ab0], fcn_00016276 ; mov dword [0x29ab0], 0x16276 -mov dword [ref_00029ab8], fcn_000160ee ; mov dword [0x29ab8], 0x160ee -mov dword [ref_00029abc], fcn_00016100 ; mov dword [0x29abc], 0x16100 -mov dword [ref_00029ac0], fcn_0001d4a5 ; mov dword [0x29ac0], 0x1d4a5 -mov dword [ref_00029ac4], fcn_0001d3db ; mov dword [0x29ac4], 0x1d3db -mov dword [ref_00029ab4], fcn_000162ec ; mov dword [0x29ab4], 0x162ec -mov dword [ref_00029aa8], fcn_0001617a ; mov dword [0x29aa8], 0x1617a -mov dword [ref_00029adc], fcn_0001d351 ; mov dword [0x29adc], 0x1d351 -mov dword [ref_00029ae0], fcn_00016116 ; mov dword [0x29ae0], 0x16116 -mov dword [ref_00029b04], fcn_0001610f ; mov dword [0x29b04], 0x1610f -mov dword [ref_00029a88], ref_00029a90 ; mov dword [0x29a88], 0x29a90 -call fcn_00019a38 ; call 0x19a38 +push ref_00029b38 ; push 0x29b38 +mov dword [ref_00029bc4], ref_0002909c ; mov dword [0x29bc4], 0x2909c +mov dword [ref_00029cb0], 1 ; mov dword [0x29cb0], 1 +mov dword [ref_00029b60], fcn_00016306 ; mov dword [0x29b60], 0x16306 +mov dword [ref_00029b68], fcn_0001617e ; mov dword [0x29b68], 0x1617e +mov dword [ref_00029b6c], fcn_00016190 ; mov dword [0x29b6c], 0x16190 +mov dword [ref_00029b70], fcn_0001d569 ; mov dword [0x29b70], 0x1d569 +mov dword [ref_00029b74], fcn_0001d49f ; mov dword [0x29b74], 0x1d49f +mov dword [ref_00029b64], fcn_0001637c ; mov dword [0x29b64], 0x1637c +mov dword [ref_00029b58], fcn_0001620a ; mov dword [0x29b58], 0x1620a +mov dword [ref_00029b8c], fcn_0001d415 ; mov dword [0x29b8c], 0x1d415 +mov dword [ref_00029b90], fcn_000161a6 ; mov dword [0x29b90], 0x161a6 +mov dword [ref_00029bb4], fcn_0001619f ; mov dword [0x29bb4], 0x1619f +mov dword [ref_00029b38], ref_00029b40 ; mov dword [0x29b38], 0x29b40 +call fcn_00019afc ; call 0x19afc pop eax pop edx -push ref_00029a88 ; push 0x29a88 +push ref_00029b38 ; push 0x29b38 push 0 -call fcn_0001adbe ; call 0x1adbe -mov dword [esp], ref_00025493 ; mov dword [esp], 0x25493 -call fcn_000153ce ; call 0x153ce +call fcn_0001ae82 ; call 0x1ae82 +mov dword [esp], ref_00025542 ; mov dword [esp], 0x25542 +call fcn_0001545e ; call 0x1545e pop ecx pop ebx -push ref_00029a88 ; push 0x29a88 +push ref_00029b38 ; push 0x29b38 push 0 -call fcn_00016c36 ; call 0x16c36 -mov dword [esp], ref_000254a8 ; mov dword [esp], 0x254a8 -call fcn_000153ce ; call 0x153ce +call fcn_00016cfa ; call 0x16cfa +mov dword [esp], ref_00025557 ; mov dword [esp], 0x25557 +call fcn_0001545e ; call 0x1545e pop eax pop edx -push ref_00029a88 ; push 0x29a88 +push ref_00029b38 ; push 0x29b38 push 0 -call fcn_0001653b ; call 0x1653b +call fcn_000165cb ; call 0x165cb pop ecx pop ebx -push ref_00029a88 ; push 0x29a88 +push ref_00029b38 ; push 0x29b38 push 0 -call fcn_0001b8a7 ; call 0x1b8a7 +call fcn_0001b96b ; call 0x1b96b pop eax pop edx -push ref_00029a88 ; push 0x29a88 +push ref_00029b38 ; push 0x29b38 push 0 -call fcn_0001b002 ; call 0x1b002 +call fcn_0001b0c6 ; call 0x1b0c6 add esp, 0x10 -mov eax, ref_00029a88 ; mov eax, 0x29a88 +mov eax, ref_00029b38 ; mov eax, 0x29b38 -loc_00016524: +loc_000165b4: mov ebx, dword [ebp - 4] leave ret -fcn_00016529: ; not directly referenced +fcn_000165b9: ; not directly referenced push ebp mov ebp, esp sub esp, 0x14 push dword [ebp + 0x10] -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 xor eax, eax leave ret -fcn_0001653b: +fcn_000165cb: push ebp mov ebp, esp push ebx sub esp, 0x10 -push ref_00028f78 ; push 0x28f78 -call fcn_00019667 ; call 0x19667 +push ref_00029028 ; push 0x29028 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00016590 ; je 0x16590 +je short loc_00016620 ; je 0x16620 test ebx, ebx -jns short loc_00016590 ; jns 0x16590 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00016620 ; jns 0x16620 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001657b ; je 0x1657b +je short loc_0001660b ; je 0x1660b push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001657b: +loc_0001660b: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x42 -push ref_000254bf ; push 0x254bf -call fcn_000153fc ; call 0x153fc +push ref_0002556e ; push 0x2556e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016590: +loc_00016620: mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_00016597: +fcn_00016627: push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_0001659e: ; not directly referenced +fcn_0001662e: ; not directly referenced push ebp mov ebp, esp pop ebp ret -fcn_000165a3: ; not directly referenced +fcn_00016633: ; not directly referenced push ebp mov ebp, esp pop ebp ret -fcn_000165a8: ; not directly referenced +fcn_00016638: ; not directly referenced push ebp mov ebp, esp push edi @@ -36493,23 +36550,23 @@ mov edx, dword [ebp + 8] mov word [ebp - 0x2a], cx mov dword [ebp - 0x1c], 0x80000007 test esi, esi -je loc_00016671 ; je 0x16671 +je loc_00016701 ; je 0x16701 cmp cx, 0x1ff -ja loc_00016671 ; ja 0x16671 +ja loc_00016701 ; ja 0x16701 mov edi, edx movzx edx, dx add edx, ecx cmp edx, 0x1ff -jg loc_00016671 ; jg 0x16671 +jg loc_00016701 ; jg 0x16701 lea ecx, [edi + esi] movzx eax, al mov ebx, esi mov word [ebp - 0x2c], cx mov dword [ebp - 0x30], eax -loc_000165f6: ; not directly referenced +loc_00016686: ; not directly referenced cmp word [ebp - 0x2c], bx -je short loc_0001666a ; je 0x1666a +je short loc_000166fa ; je 0x166fa mov dx, word [ebp - 0x2a] mov edi, dword [ebp + 0xc] sub edx, esi @@ -36518,18 +36575,18 @@ add edx, ebx mov eax, edx shr ax, 8 cmp ax, cx -je short loc_0001661b ; je 0x1661b +je short loc_000166ab ; je 0x166ab mov byte [edi], al mov al, 1 -jmp short loc_0001661d ; jmp 0x1661d +jmp short loc_000166ad ; jmp 0x166ad -loc_0001661b: ; not directly referenced +loc_000166ab: ; not directly referenced xor eax, eax -loc_0001661d: ; not directly referenced +loc_000166ad: ; not directly referenced dec al movzx edi, dl -jne short loc_00016642 ; jne 0x16642 +jne short loc_000166d2 ; jne 0x166d2 mov eax, dword [ebp + 0xc] cmp byte [eax], 1 push edx @@ -36540,10 +36597,10 @@ and eax, 0xfffffffe push 0 add eax, 0x6e push eax -call fcn_0001a236 ; call 0x1a236 +call fcn_0001a2fa ; call 0x1a2fa add esp, 0x10 -loc_00016642: ; not directly referenced +loc_000166d2: ; not directly referenced shl edi, 8 push eax or edi, dword [ebp - 0x30] @@ -36553,18 +36610,18 @@ push eax push edi mov dword [ebp - 0x34], ebx inc ebx -call fcn_0001a1be ; call 0x1a1be +call fcn_0001a282 ; call 0x1a282 add esp, 0x10 mov edx, dword [ebp - 0x34] mov byte [ebx - 1], al cmp dword [ebp - 0x1c], 0 -je short loc_000165f6 ; je 0x165f6 +je short loc_00016686 ; je 0x16686 mov byte [edx], 0 -loc_0001666a: ; not directly referenced +loc_000166fa: ; not directly referenced mov dword [ebp - 0x1c], 0 -loc_00016671: ; not directly referenced +loc_00016701: ; not directly referenced mov eax, dword [ebp - 0x1c] lea esp, [ebp - 0xc] pop ebx @@ -36573,7 +36630,7 @@ pop edi pop ebp ret -fcn_0001667c: ; not directly referenced +fcn_0001670c: ; not directly referenced push ebp mov ecx, 2 mov ebp, esp @@ -36589,11 +36646,11 @@ push 1 lea edx, [esi + 2] mov byte [ebp - 0x19], 0xff mov dword [ebp - 0x30], eax -call fcn_000165a8 ; call 0x165a8 +call fcn_00016638 ; call 0x16638 add esp, 0x10 mov esi, eax test eax, eax -jne short loc_00016710 ; jne 0x16710 +jne short loc_000167a0 ; jne 0x167a0 mov eax, dword [ebp + 0x18] xor edx, edx mov ecx, dword [ebp + 8] @@ -36606,12 +36663,12 @@ lea eax, [eax + eax*4] add eax, ebx mov dword [ebp - 0x34], eax -loc_000166d3: ; not directly referenced +loc_00016763: ; not directly referenced cmp ebx, dword [ebp - 0x34] -je short loc_00016710 ; je 0x16710 +je short loc_000167a0 ; je 0x167a0 movzx eax, byte [ebx + 4] test dword [ebp - 0x2c], eax -je short loc_0001670b ; je 0x1670b +je short loc_0001679b ; je 0x1679b push eax mov edx, dword [ebp + 0x10] push eax @@ -36624,18 +36681,18 @@ sub ax, word [ebx] movzx eax, ax push eax mov eax, dword [ebp - 0x30] -call fcn_000165a8 ; call 0x165a8 +call fcn_00016638 ; call 0x16638 add esp, 0x10 test eax, eax -je short loc_0001670b ; je 0x1670b +je short loc_0001679b ; je 0x1679b mov esi, eax -jmp short loc_00016710 ; jmp 0x16710 +jmp short loc_000167a0 ; jmp 0x167a0 -loc_0001670b: ; not directly referenced +loc_0001679b: ; not directly referenced add ebx, 5 -jmp short loc_000166d3 ; jmp 0x166d3 +jmp short loc_00016763 ; jmp 0x16763 -loc_00016710: ; not directly referenced +loc_000167a0: ; not directly referenced test esi, esi sete al lea esp, [ebp - 0xc] @@ -36645,25 +36702,25 @@ pop edi pop ebp ret -fcn_0001671d: ; not directly referenced +fcn_000167ad: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001673e ; je 0x1673e +je short loc_000167ce ; je 0x167ce push eax push eax push dword [ebp + 8] push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001673e: ; not directly referenced +loc_000167ce: ; not directly referenced leave ret -fcn_00016740: ; not directly referenced +fcn_000167d0: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 0x10] @@ -36682,7 +36739,7 @@ movzx edx, dx or eax, edx ret -fcn_0001676e: ; not directly referenced +fcn_000167fe: ; not directly referenced push ebp mov ebp, esp movzx eax, byte [ebp + 0x10] @@ -36698,7 +36755,7 @@ shl eax, 0x14 add eax, edx ret -fcn_00016792: ; not directly referenced +fcn_00016822: ; not directly referenced push ebp mov ebp, esp push ebx @@ -36715,16 +36772,16 @@ movzx eax, al sar bl, 7 push eax and ebx, 2 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea add ebx, 0x75 add esp, 0x10 movzx ebx, bl mov dword [ebp + 8], ebx mov ebx, dword [ebp - 4] leave -jmp near fcn_00018e1d ; jmp 0x18e1d +jmp near fcn_00018ee1 ; jmp 0x18ee1 -fcn_000167d1: ; not directly referenced +fcn_00016861: ; not directly referenced push ebp mov edx, 0xfffff mov ebp, esp @@ -36736,124 +36793,124 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] -loc_000167e8: ; not directly referenced +loc_00016878: ; not directly referenced push ecx push ecx push 0xa push 0x70 mov dword [ebp - 0x1c], edx -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 add esp, 0x10 mov edx, dword [ebp - 0x1c] test al, al -jns short loc_00016811 ; jns 0x16811 +jns short loc_000168a1 ; jns 0x168a1 dec edx -jne short loc_000167e8 ; jne 0x167e8 -jmp short loc_00016815 ; jmp 0x16815 +jne short loc_00016878 ; jne 0x16878 +jmp short loc_000168a5 ; jmp 0x168a5 -loc_00016811: ; not directly referenced +loc_000168a1: ; not directly referenced test edx, edx -jne short loc_0001688b ; jne 0x1688b +jne short loc_0001691b ; jne 0x1691b -loc_00016815: ; not directly referenced +loc_000168a5: ; not directly referenced push eax push eax push 0xb push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop eax pop edx push 0x82 push 0x71 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop ecx pop eax push 0xa push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop eax pop edx push 0x26 push 0x71 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop ecx pop eax push 0xc push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 pop eax pop edx push 0xd push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 pop ecx pop eax push 0xb push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea pop eax pop edx push 2 push 0x71 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea add esp, 0x10 -loc_0001688b: ; not directly referenced +loc_0001691b: ; not directly referenced push eax push eax push 0 push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov byte [edi], al pop edx pop ecx push 2 push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov byte [esi], al pop eax pop edx push 4 push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov byte [ebx], al pop ecx pop eax push 7 push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov edx, dword [ebp + 0x14] mov byte [edx], al pop eax pop edx push 8 push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov edx, dword [ebp + 0x18] mov byte [edx], al pop ecx pop eax push 9 push 0x70 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov dword [esp], 0x71 -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov edx, dword [ebp + 0x1c] movzx eax, al mov word [edx], ax @@ -36915,106 +36972,121 @@ pop edi pop ebp ret -fcn_000169be: ; not directly referenced +fcn_00016a4e: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0x10 push 0xce -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0x10 xor edx, edx movzx ebx, ah xor eax, eax imul ebx, ebx, 0x186a0 test ebx, ebx -je short loc_000169f4 ; je 0x169f4 -call fcn_000177b2 ; call 0x177b2 +je short loc_00016a84 ; je 0x16a84 +call fcn_00017876 ; call 0x17876 push ecx push ebx push edx push eax -call fcn_000173f5 ; call 0x173f5 +call fcn_000174b9 ; call 0x174b9 add esp, 0x10 -loc_000169f4: ; not directly referenced +loc_00016a84: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_000169f9: ; not directly referenced +fcn_00016a89: ; not directly referenced push ebp xor edx, edx mov ebp, esp mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0x10] -loc_00016a04: ; not directly referenced +loc_00016a94: ; not directly referenced cmp edx, dword [ebp + 0xc] -je short loc_00016a10 ; je 0x16a10 +je short loc_00016aa0 ; je 0x16aa0 mov word [eax + edx*2], cx inc edx -jmp short loc_00016a04 ; jmp 0x16a04 +jmp short loc_00016a94 ; jmp 0x16a94 -loc_00016a10: ; not directly referenced +loc_00016aa0: ; not directly referenced pop ebp ret -fcn_00016a12: ; not directly referenced +fcn_00016aa2: ; not directly referenced push ebp xor edx, edx mov ebp, esp mov eax, dword [ebp + 8] mov ecx, dword [ebp + 0x10] -loc_00016a1d: ; not directly referenced +loc_00016aad: ; not directly referenced cmp edx, dword [ebp + 0xc] -je short loc_00016a28 ; je 0x16a28 +je short loc_00016ab8 ; je 0x16ab8 mov dword [eax + edx*4], ecx inc edx -jmp short loc_00016a1d ; jmp 0x16a1d +jmp short loc_00016aad ; jmp 0x16aad -loc_00016a28: ; not directly referenced +loc_00016ab8: ; not directly referenced pop ebp ret -fcn_00016a2a: ; not directly referenced +fcn_00016aba: ; not directly referenced push ebp mov ebp, esp -sub esp, 0x20 -lea eax, [ebp - 8] -mov dword [ebp - 0x14], eax +push edi +sub esp, 0x24 mov eax, dword [ebp + 8] -movq qword [ebp - 0x10], mm0 -movq mm0, qword [eax] -movq qword [ebp - 0x14], mm0 -movq mm0, qword [ebp - 0x10] +mov dword [ebp - 0x18], 0 +mov dword [ebp - 0x14], 0 +mov dword [ebp - 0x20], eax +lea eax, [ebp - 0x10] +mov dword [ebp - 0x1c], eax +movq qword [ebp - 0x18], mm0 +mov edi, dword [ebp - 0x20] +movq mm0, qword [edi] +mov edi, dword [ebp - 0x1c] +movq qword [edi], mm0 +movq mm0, qword [ebp - 0x18] emms -mov eax, dword [ebp - 8] -mov edx, dword [ebp - 4] -leave +mov eax, dword [ebp - 0x10] +mov edx, dword [ebp - 0xc] +add esp, 0x24 +pop edi +pop ebp ret -fcn_00016a52: ; not directly referenced +fcn_00016afd: ; not directly referenced push ebp mov ebp, esp -sub esp, 0x18 +push edi +sub esp, 0x1c mov eax, dword [ebp + 0xc] -mov dword [ebp - 0x18], eax +mov dword [ebp - 0x10], 0 +mov dword [ebp - 0xc], 0 +mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x10] -mov dword [ebp - 0x14], eax +mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 8] -movq qword [ebp - 8], mm0 -movq mm0, qword [ebp - 0x18] -movq qword [eax], mm0 -movq mm0, qword [ebp - 8] +mov dword [ebp - 0x14], eax +movq qword [ebp - 0x10], mm0 +mov edi, dword [ebp - 0x14] +movq mm0, qword [ebp - 0x20] +movq qword [edi], mm0 +movq mm0, qword [ebp - 0x10] emms -mov eax, dword [ebp - 0x18] -mov edx, dword [ebp - 0x14] -leave +mov eax, dword [ebp - 0x20] +mov edx, dword [ebp - 0x1c] +add esp, 0x1c +pop edi +pop ebp ret -fcn_00016a80: ; not directly referenced +fcn_00016b44: ; not directly referenced push ebp xor eax, eax mov ebp, esp @@ -37022,63 +37094,63 @@ push ebx mov ebx, 0x186a0 sub esp, 0x14 -loc_00016a8e: ; not directly referenced +loc_00016b52: ; not directly referenced test eax, eax -jne short loc_00016adb ; jne 0x16adb +jne short loc_00016b9f ; jne 0x16b9f test ebx, ebx -je short loc_00016adb ; je 0x16adb -call fcn_000153e9 ; call 0x153e9 +je short loc_00016b9f ; je 0x16b9f +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016ab0 ; je 0x16ab0 +je short loc_00016b74 ; je 0x16b74 push edx push edx -push ref_000254c7 ; push 0x254c7 +push ref_00025576 ; push 0x25576 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016ab0: ; not directly referenced +loc_00016b74: ; not directly referenced clc -loc_00016ab1: ; not directly referenced +loc_00016b75: ; not directly referenced rdrand eax mov dword [ebp - 0xc], eax -jae short loc_00016ab1 ; jae 0x16ab1 -call fcn_000153e9 ; call 0x153e9 +jae short loc_00016b75 ; jae 0x16b75 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016ad5 ; je 0x16ad5 +je short loc_00016b99 ; je 0x16b99 push eax push dword [ebp - 0xc] -push ref_000254e4 ; push 0x254e4 +push ref_00025593 ; push 0x25593 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016ad5: ; not directly referenced +loc_00016b99: ; not directly referenced mov eax, dword [ebp - 0xc] dec ebx -jmp short loc_00016a8e ; jmp 0x16a8e +jmp short loc_00016b52 ; jmp 0x16b52 -loc_00016adb: ; not directly referenced +loc_00016b9f: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_00016ae0: ; not directly referenced +fcn_00016ba4: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_00016ae7: ; not directly referenced +fcn_00016bab: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x14] pop ebp ret -fcn_00016aef: ; not directly referenced +fcn_00016bb3: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -37086,50 +37158,50 @@ mov eax, dword [ebp + 8] cmp dword [ebp + 0xc], 0x41 mov edx, dword [eax + 0x241b] mov edx, dword [edx + 0x1e] -jne short loc_00016b14 ; jne 0x16b14 +jne short loc_00016bd8 ; jne 0x16bd8 sub esp, 0xc push eax call dword [edx + 0xcc] ; ucall add esp, 0x10 -loc_00016b14: ; not directly referenced +loc_00016bd8: ; not directly referenced xor eax, eax leave ret -fcn_00016b18: ; not directly referenced +fcn_00016bdc: ; not directly referenced push ebp mov ebp, esp mov edx, dword [ebp + 8] mov eax, dword [ebp + 0xc] push esi push ebx -mov word [edx + 0x2467], ax +mov word [edx + 0x2468], ax movzx esi, ax mov ebx, eax push edx push edx push esi push 0x80 -call fcn_00018e63 ; call 0x18e63 -call fcn_000153e9 ; call 0x153e9 +call fcn_00018f27 ; call 0x18f27 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00016b59 ; je 0x16b59 +je short loc_00016c1d ; je 0x16c1d push eax push esi -push ref_00025502 ; push 0x25502 +push ref_000255b1 ; push 0x255b1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016b59: ; not directly referenced +loc_00016c1d: ; not directly referenced sub esp, 0xc push 0x48 -call fcn_00016792 ; call 0x16792 +call fcn_00016822 ; call 0x16822 mov dword [esp], 0x49 mov esi, eax -call fcn_00016792 ; call 0x16792 +call fcn_00016822 ; call 0x16822 add esp, 0x10 mov edx, eax mov eax, esi @@ -37137,28 +37209,28 @@ shl edx, 8 movzx esi, al or edx, esi cmp bx, dx -je short loc_00016b59 ; je 0x16b59 +je short loc_00016c1d ; je 0x16c1d lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00016b8c: ; not directly referenced +fcn_00016c50: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016bae ; je 0x16bae +je short loc_00016c72 ; je 0x16c72 push eax push dword [ebp + 0xc] -push ref_00025514 ; push 0x25514 +push ref_000255c3 ; push 0x255c3 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016bae: ; not directly referenced +loc_00016c72: ; not directly referenced push eax mov eax, 0x1000 in al, 0x99 @@ -37166,7 +37238,7 @@ pop eax leave ret -fcn_00016bb9: ; not directly referenced +fcn_00016c7d: ; not directly referenced push ebp mov ebp, esp push ebx @@ -37182,32 +37254,32 @@ pop ebx pop ebp ret -fcn_00016bd6: +fcn_00016c9a: push ebp mov ebp, esp push ebx push edx -call fcn_00016380 ; call 0x16380 +call fcn_00016410 ; call 0x16410 mov ebx, dword [eax + 0x14] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016c19 ; je 0x16c19 +je short loc_00016cdd ; je 0x16cdd cmp dword [ebp + 8], 0xff -ja short loc_00016c01 ; ja 0x16c01 +ja short loc_00016cc5 ; ja 0x16cc5 cmp dword [ebp + 0xc], 0x1f -ja short loc_00016c01 ; ja 0x16c01 +ja short loc_00016cc5 ; ja 0x16cc5 cmp dword [ebp + 0x10], 7 -jbe short loc_00016c19 ; jbe 0x16c19 +jbe short loc_00016cdd ; jbe 0x16cdd -loc_00016c01: +loc_00016cc5: push eax -push ref_00025554 ; push 0x25554 -push 0x319 -push ref_0002558b ; push 0x2558b -call fcn_000153fc ; call 0x153fc +push ref_00025603 ; push 0x25603 +push 0x31a +push ref_0002563a ; push 0x2563a +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016c19: +loc_00016cdd: mov eax, dword [ebp + 0x10] mov edx, dword [ebp + 0xc] shl eax, 0xc @@ -37221,7 +37293,7 @@ shl edx, 0x14 add eax, edx ret -fcn_00016c36: +fcn_00016cfa: push ebp mov ebp, esp push esi @@ -37229,164 +37301,164 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push ebx -call fcn_0001deee ; call 0x1deee +call fcn_0001dfb2 ; call 0x1dfb2 mov esi, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00016c66 ; je 0x16c66 +je short loc_00016d2a ; je 0x16d2a push ecx push ecx -push ref_000255a6 ; push 0x255a6 +push ref_00025655 ; push 0x25655 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016c66: -call fcn_000153f0 ; call 0x153f0 +loc_00016d2a: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016ca5 ; je 0x16ca5 +je short loc_00016d69 ; je 0x16d69 test esi, esi -jns short loc_00016ca5 ; jns 0x16ca5 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00016d69 ; jns 0x16d69 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016c90 ; je 0x16c90 +je short loc_00016d54 ; je 0x16d54 push edx push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016c90: +loc_00016d54: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x33 -push ref_000255d4 ; push 0x255d4 -call fcn_000153fc ; call 0x153fc +push ref_00025683 ; push 0x25683 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016ca5: +loc_00016d69: sub esp, 0xc push ebx -call fcn_0001ec6d ; call 0x1ec6d +call fcn_0001ecfb ; call 0x1ecfb mov esi, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00016ccd ; je 0x16ccd +je short loc_00016d91 ; je 0x16d91 push eax push eax -push ref_0002560a ; push 0x2560a +push ref_000256b9 ; push 0x256b9 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016ccd: -call fcn_000153f0 ; call 0x153f0 +loc_00016d91: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016d0c ; je 0x16d0c +je short loc_00016dd0 ; je 0x16dd0 test esi, esi -jns short loc_00016d0c ; jns 0x16d0c -call fcn_000153e9 ; call 0x153e9 +jns short loc_00016dd0 ; jns 0x16dd0 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016cf7 ; je 0x16cf7 +je short loc_00016dbb ; je 0x16dbb push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016cf7: +loc_00016dbb: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x3a -push ref_000255d4 ; push 0x255d4 -call fcn_000153fc ; call 0x153fc +push ref_00025683 ; push 0x25683 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016d0c: +loc_00016dd0: sub esp, 0xc push ebx -call fcn_0001eefd ; call 0x1eefd +call fcn_0001ef8b ; call 0x1ef8b mov esi, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00016d34 ; je 0x16d34 +je short loc_00016df8 ; je 0x16df8 push eax push eax -push ref_00025638 ; push 0x25638 +push ref_000256e7 ; push 0x256e7 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016d34: -call fcn_000153f0 ; call 0x153f0 +loc_00016df8: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016d73 ; je 0x16d73 +je short loc_00016e37 ; je 0x16e37 test esi, esi -jns short loc_00016d73 ; jns 0x16d73 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00016e37 ; jns 0x16e37 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016d5e ; je 0x16d5e +je short loc_00016e22 ; je 0x16e22 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016d5e: +loc_00016e22: push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x43 -push ref_000255d4 ; push 0x255d4 -call fcn_000153fc ; call 0x153fc +push ref_00025683 ; push 0x25683 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016d73: +loc_00016e37: sub esp, 0xc push ebx -call fcn_0001d4c2 ; call 0x1d4c2 +call fcn_0001d586 ; call 0x1d586 mov ebx, eax -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_00016d9b ; je 0x16d9b +je short loc_00016e5f ; je 0x16e5f push ecx push ecx -push ref_00025665 ; push 0x25665 +push ref_00025714 ; push 0x25714 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016d9b: -call fcn_000153f0 ; call 0x153f0 +loc_00016e5f: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016dda ; je 0x16dda +je short loc_00016e9e ; je 0x16e9e test ebx, ebx -jns short loc_00016dda ; jns 0x16dda -call fcn_000153e9 ; call 0x153e9 +jns short loc_00016e9e ; jns 0x16e9e +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00016dc5 ; je 0x16dc5 +je short loc_00016e89 ; je 0x16e89 push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00016dc5: +loc_00016e89: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x4a -push ref_000255d4 ; push 0x255d4 -call fcn_000153fc ; call 0x153fc +push ref_00025683 ; push 0x25683 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016dda: +loc_00016e9e: lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -37394,7 +37466,7 @@ pop esi pop ebp ret -fcn_00016de3: +fcn_00016ea7: push ebp mov ebp, esp push esi @@ -37404,20 +37476,20 @@ mov ebx, dword [ebp + 8] sub esp, 0xc push esi add esi, 8 -call fcn_00017329 ; call 0x17329 +call fcn_000173ed ; call 0x173ed add esp, 0xc push edx push eax push ebx -call fcn_00017360 ; call 0x17360 +call fcn_00017424 ; call 0x17424 mov dword [esp], esi -call fcn_00017329 ; call 0x17329 +call fcn_000173ed ; call 0x173ed add esp, 0xc push edx push eax lea eax, [ebx + 8] push eax -call fcn_00017360 ; call 0x17360 +call fcn_00017424 ; call 0x17424 lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -37425,7 +37497,7 @@ pop esi pop ebp ret -fcn_00016e24: +fcn_00016ee8: push ebp mov ebp, esp push edi @@ -37435,22 +37507,22 @@ sub esp, 0x28 mov esi, dword [ebp + 8] push esi add esi, 8 -call fcn_00017329 ; call 0x17329 +call fcn_000173ed ; call 0x173ed mov ebx, eax pop eax push dword [ebp + 0xc] mov dword [ebp - 0x1c], edx -call fcn_00017329 ; call 0x17329 +call fcn_000173ed ; call 0x173ed mov dword [esp], esi mov dword [ebp - 0x20], eax mov dword [ebp - 0x24], edx -call fcn_00017329 ; call 0x17329 +call fcn_000173ed ; call 0x173ed mov edi, eax mov eax, dword [ebp + 0xc] mov esi, edx add eax, 8 mov dword [esp], eax -call fcn_00017329 ; call 0x17329 +call fcn_000173ed ; call 0x173ed mov ecx, dword [ebp - 0x1c] add esp, 0x10 xor eax, edi @@ -37469,131 +37541,131 @@ pop edi pop ebp ret -fcn_00016e8b: ; not directly referenced +fcn_00016f4f: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016ebc ; je 0x16ebc +je short loc_00016f80 ; je 0x16f80 test bl, 3 -je short loc_00016ebc ; je 0x16ebc +je short loc_00016f80 ; je 0x16f80 push eax -push ref_0002569b ; push 0x2569b +push ref_0002574a ; push 0x2574a push 0x81 -push ref_000256cd ; push 0x256cd -call fcn_000153fc ; call 0x153fc +push ref_0002577c ; push 0x2577c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016ebc: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00016f80: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016ee5 ; je 0x16ee5 +je short loc_00016fa9 ; je 0x16fa9 mov eax, ebx neg eax cmp esi, eax -jbe short loc_00016ee5 ; jbe 0x16ee5 +jbe short loc_00016fa9 ; jbe 0x16fa9 push ecx -push ref_0002570f ; push 0x2570f +push ref_000257be ; push 0x257be push 0x82 -push ref_000256cd ; push 0x256cd -call fcn_000153fc ; call 0x153fc +push ref_0002577c ; push 0x2577c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016ee5: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00016fa9: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016f0e ; je 0x16f0e +je short loc_00016fd2 ; je 0x16fd2 test esi, 0xf -je short loc_00016f0e ; je 0x16f0e +je short loc_00016fd2 ; je 0x16fd2 push edx -push ref_0002573a ; push 0x2573a +push ref_000257e9 ; push 0x257e9 push 0x83 -push ref_000256cd ; push 0x256cd -call fcn_000153fc ; call 0x153fc +push ref_0002577c ; push 0x2577c +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016f0e: ; not directly referenced +loc_00016fd2: ; not directly referenced and esi, 0xfffffff0 add esi, ebx -loc_00016f13: ; not directly referenced +loc_00016fd7: ; not directly referenced cmp ebx, esi -jae short loc_00016f2e ; jae 0x16f2e +jae short loc_00016ff2 ; jae 0x16ff2 push eax push eax push dword [ebp + 0x10] push ebx -call fcn_00016e24 ; call 0x16e24 +call fcn_00016ee8 ; call 0x16ee8 add esp, 0x10 test al, al -jne short loc_00016f32 ; jne 0x16f32 +jne short loc_00016ff6 ; jne 0x16ff6 add ebx, 0x10 -jmp short loc_00016f13 ; jmp 0x16f13 +jmp short loc_00016fd7 ; jmp 0x16fd7 -loc_00016f2e: ; not directly referenced +loc_00016ff2: ; not directly referenced xor eax, eax -jmp short loc_00016f34 ; jmp 0x16f34 +jmp short loc_00016ff8 ; jmp 0x16ff8 -loc_00016f32: ; not directly referenced +loc_00016ff6: ; not directly referenced mov eax, ebx -loc_00016f34: ; not directly referenced +loc_00016ff8: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00016f3b: +fcn_00016fff: push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016f6c ; je 0x16f6c +je short loc_00017030 ; je 0x17030 test ebx, ebx -jne short loc_00016f6c ; jne 0x16f6c +jne short loc_00017030 ; jne 0x17030 test esi, esi -je short loc_00016f6c ; je 0x16f6c +je short loc_00017030 ; je 0x17030 push edx -push ref_00025762 ; push 0x25762 +push ref_00025811 ; push 0x25811 push 0x31 -push ref_0002578a ; push 0x2578a -call fcn_000153fc ; call 0x153fc +push ref_00025839 ; push 0x25839 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016f6c: -call fcn_000153f0 ; call 0x153f0 +loc_00017030: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016f92 ; je 0x16f92 +je short loc_00017056 ; je 0x17056 mov eax, ebx neg eax cmp esi, eax -jbe short loc_00016f92 ; jbe 0x16f92 +jbe short loc_00017056 ; jbe 0x17056 push eax -push ref_0002570f ; push 0x2570f +push ref_000257be ; push 0x257be push 0x32 -push ref_0002578a ; push 0x2578a -call fcn_000153fc ; call 0x153fc +push ref_00025839 ; push 0x25839 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016f92: +loc_00017056: mov dword [ebp + 0xc], esi mov dword [ebp + 8], ebx lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near loc_00017158 ; jmp 0x17158 +jmp near loc_0001721c ; jmp 0x1721c -fcn_00016fa3: +fcn_00017067: push ebp mov ebp, esp push edi @@ -37604,67 +37676,67 @@ mov edi, dword [ebp + 0x10] mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] test edi, edi -je loc_00017070 ; je 0x17070 +je loc_00017134 ; je 0x17134 cmp ebx, esi -je loc_00017070 ; je 0x17070 -call fcn_000153f0 ; call 0x153f0 +je loc_00017134 ; je 0x17134 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00016fe7 ; je 0x16fe7 +je short loc_000170ab ; je 0x170ab test ebx, ebx -jne short loc_00016fe7 ; jne 0x16fe7 +jne short loc_000170ab ; jne 0x170ab push eax -push ref_000257d0 ; push 0x257d0 +push ref_0002587f ; push 0x2587f push 0x3c -push ref_000257f2 ; push 0x257f2 -call fcn_000153fc ; call 0x153fc +push ref_000258a1 ; push 0x258a1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00016fe7: -call fcn_000153f0 ; call 0x153f0 +loc_000170ab: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017009 ; je 0x17009 +je short loc_000170cd ; je 0x170cd test esi, esi -jne short loc_00017009 ; jne 0x17009 +jne short loc_000170cd ; jne 0x170cd push ecx -push ref_0002583b ; push 0x2583b +push ref_000258ea ; push 0x258ea push 0x3d -push ref_000257f2 ; push 0x257f2 -call fcn_000153fc ; call 0x153fc +push ref_000258a1 ; push 0x258a1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017009: -call fcn_000153f0 ; call 0x153f0 +loc_000170cd: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017032 ; je 0x17032 +je short loc_000170f6 ; je 0x170f6 mov eax, ebx lea edx, [edi - 1] not eax cmp edx, eax -jbe short loc_00017032 ; jbe 0x17032 +jbe short loc_000170f6 ; jbe 0x170f6 push edx -push ref_00025858 ; push 0x25858 +push ref_00025907 ; push 0x25907 push 0x3e -push ref_000257f2 ; push 0x257f2 -call fcn_000153fc ; call 0x153fc +push ref_000258a1 ; push 0x258a1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017032: -call fcn_000153f0 ; call 0x153f0 +loc_000170f6: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001705b ; je 0x1705b +je short loc_0001711f ; je 0x1711f mov eax, esi lea edx, [edi - 1] not eax cmp edx, eax -jbe short loc_0001705b ; jbe 0x1705b +jbe short loc_0001711f ; jbe 0x1711f push eax -push ref_00025890 ; push 0x25890 +push ref_0002593f ; push 0x2593f push 0x3f -push ref_000257f2 ; push 0x257f2 -call fcn_000153fc ; call 0x153fc +push ref_000258a1 ; push 0x258a1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001705b: +loc_0001711f: mov dword [ebp + 0x10], edi mov dword [ebp + 0xc], esi mov dword [ebp + 8], ebx @@ -37673,9 +37745,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_00017105 ; jmp 0x17105 +jmp near loc_000171c9 ; jmp 0x171c9 -loc_00017070: +loc_00017134: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -37684,7 +37756,7 @@ pop edi pop ebp ret -fcn_0001707a: +fcn_0001713e: push ebp mov ebp, esp push edi @@ -37695,41 +37767,41 @@ mov esi, dword [ebp + 0x10] mov ebx, dword [ebp + 8] mov edi, dword [ebp + 0xc] test esi, esi -je short loc_000170fb ; je 0x170fb -call fcn_000153f0 ; call 0x153f0 +je short loc_000171bf ; je 0x171bf +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000170b9 ; je 0x170b9 +je short loc_0001717d ; je 0x1717d mov eax, ebx lea edx, [esi - 1] not eax cmp edx, eax -jbe short loc_000170b9 ; jbe 0x170b9 +jbe short loc_0001717d ; jbe 0x1717d push edx -push ref_00025858 ; push 0x25858 +push ref_00025907 ; push 0x25907 push 0x38 -push ref_000258c3 ; push 0x258c3 -call fcn_000153fc ; call 0x153fc +push ref_00025972 ; push 0x25972 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000170b9: -call fcn_000153f0 ; call 0x153f0 +loc_0001717d: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000170e2 ; je 0x170e2 +je short loc_000171a6 ; je 0x171a6 mov eax, edi lea edx, [esi - 1] not eax cmp edx, eax -jbe short loc_000170e2 ; jbe 0x170e2 +jbe short loc_000171a6 ; jbe 0x171a6 push eax -push ref_00025890 ; push 0x25890 +push ref_0002593f ; push 0x2593f push 0x39 -push ref_000258c3 ; push 0x258c3 -call fcn_000153fc ; call 0x153fc +push ref_00025972 ; push 0x25972 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000170e2: +loc_000171a6: cmp ebx, edi -je short loc_000170fb ; je 0x170fb +je short loc_000171bf ; je 0x171bf mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], edi mov dword [ebp + 8], ebx @@ -37738,9 +37810,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_00017122 ; jmp 0x17122 +jmp near loc_000171e6 ; jmp 0x171e6 -loc_000170fb: +loc_000171bf: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -37749,7 +37821,7 @@ pop edi pop ebp ret -loc_00017105: +loc_000171c9: push esi push edi mov esi, dword [esp + 0xc] @@ -37763,37 +37835,37 @@ pop edi pop esi ret -loc_00017122: +loc_000171e6: push esi push edi mov esi, dword [esp + 0x10] mov edi, dword [esp + 0xc] mov edx, dword [esp + 0x14] cmp edi, esi -je short loc_00017151 ; je 0x17151 +je short loc_00017215 ; je 0x17215 cmp edx, 0 -je short loc_00017151 ; je 0x17151 +je short loc_00017215 ; je 0x17215 lea eax, [esi + edx - 1] cmp esi, edi -jae short loc_0001714c ; jae 0x1714c +jae short loc_00017210 ; jae 0x17210 cmp eax, edi -jb short loc_0001714c ; jb 0x1714c +jb short loc_00017210 ; jb 0x17210 mov esi, eax lea edi, [edi + edx - 1] std -loc_0001714c: +loc_00017210: mov ecx, edx rep movsb ; rep movsb byte es:[edi], byte ptr [esi] cld -loc_00017151: +loc_00017215: mov eax, dword [esp + 0xc] pop edi pop esi ret -loc_00017158: +loc_0001721c: push edi xor eax, eax mov edi, dword [esp + 8] @@ -37809,20 +37881,20 @@ pop eax pop edi ret -fcn_00017175: +fcn_00017239: push ebp mov ebp, esp sub esp, 0x10 mov dword [ebp - 4], 0 -loc_00017182: +loc_00017246: mov eax, dword [ebp - 4] test eax, eax -je short loc_00017182 ; je 0x17182 +je short loc_00017246 ; je 0x17246 leave ret -fcn_0001718b: +fcn_0001724f: push ebp mov ebp, esp push edi @@ -37832,19 +37904,19 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000171c0 ; je 0x171c0 +je short loc_00017284 ; je 0x17284 cmp ebx, 0x3f -jbe short loc_000171c0 ; jbe 0x171c0 +jbe short loc_00017284 ; jbe 0x17284 push eax -push ref_00025909 ; push 0x25909 +push ref_000259b8 ; push 0x259b8 push 0x27 -push ref_00025914 ; push 0x25914 -call fcn_000153fc ; call 0x153fc +push ref_000259c3 ; push 0x259c3 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000171c0: +loc_00017284: mov dword [ebp + 0x10], ebx mov dword [ebp + 8], esi mov dword [ebp + 0xc], edi @@ -37853,52 +37925,52 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_000177dc ; jmp 0x177dc +jmp near loc_000178a0 ; jmp 0x178a0 -fcn_000171d5: ; not directly referenced +fcn_00017299: ; not directly referenced push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000171ff ; je 0x171ff +je short loc_000172c3 ; je 0x172c3 test ebx, ebx -jne short loc_000171ff ; jne 0x171ff +jne short loc_000172c3 ; jne 0x172c3 push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x26 -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000171ff: ; not directly referenced +loc_000172c3: ; not directly referenced mov ax, word [ebx] mov ebx, dword [ebp - 4] leave ret -fcn_00017207: ; not directly referenced +fcn_000172cb: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017234 ; je 0x17234 +je short loc_000172f8 ; je 0x172f8 test esi, esi -jne short loc_00017234 ; jne 0x17234 +jne short loc_000172f8 ; jne 0x172f8 push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x41 -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017234: ; not directly referenced +loc_000172f8: ; not directly referenced mov word [esi], bx lea esp, [ebp - 8] mov eax, ebx @@ -37907,56 +37979,56 @@ pop esi pop ebp ret -fcn_00017240: ; not directly referenced +fcn_00017304: ; not directly referenced push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001726a ; je 0x1726a +je short loc_0001732e ; je 0x1732e test ebx, ebx -jne short loc_0001726a ; jne 0x1726a +jne short loc_0001732e ; jne 0x1732e push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x59 -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001726a: ; not directly referenced +loc_0001732e: ; not directly referenced mov eax, dword [ebx] mov ebx, dword [ebp - 4] leave and eax, 0xffffff ret -fcn_00017276: ; not directly referenced +fcn_0001733a: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000172a3 ; je 0x172a3 +je short loc_00017367 ; je 0x17367 test ebx, ebx -jne short loc_000172a3 ; jne 0x172a3 +jne short loc_00017367 ; jne 0x17367 push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x74 -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000172a3: ; not directly referenced +loc_00017367: ; not directly referenced push esi push 0x17 push 0 push dword [ebx] -call fcn_0001f920 ; call 0x1f920 +call fcn_0001f9ae ; call 0x1f9ae mov dword [ebx], eax lea esp, [ebp - 8] mov eax, esi @@ -37965,50 +38037,50 @@ pop esi pop ebp ret -fcn_000172ba: ; not directly referenced +fcn_0001737e: ; not directly referenced push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000172e7 ; je 0x172e7 +je short loc_000173ab ; je 0x173ab test ebx, ebx -jne short loc_000172e7 ; jne 0x172e7 +jne short loc_000173ab ; jne 0x173ab push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x8d -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000172e7: ; not directly referenced +loc_000173ab: ; not directly referenced mov eax, dword [ebx] mov ebx, dword [ebp - 4] leave ret -fcn_000172ee: ; not directly referenced +fcn_000173b2: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001731e ; je 0x1731e +je short loc_000173e2 ; je 0x173e2 test esi, esi -jne short loc_0001731e ; jne 0x1731e +jne short loc_000173e2 ; jne 0x173e2 push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0xa8 -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001731e: ; not directly referenced +loc_000173e2: ; not directly referenced mov dword [esi], ebx lea esp, [ebp - 8] mov eax, ebx @@ -38017,32 +38089,32 @@ pop esi pop ebp ret -fcn_00017329: +fcn_000173ed: push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017356 ; je 0x17356 +je short loc_0001741a ; je 0x1741a test ebx, ebx -jne short loc_00017356 ; jne 0x17356 +jne short loc_0001741a ; jne 0x1741a push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0xc0 -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017356: +loc_0001741a: mov eax, dword [ebx] mov edx, dword [ebx + 4] mov ebx, dword [ebp - 4] leave ret -fcn_00017360: +fcn_00017424: push ebp mov ebp, esp push edi @@ -38054,19 +38126,19 @@ mov edx, dword [ebp + 0x10] mov ebx, dword [ebp + 8] mov esi, eax mov edi, edx -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001739b ; je 0x1739b +je short loc_0001745f ; je 0x1745f test ebx, ebx -jne short loc_0001739b ; jne 0x1739b +jne short loc_0001745f ; jne 0x1745f push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0xdb -push ref_00025949 ; push 0x25949 -call fcn_000153fc ; call 0x153fc +push ref_000259f8 ; push 0x259f8 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001739b: +loc_0001745f: mov dword [ebx], esi mov eax, esi mov edx, edi @@ -38078,7 +38150,7 @@ pop edi pop ebp ret -fcn_000173ac: +fcn_00017470: push ebp mov ebp, esp push edi @@ -38088,19 +38160,19 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000173e0 ; je 0x173e0 +je short loc_000174a4 ; je 0x174a4 test ebx, ebx -jne short loc_000173e0 ; jne 0x173e0 +jne short loc_000174a4 ; jne 0x174a4 push eax -push ref_0002597e ; push 0x2597e +push ref_00025a2d ; push 0x25a2d push 0x2b -push ref_0002598b ; push 0x2598b -call fcn_000153fc ; call 0x153fc +push ref_00025a3a ; push 0x25a3a +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000173e0: +loc_000174a4: mov dword [ebp + 0x10], ebx mov dword [ebp + 8], esi mov dword [ebp + 0xc], edi @@ -38109,9 +38181,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_00017493 ; jmp 0x17493 +jmp near loc_00017557 ; jmp 0x17557 -fcn_000173f5: +fcn_000174b9: push ebp mov ebp, esp push edi @@ -38121,19 +38193,19 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017429 ; je 0x17429 +je short loc_000174ed ; je 0x174ed test ebx, ebx -jne short loc_00017429 ; jne 0x17429 +jne short loc_000174ed ; jne 0x174ed push eax -push ref_0002597e ; push 0x2597e +push ref_00025a2d ; push 0x25a2d push 0x2b -push ref_000259c0 ; push 0x259c0 -call fcn_000153fc ; call 0x153fc +push ref_00025a6f ; push 0x25a6f +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017429: +loc_000174ed: mov dword [ebp + 0x10], ebx mov dword [ebp + 8], esi mov dword [ebp + 0xc], edi @@ -38142,9 +38214,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_000174a8 ; jmp 0x174a8 +jmp near loc_0001756c ; jmp 0x1756c -fcn_0001743e: +fcn_00017502: push ebp mov ebp, esp push edi @@ -38156,19 +38228,19 @@ mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017478 ; je 0x17478 +je short loc_0001753c ; je 0x1753c test ebx, ebx -jne short loc_00017478 ; jne 0x17478 +jne short loc_0001753c ; jne 0x1753c push eax -push ref_0002597e ; push 0x2597e +push ref_00025a2d ; push 0x25a2d push 0x2f -push ref_000259f5 ; push 0x259f5 -call fcn_000153fc ; call 0x153fc +push ref_00025aa4 ; push 0x25aa4 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017478: +loc_0001753c: mov eax, dword [ebp - 0x1c] mov dword [ebp + 0x10], ebx mov dword [ebp + 8], esi @@ -38179,9 +38251,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_000174bd ; jmp 0x174bd +jmp near loc_00017581 ; jmp 0x17581 -loc_00017493: +loc_00017557: mov eax, dword [esp + 8] mov ecx, dword [esp + 0xc] xor edx, edx @@ -38191,7 +38263,7 @@ div ecx mov eax, edx ret -loc_000174a8: +loc_0001756c: mov eax, dword [esp + 8] mov ecx, dword [esp + 0xc] xor edx, edx @@ -38202,7 +38274,7 @@ div ecx pop edx ret -loc_000174bd: +loc_00017581: mov ecx, dword [esp + 0xc] mov eax, dword [esp + 8] xor edx, edx @@ -38211,48 +38283,48 @@ push eax mov eax, dword [esp + 8] div ecx mov ecx, dword [esp + 0x14] -jecxz loc_000174d8 ; jecxz 0x174d8 +jecxz loc_0001759c ; jecxz 0x1759c mov dword [ecx], edx -loc_000174d8: +loc_0001759c: pop edx ret -fcn_000174da: +fcn_0001759e: push ebp mov ebp, esp pop ebp ret -fcn_000174df: ; not directly referenced +fcn_000175a3: ; not directly referenced push ebp mov ebp, esp sti pop ebp ret -fcn_000174e5: ; not directly referenced +fcn_000175a9: ; not directly referenced push ebp mov ebp, esp cli pop ebp ret -fcn_000174eb: ; not directly referenced +fcn_000175af: ; not directly referenced push ebp mov ebp, esp pause pop ebp ret -fcn_000174f2: ; not directly referenced +fcn_000175b6: ; not directly referenced push ebp mov ebp, esp int3 pop ebp ret -fcn_000174f8: +fcn_000175bc: push ebp mov ebp, esp mov ecx, dword [ebp + 8] @@ -38260,7 +38332,7 @@ rdmsr pop ebp ret -fcn_00017502: +fcn_000175c6: push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -38270,7 +38342,7 @@ wrmsr pop ebp ret -fcn_00017512: ; not directly referenced +fcn_000175d6: ; not directly referenced push ebp mov ebp, esp pushfd @@ -38278,35 +38350,35 @@ pop eax pop ebp ret -fcn_00017519: ; not directly referenced +fcn_000175dd: ; not directly referenced push ebp mov ebp, esp mov eax, cr0 pop ebp ret -fcn_00017521: ; not directly referenced +fcn_000175e5: ; not directly referenced push ebp mov ebp, esp mov eax, cr2 pop ebp ret -fcn_00017529: ; not directly referenced +fcn_000175ed: ; not directly referenced push ebp mov ebp, esp mov eax, cr3 pop ebp ret -fcn_00017531: ; not directly referenced +fcn_000175f5: ; not directly referenced push ebp mov ebp, esp mov eax, cr4 pop ebp ret -fcn_00017539: ; not directly referenced +fcn_000175fd: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38314,7 +38386,7 @@ mov cr0, eax pop ebp ret -fcn_00017544: ; not directly referenced +fcn_00017608: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38322,7 +38394,7 @@ mov cr2, eax pop ebp ret -fcn_0001754f: ; not directly referenced +fcn_00017613: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38330,7 +38402,7 @@ mov cr3, eax pop ebp ret -fcn_0001755a: ; not directly referenced +fcn_0001761e: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38338,63 +38410,63 @@ mov cr4, eax pop ebp ret -fcn_00017565: ; not directly referenced +fcn_00017629: ; not directly referenced push ebp mov ebp, esp mov eax, dr0 pop ebp ret -fcn_0001756d: ; not directly referenced +fcn_00017631: ; not directly referenced push ebp mov ebp, esp mov eax, dr1 pop ebp ret -fcn_00017575: ; not directly referenced +fcn_00017639: ; not directly referenced push ebp mov ebp, esp mov eax, dr2 pop ebp ret -fcn_0001757d: ; not directly referenced +fcn_00017641: ; not directly referenced push ebp mov ebp, esp mov eax, dr3 pop ebp ret -fcn_00017585: ; not directly referenced +fcn_00017649: ; not directly referenced push ebp mov ebp, esp mov eax, dr4 pop ebp ret -fcn_0001758d: ; not directly referenced +fcn_00017651: ; not directly referenced push ebp mov ebp, esp mov eax, dr5 pop ebp ret -fcn_00017595: ; not directly referenced +fcn_00017659: ; not directly referenced push ebp mov ebp, esp mov eax, dr6 pop ebp ret -fcn_0001759d: ; not directly referenced +fcn_00017661: ; not directly referenced push ebp mov ebp, esp mov eax, dr7 pop ebp ret -fcn_000175a5: ; not directly referenced +fcn_00017669: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38402,7 +38474,7 @@ mov dr0, eax pop ebp ret -fcn_000175b0: ; not directly referenced +fcn_00017674: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38410,7 +38482,7 @@ mov dr1, eax pop ebp ret -fcn_000175bb: ; not directly referenced +fcn_0001767f: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38418,7 +38490,7 @@ mov dr2, eax pop ebp ret -fcn_000175c6: ; not directly referenced +fcn_0001768a: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38426,7 +38498,7 @@ mov dr3, eax pop ebp ret -fcn_000175d1: ; not directly referenced +fcn_00017695: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38434,7 +38506,7 @@ mov dr4, eax pop ebp ret -fcn_000175dc: ; not directly referenced +fcn_000176a0: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38442,7 +38514,7 @@ mov dr5, eax pop ebp ret -fcn_000175e7: ; not directly referenced +fcn_000176ab: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38450,7 +38522,7 @@ mov dr6, eax pop ebp ret -fcn_000175f2: ; not directly referenced +fcn_000176b6: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38458,56 +38530,56 @@ mov dr7, eax pop ebp ret -fcn_000175fd: ; not directly referenced +fcn_000176c1: ; not directly referenced push ebp mov ebp, esp mov ax, cs pop ebp ret -fcn_00017605: ; not directly referenced +fcn_000176c9: ; not directly referenced push ebp mov ebp, esp mov ax, ds pop ebp ret -fcn_0001760d: ; not directly referenced +fcn_000176d1: ; not directly referenced push ebp mov ebp, esp mov ax, es pop ebp ret -fcn_00017615: ; not directly referenced +fcn_000176d9: ; not directly referenced push ebp mov ebp, esp mov ax, fs pop ebp ret -fcn_0001761d: ; not directly referenced +fcn_000176e1: ; not directly referenced push ebp mov ebp, esp mov ax, gs pop ebp ret -fcn_00017625: ; not directly referenced +fcn_000176e9: ; not directly referenced push ebp mov ebp, esp mov ax, ds pop ebp ret -fcn_0001762d: ; not directly referenced +fcn_000176f1: ; not directly referenced push ebp mov ebp, esp str ax pop ebp ret -fcn_00017636: ; not directly referenced +fcn_000176fa: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38515,7 +38587,7 @@ sgdt [eax] pop ebp ret -fcn_00017641: ; not directly referenced +fcn_00017705: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38523,7 +38595,7 @@ lgdt [eax] pop ebp ret -fcn_0001764c: ; not directly referenced +fcn_00017710: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38531,7 +38603,7 @@ sidt [eax] pop ebp ret -fcn_00017657: ; not directly referenced +fcn_0001771b: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38539,21 +38611,21 @@ lidt [eax] pop ebp ret -fcn_00017662: ; not directly referenced +fcn_00017726: ; not directly referenced push ebp mov ebp, esp sldt ax pop ebp ret -fcn_0001766b: ; not directly referenced +fcn_0001772f: ; not directly referenced push ebp mov ebp, esp lldt word [ebp + 8] pop ebp ret -fcn_00017674: ; not directly referenced +fcn_00017738: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38561,7 +38633,7 @@ fxsave [eax] pop ebp ret -fcn_0001767f: ; not directly referenced +fcn_00017743: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38569,7 +38641,7 @@ fxrstor [eax] pop ebp ret -fcn_0001768a: ; not directly referenced +fcn_0001774e: ; not directly referenced push ebp mov ebp, esp push eax @@ -38580,7 +38652,7 @@ pop edx pop ebp ret -fcn_00017697: ; not directly referenced +fcn_0001775b: ; not directly referenced push ebp mov ebp, esp push eax @@ -38591,7 +38663,7 @@ pop edx pop ebp ret -fcn_000176a4: ; not directly referenced +fcn_00017768: ; not directly referenced push ebp mov ebp, esp push eax @@ -38602,7 +38674,7 @@ pop edx pop ebp ret -fcn_000176b1: ; not directly referenced +fcn_00017775: ; not directly referenced push ebp mov ebp, esp push eax @@ -38613,7 +38685,7 @@ pop edx pop ebp ret -fcn_000176be: ; not directly referenced +fcn_00017782: ; not directly referenced push ebp mov ebp, esp push eax @@ -38624,7 +38696,7 @@ pop edx pop ebp ret -fcn_000176cb: ; not directly referenced +fcn_0001778f: ; not directly referenced push ebp mov ebp, esp push eax @@ -38635,7 +38707,7 @@ pop edx pop ebp ret -fcn_000176d8: ; not directly referenced +fcn_0001779c: ; not directly referenced push ebp mov ebp, esp push eax @@ -38646,7 +38718,7 @@ pop edx pop ebp ret -fcn_000176e5: ; not directly referenced +fcn_000177a9: ; not directly referenced push ebp mov ebp, esp push eax @@ -38657,7 +38729,7 @@ pop edx pop ebp ret -fcn_000176f2: ; not directly referenced +fcn_000177b6: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38669,7 +38741,7 @@ movq mm0, qword [ebp - 8] leave ret -fcn_0001770a: ; not directly referenced +fcn_000177ce: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38681,7 +38753,7 @@ movq mm1, qword [ebp - 8] leave ret -fcn_00017722: ; not directly referenced +fcn_000177e6: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38693,7 +38765,7 @@ movq mm2, qword [ebp - 8] leave ret -fcn_0001773a: ; not directly referenced +fcn_000177fe: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38705,7 +38777,7 @@ movq mm3, qword [ebp - 8] leave ret -fcn_00017752: ; not directly referenced +fcn_00017816: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38717,7 +38789,7 @@ movq mm4, qword [ebp - 8] leave ret -fcn_0001776a: ; not directly referenced +fcn_0001782e: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38729,7 +38801,7 @@ movq mm5, qword [ebp - 8] leave ret -fcn_00017782: ; not directly referenced +fcn_00017846: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38741,7 +38813,7 @@ movq mm6, qword [ebp - 8] leave ret -fcn_0001779a: ; not directly referenced +fcn_0001785e: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -38753,14 +38825,14 @@ movq mm7, qword [ebp - 8] leave ret -fcn_000177b2: ; not directly referenced +fcn_00017876: ; not directly referenced push ebp mov ebp, esp rdtsc pop ebp ret -fcn_000177b9: ; not directly referenced +fcn_0001787d: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 8] @@ -38768,21 +38840,21 @@ rdpmc pop ebp ret -fcn_000177c3: ; not directly referenced +fcn_00017887: ; not directly referenced push ebp mov ebp, esp wbinvd pop ebp ret -fcn_000177ca: ; not directly referenced +fcn_0001788e: ; not directly referenced push ebp mov ebp, esp invd pop ebp ret -fcn_000177d1: ; not directly referenced +fcn_00017895: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -38790,7 +38862,7 @@ clflush [eax] pop ebp ret -loc_000177dc: +loc_000178a0: mov cl, byte [esp + 0xc] xor edx, edx mov eax, dword [esp + 8] @@ -38801,16 +38873,16 @@ shrd eax, edx, cl shr edx, cl ret -fcn_000177f7: ; not directly referenced +fcn_000178bb: ; not directly referenced push ebp mov ebp, esp sub esp, 0x14 push dword [ebp + 8] -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc leave ret -fcn_00017807: ; not directly referenced +fcn_000178cb: ; not directly referenced push ebp xor edx, edx mov ebp, esp @@ -38819,11 +38891,11 @@ mov eax, dword [ebp + 0xc] push edx push eax push dword [ebp + 8] -call fcn_00017502 ; call 0x17502 +call fcn_000175c6 ; call 0x175c6 leave ret -fcn_0001781e: ; not directly referenced +fcn_000178e2: ; not directly referenced push ebp mov ebp, esp push esi @@ -38832,7 +38904,7 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push dword [ebp + 8] -call fcn_000177f7 ; call 0x177f7 +call fcn_000178bb ; call 0x178bb add esp, 0x10 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx @@ -38841,9 +38913,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_0001f726 ; jmp 0x1f726 +jmp near fcn_0001f7b4 ; jmp 0x1f7b4 -fcn_0001784b: ; not directly referenced +fcn_0001790f: ; not directly referenced push ebp mov ebp, esp push edi @@ -38854,7 +38926,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0x10 mov dword [ebp + 8], edi or eax, esi @@ -38866,9 +38938,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017502 ; jmp 0x17502 +jmp near fcn_000175c6 ; jmp 0x175c6 -fcn_0001787f: ; not directly referenced +fcn_00017943: ; not directly referenced push ebp xor edx, edx mov ebp, esp @@ -38877,11 +38949,11 @@ mov eax, dword [ebp + 0xc] push edx push eax push dword [ebp + 8] -call fcn_0001784b ; call 0x1784b +call fcn_0001790f ; call 0x1790f leave ret -fcn_00017896: ; not directly referenced +fcn_0001795a: ; not directly referenced push ebp mov ebp, esp push edi @@ -38892,7 +38964,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -38904,9 +38976,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017502 ; jmp 0x17502 +jmp near fcn_000175c6 ; jmp 0x175c6 -fcn_000178ca: ; not directly referenced +fcn_0001798e: ; not directly referenced push ebp xor edx, edx mov ebp, esp @@ -38915,11 +38987,11 @@ mov eax, dword [ebp + 0xc] push edx push eax push dword [ebp + 8] -call fcn_00017896 ; call 0x17896 +call fcn_0001795a ; call 0x1795a leave ret -fcn_000178e1: ; not directly referenced +fcn_000179a5: ; not directly referenced push ebp mov ebp, esp push edi @@ -38934,7 +39006,7 @@ push ebx mov esi, dword [ebp + 0x10] mov dword [ebp - 0x1c], eax mov dword [ebp - 0x20], ecx -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0x10 mov dword [ebp + 8], ebx and eax, edi @@ -38948,9 +39020,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017502 ; jmp 0x17502 +jmp near fcn_000175c6 ; jmp 0x175c6 -fcn_00017927: ; not directly referenced +fcn_000179eb: ; not directly referenced push ebp xor edx, edx mov ebp, esp @@ -38963,25 +39035,25 @@ mov eax, dword [ebp + 0xc] push edx push eax push dword [ebp + 8] -call fcn_000178e1 ; call 0x178e1 +call fcn_000179a5 ; call 0x179a5 leave ret -fcn_00017945: ; not directly referenced +fcn_00017a09: ; not directly referenced push ebp mov ebp, esp sub esp, 0x14 push dword [ebp + 8] -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc push dword [ebp + 0x10] push dword [ebp + 0xc] push edx push eax -call fcn_0001f98f ; call 0x1f98f +call fcn_0001fa1d ; call 0x1fa1d leave ret -fcn_00017962: ; not directly referenced +fcn_00017a26: ; not directly referenced push ebp mov ebp, esp push edi @@ -38996,7 +39068,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc pop ecx pop ecx push edi @@ -39005,7 +39077,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fcc5 ; call 0x1fcc5 +call fcn_0001fd53 ; call 0x1fd53 mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -39016,41 +39088,41 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017502 ; jmp 0x17502 +jmp near fcn_000175c6 ; jmp 0x175c6 -fcn_000179b0: ; not directly referenced +fcn_00017a74: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000179e1 ; je 0x179e1 +je short loc_00017aa5 ; je 0x17aa5 cmp ebx, 0x1f -jbe short loc_000179e1 ; jbe 0x179e1 +jbe short loc_00017aa5 ; jbe 0x17aa5 push edx -push ref_00025a33 ; push 0x25a33 +push ref_00025ae2 ; push 0x25ae2 push 0xe3 -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000179e1: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00017aa5: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017a06 ; je 0x17a06 +je short loc_00017aca ; je 0x17aca cmp esi, ebx -jbe short loc_00017a06 ; jbe 0x17a06 +jbe short loc_00017aca ; jbe 0x17aca push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0xe4 -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017a06: ; not directly referenced +loc_00017aca: ; not directly referenced mov eax, dword [ebp + 0x14] sub esp, 0xc xor edx, edx @@ -39059,14 +39131,14 @@ push eax push ebx push esi push dword [ebp + 8] -call fcn_00017962 ; call 0x17962 +call fcn_00017a26 ; call 0x17a26 lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00017a21: ; not directly referenced +fcn_00017ae5: ; not directly referenced push ebp mov ebp, esp push edi @@ -39081,7 +39153,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc pop ecx pop ecx push edi @@ -39090,7 +39162,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fa1e ; call 0x1fa1e +call fcn_0001faac ; call 0x1faac mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -39101,41 +39173,41 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017502 ; jmp 0x17502 +jmp near fcn_000175c6 ; jmp 0x175c6 -fcn_00017a6f: ; not directly referenced +fcn_00017b33: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017aa0 ; je 0x17aa0 +je short loc_00017b64 ; je 0x17b64 cmp ebx, 0x1f -jbe short loc_00017aa0 ; jbe 0x17aa0 +jbe short loc_00017b64 ; jbe 0x17b64 push edx -push ref_00025a94 ; push 0x25a94 +push ref_00025b43 ; push 0x25b43 push 0x10c -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017aa0: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00017b64: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017ac5 ; je 0x17ac5 +je short loc_00017b89 ; je 0x17b89 cmp esi, ebx -jbe short loc_00017ac5 ; jbe 0x17ac5 +jbe short loc_00017b89 ; jbe 0x17b89 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x10d -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017ac5: ; not directly referenced +loc_00017b89: ; not directly referenced mov eax, dword [ebp + 0x14] sub esp, 0xc xor edx, edx @@ -39144,14 +39216,14 @@ push eax push ebx push esi push dword [ebp + 8] -call fcn_00017a21 ; call 0x17a21 +call fcn_00017ae5 ; call 0x17ae5 lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00017ae0: ; not directly referenced +fcn_00017ba4: ; not directly referenced push ebp mov ebp, esp push edi @@ -39166,7 +39238,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc pop ecx pop ecx push edi @@ -39175,7 +39247,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fb10 ; call 0x1fb10 +call fcn_0001fb9e ; call 0x1fb9e mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -39186,41 +39258,41 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017502 ; jmp 0x17502 +jmp near fcn_000175c6 ; jmp 0x175c6 -fcn_00017b2e: ; not directly referenced +fcn_00017bf2: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017b5f ; je 0x17b5f +je short loc_00017c23 ; je 0x17c23 cmp ebx, 0x1f -jbe short loc_00017b5f ; jbe 0x17b5f +jbe short loc_00017c23 ; jbe 0x17c23 push edx -push ref_00025ab1 ; push 0x25ab1 +push ref_00025b60 ; push 0x25b60 push 0x135 -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017b5f: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00017c23: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017b84 ; je 0x17b84 +je short loc_00017c48 ; je 0x17c48 cmp esi, ebx -jbe short loc_00017b84 ; jbe 0x17b84 +jbe short loc_00017c48 ; jbe 0x17c48 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x136 -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017b84: ; not directly referenced +loc_00017c48: ; not directly referenced mov eax, dword [ebp + 0x14] sub esp, 0xc xor edx, edx @@ -39229,14 +39301,14 @@ push eax push ebx push esi push dword [ebp + 8] -call fcn_00017ae0 ; call 0x17ae0 +call fcn_00017ba4 ; call 0x17ba4 lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00017b9f: ; not directly referenced +fcn_00017c63: ; not directly referenced push ebp mov ebp, esp push edi @@ -39255,7 +39327,7 @@ mov ebx, dword [ebp + 0xc] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x28], eax mov dword [ebp - 0x24], edx -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc push edi push esi push dword [ebp - 0x24] @@ -39264,7 +39336,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fc0e ; call 0x1fc0e +call fcn_0001fc9c ; call 0x1fc9c mov ecx, dword [ebp - 0x20] add esp, 0x30 mov dword [ebp + 8], ecx @@ -39275,41 +39347,41 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017502 ; jmp 0x17502 +jmp near fcn_000175c6 ; jmp 0x175c6 -fcn_00017bfd: ; not directly referenced +fcn_00017cc1: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017c2e ; je 0x17c2e +je short loc_00017cf2 ; je 0x17cf2 cmp ebx, 0x1f -jbe short loc_00017c2e ; jbe 0x17c2e +jbe short loc_00017cf2 ; jbe 0x17cf2 push ecx -push ref_00025ab1 ; push 0x25ab1 +push ref_00025b60 ; push 0x25b60 push 0x163 -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017c2e: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00017cf2: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017c53 ; je 0x17c53 +je short loc_00017d17 ; je 0x17d17 cmp esi, ebx -jbe short loc_00017c53 ; jbe 0x17c53 +jbe short loc_00017d17 ; jbe 0x17d17 push edx -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x164 -push ref_00025a4f ; push 0x25a4f -call fcn_000153fc ; call 0x153fc +push ref_00025afe ; push 0x25afe +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017c53: ; not directly referenced +loc_00017d17: ; not directly referenced push eax mov eax, dword [ebp + 0x18] xor edx, edx @@ -39322,134 +39394,134 @@ push eax push ebx push esi push dword [ebp + 8] -call fcn_00017b9f ; call 0x17b9f +call fcn_00017c63 ; call 0x17c63 lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00017c73: ; not directly referenced +fcn_00017d37: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017c97 ; je 0x17c97 +je short loc_00017d5b ; je 0x17d5b push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x26 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017c97: ; not directly referenced +loc_00017d5b: ; not directly referenced xor eax, eax xor edx, edx leave ret -fcn_00017c9d: ; not directly referenced +fcn_00017d61: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017cc1 ; je 0x17cc1 +je short loc_00017d85 ; je 0x17d85 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x41 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017cc1: ; not directly referenced +loc_00017d85: ; not directly referenced xor eax, eax xor edx, edx leave ret -fcn_00017cc7: +fcn_00017d8b: push ebp mov ebp, esp push ebx push eax -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e mov eax, dword [ebp + 8] mov bl, byte [eax] -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e pop edx mov al, bl pop ebx pop ebp ret -fcn_00017ce1: +fcn_00017da5: push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 0xc] -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e mov eax, dword [ebp + 8] mov byte [eax], bl -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e mov al, bl pop edx pop ebx pop ebp ret -fcn_00017cfe: +fcn_00017dc2: push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017d2c ; je 0x17d2c +je short loc_00017df0 ; je 0x17df0 test bl, 1 -je short loc_00017d2c ; je 0x17d2c +je short loc_00017df0 ; je 0x17df0 push eax -push ref_00025b0b ; push 0x25b0b +push ref_00025bba ; push 0x25bba push 0x97 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017d2c: -call fcn_000174da ; call 0x174da +loc_00017df0: +call fcn_0001759e ; call 0x1759e mov bx, word [ebx] -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_00017d40: +fcn_00017e04: push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017d74 ; je 0x17d74 +je short loc_00017e38 ; je 0x17e38 test esi, 1 -je short loc_00017d74 ; je 0x17d74 +je short loc_00017e38 ; je 0x17e38 push eax -push ref_00025b0b ; push 0x25b0b +push ref_00025bba ; push 0x25bba push 0xb7 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017d74: -call fcn_000174da ; call 0x174da +loc_00017e38: +call fcn_0001759e ; call 0x1759e mov word [esi], bx -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -39457,56 +39529,56 @@ pop esi pop ebp ret -fcn_00017d8a: +fcn_00017e4e: push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017db8 ; je 0x17db8 +je short loc_00017e7c ; je 0x17e7c test bl, 3 -je short loc_00017db8 ; je 0x17db8 +je short loc_00017e7c ; je 0x17e7c push eax -push ref_00025b1e ; push 0x25b1e +push ref_00025bcd ; push 0x25bcd push 0xd7 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017db8: -call fcn_000174da ; call 0x174da +loc_00017e7c: +call fcn_0001759e ; call 0x1759e mov ebx, dword [ebx] -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_00017dcb: +fcn_00017e8f: push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017dff ; je 0x17dff +je short loc_00017ec3 ; je 0x17ec3 test esi, 3 -je short loc_00017dff ; je 0x17dff +je short loc_00017ec3 ; je 0x17ec3 push eax -push ref_00025b1e ; push 0x25b1e +push ref_00025bcd ; push 0x25bcd push 0xf7 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017dff: -call fcn_000174da ; call 0x174da +loc_00017ec3: +call fcn_0001759e ; call 0x1759e mov dword [esi], ebx -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -39514,38 +39586,38 @@ pop esi pop ebp ret -fcn_00017e14: +fcn_00017ed8: push ebp mov ebp, esp push ebx sub esp, 0x14 mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017e44 ; je 0x17e44 +je short loc_00017f08 ; je 0x17f08 test bl, 7 -je short loc_00017e44 ; je 0x17e44 +je short loc_00017f08 ; je 0x17f08 push eax -push ref_00025b31 ; push 0x25b31 +push ref_00025be0 ; push 0x25be0 push 0x117 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017e44: -call fcn_000174da ; call 0x174da +loc_00017f08: +call fcn_0001759e ; call 0x1759e mov eax, dword [ebx] mov edx, dword [ebx + 4] mov dword [ebp - 0x10], eax mov dword [ebp - 0xc], edx -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e mov eax, dword [ebp - 0x10] mov edx, dword [ebp - 0xc] mov ebx, dword [ebp - 4] leave ret -fcn_00017e64: +fcn_00017f28: push ebp mov ebp, esp push edi @@ -39557,23 +39629,23 @@ mov edx, dword [ebp + 0x10] mov ebx, dword [ebp + 8] mov esi, eax mov edi, edx -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00017ea0 ; je 0x17ea0 +je short loc_00017f64 ; je 0x17f64 test bl, 7 -je short loc_00017ea0 ; je 0x17ea0 +je short loc_00017f64 ; je 0x17f64 push eax -push ref_00025b31 ; push 0x25b31 +push ref_00025be0 ; push 0x25be0 push 0x135 -push ref_00025acf ; push 0x25acf -call fcn_000153fc ; call 0x153fc +push ref_00025b7e ; push 0x25b7e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00017ea0: -call fcn_000174da ; call 0x174da +loc_00017f64: +call fcn_0001759e ; call 0x1759e mov dword [ebx], esi mov dword [ebx + 4], edi -call fcn_000174da ; call 0x174da +call fcn_0001759e ; call 0x1759e lea esp, [ebp - 0xc] mov eax, esi pop ebx @@ -39583,7 +39655,7 @@ pop edi pop ebp ret -fcn_00017ebb: +fcn_00017f7f: push ebp mov ebp, esp push esi @@ -39592,7 +39664,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 add esp, 0x10 mov dword [ebp + 8], ebx or eax, esi @@ -39602,9 +39674,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_00017ee8: +fcn_00017fac: push ebp mov ebp, esp push esi @@ -39613,7 +39685,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 add esp, 0x10 mov dword [ebp + 8], ebx and eax, esi @@ -39623,9 +39695,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_00017f15: ; not directly referenced +fcn_00017fd9: ; not directly referenced push ebp mov ebp, esp push edi @@ -39636,7 +39708,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -39648,9 +39720,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_00017f49: ; not directly referenced +fcn_0001800d: ; not directly referenced push ebp mov ebp, esp push esi @@ -39659,7 +39731,7 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push dword [ebp + 8] -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 add esp, 0x10 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx @@ -39669,9 +39741,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_0001f228 ; jmp 0x1f228 +jmp near fcn_0001f2b6 ; jmp 0x1f2b6 -fcn_00017f79: ; not directly referenced +fcn_0001803d: ; not directly referenced push ebp mov ebp, esp push edi @@ -39684,7 +39756,7 @@ mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov edx, dword [ebp - 0x1c] mov ecx, esi movzx esi, cl @@ -39693,7 +39765,7 @@ push edx push edi movzx eax, al push eax -call fcn_0001f42e ; call 0x1f42e +call fcn_0001f4bc ; call 0x1f4bc add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -39703,9 +39775,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_00017fc3: ; not directly referenced +fcn_00018087: ; not directly referenced push ebp mov ebp, esp push edi @@ -39718,7 +39790,7 @@ mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov edx, dword [ebp - 0x1c] mov ecx, esi movzx esi, cl @@ -39727,7 +39799,7 @@ push edx push edi movzx eax, al push eax -call fcn_0001f29b ; call 0x1f29b +call fcn_0001f329 ; call 0x1f329 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -39737,9 +39809,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_0001800d: ; not directly referenced +fcn_000180d1: ; not directly referenced push ebp mov ebp, esp push edi @@ -39752,7 +39824,7 @@ mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov edx, dword [ebp - 0x1c] mov ecx, esi movzx esi, cl @@ -39761,7 +39833,7 @@ push edx push edi movzx eax, al push eax -call fcn_0001f316 ; call 0x1f316 +call fcn_0001f3a4 ; call 0x1f3a4 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -39771,9 +39843,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_00018057: ; not directly referenced +fcn_0001811b: ; not directly referenced push ebp mov ebp, esp push edi @@ -39788,7 +39860,7 @@ mov edi, dword [ebp + 0x18] push ebx mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ecx -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov ecx, esi mov edx, edi movzx esi, cl @@ -39801,7 +39873,7 @@ push ecx push edx movzx eax, al push eax -call fcn_0001f391 ; call 0x1f391 +call fcn_0001f41f ; call 0x1f41f add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -39811,9 +39883,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_000180b2: ; not directly referenced +fcn_00018176: ; not directly referenced push ebp mov ebp, esp push esi @@ -39822,7 +39894,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 add esp, 0x10 mov dword [ebp + 8], ebx or eax, esi @@ -39832,9 +39904,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_000180df: ; not directly referenced +fcn_000181a3: ; not directly referenced push ebp mov ebp, esp push esi @@ -39843,7 +39915,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 add esp, 0x10 mov dword [ebp + 8], ebx and eax, esi @@ -39853,9 +39925,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_0001810c: ; not directly referenced +fcn_000181d0: ; not directly referenced push ebp mov ebp, esp push edi @@ -39866,7 +39938,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -39878,9 +39950,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_00018140: ; not directly referenced +fcn_00018204: ; not directly referenced push ebp mov ebp, esp push esi @@ -39889,7 +39961,7 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push dword [ebp + 8] -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 add esp, 0x10 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx @@ -39899,9 +39971,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_0001f4ae ; jmp 0x1f4ae +jmp near fcn_0001f53c ; jmp 0x1f53c -fcn_00018170: ; not directly referenced +fcn_00018234: ; not directly referenced push ebp mov ebp, esp push edi @@ -39915,14 +39987,14 @@ mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx movzx esi, si -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 mov edx, dword [ebp - 0x1c] push esi push edx push edi movzx eax, ax push eax -call fcn_0001f6aa ; call 0x1f6aa +call fcn_0001f738 ; call 0x1f738 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -39932,9 +40004,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_000181b8: ; not directly referenced +fcn_0001827c: ; not directly referenced push ebp mov ebp, esp push edi @@ -39948,14 +40020,14 @@ mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx movzx esi, si -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 mov edx, dword [ebp - 0x1c] push esi push edx push edi movzx eax, ax push eax -call fcn_0001f521 ; call 0x1f521 +call fcn_0001f5af ; call 0x1f5af add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -39965,9 +40037,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_00018200: ; not directly referenced +fcn_000182c4: ; not directly referenced push ebp mov ebp, esp push edi @@ -39981,14 +40053,14 @@ mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx movzx esi, si -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 mov edx, dword [ebp - 0x1c] push esi push edx push edi movzx eax, ax push eax -call fcn_0001f598 ; call 0x1f598 +call fcn_0001f626 ; call 0x1f626 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -39998,9 +40070,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_00018248: ; not directly referenced +fcn_0001830c: ; not directly referenced push ebp mov ebp, esp push edi @@ -40016,7 +40088,7 @@ mov edi, dword [ebp + 0x18] mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ecx movzx esi, si -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 mov ecx, dword [ebp - 0x1c] movzx edi, di mov edx, dword [ebp - 0x20] @@ -40026,7 +40098,7 @@ push ecx push edx movzx eax, ax push eax -call fcn_0001f60f ; call 0x1f60f +call fcn_0001f69d ; call 0x1f69d add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -40036,9 +40108,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_0001829f: +fcn_00018363: push ebp mov ebp, esp push esi @@ -40047,7 +40119,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 mov dword [ebp + 8], ebx or eax, esi @@ -40056,9 +40128,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_000182c9: +fcn_0001838d: push ebp mov ebp, esp push esi @@ -40067,7 +40139,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 mov dword [ebp + 8], ebx and eax, esi @@ -40076,9 +40148,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_000182f3: ; not directly referenced +fcn_000183b7: ; not directly referenced push ebp mov ebp, esp push edi @@ -40089,7 +40161,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -40100,9 +40172,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_00018324: ; not directly referenced +fcn_000183e8: ; not directly referenced push ebp mov ebp, esp push esi @@ -40111,7 +40183,7 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push dword [ebp + 8] -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx @@ -40120,9 +40192,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_0001f726 ; jmp 0x1f726 +jmp near fcn_0001f7b4 ; jmp 0x1f7b4 -fcn_00018351: ; not directly referenced +fcn_00018415: ; not directly referenced push ebp mov ebp, esp push edi @@ -40135,13 +40207,13 @@ mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] push ebx mov dword [ebp - 0x1c], edx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 mov edx, dword [ebp - 0x1c] push edx push edi push esi push eax -call fcn_0001f920 ; call 0x1f920 +call fcn_0001f9ae ; call 0x1f9ae add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -40150,9 +40222,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_00018390: ; not directly referenced +fcn_00018454: ; not directly referenced push ebp mov ebp, esp push edi @@ -40165,13 +40237,13 @@ mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] push ebx mov dword [ebp - 0x1c], edx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 mov edx, dword [ebp - 0x1c] push edx push edi push esi push eax -call fcn_0001f792 ; call 0x1f792 +call fcn_0001f820 ; call 0x1f820 add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -40180,9 +40252,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_000183cf: ; not directly referenced +fcn_00018493: ; not directly referenced push ebp mov ebp, esp push edi @@ -40195,13 +40267,13 @@ mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] push ebx mov dword [ebp - 0x1c], edx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 mov edx, dword [ebp - 0x1c] push edx push edi push esi push eax -call fcn_0001f810 ; call 0x1f810 +call fcn_0001f89e ; call 0x1f89e add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -40210,9 +40282,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_0001840e: ; not directly referenced +fcn_000184d2: ; not directly referenced push ebp mov ebp, esp push edi @@ -40227,7 +40299,7 @@ push ebx mov edi, dword [ebp + 0x10] mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ecx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 mov ecx, dword [ebp - 0x1c] mov edx, dword [ebp - 0x20] mov dword [esp], ecx @@ -40235,7 +40307,7 @@ push edx push edi push esi push eax -call fcn_0001f88e ; call 0x1f88e +call fcn_0001f91c ; call 0x1f91c add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -40244,9 +40316,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_00018459: ; not directly referenced +fcn_0001851d: ; not directly referenced push ebp mov ebp, esp push edi @@ -40257,7 +40329,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 add esp, 0x10 mov dword [ebp + 8], edi or eax, esi @@ -40269,9 +40341,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_0001848d: ; not directly referenced +fcn_00018551: ; not directly referenced push ebp mov ebp, esp push edi @@ -40282,7 +40354,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -40294,9 +40366,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_000184c1: ; not directly referenced +fcn_00018585: ; not directly referenced push ebp mov ebp, esp push edi @@ -40311,7 +40383,7 @@ push ebx mov esi, dword [ebp + 0x10] mov dword [ebp - 0x1c], eax mov dword [ebp - 0x20], ecx -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 add esp, 0x10 mov dword [ebp + 8], ebx and eax, edi @@ -40325,23 +40397,23 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_00018507: ; not directly referenced +fcn_000185cb: ; not directly referenced push ebp mov ebp, esp sub esp, 0x14 push dword [ebp + 8] -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 push dword [ebp + 0x10] push dword [ebp + 0xc] push edx push eax -call fcn_0001f98f ; call 0x1f98f +call fcn_0001fa1d ; call 0x1fa1d leave ret -fcn_00018524: ; not directly referenced +fcn_000185e8: ; not directly referenced push ebp mov ebp, esp push edi @@ -40356,7 +40428,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 pop ecx pop ecx push edi @@ -40365,7 +40437,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fcc5 ; call 0x1fcc5 +call fcn_0001fd53 ; call 0x1fd53 mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -40376,9 +40448,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_00018572: ; not directly referenced +fcn_00018636: ; not directly referenced push ebp mov ebp, esp push edi @@ -40393,7 +40465,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 pop ecx pop ecx push edi @@ -40402,7 +40474,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fa1e ; call 0x1fa1e +call fcn_0001faac ; call 0x1faac mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -40413,9 +40485,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_000185c0: ; not directly referenced +fcn_00018684: ; not directly referenced push ebp mov ebp, esp push edi @@ -40430,7 +40502,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 pop ecx pop ecx push edi @@ -40439,7 +40511,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fb10 ; call 0x1fb10 +call fcn_0001fb9e ; call 0x1fb9e mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -40450,9 +40522,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_0001860e: ; not directly referenced +fcn_000186d2: ; not directly referenced push ebp mov ebp, esp push edi @@ -40471,7 +40543,7 @@ mov ebx, dword [ebp + 0xc] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x28], eax mov dword [ebp - 0x24], edx -call fcn_00017c73 ; call 0x17c73 +call fcn_00017d37 ; call 0x17d37 push edi push esi push dword [ebp - 0x24] @@ -40480,7 +40552,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fc0e ; call 0x1fc0e +call fcn_0001fc9c ; call 0x1fc9c mov ecx, dword [ebp - 0x20] add esp, 0x30 mov dword [ebp + 8], ecx @@ -40491,9 +40563,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_0001866c: +fcn_00018730: push ebp mov ebp, esp push esi @@ -40502,7 +40574,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov dword [ebp + 8], ebx or eax, esi @@ -40512,9 +40584,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_00018699: +fcn_0001875d: push ebp mov ebp, esp push esi @@ -40523,7 +40595,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov dword [ebp + 8], ebx and eax, esi @@ -40533,9 +40605,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_000186c6: +fcn_0001878a: push ebp mov ebp, esp push edi @@ -40546,7 +40618,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -40558,9 +40630,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_000186fa: ; not directly referenced +fcn_000187be: ; not directly referenced push ebp mov ebp, esp push esi @@ -40569,7 +40641,7 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push dword [ebp + 8] -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b add esp, 0x10 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx @@ -40579,9 +40651,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_0001f228 ; jmp 0x1f228 +jmp near fcn_0001f2b6 ; jmp 0x1f2b6 -fcn_0001872a: ; not directly referenced +fcn_000187ee: ; not directly referenced push ebp mov ebp, esp push edi @@ -40594,7 +40666,7 @@ mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov edx, dword [ebp - 0x1c] mov ecx, esi movzx esi, cl @@ -40603,7 +40675,7 @@ push edx push edi movzx eax, al push eax -call fcn_0001f42e ; call 0x1f42e +call fcn_0001f4bc ; call 0x1f4bc add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -40613,9 +40685,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_00018774: ; not directly referenced +fcn_00018838: ; not directly referenced push ebp mov ebp, esp push edi @@ -40628,7 +40700,7 @@ mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov edx, dword [ebp - 0x1c] mov ecx, esi movzx esi, cl @@ -40637,7 +40709,7 @@ push edx push edi movzx eax, al push eax -call fcn_0001f29b ; call 0x1f29b +call fcn_0001f329 ; call 0x1f329 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -40647,9 +40719,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_000187be: ; not directly referenced +fcn_00018882: ; not directly referenced push ebp mov ebp, esp push edi @@ -40662,7 +40734,7 @@ mov esi, dword [ebp + 0x14] mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov edx, dword [ebp - 0x1c] mov ecx, esi movzx esi, cl @@ -40671,7 +40743,7 @@ push edx push edi movzx eax, al push eax -call fcn_0001f316 ; call 0x1f316 +call fcn_0001f3a4 ; call 0x1f3a4 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -40681,9 +40753,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_00018808: ; not directly referenced +fcn_000188cc: ; not directly referenced push ebp mov ebp, esp push edi @@ -40698,7 +40770,7 @@ mov edi, dword [ebp + 0x18] push ebx mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ecx -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov ecx, esi mov edx, edi movzx esi, cl @@ -40711,7 +40783,7 @@ push ecx push edx movzx eax, al push eax -call fcn_0001f391 ; call 0x1f391 +call fcn_0001f41f ; call 0x1f41f add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, al @@ -40721,9 +40793,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_00018863: +fcn_00018927: push ebp mov ebp, esp push esi @@ -40732,7 +40804,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov dword [ebp + 8], ebx or eax, esi @@ -40742,9 +40814,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_00018890: +fcn_00018954: push ebp mov ebp, esp push esi @@ -40753,7 +40825,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov dword [ebp + 8], ebx and eax, esi @@ -40763,9 +40835,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_000188bd: +fcn_00018981: push ebp mov ebp, esp push edi @@ -40776,7 +40848,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -40788,9 +40860,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_000188f1: ; not directly referenced +fcn_000189b5: ; not directly referenced push ebp mov ebp, esp push esi @@ -40799,7 +40871,7 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push dword [ebp + 8] -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx @@ -40809,9 +40881,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_0001f4ae ; jmp 0x1f4ae +jmp near fcn_0001f53c ; jmp 0x1f53c -fcn_00018921: ; not directly referenced +fcn_000189e5: ; not directly referenced push ebp mov ebp, esp push edi @@ -40825,14 +40897,14 @@ mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx movzx esi, si -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edx, dword [ebp - 0x1c] push esi push edx push edi movzx eax, ax push eax -call fcn_0001f6aa ; call 0x1f6aa +call fcn_0001f738 ; call 0x1f738 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -40842,9 +40914,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_00018969: ; not directly referenced +fcn_00018a2d: ; not directly referenced push ebp mov ebp, esp push edi @@ -40858,14 +40930,14 @@ mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx movzx esi, si -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edx, dword [ebp - 0x1c] push esi push edx push edi movzx eax, ax push eax -call fcn_0001f521 ; call 0x1f521 +call fcn_0001f5af ; call 0x1f5af add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -40875,9 +40947,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_000189b1: ; not directly referenced +fcn_00018a75: ; not directly referenced push ebp mov ebp, esp push edi @@ -40891,14 +40963,14 @@ mov edi, dword [ebp + 0xc] push ebx mov dword [ebp - 0x1c], edx movzx esi, si -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edx, dword [ebp - 0x1c] push esi push edx push edi movzx eax, ax push eax -call fcn_0001f598 ; call 0x1f598 +call fcn_0001f626 ; call 0x1f626 add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -40908,9 +40980,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_000189f9: ; not directly referenced +fcn_00018abd: ; not directly referenced push ebp mov ebp, esp push edi @@ -40926,7 +40998,7 @@ mov edi, dword [ebp + 0x18] mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ecx movzx esi, si -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ecx, dword [ebp - 0x1c] movzx edi, di mov edx, dword [ebp - 0x20] @@ -40936,7 +41008,7 @@ push ecx push edx movzx eax, ax push eax -call fcn_0001f60f ; call 0x1f60f +call fcn_0001f69d ; call 0x1f69d add esp, 0x20 mov dword [ebp + 8], ebx movzx eax, ax @@ -40946,9 +41018,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_00018a50: +fcn_00018b14: push ebp mov ebp, esp push esi @@ -40957,7 +41029,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dword [ebp + 8], ebx or eax, esi @@ -40966,9 +41038,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00018a7a: +fcn_00018b3e: push ebp mov ebp, esp push esi @@ -40977,7 +41049,7 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dword [ebp + 8], ebx and eax, esi @@ -40986,9 +41058,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00018aa4: +fcn_00018b68: push ebp mov ebp, esp push edi @@ -40999,7 +41071,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -41010,9 +41082,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00018ad5: ; not directly referenced +fcn_00018b99: ; not directly referenced push ebp mov ebp, esp push esi @@ -41021,7 +41093,7 @@ push ebx mov ebx, dword [ebp + 0xc] sub esp, 0xc push dword [ebp + 8] -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx @@ -41030,9 +41102,9 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_0001f726 ; jmp 0x1f726 +jmp near fcn_0001f7b4 ; jmp 0x1f7b4 -fcn_00018b02: +fcn_00018bc6: push ebp mov ebp, esp push edi @@ -41045,13 +41117,13 @@ mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] push ebx mov dword [ebp - 0x1c], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x1c] push edx push edi push esi push eax -call fcn_0001f920 ; call 0x1f920 +call fcn_0001f9ae ; call 0x1f9ae add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -41060,9 +41132,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00018b41: ; not directly referenced +fcn_00018c05: ; not directly referenced push ebp mov ebp, esp push edi @@ -41075,13 +41147,13 @@ mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] push ebx mov dword [ebp - 0x1c], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x1c] push edx push edi push esi push eax -call fcn_0001f792 ; call 0x1f792 +call fcn_0001f820 ; call 0x1f820 add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -41090,9 +41162,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00018b80: ; not directly referenced +fcn_00018c44: ; not directly referenced push ebp mov ebp, esp push edi @@ -41105,13 +41177,13 @@ mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] push ebx mov dword [ebp - 0x1c], edx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x1c] push edx push edi push esi push eax -call fcn_0001f810 ; call 0x1f810 +call fcn_0001f89e ; call 0x1f89e add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -41120,9 +41192,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00018bbf: ; not directly referenced +fcn_00018c83: ; not directly referenced push ebp mov ebp, esp push edi @@ -41137,7 +41209,7 @@ push ebx mov edi, dword [ebp + 0x10] mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ecx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ecx, dword [ebp - 0x1c] mov edx, dword [ebp - 0x20] mov dword [esp], ecx @@ -41145,7 +41217,7 @@ push edx push edi push esi push eax -call fcn_0001f88e ; call 0x1f88e +call fcn_0001f91c ; call 0x1f91c add esp, 0x20 mov dword [ebp + 8], ebx mov dword [ebp + 0xc], eax @@ -41154,9 +41226,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_00018c0a: ; not directly referenced +fcn_00018cce: ; not directly referenced push ebp mov ebp, esp push edi @@ -41167,7 +41239,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 add esp, 0x10 mov dword [ebp + 8], edi or eax, esi @@ -41179,9 +41251,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_00018c3e: +fcn_00018d02: push ebp mov ebp, esp push edi @@ -41192,7 +41264,7 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] push edi -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 add esp, 0x10 mov dword [ebp + 8], edi and eax, esi @@ -41204,9 +41276,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_00018c72: ; not directly referenced +fcn_00018d36: ; not directly referenced push ebp mov ebp, esp push edi @@ -41221,7 +41293,7 @@ push ebx mov esi, dword [ebp + 0x10] mov dword [ebp - 0x1c], eax mov dword [ebp - 0x20], ecx -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 add esp, 0x10 mov dword [ebp + 8], ebx and eax, edi @@ -41235,23 +41307,23 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_00018cb8: ; not directly referenced +fcn_00018d7c: ; not directly referenced push ebp mov ebp, esp sub esp, 0x14 push dword [ebp + 8] -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 push dword [ebp + 0x10] push dword [ebp + 0xc] push edx push eax -call fcn_0001f98f ; call 0x1f98f +call fcn_0001fa1d ; call 0x1fa1d leave ret -fcn_00018cd5: ; not directly referenced +fcn_00018d99: ; not directly referenced push ebp mov ebp, esp push edi @@ -41266,7 +41338,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 pop ecx pop ecx push edi @@ -41275,7 +41347,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fcc5 ; call 0x1fcc5 +call fcn_0001fd53 ; call 0x1fd53 mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -41286,9 +41358,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_00018d23: ; not directly referenced +fcn_00018de7: ; not directly referenced push ebp mov ebp, esp push edi @@ -41303,7 +41375,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 pop ecx pop ecx push edi @@ -41312,7 +41384,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fa1e ; call 0x1fa1e +call fcn_0001faac ; call 0x1faac mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -41323,9 +41395,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_00018d71: ; not directly referenced +fcn_00018e35: ; not directly referenced push ebp mov ebp, esp push edi @@ -41340,7 +41412,7 @@ push ecx mov esi, dword [ebp + 0x14] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x1c], eax -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 pop ecx pop ecx push edi @@ -41349,7 +41421,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fb10 ; call 0x1fb10 +call fcn_0001fb9e ; call 0x1fb9e mov ecx, dword [ebp - 0x20] add esp, 0x20 mov dword [ebp + 8], ecx @@ -41360,9 +41432,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_00018dbf: ; not directly referenced +fcn_00018e83: ; not directly referenced push ebp mov ebp, esp push edi @@ -41381,7 +41453,7 @@ mov ebx, dword [ebp + 0xc] mov dword [ebp - 0x20], ecx mov dword [ebp - 0x28], eax mov dword [ebp - 0x24], edx -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 push edi push esi push dword [ebp - 0x24] @@ -41390,7 +41462,7 @@ push dword [ebp - 0x1c] push ebx push edx push eax -call fcn_0001fc0e ; call 0x1fc0e +call fcn_0001fc9c ; call 0x1fc9c mov ecx, dword [ebp - 0x20] add esp, 0x30 mov dword [ebp + 8], ecx @@ -41401,9 +41473,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_00018e1d: +fcn_00018ee1: push ebp mov ebp, esp mov edx, dword [ebp + 8] @@ -41411,7 +41483,7 @@ in al, dx pop ebp ret -fcn_00018e26: +fcn_00018eea: push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -41420,47 +41492,47 @@ out dx, al pop ebp ret -fcn_00018e32: +fcn_00018ef6: push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00018e5c ; je 0x18e5c +je short loc_00018f20 ; je 0x18f20 test byte [ebp + 8], 1 -je short loc_00018e5c ; je 0x18e5c +je short loc_00018f20 ; je 0x18f20 push eax -push ref_00025b44 ; push 0x25b44 +push ref_00025bf3 ; push 0x25bf3 push 0x69 -push ref_00025b54 ; push 0x25b54 -call fcn_000153fc ; call 0x153fc +push ref_00025c03 ; push 0x25c03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00018e5c: +loc_00018f20: mov edx, dword [ebp + 8] in ax, dx leave ret -fcn_00018e63: +fcn_00018f27: push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00018e92 ; je 0x18e92 +je short loc_00018f56 ; je 0x18f56 test byte [ebp + 8], 1 -je short loc_00018e92 ; je 0x18e92 +je short loc_00018f56 ; je 0x18f56 push eax -push ref_00025b44 ; push 0x25b44 +push ref_00025bf3 ; push 0x25bf3 push 0x86 -push ref_00025b54 ; push 0x25b54 -call fcn_000153fc ; call 0x153fc +push ref_00025c03 ; push 0x25c03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00018e92: +loc_00018f56: mov eax, ebx mov edx, dword [ebp + 8] out dx, ax @@ -41469,45 +41541,45 @@ mov ebx, dword [ebp - 4] leave ret -fcn_00018ea0: +fcn_00018f64: push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00018ecd ; je 0x18ecd +je short loc_00018f91 ; je 0x18f91 test byte [ebp + 8], 3 -je short loc_00018ecd ; je 0x18ecd +je short loc_00018f91 ; je 0x18f91 push eax -push ref_00025b93 ; push 0x25b93 +push ref_00025c42 ; push 0x25c42 push 0xa3 -push ref_00025b54 ; push 0x25b54 -call fcn_000153fc ; call 0x153fc +push ref_00025c03 ; push 0x25c03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00018ecd: +loc_00018f91: mov edx, dword [ebp + 8] in eax, dx leave ret -fcn_00018ed3: +fcn_00018f97: push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00018f00 ; je 0x18f00 +je short loc_00018fc4 ; je 0x18fc4 test byte [ebp + 8], 3 -je short loc_00018f00 ; je 0x18f00 +je short loc_00018fc4 ; je 0x18fc4 push eax -push ref_00025b93 ; push 0x25b93 +push ref_00025c42 ; push 0x25c42 push 0xc0 -push ref_00025b54 ; push 0x25b54 -call fcn_000153fc ; call 0x153fc +push ref_00025c03 ; push 0x25c03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00018f00: +loc_00018fc4: mov eax, dword [ebp + 0xc] mov edx, dword [ebp + 8] out dx, eax @@ -41515,207 +41587,207 @@ mov eax, dword [ebp + 0xc] leave ret -fcn_00018f0c: +fcn_00018fd0: push ebp mov ebp, esp push ebx sub esp, 0x20 lea eax, [ebp - 0xc] push eax -call fcn_00019703 ; call 0x19703 +call fcn_000197c7 ; call 0x197c7 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00018f60 ; je 0x18f60 +je short loc_00019024 ; je 0x19024 test ebx, ebx -jns short loc_00018f60 ; jns 0x18f60 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00019024 ; jns 0x19024 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00018f4b ; je 0x18f4b +je short loc_0001900f ; je 0x1900f push ecx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00018f4b: +loc_0001900f: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x32 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00018f60: -call fcn_000153f0 ; call 0x153f0 +loc_00019024: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00018f84 ; je 0x18f84 +je short loc_00019048 ; je 0x19048 cmp dword [ebp - 0xc], 0 -jne short loc_00018f84 ; jne 0x18f84 +jne short loc_00019048 ; jne 0x19048 push eax -push ref_00025bd7 ; push 0x25bd7 +push ref_00025c86 ; push 0x25c86 push 0x33 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00018f84: +loc_00019048: mov eax, dword [ebp - 0xc] mov ebx, dword [ebp - 4] leave ret -fcn_00018f8c: +fcn_00019050: push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00018fc6 ; je 0x18fc6 +je short loc_0001908a ; je 0x1908a test ebx, ebx -jne short loc_00018fc6 ; jne 0x18fc6 +jne short loc_0001908a ; jne 0x1908a push eax -push ref_00025bef ; push 0x25bef +push ref_00025c9e ; push 0x25c9e push 0x52 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_00018fc6 ; jmp 0x18fc6 +jmp short loc_0001908a ; jmp 0x1908a -loc_00018fbb: +loc_0001907f: cmp ax, si -je short loc_00018fd3 ; je 0x18fd3 +je short loc_00019097 ; je 0x19097 movzx eax, word [ebx + 2] add ebx, eax -loc_00018fc6: +loc_0001908a: mov ax, word [ebx] cmp ax, 0xffff -jne short loc_00018fbb ; jne 0x18fbb +jne short loc_0001907f ; jne 0x1907f xor eax, eax -jmp short loc_00018fd5 ; jmp 0x18fd5 +jmp short loc_00019099 ; jmp 0x19099 -loc_00018fd3: +loc_00019097: mov eax, ebx -loc_00018fd5: +loc_00019099: lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00018fdc: ; not directly referenced +fcn_000190a0: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_00018f0c ; call 0x18f0c +call fcn_00018fd0 ; call 0x18fd0 movzx ebx, bx push edx push edx push eax push ebx -call fcn_00018f8c ; call 0x18f8c +call fcn_00019050 ; call 0x19050 mov ebx, dword [ebp - 4] leave ret -fcn_00018ffa: +fcn_000190be: push ebp mov ebp, esp push ebx push ecx mov ebx, dword [ebp + 0xc] -loc_00019002: +loc_000190c6: push eax push eax push ebx push 4 -call fcn_00018f8c ; call 0x18f8c +call fcn_00019050 ; call 0x19050 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_00019032 ; je 0x19032 +je short loc_000190f6 ; je 0x190f6 push edx push edx lea eax, [ebx + 8] push eax push dword [ebp + 8] -call fcn_00016e24 ; call 0x16e24 +call fcn_00016ee8 ; call 0x16ee8 add esp, 0x10 test al, al -jne short loc_00019032 ; jne 0x19032 +jne short loc_000190f6 ; jne 0x190f6 movzx eax, word [ebx + 2] add ebx, eax -jmp short loc_00019002 ; jmp 0x19002 +jmp short loc_000190c6 ; jmp 0x190c6 -loc_00019032: +loc_000190f6: mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_00019039: +fcn_000190fd: push ebp mov ebp, esp sub esp, 8 -call fcn_00018f0c ; call 0x18f0c +call fcn_00018fd0 ; call 0x18fd0 push edx push edx push eax push dword [ebp + 8] -call fcn_00018ffa ; call 0x18ffa +call fcn_000190be ; call 0x190be leave ret -fcn_00019051: ; not directly referenced +fcn_00019115: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0x20 lea eax, [ebp - 0xc] push eax -call fcn_000196d3 ; call 0x196d3 +call fcn_00019797 ; call 0x19797 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000190a8 ; je 0x190a8 +je short loc_0001916c ; je 0x1916c test ebx, ebx -jns short loc_000190a8 ; jns 0x190a8 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001916c ; jns 0x1916c +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00019090 ; je 0x19090 +je short loc_00019154 ; je 0x19154 push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00019090: ; not directly referenced +loc_00019154: ; not directly referenced push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xd8 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000190a8: ; not directly referenced +loc_0001916c: ; not directly referenced mov eax, dword [ebp - 0xc] mov ebx, dword [ebp - 4] leave ret -fcn_000190b0: ; not directly referenced +fcn_00019174: ; not directly referenced push ebp mov ebp, esp sub esp, 0x1c @@ -41725,31 +41797,31 @@ movzx eax, word [ebp + 0xc] push eax movzx eax, word [ebp + 8] push eax -call fcn_0001971b ; call 0x1971b +call fcn_000197df ; call 0x197df add esp, 0x10 test eax, eax -jns short loc_000190d7 ; jns 0x190d7 +jns short loc_0001919b ; jns 0x1919b mov dword [ebp - 0xc], 0 -loc_000190d7: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001919b: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000190fe ; je 0x190fe +je short loc_000191c2 ; je 0x191c2 cmp dword [ebp - 0xc], 0 -jne short loc_000190fe ; jne 0x190fe +jne short loc_000191c2 ; jne 0x191c2 push eax -push ref_00025c08 ; push 0x25c08 +push ref_00025cb7 ; push 0x25cb7 push 0xfa -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000190fe: ; not directly referenced +loc_000191c2: ; not directly referenced mov eax, dword [ebp - 0xc] leave ret -fcn_00019103: ; not directly referenced +fcn_000191c7: ; not directly referenced push ebp mov ebp, esp push edi @@ -41766,38 +41838,38 @@ mov dword [ebp - 0x1c], edx mov dword [ebp - 0x28], eax mov eax, dword [ebp + 0x1c] mov dword [ebp - 0x20], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001915b ; je 0x1915b +je short loc_0001921f ; je 0x1921f test esi, 0xfff -jne short loc_00019143 ; jne 0x19143 +jne short loc_00019207 ; jne 0x19207 test ebx, 0xfff -je short loc_0001915b ; je 0x1915b +je short loc_0001921f ; je 0x1921f -loc_00019143: ; not directly referenced +loc_00019207: ; not directly referenced push eax -push ref_00025c1c ; push 0x25c1c +push ref_00025ccb ; push 0x25ccb push 0x11a -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001915b: ; not directly referenced +loc_0001921f: ; not directly referenced push edi push edi push 0x48 push 2 -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 mov edi, eax test eax, eax -je short loc_000191c2 ; je 0x191c2 +je short loc_00019286 ; je 0x19286 push eax push eax -push ref_00028fac ; push 0x28fac +push ref_0002905c ; push 0x2905c lea eax, [edi + 8] push eax -call fcn_00016de3 ; call 0x16de3 +call fcn_00016ea7 ; call 0x16ea7 mov eax, dword [ebp - 0x24] mov dword [edi + 0x18], esi mov dword [edi + 0x20], ebx @@ -41810,20 +41882,20 @@ pop edx pop ecx push 4 push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff lea eax, [edi + 0x30] pop ebx pop esi push dword [ebp + 8] push eax -call fcn_00016de3 ; call 0x16de3 +call fcn_00016ea7 ; call 0x16ea7 mov eax, dword [ebp - 0x20] add esp, 0x10 mov edx, dword [ebp - 0x1c] mov dword [edi + 0x40], eax mov dword [edi + 0x44], edx -loc_000191c2: ; not directly referenced +loc_00019286: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -41831,7 +41903,7 @@ pop edi pop ebp ret -fcn_000191ca: ; not directly referenced +fcn_0001928e: ; not directly referenced push ebp mov ebp, esp push edi @@ -41845,10 +41917,10 @@ push 3 mov edi, dword [ebp + 0x14] mov dword [ebp - 0x10], eax mov dword [ebp - 0xc], edx -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 test eax, eax -je short loc_00019212 ; je 0x19212 +je short loc_000192d6 ; je 0x192d6 mov edx, dword [ebp + 8] mov dword [eax + 0x20], esi mov esi, dword [ebp - 0x10] @@ -41860,78 +41932,78 @@ mov dword [eax + 0x28], esi mov dword [eax + 0x2c], edi mov dword [eax + 0x1c], edx -loc_00019212: ; not directly referenced +loc_000192d6: ; not directly referenced lea esp, [ebp - 8] pop esi pop edi pop ebp ret -fcn_00019219: ; not directly referenced +fcn_000192dd: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019249 ; je 0x19249 +je short loc_0001930d ; je 0x1930d test esi, esi -jne short loc_00019249 ; jne 0x19249 +jne short loc_0001930d ; jne 0x1930d push eax -push ref_00025c7b ; push 0x25c7b +push ref_00025d2a ; push 0x25d2a push 0x176 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019249: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001930d: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019272 ; je 0x19272 +je short loc_00019336 ; je 0x19336 cmp ebx, 0xffe0 -jbe short loc_00019272 ; jbe 0x19272 +jbe short loc_00019336 ; jbe 0x19336 push ecx -push ref_00025c90 ; push 0x25c90 +push ref_00025d3f ; push 0x25d3f push 0x17b -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019272: ; not directly referenced +loc_00019336: ; not directly referenced add ebx, 0x18 push edx movzx ebx, bx push edx push ebx push 4 -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 mov ebx, eax test eax, eax -je short loc_0001929f ; je 0x1929f +je short loc_00019363 ; je 0x19363 push eax push eax push esi lea eax, [ebx + 8] push eax -call fcn_00016de3 ; call 0x16de3 +call fcn_00016ea7 ; call 0x16ea7 lea eax, [ebx + 0x18] add esp, 0x10 -jmp short loc_000192a1 ; jmp 0x192a1 +jmp short loc_00019365 ; jmp 0x19365 -loc_0001929f: ; not directly referenced +loc_00019363: ; not directly referenced xor eax, eax -loc_000192a1: ; not directly referenced +loc_00019365: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_000192a8: ; not directly referenced +fcn_0001936c: ; not directly referenced push ebp mov ebp, esp push edi @@ -41941,29 +42013,29 @@ sub esp, 0xc mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000192e3 ; je 0x192e3 +je short loc_000193a7 ; je 0x193a7 test esi, esi -jne short loc_000192e3 ; jne 0x192e3 +jne short loc_000193a7 ; jne 0x193a7 test ebx, ebx -je short loc_000192e3 ; je 0x192e3 +je short loc_000193a7 ; je 0x193a7 push edx -push ref_00025cc4 ; push 0x25cc4 +push ref_00025d73 ; push 0x25d73 push 0x1a8 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000192e3: ; not directly referenced +loc_000193a7: ; not directly referenced push eax push eax push ebx push edi -call fcn_00019219 ; call 0x19219 +call fcn_000192dd ; call 0x192dd add esp, 0x10 test eax, eax -je short loc_00019308 ; je 0x19308 +je short loc_000193cc ; je 0x193cc mov dword [ebp + 0x10], ebx mov dword [ebp + 0xc], esi mov dword [ebp + 8], eax @@ -41972,9 +42044,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001707a ; jmp 0x1707a +jmp near fcn_0001713e ; jmp 0x1713e -loc_00019308: ; not directly referenced +loc_000193cc: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -41983,7 +42055,7 @@ pop edi pop ebp ret -fcn_00019312: ; not directly referenced +fcn_000193d6: ; not directly referenced push ebp mov ebp, esp push edi @@ -41997,10 +42069,10 @@ push 5 mov edi, dword [ebp + 0xc] mov dword [ebp - 0x10], eax mov dword [ebp - 0xc], edx -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 test eax, eax -je short loc_0001934e ; je 0x1934e +je short loc_00019412 ; je 0x19412 mov edx, dword [ebp - 0x10] mov ecx, dword [ebp - 0xc] mov dword [eax + 8], esi @@ -42008,14 +42080,14 @@ mov dword [eax + 0xc], edi mov dword [eax + 0x10], edx mov dword [eax + 0x14], ecx -loc_0001934e: ; not directly referenced +loc_00019412: ; not directly referenced lea esp, [ebp - 8] pop esi pop edi pop ebp ret -fcn_00019355: ; not directly referenced +fcn_00019419: ; not directly referenced push ebp mov ebp, esp push edi @@ -42033,11 +42105,11 @@ mov ebx, dword [ebp + 0x1c] mov dword [ebp - 0x1c], edx mov dword [ebp - 0x20], eax mov dword [ebp - 0x24], ecx -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 mov edx, eax test eax, eax -je short loc_000193ca ; je 0x193ca +je short loc_0001948e ; je 0x1948e mov dword [eax + 8], esi mov esi, dword [ebp - 0x20] mov dword [eax + 0xc], edi @@ -42051,7 +42123,7 @@ push eax push ecx lea eax, [edx + 0x18] push eax -call fcn_00016de3 ; call 0x16de3 +call fcn_00016ea7 ; call 0x16ea7 mov edx, dword [ebp - 0x20] add esp, 0x10 mov dword [ebp + 0xc], ebx @@ -42062,9 +42134,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00016de3 ; jmp 0x16de3 +jmp near fcn_00016ea7 ; jmp 0x16ea7 -loc_000193ca: ; not directly referenced +loc_0001948e: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -42072,7 +42144,7 @@ pop edi pop ebp ret -fcn_000193d2: ; not directly referenced +fcn_00019496: ; not directly referenced push ebp mov ebp, esp push edi @@ -42086,10 +42158,10 @@ push 0xb mov edi, dword [ebp + 0xc] mov dword [ebp - 0x10], eax mov dword [ebp - 0xc], edx -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 test eax, eax -je short loc_0001940e ; je 0x1940e +je short loc_000194d2 ; je 0x194d2 mov edx, dword [ebp - 0x10] mov ecx, dword [ebp - 0xc] mov dword [eax + 8], esi @@ -42097,14 +42169,14 @@ mov dword [eax + 0xc], edi mov dword [eax + 0x10], edx mov dword [eax + 0x14], ecx -loc_0001940e: ; not directly referenced +loc_000194d2: ; not directly referenced lea esp, [ebp - 8] pop esi pop edi pop ebp ret -fcn_00019415: ; not directly referenced +fcn_000194d9: ; not directly referenced push ebp mov ebp, esp push esi @@ -42115,10 +42187,10 @@ push eax push eax push 0x10 push 6 -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 test eax, eax -je short loc_00019452 ; je 0x19452 +je short loc_00019516 ; je 0x19516 mov edx, esi add eax, 0xa mov byte [eax - 2], dl @@ -42129,16 +42201,16 @@ lea esp, [ebp - 8] pop ebx pop esi pop ebp -jmp near fcn_00016f3b ; jmp 0x16f3b +jmp near fcn_00016fff ; jmp 0x16fff -loc_00019452: ; not directly referenced +loc_00019516: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00019459: ; not directly referenced +fcn_0001951d: ; not directly referenced push ebp mov ebp, esp push edi @@ -42150,39 +42222,39 @@ mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_000194a2 ; je 0x194a2 +je short loc_00019566 ; je 0x19566 test esi, 0xfff -jne short loc_0001948a ; jne 0x1948a +jne short loc_0001954e ; jne 0x1954e test ebx, 0xfff -je short loc_000194a2 ; je 0x194a2 +je short loc_00019566 ; je 0x19566 -loc_0001948a: ; not directly referenced +loc_0001954e: ; not directly referenced push ecx -push ref_00025cec ; push 0x25cec +push ref_00025d9b ; push 0x25d9b push 0x251 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000194a2: ; not directly referenced +loc_00019566: ; not directly referenced push edx push edx push 0x30 push 2 -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 mov edx, eax test eax, eax -je short loc_000194fe ; je 0x194fe +je short loc_000195c2 ; je 0x195c2 push eax push eax -push ref_00028f9c ; push 0x28f9c +push ref_0002904c ; push 0x2904c lea eax, [edx + 8] push eax mov dword [ebp - 0x20], edx -call fcn_00016de3 ; call 0x16de3 +call fcn_00016ea7 ; call 0x16ea7 mov edx, dword [ebp - 0x20] add esp, 0x10 mov eax, dword [ebp - 0x1c] @@ -42199,9 +42271,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00016f3b ; jmp 0x16f3b +jmp near fcn_00016fff ; jmp 0x16fff -loc_000194fe: ; not directly referenced +loc_000195c2: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -42209,7 +42281,7 @@ pop edi pop ebp ret -fcn_00019506: ; not directly referenced +fcn_000195ca: ; not directly referenced push ebp mov ebp, esp push edi @@ -42223,39 +42295,39 @@ mov ebx, dword [ebp + 0x10] mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x18] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019555 ; je 0x19555 +je short loc_00019619 ; je 0x19619 test esi, 0xfff -jne short loc_0001953d ; jne 0x1953d +jne short loc_00019601 ; jne 0x19601 test ebx, 0xfff -je short loc_00019555 ; je 0x19555 +je short loc_00019619 ; je 0x19619 -loc_0001953d: ; not directly referenced +loc_00019601: ; not directly referenced push ecx -push ref_00025cec ; push 0x25cec +push ref_00025d9b ; push 0x25d9b push 0x27c -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019555: ; not directly referenced +loc_00019619: ; not directly referenced push edx push edx push 0x30 push 2 -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 mov edx, eax test eax, eax -je short loc_000195b0 ; je 0x195b0 +je short loc_00019674 ; je 0x19674 push eax push eax -push ref_00028f8c ; push 0x28f8c +push ref_0002903c ; push 0x2903c lea eax, [edx + 8] push eax mov dword [ebp - 0x24], edx -call fcn_00016de3 ; call 0x16de3 +call fcn_00016ea7 ; call 0x16ea7 mov edx, dword [ebp - 0x24] add esp, 0x10 mov eax, dword [ebp - 0x20] @@ -42273,9 +42345,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00016f3b ; jmp 0x16f3b +jmp near fcn_00016fff ; jmp 0x16fff -loc_000195b0: ; not directly referenced +loc_00019674: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -42283,7 +42355,7 @@ pop edi pop ebp ret -fcn_000195b8: ; not directly referenced +fcn_0001967c: ; not directly referenced push ebp mov ebp, esp push edi @@ -42297,39 +42369,39 @@ mov ebx, dword [ebp + 0x10] mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x18] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019607 ; je 0x19607 +je short loc_000196cb ; je 0x196cb test esi, 0xfff -jne short loc_000195ef ; jne 0x195ef +jne short loc_000196b3 ; jne 0x196b3 test ebx, 0xfff -je short loc_00019607 ; je 0x19607 +je short loc_000196cb ; je 0x196cb -loc_000195ef: ; not directly referenced +loc_000196b3: ; not directly referenced push ecx -push ref_00025cec ; push 0x25cec +push ref_00025d9b ; push 0x25d9b push 0x2a7 -push ref_00025ba3 ; push 0x25ba3 -call fcn_000153fc ; call 0x153fc +push ref_00025c52 ; push 0x25c52 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019607: ; not directly referenced +loc_000196cb: ; not directly referenced push edx push edx push 0x30 push 2 -call fcn_000190b0 ; call 0x190b0 +call fcn_00019174 ; call 0x19174 add esp, 0x10 mov edx, eax test eax, eax -je short loc_0001965f ; je 0x1965f +je short loc_00019723 ; je 0x19723 push eax push eax push 0x10 lea eax, [edx + 8] push eax mov dword [ebp - 0x24], edx -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff mov edx, dword [ebp - 0x24] add esp, 0x10 mov eax, dword [ebp - 0x20] @@ -42347,9 +42419,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_00016f3b ; jmp 