;; Generated with r2dumpbin (https://github.com/mytbk/r2dumpbin)
;; f va @ 0xfffa0000
;; f fcn1 @ 0xfffa87da
;; f fcn2 @ 0xfffb7579
;; f fcn3 @ 0xfffab07d
;; f fcn4 @ 0xfffb742b
;; f fcn5 @ 0xfffb7458

bits 32
extern mrc_printk
global mrc_entry

mrc_entry:
pushad
mov ebx, esp
mov eax, dword [ebx + 0x24]
mov esp, 0xff800000
push ebx
push eax
mov al, 1
out 0x80, al
cld
call fcn_fffa0024  ; call 0xfffa0024
pop ecx
pop ebx
mov esp, ebx
mov dword [ebx + 0x1c], eax
mov al, 2
out 0x80, al
popad
ret

fcn_fffa0024:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 8]
mov eax, dword [eax]
cmp eax, 0x16
je short loc_fffa0050  ; je 0xfffa0050
push edx
push 0x16
push eax
push ref_fffd5f4a  ; push 0xfffd5f4a
call mrc_printk  ; call 0xfffb76e3
add esp, 0x10
or eax, 0xffffffff
jmp near loc_fffa1e87  ; jmp 0xfffa1e87

loc_fffa0050:
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0xca]
mov dword [0xff7d0274], eax
push eax
push eax
push 0x270
push 0xff7d0004
call fcn_fffac673  ; call 0xfffac673
mov eax, dword [ebp + 8]
add esp, 0x10
mov dword [0xff7d0004], 0xfeaddeaf
mov dword [0xff7d0084], eax
cmp dword [eax + 8], 3
jne short loc_fffa00af  ; jne 0xfffa00af
cmp dword [eax + 0x8f6], 0
je short loc_fffa00af  ; je 0xfffa00af
sub esp, 0xc
push ref_fffd5f6e  ; push 0xfffd5f6e
call mrc_printk  ; call 0xfffb76e3
add esp, 0x10
mov dword [0xff7d0080], 0x11
jmp short loc_fffa00b9  ; jmp 0xfffa00b9

loc_fffa00af:
mov dword [0xff7d0080], 6

loc_fffa00b9:
mov dword [0xff7d008c], ref_fffd65b0  ; mov dword [0xff7d008c], 0xfffd65b0
mov dword [0xff7d0178], 1
mov dword [0xff7d0028], fcn_fffc54ff  ; mov dword [0xff7d0028], 0xfffc54ff
mov dword [0xff7d0030], fcn_fffa5c78  ; mov dword [0xff7d0030], 0xfffa5c78
mov dword [0xff7d0034], fcn_fffa5c69  ; mov dword [0xff7d0034], 0xfffa5c69
mov dword [0xff7d0038], fcn_fffa87da  ; mov dword [0xff7d0038], 0xfffa87da
mov dword [0xff7d003c], fcn_fffb7579  ; mov dword [0xff7d003c], 0xfffb7579
mov dword [0xff7d002c], fcn_fffab07d  ; mov dword [0xff7d002c], 0xfffab07d
mov dword [0xff7d0020], fcn_fffc5451  ; mov dword [0xff7d0020], 0xfffc5451
mov dword [0xff7d0054], fcn_fffb709f  ; mov dword [0xff7d0054], 0xfffb709f
mov dword [0xff7d0058], fcn_fffab11d  ; mov dword [0xff7d0058], 0xfffab11d
mov dword [0xff7d007c], fcn_fffa5c62  ; mov dword [0xff7d007c], 0xfffa5c62
mov dword [0xff7d0278], 0xff7d0008
mov dword [0xff7d0000], 0xff7d0278
call fcn_fffab405  ; call 0xfffab405
sub esp, 0xc
mov eax, dword [eax]
push 0
call dword [eax + 0x74]  ; ucall
mov edx, dword [0xff7d0278]
add esp, 0x10
mov dword [edx + 0x60], ref_fffd608c  ; mov dword [edx + 0x60], 0xfffd608c
cmp eax, 0x80000014
je short loc_fffa017b  ; je 0xfffa017b
sub esp, 0xc
push ref_fffd6080  ; push 0xfffd6080
call fcn_fffab5db  ; call 0xfffab5db
add esp, 0x10

loc_fffa017b:
sub esp, 0xc
push ref_fffd5f7e  ; push 0xfffd5f7e
call mrc_printk  ; call 0xfffb76e3
mov esi, dword [0xff7d0084]
call fcn_fffb481e  ; call 0xfffb481e
mov dword [esp], 0x5ac
mov dword [ebp - 0x2c], eax
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov ebx, eax
test eax, eax
je loc_fffa0efc  ; je 0xfffa0efc
sub esp, 0xc
push 0xc
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov dword [ebp - 0x38], eax
test eax, eax
je loc_fffa0efc  ; je 0xfffa0efc
mov dword [eax], 0x80000010
xor edi, edi
mov dword [eax + 4], ref_fffd6584  ; mov dword [eax + 4], 0xfffd6584
mov dword [eax + 8], ebx
mov byte [ebx], 0xb
mov byte [ebx + 1], 0
mov dword [ebx + 4], 0xfed1c000
mov eax, dword [esi + 0x2a]
mov word [ebx + 8], ax
mov eax, dword [esi + 0x2e]
mov byte [ebx + 0xc], 0
mov byte [ebx + 0x37e], 0
mov byte [ebx + 0x370], 1
mov word [ebx + 0xa], ax
mov byte [ebx + 0x1da], 1
mov byte [ebx + 0x386], 1
mov ax, word [esi + 0x18]
or byte [ebx + 0x45e], 1
or byte [ebx + 0x49e], 0x80
and byte [ebx + 0x486], 0xfe
or byte [ebx + 0x412], 0xf
mov word [ebx + 0x388], ax
mov byte [ebx + 0x3a], 0
mov byte [ebx + 0x496], 1
mov byte [ebx + 0x497], 1
mov byte [ebx + 0x498], 1
mov byte [ebx + 0x499], 1
mov byte [ebx + 0x49a], 1
mov byte [ebx + 0x49b], 1
mov byte [ebx + 0x49c], 1
mov byte [ebx + 0x49d], 1
or byte [ebx + 0x419], 0xc0
or byte [ebx + 0x41e], 2
or byte [ebx + 0x424], 0x40
mov byte [ebx + 0x43c], 1

loc_fffa0294:
call fcn_fffb481e  ; call 0xfffb481e
cmp eax, 1
je short loc_fffa02a9  ; je 0xfffa02a9
cmp eax, 2
sete al
shl eax, 2
jmp short loc_fffa02ab  ; jmp 0xfffa02ab

loc_fffa02a9:
mov al, 6

loc_fffa02ab:
movzx eax, al
cmp edi, eax
jae short loc_fffa02c0  ; jae 0xfffa02c0
imul eax, edi, 0x12
inc edi
or byte [ebx + eax + 0x1e1], 0x40
jmp short loc_fffa0294  ; jmp 0xfffa0294

loc_fffa02c0:
mov al, byte [ebx + 0x436]
xor edx, edx
and byte [ebx + 0x426], 0xfe
or byte [ebx + 0x432], 7
or eax, 3
and eax, 0xfffffffb
mov word [ebx + 0x43a], 0
mov byte [ebx + 0x436], al
mov byte [ebx + 0x1a8], 1

loc_fffa02f2:
mov dword [ebp - 0x30], edx
call fcn_fffb4984  ; call 0xfffb4984
mov edx, dword [ebp - 0x30]
cmp dl, al
jae short loc_fffa032a  ; jae 0xfffa032a
movzx eax, dl
imul eax, eax, 0x2c
add eax, ebx
mov cl, byte [eax + 0x46]
mov byte [eax + 0x4f], dl
mov byte [eax + 0x50], dl
inc edx
mov byte [eax + 0x56], 4
or ecx, 5
and ecx, 0x7f
mov byte [eax + 0x57], 3
mov byte [eax + 0x4e], 0
mov byte [eax + 0x46], cl
jmp short loc_fffa02f2  ; jmp 0xfffa02f2

loc_fffa032a:
or byte [ebx + 0x17a], 8
sub esp, 0xc
and byte [ebx + 0x1aa], 0xfe
mov byte [ebx + 0x1a6], 0
mov byte [ebx + 0x1a7], 0
mov byte [ebx + 0x1a9], 1
push 0xc
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
test eax, eax
je short loc_fffa037e  ; je 0xfffa037e
sub esp, 0xc
mov dword [eax], 0x80000010
mov dword [eax + 4], ref_fffd60ec  ; mov dword [eax + 4], 0xfffd60ec
mov dword [eax + 8], ref_fffd6194  ; mov dword [eax + 8], 0xfffd6194
push eax
call fcn_fffab5db  ; call 0xfffab5db
add esp, 0x10

loc_fffa037e:
mov dword [ebx + 0x1db], 1
xor edi, edi

loc_fffa038a:
call fcn_fffb481e  ; call 0xfffb481e
cmp eax, 1
je short loc_fffa03a1  ; je 0xfffa03a1
cmp eax, 2
jne loc_fffa042d  ; jne 0xfffa042d
mov al, 4
jmp short loc_fffa03a3  ; jmp 0xfffa03a3

loc_fffa03a1:
mov al, 6

loc_fffa03a3:
mov ecx, edi
cmp cl, al
jae loc_fffa042d  ; jae 0xfffa042d
mov eax, edi
inc edi
movzx eax, al
imul eax, eax, 0x12
add eax, ebx
mov cl, byte [eax + 0x1e1]
lea edx, [eax + 0x1da]
mov byte [eax + 0x1df], 0x71
mov byte [eax + 0x1e0], 0x1f
mov byte [eax + 0x1e4], 1
and ecx, 0xffffffc0
or ecx, 0x27
mov byte [eax + 0x1e1], cl
mov byte [eax + 0x1e6], 1
mov byte [eax + 0x1e8], 1
mov byte [eax + 0x1e3], 0
mov byte [eax + 0x1e5], 0
mov byte [eax + 0x1e7], 0
mov byte [eax + 0x1e9], 0
mov byte [eax + 0x1ea], 0
mov byte [eax + 0x1eb], 0
mov byte [eax + 0x1ec], 0
and byte [edx + 0x13], 0xf0
jmp near loc_fffa038a  ; jmp 0xfffa038a

loc_fffa042d:
mov al, byte [ebx + 0x24c]
mov byte [ebx + 0x24b], 0x7e
mov byte [ebx + 0x253], 0
mov byte [ebx + 0x255], 1
or eax, 0x1e
and eax, 0xfffffffe
mov byte [ebx + 0x24c], al
lea eax, [ebx + 0x38e]
mov byte [ebx + 0x254], 0
mov dword [ebx + 0x24f], 0
mov byte [ebx + 0x257], 0
mov byte [ebx + 0x258], 0
mov byte [ebx + 0x259], 0
mov byte [ebx + 0x25a], 0
mov byte [ebx + 0x25b], 0x64
mov byte [ebx + 0x38d], 4
push edi
xor edi, edi
push 4
push ref_fffd6190  ; push 0xfffd6190
push eax
call fcn_fffab101  ; call 0xfffab101
mov word [ebx + 0x36], 0x8086
mov word [ebx + 0x38], 0x7270
mov byte [ebx + 0x3b], 0
mov byte [ebx + 0x360], 2
mov byte [ebx + 0x361], 0
mov byte [ebx + 0x362], 1
mov byte [ebx + 0x35c], 1
mov byte [ebx + 0x35d], 0xf0
mov byte [ebx + 0x35e], 0x1f
mov byte [ebx + 0x35f], 0
mov eax, dword [esi + 0xc]
mov word [ebx + 0x22], 0xd000
mov word [ebx + 0x24], 0x10
mov byte [ebx + 0x11], al
mov eax, dword [esi + 0x32]
mov dword [ebx + 0x1e], 0x10000
mov byte [ebx + 0x18], 2
mov byte [ebx + 0x19], 6
mov dword [ebx + 0x1a], eax
mov esi, dword [0xff7d0084]
mov byte [ebx + 0x371], 0
mov word [ebx + 0x374], 0x12c
mov byte [ebx + 0x372], 1
mov byte [ebx + 0x373], 0
call fcn_fffb481e  ; call 0xfffb481e
mov dword [ebp - 0x30], eax
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
add eax, 0xf8002
mov dword [esp], eax
call fcn_fffb3d06  ; call 0xfffb3d06
add esp, 0x10
mov byte [ebx + 0x284], 0
mov byte [ebx + 0x28c], 0
mov byte [ebx + 0x295], 1
mov byte [ebx + 0x294], 1
mov byte [ebx + 0x297], 0
mov ecx, eax
mov byte [ebx + 0x296], 1

loc_fffa057d:
mov dword [ebp - 0x34], ecx
call fcn_fffb5bb6  ; call 0xfffb5bb6
mov ecx, dword [ebp - 0x34]
movzx eax, al
cmp edi, eax
jae short loc_fffa059a  ; jae 0xfffa059a
mov byte [ebx + edi + 0x298], 0
inc edi
jmp short loc_fffa057d  ; jmp 0xfffa057d

loc_fffa059a:
xor edi, edi

loc_fffa059c:
mov dword [ebp - 0x34], ecx
call fcn_fffb5b8d  ; call 0xfffb5b8d
mov ecx, dword [ebp - 0x34]
movzx eax, al
cmp edi, eax
jae short loc_fffa05b9  ; jae 0xfffa05b9
mov byte [ebx + edi + 0x2a6], 0
inc edi
jmp short loc_fffa059c  ; jmp 0xfffa059c

loc_fffa05b9:
mov byte [ebx + 0x2ac], 0
mov byte [ebx + 0x285], 0
mov byte [ebx + 0x28d], 0
mov byte [ebx + 0x339], 0
mov byte [ebx + 0x338], 1
mov al, byte [esi + 0x5c]
mov byte [ebx + 0x2b0], al
mov al, byte [esi + 0x61]
mov byte [ebx + 0x2b8], al
mov al, byte [esi + 0x66]
mov byte [ebx + 0x2c0], al
mov al, byte [esi + 0x6b]
mov byte [ebx + 0x2c8], al
mov al, byte [esi + 0x70]
mov byte [ebx + 0x2d0], al
mov al, byte [esi + 0x75]
mov byte [ebx + 0x2d8], al
mov al, byte [esi + 0x7a]
mov byte [ebx + 0x2e0], al
mov al, byte [esi + 0x7f]
mov byte [ebx + 0x2e8], al
mov al, byte [esi + 0x84]
mov byte [ebx + 0x2f0], al
mov al, byte [esi + 0x89]
mov byte [ebx + 0x2f8], al
mov al, byte [esi + 0x8e]
mov byte [ebx + 0x300], al
mov al, byte [esi + 0x93]
mov byte [ebx + 0x308], al
mov al, byte [esi + 0x98]
mov byte [ebx + 0x310], al
mov al, byte [esi + 0x9d]
mov byte [ebx + 0x318], al
mov al, byte [esi + 0xa0]
mov byte [ebx + 0x320], al
mov al, byte [esi + 0xa3]
mov byte [ebx + 0x324], al
mov al, byte [esi + 0xa6]
mov byte [ebx + 0x328], al
mov al, byte [esi + 0xa9]
mov byte [ebx + 0x32c], al
mov al, byte [esi + 0xac]
mov byte [ebx + 0x330], al
mov al, byte [esi + 0xaf]
mov byte [ebx + 0x334], al
mov al, byte [esi + 0x5d]
mov byte [ebx + 0x2b1], al
mov al, byte [esi + 0x62]
mov byte [ebx + 0x2b9], al
mov al, byte [esi + 0x67]
mov byte [ebx + 0x2c1], al
mov al, byte [esi + 0x6c]
mov byte [ebx + 0x2c9], al
mov al, byte [esi + 0x71]
mov byte [ebx + 0x2d1], al
mov al, byte [esi + 0x76]
mov byte [ebx + 0x2d9], al
mov al, byte [esi + 0x7b]
mov byte [ebx + 0x2e1], al
mov al, byte [esi + 0x80]
mov byte [ebx + 0x2e9], al
mov al, byte [esi + 0x85]
mov byte [ebx + 0x2f1], al
mov al, byte [esi + 0x8a]
mov byte [ebx + 0x2f9], al
mov al, byte [esi + 0x8f]
mov byte [ebx + 0x301], al
mov al, byte [esi + 0x94]
mov byte [ebx + 0x309], al
mov al, byte [esi + 0x99]
mov byte [ebx + 0x311], al
mov al, byte [esi + 0x9e]
mov byte [ebx + 0x319], al
mov al, byte [esi + 0xa1]
mov byte [ebx + 0x321], al
mov al, byte [esi + 0xa4]
mov byte [ebx + 0x325], al
mov al, byte [esi + 0xa7]
mov byte [ebx + 0x329], al
mov al, byte [esi + 0xaa]
mov byte [ebx + 0x32d], al
mov al, byte [esi + 0xad]
mov byte [ebx + 0x331], al
mov al, byte [esi + 0xb0]
mov byte [ebx + 0x335], al
mov ax, word [esi + 0x5a]
mov word [ebx + 0x2b4], ax
mov ax, word [esi + 0x5f]
mov word [ebx + 0x2bc], ax
mov ax, word [esi + 0x64]
mov word [ebx + 0x2c4], ax
mov ax, word [esi + 0x69]
mov word [ebx + 0x2cc], ax
mov ax, word [esi + 0x6e]
mov word [ebx + 0x2d4], ax
mov ax, word [esi + 0x73]
mov word [ebx + 0x2dc], ax
mov ax, word [esi + 0x78]
mov word [ebx + 0x2e4], ax
mov ax, word [esi + 0x7d]
mov word [ebx + 0x2ec], ax
mov ax, word [esi + 0x82]
mov word [ebx + 0x2f4], ax
mov ax, word [esi + 0x87]
mov word [ebx + 0x2fc], ax
mov ax, word [esi + 0x8c]
mov word [ebx + 0x304], ax
mov ax, word [esi + 0x91]
mov word [ebx + 0x30c], ax
mov ax, word [esi + 0x96]
mov word [ebx + 0x314], ax
mov ax, word [esi + 0x9b]
mov word [ebx + 0x31c], ax
mov al, byte [esi + 0xa2]
mov byte [ebx + 0x322], al
mov al, byte [esi + 0xa5]
mov byte [ebx + 0x326], al
mov al, byte [esi + 0xa8]
mov byte [ebx + 0x32a], al
mov al, byte [esi + 0xab]
mov byte [ebx + 0x32e], al
mov al, byte [esi + 0xae]
mov byte [ebx + 0x332], al
mov al, byte [esi + 0xb1]
mov byte [ebx + 0x336], al
mov al, byte [esi + 0x5e]
mov byte [ebx + 0x2b6], al
mov al, byte [esi + 0x63]
mov byte [ebx + 0x2be], al
mov al, byte [esi + 0x68]
mov byte [ebx + 0x2c6], al
mov al, byte [esi + 0x6d]
mov byte [ebx + 0x2ce], al
mov al, byte [esi + 0x72]
mov byte [ebx + 0x2d6], al
mov al, byte [esi + 0x77]
mov byte [ebx + 0x2de], al
mov al, byte [esi + 0x7c]
cmp dword [ebp - 0x30], 1
mov byte [ebx + 0x2e6], al
mov al, byte [esi + 0x81]
mov byte [ebx + 0x2ee], al
mov al, byte [esi + 0x86]
mov byte [ebx + 0x2f6], al
mov al, byte [esi + 0x8b]
mov byte [ebx + 0x2fe], al
mov al, byte [esi + 0x90]
mov byte [ebx + 0x306], al
mov al, byte [esi + 0x95]
mov byte [ebx + 0x30e], al
mov al, byte [esi + 0x9a]
mov byte [ebx + 0x316], al
mov al, byte [esi + 0x9f]
mov byte [ebx + 0x31e], al
jne loc_fffa0a97  ; jne 0xfffa0a97
mov eax, ecx
and al, 0x7d
cmp ax, 0x8c44
je short loc_fffa093e  ; je 0xfffa093e
cmp cx, 0x8c4c
sete dl
cmp cx, 0x8c4a
sete al
or dl, al
je short loc_fffa0948  ; je 0xfffa0948

loc_fffa093e:
lea edi, [ebx + 0x2b3]
xor edx, edx
jmp short loc_fffa09a6  ; jmp 0xfffa09a6

loc_fffa0948:
cmp cx, 0x8c50
sete dl
cmp cx, 0x8c4e
sete al
or dl, al
jne short loc_fffa093e  ; jne 0xfffa093e
cmp cx, 0x8c42
sete dl
cmp cx, 0x8c5c
sete al
or dl, al
jne short loc_fffa093e  ; jne 0xfffa093e
cmp cx, 0x8cc2
jne short loc_fffa09bf  ; jne 0xfffa09bf
jmp short loc_fffa093e  ; jmp 0xfffa093e

loc_fffa0979:
cmp byte [edi + 3], 1
sbb eax, eax
not eax
add eax, 4
cmp byte [edi + 3], 0
mov byte [edi - 1], al
jne short loc_fffa09ba  ; jne 0xfffa09ba
mov ax, word [edi + 1]
cmp ax, 0x7f
jbe short loc_fffa09ba  ; jbe 0xfffa09ba
cmp ax, 0x130
sbb eax, eax
add eax, 4
mov byte [edi], al

loc_fffa09a2:
inc edx
add edi, 8

loc_fffa09a6:
mov dword [ebp - 0x30], edx
call fcn_fffb5bb6  ; call 0xfffb5bb6
mov edx, dword [ebp - 0x30]
movzx eax, al
cmp edx, eax
jb short loc_fffa0979  ; jb 0xfffa0979
jmp short loc_fffa0a0e  ; jmp 0xfffa0a0e

loc_fffa09ba:
mov byte [edi], 2
jmp short loc_fffa09a2  ; jmp 0xfffa09a2

loc_fffa09bf:
cmp cx, 0x8c4f
sete dl
cmp cx, 0x8c49
sete al
or dl, al
jne short loc_fffa0a2d  ; jne 0xfffa0a2d
cmp cx, 0x8c41
sete dl
cmp cx, 0x8c4b
sete al
or dl, al
jne short loc_fffa0a2d  ; jne 0xfffa0a2d
lea eax, [ecx + 0x63bf]
cmp ax, 6
jbe short loc_fffa0a2d  ; jbe 0xfffa0a2d
cmp cx, 0x8cc5
sete dl
cmp cx, 0x8cc3
sete al
or dl, al
jne short loc_fffa0a2d  ; jne 0xfffa0a2d
cmp cx, 0x8cc1
je short loc_fffa0a2d  ; je 0xfffa0a2d

loc_fffa0a0e:
cmp dword [esi + 0x10], 0
je loc_fffa0bde  ; je 0xfffa0bde
mov byte [ebx + 0x284], 1
xor edi, edi
mov byte [ebx + 0x297], 1
jmp near loc_fffa0ba0  ; jmp 0xfffa0ba0

loc_fffa0a2d:
lea edi, [ebx + 0x2b3]
xor edx, edx
jmp short loc_fffa0a49  ; jmp 0xfffa0a49

loc_fffa0a37:
mov al, byte [edi + 3]
cmp al, 5
jne short loc_fffa0a5d  ; jne 0xfffa0a5d
mov byte [edi - 1], 5

loc_fffa0a42:
mov byte [edi], 2

loc_fffa0a45:
inc edx
add edi, 8

loc_fffa0a49:
mov dword [ebp - 0x30], edx
call fcn_fffb5bb6  ; call 0xfffb5bb6
mov edx, dword [ebp - 0x30]
movzx eax, al
cmp edx, eax
jb short loc_fffa0a37  ; jb 0xfffa0a37
jmp short loc_fffa0a0e  ; jmp 0xfffa0a0e

loc_fffa0a5d:
cmp al, 2
jne short loc_fffa0a67  ; jne 0xfffa0a67
mov byte [edi - 1], 4
jmp short loc_fffa0a7c  ; jmp 0xfffa0a7c

loc_fffa0a67:
cmp word [edi + 1], 0x70
sbb ecx, ecx
add ecx, 6
mov byte [edi - 1], cl
cmp al, 5
je short loc_fffa0a42  ; je 0xfffa0a42
cmp al, 2
jne short loc_fffa0a88  ; jne 0xfffa0a88

loc_fffa0a7c:
cmp word [edi + 1], 0x50
sbb eax, eax
add eax, 2
jmp short loc_fffa0a93  ; jmp 0xfffa0a93

loc_fffa0a88:
cmp word [edi + 1], 0x100
sbb eax, eax
add eax, 3

loc_fffa0a93:
mov byte [edi], al
jmp short loc_fffa0a45  ; jmp 0xfffa0a45

loc_fffa0a97:
cmp dword [ebp - 0x30], 2
jne loc_fffa0a0e  ; jne 0xfffa0a0e
lea eax, [ecx + 0x63bf]
mov word [ebp - 0x3c], ax
lea eax, [ecx + 0x633f]
lea edi, [ebx + 0x2b2]
mov dword [ebp - 0x30], 0
mov word [ebp - 0x40], ax

loc_fffa0ac2:
mov dword [ebp - 0x34], ecx
call fcn_fffb5bb6  ; call 0xfffb5bb6
mov ecx, dword [ebp - 0x34]
movzx eax, al
cmp dword [ebp - 0x30], eax
jae loc_fffa0a0e  ; jae 0xfffa0a0e
cmp word [ebp - 0x3c], 6
ja short loc_fffa0b0e  ; ja 0xfffa0b0e
mov al, byte [edi + 4]
mov dl, al
cmp al, 3
mov byte [ebp - 0x34], al
sete al
test dl, dl
sete dl
or al, dl
je short loc_fffa0b02  ; je 0xfffa0b02
cmp word [edi + 2], 0x70
sbb eax, eax
add eax, 6
jmp short loc_fffa0b0c  ; jmp 0xfffa0b0c

loc_fffa0b02:
cmp byte [ebp - 0x34], 2
setne al
add eax, 4

loc_fffa0b0c:
mov byte [edi], al

loc_fffa0b0e:
cmp word [ebp - 0x40], 2
setbe dl
cmp cx, 0x9cc5
sete al
or dl, al
je short loc_fffa0b25  ; je 0xfffa0b25
mov byte [edi], 6

loc_fffa0b25:
lea eax, [ecx + 0x633a]
cmp ax, 1
setbe dl
cmp cx, 0x9cc9
sete al
or dl, al
je short loc_fffa0b55  ; je 0xfffa0b55
cmp byte [edi + 4], 0
jne short loc_fffa0b52  ; jne 0xfffa0b52
cmp word [edi + 2], 0x70
sbb eax, eax
add eax, 7
mov byte [edi], al
jmp short loc_fffa0b55  ; jmp 0xfffa0b55

loc_fffa0b52:
mov byte [edi], 6

loc_fffa0b55:
mov al, byte [edi + 4]
cmp al, 3
sete dl
test al, al
mov byte [ebp - 0x34], al
sete al
or al, dl
jne short loc_fffa0b6f  ; jne 0xfffa0b6f
cmp byte [ebp - 0x34], 7
jne short loc_fffa0b7c  ; jne 0xfffa0b7c

loc_fffa0b6f:
cmp word [edi + 2], 0x100
sbb eax, eax
add eax, 3
jmp short loc_fffa0b8c  ; jmp 0xfffa0b8c

loc_fffa0b7c:
cmp byte [ebp - 0x34], 2
jne short loc_fffa0b91  ; jne 0xfffa0b91
cmp word [edi + 2], 0x50
sbb eax, eax
add eax, 2

loc_fffa0b8c:
mov byte [edi + 1], al
jmp short loc_fffa0b95  ; jmp 0xfffa0b95

loc_fffa0b91:
mov byte [edi + 1], 2

loc_fffa0b95:
inc dword [ebp - 0x30]
add edi, 8
jmp near loc_fffa0ac2  ; jmp 0xfffa0ac2

loc_fffa0ba0:
call fcn_fffb5bb6  ; call 0xfffb5bb6
movzx eax, al
cmp edi, eax
jae short loc_fffa0bb7  ; jae 0xfffa0bb7
mov byte [ebx + edi + 0x298], 1
inc edi
jmp short loc_fffa0ba0  ; jmp 0xfffa0ba0

loc_fffa0bb7:
mov byte [ebx + 0x299], 0
xor edi, edi

loc_fffa0bc0:
call fcn_fffb5b8d  ; call 0xfffb5b8d
movzx eax, al
cmp edi, eax
jae short loc_fffa0bd7  ; jae 0xfffa0bd7
mov byte [ebx + edi + 0x2a6], 1
inc edi
jmp short loc_fffa0bc0  ; jmp 0xfffa0bc0

loc_fffa0bd7:
mov byte [ebx + 0x2a7], 0

loc_fffa0bde:
xor edi, edi

loc_fffa0be0:
call fcn_fffb5b8d  ; call 0xfffb5b8d
movzx eax, al
cmp edi, eax
jae loc_fffa0cba  ; jae 0xfffa0cba
mov dl, byte [esi + edi + 0xb2]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0c0e  ; je 0xfffa0c0e
mov byte [ebx + edi*8 + 0x57c], dl
or eax, 1
jmp short loc_fffa0c19  ; jmp 0xfffa0c19

loc_fffa0c0e:
mov byte [ebx + edi*8 + 0x57c], 0
and eax, 0xfffffffe

loc_fffa0c19:
mov byte [ebx + edi*8 + 0x580], al
mov dl, byte [esi + edi + 0xb8]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0c3e  ; je 0xfffa0c3e
mov byte [ebx + edi*8 + 0x57d], dl
or eax, 2
jmp short loc_fffa0c49  ; jmp 0xfffa0c49

loc_fffa0c3e:
mov byte [ebx + edi*8 + 0x57d], 0
and eax, 0xfffffffd

loc_fffa0c49:
mov byte [ebx + edi*8 + 0x580], al
mov dl, byte [esi + edi + 0xbe]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0c6e  ; je 0xfffa0c6e
mov byte [ebx + edi*8 + 0x57e], dl
or eax, 4
jmp short loc_fffa0c79  ; jmp 0xfffa0c79

loc_fffa0c6e:
mov byte [ebx + edi*8 + 0x57e], 0
and eax, 0xfffffffb

loc_fffa0c79:
mov byte [ebx + edi*8 + 0x580], al
mov dl, byte [esi + edi + 0xc4]
mov al, byte [ebx + edi*8 + 0x580]
test dl, dl
je short loc_fffa0ca2  ; je 0xfffa0ca2
lea edx, [edx + edx + 1]
or eax, 8
mov byte [ebx + edi*8 + 0x57f], dl
jmp short loc_fffa0cad  ; jmp 0xfffa0cad

loc_fffa0ca2:
mov byte [ebx + edi*8 + 0x57f], 0
and eax, 0xfffffff7

loc_fffa0cad:
mov byte [ebx + edi*8 + 0x580], al
inc edi
jmp near loc_fffa0be0  ; jmp 0xfffa0be0

loc_fffa0cba:
mov al, byte [ebx + 0x40e]
or eax, 3
and eax, 0xffffffc3
mov byte [ebx + 0x40e], al
xor eax, eax

loc_fffa0cce:
and byte [ebx + eax*8 + 0x554], 0xfc
mov word [ebx + eax*8 + 0x558], 0
mov word [ebx + eax*8 + 0x55a], 0
inc eax
cmp eax, 5
jne short loc_fffa0cce  ; jne 0xfffa0cce
mov al, byte [ebx + 0x46a]
xor edx, edx
mov byte [ebx + 0x364], 1
mov dword [ebx + 0x368], 0xfed00000
mov byte [ebx + 0x36c], 1
and eax, 0xffffffb0
or eax, 0x49
mov byte [ebx + 0x365], 0xf0
mov byte [ebx + 0x366], 0xf
mov byte [ebx + 0x367], 0
mov byte [ebx + 0x476], 1
mov dword [ebx + 0x47e], 0
mov dword [ebx + 0x47a], 1
mov byte [ebx + 0x46a], al
mov byte [ebx + 0x37f], 0
mov byte [ebx + 0x256], 1

loc_fffa0d5a:
mov dword [ebp - 0x30], edx
call fcn_fffb4984  ; call 0xfffb4984
mov edx, dword [ebp - 0x30]
cmp dl, al
jae short loc_fffa0d77  ; jae 0xfffa0d77
movzx eax, dl
inc edx
imul eax, eax, 0x2c
mov byte [ebx + eax + 0x58], 1
jmp short loc_fffa0d5a  ; jmp 0xfffa0d5a

loc_fffa0d77:
and byte [ebx + 0x45e], 0xf7
xor edx, edx

loc_fffa0d80:
mov dword [ebp - 0x30], edx
call fcn_fffb4984  ; call 0xfffb4984
mov edx, dword [ebp - 0x30]
cmp dl, al
jae short loc_fffa0df1  ; jae 0xfffa0df1
cmp dword [ebp - 0x2c], 2
movzx eax, dl
jne short loc_fffa0dad  ; jne 0xfffa0dad
imul eax, eax, 0x2c
lea eax, [ebx + eax + 0x50]
mov word [eax + 0xa], 0x1003
mov word [eax + 0xc], 0x1003
jmp short loc_fffa0dc6  ; jmp 0xfffa0dc6

loc_fffa0dad:
cmp dword [ebp - 0x2c], 1
jne short loc_fffa0dc6  ; jne 0xfffa0dc6
imul eax, eax, 0x2c
lea eax, [ebx + eax + 0x50]
mov word [eax + 0xa], 0x846
mov word [eax + 0xc], 0x846

loc_fffa0dc6:
movzx eax, dl
inc edx
imul eax, eax, 0x2c
add eax, ebx
mov byte [eax + 0x59], 0
mov byte [eax + 0x5e], 2
mov byte [eax + 0x5f], 2
mov word [eax + 0x60], 0x3c
mov byte [eax + 0x62], 2
mov byte [eax + 0x63], 2
mov word [eax + 0x64], 0x3c
jmp short loc_fffa0d80  ; jmp 0xfffa0d80

loc_fffa0df1:
mov al, byte [ebx + 0x446]
or byte [ebx + 0x442], 7
and byte [ebx + 0x45e], 0xf9
and eax, 0xffffffcc
or eax, 0xc
mov byte [ebx + 0x446], al
mov al, byte [ebx + 0x486]
mov dword [ebx + 0x44a], 0
mov dword [ebx + 0x44e], 2
mov dword [ebx + 0x452], 4
and eax, 0xffffffc1
or eax, 0x32
mov byte [ebx + 0x486], al
mov al, byte [ebx + 0x49e]
mov dword [ebx + 0x456], 3
mov dword [ebx + 0x45a], 3
mov byte [ebx + 0x462], 4
or eax, 1
and eax, 0xffffffbd
mov byte [ebx + 0x49e], al
xor eax, eax
mov byte [ebx + 0x10], 0xdd

loc_fffa0e74:
mov dword [ebx + eax*4 + 0x1ba], 0
inc eax
cmp eax, 8
jne short loc_fffa0e74  ; jne 0xfffa0e74
cmp dword [ebp - 0x2c], 2
lea eax, [ebx + 0x4de]
lea esi, [ebx + 0x527]
jne short loc_fffa0ebf  ; jne 0xfffa0ebf
mov byte [ebx + 0x526], 5
push ecx
push 0x28
push ref_fffd6168  ; push 0xfffd6168
push eax
call fcn_fffab101  ; call 0xfffab101
add esp, 0xc
mov byte [ebx + 0x553], 9
push 0x24
push ref_fffd6144  ; push 0xfffd6144
jmp short loc_fffa0ee5  ; jmp 0xfffa0ee5

loc_fffa0ebf:
mov byte [ebx + 0x526], 6
push edx
push 0x30
push ref_fffd6114  ; push 0xfffd6114
push eax
call fcn_fffab101  ; call 0xfffab101
add esp, 0xc
mov byte [ebx + 0x553], 6
push 0x18
push ref_fffd60fc  ; push 0xfffd60fc

loc_fffa0ee5:
push esi
call fcn_fffab101  ; call 0xfffab101
add esp, 0x10
sub esp, 0xc
push dword [ebp - 0x38]
call fcn_fffab5db  ; call 0xfffab5db
add esp, 0x10

loc_fffa0efc:
sub esp, 0xc
push 0x15
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov edi, eax
test eax, eax
je loc_fffa10af  ; je 0xfffa10af
sub esp, 0xc
push 0xc
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov dword [ebp - 0x2c], eax
test eax, eax
je loc_fffa10af  ; je 0xfffa10af
sub esp, 0xc
push 5
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
test eax, eax
mov dword [ebp - 0x34], eax
je loc_fffa10af  ; je 0xfffa10af
sub esp, 0xc
push 0xc
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
test eax, eax
mov dword [ebp - 0x30], eax
je loc_fffa10af  ; je 0xfffa10af
sub esp, 0xc
push 0x1d
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov ebx, eax
test eax, eax
je loc_fffa10af  ; je 0xfffa10af
sub esp, 0xc
push 0x13
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov esi, eax
test eax, eax
je loc_fffa10af  ; je 0xfffa10af
mov edx, dword [ebp - 0x34]
mov ecx, dword [ebp - 0x30]
mov byte [edi], 0xa
mov dword [edi + 1], edx
mov dword [edi + 9], ecx
mov dword [ecx], 0
mov eax, dword [edi + 9]
mov dword [eax + 4], 0
mov dword [edi + 5], ebx
mov dword [edi + 0xd], esi
mov dword [edi + 0x11], edi
mov byte [edx + 3], 0x3f
mov byte [edx + 4], 0x3f
mov byte [edx + 2], 0
mov byte [edx], 0x62
mov byte [ebx + 6], 0
mov byte [ebx + 7], 0
mov byte [ebx + 8], 0
mov byte [ebx + 9], 0
mov byte [ebx + 1], 0
mov word [ebx + 2], 0
mov byte [ebx + 4], 0
mov byte [ebx + 5], 0
mov byte [ebx], 0
mov word [ebx + 0x11], 0x200
mov byte [ebx + 0x13], 0
mov word [ebx + 0x14], 0
mov byte [ebx + 0xa], 0
mov byte [ebx + 0xb], 1
mov byte [ebx + 0xc], 0
mov byte [ebx + 0xd], 1
call fcn_fffa6801  ; call 0xfffa6801
cmp eax, 0x40650
jne short loc_fffa1033  ; jne 0xfffa1033

loc_fffa1011:
mov byte [ebx + 0xe], 1
call fcn_fffa6801  ; call 0xfffa6801
mov byte [ebx + 0x10], 0
mov byte [ebx + 0x16], 1
cmp eax, 0x306d0
setne al
lea eax, [eax + eax*4 + 0x6a]
mov byte [ebx + 0xf], al
jmp short loc_fffa103f  ; jmp 0xfffa103f

loc_fffa1033:
call fcn_fffa6801  ; call 0xfffa6801
cmp eax, 0x306d0
je short loc_fffa1011  ; je 0xfffa1011

loc_fffa103f:
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
mov byte [ebx + 0x17], 0x14
mov byte [ebx + 0x18], 5
mov byte [ebx + 0x19], 1
mov byte [ebx + 0x1a], 0
mov byte [ebx + 0x1b], 0
mov byte [ebx + 0x1c], 0
mov word [esi], 0
mov word [esi + 2], 0
mov word [esi + 4], 0
mov word [esi + 6], 0
mov word [esi + 8], 0
mov word [esi + 0xa], 0
mov word [esi + 0xc], 0
mov word [esi + 0xe], 0
mov word [esi + 0x10], 0
mov byte [esi + 0x12], 0
mov dword [eax], 0x80000010
mov dword [eax + 4], ref_fffd65c0  ; mov dword [eax + 4], 0xfffd65c0
mov dword [eax + 8], edi
push eax
call fcn_fffab5db  ; call 0xfffab5db
add esp, 0x10

loc_fffa10af:
sub esp, 0xc
push 2
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov ebx, eax
test eax, eax
je short loc_fffa10f2  ; je 0xfffa10f2
sub esp, 0xc
push 0xc
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
test eax, eax
je short loc_fffa10f2  ; je 0xfffa10f2
sub esp, 0xc
mov dword [eax], 0x80000010
mov dword [eax + 4], ref_fffd60dc  ; mov dword [eax + 4], 0xfffd60dc
mov byte [ebx], 1
mov dword [eax + 8], ebx
push eax
call fcn_fffab5db  ; call 0xfffab5db
add esp, 0x10

loc_fffa10f2:
sub esp, 0xc
mov esi, dword [0xff7d0084]
push 0x27
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov dword [ebp - 0x2c], eax
test eax, eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 0xc
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov dword [ebp - 0x30], eax
test eax, eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 0x36
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov dword [ebp - 0x3c], eax
test eax, eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 0xd
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov dword [ebp - 0x40], eax
test eax, eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 0x102
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov ebx, eax
test eax, eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 0xdc
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov edi, eax
test eax, eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 0x6b
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
test eax, eax
mov dword [ebp - 0x54], eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 5
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov dword [ebp - 0x44], eax
test eax, eax
je loc_fffa19ec  ; je 0xfffa19ec
sub esp, 0xc
push 0x11
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
test eax, eax
mov dword [ebp - 0x50], eax
je loc_fffa19ec  ; je 0xfffa19ec
lea eax, [esi + 0xce]
mov dword [edi + 0xd0], eax
lea eax, [esi + 0x8ce]
mov dword [edi + 0xd4], eax
lea eax, [esi + 0x8e6]
mov dword [edi + 0xd8], eax
push eax
push 0
push 0x27
push dword [ebp - 0x2c]
call fcn_fffab0d1  ; call 0xfffab0d1
mov eax, dword [ebp - 0x30]
mov ecx, dword [ebp - 0x2c]
mov dword [eax], 0x80000010
mov dword [eax + 8], ecx
mov dword [eax + 4], ref_fffd661c  ; mov dword [eax + 4], 0xfffd661c
mov byte [ecx], 0x13
call fcn_fffa6801  ; call 0xfffa6801
add esp, 0x10
mov edx, dword [ebp - 0x50]
cmp eax, 0x306d0
sete cl
cmp eax, 0x40670
mov dword [ebp - 0x38], eax
sete al
mov byte [ebp - 0x34], al
or al, cl
mov byte [ebp - 0x48], cl
mov ecx, dword [ebp - 0x54]
mov byte [ebp - 0x49], al
je short loc_fffa1271  ; je 0xfffa1271
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov dword [ebp - 0x54], edx
mov dword [ebp - 0x50], ecx
mov eax, dword [eax + 0x14]
add eax, 0x10002
push eax
call fcn_fffb3d06  ; call 0xfffb3d06
mov edx, dword [ebp - 0x54]
add esp, 0x10
mov ecx, dword [ebp - 0x50]

loc_fffa1271:
mov al, byte [esi + 0x42]
mov dword [ebp - 0x54], edx
mov edx, dword [ebp - 0x3c]
mov dword [ebp - 0x50], ecx
mov ecx, dword [ebp - 0x2c]
cmp byte [ebp - 0x49], 1
mov byte [edx], al
mov al, byte [esi + 0x43]
mov byte [edx + 1], al
mov al, byte [esi + 0x44]
mov byte [edx + 2], al
mov al, byte [esi + 0x45]
mov dword [edx + 4], 0xfed10000
mov dword [edx + 8], 0xfed18000
mov dword [edx + 0xc], 0xfed19000
mov byte [edx + 3], al
mov dword [edx + 0x22], 0xfed80000
mov eax, dword [esi + 0x14]
mov dword [edx + 0x10], eax
movzx eax, word [esi + 0x18]
mov dword [edx + 0x14], eax
mov eax, dword [esi + 0x36]
mov dword [edx + 0x2b], 0x400000
mov dword [edx + 0x18], 0xfed84000
mov word [edx + 0x26], 0
mov dword [edx + 0x1c], eax
mov eax, dword [esi + 4]
mov byte [edx + 0x20], al
sbb eax, eax
mov dword [ecx + 1], edx
mov edx, dword [ebp - 0x40]
add eax, 3
mov word [edx + 2], ax
mov byte [edx + 4], 3
mov byte [edx + 5], 1
mov byte [edx + 6], 0
mov byte [edx + 7], 1
mov byte [edx + 0xc], 1
mov eax, dword [esi + 0x22]
mov word [edx], 0x800
mov dword [edx + 8], eax
mov dword [ecx + 5], edx
mov byte [ebx], 0
mov eax, dword [esi + 0x4e]
mov byte [ebx + 3], 1
mov dword [ebx + 4], 0
mov byte [ebx + 0x10], 0
mov word [ebx + 1], ax
mov byte [ebx + 0x11], 1
mov byte [ebx + 0x5d], 0xff
mov byte [ebx + 0x5e], 0x80
mov byte [ebx + 0x5f], 1
mov byte [ebx + 0x60], 1
mov byte [ebx + 0x61], 1
mov byte [ebx + 0x62], 7
mov byte [ebx + 0x63], 0
mov byte [ebx + 0xcf], 1
mov byte [ebx + 0xfe], 0
mov byte [ebx + 0xff], 0xe
mov byte [ebx + 0x100], 0
mov byte [ebx + 0xc2], 1
mov byte [ebx + 0xc3], 1
mov byte [ebx + 0xf2], 0
mov byte [ebx + 0x24], 1
mov byte [ebx + 0x25], 0
mov byte [ebx + 0x26], 0
mov byte [ebx + 0x27], 0
mov byte [ebx + 0x28], 0
mov eax, dword [esi + 0x3a]
mov byte [ebx + 0x2a], al
mov eax, dword [esi + 0x3e]
cmp dword [ebp - 0x38], 0x40650
mov byte [ebx + 0x6d], 2
mov ecx, dword [ebp - 0x50]
mov word [ebx + 0x6e], 0x30ce
mov edx, dword [ebp - 0x54]
mov byte [ebx + 0x2b], al
sete al
or al, byte [ebp - 0x48]
mov byte [ebx + 0x70], 1
mov byte [ebx + 0x71], 0
mov byte [ebx + 0x72], 0
mov byte [ebx + 0x73], 0
mov byte [ebx + 0x74], 1
mov byte [ebp - 0x3c], al
jne short loc_fffa13d8  ; jne 0xfffa13d8
cmp byte [ebp - 0x34], 0
je short loc_fffa13dc  ; je 0xfffa13dc

loc_fffa13d8:
mov byte [ebx + 0x75], 0

loc_fffa13dc:
mov al, byte [esi + 0x46]
mov byte [ebx + 0x77], 1
mov byte [ebx + 0x78], 0
mov byte [ebx + 0x79], 0
mov byte [ebx + 0x76], al
mov byte [ebx + 0x7a], 3
mov byte [ebx + 0x7b], 0
mov byte [ebx + 0x7c], 0
mov byte [ebx + 0x7d], 0
mov byte [ebx + 0x7e], 0
mov byte [ebx + 0x7f], 0
mov byte [ebx + 0x80], 0
mov word [ebx + 0x81], 0
mov byte [ebx + 0x83], 0
mov byte [ebx + 0x84], 0
mov byte [ebx + 0x85], 0
mov word [ebx + 0x86], 0
mov byte [ebx + 0x88], 0xff
mov byte [ebx + 0x89], 0xff
mov byte [ebx + 0x8a], 0xff
mov byte [ebx + 0x8b], 0xff
mov byte [ebx + 0x8c], 0xff
mov byte [ebx + 0x8d], 0xff
mov byte [ebx + 0x8e], 0xff
mov byte [ebx + 0x8f], 0xff
mov byte [ebx + 0x90], 0xff
mov byte [ebx + 0x91], 0xff
mov byte [ebx + 0x92], 0xff
mov byte [ebx + 0x93], 0xff
mov byte [ebx + 0x94], 0xff
mov byte [ebx + 0x95], 0xff
mov byte [ebx + 0x96], 0xff
mov byte [ebx + 0x97], 0xff
mov byte [ebx + 0x98], 0
mov byte [ebx + 0x99], 0
mov byte [ebx + 0x9a], 0
mov byte [ebx + 0x9b], 0
mov byte [ebx + 0x9c], 0
mov byte [ebx + 0x9d], 0
mov byte [ebx + 0x9e], 0
mov byte [ebx + 0x9f], 0
mov byte [ebx + 0xa0], 0
mov byte [ebx + 0xa1], 0
mov byte [ebx + 0xa2], 0
mov byte [ebx + 0xa3], 0
mov byte [ebx + 0xa4], 0
mov byte [ebx + 0xa5], 0
mov byte [ebx + 0xa6], 0
mov byte [ebx + 0xa7], 0
mov byte [ebx + 0xa8], 0
mov byte [ebx + 0xa9], 0
mov byte [ebx + 0xaa], 0
mov byte [ebx + 0xab], 0
cmp dword [esi + 0x52], 0
mov word [ebx + 0xad], 0x200
mov byte [ebx + 0xaf], 0
sete byte [ebx + 0xac]
cmp byte [ebp - 0x3c], 0
mov byte [ebx + 0xb0], 0x30
jne short loc_fffa155e  ; jne 0xfffa155e
cmp byte [ebp - 0x34], 0
je short loc_fffa156c  ; je 0xfffa156c

loc_fffa155e:
mov byte [ebx + 0xb1], 1
mov byte [ebx + 0xb2], 0x40

loc_fffa156c:
mov byte [ebx + 0x101], 0xff
mov byte [ebx + 0x2e], 1
mov byte [ebx + 0x2f], 0
mov byte [ebx + 0x30], 4
mov byte [ebx + 0x31], 0xc
mov byte [ebx + 0x6b], 0
mov byte [ebx + 0x32], 0
mov byte [ebx + 0x33], 1
mov byte [ebx + 0x34], 1
mov byte [ebx + 0x35], 1
mov byte [ebx + 0x36], 1
mov byte [ebx + 0x37], 0
mov byte [ebx + 0x38], 1
mov byte [ebx + 0x39], 1
mov byte [ebx + 0x3a], 1
mov byte [ebx + 0x3b], 0
mov byte [ebx + 0x3c], 1
mov byte [ebx + 0x3e], 1
mov byte [ebx + 0x3f], 0
mov byte [ebx + 0x40], 1
mov byte [ebx + 0x41], 1
mov byte [ebx + 0x42], 1
mov byte [ebx + 0x5c], 1
mov byte [ebx + 0x43], 1
mov byte [ebx + 0x44], 1
mov byte [ebx + 0x47], 1
mov byte [ebx + 0x48], 1
mov byte [ebx + 0x49], 1
mov byte [ebx + 0x4a], 0
mov byte [ebx + 0x4b], 0
mov byte [ebx + 0x58], 0
mov byte [ebx + 0x59], 0
mov byte [ebx + 0x5a], 1
mov byte [ebx + 0x6a], 1
mov byte [ebx + 0xc5], 1
mov byte [ebx + 0xce], 1
cmp dword [esi + 0x56], 0
mov byte [ebx + 0xd0], 1
mov byte [ebx + 0x2c], 1
sete byte [ebx + 0xfd]
cmp byte [ebp - 0x3c], 0
mov byte [ebx + 0x55], 0
mov byte [ebx + 0x56], 1
mov word [ebx + 0x4c], 0
mov dword [ebx + 0x4e], 0
mov byte [ebx + 0x53], 2
mov byte [ebx + 0x54], 0
mov dword [ebx + 0x64], 0x5f5e100
mov byte [ebx + 0xc4], 0
mov byte [ebx + 0x5b], 1
mov byte [ebx + 0xf3], 1
mov byte [ebx + 0xc7], 0
mov al, byte [esi + 0x4a]
mov byte [ebx + 0x57], al
jne short loc_fffa166a  ; jne 0xfffa166a
cmp byte [ebp - 0x34], 0
jmp short loc_fffa1671  ; jmp 0xfffa1671

loc_fffa166a:
cmp dword [ebp - 0x38], 0x40650

loc_fffa1671:
je short loc_fffa16f2  ; je 0xfffa16f2
mov byte [ebx + 0xfc], 0
mov byte [ebx + 0xd1], 0
mov dword [ebx + 0xd2], 0
mov dword [ebx + 0xd6], 0
mov dword [ebx + 0xda], 0
mov dword [ebx + 0xde], 0
mov dword [ebx + 0xe2], 0
mov dword [ebx + 0xe6], 0
mov dword [ebx + 0xea], 0
mov dword [ebx + 0xee], 0
mov byte [ebx + 0xf4], 1
mov dword [ebx + 0xf5], 0x320
mov word [ebx + 0xf9], 0x118
mov byte [ebx + 0xfb], 7

loc_fffa16f2:
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov dword [ebp - 0x40], edx
mov dword [ebp - 0x3c], ecx
mov eax, dword [eax + 0x14]
add eax, 2
push eax
call fcn_fffb3d06  ; call 0xfffb3d06
add esp, 0x10
mov edx, dword [ebp - 0x40]
mov dword [ebp - 0x38], 1
cmp ax, 0xa04
sete cl
cmp ax, 0xc04
mov word [ebp - 0x34], ax
sete al
or cl, al
mov ecx, dword [ebp - 0x3c]
jne short loc_fffa175d  ; jne 0xfffa175d
cmp word [ebp - 0x34], 0xa0c
sete al
cmp word [ebp - 0x34], 0xd04
sete byte [ebp - 0x3c]
or al, byte [ebp - 0x3c]
jne short loc_fffa175d  ; jne 0xfffa175d
mov eax, dword [ebp - 0x34]
and eax, 0xffffffef
cmp ax, 0x1604
sete al
movzx eax, al
mov dword [ebp - 0x38], eax

loc_fffa175d:
mov al, byte [ebp - 0x38]
mov word [ebx + 0xc8], 0xcf8
mov word [ebx + 0xca], 0xcfc
mov byte [ebx + 0xcc], 0xaa
mov byte [ebx + 0xc6], al
mov dword [edi], fcn_fffa5b74  ; mov dword [edi], 0xfffa5b74
mov dword [edi + 4], fcn_fffb3f0f  ; mov dword [edi + 4], 0xfffb3f0f
mov dword [edi + 8], fcn_fffaafc2  ; mov dword [edi + 8], 0xfffaafc2
mov dword [edi + 0xc], fcn_fffa5b68  ; mov dword [edi + 0xc], 0xfffa5b68
mov dword [edi + 0x10], fcn_fffb3f28  ; mov dword [edi + 0x10], 0xfffb3f28
mov dword [edi + 0x14], fcn_fffaafda  ; mov dword [edi + 0x14], 0xfffaafda
mov dword [edi + 0x18], fcn_fffb3cfc  ; mov dword [edi + 0x18], 0xfffb3cfc
mov dword [edi + 0x1c], fcn_fffb3d06  ; mov dword [edi + 0x1c], 0xfffb3d06
mov dword [edi + 0x20], fcn_fffb3d4e  ; mov dword [edi + 0x20], 0xfffb3d4e
mov dword [edi + 0x24], fcn_fffb3dc0  ; mov dword [edi + 0x24], 0xfffb3dc0
mov dword [edi + 0x28], fcn_fffb3db3  ; mov dword [edi + 0x28], 0xfffb3db3
mov dword [edi + 0x2c], fcn_fffb3d20  ; mov dword [edi + 0x2c], 0xfffb3d20
mov dword [edi + 0x30], fcn_fffb3d84  ; mov dword [edi + 0x30], 0xfffb3d84
mov dword [edi + 0x34], fcn_fffa5bcf  ; mov dword [edi + 0x34], 0xfffa5bcf
mov dword [edi + 0x38], fcn_fffab48f  ; mov dword [edi + 0x38], 0xfffab48f
mov dword [edi + 0x3c], fcn_fffab4e0  ; mov dword [edi + 0x3c], 0xfffab4e0
mov dword [edi + 0x40], fcn_fffab4b3  ; mov dword [edi + 0x40], 0xfffab4b3
mov dword [edi + 0x44], fcn_fffb44dc  ; mov dword [edi + 0x44], 0xfffb44dc
mov dword [edi + 0x48], fcn_fffc3868  ; mov dword [edi + 0x48], 0xfffc3868
mov dword [edi + 0x4c], fcn_fffc3844  ; mov dword [edi + 0x4c], 0xfffc3844
mov dword [edi + 0x50], fcn_fffb3ddc  ; mov dword [edi + 0x50], 0xfffb3ddc
mov dword [edi + 0x54], fcn_fffb742b  ; mov dword [edi + 0x54], 0xfffb742b
mov dword [edi + 0x58], fcn_fffab101  ; mov dword [edi + 0x58], 0xfffab101
mov dword [edi + 0x5c], fcn_fffab0d1  ; mov dword [edi + 0x5c], 0xfffab0d1
mov dword [edi + 0x60], fcn_fffa5c15  ; mov dword [edi + 0x60], 0xfffa5c15
mov dword [edi + 0x64], fcn_fffa5bfd  ; mov dword [edi + 0x64], 0xfffa5bfd
mov dword [edi + 0x68], fcn_fffab0f8  ; mov dword [edi + 0x68], 0xfffab0f8
mov dword [edi + 0x6c], fcn_fffab0ef  ; mov dword [edi + 0x6c], 0xfffab0ef
mov dword [edi + 0x70], fcn_fffa5c8a  ; mov dword [edi + 0x70], 0xfffa5c8a
mov eax, dword [ebp - 0x2c]
mov dword [edi + 0x74], fcn_fffab0c8  ; mov dword [edi + 0x74], 0xfffab0c8
mov dword [edi + 0x78], fcn_fffb45e9  ; mov dword [edi + 0x78], 0xfffb45e9
mov dword [edi + 0x7c], fcn_fffab039  ; mov dword [edi + 0x7c], 0xfffab039
mov dword [edi + 0x80], fcn_fffb4ecf  ; mov dword [edi + 0x80], 0xfffb4ecf
mov dword [edi + 0x84], fcn_fffb506c  ; mov dword [edi + 0x84], 0xfffb506c
mov dword [edi + 0x88], fcn_fffa5bc8  ; mov dword [edi + 0x88], 0xfffa5bc8
mov dword [edi + 0x8c], fcn_fffa5bc0  ; mov dword [edi + 0x8c], 0xfffa5bc0
mov dword [edi + 0x90], fcn_fffa5b97  ; mov dword [edi + 0x90], 0xfffa5b97
mov dword [edi + 0x94], fcn_fffb73dd  ; mov dword [edi + 0x94], 0xfffb73dd
mov dword [edi + 0x98], fcn_fffab06a  ; mov dword [edi + 0x98], 0xfffab06a
mov dword [edi + 0x9c], fcn_fffaaffb  ; mov dword [edi + 0x9c], 0xfffaaffb
mov dword [edi + 0xa0], fcn_fffa5b8d  ; mov dword [edi + 0xa0], 0xfffa5b8d
mov dword [edi + 0xa4], fcn_fffa5b7d  ; mov dword [edi + 0xa4], 0xfffa5b7d
mov dword [edi + 0xa8], fcn_fffab06f  ; mov dword [edi + 0xa8], 0xfffab06f
mov dword [eax + 9], ebx
mov dword [eax + 0x1e], edi
xor eax, eax
mov byte [ecx], 0
mov byte [ecx + 1], 1
mov byte [ecx + 2], 1
mov byte [ecx + 3], 1
mov byte [ecx + 4], 0
mov byte [ecx + 5], 0
mov byte [ecx + 6], 0
mov byte [ecx + 7], 0
mov byte [ecx + 0x5c], 0xff
mov byte [ecx + 0x61], 0
mov byte [ecx + 0x5d], 0xff
mov byte [ecx + 0x62], 0
mov byte [ecx + 0x5e], 0xff
mov byte [ecx + 0x63], 0
mov byte [ecx + 8], 1
mov byte [ecx + 0x39], 0
mov byte [ecx + 0x40], 2
mov byte [ecx + 0x5f], 0
mov byte [ecx + 0x60], 0
mov byte [ecx + 0x64], 2
mov word [ecx + 0x65], 0x2710
mov word [ecx + 0x67], 2
mov byte [ecx + 0x69], 2
mov byte [ecx + 0x6a], 2
mov byte [ecx + 0x3b], 1
mov byte [ecx + 0x48], 0
mov word [ecx + 0x3c], 0x3e8
mov byte [ecx + 0x3f], 0xf
mov byte [ecx + 0x42], 0x14
mov word [ecx + 0x50], 1

loc_fffa1956:
mov byte [ecx + eax + 9], 8
mov byte [ecx + eax + 0x19], 7
mov byte [ecx + eax + 0x29], 2
inc eax
cmp eax, 0x10
jne short loc_fffa1956  ; jne 0xfffa1956
mov eax, dword [ebp - 0x44]
mov byte [ecx + 0x49], 0
mov byte [eax], 0
xor eax, eax
mov byte [ecx + 0x52], 0
mov byte [ecx + 0x53], 0

loc_fffa197f:
mov byte [ecx + eax + 0x54], 8
inc eax
cmp eax, 8
jne short loc_fffa197f  ; jne 0xfffa197f
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
mov dword [ecx + 0x44], 0
mov dword [eax + 0xd], ecx
mov ecx, eax
mov word [edx], 0
mov word [edx + 2], 0
mov word [edx + 4], 0
mov word [edx + 6], 0
mov word [edx + 8], 0
mov byte [edx + 0xa], 0
mov byte [edx + 0xb], 0
mov word [edx + 0xc], 0
mov word [edx + 0xe], 0
mov byte [edx + 0x10], 0
mov dword [eax + 0x11], edx
mov byte [eax + 0x22], 0
mov eax, dword [esi + 0x8f6]
mov dword [ecx + 0x15], eax
push dword [ebp - 0x30]
call fcn_fffab5db  ; call 0xfffab5db
add esp, 0x10

loc_fffa19ec:
sub esp, 0xc
push ref_fffd5f93  ; push 0xfffd5f93
call mrc_printk  ; call 0xfffb76e3
mov dword [esp], ref_fffd6594  ; mov dword [esp], 0xfffd6594
call fcn_fffab5db  ; call 0xfffab5db
mov dword [esp], 0x20
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov ebx, eax
test eax, eax
je short loc_fffa1a74  ; je 0xfffa1a74
mov dword [eax + 0x14], fcn_fffb4a59  ; mov dword [eax + 0x14], 0xfffb4a59
sub esp, 0xc
mov dword [eax + 0xc], 0x53524549
mov dword [eax + 0x10], 0
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
lea edx, [eax + 0xf8000]
add eax, 0xf80f0
mov dword [ebx + 0x1c], edx
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [ebx], 0x80000010
mov dword [ebx + 4], ref_fffd65a0  ; mov dword [ebx + 4], 0xfffd65a0
and eax, 0xffffc000
mov dword [ebx + 0x18], eax
lea eax, [ebx + 0x14]
mov dword [ebx + 8], eax
mov dword [esp], ebx
call fcn_fffab5db  ; call 0xfffab5db
add esp, 0x10

loc_fffa1a74:
push ebx
push ebx
lea eax, [ebp - 0x1c]
push eax
push 0x11b
call fcn_fffab60f  ; call 0xfffab60f
add esp, 0x10
test eax, eax
jns short loc_fffa1a92  ; jns 0xfffa1a92
mov dword [ebp - 0x1c], 0

loc_fffa1a92:
mov ebx, dword [ebp - 0x1c]
test ebx, ebx
je loc_fffa1b43  ; je 0xfffa1b43
mov edx, ebx
mov eax, 0xff7d0278
call fcn_fffab505  ; call 0xfffab505
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov edi, dword [eax + 0x14]
mov eax, dword [ebx + 8]
lea esi, [edi + 0xfb020]
push esi
mov dword [ebp - 0x2c], eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
pop edx
pop ecx
and eax, 0xffe0
or eax, dword [ebp - 0x2c]
push eax
push esi
call fcn_fffb3d84  ; call 0xfffb3d84
mov al, byte [edi + 0xfb004]
or eax, 1
mov byte [edi + 0xfb004], al
mov al, byte [edi + 0xfb040]
or eax, 0x10
mov byte [edi + 0xfb040], al
mov al, byte [edi + 0xfb040]
or eax, 8
mov byte [edi + 0xfb040], al
mov al, byte [edi + 0xfb040]
and eax, 0xfffffff9
or eax, 1
mov byte [edi + 0xfb040], al
pop esi
pop edi
push 0xff
push 0
call fcn_fffb47e9  ; call 0xfffb47e9
lea eax, [ebx + 0xc]
add ebx, 0x38
mov dword [esp], eax
call fcn_fffab5db  ; call 0xfffab5db
call fcn_fffab405  ; call 0xfffab405
pop edx
pop ecx
mov edx, dword [eax]
push ebx
push eax
call dword [edx + 0x24]  ; ucall
add esp, 0x10

loc_fffa1b43:
sub esp, 0xc
mov esi, ref_fffd65d0  ; mov esi, 0xfffd65d0
push ref_fffd5fcb  ; push 0xfffd5fcb
call mrc_printk  ; call 0xfffb76e3
lea eax, [ebp - 0x24]
push eax
push 0
push 0
push ref_fffd661c  ; push 0xfffd661c
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x1c
mov ebx, dword [ebp - 0x24]
lea eax, [ebp - 0x20]
push eax
push 0x73
push 4
call fcn_fffab5ba  ; call 0xfffab5ba
mov eax, dword [ebp - 0x20]
mov ecx, 4
lea edi, [eax + 8]
add eax, 0x18
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
pop edx
pop ecx
push 8
push eax
call fcn_fffac673  ; call 0xfffac673
mov eax, dword [ebp - 0x20]
pop esi
pop edi
add eax, 0x20
push 8
push eax
call fcn_fffac673  ; call 0xfffac673
pop eax
mov eax, dword [ebp - 0x20]
pop edx
add eax, 0x29
push 0x21
push eax
call fcn_fffac673  ; call 0xfffac673
mov eax, dword [ebp - 0x20]
add esp, 0x10
mov byte [eax + 0x28], 0
mov byte [eax + 0x71], 0
cmp byte [ebx], 1
jbe short loc_fffa1bd2  ; jbe 0xfffa1bd2
mov edx, dword [ebx + 0xd]
mov dl, byte [edx + 0x49]
mov byte [eax + 0x4a], dl
jmp short loc_fffa1bd6  ; jmp 0xfffa1bd6

loc_fffa1bd2:
mov byte [eax + 0x4a], 0

loc_fffa1bd6:
mov edx, dword [ebx + 5]
mov dl, byte [edx + 7]
mov byte [eax + 0x72], dl
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd65c0  ; push 0xfffd65c0
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [ebp - 0x1c]
add esp, 0x10
mov edx, dword [eax + 9]
cmp dword [edx + 4], 0
je short loc_fffa1c29  ; je 0xfffa1c29
mov ebx, dword [ebp - 0x20]
mov byte [ebx + 0x18], 1
mov edx, dword [eax + 1]
cmp byte [edx], 0
jns short loc_fffa1c29  ; jns 0xfffa1c29
push ecx
push 0x14
mov eax, dword [eax + 9]
mov eax, dword [eax + 4]
push dword [eax + 0x1c]
push dword [eax + 0x18]
call fcn_fffab0ef  ; call 0xfffab0ef
add esp, 0x10
mov byte [ebx + 0x19], al

loc_fffa1c29:
mov eax, dword [ebp - 0x20]
mov byte [eax + 0x20], 2
mov edx, dword [ebp - 0x1c]
mov ecx, dword [edx + 1]
test byte [ecx], 0x10
je short loc_fffa1c49  ; je 0xfffa1c49
mov edx, dword [edx + 9]
mov edx, dword [edx]
mov dl, byte [edx + 0x301]
mov byte [eax + 0x21], dl

loc_fffa1c49:
sub esp, 0xc
push ref_fffd65e0  ; push 0xfffd65e0
call fcn_fffab5db  ; call 0xfffab5db
mov dword [esp], ref_fffd5faa  ; mov dword [esp], 0xfffd5faa
call mrc_printk  ; call 0xfffb76e3
mov dword [esp], 0x19
call fcn_fffb8358  ; call 0xfffb8358
add esp, 0x10
mov ebx, eax
test eax, eax
je short loc_fffa1cea  ; je 0xfffa1cea
mov dword [eax], 0x4943524d
lea eax, [eax + 0x14]
mov dword [eax - 0x10], 0x80000020
lea esi, [ebx + 4]
mov dword [eax - 8], fcn_fffcd152  ; mov dword [eax - 8], 0xfffcd152
mov dword [eax - 4], 0
mov byte [eax + 4], 0
mov dword [eax], 0
push eax
push 0
push 0
push ref_fffd65fc  ; push 0xfffd65fc
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [ebx + 0x14]
add esp, 0x10
test eax, eax
je short loc_fffa1cd9  ; je 0xfffa1cd9
test byte [eax + 1], 1
je short loc_fffa1cd9  ; je 0xfffa1cd9
mov dword [ebx + 8], ref_fffd65ec  ; mov dword [ebx + 8], 0xfffd65ec
call fcn_fffab405  ; call 0xfffab405
push edx
push edx
mov edx, dword [eax]
push esi
push eax
call dword [edx + 0x24]  ; ucall
add esp, 0x10

loc_fffa1cd9:
push edi
push 0
push esi
push 0xff7d0278
call fcn_fffcd152  ; call 0xfffcd152
add esp, 0x10

loc_fffa1cea:
call fcn_fffab5f3  ; call 0xfffab5f3
push ebx
push ebx
push eax
push ref_fffd660c  ; push 0xfffd660c
call fcn_fffc5551  ; call 0xfffc5551
add esp, 0x10
mov esi, eax
test eax, eax
jne short loc_fffa1d21  ; jne 0xfffa1d21
mov eax, dword [ebp + 8]
mov dword [eax + 0x906], 0
mov dword [eax + 0x902], 0
jmp near loc_fffa1e75  ; jmp 0xfffa1e75

loc_fffa1d21:
mov eax, dword [eax + 0x20]
mov ecx, dword [ebp + 8]
mov byte [ebp - 0x2c], 0
mov dword [ecx + 0x906], eax
lea eax, [esi + 0x20]
mov dword [ecx + 0x902], eax
mov byte [ecx + 0x90a], 0
mov eax, dword [esi + 0x245b]
mov dword [ebp - 0x34], eax
lea eax, [esi + 0x1092]
mov dword [ebp - 0x38], eax

loc_fffa1d53:
mov al, byte [ebp - 0x2c]
mov dword [ebp - 0x30], 0
add eax, eax
mov byte [ebp - 0x40], al
mov eax, dword [ebp - 0x38]
lea edi, [eax + 0x25d]
mov ecx, eax

loc_fffa1d6d:
mov edx, dword [ebp - 0x30]
mov al, byte [ebp - 0x40]
mov byte [ebp - 0x44], dl
add eax, edx
cmp dword [ecx], 2
mov byte [ebp - 0x3c], al
jne loc_fffa1e4b  ; jne 0xfffa1e4b
mov eax, dword [ebp + 8]
mov edx, dword [ebp + 8]
movzx eax, byte [eax + 0x90a]
imul eax, eax, 0x28
lea eax, [edx + eax + 0x900]
mov edx, dword [esi + 0x2498]
mov dword [ebp - 0x48], eax
lea ebx, [eax + 0xb]
cmp edx, 2
je short loc_fffa1dc5  ; je 0xfffa1dc5
cmp edx, 3
je short loc_fffa1dcd  ; je 0xfffa1dcd
dec edx
mov eax, 0xff
mov edx, 0x18
cmove eax, edx
mov word [ebx + 4], ax
jmp short loc_fffa1dd3  ; jmp 0xfffa1dd3

loc_fffa1dc5:
mov word [ebx + 4], 0x1a
jmp short loc_fffa1dd3  ; jmp 0xfffa1dd3

loc_fffa1dcd:
mov word [ebx + 4], 0x1d

loc_fffa1dd3:
mov eax, dword [esi + 0x1837]
mov edx, dword [ebp - 0x48]
mov dword [ebp - 0x48], ecx
mov word [ebx + 6], ax
mov eax, dword [ecx + 0xe1]
mov dword [edx + 0xb], eax
mov al, byte [ecx + 0xed]
mov byte [ebx + 8], al
mov al, byte [ebp - 0x2c]
mov byte [ebx + 9], al
mov al, byte [ebp - 0x44]
mov byte [ebx + 0xa], al
mov al, byte [ebp - 0x3c]
mov byte [ebx + 0xb], al
lea eax, [ebx + 0x11]
push ecx
push 0x12
push edi
push eax
mov eax, dword [ebp - 0x34]
call dword [eax + 0x58]  ; ucall
add esp, 0xc
push 4
lea eax, [edi - 6]
push eax
lea eax, [ebx + 0xc]
push eax
mov eax, dword [ebp - 0x34]
call dword [eax + 0x58]  ; ucall
mov ax, word [edi - 0xb]
add esp, 0x10
mov ecx, dword [ebp - 0x48]
mov word [ebx + 0x24], ax
mov al, byte [edi - 0xd]
mov byte [ebx + 0x26], al
mov al, byte [edi - 0xc]
mov byte [ebx + 0x27], al
mov eax, dword [ebp + 8]
inc byte [eax + 0x90a]

loc_fffa1e4b:
inc dword [ebp - 0x30]
add ecx, 0x128
add edi, 0x21
cmp dword [ebp - 0x30], 2
jne loc_fffa1d6d  ; jne 0xfffa1d6d
inc byte [ebp - 0x2c]
add dword [ebp - 0x38], 0x433
cmp byte [ebp - 0x2c], 2
jne loc_fffa1d53  ; jne 0xfffa1d53

loc_fffa1e75:
sub esp, 0xc
push ref_fffd5fbf  ; push 0xfffd5fbf
call mrc_printk  ; call 0xfffb76e3
add esp, 0x10
xor eax, eax

loc_fffa1e87:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa1e8f:
push ebp
mov ebp, esp
push edi
push esi
mov esi, edx
push ebx
sub esp, 0x6214
push 0x5ee4
lea edi, [ebp - 0x5efc]
push edi
mov dword [ebp - 0x6208], ecx
mov dword [ebp - 0x6204], eax
call fcn_fffac673  ; call 0xfffac673
pop ebx
pop eax
lea ebx, [ebp - 0x60c7]
push 0x1cb
push ebx
call fcn_fffac673  ; call 0xfffac673
lea eax, [ebp - 0x6173]
mov dword [ebp - 0x3ab9], eax
mov eax, dword [ref_fffd3288]  ; mov eax, dword [0xfffd3288]
lea edx, [ebp - 0x61c0]
mov dword [ebp - 0x20], ebx
mov dword [ebp - 0x60c3], edx
mov dword [ebp - 0x6200], edx
mov dword [ebp - 0x5efc], eax
lea eax, [ebp - 0x61e8]
push eax
push 0
push 0
push ref_fffd661c  ; push 0xfffd661c
mov dword [ebp - 0x60c7], 0x1cb
mov dword [ebp - 0x5ef8], 0x5ee4
mov dword [ebp - 0x5ef4], 0x1866
mov dword [ebp - 0x468e], 0xbdd
mov dword [ebp - 0x3ab1], 0x3a91
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [ebp - 0x61e8]
add esp, 0x20
mov edx, dword [ebp - 0x3ab9]
mov ecx, dword [eax + 9]
mov ebx, dword [eax + 0x1e]
mov dword [ebp - 0x61fc], edx
mov dword [ebx + 0xac], fcn_fffc6ea0  ; mov dword [ebx + 0xac], 0xfffc6ea0
mov dword [ebx + 0xb0], fcn_fffc45f9  ; mov dword [ebx + 0xb0], 0xfffc45f9
mov dword [ebx + 0xb4], fcn_fffac81d  ; mov dword [ebx + 0xb4], 0xfffac81d
mov dword [ebx + 0xb8], fcn_fffc3bd3  ; mov dword [ebx + 0xb8], 0xfffc3bd3
mov dword [ebx + 0xbc], fcn_fffcc900  ; mov dword [ebx + 0xbc], 0xfffcc900
mov dword [ebx + 0xc0], fcn_fffac7e7  ; mov dword [ebx + 0xc0], 0xfffac7e7
mov dword [ebx + 0xc4], fcn_fffa9178  ; mov dword [ebx + 0xc4], 0xfffa9178
mov dword [ebx + 0xc8], fcn_fffcc4cb  ; mov dword [ebx + 0xc8], 0xfffcc4cb
mov dword [ebx + 0xcc], fcn_fffa8c9b  ; mov dword [ebx + 0xcc], 0xfffa8c9b
mov dword [ebp - 0x3ae1], eax
mov ax, word [ecx + 0xc8]
mov word [ebp - 0x3ae5], ax
mov ax, word [ecx + 0xca]
mov word [ebp - 0x3ae3], ax
call fcn_fffa6801  ; call 0xfffa6801
sub esp, 0xc
lea ecx, [ebp - 0x61c4]
push ecx
lea ecx, [ebp - 0x61c8]
push ecx
lea ecx, [ebp - 0x61cc]
push ecx
mov dword [ebp - 0x3aea], eax
lea eax, [ebp - 0x61d0]
push eax
push 1
call fcn_fffd28d0  ; call 0xfffd28d0
add esp, 0x1c
mov eax, dword [ebp - 0x61d0]
push 0xac
push ebx
push dword [ebp - 0x61fc]
and eax, 0xf
mov byte [ebp - 0x3ae6], al
call dword [ebx + 0x58]  ; ucall
mov edx, dword [ebp - 0x6200]
add esp, 0xc
push 0x4d
push ref_fffd3238  ; push 0xfffd3238
push edx
call dword [ebp - 0x611b]  ; ucall
call fcn_fffab405  ; call 0xfffab405
pop edx
pop ecx
lea ecx, [ebp - 0x61e0]
mov edx, dword [eax]
push ecx
push eax
call dword [edx + 0x28]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x61e0], 0x11
je short loc_fffa20a7  ; je 0xfffa20a7
lea eax, [ebp - 0x61e4]
push ecx
push eax
push 0x5efd
push 4
call fcn_fffab5ba  ; call 0xfffab5ba
add esp, 0x10
test eax, eax
js short loc_fffa20b1  ; js 0xfffa20b1
mov ebx, dword [ebp - 0x61e4]
push eax
push 0x10
push ref_fffd660c  ; push 0xfffd660c
lea eax, [ebx + 8]
add ebx, 0x18
push eax
call fcn_fffab101  ; call 0xfffab101
pop eax
pop edx
push 0x5ee5
push ebx
call fcn_fffac673  ; call 0xfffac673
add esp, 0x10
jmp short loc_fffa20b1  ; jmp 0xfffa20b1

loc_fffa20a7:
mov dword [ebp - 0x61e4], 0

loc_fffa20b1:
mov eax, dword [ebp - 0x61e8]
mov edx, dword [eax + 9]
mov eax, 5
cmp byte [edx + 0x55], 0
jne short loc_fffa20c9  ; jne 0xfffa20c9
movzx eax, byte [edx + 0x2d]

loc_fffa20c9:
mov edx, dword [ebp - 0x61e0]
mov dword [ebp - 0x45fe], eax
mov dword [ebp - 0x4602], esi
cmp edx, 0x11
je short loc_fffa20eb  ; je 0xfffa20eb
mov eax, dword [ebp - 0x61e4]
add eax, 0x18
jmp short loc_fffa20ed  ; jmp 0xfffa20ed

loc_fffa20eb:
xor eax, eax

loc_fffa20ed:
push ecx
push ecx
push 0xdd00
push edi
mov dword [ebp - 0x460a], eax
xor eax, eax
cmp edx, 0x11
mov edx, 0xfbe8
cmovne eax, edx
mov dword [ebp - 0x4606], eax
call dword [ebp - 0x60df]  ; ucall
lea edx, [ebp - 0x61c4]
mov edi, dword [ebp - 0x3ab9]
mov dword [esp], edx
lea edx, [ebp - 0x61c8]
push edx
lea edx, [ebp - 0x61cc]
push edx
lea eax, [ebp - 0x61d0]
push eax
push 1
mov byte [ebp - 0x61e9], 0
call fcn_fffd28d0  ; call 0xfffd28d0
add esp, 0x20
test byte [ebp - 0x61c8], 0x40
je short loc_fffa21cf  ; je 0xfffa21cf
sub esp, 0xc
push 0x2e7
call dword [edi + 0xa0]  ; ucall
add esp, 0x10
test al, 6
je short loc_fffa21cf  ; je 0xfffa21cf
lea eax, [ebp - 0x61d4]
mov ebx, 0x2ee
push eax
push 0
push 0
push ref_fffd604c  ; push 0xfffd604c
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x10

loc_fffa2184:
mov eax, dword [esi]
mov eax, dword [eax + 0x60]
push 0
push 0xfed40000
push eax
push esi
call dword [eax + 0x30]  ; ucall
add esp, 0x10
cmp al, 0xff
je short loc_fffa21bc  ; je 0xfffa21bc
test al, al
js loc_fffa2abe  ; js 0xfffa2abe
mov eax, dword [ebp - 0x61d4]
push edx
push 0x3e8
push eax
push esi
call dword [eax + 4]  ; ucall
add esp, 0x10
dec bx
jne short loc_fffa2184  ; jne 0xfffa2184

loc_fffa21bc:
push ebx
push 0
push 0
push 0x2e6
call dword [edi + 0xa4]  ; ucall
add esp, 0x10

loc_fffa21cf:
cmp dword [ebp - 0x61e0], 0x11
mov dword [ebp - 0x6200], 2
je short loc_fffa222d  ; je 0xfffa222d
mov ebx, dword [ebp - 0x3ab9]
push 0xa0
push 0
push 0x1f
push 0
call dword [ebx + 0x48]  ; ucall
pop edx
pop ecx
push eax
movzx eax, word [ebp - 0x3ae5]
push eax
call dword [ebx + 0x14]  ; ucall
movzx eax, word [ebp - 0x3ae3]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
add esp, 0x10
shr eax, 0x10
and eax, 0xa0
cmp eax, 0xa0
sete al
movzx eax, al
mov dword [ebp - 0x6200], eax

loc_fffa222d:
mov eax, dword [ebp - 0x3aea]
cmp eax, 0x40650
jne short loc_fffa2246  ; jne 0xfffa2246
mov dword [ebp - 0x4675], 0x40650
jmp short loc_fffa2274  ; jmp 0xfffa2274

loc_fffa2246:
cmp eax, 0x306c0
jne short loc_fffa2263  ; jne 0xfffa2263
mov dword [ebp - 0x4675], 0x306c0
mov dword [ebp - 0x4671], 0
jmp short loc_fffa22da  ; jmp 0xfffa22da

loc_fffa2263:
cmp eax, 0x40660
jne short loc_fffa228d  ; jne 0xfffa228d
mov dword [ebp - 0x4675], 0x40660

loc_fffa2274:
mov dword [ebp - 0x4671], 0
mov dword [ebp - 0x4679], 1
jmp near loc_fffa231f  ; jmp 0xfffa231f

loc_fffa228d:
cmp eax, 0x306d0
jne short loc_fffa22f2  ; jne 0xfffa22f2
mov al, byte [ebp - 0x3ae6]
mov dword [ebp - 0x4675], 0x306d0
mov dword [ebp - 0x4671], 1
cmp al, 3
je short loc_fffa22da  ; je 0xfffa22da
cmp al, 4
jne short loc_fffa22e6  ; jne 0xfffa22e6
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 8
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
and eax, 0xf
cmp eax, 9
sbb eax, eax
add eax, 5
jmp short loc_fffa2319  ; jmp 0xfffa2319

loc_fffa22da:
mov dword [ebp - 0x4679], 3
jmp short loc_fffa231f  ; jmp 0xfffa231f

loc_fffa22e6:
mov dword [ebp - 0x4679], 5
jmp short loc_fffa231f  ; jmp 0xfffa231f

loc_fffa22f2:
cmp eax, 0x40670
jne short loc_fffa231f  ; jne 0xfffa231f
xor eax, eax
cmp byte [ebp - 0x3ae6], 0
mov dword [ebp - 0x4675], 0x40670
mov dword [ebp - 0x4671], 1
setne al

loc_fffa2319:
mov dword [ebp - 0x4679], eax

loc_fffa231f:
mov eax, dword [ebp - 0x6208]
mov dword [ebp - 0x61d0], 0
mov eax, dword [eax + 0x14]
test eax, eax
jne short loc_fffa2347  ; jne 0xfffa2347

loc_fffa2336:
mov eax, dword [ebp - 0x61e8]
xor ebx, ebx
mov edi, dword [eax + 0x15]
test edi, edi
jne short loc_fffa2373  ; jne 0xfffa2373
jmp short loc_fffa23a6  ; jmp 0xfffa23a6

loc_fffa2347:
test byte [eax + 1], 1
je short loc_fffa2336  ; je 0xfffa2336
lea eax, [ebp - 0x61d0]
push eax
push 0
push 0
push ref_fffd65ec  ; push 0xfffd65ec
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x10
test eax, eax
je short loc_fffa2336  ; je 0xfffa2336

loc_fffa2369:
mov eax, 0x8000000e
jmp near loc_fffa2b0c  ; jmp 0xfffa2b0c

loc_fffa2373:
cmp dword [ebp - 0x61e0], 4
je short loc_fffa23a6  ; je 0xfffa23a6
lea eax, [edi + 8]
mov edx, 0x185e
call fcn_fffc3dc3  ; call 0xfffc3dc3
cmp eax, dword [edi + 4]
jne short loc_fffa23a6  ; jne 0xfffa23a6
push eax
mov eax, dword [esi]
mov bl, 1
push 0x1866
push edi
lea edx, [ebp - 0x5ef4]
push edx
call dword [eax + 0x50]  ; ucall
add esp, 0x10

loc_fffa23a6:
cmp dword [ebp - 0x61e0], 0x11
jne short loc_fffa23b3  ; jne 0xfffa23b3
test bl, bl
je short loc_fffa2369  ; je 0xfffa2369

loc_fffa23b3:
lea eax, [ebp - 0x61dc]
push eax
push 0
push 0
push ref_fffd6070  ; push 0xfffd6070
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [ebp - 0x6200]
add esp, 0x10
dec eax
cmp eax, 1
jbe short loc_fffa23fe  ; jbe 0xfffa23fe
push eax
lea eax, [ebp - 0x61e9]
push eax
mov eax, dword [ebp - 0x61dc]
push dword [ebp - 0x6204]
push esi
call dword [eax + 5]  ; ucall
add esp, 0x10
mov al, 0
cmp byte [ebp - 0x61e9], 1
cmove ebx, eax

loc_fffa23fe:
mov eax, dword [ebp - 0x6200]
dec eax
cmp eax, 1
jbe short loc_fffa2446  ; jbe 0xfffa2446
dec bl
jne loc_fffa2acb  ; jne 0xfffa2acb
mov edx, dword [ebp - 0x61e8]
mov eax, dword [edx + 9]
cmp byte [eax + 0x56], 0
je loc_fffa2acb  ; je 0xfffa2acb
xor ecx, ecx
lea eax, [ebp - 0x5efc]
call fcn_fffb82ba  ; call 0xfffb82ba
test al, al
jne loc_fffa2acb  ; jne 0xfffa2acb
mov dword [ebp - 0x61fc], 3
jmp short loc_fffa24aa  ; jmp 0xfffa24aa

loc_fffa2446:
mov edx, dword [ebp - 0x61e8]
mov eax, dword [edx + 1]
mov eax, dword [eax + 4]
mov dword [ebp - 0x4637], eax
test bl, bl
je loc_fffa2acb  ; je 0xfffa2acb
mov edi, dword [ebp - 0x6200]
lea eax, [ebp - 0x5efc]
mov ecx, edi
call fcn_fffb82ba  ; call 0xfffb82ba
dec al
je loc_fffa2acb  ; je 0xfffa2acb
dec edi
mov dword [ebp - 0x61fc], 2
jne short loc_fffa24aa  ; jne 0xfffa24aa
mov edx, 0x5d10
lea eax, [ebp - 0x5efc]
call fcn_fffae548  ; call 0xfffae548
or edx, eax
je loc_fffa2acb  ; je 0xfffa2acb
mov dword [ebp - 0x61fc], 1

loc_fffa24aa:
cmp dword [ebp - 0x4675], 0x306d0
jne short loc_fffa24de  ; jne 0xfffa24de
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 8
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
and eax, 0xf
cmp eax, 7
ja short loc_fffa24de  ; ja 0xfffa24de
mov byte [ebp - 0x460f], 1
jmp short loc_fffa24e5  ; jmp 0xfffa24e5

loc_fffa24de:
mov byte [ebp - 0x460f], 0

loc_fffa24e5:
mov bl, byte [ebp - 0x460f]
call fcn_fffab5f3  ; call 0xfffab5f3
push edi
push edi
push eax
push ref_fffd65d0  ; push 0xfffd65d0
call fcn_fffc5551  ; call 0xfffc5551
add esp, 0x10
test eax, eax
je short loc_fffa2520  ; je 0xfffa2520
movzx edi, byte [eax + 0x19]
xor edx, edx
cmp byte [eax + 0x18], 1
movzx ecx, byte [eax + 0x21]
cmove edx, edi
cmp byte [eax + 0x20], 1
cmove edx, ecx
add ecx, edi
jmp short loc_fffa2524  ; jmp 0xfffa2524

loc_fffa2520:
xor edx, edx
xor ecx, ecx

loc_fffa2524:
cmp bl, 1
sbb cl, 0xff
test cl, cl
je short loc_fffa253d  ; je 0xfffa253d
movzx ecx, cl
mov dword [ebp - 0x4617], ecx
mov dword [ebp - 0x4613], edx

loc_fffa253d:
push ebx
mov edx, dword [ebp - 0x61fc]
push dword [ebp - 0x3aea]
push dword [ebp - 0x61e8]
mov eax, dword [ebp - 0x61e0]
lea ecx, [ebp - 0x5efc]
push esi
call fcn_fffab673  ; call 0xfffab673
add esp, 0x10
mov dword [ebp - 0x4627], 0
mov dword [ebp - 0x4651], eax
mov eax, dword [ebp - 0x61d0]
test eax, eax
je short loc_fffa259e  ; je 0xfffa259e
cmp dword [ebp - 0x61e0], 0x11
je short loc_fffa259e  ; je 0xfffa259e
sub esp, 0xc
push eax
call dword [eax + 1]  ; ucall
add esp, 0x10
cmp eax, 2
jne short loc_fffa259e  ; jne 0xfffa259e
mov byte [ebp - 0x3af5], 1

loc_fffa259e:
push ecx
mov eax, dword [ebp - 0x61dc]
push ecx
push dword [ebp - 0x6204]
push esi
call dword [eax + 1]  ; ucall
add esp, 0x10
mov dword [ebp - 0x4627], eax

loc_fffa25b9:
cmp dword [ebp - 0x4651], 0
jne short loc_fffa2623  ; jne 0xfffa2623
mov ebx, dword [ebp - 0x3ab9]
push 0xa0
push 0
push 0x1f
push 0
call dword [ebx + 0x48]  ; ucall
mov edi, eax
pop eax
movzx eax, word [ebp - 0x3ae5]
pop edx
push edi
push eax
call dword [ebx + 0x14]  ; ucall
movzx eax, word [ebp - 0x3ae3]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
movzx edx, word [ebp - 0x3ae5]
pop ecx
mov dword [ebp - 0x6208], eax
pop eax
push edi
push edx
call dword [ebx + 0x14]  ; ucall
pop eax
mov eax, dword [ebp - 0x6208]
pop edx
and eax, 0xff7f0000
push eax
movzx eax, word [ebp - 0x3ae3]
push eax
call dword [ebx + 0x14]  ; ucall
add esp, 0x10

loc_fffa2623:
mov eax, dword [ebp - 0x3ab9]
mov ebx, 1
push edi
push 4
mov ecx, eax
mov dword [ebp - 0x620c], eax
mov eax, dword [ebp - 0x4651]
mov dword [ebp - 0x2814], eax
mov eax, dword [ebp - 0x4671]
lea eax, [eax*4 + ref_fffd3230]  ; lea eax, [eax*4 - 0x2cdd0]
push eax
lea eax, [ebp - 0x282d]
push eax
mov eax, ecx
call dword [eax + 0x58]  ; ucall
add esp, 0x10
mov dl, 1
mov word [ebp - 0x6208], 0

loc_fffa266d:
mov eax, dword [ebp - 0x6208]
cmp ax, 0x40
lea ecx, [eax - 0x2300]
setbe al
mov word [ebp - 0x620e], cx
test al, dl
je loc_fffa2795  ; je 0xfffa2795
movzx eax, word [ebp - 0x6208]
mov dl, 1
imul eax, eax, 0xc
cmp dword [eax + ref_fffd5c10], 0  ; cmp dword [eax - 0x2a3f0], 0
mov dword [ebp - 0x6214], eax
lea edi, [eax + ref_fffd5c10]  ; lea edi, [eax - 0x2a3f0]
je loc_fffa2789  ; je 0xfffa2789
mov al, byte [edi + 0xb]
cmp byte [ebp - 0x465e], al
jae loc_fffa2789  ; jae 0xfffa2789
mov eax, dword [ebp - 0x465d]
test eax, eax
jne short loc_fffa26d3  ; jne 0xfffa26d3
test byte [edi + 0xa], 0x10
jmp short loc_fffa26de  ; jmp 0xfffa26de

loc_fffa26d3:
dec eax
jne loc_fffa2789  ; jne 0xfffa2789
test byte [edi + 0xa], 0x20

loc_fffa26de:
je loc_fffa2789  ; je 0xfffa2789
mov eax, dword [ebp - 0x2814]
cmp eax, 2
jne short loc_fffa26f5  ; jne 0xfffa26f5
test byte [edi + 0xa], 8
jmp short loc_fffa2709  ; jmp 0xfffa2709

loc_fffa26f5:
cmp eax, 3
jne short loc_fffa2700  ; jne 0xfffa2700
test byte [edi + 0xa], 2
jmp short loc_fffa2709  ; jmp 0xfffa2709

loc_fffa2700:
cmp eax, 1
jne short loc_fffa270f  ; jne 0xfffa270f
test byte [edi + 0xa], 4

loc_fffa2709:
jne short loc_fffa271b  ; jne 0xfffa271b
mov dl, 1
jmp short loc_fffa2789  ; jmp 0xfffa2789

loc_fffa270f:
mov dl, 1
test eax, eax
jne short loc_fffa2789  ; jne 0xfffa2789
test byte [edi + 0xa], 1
je short loc_fffa2789  ; je 0xfffa2789

loc_fffa271b:
mov edx, dword [edi + 6]
cmp edx, 0x44
jbe short loc_fffa2776  ; jbe 0xfffa2776

loc_fffa2723:
mov eax, dword [edi + 4]
mov edi, dword [ebp - 0x620c]
push ebx
push ebx
cmp ax, 0xffff
cmove ax, word [ebp - 0x620e]
movzx eax, ax
push eax
lea eax, [ebp - 0x5efc]
push eax
call dword [edi + 0x94]  ; ucall
mov eax, edi
call dword [eax + 0x54]  ; ucall
lea eax, [ebp - 0x5efc]
mov dword [esp], eax
mov eax, dword [ebp - 0x6214]
call dword [eax + ref_fffd5c10]  ; ucall: call dword [eax - 0x2a3f0]
mov ebx, eax
mov eax, edi
call dword [eax + 0x54]  ; ucall
add esp, 0x10
test ebx, ebx
sete dl
jmp short loc_fffa2789  ; jmp 0xfffa2789

loc_fffa2776:
xor ecx, ecx
lea eax, [ebp - 0x5efc]
call fcn_fffc3c0d  ; call 0xfffc3c0d
mov dl, 1
test eax, eax
je short loc_fffa2723  ; je 0xfffa2723

loc_fffa2789:
inc word [ebp - 0x6208]
jmp near loc_fffa266d  ; jmp 0xfffa266d

loc_fffa2795:
push ecx
push ecx
push ebx
lea eax, [ebp - 0x5efc]
push eax
call dword [ebp - 0x60cb]  ; ucall
add esp, 0x10
cmp ebx, 0x17
je loc_fffa28a9  ; je 0xfffa28a9
ja short loc_fffa27c5  ; ja 0xfffa27c5
test ebx, ebx
je loc_fffa2920  ; je 0xfffa2920
cmp ebx, 0x16
je short loc_fffa2832  ; je 0xfffa2832
jmp near loc_fffa28f7  ; jmp 0xfffa28f7

loc_fffa27c5:
cmp ebx, 0x18
je loc_fffa2863  ; je 0xfffa2863
cmp ebx, 0x1c
jne loc_fffa28f7  ; jne 0xfffa28f7
push eax
push eax
push 0x3a91
lea eax, [ebp - 0x3ab1]
push eax
call fcn_fffac673  ; call 0xfffac673
pop eax
pop edx
lea eax, [ebp - 0x60c7]
push 0x1cb
push eax
call fcn_fffac673  ; call 0xfffac673
lea eax, [ebp - 0x61c0]
add esp, 0x10
mov dword [ebp - 0x3ab1], 0x3a91
mov dword [ebp - 0x60c7], 0x1cb
mov dword [ebp - 0x60c3], eax
mov byte [ebp - 0x3a6d], 1
inc byte [ebp - 0x465e]
jmp near loc_fffa2920  ; jmp 0xfffa2920

loc_fffa2832:
sub esp, 0xc
push 0
lea ecx, [ebp - 0x61ea]
lea edx, [ebp - 0x61d4]
lea eax, [ebp - 0x5efc]
call fcn_fffa77b4  ; call 0xfffa77b4
mov al, byte [ebp - 0x2815]
add esp, 0x10
cmp byte [ebp - 0x61ea], al
jae loc_fffa28f7  ; jae 0xfffa28f7

loc_fffa2863:
cmp dword [ebp - 0x4651], 3
jne short loc_fffa2898  ; jne 0xfffa2898
push eax
mov eax, dword [ebp - 0x61e0]
xor edx, edx
push dword [ebp - 0x3aea]
push dword [ebp - 0x61e8]
lea ecx, [ebp - 0x5efc]
push esi
call fcn_fffab673  ; call 0xfffab673
add esp, 0x10
mov dword [ebp - 0x4651], eax
jmp short loc_fffa28a2  ; jmp 0xfffa28a2

loc_fffa2898:
mov dword [ebp - 0x4651], 0

loc_fffa28a2:
mov ebx, 0x18
jmp short loc_fffa2920  ; jmp 0xfffa2920

loc_fffa28a9:
sub esp, 0xc
mov eax, dword [ebp - 0x61dc]
push dword [ebp - 0x4627]
push dword [ebp - 0x27cb]
push 1
push dword [ebp - 0x6204]
push esi
call dword [eax + 9]  ; ucall
add esp, 0x18
push 0xddfe
lea eax, [ebp - 0x5efc]
push eax
call dword [ebp - 0x60df]  ; ucall
mov eax, dword [esi]
pop ebx
pop edi
push 0
push 0
push 0
push 0x51009
push 2
push esi
call dword [eax + 0x58]  ; ucall
add esp, 0x20

loc_fffa28f7:
sub esp, 0xc
mov ebx, dword [ebp - 0x6167]
push 0x80
call dword [ebp - 0x6173]  ; ucall
pop edx
pop ecx
or eax, 0xffffff80
movzx eax, al
push eax
push 0x80
call ebx
jmp near loc_fffa2b04  ; jmp 0xfffa2b04

loc_fffa2920:
and ebx, 0xfffffffb
cmp ebx, 0x18
je loc_fffa25b9  ; je 0xfffa25b9
mov eax, dword [ebp - 0x61d0]
test eax, eax
jne short loc_fffa293a  ; jne 0xfffa293a

loc_fffa2936:
xor edi, edi
jmp short loc_fffa294d  ; jmp 0xfffa294d

loc_fffa293a:
sub esp, 0xc
push eax
call dword [eax + 1]  ; ucall
add esp, 0x10
test eax, eax
je short loc_fffa2936  ; je 0xfffa2936
mov edi, 0xffffff80

loc_fffa294d:
cmp dword [ebp - 0x61fc], 0
sete bl
cmp byte [ebp - 0x6200], 1
sete al
test bl, al
je short loc_fffa296b  ; je 0xfffa296b
and edi, 0xfffffff0
or edi, 3

loc_fffa296b:
cmp dword [ebp - 0x4627], 0x20
ja short loc_fffa29b8  ; ja 0xfffa29b8
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 0xb0010
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
inc eax
je short loc_fffa29b8  ; je 0xfffa29b8
sub esp, 0xc
mov eax, edi
push dword [ebp - 0x4627]
movzx edi, al
push dword [ebp - 0x27cb]
mov eax, dword [ebp - 0x61dc]
push edi
push dword [ebp - 0x6204]
push esi
call dword [eax + 9]  ; ucall
add esp, 0x20

loc_fffa29b8:
mov eax, dword [ebp - 0x61d0]
test eax, eax
je short loc_fffa2a0d  ; je 0xfffa2a0d
mov edx, dword [ebp - 0x61e8]
mov edx, dword [edx + 9]
cmp byte [edx + 0x56], 0
je short loc_fffa2a0d  ; je 0xfffa2a0d
sub esp, 0xc
push eax
call dword [eax + 1]  ; ucall
add esp, 0x10
cmp eax, 2
jne short loc_fffa2a0d  ; jne 0xfffa2a0d
cmp dword [ebp - 0x4651], 3
je short loc_fffa2a0d  ; je 0xfffa2a0d
lea eax, [ebp - 0x61d8]
push eax
push 0
push 0
push ref_fffd65a0  ; push 0xfffd65a0
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [ebp - 0x61d8]
pop ecx
pop edi
push 3
push eax
call dword [eax]  ; ucall
jmp short loc_fffa2a24  ; jmp 0xfffa2a24

loc_fffa2a0d:
mov eax, dword [ebp - 0x61d0]
test eax, eax
je short loc_fffa2a27  ; je 0xfffa2a27
push edx
push edx
lea edx, [ebp - 0x61e0]
push edx
push eax
call dword [eax + 5]  ; ucall

loc_fffa2a24:
add esp, 0x10

loc_fffa2a27:
cmp dword [ebp - 0x61e0], 0x11
je short loc_fffa2aa6  ; je 0xfffa2aa6
cmp dword [ebp - 0x61fc], 3
sete al
or al, bl
je short loc_fffa2a68  ; je 0xfffa2a68
xor eax, eax

loc_fffa2a40:
cmp eax, 0x1000
je short loc_fffa2a4c  ; je 0xfffa2a4c
mov byte [eax], al
inc eax
jmp short loc_fffa2a40  ; jmp 0xfffa2a40

loc_fffa2a4c:
mov edx, 0x14

loc_fffa2a51:
xor eax, eax

loc_fffa2a53:
cmp eax, 0x1000
je short loc_fffa2a65  ; je 0xfffa2a65
cmp byte [eax], al
jne loc_fffa2af0  ; jne 0xfffa2af0
inc eax
jmp short loc_fffa2a53  ; jmp 0xfffa2a53

loc_fffa2a65:
dec edx
jne short loc_fffa2a51  ; jne 0xfffa2a51

loc_fffa2a68:
push ebx
mov eax, dword [esi]
mov esi, dword [ebp - 0x61e4]
lea edx, [ebp - 0x5efc]
push 0x5ee4
push edx
lea edx, [esi + 0x18]
push edx
mov dword [ebp - 0x3a9d], 0
call dword [eax + 0x50]  ; ucall
mov eax, dword [ebp - 0x61e4]
pop esi
pop edi
add eax, 0x5efc
push 1
push eax
call fcn_fffac673  ; call 0xfffac673
add esp, 0x10

loc_fffa2aa6:
push ecx
push ecx
push 0x55
lea eax, [ebp - 0x5efc]
push eax
call dword [ebp - 0x60df]  ; ucall
add esp, 0x10
xor eax, eax
jmp short loc_fffa2b0c  ; jmp 0xfffa2b0c

loc_fffa2abe:
test al, 1
je loc_fffa21cf  ; je 0xfffa21cf
jmp near loc_fffa21bc  ; jmp 0xfffa21bc

loc_fffa2acb:
push edx
push edx
push 0x1866
lea eax, [ebp - 0x5ef4]
push eax
call fcn_fffac673  ; call 0xfffac673
add esp, 0x10
mov dword [ebp - 0x61fc], 0
jmp near loc_fffa24aa  ; jmp 0xfffa24aa

loc_fffa2af0:
push eax
push eax
push 0xd5
lea eax, [ebp - 0x5efc]
push eax
call dword [ebp - 0x60df]  ; ucall

loc_fffa2b04:
add esp, 0x10
mov eax, 0x80000007

loc_fffa2b0c:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa2b14:  ; not directly referenced
push ebp
mov ecx, 9
mov ebp, esp
push edi
push esi
mov esi, ref_fffd3290  ; mov esi, 0xfffd3290
push ebx
sub esp, 0x100
mov eax, dword [ebp + 8]
lea edi, [ebp - 0x31]
mov byte [ebp - 0x45], 0x40
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov eax, dword [eax + 0x5edc]
mov byte [ebp - 0x44], 0x60
mov byte [ebp - 0x43], 0x40
mov byte [ebp - 0x42], 0x40
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov byte [ebp - 0x41], 0x40
mov byte [ebp - 0x40], 0x19
mov byte [ebp - 0x3f], 0x32
mov ebx, dword [eax + 0x2443]
mov eax, dword [eax + 0x18a7]
mov byte [ebp - 0x3e], 0x14
mov byte [ebp - 0x3d], 0x14
mov byte [ebp - 0x3c], 0x19
mov esi, eax
mov byte [ebp - 0x51], 0x2e
mov byte [ebp - 0x50], 0x46
mov byte [ebp - 0x4f], 0x46
mov byte [ebp - 0x4e], 0x2e
mov byte [ebp - 0x3b], 0x21
mov byte [ebp - 0x3a], 0x32
mov byte [ebp - 0x39], 0x14
mov byte [ebp - 0x38], 0x14
mov byte [ebp - 0x37], 0x1d
mov byte [ebp - 0x4d], 0x3b
mov byte [ebp - 0x4c], 0x35
mov byte [ebp - 0x4b], 0x35
mov byte [ebp - 0x4a], 0x35
mov dword [ebp - 0x88], eax
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
mov edi, eax
mov dword [ebp - 0x8c], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1883]
mov dword [ebp - 0xe8], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x80], eax
mov eax, dword [ecx + esi*4 + 0x3735]
mov dword [ebp - 0x7c], eax
movzx eax, byte [ecx + 0x2409]
mov dword [ebp - 0x90], eax
mov al, byte [ecx + 0x3748]
push 0
push 2
mov byte [ebp - 0xec], al
lea eax, [ebp - 0x5a]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 5
lea eax, [ebp - 0x3b]
push eax
lea eax, [ebp - 0x36]
push eax
call dword [ebx + 0x58]  ; ucall
add esp, 0xc
push 4
lea eax, [ebp - 0x4d]
push eax
lea eax, [ebp - 0x49]
push eax
call dword [ebx + 0x58]  ; ucall
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x2443]
mov esi, dword [ebx + 0x14]
push 0
push 0
push 0
push 0
call dword [ebx + 0x48]  ; ucall
add esp, 0x18
push eax
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2417]
push eax
call esi
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2419]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
mov esi, dword [ebp + 8]
mov ebx, dword [esi + 0x2443]
shr eax, 0x10
mov word [esi + 0x3752], ax
mov esi, dword [ebx + 0x14]
push 8
push 0
push 0
push 0
call dword [ebx + 0x48]  ; ucall
add esp, 0x18
push eax
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2417]
push eax
call esi
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x2419]
mov dword [esp], eax
call dword [ebx + 8]  ; ucall
mov esi, dword [ebp + 8]
add esp, 0x10
cmp edi, 0x40660
sete dl
cmp edi, 0x306c0
mov byte [esi + 0x3754], al
sete al
or dl, al
mov byte [ebp - 0x82], dl
je short loc_fffa2d11  ; je 0xfffa2d11

loc_fffa2ccd:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3756], 2
jne short loc_fffa2d03  ; jne 0xfffa2d03
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
lea eax, [edi + eax + 0x3756]
mov cx, word [eax + 0xa]
movzx ebx, word [eax + 0xc]
movzx edx, cx
sub edx, ebx
cmp edx, 4
jle short loc_fffa2d03  ; jle 0xfffa2d03
sub ecx, 4
mov word [eax + 0xc], cx

loc_fffa2d03:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
je short loc_fffa2d32  ; je 0xfffa2d32
jmp short loc_fffa2d1d  ; jmp 0xfffa2d1d

loc_fffa2d11:  ; not directly referenced
cmp dword [ebp - 0x8c], 0x40670
je short loc_fffa2ccd  ; je 0xfffa2ccd

loc_fffa2d1d:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3c
call fcn_fffc3c0d  ; call 0xfffc3c0d
test eax, eax
je short loc_fffa2d5e  ; je 0xfffa2d5e
jmp short loc_fffa2dab  ; jmp 0xfffa2dab

loc_fffa2d32:  ; not directly referenced
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
lea eax, [edi + eax + 0x4b19]
mov cx, word [eax + 0xa]
movzx ebx, word [eax + 0xc]
movzx edx, cx
sub edx, ebx
cmp edx, 4
jle short loc_fffa2d1d  ; jle 0xfffa2d1d
sub ecx, 4
mov word [eax + 0xc], cx
jmp short loc_fffa2d1d  ; jmp 0xfffa2d1d

loc_fffa2d5e:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
lea ecx, [ebp - 0x5b]
lea edx, [ebp - 0x28]
mov edi, dword [eax + 0x2443]
lea eax, [ebp - 0x58]
push eax
mov eax, dword [ebp + 8]
call fcn_fffa77b4  ; call 0xfffa77b4
add esp, 0x10
test eax, eax
je loc_fffa2e3d  ; je 0xfffa2e3d
mov edi, dword [ebp + 8]
mov dword [edi + 0x36d7], eax
mov eax, dword [ebp - 0x28]
mov dword [edi + 0x36df], eax
mov eax, dword [ebp - 0x58]
mov dword [edi + 0x36e3], eax
mov al, byte [ebp - 0x5b]
mov byte [edi + 0x36e7], al

loc_fffa2dab:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3d
call fcn_fffc3c0d  ; call 0xfffc3c0d
mov eax, dword [ebp + 8]
xor edx, edx
mov ecx, 0x7d0
mov edi, dword [ebp + 8]
mov eax, dword [eax + 0x36df]
div ecx
mov word [edi + 0x2489], ax
mov eax, dword [edi + 0x2480]
cmp eax, 3
sete bl
cmp eax, 2
mov dword [ebp - 0xf0], eax
sete al
movzx edi, bl
cmp dword [ebp - 0x8c], 0x40650
movzx eax, al
mov byte [ebp - 0xdc], bl
mov dword [ebp - 0xe0], eax
sete bl
cmp dword [ebp - 0x80], 1
mov dword [ebp - 0x78], edi
mov byte [ebp - 0x81], bl
sete al
mov byte [ebp - 0x6c], al
or al, bl
mov byte [ebp - 0x84], al
jne loc_fffa2fd2  ; jne 0xfffa2fd2
mov dword [ebp - 0x98], 0
jmp near loc_fffa303e  ; jmp 0xfffa303e

loc_fffa2e3d:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x36e8], 0
jne loc_fffa2f5a  ; jne 0xfffa2f5a
cmp dword [eax + 0x18a7], 1
jne short loc_fffa2e6e  ; jne 0xfffa2e6e
mov al, byte [eax + 0x1876]
test al, al
je short loc_fffa2e6e  ; je 0xfffa2e6e
mov esi, dword [ebp + 8]
mov byte [esi + 0x36e7], al
jmp near loc_fffa2f5a  ; jmp 0xfffa2f5a

loc_fffa2e6e:  ; not directly referenced
mov esi, dword [ebp + 8]
mov eax, dword [ebp + 8]
mov dword [ebp - 0x74], 0x3e8
mov esi, dword [esi + 0x36d7]
mov eax, dword [eax + 0x187b]
mov dword [ebp - 0x6c], esi
mov esi, dword [ebp + 8]
mov ecx, dword [esi + 0x5edc]
mov esi, dword [esi + 0x2443]
test eax, eax
je short loc_fffa2ea9  ; je 0xfffa2ea9
mov ebx, 0x186a0
xor edx, edx
div ebx
mov dword [ebp - 0x74], eax

loc_fffa2ea9:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x1887], 0x306d0
jne short loc_fffa2f03  ; jne 0xfffa2f03
cmp dword [eax + 0x1883], 4
jbe short loc_fffa2f03  ; jbe 0xfffa2f03
cmp byte [eax + 0x2442], 1
jne short loc_fffa2f03  ; jne 0xfffa2f03
cmp dword [eax + 0x1877], 2
jne short loc_fffa2f03  ; jne 0xfffa2f03
cmp dword [ebp - 0x6c], 0x640
jne short loc_fffa2f03  ; jne 0xfffa2f03
mov eax, dword [ecx + 0x1c6]
test eax, eax
je short loc_fffa2f03  ; je 0xfffa2f03
cmp byte [ecx + 0x1ca], 0
jne short loc_fffa2ef6  ; jne 0xfffa2ef6
cmp eax, 0x63f
jbe short loc_fffa2f03  ; jbe 0xfffa2f03

loc_fffa2ef6:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [eax + 0x36e3], 1

loc_fffa2f03:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, 0x30d40
cmp dword [eax + 0x36e3], 1
mov eax, 0x411ab
cmovne ebx, eax
xor edx, edx
push eax
mov eax, dword [ebp - 0x6c]
push 0x3b9aca00
push edx
push eax
call dword [esi + 0x70]  ; ucall
mov ecx, dword [ebp - 0x74]
mov dword [esp], 0
imul ecx, ebx
xor ebx, ebx
push ebx
push ecx
push edx
push eax
call dword [esi + 0x74]  ; ucall
mov ecx, 0x3e8
xor edx, edx
mov esi, dword [ebp + 8]
add esp, 0x20
add eax, 0x1f4
div ecx
mov byte [esi + 0x36e7], al

loc_fffa2f5a:  ; not directly referenced
mov eax, dword [ebp + 8]
mov bl, byte [eax + 0x36e7]
lea eax, [ebx - 3]
cmp al, 0xc
jbe short loc_fffa2f74  ; jbe 0xfffa2f74

loc_fffa2f6a:  ; not directly referenced
mov edx, 0x16
jmp near loc_fffa5b40  ; jmp 0xfffa5b40

loc_fffa2f74:  ; not directly referenced
mov eax, dword [ebp + 8]
and ebx, 0xf
mov edx, 0x5e00
cmp dword [eax + 0x36e3], 0
setne al
movzx eax, al
shl eax, 4
or ebx, eax
mov eax, dword [ebp + 8]
or ebx, 0x80000000
mov ecx, ebx
call fcn_fffae58c  ; call 0xfffae58c
call dword [edi + 0x54]  ; ucall
lea esi, [eax + 0x2710]

loc_fffa2faa:  ; not directly referenced
shr ebx, 0x18
test bl, bl
jns loc_fffa5aca  ; jns 0xfffa5aca
call dword [edi + 0x54]  ; ucall
cmp edx, 0
ja short loc_fffa2f6a  ; ja 0xfffa2f6a
cmp eax, esi
jae short loc_fffa2f6a  ; jae 0xfffa2f6a
mov eax, dword [ebp + 8]
mov edx, 0x5e00
call fcn_fffae52a  ; call 0xfffae52a
mov ebx, eax
jmp short loc_fffa2faa  ; jmp 0xfffa2faa

loc_fffa2fd2:  ; not directly referenced
xor ecx, ecx
cmp dword [ebp - 0x90], 0
sete cl
shl ecx, 0xa
cmp dword [ebp - 0x78], 0
je short loc_fffa300a  ; je 0xfffa300a
mov eax, dword [ebp + 8]
or ch, 8
mov al, byte [eax + 0x240c]
mov edx, eax
and edx, 0xf
shr al, 4
shl edx, 0xc
and eax, 0xf
shl eax, 0x10
or ecx, edx
or ecx, eax
jmp short loc_fffa301c  ; jmp 0xfffa301c

loc_fffa300a:  ; not directly referenced
mov edi, dword [ebp - 0xe0]
mov eax, ecx
or eax, 0x100000
test edi, edi
cmovne ecx, eax

loc_fffa301c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x2008
call fcn_fffae58c  ; call 0xfffae58c
xor eax, eax
cmp dword [ebp - 0x8c], 0x40670
setne al
mov dword [ebp - 0x98], eax

loc_fffa303e:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x5034
movzx ecx, byte [eax + 0x36cf]
movzx eax, byte [eax + 0x36d0]
shl ecx, 0x18
shl eax, 0x10
or ecx, eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x36d2]
or ecx, eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x36d1]
shl eax, 8
or ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x7c], 0x546
ja short loc_fffa309c  ; ja 0xfffa309c
cmp dword [ebp - 0x7c], 0x4e2
mov byte [ebp - 0x74], 0
setbe byte [ebp - 0xd8]
jmp short loc_fffa30a7  ; jmp 0xfffa30a7

loc_fffa309c:  ; not directly referenced
mov byte [ebp - 0xd8], 0
mov byte [ebp - 0x74], 1

loc_fffa30a7:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa30d0  ; je 0xfffa30d0
mov edi, dword [ebp + 8]
xor eax, eax
cmp byte [edi + 0x240f], 0
je short loc_fffa30c7  ; je 0xfffa30c7
xor eax, eax
cmp dword [ebp - 0x7c], 0x5db
setbe al

loc_fffa30c7:  ; not directly referenced
mov edi, dword [ebp - 0x70]
mov byte [edi + 0x1c5], al

loc_fffa30d0:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x3918
call fcn_fffae52a  ; call 0xfffae52a
mov edi, dword [ebp + 8]
mov dl, byte [edi + 0x36e7]
and eax, 3
cmp dword [edi + 0x36e3], 1
sbb ecx, ecx
and ecx, 0xfffffffe
add ecx, 6
sub edx, ecx
mov cl, 4
cmp dl, 4
cmovle ecx, edx
xor edx, edx
test cl, cl
cmovns edx, ecx
cmp byte [ebp - 0x81], 0
je short loc_fffa3132  ; je 0xfffa3132
movzx ebx, byte [ebp - 0x74]
cmp dl, 2
mov cl, 2
cmovle ecx, edx
movzx eax, al
movsx ecx, cl
lea ebx, [ebx + ebx*2]
add ecx, ebx
mov al, byte [eax + ecx*4 + ref_fffd32d4]  ; mov al, byte [eax + ecx*4 - 0x2cd2c]
jmp short loc_fffa314e  ; jmp 0xfffa314e

loc_fffa3132:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
jne short loc_fffa3156  ; jne 0xfffa3156
movzx ecx, byte [ebp - 0x74]
movsx edx, dl
movzx eax, al
lea ecx, [ecx + ecx*4]
add edx, ecx
mov al, byte [eax + edx*4 + ref_fffd32ac]  ; mov al, byte [eax + edx*4 - 0x2cd54]

loc_fffa314e:  ; not directly referenced
mov byte [ebp - 0xc8], al
jmp short loc_fffa315d  ; jmp 0xfffa315d

loc_fffa3156:  ; not directly referenced
mov byte [ebp - 0xc8], 4

loc_fffa315d:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3756], 2
jne short loc_fffa317e  ; jne 0xfffa317e
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
mov ax, word [edi + eax + 0x3760]
mov byte [ebp - 0x5a], al

loc_fffa317e:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
jne short loc_fffa319f  ; jne 0xfffa319f
imul eax, dword [ebp - 0x88], 0x2e
mov edi, dword [ebp + 8]
mov ax, word [edi + eax + 0x4b23]
mov byte [ebp - 0x59], al

loc_fffa319f:  ; not directly referenced
mov eax, dword [ebp + 8]
xor esi, esi
mov byte [ebp - 0x83], 0
lea edi, [eax + 0x381a]
add eax, 0x1eaa
mov dword [ebp - 0xe4], eax

loc_fffa31bc:  ; not directly referenced
cmp dword [edi - 0xc4], 2
jne loc_fffa3346  ; jne 0xfffa3346
cmp dword [edi - 4], 2
mov ecx, esi
mov ebx, dword [ebp + 8]
sete al
add byte [ebp - 0x83], al
mov eax, 1
shl eax, cl
or byte [ebx + 0x248e], al
mov al, byte [edi]
or byte [ebx + 0x248d], al
mov cl, byte [edi]
and ecx, 0xf
cmp dword [ebp - 0x78], 0
je short loc_fffa3215  ; je 0xfffa3215
mov ebx, dword [ebp - 0xe4]
xor ecx, ecx
cmp byte [ebx - 1], 0
setne cl
mov eax, ecx
or eax, 2
cmp byte [ebx], 0
cmovne ecx, eax

loc_fffa3215:  ; not directly referenced
mov eax, dword [ebp + 8]
lea ebx, [esi + 0x18]
shl ebx, 8
mov edx, ebx
call fcn_fffae58c  ; call 0xfffae58c
movzx eax, byte [edi]
and eax, 0xf
cmp byte [ebp - 0x81], 0
mov ecx, eax
je short loc_fffa3250  ; je 0xfffa3250
cmp dword [ebp - 0x78], 0
je short loc_fffa324b  ; je 0xfffa324b
mov edx, dword [ebp + 8]
or ecx, 0x20
cmp byte [edx + 0x240a], 0
jne short loc_fffa3250  ; jne 0xfffa3250

loc_fffa324b:  ; not directly referenced
or eax, 0x30
mov ecx, eax

loc_fffa3250:  ; not directly referenced
cmp byte [ebp - 0xec], 0
sete al
and al, byte [ebp - 0x6c]
mov byte [ebp - 0xf4], al
je short loc_fffa3268  ; je 0xfffa3268
or ecx, 0x40

loc_fffa3268:  ; not directly referenced
lea eax, [ebx - 0x1800]
mov dword [ebp - 0xf8], eax
mov eax, dword [ebp + 8]
lea edx, [ebx + 0x420]
call fcn_fffae58c  ; call 0xfffae58c
mov dl, byte [edi]
mov ebx, edx
and ebx, 0xf
cmp dword [ebp - 0x78], 0
je loc_fffa3317  ; je 0xfffa3317
mov eax, dword [ebp + 8]
lea ecx, [esi*4]
xor ebx, ebx
mov dword [ebp - 0xa8], 0
movzx eax, byte [eax + 0x240c]
sar eax, cl
movzx ecx, dl
and eax, 0xf
mov dword [ebp - 0xfc], ecx

loc_fffa32be:  ; not directly referenced
mov cl, byte [ebp - 0xa8]
mov edx, dword [ebp - 0xfc]
sar edx, cl
xor ecx, ecx
mov dword [ebp - 0x94], edx
and dword [ebp - 0x94], 1

loc_fffa32db:  ; not directly referenced
mov edx, eax
shr edx, cl
and edx, 1
cmp edx, dword [ebp - 0xa8]
jne short loc_fffa32ff  ; jne 0xfffa32ff
cmp dword [ebp - 0x94], 0
je short loc_fffa32ff  ; je 0xfffa32ff
mov edx, 1
shl edx, cl
or ebx, edx
and ebx, 0xf

loc_fffa32ff:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffa32db  ; jne 0xfffa32db
inc dword [ebp - 0xa8]
cmp dword [ebp - 0xa8], 4
jne short loc_fffa32be  ; jne 0xfffa32be
and ebx, 0xf

loc_fffa3317:  ; not directly referenced
mov cl, byte [ebp - 0xf4]
mov eax, ebx
or eax, 0x40
mov edx, dword [ebp - 0xf8]
test cl, cl
cmovne ebx, eax
mov eax, dword [ebp + 8]
add edx, 0x1220
mov ecx, ebx
and ebx, 0xf
call fcn_fffae58c  ; call 0xfffae58c
mov byte [edi + 0xfce], bl

loc_fffa3346:  ; not directly referenced
inc esi
add edi, 0x13c3
add dword [ebp - 0xe4], 0x54a
cmp esi, 2
jne loc_fffa31bc  ; jne 0xfffa31bc
cmp dword [ebp - 0x80], 1
mov ebx, 0x3620
sbb eax, eax
xor edi, edi
mov dword [ebp - 0xa8], eax
and byte [ebp - 0xa8], 0xfa
add byte [ebp - 0xa8], 7
mov eax, dword [ebp - 0xa8]
and eax, 0x1f
mov dword [ebp - 0xec], eax

loc_fffa3390:  ; not directly referenced
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x248d]
bt eax, edi
jb short loc_fffa33ad  ; jb 0xfffa33ad

loc_fffa339f:  ; not directly referenced
inc edi
add ebx, 4
cmp edi, 4
jne short loc_fffa3390  ; jne 0xfffa3390
jmp near loc_fffa34a4  ; jmp 0xfffa34a4

loc_fffa33ad:  ; not directly referenced
mov ecx, dword [ebp - 0xec]
lea edx, [ebx - 0x20]
mov eax, dword [ebp + 8]
shl ecx, 0xf
or ecx, 0x2004040
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
lea edx, [ebx - 0x10]
mov ecx, 0x88888888
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, ebx
cmp byte [ebp - 0x6c], 1
sbb esi, esi
and esi, 0xf00000
add esi, 0x2c08060
mov ecx, esi
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
lea edx, [ebx + 0x10]
mov ecx, 0x88888888
shr esi, 0x14
and esi, 0x3f
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov ecx, dword [ebp + 8]
imul eax, edi, 0x12
lea edx, [edi + edi*8]
mov byte [ebp - 0xe4], 2
lea eax, [ecx + eax + 0x3756]
lea edx, [ecx + edx + 0x3756]
mov dword [ebp - 0x94], eax

loc_fffa342f:  ; not directly referenced
xor eax, eax

loc_fffa3431:  ; not directly referenced
mov ecx, dword [ebp - 0x94]
mov word [ecx + eax*2 + 0x169], 0x60
mov word [ecx + eax*2 + 0x121], 0x40
mov ecx, esi
mov byte [edx + eax + 0x24d], cl
mov ecx, dword [ebp - 0x94]
mov word [ecx + eax*2 + 0x1b1], 0x40
mov cl, byte [ebp - 0xa8]
mov byte [edx + eax + 0x104a], 0x20
mov byte [edx + eax + 0x106e], 0x20
mov byte [edx + eax + 0x1026], cl
inc eax
cmp eax, 9
jne short loc_fffa3431  ; jne 0xfffa3431
add dword [ebp - 0x94], 0x13c3
add edx, 0x13c3
dec byte [ebp - 0xe4]
jne short loc_fffa342f  ; jne 0xfffa342f
jmp near loc_fffa339f  ; jmp 0xfffa339f

loc_fffa34a4:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3648
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 0x88888888
call fcn_fffaa226  ; call 0xfffaa226
mov eax, dword [ebp + 8]
mov edx, 0x3670
cmp dword [eax + 0x188b], 1
mov eax, 0x367c
cmove edx, eax
mov eax, dword [ebp + 8]
xor ecx, ecx
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 0x365c
cmp dword [eax + 0x188b], 1
mov eax, 0x3668
cmove edx, eax
mov eax, dword [ebp + 8]
xor ecx, ecx
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov al, byte [ebp - 0x74]
and eax, 1
mov edi, eax
mov byte [ebp - 0x94], al
mov al, byte [ebp - 0x98]
and edi, 1
shl edi, 0x13
and eax, 1
mov byte [ebp - 0xe4], al
and eax, 1
shl eax, 0x1a
or edi, eax
cmp dword [ebp - 0x78], 0
je short loc_fffa3551  ; je 0xfffa3551
mov bl, byte [ebp - 0x84]
or edi, 0x10000000
mov eax, edi
or eax, 0x80000000
test bl, bl
cmovne edi, eax
or edi, 0x40000000

loc_fffa3551:  ; not directly referenced
mov bl, byte [ebp - 0x82]
mov eax, edi
mov edx, 0x3674
or ah, 1
test bl, bl
cmovne edi, eax
mov eax, dword [ebp + 8]
mov ecx, edi
cmp dword [eax + 0x188b], 1
mov eax, 0x3680
cmove edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
cmp byte [eax + 0x190a], 1
mov eax, dword [ebp - 0xc8]
sbb esi, esi
not esi
and eax, 7
and esi, 0x40
shl eax, 0xa
or esi, eax
or esi, 0x7efc010
cmp dword [ebp - 0x78], 0
je short loc_fffa35c5  ; je 0xfffa35c5
cmp byte [ebp - 0x6c], 0
je short loc_fffa35c5  ; je 0xfffa35c5
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x1922]
and eax, 7
shl eax, 0x1b
or esi, eax

loc_fffa35c5:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x3660
mov ecx, esi
cmp dword [eax + 0x188b], 1
mov eax, 0x366c
cmove edx, eax
mov eax, dword [ebp + 8]
xor ebx, ebx
call fcn_fffaeb7c  ; call 0xfffaeb7c
cmp byte [ebp - 0x81], 0
je short loc_fffa3603  ; je 0xfffa3603
cmp dword [ebp - 0x78], 1
sbb ebx, ebx
and ebx, 0xfffffe80
add ebx, 0x3f180

loc_fffa3603:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa3663  ; je 0xfffa3663
mov eax, ebx
mov ecx, dword [ebp - 0x70]
and eax, 0xe3fc01ff
or eax, 0x3f000
mov ebx, eax
or eax, 0x10000000
or ebx, 0x12400000
cmp byte [ecx + 0x1c5], 0
mov ecx, dword [ebp + 8]
cmove ebx, eax
mov eax, ebx
or eax, 0x80000
cmp byte [ecx + 0x240d], 0
cmovne ebx, eax
cmp dword [ebp - 0x78], 0
je short loc_fffa3651  ; je 0xfffa3651
or ebx, 0x180
jmp short loc_fffa3663  ; jmp 0xfffa3663

loc_fffa3651:  ; not directly referenced
mov ecx, dword [ebp - 0xe0]
mov eax, ebx
or eax, 0x300000
test ecx, ecx
cmovne ebx, eax

loc_fffa3663:  ; not directly referenced
mov eax, dword [ebp - 0x70]
mov dword [ebp - 0x74], 0
add eax, 0x1c
mov dword [ebp - 0xc8], eax

loc_fffa3676:  ; not directly referenced
imul eax, dword [ebp - 0x74], 0x13c3
mov ecx, dword [ebp + 8]
cmp dword [ecx + eax + 0x3756], 2
je short loc_fffa36a2  ; je 0xfffa36a2

loc_fffa368a:  ; not directly referenced
inc dword [ebp - 0x74]
add dword [ebp - 0xc8], 0xcc
cmp dword [ebp - 0x74], 2
jne short loc_fffa3676  ; jne 0xfffa3676
jmp near loc_fffa3762  ; jmp 0xfffa3762

loc_fffa36a2:  ; not directly referenced
mov eax, dword [ebp - 0xc8]
mov byte [ebp - 0xa8], 0
mov dword [eax], edi
mov eax, dword [ebp - 0x74]
movzx eax, byte [ebp + eax - 0x5a]
lea eax, [eax + eax - 6]
movzx eax, al
mov dword [ebp - 0xf4], eax

loc_fffa36c6:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0xa8]
cmp al, byte [ecx + 0x2488]
jae short loc_fffa368a  ; jae 0xfffa368a
movzx eax, byte [ebp - 0xa8]
and ebx, 0xffffffe0
mov edx, dword [ebp - 0xc8]
mov ecx, eax
lea eax, [edx + eax*4]
mov edx, dword [ebp - 0x74]
mov dword [eax + 0x54], 0
mov dword [eax + 0x78], 0
mov dword [ebp - 0xec], eax
mov dword [eax + 4], esi
mov eax, dword [ebp + 8]
mov dword [ebp - 0x98], ecx
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebp - 0x98]
mov dword [ebp - 0xe0], eax
movzx eax, byte [ebp + ecx - 0x31]
mov ecx, dword [ebp + 8]
imul eax, dword [ebp - 0xf4]
movzx ecx, byte [ecx + 0x2488]
cdq
idiv ecx
mov edx, dword [ebp - 0xe0]
and eax, 0x1f
or ebx, eax
mov eax, dword [ebp + 8]
mov ecx, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0xec]
inc byte [ebp - 0xa8]
mov dword [eax + 0x28], ebx
jmp near loc_fffa36c6  ; jmp 0xfffa36c6

loc_fffa3762:  ; not directly referenced
mov edi, dword [ebp - 0x7c]
mov eax, edi
movzx ebx, di
sub ax, 0x3b6
mov word [ebp - 0xc8], ax
movzx eax, ax
mov dword [ebp - 0xec], eax
imul eax, eax, 0xc0
cdq
idiv ebx
sub eax, 0x14
mov word [ebp - 0xf4], ax
movzx eax, ax
add eax, 0x4d8140
cmp byte [ebp - 0x81], 0
mov dword [ebp - 0x74], eax
je short loc_fffa37b4  ; je 0xfffa37b4
mov ecx, eax
mov eax, dword [ebp + 8]
mov edx, 0x366c
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffa37b4:  ; not directly referenced
cmp byte [ebp - 0x82], 0
je short loc_fffa37cd  ; je 0xfffa37cd
mov ecx, dword [ebp - 0x74]
mov edx, 0x306c
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffa37cd:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa3817  ; je 0xfffa3817
mov ecx, dword [ebp - 0x74]
mov eax, dword [ebp - 0x8c]
and ch, 0x3f
cmp eax, 0x306d0
je short loc_fffa3801  ; je 0xfffa3801
cmp dword [ebp - 0xe8], 0
setne dl
cmp eax, 0x40670
sete al
test dl, al
jne short loc_fffa3801  ; jne 0xfffa3801
or ch, 0x40
jmp short loc_fffa3804  ; jmp 0xfffa3804

loc_fffa3801:  ; not directly referenced
or ch, 0x50

loc_fffa3804:  ; not directly referenced
mov dword [ebp - 0x74], ecx
mov eax, dword [ebp + 8]
mov edx, 0x3678
mov ecx, dword [ebp - 0x74]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffa3817:  ; not directly referenced
mov eax, dword [ebp - 0x74]
mov edx, 0x3a24
mov esi, ref_fffd329c  ; mov esi, 0xfffd329c
shl ebx, 7
lea edi, [ebp - 0x28]
mov ecx, eax
mov dword [ebp - 0xfc], eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov ecx, 4
mov byte [ebp - 0xa8], 0
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
xor esi, esi
movzx eax, word [eax + 0x1904]
imul eax, eax, 0x2ee00
cdq
idiv ebx
sub ax, 0x3e8
mov word [ebp - 0xe8], ax
mov eax, 0x3e8

loc_fffa386d:  ; not directly referenced
mov edi, dword [ebp - 0xe8]
mov ebx, esi
xor edx, edx
sub di, word [ebp + esi*2 - 0x28]
mov byte [ebp - 0xe0], bl
mov ebx, eax
mov byte [ebp - 0x98], cl
mov word [ebp - 0xf8], di

loc_fffa3891:  ; not directly referenced
mov eax, dword [ebp - 0xf8]
mov cl, dl
sub ax, word [ebp + edx*2 - 0x28]
mov edi, eax
sar di, 0xf
xor eax, edi
sub eax, edi
cmp bx, ax
jg short loc_fffa38b7  ; jg 0xfffa38b7
mov cl, byte [ebp - 0x98]
mov eax, ebx
jmp short loc_fffa38c3  ; jmp 0xfffa38c3

loc_fffa38b7:  ; not directly referenced
mov bl, byte [ebp - 0xe0]
mov byte [ebp - 0xa8], bl

loc_fffa38c3:  ; not directly referenced
inc edx
cmp edx, 8
je short loc_fffa38d3  ; je 0xfffa38d3
mov byte [ebp - 0x98], cl
mov ebx, eax
jmp short loc_fffa3891  ; jmp 0xfffa3891

loc_fffa38d3:  ; not directly referenced
inc esi
cmp esi, 8
jne short loc_fffa386d  ; jne 0xfffa386d
xor eax, eax
cmp byte [ebp - 0x6c], 0
je short loc_fffa38ea  ; je 0xfffa38ea
mov ax, 0xb40
xor edx, edx
div dword [ebp - 0x7c]

loc_fffa38ea:  ; not directly referenced
cmp byte [ebp - 0x81], 0
je short loc_fffa3901  ; je 0xfffa3901
mov edx, eax
shl edx, 0x12
lea edi, [edx + 0x2051c]
mov dword [ebp - 0x74], edi

loc_fffa3901:  ; not directly referenced
cmp byte [ebp - 0x82], 0
jne short loc_fffa3914  ; jne 0xfffa3914
cmp byte [ebp - 0x6c], 0
je loc_fffa399b  ; je 0xfffa399b

loc_fffa3914:  ; not directly referenced
mov edi, dword [ebp - 0xa8]
shl eax, 0x12
lea ecx, [ecx + edi*8]
movzx ecx, cl
shl ecx, 0xc
add ecx, eax
cmp byte [ebp - 0x6c], 0
je short loc_fffa3992  ; je 0xfffa3992
xor eax, eax
xor ebx, ebx
xor esi, esi

loc_fffa3934:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x1973], 0
jne short loc_fffa394d  ; jne 0xfffa394d
cmp byte [edi + eax + 0x1be9], 1
adc bl, 0
inc esi

loc_fffa394d:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x1bea], 0
jne short loc_fffa3966  ; jne 0xfffa3966
cmp byte [edi + eax + 0x1e60], 1
adc bl, 0
inc esi

loc_fffa3966:  ; not directly referenced
add eax, 0x54a
cmp eax, 0xa94
jne short loc_fffa3934  ; jne 0xfffa3934
mov eax, esi
cmp al, bl
sete al
or eax, dword [ebp - 0xdc]
cmp al, 1
sbb edx, edx
and edx, 4
lea eax, [edx + ecx + 0x518]
mov dword [ebp - 0x74], eax
jmp short loc_fffa399f  ; jmp 0xfffa399f

loc_fffa3992:  ; not directly referenced
lea eax, [ecx + 0x53f]
mov dword [ebp - 0x74], eax

loc_fffa399b:  ; not directly referenced
xor ebx, ebx
xor esi, esi

loc_fffa399f:  ; not directly referenced
cmp byte [ebp - 0x81], 0
je short loc_fffa39b8  ; je 0xfffa39b8
mov ecx, dword [ebp - 0x74]
mov edx, 0xf68
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa39b8:  ; not directly referenced
cmp byte [ebp - 0x82], 0
je short loc_fffa39d1  ; je 0xfffa39d1
mov ecx, dword [ebp - 0x74]
mov edx, 0xf6c
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa39d1:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa39e7  ; je 0xfffa39e7
mov ecx, dword [ebp - 0x74]
mov edx, 0xf74
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa39e7:  ; not directly referenced
mov eax, dword [ebp - 0x94]
mov cl, 3
and eax, 1
shl eax, 0x1a
or eax, 0xe00000
cmp byte [ebp - 0x6c], 0
je short loc_fffa3a12  ; je 0xfffa3a12
mov ecx, esi
cmp cl, bl
sete cl
or ecx, dword [ebp - 0xdc]
neg ecx
add ecx, 3

loc_fffa3a12:  ; not directly referenced
mov ebx, ecx
mov edx, 0x3678
and ebx, 3
shl ebx, 0x18
or ebx, eax
mov eax, dword [ebp + 8]
mov ecx, ebx
cmp dword [eax + 0x188b], 1
mov eax, 0x3684
cmove edx, eax
mov eax, dword [ebp + 8]
xor edi, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp - 0x70]
mov dword [eax + 0x14], ebx
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x74], eax
mov eax, dword [ebp - 0x94]
and eax, 1
mov dword [ebp - 0xdc], eax

loc_fffa3a5a:  ; not directly referenced
cmp dword [ebx + 0x3756], 2
jne loc_fffa3c8b  ; jne 0xfffa3c8b
mov eax, dword [ebp - 0xdc]
lea edx, [edi + 0x1810]
mov ecx, dword [ebp - 0x78]
shl eax, 0x1b
mov esi, eax
or eax, 0x10
or esi, 0x20000010
test ecx, ecx
mov cl, byte [ebp - 0x6c]
cmove esi, eax
mov eax, esi
and eax, 0x7fffffff
test cl, cl
cmovne esi, eax
mov eax, dword [ebp + 8]
mov ecx, esi
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x6c], 0
mov dword [ebp - 0xa8], esi
je short loc_fffa3aba  ; je 0xfffa3aba
and esi, 0x7fffffbf
mov dword [ebp - 0xa8], esi

loc_fffa3aba:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x190a], 0
je short loc_fffa3ad6  ; je 0xfffa3ad6
or dword [ebp - 0xa8], 0x10000000
or esi, 0x10000000

loc_fffa3ad6:  ; not directly referenced
or esi, 0x18000
cmp dword [ebp - 0x80], 1
lea edx, [edi + 0x320c]
setne al
and esi, 0xffff9fff
mov byte [ebp - 0x98], al
and eax, 1
shl eax, 0xd
or esi, eax
mov eax, dword [ebp + 8]
mov ecx, esi
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0x74]
lea edx, [edi + 0x121c]
mov al, byte [ebp - 0x98]
mov byte [ecx + 0xd0], al
mov eax, dword [ebp + 8]
mov ecx, esi
and ecx, 0xffe1bfff
or ecx, 0x120000
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0xa8]
lea edx, [edi + 0x1c1c]
mov esi, dword [ebp - 0x80]
and eax, 0xffe1ffff
or eax, 0x20000
mov ecx, eax
or eax, 0x100000
or ecx, 0x40100000
test esi, esi
cmove eax, ecx
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
lea edx, [edi + 0x3208]
cmp byte [ebp - 0x84], 0
je short loc_fffa3b85  ; je 0xfffa3b85
mov eax, dword [ebp + 8]
mov ecx, 0xc183060
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffa3b9b  ; jmp 0xfffa3b9b

loc_fffa3b85:  ; not directly referenced
cmp byte [ebp - 0x82], 0
je short loc_fffa3b9b  ; je 0xfffa3b9b
mov eax, dword [ebp + 8]
mov ecx, 0x60
call fcn_fffae566  ; call 0xfffae566

loc_fffa3b9b:  ; not directly referenced
mov eax, dword [ebp + 8]
lea edx, [edi + 0x1208]
mov ecx, 0xc183060
mov dword [ebx + 0x386f], 0x60
mov dword [ebx + 0x3867], 0x60
mov dword [ebx + 0x3873], 0x60
mov dword [ebx + 0x386b], 0x60
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
lea edx, [edi + 0x3418]
mov ecx, 0x8102040
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
lea edx, [edi + 0x180c]
mov ecx, 0x8102040
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
xor ecx, ecx
mov byte [ebx + 0x3997], 0x40
lea edx, [edi + 0x3204]
mov byte [ebx + 0x399b], 0x40
mov byte [ebx + 0x3998], 0x40
mov byte [ebx + 0x399c], 0x40
mov byte [ebx + 0x3999], 0x40
mov byte [ebx + 0x399d], 0x40
mov byte [ebx + 0x399a], 0x40
mov byte [ebx + 0x399e], 0x40
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x6c], 0
je short loc_fffa3c5a  ; je 0xfffa3c5a
mov eax, dword [ebp + 8]
lea edx, [edi + 0x1204]
xor ecx, ecx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa3c5a:  ; not directly referenced
mov esi, dword [ebp - 0x74]
lea edx, [edi + 0x3414]
xor ecx, ecx
mov eax, dword [ebp + 8]
mov dword [esi + 0x68], 0
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
lea edx, [edi + 0x1808]
mov dword [esi + 0x6c], 0
xor ecx, ecx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa3c8b:  ; not directly referenced
add edi, 0x100
add ebx, 0x13c3
add dword [ebp - 0x74], 0xcc
cmp edi, 0x200
jne loc_fffa3a5a  ; jne 0xfffa3a5a
mov al, byte [ebp - 0xe4]
mov edi, dword [ebp - 0x70]
shl eax, 3
cmp byte [ebp - 0x83], 0
mov dword [edi + 0xc], 0
mov byte [edi + 0xc], al
je short loc_fffa3cd9  ; je 0xfffa3cd9
mov eax, dword [ebp + 8]
cmp dword [eax + 0x187f], 1
jne short loc_fffa3cd9  ; jne 0xfffa3cd9
mov byte [ebp - 0x35], 0x3c

loc_fffa3cd9:  ; not directly referenced
cmp dword [ebp - 0x8c], 0x306d0
mov bl, byte [ebp - 0x81]
sete al
or bl, al
je short loc_fffa3d0c  ; je 0xfffa3d0c
mov eax, dword [ebp - 0x70]
mov byte [ebp - 0x40], 0x28
mov byte [ebp - 0x36], 0x28
mov byte [ebp - 0x3c], 0x28
cmp byte [eax + 0x1c5], 0
je short loc_fffa3d0c  ; je 0xfffa3d0c
mov byte [ebp - 0x35], 0x20

loc_fffa3d0c:  ; not directly referenced
mov edi, 0xc
xor ebx, ebx

loc_fffa3d13:  ; not directly referenced
movzx ecx, byte [ebp + ebx - 0x40]
movzx edx, byte [ebp + ebx - 0x36]
movzx eax, byte [ebp + ebx - 0x45]
mov esi, ecx
sub esi, edx
add ecx, edx
imul eax, esi
add ecx, ecx
cdq
idiv ecx
cmp bl, 1
jne short loc_fffa3d76  ; jne 0xfffa3d76
mov esi, dword [ebp - 0x70]
cmp ax, 0xfff0
mov ecx, 0xfffffff0
cmovge ecx, eax
mov edx, 0xf
cmp cx, 0xf
cmovle edx, ecx
mov al, byte [esi + 0xd]
mov ecx, edx
and ecx, 1
shl ecx, 7
shr dx, 1
and eax, 0x7f
and edx, 0xf
or eax, ecx
mov byte [esi + 0xd], al
mov al, byte [esi + 0xe]
and eax, 0xfffffff0
or eax, edx
mov byte [esi + 0xe], al
jmp short loc_fffa3db3  ; jmp 0xfffa3db3

loc_fffa3d76:  ; not directly referenced
cmp ax, 0xfff8
mov esi, 0xfffffff8
cmovl eax, esi
mov esi, 7
cmp ax, 7
cmovg eax, esi
test bl, bl
jne short loc_fffa3da8  ; jne 0xfffa3da8
mov esi, dword [ebp - 0x70]
and eax, 0xf
shl eax, 3
mov dl, byte [esi + 0xd]
and edx, 0xffffff87
or edx, eax
mov byte [esi + 0xd], dl
jmp short loc_fffa3db3  ; jmp 0xfffa3db3

loc_fffa3da8:  ; not directly referenced
mov esi, dword [ebp - 0x70]
cwde
mov ecx, edi
shl eax, cl
or dword [esi + 0xc], eax

loc_fffa3db3:  ; not directly referenced
inc ebx
add edi, 4
cmp ebx, 5
jne loc_fffa3d13  ; jne 0xfffa3d13
mov eax, dword [ebp - 0x70]
mov edx, 0x3a14
mov ecx, dword [eax + 0xc]
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov ebx, dword [ebp - 0x94]
and ebx, 1
shl ebx, 0x19
and ebx, 0xfeffffff
cmp byte [ebp - 0x6c], 0
je short loc_fffa3dff  ; je 0xfffa3dff
mov eax, dword [ebp - 0xd8]
or ebx, 0x20000000
and eax, 1
shl eax, 0x1a
or ebx, eax

loc_fffa3dff:  ; not directly referenced
imul eax, dword [ebp - 0x88], 0x2e
add eax, dword [ebp + 8]
cmp word [eax + 0x375e], 2
jne short loc_fffa3e41  ; jne 0xfffa3e41

loc_fffa3e13:  ; not directly referenced
mov eax, 1
mov edx, 2

loc_fffa3e1d:  ; not directly referenced
imul ecx, dword [ebp - 0x88], 0x2e
add ecx, dword [ebp + 8]
mov word [ecx + 0x375e], dx
lea edx, [eax + 1]
dec eax
mov word [ecx + 0x4b21], dx
jne short loc_fffa3e54  ; jne 0xfffa3e54
mov byte [ebp - 0x48], 0x59
jmp short loc_fffa3e54  ; jmp 0xfffa3e54

loc_fffa3e41:  ; not directly referenced
cmp word [eax + 0x4b21], 2
je short loc_fffa3e13  ; je 0xfffa3e13
xor eax, eax
mov edx, 1
jmp short loc_fffa3e1d  ; jmp 0xfffa3e1d

loc_fffa3e54:  ; not directly referenced
cmp dword [ebp - 0x78], 0
je short loc_fffa3e5e  ; je 0xfffa3e5e
mov byte [ebp - 0x48], 0x3f

loc_fffa3e5e:  ; not directly referenced
mov eax, dword [ebp + 8]
xor esi, esi
mov edi, 5
movzx eax, word [eax + 0x2489]
mov dword [ebp - 0x74], eax

loc_fffa3e72:  ; not directly referenced
mov al, byte [ebp + esi - 0x49]
movzx ecx, al
shr al, 1
movzx eax, al
add eax, dword [ebp - 0x74]
mov byte [ebp - 0x78], cl
cdq
idiv ecx
lea ecx, [esi + esi*4]
cmp ax, 4
cmovbe eax, edi
cmp ax, 0x10
ja short loc_fffa3ea0  ; ja 0xfffa3ea0
mov dl, byte [ebp - 0x78]
cmp dl, byte [ebp + esi - 0x51]
jae short loc_fffa3ea9  ; jae 0xfffa3ea9

loc_fffa3ea0:  ; not directly referenced
shr ax, 1
movzx eax, ax
dec eax
jmp short loc_fffa3eaf  ; jmp 0xfffa3eaf

loc_fffa3ea9:  ; not directly referenced
movzx eax, ax
add eax, 0xf

loc_fffa3eaf:  ; not directly referenced
shl eax, cl
inc esi
add ebx, eax
cmp esi, 4
jne short loc_fffa3e72  ; jne 0xfffa3e72
mov eax, dword [ebp + 8]
mov ecx, ebx
mov edx, 0x3a18
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x70]
xor ecx, ecx
cmp dword [ebp - 0x80], 0
mov dword [eax + 0x10], ebx
jne loc_fffa3f93  ; jne 0xfffa3f93
mov esi, dword [ebp - 0xc8]
mov eax, esi
lea ecx, [eax + 0x18]
movzx ecx, cx
imul eax, ecx, 0x64
sub ecx, 0xf
cdq
idiv ecx
call fcn_fffaebb7  ; call 0xfffaebb7
mov edi, dword [ebp + 8]
movzx ebx, word [edi + 0x2489]
movzx edi, word [edi + 0x1902]
movzx ecx, ax
imul ecx, ecx, 0x7d0
imul ebx, ebx, 0x7d0
mov eax, ebx
cdq
idiv ecx
movzx ecx, ax
mov eax, ecx
add ecx, 0x3e8
shl eax, 7
cdq
idiv ecx
mov ecx, edi
sub ecx, esi
sub ecx, 0x18
movzx ecx, cx
mov dword [ebp - 0x74], eax
imul eax, ecx, 0x64
sub ecx, 0xf
cdq
idiv ecx
call fcn_fffaebb7  ; call 0xfffaebb7
mov esi, eax
mov eax, 0x7080
cdq
movzx esi, si
idiv edi
imul esi, esi, 0x7d0
mov ecx, eax
mov eax, ebx
cdq
and ecx, 0x1f
idiv esi
shl ecx, 0xc
or ecx, 0x80000
movzx ebx, ax
mov eax, 0x1f400
add ebx, 0x3e8
cdq
idiv ebx
mov edx, dword [ebp - 0x74]
and eax, 0x3f
shl eax, 6
and edx, 0x3f
or ecx, eax
or ecx, edx
jmp near loc_fffa4040  ; jmp 0xfffa4040

loc_fffa3f93:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je loc_fffa4040  ; je 0xfffa4040
mov eax, dword [ebp - 0x70]
cmp byte [eax + 0x1c5], 0
je short loc_fffa3fb8  ; je 0xfffa3fb8
mov eax, dword [ebp + 8]
mov ecx, 1
xor edx, edx
call fcn_fffb9560  ; call 0xfffb9560

loc_fffa3fb8:  ; not directly referenced
mov eax, dword [ebp + 8]
mov esi, 0x7f
movzx ecx, word [eax + 0x2489]
mov eax, 0xafc8
cdq
idiv ecx
mov ecx, 0x64
mov ebx, eax
mov eax, dword [ebp + 8]
movzx eax, word [eax + 0x1902]
sub eax, dword [ebp - 0xec]
cdq
idiv ecx
xor edx, edx
mov edi, eax
mov eax, dword [ebp - 0xc8]
div cx
movzx ecx, ax
mov eax, ecx
shr eax, 1
cmp dword [ebp - 0x7c], 0x547
cmovae ecx, eax
xor edx, edx
mov eax, ebx
div ecx
cmp eax, 0x7f
cmova eax, esi
xor edx, edx
mov ecx, eax
mov eax, ebx
div edi
and ecx, 0x7f
shl ecx, 0x11
cmp eax, 0x7f
cmovbe esi, eax
mov eax, dword [ebp - 0xfc]
or ecx, 0x27c0
and esi, 0x7f
shl esi, 0x18
or ecx, esi
and eax, 0x3f
or ecx, eax

loc_fffa4040:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x3a1c
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x2008
call fcn_fffae52a  ; call 0xfffae52a
mov edi, dword [ebp - 0x70]
mov edx, 0x2008
and eax, 0xfffffc20
or eax, 0x316
mov ecx, eax
mov dword [edi + 0x18], eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x2000
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x2004
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x42a0
movzx ecx, byte [eax + 0x381a]
call fcn_fffae566  ; call 0xfffae566
mov eax, dword [ebp + 8]
mov edx, 0x46a0
movzx ecx, byte [eax + 0x4bdd]
call fcn_fffae566  ; call 0xfffae566
mov eax, dword [ebp + 8]
mov edx, 0x3a20
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, 0x115
mov edx, 0x5f08
mov ebx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x96
call fcn_fffa834b  ; call 0xfffa834b
cmp dword [ebp - 0x80], 0
jne loc_fffa4235  ; jne 0xfffa4235
mov eax, dword [ebp + 8]
mov edx, 0x3644
and ebx, 0xf8ffffff
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3644
and eax, 0x8fffffff
or eax, 0x20000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 0x3700
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3700
and eax, 0xf8ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 0x3810
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3810
and eax, 0xf8ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 0x3904
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3904
and eax, 0xfc7fffff
or eax, 0x1000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 0x3a04
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3a04
and eax, 0x8fffffff
or eax, 0x20000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x3a08
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3a08
and eax, 0xf8ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x3a0c
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3a0c
and eax, 0xf0ffffff
or eax, 0x2000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x3a10
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3a10
and eax, 0xf87fffff
or eax, 0x1000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
or ebx, 0x2000000
jmp short loc_fffa425d  ; jmp 0xfffa425d

loc_fffa4235:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa425d  ; je 0xfffa425d
mov eax, dword [ebp - 0xf0]
sub eax, 2
cmp eax, 2
sbb eax, eax
and ebx, 0xf8ffffff
and eax, 4
add eax, 2
and eax, 6
shl eax, 0x18
or ebx, eax

loc_fffa425d:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, ebx
mov edx, 0x3a20
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x70]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, dword [ebp + 8]
or ecx, 0x20
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x3a04
call fcn_fffae52a  ; call 0xfffae52a
cmp dword [ebp - 0x80], 0
jne short loc_fffa429f  ; jne 0xfffa429f
mov ecx, eax
shr ecx, 9
and ecx, 0x3f
jmp short loc_fffa42ac  ; jmp 0xfffa42ac

loc_fffa429f:  ; not directly referenced
cmp byte [ebp - 0x6c], 0
je short loc_fffa42b1  ; je 0xfffa42b1
mov edi, eax
shr edi, 0x1a
mov ecx, edi

loc_fffa42ac:  ; not directly referenced
and eax, 0x3f
jmp short loc_fffa42b5  ; jmp 0xfffa42b5

loc_fffa42b1:  ; not directly referenced
xor eax, eax
xor ecx, ecx

loc_fffa42b5:  ; not directly referenced
mov edi, dword [ebp - 0x70]
sub ecx, eax
mov eax, ecx
and eax, 0x3f
shl eax, 4
mov edx, dword [edi + 0xc]
and edx, 0xfffffc0f
or edx, eax
mov ecx, edx
or ch, 4
cmp byte [ebp - 0x6c], 0
je short loc_fffa42f1  ; je 0xfffa42f1
mov ecx, edx
xor eax, eax
or ecx, 0x404
cmp dword [ebp - 0x7c], 0x546
seta al
and ecx, 0xfffffffe
or ecx, eax

loc_fffa42f1:  ; not directly referenced
mov eax, dword [ebp - 0x70]
mov edx, 0x3a14
mov dword [eax + 0xc], ecx
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x6c], 0
je loc_fffa455a  ; je 0xfffa455a
mov eax, dword [ebp + 8]
mov edx, 0x3658
mov ecx, 0x80000000
mov esi, 0xc0
cmp dword [eax + 0x188b], 1
mov eax, 0x3664
cmove edx, eax
mov eax, dword [ebp + 8]
xor ebx, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov ecx, 0x2000000
mov edx, 0x3824
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov ecx, 0x2000000
mov edx, 0x3914
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov ecx, 0x2000000
mov edx, 0x3724
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3688
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa437e:  ; not directly referenced
mov eax, ebx
mov edi, esi
and eax, 7
and edi, 0xffff0fff
shl eax, 0xd
mov edx, 0xd8c
or edi, eax
mov eax, dword [ebp + 8]
mov ecx, edi
mov esi, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, edi
mov edx, 0xc8c
cmp dword [ebp - 0x90], 0
je short loc_fffa43b6  ; je 0xfffa43b6
mov edx, 0x58c

loc_fffa43b6:  ; not directly referenced
mov eax, dword [ebp + 8]
inc ebx
and ebx, 7
call fcn_fffae58c  ; call 0xfffae58c
cmp bl, 6
jne short loc_fffa437e  ; jne 0xfffa437e
and edi, 0xfffffe0f
xor ebx, ebx
mov esi, edi
or esi, 0x80

loc_fffa43d7:  ; not directly referenced
mov eax, ebx
mov edi, esi
and eax, 7
and edi, 0xffff0fff
shl eax, 0xd
or edi, eax
cmp dword [ebp - 0x90], 0
mov esi, edi
mov ecx, edi
jne short loc_fffa440c  ; jne 0xfffa440c
mov eax, dword [ebp + 8]
mov edx, 0x58c
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, edi
mov edx, 0x48c
jmp short loc_fffa4420  ; jmp 0xfffa4420

loc_fffa440c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x98c
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, edi
mov edx, 0x18c

loc_fffa4420:  ; not directly referenced
mov eax, dword [ebp + 8]
inc ebx
and ebx, 7
call fcn_fffae58c  ; call 0xfffae58c
cmp bl, 6
jne short loc_fffa43d7  ; jne 0xfffa43d7
mov ebx, edi
and edi, 0xffffe60f
mov esi, edi
xor edi, edi
shr ebx, 0x10
or esi, 0x40
and ebx, 1

loc_fffa4446:  ; not directly referenced
mov eax, edi
and esi, 0xffff0fff
and eax, 7
shl eax, 0xd
mov dword [ebp - 0x6c], esi
or dword [ebp - 0x6c], eax
mov esi, dword [ebp - 0x6c]
cmp dword [ebp - 0x90], 0
mov ecx, esi
jne short loc_fffa447e  ; jne 0xfffa447e
mov eax, dword [ebp + 8]
mov edx, 0x78c
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
mov edx, 0x68c
jmp short loc_fffa4492  ; jmp 0xfffa4492

loc_fffa447e:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xb8c
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
mov edx, 0x38c

loc_fffa4492:  ; not directly referenced
mov eax, dword [ebp + 8]
inc edi
and edi, 7
call fcn_fffae58c  ; call 0xfffae58c
mov eax, edi
cmp al, 6
jne short loc_fffa4446  ; jne 0xfffa4446
mov eax, dword [ebp - 0x6c]
mov ecx, dword [ebp + 8]
shr eax, 0x10
and eax, 1
cmp al, 1
mov eax, 0x10000
sbb bl, 0xff
xor esi, esi
cmp byte [ecx + 0x2410], 0
cmovne esi, eax
cmp dword [ebp - 0x90], 0
mov edi, esi
mov ecx, esi
jne short loc_fffa44e9  ; jne 0xfffa44e9
mov eax, dword [ebp + 8]
mov edx, 0x38c
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
mov edx, 0x88c
jmp short loc_fffa44fd  ; jmp 0xfffa44fd

loc_fffa44e9:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xa8c
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
mov edx, 0x48c

loc_fffa44fd:  ; not directly referenced
mov eax, dword [ebp + 8]
shr esi, 0x10
call fcn_fffae58c  ; call 0xfffae58c
mov eax, esi
mov edx, 0x3920
and eax, 1
mov ecx, edi
cmp al, 1
mov eax, dword [ebp + 8]
sbb bl, 0xff
call fcn_fffae58c  ; call 0xfffae58c
mov eax, edi
shr eax, 0x10
add bl, al
setne dl
cmp word [ebp - 0xf4], 0xf
setbe al
test dl, al
je short loc_fffa455a  ; je 0xfffa455a
mov eax, dword [ebp + 8]
mov edx, 0x78
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3678
and eax, 0xffffffc0
lea ecx, [eax + 0x10]
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffa455a:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
cmp eax, 0x4b0
je short loc_fffa456e  ; je 0xfffa456e
cmp eax, 0x546
sete cl
jmp short loc_fffa4582  ; jmp 0xfffa4582

loc_fffa456e:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 2
sete cl
lea ecx, [ecx*4 + 3]

loc_fffa4582:  ; not directly referenced
mov eax, dword [ebp + 8]
and ecx, 7
mov edx, 0x58a4
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x6c], 0
mov eax, dword [eax + 0x2480]
mov dword [ebp - 0x80], eax
mov eax, dword [ebp + 8]
add eax, 0x3756
mov dword [ebp - 0x88], eax
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
add eax, 0x244b
mov dword [ebp - 0x78], eax

loc_fffa45c1:  ; not directly referenced
mov eax, dword [ebp - 0x70]
cmp dword [eax], 2
jne loc_fffa502f  ; jne 0xfffa502f
mov edi, dword [ebp + 8]
imul eax, dword [ebp - 0x6c], 0xcc
mov edx, dword [edi + 0x5edc]
lea eax, [edx + eax + 0x1c]
imul edx, dword [edi + 0x18a7], 0x2e
mov edi, dword [ebp - 0x70]
lea edx, [edi + edx + 4]
movzx ebx, word [edx + 8]
movzx ecx, word [edx + 0x26]
mov dword [eax + 0x9c], 0
lea edi, [ebx + ecx + 4]
mov cx, word [edx + 0x10]
mov bl, 0x1f
mov esi, ecx
and esi, 0x1f
cmp cx, 0x1f
mov cl, byte [eax + 0x9c]
cmova esi, ebx
and ecx, 0xffffffe0
or ecx, esi
mov byte [eax + 0x9c], cl
movzx esi, byte [edx + 0x1a]
and esi, 0x1f
cmp word [edx + 0x1a], 0x1f
cmovbe ebx, esi
and ecx, 0x1f
mov esi, ebx
shl esi, 5
or ecx, esi
mov byte [eax + 0x9c], cl
mov cl, byte [eax + 0x9d]
shr bl, 3
and ecx, 0xfffffffc
or ecx, ebx
mov bl, 0x3f
mov byte [eax + 0x9d], cl
movzx esi, byte [edx + 0xc]
and esi, 0x3f
cmp word [edx + 0xc], 0x3f
cmovbe ebx, esi
and ecx, 3
shl ebx, 2
mov esi, 0xf
or ecx, ebx
mov byte [eax + 0x9d], cl
mov cx, word [edx + 0x24]
mov bl, cl
and ebx, 0xf
cmp cx, 0xf
cmova ebx, esi
mov ecx, 0x3f
cmp edi, 0x3f
cmovbe ecx, edi
mov edi, ecx
shl edi, 4
or ebx, edi
mov byte [eax + 0x9e], bl
mov bl, byte [eax + 0x9f]
shr ecx, 4
and ecx, 3
and ebx, 0xfffffffc
or ebx, ecx
mov byte [eax + 0x9f], bl
mov di, word [edx + 0x1e]
mov ecx, edi
and ecx, 0xf
cmp di, 0xf
mov edi, dword [ebp + 8]
cmovbe esi, ecx
and ebx, 0xffffffc3
shl esi, 2
or ebx, esi
mov byte [eax + 0x9f], bl
cmp dword [edi + 0x2480], 3
jne short loc_fffa470b  ; jne 0xfffa470b
movzx esi, word [edx + 0x1a]
movzx ecx, word [edx + 0x1c]
sub ecx, esi
mov esi, 3
cmp ecx, 3
cmovg ecx, esi
and ebx, 0x3f
shl ecx, 6
or ebx, ecx
mov byte [eax + 0x9f], bl

loc_fffa470b:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp dword [edi + 0x2480], 2
jne short loc_fffa473d  ; jne 0xfffa473d
mov cx, word [edx + 0x22]
mov dl, 0xf
mov bl, cl
and ebx, 0xf
cmp cx, 0xf
mov cl, byte [eax + 0x9f]
cmovbe edx, ebx
shl edx, 2
and ecx, 0xffffffc3
or ecx, edx
mov byte [eax + 0x9f], cl

loc_fffa473d:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
mov ecx, dword [eax + 0x9c]
mov eax, dword [ebp + 8]
mov edi, esi
add edi, 0x10
shl edi, 0xa
mov edx, edi
call fcn_fffae58c  ; call 0xfffae58c
imul eax, esi, 0xcc
mov esi, dword [ebp + 8]
mov edx, dword [esi + 0x5edc]
lea ecx, [edx + eax + 0x1c]
imul eax, dword [esi + 0x18a7], 0x2e
mov esi, dword [ebp - 0x70]
lea ebx, [esi + eax + 4]
mov esi, 0x1f
movzx eax, word [ebx + 6]
mov dword [ebp - 0x7c], eax
movzx eax, word [ebx + 8]
sub dword [ebp - 0x7c], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 2
mov dword [ecx + 0xac], 0
mov dx, word [ebx + 8]
sete byte [ebp - 0x90]
mov al, dl
and eax, 0x1f
cmp dx, 0x1f
cmova eax, esi
mov byte [ebp - 0x81], al
mov dl, al
shl eax, 5
mov byte [ebp - 0x8c], al
mov al, byte [ecx + 0xac]
mov byte [ebp - 0x74], al
mov al, byte [ebp - 0x8c]
and byte [ebp - 0x74], 0x1f
or byte [ebp - 0x74], al
mov al, byte [ebp - 0x74]
mov byte [ecx + 0xac], al
mov al, dl
shr al, 3
mov dl, al
mov al, byte [ecx + 0xad]
and eax, 0xfffffffc
or eax, edx
mov byte [ecx + 0xad], al
mov dl, byte [ebx + 6]
and edx, 0x1f
cmp word [ebx + 6], 0x1f
cmovbe esi, edx
mov dl, byte [ebp - 0x74]
and eax, 0xffffffc3
and edx, 0xffffffe0
or edx, esi
mov esi, dword [ebp - 0x90]
mov byte [ecx + 0xac], dl
lea edx, [esi*8 + 4]
mov esi, dword [ebp - 0x7c]
and edx, 0xc
or eax, edx
mov edx, 7
or eax, 0x10
cmp esi, 7
cmovbe edx, esi
and eax, 0x3f
mov esi, edx
shl esi, 6
or eax, esi
mov byte [ecx + 0xad], al
mov al, byte [ecx + 0xae]
shr edx, 2
and edx, 1
and eax, 0xfffffffe
or eax, edx
mov byte [ecx + 0xae], al
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 3
jne loc_fffa493f  ; jne 0xfffa493f
cmp byte [eax + 0x240a], 0
je short loc_fffa4888  ; je 0xfffa4888
or byte [ecx + 0xaf], 2

loc_fffa4888:  ; not directly referenced
mov dl, byte [ebp - 0x81]
mov al, byte [ecx + 0xac]
add edx, 0x1f
and edx, 0x1f
and eax, 0x1f
mov esi, edx
shl esi, 5
or eax, esi
mov byte [ecx + 0xac], al
mov al, byte [ecx + 0xad]
shr dl, 3
and eax, 0xfffffff0
or eax, edx
xor edx, edx
or eax, 8
mov byte [ecx + 0xad], al
mov eax, dword [ebp + 8]
movzx esi, word [ebx + 8]
movzx eax, word [eax + 0x2489]
dec esi
add eax, eax
mov ebx, eax
add eax, 0xdab
div ebx
mov dword [ebp - 0x74], ebx
mov bl, byte [ecx + 0xae]
sub esi, eax
mov eax, 7
cmp esi, 7
cmova esi, eax
xor edx, edx
mov eax, esi
and ebx, 7
shl eax, 6
mov byte [ebp - 0x7c], al
mov al, byte [ecx + 0xaf]
shr esi, 2
and esi, 1
and eax, 0xfffffffe
or eax, esi
mov byte [ecx + 0xaf], al
mov esi, dword [ebp - 0x74]
lea eax, [esi + 0x6d5]
div esi
mov esi, 7
inc eax
cmp eax, 7
cmova eax, esi
or ebx, dword [ebp - 0x7c]
and eax, 7
shl eax, 3
or ebx, eax
mov byte [ecx + 0xae], bl

loc_fffa493f:  ; not directly referenced
lea eax, [edi - 0x4000]
mov ecx, dword [ecx + 0xac]
mov dword [ebp - 0x74], eax
lea eax, [edi + 0x14]
mov edx, eax
mov dword [ebp - 0x7c], eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov esi, dword [ebp + 8]
mov edi, dword [ebp - 0x6c]
mov edx, dword [esi + 0x5edc]
imul eax, edi, 0xcc
imul ecx, dword [esi + 0x18a7], 0x2e
lea eax, [edx + eax + 0x1c]
imul edx, edi, 0x13c3
mov edi, dword [ebp - 0x78]
lea edx, [ecx + edx + 0x1300]
lea ecx, [edi + edx + 0xf]
mov edx, dword [esi + 0x2480]
mov dword [eax + 0xa0], 0
mov ebx, dword [esi + 0x36d7]
cmp edx, 3
jne short loc_fffa49c1  ; jne 0xfffa49c1
mov dl, 4
cmp ebx, 0x42b
jbe short loc_fffa49f7  ; jbe 0xfffa49f7
cmp ebx, 0x536
sbb edx, edx
add edx, 6
jmp short loc_fffa49f7  ; jmp 0xfffa49f7

loc_fffa49c1:  ; not directly referenced
mov edx, 3
cmp ebx, 0x42b
jbe short loc_fffa49f7  ; jbe 0xfffa49f7
mov dl, 4
cmp ebx, 0x640
jbe short loc_fffa49f7  ; jbe 0xfffa49f7
mov dl, 5
cmp ebx, 0x74b
jbe short loc_fffa49f7  ; jbe 0xfffa49f7
mov dl, 6
cmp ebx, 0x960
jbe short loc_fffa49f7  ; jbe 0xfffa49f7
cmp ebx, 0xaf1
sbb edx, edx
add edx, 8

loc_fffa49f7:  ; not directly referenced
cmp edx, 0xf
mov ebx, 0xf
mov edi, dword [ebp + 8]
cmovbe ebx, edx
mov dl, byte [eax + 0xa0]
and ebx, 0xf
and edx, 0xfffffff0
or edx, ebx
mov byte [eax + 0xa0], dl
mov dl, byte [eax + 0xa3]
cmp dword [edi + 0x2480], 3
jne short loc_fffa4a2d  ; jne 0xfffa4a2d
and edx, 0x3f
jmp short loc_fffa4a30  ; jmp 0xfffa4a30

loc_fffa4a2d:  ; not directly referenced
or edx, 0xffffffc0

loc_fffa4a30:  ; not directly referenced
mov byte [eax + 0xa3], dl
mov dx, word [ecx + 0xa]
mov bl, 0xff
mov edi, dword [ebp + 8]
cmp dx, 0xff
cmovbe ebx, edx
mov dl, byte [eax + 0xa0]
mov esi, ebx
shl esi, 4
shr bl, 4
and edx, 0xf
or edx, esi
mov byte [eax + 0xa0], dl
mov dl, byte [eax + 0xa1]
and edx, 0xffffff80
or edx, ebx
xor ebx, ebx
or edx, 0x40
mov byte [eax + 0xa1], dl
cmp dword [edi + 0x2480], 3
sete bl
and edx, 0x7f
add ebx, 6
and ebx, 0xf
mov esi, ebx
and esi, 1
shl esi, 7
or edx, esi
mov byte [eax + 0xa1], dl
mov dl, bl
shr dl, 1
mov esi, edx
mov dl, byte [eax + 0xa2]
shl ebx, 3
and edx, 0xffffff80
or edx, esi
or edx, ebx
mov ebx, 0x1f
mov byte [eax + 0xa2], dl
movzx ecx, word [ecx + 6]
add ecx, 5
cmp ecx, 0x1f
cmova ecx, ebx
and edx, 0x7f
mov ebx, ecx
and ebx, 1
shl ebx, 7
or edx, ebx
mov byte [eax + 0xa2], dl
mov dl, byte [eax + 0xa3]
shr ecx, 1
and ecx, 0xf
and edx, 0xfffffff0
or edx, ecx
or edx, 0x20
mov byte [eax + 0xa3], dl
mov ecx, dword [eax + 0xa0]
mov eax, dword [ebp - 0x74]
lea edx, [eax + 0x4004]
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov edi, dword [ebp - 0x6c]
mov esi, dword [ebp + 8]
imul eax, edi, 0xcc
mov edx, dword [esi + 0x5edc]
lea ebx, [edx + eax + 0x1c]
imul edx, dword [esi + 0x18a7], 0x2e
imul eax, edi, 0x13c3
mov edi, dword [ebp - 0x78]
lea eax, [edx + eax + 0x1300]
lea eax, [edi + eax + 0xf]
mov edi, dword [esi + 0x2480]
mov dword [ebx + 0xa4], 0
cmp edi, 2
jne short loc_fffa4b56  ; jne 0xfffa4b56
movzx edx, word [eax + 0x2c]
jmp short loc_fffa4b5a  ; jmp 0xfffa4b5a

loc_fffa4b56:  ; not directly referenced
movzx edx, word [eax + 0x28]

loc_fffa4b5a:  ; not directly referenced
movzx ecx, word [eax + 8]
lea edx, [edx + ecx + 6]
mov ecx, 0x3f
cmp edx, 0x3f
cmova edx, ecx
mov cl, dl
mov dl, byte [ebx + 0xa4]
and ecx, 0x3f
and edx, 0xffffffc0
or edx, ecx
mov byte [ebx + 0xa4], dl
movzx edx, word [eax + 8]
movzx ecx, word [eax + 6]
cmp edi, 3
je short loc_fffa4b97  ; je 0xfffa4b97
sub edx, ecx
add edx, 7
jmp short loc_fffa4b9c  ; jmp 0xfffa4b9c

loc_fffa4b97:  ; not directly referenced
mov edx, 8

loc_fffa4b9c:  ; not directly referenced
cmp edx, 0xf
mov ecx, 0xf
cmovbe ecx, edx
mov dl, byte [ebx + 0xa4]
and ecx, 0xf
mov esi, ecx
shl esi, 6
and edx, 0x3f
or edx, esi
mov byte [ebx + 0xa4], dl
mov dl, cl
shr dl, 2
shl ecx, 2
or edx, ecx
mov byte [ebx + 0xa5], dl
mov edx, 7
or byte [ebx + 0xa6], 1
cmp edi, 3
jne short loc_fffa4bf3  ; jne 0xfffa4bf3
mov edi, dword [ebp + 8]
cmp byte [edi + 0x240a], 1
sbb edx, edx
and edx, 0xfffffffe
add edx, 9

loc_fffa4bf3:  ; not directly referenced
cmp edx, 0xf
mov ecx, 0xf
cmovbe ecx, edx
mov dl, byte [ebx + 0xa6]
and ecx, 0xf
lea edi, [ecx + ecx]
mov esi, ecx
shl esi, 5
and edx, 1
or edx, edi
or edx, esi
mov byte [ebx + 0xa6], dl
mov dl, byte [ebx + 0xa7]
shr cl, 3
and edx, 0xfffffffe
or edx, ecx
mov byte [ebx + 0xa7], dl
movzx ecx, word [eax + 0x26]
movzx eax, word [eax + 8]
lea eax, [ecx + eax + 4]
mov ecx, 0x3f
cmp eax, 0x3f
cmova eax, ecx
and edx, 0xffffff81
and eax, 0x3f
add eax, eax
or edx, eax
mov eax, dword [ebp + 8]
mov byte [ebx + 0xa7], dl
mov edx, dword [ebp - 0x7c]
call fcn_fffae52a  ; call 0xfffae52a
mov edi, dword [ebp - 0x74]
mov dword [ebx + 0xac], eax
movzx edx, byte [ebx + 0xad]
shr al, 5
movzx eax, al
and edx, 3
shl edx, 3
or edx, eax
mov al, byte [ebx + 0xa7]
cmp edx, 5
setg dl
shl edx, 7
and eax, 0x7f
or eax, edx
mov byte [ebx + 0xa7], al
mov eax, dword [ebp + 8]
lea edx, [edi + 0x4008]
mov ecx, dword [ebx + 0xa4]
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0xa7]
shr al, 7
movzx eax, al
inc eax
and eax, 3
mov ebx, eax
mov ecx, eax
shl ebx, 4
shl ecx, 6
lea edx, [eax*4]
or ecx, ebx
or ecx, edx
or ecx, eax
mov eax, dword [ebp + 8]
lea edx, [edi + 0x40d0]
call fcn_fffae566  ; call 0xfffae566
mov edi, dword [ebp - 0x6c]
mov esi, dword [ebp + 8]
imul eax, edi, 0xcc
mov edx, dword [esi + 0x5edc]
lea ecx, [edx + eax + 0x1c]
imul edx, dword [esi + 0x18a7], 0x2e
imul eax, edi, 0x13c3
mov edi, dword [ebp - 0x78]
lea eax, [edx + eax + 0x1300]
lea esi, [edi + eax + 0xf]
mov eax, dword [ebp + 8]
mov edi, dword [eax + 0x2480]
mov dword [ecx + 0xa8], 0
mov edx, dword [eax + 0x36d7]
mov eax, 0xa
cmp edx, 0x320
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0xd
cmp edx, 0x42b
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0x10
cmp edx, 0x535
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0x14
cmp edx, 0x640
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0x17
cmp edx, 0x74b
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0x1a
cmp edx, 0x855
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0x1d
cmp edx, 0x960
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0x20
cmp edx, 0xa6b
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
mov al, 0x22
cmp edx, 0xaf0
jbe short loc_fffa4d98  ; jbe 0xfffa4d98
cmp edx, 0xbb9
sbb eax, eax
and eax, 0xfffffffd
add eax, 0x27

loc_fffa4d98:  ; not directly referenced
cmp eax, 0x3f
mov edx, 0x3f
cmovbe edx, eax
mov al, byte [ecx + 0xa8]
and edx, 0x3f
and eax, 0xffffffc0
or eax, edx
mov byte [ecx + 0xa8], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x36d7]
cmp edi, 3
jne short loc_fffa4dd2  ; jne 0xfffa4dd2
cmp edx, 0x536
sbb eax, eax
add eax, 6
jmp short loc_fffa4df9  ; jmp 0xfffa4df9

loc_fffa4dd2:  ; not directly referenced
cmp edi, 2
jne short loc_fffa4dee  ; jne 0xfffa4dee
mov eax, 5
cmp edx, 0x640
jbe short loc_fffa4df9  ; jbe 0xfffa4df9
mov al, 6
cmp edx, 0x74b
jbe short loc_fffa4df9  ; jbe 0xfffa4df9

loc_fffa4dee:  ; not directly referenced
cmp edx, 0x856
sbb eax, eax
add eax, 8

loc_fffa4df9:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmovbe edx, eax
mov al, byte [ecx + 0xa8]
mov bl, dl
shl ebx, 6
shr edx, 2
and eax, 0x3f
and edx, 3
or eax, ebx
mov byte [ecx + 0xa8], al
mov al, byte [ecx + 0xa9]
and eax, 0xfffffffc
or eax, edx
mov byte [ecx + 0xa9], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x36d7]
mov eax, 4
cmp edx, 0x320
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
mov al, 5
cmp edx, 0x42b
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
mov al, 6
cmp edx, 0x535
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
mov al, 7
cmp edx, 0x640
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
mov al, 8
cmp edx, 0x74b
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
mov al, 0xa
cmp edx, 0x855
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
mov al, 0xb
cmp edx, 0x960
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
mov al, 0xc
cmp edx, 0xaf0
jbe short loc_fffa4e98  ; jbe 0xfffa4e98
cmp edx, 0xbb9
sbb eax, eax
add eax, 0xe

loc_fffa4e98:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmovbe edx, eax
mov al, byte [ecx + 0xa9]
and edx, 0xf
shl edx, 2
and eax, 0xffffffc3
or eax, edx
mov byte [ecx + 0xa9], al
movzx eax, word [esi + 8]
movzx ebx, word [esi + 6]
mov esi, dword [ebp + 8]
sub ebx, eax
cmp dword [esi + 0x36d7], 0x536
lea eax, [ebx + 8]
movzx esi, word [esi + 0x2489]
lea edx, [ebx + 7]
cmovb eax, edx
cmp edi, 3
jne short loc_fffa4ef6  ; jne 0xfffa4ef6
add esi, esi
xor edx, edx
lea eax, [esi + 0x157b]
div esi
lea eax, [ebx + eax + 6]

loc_fffa4ef6:  ; not directly referenced
cmp eax, 0x1f
mov edx, 0x1f
cmovbe edx, eax
mov al, byte [ecx + 0xa9]
and edx, 0x1f
mov bl, dl
shl ebx, 6
and eax, 0x3f
or eax, ebx
mov byte [ecx + 0xa9], al
mov al, dl
lea ebx, [edx*8]
shr al, 2
or eax, ebx
mov byte [ecx + 0xaa], al
mov al, byte [ecx + 0xab]
and eax, 0xffffffe0
or eax, edx
mov byte [ecx + 0xab], al
mov eax, dword [ebp - 0x74]
mov ecx, dword [ecx + 0xa8]
lea edx, [eax + 0x400c]
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x80], 2
jne loc_fffa502f  ; jne 0xfffa502f
mov edi, dword [ebp + 8]
imul eax, dword [ebp - 0x6c], 0xcc
mov edx, dword [edi + 0x5edc]
lea eax, [edx + eax + 0x1c]
imul edx, dword [edi + 0x18a7], 0x2e
mov edi, dword [ebp - 0x70]
lea ecx, [edi + edx + 4]
mov edi, dword [ebp + 8]
mov dl, 4
mov ebx, dword [edi + 0x36d7]
cmp ebx, 0x535
jbe short loc_fffa4faa  ; jbe 0xfffa4faa
mov dl, 5
cmp ebx, 0x74b
jbe short loc_fffa4faa  ; jbe 0xfffa4faa
cmp ebx, 0x961
sbb edx, edx
add edx, 7

loc_fffa4faa:  ; not directly referenced
and edx, 0xf
mov bl, dl
shl ebx, 4
or ebx, edx
mov dword [eax + 0xb0], 0
mov dl, byte [eax + 0xb1]
mov byte [eax + 0xb0], bl
mov bx, word [ecx + 0x2a]
add bl, byte [ecx + 8]
and edx, 0xffffffc0
add ebx, 6
and ebx, 0x3f
or edx, ebx
mov byte [eax + 0xb1], dl
mov bx, word [ecx + 0x20]
mov cl, 0xf
mov esi, ebx
and esi, 0xf
cmp bx, 0xf
cmovbe ecx, esi
and edx, 0x3f
mov bl, cl
shl ebx, 6
or edx, ebx
mov byte [eax + 0xb1], dl
mov dl, byte [eax + 0xb2]
shr cl, 2
and edx, 0xfffffffc
or edx, ecx
mov byte [eax + 0xb2], dl
mov edx, dword [ebp - 0x74]
mov ecx, dword [eax + 0xb0]
mov eax, dword [ebp + 8]
add edx, 0x4018
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa502f:  ; not directly referenced
inc dword [ebp - 0x6c]
add dword [ebp - 0x70], 0x13c3
cmp dword [ebp - 0x6c], 2
jne loc_fffa45c1  ; jne 0xfffa45c1
mov eax, dword [ebp + 8]
mov edi, dword [ebp + 8]
mov edx, dword [eax + 0x5edc]
xor eax, eax
cmp byte [edi + 0x381a], 0
je short loc_fffa5064  ; je 0xfffa5064
cmp dword [edi + 0x3816], 2
sete al

loc_fffa5064:  ; not directly referenced
mov edi, dword [ebp + 8]
cmp byte [edi + 0x4bdd], 0
je short loc_fffa507f  ; je 0xfffa507f
mov cl, al
or ecx, 2
cmp dword [edi + 0x4bd9], 2
cmove eax, ecx

loc_fffa507f:  ; not directly referenced
lea edi, [edx + 0xbc]
movzx eax, al
mov dword [ebp - 0x70], edi
mov edi, dword [ebp + 8]
mov dword [ebp - 0x6c], 0
mov dword [ebp - 0x74], eax
add edi, 0x4ae6

loc_fffa509e:  ; not directly referenced
mov eax, dword [ebp - 0x74]
mov esi, dword [ebp - 0x6c]
bt eax, esi
jae loc_fffa5212  ; jae 0xfffa5212
mov eax, dword [edi - 0x144]
movzx ebx, byte [edi - 0x12cc]
cmp eax, 3
sete cl
cmp eax, 8
sete dl
xor eax, eax
or cl, dl
je short loc_fffa50e4  ; je 0xfffa50e4
mov eax, dword [ebp - 0xb8]
mov al, byte [edi - 0x128]
mov word [ebp - 0xb8], ax
mov eax, 1

loc_fffa50e4:  ; not directly referenced
mov edx, dword [edi - 0x1c]
cmp edx, 8
sete cl
cmp edx, 3
sete dl
or cl, dl
jne short loc_fffa5100  ; jne 0xfffa5100
mov esi, 6
test eax, eax
je short loc_fffa5133  ; je 0xfffa5133

loc_fffa5100:  ; not directly referenced
mov al, byte [edi]
mov ecx, dword [ebp - 0xb8]
mov ch, al
mov word [ebp - 0xb8], cx
mov al, cl
cmp cl, 5
je short loc_fffa5125  ; je 0xfffa5125
movzx edx, ch
mov esi, 6
cmp dl, 5
jne short loc_fffa5133  ; jne 0xfffa5133

loc_fffa5125:  ; not directly referenced
mov ecx, dword [ebp - 0xb8]
cmp ch, al
setne al
lea esi, [eax + 6]

loc_fffa5133:  ; not directly referenced
sub esp, 0xc
mov eax, esi
mov edx, dword [ebp - 0x6c]
push ebx
movsx eax, al
push 1
xor ecx, ecx
push 1
push eax
mov eax, dword [ebp + 8]
push 8
call fcn_fffb579d  ; call 0xfffb579d
mov eax, esi
add esp, 0x20
cmp al, 7
jne loc_fffa5212  ; jne 0xfffa5212
mov eax, dword [ebp - 0x70]
sub esp, 0xc
mov edx, dword [ebp - 0x6c]
mov esi, dword [eax]
push ebx
push 1
push 1
mov ecx, esi
shr ecx, 0xf
mov eax, ecx
xor ecx, ecx
and eax, 0xf
inc eax
push eax
mov eax, dword [ebp + 8]
push 0
shr esi, 0x13
and esi, 0xf
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x14
mov edx, dword [ebp - 0x6c]
push ebx
xor ecx, ecx
push 1
push 1
lea eax, [esi + 1]
push eax
mov eax, dword [ebp + 8]
push 1
call fcn_fffb579d  ; call 0xfffb579d
mov eax, dword [ebp - 0x70]
add esp, 0x14
mov edx, dword [ebp - 0x6c]
xor ecx, ecx
mov esi, dword [eax + 8]
push ebx
push 1
push 1
mov eax, esi
shr eax, 0x13
and eax, 0x1f
inc eax
push eax
mov eax, dword [ebp + 8]
push 4
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x14
mov eax, esi
push ebx
mov edx, dword [ebp - 0x6c]
xor ecx, ecx
shr eax, 0x18
push 1
and eax, 0x1f
push 1
inc eax
push eax
mov eax, dword [ebp + 8]
push 5
shr esi, 0xe
and esi, 0x1f
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x14
mov edx, dword [ebp - 0x6c]
push ebx
xor ecx, ecx
push 1
push 1
lea eax, [esi + 1]
push eax
mov eax, dword [ebp + 8]
push 0xe
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x20

loc_fffa5212:  ; not directly referenced
inc dword [ebp - 0x6c]
add edi, 0x13c3
add dword [ebp - 0x70], 0xcc
cmp dword [ebp - 0x6c], 2
jne loc_fffa509e  ; jne 0xfffa509e
mov edi, 0x4290
mov dword [ebp - 0x6c], 0

loc_fffa5238:  ; not directly referenced
imul eax, dword [ebp - 0x6c], 0x13c3
mov esi, dword [ebp + 8]
cmp dword [esi + eax + 0x3756], 2
jne loc_fffa553b  ; jne 0xfffa553b
mov edx, dword [ebp - 0x6c]
mov eax, esi
call fcn_fffae6fa  ; call 0xfffae6fa
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x36d7]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov ecx, dword [eax + 0x2480]
cmp ecx, 3
jne short loc_fffa528d  ; jne 0xfffa528d
movzx esi, word [eax + 0x2489]
mov eax, 0x57e40
cdq
add esi, esi
idiv esi
jmp short loc_fffa52de  ; jmp 0xfffa52de

loc_fffa528d:  ; not directly referenced
cmp ecx, 2
je short loc_fffa52d9  ; je 0xfffa52d9
mov eax, 0x100
cmp ebx, 0x640
jbe short loc_fffa52de  ; jbe 0xfffa52de
mov al, 0x2b
cmp ebx, 0x74b
jbe short loc_fffa52e6  ; jbe 0xfffa52e6
mov al, 0x56
cmp ebx, 0x855
jbe short loc_fffa52e6  ; jbe 0xfffa52e6
mov al, 0x80
cmp ebx, 0x960
jbe short loc_fffa52e6  ; jbe 0xfffa52e6
mov al, 0xab
cmp ebx, 0xa6b
jbe short loc_fffa52e6  ; jbe 0xfffa52e6
cmp ebx, 0xb76
sbb eax, eax
and eax, 0xffffffd6
add eax, 0x200
jmp short loc_fffa52e6  ; jmp 0xfffa52e6

loc_fffa52d9:  ; not directly referenced
mov eax, 0x200

loc_fffa52de:  ; not directly referenced
cmp ebx, 0x320
jbe short loc_fffa534b  ; jbe 0xfffa534b

loc_fffa52e6:  ; not directly referenced
cmp ebx, 0x42b
jbe short loc_fffa5352  ; jbe 0xfffa5352
cmp ebx, 0x535
jbe loc_fffa5b11  ; jbe 0xfffa5b11
cmp ebx, 0x640
jbe loc_fffa5b18  ; jbe 0xfffa5b18
cmp ebx, 0x74b
jbe loc_fffa5b1f  ; jbe 0xfffa5b1f
cmp ebx, 0x855
jbe loc_fffa5b26  ; jbe 0xfffa5b26
cmp ebx, 0x960
jbe loc_fffa5b2d  ; jbe 0xfffa5b2d
mov edx, 0xe
cmp ebx, 0xaf0
jbe loc_fffa53cc  ; jbe 0xfffa53cc
cmp ebx, 0xbb9
sbb edx, edx
add edx, 0x10
jmp near loc_fffa53cc  ; jmp 0xfffa53cc

loc_fffa534b:  ; not directly referenced
mov edx, 4
jmp short loc_fffa5357  ; jmp 0xfffa5357

loc_fffa5352:  ; not directly referenced
mov edx, 6

loc_fffa5357:  ; not directly referenced
cmp ecx, 2
je short loc_fffa53d1  ; je 0xfffa53d1
mov esi, 0xc
cmp ebx, 0x42b
jbe short loc_fffa53d6  ; jbe 0xfffa53d6

loc_fffa5369:  ; not directly referenced
mov esi, 0xc
cmp ebx, 0x640
jbe short loc_fffa53d6  ; jbe 0xfffa53d6
mov si, 0xe
cmp ebx, 0x74b
jbe short loc_fffa53d6  ; jbe 0xfffa53d6
mov si, 0x10
cmp ebx, 0x855
jbe short loc_fffa53d6  ; jbe 0xfffa53d6
mov si, 0x12
cmp ebx, 0x960
jbe short loc_fffa53d6  ; jbe 0xfffa53d6

loc_fffa539a:  ; not directly referenced
mov esi, 0x14
cmp ebx, 0xa6b
jbe short loc_fffa53d6  ; jbe 0xfffa53d6
mov si, 0x15
cmp ebx, 0xaf0
jbe short loc_fffa53d6  ; jbe 0xfffa53d6
mov si, 0x16
cmp ebx, 0xb75
jbe short loc_fffa53d6  ; jbe 0xfffa53d6
cmp ebx, 0xbb9
sbb esi, esi
add esi, 0x18
jmp short loc_fffa53d6  ; jmp 0xfffa53d6

loc_fffa53cc:  ; not directly referenced
cmp ecx, 2
jne short loc_fffa539a  ; jne 0xfffa539a

loc_fffa53d1:  ; not directly referenced
mov esi, 0x18

loc_fffa53d6:  ; not directly referenced
cmp edx, 0xf
mov ecx, 0xf
cmova edx, ecx
mov ebx, 0x3ff
and edx, 0xf
shl edx, 0xc
cmp eax, 0x3ff
cmovbe ebx, eax
or dh, 2
and ebx, 0x3ff
shl ebx, 0x10
or edx, ebx
cmp dword [ebp - 0x70], 0
jne short loc_fffa5416  ; jne 0xfffa5416
sub esi, 8
cmp esi, 0xf
cmovbe ecx, esi
shl ecx, 0x1c
jmp short loc_fffa5425  ; jmp 0xfffa5425

loc_fffa5416:  ; not directly referenced
inc esi
mov ecx, 0x1f
cmp esi, 0x1f
cmovbe ecx, esi
shl ecx, 0x1b

loc_fffa5425:  ; not directly referenced
mov eax, dword [ebp + 8]
or ecx, edx
lea edx, [edi + 0x14]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
xor ecx, ecx
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
mov dword [ebp - 0x74], eax
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x2480]
mov edx, dword [eax + 0x36d7]
cmp esi, 3
jne short loc_fffa5473  ; jne 0xfffa5473
movzx ebx, word [eax + 0x2489]
mov eax, 0x15f90
cdq
add ebx, ebx
idiv ebx
jmp short loc_fffa54bd  ; jmp 0xfffa54bd

loc_fffa5473:  ; not directly referenced
mov eax, 0x80
cmp esi, 2
je short loc_fffa54bd  ; je 0xfffa54bd
mov al, 0x40
cmp edx, 0x640
jbe short loc_fffa54bd  ; jbe 0xfffa54bd
mov al, 0x4b
cmp edx, 0x74b
jbe short loc_fffa54bd  ; jbe 0xfffa54bd
mov al, 0x56
cmp edx, 0x855
jbe short loc_fffa54bd  ; jbe 0xfffa54bd
mov al, 0x60
cmp edx, 0x960
jbe short loc_fffa54bd  ; jbe 0xfffa54bd
mov al, 0x6b
cmp edx, 0xa6b
jbe short loc_fffa54bd  ; jbe 0xfffa54bd
cmp edx, 0xb76
sbb eax, eax
and eax, 0xfffffff6
sub eax, 0xffffff80

loc_fffa54bd:  ; not directly referenced
cmp dword [ebp - 0x70], 1
sete dl
cmp dword [ebp - 0x74], 0x40650
sete bl
or dl, bl
je short loc_fffa54fb  ; je 0xfffa54fb
cmp esi, 3
mov edx, 0x100
mov ecx, 0x80
cmove ecx, edx
cmp eax, 0x3ff
mov dx, 0x3ff
cmovbe edx, eax
and edx, 0x3ff
shl edx, 0xa
or ecx, edx
jmp short loc_fffa550c  ; jmp 0xfffa550c

loc_fffa54fb:  ; not directly referenced
mov edx, 0xff
cmp eax, 0xff
mov cl, 0x80
cmovbe edx, eax
mov ch, dl

loc_fffa550c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, edi
lea ebx, [edi + 4]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, ebx
mov ecx, eax
mov eax, dword [ebp + 8]
mov cl, 0xff
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a

loc_fffa553b:  ; not directly referenced
inc dword [ebp - 0x6c]
add edi, 0x400
cmp dword [ebp - 0x6c], 2
jne loc_fffa5238  ; jne 0xfffa5238
mov eax, dword [ebp + 8]
mov ecx, 0x100000
mov esi, dword [eax + 0x1887]
cmp dword [eax + 0x2480], 3
mov edi, dword [eax + 0x188b]
sete al
cmp esi, 0x306d0
sete bl
cmp esi, 0x40650
sete dl
or bl, dl
jne short loc_fffa558f  ; jne 0xfffa558f
cmp esi, 0x40670
sete dl
test dl, al
je short loc_fffa55b0  ; je 0xfffa55b0

loc_fffa558f:  ; not directly referenced
mov ecx, 0x102000
test al, al
je short loc_fffa55b0  ; je 0xfffa55b0
mov eax, dword [ebp + 8]
cmp byte [eax + 0x240a], 1
sbb ecx, ecx
and ecx, 0x2000
add ecx, 0x4100000

loc_fffa55b0:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x4c20
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov ecx, 0x553c3038
mov edx, 0x4f8c
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 3
je short loc_fffa55e4  ; je 0xfffa55e4

loc_fffa55db:  ; not directly referenced
dec edi
jne loc_fffa568d  ; jne 0xfffa568d
jmp short loc_fffa563c  ; jmp 0xfffa563c

loc_fffa55e4:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3756], 2
jne short loc_fffa560f  ; jne 0xfffa560f
mov edx, 0x4010
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x4010
and eax, 0xfffffff0
or eax, 7
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa560f:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
jne short loc_fffa55db  ; jne 0xfffa55db
mov edx, 0x4410
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x4410
and eax, 0xfffffff0
or eax, 7
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffa55db  ; jmp 0xfffa55db

loc_fffa563c:  ; not directly referenced
mov edi, dword [ebp + 8]
xor edx, edx
mov ecx, 0x1ffff
cmp dword [edi + 0x191c], 0x1ffff
cmovbe ecx, dword [edi + 0x191c]
mov dx, word [edi + 0x1920]
and ecx, 0x1ffff
cmp byte [edi + 0x191b], 0
mov eax, ecx
je short loc_fffa5679  ; je 0xfffa5679
mov ecx, edx
or ecx, 0x80000000
mov edx, ecx

loc_fffa5679:  ; not directly referenced
push ecx
push ecx
push edx
mov edx, 0x5028
push eax
mov eax, dword [ebp + 8]
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10

loc_fffa568d:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x3f
xor esi, esi
xor edi, edi
call fcn_fffc3c0d  ; call 0xfffc3c0d
mov eax, dword [ebp + 8]
lea ecx, [ebp - 0x20]
mov edx, dword [ebp - 0x88]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x70], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2480]
mov dword [ebp - 0x74], eax
lea eax, [ebp - 0x28]

loc_fffa56c4:  ; not directly referenced
mov dword [eax], 0
cmp dword [edx], 2
jne short loc_fffa56f1  ; jne 0xfffa56f1
cmp dword [edx + 0x1173], 2
jne short loc_fffa56e0  ; jne 0xfffa56e0
mov ebx, dword [edx + 0x1254]
mov dword [eax], ebx

loc_fffa56e0:  ; not directly referenced
cmp dword [edx + 0x129b], 2
jne short loc_fffa56f1  ; jne 0xfffa56f1
mov ebx, dword [edx + 0x137c]
add dword [eax], ebx

loc_fffa56f1:  ; not directly referenced
add eax, 4
add edx, 0x13c3
cmp eax, ecx
jne short loc_fffa56c4  ; jne 0xfffa56c4
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248d]
mov byte [ebp - 0x78], al
mov eax, dword [ebp - 0x24]
mov ebx, eax
mov dword [ebp - 0x6c], eax
mov eax, dword [ebp - 0x28]
cmp ebx, eax
ja short loc_fffa5737  ; ja 0xfffa5737
mov eax, dword [ebp + 8]
mov ebx, 4
mov dword [eax + 0x381b], 0
mov dword [eax + 0x4bde], 1
jmp short loc_fffa5756  ; jmp 0xfffa5756

loc_fffa5737:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov ebx, 1
mov dword [ebp - 0x6c], eax
mov dword [ecx + 0x381b], 1
mov dword [ecx + 0x4bde], 0

loc_fffa5756:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
mov edx, 0xff
shr eax, 8
cmp dword [ebp - 0x70], 0
jne short loc_fffa5788  ; jne 0xfffa5788
cmp eax, 0xff
mov esi, edx
cmovbe esi, eax
add eax, eax
cmp eax, 0xff
cmova eax, edx
movzx eax, al
shl eax, 0x10
shl esi, 0x18
or esi, eax
jmp short loc_fffa5796  ; jmp 0xfffa5796

loc_fffa5788:  ; not directly referenced
cmp eax, 0xff
cmovbe edx, eax
mov eax, esi
mov al, dl
mov esi, eax

loc_fffa5796:  ; not directly referenced
and ebx, 0xfffffbcf
mov ecx, ebx
mov ebx, dword [ebp - 0x74]
cmp ebx, 3
sete dl
or ecx, 0x20
mov eax, edx
and eax, 1
shl eax, 0xa
or ecx, eax
xor eax, eax
cmp ebx, 2
sete al
and ch, 0xf7
shl eax, 0xb
or ecx, eax
mov eax, dword [ebp + 8]
mov ebx, ecx
mov al, byte [eax + 0x1917]
test al, al
je loc_fffa5894  ; je 0xfffa5894
cmp dword [ebp - 0x70], 0
jne short loc_fffa5822  ; jne 0xfffa5822
mov edx, dword [ebp + 8]
mov edi, 0x3fff
mov eax, dword [ebp + 8]
mov dl, byte [edx + 0x191a]
cmp word [eax + 0x1918], 0x3fff
cmovbe di, word [eax + 0x1918]
mov al, 3
mov byte [ebp - 0x70], dl
mov edx, dword [ebp + 8]
and edi, 0x3fff
cmp byte [edx + 0x191a], 3
mov dl, byte [ebp - 0x70]
cmovbe eax, edx
and eax, 3
shl eax, 0x15
jmp short loc_fffa588c  ; jmp 0xfffa588c

loc_fffa5822:  ; not directly referenced
cmp al, 2
jne short loc_fffa5849  ; jne 0xfffa5849
test dl, dl
je short loc_fffa5842  ; je 0xfffa5842
mov al, byte [ebp - 0x78]
cmp al, 4
sete dl
dec al
sete al
or dl, al
je short loc_fffa5842  ; je 0xfffa5842
mov edi, 0xd030c0
jmp short loc_fffa5894  ; jmp 0xfffa5894

loc_fffa5842:  ; not directly referenced
mov edi, 0x9030ce
jmp short loc_fffa5894  ; jmp 0xfffa5894

loc_fffa5849:  ; not directly referenced
mov edx, dword [ebp + 8]
mov edi, 0x3fff
mov eax, dword [ebp + 8]
mov dl, byte [edx + 0x191a]
cmp word [eax + 0x1918], 0x3fff
cmovbe di, word [eax + 0x1918]
mov al, 7
mov byte [ebp - 0x70], dl
mov edx, dword [ebp + 8]
and edi, 0x3fff
cmp byte [edx + 0x191a], 7
mov dl, byte [ebp - 0x70]
cmovbe eax, edx
and eax, 7
shl eax, 0x14

loc_fffa588c:  ; not directly referenced
or edi, 0x800000
or edi, eax

loc_fffa5894:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x2402], 0
je short loc_fffa58d8  ; je 0xfffa58d8
mov eax, dword [ebp - 0x24]
cmp dword [ebp - 0x28], eax
jne short loc_fffa58ce  ; jne 0xfffa58ce
mov eax, dword [ebp - 0x6c]
mov ebx, ecx
or edi, 0x800000
or ebx, 0x40
and ebx, 0xfffffc7f
call fcn_fffaec34  ; call 0xfffaec34
sub eax, 9
and eax, 7
shl eax, 7
or ebx, eax
jmp short loc_fffa58d8  ; jmp 0xfffa58d8

loc_fffa58ce:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [eax + 0x2402], 0

loc_fffa58d8:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, edi
mov edx, 0x5024
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov ecx, ebx
mov edx, 0x5000
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov ecx, esi
mov edx, 0x5014
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x6c], 0x5004
lea ebx, [eax + 0x48c9]

loc_fffa5915:  ; not directly referenced
cmp dword [ebx - 0x1173], 2
mov esi, ebx
jne loc_fffa5aaf  ; jne 0xfffa5aaf
xor edx, edx
cmp dword [ebx], 2
jne short loc_fffa5931  ; jne 0xfffa5931
mov edx, dword [ebx + 0xe1]

loc_fffa5931:  ; not directly referenced
cmp dword [ebx + 0x128], 2
lea eax, [ebx + 0x128]
jne short loc_fffa5948  ; jne 0xfffa5948
cmp dword [ebx + 0x209], edx
ja short loc_fffa594e  ; ja 0xfffa594e

loc_fffa5948:  ; not directly referenced
mov edi, eax
xor ecx, ecx
jmp short loc_fffa5957  ; jmp 0xfffa5957

loc_fffa594e:  ; not directly referenced
mov ecx, 0x10000
mov edi, ebx
mov esi, eax

loc_fffa5957:  ; not directly referenced
mov al, byte [esi + 0xed]
mov byte [ebp - 0x70], al
test al, al
je short loc_fffa59a6  ; je 0xfffa59a6
cmp dword [esi], 2
jne short loc_fffa59a6  ; jne 0xfffa59a6
mov eax, dword [esi + 0xe1]
mov edx, 0xff
shr eax, 8
cmp eax, 0xff
cmova eax, edx
xor edx, edx
cmp byte [ebp - 0x70], 1
mov cl, al
setne dl
and ecx, 0xfff5ffff
shl edx, 0x11
xor eax, eax
cmp byte [esi + 0xf1], 0x10
sete al
or ecx, edx
shl eax, 0x13
or ecx, eax

loc_fffa59a6:  ; not directly referenced
mov al, byte [edi + 0xed]
mov byte [ebp - 0x70], al
test al, al
je short loc_fffa59f5  ; je 0xfffa59f5
cmp dword [edi], 2
jne short loc_fffa59f5  ; jne 0xfffa59f5
mov eax, dword [edi + 0xe1]
mov edx, 0xff
shr eax, 8
cmp eax, 0xff
cmova eax, edx
mov ch, al
xor eax, eax
cmp byte [ebp - 0x70], 1
setne al
and ecx, 0xffebffff
shl eax, 0x12
xor edx, edx
cmp byte [edi + 0xf1], 0x10
sete dl
or ecx, eax
shl edx, 0x14
or ecx, edx

loc_fffa59f5:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
je short loc_fffa5a22  ; je 0xfffa5a22
lea eax, [ecx + ecx]
and ecx, 0xffefffff
and eax, 0x100000
or ecx, eax

loc_fffa5a22:  ; not directly referenced
mov edi, dword [ebp + 8]
mov eax, ecx
or eax, 0x200000
mov edx, dword [ebp - 0x6c]
cmp byte [edi + 0x1908], 0
cmovne ecx, eax
mov eax, ecx
or eax, 0x400000
cmp byte [edi + 0x1909], 0
cmovne ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 3
jne short loc_fffa5aaf  ; jne 0xfffa5aaf
cmp dword [eax + 0x1887], 0x40650
jne short loc_fffa5a7e  ; jne 0xfffa5a7e
xor ecx, ecx
cmp byte [esi + 0xf1], 0x20
sete cl
lea ecx, [ecx + ecx*2 + 0x200d00]
jmp short loc_fffa5a9b  ; jmp 0xfffa5a9b

loc_fffa5a7e:  ; not directly referenced
mov al, byte [esi + 0xf1]
mov ecx, 0x401a00
cmp al, 0x10
jne short loc_fffa5a91  ; jne 0xfffa5a91
mov cl, 5
jmp short loc_fffa5a9b  ; jmp 0xfffa5a9b

loc_fffa5a91:  ; not directly referenced
cmp al, 0x20
mov eax, 0x401a0a
cmove ecx, eax

loc_fffa5a9b:  ; not directly referenced
mov edx, dword [ebp - 0x6c]
mov eax, dword [ebp + 8]
shl edx, 8
sub edx, 0x4fc1f0
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa5aaf:  ; not directly referenced
add dword [ebp - 0x6c], 4
add ebx, 0x13c3
cmp dword [ebp - 0x6c], 0x500c
jne loc_fffa5915  ; jne 0xfffa5915
xor edx, edx
jmp short loc_fffa5b40  ; jmp 0xfffa5b40

loc_fffa5aca:  ; not directly referenced
mov eax, dword [ebp + 8]
call fcn_fffa6828  ; call 0xfffa6828
mov edx, 0x12
test eax, eax
jne short loc_fffa5b40  ; jne 0xfffa5b40
sub esp, 0xc
lea eax, [ebp - 0x58]
push eax
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x28]
lea ecx, [ebp - 0x5b]
call fcn_fffa77b4  ; call 0xfffa77b4
mov edi, dword [ebp + 8]
add esp, 0x10
mov edx, 0x16
mov dword [edi + 0x36d7], eax
mov al, byte [edi + 0x36e7]
cmp byte [ebp - 0x5b], al
jne short loc_fffa5b40  ; jne 0xfffa5b40
jmp near loc_fffa2dab  ; jmp 0xfffa2dab

loc_fffa5b11:  ; not directly referenced
mov edx, 7
jmp short loc_fffa5b32  ; jmp 0xfffa5b32

loc_fffa5b18:  ; not directly referenced
mov edx, 8
jmp short loc_fffa5b32  ; jmp 0xfffa5b32

loc_fffa5b1f:  ; not directly referenced
mov edx, 0xa
jmp short loc_fffa5b32  ; jmp 0xfffa5b32

loc_fffa5b26:  ; not directly referenced
mov edx, 0xb
jmp short loc_fffa5b32  ; jmp 0xfffa5b32

loc_fffa5b2d:  ; not directly referenced
mov edx, 0xc

loc_fffa5b32:  ; not directly referenced
cmp ecx, 2
jne loc_fffa5369  ; jne 0xfffa5369
jmp near loc_fffa53d1  ; jmp 0xfffa53d1

loc_fffa5b40:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, edx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa5b4a:  ; not directly referenced
push ebp
mov eax, 0x80000003
mov ebp, esp
pop ebp
ret

fcn_fffa5b54:  ; not directly referenced
push ebp
mov eax, 0x80000003
mov ebp, esp
pop ebp
ret

fcn_fffa5b5e:  ; not directly referenced
push ebp
mov eax, 0x80000003
mov ebp, esp
pop ebp
ret

fcn_fffa5b68:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
out dx, al
pop ebp
ret

fcn_fffa5b74:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 8]
in al, dx
pop ebp
ret

fcn_fffa5b7d:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 0x10]
mov ecx, dword [ebp + 8]
wrmsr
pop ebp
ret

fcn_fffa5b8d:  ; not directly referenced
push ebp
mov ebp, esp
mov ecx, dword [ebp + 8]
rdmsr
pop ebp
ret

fcn_fffa5b97:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 8]
cmp dword [ebp + 0xc], 0x41
mov edx, dword [eax + 0x241b]
mov edx, dword [edx + 0x1e]
jne short loc_fffa5bbc  ; jne 0xfffa5bbc
sub esp, 0xc
push eax
call dword [edx + 0xcc]  ; ucall
add esp, 0x10

loc_fffa5bbc:  ; not directly referenced
xor eax, eax
leave
ret

fcn_fffa5bc0:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x14]
pop ebp
ret

fcn_fffa5bc8:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffa5bcf:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 0x18
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x18], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x14], eax
mov eax, dword [ebp + 8]
movq qword [ebp - 8], mm0
movq mm0, qword [ebp - 0x18]
movq qword [eax], mm0
movq mm0, qword [ebp - 8]
emms
mov eax, dword [ebp - 0x18]
mov edx, dword [ebp - 0x14]
leave
ret

fcn_fffa5bfd:  ; not directly referenced
push ebp
xor edx, edx
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]

loc_fffa5c08:  ; not directly referenced
cmp edx, dword [ebp + 0xc]
je short loc_fffa5c13  ; je 0xfffa5c13
mov dword [eax + edx*4], ecx
inc edx
jmp short loc_fffa5c08  ; jmp 0xfffa5c08

loc_fffa5c13:  ; not directly referenced
pop ebp
ret

fcn_fffa5c15:  ; not directly referenced
push ebp
xor edx, edx
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]

loc_fffa5c20:  ; not directly referenced
cmp edx, dword [ebp + 0xc]
je short loc_fffa5c2c  ; je 0xfffa5c2c
mov word [eax + edx*2], cx
inc edx
jmp short loc_fffa5c20  ; jmp 0xfffa5c20

loc_fffa5c2c:  ; not directly referenced
pop ebp
ret

fcn_fffa5c2e:
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 0x10]
push ebx
mov ebx, dword [ebp + 0xc]
add esi, ebx

loc_fffa5c3b:
cmp ebx, esi
je short loc_fffa5c58  ; je 0xfffa5c58
mov eax, dword [0xff7d0274]
inc ebx
movzx edx, byte [ebx - 1]
test eax, eax
je short loc_fffa5c3b  ; je 0xfffa5c3b
sub esp, 0xc
push edx
call eax
add esp, 0x10
jmp short loc_fffa5c3b  ; jmp 0xfffa5c3b

loc_fffa5c58:
lea esp, [ebp - 8]
or eax, 0xffffffff
pop ebx
pop esi
pop ebp
ret

fcn_fffa5c62:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffa5c69:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
pop ebp
mov dword [0xff7d0080], eax
xor eax, eax
ret

fcn_fffa5c78:  ; not directly referenced
push ebp
mov edx, dword [0xff7d0080]
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov dword [eax], edx
xor eax, eax
pop ebp
ret

fcn_fffa5c8a:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2972  ; jmp 0xfffd2972

fcn_fffa5c93:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [eax + 0x5edc]
lea edx, [ecx + 0x1b8]
xor ecx, ecx
mov dword [ebp + 8], edx
mov edx, 1
pop ebp
jmp near fcn_fffae5b2  ; jmp 0xfffae5b2

fcn_fffa5cb5:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edc]
lea ecx, [eax + 0x1c]
mov byte [eax + 0x247c], 1
add edx, 0x1b8
mov dword [edx], ecx
xor ecx, ecx
mov dword [ebp + 8], edx
xor edx, edx
pop ebp
jmp near fcn_fffae5b2  ; jmp 0xfffae5b2

fcn_fffa5ce0:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edc]
cmp byte [edx + 0x1c4], 1
jne short loc_fffa5d04  ; jne 0xfffa5d04
sub esp, 0xc
push eax
call fcn_fffa5cb5  ; call 0xfffa5cb5
add esp, 0x10

loc_fffa5d04:  ; not directly referenced
xor eax, eax
leave
ret

fcn_fffa5d08:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov ecx, dword [eax + 0x5edc]
lea edx, [ecx + 0x1b8]
mov ecx, 1
mov dword [ebp + 8], edx
mov edx, 1
pop ebp
jmp near fcn_fffae5b2  ; jmp 0xfffae5b2

fcn_fffa5d2d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x600
mov edi, dword [ebp + 0x18]
mov ebx, dword [ebp + 0x14]
mov dword [ebp - 0x5c0], ecx
mov ecx, dword [ebp + 0xc]
mov dword [ebp - 0x5ac], edx
mov esi, dword [ebp + 8]
mov dword [ebp - 0x600], edi
mov edi, dword [ebp + 0x20]
mov byte [ebp - 0x5b0], bl
mov dword [ebp - 0x5ec], ecx
mov byte [ebp - 0x5e0], cl
mov dword [ebp - 0x5f0], edi
mov edi, dword [eax + 0x2443]
lea eax, [ebp - 0x590]
push 1
push 5
push eax
mov dword [ebp - 0x5bc], edi
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 1
push 5
lea eax, [ebp - 0x57c]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0xffffffffffffffff
push 5
lea eax, [ebp - 0x568]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x554]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x540]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x52c]
push eax
call dword [edi + 0x64]  ; ucall
add esp, 0xc
push 0
push 5
lea eax, [ebp - 0x59a]
push eax
call dword [edi + 0x60]  ; ucall
add esp, 0xc
push 0
push 0x500
lea eax, [ebp - 0x518]
push eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x50a
push dword [ebp - 0x5ac]
call dword [edi + 0x5c]  ; ucall
mov edi, dword [ebp - 0x5b0]
mov al, 1
mov dword [ebp - 0x5b8], 0
mov byte [ebp - 0x5d9], 0
add esp, 0x10
test bl, bl
cmove edi, eax
xor ebx, ebx
mov eax, edi
mov byte [ebp - 0x5b0], al
shr al, 1
mov byte [ebp - 0x5d4], al
mov eax, esi
movzx eax, al
mov dword [ebp - 0x5fc], eax
movsx eax, byte [ebp - 0x5e0]
mov dword [ebp - 0x5d0], eax
add eax, 0x7fffffff
mov dword [ebp - 0x604], eax

loc_fffa5e6f:  ; not directly referenced
movzx eax, byte [ebp - 0x5b0]
mov ecx, dword [ebp - 0x5c0]
mov dword [ebp - 0x5c8], 0
movzx esi, al
mov dword [ebp - 0x5d8], esi
mov esi, dword [ebp + 0x1c]
imul ax, word [esi + ebx*2]
mov esi, dword [ebp + 0x10]
movzx edx, byte [esi + ebx]
mov esi, dword [ebp - 0x5b8]
imul eax, edx
mov word [ebp + ebx*2 - 0x59a], ax
mov eax, esi
add eax, esi
add eax, ecx
mov dword [ebp - 0x5f4], eax
mov eax, dword [ebp - 0x604]
add eax, esi
add eax, eax
add eax, ecx
mov ecx, ebx
mov dword [ebp - 0x5f8], eax
shl ecx, 6

loc_fffa5ed2:  ; not directly referenced
mov esi, dword [ebp - 0x5c8]
mov eax, esi
mov byte [ebp - 0x5e8], al
movzx eax, al
cmp eax, dword [ebp - 0x5d0]
jge loc_fffa6035  ; jge 0xfffa6035
mov esi, dword [ebp + 0x10]
cmp byte [esi + ebx], 0
jne short loc_fffa5f16  ; jne 0xfffa5f16
lea edx, [ecx + eax]
mov dword [ebp + edx*4 - 0x518], 1
mov dword [ebp + ebx*4 - 0x568], 1
jmp near loc_fffa6005  ; jmp 0xfffa6005

loc_fffa5f16:  ; not directly referenced
mov dl, byte [ebp - 0x5e8]
lea edi, [ecx + eax]
mov dword [ebp - 0x5c4], edi
cmp dl, 1
adc byte [ebp - 0x5d9], 0
sub edx, dword [ebp - 0x5d4]
mov esi, edx

loc_fffa5f37:  ; not directly referenced
mov dl, byte [ebp - 0x5d4]
sub edx, dword [ebp - 0x5e8]
mov edi, edx
add edi, esi
mov edx, edi
cmp dl, byte [ebp - 0x5b0]
jae short loc_fffa5fa7  ; jae 0xfffa5fa7
mov edx, esi
test dl, dl
jns short loc_fffa5f5f  ; jns 0xfffa5f5f
mov edi, dword [ebp - 0x5f4]
jmp short loc_fffa5f6f  ; jmp 0xfffa5f6f

loc_fffa5f5f:  ; not directly referenced
mov edx, esi
cmp dl, byte [ebp - 0x5e0]
jl short loc_fffa5f74  ; jl 0xfffa5f74
mov edi, dword [ebp - 0x5f8]

loc_fffa5f6f:  ; not directly referenced
movzx edi, word [edi]
jmp short loc_fffa5f97  ; jmp 0xfffa5f97

loc_fffa5f74:  ; not directly referenced
mov edx, esi
movsx edi, dl
cmp eax, edi
jne short loc_fffa5f87  ; jne 0xfffa5f87
mov edi, dword [ebp - 0x5b8]
add edi, eax
jmp short loc_fffa5f8d  ; jmp 0xfffa5f8d

loc_fffa5f87:  ; not directly referenced
add edi, dword [ebp - 0x5b8]

loc_fffa5f8d:  ; not directly referenced
mov edx, dword [ebp - 0x5c0]
movzx edi, word [edx + edi*2]

loc_fffa5f97:  ; not directly referenced
mov edx, dword [ebp - 0x5c4]
inc esi
add dword [ebp + edx*4 - 0x518], edi
jmp short loc_fffa5f37  ; jmp 0xfffa5f37

loc_fffa5fa7:  ; not directly referenced
lea edx, [ecx + eax]
mov edx, dword [ebp + edx*4 - 0x518]
cmp dword [ebp + ebx*4 - 0x590], edx
jae short loc_fffa5fc1  ; jae 0xfffa5fc1
mov dword [ebp + ebx*4 - 0x590], edx

loc_fffa5fc1:  ; not directly referenced
cmp dword [ebp + ebx*4 - 0x568], edx
jbe short loc_fffa5fdb  ; jbe 0xfffa5fdb
lea esi, [ecx + eax]
mov esi, dword [ebp + esi*4 - 0x518]
mov dword [ebp + ebx*4 - 0x568], esi

loc_fffa5fdb:  ; not directly referenced
movzx esi, byte [ebp - 0x5c8]
mov edi, dword [ebp - 0x5c0]
add esi, dword [ebp - 0x5b8]
movzx esi, word [edi + esi*2]
imul esi, dword [ebp - 0x5d8]
sub edx, esi
imul edx, edx
add dword [ebp + ebx*4 - 0x540], edx

loc_fffa6005:  ; not directly referenced
imul edx, ebx, 0x29
movzx edi, byte [ebp - 0x5b0]
inc dword [ebp - 0x5c8]
lea esi, [eax + edx + 0x74]
add eax, ecx
mov eax, dword [ebp + eax*4 - 0x518]
xor edx, edx
div edi
mov edi, dword [ebp - 0x5ac]
mov dword [edi + esi*4 + 6], eax
jmp near loc_fffa5ed2  ; jmp 0xfffa5ed2

loc_fffa6035:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov al, byte [eax + ebx]
mov byte [ebp - 0x5c8], al
test al, al
je loc_fffa61bd  ; je 0xfffa61bd
mov edx, dword [ebp + ebx*4 - 0x590]
mov ecx, dword [ebp + ebx*4 - 0x568]
mov eax, edx
sub eax, ecx
add ecx, edx
imul eax, eax, 0x4e20
xor edx, edx
div ecx
xor edx, edx
mov dword [ebp - 0x5c4], eax
mov dword [ebp + ebx*4 - 0x554], eax
mov eax, dword [ebp + ebx*4 - 0x540]
div dword [ebp - 0x5d0]
test eax, eax
jne short loc_fffa6094  ; jne 0xfffa6094
mov dword [ebp + ebx*4 - 0x540], 0
jmp short loc_fffa6103  ; jmp 0xfffa6103

loc_fffa6094:  ; not directly referenced
imul eax, eax, 0x64
xor esi, esi
call fcn_fffaebb7  ; call 0xfffaebb7
mov ecx, eax
mov eax, 1
shr ecx, 1

loc_fffa60a7:  ; not directly referenced
cmp ecx, 0x64
jbe short loc_fffa60d2  ; jbe 0xfffa60d2
imul eax, eax, 0xa9e
mov edi, 0xa
xor edx, edx
sub ecx, 0x64
div edi
test esi, esi
je short loc_fffa60cb  ; je 0xfffa60cb
mov esi, 0x64
xor edx, edx
div esi

loc_fffa60cb:  ; not directly referenced
mov esi, 1
jmp short loc_fffa60a7  ; jmp 0xfffa60a7

loc_fffa60d2:  ; not directly referenced
lea edx, [ecx*8 + 0x384]
imul edx, ecx
mov ecx, 0x3e8
add edx, 0x18a88
imul edx, eax
mov eax, edx
xor edx, edx
div ecx
test esi, esi
je short loc_fffa60fc  ; je 0xfffa60fc
mov cx, 0x64
xor edx, edx
div ecx

loc_fffa60fc:  ; not directly referenced
mov dword [ebp + ebx*4 - 0x540], eax

loc_fffa6103:  ; not directly referenced
mov ecx, dword [ebp + ebx*4 - 0x590]
xor edx, edx
mov edi, dword [ebp + ebx*4 - 0x568]
imul eax, dword [ebp + ebx*4 - 0x540], 0xc8
lea esi, [edi + ecx]
div esi
mov esi, eax
mov dword [ebp + ebx*4 - 0x540], eax
imul eax, dword [ebp - 0x5c4], 0x3e8
test esi, esi
je short loc_fffa613e  ; je 0xfffa613e
xor edx, edx
div esi

loc_fffa613e:  ; not directly referenced
mov edx, dword [ebp - 0x5ac]
mov dword [ebp + ebx*4 - 0x52c], eax
mov al, byte [ebp - 0x5c8]
mov dword [ebp + ebx*4 - 0x57c], ecx
mov byte [edx + ebx + 3], al
mov eax, dword [ebp - 0x5c4]
mov dword [edx + ebx*4 + 0x1c], esi
movzx esi, byte [ebp - 0x5b0]
mov dword [edx + ebx*4 + 8], eax
mov eax, dword [ebp + ebx*4 - 0x52c]
mov dword [edx + ebx*4 + 0x30], eax
mov eax, ecx
xor edx, edx
sub ecx, edi
div esi
mov edx, dword [ebp - 0x5ac]
mov dword [edx + ebx*4 + 0x44], eax
mov eax, edi
xor edx, edx
div esi
mov edx, dword [ebp - 0x5ac]
mov esi, dword [ebp + 0x10]
mov dword [edx + ebx*4 + 0x58], eax
movzx eax, cx
movzx esi, byte [esi + ebx]
cdq
idiv dword [ebp - 0x5d8]
cdq
idiv esi
mov edx, dword [ebp - 0x5ac]
mov word [edx + ebx*2 + 0x6c], ax

loc_fffa61bd:  ; not directly referenced
mov eax, dword [ebp - 0x5fc]
inc ebx
add dword [ebp - 0x5b8], eax
cmp ebx, 5
jne loc_fffa5e6f  ; jne 0xfffa5e6f
mov eax, 5

loc_fffa61d8:  ; not directly referenced
dec eax
je short loc_fffa6205  ; je 0xfffa6205
xor edx, edx

loc_fffa61dd:  ; not directly referenced
movzx ecx, dl
cmp ecx, eax
jge short loc_fffa61d8  ; jge 0xfffa61d8
shl ecx, 2
lea esi, [ebp - 0x57c]
add esi, ecx
lea ecx, [ebp + ecx - 0x578]
mov ebx, dword [esi]
mov edi, dword [ecx]
cmp ebx, edi
jae short loc_fffa6202  ; jae 0xfffa6202
mov dword [esi], edi
mov dword [ecx], ebx

loc_fffa6202:  ; not directly referenced
inc edx
jmp short loc_fffa61dd  ; jmp 0xfffa61dd

loc_fffa6205:  ; not directly referenced
mov esi, dword [ebp - 0x56c]
xor edi, edi
xor ebx, ebx

loc_fffa620f:  ; not directly referenced
cmp edi, 4
je short loc_fffa621d  ; je 0xfffa621d
mov eax, dword [ebp + edi*4 - 0x57c]
jmp short loc_fffa621f  ; jmp 0xfffa621f

loc_fffa621d:  ; not directly referenced
mov eax, esi

loc_fffa621f:  ; not directly referenced
call fcn_fffaec34  ; call 0xfffaec34
inc edi
add ebx, eax
cmp edi, 5
jne short loc_fffa620f  ; jne 0xfffa620f
add ebx, 0xb
cmp bl, 0x40
ja short loc_fffa6259  ; ja 0xfffa6259

loc_fffa6234:  ; not directly referenced
mov al, byte [ebp - 0x5ec]
cmp byte [ebp - 0x600], 0
mov byte [ebp - 0x5c8], 0
mov byte [ebp - 0x5c0], al
je loc_fffa62f4  ; je 0xfffa62f4
jmp near loc_fffa631f  ; jmp 0xfffa631f

loc_fffa6259:  ; not directly referenced
movzx ecx, byte [ebp - 0x5d9]
movzx ebx, bl
lea eax, [ecx + ebx - 0x41]
xor ebx, ebx
cdq
idiv ecx
mov edx, 1
movzx eax, al
lea ecx, [eax - 1]
shl edx, cl
mov dword [ebp - 0x5b0], eax
movzx eax, dl

loc_fffa6282:  ; not directly referenced
mov edx, dword [ebp + ebx*4 - 0x590]
mov esi, dword [ebp - 0x5b0]
add edx, eax
mov ecx, esi
mov esi, ebx
shr edx, cl
mov dword [ebp + ebx*4 - 0x590], edx
movzx edx, word [ebp + ebx*2 - 0x59a]
shl esi, 6
mov dword [ebp - 0x5b8], esi
add edx, eax
sar edx, cl
mov word [ebp + ebx*2 - 0x59a], dx
xor edx, edx

loc_fffa62bd:  ; not directly referenced
movzx edi, dl
cmp edi, dword [ebp - 0x5d0]
jge short loc_fffa62e9  ; jge 0xfffa62e9
add edi, dword [ebp - 0x5b8]
inc edx
mov cl, byte [ebp - 0x5b0]
mov esi, dword [ebp + edi*4 - 0x518]
add esi, eax
shr esi, cl
mov dword [ebp + edi*4 - 0x518], esi
jmp short loc_fffa62bd  ; jmp 0xfffa62bd

loc_fffa62e9:  ; not directly referenced
inc ebx
cmp ebx, 5
jne short loc_fffa6282  ; jne 0xfffa6282
jmp near loc_fffa6234  ; jmp 0xfffa6234

loc_fffa62f4:  ; not directly referenced
mov eax, dword [ebp - 0x5d8]
cmp dword [ebp - 0x5d0], eax
jle short loc_fffa631f  ; jle 0xfffa631f
cmp byte [ebp - 0x5d4], 0
je short loc_fffa631f  ; je 0xfffa631f
mov al, byte [ebp - 0x5ec]
mov byte [ebp - 0x5c8], 1
dec eax
mov byte [ebp - 0x5c0], al

loc_fffa631f:  ; not directly referenced
mov al, byte [ebp - 0x5c8]
xor esi, esi
xor edi, edi
mov byte [ebp - 0x5b0], 0
mov dword [ebp - 0x5b8], 0xffffffff
mov dword [ebp - 0x5b4], 0xffffffff
mov byte [ebp - 0x5c4], al

loc_fffa634a:  ; not directly referenced
mov al, byte [ebp - 0x5c0]
mov cl, byte [ebp - 0x5c4]
cmp cl, al
jae loc_fffa6500  ; jae 0xfffa6500
movzx eax, cl
xor ebx, ebx
lea eax, [ebp + eax*4 - 0x518]
mov dword [ebp - 0x5d8], eax
mov dword [ebp - 0x5e8], 0
mov dword [ebp - 0x5e4], 0
mov dword [ebp - 0x5d4], 0xffffffff

loc_fffa638e:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov byte [ebp - 0x5ec], bl
cmp byte [eax + ebx], 0
je loc_fffa645f  ; je 0xfffa645f
mov ecx, dword [ebp - 0x5d8]
mov eax, ebx
shl eax, 8
mov dword [ebp - 0x5e0], eax
mov dword [ebp - 0x5d0], 1
mov eax, dword [ecx + eax]
mov ecx, dword [ebp - 0x5d4]
mov dword [ebp - 0x5cc], 0
cmp ecx, eax
cmovbe eax, ecx
xor ecx, ecx
mov dword [ebp - 0x5d4], eax

loc_fffa63dc:  ; not directly referenced
mov eax, dword [ebp + 0x10]
cmp byte [eax + ecx], 0
je short loc_fffa6425  ; je 0xfffa6425
cmp byte [ebp - 0x5ec], cl
je short loc_fffa6425  ; je 0xfffa6425
push eax
mov eax, dword [ebp - 0x5bc]
push dword [ebp + ecx*4 - 0x590]
push dword [ebp - 0x5cc]
push dword [ebp - 0x5d0]
mov dword [ebp - 0x5f4], ecx
call dword [eax + 0x70]  ; ucall
mov ecx, dword [ebp - 0x5f4]
add esp, 0x10
mov dword [ebp - 0x5d0], eax
mov dword [ebp - 0x5cc], edx

loc_fffa6425:  ; not directly referenced
inc ecx
cmp ecx, 5
jne short loc_fffa63dc  ; jne 0xfffa63dc
mov ecx, dword [ebp - 0x5e0]
push eax
mov eax, dword [ebp - 0x5d8]
push dword [eax + ecx]
mov eax, dword [ebp - 0x5bc]
push dword [ebp - 0x5cc]
push dword [ebp - 0x5d0]
call dword [eax + 0x70]  ; ucall
add dword [ebp - 0x5e8], eax
adc dword [ebp - 0x5e4], edx
add esp, 0x10

loc_fffa645f:  ; not directly referenced
inc ebx
cmp ebx, 5
jne loc_fffa638e  ; jne 0xfffa638e
mov eax, 1
xor edx, edx
xor ebx, ebx

loc_fffa6472:  ; not directly referenced
cmp bl, byte [ebp - 0x5d9]
je short loc_fffa6492  ; je 0xfffa6492
push ecx
inc ebx
push dword [ebp - 0x5d4]
push edx
push eax
mov eax, dword [ebp - 0x5bc]
call dword [eax + 0x70]  ; ucall
add esp, 0x10
jmp short loc_fffa6472  ; jmp 0xfffa6472

loc_fffa6492:  ; not directly referenced
mov ecx, dword [ebp - 0x5e8]
mov ebx, dword [ebp - 0x5e4]
add ecx, eax
adc ebx, edx
cmp dword [ebp - 0x5b4], ebx
jb short loc_fffa64c0  ; jb 0xfffa64c0
ja short loc_fffa64b4  ; ja 0xfffa64b4
cmp dword [ebp - 0x5b8], ecx
jbe short loc_fffa64c0  ; jbe 0xfffa64c0

loc_fffa64b4:  ; not directly referenced
mov dword [ebp - 0x5b8], ecx
mov dword [ebp - 0x5b4], ebx

loc_fffa64c0:  ; not directly referenced
cmp ebx, edi
ja short loc_fffa64ca  ; ja 0xfffa64ca
jb short loc_fffa64da  ; jb 0xfffa64da
cmp ecx, esi
jbe short loc_fffa64da  ; jbe 0xfffa64da

loc_fffa64ca:  ; not directly referenced
mov al, byte [ebp - 0x5c4]
mov esi, ecx
mov edi, ebx
mov byte [ebp - 0x5b0], al

loc_fffa64da:  ; not directly referenced
movzx eax, byte [ebp - 0x5c4]
mov edx, dword [ebp - 0x5ac]
inc byte [ebp - 0x5c4]
mov dword [edx + eax*8 + 0x8e], ecx
mov dword [edx + eax*8 + 0x92], ebx
jmp near loc_fffa634a  ; jmp 0xfffa634a

loc_fffa6500:  ; not directly referenced
mov ebx, dword [ebp - 0x5bc]
mov eax, dword [ebx + 0x74]
push edx
mov edx, edi
push 0x7d0
mov dword [ebp - 0x5c4], eax
mov eax, esi
sub eax, dword [ebp - 0x5b8]
sbb edx, dword [ebp - 0x5b4]
push edx
push eax
call dword [ebx + 0x70]  ; ucall
mov ecx, dword [ebp - 0x5b8]
mov ebx, dword [ebp - 0x5b4]
mov dword [esp], 0
add ecx, esi
adc ebx, edi
add ecx, 1
adc ebx, 0
push ebx
push ecx
push edx
push eax
mov eax, dword [ebp - 0x5c4]
call eax
mov ebx, dword [ebp - 0x5ac]
add esp, 0x20
movzx ecx, byte [ebp - 0x5b0]
mov dword [ebx + 0x7e], esi
mov word [ebx], cx
mov ecx, dword [ebp - 0x5b8]
mov dword [ebx + 0x76], eax
mov eax, ebx
mov dword [ebx + 0x7a], edx
mov dword [ebx + 0x82], edi
mov ebx, dword [ebp - 0x5b4]
mov dword [eax + 0x86], ecx
mov dword [eax + 0x8a], ebx
mov eax, dword [ebp - 0x5f0]
test al, al
je loc_fffa6656  ; je 0xfffa6656
movzx ebx, byte [ebp - 0x5b0]
movsx eax, al
jns short loc_fffa65be  ; jns 0xfffa65be
movzx edx, byte [ebp - 0x5c8]
add ebx, eax
mov esi, 1
cmp ebx, edx
cmovl ebx, edx
jmp short loc_fffa65e5  ; jmp 0xfffa65e5

loc_fffa65be:  ; not directly referenced
movzx edx, byte [ebp - 0x5c0]
add ebx, eax
cmp ebx, edx
jl short loc_fffa65d4  ; jl 0xfffa65d4
mov bl, byte [ebp - 0x5c0]
dec ebx
jmp short loc_fffa65e0  ; jmp 0xfffa65e0

loc_fffa65d4:  ; not directly referenced
mov bl, byte [ebp - 0x5f0]
add ebx, dword [ebp - 0x5b0]

loc_fffa65e0:  ; not directly referenced
mov esi, 0xffffffff

loc_fffa65e5:  ; not directly referenced
mov ecx, dword [ebp - 0x5ac]
push eax
movzx eax, byte [ebp - 0x5b0]
mov edi, dword [ebp - 0x5bc]
push 0x5a
push dword [ecx + eax*8 + 0x92]
push dword [ecx + eax*8 + 0x8e]
call dword [edi + 0x70]  ; ucall
mov dword [esp], 0
push 0
push 0x64
push edx
push eax
call dword [edi + 0x74]  ; ucall
add esp, 0x20

loc_fffa661f:  ; not directly referenced
cmp bl, byte [ebp - 0x5b0]
je short loc_fffa6641  ; je 0xfffa6641
mov edi, dword [ebp - 0x5ac]
movzx ecx, bl
add ecx, 0x10
cmp dword [edi + ecx*8 + 0x12], edx
jb short loc_fffa6652  ; jb 0xfffa6652
ja short loc_fffa6641  ; ja 0xfffa6641
cmp dword [edi + ecx*8 + 0xe], eax
jbe short loc_fffa6652  ; jbe 0xfffa6652

loc_fffa6641:  ; not directly referenced
mov eax, dword [ebp - 0x5ac]
sub ebx, dword [ebp - 0x5b0]
mov byte [eax + 2], bl
jmp short loc_fffa6656  ; jmp 0xfffa6656

loc_fffa6652:  ; not directly referenced
add ebx, esi
jmp short loc_fffa661f  ; jmp 0xfffa661f

loc_fffa6656:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa665e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x1c
mov dword [ebp - 0x20], eax
add eax, 0x3756
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x1c], eax

loc_fffa6677:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
cmp dword [eax], 2
je short loc_fffa669c  ; je 0xfffa669c

loc_fffa667f:  ; not directly referenced
add esi, 0x400
add dword [ebp - 0x1c], 0x13c3
cmp esi, 0x800
jne short loc_fffa6677  ; jne 0xfffa6677
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffa669c:  ; not directly referenced
mov edi, dword [ebp - 0x28]
lea eax, [esi + 0x4060]
mov dword [ebp - 0x24], eax
lea ebx, [esi + 0x4054]
sub edi, esi

loc_fffa66b0:  ; not directly referenced
mov ecx, dword [edi + ebx - 0x4054]
mov edx, ebx
mov eax, dword [ebp - 0x20]
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [edi + ebx - 0x4054]
lea edx, [ebx - 0xc]
mov eax, dword [ebp - 0x20]
add ebx, 4
call fcn_fffae58c  ; call 0xfffae58c
cmp ebx, dword [ebp - 0x24]
jne short loc_fffa66b0  ; jne 0xfffa66b0
jmp short loc_fffa667f  ; jmp 0xfffa667f

fcn_fffa66dd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x10
mov dword [ebp - 0x18], eax
cmp cl, 5
ja short loc_fffa6700  ; ja 0xfffa6700
cmp cl, 4
jae short loc_fffa671a  ; jae 0xfffa671a
lea eax, [ecx - 1]
cmp al, 1
ja loc_fffa67f4  ; ja 0xfffa67f4
jmp short loc_fffa671a  ; jmp 0xfffa671a

loc_fffa6700:  ; not directly referenced
cmp cl, 0x10
jb loc_fffa67f4  ; jb 0xfffa67f4
cmp cl, 0x11
jbe short loc_fffa6721  ; jbe 0xfffa6721
lea eax, [ecx - 0x20]
cmp al, 1
jbe short loc_fffa6721  ; jbe 0xfffa6721
jmp near loc_fffa67f4  ; jmp 0xfffa67f4

loc_fffa671a:  ; not directly referenced
mov edi, 0xa
jmp short loc_fffa6726  ; jmp 0xfffa6726

loc_fffa6721:  ; not directly referenced
mov edi, 7

loc_fffa6726:  ; not directly referenced
xor ebx, ebx
cmp cl, 0x21
ja short loc_fffa6733  ; ja 0xfffa6733
mov bl, byte [ecx + ref_fffd5f1c]  ; mov bl, byte [ecx - 0x2a0e4]

loc_fffa6733:  ; not directly referenced
cmp bl, 7
mov al, 7
cmovbe eax, ebx
xor ebx, ebx
movzx esi, al
mov eax, dword [ebp - 0x18]
imul esi, esi, 0x240
add eax, 0x3756
mov dword [ebp - 0x10], eax
mov eax, edi
add esi, edx
movzx eax, al
mov dword [ebp - 0x1c], eax

loc_fffa675b:  ; not directly referenced
mov eax, dword [ebp - 0x10]
cmp dword [eax], 2
jne short loc_fffa67dd  ; jne 0xfffa67dd
mov byte [ebp - 0x11], 0

loc_fffa6767:  ; not directly referenced
mov edi, dword [ebp - 0x18]
movzx eax, byte [ebp - 0x11]
cmp al, byte [edi + 0x2488]
jae short loc_fffa67b9  ; jae 0xfffa67b9
add eax, ebx
xor ecx, ecx
lea eax, [esi + eax*8]

loc_fffa677d:  ; not directly referenced
mov edi, dword [ebp - 0x10]
mov edx, 1
shl edx, cl
test byte [edi + 0xc4], dl
je short loc_fffa67ae  ; je 0xfffa67ae
imul edx, ecx, 0x90
mov edi, dword [eax + edx]
cmp dword [esi + ebx*8], edi
jbe short loc_fffa67a0  ; jbe 0xfffa67a0
mov dword [esi + ebx*8], edi

loc_fffa67a0:  ; not directly referenced
mov edx, dword [eax + edx + 4]
cmp dword [esi + ebx*8 + 4], edx
jbe short loc_fffa67ae  ; jbe 0xfffa67ae
mov dword [esi + ebx*8 + 4], edx

loc_fffa67ae:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffa677d  ; jne 0xfffa677d
inc byte [ebp - 0x11]
jmp short loc_fffa6767  ; jmp 0xfffa6767

loc_fffa67b9:  ; not directly referenced
mov edi, dword [ebp - 0x1c]
mov ecx, 0xa
xor edx, edx
mov eax, dword [esi + ebx*8]
imul eax, edi
div ecx
xor edx, edx
mov dword [esi + ebx*8], eax
mov eax, dword [esi + ebx*8 + 4]
imul eax, edi
div ecx
mov dword [esi + ebx*8 + 4], eax

loc_fffa67dd:  ; not directly referenced
add ebx, 9
add dword [ebp - 0x10], 0x13c3
cmp ebx, 0x12
jne loc_fffa675b  ; jne 0xfffa675b
xor eax, eax
jmp short loc_fffa67f9  ; jmp 0xfffa67f9

loc_fffa67f4:  ; not directly referenced
mov eax, 2

loc_fffa67f9:  ; not directly referenced
add esp, 0x10
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa6801:
push ebp
mov ebp, esp
sub esp, 0x24
lea edx, [ebp - 0xc]
push edx
lea edx, [ebp - 0x10]
push edx
lea edx, [ebp - 0x14]
push edx
lea eax, [ebp - 0x18]
push eax
push 1
call fcn_fffd28d0  ; call 0xfffd28d0
mov eax, dword [ebp - 0x18]
leave
and eax, 0xfff0ff0
ret