0x16f3b +jmp near fcn_00016fff ; jmp 0x16fff -loc_0001965f: ; not directly referenced +loc_00019723: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -42357,11 +42429,11 @@ pop edi pop ebp ret -fcn_00019667: +fcn_0001972b: push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx push edx mov edx, dword [eax] @@ -42371,11 +42443,11 @@ call dword [edx + 0x18] ; ucall leave ret -fcn_0001967f: ; not directly referenced +fcn_00019743: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx mov edx, dword [eax] push dword [ebp + 0xc] @@ -42385,11 +42457,11 @@ call dword [edx + 0x1c] ; ucall leave ret -fcn_00019699: +fcn_0001975d: push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 sub esp, 0xc mov edx, dword [eax] push dword [ebp + 0x14] @@ -42401,11 +42473,11 @@ call dword [edx + 0x20] ; ucall leave ret -fcn_000196bb: +fcn_0001977f: push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx push edx mov edx, dword [eax] @@ -42415,11 +42487,11 @@ call dword [edx + 0x24] ; ucall leave ret -fcn_000196d3: +fcn_00019797: push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx push edx mov edx, dword [eax] @@ -42429,11 +42501,11 @@ call dword [edx + 0x28] ; ucall leave ret -fcn_000196eb: ; not directly referenced +fcn_000197af: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx push edx mov edx, dword [eax] @@ -42443,11 +42515,11 @@ call dword [edx + 0x2c] ; ucall leave ret -fcn_00019703: +fcn_000197c7: push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx push edx mov edx, dword [eax] @@ -42457,14 +42529,14 @@ call dword [edx + 0x30] ; ucall leave ret -fcn_0001971b: +fcn_000197df: push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 movzx esi, si movzx ebx, bx mov edx, dword [eax] @@ -42479,11 +42551,11 @@ pop esi pop ebp ret -fcn_00019743: ; not directly referenced +fcn_00019807: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx mov edx, dword [eax] push dword [ebp + 0xc] @@ -42493,13 +42565,13 @@ call dword [edx + 0x38] ; ucall leave ret -fcn_0001975d: ; not directly referenced +fcn_00019821: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 movzx ebx, bl mov edx, dword [eax] push dword [ebp + 0x10] @@ -42511,13 +42583,13 @@ mov ebx, dword [ebp - 4] leave ret -fcn_0001977f: ; not directly referenced +fcn_00019843: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 movzx ebx, bl mov edx, dword [eax] push dword [ebp + 0x10] @@ -42529,7 +42601,7 @@ mov ebx, dword [ebp - 4] leave ret -fcn_000197a1: ; not directly referenced +fcn_00019865: ; not directly referenced push ebp mov ebp, esp push edi @@ -42541,7 +42613,7 @@ mov esi, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] mov dword [ebp - 0xc], edx mov dword [ebp - 0x10], eax -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 sub esp, 0xc mov edx, dword [eax] push edi @@ -42556,11 +42628,11 @@ pop edi pop ebp ret -fcn_000197d8: ; not directly referenced +fcn_0001989c: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 mov edx, dword [eax] push dword [ebp + 0x10] push dword [ebp + 0xc] @@ -42570,11 +42642,11 @@ call dword [edx + 0x48] ; ucall leave ret -fcn_000197f4: +fcn_000198b8: push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 push edx mov edx, dword [eax] push dword [ebp + 0xc] @@ -42584,11 +42656,11 @@ call dword [edx + 0x4c] ; ucall leave ret -fcn_0001980e: ; not directly referenced +fcn_000198d2: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 sub esp, 0xc mov edx, dword [eax] push eax @@ -42596,13 +42668,13 @@ call dword [edx + 0x5c] ; ucall leave ret -fcn_00019824: +fcn_000198e8: push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 mov eax, dword [eax] mov dword [ebp + 8], ebx mov eax, dword [eax + 0x74] @@ -42616,7 +42688,7 @@ push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 mov eax, dword [eax] mov dword [ebp + 0xc], esi mov dword [ebp + 8], ebx @@ -42634,7 +42706,7 @@ sub esp, 0xc mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 mov eax, dword [eax] mov dword [ebp + 0x10], edi mov dword [ebp + 0xc], esi @@ -42652,7 +42724,7 @@ push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_00019a6d ; call 0x19a6d +call fcn_00019b31 ; call 0x19b31 mov eax, dword [eax] mov dword [ebp + 0xc], esi mov dword [ebp + 8], ebx @@ -42676,146 +42748,146 @@ mov eax, dword [ebp + 0x10] mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0x18] mov dword [ebp - 0x24], eax -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000198fe ; je 0x198fe +je short loc_000199c2 ; je 0x199c2 test ebx, ebx -jne short loc_000198fe ; jne 0x198fe +jne short loc_000199c2 ; jne 0x199c2 push eax -push ref_00025d3a ; push 0x25d3a +push ref_00025de9 ; push 0x25de9 push 0x23d -push ref_00025d54 ; push 0x25d54 -call fcn_000153fc ; call 0x153fc +push ref_00025e03 ; push 0x25e03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000198fe: +loc_000199c2: test edi, edi -je short loc_00019907 ; je 0x19907 +je short loc_000199cb ; je 0x199cb push eax push eax push edi -jmp short loc_0001990e ; jmp 0x1990e +jmp short loc_000199d2 ; jmp 0x199d2 -loc_00019907: +loc_000199cb: push eax push eax -push ref_00028fbc ; push 0x28fbc +push ref_0002906c ; push 0x2906c -loc_0001990e: +loc_000199d2: push ebx -call fcn_00016de3 ; call 0x16de3 +call fcn_00016ea7 ; call 0x16ea7 mov eax, dword [ebp - 0x1c] add esp, 0x10 mov dword [ebx + 0x10], eax mov eax, dword [ebp - 0x20] mov dword [ebx + 0x14], eax test esi, esi -je short loc_0001995e ; je 0x1995e +je short loc_00019a22 ; je 0x19a22 push edi push edi push esi push 0x10 -call fcn_00019dcd ; call 0x19dcd +call fcn_00019e91 ; call 0x19e91 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001995b ; je 0x1995b +je short loc_00019a1f ; je 0x19a1f test esi, esi -jne short loc_0001995b ; jne 0x1995b +jne short loc_00019a1f ; jne 0x19a1f push ecx -push ref_00025d95 ; push 0x25d95 +push ref_00025e44 ; push 0x25e44 push 0x248 -push ref_00025d54 ; push 0x25d54 -call fcn_000153fc ; call 0x153fc +push ref_00025e03 ; push 0x25e03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001995b: +loc_00019a1f: mov dword [ebx + 0x18], esi -loc_0001995e: +loc_00019a22: mov eax, dword [ebp - 0x24] test eax, eax -je short loc_0001999c ; je 0x1999c +je short loc_00019a60 ; je 0x19a60 push edx push edx push eax push 0x10 -call fcn_00019dcd ; call 0x19dcd +call fcn_00019e91 ; call 0x19e91 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00019999 ; je 0x19999 +je short loc_00019a5d ; je 0x19a5d test esi, esi -jne short loc_00019999 ; jne 0x19999 +jne short loc_00019a5d ; jne 0x19a5d push edi -push ref_00025db7 ; push 0x25db7 +push ref_00025e66 ; push 0x25e66 push 0x24d -push ref_00025d54 ; push 0x25d54 -call fcn_000153fc ; call 0x153fc +push ref_00025e03 ; push 0x25e03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019999: +loc_00019a5d: mov dword [ebx + 0x1c], esi -loc_0001999c: +loc_00019a60: push ecx push ecx -push ref_00020504 ; push 0x20504 +push ref_00020594 ; push 0x20594 push 0xc -call fcn_00019dcd ; call 0x19dcd +call fcn_00019e91 ; call 0x19e91 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_000199d4 ; je 0x199d4 +je short loc_00019a98 ; je 0x19a98 test esi, esi -jne short loc_000199d4 ; jne 0x199d4 +jne short loc_00019a98 ; jne 0x19a98 push edx -push ref_00025ddb ; push 0x25ddb +push ref_00025e8a ; push 0x25e8a push 0x252 -push ref_00025d54 ; push 0x25d54 -call fcn_000153fc ; call 0x153fc +push ref_00025e03 ; push 0x25e03 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_000199d4: +loc_00019a98: sub esp, 0xc mov dword [esi + 8], ebx push esi -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_00019a30 ; je 0x19a30 +je short loc_00019af4 ; je 0x19af4 test ebx, ebx -jns short loc_00019a30 ; jns 0x19a30 -call fcn_000153e9 ; call 0x153e9 +jns short loc_00019af4 ; jns 0x19af4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00019a0f ; je 0x19a0f +je short loc_00019ad3 ; je 0x19ad3 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00019a0f: -mov dword [ebp + 0x10], ref_00020664 ; mov dword [ebp + 0x10], 0x20664 +loc_00019ad3: +mov dword [ebp + 0x10], ref_000206f4 ; mov dword [ebp + 0x10], 0x206f4 mov dword [ebp + 0xc], 0x256 -mov dword [ebp + 8], ref_00025d54 ; mov dword [ebp + 8], 0x25d54 +mov dword [ebp + 8], ref_00025e03 ; mov dword [ebp + 8], 0x25e03 lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_000153fc ; jmp 0x153fc +jmp near fcn_0001548c ; jmp 0x1548c -loc_00019a30: +loc_00019af4: lea esp, [ebp - 0xc] pop ebx pop esi @@ -42823,164 +42895,164 @@ pop edi pop ebp ret -fcn_00019a38: +fcn_00019afc: push ebp mov ebp, esp push ebx push edx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019a62 ; je 0x19a62 +je short loc_00019b26 ; je 0x19b26 test ebx, ebx -jne short loc_00019a62 ; jne 0x19a62 +jne short loc_00019b26 ; jne 0x19b26 push eax -push ref_00025dff ; push 0x25dff +push ref_00025eae ; push 0x25eae push 0x29 -push ref_00025e27 ; push 0x25e27 -call fcn_000153fc ; call 0x153fc +push ref_00025ed6 ; push 0x25ed6 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019a62: -mov dword [ref_00031240], ebx ; mov dword [0x31240], ebx +loc_00019b26: +mov dword [ref_000312f0], ebx ; mov dword [0x312f0], ebx mov ebx, dword [ebp - 4] leave ret -fcn_00019a6d: +fcn_00019b31: push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019a9a ; je 0x19a9a -cmp dword [ref_00031240], 0 ; cmp dword [0x31240], 0 -jne short loc_00019a9a ; jne 0x19a9a +je short loc_00019b5e ; je 0x19b5e +cmp dword [ref_000312f0], 0 ; cmp dword [0x312f0], 0 +jne short loc_00019b5e ; jne 0x19b5e push eax -push ref_00025e7d ; push 0x25e7d +push ref_00025f2c ; push 0x25f2c push 0x3f -push ref_00025e27 ; push 0x25e27 -call fcn_000153fc ; call 0x153fc +push ref_00025ed6 ; push 0x25ed6 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019a9a: -mov eax, dword [ref_00031240] ; mov eax, dword [0x31240] +loc_00019b5e: +mov eax, dword [ref_000312f0] ; mov eax, dword [0x312f0] leave ret -fcn_00019aa1: ; not directly referenced +fcn_00019b65: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] pop ebp -mov dword [ref_00031240], eax ; mov dword [0x31240], eax +mov dword [ref_000312f0], eax ; mov dword [0x312f0], eax xor eax, eax ret -fcn_00019ab0: ; not directly referenced +fcn_00019b74: ; not directly referenced push ebp mov ebp, esp sub esp, 0x18 mov eax, dword [ebp + 0xc] test eax, eax -jne short loc_00019ac1 ; jne 0x19ac1 +jne short loc_00019b85 ; jne 0x19b85 -loc_00019abd: ; not directly referenced +loc_00019b81: ; not directly referenced xor eax, eax -jmp short loc_00019ad9 ; jmp 0x19ad9 +jmp short loc_00019b9d ; jmp 0x19b9d -loc_00019ac1: ; not directly referenced +loc_00019b85: ; not directly referenced push edx lea edx, [ebp - 0x10] push edx push eax push dword [ebp + 8] -call fcn_000197d8 ; call 0x197d8 +call fcn_0001989c ; call 0x1989c add esp, 0x10 test eax, eax -js short loc_00019abd ; js 0x19abd +js short loc_00019b81 ; js 0x19b81 mov eax, dword [ebp - 0x10] -loc_00019ad9: ; not directly referenced +loc_00019b9d: ; not directly referenced leave ret -fcn_00019adb: ; not directly referenced +fcn_00019b9f: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 push dword [ebp + 8] push 4 -call fcn_00019ab0 ; call 0x19ab0 +call fcn_00019b74 ; call 0x19b74 leave ret -fcn_00019aed: ; not directly referenced +fcn_00019bb1: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 push dword [ebp + 8] push 6 -call fcn_00019ab0 ; call 0x19ab0 +call fcn_00019b74 ; call 0x19b74 leave ret -fcn_00019aff: ; not directly referenced +fcn_00019bc3: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 push dword [ebp + 8] push 0 -call fcn_00019ab0 ; call 0x19ab0 +call fcn_00019b74 ; call 0x19b74 leave ret -fcn_00019b11: ; not directly referenced +fcn_00019bd5: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019b3e ; je 0x19b3e +je short loc_00019c02 ; je 0x19c02 cmp dword [ebp + 0xc], 0 -jne short loc_00019b3e ; jne 0x19b3e +jne short loc_00019c02 ; jne 0x19c02 push eax -push ref_00025e9a ; push 0x25e9a +push ref_00025f49 ; push 0x25f49 push 0x95 -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019b3e: ; not directly referenced +loc_00019c02: ; not directly referenced leave ret -fcn_00019b40: ; not directly referenced +fcn_00019c04: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019b73 ; je 0x19b73 +je short loc_00019c37 ; je 0x19c37 lea eax, [ebx - 1] test eax, ebx -je short loc_00019b73 ; je 0x19b73 +je short loc_00019c37 ; je 0x19c37 push ecx -push ref_00025ef3 ; push 0x25ef3 +push ref_00025fa2 ; push 0x25fa2 push 0xba -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019b73: ; not directly referenced +loc_00019c37: ; not directly referenced test esi, esi -je short loc_00019be2 ; je 0x19be2 -call fcn_000153f0 ; call 0x153f0 +je short loc_00019ca6 ; je 0x19ca6 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019bb0 ; je 0x19bb0 +je short loc_00019c74 ; je 0x19c74 xor edx, edx mov eax, ebx test ebx, 0xfff @@ -42989,15 +43061,15 @@ shr eax, 0xc add eax, edx not eax cmp esi, eax -jbe short loc_00019bb0 ; jbe 0x19bb0 +jbe short loc_00019c74 ; jbe 0x19c74 push edx -push ref_00025f16 ; push 0x25f16 +push ref_00025fc5 ; push 0x25fc5 push 0xc2 -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019bb0: ; not directly referenced +loc_00019c74: ; not directly referenced push eax push eax mov eax, ebx @@ -43009,7 +43081,7 @@ setne al add esi, eax push esi push dword [ebp + 8] -call fcn_00019ab0 ; call 0x19ab0 +call fcn_00019b74 ; call 0x19b74 add esp, 0x10 cmp ebx, 1 adc ebx, 0xffffffff @@ -43017,12 +43089,12 @@ mov edx, ebx not edx add ebx, eax and edx, ebx -jmp short loc_00019be4 ; jmp 0x19be4 +jmp short loc_00019ca8 ; jmp 0x19ca8 -loc_00019be2: ; not directly referenced +loc_00019ca6: ; not directly referenced xor edx, edx -loc_00019be4: ; not directly referenced +loc_00019ca8: ; not directly referenced lea esp, [ebp - 8] mov eax, edx pop ebx @@ -43030,60 +43102,60 @@ pop esi pop ebp ret -fcn_00019bed: ; not directly referenced +fcn_00019cb1: ; not directly referenced push ebp mov ebp, esp sub esp, 0xc push dword [ebp + 0xc] push dword [ebp + 8] push 4 -call fcn_00019b40 ; call 0x19b40 +call fcn_00019c04 ; call 0x19c04 leave ret -fcn_00019c02: ; not directly referenced +fcn_00019cc6: ; not directly referenced push ebp mov ebp, esp sub esp, 0xc push dword [ebp + 0xc] push dword [ebp + 8] push 6 -call fcn_00019b40 ; call 0x19b40 +call fcn_00019c04 ; call 0x19c04 leave ret -fcn_00019c17: ; not directly referenced +fcn_00019cdb: ; not directly referenced push ebp mov ebp, esp sub esp, 0xc push dword [ebp + 0xc] push dword [ebp + 8] push 0 -call fcn_00019b40 ; call 0x19b40 +call fcn_00019c04 ; call 0x19c04 leave ret -fcn_00019c2c: ; not directly referenced +fcn_00019cf0: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019c59 ; je 0x19c59 +je short loc_00019d1d ; je 0x19d1d cmp dword [ebp + 0xc], 0 -jne short loc_00019c59 ; jne 0x19c59 +jne short loc_00019d1d ; jne 0x19d1d push eax -push ref_00025e9a ; push 0x25e9a +push ref_00025f49 ; push 0x25f49 push 0x13b -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019c59: ; not directly referenced +loc_00019d1d: ; not directly referenced leave ret -fcn_00019c5b: ; not directly referenced +fcn_00019d1f: ; not directly referenced push ebp xor edx, edx mov ebp, esp @@ -43094,47 +43166,47 @@ shr eax, 0xc add eax, edx mov dword [ebp + 0xc], eax pop ebp -jmp near fcn_00019ab0 ; jmp 0x19ab0 +jmp near fcn_00019b74 ; jmp 0x19b74 -fcn_00019c79: +fcn_00019d3d: push ebp mov ebp, esp sub esp, 0x20 lea eax, [ebp - 0xc] push eax push dword [ebp + 8] -call fcn_000197f4 ; call 0x197f4 +call fcn_000198b8 ; call 0x198b8 add esp, 0x10 test eax, eax -jns short loc_00019c99 ; jns 0x19c99 +jns short loc_00019d5d ; jns 0x19d5d mov dword [ebp - 0xc], 0 -loc_00019c99: +loc_00019d5d: mov eax, dword [ebp - 0xc] leave ret -fcn_00019c9e: ; not directly referenced +fcn_00019d62: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 push dword [ebp + 8] push 6 -call fcn_00019c5b ; call 0x19c5b +call fcn_00019d1f ; call 0x19d1f leave ret -fcn_00019cb0: ; not directly referenced +fcn_00019d74: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 push dword [ebp + 8] push 0 -call fcn_00019c5b ; call 0x19c5b +call fcn_00019d1f ; call 0x19d1f leave ret -fcn_00019cc2: ; not directly referenced +fcn_00019d86: ; not directly referenced push ebp mov ebp, esp push ebx @@ -43142,66 +43214,66 @@ sub esp, 0xc mov ebx, dword [ebp + 0xc] push ebx push dword [ebp + 8] -call fcn_00019c5b ; call 0x19c5b +call fcn_00019d1f ; call 0x19d1f add esp, 0x10 test eax, eax -je short loc_00019ceb ; je 0x19ceb +je short loc_00019daf ; je 0x19daf mov dword [ebp + 0xc], ebx mov ebx, dword [ebp - 4] mov dword [ebp + 8], eax leave -jmp near fcn_00016f3b ; jmp 0x16f3b +jmp near fcn_00016fff ; jmp 0x16fff -loc_00019ceb: ; not directly referenced +loc_00019daf: ; not directly referenced xor eax, eax mov ebx, dword [ebp - 4] leave ret -fcn_00019cf2: +fcn_00019db6: push ebp mov ebp, esp push ebx sub esp, 0x10 mov ebx, dword [ebp + 8] push ebx -call fcn_00019c79 ; call 0x19c79 +call fcn_00019d3d ; call 0x19d3d add esp, 0x10 test eax, eax -je short loc_00019d15 ; je 0x19d15 +je short loc_00019dd9 ; je 0x19dd9 push edx push edx push ebx push eax -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff add esp, 0x10 -loc_00019d15: +loc_00019dd9: mov ebx, dword [ebp - 4] leave ret -fcn_00019d1a: ; not directly referenced +fcn_00019dde: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 push dword [ebp + 8] push 6 -call fcn_00019cc2 ; call 0x19cc2 +call fcn_00019d86 ; call 0x19d86 leave ret -fcn_00019d2c: ; not directly referenced +fcn_00019df0: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 push dword [ebp + 8] push 0 -call fcn_00019cc2 ; call 0x19cc2 +call fcn_00019d86 ; call 0x19d86 leave ret -fcn_00019d3e: ; not directly referenced +fcn_00019e02: ; not directly referenced push ebp mov ebp, esp push edi @@ -43211,42 +43283,42 @@ sub esp, 0xc mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019d75 ; je 0x19d75 +je short loc_00019e39 ; je 0x19e39 test ebx, ebx -jne short loc_00019d75 ; jne 0x19d75 +jne short loc_00019e39 ; jne 0x19e39 push ecx -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x221 -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019d75: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00019e39: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019d9e ; je 0x19d9e +je short loc_00019e62 ; je 0x19e62 mov eax, ebx neg eax cmp esi, eax -jbe short loc_00019d9e ; jbe 0x19d9e +jbe short loc_00019e62 ; jbe 0x19e62 push edx -push ref_00025f66 ; push 0x25f66 +push ref_00026015 ; push 0x26015 push 0x222 -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019d9e: ; not directly referenced +loc_00019e62: ; not directly referenced push eax push eax push esi push edi -call fcn_00019c5b ; call 0x19c5b +call fcn_00019d1f ; call 0x19d1f add esp, 0x10 test eax, eax -je short loc_00019dc3 ; je 0x19dc3 +je short loc_00019e87 ; je 0x19e87 mov dword [ebp + 0x10], esi mov dword [ebp + 0xc], ebx mov dword [ebp + 8], eax @@ -43255,9 +43327,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001707a ; jmp 0x1707a +jmp near fcn_0001713e ; jmp 0x1713e -loc_00019dc3: ; not directly referenced +loc_00019e87: ; not directly referenced lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -43266,84 +43338,84 @@ pop edi pop ebp ret -fcn_00019dcd: +fcn_00019e91: push ebp mov ebp, esp push esi mov esi, dword [ebp + 8] push ebx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019dfd ; je 0x19dfd +je short loc_00019ec1 ; je 0x19ec1 test ebx, ebx -jne short loc_00019dfd ; jne 0x19dfd +jne short loc_00019ec1 ; jne 0x19ec1 push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x245 -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019dfd: -call fcn_000153f0 ; call 0x153f0 +loc_00019ec1: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019e26 ; je 0x19e26 +je short loc_00019eea ; je 0x19eea mov eax, ebx neg eax cmp esi, eax -jbe short loc_00019e26 ; jbe 0x19e26 +jbe short loc_00019eea ; jbe 0x19eea push ecx -push ref_00025f66 ; push 0x25f66 +push ref_00026015 ; push 0x26015 push 0x246 -push ref_00025ea5 ; push 0x25ea5 -call fcn_000153fc ; call 0x153fc +push ref_00025f54 ; push 0x25f54 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019e26: +loc_00019eea: sub esp, 0xc push esi -call fcn_00019c79 ; call 0x19c79 +call fcn_00019d3d ; call 0x19d3d add esp, 0x10 test eax, eax -je short loc_00019e42 ; je 0x19e42 +je short loc_00019f06 ; je 0x19f06 push edx push esi push ebx push eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e add esp, 0x10 -loc_00019e42: +loc_00019f06: lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_00019e49: ; not directly referenced +fcn_00019f0d: ; not directly referenced push ebp mov ebp, esp sub esp, 0xc push dword [ebp + 0xc] push dword [ebp + 8] push 6 -call fcn_00019d3e ; call 0x19d3e +call fcn_00019e02 ; call 0x19e02 leave ret -fcn_00019e5e: ; not directly referenced +fcn_00019f22: ; not directly referenced push ebp mov ebp, esp sub esp, 0xc push dword [ebp + 0xc] push dword [ebp + 8] push 0 -call fcn_00019d3e ; call 0x19d3e +call fcn_00019e02 ; call 0x19e02 leave ret -fcn_00019e73: ; not directly referenced +fcn_00019f37: ; not directly referenced push ebp mov ebp, esp push edi @@ -43354,23 +43426,23 @@ mov ebx, dword [ebp + 0x10] mov esi, dword [ebp + 0x14] push ebx push dword [ebp + 8] -call fcn_00019cc2 ; call 0x19cc2 +call fcn_00019d86 ; call 0x19d86 add esp, 0x10 mov edi, eax test eax, eax -je short loc_00019eab ; je 0x19eab +je short loc_00019f6f ; je 0x19f6f test esi, esi -je short loc_00019eab ; je 0x19eab +je short loc_00019f6f ; je 0x19f6f cmp ebx, dword [ebp + 0xc] cmova ebx, dword [ebp + 0xc] push eax push ebx push esi push edi -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e add esp, 0x10 -loc_00019eab: ; not directly referenced +loc_00019f6f: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edi pop ebx @@ -43379,7 +43451,7 @@ pop edi pop ebp ret -fcn_00019eb5: ; not directly referenced +fcn_00019f79: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -43387,11 +43459,11 @@ push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 4 -call fcn_00019e73 ; call 0x19e73 +call fcn_00019f37 ; call 0x19f37 leave ret -fcn_00019ecd: ; not directly referenced +fcn_00019f91: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -43399,11 +43471,11 @@ push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 6 -call fcn_00019e73 ; call 0x19e73 +call fcn_00019f37 ; call 0x19f37 leave ret -fcn_00019ee5: ; not directly referenced +fcn_00019fa9: ; not directly referenced push ebp mov ebp, esp sub esp, 8 @@ -43411,204 +43483,204 @@ push dword [ebp + 0x10] push dword [ebp + 0xc] push dword [ebp + 8] push 0 -call fcn_00019e73 ; call 0x19e73 +call fcn_00019f37 ; call 0x19f37 leave ret -fcn_00019efd: ; not directly referenced +fcn_00019fc1: ; not directly referenced push ebp mov ebp, esp pop ebp ret -fcn_00019f02: ; not directly referenced +fcn_00019fc6: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019f30 ; je 0x19f30 +je short loc_00019ff4 ; je 0x19ff4 test ebx, 0x400000 -je short loc_00019f30 ; je 0x19f30 +je short loc_00019ff4 ; je 0x19ff4 push eax -push ref_00025f9a ; push 0x25f9a +push ref_00026049 ; push 0x26049 push 0x33 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019f30: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_00019ff4: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019f55 ; je 0x19f55 +je short loc_0001a019 ; je 0x1a019 movzx eax, bh test eax, eax -je short loc_00019f55 ; je 0x19f55 +je short loc_0001a019 ; je 0x1a019 push ecx -push ref_0002600d ; push 0x2600d +push ref_000260bc ; push 0x260bc push 0x34 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019f55: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a019: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019f7b ; je 0x19f7b +je short loc_0001a03f ; je 0x1a03f test ebx, 0x3f0000 -je short loc_00019f7b ; je 0x19f7b +je short loc_0001a03f ; je 0x1a03f push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x35 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019f7b: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a03f: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019fa1 ; je 0x19fa1 +je short loc_0001a065 ; je 0x1a065 test ebx, 0xff800001 -je short loc_00019fa1 ; je 0x19fa1 +je short loc_0001a065 ; je 0x1a065 push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x36 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019fa1: ; not directly referenced +loc_0001a065: ; not directly referenced sub esp, 0xc push dword [ebp + 0xc] push 0 push 0 push ebx push 0 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb add esp, 0x20 mov ebx, dword [ebp - 4] leave ret -fcn_00019fbb: ; not directly referenced +fcn_0001a07f: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_00019fe9 ; je 0x19fe9 +je short loc_0001a0ad ; je 0x1a0ad test ebx, 0x400000 -je short loc_00019fe9 ; je 0x19fe9 +je short loc_0001a0ad ; je 0x1a0ad push eax -push ref_00025f9a ; push 0x25f9a +push ref_00026049 ; push 0x26049 push 0x5c -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_00019fe9: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a0ad: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a00e ; je 0x1a00e +je short loc_0001a0d2 ; je 0x1a0d2 movzx eax, bh test eax, eax -je short loc_0001a00e ; je 0x1a00e +je short loc_0001a0d2 ; je 0x1a0d2 push ecx -push ref_0002600d ; push 0x2600d +push ref_000260bc ; push 0x260bc push 0x5d -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a00e: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a0d2: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a034 ; je 0x1a034 +je short loc_0001a0f8 ; je 0x1a0f8 test ebx, 0x3f0000 -je short loc_0001a034 ; je 0x1a034 +je short loc_0001a0f8 ; je 0x1a0f8 push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x5e -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a034: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a0f8: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a05a ; je 0x1a05a +je short loc_0001a11e ; je 0x1a11e test ebx, 0xff800001 -je short loc_0001a05a ; je 0x1a05a +je short loc_0001a11e ; je 0x1a11e push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x5f -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a05a: ; not directly referenced +loc_0001a11e: ; not directly referenced sub esp, 0xc push dword [ebp + 0xc] push 0 push 0 push ebx push 1 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb add esp, 0x20 mov ebx, dword [ebp - 4] leave ret -fcn_0001a074: ; not directly referenced +fcn_0001a138: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0x14 mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a0a6 ; je 0x1a0a6 +je short loc_0001a16a ; je 0x1a16a movzx eax, bh test eax, eax -je short loc_0001a0a6 ; je 0x1a0a6 +je short loc_0001a16a ; je 0x1a16a push ecx -push ref_0002600d ; push 0x2600d +push ref_000260bc ; push 0x260bc push 0x8a -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a0a6: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a16a: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a0cf ; je 0x1a0cf +je short loc_0001a193 ; je 0x1a193 test ebx, 0x3f0000 -je short loc_0001a0cf ; je 0x1a0cf +je short loc_0001a193 ; je 0x1a193 push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x8b -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a0cf: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a193: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a0f8 ; je 0x1a0f8 +je short loc_0001a1bc ; je 0x1a1bc test ebx, 0xff800001 -je short loc_0001a0f8 ; je 0x1a0f8 +je short loc_0001a1bc ; je 0x1a1bc push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x8c -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a0f8: ; not directly referenced +loc_0001a1bc: ; not directly referenced sub esp, 0xc push dword [ebp + 0xc] lea eax, [ebp - 9] @@ -43616,13 +43688,13 @@ push eax push 1 push ebx push 2 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb mov al, byte [ebp - 9] mov ebx, dword [ebp - 4] leave ret -fcn_0001a114: ; not directly referenced +fcn_0001a1d8: ; not directly referenced push ebp mov ebp, esp push esi @@ -43630,46 +43702,46 @@ push ebx sub esp, 0x10 mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a14a ; je 0x1a14a +je short loc_0001a20e ; je 0x1a20e movzx eax, bh test eax, eax -je short loc_0001a14a ; je 0x1a14a +je short loc_0001a20e ; je 0x1a20e push ecx -push ref_0002600d ; push 0x2600d +push ref_000260bc ; push 0x260bc push 0xbb -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a14a: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a20e: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a173 ; je 0x1a173 +je short loc_0001a237 ; je 0x1a237 test ebx, 0x3f0000 -je short loc_0001a173 ; je 0x1a173 +je short loc_0001a237 ; je 0x1a237 push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0xbc -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a173: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a237: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a19c ; je 0x1a19c +je short loc_0001a260 ; je 0x1a260 test ebx, 0xff800001 -je short loc_0001a19c ; je 0x1a19c +je short loc_0001a260 ; je 0x1a260 push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0xbd -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a19c: ; not directly referenced +loc_0001a260: ; not directly referenced sub esp, 0xc mov eax, esi push dword [ebp + 0x10] @@ -43679,7 +43751,7 @@ push eax push 1 push ebx push 3 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb lea esp, [ebp - 8] mov eax, esi pop ebx @@ -43687,38 +43759,38 @@ pop esi pop ebp ret -fcn_0001a1be: ; not directly referenced +fcn_0001a282: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0x14 mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a1f1 ; je 0x1a1f1 +je short loc_0001a2b5 ; je 0x1a2b5 test ebx, 0x3f0000 -je short loc_0001a1f1 ; je 0x1a1f1 +je short loc_0001a2b5 ; je 0x1a2b5 push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0xea -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a1f1: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a2b5: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a21a ; je 0x1a21a +je short loc_0001a2de ; je 0x1a2de test ebx, 0xff800001 -je short loc_0001a21a ; je 0x1a21a +je short loc_0001a2de ; je 0x1a2de push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0xeb -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a21a: ; not directly referenced +loc_0001a2de: ; not directly referenced sub esp, 0xc push dword [ebp + 0xc] lea eax, [ebp - 9] @@ -43726,13 +43798,13 @@ push eax push 1 push ebx push 4 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb mov al, byte [ebp - 9] mov ebx, dword [ebp - 4] leave ret -fcn_0001a236: ; not directly referenced +fcn_0001a2fa: ; not directly referenced push ebp mov ebp, esp push esi @@ -43740,32 +43812,32 @@ push ebx sub esp, 0x10 mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a26d ; je 0x1a26d +je short loc_0001a331 ; je 0x1a331 test ebx, 0x3f0000 -je short loc_0001a26d ; je 0x1a26d +je short loc_0001a331 ; je 0x1a331 push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x11a -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a26d: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a331: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a296 ; je 0x1a296 +je short loc_0001a35a ; je 0x1a35a test ebx, 0xff800001 -je short loc_0001a296 ; je 0x1a296 +je short loc_0001a35a ; je 0x1a35a push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x11b -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a296: ; not directly referenced +loc_0001a35a: ; not directly referenced sub esp, 0xc mov eax, esi push dword [ebp + 0x10] @@ -43775,7 +43847,7 @@ push eax push 1 push ebx push 5 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb lea esp, [ebp - 8] mov eax, esi pop ebx @@ -43783,38 +43855,38 @@ pop esi pop ebp ret -fcn_0001a2b8: ; not directly referenced +fcn_0001a37c: ; not directly referenced push ebp mov ebp, esp push ebx sub esp, 0x14 mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a2eb ; je 0x1a2eb +je short loc_0001a3af ; je 0x1a3af test ebx, 0x3f0000 -je short loc_0001a2eb ; je 0x1a2eb +je short loc_0001a3af ; je 0x1a3af push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x148 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a2eb: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a3af: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a314 ; je 0x1a314 +je short loc_0001a3d8 ; je 0x1a3d8 test ebx, 0xff800001 -je short loc_0001a314 ; je 0x1a314 +je short loc_0001a3d8 ; je 0x1a3d8 push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x149 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a314: ; not directly referenced +loc_0001a3d8: ; not directly referenced sub esp, 0xc push dword [ebp + 0xc] lea eax, [ebp - 0xa] @@ -43822,13 +43894,13 @@ push eax push 2 push ebx push 6 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb mov ax, word [ebp - 0xa] mov ebx, dword [ebp - 4] leave ret -fcn_0001a331: ; not directly referenced +fcn_0001a3f5: ; not directly referenced push ebp mov ebp, esp push esi @@ -43836,32 +43908,32 @@ push ebx sub esp, 0x10 mov ebx, dword [ebp + 8] mov esi, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a368 ; je 0x1a368 +je short loc_0001a42c ; je 0x1a42c test ebx, 0x3f0000 -je short loc_0001a368 ; je 0x1a368 +je short loc_0001a42c ; je 0x1a42c push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x178 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a368: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a42c: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a391 ; je 0x1a391 +je short loc_0001a455 ; je 0x1a455 test ebx, 0xff800001 -je short loc_0001a391 ; je 0x1a391 +je short loc_0001a455 ; je 0x1a455 push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x179 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a391: ; not directly referenced +loc_0001a455: ; not directly referenced sub esp, 0xc push dword [ebp + 0x10] lea eax, [ebp - 0xa] @@ -43870,7 +43942,7 @@ push eax push 2 push ebx push 7 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb lea esp, [ebp - 8] mov eax, esi pop ebx @@ -43878,7 +43950,7 @@ pop esi pop ebp ret -fcn_0001a3b2: ; not directly referenced +fcn_0001a476: ; not directly referenced push ebp mov ebp, esp push ebx @@ -43886,32 +43958,32 @@ sub esp, 0x14 mov eax, dword [ebp + 0xc] mov ebx, dword [ebp + 8] mov word [ebp - 0xc], ax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a3ec ; je 0x1a3ec +je short loc_0001a4b0 ; je 0x1a4b0 test ebx, 0x3f0000 -je short loc_0001a3ec ; je 0x1a3ec +je short loc_0001a4b0 ; je 0x1a4b0 push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x1a7 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a3ec: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a4b0: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a415 ; je 0x1a415 +je short loc_0001a4d9 ; je 0x1a4d9 test ebx, 0xff800001 -je short loc_0001a415 ; je 0x1a415 +je short loc_0001a4d9 ; je 0x1a4d9 push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x1a8 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a415: ; not directly referenced +loc_0001a4d9: ; not directly referenced sub esp, 0xc push dword [ebp + 0x10] lea eax, [ebp - 0xc] @@ -43919,133 +43991,133 @@ push eax push 2 push ebx push 0xa -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb mov eax, dword [ebp - 0xc] mov ebx, dword [ebp - 4] leave ret -fcn_0001a431: ; not directly referenced +fcn_0001a4f5: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a461 ; je 0x1a461 +je short loc_0001a525 ; je 0x1a525 test esi, esi -jne short loc_0001a461 ; jne 0x1a461 +jne short loc_0001a525 ; jne 0x1a525 push ecx -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x1d8 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a461: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a525: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a48a ; je 0x1a48a +je short loc_0001a54e ; je 0x1a54e test ebx, 0x3f0000 -je short loc_0001a48a ; je 0x1a48a +je short loc_0001a54e ; je 0x1a54e push edx -push ref_00026031 ; push 0x26031 +push ref_000260e0 ; push 0x260e0 push 0x1d9 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a48a: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a54e: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a4b3 ; je 0x1a4b3 +je short loc_0001a577 ; je 0x1a577 test ebx, 0xff800001 -je short loc_0001a4b3 ; je 0x1a4b3 +je short loc_0001a577 ; je 0x1a577 push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x1da -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a4b3: ; not directly referenced +loc_0001a577: ; not directly referenced sub esp, 0xc push dword [ebp + 0x10] push esi push 0x20 push ebx push 8 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0001a4cb: ; not directly referenced +fcn_0001a58f: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a4fb ; je 0x1a4fb +je short loc_0001a5bf ; je 0x1a5bf test esi, esi -jne short loc_0001a4fb ; jne 0x1a4fb +jne short loc_0001a5bf ; jne 0x1a5bf push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x207 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a4fb: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a5bf: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a524 ; je 0x1a524 +je short loc_0001a5e8 ; je 0x1a5e8 test ebx, 0x3f0000 -jne short loc_0001a524 ; jne 0x1a524 +jne short loc_0001a5e8 ; jne 0x1a5e8 push ecx -push ref_00026080 ; push 0x26080 +push ref_0002612f ; push 0x2612f push 0x208 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a524: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a5e8: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a552 ; je 0x1a552 +je short loc_0001a616 ; je 0x1a616 mov eax, ebx shr eax, 0x10 and eax, 0x3f cmp eax, 0x20 -jbe short loc_0001a552 ; jbe 0x1a552 +jbe short loc_0001a616 ; jbe 0x1a616 push edx -push ref_000260a5 ; push 0x260a5 +push ref_00026154 ; push 0x26154 push 0x209 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a552: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a616: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a57b ; je 0x1a57b +je short loc_0001a63f ; je 0x1a63f test ebx, 0xff800001 -je short loc_0001a57b ; je 0x1a57b +je short loc_0001a63f ; je 0x1a63f push eax -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x20a -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a57b: ; not directly referenced +loc_0001a63f: ; not directly referenced sub esp, 0xc mov eax, ebx push dword [ebp + 0x10] @@ -44055,14 +44127,14 @@ push esi push eax push ebx push 9 -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0001a59a: ; not directly referenced +fcn_0001a65e: ; not directly referenced push ebp mov ebp, esp push edi @@ -44071,74 +44143,74 @@ push ebx sub esp, 0xc mov ebx, dword [ebp + 8] mov edi, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a5ce ; je 0x1a5ce +je short loc_0001a692 ; je 0x1a692 test edi, edi -jne short loc_0001a5ce ; jne 0x1a5ce +jne short loc_0001a692 ; jne 0x1a692 push eax -push ref_000260cb ; push 0x260cb +push ref_0002617a ; push 0x2617a push 0x23c -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a5ce: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a692: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a5f5 ; je 0x1a5f5 +je short loc_0001a6b9 ; je 0x1a6b9 cmp dword [ebp + 0x10], 0 -jne short loc_0001a5f5 ; jne 0x1a5f5 +jne short loc_0001a6b9 ; jne 0x1a6b9 push eax -push ref_000260e7 ; push 0x260e7 +push ref_00026196 ; push 0x26196 push 0x23d -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a5f5: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a6b9: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a61e ; je 0x1a61e +je short loc_0001a6e2 ; je 0x1a6e2 test ebx, 0x3f0000 -jne short loc_0001a61e ; jne 0x1a61e +jne short loc_0001a6e2 ; jne 0x1a6e2 push eax -push ref_00026080 ; push 0x26080 +push ref_0002612f ; push 0x2612f push 0x23e -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a61e: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a6e2: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a64c ; je 0x1a64c +je short loc_0001a710 ; je 0x1a710 mov eax, ebx shr eax, 0x10 and eax, 0x3f cmp eax, 0x20 -jbe short loc_0001a64c ; jbe 0x1a64c +jbe short loc_0001a710 ; jbe 0x1a710 push esi -push ref_000260a5 ; push 0x260a5 +push ref_00026154 ; push 0x26154 push 0x23f -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a64c: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a710: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a675 ; je 0x1a675 +je short loc_0001a739 ; je 0x1a739 test ebx, 0xff800001 -je short loc_0001a675 ; je 0x1a675 +je short loc_0001a739 ; je 0x1a739 push ecx -push ref_00026056 ; push 0x26056 +push ref_00026105 ; push 0x26105 push 0x240 -push ref_00025fcc ; push 0x25fcc -call fcn_000153fc ; call 0x153fc +push ref_0002607b ; push 0x2607b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a675: ; not directly referenced +loc_0001a739: ; not directly referenced mov esi, ebx shr esi, 0x10 push eax @@ -44146,14 +44218,14 @@ and esi, 0x3f push esi push edi push dword [ebp + 0x10] -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e pop edx push dword [ebp + 0x14] push eax push esi push ebx push 0xb -call fcn_0001a727 ; call 0x1a727 +call fcn_0001a7eb ; call 0x1a7eb lea esp, [ebp - 0xc] pop ebx pop esi @@ -44161,7 +44233,7 @@ pop edi pop ebp ret -fcn_0001a69e: ; not directly referenced +fcn_0001a762: ; not directly referenced push ebp mov ebp, esp push ebx @@ -44170,60 +44242,60 @@ lea eax, [ebp - 0xc] push eax push 0 push 0 -push ref_0002900c ; push 0x2900c -call fcn_00019699 ; call 0x19699 +push ref_000290bc ; push 0x290bc +call fcn_0001975d ; call 0x1975d mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001a6fb ; je 0x1a6fb +je short loc_0001a7bf ; je 0x1a7bf test ebx, ebx -jns short loc_0001a6fb ; jns 0x1a6fb -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001a7bf ; jns 0x1a7bf +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001a6e6 ; je 0x1a6e6 +je short loc_0001a7aa ; je 0x1a7aa push ecx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001a6e6: ; not directly referenced +loc_0001a7aa: ; not directly referenced push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x24 -push ref_00026102 ; push 0x26102 -call fcn_000153fc ; call 0x153fc +push ref_000261b1 ; push 0x261b1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a6fb: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001a7bf: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001a71f ; je 0x1a71f +je short loc_0001a7e3 ; je 0x1a7e3 cmp dword [ebp - 0xc], 0 -jne short loc_0001a71f ; jne 0x1a71f +jne short loc_0001a7e3 ; jne 0x1a7e3 push eax -push ref_00026146 ; push 0x26146 +push ref_000261f5 ; push 0x261f5 push 0x25 -push ref_00026102 ; push 0x26102 -call fcn_000153fc ; call 0x153fc +push ref_000261b1 ; push 0x261b1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001a71f: ; not directly referenced +loc_0001a7e3: ; not directly referenced mov eax, dword [ebp - 0xc] mov ebx, dword [ebp - 4] leave ret -fcn_0001a727: ; not directly referenced +fcn_0001a7eb: ; not directly referenced push ebp mov ebp, esp push esi mov esi, dword [ebp + 0x18] push ebx mov ebx, dword [ebp + 0xc] -call fcn_0001a69e ; call 0x1a69e +call fcn_0001a762 ; call 0x1a762 mov ecx, ebx shr ecx, 1 and ecx, 0x7f @@ -44243,10 +44315,10 @@ push eax call dword [eax] ; ucall add esp, 0x20 test esi, esi -je short loc_0001a763 ; je 0x1a763 +je short loc_0001a827 ; je 0x1a827 mov dword [esi], eax -loc_0001a763: ; not directly referenced +loc_0001a827: ; not directly referenced mov eax, dword [ebp + 0x10] lea esp, [ebp - 8] pop ebx @@ -44254,77 +44326,77 @@ pop esi pop ebp ret -fcn_0001a76d: +fcn_0001a831: push ebp mov ebp, esp sub esp, 0x10 movzx eax, byte [ebp + 8] push eax push 0x80 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov eax, dword [ebp + 8] leave ret -fcn_0001a787: ; not directly referenced +fcn_0001a84b: ; not directly referenced push ebp mov ebp, esp sub esp, 0x10 movzx eax, byte [ebp + 8] push eax push 0x80 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea mov eax, dword [ebp + 8] leave ret -fcn_0001a7a1: ; not directly referenced +fcn_0001a865: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_0001a7a8: ; not directly referenced +fcn_0001a86c: ; not directly referenced push ebp xor eax, eax mov ebp, esp pop ebp ret -fcn_0001a7af: ; not directly referenced +fcn_0001a873: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017cc7 ; jmp 0x17cc7 +jmp near fcn_00017d8b ; jmp 0x17d8b -fcn_0001a7be: ; not directly referenced +fcn_0001a882: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017cfe ; jmp 0x17cfe +jmp near fcn_00017dc2 ; jmp 0x17dc2 -fcn_0001a7cd: ; not directly referenced +fcn_0001a891: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017d8a ; jmp 0x17d8a +jmp near fcn_00017e4e ; jmp 0x17e4e -fcn_0001a7dc: ; not directly referenced +fcn_0001a8a0: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017e14 ; jmp 0x17e14 +jmp near fcn_00017ed8 ; jmp 0x17ed8 -fcn_0001a7eb: ; not directly referenced +fcn_0001a8af: ; not directly referenced push ebp mov ebp, esp movzx eax, byte [ebp + 0x18] @@ -44332,9 +44404,9 @@ mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017ce1 ; jmp 0x17ce1 +jmp near fcn_00017da5 ; jmp 0x17da5 -fcn_0001a801: ; not directly referenced +fcn_0001a8c5: ; not directly referenced push ebp mov ebp, esp movzx eax, word [ebp + 0x18] @@ -44342,9 +44414,9 @@ mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017d40 ; jmp 0x17d40 +jmp near fcn_00017e04 ; jmp 0x17e04 -fcn_0001a817: ; not directly referenced +fcn_0001a8db: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x18] @@ -44352,9 +44424,9 @@ mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017dcb ; jmp 0x17dcb +jmp near fcn_00017e8f ; jmp 0x17e8f -fcn_0001a82c: ; not directly referenced +fcn_0001a8f0: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 0x10] @@ -44364,33 +44436,33 @@ mov dword [ebp + 8], ecx mov dword [ebp + 0xc], eax mov dword [ebp + 0x10], edx pop ebp -jmp near fcn_00017e64 ; jmp 0x17e64 +jmp near fcn_00017f28 ; jmp 0x17f28 -fcn_0001a847: ; not directly referenced +fcn_0001a90b: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00018e1d ; jmp 0x18e1d +jmp near fcn_00018ee1 ; jmp 0x18ee1 -fcn_0001a856: ; not directly referenced +fcn_0001a91a: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00018e32 ; jmp 0x18e32 +jmp near fcn_00018ef6 ; jmp 0x18ef6 -fcn_0001a865: ; not directly referenced +fcn_0001a929: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00018ea0 ; jmp 0x18ea0 +jmp near fcn_00018f64 ; jmp 0x18f64 -fcn_0001a874: ; not directly referenced +fcn_0001a938: ; not directly referenced push ebp mov ebp, esp movzx eax, byte [ebp + 0x18] @@ -44398,9 +44470,9 @@ mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_0001a88a: ; not directly referenced +fcn_0001a94e: ; not directly referenced push ebp mov ebp, esp movzx eax, word [ebp + 0x18] @@ -44408,9 +44480,9 @@ mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00018e63 ; jmp 0x18e63 +jmp near fcn_00018f27 ; jmp 0x18f27 -fcn_0001a8a0: ; not directly referenced +fcn_0001a964: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x18] @@ -44418,17 +44490,17 @@ mov dword [ebp + 0xc], eax mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00018ed3 ; jmp 0x18ed3 +jmp near fcn_00018f97 ; jmp 0x18f97 -fcn_0001a8b5: ; not directly referenced +fcn_0001a979: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0x10] mov dword [ebp + 8], eax pop ebp -jmp near fcn_00017c73 ; jmp 0x17c73 +jmp near fcn_00017d37 ; jmp 0x17d37 -fcn_0001a8c4: ; not directly referenced +fcn_0001a988: ; not directly referenced push ebp mov ebp, esp mov ecx, dword [ebp + 0x10] @@ -44438,9 +44510,9 @@ mov dword [ebp + 8], ecx mov dword [ebp + 0xc], eax mov dword [ebp + 0x10], edx pop ebp -jmp near fcn_00017c9d ; jmp 0x17c9d +jmp near fcn_00017d61 ; jmp 0x17d61 -fcn_0001a8df: ; not directly referenced +fcn_0001a9a3: ; not directly referenced push ebp mov ebp, esp push edi @@ -44455,54 +44527,54 @@ mov dword [ebp - 0x1c], eax mov edi, dword [ebp + 0x14] mov eax, 0x80000002 mov ebx, dword [ebp + 0x18] -je loc_0001a98c ; je 0x1a98c +je loc_0001aa50 ; je 0x1aa50 cmp esi, 0xb -ja short loc_0001a98c ; ja 0x1a98c +ja short loc_0001aa50 ; ja 0x1aa50 lea edx, [esi - 4] cmp edx, 3 mov edx, 1 cmovbe ebx, edx and esi, 3 cmp esi, 3 -jne short loc_0001a928 ; jne 0x1a928 +jne short loc_0001a9ec ; jne 0x1a9ec test cl, cl -je short loc_0001a98c ; je 0x1a98c +je short loc_0001aa50 ; je 0x1aa50 -loc_0001a928: ; not directly referenced +loc_0001a9ec: ; not directly referenced mov eax, 0xffff xor edx, edx test cl, cl -je short loc_0001a938 ; je 0x1a938 +je short loc_0001a9fc ; je 0x1a9fc or eax, 0xffffffff xor edx, edx -loc_0001a938: ; not directly referenced +loc_0001a9fc: ; not directly referenced test ebx, ebx -jne short loc_0001a94e ; jne 0x1a94e +jne short loc_0001aa12 ; jne 0x1aa12 cmp edi, edx -jb short loc_0001a982 ; jb 0x1a982 -ja short loc_0001a947 ; ja 0x1a947 +jb short loc_0001aa46 ; jb 0x1aa46 +ja short loc_0001aa0b ; ja 0x1aa0b -loc_0001a942: ; not directly referenced +loc_0001aa06: ; not directly referenced cmp dword [ebp - 0x1c], eax -jbe short loc_0001a982 ; jbe 0x1a982 +jbe short loc_0001aa46 ; jbe 0x1aa46 -loc_0001a947: ; not directly referenced +loc_0001aa0b: ; not directly referenced mov eax, 0x80000003 -jmp short loc_0001a98c ; jmp 0x1a98c +jmp short loc_0001aa50 ; jmp 0x1aa50 -loc_0001a94e: ; not directly referenced +loc_0001aa12: ; not directly referenced push ecx push esi push edx push eax -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f lea ecx, [ebx - 1] add esp, 0x10 cmp edx, 0 -jbe short loc_0001a986 ; jbe 0x1a986 +jbe short loc_0001aa4a ; jbe 0x1aa4a -loc_0001a962: ; not directly referenced +loc_0001aa26: ; not directly referenced push ecx mov ecx, ebx xor ebx, ebx @@ -44513,22 +44585,22 @@ push esi adc edx, 0 push edx push eax -call fcn_0001fd4c ; call 0x1fd4c +call fcn_0001fdda ; call 0x1fdda add esp, 0x10 cmp edi, edx -ja short loc_0001a947 ; ja 0x1a947 -jae short loc_0001a942 ; jae 0x1a942 +ja short loc_0001aa0b ; ja 0x1aa0b +jae short loc_0001aa06 ; jae 0x1aa06 -loc_0001a982: ; not directly referenced +loc_0001aa46: ; not directly referenced xor eax, eax -jmp short loc_0001a98c ; jmp 0x1a98c +jmp short loc_0001aa50 ; jmp 0x1aa50 -loc_0001a986: ; not directly referenced +loc_0001aa4a: ; not directly referenced cmp eax, ecx -jb short loc_0001a947 ; jb 0x1a947 -jmp short loc_0001a962 ; jmp 0x1a962 +jb short loc_0001aa0b ; jb 0x1aa0b +jmp short loc_0001aa26 ; jmp 0x1aa26 -loc_0001a98c: ; not directly referenced +loc_0001aa50: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -44536,7 +44608,7 @@ pop edi pop ebp ret -fcn_0001a994: ; not directly referenced +fcn_0001aa58: ; not directly referenced push ebp mov ebp, esp push edi @@ -44554,113 +44626,113 @@ push edi push esi push edx push 1 -call fcn_0001a8df ; call 0x1a8df +call fcn_0001a9a3 ; call 0x1a9a3 add esp, 0x20 test eax, eax -js loc_0001aab9 ; js 0x1aab9 +js loc_0001ab7d ; js 0x1ab7d mov edx, dword [ebp - 0x1c] mov dword [ebp - 0x24], 0 -mov al, byte [edx + ref_0002953c] ; mov al, byte [edx + 0x2953c] +mov al, byte [edx + ref_000295ec] ; mov al, byte [edx + 0x295ec] mov byte [ebp - 0x1e], al mov eax, edx and eax, 3 mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_00029548] ; movzx eax, byte [eax + 0x29548] +movzx eax, byte [eax + ref_000295f8] ; movzx eax, byte [eax + 0x295f8] dec eax test ebx, eax -movzx eax, byte [edx + ref_00029548] ; movzx eax, byte [edx + 0x29548] +movzx eax, byte [edx + ref_000295f8] ; movzx eax, byte [edx + 0x295f8] sete byte [ebp - 0x1d] mov dword [ebp - 0x28], eax -loc_0001a9f8: ; not directly referenced +loc_0001aabc: ; not directly referenced cmp dword [ebp + 0x1c], 0 -je loc_0001aab7 ; je 0x1aab7 +je loc_0001ab7b ; je 0x1ab7b cmp dword [ebp - 0x1c], 0 -jne short loc_0001aa18 ; jne 0x1aa18 +jne short loc_0001aadc ; jne 0x1aadc sub esp, 0xc push esi -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov byte [ebx], al -jmp near loc_0001aaa0 ; jmp 0x1aaa0 +jmp near loc_0001ab64 ; jmp 0x1ab64 -loc_0001aa18: ; not directly referenced +loc_0001aadc: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_0001aa49 ; jne 0x1aa49 +jne short loc_0001ab0d ; jne 0x1ab0d cmp byte [ebp - 0x1d], 0 -je short loc_0001aa32 ; je 0x1aa32 +je short loc_0001aaf6 ; je 0x1aaf6 sub esp, 0xc push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov word [ebx], ax -jmp short loc_0001aaa0 ; jmp 0x1aaa0 +jmp short loc_0001ab64 ; jmp 0x1ab64 -loc_0001aa32: ; not directly referenced +loc_0001aaf6: ; not directly referenced sub esp, 0xc push esi -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 pop edx pop ecx movzx eax, ax push eax push ebx -call fcn_00017207 ; call 0x17207 -jmp short loc_0001aaa0 ; jmp 0x1aaa0 +call fcn_000172cb ; call 0x172cb +jmp short loc_0001ab64 ; jmp 0x1ab64 -loc_0001aa49: ; not directly referenced +loc_0001ab0d: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_0001aa76 ; jne 0x1aa76 +jne short loc_0001ab3a ; jne 0x1ab3a cmp byte [ebp - 0x1d], 0 -je short loc_0001aa62 ; je 0x1aa62 +je short loc_0001ab26 ; je 0x1ab26 sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [ebx], eax -jmp short loc_0001aaa0 ; jmp 0x1aaa0 +jmp short loc_0001ab64 ; jmp 0x1ab64 -loc_0001aa62: ; not directly referenced +loc_0001ab26: ; not directly referenced sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e pop edx pop ecx push eax push ebx -call fcn_000172ee ; call 0x172ee -jmp short loc_0001aaa0 ; jmp 0x1aaa0 +call fcn_000173b2 ; call 0x173b2 +jmp short loc_0001ab64 ; jmp 0x1ab64 -loc_0001aa76: ; not directly referenced +loc_0001ab3a: ; not directly referenced cmp byte [ebp - 0x1d], 0 -je short loc_0001aa8c ; je 0x1aa8c +je short loc_0001ab50 ; je 0x1ab50 sub esp, 0xc push esi -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 mov dword [ebx], eax mov dword [ebx + 4], edx -jmp short loc_0001aaa0 ; jmp 0x1aaa0 +jmp short loc_0001ab64 ; jmp 0x1ab64 -loc_0001aa8c: ; not directly referenced +loc_0001ab50: ; not directly referenced sub esp, 0xc push esi -call fcn_00017e14 ; call 0x17e14 +call fcn_00017ed8 ; call 0x17ed8 add esp, 0xc push edx push eax push ebx -call fcn_00017360 ; call 0x17360 +call fcn_00017424 ; call 0x17424 -loc_0001aaa0: ; not directly referenced +loc_0001ab64: ; not directly referenced movzx eax, byte [ebp - 0x1e] add esp, 0x10 add esi, dword [ebp - 0x28] adc edi, dword [ebp - 0x24] dec dword [ebp + 0x1c] add ebx, eax -jmp near loc_0001a9f8 ; jmp 0x1a9f8 +jmp near loc_0001aabc ; jmp 0x1aabc -loc_0001aab7: ; not directly referenced +loc_0001ab7b: ; not directly referenced xor eax, eax -loc_0001aab9: ; not directly referenced +loc_0001ab7d: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -44668,7 +44740,7 @@ pop edi pop ebp ret -fcn_0001aac1: ; not directly referenced +fcn_0001ab85: ; not directly referenced push ebp mov ebp, esp push edi @@ -44686,117 +44758,117 @@ push edi push esi push edx push 1 -call fcn_0001a8df ; call 0x1a8df +call fcn_0001a9a3 ; call 0x1a9a3 add esp, 0x20 test eax, eax -js loc_0001abce ; js 0x1abce +js loc_0001ac92 ; js 0x1ac92 mov edx, dword [ebp - 0x1c] mov dword [ebp - 0x24], 0 -mov al, byte [edx + ref_0002953c] ; mov al, byte [edx + 0x2953c] +mov al, byte [edx + ref_000295ec] ; mov al, byte [edx + 0x295ec] mov byte [ebp - 0x1e], al mov eax, edx and eax, 3 mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_00029548] ; movzx eax, byte [eax + 0x29548] +movzx eax, byte [eax + ref_000295f8] ; movzx eax, byte [eax + 0x295f8] dec eax test ebx, eax -movzx eax, byte [edx + ref_00029548] ; movzx eax, byte [edx + 0x29548] +movzx eax, byte [edx + ref_000295f8] ; movzx eax, byte [edx + 0x295f8] sete byte [ebp - 0x1d] mov dword [ebp - 0x28], eax -loc_0001ab25: ; not directly referenced +loc_0001abe9: ; not directly referenced cmp dword [ebp + 0x1c], 0 -je loc_0001abcc ; je 0x1abcc +je loc_0001ac90 ; je 0x1ac90 cmp dword [ebp - 0x1c], 0 -jne short loc_0001ab43 ; jne 0x1ab43 +jne short loc_0001ac07 ; jne 0x1ac07 push eax push eax movzx eax, byte [ebx] push eax push esi -call fcn_00017ce1 ; call 0x17ce1 -jmp short loc_0001abb5 ; jmp 0x1abb5 +call fcn_00017da5 ; call 0x17da5 +jmp short loc_0001ac79 ; jmp 0x1ac79 -loc_0001ab43: ; not directly referenced +loc_0001ac07: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_0001ab6d ; jne 0x1ab6d +jne short loc_0001ac31 ; jne 0x1ac31 cmp byte [ebp - 0x1d], 0 -je short loc_0001ab56 ; je 0x1ab56 +je short loc_0001ac1a ; je 0x1ac1a push eax push eax movzx eax, word [ebx] -jmp short loc_0001ab64 ; jmp 0x1ab64 +jmp short loc_0001ac28 ; jmp 0x1ac28 -loc_0001ab56: ; not directly referenced +loc_0001ac1a: ; not directly referenced sub esp, 0xc push ebx -call fcn_000171d5 ; call 0x171d5 +call fcn_00017299 ; call 0x17299 pop edx pop ecx movzx eax, ax -loc_0001ab64: ; not directly referenced +loc_0001ac28: ; not directly referenced push eax push esi -call fcn_00017d40 ; call 0x17d40 -jmp short loc_0001abb5 ; jmp 0x1abb5 +call fcn_00017e04 ; call 0x17e04 +jmp short loc_0001ac79 ; jmp 0x1ac79 -loc_0001ab6d: ; not directly referenced +loc_0001ac31: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_0001ab93 ; jne 0x1ab93 +jne short loc_0001ac57 ; jne 0x1ac57 cmp byte [ebp - 0x1d], 0 -je short loc_0001ab7f ; je 0x1ab7f +je short loc_0001ac43 ; je 0x1ac43 push eax push eax push dword [ebx] -jmp short loc_0001ab8b ; jmp 0x1ab8b +jmp short loc_0001ac4f ; jmp 0x1ac4f -loc_0001ab7f: ; not directly referenced +loc_0001ac43: ; not directly referenced sub esp, 0xc push ebx -call fcn_000172ba ; call 0x172ba +call fcn_0001737e ; call 0x1737e pop edx pop ecx push eax -loc_0001ab8b: ; not directly referenced +loc_0001ac4f: ; not directly referenced push esi -call fcn_00017dcb ; call 0x17dcb -jmp short loc_0001abb5 ; jmp 0x1abb5 +call fcn_00017e8f ; call 0x17e8f +jmp short loc_0001ac79 ; jmp 0x1ac79 -loc_0001ab93: ; not directly referenced +loc_0001ac57: ; not directly referenced cmp byte [ebp - 0x1d], 0 -je short loc_0001aba1 ; je 0x1aba1 +je short loc_0001ac65 ; je 0x1ac65 push eax push dword [ebx + 4] push dword [ebx] -jmp short loc_0001abaf ; jmp 