fcn_fffa6828:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2443]
call dword [ebx + 0x54]  ; ucall
lea edi, [eax + 0x2710]

loc_fffa6842:  ; not directly referenced
mov edx, 0x5084
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
test eax, 0x10000
jne short loc_fffa6863  ; jne 0xfffa6863
call dword [ebx + 0x54]  ; ucall
cmp edi, eax
ja short loc_fffa6842  ; ja 0xfffa6842
mov eax, 0x12
jmp short loc_fffa6865  ; jmp 0xfffa6865

loc_fffa6863:  ; not directly referenced
xor eax, eax

loc_fffa6865:  ; not directly referenced
add esp, 0xc
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa686d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, ecx
push ebx
sub esp, 0x3c
mov ebx, dword [eax + 0x2443]
mov dword [ebp - 0x30], edx
call dword [ebx + 0x54]  ; ucall
lea ecx, [eax + 0x2710]
push eax
push 0
push 4
push dword [ebp + 0xc]
mov dword [ebp - 0x34], ecx
call dword [ebx + 0x5c]  ; ucall
mov eax, dword [ebp - 0x30]
add esp, 0x10
shl eax, 0xa
mov dword [ebp - 0x38], eax
add eax, 0x4214
mov dword [ebp - 0x2c], eax

loc_fffa68ae:  ; not directly referenced
mov edx, dword [ebp - 0x2c]
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, eax
shr edx, 0x18
test dl, dl
jns short loc_fffa68d3  ; jns 0xfffa68d3
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x34], eax
ja short loc_fffa68ae  ; ja 0xfffa68ae

loc_fffa68c9:  ; not directly referenced
mov eax, 0x12
jmp near loc_fffa69e2  ; jmp 0xfffa69e2

loc_fffa68d3:  ; not directly referenced
mov al, byte [ebp + 8]
and esi, 3
mov edx, dword [ebp - 0x2c]
shl esi, 0x10
and eax, 0xfff000ff
mov ecx, eax
mov eax, edi
or ecx, esi
or ecx, 0x80000000
call fcn_fffae58c  ; call 0xfffae58c
call dword [ebx + 0x54]  ; ucall
lea esi, [eax + 0x2710]

loc_fffa68fe:  ; not directly referenced
mov edx, dword [ebp - 0x2c]
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
shr eax, 0x18
test al, al
jns short loc_fffa6918  ; jns 0xfffa6918
call dword [ebx + 0x54]  ; ucall
cmp esi, eax
ja short loc_fffa68fe  ; ja 0xfffa68fe
jmp short loc_fffa68c9  ; jmp 0xfffa68c9

loc_fffa6918:  ; not directly referenced
mov esi, dword [ebp - 0x30]
mov edx, dword [ebp - 0x38]
imul eax, esi, 0x54a
add edx, 0x4218
imul esi, esi, 0x13c3
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x2c], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
xor edx, edx
mov dword [ebp - 0x3c], esi
mov dword [ebp - 0x1c], eax
xor eax, eax

loc_fffa694b:  ; not directly referenced
mov ecx, dword [ebp - 0x3c]
cmp byte [edi + ecx + 0x49ba], 0x20
je short loc_fffa6969  ; je 0xfffa6969

loc_fffa6958:  ; not directly referenced
movzx esi, byte [edi + 0x2488]
lea ebx, [eax + eax]
mov dword [ebp - 0x30], esi
xor esi, esi
jmp short loc_fffa698b  ; jmp 0xfffa698b

loc_fffa6969:  ; not directly referenced
test al, 1
je short loc_fffa6958  ; je 0xfffa6958
mov ebx, dword [ebp + 0xc]
mov esi, edx
mov cl, byte [ebx + eax - 1]
mov byte [ebx + eax], cl
jmp short loc_fffa69d3  ; jmp 0xfffa69d3

loc_fffa697b:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
movzx ecx, byte [ecx + esi + 0x4f6]
cmp ebx, ecx
je short loc_fffa6992  ; je 0xfffa6992
inc esi

loc_fffa698b:  ; not directly referenced
cmp esi, dword [ebp - 0x30]
jb short loc_fffa697b  ; jb 0xfffa697b
mov esi, edx

loc_fffa6992:  ; not directly referenced
mov ebx, eax
xor edx, edx
shl ebx, 4
mov dword [ebp - 0x38], ebx
movzx ebx, byte [ebp + eax - 0x1c]
mov dword [ebp - 0x30], ebx
mov ebx, dword [ebp - 0x2c]
lea ecx, [ebx + esi*8]
mov dword [ebp - 0x34], ecx

loc_fffa69ad:  ; not directly referenced
mov ebx, dword [ebp - 0x30]
mov cl, dl
sar ebx, cl
mov ecx, dword [ebp - 0x34]
and ebx, 1
movzx ecx, byte [ecx + edx + 0x4fe]
inc edx
sub ecx, dword [ebp - 0x38]
shl ebx, cl
mov ecx, dword [ebp + 0xc]
or byte [ecx + eax], bl
cmp edx, 8
jne short loc_fffa69ad  ; jne 0xfffa69ad

loc_fffa69d3:  ; not directly referenced
inc eax
cmp eax, 4
je short loc_fffa69e0  ; je 0xfffa69e0
mov edx, esi
jmp near loc_fffa694b  ; jmp 0xfffa694b

loc_fffa69e0:  ; not directly referenced
xor al, al

loc_fffa69e2:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa69ea:  ; not directly referenced
imul edx, edx, 0x13c3
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea edx, [eax + edx + 0x3756]
push ebx
mov ebx, eax
mov eax, dword [edx + 0xc0]
cmp eax, 1
je short loc_fffa6a51  ; je 0xfffa6a51
cmp eax, 2
jne short loc_fffa6a85  ; jne 0xfffa6a85
mov cl, byte [edx + 0x1260]
cmp cl, 1
jne short loc_fffa6a2b  ; jne 0xfffa6a2b
mov al, byte [edx + 0x1388]
cmp al, 1
je short loc_fffa6a71  ; je 0xfffa6a71
cmp al, 2
jne short loc_fffa6a85  ; jne 0xfffa6a85
jmp short loc_fffa6a8c  ; jmp 0xfffa6a8c

loc_fffa6a2b:  ; not directly referenced
xor eax, eax
cmp cl, 2
jne loc_fffa6bcd  ; jne 0xfffa6bcd
mov dl, byte [edx + 0x1388]
cmp dl, 1
je short loc_fffa6a93  ; je 0xfffa6a93
cmp dl, 2
jne loc_fffa6bcd  ; jne 0xfffa6bcd
mov ecx, 5
jmp short loc_fffa6a76  ; jmp 0xfffa6a76

loc_fffa6a51:  ; not directly referenced
mov al, byte [edx + 0x1260]
cmp al, 1
je short loc_fffa6a9a  ; je 0xfffa6a9a
mov dl, byte [edx + 0x1388]
cmp dl, 1
je short loc_fffa6a9a  ; je 0xfffa6a9a
cmp al, 2
je short loc_fffa6a9e  ; je 0xfffa6a9e
cmp dl, 2
jne short loc_fffa6a85  ; jne 0xfffa6a85
jmp short loc_fffa6a9e  ; jmp 0xfffa6a9e

loc_fffa6a71:  ; not directly referenced
mov ecx, 2

loc_fffa6a76:  ; not directly referenced
cmp dword [ebx + 0x187f], 6
mov edx, dword [ebx + 0x1887]
jbe short loc_fffa6aa5  ; jbe 0xfffa6aa5

loc_fffa6a85:  ; not directly referenced
xor eax, eax
jmp near loc_fffa6bcd  ; jmp 0xfffa6bcd

loc_fffa6a8c:  ; not directly referenced
mov ecx, 3
jmp short loc_fffa6a76  ; jmp 0xfffa6a76

loc_fffa6a93:  ; not directly referenced
mov ecx, 4
jmp short loc_fffa6a76  ; jmp 0xfffa6a76

loc_fffa6a9a:  ; not directly referenced
xor ecx, ecx
jmp short loc_fffa6a76  ; jmp 0xfffa6a76

loc_fffa6a9e:  ; not directly referenced
mov ecx, 1
jmp short loc_fffa6a76  ; jmp 0xfffa6a76

loc_fffa6aa5:  ; not directly referenced
mov eax, dword [ebx + 0x187f]
jmp dword [eax*4 + ref_fffd32ec]  ; ujmp: jmp dword [eax*4 - 0x2cd14]

loc_fffa6ab2:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6ad6  ; jne 0xfffa6ad6
xor eax, eax
cmp edx, 0x40670
jne loc_fffa6bcd  ; jne 0xfffa6bcd

loc_fffa6ad6:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd339c]  ; lea eax, [ecx + ecx - 0x2cc64]
jmp near loc_fffa6bcd  ; jmp 0xfffa6bcd

loc_fffa6ae7:  ; not directly referenced
cmp edx, 0x306d0
sete bl
cmp edx, 0x40650
sete al
or bl, al
je short loc_fffa6b12  ; je 0xfffa6b12
cmp ecx, 1
ja short loc_fffa6a85  ; ja 0xfffa6a85
add esi, esi
add ecx, esi
lea eax, [ecx + ecx + ref_fffd3394]  ; lea eax, [ecx + ecx - 0x2cc6c]
jmp near loc_fffa6bcd  ; jmp 0xfffa6bcd

loc_fffa6b12:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6b36  ; jne 0xfffa6b36
xor eax, eax
cmp edx, 0x40670
jne loc_fffa6bcd  ; jne 0xfffa6bcd

loc_fffa6b36:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd337c]  ; lea eax, [ecx + ecx - 0x2cc84]
jmp near loc_fffa6bcd  ; jmp 0xfffa6bcd

loc_fffa6b47:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6b67  ; jne 0xfffa6b67
xor eax, eax
cmp edx, 0x40670
jne short loc_fffa6bcd  ; jne 0xfffa6bcd

loc_fffa6b67:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd3364]  ; lea eax, [ecx + ecx - 0x2cc9c]
jmp short loc_fffa6bcd  ; jmp 0xfffa6bcd

loc_fffa6b75:  ; not directly referenced
cmp edx, 0x306d0
sete bl
cmp edx, 0x40650
sete al
or bl, al
je short loc_fffa6ba1  ; je 0xfffa6ba1
cmp ecx, 1
ja loc_fffa6a85  ; ja 0xfffa6a85
add esi, esi
add ecx, esi
lea eax, [ecx + ecx + ref_fffd33cc]  ; lea eax, [ecx + ecx - 0x2cc34]
jmp short loc_fffa6bcd  ; jmp 0xfffa6bcd

loc_fffa6ba1:  ; not directly referenced
cmp edx, 0x40660
sete bl
cmp edx, 0x306c0
sete al
or bl, al
jne short loc_fffa6bc1  ; jne 0xfffa6bc1
xor eax, eax
cmp edx, 0x40670
jne short loc_fffa6bcd  ; jne 0xfffa6bcd

loc_fffa6bc1:  ; not directly referenced
imul esi, esi, 6
add ecx, esi
lea eax, [ecx + ecx + ref_fffd33b4]  ; lea eax, [ecx + ecx - 0x2cc4c]

loc_fffa6bcd:  ; not directly referenced
pop ebx
pop esi
pop ebp
ret

fcn_fffa6bd1:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
test cl, cl
je short loc_fffa6bf8  ; je 0xfffa6bf8
cmp cl, 0x3c
je short loc_fffa6bfc  ; je 0xfffa6bfc
cmp cl, 0x78
je short loc_fffa6c02  ; je 0xfffa6c02
cmp cl, 0x28
je short loc_fffa6c08  ; je 0xfffa6c08
cmp cl, 0x14
je short loc_fffa6c10  ; je 0xfffa6c10
cmp cl, 0x1e
mov cl, 1
setne bl
jmp short loc_fffa6c0c  ; jmp 0xfffa6c0c

loc_fffa6bf8:  ; not directly referenced
xor ecx, ecx
jmp short loc_fffa6c12  ; jmp 0xfffa6c12

loc_fffa6bfc:  ; not directly referenced
xor ecx, ecx
xor ebx, ebx
jmp short loc_fffa6c0c  ; jmp 0xfffa6c0c

loc_fffa6c02:  ; not directly referenced
xor ecx, ecx
mov bl, 1
jmp short loc_fffa6c14  ; jmp 0xfffa6c14

loc_fffa6c08:  ; not directly referenced
xor ecx, ecx
mov bl, 1

loc_fffa6c0c:  ; not directly referenced
mov dl, 1
jmp short loc_fffa6c16  ; jmp 0xfffa6c16

loc_fffa6c10:  ; not directly referenced
mov cl, 1

loc_fffa6c12:  ; not directly referenced
xor ebx, ebx

loc_fffa6c14:  ; not directly referenced
xor edx, edx

loc_fffa6c16:  ; not directly referenced
and edx, 1
and ebx, 1
lea esi, [edx*4]
mov edx, dword [ebp + 8]
and ecx, 1
shl ebx, 6
shl ecx, 9
and edx, 0xffffffbb
or edx, esi
or edx, ebx
and dh, 0xfd
or edx, ecx
pop ebx
mov word [eax], dx
pop esi
pop ebp
ret

fcn_fffa6c42:  ; not directly referenced
imul edx, edx, 0x13c3
push ebp
mov ebp, esp
lea edx, [eax + edx + 0x3756]
mov cl, byte [edx + 0x1260]
cmp cl, 1
je short loc_fffa6c81  ; je 0xfffa6c81
mov dl, byte [edx + 0x1388]
cmp dl, 1
je short loc_fffa6c81  ; je 0xfffa6c81
cmp cl, 2
je short loc_fffa6c85  ; je 0xfffa6c85
cmp dl, 2
jne short loc_fffa6c7d  ; jne 0xfffa6c7d
jmp short loc_fffa6c85  ; jmp 0xfffa6c85

loc_fffa6c74:  ; not directly referenced
cmp eax, 5
je short loc_fffa6ca0  ; je 0xfffa6ca0
test eax, eax
je short loc_fffa6ca0  ; je 0xfffa6ca0

loc_fffa6c7d:  ; not directly referenced
xor eax, eax
jmp short loc_fffa6ca9  ; jmp 0xfffa6ca9

loc_fffa6c81:  ; not directly referenced
xor edx, edx
jmp short loc_fffa6c8a  ; jmp 0xfffa6c8a

loc_fffa6c85:  ; not directly referenced
mov edx, 1

loc_fffa6c8a:  ; not directly referenced
mov eax, dword [eax + 0x187f]
cmp eax, 2
jne short loc_fffa6c74  ; jne 0xfffa6c74
lea edx, [edx + edx*2]
lea eax, [edx + ref_fffd334c]  ; lea eax, [edx - 0x2ccb4]
jmp short loc_fffa6ca9  ; jmp 0xfffa6ca9

loc_fffa6ca0:  ; not directly referenced
lea edx, [edx + edx*2]
lea eax, [edx + ref_fffd3358]  ; lea eax, [edx - 0x2cca8]

loc_fffa6ca9:  ; not directly referenced
pop ebp
ret

fcn_fffa6cab:  ; not directly referenced
push ebp
mov ebp, esp
cmp cl, 0x3c
je short loc_fffa6cdf  ; je 0xfffa6cdf
ja short loc_fffa6cc8  ; ja 0xfffa6cc8
cmp cl, 0x28
je short loc_fffa6ce3  ; je 0xfffa6ce3
mov dl, 5
cmp cl, 0x30
je short loc_fffa6ce9  ; je 0xfffa6ce9
mov dl, 7
cmp cl, 0x22
jmp short loc_fffa6cd9  ; jmp 0xfffa6cd9

loc_fffa6cc8:  ; not directly referenced
cmp cl, 0x78
je short loc_fffa6ce7  ; je 0xfffa6ce7
mov dl, 4
cmp cl, 0xf0
je short loc_fffa6ce9  ; je 0xfffa6ce9
mov dl, 6
cmp cl, 0x50

loc_fffa6cd9:  ; not directly referenced
je short loc_fffa6ce9  ; je 0xfffa6ce9
xor edx, edx
jmp short loc_fffa6ce9  ; jmp 0xfffa6ce9

loc_fffa6cdf:  ; not directly referenced
mov dl, 1
jmp short loc_fffa6ce9  ; jmp 0xfffa6ce9

loc_fffa6ce3:  ; not directly referenced
mov dl, 3
jmp short loc_fffa6ce9  ; jmp 0xfffa6ce9

loc_fffa6ce7:  ; not directly referenced
mov dl, 2

loc_fffa6ce9:  ; not directly referenced
mov ecx, dword [ebp + 8]
and edx, 7
shl edx, 6
pop ebp
and cx, 0xfe3f
or ecx, edx
mov word [eax], cx
ret

fcn_fffa6cfe:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov esi, dword [eax + 0x1887]
movsx ebx, dl
mov edi, dword [eax + 0x5edc]
cmp esi, 0x306d0
sete al
cmp esi, 0x40650
sete cl
or eax, ecx
cmp al, 1
sbb ecx, ecx
and ecx, 0xffffffce
add ecx, 0x64
cmp byte [edi + 0x1c5], 0
jne short loc_fffa6d4d  ; jne 0xfffa6d4d
movzx eax, cl
add ebx, 0x30
imul eax, eax, 0x60
movzx ecx, cl
cdq
idiv ebx
sub eax, ecx
jmp short loc_fffa6d5c  ; jmp 0xfffa6d5c

loc_fffa6d4d:  ; not directly referenced
mov eax, 0x3200
lea ecx, [ebx + 0x20]
cdq
idiv ecx
sub ax, 0xc8

loc_fffa6d5c:  ; not directly referenced
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa6d61:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
movzx esi, word [ebp + 0x10]
mov dword [ebp - 0x10], edx
mov edx, dword [eax + 0x18a7]
mov dword [ebp - 0x38], ecx
mov dword [ebp - 0x30], esi
add esi, 0xf
mov ecx, dword [eax + edx*4 + 0x3735]
movzx eax, word [ebp + 0xc]
mov dword [ebp - 0x14], esi
mov ebx, eax
imul eax, esi
mov dword [ebp - 0x28], ebx
add ebx, esi
cdq
idiv ebx
mov edi, eax
mov eax, ecx
shr ax, 1
movzx eax, ax
mov edx, eax
movzx eax, byte [ebp + 8]
mov dword [ebp - 0x20], edx
add eax, 0xf
mov dword [ebp - 0x24], eax
lea ebx, [edi + eax]
mov eax, edx
xor edx, edx
mov esi, dword [ebp - 0x24]
div ebx
movzx ebx, cx
mov ecx, ebx
mov dword [ebp - 0x18], ebx
xor edx, edx
imul esi, eax
mov dword [ebp - 0x34], eax
sub ecx, esi
lea eax, [ecx + ecx]
sub eax, ebx
mov ebx, 0x3e8
imul eax, eax
imul esi, esi
div ebx
mov bx, 0x2710
xor edx, edx
imul eax, eax, 0xd2f0
div ebx
mov bx, 0x64
xor edx, edx
div ebx
xor edx, edx
mov ebx, eax
imul eax, edi, 0x3e8
add edi, 0x1e
div edi
mov edi, 0x3e8
xor edx, edx
imul ebx, eax
mov eax, ebx
mov ebx, ecx
div edi
mov edi, ecx
imul edi, ecx
mov dword [ebp - 0x1c], eax
mov eax, edi
mov edi, dword [ebp - 0x28]
add eax, esi
mov esi, edi
add esi, edi
imul edi, esi, 0x64
xor edx, edx
mov esi, dword [ebp - 0x10]
sub ebx, dword [ebp - 0x20]
div edi
xor edx, edx
mov edi, 0x64
mov dword [ebp - 0x2c], eax
mov dword [esi], eax
mov eax, ebx
mov esi, dword [ebp - 0x30]
div dword [ebp - 0x14]
mov ebx, dword [ebp - 0x18]
imul edx, eax, 0xf
imul eax, eax
sub ecx, edx
mov edx, esi
add edx, esi
sub ebx, ecx
imul esi, edx, 0x64
xor edx, edx
imul eax, eax, 0xf
imul ebx, ebx
imul ecx, ecx
mov dword [ebp - 0x28], esi
mov esi, 0x64
div esi
mov esi, eax
mov eax, dword [ebp - 0x34]
mov edx, eax
imul edx, eax
mov eax, dword [ebp - 0x24]
imul eax, edx
xor edx, edx
div edi
xor edx, edx
add esi, eax
lea eax, [ebx + ecx]
div dword [ebp - 0x28]
add esi, eax
mov ebx, esi
mov esi, dword [ebp - 0x10]
mov dword [ebp - 0x30], ebx
mov edx, dword [ebp - 0x14]
mov dword [esi + 4], ebx
movzx ebx, word [ebp + 0x14]
lea edi, [ebx + 0xf]
mov ecx, edi
imul edi, edx
mov dword [ebp - 0x34], ecx
add ecx, edx
mov eax, edi
movzx edi, word [ebp - 0x38]
cdq
idiv ecx
xor edx, edx
lea ecx, [eax + edi]
mov esi, eax
mov eax, dword [ebp - 0x20]
div ecx
mov ecx, dword [ebp - 0x18]
mov edx, eax
imul edx, edi
imul eax, eax
sub ecx, edx
imul eax, edi
mov edi, 0x64
xor edx, edx
div edi
mov di, 0x3e8
xor edx, edx
mov dword [ebp - 0x24], eax
lea eax, [ecx + ecx]
sub eax, dword [ebp - 0x18]
imul eax, eax
div edi
mov di, 0x2710
xor edx, edx
imul eax, eax, 0xd2f0
div edi
mov di, 0x64
xor edx, edx
div edi
xor edx, edx
mov edi, eax
imul eax, esi, 0x3e8
add esi, 0x1e
div esi
mov esi, 0x3e8
xor edx, edx
imul edi, eax
mov eax, edi
mov edi, dword [ebp - 0x24]
div esi
mov esi, dword [ebp - 0x10]
xor edx, edx
mov dword [esi + 8], edi
mov esi, ecx
mov edi, ecx
sub esi, dword [ebp - 0x20]
mov dword [ebp - 0x20], esi
mov dword [ebp - 0x38], eax
mov eax, esi
div dword [ebp - 0x34]
mov edx, dword [ebp - 0x18]
mov esi, eax
imul eax, eax, 0xf
imul esi, esi
sub edi, eax
sub edx, edi
mov eax, edx
imul eax, edx
xor edx, edx
imul edi, edi
add eax, edi
lea edi, [ebx + ebx]
mov ebx, 0x64
imul edi, edi, 0x64
div edi
mov edi, eax
imul eax, esi, 0xf
xor edx, edx
div ebx
xor edx, edx
lea esi, [edi + eax]
mov eax, dword [ebp - 0x20]
mov edi, dword [ebp - 0x10]
div dword [ebp - 0x14]
mov edx, dword [ebp - 0x18]
mov dword [edi + 0x10], esi
mov ebx, eax
imul eax, eax, 0xf
imul ebx, ebx
sub ecx, eax
sub edx, ecx
mov eax, edx
imul eax, edx
xor edx, edx
imul ecx, ecx
add eax, ecx
div dword [ebp - 0x28]
xor edx, edx
mov ecx, eax
imul eax, ebx, 0xf
mov ebx, 0x64
div ebx
mov edx, dword [ebp - 0x1c]
mov dword [edi + 0x14], edx
add ecx, eax
mov eax, dword [ebp - 0x38]
mov dword [edi + 0xc], ecx
add ecx, esi
mov dword [edi + 0x18], eax
mov edi, dword [ebp - 0x30]
mov esi, eax
add edi, edx
mov edx, ecx
mov ecx, dword [ebp - 0x24]
mov dword [ebp - 0x14], edx
add ecx, eax
mov ebx, ecx
lea edx, [ecx + edx]
mov ecx, dword [ebp - 0x2c]
imul edx, edx, 0x28
imul ebx, ebx, 0x28
lea eax, [edi + ecx]
mov ecx, 0x64
imul eax, eax, 0x3c
add eax, edx
xor edx, edx
div cx
mov edx, dword [ebp - 0x10]
mov word [edx + 0x34], ax
imul edx, esi, 0x28
mov esi, 0x64
imul eax, dword [ebp - 0x1c], 0x3c
add eax, edx
xor edx, edx
div esi
mov esi, dword [ebp - 0x10]
imul dx, word [ebp - 0x2c], 0x3c
mov dword [esi + 0x1c], eax
lea eax, [ebx + edx]
xor edx, edx
div cx
mov ebx, esi
xor edx, edx
imul edi, edi, 0x3c
mov word [esi + 0x30], ax
imul si, word [ebp - 0x14], 0x28
lea eax, [esi + edi]
div cx
mov word [ebx + 0x32], ax
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7047:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
movzx esi, cl
push ebx
sub esp, 0xa4
mov al, byte [ebp + 8]
mov byte [ebp - 0x97], dl
mov byte [ebp - 0xa3], cl
mov dword [ebp - 0x94], 0
mov byte [ebp - 0xa4], al
mov al, byte [ebp + 0xc]
mov bl, al
mov byte [ebp - 0xa5], al
lea eax, [ecx - 1]
mov byte [ebp - 0x98], al
movzx eax, dl
mov dword [ebp - 0x9c], eax
lea eax, [eax + esi - 1]
cdq
idiv esi
dec eax
mov byte [ebp - 0x96], al
movzx eax, bl
dec eax
mov dword [ebp - 0xb0], eax

loc_fffa70ac:  ; not directly referenced
mov al, byte [ebp - 0x97]
cmp byte [ebp - 0x94], al
jae loc_fffa71dd  ; jae 0xfffa71dd
mov edx, dword [ebp - 0x94]
mov ecx, dword [ebp - 0xb0]
mov dword [ebp - 0x90], 0
movzx eax, dl
div byte [ebp - 0xa3]
imul cx, word [edi + edx*2]
movzx ebx, ah
mov byte [ebp - 0xa1], al
mov al, bl
dec eax
mov byte [ebp - 0xa6], al
movzx eax, byte [ebp - 0x96]
mov byte [ebp - 0x95], bl
mov dword [ebp - 0xac], eax

loc_fffa7107:  ; not directly referenced
mov al, byte [ebp - 0x95]
xor ebx, ebx
or al, byte [ebp - 0x90]
je short loc_fffa7123  ; je 0xfffa7123
mov bl, byte [ebp - 0xa6]
add ebx, dword [ebp - 0x90]

loc_fffa7123:  ; not directly referenced
mov al, byte [ebp - 0xa4]
cmp bl, al
setb dl
cmp byte [ebp - 0x95], al
setb al
test dl, al
mov al, byte [ebp - 0x95]
cmovne ebx, eax
mov al, byte [ebp - 0x98]
cmp bl, al
cmova ebx, eax
mov al, byte [ebp - 0xa1]
lea edx, [eax - 1]
add eax, 2
mov byte [ebp - 0xa2], al
movzx eax, bl
mov dword [ebp - 0xa0], eax

loc_fffa7168:  ; not directly referenced
xor eax, eax
test dl, dl
cmovns eax, edx
movsx ebx, al
cmp ebx, dword [ebp - 0xac]
mov bl, byte [ebp - 0x96]
cmovg eax, ebx
movsx ebx, al
imul ebx, esi
add ebx, dword [ebp - 0xa0]
cmp dword [ebp - 0x9c], ebx
setle bl
inc edx
sub eax, ebx
movsx eax, al
imul eax, esi
add eax, dword [ebp - 0xa0]
add cx, word [edi + eax*2]
cmp dl, byte [ebp - 0xa2]
jne short loc_fffa7168  ; jne 0xfffa7168
inc dword [ebp - 0x90]
cmp dword [ebp - 0x90], 3
jne loc_fffa7107  ; jne 0xfffa7107
mov eax, dword [ebp - 0x94]
inc dword [ebp - 0x94]
mov word [ebp + eax*2 - 0x8c], cx
jmp near loc_fffa70ac  ; jmp 0xfffa70ac

loc_fffa71dd:  ; not directly referenced
movzx ebx, byte [ebp - 0xa5]
xor ecx, ecx
add ebx, 8

loc_fffa71e9:  ; not directly referenced
cmp byte [ebp - 0x97], cl
jbe short loc_fffa7203  ; jbe 0xfffa7203
movzx eax, word [ebp + ecx*2 - 0x8c]
cdq
idiv ebx
mov word [edi + ecx*2], ax
inc ecx
jmp short loc_fffa71e9  ; jmp 0xfffa71e9

loc_fffa7203:  ; not directly referenced
add esp, 0xa4
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa720e:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3664
cmp dl, 1
ja short loc_fffa7239  ; ja 0xfffa7239
cmp cl, 8
movzx edx, dl
jbe short loc_fffa722f  ; jbe 0xfffa722f
shl edx, 8
lea ebx, [edx + 0x3064]
jmp short loc_fffa7239  ; jmp 0xfffa7239

loc_fffa722f:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x64]

loc_fffa7239:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa724b:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3660
cmp dl, 1
ja short loc_fffa7276  ; ja 0xfffa7276
cmp cl, 8
movzx edx, dl
jbe short loc_fffa726c  ; jbe 0xfffa726c
shl edx, 8
lea ebx, [edx + 0x3060]
jmp short loc_fffa7276  ; jmp 0xfffa7276

loc_fffa726c:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x60]

loc_fffa7276:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa7288:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3674
cmp dl, 1
ja short loc_fffa72b3  ; ja 0xfffa72b3
cmp cl, 8
movzx edx, dl
jbe short loc_fffa72a9  ; jbe 0xfffa72a9
shl edx, 8
lea ebx, [edx + 0x3074]
jmp short loc_fffa72b3  ; jmp 0xfffa72b3

loc_fffa72a9:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x74]

loc_fffa72b3:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa72c5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
mov eax, edx
sub esp, 0x2c
mov edi, dword [ebp + 0x10]
movzx eax, al
mov dword [ebp - 0x1c], edx
mov edx, dword [ebp + 0xc]
mov dword [ebp - 0x20], ecx
mov bl, byte [ebp + 8]
mov dword [ebp - 0x24], edi
mov edi, dword [ebp + 0x14]
cmp edx, 1
mov dword [ebp - 0x28], edi
mov edi, dword [ebp + 0x18]
mov dword [ebp - 0x2c], edi
mov edi, dword [esi + 0x2443]
je short loc_fffa730c  ; je 0xfffa730c
cmp edx, 2
jne short loc_fffa7351  ; jne 0xfffa7351
lea edx, [eax*8 + 0x48f8]
jmp short loc_fffa7313  ; jmp 0xfffa7313

loc_fffa730c:  ; not directly referenced
lea edx, [eax*8 + 0x48d8]

loc_fffa7313:  ; not directly referenced
mov eax, esi
call fcn_fffae548  ; call 0xfffae548
xor ecx, ecx
push eax
and edx, 0x7000000
push 0x38
push edx
push ecx
call dword [edi + 0x6c]  ; ucall
mov ebx, eax
mov eax, dword [ebp - 0x1c]
movzx ebx, bl
lea edx, [eax*4 + 0x4930]
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
lea ecx, [ebx*4]
add esp, 0x10
shr eax, cl
mov bl, al
and ebx, 3

loc_fffa7351:  ; not directly referenced
cmp dword [ebp - 0x20], 0
mov ecx, 0xff
movzx edx, byte [ebp - 0x1c]
jne short loc_fffa7364  ; jne 0xfffa7364
movzx ecx, byte [ebp - 0x24]

loc_fffa7364:  ; not directly referenced
mov eax, esi
and ebx, 3
call fcn_fffa7288  ; call 0xfffa7288
shl ebx, 0x16
mov edi, eax
mov edx, eax
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x28]
mov edx, dword [ebp - 0x2c]
lea esp, [ebp - 0xc]
and ecx, 1
shl ecx, 0x14
and edx, 1
and eax, 0xffcfffff
shl edx, 0x15
or eax, ecx
or eax, edx
mov edx, edi
and eax, 0xff3fffff
or eax, ebx
mov ecx, eax
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffae58c  ; jmp 0xfffae58c

fcn_fffa73b0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
movzx esi, dl
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp + 0xc]
imul edx, esi, 0x13c3
mov dword [ebp - 0x20], esi
mov dword [ebp - 0x24], ebx
movzx esi, bl
movzx ebx, cl
cmp al, 3
lea edi, [edi + edx + 0x3756]
jne short loc_fffa73e9  ; jne 0xfffa73e9
mov ecx, dword [ebp + 0x10]
jmp short loc_fffa745c  ; jmp 0xfffa745c

loc_fffa73e9:  ; not directly referenced
test al, al
jne short loc_fffa73f2  ; jne 0xfffa73f2
mov edx, dword [ebp + 0x10]
jmp short loc_fffa7401  ; jmp 0xfffa7401

loc_fffa73f2:  ; not directly referenced
lea edx, [ebx + ebx*8]
lea edx, [edx + esi + 0xb0]
mov dx, word [edi + edx*2 + 9]

loc_fffa7401:  ; not directly referenced
and dx, 0x1ff
and edx, 0x1ff
mov dword [ebp - 0x28], edx
cmp al, 1
jne short loc_fffa7418  ; jne 0xfffa7418
mov edx, dword [ebp + 0x10]
jmp short loc_fffa742b  ; jmp 0xfffa742b

loc_fffa7418:  ; not directly referenced
movzx edx, byte [ebp - 0x24]
lea ecx, [ecx + ecx*8]
lea edx, [edx + ecx + 0x90]
mov dx, word [edi + edx*2 + 1]

loc_fffa742b:  ; not directly referenced
and dx, 0x1ff
and edx, 0x1ff
shl edx, 9
or edx, dword [ebp - 0x28]
cmp al, 2
jne short loc_fffa7445  ; jne 0xfffa7445
mov cl, byte [ebp + 0x10]
jmp short loc_fffa7451  ; jmp 0xfffa7451

loc_fffa7445:  ; not directly referenced
lea eax, [ebx + ebx*8]
add edi, eax
mov cl, byte [edi + esi + 0x24d]

loc_fffa7451:  ; not directly referenced
and ecx, 0x3f
and ecx, 0x3f
shl ecx, 0x14
or ecx, edx

loc_fffa745c:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov eax, edi
shl eax, 8
lea edx, [eax + ebx*4 + 0x20]
mov eax, esi
shl eax, 9
add edx, eax
mov eax, dword [ebp - 0x1c]
call fcn_fffae58c  ; call 0xfffae58c
sub esp, 0xc
mov eax, dword [ebp - 0x1c]
push 1
mov edx, edi
push 0
xor ecx, ecx
push esi
push 0
push ebx
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7499:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x2c
mov edi, dword [ebp + 0x10]
mov ebx, dword [ebp + 0xc]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x1c], edi
movzx edi, dl
imul edx, edi, 0x13c3
mov dword [ebp - 0x20], ebx
mov dword [ebp - 0x30], edi
lea esi, [esi + edx + 0x3756]
test bl, bl
jne short loc_fffa74d2  ; jne 0xfffa74d2
mov ebx, dword [ebp - 0x1c]
jmp short loc_fffa74e4  ; jmp 0xfffa74e4

loc_fffa74d2:  ; not directly referenced
movzx ebx, al
lea edx, [ecx + ecx*8]
lea edx, [ebx + edx + 0xd8]
mov bx, word [esi + edx*2 + 1]

loc_fffa74e4:  ; not directly referenced
mov edx, dword [ebp - 0x20]
and bx, 0x1ff
movzx edi, al
and ebx, 0x1ff
mov dword [ebp - 0x2c], edi
cmp dl, 5
sete byte [ebp - 0x31]
and edx, 0xfffffffb
dec dl
jne short loc_fffa750b  ; jne 0xfffa750b
mov dl, byte [ebp - 0x1c]
jmp short loc_fffa751a  ; jmp 0xfffa751a

loc_fffa750b:  ; not directly referenced
mov edi, dword [ebp - 0x2c]
lea edx, [ecx + ecx*8]
add edx, esi
mov dl, byte [edx + edi + 0x104a]

loc_fffa751a:  ; not directly referenced
and edx, 0x3f
movzx edi, al
and edx, 0x3f
shl edx, 9
or edx, ebx
movzx ebx, cl
cmp byte [ebp - 0x20], 2
jne short loc_fffa7536  ; jne 0xfffa7536
mov al, byte [ebp - 0x1c]
jmp short loc_fffa7542  ; jmp 0xfffa7542

loc_fffa7536:  ; not directly referenced
lea eax, [ebx + ebx*8]
add eax, esi
mov al, byte [eax + edi + 0x1026]

loc_fffa7542:  ; not directly referenced
and eax, 0x1f
and eax, 0x1f
mov dword [ebp - 0x24], eax
mov al, byte [ebp - 0x31]
shl dword [ebp - 0x24], 0xf
or dword [ebp - 0x24], edx
cmp byte [ebp - 0x20], 3
sete dl
or al, dl
je short loc_fffa7565  ; je 0xfffa7565
mov dl, byte [ebp - 0x1c]
jmp short loc_fffa7571  ; jmp 0xfffa7571

loc_fffa7565:  ; not directly referenced
lea ecx, [ecx + ecx*8]
add ecx, esi
mov dl, byte [ecx + edi + 0x106e]

loc_fffa7571:  ; not directly referenced
and edx, 0x3f
and edx, 0x3f
shl edx, 0x14
or edx, dword [ebp - 0x24]
cmp byte [ebp - 0x20], 4
jne short loc_fffa7588  ; jne 0xfffa7588
mov cl, byte [ebp - 0x1c]
jmp short loc_fffa758f  ; jmp 0xfffa758f

loc_fffa7588:  ; not directly referenced
mov cl, byte [esi + edi + 0x101d]

loc_fffa758f:  ; not directly referenced
mov edi, dword [ebp - 0x30]
and ecx, 0x3f
mov esi, dword [ebp - 0x2c]
shl ecx, 0x1a
or ecx, edx
mov eax, edi
shl eax, 6
mov edx, eax
mov eax, esi
add edx, ebx
shl eax, 7
add edx, eax
mov eax, dword [ebp - 0x28]
shl edx, 2
call fcn_fffae58c  ; call 0xfffae58c
sub esp, 0xc
mov eax, dword [ebp - 0x28]
push 0
mov edx, edi
push 1
xor ecx, ecx
push esi
push 0
push ebx
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa75da:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3658
cmp dl, 1
ja short loc_fffa7605  ; ja 0xfffa7605
cmp cl, 8
movzx edx, dl
jbe short loc_fffa75fb  ; jbe 0xfffa75fb
shl edx, 8
lea ebx, [edx + 0x3058]
jmp short loc_fffa7605  ; jmp 0xfffa7605

loc_fffa75fb:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x58]

loc_fffa7605:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa7617:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, 0x3654
cmp dl, 1
ja short loc_fffa7642  ; ja 0xfffa7642
cmp cl, 8
movzx edx, dl
jbe short loc_fffa7638  ; jbe 0xfffa7638
shl edx, 8
lea ebx, [edx + 0x3054]
jmp short loc_fffa7642  ; jmp 0xfffa7642

loc_fffa7638:  ; not directly referenced
shl edx, 8
shl ecx, 9
lea ebx, [edx + ecx + 0x54]

loc_fffa7642:  ; not directly referenced
cmp dword [eax + 0x188b], 1
lea edx, [ebx + 0xc]
cmove ebx, edx
mov eax, ebx
pop ebx
pop ebp
ret

fcn_fffa7654:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2443]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 2
lea edi, [eax + 0x3756]
jne short loc_fffa76d9  ; jne 0xfffa76d9
xor esi, esi

loc_fffa767d:  ; not directly referenced
xor ebx, ebx

loc_fffa767f:  ; not directly referenced
push edx
push 0
push 4
lea eax, [ebp - 0x20]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x5c]  ; ucall
mov ax, word [edi + ebx*2 + 0x126b]
mov ecx, ebx
mov edx, esi
mov word [ebp - 0x20], ax
mov ax, word [edi + ebx*2 + 0x1283]
inc ebx
mov word [ebp - 0x1e], ax
mov eax, dword [ebp + 8]
call fcn_fffa7617  ; call 0xfffa7617
mov ecx, dword [ebp - 0x20]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10
cmp ebx, 7
jne short loc_fffa767f  ; jne 0xfffa767f
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffa767d  ; jne 0xfffa767d
jmp near loc_fffa77aa  ; jmp 0xfffa77aa

loc_fffa76d9:  ; not directly referenced
mov dword [ebp - 0x38], edi
xor edi, edi

loc_fffa76de:  ; not directly referenced
mov dword [ebp - 0x2c], 0

loc_fffa76e5:  ; not directly referenced
mov ebx, dword [ebp - 0x2c]
xor edx, edx
mov al, bl
and eax, 1
movzx esi, al
lea ecx, [esi + 1]
mov byte [ebp - 0x31], al
push eax
mov eax, 8
div ecx
push 0
lea edx, [ebp - 0x20]
push eax
push edx
mov edx, dword [ebp - 0x30]
call dword [edx + 0x5c]  ; ucall
mov al, bl
mov ecx, ebx
shr al, 1
mov edx, edi
movzx ebx, al
mov byte [ebp - 0x32], al
imul ebx, ebx, 0x128
imul eax, esi, 0x18
add esi, 2
add ebx, eax
add ebx, dword [ebp - 0x38]
mov ax, word [ebx + 0x126b]
mov word [ebp - 0x20], ax
mov ax, word [ebx + 0x126d]
mov word [ebp - 0x1e], ax
mov eax, dword [ebp + 8]
call fcn_fffa7617  ; call 0xfffa7617
mov ecx, dword [ebp - 0x20]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov ax, word [ebx + 0x126f]
add esp, 0x10
cmp byte [ebp - 0x31], 0
mov word [ebp + esi*2 - 0x20], ax
je short loc_fffa778c  ; je 0xfffa778c
mov cl, byte [ebp - 0x32]
mov edx, edi
mov eax, dword [ebp + 8]
add ecx, 4
movzx ecx, cl
call fcn_fffa7617  ; call 0xfffa7617
mov ecx, dword [ebp - 0x1c]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa778c:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 4
jne loc_fffa76e5  ; jne 0xfffa76e5
inc edi
add dword [ebp - 0x38], 0x13c3
cmp edi, 2
jne loc_fffa76de  ; jne 0xfffa76de

loc_fffa77aa:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa77b4:
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov edx, 0x5e00
push ebx
mov ebx, eax
sub esp, 0x1c
mov eax, dword [ebp + 8]
mov esi, ecx
mov dword [ebp - 0x24], eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5e04
mov dword [ebp - 0x1c], eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, eax
mov dword [ebp - 0x20], eax
test edi, edi
je short loc_fffa780e  ; je 0xfffa780e
mov ecx, dword [ebp - 0x1c]
sub esp, 0xc
and edx, 0xf
push dword [ebx + 0x187b]
mov eax, ebx
shr ecx, 4
and ecx, 0xf
call fcn_fffaed31  ; call 0xfffaed31
add esp, 0x10
mov dword [edi], eax

loc_fffa780e:
test esi, esi
je short loc_fffa781a  ; je 0xfffa781a
mov al, byte [ebp - 0x20]
and eax, 0xf
mov byte [esi], al

loc_fffa781a:
mov esi, dword [ebp - 0x24]
test esi, esi
je short loc_fffa782c  ; je 0xfffa782c
mov eax, dword [ebp - 0x1c]
shr eax, 4
and eax, 0xf
mov dword [esi], eax

loc_fffa782c:
mov eax, dword [ebx + 0x187b]
mov ecx, dword [ebp - 0x1c]
mov edx, dword [ebp - 0x20]
mov dword [ebp + 8], eax
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
and edx, 0xf
pop edi
pop ebp
shr ecx, 4
and ecx, 0xf
jmp near fcn_fffaefe1  ; jmp 0xfffaefe1

fcn_fffa7852:  ; not directly referenced
push ebp
xor edx, edx
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
xor ebx, ebx
sub esp, 0x98
mov edi, dword [ebp + 8]
push 0
lea ecx, [ebp - 0x45]
mov eax, edi
call fcn_fffa77b4  ; call 0xfffa77b4
lea eax, [edi + 0x2407]
add esp, 0x10
mov dword [ebp - 0x58], 0
mov dword [ebp - 0x50], 0
mov dword [ebp - 0x68], 0
mov dword [ebp - 0x64], 0
mov dword [ebp - 0x80], 0
mov byte [ebp - 0x79], 0
mov dword [ebp - 0x94], eax

loc_fffa78a9:  ; not directly referenced
lea eax, [esi - 2]
cmp eax, 1
ja short loc_fffa78c7  ; ja 0xfffa78c7
cmp byte [edi + 0x3749], 0
je loc_fffa7d5e  ; je 0xfffa7d5e
mov dword [ebp - 0x70], 0
jmp short loc_fffa78e2  ; jmp 0xfffa78e2

loc_fffa78c7:  ; not directly referenced
mov dword [ebp - 0x70], 0
cmp esi, 1
jne short loc_fffa78e2  ; jne 0xfffa78e2
xor eax, eax
cmp dword [edi + 0x18a7], 1
sete al
mov dword [ebp - 0x70], eax

loc_fffa78e2:  ; not directly referenced
mov al, byte [ebp - 0x45]
lea ecx, [edi + esi*8 + 0x3756]
mov dword [ebp - 0x78], ecx
mov dword [ebp + esi*4 - 0x38], 0xffffffff
mov dword [ebp + esi*4 - 0x28], 0
mov byte [ebp - 0x7a], al
lea eax, [edi + 0x49bf]
mov dword [ebp - 0x88], eax
lea eax, [edi + 0x1973]
mov dword [ebp - 0x74], eax
imul eax, esi, 0x2e
mov dword [ebp - 0x60], 0x12
mov dword [ebp - 0x5c], 4
mov dword [ebp - 0x84], eax
imul eax, esi, 0x23
lea ecx, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x8c], ecx
mov dword [ebp - 0x90], eax

loc_fffa7948:  ; not directly referenced
mov eax, dword [ebp - 0x88]
mov ecx, dword [ebp - 0x74]
mov dword [ebp - 0x6c], 0
mov dword [ebp - 0x54], eax

loc_fffa795b:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp dword [eax - 0xf6], 2
jne loc_fffa7b33  ; jne 0xfffa7b33
mov ebx, dword [ebp - 0x84]
mov edx, dword [ebp - 0x78]
mov ebx, dword [eax + ebx - 0xf2]
mov eax, dword [ebp - 0x6c]
mov edx, dword [edx + eax + 0xc9]
mov dword [ebp - 0x64], edx
mov edx, dword [ebp - 0x78]
mov edx, dword [edx + eax + 0xcd]
mov dword [ebp - 0x68], edx
cmp esi, 1
je loc_fffa7a50  ; je 0xfffa7a50
jb loc_fffa7a77  ; jb 0xfffa7a77
cmp esi, 3
ja loc_fffa7a77  ; ja 0xfffa7a77
mov eax, dword [ebp - 0x54]
cmp esi, 2
mov al, byte [eax]
jne short loc_fffa79c7  ; jne 0xfffa79c7
test al, 1
jne short loc_fffa79d6  ; jne 0xfffa79d6
mov dword [ebp - 0x4c], 0
jmp near loc_fffa7b04  ; jmp 0xfffa7b04

loc_fffa79c7:  ; not directly referenced
mov dword [ebp - 0x4c], 0
test al, 2
je loc_fffa7b04  ; je 0xfffa7b04

loc_fffa79d6:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffa79fa  ; jne 0xfffa79fa
mov eax, dword [ebp - 0x90]
mov dword [ebp - 0x60], 0x12
mov dword [ebp - 0x5c], 4
add eax, ecx
jmp short loc_fffa7a10  ; jmp 0xfffa7a10

loc_fffa79fa:  ; not directly referenced
mov eax, dword [ebp - 0x8c]
mov dword [ebp - 0x60], 0x18
mov dword [ebp - 0x5c], 7
add eax, ecx

loc_fffa7a10:  ; not directly referenced
movzx edx, byte [eax + 2]
mov dword [ebp - 0x50], 0
mov dword [ebp - 0x58], edx
mov edx, dword [ebp - 0x54]
cmp byte [edx + 1], 0x13
jne short loc_fffa7a2e  ; jne 0xfffa7a2e
movsx edx, byte [eax + 0x1b]
mov dword [ebp - 0x50], edx

loc_fffa7a2e:  ; not directly referenced
mov ax, word [eax + 3]
and eax, 0x7fff
mov dword [ebp - 0x4c], eax
xor eax, eax
test ebx, ebx
je loc_fffa7af7  ; je 0xfffa7af7
mov eax, dword [ebp - 0x64]
imul eax, dword [ebp - 0x58]
jmp near loc_fffa7ae6  ; jmp 0xfffa7ae6

loc_fffa7a50:  ; not directly referenced
movzx edx, word [ecx + 0x24e]
test dx, dx
je short loc_fffa7a77  ; je 0xfffa7a77
mov eax, dword [ebp - 0x24]
mov dword [ebp - 0x4c], 0xffffffff
mov byte [ebp - 0x79], 1
cmp edx, eax
cmovae eax, edx
mov dword [ebp - 0x24], eax
jmp near loc_fffa7b04  ; jmp 0xfffa7b04

loc_fffa7a77:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffa7aad  ; jne 0xfffa7aad
movzx eax, byte [ecx + 0x58]
mov dword [ebp - 0x60], 0x12
mov dword [ebp - 0x5c], 4
mov dword [ebp - 0x58], eax
movsx eax, byte [ecx + 0x6b]
mov dword [ebp - 0x50], eax
mov ax, word [ecx + 0x56]
and eax, 0x7fff
mov dword [ebp - 0x4c], eax
jmp short loc_fffa7ad9  ; jmp 0xfffa7ad9

loc_fffa7aad:  ; not directly referenced
movzx eax, byte [ecx + 0x60]
mov dword [ebp - 0x60], 0x18
mov dword [ebp - 0x5c], 7
mov dword [ebp - 0x58], eax
movsx eax, byte [ecx + 0xc3]
mov dword [ebp - 0x50], eax
mov eax, dword [ecx + 0x5c]
mov dword [ebp - 0x4c], eax
and dword [ebp - 0x4c], 0x3ffff

loc_fffa7ad9:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffa7af7  ; je 0xfffa7af7
mov eax, dword [ebp - 0x58]
imul eax, dword [ebp - 0x64]

loc_fffa7ae6:  ; not directly referenced
lea edx, [ebx + eax - 1]
mov eax, dword [ebp - 0x68]
imul eax, dword [ebp - 0x50]
add eax, edx
xor edx, edx
div ebx

loc_fffa7af7:  ; not directly referenced
mov edx, dword [ebp + esi*4 - 0x28]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + esi*4 - 0x28], eax

loc_fffa7b04:  ; not directly referenced
cmp dword [edi + 0x1872], 0x535
jbe short loc_fffa7b1c  ; jbe 0xfffa7b1c
cmp dword [edi + 0x36d3], 0x535
ja short loc_fffa7b2c  ; ja 0xfffa7b2c

loc_fffa7b1c:  ; not directly referenced
cmp byte [ebp - 0x7a], 5
mov eax, 0xffff
cmova eax, dword [ebp - 0x4c]
mov dword [ebp - 0x4c], eax

loc_fffa7b2c:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
and dword [ebp + esi*4 - 0x38], eax

loc_fffa7b33:  ; not directly referenced
add dword [ebp - 0x6c], 0x20
add ecx, 0x277
add dword [ebp - 0x54], 0x128
cmp dword [ebp - 0x6c], 0x40
jne loc_fffa795b  ; jne 0xfffa795b
add dword [ebp - 0x74], 0x54a
mov eax, dword [ebp - 0x94]
add dword [ebp - 0x88], 0x13c3
add dword [ebp - 0x78], 0x13c3
cmp dword [ebp - 0x74], eax
jne loc_fffa7948  ; jne 0xfffa7948
cmp esi, 1
seta cl
test ebx, ebx
sete al
mov byte [ebp - 0x4c], cl
test cl, al
jne loc_fffa7d5c  ; jne 0xfffa7d5c
mov eax, dword [edi + 0x36e3]
lea ecx, [ebp - 0x44]
mov edx, ebx
mov byte [ebp + esi - 0x3c], 0
call fcn_fffaf08c  ; call 0xfffaf08c
cmp byte [ebp - 0x4c], 0
je short loc_fffa7be4  ; je 0xfffa7be4
cmp dword [edi + 0x36e3], 0
jne short loc_fffa7be4  ; jne 0xfffa7be4
cmp byte [edi + 0x247e], 0
je short loc_fffa7be4  ; je 0xfffa7be4
lea ecx, [ebp - 0x40]
mov edx, ebx
mov eax, 1
call fcn_fffaf08c  ; call 0xfffaf08c
mov eax, dword [ebp - 0x40]
cmp eax, dword [ebp - 0x44]
jle short loc_fffa7be4  ; jle 0xfffa7be4
mov dword [ebp - 0x44], eax
cmp dword [edi + 0x18a7], esi
jne short loc_fffa7be4  ; jne 0xfffa7be4
mov dword [edi + 0x36e3], 1

loc_fffa7be4:  ; not directly referenced
mov al, byte [ebp - 0x70]
mov byte [ebp - 0x4c], al
mov eax, dword [ebp - 0x64]
imul eax, dword [ebp - 0x58]
mov dword [ebp - 0x54], eax
mov eax, dword [ebp - 0x50]
imul eax, dword [ebp - 0x68]
mov dword [ebp - 0x6c], eax
mov eax, dword [ebp - 0x84]
add eax, edi
mov dword [ebp - 0x70], eax

loc_fffa7c09:  ; not directly referenced
cmp byte [ebp + esi - 0x3c], 0
jne loc_fffa7ccb  ; jne 0xfffa7ccb
mov edx, dword [ebp + esi*4 - 0x28]
cmp edx, dword [ebp - 0x60]
ja loc_fffa7ccb  ; ja 0xfffa7ccb
cmp byte [ebp - 0x4c], 0
jne short loc_fffa7c45  ; jne 0xfffa7c45
mov ecx, dword [ebp + esi*4 - 0x38]
mov eax, edx
sub eax, dword [ebp - 0x5c]
bt ecx, eax
jae loc_fffa7cc1  ; jae 0xfffa7cc1
mov eax, ebx
imul eax, edx
cmp eax, 0x1312d00
ja short loc_fffa7cc1  ; ja 0xfffa7cc1

loc_fffa7c45:  ; not directly referenced
mov byte [ebp + esi - 0x3c], 1
cmp esi, dword [edi + 0x18a7]
jne short loc_fffa7c5f  ; jne 0xfffa7c5f
mov dword [edi + 0x36df], ebx
mov dword [ebp - 0x80], 1

loc_fffa7c5f:  ; not directly referenced
mov eax, dword [ebp - 0x70]
xor ecx, ecx

loc_fffa7c64:  ; not directly referenced
cmp dword [edi + ecx + 0x48c9], 2
jne short loc_fffa7c88  ; jne 0xfffa7c88
mov word [eax + 0x48d3], dx
mov word [eax + 0x3760], dx
mov dword [eax + 0x48cd], ebx
mov dword [eax + 0x375a], ebx

loc_fffa7c88:  ; not directly referenced
cmp dword [edi + ecx + 0x49f1], 2
jne short loc_fffa7cac  ; jne 0xfffa7cac
mov word [eax + 0x49fb], dx
mov word [eax + 0x3760], dx
mov dword [eax + 0x49f5], ebx
mov dword [eax + 0x375a], ebx

loc_fffa7cac:  ; not directly referenced
add ecx, 0x13c3
add eax, 0x13c3
cmp ecx, 0x2786
jne short loc_fffa7c64  ; jne 0xfffa7c64
jmp short loc_fffa7ccb  ; jmp 0xfffa7ccb

loc_fffa7cc1:  ; not directly referenced
inc edx
mov dword [ebp + esi*4 - 0x28], edx
jmp near loc_fffa7c09  ; jmp 0xfffa7c09

loc_fffa7ccb:  ; not directly referenced
cmp byte [ebp + esi - 0x3c], 0
jne loc_fffa7d5e  ; jne 0xfffa7d5e
cmp byte [ebp - 0x4c], 0
je short loc_fffa7ceb  ; je 0xfffa7ceb
cmp byte [edi + 0x1876], 0
jne short loc_fffa7d5e  ; jne 0xfffa7d5e
cmp byte [ebp - 0x79], 1
je short loc_fffa7d5e  ; je 0xfffa7d5e

loc_fffa7ceb:  ; not directly referenced
mov eax, dword [ebp - 0x44]

loc_fffa7cee:  ; not directly referenced
dec eax
test eax, eax
jle short loc_fffa7d57  ; jle 0xfffa7d57
lea edx, [eax + eax*8]
mov dl, byte [edx + ref_fffd34b8]  ; mov dl, byte [edx - 0x2cb48]
cmp dl, 3
jne short loc_fffa7d33  ; jne 0xfffa7d33

loc_fffa7d01:  ; not directly referenced
mov dword [ebp - 0x44], eax
lea eax, [eax + eax*8]
mov ebx, dword [eax + ref_fffd34b0]  ; mov ebx, dword [eax - 0x2cb50]
lea ecx, [ebp - 0x44]
mov eax, dword [edi + 0x36e3]
mov edx, ebx
call fcn_fffaf08c  ; call 0xfffaf08c
xor eax, eax
test ebx, ebx
je short loc_fffa7d51  ; je 0xfffa7d51
mov eax, dword [ebp - 0x54]
xor edx, edx
lea eax, [ebx + eax - 1]
add eax, dword [ebp - 0x6c]
div ebx
jmp short loc_fffa7d51  ; jmp 0xfffa7d51

loc_fffa7d33:  ; not directly referenced
cmp dl, 1
jne short loc_fffa7d41  ; jne 0xfffa7d41
cmp dword [edi + 0x36e3], 0
jmp short loc_fffa7d4d  ; jmp 0xfffa7d4d

loc_fffa7d41:  ; not directly referenced
cmp dl, 2
jne short loc_fffa7cee  ; jne 0xfffa7cee
cmp dword [edi + 0x36e3], 1

loc_fffa7d4d:  ; not directly referenced
jne short loc_fffa7cee  ; jne 0xfffa7cee
jmp short loc_fffa7d01  ; jmp 0xfffa7d01

loc_fffa7d51:  ; not directly referenced
mov dword [ebp + esi*4 - 0x28], eax
jmp short loc_fffa7d8c  ; jmp 0xfffa7d8c

loc_fffa7d57:  ; not directly referenced
mov dword [ebp - 0x44], eax
jmp short loc_fffa7d8c  ; jmp 0xfffa7d8c

loc_fffa7d5c:  ; not directly referenced
xor ebx, ebx

loc_fffa7d5e:  ; not directly referenced
inc esi
cmp esi, 4
jne loc_fffa78a9  ; jne 0xfffa78a9
mov edx, dword [edi + 0x36df]
xor ecx, ecx
mov eax, dword [edi + 0x36e3]
call fcn_fffaf08c  ; call 0xfffaf08c
mov dword [edi + 0x36d7], eax
mov eax, dword [ebp - 0x80]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffa7d8c:  ; not directly referenced
cmp dword [ebp - 0x44], 0
jg loc_fffa7c09  ; jg 0xfffa7c09
jmp short loc_fffa7d5e  ; jmp 0xfffa7d5e

fcn_fffa7d98:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x14
cmp cl, 0x20
mov dword [ebp - 0x14], eax
mov al, byte [ebp + 8]
sete bl
cmp cl, 0x10
mov byte [ebp - 0xd], al
sete al
or bl, al
jne short loc_fffa7dce  ; jne 0xfffa7dce
cmp cl, 0x21
sete bl
cmp cl, 0x11
sete al
or bl, al
je loc_fffa7e62  ; je 0xfffa7e62

loc_fffa7dce:  ; not directly referenced
xor ebx, ebx
cmp cl, 0x21
ja short loc_fffa7ddc  ; ja 0xfffa7ddc
movzx ebx, byte [ecx + ref_fffd5f1c]  ; movzx ebx, byte [ecx - 0x2a0e4]

loc_fffa7ddc:  ; not directly referenced
cmp bl, 7
mov eax, 7
cmovbe eax, ebx
xor ebx, ebx
imul eax, eax, 0x240
lea edi, [edx + eax]
movzx eax, byte [ebp - 0xd]
imul eax, eax, 0x12
mov dword [ebp - 0x20], eax

loc_fffa7dfc:  ; not directly referenced
imul eax, ebx, 0x13c3
mov esi, dword [ebp - 0x14]
cmp dword [esi + eax + 0x3756], 2
je short loc_fffa7e17  ; je 0xfffa7e17

loc_fffa7e0f:  ; not directly referenced
inc ebx
cmp ebx, 2
je short loc_fffa7e62  ; je 0xfffa7e62
jmp short loc_fffa7dfc  ; jmp 0xfffa7dfc

loc_fffa7e17:  ; not directly referenced
lea eax, [ebx + ebx*8]
add eax, dword [ebp - 0x20]
mov byte [ebp - 0xd], 0
mov dword [ebp - 0x1c], eax

loc_fffa7e24:  ; not directly referenced
mov esi, dword [ebp - 0x14]
mov al, byte [ebp - 0xd]
cmp al, byte [esi + 0x2488]
jae short loc_fffa7e0f  ; jae 0xfffa7e0f
movzx ecx, byte [ebp - 0xd]
mov esi, 0xa
xor edx, edx
add ecx, dword [ebp - 0x1c]
inc byte [ebp - 0xd]
lea eax, [edi + ecx*8]
mov dword [ebp - 0x18], eax
imul eax, dword [edi + ecx*8], 0xf
div esi
xor edx, edx
mov dword [edi + ecx*8], eax
mov ecx, dword [ebp - 0x18]
imul eax, dword [ecx + 4], 0xf
div esi
mov dword [ecx + 4], eax
jmp short loc_fffa7e24  ; jmp 0xfffa7e24

loc_fffa7e62:  ; not directly referenced
add esp, 0x14
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7e6c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x28
mov bl, byte [ebp + 0xc]
mov dword [ebp - 0x24], eax
movzx eax, byte [ebp + 8]
mov byte [ebp - 0x1b], bl
cmp cl, 0xd
ja short loc_fffa7e9f  ; ja 0xfffa7e9f
cmp cl, 0xb
jae short loc_fffa7eba  ; jae 0xfffa7eba
cmp cl, 2
jbe short loc_fffa7eba  ; jbe 0xfffa7eba
lea ebx, [ecx - 4]
cmp bl, 1
ja loc_fffa7fd1  ; ja 0xfffa7fd1
jmp short loc_fffa7eba  ; jmp 0xfffa7eba

loc_fffa7e9f:  ; not directly referenced
cmp cl, 0x10
jb loc_fffa7fd1  ; jb 0xfffa7fd1
cmp cl, 0x11
jbe short loc_fffa7ec0  ; jbe 0xfffa7ec0
lea ebx, [ecx - 0x20]
cmp bl, 1
jbe short loc_fffa7ec0  ; jbe 0xfffa7ec0
jmp near loc_fffa7fd1  ; jmp 0xfffa7fd1

loc_fffa7eba:  ; not directly referenced
mov byte [ebp - 0x1a], 0xa
jmp short loc_fffa7ec4  ; jmp 0xfffa7ec4

loc_fffa7ec0:  ; not directly referenced
mov byte [ebp - 0x1a], 7

loc_fffa7ec4:  ; not directly referenced
xor ebx, ebx
cmp cl, 0x21
ja short loc_fffa7ed2  ; ja 0xfffa7ed2
movzx ebx, byte [ecx + ref_fffd5f1c]  ; movzx ebx, byte [ecx - 0x2a0e4]

loc_fffa7ed2:  ; not directly referenced
cmp bl, 7
mov ecx, 7
mov esi, dword [ebp - 0x24]
cmovbe ecx, ebx
imul ecx, ecx, 0x240
imul eax, eax, 0x12
add esi, 0x3756
mov dword [ebp - 0x14], esi
lea edi, [edx + ecx]
mov dword [ebp - 0x18], 0
mov dword [ebp - 0x34], eax

loc_fffa7eff:  ; not directly referenced
mov eax, dword [ebp - 0x14]
cmp dword [eax], 2
je short loc_fffa7f1e  ; je 0xfffa7f1e

loc_fffa7f07:  ; not directly referenced
inc dword [ebp - 0x18]
add dword [ebp - 0x14], 0x13c3
cmp dword [ebp - 0x18], 2
jne short loc_fffa7eff  ; jne 0xfffa7eff
xor eax, eax
jmp near loc_fffa7fd6  ; jmp 0xfffa7fd6

loc_fffa7f1e:  ; not directly referenced
imul eax, dword [ebp - 0x18], 9
mov esi, dword [ebp - 0x34]
mov byte [ebp - 0x19], 0
mov dword [ebp - 0x2c], eax
add esi, eax
movzx eax, byte [ebp - 0x1a]
mov dword [ebp - 0x28], esi
mov dword [ebp - 0x30], eax

loc_fffa7f38:  ; not directly referenced
mov edx, dword [ebp - 0x24]
mov al, byte [ebp - 0x19]
cmp al, byte [edx + 0x2488]
jae short loc_fffa7f07  ; jae 0xfffa7f07
movzx esi, al
mov edx, dword [ebp - 0x2c]
xor ecx, ecx
mov eax, dword [ebp - 0x28]
add edx, esi
add eax, esi
lea ebx, [edi + eax*8]
lea edx, [edi + edx*8]
mov dword [ebp - 0x10], ebx
mov ebx, eax
mov dword [ebp - 0x20], edx

loc_fffa7f63:  ; not directly referenced
mov eax, dword [ebp - 0x14]
mov edx, 1
shl edx, cl
and dl, byte [eax + 0xc4]
test byte [ebp - 0x1b], dl
je short loc_fffa7f9e  ; je 0xfffa7f9e
imul edx, ecx, 0x90
mov eax, dword [ebp - 0x20]
mov eax, dword [eax + edx]
cmp dword [edi + ebx*8], eax
jbe short loc_fffa7f8c  ; jbe 0xfffa7f8c
mov dword [edi + ebx*8], eax

loc_fffa7f8c:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + edx + 4]
mov eax, dword [ebp - 0x10]
cmp dword [eax + 4], edx
jbe short loc_fffa7f9e  ; jbe 0xfffa7f9e
mov dword [eax + 4], edx

loc_fffa7f9e:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffa7f63  ; jne 0xfffa7f63
add esi, dword [ebp - 0x28]
mov cl, 0xa
mov ebx, dword [ebp - 0x30]
xor edx, edx
inc byte [ebp - 0x19]
mov eax, dword [edi + esi*8]
imul eax, ebx
div ecx
xor edx, edx
mov dword [edi + esi*8], eax
mov esi, dword [ebp - 0x10]
mov eax, ebx
imul eax, dword [esi + 4]
div ecx
mov dword [esi + 4], eax
jmp near loc_fffa7f38  ; jmp 0xfffa7f38

loc_fffa7fd1:  ; not directly referenced
mov eax, 2

loc_fffa7fd6:  ; not directly referenced
add esp, 0x28
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa7fde:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x6c
movzx eax, byte [ebp + 8]
mov dword [ebp - 0x4c], edx
mov edx, dword [ebp + 0xc]
mov dword [ebp - 0x50], ecx
mov byte [ebp - 0x3c], 0xaa
mov byte [ebp - 0x3b], 0xc0
mov word [ebp - 0x58], dx
mov byte [ebp - 0x3a], 0xcc
mov byte [ebp - 0x39], 0xf0
mov dword [ebp - 0x54], 0
mov word [ebp - 0x6e], ax

loc_fffa8015:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov bx, word [ebp - 0x6e]
mov word [ebp - 0x68], ax
cmp ax, bx
jae loc_fffa819d  ; jae 0xfffa819d
mov eax, dword [ebp - 0x50]
xor ecx, ecx
or eax, dword [ebp - 0x4c]
mov dword [ebp - 0x6c], eax

loc_fffa8034:  ; not directly referenced
mov esi, 1
mov ebx, dword [ebp - 0x4c]
mov al, 1
shl esi, cl
test dword [ebp - 0x50], esi
setne dl
and ebx, esi
setne byte [ebp - 0x56]
test byte [ebp - 0x56], dl
jne short loc_fffa8067  ; jne 0xfffa8067
test ebx, ebx
sete bl
xor eax, eax
test bl, dl
jne short loc_fffa8067  ; jne 0xfffa8067
and esi, dword [ebp - 0x6c]
cmp esi, 1
sbb eax, eax
add eax, 3

loc_fffa8067:  ; not directly referenced
movzx eax, al
mov al, byte [ebp + eax - 0x3c]
mov byte [ebp + ecx - 0x38], al
inc ecx
cmp ecx, 0x20
jne short loc_fffa8034  ; jne 0xfffa8034
mov eax, dword [ebp - 0x68]
xor esi, esi
add eax, dword [ebp - 0x58]
mov word [ebp - 0x56], ax

loc_fffa8084:  ; not directly referenced
mov ecx, esi
mov eax, 1
shl eax, cl
xor ebx, ebx
mov dword [ebp - 0x68], eax
xor ecx, ecx
mov edx, 1

loc_fffa8099:  ; not directly referenced
mov al, byte [ebp - 0x68]
test byte [ebp + ecx - 0x38], al
je short loc_fffa80a8  ; je 0xfffa80a8
mov eax, edx
shl eax, cl
or ebx, eax

loc_fffa80a8:  ; not directly referenced
inc ecx
cmp ecx, 0x20
jne short loc_fffa8099  ; jne 0xfffa8099
cmp dword [edi + 0x3756], 2
lea eax, [esi + 0x10000]
mov dword [ebp - 0x68], eax
jne short loc_fffa8113  ; jne 0xfffa8113
mov ecx, ebx
mov edx, 0x42dc
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, ebx
mov edx, 0x42e0
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0x68]
mov edx, 0x42d4
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ax, word [ebp - 0x56]
mov ecx, 0xfff
mov edx, 0x42d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, edi
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8113:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
jne short loc_fffa816f  ; jne 0xfffa816f
mov ecx, ebx
mov edx, 0x46dc
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, ebx
mov edx, 0x46e0
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0x68]
mov edx, 0x46d4
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ax, word [ebp - 0x56]
mov ecx, 0xfff
mov edx, 0x46d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, edi
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa816f:  ; not directly referenced
inc esi
cmp esi, 8
jne loc_fffa8084  ; jne 0xfffa8084
mov ebx, dword [ebp - 0x50]
mov esi, dword [ebp - 0x4c]
add dword [ebp - 0x50], ebx
add dword [ebp - 0x4c], esi
mov eax, ebx
shr eax, 0x1f
or dword [ebp - 0x50], eax
mov eax, esi
shr eax, 0x1f
inc dword [ebp - 0x54]
or dword [ebp - 0x4c], eax
jmp near loc_fffa8015  ; jmp 0xfffa8015

loc_fffa819d:  ; not directly referenced
cmp dword [edi + 0x3756], 2
jne short loc_fffa81b4  ; jne 0xfffa81b4
xor ecx, ecx
mov edx, 0x42d4
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa81b4:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
jne short loc_fffa81cb  ; jne 0xfffa81cb
xor ecx, ecx
mov edx, 0x46d4
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa81cb:  ; not directly referenced
add esp, 0x6c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa81d3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
xor edi, edi
push esi
push ebx
mov ebx, eax
sub esp, 0x2c
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x2c], edx
mov dword [ebp - 0x30], ecx
mov word [ebp - 0x22], ax
movzx eax, byte [ebp + 8]
mov dword [ebp - 0x34], eax

loc_fffa81f4:  ; not directly referenced
mov dword [ebp - 0x20], 1
mov ecx, edi
mov esi, 0x46dc
shl dword [ebp - 0x20], cl

loc_fffa8205:  ; not directly referenced
lea eax, [esi*8 - 0x236e0]
xor ecx, ecx
mov dword [ebp - 0x28], eax
mov dword [ebp - 0x1c], 0

loc_fffa8218:  ; not directly referenced
mov eax, dword [ebp - 0x28]
add eax, ecx
cdq
idiv dword [ebp - 0x34]
mov eax, dword [ebp - 0x30]
movzx edx, dl
movzx eax, byte [eax + edx]
mov edx, dword [ebp - 0x2c]
movzx eax, byte [edx + eax]
test dword [ebp - 0x20], eax
je short loc_fffa8241  ; je 0xfffa8241
mov eax, 1
shl eax, cl
or dword [ebp - 0x1c], eax

loc_fffa8241:  ; not directly referenced
inc ecx
cmp ecx, 0x20
jne short loc_fffa8218  ; jne 0xfffa8218
cmp dword [ebx + 0x3756], 2
jne short loc_fffa8260  ; jne 0xfffa8260
mov ecx, dword [ebp - 0x1c]
lea edx, [esi - 0x400]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8260:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffa8275  ; jne 0xfffa8275
mov ecx, dword [ebp - 0x1c]
mov edx, esi
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8275:  ; not directly referenced
add esi, 4
cmp esi, 0x46e4
jne short loc_fffa8205  ; jne 0xfffa8205
cmp dword [ebx + 0x3756], 2
lea esi, [edi + 0x10000]
jne short loc_fffa82c5  ; jne 0xfffa82c5
mov ecx, esi
mov edx, 0x42d4
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ax, word [ebp - 0x22]
mov ecx, 0xfff
mov edx, 0x42d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, ebx
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa82c5:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffa8304  ; jne 0xfffa8304
mov ecx, esi
mov edx, 0x46d4
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ax, word [ebp - 0x22]
mov ecx, 0xfff
mov edx, 0x46d0
cmp ax, 0xfff
cmovbe ecx, eax
mov eax, ebx
and ecx, 0xfff
or ecx, 0x8000000
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8304:  ; not directly referenced
inc edi
cmp edi, 8
jne loc_fffa81f4  ; jne 0xfffa81f4
cmp dword [ebx + 0x3756], 2
jne short loc_fffa8325  ; jne 0xfffa8325
xor ecx, ecx
mov edx, 0x42d4
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8325:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffa8343  ; jne 0xfffa8343
add esp, 0x2c
mov eax, ebx
pop ebx
xor ecx, ecx
pop esi
mov edx, 0x46d4
pop edi
pop ebp
jmp near fcn_fffae58c  ; jmp 0xfffae58c

loc_fffa8343:  ; not directly referenced
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa834b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [eax + 0x2443]
cmp edx, 0x4a
ja short loc_fffa836a  ; ja 0xfffa836a
lea ebx, [edx + 1]
xor esi, esi
shr ebx, 1
jmp short loc_fffa83ab  ; jmp 0xfffa83ab

loc_fffa836a:  ; not directly referenced
mov edi, dword [eax + 0x18d1]
sub esp, 0xc
mov dword [ebp - 0x2c], edx
add edi, 0xf0
push edi
call dword [ebx + 0x20]  ; ucall
mov edx, dword [ebp - 0x2c]
add esp, 0x10
add edx, eax
mov esi, eax
mov dword [ebp - 0x1c], edx

loc_fffa838d:  ; not directly referenced
sub esp, 0xc
push edi
call dword [ebx + 0x20]  ; ucall
mov edx, dword [ebp - 0x1c]
add esp, 0x10
cmp edx, esi
ja short loc_fffa83a2  ; ja 0xfffa83a2
cmp eax, esi
jae short loc_fffa838d  ; jae 0xfffa838d

loc_fffa83a2:  ; not directly referenced
mov edx, dword [ebp - 0x1c]
cmp eax, edx
jae short loc_fffa83c1  ; jae 0xfffa83c1
jmp short loc_fffa838d  ; jmp 0xfffa838d

loc_fffa83ab:  ; not directly referenced
cmp esi, ebx
je short loc_fffa83c1  ; je 0xfffa83c1
mov edx, 0x4ce0
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
inc esi
mov dword [ebp - 0x1c], eax
jmp short loc_fffa83ab  ; jmp 0xfffa83ab

loc_fffa83c1:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa83c9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x20], edx
mov dword [ebp - 0x30], eax
mov byte [ebp - 0x31], al
mov eax, dword [edi + 0x5edc]
mov dword [ebp - 0x1c], eax
mov ebx, dword [eax + 0xc]
mov esi, dword [eax + 0x10]
cmp dl, 8
ja loc_fffa850b  ; ja 0xfffa850b
jmp dword [edx*4 + ref_fffd3308]  ; ujmp: jmp dword [edx*4 - 0x2ccf8]

loc_fffa83ff:  ; not directly referenced
and ecx, 0x1f
and ebx, 0xfff07bff
shl ecx, 0xf
jmp short loc_fffa8416  ; jmp 0xfffa8416

loc_fffa840d:  ; not directly referenced
and ecx, 0xf
and bh, 0x87
shl ecx, 0xb

loc_fffa8416:  ; not directly referenced
or ebx, ecx
jmp near loc_fffa850b  ; jmp 0xfffa850b

loc_fffa841d:  ; not directly referenced
and ecx, 0xf
and ebx, 0xf00fffff
mov eax, ecx
shl eax, 0x14
shl ecx, 0x18
or ebx, eax
jmp short loc_fffa8416  ; jmp 0xfffa8416

loc_fffa8432:  ; not directly referenced
shl ecx, 0x1c
and ebx, 0xfffffff
jmp short loc_fffa8416  ; jmp 0xfffa8416

loc_fffa843d:  ; not directly referenced
mov eax, ecx
and esi, 0xffffffe0
and eax, 0xf
and ecx, 0x10
jmp short loc_fffa8492  ; jmp 0xfffa8492

loc_fffa844a:  ; not directly referenced
mov eax, ecx
and esi, 0xfffffc1f
and eax, 0xf
mov edx, eax
shl edx, 5
shr ecx, 4
mov dword [ebp - 0x24], edx
and ecx, 1
or esi, dword [ebp - 0x24]
mov edx, ecx
shl edx, 9
shl eax, 0xa
or esi, edx
and esi, 0xffff83ff
shl ecx, 0xe
jmp short loc_fffa8492  ; jmp 0xfffa8492

loc_fffa847b:  ; not directly referenced
mov eax, ecx
and esi, 0xfff07fff
and eax, 0xf
shl ecx, 0xf
shl eax, 0xf
and ecx, 0x80000

loc_fffa8492:  ; not directly referenced
or esi, eax
or esi, ecx
jmp short loc_fffa850b  ; jmp 0xfffa850b

loc_fffa8498:  ; not directly referenced
and ecx, 1
and ebx, 0xfffffff7
lea eax, [ecx*8]
or ebx, eax
mov eax, dword [ebp - 0x1c]
shl ecx, 0x1a
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x38], ecx
add eax, 0x1c
mov dword [ebp - 0x2c], eax

loc_fffa84bd:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, 0xff
mov edx, dword [ebp - 0x28]
mov eax, dword [eax]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x38]
and dword [ebp - 0x24], 0xfbffffff
or dword [ebp - 0x24], eax
mov eax, edi
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebp - 0x24]
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
cmp byte [ebp - 0x31], 0
je short loc_fffa84fb  ; je 0xfffa84fb
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x24]
mov dword [eax], ecx

loc_fffa84fb:  ; not directly referenced
inc dword [ebp - 0x28]
add dword [ebp - 0x2c], 0xcc
cmp dword [ebp - 0x28], 2
jne short loc_fffa84bd  ; jne 0xfffa84bd

loc_fffa850b:  ; not directly referenced
mov ecx, ebx
mov edx, 0x3a14
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
mov edx, 0x3a18
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x30], 0
je short loc_fffa8536  ; je 0xfffa8536
mov eax, dword [ebp - 0x1c]
mov dword [eax + 0xc], ebx
mov dword [eax + 0x10], esi

loc_fffa8536:  ; not directly referenced
mov ecx, 0x115
mov edx, 0x5f08
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x78
mov eax, edi
call fcn_fffa834b  ; call 0xfffa834b
cmp byte [ebp - 0x20], 0
jne loc_fffa8620  ; jne 0xfffa8620
mov edx, 0x3a04
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
and eax, 0x3f
lea edx, [eax - 0x10]
cmp dl, 0x20
jbe loc_fffa8636  ; jbe 0xfffa8636
mov edx, ebx
and ebx, 0xfffffff7
or edx, 8
cmp al, 0xf
mov eax, dword [ebp - 0x1c]
cmovbe ebx, edx
mov dword [ebp - 0x20], 0
lea esi, [eax + 0x1c]
mov eax, ebx
shr eax, 3
and eax, 1
mov byte [ebp - 0x24], al
shl eax, 2
mov byte [ebp - 0x28], al

loc_fffa85a3:  ; not directly referenced
mov al, byte [esi + 3]
mov ecx, 0xff
add esi, 0xcc
mov edx, dword [ebp - 0x20]
and eax, 0xfffffffb
or eax, dword [ebp - 0x28]
mov byte [esi - 0xc9], al
mov eax, edi
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [esi - 0xcc]
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
inc dword [ebp - 0x20]
cmp dword [ebp - 0x20], 2
jne short loc_fffa85a3  ; jne 0xfffa85a3
mov ecx, ebx
mov eax, edi
mov edx, 0x3a14
call fcn_fffae58c  ; call 0xfffae58c
mov esi, dword [ebp - 0x1c]
mov ecx, 0x115
mov dl, byte [ebp - 0x24]
mov al, byte [esi + 0xc]
shl edx, 3
and eax, 0xfffffff7
or eax, edx
mov edx, 0x5f08
mov byte [esi + 0xc], al
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x78
mov eax, edi
call fcn_fffa834b  ; call 0xfffa834b
jmp short loc_fffa8636  ; jmp 0xfffa8636

loc_fffa8620:  ; not directly referenced
mov al, byte [ebp - 0x20]
dec eax
cmp al, 7
ja loc_fffa8702  ; ja 0xfffa8702
movzx eax, al
jmp dword [eax*4 + ref_fffd332c]  ; ujmp: jmp dword [eax*4 - 0x2ccd4]

loc_fffa8636:  ; not directly referenced
mov edx, 0x3a04
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov esi, eax
and esi, 0x3f
cmp dword [edi + 0x188b], 0
jne short loc_fffa8658  ; jne 0xfffa8658
shr eax, 9
and eax, 0x3f
jmp short loc_fffa865b  ; jmp 0xfffa865b

loc_fffa8658:  ; not directly referenced
shr eax, 0x1a

loc_fffa865b:  ; not directly referenced
mov edx, esi
and ebx, 0xfffffc0f
sub eax, edx
mov edx, 0x3a14
and eax, 0x3f
shl eax, 4
or ebx, eax
mov eax, edi
or bh, 4
mov ecx, ebx
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x30], 0
je short loc_fffa868a  ; je 0xfffa868a
mov eax, dword [ebp - 0x1c]
mov dword [eax + 0xc], ebx

loc_fffa868a:  ; not directly referenced
mov eax, esi
movzx esi, al
jmp short loc_fffa8704  ; jmp 0xfffa8704

loc_fffa8691:  ; not directly referenced
mov edx, 0x3a00
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov dl, al
and edx, 0x3f
cmp dword [edi + 0x188b], 0
jne short loc_fffa86b0  ; jne 0xfffa86b0
shr eax, 0x1a
jmp short loc_fffa86b3  ; jmp 0xfffa86b3

loc_fffa86b0:  ; not directly referenced
shr eax, 0x14

loc_fffa86b3:  ; not directly referenced
and eax, 0x1f
movzx edx, dl
cmp byte [ebp - 0x20], 1
movzx esi, al
cmove esi, edx
jmp short loc_fffa8704  ; jmp 0xfffa8704

loc_fffa86c5:  ; not directly referenced
mov edx, 0x3a08
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov esi, eax
and esi, 0x3f
shr eax, 0xc
cmp byte [ebp - 0x20], 2
jne short loc_fffa8704  ; jne 0xfffa8704
jmp short loc_fffa86fb  ; jmp 0xfffa86fb

loc_fffa86e1:  ; not directly referenced
mov edx, 0x3a10
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov esi, eax
and esi, 0x1f
cmp byte [ebp - 0x20], 4
jne short loc_fffa8704  ; jne 0xfffa8704
shr eax, 0xb

loc_fffa86fb:  ; not directly referenced
mov esi, eax
and esi, 0x3f
jmp short loc_fffa8704  ; jmp 0xfffa8704

loc_fffa8702:  ; not directly referenced
xor esi, esi

loc_fffa8704:  ; not directly referenced
add esp, 0x2c
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa870e:  ; not directly referenced
push ebp
mov ecx, 0x10200
mov ebp, esp
push ebx
mov ebx, eax
push edx
mov edx, 0x5060
call fcn_fffae58c  ; call 0xfffae58c
mov eax, ebx
mov edx, 0xf
pop ecx
pop ebx
pop ebp
jmp near fcn_fffa834b  ; jmp 0xfffa834b

fcn_fffa8733:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
mov eax, edx
shl eax, 0xa
add eax, 0x429c
push ebx
mov edx, eax
sub esp, 0x1c
mov dword [ebp - 0x1c], eax
mov eax, esi
mov dword [ebp - 0x20], ecx
imul edi, edi, 0x13c3
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x20]
mov ebx, eax
imul eax, ecx, 0x128
and ebx, 0xfffff8c0
lea eax, [eax + edi + 0x48b0]
lea edx, [esi + eax + 0x19]
cmp byte [edx + 0xcf], 1
jne short loc_fffa879d  ; jne 0xfffa879d
mov edi, ebx
mov eax, 1
shl eax, cl
and bl, 0x3f
shr edi, 6
or edi, eax
and edi, 3
shl edi, 6
or ebx, edi

loc_fffa879d:  ; not directly referenced
and byte [ebp + 8], 0x3f
or ebx, dword [ebp + 8]
cmp byte [edx + 0xce], 1
jne short loc_fffa87c6  ; jne 0xfffa87c6
mov edx, ebx
mov eax, 1
shl eax, cl
and bh, 0x3f
shr edx, 0xe
or edx, eax
and edx, 3
shl edx, 0xe
or ebx, edx

loc_fffa87c6:  ; not directly referenced
mov edx, dword [ebp - 0x1c]
mov ecx, ebx
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa87da:
mov eax, dword [0xff7d0270]
push ebp
mov ebp, esp
lea edx, [eax + 4]
mov eax, dword [ebp + 0xc]
mov dword [eax], edx
xor eax, eax
pop ebp
ret

fcn_fffa87ee:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x18a7]
mov esi, dword [ebx + 0x2443]
mov edi, dword [ebx + 0x18c1]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebx + 0x188b]
push 0xe4
push 0
push 0
push 0
mov dword [ebp - 0x30], eax
call dword [esi + 0x4c]  ; ucall
add edi, eax
mov dword [esp], edi
add edi, 4
call dword [esi + 0x20]  ; ucall
mov dword [esp], edi
mov dword [ebp - 0x1c], eax
call dword [esi + 0x20]  ; ucall
mov edx, dword [ebp - 0x1c]
mov edi, dword [ebx + 0x18c1]
mov dword [ebx + 0x10], edx
mov dword [ebx + 0x14], eax
push 0x54
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
mov edx, dword [ebp - 0x1c]
add esp, 0x10
movzx ecx, dh
test cl, 8
jne short loc_fffa8889  ; jne 0xfffa8889
test al, 0x10
je short loc_fffa8889  ; je 0xfffa8889
mov eax, dword [ebx + 0x188f]
mov dword [ebx + 0x246d], eax
mov eax, dword [ebx + 0x1893]
mov dword [ebx + 0x2471], eax
jmp short loc_fffa889d  ; jmp 0xfffa889d

loc_fffa8889:  ; not directly referenced
mov dword [ebx + 0x246d], 0
mov dword [ebx + 0x2471], 0

loc_fffa889d:  ; not directly referenced
mov eax, edx
shr eax, 0x13
and eax, 3
cmp eax, 1
je short loc_fffa88c6  ; je 0xfffa88c6
cmp eax, 2
je short loc_fffa88d2  ; je 0xfffa88d2
cmp eax, 1
sbb eax, eax
and eax, 0x3e00
add eax, 0x200
mov dword [ebx + 0x2484], eax
jmp short loc_fffa88dc  ; jmp 0xfffa88dc

loc_fffa88c6:  ; not directly referenced
mov dword [ebx + 0x2484], 0x2000
jmp short loc_fffa88dc  ; jmp 0xfffa88dc

loc_fffa88d2:  ; not directly referenced
mov dword [ebx + 0x2484], 0x800

loc_fffa88dc:  ; not directly referenced
mov eax, ecx
shl eax, 0x1b
mov dword [ebp - 0x20], eax
mov eax, ecx
shl eax, 0x19
sar dword [ebp - 0x20], 0x1f
add dword [ebp - 0x20], 2
mov dword [ebp - 0x1c], eax
sar dword [ebp - 0x1c], 0x1f
add dword [ebp - 0x1c], 2
cmp byte [ebx + 0x241f], 1
je short loc_fffa892b  ; je 0xfffa892b
mov eax, dword [ebx + 0x1887]
cmp eax, 0x306d0
sete cl
cmp eax, 0x40650
sete al
or cl, al
mov eax, 1
cmove eax, dword [ebp - 0x1c]
mov dword [ebp - 0x1c], eax
jmp short loc_fffa8932  ; jmp 0xfffa8932

loc_fffa892b:  ; not directly referenced
mov dword [ebp - 0x1c], 1

loc_fffa8932:  ; not directly referenced
mov eax, edx
shr eax, 0x10
and eax, 2
cmp al, 1
sbb eax, eax
mov dword [ebp - 0x24], eax
mov eax, edx
shr eax, 0x18
add word [ebp - 0x24], 2
and eax, 1
mov dword [ebp - 0x34], eax
je short loc_fffa8961  ; je 0xfffa8961
mov byte [ebx + 0x3748], 1
mov edi, 1
jmp short loc_fffa8979  ; jmp 0xfffa8979

loc_fffa8961:  ; not directly referenced
xor eax, eax
and edx, 0x2000000
jne short loc_fffa8977  ; jne 0xfffa8977
xor eax, eax
cmp byte [ebx + 0x3748], 0
setne al

loc_fffa8977:  ; not directly referenced
mov edi, eax

loc_fffa8979:  ; not directly referenced
imul esi, dword [ebp - 0x2c], 0x2e
lea eax, [ebx + 0x736b]
lea ecx, [ebx + 0x4be5]
mov dword [ebp - 0x28], eax

loc_fffa898c:  ; not directly referenced
cmp dword [ecx - 0x148f], 2
je short loc_fffa89d8  ; je 0xfffa89d8

loc_fffa8995:  ; not directly referenced
add ecx, 0x13c3
cmp ecx, dword [ebp - 0x28]
jne short loc_fffa898c  ; jne 0xfffa898c
cmp byte [ebx + 0x3748], 1
mov edi, 2
mov dword [ebx + 0x3711], 0
mov dword [ebp - 0x24], 0
sete al
xor esi, esi
add eax, 8
xor ecx, ecx
mov byte [ebx + 0x2488], al
lea eax, [ebx + 0x3812]
jmp near loc_fffa8ad1  ; jmp 0xfffa8ad1

loc_fffa89d8:  ; not directly referenced
cmp word [ebp - 0x24], 2
je short loc_fffa8a05  ; je 0xfffa8a05
cmp dword [ebx + 0x18a7], 0
jne short loc_fffa8a24  ; jne 0xfffa8a24
mov eax, dword [ebx + 0x36d7]
cmp eax, 0x74b
ja short loc_fffa8a05  ; ja 0xfffa8a05
cmp dword [ecx - 0x13cf], 1
jbe short loc_fffa8a24  ; jbe 0xfffa8a24
cmp eax, 0x534
jbe short loc_fffa8a24  ; jbe 0xfffa8a24

loc_fffa8a05:  ; not directly referenced
cmp word [ecx + esi - 0x1487], 2
mov eax, 2
cmovae ax, word [ecx + esi - 0x1487]
mov word [ecx + esi - 0x1487], ax

loc_fffa8a24:  ; not directly referenced
lea eax, [ecx - 0x250]

loc_fffa8a2a:  ; not directly referenced
cmp dword [eax - 0xcc], 2
jne short loc_fffa8a81  ; jne 0xfffa8a81
mov dx, word [ecx + esi - 0x1487]
mov word [eax + esi - 0xc4], dx
cmp edi, 1
jne short loc_fffa8a70  ; jne 0xfffa8a70
mov dl, byte [eax]
test dl, dl
jne short loc_fffa8a60  ; jne 0xfffa8a60
cmp dword [ebp - 0x34], 1
jne short loc_fffa8a73  ; jne 0xfffa8a73
mov dword [eax - 0xcc], 1
jmp short loc_fffa8a81  ; jmp 0xfffa8a81

loc_fffa8a60:  ; not directly referenced
dec dl
jne short loc_fffa8a73  ; jne 0xfffa8a73
mov byte [eax], 1
mov dword [eax + 0x11], 9
jmp short loc_fffa8a81  ; jmp 0xfffa8a81

loc_fffa8a70:  ; not directly referenced
mov byte [eax], 0

loc_fffa8a73:  ; not directly referenced
mov dword [eax + 0x11], 8
mov byte [ebx + 0x3748], 0

loc_fffa8a81:  ; not directly referenced
add eax, 0x128
cmp eax, ecx
jne short loc_fffa8a2a  ; jne 0xfffa8a2a
jmp near loc_fffa8995  ; jmp 0xfffa8995

loc_fffa8a8f:  ; not directly referenced
xor edx, edx
cmp dword [eax + 0x10b7], 2
jne short loc_fffa8aa0  ; jne 0xfffa8aa0
mov edx, dword [eax + 0x1198]

loc_fffa8aa0:  ; not directly referenced
cmp dword [eax + 0x11df], 2
jne short loc_fffa8aaf  ; jne 0xfffa8aaf
add edx, dword [eax + 0x12c0]

loc_fffa8aaf:  ; not directly referenced
mov dword [eax], edx
cmp edx, dword [ebp - 0x24]
jbe short loc_fffa8adc  ; jbe 0xfffa8adc
mov edi, dword [eax + 4]
mov ecx, esi
mov dword [ebp - 0x24], edx

loc_fffa8abe:  ; not directly referenced
mov edx, dword [eax]
inc esi
add eax, 0x13c3
add dword [ebx + 0x3711], edx
cmp esi, 2
je short loc_fffa8af9  ; je 0xfffa8af9

loc_fffa8ad1:  ; not directly referenced
cmp dword [eax - 0xbc], 2
jne short loc_fffa8abe  ; jne 0xfffa8abe
jmp short loc_fffa8a8f  ; jmp 0xfffa8a8f

loc_fffa8adc:  ; not directly referenced
sete byte [ebp - 0x28]
cmp dword [ebp - 0x1c], 1
sete dl
test byte [ebp - 0x28], dl
je short loc_fffa8abe  ; je 0xfffa8abe
mov edx, dword [eax + 4]
cmp edx, edi
jae short loc_fffa8abe  ; jae 0xfffa8abe
mov edi, edx
mov ecx, esi
jmp short loc_fffa8abe  ; jmp 0xfffa8abe

loc_fffa8af9:  ; not directly referenced
cmp dword [ebp - 0x20], 1
je short loc_fffa8b0b  ; je 0xfffa8b0b

loc_fffa8aff:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne loc_fffa8b9b  ; jne 0xfffa8b9b
jmp short loc_fffa8b83  ; jmp 0xfffa8b83

loc_fffa8b0b:  ; not directly referenced
lea eax, [ebx + 0x3756]
xor edx, edx

loc_fffa8b13:  ; not directly referenced
mov esi, dword [eax]
cmp edx, ecx
je short loc_fffa8b73  ; je 0xfffa8b73
cmp esi, 2
jne short loc_fffa8b73  ; jne 0xfffa8b73
cmp dword [eax + 0x1173], 2
mov dword [eax], 1
mov byte [eax + 0xc4], 0
jne short loc_fffa8b4f  ; jne 0xfffa8b4f
mov dword [eax + 0x1173], 1
mov byte [eax + 0x1260], 0
mov dword [eax + 0x1254], 0

loc_fffa8b4f:  ; not directly referenced
cmp dword [eax + 0x129b], 2
jne short loc_fffa8b73  ; jne 0xfffa8b73
mov dword [eax + 0x129b], 1
mov byte [eax + 0x1388], 0
mov dword [eax + 0x137c], 0

loc_fffa8b73:  ; not directly referenced
inc edx
add eax, 0x13c3
cmp edx, 2
jne short loc_fffa8b13  ; jne 0xfffa8b13
jmp near loc_fffa8aff  ; jmp 0xfffa8aff

loc_fffa8b83:  ; not directly referenced
xor eax, eax

loc_fffa8b85:  ; not directly referenced
cmp dword [ebx + eax + 0x3756], 2
je short loc_fffa8ba9  ; je 0xfffa8ba9

loc_fffa8b8f:  ; not directly referenced
add eax, 0x13c3
cmp eax, 0x2786
jne short loc_fffa8b85  ; jne 0xfffa8b85

loc_fffa8b9b:  ; not directly referenced
cmp byte [ebx + 0x190d], 0
jne short loc_fffa8bde  ; jne 0xfffa8bde
jmp near loc_fffa8c91  ; jmp 0xfffa8c91

loc_fffa8ba9:  ; not directly referenced
mov edx, dword [ebx + eax + 0x48c9]
xor ecx, ecx
cmp edx, 2
jne short loc_fffa8bbe  ; jne 0xfffa8bbe
mov ecx, dword [ebx + eax + 0x49aa]

loc_fffa8bbe:  ; not directly referenced
cmp dword [ebx + eax + 0x49f1], 2
jne short loc_fffa8b8f  ; jne 0xfffa8b8f
cmp dword [ebx + eax + 0x4ad2], ecx
ja short loc_fffa8c13  ; ja 0xfffa8c13
mov dword [ebx + eax + 0x49f1], 1
jmp short loc_fffa8b8f  ; jmp 0xfffa8b8f

loc_fffa8bde:  ; not directly referenced
mov eax, dword [ebx + 0x190e]
mov dword [ebx + 0x36cb], eax
test eax, eax
jne short loc_fffa8c2c  ; jne 0xfffa8c2c
cmp dword [ebp - 0x30], 0
jne short loc_fffa8bfe  ; jne 0xfffa8bfe
mov dword [ebx + 0x36cb], 1

loc_fffa8bfe:  ; not directly referenced
cmp byte [ebx + 0x36ca], 0
jne short loc_fffa8c2c  ; jne 0xfffa8c2c
mov dword [ebx + 0x36cb], 1
jmp short loc_fffa8c2c  ; jmp 0xfffa8c2c

loc_fffa8c13:  ; not directly referenced
cmp edx, 2
jne loc_fffa8b8f  ; jne 0xfffa8b8f
mov dword [ebx + eax + 0x48c9], 1
jmp near loc_fffa8b8f  ; jmp 0xfffa8b8f

loc_fffa8c2c:  ; not directly referenced
cmp dword [ebx + 0x36cb], 1
jne short loc_fffa8c91  ; jne 0xfffa8c91
cmp dword [ebx + 0x374e], 2
mov byte [ebx + 0x247f], 1
jne short loc_fffa8c91  ; jne 0xfffa8c91
lea eax, [ebx + 0x3756]
lea edx, [ebx + 0x5edc]

loc_fffa8c51:  ; not directly referenced
cmp dword [eax], 2
jne short loc_fffa8c88  ; jne 0xfffa8c88
cmp dword [eax + 0x1173], 2
jne short loc_fffa8c6f  ; jne 0xfffa8c6f
cmp byte [eax + 0x1243], 0
jne short loc_fffa8c6f  ; jne 0xfffa8c6f
mov byte [ebx + 0x247f], 0

loc_fffa8c6f:  ; not directly referenced
cmp dword [eax + 0x129b], 2
jne short loc_fffa8c88  ; jne 0xfffa8c88
cmp byte [eax + 0x136b], 0
jne short loc_fffa8c88  ; jne 0xfffa8c88
mov byte [ebx + 0x247f], 0

loc_fffa8c88:  ; not directly referenced
add eax, 0x13c3
cmp eax, edx
jne short loc_fffa8c51  ; jne 0xfffa8c51

loc_fffa8c91:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa8c9b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x2480]
cmp byte [ebx + 0x192b], 0
mov dword [ebp - 0x1c], eax
je short loc_fffa8ceb  ; je 0xfffa8ceb
movzx ecx, byte [ebx + 0x192c]
mov edx, 0x5884
mov eax, ebx
and ecx, 7
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x192e]
xor ecx, ecx
mov cl, byte [ebx + 0x192d]
mov edx, 0x5888
mov ch, al
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8ceb:  ; not directly referenced
movzx ecx, byte [ebx + 0x1935]
movzx edx, byte [ebx + 0x1936]
movzx eax, byte [ebx + 0x1937]
movzx esi, byte [ebx + 0x192f]
and ecx, 3
and edx, 0x1f
shl edx, 0x11
and eax, 1
shl ecx, 0x16
or ecx, edx
movzx edx, word [ebx + 0x1938]
shl eax, 0xf
or ecx, eax
movzx eax, byte [ebx + 0x1930]
shl esi, 0x1f
and edx, 0x7fff
or ecx, edx
movzx edx, byte [ebx + 0x1931]
and eax, 3
shl eax, 0x16
or esi, eax
movzx eax, byte [ebx + 0x1932]
and edx, 0x1f
shl edx, 0x11
or esi, edx
movzx edx, word [ebx + 0x1933]
and eax, 1
shl eax, 0xf
or esi, eax
mov eax, ebx
and edx, 0x7fff
or esi, edx
mov edx, 0x58e0
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
mov edx, 0x58e4
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x193b]
xor ecx, ecx
mov edx, 0x5890
mov ch, al
mov cl, byte [ebx + 0x193a]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x193d]
xor ecx, ecx
mov edx, 0x5894
mov ch, al
mov cl, byte [ebx + 0x193c]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x193f]
xor ecx, ecx
mov edx, 0x5898
mov ch, al
mov cl, byte [ebx + 0x193e]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x1941]
xor ecx, ecx
mov edx, 0x589c
mov ch, al
mov cl, byte [ebx + 0x1940]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x1943]
xor ecx, ecx
mov edx, 0x58d0
mov ch, al
mov cl, byte [ebx + 0x1942]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x1945]
xor ecx, ecx
mov edx, 0x58d4
xor esi, esi
mov ch, al
mov cl, byte [ebx + 0x1944]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x1947]
xor ecx, ecx
mov edx, 0x58d8
mov ch, al
mov cl, byte [ebx + 0x1946]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + 0x1949]
xor ecx, ecx
mov edx, 0x58dc
mov ch, al
mov cl, byte [ebx + 0x1948]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8e67:  ; not directly referenced
imul eax, esi, 0x13c3
cmp dword [ebx + eax + 0x3756], 2
jne loc_fffa8f7a  ; jne 0xfffa8f7a
cmp byte [ebx + 0x192b], 0
je loc_fffa8f3a  ; je 0xfffa8f3a
movzx ecx, byte [ebx + esi*2 + 0x194b]
mov edi, esi
movzx eax, byte [ebx + esi*2 + 0x194a]
shl edi, 0xa
lea edx, [edi + 0x42ec]
and ecx, 0x3f
and eax, 0x3f
shl ecx, 8
or ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
movzx ecx, byte [ebx + esi*2 + 0x194f]
lea edx, [edi + 0x42f0]
movzx eax, byte [ebx + esi*2 + 0x194e]
and ecx, 0x3f
and eax, 0x3f
shl ecx, 8
or ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + esi*2 + 0x1953]
xor ecx, ecx
lea edx, [edi + 0x42f4]
mov ch, al
mov cl, byte [ebx + esi*2 + 0x1952]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + esi*2 + 0x1957]
xor ecx, ecx
lea edx, [edi + 0x42f8]
mov ch, al
mov cl, byte [ebx + esi*2 + 0x1956]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebx + esi*2 + 0x195b]
xor ecx, ecx
lea edx, [edi + 0x42fc]
mov ch, al
mov cl, byte [ebx + esi*2 + 0x195a]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8f3a:  ; not directly referenced
cmp dword [ebp - 0x1c], 3
jne short loc_fffa8f55  ; jne 0xfffa8f55
movzx ecx, byte [ebx + 0x1963]
and ecx, 1
shl ecx, 8
mov cl, byte [ebx + 0x1964]
jmp short loc_fffa8f68  ; jmp 0xfffa8f68

loc_fffa8f55:  ; not directly referenced
movzx ecx, byte [ebx + 0x1961]
and ecx, 1
shl ecx, 8
mov cl, byte [ebx + 0x1962]

loc_fffa8f68:  ; not directly referenced
mov edx, esi
mov eax, ebx
shl edx, 0xa
add edx, 0x4328
call fcn_fffae58c  ; call 0xfffae58c

loc_fffa8f7a:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffa8e67  ; jne 0xfffa8e67
movzx ecx, byte [ebx + 0x195e]
mov edx, 0x5060
mov eax, ebx
and ecx, 1
shl ecx, 0x10
mov cx, word [ebx + 0x195f]
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x5880
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
movzx ecx, byte [ebx + 0x1925]
movzx edx, byte [ebx + 0x1924]
and ecx, 1
and edx, 1
and eax, 0xfffffffc
add edx, edx
or eax, ecx
movzx ecx, byte [ebx + 0x1928]
or eax, edx
movzx edx, byte [ebx + 0x1923]
and eax, 0xffffffe3
and ecx, 3
and edx, 1
shl edx, 4
shl ecx, 2
or eax, edx
or eax, ecx
cmp dword [ebp - 0x1c], 3
jne short loc_fffa902d  ; jne 0xfffa902d
movzx edx, byte [ebx + 0x1927]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
cmp byte [ebx + 0x190d], 0
mov ecx, eax
je short loc_fffa901a  ; je 0xfffa901a
cmp dword [ebx + 0x36cb], 1
je short loc_fffa9041  ; je 0xfffa9041

loc_fffa901a:  ; not directly referenced
xor edx, edx
cmp byte [ebx + 0x1929], 0
sete dl
and al, 0x7f
shl edx, 7
jmp short loc_fffa903d  ; jmp 0xfffa903d

loc_fffa902d:  ; not directly referenced
movzx edx, byte [ebx + 0x1926]
and eax, 0xffffffbf
and edx, 1
shl edx, 6

loc_fffa903d:  ; not directly referenced
mov ecx, eax
or ecx, edx

loc_fffa9041:  ; not directly referenced
add esp, 0x1c
mov eax, ebx
pop ebx
mov edx, 0x5880
pop esi
pop edi
pop ebp
jmp near fcn_fffae58c  ; jmp 0xfffae58c

fcn_fffa9054:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
movzx esi, dl
push ebx
sub esp, 0x2c
mov bl, byte [ebp + 0xc]
mov dword [ebp - 0x20], eax
imul eax, esi, 0x13c3
mov dword [ebp - 0x24], esi
mov byte [ebp - 0x19], 0
mov byte [ebp - 0x1a], bl
mov bl, byte [ebp + 0x10]
lea eax, [edi + eax + 0x3756]
mov dword [ebp - 0x28], eax
lea eax, [ecx + ecx*8]
mov dword [ebp - 0x2c], ecx
mov byte [ebp - 0x31], bl
mov dword [ebp - 0x30], eax

loc_fffa9091:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov al, byte [ebp - 0x19]
cmp al, byte [edi + 0x2488]
jae loc_fffa9170  ; jae 0xfffa9170
mov al, byte [ebp - 0x19]
mov esi, dword [ebp + 8]
movzx edi, al
bt esi, eax
jae loc_fffa9168  ; jae 0xfffa9168
mov eax, dword [ebp - 0x30]
lea ebx, [edi + eax]
movsx ax, byte [ebp - 0x1a]
add ebx, ebx
add ebx, dword [ebp - 0x28]
mov word [ebp - 0x1c], ax
add ax, word [ebx + 0x1b1]
js short loc_fffa90e0  ; js 0xfffa90e0
mov esi, 0x1ff
cmp ax, 0x1ff
cmovbe esi, eax
jmp short loc_fffa90e2  ; jmp 0xfffa90e2

loc_fffa90e0:  ; not directly referenced
xor esi, esi

loc_fffa90e2:  ; not directly referenced
push eax
movzx eax, si
mov ecx, dword [ebp - 0x2c]
push eax
mov edx, dword [ebp - 0x24]
mov eax, dword [ebp - 0x20]
push 0
push edi
call fcn_fffa7499  ; call 0xfffa7499
mov eax, dword [ebp - 0x28]
add esp, 0xc
add eax, dword [ebp - 0x30]
mov ecx, dword [ebp - 0x1c]
movzx eax, byte [edi + eax + 0x24d]
mov edx, ecx
add dx, word [ebx + 0x121]
add cx, word [ebx + 0x169]
and eax, 0x3f
shl eax, 0x14
and edx, 0x1ff
shl edx, 9
and ecx, 0x1ff
or eax, edx
mov edx, dword [ebp - 0x24]
or eax, ecx
mov ecx, dword [ebp - 0x2c]
push eax
mov eax, dword [ebp - 0x20]
push 3
push edi
call fcn_fffa73b0  ; call 0xfffa73b0
add esp, 0x10
cmp byte [ebp - 0x31], 0
je short loc_fffa9168  ; je 0xfffa9168
mov eax, dword [ebp - 0x1c]
add word [ebx + 0x121], ax
add word [ebx + 0x169], ax
mov word [ebx + 0x1b1], si

loc_fffa9168:  ; not directly referenced
inc byte [ebp - 0x19]
jmp near loc_fffa9091  ; jmp 0xfffa9091

loc_fffa9170:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa9178:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 8]
mov ebx, dword [ebp + 0x18]
mov edx, dword [ebp + 0x10]
mov edi, eax
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp + 0x1c]
mov byte [ebp - 0x26], bl
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0x20]
mov esi, eax
mov dword [ebp - 0x30], eax
mov al, byte [ebp + 0x14]
mov byte [ebp - 0x34], al
mov eax, esi
mov byte [ebp - 0x25], al
movzx eax, byte [ebp + 0xc]
mov dword [ebp - 0x20], eax
imul eax, eax, 0x13c3
cmp dword [edi + 0x2480], 3
sete cl
lea esi, [edi + eax + 0x3756]
mov dword [ebp - 0x2c], ecx
test dl, dl
je short loc_fffa9227  ; je 0xfffa9227
mov ecx, dword [ebp - 0x24]
mov edi, 0x7f
cmp ecx, 0x7f
cmovg ecx, edi
xor eax, eax
test ecx, ecx
cmovns eax, ecx
cmp dl, 2
je loc_fffa93cd  ; je 0xfffa93cd
ja short loc_fffa91ff  ; ja 0xfffa91ff
dec dl
je loc_fffa938c  ; je 0xfffa938c
jmp near loc_fffa95bb  ; jmp 0xfffa95bb

loc_fffa91ff:  ; not directly referenced
cmp dl, 3
je loc_fffa946a  ; je 0xfffa946a
cmp dl, 4
jne loc_fffa95bb  ; jne 0xfffa95bb
cmp eax, 0x7f
cmovg eax, edi
movzx edi, byte [ebp - 0x34]
xor edx, edx
xor ebx, ebx
mov dword [ebp - 0x24], edi
jmp near loc_fffa94ce  ; jmp 0xfffa94ce

loc_fffa9227:  ; not directly referenced
cmp dword [ebp - 0x2c], 0
je loc_fffa92fa  ; je 0xfffa92fa
mov ecx, dword [ebp - 0x1c]
xor ebx, ebx
xor edi, edi
imul edx, dword [ebp - 0x20], 0x54a
add eax, ecx
add edx, ecx
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x3c], eax

loc_fffa9249:  ; not directly referenced
movzx edx, byte [ebp - 0x26]
imul eax, ebx, 7
bt edx, ebx
mov dword [ebp - 0x2c], eax
movzx eax, byte [esi + ebx + 0x241]
jae loc_fffa92e7  ; jae 0xfffa92e7
add eax, dword [ebp - 0x24]
mov ecx, 0x80
cdq
idiv ecx
test dl, dl
lea eax, [edx - 0x80]
cmovns eax, edx
cmp byte [ebp - 0x25], 0
je short loc_fffa9284  ; je 0xfffa9284
mov byte [esi + ebx + 0x241], al

loc_fffa9284:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
movsx eax, al
mov dword [ebp - 0x2c], 0
shl eax, cl
add edi, eax
mov eax, dword [ebp - 0x34]
movzx eax, byte [eax + ebx + 0x1ea9]
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x25]
mov dword [ebp - 0x38], eax

loc_fffa92aa:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x3c]
test byte [ecx + 0x381a], al
je short loc_fffa92dc  ; je 0xfffa92dc
movsx eax, byte [ebp - 0x24]
push edx
mov ecx, dword [ebp - 0x2c]
push dword [ebp - 0x38]
mov edx, dword [ebp - 0x20]
push eax
mov eax, dword [ebp - 0x1c]
push dword [ebp - 0x30]
call fcn_fffa9054  ; call 0xfffa9054
add esp, 0x10

loc_fffa92dc:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 4
jne short loc_fffa92aa  ; jne 0xfffa92aa
jmp short loc_fffa92ee  ; jmp 0xfffa92ee

loc_fffa92e7:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
shl eax, cl
add edi, eax

loc_fffa92ee:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffa9249  ; jne 0xfffa9249
jmp short loc_fffa9379  ; jmp 0xfffa9379

loc_fffa92fa:  ; not directly referenced
movzx eax, byte [ebp - 0x34]
xor ebx, ebx
xor edi, edi
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x25]
mov dword [ebp - 0x34], eax

loc_fffa930c:  ; not directly referenced
mov edx, dword [ebp - 0x30]
imul eax, ebx, 7
bt edx, ebx
mov dword [ebp - 0x2c], eax
movzx eax, byte [esi + ebx + 0x241]
jae short loc_fffa936c  ; jae 0xfffa936c
add eax, dword [ebp - 0x24]
mov ecx, 0x80
cdq
idiv ecx
test dl, dl
lea eax, [edx - 0x80]
cmovns eax, edx
cmp byte [ebp - 0x25], 0
je short loc_fffa9342  ; je 0xfffa9342
mov byte [esi + ebx + 0x241], al

loc_fffa9342:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
movsx eax, al
mov edx, dword [ebp - 0x20]
shl eax, cl
mov ecx, ebx
add edi, eax
push eax
movsx eax, byte [ebp - 0x24]
push dword [ebp - 0x34]
push eax
mov eax, dword [ebp - 0x1c]
push 0x1ff
call fcn_fffa9054  ; call 0xfffa9054
add esp, 0x10
jmp short loc_fffa9373  ; jmp 0xfffa9373

loc_fffa936c:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
shl eax, cl
add edi, eax

loc_fffa9373:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffa930c  ; jne 0xfffa930c

loc_fffa9379:  ; not directly referenced
mov edx, dword [ebp - 0x20]
mov ecx, edi
shl edx, 8
add edx, 0x180c
jmp near loc_fffa95ac  ; jmp 0xfffa95ac

loc_fffa938c:  ; not directly referenced
cmp eax, 0x7f
mov edx, dword [ebp - 0x20]
cmovle edi, eax
mov eax, edi
and eax, 0x7f
mov ecx, eax
shl ecx, 7
or ecx, eax
mov eax, dword [ebp - 0x1c]
shl edx, 8
add edx, 0x1408
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x30], 0
je loc_fffa95bb  ; je 0xfffa95bb
mov dword [esi + 0x119], edi
mov dword [esi + 0x11d], edi
jmp near loc_fffa95bb  ; jmp 0xfffa95bb

loc_fffa93cd:  ; not directly referenced
cmp eax, 0x7f
cmovle edi, eax
cmp dword [ebp - 0x2c], 0
je short loc_fffa940d  ; je 0xfffa940d
mov eax, edi
test bl, 1
jne short loc_fffa93e6  ; jne 0xfffa93e6
mov al, byte [esi + 0x111]

loc_fffa93e6:  ; not directly referenced
and eax, 0x7f
and eax, 0x7f
and bl, 2
jne short loc_fffa93f8  ; jne 0xfffa93f8
movzx edi, byte [esi + 0x115]

loc_fffa93f8:  ; not directly referenced
and edi, 0x7f
mov ebx, edi
and ebx, 0x7f
shl ebx, 7
or ebx, eax
cmp byte [ebp - 0x30], 0
jne short loc_fffa9441  ; jne 0xfffa9441
jmp short loc_fffa9457  ; jmp 0xfffa9457

loc_fffa940d:  ; not directly referenced
mov eax, edi
mov edx, dword [ebp - 0x20]
and eax, 0x7f
mov ebx, eax
shl ebx, 7
or ebx, eax
mov eax, dword [ebp - 0x1c]
shl edx, 8
mov ecx, ebx
add edx, 0x1208
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x30], 0
je short loc_fffa9457  ; je 0xfffa9457
mov dword [esi + 0x109], edi
mov dword [esi + 0x10d], edi

loc_fffa9441:  ; not directly referenced
mov eax, ebx
and eax, 0x7f
mov dword [esi + 0x111], eax
mov eax, ebx
shr eax, 7
mov dword [esi + 0x115], eax

loc_fffa9457:  ; not directly referenced
mov edx, dword [ebp - 0x20]
mov ecx, ebx
shl edx, 8
add edx, 0x1a08
jmp near loc_fffa95ac  ; jmp 0xfffa95ac

loc_fffa946a:  ; not directly referenced
cmp eax, 0x7f
mov edx, dword [ebp - 0x20]
cmovle edi, eax
mov eax, edi
and eax, 0x7f
mov ecx, eax
shl ecx, 7
or ecx, eax
mov eax, dword [ebp - 0x1c]
shl edx, 8
add edx, 0x1208
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x30], 0
je loc_fffa95bb  ; je 0xfffa95bb
mov dword [esi + 0x109], edi
mov dword [esi + 0x10d], edi
jmp near loc_fffa95bb  ; jmp 0xfffa95bb

loc_fffa94ab:  ; not directly referenced
imul ecx, edx, 7
mov edi, eax
shl edi, cl
add ebx, edi
cmp byte [ebp - 0x25], 0
je short loc_fffa94c8  ; je 0xfffa94c8
mov byte [esi + edx + 0x245], al
mov byte [esi + edx + 0x249], al

loc_fffa94c8:  ; not directly referenced
inc edx
cmp edx, 4
je short loc_fffa94e7  ; je 0xfffa94e7

loc_fffa94ce:  ; not directly referenced
mov edi, dword [ebp - 0x24]
bt edi, edx
jb short loc_fffa94ab  ; jb 0xfffa94ab
movzx edi, byte [esi + edx + 0x245]
imul ecx, edx, 7
shl edi, cl
add ebx, edi
jmp short loc_fffa94c8  ; jmp 0xfffa94c8

loc_fffa94e7:  ; not directly referenced
cmp dword [ebp - 0x2c], 0
je short loc_fffa950e  ; je 0xfffa950e
mov eax, dword [ebp - 0x1c]
cmp byte [eax + 0x240a], 0
je short loc_fffa950e  ; je 0xfffa950e
movzx eax, byte [esi + 0x245]
and ebx, 0xffe03fff
and eax, 0x7f
shl eax, 0xe
or ebx, eax

loc_fffa950e:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov ecx, ebx
shl eax, 8
mov dword [ebp - 0x24], eax
lea edx, [eax + 0x1c18]
mov eax, dword [ebp - 0x1c]
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x2c], 0
je short loc_fffa959b  ; je 0xfffa959b
mov eax, dword [ebp - 0x1c]
xor edi, edi
mov ecx, dword [ebp - 0x20]
mov dword [ebp - 0x20], 0
movzx ebx, byte [eax + 0x240c]
shl ecx, 2
sar ebx, cl
and ebx, 0xf

loc_fffa954b:  ; not directly referenced
xor edx, edx

loc_fffa954d:  ; not directly referenced
mov cl, dl
mov eax, ebx
shr eax, cl
mov ecx, eax
and ecx, 1
cmp ecx, edi
jne short loc_fffa956c  ; jne 0xfffa956c
movzx eax, byte [esi + edi + 0x249]
imul ecx, edx, 7
shl eax, cl
add dword [ebp - 0x20], eax

loc_fffa956c:  ; not directly referenced
inc edx
cmp edx, 4
jne short loc_fffa954d  ; jne 0xfffa954d
inc edi
cmp edi, 4
jne short loc_fffa954b  ; jne 0xfffa954b
mov eax, dword [ebp - 0x20]
mov ecx, eax
mov edx, eax
shr ecx, 0xe
and eax, 0xffe03fff
shr edx, 0x15
and ecx, 0x7f
and edx, 0x7f
mov ebx, eax
add edx, ecx
shr edx, 1
shl edx, 0xe
or ebx, edx

loc_fffa959b:  ; not directly referenced
mov edx, dword [ebp - 0x24]
and ebx, 0xf01fffff
mov ecx, ebx
add edx, 0x1218

loc_fffa95ac:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffae58c  ; jmp 0xfffae58c

loc_fffa95bb:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa95c3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x5edc]
mov edi, dword [ebx + 0x2443]
mov esi, dword [ebx + 0x36e3]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x20], esi
cmp eax, 1
mov dword [ebp - 0x1c], eax
mov eax, dword [ebx + 0x18c1]
sbb esi, esi
push 0xe4
and esi, 0xfffffdeb
push 0
add esi, 0xc80
push 0
push 0
mov dword [ebp - 0x24], eax
call dword [edi + 0x4c]  ; ucall
mov edx, dword [ebp - 0x24]
lea ecx, [eax + edx]
mov dword [esp], ecx
mov dword [ebp - 0x28], ecx
call dword [edi + 0x20]  ; ucall
mov ecx, dword [ebp - 0x28]
add ecx, 4
mov dword [esp], ecx
mov dword [ebp - 0x24], eax
call dword [edi + 0x20]  ; ucall
add esp, 0x10
test byte [ebp - 0x24], 8
setne cl
movzx edi, cl
mov dword [ebp - 0x24], edi
mov edi, dword [ebx + 0x1872]
mov edx, eax
shr eax, 4
mov byte [ebp - 0x2d], cl
mov cl, al
mov eax, dword [ebx + 0x1877]
shr edx, 0x15
and ecx, 7
dec edi
cmp edi, 0x7ffffffd
cmovbe esi, dword [ebx + 0x1872]
mov dword [ebx + 0x36e3], eax
mov dword [ebx + 0x36d3], esi
and edx, 7
je short loc_fffa968c  ; je 0xfffa968c
cmp eax, 2
jne short loc_fffa9696  ; jne 0xfffa9696
cmp dword [ebp - 0x1c], 0
jne short loc_fffa9696  ; jne 0xfffa9696

loc_fffa968c:  ; not directly referenced
mov dword [ebx + 0x36e3], 0

loc_fffa9696:  ; not directly referenced
cmp dword [ebp - 0x24], 0
mov edi, dword [ebx + 0x36e3]
je short loc_fffa96bb  ; je 0xfffa96bb
test edx, edx
je short loc_fffa96f3  ; je 0xfffa96f3
mov byte [ebx + 0x247e], 1
mov edx, 7
mov dword [ebp - 0x28], 0
jmp short loc_fffa96c7  ; jmp 0xfffa96c7

loc_fffa96bb:  ; not directly referenced
movzx eax, cl
xor esi, esi
mov dword [ebp - 0x28], eax
test edx, edx
je short loc_fffa96e3  ; je 0xfffa96e3

loc_fffa96c7:  ; not directly referenced
sub esp, 0xc
add edx, 6
push 0x5f5e100
mov ecx, 1
mov eax, ebx
call fcn_fffaefe1  ; call 0xfffaefe1
add esp, 0x10
mov esi, eax

loc_fffa96e3:  ; not directly referenced
mov eax, dword [ebp - 0x28]
test eax, eax
je short loc_fffa96f5  ; je 0xfffa96f5
mov edx, 0xb
sub edx, eax
jmp short loc_fffa96fa  ; jmp 0xfffa96fa

loc_fffa96f3:  ; not directly referenced
xor esi, esi

loc_fffa96f5:  ; not directly referenced
mov edx, 0xa

loc_fffa96fa:  ; not directly referenced
sub esp, 0xc
xor ecx, ecx
push 0x5f5e100
mov eax, ebx
call fcn_fffaefe1  ; call 0xfffaefe1
mov ecx, dword [ebp - 0x2c]
add esp, 0x10
mov dl, byte [ebp - 0x2d]
mov dword [ecx + 0x1c6], esi
mov byte [ecx + 0x1ca], dl
cmp dword [ebx + 0x18a7], 0
je short loc_fffa9745  ; je 0xfffa9745
cmp dword [ebp - 0x24], 0
je short loc_fffa9737  ; je 0xfffa9737
cmp edi, 1
cmove eax, esi
jmp short loc_fffa9747  ; jmp 0xfffa9747

loc_fffa9737:  ; not directly referenced
xor edi, edi
cmp esi, eax
jbe short loc_fffa9747  ; jbe 0xfffa9747
mov eax, esi
mov di, 1
jmp short loc_fffa9747  ; jmp 0xfffa9747

loc_fffa9745:  ; not directly referenced
xor edi, edi

loc_fffa9747:  ; not directly referenced
cmp eax, dword [ebx + 0x36d3]
jae short loc_fffa976a  ; jae 0xfffa976a
cmp dword [ebx + 0x1877], 2
mov dword [ebx + 0x36d3], eax
je short loc_fffa9764  ; je 0xfffa9764
cmp dword [ebp - 0x1c], 0
jne short loc_fffa976a  ; jne 0xfffa976a

loc_fffa9764:  ; not directly referenced
mov dword [ebx + 0x36e3], edi

loc_fffa976a:  ; not directly referenced
cmp dword [ebp - 0x20], 1
jne short loc_fffa978e  ; jne 0xfffa978e
cmp dword [ebx + 0x1877], 2
jne short loc_fffa978e  ; jne 0xfffa978e
cmp dword [ebx + 0x1887], 0x306d0
jne short loc_fffa978e  ; jne 0xfffa978e
cmp dword [ebx + 0x1883], 4
ja short loc_fffa9797  ; ja 0xfffa9797

loc_fffa978e:  ; not directly referenced
cmp dword [ebx + 0x36e3], 2
jne short loc_fffa97a0  ; jne 0xfffa97a0

loc_fffa9797:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov dword [ebx + 0x36e3], eax

loc_fffa97a0:  ; not directly referenced
mov ecx, dword [ebx + 0x36d3]
mov edx, ref_fffd34b0  ; mov edx, 0xfffd34b0
xor eax, eax

loc_fffa97ad:  ; not directly referenced
add edx, 9
cmp ecx, dword [edx - 5]
jne short loc_fffa97c0  ; jne 0xfffa97c0
lea eax, [eax + eax*8]
mov eax, dword [eax + ref_fffd34b0]  ; mov eax, dword [eax - 0x2cb50]
jmp short loc_fffa97cb  ; jmp 0xfffa97cb

loc_fffa97c0:  ; not directly referenced
inc eax
cmp eax, 0x15
jne short loc_fffa97ad  ; jne 0xfffa97ad
mov eax, 0x2625a0

loc_fffa97cb:  ; not directly referenced
mov dword [ebx + 0x36db], eax
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa97db:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x9c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x88], 0
mov dword [ebp - 0x94], 0
mov dword [ebp - 0x90], 0
mov byte [eax + 0x36ca], 8
add eax, 0x1973
mov dword [ebp - 0x9c], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x7c], 0x17
mov dword [ebp - 0x80], eax

loc_fffa9827:  ; not directly referenced
mov eax, dword [ebp - 0x80]
xor ebx, ebx
add eax, 0x3756
mov dword [ebp - 0x8c], eax
mov eax, dword [ebp - 0x9c]
mov dword [ebp - 0x84], eax
mov dword [ebp - 0x98], eax
mov eax, dword [ebp - 0x88]
add eax, 0x48c9
mov dword [ebp - 0xa0], eax

loc_fffa985a:  ; not directly referenced
mov eax, dword [ebp - 0x98]
cmp dword [eax], 1
ja loc_fffa99f8  ; ja 0xfffa99f8
mov eax, dword [ebp - 0x84]
mov esi, ref_fffd33d4  ; mov esi, 0xfffd33d4
mov ecx, 0xd
lea edi, [ebp - 0x78]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [eax + 0x48]
mov eax, dword [ebp - 0xa0]
lea esi, [eax + ebx]
mov eax, dword [ebp - 0x80]
add esi, dword [ebp + 8]
mov dword [eax + ebx + 0x48c9], 3
xor eax, eax

loc_fffa989d:  ; not directly referenced
inc eax
cmp byte [edi + eax - 1], 0
je short loc_fffa98ae  ; je 0xfffa98ae
xor edx, edx
mov eax, 1
jmp short loc_fffa98ba  ; jmp 0xfffa98ba

loc_fffa98ae:  ; not directly referenced
cmp eax, 0x200
jne short loc_fffa989d  ; jne 0xfffa989d
jmp near loc_fffa99f8  ; jmp 0xfffa99f8

loc_fffa98ba:  ; not directly referenced
cmp dl, 0xc
setbe cl
test cl, al
je short loc_fffa98e6  ; je 0xfffa98e6
push eax
movzx eax, dl
push esi
push edi
push dword [ebp + 8]
mov dword [ebp - 0xa4], edx
call dword [ebp + eax*4 - 0x78]  ; ucall
mov edx, dword [ebp - 0xa4]
add esp, 0x10
inc edx
and eax, 1
jmp short loc_fffa98ba  ; jmp 0xfffa98ba

loc_fffa98e6:  ; not directly referenced
test eax, eax
mov eax, dword [ebp - 0x80]
jne short loc_fffa98fd  ; jne 0xfffa98fd
mov dword [eax + ebx + 0x48c9], 1
jmp near loc_fffa99f8  ; jmp 0xfffa99f8

loc_fffa98fd:  ; not directly referenced
mov dword [eax + ebx + 0x48c9], 2
mov eax, dword [ebp - 0x84]
mov al, byte [eax + 0x4a]
cmp al, 0xf1
sete cl
cmp al, 0xb
sete dl
or cl, dl
je short loc_fffa9931  ; je 0xfffa9931
mov eax, dword [ebp - 0x84]
mov edx, 0xb
add eax, 0xbd
jmp short loc_fffa994b  ; jmp 0xfffa994b

loc_fffa9931:  ; not directly referenced
cmp al, 0xc
jne short loc_fffa9947  ; jne 0xfffa9947
mov eax, dword [ebp - 0x84]
mov edx, 9
add eax, 0x188
jmp short loc_fffa994b  ; jmp 0xfffa994b

loc_fffa9947:  ; not directly referenced
xor edx, edx
xor eax, eax

loc_fffa994b:  ; not directly referenced
mov edi, dword [ebp - 0x88]
lea ecx, [edi + ebx + 0x49b4]
add ecx, dword [ebp + 8]
call fcn_fffaf03f  ; call 0xfffaf03f
mov eax, dword [ebp - 0x84]
cmp dword [eax], 1
jne short loc_fffa9979  ; jne 0xfffa9979
mov eax, dword [ebp - 0x80]
mov dword [eax + ebx + 0x48c9], 1

loc_fffa9979:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2480]
test eax, eax
jne short loc_fffa999e  ; jne 0xfffa999e
mov eax, dword [ebp - 0x8c]
mov edi, dword [ebp + 8]
mov eax, dword [eax + ebx + 0x1248]
mov dword [edi + 0x2480], eax
jmp short loc_fffa99b7  ; jmp 0xfffa99b7

loc_fffa999e:  ; not directly referenced
mov esi, dword [ebp - 0x8c]
cmp eax, dword [esi + ebx + 0x1248]
mov eax, 0x1a
cmove eax, dword [ebp - 0x7c]
mov dword [ebp - 0x7c], eax

loc_fffa99b7:  ; not directly referenced
cmp dword [ebp - 0x90], 0
mov eax, dword [ebp - 0x8c]
jne short loc_fffa99d5  ; jne 0xfffa99d5
mov eax, dword [eax + ebx + 0x124c]
mov dword [ebp - 0x90], eax
jmp short loc_fffa99e8  ; jmp 0xfffa99e8

loc_fffa99d5:  ; not directly referenced
mov edi, dword [ebp - 0x90]
cmp edi, dword [eax + ebx + 0x124c]
jne loc_fffa9b58  ; jne 0xfffa9b58

loc_fffa99e8:  ; not directly referenced
cmp dword [ebp - 0x7c], 0x1a
je loc_fffa9b81  ; je 0xfffa9b81
inc dword [ebp - 0x94]

loc_fffa99f8:  ; not directly referenced
add ebx, 0x128
add dword [ebp - 0x98], 0x277
add dword [ebp - 0x84], 0x277
cmp ebx, 0x250
jne loc_fffa985a  ; jne 0xfffa985a
add dword [ebp - 0x88], 0x13c3
add dword [ebp - 0x9c], 0x54a
add dword [ebp - 0x80], 0x13c3
cmp dword [ebp - 0x88], 0x2786
jne loc_fffa9827  ; jne 0xfffa9827
cmp dword [ebp - 0x94], 0
je loc_fffa9b81  ; je 0xfffa9b81
lea edi, [ebp - 0x78]
mov esi, ref_fffd3408  ; mov esi, 0xfffd3408
mov ecx, 0x18
xor ebx, ebx
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov eax, 1

loc_fffa9a6c:  ; not directly referenced
cmp bl, 0x17
setbe dl
test dl, al
je short loc_fffa9a8c  ; je 0xfffa9a8c
sub esp, 0xc
movzx eax, bl
push dword [ebp + 8]
inc ebx
call dword [ebp + eax*4 - 0x78]  ; ucall
add esp, 0x10
and eax, 1
jmp short loc_fffa9a6c  ; jmp 0xfffa9a6c

loc_fffa9a8c:  ; not directly referenced
test eax, eax
je loc_fffa9b81  ; je 0xfffa9b81
mov eax, dword [ebp + 8]
mov esi, dword [ebp + 8]
mov byte [eax + 0x3748], 1
add eax, 0x48c9
add esi, 0x704f

loc_fffa9aac:  ; not directly referenced
mov edx, eax
xor ecx, ecx

loc_fffa9ab0:  ; not directly referenced
mov edi, dword [edx]
lea ebx, [edi - 1]
cmp ebx, 1
ja short loc_fffa9ac0  ; ja 0xfffa9ac0
inc dword [eax - 0x10b3]

loc_fffa9ac0:  ; not directly referenced
cmp dword [edx], 2
jne short loc_fffa9b16  ; jne 0xfffa9b16
mov bl, byte [edx + 0xed]
cmp bl, 1
je short loc_fffa9adb  ; je 0xfffa9adb
cmp bl, 2
sete bl
lea ebx, [ebx + ebx*2]
jmp short loc_fffa9add  ; jmp 0xfffa9add

loc_fffa9adb:  ; not directly referenced
mov bl, 1

loc_fffa9add:  ; not directly referenced
mov edi, dword [ebp + 8]
movzx ebx, bl
shl ebx, cl
or byte [eax - 0x10af], bl
mov bl, byte [edx + 0xcc]
and byte [edi + 0x3748], bl
mov bl, byte [edi + 0x36ca]
movzx edi, byte [edx + 0xf4]
cmp byte [edx + 0xf4], bl
cmovbe ebx, edi
mov edi, dword [ebp + 8]
mov byte [edi + 0x36ca], bl

loc_fffa9b16:  ; not directly referenced
add ecx, 2
add edx, 0x128
cmp ecx, 4
jne short loc_fffa9ab0  ; jne 0xfffa9ab0
cmp dword [eax - 0x10b3], 0
je short loc_fffa9b49  ; je 0xfffa9b49
cmp byte [eax - 0x10af], 0
je short loc_fffa9b49  ; je 0xfffa9b49
mov ecx, dword [ebp + 8]
inc byte [ecx + 0x3755]
mov dword [eax - 0x1173], 2

loc_fffa9b49:  ; not directly referenced
add eax, 0x13c3
cmp eax, esi
jne loc_fffa9aac  ; jne 0xfffa9aac
jmp short loc_fffa9b61  ; jmp 0xfffa9b61

loc_fffa9b58:  ; not directly referenced
mov dword [ebp - 0x7c], 0x1a
jmp short loc_fffa9b81  ; jmp 0xfffa9b81

loc_fffa9b61:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3755], 0
je short loc_fffa9b81  ; je 0xfffa9b81
mov eax, dword [ebp + 8]
mov dword [ebp - 0x7c], 0
mov dword [eax + 0x374e], 2

loc_fffa9b81:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffa9b8c:  ; not directly referenced
push ebp
mov ecx, 3
mov ebp, esp
push edi
push esi
mov esi, ref_fffd3468  ; mov esi, 0xfffd3468
push ebx
mov ebx, eax
sub esp, 0xc0
lea edi, [ebp - 0x80]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x74]
mov esi, ref_fffd3474  ; mov esi, 0xfffd3474
mov dword [ebp - 0x8c], eax
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x68]
mov esi, ref_fffd3480  ; mov esi, 0xfffd3480
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x5c]
mov esi, ref_fffd348c  ; mov esi, 0xfffd348c
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x50]
mov esi, ref_fffd3498  ; mov esi, 0xfffd3498
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x44]
mov esi, ref_fffd34a4  ; mov esi, 0xfffd34a4
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [eax + 0x5edc]
mov edx, edi
mov dword [ebp - 0x9c], edi
mov edi, dword [eax + 0x2443]
mov al, byte [eax + 0x2488]
mov esi, edi
mov dword [ebp - 0xa0], edi
movzx edi, byte [ebx + 0x248e]
mov byte [ebp - 0x95], al
mov eax, edx
push 0
add eax, 0x1bc
push 8
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
mov edx, 0x3a1c
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3a1c
mov ecx, eax
mov esi, eax
and ecx, 0xfffe003f
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x5f08
mov eax, ebx
mov dword [ebp - 0x8c], ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5f08
mov ebx, eax
mov eax, dword [ebp - 0x8c]
or bh, 1
mov ecx, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x8c]
mov edx, 0x78
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp - 0x8c]
mov edx, 0x3a00
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, esi
mov esi, dword [ebp - 0x8c]
mov dword [ebp - 0x94], eax
mov eax, dword [ebp - 0x8c]
shr dword [ebp - 0x94], 0xf
and dword [ebp - 0x94], 0x1f
mov ax, word [eax + 0x1904]
shr ax, 7
movzx edx, ax
mov eax, esi
mov dword [ebp - 0xa8], edx
mov edx, 0x3a1c
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, ebx
mov edx, 0x5f08
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x78
mov eax, esi
call fcn_fffa834b  ; call 0xfffa834b
mov edx, 0x2008
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
add esp, 0x10
test ah, 4
mov eax, edi
je short loc_fffa9d16  ; je 0xfffa9d16
cmp al, 3
je short loc_fffa9d2a  ; je 0xfffa9d2a
lea eax, [ebp - 0x74]
mov edx, eax
lea eax, [ebp - 0x68]
jmp short loc_fffa9d22  ; jmp 0xfffa9d22

loc_fffa9d16:  ; not directly referenced
cmp al, 3
je short loc_fffa9d2f  ; je 0xfffa9d2f
lea eax, [ebp - 0x50]
mov edx, eax
lea eax, [ebp - 0x44]

loc_fffa9d22:  ; not directly referenced
and edi, 1
cmovne eax, edx
jmp short loc_fffa9d32  ; jmp 0xfffa9d32

loc_fffa9d2a:  ; not directly referenced
lea eax, [ebp - 0x80]
jmp short loc_fffa9d32  ; jmp 0xfffa9d32

loc_fffa9d2f:  ; not directly referenced
lea eax, [ebp - 0x5c]

loc_fffa9d32:  ; not directly referenced
mov dword [ebp - 0x90], eax
mov eax, dword [ebp - 0x9c]
xor edi, edi
add eax, 0x1c
mov dword [ebp - 0xa4], eax
mov esi, eax

loc_fffa9d4b:  ; not directly referenced
imul eax, edi, 0x13c3
mov edx, dword [ebp - 0x8c]
xor ebx, ebx
cmp dword [edx + eax + 0x3756], 2
jne short loc_fffa9dc5  ; jne 0xfffa9dc5

loc_fffa9d63:  ; not directly referenced
cmp byte [ebp - 0x95], bl
jbe short loc_fffa9d9f  ; jbe 0xfffa9d9f
or byte [esi + ebx*4 + 0x28], 0x20
mov ecx, ebx
mov eax, dword [esi + ebx*4 + 0x28]
mov edx, edi
inc ebx
mov dword [ebp - 0xac], eax
mov eax, dword [ebp - 0x8c]
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebp - 0xac]
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffa9d63  ; jmp 0xfffa9d63

loc_fffa9d9f:  ; not directly referenced
mov eax, dword [ebp - 0x8c]
mov ecx, 0xff
mov edx, edi
mov ebx, dword [esi]
call fcn_fffa7288  ; call 0xfffa7288
or bh, 1
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffa9dc5:  ; not directly referenced
inc edi
add esi, 0xcc
cmp edi, 2
jne loc_fffa9d4b  ; jne 0xfffa9d4b
mov eax, dword [ebp - 0x90]
lea ebx, [ebp - 0x38]
inc eax
mov dword [ebp - 0xbc], eax
mov esi, eax

loc_fffa9de7:  ; not directly referenced
mov edi, dword [ebp - 0x8c]
add ebx, 4
add esi, 3
movzx edx, byte [esi - 4]
movzx ecx, byte [esi - 3]
mov eax, edi
call fcn_fffa75da  ; call 0xfffa75da
mov edx, eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov dword [ebx - 4], eax
lea eax, [ebp - 0x28]
cmp ebx, eax
jne short loc_fffa9de7  ; jne 0xfffa9de7
imul eax, dword [ebp - 0x94], 0x1f0
mov ecx, 0x3e8
imul eax, dword [ebp - 0xa8]
xor edx, edx
mov byte [ebp - 0xa8], 1
div ecx
lea edi, [eax + 0x14a]
add eax, 0x226
mov dword [ebp - 0xb8], eax
mov eax, dword [ebp - 0x9c]
mov dword [ebp - 0xb4], edi
add eax, 0x1bd
mov dword [ebp - 0xac], eax

loc_fffa9e5e:  ; not directly referenced
mov eax, dword [ebp - 0xa4]
xor ebx, ebx
mov dword [ebp - 0x94], eax
mov eax, dword [ebp - 0xa8]
and eax, 7
mov dword [ebp - 0x9c], eax

loc_fffa9e7b:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp - 0x8c]
cmp dword [edi + eax + 0x3756], 2
je short loc_fffa9eb0  ; je 0xfffa9eb0

loc_fffa9e91:  ; not directly referenced
inc ebx
add dword [ebp - 0x94], 0xcc
cmp ebx, 2
jne short loc_fffa9e7b  ; jne 0xfffa9e7b
mov dword [ebp - 0x94], 0
jmp near loc_fffaa085  ; jmp 0xfffaa085

loc_fffa9eb0:  ; not directly referenced
xor esi, esi

loc_fffa9eb2:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0x95], al
jbe short loc_fffa9e91  ; jbe 0xfffa9e91
mov eax, dword [ebp - 0x94]
mov ecx, esi
mov edx, ebx
mov edi, dword [eax + esi*4 + 4]
inc esi
mov eax, dword [ebp - 0x9c]
and edi, 0xffffe3ff
shl eax, 0xa
or edi, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, edi
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffa9eb2  ; jmp 0xfffa9eb2

loc_fffa9ef8:  ; not directly referenced
imul eax, edi, 0x13c3
mov edx, dword [ebp - 0x8c]
cmp dword [edx + eax + 0x3756], 2
je loc_fffaa0c3  ; je 0xfffaa0c3

loc_fffa9f12:  ; not directly referenced
inc edi
add dword [ebp - 0x9c], 0xcc
cmp edi, 2
jne short loc_fffa9ef8  ; jne 0xfffa9ef8
mov byte [ebp - 0x9c], 0

loc_fffa9f29:  ; not directly referenced
mov esi, dword [ebp - 0x9c]
lea edi, [ebp - 0x28]
mov ebx, dword [ebp - 0x90]
and esi, 1
shl esi, 0x1d
or esi, 0x2000000

loc_fffa9f44:  ; not directly referenced
movzx eax, byte [ebx + 2]
and esi, 0xefffffff
movzx ecx, byte [ebx + 1]
movzx edx, byte [ebx]
and eax, 1
shl eax, 0x1c
or esi, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffa75da  ; call 0xfffa75da
mov ecx, esi
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0xa0]
call dword [eax + 0x54]  ; ucall
add eax, 0x3e8
mov dword [ebp - 0xb0], eax

loc_fffa9f8b:  ; not directly referenced
mov esi, dword [ebp - 0x8c]
movzx edx, byte [ebx]
movzx ecx, byte [ebx + 1]
mov eax, esi
call fcn_fffa75da  ; call 0xfffa75da
mov edx, eax
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov esi, eax
test eax, 0x40000000
jne loc_fffaa108  ; jne 0xfffaa108
mov eax, dword [ebp - 0xa0]
call dword [eax + 0x54]  ; ucall
cmp dword [ebp - 0xb0], eax
ja short loc_fffa9f8b  ; ja 0xfffa9f8b

loc_fffa9fc6:  ; not directly referenced
movzx ecx, byte [ebx + 1]
add edi, 4
add ebx, 3
movzx edx, byte [ebx - 3]
mov eax, dword [ebp - 0x8c]
call fcn_fffa75da  ; call 0xfffa75da
xor ecx, ecx
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffae58c  ; call 0xfffae58c
lea eax, [ebp - 0x18]
cmp edi, eax
jne loc_fffa9f44  ; jne 0xfffa9f44
inc byte [ebp - 0x9c]
cmp byte [ebp - 0x9c], 2
jne loc_fffa9f29  ; jne 0xfffa9f29
mov ecx, dword [ebp - 0x28]
mov ebx, dword [ebp - 0x1c]
mov edx, dword [ebp - 0x20]
mov eax, dword [ebp - 0x24]
mov esi, ecx
cmp ebx, ecx
cmovbe esi, ebx
cmp esi, edx
cmova esi, edx
cmp ebx, ecx
cmovae ecx, ebx
cmp ecx, edx
cmovae edx, ecx
cmp edx, eax
cmovb edx, eax
cmp esi, eax
cmovbe eax, esi
cmp dword [ebp - 0xb4], eax
jbe short loc_fffaa055  ; jbe 0xfffaa055
mov cl, byte [ebp - 0x94]
mov eax, 1
mov edi, dword [ebp - 0xac]
shl eax, cl
or byte [edi], al

loc_fffaa055:  ; not directly referenced
cmp dword [ebp - 0xb8], edx
jae short loc_fffaa072  ; jae 0xfffaa072
mov cl, byte [ebp - 0x94]
mov eax, 1
mov edi, dword [ebp - 0xac]
shl eax, cl
or byte [edi], al

loc_fffaa072:  ; not directly referenced
inc dword [ebp - 0x94]
cmp dword [ebp - 0x94], 8
je loc_fffaa126  ; je 0xfffaa126

loc_fffaa085:  ; not directly referenced
push eax
xor edi, edi
push 0
push 4
lea eax, [ebp - 0x28]
push eax
mov eax, dword [ebp - 0xa0]
call dword [eax + 0x64]  ; ucall
mov eax, dword [ebp - 0xa4]
add esp, 0x10
mov dword [ebp - 0x9c], eax
mov eax, dword [ebp - 0x94]
and eax, 7
mov dword [ebp - 0xb0], eax
shl dword [ebp - 0xb0], 0x1a
jmp near loc_fffa9ef8  ; jmp 0xfffa9ef8

loc_fffaa0c3:  ; not directly referenced
xor ebx, ebx

loc_fffaa0c5:  ; not directly referenced
cmp byte [ebp - 0x95], bl
jbe loc_fffa9f12  ; jbe 0xfffa9f12
mov eax, dword [ebp - 0x9c]
mov ecx, ebx
mov edx, edi
mov esi, dword [eax + ebx*4 + 0x28]
inc ebx
mov eax, dword [ebp - 0x8c]
and esi, 0xe3ffffff
call fcn_fffa720e  ; call 0xfffa720e
or esi, dword [ebp - 0xb0]
mov ecx, esi
mov edx, eax
mov eax, dword [ebp - 0x8c]
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffaa0c5  ; jmp 0xfffaa0c5

loc_fffaa108:  ; not directly referenced
shr eax, 0xf
and eax, 0x3ff
add eax, dword [edi]
cmp byte [ebp - 0x9c], 1
jne loc_fffaa215  ; jne 0xfffaa215
shr eax, 1
jmp near loc_fffaa215  ; jmp 0xfffaa215

loc_fffaa126:  ; not directly referenced
inc byte [ebp - 0xa8]
inc dword [ebp - 0xac]
and byte [ebp - 0xa8], 7
jne loc_fffa9e5e  ; jne 0xfffa9e5e
mov esi, dword [ebp - 0xa4]
xor edi, edi

loc_fffaa147:  ; not directly referenced
imul eax, edi, 0x13c3
mov ecx, dword [ebp - 0x8c]
xor ebx, ebx
cmp dword [ecx + eax + 0x3756], 2
jne short loc_fffaa1cc  ; jne 0xfffaa1cc

loc_fffaa15f:  ; not directly referenced
cmp byte [ebp - 0x95], bl
jbe short loc_fffaa1ad  ; jbe 0xfffaa1ad
mov eax, dword [ebp - 0x8c]
mov ecx, ebx
mov edx, edi
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, dword [esi + ebx*4 + 4]
mov edx, eax
mov dword [ebp - 0x90], eax
mov eax, dword [ebp - 0x8c]
call fcn_fffae58c  ; call 0xfffae58c
mov edx, dword [ebp - 0x90]
and byte [esi + ebx*4 + 0x28], 0xdf
mov ecx, dword [esi + ebx*4 + 0x28]
inc ebx
mov eax, dword [ebp - 0x8c]
add edx, 4
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffaa15f  ; jmp 0xfffaa15f

loc_fffaa1ad:  ; not directly referenced
mov ebx, dword [ebp - 0x8c]
mov ecx, 0xff
mov edx, edi
mov eax, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [esi]
mov edx, eax
mov eax, ebx
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffaa1cc:  ; not directly referenced
inc edi
add esi, 0xcc
cmp edi, 2
jne loc_fffaa147  ; jne 0xfffaa147
mov esi, dword [ebp - 0xbc]
lea ebx, [ebp - 0x38]

loc_fffaa1e5:  ; not directly referenced
mov edi, dword [ebp - 0x8c]
add ebx, 4
add esi, 3
movzx ecx, byte [esi - 3]
movzx edx, byte [esi - 4]
mov eax, edi
call fcn_fffa75da  ; call 0xfffa75da
mov ecx, dword [ebx - 4]
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
lea eax, [ebp - 0x28]
cmp ebx, eax
jne short loc_fffaa1e5  ; jne 0xfffaa1e5
jmp short loc_fffaa21c  ; jmp 0xfffaa21c

loc_fffaa215:  ; not directly referenced
mov dword [edi], eax
jmp near loc_fffa9fc6  ; jmp 0xfffa9fc6

loc_fffaa21c:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa226:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x1c
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x20], edx
cmp eax, 1
je short loc_fffaa252  ; je 0xfffaa252
sbb ebx, ebx
mov esi, 0
mov byte [ebp - 0x1a], 1
and ebx, 0x364c
jmp short loc_fffaa260  ; jmp 0xfffaa260

loc_fffaa252:  ; not directly referenced
mov byte [ebp - 0x1a], 4
mov esi, 4
mov ebx, 0x3650

loc_fffaa260:  ; not directly referenced
mov byte [ebp - 0x19], 0

loc_fffaa264:  ; not directly referenced
mov ecx, dword [ebp - 0x20]
mov edx, ebx
mov eax, edi
add ebx, esi
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov al, byte [ebp - 0x1a]
inc byte [ebp - 0x19]
cmp byte [ebp - 0x19], al
jb short loc_fffaa264  ; jb 0xfffaa264
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa285:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov ebx, dword [esi + 0x2443]
shl edi, 0xa
mov dword [ebp - 0x20], ecx
add edi, 0x4214
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x2c], eax
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffaa2c1:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
shr eax, 0x18
test al, al
jns short loc_fffaa2e0  ; jns 0xfffaa2e0
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffaa2c1  ; ja 0xfffaa2c1

loc_fffaa2d9:  ; not directly referenced
mov eax, 0x12
jmp short loc_fffaa340  ; jmp 0xfffaa340

loc_fffaa2e0:  ; not directly referenced
mov ecx, dword [ebp - 0x28]
mov edx, edi
mov eax, dword [ebp - 0x24]
shl ecx, 0xd
and ax, 0x1fff
or ecx, eax
mov eax, dword [ebp - 0x20]
movzx ecx, cx
and eax, 3
shl eax, 0x10
or ecx, eax
mov eax, dword [ebp - 0x2c]
and eax, 0x1ff
shl eax, 0x15
or ecx, eax
mov eax, esi
or ecx, 0x80100000
call fcn_fffae58c  ; call 0xfffae58c
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffaa324:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
shr eax, 0x18
test al, al
jns short loc_fffaa33e  ; jns 0xfffaa33e
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffaa324  ; ja 0xfffaa324
jmp short loc_fffaa2d9  ; jmp 0xfffaa2d9

loc_fffaa33e:  ; not directly referenced
xor eax, eax

loc_fffaa340:  ; not directly referenced
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa348:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
mov ebx, dword [ebp + 8]
cmp ecx, edx
ja short loc_fffaa360  ; ja 0xfffaa360
inc edi
inc dword [ebx + 0xc]
imul eax, edi, 0xa
jmp short loc_fffaa3c3  ; jmp 0xfffaa3c3

loc_fffaa360:  ; not directly referenced
mov esi, ecx
sub esi, edx
cmp ecx, 6
ja short loc_fffaa38e  ; ja 0xfffaa38e
imul edi, eax, 0xa
mov eax, 7
sub eax, ecx
xor edx, edx
imul eax, eax, 0xa
mov ecx, 0xa
inc dword [ebx + 8]
div esi
cmp eax, 0xa
cmovbe ecx, eax
lea eax, [edi + ecx + 0x14]
jmp short loc_fffaa3c3  ; jmp 0xfffaa3c3

loc_fffaa38e:  ; not directly referenced
cmp edx, 7
ja short loc_fffaa3ab  ; ja 0xfffaa3ab
inc dword [ebx + 4]
test esi, esi
je short loc_fffaa3ad  ; je 0xfffaa3ad
mov eax, 7
inc edi
sub eax, edx
xor edx, edx
imul eax, eax, 0xa
div esi
jmp short loc_fffaa3be  ; jmp 0xfffaa3be

loc_fffaa3ab:  ; not directly referenced
inc dword [ebx]

loc_fffaa3ad:  ; not directly referenced
cmp esi, edx
cmovb esi, edx
xor eax, eax
test esi, esi
je short loc_fffaa3c3  ; je 0xfffaa3c3
mov al, 0x46
xor edx, edx
div esi

loc_fffaa3be:  ; not directly referenced
imul edi, edi, 0xa
add eax, edi

loc_fffaa3c3:  ; not directly referenced
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa3c8:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, edx
sub esp, 0x2c
mov esi, dword [eax + 0x2443]
mov byte [ebp - 0x1b], cl
mov cl, byte [ebp + 8]
shl ebx, 0xa
lea edx, [ebx + 0x41bc]
mov dword [ebp - 0x20], eax
mov dword [ebp - 0x28], esi
mov byte [ebp - 0x1c], cl
xor ecx, ecx
call fcn_fffae566  ; call 0xfffae566
lea eax, [ebx + 0x41c0]
mov byte [ebp - 0x19], 0
mov dword [ebp - 0x34], eax

loc_fffaa405:  ; not directly referenced
mov cl, byte [ebp - 0x19]
xor esi, esi
xor edi, edi
mov dword [ebp - 0x2c], 0
mov al, cl
and eax, 1
mov byte [ebp - 0x1a], al
mov al, cl
xor ecx, ecx
shr al, 1
and eax, 1
mov dword [ebp - 0x30], eax

loc_fffaa427:  ; not directly referenced
movzx eax, cl
div byte [ebp - 0x1b]
movzx edx, ah
lea eax, [ecx + 0x15]
cmp cl, 0x12
ja short loc_fffaa441  ; ja 0xfffaa441
lea eax, [ecx + 8]
cmp cl, 0x10
cmovb eax, ecx

loc_fffaa441:  ; not directly referenced
cmp dl, byte [ebp - 0x1c]
movzx eax, al
mov edx, dword [ebp - 0x28]
mov dword [ebp - 0x38], ecx
mov edx, dword [edx + 0x68]
mov dword [ebp - 0x24], edx
jne short loc_fffaa461  ; jne 0xfffaa461
push ecx
xor edx, edx
push eax
movzx eax, byte [ebp - 0x1a]
push edx
push eax
jmp short loc_fffaa469  ; jmp 0xfffaa469

loc_fffaa461:  ; not directly referenced
push edx
push eax
push dword [ebp - 0x2c]
push dword [ebp - 0x30]

loc_fffaa469:  ; not directly referenced
mov eax, dword [ebp - 0x24]
call eax
mov ecx, dword [ebp - 0x38]
add esp, 0x10
inc ecx
or eax, esi
or edx, edi
mov esi, eax
mov edi, edx
cmp cl, 0x16
jne short loc_fffaa427  ; jne 0xfffaa427
push eax
push eax
mov eax, dword [ebp - 0x20]
push edx
mov edx, dword [ebp - 0x34]
push esi
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10
inc byte [ebp - 0x19]
cmp byte [ebp - 0x19], 8
jne loc_fffaa405  ; jne 0xfffaa405
mov edi, dword [ebp - 0x20]
lea edx, [ebx + 0x41a0]
mov ecx, 0x222
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
lea edx, [ebx + 0x41b0]
mov eax, edi
mov ecx, 0x6010102
call fcn_fffae58c  ; call 0xfffae58c
lea edx, [ebx + 0x41a4]
mov eax, edi
mov ecx, 0xea1
call fcn_fffae58c  ; call 0xfffae58c
lea edx, [ebx + 0x41a8]
mov eax, edi
mov ecx, 0xbeef
call fcn_fffae58c  ; call 0xfffae58c
lea esp, [ebp - 0xc]
mov eax, edi
lea edx, [ebx + 0x41ac]
mov ecx, 0xdead
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffae58c  ; jmp 0xfffae58c

fcn_fffaa505:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
push ebx
sub esp, 0x1c
mov ebx, dword [eax + 0x2443]
mov dword [ebp - 0x20], ecx
shl edi, 0xa
add edi, 0x4214
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffaa52f:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, eax
shr eax, 0x18
test al, al
jns short loc_fffaa550  ; jns 0xfffaa550
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffaa52f  ; ja 0xfffaa52f

loc_fffaa549:  ; not directly referenced
mov eax, 0x12
jmp short loc_fffaa5ae  ; jmp 0xfffaa5ae

loc_fffaa550:  ; not directly referenced
mov cl, byte [ebp + 8]
mov ch, byte [ebp + 0xc]
mov edx, dword [ebp + 0x10]
mov eax, dword [ebp - 0x20]
or ecx, 0x40000
and edx, 1
and ecx, 0xfff4ffff
shl edx, 0x13
and eax, 3
shl eax, 0x10
or ecx, edx
or ecx, eax
mov edx, edi
or ecx, 0x80000000
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
call dword [ebx + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x1c], eax

loc_fffaa592:  ; not directly referenced
mov edx, edi
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
shr eax, 0x18
test al, al
jns short loc_fffaa5ac  ; jns 0xfffaa5ac
call dword [ebx + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffaa592  ; ja 0xfffaa592
jmp short loc_fffaa549  ; jmp 0xfffaa549

loc_fffaa5ac:  ; not directly referenced
xor eax, eax

loc_fffaa5ae:  ; not directly referenced
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa5b6:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, ecx
sub esp, 0x4c
mov edi, dword [ebp + 8]
mov esi, dword [ebp + 0x18]
mov ecx, dword [eax + 0x2443]
mov dword [ebp - 0x1c], eax
mov eax, dword [eax + 0x1887]
mov dword [ebp - 0x44], edi
mov edi, dword [ebp + 0xc]
mov dword [ebp - 0x34], esi
mov esi, dword [ebp + 0x1c]
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x24], ecx
mov dword [ebp - 0x30], edi
mov edi, dword [ebp + 0x10]
mov dword [ebp - 0x20], edi
mov edi, dword [ebp + 0x14]
mov dword [ebp - 0x40], edi
mov edi, dword [ebp + 0x20]
cmp eax, 0x306d0
je short loc_fffaa618  ; je 0xfffaa618
cmp eax, 0x40670
je short loc_fffaa618  ; je 0xfffaa618
mov dword [ebp - 0x2c], 0x7f8
mov dword [ebp - 0x38], 0xff
jmp short loc_fffaa626  ; jmp 0xfffaa626

loc_fffaa618:  ; not directly referenced
mov dword [ebp - 0x2c], 0xff8
mov dword [ebp - 0x38], 0x1ff

loc_fffaa626:  ; not directly referenced
test ebx, ebx
je short loc_fffaa69e  ; je 0xfffaa69e
mov dword [ebp - 0x4c], esi
push esi
push 0x20
movzx edx, word [ebx]
movzx eax, word [ebx + 2]
shl edx, 0x18
shl eax, 0x10
add eax, edx
cdq
push edx
push eax
mov eax, dword [ebp - 0x24]
call dword [eax + 0x68]  ; ucall
add esp, 0xc
mov ecx, dword [ebp - 0x24]
push 0x18
mov esi, eax
movzx eax, word [ebx + 4]
mov dword [ebp - 0x48], edx
xor edx, edx
push edx
push eax
call dword [ecx + 0x68]  ; ucall
movzx ebx, word [ebx + 6]
pop ecx
pop ecx
and edx, dword [ebp - 0x38]
mov dword [ebp - 0x3c], ebx
mov ebx, dword [ebp - 0x2c]
and dword [ebp - 0x3c], ebx
or dword [ebp - 0x3c], esi
and eax, 0xff000000
mov esi, dword [ebp - 0x3c]
or esi, eax
mov eax, dword [ebp - 0x48]
or eax, edx
push eax
mov eax, dword [ebp - 0x28]
push esi
lea edx, [eax*8 + 0x48d8]
mov eax, dword [ebp - 0x1c]
call fcn_fffae7cf  ; call 0xfffae7cf
mov esi, dword [ebp - 0x4c]
add esp, 0x10

loc_fffaa69e:  ; not directly referenced
mov eax, dword [ebp - 0x44]
test eax, eax
je short loc_fffaa715  ; je 0xfffaa715
push edx
mov ebx, dword [ebp - 0x24]
push 0x20
movzx edx, word [eax]
mov dword [ebp - 0x44], esi
mov esi, eax
movzx eax, word [eax + 2]
shl edx, 0x18
shl eax, 0x10
add eax, edx
cdq
push edx
push eax
call dword [ebx + 0x68]  ; ucall
add esp, 0xc
mov ecx, dword [ebp - 0x24]
push 0x18
mov ebx, eax
movzx eax, word [esi + 4]
mov dword [ebp - 0x3c], edx
xor edx, edx
push edx
push eax
call dword [ecx + 0x68]  ; ucall
pop ecx
pop ecx
movzx ecx, word [esi + 6]
and edx, dword [ebp - 0x38]
and eax, 0xff000000
mov esi, ecx
mov ecx, dword [ebp - 0x2c]
and esi, ecx
or esi, ebx
or esi, eax
mov eax, dword [ebp - 0x3c]
or eax, edx
push eax
mov eax, dword [ebp - 0x28]
push esi
lea edx, [eax*8 + 0x48e8]
mov eax, dword [ebp - 0x1c]
call fcn_fffae7cf  ; call 0xfffae7cf
mov esi, dword [ebp - 0x44]
add esp, 0x10

loc_fffaa715:  ; not directly referenced
cmp dword [ebp - 0x30], 0
setne bl
cmp dword [ebp - 0x34], 0
setne al
mov byte [ebp - 0x2c], al
or al, bl
jne short loc_fffaa73c  ; jne 0xfffaa73c
test esi, esi
setne dl
test edi, edi
setne al
or dl, al
je loc_fffaa876  ; je 0xfffaa876

loc_fffaa73c:  ; not directly referenced
mov ecx, dword [ebp - 0x28]
xor eax, eax
cmp dword [ebp - 0x30], 0
lea ecx, [ecx*4 + 0x4908]
mov dword [ebp - 0x24], ecx
sete cl
cmp dword [ebp - 0x34], 0
sete dl
or cl, dl
jne short loc_fffaa7a1  ; jne 0xfffaa7a1
test esi, esi
sete cl
test edi, edi
sete dl
or cl, dl
jne short loc_fffaa7a1  ; jne 0xfffaa7a1

loc_fffaa76b:  ; not directly referenced
mov ebx, dword [ebp - 0x30]
and eax, 0xfffffff0
movzx edx, byte [ebx + 3]
movzx ecx, byte [ebx + 2]
and edx, 3
and ecx, 3
or eax, edx
movzx edx, byte [ebx + 1]
shl ecx, 2
or eax, ecx
movzx ecx, byte [ebx]
and al, 0xf
and edx, 3
shl edx, 4
and ecx, 3
or eax, edx
shl ecx, 6
or eax, ecx
jmp short loc_fffaa7b0  ; jmp 0xfffaa7b0

loc_fffaa7a1:  ; not directly referenced
mov edx, dword [ebp - 0x24]
mov eax, dword [ebp - 0x1c]
call fcn_fffae52a  ; call 0xfffae52a
test bl, bl
jne short loc_fffaa76b  ; jne 0xfffaa76b

loc_fffaa7b0:  ; not directly referenced
cmp byte [ebp - 0x2c], 0
je short loc_fffaa7f2  ; je 0xfffaa7f2
mov ebx, dword [ebp - 0x34]
and eax, 0xfcffffff
movzx ecx, byte [ebx + 3]
movzx edx, byte [ebx + 2]
and ecx, 1
shl ecx, 0x18
and edx, 1
shl edx, 0x19
or eax, ecx
movzx ecx, byte [ebx]
or eax, edx
movzx edx, byte [ebx + 1]
and eax, 0xf3ffffff
and ecx, 1
and edx, 1
shl edx, 0x1a
shl ecx, 0x1b
or eax, edx
or eax, ecx

loc_fffaa7f2:  ; not directly referenced
test esi, esi
je short loc_fffaa82c  ; je 0xfffaa82c
movzx ecx, byte [esi + 3]
and eax, 0xcfffffff
movzx edx, byte [esi + 2]
and ecx, 1
shl ecx, 0x1c
and edx, 1
shl edx, 0x1d
or eax, ecx
movzx ecx, byte [esi]
or eax, edx
movzx edx, byte [esi + 1]
and eax, 0x3fffffff
shl ecx, 0x1f
and edx, 1
shl edx, 0x1e
or eax, edx
or eax, ecx

loc_fffaa82c:  ; not directly referenced
test edi, edi
je short loc_fffaa869  ; je 0xfffaa869
movzx ecx, byte [edi + 3]
and eax, 0xffcf1fff
movzx edx, byte [edi + 2]
and ecx, 1
shl ecx, 0x14
and edx, 1
shl edx, 0x15
or eax, ecx
movzx ecx, byte [edi]
or eax, edx
movzx edx, byte [edi + 1]
and eax, 0xff3f1fff
and ecx, 1
and edx, 1
shl edx, 0x16
shl ecx, 0x17
or eax, edx
or eax, ecx

loc_fffaa869:  ; not directly referenced
mov ecx, eax
mov edx, dword [ebp - 0x24]
mov eax, dword [ebp - 0x1c]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaa876:  ; not directly referenced
mov edx, dword [ebp - 0x40]
cmp dword [ebp - 0x20], 0
setne cl
test edx, edx
setne al
mov byte [ebp - 0x24], al
or al, cl
je loc_fffaa9e5  ; je 0xfffaa9e5
mov eax, dword [ebp - 0x28]
xor esi, esi
xor ebx, ebx
cmp dword [ebp - 0x20], 0
lea edi, [eax*8 + 0x4910]
sete al
test edx, edx
sete dl
or al, dl
jne short loc_fffaa8c3  ; jne 0xfffaa8c3

loc_fffaa8ae:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov eax, dword [eax]
cmp eax, 0x1f
jbe short loc_fffaa8e1  ; jbe 0xfffaa8e1
dec eax
call fcn_fffaec34  ; call 0xfffaec34
movzx eax, al
jmp short loc_fffaa8e4  ; jmp 0xfffaa8e4

loc_fffaa8c3:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
mov edx, edi
mov dword [ebp - 0x28], ecx
call fcn_fffae548  ; call 0xfffae548
mov ecx, dword [ebp - 0x28]
mov esi, eax
mov ebx, edx
test cl, cl
je loc_fffaa990  ; je 0xfffaa990
jmp short loc_fffaa8ae  ; jmp 0xfffaa8ae

loc_fffaa8e1:  ; not directly referenced
sub eax, 0xffffff80

loc_fffaa8e4:  ; not directly referenced
mov edx, eax
and ebx, 0x60ffffff
and edx, 0x1f
shl edx, 0x18
shr eax, 7
or ebx, edx
shl eax, 0x1f
or ebx, eax
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + 4]
lea eax, [edx + 0x80]
cmp edx, 0x1f
jbe short loc_fffaa918  ; jbe 0xfffaa918
lea eax, [edx - 1]
call fcn_fffaec34  ; call 0xfffaec34
movzx eax, al

loc_fffaa918:  ; not directly referenced
mov edx, eax
and ebx, 0xfff60fff
and edx, 0x1f
shl edx, 0xc
shl eax, 0xc
or ebx, edx
and eax, 0x80000
or ebx, eax
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + 8]
lea eax, [edx + 0x20]
cmp edx, 0xf
jbe short loc_fffaa94b  ; jbe 0xfffaa94b
lea eax, [edx - 1]
call fcn_fffaec34  ; call 0xfffaec34
movzx eax, al

loc_fffaa94b:  ; not directly referenced
mov edx, eax
and ebx, 0xffffffd0
and edx, 0xf
and eax, 0x20
or ebx, edx
or ebx, eax
mov eax, dword [ebp - 0x20]
mov edx, dword [eax + 0xc]
lea eax, [edx + 0x80]
cmp edx, 0x1f
jbe short loc_fffaa976  ; jbe 0xfffaa976
lea eax, [edx - 1]
call fcn_fffaec34  ; call 0xfffaec34
movzx eax, al

loc_fffaa976:  ; not directly referenced
mov edx, eax
and esi, 0xfff60fff
and edx, 0x1f
shl edx, 0xc
shl eax, 0xc
or esi, edx
and eax, 0x80000
or esi, eax

loc_fffaa990:  ; not directly referenced
cmp byte [ebp - 0x24], 0
je short loc_fffaa9ce  ; je 0xfffaa9ce
mov ecx, dword [ebp - 0x40]
and ebx, 0xff8ffc3f
and esi, 0xff807
movzx edx, byte [ecx]
movzx eax, byte [ecx + 2]
and edx, 7
shl edx, 0x14
and eax, 0xf
shl eax, 6
or ebx, edx
movzx edx, byte [ecx + 6]
or ebx, eax
movzx eax, word [ecx + 4]
shl edx, 3
shl eax, 0x14
or esi, eax
or esi, edx

loc_fffaa9ce:  ; not directly referenced
mov dword [ebp + 8], esi
mov eax, dword [ebp - 0x1c]
mov edx, edi
mov dword [ebp + 0xc], ebx
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffae7cf  ; jmp 0xfffae7cf

loc_fffaa9e5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaa9ed:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
push ebx
mov ebx, edx
sub esp, 0x3c
mov cl, byte [ebp + 8]
mov dword [ebp - 0x2c], eax
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x20], 0
mov byte [ebp - 0x2d], cl
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x1c], 0
cmp dword [eax], 1
jne loc_fffaab38  ; jne 0xfffaab38
mov dword [edx + 0x1c], 3
xor esi, esi
mov word [edx + 0x2a], 0x20
mov word [edx + 0x28], 0x400
mov word [edx + 0xe], 0x18
mov word [edx + 2], 1
mov word [edx + 0xa], 1

loc_fffaaa54:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp - 0x2c]
cmp dword [ecx + eax + 0x3756], 2
jne loc_fffaab25  ; jne 0xfffaab25
lea eax, [ebp - 0x1c]
mov ecx, ebx
push edx
mov edx, esi
push eax
lea eax, [ebp - 0x24]
push eax
lea eax, [ebp - 0x20]
push eax
lea eax, [ebx + 0x24]
push eax
lea eax, [ebx + 0x14]
push eax
lea eax, [ebx + 0x10]
push eax
mov eax, dword [ebp - 0x2c]
push 0
call fcn_fffaa5b6  ; call 0xfffaa5b6
xor edx, edx
mov eax, 0x1800
mov dword [ebp - 0x38], eax
mov eax, edx
add esp, 0x20
and eax, 0xfffffc00
mov ecx, 1
or eax, 2
mov dword [ebp - 0x34], eax
mov eax, dword [ebp - 0x38]
lea edx, [esi*4 + 0x4980]
and eax, 0x8fffffff
or eax, 0x10000000
cmp dword [ebp - 0x3c], 1
mov dword [ebp - 0x38], eax
lea eax, [edx + 0x20]
cmove edx, eax
mov eax, dword [ebp - 0x2c]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x2c]
lea edx, [esi*8 + 0x48a8]
push ecx
push ecx
push dword [ebp - 0x34]
push dword [ebp - 0x38]
call fcn_fffae7cf  ; call 0xfffae7cf
mov eax, esi
mov ecx, 0x20
shl eax, 0xa
lea edx, [eax + 0x4200]
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x2c]
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0x38]
mov eax, dword [ebp - 0x2c]
lea edx, [ecx + 0x4040]
mov ecx, 0x8092
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10

loc_fffaab25:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffaaa54  ; jne 0xfffaaa54
mov eax, dword [ebp + 0xc]
mov dword [eax], 0

loc_fffaab38:  ; not directly referenced
mov esi, dword [ebp - 0x2c]
movzx eax, byte [esi + 0x248d]
bt eax, edi
jae loc_fffaac3b  ; jae 0xfffaac3b
mov eax, edi
shr eax, 1
imul eax, eax, 0x128
mov dword [ebp - 0x38], 0
lea edi, [esi + eax + 0x49ae]
lea eax, [ebx + 0x14]
mov dword [ebp - 0x40], eax
movzx eax, byte [ebp - 0x2d]
mov dword [ebp - 0x44], eax

loc_fffaab70:  ; not directly referenced
imul eax, dword [ebp - 0x38], 0x13c3
mov esi, dword [ebp - 0x2c]
cmp dword [esi + eax + 0x3756], 2
jne loc_fffaac28  ; jne 0xfffaac28
mov ax, word [ebx + 0x2a]
xor edx, edx
lea ecx, [eax*8]
mov ax, word [edi + 4]
div cx
mov edx, dword [ebp - 0x38]
movzx esi, ax
mov eax, dword [edi]
dec eax
mov word [ebx + 0xc], ax
mov ax, word [edi + 4]
sub eax, ecx
xor ecx, ecx
mov word [ebx + 0xe], ax
lea eax, [esi - 1]
mov dword [ebx + 0x1c], eax
push eax
push 0
push 0
push 0
push 0
push dword [ebp - 0x40]
lea eax, [ebx + 8]
push 0
push eax
mov eax, dword [ebp - 0x2c]
call fcn_fffaa5b6  ; call 0xfffaa5b6
add esp, 0x20
cmp byte [ebp - 0x2d], 0
je short loc_fffaabe3  ; je 0xfffaabe3
mov eax, dword [ebp - 0x44]
jmp short loc_fffaabeb  ; jmp 0xfffaabeb

loc_fffaabe3:  ; not directly referenced
mov eax, dword [edi]
shr eax, 0xa
imul eax, esi

loc_fffaabeb:  ; not directly referenced
dec eax
call fcn_fffaec34  ; call 0xfffaec34
imul esi, dword [ebp - 0x38], 0x28
lea edx, [esi + 0x4808]
and eax, 0x7f
mov dword [ebp - 0x3c], eax
mov ecx, eax
mov eax, dword [ebp - 0x2c]
or ecx, 0x400000
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0x3c]
lea edx, [esi + 0x480c]
mov eax, dword [ebp - 0x2c]
or ecx, 0x8000000
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaac28:  ; not directly referenced
inc dword [ebp - 0x38]
add edi, 0x13c3
cmp dword [ebp - 0x38], 2
jne loc_fffaab70  ; jne 0xfffaab70

loc_fffaac3b:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaac43:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
movzx esi, dl
push ebx
mov ebx, eax
imul eax, esi, 0x13c3
sub esp, 0x1c
and cl, byte [ebx + eax + 0x381a]
mov edi, ecx
and edi, 0xf
jne short loc_fffaac95  ; jne 0xfffaac95
xor ecx, ecx
mov eax, ebx
lea edx, [esi*4 + 0x4930]
lea esi, [esi*8 + 0x48a8]
call fcn_fffae58c  ; call 0xfffae58c
mov edx, esi
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, esi
and ah, 0xf7
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffaad12  ; jmp 0xfffaad12

loc_fffaac95:  ; not directly referenced
movzx edx, cl
xor eax, eax
xor edi, edi
mov byte [ebp - 0x19], 0
mov dword [ebp - 0x20], edx

loc_fffaaca3:  ; not directly referenced
mov edx, dword [ebp - 0x20]
bt edx, eax
jae short loc_fffaacbb  ; jae 0xfffaacbb
movzx ecx, byte [ebp - 0x19]
mov edx, eax
inc byte [ebp - 0x19]
shl ecx, 2
shl edx, cl
or edi, edx

loc_fffaacbb:  ; not directly referenced
inc eax
cmp eax, 4
jne short loc_fffaaca3  ; jne 0xfffaaca3
mov ecx, edi
mov eax, ebx
lea edx, [esi*4 + 0x4930]
call fcn_fffae58c  ; call 0xfffae58c
mov cl, byte [ebp - 0x19]
lea edi, [esi*8]
lea edx, [edi + 0x48ef]
mov eax, ebx
add edi, 0x48a8
dec ecx
movzx ecx, cl
call fcn_fffae566  ; call 0xfffae566
mov edx, edi
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, edi
mov edi, 1
or ah, 8
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
shl edi, cl

loc_fffaad12:  ; not directly referenced
add esp, 0x1c
mov eax, edi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaad1c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x70
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x50], 0
mov byte [ebp - 0x4c], 0
mov byte [ebp - 0x4b], 0
mov eax, dword [ebx + 0x2443]
mov byte [ebp - 0x4a], 1
mov byte [ebp - 0x49], 0
mov dword [ebp - 0x48], 0
mov edi, eax
mov dword [ebp - 0x68], eax
mov eax, dword [ebx + 0x188b]
push 0
push 0x2c
mov dword [ebp - 0x5c], eax
lea eax, [ebp - 0x44]
push eax
mov eax, edi
mov byte [ebp - 0x52], 0
mov byte [ebp - 0x51], 0
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp byte [ebx + 0x3748], 1
je short loc_fffaad8a  ; je 0xfffaad8a
xor esi, esi
cmp byte [ebx + 0x2407], 1
jne loc_fffaafaa  ; jne 0xfffaafaa

loc_fffaad8a:  ; not directly referenced
push esi
mov eax, ebx
push esi
xor esi, esi
push 0
push 1
lea ecx, [ebp - 0x51]
lea edx, [ebp - 0x52]
mov word [ebp - 0x1a], 1
mov word [ebp - 0x1c], 1
call fcn_fffa81d3  ; call 0xfffa81d3
add esp, 0x10

loc_fffaadae:  ; not directly referenced
imul eax, esi, 0x13c3
cmp dword [ebx + eax + 0x3756], 2
jne loc_fffaae62  ; jne 0xfffaae62
lea eax, [ebp - 0x48]
mov edx, esi
push ecx
push eax
lea eax, [ebp - 0x50]
push eax
lea eax, [ebp - 0x4c]
push eax
lea eax, [ebp - 0x20]
push eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x34]
push eax
mov eax, ebx
push 0
lea ecx, [ebp - 0x44]
call fcn_fffaa5b6  ; call 0xfffaa5b6
xor edx, edx
mov eax, 0x1800
mov ecx, edx
add esp, 0x18
and ecx, 0xfffffc00
or ecx, 2
mov edx, ecx
mov ecx, eax
or ecx, 0x28
push edx
mov eax, ecx
lea ecx, [esi*8 + 0x48a8]
push eax
mov edx, ecx
mov eax, ebx
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10
cmp dword [ebp - 0x5c], 1
lea edx, [esi*4 + 0x4980]
lea eax, [edx + 0x20]
cmove edx, eax
xor ecx, ecx
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
imul edx, esi, 0x28
mov ecx, 0x400000
mov eax, ebx
add edx, 0x4808
call fcn_fffae58c  ; call 0xfffae58c
mov edx, esi
mov ecx, 0x20
shl edx, 0xa
mov eax, ebx
add edx, 0x4200
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaae62:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffaadae  ; jne 0xfffaadae
mov dword [ebp - 0x5c], 0

loc_fffaae73:  ; not directly referenced
movzx eax, byte [ebx + 0x248d]
mov edi, dword [ebp - 0x5c]
bt eax, edi
jb short loc_fffaae92  ; jb 0xfffaae92

loc_fffaae82:  ; not directly referenced
inc dword [ebp - 0x5c]
cmp dword [ebp - 0x5c], 4
jne short loc_fffaae73  ; jne 0xfffaae73
xor esi, esi
jmp near loc_fffaaf5e  ; jmp 0xfffaaf5e

loc_fffaae92:  ; not directly referenced
mov cl, byte [ebp - 0x5c]
mov esi, 1
xor edx, edx
mov eax, ebx
shl esi, cl
mov ecx, esi
call fcn_fffaac43  ; call 0xfffaac43
mov edx, 1
mov ecx, esi
mov edi, eax
mov eax, ebx
call fcn_fffaac43  ; call 0xfffaac43
mov dl, byte [ebp - 0x5c]
mov dword [ebp - 0x60], 0
shr dl, 1
movzx edx, dl
imul edx, edx, 0x128
or eax, edi
movzx eax, al
mov dword [ebp - 0x64], eax
lea edi, [ebx + edx + 0x49ae]
mov dword [ebp - 0x6c], edi

loc_fffaaede:  ; not directly referenced
mov eax, dword [ebp - 0x60]
xor esi, esi
mov edi, dword [ebp - 0x6c]
mov word [ebp - 0x42], ax
mov word [ebp - 0x3a], ax

loc_fffaaeee:  ; not directly referenced
mov eax, dword [ebp - 0x64]
bt eax, esi
jae short loc_fffaaf34  ; jae 0xfffaaf34
mov eax, dword [edi]
lea ecx, [ebp - 0x44]
dec eax
mov word [ebp - 0x38], ax
mov ax, word [edi + 4]
lea edx, [eax - 8]
mov word [ebp - 0x36], dx
shr ax, 3
push edx
movzx eax, ax
push 0
mov edx, esi
push 0
push 0
push 0
mov dword [ebp - 0x28], eax
lea eax, [ebp - 0x30]
push eax
push 0
lea eax, [ebp - 0x3c]
push eax
mov eax, ebx
call fcn_fffaa5b6  ; call 0xfffaa5b6
add esp, 0x20

loc_fffaaf34:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffaaeee  ; jne 0xfffaaeee
mov edx, dword [ebp - 0x64]
mov eax, ebx
call fcn_fffae670  ; call 0xfffae670
mov esi, eax
test eax, eax
jne short loc_fffaaf5e  ; jne 0xfffaaf5e
inc dword [ebp - 0x60]
cmp dword [ebp - 0x60], 8
jne short loc_fffaaede  ; jne 0xfffaaede
jmp near loc_fffaae82  ; jmp 0xfffaae82

loc_fffaaf5e:  ; not directly referenced
cmp dword [ebx + 0x3756], 2
jne short loc_fffaaf78  ; jne 0xfffaaf78
mov ecx, 0x3000
mov edx, 0x48a8
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaaf78:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffaaf92  ; jne 0xfffaaf92
mov ecx, 0x3000
mov edx, 0x48b0
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaaf92:  ; not directly referenced
test esi, esi
je short loc_fffaafaa  ; je 0xfffaafaa
push eax
push eax
mov eax, dword [ebp - 0x68]
push 0xdddc
push ebx
call dword [eax + 0x94]  ; ucall
add esp, 0x10

loc_fffaafaa:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaafb4:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
xor edx, edx
pop ebp
ret

fcn_fffaafbd:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
ret

fcn_fffaafc2:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 8]
in eax, dx
pop ebp
ret

fcn_fffaafcb:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffaafc2  ; jmp 0xfffaafc2

fcn_fffaafda:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
out dx, eax
pop ebp
ret

fcn_fffaafe6:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffaafda  ; jmp 0xfffaafda

fcn_fffaaffb:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov dl, al
mov cl, al
sar dl, 7
and eax, 0x7f
sar cl, 7
and edx, 2
and ecx, 2
add edx, 0x74
add ecx, 0x75
movzx edx, dl
out dx, al
movzx edx, cl
in al, dx
pop ebp
ret

fcn_fffab024:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
in al, dx
pop ebp
ret

fcn_fffab02d:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov eax, dword [ebp + 0x18]
out dx, al
pop ebp
ret

fcn_fffab039:  ; not directly referenced
push ebp
mov edx, 0x186a0
mov ebp, esp
xor eax, eax
push ebx
sub esp, 0x10

loc_fffab047:  ; not directly referenced
test eax, eax
sete bl
test edx, edx
setne cl
test bl, cl
je short loc_fffab064  ; je 0xfffab064
clc

loc_fffab056:  ; not directly referenced
rdrand eax
mov dword [ebp - 8], eax
jae short loc_fffab056  ; jae 0xfffab056
mov eax, dword [ebp - 8]
dec edx
jmp short loc_fffab047  ; jmp 0xfffab047

loc_fffab064:  ; not directly referenced
add esp, 0x10
pop ebx
pop ebp
ret

fcn_fffab06a:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
ret

fcn_fffab06f:  ; not directly referenced
push ebp
mov ebp, esp
push eax
mov eax, 0x1000
in al, 0x99
pop eax
pop ebp
ret

fcn_fffab07d:
mov edx, dword [0xff7d026c]
xor eax, eax
push ebp
mov ebp, esp
push edi
push esi
push ebx
imul ebx, edx, 0xc

loc_fffab08e:
cmp edx, 0x13
ja short loc_fffab0be  ; ja 0xfffab0be
mov esi, dword [ebp + 0xc]
inc edx
mov ecx, 3
mov dword [0xff7d026c], edx
lea edi, [ebx + eax - 0x82fe84]
add esi, eax
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [ebp + 0xc]
mov ecx, dword [edi + eax]
add eax, 0xc
test ecx, ecx
jns short loc_fffab08e  ; jns 0xfffab08e
xor eax, eax
jmp short loc_fffab0c3  ; jmp 0xfffab0c3

loc_fffab0be:
mov eax, 0x80000009

loc_fffab0c3:
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffab0c8:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2984  ; jmp 0xfffd2984

fcn_fffab0d1:
push ebp
mov ebp, esp
mov edx, dword [ebp + 0xc]
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]
test edx, edx
je short loc_fffab0ed  ; je 0xfffab0ed
movzx ecx, cl
mov dword [ebp + 0x10], ecx
pop ebp
jmp near loc_fffd2932  ; jmp 0xfffd2932

loc_fffab0ed:
pop ebp
ret

fcn_fffab0ef:
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd2917  ; jmp 0xfffd2917

fcn_fffab0f8:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd28fc  ; jmp 0xfffd28fc

fcn_fffab101:
push ebp
mov ebp, esp
mov ecx, dword [ebp + 0x10]
mov eax, dword [ebp + 8]
mov edx, dword [ebp + 0xc]
test ecx, ecx
je short loc_fffab11b  ; je 0xfffab11b
cmp eax, edx
je short loc_fffab11b  ; je 0xfffab11b
pop ebp
jmp near loc_fffd2836  ; jmp 0xfffd2836

loc_fffab11b:
pop ebp
ret

fcn_fffab11d:  ; not directly referenced
push ebp
mov ebp, esp
pop ebp
jmp near fcn_fffab101  ; jmp 0xfffab101

fcn_fffab126:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x68], 0
mov dword [ebp - 0x4c], 0
mov dword [ebp - 0x60], 0
mov eax, dword [ebx + 0x2480]
mov dword [ebp - 0x58], eax
mov eax, dword [ebx + 0x1887]
mov dword [ebp - 0x6c], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x5c], eax
lea eax, [ebx + 0x3756]
mov dword [ebp - 0x50], eax
mov eax, dword [ebx + 0x5edc]
lea esi, [eax + 0x1c]

loc_fffab174:  ; not directly referenced
mov eax, dword [ebp - 0x50]
cmp dword [eax], 2
jne loc_fffab348  ; jne 0xfffab348
cmp dword [ebp - 0x5c], 1
jne short loc_fffab1b7  ; jne 0xfffab1b7
mov dl, byte [esi + 3]
mov ecx, 0xff
mov al, dl
and edx, 0xffffffbf
mov byte [esi + 3], dl
mov edx, dword [ebp - 0x4c]
shr al, 6
and eax, 1
mov byte [esi + 0xcb], al
mov eax, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [esi]
mov edx, eax
mov eax, ebx
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffab1b7:  ; not directly referenced
cmp dword [ebp - 0x58], 3
je loc_fffab30b  ; je 0xfffab30b
mov eax, dword [ebp - 0x50]
mov dword [ebp - 0x54], 0
mov dword [ebp - 0x64], eax

loc_fffab1ce:  ; not directly referenced
mov ecx, dword [ebp - 0x54]
mov eax, 1
mov dl, cl
shl eax, cl
mov ecx, dword [ebp - 0x50]
test byte [ecx + 0xc4], al
jne short loc_fffab1f7  ; jne 0xfffab1f7

loc_fffab1e5:  ; not directly referenced
inc dword [ebp - 0x54]
add dword [ebp - 0x64], 9
cmp dword [ebp - 0x54], 4
jne short loc_fffab1ce  ; jne 0xfffab1ce
jmp near loc_fffab27c  ; jmp 0xfffab27c

loc_fffab1f7:  ; not directly referenced
cmp dword [ebp - 0x58], 2
sete cl
cmp dword [ebp - 0x6c], 0x306d0
sete al
test cl, al
je short loc_fffab1e5  ; je 0xfffab1e5
mov eax, edx
shr dl, 1
and eax, 1
movzx edx, dl
imul eax, eax, 0x18
imul edx, edx, 0x128
add edx, eax
mov eax, dword [ebp - 0x50]
test word [eax + edx + 0x126f], 0x600
je short loc_fffab1e5  ; je 0xfffab1e5
xor edi, edi

loc_fffab232:  ; not directly referenced
mov eax, dword [ebp - 0x64]
mov edx, dword [ebp - 0x4c]
mov byte [eax + edi + 0x24d], 0x3f
mov eax, ebx
push ecx
mov ecx, dword [ebp - 0x54]
push 0x3f
push 2
push edi
call fcn_fffa73b0  ; call 0xfffa73b0
mov ecx, edi
mov eax, ebx
or byte [esi + edi*4 + 0x2a], 0x80
mov edx, dword [ebp - 0x4c]
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [esi + edi*4 + 0x28]
inc edi
mov edx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10
cmp edi, 9
jne short loc_fffab232  ; jne 0xfffab232
jmp near loc_fffab1e5  ; jmp 0xfffab1e5

loc_fffab27c:  ; not directly referenced
cmp dword [ebp - 0x5c], 1
jne loc_fffab30b  ; jne 0xfffab30b
cmp dword [ebp - 0x68], 0
jne short loc_fffab30b  ; jne 0xfffab30b
mov eax, dword [esi + 0x28]
mov edx, 0x3a28
mov edi, eax
mov dword [ebp - 0x68], eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, edi
mov edx, edi
shr ecx, 0x15
and ecx, 1
shr edx, 0x15
and edx, 2
and eax, 0xfffffffc
or eax, ecx
or eax, edx
mov edx, edi
mov edi, dword [ebp - 0x60]
shr edx, 9
and eax, 0xff01ffff
and edx, 0xe0000
or eax, edx
mov edx, 0x3a28
or eax, 0x800000
cmp dword [ebp - 0x58], 2
mov ecx, eax
cmove edi, dword [ebp - 0x5c]
mov eax, ebx
mov dword [ebp - 0x60], edi
call fcn_fffae58c  ; call 0xfffae58c
test edi, edi
je short loc_fffab30b  ; je 0xfffab30b
mov edx, 0x5f09
mov eax, ebx
mov ecx, 1
call fcn_fffae566  ; call 0xfffae566
mov edx, 0x96
mov eax, ebx
call fcn_fffa834b  ; call 0xfffa834b

loc_fffab30b:  ; not directly referenced
cmp byte [ebx + 0x3748], 1
jne short loc_fffab348  ; jne 0xfffab348
mov eax, dword [ebp - 0x4c]
lea edi, [eax*4 + 0x5004]
mov eax, ebx
mov edx, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, edi
and eax, 0xfcffffff
or eax, 0x1000000
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x3c
mov eax, ebx
call fcn_fffa834b  ; call 0xfffa834b

loc_fffab348:  ; not directly referenced
inc dword [ebp - 0x4c]
add esi, 0xcc
add dword [ebp - 0x50], 0x13c3
cmp dword [ebp - 0x4c], 2
jne loc_fffab174  ; jne 0xfffab174
lea edi, [ebp - 0x3c]
mov esi, ref_fffd3570  ; mov esi, 0xfffd3570
mov ecx, 9
mov eax, ebx
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x48]
mov esi, ref_fffd3594  ; mov esi, 0xfffd3594
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov ecx, 0x1010101
mov esi, 8
push edx
push edx
xor edx, edx
push 0
push 8
call fcn_fffa7fde  ; call 0xfffa7fde
lea edi, [ebp - 0x3c]
add esp, 0x10

loc_fffab39c:  ; not directly referenced
push eax
mov ecx, 0x41041041
push eax
mov eax, ebx
push esi
add esi, 6
push 6
mov edx, dword [edi]
add edi, 4
call fcn_fffa7fde  ; call 0xfffa7fde
add esp, 0x10
cmp esi, 0x3e
jne short loc_fffab39c  ; jne 0xfffab39c
lea edx, [ebp - 0x48]
mov eax, ebx
call fcn_fffa665e  ; call 0xfffa665e
cmp dword [ebx + 0x3756], 2
jne short loc_fffab3e1  ; jne 0xfffab3e1
mov ecx, 0xa010102
mov edx, 0x4078
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffab3e1:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffab3fb  ; jne 0xfffab3fb
mov ecx, 0xa010102
mov edx, 0x4478
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffab3fb:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffab405:
push ebp
mov eax, dword [0xff7d0000]
mov ebp, esp
pop ebp
ret

fcn_fffab40f:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffab405  ; call 0xfffab405
sub esp, 0xc
mov edx, dword [eax]
push dword [ebp + 0x14]
push 0
push dword [ebp + 0xc]
push dword [ebp + 8]
push eax
call dword [edx + 0x20]  ; ucall
leave
ret

fcn_fffab430:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
mov ebx, edx
sub esp, 0x2c
mov esi, dword [ebp + 0xc]
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd662c  ; push 0xfffd662c
mov dword [ebp - 0x2c], ecx
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0xc
mov edx, dword [ebp - 0x1c]
push dword [ebp + 8]
mov ecx, ebx
lea eax, [ebp - 0x2c]
shr ecx, 1
and ecx, 0x7f
push eax
mov eax, ebx
shr eax, 0x16
movzx ebx, bh
and eax, 1
push eax
push edi
push ebx
push ecx
push edx
call dword [edx]  ; ucall
add esp, 0x20
test esi, esi
je short loc_fffab484  ; je 0xfffab484
mov dword [esi], eax

loc_fffab484:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffab48f:  ; not directly referenced
push ebp
mov ecx, 1
mov ebp, esp
sub esp, 0x20
push dword [ebp + 0xc]
mov edx, dword [ebp + 8]
lea eax, [ebp - 9]
push eax
mov eax, 4
call fcn_fffab430  ; call 0xfffab430
mov al, byte [ebp - 9]
leave
ret

fcn_fffab4b3:  ; not directly referenced
push ebp
mov ecx, 1
mov ebp, esp
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0xc]
push dword [ebp + 0x10]
mov edx, dword [ebp + 8]
lea eax, [ebp - 9]
mov byte [ebp - 9], bl
push eax
mov eax, 5
call fcn_fffab430  ; call 0xfffab430
mov al, bl
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffab4e0:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
sub esp, 0x20
push dword [ebp + 0xc]
mov edx, dword [ebp + 8]
lea eax, [ebp - 0xa]
push eax
mov eax, 6
call fcn_fffab430  ; call 0xfffab430
mov ax, word [ebp - 0xa]
leave
ret

fcn_fffab505:
push ebp
mov ebp, esp
push ebx
mov ebx, edx
sub esp, 0x14
mov dword [edx + 4], eax
lea eax, [ebp - 0xc]
mov dword [edx], 0x626d7370
push eax
push 0
push 0
push ref_fffd6584  ; push 0xfffd6584
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [ebp - 0xc]
add esp, 0x10
movzx edx, word [eax + 0x388]
add eax, 0x38e
mov dword [ebx + 8], edx
mov dl, byte [eax - 1]
mov dword [ebx + 0xce], eax
lea eax, [ebx + 0x18]
mov dword [ebx + 0xc], 0x80000010
mov dword [ebx + 0x10], ref_fffd662c  ; mov dword [ebx + 0x10], 0xfffd662c
mov byte [ebx + 0xcd], dl
mov dword [ebx + 0x14], eax
mov dword [ebx + 0x18], fcn_fffb51f9  ; mov dword [ebx + 0x18], 0xfffb51f9
mov dword [ebx + 0x1c], fcn_fffa5b5e  ; mov dword [ebx + 0x1c], 0xfffa5b5e
mov dword [ebx + 0x20], fcn_fffa5b54  ; mov dword [ebx + 0x20], 0xfffa5b54
mov dword [ebx + 0x24], fcn_fffa5b4a  ; mov dword [ebx + 0x24], 0xfffa5b4a
mov dword [ebx + 0x38], 0x80000020
mov dword [ebx + 0x3c], ref_fffd65b0  ; mov dword [ebx + 0x3c], 0xfffd65b0
mov dword [ebx + 0x40], fcn_fffab5a2  ; mov dword [ebx + 0x40], 0xfffab5a2
mov byte [ebx + 0x44], 0
mov byte [ebx + 0xd2], 0
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffab5a2:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 0xc]
lea edx, [eax - 0x38]
mov eax, dword [ebp + 8]
call fcn_fffab505  ; call 0xfffab505
xor eax, eax
leave
ret

fcn_fffab5ba:
push ebp
mov ebp, esp
push ebx
push eax
mov ebx, dword [ebp + 0xc]
call fcn_fffab405  ; call 0xfffab405
movzx ebx, bx
mov edx, dword [eax]
push dword [ebp + 0x10]
push ebx
push 4
push eax
call dword [edx + 0x34]  ; ucall
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffab5db:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffab405  ; call 0xfffab405
push edx
push edx
mov edx, dword [eax]
push dword [ebp + 8]
push eax
call dword [edx + 0x18]  ; ucall
leave
ret

fcn_fffab5f3:
push ebp
mov ebp, esp
sub esp, 0x18
call fcn_fffab405  ; call 0xfffab405
lea ecx, [ebp - 0xc]
push edx
push edx
mov edx, dword [eax]
push ecx
push eax
call dword [edx + 0x30]  ; ucall
mov eax, dword [ebp - 0xc]
leave
ret

fcn_fffab60f:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffab405  ; call 0xfffab405
push edx
mov edx, dword [eax]
push dword [ebp + 0xc]
push dword [ebp + 8]
push eax
call dword [edx + 0x4c]  ; ucall
leave
ret

fcn_fffab629:  ; not directly referenced
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 0xc]
push ebx
mov ebx, dword [ebp + 8]
push ebx
call fcn_fffaafc2  ; call 0xfffaafc2
mov dword [ebp + 8], ebx
pop edx
or eax, esi
mov dword [ebp + 0xc], eax
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
jmp near fcn_fffaafda  ; jmp 0xfffaafda

fcn_fffab64e:  ; not directly referenced
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 0xc]
push ebx
mov ebx, dword [ebp + 8]
push ebx
call fcn_fffaafc2  ; call 0xfffaafc2
mov dword [ebp + 8], ebx
pop edx
and eax, esi
mov dword [ebp + 0xc], eax
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
jmp near fcn_fffaafda  ; jmp 0xfffaafda

fcn_fffab673:
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, ecx
sub esp, 0x4c
mov edi, dword [ebp + 0xc]
lea ecx, [ecx + 0x186e]
mov dword [ebp - 0x3c], ecx
mov dword [ebp - 0x44], edx
mov edx, dword [ebp + 0x10]
mov ecx, dword [edi + 0x1e]
mov esi, dword [edi + 9]
mov dword [ebx + 0x18bd], 0x102
mov dword [ebx + 0x1877], 2
mov dword [ebp - 0x40], ecx
mov ecx, dword [ebx + 0x2443]
mov dword [ebx + 0x18b9], esi
mov byte [ebx + 0x1876], 0
mov dword [ebx + 0x18a3], 0
mov dword [ebp - 0x30], ecx
mov cl, byte [esi + 0xf2]
mov byte [ebx + 0x2407], cl
mov ecx, dword [esi + 4]
cmp ecx, 2
je short loc_fffab6eb  ; je 0xfffab6eb
cmp ecx, 3
je short loc_fffab6f8  ; je 0xfffab6f8
dec ecx
jne short loc_fffab73a  ; jne 0xfffab73a
jmp short loc_fffab70c  ; jmp 0xfffab70c

loc_fffab6eb:
cmp eax, 4
setne al
movzx eax, al
add eax, eax
jmp short loc_fffab704  ; jmp 0xfffab704

loc_fffab6f8:
cmp eax, 4
setne al
movzx eax, al
lea eax, [eax + eax*2]

loc_fffab704:
mov dword [ebx + 0x18a7], eax
jmp short loc_fffab744  ; jmp 0xfffab744

loc_fffab70c:
cmp eax, 4
je short loc_fffab73a  ; je 0xfffab73a
mov dword [ebx + 0x18a7], 1
movzx eax, byte [esi + 0x53]
mov dword [ebx + 0x1877], eax
mov al, byte [esi + 0x54]
mov byte [ebx + 0x1876], al
movzx eax, word [esi + 0x4c]
mov dword [ebx + 0x18a3], eax
jmp short loc_fffab744  ; jmp 0xfffab744

loc_fffab73a:
mov dword [ebx + 0x18a7], 0

loc_fffab744:
mov eax, dword [edi + 1]
mov eax, dword [eax + 4]
mov dword [ebx + 0x18c5], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x10]
mov dword [ebx + 0x18c1], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x14]
mov dword [ebx + 0x18c9], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x18]
mov dword [ebx + 0x18d1], 0xfed00000
mov dword [ebx + 0x18cd], eax
mov eax, dword [edi + 5]
movzx eax, word [eax]
mov dword [ebx + 0x18d9], eax
movzx eax, word [esi + 1]
mov dword [ebx + 0x1872], eax
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x1c]
shr eax, 0x14
cmp edx, 0x40650
sete cl
cmp edx, 0x306c0
mov dword [ebx + 0x18dd], eax
sete al
or cl, al
mov eax, dword [edi + 5]
jne short loc_fffab7c4  ; jne 0xfffab7c4
cmp edx, 0x40660
jne short loc_fffab7ca  ; jne 0xfffab7ca

loc_fffab7c4:
movzx eax, word [eax + 2]
jmp short loc_fffab7d5  ; jmp 0xfffab7d5

loc_fffab7ca:
movzx ecx, word [eax + 2]
mov eax, 1
shl eax, cl

loc_fffab7d5:
mov dword [ebx + 0x1893], eax
mov eax, dword [edi + 5]
movzx eax, byte [eax + 4]
mov byte [ebx + 0x18b3], 0
shl eax, 5
mov dword [ebx + 0x188f], eax
push eax
push eax
lea eax, [ebx + 0x189c]
push eax
lea eax, [ebx + 0x189b]
push eax
lea eax, [ebx + 0x189a]
push eax
lea eax, [ebx + 0x1899]
push eax
lea eax, [ebx + 0x1898]
push eax
lea eax, [ebx + 0x1897]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x50]  ; ucall
mov eax, dword [edi + 1]
movzx eax, byte [eax + 0x20]
mov dword [ebx + 0x187f], eax
mov eax, dword [edi + 9]
mov al, byte [eax + 0xc6]
mov byte [ebx + 0x18b0], al
mov eax, dword [esi + 0x4e]
mov word [ebx + 0x1902], 0x3e8
mov word [ebx + 0x1904], 0x3e8
mov byte [ebx + 0x18b2], 0
mov dword [ebx + 0x18ee], eax
mov al, byte [esi + 0x2e]
mov byte [ebx + 0x2442], 0
mov byte [ebx + 0x18b5], al
mov al, byte [esi + 0x2f]
mov byte [ebx + 0x23ff], al
mov al, byte [esi + 0x30]
mov byte [ebx + 0x2400], al
mov al, byte [esi + 0x31]
mov byte [ebx + 0x2401], al
mov al, byte [esi + 0x6b]
mov byte [ebx + 0x2402], al
mov al, byte [ebx + 0x2403]
mov dl, byte [esi + 0x32]
and eax, 0xfffffffe
and edx, 1
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x33]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x34]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x35]
and eax, 0xfffffff7
and edx, 1
shl edx, 3
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x36]
and eax, 0xffffffef
and edx, 1
shl edx, 4
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x37]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x38]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [ebx + 0x2403], al
mov dl, byte [esi + 0x39]
and eax, 0x7f
shl edx, 7
or eax, edx
mov byte [ebx + 0x2403], al
mov al, byte [ebx + 0x2404]
mov dl, byte [esi + 0x3a]
and edx, 1
and eax, 0xfffffffe
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3b]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3c]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3e]
and eax, 0xffffffef
and edx, 1
shl edx, 4
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x3f]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x40]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [ebx + 0x2404], al
mov dl, byte [esi + 0x41]
and eax, 0x7f
shl edx, 7
or eax, edx
mov byte [ebx + 0x2404], al
mov al, byte [ebx + 0x2405]
mov dl, byte [esi + 0x42]
and eax, 0xfffffffe
and edx, 1
or eax, edx
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x43]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x44]
and edx, 1
shl edx, 3
and eax, 0xfffffff7
or eax, edx
add esp, 0x20
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x47]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [ebx + 0x2405], al
mov dl, byte [esi + 0x48]
and eax, 0x7f
shl edx, 7
or eax, edx
mov byte [ebx + 0x2405], al
mov al, byte [ebx + 0x2406]
mov dl, byte [esi + 0x49]
and eax, 0xfffffffe
and edx, 1
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x4a]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x4b]
and eax, 0xfffffffb
and edx, 1
shl edx, 2
or eax, edx
mov byte [ebx + 0x2406], al
cmp byte [edi], 1
jbe short loc_fffabaa2  ; jbe 0xfffabaa2
mov dl, byte [esi + 0x58]
and eax, 0xfffffff7
and edx, 1
shl edx, 3
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x59]
and eax, 0xffffffef
and edx, 1
shl edx, 4
or eax, edx
mov byte [ebx + 0x2406], al
mov dl, byte [esi + 0x5a]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
jmp short loc_fffabaa8  ; jmp 0xfffabaa8

loc_fffabaa2:
and eax, 0xffffffe7
or eax, 0x20

loc_fffabaa8:
mov byte [ebx + 0x2406], al
mov al, byte [ebx + 0x2405]
cmp byte [edi], 3
jbe short loc_fffabb0d  ; jbe 0xfffabb0d
mov dl, byte [esi + 0x5c]
and eax, 0xfffffffd
and edx, 1
add edx, edx
or eax, edx
mov byte [ebx + 0x2405], al
mov al, byte [esi + 0x5d]
mov byte [ebx + 0x1906], al
mov al, byte [esi + 0x5e]
mov byte [ebx + 0x1907], al
mov al, byte [esi + 0x5f]
mov byte [ebx + 0x1908], al
mov al, byte [esi + 0x60]
mov byte [ebx + 0x1909], al
mov al, byte [esi + 0x61]
mov byte [ebx + 0x190a], al
mov al, byte [esi + 0x62]
mov byte [ebx + 0x190b], al
mov al, byte [esi + 0x63]
mov byte [ebx + 0x190c], al
jmp short loc_fffabb47  ; jmp 0xfffabb47

loc_fffabb0d:
or eax, 2
mov byte [ebx + 0x2405], al
mov byte [ebx + 0x1906], 0xff
mov byte [ebx + 0x1907], 0x40
mov byte [ebx + 0x1908], 1
mov byte [ebx + 0x1909], 1
mov byte [ebx + 0x190a], 0
mov byte [ebx + 0x190b], 7
mov byte [ebx + 0x190c], 0

loc_fffabb47:
cmp byte [edi], 4
jbe short loc_fffabb72  ; jbe 0xfffabb72
mov eax, dword [esi + 0x64]
mov edx, 0x5f5e100
cmp eax, 0x55d4a7f
jbe short loc_fffabb6a  ; jbe 0xfffabb6a
mov ecx, 0xf4240
xor edx, edx
div ecx
imul edx, eax, 0xf4240

loc_fffabb6a:
mov dword [ebx + 0x187b], edx
jmp short loc_fffabb7c  ; jmp 0xfffabb7c

loc_fffabb72:
mov dword [ebx + 0x187b], 0x5f5e100

loc_fffabb7c:
cmp byte [edi], 5
mov dl, byte [ebx + 0x2406]
jbe short loc_fffabb97  ; jbe 0xfffabb97
mov al, byte [esi + 0x6a]
and edx, 0xffffffbf
and eax, 1
shl eax, 6
or edx, eax
jmp short loc_fffabb9a  ; jmp 0xfffabb9a

loc_fffabb97:
or edx, 0x40

loc_fffabb9a:
mov byte [ebx + 0x2406], dl
cmp byte [edi], 8
jbe short loc_fffabbd3  ; jbe 0xfffabbd3
mov eax, dword [edi + 1]
mov eax, dword [eax + 0x2b]
shr eax, 0x14
mov dword [ebx + 0x18e1], eax
mov al, byte [esi + 0x6d]
mov byte [ebx + 0x1917], al
mov ax, word [esi + 0x6e]
mov word [ebx + 0x1918], ax
mov al, byte [esi + 0x70]
mov byte [ebx + 0x191a], al
jmp short loc_fffabbf4  ; jmp 0xfffabbf4

loc_fffabbd3:
mov dword [ebx + 0x18e1], 4
mov byte [ebx + 0x1917], 2
mov word [ebx + 0x1918], 0x30ce
mov byte [ebx + 0x191a], 1

loc_fffabbf4:
cmp byte [edi], 9
jbe loc_fffabef9  ; jbe 0xfffabef9
mov al, byte [esi + 0x71]
mov byte [ebx + 0x1923], al
mov al, byte [esi + 0x72]
mov byte [ebx + 0x1924], al
mov al, byte [esi + 0x73]
mov byte [ebx + 0x1925], al
mov al, byte [esi + 0x74]
mov byte [ebx + 0x1926], al
mov eax, dword [ebx + 0x1887]
cmp eax, 0x40650
je short loc_fffabc37  ; je 0xfffabc37
cmp dword [ebx + 0x188b], 1
jne short loc_fffabc40  ; jne 0xfffabc40

loc_fffabc37:
mov dl, byte [esi + 0x75]
mov byte [ebx + 0x1927], dl

loc_fffabc40:
mov dl, byte [esi + 0x76]
mov byte [ebx + 0x1928], dl
mov dl, byte [esi + 0x77]
mov byte [ebx + 0x1929], dl
mov dl, byte [esi + 0x78]
mov byte [ebx + 0x192a], dl
mov dl, byte [esi + 0x79]
mov byte [ebx + 0x192b], dl
mov dl, byte [esi + 0x7a]
mov byte [ebx + 0x192c], dl
mov dl, byte [esi + 0x7b]
mov byte [ebx + 0x192e], dl
mov dl, byte [esi + 0x7c]
mov byte [ebx + 0x192d], dl
mov dl, byte [esi + 0x7d]
mov byte [ebx + 0x192f], dl
mov dl, byte [esi + 0x7e]
mov byte [ebx + 0x1930], dl
mov dl, byte [esi + 0x7f]
mov byte [ebx + 0x1931], dl
mov dl, byte [esi + 0x80]
mov byte [ebx + 0x1932], dl
mov dx, word [esi + 0x81]
mov word [ebx + 0x1933], dx
mov dl, byte [esi + 0x83]
mov byte [ebx + 0x1935], dl
mov dl, byte [esi + 0x84]
mov byte [ebx + 0x1936], dl
mov dl, byte [esi + 0x85]
mov byte [ebx + 0x1937], dl
mov dx, word [esi + 0x86]
mov word [ebx + 0x1938], dx
mov dl, byte [esi + 0x88]
mov byte [ebx + 0x193a], dl
mov dl, byte [esi + 0x89]
mov byte [ebx + 0x193b], dl
mov dl, byte [esi + 0x8a]
mov byte [ebx + 0x193c], dl
mov dl, byte [esi + 0x8b]
mov byte [ebx + 0x193d], dl
mov dl, byte [esi + 0x8c]
mov byte [ebx + 0x193e], dl
mov dl, byte [esi + 0x8d]
mov byte [ebx + 0x193f], dl
mov dl, byte [esi + 0x8e]
mov byte [ebx + 0x1940], dl
mov dl, byte [esi + 0x8f]
mov byte [ebx + 0x1941], dl
mov dl, byte [esi + 0x90]
mov byte [ebx + 0x1942], dl
mov dl, byte [esi + 0x91]
mov byte [ebx + 0x1943], dl
mov dl, byte [esi + 0x92]
mov byte [ebx + 0x1944], dl
mov dl, byte [esi + 0x93]
mov byte [ebx + 0x1945], dl
mov dl, byte [esi + 0x94]
mov byte [ebx + 0x1946], dl
mov dl, byte [esi + 0x95]
mov byte [ebx + 0x1947], dl
mov dl, byte [esi + 0x96]
mov byte [ebx + 0x1948], dl
mov dl, byte [esi + 0x97]
mov byte [ebx + 0x1949], dl
mov dl, byte [esi + 0x98]
mov byte [ebx + 0x194b], dl
mov dl, byte [esi + 0x99]
mov byte [ebx + 0x194a], dl
mov dl, byte [esi + 0xa2]
mov byte [ebx + 0x194d], dl
mov dl, byte [esi + 0xa3]
mov byte [ebx + 0x194c], dl
mov dl, byte [esi + 0x9a]
mov byte [ebx + 0x194f], dl
mov dl, byte [esi + 0x9b]
mov byte [ebx + 0x194e], dl
mov dl, byte [esi + 0xa4]
mov byte [ebx + 0x1951], dl
mov dl, byte [esi + 0xa5]
mov byte [ebx + 0x1950], dl
mov dl, byte [esi + 0x9c]
mov byte [ebx + 0x1953], dl
mov dl, byte [esi + 0x9d]
mov byte [ebx + 0x1952], dl
mov dl, byte [esi + 0xa6]
mov byte [ebx + 0x1955], dl
mov dl, byte [esi + 0xa7]
mov byte [ebx + 0x1954], dl
mov dl, byte [esi + 0x9e]
mov byte [ebx + 0x1957], dl
mov dl, byte [esi + 0x9f]
mov byte [ebx + 0x1956], dl
mov dl, byte [esi + 0xa8]
mov byte [ebx + 0x1959], dl
mov dl, byte [esi + 0xa9]
mov byte [ebx + 0x1958], dl
mov dl, byte [esi + 0xa0]
mov byte [ebx + 0x195b], dl
mov dl, byte [esi + 0xa1]
mov byte [ebx + 0x195a], dl
mov dl, byte [esi + 0xaa]
mov byte [ebx + 0x195d], dl
mov dl, byte [esi + 0xab]
mov byte [ebx + 0x195c], dl
mov dl, byte [esi + 0xac]
mov byte [ebx + 0x195e], dl
mov dx, word [esi + 0xad]
mov word [ebx + 0x195f], dx
mov dl, byte [esi + 0xaf]
mov byte [ebx + 0x1961], dl
mov dl, byte [esi + 0xb0]
mov byte [ebx + 0x1962], dl
cmp eax, 0x40650
je short loc_fffabedc  ; je 0xfffabedc
cmp dword [ebx + 0x188b], 1
jne loc_fffac030  ; jne 0xfffac030

loc_fffabedc:
mov al, byte [esi + 0xb1]
mov byte [ebx + 0x1963], al
mov al, byte [esi + 0xb2]
mov byte [ebx + 0x1964], al
jmp near loc_fffac030  ; jmp 0xfffac030

loc_fffabef9:
mov ecx, dword [ebx + 0x1887]
mov byte [ebx + 0x1923], 0
mov byte [ebx + 0x1924], 0
mov byte [ebx + 0x1925], 0
mov byte [ebx + 0x1926], 1
cmp ecx, 0x40650
je short loc_fffabf2c  ; je 0xfffabf2c
cmp dword [ebx + 0x188b], 1
jne short loc_fffabf33  ; jne 0xfffabf33

loc_fffabf2c:
mov byte [ebx + 0x1927], 0

loc_fffabf33:
mov byte [ebx + 0x1928], 0
lea eax, [ebx + 0x193a]
xor edx, edx
mov byte [ebx + 0x1929], 1
mov byte [ebx + 0x192a], 0
mov byte [ebx + 0x192c], 3
mov byte [ebx + 0x192f], 0
mov byte [ebx + 0x1930], 0
mov byte [ebx + 0x1931], 0
mov byte [ebx + 0x1932], 0
mov word [ebx + 0x1933], 0
mov byte [ebx + 0x1935], 0
mov byte [ebx + 0x1936], 0
mov byte [ebx + 0x1937], 0
mov word [ebx + 0x1938], 0

loc_fffabf9a:
mov byte [ebx + edx + 0x192d], 0
inc edx
add eax, 2
mov byte [eax - 2], 0xff
mov byte [eax + 2], 0xff
mov byte [eax + 6], 0xff
mov byte [eax + 0xa], 0xff
mov byte [eax + 0xe], 0
mov byte [eax + 0x12], 0
mov byte [eax + 0x16], 0
mov byte [eax + 0x1a], 0
mov byte [eax + 0x1e], 0
mov byte [eax - 1], 0xff
mov byte [eax + 3], 0xff
mov byte [eax + 7], 0xff
mov byte [eax + 0xb], 0xff
mov byte [eax + 0xf], 0
mov byte [eax + 0x13], 0
mov byte [eax + 0x17], 0
mov byte [eax + 0x1b], 0
mov byte [eax + 0x1f], 0
cmp edx, 2
jne short loc_fffabf9a  ; jne 0xfffabf9a
mov byte [ebx + 0x195e], 1
mov word [ebx + 0x195f], 0x200
mov byte [ebx + 0x1961], 0
mov byte [ebx + 0x1962], 0x30
cmp ecx, 0x40650
je short loc_fffac022  ; je 0xfffac022
cmp dword [ebx + 0x188b], 1
jne short loc_fffac030  ; jne 0xfffac030

loc_fffac022:
mov byte [ebx + 0x1963], 1
mov byte [ebx + 0x1964], 0x40

loc_fffac030:
cmp byte [edi], 0xa
jbe short loc_fffac05b  ; jbe 0xfffac05b
mov al, byte [esi + 0xc2]
mov byte [ebx + 0x18b7], al
mov al, byte [esi + 0xc3]
mov byte [ebx + 0x18b8], al
mov al, byte [esi + 0xc4]
mov byte [ebx + 0x2411], al
jmp short loc_fffac070  ; jmp 0xfffac070

loc_fffac05b:
mov byte [ebx + 0x18b7], 1
mov byte [ebx + 0x18b8], 1
mov byte [ebx + 0x2411], 0

loc_fffac070:
cmp byte [edi], 0xb
mov al, byte [ebx + 0x2404]
jbe short loc_fffac08e  ; jbe 0xfffac08e
mov dl, byte [esi + 0xc5]
and eax, 0xfffffff7
and edx, 1
shl edx, 3
or eax, edx
jmp short loc_fffac091  ; jmp 0xfffac091

loc_fffac08e:
or eax, 8

loc_fffac091:
mov byte [ebx + 0x2404], al
mov cl, byte [ebx + 0x2405]
cmp byte [edi], 0xe
jbe loc_fffac149  ; jbe 0xfffac149
mov al, byte [esi + 0xf3]
and ecx, 0xffffffef
mov dl, cl
xor ecx, ecx
mov byte [ebx + 0x1965], al
mov al, byte [esi + 0xce]
and eax, 1
shl eax, 4
or edx, eax
mov byte [ebx + 0x2405], dl
mov al, byte [esi + 0xcf]
mov byte [ebx + 0x190d], al
mov al, byte [esi + 0xd1]
mov byte [ebx + 0x2420], al

loc_fffac0e5:
mov eax, dword [esi + ecx + 0xd2]
mov edx, dword [esi + ecx + 0xd6]
mov dword [ebx + ecx + 0x2421], eax
mov dword [ebx + ecx + 0x2425], edx
add ecx, 8
cmp ecx, 0x20
jne short loc_fffac0e5  ; jne 0xfffac0e5
mov al, byte [esi + 0xd0]
mov byte [ebx + 0x240f], al
mov al, byte [esi + 0xf4]
mov byte [ebx + 0x191b], al
mov eax, dword [esi + 0xf5]
mov dword [ebx + 0x191c], eax
mov ax, word [esi + 0xf9]
mov word [ebx + 0x1920], ax
mov al, byte [esi + 0xfb]
mov byte [ebx + 0x1922], al
jmp short loc_fffac1a0  ; jmp 0xfffac1a0

loc_fffac149:
cmp dword [ebx + 0x188b], 1
mov al, cl
mov byte [ebx + 0x1965], 1
mov byte [ebx + 0x190d], 0
setne dl
and eax, 0xffffffef
shl edx, 4
or eax, edx
mov byte [ebx + 0x2405], al
mov byte [ebx + 0x2420], 0
mov byte [ebx + 0x240f], 0
mov byte [ebx + 0x191b], 1
mov dword [ebx + 0x191c], 0x320
mov word [ebx + 0x1920], 0x118
mov byte [ebx + 0x1922], 7

loc_fffac1a0:
cmp byte [edi], 0xf
mov dl, byte [ebx + 0x2405]
jbe short loc_fffac1ca  ; jbe 0xfffac1ca
mov al, byte [esi + 0xfc]
and edx, 0xffffffdf
mov byte [ebx + 0x2410], al
mov al, byte [esi + 0xfd]
and eax, 1
shl eax, 5
or edx, eax
jmp short loc_fffac1d4  ; jmp 0xfffac1d4

loc_fffac1ca:
mov byte [ebx + 0x2410], 0
and edx, 0xffffffdf

loc_fffac1d4:
mov byte [ebx + 0x2405], dl
cmp byte [edi], 0x11
jbe short loc_fffac207  ; jbe 0xfffac207
movzx eax, byte [esi + 0xfe]
mov dword [ebx + 0x190e], eax
movzx eax, byte [esi + 0xff]
mov dword [ebx + 0x1912], eax
mov al, byte [esi + 0x100]
mov byte [ebx + 0x1916], al
jmp short loc_fffac222  ; jmp 0xfffac222

loc_fffac207:
mov dword [ebx + 0x190e], 0
mov dword [ebx + 0x1912], 0xe
mov byte [ebx + 0x1916], 0

loc_fffac222:
cmp byte [edi], 0x12
mov byte [ebp - 0x45], 0xff
jbe short loc_fffac234  ; jbe 0xfffac234
mov al, byte [esi + 0x101]
mov byte [ebp - 0x45], al

loc_fffac234:
mov dword [ebx + 0x189f], 0
mov byte [ebx + 0x189e], 0
mov al, byte [esi + 0xc7]
mov byte [ebx + 0x241f], al
mov al, byte [esi + 0xcc]
mov byte [ebx + 0x2441], 0
mov byte [ebx + 0x240c], al
mov al, byte [esi + 0x11]
mov byte [ebx + 0x18b4], al
mov al, byte [esi + 0x2c]
mov byte [ebx + 0x18b6], al
mov al, byte [esi]
mov byte [ebx + 0x18b1], al
mov al, byte [edi + 0x22]
mov byte [ebx + 0x2408], al
mov eax, dword [ebx + 0x1887]
cmp eax, 0x40650
je short loc_fffac2a1  ; je 0xfffac2a1
cmp dword [ebx + 0x188b], 1
jne loc_fffac354  ; jne 0xfffac354

loc_fffac2a1:
mov dl, byte [esi + 0x57]
mov byte [ebx + 0x2409], dl
cmp eax, 0x40670
je short loc_fffac2b8  ; je 0xfffac2b8
mov byte [ebx + 0x240a], 0

loc_fffac2b8:
cmp dword [ebx + 0x188b], 1
jne loc_fffac354  ; jne 0xfffac354
mov eax, dword [ebp - 0x30]
mov byte [ebx + 0x240b], 0
mov eax, dword [eax + 0x80]
test eax, eax
je short loc_fffac2ec  ; je 0xfffac2ec
lea edx, [ebp - 0x20]
push edx
lea edx, [ebp - 0x1c]
push edx
push 0x1b
push 1
call eax
add esp, 0x10
jmp short loc_fffac2f3  ; jmp 0xfffac2f3

loc_fffac2ec:
mov dword [ebp - 0x1c], 0

loc_fffac2f3:
cmp dword [ebp - 0x1c], 0
je short loc_fffac344  ; je 0xfffac344
mov dx, word [ebp - 0x1a]
mov ecx, 0xb
xor eax, eax
mov word [ebp - 0x2c], 0x4e20
and edx, 0xfff
mov dword [ebp - 0x38], edx

loc_fffac313:
mov edx, dword [ebp - 0x38]
sar edx, cl
mov dword [ebp - 0x34], edx
mov edx, dword [ebp - 0x2c]
add edx, eax
test byte [ebp - 0x34], 1
cmovne eax, edx
dec ecx
shr word [ebp - 0x2c], 1
cmp ecx, 0xffffffff
jne short loc_fffac313  ; jne 0xfffac313
mov ecx, 0xa
xor edx, edx
div cx
mov word [ebx + 0x1902], ax
jmp short loc_fffac34d  ; jmp 0xfffac34d

loc_fffac344:
mov word [ebx + 0x1902], 0x352

loc_fffac34d:
mov byte [ebx + 0x240d], 0

loc_fffac354:
movzx eax, byte [ebp - 0x44]
lea ecx, [ebx + 0x19bb]
mov byte [ebx + 0x196a], 0
mov dword [ebp - 0x2c], 0
mov dword [ebp - 0x50], eax

loc_fffac36f:
mov edx, dword [ebp - 0x2c]
mov al, byte [ebp - 0x45]
mov byte [ebp - 0x34], dl
cmp dl, al
je short loc_fffac3c9  ; je 0xfffac3c9
mov eax, dword [ebp - 0x2c]
mov al, byte [esi + eax + 0x2a]
cmp al, 2
je short loc_fffac3a2  ; je 0xfffac3a2
cmp al, 3
je short loc_fffac3c9  ; je 0xfffac3c9
dec al
jne short loc_fffac3ea  ; jne 0xfffac3ea
mov dword [ecx - 0x48], 1
mov dword [ecx + 0x22f], 0
jmp short loc_fffac3b3  ; jmp 0xfffac3b3

loc_fffac3a2:
mov dword [ecx - 0x48], 0
mov dword [ecx + 0x22f], 1

loc_fffac3b3:
mov dword [ecx - 0x50], 2
inc byte [ebx + 0x196a]
mov dword [ecx - 0x4c], 1
jmp short loc_fffac40f  ; jmp 0xfffac40f

loc_fffac3c9:
mov dword [ecx - 0x48], 1
mov dword [ecx + 0x22f], 1
mov dword [ecx - 0x50], 1
mov dword [ecx - 0x4c], 0
jmp short loc_fffac40f  ; jmp 0xfffac40f

loc_fffac3ea:
mov dword [ecx - 0x48], 0
mov dword [ecx + 0x22f], 0
mov dword [ecx - 0x50], 2
inc byte [ebx + 0x196a]
mov dword [ecx - 0x4c], 2

loc_fffac40f:
mov edx, dword [ebp - 0x40]
push eax
imul eax, dword [ebp - 0x2c], 0xc
push 0xc
add eax, dword [edx + 0xd4]
mov dword [ebp - 0x38], ecx
push eax
lea eax, [ecx + 0x4ee]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x40]
add esp, 0xc
push 8
mov ecx, dword [ebp - 0x2c]
mov eax, dword [edx + 0xd8]
lea eax, [eax + ecx*8]
mov ecx, dword [ebp - 0x38]
push eax
lea eax, [ecx + 0x4a6]
push eax
mov eax, dword [ebp - 0x30]
call dword [eax + 0x58]  ; ucall
mov al, byte [ebp - 0x34]
add esp, 0x10
mov ecx, dword [ebp - 0x38]
mov dword [ebp - 0x38], 0
add eax, eax
mov byte [ebp - 0x47], al
mov al, byte [ebp - 0x2c]
mov dword [ebp - 0x34], ecx
and eax, 7
mov byte [ebp - 0x46], al
shl byte [ebp - 0x46], 4

loc_fffac47a:
mov dword [ebp - 0x54], ecx
mov ecx, dword [ebp - 0x34]
mov edx, dword [edi + 1]
mov eax, ecx
sub eax, 0x48
mov dword [ebp - 0x4c], eax
mov al, byte [ebp - 0x47]
add eax, dword [ebp - 0x38]
movzx eax, al
mov al, byte [edx + eax]
mov edx, dword [ebp - 0x30]
mov byte [ecx + 0x22e], al
push eax
push 3
push ref_fffd3620  ; push 0xfffd3620
lea eax, [ecx - 4]
push eax
call dword [edx + 0x58]  ; ucall
mov ecx, dword [ebp - 0x34]
add esp, 0x10
mov al, byte [ebp - 0x38]
mov cl, byte [ecx + 0x22e]
and eax, 0xf
test cl, cl
setne dl
or al, byte [ebp - 0x46]
mov byte [ebp - 0x48], cl
mov cl, dl
shl ecx, 7
or eax, ecx
mov ecx, dword [ebp - 0x4c]
mov byte [ecx + 0x47], al
mov ecx, dword [ebp - 0x34]
cmp dword [ecx - 0x48], 1
mov ecx, dword [ebp - 0x54]
ja short loc_fffac552  ; ja 0xfffac552
test dl, dl
je short loc_fffac523  ; je 0xfffac523
mov eax, dword [ebp - 0x44]
cmp eax, 3
sete dl
test eax, eax
sete al
or dl, al
je short loc_fffac552  ; je 0xfffac552
push edx
movzx eax, byte [ebp - 0x48]
push 0x41
push ref_fffd35a0  ; push 0xfffd35a0
push 0x3c
push ref_fffd35e4  ; push 0xfffd35e4
push dword [ebp - 0x34]
mov dword [ebp - 0x4c], ecx
push eax
mov eax, dword [ebp - 0x30]
push dword [ebp - 0x50]
call dword [eax + 0x78]  ; ucall
add esp, 0x20
jmp short loc_fffac54f  ; jmp 0xfffac54f

loc_fffac523:
mov dword [ebp - 0x4c], ecx
mov ecx, dword [ebp - 0x2c]
push eax
push 0x200
mov eax, ecx
add eax, ecx
mov ecx, dword [ebp - 0x40]
add eax, dword [ebp - 0x38]
shl eax, 9
add eax, dword [ecx + 0xd0]
push eax
mov eax, dword [ebp - 0x30]
push dword [ebp - 0x34]
call dword [eax + 0x58]  ; ucall
add esp, 0x10

loc_fffac54f:
mov ecx, dword [ebp - 0x4c]

loc_fffac552:
inc dword [ebp - 0x38]
add dword [ebp - 0x34], 0x277
cmp dword [ebp - 0x38], 2
jne loc_fffac47a  ; jne 0xfffac47a
inc dword [ebp - 0x2c]
add ecx, 0x54a
cmp dword [ebp - 0x2c], 2
jne loc_fffac36f  ; jne 0xfffac36f
mov eax, dword [ebp - 0x44]
mov edx, edi
cmp eax, 2
je short loc_fffac59a  ; je 0xfffac59a
cmp eax, 3
je short loc_fffac5a9  ; je 0xfffac5a9
dec eax
mov eax, dword [ebp - 0x3c]
jne short loc_fffac5b8  ; jne 0xfffac5b8
call fcn_fffc3e29  ; call 0xfffc3e29
mov eax, 1
jmp short loc_fffac5bf  ; jmp 0xfffac5bf

loc_fffac59a:
mov eax, dword [ebp - 0x3c]
call fcn_fffc3e29  ; call 0xfffc3e29
mov eax, 2
jmp short loc_fffac5bf  ; jmp 0xfffac5bf

loc_fffac5a9:
mov eax, dword [ebp - 0x3c]
call fcn_fffc3e29  ; call 0xfffc3e29
mov eax, 3
jmp short loc_fffac5bf  ; jmp 0xfffac5bf

loc_fffac5b8:
call fcn_fffc3e29  ; call 0xfffc3e29
xor eax, eax

loc_fffac5bf:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac5c7:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, 1
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
lea ecx, [edx - 4]
cmp ecx, 3
cmova esi, dword [ebp + 0x10]
and edi, 3
mov dword [ebp - 0x1c], ebx
mov ebx, dword [ebp + 0xc]
cmp edi, 3
sete cl
test al, al
sete dl
mov dword [ebp - 0x20], ebx
test cl, dl
jne short loc_fffac666  ; jne 0xfffac666
mov ecx, 0xffff
xor ebx, ebx
test al, al
je short loc_fffac60f  ; je 0xfffac60f
or ecx, 0xffffffff
xor ebx, ebx

loc_fffac60f:  ; not directly referenced
test esi, esi
jne short loc_fffac62a  ; jne 0xfffac62a
cmp dword [ebp - 0x20], ebx
jb short loc_fffac626  ; jb 0xfffac626
ja short loc_fffac61f  ; ja 0xfffac61f
cmp dword [ebp - 0x1c], ecx

loc_fffac61d:  ; not directly referenced
jbe short loc_fffac626  ; jbe 0xfffac626

loc_fffac61f:  ; not directly referenced
mov eax, 0x80000003
jmp short loc_fffac66b  ; jmp 0xfffac66b

loc_fffac626:  ; not directly referenced
xor eax, eax
jmp short loc_fffac66b  ; jmp 0xfffac66b

loc_fffac62a:  ; not directly referenced
push eax
push edi
push ebx
push ecx
call fcn_fffab0ef  ; call 0xfffab0ef
lea ecx, [esi - 1]
add esp, 0x10
cmp edx, 0
ja short loc_fffac642  ; ja 0xfffac642
cmp eax, ecx
jb short loc_fffac61f  ; jb 0xfffac61f

loc_fffac642:  ; not directly referenced
push ecx
push edi
xor edi, edi
sub eax, esi
sbb edx, edi
add eax, 1
adc edx, 0
push edx
push eax
call fcn_fffab0f8  ; call 0xfffab0f8
add esp, 0x10
cmp dword [ebp - 0x20], edx
ja short loc_fffac61f  ; ja 0xfffac61f
jb short loc_fffac626  ; jb 0xfffac626
cmp dword [ebp - 0x1c], eax
jmp short loc_fffac61d  ; jmp 0xfffac61d

loc_fffac666:  ; not directly referenced
mov eax, 0x80000002

loc_fffac66b:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac673:
push ebp
mov ebp, esp
pop ebp
jmp near loc_fffd286c  ; jmp 0xfffd286c

fcn_fffac67c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
xor eax, eax
push ebx
lea esi, [edi + 0x374e]
sub esp, 0x3c
mov byte [ebp - 0x29], 0
mov dword [ebp - 0x3c], esi

loc_fffac696:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x29], 1
setbe dl
test cl, dl
je loc_fffac7df  ; je 0xfffac7df
movzx eax, byte [ebp - 0x29]
imul edx, eax, 0x13c3
mov dword [ebp - 0x30], eax
lea eax, [edi + edx]
cmp dword [eax + 0x3756], 2
jne loc_fffac7d0  ; jne 0xfffac7d0
mov ebx, dword [ebp - 0x3c]
xor ecx, ecx
mov dword [ebp - 0x38], eax
lea esi, [ebx + edx + 8]
mov dword [ebp - 0x34], esi
mov esi, 1

loc_fffac6db:  ; not directly referenced
mov edx, dword [ebp - 0x38]
mov eax, 1
mov bl, cl
shl eax, cl
test byte [edx + 0x381a], al
je loc_fffac7ac  ; je 0xfffac7ac
cmp byte [edi + 0x247b], 0
je short loc_fffac719  ; je 0xfffac719
mov al, cl
mov esi, dword [ebp - 0x34]
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov si, word [esi + eax + 0x126d]
jmp near loc_fffac7a2  ; jmp 0xfffac7a2

loc_fffac719:  ; not directly referenced
mov edx, dword [ebp - 0x30]
mov eax, edi
mov dword [ebp - 0x40], ecx
call fcn_fffa6c42  ; call 0xfffa6c42
test eax, eax
je loc_fffac7da  ; je 0xfffac7da
mov dl, byte [eax + 1]
xor eax, eax
mov ecx, dword [ebp - 0x40]
test dl, dl
je short loc_fffac77a  ; je 0xfffac77a
cmp dl, 0x3c
je short loc_fffac764  ; je 0xfffac764
cmp dl, 0x78
je short loc_fffac768  ; je 0xfffac768
cmp dl, 0x28
je short loc_fffac76c  ; je 0xfffac76c
cmp dl, 0xf0
je short loc_fffac770  ; je 0xfffac770
cmp dl, 0x30
je short loc_fffac774  ; je 0xfffac774
cmp dl, 0x50
je short loc_fffac778  ; je 0xfffac778
cmp dl, 0x22
mov al, 7
mov dl, 0
cmovne eax, edx
jmp short loc_fffac77a  ; jmp 0xfffac77a

loc_fffac764:  ; not directly referenced
mov al, 1
jmp short loc_fffac77a  ; jmp 0xfffac77a

loc_fffac768:  ; not directly referenced
mov al, 2
jmp short loc_fffac77a  ; jmp 0xfffac77a

loc_fffac76c:  ; not directly referenced
mov al, 3
jmp short loc_fffac77a  ; jmp 0xfffac77a

loc_fffac770:  ; not directly referenced
mov al, 4
jmp short loc_fffac77a  ; jmp 0xfffac77a

loc_fffac774:  ; not directly referenced
mov al, 5
jmp short loc_fffac77a  ; jmp 0xfffac77a

loc_fffac778:  ; not directly referenced
mov al, 6

loc_fffac77a:  ; not directly referenced
shl eax, 8
and si, 0xf8ff
or esi, eax
mov al, bl
shr al, 1
movzx eax, al
imul eax, eax, 0x128
add eax, dword [ebp - 0x34]
mov word [eax + 0x126d], si
mov word [eax + 0x1285], si

loc_fffac7a2:  ; not directly referenced
shr bl, 1
movzx ebx, bl
mov word [ebp + ebx*2 - 0x1c], si

loc_fffac7ac:  ; not directly referenced
add ecx, 2
cmp ecx, 4
jne loc_fffac6db  ; jne 0xfffac6db
mov edx, dword [ebp - 0x30]
sub esp, 0xc
mov cl, 1
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
jmp short loc_fffac7d2  ; jmp 0xfffac7d2

loc_fffac7d0:  ; not directly referenced
xor eax, eax

loc_fffac7d2:  ; not directly referenced
inc byte [ebp - 0x29]
jmp near loc_fffac696  ; jmp 0xfffac696

loc_fffac7da:  ; not directly referenced
mov eax, 1

loc_fffac7df:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffac7e7:  ; not directly referenced
push ebp
mov eax, 1
mov ebp, esp
movzx ecx, byte [ebp + 0x10]
push esi
movzx esi, byte [ebp + 0xc]
mov edx, dword [ebp + 8]
push ebx
sub ecx, esi
shl eax, cl
mov ecx, esi
dec eax
movzx ebx, dl
shl eax, cl
lea ecx, [esi - 1]
sar ebx, cl
test ebx, ebx
je short loc_fffac815  ; je 0xfffac815
or eax, edx
jmp short loc_fffac819  ; jmp 0xfffac819

loc_fffac815:  ; not directly referenced
not eax
and eax, edx

loc_fffac819:  ; not directly referenced
pop ebx
pop esi
pop ebp
ret

fcn_fffac81d:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, byte [ebp + 0xc]
imul eax, eax, 0x13c3
add eax, dword [ebp + 8]
pop ebp
cmp dword [eax + 0x130b], 2
sete al
movzx eax, al
ret

fcn_fffac83c:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov edx, dword [eax + 0xd5]
and edx, 0xfffffffd
dec edx
jne short loc_fffac856  ; jne 0xfffac856
mov dl, byte [ecx + 0x3e]
jmp short loc_fffac85c  ; jmp 0xfffac85c

loc_fffac856:  ; not directly referenced
mov dl, byte [ecx + 0x82]

loc_fffac85c:  ; not directly referenced
mov cl, dl
and edx, 0x1f
shr cl, 7
movzx ecx, cl
shl ecx, 5
or edx, ecx
mov byte [eax + 0xf5], dl
mov eax, 1
pop ebp
ret

fcn_fffac879:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x20], 0
mov edi, dword [eax + 0x1887]
mov dword [ebp - 0x2c], edi
lea edi, [eax + 0x2407]
mov dword [ebp - 0x48], edi

loc_fffac8a5:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov edx, 0x4b0
lea ecx, [edi - 2]
cmp ecx, 1
ja short loc_fffac8d7  ; ja 0xfffac8d7
cmp byte [eax + 0x3749], 0
jne short loc_fffac8d5  ; jne 0xfffac8d5

loc_fffac8be:  ; not directly referenced
inc dword [ebp - 0x20]
add dword [ebp - 0x3c], 0x23
cmp dword [ebp - 0x20], 4
jne short loc_fffac8a5  ; jne 0xfffac8a5
mov edx, 0xfffffffe
jmp near loc_fffacb46  ; jmp 0xfffacb46

loc_fffac8d5:  ; not directly referenced
xor edx, edx

loc_fffac8d7:  ; not directly referenced
mov edi, dword [ebp - 0x20]
mov dword [ebp + edi*4 - 0x1c], edx
mov edi, dword [ebp - 0x3c]
lea edx, [eax + 0x1973]
mov dword [ebp - 0x30], edx
lea edx, [eax + 0x3756]
mov dword [ebp - 0x28], edx
lea ebx, [edi + 0x18b]
add edi, 0xbb
mov dword [ebp - 0x40], ebx
mov dword [ebp - 0x44], edi

loc_fffac905:  ; not directly referenced
mov edx, dword [ebp - 0x30]
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x38], edx

loc_fffac912:  ; not directly referenced
mov ebx, dword [ebp - 0x28]
mov edi, dword [ebp - 0x24]
cmp dword [ebx + edi + 0x1173], 2
jne loc_fffacb0c  ; jne 0xfffacb0c
mov edi, dword [ebp - 0x20]
cmp edi, 1
je loc_fffac9d2  ; je 0xfffac9d2
jb loc_fffac9e0  ; jb 0xfffac9e0
cmp edi, 3
ja loc_fffac9e0  ; ja 0xfffac9e0
mov edx, ebx
mov ebx, dword [ebp - 0x24]
cmp edi, 2
mov dl, byte [edx + ebx + 0x1269]
jne short loc_fffac95f  ; jne 0xfffac95f
and dl, 1
jne short loc_fffac96a  ; jne 0xfffac96a
xor di, di
jmp near loc_fffacafc  ; jmp 0xfffacafc

loc_fffac95f:  ; not directly referenced
xor edi, edi
and dl, 2
je loc_fffacafc  ; je 0xfffacafc

loc_fffac96a:  ; not directly referenced
mov edi, dword [ebp - 0x28]
mov edx, dword [ebp - 0x24]
mov ecx, dword [ebp - 0x44]
mov ebx, dword [ebp - 0x40]
mov edx, dword [edi + edx + 0x1248]
mov edi, dword [ebp - 0x38]
and edx, 0xfffffffd
add ebx, edi
add ecx, edi
dec edx
mov edx, 0x3e7
cmovne ecx, ebx
mov edi, 0x672
mov cl, byte [ecx]
mov ebx, ecx
and ebx, 0x1f
imul ebx, ebx, 0x32
cmp ebx, 0x3e7
cmovbe edx, ebx
mov ebx, 0x4b0
shr cl, 5
and ecx, 3
imul ecx, ecx, 0x3e8
add edx, ecx
cmp edx, 0x4b0
cmovae ebx, edx
cmp ebx, 0x672
cmovbe edi, ebx
jmp near loc_fffacafc  ; jmp 0xfffacafc