0x1abaf +jmp short loc_0001ac73 ; jmp 0x1ac73 -loc_0001aba1: ; not directly referenced +loc_0001ac65: ; not directly referenced sub esp, 0xc push ebx -call fcn_00017329 ; call 0x17329 +call fcn_000173ed ; call 0x173ed add esp, 0xc push edx push eax -loc_0001abaf: ; not directly referenced +loc_0001ac73: ; not directly referenced push esi -call fcn_00017e64 ; call 0x17e64 +call fcn_00017f28 ; call 0x17f28 -loc_0001abb5: ; not directly referenced +loc_0001ac79: ; not directly referenced movzx eax, byte [ebp - 0x1e] add esp, 0x10 add esi, dword [ebp - 0x28] adc edi, dword [ebp - 0x24] dec dword [ebp + 0x1c] add ebx, eax -jmp near loc_0001ab25 ; jmp 0x1ab25 +jmp near loc_0001abe9 ; jmp 0x1abe9 -loc_0001abcc: ; not directly referenced +loc_0001ac90: ; not directly referenced xor eax, eax -loc_0001abce: ; not directly referenced +loc_0001ac92: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -44804,7 +44876,7 @@ pop edi pop ebp ret -fcn_0001abd6: ; not directly referenced +fcn_0001ac9a: ; not directly referenced push ebp mov ebp, esp push edi @@ -44822,94 +44894,94 @@ push edi push esi push edx push 0 -call fcn_0001a8df ; call 0x1a8df +call fcn_0001a9a3 ; call 0x1a9a3 add esp, 0x20 test eax, eax -js loc_0001accc ; js 0x1accc +js loc_0001ad90 ; js 0x1ad90 mov edx, dword [ebp - 0x1c] mov dword [ebp - 0x24], 0 -mov al, byte [edx + ref_0002953c] ; mov al, byte [edx + 0x2953c] +mov al, byte [edx + ref_000295ec] ; mov al, byte [edx + 0x295ec] mov byte [ebp - 0x1e], al mov eax, edx and eax, 3 mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_00029548] ; movzx eax, byte [eax + 0x29548] +movzx eax, byte [eax + ref_000295f8] ; movzx eax, byte [eax + 0x295f8] dec eax test ebx, eax -movzx eax, byte [edx + ref_00029548] ; movzx eax, byte [edx + 0x29548] +movzx eax, byte [edx + ref_000295f8] ; movzx eax, byte [edx + 0x295f8] sete byte [ebp - 0x1d] mov dword [ebp - 0x28], eax -loc_0001ac3a: ; not directly referenced +loc_0001acfe: ; not directly referenced cmp dword [ebp + 0x1c], 0 -je loc_0001acca ; je 0x1acca +je loc_0001ad8e ; je 0x1ad8e cmp dword [ebp - 0x1c], 0 -jne short loc_0001ac57 ; jne 0x1ac57 +jne short loc_0001ad1b ; jne 0x1ad1b sub esp, 0xc push esi -call fcn_00018e1d ; call 0x18e1d +call fcn_00018ee1 ; call 0x18ee1 mov byte [ebx], al -jmp short loc_0001acb3 ; jmp 0x1acb3 +jmp short loc_0001ad77 ; jmp 0x1ad77 -loc_0001ac57: ; not directly referenced +loc_0001ad1b: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_0001ac88 ; jne 0x1ac88 +jne short loc_0001ad4c ; jne 0x1ad4c cmp byte [ebp - 0x1d], 0 -je short loc_0001ac71 ; je 0x1ac71 +je short loc_0001ad35 ; je 0x1ad35 sub esp, 0xc push esi -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 mov word [ebx], ax -jmp short loc_0001acb3 ; jmp 0x1acb3 +jmp short loc_0001ad77 ; jmp 0x1ad77 -loc_0001ac71: ; not directly referenced +loc_0001ad35: ; not directly referenced sub esp, 0xc push esi -call fcn_00018e32 ; call 0x18e32 +call fcn_00018ef6 ; call 0x18ef6 pop edx pop ecx movzx eax, ax push eax push ebx -call fcn_00017207 ; call 0x17207 -jmp short loc_0001acb3 ; jmp 0x1acb3 +call fcn_000172cb ; call 0x172cb +jmp short loc_0001ad77 ; jmp 0x1ad77 -loc_0001ac88: ; not directly referenced +loc_0001ad4c: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_0001acb6 ; jne 0x1acb6 +jne short loc_0001ad7a ; jne 0x1ad7a cmp byte [ebp - 0x1d], 0 -je short loc_0001aca1 ; je 0x1aca1 +je short loc_0001ad65 ; je 0x1ad65 sub esp, 0xc push esi -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 mov dword [ebx], eax -jmp short loc_0001acb3 ; jmp 0x1acb3 +jmp short loc_0001ad77 ; jmp 0x1ad77 -loc_0001aca1: ; not directly referenced +loc_0001ad65: ; not directly referenced sub esp, 0xc push esi -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 pop edx pop ecx push eax push ebx -call fcn_000172ee ; call 0x172ee +call fcn_000173b2 ; call 0x173b2 -loc_0001acb3: ; not directly referenced +loc_0001ad77: ; not directly referenced add esp, 0x10 -loc_0001acb6: ; not directly referenced +loc_0001ad7a: ; not directly referenced movzx eax, byte [ebp - 0x1e] add esi, dword [ebp - 0x28] adc edi, dword [ebp - 0x24] dec dword [ebp + 0x1c] add ebx, eax -jmp near loc_0001ac3a ; jmp 0x1ac3a +jmp near loc_0001acfe ; jmp 0x1acfe -loc_0001acca: ; not directly referenced +loc_0001ad8e: ; not directly referenced xor eax, eax -loc_0001accc: ; not directly referenced +loc_0001ad90: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -44917,7 +44989,7 @@ pop edi pop ebp ret -fcn_0001acd4: ; not directly referenced +fcn_0001ad98: ; not directly referenced push ebp mov ebp, esp push edi @@ -44935,98 +45007,98 @@ push edi push esi push edx push 0 -call fcn_0001a8df ; call 0x1a8df +call fcn_0001a9a3 ; call 0x1a9a3 add esp, 0x20 test eax, eax -js loc_0001adb6 ; js 0x1adb6 +js loc_0001ae7a ; js 0x1ae7a mov edx, dword [ebp - 0x1c] mov dword [ebp - 0x24], 0 -mov al, byte [edx + ref_0002953c] ; mov al, byte [edx + 0x2953c] +mov al, byte [edx + ref_000295ec] ; mov al, byte [edx + 0x295ec] mov byte [ebp - 0x1e], al mov eax, edx and eax, 3 mov dword [ebp - 0x1c], eax -movzx eax, byte [eax + ref_00029548] ; movzx eax, byte [eax + 0x29548] +movzx eax, byte [eax + ref_000295f8] ; movzx eax, byte [eax + 0x295f8] dec eax test ebx, eax -movzx eax, byte [edx + ref_00029548] ; movzx eax, byte [edx + 0x29548] +movzx eax, byte [edx + ref_000295f8] ; movzx eax, byte [edx + 0x295f8] sete byte [ebp - 0x1d] mov dword [ebp - 0x28], eax -loc_0001ad38: ; not directly referenced +loc_0001adfc: ; not directly referenced cmp dword [ebp + 0x1c], 0 -je short loc_0001adb4 ; je 0x1adb4 +je short loc_0001ae78 ; je 0x1ae78 cmp dword [ebp - 0x1c], 0 -jne short loc_0001ad52 ; jne 0x1ad52 +jne short loc_0001ae16 ; jne 0x1ae16 push eax push eax movzx eax, byte [ebx] push eax push esi -call fcn_00018e26 ; call 0x18e26 -jmp short loc_0001ada0 ; jmp 0x1ada0 +call fcn_00018eea ; call 0x18eea +jmp short loc_0001ae64 ; jmp 0x1ae64 -loc_0001ad52: ; not directly referenced +loc_0001ae16: ; not directly referenced cmp dword [ebp - 0x1c], 1 -jne short loc_0001ad7c ; jne 0x1ad7c +jne short loc_0001ae40 ; jne 0x1ae40 cmp byte [ebp - 0x1d], 0 -je short loc_0001ad65 ; je 0x1ad65 +je short loc_0001ae29 ; je 0x1ae29 push eax push eax movzx eax, word [ebx] -jmp short loc_0001ad73 ; jmp 0x1ad73 +jmp short loc_0001ae37 ; jmp 0x1ae37 -loc_0001ad65: ; not directly referenced +loc_0001ae29: ; not directly referenced sub esp, 0xc push ebx -call fcn_000171d5 ; call 0x171d5 +call fcn_00017299 ; call 0x17299 pop edx pop ecx movzx eax, ax -loc_0001ad73: ; not directly referenced +loc_0001ae37: ; not directly referenced push eax push esi -call fcn_00018e63 ; call 0x18e63 -jmp short loc_0001ada0 ; jmp 0x1ada0 +call fcn_00018f27 ; call 0x18f27 +jmp short loc_0001ae64 ; jmp 0x1ae64 -loc_0001ad7c: ; not directly referenced +loc_0001ae40: ; not directly referenced cmp dword [ebp - 0x1c], 2 -jne short loc_0001ada3 ; jne 0x1ada3 +jne short loc_0001ae67 ; jne 0x1ae67 cmp byte [ebp - 0x1d], 0 -je short loc_0001ad8e ; je 0x1ad8e +je short loc_0001ae52 ; je 0x1ae52 push eax push eax push dword [ebx] -jmp short loc_0001ad9a ; jmp 0x1ad9a +jmp short loc_0001ae5e ; jmp 0x1ae5e -loc_0001ad8e: ; not directly referenced +loc_0001ae52: ; not directly referenced sub esp, 0xc push ebx -call fcn_000172ba ; call 0x172ba +call fcn_0001737e ; call 0x1737e pop edx pop ecx push eax -loc_0001ad9a: ; not directly referenced +loc_0001ae5e: ; not directly referenced push esi -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 -loc_0001ada0: ; not directly referenced +loc_0001ae64: ; not directly referenced add esp, 0x10 -loc_0001ada3: ; not directly referenced +loc_0001ae67: ; not directly referenced movzx eax, byte [ebp - 0x1e] add esi, dword [ebp - 0x28] adc edi, dword [ebp - 0x24] dec dword [ebp + 0x1c] add ebx, eax -jmp short loc_0001ad38 ; jmp 0x1ad38 +jmp short loc_0001adfc ; jmp 0x1adfc -loc_0001adb4: ; not directly referenced +loc_0001ae78: ; not directly referenced xor eax, eax -loc_0001adb6: ; not directly referenced +loc_0001ae7a: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -45034,67 +45106,67 @@ pop edi pop ebp ret -fcn_0001adbe: +fcn_0001ae82: push ebp mov ebp, esp push ebx sub esp, 0x10 push dword [ebp + 8] -call fcn_00019824 ; call 0x19824 +call fcn_000198e8 ; call 0x198e8 mov edx, dword [ebp + 0xc] add esp, 0x10 mov edx, dword [edx] -mov dword [edx + 0x60], ref_00029560 ; mov dword [edx + 0x60], 0x29560 +mov dword [edx + 0x60], ref_00029610 ; mov dword [edx + 0x60], 0x29610 cmp eax, 0x80000014 -jne short loc_0001ae00 ; jne 0x1ae00 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0001aec4 ; jne 0x1aec4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001ae54 ; je 0x1ae54 +je short loc_0001af18 ; je 0x1af18 push ecx -push ref_00029560 ; push 0x29560 -push ref_0002615f ; push 0x2615f +push ref_00029610 ; push 0x29610 +push ref_0002620e ; push 0x2620e push 0x40 -call fcn_000153f7 ; call 0x153f7 -jmp short loc_0001ae51 ; jmp 0x1ae51 +call fcn_00015487 ; call 0x15487 +jmp short loc_0001af15 ; jmp 0x1af15 -loc_0001ae00: +loc_0001aec4: sub esp, 0xc -push ref_00029554 ; push 0x29554 -call fcn_00019667 ; call 0x19667 +push ref_00029604 ; push 0x29604 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001ae54 ; je 0x1ae54 +je short loc_0001af18 ; je 0x1af18 test ebx, ebx -jns short loc_0001ae54 ; jns 0x1ae54 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001af18 ; jns 0x1af18 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001ae3c ; je 0x1ae3c +je short loc_0001af00 ; je 0x1af00 push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001ae3c: +loc_0001af00: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x35c -push ref_0002619d ; push 0x2619d -call fcn_000153fc ; call 0x153fc +push ref_0002624c ; push 0x2624c +call fcn_0001548c ; call 0x1548c -loc_0001ae51: +loc_0001af15: add esp, 0x10 -loc_0001ae54: +loc_0001af18: xor eax, eax mov ebx, dword [ebp - 4] leave ret -fcn_0001ae5b: ; not directly referenced +fcn_0001af1f: ; not directly referenced push ebp mov ebp, esp push edi @@ -45106,9 +45178,9 @@ mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x18] mov byte [ebp - 0x28], al -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001ae9e ; je 0x1ae9e +je short loc_0001af62 ; je 0x1af62 mov eax, dword [ebp - 0x28] sub esp, 0xc push dword [ebp + 0x14] @@ -45116,29 +45188,29 @@ and eax, 0x7f push ebx add eax, eax push eax -push ref_000261ce ; push 0x261ce +push ref_0002627d ; push 0x2627d push 0x80000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_0001ae9e: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001af62: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001aec7 ; je 0x1aec7 +je short loc_0001af8b ; je 0x1af8b cmp dword [esi - 0x18], 0x626d7370 -je short loc_0001aec7 ; je 0x1aec7 +je short loc_0001af8b ; je 0x1af8b push ecx -push ref_00026219 ; push 0x26219 +push ref_000262c8 ; push 0x262c8 push 0x43 -push ref_0002622e ; push 0x2622e -call fcn_000153fc ; call 0x153fc +push ref_000262dd ; push 0x262dd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_0001aeca ; jmp 0x1aeca +jmp short loc_0001af8e ; jmp 0x1af8e -loc_0001aec7: ; not directly referenced +loc_0001af8b: ; not directly referenced sub esi, 0x18 -loc_0001aeca: ; not directly referenced +loc_0001af8e: ; not directly referenced push edx mov eax, edi push edx @@ -45150,23 +45222,23 @@ push edi push dword [ebp + 0x14] push ebx push eax -call fcn_0001b324 ; call 0x1b324 +call fcn_0001b3e8 ; call 0x1b3e8 add esp, 0x14 push esi mov ebx, eax -call fcn_0001b1fc ; call 0x1b1fc -call fcn_000153e9 ; call 0x153e9 +call fcn_0001b2c0 ; call 0x1b2c0 +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_0001af10 ; je 0x1af10 +je short loc_0001afd4 ; je 0x1afd4 push eax push eax -push ref_00026258 ; push 0x26258 +push ref_00026307 ; push 0x26307 push 0x80000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001af10: ; not directly referenced +loc_0001afd4: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -45175,7 +45247,7 @@ pop edi pop ebp ret -fcn_0001af1a: +fcn_0001afde: push ebp mov ebp, esp push esi @@ -45189,34 +45261,34 @@ lea eax, [ebp - 0xc] push eax push 0 push 0 -push ref_0002912c ; push 0x2912c -call fcn_00019699 ; call 0x19699 +push ref_000291dc ; push 0x291dc +call fcn_0001975d ; call 0x1975d mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001af8a ; je 0x1af8a +je short loc_0001b04e ; je 0x1b04e test esi, esi -jns short loc_0001af8a ; jns 0x1af8a -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001b04e ; jns 0x1b04e +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001af72 ; je 0x1af72 +je short loc_0001b036 ; je 0x1b036 push edx push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001af72: +loc_0001b036: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xee -push ref_0002622e ; push 0x2622e -call fcn_000153fc ; call 0x153fc +push ref_000262dd ; push 0x262dd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001af8a: +loc_0001b04e: mov eax, dword [ebp - 0xc] movzx edx, word [eax + 0x388] add eax, 0x38e @@ -45225,16 +45297,16 @@ mov dl, byte [eax - 1] mov dword [ebx + 0xce], eax lea eax, [ebx + 0x18] mov dword [ebx + 0xc], 0x80000010 -mov dword [ebx + 0x10], ref_0002900c ; mov dword [ebx + 0x10], 0x2900c +mov dword [ebx + 0x10], ref_000290bc ; mov dword [ebx + 0x10], 0x290bc mov byte [ebx + 0xcd], dl mov dword [ebx + 0x14], eax -mov dword [ebx + 0x18], fcn_0001ae5b ; mov dword [ebx + 0x18], 0x1ae5b -mov dword [ebx + 0x1c], fcn_0001b1de ; mov dword [ebx + 0x1c], 0x1b1de -mov dword [ebx + 0x20], fcn_0001b1e8 ; mov dword [ebx + 0x20], 0x1b1e8 -mov dword [ebx + 0x24], fcn_0001b1f2 ; mov dword [ebx + 0x24], 0x1b1f2 +mov dword [ebx + 0x18], fcn_0001af1f ; mov dword [ebx + 0x18], 0x1af1f +mov dword [ebx + 0x1c], fcn_0001b2a2 ; mov dword [ebx + 0x1c], 0x1b2a2 +mov dword [ebx + 0x20], fcn_0001b2ac ; mov dword [ebx + 0x20], 0x1b2ac +mov dword [ebx + 0x24], fcn_0001b2b6 ; mov dword [ebx + 0x24], 0x1b2b6 mov dword [ebx + 0x38], 0x80000020 -mov dword [ebx + 0x3c], ref_00028fec ; mov dword [ebx + 0x3c], 0x28fec -mov dword [ebx + 0x40], fcn_0001b195 ; mov dword [ebx + 0x40], 0x1b195 +mov dword [ebx + 0x3c], ref_0002909c ; mov dword [ebx + 0x3c], 0x2909c +mov dword [ebx + 0x40], fcn_0001b259 ; mov dword [ebx + 0x40], 0x1b259 mov byte [ebx + 0x44], 0 mov byte [ebx + 0xd2], 0 lea esp, [ebp - 8] @@ -45243,157 +45315,157 @@ pop esi pop ebp ret -fcn_0001b002: +fcn_0001b0c6: push ebp mov ebp, esp push esi push ebx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001b021 ; je 0x1b021 +je short loc_0001b0e5 ; je 0x1b0e5 push eax push eax -push ref_00026270 ; push 0x26270 +push ref_0002631f ; push 0x2631f push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001b021: +loc_0001b0e5: sub esp, 0xc push 0x11b -call fcn_00019c79 ; call 0x19c79 +call fcn_00019d3d ; call 0x19d3d add esp, 0x10 mov ebx, eax test eax, eax -jne short loc_0001b05a ; jne 0x1b05a -call fcn_000153e9 ; call 0x153e9 +jne short loc_0001b11e ; jne 0x1b11e +call fcn_00015479 ; call 0x15479 mov ebx, 0x80000009 test al, al -je loc_0001b18c ; je 0x1b18c +je loc_0001b250 ; je 0x1b250 push eax push eax -push ref_00026290 ; push 0x26290 +push ref_0002633f ; push 0x2633f push 0x80000000 -jmp near loc_0001b184 ; jmp 0x1b184 +jmp near loc_0001b248 ; jmp 0x1b248 -loc_0001b05a: +loc_0001b11e: push eax push eax push ebx push dword [ebp + 0xc] -call fcn_0001af1a ; call 0x1af1a +call fcn_0001afde ; call 0x1afde add esp, 0xc push 3 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add esp, 0xc push dword [ebx + 8] push 0xffe0 mov esi, eax lea eax, [eax + 0x20] push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 pop eax pop edx lea eax, [esi + 4] add esi, 0x40 push 1 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop ecx pop eax push 0x10 push esi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 pop eax pop edx push 8 push esi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0xc push 1 push 0xf9 push esi -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a pop ecx pop esi push 0xff push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b lea eax, [ebx + 0xc] mov dword [esp], eax -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001b11d ; je 0x1b11d +je short loc_0001b1e1 ; je 0x1b1e1 test esi, esi -jns short loc_0001b11d ; jns 0x1b11d -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001b1e1 ; jns 0x1b1e1 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001b105 ; je 0x1b105 +je short loc_0001b1c9 ; je 0x1b1c9 push eax push esi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001b105: +loc_0001b1c9: push esi -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xc4 -push ref_0002622e ; push 0x2622e -call fcn_000153fc ; call 0x153fc +push ref_000262dd ; push 0x262dd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001b11d: +loc_0001b1e1: sub esp, 0xc add ebx, 0x38 push ebx -call fcn_000196bb ; call 0x196bb +call fcn_0001977f ; call 0x1977f mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001b170 ; je 0x1b170 +je short loc_0001b234 ; je 0x1b234 test ebx, ebx -jns short loc_0001b170 ; jns 0x1b170 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001b234 ; jns 0x1b234 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001b158 ; je 0x1b158 +je short loc_0001b21c ; je 0x1b21c push ecx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001b158: +loc_0001b21c: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xca -push ref_0002622e ; push 0x2622e -call fcn_000153fc ; call 0x153fc +push ref_000262dd ; push 0x262dd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001b170: -call fcn_000153e9 ; call 0x153e9 +loc_0001b234: +call fcn_00015479 ; call 0x15479 xor ebx, ebx test al, al -je short loc_0001b18c ; je 0x1b18c +je short loc_0001b250 ; je 0x1b250 push eax push eax -push ref_000262b9 ; push 0x262b9 +push ref_00026368 ; push 0x26368 push 0x40 -loc_0001b184: -call fcn_000153f7 ; call 0x153f7 +loc_0001b248: +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001b18c: +loc_0001b250: lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -45401,67 +45473,67 @@ pop esi pop ebp ret -fcn_0001b195: ; not directly referenced +fcn_0001b259: ; not directly referenced push ebp mov ebp, esp push ebx push ecx mov ebx, dword [ebp + 0xc] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001b1c9 ; je 0x1b1c9 +je short loc_0001b28d ; je 0x1b28d cmp dword [ebx - 0x38], 0x626d7370 -je short loc_0001b1c9 ; je 0x1b1c9 +je short loc_0001b28d ; je 0x1b28d push edx -push ref_00026219 ; push 0x26219 +push ref_000262c8 ; push 0x262c8 push 0x120 -push ref_0002622e ; push 0x2622e -call fcn_000153fc ; call 0x153fc +push ref_000262dd ; push 0x262dd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_0001b1cc ; jmp 0x1b1cc +jmp short loc_0001b290 ; jmp 0x1b290 -loc_0001b1c9: ; not directly referenced +loc_0001b28d: ; not directly referenced sub ebx, 0x38 -loc_0001b1cc: ; not directly referenced +loc_0001b290: ; not directly referenced push eax push eax push ebx push dword [ebp + 8] -call fcn_0001af1a ; call 0x1af1a +call fcn_0001afde ; call 0x1afde xor eax, eax mov ebx, dword [ebp - 4] leave ret -fcn_0001b1de: ; not directly referenced +fcn_0001b2a2: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_0001b1e8: ; not directly referenced +fcn_0001b2ac: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_0001b1f2: ; not directly referenced +fcn_0001b2b6: ; not directly referenced push ebp mov eax, 0x80000003 mov ebp, esp pop ebp ret -fcn_0001b1fc: ; not directly referenced +fcn_0001b2c0: ; not directly referenced push ebp mov ebp, esp pop ebp ret -fcn_0001b201: +fcn_0001b2c5: push ebp mov ebp, esp push ebx @@ -45469,58 +45541,58 @@ sub esp, 8 push 3 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x20 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 and ebx, 0xffe0 add esp, 0x10 test al, al -je short loc_0001b253 ; je 0x1b253 +je short loc_0001b317 ; je 0x1b317 test ebx, ebx -je short loc_0001b23e ; je 0x1b23e +je short loc_0001b302 ; je 0x1b302 cmp ebx, 0xffe0 -jne short loc_0001b253 ; jne 0x1b253 +jne short loc_0001b317 ; jne 0x1b317 -loc_0001b23e: +loc_0001b302: push eax -push ref_000262d7 ; push 0x262d7 +push ref_00026386 ; push 0x26386 push 0x2c -push ref_00026305 ; push 0x26305 -call fcn_000153fc ; call 0x153fc +push ref_000263b4 ; push 0x263b4 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001b253: +loc_0001b317: mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_0001b25a: ; not directly referenced +fcn_0001b31e: ; not directly referenced push ebp mov ebp, esp push ebx push eax mov ebx, dword [ebp + 8] -call fcn_0001b201 ; call 0x1b201 +call fcn_0001b2c5 ; call 0x1b2c5 movzx ebx, bl add eax, ebx mov dword [ebp + 8], eax pop edx pop ebx pop ebp -jmp near fcn_00018e1d ; jmp 0x18e1d +jmp near fcn_00018ee1 ; jmp 0x18ee1 -fcn_0001b277: +fcn_0001b33b: push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 8] -call fcn_0001b201 ; call 0x1b201 +call fcn_0001b2c5 ; call 0x1b2c5 mov edx, esi movzx ebx, bl movzx esi, dl @@ -45530,79 +45602,79 @@ mov dword [ebp + 8], eax pop ebx pop esi pop ebp -jmp near fcn_00018e26 ; jmp 0x18e26 +jmp near fcn_00018eea ; jmp 0x18eea -fcn_0001b29f: ; not directly referenced +fcn_0001b363: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x186a0 push eax -loc_0001b2a9: ; not directly referenced +loc_0001b36d: ; not directly referenced sub esp, 0xc push 0 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e mov edx, dword [ebp + 8] add esp, 0x10 mov byte [edx], al test al, 0x8e -jne short loc_0001b2d3 ; jne 0x1b2d3 +jne short loc_0001b397 ; jne 0x1b397 sub esp, 0xc push 0xa -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec ebx -jne short loc_0001b2a9 ; jne 0x1b2a9 +jne short loc_0001b36d ; jne 0x1b36d xor eax, eax -jmp short loc_0001b2d5 ; jmp 0x1b2d5 +jmp short loc_0001b399 ; jmp 0x1b399 -loc_0001b2d3: ; not directly referenced +loc_0001b397: ; not directly referenced mov al, 1 -loc_0001b2d5: ; not directly referenced +loc_0001b399: ; not directly referenced mov ebx, dword [ebp - 4] leave ret -fcn_0001b2da: ; not directly referenced +fcn_0001b39e: ; not directly referenced push ebp mov ebp, esp push ebx mov ebx, 0x80000012 sub esp, 0x10 push 0 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e add esp, 0x10 test al, 0x40 -jne short loc_0001b31d ; jne 0x1b31d +jne short loc_0001b3e1 ; jne 0x1b3e1 test al, 1 -je short loc_0001b30b ; je 0x1b30b +je short loc_0001b3cf ; je 0x1b3cf push ecx push ecx push 0xff push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 -jmp short loc_0001b31d ; jmp 0x1b31d +jmp short loc_0001b3e1 ; jmp 0x1b3e1 -loc_0001b30b: ; not directly referenced +loc_0001b3cf: ; not directly referenced push edx movzx eax, al push edx xor ebx, ebx push eax push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 -loc_0001b31d: ; not directly referenced +loc_0001b3e1: ; not directly referenced mov eax, ebx mov ebx, dword [ebp - 4] leave ret -fcn_0001b324: ; not directly referenced +fcn_0001b3e8: ; not directly referenced push ebp mov ebp, esp push edi @@ -45613,44 +45685,44 @@ mov al, byte [ebp + 0x14] cmp dword [ebp + 0x10], 1 mov edi, dword [ebp + 0x18] mov byte [ebp - 0x2f], al -jbe short loc_0001b34e ; jbe 0x1b34e +jbe short loc_0001b412 ; jbe 0x1b412 cmp dword [ebp + 0x1c], 0 -je loc_0001b850 ; je 0x1b850 +je loc_0001b914 ; je 0x1b914 test edi, edi -je loc_0001b850 ; je 0x1b850 +je loc_0001b914 ; je 0x1b914 -loc_0001b34e: ; not directly referenced -call fcn_0001b2da ; call 0x1b2da +loc_0001b412: ; not directly referenced +call fcn_0001b39e ; call 0x1b39e test eax, eax -js loc_0001b855 ; js 0x1b855 +js loc_0001b919 ; js 0x1b919 mov al, byte [ebp + 8] mov dword [ebp - 0x34], 3 mov byte [ebp - 0x2d], 0 lea eax, [eax + eax + 1] mov byte [ebp - 0x2e], al -loc_0001b370: ; not directly referenced +loc_0001b434: ; not directly referenced mov al, byte [ebp - 0x2e] cmp dword [ebp + 0x10], 0xb mov byte [ebp - 0x2c], al mov al, byte [ebp + 0xc] mov byte [ebp - 0x30], al -ja loc_0001b525 ; ja 0x1b525 +ja loc_0001b5e9 ; ja 0x1b5e9 mov eax, dword [ebp + 0x10] -jmp dword [eax*4 + ref_00020510] ; ujmp: jmp dword [eax*4 + 0x20510] +jmp dword [eax*4 + ref_000205a0] ; ujmp: jmp dword [eax*4 + 0x205a0] -loc_0001b390: ; not directly referenced +loc_0001b454: ; not directly referenced mov al, byte [ebp - 0x2e] dec eax mov byte [ebp - 0x2c], al -loc_0001b397: ; not directly referenced +loc_0001b45b: ; not directly referenced cmp byte [ebp - 0x2f], 1 -je loc_0001b515 ; je 0x1b515 +je loc_0001b5d9 ; je 0x1b5d9 xor esi, esi -jmp near loc_0001b511 ; jmp 0x1b511 +jmp near loc_0001b5d5 ; jmp 0x1b5d5 -loc_0001b3a8: ; not directly referenced +loc_0001b46c: ; not directly referenced mov eax, dword [ebp + 0x1c] mov al, byte [eax] mov byte [ebp - 0x30], al @@ -45658,42 +45730,42 @@ mov al, byte [ebp - 0x2e] dec eax mov byte [ebp - 0x2c], al -loc_0001b3b7: ; not directly referenced +loc_0001b47b: ; not directly referenced cmp dword [edi], 1 mov esi, 4 mov dword [edi], 1 sbb ebx, ebx and ebx, 0x80000005 -jmp near loc_0001b4d3 ; jmp 0x1b4d3 +jmp near loc_0001b597 ; jmp 0x1b597 -loc_0001b3d2: ; not directly referenced +loc_0001b496: ; not directly referenced mov eax, dword [ebp + 0x1c] push ecx push ecx movzx eax, byte [eax] push eax push 5 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b mov al, byte [ebp - 0x2e] add esp, 0x10 mov dword [edi], 1 dec eax mov byte [ebp - 0x2c], al -loc_0001b3f2: ; not directly referenced +loc_0001b4b6: ; not directly referenced mov eax, dword [edi] test eax, eax -je loc_0001b502 ; je 0x1b502 +je loc_0001b5c6 ; je 0x1b5c6 cmp eax, 1 -je loc_0001b50c ; je 0x1b50c +je loc_0001b5d0 ; je 0x1b5d0 cmp eax, 0x100 -ja loc_0001b525 ; ja 0x1b525 +ja loc_0001b5e9 ; ja 0x1b5e9 cmp byte [ebp - 0x2f], 1 -je loc_0001b515 ; je 0x1b515 +je loc_0001b5d9 ; je 0x1b5d9 mov esi, 0x18 -jmp near loc_0001b511 ; jmp 0x1b511 +jmp near loc_0001b5d5 ; jmp 0x1b5d5 -loc_0001b424: ; not directly referenced +loc_0001b4e8: ; not directly referenced mov al, byte [ebp - 0x2e] dec eax mov byte [ebp - 0x2c], al @@ -45703,31 +45775,31 @@ mov eax, dword [ebp + 0x1c] movzx eax, byte [eax + 1] push eax push 6 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b pop eax mov eax, dword [ebp + 0x1c] pop edx movzx eax, byte [eax] push eax push 5 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 -loc_0001b44f: ; not directly referenced +loc_0001b513: ; not directly referenced cmp dword [edi], 2 mov esi, 0xc mov dword [edi], 2 sbb ebx, ebx and ebx, 0x80000005 -jmp short loc_0001b4d3 ; jmp 0x1b4d3 +jmp short loc_0001b597 ; jmp 0x1b597 -loc_0001b467: ; not directly referenced +loc_0001b52b: ; not directly referenced push eax push eax movzx eax, byte [edi] push eax push 5 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b mov al, byte [ebp - 0x2e] add esp, 0x10 dec eax @@ -45735,22 +45807,22 @@ mov byte [ebp - 0x2c], al mov al, byte [edi] mov byte [ebp - 0x2d], al -loc_0001b483: ; not directly referenced +loc_0001b547: ; not directly referenced mov eax, dword [edi] dec eax cmp eax, 0x1f -ja loc_0001b525 ; ja 0x1b525 +ja loc_0001b5e9 ; ja 0x1b5e9 mov esi, 0x14 -jmp near loc_0001b51f ; jmp 0x1b51f +jmp near loc_0001b5e3 ; jmp 0x1b5e3 -loc_0001b499: ; not directly referenced +loc_0001b55d: ; not directly referenced mov eax, dword [ebp + 0x1c] push ebx push ebx movzx eax, byte [eax + 1] push eax push 6 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b pop esi mov esi, 0x10 pop eax @@ -45758,63 +45830,63 @@ mov eax, dword [ebp + 0x1c] movzx eax, byte [eax] push eax push 5 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 cmp dword [edi], 2 mov dword [edi], 2 sbb ebx, ebx and ebx, 0x80000005 -loc_0001b4d3: ; not directly referenced +loc_0001b597: ; not directly referenced xor eax, eax test ebx, ebx -jns short loc_0001b52f ; jns 0x1b52f -jmp near loc_0001b825 ; jmp 0x1b825 +jns short loc_0001b5f3 ; jns 0x1b5f3 +jmp near loc_0001b8e9 ; jmp 0x1b8e9 -loc_0001b4de: ; not directly referenced +loc_0001b5a2: ; not directly referenced mov eax, dword [edi] dec eax cmp eax, 0x1f -ja short loc_0001b525 ; ja 0x1b525 +ja short loc_0001b5e9 ; ja 0x1b5e9 push ecx mov esi, 0x1c push ecx movzx eax, byte [edi] push eax push 5 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b mov al, byte [edi] add esp, 0x10 mov byte [ebp - 0x2d], al -jmp short loc_0001b51f ; jmp 0x1b51f +jmp short loc_0001b5e3 ; jmp 0x1b5e3 -loc_0001b502: ; not directly referenced +loc_0001b5c6: ; not directly referenced mov ebx, 0x80000005 -jmp near loc_0001b825 ; jmp 0x1b825 +jmp near loc_0001b8e9 ; jmp 0x1b8e9 -loc_0001b50c: ; not directly referenced +loc_0001b5d0: ; not directly referenced mov esi, 8 -loc_0001b511: ; not directly referenced +loc_0001b5d5: ; not directly referenced xor eax, eax -jmp short loc_0001b521 ; jmp 0x1b521 +jmp short loc_0001b5e5 ; jmp 0x1b5e5 -loc_0001b515: ; not directly referenced +loc_0001b5d9: ; not directly referenced mov ebx, 0x80000003 -jmp near loc_0001b825 ; jmp 0x1b825 +jmp near loc_0001b8e9 ; jmp 0x1b8e9 -loc_0001b51f: ; not directly referenced +loc_0001b5e3: ; not directly referenced mov al, 2 -loc_0001b521: ; not directly referenced +loc_0001b5e5: ; not directly referenced xor ebx, ebx -jmp short loc_0001b52f ; jmp 0x1b52f +jmp short loc_0001b5f3 ; jmp 0x1b5f3 -loc_0001b525: ; not directly referenced +loc_0001b5e9: ; not directly referenced mov ebx, 0x80000002 -jmp near loc_0001b825 ; jmp 0x1b825 +jmp near loc_0001b8e9 ; jmp 0x1b8e9 -loc_0001b52f: ; not directly referenced +loc_0001b5f3: ; not directly referenced mov dl, al or edx, 1 cmp byte [ebp - 0x2f], 1 @@ -45824,36 +45896,36 @@ movzx eax, al push edx push eax push 0xd -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b mov dword [esp], 2 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e mov eax, dword [ebp + 0x10] add esp, 0x10 and eax, 0xfffffffd cmp eax, 9 -je short loc_0001b57f ; je 0x1b57f +je short loc_0001b643 ; je 0x1b643 -loc_0001b562: ; not directly referenced +loc_0001b626: ; not directly referenced movzx eax, byte [ebp - 0x2c] push ecx push ecx push eax push 4 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 movzx eax, byte [ebp - 0x30] cmp dword [ebp + 0x10], 4 -jne short loc_0001b5b6 ; jne 0x1b5b6 -jmp short loc_0001b5aa ; jmp 0x1b5aa +jne short loc_0001b67a ; jne 0x1b67a +jmp short loc_0001b66e ; jmp 0x1b66e -loc_0001b57f: ; not directly referenced +loc_0001b643: ; not directly referenced movzx ecx, byte [ebp - 0x2d] xor eax, eax mov dword [ebp - 0x38], ecx -loc_0001b588: ; not directly referenced +loc_0001b64c: ; not directly referenced cmp eax, dword [ebp - 0x38] -jae short loc_0001b562 ; jae 0x1b562 +jae short loc_0001b626 ; jae 0x1b626 mov ecx, dword [ebp + 0x1c] push edx push edx @@ -45861,29 +45933,29 @@ movzx edx, byte [ecx + eax] mov dword [ebp - 0x3c], eax push edx push 7 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b mov eax, dword [ebp - 0x3c] add esp, 0x10 inc eax -jmp short loc_0001b588 ; jmp 0x1b588 +jmp short loc_0001b64c ; jmp 0x1b64c -loc_0001b5aa: ; not directly referenced +loc_0001b66e: ; not directly referenced cmp dword [edi], 1 -jbe short loc_0001b5b6 ; jbe 0x1b5b6 +jbe short loc_0001b67a ; jbe 0x1b67a push ecx push ecx push eax push 6 -jmp short loc_0001b5bb ; jmp 0x1b5bb +jmp short loc_0001b67f ; jmp 0x1b67f -loc_0001b5b6: ; not directly referenced +loc_0001b67a: ; not directly referenced push edx push edx push eax push 3 -loc_0001b5bb: ; not directly referenced -call fcn_0001b277 ; call 0x1b277 +loc_0001b67f: ; not directly referenced +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 lea eax, [esi + 0x40] movzx esi, al @@ -45891,283 +45963,283 @@ push ecx push ecx push esi push 2 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b lea eax, [ebp - 0x19] mov dword [esp], eax -call fcn_0001b29f ; call 0x1b29f +call fcn_0001b363 ; call 0x1b363 add esp, 0x10 test al, al -je loc_0001b820 ; je 0x1b820 +je loc_0001b8e4 ; je 0x1b8e4 mov al, byte [ebp - 0x19] test al, 4 -je short loc_0001b612 ; je 0x1b612 +je short loc_0001b6d6 ; je 0x1b6d6 sub esp, 0xc push 0xc -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e add esp, 0x10 and eax, 1 cmp al, 1 sbb ebx, ebx and ebx, 0xffffffec sub ebx, 0x7fffffe5 -jmp near loc_0001b825 ; jmp 0x1b825 +jmp near loc_0001b8e9 ; jmp 0x1b8e9 -loc_0001b612: ; not directly referenced +loc_0001b6d6: ; not directly referenced test al, 8 -je short loc_0001b63a ; je 0x1b63a +je short loc_0001b6fe ; je 0x1b6fe push ebx push ebx push 8 push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b pop esi pop eax push 0xff push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b pop eax pop edx push 1 push 0xc -jmp near loc_0001b7fc ; jmp 0x1b7fc +jmp near loc_0001b8c0 ; jmp 0x1b8c0 -loc_0001b63a: ; not directly referenced +loc_0001b6fe: ; not directly referenced mov eax, dword [ebp + 0x10] sub eax, 2 cmp eax, 9 -ja loc_0001b7e8 ; ja 0x1b7e8 -jmp dword [eax*4 + ref_00020540] ; ujmp: jmp dword [eax*4 + 0x20540] +ja loc_0001b8ac ; ja 0x1b8ac +jmp dword [eax*4 + ref_000205d0] ; ujmp: jmp dword [eax*4 + 0x205d0] -loc_0001b650: ; not directly referenced +loc_0001b714: ; not directly referenced sub esp, 0xc push 6 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e mov ecx, dword [ebp + 0x1c] mov byte [ecx + 1], al mov dword [esp], 5 -jmp near loc_0001b727 ; jmp 0x1b727 +jmp near loc_0001b7eb ; jmp 0x1b7eb -loc_0001b66c: ; not directly referenced +loc_0001b730: ; not directly referenced cmp dword [edi], 1 -jbe loc_0001b722 ; jbe 0x1b722 +jbe loc_0001b7e6 ; jbe 0x1b7e6 xor esi, esi -loc_0001b677: ; not directly referenced +loc_0001b73b: ; not directly referenced cmp esi, dword [edi] -jae loc_0001b7e8 ; jae 0x1b7e8 +jae loc_0001b8ac ; jae 0x1b8ac sub esp, 0xc push 7 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e mov ecx, dword [ebp + 0x1c] add esp, 0x10 mov byte [ecx + esi], al mov eax, dword [edi] lea edx, [eax - 2] cmp esi, edx -jne short loc_0001b6af ; jne 0x1b6af +jne short loc_0001b773 ; jne 0x1b773 sub esp, 0xc push 2 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e pop edx pop ecx or eax, 0x20 movzx eax, al -jmp short loc_0001b6c5 ; jmp 0x1b6c5 +jmp short loc_0001b789 ; jmp 0x1b789 -loc_0001b6af: ; not directly referenced +loc_0001b773: ; not directly referenced dec eax cmp esi, eax -jne short loc_0001b6d0 ; jne 0x1b6d0 +jne short loc_0001b794 ; jne 0x1b794 sub esp, 0xc push 2 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e pop edx pop ecx and eax, 0xdf -loc_0001b6c5: ; not directly referenced +loc_0001b789: ; not directly referenced push eax push 2 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 -loc_0001b6d0: ; not directly referenced +loc_0001b794: ; not directly referenced push eax push eax push 0x80 push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b mov eax, dword [edi] add esp, 0x10 dec eax cmp esi, eax -jae short loc_0001b71c ; jae 0x1b71c +jae short loc_0001b7e0 ; jae 0x1b7e0 mov dword [ebp - 0x2c], 0x64 -loc_0001b6ef: ; not directly referenced +loc_0001b7b3: ; not directly referenced sub esp, 0xc push 0 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e add esp, 0x10 test al, al -js short loc_0001b71c ; js 0x1b71c +js short loc_0001b7e0 ; js 0x1b7e0 sub esp, 0xc push 0xa -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec dword [ebp - 0x2c] -jne short loc_0001b6ef ; jne 0x1b6ef +jne short loc_0001b7b3 ; jne 0x1b7b3 mov ebx, 0x80000012 -jmp near loc_0001b7e8 ; jmp 0x1b7e8 +jmp near loc_0001b8ac ; jmp 0x1b8ac -loc_0001b71c: ; not directly referenced +loc_0001b7e0: ; not directly referenced inc esi -jmp near loc_0001b677 ; jmp 0x1b677 +jmp near loc_0001b73b ; jmp 0x1b73b -loc_0001b722: ; not directly referenced +loc_0001b7e6: ; not directly referenced sub esp, 0xc push 5 -loc_0001b727: ; not directly referenced -call fcn_0001b25a ; call 0x1b25a +loc_0001b7eb: ; not directly referenced +call fcn_0001b31e ; call 0x1b31e mov ecx, dword [ebp + 0x1c] mov byte [ecx], al -jmp short loc_0001b741 ; jmp 0x1b741 +jmp short loc_0001b805 ; jmp 0x1b805 -loc_0001b733: ; not directly referenced +loc_0001b7f7: ; not directly referenced push eax push eax push 0x80 push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b -loc_0001b741: ; not directly referenced +loc_0001b805: ; not directly referenced add esp, 0x10 -jmp near loc_0001b7e8 ; jmp 0x1b7e8 +jmp near loc_0001b8ac ; jmp 0x1b8ac -loc_0001b749: ; not directly referenced +loc_0001b80d: ; not directly referenced sub esp, 0xc xor esi, esi push 5 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e add esp, 0x10 mov byte [ebp - 0x2d], al movzx edx, al mov al, 1 cmp dword [edi], edx -jb short loc_0001b786 ; jb 0x1b786 +jb short loc_0001b84a ; jb 0x1b84a -loc_0001b764: ; not directly referenced +loc_0001b828: ; not directly referenced cmp esi, edx -jae short loc_0001b784 ; jae 0x1b784 +jae short loc_0001b848 ; jae 0x1b848 sub esp, 0xc push 7 mov dword [ebp - 0x2c], edx -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e mov ecx, dword [ebp + 0x1c] add esp, 0x10 mov edx, dword [ebp - 0x2c] mov byte [ecx + esi], al inc esi -jmp short loc_0001b764 ; jmp 0x1b764 +jmp short loc_0001b828 ; jmp 0x1b828 -loc_0001b784: ; not directly referenced +loc_0001b848: ; not directly referenced xor eax, eax -loc_0001b786: ; not directly referenced +loc_0001b84a: ; not directly referenced test al, al mov eax, 0x80000005 mov dword [edi], edx cmovne ebx, eax -jmp short loc_0001b7e8 ; jmp 0x1b7e8 +jmp short loc_0001b8ac ; jmp 0x1b8ac -loc_0001b794: ; not directly referenced +loc_0001b858: ; not directly referenced sub esp, 0xc push 5 -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e add esp, 0x10 mov byte [ebp - 0x2d], al test al, al -je short loc_0001b7dc ; je 0x1b7dc +je short loc_0001b8a0 ; je 0x1b8a0 movzx eax, byte [edi] xor esi, esi movzx edx, byte [ebp - 0x2d] add eax, edx cmp eax, 0x20 -jg short loc_0001b7e3 ; jg 0x1b7e3 +jg short loc_0001b8a7 ; jg 0x1b8a7 -loc_0001b7b8: ; not directly referenced +loc_0001b87c: ; not directly referenced cmp esi, edx -jae short loc_0001b7d8 ; jae 0x1b7d8 +jae short loc_0001b89c ; jae 0x1b89c sub esp, 0xc push 7 mov dword [ebp - 0x2c], edx -call fcn_0001b25a ; call 0x1b25a +call fcn_0001b31e ; call 0x1b31e mov ecx, dword [ebp + 0x1c] add esp, 0x10 mov edx, dword [ebp - 0x2c] mov byte [ecx + esi], al inc esi -jmp short loc_0001b7b8 ; jmp 0x1b7b8 +jmp short loc_0001b87c ; jmp 0x1b87c -loc_0001b7d8: ; not directly referenced +loc_0001b89c: ; not directly referenced mov dword [edi], edx -jmp short loc_0001b7e8 ; jmp 0x1b7e8 +jmp short loc_0001b8ac ; jmp 0x1b8ac -loc_0001b7dc: ; not directly referenced +loc_0001b8a0: ; not directly referenced mov ebx, 0x80000005 -jmp short loc_0001b7e8 ; jmp 0x1b7e8 +jmp short loc_0001b8ac ; jmp 0x1b8ac -loc_0001b7e3: ; not directly referenced +loc_0001b8a7: ; not directly referenced mov ebx, 0x80000007 -loc_0001b7e8: ; not directly referenced +loc_0001b8ac: ; not directly referenced test byte [ebp - 0x19], 8 -je short loc_0001b825 ; je 0x1b825 +je short loc_0001b8e9 ; je 0x1b8e9 cmp ebx, 0x80000005 -je short loc_0001b825 ; je 0x1b825 +je short loc_0001b8e9 ; je 0x1b8e9 push eax push eax push 8 push 0 -loc_0001b7fc: ; not directly referenced -call fcn_0001b277 ; call 0x1b277 +loc_0001b8c0: ; not directly referenced +call fcn_0001b33b ; call 0x1b33b mov dword [esp], 0xa -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 add esp, 0x10 dec dword [ebp - 0x34] -jne loc_0001b370 ; jne 0x1b370 +jne loc_0001b434 ; jne 0x1b434 mov ebx, 0x80000007 -jmp short loc_0001b825 ; jmp 0x1b825 +jmp short loc_0001b8e9 ; jmp 0x1b8e9 -loc_0001b820: ; not directly referenced +loc_0001b8e4: ; not directly referenced mov ebx, 0x80000012 -loc_0001b825: ; not directly referenced +loc_0001b8e9: ; not directly referenced push eax push eax push 0xff push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b pop edx pop ecx push 1 push 0xc -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b pop esi pop edi push 0 push 0xd -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 mov eax, ebx -jmp short loc_0001b855 ; jmp 0x1b855 +jmp short loc_0001b919 ; jmp 0x1b919 -loc_0001b850: ; not directly referenced +loc_0001b914: ; not directly referenced mov eax, 0x80000002 -loc_0001b855: ; not directly referenced +loc_0001b919: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -46175,7 +46247,7 @@ pop edi pop ebp ret -fcn_0001b85d: ; not directly referenced +fcn_0001b921: ; not directly referenced push ebp mov ebp, esp push ebx @@ -46183,7 +46255,7 @@ sub esp, 8 push 3 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a pop edx pop ecx push 1 @@ -46191,94 +46263,94 @@ mov ebx, eax lea eax, [eax + 4] add ebx, 0x40 push eax -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0xc push 1 push 0xf9 push ebx -call fcn_000186c6 ; call 0x186c6 +call fcn_0001878a ; call 0x1878a pop ebx pop eax push 0xff push 0 -call fcn_0001b277 ; call 0x1b277 +call fcn_0001b33b ; call 0x1b33b add esp, 0x10 mov ebx, dword [ebp - 4] leave ret -fcn_0001b8a7: +fcn_0001b96b: push ebp mov ebp, esp push esi push ebx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001b8c6 ; je 0x1b8c6 +je short loc_0001b98a ; je 0x1b98a push ebx push ebx -push ref_00026331 ; push 0x26331 +push ref_000263e0 ; push 0x263e0 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001b8c6: +loc_0001b98a: sub esp, 0xc mov esi, 0x80000009 push 0x20 -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov ebx, eax test eax, eax -je loc_0001b969 ; je 0x1b969 +je loc_0001ba2d ; je 0x1ba2d sub esp, 0xc lea eax, [eax + 0xc] push eax -call fcn_0001ff03 ; call 0x1ff03 +call fcn_0001ff91 ; call 0x1ff91 lea eax, [ebx + 0x14] mov dword [ebx], 0x80000010 -mov dword [ebx + 4], ref_0002908c ; mov dword [ebx + 4], 0x2908c +mov dword [ebx + 4], ref_0002913c ; mov dword [ebx + 4], 0x2913c mov dword [ebx + 8], eax mov dword [esp], ebx -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001b94d ; je 0x1b94d +je short loc_0001ba11 ; je 0x1ba11 test ebx, ebx -jns short loc_0001b94d ; jns 0x1b94d -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001ba11 ; jns 0x1ba11 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001b938 ; je 0x1b938 +je short loc_0001b9fc ; je 0x1b9fc push ecx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001b938: +loc_0001b9fc: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x4c -push ref_0002634a ; push 0x2634a -call fcn_000153fc ; call 0x153fc +push ref_000263f9 ; push 0x263f9 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001b94d: -call fcn_000153e9 ; call 0x153e9 +loc_0001ba11: +call fcn_00015479 ; call 0x15479 mov esi, ebx test al, al -je short loc_0001b969 ; je 0x1b969 +je short loc_0001ba2d ; je 0x1ba2d push eax push eax -push ref_0002636f ; push 0x2636f +push ref_0002641e ; push 0x2641e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001b969: +loc_0001ba2d: lea esp, [ebp - 8] mov eax, esi pop ebx @@ -46286,7 +46358,7 @@ pop esi pop ebp ret -fcn_0001b972: ; not directly referenced +fcn_0001ba36: ; not directly referenced push ebp mov ebp, esp push edi @@ -46296,83 +46368,83 @@ sub esp, 0x1c mov eax, dword [ebp + 8] sub eax, 4 cmp eax, 1 -ja short loc_0001b9c5 ; ja 0x1b9c5 +ja short loc_0001ba89 ; ja 0x1ba89 push 0 push 0 push 0 -push ref_00028fec ; push 0x28fec -call fcn_00019699 ; call 0x19699 +push ref_0002909c ; push 0x2909c +call fcn_0001975d ; call 0x1975d add esp, 0x10 test eax, eax -jne short loc_0001b9c5 ; jne 0x1b9c5 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0001ba89 ; jne 0x1ba89 +call fcn_00015479 ; call 0x15479 mov ebx, 0x80000003 test al, al -je loc_0001ba35 ; je 0x1ba35 +je loc_0001baf9 ; je 0x1baf9 push ecx push ecx -push ref_00026386 ; push 0x26386 +push ref_00026435 ; push 0x26435 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0001ba35 ; jmp 0x1ba35 +jmp short loc_0001baf9 ; jmp 0x1baf9 -loc_0001b9c5: ; not directly referenced +loc_0001ba89: ; not directly referenced xor ebx, ebx lea edi, [ebp - 0x1c] -loc_0001b9ca: ; not directly referenced +loc_0001ba8e: ; not directly referenced push edi push 0 push ebx -push ref_000290ac ; push 0x290ac -call fcn_00019699 ; call 0x19699 +push ref_0002915c ; push 0x2915c +call fcn_0001975d ; call 0x1975d add esp, 0x10 mov esi, eax test eax, eax -jne short loc_0001b9ee ; jne 0x1b9ee +jne short loc_0001bab2 ; jne 0x1bab2 mov eax, dword [ebp - 0x1c] sub esp, 0xc push dword [ebp + 8] call dword [eax] ; ucall -jmp short loc_0001ba27 ; jmp 0x1ba27 +jmp short loc_0001baeb ; jmp 0x1baeb -loc_0001b9ee: ; not directly referenced +loc_0001bab2: ; not directly referenced cmp eax, 0x8000000e -jne short loc_0001ba10 ; jne 0x1ba10 +jne short loc_0001bad4 ; jne 0x1bad4 test ebx, ebx -jne short loc_0001ba10 ; jne 0x1ba10 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0001bad4 ; jne 0x1bad4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001ba2a ; je 0x1ba2a +je short loc_0001baee ; je 0x1baee push edx push edx -push ref_000263b0 ; push 0x263b0 +push ref_0002645f ; push 0x2645f push 0x80000040 -jmp short loc_0001ba22 ; jmp 0x1ba22 +jmp short loc_0001bae6 ; jmp 0x1bae6 -loc_0001ba10: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001bad4: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001ba2a ; je 0x1ba2a +je short loc_0001baee ; je 0x1baee push eax push eax -push ref_000263db ; push 0x263db +push ref_0002648a ; push 0x2648a push 0x40 -loc_0001ba22: ; not directly referenced -call fcn_000153f7 ; call 0x153f7 +loc_0001bae6: ; not directly referenced +call fcn_00015487 ; call 0x15487 -loc_0001ba27: ; not directly referenced +loc_0001baeb: ; not directly referenced add esp, 0x10 -loc_0001ba2a: ; not directly referenced +loc_0001baee: ; not directly referenced inc ebx cmp esi, 0x8000000e -jne short loc_0001b9ca ; jne 0x1b9ca +jne short loc_0001ba8e ; jne 0x1ba8e xor ebx, ebx -loc_0001ba35: ; not directly referenced +loc_0001baf9: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -46381,7 +46453,7 @@ pop edi pop ebp ret -fcn_0001ba3f: +fcn_0001bb03: push ebp mov ebp, esp push edi @@ -46390,20 +46462,20 @@ push ebx sub esp, 0x1c mov edi, dword [ebp + 8] test edi, edi -je loc_0001badd ; je 0x1badd +je loc_0001bba1 ; je 0x1bba1 push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x40 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov esi, eax and esi, 0xfffc add esi, 8 mov dword [esp], esi -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 mov ecx, 0x64 xor edx, edx add esp, 0x10 @@ -46416,37 +46488,37 @@ mov ecx, edi and edi, 0xffffff shr ecx, 0x18 -loc_0001baa6: +loc_0001bb6a: test ecx, ecx setne dl cmp edi, ebx -jbe short loc_0001bad9 ; jbe 0x1bad9 +jbe short loc_0001bb9d ; jbe 0x1bb9d -loc_0001baaf: +loc_0001bb73: sub esp, 0xc push esi mov dword [ebp - 0x20], edx mov dword [ebp - 0x1c], ecx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 add esp, 0x10 mov ecx, dword [ebp - 0x1c] mov edx, dword [ebp - 0x20] and eax, 0xffffff cmp eax, ebx -jae short loc_0001bad5 ; jae 0x1bad5 +jae short loc_0001bb99 ; jae 0x1bb99 test dl, dl -je short loc_0001badd ; je 0x1badd +je short loc_0001bba1 ; je 0x1bba1 dec ecx -loc_0001bad5: +loc_0001bb99: mov ebx, eax -jmp short loc_0001baa6 ; jmp 0x1baa6 +jmp short loc_0001bb6a ; jmp 0x1bb6a -loc_0001bad9: +loc_0001bb9d: test dl, dl -jne short loc_0001baaf ; jne 0x1baaf +jne short loc_0001bb73 ; jne 0x1bb73 -loc_0001badd: +loc_0001bba1: lea esp, [ebp - 0xc] pop ebx pop esi @@ -46454,7 +46526,7 @@ pop edi pop ebp ret -fcn_0001bae5: +fcn_0001bba9: push ebp mov ebp, esp push ebx @@ -46462,31 +46534,31 @@ sub esp, 0x10 mov ebx, dword [ebp + 8] lea eax, [ebx + 0x3804] push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 xor edx, edx test ah, 0x40 -je short loc_0001bb32 ; je 0x1bb32 +je short loc_0001bbf6 ; je 0x1bbf6 push eax push 0 push 0xffff8003 lea eax, [ebx + 0x38b0] add ebx, 0x38b4 push eax -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 cmp eax, 0xff0a55a sete dl -loc_0001bb32: +loc_0001bbf6: mov al, dl mov ebx, dword [ebp - 4] leave ret -fcn_0001bb39: +fcn_0001bbfd: push ebp mov ebp, esp push ebx @@ -46494,148 +46566,148 @@ sub esp, 0x18 push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov ebx, eax lea eax, [eax + 8] add ebx, 2 mov dword [esp], eax -call fcn_00017cc7 ; call 0x17cc7 +call fcn_00017d8b ; call 0x17d8b mov dword [esp], ebx mov dl, al mov dword [ebp - 0xc], edx -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, dword [ebp - 0xc] mov ecx, eax and ecx, 0xfffffffd cmp cx, 0x8c44 -je short loc_0001bbbc ; je 0x1bbbc +je short loc_0001bc80 ; je 0x1bc80 lea ecx, [eax + 0x73b2] cmp cx, 2 -jbe short loc_0001bbbc ; jbe 0x1bbbc +jbe short loc_0001bc80 ; jbe 0x1bc80 lea ecx, [eax + 0x73b7] cmp cx, 3 -jbe short loc_0001bbbc ; jbe 0x1bbbc +jbe short loc_0001bc80 ; jbe 0x1bc80 lea ecx, [eax + 0x73bf] cmp cx, 1 -jbe short loc_0001bbbc ; jbe 0x1bbbc +jbe short loc_0001bc80 ; jbe 0x1bc80 cmp ax, 0x8c58 -je short loc_0001bbbc ; je 0x1bbbc +je short loc_0001bc80 ; je 0x1bc80 mov ecx, eax and ecx, 0xfffffffb cmp cx, 0x8c52 -je short loc_0001bbbc ; je 0x1bbbc +je short loc_0001bc80 ; je 0x1bc80 mov ecx, eax and ecx, 0xfffffff7 cmp cx, 0x8c54 -jne short loc_0001bbe3 ; jne 0x1bbe3 +jne short loc_0001bca7 ; jne 0x1bca7 -loc_0001bbbc: +loc_0001bc80: cmp dl, 4 -je loc_0001bc99 ; je 0x1bc99 +je loc_0001bd5d ; je 0x1bd5d cmp dl, 5 -je short loc_0001bbd9 ; je 0x1bbd9 +je short loc_0001bc9d ; je 0x1bc9d mov eax, 1 cmp dl, 3 -jne short loc_0001bbfc ; jne 0x1bbfc -jmp near loc_0001bcac ; jmp 0x1bcac +jne short loc_0001bcc0 ; jne 0x1bcc0 +jmp near loc_0001bd70 ; jmp 0x1bd70 -loc_0001bbd9: +loc_0001bc9d: mov eax, 3 -jmp near loc_0001bcac ; jmp 0x1bcac +jmp near loc_0001bd70 ; jmp 0x1bd70 -loc_0001bbe3: +loc_0001bca7: lea ecx, [eax + 0x733f] cmp cx, 5 -ja short loc_0001bc11 ; ja 0x1bc11 +ja short loc_0001bcd5 ; ja 0x1bcd5 mov eax, 0x10 test dl, dl -je loc_0001bcac ; je 0x1bcac +je loc_0001bd70 ; je 0x1bd70 -loc_0001bbfc: -call fcn_000153e9 ; call 0x153e9 +loc_0001bcc0: +call fcn_00015479 ; call 0x15479 test al, al -je loc_0001bc92 ; je 0x1bc92 +je loc_0001bd56 ; je 0x1bd56 push ecx -push ref_00026405 ; push 0x26405 -jmp short loc_0001bc80 ; jmp 0x1bc80 +push ref_000264b4 ; push 0x264b4 +jmp short loc_0001bd44 ; jmp 0x1bd44 -loc_0001bc11: +loc_0001bcd5: lea ecx, [eax + 0x63bf] cmp cx, 6 -ja short loc_0001bc4b ; ja 0x1bc4b +ja short loc_0001bd0f ; ja 0x1bd0f cmp dl, 3 -je short loc_0001bca0 ; je 0x1bca0 +je short loc_0001bd64 ; je 0x1bd64 cmp dl, 4 -je short loc_0001bc33 ; je 0x1bc33 +je short loc_0001bcf7 ; je 0x1bcf7 mov eax, 0x20 cmp dl, 2 -jne short loc_0001bc3a ; jne 0x1bc3a -jmp short loc_0001bcac ; jmp 0x1bcac +jne short loc_0001bcfe ; jne 0x1bcfe +jmp short loc_0001bd70 ; jmp 0x1bd70 -loc_0001bc33: +loc_0001bcf7: mov eax, 0x22 -jmp short loc_0001bcac ; jmp 0x1bcac +jmp short loc_0001bd70 ; jmp 0x1bd70 -loc_0001bc3a: -call fcn_000153e9 ; call 0x153e9 +loc_0001bcfe: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001bc92 ; je 0x1bc92 +je short loc_0001bd56 ; je 0x1bd56 push edx -push ref_0002640c ; push 0x2640c -jmp short loc_0001bc80 ; jmp 0x1bc80 +push ref_000264bb ; push 0x264bb +jmp short loc_0001bd44 ; jmp 0x1bd44 -loc_0001bc4b: +loc_0001bd0f: add ax, 0x633f cmp ax, 0xa -ja short loc_0001bc92 ; ja 0x1bc92 +ja short loc_0001bd56 ; ja 0x1bd56 cmp dl, 2 -je short loc_0001bca7 ; je 0x1bca7 +je short loc_0001bd6b ; je 0x1bd6b cmp dl, 3 -je short loc_0001bc6a ; je 0x1bc6a +je short loc_0001bd2e ; je 0x1bd2e dec dl -jne short loc_0001bc71 ; jne 0x1bc71 +jne short loc_0001bd35 ; jne 0x1bd35 mov eax, 0x41 -jmp short loc_0001bcac ; jmp 0x1bcac +jmp short loc_0001bd70 ; jmp 0x1bd70 -loc_0001bc6a: +loc_0001bd2e: mov eax, 0x43 -jmp short loc_0001bcac ; jmp 0x1bcac +jmp short loc_0001bd70 ; jmp 0x1bd70 -loc_0001bc71: -call fcn_000153e9 ; call 0x153e9 +loc_0001bd35: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001bc92 ; je 0x1bc92 +je short loc_0001bd56 ; je 0x1bd56 push eax -push ref_00026414 ; push 0x26414 +push ref_000264c3 ; push 0x264c3 -loc_0001bc80: -push ref_000295b0 ; push 0x295b0 +loc_0001bd44: +push ref_00029660 ; push 0x29660 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001bc92: +loc_0001bd56: mov eax, 0x44 -jmp short loc_0001bcac ; jmp 0x1bcac +jmp short loc_0001bd70 ; jmp 0x1bd70 -loc_0001bc99: +loc_0001bd5d: mov eax, 2 -jmp short loc_0001bcac ; jmp 0x1bcac +jmp short loc_0001bd70 ; jmp 0x1bd70 -loc_0001bca0: +loc_0001bd64: mov eax, 0x21 -jmp short loc_0001bcac ; jmp 0x1bcac +jmp short loc_0001bd70 ; jmp 0x1bd70 -loc_0001bca7: +loc_0001bd6b: mov eax, 0x42 -loc_0001bcac: +loc_0001bd70: mov ebx, dword [ebp - 4] leave ret -fcn_0001bcb1: +fcn_0001bd75: push ebp mov ebp, esp push esi @@ -46644,68 +46716,68 @@ push edx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 2] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov dword [esp], esi movzx ebx, ax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp ax, 0x8086 -jne short loc_0001bd5c ; jne 0x1bd5c +jne short loc_0001be20 ; jne 0x1be20 mov eax, ebx mov esi, 1 and eax, 0xfffffffd cmp ax, 0x8c44 -je loc_0001bd82 ; je 0x1bd82 +je loc_0001be46 ; je 0x1be46 lea eax, [ebx + 0x73b2] cmp ax, 2 -jbe short loc_0001bd82 ; jbe 0x1bd82 +jbe short loc_0001be46 ; jbe 0x1be46 lea eax, [ebx + 0x73b7] cmp ax, 3 -jbe short loc_0001bd82 ; jbe 0x1bd82 +jbe short loc_0001be46 ; jbe 0x1be46 lea eax, [ebx + 0x73bf] cmp ax, 1 -jbe short loc_0001bd82 ; jbe 0x1bd82 +jbe short loc_0001be46 ; jbe 0x1be46 cmp bx, 0x8c58 -je short loc_0001bd82 ; je 0x1bd82 +je short loc_0001be46 ; je 0x1be46 mov eax, ebx and eax, 0xfffffffb cmp ax, 0x8c52 -je short loc_0001bd7d ; je 0x1bd7d +je short loc_0001be41 ; je 0x1be41 mov eax, ebx and eax, 0xfffffff7 cmp ax, 0x8c54 -je short loc_0001bd7d ; je 0x1bd7d +je short loc_0001be41 ; je 0x1be41 lea eax, [ebx + 0x63bf] cmp ax, 6 -jbe short loc_0001bd82 ; jbe 0x1bd82 +jbe short loc_0001be46 ; jbe 0x1be46 lea eax, [ebx + 0x733f] cmp ax, 5 -jbe short loc_0001bd7d ; jbe 0x1bd7d +jbe short loc_0001be41 ; jbe 0x1be41 lea eax, [ebx + 0x633f] cmp ax, 0xa -jbe short loc_0001bd82 ; jbe 0x1bd82 +jbe short loc_0001be46 ; jbe 0x1be46 -loc_0001bd5c: -call fcn_000153e9 ; call 0x153e9 +loc_0001be20: +call fcn_00015479 ; call 0x15479 xor esi, esi test al, al -je short loc_0001bd82 ; je 0x1bd82 +je short loc_0001be46 ; je 0x1be46 push eax push ebx -push ref_0002641c ; push 0x2641c +push ref_000264cb ; push 0x264cb push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0001bd82 ; jmp 0x1bd82 +jmp short loc_0001be46 ; jmp 0x1be46 -loc_0001bd7d: +loc_0001be41: mov esi, 1 -loc_0001bd82: +loc_0001be46: lea esp, [ebp - 8] mov eax, esi pop ebx @@ -46713,7 +46785,7 @@ pop esi pop ebp ret -fcn_0001bd8b: +fcn_0001be4f: push ebp mov ebp, esp push ebx @@ -46721,58 +46793,58 @@ push ebx mov eax, dword [ebp + 0xc] mov ebx, dword [ebp + 8] cmp al, 1 -je short loc_0001bda6 ; je 0x1bda6 +je short loc_0001be6a ; je 0x1be6a xor edx, edx cmp al, 1 sbb eax, eax and eax, 0xfffffff0 dec eax -jmp short loc_0001bdae ; jmp 0x1bdae +jmp short loc_0001be72 ; jmp 0x1be72 -loc_0001bda6: +loc_0001be6a: mov edx, 0x10 or eax, 0xffffffff -loc_0001bdae: +loc_0001be72: push ecx add ebx, 0x3410 push edx push eax push ebx -call fcn_00018aa4 ; call 0x18aa4 +call fcn_00018b68 ; call 0x18b68 add esp, 0x10 mov dword [ebp + 8], ebx mov ebx, dword [ebp - 4] leave -jmp near fcn_00017d8a ; jmp 0x17d8a +jmp near fcn_00017e4e ; jmp 0x17e4e -fcn_0001bdcc: +fcn_0001be90: push ebp mov ebp, esp push ebx sub esp, 0x10 mov ebx, dword [ebp + 8] push ebx -call fcn_0001bae5 ; call 0x1bae5 +call fcn_0001bba9 ; call 0x1bba9 add esp, 0x10 xor edx, edx dec al -jne short loc_0001bdff ; jne 0x1bdff +jne short loc_0001bec3 ; jne 0x1bec3 sub esp, 0xc add ebx, 0x3860 push ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 cmp eax, 0x7fff setne dl -loc_0001bdff: +loc_0001bec3: mov al, dl mov ebx, dword [ebp - 4] leave ret -fcn_0001be06: ; not directly referenced +fcn_0001beca: ; not directly referenced push ebp mov ebp, esp push edi @@ -46782,10 +46854,10 @@ sub esp, 0x10 push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax pop eax and esi, 0xffffc000 @@ -46794,36 +46866,36 @@ lea ebx, [esi + 0x38b0] add esi, 0x38b4 push 0xffff8003 push ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop ecx pop edi push 0x4010 push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edi, eax pop eax pop edx push 0xffff8003 push ebx -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop ecx pop eax push 0x403c push ebx -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov dword [esp], esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 xor edx, edx and edi, 3 -je short loc_0001be93 ; je 0x1be93 +je short loc_0001bf57 ; je 0x1bf57 shr eax, 6 mov edx, eax and edx, 1 -loc_0001be93: ; not directly referenced +loc_0001bf57: ; not directly referenced lea esp, [ebp - 0xc] mov al, dl pop ebx @@ -46832,7 +46904,7 @@ pop edi pop ebp ret -fcn_0001be9d: ; not directly referenced +fcn_0001bf61: ; not directly referenced push ebp mov ebp, esp push esi @@ -46840,38 +46912,38 @@ push ebx mov ebx, dword [ebp + 8] sub esp, 0xc push ebx -call fcn_0001bae5 ; call 0x1bae5 +call fcn_0001bba9 ; call 0x1bba9 add esp, 0x10 mov dl, al xor eax, eax test dl, dl -je short loc_0001bef0 ; je 0x1bef0 +je short loc_0001bfb4 ; je 0x1bfb4 push eax push eax push 0xffff8003 lea esi, [ebx + 0x38b0] add ebx, 0x38b4 push esi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e pop edx pop ecx push 0x4024 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 mov dword [esp], ebx -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 shr eax, 0xe and eax, 1 -loc_0001bef0: ; not directly referenced +loc_0001bfb4: ; not directly referenced lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0001bef7: +fcn_0001bfbb: push ebp mov ebp, esp push esi @@ -46881,72 +46953,72 @@ push ecx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 movzx ebx, ax mov eax, ebx and eax, 0xfffffffd cmp ax, 0x8c44 -je loc_0001bff0 ; je 0x1bff0 +je loc_0001c0b4 ; je 0x1c0b4 lea eax, [ebx + 0x73b2] cmp ax, 2 -jbe loc_0001bff0 ; jbe 0x1bff0 +jbe loc_0001c0b4 ; jbe 0x1c0b4 lea eax, [ebx + 0x73b7] cmp ax, 3 -jbe loc_0001bff0 ; jbe 0x1bff0 +jbe loc_0001c0b4 ; jbe 0x1c0b4 lea eax, [ebx + 0x73bf] cmp ax, 1 -jbe loc_0001bff0 ; jbe 0x1bff0 +jbe loc_0001c0b4 ; jbe 0x1c0b4 cmp bx, 0x8c58 -je loc_0001bff0 ; je 0x1bff0 +je loc_0001c0b4 ; je 0x1c0b4 mov eax, ebx and eax, 0xfffffffb cmp ax, 0x8c52 -je short loc_0001bfeb ; je 0x1bfeb +je short