loc_fffac9d2:  ; not directly referenced
mov edi, dword [eax + 0x18a3]
test edi, edi
jne loc_fffacafc  ; jne 0xfffacafc

loc_fffac9e0:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov ebx, dword [ebp - 0x28]
mov edx, dword [ebx + edi + 0x1248]
mov edi, 0x4b0
and edx, 0xfffffffd
dec edx
jne loc_fffacafc  ; jne 0xfffacafc
mov edx, dword [ebp - 0x38]
mov edi, dword [ebp - 0x2c]
mov cl, byte [edx + 0x4e]
mov dl, cl
mov bl, cl
and edx, 1
shr bl, 1
xor edx, 1
shr cl, 2
mov byte [ebp - 0x31], bl
mov byte [ebp - 0x32], cl
and byte [ebp - 0x31], 1
and byte [ebp - 0x32], 1
cmp edi, 0x40650
je short loc_fffaca56  ; je 0xfffaca56
cmp edi, 0x40660
sete bl
cmp edi, 0x306c0
sete cl
or bl, cl
jne short loc_fffaca56  ; jne 0xfffaca56
cmp edi, 0x40670
sete bl
cmp edi, 0x306d0
sete cl
or bl, cl
je short loc_fffaca9b  ; je 0xfffaca9b

loc_fffaca56:  ; not directly referenced
mov bl, byte [ebp - 0x32]
and esi, 0xfffffff9
mov cl, byte [ebp - 0x31]
and ebx, 1
add ebx, ebx
and ecx, 1
shl ecx, 2
or esi, ebx
or esi, ecx
and esi, 0xfffffff7
lea ecx, [edx*8]
or esi, ecx
mov ecx, esi
and ecx, 4
cmp cl, 1
sbb edi, edi
and edi, 0x96
add edi, 0x546
cmp dword [ebp - 0x2c], 0x40650
jne short loc_fffacaa0  ; jne 0xfffacaa0
jmp short loc_fffacab9  ; jmp 0xfffacab9

loc_fffaca9b:  ; not directly referenced
mov edi, 0x5dc

loc_fffacaa0:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
cmp ecx, 0x40670
sete bl
cmp ecx, 0x306d0
sete cl
or bl, cl
je short loc_fffacae7  ; je 0xfffacae7

loc_fffacab9:  ; not directly referenced
mov cl, byte [ebp - 0x32]
and esi, 0xfffffff9
mov bl, byte [ebp - 0x31]
shl edx, 3
and ecx, 1
add ecx, ecx
and ebx, 1
shl ebx, 2
or esi, ecx
or esi, ebx
and esi, 0xfffffff7
or esi, edx
mov edx, 0x4b0
test esi, 2
cmovne edi, edx

loc_fffacae7:  ; not directly referenced
cmp dword [ebp - 0x20], 0
jne short loc_fffacafc  ; jne 0xfffacafc
cmp dword [eax + 0x187f], 1
mov ebx, 0x5dc
cmove edi, ebx

loc_fffacafc:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
mov edx, dword [ebp + ebx*4 - 0x1c]
cmp edi, edx
cmovb edi, edx
mov dword [ebp + ebx*4 - 0x1c], edi

loc_fffacb0c:  ; not directly referenced
add dword [ebp - 0x24], 0x128
add dword [ebp - 0x38], 0x277
cmp dword [ebp - 0x24], 0x250
jne loc_fffac912  ; jne 0xfffac912
add dword [ebp - 0x30], 0x54a
mov edi, dword [ebp - 0x48]
add dword [ebp - 0x28], 0x13c3
cmp dword [ebp - 0x30], edi
jne loc_fffac905  ; jne 0xfffac905
jmp near loc_fffac8be  ; jmp 0xfffac8be

loc_fffacb46:  ; not directly referenced
cmp edx, 1
ja short loc_fffacb54  ; ja 0xfffacb54
cmp byte [eax + 0x3749], 0
je short loc_fffacb7b  ; je 0xfffacb7b

loc_fffacb54:  ; not directly referenced
mov ecx, dword [ebp + edx*4 - 0x14]
mov dword [eax + edx*4 + 0x373d], ecx
mov dword [eax + edx*4 + 0x498d], ecx
mov dword [eax + edx*4 + 0x4ab5], ecx
mov dword [eax + edx*4 + 0x5d50], ecx
mov dword [eax + edx*4 + 0x5e78], ecx

loc_fffacb7b:  ; not directly referenced
inc edx
cmp edx, 2
jne short loc_fffacb46  ; jne 0xfffacb46
add esp, 0x3c
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffacb8e:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34
mov edi, dword [ebp + 8]

loc_fffacb9c:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffacbc3  ; ja 0xfffacbc3
cmp byte [edi + 0x3749], 0
jne short loc_fffacbc3  ; jne 0xfffacbc3

loc_fffacbad:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffacb9c  ; jne 0xfffacb9c
lea eax, [edi + 0x48d1]
mov ecx, 0xfffffffe
jmp near loc_fffacd00  ; jmp 0xfffacd00

loc_fffacbc3:  ; not directly referenced
xor edx, edx
cmp ecx, 1
lea esi, [edi + 0x49bf]
setbe dl
mov dword [ebp - 0x2c], esi
imul eax, eax, 0x23
imul esi, ecx, 0x2e
lea ebx, [ecx*8 - 0x1269]
mov dword [ebp + ecx*4 - 0x1c], edx
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x34], esi
mov dword [ebp - 0x40], ebx
mov dword [ebp - 0x30], eax

loc_fffacbf5:  ; not directly referenced
mov eax, dword [ebp - 0x40]
mov ebx, dword [ebp - 0x2c]
mov dword [ebp - 0x28], 0
add eax, ebx
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp - 0x24]
lea esi, [edi + eax + 0x1973]

loc_fffacc11:  ; not directly referenced
cmp dword [ebx - 0xf6], 2
jne loc_fffaccc6  ; jne 0xfffaccc6
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x28]
mov eax, dword [ebx + eax - 0xf2]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x3c]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffacc9d  ; je 0xfffacc9d
jb short loc_fffaccb4  ; jb 0xfffaccb4
cmp ecx, 3
ja short loc_fffaccb4  ; ja 0xfffaccb4
cmp ecx, 2
mov dl, byte [ebx]
jne short loc_fffacc57  ; jne 0xfffacc57
and dl, 1
jne short loc_fffacc5e  ; jne 0xfffacc5e
xor eax, eax
jmp short loc_fffaccb9  ; jmp 0xfffaccb9

loc_fffacc57:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffaccb9  ; je 0xfffaccb9

loc_fffacc5e:  ; not directly referenced
mov eax, dword [ebx - 0x21]
and eax, 0xfffffffd
dec eax
mov eax, dword [ebp - 0x30]
jne short loc_fffacc74  ; jne 0xfffacc74
movzx edx, byte [esi + eax + 0x118]
jmp short loc_fffacc7c  ; jmp 0xfffacc7c

loc_fffacc74:  ; not directly referenced
movzx edx, byte [esi + eax + 0x1e8]

loc_fffacc7c:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffaccb9  ; je 0xfffaccb9
imul edx, dword [ebp - 0x38]
mov eax, dword [ebp - 0x20]
lea eax, [eax + edx - 1]
xor edx, edx
div dword [ebp - 0x20]
mov edx, 2
test eax, eax
jmp short loc_fffaccaf  ; jmp 0xfffaccaf

loc_fffacc9d:  ; not directly referenced
mov dx, word [esi + 0x24c]
movzx eax, dx
test dx, dx
mov edx, 1

loc_fffaccaf:  ; not directly referenced
cmove eax, edx
jmp short loc_fffaccb9  ; jmp 0xfffaccb9

loc_fffaccb4:  ; not directly referenced
mov eax, 1

loc_fffaccb9:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffaccc6:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add ebx, 0x128
add esi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffacc11  ; jne 0xfffacc11
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x24], 0xa94
jne loc_fffacbf5  ; jne 0xfffacbf5
jmp near loc_fffacbad  ; jmp 0xfffacbad

loc_fffacd00:  ; not directly referenced
cmp ecx, 1
ja short loc_fffacd0e  ; ja 0xfffacd0e
cmp byte [edi + 0x3749], 0
je short loc_fffacd38  ; je 0xfffacd38

loc_fffacd0e:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffacd38:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffacd00  ; jne 0xfffacd00
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffacd4e:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x24
mov edi, dword [ebp + 8]

loc_fffacd5c:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffacd83  ; ja 0xfffacd83
cmp byte [edi + 0x3749], 0
jne short loc_fffacd83  ; jne 0xfffacd83

loc_fffacd6d:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffacd5c  ; jne 0xfffacd5c
lea eax, [edi + 0x48f9]
mov ecx, 0xfffffffe
jmp near loc_ffface4e  ; jmp 0xffface4e

loc_fffacd83:  ; not directly referenced
lea eax, [edi + 0x48c9]
mov dword [ebp - 0x28], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x2c], eax

loc_fffacda1:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov ebx, dword [ebp - 0x28]
mov dword [ebp - 0x24], 0
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x30], eax

loc_fffacdb8:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_ffface18  ; jne 0xffface18
mov eax, dword [ebp - 0x2c]
mov esi, dword [ebx + eax + 4]
cmp ecx, 1
je short loc_fffacdd4  ; je 0xfffacdd4
jb short loc_fffacde7  ; jb 0xfffacde7
xor eax, eax
cmp ecx, 3
jbe short loc_ffface00  ; jbe 0xffface00
jmp short loc_fffacde7  ; jmp 0xfffacde7

loc_fffacdd4:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x24]
movzx eax, word [eax + edx + 0x27a]
test ax, ax
jne short loc_ffface00  ; jne 0xffface00

loc_fffacde7:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_ffface00  ; jne 0xffface00
test esi, esi
je short loc_ffface00  ; je 0xffface00
lea eax, [esi + 0x26259f]
xor edx, edx
div esi

loc_ffface00:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 4
mov esi, 4
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_ffface18:  ; not directly referenced
add dword [ebp - 0x24], 0x277
add ebx, 0x128
cmp dword [ebp - 0x24], 0x4ee
jne short loc_fffacdb8  ; jne 0xfffacdb8
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x28], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffacda1  ; jne 0xfffacda1
jmp near loc_fffacd6d  ; jmp 0xfffacd6d

loc_ffface4e:  ; not directly referenced
cmp ecx, 1
ja short loc_ffface5c  ; ja 0xffface5c
cmp byte [edi + 0x3749], 0
je short loc_ffface86  ; je 0xffface86

loc_ffface5c:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_ffface86:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_ffface4e  ; jne 0xffface4e
add esp, 0x24
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_ffface9c:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x24
mov edi, dword [ebp + 8]

loc_fffaceaa:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffaced1  ; ja 0xfffaced1
cmp byte [edi + 0x3749], 0
jne short loc_fffaced1  ; jne 0xfffaced1

loc_fffacebb:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffaceaa  ; jne 0xfffaceaa
lea eax, [edi + 0x48f7]
mov ecx, 0xfffffffe
jmp near loc_fffacf9c  ; jmp 0xfffacf9c

loc_fffaced1:  ; not directly referenced
lea eax, [edi + 0x48c9]
mov dword [ebp - 0x28], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x2c], eax

loc_fffaceef:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov ebx, dword [ebp - 0x28]
mov dword [ebp - 0x24], 0
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x30], eax

loc_fffacf06:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_fffacf66  ; jne 0xfffacf66
mov eax, dword [ebp - 0x2c]
mov esi, dword [ebx + eax + 4]
cmp ecx, 1
je short loc_fffacf22  ; je 0xfffacf22
jb short loc_fffacf35  ; jb 0xfffacf35
xor eax, eax
cmp ecx, 3
jbe short loc_fffacf4e  ; jbe 0xfffacf4e
jmp short loc_fffacf35  ; jmp 0xfffacf35

loc_fffacf22:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x24]
movzx eax, word [eax + edx + 0x27a]
test ax, ax
jne short loc_fffacf4e  ; jne 0xfffacf4e

loc_fffacf35:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_fffacf4e  ; jne 0xfffacf4e
test esi, esi
je short loc_fffacf4e  ; je 0xfffacf4e
lea eax, [esi + 0x7270df]
xor edx, edx
div esi

loc_fffacf4e:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0xb
mov esi, 0xb
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffacf66:  ; not directly referenced
add dword [ebp - 0x24], 0x277
add ebx, 0x128
cmp dword [ebp - 0x24], 0x4ee
jne short loc_fffacf06  ; jne 0xfffacf06
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x28], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffaceef  ; jne 0xfffaceef
jmp near loc_fffacebb  ; jmp 0xfffacebb

loc_fffacf9c:  ; not directly referenced
cmp ecx, 1
ja short loc_fffacfaa  ; ja 0xfffacfaa
cmp byte [edi + 0x3749], 0
je short loc_fffacfd4  ; je 0xfffacfd4

loc_fffacfaa:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffacfd4:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffacf9c  ; jne 0xfffacf9c
add esp, 0x24
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffacfea:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffacff5:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffad021  ; ja 0xfffad021
mov edi, dword [ebp + 8]
cmp byte [edi + 0x3749], 0
jne short loc_fffad021  ; jne 0xfffad021

loc_fffad009:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffacff5  ; jne 0xfffacff5
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48f5
jmp near loc_fffad142  ; jmp 0xfffad142

loc_fffad021:  ; not directly referenced
mov edi, dword [ebp + 8]
imul esi, ecx, 0x2e
imul eax, eax, 0x23
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x24], 0
lea ebx, [edi + 0x49bf]
mov dword [ebp - 0x2c], ebx
lea ebx, [ecx*8 - 0x1269]
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x38], ebx
mov dword [ebp - 0x3c], eax

loc_fffad052:  ; not directly referenced
mov eax, dword [ebp - 0x38]
mov esi, dword [ebp - 0x2c]
mov edi, dword [ebp - 0x24]
mov dword [ebp - 0x20], 0
add eax, esi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea edi, [eax + edi + 0x1973]

loc_fffad071:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffad108  ; jne 0xfffad108
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x20]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffad0ce  ; je 0xfffad0ce
jb short loc_fffad0da  ; jb 0xfffad0da
cmp ecx, 3
ja short loc_fffad0da  ; ja 0xfffad0da
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffad0b4  ; jne 0xfffad0b4
and dl, 1
jne short loc_fffad0bb  ; jne 0xfffad0bb
xor eax, eax
jmp short loc_fffad0f0  ; jmp 0xfffad0f0

loc_fffad0b4:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffad0f0  ; je 0xfffad0f0

loc_fffad0bb:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x115]
xor eax, eax
test ebx, ebx
je short loc_fffad0f0  ; je 0xfffad0f0
jmp short loc_fffad0e4  ; jmp 0xfffad0e4

loc_fffad0ce:  ; not directly referenced
movzx eax, word [edi + 0x270]
test ax, ax
jne short loc_fffad0f0  ; jne 0xfffad0f0

loc_fffad0da:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffad0f0  ; je 0xfffad0f0
movzx edx, byte [edi + 0x62]

loc_fffad0e4:  ; not directly referenced
imul edx, dword [ebp - 0x28]
lea eax, [ebx + edx - 1]
xor edx, edx
div ebx

loc_fffad0f0:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0xa
mov ebx, 0xa
cmova eax, ebx
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffad108:  ; not directly referenced
add dword [ebp - 0x20], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x20], 0x40
jne loc_fffad071  ; jne 0xfffad071
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x24], 0xa94
jne loc_fffad052  ; jne 0xfffad052
jmp near loc_fffad009  ; jmp 0xfffad009

loc_fffad142:  ; not directly referenced
cmp ecx, 1
ja short loc_fffad153  ; ja 0xfffad153
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je short loc_fffad17d  ; je 0xfffad17d

loc_fffad153:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffad17d:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffad142  ; jne 0xfffad142
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad193:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov dword [ebp - 0x20], 0x10

loc_fffad1a5:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffad1bd  ; ja 0xfffad1bd
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je loc_fffad312  ; je 0xfffad312

loc_fffad1bd:  ; not directly referenced
imul esi, ecx, 0x2e
imul eax, eax, 0x23
lea edi, [ecx*8 + 0x3756]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x38], edi
mov dword [ebp - 0x3c], eax

loc_fffad1e2:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov esi, dword [ebp - 0x38]
mov dword [ebp - 0x28], 0
imul eax, edi, 0x13c3
imul edx, edi, 0x54a
mov edi, dword [ebp + 8]
lea ebx, [esi + eax]
mov esi, dword [ebp + 8]
add ebx, dword [ebp + 8]
lea edi, [edi + edx + 0x1973]
mov dword [ebp - 0x34], ebx
lea esi, [esi + eax + 0x49bf]

loc_fffad218:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffad2eb  ; jne 0xfffad2eb
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov edx, dword [esi - 0x21]
mov dword [ebp - 0x2c], eax
mov eax, 0x18
cmp edx, 2
cmovne eax, dword [ebp - 0x20]
mov dword [ebp - 0x20], eax
cmp ecx, 1
je short loc_fffad28f  ; je 0xfffad28f
jb short loc_fffad29b  ; jb 0xfffad29b
cmp ecx, 3
ja short loc_fffad29b  ; ja 0xfffad29b
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffad26d  ; jne 0xfffad26d
and dl, 1
jne short loc_fffad274  ; jne 0xfffad274
xor eax, eax
jmp short loc_fffad2c9  ; jmp 0xfffad2c9

loc_fffad26d:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffad2c9  ; je 0xfffad2c9

loc_fffad274:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x109]
xor eax, eax
test ebx, ebx
je short loc_fffad2c9  ; je 0xfffad2c9
imul edx, dword [ebp - 0x2c]
lea eax, [ebx + edx - 1]
jmp short loc_fffad2b2  ; jmp 0xfffad2b2

loc_fffad28f:  ; not directly referenced
movzx eax, word [edi + 0x26e]
test ax, ax
jne short loc_fffad2c9  ; jne 0xfffad2c9

loc_fffad29b:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffad2c9  ; je 0xfffad2c9
movzx eax, byte [edi + 0x59]
cmp edx, 2
je short loc_fffad2b8  ; je 0xfffad2b8
imul eax, dword [ebp - 0x2c]
lea eax, [ebx + eax - 1]

loc_fffad2b2:  ; not directly referenced
xor edx, edx
div ebx
jmp short loc_fffad2c9  ; jmp 0xfffad2c9

loc_fffad2b8:  ; not directly referenced
xor edx, edx
mov eax, 0xe4e1c0
div ebx
lea edx, [eax + 1]
test al, 1
cmovne eax, edx

loc_fffad2c9:  ; not directly referenced
mov edx, eax
and edx, 0xfffffff9
cmp edx, 9
jne short loc_fffad2d6  ; jne 0xfffad2d6
inc eax
jmp short loc_fffad2de  ; jmp 0xfffad2de

loc_fffad2d6:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
cmp eax, ebx
cmova eax, ebx

loc_fffad2de:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffad2eb:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffad218  ; jne 0xfffad218
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 2
jne loc_fffad1e2  ; jne 0xfffad1e2

loc_fffad312:  ; not directly referenced
inc ecx
cmp ecx, 4
jne loc_fffad1a5  ; jne 0xfffad1a5
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48f3

loc_fffad329:  ; not directly referenced
cmp ecx, 1
ja short loc_fffad33a  ; ja 0xfffad33a
mov edi, dword [ebp + 8]
cmp byte [edi + 0x3749], 0
je short loc_fffad364  ; je 0xfffad364

loc_fffad33a:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffad364:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffad329  ; jne 0xfffad329
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad37a:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov dword [ebp - 0x20], 0xf

loc_fffad38c:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffad3a4  ; ja 0xfffad3a4
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je loc_fffad4f8  ; je 0xfffad4f8

loc_fffad3a4:  ; not directly referenced
imul esi, ecx, 0x2e
imul eax, eax, 0x23
lea edi, [ecx*8 + 0x3756]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x38], edi
mov dword [ebp - 0x3c], eax

loc_fffad3c9:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov esi, dword [ebp - 0x38]
mov dword [ebp - 0x28], 0
imul eax, edi, 0x13c3
imul edx, edi, 0x54a
mov edi, dword [ebp + 8]
lea ebx, [esi + eax]
mov esi, dword [ebp + 8]
add ebx, dword [ebp + 8]
lea edi, [edi + edx + 0x1973]
mov dword [ebp - 0x34], ebx
lea esi, [esi + eax + 0x49bf]

loc_fffad3ff:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffad4d1  ; jne 0xfffad4d1
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov edx, dword [esi - 0x21]
mov dword [ebp - 0x2c], eax
mov eax, 0xc
cmp edx, 2
cmovne eax, dword [ebp - 0x20]
mov dword [ebp - 0x20], eax
cmp ecx, 1
je short loc_fffad476  ; je 0xfffad476
jb short loc_fffad482  ; jb 0xfffad482
cmp ecx, 3
ja short loc_fffad482  ; ja 0xfffad482
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffad454  ; jne 0xfffad454
and dl, 1
jne short loc_fffad45b  ; jne 0xfffad45b
xor eax, eax
jmp short loc_fffad4bc  ; jmp 0xfffad4bc

loc_fffad454:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffad4bc  ; je 0xfffad4bc

loc_fffad45b:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x111]
xor eax, eax
test ebx, ebx
je short loc_fffad4bc  ; je 0xfffad4bc
imul edx, dword [ebp - 0x2c]
lea eax, [ebx + edx - 1]
jmp short loc_fffad499  ; jmp 0xfffad499

loc_fffad476:  ; not directly referenced
movzx eax, word [edi + 0x26c]
test ax, ax
jne short loc_fffad4bc  ; jne 0xfffad4bc

loc_fffad482:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffad4bc  ; je 0xfffad4bc
movzx eax, byte [edi + 0x63]
cmp edx, 2
je short loc_fffad49f  ; je 0xfffad49f
imul eax, dword [ebp - 0x2c]
lea eax, [ebx + eax - 1]

loc_fffad499:  ; not directly referenced
xor edx, edx
div ebx
jmp short loc_fffad4bc  ; jmp 0xfffad4bc

loc_fffad49f:  ; not directly referenced
mov eax, 0x7270e0
xor edx, edx
div ebx
mov ebx, eax
mov eax, 5
cmp ebx, 4
jbe short loc_fffad4bc  ; jbe 0xfffad4bc
cmp ebx, 0xb
mov al, 0xc
cmovne eax, ebx

loc_fffad4bc:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, ebx
cmova eax, ebx
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffad4d1:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffad3ff  ; jne 0xfffad3ff
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 2
jne loc_fffad3c9  ; jne 0xfffad3c9

loc_fffad4f8:  ; not directly referenced
inc ecx
cmp ecx, 4
jne loc_fffad38c  ; jne 0xfffad38c
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48f1

loc_fffad50f:  ; not directly referenced
cmp ecx, 1
ja short loc_fffad520  ; ja 0xfffad520
mov edi, dword [ebp + 8]
cmp byte [edi + 0x3749], 0
je short loc_fffad54a  ; je 0xfffad54a

loc_fffad520:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffad54a:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffad50f  ; jne 0xfffad50f
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad560:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34

loc_fffad56b:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffad597  ; ja 0xfffad597
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffad597  ; jne 0xfffad597

loc_fffad57f:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffad56b  ; jne 0xfffad56b
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48ef
jmp near loc_fffad6bc  ; jmp 0xfffad6bc

loc_fffad597:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
lea edi, [eax + 0x3756]
lea eax, [ecx*8]
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x2c], eax

loc_fffad5bf:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
xor esi, esi
mov ebx, dword [ebp - 0x20]
add eax, edi
mov dword [ebp - 0x40], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x30]
add eax, edi
mov dword [ebp - 0x28], eax

loc_fffad5de:  ; not directly referenced
cmp dword [edi + esi + 0x1173], 2
jne loc_fffad681  ; jne 0xfffad681
mov eax, dword [ebp - 0x40]
mov eax, dword [eax + esi + 0x1177]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x28]
mov edx, dword [eax + 0xc9]
mov eax, dword [eax + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffad61e  ; je 0xfffad61e
jb short loc_fffad62a  ; jb 0xfffad62a
xor eax, eax
cmp ecx, 3
jbe short loc_fffad669  ; jbe 0xfffad669
jmp short loc_fffad62a  ; jmp 0xfffad62a

loc_fffad61e:  ; not directly referenced
movzx eax, word [ebx + 0x26a]
test ax, ax
jne short loc_fffad669  ; jne 0xfffad669

loc_fffad62a:  ; not directly referenced
xor eax, eax
cmp dword [edi + esi + 0x1248], 2
jne short loc_fffad669  ; jne 0xfffad669
mov dl, byte [ebx + 0x6e]
cmp dword [ebp - 0x24], 0
mov byte [ebp - 0x39], dl
mov dl, byte [ebx + 0xbf]
mov byte [ebp - 0x3a], dl
je short loc_fffad669  ; je 0xfffad669
movzx edx, byte [ebp - 0x39]
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
movsx edx, byte [ebp - 0x3a]
imul edx, dword [ebp - 0x38]
add eax, edx
xor edx, edx
div dword [ebp - 0x24]

loc_fffad669:  ; not directly referenced
cmp eax, 0xa
mov edx, 0xa
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffad681:  ; not directly referenced
add esi, 0x128
add ebx, 0x277
add dword [ebp - 0x28], 0x20
cmp esi, 0x250
jne loc_fffad5de  ; jne 0xfffad5de
add dword [ebp - 0x20], 0x54a
add edi, 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffad5bf  ; jne 0xfffad5bf
jmp near loc_fffad57f  ; jmp 0xfffad57f

loc_fffad6bc:  ; not directly referenced
cmp ecx, 1
ja short loc_fffad6cd  ; ja 0xfffad6cd
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je short loc_fffad6f7  ; je 0xfffad6f7

loc_fffad6cd:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffad6f7:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffad6bc  ; jne 0xfffad6bc
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad70d:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34

loc_fffad718:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffad744  ; ja 0xfffad744
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffad744  ; jne 0xfffad744

loc_fffad72c:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffad718  ; jne 0xfffad718
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48ed
jmp near loc_fffad869  ; jmp 0xfffad869

loc_fffad744:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
lea edi, [eax + 0x3756]
lea eax, [ecx*8]
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x2c], eax

loc_fffad76c:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
xor esi, esi
mov ebx, dword [ebp - 0x20]
add eax, edi
mov dword [ebp - 0x40], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x30]
add eax, edi
mov dword [ebp - 0x28], eax

loc_fffad78b:  ; not directly referenced
cmp dword [edi + esi + 0x1173], 2
jne loc_fffad82e  ; jne 0xfffad82e
mov eax, dword [ebp - 0x40]
mov eax, dword [eax + esi + 0x1177]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x28]
mov edx, dword [eax + 0xc9]
mov eax, dword [eax + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffad7cb  ; je 0xfffad7cb
jb short loc_fffad7d7  ; jb 0xfffad7d7
xor eax, eax
cmp ecx, 3
jbe short loc_fffad816  ; jbe 0xfffad816
jmp short loc_fffad7d7  ; jmp 0xfffad7d7

loc_fffad7cb:  ; not directly referenced
movzx eax, word [ebx + 0x268]
test ax, ax
jne short loc_fffad816  ; jne 0xfffad816

loc_fffad7d7:  ; not directly referenced
xor eax, eax
cmp dword [edi + esi + 0x1248], 2
jne short loc_fffad816  ; jne 0xfffad816
mov dl, byte [ebx + 0x6f]
cmp dword [ebp - 0x24], 0
mov byte [ebp - 0x39], dl
mov dl, byte [ebx + 0xbe]
mov byte [ebp - 0x3a], dl
je short loc_fffad816  ; je 0xfffad816
movzx edx, byte [ebp - 0x39]
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
movsx edx, byte [ebp - 0x3a]
imul edx, dword [ebp - 0x38]
add eax, edx
xor edx, edx
div dword [ebp - 0x24]

loc_fffad816:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffad82e:  ; not directly referenced
add esi, 0x128
add ebx, 0x277
add dword [ebp - 0x28], 0x20
cmp esi, 0x250
jne loc_fffad78b  ; jne 0xfffad78b
add dword [ebp - 0x20], 0x54a
add edi, 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffad76c  ; jne 0xfffad76c
jmp near loc_fffad72c  ; jmp 0xfffad72c

loc_fffad869:  ; not directly referenced
cmp ecx, 1
ja short loc_fffad87a  ; ja 0xfffad87a
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je short loc_fffad8a4  ; je 0xfffad8a4

loc_fffad87a:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffad8a4:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffad869  ; jne 0xfffad869
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffad8ba:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffad8c5:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffad8f1  ; ja 0xfffad8f1
mov edi, dword [ebp + 8]
cmp byte [edi + 0x3749], 0
jne short loc_fffad8f1  ; jne 0xfffad8f1

loc_fffad8d9:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffad8c5  ; jne 0xfffad8c5
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48eb
jmp near loc_fffada12  ; jmp 0xfffada12

loc_fffad8f1:  ; not directly referenced
mov edi, dword [ebp + 8]
imul esi, ecx, 0x2e
imul eax, eax, 0x23
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x24], 0
lea ebx, [edi + 0x49bf]
mov dword [ebp - 0x2c], ebx
lea ebx, [ecx*8 - 0x1269]
mov dword [ebp - 0x30], esi
mov dword [ebp - 0x38], ebx
mov dword [ebp - 0x3c], eax

loc_fffad922:  ; not directly referenced
mov eax, dword [ebp - 0x38]
mov esi, dword [ebp - 0x2c]
mov edi, dword [ebp - 0x24]
mov dword [ebp - 0x20], 0
add eax, esi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea edi, [eax + edi + 0x1973]

loc_fffad941:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffad9d8  ; jne 0xfffad9d8
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x20]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffad99e  ; je 0xfffad99e
jb short loc_fffad9aa  ; jb 0xfffad9aa
cmp ecx, 3
ja short loc_fffad9aa  ; ja 0xfffad9aa
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffad984  ; jne 0xfffad984
and dl, 1
jne short loc_fffad98b  ; jne 0xfffad98b
xor eax, eax
jmp short loc_fffad9c0  ; jmp 0xfffad9c0

loc_fffad984:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffad9c0  ; je 0xfffad9c0

loc_fffad98b:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
movzx edx, byte [edi + eax + 0x112]
xor eax, eax
test ebx, ebx
je short loc_fffad9c0  ; je 0xfffad9c0
jmp short loc_fffad9b4  ; jmp 0xfffad9b4

loc_fffad99e:  ; not directly referenced
movzx eax, word [edi + 0x266]
test ax, ax
jne short loc_fffad9c0  ; jne 0xfffad9c0

loc_fffad9aa:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffad9c0  ; je 0xfffad9c0
movzx edx, byte [edi + 0x5b]

loc_fffad9b4:  ; not directly referenced
imul edx, dword [ebp - 0x28]
lea eax, [ebx + edx - 1]
xor edx, edx
div ebx

loc_fffad9c0:  ; not directly referenced
cmp dword [ebp + ecx*4 - 0x1c], 4
mov edx, 4
cmovae edx, dword [ebp + ecx*4 - 0x1c]
cmp edx, eax
cmovae eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffad9d8:  ; not directly referenced
add dword [ebp - 0x20], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x20], 0x40
jne loc_fffad941  ; jne 0xfffad941
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x24], 0xa94
jne loc_fffad922  ; jne 0xfffad922
jmp near loc_fffad8d9  ; jmp 0xfffad8d9

loc_fffada12:  ; not directly referenced
cmp ecx, 1
ja short loc_fffada23  ; ja 0xfffada23
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je short loc_fffada4d  ; je 0xfffada4d

loc_fffada23:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffada4d:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffada12  ; jne 0xfffada12
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffada63:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x38
mov edi, dword [ebp + 8]
mov byte [ebp - 0x1d], 0
lea eax, [edi + 0x3756]
mov dword [ebp - 0x40], eax

loc_fffada7e:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffada93  ; ja 0xfffada93
cmp byte [edi + 0x3749], 0
je loc_fffadbac  ; je 0xfffadbac

loc_fffada93:  ; not directly referenced
lea eax, [edi + 0x48c9]
mov dword [ebp - 0x3c], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x40]
mov dword [ebp - 0x34], eax

loc_fffadab7:  ; not directly referenced
mov eax, dword [ebp - 0x28]
mov ebx, dword [ebp - 0x3c]
mov dword [ebp - 0x2c], 0
lea eax, [edi + eax + 0x1973]
mov dword [ebp - 0x30], eax

loc_fffadace:  ; not directly referenced
cmp dword [ebx], 2
jne loc_fffadb6f  ; jne 0xfffadb6f
cmp dword [ebx + 0xd5], 3
jne loc_fffadb6f  ; jne 0xfffadb6f
mov eax, dword [ebp - 0x38]
mov esi, dword [ebp - 0x2c]
mov eax, dword [ebx + eax + 4]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x34]
mov edx, dword [eax + esi + 0xc9]
mov eax, dword [eax + esi + 0xcd]
mov dword [ebp - 0x44], eax
cmp ecx, 1
jne short loc_fffadb19  ; jne 0xfffadb19
mov eax, dword [ebp - 0x30]
movzx eax, word [eax + 0x264]
test ax, ax
jne short loc_fffadb3f  ; jne 0xfffadb3f

loc_fffadb19:  ; not directly referenced
cmp dword [ebp - 0x24], 0
je short loc_fffadb62  ; je 0xfffadb62
mov esi, dword [ebp - 0x30]
movzx eax, byte [esi + 0x6f]
imul edx, eax
mov eax, dword [ebp - 0x24]
lea edx, [eax + edx - 1]
movsx eax, byte [esi + 0x70]
imul eax, dword [ebp - 0x44]
add eax, edx
xor edx, edx
div dword [ebp - 0x24]

loc_fffadb3f:  ; not directly referenced
cmp eax, 3
jbe short loc_fffadb62  ; jbe 0xfffadb62
mov esi, dword [ebp - 0x38]
movzx edx, word [ebx + esi + 0x1e]
mov esi, eax
sub esi, edx
cmp esi, 3
ja short loc_fffadb62  ; ja 0xfffadb62
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffadb62:  ; not directly referenced
mov dl, byte [ebp - 0x1d]
mov al, 1
test dl, dl
cmove edx, eax
mov byte [ebp - 0x1d], dl

loc_fffadb6f:  ; not directly referenced
add dword [ebp - 0x2c], 0x20
add ebx, 0x128
add dword [ebp - 0x30], 0x277
cmp dword [ebp - 0x2c], 0x40
jne loc_fffadace  ; jne 0xfffadace
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x3c], 0x13c3
add dword [ebp - 0x34], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffadab7  ; jne 0xfffadab7

loc_fffadbac:  ; not directly referenced
inc ecx
add dword [ebp - 0x40], 8
cmp ecx, 4
jne loc_fffada7e  ; jne 0xfffada7e
mov al, byte [ebp - 0x1d]
test al, al
je short loc_fffadc0d  ; je 0xfffadc0d
lea eax, [edi + 0x48e9]
mov ecx, 0xfffffffe

loc_fffadbcc:  ; not directly referenced
cmp ecx, 1
ja short loc_fffadbda  ; ja 0xfffadbda
cmp byte [edi + 0x3749], 0
je short loc_fffadc04  ; je 0xfffadc04

loc_fffadbda:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffadc04:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffadbcc  ; jne 0xfffadbcc

loc_fffadc0d:  ; not directly referenced
add esp, 0x38
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffadc1a:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x40
mov eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
add eax, 0x3756
mov dword [ebp - 0x2c], eax

loc_fffadc37:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffadc6b  ; ja 0xfffadc6b
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffadc6b  ; jne 0xfffadc6b

loc_fffadc4b:  ; not directly referenced
inc ecx
add dword [ebp - 0x3c], 0x23
add dword [ebp - 0x2c], 8
cmp ecx, 4
jne short loc_fffadc37  ; jne 0xfffadc37
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48e7
jmp near loc_fffaddd7  ; jmp 0xfffaddd7

loc_fffadc6b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
add eax, 0x49bf
mov dword [ebp - 0x40], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x2c]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp - 0x3c]
lea esi, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x48], esi
mov dword [ebp - 0x4c], eax

loc_fffadca5:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x28]
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x24], 0
lea ebx, [eax + ebx + 0x1973]

loc_fffadcbc:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffadd96  ; jne 0xfffadd96
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x24]
mov eax, dword [esi + eax - 0xf2]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x30]
mov edx, dword [eax + edi + 0xc9]
mov eax, dword [eax + edi + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffadd41  ; je 0xfffadd41
jb short loc_fffadd4d  ; jb 0xfffadd4d
cmp ecx, 3
ja short loc_fffadd4d  ; ja 0xfffadd4d
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffadd0c  ; jne 0xfffadd0c
and dl, 1
jne short loc_fffadd13  ; jne 0xfffadd13
xor eax, eax
jmp short loc_fffadd89  ; jmp 0xfffadd89

loc_fffadd0c:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffadd89  ; je 0xfffadd89

loc_fffadd13:  ; not directly referenced
mov edx, dword [esi - 0x21]
mov eax, dword [ebp - 0x4c]
mov edi, dword [ebp - 0x48]
and edx, 0xfffffffd
add eax, ebx
add edi, ebx
dec edx
cmovne eax, edi
xor edi, edi
cmp byte [esi + 1], 0x13
movzx edx, byte [eax + 6]
jne short loc_fffadd37  ; jne 0xfffadd37
movsx edi, byte [eax + 0x1c]

loc_fffadd37:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffadd89  ; je 0xfffadd89
jmp short loc_fffadd73  ; jmp 0xfffadd73

loc_fffadd41:  ; not directly referenced
movzx eax, word [ebx + 0x262]
test ax, ax
jne short loc_fffadd89  ; jne 0xfffadd89

loc_fffadd4d:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffadd89  ; je 0xfffadd89
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffadd68  ; jne 0xfffadd68
movzx edx, byte [ebx + 0x5c]
movsx edi, byte [ebx + 0x6d]
jmp short loc_fffadd73  ; jmp 0xfffadd73

loc_fffadd68:  ; not directly referenced
movzx edx, byte [ebx + 0x62]
movsx edi, byte [ebx + 0xc1]

loc_fffadd73:  ; not directly referenced
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x20]
imul edi, dword [ebp - 0x38]
lea eax, [eax + edx - 1]
xor edx, edx
add eax, edi
div dword [ebp - 0x20]

loc_fffadd89:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffadd96:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add esi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffadcbc  ; jne 0xfffadcbc
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x40], 0x13c3
add dword [ebp - 0x30], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffadca5  ; jne 0xfffadca5
jmp near loc_fffadc4b  ; jmp 0xfffadc4b

loc_fffaddd7:  ; not directly referenced
cmp ecx, 1
ja short loc_fffadde8  ; ja 0xfffadde8
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je short loc_fffade12  ; je 0xfffade12

loc_fffadde8:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffade12:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffaddd7  ; jne 0xfffaddd7
add esp, 0x40
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffade28:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov esi, dword [ebp + 8]

loc_fffade36:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffade5d  ; ja 0xfffade5d
cmp byte [esi + 0x3749], 0
jne short loc_fffade5d  ; jne 0xfffade5d

loc_fffade47:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffade36  ; jne 0xfffade36
lea eax, [esi + 0x48e5]
mov ecx, 0xfffffffe
jmp near loc_fffadf55  ; jmp 0xfffadf55

loc_fffade5d:  ; not directly referenced
lea eax, [esi + 0x48c9]
mov dword [ebp - 0x2c], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x30], eax
lea eax, [ecx*8 - 0x1173]
mov dword [ebp - 0x3c], eax

loc_fffade85:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov ebx, dword [ebp - 0x2c]
mov dword [ebp - 0x28], 0
add eax, ebx
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x20]
lea edi, [esi + eax + 0x1973]

loc_fffadea1:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_fffadf1b  ; jne 0xfffadf1b
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov eax, dword [ebx + eax + 4]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x38]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x34], eax
cmp ecx, 1
je short loc_fffaded0  ; je 0xfffaded0
jb short loc_fffadedc  ; jb 0xfffadedc
xor eax, eax
cmp ecx, 3
jbe short loc_fffadf01  ; jbe 0xfffadf01
jmp short loc_fffadedc  ; jmp 0xfffadedc

loc_fffaded0:  ; not directly referenced
movzx eax, word [edi + 0x260]
test ax, ax
jne short loc_fffadf01  ; jne 0xfffadf01

loc_fffadedc:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_fffadf01  ; jne 0xfffadf01
cmp dword [ebp - 0x24], 0
movzx edx, word [edi + 0x6a]
je short loc_fffadf01  ; je 0xfffadf01
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
xor edx, edx
div dword [ebp - 0x24]

loc_fffadf01:  ; not directly referenced
cmp eax, 0x1ff
mov edx, 0x1ff
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffadf1b:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add ebx, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffadea1  ; jne 0xfffadea1
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffade85  ; jne 0xfffade85
jmp near loc_fffade47  ; jmp 0xfffade47

loc_fffadf55:  ; not directly referenced
cmp ecx, 1
ja short loc_fffadf63  ; ja 0xfffadf63
cmp byte [esi + 0x3749], 0
je short loc_fffadf8d  ; je 0xfffadf8d

loc_fffadf63:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffadf8d:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffadf55  ; jne 0xfffadf55
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffadfa3:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30
mov esi, dword [ebp + 8]

loc_fffadfb1:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffadfd8  ; ja 0xfffadfd8
cmp byte [esi + 0x3749], 0
jne short loc_fffadfd8  ; jne 0xfffadfd8

loc_fffadfc2:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffadfb1  ; jne 0xfffadfb1
lea eax, [esi + 0x48e3]
mov ecx, 0xfffffffe
jmp near loc_fffae0d0  ; jmp 0xfffae0d0

loc_fffadfd8:  ; not directly referenced
lea eax, [esi + 0x48c9]
mov dword [ebp - 0x2c], eax
imul eax, ecx, 0x2e
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x30], eax
lea eax, [ecx*8 - 0x1173]
mov dword [ebp - 0x3c], eax

loc_fffae000:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov ebx, dword [ebp - 0x2c]
mov dword [ebp - 0x28], 0
add eax, ebx
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x20]
lea edi, [esi + eax + 0x1973]

loc_fffae01c:  ; not directly referenced
cmp dword [ebx], 2
jne short loc_fffae096  ; jne 0xfffae096
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
mov eax, dword [ebx + eax + 4]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x38]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x34], eax
cmp ecx, 1
je short loc_fffae04b  ; je 0xfffae04b
jb short loc_fffae057  ; jb 0xfffae057
xor eax, eax
cmp ecx, 3
jbe short loc_fffae07c  ; jbe 0xfffae07c
jmp short loc_fffae057  ; jmp 0xfffae057

loc_fffae04b:  ; not directly referenced
movzx eax, word [edi + 0x25e]
test ax, ax
jne short loc_fffae07c  ; jne 0xfffae07c

loc_fffae057:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0xd5], 2
jne short loc_fffae07c  ; jne 0xfffae07c
cmp dword [ebp - 0x24], 0
movzx edx, word [edi + 0x68]
je short loc_fffae07c  ; je 0xfffae07c
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x24]
lea eax, [eax + edx - 1]
xor edx, edx
div dword [ebp - 0x24]

loc_fffae07c:  ; not directly referenced
cmp eax, 0x1ff
mov edx, 0x1ff
cmova eax, edx
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffae096:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add ebx, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffae01c  ; jne 0xfffae01c
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffae000  ; jne 0xfffae000
jmp near loc_fffadfc2  ; jmp 0xfffadfc2

loc_fffae0d0:  ; not directly referenced
cmp ecx, 1
ja short loc_fffae0de  ; ja 0xfffae0de
cmp byte [esi + 0x3749], 0
je short loc_fffae108  ; je 0xfffae108

loc_fffae0de:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffae108:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffae0d0  ; jne 0xfffae0d0
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae11e:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffae129:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffae155  ; ja 0xfffae155
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x3749], 0
jne short loc_fffae155  ; jne 0xfffae155

loc_fffae13d:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffae129  ; jne 0xfffae129
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48e1
jmp near loc_fffae29a  ; jmp 0xfffae29a

loc_fffae155:  ; not directly referenced
mov ebx, dword [ebp + 8]
imul eax, eax, 0x23
lea esi, [ecx*8 - 0x1269]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
lea edi, [ebx + 0x49bf]
mov dword [ebp - 0x2c], edi
imul edi, ecx, 0x2e
mov dword [ebp - 0x3c], esi
mov dword [ebp - 0x30], eax
mov dword [ebp - 0x34], edi

loc_fffae186:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov esi, dword [ebp - 0x2c]
mov ebx, dword [ebp - 0x20]
mov dword [ebp - 0x24], 0
add eax, esi
mov dword [ebp - 0x38], eax
mov eax, dword [ebp + 8]
lea edi, [eax + ebx + 0x1973]

loc_fffae1a5:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffae260  ; jne 0xfffae260
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x24]
mov ebx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x38]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffae215  ; je 0xfffae215
jb short loc_fffae221  ; jb 0xfffae221
cmp ecx, 3
ja short loc_fffae221  ; ja 0xfffae221
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffae1e8  ; jne 0xfffae1e8
and dl, 1
jne short loc_fffae1ef  ; jne 0xfffae1ef
xor eax, eax
jmp short loc_fffae246  ; jmp 0xfffae246

loc_fffae1e8:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffae246  ; je 0xfffae246

loc_fffae1ef:  ; not directly referenced
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
mov eax, dword [ebp - 0x30]
jne short loc_fffae205  ; jne 0xfffae205
movzx edx, word [edi + eax + 0x10f]
jmp short loc_fffae20d  ; jmp 0xfffae20d

loc_fffae205:  ; not directly referenced
movzx edx, word [edi + eax + 0x1df]

loc_fffae20d:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffae246  ; je 0xfffae246
jmp short loc_fffae23a  ; jmp 0xfffae23a

loc_fffae215:  ; not directly referenced
movzx eax, word [edi + 0x25c]
test ax, ax
jne short loc_fffae246  ; jne 0xfffae246

loc_fffae221:  ; not directly referenced
xor eax, eax
test ebx, ebx
je short loc_fffae246  ; je 0xfffae246
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffae236  ; jne 0xfffae236
movzx edx, word [edi + 0x60]
jmp short loc_fffae23a  ; jmp 0xfffae23a

loc_fffae236:  ; not directly referenced
movzx edx, word [edi + 0x66]

loc_fffae23a:  ; not directly referenced
imul edx, dword [ebp - 0x28]
lea eax, [ebx + edx - 1]
xor edx, edx
div ebx

loc_fffae246:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x1ff
mov ebx, 0x1ff
cmova eax, ebx
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffae260:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffae1a5  ; jne 0xfffae1a5
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffae186  ; jne 0xfffae186
jmp near loc_fffae13d  ; jmp 0xfffae13d

loc_fffae29a:  ; not directly referenced
cmp ecx, 1
ja short loc_fffae2ab  ; ja 0xfffae2ab
mov edi, dword [ebp + 8]
cmp byte [edi + 0x3749], 0
je short loc_fffae2d5  ; je 0xfffae2d5

loc_fffae2ab:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffae2d5:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffae29a  ; jne 0xfffae29a
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae2eb:  ; not directly referenced
push ebp
mov ebp, esp
push edi
xor edi, edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2443]
mov dword [ebp - 0x44], eax

loc_fffae302:  ; not directly referenced
lea eax, [edi - 2]
cmp eax, 1
ja short loc_fffae32e  ; ja 0xfffae32e
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x3749], 0
jne short loc_fffae32e  ; jne 0xfffae32e

loc_fffae316:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffae302  ; jne 0xfffae302
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48df
jmp near loc_fffae4d9  ; jmp 0xfffae4d9

loc_fffae32e:  ; not directly referenced
mov ebx, dword [ebp + 8]
imul eax, eax, 0x23
lea esi, [edi*8 - 0x1269]
mov dword [ebp + edi*4 - 0x28], 0
mov dword [ebp - 0x34], 0
add ebx, 0x49bf
mov dword [ebp - 0x3c], ebx
imul ebx, edi, 0x2e
mov dword [ebp - 0x54], esi
mov dword [ebp - 0x40], eax
mov dword [ebp - 0x48], ebx

loc_fffae35f:  ; not directly referenced
mov eax, dword [ebp - 0x54]
mov esi, dword [ebp - 0x3c]
mov ebx, dword [ebp - 0x34]
mov dword [ebp - 0x38], 0
add eax, esi
mov dword [ebp - 0x50], eax
mov eax, dword [ebp + 8]
lea eax, [eax + ebx + 0x1973]
mov dword [ebp - 0x30], eax

loc_fffae381:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffae49e  ; jne 0xfffae49e
mov eax, dword [ebp - 0x48]
mov ebx, dword [ebp - 0x38]
mov eax, dword [esi + eax - 0xf2]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp - 0x50]
mov ecx, dword [eax + ebx + 0xc9]
cmp edi, 1
je loc_fffae446  ; je 0xfffae446
jb loc_fffae455  ; jb 0xfffae455
cmp edi, 3
ja loc_fffae455  ; ja 0xfffae455
cmp edi, 2
mov dl, byte [esi]
jne short loc_fffae3d3  ; jne 0xfffae3d3
and dl, 1
jne short loc_fffae3de  ; jne 0xfffae3de
xor eax, eax
jmp near loc_fffae484  ; jmp 0xfffae484

loc_fffae3d3:  ; not directly referenced
xor eax, eax
and dl, 2
je loc_fffae484  ; je 0xfffae484

loc_fffae3de:  ; not directly referenced
mov eax, dword [esi - 0x21]
mov ebx, dword [ebp - 0x40]
and eax, 0xfffffffd
dec eax
mov eax, dword [ebp - 0x30]
jne short loc_fffae3f7  ; jne 0xfffae3f7
movzx edx, word [eax + ebx + 0x10d]
jmp short loc_fffae3ff  ; jmp 0xfffae3ff

loc_fffae3f7:  ; not directly referenced
movzx edx, word [eax + ebx + 0x1dd]

loc_fffae3ff:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x2c], 0
je short loc_fffae484  ; je 0xfffae484
mov eax, dword [ebp - 0x44]
imul edx, edx, 0x3e8
mov ebx, dword [eax + 0x74]
mov dword [ebp - 0x4c], ebx
push ebx
mov ebx, ecx
push edx
sar ebx, 0x1f
push ebx
xor ebx, ebx
push ecx
call dword [eax + 0x70]  ; ucall
mov ecx, dword [ebp - 0x2c]
mov dword [esp], 0
push ebx
xor ebx, ebx
push ecx
mov ecx, dword [ebp - 0x2c]
dec ecx
add eax, ecx
adc edx, ebx
mov ebx, dword [ebp - 0x4c]
push edx
push eax
call ebx
add esp, 0x20
jmp short loc_fffae484  ; jmp 0xfffae484

loc_fffae446:  ; not directly referenced
mov eax, dword [ebp - 0x30]
movzx eax, word [eax + 0x25a]
test ax, ax
jne short loc_fffae484  ; jne 0xfffae484

loc_fffae455:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x2c], 0
je short loc_fffae484  ; je 0xfffae484
cmp dword [esi - 0x21], 3
mov eax, 0x3b8260
mov ebx, 0x7704c0
mov ecx, 0x3e8
cmove ebx, eax
mov eax, dword [ebp - 0x2c]
xor edx, edx
div ecx
xor edx, edx
mov ecx, eax
lea eax, [ebx + eax - 1]
div ecx

loc_fffae484:  ; not directly referenced
cmp eax, 0xffff
mov edx, 0xffff
cmovbe edx, eax
mov eax, dword [ebp + edi*4 - 0x28]
cmp edx, eax
cmovb edx, eax
mov dword [ebp + edi*4 - 0x28], edx

loc_fffae49e:  ; not directly referenced
add dword [ebp - 0x38], 0x20
add esi, 0x128
add dword [ebp - 0x30], 0x277
cmp dword [ebp - 0x38], 0x40
jne loc_fffae381  ; jne 0xfffae381
add dword [ebp - 0x34], 0x54a
add dword [ebp - 0x3c], 0x13c3
cmp dword [ebp - 0x34], 0xa94
jne loc_fffae35f  ; jne 0xfffae35f
jmp near loc_fffae316  ; jmp 0xfffae316

loc_fffae4d9:  ; not directly referenced
cmp ecx, 1
ja short loc_fffae4ea  ; ja 0xfffae4ea
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je short loc_fffae514  ; je 0xfffae514

loc_fffae4ea:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x20]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffae514:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffae4d9  ; jne 0xfffae4d9
lea esp, [ebp - 0xc]
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae52a:
push ebp
mov ebp, esp
sub esp, 0x14
mov ecx, dword [eax + 0x2443]
add edx, dword [eax + 0x18c5]
inc dword [eax + 0x36a4]
push edx
call dword [ecx + 0x20]  ; ucall
leave
ret

fcn_fffae548:
push ebp
mov ebp, esp
sub esp, 0x14
mov ecx, dword [eax + 0x2443]
add edx, dword [eax + 0x18c5]
inc dword [eax + 0x36a4]
push edx
call dword [ecx + 0x24]  ; ucall
leave
ret

fcn_fffae566:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2443]
inc dword [eax + 0x36a0]
push ecx
add edx, dword [eax + 0x18c5]
push edx
call dword [ebx + 0x28]  ; ucall
add esp, 0x10
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffae58c:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2443]
inc dword [eax + 0x36a0]
push ecx
add edx, dword [eax + 0x18c5]
push edx
call dword [ebx + 0x30]  ; ucall
add esp, 0x10
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffae5b2:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, ref_fffd363c  ; mov ebx, 0xfffd363c
sub esp, 0x1c
mov edi, dword [ebp + 8]
mov dword [ebp - 0x20], eax
mov eax, dword [eax + 0x188b]
mov byte [ebp - 0x21], cl
mov dword [ebp - 0x28], edx
mov esi, dword [edi]
mov dword [ebp - 0x1c], eax

loc_fffae5d7:  ; not directly referenced
mov al, byte [ebx + 4]
and eax, 1
cmp eax, dword [ebp - 0x28]
jne short loc_fffae62b  ; jne 0xfffae62b
movzx edi, word [ebx]
sub edi, esi

loc_fffae5e7:  ; not directly referenced
movzx eax, word [ebx + 2]
lea edx, [esi + edi]
cmp edx, eax
ja short loc_fffae62b  ; ja 0xfffae62b
cmp dword [ebp - 0x1c], 0
jne short loc_fffae5fe  ; jne 0xfffae5fe
test byte [ebx + 4], 2
jmp short loc_fffae608  ; jmp 0xfffae608

loc_fffae5fe:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffae626  ; jne 0xfffae626
test byte [ebx + 4], 4

loc_fffae608:  ; not directly referenced
je short loc_fffae626  ; je 0xfffae626
cmp byte [ebp - 0x21], 1
jne short loc_fffae61c  ; jne 0xfffae61c
mov eax, dword [ebp - 0x20]
call fcn_fffae52a  ; call 0xfffae52a
mov dword [esi], eax
jmp short loc_fffae626  ; jmp 0xfffae626

loc_fffae61c:  ; not directly referenced
mov ecx, dword [esi]
mov eax, dword [ebp - 0x20]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffae626:  ; not directly referenced
add esi, 4
jmp short loc_fffae5e7  ; jmp 0xfffae5e7

loc_fffae62b:  ; not directly referenced
add ebx, 5
cmp ebx, ref_fffd3e70  ; cmp ebx, 0xfffd3e70
jne short loc_fffae5d7  ; jne 0xfffae5d7
mov eax, dword [ebp + 8]
mov dword [eax], esi
add esp, 0x1c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae645:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edc]
lea ecx, [eax + 0x1c]
mov dword [edx + 0x1b8], ecx
add edx, 0x1b8
mov ecx, 1
mov dword [ebp + 8], edx
xor edx, edx
pop ebp
jmp near fcn_fffae5b2  ; jmp 0xfffae5b2

fcn_fffae670:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x1c
mov esi, dword [ebx + 0x2443]
mov dword [ebp - 0x24], edx
mov byte [ebp - 0x1d], dl
call dword [esi + 0x54]  ; ucall
mov ecx, 5
mov edx, 0x4800
add eax, 0x2710
mov dword [ebp - 0x1c], eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffae6a3:  ; not directly referenced
mov edx, 0x4804
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov cl, byte [ebp - 0x1d]
mov edx, eax
mov edi, eax
shr edx, 0x10
shr eax, 0x10
and edx, 2
and eax, 1
or eax, edx
and eax, ecx
cmp al, cl
jne short loc_fffae6ce  ; jne 0xfffae6ce
xor eax, eax
jmp short loc_fffae6db  ; jmp 0xfffae6db

loc_fffae6ce:  ; not directly referenced
call dword [esi + 0x54]  ; ucall
cmp dword [ebp - 0x1c], eax
ja short loc_fffae6a3  ; ja 0xfffae6a3
mov eax, 0x12

loc_fffae6db:  ; not directly referenced
mov edx, edi
mov ecx, edi
and edx, 2
and ecx, 1
or ecx, edx
mov edx, 0x14
test byte [ebp - 0x24], cl
cmovne eax, edx
add esp, 0x1c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffae6fa:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, 0x1ff
push esi
mov esi, 0x2800
push ebx
mov ebx, eax
sub esp, 0x10
mov dword [ebp - 0x1c], edx
imul edx, dword [eax + 0x18a7], 0x2e
imul eax, dword [ebp - 0x1c], 0x13c3
lea eax, [edx + eax + 0x3740]
lea edx, [ebx + eax + 0x1a]
movzx eax, word [edx + 0x12]
cmp word [edx + 0x14], 0x1ff
cmovbe di, word [edx + 0x14]
movzx ecx, ax
imul eax, eax, 0x59
and edi, 0x1ff
shl edi, 0x10
cdq
idiv esi
mov esi, dword [ebp - 0x1c]
mov edx, 0x7f
cmp eax, 0x7f
cmovbe edx, eax
add esp, 0x10
shl edx, 0x19
or ecx, edi
shl esi, 0xa
or ecx, edx
mov eax, ebx
lea edx, [esi + 0x4298]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffae58c  ; jmp 0xfffae58c

fcn_fffae778:  ; not directly referenced
mov dl, byte [eax + 0x1907]
push ebp
mov ebp, esp
push esi
mov esi, 0x80
test dl, dl
movzx ecx, dl
cmovne esi, ecx
movzx ecx, byte [eax + 0x1906]
push ebx
cmp cl, 6
sete bl
cmp cl, 1
setbe dl
or bl, dl
jne short loc_fffae7ba  ; jne 0xfffae7ba
xor ecx, ecx
cmp dword [eax + 0x2480], 3
setne cl
lea ecx, [ecx*4 + 2]

loc_fffae7ba:  ; not directly referenced
and ecx, 0xf
mov edx, 0x4cb0
shl ecx, 0xc
pop ebx
or ecx, esi
pop esi
pop ebp
jmp near fcn_fffae58c  ; jmp 0xfffae58c

fcn_fffae7cf:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 0xc
mov ecx, dword [eax + 0x2443]
inc dword [eax + 0x36a0]
push dword [ebp + 0xc]
push dword [ebp + 8]
add edx, dword [eax + 0x18c5]
push edx
call dword [ecx + 0x34]  ; ucall
add esp, 0x10
leave
ret

fcn_fffae7f6:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x2443]
cmp dword [ebx + 0x188b], 1
mov dword [ebp - 0x24], eax
je loc_fffae9e4  ; je 0xfffae9e4

loc_fffae818:  ; not directly referenced
mov edx, 0x5030
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5030
or al, 0x89
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, 0x8f
mov edx, 0x50fc
mov eax, ebx
mov esi, dword [ebx + 0x2443]
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebx + 0x18b5], 0
je loc_fffaeac9  ; je 0xfffaeac9
mov edi, dword [ebx + 0x18c1]
push 0xa0
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add edi, eax
mov dword [esp], edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xbc
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xa8
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x90
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x98
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xb0
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0xb4
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x78
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or ah, 4
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edi, dword [ebx + 0x18c1]
push 0x50
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [esi + 0x20]  ; ucall
pop edx
pop ecx
or eax, 1
push eax
push edi
call dword [esi + 0x30]  ; ucall
mov edx, 0x5880
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
movzx edx, byte [ebx + 0x192a]
and edx, 1
shl edx, 5
and eax, 0xffffffdf
or eax, edx
mov edx, 0x5880
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10
jmp near loc_fffaeac9  ; jmp 0xfffaeac9

loc_fffae9e4:  ; not directly referenced
cmp byte [ebx + 0x36a8], 0
je loc_fffae818  ; je 0xfffae818
cmp byte [ebx + 0x3704], 0
je short loc_fffaea2e  ; je 0xfffaea2e
push eax
mov esi, dword [ebp - 0x24]
xor edx, edx
push 0x14
mov eax, dword [ebx + 0x3711]
push edx
push eax
call dword [esi + 0x68]  ; ucall
add esp, 0xc
push 0x14
mov dword [ebp - 0x28], eax
mov eax, dword [ebx + 0x3705]
mov dword [ebp - 0x2c], edx
xor edx, edx
push edx
push eax
call dword [esi + 0x68]  ; ucall
add esp, 0x10
mov ecx, eax
mov edi, edx
jmp short loc_fffaea40  ; jmp 0xfffaea40

loc_fffaea2e:  ; not directly referenced
xor ecx, ecx
xor edi, edi
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x2c], 0

loc_fffaea40:  ; not directly referenced
xor esi, esi

loc_fffaea42:  ; not directly referenced
movzx eax, byte [ebx + 0x36a8]
cmp esi, eax
jae loc_fffae818  ; jae 0xfffae818
mov eax, dword [ebx + esi*8 + 0x36a9]
mov edx, dword [ebx + esi*8 + 0x36ad]
cmp byte [ebx + 0x3704], 0
mov dword [ebp - 0x20], eax
mov dword [ebp - 0x1c], edx
je short loc_fffaea8e  ; je 0xfffaea8e
cmp edx, dword [ebp - 0x2c]
ja short loc_fffaea8e  ; ja 0xfffaea8e
jb short loc_fffaea7a  ; jb 0xfffaea7a
cmp eax, dword [ebp - 0x28]
jae short loc_fffaea8e  ; jae 0xfffaea8e

loc_fffaea7a:  ; not directly referenced
cmp edx, edi
jb short loc_fffaea8e  ; jb 0xfffaea8e
ja short loc_fffaea84  ; ja 0xfffaea84
cmp eax, ecx
jb short loc_fffaea8e  ; jb 0xfffaea8e

loc_fffaea84:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
or eax, 0x40000000
jmp short loc_fffaea96  ; jmp 0xfffaea96

loc_fffaea8e:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
and eax, 0xbfffffff

loc_fffaea96:  ; not directly referenced
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp - 0x1c]
lea edx, [esi*8 + 0x50b0]
mov dword [ebp - 0x30], ecx
inc esi
or eax, 0x80000000
mov dword [ebp - 0x1c], eax
push eax
push eax
mov eax, ebx
push dword [ebp - 0x1c]
push dword [ebp - 0x20]
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10
mov ecx, dword [ebp - 0x30]
jmp near loc_fffaea42  ; jmp 0xfffaea42

loc_fffaeac9:  ; not directly referenced
mov eax, dword [ebp - 0x24]
call dword [eax + 0x54]  ; ucall
lea esi, [eax + 0x2710]

loc_fffaead5:  ; not directly referenced
mov edx, 0x5030
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
test al, 0x20
jne short loc_fffaeaf6  ; jne 0xfffaeaf6
mov eax, dword [ebp - 0x24]
call dword [eax + 0x54]  ; ucall
cmp esi, eax
ja short loc_fffaead5  ; ja 0xfffaead5
mov eax, 1
jmp short loc_fffaeb74  ; jmp 0xfffaeb74

loc_fffaeaf6:  ; not directly referenced
xor eax, eax
cmp dword [ebx + 0x1887], 0x306d0
je short loc_fffaeb30  ; je 0xfffaeb30
mov ecx, eax
mov edx, 0x14000000
and ecx, 0xe00fffff
mov dl, 0xa0
or ecx, 0x5a00000
and ecx, 0xfff00fff
or ecx, 0x24000
and ecx, 0xfffff00f
or ecx, 0x4f
jmp short loc_fffaeb5d  ; jmp 0xfffaeb5d

loc_fffaeb30:  ; not directly referenced
mov ecx, eax
mov edx, 0x14000000
and ecx, 0xe00fffff
mov dl, 0xa0
or ecx, 0x8200000
and ecx, 0xfff00fff
or ecx, 0x5a000
and ecx, 0xfffff00f
or ecx, 0x32f

loc_fffaeb5d:  ; not directly referenced
mov eax, ecx
push ecx
push ecx
push edx
mov edx, 0x5d10
push eax
mov eax, ebx
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10
xor eax, eax

loc_fffaeb74:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaeb7c:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0xc
mov ebx, dword [eax + 0x2443]
inc dword [eax + 0x36a0]
push ecx
add edx, dword [eax + 0x18c5]
push edx
call dword [ebx + 0x30]  ; ucall
add esp, 0x10
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffaeba2:  ; not directly referenced
push ebp
mov edx, eax
mov ebp, esp
xor eax, eax

loc_fffaeba9:  ; not directly referenced
test edx, edx
je short loc_fffaebb5  ; je 0xfffaebb5
lea ecx, [edx - 1]
inc eax
and edx, ecx
jmp short loc_fffaeba9  ; jmp 0xfffaeba9

loc_fffaebb5:  ; not directly referenced
pop ebp
ret

fcn_fffaebb7:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push ebx
mov ebx, 0xa9e

loc_fffaebc2:  ; not directly referenced
cmp eax, 0x10f
jbe short loc_fffaebd8  ; jbe 0xfffaebd8
imul eax, eax, 0x3e8
xor edx, edx
add ecx, 0x64
div ebx
jmp short loc_fffaebc2  ; jmp 0xfffaebc2

loc_fffaebd8:  ; not directly referenced
imul edx, eax, 0xfffffff0
mov ebx, 0x2710
add edx, 0x2d3a
imul edx, eax
lea eax, [edx - 0xeefac]
xor edx, edx
div ebx
pop ebx
pop ebp
add eax, ecx
ret

fcn_fffaebf8:  ; not directly referenced
push ebp
mov ecx, 0x12
mov ebp, esp
xor edx, edx
push edi
push esi
mov esi, ref_fffd3628  ; mov esi, 0xfffd3628
sub esp, 0x20
lea edi, [ebp - 0x1a]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea ecx, [eax + eax]

loc_fffaec14:  ; not directly referenced
cmp eax, 8
jbe short loc_fffaec26  ; jbe 0xfffaec26
mov ecx, eax
add edx, 0xa
shr ecx, 2
shr eax, 3
jmp short loc_fffaec14  ; jmp 0xfffaec14

loc_fffaec26:  ; not directly referenced
movzx eax, byte [ebp + ecx - 0x1a]
add esp, 0x20
pop esi
pop edi
pop ebp
add eax, edx
ret

fcn_fffaec34:  ; not directly referenced
cmp eax, 0xffffffff
je short loc_fffaec5c  ; je 0xfffaec5c
push ebp
xor ecx, ecx
mov ebp, esp
xor edx, edx
push edi
push esi
push ebx
mov ebx, 1

loc_fffaec48:  ; not directly referenced
mov edi, ebx
shl edi, cl
lea esi, [ecx + 1]
test edi, eax
cmovne edx, esi
inc ecx
cmp ecx, 0x20
jne short loc_fffaec48  ; jne 0xfffaec48
jmp short loc_fffaec61  ; jmp 0xfffaec61

loc_fffaec5c:  ; not directly referenced
xor edx, edx
mov al, dl
ret

loc_fffaec61:  ; not directly referenced
pop ebx
mov al, dl
pop esi
pop edi
pop ebp
ret

fcn_fffaec68:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x10
mov bl, byte [ebp + 8]
mov byte [ebp - 0xe], bl
mov bl, byte [ebp + 0xc]
mov byte [ebp - 0xf], bl
mov bl, byte [ebp + 0x10]
cmp cl, 0xff
je short loc_fffaec8d  ; je 0xfffaec8d
lea edi, [ecx + 1]
mov byte [ebp - 0xd], cl
jmp short loc_fffaec96  ; jmp 0xfffaec96

loc_fffaec8d:  ; not directly referenced
mov edi, 4
mov byte [ebp - 0xd], 0

loc_fffaec96:  ; not directly referenced
imul edx, edx, 0x13c3
lea esi, [eax + edx + 0x3756]
add eax, edx
mov dword [ebp - 0x14], esi
mov dword [ebp - 0x1c], eax

loc_fffaecab:  ; not directly referenced
mov eax, edi
cmp byte [ebp - 0xd], al
jae short loc_fffaed27  ; jae 0xfffaed27
mov cl, byte [ebp - 0xd]
mov eax, 1
mov esi, dword [ebp - 0x1c]
movzx edx, cl
shl eax, cl
test byte [esi + 0x381a], al
je short loc_fffaed22  ; je 0xfffaed22
movzx eax, byte [ebp - 0xe]
lea edx, [edx + edx*8]
add edx, dword [ebp - 0x14]
add eax, edx
cmp byte [ebp - 0xf], 0
mov dl, byte [eax + 0x104a]
mov al, byte [eax + 0x106e]
jne short loc_fffaecf4  ; jne 0xfffaecf4
cmp al, dl
cmova eax, edx
cmp bl, al
cmova ebx, eax
jmp short loc_fffaed22  ; jmp 0xfffaed22

loc_fffaecf4:  ; not directly referenced
movzx ecx, dl
movzx esi, bl
mov dword [ebp - 0x18], ecx
mov ecx, 0x3f
sub ecx, dword [ebp - 0x18]
cmp esi, ecx
jle short loc_fffaed0d  ; jle 0xfffaed0d
mov bl, 0x3f
sub ebx, edx

loc_fffaed0d:  ; not directly referenced
movzx esi, al
mov edx, 0x3f
movzx ecx, bl
sub edx, esi
cmp ecx, edx
jle short loc_fffaed22  ; jle 0xfffaed22
mov bl, 0x3f
sub ebx, eax

loc_fffaed22:  ; not directly referenced
inc byte [ebp - 0xd]
jmp short loc_fffaecab  ; jmp 0xfffaecab

loc_fffaed27:  ; not directly referenced
add esp, 0x10
mov al, bl
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaed31:
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, edx
sub esp, 0x10
mov edi, dword [ebp + 8]
mov esi, dword [eax + 0x2443]
mov eax, 0x5f5e100
test edi, edi
cmovne eax, edi
xor edx, edx
mov edi, 0x186a0
div edi
dec ecx
mov edx, 0x3b9aca00
mov ecx, 0x4f790d55
cmovne edx, ecx
push edx
xor edx, edx
push edx
push eax
call dword [esi + 0x70]  ; ucall
add esp, 0xc
push ebx
push edx
push eax
call dword [esi + 0x70]  ; ucall
add esp, 0x10
xor ecx, ecx
mov ebx, edx
or ebx, eax
je short loc_fffaed9b  ; je 0xfffaed9b
sub esp, 0xc
push 0
push edx
push eax
push 0x8ac72304
push 0x89e80000
call dword [esi + 0x74]  ; ucall
add esp, 0x20
mov ecx, eax

loc_fffaed9b:
lea esp, [ebp - 0xc]
mov eax, ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaeda5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x4c
mov ebx, dword [ebp + 8]
lea eax, [ebx + 0x3756]
mov dword [ebp - 0x4c], eax
lea eax, [ebx + 0x2407]
mov dword [ebp - 0x58], eax

loc_fffaedc5:  ; not directly referenced
lea eax, [esi - 2]
cmp eax, 1
ja short loc_fffaedf0  ; ja 0xfffaedf0
cmp byte [ebx + 0x3749], 0
jne short loc_fffaedf0  ; jne 0xfffaedf0

loc_fffaedd6:  ; not directly referenced
inc esi
add dword [ebp - 0x4c], 8
cmp esi, 4
jne short loc_fffaedc5  ; jne 0xfffaedc5
lea eax, [ebx + 0x48cd]
mov ecx, 0xfffffffe
jmp near loc_fffaef89  ; jmp 0xfffaef89

loc_fffaedf0:  ; not directly referenced
lea eax, [ebx + 0x49bf]
mov edi, dword [ebp - 0x4c]
mov dword [ebp - 0x44], eax
lea eax, [ebx + 0x1973]
mov dword [ebp - 0x34], eax
imul eax, esi, 0x23
mov dword [ebp + esi*4 - 0x28], 0
mov dword [ebp - 0x48], edi
lea edi, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x50], edi
mov dword [ebp - 0x54], eax

loc_fffaee24:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x34]
mov dword [ebp - 0x38], 0
mov dword [ebp - 0x2c], eax

loc_fffaee34:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
cmp dword [eax - 0xf6], 2
jne loc_fffaef48  ; jne 0xfffaef48
mov eax, dword [ebp - 0x48]
mov ecx, dword [ebp - 0x38]
mov edx, dword [eax + ecx + 0xc9]
mov eax, dword [eax + ecx + 0xcd]
mov dword [ebp - 0x3c], edx
mov dword [ebp - 0x40], eax
cmp esi, 1
je short loc_fffaeed2  ; je 0xfffaeed2
jb loc_fffaef03  ; jb 0xfffaef03
cmp esi, 3
ja loc_fffaef03  ; ja 0xfffaef03
mov eax, dword [ebp - 0x2c]
cmp esi, 2
mov dl, byte [eax]
jne short loc_fffaee88  ; jne 0xfffaee88
and dl, 1
jne short loc_fffaee93  ; jne 0xfffaee93
xor eax, eax
jmp near loc_fffaef3b  ; jmp 0xfffaef3b

loc_fffaee88:  ; not directly referenced
xor eax, eax
and dl, 2
je loc_fffaef3b  ; je 0xfffaef3b

loc_fffaee93:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x54]
mov edx, dword [eax - 0x21]
add ecx, edi
mov dword [ebp - 0x30], ecx
mov ecx, dword [ebp - 0x50]
and edx, 0xfffffffd
add ecx, edi
dec edx
cmove ecx, dword [ebp - 0x30]
xor edx, edx
cmp byte [eax + 1], 0x13
mov dword [ebp - 0x30], ecx
movzx ecx, byte [ecx + 1]
jne short loc_fffaeec4  ; jne 0xfffaeec4
mov eax, dword [ebp - 0x30]
movsx edx, byte [eax + 0x1a]

loc_fffaeec4:  ; not directly referenced
mov eax, dword [ebp - 0x40]
imul ecx, dword [ebp - 0x3c]
imul eax, edx
add eax, ecx
jmp short loc_fffaef2e  ; jmp 0xfffaef2e

loc_fffaeed2:  ; not directly referenced
movzx edx, byte [ebx + 0x1876]
test dl, dl
je short loc_fffaef03  ; je 0xfffaef03
sub esp, 0xc
mov ecx, dword [ebx + 0x36e3]
mov eax, ebx
push dword [ebx + 0x187b]
call fcn_fffaed31  ; call 0xfffaed31
mov edx, dword [ebx + 0x36db]
add esp, 0x10
cmp eax, edx
cmovb eax, edx
jmp short loc_fffaef3b  ; jmp 0xfffaef3b

loc_fffaef03:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffaef19  ; jne 0xfffaef19
movzx eax, byte [edi + 0x54]
movsx edx, byte [edi + 0x6a]
jmp short loc_fffaef24  ; jmp 0xfffaef24

loc_fffaef19:  ; not directly referenced
movzx eax, byte [edi + 0x5a]
movsx edx, byte [edi + 0xc5]

loc_fffaef24:  ; not directly referenced
imul eax, dword [ebp - 0x3c]
imul edx, dword [ebp - 0x40]
add eax, edx

loc_fffaef2e:  ; not directly referenced
cmp eax, dword [ebx + 0x36db]
cmovb eax, dword [ebx + 0x36db]

loc_fffaef3b:  ; not directly referenced
mov edx, dword [ebp + esi*4 - 0x28]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + esi*4 - 0x28], eax

loc_fffaef48:  ; not directly referenced
add dword [ebp - 0x38], 0x20
add edi, 0x277
add dword [ebp - 0x2c], 0x128
cmp dword [ebp - 0x38], 0x40
jne loc_fffaee34  ; jne 0xfffaee34
add dword [ebp - 0x34], 0x54a
mov eax, dword [ebp - 0x58]
add dword [ebp - 0x44], 0x13c3
add dword [ebp - 0x48], 0x13c3
cmp dword [ebp - 0x34], eax
jne loc_fffaee24  ; jne 0xfffaee24
jmp near loc_fffaedd6  ; jmp 0xfffaedd6

loc_fffaef89:  ; not directly referenced
cmp ecx, 1
ja short loc_fffaef97  ; ja 0xfffaef97
cmp byte [ebx + 0x3749], 0
je short loc_fffaefbb  ; je 0xfffaefbb

loc_fffaef97:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x20]
mov dword [eax], edx
mov dword [eax - 0x1173], edx
mov dword [eax + 0x128], edx
mov dword [eax + 0x13c3], edx
mov dword [eax + 0x250], edx
mov dword [eax + 0x14eb], edx

loc_fffaefbb:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffaef89  ; jne 0xfffaef89
mov eax, dword [ebx + 0x18a7]
mov eax, dword [ebp + eax*4 - 0x28]
mov dword [ebx + 0x36df], eax
lea esp, [ebp - 0xc]
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaefe1:
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, 0x5f5e100
sub esp, 0x10
mov edi, dword [ebp + 8]
mov esi, dword [eax + 0x2443]
mov eax, 0xbebc200
test edi, edi
cmovne ebx, edi
dec ecx
mov ecx, 0xfe502ab
cmovne eax, ecx
imul ebx, edx
xor edx, edx
push ebx
push edx
push eax
call dword [esi + 0x70]  ; ucall
mov dword [esp], 0
push 0x5af3
push 0x107a4000
add eax, 0x883d2000
adc edx, 0x2d79
push edx
push eax
call dword [esi + 0x74]  ; ucall
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaf03f:
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
xor ebx, ebx
sub esp, 8
mov dword [ebp - 0x14], eax

loc_fffaf04f:
cmp esi, edx
je short loc_fffaf07d  ; je 0xfffaf07d
mov eax, dword [ebp - 0x14]
mov byte [ebp - 0xd], 8
movzx edi, byte [eax + esi]
shl edi, 8
xor ebx, edi

loc_fffaf063:
lea edi, [ebx + ebx]
mov eax, edi
xor eax, 0x1021
and bh, 0x80
mov ebx, eax
cmove ebx, edi
dec byte [ebp - 0xd]
jne short loc_fffaf063  ; jne 0xfffaf063
inc esi
jmp short loc_fffaf04f  ; jmp 0xfffaf04f

loc_fffaf07d:
mov word [ecx], bx
mov eax, 1
pop edx
pop ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaf08c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
mov esi, eax
push ebx
mov eax, ref_fffd34b0  ; mov eax, 0xfffd34b0
xor ebx, ebx

loc_fffaf09d:  ; not directly referenced
cmp edx, dword [eax]
ja short loc_fffaf0b1  ; ja 0xfffaf0b1
cmp edx, dword [eax + 9]
jbe short loc_fffaf0b1  ; jbe 0xfffaf0b1
lea eax, [ebx + ebx*8]
mov eax, dword [eax + ref_fffd34b4]  ; mov eax, dword [eax - 0x2cb4c]
jmp short loc_fffaf0bc  ; jmp 0xfffaf0bc

loc_fffaf0b1:  ; not directly referenced
inc ebx
add eax, 9
cmp ebx, 0x14
jne short loc_fffaf09d  ; jne 0xfffaf09d
xor eax, eax

loc_fffaf0bc:  ; not directly referenced
mov ecx, esi
mov edx, 1
shl edx, cl
lea ecx, [ebx + ebx*8]
add ecx, ref_fffd34b0  ; add ecx, 0xfffd34b0
jmp short loc_fffaf0df  ; jmp 0xfffaf0df

loc_fffaf0d0:  ; not directly referenced
movzx esi, byte [ecx + 8]
sub ecx, 9
test esi, edx
jne short loc_fffaf0e3  ; jne 0xfffaf0e3
mov eax, dword [ecx + 4]
dec ebx

loc_fffaf0df:  ; not directly referenced
test ebx, ebx
jne short loc_fffaf0d0  ; jne 0xfffaf0d0

loc_fffaf0e3:  ; not directly referenced
test edi, edi
je short loc_fffaf0e9  ; je 0xfffaf0e9
mov dword [edi], ebx

loc_fffaf0e9:  ; not directly referenced
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaf0ee:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x188b]
mov ebx, dword [eax + 0x18a7]
mov al, byte [eax + 0x36c9]
test esi, esi
sete cl
test al, al
sete dl
test cl, dl
jne loc_fffaf36d  ; jne 0xfffaf36d
dec esi
sete dl
dec al
sete al
test dl, al
jne loc_fffaf36d  ; jne 0xfffaf36d
mov eax, dword [ebp + 8]
mov dword [ebp - 0x2c], 0
lea edi, [eax + 0x3756]
imul eax, ebx, 0x2e
mov dword [ebp - 0x38], eax

loc_fffaf145:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffaf35a  ; jne 0xfffaf35a
mov eax, dword [ebp - 0x38]
mov ecx, dword [ebp - 0x2c]
mov byte [ebp - 0x1c], 0
mov byte [ebp - 0x1b], 2
cmp word [edi + eax + 8], 2
mov byte [ebp - 0x1a], 3
mov byte [ebp - 0x19], 2
sete al
movzx eax, al
add eax, eax
mov byte [ebp - 0x31], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x5edc]
imul eax, ecx, 0xcc
lea ebx, [edx + eax + 0x1c]
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x18a7]
mov eax, ecx
shl eax, 0xa
lea ecx, [eax + 0x4004]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp + 8]
mov edx, ecx
mov dword [ebp - 0x48], ecx
imul esi, esi, 0x2e
call fcn_fffae52a  ; call 0xfffae52a
add esi, edi
mov dword [ebx + 0xa0], eax
movzx eax, word [esi + 8]
mov dl, byte [ebp + eax - 0x1d]
mov al, byte [ebx + 0xa3]
shl edx, 6
and eax, 0x3f
or eax, edx
mov edx, dword [ebp - 0x48]
mov byte [ebx + 0xa3], al
mov eax, dword [ebp + 8]
mov ecx, dword [ebx + 0xa0]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x30]
add eax, 0x400c
mov edx, eax
mov dword [ebp - 0x48], eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
mov dword [ebx + 0xa8], eax
mov ax, word [esi + 8]
mov esi, dword [ebp + 8]
mov ecx, dword [esi + 0x2480]
mov edx, dword [esi + 0x36d7]
cmp ecx, 3
jne short loc_fffaf224  ; jne 0xfffaf224
cmp edx, 0x536
sbb eax, eax
add eax, 6
jmp short loc_fffaf26e  ; jmp 0xfffaf26e

loc_fffaf224:  ; not directly referenced
cmp ecx, 2
jne short loc_fffaf242  ; jne 0xfffaf242
mov eax, 5
cmp edx, 0x640
jbe short loc_fffaf26e  ; jbe 0xfffaf26e
mov al, 6
cmp edx, 0x74b
jbe short loc_fffaf26e  ; jbe 0xfffaf26e
jmp short loc_fffaf263  ; jmp 0xfffaf263

loc_fffaf242:  ; not directly referenced
cmp edx, 0x640
ja short loc_fffaf252  ; ja 0xfffaf252
movzx eax, al
add eax, 4
jmp short loc_fffaf26e  ; jmp 0xfffaf26e

loc_fffaf252:  ; not directly referenced
cmp edx, 0x74b
ja short loc_fffaf263  ; ja 0xfffaf263
cmp al, 3
sbb eax, eax
add eax, 7
jmp short loc_fffaf26e  ; jmp 0xfffaf26e

loc_fffaf263:  ; not directly referenced
cmp edx, 0x856
sbb eax, eax
add eax, 8

loc_fffaf26e:  ; not directly referenced
cmp eax, 0xf
mov edx, 0xf
cmovbe edx, eax
mov al, byte [ebx + 0xa8]
xor esi, esi
mov cl, dl
shl ecx, 6
shr edx, 2
and eax, 0x3f
and edx, 3
or eax, ecx
mov byte [ebx + 0xa8], al
mov al, byte [ebx + 0xa9]
and eax, 0xfffffffc
or eax, edx
mov byte [ebx + 0xa9], al
mov ecx, dword [ebx + 0xa8]
xor ebx, ebx
mov edx, dword [ebp - 0x48]
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov al, byte [ebp - 0x31]
xor ecx, ecx
mov dl, byte [edi + 0xc4]
mov byte [ebp - 0x48], 0
sub eax, 4
test dl, 1
je short loc_fffaf2e3  ; je 0xfffaf2e3
mov cl, al
add cl, byte [edi + 0x1015]
mov byte [edi + 0x1015], cl
and ecx, 0x7f

loc_fffaf2e3:  ; not directly referenced
and dl, 2
je short loc_fffaf2fb  ; je 0xfffaf2fb
mov dl, al
add dl, byte [edi + 0x1016]
mov esi, edx
mov byte [edi + 0x1016], dl
and esi, 0x7f

loc_fffaf2fb:  ; not directly referenced
mov dl, byte [edi + 0xc4]
test dl, 4
je short loc_fffaf317  ; je 0xfffaf317
mov bl, al
add bl, byte [edi + 0x1017]
mov byte [edi + 0x1017], bl
and ebx, 0x7f

loc_fffaf317:  ; not directly referenced
and dl, 8
je short loc_fffaf32e  ; je 0xfffaf32e
add al, byte [edi + 0x1018]
mov byte [edi + 0x1018], al
and eax, 0x7f
mov byte [ebp - 0x48], al

loc_fffaf32e:  ; not directly referenced
mov eax, dword [ebp - 0x48]
and esi, 0x7f
and ecx, 0x7f
shl esi, 8
and ebx, 0x7f
mov edx, dword [ebp - 0x30]
shl ebx, 0x10
or ecx, esi
or ecx, ebx
shl eax, 0x18
or ecx, eax
mov eax, dword [ebp + 8]
add edx, 0x4024
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf35a:  ; not directly referenced
inc dword [ebp - 0x2c]
add edi, 0x13c3
cmp dword [ebp - 0x2c], 2
jne loc_fffaf145  ; jne 0xfffaf145

loc_fffaf36d:  ; not directly referenced
add esp, 0x3c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaf377:  ; not directly referenced
push ebp
mov ecx, 4
mov ebp, esp
push edi
push esi
mov esi, ref_fffd3e70  ; mov esi, 0xfffd3e70
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x54]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov byte [ebp - 0x5d], 0
mov eax, dword [ebx + 0x2443]
mov dword [ebp - 0x5c], 0
mov dword [ebp - 0x64], eax
lea eax, [ebx + 0x381a]

loc_fffaf3ac:  ; not directly referenced
mov cl, byte [eax]
mov byte [ebp - 0x5e], cl
and cl, 1
jne short loc_fffaf41a  ; jne 0xfffaf41a

loc_fffaf3b6:  ; not directly referenced
test byte [ebp - 0x5e], 4
je loc_fffaf46d  ; je 0xfffaf46d
movzx edx, word [eax + 0x12c0]
mov ecx, 1
imul edx, dword [eax + 0x12bc]
movzx edi, byte [eax + 0x12c6]
movzx esi, byte [eax + 0x12c5]
shr edx, 0x14
cmp byte [eax + 0x12c6], 0
cmovne ecx, edi
movzx edi, byte [eax + 0x12c8]
imul edi, esi
imul edi, edx
movzx edx, byte [eax + 0x12ca]
imul edi, ecx
movzx edx, word [ebp + edx*2 - 0x54]
cmp edx, edi
mov edx, 1
cmove edx, dword [ebp - 0x5c]
mov dword [ebp - 0x5c], edx
jmp short loc_fffaf46d  ; jmp 0xfffaf46d

loc_fffaf41a:  ; not directly referenced
movzx edx, word [eax + 0x1198]
imul edx, dword [eax + 0x1194]
movzx ecx, byte [eax + 0x119e]
movzx esi, byte [eax + 0x119d]
shr edx, 0x14
test cl, cl
jne short loc_fffaf442  ; jne 0xfffaf442
mov ecx, 1

loc_fffaf442:  ; not directly referenced
movzx edi, byte [eax + 0x11a0]
imul esi, edi
imul esi, edx
movzx edx, byte [eax + 0x11a2]
imul esi, ecx
movzx edx, word [ebp + edx*2 - 0x54]
cmp edx, esi
je loc_fffaf3b6  ; je 0xfffaf3b6
mov dword [ebp - 0x5c], 1

loc_fffaf46d:  ; not directly referenced
inc byte [ebp - 0x5d]
add eax, 0x13c3
cmp byte [ebp - 0x5d], 2
jne loc_fffaf3ac  ; jne 0xfffaf3ac
cmp dword [ebp - 0x5c], 1
je loc_fffaf5ed  ; je 0xfffaf5ed
push edx
push 0
push 0x2c
lea eax, [ebp - 0x44]
push eax
mov eax, dword [ebp - 0x64]
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp byte [ebx + 0x3748], 1
mov dword [ebp - 0x58], 1
je short loc_fffaf4af  ; je 0xfffaf4af

loc_fffaf4ab:  ; not directly referenced
xor esi, esi
jmp short loc_fffaf509  ; jmp 0xfffaf509

loc_fffaf4af:  ; not directly referenced
cmp dword [ebx + 0x3756], 2
jne short loc_fffaf4db  ; jne 0xfffaf4db
mov edx, 0x5004
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5004
mov ecx, eax
mov dword [ebp - 0x68], eax
and ecx, 0xfcffffff
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf4db:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffaf4ab  ; jne 0xfffaf4ab
mov edx, 0x5008
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5008
mov ecx, eax
mov dword [ebp - 0x6c], eax
and ecx, 0xfcffffff
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffaf4ab  ; jmp 0xfffaf4ab

loc_fffaf509:  ; not directly referenced
movzx eax, byte [ebx + 0x248d]
bt eax, esi
jb short loc_fffaf521  ; jb 0xfffaf521

loc_fffaf515:  ; not directly referenced
add esi, 2
cmp esi, 4
jne short loc_fffaf509  ; jne 0xfffaf509
xor edi, edi
jmp short loc_fffaf570  ; jmp 0xfffaf570

loc_fffaf521:  ; not directly referenced
push eax
mov ecx, esi
push eax
mov edi, 1
lea eax, [ebp - 0x58]
push eax
mov eax, ebx
push 0
lea edx, [ebp - 0x44]
call fcn_fffaa9ed  ; call 0xfffaa9ed
mov ecx, esi
xor edx, edx
shl edi, cl
mov eax, ebx
mov ecx, edi
call fcn_fffaac43  ; call 0xfffaac43
mov ecx, edi
mov edx, 1
mov byte [ebp - 0x5c], al
mov eax, ebx
call fcn_fffaac43  ; call 0xfffaac43
or eax, dword [ebp - 0x5c]
movzx edx, al
mov eax, ebx
call fcn_fffae670  ; call 0xfffae670
add esp, 0x10
mov edi, eax
test eax, eax
je short loc_fffaf515  ; je 0xfffaf515

loc_fffaf570:  ; not directly referenced
cmp byte [ebx + 0x3748], 1
jne short loc_fffaf5a9  ; jne 0xfffaf5a9
cmp dword [ebx + 0x3756], 2
jne short loc_fffaf591  ; jne 0xfffaf591
mov ecx, dword [ebp - 0x68]
mov edx, 0x5004
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf591:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffaf5a9  ; jne 0xfffaf5a9
mov ecx, dword [ebp - 0x6c]
mov edx, 0x5008
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf5a9:  ; not directly referenced
mov edx, 0x3c
mov eax, ebx
call fcn_fffa834b  ; call 0xfffa834b
cmp dword [ebx + 0x3756], 2
jne short loc_fffaf5cf  ; jne 0xfffaf5cf
mov ecx, 0x3000
mov edx, 0x48a8
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf5cf:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffaf5e9  ; jne 0xfffaf5e9
mov ecx, 0x3000
mov edx, 0x48b0
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf5e9:  ; not directly referenced
test edi, edi
je short loc_fffaf5f7  ; je 0xfffaf5f7

loc_fffaf5ed:  ; not directly referenced
mov dword [ebx + 0x374a], 1

loc_fffaf5f7:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffaf601:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x2443]
cmp byte [edi + 0x190d], 0
mov edx, dword [edi + 0x18a7]
mov esi, dword [edi + 0x2480]
mov dword [ebp - 0x30], eax
je loc_fffafafc  ; je 0xfffafafc
cmp esi, 3
sete al
mov byte [ebp - 0x2c], al
movzx eax, al
mov dword [ebp - 0x38], eax
mov eax, dword [edi + 0x36cb]
test eax, eax
je loc_fffaf79d  ; je 0xfffaf79d
dec eax
jne loc_fffafafc  ; jne 0xfffafafc
movzx ebx, byte [edi + 0x247f]
test ebx, ebx
sete al
or al, byte [ebp - 0x2c]
je short loc_fffaf6d5  ; je 0xfffaf6d5
mov ecx, dword [ebp - 0x30]
xor eax, eax
cmp dword [edi + 0x188b], 1
mov edx, dword [ecx + 0x80]
sete al
mov esi, eax
lea esi, [esi + esi + 0x18]
lea eax, [eax + eax + 0x17]
test edx, edx
je short loc_fffaf6d5  ; je 0xfffaf6d5
lea ecx, [ebp - 0x20]
push ecx
lea ecx, [ebp - 0x1c]
push ecx
push eax
push 1
call edx
mov al, byte [ebp - 0x19]
add esp, 0x10
test al, al
js short loc_fffaf6d5  ; js 0xfffaf6d5
or eax, 0xffffff80
mov byte [ebp - 0x19], al
mov al, byte [ebp - 0x1c]
or eax, 1
cmp dword [edi + 0x2480], 3
mov byte [ebp - 0x1c], al
jne short loc_fffaf6bf  ; jne 0xfffaf6bf
and eax, 0xfffffff1
or eax, 8
mov byte [ebp - 0x1c], al

loc_fffaf6bf:  ; not directly referenced
lea eax, [ebp - 0x20]
push eax
mov eax, dword [ebp - 0x30]
push dword [ebp - 0x1c]
push esi
push 1
call dword [eax + 0x84]  ; ucall
add esp, 0x10

loc_fffaf6d5:  ; not directly referenced
cmp ebx, 1
mov edx, 0x64
mov eax, 0x32
cmove edx, eax
cmp dword [ebp - 0x38], 1
jne short loc_fffaf70c  ; jne 0xfffaf70c
mov edx, 0x5880
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5880
and al, 0x7f
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x61

loc_fffaf70c:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
dec ebx
sete al
or cl, al
je loc_fffafafc  ; je 0xfffafafc
movzx eax, dx
xor esi, esi
lea ebx, [edi + 0x4a07]
mov dword [ebp - 0x2c], eax

loc_fffaf729:  ; not directly referenced
cmp dword [ebx - 0x12b1], 2
jne short loc_fffaf782  ; jne 0xfffaf782
movzx eax, word [ebx - 0x129b]
mov ecx, 0x64
imul eax, dword [ebp - 0x2c]
cdq
idiv ecx
cmp dword [ebx - 0x13e], 2
mov word [ebx - 0x129b], ax
jne short loc_fffaf76a  ; jne 0xfffaf76a
movzx eax, word [ebx - 0x128]
imul eax, dword [ebp - 0x2c]
cdq
idiv ecx
mov word [ebx - 0x128], ax

loc_fffaf76a:  ; not directly referenced
cmp dword [ebx - 0x16], 2
jne short loc_fffaf782  ; jne 0xfffaf782
movzx eax, word [ebx]
mov ecx, 0x64
imul eax, dword [ebp - 0x2c]
cdq
idiv ecx
mov word [ebx], ax

loc_fffaf782:  ; not directly referenced
mov edx, esi
mov eax, edi
inc esi
add ebx, 0x13c3
call fcn_fffae6fa  ; call 0xfffae6fa
cmp esi, 2
je loc_fffafafc  ; je 0xfffafafc
jmp short loc_fffaf729  ; jmp 0xfffaf729

loc_fffaf79d:  ; not directly referenced
cmp dword [edi + 0x36e8], 0
je short loc_fffaf7b3  ; je 0xfffaf7b3
cmp byte [edi + 0x1916], 0
jne loc_fffafafc  ; jne 0xfffafafc

loc_fffaf7b3:  ; not directly referenced
test byte [edi + 0x36ca], 0xf7
je loc_fffafafc  ; je 0xfffafafc
cmp dword [edi + 0x3756], 2
mov dword [ebp - 0x40], 0
mov dword [ebp - 0x44], 0
mov dword [ebp - 0x34], 0
je short loc_fffaf7f2  ; je 0xfffaf7f2
cmp dword [edi + 0x4b19], 2
mov eax, 1
jne loc_fffaf892  ; jne 0xfffaf892
jmp short loc_fffaf7f4  ; jmp 0xfffaf7f4

loc_fffaf7f2:  ; not directly referenced
xor eax, eax

loc_fffaf7f4:  ; not directly referenced
imul eax, eax, 0x13c3
lea ecx, [edi + eax + 0x3756]
imul eax, edx, 0x2e
lea eax, [ecx + eax + 4]
movzx ecx, word [eax + 0x1a]
movzx edx, word [eax + 0x10]
movzx eax, word [eax + 0xc]
lea edx, [ecx + edx + 1]
mov cl, 0x7f
mov bl, dl
and ebx, 0x7f
cmp edx, 0x7f
cmovbe ecx, ebx
mov ebx, 0xa
imul eax, eax, 0xf
xor edx, edx
and ecx, 0x7f
div ebx
mov bl, 0x7f
cmp dl, 1
mov edx, 0x4e44
sbb eax, 0xffffffff
cmp eax, 0x7f
cmovbe ebx, eax
mov eax, edi
and ebx, 0x7f
shl ecx, 8
or ecx, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf856:  ; not directly referenced
mov eax, dword [ebp - 0x30]
call dword [eax + 0x7c]  ; ucall
mov ebx, eax
xor ax, ax
call fcn_fffaeba2  ; call 0xfffaeba2
mov dl, al
movzx eax, bx
mov dword [ebp - 0x2c], edx
call fcn_fffaeba2  ; call 0xfffaeba2
mov edx, dword [ebp - 0x2c]
test al, al
sete al
test dl, dl
sete dl
or al, dl
jne short loc_fffaf856  ; jne 0xfffaf856
mov ecx, ebx
mov edx, 0x2bb8
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffaf892:  ; not directly referenced
cmp esi, 2
je loc_fffafafc  ; je 0xfffafafc
mov ecx, dword [edi + 0x1912]
mov eax, 0x800
mov dl, 0xb

loc_fffaf8a8:  ; not directly referenced
movzx ebx, dl
cmp ebx, ecx
lea eax, [eax + eax]
jae short loc_fffaf8b5  ; jae 0xfffaf8b5
inc edx
jmp short loc_fffaf8a8  ; jmp 0xfffaf8a8

loc_fffaf8b5:  ; not directly referenced
call fcn_fffaec34  ; call 0xfffaec34
mov byte [ebp - 0x2c], 0x11
sub byte [ebp - 0x2c], al
movzx eax, byte [ebp - 0x2c]
mov word [ebp - 0x48], ax

loc_fffaf8c9:  ; not directly referenced
mov eax, dword [ebp - 0x30]
xor ebx, ebx
mov esi, 1
call dword [eax + 0x7c]  ; ucall
xor edx, edx
mov dword [ebp - 0x3c], eax

loc_fffaf8db:  ; not directly referenced
mov cl, dl
cmp bx, word [ebp - 0x48]
je short loc_fffaf8fb  ; je 0xfffaf8fb
mov eax, esi
shl eax, cl
mov ecx, dword [ebp - 0x3c]
and ecx, eax
cmp ecx, 1
sbb bx, 0xffff
inc edx
cmp edx, 0x10
jne short loc_fffaf8db  ; jne 0xfffaf8db
mov cl, 0x10

loc_fffaf8fb:  ; not directly referenced
mov ebx, 1
shl ebx, cl
dec ebx
and ebx, dword [ebp - 0x3c]
movzx eax, bx
call fcn_fffaeba2  ; call 0xfffaeba2
cmp al, byte [ebp - 0x2c]
jne short loc_fffaf8c9  ; jne 0xfffaf8c9
mov edx, ebx
xor esi, esi
mov word [ebp - 0x40], bx
not edx

loc_fffaf91d:  ; not directly referenced
mov ecx, esi
mov eax, 0xfffffffe
rol eax, cl
and eax, edx
movzx ecx, ax
mov edx, eax
mov word [ebp - 0x30], ax
mov eax, ecx
mov dword [ebp - 0x48], edx
mov dword [ebp - 0x3c], ecx
call fcn_fffaeba2  ; call 0xfffaeba2
mov ecx, dword [ebp - 0x3c]
mov edx, dword [ebp - 0x48]
cmp al, byte [ebp - 0x2c]
jne short loc_fffaf971  ; jne 0xfffaf971

loc_fffaf949:  ; not directly referenced
shl ecx, 0x10
mov eax, edi
mov edx, ecx
movzx ecx, word [ebp - 0x40]
xor esi, esi
or ebx, dword [ebp - 0x30]
or ecx, edx
mov edx, 0x4e38
mov word [ebp - 0x3c], bx
not ebx
call fcn_fffae58c  ; call 0xfffae58c
mov word [ebp - 0x30], bx
jmp short loc_fffaf97f  ; jmp 0xfffaf97f

loc_fffaf971:  ; not directly referenced
inc esi
cmp esi, 0x10
jne short loc_fffaf91d  ; jne 0xfffaf91d
jmp short loc_fffaf949  ; jmp 0xfffaf949

loc_fffaf979:  ; not directly referenced
inc esi
cmp esi, 0x10
je short loc_fffaf99e  ; je 0xfffaf99e

loc_fffaf97f:  ; not directly referenced
mov ebx, dword [ebp - 0x30]
mov edx, 0xfffffffe
mov ecx, esi
rol edx, cl
and ebx, edx
movzx eax, bx
mov word [ebp - 0x30], ax
call fcn_fffaeba2  ; call 0xfffaeba2
cmp al, byte [ebp - 0x2c]
jne short loc_fffaf979  ; jne 0xfffaf979

loc_fffaf99e:  ; not directly referenced
mov word [ebp - 0x44], bx
xor esi, esi
or ebx, dword [ebp - 0x3c]
not ebx
jmp short loc_fffaf9bc  ; jmp 0xfffaf9bc

loc_fffaf9ab:  ; not directly referenced
mov ecx, esi
mov eax, 0xfffffffe
rol eax, cl
inc esi
and ebx, eax
cmp esi, 0x10
je short loc_fffaf9c9  ; je 0xfffaf9c9

loc_fffaf9bc:  ; not directly referenced
movzx eax, bx
call fcn_fffaeba2  ; call 0xfffaeba2
cmp al, byte [ebp - 0x2c]
jne short loc_fffaf9ab  ; jne 0xfffaf9ab

loc_fffaf9c9:  ; not directly referenced
movzx ecx, word [ebp - 0x44]
shl ebx, 0x10
mov edx, 0x4e3c
mov eax, edi
or ecx, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov dword [ebp - 0x2c], 0

loc_fffaf9e5:  ; not directly referenced
imul esi, dword [ebp - 0x2c], 0x13c3
cmp dword [edi + esi + 0x3756], 2
jne loc_fffafaef  ; jne 0xfffafaef
xor ebx, ebx
test byte [edi + esi + 0x381a], 1
je short loc_fffafa5b  ; je 0xfffafa5b
cmp dword [ebp - 0x38], 0
jne short loc_fffafa2d  ; jne 0xfffafa2d
imul eax, dword [ebp - 0x2c], 0x54a
mov ax, word [edi + eax + 0x1a4f]
cmp ax, 0xce00
sete bl
cmp ax, 0xfe02
sete al
or ebx, eax
jmp short loc_fffafa5b  ; jmp 0xfffafa5b

loc_fffafa2d:  ; not directly referenced
push edx
xor ecx, ecx
push edx
mov edx, dword [ebp - 0x2c]
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
push 5
call fcn_fffa686d  ; call 0xfffa686d
lea eax, [ebp - 0x1c]
add esp, 0x10
mov cl, 1

loc_fffafa49:  ; not directly referenced
mov dl, byte [eax]
and edx, 0xfffffffd
dec dl
cmove ebx, ecx
inc eax
lea edx, [ebp - 0x18]
cmp eax, edx
jne short loc_fffafa49  ; jne 0xfffafa49

loc_fffafa5b:  ; not directly referenced
test byte [edi + esi + 0x381a], 4
je short loc_fffafac5  ; je 0xfffafac5
cmp dword [ebp - 0x38], 0
je short loc_fffafaa1  ; je 0xfffafaa1
mov edx, dword [ebp - 0x2c]
mov ecx, 2
push eax
push eax
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
push 5
call fcn_fffa686d  ; call 0xfffa686d
lea eax, [ebp - 0x1c]
add esp, 0x10
lea ecx, [ebp - 0x18]

loc_fffafa8b:  ; not directly referenced
mov dl, byte [eax]
mov esi, ebx
or esi, 2
and edx, 0xfffffffd
dec dl
cmove ebx, esi
inc eax
cmp eax, ecx
jne short loc_fffafa8b  ; jne 0xfffafa8b
jmp short loc_fffafac5  ; jmp 0xfffafac5

loc_fffafaa1:  ; not directly referenced
imul eax, dword [ebp - 0x2c], 0x54a
mov ax, word [edi + eax + 0x1cc6]
cmp ax, 0xfe02
sete dl
cmp ax, 0xce00
sete al
or dl, al
je short loc_fffafac5  ; je 0xfffafac5
or ebx, 2

loc_fffafac5:  ; not directly referenced
and dword [ebp - 0x34], 0xffffff9f
and ebx, 3
shl ebx, 5
mov edx, dword [ebp - 0x2c]
mov eax, edi
or dword [ebp - 0x34], ebx
or dword [ebp - 0x34], 0x80000000
mov ecx, dword [ebp - 0x34]
shl edx, 0xa
add edx, 0x4240
call fcn_fffae58c  ; call 0xfffae58c

loc_fffafaef:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 2
jne loc_fffaf9e5  ; jne 0xfffaf9e5

loc_fffafafc:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffafb06:  ; not directly referenced
push ebp
mov ebp, esp
push edi
movzx edi, dl
push esi
push ebx
sub esp, 0x4c
mov esi, dword [ebp + 0x14]
mov byte [ebp - 0x27], cl
mov cl, byte [ebp + 8]
mov ebx, dword [ebp + 0xc]
mov byte [ebp - 0x26], dl
mov edx, 0x4c31
mov dword [ebp - 0x38], esi
imul esi, edi, 0x13c3
mov byte [ebp - 0x48], cl
xor ecx, ecx
mov dword [ebp - 0x20], edi
mov byte [ebp - 0x34], bl
lea edi, [eax + esi + 0x3756]
mov dword [ebp - 0x1c], eax
call fcn_fffae566  ; call 0xfffae566
cmp byte [edi + 0x1241], 1
sete al
mov dl, al
mov cl, al
mov eax, dword [ebp - 0x20]
or edx, 2
cmp byte [edi + 0x1369], 1
cmove ecx, edx
shl eax, 0xa
mov edi, ecx
lea edx, [eax + 0x41bc]
xor ecx, ecx
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp - 0x1c]
call fcn_fffae566  ; call 0xfffae566
mov eax, ebx
and eax, 1
lea edx, [eax + eax]
mov al, bl
and eax, 2
and ebx, 4
shr al, 1
or eax, ebx
or eax, edx
mov ebx, eax
movzx eax, byte [ebp - 0x34]
add esi, dword [ebp - 0x1c]
shl ebx, 0x18
mov dword [ebp - 0x30], ebx
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x25], 0
mov dword [ebp - 0x4c], esi
mov dword [ebp - 0x34], eax

loc_fffafbb5:  ; not directly referenced
mov cl, byte [ebp - 0x24]
mov ebx, 1
mov esi, dword [ebp - 0x4c]
shl ebx, cl
mov al, bl
and al, byte [esi + 0x381a]
test byte [ebp - 0x27], al
je loc_fffafc5d  ; je 0xfffafc5d
mov ecx, dword [ebp - 0x34]
xor edx, edx
mov esi, dword [ebp + 0x10]
and ecx, 0xf
shl ecx, 0x18
mov eax, ecx
mov cl, byte [ebp - 0x24]
shr cl, 1
movzx ecx, cl
mov si, word [esi + ecx*2]
mov ax, si
test byte [ebp - 0x24], 1
je short loc_fffafc1e  ; je 0xfffafc1e
inc ecx
test ecx, edi
je short loc_fffafc1e  ; je 0xfffafc1e
mov edx, esi
and ax, 0x150
and dx, 0xfe07
and esi, 0xa8
shr ax, 1
add esi, esi
or eax, edx
or eax, esi
movzx eax, ax
add eax, dword [ebp - 0x30]
cdq

loc_fffafc1e:  ; not directly referenced
mov esi, dword [ebp - 0x48]
mov ecx, edx
not ebx
or ecx, 0xf000000
and ebx, 0xf
and ch, 0xf0
and esi, 0xf
shl esi, 8
or ecx, esi
and ecx, 0xfffffff0
or ecx, ebx
mov ebx, dword [ebp - 0x2c]
mov edx, ecx
push ecx
push ecx
push edx
push eax
mov eax, dword [ebp - 0x1c]
lea ecx, [ebx + 0x41c0]
mov edx, ecx
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10
inc byte [ebp - 0x25]

loc_fffafc5d:  ; not directly referenced
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 4
jne loc_fffafbb5  ; jne 0xfffafbb5
cmp byte [ebp - 0x25], 0
jne short loc_fffafc7a  ; jne 0xfffafc7a

loc_fffafc70:  ; not directly referenced
mov eax, 1
jmp near loc_fffafd4a  ; jmp 0xfffafd4a

loc_fffafc7a:  ; not directly referenced
mov edi, dword [ebp - 0x38]
mov cl, 3
mov edx, dword [ebp - 0x2c]
mov ebx, edi
mov eax, edi
mov edi, dword [ebp - 0x1c]
add edx, 0x419c
and eax, 7
test bl, bl
cmovne ecx, eax
mov al, byte [ebp - 0x25]
and ecx, 7
dec eax
and eax, 7
shl eax, 0x10
or ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x20]
lea ebx, [eax*8 + 0x48a8]
mov eax, edi
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, ebx
mov dword [ebp - 0x1c], edi
mov ecx, eax
mov esi, eax
and ch, 0xc7
mov eax, edi
or ch, 0x20
call fcn_fffae58c  ; call 0xfffae58c
mov edx, dword [ebp - 0x20]
mov ecx, 5
mov eax, dword [ebp - 0x1c]
lea edi, [edx*4 + 0x48b8]
mov edx, edi
call fcn_fffae566  ; call 0xfffae566

loc_fffafcef:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
mov edx, 0x4804
call fcn_fffae52a  ; call 0xfffae52a
cmp byte [ebp - 0x26], 0
jne short loc_fffafd15  ; jne 0xfffafd15
test al, 1
jne loc_fffafc70  ; jne 0xfffafc70
shr eax, 0x10
and eax, 1
xor eax, 1
jmp short loc_fffafd28  ; jmp 0xfffafd28

loc_fffafd15:  ; not directly referenced
test al, 2
jne loc_fffafc70  ; jne 0xfffafc70
shr eax, 0x10
shr al, 1
xor eax, 1
and eax, 1

loc_fffafd28:  ; not directly referenced
test al, al
jne short loc_fffafcef  ; jne 0xfffafcef
mov edx, edi
mov edi, dword [ebp - 0x1c]
mov ecx, 4
mov eax, edi
call fcn_fffae566  ; call 0xfffae566
mov eax, edi
mov ecx, esi
mov edx, ebx
call fcn_fffae58c  ; call 0xfffae58c
xor eax, eax

loc_fffafd4a:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffafd52:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov esi, dword [ebp + 8]
mov ebx, dword [ebp + 0xc]
cmp cl, 3
ja short loc_fffafd72  ; ja 0xfffafd72
mov word [ebp - 0x1c], bx
mov word [ebp - 0x1a], 0
jmp short loc_fffafd7c  ; jmp 0xfffafd7c

loc_fffafd72:  ; not directly referenced
mov word [ebp - 0x1c], 0
mov word [ebp - 0x1a], bx

loc_fffafd7c:  ; not directly referenced
cmp dword [eax + 0x2480], 2
movzx edi, dl
mov edx, esi
movzx ecx, cl
push 0
movzx esi, dl
sete bl
mov dword [ebp - 0x2c], edi
lea edi, [ebp - 0x1c]
mov edx, dword [ebp - 0x2c]
push edi
shl ebx, 3
push esi
movzx ebx, bl
push ebx
call fcn_fffafb06  ; call 0xfffafb06
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffafdb2:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xe0
mov esi, dword [ebp + 8]
mov edi, dword [ebp + 0x14]
mov byte [ebp - 0x9f], cl
mov ebx, dword [ebp + 0x10]
mov dword [ebp - 0x80], eax
mov eax, dword [ebp + 0xc]
mov ecx, esi
mov dword [ebp - 0xd8], esi
mov esi, ref_fffd3e80  ; mov esi, 0xfffd3e80
mov dword [ebp - 0xac], edi
mov dword [ebp - 0xb8], edx
mov byte [ebp - 0xdc], dl
mov edx, edi
mov byte [ebp - 0xc8], cl
lea edi, [ebp - 0x50]
mov ecx, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x38]
mov esi, ref_fffd3e8c  ; mov esi, 0xfffd3e8c
mov dword [ebp - 0x88], eax
mov byte [ebp - 0xa0], al
mov byte [ebp - 0x9d], dl
mov word [ebp - 0x7c], bx
mov word [ebp - 0x60], 0
mov word [ebp - 0x5e], 2
mov cl, 4
mov word [ebp - 0x5c], 1
mov word [ebp - 0x5a], 3
mov word [ebp - 0x64], 0
mov word [ebp - 0x62], 2
mov byte [ebp - 0x6a], 1
mov byte [ebp - 0x69], 2
mov byte [ebp - 0x68], 3
mov byte [ebp - 0x67], 0
mov byte [ebp - 0x66], 2
mov byte [ebp - 0x65], 3
movzx edx, byte [ebp - 0xb8]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [ebp - 0x80]
imul eax, edx, 0x13c3
mov dword [ebp - 0x84], edx
mov esi, dword [edi + 0x5edc]
lea eax, [edi + eax + 0x3756]
mov dword [ebp - 0xa8], eax
imul eax, edx, 0xcc
mov ecx, esi
mov dword [ebp - 0xa4], esi
mov esi, dword [edi + 0x2443]
lea edx, [ecx + eax + 0x1c]
mov dword [ebp - 0x9c], edx
mov edx, dword [edi + 0x188b]
lea eax, [ebp - 0x50]
push 0xc
push eax
lea eax, [ebp - 0x44]
push eax
mov dword [ebp - 0x98], edx
call dword [esi + 0x58]  ; ucall
add esp, 0xc
push 8
lea eax, [ebp - 0x60]
push eax
lea eax, [ebp - 0x58]
push eax
call dword [esi + 0x58]  ; ucall
mov eax, dword [edi + 0x2480]
add esp, 0xc
xor edx, edx
push 0x10
cmp eax, 3
sete dl
mov dword [ebp - 0xb4], edx
xor edx, edx
cmp eax, 2
lea eax, [ebp - 0x38]
sete dl
push eax
lea eax, [ebp - 0x28]
mov dword [ebp - 0xb0], edx
push eax
call dword [esi + 0x58]  ; ucall
mov ecx, dword [ebp - 0x88]
add esp, 0x10
cmp cl, 3
sete al
cmp cl, 1
setbe dl
or dl, al
jne short loc_fffaff33  ; jne 0xfffaff33
mov edx, ecx
cmp cl, 0x11
sete cl
cmp dl, 2
sete dl
or cl, dl
je loc_fffaffe5  ; je 0xfffaffe5

loc_fffaff33:  ; not directly referenced
mov ecx, dword [ebp - 0x88]
cmp cl, 1
sbb esi, esi
and esi, 0x10
add esi, 0xf
cmp cl, 1
sbb edx, edx
and edx, 0xfffffff0
sub edx, 0x10
cmp bx, si
jg short loc_fffaff5c  ; jg 0xfffaff5c
cmp dx, bx
mov esi, ebx
cmovge esi, edx

loc_fffaff5c:  ; not directly referenced
mov ebx, dword [ebp - 0x9c]
movzx ecx, byte [ebp - 0xd8]
cmp byte [ebp - 0x88], 0
lea edi, [ebx + ecx*4]
mov ebx, dword [edi + 0x78]
jne loc_fffb0a8d  ; jne 0xfffb0a8d
mov eax, esi
and ebx, 0xfffff000
and eax, 0x3f
mov edx, eax
or ebx, eax
shl edx, 6
or ebx, edx

loc_fffaff90:  ; not directly referenced
cmp byte [ebp - 0xb8], 1
mov edx, 0x365c
jbe loc_fffb0ae0  ; jbe 0xfffb0ae0

loc_fffaffa2:  ; not directly referenced
mov ecx, dword [ebp - 0x80]
lea eax, [edx + 0xc]
cmp dword [ecx + 0x188b], 1
mov ecx, ebx
cmove edx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0xac], 0
je short loc_fffaffc8  ; je 0xfffaffc8
mov dword [edi + 0x78], ebx

loc_fffaffc8:  ; not directly referenced
mov eax, dword [ebp - 0xa4]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, dword [ebp - 0x80]
or ecx, 0x20
call fcn_fffae58c  ; call 0xfffae58c
mov word [ebp - 0x7c], si

loc_fffaffe5:  ; not directly referenced
mov eax, dword [ebp - 0x88]
cmp al, 0x11
sete cl
sub eax, 4
cmp al, 1
setbe al
or al, cl
mov byte [ebp - 0x9e], cl
je loc_fffb0219  ; je 0xfffb0219
mov eax, dword [ebp - 0xa8]
xor edi, edi
lea esi, [eax + 0x24d]
imul eax, dword [ebp - 0x84], 0x13c3
add eax, dword [ebp - 0x80]
mov dword [ebp - 0xe4], eax
movzx eax, byte [ebp - 0x9f]
mov dword [ebp - 0xe8], eax

loc_fffb0034:  ; not directly referenced
mov ebx, dword [ebp - 0xe4]
mov eax, 1
mov ecx, edi
shl eax, cl
test byte [ebx + 0x381a], al
je loc_fffb020c  ; je 0xfffb020c
mov eax, dword [ebp - 0xe8]
bt eax, edi
jae loc_fffb020c  ; jae 0xfffb020c
cmp byte [ebp - 0xa0], 4
jne loc_fffb0103  ; jne 0xfffb0103
cmp dword [ebp - 0x98], 0
jne short loc_fffb0085  ; jne 0xfffb0085
mov ebx, dword [ebp - 0x7c]
mov eax, 0xb
cmp bx, 0xb
cmovle eax, ebx
jmp short loc_fffb00a8  ; jmp 0xfffb00a8

loc_fffb0085:  ; not directly referenced
cmp dword [ebp - 0x98], 1
jne short loc_fffb00ac  ; jne 0xfffb00ac
mov ecx, dword [ebp - 0x7c]
mov eax, 0xf
cmp cx, 0xf
cmovle eax, ecx
mov ecx, eax
or eax, 0x10
test byte [esi], 0x10
cmove eax, ecx

loc_fffb00a8:  ; not directly referenced
mov word [ebp - 0x7c], ax

loc_fffb00ac:  ; not directly referenced
mov ebx, dword [ebp - 0x7c]
mov eax, 0
mov ecx, edi
push edx
mov edx, dword [ebp - 0x84]
test bx, bx
cmovns eax, ebx
movzx ebx, byte [ebp - 0xc8]
mov word [ebp - 0x7c], ax
or eax, 0x30
mov word [ebp - 0xe0], ax
cwde
push eax
mov eax, dword [ebp - 0x80]
push 2
push ebx
call fcn_fffa73b0  ; call 0xfffa73b0
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je loc_fffb020c  ; je 0xfffb020c
mov al, byte [ebp - 0xe0]
mov byte [esi + ebx], al
jmp near loc_fffb020c  ; jmp 0xfffb020c

loc_fffb0103:  ; not directly referenced
cmp byte [ebp - 0xa0], 5
jne loc_fffb01c5  ; jne 0xfffb01c5
cmp dword [ebp - 0x98], 0
jne short loc_fffb0150  ; jne 0xfffb0150
cmp word [ebp - 0x7c], 0x13
jg short loc_fffb0134  ; jg 0xfffb0134
mov ecx, dword [ebp - 0x7c]
mov eax, 0
test cx, cx
cmovns eax, ecx
mov word [ebp - 0x7c], ax
jmp short loc_fffb013a  ; jmp 0xfffb013a

loc_fffb0134:  ; not directly referenced
mov word [ebp - 0x7c], 0x13

loc_fffb013a:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
mov ecx, 5
mov edx, eax
sar dx, 0xf
idiv cx
lea ebx, [edx + eax*8]
jmp short loc_fffb0185  ; jmp 0xfffb0185

loc_fffb0150:  ; not directly referenced
xor ebx, ebx
cmp dword [ebp - 0x98], 1
jne short loc_fffb0185  ; jne 0xfffb0185
mov eax, dword [ebp - 0x7c]
test ax, ax
jle short loc_fffb0185  ; jle 0xfffb0185
movsx ebx, ax
mov eax, 0x10
cmp bx, 0x10
cmovle eax, ebx
mov word [ebp - 0x7c], ax
dec eax
mov ebx, eax
and eax, 3
sar ebx, 2
add eax, eax
lea ebx, [eax + ebx*8 + 1]

loc_fffb0185:  ; not directly referenced
push eax
movzx eax, bl
mov edx, dword [ebp - 0x84]
push eax
movzx eax, byte [ebp - 0xc8]
mov ecx, edi
push 2
push eax
mov dword [ebp - 0xe0], eax
mov eax, dword [ebp - 0x80]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffb020c  ; je 0xfffb020c
mov eax, dword [ebp - 0xe0]
mov byte [esi + eax + 0xdd9], bl
jmp short loc_fffb020c  ; jmp 0xfffb020c

loc_fffb01c5:  ; not directly referenced
cmp byte [ebp - 0x9e], 0
je short loc_fffb020c  ; je 0xfffb020c
movzx ebx, byte [ebp - 0xc8]
mov ecx, edi
push eax
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
push 0
push 0xff
push ebx
call fcn_fffa73b0  ; call 0xfffa73b0
add esp, 0xc
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
mov ecx, edi
push 0
push 0xff
push ebx
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffb020c:  ; not directly referenced
inc edi
add esi, 9
cmp edi, 4
jne loc_fffb0034  ; jne 0xfffb0034

loc_fffb0219:  ; not directly referenced
cmp byte [ebp - 0x88], 6
mov cl, byte [ebp - 0x9e]
sete al
or cl, al
je loc_fffb0378  ; je 0xfffb0378
cmp dword [ebp - 0x98], 1
jne short loc_fffb0247  ; jne 0xfffb0247
cmp word [ebp - 0x7c], 0x3f
jg loc_fffb0b12  ; jg 0xfffb0b12
jmp short loc_fffb0252  ; jmp 0xfffb0252

loc_fffb0247:  ; not directly referenced
cmp word [ebp - 0x7c], 7
jg loc_fffb0b1d  ; jg 0xfffb0b1d

loc_fffb0252:  ; not directly referenced
mov edi, dword [ebp - 0x7c]
mov edx, 0
test di, di
cmovns edx, edi
mov word [ebp - 0x7c], dx

loc_fffb0264:  ; not directly referenced
movzx edi, byte [ebp - 0xd8]
mov ecx, dword [ebp - 0x9c]
mov dword [ebp - 0xc8], edi
lea edi, [ecx + edi*4]
mov ebx, dword [edi + 4]
mov esi, dword [edi + 0x28]
test al, al
je short loc_fffb02c1  ; je 0xfffb02c1
cmp dword [ebp - 0x98], 1
jne short loc_fffb02b3  ; jne 0xfffb02b3
mov ecx, dword [ebp - 0x7c]
and bh, 0xe3
and esi, 0xe3ffffff
mov eax, ecx
sar ax, 3
and eax, 7
shl eax, 0xa
or ebx, eax
mov eax, ecx
and eax, 7
shl eax, 0x1a
or esi, eax
jmp short loc_fffb02c1  ; jmp 0xfffb02c1

loc_fffb02b3:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
and bh, 0xe3
and eax, 7
shl eax, 0xa
or ebx, eax

loc_fffb02c1:  ; not directly referenced
mov ecx, dword [ebp - 0xc8]
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x98], 1
jne short loc_fffb030a  ; jne 0xfffb030a
mov ecx, dword [ebp - 0xc8]
mov edx, dword [ebp - 0x84]
mov eax, dword [ebp - 0x80]
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, esi
mov edx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb030a:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffb0378  ; je 0xfffb0378
cmp dword [ebp - 0x98], 1
mov dword [edi + 4], ebx
jne short loc_fffb0378  ; jne 0xfffb0378
mov ebx, dword [ebp - 0x80]
mov edx, 0x3a28
mov dword [edi + 0x28], esi
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
movzx ecx, byte [ebx + 0x2488]
xor edx, edx
mov esi, eax
xor eax, eax

loc_fffb033e:  ; not directly referenced
cmp cl, dl
jbe short loc_fffb0357  ; jbe 0xfffb0357
mov edi, dword [ebp - 0x9c]
mov bl, byte [edi + edx*4 + 0x2b]
inc edx
shr bl, 2
and ebx, 7
add eax, ebx
jmp short loc_fffb033e  ; jmp 0xfffb033e

loc_fffb0357:  ; not directly referenced
xor edx, edx
and esi, 0xfff1ffff
div ecx
mov ecx, esi
mov edx, 0x3a28
and eax, 7
shl eax, 0x11
or ecx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb0378:  ; not directly referenced
cmp byte [ebp - 0x88], 9
je short loc_fffb0397  ; je 0xfffb0397

loc_fffb0381:  ; not directly referenced
mov al, byte [ebp - 0x88]
sub eax, 7
cmp al, 1
ja loc_fffb060b  ; ja 0xfffb060b
jmp near loc_fffb062a  ; jmp 0xfffb062a

loc_fffb0397:  ; not directly referenced
cmp dword [ebp - 0xb4], 0
je loc_fffb0463  ; je 0xfffb0463
mov edi, dword [ebp - 0x7c]
mov al, 2
mov ecx, edi
mov ebx, edi
cmp cl, 2
cmovbe eax, ebx
xor ebx, ebx
imul edx, dword [ebp - 0x84], 0x13c3
movzx eax, al
add edx, dword [ebp - 0x80]
mov dword [ebp - 0xc8], eax
mov dword [ebp - 0x98], edx

loc_fffb03d1:  ; not directly referenced
mov esi, dword [ebp - 0x98]
mov eax, 1
mov cl, bl
mov dl, bl
shl eax, cl
test byte [esi + 0x381a], al
je short loc_fffb0454  ; je 0xfffb0454
test byte [ebp - 0x9f], al
je short loc_fffb0454  ; je 0xfffb0454
mov eax, edx
mov edi, dword [ebp - 0xa8]
shr dl, 1
and eax, 1
movzx edx, dl
imul edx, edx, 0x128
imul eax, eax, 0x18
lea eax, [eax + edx + 0x1260]
movzx edx, byte [ebp - 0xdc]
lea edi, [edi + eax + 0xb]
mov eax, dword [ebp - 0xc8]
movzx esi, byte [ebp + eax - 0x6a]
mov ax, word [edi + 6]
push ecx
mov ecx, ebx
push 0
and eax, 0xfffffff0
or esi, eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 3
call fcn_fffaa505  ; call 0xfffaa505
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffb0454  ; je 0xfffb0454
mov word [edi + 6], si

loc_fffb0454:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffb03d1  ; jne 0xfffb03d1
jmp near loc_fffb0381  ; jmp 0xfffb0381

loc_fffb0463:  ; not directly referenced
cmp dword [ebp - 0xb0], 1
mov dword [ebp - 0x98], 0
sbb ebx, ebx
xor eax, eax
and ebx, 0xffffffe4
sub ebx, 7
cmp byte [ebp - 0x7c], 0
setne al
mov ax, word [ebp + eax*2 - 0x64]
mov word [ebp - 0xc8], ax
imul eax, dword [ebp - 0x84], 0x13c3
add eax, dword [ebp - 0x80]
mov dword [ebp - 0xd8], eax

loc_fffb04a4:  ; not directly referenced
mov edi, dword [ebp - 0x98]
mov eax, 1
mov ecx, edi
mov edx, edi
shl eax, cl
mov ecx, dword [ebp - 0xd8]
test byte [ecx + 0x381a], al
je short loc_fffb0523  ; je 0xfffb0523
test byte [ebp - 0x9f], al
je short loc_fffb0523  ; je 0xfffb0523
mov ecx, edx
mov esi, dword [ebp - 0xa8]
shr dl, 1
and ecx, 1
movzx edx, dl
imul ecx, ecx, 0x18
imul edx, edx, 0x128
lea edx, [ecx + edx + 0x1260]
mov ecx, eax
mov eax, dword [ebp - 0x80]
lea edi, [esi + edx + 0xb]
mov esi, ebx
and si, word [edi + 2]
or esi, dword [ebp - 0xc8]
push edx
push edx
movzx edx, si
push edx
mov edx, dword [ebp - 0x84]
push 1
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffb0523  ; je 0xfffb0523
mov word [edi + 2], si

loc_fffb0523:  ; not directly referenced
inc dword [ebp - 0x98]
cmp dword [ebp - 0x98], 4
jne loc_fffb04a4  ; jne 0xfffb04a4
jmp near loc_fffb0381  ; jmp 0xfffb0381

loc_fffb053b:  ; not directly referenced
mov esi, dword [ebp - 0xb0]
mov dword [ebp - 0xb4], 0
cmp esi, 1
sbb eax, eax
mov dword [ebp - 0xd8], eax
add eax, 3
and word [ebp - 0xd8], 0x4bc
sub word [ebp - 0xd8], 0x701
cmp esi, 1
mov esi, dword [ebp - 0x7c]
sbb ebx, ebx
mov dword [ebp - 0xc8], ebx
mov dword [ebp - 0x98], ebx
and byte [ebp - 0xc8], 0xfe
and byte [ebp - 0x98], 0xfa
mov edx, esi
sar dx, 4
mov ecx, esi
add byte [ebp - 0xc8], 7
add byte [ebp - 0x98], 8
cmp byte [ebp - 0x88], 7
cmovne edx, ecx
cmp al, dl
cmova eax, edx
movzx eax, al
mov dword [ebp - 0xdc], eax
imul eax, dword [ebp - 0x84], 0x13c3
add eax, dword [ebp - 0x80]
mov dword [ebp - 0xe0], eax
mov eax, esi
and eax, 0xf
mov byte [ebp - 0xe4], al

loc_fffb05d9:  ; not directly referenced
mov edi, dword [ebp - 0xb4]
mov ebx, 1
mov esi, dword [ebp - 0xe0]
mov ecx, edi
mov eax, edi
shl ebx, cl
test byte [esi + 0x381a], bl
jne loc_fffb06ea  ; jne 0xfffb06ea

loc_fffb05fc:  ; not directly referenced
inc dword [ebp - 0xb4]
cmp dword [ebp - 0xb4], 4
jne short loc_fffb05d9  ; jne 0xfffb05d9

loc_fffb060b:  ; not directly referenced
mov al, byte [ebp - 0x88]
sub eax, 0xa
cmp al, 1
setbe al
or al, byte [ebp - 0x9e]
jne loc_fffb07d8  ; jne 0xfffb07d8
jmp near loc_fffb08df  ; jmp 0xfffb08df

loc_fffb062a:  ; not directly referenced
cmp dword [ebp - 0xb4], 0
je loc_fffb053b  ; je 0xfffb053b
mov ebx, dword [ebp - 0x7c]
mov al, 2
cmp bl, 2
cmovbe eax, ebx
xor ebx, ebx
imul esi, dword [ebp - 0x84], 0x13c3
movzx eax, al
add esi, dword [ebp - 0x80]
mov dword [ebp - 0x84], eax
mov dword [ebp - 0x7c], esi

loc_fffb065d:  ; not directly referenced
mov edi, dword [ebp - 0x7c]
mov eax, 1
mov cl, bl
mov dl, bl
shl eax, cl
test byte [edi + 0x381a], al
je short loc_fffb06db  ; je 0xfffb06db
test byte [ebp - 0x9f], al
je short loc_fffb06db  ; je 0xfffb06db
mov al, bl
and edx, 1
mov ecx, dword [ebp - 0xa8]
shr al, 1
mov esi, dword [ebp - 0x84]
movzx eax, al
imul edx, edx, 0x18
imul eax, eax, 0x128
movzx esi, byte [ebp + esi - 0x67]
add eax, edx
movzx edx, byte [ebp - 0xdc]
lea edi, [ecx + eax + 0x1260]
mov ax, word [edi + 0x19]
push ecx
mov ecx, ebx
push 0
and eax, 0xfffffffc
or esi, eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 0xb
call fcn_fffaa505  ; call 0xfffaa505
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffb06db  ; je 0xfffb06db
mov word [edi + 0x19], si

loc_fffb06db:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffb065d  ; jne 0xfffb065d
jmp near loc_fffb0b28  ; jmp 0xfffb0b28

loc_fffb06ea:  ; not directly referenced
test byte [ebp - 0x9f], bl
je loc_fffb05fc  ; je 0xfffb05fc
mov edx, eax
mov edi, dword [ebp - 0xa8]
mov ecx, ebx
shr al, 1
and edx, 1
movzx eax, al
imul edx, edx, 0x18
imul eax, eax, 0x128
lea eax, [edx + eax + 0x1260]
lea edi, [edi + eax + 0xb]
mov eax, dword [ebp - 0xdc]
mov si, word [ebp + eax*2 - 0x58]
mov ax, word [edi + 4]
push edx
push edx
mov edx, dword [ebp - 0x84]
shl esi, 9
and ah, 0xf9
or esi, eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 2
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je short loc_fffb0759  ; je 0xfffb0759
mov word [edi + 4], si

loc_fffb0759:  ; not directly referenced
cmp byte [ebp - 0xa0], 8
je loc_fffb05fc  ; je 0xfffb05fc
mov esi, dword [ebp - 0xc8]
mov al, byte [ebp - 0xe4]
mov ecx, esi
cmp cl, al
cmova esi, eax
cmp dword [ebp - 0xb0], 0
mov eax, esi
movzx eax, al
je short loc_fffb078e  ; je 0xfffb078e
movzx eax, word [ebp + eax*2 - 0x28]
jmp short loc_fffb0793  ; jmp 0xfffb0793

loc_fffb078e:  ; not directly referenced
movzx eax, word [ebp + eax*2 - 0x44]

loc_fffb0793:  ; not directly referenced
mov cl, byte [ebp - 0x98]
mov esi, dword [ebp - 0xd8]
and si, word [edi + 2]
mov edx, dword [ebp - 0x84]
shl eax, cl
mov ecx, ebx
or esi, eax
push eax
push eax
movzx eax, si
push eax
mov eax, dword [ebp - 0x80]
push 1
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10
cmp byte [ebp - 0x9d], 0
je loc_fffb05fc  ; je 0xfffb05fc
mov word [edi + 2], si
jmp near loc_fffb05fc  ; jmp 0xfffb05fc

loc_fffb07d8:  ; not directly referenced
mov ecx, dword [ebp - 0x88]
cmp cl, 0xb
sete al
movzx edi, al
setne al
movzx eax, al
lea edi, [edi*8 + 7]
lea eax, [eax*8 - 0x10]
cmp word [ebp - 0x7c], di
jg short loc_fffb080a  ; jg 0xfffb080a
mov edi, dword [ebp - 0x7c]
cmp ax, di
cmovge edi, eax

loc_fffb080a:  ; not directly referenced
mov eax, dword [ebp - 0x9c]
cmp byte [ebp - 0x88], 0xa
mov ebx, dword [eax + 0x4c]
mov esi, dword [eax + 0x50]
jne short loc_fffb0840  ; jne 0xfffb0840
mov eax, edi
and ebx, 0xfffe01ff
and eax, 0xf
and esi, 0xfffe01ff
mov edx, eax
shl edx, 9
shl eax, 0xd
or ebx, edx
or ebx, eax
or esi, edx
jmp short loc_fffb0856  ; jmp 0xfffb0856

loc_fffb0840:  ; not directly referenced
cmp byte [ebp - 0x88], 0xb
jne short loc_fffb0858  ; jne 0xfffb0858
mov eax, edi
and ebx, 0xffffffe0
and eax, 0x1f
and esi, 0xffffffe0
or ebx, eax

loc_fffb0856:  ; not directly referenced
or esi, eax

loc_fffb0858:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffb086d  ; je 0xfffb086d
mov eax, dword [ebp - 0x9c]
mov dword [eax + 0x4c], ebx
mov dword [eax + 0x50], esi

loc_fffb086d:  ; not directly referenced
mov eax, dword [ebp - 0x84]
mov ecx, ebx
shl eax, 8
lea edx, [eax + 0x1404]
mov dword [ebp - 0x7c], eax
mov eax, dword [ebp - 0x80]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x7c]
mov ecx, ebx
lea edx, [eax + 0x1a04]
mov eax, dword [ebp - 0x80]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x7c]
mov ecx, ebx
mov ebx, dword [ebp - 0x80]
lea edx, [eax + 0x1204]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x7c]
mov ecx, esi
lea edx, [eax + 0x3414]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0xa4]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, ebx
or ecx, 0x20
call fcn_fffae58c  ; call 0xfffae58c
mov word [ebp - 0x7c], di

loc_fffb08df:  ; not directly referenced
cmp byte [ebp - 0x88], 0xf
mov al, byte [ebp - 0x9e]
sete dl
or al, dl
je loc_fffb09b9  ; je 0xfffb09b9
mov ecx, dword [ebp - 0x7c]
mov eax, 0xfffffff8
mov ebx, 7
cmp cx, 0xfff8
cmovge eax, ecx
cmp ax, 7
cmovg eax, ebx
mov word [ebp - 0x7c], ax
mov eax, dword [ebp - 0xa4]
mov ebx, dword [eax + 0xc]
test dl, dl
je short loc_fffb096d  ; je 0xfffb096d
cmp byte [ebp - 0xb8], 1
jne short loc_fffb0955  ; jne 0xfffb0955
mov eax, dword [ebp - 0x80]
cmp dword [eax + 0x3756], 2
jne short loc_fffb0955  ; jne 0xfffb0955
mov edx, 0x3a14
call fcn_fffae52a  ; call 0xfffae52a
mov esi, dword [ebp - 0x7c]
shr eax, 0x14
and eax, 0xf
cmp si, ax
cmovge eax, esi
mov word [ebp - 0x7c], ax

loc_fffb0955:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
and ebx, 0xf00fffff
and eax, 0xf
mov edx, eax
shl edx, 0x14
shl eax, 0x18
or ebx, edx
or ebx, eax

loc_fffb096d:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffb097f  ; je 0xfffb097f
mov eax, dword [ebp - 0xa4]
mov dword [eax + 0xc], ebx

loc_fffb097f:  ; not directly referenced
mov edi, dword [ebp - 0x80]
mov ecx, ebx
mov edx, 0x3a14
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x5f08
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x78
mov eax, edi
call fcn_fffa834b  ; call 0xfffa834b

loc_fffb09b9:  ; not directly referenced
cmp byte [ebp - 0x88], 0xc
mov cl, byte [ebp - 0x9e]
sete al
or cl, al
je loc_fffb0b28  ; je 0xfffb0b28
test al, al
je short loc_fffb09dd  ; je 0xfffb09dd
mov bl, byte [ebp - 0x7c]
and ebx, 3
jmp short loc_fffb09e9  ; jmp 0xfffb09e9

loc_fffb09dd:  ; not directly referenced
mov eax, dword [ebp - 0x9c]
mov bl, byte [eax + 0xb4]

loc_fffb09e9:  ; not directly referenced
cmp byte [ebp - 0xac], 0
je short loc_fffb09fe  ; je 0xfffb09fe
mov eax, dword [ebp - 0x9c]
mov byte [eax + 0xb4], bl

loc_fffb09fe:  ; not directly referenced
mov esi, dword [ebp - 0x84]
and ebx, 3
mov eax, dword [ebp - 0x80]
shl ebx, 0xd
shl esi, 8
lea edi, [esi + 0x140c]
mov edx, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, edi
lea edi, [esi + 0x1a0c]
add esi, 0x121c
and ah, 0x9f
or eax, ebx
mov ecx, eax
mov eax, dword [ebp - 0x80]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x80]
mov edx, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, edi
mov edi, dword [ebp - 0x80]
and ah, 0x9f
or eax, ebx
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, esi
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, esi
and ah, 0x9f
or eax, ebx
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0xa4]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, edi
or ecx, 0x20
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffb0b28  ; jmp 0xfffb0b28

loc_fffb0a8d:  ; not directly referenced
cmp byte [ebp - 0x88], 1
jne short loc_fffb0aad  ; jne 0xfffb0aad
mov eax, esi
and ebx, 0xffc00fff
and eax, 0x1f
mov edx, eax
shl edx, 0xc
shl eax, 0x11
or ebx, edx
jmp short loc_fffb0ad9  ; jmp 0xfffb0ad9

loc_fffb0aad:  ; not directly referenced
test al, al
je short loc_fffb0ac1  ; je 0xfffb0ac1
mov eax, esi
and ebx, 0xf83fffff
and eax, 0x1f
shl eax, 0x16
jmp short loc_fffb0ad9  ; jmp 0xfffb0ad9

loc_fffb0ac1:  ; not directly referenced
cmp byte [ebp - 0x88], 2
jne loc_fffaff90  ; jne 0xfffaff90
mov eax, esi
and ebx, 0x7ffffff
shl eax, 0x1b

loc_fffb0ad9:  ; not directly referenced
or ebx, eax
jmp near loc_fffaff90  ; jmp 0xfffaff90

loc_fffb0ae0:  ; not directly referenced
cmp byte [ebp - 0xd8], 8
jbe short loc_fffb0afd  ; jbe 0xfffb0afd
mov edx, dword [ebp - 0x84]
shl edx, 8
add edx, 0x305c
jmp near loc_fffaffa2  ; jmp 0xfffaffa2

loc_fffb0afd:  ; not directly referenced
mov eax, dword [ebp - 0x84]
shl ecx, 9
shl eax, 8
lea edx, [eax + ecx + 0x5c]
jmp near loc_fffaffa2  ; jmp 0xfffaffa2

loc_fffb0b12:  ; not directly referenced
mov word [ebp - 0x7c], 0x3f
jmp near loc_fffb0264  ; jmp 0xfffb0264

loc_fffb0b1d:  ; not directly referenced
mov word [ebp - 0x7c], 7
jmp near loc_fffb0264  ; jmp 0xfffb0264

loc_fffb0b28:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb0b30:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
lea esi, [eax + 0x3756]
mov dword [ebp - 0x2c], eax
mov eax, dword [eax + 0x5edc]
mov byte [ebp - 0x1f], dl
mov dword [ebp - 0x28], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x1c], eax
add eax, 0x1c
mov dword [ebp - 0x30], eax
movzx eax, dl
mov dword [ebp - 0x34], eax

loc_fffb0b64:  ; not directly referenced
mov eax, dword [ebp - 0x28]
cmp dword [eax], 2
je short loc_fffb0b8b  ; je 0xfffb0b8b

loc_fffb0b6c:  ; not directly referenced
inc dword [ebp - 0x24]
add dword [ebp - 0x28], 0x13c3
add dword [ebp - 0x30], 0xcc
cmp dword [ebp - 0x24], 2
jne short loc_fffb0b64  ; jne 0xfffb0b64
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffb0b8b:  ; not directly referenced
mov byte [ebp - 0x1c], 0

loc_fffb0b8f:  ; not directly referenced
mov esi, dword [ebp - 0x2c]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [esi + 0x2488]
jae short loc_fffb0b6c  ; jae 0xfffb0b6c
mov esi, dword [ebp - 0x28]
movzx edx, cl
mov ebx, 0x200
xor ecx, ecx
mov word [ebp - 0x1e], 0
mov al, byte [esi + 0xc4]
lea esi, [esi + edx*2]

loc_fffb0bb9:  ; not directly referenced
mov edi, 1
shl edi, cl
mov edx, edi
test al, dl
je short loc_fffb0be5  ; je 0xfffb0be5
imul edi, ecx, 0x12
mov dx, word [ebp - 0x1e]
movzx edi, word [esi + edi + 0x1b1]
cmp dx, di
cmovb edx, edi
cmp bx, di
mov word [ebp - 0x1e], dx
cmova ebx, edi

loc_fffb0be5:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffb0bb9  ; jne 0xfffb0bb9
mov eax, dword [ebp - 0x2c]
mov dx, word [ebp - 0x1e]
movzx ecx, word [eax + 0x2489]
mov eax, 0x13880
shr dx, 6
lea edi, [edx + 1]
xor edx, edx
movzx edi, di
div ecx
mov edx, 0x80
mov ecx, dword [ebp - 0x34]
cmp eax, 0x7f
cmova edx, eax
mov al, 6
sub ebx, edx
mov dl, 0xfc
shr ebx, 6
sub bl, byte [ebp - 0x1f]
cmp bl, 6
cmovle eax, ebx
mov ebx, 7
cmp al, 0xfc
cmovge edx, eax
movsx eax, dl
sub edi, eax
lea eax, [edi + ecx - 1]
movzx ecx, byte [ebp - 0x1c]
mov edi, dword [ebp - 0x30]
cmp eax, 7
cmovle ebx, eax
and edx, 0xf
mov esi, edx
shl edx, 5
lea edi, [edi + ecx*4]
mov byte [ebp - 0x1e], dl
mov dl, byte [edi + 5]
and edx, 0x1f
or dl, byte [ebp - 0x1e]
mov byte [edi + 5], dl
mov edx, esi
shr dl, 3
mov byte [ebp - 0x1e], dl
xor edx, edx
test ebx, ebx
cmovns edx, ebx
mov bl, dl
and ebx, 7
lea edx, [ebx + ebx]
or dl, byte [ebp - 0x1e]
shl esi, 4
or edx, esi
mov esi, dword [ebp - 0x2c]
mov byte [edi + 6], dl
mov dl, byte [edi + 7]
mov eax, esi
and edx, 0xfffffff8
or edx, ebx
mov byte [edi + 7], dl
mov edx, dword [ebp - 0x24]
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, dword [edi + 4]
mov edx, eax
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x1c]
jmp near loc_fffb0b8f  ; jmp 0xfffb0b8f

fcn_fffb0cb4:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
movzx ebx, dl
sub esp, 0x2c
mov eax, dword [ebp + 0x10]
imul edx, ebx, 0x13c3
cmp dword [ebp + 8], 0
mov byte [ebp - 0x20], cl
mov dword [ebp - 0x2c], eax
mov cl, al
lea eax, [esi + edx + 0x3756]
mov dword [ebp - 0x1c], eax
je short loc_fffb0cec  ; je 0xfffb0cec
mov al, byte [eax + 0xc4]
mov byte [ebp - 0x20], al

loc_fffb0cec:  ; not directly referenced
cmp dword [esi + 0x2480], 3
sete byte [ebp - 0x24]
xor edi, edi
imul edx, ebx, 0x13c3
lea eax, [esi + edx]
mov dword [ebp - 0x30], eax
movzx eax, cl
mov dword [ebp - 0x28], eax

loc_fffb0d0b:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, 1
mov ecx, edi
shl edx, cl
test byte [eax + 0x381a], dl
je short loc_fffb0d7a  ; je 0xfffb0d7a
mov al, byte [ebp - 0x24]
cmp dword [ebp + 8], 0
setne cl
xor eax, 1
test cl, al
je short loc_fffb0d4d  ; je 0xfffb0d4d
push eax
push dword [ebp - 0x28]
push dword [ebp + 0xc]
mov dword [ebp - 0x34], edx
push edx
push edx
push 0
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
mov edx, dword [ebp - 0x34]
jmp short loc_fffb0d58  ; jmp 0xfffb0d58

loc_fffb0d4d:  ; not directly referenced
cmp dword [ebp + 8], 0
jne short loc_fffb0d58  ; jne 0xfffb0d58
test byte [ebp - 0x20], dl
je short loc_fffb0d7a  ; je 0xfffb0d7a

loc_fffb0d58:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
push ecx
push dword [ebp - 0x28]
movzx ecx, byte [eax + edi + 0x245]
add ecx, dword [ebp + 0xc]
push ecx
push 1
push edx
push 4
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffb0d7a:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffb0d0b  ; jne 0xfffb0d0b
movzx edi, byte [ebp - 0x2c]
mov ecx, dword [ebp - 0x1c]
push edx
mov edx, dword [ebp + 0xc]
movzx eax, byte [ebp - 0x20]
push edi
add edx, dword [ecx + 0x111]
mov dword [ebp - 0x20], eax
push edx
push 1
push eax
push 2
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
cmp byte [ebp - 0x24], 0
je loc_fffb0e62  ; je 0xfffb0e62
imul edx, ebx, 0x54a
xor eax, eax
lea ecx, [edx + 0xf0]
mov dword [ebp - 0x24], ecx

loc_fffb0dc4:  ; not directly referenced
cmp al, 1
setbe cl
cmp dword [ebp + 8], 0
setne dl
test cl, dl
je short loc_fffb0e11  ; je 0xfffb0e11
mov ecx, dword [ebp - 0x24]
movzx edx, al
lea edx, [esi + edx + 0x186e]
cmp byte [edx + ecx + 0x54b], 0
je short loc_fffb0e0e  ; je 0xfffb0e0e
push ecx
mov edx, 1
push edi
mov cl, al
push dword [ebp + 0xc]
shl edx, cl
mov dword [ebp - 0x28], eax
push edx
push 0
push 0
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp - 0x28]
add esp, 0x20

loc_fffb0e0e:  ; not directly referenced
inc eax
jmp short loc_fffb0dc4  ; jmp 0xfffb0dc4

loc_fffb0e11:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
push edx
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x109]
push edx
push 1
push dword [ebp - 0x20]
push 3
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp - 0x1c]
add esp, 0x1c
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x115]
push edx
push 2
push dword [ebp - 0x20]
push 2
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp - 0x1c]
add esp, 0x1c
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x11d]
push edx
push 2
jmp short loc_fffb0e73  ; jmp 0xfffb0e73

loc_fffb0e62:  ; not directly referenced
push eax
mov eax, dword [ebp - 0x1c]
mov edx, dword [ebp + 0xc]
push edi
add edx, dword [eax + 0x119]
push edx
push 1

loc_fffb0e73:  ; not directly referenced
push dword [ebp - 0x20]
push 1
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb0e8a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
mov ebx, eax
sub esp, 0x2c
mov edi, dword [eax + 0x2443]
call dword [edi + 0x54]  ; ucall
add eax, 0x2710
mov dword [ebp - 0x2c], eax

loc_fffb0ea8:  ; not directly referenced
imul eax, esi, 0x13c3
mov dword [ebp + esi*4 - 0x28], 0
cmp dword [ebx + eax + 0x3756], 2
jne short loc_fffb0f12  ; jne 0xfffb0f12
cmp dword [ebx + 0x188b], 0
je short loc_fffb0f12  ; je 0xfffb0f12
xor ecx, ecx
mov edx, esi
mov eax, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov edx, eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov dword [ebp + esi*4 - 0x20], eax
test eax, 0x1000000
je short loc_fffb0f12  ; je 0xfffb0f12
and eax, 0xfeffffff
mov ecx, 0xff
mov dword [ebp - 0x30], eax
mov edx, esi
mov eax, ebx
mov dword [ebp + esi*4 - 0x28], 1
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebp - 0x30]
mov edx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb0f12:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffb0ea8  ; jne 0xfffb0ea8
mov edx, 0x5030
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5030
or eax, 0x800000
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb0f37:  ; not directly referenced
mov edx, 0x5030
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
shr eax, 0x10
test al, al
jns short loc_fffb0f59  ; jns 0xfffb0f59
call dword [edi + 0x54]  ; ucall
cmp dword [ebp - 0x2c], eax
ja short loc_fffb0f37  ; ja 0xfffb0f37
mov edi, 1
jmp short loc_fffb0f5b  ; jmp 0xfffb0f5b

loc_fffb0f59:  ; not directly referenced
xor edi, edi

loc_fffb0f5b:  ; not directly referenced
xor esi, esi

loc_fffb0f5d:  ; not directly referenced
cmp dword [ebp + esi*4 - 0x28], 0
je short loc_fffb0f7f  ; je 0xfffb0f7f
mov ecx, 0xff
mov edx, esi
mov eax, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebp + esi*4 - 0x20]
mov edx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb0f7f:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffb0f5d  ; jne 0xfffb0f5d
mov eax, edi
add esp, 0x2c
neg eax
pop ebx
and eax, 0x12
pop esi
pop edi
pop ebp
ret

fcn_fffb0f94:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
add esp, 0xffffff80
mov al, byte [ebp + 0xc]
mov ebx, dword [edi + 0x2443]
push 1
mov esi, dword [edi + 0x5edc]
push 8
mov byte [ebp - 0x6a], al
mov eax, dword [edi + 0x188b]
mov dword [ebp - 0x64], edx
mov dword [ebp - 0x54], ecx
mov byte [ebp - 0x50], dl
mov dword [ebp - 0x78], eax
lea eax, [ebp - 0x38]
push eax
mov byte [ebp - 0x4e], cl
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x30]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 9
push 8
lea eax, [ebp - 0x28]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x20]
push eax
call dword [ebx + 0x64]  ; ucall
add esp, 0x10
cmp byte [ebp - 0x54], 1
jne short loc_fffb1029  ; jne 0xfffb1029
mov byte [ebp - 0x35], 0xa
mov byte [ebp - 0x36], 0x13
mov byte [ebp - 0x37], 0x19
mov byte [ebp - 0x38], 0x19
mov byte [ebp - 0x2d], 0xa
mov byte [ebp - 0x2e], 0xa
mov byte [ebp - 0x25], 0x3f
mov byte [ebp - 0x26], 0x3f
jmp near loc_fffb10b1  ; jmp 0xfffb10b1

loc_fffb1029:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp al, 2
je short loc_fffb10ab  ; je 0xfffb10ab
cmp al, 5
jne short loc_fffb103a  ; jne 0xfffb103a

loc_fffb1034:  ; not directly referenced
mov byte [ebp - 0x4d], 8
jmp short loc_fffb10b5  ; jmp 0xfffb10b5

loc_fffb103a:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp al, 6
je short loc_fffb10b1  ; je 0xfffb10b1
cmp al, 9
jne short loc_fffb106c  ; jne 0xfffb106c
mov ebx, dword [ebp - 0x64]
movzx eax, bl
and bl, 1
je short loc_fffb1059  ; je 0xfffb1059
mov edx, dword [esi + 0xbc]
mov dword [ebp - 0x20], edx

loc_fffb1059:  ; not directly referenced
mov byte [ebp - 0x4d], 2
test al, 2
je short loc_fffb10b5  ; je 0xfffb10b5
mov eax, dword [esi + 0x188]
mov dword [ebp - 0x1c], eax
jmp short loc_fffb10b5  ; jmp 0xfffb10b5

loc_fffb106c:  ; not directly referenced
cmp byte [ebp - 0x54], 0xa
mov byte [ebp - 0x4d], 1
jne short loc_fffb10b5  ; jne 0xfffb10b5
mov eax, dword [ebp - 0x64]
movzx edx, al
test al, 1
je short loc_fffb1092  ; je 0xfffb1092
mov eax, dword [esi + 0xbc]
mov dword [ebp - 0x20], eax
shr eax, 0xf
and eax, 0xf
mov byte [ebp - 0x3a], al

loc_fffb1092:  ; not directly referenced
and dl, 2
je short loc_fffb1034  ; je 0xfffb1034
mov eax, dword [esi + 0x188]
mov dword [ebp - 0x1c], eax
shr eax, 0xf
and eax, 0xf
mov byte [ebp - 0x39], al
jmp short loc_fffb1034  ; jmp 0xfffb1034

loc_fffb10ab:  ; not directly referenced
mov byte [ebp - 0x4d], 7
jmp short loc_fffb10b5  ; jmp 0xfffb10b5

loc_fffb10b1:  ; not directly referenced
mov byte [ebp - 0x4d], 4

loc_fffb10b5:  ; not directly referenced
movzx eax, byte [ebp - 0x50]
mov dword [ebp - 0x4c], 0
mov byte [ebp - 0x69], 0
mov dword [ebp - 0x68], eax
movzx eax, byte [ebp - 0x4d]
mov dword [ebp - 0x80], eax

loc_fffb10ce:  ; not directly referenced
mov ebx, dword [ebp - 0x4c]
mov byte [ebp - 0x4f], bl
mov bl, byte [ebp + ebx - 0x38]
movzx eax, bl
dec eax
call fcn_fffaec34  ; call 0xfffaec34
cmp bl, 0x1f
jbe short loc_fffb112f  ; jbe 0xfffb112f
mov ebx, dword [ebp - 0x4c]
mov byte [ebp + ebx - 0x38], al

loc_fffb10ed:  ; not directly referenced
mov cl, byte [ebp - 0x4f]
mov dword [ebp - 0x58], 0x4004
mov dword [ebp - 0x60], 0x4917
mov al, cl
shl eax, 4
add eax, ecx
cmp cl, 4
movzx eax, al
mov dword [ebp - 0x7c], eax
sbb eax, eax
xor ebx, ebx
and eax, 0x1f
mov dword [ebp - 0x70], eax
mov al, cl
and eax, 3
mov byte [ebp - 0x6b], al
add eax, 4
or dword [ebp - 0x70], 0x80
mov byte [ebp - 0x6c], al
jmp short loc_fffb113b  ; jmp 0xfffb113b

loc_fffb112f:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
add ebx, 0x20
mov byte [ebp + eax - 0x38], bl
jmp short loc_fffb10ed  ; jmp 0xfffb10ed

loc_fffb113b:  ; not directly referenced
mov eax, dword [ebp - 0x68]
bt eax, ebx
jae loc_fffb12f7  ; jae 0xfffb12f7
mov eax, dword [ebp - 0x58]
lea edx, [eax + 0x94]
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
shr eax, 0xc
and eax, 1
cmp byte [ebp - 0x4e], 1
mov byte [ebp - 0x69], al
jne short loc_fffb11d6  ; jne 0xfffb11d6
mov edx, dword [ebp - 0x4c]
mov dword [ebp - 0x5c], ebx
movzx ecx, byte [ebp + edx - 0x30]
movzx eax, byte [ebp + edx - 0x28]
mov dl, byte [ebp + edx - 0x38]
and ecx, 0x3f
and eax, 0x3f
shl eax, 0x10
mov ebx, edx
shl ecx, 8
and ebx, 0x1f
or ecx, eax
mov eax, dword [ebp - 0x58]
shr dl, 5
or ecx, ebx
and edx, 1
shl edx, 5
or ecx, edx
lea edx, [eax + 0x1fc]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, dword [ebp - 0x4c]
mov eax, 1
mov ecx, dword [ebp + 8]
mov ebx, dword [ebp - 0x5c]
movzx ecx, byte [ecx + edx]
lea edx, [ebx*4 + 0x4980]
shl eax, cl
cmp dword [ebp - 0x78], 1
lea ecx, [edx + 0x20]
cmove edx, ecx
mov ecx, eax
jmp near loc_fffb1273  ; jmp 0xfffb1273

loc_fffb11d6:  ; not directly referenced
cmp byte [ebp - 0x4e], 2
jne short loc_fffb11f6  ; jne 0xfffb11f6
sub esp, 0xc
mov ecx, dword [ebp - 0x80]
mov edx, ebx
push dword [ebp - 0x4c]
mov eax, edi
call fcn_fffaa3c8  ; call 0xfffaa3c8
add esp, 0x10
jmp near loc_fffb12f7  ; jmp 0xfffb12f7

loc_fffb11f6:  ; not directly referenced
mov al, byte [ebp - 0x4e]
sub eax, 5
cmp al, 1
ja short loc_fffb127c  ; ja 0xfffb127c
mov eax, dword [ebp - 0x60]
mov ecx, dword [ebp - 0x7c]
lea edx, [eax - 0x6c]
mov eax, edi
call fcn_fffae566  ; call 0xfffae566
cmp byte [ebp - 0x4e], 5
jne short loc_fffb122f  ; jne 0xfffb122f
mov cl, byte [ebp - 0x4f]
cmp cl, 7
setne al
test cl, cl
setne cl
movzx ecx, cl
mov dword [ebp - 0x5c], ecx
and dword [ebp - 0x5c], eax
jmp short loc_fffb123b  ; jmp 0xfffb123b

loc_fffb122f:  ; not directly referenced
xor eax, eax
test byte [ebp - 0x4f], 0xfd
setne al
mov dword [ebp - 0x5c], eax

loc_fffb123b:  ; not directly referenced
mov edx, dword [ebp - 0x60]
mov eax, edx
sub eax, 7
mov dword [ebp - 0x74], eax
mov al, byte [ebp - 0x5c]
lea ecx, [eax - 0x80]
mov eax, edi
movzx ecx, cl
call fcn_fffae566  ; call 0xfffae566
mov edx, dword [ebp - 0x74]
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x5c]
mov edx, dword [ebp - 0x74]
sub ecx, 0xffffff80
shl ecx, 0xc
and eax, 0xfff00fff
or ecx, eax

loc_fffb1273:  ; not directly referenced
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffb12f7  ; jmp 0xfffb12f7

loc_fffb127c:  ; not directly referenced
cmp byte [ebp - 0x4e], 9
jne short loc_fffb12a7  ; jne 0xfffb12a7
cmp byte [ebp - 0x4f], 1
mov al, byte [ebp + ebx*4 - 0x1f]
sbb edx, edx
add edx, 5
and edx, 7
and eax, 0xffffff8f
shl edx, 4
or eax, edx
mov edx, dword [ebp - 0x58]
mov byte [ebp + ebx*4 - 0x1f], al
mov ecx, dword [ebp + ebx*4 - 0x20]
jmp short loc_fffb1273  ; jmp 0xfffb1273

loc_fffb12a7:  ; not directly referenced
cmp byte [ebp - 0x4e], 0xa
jne short loc_fffb12f7  ; jne 0xfffb12f7
mov dl, byte [ebp - 0x6c]
mov al, byte [ebp + ebx*4 - 0x1f]
and edx, 7
shl edx, 4
and eax, 0xffffff8f
or eax, edx
mov byte [ebp + ebx*4 - 0x1f], al
mov al, byte [ebp - 0x6b]
add al, byte [ebp + ebx - 0x3a]
mov ecx, dword [ebp + ebx*4 - 0x20]
and eax, 0xf
shl eax, 0xf
and ecx, 0xfff87fff
or ecx, eax
mov eax, edi
mov dword [ebp + ebx*4 - 0x20], ecx
mov edx, dword [ebp - 0x58]
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0x70]
mov eax, edi
mov edx, dword [ebp - 0x60]
call fcn_fffae566  ; call 0xfffae566

loc_fffb12f7:  ; not directly referenced
inc ebx
add dword [ebp - 0x60], 8
add dword [ebp - 0x58], 0x400
cmp ebx, 2
jne loc_fffb113b  ; jne 0xfffb113b
mov eax, edi
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov ecx, 1
cmp byte [ebp - 0x4f], 0
sete dl
cmp byte [ebp - 0x6a], 0
setne al
test dl, al
mov eax, 5
cmovne ecx, eax
mov edx, 0x4800
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb133c:  ; not directly referenced
mov edx, 0x4804
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov cl, byte [ebp - 0x50]
mov edx, eax
mov ebx, eax
shr edx, 0x10
shr eax, 0x10
and edx, 2
and eax, 1
or eax, edx
and eax, ecx
cmp al, cl
jne short loc_fffb133c  ; jne 0xfffb133c
mov edx, ebx
mov al, bl
and edx, 2
and eax, 1
or eax, edx
test cl, al
je short loc_fffb1379  ; je 0xfffb1379
cmp byte [ebp - 0x69], 0
jne short loc_fffb13c2  ; jne 0xfffb13c2

loc_fffb1379:  ; not directly referenced
inc dword [ebp - 0x4c]
mov al, byte [ebp - 0x4c]
cmp byte [ebp - 0x4d], al
ja loc_fffb10ce  ; ja 0xfffb10ce
mov al, byte [ebp - 0x54]
sub eax, 9
cmp al, 1
ja short loc_fffb13c2  ; ja 0xfffb13c2
test byte [ebp - 0x68], 1
je short loc_fffb13aa  ; je 0xfffb13aa
mov ecx, dword [esi + 0xbc]
mov edx, 0x4004
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb13aa:  ; not directly referenced
test byte [ebp - 0x68], 2
je short loc_fffb13c2  ; je 0xfffb13c2
mov ecx, dword [esi + 0x188]
mov edx, 0x4404
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb13c2:  ; not directly referenced
mov al, byte [ebp - 0x64]
lea esp, [ebp - 0xc]
and eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb13cf:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
push ebx
mov ebx, eax
sub esp, 0xc
mov eax, dword [eax + 0x5edc]
mov esi, dword [ebx + 0x1887]
mov dword [ebp - 0x14], edx
mov dword [ebp - 0x10], ecx
mov edx, dword [eax + 4]
xor eax, eax

loc_fffb13f3:  ; not directly referenced
lea ecx, [edx + eax]
mov dword [ebp - 0x18], ecx
mov ecx, edi
cmp cl, byte [edx + eax]
jne short loc_fffb140d  ; jne 0xfffb140d
mov eax, dword [ebp - 0x10]
mov edi, dword [ebp - 0x18]
mov ax, word [edi + eax*2 + 1]
jmp short loc_fffb1417  ; jmp 0xfffb1417

loc_fffb140d:  ; not directly referenced
add eax, 7
cmp eax, 0x4d
jne short loc_fffb13f3  ; jne 0xfffb13f3
xor al, al

loc_fffb1417:  ; not directly referenced
cmp esi, 0x306d0
sete cl
cmp esi, 0x40650
sete dl
or cl, dl
je short loc_fffb1472  ; je 0xfffb1472
cmp dword [ebx + 0x2480], 1
jne short loc_fffb1472  ; jne 0xfffb1472
cmp byte [ebp - 0x14], 5
sete cl
cmp byte [ebp - 0x10], 2
setne dl
test cl, dl
je short loc_fffb1472  ; je 0xfffb1472
cmp dword [ebx + 0x3756], 2
jne short loc_fffb145a  ; jne 0xfffb145a
cmp byte [ebx + 0x49be], 5
je short loc_fffb146c  ; je 0xfffb146c

loc_fffb145a:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffb14ab  ; jne 0xfffb14ab
cmp byte [ebx + 0x5d81], 5
jne short loc_fffb14ab  ; jne 0xfffb14ab

loc_fffb146c:  ; not directly referenced
add ax, 0xc8
jmp short loc_fffb14ab  ; jmp 0xfffb14ab

loc_fffb1472:  ; not directly referenced
cmp dword [ebx + 0x188b], 1
jne short loc_fffb14ab  ; jne 0xfffb14ab
cmp dword [ebx + 0x2480], 1
jne short loc_fffb14ab  ; jne 0xfffb14ab
mov edi, dword [ebp - 0x10]
cmp byte [ebp - 0x14], 0xc
mov ebx, edi
sete cl
cmp bl, 2
setne dl
test cl, dl
je short loc_fffb14ab  ; je 0xfffb14ab
dec bl
mov edx, 0x78
mov ecx, 0x50
cmovne edx, ecx
add eax, edx

loc_fffb14ab:  ; not directly referenced
add esp, 0xc
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb14b3:  ; not directly referenced
push ebp
movzx edx, dl
mov ebp, esp
push ebx
push ebx
cmp dword [eax + 0x2480], 2
push 0
push dword [ebp + 8]
sete bl
shl ebx, 3
movzx ebx, bl
push ecx
mov ecx, 0xf
push ebx
call fcn_fffafb06  ; call 0xfffafb06
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb14e1:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x3c
test dl, dl
setne bl
xor eax, eax
imul edi, dword [esi + 0x18a7], 0x2e
and ebx, 1
lea edx, [esi + 0x374e]
shl ebx, 8
mov byte [ebp - 0x2d], 0
mov dword [ebp - 0x3c], edx
mov dword [ebp - 0x40], edi

loc_fffb1510:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x2d], 1
setbe dl
test cl, dl
je loc_fffb16e7  ; je 0xfffb16e7
movzx eax, byte [ebp - 0x2d]
mov dword [ebp - 0x34], eax
imul eax, eax, 0x13c3
cmp dword [esi + eax + 0x3756], 2
jne loc_fffb16d1  ; jne 0xfffb16d1
mov edx, dword [ebp - 0x3c]
lea eax, [edx + eax + 8]
mov dword [ebp - 0x2c], eax
add eax, dword [ebp - 0x40]
mov cx, word [eax + 0x2a]
add eax, 0x20
movzx edi, word [eax - 0x16]
mov ax, word [eax + 8]
cmp cx, 0xc
setne dl
cmp cx, 0xa
mov word [ebp - 0x38], ax
setne al
test dl, al
je short loc_fffb159f  ; je 0xfffb159f
cmp cx, 0x10
setne dl
cmp cx, 0xe
setne al
test dl, al
je short loc_fffb159f  ; je 0xfffb159f
cmp cx, 0x14
setne dl
cmp cx, 0x12
setne al
test dl, al
je short loc_fffb159f  ; je 0xfffb159f
cmp cx, 0x18
jne loc_fffb16db  ; jne 0xfffb16db

loc_fffb159f:  ; not directly referenced
movzx eax, word [ebp - 0x38]
add eax, eax
mov edx, eax
mov dword [ebp - 0x38], eax
movzx eax, cx
cmp edx, eax
jne loc_fffb16e2  ; jne 0xfffb16e2
cmp di, 0x10
ja short loc_fffb15c4  ; ja 0xfffb15c4
xor eax, eax
test di, 1
jne short loc_fffb15d3  ; jne 0xfffb15d3

loc_fffb15c4:  ; not directly referenced
mov eax, edi
and eax, 0xfffffffb
cmp ax, 0x12
setne al
movzx eax, al

loc_fffb15d3:  ; not directly referenced
shl eax, 2
and ebx, 0xfffffffb
or ebx, eax
cmp di, 0x10
ja short loc_fffb15f9  ; ja 0xfffb15f9
lea eax, [edi - 9]
mov edi, 2
cdq
and ebx, 0xffffff8f
idiv edi
and eax, 7
shl eax, 4
or ebx, eax
jmp short loc_fffb160a  ; jmp 0xfffb160a

loc_fffb15f9:  ; not directly referenced
sub edi, 2
and ebx, 0xffffff8f
sar edi, 2
and edi, 7
shl edi, 4
or ebx, edi

loc_fffb160a:  ; not directly referenced
cmp cx, 0x14
ja loc_fffb16bf  ; ja 0xfffb16bf
mov eax, dword [ebp - 0x38]
mov ecx, 2
and bh, 0xf1
sub eax, 0xa
cdq
idiv ecx
and eax, 7
shl eax, 9
or ebx, eax

loc_fffb162d:  ; not directly referenced
imul eax, dword [ebp - 0x34], 0x13c3
test byte [esi + eax + 0x381a], 1
je short loc_fffb166a  ; je 0xfffb166a
cmp byte [esi + 0x247b], 0
jne short loc_fffb165e  ; jne 0xfffb165e
mov eax, dword [ebp - 0x2c]
mov word [eax + 0x126b], bx
mov word [eax + 0x1283], bx

loc_fffb1658:  ; not directly referenced
mov word [ebp - 0x1c], bx
jmp short loc_fffb166a  ; jmp 0xfffb166a

loc_fffb165e:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov bx, word [eax + 0x126b]
jmp short loc_fffb1658  ; jmp 0xfffb1658

loc_fffb166a:  ; not directly referenced
imul eax, dword [ebp - 0x34], 0x13c3
test byte [esi + eax + 0x381a], 4
je short loc_fffb16a7  ; je 0xfffb16a7
cmp byte [esi + 0x247b], 0
jne short loc_fffb169b  ; jne 0xfffb169b
mov eax, dword [ebp - 0x2c]
mov word [eax + 0x1393], bx
mov word [eax + 0x13ab], bx

loc_fffb1695:  ; not directly referenced
mov word [ebp - 0x1a], bx
jmp short loc_fffb16a7  ; jmp 0xfffb16a7

loc_fffb169b:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov bx, word [eax + 0x1393]
jmp short loc_fffb1695  ; jmp 0xfffb1695

loc_fffb16a7:  ; not directly referenced
mov edx, dword [ebp - 0x34]
sub esp, 0xc
xor ecx, ecx
lea eax, [ebp - 0x1c]
push eax
mov eax, esi
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
jmp short loc_fffb16d3  ; jmp 0xfffb16d3

loc_fffb16bf:  ; not directly referenced
shl ecx, 7
and bh, 0xf1
and cx, 0xe00
or ebx, ecx
jmp near loc_fffb162d  ; jmp 0xfffb162d

loc_fffb16d1:  ; not directly referenced
xor eax, eax

loc_fffb16d3:  ; not directly referenced
inc byte [ebp - 0x2d]
jmp near loc_fffb1510  ; jmp 0xfffb1510

loc_fffb16db:  ; not directly referenced
mov eax, 0xd
jmp short loc_fffb16e7  ; jmp 0xfffb16e7

loc_fffb16e2:  ; not directly referenced
mov eax, 0x1d

loc_fffb16e7:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb16ef:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, 0x100
sub esp, 0x90
mov esi, dword [ebp + 8]
lea edx, [ebp - 0x44]
mov dword [ebp - 0x48], 1
mov eax, dword [esi + 0x2443]
push 0
push 0x2c
push edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp dword [esi + 0x3756], 2
jne short loc_fffb1753  ; jne 0xfffb1753
xor edi, edi

loc_fffb1729:  ; not directly referenced
mov eax, edi
cmp al, byte [esi + 0x2488]
jae short loc_fffb1753  ; jae 0xfffb1753
movzx eax, al
and ebx, 0xffffff80
mov edx, eax
inc edi
and edx, 0x7f
or ebx, edx
mov ecx, ebx
lea edx, [eax*4 + 0x40f0]
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffb1729  ; jmp 0xfffb1729

loc_fffb1753:  ; not directly referenced
xor edi, edi
cmp dword [esi + 0x4b19], 2
je short loc_fffb1769  ; je 0xfffb1769

loc_fffb175e:  ; not directly referenced
mov byte [ebp - 0x65], 0
xor edi, edi
jmp near loc_fffb1900  ; jmp 0xfffb1900

loc_fffb1769:  ; not directly referenced
mov eax, edi
cmp al, byte [esi + 0x2488]
jae short loc_fffb175e  ; jae 0xfffb175e
mov eax, edi
and ebx, 0xffffff80
movzx eax, al
inc edi
mov edx, eax
and edx, 0x7f
or ebx, edx
mov ecx, ebx
lea edx, [eax*4 + 0x44f0]
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffb1769  ; jmp 0xfffb1769

loc_fffb1795:  ; not directly referenced
mov cl, byte [ebp - 0x65]
xor edi, edi
mov dword [ebp - 0x5c], 1
shl dword [ebp - 0x5c], cl
movzx eax, cl
mov dword [ebp - 0x7c], eax
mov al, byte [ebp - 0x5c]
test byte [esi + 0x248d], al
je loc_fffb18fd  ; je 0xfffb18fd
mov ecx, dword [ebp - 0x5c]
xor edx, edx
mov eax, esi
call fcn_fffaac43  ; call 0xfffaac43
mov ecx, dword [ebp - 0x5c]
mov edx, 1
mov byte [ebp - 0x4a], 0
mov bl, al
mov eax, esi
call fcn_fffaac43  ; call 0xfffaac43
imul ecx, dword [ebp - 0x7c], 0x18
mov byte [ebp - 0x49], 0
mov dword [ebp - 0x80], 0
mov dword [ebp - 0x8c], ecx
lea ecx, [esi + ecx + 0x49c1]
or eax, ebx
movzx eax, al
mov dword [ebp - 0x90], ecx
mov dword [ebp - 0x64], eax

loc_fffb1804:  ; not directly referenced
mov ecx, dword [ebp - 0x7c]
lea eax, [ebp - 0x48]
push ebx
push ebx
mov ebx, edi
push eax
mov eax, esi
push 1
xor edi, edi
lea edx, [ebp - 0x44]
call fcn_fffaa9ed  ; call 0xfffaa9ed
mov cl, byte [ebp - 0x80]
add esp, 0x10
mov eax, dword [ebp - 0x90]
mov dword [ebp - 0x84], 1
shl dword [ebp - 0x84], cl
mov dword [ebp - 0x60], eax

loc_fffb183c:  ; not directly referenced
mov eax, dword [ebp - 0x64]
bt eax, edi
jb loc_fffb1919  ; jb 0xfffb1919

loc_fffb1848:  ; not directly referenced
inc edi
add dword [ebp - 0x60], 0x13c3
cmp edi, 2
jne short loc_fffb183c  ; jne 0xfffb183c
mov edx, dword [ebp - 0x64]
mov eax, esi
call fcn_fffae670  ; call 0xfffae670
test eax, eax
mov edi, eax
lea eax, [esi + 0x49ba]
cmove edi, ebx
mov dword [ebp - 0x84], eax
mov eax, dword [ebp - 0x8c]
xor ebx, ebx
add eax, 7
mov dword [ebp - 0x94], eax

loc_fffb1883:  ; not directly referenced
mov eax, dword [ebp - 0x64]
bt eax, ebx
jae short loc_fffb18bc  ; jae 0xfffb18bc
mov eax, ebx
shl eax, 0xa
add eax, 0x4114
mov dword [ebp - 0x88], eax
mov byte [ebp - 0x60], 0
mov byte [ebp - 0x78], 0

loc_fffb18a3:  ; not directly referenced
mov al, byte [ebp - 0x78]
cmp al, byte [esi + 0x2488]
jb loc_fffb19ab  ; jb 0xfffb19ab
cmp byte [ebp - 0x60], 0
jne loc_fffb19ed  ; jne 0xfffb19ed

loc_fffb18bc:  ; not directly referenced
inc ebx
add dword [ebp - 0x84], 0x13c3
cmp ebx, 2
jne short loc_fffb1883  ; jne 0xfffb1883
inc dword [ebp - 0x80]
cmp dword [ebp - 0x80], 8
jne loc_fffb1804  ; jne 0xfffb1804
test byte [ebp - 0x64], 1
je short loc_fffb18eb  ; je 0xfffb18eb
cmp byte [ebp - 0x4a], 0xff
mov eax, 0x1f
cmovne edi, eax

loc_fffb18eb:  ; not directly referenced
test byte [ebp - 0x64], 2
je short loc_fffb18fd  ; je 0xfffb18fd
cmp byte [ebp - 0x49], 0xff
mov eax, 0x1f
cmovne edi, eax

loc_fffb18fd:  ; not directly referenced
inc byte [ebp - 0x65]

loc_fffb1900:  ; not directly referenced
test edi, edi
sete dl
cmp byte [ebp - 0x65], 1
setbe al
test dl, al
jne loc_fffb1795  ; jne 0xfffb1795
jmp near loc_fffb1a4d  ; jmp 0xfffb1a4d

loc_fffb1919:  ; not directly referenced
cmp byte [ebp + edi - 0x4a], 0xff
je loc_fffb1848  ; je 0xfffb1848
mov eax, dword [ebp - 0x60]
mov edx, edi
mov cx, word [eax + 6]
push eax
push eax
mov word [ebp - 0x78], cx
mov ecx, dword [ebp - 0x5c]
or word [ebp - 0x78], 0x10
movzx eax, word [ebp - 0x78]
push eax
mov eax, esi
push 3
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0xc
mov ecx, dword [ebp - 0x7c]
mov edx, edi
test eax, eax
cmovne ebx, eax
mov eax, dword [ebp - 0x60]
mov ax, word [eax]
push dword [ebp - 0x84]
and eax, 0xfffc
push 0
or eax, 2
push eax
mov eax, esi
call fcn_fffaa285  ; call 0xfffaa285
pop edx
mov edx, edi
pop ecx
mov ecx, dword [ebp - 0x5c]
test eax, eax
cmovne ebx, eax
mov eax, dword [ebp - 0x78]
mov dword [ebp - 0x88], ebx
and eax, 0xffef
push eax
mov eax, esi
push 3
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10
mov ebx, eax
test eax, eax
cmove ebx, dword [ebp - 0x88]
jmp near loc_fffb1848  ; jmp 0xfffb1848

loc_fffb19ab:  ; not directly referenced
mov dl, byte [ebp - 0x78]
movzx eax, byte [ebp + ebx - 0x4a]
movzx ecx, dl
bt eax, edx
jb short loc_fffb19e5  ; jb 0xfffb19e5
mov eax, dword [ebp - 0x88]
mov dword [ebp - 0x98], ecx
lea edx, [eax + ecx*4]
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x98]
test eax, eax
je short loc_fffb19e5  ; je 0xfffb19e5
mov eax, 1
shl eax, cl
or byte [ebp - 0x60], al

loc_fffb19e5:  ; not directly referenced
inc byte [ebp - 0x78]
jmp near loc_fffb18a3  ; jmp 0xfffb18a3

loc_fffb19ed:  ; not directly referenced
movzx eax, byte [ebp - 0x60]
call fcn_fffaeba2  ; call 0xfffaeba2
mov ecx, dword [ebp - 0x84]
cmp byte [ecx], 8
movzx eax, al
jne short loc_fffb1a07  ; jne 0xfffb1a07
dec eax
jmp short loc_fffb1a0a  ; jmp 0xfffb1a0a

loc_fffb1a07:  ; not directly referenced
cmp eax, 2

loc_fffb1a0a:  ; not directly referenced
sete al
mov edx, dword [ebp - 0x94]
movzx eax, al
test eax, eax
mov eax, 0x1f
cmove edi, eax
mov al, byte [ebp - 0x60]
add edx, dword [ebp - 0x84]
or byte [ebp + ebx - 0x4a], al
xor eax, eax

loc_fffb1a2f:  ; not directly referenced
cmp byte [edx + eax + 0x10], 0
jne short loc_fffb1a42  ; jne 0xfffb1a42
mov cl, byte [ebp - 0x60]
mov byte [edx + eax + 0x10], cl
jmp near loc_fffb18bc  ; jmp 0xfffb18bc

loc_fffb1a42:  ; not directly referenced
inc eax
cmp eax, 8
jne short loc_fffb1a2f  ; jne 0xfffb1a2f
jmp near loc_fffb18bc  ; jmp 0xfffb18bc

loc_fffb1a4d:  ; not directly referenced
mov cl, byte [esi + 0x247b]
xor edx, edx
mov eax, esi
mov byte [esi + 0x247b], 1
mov dword [ebp - 0x5c], ecx
call fcn_fffb14e1  ; call 0xfffb14e1
mov ecx, dword [ebp - 0x5c]
mov byte [esi + 0x247b], cl
test eax, eax
mov ebx, eax
mov eax, esi
cmove ebx, edi
call fcn_fffb0e8a  ; call 0xfffb0e8a
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1a87:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
lea esi, [ebx + 0x374e]
sub esp, 0x3c
xor eax, eax
mov byte [ebp - 0x2b], 0
mov dword [ebp - 0x40], esi

loc_fffb1aa1:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x2b], 1
setbe dl
test cl, dl
je loc_fffb1be5  ; je 0xfffb1be5
movzx eax, byte [ebp - 0x2b]
imul edx, eax, 0x13c3
mov dword [ebp - 0x34], eax
lea eax, [ebx + edx]
cmp dword [eax + 0x3756], 2
jne loc_fffb1bd6  ; jne 0xfffb1bd6
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x30], 0
mov dword [ebp - 0x3c], eax
lea esi, [esi + edx + 8]
mov dword [ebp - 0x38], esi
xor esi, esi

loc_fffb1ae8:  ; not directly referenced
mov edi, dword [ebp - 0x30]
mov eax, edi
mov ecx, edi
mov edi, dword [ebp - 0x3c]
mov byte [ebp - 0x2c], al
mov eax, 1
shl eax, cl
test byte [edi + 0x381a], al
je loc_fffb1bad  ; je 0xfffb1bad
cmp byte [ebx + 0x247b], 0
je short loc_fffb1b2b  ; je 0xfffb1b2b
mov al, cl
mov edx, dword [ebp - 0x38]
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov si, word [edx + eax + 0x126d]
jmp short loc_fffb1ba0  ; jmp 0xfffb1ba0

loc_fffb1b2b:  ; not directly referenced
mov al, byte [ebp - 0x2c]
mov edx, dword [ebp - 0x34]
shr al, 1
movzx edi, al
mov eax, ebx
mov ecx, edi
call fcn_fffa69ea  ; call 0xfffa69ea
test eax, eax
je loc_fffb1be0  ; je 0xfffb1be0
mov edx, dword [ebx + 0x1887]
cmp edx, 0x306d0
sete cl
cmp edx, 0x40650
sete dl
or cl, dl
je short loc_fffb1b6c  ; je 0xfffb1b6c
cmp dword [ebx + 0x2480], 1
je short loc_fffb1b72  ; je 0xfffb1b72

loc_fffb1b6c:  ; not directly referenced
movzx ecx, byte [eax + 1]
jmp short loc_fffb1b74  ; jmp 0xfffb1b74

loc_fffb1b72:  ; not directly referenced
xor ecx, ecx

loc_fffb1b74:  ; not directly referenced
sub esp, 0xc
mov edx, ebx
push esi
lea eax, [ebp - 0x2a]
call fcn_fffa6bd1  ; call 0xfffa6bd1
imul edi, edi, 0x128
mov si, word [ebp - 0x2a]
add edi, dword [ebp - 0x38]
add esp, 0x10
mov word [edi + 0x126d], si
mov word [edi + 0x1285], si

loc_fffb1ba0:  ; not directly referenced
mov al, byte [ebp - 0x2c]
shr al, 1
movzx eax, al
mov word [ebp + eax*2 - 0x1c], si

loc_fffb1bad:  ; not directly referenced
add dword [ebp - 0x30], 2
cmp dword [ebp - 0x30], 4
jne loc_fffb1ae8  ; jne 0xfffb1ae8
mov edx, dword [ebp - 0x34]
sub esp, 0xc
mov ecx, 1
lea eax, [ebp - 0x1c]
push eax
mov eax, ebx
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
jmp short loc_fffb1bd8  ; jmp 0xfffb1bd8

loc_fffb1bd6:  ; not directly referenced
xor eax, eax

loc_fffb1bd8:  ; not directly referenced
inc byte [ebp - 0x2b]
jmp near loc_fffb1aa1  ; jmp 0xfffb1aa1

loc_fffb1be0:  ; not directly referenced
mov eax, 1

loc_fffb1be5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1bed:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x3c
mov edi, dword [esi + 0x2480]
mov dword [ebp - 0x3c], ecx
mov dword [ebp - 0x38], edi
cmp ecx, 1
je short loc_fffb1c30  ; je 0xfffb1c30
jb short loc_fffb1c20  ; jb 0xfffb1c20
cmp ecx, 2
je short loc_fffb1c27  ; je 0xfffb1c27
cmp ecx, 3
jne loc_fffb1d20  ; jne 0xfffb1d20
mov edi, 0xc3
jmp short loc_fffb1c2c  ; jmp 0xfffb1c2c

loc_fffb1c20:  ; not directly referenced
mov edi, 0xff
jmp short loc_fffb1c35  ; jmp 0xfffb1c35

loc_fffb1c27:  ; not directly referenced
mov edi, 0x56

loc_fffb1c2c:  ; not directly referenced
xor eax, eax
jmp short loc_fffb1c3a  ; jmp 0xfffb1c3a

loc_fffb1c30:  ; not directly referenced
mov edi, 0xab

loc_fffb1c35:  ; not directly referenced
mov eax, 0x400

loc_fffb1c3a:  ; not directly referenced
mov word [ebp - 0x1c], ax
movzx ecx, dl
xor ebx, ebx
mov word [ebp - 0x1a], ax
lea eax, [esi + 0x3756]
mov dword [ebp - 0x34], eax
xor eax, eax
mov byte [ebp - 0x2d], 1
mov dword [ebp - 0x40], ecx

loc_fffb1c59:  ; not directly referenced
mov ecx, dword [ebp - 0x34]
cmp dword [ecx], 2
jne loc_fffb1cf9  ; jne 0xfffb1cf9
mov ecx, dword [ebp - 0x40]
bt ecx, ebx
jae loc_fffb1cf9  ; jae 0xfffb1cf9
lea edx, [ebx + 1]
bt ecx, edx
jb short loc_fffb1c88  ; jb 0xfffb1c88
mov cl, byte [ebp - 0x2d]
mov dl, 7
cmp dword [ebp - 0x3c], 2
cmove ecx, edx
mov byte [ebp - 0x2d], cl

loc_fffb1c88:  ; not directly referenced
cmp dword [ebp - 0x38], 3
jne short loc_fffb1cca  ; jne 0xfffb1cca
mov dword [ebp - 0x2c], 0

loc_fffb1c95:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
mov edx, 1
shl edx, cl
mov ecx, dword [ebp - 0x34]
test byte [ecx + 0xc4], dl
je short loc_fffb1cbf  ; je 0xfffb1cbf
mov ecx, dword [ebp - 0x2c]
mov edx, ebx
push eax
mov eax, esi
push 0
push edi
push 0xa
call fcn_fffaa505  ; call 0xfffaa505
add esp, 0x10

loc_fffb1cbf:  ; not directly referenced
inc dword [ebp - 0x2c]
cmp dword [ebp - 0x2c], 4
jne short loc_fffb1c95  ; jne 0xfffb1c95
jmp short loc_fffb1cf9  ; jmp 0xfffb1cf9

loc_fffb1cca:  ; not directly referenced
cmp dword [ebp - 0x38], 2
movzx eax, byte [ebp - 0x2d]
jne short loc_fffb1cdf  ; jne 0xfffb1cdf
push eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 0xe
jmp short loc_fffb1ce8  ; jmp 0xfffb1ce8

loc_fffb1cdf:  ; not directly referenced
push eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 6

loc_fffb1ce8:  ; not directly referenced
mov ecx, 0xf
mov edx, ebx
mov eax, esi
call fcn_fffafb06  ; call 0xfffafb06
add esp, 0x10

loc_fffb1cf9:  ; not directly referenced
inc ebx
add dword [ebp - 0x34], 0x13c3
cmp ebx, 2
jne loc_fffb1c59  ; jne 0xfffb1c59
cmp dword [ebp - 0x3c], 1
mov ebx, eax
ja short loc_fffb1d25  ; ja 0xfffb1d25
mov edx, 0x13
mov eax, esi
call fcn_fffa834b  ; call 0xfffa834b
jmp short loc_fffb1d25  ; jmp 0xfffb1d25

loc_fffb1d20:  ; not directly referenced
mov ebx, 2

loc_fffb1d25:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1d2f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x4c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x28], 2
mov byte [ebp - 0x27], 0x40
mov byte [ebp - 0x26], 1
mov byte [ebp - 0x25], 0x43
mov byte [ebp - 0x24], 3
mov byte [ebp - 0x23], 1
mov byte [ebp - 0x22], 0xb
mov byte [ebp - 0x21], 3
mov dword [ebp - 0x50], 0

loc_fffb1d64:  ; not directly referenced
imul eax, esi, 0x13c3
cmp dword [ebx + eax + 0x3756], 2
jne short loc_fffb1daf  ; jne 0xfffb1daf
mov edi, esi
mov eax, ebx
shl edi, 0xa
add edi, 0x4004
mov edx, edi
call fcn_fffae52a  ; call 0xfffae52a
mov dword [ebp + esi*4 - 0x20], eax
mov al, byte [ebp + esi*4 - 0x1d]
test al, 0x20
jne short loc_fffb1daf  ; jne 0xfffb1daf
or eax, 0x20
mov edx, edi
mov byte [ebp + esi*4 - 0x1d], al
mov ecx, dword [ebp + esi*4 - 0x20]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov dword [ebp - 0x50], 1

loc_fffb1daf:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffb1d64  ; jne 0xfffb1d64
xor ecx, ecx
mov edx, 3
mov eax, ebx
call fcn_fffb1bed  ; call 0xfffb1bed
test eax, eax
jne loc_fffb1fe8  ; jne 0xfffb1fe8
mov edx, dword [ebx + 0x36d7]
cmp edx, 0x320
jbe short loc_fffb1e0b  ; jbe 0xfffb1e0b
cmp edx, 0x42b
jbe short loc_fffb1e0f  ; jbe 0xfffb1e0f
cmp edx, 0x4b0
jbe short loc_fffb1e13  ; jbe 0xfffb1e13
cmp edx, 0x535
jbe short loc_fffb1e17  ; jbe 0xfffb1e17
cmp edx, 0x640
jbe short loc_fffb1e1b  ; jbe 0xfffb1e1b
mov al, 0x16
cmp edx, 0x74b
ja loc_fffb1fe8  ; ja 0xfffb1fe8
mov al, 0x1c
jmp short loc_fffb1e1d  ; jmp 0xfffb1e1d

loc_fffb1e0b:  ; not directly referenced
mov al, 0x14
jmp short loc_fffb1e1d  ; jmp 0xfffb1e1d

loc_fffb1e0f:  ; not directly referenced
mov al, 0x16
jmp short loc_fffb1e1d  ; jmp 0xfffb1e1d

loc_fffb1e13:  ; not directly referenced
mov al, 0x17
jmp short loc_fffb1e1d  ; jmp 0xfffb1e1d

loc_fffb1e17:  ; not directly referenced
mov al, 0x18
jmp short loc_fffb1e1d  ; jmp 0xfffb1e1d

loc_fffb1e1b:  ; not directly referenced
mov al, 0x1a

loc_fffb1e1d:  ; not directly referenced
mov byte [ebp - 0x27], al
lea eax, [ebx + 0x3756]
xor edi, edi
mov dword [ebp - 0x2c], eax

loc_fffb1e2b:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
cmp dword [eax], 2
jne loc_fffb1fc7  ; jne 0xfffb1fc7
mov dword [ebp - 0x34], 0

loc_fffb1e3e:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x34]
mov al, byte [eax + 0xc4]
mov dl, cl
mov esi, eax
mov eax, 1
shl eax, cl
mov ecx, esi
test cl, al
jne short loc_fffb1e69  ; jne 0xfffb1e69

loc_fffb1e5b:  ; not directly referenced
inc dword [ebp - 0x34]
cmp dword [ebp - 0x34], 4
jne short loc_fffb1e3e  ; jne 0xfffb1e3e
jmp near loc_fffb1f5b  ; jmp 0xfffb1f5b

loc_fffb1e69:  ; not directly referenced
cmp byte [ebp - 0x34], 0
mov byte [ebp - 0x48], 0
jne short loc_fffb1e93  ; jne 0xfffb1e93
cmp byte [ebx + 0x240a], 0
mov byte [ebp - 0x48], dl
je short loc_fffb1e93  ; je 0xfffb1e93
mov eax, esi
and eax, 2
cmp al, 1
sbb eax, eax
mov dword [ebp - 0x48], eax
and byte [ebp - 0x48], 0xfc
add byte [ebp - 0x48], 7

loc_fffb1e93:  ; not directly referenced
mov eax, edx
and eax, 1
mov dword [ebp - 0x38], 0
mov dword [ebp - 0x4c], eax

loc_fffb1ea2:  ; not directly referenced
mov eax, dword [ebp - 0x38]
cmp byte [ebx + 0x247b], 0
movzx edx, byte [ebp + eax*2 - 0x28]
je short loc_fffb1edf  ; je 0xfffb1edf
cmp edx, 6
ja short loc_fffb1ecc  ; ja 0xfffb1ecc
imul eax, dword [ebp - 0x4c], 0xc
mov ecx, dword [ebp - 0x2c]
lea eax, [edx + eax + 0x930]
mov al, byte [ecx + eax*2 + 0xb]
jmp short loc_fffb1eda  ; jmp 0xfffb1eda

loc_fffb1ecc:  ; not directly referenced
imul eax, dword [ebp - 0x4c], 0x18
mov ecx, dword [ebp - 0x2c]
mov al, byte [ecx + eax + 0x1279]

loc_fffb1eda:  ; not directly referenced
mov byte [ebp - 0x2d], al
jmp short loc_fffb1f29  ; jmp 0xfffb1f29

loc_fffb1edf:  ; not directly referenced
mov eax, dword [ebp - 0x38]
cmp eax, 3
je short loc_fffb1eed  ; je 0xfffb1eed
mov al, byte [ebp + eax*2 - 0x27]
jmp short loc_fffb1ef0  ; jmp 0xfffb1ef0

loc_fffb1eed:  ; not directly referenced
mov al, byte [ebp - 0x48]

loc_fffb1ef0:  ; not directly referenced
mov byte [ebp - 0x2d], al
cmp edx, 6
ja short loc_fffb1f11  ; ja 0xfffb1f11
imul ecx, dword [ebp - 0x4c], 0xc
movzx esi, byte [ebp - 0x2d]
mov eax, dword [ebp - 0x2c]
lea ecx, [edx + ecx + 0x930]
mov word [eax + ecx*2 + 0xb], si
jmp short loc_fffb1f29  ; jmp 0xfffb1f29

loc_fffb1f11:  ; not directly referenced
cmp edx, 0xb
jne short loc_fffb1f29  ; jne 0xfffb1f29
imul ecx, dword [ebp - 0x4c], 0x18
movzx esi, byte [ebp - 0x2d]
mov eax, dword [ebp - 0x2c]
mov word [eax + ecx + 0x1279], si

loc_fffb1f29:  ; not directly referenced
push eax
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x34]
push 0
push eax
mov eax, ebx
push edx
mov edx, edi
call fcn_fffaa505  ; call 0xfffaa505
add esp, 0x10
test eax, eax
jne loc_fffb1fe8  ; jne 0xfffb1fe8
inc dword [ebp - 0x38]
cmp dword [ebp - 0x38], 4
jne loc_fffb1ea2  ; jne 0xfffb1ea2
jmp near loc_fffb1e5b  ; jmp 0xfffb1e5b

loc_fffb1f5b:  ; not directly referenced
cmp byte [ebx + 0x247d], 0
jne short loc_fffb1fa6  ; jne 0xfffb1fa6
cmp dword [ebx + 0x188b], 1
jne short loc_fffb1fa6  ; jne 0xfffb1fa6
mov eax, edi
shl eax, 8
add eax, 0x1c20
mov edx, eax
mov esi, eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
cmp byte [ebx + 0x240a], 1
sbb edx, edx
not edx
add edx, 3
and eax, 0xffffffcf
and edx, 3
shl edx, 4
or eax, edx
mov edx, esi
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb1fa6:  ; not directly referenced
cmp dword [ebp - 0x50], 0
je short loc_fffb1fc7  ; je 0xfffb1fc7
and byte [ebp + edi*4 - 0x1d], 0xdf
mov edx, edi
mov ecx, dword [ebp + edi*4 - 0x20]
shl edx, 0xa
mov eax, ebx
add edx, 0x4004
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb1fc7:  ; not directly referenced
inc edi
add dword [ebp - 0x2c], 0x13c3
cmp edi, 2
jne loc_fffb1e2b  ; jne 0xfffb1e2b
mov byte [ebx + 0x247d], 1
xor eax, eax
mov byte [ebx + 0x247b], 1

loc_fffb1fe8:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb1ff0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x20], 0
lea edi, [ebx + 0x3756]

loc_fffb2009:  ; not directly referenced
cmp dword [edi], 2
je short loc_fffb201f  ; je 0xfffb201f

loc_fffb200e:  ; not directly referenced
inc dword [ebp - 0x20]
add edi, 0x13c3
cmp dword [ebp - 0x20], 2
jne short loc_fffb2009  ; jne 0xfffb2009
jmp short loc_fffb2092  ; jmp 0xfffb2092

loc_fffb201f:  ; not directly referenced
mov edx, dword [ebp - 0x20]
xor ecx, ecx
mov eax, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov edx, eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, dword [ebp - 0x20]
mov ecx, 0xff
mov esi, eax
mov eax, ebx
call fcn_fffa7288  ; call 0xfffa7288
or esi, 0x100000
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x24], eax

loc_fffb2055:  ; not directly referenced
mov cl, byte [ebp - 0x1c]
mov eax, 1
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffb2084  ; je 0xfffb2084
mov eax, dword [ebp - 0x1c]
and esi, 0xff3fffff
mov edx, dword [ebp - 0x24]
and eax, 3
shl eax, 0x16
or esi, eax
mov eax, ebx
mov ecx, esi
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffb2084:  ; not directly referenced
inc dword [ebp - 0x1c]
cmp dword [ebp - 0x1c], 4
jne short loc_fffb2055  ; jne 0xfffb2055
jmp near loc_fffb200e  ; jmp 0xfffb200e

loc_fffb2092:  ; not directly referenced
cmp dword [ebx + 0x3756], 2
jne short loc_fffb20ae  ; jne 0xfffb20ae
movzx ecx, byte [ebx + 0x381a]
mov edx, 0x4192
mov eax, ebx
call fcn_fffae566  ; call 0xfffae566

loc_fffb20ae:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffb20ca  ; jne 0xfffb20ca
movzx ecx, byte [ebx + 0x4bdd]
mov edx, 0x4592
mov eax, ebx
call fcn_fffae566  ; call 0xfffae566

loc_fffb20ca:  ; not directly referenced
mov eax, ebx
mov ecx, 1
mov edx, 3
call fcn_fffb1bed  ; call 0xfffb1bed
add esp, 0x1c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb20e5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xdc
mov edi, dword [ebp + 0x20]
mov byte [ebp - 0x51], cl
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x5c], ecx
mov cl, byte [ebp + 0x14]
mov dword [ebp - 0x4c], eax
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x50], edi
mov edi, dword [ebp + 0x24]
mov byte [ebp - 0xad], dl
mov esi, dword [ebp + 0xc]
mov byte [ebp - 0xe8], cl
mov cl, byte [ebp + 0x1c]
mov dword [ebp - 0x60], eax
movzx eax, bx
dec eax
mov dword [ebp - 0x58], edi
inc esi
mov byte [ebp - 0x98], cl
mov word [ebp - 0xb0], bx
mov dword [ebp - 0x45], 0
mov dword [ebp - 0x41], 0
mov dword [ebp - 0x3d], 0
call fcn_fffaec34  ; call 0xfffaec34
mov ecx, esi
sub ecx, eax
test cl, cl
mov esi, ecx
mov ecx, dword [ebp - 0x5c]
setle dl
mov byte [ebp - 0x61], al
cmp cl, 4
sete al
or dl, al
jne short loc_fffb2178  ; jne 0xfffb2178
cmp cl, 5
mov al, 1
cmove esi, eax
jmp short loc_fffb217d  ; jmp 0xfffb217d

loc_fffb2178:  ; not directly referenced
mov esi, 1

loc_fffb217d:  ; not directly referenced
lea ecx, [esi - 1]
movzx esi, byte [ebp - 0x61]
lea eax, [ebx - 0x80]
mov dword [ebp - 0x68], 1
shl dword [ebp - 0x68], cl
cmp bx, 0x7f
cmova eax, esi
add ebx, ebx
mov byte [ebp - 0x88], al
lea eax, [ebx - 0x80]
mov byte [ebp - 0x78], al
cmp bx, 0x7f
jbe short loc_fffb21ba  ; jbe 0xfffb21ba
movzx ebx, bx
lea eax, [ebx - 1]
call fcn_fffaec34  ; call 0xfffaec34
mov byte [ebp - 0x78], al

loc_fffb21ba:  ; not directly referenced
mov eax, dword [ebp + 0x18]
mov bx, word [eax]
movzx eax, bx
dec eax
call fcn_fffaec34  ; call 0xfffaec34
cmp bx, 0x1f
jbe short loc_fffb21da  ; jbe 0xfffb21da
mov esi, dword [ebp + 0x18]
movzx eax, al
mov word [esi], ax
jmp short loc_fffb21e3  ; jmp 0xfffb21e3

loc_fffb21da:  ; not directly referenced
mov eax, dword [ebp + 0x18]
add ebx, 0x20
mov word [eax], bx

loc_fffb21e3:  ; not directly referenced
cmp byte [ebp - 0x50], 0
je short loc_fffb2209  ; je 0xfffb2209
mov eax, dword [ebp - 0x4c]
mov edx, 0x4cb0
call fcn_fffae52a  ; call 0xfffae52a
mov edi, eax
mov eax, dword [ebp - 0x58]
and di, 0xfff
add edi, 0x10
cmp ax, di
cmovae edi, eax

loc_fffb2209:  ; not directly referenced
cmp di, 0xff
mov eax, 0xff
cmova edi, eax
mov al, byte [ebp - 0x88]
mov word [ebp - 0xa8], di
mov dword [ebp - 0x50], 0x4960
mov dword [ebp - 0x5c], 0x4040
shr al, 7
mov byte [ebp - 0xc8], al
mov al, byte [ebp - 0x78]
mov dword [ebp - 0x58], 0
shr al, 7
mov byte [ebp - 0xd8], al
mov eax, dword [ebp - 0x98]
and eax, 1
mov dword [ebp - 0xb4], eax

loc_fffb225c:  ; not directly referenced
movzx eax, byte [ebp - 0xad]
mov esi, dword [ebp - 0x58]
mov dword [ebp - 0xac], eax
bt eax, esi
jb short loc_fffb2282  ; jb 0xfffb2282
mov eax, dword [ebp - 0x50]
xor ecx, ecx
lea edx, [eax + eax - 0x4a18]
jmp near loc_fffb268f  ; jmp 0xfffb268f

loc_fffb2282:  ; not directly referenced
mov eax, dword [ebp - 0x5c]
movzx ecx, byte [ebp - 0xb4]
lea edx, [eax + 0x158]
mov eax, dword [ebp - 0x4c]
call fcn_fffae566  ; call 0xfffae566
cmp byte [ebp - 0x98], 0
je short loc_fffb22bb  ; je 0xfffb22bb
mov edx, dword [ebp - 0x58]
sub esp, 0xc
mov ecx, 7
mov eax, dword [ebp - 0x4c]
push 8
call fcn_fffaa3c8  ; call 0xfffaa3c8
add esp, 0x10

loc_fffb22bb:  ; not directly referenced
cmp byte [ebp - 0x51], 5
ja short loc_fffb22d3  ; ja 0xfffb22d3
movzx eax, byte [ebp - 0x51]
mov dl, byte [eax + ref_fffd3ed8]  ; mov dl, byte [eax - 0x2c128]
mov al, byte [eax + ref_fffd3ed0]  ; mov al, byte [eax - 0x2c130]
jmp short loc_fffb22d7  ; jmp 0xfffb22d7

loc_fffb22d3:  ; not directly referenced
xor eax, eax
xor edx, edx

loc_fffb22d7:  ; not directly referenced
and edx, 7
and eax, 7
mov bl, byte [ebp - 0x51]
shl edx, 0x18
xor edi, edi
mov ecx, dword [ebp - 0x50]
shl eax, 0x1c
or eax, edx
and ah, 0xcf
mov edx, eax
mov eax, dword [ebp - 0x4c]
or dh, 0x18
cmp byte [eax + 0x247a], 0
setne al
movzx eax, al
shl eax, 7
or eax, edx
mov edx, eax
or edx, 0x20
cmp bl, 6
mov ebx, dword [ebp - 0x4c]
cmove eax, edx
mov esi, eax
mov eax, edi
and eax, 0xfffffc00
or eax, 2
mov edi, eax
cmp dword [ebp - 0x60], 1
lea eax, [ecx + 0x20]
lea edx, [ecx + 0x40]
mov ecx, dword [ebp - 0x68]
cmovne edx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, ebx
push ecx
push ecx
mov ecx, dword [ebp - 0x50]
push edi
push esi
lea edx, [ecx + ecx - 0x4a18]
call fcn_fffae7cf  ; call 0xfffae7cf
mov ecx, dword [ebp - 0x50]
mov eax, ebx
lea edx, [ecx - 0xa8]
mov ecx, 4
call fcn_fffae566  ; call 0xfffae566
mov edx, dword [ebp - 0xc8]
add esp, 0x10
mov eax, dword [ebp - 0x88]
mov esi, dword [ebp - 0x78]
mov ecx, dword [ebp - 0xd8]
and edx, 1
mov bl, byte [ebp - 0x51]
shl edx, 7
and eax, 0x7f
or eax, edx
mov edx, dword [ebp - 0xa8]
and esi, 0x7f
or eax, 0x8000000
and ecx, 1
shl ecx, 7
and edx, 0x3fff
shl edx, 8
or eax, edx
mov edx, eax
and edx, 0x83fff00
or edx, esi
or edx, ecx
mov ecx, eax
or ecx, 0x4000000
and ecx, 0xf7ffffff
cmp bl, 4
je short loc_fffb23ed  ; je 0xfffb23ed
cmp bl, 5
je short loc_fffb2433  ; je 0xfffb2433
cmp bl, 3
jne loc_fffb2475  ; jne 0xfffb2475
mov dword [ebp - 0x38], edx
mov byte [ebp - 0x39], 1
or byte [ebp - 0x36], 0xc0
and byte [ebp - 0x35], 0xfc
jmp near loc_fffb24af  ; jmp 0xfffb24af

loc_fffb23ed:  ; not directly referenced
mov dword [ebp - 0x38], eax
mov cl, byte [ebp - 0x36]
and byte [ebp - 0x35], 0xfc
and ecx, 0x3f
or ecx, 0x40
mov byte [ebp - 0x36], cl
mov ecx, 1

loc_fffb2405:  ; not directly referenced
mov dword [ebp + ecx*4 - 0x38], edx
mov bl, byte [ebp + ecx*4 - 0x36]
and byte [ebp + ecx*4 - 0x35], 0xfc
and ebx, 0x3f
or ebx, 0xffffff80
mov byte [ebp + ecx*4 - 0x36], bl
inc ecx
cmp ecx, 7
jne short loc_fffb2405  ; jne 0xfffb2405
mov dword [ebp - 0x1c], eax
mov byte [ebp - 0x39], 0xff
and byte [ebp - 0x1a], 0x3f
and byte [ebp - 0x19], 0xfc
jmp short loc_fffb24af  ; jmp 0xfffb24af

loc_fffb2433:  ; not directly referenced
mov dword [ebp - 0x38], eax
mov cl, byte [ebp - 0x36]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x30], eax
mov dword [ebp - 0x2c], edx
and ecx, 0x3f
or ecx, 0x40
mov byte [ebp - 0x36], cl
mov cl, byte [ebp - 0x32]
and byte [ebp - 0x35], 0xfc
and byte [ebp - 0x31], 0xfc
and byte [ebp - 0x2e], 0x3f
and ecx, 0x3f
or ecx, 0xffffff80
mov byte [ebp - 0x32], cl
and byte [ebp - 0x2d], 0xfc
or byte [ebp - 0x2a], 0xc0
and byte [ebp - 0x29], 0xfc
mov byte [ebp - 0x39], 0xf
jmp short loc_fffb24af  ; jmp 0xfffb24af

loc_fffb2475:  ; not directly referenced
mov esi, dword [ebp + 0x18]
cmp byte [esi + 0xa], 2
jne short loc_fffb248d  ; jne 0xfffb248d
cmp word [ebp - 0xb0], 8
jne short loc_fffb248d  ; jne 0xfffb248d
mov dword [ebp - 0x38], ecx
jmp short loc_fffb2490  ; jmp 0xfffb2490

loc_fffb248d:  ; not directly referenced
mov dword [ebp - 0x38], eax

loc_fffb2490:  ; not directly referenced
mov dl, byte [ebp - 0x36]
mov dword [ebp - 0x34], eax
and byte [ebp - 0x35], 0xfc
and byte [ebp - 0x32], 0x3f
and byte [ebp - 0x31], 0xfc
and edx, 0x3f
or edx, 0x40
mov byte [ebp - 0x36], dl
mov byte [ebp - 0x39], 3

loc_fffb24af:  ; not directly referenced
imul eax, dword [ebp - 0x58], 0x28
xor ebx, ebx
lea edi, [ebp - 0x39]
lea esi, [eax + 0x4808]
sub edi, eax

loc_fffb24c0:  ; not directly referenced
movzx eax, byte [ebp - 0x39]
bt eax, ebx
jb loc_fffb2593  ; jb 0xfffb2593

loc_fffb24cd:  ; not directly referenced
lea eax, [ebp - 0x3d]
mov esi, dword [ebp - 0x4c]
push edx
mov ecx, dword [ebp + 0x10]
push eax
mov edx, dword [ebp - 0x58]
lea eax, [ebp - 0x41]
push eax
lea eax, [ebp - 0x45]
push eax
mov eax, dword [ebp + 0x10]
add eax, 0x24
push eax
mov eax, dword [ebp + 0x10]
add eax, 0x14
push eax
mov eax, dword [ebp + 0x10]
add eax, 0x10
push eax
mov eax, dword [ebp + 0x10]
add eax, 8
push eax
mov eax, esi
call fcn_fffaa5b6  ; call 0xfffaa5b6
mov eax, dword [ebp + 0x18]
add esp, 0x20
mov edi, dword [ebp + 0x18]
movzx ecx, byte [eax + 6]
movzx eax, byte [eax + 2]
mov dx, word [edi]
and ecx, 0x3f
and eax, 0x3f
shl eax, 8
mov ebx, edx
shl ecx, 0x10
and ebx, 0x1f
or ecx, eax
mov eax, dword [ebp - 0x5c]
shr dx, 5
or ecx, ebx
and edx, 1
shl edx, 5
or ecx, edx
lea edx, [eax + 0x1c0]
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 0x18]
mov dl, byte [eax + 0xa]
cmp dl, 2
sete al
cmp dl, 4
sete dl
or eax, edx
cmp al, 1
mov al, byte [ebp - 0x51]
sbb ecx, ecx
and ecx, 2
movzx ecx, cl
sub eax, 4
or ecx, 0x8090
cmp al, 1
ja short loc_fffb25b6  ; ja 0xfffb25b6
mov al, byte [ebp - 0x61]
and ecx, 0xf8c0ffff
inc eax
and eax, 7
shl eax, 0x18
or ecx, eax
or ecx, 0x10000
jmp short loc_fffb25b6  ; jmp 0xfffb25b6

loc_fffb2593:  ; not directly referenced
mov ecx, dword [edi + esi - 0x4807]
mov edx, esi
inc ebx
mov eax, dword [ebp - 0x4c]
add esi, 4
call fcn_fffae58c  ; call 0xfffae58c
cmp ebx, 8
jne loc_fffb24c0  ; jne 0xfffb24c0
jmp near loc_fffb24cd  ; jmp 0xfffb24cd

loc_fffb25b6:  ; not directly referenced
mov edi, dword [ebp - 0x4c]
mov esi, dword [ebp - 0x5c]
mov eax, edi
mov edx, esi
call fcn_fffae58c  ; call 0xfffae58c
xor ecx, ecx
mov eax, edi
lea edx, [esi + 0x44]
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0xe8]
mov eax, edi
lea edx, [esi + 0x58]
and ecx, 3
shl ecx, 0xc
or ecx, 0xffff0001
call fcn_fffae58c  ; call 0xfffae58c
lea edx, [esi + 0x98]
push eax
push eax
mov eax, edi
push 0
push 0
call fcn_fffae7cf  ; call 0xfffae7cf
xor ecx, ecx
mov eax, edi
lea edx, [esi + 0x5c]
call fcn_fffae566  ; call 0xfffae566
add esp, 0x10
cmp byte [edi + 0x247a], 0
je short loc_fffb2697  ; je 0xfffb2697
mov eax, dword [ebp - 0x50]
mov ecx, 0xfc
lea edx, [eax - 8]
mov eax, dword [ebp - 0x4c]
call fcn_fffae566  ; call 0xfffae566
cmp dword [ebp - 0x60], 1
jne short loc_fffb2644  ; jne 0xfffb2644
mov eax, dword [ebp - 0x50]
mov ecx, 0xff
lea edx, [eax - 7]
mov eax, dword [ebp - 0x4c]
call fcn_fffae566  ; call 0xfffae566

loc_fffb2644:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
movzx ebx, word [eax + 0x2489]
test bx, bx
je short loc_fffb2667  ; je 0xfffb2667
mov eax, 0x9c40
cdq
idiv ebx
mov ecx, eax
mov eax, 0x30d40
cdq
idiv ebx
jmp short loc_fffb2671  ; jmp 0xfffb2671

loc_fffb2667:  ; not directly referenced
mov eax, 0xff
mov ecx, 0xff

loc_fffb2671:  ; not directly referenced
mov ebx, ecx
movzx ecx, cl
mov edx, dword [ebp - 0x50]
shl ebx, 8
and ebx, 0xff00
shl ecx, 0x10
shl eax, 0x18
or ecx, ebx
or ecx, eax
or ecx, 2

loc_fffb268f:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb2697:  ; not directly referenced
inc dword [ebp - 0x58]
add dword [ebp - 0x5c], 0x400
add dword [ebp - 0x50], 4
cmp dword [ebp - 0x58], 2
jne loc_fffb225c  ; jne 0xfffb225c
mov edx, dword [ebp - 0xac]
mov ecx, 2
mov eax, dword [ebp - 0x4c]
call fcn_fffb1bed  ; call 0xfffb1bed
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb26ca:  ; not directly referenced
push ebp
movzx edx, dl
mov ebp, esp
push edi
push esi
mov esi, ecx
push ebx
mov ecx, 0xb
sub esp, 0x4c
mov ebx, eax
lea edi, [ebp - 0x44]
xor eax, eax
rep stosd  ; rep stosd dword es:[edi], eax
lea eax, [ebp - 0x4f]
push 0
push 0
push 0
push eax
movzx eax, byte [ebp + 8]
mov word [ebp - 0x36], 0x3ff
mov dword [ebp - 0x30], 0x20
push eax
lea eax, [ebp - 0x44]
push eax
mov eax, ebx
push esi
push 0x80
mov word [ebp - 0x20], 1
mov word [ebp - 0x1a], 1
mov word [ebp - 0x4f], 4
mov dword [ebp - 0x4d], 0
mov dword [ebp - 0x49], 7
mov byte [ebp - 0x45], 0
call fcn_fffb20e5  ; call 0xfffb20e5
lea edx, [esi - 7]
add esp, 0x20
mov al, 1
test dl, dl
cmovg eax, edx
mov byte [ebx + 0x248c], al
mov byte [ebx + 0x248b], 0
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb2759:  ; not directly referenced
push ebp
movzx edx, dl
mov ebp, esp
push edi
push esi
mov esi, ref_fffd3e9c  ; mov esi, 0xfffd3e9c
push ebx
mov ebx, eax
sub esp, 0x5c
lea edi, [ebp - 0x44]
mov dword [ebp - 0x5c], ecx
mov ecx, 0xb
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea eax, [ebp - 0x4f]
mov esi, dword [ebp - 0x5c]
push 0
push 0
push 1
push eax
movzx eax, byte [ebp + 8]
mov word [ebp - 0x4f], 4
mov dword [ebp - 0x4d], 0
push eax
lea eax, [ebp - 0x44]
push eax
mov eax, ebx
push esi
push 8
mov dword [ebp - 0x49], 9
mov byte [ebp - 0x45], 2
call fcn_fffb20e5  ; call 0xfffb20e5
mov edx, esi
add esp, 0x20
sub edx, 4
mov al, 1
test dl, dl
cmovg eax, edx
mov byte [ebx + 0x248c], al
mov byte [ebx + 0x248b], 2
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb27d5:  ; not directly referenced
push ebp
mov ecx, 0xb
mov ebp, esp
push edi
push ebx
mov ebx, eax
lea edi, [ebp - 0x8c]
xor eax, eax
sub esp, 0x90
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x60]
mov word [ebp - 0x82], 0xf
mov word [ebp - 0x66], 1
mov word [ebp - 0x97], 1
mov dword [ebp - 0x95], 0
mov dword [ebp - 0x91], 3
mov cl, 0xb
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x34]
mov word [ebp - 0x52], 0x3ff
mov dword [ebp - 0x4c], 0x20
mov word [ebp - 0x3c], 1
mov word [ebp - 0x36], 1
mov byte [ebp - 0x8d], 0
mov cl, 0xb
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, dword [ebx + 0x2480]
mov word [ebp - 0x32], 4
mov word [ebp - 0x2a], 4
cmp eax, 3
je short loc_fffb2871  ; je 0xfffb2871
dec eax
lea ecx, [ebp - 0x8c]
lea eax, [ebp - 0x60]
cmovne eax, ecx
jmp short loc_fffb2874  ; jmp 0xfffb2874

loc_fffb2871:  ; not directly referenced
lea eax, [ebp - 0x34]

loc_fffb2874:  ; not directly referenced
push 0
movzx edx, dl
push 0
push 0
lea ecx, [ebp - 0x97]
push ecx
mov ecx, 2
push 0
push eax
mov eax, ebx
push 0xa
push 0x80
call fcn_fffb20e5  ; call 0xfffb20e5
add esp, 0x20
mov byte [ebx + 0x248c], 1
mov byte [ebx + 0x248b], 0
lea esp, [ebp - 8]
pop ebx
pop edi
pop ebp
ret

fcn_fffb28b2:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
mov ecx, 0xb
push edi
push esi
push ebx
lea edi, [ebp - 0x1f4]
sub esp, 0x270
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x217]
mov word [ebp - 0x1e6], 0x3ff
mov word [ebp - 0x1ca], 1
mov word [ebp - 0x1ff], 0x20
mov esi, dword [eax + 0x5edc]
mov al, byte [eax + 0x248e]
mov dword [ebp - 0x1fd], 0
mov dword [ebp - 0x1f9], 9
mov byte [ebp - 0x1f5], 0
mov byte [ebp - 0x22c], al
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248d]
mov byte [ebp - 0x230], al
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x18a7]
mov dword [ebp - 0x234], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
mov dword [ebp - 0x260], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 2
sete al
movzx eax, al
mov dword [ebp - 0x250], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2443]
push 1
push 7
push edx
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0x10
mov eax, dword [eax + 0x1887]
cmp eax, 0x40650
je short loc_fffb29de  ; je 0xfffb29de
ja short loc_fffb298e  ; ja 0xfffb298e
cmp eax, 0x306d0
jmp short loc_fffb299a  ; jmp 0xfffb299a

loc_fffb298e:  ; not directly referenced
cmp eax, 0x40660
je short loc_fffb29a8  ; je 0xfffb29a8
cmp eax, 0x40670

loc_fffb299a:  ; not directly referenced
jne short loc_fffb29c3  ; jne 0xfffb29c3
mov dword [ebp - 0x248], 0x7f
jmp short loc_fffb29e8  ; jmp 0xfffb29e8

loc_fffb29a8:  ; not directly referenced
mov dword [ebp - 0x248], 0x3f
mov ebx, 0x19
mov dword [ebp - 0x240], 0x14
jmp short loc_fffb29f7  ; jmp 0xfffb29f7

loc_fffb29c3:  ; not directly referenced
mov dword [ebp - 0x248], 0x3f
mov ebx, 0x15
mov dword [ebp - 0x240], 0x10
jmp short loc_fffb29f7  ; jmp 0xfffb29f7

loc_fffb29de:  ; not directly referenced
mov dword [ebp - 0x248], 0x3f

loc_fffb29e8:  ; not directly referenced
mov dword [ebp - 0x240], 0x12
mov ebx, 0x17

loc_fffb29f7:  ; not directly referenced
push 8
movzx edx, byte [ebp - 0x22c]
mov ecx, 2
push 0
push 0
lea eax, [ebp - 0x1ff]
push eax
push 0
lea eax, [ebp - 0x1f4]
push eax
mov eax, dword [ebp + 8]
push 7
push 2
shl ebx, 0x10
call fcn_fffb20e5  ; call 0xfffb20e5
lea eax, [esi + 0x1c]
add esp, 0x20
mov dword [ebp - 0x264], eax
xor esi, esi
mov dword [ebp - 0x22c], eax
mov dword [ebp - 0x238], ebx

loc_fffb2a42:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
xor ebx, ebx
cmp dword [edi + eax + 0x3756], 2
jne loc_fffb2aeb  ; jne 0xfffb2aeb

loc_fffb2a5b:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2488]
jae short loc_fffb2a8f  ; jae 0xfffb2a8f
mov eax, dword [ebp + 8]
movzx edi, bl
mov edx, esi
mov ecx, edi
inc ebx
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebp - 0x22c]
mov ecx, dword [ecx + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
or ecx, 0x40
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffb2a5b  ; jmp 0xfffb2a5b

loc_fffb2a8f:  ; not directly referenced
mov ecx, 0xff
mov edx, esi
call fcn_fffa7288  ; call 0xfffa7288
mov edi, eax
mov eax, dword [ebp - 0x22c]
mov ebx, dword [eax]
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 3
jne short loc_fffb2ac0  ; jne 0xfffb2ac0
and ebx, 0xefffffff
mov edx, edi
mov ecx, ebx
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffb2ac0:  ; not directly referenced
mov eax, dword [ebp + 8]
or ebx, 0x1000004
mov edx, edi
mov ecx, ebx
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov ecx, dword [ebp - 0x238]
mov edx, esi
mov eax, dword [ebp + 8]
shl edx, 0xa
add edx, 0x4028
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb2aeb:  ; not directly referenced
inc esi
add dword [ebp - 0x22c], 0xcc
cmp esi, 2
jne loc_fffb2a42  ; jne 0xfffb2a42
imul eax, dword [ebp - 0x234], 0x2e
mov dword [ebp - 0x22c], 0
mov dword [ebp - 0x26c], eax
movzx eax, byte [ebp - 0x230]
mov dword [ebp - 0x274], eax
mov eax, dword [ebp + 8]
add eax, 0x3756
mov dword [ebp - 0x234], eax

loc_fffb2b31:  ; not directly referenced
mov edi, dword [ebp - 0x22c]
mov esi, dword [ebp - 0x274]
mov eax, edi
bt esi, edi
jb short loc_fffb2b78  ; jb 0xfffb2b78

loc_fffb2b44:  ; not directly referenced
inc dword [ebp - 0x22c]
cmp dword [ebp - 0x22c], 4
jne short loc_fffb2b31  ; jne 0xfffb2b31
mov eax, dword [ebp + 8]
mov edi, dword [ebp - 0x264]
mov dword [ebp - 0x22c], 0
add eax, 0x3756
mov dword [ebp - 0x234], eax
mov esi, eax
jmp near loc_fffb359d  ; jmp 0xfffb359d

loc_fffb2b78:  ; not directly referenced
mov esi, dword [ebp - 0x22c]
and eax, 1
mov dword [ebp - 0x23c], 1
mov dword [ebp - 0x238], 0
mov byte [ebp - 0x254], 0
mov ecx, esi
shl dword [ebp - 0x23c], cl
mov bl, byte [ebp - 0x23c]
mov dword [ebp - 0x24c], eax
mov byte [ebp - 0x230], bl
mov ebx, esi
shr bl, 1
movzx esi, bl
mov byte [ebp - 0x265], bl
mov ebx, dword [ebp - 0x234]
mov dword [ebp - 0x244], esi

loc_fffb2bcf:  ; not directly referenced
mov ecx, dword [ebp - 0x23c]
mov edx, dword [ebp - 0x238]
mov eax, dword [ebp + 8]
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0x254], al
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
je loc_fffb2d28  ; je 0xfffb2d28
mov eax, dword [ebp - 0x22c]
mov edx, 0
mov byte [ebx + eax + 0x1011], 0
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x36e7]
cmp al, 1
cmovbe eax, edx
cmp dword [ebp - 0x260], 1
jne short loc_fffb2c47  ; jne 0xfffb2c47
mov esi, dword [ebp + 8]
cmp dword [esi + 0x36e3], 1
jne short loc_fffb2c3d  ; jne 0xfffb2c3d
imul eax, eax, 0x64
mov ecx, 0x85
cdq
idiv ecx

loc_fffb2c3d:  ; not directly referenced
cmp al, 2
lea edx, [eax - 2]
mov al, 0
cmovae eax, edx

loc_fffb2c47:  ; not directly referenced
mov esi, dword [ebp + 8]
cmp dword [esi + 0x2480], 3
mov esi, dword [ebp - 0x26c]
movzx esi, word [ebx + esi + 0xa]
jne short loc_fffb2c93  ; jne 0xfffb2c93
mov edi, dword [ebp + 8]
movzx edx, al
add esi, esi
mov ecx, 4
movzx edi, word [edi + 0x2489]
add edi, edi
cmp al, 5
cmovae ecx, edx
xor edx, edx
lea eax, [edi + 0x157b]
div edi
mov edi, dword [ebp - 0x240]
lea edx, [edi + eax + 1]
add esi, edx
add esi, ecx
jmp short loc_fffb2cae  ; jmp 0xfffb2cae

loc_fffb2c93:  ; not directly referenced
add esi, esi
movzx ecx, al
cmp al, 5
mov eax, dword [ebp - 0x240]
mov edx, 4
cmovae edx, ecx
lea esi, [eax + esi + 5]
add esi, edx

loc_fffb2cae:  ; not directly referenced
mov eax, dword [ebp - 0x248]
mov edi, dword [ebp - 0x22c]
cmp esi, eax
cmova esi, eax
mov eax, dword [ebp - 0x238]
mov ecx, esi
shl eax, 0xa
lea edx, [edi + eax + 0x4024]
mov eax, dword [ebp + 8]
call fcn_fffae566  ; call 0xfffae566
mov eax, esi
cmp dword [ebp - 0x250], 0
mov byte [ebx + edi + 0x1015], al
je short loc_fffb2d28  ; je 0xfffb2d28
imul edx, dword [ebp - 0x24c], 0x18
imul eax, dword [ebp - 0x244], 0x128
mov ecx, dword [ebp - 0x23c]
add eax, edx
mov ax, word [ebx + eax + 0x1273]
push edx
push edx
mov edx, dword [ebp - 0x238]
or ah, 4
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 4
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10

loc_fffb2d28:  ; not directly referenced
inc dword [ebp - 0x238]
add ebx, 0x13c3
cmp dword [ebp - 0x238], 2
jne loc_fffb2bcf  ; jne 0xfffb2bcf
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x36d7]
cmp eax, 0x320
je short loc_fffb2d8c  ; je 0xfffb2d8c
cmp eax, 0x42b
ja short loc_fffb2da0  ; ja 0xfffb2da0
mov eax, dword [ebp + 8]
mov esi, 0x198
cmp dword [eax + 0x2480], 3
mov eax, 0x158
cmovne eax, esi
mov esi, 0x118
mov word [ebp - 0x23c], ax
mov eax, 0xd8
cmovne eax, esi
mov word [ebp - 0x238], ax
jmp short loc_fffb2db2  ; jmp 0xfffb2db2

loc_fffb2d8c:  ; not directly referenced
mov word [ebp - 0x23c], 0x158
mov word [ebp - 0x238], 0xd8
jmp short loc_fffb2db2  ; jmp 0xfffb2db2

loc_fffb2da0:  ; not directly referenced
mov word [ebp - 0x23c], 0x198
mov word [ebp - 0x238], 0x118

loc_fffb2db2:  ; not directly referenced
mov eax, dword [ebp - 0x238]
mov word [ebp - 0x244], ax
movzx eax, word [ebp - 0x23c]
sub eax, 8
mov dword [ebp - 0x270], eax

loc_fffb2dcf:  ; not directly referenced
movzx edi, word [ebp - 0x244]
xor ebx, ebx

loc_fffb2dd8:  ; not directly referenced
imul eax, ebx, 0x13c3
mov esi, dword [ebp + 8]
mov cl, byte [ebp - 0x230]
test byte [esi + eax + 0x381a], cl
je short loc_fffb2df4  ; je 0xfffb2df4
xor esi, esi
jmp short loc_fffb2e39  ; jmp 0xfffb2e39

loc_fffb2df4:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffb2dd8  ; jne 0xfffb2dd8
movzx eax, byte [ebp - 0x254]
xor ecx, ecx
xor esi, esi
push edi
push 0
push 1
mov edx, eax
mov dword [ebp - 0x258], eax
lea eax, [ebp - 0x217]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb0f94  ; call 0xfffb0f94
movzx ebx, word [ebp - 0x244]
add esp, 0x10
lea eax, [ebx - 8]
mov dword [ebp - 0x25c], eax
jmp near loc_fffb2ef0  ; jmp 0xfffb2ef0

loc_fffb2e39:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, esi
cmp al, byte [ecx + 0x2488]
jae short loc_fffb2df4  ; jae 0xfffb2df4
push eax
mov eax, esi
mov ecx, dword [ebp - 0x22c]
push edi
movzx eax, al
push 0
mov edx, ebx
push eax
mov eax, dword [ebp + 8]
inc esi
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
jmp short loc_fffb2e39  ; jmp 0xfffb2e39

loc_fffb2e66:  ; not directly referenced
movzx edi, byte [ebp - 0x24c]
mov edx, esi
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x238]
cmp eax, 0x1f
seta al
movzx eax, al
cmp word [ebp - 0x244], cx
jne loc_fffb2f5a  ; jne 0xfffb2f5a
test eax, eax
je short loc_fffb2f11  ; je 0xfffb2f11
lea eax, [esi + esi*8]
add edi, eax
mov dword [ebp + edi*4 - 0x180], ebx
mov dword [ebp + edi*4 - 0x1c8], ebx
mov dword [ebp + edi*4 - 0xf0], ebx
mov dword [ebp + edi*4 - 0x138], ebx
mov dword [ebp + edi*4 - 0x60], ebx
mov dword [ebp + edi*4 - 0xa8], ebx

loc_fffb2ecf:  ; not directly referenced
inc byte [ebp - 0x24c]

loc_fffb2ed5:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x24c]
cmp al, byte [edi + 0x2488]
jb short loc_fffb2e66  ; jb 0xfffb2e66

loc_fffb2ee6:  ; not directly referenced
inc esi
cmp esi, 2
je loc_fffb3021  ; je 0xfffb3021

loc_fffb2ef0:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
mov cl, byte [ebp - 0x230]
test byte [edi + eax + 0x381a], cl
je short loc_fffb2ee6  ; je 0xfffb2ee6
mov byte [ebp - 0x24c], 0
jmp short loc_fffb2ed5  ; jmp 0xfffb2ed5

loc_fffb2f11:  ; not directly referenced
lea eax, [esi + esi*8]
add edi, eax
mov dword [ebp + edi*4 - 0x180], 0xfffffff8
mov dword [ebp + edi*4 - 0x1c8], 0xfffffff8
mov dword [ebp + edi*4 - 0xf0], 0xfffffff8
mov dword [ebp + edi*4 - 0x138], 0xfffffff8
mov dword [ebp + edi*4 - 0x60], 0xfffffff8
mov dword [ebp + edi*4 - 0xa8], 0xfffffff8
jmp near loc_fffb2ecf  ; jmp 0xfffb2ecf

loc_fffb2f5a:  ; not directly referenced
test eax, eax
je loc_fffb2ecf  ; je 0xfffb2ecf
lea eax, [esi + esi*8]
mov ecx, dword [ebp - 0x25c]
add eax, edi
cmp dword [ebp + eax*4 - 0x180], ecx
jne short loc_fffb2f7d  ; jne 0xfffb2f7d
mov dword [ebp + eax*4 - 0x180], ebx

loc_fffb2f7d:  ; not directly referenced
lea eax, [esi + esi*8]
mov ecx, dword [ebp - 0x25c]
add eax, edi
cmp dword [ebp + eax*4 - 0xf0], ecx
mov dword [ebp + eax*4 - 0xf0], ebx
je short loc_fffb2f9f  ; je 0xfffb2f9f
mov dword [ebp + eax*4 - 0x138], ebx

loc_fffb2f9f:  ; not directly referenced
cmp ebx, dword [ebp - 0x270]
jl short loc_fffb2fee  ; jl 0xfffb2fee
lea eax, [esi + esi*8]
movzx edx, word [ebp - 0x238]
add eax, edi
mov ecx, dword [ebp + eax*4 - 0x1c8]
cmp ecx, edx
jne short loc_fffb2fee  ; jne 0xfffb2fee
mov edx, dword [ebp + eax*4 - 0x180]
cmp edx, ebx
je short loc_fffb2fee  ; je 0xfffb2fee
mov edi, ebx
sub edi, dword [ebp + eax*4 - 0x138]
mov dword [ebp + eax*4 - 0x60], edx
sub ecx, edi
sub ecx, 8
mov dword [ebp + eax*4 - 0x1c8], ecx
mov dword [ebp + eax*4 - 0xa8], ecx
jmp near loc_fffb2ecf  ; jmp 0xfffb2ecf

loc_fffb2fee:  ; not directly referenced
lea eax, [esi + esi*8]
mov ecx, ebx
add edi, eax
mov edx, dword [ebp + edi*4 - 0x138]
mov eax, dword [ebp + edi*4 - 0x60]
sub eax, dword [ebp + edi*4 - 0xa8]
sub ecx, edx
cmp ecx, eax
jle loc_fffb2ecf  ; jle 0xfffb2ecf
mov dword [ebp + edi*4 - 0xa8], edx
mov dword [ebp + edi*4 - 0x60], ebx
jmp near loc_fffb2ecf  ; jmp 0xfffb2ecf

loc_fffb3021:  ; not directly referenced
add word [ebp - 0x244], 8
mov eax, dword [ebp - 0x23c]
cmp word [ebp - 0x244], ax
jb loc_fffb2dcf  ; jb 0xfffb2dcf
movzx eax, word [ebp - 0x23c]
xor edi, edi
mov ebx, dword [ebp - 0x234]
mov dword [ebp - 0x254], eax
imul eax, dword [ebp - 0x22c], 9
mov dword [ebp - 0x25c], eax

loc_fffb305e:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
jne short loc_fffb30cf  ; jne 0xfffb30cf

loc_fffb306c:  ; not directly referenced
inc edi
add ebx, 0x13c3
cmp edi, 2
jne short loc_fffb305e  ; jne 0xfffb305e
mov eax, dword [ebp + 8]
mov bl, byte [ebp - 0x265]
mov word [ebp - 0x220], 0x1ff
mov word [ebp - 0x21e], 0x1ff
movzx ecx, byte [eax + 0x2488]
mov eax, 1
shl eax, cl
dec eax
mov word [ebp - 0x244], ax
lea eax, [ebx + ebx]
movzx eax, al
mov dword [ebp - 0x23c], eax
inc eax
mov dword [ebp - 0x238], eax
movzx eax, bl
add eax, 0x4028
mov dword [ebp - 0x25c], eax
jmp near loc_fffb31e8  ; jmp 0xfffb31e8

loc_fffb30cf:  ; not directly referenced
lea eax, [edi + edi*8]
mov byte [ebp - 0x238], 0
mov dword [ebp - 0x24c], eax

loc_fffb30df:  ; not directly referenced
mov esi, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [esi + 0x2488]
jae loc_fffb306c  ; jae 0xfffb306c
movzx ecx, byte [ebp - 0x238]
mov eax, dword [ebp - 0x24c]
add eax, ecx
mov esi, dword [ebp + eax*4 - 0x60]
mov eax, dword [ebp + eax*4 - 0xa8]
mov dword [ebp - 0x23c], esi
mov dword [ebp - 0x244], eax
add eax, esi
mov esi, 2
cdq
idiv esi
mov esi, dword [ebp - 0x23c]
sub esi, dword [ebp - 0x244]
cmp eax, dword [ebp - 0x254]
jle short loc_fffb314e  ; jle 0xfffb314e
mov edx, dword [ebp + 8]
cmp byte [edx + 0x1965], 0
je short loc_fffb314e  ; je 0xfffb314e

loc_fffb3144:  ; not directly referenced
mov eax, 7
jmp near loc_fffb3a71  ; jmp 0xfffb3a71

loc_fffb314e:  ; not directly referenced
sub esi, 0x21
cmp esi, 0x3e
jbe short loc_fffb3162  ; jbe 0xfffb3162
mov esi, dword [ebp + 8]
cmp byte [esi + 0x1965], 0
jne short loc_fffb3144  ; jne 0xfffb3144

loc_fffb3162:  ; not directly referenced
mov esi, dword [ebp - 0x25c]
lea edx, [ecx + esi + 0xd8]
mov word [ebx + edx*2 + 1], ax
mov eax, dword [ebp + 8]
mov edx, edi
push esi
push 0
push 0xff
push ecx
mov ecx, dword [ebp - 0x22c]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
inc byte [ebp - 0x238]
jmp near loc_fffb30df  ; jmp 0xfffb30df

loc_fffb319b:  ; not directly referenced
push ebx
mov edx, dword [ebp - 0x258]
xor ecx, ecx
push 0
xor ebx, ebx
push 1
lea eax, [ebp - 0x217]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb0f94  ; call 0xfffb0f94
mov esi, dword [ebp - 0x234]
add esp, 0x10

loc_fffb31c2:  ; not directly referenced
mov al, byte [ebp - 0x230]
xor edi, edi
mov word [ebp + ebx*2 - 0x220], 0
test byte [esi + 0xc4], al
jne short loc_fffb322d  ; jne 0xfffb322d

loc_fffb31dc:  ; not directly referenced
inc ebx
add esi, 0x13c3
cmp ebx, 2
jne short loc_fffb31c2  ; jne 0xfffb31c2

loc_fffb31e8:  ; not directly referenced
cmp word [ebp - 0x220], 0
je loc_fffb3335  ; je 0xfffb3335
jmp short loc_fffb319b  ; jmp 0xfffb319b

loc_fffb31f8:  ; not directly referenced
mov eax, edi
mov edx, ebx
movzx ecx, al
mov eax, dword [ebp + 8]
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
and eax, 0x1ff
cmp eax, 0x1f
jle short loc_fffb322c  ; jle 0xfffb322c
mov eax, 1
mov ecx, edi
shl eax, cl
or word [ebp + ebx*2 - 0x220], ax

loc_fffb322c:  ; not directly referenced
inc edi

loc_fffb322d:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2488]
jb short loc_fffb31f8  ; jb 0xfffb31f8
mov dx, word [ebp + ebx*2 - 0x220]
cmp dx, word [ebp - 0x244]
je short loc_fffb3265  ; je 0xfffb3265

loc_fffb324b:  ; not directly referenced
movzx eax, dx
xor edi, edi
mov dword [ebp - 0x24c], eax
imul eax, dword [ebp - 0x22c], 9
mov dword [ebp - 0x254], eax
jmp short loc_fffb32d0  ; jmp 0xfffb32d0

loc_fffb3265:  ; not directly referenced
mov eax, dword [ebp - 0x22c]
mov al, byte [esi + eax + 0x1011]
cmp al, 0xd
ja short loc_fffb324b  ; ja 0xfffb324b
mov edi, dword [ebp - 0x22c]
add eax, 2
mov edx, ebx
shl edx, 0xa
add edx, dword [ebp - 0x25c]
mov byte [esi + edi + 0x1011], al
mov eax, dword [ebp - 0x238]
movzx ecx, byte [esi + eax + 0x1011]
mov eax, dword [ebp - 0x23c]
shl ecx, 4
add cl, byte [esi + eax + 0x1011]
mov eax, dword [ebp + 8]
movzx ecx, cl
call fcn_fffae566  ; call 0xfffae566
jmp near loc_fffb31dc  ; jmp 0xfffb31dc

loc_fffb32bf:  ; not directly referenced
mov ecx, dword [ebp - 0x24c]
mov eax, edi
movzx eax, al
bt ecx, edi
jb short loc_fffb32e2  ; jb 0xfffb32e2

loc_fffb32cf:  ; not directly referenced
inc edi

loc_fffb32d0:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2488]
jb short loc_fffb32bf  ; jb 0xfffb32bf
jmp near loc_fffb31dc  ; jmp 0xfffb31dc