loc_0001c0af ; je 0x1c0af mov eax, ebx and eax, 0xfffffff7 cmp ax, 0x8c54 -je short loc_0001bfeb ; je 0x1bfeb +je short loc_0001c0af ; je 0x1c0af lea eax, [ebx + 0x733f] cmp ax, 5 -jbe short loc_0001bff0 ; jbe 0x1bff0 +jbe short loc_0001c0b4 ; jbe 0x1c0b4 lea eax, [ebx + 0x63bf] mov si, 2 cmp ax, 6 -jbe short loc_0001bff0 ; jbe 0x1bff0 +jbe short loc_0001c0b4 ; jbe 0x1c0b4 lea eax, [ebx + 0x633f] cmp ax, 0xa -jbe short loc_0001bff0 ; jbe 0x1bff0 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0001c0b4 ; jbe 0x1c0b4 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001bfc3 ; je 0x1bfc3 +je short loc_0001c087 ; je 0x1c087 push edx push ebx -push ref_0002644f ; push 0x2644f +push ref_000264fe ; push 0x264fe push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001bfc3: -call fcn_000153f0 ; call 0x153f0 +loc_0001c087: +call fcn_00015480 ; call 0x15480 mov esi, 3 test al, al -je short loc_0001bff0 ; je 0x1bff0 +je short loc_0001c0b4 ; je 0x1c0b4 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x1cd -push ref_0002647a ; push 0x2647a -call fcn_000153fc ; call 0x153fc +push ref_00026529 ; push 0x26529 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_0001bff0 ; jmp 0x1bff0 +jmp short loc_0001c0b4 ; jmp 0x1c0b4 -loc_0001bfeb: +loc_0001c0af: mov esi, 1 -loc_0001bff0: +loc_0001c0b4: lea esp, [ebp - 8] mov eax, esi pop ebx @@ -46954,7 +47026,7 @@ pop esi pop ebp ret -fcn_0001bff9: +fcn_0001c0bd: push ebp mov ebp, esp push esi @@ -46964,72 +47036,72 @@ push ecx push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 movzx ebx, ax mov eax, ebx and eax, 0xfffffffd cmp ax, 0x8c44 -je loc_0001c0f2 ; je 0x1c0f2 +je loc_0001c1b6 ; je 0x1c1b6 lea eax, [ebx + 0x73b2] cmp ax, 2 -jbe loc_0001c0f2 ; jbe 0x1c0f2 +jbe loc_0001c1b6 ; jbe 0x1c1b6 lea eax, [ebx + 0x73b7] cmp ax, 3 -jbe loc_0001c0f2 ; jbe 0x1c0f2 +jbe loc_0001c1b6 ; jbe 0x1c1b6 lea eax, [ebx + 0x73bf] cmp ax, 1 -jbe loc_0001c0f2 ; jbe 0x1c0f2 +jbe loc_0001c1b6 ; jbe 0x1c1b6 cmp bx, 0x8c58 -je loc_0001c0f2 ; je 0x1c0f2 +je loc_0001c1b6 ; je 0x1c1b6 mov eax, ebx and eax, 0xfffffffb cmp ax, 0x8c52 -je short loc_0001c0ed ; je 0x1c0ed +je short loc_0001c1b1 ; je 0x1c1b1 mov eax, ebx and eax, 0xfffffff7 cmp ax, 0x8c54 -je short loc_0001c0ed ; je 0x1c0ed +je short loc_0001c1b1 ; je 0x1c1b1 lea eax, [ebx + 0x63bf] cmp ax, 6 -jbe short loc_0001c0f2 ; jbe 0x1c0f2 +jbe short loc_0001c1b6 ; jbe 0x1c1b6 lea eax, [ebx + 0x733f] cmp ax, 5 -jbe short loc_0001c0f2 ; jbe 0x1c0f2 +jbe short loc_0001c1b6 ; jbe 0x1c1b6 lea eax, [ebx + 0x633f] mov si, 2 cmp ax, 0xa -jbe short loc_0001c0f2 ; jbe 0x1c0f2 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0001c1b6 ; jbe 0x1c1b6 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001c0c5 ; je 0x1c0c5 +je short loc_0001c189 ; je 0x1c189 push edx push ebx -push ref_0002644f ; push 0x2644f +push ref_000264fe ; push 0x264fe push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001c0c5: -call fcn_000153f0 ; call 0x153f0 +loc_0001c189: +call fcn_00015480 ; call 0x15480 mov esi, 3 test al, al -je short loc_0001c0f2 ; je 0x1c0f2 +je short loc_0001c1b6 ; je 0x1c1b6 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x1ec -push ref_0002647a ; push 0x2647a -call fcn_000153fc ; call 0x153fc +push ref_00026529 ; push 0x26529 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_0001c0f2 ; jmp 0x1c0f2 +jmp short loc_0001c1b6 ; jmp 0x1c1b6 -loc_0001c0ed: +loc_0001c1b1: mov esi, 1 -loc_0001c0f2: +loc_0001c1b6: lea esp, [ebp - 8] mov eax, esi pop ebx @@ -47037,209 +47109,209 @@ pop esi pop ebp ret -fcn_0001c0fb: +fcn_0001c1bf: push ebp mov ebp, esp sub esp, 8 -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -je short loc_0001c117 ; je 0x1c117 +je short loc_0001c1db ; je 0x1c1db xor edx, edx cmp eax, 2 mov al, 6 cmove edx, eax -jmp short loc_0001c119 ; jmp 0x1c119 +jmp short loc_0001c1dd ; jmp 0x1c1dd -loc_0001c117: +loc_0001c1db: mov dl, 8 -loc_0001c119: +loc_0001c1dd: mov al, dl leave ret -fcn_0001c11d: +fcn_0001c1e1: push ebp mov ebp, esp sub esp, 8 -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -je short loc_0001c138 ; je 0x1c138 +je short loc_0001c1fc ; je 0x1c1fc cmp eax, 2 sete al shl eax, 2 -jmp short loc_0001c13a ; jmp 0x1c13a +jmp short loc_0001c1fe ; jmp 0x1c1fe -loc_0001c138: +loc_0001c1fc: mov al, 6 -loc_0001c13a: +loc_0001c1fe: leave ret -fcn_0001c13c: ; not directly referenced +fcn_0001c200: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -je short loc_0001c154 ; je 0x1c154 +je short loc_0001c218 ; je 0x1c218 cmp eax, 2 sete al -jmp short loc_0001c156 ; jmp 0x1c156 +jmp short loc_0001c21a ; jmp 0x1c21a -loc_0001c154: ; not directly referenced +loc_0001c218: ; not directly referenced mov al, 2 -loc_0001c156: ; not directly referenced +loc_0001c21a: ; not directly referenced leave ret -fcn_0001c158: ; not directly referenced +fcn_0001c21c: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd cmp eax, 1 -jne short loc_0001c176 ; jne 0x1c176 -call fcn_0001bef7 ; call 0x1bef7 +jne short loc_0001c23a ; jne 0x1c23a +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -jne short loc_0001c176 ; jne 0x1c176 +jne short loc_0001c23a ; jne 0x1c23a mov al, 0xe -jmp short loc_0001c17f ; jmp 0x1c17f +jmp short loc_0001c243 ; jmp 0x1c243 -loc_0001c176: ; not directly referenced +loc_0001c23a: ; not directly referenced cmp eax, 2 sete al shl eax, 3 -loc_0001c17f: ; not directly referenced +loc_0001c243: ; not directly referenced leave ret -fcn_0001c181: +fcn_0001c245: push ebp mov ebp, esp sub esp, 8 -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -je short loc_0001c199 ; je 0x1c199 +je short loc_0001c25d ; je 0x1c25d cmp eax, 2 sete al -jmp short loc_0001c19b ; jmp 0x1c19b +jmp short loc_0001c25f ; jmp 0x1c25f -loc_0001c199: +loc_0001c25d: mov al, 2 -loc_0001c19b: +loc_0001c25f: leave ret -fcn_0001c19d: +fcn_0001c261: push ebp mov ebp, esp sub esp, 8 -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd cmp eax, 1 -jne short loc_0001c1c6 ; jne 0x1c1c6 -call fcn_0001bef7 ; call 0x1bef7 +jne short loc_0001c28a ; jne 0x1c28a +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -je short loc_0001c1c2 ; je 0x1c1c2 +je short loc_0001c286 ; je 0x1c286 cmp eax, 2 sete dl shl edx, 3 -jmp short loc_0001c1d0 ; jmp 0x1c1d0 +jmp short loc_0001c294 ; jmp 0x1c294 -loc_0001c1c2: +loc_0001c286: mov dl, 0xe -jmp short loc_0001c1d0 ; jmp 0x1c1d0 +jmp short loc_0001c294 ; jmp 0x1c294 -loc_0001c1c6: +loc_0001c28a: cmp eax, 2 mov dl, 0xa mov al, 0 cmovne edx, eax -loc_0001c1d0: +loc_0001c294: mov al, dl leave ret -fcn_0001c1d4: +fcn_0001c298: push ebp mov ebp, esp sub esp, 8 -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd cmp eax, 1 -jne short loc_0001c1f2 ; jne 0x1c1f2 -call fcn_0001bef7 ; call 0x1bef7 +jne short loc_0001c2b6 ; jne 0x1c2b6 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -jne short loc_0001c1f2 ; jne 0x1c1f2 +jne short loc_0001c2b6 ; jne 0x1c2b6 mov al, 0xe -jmp short loc_0001c1fb ; jmp 0x1c1fb +jmp short loc_0001c2bf ; jmp 0x1c2bf -loc_0001c1f2: +loc_0001c2b6: cmp eax, 2 sete al shl eax, 3 -loc_0001c1fb: +loc_0001c2bf: leave ret -fcn_0001c1fd: +fcn_0001c2c1: push ebp mov ebp, esp sub esp, 8 -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd cmp eax, 1 -jne short loc_0001c226 ; jne 0x1c226 -call fcn_0001bef7 ; call 0x1bef7 +jne short loc_0001c2ea ; jne 0x1c2ea +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -je short loc_0001c222 ; je 0x1c222 +je short loc_0001c2e6 ; je 0x1c2e6 cmp eax, 2 sete dl lea edx, [edx + edx*8] -jmp short loc_0001c230 ; jmp 0x1c230 +jmp short loc_0001c2f4 ; jmp 0x1c2f4 -loc_0001c222: +loc_0001c2e6: mov dl, 0xf -jmp short loc_0001c230 ; jmp 0x1c230 +jmp short loc_0001c2f4 ; jmp 0x1c2f4 -loc_0001c226: +loc_0001c2ea: cmp eax, 2 mov dl, 0xb mov al, 0 cmovne edx, eax -loc_0001c230: +loc_0001c2f4: mov al, dl leave ret -fcn_0001c234: +fcn_0001c2f8: push ebp mov ebp, esp sub esp, 8 -call fcn_0001bff9 ; call 0x1bff9 +call fcn_0001c0bd ; call 0x1c0bd cmp eax, 1 -jne short loc_0001c252 ; jne 0x1c252 -call fcn_0001bef7 ; call 0x1bef7 +jne short loc_0001c316 ; jne 0x1c316 +call fcn_0001bfbb ; call 0x1bfbb cmp eax, 1 -jne short loc_0001c252 ; jne 0x1c252 +jne short loc_0001c316 ; jne 0x1c316 mov al, 6 -jmp short loc_0001c25b ; jmp 0x1c25b +jmp short loc_0001c31f ; jmp 0x1c31f -loc_0001c252: +loc_0001c316: cmp eax, 2 sete al shl eax, 2 -loc_0001c25b: +loc_0001c31f: leave ret -fcn_0001c25d: +fcn_0001c321: push ebp mov ebp, esp push esi @@ -47248,58 +47320,58 @@ push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov esi, eax lea eax, [eax + 0xa2] add esi, 0xa4 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov dword [esp], esi mov ebx, eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ecx, dword [ebp + 8] add esp, 0x10 lea edx, [ecx - 1] cmp edx, 4 -ja short loc_0001c2d0 ; ja 0x1c2d0 -jmp dword [edx*4 + ref_00020568] ; ujmp: jmp dword [edx*4 + 0x20568] +ja short loc_0001c394 ; ja 0x1c394 +jmp dword [edx*4 + ref_000205f8] ; ujmp: jmp dword [edx*4 + 0x205f8] -loc_0001c2a3: +loc_0001c367: shr bx, 5 -jmp short loc_0001c2b3 ; jmp 0x1c2b3 +jmp short loc_0001c377 ; jmp 0x1c377 -loc_0001c2a9: +loc_0001c36d: shr ax, 1 mov edx, eax -jmp short loc_0001c2b9 ; jmp 0x1c2b9 +jmp short loc_0001c37d ; jmp 0x1c37d -loc_0001c2b0: +loc_0001c374: shr bx, 1 -loc_0001c2b3: +loc_0001c377: mov edx, ebx -jmp short loc_0001c2b9 ; jmp 0x1c2b9 +jmp short loc_0001c37d ; jmp 0x1c37d -loc_0001c2b7: +loc_0001c37b: mov dl, bl -loc_0001c2b9: +loc_0001c37d: and edx, 1 -jmp short loc_0001c2d2 ; jmp 0x1c2d2 +jmp short loc_0001c396 ; jmp 0x1c396 -loc_0001c2be: +loc_0001c382: xor edx, edx test al, 2 -je short loc_0001c2d2 ; je 0x1c2d2 +je short loc_0001c396 ; je 0x1c396 and ebx, 0x22 cmp bx, 2 sete dl -jmp short loc_0001c2d2 ; jmp 0x1c2d2 +jmp short loc_0001c396 ; jmp 0x1c396 -loc_0001c2d0: +loc_0001c394: xor edx, edx -loc_0001c2d2: +loc_0001c396: lea esp, [ebp - 8] mov al, dl pop ebx @@ -47307,7 +47379,7 @@ pop esi pop ebp ret -fcn_0001c2db: ; not directly referenced +fcn_0001c39f: ; not directly referenced push ebp mov ebp, esp push ebx @@ -47317,7 +47389,7 @@ mov ebx, dword [ebp + 0xc] add eax, 0x404 push eax movzx ebx, bl -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e lea ecx, [ebx*4] mov ebx, dword [ebp - 4] leave @@ -47325,7 +47397,7 @@ shr eax, cl and eax, 7 ret -fcn_0001c307: ; not directly referenced +fcn_0001c3cb: ; not directly referenced push ebp mov ebp, esp push edi @@ -47337,36 +47409,36 @@ mov eax, dword [ebp + 8] movzx edi, byte [ebp + 0xc] lea esi, [eax + 0x404] -loc_0001c31f: ; not directly referenced -call fcn_0001c0fb ; call 0x1c0fb +loc_0001c3e3: ; not directly referenced +call fcn_0001c1bf ; call 0x1c1bf cmp bl, al -jae short loc_0001c346 ; jae 0x1c346 +jae short loc_0001c40a ; jae 0x1c40a sub esp, 0xc push esi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e movzx ecx, bl add esp, 0x10 shl ecx, 2 shr eax, cl and eax, 7 cmp eax, edi -je short loc_0001c369 ; je 0x1c369 +je short loc_0001c42d ; je 0x1c42d inc ebx -jmp short loc_0001c31f ; jmp 0x1c31f +jmp short loc_0001c3e3 ; jmp 0x1c3e3 -loc_0001c346: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001c40a: ; not directly referenced +call fcn_00015480 ; call 0x15480 mov bl, 0xff test al, al -je short loc_0001c369 ; je 0x1c369 +je short loc_0001c42d ; je 0x1c42d push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x390 -push ref_0002647a ; push 0x2647a -call fcn_000153fc ; call 0x153fc +push ref_00026529 ; push 0x26529 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001c369: ; not directly referenced +loc_0001c42d: ; not directly referenced lea esp, [ebp - 0xc] mov al, bl pop ebx @@ -47375,7 +47447,7 @@ pop edi pop ebp ret -fcn_0001c373: ; not directly referenced +fcn_0001c437: ; not directly referenced push ebp mov ebp, esp push ebx @@ -47383,17 +47455,17 @@ sub esp, 0x18 push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ebx, eax pop eax and ebx, 0xffffc000 pop edx push 0 push ebx -call fcn_0001c2db ; call 0x1c2db +call fcn_0001c39f ; call 0x1c39f pop ecx pop edx lea edx, [ebp - 0xd] @@ -47406,90 +47478,90 @@ push eax push 4 push 0xe00000fc push ebx -call fcn_00009e5f ; call 0x9e5f +call fcn_00009ecd ; call 0x9ecd add esp, 0x20 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001c409 ; je 0x1c409 +je short loc_0001c4cd ; je 0x1c4cd test ebx, ebx -jns short loc_0001c409 ; jns 0x1c409 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001c4cd ; jns 0x1c4cd +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001c3f1 ; je 0x1c3f1 +je short loc_0001c4b5 ; je 0x1c4b5 push eax push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001c3f1: ; not directly referenced +loc_0001c4b5: ; not directly referenced push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x3b7 -push ref_0002647a ; push 0x2647a -call fcn_000153fc ; call 0x153fc +push ref_00026529 ; push 0x26529 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001c409: ; not directly referenced +loc_0001c4cd: ; not directly referenced mov ebx, dword [ebp - 0xc] test ebx, 0x80000 -je short loc_0001c47f ; je 0x1c47f +je short loc_0001c543 ; je 0x1c543 and ebx, 0x70000 shr ebx, 0x10 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001c437 ; je 0x1c437 +je short loc_0001c4fb ; je 0x1c4fb push edx push ebx -push ref_000264b6 ; push 0x264b6 +push ref_00026565 ; push 0x26565 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001c437: ; not directly referenced -call fcn_0001bef7 ; call 0x1bef7 +loc_0001c4fb: ; not directly referenced +call fcn_0001bfbb ; call 0x1bfbb lea edx, [ebx + 1] cmp eax, 2 -jne short loc_0001c488 ; jne 0x1c488 +jne short loc_0001c54c ; jne 0x1c54c cmp ebx, 1 -je short loc_0001c483 ; je 0x1c483 -jb short loc_0001c457 ; jb 0x1c457 +je short loc_0001c547 ; je 0x1c547 +jb short loc_0001c51b ; jb 0x1c51b cmp ebx, 5 -ja short loc_0001c45e ; ja 0x1c45e +ja short loc_0001c522 ; ja 0x1c522 mov edx, 5 -jmp short loc_0001c488 ; jmp 0x1c488 +jmp short loc_0001c54c ; jmp 0x1c54c -loc_0001c457: ; not directly referenced +loc_0001c51b: ; not directly referenced mov edx, 3 -jmp short loc_0001c488 ; jmp 0x1c488 +jmp short loc_0001c54c ; jmp 0x1c54c -loc_0001c45e: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001c522: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001c47f ; je 0x1c47f +je short loc_0001c543 ; je 0x1c543 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x3c7 -push ref_0002647a ; push 0x2647a -call fcn_000153fc ; call 0x153fc +push ref_00026529 ; push 0x26529 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001c47f: ; not directly referenced +loc_0001c543: ; not directly referenced xor edx, edx -jmp short loc_0001c488 ; jmp 0x1c488 +jmp short loc_0001c54c ; jmp 0x1c54c -loc_0001c483: ; not directly referenced +loc_0001c547: ; not directly referenced mov edx, 4 -loc_0001c488: ; not directly referenced +loc_0001c54c: ; not directly referenced mov eax, edx mov ebx, dword [ebp - 4] leave ret -fcn_0001c48f: ; not directly referenced +fcn_0001c553: ; not directly referenced push ebp mov eax, 0x80000002 mov ebp, esp @@ -47501,30 +47573,30 @@ mov ebx, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov esi, dword [ebp + 0x10] cmp ebx, 7 -ja short loc_0001c505 ; ja 0x1c505 +ja short loc_0001c5c9 ; ja 0x1c5c9 push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 and eax, 0xffffc000 cmp ebx, 7 -je short loc_0001c4dd ; je 0x1c4dd +je short loc_0001c5a1 ; je 0x1c5a1 sub esp, 0xc lea eax, [eax + ebx*4 + 0x3854] -jmp short loc_0001c4e5 ; jmp 0x1c4e5 +jmp short loc_0001c5a9 ; jmp 0x1c5a9 -loc_0001c4dd: ; not directly referenced +loc_0001c5a1: ; not directly referenced sub esp, 0xc add eax, 0x3800 -loc_0001c4e5: ; not directly referenced +loc_0001c5a9: ; not directly referenced push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 mov edx, eax and ax, 0x7fff @@ -47534,7 +47606,7 @@ mov word [edi], dx mov word [esi], ax xor eax, eax -loc_0001c505: ; not directly referenced +loc_0001c5c9: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -47542,7 +47614,7 @@ pop edi pop ebp ret -fcn_0001c50d: +fcn_0001c5d1: push ebp mov ebp, esp push edi @@ -47551,53 +47623,53 @@ push ebx sub esp, 0xc mov edi, dword [ebp + 8] mov ebx, dword [ebp + 0xc] -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001c536 ; je 0x1c536 +je short loc_0001c5fa ; je 0x1c5fa push eax push eax -push ref_000264c5 ; push 0x264c5 +push ref_00026574 ; push 0x26574 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001c536: +loc_0001c5fa: dec bl lea esi, [edi + 0x3428] -jne short loc_0001c55c ; jne 0x1c55c +jne short loc_0001c620 ; jne 0x1c620 push ecx push ecx push 0x10 lea ebx, [edi + 0x3424] push ebx -call fcn_00017d40 ; call 0x17d40 +call fcn_00017e04 ; call 0x17e04 pop ebx pop edi push 1 push esi -call fcn_00018a50 ; call 0x18a50 -jmp short loc_0001c566 ; jmp 0x1c566 +call fcn_00018b14 ; call 0x18b14 +jmp short loc_0001c62a ; jmp 0x1c62a -loc_0001c55c: +loc_0001c620: push edx push edx push 0xfffffffffffffffe push esi -call fcn_00018a7a ; call 0x18a7a +call fcn_00018b3e ; call 0x18b3e -loc_0001c566: +loc_0001c62a: add esp, 0x10 -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001c583 ; je 0x1c583 +je short loc_0001c647 ; je 0x1c647 push eax push eax -push ref_000264df ; push 0x264df +push ref_0002658e ; push 0x2658e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001c583: +loc_0001c647: lea esp, [ebp - 0xc] xor eax, eax pop ebx @@ -47606,7 +47678,7 @@ pop edi pop ebp ret -fcn_0001c58d: +fcn_0001c651: push ebp mov ebp, esp sub esp, 0x24 @@ -47619,13 +47691,13 @@ push edx lea eax, [ebp - 0x18] push eax push 1 -call fcn_0001fe8d ; call 0x1fe8d +call fcn_0001ff1b ; call 0x1ff1b mov eax, dword [ebp - 0x18] leave and eax, 0xfff0ff0 ret -fcn_0001c5b4: +fcn_0001c678: push ebp mov ebp, esp sub esp, 0x24 @@ -47638,53 +47710,53 @@ push edx lea eax, [ebp - 0x18] push eax push 1 -call fcn_0001fe8d ; call 0x1fe8d +call fcn_0001ff1b ; call 0x1ff1b mov eax, dword [ebp - 0x18] leave and eax, 0xf ret -fcn_0001c5d9: ; not directly referenced +fcn_0001c69d: ; not directly referenced push ebp mov ebp, esp push edi push esi push ebx sub esp, 0xc -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov esi, eax -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 lea edx, [eax + esi] mov edi, eax cmp edx, 0x306c3 -je short loc_0001c644 ; je 0x1c644 +je short loc_0001c708 ; je 0x1c708 cmp edx, 0x40651 -je short loc_0001c644 ; je 0x1c644 +je short loc_0001c708 ; je 0x1c708 cmp edx, 0x40661 -je short loc_0001c644 ; je 0x1c644 +je short loc_0001c708 ; je 0x1c708 lea eax, [edx - 0x306d3] cmp eax, 1 -jbe short loc_0001c644 ; jbe 0x1c644 +jbe short loc_0001c708 ; jbe 0x1c708 sub edx, 0x40670 mov bl, 1 cmp edx, 1 -jbe short loc_0001c646 ; jbe 0x1c646 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_0001c70a ; jbe 0x1c70a +call fcn_00015479 ; call 0x15479 xor ebx, ebx test al, al -je short loc_0001c646 ; je 0x1c646 +je short loc_0001c70a ; je 0x1c70a push esi push edi -push ref_000264f7 ; push 0x264f7 +push ref_000265a6 ; push 0x265a6 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0001c646 ; jmp 0x1c646 +jmp short loc_0001c70a ; jmp 0x1c70a -loc_0001c644: ; not directly referenced +loc_0001c708: ; not directly referenced mov bl, 1 -loc_0001c646: ; not directly referenced +loc_0001c70a: ; not directly referenced lea esp, [ebp - 0xc] mov al, bl pop ebx @@ -47693,7 +47765,7 @@ pop edi pop ebp ret -fcn_0001c650: ; not directly referenced +fcn_0001c714: ; not directly referenced push ebp mov ebp, esp push ebx @@ -47707,66 +47779,66 @@ push edx lea eax, [ebp - 0x18] push eax push 1 -call fcn_0001fe8d ; call 0x1fe8d +call fcn_0001ff1b ; call 0x1ff1b mov eax, dword [ebp - 0x18] add esp, 0x20 and eax, 0xfff0ff0 cmp eax, 0x40650 -je short loc_0001c6a2 ; je 0x1c6a2 -ja short loc_0001c692 ; ja 0x1c692 +je short loc_0001c766 ; je 0x1c766 +ja short loc_0001c756 ; ja 0x1c756 cmp eax, 0x306c0 -je short loc_0001c6ed ; je 0x1c6ed +je short loc_0001c7b1 ; je 0x1c7b1 cmp eax, 0x306d0 -je short loc_0001c6a2 ; je 0x1c6a2 -jmp short loc_0001c6a6 ; jmp 0x1c6a6 +je short loc_0001c766 ; je 0x1c766 +jmp short loc_0001c76a ; jmp 0x1c76a -loc_0001c692: ; not directly referenced +loc_0001c756: ; not directly referenced cmp eax, 0x40660 -je short loc_0001c6ed ; je 0x1c6ed +je short loc_0001c7b1 ; je 0x1c7b1 cmp eax, 0x40670 -jne short loc_0001c6a6 ; jne 0x1c6a6 -jmp short loc_0001c6ed ; jmp 0x1c6ed +jne short loc_0001c76a ; jne 0x1c76a +jmp short loc_0001c7b1 ; jmp 0x1c7b1 -loc_0001c6a2: ; not directly referenced +loc_0001c766: ; not directly referenced xor ebx, ebx -jmp short loc_0001c6ef ; jmp 0x1c6ef +jmp short loc_0001c7b3 ; jmp 0x1c7b3 -loc_0001c6a6: ; not directly referenced -call fcn_000153e9 ; call 0x153e9 +loc_0001c76a: ; not directly referenced +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001c6cb ; je 0x1c6cb +je short loc_0001c78f ; je 0x1c78f mov eax, dword [ebp - 0x18] push edx and eax, 0xfff0ff0 push eax -push ref_00026531 ; push 0x26531 +push ref_000265e0 ; push 0x265e0 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001c6cb: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001c78f: ; not directly referenced +call fcn_00015480 ; call 0x15480 mov bl, 2 test al, al -je short loc_0001c6ef ; je 0x1c6ef +je short loc_0001c7b3 ; je 0x1c7b3 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x7f -push ref_0002655c ; push 0x2655c -call fcn_000153fc ; call 0x153fc +push ref_0002660b ; push 0x2660b +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_0001c6ef ; jmp 0x1c6ef +jmp short loc_0001c7b3 ; jmp 0x1c7b3 -loc_0001c6ed: ; not directly referenced +loc_0001c7b1: ; not directly referenced mov bl, 1 -loc_0001c6ef: ; not directly referenced +loc_0001c7b3: ; not directly referenced mov al, bl mov ebx, dword [ebp - 4] leave ret -fcn_0001c6f6: ; not directly referenced +fcn_0001c7ba: ; not directly referenced push ebp mov ebp, esp sub esp, 0x20 @@ -47777,45 +47849,45 @@ lea eax, [ebp - 0x18] push eax push 0 push 4 -call fcn_0001feb9 ; call 0x1feb9 +call fcn_0001ff47 ; call 0x1ff47 mov eax, dword [ebp - 0x18] add esp, 0x1c push 0x1a xor edx, edx push edx push eax -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f leave and eax, 0x3f inc eax ret -fcn_0001c726: ; not directly referenced +fcn_0001c7ea: ; not directly referenced push ebp mov ebp, esp sub esp, 0xc push 0 push 0 push 0x8b -call fcn_00017502 ; call 0x17502 +call fcn_000175c6 ; call 0x175c6 mov dword [esp], 0 push 0 push 0 push 0 push 1 -call fcn_0001fe8d ; call 0x1fe8d +call fcn_0001ff1b ; call 0x1ff1b add esp, 0x14 push 0x8b -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0xc push 0x20 push edx push eax -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f leave ret -fcn_0001c769: ; not directly referenced +fcn_0001c82d: ; not directly referenced push ebp mov ebp, esp push edi @@ -47828,37 +47900,37 @@ mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov dword [ebp - 0x24], eax -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0x10 mov dword [ebp - 0x20], eax mov dword [ebp - 0x1c], edx test edi, edi -jne short loc_0001c7b5 ; jne 0x1c7b5 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001c879 ; jne 0x1c879 +call fcn_00015480 ; call 0x15480 test al, al -je loc_0001c85c ; je 0x1c85c -mov dword [ebp + 0x10], ref_00026598 ; mov dword [ebp + 0x10], 0x26598 +je loc_0001c920 ; je 0x1c920 +mov dword [ebp + 0x10], ref_00026647 ; mov dword [ebp + 0x10], 0x26647 mov dword [ebp + 0xc], 0xc8 -jmp near loc_0001c841 ; jmp 0x1c841 +jmp near loc_0001c905 ; jmp 0x1c905 -loc_0001c7b5: ; not directly referenced +loc_0001c879: ; not directly referenced push ecx push 0x10 push dword [ebp - 0x1c] push dword [ebp - 0x20] -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f add esp, 0x10 mov word [edi], ax test esi, esi -jne short loc_0001c7ea ; jne 0x1c7ea -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001c8ae ; jne 0x1c8ae +call fcn_00015480 ; call 0x15480 test al, al -je loc_0001c85c ; je 0x1c85c -mov dword [ebp + 0x10], ref_000265c3 ; mov dword [ebp + 0x10], 0x265c3 +je loc_0001c920 ; je 0x1c920 +mov dword [ebp + 0x10], ref_00026672 ; mov dword [ebp + 0x10], 0x26672 mov dword [ebp + 0xc], 0xd2 -jmp short loc_0001c841 ; jmp 0x1c841 +jmp short loc_0001c905 ; jmp 0x1c905 -loc_0001c7ea: ; not directly referenced +loc_0001c8ae: ; not directly referenced movzx eax, ax push edx xor edx, edx @@ -47866,42 +47938,42 @@ push eax movzx eax, word [ebp - 0x20] push edx push eax -call fcn_000173f5 ; call 0x173f5 +call fcn_000174b9 ; call 0x174b9 add esp, 0x10 mov word [esi], ax test ebx, ebx -jne short loc_0001c81f ; jne 0x1c81f -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001c8e3 ; jne 0x1c8e3 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001c85c ; je 0x1c85c -mov dword [ebp + 0x10], ref_000265f1 ; mov dword [ebp + 0x10], 0x265f1 +je short loc_0001c920 ; je 0x1c920 +mov dword [ebp + 0x10], ref_000266a0 ; mov dword [ebp + 0x10], 0x266a0 mov dword [ebp + 0xc], 0xdc -jmp short loc_0001c841 ; jmp 0x1c841 +jmp short loc_0001c905 ; jmp 0x1c905 -loc_0001c81f: ; not directly referenced +loc_0001c8e3: ; not directly referenced cmp dword [ebp - 0x24], 0 mov word [ebx], 1 -jne short loc_0001c854 ; jne 0x1c854 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001c918 ; jne 0x1c918 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001c85c ; je 0x1c85c -mov dword [ebp + 0x10], ref_00026618 ; mov dword [ebp + 0x10], 0x26618 +je short loc_0001c920 ; je 0x1c920 +mov dword [ebp + 0x10], ref_000266c7 ; mov dword [ebp + 0x10], 0x266c7 mov dword [ebp + 0xc], 0xe3 -loc_0001c841: ; not directly referenced -mov dword [ebp + 8], ref_0002655c ; mov dword [ebp + 8], 0x2655c +loc_0001c905: ; not directly referenced +mov dword [ebp + 8], ref_0002660b ; mov dword [ebp + 8], 0x2660b lea esp, [ebp - 0xc] pop ebx pop esi pop edi pop ebp -jmp near fcn_000153fc ; jmp 0x153fc +jmp near fcn_0001548c ; jmp 0x1548c -loc_0001c854: ; not directly referenced +loc_0001c918: ; not directly referenced mov eax, dword [ebp - 0x24] mov word [eax], 1 -loc_0001c85c: ; not directly referenced +loc_0001c920: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -47909,7 +47981,7 @@ pop edi pop ebp ret -fcn_0001c864: +fcn_0001c928: push ebp mov al, 1 mov ebp, esp @@ -47921,78 +47993,78 @@ sub esp, 0x2c lea esi, [ebp - 0x28] lea edi, [ebp - 0x20] -loc_0001c877: +loc_0001c93b: cmp dword [ebp + 8], 1 -je short loc_0001c8aa ; je 0x1c8aa +je short loc_0001c96e ; je 0x1c96e cmp dword [ebp + 8], 2 -jne short loc_0001c8d7 ; jne 0x1c8d7 +jne short loc_0001c99b ; jne 0x1c99b sub esp, 0xc push 0x150 -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0xc push 8 push esi push edi mov dword [ebp - 0x28], eax mov dword [ebp - 0x24], edx -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov al, byte [ebp - 0x19] shr al, 7 -jmp short loc_0001c8d4 ; jmp 0x1c8d4 +jmp short loc_0001c998 ; jmp 0x1c998 -loc_0001c8aa: +loc_0001c96e: push edx push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e and eax, 0xfffffffe add eax, 0x5da4 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e shr eax, 0x1f -loc_0001c8d4: +loc_0001c998: add esp, 0x10 -loc_0001c8d7: +loc_0001c99b: sub esp, 0xc inc ebx push 1 mov dword [ebp - 0x2c], eax -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 mov eax, dword [ebp - 0x2c] add esp, 0x10 mov dl, al and dl, 1 -je short loc_0001c8fd ; je 0x1c8fd +je short loc_0001c9c1 ; je 0x1c9c1 cmp bx, 0x3e7 -jbe loc_0001c877 ; jbe 0x1c877 +jbe loc_0001c93b ; jbe 0x1c93b -loc_0001c8fd: +loc_0001c9c1: cmp bx, 0x3e8 -jne short loc_0001c92c ; jne 0x1c92c +jne short loc_0001c9f0 ; jne 0x1c9f0 test dl, dl -je short loc_0001c92c ; je 0x1c92c -call fcn_000153e9 ; call 0x153e9 +je short loc_0001c9f0 ; je 0x1c9f0 +call fcn_00015479 ; call 0x15479 mov ebx, 0x80000012 test al, al -je short loc_0001c92e ; je 0x1c92e +je short loc_0001c9f2 ; je 0x1c9f2 push eax push eax -push ref_00026639 ; push 0x26639 +push ref_000266e8 ; push 0x266e8 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0001c92e ; jmp 0x1c92e +jmp short loc_0001c9f2 ; jmp 0x1c9f2 -loc_0001c92c: +loc_0001c9f0: xor ebx, ebx -loc_0001c92e: +loc_0001c9f2: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -48001,7 +48073,7 @@ pop edi pop ebp ret -fcn_0001c938: +fcn_0001c9fc: push ebp mov ebp, esp push edi @@ -48010,38 +48082,38 @@ push ebx sub esp, 0x48 mov edi, dword [ebp + 8] push edi -call fcn_0001c864 ; call 0x1c864 +call fcn_0001c928 ; call 0x1c928 add esp, 0x10 mov ebx, eax test eax, eax -js loc_0001cb41 ; js 0x1cb41 -call fcn_000153e9 ; call 0x153e9 +js loc_0001cc05 ; js 0x1cc05 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001c975 ; je 0x1c975 +je short loc_0001ca39 ; je 0x1ca39 movzx eax, byte [ebp + 0xc] push ecx push eax -push ref_00026661 ; push 0x26661 +push ref_00026710 ; push 0x26710 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001c975: +loc_0001ca39: cmp edi, 1 -je short loc_0001c988 ; je 0x1c988 +je short loc_0001ca4c ; je 0x1ca4c cmp edi, 2 -je loc_0001ca4f ; je 0x1ca4f -jmp near loc_0001cb01 ; jmp 0x1cb01 +je loc_0001cb13 ; je 0x1cb13 +jmp near loc_0001cbc5 ; jmp 0x1cbc5 -loc_0001c988: +loc_0001ca4c: push esi push 0 push 0 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edi, eax pop eax and edi, 0xfffffffe @@ -48050,58 +48122,58 @@ push dword [ebp + 0x10] lea esi, [edi + 0x5da0] add edi, 0x5da4 push esi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov eax, dword [ebp + 0xc] pop ecx pop edx or eax, 0x80000000 push eax push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], 1 -call fcn_0001c864 ; call 0x1c864 +call fcn_0001c928 ; call 0x1c928 mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], esi mov dword [ebp - 0x40], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], 0xa mov dword [ebp - 0x3c], eax -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], esi mov edi, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov ecx, dword [ebp - 0x40] add esp, 0x10 cmp ecx, edi -je short loc_0001ca42 ; je 0x1ca42 +je short loc_0001cb06 ; je 0x1cb06 cmp dword [ebp - 0x3c], eax -je short loc_0001ca42 ; je 0x1ca42 +je short loc_0001cb06 ; je 0x1cb06 -loc_0001ca1b: -call fcn_000153e9 ; call 0x153e9 +loc_0001cadf: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001ca38 ; je 0x1ca38 +je short loc_0001cafc ; je 0x1cafc push ebx push ebx -push ref_00026689 ; push 0x26689 +push ref_00026738 ; push 0x26738 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001ca38: +loc_0001cafc: mov ebx, 0x80000002 -jmp near loc_0001cb41 ; jmp 0x1cb41 +jmp near loc_0001cc05 ; jmp 0x1cc05 -loc_0001ca42: +loc_0001cb06: mov eax, dword [ebp + 0x14] movzx ecx, cl mov dword [eax], ecx -jmp near loc_0001cb23 ; jmp 0x1cb23 +jmp near loc_0001cbe7 ; jmp 0x1cbe7 -loc_0001ca4f: +loc_0001cb13: mov eax, dword [ebp + 0xc] lea edi, [ebp - 0x30] push ecx @@ -48114,16 +48186,16 @@ push edi or byte [ebp - 0x21], 0x80 mov dword [ebp - 0x3c], ecx mov dword [ebp - 0x28], eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e add esp, 0xc push dword [ebp - 0x2c] push dword [ebp - 0x30] push 0x150 -call fcn_00017502 ; call 0x17502 +call fcn_000175c6 ; call 0x175c6 mov dword [esp], 2 -call fcn_0001c864 ; call 0x1c864 +call fcn_0001c928 ; call 0x1c928 mov dword [esp], 0x150 -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc mov ecx, dword [ebp - 0x3c] add esp, 0xc push 8 @@ -48131,11 +48203,11 @@ push edi push ecx mov dword [ebp - 0x2c], edx mov dword [ebp - 0x30], eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov dword [esp], 0xa -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 mov dword [esp], 0x150 -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0xc push 8 push edi @@ -48143,46 +48215,46 @@ mov dword [ebp - 0x30], eax lea eax, [ebp - 0x20] push eax mov dword [ebp - 0x2c], edx -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov eax, dword [ebp - 0x1c] add esp, 0x10 cmp dword [ebp - 0x24], eax -je short loc_0001caf6 ; je 0x1caf6 +je short loc_0001cbba ; je 0x1cbba mov eax, dword [ebp - 0x20] cmp dword [ebp - 0x28], eax -jne loc_0001ca1b ; jne 0x1ca1b +jne loc_0001cadf ; jne 0x1cadf -loc_0001caf6: +loc_0001cbba: movzx eax, byte [ebp - 0x24] mov edx, dword [ebp + 0x14] mov dword [edx], eax -jmp short loc_0001cb23 ; jmp 0x1cb23 +jmp short loc_0001cbe7 ; jmp 0x1cbe7 -loc_0001cb01: -call fcn_000153e9 ; call 0x153e9 +loc_0001cbc5: +call fcn_00015479 ; call 0x15479 mov ebx, 0x80000003 test al, al -je short loc_0001cb23 ; je 0x1cb23 +je short loc_0001cbe7 ; je 0x1cbe7 push edx push edx -push ref_000266b4 ; push 0x266b4 +push ref_00026763 ; push 0x26763 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001cb23: -call fcn_000153e9 ; call 0x153e9 +loc_0001cbe7: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001cb41 ; je 0x1cb41 +je short loc_0001cc05 ; je 0x1cc05 push eax mov eax, dword [ebp + 0x14] push dword [eax] -push ref_000266da ; push 0x266da +push ref_00026789 ; push 0x26789 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001cb41: +loc_0001cc05: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -48191,7 +48263,7 @@ pop edi pop ebp ret -fcn_0001cb4b: +fcn_0001cc0f: push ebp mov ebp, esp push edi @@ -48201,41 +48273,41 @@ sub esp, 0x38 mov edi, dword [ebp + 8] mov esi, dword [ebp + 0xc] push edi -call fcn_0001c864 ; call 0x1c864 +call fcn_0001c928 ; call 0x1c928 add esp, 0x10 mov ebx, eax test eax, eax -js loc_0001cd57 ; js 0x1cd57 -call fcn_000153e9 ; call 0x153e9 +js loc_0001ce1b ; js 0x1ce1b +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001cb8c ; je 0x1cb8c +je short loc_0001cc50 ; je 0x1cc50 mov eax, esi movzx eax, al push ecx push eax -push ref_000266fb ; push 0x266fb +push ref_000267aa ; push 0x267aa push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001cb8c: +loc_0001cc50: cmp edi, 1 -je short loc_0001cb9f ; je 0x1cb9f +je short loc_0001cc63 ; je 0x1cc63 cmp edi, 2 -je loc_0001cc60 ; je 0x1cc60 -jmp near loc_0001cd17 ; jmp 0x1cd17 +je loc_0001cd24 ; je 0x1cd24 +jmp near loc_0001cddb ; jmp 0x1cddb -loc_0001cb9f: +loc_0001cc63: push eax push 0 push 0 push 0 mov dword [ebp - 0x30], esi or byte [ebp - 0x2d], 0x80 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 0x48 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov esi, eax pop eax and esi, 0xfffffffe @@ -48244,54 +48316,54 @@ push dword [ebp - 0x30] lea edi, [esi + 0x5da4] add esi, 0x5da0 push edi -call fcn_00017dcb ; call 0x17dcb +call fcn_00017e8f ; call 0x17e8f mov dword [esp], 1 -call fcn_0001c864 ; call 0x1c864 +call fcn_0001c928 ; call 0x1c928 mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], esi mov dword [ebp - 0x30], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], 0xa mov dword [ebp - 0x2c], eax -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 mov dword [esp], edi -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov dword [esp], esi mov edi, eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e mov edx, dword [ebp - 0x30] add esp, 0x10 cmp edx, edi -je short loc_0001cc4f ; je 0x1cc4f +je short loc_0001cd13 ; je 0x1cd13 cmp dword [ebp - 0x2c], eax -je short loc_0001cc4f ; je 0x1cc4f +je short loc_0001cd13 ; je 0x1cd13 -loc_0001cc28: -call fcn_000153e9 ; call 0x153e9 +loc_0001ccec: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001cc45 ; je 0x1cc45 +je short loc_0001cd09 ; je 0x1cd09 push eax push eax -push ref_00026689 ; push 0x26689 +push ref_00026738 ; push 0x26738 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001cc45: +loc_0001cd09: mov ebx, 0x80000002 -jmp near loc_0001cd57 ; jmp 0x1cd57 +jmp near loc_0001ce1b ; jmp 0x1ce1b -loc_0001cc4f: +loc_0001cd13: mov eax, dword [ebp + 0x14] mov dword [eax], edx lea eax, [ebp - 0x2c] push edi push 4 push eax -jmp near loc_0001cd0d ; jmp 0x1cd0d +jmp near loc_0001cdd1 ; jmp 0x1cdd1 -loc_0001cc60: +loc_0001cd24: mov eax, dword [ebp + 0x10] lea edi, [ebp - 0x38] mov dword [ebp - 0x24], esi @@ -48303,27 +48375,27 @@ push esi push edi or byte [ebp - 0x21], 0x80 mov dword [ebp - 0x28], eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e add esp, 0xc push dword [ebp - 0x34] push dword [ebp - 0x38] push 0x150 -call fcn_00017502 ; call 0x17502 +call fcn_000175c6 ; call 0x175c6 mov dword [esp], 2 -call fcn_0001c864 ; call 0x1c864 +call fcn_0001c928 ; call 0x1c928 mov dword [esp], 0x150 -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0xc push 8 push edi push esi mov dword [ebp - 0x34], edx mov dword [ebp - 0x38], eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov dword [esp], 0xa -call fcn_0001ba3f ; call 0x1ba3f +call fcn_0001bb03 ; call 0x1bb03 mov dword [esp], 0x150 -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0xc push 8 push edi @@ -48331,16 +48403,16 @@ mov dword [ebp - 0x38], eax lea eax, [ebp - 0x20] push eax mov dword [ebp - 0x34], edx -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov eax, dword [ebp - 0x1c] add esp, 0x10 cmp dword [ebp - 0x24], eax -je short loc_0001cd00 ; je 0x1cd00 +je short loc_0001cdc4 ; je 0x1cdc4 mov eax, dword [ebp - 0x20] cmp dword [ebp - 0x28], eax -jne loc_0001cc28 ; jne 0x1cc28 +jne loc_0001ccec ; jne 0x1ccec -loc_0001cd00: +loc_0001cdc4: mov ecx, dword [ebp + 0x14] movzx eax, byte [ebp - 0x24] mov dword [ecx], eax @@ -48348,38 +48420,38 @@ push ecx push 4 push esi -loc_0001cd0d: +loc_0001cdd1: push dword [ebp + 0x10] -call fcn_0001707a ; call 0x1707a -jmp short loc_0001cd36 ; jmp 0x1cd36 +call fcn_0001713e ; call 0x1713e +jmp short loc_0001cdfa ; jmp 0x1cdfa -loc_0001cd17: -call fcn_000153e9 ; call 0x153e9 +loc_0001cddb: +call fcn_00015479 ; call 0x15479 mov ebx, 0x80000003 test al, al -je short loc_0001cd39 ; je 0x1cd39 +je short loc_0001cdfd ; je 0x1cdfd push edx push edx -push ref_000266b4 ; push 0x266b4 +push ref_00026763 ; push 0x26763 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 -loc_0001cd36: +loc_0001cdfa: add esp, 0x10 -loc_0001cd39: -call fcn_000153e9 ; call 0x153e9 +loc_0001cdfd: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001cd57 ; je 0x1cd57 +je short loc_0001ce1b ; je 0x1ce1b push eax mov eax, dword [ebp + 0x14] push dword [eax] -push ref_000266da ; push 0x266da +push ref_00026789 ; push 0x26789 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001cd57: +loc_0001ce1b: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -48388,7 +48460,7 @@ pop edi pop ebp ret -fcn_0001cd61: ; not directly referenced +fcn_0001ce25: ; not directly referenced push ebp mov eax, 0x80000002 mov ebp, esp @@ -48398,82 +48470,82 @@ push ebx sub esp, 0x1c mov ebx, dword [ebp + 0xc] test ebx, ebx -je loc_0001ce4b ; je 0x1ce4b +je loc_0001cf0f ; je 0x1cf0f lea edi, [ebp - 0x1c] -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 lea esi, [ebp - 0x20] -call fcn_0001c5b4 ; call 0x1c5b4 +call fcn_0001c678 ; call 0x1c678 push edi push esi push 0x8000000a push 1 -call fcn_0001cb4b ; call 0x1cb4b -call fcn_000153e9 ; call 0x153e9 +call fcn_0001cc0f ; call 0x1cc0f +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_0001cdb7 ; je 0x1cdb7 +je short loc_0001ce7b ; je 0x1ce7b push edx push dword [ebp - 0x20] -push ref_00026722 ; push 0x26722 +push ref_000267d1 ; push 0x267d1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001cdb7: ; not directly referenced +loc_0001ce7b: ; not directly referenced cmp dword [ebp - 0x1c], 0 -je short loc_0001cdc7 ; je 0x1cdc7 +je short loc_0001ce8b ; je 0x1ce8b -loc_0001cdbd: ; not directly referenced +loc_0001ce81: ; not directly referenced mov eax, 0x8000000e -jmp near loc_0001ce4b ; jmp 0x1ce4b +jmp near loc_0001cf0f ; jmp 0x1cf0f -loc_0001cdc7: ; not directly referenced +loc_0001ce8b: ; not directly referenced mov edx, dword [ebp - 0x20] xor eax, eax -loc_0001cdcc: ; not directly referenced +loc_0001ce90: ; not directly referenced mov ecx, edx and edx, 0x3f mov byte [ebx + eax], dl inc eax shr ecx, 6 cmp eax, 4 -je short loc_0001cde1 ; je 0x1cde1 +je short loc_0001cea5 ; je 0x1cea5 mov edx, ecx -jmp short loc_0001cdcc ; jmp 0x1cdcc +jmp short loc_0001ce90 ; jmp 0x1ce90 -loc_0001cde1: ; not directly referenced +loc_0001cea5: ; not directly referenced cmp dword [ebp + 8], 4 mov dword [ebp - 0x20], ecx -ja short loc_0001cdee ; ja 0x1cdee +ja short loc_0001ceb2 ; ja 0x1ceb2 -loc_0001cdea: ; not directly referenced +loc_0001ceae: ; not directly referenced xor eax, eax -jmp short loc_0001ce4b ; jmp 0x1ce4b +jmp short loc_0001cf0f ; jmp 0x1cf0f -loc_0001cdee: ; not directly referenced -call fcn_0001c650 ; call 0x1c650 +loc_0001ceb2: ; not directly referenced +call fcn_0001c714 ; call 0x1c714 test al, al -jne short loc_0001cdea ; jne 0x1cdea +jne short loc_0001ceae ; jne 0x1ceae push edi push esi push 0x8000000b push 1 -call fcn_0001cb4b ; call 0x1cb4b -call fcn_000153e9 ; call 0x153e9 +call fcn_0001cc0f ; call 0x1cc0f +call fcn_00015479 ; call 0x15479 add esp, 0x10 test al, al -je short loc_0001ce24 ; je 0x1ce24 +je short loc_0001cee8 ; je 0x1cee8 push eax push dword [ebp - 0x20] -push ref_00026722 ; push 0x26722 +push ref_000267d1 ; push 0x267d1 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001ce24: ; not directly referenced +loc_0001cee8: ; not directly referenced cmp dword [ebp - 0x1c], 0 -jne short loc_0001cdbd ; jne 0x1cdbd +jne short loc_0001ce81 ; jne 0x1ce81 mov eax, dword [ebp - 0x20] mov edx, eax mov cl, al @@ -48485,9 +48557,9 @@ and eax, 0x3f mov byte [ebx + 4], cl mov byte [ebx + 5], dl mov byte [ebx + 6], al -jmp short loc_0001cdea ; jmp 0x1cdea +jmp short loc_0001ceae ; jmp 0x1ceae -loc_0001ce4b: ; not directly referenced +loc_0001cf0f: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -48495,23 +48567,23 @@ pop edi pop ebp ret -fcn_0001ce53: ; not directly referenced +fcn_0001cf17: ; not directly referenced push ebp mov ebp, esp sub esp, 0x14 push 0x1b -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc leave shrd eax, edx, 8 and eax, 1 ret -fcn_0001ce69: ; not directly referenced +fcn_0001cf2d: ; not directly referenced push ebp mov ebp, esp sub esp, 0x14 push 0x35 -call fcn_000174f8 ; call 0x174f8 +call fcn_000175bc ; call 0x175bc add esp, 0x10 leave mov edx, eax @@ -48522,7 +48594,7 @@ cmp al, 1 seta al ret -fcn_0001ce8a: +fcn_0001cf4e: push ebp mov ebp, esp push ebx @@ -48532,13 +48604,13 @@ mov ebx, dword [ebp + 0xc] mov eax, dword [ebp + 0x10] mov dword [ebp - 0xc], 0 test dx, dx -jne short loc_0001cead ; jne 0x1cead +jne short loc_0001cf71 ; jne 0x1cf71 mov word [ebx], 0 -jmp short loc_0001cf00 ; jmp 0x1cf00 +jmp short loc_0001cfc4 ; jmp 0x1cfc4 -loc_0001cead: +loc_0001cf71: test al, al -jne short loc_0001cecf ; jne 0x1cecf +jne short loc_0001cf93 ; jne 0x1cf93 lea eax, [ebp - 0xc] cmp dx, 0xfff push eax @@ -48547,35 +48619,35 @@ cmovbe eax, edx movzx eax, ax push 0x3e8 shl eax, 0xa -jmp short loc_0001cee5 ; jmp 0x1cee5 +jmp short loc_0001cfa9 ; jmp 0x1cfa9 -loc_0001cecf: +loc_0001cf93: dec al -jne short loc_0001cf00 ; jne 0x1cf00 +jne short loc_0001cfc4 ; jne 0x1cfc4 lea eax, [ebp - 0xc] push eax movzx eax, dx imul eax, eax, 0x3e8 push 0x400 -loc_0001cee5: +loc_0001cfa9: cdq push edx push eax -call fcn_0001743e ; call 0x1743e +call fcn_00017502 ; call 0x17502 add esp, 0x10 cmp dword [ebp - 0xc], 0x1f3 mov word [ebx], ax -jbe short loc_0001cf00 ; jbe 0x1cf00 +jbe short loc_0001cfc4 ; jbe 0x1cfc4 inc eax mov word [ebx], ax -loc_0001cf00: +loc_0001cfc4: mov ebx, dword [ebp - 4] leave ret -fcn_0001cf05: +fcn_0001cfc9: push ebp mov ebp, esp push esi @@ -48587,18 +48659,18 @@ mov ecx, dword [ebp + 0x10] mov dword [ebp - 0xc], 0 mov word [ebx], 0 test ax, ax -je loc_0001cfaf ; je 0x1cfaf +je loc_0001d073 ; je 0x1d073 mov edx, eax test cl, cl -jne short loc_0001cf60 ; jne 0x1cf60 +jne short loc_0001d024 ; jne 0x1d024 xor esi, esi test ax, ax -jns short loc_0001cf44 ; jns 0x1cf44 +jns short loc_0001d008 ; jns 0x1d008 neg edx mov esi, 1 and dx, 0x7fff -loc_0001cf44: +loc_0001d008: lea eax, [ebp - 0xc] cmp dx, 0x1f4 push eax @@ -48607,52 +48679,52 @@ cmovle eax, edx cwde push 0x3e8 shl eax, 0xa -jmp short loc_0001cf8b ; jmp 0x1cf8b +jmp short loc_0001d04f ; jmp 0x1d04f -loc_0001cf60: +loc_0001d024: dec cl -jne short loc_0001cfaf ; jne 0x1cfaf +jne short loc_0001d073 ; jne 0x1d073 xor esi, esi test ah, 4 -je short loc_0001cf79 ; je 0x1cf79 +je short loc_0001d03d ; je 0x1d03d mov edx, eax mov esi, 1 neg edx and dx, 0x3ff -loc_0001cf79: +loc_0001d03d: lea eax, [ebp - 0xc] push eax movsx eax, dx imul eax, eax, 0x3e8 push 0x400 -loc_0001cf8b: +loc_0001d04f: cdq push edx push eax -call fcn_0001743e ; call 0x1743e +call fcn_00017502 ; call 0x17502 add esp, 0x10 cmp dword [ebp - 0xc], 0x1f3 mov word [ebx], ax -jbe short loc_0001cfa6 ; jbe 0x1cfa6 +jbe short loc_0001d06a ; jbe 0x1d06a inc eax mov word [ebx], ax -loc_0001cfa6: +loc_0001d06a: mov eax, esi test al, al -je short loc_0001cfaf ; je 0x1cfaf +je short loc_0001d073 ; je 0x1d073 neg word [ebx] -loc_0001cfaf: +loc_0001d073: lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0001cfb6: +fcn_0001d07a: push ebp mov ebp, esp push edi @@ -48663,38 +48735,38 @@ mov ebx, dword [ebp + 0xc] push 8 mov esi, dword [ebp + 8] push ebx -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff mov eax, dword [ebp + 0x10] add esp, 0x10 dec eax cmp eax, 0x14 -ja loc_0001d10c ; ja 0x1d10c -jmp dword [eax*4 + ref_0002057c] ; ujmp: jmp dword [eax*4 + 0x2057c] +ja loc_0001d1d0 ; ja 0x1d1d0 +jmp dword [eax*4 + ref_0002060c] ; ujmp: jmp dword [eax*4 + 0x2060c] -loc_0001cfe4: +loc_0001d0a8: mov dword [ebx], 0 mov byte [ebx + 4], 1 mov al, byte [esi + 4] -jmp short loc_0001d019 ; jmp 0x1d019 +jmp short loc_0001d0dd ; jmp 0x1d0dd -loc_0001cff3: +loc_0001d0b7: mov dword [ebx], 0 mov byte [ebx + 4], 2 mov byte [ebx + 5], 0 mov al, byte [esi + 4] mov byte [ebx + 6], al -jmp near loc_0001d129 ; jmp 0x1d129 +jmp near loc_0001d1ed ; jmp 0x1d1ed -loc_0001d00c: +loc_0001d0d0: mov dword [ebx], 0 mov byte [ebx + 4], 0x10 mov al, byte [esi + 6] -loc_0001d019: +loc_0001d0dd: mov byte [ebx + 5], al -jmp near loc_0001d129 ; jmp 0x1d129 +jmp near loc_0001d1ed ; jmp 0x1d1ed -loc_0001d021: +loc_0001d0e5: mov al, byte [esi] lea edi, [ebp - 0x1e] push ecx @@ -48704,7 +48776,7 @@ mov byte [ebp - 0x1c], al movzx eax, word [esi + 2] mov word [ebp - 0x1e], 0 push eax -call fcn_0001ce8a ; call 0x1ce8a +call fcn_0001cf4e ; call 0x1cf4e movzx edx, word [ebp - 0x1e] add esp, 0xc mov eax, dword [ebp - 0x1c] @@ -48725,7 +48797,7 @@ or eax, edx mov byte [ebp - 0x1a], al movsx eax, word [esi + 4] push eax -call fcn_0001cf05 ; call 0x1cf05 +call fcn_0001cfc9 ; call 0x1cfc9 mov ax, word [ebp - 0x1a] add esp, 0xc mov dx, word [ebp - 0x1e] @@ -48737,25 +48809,25 @@ mov word [ebp - 0x1a], ax lea eax, [ebp - 0x1c] push eax push ebx -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov byte [ebx + 4], 0x11 mov al, byte [esi + 6] mov byte [ebx + 5], al -jmp short loc_0001d126 ; jmp 0x1d126 +jmp short loc_0001d1ea ; jmp 0x1d1ea -loc_0001d0b0: +loc_0001d174: mov dword [ebx], 0 mov byte [ebx + 4], 0x12 -jmp short loc_0001d106 ; jmp 0x1d106 +jmp short loc_0001d1ca ; jmp 0x1d1ca -loc_0001d0bc: +loc_0001d180: push edx push 0 lea eax, [ebp - 0x1e] push eax movzx eax, word [esi] push eax -call fcn_0001ce8a ; call 0x1ce8a +call fcn_0001cf4e ; call 0x1cf4e movzx eax, byte [esi + 2] movzx edx, word [ebp - 0x1e] mov byte [ebx + 4], 0x13 @@ -48763,14 +48835,14 @@ mov byte [ebx + 5], 0 shl eax, 0x1f or eax, edx mov dword [ebx], eax -jmp short loc_0001d126 ; jmp 0x1d126 +jmp short loc_0001d1ea ; jmp 0x1d1ea -loc_0001d0e5: +loc_0001d1a9: mov dword [ebx], 0 mov byte [ebx + 4], 0x14 -jmp short loc_0001d106 ; jmp 0x1d106 +jmp short loc_0001d1ca ; jmp 0x1d1ca -loc_0001d0f1: +loc_0001d1b5: mov al, byte [esi + 1] mov dl, byte [esi] mov byte [ebx + 4], 0x15 @@ -48780,24 +48852,24 @@ and edx, 1 or eax, edx mov dword [ebx], eax -loc_0001d106: +loc_0001d1ca: mov byte [ebx + 5], 0 -jmp short loc_0001d129 ; jmp 0x1d129 +jmp short loc_0001d1ed ; jmp 0x1d1ed -loc_0001d10c: -call fcn_000153e9 ; call 0x153e9 +loc_0001d1d0: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001d129 ; je 0x1d129 +je short loc_0001d1ed ; je 0x1d1ed push eax push eax -push ref_00026752 ; push 0x26752 +push ref_00026801 ; push 0x26801 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 -loc_0001d126: +loc_0001d1ea: add esp, 0x10 -loc_0001d129: +loc_0001d1ed: lea esp, [ebp - 0xc] pop ebx pop esi @@ -48805,7 +48877,7 @@ pop edi pop ebp ret -fcn_0001d131: +fcn_0001d1f5: push ebp mov ebp, esp push edi @@ -48817,22 +48889,22 @@ push 8 mov edi, dword [ebp + 0xc] lea esi, [ebp - 0x20] push esi -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff add esp, 0xc push 0x10 push esi push ebx -call fcn_0001cfb6 ; call 0x1cfb6 +call fcn_0001d07a ; call 0x1d07a push edi push esi push dword [ebp - 0x1c] push 2 -call fcn_0001cb4b ; call 0x1cb4b +call fcn_0001cc0f ; call 0x1cc0f add esp, 0x20 test eax, eax -jne short loc_0001d1b0 ; jne 0x1d1b0 +jne short loc_0001d274 ; jne 0x1d274 cmp dword [edi], 0 -jne short loc_0001d1b0 ; jne 0x1d1b0 +jne short loc_0001d274 ; jne 0x1d274 mov edx, dword [ebp - 0x20] mov dword [ebp - 0x2c], eax mov ecx, edx @@ -48847,18 +48919,18 @@ push eax push 1 push ecx push edx -call fcn_0001ce8a ; call 0x1ce8a +call fcn_0001cf4e ; call 0x1cf4e mov edx, dword [ebp - 0x20] add esp, 0xc push 1 push ebx shr edx, 0x15 push edx -call fcn_0001cf05 ; call 0x1cf05 +call fcn_0001cfc9 ; call 0x1cfc9 mov eax, dword [ebp - 0x2c] add esp, 0x10 -loc_0001d1b0: +loc_0001d274: lea esp, [ebp - 0xc] pop ebx pop esi @@ -48866,7 +48938,7 @@ pop edi pop ebp ret -fcn_0001d1b8: +fcn_0001d27c: push ebp mov ebp, esp sub esp, 0x1c @@ -48875,16 +48947,16 @@ lea eax, [ebp - 0x10] push eax lea eax, [ebp + 8] push eax -call fcn_0001cfb6 ; call 0x1cfb6 +call fcn_0001d07a ; call 0x1d07a push dword [ebp + 0x10] push dword [ebp - 0x10] push dword [ebp - 0xc] push 2 -call fcn_0001c938 ; call 0x1c938 +call fcn_0001c9fc ; call 0x1c9fc leave ret -fcn_0001d1df: ; not directly referenced +fcn_0001d2a3: ; not directly referenced push ebp mov ebp, esp push edi @@ -48896,22 +48968,22 @@ push 8 mov edi, dword [ebp + 0xc] lea esi, [ebp - 0x20] push esi -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff add esp, 0xc push 0x14 push esi push ebx -call fcn_0001cfb6 ; call 0x1cfb6 +call fcn_0001d07a ; call 0x1d07a push edi push esi push dword [ebp - 0x1c] push 2 -call fcn_0001cb4b ; call 0x1cb4b +call fcn_0001cc0f ; call 0x1cc0f add esp, 0x20 test eax, eax -jne short loc_0001d22f ; jne 0x1d22f +jne short loc_0001d2f3 ; jne 0x1d2f3 cmp dword [edi], 0 -jne short loc_0001d22f ; jne 0x1d22f +jne short loc_0001d2f3 ; jne 0x1d2f3 mov edx, dword [ebp - 0x20] mov cl, dl and edx, 2 @@ -48920,7 +48992,7 @@ shr edx, 1 mov byte [ebx], cl mov byte [ebx + 1], dl -loc_0001d22f: ; not directly referenced +loc_0001d2f3: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -48928,7 +49000,7 @@ pop edi pop ebp ret -fcn_0001d237: ; not directly referenced +fcn_0001d2fb: ; not directly referenced push ebp mov ebp, esp sub esp, 0x1c @@ -48937,16 +49009,16 @@ lea eax, [ebp - 0x10] push eax lea eax, [ebp + 8] push eax -call fcn_0001cfb6 ; call 0x1cfb6 +call fcn_0001d07a ; call 0x1d07a push dword [ebp + 0xc] push dword [ebp - 0x10] push dword [ebp - 0xc] push 2 -call fcn_0001c938 ; call 0x1c938 +call fcn_0001c9fc ; call 0x1c9fc leave ret -fcn_0001d25e: ; not directly referenced +fcn_0001d322: ; not directly referenced push ebp mov ebp, esp push edi @@ -48958,22 +49030,22 @@ push 8 mov edi, dword [ebp + 0xc] lea esi, [ebp - 0x20] push esi -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff add esp, 0xc push 0x12 push esi push ebx -call fcn_0001cfb6 ; call 0x1cfb6 +call fcn_0001d07a ; call 0x1d07a push edi push esi push dword [ebp - 0x1c] push 2 -call fcn_0001cb4b ; call 0x1cb4b +call fcn_0001cc0f ; call 0x1cc0f add esp, 0x20 test eax, eax -jne short loc_0001d2af ; jne 0x1d2af +jne short loc_0001d373 ; jne 0x1d373 cmp dword [edi], 0 -jne short loc_0001d2af ; jne 0x1d2af +jne short loc_0001d373 ; jne 0x1d373 mov edx, dword [ebp - 0x20] mov ecx, edx and cx, 0xfff @@ -48981,7 +49053,7 @@ shr edx, 0x1f mov word [ebx], cx mov byte [ebx + 2], dl -loc_0001d2af: ; not directly referenced +loc_0001d373: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -48989,7 +49061,7 @@ pop edi pop ebp ret -fcn_0001d2b7: ; not directly referenced +fcn_0001d37b: ; not directly referenced push ebp mov ebp, esp sub esp, 0x1c @@ -48998,16 +49070,16 @@ lea eax, [ebp - 0x10] push eax lea eax, [ebp + 8] push eax -call fcn_0001cfb6 ; call 0x1cfb6 +call fcn_0001d07a ; call 0x1d07a push dword [ebp + 0xc] push dword [ebp - 0x10] push dword [ebp - 0xc] push 2 -call fcn_0001c938 ; call 0x1c938 +call fcn_0001c9fc ; call 0x1c9fc leave ret -fcn_0001d2de: +fcn_0001d3a2: push ebp mov ebp, esp push edi @@ -49019,22 +49091,22 @@ push 8 mov edi, dword [ebp + 0xc] lea esi, [ebp - 0x20] push esi -call fcn_00016f3b ; call 0x16f3b +call fcn_00016fff ; call 0x16fff add esp, 0xc push 1 push esi push ebx -call fcn_0001cfb6 ; call 0x1cfb6 +call fcn_0001d07a ; call 0x1d07a push edi push esi push dword [ebp - 0x1c] push 2 -call fcn_0001cb4b ; call 0x1cb4b +call fcn_0001cc0f ; call 0x1cc0f add esp, 0x20 test eax, eax -jne short loc_0001d349 ; jne 0x1d349 +jne short loc_0001d40d ; jne 0x1d40d cmp dword [edi], 0 -jne short loc_0001d349 ; jne 0x1d349 +jne short loc_0001d40d ; jne 0x1d40d mov edx, dword [ebp - 0x20] mov ecx, edx and ecx, 0x100 @@ -49049,7 +49121,7 @@ shr edx, 0xa mov byte [ebx + 2], cl mov byte [ebx + 3], dl -loc_0001d349: +loc_0001d40d: lea esp, [ebp - 0xc] pop ebx pop esi @@ -49057,50 +49129,50 @@ pop edi pop ebp ret -fcn_0001d351: ; not directly referenced +fcn_0001d415: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -mov edx, dword [ref_00031230] ; mov edx, dword [0x31230] +mov edx, dword [ref_000312e0] ; mov edx, dword [0x312e0] mov eax, dword [ebp + 0xc] add eax, 3 and eax, 0xfffffffc test edx, edx -jne short loc_0001d376 ; jne 0x1d376 -mov dword [ref_00031234], ref_00029d00 ; mov dword [0x31234], 0x29d00 -jmp short loc_0001d39c ; jmp 0x1d39c +jne short loc_0001d43a ; jne 0x1d43a +mov dword [ref_000312e4], ref_00029db0 ; mov dword [0x312e4], 0x29db0 +jmp short loc_0001d460 ; jmp 0x1d460 -loc_0001d376: ; not directly referenced -mov ecx, dword [ref_00031234] ; mov ecx, dword [0x31234] +loc_0001d43a: ; not directly referenced +mov ecx, dword [ref_000312e4] ; mov ecx, dword [0x312e4] cmp dword [ecx + edx], 0x900ddea1 -je short loc_0001d39c ; je 0x1d39c +je short loc_0001d460 ; je 0x1d460 push eax push 0x3d -push ref_000205d0 ; push 0x205d0 -push ref_00026773 ; push 0x26773 -call fcn_000153ce ; call 0x153ce +push ref_00020660 ; push 0x20660 +push ref_00026822 ; push 0x26822 +call fcn_0001545e ; call 0x1545e add esp, 0x10 -loc_0001d39a: ; not directly referenced -jmp short loc_0001d39a ; jmp 0x1d39a +loc_0001d45e: ; not directly referenced +jmp short loc_0001d45e ; jmp 0x1d45e -loc_0001d39c: ; not directly referenced +loc_0001d460: ; not directly referenced lea ecx, [eax + edx] cmp ecx, 0x752c -jbe short loc_0001d3be ; jbe 0x1d3be +jbe short loc_0001d482 ; jbe 0x1d482 push eax push 0x4b -push ref_000205d0 ; push 0x205d0 -push ref_00026793 ; push 0x26793 -call fcn_000153ce ; call 0x153ce +push ref_00020660 ; push 0x20660 +push ref_00026842 ; push 0x26842 +call fcn_0001545e ; call 0x1545e add esp, 0x10 -loc_0001d3bc: ; not directly referenced -jmp short loc_0001d3bc ; jmp 0x1d3bc +loc_0001d480: ; not directly referenced +jmp short loc_0001d480 ; jmp 0x1d480 -loc_0001d3be: ; not directly referenced -mov eax, dword [ref_00031234] ; mov eax, dword [0x31234] -mov dword [ref_00031230], ecx ; mov dword [0x31230], ecx +loc_0001d482: ; not directly referenced +mov eax, dword [ref_000312e4] ; mov eax, dword [0x312e4] +mov dword [ref_000312e0], ecx ; mov dword [0x312e0], ecx mov dword [eax + ecx], 0x900ddea1 mov ecx, dword [ebp + 0x10] add edx, eax @@ -49109,7 +49181,7 @@ mov dword [ecx], edx leave ret -fcn_0001d3db: ; not directly referenced +fcn_0001d49f: ; not directly referenced push ebp mov ebp, esp push edi @@ -49120,31 +49192,31 @@ mov eax, dword [ebp + 0xc] mov edi, dword [ebp + 0x10] mov ebx, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax -call fcn_00016376 ; call 0x16376 +call fcn_00016406 ; call 0x16406 movzx esi, di sub esp, 0xc mov dword [ebp - 0x20], eax lea eax, [esi + 0xc] push eax -call fcn_00019c79 ; call 0x19c79 +call fcn_00019d3d ; call 0x19d3d add esp, 0x10 mov ecx, dword [ebp - 0x20] test eax, eax mov edx, eax -jne short loc_0001d437 ; jne 0x1d437 -call fcn_000153e9 ; call 0x153e9 +jne short loc_0001d4fb ; jne 0x1d4fb +call fcn_00015479 ; call 0x15479 mov edi, 0x80000009 test al, al -je short loc_0001d49b ; je 0x1d49b +je short loc_0001d55f ; je 0x1d55f push eax push esi -push ref_000267b9 ; push 0x267b9 +push ref_00026868 ; push 0x26868 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -jmp short loc_0001d49b ; jmp 0x1d49b +jmp short loc_0001d55f ; jmp 0x1d55f -loc_0001d437: ; not directly referenced +loc_0001d4fb: ; not directly referenced lea eax, [eax + 4] mov dword [ebx], eax mov eax, dword [ebp - 0x1c] @@ -49162,20 +49234,20 @@ mov dword [eax + 4], 0 mov eax, dword [ecx + 0x26c] mov dword [edx], eax mov dword [ecx + 0x26c], edx -call fcn_000153e9 ; call 0x153e9 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001d49b ; je 0x1d49b +je short loc_0001d55f ; je 0x1d55f sub esp, 0xc movzx eax, word [ebp - 0x1c] push dword [ebx] push esi push eax -push ref_000267df ; push 0x267df +push ref_0002688e ; push 0x2688e push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x20 -loc_0001d49b: ; not directly referenced +loc_0001d55f: ; not directly referenced lea esp, [ebp - 0xc] mov eax, edi pop ebx @@ -49184,11 +49256,11 @@ pop edi pop ebp ret -fcn_0001d4a5: ; not directly referenced +fcn_0001d569: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_00016376 ; call 0x16376 +call fcn_00016406 ; call 0x16406 mov edx, dword [eax + 0x26c] mov eax, dword [ebp + 0xc] add edx, 4 @@ -49197,208 +49269,208 @@ xor eax, eax leave ret -fcn_0001d4c2: +fcn_0001d586: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x3c -call fcn_00016380 ; call 0x16380 +call fcn_00016410 ; call 0x16410 sub esp, 0xc push 0x27 mov edi, eax -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001d4fe ; je 0x1d4fe +je short loc_0001d5c2 ; je 0x1d5c2 cmp dword [ebp - 0x1c], 0 -jne short loc_0001d508 ; jne 0x1d508 +jne short loc_0001d5cc ; jne 0x1d5cc push edi -push ref_000267f9 ; push 0x267f9 +push ref_000268a8 ; push 0x268a8 push 0x41 -jmp near loc_0001d666 ; jmp 0x1d666 +jmp near