loc_fffb32e2:  ; not directly referenced
mov ecx, dword [ebp - 0x254]
lea edx, [eax + ecx]
lea edx, [esi + edx*2]
mov cx, word [edx + 0x1b1]
cmp cx, 0x7f
jbe short loc_fffb3307  ; jbe 0xfffb3307
add ecx, 0xffffff80
mov word [edx + 0x1b1], cx
jmp short loc_fffb3317  ; jmp 0xfffb3317

loc_fffb3307:  ; not directly referenced
mov ecx, dword [ebp + 8]
cmp byte [ecx + 0x1965], 0
jne loc_fffb3144  ; jne 0xfffb3144

loc_fffb3317:  ; not directly referenced
push ecx
mov ecx, dword [ebp - 0x22c]
mov edx, ebx
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
jmp short loc_fffb32cf  ; jmp 0xfffb32cf

loc_fffb3335:  ; not directly referenced
cmp word [ebp - 0x21e], 0
jne loc_fffb319b  ; jne 0xfffb319b
mov ebx, dword [ebp - 0x234]
xor esi, esi
imul edi, dword [ebp - 0x22c], 9

loc_fffb3352:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
jne short loc_fffb3397  ; jne 0xfffb3397

loc_fffb3360:  ; not directly referenced
inc esi
add ebx, 0x13c3
cmp esi, 2
jne short loc_fffb3352  ; jne 0xfffb3352
imul eax, dword [ebp - 0x22c], 9
mov word [ebp - 0x220], 0
mov word [ebp - 0x21e], 0
mov byte [ebp - 0x254], 0x40
mov dword [ebp - 0x25c], eax
jmp near loc_fffb3443  ; jmp 0xfffb3443

loc_fffb3397:  ; not directly referenced
mov byte [ebp - 0x238], 0

loc_fffb339e:  ; not directly referenced
mov edx, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [edx + 0x2488]
jae short loc_fffb3360  ; jae 0xfffb3360
movzx eax, byte [ebp - 0x238]
mov ecx, dword [ebp - 0x22c]
lea edx, [eax + edi]
add edx, edx
add word [ebx + edx + 0x1b1], 0x40
push edx
mov edx, esi
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
inc byte [ebp - 0x238]
jmp short loc_fffb339e  ; jmp 0xfffb339e

loc_fffb33e8:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [esi + 0xc4], al
je short loc_fffb3421  ; je 0xfffb3421
mov byte [ebp - 0x238], 0

loc_fffb33fd:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [ecx + 0x2488]
jb short loc_fffb3474  ; jb 0xfffb3474
mov eax, dword [ebp - 0x244]
cmp word [ebp + ebx*2 - 0x220], ax
mov al, 0
cmovne edi, eax

loc_fffb3421:  ; not directly referenced
inc ebx
add esi, 0x13c3
cmp ebx, 2
jne short loc_fffb33e8  ; jne 0xfffb33e8
mov eax, edi
test al, al
jne loc_fffb351e  ; jne 0xfffb351e
dec byte [ebp - 0x254]
je loc_fffb350e  ; je 0xfffb350e

loc_fffb3443:  ; not directly referenced
push eax
mov edx, dword [ebp - 0x258]
xor ecx, ecx
push 0
xor ebx, ebx
push 1
mov edi, 1
lea eax, [ebp - 0x217]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10
mov esi, dword [ebp - 0x234]
jmp near loc_fffb33e8  ; jmp 0xfffb33e8

loc_fffb3474:  ; not directly referenced
movzx eax, word [ebp + ebx*2 - 0x220]
mov cl, byte [ebp - 0x238]
mov word [ebp - 0x24c], ax
movzx edx, cl
bt eax, ecx
mov dword [ebp - 0x23c], edx
jb short loc_fffb3503  ; jb 0xfffb3503
mov eax, dword [ebp + 8]
mov ecx, edx
mov edx, ebx
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
cmp eax, 0x1f
jbe short loc_fffb34cf  ; jbe 0xfffb34cf
mov cl, byte [ebp - 0x23c]
mov eax, 1
shl eax, cl
or eax, dword [ebp - 0x24c]
mov word [ebp + ebx*2 - 0x220], ax
jmp short loc_fffb3503  ; jmp 0xfffb3503

loc_fffb34cf:  ; not directly referenced
mov ecx, dword [ebp - 0x23c]
mov edx, dword [ebp - 0x25c]
mov eax, ecx
add eax, edx
mov edx, ebx
inc word [esi + eax*2 + 0x1b1]
push eax
mov eax, dword [ebp + 8]
push 0
push 0xff
push ecx
mov ecx, dword [ebp - 0x22c]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffb3503:  ; not directly referenced
inc byte [ebp - 0x238]
jmp near loc_fffb33fd  ; jmp 0xfffb33fd

loc_fffb350e:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x1965], 0
jne loc_fffb3144  ; jne 0xfffb3144

loc_fffb351e:  ; not directly referenced
mov ebx, dword [ebp - 0x234]
xor esi, esi
imul edi, dword [ebp - 0x22c], 9

loc_fffb352d:  ; not directly referenced
mov al, byte [ebp - 0x230]
test byte [ebx + 0xc4], al
jne short loc_fffb354c  ; jne 0xfffb354c

loc_fffb353b:  ; not directly referenced
inc esi
add ebx, 0x13c3
cmp esi, 2
jne short loc_fffb352d  ; jne 0xfffb352d
jmp near loc_fffb2b44  ; jmp 0xfffb2b44

loc_fffb354c:  ; not directly referenced
mov byte [ebp - 0x238], 0

loc_fffb3553:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0x238]
cmp al, byte [ecx + 0x2488]
jae short loc_fffb353b  ; jae 0xfffb353b
movzx eax, byte [ebp - 0x238]
lea edx, [eax + edi]
add edx, edx
sub word [ebx + edx + 0x1b1], 0x40
mov edx, esi
push ecx
mov ecx, dword [ebp - 0x22c]
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
inc byte [ebp - 0x238]
jmp short loc_fffb3553  ; jmp 0xfffb3553

loc_fffb359d:  ; not directly referenced
cmp dword [esi], 2
je short loc_fffb35dc  ; je 0xfffb35dc

loc_fffb35a2:  ; not directly referenced
inc dword [ebp - 0x22c]
add esi, 0x13c3
add edi, 0xcc
cmp dword [ebp - 0x22c], 2
jne short loc_fffb359d  ; jne 0xfffb359d
mov eax, dword [ebp + 8]
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov edi, dword [ebp - 0x234]
mov dword [ebp - 0x22c], 0
mov ebx, eax
jmp near loc_fffb36c5  ; jmp 0xfffb36c5

loc_fffb35dc:  ; not directly referenced
mov edx, dword [ebp - 0x22c]
mov ecx, 0xff
mov eax, dword [ebp + 8]
call fcn_fffa7288  ; call 0xfffa7288
mov ebx, dword [edi]
mov dword [ebp - 0x230], eax
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 3
jne short loc_fffb3616  ; jne 0xfffb3616
mov edx, dword [ebp - 0x230]
and ebx, 0xefffffff
mov ecx, ebx
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffb3616:  ; not directly referenced
mov ecx, dword [edi]
xor ebx, ebx
mov edx, dword [ebp - 0x230]
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffb3628:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2488]
jae short loc_fffb3663  ; jae 0xfffb3663
movzx eax, bl
mov edx, dword [ebp - 0x22c]
inc ebx
mov ecx, eax
mov dword [ebp - 0x230], eax
mov eax, dword [ebp + 8]
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebp - 0x230]
mov ecx, dword [edi + ecx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffb3628  ; jmp 0xfffb3628

loc_fffb3663:  ; not directly referenced
cmp dword [ebp - 0x250], 0
je loc_fffb35a2  ; je 0xfffb35a2
xor ebx, ebx

loc_fffb3672:  ; not directly referenced
mov eax, 1
mov cl, bl
shl eax, cl
test byte [esi + 0xc4], al
je short loc_fffb36ba  ; je 0xfffb36ba
push edx
mov ecx, ebx
push edx
mov dl, bl
shr dl, 1
and ecx, 1
movzx edx, dl
imul ecx, ecx, 0x18
imul edx, edx, 0x128
add edx, ecx
mov ecx, eax
mov eax, dword [ebp + 8]
movzx edx, word [esi + edx + 0x1273]
push edx
mov edx, dword [ebp - 0x22c]
push 4
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10

loc_fffb36ba:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffb3672  ; jne 0xfffb3672
jmp near loc_fffb35a2  ; jmp 0xfffb35a2

loc_fffb36c5:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffb3a56  ; jne 0xfffb3a56
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x2443]
lea eax, [ebp - 0x210]
push ecx
push 0xf000
push 4
push eax
call dword [ebx + 0x60]  ; ucall
add esp, 0xc
push 0x1000
push 4
lea eax, [ebp - 0x208]
push eax
call dword [ebx + 0x60]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x21b]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
mov ebx, 2
cmp dword [edi], 2
jne loc_fffb3a56  ; jne 0xfffb3a56
xor ecx, ecx
mov esi, 0x1000
mov word [ebp - 0x230], 0xf000

loc_fffb372f:  ; not directly referenced
mov ebx, 0xf
bt ebx, ecx
jae loc_fffb37d4  ; jae 0xfffb37d4
mov edx, 1
shl edx, cl
test byte [edi + 0xc4], dl
je loc_fffb37d4  ; je 0xfffb37d4
mov ebx, dword [ebp + 8]
imul edx, ecx, 0x12
mov bl, byte [ebx + 0x2488]
mov byte [ebp - 0x234], bl
lea ebx, [edi + edx]
xor edx, edx
mov eax, ebx

loc_fffb3769:  ; not directly referenced
cmp byte [ebp - 0x234], dl
jbe short loc_fffb37ab  ; jbe 0xfffb37ab
movzx ebx, byte [edi + ecx + 0x1011]
imul ebx, ebx, 0xffffffc0
add bx, word [eax + edx*2 + 0x1b1]
cmp word [ebp + ecx*2 - 0x210], bx
jge short loc_fffb3796  ; jge 0xfffb3796
mov word [ebp + ecx*2 - 0x210], bx

loc_fffb3796:  ; not directly referenced
cmp word [ebp + ecx*2 - 0x208], bx
jle short loc_fffb37a8  ; jle 0xfffb37a8
mov word [ebp + ecx*2 - 0x208], bx

loc_fffb37a8:  ; not directly referenced
inc edx
jmp short loc_fffb3769  ; jmp 0xfffb3769

loc_fffb37ab:  ; not directly referenced
mov eax, dword [ebp - 0x230]
mov dx, word [ebp + ecx*2 - 0x210]
cmp ax, dx
cmovge edx, eax
mov word [ebp - 0x230], dx
movsx edx, word [ebp + ecx*2 - 0x208]
cmp si, dx
cmovg esi, edx

loc_fffb37d4:  ; not directly referenced
inc ecx
cmp ecx, 4
jne loc_fffb372f  ; jne 0xfffb372f
movsx eax, word [ebp - 0x230]
mov cl, 2
xor ebx, ebx
add eax, esi
xor esi, esi
cdq
idiv ecx
mov cl, 0x40
neg eax
add eax, 0x160
cdq
idiv ecx
mov dword [ebp - 0x240], eax
mov byte [ebp - 0x23c], al
cbw
mov word [ebp - 0x234], ax
shl word [ebp - 0x234], 6

loc_fffb3819:  ; not directly referenced
mov eax, 0xf
bt eax, ebx
jae loc_fffb395c  ; jae 0xfffb395c
mov al, 1
mov cl, bl
shl eax, cl
test byte [edi + 0xc4], al
je loc_fffb395c  ; je 0xfffb395c
mov al, byte [ebp - 0x23c]
mov byte [ebp + ebx - 0x21b], al
mov eax, dword [ebp - 0x234]
add ax, word [ebp + ebx*2 - 0x208]
cmp ax, 0x3f
jg short loc_fffb3874  ; jg 0xfffb3874
movsx edx, ax
mov eax, 0x7f
sub eax, edx
sar eax, 6
add eax, dword [ebp - 0x240]
mov byte [ebp + ebx - 0x21b], al

loc_fffb3874:  ; not directly referenced
mov dl, byte [ebp + ebx - 0x21b]
movsx ax, dl
shl eax, 6
add ax, word [ebp + ebx*2 - 0x210]
cwde
cmp eax, 0x1bf
jle short loc_fffb38a3  ; jle 0xfffb38a3
sub eax, 0x180
sar eax, 6
sub edx, eax
mov byte [ebp + ebx - 0x21b], dl

loc_fffb38a3:  ; not directly referenced
mov al, byte [ebp + ebx - 0x21b]
mov ecx, esi
movsx ecx, cl
movsx edx, al
mov byte [ebp - 0x230], al
mov eax, edx
sub eax, ecx
mov cl, byte [ebp - 0x230]
sub ecx, 0xe
cmp eax, 0xf
mov al, byte [ebp - 0x230]
cmovge esi, ecx
mov ecx, esi
movsx ecx, cl
sub edx, ecx
test edx, edx
lea ecx, [eax - 1]
cmovle esi, ecx
sub al, byte [edi + ebx + 0x1011]
mov byte [ebp - 0x230], 0
cbw
mov word [ebp - 0x238], ax
lea eax, [ebx + ebx*8]
shl word [ebp - 0x238], 6
mov dword [ebp - 0x244], eax

loc_fffb3908:  ; not directly referenced
mov edx, dword [ebp + 8]
mov al, byte [ebp - 0x230]
cmp al, byte [edx + 0x2488]
jae short loc_fffb395c  ; jae 0xfffb395c
movzx eax, byte [ebp - 0x230]
mov edx, dword [ebp - 0x244]
mov ecx, dword [ebp - 0x238]
add edx, eax
add edx, edx
add word [edi + edx + 0x1b1], cx
mov ecx, ebx
push edx
mov edx, dword [ebp - 0x22c]
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
inc byte [ebp - 0x230]
jmp short loc_fffb3908  ; jmp 0xfffb3908

loc_fffb395c:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffb3819  ; jne 0xfffb3819
mov eax, dword [ebp - 0x22c]
mov ebx, esi
shl eax, 0xa
add eax, 0x4028
mov dword [ebp - 0x234], eax
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
test bl, bl
jns short loc_fffb39aa  ; jns 0xfffb39aa
mov edx, eax
mov ecx, esi
shr edx, 0x10
neg ecx
and edx, 0x3f
movzx ecx, cl
cmp edx, ecx
mov ebx, 7
mov edx, 0
cmovge ebx, edx
jmp short loc_fffb39cb  ; jmp 0xfffb39cb

loc_fffb39aa:  ; not directly referenced
je short loc_fffb39c9  ; je 0xfffb39c9
mov edx, eax
mov ebx, esi
shr edx, 0x10
movsx ecx, bl
not edx
xor ebx, ebx
and edx, 0x3f
cmp ecx, edx
mov edx, 7
cmovg ebx, edx
jmp short loc_fffb39cb  ; jmp 0xfffb39cb

loc_fffb39c9:  ; not directly referenced
xor ebx, ebx

loc_fffb39cb:  ; not directly referenced
mov edx, eax
and eax, 0xffc00000
shr edx, 0x10
add edx, esi
and edx, 0x3f
mov ecx, edx
shl ecx, 0x10
mov dword [ebp - 0x230], eax
or dword [ebp - 0x230], ecx
mov dword [edi + 0x1019], edx
xor edx, edx

loc_fffb39f3:  ; not directly referenced
mov eax, 0xf
bt eax, edx
jae short loc_fffb3a1d  ; jae 0xfffb3a1d
mov al, 1
mov cl, dl
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffb3a1d  ; je 0xfffb3a1d
mov cl, byte [ebp + edx - 0x21b]
mov eax, esi
sub ecx, eax
mov byte [edi + edx + 0x1011], cl

loc_fffb3a1d:  ; not directly referenced
mov cl, byte [edi + edx + 0x1011]
mov eax, ecx
and eax, 0xf
lea ecx, [edx*4]
inc edx
shl eax, cl
or eax, dword [ebp - 0x230]
cmp edx, 4
je short loc_fffb3a46  ; je 0xfffb3a46
mov dword [ebp - 0x230], eax
jmp short loc_fffb39f3  ; jmp 0xfffb39f3

loc_fffb3a46:  ; not directly referenced
mov ecx, eax
mov edx, dword [ebp - 0x234]
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb3a56:  ; not directly referenced
inc dword [ebp - 0x22c]
add edi, 0x13c3
cmp dword [ebp - 0x22c], 2
jne loc_fffb36c5  ; jne 0xfffb36c5
mov eax, ebx

loc_fffb3a71:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3a79:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
mov esi, eax
push ebx
sub esp, 0x50
mov al, byte [ecx + 0x539]
push 0
push 5
mov bl, al
mov eax, dword [esi + 0x2443]
mov byte [ebp - 0x2d], dl
lea edx, [ebp - 0x1d]
push edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
mov al, 0
cmp dword [ebp + 0xc], 0
cmovne ebx, eax
xor eax, eax
mov byte [ebp - 0x2e], bl

loc_fffb3ab3:  ; not directly referenced
cmp byte [ebp - 0x2e], al
jbe short loc_fffb3ad6  ; jbe 0xfffb3ad6
movzx edx, byte [edi + eax + 0x534]
xor ecx, ecx
cmp dl, 5
ja short loc_fffb3ace  ; ja 0xfffb3ace
movzx ecx, byte [edx + ref_fffd3ec8]  ; movzx ecx, byte [edx - 0x2c138]

loc_fffb3ace:  ; not directly referenced
mov byte [ebp + ecx - 0x1d], 1
inc eax
jmp short loc_fffb3ab3  ; jmp 0xfffb3ab3

loc_fffb3ad6:  ; not directly referenced
cmp dword [ebp + 8], 0
jne short loc_fffb3af4  ; jne 0xfffb3af4
movzx ecx, byte [edi + 8]
sub esp, 0xc
xor edx, edx
push 1
mov eax, esi
call fcn_fffa83c9  ; call 0xfffa83c9
add esp, 0x10
mov dword [edi + 9], eax

loc_fffb3af4:  ; not directly referenced
lea eax, [esi + 0x3756]
mov ebx, edi
mov dword [ebp - 0x34], eax
movzx eax, byte [ebp - 0x2d]
mov dword [ebp - 0x2c], 0
mov dword [ebp - 0x50], eax

loc_fffb3b0d:  ; not directly referenced
mov eax, dword [ebp - 0x34]
cmp dword [eax], 2
je short loc_fffb3b30  ; je 0xfffb3b30

loc_fffb3b15:  ; not directly referenced
inc dword [ebp - 0x2c]
add ebx, 2
add dword [ebp - 0x34], 0x13c3
cmp dword [ebp - 0x2c], 2
jne short loc_fffb3b0d  ; jne 0xfffb3b0d
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffb3b30:  ; not directly referenced
mov eax, dword [ebp - 0x50]
mov ecx, dword [ebp - 0x2c]
bt eax, ecx
jae short loc_fffb3b15  ; jae 0xfffb3b15
mov eax, dword [ebp - 0x34]
mov byte [ebp - 0x2d], 1
cmp dword [eax + 0xc0], 1
jne short loc_fffb3b5a  ; jne 0xfffb3b5a
mov al, byte [ebx + 4]
mov byte [ebp - 0x2d], 0
mov byte [ebx], al
mov al, byte [ebx + 5]
mov byte [ebx + 1], al

loc_fffb3b5a:  ; not directly referenced
mov eax, dword [esi + 0x1887]
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
je short loc_fffb3b83  ; je 0xfffb3b83
mov byte [ebx], 0
mov byte [ebx + 1], 0
mov byte [ebx + 5], 0
mov byte [ebp - 0x2d], 1

loc_fffb3b83:  ; not directly referenced
mov dl, byte [ebx + 4]
mov ecx, 3
push 1
mov al, dl
movzx edx, byte [ebx]
mul byte [ebp - 0x2d]
shl eax, 4
add eax, edx
mov edx, dword [ebp - 0x2c]
movzx eax, ax
push eax
mov eax, esi
push 7
push 0
call fcn_fffafdb2  ; call 0xfffafdb2
mov dl, byte [ebx + 5]
mov ecx, 0xc
mov al, byte [ebp - 0x2d]
push 1
mul dl
movzx edx, byte [ebx + 1]
shl eax, 4
add eax, edx
mov edx, dword [ebp - 0x2c]
movzx eax, ax
push eax
mov eax, esi
push 7
push 0
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x20
cmp byte [ebp - 0x2e], 0
je loc_fffb3b15  ; je 0xfffb3b15
imul eax, dword [ebp - 0x2c], 9
mov byte [ebp - 0x2d], 0
mov dword [ebp - 0x4c], eax
mov dword [ebp - 0x48], eax

loc_fffb3bf1:  ; not directly referenced
mov al, byte [ebp - 0x2d]
cmp al, byte [esi + 0x2488]
jae loc_fffb3b15  ; jae 0xfffb3b15
cmp byte [ebp - 0x1d], 0
je short loc_fffb3c2e  ; je 0xfffb3c2e
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x48]
push 1
lea edx, [eax + ecx + 0x28]
mov ecx, 0xf
movsx edx, word [edi + edx*2 + 7]
push edx
mov edx, dword [ebp - 0x2c]
push 6
push eax
mov eax, esi
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x10

loc_fffb3c2e:  ; not directly referenced
cmp byte [ebp - 0x1c], 0
je short loc_fffb3c5f  ; je 0xfffb3c5f
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x48]
push 1
lea edx, [eax + ecx + 0xa4]
mov ecx, 0xf
movsx edx, word [edi + edx*2 + 7]
push edx
mov edx, dword [ebp - 0x2c]
push 0
push eax
mov eax, esi
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x10

loc_fffb3c5f:  ; not directly referenced
movzx eax, byte [ebp - 0x2d]
mov ecx, dword [ebp - 0x4c]
mov dword [ebp - 0x40], 0
mov dword [ebp - 0x44], eax
lea edx, [eax + ecx]
lea edx, [edx + edx + 0x33f]
lea ecx, [edi + edx]
mov dword [ebp - 0x3c], ecx

loc_fffb3c80:  ; not directly referenced
mov cl, byte [ebp - 0x40]
mov dword [ebp - 0x38], 1
shl dword [ebp - 0x38], cl
mov ecx, dword [ebp - 0x34]
mov al, byte [ebp - 0x38]
test byte [ecx + 0xc4], al
je short loc_fffb3ce7  ; je 0xfffb3ce7
cmp byte [ebp - 0x1b], 0
je short loc_fffb3cc3  ; je 0xfffb3cc3
mov eax, dword [ebp - 0x3c]
push 1
mov ecx, dword [ebp - 0x38]
mov edx, dword [ebp - 0x2c]
movsx eax, word [eax - 0xf8]
push eax
mov eax, esi
push 5
push dword [ebp - 0x44]
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x10

loc_fffb3cc3:  ; not directly referenced
cmp byte [ebp - 0x1a], 0
je short loc_fffb3ce7  ; je 0xfffb3ce7
mov eax, dword [ebp - 0x3c]
push 1
mov ecx, dword [ebp - 0x38]
mov edx, dword [ebp - 0x2c]
movsx eax, word [eax]
push eax
mov eax, esi
push 4
push dword [ebp - 0x44]
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x10

loc_fffb3ce7:  ; not directly referenced
inc dword [ebp - 0x40]
add dword [ebp - 0x3c], 0x3e
cmp dword [ebp - 0x40], 4
jne short loc_fffb3c80  ; jne 0xfffb3c80
inc byte [ebp - 0x2d]
jmp near loc_fffb3bf1  ; jmp 0xfffb3bf1

fcn_fffb3cfc:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov al, byte [eax]
pop ebp
ret

fcn_fffb3d06:
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov ax, word [eax]
pop ebp
ret

fcn_fffb3d11:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3d06  ; jmp 0xfffb3d06

fcn_fffb3d20:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
mov word [edx], ax
pop ebp
ret

fcn_fffb3d2e:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, word [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3d20  ; jmp 0xfffb3d20

fcn_fffb3d44:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov al, byte [eax]
pop ebp
ret

fcn_fffb3d4e:
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov eax, dword [eax]
pop ebp
ret

fcn_fffb3d58:
mov eax, dword [0xff7d0084]
push ebp
mov ebp, esp
mov eax, dword [eax + 0x14]
add eax, 0xfb020
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
leave
and eax, 0xffe0
ret

fcn_fffb3d75:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3d4e  ; jmp 0xfffb3d4e

fcn_fffb3d84:
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
mov dword [edx], eax
pop ebp
ret

fcn_fffb3d91:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3d84  ; jmp 0xfffb3d84

fcn_fffb3da6:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov edx, dword [ebp + 0x18]
mov byte [eax], dl
pop ebp
ret

fcn_fffb3db3:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
mov byte [edx], al
pop ebp
ret

fcn_fffb3dc0:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 8]
mov edx, dword [eax + 4]
mov eax, dword [eax]
pop ebp
ret

fcn_fffb3dcd:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3dc0  ; jmp 0xfffb3dc0

fcn_fffb3ddc:  ; not directly referenced
push ebp
mov ecx, 0xfffff
mov ebp, esp
push edi
mov edi, dword [ebp + 0x18]
push esi
mov esi, dword [ebp + 0x1c]
push ebx
mov ebx, dword [ebp + 8]

loc_fffb3df0:  ; not directly referenced
mov al, 0xa
mov edx, 0x70
out dx, al
mov dl, 0x71
in al, dx
test al, al
jns short loc_fffb3e04  ; jns 0xfffb3e04
dec ecx
jne short loc_fffb3df0  ; jne 0xfffb3df0
jmp short loc_fffb3e08  ; jmp 0xfffb3e08

loc_fffb3e04:  ; not directly referenced
test ecx, ecx
jne short loc_fffb3e39  ; jne 0xfffb3e39

loc_fffb3e08:  ; not directly referenced
mov edx, 0x70
mov al, 0xb
out dx, al
mov al, 0x82
mov dl, 0x71
out dx, al
mov al, 0xa
mov dl, 0x70
out dx, al
mov al, 0x26
mov dl, 0x71
out dx, al
mov al, 0xc
mov dl, 0x70
out dx, al
mov dl, 0x71
in al, dx
mov al, 0xd
mov dl, 0x70
out dx, al
mov dl, 0x71
in al, dx
mov al, 0xb
mov dl, 0x70
out dx, al
mov al, 2
mov dl, 0x71
out dx, al

loc_fffb3e39:  ; not directly referenced
mov edx, 0x70
xor eax, eax
out dx, al
mov dl, 0x71
in al, dx
mov byte [ebx], al
mov dl, 0x70
mov al, 2
out dx, al
mov dl, 0x71
in al, dx
mov ecx, dword [ebp + 0xc]
mov dl, 0x70
mov byte [ecx], al
mov al, 4
out dx, al
mov dl, 0x71
in al, dx
mov ecx, dword [ebp + 0x10]
mov dl, 0x70
mov byte [ecx], al
mov al, 7
out dx, al
mov dl, 0x71
in al, dx
mov ecx, dword [ebp + 0x14]
mov dl, 0x70
mov byte [ecx], al
mov al, 8
out dx, al
mov dl, 0x71
in al, dx
mov byte [edi], al
mov dl, 0x70
mov al, 9
out dx, al
mov dl, 0x71
in al, dx
movzx eax, al
mov dl, 0xa
mov word [esi], ax
mov cl, byte [ebx]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add ecx, eax
mov eax, dword [ebp + 0xc]
mov byte [ebx], cl
mov ebx, dword [ebp + 0x14]
mov cl, byte [eax]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add ecx, eax
mov eax, dword [ebp + 0xc]
mov byte [eax], cl
mov eax, dword [ebp + 0x10]
mov cl, byte [eax]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add ecx, eax
mov eax, dword [ebp + 0x10]
mov byte [eax], cl
mov eax, dword [ebp + 0x14]
mov cl, byte [eax]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add eax, ecx
mov byte [ebx], al
mov cl, byte [edi]
mov al, cl
and ecx, 0xf
shr al, 4
imul eax, edx
add eax, ecx
mov byte [edi], al
mov ax, word [esi]
mov edx, eax
shr ax, 4
and edx, 0xf
and eax, 0xf
imul eax, eax, 0xa
lea eax, [edx + eax + 0x7d0]
mov word [esi], ax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3f0f:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 8]
in ax, dx
pop ebp
ret

fcn_fffb3f19:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3f0f  ; jmp 0xfffb3f0f

fcn_fffb3f28:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
out dx, ax
pop ebp
ret

fcn_fffb3f35:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, word [ebp + 0x18]
mov dword [ebp + 0xc], eax
mov eax, dword [ebp + 0x10]
mov dword [ebp + 8], eax
pop ebp
jmp near fcn_fffb3f28  ; jmp 0xfffb3f28

fcn_fffb3f4b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov eax, dword [0xff7d0084]
mov edi, dword [eax + 0x14]
lea esi, [edi + 0xb0044]
add edi, 0xb0040
push esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
push edi
mov ebx, eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
pop ecx
pop edi
mov edx, eax
shr edx, 0x10
and edx, 0xf
cmp dl, 2
jne short loc_fffb3f89  ; jne 0xfffb3f89

loc_fffb3f85:  ; not directly referenced
xor eax, eax
jmp short loc_fffb3fe4  ; jmp 0xfffb3fe4

loc_fffb3f89:  ; not directly referenced
movzx eax, ah
test al, 0xf0
jne short loc_fffb3f85  ; jne 0xfffb3f85
lea eax, [ebp - 0x1c]
xor edi, edi
push eax
push 0
push 0
push ref_fffd604c  ; push 0xfffd604c
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x10

loc_fffb3fa7:  ; not directly referenced
test ebx, 0x10000
jne short loc_fffb3fd7  ; jne 0xfffb3fd7
cmp edi, 0x1388
je short loc_fffb3f85  ; je 0xfffb3f85
mov eax, dword [ebp - 0x1c]
inc edi
push edx
push 0x3e8
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov dword [esp], esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
mov ebx, eax
jmp short loc_fffb3fa7  ; jmp 0xfffb3fa7

loc_fffb3fd7:  ; not directly referenced
cmp edi, 0x1388
je short loc_fffb3f85  ; je 0xfffb3f85
mov eax, ebx
and eax, 0x3f

loc_fffb3fe4:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb3fec:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x5c
mov edi, dword [edi + 0x5edc]
mov dword [ebp - 0x3c], eax
mov eax, edx
mov dword [ebp - 0x4c], edx
mov byte [ebp - 0x3e], dl
mov dword [ebp - 0x58], edi
mov esi, dword [edi + 0xc]
mov ebx, dword [edi + 0x10]
xor edi, edi
cmp dl, 2
sete byte [ebp - 0x46]
test al, 0xfd
jne short loc_fffb404c  ; jne 0xfffb404c
mov eax, dword [ebp - 0x3c]
mov edx, 0x3a00
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x3c]
mov dl, al
and edx, 0x3f
cmp dword [ecx + 0x188b], 0
jne short loc_fffb4041  ; jne 0xfffb4041
shr eax, 0x1a
jmp short loc_fffb4044  ; jmp 0xfffb4044

loc_fffb4041:  ; not directly referenced
shr eax, 0x14

loc_fffb4044:  ; not directly referenced
and eax, 0x1f
mov byte [ebp - 0x3d], al
jmp short loc_fffb406b  ; jmp 0xfffb406b

loc_fffb404c:  ; not directly referenced
mov al, byte [ebp - 0x4c]
sub eax, 0xa
cmp al, 1
ja short loc_fffb4065  ; ja 0xfffb4065
mov eax, dword [ebp - 0x3c]
mov edx, 0x3a08
call fcn_fffae52a  ; call 0xfffae52a
mov edi, eax

loc_fffb4065:  ; not directly referenced
mov byte [ebp - 0x3d], 0
xor edx, edx

loc_fffb406b:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
cmp al, 0xb
ja loc_fffb415f  ; ja 0xfffb415f
jmp dword [eax*4 + ref_fffd3ee0]  ; ujmp: jmp dword [eax*4 - 0x2c120]

loc_fffb407d:  ; not directly referenced
shr esi, 0xb
and esi, 0xf
mov eax, esi
mov edi, esi
or eax, 0xfffffff0
test esi, 8
cmovne edi, eax
mov byte [ebp - 0x3d], dl
mov byte [ebp - 0x44], 0
mov byte [ebp - 0x40], 0xf8
mov byte [ebp - 0x45], 7
mov byte [ebp - 0x3f], 1
jmp near loc_fffb4175  ; jmp 0xfffb4175

loc_fffb40ab:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
mov edx, 0x3a04
shr esi, 0xf
and esi, 0x1f
mov edi, esi
call fcn_fffae52a  ; call 0xfffae52a
mov byte [ebp - 0x44], 0
mov byte [ebp - 0x40], 0xf0
mov byte [ebp - 0x45], 0xf
and eax, 0x3f
mov byte [ebp - 0x3d], al
mov eax, esi
or eax, 0xffffffe0
test esi, 0x10
cmovne edi, eax
jmp near loc_fffb4171  ; jmp 0xfffb4171

loc_fffb40e5:  ; not directly referenced
mov eax, ebx
mov edi, ebx
shr eax, 4
and edi, 0xf
and eax, 1
mov byte [ebp - 0x44], al
mov byte [ebp - 0x40], 4
mov byte [ebp - 0x45], 0xf
mov byte [ebp - 0x3f], 5
jmp short loc_fffb4175  ; jmp 0xfffb4175

loc_fffb4103:  ; not directly referenced
shr edi, 0xc
mov eax, edi
shr esi, 0x14
and eax, 0x3f
and esi, 0xf
mov byte [ebp - 0x3d], al
mov eax, esi
or eax, 0xfffffff0
test esi, 8
cmovne esi, eax
mov edi, esi
mov byte [ebp - 0x44], 0
mov byte [ebp - 0x40], 0xf8
mov byte [ebp - 0x45], 7
mov byte [ebp - 0x3f], 2
jmp short loc_fffb4175  ; jmp 0xfffb4175

loc_fffb4136:  ; not directly referenced
mov eax, edi
and eax, 0x3f
mov byte [ebp - 0x3d], al
mov eax, ebx
shr eax, 9
shr ebx, 5
and eax, 1
mov edi, ebx
mov byte [ebp - 0x44], al
and edi, 0xf
mov byte [ebp - 0x40], 4
mov byte [ebp - 0x45], 0xf
mov byte [ebp - 0x3f], 6
jmp short loc_fffb4175  ; jmp 0xfffb4175

loc_fffb415f:  ; not directly referenced
mov byte [ebp - 0x44], 0
xor edi, edi
mov byte [ebp - 0x40], 0
mov byte [ebp - 0x45], 0
mov byte [ebp - 0x3d], 0

loc_fffb4171:  ; not directly referenced
mov byte [ebp - 0x3f], 0

loc_fffb4175:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
xor ebx, ebx
xor esi, esi
mov ecx, dword [ebp - 0x58]
mov byte [ebp - 0x47], 0
mov word [ebp - 0x58], 0
add eax, 0x3756
mov dword [ebp - 0x54], eax
lea eax, [ebp - 0x2a]
add ecx, 0x1c
mov dword [ebp - 0x50], eax
mov al, byte [ebp - 0x3e]
sub eax, 0xa
mov byte [ebp - 0x5e], al

loc_fffb41a3:  ; not directly referenced
mov eax, dword [ebp - 0x54]
cmp dword [eax], 2
jne loc_fffb4269  ; jne 0xfffb4269
mov eax, dword [ebp - 0x3c]
mov edx, dword [ecx + 0x4c]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x5d], al
mov eax, edx
shr eax, 9
and eax, 0xf
mov byte [ebp - 0x5c], al
mov al, dl
xor edx, edx
and eax, 0x1f
mov byte [ebp - 0x48], al

loc_fffb41d3:  ; not directly referenced
cmp byte [ebp - 0x5d], dl
jbe loc_fffb4266  ; jbe 0xfffb4266
cmp byte [ebp - 0x3e], 0
mov eax, dword [ecx + edx*4 + 0x78]
jne short loc_fffb41ef  ; jne 0xfffb41ef
mov esi, eax
mov bl, 6
and esi, 0x3f
jmp short loc_fffb4229  ; jmp 0xfffb4229

loc_fffb41ef:  ; not directly referenced
cmp byte [ebp - 0x3e], 1
jne short loc_fffb41ff  ; jne 0xfffb41ff
shr eax, 0xc
mov esi, eax
and esi, 0x1f
jmp short loc_fffb420a  ; jmp 0xfffb420a

loc_fffb41ff:  ; not directly referenced
cmp byte [ebp - 0x46], 0
je short loc_fffb420e  ; je 0xfffb420e
shr eax, 0x1b
mov esi, eax

loc_fffb420a:  ; not directly referenced
mov bl, 5
jmp short loc_fffb4229  ; jmp 0xfffb4229

loc_fffb420e:  ; not directly referenced
mov al, byte [ebp - 0x3e]
cmp al, 0xa
je short loc_fffb4224  ; je 0xfffb4224
cmp al, 0xb
mov al, byte [ebp - 0x48]
cmove esi, eax
mov al, 5
cmove ebx, eax
jmp short loc_fffb4229  ; jmp 0xfffb4229

loc_fffb4224:  ; not directly referenced
mov esi, dword [ebp - 0x5c]
mov bl, 4

loc_fffb4229:  ; not directly referenced
push eax
movzx eax, bl
push 8
push eax
mov eax, esi
movzx eax, al
push eax
mov dword [ebp - 0x68], edx
mov dword [ebp - 0x64], ecx
call fcn_fffac7e7  ; call 0xfffac7e7
mov edx, dword [ebp - 0x68]
add esp, 0x10
movsx cx, al
add word [ebp - 0x58], cx
mov ecx, dword [ebp - 0x50]
add al, byte [ebp - 0x3d]
mov byte [ecx + edx], al
inc edx
mov ecx, dword [ebp - 0x64]
cmp byte [ebp - 0x5e], 2
ja loc_fffb41d3  ; ja 0xfffb41d3

loc_fffb4266:  ; not directly referenced
inc byte [ebp - 0x47]

loc_fffb4269:  ; not directly referenced
add dword [ebp - 0x50], 9
add ecx, 0xcc
add dword [ebp - 0x54], 0x13c3
lea eax, [ebp - 0x18]
cmp dword [ebp - 0x50], eax
jne loc_fffb41a3  ; jne 0xfffb41a3
movsx ebx, word [ebp - 0x58]
movzx ecx, byte [ebp - 0x47]
mov eax, ebx
sar ax, 0xf
or eax, 1
cmp byte [ebp - 0x4c], 2
mov byte [ebp - 0x54], al
movsx eax, al
mov dword [ebp - 0x50], ebx
ja short loc_fffb42c6  ; ja 0xfffb42c6
mov esi, dword [ebp - 0x3c]
imul eax, ecx
mov ebx, 2
movzx esi, byte [esi + 0x2488]
imul eax, esi
imul ecx, esi
cdq
idiv ebx
add eax, dword [ebp - 0x50]
jmp short loc_fffb42d4  ; jmp 0xfffb42d4

loc_fffb42c6:  ; not directly referenced
imul eax, ecx
mov esi, 2
cdq
idiv esi
add eax, dword [ebp - 0x50]

loc_fffb42d4:  ; not directly referenced
cdq
idiv ecx
test ax, ax
jne short loc_fffb42e5  ; jne 0xfffb42e5
movzx eax, byte [ebp - 0x3d]
jmp near loc_fffb447c  ; jmp 0xfffb447c

loc_fffb42e5:  ; not directly referenced
movsx eax, al
cdq
mov ecx, edx
xor ecx, eax
sub ecx, edx
cmp byte [ebp - 0x4c], 0xb
mov byte [ebp - 0x47], cl
sete dl
or dl, byte [ebp - 0x46]
mov byte [ebp - 0x58], dl
je short loc_fffb4304  ; je 0xfffb4304
neg byte [ebp - 0x54]

loc_fffb4304:  ; not directly referenced
mov bl, byte [ebp - 0x54]
mov dl, byte [ebp - 0x3d]
mov esi, dword [ebp - 0x44]
mov byte [ebp - 0x46], cl
add ebx, edi
movzx ecx, dl
mov byte [ebp - 0x50], bl
add eax, ecx
mov ebx, edi
mov byte [ebp - 0x4c], bl
mov dword [ebp - 0x5c], eax

loc_fffb4322:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov bl, 1
mov byte [ebp - 0x3d], al
lea eax, [edx - 3]
cmp al, 0x39
ja short loc_fffb4344  ; ja 0xfffb4344
mov al, byte [ebp - 0x45]
mov cl, byte [ebp - 0x50]
cmp cl, al
setg bl
cmp byte [ebp - 0x40], cl
setg al
or ebx, eax

loc_fffb4344:  ; not directly referenced
cmp byte [ebp - 0x58], 0
je short loc_fffb435f  ; je 0xfffb435f
mov cl, byte [ebp - 0x50]
mov al, 0
cmp cl, 0x10
cmovge esi, eax
mov eax, esi
shl eax, 4
add eax, ecx
mov byte [ebp - 0x3d], al

loc_fffb435f:  ; not directly referenced
test bl, bl
jne short loc_fffb43a8  ; jne 0xfffb43a8
movsx ecx, byte [ebp - 0x3d]
sub esp, 0xc
movzx edx, byte [ebp - 0x3f]
mov eax, dword [ebp - 0x3c]
push 0
call fcn_fffa83c9  ; call 0xfffa83c9
mov ecx, dword [ebp - 0x5c]
add esp, 0x10
mov dl, al
movzx eax, al
sub ecx, eax
mov eax, ecx
sar ecx, 0x1f
xor eax, ecx
sub eax, ecx
cmp al, byte [ebp - 0x47]
jae short loc_fffb43a8  ; jae 0xfffb43a8
cmp al, byte [ebp - 0x46]
jae short loc_fffb43aa  ; jae 0xfffb43aa
mov cl, byte [ebp - 0x3d]
test al, al
sete bl
mov byte [ebp - 0x46], al
mov byte [ebp - 0x4c], cl
jmp short loc_fffb43aa  ; jmp 0xfffb43aa

loc_fffb43a8:  ; not directly referenced
mov bl, 1

loc_fffb43aa:  ; not directly referenced
mov al, byte [ebp - 0x54]
add byte [ebp - 0x50], al
test bl, bl
je loc_fffb4322  ; je 0xfffb4322
mov bl, byte [ebp - 0x4c]
mov eax, edi
movzx edx, byte [ebp - 0x3f]
cmp bl, al
je loc_fffb4452  ; je 0xfffb4452
mov eax, dword [ebp - 0x3c]
sub esp, 0xc
movzx ecx, bl
push 1
xor ebx, ebx
call fcn_fffa83c9  ; call 0xfffa83c9
movzx esi, byte [ebp - 0x3e]
add esp, 0x10
mov byte [ebp - 0x3f], al
movzx edi, al

loc_fffb43e8:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp - 0x3c]
cmp dword [edx + eax + 0x3756], 2
je short loc_fffb4403  ; je 0xfffb4403

loc_fffb43fb:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffb43e8  ; jne 0xfffb43e8
jmp short loc_fffb4478  ; jmp 0xfffb4478

loc_fffb4403:  ; not directly referenced
lea eax, [ebx + ebx*8]
lea edx, [ebp - 0x18]
add eax, edx
mov byte [ebp - 0x3d], 0
mov dword [ebp - 0x44], eax

loc_fffb4412:  ; not directly referenced
mov edx, dword [ebp - 0x3c]
mov al, byte [ebp - 0x3d]
cmp al, byte [edx + 0x2488]
jae short loc_fffb43fb  ; jae 0xfffb43fb
movzx edx, byte [ebp - 0x3d]
xor ecx, ecx
mov eax, dword [ebp - 0x44]
push 1
movzx eax, byte [edx + eax - 0x12]
sub eax, edi
cwde
push eax
mov eax, dword [ebp - 0x3c]
push esi
push edx
mov edx, ebx
call fcn_fffafdb2  ; call 0xfffafdb2
mov al, byte [ebp - 0x3e]
add esp, 0x10
sub eax, 0xa
cmp al, 2
jbe short loc_fffb43fb  ; jbe 0xfffb43fb
inc byte [ebp - 0x3d]
jmp short loc_fffb4412  ; jmp 0xfffb4412

loc_fffb4452:  ; not directly referenced
cmp byte [ebp - 0x58], 0
je short loc_fffb4461  ; je 0xfffb4461
mov al, byte [ebp - 0x44]
shl eax, 4
add byte [ebp - 0x4c], al

loc_fffb4461:  ; not directly referenced
movzx ecx, byte [ebp - 0x4c]
sub esp, 0xc
mov eax, dword [ebp - 0x3c]
push 1
call fcn_fffa83c9  ; call 0xfffa83c9
add esp, 0x10
mov byte [ebp - 0x3f], al

loc_fffb4478:  ; not directly referenced
movzx eax, byte [ebp - 0x3f]

loc_fffb447c:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb4484:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x1b], 0
lea esi, [ebp - 0x1b]
mov byte [ebp - 0x1a], 1
lea edi, [ebp - 0x18]
mov byte [ebp - 0x19], 2

loc_fffb44a2:  ; not directly referenced
movzx edx, byte [esi]
mov eax, ebx
inc esi
call fcn_fffb3fec  ; call 0xfffb3fec
cmp esi, edi
jne short loc_fffb44a2  ; jne 0xfffb44a2
cmp dword [ebx + 0x188b], 1
jne short loc_fffb44d2  ; jne 0xfffb44d2
mov edx, 0xa
mov eax, ebx
call fcn_fffb3fec  ; call 0xfffb3fec
mov edx, 0xb
mov eax, ebx
call fcn_fffb3fec  ; call 0xfffb3fec

loc_fffb44d2:  ; not directly referenced
add esp, 0x1c
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb44dc:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0xc]
push dword [ebp + 0x10]
mov edx, dword [ebp + 8]
lea eax, [ebp - 0xa]
mov word [ebp - 0xa], bx
push eax
mov eax, 7
call fcn_fffab430  ; call 0xfffab430
mov eax, ebx
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb450a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
mov ebx, edx
sub esp, 0x2c
test ebx, ebx
setne al
cmp cx, 0x1ff
setbe bl
mov dword [ebp - 0x2c], edx
mov edx, dword [ebp + 8]
mov word [ebp - 0x2e], cx
mov dword [ebp - 0x1c], 0x80000007
test al, bl
je loc_fffb45de  ; je 0xfffb45de
mov edi, edx
movzx edx, dx
add edx, ecx
cmp edx, 0x1ff
jg loc_fffb45de  ; jg 0xfffb45de
mov eax, dword [ebp - 0x2c]
add edi, eax
mov ebx, eax
mov eax, esi
movzx eax, al
mov word [ebp - 0x30], di
mov dword [ebp - 0x34], eax

loc_fffb4563:  ; not directly referenced
cmp word [ebp - 0x30], bx
je short loc_fffb45d7  ; je 0xfffb45d7
mov ecx, dword [ebp + 0xc]
mov dx, word [ebp - 0x2e]
sub edx, dword [ebp - 0x2c]
movzx ecx, byte [ecx]
add edx, ebx
mov eax, edx
shr ax, 8
cmp ax, cx
je short loc_fffb458c  ; je 0xfffb458c
mov edi, dword [ebp + 0xc]
mov byte [edi], al
mov al, 1
jmp short loc_fffb458e  ; jmp 0xfffb458e

loc_fffb458c:  ; not directly referenced
xor eax, eax

loc_fffb458e:  ; not directly referenced
dec al
movzx esi, dl
jne short loc_fffb45b3  ; jne 0xfffb45b3
mov eax, dword [ebp + 0xc]
cmp byte [eax], 1
push edx
lea edx, [ebp - 0x1c]
sbb eax, eax
push edx
and eax, 0xfffffffe
push 0
add eax, 0x6e
push eax
call fcn_fffab4b3  ; call 0xfffab4b3
add esp, 0x10

loc_fffb45b3:  ; not directly referenced
shl esi, 8
mov edi, ebx
push eax
inc ebx
or esi, dword [ebp - 0x34]
push eax
lea eax, [ebp - 0x1c]
push eax
push esi
call fcn_fffab48f  ; call 0xfffab48f
add esp, 0x10
mov byte [ebx - 1], al
cmp dword [ebp - 0x1c], 0
je short loc_fffb4563  ; je 0xfffb4563
mov byte [edi], 0

loc_fffb45d7:  ; not directly referenced
mov dword [ebp - 0x1c], 0

loc_fffb45de:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb45e9:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34
mov esi, dword [ebp + 0x10]
movzx eax, byte [ebp + 0xc]
lea edi, [ebp - 0x19]
push edi
push 1
lea edx, [esi + 2]
mov byte [ebp - 0x19], 0xff
mov dword [ebp - 0x30], eax
call fcn_fffb450a  ; call 0xfffb450a
add esp, 0x10
mov esi, eax
test eax, eax
jne short loc_fffb467d  ; jne 0xfffb467d
mov eax, dword [ebp + 0x18]
xor edx, edx
mov ecx, dword [ebp + 8]
mov dword [ebp - 0x2c], 1
mov ebx, dword [ebp + 0x14]
shl dword [ebp - 0x2c], cl
mov ecx, 5
div ecx
lea eax, [eax + eax*4]
add eax, ebx
mov dword [ebp - 0x34], eax

loc_fffb4640:  ; not directly referenced
cmp ebx, dword [ebp - 0x34]
je short loc_fffb467d  ; je 0xfffb467d
movzx eax, byte [ebx + 4]
test dword [ebp - 0x2c], eax
je short loc_fffb4678  ; je 0xfffb4678
push eax
mov edx, dword [ebp + 0x10]
push eax
movzx ecx, word [ebx]
push edi
mov ax, word [ebx + 2]
add edx, ecx
inc eax
sub ax, word [ebx]
movzx eax, ax
push eax
mov eax, dword [ebp - 0x30]
call fcn_fffb450a  ; call 0xfffb450a
add esp, 0x10
test eax, eax
je short loc_fffb4678  ; je 0xfffb4678
mov esi, eax
jmp short loc_fffb467d  ; jmp 0xfffb467d

loc_fffb4678:  ; not directly referenced
add ebx, 5
jmp short loc_fffb4640  ; jmp 0xfffb4640

loc_fffb467d:  ; not directly referenced
test esi, esi
sete al
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb468a:
mov eax, dword [0xff7d0084]
push ebp
mov ebp, esp
push ebx
mov eax, dword [eax + 0x14]
add eax, 0xf8002
push eax
call fcn_fffb3d06  ; call 0xfffb3d06
mov ecx, eax
mov edx, eax
and cl, 0x7d
pop eax
mov eax, 1
cmp cx, 0x8c44
je loc_fffb47e4  ; je 0xfffb47e4
cmp dx, 0x8c4c
sete bl
cmp dx, 0x8c4a
sete cl
or bl, cl
jne loc_fffb47e4  ; jne 0xfffb47e4
cmp dx, 0x8c50
sete bl
cmp dx, 0x8c4e
sete cl
or bl, cl
jne loc_fffb47e4  ; jne 0xfffb47e4
cmp dx, 0x8c42
sete bl
cmp dx, 0x8c5c
sete cl
or bl, cl
jne loc_fffb47e4  ; jne 0xfffb47e4
cmp dx, 0x8c4f
sete bl
cmp dx, 0x8c49
sete cl
or bl, cl
jne loc_fffb47e4  ; jne 0xfffb47e4
cmp dx, 0x8c41
sete bl
cmp dx, 0x8c4b
sete cl
or bl, cl
jne loc_fffb47e4  ; jne 0xfffb47e4
cmp dx, 0x8c58
je loc_fffb47e4  ; je 0xfffb47e4
cmp dx, 0x8c54
sete bl
cmp dx, 0x8c52
sete cl
or bl, cl
jne loc_fffb47e4  ; jne 0xfffb47e4
cmp dx, 0x8c56
je loc_fffb47e4  ; je 0xfffb47e4
lea ecx, [edx + 0x63bf]
cmp cx, 6
jbe short loc_fffb47e4  ; jbe 0xfffb47e4
cmp dx, 0x8cc5
sete bl
cmp dx, 0x8cc3
sete cl
or bl, cl
jne short loc_fffb47e4  ; jne 0xfffb47e4
lea ecx, [edx + 0x733f]
cmp cx, 1
jbe short loc_fffb47e4  ; jbe 0xfffb47e4
lea eax, [edx + 0x633f]
cmp ax, 2
mov eax, 2
setbe bl
cmp dx, 0x9cc5
sete cl
or bl, cl
jne short loc_fffb47e4  ; jne 0xfffb47e4
lea ecx, [edx + 0x633a]
cmp cx, 1
setbe bl
cmp dx, 0x9cc9
sete cl
or bl, cl
jne short loc_fffb47e4  ; jne 0xfffb47e4
cmp dx, 0x9cc8
sete bl
cmp dx, 0x9cc4
sete cl
or bl, cl
jne short loc_fffb47e4  ; jne 0xfffb47e4
add dx, 0x6336
cmp dx, 2
sbb eax, eax
add eax, 3

loc_fffb47e4:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb47e9:
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 8]
push ebx
mov ebx, dword [ebp + 0xc]
call fcn_fffb3d58  ; call 0xfffb3d58
mov ecx, esi
movzx esi, cl
lea edx, [eax + esi]
mov al, bl
out dx, al
pop ebx
pop esi
pop ebp
ret

fcn_fffb4808:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
mov ebx, dword [ebp + 8]
call fcn_fffb3d58  ; call 0xfffb3d58
movzx ebx, bl
lea edx, [eax + ebx]
in al, dx
pop ebx
pop ebp
ret

fcn_fffb481e:
mov eax, dword [0xff7d0084]
push ebp
mov ebp, esp
push ebx
mov eax, dword [eax + 0x14]
add eax, 0xf8002
push eax
call fcn_fffb3d06  ; call 0xfffb3d06
mov ecx, eax
mov edx, eax
and cl, 0x7d
pop eax
mov eax, 1
cmp cx, 0x8c44
je loc_fffb497f  ; je 0xfffb497f
cmp dx, 0x8c4c
sete bl
cmp dx, 0x8c4a
sete cl
or bl, cl
jne loc_fffb497f  ; jne 0xfffb497f
cmp dx, 0x8c50
sete bl
cmp dx, 0x8c4e
sete cl
or bl, cl
jne loc_fffb497f  ; jne 0xfffb497f
cmp dx, 0x8c42
sete bl
cmp dx, 0x8c5c
sete cl
or bl, cl
jne loc_fffb497f  ; jne 0xfffb497f
cmp dx, 0x8c4f
sete bl
cmp dx, 0x8c49
sete cl
or bl, cl
jne loc_fffb497f  ; jne 0xfffb497f
cmp dx, 0x8c41
sete bl
cmp dx, 0x8c4b
sete cl
or bl, cl
jne loc_fffb497f  ; jne 0xfffb497f
cmp dx, 0x8c58
je loc_fffb497f  ; je 0xfffb497f
cmp dx, 0x8c54
sete bl
cmp dx, 0x8c52
sete cl
or bl, cl
jne loc_fffb497f  ; jne 0xfffb497f
cmp dx, 0x8c56
je loc_fffb497f  ; je 0xfffb497f
cmp dx, 0x8cc5
sete bl
cmp dx, 0x8cc3
sete cl
or bl, cl
jne short loc_fffb497f  ; jne 0xfffb497f
lea eax, [edx + 0x733f]
cmp ax, 1
jbe short loc_fffb497a  ; jbe 0xfffb497a
lea ecx, [edx + 0x63bf]
mov eax, 2
cmp cx, 6
jbe short loc_fffb497f  ; jbe 0xfffb497f
lea ecx, [edx + 0x633f]
cmp cx, 2
setbe bl
cmp dx, 0x9cc5
sete cl
or bl, cl
jne short loc_fffb497f  ; jne 0xfffb497f
lea ecx, [edx + 0x633a]
cmp cx, 1
setbe bl
cmp dx, 0x9cc9
sete cl
or bl, cl
jne short loc_fffb497f  ; jne 0xfffb497f
cmp dx, 0x9cc8
sete bl
cmp dx, 0x9cc4
sete cl
or bl, cl
jne short loc_fffb497f  ; jne 0xfffb497f
add dx, 0x6336
cmp dx, 2
sbb eax, eax
add eax, 3
jmp short loc_fffb497f  ; jmp 0xfffb497f

loc_fffb497a:
mov eax, 1

loc_fffb497f:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb4984:
push ebp
mov ebp, esp
call fcn_fffb481e  ; call 0xfffb481e
cmp eax, 1
je short loc_fffb499d  ; je 0xfffb499d
xor edx, edx
cmp eax, 2
mov al, 6
cmove edx, eax
jmp short loc_fffb499f  ; jmp 0xfffb499f

loc_fffb499d:
mov dl, 8

loc_fffb499f:
mov al, dl
pop ebp
ret

fcn_fffb49a3:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov eax, dword [0xff7d0084]
mov eax, dword [eax + 0x14]
add eax, 0xf8040
push eax
call fcn_fffb3d06  ; call 0xfffb3d06
mov esi, eax
and esi, 0xfffc
push eax
add esi, 8
push eax
push esi
call fcn_fffaafc2  ; call 0xfffaafc2
mov ecx, 0x64
xor edx, edx
add esp, 0x10
mov ebx, eax
imul eax, dword [ebp + 8], 0x166
and ebx, 0xffffff
div ecx
lea edi, [ebx + eax + 1]
mov ecx, edi
and edi, 0xffffff
shr ecx, 0x18

loc_fffb49fc:  ; not directly referenced
test ecx, ecx
setne dl
cmp edi, ebx
seta al
or al, dl
je short loc_fffb4a34  ; je 0xfffb4a34
sub esp, 0xc
push esi
mov dword [ebp - 0x20], edx
mov dword [ebp - 0x1c], ecx
call fcn_fffaafc2  ; call 0xfffaafc2
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
mov edx, dword [ebp - 0x20]
and eax, 0xffffff
cmp eax, ebx
jae short loc_fffb4a30  ; jae 0xfffb4a30
test dl, dl
je short loc_fffb4a34  ; je 0xfffb4a34
dec ecx

loc_fffb4a30:  ; not directly referenced
mov ebx, eax
jmp short loc_fffb49fc  ; jmp 0xfffb49fc

loc_fffb4a34:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb4a3c:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov eax, dword [ebp + 0x10]
test eax, eax
je short loc_fffb4a55  ; je 0xfffb4a55
sub esp, 0xc
push eax
call fcn_fffb49a3  ; call 0xfffb49a3
add esp, 0x10

loc_fffb4a55:  ; not directly referenced
xor eax, eax
leave
ret

fcn_fffb4a59:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, 1
sub esp, 0x38
mov eax, dword [ebp + 8]
lea esi, [eax - 8]
mov edi, dword [esi + 0x10]
lea eax, [edi + 2]
push eax
call fcn_fffb3d06  ; call 0xfffb3d06
add esp, 0x10
mov edx, eax
and dl, 0x7d
cmp dx, 0x8c44
je loc_fffb4ba6  ; je 0xfffb4ba6
cmp ax, 0x8c4c
sete cl
cmp ax, 0x8c4a
sete dl
or cl, dl
jne loc_fffb4ba6  ; jne 0xfffb4ba6
cmp ax, 0x8c50
sete cl
cmp ax, 0x8c4e
sete dl
or cl, dl
jne loc_fffb4ba6  ; jne 0xfffb4ba6
cmp ax, 0x8c42
sete cl
cmp ax, 0x8c5c
sete dl
or cl, dl
jne loc_fffb4ba6  ; jne 0xfffb4ba6
cmp ax, 0x8c4f
sete cl
cmp ax, 0x8c49
sete dl
or cl, dl
jne loc_fffb4ba6  ; jne 0xfffb4ba6
cmp ax, 0x8c41
sete cl
cmp ax, 0x8c4b
sete dl
or cl, dl
jne loc_fffb4ba6  ; jne 0xfffb4ba6
cmp ax, 0x8c58
je loc_fffb4ba6  ; je 0xfffb4ba6
cmp ax, 0x8c54
sete cl
cmp ax, 0x8c52
sete dl
or cl, dl
jne loc_fffb4ba6  ; jne 0xfffb4ba6
cmp ax, 0x8c56
je loc_fffb4ba6  ; je 0xfffb4ba6
cmp ax, 0x8cc5
sete cl
cmp ax, 0x8cc3
sete dl
or cl, dl
jne short loc_fffb4ba6  ; jne 0xfffb4ba6
lea edx, [eax + 0x733f]
cmp dx, 1
jbe short loc_fffb4ba1  ; jbe 0xfffb4ba1
lea edx, [eax + 0x63bf]
mov bl, 2
cmp dx, 6
jbe short loc_fffb4ba6  ; jbe 0xfffb4ba6
lea edx, [eax + 0x633f]
cmp dx, 2
setbe cl
cmp ax, 0x9cc5
sete dl
or cl, dl
jne short loc_fffb4ba6  ; jne 0xfffb4ba6
lea edx, [eax + 0x633a]
cmp dx, 1
setbe cl
cmp ax, 0x9cc9
sete dl
or cl, dl
jne short loc_fffb4ba6  ; jne 0xfffb4ba6
cmp ax, 0x9cc8
sete cl
cmp ax, 0x9cc4
sete dl
or cl, dl
jne short loc_fffb4ba6  ; jne 0xfffb4ba6
add ax, 0x6336
cmp ax, 2
sbb ebx, ebx
add ebx, 3
jmp short loc_fffb4ba6  ; jmp 0xfffb4ba6

loc_fffb4ba1:  ; not directly referenced
mov ebx, 1

loc_fffb4ba6:  ; not directly referenced
mov eax, dword [esi + 0xc]
sub esp, 0xc
mov dword [ebp - 0x2c], eax
lea eax, [edi + 0x40]
push eax
call fcn_fffb3d06  ; call 0xfffb3d06
mov esi, eax
lea eax, [edi + 0x48]
mov dword [esp], eax
call fcn_fffb3d06  ; call 0xfffb3d06
add esp, 0x10
cmp dword [ebp + 0xc], 5
ja loc_fffb4e16  ; ja 0xfffb4e16
mov edx, dword [ebp + 0xc]
jmp dword [edx*4 + ref_fffd3f10]  ; ujmp: jmp dword [edx*4 - 0x2c0f0]

loc_fffb4bdc:  ; not directly referenced
mov edx, 0xcf9
xor eax, eax
out dx, al
mov bl, 4
jmp near loc_fffb4d98  ; jmp 0xfffb4d98

loc_fffb4beb:  ; not directly referenced
mov edx, 0xcf9
mov al, 2
out dx, al
mov bl, 6
jmp near loc_fffb4d98  ; jmp 0xfffb4d98

loc_fffb4bfa:  ; not directly referenced
and esi, 0xfffffffc
mov al, byte [edi + 0x44]
or eax, 0xffffff80
mov byte [edi + 0x44], al
cmp ebx, 2
movzx esi, si
jne short loc_fffb4c20  ; jne 0xfffb4c20
push eax
push eax
push 0
lea eax, [esi + 0x9c]
push eax
call fcn_fffaafda  ; call 0xfffaafda
jmp short loc_fffb4c3d  ; jmp 0xfffb4c3d

loc_fffb4c20:  ; not directly referenced
dec ebx
jne short loc_fffb4c40  ; jne 0xfffb4c40
push ecx
push ecx
push 0
lea eax, [esi + 0x28]
push eax
call fcn_fffb3f28  ; call 0xfffb3f28
lea eax, [esi + 0x2c]
pop ebx
pop edi
push 0
push eax
call fcn_fffb3f28  ; call 0xfffb3f28

loc_fffb4c3d:  ; not directly referenced
add esp, 0x10

loc_fffb4c40:  ; not directly referenced
push ecx
push ecx
push 0x100
lea eax, [esi + 0x34]
add esi, 4
push eax
call fcn_fffb3f28  ; call 0xfffb3f28
mov dword [esp], esi
call fcn_fffaafc2  ; call 0xfffaafc2
pop edi
mov ebx, eax
and bh, 0xc3
pop eax
mov eax, ebx
or ah, 0x1c
or bh, 0x3c
push eax
push esi
call fcn_fffaafda  ; call 0xfffaafda
pop eax
pop edx
push ebx
push esi
call fcn_fffaafda  ; call 0xfffaafda
add esp, 0x10
xor ecx, ecx
jmp near loc_fffb4e1b  ; jmp 0xfffb4e1b

loc_fffb4c84:  ; not directly referenced
mov esi, eax
push edx
and esi, 0xfffc
push edx
push 0
lea eax, [esi + 0x60]
push eax
mov dword [ebp - 0x30], eax
call fcn_fffaafda  ; call 0xfffaafda
pop ecx
pop eax
lea eax, [esi + 0x64]
push 0
push eax
call fcn_fffaafda  ; call 0xfffaafda
pop eax
pop edx
lea eax, [esi + 0x68]
push 0
push eax
call fcn_fffaafda  ; call 0xfffaafda
mov eax, dword [ebp + 0xc]
add esp, 0x10
sub eax, 4
cmp eax, 1
ja loc_fffb4d96  ; ja 0xfffb4d96
sub esp, 0xc
add edi, 0xac
push edi
call fcn_fffb3d4e  ; call 0xfffb3d4e
pop edx
pop ecx
or eax, 0x100000
push eax
push edi
call fcn_fffb3d84  ; call 0xfffb3d84
add esp, 0x10
cmp dword [ebp + 0xc], 5
jne loc_fffb4d96  ; jne 0xfffb4d96
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
add eax, 0x332c
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
test al, 3
jne loc_fffb4d96  ; jne 0xfffb4d96
mov eax, dword [ebp - 0x2c]
sub esp, 0xc
add eax, 0x3330
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
test ah, 0xc0
jne short loc_fffb4d96  ; jne 0xfffb4d96
cmp ebx, 1
jne short loc_fffb4d55  ; jne 0xfffb4d55
push eax
push eax
push 0x40000000
push esi
call fcn_fffab629  ; call 0xfffab629
pop eax
pop edx
lea eax, [esi + 4]
add esi, 0xc
push 0xbfffffff
push eax
call fcn_fffab64e  ; call 0xfffab64e
pop ecx
pop ebx
push 0xbfffffff
jmp short loc_fffb4d7b  ; jmp 0xfffb4d7b

loc_fffb4d55:  ; not directly referenced
cmp ebx, 2
jne short loc_fffb4d84  ; jne 0xfffb4d84
push edx
add esi, 0x1f0
push edx
push 1
push esi
call fcn_fffab629  ; call 0xfffab629
pop ecx
pop ebx
push 0xfffffffffffffffb
push esi
call fcn_fffab64e  ; call 0xfffab64e
pop edi
pop eax
push 0x7fffffff

loc_fffb4d7b:  ; not directly referenced
push esi
call fcn_fffab64e  ; call 0xfffab64e
add esp, 0x10

loc_fffb4d84:  ; not directly referenced
push eax
push eax
push 0x40000000
push dword [ebp - 0x30]
call fcn_fffab629  ; call 0xfffab629
add esp, 0x10

loc_fffb4d96:  ; not directly referenced
mov bl, 0xe

loc_fffb4d98:  ; not directly referenced
mov eax, dword [ebp + 0xc]
sub eax, 4
cmp eax, 1
jbe short loc_fffb4daa  ; jbe 0xfffb4daa

loc_fffb4da3:  ; not directly referenced
xor esi, esi
lea edi, [ebp - 0x1c]
jmp short loc_fffb4dc8  ; jmp 0xfffb4dc8

loc_fffb4daa:  ; not directly referenced
push 0
push 0
push 0
push ref_fffd65b0  ; push 0xfffd65b0
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x10
test eax, eax
jne short loc_fffb4da3  ; jne 0xfffb4da3
mov ecx, 0x80000003
jmp short loc_fffb4e1b  ; jmp 0xfffb4e1b

loc_fffb4dc8:  ; not directly referenced
push edi
push 0
push esi
push ref_fffd663c  ; push 0xfffd663c
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x10
mov edx, eax
test eax, eax
jne short loc_fffb4df3  ; jne 0xfffb4df3
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp - 0x1c]
sub esp, 0xc
push dword [ebp + 0xc]
call dword [eax]  ; ucall
mov edx, dword [ebp - 0x2c]
add esp, 0x10

loc_fffb4df3:  ; not directly referenced
inc esi
cmp edx, 0x8000000e
jne short loc_fffb4dc8  ; jne 0xfffb4dc8
xor ecx, ecx
mov edx, 0xcf9
mov al, bl
out dx, al
mov dword [ebp - 0x1c], 0

loc_fffb4e0d:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
test eax, eax
je short loc_fffb4e0d  ; je 0xfffb4e0d
jmp short loc_fffb4e1b  ; jmp 0xfffb4e1b

loc_fffb4e16:  ; not directly referenced
mov ecx, 0x80000002

loc_fffb4e1b:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb4e25:  ; not directly referenced
push ebp
mov al, 1
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x2c
lea esi, [ebp - 0x28]
lea edi, [ebp - 0x20]

loc_fffb4e38:  ; not directly referenced
cmp dword [ebp + 8], 1
je short loc_fffb4e63  ; je 0xfffb4e63
cmp dword [ebp + 8], 2
jne short loc_fffb4e8d  ; jne 0xfffb4e8d
mov ecx, 0x150
rdmsr
mov dword [ebp - 0x28], eax
push eax
push 8
push esi
push edi
mov dword [ebp - 0x24], edx
call fcn_fffab101  ; call 0xfffab101
mov al, byte [ebp - 0x19]
shr al, 7
jmp short loc_fffb4e8a  ; jmp 0xfffb4e8a

loc_fffb4e63:  ; not directly referenced
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 0x48
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
and eax, 0xfffffffe
add eax, 0x5da4
mov dword [esp], eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
shr eax, 0x1f

loc_fffb4e8a:  ; not directly referenced
add esp, 0x10

loc_fffb4e8d:  ; not directly referenced
sub esp, 0xc
inc ebx
push 1
mov dword [ebp - 0x2c], eax
call fcn_fffb49a3  ; call 0xfffb49a3
mov eax, dword [ebp - 0x2c]
add esp, 0x10
mov dl, al
and edx, 1
cmp bx, 0x3e7
setbe cl
test dl, cl
jne short loc_fffb4e38  ; jne 0xfffb4e38
cmp bx, 0x3e8
sete al
and eax, edx
shl eax, 0x1f
lea esp, [ebp - 0xc]
sar eax, 0x1f
pop ebx
and eax, 0x80000012
pop esi
pop edi
pop ebp
ret

fcn_fffb4ecf:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x38
mov edi, dword [ebp + 8]
push edi
call fcn_fffb4e25  ; call 0xfffb4e25
add esp, 0x10
mov ebx, eax
test eax, eax
js loc_fffb505b  ; js 0xfffb505b
cmp edi, 1
je short loc_fffb4f01  ; je 0xfffb4f01
cmp edi, 2
je loc_fffb4fa4  ; je 0xfffb4fa4
jmp near loc_fffb505f  ; jmp 0xfffb505f

loc_fffb4f01:  ; not directly referenced
mov eax, dword [ebp + 0xc]
sub esp, 0xc
mov dword [ebp - 0x20], eax
mov eax, dword [0xff7d0084]
or byte [ebp - 0x1d], 0x80
mov eax, dword [eax + 0x14]
add eax, 0x48
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov edi, eax
pop eax
and edi, 0xfffffffe
pop edx
push dword [ebp - 0x20]
lea esi, [edi + 0x5da4]
add edi, 0x5da0
push esi
call fcn_fffb3d84  ; call 0xfffb3d84
mov dword [esp], 1
call fcn_fffb4e25  ; call 0xfffb4e25
mov dword [esp], esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [esp], edi
mov dword [ebp - 0x20], eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [esp], 0xa
mov dword [ebp - 0x1c], eax
call fcn_fffb49a3  ; call 0xfffb49a3
mov dword [esp], esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [esp], edi
mov esi, eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov edx, dword [ebp - 0x20]
add esp, 0x10
cmp edx, esi
je short loc_fffb4f94  ; je 0xfffb4f94
cmp dword [ebp - 0x1c], eax
je short loc_fffb4f94  ; je 0xfffb4f94

loc_fffb4f8a:  ; not directly referenced
mov eax, 0x80000002
jmp near loc_fffb5064  ; jmp 0xfffb5064

loc_fffb4f94:  ; not directly referenced
mov eax, dword [ebp + 0x14]
mov dword [eax], edx
lea eax, [ebp - 0x1c]
push ecx
push 4
jmp near loc_fffb504f  ; jmp 0xfffb504f

loc_fffb4fa4:  ; not directly referenced
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0x10]
mov eax, dword [eax]
push edx
push 8
or byte [ebp - 0x21], 0x80
mov dword [ebp - 0x28], eax
lea eax, [ebp - 0x28]
push eax
lea eax, [ebp - 0x30]
push eax
call fcn_fffab101  ; call 0xfffab101
mov eax, dword [ebp - 0x30]
mov ecx, 0x150
mov edx, dword [ebp - 0x2c]
wrmsr
mov dword [esp], 2
call fcn_fffb4e25  ; call 0xfffb4e25
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x28]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffab101  ; call 0xfffab101
mov dword [esp], 0xa
call fcn_fffb49a3  ; call 0xfffb49a3
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x20]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffab101  ; call 0xfffab101
mov eax, dword [ebp - 0x1c]
add esp, 0x10
cmp dword [ebp - 0x24], eax
je short loc_fffb5040  ; je 0xfffb5040
mov eax, dword [ebp - 0x20]
cmp dword [ebp - 0x28], eax
jne loc_fffb4f8a  ; jne 0xfffb4f8a

loc_fffb5040:  ; not directly referenced
movzx eax, byte [ebp - 0x24]
mov edx, dword [ebp + 0x14]
mov dword [edx], eax
push eax
push 4
lea eax, [ebp - 0x28]

loc_fffb504f:  ; not directly referenced
push eax
push dword [ebp + 0x10]
call fcn_fffab101  ; call 0xfffab101
add esp, 0x10

loc_fffb505b:  ; not directly referenced
mov eax, ebx
jmp short loc_fffb5064  ; jmp 0xfffb5064

loc_fffb505f:  ; not directly referenced
mov eax, 0x80000003

loc_fffb5064:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb506c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x48
mov esi, dword [ebp + 8]
push esi
call fcn_fffb4e25  ; call 0xfffb4e25
add esp, 0x10
mov ebx, eax
test eax, eax
js loc_fffb51e8  ; js 0xfffb51e8
cmp esi, 1
je short loc_fffb509e  ; je 0xfffb509e
cmp esi, 2
je loc_fffb5145  ; je 0xfffb5145
jmp near loc_fffb51ec  ; jmp 0xfffb51ec

loc_fffb509e:  ; not directly referenced
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov eax, dword [eax + 0x14]
add eax, 0x48
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
pop edx
pop ecx
push dword [ebp + 0x10]
mov esi, eax
and esi, 0xfffffffe
lea edi, [esi + 0x5da0]
add esi, 0x5da4
push edi
call fcn_fffb3d84  ; call 0xfffb3d84
mov eax, dword [ebp + 0xc]
pop edx
pop ecx
or eax, 0x80000000
push eax
push esi
call fcn_fffb3d84  ; call 0xfffb3d84
mov dword [esp], 1
call fcn_fffb4e25  ; call 0xfffb4e25
mov dword [esp], esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [esp], edi
mov dword [ebp - 0x40], eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [esp], 0xa
mov dword [ebp - 0x3c], eax
call fcn_fffb49a3  ; call 0xfffb49a3
mov dword [esp], esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [esp], edi
mov esi, eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov ecx, dword [ebp - 0x40]
add esp, 0x10
cmp ecx, esi
je short loc_fffb5138  ; je 0xfffb5138
cmp dword [ebp - 0x3c], eax
je short loc_fffb5138  ; je 0xfffb5138

loc_fffb512e:  ; not directly referenced
mov eax, 0x80000002
jmp near loc_fffb51f1  ; jmp 0xfffb51f1

loc_fffb5138:  ; not directly referenced
mov eax, dword [ebp + 0x14]
movzx ecx, cl
mov dword [eax], ecx
jmp near loc_fffb51e8  ; jmp 0xfffb51e8

loc_fffb5145:  ; not directly referenced
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 0x10]
or byte [ebp - 0x21], 0x80
mov dword [ebp - 0x28], eax
push eax
push 8
lea eax, [ebp - 0x28]
push eax
lea eax, [ebp - 0x30]
push eax
call fcn_fffab101  ; call 0xfffab101
mov eax, dword [ebp - 0x30]
mov ecx, 0x150
mov edx, dword [ebp - 0x2c]
wrmsr
mov dword [esp], 2
call fcn_fffb4e25  ; call 0xfffb4e25
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x28]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffab101  ; call 0xfffab101
mov dword [esp], 0xa
call fcn_fffb49a3  ; call 0xfffb49a3
mov ecx, 0x150
rdmsr
add esp, 0xc
push 8
mov dword [ebp - 0x30], eax
lea eax, [ebp - 0x30]
push eax
lea eax, [ebp - 0x20]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffab101  ; call 0xfffab101
mov eax, dword [ebp - 0x1c]
add esp, 0x10
cmp dword [ebp - 0x24], eax
je short loc_fffb51df  ; je 0xfffb51df
mov eax, dword [ebp - 0x20]
cmp dword [ebp - 0x28], eax
jne loc_fffb512e  ; jne 0xfffb512e

loc_fffb51df:  ; not directly referenced
movzx eax, byte [ebp - 0x24]
mov edx, dword [ebp + 0x14]
mov dword [edx], eax

loc_fffb51e8:  ; not directly referenced
mov eax, ebx
jmp short loc_fffb51f1  ; jmp 0xfffb51f1

loc_fffb51ec:  ; not directly referenced
mov eax, 0x80000003

loc_fffb51f1:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb51f9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov bl, byte [ebp + 0xc]
mov al, byte [ebp + 0x18]
mov edi, dword [ebp + 0x1c]
and ebx, 0x7f
cmp dword [ebp + 0x14], 1
mov byte [ebp - 0x1f], al
jbe short loc_fffb5230  ; jbe 0xfffb5230
test edi, edi
mov esi, 0x80000002
sete dl
cmp dword [ebp + 0x20], 0
sete al
or dl, al
jne loc_fffb5793  ; jne 0xfffb5793

loc_fffb5230:  ; not directly referenced
sub esp, 0xc
mov esi, 0x80000012
push 0
call fcn_fffb4808  ; call 0xfffb4808
add esp, 0x10
test al, 0x40
jne loc_fffb5793  ; jne 0xfffb5793
test al, 1
je short loc_fffb5264  ; je 0xfffb5264
push edi
push edi
push 0xff
push 0
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10
jmp near loc_fffb5793  ; jmp 0xfffb5793

loc_fffb5264:  ; not directly referenced
push esi
movzx eax, al
push esi
push eax
push 0
call fcn_fffb47e9  ; call 0xfffb47e9
lea eax, [ebx + ebx + 1]
add esp, 0x10
mov byte [ebp - 0x1c], al
dec eax
mov byte [ebp - 0x1d], al
mov eax, dword [ebp + 0x14]
mov dword [ebp - 0x24], 3
mov byte [ebp - 0x1e], 0
and eax, 0xfffffffd
mov dword [ebp - 0x2c], eax

loc_fffb5293:  ; not directly referenced
mov al, byte [ebp + 0x10]
cmp dword [ebp + 0x14], 0xb
mov byte [ebp - 0x20], al
ja loc_fffb5454  ; ja 0xfffb5454
mov eax, dword [ebp + 0x14]
jmp dword [eax*4 + ref_fffd3f28]  ; ujmp: jmp dword [eax*4 - 0x2c0d8]

loc_fffb52ad:  ; not directly referenced
mov dl, byte [ebp - 0x1d]
jmp short loc_fffb52b5  ; jmp 0xfffb52b5

loc_fffb52b2:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb52b5:  ; not directly referenced
cmp byte [ebp - 0x1f], 1
je loc_fffb5446  ; je 0xfffb5446
xor esi, esi
jmp near loc_fffb5440  ; jmp 0xfffb5440

loc_fffb52c6:  ; not directly referenced
mov eax, dword [ebp + 0x20]
mov dl, byte [ebp - 0x1d]
mov al, byte [eax]
mov byte [ebp - 0x20], al
jmp short loc_fffb52d6  ; jmp 0xfffb52d6

loc_fffb52d3:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb52d6:  ; not directly referenced
cmp dword [edi], 1
mov esi, 4
mov dword [edi], 1
sbb ebx, ebx
and ebx, 0x80000005
jmp near loc_fffb5409  ; jmp 0xfffb5409

loc_fffb52f1:  ; not directly referenced
mov eax, dword [ebp + 0x20]
push ecx
push ecx
movzx eax, byte [eax]
push eax
push 5
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10
mov dl, byte [ebp - 0x1d]
mov dword [edi], 1
jmp short loc_fffb5312  ; jmp 0xfffb5312

loc_fffb530f:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb5312:  ; not directly referenced
mov eax, dword [edi]
test eax, eax
je loc_fffb554f  ; je 0xfffb554f
cmp eax, 1
je loc_fffb543b  ; je 0xfffb543b
cmp eax, 0x100
ja loc_fffb5454  ; ja 0xfffb5454
cmp byte [ebp - 0x1f], 1
je loc_fffb5446  ; je 0xfffb5446
mov esi, 0x18
jmp near loc_fffb5440  ; jmp 0xfffb5440

loc_fffb5344:  ; not directly referenced
cmp dword [edi], 2
mov dl, byte [ebp - 0x1c]
mov dword [edi], 2
sbb ebx, ebx
and ebx, 0x80000005
jmp short loc_fffb5392  ; jmp 0xfffb5392

loc_fffb535a:  ; not directly referenced
push eax
push eax
mov eax, dword [ebp + 0x20]
movzx eax, byte [eax + 1]
push eax
push 6
call fcn_fffb47e9  ; call 0xfffb47e9
pop eax
mov eax, dword [ebp + 0x20]
pop edx
movzx eax, byte [eax]
push eax
push 5
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10
mov dl, byte [ebp - 0x1d]
cmp dword [edi], 2
mov dword [edi], 2
sbb ebx, ebx
and ebx, 0x80000005

loc_fffb5392:  ; not directly referenced
mov esi, 0xc
jmp short loc_fffb5409  ; jmp 0xfffb5409

loc_fffb5399:  ; not directly referenced
push eax
push eax
movzx eax, byte [edi]
push eax
push 5
call fcn_fffb47e9  ; call 0xfffb47e9
mov al, byte [edi]
add esp, 0x10
mov dl, byte [ebp - 0x1d]
mov byte [ebp - 0x1e], al
jmp short loc_fffb53b6  ; jmp 0xfffb53b6

loc_fffb53b3:  ; not directly referenced
mov dl, byte [ebp - 0x1c]

loc_fffb53b6:  ; not directly referenced
mov eax, dword [edi]
dec eax
cmp eax, 0x1f
ja loc_fffb5454  ; ja 0xfffb5454
mov esi, 0x14
jmp near loc_fffb5450  ; jmp 0xfffb5450

loc_fffb53cc:  ; not directly referenced
mov eax, dword [ebp + 0x20]
push ebx
push ebx
movzx eax, byte [eax + 1]
push eax
push 6
call fcn_fffb47e9  ; call 0xfffb47e9
pop esi
mov esi, 0x10
pop eax
mov eax, dword [ebp + 0x20]
movzx eax, byte [eax]
push eax
push 5
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10
mov dl, byte [ebp - 0x1c]
cmp dword [edi], 2
mov dword [edi], 2
sbb ebx, ebx
and ebx, 0x80000005

loc_fffb5409:  ; not directly referenced
xor eax, eax
test ebx, ebx
jns short loc_fffb545e  ; jns 0xfffb545e
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb5414:  ; not directly referenced
mov eax, dword [edi]
dec eax
cmp eax, 0x1f
ja short loc_fffb5454  ; ja 0xfffb5454
push ecx
mov esi, 0x1c
push ecx
movzx eax, byte [edi]
push eax
push 5
call fcn_fffb47e9  ; call 0xfffb47e9
mov al, byte [edi]
add esp, 0x10
mov dl, byte [ebp - 0x1c]
mov byte [ebp - 0x1e], al
jmp short loc_fffb5450  ; jmp 0xfffb5450

loc_fffb543b:  ; not directly referenced
mov esi, 8

loc_fffb5440:  ; not directly referenced
xor eax, eax

loc_fffb5442:  ; not directly referenced
xor ebx, ebx
jmp short loc_fffb545e  ; jmp 0xfffb545e

loc_fffb5446:  ; not directly referenced
mov ebx, 0x80000003
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb5450:  ; not directly referenced
mov al, 2
jmp short loc_fffb5442  ; jmp 0xfffb5442

loc_fffb5454:  ; not directly referenced
mov ebx, 0x80000002
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb545e:  ; not directly referenced
mov cl, al
or ecx, 1
cmp byte [ebp - 0x1f], 1
mov dword [ebp - 0x28], edx
push edx
cmove eax, ecx
push edx
movzx eax, al
push eax
push 0xd
call fcn_fffb47e9  ; call 0xfffb47e9
mov dword [esp], 2
call fcn_fffb4808  ; call 0xfffb4808
add esp, 0x10
mov edx, dword [ebp - 0x28]
cmp dword [ebp - 0x2c], 9
je short loc_fffb54ae  ; je 0xfffb54ae

loc_fffb5492:  ; not directly referenced
push ecx
movzx edx, dl
push ecx
push edx
push 4
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10
movzx eax, byte [ebp - 0x20]
cmp dword [ebp + 0x14], 4
jne short loc_fffb54eb  ; jne 0xfffb54eb
jmp short loc_fffb54df  ; jmp 0xfffb54df

loc_fffb54ae:  ; not directly referenced
movzx ecx, byte [ebp - 0x1e]
xor eax, eax
mov dword [ebp - 0x28], ecx

loc_fffb54b7:  ; not directly referenced
cmp eax, dword [ebp - 0x28]
jae short loc_fffb5492  ; jae 0xfffb5492
mov ecx, dword [ebp + 0x20]
mov dword [ebp - 0x34], edx
push edx
push edx
movzx ecx, byte [ecx + eax]
mov dword [ebp - 0x30], eax
push ecx
push 7
call fcn_fffb47e9  ; call 0xfffb47e9
mov eax, dword [ebp - 0x30]
add esp, 0x10
mov edx, dword [ebp - 0x34]
inc eax
jmp short loc_fffb54b7  ; jmp 0xfffb54b7

loc_fffb54df:  ; not directly referenced
cmp dword [edi], 1
jbe short loc_fffb54eb  ; jbe 0xfffb54eb
push ecx
push ecx
push eax
push 6
jmp short loc_fffb54f0  ; jmp 0xfffb54f0

loc_fffb54eb:  ; not directly referenced
push edx
push edx
push eax
push 3

loc_fffb54f0:  ; not directly referenced
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10
lea eax, [esi + 0x40]
mov esi, 0x186a0
movzx eax, al
push ecx
push ecx
push eax
push 2
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10

loc_fffb5510:  ; not directly referenced
sub esp, 0xc
push 0
call fcn_fffb4808  ; call 0xfffb4808
add esp, 0x10
test al, 0x8e
jne loc_fffb55fa  ; jne 0xfffb55fa
sub esp, 0xc
push 0xa
call fcn_fffb49a3  ; call 0xfffb49a3
add esp, 0x10
dec esi
jne short loc_fffb5510  ; jne 0xfffb5510
jmp near loc_fffb55f3  ; jmp 0xfffb55f3

loc_fffb553a:  ; not directly referenced
sub esp, 0xc
push 5
call fcn_fffb4808  ; call 0xfffb4808
add esp, 0x10
test al, al
jne loc_fffb5750  ; jne 0xfffb5750

loc_fffb554f:  ; not directly referenced
mov ebx, 0x80000005
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb5559:  ; not directly referenced
cmp dword [edi], 1
jbe loc_fffb56de  ; jbe 0xfffb56de
xor esi, esi

loc_fffb5564:  ; not directly referenced
cmp esi, dword [edi]
jae loc_fffb561b  ; jae 0xfffb561b
sub esp, 0xc
push 7
call fcn_fffb4808  ; call 0xfffb4808
mov ecx, dword [ebp + 0x20]
add esp, 0x10
mov byte [ecx + esi], al
mov eax, dword [edi]
lea edx, [eax - 2]
cmp esi, edx
jne loc_fffb56b9  ; jne 0xfffb56b9
sub esp, 0xc
push 2
call fcn_fffb4808  ; call 0xfffb4808
pop edx
pop ecx
or eax, 0x20
movzx eax, al

loc_fffb559e:  ; not directly referenced
push eax
push 2
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10

loc_fffb55a9:  ; not directly referenced
push eax
push eax
push 0x80
push 0
call fcn_fffb47e9  ; call 0xfffb47e9
mov eax, dword [edi]
add esp, 0x10
dec eax
cmp esi, eax
jae loc_fffb56d8  ; jae 0xfffb56d8
mov dword [ebp - 0x1c], 0x64

loc_fffb55cc:  ; not directly referenced
sub esp, 0xc
push 0
call fcn_fffb4808  ; call 0xfffb4808
add esp, 0x10
test al, al
js loc_fffb56d8  ; js 0xfffb56d8
sub esp, 0xc
push 0xa
call fcn_fffb49a3  ; call 0xfffb49a3
add esp, 0x10
dec dword [ebp - 0x1c]
jne short loc_fffb55cc  ; jne 0xfffb55cc

loc_fffb55f3:  ; not directly referenced
mov ebx, 0x80000012
jmp short loc_fffb561b  ; jmp 0xfffb561b

loc_fffb55fa:  ; not directly referenced
test al, 4
je short loc_fffb5649  ; je 0xfffb5649
sub esp, 0xc
push 0xc
call fcn_fffb4808  ; call 0xfffb4808
add esp, 0x10
and eax, 1
cmp al, 1
sbb ebx, ebx
and ebx, 0xffffffec
sub ebx, 0x7fffffe5

loc_fffb561b:  ; not directly referenced
push eax
push eax
push 0xff
push 0
call fcn_fffb47e9  ; call 0xfffb47e9
pop edx
pop ecx
push 1
push 0xc
call fcn_fffb47e9  ; call 0xfffb47e9
pop esi
mov esi, ebx
pop edi
push 0
push 0xd
call fcn_fffb47e9  ; call 0xfffb47e9
add esp, 0x10
jmp near loc_fffb5793  ; jmp 0xfffb5793

loc_fffb5649:  ; not directly referenced
test al, 8
je short loc_fffb568e  ; je 0xfffb568e
push ebx
push ebx
push 8
push 0
call fcn_fffb47e9  ; call 0xfffb47e9
pop esi
pop eax
push 0xff
push 0
call fcn_fffb47e9  ; call 0xfffb47e9
pop eax
pop edx
push 1
push 0xc
call fcn_fffb47e9  ; call 0xfffb47e9
mov dword [esp], 0xa
call fcn_fffb49a3  ; call 0xfffb49a3
add esp, 0x10
dec dword [ebp - 0x24]
je loc_fffb5789  ; je 0xfffb5789
jmp near loc_fffb5293  ; jmp 0xfffb5293

loc_fffb568e:  ; not directly referenced
mov eax, dword [ebp + 0x14]
sub eax, 2
cmp eax, 9
ja short loc_fffb561b  ; ja 0xfffb561b
jmp dword [eax*4 + ref_fffd3f58]  ; ujmp: jmp dword [eax*4 - 0x2c0a8]

loc_fffb56a0:  ; not directly referenced
sub esp, 0xc
push 6
call fcn_fffb4808  ; call 0xfffb4808
mov ecx, dword [ebp + 0x20]
mov byte [ecx + 1], al
mov dword [esp], 5
jmp short loc_fffb56e3  ; jmp 0xfffb56e3

loc_fffb56b9:  ; not directly referenced
dec eax
cmp esi, eax
jne loc_fffb55a9  ; jne 0xfffb55a9
sub esp, 0xc
push 2
call fcn_fffb4808  ; call 0xfffb4808
pop edx
pop ecx
and eax, 0xdf
jmp near loc_fffb559e  ; jmp 0xfffb559e

loc_fffb56d8:  ; not directly referenced
inc esi
jmp near loc_fffb5564  ; jmp 0xfffb5564

loc_fffb56de:  ; not directly referenced
sub esp, 0xc
push 5

loc_fffb56e3:  ; not directly referenced
call fcn_fffb4808  ; call 0xfffb4808
mov ecx, dword [ebp + 0x20]
mov byte [ecx], al
jmp short loc_fffb56fd  ; jmp 0xfffb56fd

loc_fffb56ef:  ; not directly referenced
push eax
push eax
push 0x80
push 0
call fcn_fffb47e9  ; call 0xfffb47e9

loc_fffb56fd:  ; not directly referenced
add esp, 0x10
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb5705:  ; not directly referenced
sub esp, 0xc
xor esi, esi
push 5
call fcn_fffb4808  ; call 0xfffb4808
add esp, 0x10
movzx edx, al
mov al, 1
cmp dword [edi], edx
jb short loc_fffb573f  ; jb 0xfffb573f

loc_fffb571d:  ; not directly referenced
cmp esi, edx
jae short loc_fffb573d  ; jae 0xfffb573d
sub esp, 0xc
push 7
mov dword [ebp - 0x1c], edx
call fcn_fffb4808  ; call 0xfffb4808
mov ecx, dword [ebp + 0x20]
add esp, 0x10
mov edx, dword [ebp - 0x1c]
mov byte [ecx + esi], al
inc esi
jmp short loc_fffb571d  ; jmp 0xfffb571d

loc_fffb573d:  ; not directly referenced
xor eax, eax

loc_fffb573f:  ; not directly referenced
test al, al
mov eax, 0x80000005
mov dword [edi], edx
cmovne ebx, eax
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb5750:  ; not directly referenced
movzx edx, byte [edi]
movzx ecx, al
lea eax, [edx + ecx]
cmp eax, 0x20
jg short loc_fffb5789  ; jg 0xfffb5789
xor esi, esi
mov edx, ecx

loc_fffb5762:  ; not directly referenced
cmp esi, edx
jae short loc_fffb5782  ; jae 0xfffb5782
sub esp, 0xc
push 7
mov dword [ebp - 0x1c], edx
call fcn_fffb4808  ; call 0xfffb4808
mov ecx, dword [ebp + 0x20]
add esp, 0x10
mov edx, dword [ebp - 0x1c]
mov byte [ecx + esi], al
inc esi
jmp short loc_fffb5762  ; jmp 0xfffb5762

loc_fffb5782:  ; not directly referenced
mov dword [edi], edx
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb5789:  ; not directly referenced
mov ebx, 0x80000007
jmp near loc_fffb561b  ; jmp 0xfffb561b

loc_fffb5793:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb579d:  ; not directly referenced
push ebp
movzx edx, dl
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 0x10]
mov eax, dword [ebp + 8]
mov dword [ebp - 0x24], ecx
mov edi, dword [esi + 0x5edc]
mov dword [ebp - 0x1c], ebx
mov byte [ebp - 0x2b], bl
mov bl, byte [ebp + 0x18]
mov ecx, eax
mov eax, dword [ebp + 0xc]
mov byte [ebp - 0x2c], bl
imul ebx, edx, 0xcc
mov byte [ebp - 0x20], al
lea ebx, [edi + ebx + 0x1c]
cmp cl, 0xe
ja loc_fffb5b85  ; ja 0xfffb5b85
movzx edi, cl
jmp dword [edi*4 + ref_fffd3f80]  ; ujmp: jmp dword [edi*4 - 0x2c080]

loc_fffb57eb:  ; not directly referenced
mov edi, dword [ebx + 0xa0]
and eax, 0xf
shl eax, 0xf
and edi, 0xfff87fff
jmp near loc_fffb5b31  ; jmp 0xfffb5b31

loc_fffb5802:  ; not directly referenced
mov edi, dword [ebx + 0xa0]
and eax, 0xf
shl eax, 0x13
and edi, 0xff87ffff
jmp near loc_fffb5b31  ; jmp 0xfffb5b31

loc_fffb5819:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 0x11
and edi, 0xffe1ffff
jmp short loc_fffb5895  ; jmp 0xfffb5895

loc_fffb582d:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 0x15
and edi, 0xfe1fffff
jmp short loc_fffb5895  ; jmp 0xfffb5895

loc_fffb5841:  ; not directly referenced
mov edi, dword [ebx + 0xa8]
and eax, 0x1f
shl eax, 0x13
and edi, 0xff07ffff
jmp near loc_fffb5b65  ; jmp 0xfffb5b65

loc_fffb5858:  ; not directly referenced
mov edi, dword [ebx + 0xa8]
and eax, 0x1f
shl eax, 0x18
and edi, 0xe0ffffff
jmp near loc_fffb5b65  ; jmp 0xfffb5b65

loc_fffb586f:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 6
and edi, 0xfffffc3f
jmp short loc_fffb5895  ; jmp 0xfffb5895

loc_fffb5883:  ; not directly referenced
mov edi, dword [ebx + 0xa4]
and eax, 0xf
shl eax, 0xa
and edi, 0xffffc3ff

loc_fffb5895:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x4008
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x1c], 0
je loc_fffb5b85  ; je 0xfffb5b85
mov dword [ebx + 0xa4], edi
jmp near loc_fffb5b85  ; jmp 0xfffb5b85

loc_fffb58be:  ; not directly referenced
mov edi, dword [ebx + 0xac]
sub eax, 6
and eax, 3
shl eax, 0x11
and edi, 0xfff9ffff
jmp short loc_fffb5901  ; jmp 0xfffb5901

loc_fffb58d5:  ; not directly referenced
sub eax, 6
mov edi, dword [ebx + 0xac]
cmp dword [esi + 0x2480], 3
jne short loc_fffb58f5  ; jne 0xfffb58f5
and eax, 7
and edi, 0xffc7ffff
shl eax, 0x13
jmp short loc_fffb5901  ; jmp 0xfffb5901

loc_fffb58f5:  ; not directly referenced
and eax, 3
and edi, 0xffe7ffff
shl eax, 0x13

loc_fffb5901:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x4014
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x1c], 0
je loc_fffb5b85  ; je 0xfffb5b85
mov dword [ebx + 0xac], edi
jmp near loc_fffb5b85  ; jmp 0xfffb5b85

loc_fffb592a:  ; not directly referenced
movzx ecx, byte [ebp - 0x24]
lea edi, [ebx + ecx*4]
mov ebx, dword [edi + 4]
mov dword [ebp - 0x24], edi
mov dword [ebp - 0x20], ebx
shr ebx, 0xd
and ebx, 0xf
mov edi, ebx
or edi, 0xfffffff0
test bl, 8
cmovne ebx, edi
add eax, ebx
mov bl, 6
cmp al, 6
cmovle ebx, eax
mov al, 0xfc
cmp bl, 0xfc
cmovge eax, ebx
mov ebx, dword [ebp - 0x20]
and eax, 0xf
mov edi, eax
shl edi, 0xd
and ebx, 0xff0e1fff
shl eax, 0x14
or ebx, edi
or ebx, eax
mov eax, esi
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, ebx
mov edx, eax
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x1c], 0
je loc_fffb5b85  ; je 0xfffb5b85
mov eax, dword [ebp - 0x24]
mov dword [eax + 4], ebx
jmp near loc_fffb5b85  ; jmp 0xfffb5b85

loc_fffb599b:  ; not directly referenced
movzx ecx, byte [ebp - 0x24]
lea edi, [ebx + ecx*4]
mov ebx, dword [edi + 4]
mov dword [ebp - 0x20], ebx
shr ebx, 0x11
and ebx, 7
add eax, ebx
mov bl, 7
cmp al, 7
cmovle ebx, eax
xor eax, eax
test bl, bl
cmovns eax, ebx
and eax, 7
mov ebx, eax
shl ebx, 0x11
mov dword [ebp - 0x24], ebx
mov ebx, dword [ebp - 0x20]
shl eax, 0x18
and ebx, 0xf8f1ffff
or ebx, dword [ebp - 0x24]
or ebx, eax
mov eax, esi
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, ebx
mov edx, eax
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x1c], 0
je loc_fffb5b85  ; je 0xfffb5b85
mov dword [edi + 4], ebx
jmp near loc_fffb5b85  ; jmp 0xfffb5b85

loc_fffb59fe:  ; not directly referenced
imul eax, edx, 0x13c3
xor edi, edi
shl edx, 0xa
lea eax, [esi + eax + 0x3756]
mov dword [ebp - 0x24], eax
lea eax, [edx + 0x4028]
mov dword [ebp - 0x30], eax
lea eax, [edx + 0x4024]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp - 0x20]
and eax, 0x7f
mov dword [ebp - 0x1c], eax

loc_fffb5a2e:  ; not directly referenced
mov eax, edi
mov byte [ebp - 0x2a], al
movzx eax, byte [ebp - 0x2c]
bt eax, edi
jae loc_fffb5b13  ; jae 0xfffb5b13
mov ecx, dword [ebp - 0x24]
mov al, byte [ebp - 0x20]
add al, byte [ecx + edi + 0x1011]
sub al, byte [ecx + edi + 0x1015]
mov byte [ebp - 0x29], al
js loc_fffb5b13  ; js 0xfffb5b13
mov edx, dword [ebp - 0x30]
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, dword [ebp - 0x28]
mov dword [ebp - 0x34], eax
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov dl, byte [ebp - 0x2a]
mov ecx, dword [ebp - 0x34]
cmp dl, 2
mov ebx, eax
movzx eax, byte [ebp - 0x29]
je short loc_fffb5ab1  ; je 0xfffb5ab1
and eax, 0xf
cmp dl, 3
je short loc_fffb5aca  ; je 0xfffb5aca
dec dl
je short loc_fffb5a9e  ; je 0xfffb5a9e
and ecx, 0xfffffff0
and ebx, 0xffffff80
or ecx, eax
or ebx, dword [ebp - 0x1c]
jmp short loc_fffb5ae0  ; jmp 0xfffb5ae0

loc_fffb5a9e:  ; not directly referenced
shl eax, 4
and cl, 0xf
or ecx, eax
mov eax, dword [ebp - 0x1c]
and bh, 0x80
shl eax, 8
jmp short loc_fffb5ade  ; jmp 0xfffb5ade

loc_fffb5ab1:  ; not directly referenced
and eax, 0xf
and ch, 0xf0
shl eax, 8
and ebx, 0xff80ffff
or ecx, eax
mov eax, dword [ebp - 0x1c]
shl eax, 0x10
jmp short loc_fffb5ade  ; jmp 0xfffb5ade

loc_fffb5aca:  ; not directly referenced
shl eax, 0xc
and ch, 0xf
or ecx, eax
mov eax, dword [ebp - 0x1c]
and ebx, 0x80ffffff
shl eax, 0x18

loc_fffb5ade:  ; not directly referenced
or ebx, eax

loc_fffb5ae0:  ; not directly referenced
mov edx, dword [ebp - 0x30]
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, dword [ebp - 0x28]
mov ecx, ebx
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x2b], 0
je short loc_fffb5b13  ; je 0xfffb5b13
mov ecx, dword [ebp - 0x24]
mov al, byte [ebp - 0x20]
mov byte [ecx + edi + 0x1015], al
mov al, byte [ebp - 0x29]
mov byte [ecx + edi + 0x1011], al

loc_fffb5b13:  ; not directly referenced
inc edi
cmp edi, 4
jne loc_fffb5a2e  ; jne 0xfffb5a2e
jmp short loc_fffb5b85  ; jmp 0xfffb5b85

loc_fffb5b1f:  ; not directly referenced
mov edi, dword [ebx + 0xa0]
and eax, 7
shl eax, 0xc
and edi, 0xffff8fff

loc_fffb5b31:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x4004
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x1c], 0
je short loc_fffb5b85  ; je 0xfffb5b85
mov dword [ebx + 0xa0], edi
jmp short loc_fffb5b85  ; jmp 0xfffb5b85

loc_fffb5b53:  ; not directly referenced
mov edi, dword [ebx + 0xa8]
and eax, 0x1f
shl eax, 0xe
and edi, 0xfff83fff

loc_fffb5b65:  ; not directly referenced
or edi, eax
mov eax, esi
shl edx, 0xa
mov ecx, edi
add edx, 0x400c
call fcn_fffae58c  ; call 0xfffae58c
cmp byte [ebp - 0x1c], 0
je short loc_fffb5b85  ; je 0xfffb5b85
mov dword [ebx + 0xa8], edi

loc_fffb5b85:  ; not directly referenced
add esp, 0x2c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb5b8d:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb468a  ; call 0xfffb468a
cmp eax, 1
jne short loc_fffb5bab  ; jne 0xfffb5bab
call fcn_fffb481e  ; call 0xfffb481e
cmp eax, 1
jne short loc_fffb5bab  ; jne 0xfffb5bab
mov al, 6
jmp short loc_fffb5bb4  ; jmp 0xfffb5bb4

loc_fffb5bab:
cmp eax, 2
sete al
shl eax, 2

loc_fffb5bb4:
leave
ret

fcn_fffb5bb6:
push ebp
mov ebp, esp
sub esp, 8
call fcn_fffb468a  ; call 0xfffb468a
cmp eax, 1
jne short loc_fffb5bdf  ; jne 0xfffb5bdf
call fcn_fffb481e  ; call 0xfffb481e
cmp eax, 1
je short loc_fffb5bdb  ; je 0xfffb5bdb
cmp eax, 2
sete dl
shl edx, 3
jmp short loc_fffb5be9  ; jmp 0xfffb5be9

loc_fffb5bdb:
mov dl, 0xe
jmp short loc_fffb5be9  ; jmp 0xfffb5be9

loc_fffb5bdf:
cmp eax, 2
mov dl, 0xa
mov al, 0
cmovne edx, eax

loc_fffb5be9:
mov al, dl
leave
ret

fcn_fffb5bed:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
mov edx, 0x40
push edi
push esi
push ebx
sub esp, 0xac
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x5edc]
mov esi, eax
mov dword [ebp - 0x90], eax
mov eax, dword [edi + 0x2443]
mov dword [ebp - 0x7c], eax
mov eax, dword [edi + 0x1887]
mov dword [ebp - 0x78], eax
mov eax, dword [edi + 0x188b]
mov dword [ebp - 0x6c], eax
mov eax, edi
call fcn_fffc3c0d  ; call 0xfffc3c0d
lea eax, [edi + 0x3756]
mov ecx, eax
mov dword [ebp - 0x80], eax
mov eax, esi
xor esi, esi
add eax, 0x1c
mov dword [ebp - 0x8c], eax
mov ebx, eax
mov dword [ebp - 0x70], ecx

loc_fffb5c50:  ; not directly referenced
mov eax, dword [ebp - 0x70]
cmp dword [eax], 2
jne loc_fffb5e14  ; jne 0xfffb5e14
cmp dword [ebp - 0x6c], 1
je short loc_fffb5c9f  ; je 0xfffb5c9f

loc_fffb5c62:  ; not directly referenced
cmp byte [edi + 0x18b4], 1
jne loc_fffb5d3d  ; jne 0xfffb5d3d
mov eax, dword [ebp - 0x7c]
call dword [eax + 0x7c]  ; ucall
mov edx, dword [ebp - 0x6c]
movzx eax, ax
add eax, eax
mov ecx, eax
or eax, 1
or ecx, 0x3e0001
dec edx
cmovne ecx, eax
mov eax, edi
lea edx, [esi*4 + 0x2000]
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffb5d3d  ; jmp 0xfffb5d3d

loc_fffb5c9f:  ; not directly referenced
mov dl, byte [ebx + 0xcb]
mov ecx, 0xff
mov al, byte [ebx + 3]
and edx, 1
shl edx, 6
and eax, 0xffffffbf
or eax, edx
mov edx, esi
mov byte [ebx + 3], al
mov eax, edi
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebx]
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
cmp byte [ebx + 0xcb], 0
je short loc_fffb5c62  ; je 0xfffb5c62
mov byte [ebp - 0x74], 0

loc_fffb5cdc:  ; not directly referenced
mov al, byte [ebp - 0x74]
cmp al, byte [edi + 0x2488]
jae loc_fffb5c62  ; jae 0xfffb5c62
movzx ecx, byte [ebp - 0x74]
xor edx, edx
mov al, byte [ebx + ecx*4 + 6]
shr al, 1
and eax, 7
cmp al, 2
jbe short loc_fffb5d04  ; jbe 0xfffb5d04
lea edx, [eax - 1]
and edx, 7

loc_fffb5d04:  ; not directly referenced
mov al, byte [ebx + ecx*4 + 6]
and edx, 7
add edx, edx
and eax, 0xfffffff1
or eax, edx
mov edx, esi
mov byte [ebx + ecx*4 + 6], al
mov eax, dword [ebx + ecx*4 + 4]
mov dword [ebp - 0x84], eax
mov eax, edi
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, dword [ebp - 0x84]
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x74]
jmp short loc_fffb5cdc  ; jmp 0xfffb5cdc

loc_fffb5d3d:  ; not directly referenced
imul eax, dword [edi + 0x18a7], 0x2e
mov ecx, dword [ebp - 0x70]
cmp word [ecx + eax + 8], 1
jne short loc_fffb5d8a  ; jne 0xfffb5d8a
mov eax, esi
shl eax, 0xa
add eax, 0x4010
mov edx, eax
mov dword [ebp - 0x74], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov dl, byte [edi + 0x190b]
mov ecx, edx
shr dl, 1
and ecx, 1
and eax, 0xfffffff0
and edx, 7
add edx, edx
or eax, ecx
or eax, edx
mov edx, dword [ebp - 0x74]
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb5d8a:  ; not directly referenced
cmp byte [edi + 0x190c], 0
jne short loc_fffb5db8  ; jne 0xfffb5db8
cmp dword [ebp - 0x6c], 0
jne short loc_fffb5db8  ; jne 0xfffb5db8
and byte [ebx + 0xa3], 0xdf
mov edx, esi
mov ecx, dword [ebx + 0xa0]
shl edx, 0xa
mov eax, edi
add edx, 0x4004
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb5db8:  ; not directly referenced
lea edx, [esi*8 + 0x48a8]
mov ecx, 0x3000
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x70]
mov edx, esi
shl edx, 0xa
add edx, 0x42a0
movzx ecx, byte [eax + 0xc4]
mov eax, edi
call fcn_fffae566  ; call 0xfffae566
cmp byte [edi + 0x3748], 1
jne short loc_fffb5e14  ; jne 0xfffb5e14
lea eax, [esi*4 + 0x5004]
mov edx, eax
mov dword [ebp - 0x74], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, dword [ebp - 0x74]
or eax, 0x3000000
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb5e14:  ; not directly referenced
inc esi
add ebx, 0xcc
add dword [ebp - 0x70], 0x13c3
cmp esi, 2
jne loc_fffb5c50  ; jne 0xfffb5c50
xor eax, eax
cmp dword [edi + 0x2480], 3
sete al
mov dword [ebp - 0x84], eax
test byte [edi + 0x2406], 1
je short loc_fffb5e4a  ; je 0xfffb5e4a
test eax, eax
je short loc_fffb5e53  ; je 0xfffb5e53

loc_fffb5e4a:  ; not directly referenced
xor edx, edx
mov eax, edi
call fcn_fffb0b30  ; call 0xfffb0b30

loc_fffb5e53:  ; not directly referenced
mov eax, dword [ebp - 0x78]
cmp eax, 0x40660
sete dl
cmp eax, 0x306c0
sete al
or dl, al
jne short loc_fffb5e85  ; jne 0xfffb5e85

loc_fffb5e6a:  ; not directly referenced
mov eax, dword [edi + 0x5edc]
mov dword [ebp - 0x7c], 0
lea esi, [eax + 0x1c]
mov eax, dword [ebp - 0x80]
mov dword [ebp - 0x74], eax
jmp near loc_fffb5f7b  ; jmp 0xfffb5f7b

loc_fffb5e85:  ; not directly referenced
mov eax, dword [edi + 0x5edc]
mov dword [ebp - 0x70], 0
lea ebx, [eax + 0x1c]

loc_fffb5e95:  ; not directly referenced
imul eax, dword [ebp - 0x70], 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne loc_fffb5f49  ; jne 0xfffb5f49
mov al, byte [edi + 0x2488]
mov byte [ebp - 0x7c], al
xor eax, eax

loc_fffb5eb5:  ; not directly referenced
cmp byte [ebp - 0x7c], al
jbe short loc_fffb5f1e  ; jbe 0xfffb5f1e
mov dl, byte [ebx + eax*4 + 5]
movzx ecx, byte [ebx + eax*4 + 6]
shr dl, 5
and ecx, 1
movzx edx, dl
shl ecx, 3
or ecx, edx
mov esi, ecx
mov dl, cl
or edx, 0xfffffff0
shr esi, 3
cmove edx, ecx
mov cl, byte [ebx + eax*4 + 6]
movsx edx, dl
shr cl, 1
mov esi, ecx
and esi, 7
mov dword [ebp - 0x74], esi
mov cl, byte [ebx + eax*4 + 6]
shr cl, 4
mov esi, ecx
or esi, 0xfffffff0
test cl, 8
cmovne ecx, esi
movzx esi, byte [ebx + eax*4 + 7]
add edx, dword [ebp - 0x74]
and esi, 7
cmp edx, 6
jg short loc_fffb5f22  ; jg 0xfffb5f22
movsx ecx, cl
inc eax
add ecx, esi
cmp ecx, 6
jle short loc_fffb5eb5  ; jle 0xfffb5eb5
jmp short loc_fffb5f22  ; jmp 0xfffb5f22

loc_fffb5f1e:  ; not directly referenced
xor edx, edx
jmp short loc_fffb5f24  ; jmp 0xfffb5f24

loc_fffb5f22:  ; not directly referenced
mov dl, 1

loc_fffb5f24:  ; not directly referenced
mov al, byte [ebx + 1]
mov ecx, 0xff
and eax, 0xfffffffe
or eax, edx
mov edx, dword [ebp - 0x70]
mov byte [ebx + 1], al
mov eax, edi
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebx]
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffb5f49:  ; not directly referenced
inc dword [ebp - 0x70]
add ebx, 0xcc
cmp dword [ebp - 0x70], 2
je loc_fffb5e6a  ; je 0xfffb5e6a
jmp near loc_fffb5e95  ; jmp 0xfffb5e95

loc_fffb5f61:  ; not directly referenced
inc dword [ebp - 0x7c]
add esi, 0xcc
add dword [ebp - 0x74], 0x13c3
cmp dword [ebp - 0x7c], 2
je loc_fffb6031  ; je 0xfffb6031

loc_fffb5f7b:  ; not directly referenced
mov eax, dword [ebp - 0x74]
cmp dword [eax], 2
jne short loc_fffb5f61  ; jne 0xfffb5f61
mov byte [ebp - 0x70], 0

loc_fffb5f87:  ; not directly referenced
movzx eax, byte [ebp - 0x70]
cmp al, byte [edi + 0x2488]
jae short loc_fffb5f61  ; jae 0xfffb5f61
mov ecx, dword [ebp - 0x74]
mov bl, byte [ecx + 0xc4]
lea eax, [ecx + eax + 0x104a]
xor ecx, ecx
mov dword [ebp - 0x88], eax
xor eax, eax
mov byte [ebp - 0x98], bl

loc_fffb5fb3:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x98], dl
je short loc_fffb5fe3  ; je 0xfffb5fe3
mov ebx, dword [ebp - 0x88]
mov dl, byte [ebx]
mov byte [ebp - 0x94], dl
mov dl, byte [ebx + 0x24]
mov bl, byte [ebp - 0x94]
cmp bl, dl
cmovae edx, ebx
cmp al, dl
cmovb eax, edx

loc_fffb5fe3:  ; not directly referenced
inc ecx
add dword [ebp - 0x88], 9
cmp ecx, 4
jne short loc_fffb5fb3  ; jne 0xfffb5fb3
movzx ebx, byte [ebp - 0x70]
shr al, 3
not eax
shr eax, 1
and eax, 3
mov dl, byte [esi + ebx*4 + 5]
mov ecx, ebx
and byte [esi + ebx*4 + 4], 0x7f
and edx, 0xfffffffc
or edx, eax
mov eax, edi
mov byte [esi + ebx*4 + 5], dl
mov edx, dword [ebp - 0x7c]
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, dword [esi + ebx*4 + 4]
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x70]
jmp near loc_fffb5f87  ; jmp 0xfffb5f87

loc_fffb6031:  ; not directly referenced
movzx ecx, word [edi + 0x2489]
mov eax, ecx
shr ax, 1
movzx eax, ax
add eax, 0xb2c
cdq
idiv ecx
mov ecx, 7
cmp eax, 7
ja short loc_fffb6061  ; ja 0xfffb6061
xor cl, cl
cmp eax, 2
jbe short loc_fffb6061  ; jbe 0xfffb6061
mov cl, 4
cmp eax, 3
cmovne ecx, eax

loc_fffb6061:  ; not directly referenced
cmp dword [ebp - 0x6c], 1
jne short loc_fffb6079  ; jne 0xfffb6079

loc_fffb6067:  ; not directly referenced
cmp dword [ebp - 0x78], 0x40650
jne loc_fffb6125  ; jne 0xfffb6125
jmp near loc_fffb6132  ; jmp 0xfffb6132

loc_fffb6079:  ; not directly referenced
and ecx, 7
xor esi, esi
mov ebx, dword [ebp - 0x8c]
cmp dword [ebp - 0x84], 0
lea eax, [ecx*8]
mov dword [ebp - 0x70], 0
cmove esi, ecx
mov byte [ebp - 0x7c], al

loc_fffb609f:  ; not directly referenced
imul eax, dword [ebp - 0x70], 0x13c3
cmp dword [edi + eax + 0x3756], 2
je short loc_fffb60c1  ; je 0xfffb60c1

loc_fffb60b0:  ; not directly referenced
inc dword [ebp - 0x70]
add ebx, 0xcc
cmp dword [ebp - 0x70], 2
jne short loc_fffb609f  ; jne 0xfffb609f
jmp short loc_fffb6067  ; jmp 0xfffb6067

loc_fffb60c1:  ; not directly referenced
mov byte [ebp - 0x6c], 0

loc_fffb60c5:  ; not directly referenced
mov al, byte [ebp - 0x6c]
cmp al, byte [edi + 0x2488]
jae short loc_fffb60b0  ; jae 0xfffb60b0
cmp dword [ebp - 0x78], 0x40650
movzx edx, byte [ebp - 0x6c]
jne short loc_fffb60ef  ; jne 0xfffb60ef
mov al, byte [ebx + edx*4 + 7]
lea ecx, [esi*8]
and eax, 0xffffffc7
or eax, ecx
jmp short loc_fffb60f9  ; jmp 0xfffb60f9

loc_fffb60ef:  ; not directly referenced
mov al, byte [ebx + edx*4 + 7]
and eax, 0xffffffc7
or eax, dword [ebp - 0x7c]

loc_fffb60f9:  ; not directly referenced
mov byte [ebx + edx*4 + 7], al
movzx eax, byte [ebp - 0x6c]
mov edx, dword [ebp - 0x70]
mov ecx, eax
mov dword [ebp - 0x74], eax
mov eax, edi
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, dword [ebp - 0x74]
mov ecx, dword [ebx + ecx*4 + 4]
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x6c]
jmp short loc_fffb60c5  ; jmp 0xfffb60c5

loc_fffb6125:  ; not directly referenced
cmp dword [edi + 0x188b], 1
jne loc_fffb6434  ; jne 0xfffb6434

loc_fffb6132:  ; not directly referenced
mov eax, dword [ebp - 0x80]
mov esi, dword [ebp - 0x8c]
mov dword [ebp - 0x74], 0
mov dword [ebp - 0x78], eax

loc_fffb6145:  ; not directly referenced
mov eax, dword [ebp - 0x78]
cmp dword [eax], 2
je short loc_fffb6168  ; je 0xfffb6168

loc_fffb614d:  ; not directly referenced
inc dword [ebp - 0x74]
add esi, 0xcc
add dword [ebp - 0x78], 0x13c3
cmp dword [ebp - 0x74], 2
jne short loc_fffb6145  ; jne 0xfffb6145
jmp near loc_fffb62d1  ; jmp 0xfffb62d1

loc_fffb6168:  ; not directly referenced
mov ebx, dword [ebp - 0x78]
xor ecx, ecx
mov al, byte [ebx + 0xc4]
mov dword [ebp - 0x70], ebx
xor ebx, ebx
mov byte [ebp - 0x80], al

loc_fffb617b:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x80], dl
je short loc_fffb61bd  ; je 0xfffb61bd
mov al, byte [edi + 0x2488]
xor edx, edx
mov byte [ebp - 0x7c], al

loc_fffb6192:  ; not directly referenced
cmp byte [ebp - 0x7c], dl
jbe short loc_fffb61bd  ; jbe 0xfffb61bd
mov eax, dword [ebp - 0x70]
mov ax, word [eax + edx*2 + 0x1b1]
mov word [ebp - 0x6c], ax
movzx eax, bl
shr word [ebp - 0x6c], 6
cmp ax, word [ebp - 0x6c]
mov al, byte [ebp - 0x6c]
cmova eax, ebx
inc edx
mov bl, al
jmp short loc_fffb6192  ; jmp 0xfffb6192

loc_fffb61bd:  ; not directly referenced
inc ecx
add dword [ebp - 0x70], 0x12
cmp ecx, 4
jne short loc_fffb617b  ; jne 0xfffb617b
cmp dword [ebp - 0x84], 0
mov al, 1
je short loc_fffb61df  ; je 0xfffb61df
movzx ecx, word [edi + 0x2489]
lea eax, [ecx + 0x3f]
cdq
idiv ecx

loc_fffb61df:  ; not directly referenced
mov byte [ebp - 0x70], 0
lea eax, [ebx + eax*2 + 0xf]
mov byte [ebp - 0x6c], al