loc_0001d72a ; jmp 0x1d72a -loc_0001d4fe: +loc_0001d5c2: cmp dword [ebp - 0x1c], 0 -je loc_0001d673 ; je 0x1d673 +je loc_0001d737 ; je 0x1d737 -loc_0001d508: +loc_0001d5cc: sub esp, 0xc push 0xc -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov dword [ebp - 0x20], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001d534 ; je 0x1d534 +je short loc_0001d5f8 ; je 0x1d5f8 cmp dword [ebp - 0x20], 0 -jne short loc_0001d53e ; jne 0x1d53e +jne short loc_0001d602 ; jne 0x1d602 push esi -push ref_00026839 ; push 0x26839 +push ref_000268e8 ; push 0x268e8 push 0x47 -jmp near loc_0001d666 ; jmp 0x1d666 +jmp near loc_0001d72a ; jmp 0x1d72a -loc_0001d534: +loc_0001d5f8: cmp dword [ebp - 0x20], 0 -je loc_0001d673 ; je 0x1d673 +je loc_0001d737 ; je 0x1d737 -loc_0001d53e: +loc_0001d602: sub esp, 0xc push 0x36 -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov dword [ebp - 0x24], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001d56a ; je 0x1d56a +je short loc_0001d62e ; je 0x1d62e cmp dword [ebp - 0x24], 0 -jne short loc_0001d574 ; jne 0x1d574 +jne short loc_0001d638 ; jne 0x1d638 push ebx -push ref_00026861 ; push 0x26861 +push ref_00026910 ; push 0x26910 push 0x4d -jmp near loc_0001d666 ; jmp 0x1d666 +jmp near loc_0001d72a ; jmp 0x1d72a -loc_0001d56a: +loc_0001d62e: cmp dword [ebp - 0x24], 0 -je loc_0001d673 ; je 0x1d673 +je loc_0001d737 ; je 0x1d737 -loc_0001d574: +loc_0001d638: sub esp, 0xc push 0xd -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov dword [ebp - 0x28], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001d5a0 ; je 0x1d5a0 +je short loc_0001d664 ; je 0x1d664 cmp dword [ebp - 0x28], 0 -jne short loc_0001d5aa ; jne 0x1d5aa +jne short loc_0001d66e ; jne 0x1d66e push ecx -push ref_0002687e ; push 0x2687e +push ref_0002692d ; push 0x2692d push 0x53 -jmp near loc_0001d666 ; jmp 0x1d666 +jmp near loc_0001d72a ; jmp 0x1d72a -loc_0001d5a0: +loc_0001d664: cmp dword [ebp - 0x28], 0 -je loc_0001d673 ; je 0x1d673 +je loc_0001d737 ; je 0x1d737 -loc_0001d5aa: +loc_0001d66e: sub esp, 0xc push 0x102 -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001d5d6 ; je 0x1d5d6 +je short loc_0001d69a ; je 0x1d69a test ebx, ebx -jne short loc_0001d5de ; jne 0x1d5de +jne short loc_0001d6a2 ; jne 0x1d6a2 push edx -push ref_00026897 ; push 0x26897 +push ref_00026946 ; push 0x26946 push 0x59 -jmp near loc_0001d666 ; jmp 0x1d666 +jmp near loc_0001d72a ; jmp 0x1d72a -loc_0001d5d6: +loc_0001d69a: test ebx, ebx -je loc_0001d673 ; je 0x1d673 +je loc_0001d737 ; je 0x1d737 -loc_0001d5de: +loc_0001d6a2: sub esp, 0xc push 0xdc -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001d607 ; je 0x1d607 +je short loc_0001d6cb ; je 0x1d6cb test esi, esi -jne short loc_0001d60b ; jne 0x1d60b +jne short loc_0001d6cf ; jne 0x1d6cf push eax -push ref_000268b1 ; push 0x268b1 +push ref_00026960 ; push 0x26960 push 0x5f -jmp short loc_0001d666 ; jmp 0x1d666 +jmp short loc_0001d72a ; jmp 0x1d72a -loc_0001d607: +loc_0001d6cb: test esi, esi -je short loc_0001d673 ; je 0x1d673 +je short loc_0001d737 ; je 0x1d737 -loc_0001d60b: +loc_0001d6cf: sub esp, 0xc push 0x6b -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov dword [ebp - 0x2c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 mov edx, dword [ebp - 0x2c] test al, al -je short loc_0001d635 ; je 0x1d635 +je short loc_0001d6f9 ; je 0x1d6f9 test edx, edx -jne short loc_0001d639 ; jne 0x1d639 +jne short loc_0001d6fd ; jne 0x1d6fd push eax -push ref_000268d0 ; push 0x268d0 +push ref_0002697f ; push 0x2697f push 0x65 -jmp short loc_0001d666 ; jmp 0x1d666 +jmp short loc_0001d72a ; jmp 0x1d72a -loc_0001d635: +loc_0001d6f9: test edx, edx -je short loc_0001d673 ; je 0x1d673 +je short loc_0001d737 ; je 0x1d737 -loc_0001d639: +loc_0001d6fd: sub esp, 0xc push 5 mov dword [ebp - 0x30], edx -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov dword [ebp - 0x2c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 mov edx, dword [ebp - 0x30] test al, al -je short loc_0001d67d ; je 0x1d67d +je short loc_0001d741 ; je 0x1d741 cmp dword [ebp - 0x2c], 0 -jne short loc_0001d683 ; jne 0x1d683 +jne short loc_0001d747 ; jne 0x1d747 push eax -push ref_000268eb ; push 0x268eb +push ref_0002699a ; push 0x2699a push 0x6b -loc_0001d666: -push ref_0002681d ; push 0x2681d -call fcn_000153fc ; call 0x153fc +loc_0001d72a: +push ref_000268cc ; push 0x268cc +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001d673: +loc_0001d737: mov edx, 0x80000009 -jmp near loc_0001dee4 ; jmp 0x1dee4 +jmp near loc_0001dfa8 ; jmp 0x1dfa8 -loc_0001d67d: +loc_0001d741: cmp dword [ebp - 0x2c], 0 -je short loc_0001d673 ; je 0x1d673 +je short loc_0001d737 ; je 0x1d737 -loc_0001d683: +loc_0001d747: sub esp, 0xc push 0x11 mov dword [ebp - 0x34], edx -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov dword [ebp - 0x30], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 mov edx, dword [ebp - 0x34] test al, al -je short loc_0001d6b2 ; je 0x1d6b2 +je short loc_0001d776 ; je 0x1d776 cmp dword [ebp - 0x30], 0 -jne short loc_0001d6b8 ; jne 0x1d6b8 +jne short loc_0001d77c ; jne 0x1d77c push eax -push ref_00026907 ; push 0x26907 +push ref_000269b6 ; push 0x269b6 push 0x71 -jmp short loc_0001d666 ; jmp 0x1d666 +jmp short loc_0001d72a ; jmp 0x1d72a -loc_0001d6b2: +loc_0001d776: cmp dword [ebp - 0x30], 0 -je short loc_0001d673 ; je 0x1d673 +je short loc_0001d737 ; je 0x1d737 -loc_0001d6b8: +loc_0001d77c: lea eax, [edi + 0xce] mov dword [esi + 0xd0], eax lea eax, [edi + 0x8ce] @@ -49410,14 +49482,14 @@ push 0 push 0x27 push dword [ebp - 0x1c] mov dword [ebp - 0x40], edx -call fcn_0001efeb ; call 0x1efeb +call fcn_0001f079 ; call 0x1f079 mov eax, dword [ebp - 0x20] mov ecx, dword [ebp - 0x1c] mov dword [eax], 0x80000010 mov dword [eax + 8], ecx -mov dword [eax + 4], ref_0002925c ; mov dword [eax + 4], 0x2925c +mov dword [eax + 4], ref_0002930c ; mov dword [eax + 4], 0x2930c mov byte [ecx], 0x13 -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 add esp, 0x10 mov edx, dword [ebp - 0x40] cmp eax, 0x306d0 @@ -49429,19 +49501,19 @@ mov byte [ebp - 0x34], al or al, cl mov byte [ebp - 0x39], cl mov byte [ebp - 0x3a], al -je short loc_0001d74d ; je 0x1d74d +je short loc_0001d811 ; je 0x1d811 push eax push 0 push 2 push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov edx, dword [ebp - 0x40] add esp, 0x10 -loc_0001d74d: +loc_0001d811: mov al, byte [edi + 0x42] mov dword [ebp - 0x40], edx mov edx, dword [ebp - 0x24] @@ -49525,14 +49597,14 @@ mov byte [ebx + 0x71], 0 mov byte [ebx + 0x72], 0 mov byte [ebx + 0x73], 0 mov byte [ebx + 0x74], 1 -jne short loc_0001d8ad ; jne 0x1d8ad +jne short loc_0001d971 ; jne 0x1d971 cmp byte [ebp - 0x34], 0 -je short loc_0001d8b1 ; je 0x1d8b1 +je short loc_0001d975 ; je 0x1d975 -loc_0001d8ad: +loc_0001d971: mov byte [ebx + 0x75], 0 -loc_0001d8b1: +loc_0001d975: mov al, byte [edi + 0x46] mov byte [ebx + 0x77], 1 mov byte [ebx + 0x78], 0 @@ -49592,15 +49664,15 @@ mov byte [ebx + 0xaf], 0 sete byte [ebx + 0xac] mov byte [ebx + 0xb0], 0x30 test cl, cl -jne short loc_0001da31 ; jne 0x1da31 +jne short loc_0001daf5 ; jne 0x1daf5 cmp byte [ebp - 0x34], 0 -je short loc_0001da3f ; je 0x1da3f +je short loc_0001db03 ; je 0x1db03 -loc_0001da31: +loc_0001daf5: mov byte [ebx + 0xb1], 1 mov byte [ebx + 0xb2], 0x40 -loc_0001da3f: +loc_0001db03: mov byte [ebx + 0x101], 0xff mov byte [ebx + 0x2e], 1 mov byte [ebx + 0x2f], 0 @@ -49655,15 +49727,15 @@ mov byte [ebx + 0xc7], 0 mov al, byte [edi + 0x4a] mov byte [ebx + 0x57], al test cl, cl -jne short loc_0001db3b ; jne 0x1db3b +jne short loc_0001dbff ; jne 0x1dbff cmp byte [ebp - 0x34], 0 -jmp short loc_0001db42 ; jmp 0x1db42 +jmp short loc_0001dc06 ; jmp 0x1dc06 -loc_0001db3b: +loc_0001dbff: cmp dword [ebp - 0x38], 0x40650 -loc_0001db42: -je short loc_0001dbc3 ; je 0x1dbc3 +loc_0001dc06: +je short loc_0001dc87 ; je 0x1dc87 mov byte [ebx + 0xfc], 0 mov byte [ebx + 0xd1], 0 mov dword [ebx + 0xd2], 0 @@ -49679,84 +49751,84 @@ mov dword [ebx + 0xf5], 0x320 mov word [ebx + 0xf9], 0x118 mov byte [ebx + 0xfb], 7 -loc_0001dbc3: +loc_0001dc87: push ecx push 0 push 0 push 0 mov dword [ebp - 0x24], edx -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 mov edx, dword [ebp - 0x24] mov ecx, eax and ch, 0xfe cmp cx, 0xc04 -je short loc_0001dc0a ; je 0x1dc0a +je short loc_0001dcce ; je 0x1dcce mov ecx, eax and ecx, 0xfffffff7 cmp cx, 0xa04 -je short loc_0001dc0a ; je 0x1dc0a +je short loc_0001dcce ; je 0x1dcce and eax, 0xffffffef cmp ax, 0x1604 sete al movzx eax, al -jmp short loc_0001dc0f ; jmp 0x1dc0f +jmp short loc_0001dcd3 ; jmp 0x1dcd3 -loc_0001dc0a: +loc_0001dcce: mov eax, 1 -loc_0001dc0f: +loc_0001dcd3: mov byte [ebx + 0xc6], al mov word [ebx + 0xc8], 0xcf8 mov word [ebx + 0xca], 0xcfc mov byte [ebx + 0xcc], 0xaa -mov dword [esi], fcn_00018e1d ; mov dword [esi], 0x18e1d -mov dword [esi + 4], fcn_00018e32 ; mov dword [esi + 4], 0x18e32 -mov dword [esi + 8], fcn_00018ea0 ; mov dword [esi + 8], 0x18ea0 -mov dword [esi + 0xc], fcn_00018e26 ; mov dword [esi + 0xc], 0x18e26 -mov dword [esi + 0x10], fcn_00018e63 ; mov dword [esi + 0x10], 0x18e63 -mov dword [esi + 0x14], fcn_00018ed3 ; mov dword [esi + 0x14], 0x18ed3 -mov dword [esi + 0x18], fcn_00017cc7 ; mov dword [esi + 0x18], 0x17cc7 -mov dword [esi + 0x1c], fcn_00017cfe ; mov dword [esi + 0x1c], 0x17cfe -mov dword [esi + 0x20], fcn_00017d8a ; mov dword [esi + 0x20], 0x17d8a -mov dword [esi + 0x24], fcn_00017e14 ; mov dword [esi + 0x24], 0x17e14 -mov dword [esi + 0x28], fcn_00017ce1 ; mov dword [esi + 0x28], 0x17ce1 -mov dword [esi + 0x2c], fcn_00017d40 ; mov dword [esi + 0x2c], 0x17d40 -mov dword [esi + 0x30], fcn_00017dcb ; mov dword [esi + 0x30], 0x17dcb -mov dword [esi + 0x34], fcn_00016a52 ; mov dword [esi + 0x34], 0x16a52 -mov dword [esi + 0x38], fcn_0001a1be ; mov dword [esi + 0x38], 0x1a1be -mov dword [esi + 0x3c], fcn_0001a2b8 ; mov dword [esi + 0x3c], 0x1a2b8 -mov dword [esi + 0x40], fcn_0001a236 ; mov dword [esi + 0x40], 0x1a236 -mov dword [esi + 0x44], fcn_0001a331 ; mov dword [esi + 0x44], 0x1a331 -mov dword [esi + 0x48], fcn_00016740 ; mov dword [esi + 0x48], 0x16740 -mov dword [esi + 0x4c], fcn_0001676e ; mov dword [esi + 0x4c], 0x1676e -mov dword [esi + 0x50], fcn_000167d1 ; mov dword [esi + 0x50], 0x167d1 -mov dword [esi + 0x54], fcn_000169be ; mov dword [esi + 0x54], 0x169be -mov dword [esi + 0x58], fcn_0001707a ; mov dword [esi + 0x58], 0x1707a -mov dword [esi + 0x5c], fcn_0001efeb ; mov dword [esi + 0x5c], 0x1efeb -mov dword [esi + 0x60], fcn_000169f9 ; mov dword [esi + 0x60], 0x169f9 -mov dword [esi + 0x64], fcn_00016a12 ; mov dword [esi + 0x64], 0x16a12 -mov dword [esi + 0x68], fcn_0001fd4c ; mov dword [esi + 0x68], 0x1fd4c -mov dword [esi + 0x6c], fcn_0001718b ; mov dword [esi + 0x6c], 0x1718b -mov dword [esi + 0x70], fcn_0001fd96 ; mov dword [esi + 0x70], 0x1fd96 -mov dword [esi + 0x74], fcn_0001fd9f ; mov dword [esi + 0x74], 0x1fd9f +mov dword [esi], fcn_00018ee1 ; mov dword [esi], 0x18ee1 +mov dword [esi + 4], fcn_00018ef6 ; mov dword [esi + 4], 0x18ef6 +mov dword [esi + 8], fcn_00018f64 ; mov dword [esi + 8], 0x18f64 +mov dword [esi + 0xc], fcn_00018eea ; mov dword [esi + 0xc], 0x18eea +mov dword [esi + 0x10], fcn_00018f27 ; mov dword [esi + 0x10], 0x18f27 +mov dword [esi + 0x14], fcn_00018f97 ; mov dword [esi + 0x14], 0x18f97 +mov dword [esi + 0x18], fcn_00017d8b ; mov dword [esi + 0x18], 0x17d8b +mov dword [esi + 0x1c], fcn_00017dc2 ; mov dword [esi + 0x1c], 0x17dc2 +mov dword [esi + 0x20], fcn_00017e4e ; mov dword [esi + 0x20], 0x17e4e +mov dword [esi + 0x24], fcn_00017ed8 ; mov dword [esi + 0x24], 0x17ed8 +mov dword [esi + 0x28], fcn_00017da5 ; mov dword [esi + 0x28], 0x17da5 +mov dword [esi + 0x2c], fcn_00017e04 ; mov dword [esi + 0x2c], 0x17e04 +mov dword [esi + 0x30], fcn_00017e8f ; mov dword [esi + 0x30], 0x17e8f +mov dword [esi + 0x34], fcn_00016afd ; mov dword [esi + 0x34], 0x16afd +mov dword [esi + 0x38], fcn_0001a282 ; mov dword [esi + 0x38], 0x1a282 +mov dword [esi + 0x3c], fcn_0001a37c ; mov dword [esi + 0x3c], 0x1a37c +mov dword [esi + 0x40], fcn_0001a2fa ; mov dword [esi + 0x40], 0x1a2fa +mov dword [esi + 0x44], fcn_0001a3f5 ; mov dword [esi + 0x44], 0x1a3f5 +mov dword [esi + 0x48], fcn_000167d0 ; mov dword [esi + 0x48], 0x167d0 +mov dword [esi + 0x4c], fcn_000167fe ; mov dword [esi + 0x4c], 0x167fe +mov dword [esi + 0x50], fcn_00016861 ; mov dword [esi + 0x50], 0x16861 +mov dword [esi + 0x54], fcn_00016a4e ; mov dword [esi + 0x54], 0x16a4e +mov dword [esi + 0x58], fcn_0001713e ; mov dword [esi + 0x58], 0x1713e +mov dword [esi + 0x5c], fcn_0001f079 ; mov dword [esi + 0x5c], 0x1f079 +mov dword [esi + 0x60], fcn_00016a89 ; mov dword [esi + 0x60], 0x16a89 +mov dword [esi + 0x64], fcn_00016aa2 ; mov dword [esi + 0x64], 0x16aa2 +mov dword [esi + 0x68], fcn_0001fdda ; mov dword [esi + 0x68], 0x1fdda +mov dword [esi + 0x6c], fcn_0001724f ; mov dword [esi + 0x6c], 0x1724f +mov dword [esi + 0x70], fcn_0001fe24 ; mov dword [esi + 0x70], 0x1fe24 +mov dword [esi + 0x74], fcn_0001fe2d ; mov dword [esi + 0x74], 0x1fe2d mov eax, dword [ebp - 0x1c] -mov dword [esi + 0x78], fcn_0001667c ; mov dword [esi + 0x78], 0x1667c -mov dword [esi + 0x7c], fcn_00016a80 ; mov dword [esi + 0x7c], 0x16a80 -mov dword [esi + 0x80], fcn_0001cb4b ; mov dword [esi + 0x80], 0x1cb4b -mov dword [esi + 0x84], fcn_0001c938 ; mov dword [esi + 0x84], 0x1c938 -mov dword [esi + 0x88], fcn_00016ae0 ; mov dword [esi + 0x88], 0x16ae0 -mov dword [esi + 0x8c], fcn_00016ae7 ; mov dword [esi + 0x8c], 0x16ae7 -mov dword [esi + 0x90], fcn_00016aef ; mov dword [esi + 0x90], 0x16aef -mov dword [esi + 0x94], fcn_00016b18 ; mov dword [esi + 0x94], 0x16b18 -mov dword [esi + 0x98], fcn_0001671d ; mov dword [esi + 0x98], 0x1671d -mov dword [esi + 0x9c], fcn_00016792 ; mov dword [esi + 0x9c], 0x16792 -mov dword [esi + 0xa0], fcn_000174f8 ; mov dword [esi + 0xa0], 0x174f8 -mov dword [esi + 0xa4], fcn_00017502 ; mov dword [esi + 0xa4], 0x17502 -mov dword [esi + 0xa8], fcn_00016b8c ; mov dword [esi + 0xa8], 0x16b8c +mov dword [esi + 0x78], fcn_0001670c ; mov dword [esi + 0x78], 0x1670c +mov dword [esi + 0x7c], fcn_00016b44 ; mov dword [esi + 0x7c], 0x16b44 +mov dword [esi + 0x80], fcn_0001cc0f ; mov dword [esi + 0x80], 0x1cc0f +mov dword [esi + 0x84], fcn_0001c9fc ; mov dword [esi + 0x84], 0x1c9fc +mov dword [esi + 0x88], fcn_00016ba4 ; mov dword [esi + 0x88], 0x16ba4 +mov dword [esi + 0x8c], fcn_00016bab ; mov dword [esi + 0x8c], 0x16bab +mov dword [esi + 0x90], fcn_00016bb3 ; mov dword [esi + 0x90], 0x16bb3 +mov dword [esi + 0x94], fcn_00016bdc ; mov dword [esi + 0x94], 0x16bdc +mov dword [esi + 0x98], fcn_000167ad ; mov dword [esi + 0x98], 0x167ad +mov dword [esi + 0x9c], fcn_00016822 ; mov dword [esi + 0x9c], 0x16822 +mov dword [esi + 0xa0], fcn_000175bc ; mov dword [esi + 0xa0], 0x175bc +mov dword [esi + 0xa4], fcn_000175c6 ; mov dword [esi + 0xa4], 0x175c6 +mov dword [esi + 0xa8], fcn_00016c50 ; mov dword [esi + 0xa8], 0x16c50 mov dword [eax + 9], ebx mov dword [eax + 0x1e], esi xor eax, eax @@ -49791,13 +49863,13 @@ mov byte [edx + 0x3f], 0xf mov byte [edx + 0x42], 0x14 mov word [edx + 0x50], 1 -loc_0001de05: +loc_0001dec9: mov byte [edx + eax + 9], 8 mov byte [edx + eax + 0x19], 7 mov byte [edx + eax + 0x29], 2 inc eax cmp eax, 0x10 -jne short loc_0001de05 ; jne 0x1de05 +jne short loc_0001dec9 ; jne 0x1dec9 mov eax, dword [ebp - 0x2c] mov byte [edx + 0x49], 0 mov byte [eax], 0 @@ -49805,11 +49877,11 @@ xor eax, eax mov byte [edx + 0x52], 0 mov byte [edx + 0x53], 0 -loc_0001de2e: +loc_0001def2: mov byte [edx + eax + 0x54], 8 inc eax cmp eax, 8 -jne short loc_0001de2e ; jne 0x1de2e +jne short loc_0001def2 ; jne 0x1def2 mov esi, dword [ebp - 0x30] sub esp, 0xc mov ecx, dword [ebp - 0x1c] @@ -49830,35 +49902,35 @@ mov byte [ecx + 0x22], 0 mov eax, dword [edi + 0x8f6] mov dword [ecx + 0x15], eax push dword [ebp - 0x20] -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 mov edx, ebx test al, al -je short loc_0001dee4 ; je 0x1dee4 +je short loc_0001dfa8 ; je 0x1dfa8 test ebx, ebx -jns short loc_0001dee4 ; jns 0x1dee4 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001dfa8 ; jns 0x1dfa8 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001deca ; je 0x1deca +je short loc_0001df8e ; je 0x1df8e push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001deca: +loc_0001df8e: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x237 -push ref_0002681d ; push 0x2681d -call fcn_000153fc ; call 0x153fc +push ref_000268cc ; push 0x268cc +call fcn_0001548c ; call 0x1548c add esp, 0x10 mov edx, ebx -loc_0001dee4: +loc_0001dfa8: lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -49867,64 +49939,64 @@ pop edi pop ebp ret -fcn_0001deee: +fcn_0001dfb2: push ebp mov ebp, esp push edi push esi push ebx sub esp, 0x1c -call fcn_00016380 ; call 0x16380 +call fcn_00016410 ; call 0x16410 mov esi, eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb sub esp, 0xc push 0x5ac mov dword [ebp - 0x1c], eax -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov ebx, eax test eax, eax -jne short loc_0001df47 ; jne 0x1df47 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001e00b ; jne 0x1e00b +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001df3d ; je 0x1df3d +je short loc_0001e001 ; je 0x1e001 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x129 -loc_0001df30: -push ref_00026920 ; push 0x26920 -call fcn_000153fc ; call 0x153fc +loc_0001dff4: +push ref_000269cf ; push 0x269cf +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001df3d: +loc_0001e001: mov edx, 0x80000009 -jmp near loc_0001e5b3 ; jmp 0x1e5b3 +jmp near loc_0001e677 ; jmp 0x1e677 -loc_0001df47: +loc_0001e00b: sub esp, 0xc push 0xc -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov dword [ebp - 0x20], eax test eax, eax -jne short loc_0001df71 ; jne 0x1df71 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001e035 ; jne 0x1e035 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001df3d ; je 0x1df3d +je short loc_0001e001 ; je 0x1e001 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x12f -jmp short loc_0001df30 ; jmp 0x1df30 +jmp short loc_0001dff4 ; jmp 0x1dff4 -loc_0001df71: +loc_0001e035: mov eax, dword [ebp - 0x20] xor edi, edi mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_0002912c ; mov dword [eax + 4], 0x2912c +mov dword [eax + 4], ref_000291dc ; mov dword [eax + 4], 0x291dc mov dword [eax + 8], ebx lea eax, [ebx + 0x284] -mov byte [ebx], 0xb +mov byte [ebx], 0xc mov byte [ebx + 1], 0 mov dword [ebx + 4], 0xfed1c000 mov dword [ebp - 0x24], eax @@ -49957,17 +50029,17 @@ or byte [ebx + 0x41e], 2 or byte [ebx + 0x424], 0x40 mov byte [ebx + 0x43c], 1 -loc_0001e04a: -call fcn_0001c11d ; call 0x1c11d +loc_0001e10e: +call fcn_0001c1e1 ; call 0x1c1e1 movzx eax, al cmp edi, eax -jae short loc_0001e064 ; jae 0x1e064 +jae short loc_0001e128 ; jae 0x1e128 imul eax, edi, 0x12 inc edi or byte [ebx + eax + 0x1e1], 0x40 -jmp short loc_0001e04a ; jmp 0x1e04a +jmp short loc_0001e10e ; jmp 0x1e10e -loc_0001e064: +loc_0001e128: mov al, byte [ebx + 0x436] xor ecx, ecx and byte [ebx + 0x426], 0xfe @@ -49978,12 +50050,12 @@ mov word [ebx + 0x43a], 0 mov byte [ebx + 0x436], al mov byte [ebx + 0x1a8], 1 -loc_0001e096: +loc_0001e15a: mov dword [ebp - 0x28], ecx -call fcn_0001c0fb ; call 0x1c0fb +call fcn_0001c1bf ; call 0x1c1bf mov ecx, dword [ebp - 0x28] cmp cl, al -jae short loc_0001e0ce ; jae 0x1e0ce +jae short loc_0001e192 ; jae 0x1e192 movzx eax, cl imul eax, eax, 0x2c add eax, ebx @@ -49997,9 +50069,9 @@ and edx, 0x7f mov byte [eax + 0x57], 3 mov byte [eax + 0x4e], 0 mov byte [eax + 0x46], dl -jmp short loc_0001e096 ; jmp 0x1e096 +jmp short loc_0001e15a ; jmp 0x1e15a -loc_0001e0ce: +loc_0001e192: or byte [ebx + 0x17a], 8 sub esp, 0xc and byte [ebx + 0x1aa], 0xfe @@ -50007,61 +50079,61 @@ mov byte [ebx + 0x1a6], 0 mov byte [ebx + 0x1a7], 0 mov byte [ebx + 0x1a9], 1 push 0xc -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 test eax, eax -jne short loc_0001e118 ; jne 0x1e118 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001e1dc ; jne 0x1e1dc +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001e17c ; je 0x1e17c +je short loc_0001e240 ; je 0x1e240 push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0xf8 -jmp short loc_0001e16f ; jmp 0x1e16f +jmp short loc_0001e233 ; jmp 0x1e233 -loc_0001e118: +loc_0001e1dc: sub esp, 0xc mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_0002906c ; mov dword [eax + 4], 0x2906c -mov dword [eax + 8], ref_00029698 ; mov dword [eax + 8], 0x29698 +mov dword [eax + 4], ref_0002911c ; mov dword [eax + 4], 0x2911c +mov dword [eax + 8], ref_00029748 ; mov dword [eax + 8], 0x29748 push eax -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov edi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001e17c ; je 0x1e17c +je short loc_0001e240 ; je 0x1e240 test edi, edi -jns short loc_0001e17c ; jns 0x1e17c -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001e240 ; jns 0x1e240 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001e164 ; je 0x1e164 +je short loc_0001e228 ; je 0x1e228 push eax push edi -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001e164: +loc_0001e228: push ecx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x101 -loc_0001e16f: -push ref_00026920 ; push 0x26920 -call fcn_000153fc ; call 0x153fc +loc_0001e233: +push ref_000269cf ; push 0x269cf +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001e17c: +loc_0001e240: mov dword [ebx + 0x1db], 1 xor edi, edi -loc_0001e188: -call fcn_0001c11d ; call 0x1c11d +loc_0001e24c: +call fcn_0001c1e1 ; call 0x1c1e1 mov edx, edi cmp dl, al -jae loc_0001e217 ; jae 0x1e217 +jae loc_0001e2db ; jae 0x1e2db mov eax, edi inc edi movzx eax, al @@ -50085,9 +50157,9 @@ mov byte [eax + 0x1ea], 0 mov byte [eax + 0x1eb], 0 mov byte [eax + 0x1ec], 0 and byte [ecx + 0x13], 0xf0 -jmp near loc_0001e188 ; jmp 0x1e188 +jmp near loc_0001e24c ; jmp 0x1e24c -loc_0001e217: +loc_0001e2db: mov al, byte [ebx + 0x24c] mov byte [ebx + 0x24b], 0x7e mov byte [ebx + 0x253], 0 @@ -50102,14 +50174,14 @@ mov byte [ebx + 0x258], 0 mov byte [ebx + 0x259], 0 mov byte [ebx + 0x25a], 0 mov byte [ebx + 0x25b], 0x64 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 mov byte [ebx + 0x38d], 4 push eax push 4 -push ref_00029600 ; push 0x29600 +push ref_000296b0 ; push 0x296b0 lea eax, [ebx + 0x38e] push eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e mov word [ebx + 0x36], 0x8086 mov word [ebx + 0x38], 0x7270 mov byte [ebx + 0x3b], 0 @@ -50138,7 +50210,7 @@ pop edx lea eax, [ebx + 0x57c] push eax push dword [ebp - 0x24] -call fcn_0001e5bd ; call 0x1e5bd +call fcn_0001e681 ; call 0x1e681 mov al, byte [ebx + 0x40e] add esp, 0x10 or eax, 3 @@ -50146,13 +50218,13 @@ and eax, 0xffffffc3 mov byte [ebx + 0x40e], al xor eax, eax -loc_0001e340: +loc_0001e404: and byte [ebx + eax*8 + 0x554], 0xfc mov word [ebx + eax*8 + 0x558], 0 mov word [ebx + eax*8 + 0x55a], 0 inc eax cmp eax, 5 -jne short loc_0001e340 ; jne 0x1e340 +jne short loc_0001e404 ; jne 0x1e404 mov al, byte [ebx + 0x46a] xor ecx, ecx mov byte [ebx + 0x364], 1 @@ -50170,46 +50242,46 @@ mov byte [ebx + 0x46a], al mov byte [ebx + 0x37f], 0 mov byte [ebx + 0x256], 1 -loc_0001e3cc: +loc_0001e490: mov dword [ebp - 0x24], ecx -call fcn_0001c0fb ; call 0x1c0fb +call fcn_0001c1bf ; call 0x1c1bf mov ecx, dword [ebp - 0x24] cmp cl, al -jae short loc_0001e3e9 ; jae 0x1e3e9 +jae short loc_0001e4ad ; jae 0x1e4ad movzx eax, cl inc ecx imul eax, eax, 0x2c mov byte [ebx + eax + 0x58], 1 -jmp short loc_0001e3cc ; jmp 0x1e3cc +jmp short loc_0001e490 ; jmp 0x1e490 -loc_0001e3e9: +loc_0001e4ad: and byte [ebx + 0x45e], 0xf7 xor ecx, ecx -loc_0001e3f2: +loc_0001e4b6: mov dword [ebp - 0x24], ecx -call fcn_0001c0fb ; call 0x1c0fb +call fcn_0001c1bf ; call 0x1c1bf mov ecx, dword [ebp - 0x24] cmp cl, al -jae short loc_0001e460 ; jae 0x1e460 +jae short loc_0001e524 ; jae 0x1e524 cmp dword [ebp - 0x1c], 2 movzx eax, cl -jne short loc_0001e41f ; jne 0x1e41f +jne short loc_0001e4e3 ; jne 0x1e4e3 imul esi, eax, 0x2c lea esi, [ebx + esi + 0x50] mov word [esi + 0xa], 0x1003 mov word [esi + 0xc], 0x1003 -jmp short loc_0001e438 ; jmp 0x1e438 +jmp short loc_0001e4fc ; jmp 0x1e4fc -loc_0001e41f: +loc_0001e4e3: cmp dword [ebp - 0x1c], 1 -jne short loc_0001e438 ; jne 0x1e438 +jne short loc_0001e4fc ; jne 0x1e4fc imul esi, eax, 0x2c lea esi, [ebx + esi + 0x50] mov word [esi + 0xa], 0x846 mov word [esi + 0xc], 0x846 -loc_0001e438: +loc_0001e4fc: imul eax, eax, 0x2c inc ecx add eax, ebx @@ -50220,9 +50292,9 @@ mov word [eax + 0x60], 0x3c mov byte [eax + 0x62], 2 mov byte [eax + 0x63], 2 mov word [eax + 0x64], 0x3c -jmp short loc_0001e3f2 ; jmp 0x1e3f2 +jmp short loc_0001e4b6 ; jmp 0x1e4b6 -loc_0001e460: +loc_0001e524: mov al, byte [ebx + 0x446] or byte [ebx + 0x442], 7 and byte [ebx + 0x45e], 0xf9 @@ -50233,7 +50305,7 @@ mov al, byte [ebx + 0x486] mov dword [ebx + 0x44a], 0 mov dword [ebx + 0x44e], 2 mov dword [ebx + 0x452], 4 -and eax, 0xffffffc1 +and eax, 1 or eax, 0x32 mov byte [ebx + 0x486], al mov al, byte [ebx + 0x49e] @@ -50246,74 +50318,74 @@ mov byte [ebx + 0x49e], al xor eax, eax mov byte [ebx + 0x10], 0xdd -loc_0001e4e3: +loc_0001e5a7: mov dword [ebx + eax*4 + 0x1ba], 0 inc eax cmp eax, 8 -jne short loc_0001e4e3 ; jne 0x1e4e3 +jne short loc_0001e5a7 ; jne 0x1e5a7 cmp dword [ebp - 0x1c], 2 lea eax, [ebx + 0x4de] lea esi, [ebx + 0x527] -jne short loc_0001e52e ; jne 0x1e52e +jne short loc_0001e5f2 ; jne 0x1e5f2 mov byte [ebx + 0x526], 5 push edi push 0x28 -push ref_00029640 ; push 0x29640 +push ref_000296f0 ; push 0x296f0 push eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e add esp, 0xc mov byte [ebx + 0x553], 9 push 0x24 -push ref_00029604 ; push 0x29604 -jmp short loc_0001e554 ; jmp 0x1e554 +push ref_000296b4 ; push 0x296b4 +jmp short loc_0001e618 ; jmp 0x1e618 -loc_0001e52e: +loc_0001e5f2: mov byte [ebx + 0x526], 6 push ecx push 0x30 -push ref_00029668 ; push 0x29668 +push ref_00029718 ; push 0x29718 push eax -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e add esp, 0xc mov byte [ebx + 0x553], 6 push 0x18 -push ref_00029628 ; push 0x29628 +push ref_000296d8 ; push 0x296d8 -loc_0001e554: +loc_0001e618: push esi -call fcn_0001707a ; call 0x1707a +call fcn_0001713e ; call 0x1713e add esp, 0x10 sub esp, 0xc push dword [ebp - 0x20] -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 mov edx, ebx test al, al -je short loc_0001e5b3 ; je 0x1e5b3 +je short loc_0001e677 ; je 0x1e677 test ebx, ebx -jns short loc_0001e5b3 ; jns 0x1e5b3 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001e677 ; jns 0x1e677 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001e599 ; je 0x1e599 +je short loc_0001e65d ; je 0x1e65d push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001e599: +loc_0001e65d: push eax -push ref_00020664 ; push 0x20664 -push 0x2d4 -push ref_00026920 ; push 0x26920 -call fcn_000153fc ; call 0x153fc +push ref_000206f4 ; push 0x206f4 +push 0x2d5 +push ref_000269cf ; push 0x269cf +call fcn_0001548c ; call 0x1548c add esp, 0x10 mov edx, ebx -loc_0001e5b3: +loc_0001e677: lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -50322,7 +50394,7 @@ pop edi pop ebp ret -fcn_0001e5bd: +fcn_0001e681: push ebp mov ebp, esp push edi @@ -50330,72 +50402,72 @@ push esi push ebx sub esp, 0x1c mov ebx, dword [ebp + 8] -call fcn_00016380 ; call 0x16380 +call fcn_00016410 ; call 0x16410 test ebx, ebx -jne short loc_0001e5f9 ; jne 0x1e5f9 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001e6bd ; jne 0x1e6bd +call fcn_00015480 ; call 0x15480 test al, al -je loc_0001ec65 ; je 0x1ec65 +je loc_0001ecf3 ; je 0x1ecf3 push edx -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x35 -push ref_0002693d ; push 0x2693d -call fcn_000153fc ; call 0x153fc +push ref_000269ec ; push 0x269ec +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp near loc_0001ec65 ; jmp 0x1ec65 +jmp near loc_0001ecf3 ; jmp 0x1ecf3 -loc_0001e5f9: +loc_0001e6bd: mov esi, eax -call fcn_0001bef7 ; call 0x1bef7 +call fcn_0001bfbb ; call 0x1bfbb mov edi, eax push eax push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a add eax, 2 mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 -xor edx, edx +xor ecx, ecx mov byte [ebx], 0 mov byte [ebx + 8], 0 mov byte [ebx + 0x11], 1 mov byte [ebx + 0x10], 1 mov byte [ebx + 0x13], 0 -mov ecx, eax +mov edx, eax mov byte [ebx + 0x12], 1 -loc_0001e637: -mov dword [ebp - 0x20], ecx -mov dword [ebp - 0x1c], edx -call fcn_0001c19d ; call 0x1c19d -mov edx, dword [ebp - 0x1c] -mov ecx, dword [ebp - 0x20] +loc_0001e6fb: +mov dword [ebp - 0x20], edx +mov dword [ebp - 0x1c], ecx +call fcn_0001c261 ; call 0x1c261 +mov ecx, dword [ebp - 0x1c] +mov edx, dword [ebp - 0x20] movzx eax, al -cmp edx, eax -jae short loc_0001e657 ; jae 0x1e657 -mov byte [ebx + edx + 0x14], 0 -inc edx -jmp short loc_0001e637 ; jmp 0x1e637 +cmp ecx, eax +jae short loc_0001e71b ; jae 0x1e71b +mov byte [ebx + ecx + 0x14], 0 +inc ecx +jmp short loc_0001e6fb ; jmp 0x1e6fb -loc_0001e657: -xor edx, edx +loc_0001e71b: +xor ecx, ecx -loc_0001e659: -mov dword [ebp - 0x20], ecx -mov dword [ebp - 0x1c], edx -call fcn_0001c234 ; call 0x1c234 -mov edx, dword [ebp - 0x1c] -mov ecx, dword [ebp - 0x20] +loc_0001e71d: +mov dword [ebp - 0x20], edx +mov dword [ebp - 0x1c], ecx +call fcn_0001c2f8 ; call 0x1c2f8 +mov ecx, dword [ebp - 0x1c] +mov edx, dword [ebp - 0x20] movzx eax, al -cmp edx, eax -jae short loc_0001e679 ; jae 0x1e679 -mov byte [ebx + edx + 0x22], 0 -inc edx -jmp short loc_0001e659 ; jmp 0x1e659 +cmp ecx, eax +jae short loc_0001e73d ; jae 0x1e73d +mov byte [ebx + ecx + 0x22], 0 +inc ecx +jmp short loc_0001e71d ; jmp 0x1e71d -loc_0001e679: +loc_0001e73d: mov byte [ebx + 0x28], 0 mov byte [ebx + 1], 0 mov byte [ebx + 9], 0 @@ -50550,353 +50622,330 @@ mov byte [ebx + 0x92], al mov al, byte [esi + 0x9f] mov byte [ebx + 0x9a], al cmp edi, 1 -jne loc_0001ea89 ; jne 0x1ea89 -mov eax, ecx +jne loc_0001eb4c ; jne 0x1eb4c +mov eax, edx and eax, 0xfffffff7 cmp ax, 0x8c44 -je short loc_0001e96f ; je 0x1e96f -mov edx, ecx -and edx, 0xfffffffb -cmp cx, 0x8c50 -jne short loc_0001e976 ; jne 0x1e976 +je short loc_0001ea33 ; je 0x1ea33 +mov ecx, edx +and ecx, 0xfffffffb +cmp dx, 0x8c50 +jne short loc_0001ea3a ; jne 0x1ea3a -loc_0001e96f: +loc_0001ea33: lea edi, [ebx + 0x2f] xor edx, edx -jmp short loc_0001e9c6 ; jmp 0x1e9c6 +jmp short loc_0001ea8a ; jmp 0x1ea8a -loc_0001e976: -cmp cx, 0x8c5c -je short loc_0001e96f ; je 0x1e96f -mov edi, ecx +loc_0001ea3a: +cmp dx, 0x8c5c +je short loc_0001ea33 ; je 0x1ea33 +mov edi, edx and edi, 0xfffffff3 cmp di, 0x8c42 -je short loc_0001e96f ; je 0x1e96f -cmp cx, 0x8cc4 -je short loc_0001e96f ; je 0x1e96f -cmp dx, 0x8cc2 -jne short loc_0001e9df ; jne 0x1e9df -jmp short loc_0001e96f ; jmp 0x1e96f - -loc_0001e999: +je short loc_0001ea33 ; je 0x1ea33 +cmp dx, 0x8cc4 +je short loc_0001ea33 ; je 0x1ea33 +cmp cx, 0x8cc2 +jne short loc_0001eaa3 ; jne 0x1eaa3 +jmp short loc_0001ea33 ; jmp 0x1ea33 + +loc_0001ea5d: cmp byte [edi + 3], 1 sbb eax, eax not eax add eax, 4 cmp byte [edi + 3], 0 mov byte [edi - 1], al -jne short loc_0001e9da ; jne 0x1e9da +jne short loc_0001ea9e ; jne 0x1ea9e mov ax, word [edi + 1] cmp ax, 0x7f -jbe short loc_0001e9da ; jbe 0x1e9da +jbe short loc_0001ea9e ; jbe 0x1ea9e cmp ax, 0x130 sbb eax, eax add eax, 4 mov byte [edi], al -loc_0001e9c2: +loc_0001ea86: inc edx add edi, 8 -loc_0001e9c6: +loc_0001ea8a: mov dword [ebp - 0x1c], edx -call fcn_0001c19d ; call 0x1c19d +call fcn_0001c261 ; call 0x1c261 mov edx, dword [ebp - 0x1c] movzx eax, al cmp edx, eax -jb short loc_0001e999 ; jb 0x1e999 -jmp short loc_0001ea0a ; jmp 0x1ea0a +jb short loc_0001ea5d ; jb 0x1ea5d +jmp short loc_0001eacd ; jmp 0x1eacd -loc_0001e9da: +loc_0001ea9e: mov byte [edi], 2 -jmp short loc_0001e9c2 ; jmp 0x1e9c2 +jmp short loc_0001ea86 ; jmp 0x1ea86 -loc_0001e9df: -cmp dx, 0x8c4b -je short loc_0001ea22 ; je 0x1ea22 +loc_0001eaa3: +cmp cx, 0x8c4b +je short loc_0001eae5 ; je 0x1eae5 cmp ax, 0x8c41 -je short loc_0001ea22 ; je 0x1ea22 -lea eax, [ecx + 0x63bf] +je short loc_0001eae5 ; je 0x1eae5 +lea eax, [edx + 0x63bf] cmp ax, 6 -jbe short loc_0001ea22 ; jbe 0x1ea22 -cmp cx, 0x8cc5 -je short loc_0001ea22 ; je 0x1ea22 -mov eax, ecx -and eax, 0xfffffffd -cmp ax, 0x8cc1 -je short loc_0001ea22 ; je 0x1ea22 +jbe short loc_0001eae5 ; jbe 0x1eae5 +cmp dx, 0x8cc5 +je short loc_0001eae5 ; je 0x1eae5 +and edx, 0xfffffffd +cmp dx, 0x8cc1 +je short loc_0001eae5 ; je 0x1eae5 -loc_0001ea0a: +loc_0001eacd: cmp dword [esi + 0x10], 0 -je loc_0001eb9c ; je 0x1eb9c +je loc_0001ec26 ; je 0x1ec26 mov byte [ebx], 1 xor edi, edi mov byte [ebx + 0x13], 1 -jmp near loc_0001eb6a ; jmp 0x1eb6a +jmp near loc_0001ebf4 ; jmp 0x1ebf4 -loc_0001ea22: +loc_0001eae5: lea edi, [ebx + 0x2f] xor edx, edx -loc_0001ea27: +loc_0001eaea: mov dword [ebp - 0x1c], edx -call fcn_0001c19d ; call 0x1c19d +call fcn_0001c261 ; call 0x1c261 mov edx, dword [ebp - 0x1c] movzx eax, al cmp edx, eax -jae short loc_0001ea0a ; jae 0x1ea0a +jae short loc_0001eacd ; jae 0x1eacd mov al, byte [edi + 3] cmp al, 5 -jne short loc_0001ea46 ; jne 0x1ea46 +jne short loc_0001eb09 ; jne 0x1eb09 mov byte [edi - 1], 5 -jmp short loc_0001ea61 ; jmp 0x1ea61 +jmp short loc_0001eb24 ; jmp 0x1eb24 -loc_0001ea46: +loc_0001eb09: cmp al, 2 -jne short loc_0001ea50 ; jne 0x1ea50 +jne short loc_0001eb13 ; jne 0x1eb13 mov byte [edi - 1], 4 -jmp short loc_0001ea6a ; jmp 0x1ea6a +jmp short loc_0001eb2d ; jmp 0x1eb2d -loc_0001ea50: +loc_0001eb13: cmp word [edi + 1], 0x70 sbb ecx, ecx add ecx, 6 mov byte [edi - 1], cl cmp al, 5 -jne short loc_0001ea66 ; jne 0x1ea66 +jne short loc_0001eb29 ; jne 0x1eb29 -loc_0001ea61: +loc_0001eb24: mov byte [edi], 2 -jmp short loc_0001ea83 ; jmp 0x1ea83 +jmp short loc_0001eb46 ; jmp 0x1eb46 -loc_0001ea66: +loc_0001eb29: cmp al, 2 -jne short loc_0001ea76 ; jne 0x1ea76 +jne short loc_0001eb39 ; jne 0x1eb39 -loc_0001ea6a: +loc_0001eb2d: cmp word [edi + 1], 0x50 sbb eax, eax add eax, 2 -jmp short loc_0001ea81 ; jmp 0x1ea81 +jmp short loc_0001eb44 ; jmp 0x1eb44 -loc_0001ea76: +loc_0001eb39: cmp word [edi + 1], 0x100 sbb eax, eax add eax, 3 -loc_0001ea81: +loc_0001eb44: mov byte [edi], al -loc_0001ea83: +loc_0001eb46: inc edx add edi, 8 -jmp short loc_0001ea27 ; jmp 0x1ea27 +jmp short loc_0001eaea ; jmp 0x1eaea -loc_0001ea89: +loc_0001eb4c: cmp edi, 2 -jne loc_0001ea0a ; jne 0x1ea0a -lea eax, [ecx + 0x63bf] +jne loc_0001eacd ; jne 0x1eacd +lea eax, [edx + 0x63bf] +xor ecx, ecx +mov word [ebp - 0x1c], ax +lea eax, [edx + 0x633f] +lea edi, [ebx + 0x2f] mov word [ebp - 0x20], ax -lea eax, [ecx + 0x633f] -lea edi, [ebx + 0x2e] -mov dword [ebp - 0x1c], 0 -mov word [ebp - 0x22], ax -loc_0001eab0: -mov dword [ebp - 0x28], ecx -call fcn_0001c19d ; call 0x1c19d -mov ecx, dword [ebp - 0x28] +loc_0001eb6e: +mov dword [ebp - 0x24], ecx +call fcn_0001c261 ; call 0x1c261 +mov ecx, dword [ebp - 0x24] movzx eax, al -cmp dword [ebp - 0x1c], eax -jae loc_0001ea0a ; jae 0x1ea0a -cmp word [ebp - 0x20], 6 -ja short loc_0001eaef ; ja 0x1eaef -mov al, byte [edi + 4] +cmp ecx, eax +jae loc_0001eacd ; jae 0x1eacd +cmp word [ebp - 0x1c], 6 +ja short loc_0001ebad ; ja 0x1ebad +mov al, byte [edi + 3] cmp al, 3 -je short loc_0001ead9 ; je 0x1ead9 +je short loc_0001eb96 ; je 0x1eb96 test al, al -jne short loc_0001eae5 ; jne 0x1eae5 +jne short loc_0001eba2 ; jne 0x1eba2 -loc_0001ead9: -cmp word [edi + 2], 0x70 +loc_0001eb96: +cmp word [edi + 1], 0x70 sbb eax, eax add eax, 6 -jmp short loc_0001eaed ; jmp 0x1eaed +jmp short loc_0001ebaa ; jmp 0x1ebaa -loc_0001eae5: +loc_0001eba2: cmp al, 2 setne al add eax, 4 -loc_0001eaed: -mov byte [edi], al - -loc_0001eaef: -cmp word [ebp - 0x22], 2 -jbe short loc_0001eafd ; jbe 0x1eafd -cmp cx, 0x9cc5 -jne short loc_0001eb00 ; jne 0x1eb00 - -loc_0001eafd: -mov byte [edi], 6 - -loc_0001eb00: -lea eax, [ecx + 0x633a] -cmp ax, 1 -jbe short loc_0001eb13 ; jbe 0x1eb13 -cmp cx, 0x9cc9 -jne short loc_0001eb2a ; jne 0x1eb2a - -loc_0001eb13: -cmp byte [edi + 4], 0 -jne short loc_0001eb27 ; jne 0x1eb27 -cmp word [edi + 2], 0x70 -sbb eax, eax -add eax, 7 -mov byte [edi], al -jmp short loc_0001eb2a ; jmp 0x1eb2a +loc_0001ebaa: +mov byte [edi - 1], al -loc_0001eb27: -mov byte [edi], 6 +loc_0001ebad: +cmp word [ebp - 0x20], 0xa +ja short loc_0001ebb8 ; ja 0x1ebb8 +mov byte [edi - 1], 6 -loc_0001eb2a: -mov al, byte [edi + 4] +loc_0001ebb8: +mov al, byte [edi + 3] mov dl, al and edx, 0xfffffffb cmp dl, 3 -je short loc_0001eb3b ; je 0x1eb3b +je short loc_0001ebc9 ; je 0x1ebc9 test al, al -jne short loc_0001eb48 ; jne 0x1eb48 +jne short loc_0001ebd6 ; jne 0x1ebd6 -loc_0001eb3b: -cmp word [edi + 2], 0x100 +loc_0001ebc9: +cmp word [edi + 1], 0x100 sbb eax, eax add eax, 3 -jmp short loc_0001eb56 ; jmp 0x1eb56 +jmp short loc_0001ebe4 ; jmp 0x1ebe4 -loc_0001eb48: +loc_0001ebd6: cmp al, 2 -jne short loc_0001eb5b ; jne 0x1eb5b -cmp word [edi + 2], 0x50 +jne short loc_0001ebe8 ; jne 0x1ebe8 +cmp word [edi + 1], 0x50 sbb eax, eax add eax, 2 -loc_0001eb56: -mov byte [edi + 1], al -jmp short loc_0001eb5f ; jmp 0x1eb5f +loc_0001ebe4: +mov byte [edi], al +jmp short loc_0001ebeb ; jmp 0x1ebeb -loc_0001eb5b: -mov byte [edi + 1], 2 +loc_0001ebe8: +mov byte [edi], 2 -loc_0001eb5f: -inc dword [ebp - 0x1c] +loc_0001ebeb: +inc ecx add edi, 8 -jmp near loc_0001eab0 ; jmp 0x1eab0 +jmp near loc_0001eb6e ; jmp 0x1eb6e -loc_0001eb6a: -call fcn_0001c19d ; call 0x1c19d +loc_0001ebf4: +call fcn_0001c261 ; call 0x1c261 movzx eax, al cmp edi, eax -jae short loc_0001eb7e ; jae 0x1eb7e +jae short loc_0001ec08 ; jae 0x1ec08 mov byte [ebx + edi + 0x14], 1 inc edi -jmp short loc_0001eb6a ; jmp 0x1eb6a +jmp short loc_0001ebf4 ; jmp 0x1ebf4 -loc_0001eb7e: +loc_0001ec08: mov byte [ebx + 0x15], 0 xor edi, edi -loc_0001eb84: -call fcn_0001c234 ; call 0x1c234 +loc_0001ec0e: +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp edi, eax -jae short loc_0001eb98 ; jae 0x1eb98 +jae short loc_0001ec22 ; jae 0x1ec22 mov byte [ebx + edi + 0x22], 1 inc edi -jmp short loc_0001eb84 ; jmp 0x1eb84 +jmp short loc_0001ec0e ; jmp 0x1ec0e -loc_0001eb98: +loc_0001ec22: mov byte [ebx + 0x23], 0 -loc_0001eb9c: +loc_0001ec26: xor ebx, ebx -loc_0001eb9e: -call fcn_0001c234 ; call 0x1c234 +loc_0001ec28: +call fcn_0001c2f8 ; call 0x1c2f8 movzx eax, al cmp ebx, eax -jae loc_0001ec65 ; jae 0x1ec65 +jae loc_0001ecf3 ; jae 0x1ecf3 mov dl, byte [esi + ebx + 0xb2] mov eax, dword [ebp + 0xc] mov ecx, dword [ebp + 0xc] test dl, dl mov al, byte [eax + ebx*8 + 4] -je short loc_0001ebcb ; je 0x1ebcb +je short loc_0001ec55 ; je 0x1ec55 mov byte [ecx + ebx*8], dl or eax, 1 -jmp short loc_0001ebd2 ; jmp 0x1ebd2 +jmp short loc_0001ec5c ; jmp 0x1ec5c -loc_0001ebcb: +loc_0001ec55: mov byte [ecx + ebx*8], 0 and eax, 0xfffffffe -loc_0001ebd2: +loc_0001ec5c: mov byte [ecx + ebx*8 + 4], al mov dl, byte [esi + ebx + 0xb8] mov eax, dword [ebp + 0xc] mov ecx, dword [ebp + 0xc] test dl, dl mov al, byte [eax + ebx*8 + 4] -je short loc_0001ebf4 ; je 0x1ebf4 +je short loc_0001ec7e ; je 0x1ec7e mov byte [ecx + ebx*8 + 1], dl or eax, 2 -jmp short loc_0001ebfc ; jmp 0x1ebfc +jmp short loc_0001ec86 ; jmp 0x1ec86 -loc_0001ebf4: +loc_0001ec7e: mov byte [ecx + ebx*8 + 1], 0 and eax, 0xfffffffd -loc_0001ebfc: +loc_0001ec86: mov byte [ecx + ebx*8 + 4], al mov dl, byte [esi + ebx + 0xbe] mov eax, dword [ebp + 0xc] mov ecx, dword [ebp + 0xc] test dl, dl mov al, byte [eax + ebx*8 + 4] -je short loc_0001ec1e ; je 0x1ec1e -mov byte [ecx + ebx*8 + 2], dl +je short loc_0001ecac ; je 0x1ecac or eax, 4 -jmp short loc_0001ec26 ; jmp 0x1ec26 +mov byte [ecx + ebx*8 + 2], dl +mov byte [ecx + ebx*8 + 4], al +jmp short loc_0001ecb8 ; jmp 0x1ecb8 -loc_0001ec1e: -mov byte [ecx + ebx*8 + 2], 0 +loc_0001ecac: and eax, 0xfffffffb - -loc_0001ec26: +mov byte [ecx + ebx*8 + 2], 0 mov byte [ecx + ebx*8 + 4], al + +loc_0001ecb8: mov dl, byte [esi + ebx + 0xc4] mov eax, dword [ebp + 0xc] test dl, dl mov al, byte [eax + ebx*8 + 4] -je short loc_0001ec50 ; je 0x1ec50 +je short loc_0001ecde ; je 0x1ecde mov ecx, dword [ebp + 0xc] lea edx, [edx + edx + 1] or eax, 8 mov byte [ecx + ebx*8 + 3], dl mov byte [ecx + ebx*8 + 4], al -jmp short loc_0001ec5f ; jmp 0x1ec5f +jmp short loc_0001eced ; jmp 0x1eced -loc_0001ec50: -mov edx, dword [ebp + 0xc] +loc_0001ecde: +mov ecx, dword [ebp + 0xc] and eax, 0xfffffff7 -mov byte [edx + ebx*8 + 3], 0 -mov byte [edx + ebx*8 + 4], al +mov byte [ecx + ebx*8 + 3], 0 +mov byte [ecx + ebx*8 + 4], al -loc_0001ec5f: +loc_0001eced: inc ebx -jmp near loc_0001eb9e ; jmp 0x1eb9e +jmp near loc_0001ec28 ; jmp 0x1ec28 -loc_0001ec65: +loc_0001ecf3: lea esp, [ebp - 0xc] pop ebx pop esi @@ -50904,7 +50953,7 @@ pop edi pop ebp ret -fcn_0001ec6d: +fcn_0001ecfb: push ebp mov ebp, esp push edi @@ -50912,116 +50961,116 @@ push esi push ebx sub esp, 0x28 push 0x15 -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov edi, eax test eax, eax -jne short loc_0001ec9d ; jne 0x1ec9d -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001ed2b ; jne 0x1ed2b +call fcn_00015480 ; call 0x15480 test al, al -je loc_0001ed1d ; je 0x1ed1d +je loc_0001edab ; je 0x1edab push eax -push ref_0002695a ; push 0x2695a +push ref_00026a09 ; push 0x26a09 push 0x34 -jmp short loc_0001ed10 ; jmp 0x1ed10 +jmp short loc_0001ed9e ; jmp 0x1ed9e -loc_0001ec9d: +loc_0001ed2b: sub esp, 0xc push 0xc -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov dword [ebp - 0x1c], eax test eax, eax -jne short loc_0001ecc4 ; jne 0x1ecc4 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001ed52 ; jne 0x1ed52 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001ed1d ; je 0x1ed1d +je short loc_0001edab ; je 0x1edab push eax -push ref_0002699c ; push 0x2699c +push ref_00026a4b ; push 0x26a4b push 0x3a -jmp short loc_0001ed10 ; jmp 0x1ed10 +jmp short loc_0001ed9e ; jmp 0x1ed9e -loc_0001ecc4: +loc_0001ed52: sub esp, 0xc push 5 -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 test eax, eax -jne short loc_0001ece8 ; jne 0x1ece8 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001ed76 ; jne 0x1ed76 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001ed1d ; je 0x1ed1d +je short loc_0001edab ; je 0x1edab push edi -push ref_000269c5 ; push 0x269c5 +push ref_00026a74 ; push 0x26a74 push 0x40 -jmp short loc_0001ed10 ; jmp 0x1ed10 +jmp short loc_0001ed9e ; jmp 0x1ed9e -loc_0001ece8: +loc_0001ed76: sub esp, 0xc push 0xc mov dword [ebp - 0x20], eax -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov edx, dword [ebp - 0x20] test eax, eax -jne short loc_0001ed27 ; jne 0x1ed27 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001edb5 ; jne 0x1edb5 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001ed1d ; je 0x1ed1d +je short loc_0001edab ; je 0x1edab push esi -push ref_000269df ; push 0x269df +push ref_00026a8e ; push 0x26a8e push 0x46 -loc_0001ed10: -push ref_0002697f ; push 0x2697f -call fcn_000153fc ; call 0x153fc +loc_0001ed9e: +push ref_00026a2e ; push 0x26a2e +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001ed1d: +loc_0001edab: mov edx, 0x80000009 -jmp near loc_0001eef3 ; jmp 0x1eef3 +jmp near loc_0001ef81 ; jmp 0x1ef81 -loc_0001ed27: +loc_0001edb5: sub esp, 0xc push 0x1d mov dword [ebp - 0x20], edx mov dword [ebp - 0x24], eax -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov edx, dword [ebp - 0x20] mov ecx, dword [ebp - 0x24] test eax, eax mov ebx, eax -jne short loc_0001ed59 ; jne 0x1ed59 -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001ede7 ; jne 0x1ede7 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001ed1d ; je 0x1ed1d +je short loc_0001edab ; je 0x1edab push ebx -push ref_000269fe ; push 0x269fe +push ref_00026aad ; push 0x26aad push 0x4c -jmp short loc_0001ed10 ; jmp 0x1ed10 +jmp short loc_0001ed9e ; jmp 0x1ed9e -loc_0001ed59: +loc_0001ede7: sub esp, 0xc push 0x13 mov dword [ebp - 0x24], ecx mov dword [ebp - 0x20], edx -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 add esp, 0x10 mov edx, dword [ebp - 0x20] mov ecx, dword [ebp - 0x24] test eax, eax mov esi, eax -jne short loc_0001ed8b ; jne 0x1ed8b -call fcn_000153f0 ; call 0x153f0 +jne short loc_0001ee19 ; jne 0x1ee19 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001ed1d ; je 0x1ed1d +je short loc_0001edab ; je 0x1edab push ecx -push ref_00026907 ; push 0x26907 +push ref_000269b6 ; push 0x269b6 push 0x52 -jmp short loc_0001ed10 ; jmp 0x1ed10 +jmp short loc_0001ed9e ; jmp 0x1ed9e -loc_0001ed8b: +loc_0001ee19: mov dword [edi + 9], ecx mov byte [edi], 0xa mov dword [edi + 1], edx @@ -51051,27 +51100,27 @@ mov byte [ebx + 0xa], 0 mov byte [ebx + 0xb], 1 mov byte [ebx + 0xc], 0 mov byte [ebx + 0xd], 1 -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 cmp eax, 0x40650 -jne short loc_0001ee2f ; jne 0x1ee2f +jne short loc_0001eebd ; jne 0x1eebd -loc_0001ee0d: +loc_0001ee9b: mov byte [ebx + 0xe], 1 -call fcn_0001c58d ; call 0x1c58d +call fcn_0001c651 ; call 0x1c651 mov byte [ebx + 0x10], 0 mov byte [ebx + 0x16], 1 cmp eax, 0x306d0 setne al lea eax, [eax + eax*4 + 0x6a] mov byte [ebx + 0xf], al -jmp short loc_0001ee3b ; jmp 0x1ee3b +jmp short loc_0001eec9 ; jmp 0x1eec9 -loc_0001ee2f: -call fcn_0001c58d ; call 0x1c58d +loc_0001eebd: +call fcn_0001c651 ; call 0x1c651 cmp eax, 0x306d0 -je short loc_0001ee0d ; je 0x1ee0d +je short loc_0001ee9b ; je 0x1ee9b -loc_0001ee3b: +loc_0001eec9: mov eax, dword [ebp - 0x1c] sub esp, 0xc mov byte [ebx + 0x17], 0x14 @@ -51091,38 +51140,38 @@ mov word [esi + 0xe], 0 mov word [esi + 0x10], 0 mov byte [esi + 0x12], 0 mov dword [eax], 0x80000010 -mov dword [eax + 4], ref_000291dc ; mov dword [eax + 4], 0x291dc +mov dword [eax + 4], ref_0002928c ; mov dword [eax + 4], 0x2928c mov dword [eax + 8], edi push eax -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 mov edx, ebx test al, al -je short loc_0001eef3 ; je 0x1eef3 +je short loc_0001ef81 ; je 0x1ef81 test ebx, ebx -jns short loc_0001eef3 ; jns 0x1eef3 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001ef81 ; jns 0x1ef81 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001eed9 ; je 0x1eed9 +je short loc_0001ef67 ; je 0x1ef67 push edx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001eed9: +loc_0001ef67: push eax -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0xb3 -push ref_0002697f ; push 0x2697f -call fcn_000153fc ; call 0x153fc +push ref_00026a2e ; push 0x26a2e +call fcn_0001548c ; call 0x1548c add esp, 0x10 mov edx, ebx -loc_0001eef3: +loc_0001ef81: lea esp, [ebp - 0xc] mov eax, edx pop ebx @@ -51131,103 +51180,103 @@ pop edi pop ebp ret -fcn_0001eefd: +fcn_0001ef8b: push ebp mov ebp, esp push esi push ebx sub esp, 0xc push 2 -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov esi, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001ef28 ; je 0x1ef28 +je short loc_0001efb6 ; je 0x1efb6 test esi, esi -jne short loc_0001ef2c ; jne 0x1ef2c +jne short loc_0001efba ; jne 0x1efba push esi -push ref_00026a1e ; push 0x26a1e +push ref_00026acd ; push 0x26acd push 0x2d -jmp short loc_0001ef50 ; jmp 0x1ef50 +jmp short loc_0001efde ; jmp 0x1efde -loc_0001ef28: +loc_0001efb6: test esi, esi -je short loc_0001ef5d ; je 0x1ef5d +je short loc_0001efeb ; je 0x1efeb -loc_0001ef2c: +loc_0001efba: sub esp, 0xc push 0xc -call fcn_00019cf2 ; call 0x19cf2 +call fcn_00019db6 ; call 0x19db6 mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001ef64 ; je 0x1ef64 +je short loc_0001eff2 ; je 0x1eff2 test ebx, ebx -jne short loc_0001ef68 ; jne 0x1ef68 +jne short loc_0001eff6 ; jne 0x1eff6 push ebx -push ref_00026a5e ; push 0x26a5e +push ref_00026b0d ; push 0x26b0d push 0x33 -loc_0001ef50: -push ref_00026a42 ; push 0x26a42 -call fcn_000153fc ; call 0x153fc +loc_0001efde: +push ref_00026af1 ; push 0x26af1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001ef5d: +loc_0001efeb: mov ebx, 0x80000009 -jmp short loc_0001efe2 ; jmp 0x1efe2 +jmp short loc_0001f070 ; jmp 0x1f070 -loc_0001ef64: +loc_0001eff2: test ebx, ebx -je short loc_0001ef5d ; je 0x1ef5d +je short loc_0001efeb ; je 0x1efeb -loc_0001ef68: +loc_0001eff6: sub esp, 0xc mov dword [ebx], 0x80000010 -mov dword [ebx + 4], ref_0002915c ; mov dword [ebx + 4], 0x2915c +mov dword [ebx + 4], ref_0002920c ; mov dword [ebx + 4], 0x2920c mov byte [esi], 1 mov dword [ebx + 8], esi push ebx -call fcn_00019667 ; call 0x19667 +call fcn_0001972b ; call 0x1972b mov ebx, eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001efc8 ; je 0x1efc8 +je short loc_0001f056 ; je 0x1f056 test ebx, ebx -jns short loc_0001efc8 ; jns 0x1efc8 -call fcn_000153e9 ; call 0x153e9 +jns short loc_0001f056 ; jns 0x1f056 +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001efb3 ; je 0x1efb3 +je short loc_0001f041 ; je 0x1f041 push ecx push ebx -push ref_00020643 ; push 0x20643 +push ref_000206d3 ; push 0x206d3 push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001efb3: +loc_0001f041: push edx -push ref_00020664 ; push 0x20664 +push ref_000206f4 ; push 0x206f4 push 0x4e -push ref_00026a42 ; push 0x26a42 -call fcn_000153fc ; call 0x153fc +push ref_00026af1 ; push 0x26af1 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001efc8: -call fcn_000153e9 ; call 0x153e9 +loc_0001f056: +call fcn_00015479 ; call 0x15479 test al, al -je short loc_0001efe2 ; je 0x1efe2 +je short loc_0001f070 ; je 0x1f070 push eax push eax -push ref_00026a86 ; push 0x26a86 +push ref_00026b35 ; push 0x26b35 push 0x40 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_0001efe2: +loc_0001f070: lea esp, [ebp - 8] mov eax, ebx pop ebx @@ -51235,7 +51284,7 @@ pop esi pop ebp ret -fcn_0001efeb: +fcn_0001f079: push ebp mov ebp, esp push edi @@ -51246,23 +51295,23 @@ mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 8] mov edi, dword [ebp + 0x10] test esi, esi -je short loc_0001f044 ; je 0x1f044 -call fcn_000153f0 ; call 0x153f0 +je short loc_0001f0d2 ; je 0x1f0d2 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f02a ; je 0x1f02a +je short loc_0001f0b8 ; je 0x1f0b8 mov eax, ebx lea edx, [esi - 1] not eax cmp edx, eax -jbe short loc_0001f02a ; jbe 0x1f02a +jbe short loc_0001f0b8 ; jbe 0x1f0b8 push eax -push ref_00026aac ; push 0x26aac +push ref_00026b5b ; push 0x26b5b push 0x36 -push ref_00026ad9 ; push 0x26ad9 -call fcn_000153fc ; call 0x153fc +push ref_00026b88 ; push 0x26b88 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f02a: +loc_0001f0b8: mov eax, edi movzx edi, al mov dword [ebp + 0x10], edi @@ -51273,9 +51322,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_0001f127 ; jmp 0x1f127 +jmp near loc_0001f1b5 ; jmp 0x1f1b5 -loc_0001f044: +loc_0001f0d2: lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -51284,13 +51333,13 @@ pop edi pop ebp ret -fcn_0001f04e: ; not directly referenced +fcn_0001f0dc: ; not directly referenced push ebp mov ebp, esp pop ebp -jmp near fcn_0001f057 ; jmp 0x1f057 +jmp near fcn_0001f0e5 ; jmp 0x1f0e5 -fcn_0001f057: ; not directly referenced +fcn_0001f0e5: ; not directly referenced push ebp mov ebp, esp push edi @@ -51301,62 +51350,62 @@ mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 8] mov edi, dword [ebp + 0x10] test esi, esi -je loc_0001f11d ; je 0x1f11d -call fcn_000153f0 ; call 0x153f0 +je loc_0001f1ab ; je 0x1f1ab +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f093 ; je 0x1f093 +je short loc_0001f121 ; je 0x1f121 test ebx, ebx -jne short loc_0001f093 ; jne 0x1f093 +jne short loc_0001f121 ; jne 0x1f121 push eax -push ref_000260eb ; push 0x260eb +push ref_0002619a ; push 0x2619a push 0x3a -push ref_00026b1e ; push 0x26b1e -call fcn_000153fc ; call 0x153fc +push ref_00026bcd ; push 0x26bcd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f093: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f121: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f0bc ; je 0x1f0bc +je short loc_0001f14a ; je 0x1f14a mov eax, ebx lea edx, [esi - 1] not eax cmp edx, eax -jbe short loc_0001f0bc ; jbe 0x1f0bc +jbe short loc_0001f14a ; jbe 0x1f14a push ecx -push ref_00026aac ; push 0x26aac +push ref_00026b5b ; push 0x26b5b push 0x3b -push ref_00026b1e ; push 0x26b1e -call fcn_000153fc ; call 0x153fc +push ref_00026bcd ; push 0x26bcd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f0bc: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f14a: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f0df ; je 0x1f0df +je short loc_0001f16d ; je 0x1f16d test bl, 3 -je short loc_0001f0df ; je 0x1f0df +je short loc_0001f16d ; je 0x1f16d push edx -push ref_00026b65 ; push 0x26b65 +push ref_00026c14 ; push 0x26c14 push 0x3c -push ref_00026b1e ; push 0x26b1e -call fcn_000153fc ; call 0x153fc +push ref_00026bcd ; push 0x26bcd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f0df: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f16d: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f105 ; je 0x1f105 +je short loc_0001f193 ; je 0x1f193 test esi, 3 -je short loc_0001f105 ; je 0x1f105 +je short loc_0001f193 ; je 0x1f193 push eax -push ref_00026b93 ; push 0x26b93 +push ref_00026c42 ; push 0x26c42 push 0x3d -push ref_00026b1e ; push 0x26b1e -call fcn_000153fc ; call 0x153fc +push ref_00026bcd ; push 0x26bcd +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f105: ; not directly referenced +loc_0001f193: ; not directly referenced shr esi, 2 mov dword [ebp + 0x10], edi mov dword [ebp + 0xc], esi @@ -51366,9 +51415,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_0001f152 ; jmp 0x1f152 +jmp near loc_0001f1e0 ; jmp 0x1f1e0 -loc_0001f11d: ; not directly referenced +loc_0001f1ab: ; not directly referenced lea esp, [ebp - 0xc] mov eax, ebx pop ebx @@ -51377,7 +51426,7 @@ pop edi pop ebp ret -loc_0001f127: +loc_0001f1b5: push edi mov ecx, dword [esp + 0xc] mov al, byte [esp + 0x10] @@ -51395,7 +51444,7 @@ mov eax, dword [esp + 8] pop edi ret -loc_0001f152: ; not directly referenced +loc_0001f1e0: ; not directly referenced push edi mov eax, dword [esp + 0x10] mov edi, dword [esp + 8] @@ -51405,7 +51454,7 @@ mov eax, dword [esp + 8] pop edi ret -fcn_0001f167: ; not directly referenced +fcn_0001f1f5: ; not directly referenced push ebp mov eax, 0xfffffffe mov ebp, esp @@ -51418,13 +51467,13 @@ pop ebp shr eax, cl ret -fcn_0001f180: +fcn_0001f20e: push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f1b8 ; je 0x1f1b8 +je short loc_0001f246 ; je 0x1f246 mov ecx, dword [ebp + 0x10] mov eax, dword [ebp + 0x14] sub ecx, dword [ebp + 0xc] @@ -51432,15 +51481,15 @@ shr eax, cl mov edx, eax and edx, 1 cmp eax, edx -je short loc_0001f1b8 ; je 0x1f1b8 +je short loc_0001f246 ; je 0x1f246 push eax -push ref_00026bb8 ; push 0x26bb8 +push ref_00026c67 ; push 0x26c67 push 0x4d -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f1b8: +loc_0001f246: mov cl, byte [ebp + 0x10] mov eax, 0xfffffffe mov edx, dword [ebp + 0x14] @@ -51453,13 +51502,13 @@ or eax, dword [ebp + 8] leave ret -fcn_0001f1d3: +fcn_0001f261: push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f20b ; je 0x1f20b +je short loc_0001f299 ; je 0x1f299 mov ecx, dword [ebp + 0x10] mov eax, dword [ebp + 0x14] sub ecx, dword [ebp + 0xc] @@ -51467,15 +51516,15 @@ shr eax, cl mov edx, eax and edx, 1 cmp eax, edx -je short loc_0001f20b ; je 0x1f20b +je short loc_0001f299 ; je 0x1f299 push eax -push ref_00026c35 ; push 0x26c35 +push ref_00026ce4 ; push 0x26ce4 push 0x77 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f20b: +loc_0001f299: mov cl, byte [ebp + 0x10] mov edx, 0xfffffffe mov eax, dword [ebp + 0x14] @@ -51489,39 +51538,39 @@ and eax, dword [ebp + 8] leave ret -fcn_0001f228: ; not directly referenced +fcn_0001f2b6: ; not directly referenced push ebp mov ebp, esp push ebx push ecx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f257 ; je 0x1f257 +je short loc_0001f2e5 ; je 0x1f2e5 cmp dword [ebp + 0x10], 7 -jbe short loc_0001f257 ; jbe 0x1f257 +jbe short loc_0001f2e5 ; jbe 0x1f2e5 push edx -push ref_00026c80 ; push 0x26c80 +push ref_00026d2f ; push 0x26d2f push 0x9b -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f257: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f2e5: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f280 ; je 0x1f280 +je short loc_0001f30e ; je 0x1f30e mov eax, dword [ebp + 0x10] cmp dword [ebp + 0xc], eax -jbe short loc_0001f280 ; jbe 0x1f280 +jbe short loc_0001f30e ; jbe 0x1f30e push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x9c -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f280: ; not directly referenced +loc_0001f30e: ; not directly referenced mov cl, byte [ebp + 0x10] mov eax, 0xfffffffe movzx ebx, bl @@ -51534,7 +51583,7 @@ leave shr eax, cl ret -fcn_0001f29b: ; not directly referenced +fcn_0001f329: ; not directly referenced push ebp mov ebp, esp push edi @@ -51544,32 +51593,32 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f2d3 ; je 0x1f2d3 +je short loc_0001f361 ; je 0x1f361 cmp ebx, 7 -jbe short loc_0001f2d3 ; jbe 0x1f2d3 +jbe short loc_0001f361 ; jbe 0x1f361 push edx -push ref_00026c80 ; push 0x26c80 +push ref_00026d2f ; push 0x26d2f push 0xe6 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f2d3: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f361: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f2f9 ; je 0x1f2f9 +je short loc_0001f387 ; je 0x1f387 cmp dword [ebp + 0xc], ebx -jbe short loc_0001f2f9 ; jbe 0x1f2f9 +jbe short loc_0001f387 ; jbe 0x1f387 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0xe7 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f2f9: ; not directly referenced +loc_0001f387: ; not directly referenced mov eax, edi movzx edi, al mov eax, esi @@ -51578,7 +51627,7 @@ movzx esi, al push ebx push dword [ebp + 0xc] push esi -call fcn_0001f180 ; call 0x1f180 +call fcn_0001f20e ; call 0x1f20e lea esp, [ebp - 0xc] pop ebx pop esi @@ -51586,7 +51635,7 @@ pop edi pop ebp ret -fcn_0001f316: ; not directly referenced +fcn_0001f3a4: ; not directly referenced push ebp mov ebp, esp push edi @@ -51596,32 +51645,32 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f34e ; je 0x1f34e +je short loc_0001f3dc ; je 0x1f3dc cmp ebx, 7 -jbe short loc_0001f34e ; jbe 0x1f34e +jbe short loc_0001f3dc ; jbe 0x1f3dc push edx -push ref_00026c80 ; push 0x26c80 +push ref_00026d2f ; push 0x26d2f push 0x10c -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f34e: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f3dc: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f374 ; je 0x1f374 +je short loc_0001f402 ; je 0x1f402 cmp dword [ebp + 0xc], ebx -jbe short loc_0001f374 ; jbe 0x1f374 +jbe short loc_0001f402 ; jbe 0x1f402 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x10d -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f374: ; not directly referenced +loc_0001f402: ; not directly referenced mov eax, edi movzx edi, al mov eax, esi @@ -51630,7 +51679,7 @@ movzx esi, al push ebx push dword [ebp + 0xc] push esi -call fcn_0001f1d3 ; call 0x1f1d3 +call fcn_0001f261 ; call 0x1f261 lea esp, [ebp - 0xc] pop ebx pop esi @@ -51638,7 +51687,7 @@ pop edi pop ebp ret -fcn_0001f391: ; not directly referenced +fcn_0001f41f: ; not directly referenced push ebp mov ebp, esp push edi @@ -51652,32 +51701,32 @@ mov edi, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0x18] mov dword [ebp - 0x20], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f3d5 ; je 0x1f3d5 +je short loc_0001f463 ; je 0x1f463 cmp ebx, 7 -jbe short loc_0001f3d5 ; jbe 0x1f3d5 +jbe short loc_0001f463 ; jbe 0x1f463 push edx -push ref_00026c80 ; push 0x26c80 +push ref_00026d2f ; push 0x26d2f push 0x136 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f3d5: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f463: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f3fa ; je 0x1f3fa +je short loc_0001f488 ; je 0x1f488 cmp esi, ebx -jbe short loc_0001f3fa ; jbe 0x1f3fa +jbe short loc_0001f488 ; jbe 0x1f488 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x137 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f3fa: ; not directly referenced +loc_0001f488: ; not directly referenced mov eax, edi movzx edi, al movzx eax, byte [ebp - 0x1c] @@ -51685,7 +51734,7 @@ push edi push ebx push esi push eax -call fcn_0001f316 ; call 0x1f316 +call fcn_0001f3a4 ; call 0x1f3a4 movzx edx, byte [ebp - 0x20] add esp, 0x10 mov dword [ebp + 0x10], ebx @@ -51698,9 +51747,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001f29b ; jmp 0x1f29b +jmp near fcn_0001f329 ; jmp 0x1f329 -fcn_0001f42e: ; not directly referenced +fcn_0001f4bc: ; not directly referenced push ebp mov ebp, esp push edi @@ -51710,32 +51759,32 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f466 ; je 0x1f466 +je short loc_0001f4f4 ; je 0x1f4f4 cmp ebx, 7 -jbe short loc_0001f466 ; jbe 0x1f466 +jbe short loc_0001f4f4 ; jbe 0x1f4f4 push edx -push ref_00026c80 ; push 0x26c80 +push ref_00026d2f ; push 0x26d2f push 0xc0 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f466: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f4f4: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f48c ; je 0x1f48c +je short loc_0001f51a ; je 0x1f51a cmp dword [ebp + 0xc], ebx -jbe short loc_0001f48c ; jbe 0x1f48c +jbe short loc_0001f51a ; jbe 0x1f51a push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0xc1 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f48c: ; not directly referenced +loc_0001f51a: ; not directly referenced mov eax, edi sub esp, 0xc movzx edi, al @@ -51746,7 +51795,7 @@ push 0 push ebx push dword [ebp + 0xc] push esi -call fcn_0001f391 ; call 0x1f391 +call fcn_0001f41f ; call 0x1f41f lea esp, [ebp - 0xc] pop ebx pop esi @@ -51754,39 +51803,39 @@ pop edi pop ebp ret -fcn_0001f4ae: ; not directly referenced +fcn_0001f53c: ; not directly referenced push ebp mov ebp, esp push ebx push ecx mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f4dd ; je 0x1f4dd +je short loc_0001f56b ; je 0x1f56b cmp dword [ebp + 0x10], 0xf -jbe short loc_0001f4dd ; jbe 0x1f4dd +jbe short loc_0001f56b ; jbe 0x1f56b push edx -push ref_00026c8b ; push 0x26c8b +push ref_00026d3a ; push 0x26d3a push 0x15b -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f4dd: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f56b: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f506 ; je 0x1f506 +je short loc_0001f594 ; je 0x1f594 mov eax, dword [ebp + 0x10] cmp dword [ebp + 0xc], eax -jbe short loc_0001f506 ; jbe 0x1f506 +jbe short loc_0001f594 ; jbe 0x1f594 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x15c -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f506: ; not directly referenced +loc_0001f594: ; not directly referenced mov cl, byte [ebp + 0x10] mov eax, 0xfffffffe movzx ebx, bx @@ -51799,7 +51848,7 @@ leave shr eax, cl ret -fcn_0001f521: ; not directly referenced +fcn_0001f5af: ; not directly referenced push ebp mov ebp, esp push edi @@ -51809,39 +51858,39 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f559 ; je 0x1f559 +je short loc_0001f5e7 ; je 0x1f5e7 cmp ebx, 0xf -jbe short loc_0001f559 ; jbe 0x1f559 +jbe short loc_0001f5e7 ; jbe 0x1f5e7 push edx -push ref_00026c8b ; push 0x26c8b +push ref_00026d3a ; push 0x26d3a push 0x1a6 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f559: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f5e7: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f57f ; je 0x1f57f +je short loc_0001f60d ; je 0x1f60d cmp dword [ebp + 0xc], ebx -jbe short loc_0001f57f ; jbe 0x1f57f +jbe short loc_0001f60d ; jbe 0x1f60d push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x1a7 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f57f: ; not directly referenced +loc_0001f60d: ; not directly referenced movzx edi, di movzx esi, si push edi push ebx push dword [ebp + 0xc] push esi -call fcn_0001f180 ; call 0x1f180 +call fcn_0001f20e ; call 0x1f20e lea esp, [ebp - 0xc] pop ebx pop esi @@ -51849,7 +51898,7 @@ pop edi pop ebp ret -fcn_0001f598: ; not directly referenced +fcn_0001f626: ; not directly referenced push ebp mov ebp, esp push edi @@ -51859,39 +51908,39 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f5d0 ; je 0x1f5d0 +je short loc_0001f65e ; je 0x1f65e cmp ebx, 0xf -jbe short loc_0001f5d0 ; jbe 0x1f5d0 +jbe short loc_0001f65e ; jbe 0x1f65e push edx -push ref_00026c8b ; push 0x26c8b +push ref_00026d3a ; push 0x26d3a push 0x1cc -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f5d0: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f65e: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f5f6 ; je 0x1f5f6 +je short loc_0001f684 ; je 0x1f684 cmp dword [ebp + 0xc], ebx -jbe short loc_0001f5f6 ; jbe 0x1f5f6 +jbe short loc_0001f684 ; jbe 0x1f684 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x1cd -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f5f6: ; not directly referenced +loc_0001f684: ; not directly referenced movzx edi, di movzx esi, si push edi push ebx push dword [ebp + 0xc] push esi -call fcn_0001f1d3 ; call 0x1f1d3 +call fcn_0001f261 ; call 0x1f261 lea esp, [ebp - 0xc] pop ebx pop esi @@ -51899,7 +51948,7 @@ pop edi pop ebp ret -fcn_0001f60f: ; not directly referenced +fcn_0001f69d: ; not directly referenced push ebp mov ebp, esp push edi @@ -51913,39 +51962,39 @@ mov edi, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0x18] mov dword [ebp - 0x20], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f653 ; je 0x1f653 +je short loc_0001f6e1 ; je 0x1f6e1 cmp ebx, 0xf -jbe short loc_0001f653 ; jbe 0x1f653 +jbe short loc_0001f6e1 ; jbe 0x1f6e1 push edx -push ref_00026c8b ; push 0x26c8b +push ref_00026d3a ; push 0x26d3a push 0x1f6 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f653: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f6e1: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f678 ; je 0x1f678 +je short loc_0001f706 ; je 0x1f706 cmp esi, ebx -jbe short loc_0001f678 ; jbe 0x1f678 +jbe short loc_0001f706 ; jbe 0x1f706 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x1f7 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f678: ; not directly referenced +loc_0001f706: ; not directly referenced movzx eax, word [ebp - 0x1c] movzx edi, di push edi push ebx push esi push eax -call fcn_0001f598 ; call 0x1f598 +call fcn_0001f626 ; call 0x1f626 movzx edx, word [ebp - 0x20] add esp, 0x10 mov dword [ebp + 0x10], ebx @@ -51958,9 +52007,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001f521 ; jmp 0x1f521 +jmp near fcn_0001f5af ; jmp 0x1f5af -fcn_0001f6aa: ; not directly referenced +fcn_0001f738: ; not directly referenced push ebp mov ebp, esp push edi @@ -51970,32 +52019,32 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f6e2 ; je 0x1f6e2 +je short loc_0001f770 ; je 0x1f770 cmp ebx, 0xf -jbe short loc_0001f6e2 ; jbe 0x1f6e2 +jbe short loc_0001f770 ; jbe 0x1f770 push edx -push ref_00026c8b ; push 0x26c8b +push ref_00026d3a ; push 0x26d3a push 0x180 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f6e2: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f770: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f708 ; je 0x1f708 +je short loc_0001f796 ; je 0x1f796 cmp dword [ebp + 0xc], ebx -jbe short loc_0001f708 ; jbe 0x1f708 +jbe short loc_0001f796 ; jbe 0x1f796 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x181 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f708: ; not directly referenced +loc_0001f796: ; not directly referenced sub esp, 0xc movzx edi, di push edi @@ -52004,7 +52053,7 @@ push 0 push ebx push dword [ebp + 0xc] push esi -call fcn_0001f60f ; call 0x1f60f +call fcn_0001f69d ; call 0x1f69d lea esp, [ebp - 0xc] pop ebx pop esi @@ -52012,37 +52061,37 @@ pop edi pop ebp ret -fcn_0001f726: ; not directly referenced +fcn_0001f7b4: ; not directly referenced push ebp mov ebp, esp sub esp, 8 -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f753 ; je 0x1f753 +je short loc_0001f7e1 ; je 0x1f7e1 cmp dword [ebp + 0x10], 0x1f -jbe short loc_0001f753 ; jbe 0x1f753 +jbe short loc_0001f7e1 ; jbe 0x1f7e1 push edx -push ref_00026c97 ; push 0x26c97 +push ref_00026d46 ; push 0x26d46 push 0x21b -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f753: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001f7e1: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f77c ; je 0x1f77c +je short loc_0001f80a ; je 0x1f80a mov eax, dword [ebp + 0x10] cmp dword [ebp + 0xc], eax -jbe short loc_0001f77c ; jbe 0x1f77c +jbe short loc_0001f80a ; jbe 0x1f80a push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x21c -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f77c: ; not directly referenced +loc_0001f80a: ; not directly referenced mov cl, byte [ebp + 0x10] mov eax, 0xfffffffe shl eax, cl @@ -52053,7 +52102,7 @@ leave shr eax, cl ret -fcn_0001f792: +fcn_0001f820: push ebp mov ebp, esp push edi @@ -52065,32 +52114,32 @@ mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f7d0 ; je 0x1f7d0 +je short loc_0001f85e ; je 0x1f85e cmp ebx, 0x1f -jbe short loc_0001f7d0 ; jbe 0x1f7d0 +jbe short loc_0001f85e ; jbe 0x1f85e push edx -push ref_00026c97 ; push 0x26c97 +push ref_00026d46 ; push 0x26d46 push 0x266 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f7d0: -call fcn_000153f0 ; call 0x153f0 +loc_0001f85e: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f7f5 ; je 0x1f7f5 +je short loc_0001f883 ; je 0x1f883 cmp esi, ebx -jbe short loc_0001f7f5 ; jbe 0x1f7f5 +jbe short loc_0001f883 ; jbe 0x1f883 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x267 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f7f5: +loc_0001f883: mov eax, dword [ebp - 0x1c] mov dword [ebp + 0x14], edi mov dword [ebp + 0x10], ebx @@ -52101,9 +52150,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001f180 ; jmp 0x1f180 +jmp near fcn_0001f20e ; jmp 0x1f20e -fcn_0001f810: +fcn_0001f89e: push ebp mov ebp, esp push edi @@ -52115,32 +52164,32 @@ mov esi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] mov edi, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f84e ; je 0x1f84e +je short loc_0001f8dc ; je 0x1f8dc cmp ebx, 0x1f -jbe short loc_0001f84e ; jbe 0x1f84e +jbe short loc_0001f8dc ; jbe 0x1f8dc push edx -push ref_00026c97 ; push 0x26c97 +push ref_00026d46 ; push 0x26d46 push 0x28c -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f84e: -call fcn_000153f0 ; call 0x153f0 +loc_0001f8dc: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f873 ; je 0x1f873 +je short loc_0001f901 ; je 0x1f901 cmp esi, ebx -jbe short loc_0001f873 ; jbe 0x1f873 +jbe short loc_0001f901 ; jbe 0x1f901 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x28d -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f873: +loc_0001f901: mov eax, dword [ebp - 0x1c] mov dword [ebp + 0x14], edi mov dword [ebp + 0x10], ebx @@ -52151,9 +52200,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001f1d3 ; jmp 0x1f1d3 +jmp near fcn_0001f261 ; jmp 0x1f261 -fcn_0001f88e: +fcn_0001f91c: push ebp mov ebp, esp push edi @@ -52167,37 +52216,37 @@ mov edi, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0x18] mov dword [ebp - 0x20], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f8d2 ; je 0x1f8d2 +je short loc_0001f960 ; je 0x1f960 cmp ebx, 0x1f -jbe short loc_0001f8d2 ; jbe 0x1f8d2 +jbe short loc_0001f960 ; jbe 0x1f960 push edx -push ref_00026c97 ; push 0x26c97 +push ref_00026d46 ; push 0x26d46 push 0x2b6 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f8d2: -call fcn_000153f0 ; call 0x153f0 +loc_0001f960: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f8f7 ; je 0x1f8f7 +je short loc_0001f985 ; je 0x1f985 cmp esi, ebx -jbe short loc_0001f8f7 ; jbe 0x1f8f7 +jbe short loc_0001f985 ; jbe 0x1f985 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x2b7 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f8f7: +loc_0001f985: push edi push ebx push esi push dword [ebp - 0x1c] -call fcn_0001f810 ; call 0x1f810 +call fcn_0001f89e ; call 0x1f89e mov edx, dword [ebp - 0x20] add esp, 0x10 mov dword [ebp + 0x10], ebx @@ -52209,55 +52258,55 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001f792 ; jmp 0x1f792 +jmp near fcn_0001f820 ; jmp 0x1f820 -fcn_0001f920: +fcn_0001f9ae: push ebp mov ebp, esp push esi mov esi, dword [ebp + 0xc] push ebx mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f951 ; je 0x1f951 +je short loc_0001f9df ; je 0x1f9df cmp ebx, 0x1f -jbe short loc_0001f951 ; jbe 0x1f951 +jbe short loc_0001f9df ; jbe 0x1f9df push edx -push ref_00026c97 ; push 0x26c97 +push ref_00026d46 ; push 0x26d46 push 0x240 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f951: -call fcn_000153f0 ; call 0x153f0 +loc_0001f9df: +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f976 ; je 0x1f976 +je short loc_0001fa04 ; je 0x1fa04 cmp esi, ebx -jbe short loc_0001f976 ; jbe 0x1f976 +jbe short loc_0001fa04 ; jbe 0x1fa04 push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x241 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f976: +loc_0001fa04: sub esp, 0xc push dword [ebp + 0x14] push 0 push ebx push esi push dword [ebp + 8] -call fcn_0001f88e ; call 0x1f88e +call fcn_0001f91c ; call 0x1f91c lea esp, [ebp - 8] pop ebx pop esi pop ebp ret -fcn_0001f98f: ; not directly referenced +fcn_0001fa1d: ; not directly referenced push ebp mov ebp, esp push edi @@ -52269,37 +52318,37 @@ mov edi, dword [ebp + 8] mov esi, dword [ebp + 0x10] mov ebx, dword [ebp + 0x14] mov dword [ebp - 0x1c], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f9cd ; je 0x1f9cd +je short loc_0001fa5b ; je 0x1fa5b cmp ebx, 0x3f -jbe short loc_0001f9cd ; jbe 0x1f9cd +jbe short loc_0001fa5b ; jbe 0x1fa5b push ecx -push ref_00026ca3 ; push 0x26ca3 +push ref_00026d52 ; push 0x26d52 push 0x2db -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f9cd: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001fa5b: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001f9f2 ; je 0x1f9f2 +je short loc_0001fa80 ; je 0x1fa80 cmp esi, ebx -jbe short loc_0001f9f2 ; jbe 0x1f9f2 +jbe short loc_0001fa80 ; jbe 0x1fa80 push edx -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x2dc -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001f9f2: ; not directly referenced +loc_0001fa80: ; not directly referenced push eax push ebx push 0xffffffffffffffff push 0xfffffffffffffffe -call fcn_0001fd4c ; call 0x1fd4c +call fcn_0001fdda ; call 0x1fdda add esp, 0x10 mov dword [ebp + 0x10], esi not edx @@ -52313,9 +52362,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001718b ; jmp 0x1718b +jmp near fcn_0001724f ; jmp 0x1724f -fcn_0001fa1e: ; not directly referenced +fcn_0001faac: ; not directly referenced push ebp mov ebp, esp push edi @@ -52328,79 +52377,79 @@ mov edi, dword [ebp + 0x1c] mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0xc] mov dword [ebp - 0x24], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fa60 ; je 0x1fa60 +je short loc_0001faee ; je 0x1faee cmp dword [ebp + 0x14], 0x3f -jbe short loc_0001fa60 ; jbe 0x1fa60 +jbe short loc_0001faee ; jbe 0x1faee push eax -push ref_00026ca3 ; push 0x26ca3 +push ref_00026d52 ; push 0x26d52 push 0x329 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fa60: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001faee: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fa89 ; je 0x1fa89 +je short loc_0001fb17 ; je 0x1fb17 mov eax, dword [ebp + 0x14] cmp dword [ebp + 0x10], eax -jbe short loc_0001fa89 ; jbe 0x1fa89 +jbe short loc_0001fb17 ; jbe 0x1fb17 push ebx -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x32a -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fa89: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001fb17: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fadc ; je 0x1fadc +je short loc_0001fb6a ; je 0x1fb6a mov ebx, dword [ebp + 0x14] sub ebx, dword [ebp + 0x10] push ecx push ebx push edi push esi -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f add esp, 0xc push ebx push edi push esi mov dword [ebp - 0x1c], eax mov dword [ebp - 0x28], edx -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f mov ecx, dword [ebp - 0x28] add esp, 0x10 and eax, 1 test ecx, ecx -jne short loc_0001fac4 ; jne 0x1fac4 +jne short loc_0001fb52 ; jne 0x1fb52 cmp dword [ebp - 0x1c], eax -je short loc_0001fadc ; je 0x1fadc +je short loc_0001fb6a ; je 0x1fb6a -loc_0001fac4: ; not directly referenced +loc_0001fb52: ; not directly referenced push edx -push ref_00026caf ; push 0x26caf +push ref_00026d5e ; push 0x26d5e push 0x331 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fadc: ; not directly referenced +loc_0001fb6a: ; not directly referenced push eax push dword [ebp + 0x10] push edi push esi -call fcn_0001fd4c ; call 0x1fd4c +call fcn_0001fdda ; call 0x1fdda add esp, 0xc push dword [ebp + 0x14] push 0xffffffffffffffff push 0xfffffffffffffffe mov esi, eax mov ebx, edx -call fcn_0001fd4c ; call 0x1fd4c +call fcn_0001fdda ; call 0x1fdda not eax not edx and eax, esi @@ -52414,7 +52463,7 @@ pop edi pop ebp ret -fcn_0001fb10: ; not directly referenced +fcn_0001fb9e: ; not directly referenced push ebp mov ebp, esp push edi @@ -52427,67 +52476,67 @@ mov edi, dword [ebp + 0x1c] mov dword [ebp - 0x20], eax mov eax, dword [ebp + 0xc] mov dword [ebp - 0x24], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fb52 ; je 0x1fb52 +je short loc_0001fbe0 ; je 0x1fbe0 cmp dword [ebp + 0x14], 0x3f -jbe short loc_0001fb52 ; jbe 0x1fb52 +jbe short loc_0001fbe0 ; jbe 0x1fbe0 push eax -push ref_00026ca3 ; push 0x26ca3 +push ref_00026d52 ; push 0x26d52 push 0x35d -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fb52: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001fbe0: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fb7b ; je 0x1fb7b +je short loc_0001fc09 ; je 0x1fc09 mov eax, dword [ebp + 0x14] cmp dword [ebp + 0x10], eax -jbe short loc_0001fb7b ; jbe 0x1fb7b +jbe short loc_0001fc09 ; jbe 0x1fc09 push ebx -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x35e -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fb7b: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001fc09: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fbce ; je 0x1fbce +je short loc_0001fc5c ; je 0x1fc5c mov ebx, dword [ebp + 0x14] sub ebx, dword [ebp + 0x10] push ecx push ebx push edi push esi -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f add esp, 0xc push ebx push edi push esi mov dword [ebp - 0x1c], eax mov dword [ebp - 0x28], edx -call fcn_0001718b ; call 0x1718b +call fcn_0001724f ; call 0x1724f mov ecx, dword [ebp - 0x28] add esp, 0x10 and eax, 1 test ecx, ecx -jne short loc_0001fbb6 ; jne 0x1fbb6 +jne short loc_0001fc44 ; jne 0x1fc44 cmp dword [ebp - 0x1c], eax -je short loc_0001fbce ; je 0x1fbce +je short loc_0001fc5c ; je 0x1fc5c -loc_0001fbb6: ; not directly referenced +loc_0001fc44: ; not directly referenced push edx -push ref_00026d04 ; push 0x26d04 +push ref_00026db3 ; push 0x26db3 push 0x365 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fbce: ; not directly referenced +loc_0001fc5c: ; not directly referenced push eax mov ecx, esi push dword [ebp + 0x10] @@ -52495,14 +52544,14 @@ not edi not ecx push edi push ecx -call fcn_0001fd4c ; call 0x1fd4c +call fcn_0001fdda ; call 0x1fdda add esp, 0xc push dword [ebp + 0x14] push 0xffffffffffffffff push 0xfffffffffffffffe mov esi, eax mov ebx, edx -call fcn_0001fd4c ; call 0x1fd4c +call fcn_0001fdda ; call 0x1fdda not ebx mov ecx, eax or ebx, edx @@ -52519,7 +52568,7 @@ pop edi pop ebp ret -fcn_0001fc0e: ; not directly referenced +fcn_0001fc9c: ; not directly referenced push ebp mov ebp, esp push edi @@ -52539,32 +52588,32 @@ mov dword [ebp - 0x1c], eax mov eax, dword [ebp + 0x18] mov dword [ebp - 0x2c], edx mov dword [ebp - 0x30], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fc64 ; je 0x1fc64 +je short loc_0001fcf2 ; je 0x1fcf2 cmp ebx, 0x3f -jbe short loc_0001fc64 ; jbe 0x1fc64 +jbe short loc_0001fcf2 ; jbe 0x1fcf2 push ecx -push ref_00026ca3 ; push 0x26ca3 +push ref_00026d52 ; push 0x26d52 push 0x392 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fc64: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001fcf2: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fc8a ; je 0x1fc8a +je short loc_0001fd18 ; je 0x1fd18 cmp dword [ebp - 0x1c], ebx -jbe short loc_0001fc8a ; jbe 0x1fc8a +jbe short loc_0001fd18 ; jbe 0x1fd18 push edx -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x393 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fc8a: ; not directly referenced +loc_0001fd18: ; not directly referenced push eax push eax push dword [ebp - 0x2c] @@ -52573,7 +52622,7 @@ push ebx push dword [ebp - 0x1c] push dword [ebp - 0x24] push dword [ebp - 0x28] -call fcn_0001fb10 ; call 0x1fb10 +call fcn_0001fb9e ; call 0x1fb9e mov ecx, dword [ebp - 0x1c] add esp, 0x20 mov dword [ebp + 0x18], esi @@ -52587,9 +52636,9 @@ pop ebx pop esi pop edi pop ebp -jmp near fcn_0001fa1e ; jmp 0x1fa1e +jmp near fcn_0001faac ; jmp 0x1faac -fcn_0001fcc5: ; not directly referenced +fcn_0001fd53: ; not directly referenced push ebp mov ebp, esp push edi @@ -52603,32 +52652,32 @@ mov esi, dword [ebp + 0x18] mov dword [ebp - 0x20], eax mov edi, dword [ebp + 0x1c] mov dword [ebp - 0x1c], edx -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fd09 ; je 0x1fd09 +je short loc_0001fd97 ; je 0x1fd97 cmp ebx, 0x3f -jbe short loc_0001fd09 ; jbe 0x1fd09 +jbe short loc_0001fd97 ; jbe 0x1fd97 push edx -push ref_00026ca3 ; push 0x26ca3 +push ref_00026d52 ; push 0x26d52 push 0x300 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fd09: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_0001fd97: ; not directly referenced +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fd2f ; je 0x1fd2f +je short loc_0001fdbd ; je 0x1fdbd cmp dword [ebp + 0x10], ebx -jbe short loc_0001fd2f ; jbe 0x1fd2f +jbe short loc_0001fdbd ; jbe 0x1fdbd push eax -push ref_00025a81 ; push 0x25a81 +push ref_00025b30 ; push 0x25b30 push 0x301 -push ref_00026c01 ; push 0x26c01 -call fcn_000153fc ; call 0x153fc +push ref_00026cb0 ; push 0x26cb0 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fd2f: ; not directly referenced +loc_0001fdbd: ; not directly referenced push edi push esi push 0 @@ -52637,7 +52686,7 @@ push ebx push dword [ebp + 0x10] push dword [ebp - 0x1c] push dword [ebp - 0x20] -call fcn_0001fc0e ; call 0x1fc0e +call fcn_0001fc9c ; call 0x1fc9c lea esp, [ebp - 0xc] pop ebx pop esi @@ -52645,7 +52694,7 @@ pop edi pop ebp ret -fcn_0001fd4c: ; not directly referenced +fcn_0001fdda: ; not directly referenced push ebp mov ebp, esp push edi @@ -52655,19 +52704,19 @@ sub esp, 0xc mov esi, dword [ebp + 8] mov edi, dword [ebp + 0xc] mov ebx, dword [ebp + 0x10] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fd81 ; je 0x1fd81 +je short loc_0001fe0f ; je 0x1fe0f cmp ebx, 0x3f -jbe short loc_0001fd81 ; jbe 0x1fd81 +jbe short loc_0001fe0f ; jbe 0x1fe0f push eax -push ref_00025909 ; push 0x25909 +push ref_000259b8 ; push 0x259b8 push 0x27 -push ref_00026d5b ; push 0x26d5b -call fcn_000153fc ; call 0x153fc +push ref_00026e0a ; push 0x26e0a +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fd81: ; not directly referenced +loc_0001fe0f: ; not directly referenced mov dword [ebp + 0x10], ebx mov dword [ebp + 8], esi mov dword [ebp + 0xc], edi @@ -52676,15 +52725,15 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_0001fee8 ; jmp 0x1fee8 +jmp near loc_0001ff76 ; jmp 0x1ff76 -fcn_0001fd96: ; not directly referenced +fcn_0001fe24: ; not directly referenced push ebp mov ebp, esp pop ebp -jmp near loc_0001fe02 ; jmp 0x1fe02 +jmp near loc_0001fe90 ; jmp 0x1fe90 -fcn_0001fd9f: ; not directly referenced +fcn_0001fe2d: ; not directly referenced push ebp mov ebp, esp push edi @@ -52698,20 +52747,20 @@ mov ebx, dword [ebp + 0x14] mov dword [ebp - 0x20], eax mov edi, dword [ebp + 0x18] mov dword [ebp - 0x1c], edx -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0001fde1 ; je 0x1fde1 +je short loc_0001fe6f ; je 0x1fe6f mov eax, ebx or eax, esi -jne short loc_0001fde1 ; jne 0x1fde1 +jne short loc_0001fe6f ; jne 0x1fe6f push eax -push ref_0002597e ; push 0x2597e +push ref_00025a2d ; push 0x25a2d push 0x2f -push ref_00026d90 ; push 0x26d90 -call fcn_000153fc ; call 0x153fc +push ref_00026e3f ; push 0x26e3f +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001fde1: ; not directly referenced +loc_0001fe6f: ; not directly referenced mov eax, dword [ebp - 0x20] mov edx, dword [ebp - 0x1c] mov dword [ebp + 0x18], edi @@ -52724,9 +52773,9 @@ pop ebx pop esi pop edi pop ebp -jmp near loc_0001fe14 ; jmp 0x1fe14 +jmp near loc_0001fea2 ; jmp 0x1fea2 -loc_0001fe02: ; not directly referenced +loc_0001fe90: ; not directly referenced mov ecx, dword [esp + 0xc] mov eax, ecx imul ecx, dword [esp + 8] @@ -52734,19 +52783,19 @@ mul dword [esp + 4] add edx, ecx ret -loc_0001fe14: ; not directly referenced +loc_0001fea2: ; not directly referenced mov ecx, dword [esp + 0x10] test ecx, ecx -jne short loc_0001fe2f ; jne 0x1fe2f +jne short loc_0001febd ; jne 0x1febd mov ecx, dword [esp + 0x14] -jecxz loc_0001fe2a ; jecxz 0x1fe2a +jecxz loc_0001feb8 ; jecxz 0x1feb8 and dword [ecx + 4], 0 mov dword [esp + 0x10], ecx -loc_0001fe2a: ; not directly referenced -jmp near loc_000174bd ; jmp 0x174bd +loc_0001feb8: ; not directly referenced +jmp near loc_00017581 ; jmp 0x17581 -loc_0001fe2f: ; not directly referenced +loc_0001febd: ; not directly referenced push ebx push esi push edi @@ -52756,12 +52805,12 @@ mov edi, edx mov esi, eax mov ebx, dword [esp + 0x18] -loc_0001fe42: ; not directly referenced +loc_0001fed0: ; not directly referenced shr edx, 1 rcr eax, 1 shrd ebx, ecx, 1 shr ecx, 1 -jne short loc_0001fe42 ; jne 0x1fe42 +jne short loc_0001fed0 ; jne 0x1fed0 div ebx mov ebx, eax mov ecx, dword [esp + 0x1c] @@ -52769,27 +52818,27 @@ mul dword [esp + 0x18] imul ecx, ebx add edx, ecx mov ecx, dword [esp + 0x20] -jb short loc_0001fe6f ; jb 0x1fe6f +jb short loc_0001fefd ; jb 0x1fefd cmp edi, edx -ja short loc_0001fe7a ; ja 0x1fe7a -jb short loc_0001fe6f ; jb 0x1fe6f +ja short loc_0001ff08 ; ja 0x1ff08 +jb short loc_0001fefd ; jb 0x1fefd cmp esi, eax -jae short loc_0001fe7a ; jae 0x1fe7a +jae short loc_0001ff08 ; jae 0x1ff08 -loc_0001fe6f: ; not directly referenced +loc_0001fefd: ; not directly referenced dec ebx -jecxz loc_0001fe85 ; jecxz 0x1fe85 +jecxz loc_0001ff13 ; jecxz 0x1ff13 sub eax, dword [esp + 0x18] sbb edx, dword [esp + 0x1c] -loc_0001fe7a: ; not directly referenced -jecxz loc_0001fe85 ; jecxz 0x1fe85 +loc_0001ff08: ; not directly referenced +jecxz loc_0001ff13 ; jecxz 0x1ff13 sub esi, eax sbb edi, edx mov dword [ecx], esi mov dword [ecx + 4], edi -loc_0001fe85: ; not directly referenced +loc_0001ff13: ; not directly referenced mov eax, ebx xor edx, edx pop edi @@ -52797,44 +52846,44 @@ pop esi pop ebx ret -fcn_0001fe8d: +fcn_0001ff1b: push ebx -fcn_0001fe8e: ; not directly referenced +fcn_0001ff1c: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] cpuid push ecx mov ecx, dword [ebp + 0x10] -jecxz loc_0001fe9e ; jecxz 0x1fe9e +jecxz loc_0001ff2c ; jecxz 0x1ff2c mov dword [ecx], eax -loc_0001fe9e: +loc_0001ff2c: mov ecx, dword [ebp + 0x14] -jecxz loc_0001fea5 ; jecxz 0x1fea5 +jecxz loc_0001ff33 ; jecxz 0x1ff33 mov dword [ecx], ebx -loc_0001fea5: +loc_0001ff33: mov ecx, dword [ebp + 0x18] -jecxz loc_0001feac ; jecxz 0x1feac +jecxz loc_0001ff3a ; jecxz 0x1ff3a pop dword [ecx] -loc_0001feac: +loc_0001ff3a: mov ecx, dword [ebp + 0x1c] -jecxz loc_0001feb3 ; jecxz 0x1feb3 +jecxz loc_0001ff41 ; jecxz 0x1ff41 mov dword [ecx], edx -loc_0001feb3: +loc_0001ff41: mov eax, dword [ebp + 0xc] leave pop ebx ret -fcn_0001feb9: ; not directly referenced +fcn_0001ff47: ; not directly referenced push ebx -fcn_0001feba: ; not directly referenced +fcn_0001ff48: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 0xc] @@ -52842,31 +52891,31 @@ mov ecx, dword [ebp + 0x10] cpuid push ecx mov ecx, dword [ebp + 0x14] -jecxz loc_0001fecd ; jecxz 0x1fecd +jecxz loc_0001ff5b ; jecxz 0x1ff5b mov dword [ecx], eax -loc_0001fecd: ; not directly referenced +loc_0001ff5b: ; not directly referenced mov ecx, dword [ebp + 0x18] -jecxz loc_0001fed4 ; jecxz 0x1fed4 +jecxz loc_0001ff62 ; jecxz 0x1ff62 mov dword [ecx], ebx -loc_0001fed4: ; not directly referenced +loc_0001ff62: ; not directly referenced mov ecx, dword [ebp + 0x20] -jecxz loc_0001fedb ; jecxz 0x1fedb +jecxz loc_0001ff69 ; jecxz 0x1ff69 mov dword [ecx], edx -loc_0001fedb: ; not directly referenced +loc_0001ff69: ; not directly referenced mov ecx, dword [ebp + 0x1c] -jecxz loc_0001fee2 ; jecxz 0x1fee2 +jecxz loc_0001ff70 ; jecxz 0x1ff70 pop dword [ecx] -loc_0001fee2: ; not directly referenced +loc_0001ff70: ; not directly referenced mov eax, dword [ebp + 0xc] leave pop ebx ret -loc_0001fee8: ; not directly referenced +loc_0001ff76: ; not directly referenced mov cl, byte [esp + 0xc] xor eax, eax mov edx, dword [esp + 4] @@ -52877,7 +52926,7 @@ shld edx, eax, cl shl eax, cl ret -fcn_0001ff03: +fcn_0001ff91: push ebp mov ebp, esp push ebx @@ -52885,37 +52934,37 @@ sub esp, 8 mov ebx, dword [ebp + 8] mov dword [ebx], 0x53524549 mov dword [ebx + 4], 0 -mov dword [ebx + 8], fcn_00020069 ; mov dword [ebx + 8], 0x20069 +mov dword [ebx + 8], fcn_000200f7 ; mov dword [ebx + 8], 0x200f7 push 0 push 0x1f push 0 -call fcn_00016bd6 ; call 0x16bd6 +call fcn_00016c9a ; call 0x16c9a mov dword [ebx + 0x10], eax add eax, 0xf0 mov dword [esp], eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e and eax, 0xffffc000 mov dword [ebx + 0xc], eax -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 add esp, 0x10 test al, al -je short loc_0001ff6b ; je 0x1ff6b +je short loc_0001fff9 ; je 0x1fff9 cmp dword [ebx + 0xc], 0 -jne short loc_0001ff6b ; jne 0x1ff6b +jne short loc_0001fff9 ; jne 0x1fff9 push eax -push ref_00026dce ; push 0x26dce +push ref_00026e7d ; push 0x26e7d push 0x39 -push ref_00026df7 ; push 0x26df7 -call fcn_000153fc ; call 0x153fc +push ref_00026ea6 ; push 0x26ea6 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -loc_0001ff6b: +loc_0001fff9: xor eax, eax mov ebx, dword [ebp - 4] leave ret -fcn_0001ff72: ; not directly referenced +fcn_00020000: ; not directly referenced push ebp mov ebp, esp mov eax, dword [ebp + 8] @@ -52925,69 +52974,69 @@ push ebx sub esp, 0xc add eax, 2 push eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 movzx ebx, ax mov eax, ebx and eax, 0xfffffffd cmp ax, 0x8c44 -je loc_00020060 ; je 0x20060 +je loc_000200ee ; je 0x200ee lea eax, [ebx + 0x73b2] cmp ax, 2 -jbe loc_00020060 ; jbe 0x20060 +jbe loc_000200ee ; jbe 0x200ee lea eax, [ebx + 0x73b7] cmp ax, 3 -jbe loc_00020060 ; jbe 0x20060 +jbe loc_000200ee ; jbe 0x200ee lea eax, [ebx + 0x73bf] cmp ax, 1 -jbe loc_00020060 ; jbe 0x20060 +jbe loc_000200ee ; jbe 0x200ee cmp bx, 0x8c58 -je loc_00020060 ; je 0x20060 +je loc_000200ee ; je 0x200ee mov eax, ebx and eax, 0xfffffffb cmp ax, 0x8c52 -je short loc_0002005b ; je 0x2005b +je short loc_000200e9 ; je 0x200e9 mov eax, ebx and eax, 0xfffffff7 cmp ax, 0x8c54 -je short loc_0002005b ; je 0x2005b +je short loc_000200e9 ; je 0x200e9 lea eax, [ebx + 0x733f] cmp ax, 5 -jbe short loc_00020060 ; jbe 0x20060 +jbe short loc_000200ee ; jbe 0x200ee lea eax, [ebx + 0x63bf] mov si, 2 cmp ax, 6 -jbe short loc_00020060 ; jbe 0x20060 +jbe short loc_000200ee ; jbe 0x200ee lea eax, [ebx + 0x633f] cmp ax, 0xa -jbe short loc_00020060 ; jbe 0x20060 -call fcn_000153e9 ; call 0x153e9 +jbe short loc_000200ee ; jbe 0x200ee +call fcn_00015479 ; call 0x15479 test al, al -je short loc_00020036 ; je 0x20036 +je short loc_000200c4 ; je 0x200c4 push edx push ebx -push ref_0002644f ; push 0x2644f +push ref_000264fe ; push 0x264fe push 0x80000000 -call fcn_000153f7 ; call 0x153f7 +call fcn_00015487 ; call 0x15487 add esp, 0x10 -loc_00020036: ; not directly referenced -call fcn_000153f0 ; call 0x153f0 +loc_000200c4: ; not directly referenced +call fcn_00015480 ; call 0x15480 mov esi, 3 test al, al -je short loc_00020060 ; je 0x20060 +je short loc_000200ee ; je 0x200ee push eax -push ref_000221f1 ; push 0x221f1 +push ref_00022281 ; push 0x22281 push 0x57 -push ref_00026df7 ; push 0x26df7 -call fcn_000153fc ; call 0x153fc +push ref_00026ea6 ; push 0x26ea6 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_00020060 ; jmp 0x20060 +jmp short loc_000200ee ; jmp 0x200ee -loc_0002005b: ; not directly referenced +loc_000200e9: ; not directly referenced mov esi, 1 -loc_00020060: ; not directly referenced +loc_000200ee: ; not directly referenced lea esp, [ebp - 8] mov eax, esi pop ebx @@ -52995,7 +53044,7 @@ pop esi pop ebp ret -fcn_00020069: ; not directly referenced +fcn_000200f7: ; not directly referenced push ebp mov ebp, esp push edi @@ -53003,64 +53052,64 @@ push esi push ebx sub esp, 0x1c mov ebx, dword [ebp + 8] -call fcn_000153f0 ; call 0x153f0 +call fcn_00015480 ; call 0x15480 test al, al -je short loc_0002009e ; je 0x2009e +je short loc_0002012c ; je 0x2012c cmp dword [ebx - 8], 0x53524549 -je short loc_0002009e ; je 0x2009e +je short loc_0002012c ; je 0x2012c push eax -push ref_00026219 ; push 0x26219 +push ref_000262c8 ; push 0x262c8 push 0x79 -push ref_00026df7 ; push 0x26df7 -call fcn_000153fc ; call 0x153fc +push ref_00026ea6 ; push 0x26ea6 +call fcn_0001548c ; call 0x1548c add esp, 0x10 -jmp short loc_000200a1 ; jmp 0x200a1 +jmp short loc_0002012f ; jmp 0x2012f -loc_0002009e: ; not directly referenced +loc_0002012c: ; not directly referenced sub ebx, 8 -loc_000200a1: ; not directly referenced +loc_0002012f: ; not directly referenced mov esi, dword [ebx + 0x10] sub esp, 0xc push esi -call fcn_0001ff72 ; call 0x1ff72 +call fcn_00020000 ; call 0x20000 mov edi, eax mov eax, dword [ebx + 0xc] mov dword [ebp - 0x1c], eax lea eax, [esi + 0x40] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 mov ebx, eax lea eax, [esi + 0x48] mov dword [esp], eax -call fcn_00017cfe ; call 0x17cfe +call fcn_00017dc2 ; call 0x17dc2 add esp, 0x10 cmp dword [ebp + 0xc], 5 -ja loc_000202fa ; ja 0x202fa +ja loc_00020388 ; ja 0x20388 mov edx, dword [ebp + 0xc] -jmp dword [edx*4 + ref_000205e0] ; ujmp: jmp dword [edx*4 + 0x205e0] +jmp dword [edx*4 + ref_00020670] ; ujmp: jmp dword [edx*4 + 0x20670] -loc_000200e4: ; not directly referenced +loc_00020172: ; not directly referenced push eax mov esi, 4 push eax push 0 push 0xcf9 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea add esp, 0x10 -jmp near loc_000202c1 ; jmp 0x202c1 +jmp near loc_0002034f ; jmp 0x2034f -loc_000200ff: ; not directly referenced +loc_0002018d: ; not directly referenced push eax mov esi, 6 push eax push 2 push 0xcf9 -call fcn_00018e26 ; call 0x18e26 +call fcn_00018eea ; call 0x18eea add esp, 0x10 -jmp near loc_000202c1 ; jmp 0x202c1 +jmp near loc_0002034f ; jmp 0x2034f -loc_0002011a: ; not directly referenced +loc_000201a8: ; not directly referenced push eax add esi, 0x44 push eax @@ -53068,47 +53117,47 @@ and ebx, 0xfffffffc push 0x80 movzx ebx, bx push esi -call fcn_0001866c ; call 0x1866c +call fcn_00018730 ; call 0x18730 add esp, 0x10 cmp edi, 2 -jne short loc_0002014a ; jne 0x2014a +jne short loc_000201d8 ; jne 0x201d8 push eax push eax push 0 lea eax, [ebx + 0x9c] push eax -call fcn_00018ed3 ; call 0x18ed3 -jmp short loc_00020167 ; jmp 0x20167 +call fcn_00018f97 ; call 0x18f97 +jmp short loc_000201f5 ; jmp 0x201f5 -loc_0002014a: ; not directly referenced +loc_000201d8: ; not directly referenced dec edi -jne short loc_0002016a ; jne 0x2016a +jne short loc_000201f8 ; jne 0x201f8 push ecx push ecx push 0 lea eax, [ebx + 0x28] push eax -call fcn_00018e63 ; call 0x18e63 +call fcn_00018f27 ; call 0x18f27 lea eax, [ebx + 0x2c] pop esi pop edi push 0 push eax -call fcn_00018e63 ; call 0x18e63 +call fcn_00018f27 ; call 0x18f27 -loc_00020167: ; not directly referenced +loc_000201f5: ; not directly referenced add esp, 0x10 -loc_0002016a: ; not directly referenced +loc_000201f8: ; not directly referenced push ecx push ecx push 0x100 lea eax, [ebx + 0x34] add ebx, 4 push eax -call fcn_00018e63 ; call 0x18e63 +call fcn_00018f27 ; call 0x18f27 mov dword [esp], ebx -call fcn_00018ea0 ; call 0x18ea0 +call fcn_00018f64 ; call 0x18f64 pop edi mov esi, eax and esi, 0xffffc3ff @@ -53118,17 +53167,17 @@ or ah, 0x1c or esi, 0x3c00 push eax push ebx -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 pop eax pop edx push esi push ebx -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 add esp, 0x10 xor eax, eax -jmp near loc_000202ff ; jmp 0x202ff +jmp near loc_0002038d ; jmp 0x2038d -loc_000201b4: ; not directly referenced +loc_00020242: ; not directly referenced mov ebx, eax push edx and ebx, 0xfffc @@ -53137,130 +53186,130 @@ push 0 lea eax, [ebx + 0x60] push eax mov dword [ebp - 0x20], eax -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 pop ecx pop eax lea eax, [ebx + 0x64] push 0 push eax -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 pop eax pop edx lea eax, [ebx + 0x68] push 0 push eax -call fcn_00018ed3 ; call 0x18ed3 +call fcn_00018f97 ; call 0x18f97 mov eax, dword [ebp + 0xc] add esp, 0x10 sub eax, 4 cmp eax, 1 -ja loc_000202bc ; ja 0x202bc +ja loc_0002034a ; ja 0x2034a push ecx add esi, 0xac push ecx push 0x100000 push esi -call fcn_00018a50 ; call 0x18a50 +call fcn_00018b14 ; call 0x18b14 add esp, 0x10 cmp dword [ebp + 0xc], 5 -jne loc_000202bc ; jne 0x202bc +jne loc_0002034a ; jne 0x2034a mov eax, dword [ebp - 0x1c] sub esp, 0xc add eax, 0x332c push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test al, 3 -jne loc_000202bc ; jne 0x202bc +jne loc_0002034a ; jne 0x2034a mov eax, dword [ebp - 0x1c] sub esp, 0xc add eax, 0x3330 push eax -call fcn_00017d8a ; call 0x17d8a +call fcn_00017e4e ; call 0x17e4e add esp, 0x10 test ah, 0xc0 -jne short loc_000202bc ; jne 0x202bc +jne short loc_0002034a ; jne 0x2034a cmp edi, 1 -jne short loc_0002027b ; jne 0x2027b +jne short loc_00020309 ; jne 0x20309 push ecx push ecx push 0x40000000 push ebx -call fcn_0001829f ; call 0x1829f +call fcn_00018363 ; call 0x18363 lea eax, [ebx + 4] add ebx, 0xc pop esi pop edi push 0xbfffffff push eax -call fcn_000182c9 ; call 0x182c9 +call fcn_0001838d ; call 0x1838d pop eax pop edx push 0xbfffffff -jmp short loc_000202a1 ; jmp 0x202a1 +jmp short loc_0002032f ; jmp 0x2032f -loc_0002027b: ; not directly referenced +loc_00020309: ; not directly referenced cmp edi, 2 -jne short loc_000202aa ; jne 0x202aa +jne short loc_00020338 ; jne 0x20338 push ecx add ebx, 0x1f0 push ecx push 1 push ebx -call fcn_0001829f ; call 0x1829f +call fcn_00018363 ; call 0x18363 pop esi pop edi push 0xfffffffffffffffb push ebx -call fcn_000182c9 ; call 0x182c9 +call fcn_0001838d ; call 0x1838d pop eax pop edx push 0x7fffffff -loc_000202a1: ; not directly referenced +loc_0002032f: ; not directly referenced push ebx -call fcn_000182c9 ; call 0x182c9 +call fcn_0001838d ; call 0x1838d add esp, 0x10 -loc_000202aa: ; not directly referenced +loc_00020338: ; not directly referenced push edx push edx push 0x40000000 push dword [ebp - 0x20] -call fcn_0001829f ; call 0x1829f +call fcn_00018363 ; call 0x18363 add esp, 0x10 -loc_000202bc: ; not directly referenced +loc_0002034a: ; not directly referenced mov esi, 0xe -loc_000202c1: ; not directly referenced +loc_0002034f: ; not directly referenced sub esp, 0xc push dword [ebp + 0xc] -call fcn_0001b972 ; call 0x1b972 +call fcn_0001ba36 ; call 0x1ba36 add esp, 0x10 mov ebx, eax cmp eax, 0x8000000e -je short loc_000202dc ; je 0x202dc +je short loc_0002036a ; je 0x2036a test ebx, ebx -jne short loc_000202ff ; jne 0x202ff +jne short loc_0002038d ; jne 0x2038d -loc_000202dc: ; not directly referenced +loc_0002036a: ; not directly referenced push eax push eax mov eax, esi movzx esi, al push esi push 0xcf9 -call fcn_00018e26 ; call 0x18e26 -call fcn_00017175 ; call 0x17175 +call fcn_00018eea ; call 0x18eea +call fcn_00017239 ; call 0x17239 add esp, 0x10 mov eax, ebx -jmp short loc_000202ff ; jmp 0x202ff +jmp short loc_0002038d ; jmp 0x2038d -loc_000202fa: ; not directly referenced +loc_00020388: ; not directly referenced mov eax, 0x80000002 -loc_000202ff: ; not directly referenced +loc_0002038d: ; not directly referenced lea esp, [ebp - 0xc] pop ebx pop esi @@ -53268,18 +53317,20 @@ pop edi pop ebp ret -loc_00020307: +loc_00020395: +db 0x66 +db 0x90 db 0x66 dd 0x66906690 dd 0x90906690 -ref_00020310: +ref_000203a0: dd 0x08000100 dd 0x01010000 dd 0x01000004 dd 0x00000202 -ref_00020320: +ref_000203b0: dd 0x00000100 dd 0x00001000 dd 0x00010101 @@ -53287,29 +53338,29 @@ dd 0x01000008 dd 0x04000202 dd 0x00000000 -ref_00020338: +ref_000203c8: dd 0x07000301 dd 0x0f000000 -ref_00020340: -dd loc_00009440 -dd loc_00009447 -dd loc_0000938c -dd loc_00009396 -dd loc_000093a0 -dd loc_000093d6 -dd loc_000093da -dd loc_000093e3 -dd loc_000093a7 -dd loc_000093ae - -ref_00020368: +ref_000203d0: +dd loc_000094ae +dd loc_000094b5 +dd loc_000093fa +dd loc_00009404 +dd loc_0000940e +dd loc_00009444 +dd loc_00009448 +dd loc_00009451 +dd loc_00009415 +dd loc_0000941c + +ref_000203f8: dd 0x00000002 dd 0x0000000a dd 0x00000064 dd 0x00000000 -ref_00020378: +ref_00020408: dd 0xea002600 dd 0xea002400 dd 0xea002200 @@ -53317,7 +53368,7 @@ dd 0xea002000 dd 0x00000000 dd 0x00000000 -ref_00020390: +ref_00020420: dd 0xea002400 dd 0xea002600 dd 0xea000800 @@ -53325,7 +53376,7 @@ dd 0xea000a00 dd 0xea002000 dd 0xea002200 -ref_000203a8: +ref_00020438: dd 0xe9002000 dd 0xe9002200 dd 0xe9002400 @@ -53333,7 +53384,7 @@ dd 0xe9002600 dd 0x00000000 dd 0x00000000 -ref_000203c0: +ref_00020450: dd 0xe9001600 dd 0xe9001400 dd 0xe9002e00 @@ -53341,10 +53392,10 @@ dd 0xe9002c00 dd 0xe9003200 dd 0xe9003000 -ref_000203d8: +ref_00020468: dd 0x0a090605 -ref_000203dc: +ref_0002046c: dd 0x13000000 dd 0x15000000 dd 0x15000000 @@ -53363,7 +53414,7 @@ dd 0x15000000 dd 0x15000000 dd 0x0f000000 -ref_00020420: +ref_000204b0: dd 0x00000000 dd 0x00000001 dd 0x00000002 @@ -53381,18 +53432,18 @@ dd 0x0000000b dd 0x0000000c dd 0x0000000d -ref_00020460: +ref_000204f0: db 0x1d -ref_00020461: +ref_000204f1: db 0x00 db 0x1a db 0x00 -ref_00020464: +ref_000204f4: db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ',0x00,0x00,0x00,0x00 -ref_0002048c: +ref_0002051c: dd 0x00000001 dd 0x00000002 dd 0x00000004 @@ -53402,2308 +53453,2312 @@ dd 0x00000020 dd 0x00000040 dd 0x00000000 -ref_000204ac: +ref_0002053c: db ' +-#0!^',0x00 -ref_000204b4: +ref_00020544: db '0000000000000000',0x00,0x00,0x00,0x00 -ref_000204c8: +ref_00020558: dd 0x20202020 dd 0x20202020 dd 0x20202020 dd 0x20202020 dd 0x90906600 -ref_000204dc: +ref_0002056c: db 'CbLocatePpi',0x00 -ref_000204e8: +ref_00020578: db 'CbNotifyPpi',0x00 -ref_000204f4: +ref_00020584: dd 0x6e496243 dd 0x6c617473 dd 0x6970506c dd 0x90906600 -ref_00020504: +ref_00020594: dd 0x80000010 -dd ref_00028fcc -dd 0x00000000 - -ref_00020510: -dd loc_0001b397 -dd loc_0001b390 -dd loc_0001b3b7 -dd loc_0001b3a8 -dd loc_0001b3f2 -dd loc_0001b3d2 -dd loc_0001b44f -dd loc_0001b424 -dd loc_0001b483 -dd loc_0001b467 -dd loc_0001b499 -dd loc_0001b4de - -ref_00020540: -dd loc_0001b722 -dd loc_0001b7e8 -dd loc_0001b66c -dd loc_0001b7e8 -dd loc_0001b650 -dd loc_0001b7e8 -dd loc_0001b749 -dd loc_0001b733 -dd loc_0001b650 -dd loc_0001b794 - -ref_00020568: -dd loc_0001c2a3 -dd loc_0001c2be -dd loc_0001c2a9 -dd loc_0001c2b0 -dd loc_0001c2b7 - -ref_0002057c: -dd loc_0001cfe4 -dd loc_0001cff3 -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d10c -dd loc_0001d00c -dd loc_0001d021 -dd loc_0001d0b0 -dd loc_0001d0bc -dd loc_0001d0e5 -dd loc_0001d0f1 +dd ref_0002907c +dd 0x00000000 + +ref_000205a0: +dd loc_0001b45b +dd loc_0001b454 +dd loc_0001b47b +dd loc_0001b46c +dd loc_0001b4b6 +dd loc_0001b496 +dd loc_0001b513 +dd loc_0001b4e8 +dd loc_0001b547 +dd loc_0001b52b +dd loc_0001b55d +dd loc_0001b5a2 ref_000205d0: +dd loc_0001b7e6 +dd loc_0001b8ac +dd loc_0001b730 +dd loc_0001b8ac +dd loc_0001b714 +dd loc_0001b8ac +dd loc_0001b80d +dd loc_0001b7f7 +dd loc_0001b714 +dd loc_0001b858 + +ref_000205f8: +dd loc_0001c367 +dd loc_0001c382 +dd loc_0001c36d +dd loc_0001c374 +dd loc_0001c37b + +ref_0002060c: +dd loc_0001d0a8 +dd loc_0001d0b7 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d1d0 +dd loc_0001d0d0 +dd loc_0001d0e5 +dd loc_0001d174 +dd loc_0001d180 +dd loc_0001d1a9 +dd loc_0001d1b5 + +ref_00020660: dd 0x6c416243 dd 0x61636f6c dd 0x6f506574 dd 0x90006c6f -ref_000205e0: -dd loc_000200ff -dd loc_000200e4 -dd loc_0002011a -dd loc_000201b4 -dd loc_000201b4 -dd loc_000201b4 +ref_00020670: +dd loc_0002018d +dd loc_00020172 +dd loc_000201a8 +dd loc_00020242 +dd loc_00020242 +dd loc_00020242 -ref_000205f8: +ref_00020688: db 'PEI: Starting...',0x0a,0x00 -ref_0002060a: +ref_0002069a: db 'Initializing System Agent',0x0a,0x00 -ref_00020625: +ref_000206b5: db 'Initializing PCH',0x0a,0x00 -ref_00020637: +ref_000206c7: db 'PEI: Done.',0x0a,0x00 -ref_00020643: +ref_000206d3: db 0x0a,'ASSERT_EFI_ERROR (Status = %r)',0x0a,0x00 -ref_00020664: +ref_000206f4: db '!EFI_ERROR (Status)',0x00 -ref_00020678: +ref_00020708: db '../../intel/SystemAgent/SaInit/Pei/SaInitPeim.c',0x00 -ref_000206a8: +ref_00020738: db 'Set BIOS_RESET_CPL to indicate all configurations complete',0x0a,0x00 -ref_000206e4: +ref_00020774: db '[SA] Programming MSR 2E7',0x0a,0x00 -ref_000206fe: +ref_0002078e: db 'SA Data HOB installed',0x0a,0x00 -ref_00020715: +ref_000207a5: db '***************** System Agent PCIe code version *****************',0x0a,0x00 -ref_00020759: +ref_000207e9: db '** Major version number is: %3d **',0x0a,0x00 -ref_0002079d: +ref_0002082d: db '** Minor version number is: %3d **',0x0a,0x00 -ref_000207e1: +ref_00020871: db '** Rev version number is: %3d **',0x0a,0x00 -ref_00020825: +ref_000208b5: db '** Build number is: %3d **',0x0a,0x00 -ref_00020869: +ref_000208f9: db '******************************************************************',0x0a,0x00 -ref_000208ad: +ref_0002093d: db 'Programming SA Bars',0x0a,0x00 -ref_000208c2: +ref_00020952: db 'Reporting SA PCIe code version',0x0a,0x00 -ref_000208e2: +ref_00020972: db 'Initializing DMI',0x0a,0x00 -ref_000208f4: +ref_00020984: db 'Initializing SA PCIe',0x0a,0x00 -ref_0002090a: +ref_0002099a: db 'Initializing Graphics',0x0a,0x00 -ref_00020921: +ref_000209b1: db 'Initializing System Agent Overclocking',0x0a,0x00 -ref_00020949: +ref_000209d9: db 'Initializing DMI Tc/Vc mapping',0x0a,0x00 -ref_00020969: +ref_000209f9: db 'Early BIOS POST Programming',0x0a,0x00 -ref_00020986: +ref_00020a16: db '[SA] BootMode = %X',0x0a,0x00 -ref_0002099a: +ref_00020a2a: db '[SA] Install SA S3 Notify callback',0x0a,0x00 -ref_000209be: +ref_00020a4e: db '[SA] Install Notify callback for Rapid Start Resume',0x0a,0x00 -ref_000209f3: +ref_00020a83: db '(OC) Overclocking is disabled. Bypassing SA overclocking flow.',0x0a,0x00 -ref_00020a33: +ref_00020ac3: db '../../intel/SystemAgent/SaInit/Pei/SaOcInit.c',0x00 -ref_00020a61: +ref_00020af1: db '(OC) Updating EDRAM ratio value = %X',0x0a,0x00 -ref_00020a87: +ref_00020b17: db '(OC) Set Voltage Frequency failed. EFI Status = %X, Library Status = %X',0x0a,0x00 -ref_00020ad0: +ref_00020b60: db '(OC) No OC support for this Domain = %X',0x0a,0x00 -ref_00020af9: +ref_00020b89: db '(OC) GetOcCapabilities message failed. Library Status = %X, Domain = %X',0x0a,0x00 -ref_00020b42: +ref_00020bd2: db '../../intel/SystemAgent/SaInit/Pei/GraphicsInit.c',0x00 -ref_00020b74: +ref_00020c04: db 'PCH PCIe Graphics Card enabled.',0x0a,0x00 -ref_00020b95: +ref_00020c25: db 'PCIe card on PEG%x%x (%x:%x:%x) enabled as VGA.',0x0a,0x00 -ref_00020bc6: +ref_00020c56: db 'PEG%x%x (%x:%x:%x) ISAEN has been set.',0x0a,0x00 -ref_00020bee: +ref_00020c7e: db '(StallCount != 3000)',0x00 -ref_00020c03: +ref_00020c93: db 'Temporary GttMmAdr Bar is not initialized. Returning from GraphicsInit().',0x0a,0x00 -ref_00020c4e: +ref_00020cde: db 'GttMmAdr != 0',0x00 -ref_00020c5c: +ref_00020cec: db 'IGD enabled.',0x0a,0x00 -ref_00020c6a: +ref_00020cfa: db 'SaPlatformPolicyPpi->GtConfig->GttSize <= 3',0x00 -ref_00020c96: +ref_00020d26: db 'IGD VGA Decode is disabled because it',0x27,'s not a primary display.',0x0a,0x00 -ref_00020cd6: +ref_00020d66: db 'Disable IGD Device.',0x0a,0x00 -ref_00020ceb: +ref_00020d7b: db '../../intel/SystemAgent/SaInit/Pei/SaDmiPeim.c',0x00 -ref_00020d1a: +ref_00020daa: db 'Can',0x27,'t locate PchPlatformPolicy PPI - exiting.',0x0a,0x00 -ref_00020d49: +ref_00020dd9: db 'DMI Recipe...',0x0a,0x00 -ref_00020d58: +ref_00020de8: db 'Run AdditionalDmiProgramSteps!',0x0a,0x00 -ref_00020d78: +ref_00020e08: db 'DMI Gen2 is Disabled or not capable, staying at Gen1 !',0x0a,0x00 -ref_00020db0: +ref_00020e40: db 'DMI Link re-train to set GEN2',0x0a,0x00 -ref_00020dcf: +ref_00020e5f: db 'DMI trained to x%d at Gen%d',0x0a,0x00 -ref_00020dec: +ref_00020e7c: db 'PEG%x%x (%x:%x:%x) - ',0x00 -ref_00020e02: +ref_00020e92: db 'Trained to x%d at Gen%d.',0x00 -ref_00020e1b: +ref_00020eab: db ' VC0 Negotiation Pending = %d.',0x00 -ref_00020e3a: +ref_00020eca: db 'PEG%x%x (%x:%x:%x) - VC0 Negotiation Pending = %x after %d msec.',0x0a,0x00 -ref_00020e7c: +ref_00020f0c: db '../../intel/SystemAgent/SaInit/Pei/PciExpressInit.c',0x00 -ref_00020eb0: +ref_00020f40: db 'Previous Link Training Fail Mask 0x%2.2X',0x0a,0x00 -ref_00020eda: +ref_00020f6a: db 'New Link Training Fail Mask 0x%2.2X',0x0a,0x00 -ref_00020eff: +ref_00020f8f: db ' PEG%x%x (%x:%x:%x) - skipping due to furcation',0x0a,0x00 -ref_00020f30: +ref_00020fc0: db ' PEG%x%x (%x:%x:%x) - checking',0x0a,0x00 -ref_00020f50: +ref_00020fe0: db ' VC negotiation is complete',0x0a,0x00 -ref_00020f6e: +ref_00020ffe: db 'Total Stall: %d msec',0x0a,0x00 -ref_00020f84: +ref_00021014: db 'Returned PegLinkFailMask 0x%2.2X',0x0a,0x00 -ref_00020fa6: +ref_00021036: db 'Invalid input to ProgramPreset() function! PegFunc=%d, Lane=%d',0x0a,0x00 -ref_00020fe7: +ref_00021077: db '--- Sampler values before calibration ---',0x0a,0x00 -ref_00021012: +ref_000210a2: db 'ERROR: PEG dev=%d, lane=%d, sampler=%d, iteration=%d, found more than %d distinct codes!!!',0x0a,0x00 -ref_0002106e: +ref_000210fe: db '--- Sampler values after calibration ---',0x0a,0x00 -ref_00021098: +ref_00021128: db 'PEG Link Status after auto speed disable:',0x0a,0x00 -ref_000210c3: +ref_00021153: db 'Auto',0x0a,0x00 -ref_000210c9: +ref_00021159: db 'Speed From Setup %x',0x0a,0x00 -ref_000210de: +ref_0002116e: db 'PEG%x%x (%x:%x:%x) - Max Link Speed = Gen%d',0x0a,0x00 -ref_0002110b: +ref_0002119b: db 'ERROR: Attempted to reserve > %d IOTRK (Attempt = %d)! Skipping programming.',0x0a,0x00 -ref_00021159: +ref_000211e9: db 'IOTRK: Reserved = %d. Shared = %d. Total = %d.',0x0a,0x00 -ref_00021189: +ref_00021219: db 'ERROR: Attempted to reserve > %d RRTRK (Attempt = %d)! Skipping programming.',0x0a,0x00 -ref_000211d7: +ref_00021267: db 'RRTRK: Reserved = %d. Shared = %d. Total = %d.',0x0a,0x00 -ref_00021207: +ref_00021297: db 'Crdtctl4 Crdtctl6 Crdtctl8 Before = %x %x %x',0x0a,0x00 -ref_00021235: +ref_000212c5: db 'PEG10: LinkDisabled = %x. Width = %x',0x0a,0x00 -ref_0002125b: +ref_000212eb: db 'PEG11: LinkDisabled = %x. Width = %x',0x0a,0x00 -ref_00021281: +ref_00021311: db 'PEG12: LinkDisabled = %x. Width = %x',0x0a,0x00 -ref_000212a7: +ref_00021337: db 'Crdtctl4 Crdtctl6 Crdtctl8 After = %x %x %x',0x0a,0x00 -ref_000212d4: +ref_00021364: db 'VCU Busy Timeout after %d tries: MCHBAR=%8.8X. Interface=%8.8X. Data=%4.4X.',0x0a,0x00 -ref_00021321: +ref_000213b1: db 'ERROR: VCU Response Error after %d tries: MCHBAR=%8.8X. Interface=%4.4X. Data=%8.8X. ResponseCode=%4.4X',0x0a,0x00 -ref_0002138a: +ref_0002141a: db 'In GetMaxBundles procedure',0x0a,0x00 -ref_000213a6: +ref_00021436: db 'MaxBndlPwrdnCount = %d',0x0a,0x00 -ref_000213be: +ref_0002144e: db 'In PowerDownUnusedBundles sequence',0x0a,0x00 -ref_000213e2: +ref_00021472: db 'All lanes are used. Do nothing.',0x0a,0x00 -ref_00021403: +ref_00021493: db 'PegLaneReversal is true',0x0a,0x00 -ref_0002141c: +ref_000214ac: db 'BNDL_PWRDN PEG%d%d[%d:%d]',0x0a,0x00 -ref_00021437: +ref_000214c7: db 'PEG controller not detected',0x0a,0x00 -ref_00021454: +ref_000214e4: db 'PEG HW Strap value %x',0x0a,0x00 -ref_0002146b: +ref_000214fb: db 'PEG Gen3 Fused off',0x0a,0x00 -ref_0002147f: +ref_0002150f: db 0x0a,'Restore SA PEG DATA from previous boot: Size=%X',0x0a,0x00 -ref_000214b1: +ref_00021541: db 0x0a,'PegGen3PresetSearch is disabled, Clear old Preset data',0x0a,0x00 -ref_000214ea: +ref_0002157a: db 'PEG Recipe...',0x0a,0x00 -ref_000214f9: +ref_00021589: db 'PEG Gen3 Equalization...',0x0a,0x00 -ref_00021513: +ref_000215a3: db 'Presence detect table...',0x0a,0x00 -ref_0002152d: +ref_000215bd: db ' PEG%d%d PresenceDetect: %x. EndpointMaxLinkSpeed: %x.',0x0a,0x00 -ref_00021565: +ref_000215f5: db 'PEG SamplerCalibration...',0x0a,0x00 -ref_00021580: +ref_00021610: db 'PEG Ports Scanning starts.',0x0a,0x00 -ref_0002159c: +ref_0002162c: db 'PEG%d%d - Endpoint not responding to PCI config space access, assuming negotiated width (X%d) is max width',0x0a,0x00 -ref_00021608: +ref_00021698: db 'CtrlMLW[%d]. EpMLW[%d]. UnusedLanes[%d]. BndlPwrdnCount[%d].',0x0a,0x00 -ref_00021646: +ref_000216d6: db 'BndlPwrdnCount violation! Overriding BndlPwrdnCount! ' -ref_0002167b: +ref_0002170b: db 'BndlPwrdnCount[%d].',0x0a,0x00 -ref_00021690: +ref_00021720: db 'Run AdditionalPegProgramSteps on PEG%x%x!',0x0a,0x00 -ref_000216bb: +ref_0002174b: db 'PEG10 ' -ref_000216c1: +ref_00021751: db 'Disabled.',0x0a,0x00 -ref_000216cc: +ref_0002175c: db 'PEG11 Disabled.',0x0a,0x00 -ref_000216dd: +ref_0002176d: db 'PEG12 Disabled.',0x0a,0x00 -ref_000216ee: +ref_0002177e: db 'Original PegLinkFailMask=%X, Final PegLinkFailMask=%X',0x0a,0x00 -ref_00021725: +ref_000217b5: db 'Setting GPIO%d to %x',0x0a,0x00 -ref_0002173b: +ref_000217cb: db 'Asserting PEG slot reset.',0x0a,0x00 -ref_00021756: +ref_000217e6: db 'Deasserting PEG slot reset.',0x0a,0x00 -ref_00021773: +ref_00021803: db 'Toggling PEG slot reset.',0x0a,0x00 -ref_0002178d: +ref_0002181d: db 'SECONDARY BUS RESET!',0x0a,0x00 -ref_000217a3: +ref_00021833: db 'Reset Complete',0x0a,0x00 -ref_000217b3: +ref_00021843: db 'PHY LAYER RESET!',0x0a,0x00 -ref_000217c5: +ref_00021855: db 'Link retrain FAILED!!!',0x0a,0x00 -ref_000217dd: +ref_0002186d: db 'DOWNGRADE from x%d to x%d detected',0x0a,0x00 -ref_00021801: +ref_00021891: db 'Width Recovery Successful',0x0a,0x00 -ref_0002181c: +ref_000218ac: db 'Width Recovery FAILED!',0x0a,0x00 -ref_00021834: +ref_000218c4: db 'Error 0x%x.',0x0a,0x00 -ref_00021841: +ref_000218d1: db 'Success.',0x0a,0x00 -ref_0002184b: +ref_000218db: db 'Link Width DOWNGRADED!',0x0a,0x00 -ref_00021863: +ref_000218f3: db 'Link Speed DOWNGRADED!',0x0a,0x00 -ref_0002187b: +ref_0002190b: db 'Link speed downgrade detected',0x0a,0x00 -ref_0002189a: +ref_0002192a: db 'Link width downgrade detected',0x0a,0x00 -ref_000218b9: +ref_00021949: db 'DOWNGRADE from Gen %d to Gen %d detected',0x0a,0x00 -ref_000218e3: +ref_00021973: db 'Link Speed Recovery FAILED!',0x0a,0x00 -ref_00021900: +ref_00021990: db 'Link Speed Recovery Successful',0x0a,0x00 -ref_00021920: +ref_000219b0: db 'DOWNGRADE, Link is not in L0',0x0a,0x00 -ref_0002193e: +ref_000219ce: db '../../intel/SystemAgent/SaInit/Pei/PcieTrainingLinkRecovery.c',0x00 -ref_0002197c: +ref_00021a0c: db ' PcieControllerList Array Index Out of Bounds PortInfoListLength: %x',0x0a,0x00 -ref_000219c3: +ref_00021a53: db ' LaneList Array Index Out of Bounds LaneListLength%x',0x0a,0x00 -ref_000219f9: +ref_00021a89: db ' PEG%x%x (%x:%x:%x) - Root Port is not Gen3-capable. Max Link Speed = %d.',0x0a,0x00 -ref_00021a44: +ref_00021ad4: db ' PEG%x%x (%x:%x:%x) - Root Port is Gen3-capable.',0x0a,0x00 -ref_00021a76: +ref_00021b06: db ' PEG%x%x (%x:%x:%x) - VC0 negotiation is pending! Skipping endpoint.',0x0a,0x00 -ref_00021abc: +ref_00021b4c: db ' PEG%x%x (%x:%x:%x) - Endpoint is not Gen3-capable. No PCIe Capability found.',0x0a,0x00 -ref_00021b0b: +ref_00021b9b: db ' PEG%x%x (%x:%x:%x) - Endpoint is not Gen3-capable. Max Link Speed = %d.',0x0a,0x00 -ref_00021b55: +ref_00021be5: db ' PEG%x%x (%x:%x:%x) - Endpoint is Gen3-capable',0x0a,0x00 -ref_00021b85: +ref_00021c15: db '../../intel/SystemAgent/SaInit/Pei/PcieTraining.c',0x00 -ref_00021bb7: +ref_00021c47: db 'Invalid Margin Test Requested.',0x0a,0x00 -ref_00021bd7: +ref_00021c67: db 'Preset for Lane %2d: ',0x00 -ref_00021bed: +ref_00021c7d: db 'Search Result: P%d',0x00 -ref_00021c00: +ref_00021c90: db 'Applying Policy value: P%d' -ref_00021c1a: +ref_00021caa: db '. Saving value for next boot.',0x00 -ref_00021c38: +ref_00021cc8: db 'Applying Policy value: P%d',0x00 -ref_00021c53: +ref_00021ce3: db 'Restoring previous value: P%d',0x00 -ref_00021c71: +ref_00021d01: db 'Illegal Lane: %d',0x00 -ref_00021c82: +ref_00021d12: db 'PEG Gen3 Preset Search',0x0a,0x00 -ref_00021c9a: +ref_00021d2a: db ' Gen3 is disabled by policy',0x0a,0x00 -ref_00021cb7: +ref_00021d47: db 'Lane Reversal is Disabled',0x0a,0x00 -ref_00021cd2: +ref_00021d62: db 'Lane Reversal is Enabled',0x0a,0x00 -ref_00021cec: +ref_00021d7c: db '../../intel/SystemAgent/SaInit/Pei/PcieTrainingPhase3.c',0x00 -ref_00021d24: +ref_00021db4: db 'Calling CpuReplacementCheck',0x0a,0x00 -ref_00021d41: +ref_00021dd1: db ' ME reported CPU Replacement value: %x',0x0a,0x00 -ref_00021d69: +ref_00021df9: db ' PEG%x%x (%x:%x:%x) - LoadedSavedPreset = %d. EndpointDeviceChanged = %d.',0x0a,0x00 -ref_00021db4: +ref_00021e44: db 'Skipping Preset Search - No Gen3 capable links',0x0a,0x00 -ref_00021de4: +ref_00021e74: db 'Skipping PEG%d%d - Not Gen3 capable',0x0a,0x00 -ref_00021e09: +ref_00021e99: db 'Using Lane %2d',0x27,'s Best Preset for Lanes %2d-%2d.',0x0a,0x00 -ref_00021e3a: +ref_00021eca: db 'PEG%d%d - Not Gen3 capable, skip coefficient programming.',0x0a,0x00 -ref_00021e75: +ref_00021f05: db 'PEG Gen3 Preset Search done',0x0a -ref_00021e91: +ref_00021f21: db 0x0a db 0x00 -ref_00021e93: +ref_00021f23: db 'GetCoefficientsFromPreset(): Unsupported Preset Requested: P%d. Using P7.',0x0a,0x00 -ref_00021ede: +ref_00021f6e: db 'ConfigureTxJitterMux: System unsupported, no PEG.',0x0a,0x00 -ref_00021f11: +ref_00021fa1: db 'Unsupported CPU stepping!',0x0a,0x00 -ref_00021f2c: +ref_00021fbc: db 'TempValue >= 47',0x00 -ref_00021f3c: +ref_00021fcc: db '../../intel/SystemAgent/SaInit/Pei/PcieTrainingMargining.c',0x00 -ref_00021f77: +ref_00022007: db 'TempValue <= 17',0x00 -ref_00021f87: +ref_00022017: db 'ProgramIobp Read Error, Address:%x AndMask:%x OrMask:%x',0x0a,0x00 -ref_00021fc0: +ref_00022050: db '../../intel/Pch/Library/PchPlatformLib/IobpAccess.c',0x00 -ref_00021ff4: +ref_00022084: db 'ProgramIobp Write Error, Address:%x AndMask:%x OrMask:%x',0x0a,0x00 -ref_0002202e: +ref_000220be: db '(((*LatencyValue1) & (0x00000400 + 0x00000800 + 0x00001000)) >> 10) < 6',0x00 -ref_00022076: +ref_00022106: db '../../intel/Pch/Library/PchPciExpressHelpersLib/PchPciExpressHelpersLibrary.c',0x00 -ref_000220c4: +ref_00022154: db '(((LatencyValue2) & (0x00000400 + 0x00000800 + 0x00001000)) >> 10) < 6',0x00 -ref_0002210b: +ref_0002219b: db 'Endpoint Device %0x Capability ASPM: %0x',0x0a,0x00 -ref_00022135: +ref_000221c5: db 'Override root port ASPM to L1 for pre-1.1 devices',0x0a,0x00 -ref_00022168: +ref_000221f8: db 'Calculate Endpoint Device %0x Aspm Value: %0x',0x0a,0x00 -ref_00022197: +ref_00022227: db 'Program Endpoint Device %0x Aspm Value: %0x',0x0a,0x00 -ref_000221c4: +ref_00022254: db 'Check DownStreamBus:%d and no device found!',0x0a,0x00 -ref_000221f1: +ref_00022281: db '((BOOLEAN)(0==1))',0x00 -ref_00022203: +ref_00022293: db 'PchCpuStrapSet() - Start',0x0a,0x00 -ref_0002221d: +ref_000222ad: db 'PchCpuStrapSet() - End',0x0a,0x00 -ref_00022235: +ref_000222c5: db 'PchOnMemoryInstalled() Start',0x0a,0x00 -ref_00022253: +ref_000222e3: db 'PCH Installing PcieDeviceTable HOB (%d entries)',0x0a,0x00 -ref_00022284: +ref_00022314: db 'HobPtr != 0',0x00 -ref_00022290: +ref_00022320: db '../../intel/Pch/PchInit/Pei/PchInitPeim.c',0x00 -ref_000222ba: +ref_0002234a: db 'Index != 0',0x00 -ref_000222c5: +ref_00022355: db 'PCH Installing PchPlatformPolicy HOB (PCH bus = %d)',0x0a,0x00 -ref_000222fa: +ref_0002238a: db 'Disable Azalia: initialization error in Auto mode!',0x0a,0x00 -ref_0002232e: +ref_000223be: db 'PchOnMemoryInstalled() End',0x0a,0x00 -ref_0002234a: +ref_000223da: db 'Gen3TxOutVoltDnAmpAdj is out of valid range ',0x0a,0x00 -ref_00022378: +ref_00022408: db 'Gen12TxOutVoltDnAmpAdj is out of valid range ',0x0a,0x00 -ref_000223a7: +ref_00022437: db 'Gen3TxOutDeEmAdj is out of valid range ',0x0a,0x00 -ref_000223d0: +ref_00022460: db 'Gen12TxOutDeEmAdj is out of valid range ',0x0a,0x00 -ref_000223fa: +ref_0002248a: db 'PchSataInit() - Start',0x0a,0x00 -ref_00022411: +ref_000224a1: db 'Please do not enable any SATA port before SATA Hsio initialization is done.',0x0a,0x00 -ref_0002245f: +ref_000224ef: db 'PchSataInit() - End',0x0a,0x00 -ref_00022474: +ref_00022504: db 'PchGbeMandatedReset: resetting the board via CF9 to unlock LAN Disable register...',0x0a,0x00 -ref_000224c8: +ref_00022558: db 'PchGbeMandatedReset: resetting the board via CF9...',0x0a,0x00 -ref_000224fd: +ref_0002258d: db 'isCLK 0xED00015C Read warning: %r',0x0a,0x00 -ref_00022520: +ref_000225b0: db 'isCLK 0xED000118 Read warning: %r',0x0a,0x00 -ref_00022543: +ref_000225d3: db 'isCLK 0xED000120 Read warning: %r',0x0a,0x00 -ref_00022566: +ref_000225f6: db 'PchInitialize() - Start',0x0a,0x00 -ref_0002257f: +ref_0002260f: db '(PchPlatformPolicyPpi->Rcba & (UINT32) (~0xFFFFC000)) == 0',0x00 -ref_000225ba: +ref_0002264a: db '(MmioRead32 (AcpiBarAddress) & 0xFFFC) == PchPlatformPolicyPpi->PmBase',0x00 -ref_00022601: +ref_00022691: db '(MmioRead32 (GpioBarAddress) & 0xFFFC) == PchPlatformPolicyPpi->GpioBase',0x00 -ref_0002264a: +ref_000226da: db 'PchInitialize() - End',0x0a,0x00 -ref_00022661: +ref_000226f1: db 'PchConfigureInterruptRegister() Start',0x0a,0x00 -ref_00022688: +ref_00022718: db 'PchConfigureInterruptRegister() End',0x0a,0x00 -ref_000226ad: +ref_0002273d: db 'PchEarlyInit() - Start',0x0a,0x00 -ref_000226c5: +ref_00022755: db 'PchEarlyInit() - End',0x0a,0x00 -ref_000226db: +ref_0002276b: db 'InstallPchInitPpi() - Start',0x0a,0x00 -ref_000226f8: +ref_00022788: db 'PCH SKU is not supported due to no proper PCH LPC found!',0x0a,0x00 -ref_00022732: +ref_000227c2: db 'Rcba needs to be programmed before here',0x0a,0x00 -ref_0002275b: +ref_000227eb: db 'Failed to allocate memory for PchDmiTcVcMapPpiDesc! ',0x0a,0x00 -ref_00022791: +ref_00022821: db 'Failed to allocate memory for PchDmiTcVcMapPpi! ',0x0a,0x00 -ref_000227c3: +ref_00022853: db 'InstallPchInitPpi() - End',0x0a,0x00 -ref_000227de: +ref_0002286e: db '------------------ PCH USB Config ------------------',0x0a,0x00 -ref_00022814: +ref_000228a4: db ' UsbPerPortCtl= %x',0x0a,0x00 -ref_00022828: +ref_000228b8: db ' Ehci1Usbr= %x',0x0a,0x00 -ref_00022838: +ref_000228c8: db ' Ehci2Usbr= %x',0x0a,0x00 -ref_00022848: +ref_000228d8: db ' PortSettings[%d] Enabled= %x',0x0a,0x00 -ref_00022867: +ref_000228f7: db ' PortSettings[%d] Location = %x',0x0a,0x00 -ref_00022888: +ref_00022918: db ' Port30Settings[%d] Enabled= %x',0x0a,0x00 -ref_000228a9: +ref_00022939: db ' Usb20Settings[%d] Enabled= %x',0x0a,0x00 -ref_000228c9: +ref_00022959: db ' Usb30Settings.Mode= %x',0x0a,0x00 -ref_000228e2: +ref_00022972: db ' Usb30Settings.PreBootSupport= %x',0x0a,0x00 -ref_00022905: +ref_00022995: db ' Usb30Settings.Btcg= %x',0x0a,0x00 -ref_0002291e: +ref_000229ae: db ' Usb30Settings.ManualMode= %x',0x0a,0x00 -ref_0002293d: +ref_000229cd: db ' Usb30Settings.ManualModeUsb20PerPinRoute[%d]= EHCI',0x0a,0x00 -ref_00022972: +ref_00022a02: db ' Usb30Settings.ManualModeUsb20PerPinRoute[%d]= XHCI',0x0a,0x00 -ref_000229a7: +ref_00022a37: db ' Usb30Settings.ManualModeUsb30PerPinEnable[%d]= %x',0x0a,0x00 -ref_000229db: +ref_00022a6b: db ' PortUsb20[%d].OverCurrentPin= OC%x',0x0a,0x00 -ref_00022a00: +ref_00022a90: db ' PortUsb20[%d].Usb20EyeDiagramTuningParam1= %x',0x0a,0x00 -ref_00022a30: +ref_00022ac0: db ' PortUsb20[%d].Usb20EyeDiagramTuningParam2= %x',0x0a,0x00 -ref_00022a60: +ref_00022af0: db ' PortUsb30[%d].OverCurrentPin= OC%x',0x0a,0x00 -ref_00022a85: +ref_00022b15: db ' PortUsb30[%d].FixedEqualization = %x',0x0a,0x00 -ref_00022aac: +ref_00022b3c: db ' Usb20PortLength[%d]= %x.%0x',0x0a,0x00 -ref_00022aca: +ref_00022b5a: db '------------------ PCH USB 3.0 Iobp Config ------------------',0x0a,0x00 -ref_00022b09: +ref_00022b99: db ' Usb30IobpConfig[%d].Usb30TxOutVoltDnAmpAdj= %x',0x0a,0x00 -ref_00022b3a: +ref_00022bca: db ' Usb30IobpConfig[%d].Usb30TxOutImpScVoltAmpAdj= %x',0x0a,0x00 -ref_00022b6e: +ref_00022bfe: db ' Usb30IobpConfig[%d].Usb30TxOutDeEmpAdj= %x',0x0a,0x00 -ref_00022b9b: +ref_00022c2b: db ' Usb30IobpConfig[%d].Usb30TxOutAdjEn= %x',0x0a,0x00 -ref_00022bc5: +ref_00022c55: db ' Usb30IobpConfig[%d].Usb30TxOutImpAdjVoltAmp= %x',0x0a,0x00 -ref_00022bf7: +ref_00022c87: db ' Usb30IobpConfig[%d].Usb30TxOutVoltDnAmpAdjEnable= %x',0x0a,0x00 -ref_00022c2e: +ref_00022cbe: db ' Usb30IobpConfig[%d].Usb30TxOutImpScVoltAmpAdjEnable= %x',0x0a,0x00 -ref_00022c68: +ref_00022cf8: db ' Usb30IobpConfig[%d].Usb30TxOutDeEmpAdjEnable= %x',0x0a,0x00 -ref_00022c9b: +ref_00022d2b: db ' Usb30IobpConfig[%d].Usb30Ecrt98Enable= %x',0x0a,0x00 -ref_00022cc7: +ref_00022d57: db '------------------ PCH PCIE Config ------------------',0x0a,0x00 -ref_00022cfe: +ref_00022d8e: db ' RootPort[%d] Enabled= %x',0x0a,0x00 -ref_00022d19: +ref_00022da9: db ' RootPort[%d] Hide= %x',0x0a,0x00 -ref_00022d31: +ref_00022dc1: db ' RootPort[%d] SlotImplemented= %x',0x0a,0x00 -ref_00022d54: +ref_00022de4: db ' RootPort[%d] HotPlug= %x',0x0a,0x00 -ref_00022d6f: +ref_00022dff: db ' RootPort[%d] PmSci= %x',0x0a,0x00 -ref_00022d88: +ref_00022e18: db ' RootPort[%d] ExtSync= %x',0x0a,0x00 -ref_00022da3: +ref_00022e33: db ' RootPort[%d] UnsupportedRequestReport= %x',0x0a,0x00 -ref_00022dcf: +ref_00022e5f: db ' RootPort[%d] FatalErrorReport= %x',0x0a,0x00 -ref_00022df3: +ref_00022e83: db ' RootPort[%d] NoFatalErrorReport= %x',0x0a,0x00 -ref_00022e19: +ref_00022ea9: db ' RootPort[%d] CorrectableErrorReport= %x',0x0a,0x00 -ref_00022e43: +ref_00022ed3: db ' RootPort[%d] PmeInterrupt= %x',0x0a,0x00 -ref_00022e63: +ref_00022ef3: db ' RootPort[%d] SystemErrorOnFatalError= %x',0x0a,0x00 -ref_00022e8e: +ref_00022f1e: db ' RootPort[%d] SystemErrorOnNonFatalError= %x',0x0a,0x00 -ref_00022ebc: +ref_00022f4c: db ' RootPort[%d] SystemErrorOnCorrectableError= %x',0x0a,0x00 -ref_00022eed: +ref_00022f7d: db ' RootPort[%d] AdvancedErrorReporting= %x',0x0a,0x00 -ref_00022f17: +ref_00022fa7: db ' RootPort[%d] TransmitterHalfSwing= %x',0x0a,0x00 -ref_00022f3f: +ref_00022fcf: db ' RootPort[%d] PcieSpeed= %x',0x0a,0x00 -ref_00022f5c: +ref_00022fec: db ' RootPort[%d]' -ref_00022f69: +ref_00022ff9: db ' FunctionNumber= %x',0x0a,0x00 -ref_00022f7e: +ref_0002300e: db ' RootPort[%d] PhysicalSlotNumber= %x',0x0a,0x00 -ref_00022fa4: +ref_00023034: db ' RootPort[%d] CompletionTimeout= %x',0x0a,0x00 -ref_00022fc9: +ref_00023059: db ' RootPort[%d] Aspm= %x',0x0a,0x00 -ref_00022fe1: +ref_00023071: db ' RootPort[%d] L1Substates= %x',0x0a,0x00 -ref_00023000: +ref_00023090: db ' RootPort[%d]' -ref_0002300d: +ref_0002309d: db ' LtrEnable= %x',0x0a,0x00 -ref_0002301d: +ref_000230ad: db ' RootPort[%d] LtrConfigLock= %x',0x0a,0x00 -ref_0002303e: +ref_000230ce: db ' RootPort[%d] LtrMaxSnoopLatency= %x',0x0a,0x00 -ref_00023064: +ref_000230f4: db ' RootPort[%d] LtrMaxNoSnoopLatency= %x',0x0a,0x00 -ref_0002308c: +ref_0002311c: db ' RootPort[%d] SnoopLatencyOverrideMode= %x',0x0a,0x00 -ref_000230b8: +ref_00023148: db ' RootPort[%d] SnoopLatencyOverrideMultiplier= %x',0x0a,0x00 -ref_000230ea: +ref_0002317a: db ' RootPort[%d] SnoopLatencyOverrideValue= %x',0x0a,0x00 -ref_00023117: +ref_000231a7: db ' RootPort[%d] NonSnoopLatencyOverrideMode= %x',0x0a,0x00 -ref_00023146: +ref_000231d6: db ' RootPort[%d] NonSnoopLatencyOverrideMultiplier= %x',0x0a,0x00 -ref_0002317b: +ref_0002320b: db ' RootPort[%d] NonSnoopLatencyOverrideValue= %x',0x0a,0x00 -ref_000231ab: +ref_0002323b: db ' EnableSubDecode= %x',0x0a,0x00 -ref_000231c1: +ref_00023251: db ' PchPcieSbdePort= %x',0x0a,0x00 -ref_000231d7: +ref_00023267: db ' RootPortClockGating= %x',0x0a,0x00 -ref_000231f1: +ref_00023281: db ' RootPortFunctionSwapping= %x',0x0a,0x00 -ref_00023210: +ref_000232a0: db ' AllowNoLtrIccPllShutdown= %x',0x0a,0x00 -ref_0002322f: +ref_000232bf: db '------------------ PCH SATA Config ------------------',0x0a,0x00 -ref_00023266: +ref_000232f6: db ' SataMode= %x',0x0a,0x00 -ref_00023275: +ref_00023305: db ' PortSettings[%d] HotPlug= %x',0x0a,0x00 -ref_00023294: +ref_00023324: db ' PortSettings[%d] InterlockSw= %x',0x0a,0x00 -ref_000232b7: +ref_00023347: db ' PortSettings[%d] External= %x',0x0a,0x00 -ref_000232d7: +ref_00023367: db ' PortSettings[%d] SpinUp= %x',0x0a,0x00 -ref_000232f5: +ref_00023385: db ' PortSettings[%d] SolidStateDrive= %x',0x0a,0x00 -ref_0002331c: +ref_000233ac: db ' PortSettings[%d] DevSlp= %x',0x0a,0x00 -ref_0002333a: +ref_000233ca: db ' PortSettings[%d] EnableDitoConfig= %x',0x0a,0x00 -ref_00023362: +ref_000233f2: db ' PortSettings[%d] DmVal= %x',0x0a,0x00 -ref_0002337f: +ref_0002340f: db ' PortSettings[%d] DitoVal= %x',0x0a,0x00 -ref_0002339e: +ref_0002342e: db ' PortSettings[%d] PortRxEq GenSpeed[0]' -ref_000233c4: +ref_00023454: db ' Enable= %x',0x0a,0x00 -ref_000233d1: +ref_00023461: db ' PortSettings[%d] PortRxEq GenSpeed[0] RxEq= %x',0x0a,0x00 -ref_00023402: +ref_00023492: db ' PortSettings[%d] PortRxEq GenSpeed[1] Enable= %x',0x0a,0x00 -ref_00023435: +ref_000234c5: db ' PortSettings[%d] PortRxEq GenSpeed[1] RxEq= %x',0x0a,0x00 -ref_00023466: +ref_000234f6: db ' PortSettings[%d] PortRxEq GenSpeed[2] Enable= %x',0x0a,0x00 -ref_00023499: +ref_00023529: db ' PortSettings[%d] PortRxEq GenSpeed[2] RxEq= %x',0x0a,0x00 -ref_000234ca: +ref_0002355a: db ' PortSettings[%d] PortIobp Gen3TxOutVoltDnAmpAdj= %x',0x0a,0x00 -ref_00023500: +ref_00023590: db ' PortSettings[%d] PortIobp Gen12TxOutVoltDnAmpAdj= %x',0x0a,0x00 -ref_00023537: +ref_000235c7: db ' PortSettings[%d] PortIobp Gen3TxOutDeEmAdj= %x',0x0a,0x00 -ref_00023568: +ref_000235f8: db ' PortSettings[%d] PortIobp Gen12TxOutDeEmAdj= %x',0x0a,0x00 -ref_0002359a: +ref_0002362a: db ' PortSettings[%d] PortIobp Gen3TxOutVoltDnAmpAdjEnable= %x',0x0a,0x00 -ref_000235d6: +ref_00023666: db ' PortSettings[%d] PortIobp Gen12TxOutVoltDnAmpAdjEnable= %x',0x0a,0x00 -ref_00023613: +ref_000236a3: db ' PortSettings[%d] PortIobp Gen3TxOutDeEmAdjEnable= %x',0x0a,0x00 -ref_0002364a: +ref_000236da: db ' PortSettings[%d] PortIobp Gen12TxOutDeEmAdjEnable= %x',0x0a,0x00 -ref_00023682: +ref_00023712: db ' PortSettings[%d] Sata Thermal Throttling Enabled= %x',0x0a,0x00 -ref_000236b9: +ref_00023749: db ' RaidAlternateId= %x',0x0a,0x00 -ref_000236cf: +ref_0002375f: db ' Raid0= %x',0x0a,0x00 -ref_000236db: +ref_0002376b: db ' Raid1= %x',0x0a,0x00 -ref_000236e7: +ref_00023777: db ' Raid10= %x',0x0a,0x00 -ref_000236f4: +ref_00023784: db ' Raid5= %x',0x0a,0x00 -ref_00023700: +ref_00023790: db ' Irrt= %x',0x0a,0x00 -ref_0002370b: +ref_0002379b: db ' OromUiBanner= %x',0x0a,0x00 -ref_0002371e: +ref_000237ae: db ' OromUiDelay= %x',0x0a,0x00 -ref_00023730: +ref_000237c0: db ' HddUnlock= %x',0x0a,0x00 -ref_00023740: +ref_000237d0: db ' LedLocate= %x',0x0a,0x00 -ref_00023750: +ref_000237e0: db ' IrrtOnly= %x',0x0a,0x00 -ref_0002375f: +ref_000237ef: db ' SmartStorage= %x',0x0a,0x00 -ref_00023772: +ref_00023802: db ' SpeedSupport= %x',0x0a,0x00 -ref_00023785: +ref_00023815: db ' eSATASpeedLimit= %x',0x0a,0x00 -ref_0002379b: +ref_0002382b: db ' TestMode= %x',0x0a,0x00 -ref_000237aa: +ref_0002383a: db ' LegacyMode= %x',0x0a,0x00 -ref_000237bb: +ref_0002384b: db ' SalpSupport= %x',0x0a,0x00 -ref_000237cd: +ref_0002385d: db ' PwrOptEnable= %x',0x0a,0x00 -ref_000237e0: +ref_00023870: db ' PcieNandRemap Enable= %x',0x0a,0x00 -ref_000237fb: +ref_0002388b: db ' PcieNandRemap PcieNandPort= %x',0x0a,0x00 -ref_0002381c: +ref_000238ac: db ' PcieNandRemap ConfigAccessLockDown= %x',0x0a,0x00 -ref_00023845: +ref_000238d5: db ' PcieNandRemap DeviceResetDelay= %x',0x0a,0x00 -ref_0002386a: +ref_000238fa: db '------------------ PCH IOAPIC Config ------------------',0x0a,0x00 -ref_000238a3: +ref_00023933: db ' BdfValid= %x',0x0a,0x00 -ref_000238b2: +ref_00023942: db ' BusNumber= %x',0x0a,0x00 -ref_000238c2: +ref_00023952: db ' DeviceNumber= %x',0x0a,0x00 -ref_000238d5: +ref_00023965: db ' IoApicId= %x',0x0a,0x00 -ref_000238e4: +ref_00023974: db ' ApicRangeSelect= %x',0x0a,0x00 -ref_000238fa: +ref_0002398a: db ' IoApicEntry24_39= %x',0x0a,0x00 -ref_00023911: +ref_000239a1: db '------------------ PCH HPET Config ------------------',0x0a,0x00 -ref_00023948: +ref_000239d8: db ' Enable %x',0x0a,0x00 -ref_00023954: +ref_000239e4: db ' BdfValid %x',0x0a,0x00 -ref_00023962: +ref_000239f2: db ' BusNumber %x',0x0a,0x00 -ref_00023971: +ref_00023a01: db ' DeviceNumber %x',0x0a,0x00 -ref_00023983: +ref_00023a13: db ' FunctionNumber %x',0x0a,0x00 -ref_00023997: +ref_00023a27: db ' Base %x',0x0a,0x00 -ref_000239a1: +ref_00023a31: db '------------------ PCH Lock Down Config ------------------',0x0a,0x00 -ref_000239dd: +ref_00023a6d: db ' GlobalSmi= %x',0x0a,0x00 -ref_000239ed: +ref_00023a7d: db ' BiosInterface= %x',0x0a,0x00 -ref_00023a01: +ref_00023a91: db ' GpioLockDown= %x',0x0a,0x00 -ref_00023a14: +ref_00023aa4: db ' RtcLock= %x',0x0a,0x00 -ref_00023a22: +ref_00023ab2: db ' BiosLock= %x',0x0a,0x00 -ref_00023a31: +ref_00023ac1: db ' SmmBwp= %x',0x0a,0x00 -ref_00023a3e: +ref_00023ace: db '------------------ PCH Flash Protection Config ------------------',0x0a,0x00 -ref_00023a81: +ref_00023b11: db ' WriteProtectionEnable[%d]= %x',0x0a,0x00 -ref_00023aa1: +ref_00023b31: db ' ReadProtectionEnable[%d]= %x',0x0a,0x00 -ref_00023ac0: +ref_00023b50: db ' ProtectedRangeLimit[%d]= %x',0x0a,0x00 -ref_00023ade: +ref_00023b6e: db ' ProtectedRangeBase[%d]= %x',0x0a,0x00 -ref_00023afb: +ref_00023b8b: db '------------------ PCH SMBUS Config ------------------',0x0a,0x00 -ref_00023b33: +ref_00023bc3: db ' SmbusIoBase= %x',0x0a,0x00 -ref_00023b45: +ref_00023bd5: db ' NumRsvdSmbusAddresses= %x',0x0a,0x00 -ref_00023b61: +ref_00023bf1: db ' RsvdSmbusAddressTable= {',0x00 -ref_00023b7b: +ref_00023c0b: db ' %02xh',0x00 -ref_00023b82: +ref_00023c12: db ' }',0x0a,0x00 -ref_00023b86: +ref_00023c16: db '------------------ PCH Azalia Config ------------------',0x0a,0x00 -ref_00023bbf: +ref_00023c4f: db ' Pme= %x',0x0a,0x00 -ref_00023bc9: +ref_00023c59: db ' DockSupport= %x',0x0a,0x00 -ref_00023bdb: +ref_00023c6b: db ' ResetWaitTimer= %x',0x0a,0x00 -ref_00023bf0: +ref_00023c80: db '------------------ PCH PM Config ------------------',0x0a,0x00 -ref_00023c25: +ref_00023cb5: db ' PowerResetStatusClear MeWakeSts= %x',0x0a,0x00 -ref_00023c4b: +ref_00023cdb: db ' PowerResetStatusClear MeHrstColdSts= %x',0x0a,0x00 -ref_00023c75: +ref_00023d05: db ' PowerResetStatusClear MeHrstWarmSts= %x',0x0a,0x00 -ref_00023c9f: +ref_00023d2f: db ' PowerResetStatusClear MeHostPowerDn= %x',0x0a,0x00 -ref_00023cc9: +ref_00023d59: db ' PowerResetStatusClear WolOvrWkSts= %x',0x0a,0x00 -ref_00023cf1: +ref_00023d81: db ' WakeConfig PmeB0S5Dis= %x',0x0a,0x00 -ref_00023d0d: +ref_00023d9d: db ' WakeConfig WolEnableOverride= %x',0x0a,0x00 -ref_00023d30: +ref_00023dc0: db ' WakeConfig Gp27WakeFromDeepSx= %x',0x0a,0x00 -ref_00023d54: +ref_00023de4: db ' WakeConfig PcieWakeFromDeepSx= %x',0x0a,0x00 -ref_00023d78: +ref_00023e08: db ' WakeConfig WoWlanEnable= %x',0x0a,0x00 -ref_00023d96: +ref_00023e26: db ' WakeConfig WoWlanDeepSxEnable= %x',0x0a,0x00 -ref_00023dba: +ref_00023e4a: db ' PchDeepSxPol= %x',0x0a,0x00 -ref_00023dcd: +ref_00023e5d: db ' PchSlpS3MinAssert= %x',0x0a,0x00 -ref_00023de5: +ref_00023e75: db ' PchSlpS4MinAssert= %x',0x0a,0x00 -ref_00023dfd: +ref_00023e8d: db ' PchSlpSusMinAssert= %x',0x0a,0x00 -ref_00023e16: +ref_00023ea6: db ' PchSlpAMinAssert= %x',0x0a,0x00 -ref_00023e2d: +ref_00023ebd: db ' PciClockRun= %x',0x0a,0x00 -ref_00023e3f: +ref_00023ecf: db ' SlpStrchSusUp= %x',0x0a,0x00 -ref_00023e53: +ref_00023ee3: db ' SlpLanLowDc= %x',0x0a,0x00 -ref_00023e65: +ref_00023ef5: db ' LegacyDmaDisable= %x',0x0a,0x00 -ref_00023e7c: +ref_00023f0c: db ' PchPwrCycDur= %x',0x0a,0x00 -ref_00023e8f: +ref_00023f1f: db '------------------ PCH DMI Config ------------------',0x0a,0x00 -ref_00023ec5: +ref_00023f55: db ' DmiAspm= %x',0x0a,0x00 -ref_00023ed3: +ref_00023f63: db ' DmiExtSync= %x',0x0a,0x00 -ref_00023ee4: +ref_00023f74: db ' DmiIot= %x',0x0a,0x00 -ref_00023ef1: +ref_00023f81: db ' MemCloseStateEn= %x',0x0a,0x00 -ref_00023f07: +ref_00023f97: db ' InternalObffEn= %x',0x0a,0x00 -ref_00023f1c: +ref_00023fac: db '------------------ PCH LPC SIRQ Config ------------------',0x0a,0x00 -ref_00023f57: +ref_00023fe7: db ' SirqEnable= %x',0x0a,0x00 -ref_00023f68: +ref_00023ff8: db ' SirqMode= %x',0x0a,0x00 -ref_00023f77: +ref_00024007: db ' StartFramePulse= %x',0x0a,0x00 -ref_00023f8d: +ref_0002401d: db '------------------ PCH Thermal Config ------------------',0x0a,0x00 -ref_00023fc7: +ref_00024057: db ' ThermalAlertEnable TselLock %x',0x0a,0x00 -ref_00023fe8: +ref_00024078: db ' ThermalAlertEnable TscLock %x',0x0a,0x00 -ref_00024008: +ref_00024098: db ' ThermalAlertEnable TsmicLock= %x',0x0a,0x00 -ref_0002402b: +ref_000240bb: db ' ThermalAlertEnable PhlcLock= %x',0x0a,0x00 -ref_0002404d: +ref_000240dd: db ' ThermalThrottling TTLevels T0Level %x centigrade degree',0x0a,0x00 -ref_00024087: +ref_00024117: db ' ThermalThrottling TTLevels T1Level %x centigrade degree',0x0a,0x00 -ref_000240c1: +ref_00024151: db ' ThermalThrottling TTLevels T2Level %x centigrade degree',0x0a,0x00 -ref_000240fb: +ref_0002418b: db ' ThermalThrottling TTLevels TTEnable %x',0x0a,0x00 -ref_00024124: +ref_000241b4: db ' ThermalThrottling TTLevels TTState13Enable %x',0x0a,0x00 -ref_00024154: +ref_000241e4: db ' ThermalThrottling TTLevels TTLock %x',0x0a,0x00 -ref_0002417b: +ref_0002420b: db ' ThermalThrottling TTLevels SuggestedSetting %x',0x0a,0x00 -ref_000241ac: +ref_0002423c: db ' ThermalThrottling TTLevels PchCrossThrottling %x',0x0a,0x00 -ref_000241df: +ref_0002426f: db ' ThermalThrottling DmiHaAWC DmiTsawEn %x',0x0a,0x00 -ref_00024209: +ref_00024299: db ' ThermalThrottling DmiHaAWC TS0TW %x',0x0a,0x00 -ref_0002422f: +ref_000242bf: db ' ThermalThrottling DmiHaAWC TS1TW %x',0x0a,0x00 -ref_00024255: +ref_000242e5: db ' ThermalThrottling DmiHaAWC TS2TW %x',0x0a,0x00 -ref_0002427b: +ref_0002430b: db ' ThermalThrottling DmiHaAWC TS3TW %x',0x0a,0x00 -ref_000242a1: +ref_00024331: db ' ThermalThrottling DmiHaAWC SuggestedSetting %x',0x0a,0x00 -ref_000242d2: +ref_00024362: db ' ThermalThrottling SataTT P0T1M %x',0x0a,0x00 -ref_000242f6: +ref_00024386: db ' ThermalThrottling SataTT P0T2M %x',0x0a,0x00 -ref_0002431a: +ref_000243aa: db ' ThermalThrottling SataTT P0T3M %x',0x0a,0x00 -ref_0002433e: +ref_000243ce: db ' ThermalThrottling SataTT P0TDisp %x',0x0a,0x00 -ref_00024364: +ref_000243f4: db ' ThermalThrottling SataTT P0Tinact %x',0x0a,0x00 -ref_0002438b: +ref_0002441b: db ' ThermalThrottling SataTT P0TDispFinit %x',0x0a,0x00 -ref_000243b6: +ref_00024446: db ' ThermalThrottling SataTT P1T1M %x',0x0a,0x00 -ref_000243da: +ref_0002446a: db ' ThermalThrottling SataTT P1T2M %x',0x0a,0x00 -ref_000243fe: +ref_0002448e: db ' ThermalThrottling SataTT P1T3M %x',0x0a,0x00 -ref_00024422: +ref_000244b2: db ' ThermalThrottling SataTT P1TDisp %x',0x0a,0x00 -ref_00024448: +ref_000244d8: db ' ThermalThrottling SataTT P1Tinact %x',0x0a,0x00 -ref_0002446f: +ref_000244ff: db ' ThermalThrottling SataTT P1TDispFinit %x',0x0a,0x00 -ref_0002449a: +ref_0002452a: db ' ThermalThrottling SataTT SuggestedSetting %x',0x0a,0x00 -ref_000244c9: +ref_00024559: db ' MemoryThrottling Enable= %x',0x0a,0x00 -ref_000244e7: +ref_00024577: db ' MemoryThrottling TsGpioPinSetting PmsyncEnable= %x',0x0a,0x00 -ref_0002451c: +ref_000245ac: db ' MemoryThrottling TsGpioPinSetting C0TransmitEnable= %x',0x0a,0x00 -ref_00024555: +ref_000245e5: db ' MemoryThrottling TsGpioPinSetting PinSelection= %x',0x0a,0x00 -ref_0002458a: +ref_0002461a: db ' PchHotLevel = %x',0x0a,0x00 -ref_0002459d: +ref_0002462d: db ' ThermalDeviceEnable (D31:F6) %x',0x0a,0x00 -ref_000245bf: +ref_0002464f: db '------------------ PCH General Config ------------------',0x0a,0x00 -ref_000245f9: +ref_00024689: db ' SubSystemVendorId= %x',0x0a,0x00 -ref_00024611: +ref_000246a1: db ' SubSystemId= %x',0x0a,0x00 -ref_00024623: +ref_000246b3: db ' Crid= %x',0x0a,0x00 -ref_0002462e: +ref_000246be: db ' DciEn= %x',0x0a,0x00 -ref_0002463a: +ref_000246ca: db '------------------ PCH LAN Config ------------------',0x0a,0x00 -ref_00024670: +ref_00024700: db '------------------ PCH Serial IO Config ------------------',0x0a,0x00 -ref_000246ac: +ref_0002473c: db ' SerialIoGpio= %x',0x0a,0x00 -ref_000246bf: +ref_0002474f: db ' SerialIoDma= %x',0x0a,0x00 -ref_000246d1: +ref_00024761: db ' SerialIoI2c0= %x',0x0a,0x00 -ref_000246e4: +ref_00024774: db ' SerialIoI2c1= %x',0x0a,0x00 -ref_000246f7: +ref_00024787: db ' SerialIoSpi0= %x',0x0a,0x00 -ref_0002470a: +ref_0002479a: db ' SerialIoSpi1= %x',0x0a,0x00 -ref_0002471d: +ref_000247ad: db ' SerialIoUart0= %x',0x0a,0x00 -ref_00024731: +ref_000247c1: db ' SerialIoUart1= %x',0x0a,0x00 -ref_00024745: +ref_000247d5: db ' SerialIoSdio= %x',0x0a,0x00 -ref_00024758: +ref_000247e8: db ' I2c0VoltageSelect= %x',0x0a,0x00 -ref_00024770: +ref_00024800: db ' I2c1VoltageSelect= %x',0x0a,0x00 -ref_00024788: +ref_00024818: db ' GpioIrqRoute= %x',0x0a,0x00 -ref_0002479b: +ref_0002482b: db ' DriverModeTouchPanel= %x',0x0a,0x00 -ref_000247b6: +ref_00024846: db ' DriverModeTouchPad= %x',0x0a,0x00 -ref_000247cf: +ref_0002485f: db ' DriverModeSensorHub= %x',0x0a,0x00 -ref_000247e9: +ref_00024879: db ' Ddr50Support= %x',0x0a,0x00 -ref_000247fc: +ref_0002488c: db '------------------ PCH Audio DSP Config ------------------',0x0a,0x00 -ref_00024838: +ref_000248c8: db ' AudioDspAcpiMode= %x',0x0a,0x00 -ref_0002484f: +ref_000248df: db ' AudioDspD3PowerGating= %x',0x0a,0x00 -ref_0002486b: +ref_000248fb: db ' AudioDspSramPowerGating= %x',0x0a,0x00 -ref_00024889: +ref_00024919: db ' AudioDspBluetoothSupport= %x',0x0a,0x00 -ref_000248a8: +ref_00024938: db ' AudioDspAcpiInterruptMode= %x',0x0a,0x00 -ref_000248c8: +ref_00024958: +db ' AudioDspMclkOutputSelect= %x',0x0a,0x00 + +ref_00024977: db ' AudioDspFeatureMask= %x',0x0a,0x00 -ref_000248e2: +ref_00024991: db '------------------ PCH Platform Data ------------------',0x0a,0x00 -ref_0002491b: +ref_000249ca: db ' FviSmbiosType= %x',0x0a,0x00 -ref_0002492f: +ref_000249de: db ' EcPresent= %x',0x0a,0x00 -ref_0002493f: +ref_000249ee: db ' TempPciBusMin= %x',0x0a,0x00 -ref_00024953: +ref_00024a02: db ' TempPciBusMax= %x',0x0a,0x00 -ref_00024967: +ref_00024a16: db ' TempMemBaseAddr= %x',0x0a,0x00 -ref_0002497d: +ref_00024a2c: db ' TempMemSize= %x',0x0a,0x00 -ref_0002498f: +ref_00024a3e: db '------------------ PCH Interrupt Config ------------------',0x0a,0x00 -ref_000249cb: +ref_00024a7a: db ' DXXIP[%d] Offset = %x',0x0a,0x00 -ref_000249e3: +ref_00024a92: db ' DXXIP[%d] Settings = %x',0x0a,0x00 -ref_000249fd: +ref_00024aac: db ' DXXIR[%d] Offset = %x',0x0a,0x00 -ref_00024a15: +ref_00024ac4: db ' DXXIR[%d] Settings = %x',0x0a,0x00 -ref_00024a2f: +ref_00024ade: db '------------------------ PCH Dump Platform Policy Start ------------------------',0x0a,0x00 -ref_00024a81: +ref_00024b30: db ' Revision= %x',0x0a,0x00 -ref_00024a90: +ref_00024b3f: db ' Rcba= %x',0x0a,0x00 -ref_00024a9b: +ref_00024b4a: db ' PmBase= %x',0x0a,0x00 -ref_00024aa8: +ref_00024b57: db ' GpioBase= %x',0x0a,0x00 -ref_00024ab7: +ref_00024b66: db ' Port80Route= %x',0x0a,0x00 -ref_00024ac9: +ref_00024b78: db '------------------------ PCH Dump Platform Policy End --------------------------',0x0a,0x00 -ref_00024b1b: +ref_00024bca: db 'PchPlatformPolicy->Rcba != ' -ref_00024b36: +ref_00024be5: db 0x30 db 0x00 -ref_00024b38: +ref_00024be7: db '../../intel/Pch/PchInit/Pei/PchDebugDump.c',0x00 -ref_00024b63: +ref_00024c12: db 'PchPlatformPolicy->PmBase != 0',0x00 -ref_00024b82: +ref_00024c31: db 'PchPlatformPolicy->GpioBase != 0',0x00 -ref_00024ba3: +ref_00024c52: db 'PchPlatformPolicy->PlatformData.TempMemBaseAddr != 0',0x00 -ref_00024bd8: +ref_00024c87: db 'PchPlatformPolicy->PlatformData.TempMemSize >= 0x10000',0x00 -ref_00024c0f: +ref_00024cbe: db 'PchPlatformPolicy->PlatformData.TempIoBaseAddr != 0',0x00 -ref_00024c43: +ref_00024cf2: db 'PchPlatformPolicy->PlatformData.TempIoSize >= 0x10',0x00 -ref_00024c76: +ref_00024d25: db '../../intel/Pch/PchInit/Pei/PchDmiPeim.c',0x00 -ref_00024c9f: +ref_00024d4e: db 'TC:%0x VC:%0x!',0x0a,0x00 -ref_00024caf: +ref_00024d5e: db 'VC:%0x VCID:%0x Enable:%0x!',0x0a,0x00 -ref_00024ccc: +ref_00024d7b: db 'PchDmiGen2Prog() Start',0x0a,0x00 -ref_00024ce4: +ref_00024d93: db 'PchDmiGen2Prog() End',0x0a,0x00 -ref_00024cfa: +ref_00024da9: db 'Usb30TxOutVoltDnAmpAdj is out of valid range ',0x0a,0x00 -ref_00024d29: +ref_00024dd8: db 'Usb30TxOutImpScVoltAmpAdj is out of valid range ',0x0a,0x00 -ref_00024d5b: +ref_00024e0a: db 'Usb30TxOutDeEmpAdj is out of valid range ',0x0a,0x00 -ref_00024d86: +ref_00024e35: db 'Usb30TxOutImpAdjVoltAmp is out of valid range ',0x0a,0x00 -ref_00024db6: +ref_00024e65: db 'PchStartUsbInit() - Start',0x0a,0x00 -ref_00024dd1: +ref_00024e80: db 'Revision : 0x%x',0x0a,0x00 -ref_00024de2: +ref_00024e91: db 'EhciMemBaseAddr : 0x%x',0x0a,0x00 -ref_00024dfa: +ref_00024ea9: db 'XhciMemBaseAddr : 0x%x',0x0a,0x00 -ref_00024e12: +ref_00024ec1: db '../../intel/Pch/PchInit/Pei/PchUsbInit.c',0x00 -ref_00024e3b: +ref_00024eea: db 'PchStartUsbInit() - End',0x0a,0x00 -ref_00024e54: +ref_00024f03: db 'PchUsbInit() - Start',0x0a,0x00 -ref_00024e6a: +ref_00024f19: db 'PchUsbInit() - End',0x0a,0x00 -ref_00024e7e: +ref_00024f2d: db 'Invalid Vendor ID! ',0x0a,0x00 -ref_00024e93: +ref_00024f42: db 'PchInitRootPorts() Start',0x0a,0x00 -ref_00024ead: +ref_00024f5c: db 'Func0PortNum <= MaxPciePortNum',0x00 -ref_00024ecc: +ref_00024f7b: db '../../intel/Pch/PchInit/Pei/PchRootPortsPei.c',0x00 -ref_00024efa: +ref_00024fa9: db ' Root Port %x device enabled. RpEnableMask: 0x%x',0x0a,0x00 -ref_00024f2c: +ref_00024fdb: db 'PchInitRootPorts() End',0x0a,0x00 -ref_00024f44: +ref_00024ff3: db 'ICB bit is not zero before SendCodecCommand! ',0x0a,0x00 -ref_00024f73: +ref_00025022: db 'SendCodecCommand: ReadBack fail! ',0x0a,0x00 -ref_00024f96: +ref_00025045: db 'VendorDeviceId != 0',0x00 -ref_00024faa: +ref_00025059: db '../../intel/Pch/PchInit/Pei/PchHdaPei.c',0x00 -ref_00024fd2: +ref_00025081: db 'Set the ownership of I/O buffers to HD-Audio or Audio DSP subsystem',0x0a,0x00 -ref_00025017: +ref_000250c6: db 'PchAzaliaInit() Start',0x0a,0x00 -ref_0002502e: +ref_000250dd: db 'Reset High Definition Audio (Azalia) Codec Time Out - 1! ',0x0a,0x00 -ref_00025069: +ref_00025118: db 'Reset High Definition Audio (Azalia) Codec Time Out - 2! ',0x0a,0x00 -ref_000250a4: +ref_00025153: db 'No Azalia device is detected.',0x0a,0x00 -ref_000250c3: +ref_00025172: db 'SDI%d has no Azalia device.',0x0a,0x00 -ref_000250e0: +ref_0002518f: db 'Error: Reading the Codec Vendor ID/Device ID fail!',0x0a,0x00 -ref_00025114: +ref_000251c3: db 'Error: Reading the Codec Revision ID fail!',0x0a,0x00 -ref_00025140: +ref_000251ef: db 'SDI:%d Detected Azalia Codec 0x%08X rev 0x%02X',0x0a,0x00 -ref_00025170: +ref_0002521f: db 'Error: No matching Azalia codec verb table found for codec (0x%08X).',0x0a,0x00 -ref_000251b6: +ref_00025265: db 'Found verb table for vendor 0x%04X devId 0x%04X rev 0x%02X (SDI:%X, size: %d dwords)',0x0a,0x00 -ref_0002520c: +ref_000252bb: db '(CodecCmdData >> 28) == 0',0x00 -ref_00025226: +ref_000252d5: db 'Error loading verb table for Azalia Codec of 0x%08X',0x00 -ref_0002525a: +ref_00025309: db 'PchAzaliaInit() End',0x0a,0x00 -ref_0002526f: +ref_0002531e: db '../../intel/Pch/PchInit/Common/PchUsbCommon.c',0x00 -ref_0002529d: +ref_0002534c: db 'PchUsbCommon XHCI Capability Pointer = 0x%x',0x0a,0x00 -ref_000252ca: +ref_00025379: db 'PchUsbCommon DebugPortSsIndex = %d',0x0a,0x00 -ref_000252ee: +ref_0002539d: db 'OCPin < 4',0x00 -ref_000252f8: +ref_000253a7: db 'UsbConfig->PortUsb20[Index].Usb20EyeDiagramTuningParam2 < 8',0x00 -ref_00025334: +ref_000253e3: db 'UsbConfig->PortUsb20[Index].Usb20EyeDiagramTuningParam1 < 8',0x00 -ref_00025370: +ref_0002541f: db 'CommonUsbInit() - Start',0x0a,0x00 -ref_00025389: +ref_00025438: db 'CommonUsbInit() - End',0x0a,0x00 -ref_000253a0: +ref_0002544f: db 'hljztL',0x00 -ref_000253a7: +ref_00025456: db '(null)',0x00 -ref_000253ae: +ref_0002545d: db '{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}',0x0a,0x00 -ref_000253e2: +ref_00025491: db '%s: overwrite GUID ',0x00 -ref_000253f6: +ref_000254a5: db '%s: no room for a new PPI',0x0a,0x00 -ref_00025411: +ref_000254c0: db '%s: NOT_FOUND in %d entries ',0x00 -ref_0002542e: +ref_000254dd: db '%s: no room for a new notifier',0x0a,0x00 -ref_0002544e: +ref_000254fd: db '%s installed %d',0x0a,0x00 -ref_0002545f: +ref_0002550e: db 'Invalid PEI data version, %d != %d',0x0a,0x00 -ref_00025483: +ref_00025532: db 'MRC: S3 Resume',0x0a,0x00 -ref_00025493: +ref_00025542: db 'Initializing Policy',0x0a,0x00 -ref_000254a8: +ref_00025557: db 'Installing common PPI',0x0a,0x00 -ref_000254bf: +ref_0002556e: db 'stall.c',0x00 -ref_000254c7: +ref_00025576: db 'Generating Random number...',0x0a,0x00 -ref_000254e4: +ref_00025593: db 'Exiting Random number: %08Xh',0x0a,0x00 -ref_00025502: +ref_000255b1: db 'Post Code: %04Xh',0x0a,0x00 -ref_00025514: +ref_000255c3: db 'Returned From MrcStartMemoryConfiguration(). MrcStatus = %08Xh',0x0a,0x00 -ref_00025554: +ref_00025603: db '(Bus <= 0xFF) && (Device <= 0x1F) && (Function <= 0x7)',0x00 -ref_0002558b: +ref_0002563a: db '../policy/MrcOemPlatform.c',0x00 -ref_000255a6: +ref_00025655: db 'Pch PEI Platform Policy Initialization Done ',0x0a,0x00 -ref_000255d4: +ref_00025683: db '../../intel/SampleCode/PolicyInit/Pei/PolicyInitPei.c',0x00 -ref_0002560a: +ref_000256b9: db 'CPU PEI Platform Policy Initialization Done ',0x0a,0x00 -ref_00025638: +ref_000256e7: db 'Me PEI Platform Policy Initialization Done ',0x0a,0x00 -ref_00025665: +ref_00025714: db 'SystemAgent PEI Platform Policy Initialization Done ',0x0a,0x00 -ref_0002569b: +ref_0002574a: db '((UINTN)Buffer & (sizeof (Guid->Data1) - 1)) == 0',0x00 -ref_000256cd: +ref_0002577c: db '../../UDK2010.SR1/MdePkg/Library/BaseMemoryLibOptPei/MemLibGuid.c',0x00 -ref_0002570f: +ref_000257be: db 'Length <= (0xFFFFFFFF - (UINTN)Buffer + 1)',0x00 -ref_0002573a: +ref_000257e9: db '(Length & (sizeof (*GuidPtr) - 1)) == 0',0x00 -ref_00025762: +ref_00025811: db '!(Buffer == ((void *) 0) && Length > 0)',0x00 -ref_0002578a: +ref_00025839: db '../../UDK2010.SR1/MdePkg/Library/BaseMemoryLibOptPei/ZeroMemWrapper.c',0x00 -ref_000257d0: +ref_0002587f: db 'DestinationBuffer != ((void *) 0)',0x00 -ref_000257f2: +ref_000258a1: db '../../UDK2010.SR1/MdePkg/Library/BaseMemoryLibOptPei/CompareMemWrapper.c',0x00 -ref_0002583b: +ref_000258ea: db 'SourceBuffer != ((void *) 0)',0x00 -ref_00025858: +ref_00025907: db '(Length - 1) <= (0xFFFFFFFF - (UINTN)DestinationBuffer)',0x00 -ref_00025890: +ref_0002593f: db '(Length - 1) <= (0xFFFFFFFF - (UINTN)SourceBuffer)',0x00 -ref_000258c3: +ref_00025972: db '../../UDK2010.SR1/MdePkg/Library/BaseMemoryLibOptPei/CopyMemWrapper.c',0x00 -ref_00025909: +ref_000259b8: db 'Count < 64',0x00 -ref_00025914: +ref_000259c3: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/RShiftU64.c',0x00 -ref_00025949: +ref_000259f8: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/Unaligned.c',0x00 -ref_0002597e: +ref_00025a2d: db 'Divisor != 0',0x00 -ref_0002598b: +ref_00025a3a: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/ModU64x32.c',0x00 -ref_000259c0: +ref_00025a6f: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/DivU64x32.c',0x00 -ref_000259f5: +ref_00025aa4: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/DivU64x32Remainder.c',0x00 -ref_00025a33: +ref_00025ae2: db 'EndBit < sizeof (Value) * 8',0x00 -ref_00025a4f: +ref_00025afe: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/X86Msr.c',0x00 -ref_00025a81: +ref_00025b30: db 'StartBit <= EndBit',0x00 -ref_00025a94: +ref_00025b43: db 'EndBit < sizeof (OrData) * 8',0x00 -ref_00025ab1: +ref_00025b60: db 'EndBit < sizeof (AndData) * 8',0x00 -ref_00025acf: +ref_00025b7e: db '../../UDK2010.SR1/MdePkg/Library/BaseIoLibIntrinsic/IoLib.c',0x00 -ref_00025b0b: +ref_00025bba: db '(Address & 1) == 0',0x00 -ref_00025b1e: +ref_00025bcd: db '(Address & 3) == 0',0x00 -ref_00025b31: +ref_00025be0: db '(Address & 7) == 0',0x00 -ref_00025b44: +ref_00025bf3: db '(Port & 1) == 0',0x00 -ref_00025b54: +ref_00025c03: db '../../UDK2010.SR1/MdePkg/Library/BaseIoLibIntrinsic/IoLibGcc.c',0x00 -ref_00025b93: +ref_00025c42: db '(Port & 3) == 0',0x00 -ref_00025ba3: +ref_00025c52: db '../../UDK2010.SR1/MdePkg/Library/PeiHobLib/HobLib.c',0x00 -ref_00025bd7: +ref_00025c86: db 'HobList != ((void *) 0)',0x00 -ref_00025bef: +ref_00025c9e: db 'HobStart != ((void *) 0)',0x00 -ref_00025c08: +ref_00025cb7: db 'Hob != ((void *) 0)',0x00 -ref_00025c1c: +ref_00025ccb: db '((MemoryAllocationModule & (0x00001000 - 1)) == 0) && ((ModuleLength & (0x00001000 - 1)) == 0)',0x00 -ref_00025c7b: +ref_00025d2a: db 'Guid != ((void *) 0)',0x00 -ref_00025c90: +ref_00025d3f: db 'DataLength <= (0xFFF8 - sizeof (EFI_HOB_GUID_TYPE))',0x00 -ref_00025cc4: +ref_00025d73: db 'Data != ((void *) 0) || DataLength == 0',0x00 -ref_00025cec: +ref_00025d9b: db '((BaseAddress & (0x00001000 - 1)) == 0) && ((Length & (0x00001000 - 1)) == 0)',0x00 -ref_00025d3a: +ref_00025de9: db 'FvInfoPpi != ((void *) 0)',0x00 -ref_00025d54: +ref_00025e03: db '../../UDK2010.SR1/MdePkg/Library/PeiServicesLib/PeiServicesLib.c',0x00 -ref_00025d95: +ref_00025e44: db 'ParentFvNameValue != ((void *) 0)',0x00 -ref_00025db7: +ref_00025e66: db 'ParentFileNameValue != ((void *) 0)',0x00 -ref_00025ddb: +ref_00025e8a: db 'FvInfoPpiDescriptor != ((void *) 0)',0x00 -ref_00025dff: +ref_00025eae: db 'PeiServicesTablePointer != ((void *) 0)',0x00 -ref_00025e27: +ref_00025ed6: db '../../UDK2010.SR1/MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointer.c',0x00 -ref_00025e7d: +ref_00025f2c: db 'gPeiServices != ((void *) 0)',0x00 -ref_00025e9a: +ref_00025f49: db 'Pages != 0',0x00 -ref_00025ea5: +ref_00025f54: db '../../UDK2010.SR1/MdePkg/Library/PeiMemoryAllocationLib/MemoryAllocationLib.c',0x00 -ref_00025ef3: +ref_00025fa2: db '(Alignment & (Alignment - 1)) == 0',0x00 -ref_00025f16: +ref_00025fc5: db 'Pages <= (0xFFFFFFFF - (((Alignment) >> 12) + (((Alignment) & 0xFFF) ? 1 : 0)))',0x00 -ref_00025f66: +ref_00026015: db 'AllocationSize <= (0xFFFFFFFF - (UINTN) Buffer + 1)',0x00 -ref_00025f9a: +ref_00026049: db '!((BOOLEAN) (((SmBusAddress) & 0x00400000) != 0))',0x00 -ref_00025fcc: +ref_0002607b: db '../../UDK2010.SR1/MdePkg/Library/PeiSmbusLibSmbus2Ppi/SmbusLib.c',0x00 -ref_0002600d: +ref_000260bc: db '(((SmBusAddress) >> 8) & 0xff) == 0',0x00 -ref_00026031: +ref_000260e0: db '(((SmBusAddress) >> 16) & 0x3f) == 0',0x00 -ref_00026056: +ref_00026105: db '((SmBusAddress) & ~(0x00800000 - 2)) == 0',0x00 -ref_00026080: +ref_0002612f: db '(((SmBusAddress) >> 16) & 0x3f) >= 1',0x00 -ref_000260a5: +ref_00026154: db '(((SmBusAddress) >> 16) & 0x3f) <= 32',0x00 -ref_000260cb: +ref_0002617a: db 'WriteBuffer != ((void *) 0)',0x00 -ref_000260e7: +ref_00026196: db 'Read' -ref_000260eb: +ref_0002619a: db 'Buffer != ((void *) 0)',0x00 -ref_00026102: +ref_000261b1: db '../../UDK2010.SR1/MdePkg/Library/PeiSmbusLibSmbus2Ppi/PeiSmbusLib.c',0x00 -ref_00026146: +ref_000261f5: db 'SmbusPpi != ((void *) 0)',0x00 -ref_0002615f: +ref_0002620e: db 'CpuIO PPI has been loaded into memory. Reinstalled PPI=0x%x',0x0a,0x00 -ref_0002619d: +ref_0002624c: db '../../UDK2010.SR1/UefiCpuPkg/CpuIoPei/CpuIoPei.c',0x00 -ref_000261ce: +ref_0002627d: db 'PEI SmbusExecute() Start, SmbusDeviceAddress=%x, Command=%x, Operation=%x',0x0a,0x00 -ref_00026219: +ref_000262c8: db 'CR has Bad Signature',0x00 -ref_0002622e: +ref_000262dd: db '../../intel/Pch/Smbus/Pei/PchSmbusEntry.c',0x00 -ref_00026258: +ref_00026307: db 'PEI SmbusExecute() End',0x0a,0x00 -ref_00026270: +ref_0002631f: db 'InitializePchSmbusPeim() Start',0x0a,0x00 -ref_00026290: +ref_0002633f: db 'Failed to allocate memory for Private! ',0x0a,0x00 -ref_000262b9: +ref_00026368: db 'InitializePchSmbusPeim() End',0x0a,0x00 -ref_000262d7: +ref_00026386: db 'SmbusIoBase != 0x0000FFE0 && SmbusIoBase != 0',0x00 -ref_00026305: +ref_000263b4: db '../../intel/Pch/Smbus/Common/PchSmbusExec.c',0x00 -ref_00026331: +ref_000263e0: db 'InstallPchReset() Start',0x0a,0x00 -ref_0002634a: +ref_000263f9: db '../../intel/Pch/Reset/Pei/PchReset.c',0x00 -ref_0002636f: +ref_0002641e: db 'InstallPchReset() End',0x0a,0x00 -ref_00026386: +ref_00026435: db 'Please do the global reset through HECI ',0x0a,0x00 -ref_000263b0: +ref_0002645f: db 'None of Pch Reset Callback Ppi is found .',0x0a,0x00 -ref_000263db: +ref_0002648a: db 'Failed to locate Pch Reset Callback Ppi.',0x0a,0x00 -ref_00026405: +ref_000264b4: db 'LptHC0',0x00 -ref_0002640c: +ref_000264bb: db 'LptLpB0',0x00 -ref_00026414: +ref_000264c3: db 'WptLpB0',0x00 -ref_0002641c: +ref_000264cb: db 'PCH code doesn',0x27,'t support the LpcDeviceId: 0x%04x!',0x0a,0x00 -ref_0002644f: +ref_000264fe: db 'Unsupported PCH SKU, LpcDeviceId: 0x%04x!',0x0a,0x00 -ref_0002647a: +ref_00026529: db '../../intel/Pch/Library/PchPlatformLib/PchPlatformLibrary.c',0x00 -ref_000264b6: +ref_00026565: db 'GbePortSel=%d',0x0a,0x00 -ref_000264c5: +ref_00026574: db 'ConfigureDisplay() Start',0x0a,0x00 -ref_000264df: +ref_0002658e: db 'ConfigureDisplay() End',0x0a,0x00 -ref_000264f7: +ref_000265a6: db 'CPU stepping = %x and CpuFamily = %x is not supported !',0x0a,0x00 -ref_00026531: +ref_000265e0: db 'Unsupported CPU SKU, CpuFamilyId: 0x%08X!',0x0a,0x00 -ref_0002655c: +ref_0002660b: db '../../intel/Cpu/Library/CpuPlatformLib/CpuPlatformLibrary.c',0x00 -ref_00026598: +ref_00026647: db 'NumberOfEnabledCoresPerDie != ((void *) 0)',0x00 -ref_000265c3: +ref_00026672: db 'NumberOfEnabledThreadsPerCore != ((void *) 0)',0x00 -ref_000265f1: +ref_000266a0: db 'NumberOfDiesPerPackage != ((void *) 0)',0x00 -ref_00026618: +ref_000266c7: db 'NumberOfPackages != ((void *) 0)',0x00 -ref_00026639: +ref_000266e8: db '(MAILBOX) Mailbox interface timed out.',0x0a,0x00 -ref_00026661: +ref_00026710: db '(MAILBOX) Mailbox Write Command = %2Xh',0x0a,0x00 -ref_00026689: +ref_00026738: db '(MAILBOX) Mailbox read data is corrupted.',0x0a,0x00 -ref_000266b4: +ref_00026763: db '(MAILBOX) Unrecognized Mailbox Type.',0x0a,0x00 -ref_000266da: +ref_00026789: db '(MAILBOX) Mailbox Status = %2Xh',0x0a,0x00 -ref_000266fb: +ref_000267aa: db '(MAILBOX) Mailbox Read Command = %2Xh',0x0a,0x00 -ref_00026722: +ref_000267d1: db 'Read PCH Power Limit from PCODE Mail Box : %x ',0x0a,0x00 -ref_00026752: +ref_00026801: db '(OC MAILBOX) Unknown Command ID',0x0a,0x00 -ref_00026773: +ref_00026822: db '%s:%d pool cookie corrupted...',0x0a,0x00 -ref_00026793: +ref_00026842: db '%s:%d failed to allocate %d bytes...',0x0a,0x00 -ref_000267b9: +ref_00026868: db 'No memory to create HOB of %d bytes!',0x0a,0x00 -ref_000267df: +ref_0002688e: db 'Created hob: %x %u at %p',0x0a,0x00 -ref_000267f9: +ref_000268a8: db 'SaPlatformPolicyPpi != ((void *) 0)',0x00 -ref_0002681d: +ref_000268cc: db '../policy/SaPolicyInitPei.c',0x00 -ref_00026839: +ref_000268e8: db 'SaPlatformPolicyPpiDesc != ((void *) 0)',0x00 -ref_00026861: +ref_00026910: db 'PlatformData != ((void *) 0)',0x00 -ref_0002687e: +ref_0002692d: db 'GtConfig != ((void *) 0)',0x00 -ref_00026897: +ref_00026946: db 'MemConfig != ((void *) 0)',0x00 -ref_000268b1: +ref_00026960: db 'MemConfigNoCrc != ((void *) 0)',0x00 -ref_000268d0: +ref_0002697f: db 'PcieConfig != ((void *) 0)',0x00 -ref_000268eb: +ref_0002699a: db 'PegGpioData != ((void *) 0)',0x00 -ref_00026907: +ref_000269b6: db 'OcConfig != ((void *) 0)',0x00 -ref_00026920: +ref_000269cf: db '../policy/PchPolicyInitPei.c',0x00 -ref_0002693d: +ref_000269ec: db '../policy/PchPolicyInitUsb.c',0x00 -ref_0002695a: +ref_00026a09: db 'CpuPlatformPolicyPpi != ((void *) 0)',0x00 -ref_0002697f: +ref_00026a2e: db '../policy/CpuPolicyInitPei.c',0x00 -ref_0002699c: +ref_00026a4b: db 'CpuPlatformPolicyPpiDesc != ((void *) 0)',0x00 -ref_000269c5: +ref_00026a74: db 'CpuConfig != ((void *) 0)',0x00 -ref_000269df: +ref_00026a8e: db 'SecurityConfig != ((void *) 0)',0x00 -ref_000269fe: +ref_00026aad: db 'PowerMgmtConfig != ((void *) 0)',0x00 -ref_00026a1e: +ref_00026acd: db 'MePlatformPolicyPpi != ((void *) 0)',0x00 -ref_00026a42: +ref_00026af1: db '../policy/MePolicyInitPei.c',0x00 -ref_00026a5e: +ref_00026b0d: db 'MePlatformPolicyPpiDesc != ((void *) 0)',0x00 -ref_00026a86: +ref_00026b35: db 'ME PEI Platform Policy PPI Installed',0x0a,0x00 -ref_00026aac: +ref_00026b5b: db '(Length - 1) <= (0xFFFFFFFF - (UINTN)Buffer)',0x00 -ref_00026ad9: +ref_00026b88: db '../../UDK2010.SR1/MdePkg/Library/BaseMemoryLibOptPei/SetMemWrapper.c',0x00 -ref_00026b1e: +ref_00026bcd: db '../../UDK2010.SR1/MdePkg/Library/BaseMemoryLibOptPei/SetMem32Wrapper.c',0x00 -ref_00026b65: +ref_00026c14: db '(((UINTN)Buffer) & (sizeof (Value) - 1)) == 0',0x00 -ref_00026b93: +ref_00026c42: db '(Length & (sizeof (Value) - 1)) == 0',0x00 -ref_00026bb8: +ref_00026c67: db '(OrData >> (EndBit - StartBit)) == ((OrData >> (EndBit - StartBit)) & 1)',0x00 -ref_00026c01: +ref_00026cb0: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/BitField.c',0x00 -ref_00026c35: +ref_00026ce4: db '(AndData >> (EndBit - StartBit)) == ((AndData >> (EndBit - StartBit)) & 1)',0x00 -ref_00026c80: +ref_00026d2f: db 'EndBit < 8',0x00 -ref_00026c8b: +ref_00026d3a: db 'EndBit < 16',0x00 -ref_00026c97: +ref_00026d46: db 'EndBit < 32',0x00 -ref_00026ca3: +ref_00026d52: db 'EndBit < 64',0x00 -ref_00026caf: +ref_00026d5e: db 'RShiftU64 (OrData, EndBit - StartBit) == (RShiftU64 (OrData, EndBit - StartBit) & 1)',0x00 -ref_00026d04: +ref_00026db3: db 'RShiftU64 (AndData, EndBit - StartBit) == (RShiftU64 (AndData, EndBit - StartBit) & 1)',0x00 -ref_00026d5b: +ref_00026e0a: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/LShiftU64.c',0x00 -ref_00026d90: +ref_00026e3f: db '../../UDK2010.SR1/MdePkg/Library/BaseLib/DivU64x64Remainder.c',0x00 -ref_00026dce: +ref_00026e7d: db 'PchResetInstance->PchRootComplexBar != 0',0x00 -ref_00026df7: +ref_00026ea6: +db 0x2e db 0x2e -dd 0x2e2e2f2e -dd 0x746e692f -dd 0x502f6c65 -dd 0x522f6863 -dd 0x74657365 -dd 0x6d6f432f -dd 0x2f6e6f6d -dd 0x52686350 -dd 0x74657365 +dd 0x2f2e2e2f +dd 0x65746e69 +dd 0x63502f6c +dd 0x65522f68 +dd 0x2f746573 dd 0x6d6d6f43 -dd 0x632e6e6f -dd 0x90906600 - -ref_00026e28: +dd 0x502f6e6f +dd 0x65526863 +dd 0x43746573 +dd 0x6f6d6d6f +dd 0x00632e6e +dd 0x90669066 + +ref_00026ed8: dd 0x80000020 -dd ref_00028fdc +dd ref_0002908c dd fcn_00000197 -ref_00026e34: +ref_00026ee4: dd 0x80000020 -dd ref_00028fec +dd ref_0002909c dd fcn_000000ce -ref_00026e40: +ref_00026ef0: dd 0x80000010 -dd ref_0002926c +dd ref_0002931c dd 0x00000000 -ref_00026e4c: +ref_00026efc: dd 0x00014001 dd 0x00022101 dd 0x00034003 @@ -55729,31 +55784,31 @@ dd 0x0116e116 dd 0x0117f117 dd 0x0118f618 -ref_00026eac: +ref_00026f5c: dd 0x00000020 -dd ref_0002912c -dd fcn_0000d811 +dd ref_000291dc +dd fcn_0000d87f dd 0x80000040 -dd ref_00028fec -dd fcn_0000bdd3 +dd ref_0002909c +dd fcn_0000be41 -ref_00026ec4: +ref_00026f74: dd 0x80000010 -dd ref_0002909c +dd ref_0002914c dd 0x00000000 -ref_00026ed0: +ref_00026f80: dd 0x80000010 -dd ref_000290fc -dd ref_00026edc +dd ref_000291ac +dd ref_00026f8c -ref_00026edc: -dd fcn_00011833 -dd fcn_00010b32 -dd fcn_00010cce -dd fcn_0000bcca +ref_00026f8c: +dd fcn_000118c3 +dd fcn_00010bc2 +dd fcn_00010d5e +dd fcn_0000bd38 -ref_00026eec: +ref_00026f9c: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -55764,7 +55819,7 @@ dd 0x00063158 dd 0x55443164 dd 0x00073168 -ref_00026f10: +ref_00026fc0: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -55772,7 +55827,7 @@ dd 0x32163148 dd 0x3250314c dd 0x76543150 -ref_00026f28: +ref_00026fd8: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -55784,7 +55839,7 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_00026f50: +ref_00027000: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -55798,7 +55853,7 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_00026f80: +ref_00027030: dd 0x00000000 dd 0x00000001 dd 0x00000002 @@ -55832,7 +55887,7 @@ dd 0xe9002040 dd 0xea002040 dd 0xea002240 -ref_00027000: +ref_000270b0: dd 0xe9002168 dd 0xfeffffff dd 0x01000000 @@ -55906,7 +55961,7 @@ dd 0xe9002770 dd 0xffffff9f dd 0x00000000 -ref_00027120: +ref_000271d0: dd 0xe9001768 dd 0xfeffffff dd 0x01000000 @@ -56016,13 +56071,13 @@ dd 0xe9003170 dd 0xffffff9f dd 0x00000000 -ref_000272d0: +ref_00027380: dd 0x00000530 dd 0x00000540 dd 0x00000550 dd 0x00000560 -ref_000272e0: +ref_00027390: dd 0x00000480 dd 0x00000490 dd 0x000004a0 @@ -56035,13 +56090,13 @@ dd 0x00000500 dd 0x00000510 dd 0x00000520 -ref_0002730c: +ref_000273bc: dd 0x00000510 dd 0x00000520 dd 0x00000530 dd 0x00000540 -ref_0002731c: +ref_000273cc: dd 0x00000570 dd 0x00000580 dd 0x00000590 @@ -56049,7 +56104,7 @@ dd 0x000005a0 dd 0x000005b0 dd 0x000005c0 -ref_00027334: +ref_000273e4: dd 0x00000480 dd 0x00000490 dd 0x000004a0 @@ -56060,7 +56115,7 @@ dd 0x000004e0 dd 0x000004f0 dd 0x00000500 -ref_00027358: +ref_00027408: dd 0x00000480 dd 0x00000490 dd 0x000004a0 @@ -56077,7 +56132,7 @@ dd 0x00000540 dd 0x00000550 dd 0x00000560 -ref_00027394: +ref_00027444: dd 0x00000000 dd 0xea002554 dd 0xffffc0ff @@ -56139,7 +56194,7 @@ dd 0x00020003 dd 0xea000b54 dd 0xffc0ffff -ref_00027484: +ref_00027534: dd 0x00000004 dd 0xea002154 dd 0xffffc0ff @@ -56171,7 +56226,7 @@ dd 0x00020005 dd 0xea002354 dd 0xffc0ffff -ref_000274fc: +ref_000275ac: dd 0xea002490 dd 0xffff0000 dd 0x00003e67 @@ -56185,7 +56240,7 @@ dd 0xea000a90 dd 0xffff0000 dd 0x00003e67 -ref_0002752c: +ref_000275dc: dd 0xea002090 dd 0xffff0000 dd 0x00003e67 @@ -56193,7 +56248,7 @@ dd 0xea002290 dd 0xffff0000 dd 0x00003e67 -ref_00027544: +ref_000275f4: dd 0xea002490 dd 0xffff0000 dd 0x00004c5a @@ -56207,7 +56262,7 @@ dd 0xea000a90 dd 0xffff0000 dd 0x00004c5a -ref_00027574: +ref_00027624: dd 0xea002090 dd 0xffff0000 dd 0x00004c5a @@ -56215,7 +56270,7 @@ dd 0xea002290 dd 0xffff0000 dd 0x00004c5a -ref_0002758c: +ref_0002763c: dd 0xe9002e08 dd 0x0ffffeff dd 0xe0000100 @@ -56241,7 +56296,7 @@ dd 0xe9002008 dd 0x0ffffeff dd 0xe0000100 -ref_000275ec: +ref_0002769c: dd 0xe90031cc dd 0xffffebf8 dd 0x00001407 @@ -56351,7 +56406,7 @@ dd 0xe9001740 dd 0xff7fffff dd 0x00000000 -ref_0002779c: +ref_0002784c: dd 0xe9002c2c dd 0xfffff8ff dd 0x00000100 @@ -56413,7 +56468,7 @@ dd 0xe9002f40 dd 0xff7fffff dd 0x00000000 -ref_0002788c: +ref_0002793c: dd 0xea008008 dd 0x00ffffff dd 0x1c000000 @@ -56634,7 +56689,7 @@ dd 0xea000b0c dd 0xffc7fff0 dd 0x00000005 -ref_00027bf8: +ref_00027ca8: dd 0xea002008 dd 0x00039ef7 dd 0xea6c6108 @@ -56817,7 +56872,7 @@ dd 0x38ce0032 dd 0x32c038e9 dd 0xea38ce00 -ref_00027ecc: +ref_00027f7c: dd 0x00000003 dd 0xea002154 dd 0xffffc0ff @@ -56879,7 +56934,7 @@ dd 0x00020000 dd 0xea002754 dd 0xffc0ffff -ref_00027fbc: +ref_0002806c: dd 0xea002090 dd 0xffff0000 dd 0x00003e67 @@ -56893,7 +56948,7 @@ dd 0xea002690 dd 0xffff0000 dd 0x00003e67 -ref_00027fec: +ref_0002809c: dd 0xea002090 dd 0xffff0000 dd 0x00004c5a @@ -56907,7 +56962,7 @@ dd 0xea002690 dd 0xffff0000 dd 0x00004c5a -ref_0002801c: +ref_000280cc: dd 0xe9000808 dd 0x0ffffeff dd 0xe0000100 @@ -56927,7 +56982,7 @@ dd 0xe9001208 dd 0x0ffffeff dd 0xe0000100 -ref_00028064: +ref_00028114: dd 0xea008008 dd 0x00ffffff dd 0x1c000000 @@ -57148,7 +57203,7 @@ dd 0xea00270c dd 0xffc7fff0 dd 0x00000005 -ref_000283d0: +ref_00028480: dd 0xe90025cc dd 0xffffebf8 dd 0x00001407 @@ -57216,7 +57271,7 @@ dd 0xe9002740 dd 0xff7fffff dd 0x00000000 -ref_000284d8: +ref_00028588: dd 0xe90021cc dd 0xffffebf8 dd 0x00001407 @@ -57336,7 +57391,7 @@ dd 0xc00ce907 dd 0x07221709 dd 0x000000ea -ref_000286b0: +ref_00028760: dd 0x00000003 dd 0xea002154 dd 0xffffc0ff @@ -57398,7 +57453,7 @@ dd 0x00020000 dd 0xea002754 dd 0xffc0ffff -ref_000287a0: +ref_00028850: dd 0xe9000808 dd 0x0ffffeff dd 0xe0000100 @@ -57418,7 +57473,7 @@ dd 0xe9001208 dd 0x0ffffeff dd 0xe0000100 -ref_000287e8: +ref_00028898: dd 0xea008008 dd 0x00ffffff dd 0x1c000000 @@ -57651,7 +57706,7 @@ dd 0xea00270c dd 0xffc7fff0 dd 0x00000005 -ref_00028b84: +ref_00028c34: dd 0xe90025cc dd 0xffffebf8 dd 0x00001407 @@ -57725,7 +57780,7 @@ dd 0xe9002740 dd 0xff7fffff dd 0x00000000 -ref_00028ca4: +ref_00028d54: dd 0xe90021cc dd 0xffffebf8 dd 0x00001407 @@ -57896,13 +57951,13 @@ dd 0xcb000014 dd 0xffff9fff dd 0x00002000 -ref_00028f48: +ref_00028ff8: dd 0xb3e123d0 dd 0x4db47a1e dd 0xd4be66af dd 0x38669c1e -ref_00028f58: +ref_00029008: dd 0x524ed3ca dd 0x49f5b250 dd 0xbaa2d994 @@ -57912,70 +57967,70 @@ dd 0x446e1f65 dd 0x3584f5b3 dd 0xc4d1c7fc -ref_00028f78: +ref_00029028: dd 0x80000010 -dd ref_0002901c -dd ref_00028f84 +dd ref_000290cc +dd ref_00029034 -ref_00028f84: +ref_00029034: dd 0x00000000 -dd fcn_00016529 +dd fcn_000165b9 -ref_00028f8c: +ref_0002903c: dd 0x564b33cd dd 0x4593c92a dd 0x7324bf90 dd 0x22633ce4 -ref_00028f9c: +ref_0002904c: dd 0x4ed4bf27 dd 0x42e94092 dd 0x7b527d80 dd 0xbdc9001d -ref_00028fac: +ref_0002905c: dd 0xf8e21975 dd 0x4f580899 dd 0x2555bea4 dd 0x7ad7c6a9 -ref_00028fbc: +ref_0002906c: dd 0x8c8ce578 dd 0x4f1c8a3d dd 0x61893599 dd 0xd32dc385 -ref_00028fcc: +ref_0002907c: dd 0x49edb1c1 dd 0x4761bf21 dd 0x00eb12bb dd 0x39bbaa31 -ref_00028fdc: +ref_0002908c: dd 0x605ea650 dd 0x42e1c65c dd 0xa59180ba dd 0xc618b62a -ref_00028fec: +ref_0002909c: dd 0xf894643d dd 0x42d1c449 dd 0xbd85a88e dd 0xde5bc6d8 -ref_00028ffc: +ref_000290ac: dd 0xe6af1f7b dd 0x46dafc3f dd 0xb4a328a8 dd 0x8242a457 -ref_0002900c: +ref_000290bc: dd 0x9ca93627 dd 0x4324b65b dd 0xb4c002a2 dd 0x43457661 -ref_0002901c: +ref_000290cc: dd 0x1f4c6f90 dd 0x48d8b06b dd 0xe5ba01a2 @@ -57997,31 +58052,31 @@ dd 0x4489dc72 dd 0x9ee4c587 dd 0x52a473e7 -ref_0002906c: +ref_0002911c: dd 0xaf4a1998 dd 0x45454949 dd 0xe7c14c9c dd 0x56e042c0 -ref_0002907c: +ref_0002912c: dd 0x220307a4 dd 0x42a53670 dd 0x9d3201aa dd 0x6b913ecd -ref_0002908c: +ref_0002913c: dd 0x433e0f9f dd 0x410a05ae dd 0x29bfc3a0 dd 0xac25cb8e -ref_0002909c: +ref_0002914c: dd 0x1edcbdf9 dd 0x4bd4ffc6 dd 0x5d19f694 dd 0x5670e11d -ref_000290ac: +ref_0002915c: dd 0x17865dc0 dd 0x4da80b8b dd 0x467c428b @@ -58031,7 +58086,7 @@ dd 0x49c632bc dd 0xa1b7bd81 dd 0x6c1afea0 -ref_000290cc: +ref_0002917c: dd 0xed097352 dd 0x445a9041 dd 0x9db2b680 @@ -58041,19 +58096,19 @@ dd 0x4bdc4e55 dd 0x18d97baf dd 0x613f44ac -ref_000290ec: +ref_0002919c: dd 0xf38d1338 dd 0x4fb6af7a dd 0x9c1adb91 dd 0x0d578321 -ref_000290fc: +ref_000291ac: dd 0x908c7f8b dd 0x47fb5c48 dd 0xfdf55783 dd 0x7652234e -ref_0002910c: +ref_000291bc: dd 0xc02b0573 dd 0x4a312b4e dd 0x56941aa3 @@ -58063,7 +58118,7 @@ dd 0x4547693e dd 0x822100a3 dd 0xb220a43c -ref_0002912c: +ref_000291dc: dd 0x50031131 dd 0x43ef4f24 dd 0x3773afb7 @@ -58073,13 +58128,13 @@ dd 0x4b1ad425 dd 0x695f26bc dd 0x5aa18903 -ref_0002914c: +ref_000291fc: dd 0x794a0deb dd 0x4e7bc971 dd 0xbfd0f28a dd 0x9826ca3c -ref_0002915c: +ref_0002920c: dd 0x98191174 dd 0x41060b26 dd 0x45d002af @@ -58113,7 +58168,7 @@ dd 0x4dea790e dd 0x0538dc8b dd 0x44399816 -ref_000291dc: +ref_0002928c: dd 0xf8d5438e dd 0x481d26e1 dd 0xd6303cb6 @@ -58147,19 +58202,19 @@ dd 0x4d9be16c dd 0x35aa71bb dd 0x2f701a46 -ref_0002925c: +ref_0002930c: dd 0x573eaf99 dd 0x46b5f445 dd 0x4abcd5a5 dd 0xf3983593 -ref_0002926c: +ref_0002931c: dd 0x09ea8911 dd 0x4230be0d dd 0xc6ed03a0 dd 0x118eb493 -ref_0002927c: +ref_0002932c: dd 0x3e14d361 dd 0x42e4c7d7 dd 0xebb907ae @@ -58301,7 +58356,7 @@ dd 0x497e81e6 dd 0xfac8ff87 dd 0x28ec248f -ref_000294ac: +ref_0002955c: dd 0x4c10d934 dd 0x45a438e6 dd 0x792a249a @@ -58339,44 +58394,44 @@ dd 0x4642b3da dd 0x1cd0f595 dd 0xb8601c6c -ref_0002953c: +ref_000295ec: dd 0x08040201 dd 0x08040201 dd 0x00000000 -ref_00029548: +ref_000295f8: dd 0x08040201 dd 0x00000000 dd 0x08040201 -ref_00029554: +ref_00029604: dd 0x80000010 -dd ref_00028ffc -dd 0x00000000 - -ref_00029560: -dd fcn_0001a994 -dd fcn_0001aac1 -dd fcn_0001abd6 -dd fcn_0001acd4 -dd fcn_0001a847 -dd fcn_0001a856 -dd fcn_0001a865 -dd fcn_0001a8b5 -dd fcn_0001a874 -dd fcn_0001a88a +dd ref_000290ac +dd 0x00000000 + +ref_00029610: +dd fcn_0001aa58 +dd fcn_0001ab85 +dd fcn_0001ac9a +dd fcn_0001ad98 +dd fcn_0001a90b +dd fcn_0001a91a +dd fcn_0001a929 +dd fcn_0001a979 +dd fcn_0001a938 +dd fcn_0001a94e +dd fcn_0001a964 +dd fcn_0001a988 +dd fcn_0001a873 +dd fcn_0001a882 +dd fcn_0001a891 dd fcn_0001a8a0 -dd fcn_0001a8c4 -dd fcn_0001a7af -dd fcn_0001a7be -dd fcn_0001a7cd -dd fcn_0001a7dc -dd fcn_0001a7eb -dd fcn_0001a801 -dd fcn_0001a817 -dd fcn_0001a82c - -ref_000295b0: +dd fcn_0001a8af +dd fcn_0001a8c5 +dd fcn_0001a8db +dd fcn_0001a8f0 + +ref_00029660: dd 0x75736e55 dd 0x726f7070 dd 0x20646574 @@ -58398,10 +58453,10 @@ dd 0x6120646e dd 0x65766f62 dd 0x9066000a -ref_00029600: +ref_000296b0: dd 0xa6a4a2a0 -ref_00029604: +ref_000296b4: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -58412,7 +58467,7 @@ dd 0x00063158 dd 0x55443164 dd 0x00073168 -ref_00029628: +ref_000296d8: dd 0x02353140 dd 0x20373144 dd 0x32103146 @@ -58420,7 +58475,7 @@ dd 0x32163148 dd 0x3250314c dd 0x76543150 -ref_00029640: +ref_000296f0: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -58432,7 +58487,7 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_00029668: +ref_00029718: dd 0x00003100 dd 0x03203200 dd 0x00003108 @@ -58446,7 +58501,7 @@ dd 0x00000001 dd 0x00003118 dd 0x00000001 -ref_00029698: +ref_00029748: dd 0x422b8086 dd 0x02ffffff dd 0x00000001 @@ -58700,14 +58755,14 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -;; The following should be the .bss section -ref_00029a88: +; .bss +ref_00029b38: dd 0x00000000 -ref_00029a8c: +ref_00029b3c: dd 0x00000000 -ref_00029a90: +ref_00029b40: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -58715,26 +58770,26 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_00029aa8: +ref_00029b58: dd 0x00000000 dd 0x00000000 -ref_00029ab0: +ref_00029b60: dd 0x00000000 -ref_00029ab4: +ref_00029b64: dd 0x00000000 -ref_00029ab8: +ref_00029b68: dd 0x00000000 -ref_00029abc: +ref_00029b6c: dd 0x00000000 -ref_00029ac0: +ref_00029b70: dd 0x00000000 -ref_00029ac4: +ref_00029b74: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -58742,10 +58797,10 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_00029adc: +ref_00029b8c: dd 0x00000000 -ref_00029ae0: +ref_00029b90: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -58756,19 +58811,19 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_00029b04: +ref_00029bb4: dd 0x00000000 -ref_00029b08: +ref_00029bb8: dd 0x00000000 -ref_00029b0c: +ref_00029bbc: dd 0x00000000 -ref_00029b10: +ref_00029bc0: dd 0x00000000 -ref_00029b14: +ref_00029bc4: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -58829,10 +58884,10 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_00029c00: +ref_00029cb0: dd 0x00000000 -ref_00029c04: +ref_00029cb4: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -58894,14 +58949,14 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_00029cf4: +ref_00029da4: dd 0x00000000 dd 0x00000000 -ref_00029cfc: +ref_00029dac: dd 0x00000000 -ref_00029d00: +ref_00029db0: dd 0x00000000 dd 0x00000000 dd 0x00000000 @@ -66403,14 +66458,14 @@ dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_00031230: +ref_000312e0: dd 0x00000000 -ref_00031234: +ref_000312e4: dd 0x00000000 dd 0x00000000 dd 0x00000000 -ref_00031240: +ref_000312f0: dd 0x00000000 dd 0x00000000 -- cgit v1.2.3