loc_fffb61ea:  ; not directly referenced
mov al, byte [ebp - 0x70]
cmp al, byte [edi + 0x2488]
jae loc_fffb614d  ; jae 0xfffb614d
movzx ecx, byte [ebp - 0x70]
mov bl, 0x1f
mov al, byte [esi + ecx*4 + 7]
shr al, 6
and eax, 1
cmp al, 1
sbb byte [ebp - 0x6c], 0xff
mov al, byte [ebp - 0x6c]
cmp al, 0x1f
cmova eax, ebx
mov byte [ebp - 0x6c], al
mov dl, byte [esi + ecx*4 + 5]
movzx eax, byte [esi + ecx*4 + 6]
shr dl, 5
and eax, 1
movzx edx, dl
shl eax, 3
or eax, edx
mov edx, eax
mov bl, al
or ebx, 0xfffffff0
shr edx, 3
mov dl, byte [esi + ecx*4 + 6]
cmove ebx, eax
shr dl, 1
and edx, 7
test byte [esi + 3], 0x40
je short loc_fffb6271  ; je 0xfffb6271
lea eax, [ecx + 8]
mov bl, byte [ebp - 0x6c]
mov dl, byte [esi + eax*4 + 9]
movzx eax, byte [esi + eax*4 + 0xa]
shr dl, 5
and eax, 3
movzx edx, dl
shl eax, 3
or eax, edx
cmp bl, al
cmovae eax, ebx
jmp short loc_fffb6283  ; jmp 0xfffb6283

loc_fffb6271:  ; not directly referenced
lea eax, [edx + ebx + 0xe]
mov bl, 0x1f
cmp al, 0x1f
mov dl, 0x11
cmovg eax, ebx
cmp al, 0x11
cmovl eax, edx

loc_fffb6283:  ; not directly referenced
and eax, 0x1f
mov dl, al
lea ebx, [ecx + 8]
shl edx, 5
mov byte [ebp - 0x7c], dl
mov dl, byte [esi + ebx*4 + 9]
shr al, 3
and eax, 3
and edx, 0x1f
or edx, dword [ebp - 0x7c]
mov byte [esi + ebx*4 + 9], dl
mov dl, byte [esi + ebx*4 + 0xa]
and edx, 0xfffffffc
or edx, eax
mov eax, edi
mov byte [esi + ebx*4 + 0xa], dl
mov edx, dword [ebp - 0x74]
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [esi + ebx*4 + 8]
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x70]
jmp near loc_fffb61ea  ; jmp 0xfffb61ea

loc_fffb62d1:  ; not directly referenced
mov eax, dword [edi + 0x2443]
cmp byte [edi + 0x2402], 0
mov ebx, dword [edi + 0x5edc]
mov dword [ebp - 0x74], eax
je loc_fffb6434  ; je 0xfffb6434
mov edx, 0x4024
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x40d0
mov dword [ebp - 0x78], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x4ca4
mov dword [ebp - 0x7c], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov dl, byte [ebx + 0xc8]
movzx ecx, byte [ebx + 0xc9]
mov esi, edx
and esi, 0x1f
and ecx, 3
shr dl, 5
mov dword [ebp - 0x80], esi
lea esi, [ecx*8]
movzx edx, dl
mov dword [ebp - 0x70], esi
xor ecx, ecx
or dword [ebp - 0x70], edx
mov dl, byte [ebx + 0xcb]
shr dl, 2
mov esi, edx
mov dl, byte [ebx + 0xbf]
and esi, 3
mov dword [ebp - 0x84], esi
shr dl, 6
movzx esi, dl
mov dl, byte [ebx + 0xc3]
mov dword [ebp - 0x6c], esi
shr dl, 7
cmp dword [edi + 0x2480], 1
movzx esi, dl
jne short loc_fffb638c  ; jne 0xfffb638c
mov edx, dword [ebp - 0x70]
xor ecx, ecx
add edx, dword [ebp - 0x6c]
sub edx, esi
cmp edx, 5
sete cl

loc_fffb638c:  ; not directly referenced
mov bl, al
mov edx, 1
and ebx, 3
cmp bl, 2
jne short loc_fffb63a3  ; jne 0xfffb63a3
shr eax, 4
mov edx, eax
and edx, 7

loc_fffb63a3:  ; not directly referenced
mov al, byte [edi + 0x381a]
add esi, esi
add ecx, ecx
mov byte [ebp - 0x70], al
lea eax, [esi + 4]
mov esi, dword [ebp - 0x84]
add esi, dword [ebp - 0x80]
add esi, dword [ebp - 0x6c]
add esi, esi
sub eax, esi
sub eax, ecx
lea eax, [eax + edx*8 - 8]
xor edx, edx
mov dword [ebp - 0x6c], eax
xor eax, eax

loc_fffb63d0:  ; not directly referenced
mov cl, al
mov esi, 1
shl esi, cl
mov ecx, esi
test byte [ebp - 0x70], cl
je short loc_fffb6416  ; je 0xfffb6416
mov ebx, dword [ebp - 0x78]
lea esi, [eax*8]
mov ecx, esi
mov dword [ebp - 0x80], esi
shr ebx, cl
mov esi, ebx
mov ebx, dword [ebp - 0x7c]
lea ecx, [eax + eax]
and esi, 0x3f
add esi, dword [ebp - 0x6c]
shr ebx, cl
mov ecx, ebx
and ecx, 3
add ecx, ecx
sub esi, ecx
mov ecx, esi
movzx esi, cl
mov cl, byte [ebp - 0x80]
shl esi, cl
or edx, esi

loc_fffb6416:  ; not directly referenced
inc eax
cmp eax, 4
jne short loc_fffb63d0  ; jne 0xfffb63d0
push ebx
push ebx
push edx
mov eax, dword [edi + 0x18cd]
add eax, 0xc04
push eax
mov eax, dword [ebp - 0x74]
call dword [eax + 0x30]  ; ucall
add esp, 0x10

loc_fffb6434:  ; not directly referenced
mov ecx, 0x14
mov edx, 0x5f08
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov esi, dword [ebp - 0x90]
mov dl, byte [edi + 0x369d]
mov al, byte [esi + 0x16]
shl edx, 7
and eax, 0x7f
or eax, edx
mov byte [esi + 0x16], al
mov dl, byte [edi + 0x369e]
and eax, 0xffffffbf
and edx, 1
shl edx, 6
or eax, edx
mov byte [esi + 0x16], al
mov dl, byte [edi + 0x369f]
and eax, 0xffffffdf
and edx, 1
shl edx, 5
or eax, edx
mov edx, 0xf78
mov byte [esi + 0x16], al
mov ecx, dword [esi + 0x14]
mov eax, 0xf84
cmp dword [edi + 0x188b], 1
cmove edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov ebx, dword [edi + 0x5edc]
cmp dword [edi + 0x3756], 2
jne short loc_fffb6508  ; jne 0xfffb6508
cmp dword [edi + 0x36d7], 0x74a
ja short loc_fffb64f4  ; ja 0xfffb64f4

loc_fffb64c0:  ; not directly referenced
cmp dword [edi + 0x36d7], 0x854
ja short loc_fffb64e0  ; ja 0xfffb64e0

loc_fffb64cc:  ; not directly referenced
mov ecx, dword [ebx + 0xc8]
mov edx, 0x4014
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffb6508  ; jmp 0xfffb6508

loc_fffb64e0:  ; not directly referenced
mov al, byte [ebx + 0xc9]
and eax, 0xffffffcf
or eax, 0x20
mov byte [ebx + 0xc9], al
jmp short loc_fffb64cc  ; jmp 0xfffb64cc

loc_fffb64f4:  ; not directly referenced
mov al, byte [ebx + 0xc9]
and eax, 0xfffffff3
or eax, 8
mov byte [ebx + 0xc9], al
jmp short loc_fffb64c0  ; jmp 0xfffb64c0

loc_fffb6508:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
jne short loc_fffb655f  ; jne 0xfffb655f
cmp dword [edi + 0x36d7], 0x74a
jbe short loc_fffb652f  ; jbe 0xfffb652f
mov al, byte [ebx + 0x195]
and eax, 0xfffffff3
or eax, 8
mov byte [ebx + 0x195], al

loc_fffb652f:  ; not directly referenced
cmp dword [edi + 0x36d7], 0x854
jbe short loc_fffb654d  ; jbe 0xfffb654d
mov al, byte [ebx + 0x195]
and eax, 0xffffffcf
or eax, 0x20
mov byte [ebx + 0x195], al

loc_fffb654d:  ; not directly referenced
mov ecx, dword [ebx + 0x194]
mov edx, 0x4414
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb655f:  ; not directly referenced
mov eax, edi
call fcn_fffae778  ; call 0xfffae778
mov edx, 0x501c
mov eax, edi
cmp byte [edi + 0x190a], 1
sbb ecx, ecx
and ecx, 0x40000000
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, edi
call fcn_fffa870e  ; call 0xfffa870e
lea ecx, [edi + 0x18b5]
mov edx, 0x41
mov eax, edi
call fcn_fffc3c0d  ; call 0xfffc3c0d
cmp byte [edi + 0x192b], 0
jne loc_fffb6c2c  ; jne 0xfffb6c2c
mov ebx, dword [edi + 0x2443]
lea eax, [ebp - 0x40]
push ecx
push 0
push 8
push eax
mov dword [ebp - 0x50], ref_fffd4088  ; mov dword [ebp - 0x50], 0xfffd4088
mov dword [ebp - 0x4c], ref_fffd4038  ; mov dword [ebp - 0x4c], 0xfffd4038
mov dword [ebp - 0x48], ref_fffd3fd8  ; mov dword [ebp - 0x48], 0xfffd3fd8
mov dword [ebp - 0x44], ref_fffd3fcc  ; mov dword [ebp - 0x44], 0xfffd3fcc
mov dword [ebp - 0xb8], 0
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x38]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x30]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x28]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x20]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 4
lea eax, [ebp - 0x58]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x54]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
cmp dword [edi + 0x2480], 3
jne short loc_fffb6650  ; jne 0xfffb6650
mov word [ebp - 0x5c], 8
mov word [ebp - 0x5a], 1
jmp short loc_fffb665c  ; jmp 0xfffb665c

loc_fffb6650:  ; not directly referenced
mov word [ebp - 0x5c], 0x228
mov word [ebp - 0x5a], 7

loc_fffb665c:  ; not directly referenced
mov eax, dword [edi + 0x18a7]
mov dword [ebp - 0xb0], eax
dec eax
je loc_fffb6c2c  ; je 0xfffb6c2c
lea eax, [edi + 0x48c9]
mov dword [ebp - 0x7c], eax
lea eax, [ebp - 0x58]
mov dword [ebp - 0x90], eax
lea eax, [ebp - 0x20]
mov dword [ebp - 0xa4], eax
lea eax, [ebp - 0x28]
mov dword [ebp - 0x8c], eax
lea eax, [ebp - 0x30]
mov dword [ebp - 0x94], eax
lea eax, [ebp - 0x38]
mov dword [ebp - 0x98], eax
lea eax, [ebp - 0x40]
mov dword [ebp - 0x88], eax
lea eax, [ebp - 0x54]
mov dword [ebp - 0x80], eax
mov byte [ebp - 0x74], 0xff

loc_fffb66b8:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
cmp dword [eax - 0x1173], 2
jne loc_fffb69e0  ; jne 0xfffb69e0
mov dword [ebp - 0x6c], eax
mov dword [ebp - 0x78], 0

loc_fffb66d2:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
cmp dword [eax], 2
jne loc_fffb69cc  ; jne 0xfffb69cc
mov eax, dword [ebp - 0xb0]
mov eax, dword [edi + eax*4 + 0x3735]
cmp eax, 0x546
je short loc_fffb6713  ; je 0xfffb6713
cmp eax, 0x5dc
je short loc_fffb671a  ; je 0xfffb671a
cmp eax, 0x4b0
setne cl
movzx eax, cl
movzx ebx, cl
lea eax, [eax + eax*2 + 1]
mov dword [ebp - 0x84], ebx
jmp short loc_fffb6729  ; jmp 0xfffb6729

loc_fffb6713:  ; not directly referenced
mov eax, 2
jmp short loc_fffb671f  ; jmp 0xfffb671f

loc_fffb671a:  ; not directly referenced
mov eax, 3

loc_fffb671f:  ; not directly referenced
mov dword [ebp - 0x84], 0

loc_fffb6729:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
and eax, 0xfffffe0f
movzx ebx, byte [esi + 0xcc]
movzx ecx, byte [esi + 0xd9]
and ebx, 1
shl ebx, 4
and ecx, 0xf
or eax, ebx
movzx ebx, byte [esi + 0xf2]
shl ecx, 5
or eax, ecx
movzx ecx, byte [esi + 0xed]
and ah, 0x81
and ebx, 7
shl ebx, 9
or eax, ebx
mov ebx, dword [ebp - 0x7c]
and ecx, 7
shl ecx, 0xc
or eax, ecx
and eax, 0xfffe7fff
movzx ecx, byte [ebx - 0x10b3]
and ecx, 3
shl ecx, 0xf
or eax, ecx
mov ecx, dword [edi + 0x36d7]
cmp ecx, 0x640
je short loc_fffb67db  ; je 0xfffb67db
ja short loc_fffb67b3  ; ja 0xfffb67b3
cmp ecx, 0x42b
je short loc_fffb67cf  ; je 0xfffb67cf
cmp ecx, 0x535
jne short loc_fffb67f3  ; jne 0xfffb67f3
and eax, 0xffe1ffff
or eax, 0xa0000
jmp short loc_fffb67fd  ; jmp 0xfffb67fd

loc_fffb67b3:  ; not directly referenced
cmp ecx, 0x74b
je short loc_fffb67e7  ; je 0xfffb67e7
cmp ecx, 0x855
jne short loc_fffb67f3  ; jne 0xfffb67f3
and eax, 0xffe1ffff
or eax, 0x160000
jmp short loc_fffb67fd  ; jmp 0xfffb67fd

loc_fffb67cf:  ; not directly referenced
and eax, 0xffe1ffff
or eax, 0x60000
jmp short loc_fffb67fd  ; jmp 0xfffb67fd

loc_fffb67db:  ; not directly referenced
and eax, 0xffe1ffff
or eax, 0xe0000
jmp short loc_fffb67fd  ; jmp 0xfffb67fd

loc_fffb67e7:  ; not directly referenced
and eax, 0xffe1ffff
or eax, 0x120000
jmp short loc_fffb67fd  ; jmp 0xfffb67fd

loc_fffb67f3:  ; not directly referenced
mov dword [ebp - 0x84], 1

loc_fffb67fd:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
and eax, 0xff1fffff
mov ebx, dword [edi + 0x2480]
mov dword [ebp - 0x70], 0
movzx ecx, byte [esi + 0xf3]
mov dword [ebp - 0xb4], ebx
and ecx, 7
shl ecx, 0x15
or eax, ecx
mov ecx, eax
and ecx, 0xfffe7e0f
cmp ebx, 3
cmove eax, ecx
xor ebx, ebx

loc_fffb6837:  ; not directly referenced
mov edx, dword [ebp - 0x70]
mov byte [ebp - 0xa9], dl
test dl, dl
jne short loc_fffb6853  ; jne 0xfffb6853
cmp dword [ebp - 0x84], 0
jne loc_fffb69bf  ; jne 0xfffb69bf
jmp short loc_fffb6860  ; jmp 0xfffb6860

loc_fffb6853:  ; not directly referenced
test ebx, ebx
jne loc_fffb69ba  ; jne 0xfffb69ba
and eax, 0xff0001ff

loc_fffb6860:  ; not directly referenced
mov ecx, dword [ebp - 0x70]
xor esi, esi
movzx ecx, word [ebp + ecx*2 - 0x5c]
mov word [ebp - 0xac], cx
dec ecx
mov dword [ebp - 0xa8], ecx

loc_fffb6878:  ; not directly referenced
cmp word [ebp - 0xac], si
jbe loc_fffb69bf  ; jbe 0xfffb69bf
cmp dword [ebp - 0xb4], 3
jne loc_fffb6930  ; jne 0xfffb6930
mov edx, dword [ebp - 0x70]
imul ecx, esi, 0xc
add ecx, dword [ebp + edx*4 - 0x48]
cmp eax, dword [ecx]
jne short loc_fffb6910  ; jne 0xfffb6910

loc_fffb68a0:  ; not directly referenced
mov bl, byte [ecx + 5]
mov esi, dword [ebp - 0x78]
mov edx, dword [ebp - 0x88]
cmp byte [edi + 0x3755], 1
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x98]
mov bl, byte [ecx + 6]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x94]
mov bl, byte [ecx + 7]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x8c]
mov bl, byte [ecx + 8]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0xa4]
mov bl, byte [ecx + 9]
mov byte [edx + esi], bl
mov ebx, dword [ebp - 0x90]
mov dl, byte [ecx + 4]
mov byte [ebx + esi], dl
mov bl, byte [ecx + 0xa]
mov cl, byte [ecx + 0xb]
cmove ecx, ebx
mov ebx, dword [ebp - 0x80]
mov byte [ebx + esi], cl
mov bl, byte [ebp - 0x74]
cmp bl, dl
cmovbe edx, ebx
mov bl, dl
jmp near loc_fffb699c  ; jmp 0xfffb699c

loc_fffb6910:  ; not directly referenced
cmp byte [ebp - 0xa9], 1
jne loc_fffb69b4  ; jne 0xfffb69b4
mov edx, dword [ebp - 0xa8]
cmp esi, edx
jne loc_fffb69b4  ; jne 0xfffb69b4
jmp near loc_fffb68a0  ; jmp 0xfffb68a0

loc_fffb6930:  ; not directly referenced
mov edx, dword [ebp - 0x70]
imul ecx, esi, 0xb
add ecx, dword [ebp + edx*4 - 0x50]
cmp eax, dword [ecx]
jne short loc_fffb69a1  ; jne 0xfffb69a1

loc_fffb693e:  ; not directly referenced
mov bl, byte [ecx + 5]
mov esi, dword [ebp - 0x78]
mov edx, dword [ebp - 0x88]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x98]
mov bl, byte [ecx + 6]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x94]
mov bl, byte [ecx + 7]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x8c]
mov bl, byte [ecx + 8]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0xa4]
mov bl, byte [ecx + 9]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x90]
mov bl, byte [ecx + 4]
mov byte [edx + esi], bl
mov edx, dword [ebp - 0x80]
mov cl, byte [ecx + 0xa]
mov byte [edx + esi], cl
mov cl, byte [ebp - 0x74]
cmp cl, bl
cmova ecx, ebx
mov bl, cl

loc_fffb699c:  ; not directly referenced
mov byte [ebp - 0x74], bl
jmp short loc_fffb69ba  ; jmp 0xfffb69ba

loc_fffb69a1:  ; not directly referenced
cmp byte [ebp - 0xa9], 1
jne short loc_fffb69b4  ; jne 0xfffb69b4
mov edx, dword [ebp - 0xa8]
cmp esi, edx
je short loc_fffb693e  ; je 0xfffb693e

loc_fffb69b4:  ; not directly referenced
inc esi
jmp near loc_fffb6878  ; jmp 0xfffb6878

loc_fffb69ba:  ; not directly referenced
mov ebx, 1

loc_fffb69bf:  ; not directly referenced
inc dword [ebp - 0x70]
cmp dword [ebp - 0x70], 2
jne loc_fffb6837  ; jne 0xfffb6837

loc_fffb69cc:  ; not directly referenced
inc dword [ebp - 0x78]
add dword [ebp - 0x6c], 0x128
cmp dword [ebp - 0x78], 2
jne loc_fffb66d2  ; jne 0xfffb66d2

loc_fffb69e0:  ; not directly referenced
add dword [ebp - 0x80], 2
add dword [ebp - 0x7c], 0x13c3
add dword [ebp - 0x88], 4
add dword [ebp - 0x98], 4
add dword [ebp - 0x94], 4
add dword [ebp - 0x8c], 4
add dword [ebp - 0xa4], 4
add dword [ebp - 0x90], 2
lea eax, [ebp - 0x50]
cmp dword [ebp - 0x80], eax
jne loc_fffb66b8  ; jne 0xfffb66b8
lea eax, [ebp - 0x58]
mov esi, 0x42f8
mov dword [ebp - 0x8c], eax
lea eax, [ebp - 0x20]
mov dword [ebp - 0x7c], eax
lea eax, [ebp - 0x28]
mov dword [ebp - 0x84], eax
lea eax, [ebp - 0x30]
mov dword [ebp - 0x80], eax
lea eax, [ebp - 0x38]
mov dword [ebp - 0x88], eax
lea eax, [ebp - 0x40]
mov dword [ebp - 0x70], edi
lea ebx, [ebp - 0x54]
mov dword [ebp - 0x78], eax

loc_fffb6a59:  ; not directly referenced
mov eax, dword [ebp - 0x70]
cmp dword [eax + 0x3756], 2
jne loc_fffb6bc1  ; jne 0xfffb6bc1
xor eax, eax

loc_fffb6a6b:  ; not directly referenced
imul edx, eax, 0x128
mov ecx, dword [ebp - 0x70]
cmp dword [ecx + edx + 0x48c9], 2
jne loc_fffb6b29  ; jne 0xfffb6b29
mov ecx, dword [ebp - 0x8c]
mov cl, byte [ecx + eax]
sub cl, byte [ebp - 0x74]
mov byte [ebp - 0x6c], cl
je loc_fffb6b29  ; je 0xfffb6b29
mov ecx, dword [ebp - 0x78]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x88]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x80]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x84]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl
mov ecx, dword [ebp - 0x7c]
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x90], ecx
mov cl, byte [ebp - 0x6c]
inc edx
sar edx, cl
mov ecx, dword [ebp - 0x90]
mov byte [ecx + eax], dl

loc_fffb6b29:  ; not directly referenced
inc eax
cmp eax, 2
jne loc_fffb6a6b  ; jne 0xfffb6a6b
mov eax, dword [ebp - 0x70]
cmp dword [eax + 0x3816], 1
ja short loc_fffb6b4b  ; ja 0xfffb6b4b
mov al, byte [ebx]
mov dl, byte [ebx + 1]
cmp dl, al
cmovae eax, edx
jmp short loc_fffb6b6a  ; jmp 0xfffb6b6a

loc_fffb6b4b:  ; not directly referenced
movzx edx, byte [ebx]
movzx eax, byte [ebx + 1]
cmp dl, al
je short loc_fffb6b71  ; je 0xfffb6b71
lea eax, [edx + eax + 1]
sar eax, 1
cmp al, 0xf7
ja short loc_fffb6b6e  ; ja 0xfffb6b6e
test al, 7
je short loc_fffb6b6a  ; je 0xfffb6b6a
and eax, 0xfffffff8
add eax, 8

loc_fffb6b6a:  ; not directly referenced
mov byte [ebx], al
jmp short loc_fffb6b71  ; jmp 0xfffb6b71

loc_fffb6b6e:  ; not directly referenced
mov byte [ebx], 0xf8

loc_fffb6b71:  ; not directly referenced
mov eax, dword [ebp - 0x78]
mov edx, esi
mov ecx, dword [eax]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x88]
lea edx, [esi + 4]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x80]
lea edx, [esi - 4]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x84]
lea edx, [esi - 8]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x7c]
lea edx, [esi - 0xc]
mov ecx, dword [eax]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb6bc1:  ; not directly referenced
add esi, 0x400
add ebx, 2
add dword [ebp - 0x70], 0x13c3
add dword [ebp - 0x78], 4
add dword [ebp - 0x88], 4
add dword [ebp - 0x80], 4
add dword [ebp - 0x84], 4
add dword [ebp - 0x7c], 4
add dword [ebp - 0x8c], 2
cmp esi, 0x4af8
jne loc_fffb6a59  ; jne 0xfffb6a59
mov eax, dword [ebp - 0xb8]
mov edx, 0x5888
mov al, byte [ebp - 0x54]
mov ebx, eax
mov al, byte [ebp - 0x52]
mov bh, al
mov eax, edi
mov ecx, ebx
call fcn_fffae58c  ; call 0xfffae58c
movzx ecx, byte [ebp - 0x74]
mov edx, 0x5884
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffb6c2c:  ; not directly referenced
cmp dword [edi + 0x188b], 1
jne loc_fffb6efc  ; jne 0xfffb6efc
movzx eax, byte [edi + 0x2420]
mov byte [ebp - 0x6c], al
test al, al
je loc_fffb6eb3  ; je 0xfffb6eb3
mov esi, dword [edi + 0x2443]
cmp al, 4
ja loc_fffb6ded  ; ja 0xfffb6ded
shl eax, 3
push edx
push eax
lea eax, [edi + 0x2421]
push eax
lea eax, [edi + 0x36a9]
push eax
call dword [esi + 0x58]  ; ucall
mov cl, byte [ebp - 0x6c]
mov eax, 1
add esp, 0x10
shl eax, cl
dec eax
mov byte [ebp - 0x70], al
xor eax, eax

loc_fffb6c82:  ; not directly referenced
and dword [edi + eax*8 + 0x36a9], 0xffffffc0
and dword [edi + eax*8 + 0x36ad], 0x7f
inc eax
cmp byte [ebp - 0x6c], al
ja short loc_fffb6c82  ; ja 0xfffb6c82
mov al, byte [ebp - 0x6c]
xor ecx, ecx
mov byte [ebp - 0x74], 0
dec eax
mov byte [ebp - 0x78], al

loc_fffb6ca5:  ; not directly referenced
cmp cl, byte [ebp - 0x78]
jae short loc_fffb6d06  ; jae 0xfffb6d06
lea eax, [ecx + 1]
mov byte [ebp - 0x7c], al

loc_fffb6cb0:  ; not directly referenced
cmp al, byte [ebp - 0x6c]
jae short loc_fffb6d00  ; jae 0xfffb6d00
lea esi, [ecx + 0x24a]
movzx ebx, al
mov edx, dword [edi + esi*8 + 0x2459]
add ebx, 0x24a
mov dword [ebp - 0x80], edx
mov edx, dword [edi + ebx*8 + 0x245d]
cmp dword [edi + esi*8 + 0x245d], edx
jne short loc_fffb6cfd  ; jne 0xfffb6cfd
mov esi, dword [ebp - 0x80]
cmp esi, dword [edi + ebx*8 + 0x2459]
jne short loc_fffb6cfd  ; jne 0xfffb6cfd
mov eax, 1
shl eax, cl
mov ecx, eax
not ecx
inc byte [ebp - 0x74]
and byte [ebp - 0x70], cl
jmp short loc_fffb6d00  ; jmp 0xfffb6d00

loc_fffb6cfd:  ; not directly referenced
inc eax
jmp short loc_fffb6cb0  ; jmp 0xfffb6cb0

loc_fffb6d00:  ; not directly referenced
movzx ecx, byte [ebp - 0x7c]
jmp short loc_fffb6ca5  ; jmp 0xfffb6ca5

loc_fffb6d06:  ; not directly referenced
xor ebx, ebx

loc_fffb6d08:  ; not directly referenced
movzx eax, byte [ebp - 0x70]
bt eax, ebx
jae short loc_fffb6d6a  ; jae 0xfffb6d6a
push esi
mov eax, dword [edi + 0x2443]
push 0x14
push dword [edi + ebx*8 + 0x36ad]
push dword [edi + ebx*8 + 0x36a9]
call dword [eax + 0x6c]  ; ucall
mov ecx, dword [edi + 0x370d]
add esp, 0x10
mov dword [ebp - 0x7c], ecx
mov esi, edx
mov edx, dword [edi + 0x36f0]
cmp esi, 0
ja short loc_fffb6d48  ; ja 0xfffb6d48
cmp eax, edx
jb short loc_fffb6d6a  ; jb 0xfffb6d6a

loc_fffb6d48:  ; not directly referenced
cmp esi, 0
ja short loc_fffb6d58  ; ja 0xfffb6d58
cmp eax, 0xfff
jbe loc_fffb6ebc  ; jbe 0xfffb6ebc

loc_fffb6d58:  ; not directly referenced
cmp esi, 0
ja loc_fffb6ebc  ; ja 0xfffb6ebc
cmp eax, dword [ebp - 0x7c]
jae loc_fffb6ebc  ; jae 0xfffb6ebc

loc_fffb6d6a:  ; not directly referenced
inc ebx
cmp byte [ebp - 0x6c], bl
ja short loc_fffb6d08  ; ja 0xfffb6d08
mov esi, dword [ebp - 0x74]
mov al, byte [ebp - 0x6c]
mov ebx, esi
sub eax, ebx
mov byte [edi + 0x36a8], al
test bl, bl
je loc_fffb6efc  ; je 0xfffb6efc
test al, al
je loc_fffb6efc  ; je 0xfffb6efc
xor eax, eax

loc_fffb6d92:  ; not directly referenced
mov dl, al
cmp al, byte [ebp - 0x78]
jae loc_fffb6efc  ; jae 0xfffb6efc
movzx esi, byte [ebp - 0x70]
bt esi, eax
jb short loc_fffb6dea  ; jb 0xfffb6dea

loc_fffb6da6:  ; not directly referenced
inc edx
cmp dl, byte [ebp - 0x6c]
jae short loc_fffb6dea  ; jae 0xfffb6dea
bt esi, edx
movzx ecx, dl
jae short loc_fffb6da6  ; jae 0xfffb6da6
mov esi, dword [edi + ecx*8 + 0x36ad]
mov edx, 1
mov ebx, dword [edi + ecx*8 + 0x36a9]
shl edx, cl
mov cl, al
not edx
mov dword [edi + eax*8 + 0x36ad], esi
mov esi, 1
shl esi, cl
mov ecx, esi
or byte [ebp - 0x70], cl
and byte [ebp - 0x70], dl
mov dword [edi + eax*8 + 0x36a9], ebx

loc_fffb6dea:  ; not directly referenced
inc eax
jmp short loc_fffb6d92  ; jmp 0xfffb6d92

loc_fffb6ded:  ; not directly referenced
mov al, byte [ebp - 0x6c]
mov bl, 4
sub eax, 4
cmp al, 4
cmovbe ebx, eax
mov eax, dword [edi + 0x370d]
xor edx, edx
mov byte [edi + 0x36a8], bl
push ecx
push 0x14
push edx
push eax
mov byte [ebp - 0x70], bl
call dword [esi + 0x68]  ; ucall
add eax, 0xffffffff
adc edx, 0xffffffff
add esp, 0xc
push 0x20
mov ebx, eax
push edx
and ebx, 0xffffffc0
push eax
mov dword [ebp - 0x74], ebx
call dword [esi + 0x6c]  ; ucall
add esp, 0x10
mov dword [ebp - 0x6c], 0
mov dword [ebp - 0x78], eax

loc_fffb6e38:  ; not directly referenced
mov ebx, dword [esi + 0x68]
call dword [esi + 0x7c]  ; ucall
and eax, dword [ebp - 0x78]
push edx
xor edx, edx
push 0x20
push edx
push eax
call ebx
mov ebx, eax
mov dword [ebp - 0x7c], edx
call dword [esi + 0x7c]  ; ucall
mov edx, dword [ebp - 0x7c]
add esp, 0xc
and eax, dword [ebp - 0x74]
mov dword [ebp - 0x9c], edx
or eax, ebx
mov dword [ebp - 0xa0], eax
mov eax, dword [edi + 0x2443]
push 0x14
push dword [ebp - 0x9c]
push dword [ebp - 0xa0]
call dword [eax + 0x6c]  ; ucall
mov ebx, dword [edi + 0x370d]
mov ecx, dword [edi + 0x36f0]
add esp, 0x10
mov dword [ebp - 0x7c], ebx
cmp edx, 0
ja short loc_fffb6e9b  ; ja 0xfffb6e9b
cmp eax, ecx
jb short loc_fffb6ed0  ; jb 0xfffb6ed0

loc_fffb6e9b:  ; not directly referenced
cmp edx, 0
ja short loc_fffb6ea7  ; ja 0xfffb6ea7
cmp eax, 0xfff
jbe short loc_fffb6e38  ; jbe 0xfffb6e38

loc_fffb6ea7:  ; not directly referenced
cmp edx, 0
ja short loc_fffb6e38  ; ja 0xfffb6e38
cmp eax, dword [ebp - 0x7c]
jb short loc_fffb6ed0  ; jb 0xfffb6ed0
jmp short loc_fffb6e38  ; jmp 0xfffb6e38

loc_fffb6eb3:  ; not directly referenced
mov byte [edi + 0x36a8], 0
jmp short loc_fffb6efc  ; jmp 0xfffb6efc

loc_fffb6ebc:  ; not directly referenced
mov eax, 0xfffffffe
mov cl, bl
rol eax, cl
inc byte [ebp - 0x74]
and byte [ebp - 0x70], al
jmp near loc_fffb6d6a  ; jmp 0xfffb6d6a

loc_fffb6ed0:  ; not directly referenced
mov ebx, dword [ebp - 0x6c]
mov eax, dword [ebp - 0xa0]
mov edx, dword [ebp - 0x9c]
inc dword [ebp - 0x6c]
mov dword [edi + ebx*8 + 0x36a9], eax
mov al, byte [ebp - 0x6c]
mov dword [edi + ebx*8 + 0x36ad], edx
cmp byte [ebp - 0x70], al
ja loc_fffb6e38  ; ja 0xfffb6e38

loc_fffb6efc:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb6f06:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffb6fca  ; je 0xfffb6fca
cmp ecx, 0xb
ja loc_fffb6fca  ; ja 0xfffb6fca
push eax
mov edx, ecx
push dword [ebp + 0x1c]
xor eax, eax
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffac5c7  ; call 0xfffac5c7
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js short loc_fffb6fca  ; js 0xfffb6fca
mov al, byte [ecx + ref_fffd5ac8]  ; mov al, byte [ecx - 0x2a538]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd5ad4]  ; movzx eax, byte [eax - 0x2a52c]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd5ad4]  ; movzx eax, byte [ecx - 0x2a52c]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffb6f7d:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffb6fc8  ; je 0xfffb6fc8
cmp dword [ebp - 0x1c], 0
jne short loc_fffb6f90  ; jne 0xfffb6f90
mov al, byte [ebx]
mov edx, esi
out dx, al
jmp short loc_fffb6fb7  ; jmp 0xfffb6fb7

loc_fffb6f90:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffb6fa4  ; jne 0xfffb6fa4
movzx eax, word [ebx]
push edx
push edx
push eax
push esi
call fcn_fffb3f28  ; call 0xfffb3f28
jmp short loc_fffb6fb4  ; jmp 0xfffb6fb4

loc_fffb6fa4:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffb6fb7  ; jne 0xfffb6fb7
push eax
push eax
push dword [ebx]
push esi
call fcn_fffaafda  ; call 0xfffaafda

loc_fffb6fb4:  ; not directly referenced
add esp, 0x10

loc_fffb6fb7:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffb6f7d  ; jmp 0xfffb6f7d

loc_fffb6fc8:  ; not directly referenced
xor eax, eax

loc_fffb6fca:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb6fd2:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffb7097  ; je 0xfffb7097
cmp ecx, 0xb
ja loc_fffb7097  ; ja 0xfffb7097
push eax
mov edx, ecx
push dword [ebp + 0x1c]
xor eax, eax
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffac5c7  ; call 0xfffac5c7
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js short loc_fffb7097  ; js 0xfffb7097
mov al, byte [ecx + ref_fffd5ac8]  ; mov al, byte [ecx - 0x2a538]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd5ad4]  ; movzx eax, byte [eax - 0x2a52c]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd5ad4]  ; movzx eax, byte [ecx - 0x2a52c]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffb7049:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffb7095  ; je 0xfffb7095
cmp dword [ebp - 0x1c], 0
jne short loc_fffb705c  ; jne 0xfffb705c
mov edx, esi
in al, dx
mov byte [ebx], al
jmp short loc_fffb7084  ; jmp 0xfffb7084

loc_fffb705c:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffb7070  ; jne 0xfffb7070
sub esp, 0xc
push esi
call fcn_fffb3f0f  ; call 0xfffb3f0f
mov word [ebx], ax
jmp short loc_fffb7081  ; jmp 0xfffb7081

loc_fffb7070:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffb7084  ; jne 0xfffb7084
sub esp, 0xc
push esi
call fcn_fffaafc2  ; call 0xfffaafc2
mov dword [ebx], eax

loc_fffb7081:  ; not directly referenced
add esp, 0x10

loc_fffb7084:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffb7049  ; jmp 0xfffb7049

loc_fffb7095:  ; not directly referenced
xor eax, eax

loc_fffb7097:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb709f:  ; not directly referenced
push ebp
mov ebp, esp
sub esp, 8
mov edx, dword [0xff7d77b0]
mov eax, dword [ebp + 0xc]
add eax, 3
and eax, 0xfffffffc
test edx, edx
jne short loc_fffb70c4  ; jne 0xfffb70c4
mov dword [0xff7d77ac], 0xff7d027c
jmp short loc_fffb70ea  ; jmp 0xfffb70ea

loc_fffb70c4:  ; not directly referenced
mov ecx, dword [0xff7d77ac]
cmp dword [ecx + edx], 0x900ddea1
je short loc_fffb70ea  ; je 0xfffb70ea
push eax
push 0x3d
push ref_fffd3fbc  ; push 0xfffd3fbc
push ref_fffd5fdd  ; push 0xfffd5fdd
call mrc_printk  ; call 0xfffb76e3
add esp, 0x10

loc_fffb70e8:  ; not directly referenced
jmp short loc_fffb70e8  ; jmp 0xfffb70e8

loc_fffb70ea:  ; not directly referenced
lea ecx, [eax + edx]
cmp ecx, 0x752c
jbe short loc_fffb710c  ; jbe 0xfffb710c
push eax
push 0x4b
push ref_fffd3fbc  ; push 0xfffd3fbc
push ref_fffd5ffd  ; push 0xfffd5ffd
call mrc_printk  ; call 0xfffb76e3
add esp, 0x10

loc_fffb710a:  ; not directly referenced
jmp short loc_fffb710a  ; jmp 0xfffb710a

loc_fffb710c:  ; not directly referenced
mov eax, dword [0xff7d77ac]
mov dword [0xff7d77b0], ecx
mov dword [eax + ecx], 0x900ddea1
mov ecx, dword [ebp + 0x10]
add edx, eax
xor eax, eax
mov dword [ecx], edx
leave
ret

fcn_fffb7129:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov dword [ebp - 0x30], edx
mov dword [ebp - 0x1c], 0
call fcn_fffb481e  ; call 0xfffb481e
mov dword [ebp - 0x2c], eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd664c  ; push 0xfffd664c
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [0xff7d0084]
mov esi, dword [eax + 0x14]
lea edi, [esi + 0xf80ac]
mov dword [esp], edi
call fcn_fffb3d4e  ; call 0xfffb3d4e
pop edx
pop ecx
and eax, 0xffebffff
push eax
push edi
call fcn_fffb3d84  ; call 0xfffb3d84
mov edx, 0xcf9
in al, dx
mov ecx, dword [ebp - 0x30]
mov bl, al
add esp, 0x10
and ebx, 0xfffffff1
cmp cl, 6
jne short loc_fffb71d7  ; jne 0xfffb71d7
sub esp, 0xc
add esi, 0xf8048
push esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
mov esi, eax
and esi, 0xfffffffe
cmp dword [ebp - 0x2c], 1
jne short loc_fffb71f2  ; jne 0xfffb71f2
push eax
push eax
push 0x40000000
push esi
call fcn_fffab629  ; call 0xfffab629
pop eax
pop edx
lea eax, [esi + 4]
push 0xbfffffff
push eax
call fcn_fffab64e  ; call 0xfffab64e
pop ecx
pop eax
lea eax, [esi + 0xc]
push 0xbfffffff
push eax
jmp short loc_fffb7223  ; jmp 0xfffb7223

loc_fffb71d7:  ; not directly referenced
cmp cl, 1
je short loc_fffb71ed  ; je 0xfffb71ed
cmp cl, 2
jne short loc_fffb7257  ; jne 0xfffb7257
mov eax, dword [ebp - 0x1c]
sub esp, 0xc
push 2
call dword [eax]  ; ucall
jmp short loc_fffb7251  ; jmp 0xfffb7251

loc_fffb71ed:  ; not directly referenced
or ebx, 6
jmp short loc_fffb7257  ; jmp 0xfffb7257

loc_fffb71f2:  ; not directly referenced
cmp dword [ebp - 0x2c], 2
jne short loc_fffb722b  ; jne 0xfffb722b
push eax
push eax
push 1
lea edx, [esi + 0x1f0]
push edx
mov dword [ebp - 0x2c], edx
call fcn_fffab629  ; call 0xfffab629
pop eax
pop edx
mov edx, dword [ebp - 0x2c]
push 0xfffffffffffffffb
push edx
call fcn_fffab64e  ; call 0xfffab64e
mov edx, dword [ebp - 0x2c]
pop ecx
pop eax
push 0x7fffffff
push edx

loc_fffb7223:  ; not directly referenced
call fcn_fffab64e  ; call 0xfffab64e
add esp, 0x10

loc_fffb722b:  ; not directly referenced
push eax
add esi, 0x60
push eax
push 0x40000000
push esi
call fcn_fffab629  ; call 0xfffab629
mov dword [esp], edi
call fcn_fffb3d4e  ; call 0xfffb3d4e
pop edx
pop ecx
or eax, 0x100000
push eax
push edi
call fcn_fffb3d84  ; call 0xfffb3d84

loc_fffb7251:  ; not directly referenced
or ebx, 0xe
add esp, 0x10

loc_fffb7257:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
call dword [eax + 0xc]  ; ucall
mov edx, 0xcf9
mov al, bl
out dx, al
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb726f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x20
mov edi, dword [ebp + 0x10]
mov esi, dword [ebp + 0xc]
push 0x3f
push edi
push esi
mov dword [ebp - 0x1c], edx
mov dword [ebp - 0x20], ecx
call dword [eax + 0x6c]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffb72d1  ; je 0xfffb72d1
mov eax, dword [ebp - 0x1c]
mov edx, esi
and edx, 0xffffffc0
and eax, 0xffffffc0
mov ecx, eax
mov eax, dword [ebp - 0x20]
and eax, 0x7f
mov dword [ebp - 0x1c], eax
mov eax, edi
and eax, 0x7f
cmp dword [ebp - 0x1c], eax
jne short loc_fffb72d1  ; jne 0xfffb72d1
cmp ecx, edx
jne short loc_fffb72d1  ; jne 0xfffb72d1
push eax
push 0x3e
push edi
push esi
call dword [ebx + 0x6c]  ; ucall
add esp, 0x10
and eax, 1
cmp dword [ebp + 8], eax
sete al
movzx eax, al
jmp short loc_fffb72d3  ; jmp 0xfffb72d3

loc_fffb72d1:  ; not directly referenced
xor eax, eax

loc_fffb72d3:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb72db:
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
mov ebx, edx
sub esp, 0x1c

loc_fffb72e8:
test ebx, ebx
jle short loc_fffb7315  ; jle 0xfffb7315
cmp ebx, 0x10
mov esi, 0x10
cmovle esi, ebx
push eax
push esi
push edi
push dword [ecx]
mov dword [ebp - 0x1c], ecx
call fcn_fffa5c2e  ; call 0xfffa5c2e
mov ecx, dword [ebp - 0x1c]
add esp, 0x10
mov dword [ecx], eax
test eax, eax
jne short loc_fffb7319  ; jne 0xfffb7319
or eax, 0xffffffff
jmp short loc_fffb731d  ; jmp 0xfffb731d

loc_fffb7315:
xor eax, eax
jmp short loc_fffb731d  ; jmp 0xfffb731d

loc_fffb7319:
sub ebx, esi
jmp short loc_fffb72e8  ; jmp 0xfffb72e8

loc_fffb731d:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7325:
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
mov esi, edx
push ebx
mov ebx, eax
sub esp, 0xc
test edx, edx
jne short loc_fffb734a  ; jne 0xfffb734a

loc_fffb7338:
test edi, edi
setne dl
cmp dword [ebp + 8], 0
setne al
test dl, al
je short loc_fffb7377  ; je 0xfffb7377
jmp short loc_fffb735f  ; jmp 0xfffb735f

loc_fffb734a:
mov ecx, eax
mov eax, ref_fffd5854  ; mov eax, 0xfffd5854
call fcn_fffb72db  ; call 0xfffb72db
test eax, eax
jns short loc_fffb7338  ; jns 0xfffb7338

loc_fffb735a:
or eax, 0xffffffff
jmp short loc_fffb73d5  ; jmp 0xfffb73d5

loc_fffb735f:
push edx
push dword [ebp + 8]
push edi
push dword [ebx]
call fcn_fffa5c2e  ; call 0xfffa5c2e
add esp, 0x10
mov dword [ebx], eax
test eax, eax
je short loc_fffb735a  ; je 0xfffb735a
add esi, dword [ebp + 8]

loc_fffb7377:
cmp dword [ebp + 0xc], 0
jne short loc_fffb7388  ; jne 0xfffb7388

loc_fffb737d:
add esi, dword [ebp + 0xc]
cmp dword [ebp + 0x14], 0
je short loc_fffb73b4  ; je 0xfffb73b4
jmp short loc_fffb739d  ; jmp 0xfffb739d

loc_fffb7388:
mov edx, dword [ebp + 0xc]
mov ecx, ebx
mov eax, ref_fffd5840  ; mov eax, 0xfffd5840
call fcn_fffb72db  ; call 0xfffb72db
test eax, eax
jns short loc_fffb737d  ; jns 0xfffb737d
jmp short loc_fffb735a  ; jmp 0xfffb735a

loc_fffb739d:
push eax
push dword [ebp + 0x14]
push dword [ebp + 0x10]
push dword [ebx]
call fcn_fffa5c2e  ; call 0xfffa5c2e
add esp, 0x10
mov dword [ebx], eax
test eax, eax
je short loc_fffb735a  ; je 0xfffb735a

loc_fffb73b4:
add esi, dword [ebp + 0x14]
cmp dword [ebp + 0x18], 0
je short loc_fffb73d0  ; je 0xfffb73d0
mov edx, dword [ebp + 0x18]
mov ecx, ebx
mov eax, ref_fffd5854  ; mov eax, 0xfffd5854
call fcn_fffb72db  ; call 0xfffb72db
test eax, eax
js short loc_fffb735a  ; js 0xfffb735a

loc_fffb73d0:
mov eax, dword [ebp + 0x18]
add eax, esi

loc_fffb73d5:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb73dd:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 8]
push edi
push esi
push ebx
mov esi, eax
mov word [edx + 0x2467], ax
mov edx, 0x80
out dx, ax
mov edi, 0x48
mov ebx, 0x74

loc_fffb7403:  ; not directly referenced
mov eax, edi
mov edx, ebx
out dx, al
mov edx, 0x75
in al, dx
movzx ecx, al
mov edx, ebx
mov al, 0x49
out dx, al
mov edx, 0x75
in al, dx
shl eax, 8
or eax, ecx
cmp si, ax
je short loc_fffb7403  ; je 0xfffb7403
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb742b:
mov ecx, 0xce
rdmsr
movzx ecx, ah
xor edx, edx
imul ecx, ecx, 0x186a0
xor eax, eax
test ecx, ecx
je short loc_fffb7457  ; je 0xfffb7457
push ebp
mov ebp, esp
sub esp, 0xc
rdtsc
push ecx
push edx
push eax
call fcn_fffd289e  ; call 0xfffd289e
add esp, 0x10
leave

loc_fffb7457:
ret

fcn_fffb7458:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov esi, dword [ebx + 0x2443]
mov edi, dword [ebx + 0x18c1]
push 0xe4
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
add edi, eax
mov dword [esp], edi
add edi, 4
call dword [esi + 0x20]  ; ucall
mov dword [esp], edi
mov dword [ebp - 0x2c], eax
call dword [esi + 0x20]  ; ucall
add esp, 0x10
mov edx, dword [ebp - 0x2c]
cmp eax, dword [ebx + 0x14]
jne short loc_fffb74a2  ; jne 0xfffb74a2
cmp edx, dword [ebx + 0x10]
je short loc_fffb74ac  ; je 0xfffb74ac

loc_fffb74a2:
mov eax, 0x18
jmp near loc_fffb7571  ; jmp 0xfffb7571

loc_fffb74ac:
lea eax, [ebx + 0x1165]
xor esi, esi
mov dword [ebp - 0x30], eax

loc_fffb74b7:
lea eax, [ebx + esi + 0x196b]
xor edi, edi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp - 0x30]
mov dword [ebp - 0x2c], eax
lea eax, [esi + 0x1afb]
mov dword [ebp - 0x38], eax

loc_fffb74d2:
mov eax, dword [ebp - 0x34]
cmp dword [eax + edi + 8], 1
jne short loc_fffb74e4  ; jne 0xfffb74e4
mov word [ebp - 0x1a], 0
jmp short loc_fffb752a  ; jmp 0xfffb752a

loc_fffb74e4:
lea eax, [ebx + edi]
mov al, byte [esi + eax + 0x19bd]
cmp al, 0xf1
sete cl
cmp al, 0xb
sete dl
or cl, dl
je short loc_fffb750c  ; je 0xfffb750c
lea eax, [edi + esi + 0x1a30]
mov edx, 0xb
add eax, ebx
jmp short loc_fffb7522  ; jmp 0xfffb7522

loc_fffb750c:
cmp al, 0xc
jne short loc_fffb751e  ; jne 0xfffb751e
mov eax, dword [ebp - 0x38]
mov edx, 9
add eax, edi
add eax, ebx
jmp short loc_fffb7522  ; jmp 0xfffb7522

loc_fffb751e:
xor edx, edx
xor eax, eax

loc_fffb7522:
lea ecx, [ebp - 0x1a]
call fcn_fffaf03f  ; call 0xfffaf03f

loc_fffb752a:
mov eax, dword [ebp - 0x2c]
mov ax, word [eax]
cmp word [ebp - 0x1a], ax
jne loc_fffb74a2  ; jne 0xfffb74a2
add edi, 0x277
add dword [ebp - 0x2c], 0x128
cmp edi, 0x4ee
jne short loc_fffb74d2  ; jne 0xfffb74d2
add esi, 0x54a
add dword [ebp - 0x30], 0x433
cmp esi, 0xa94
jne loc_fffb74b7  ; jne 0xfffb74b7
mov byte [ebx + 0x247b], 1
xor eax, eax

loc_fffb7571:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7579:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x34
mov edi, dword [ebp + 0x10]
mov edx, dword [ebp + 0xc]
lea eax, [ebp - 0x1c]
push eax
mov ebx, dword [ebp + 0x14]
movzx esi, di
lea eax, [esi + 0xc]
push eax
mov dword [ebp - 0x2c], edx
call fcn_fffab60f  ; call 0xfffab60f
add esp, 0x10
mov edx, dword [ebp - 0x2c]
test eax, eax
jns short loc_fffb75af  ; jns 0xfffb75af
mov dword [ebp - 0x1c], 0

loc_fffb75af:
mov eax, dword [ebp - 0x1c]
test eax, eax
je short loc_fffb75f3  ; je 0xfffb75f3
lea ecx, [eax + 4]
mov dword [ebx], ecx
mov word [eax + 4], dx
mov edx, dword [ebx]
mov word [edx + 2], di
mov edx, dword [ebx]
mov dword [edx + 4], 0
add esi, dword [ebx]
mov word [esi], 0xffff
mov word [esi + 2], 8
mov dword [esi + 4], 0
mov edx, dword [0xff7d0270]
mov dword [eax], edx
mov dword [0xff7d0270], eax
xor eax, eax
jmp short loc_fffb75f8  ; jmp 0xfffb75f8

loc_fffb75f3:
mov eax, 0x80000009

loc_fffb75f8:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb7600:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffb76db  ; je 0xfffb76db
cmp ecx, 0xb
ja loc_fffb76db  ; ja 0xfffb76db
push eax
mov edx, ecx
push dword [ebp + 0x1c]
mov eax, 1
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffac5c7  ; call 0xfffac5c7
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js loc_fffb76db  ; js 0xfffb76db
mov al, byte [ecx + ref_fffd5ac8]  ; mov al, byte [ecx - 0x2a538]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd5ad4]  ; movzx eax, byte [eax - 0x2a52c]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd5ad4]  ; movzx eax, byte [ecx - 0x2a52c]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffb767e:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffb76d9  ; je 0xfffb76d9
cmp dword [ebp - 0x1c], 0
jne short loc_fffb7690  ; jne 0xfffb7690
mov al, byte [esi]
mov byte [ebx], al
jmp short loc_fffb76c8  ; jmp 0xfffb76c8

loc_fffb7690:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffb76a4  ; jne 0xfffb76a4
sub esp, 0xc
push esi
call fcn_fffb3d06  ; call 0xfffb3d06
mov word [ebx], ax
jmp short loc_fffb76c5  ; jmp 0xfffb76c5

loc_fffb76a4:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffb76b7  ; jne 0xfffb76b7
sub esp, 0xc
push esi
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [ebx], eax
jmp short loc_fffb76c5  ; jmp 0xfffb76c5

loc_fffb76b7:  ; not directly referenced
sub esp, 0xc
push esi
call fcn_fffb3dc0  ; call 0xfffb3dc0
mov dword [ebx], eax
mov dword [ebx + 4], edx

loc_fffb76c5:  ; not directly referenced
add esp, 0x10

loc_fffb76c8:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffb767e  ; jmp 0xfffb767e

loc_fffb76d9:  ; not directly referenced
xor eax, eax

loc_fffb76db:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

mrc_printk_:
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xfc
mov ecx, dword [ebp + 8]
lea ebx, [ebp + 0xc]
mov dword [ebp - 0xa8], ebx
mov dword [ebp - 0xa4], 0
test ecx, ecx
je short loc_fffb7757  ; je 0xfffb7757
mov dword [ebp - 0xf8], 0
mov dword [ebp - 0xe4], 0
jmp short loc_fffb776c  ; jmp 0xfffb776c

loc_fffb771f:
cmp dl, 0x2a
jne loc_fffb77c0  ; jne 0xfffb77c0
mov ecx, dword [ebx]
lea eax, [ebx + 4]
mov dword [ebp - 0xe0], ecx
test ecx, ecx
jns short loc_fffb7744  ; jns 0xfffb7744
neg dword [ebp - 0xe0]
or dword [ebp - 0xc4], 4

loc_fffb7744:
inc edi
mov ebx, eax

loc_fffb7747:
cmp dword [ebp - 0xe0], 0x1f4
jle loc_fffb7818  ; jle 0xfffb7818

loc_fffb7757:
or eax, 0xffffffff
jmp near loc_fffb82b2  ; jmp 0xfffb82b2

loc_fffb775f:
mov edi, esi
sub edi, ecx
jne short loc_fffb778a  ; jne 0xfffb778a

loc_fffb7765:
cmp byte [esi], 0
jne short loc_fffb77ad  ; jne 0xfffb77ad
mov ecx, esi

loc_fffb776c:
cmp byte [ecx], 0
je loc_fffb8277  ; je 0xfffb8277
mov esi, ecx

loc_fffb7777:
mov al, byte [esi]
cmp al, 0x25
setne dl
test al, al
setne al
test dl, al
je short loc_fffb775f  ; je 0xfffb775f
inc esi
jmp short loc_fffb7777  ; jmp 0xfffb7777

loc_fffb778a:
push eax
push edi
push ecx
push dword [ebp - 0xa4]
call fcn_fffa5c2e  ; call 0xfffa5c2e
add esp, 0x10
mov dword [ebp - 0xa4], eax
test eax, eax
je short loc_fffb7757  ; je 0xfffb7757
add dword [ebp - 0xe4], edi
jmp short loc_fffb7765  ; jmp 0xfffb7765

loc_fffb77ad:
lea edi, [esi + 1]
mov dword [ebp - 0xc4], 0

loc_fffb77ba:
mov dl, byte [edi]
test dl, dl
jne short loc_fffb77cc  ; jne 0xfffb77cc

loc_fffb77c0:
mov dword [ebp - 0xe0], 0
jmp short loc_fffb7808  ; jmp 0xfffb7808

loc_fffb77cc:
mov eax, ref_fffd58b0  ; mov eax, 0xfffd58b0

loc_fffb77d1:
mov cl, byte [eax]
cmp cl, dl
je loc_fffb827f  ; je 0xfffb827f
test cl, cl
je loc_fffb771f  ; je 0xfffb771f
inc eax
jmp short loc_fffb77d1  ; jmp 0xfffb77d1

loc_fffb77e6:
cmp dword [ebp - 0xe0], 0x1f3
jg loc_fffb7747  ; jg 0xfffb7747
imul edx, dword [ebp - 0xe0], 0xa
inc edi
lea eax, [edx + eax - 0x30]
mov dword [ebp - 0xe0], eax

loc_fffb7808:
movsx eax, byte [edi]
lea edx, [eax - 0x30]
cmp dl, 9
jbe short loc_fffb77e6  ; jbe 0xfffb77e6
jmp near loc_fffb7747  ; jmp 0xfffb7747

loc_fffb7818:
cmp byte [edi], 0x2e
mov dword [ebp - 0xd0], 0xffffffff
jne short loc_fffb7891  ; jne 0xfffb7891
cmp byte [edi + 1], 0x2a
je short loc_fffb783a  ; je 0xfffb783a
inc edi
mov dword [ebp - 0xd0], 0
jmp short loc_fffb7876  ; jmp 0xfffb7876

loc_fffb783a:
mov ecx, dword [ebx]
lea eax, [ebx + 4]
mov dword [ebp - 0xd0], ecx
cmp ecx, 0x1f4
jg loc_fffb7757  ; jg 0xfffb7757
add edi, 2
mov ebx, eax
jmp short loc_fffb7891  ; jmp 0xfffb7891

loc_fffb7858:
cmp dword [ebp - 0xd0], 0x1f3
jg short loc_fffb7881  ; jg 0xfffb7881
imul edx, dword [ebp - 0xd0], 0xa
inc edi
lea eax, [edx + eax - 0x30]
mov dword [ebp - 0xd0], eax

loc_fffb7876:
movsx eax, byte [edi]
lea edx, [eax - 0x30]
cmp dl, 9
jbe short loc_fffb7858  ; jbe 0xfffb7858

loc_fffb7881:
cmp dword [ebp - 0xd0], 0x1f4
jg loc_fffb7757  ; jg 0xfffb7757

loc_fffb7891:
cmp byte [edi], 0x3a
mov dword [ebp - 0xc0], 0
jne short loc_fffb7903  ; jne 0xfffb7903
cmp byte [edi + 1], 0x2a
jne short loc_fffb78ea  ; jne 0xfffb78ea
mov esi, dword [ebx]
lea eax, [ebx + 4]
mov dword [ebp - 0xc0], esi
test esi, esi
js short loc_fffb78bf  ; js 0xfffb78bf
cmp esi, 0x24
jle short loc_fffb78c9  ; jle 0xfffb78c9
jmp near loc_fffb7757  ; jmp 0xfffb7757

loc_fffb78bf:
mov dword [ebp - 0xc0], 0

loc_fffb78c9:
add edi, 2
mov ebx, eax
jmp short loc_fffb7903  ; jmp 0xfffb7903

loc_fffb78d0:
cmp dword [ebp - 0xc0], 0x23
jg short loc_fffb78f6  ; jg 0xfffb78f6
imul ecx, dword [ebp - 0xc0], 0xa
lea eax, [ecx + eax - 0x30]
mov dword [ebp - 0xc0], eax

loc_fffb78ea:
inc edi
movsx eax, byte [edi]
lea edx, [eax - 0x30]
cmp dl, 9
jbe short loc_fffb78d0  ; jbe 0xfffb78d0

loc_fffb78f6:
cmp dword [ebp - 0xc0], 0x24
jg loc_fffb7757  ; jg 0xfffb7757

loc_fffb7903:
cmp byte [edi], 0x5b
mov dword [ebp - 0xd8], 0
jne short loc_fffb793b  ; jne 0xfffb793b
lea eax, [edi + 1]
not edi
mov dword [ebp - 0xf8], eax

loc_fffb791d:
mov dl, byte [eax]
lea esi, [edi + eax]
mov dword [ebp - 0xd8], esi
mov esi, eax
test dl, dl
je loc_fffb7757  ; je 0xfffb7757
inc eax
cmp dl, 0x5d
jne short loc_fffb791d  ; jne 0xfffb791d
lea edi, [esi + 1]

loc_fffb793b:
mov al, byte [edi]
mov esi, ref_fffd6023  ; mov esi, 0xfffd6023
test al, al
je short loc_fffb7973  ; je 0xfffb7973

loc_fffb7946:
mov dl, byte [esi]
cmp dl, al
je short loc_fffb7957  ; je 0xfffb7957
test dl, dl
je short loc_fffb7953  ; je 0xfffb7953
inc esi
jmp short loc_fffb7946  ; jmp 0xfffb7946

loc_fffb7953:
xor eax, eax
jmp short loc_fffb7973  ; jmp 0xfffb7973

loc_fffb7957:
mov dl, byte [edi + 1]
lea esi, [edi + 1]
test dl, dl
je loc_fffb8297  ; je 0xfffb8297
cmp dl, al
jne loc_fffb8297  ; jne 0xfffb8297
or eax, 1
add edi, 2

loc_fffb7973:
mov dl, byte [edi]
test dl, dl
jne short loc_fffb7983  ; jne 0xfffb7983
mov ecx, dword [ebx]
add ebx, 4
jmp near loc_fffb776c  ; jmp 0xfffb776c

loc_fffb7983:
mov byte [ebp - 0xc8], 0
cmp dl, 0x43
jne short loc_fffb79a5  ; jne 0xfffb79a5
mov cl, byte [edi + 1]
lea esi, [edi + 1]
mov byte [ebp - 0xc8], cl
test cl, cl
je loc_fffb7757  ; je 0xfffb7757
mov edi, esi

loc_fffb79a5:
mov byte [ebp - 0xab], dl
cmp dl, 0x6e
jne short loc_fffb7a06  ; jne 0xfffb7a06
mov edx, dword [ebx]
test edx, edx
je loc_fffb82ab  ; je 0xfffb82ab
cmp al, 0x68
jne short loc_fffb79cc  ; jne 0xfffb79cc
mov eax, dword [ebp - 0xe4]
mov word [edx], ax
jmp near loc_fffb82ab  ; jmp 0xfffb82ab

loc_fffb79cc:
cmp al, 0x69
jne short loc_fffb79dd  ; jne 0xfffb79dd
mov al, byte [ebp - 0xe4]
mov byte [edx], al
jmp near loc_fffb82ab  ; jmp 0xfffb82ab

loc_fffb79dd:
cmp al, 0x6c
je short loc_fffb79f9  ; je 0xfffb79f9
cmp al, 0x6a
jne short loc_fffb79f9  ; jne 0xfffb79f9
mov eax, dword [ebp - 0xe4]
mov dword [edx + 4], 0
mov dword [edx], eax
jmp near loc_fffb82ab  ; jmp 0xfffb82ab

loc_fffb79f9:
mov eax, dword [ebp - 0xe4]
mov dword [edx], eax
jmp near loc_fffb82ab  ; jmp 0xfffb82ab

loc_fffb7a06:
cmp dl, 0x25
jne short loc_fffb7a34  ; jne 0xfffb7a34
sub esp, 0xc
xor ecx, ecx
push 0
xor edx, edx
push 1
lea eax, [ebp - 0xab]
push eax
push 0
push 0
lea eax, [ebp - 0xa4]
call fcn_fffb7325  ; call 0xfffb7325
add esp, 0x20
jmp near loc_fffb8261  ; jmp 0xfffb8261

loc_fffb7a34:
mov esi, edx
and esi, 0xffffffdf
mov ecx, esi
cmp cl, 0x43
jne short loc_fffb7ab9  ; jne 0xfffb7ab9
cmp dl, 0x63
jne short loc_fffb7a52  ; jne 0xfffb7a52
mov eax, dword [ebx]
add ebx, 4
mov byte [ebp - 0x9a], al
jmp short loc_fffb7a5e  ; jmp 0xfffb7a5e

loc_fffb7a52:
mov al, byte [ebp - 0xc8]
mov byte [ebp - 0x9a], al

loc_fffb7a5e:
mov esi, dword [ebp - 0xd0]
mov eax, 1
test esi, esi
cmovs esi, eax
test esi, esi
cmovg eax, esi
xor esi, esi
mov dword [ebp - 0xc0], eax

loc_fffb7a7b:
sub esp, 0xc
xor ecx, ecx
push 0
xor edx, edx
push 1
lea eax, [ebp - 0x9a]
push eax
push 0
push 0
lea eax, [ebp - 0xa4]
call fcn_fffb7325  ; call 0xfffb7325
add esp, 0x20
cmp eax, 0xffffffff
je loc_fffb7757  ; je 0xfffb7757
add esi, eax
dec dword [ebp - 0xc0]
jne short loc_fffb7a7b  ; jne 0xfffb7a7b
mov eax, esi
jmp near loc_fffb8261  ; jmp 0xfffb8261

loc_fffb7ab9:
cmp dl, 0x73
jne loc_fffb7b51  ; jne 0xfffb7b51
lea eax, [ebx + 4]
mov edx, ref_fffd602a  ; mov edx, 0xfffd602a
mov dword [ebp - 0xc0], eax
mov eax, dword [ebx]
test eax, eax
cmove eax, edx
mov ecx, eax

loc_fffb7ad9:
cmp byte [ecx], 0
je short loc_fffb7ae1  ; je 0xfffb7ae1
inc ecx
jmp short loc_fffb7ad9  ; jmp 0xfffb7ad9

loc_fffb7ae1:
mov ebx, dword [ebp - 0xd0]
sub ecx, eax
test ebx, ebx
js short loc_fffb7af2  ; js 0xfffb7af2
cmp ecx, ebx
cmovg ecx, ebx

loc_fffb7af2:
mov esi, dword [ebp - 0xe0]
xor edx, edx
mov ebx, esi
sub ebx, ecx
cmp ecx, esi
mov esi, dword [ebp - 0xc4]
cmovl edx, ebx
xor ebx, ebx
and esi, 4
je short loc_fffb7b14  ; je 0xfffb7b14
mov ebx, edx
xor edx, edx

loc_fffb7b14:
test byte [ebp - 0xc4], 0x40
je short loc_fffb7b2c  ; je 0xfffb7b2c
add ebx, edx
xor edx, edx
test esi, esi
sete dl
add edx, ebx
sar edx, 1
sub ebx, edx

loc_fffb7b2c:
sub esp, 0xc
push ebx
push ecx
xor ecx, ecx
push eax
push 0
push 0
lea eax, [ebp - 0xa4]
call fcn_fffb7325  ; call 0xfffb7325
add esp, 0x20
mov ebx, dword [ebp - 0xc0]
jmp near loc_fffb8261  ; jmp 0xfffb8261

loc_fffb7b51:
cmp dl, 0x70
jne short loc_fffb7b7d  ; jne 0xfffb7b7d
mov byte [ebp - 0xab], 0x58
xor eax, eax
mov dword [ebp - 0xd0], 8
mov dword [ebp - 0xe0], 8
mov dword [ebp - 0xc4], 0x28

loc_fffb7b7d:
mov dl, byte [ebp - 0xab]
cmp dl, 0x69
sete cl
cmp dl, 0x64
mov byte [ebp - 0xd4], dl
sete dl
or dl, cl
mov byte [ebp - 0xe8], cl
jne short loc_fffb7baa  ; jne 0xfffb7baa
xor esi, esi
cmp byte [ebp - 0xd4], 0x49
jne short loc_fffb7bd9  ; jne 0xfffb7bd9

loc_fffb7baa:
mov dl, byte [ebp - 0xd4]
mov esi, 0xa
and dword [ebp - 0xc4], 0xfffffff7
or dword [ebp - 0xc4], 0x80
and edx, 0xffffffdf
cmp dl, 0x49
jne short loc_fffb7bd9  ; jne 0xfffb7bd9
mov ecx, dword [ebp - 0xc0]
test ecx, ecx
cmovne esi, ecx

loc_fffb7bd9:
mov dl, byte [ebp - 0xd4]
and edx, 0xffffffdf
cmp dl, 0x58
sete cl
test cl, cl
mov byte [ebp - 0xcc], cl
mov ecx, 0x10
cmovne esi, ecx
cmp dl, 0x55
jne short loc_fffb7c0d  ; jne 0xfffb7c0d
mov ecx, dword [ebp - 0xc0]
mov esi, 0xa
test ecx, ecx
cmovne esi, ecx

loc_fffb7c0d:
mov cl, byte [ebp - 0xd4]
cmp cl, 0x6f
je short loc_fffb7c27  ; je 0xfffb7c27
cmp cl, 0x62
je short loc_fffb7c2e  ; je 0xfffb7c2e
cmp esi, 1
ja short loc_fffb7c33  ; ja 0xfffb7c33
jmp near loc_fffb7757  ; jmp 0xfffb7757

loc_fffb7c27:
mov esi, 8
jmp short loc_fffb7c33  ; jmp 0xfffb7c33

loc_fffb7c2e:
mov esi, 2

loc_fffb7c33:
test byte [ebp - 0xc4], 0x80
je loc_fffb7cf8  ; je 0xfffb7cf8
cmp al, 0x6c
jne short loc_fffb7c49  ; jne 0xfffb7c49
lea eax, [ebx + 4]
jmp short loc_fffb7c50  ; jmp 0xfffb7c50

loc_fffb7c49:
cmp al, 0x6a
jne short loc_fffb7c5a  ; jne 0xfffb7c5a
lea eax, [ebx + 8]

loc_fffb7c50:
mov dword [ebp - 0xc8], eax

loc_fffb7c56:
mov edx, dword [ebx]
jmp short loc_fffb7c7e  ; jmp 0xfffb7c7e

loc_fffb7c5a:
lea edx, [ebx + 4]
cmp al, 0x7a
mov dword [ebp - 0xc8], edx
je short loc_fffb7c56  ; je 0xfffb7c56
mov edx, dword [ebx]
cmp al, 0x74
je short loc_fffb7c7e  ; je 0xfffb7c7e
cmp al, 0x68
jne short loc_fffb7c76  ; jne 0xfffb7c76
movsx edx, dx
jmp short loc_fffb7c7e  ; jmp 0xfffb7c7e

loc_fffb7c76:
movsx ecx, dl
cmp al, 0x69
cmove edx, ecx

loc_fffb7c7e:
mov ecx, edx
sar ecx, 0x1f
mov eax, ecx
xor eax, edx
sub eax, ecx
mov dword [ebp - 0xc0], eax
sar eax, 0x1f
mov dword [ebp - 0xbc], eax
test edx, edx
jns short loc_fffb7ca5  ; jns 0xfffb7ca5
mov byte [ebp - 0xaa], 0x2d
jmp short loc_fffb7ccb  ; jmp 0xfffb7ccb

loc_fffb7ca5:
test byte [ebp - 0xc4], 2
je short loc_fffb7cb7  ; je 0xfffb7cb7
mov byte [ebp - 0xaa], 0x2b
jmp short loc_fffb7ccb  ; jmp 0xfffb7ccb

loc_fffb7cb7:
mov eax, dword [ebp - 0xc4]
and eax, 1
neg eax
and eax, 0x20
mov byte [ebp - 0xaa], al

loc_fffb7ccb:
cmp byte [ebp - 0xaa], 0
mov dword [ebp - 0xdc], 0
je loc_fffb7d9c  ; je 0xfffb7d9c
or dword [ebp - 0xc4], 8
mov dword [ebp - 0xdc], 1
jmp near loc_fffb7d9c  ; jmp 0xfffb7d9c

loc_fffb7cf8:
cmp al, 0x6c
jne short loc_fffb7d0b  ; jne 0xfffb7d0b
lea eax, [ebx + 4]
xor edx, edx
mov dword [ebp - 0xc8], eax
mov eax, dword [ebx]
jmp short loc_fffb7d1d  ; jmp 0xfffb7d1d

loc_fffb7d0b:
cmp al, 0x6a
jne short loc_fffb7d2b  ; jne 0xfffb7d2b
lea eax, [ebx + 8]
mov edx, dword [ebx + 4]
mov dword [ebp - 0xc8], eax
mov eax, dword [ebx]

loc_fffb7d1d:
mov dword [ebp - 0xc0], eax
mov dword [ebp - 0xbc], edx
jmp short loc_fffb7d8b  ; jmp 0xfffb7d8b

loc_fffb7d2b:
lea edx, [ebx + 4]
cmp al, 0x7a
mov dword [ebp - 0xc8], edx
je short loc_fffb7d3c  ; je 0xfffb7d3c
cmp al, 0x74
jne short loc_fffb7d4f  ; jne 0xfffb7d4f

loc_fffb7d3c:
mov eax, dword [ebx]
mov dword [ebp - 0xc0], eax
sar eax, 0x1f
mov dword [ebp - 0xbc], eax
jmp short loc_fffb7d8b  ; jmp 0xfffb7d8b

loc_fffb7d4f:
mov edx, dword [ebx]
mov dword [ebp - 0xbc], 0
mov dword [ebp - 0xc0], edx
cmp al, 0x68
jne short loc_fffb7d70  ; jne 0xfffb7d70
movzx edx, dx
mov dword [ebp - 0xc0], edx
jmp short loc_fffb7d81  ; jmp 0xfffb7d81

loc_fffb7d70:
cmp al, 0x69
jne short loc_fffb7d8b  ; jne 0xfffb7d8b
movzx eax, byte [ebp - 0xc0]
mov dword [ebp - 0xc0], eax

loc_fffb7d81:
mov dword [ebp - 0xbc], 0

loc_fffb7d8b:
mov byte [ebp - 0xaa], 0x30
mov dword [ebp - 0xdc], 0

loc_fffb7d9c:
mov eax, dword [ebp - 0xc0]
mov edx, dword [ebp - 0xbc]
mov ebx, eax
or ebx, edx
setne al
cmp byte [ebp - 0xd4], 0x6f
sete dl
test al, dl
mov edx, 1
cmove edx, dword [ebp - 0xdc]
cmp byte [ebp - 0xcc], 0
mov dword [ebp - 0xdc], edx
jne short loc_fffb7ddf  ; jne 0xfffb7ddf
cmp byte [ebp - 0xd4], 0x62
jne short loc_fffb7e0d  ; jne 0xfffb7e0d

loc_fffb7ddf:
test byte [ebp - 0xc4], 0x20
jne short loc_fffb7df4  ; jne 0xfffb7df4
test al, al
je short loc_fffb7e0d  ; je 0xfffb7e0d
mov al, byte [ebp - 0xd4]
jmp short loc_fffb7dfd  ; jmp 0xfffb7dfd

loc_fffb7df4:
mov al, byte [ebp - 0xd4]
or eax, 0x20

loc_fffb7dfd:
mov byte [ebp - 0xa9], al
mov dword [ebp - 0xdc], 2

loc_fffb7e0d:
test byte [ebp - 0xc4], 8
je short loc_fffb7e24  ; je 0xfffb7e24
lea eax, [ebp - 0xaa]
mov dword [ebp - 0xf4], eax
jmp short loc_fffb7e38  ; jmp 0xfffb7e38

loc_fffb7e24:
mov dword [ebp - 0xf4], 0
mov dword [ebp - 0xdc], 0

loc_fffb7e38:
cmp esi, 0xa
jne short loc_fffb7ea3  ; jne 0xfffb7ea3
mov dword [ebp - 0xcc], 0
lea ebx, [ebp - 0xa0]

loc_fffb7e4d:
mov edx, dword [ebp - 0xbc]
mov eax, dword [ebp - 0xc0]
mov esi, edx
or esi, eax
je loc_fffb7ff0  ; je 0xfffb7ff0
push ebx
push 0xa
push dword [ebp - 0xbc]
push dword [ebp - 0xc0]
call fcn_fffd28b3  ; call 0xfffd28b3
mov esi, dword [ebp - 0xa0]
add esp, 0x10
inc dword [ebp - 0xcc]
mov dword [ebp - 0xc0], eax
mov eax, dword [ebp - 0xcc]
mov dword [ebp - 0xbc], edx
lea edx, [esi + 0x30]
neg eax
mov byte [eax + ebp - 0x18], dl
jmp short loc_fffb7e4d  ; jmp 0xfffb7e4d

loc_fffb7ea3:
cmp byte [ebp - 0xd4], 0x75
sete byte [ebp - 0xec]
cmp esi, 8
sete dl
cmp esi, 2
sete al
or al, dl
jne short loc_fffb7ee1  ; jne 0xfffb7ee1
cmp esi, 0x10
je short loc_fffb7ee1  ; je 0xfffb7ee1
mov bl, byte [ebp - 0xec]
mov dword [ebp - 0xcc], 0
or ebx, dword [ebp - 0xe8]
jmp near loc_fffb7f83  ; jmp 0xfffb7f83

loc_fffb7ee1:
lea eax, [esi - 1]
cmp esi, 0x10
je short loc_fffb7ef6  ; je 0xfffb7ef6
cmp dl, 1
sbb ecx, ecx
and ecx, 0xfffffffe
add ecx, 3
jmp short loc_fffb7efb  ; jmp 0xfffb7efb

loc_fffb7ef6:
mov ecx, 4

loc_fffb7efb:
mov dword [ebp - 0xcc], 0

loc_fffb7f05:
mov esi, dword [ebp - 0xbc]
mov ebx, dword [ebp - 0xc0]
mov edx, esi
or edx, ebx
je loc_fffb7ff0  ; je 0xfffb7ff0
mov edx, dword [ebp - 0xc0]
and edx, eax
cmp byte [ebp - 0xd4], 0x78
mov bl, byte [edx + ref_fffd5868]  ; mov bl, byte [edx - 0x2a798]
sete dl
or dl, byte [ebp - 0xe8]
jne short loc_fffb7f44  ; jne 0xfffb7f44
cmp byte [ebp - 0xec], 0
je short loc_fffb7f47  ; je 0xfffb7f47

loc_fffb7f44:
or ebx, 0x20

loc_fffb7f47:
inc dword [ebp - 0xcc]
mov edx, dword [ebp - 0xcc]
mov esi, dword [ebp - 0xbc]
neg edx
mov byte [edx + ebp - 0x18], bl
mov ebx, dword [ebp - 0xc0]
xor edx, edx
shrd ebx, esi, cl
shr esi, cl
test cl, 0x20
cmovne ebx, esi
cmovne esi, edx
mov dword [ebp - 0xc0], ebx
mov dword [ebp - 0xbc], esi
jmp short loc_fffb7f05  ; jmp 0xfffb7f05

loc_fffb7f83:
mov edx, dword [ebp - 0xbc]
mov eax, dword [ebp - 0xc0]
mov ecx, edx
or ecx, eax
je short loc_fffb7ff0  ; je 0xfffb7ff0
push eax
push esi
push dword [ebp - 0xbc]
push dword [ebp - 0xc0]
call fcn_fffd2889  ; call 0xfffd2889
add esp, 0xc
push esi
push dword [ebp - 0xbc]
push dword [ebp - 0xc0]
mov al, byte [eax + ref_fffd5868]  ; mov al, byte [eax - 0x2a798]
mov dl, al
or edx, 0x20
test bl, bl
cmovne eax, edx
inc dword [ebp - 0xcc]
mov edx, dword [ebp - 0xcc]
neg edx
mov byte [edx + ebp - 0x18], al
call fcn_fffd289e  ; call 0xfffd289e
add esp, 0x10
mov dword [ebp - 0xc0], eax
mov dword [ebp - 0xbc], edx
jmp short loc_fffb7f83  ; jmp 0xfffb7f83

loc_fffb7ff0:
cmp dword [ebp - 0xd8], 0
mov dword [ebp - 0xf0], 0
je loc_fffb819b  ; je 0xfffb819b
mov ebx, dword [ebp - 0xf8]
mov esi, dword [ebp - 0xd8]
mov eax, dword [ebp - 0xcc]
mov dword [ebp - 0xc0], 0x82
mov byte [ebp - 0xec], 0
lea ebx, [ebx + esi - 1]
sub dword [ebp - 0xc0], eax
mov dword [ebp - 0xe8], eax
xor eax, eax
mov dword [ebp - 0xd4], ebx

loc_fffb8042:
cmp dword [ebp - 0xe8], 0
je loc_fffb819b  ; je 0xfffb819b
cmp dword [ebp - 0xd8], 0
je loc_fffb829e  ; je 0xfffb829e
mov esi, dword [ebp - 0xd4]
mov al, byte [esi]
cmp al, 0x2d
je loc_fffb819b  ; je 0xfffb819b
cmp al, 0x2a
je short loc_fffb808e  ; je 0xfffb808e
mov ebx, dword [ebp - 0xd8]
xor eax, eax
mov dword [ebp - 0xec], 1
sub esi, ebx
mov edx, ebx
mov dword [ebp - 0x100], esi
jmp short loc_fffb80e1  ; jmp 0xfffb80e1

loc_fffb808e:
mov eax, dword [ebp - 0xc8]
lea ebx, [eax + 4]
mov eax, dword [eax]
test eax, eax
js loc_fffb8195  ; js 0xfffb8195
mov ecx, dword [ebp - 0xd4]
mov edx, dword [ebp - 0xd8]
mov dword [ebp - 0xc8], ebx
dec ecx
dec edx
jne short loc_fffb8108  ; jne 0xfffb8108
jmp near loc_fffb819b  ; jmp 0xfffb819b

loc_fffb80bc:
movsx esi, byte [ebp - 0xf9]
mov ecx, dword [ebp - 0xec]
sub esi, 0x30
imul esi, ecx
add eax, esi
imul esi, ecx, 0xa
mov dword [ebp - 0xec], esi
dec edx
je loc_fffb819b  ; je 0xfffb819b

loc_fffb80e1:
mov ebx, dword [ebp - 0x100]
mov ecx, edx
sub ecx, dword [ebp - 0xd8]
add ecx, dword [ebp - 0xd4]
mov bl, byte [ebx + edx]
lea esi, [ebx - 0x30]
mov byte [ebp - 0xf9], bl
mov ebx, esi
cmp bl, 9
jbe short loc_fffb80bc  ; jbe 0xfffb80bc

loc_fffb8108:
mov bl, byte [ecx]
lea esi, [ecx - 1]
mov dword [ebp - 0xd4], esi
mov byte [ebp - 0xec], bl
lea ebx, [edx - 1]
mov dword [ebp - 0xd8], ebx
test eax, eax
je short loc_fffb8186  ; je 0xfffb8186

loc_fffb8126:
mov esi, dword [ebp - 0xe8]
cmp esi, eax
jle short loc_fffb819b  ; jle 0xfffb819b
lea ecx, [ebp - 0x9a]
sub esi, eax
add ecx, dword [ebp - 0xc0]
xor edx, edx

loc_fffb8140:
cmp edx, esi
je short loc_fffb814e  ; je 0xfffb814e
mov bl, byte [ecx + edx]
mov byte [ecx + edx - 1], bl
inc edx
jmp short loc_fffb8140  ; jmp 0xfffb8140

loc_fffb814e:
mov ecx, dword [ebp - 0xe8]
dec dword [ebp - 0xc0]
add ecx, dword [ebp - 0xc0]
mov bl, byte [ebp - 0xec]
inc dword [ebp - 0xcc]
sub ecx, eax
inc dword [ebp - 0xf0]
mov byte [ebp + ecx - 0x9a], bl
mov dword [ebp - 0xe8], edx
jmp near loc_fffb8042  ; jmp 0xfffb8042

loc_fffb8186:
cmp dword [ebp - 0xd8], 0
jne loc_fffb8042  ; jne 0xfffb8042
jmp short loc_fffb819b  ; jmp 0xfffb819b

loc_fffb8195:
mov dword [ebp - 0xc8], ebx

loc_fffb819b:
cmp dword [ebp - 0xd0], 0
js short loc_fffb81ad  ; js 0xfffb81ad
and dword [ebp - 0xc4], 0xffffffef
jmp short loc_fffb81b7  ; jmp 0xfffb81b7

loc_fffb81ad:
mov dword [ebp - 0xd0], 1

loc_fffb81b7:
mov esi, dword [ebp - 0xcc]
mov eax, dword [ebp - 0xd0]
add eax, dword [ebp - 0xf0]
cmp eax, esi
cmovl eax, esi
mov esi, dword [ebp - 0xe0]
xor edx, edx
mov ebx, eax
mov eax, dword [ebp - 0xdc]
mov ecx, esi
add eax, ebx
sub ecx, eax
cmp eax, esi
cmovl edx, ecx
mov ecx, dword [ebp - 0xc4]
xor eax, eax
and ecx, 4
je short loc_fffb81fa  ; je 0xfffb81fa
mov eax, edx
xor edx, edx

loc_fffb81fa:
test byte [ebp - 0xc4], 0x40
je short loc_fffb8212  ; je 0xfffb8212
add eax, edx
xor edx, edx
test ecx, ecx
sete dl
add edx, eax
sar edx, 1
sub eax, edx

loc_fffb8212:
sub ebx, dword [ebp - 0xcc]
mov ecx, ebx
test byte [ebp - 0xc4], 0x10
je short loc_fffb8227  ; je 0xfffb8227
add ecx, edx
xor edx, edx

loc_fffb8227:
mov esi, dword [ebp - 0xcc]
sub esp, 0xc
push eax
lea eax, [ebp - 0x9a]
sub eax, esi
push esi
add eax, 0x82
push eax
push ecx
mov ecx, dword [ebp - 0xf4]
push dword [ebp - 0xdc]
lea eax, [ebp - 0xa4]
call fcn_fffb7325  ; call 0xfffb7325
mov ebx, dword [ebp - 0xc8]
add esp, 0x20

loc_fffb8261:
test eax, eax
js loc_fffb7757  ; js 0xfffb7757

loc_fffb8269:
add dword [ebp - 0xe4], eax
lea ecx, [edi + 1]
jmp near loc_fffb776c  ; jmp 0xfffb776c

loc_fffb8277:
mov eax, dword [ebp - 0xe4]
jmp short loc_fffb82b2  ; jmp 0xfffb82b2

loc_fffb827f:
sub eax, ref_fffd58b0  ; sub eax, 0xfffd58b0
inc edi
mov eax, dword [eax*4 + ref_fffd5890]  ; mov eax, dword [eax*4 - 0x2a770]
or dword [ebp - 0xc4], eax
jmp near loc_fffb77ba  ; jmp 0xfffb77ba

loc_fffb8297:
mov edi, esi
jmp near loc_fffb7973  ; jmp 0xfffb7973

loc_fffb829e:
test eax, eax
jne loc_fffb8126  ; jne 0xfffb8126
jmp near loc_fffb819b  ; jmp 0xfffb819b

loc_fffb82ab:
add ebx, 4
xor eax, eax
jmp short loc_fffb8269  ; jmp 0xfffb8269

loc_fffb82b2:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb82ba:
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
push ebx
mov ebx, eax
sub esp, 0x20
mov esi, dword [edx + 9]
mov edx, dword [ebx + 0x188b]
mov eax, dword [eax + 0x2443]
push 4
lea edx, [edx*4 + ref_fffd3230]  ; lea edx, [edx*4 - 0x2cdd0]
push edx
lea edx, [ebp - 0x1c]
push edx
call dword [eax + 0x58]  ; ucall
mov al, byte [ebx + 0xfac]
add esp, 0x10
cmp byte [ebp - 0x1c], al
mov al, 1
jne short loc_fffb8350  ; jne 0xfffb8350
mov cl, byte [ebx + 0xfad]
cmp byte [ebp - 0x1b], cl
jne short loc_fffb8350  ; jne 0xfffb8350
mov cl, byte [ebx + 0xfae]
cmp byte [ebp - 0x1a], cl
jne short loc_fffb8350  ; jne 0xfffb8350
mov cl, byte [ebx + 0xfaf]
cmp byte [ebp - 0x19], cl
jne short loc_fffb8350  ; jne 0xfffb8350
mov ecx, dword [ebx + 0xfa4]
cmp dword [ebx + 0x1887], ecx
jne short loc_fffb8350  ; jne 0xfffb8350
mov ecx, dword [ebx + 0xfa0]
cmp dword [ebx + 0x1883], ecx
jne short loc_fffb8350  ; jne 0xfffb8350
xor eax, eax
cmp edi, 2
je short loc_fffb8350  ; je 0xfffb8350
mov edx, 0x102
mov eax, esi
call fcn_fffc3dc3  ; call 0xfffc3dc3
cmp eax, dword [ebx + 0xfb0]
setne al

loc_fffb8350:
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8358:
push ebp
mov ebp, esp
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 8]
lea eax, [ebp - 0xc]
push eax
push ebx
call fcn_fffab60f  ; call 0xfffab60f
add esp, 0x10
test eax, eax
jns short loc_fffb837a  ; jns 0xfffb837a
mov dword [ebp - 0xc], 0

loc_fffb837a:
mov eax, dword [ebp - 0xc]
test eax, eax
je short loc_fffb838f  ; je 0xfffb838f
push edx
push edx
push ebx
push eax
call fcn_fffac673  ; call 0xfffac673
add esp, 0x10
jmp short loc_fffb8391  ; jmp 0xfffb8391

loc_fffb838f:
xor eax, eax

loc_fffb8391:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffb8396:  ; not directly referenced
and dh, 4
je short loc_fffb83fa  ; je 0xfffb83fa
push ebp
mov edx, ecx
mov ebp, esp
push edi
push esi
mov esi, ecx
shr edx, 0x13
push ebx
and edx, 1
sub esp, 0xc
cmp edx, 1
mov edi, dword [eax + 0x68]
mov edx, ecx
sbb ebx, ebx
call fcn_fffc3bf5  ; call 0xfffc3bf5
shr esi, 0x11
and ebx, 0x10
and esi, 1
add ebx, 0x10
push ecx
push esi
push edx
push eax
call edi
add esp, 0x10
cmp bx, 0x10
jne short loc_fffb83e9  ; jne 0xfffb83e9
xor eax, 0x1000000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xb
jmp short loc_fffb8400  ; jmp 0xfffb8400

loc_fffb83e9:  ; not directly referenced
xor eax, 0x800000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xa
jmp short loc_fffb8400  ; jmp 0xfffb8400

loc_fffb83fa:  ; not directly referenced
mov eax, 0xa
ret

loc_fffb8400:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8408:  ; not directly referenced
and dh, 4
je short loc_fffb846c  ; je 0xfffb846c
push ebp
mov edx, ecx
mov ebp, esp
push edi
push esi
mov esi, ecx
shr edx, 0x14
push ebx
and edx, 1
sub esp, 0xc
cmp edx, 1
mov edi, dword [eax + 0x68]
mov edx, ecx
sbb ebx, ebx
call fcn_fffc3bda  ; call 0xfffc3bda
shr esi, 0x12
and ebx, 0x10
and esi, 1
add ebx, 0x10
push ecx
push esi
push edx
push eax
call edi
add esp, 0x10
cmp bx, 0x10
jne short loc_fffb845b  ; jne 0xfffb845b
xor eax, 0x1000000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xb
jmp short loc_fffb8472  ; jmp 0xfffb8472

loc_fffb845b:  ; not directly referenced
xor eax, 0x800000
or eax, edx
cmp eax, 1
sbb eax, eax
add eax, 0xa
jmp short loc_fffb8472  ; jmp 0xfffb8472

loc_fffb846c:  ; not directly referenced
mov eax, 0xa
ret

loc_fffb8472:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb847a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x1c], 0
mov eax, dword [ebx + 0x2443]
lea esi, [ebx + 0xfb9]
mov dword [ebp - 0x20], eax
lea eax, [ebx + 0x10]
mov dword [ebp - 0x2c], eax
mov al, byte [ebx + 0x3755]
mov byte [ebx + 0xfb8], al
mov eax, dword [ebx + 0x374e]
mov dword [ebx + 0xfb4], eax

loc_fffb84ba:  ; not directly referenced
imul eax, dword [ebp - 0x1c], 0x13c3
xor edi, edi
mov edx, dword [ebx + eax + 0x3816]
lea ecx, [ebx + eax + 0x3756]
mov dword [ebp - 0x28], ecx
mov dword [esi + 4], edx
mov dl, byte [ebx + eax + 0x381a]
mov byte [esi + 8], dl
mov eax, dword [ebx + eax + 0x3756]
mov dword [esi], eax

loc_fffb84ea:  ; not directly referenced
mov eax, dword [ebp - 0x28]
push edx
push 0x2e
lea eax, [eax + edi + 4]
push eax
lea eax, [esi + edi + 9]
add edi, 0x2e
push eax
mov eax, dword [ebp - 0x20]
call dword [eax + 0x58]  ; ucall
add esp, 0x10
cmp edi, 0xb8
jne short loc_fffb84ea  ; jne 0xfffb84ea
imul eax, dword [ebp - 0x1c], 0x54a
lea edx, [esi + 0x313]
mov dword [ebp - 0x24], 0
lea edi, [ebx + eax + 0x19bb]

loc_fffb8529:  ; not directly referenced
mov ecx, dword [ebp - 0x24]
mov dword [ebp - 0x30], edx
mov edx, dword [ebp - 0x28]
push eax
push 0x128
lea eax, [edx + ecx + 0x1173]
push eax
lea eax, [esi + ecx + 0xc1]
push eax
mov eax, dword [ebp - 0x20]
call dword [eax + 0x58]  ; ucall
mov al, byte [edi + 3]
add esp, 0x10
mov edx, dword [ebp - 0x30]
cmp byte [edi + 2], 0xc
mov byte [edx - 2], al
jne short loc_fffb8573  ; jne 0xfffb8573
mov al, byte [edi + 0xd]
mov ecx, 0x1d
mov byte [edx - 1], al
lea eax, [edi + 0x140]
jmp short loc_fffb8581  ; jmp 0xfffb8581

loc_fffb8573:  ; not directly referenced
mov al, byte [edi + 8]
mov ecx, 0x1f
mov byte [edx - 1], al
lea eax, [edi + 0x75]

loc_fffb8581:  ; not directly referenced
sub esp, 4
add edi, 0x277
push ecx
push eax
mov eax, dword [ebp - 0x20]
push edx
mov dword [ebp - 0x30], edx
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x30]
add esp, 0x10
add dword [ebp - 0x24], 0x128
add edx, 0x21
cmp dword [ebp - 0x24], 0x250
jne loc_fffb8529  ; jne 0xfffb8529
inc dword [ebp - 0x1c]
add esi, 0x433
cmp dword [ebp - 0x1c], 2
jne loc_fffb84ba  ; jne 0xfffb84ba
mov eax, dword [ebx + 0x3735]
mov dword [ebx + 0x182c], eax
mov eax, dword [ebx + 0x3739]
mov dword [ebx + 0x1830], eax
mov eax, dword [ebx + 0x373d]
mov dword [ebx + 0x1834], eax
mov eax, dword [ebx + 0x3741]
mov dword [ebx + 0x1838], eax
push eax
mov eax, dword [ebx + 0x2443]
push 4
mov edx, dword [ebx + 0x188b]
lea edx, [edx*4 + ref_fffd3230]  ; lea edx, [edx*4 - 0x2cdd0]
push edx
lea edx, [ebx + 0xfac]
push edx
call dword [eax + 0x58]  ; ucall
mov eax, dword [ebx + 0x1887]
add esp, 0x10
xor ecx, ecx
mov dword [ebx + 0xfa4], eax
mov eax, dword [ebx + 0x1883]
mov dword [ebx + 0xfa0], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebx + 0xfa8], eax
mov al, byte [ebx + 0x190d]
mov byte [ebx + 0x1842], al
mov eax, dword [ebx + 0x36d7]
mov dword [ebx + 0x181f], eax
mov eax, dword [ebx + 0x36df]
mov dword [ebx + 0x1823], eax
mov al, byte [ebx + 0x36e7]
mov byte [ebx + 0x182b], al
mov eax, dword [ebx + 0x36e3]
mov dword [ebx + 0x1827], eax
mov al, byte [ebx + 0x3748]
mov byte [ebx + 0x183c], al
mov eax, dword [ebx + 0x2480]
mov dword [ebx + 0x183d], eax
mov al, byte [ebx + 0x3749]
mov byte [ebx + 0x1841], al
mov al, byte [ebx + 0x36ca]
mov byte [ebx + 0x184c], al
mov al, byte [ebx + 0x36a8]
mov byte [ebx + 0x184d], al
mov eax, dword [ebx + 0x36cb]
mov dword [ebx + 0x1843], eax
mov eax, dword [ebx + 0x1912]
mov dword [ebx + 0x1847], eax
mov al, byte [ebx + 0x1916]
mov byte [ebx + 0x184b], al

loc_fffb86dc:  ; not directly referenced
mov eax, dword [ebx + ecx*8 + 0x36a9]
mov edx, dword [ebx + ecx*8 + 0x36ad]
mov dword [ebx + ecx*8 + 0x184e], eax
mov dword [ebx + ecx*8 + 0x1852], edx
inc ecx
cmp ecx, 4
jne short loc_fffb86dc  ; jne 0xfffb86dc
mov edx, dword [ebx + 0x18bd]
mov eax, dword [ebx + 0x18b9]
call fcn_fffc3dc3  ; call 0xfffc3dc3
mov edx, 0x185e
mov dword [ebx + 0xfb0], eax
mov eax, dword [ebp - 0x2c]
call fcn_fffc3dc3  ; call 0xfffc3dc3
mov dword [ebx + 8], 0x1866
mov dword [ebx + 0xc], eax
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8736:  ; not directly referenced
mov eax, dword [0xff7d0084]
push ebp
mov ebp, esp
push esi
mov esi, dword [ebp + 8]
push ebx
mov eax, dword [eax + 0x14]
mov ebx, dword [ebp + 0xc]
sub esp, 0xc
add eax, 0xb0048
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
cmp bl, 2
je short loc_fffb876f  ; je 0xfffb876f
cmp bl, 6
je short loc_fffb8776  ; je 0xfffb8776
dec bl
jne short loc_fffb8782  ; jne 0xfffb8782
mov edx, 1
jmp short loc_fffb877b  ; jmp 0xfffb877b

loc_fffb876f:  ; not directly referenced
mov edx, 2
jmp short loc_fffb877b  ; jmp 0xfffb877b

loc_fffb8776:  ; not directly referenced
mov edx, 6

loc_fffb877b:  ; not directly referenced
mov eax, esi
call fcn_fffb7129  ; call 0xfffb7129

loc_fffb8782:  ; not directly referenced
lea esp, [ebp - 8]
xor eax, eax
pop ebx
pop esi
pop ebp
ret

fcn_fffb878b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x38
mov eax, dword [0xff7d0084]
mov edi, dword [eax + 0x14]
add edi, 0xb0048
push edi
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov ebx, eax
lea eax, [ebp - 0x1c]
push eax
push 0
push 0
push ref_fffd604c  ; push 0xfffd604c
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x20
xor ecx, ecx
mov esi, eax

loc_fffb87c3:  ; not directly referenced
test bh, 1
jne short loc_fffb87f3  ; jne 0xfffb87f3
cmp ecx, 0x32
je short loc_fffb883e  ; je 0xfffb883e
mov eax, dword [ebp - 0x1c]
push ebx
push 0x3e8
push eax
push dword [ebp + 8]
mov dword [ebp - 0x2c], ecx
call dword [eax + 4]  ; ucall
mov dword [esp], edi
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov ecx, dword [ebp - 0x2c]
add esp, 0x10
inc ecx
mov ebx, eax
jmp short loc_fffb87c3  ; jmp 0xfffb87c3

loc_fffb87f3:  ; not directly referenced
cmp ecx, 0x32
je short loc_fffb883e  ; je 0xfffb883e
mov edi, ebx
test bl, bl
jns short loc_fffb8835  ; jns 0xfffb8835
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov ebx, dword [eax + 0x14]
add ebx, 0xf80a2
push ebx
call fcn_fffb3d06  ; call 0xfffb3d06
pop edx
pop ecx
and eax, 0xff7f
push eax
push ebx
call fcn_fffb3d20  ; call 0xfffb3d20
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffb7129  ; call 0xfffb7129
add esp, 0x10
mov esi, eax

loc_fffb8835:  ; not directly referenced
mov eax, edi
and eax, 0xffffff90
cmp al, 0x10
jne short loc_fffb8844  ; jne 0xfffb8844

loc_fffb883e:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov byte [eax], 1

loc_fffb8844:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb884e:
push ebp
mov ebp, esp
mov ecx, dword [ebp + 8]
mov edx, dword [ebp + 0xc]
push ebx
mov ebx, dword [ecx + 8]
mov eax, dword [ecx + 0xc]
xor ebx, dword [edx + 8]
xor eax, dword [edx + 0xc]
or ebx, eax
mov ebx, dword [ecx]
mov ecx, dword [ecx + 4]
sete al
xor ebx, dword [edx]
xor ecx, dword [edx + 4]
or ebx, ecx
sete dl
and eax, edx
pop ebx
pop ebp
ret

fcn_fffb887d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x6c
mov eax, dword [ebp + 8]
mov dword [ebp - 0x68], ecx
mov ecx, dword [ebp + 0xc]
mov ebx, dword [ebp + 0x10]
mov byte [ebp - 0x30], 0x21
mov dword [ebp - 0x6c], eax
mov al, byte [ebp + 0x14]
mov dword [ebp - 0x3c], ecx
mov byte [ebp - 0x76], cl
mov edi, ebx
mov byte [ebp - 0x2f], 0x42
mov byte [ebp - 0x40], al
mov byte [ebp - 0x2e], 0x58
mov byte [ebp - 0x2d], 0x64
mov byte [ebp - 0x2c], 0x85
mov byte [ebp - 0x2b], 0xa6
mov byte [ebp - 0x2a], 0xc8
mov byte [ebp - 0x29], 0xe9
mov byte [ebp - 0x28], 0x2f
mov byte [ebp - 0x27], 0x41
mov byte [ebp - 0x26], 0x53
mov byte [ebp - 0x25], 0x64
mov byte [ebp - 0x24], 0x7d
mov byte [ebp - 0x23], 0x95
mov byte [ebp - 0x22], 0xad
mov byte [ebp - 0x21], 0xc5
mov byte [ebp - 0x20], 0x76
mov byte [ebp - 0x1f], 0x70
mov byte [ebp - 0x1e], 0x6c
mov byte [ebp - 0x1d], 0x67
mov eax, dword [esi + 0x5edc]
mov byte [ebp - 0x1c], 0x64
mov byte [ebp - 0x1b], 0x61
mov byte [ebp - 0x1a], 0x5f
mov dword [ebp - 0x58], eax
movzx eax, dl
mov edx, dword [ebp - 0x58]
mov dword [ebp - 0x60], eax
imul eax, eax, 0xcc
mov byte [ebp - 0x19], 0x5d
mov dword [ebp - 0x74], 0
mov dword [ebp - 0x5c], 0
lea eax, [edx + eax + 0x1c]
mov dl, 0x19
mov dword [ebp - 0x44], eax
mov eax, dword [esi + 0x18a7]
mov eax, dword [esi + eax*4 + 0x3735]
mov dword [ebp - 0x48], eax
mov eax, dword [esi + 0x188b]
mov dword [ebp - 0x70], eax
xor eax, eax
cmp dword [esi + 0x2480], 3
sete al
cmp cl, 0xc
mov dword [ebp - 0x64], eax
mov al, 0x4b
cmovne edx, eax
cmp dword [ebp + 0x1c], 0
mov byte [ebp - 0x75], dl
je short loc_fffb897e  ; je 0xfffb897e
mov eax, dword [ebp + 0x1c]
cmp dword [eax], 0
setne al
movzx eax, al
mov dword [ebp - 0x4c], eax
jmp short loc_fffb89a3  ; jmp 0xfffb89a3

loc_fffb897e:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
cmp al, 0xc
sete dl
cmp al, 0xa
sete al
or dl, al
je short loc_fffb8996  ; je 0xfffb8996

loc_fffb898f:  ; not directly referenced
xor eax, eax
jmp near loc_fffb8ff5  ; jmp 0xfffb8ff5

loc_fffb8996:  ; not directly referenced
cmp byte [ebp - 0x3c], 0xf
je short loc_fffb898f  ; je 0xfffb898f
mov dword [ebp - 0x4c], 0

loc_fffb89a3:  ; not directly referenced
cmp dword [ebp - 0x64], 0
jne short loc_fffb89eb  ; jne 0xfffb89eb
mov edx, dword [ebp - 0x60]
imul eax, edx, 0x54a
imul edx, edx, 0x13c3
lea eax, [esi + eax + 0x196b]
mov dl, byte [esi + edx + 0x381a]
test dl, 1
je short loc_fffb89d4  ; je 0xfffb89d4
cmp byte [eax + 0x27e], 0
je short loc_fffb89fb  ; je 0xfffb89fb

loc_fffb89d4:  ; not directly referenced
and dl, 4
je short loc_fffb8a04  ; je 0xfffb8a04
cmp byte [eax + 0x4f5], 1
sbb eax, eax
mov dword [ebp - 0x54], eax
add dword [ebp - 0x54], 0x24
jmp short loc_fffb8a0b  ; jmp 0xfffb8a0b

loc_fffb89eb:  ; not directly referenced
mov dword [ebp - 0x54], 0x50
mov dword [ebp - 0x50], 0x37
jmp short loc_fffb8a12  ; jmp 0xfffb8a12

loc_fffb89fb:  ; not directly referenced
mov dword [ebp - 0x54], 0x23
jmp short loc_fffb8a0b  ; jmp 0xfffb8a0b

loc_fffb8a04:  ; not directly referenced
mov dword [ebp - 0x54], 0x24

loc_fffb8a0b:  ; not directly referenced
mov dword [ebp - 0x50], 0x23

loc_fffb8a12:  ; not directly referenced
cmp byte [ebp - 0x3c], 2
ja loc_fffb8b08  ; ja 0xfffb8b08
movzx eax, byte [ebp - 0x6c]
mov edx, dword [ebp - 0x44]
cmp byte [ebp - 0x3c], 1
mov eax, dword [edx + eax*4 + 0x78]
mov dword [ebp - 0x5c], eax
jne short loc_fffb8a44  ; jne 0xfffb8a44
mov edx, 0x3a04
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov dword [ebp - 0x74], eax
jmp near loc_fffb8b12  ; jmp 0xfffb8b12

loc_fffb8a44:  ; not directly referenced
mov edx, 0x3a00
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
cmp byte [ebp - 0x3c], 0
jne loc_fffb8b08  ; jne 0xfffb8b08
mov ebx, dword [ebp - 0x58]
mov edx, dword [ebx + 0xc]
shr edx, 0xb
mov cl, dl
and ecx, 0xf
and dl, 8
lea ebx, [ecx - 0x10]
cmovne ecx, ebx
cmp dword [ebp + 0x18], 0
je short loc_fffb8a90  ; je 0xfffb8a90
mov edi, dword [ebp - 0x5c]
and eax, 0x3f
mov byte [ebp - 0x40], al
mov eax, edi
and eax, 0x3f
and edi, 0x20
lea edx, [eax - 0x40]
cmovne eax, edx
mov edi, eax

loc_fffb8a90:  ; not directly referenced
cmp dword [ebp - 0x70], 1
movsx ecx, cl
mov edx, dword [esi + 0x1887]
sbb ebx, ebx
and ebx, 0x12
add ebx, 0x1e
cmp edx, 0x306d0
sete al
cmp edx, 0x40650
sete dl
movsx ebx, bl
or eax, edx
mov edx, 0x20
cmp al, 1
sbb eax, eax
sub edx, ecx
and eax, 0xffffffd3
add ecx, 0x20
add eax, 0x78
movzx eax, al
imul eax, edx
cdq
idiv ecx
mov ecx, 3
xor edx, edx
div cx
movsx ecx, byte [ebp - 0x40]
lea edx, [ecx + ecx*2]
add edx, ebx
imul eax, edx
mov edx, edi
movsx edx, dl
add edx, ecx
lea edx, [edx + edx*2]
movzx eax, ax
add ebx, edx
cdq
idiv ebx
mov ecx, eax
jmp near loc_fffb8c02  ; jmp 0xfffb8c02

loc_fffb8b08:  ; not directly referenced
cmp byte [ebp - 0x3c], 1
jne loc_fffb8bab  ; jne 0xfffb8bab

loc_fffb8b12:  ; not directly referenced
mov eax, dword [ebp - 0x58]
mov ecx, dword [eax + 0xc]
mov eax, ecx
shr eax, 3
and eax, 1
shr ecx, 0xf
mov byte [ebp - 0x64], al
mov al, cl
and eax, 0x1f
cmp dword [ebp - 0x70], 1
lea edx, [eax - 0x20]
sbb ebx, ebx
and ebx, 6
add ebx, 0xa
and cl, 0x10
cmove edx, eax
cmp dword [ebp + 0x18], 0
je short loc_fffb8b65  ; je 0xfffb8b65
mov al, byte [ebp - 0x74]
mov edi, dword [ebp - 0x5c]
and eax, 0x3f
shr edi, 0xc
mov byte [ebp - 0x40], al
mov eax, edi
and eax, 0x1f
and edi, 0x10
lea ecx, [eax - 0x20]
cmovne eax, ecx
mov edi, eax

loc_fffb8b65:  ; not directly referenced
mov cl, byte [ebp - 0x40]
mov al, 1
movsx edx, dl
movsx ebx, bl
test cl, cl
cmove ecx, eax
mov eax, esi
mov byte [ebp - 0x40], cl
call fcn_fffa6cfe  ; call 0xfffa6cfe
mov dl, byte [ebp - 0x64]
xor edx, 1
movzx edx, dl
imul ebx, edx
movsx edx, byte [ebp - 0x40]
lea ecx, [ebx + edx]
imul eax, ecx
mov ecx, edi
movsx ecx, cl
add edx, ecx
add ebx, edx
movzx eax, ax
cdq
idiv ebx
mov ecx, eax
jmp near loc_fffb8ca4  ; jmp 0xfffb8ca4

loc_fffb8bab:  ; not directly referenced
cmp byte [ebp - 0x3c], 2
jne short loc_fffb8bd7  ; jne 0xfffb8bd7
cmp dword [ebp + 0x18], 0
je short loc_fffb8bca  ; je 0xfffb8bca
mov edi, dword [ebp - 0x5c]
shr edi, 0x1b
mov eax, edi
and eax, 0x10
lea ecx, [edi - 0x20]
test al, al
cmovne edi, ecx

loc_fffb8bca:  ; not directly referenced
mov eax, edi
movsx ecx, al
add ecx, 0x32
jmp near loc_fffb8ca4  ; jmp 0xfffb8ca4

loc_fffb8bd7:  ; not directly referenced
cmp byte [ebp - 0x3c], 4
jne short loc_fffb8be5  ; jne 0xfffb8be5
movsx ecx, bl
jmp near loc_fffb8dec  ; jmp 0xfffb8dec

loc_fffb8be5:  ; not directly referenced
cmp byte [ebp - 0x3c], 5
jne short loc_fffb8c00  ; jne 0xfffb8c00
movsx ax, bl
idiv byte [ebp - 0x76]
movsx eax, al
lea ecx, [eax + eax*4]
add ecx, 0x64
jmp near loc_fffb8dec  ; jmp 0xfffb8dec

loc_fffb8c00:  ; not directly referenced
xor ecx, ecx

loc_fffb8c02:  ; not directly referenced
cmp byte [ebp - 0x3c], 9
jne loc_fffb8ca4  ; jne 0xfffb8ca4
cmp dword [ebp + 0x18], 0
je short loc_fffb8c67  ; je 0xfffb8c67
cmp byte [ebp - 0x68], 3
ja loc_fffb898f  ; ja 0xfffb898f
mov ecx, dword [ebp - 0x68]
imul eax, dword [ebp - 0x60], 0x13c3
mov edx, ecx
and edx, 1
shr ecx, 1
imul edx, edx, 0x18
imul ecx, ecx, 0x128
lea eax, [esi + eax + 0x3756]
add edx, ecx
cmp dword [ebp - 0x64], 0
je short loc_fffb8c55  ; je 0xfffb8c55
mov cx, word [eax + edx + 0x1271]
lea edi, [ecx - 1]
and edi, 0xf
jmp short loc_fffb8c6d  ; jmp 0xfffb8c6d

loc_fffb8c55:  ; not directly referenced
mov cx, word [eax + edx + 0x126d]
shr cx, 1
mov edi, ecx
and edi, 1
jmp short loc_fffb8c8d  ; jmp 0xfffb8c8d

loc_fffb8c67:  ; not directly referenced
cmp dword [ebp - 0x64], 0
je short loc_fffb8c84  ; je 0xfffb8c84

loc_fffb8c6d:  ; not directly referenced
mov eax, edi
mov ebx, 7
cmp al, 6
mov al, 6
cmovg edi, eax
mov eax, edi
movsx eax, al
sub ebx, eax
jmp short loc_fffb8c95  ; jmp 0xfffb8c95

loc_fffb8c84:  ; not directly referenced
mov eax, edi
cmp al, 0xfa
mov al, 0xfb
cmovle edi, eax

loc_fffb8c8d:  ; not directly referenced
mov eax, edi
movsx ebx, al
add ebx, 6

loc_fffb8c95:  ; not directly referenced
mov eax, 0xf0
cdq
idiv ebx
mov ecx, eax
jmp near loc_fffb8dec  ; jmp 0xfffb8dec

loc_fffb8ca4:  ; not directly referenced
cmp byte [ebp - 0x3c], 6
jne loc_fffb8dec  ; jne 0xfffb8dec
mov edx, 0x3918
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov dl, byte [esi + 0x36e7]
and eax, 3
cmp dword [esi + 0x36e3], 1
sbb ebx, ebx
and ebx, 0xfffffffe
add ebx, 6
cmp dword [esi + 0x188b], 0
jne loc_fffb8d81  ; jne 0xfffb8d81
cmp dword [ebp - 0x48], 0x546
movzx eax, al
seta cl
sub edx, ebx
cmp dl, 4
mov bl, 4
cmovle ebx, edx
xor edx, edx
test bl, bl
movzx ecx, cl
cmovns edx, ebx
cmp dword [esi + 0x1887], 0x40650
jne short loc_fffb8d26  ; jne 0xfffb8d26
cmp dl, 2
mov bl, 2
cmovle ebx, edx
movsx ebx, bl
lea ecx, [ecx + ecx*2]
add ecx, ebx
movzx ebx, byte [eax + ecx*4 + ref_fffd32d4]  ; movzx ebx, byte [eax + ecx*4 - 0x2cd2c]
jmp short loc_fffb8d36  ; jmp 0xfffb8d36

loc_fffb8d26:  ; not directly referenced
movsx edx, dl
lea ecx, [ecx + ecx*4]
add edx, ecx
movzx ebx, byte [eax + edx*4 + ref_fffd32ac]  ; movzx ebx, byte [eax + edx*4 - 0x2cd54]

loc_fffb8d36:  ; not directly referenced
imul eax, dword [ebp - 0x48], 0x4b0
mov ecx, 0x3e8
xor edx, edx
div ecx
xor edx, edx
add eax, 0x520
div ecx
cmp dword [ebp + 0x18], 0
mov ecx, eax
je short loc_fffb8d6d  ; je 0xfffb8d6d
movzx eax, byte [ebp - 0x6c]
mov edi, dword [ebp - 0x44]
movzx edi, byte [edi + eax*4 + 5]
mov eax, edi
shr al, 2
mov edi, eax
and edi, 7

loc_fffb8d6d:  ; not directly referenced
mov eax, edi
movzx ebx, byte [ebp + ebx - 0x30]
movsx eax, al
movzx eax, byte [ebp + eax - 0x30]
imul eax, ecx
jmp short loc_fffb8de5  ; jmp 0xfffb8de5

loc_fffb8d81:  ; not directly referenced
imul eax, dword [ebp - 0x48], 0x5fa
xor edx, edx
mov ecx, 0x3e8
div ecx
cmp dword [ebp + 0x18], 0
lea edx, [eax + 0x4cc]
je short loc_fffb8dbc  ; je 0xfffb8dbc
movzx eax, byte [ebp - 0x6c]
mov ecx, dword [ebp - 0x44]
movzx edi, byte [ecx + eax*4 + 5]
mov ebx, edi
shr bl, 2
mov edi, ebx
mov bl, byte [ecx + eax*4 + 0x2b]
and edi, 7
shr bl, 2
jmp short loc_fffb8dc5  ; jmp 0xfffb8dc5

loc_fffb8dbc:  ; not directly referenced
mov eax, edi
mov ebx, edi
shr al, 3
mov edi, eax

loc_fffb8dc5:  ; not directly referenced
and ebx, 7
mov eax, edi
movzx ebx, bl
movsx eax, al
movzx ecx, byte [ebp + ebx - 0x20]
mov ebx, 0x2710
movzx eax, byte [ebp + eax - 0x28]
imul eax, ecx
imul eax, edx

loc_fffb8de5:  ; not directly referenced
xor edx, edx
div ebx
movzx ecx, ax

loc_fffb8dec:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
cmp al, 0xa
sete bl
cmp al, 0xc
sete al
mov byte [ebp - 0x64], al
or al, bl
mov byte [ebp - 0x5c], bl
jne short loc_fffb8e0f  ; jne 0xfffb8e0f
cmp byte [ebp - 0x3c], 0xf
jne loc_fffb8fb2  ; jne 0xfffb8fb2
jmp short loc_fffb8e36  ; jmp 0xfffb8e36

loc_fffb8e0f:  ; not directly referenced
cmp byte [ebp - 0x3c], 0xf
je short loc_fffb8e36  ; je 0xfffb8e36
mov eax, dword [ebp - 0x58]
cmp dword [ebp - 0x4c], 0
mov ecx, dword [eax + 0xc]
je short loc_fffb8e26  ; je 0xfffb8e26
shr ecx, 0x18
jmp short loc_fffb8e29  ; jmp 0xfffb8e29

loc_fffb8e26:  ; not directly referenced
shr ecx, 0x14

loc_fffb8e29:  ; not directly referenced
and ecx, 0xf
test cl, 8
je short loc_fffb8e38  ; je 0xfffb8e38
sub ecx, 0x10
jmp short loc_fffb8e38  ; jmp 0xfffb8e38

loc_fffb8e36:  ; not directly referenced
mov ecx, edi

loc_fffb8e38:  ; not directly referenced
movsx ecx, cl
xor edx, edx
add ecx, 0x20
mov eax, 0x1900
div ecx
sub eax, 0x64
cmp dword [ebp + 0x18], 0
mov dword [ebp - 0x58], eax
setne bl
cmp byte [ebp - 0x3c], 0xf
sete al
xor edx, edx
mov byte [ebp - 0x68], al
or al, bl
je short loc_fffb8ed5  ; je 0xfffb8ed5
cmp dword [ebp - 0x4c], 0
je short loc_fffb8e7e  ; je 0xfffb8e7e
mov edx, 0x3a0c
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov edi, dword [ebp - 0x44]
mov edx, dword [edi + 0x50]
jmp short loc_fffb8e90  ; jmp 0xfffb8e90

loc_fffb8e7e:  ; not directly referenced
mov edx, 0x3a08
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov edi, dword [ebp - 0x44]
mov edx, dword [edi + 0x4c]

loc_fffb8e90:  ; not directly referenced
shr edx, 9
shr eax, 0xc
mov edi, edx
and eax, 0x3f
and edi, 0xf
mov byte [ebp - 0x40], al
test edi, 8
je short loc_fffb8eac  ; je 0xfffb8eac
sub edi, 0x10

loc_fffb8eac:  ; not directly referenced
xor edx, edx
test bl, bl
je short loc_fffb8ed5  ; je 0xfffb8ed5
cmp byte [ebp - 0x64], 0
je short loc_fffb8ed5  ; je 0xfffb8ed5
mov edx, dword [ebp - 0x60]
mov eax, esi
shl edx, 8
add edx, 0x140c
call fcn_fffae52a  ; call 0xfffae52a
mov edx, edi
shr eax, 0xd
mov edi, eax
and edi, 3

loc_fffb8ed5:  ; not directly referenced
movsx ecx, byte [ebp - 0x40]
mov eax, dword [ebp - 0x58]
mov bl, byte [ebp - 0x68]
add ecx, 0xc
imul eax, ecx
or bl, byte [ebp - 0x5c]
mov ebx, edi
movsx ebx, bl
je short loc_fffb8f18  ; je 0xfffb8f18
add ecx, ebx
xor edx, edx
mov esi, dword [ebp - 0x50]
div ecx
xor edx, edx
mov ecx, 5
div ecx
mov ebx, eax
mov eax, dword [ebp + 0x1c]
add esi, ebx
mov dword [eax], ebx
mov eax, dword [ebp - 0x54]
add eax, ebx
cmp dword [ebp - 0x4c], 0
cmovne esi, eax
jmp short loc_fffb8f38  ; jmp 0xfffb8f38

loc_fffb8f18:  ; not directly referenced
movsx edx, dl
mov esi, dword [ebp - 0x50]
add ecx, edx
xor edx, edx
div ecx
mov ecx, 5
sub ecx, ebx
xor edx, edx
div ecx
mov ebx, eax
add esi, eax
mov eax, dword [ebp + 0x1c]
mov dword [eax], ebx

loc_fffb8f38:  ; not directly referenced
imul eax, dword [ebp - 0x48], 0x3e8
add esi, esi
xor edx, edx
div esi
mov esi, 0x3e8
xor edx, edx
mov ecx, eax
div esi
movzx esi, byte [ebp - 0x75]
xor edx, edx
mov dword [ebp - 0x40], esi
mov esi, eax
imul esi, eax
mov dword [ebp - 0x50], eax
mov eax, esi
mov esi, 0x64
imul eax, ebx
imul ebx, dword [ebp - 0x50]
div esi
xor edx, edx
imul eax, dword [ebp - 0x40]
div esi
mov edx, dword [ebp + 0x1c]
mov dword [edx + 4], eax
mov eax, dword [ebp - 0x48]
xor edx, edx
sub eax, ebx
sub eax, ebx
mov ebx, 0x3e8
imul eax, eax
div ebx
mov bx, 0x2710
xor edx, edx
imul eax, eax, 0xd2f0
div ebx
xor edx, edx
div esi
xor edx, edx
imul eax, dword [ebp - 0x40]
div esi
mov esi, dword [ebp + 0x1c]
mov dword [esi + 8], eax

loc_fffb8fb2:  ; not directly referenced
cmp byte [ebp - 0x3c], 0xb
mov eax, ecx
jne short loc_fffb8ff5  ; jne 0xfffb8ff5
cmp dword [ebp + 0x18], 0
je short loc_fffb8fed  ; je 0xfffb8fed
mov eax, dword [ebp - 0x44]
mov eax, dword [eax + 0x4c]
mov dword [ebp - 0x3c], eax
mov cl, byte [ebp - 0x3c]
and ecx, 0x1f
cmp dword [ebp - 0x4c], 0
mov edi, ecx
je short loc_fffb8fe2  ; je 0xfffb8fe2
mov eax, dword [ebp - 0x44]
mov ecx, dword [eax + 0x50]
mov edi, ecx
and edi, 0x1f

loc_fffb8fe2:  ; not directly referenced
test edi, 0x10
je short loc_fffb8fed  ; je 0xfffb8fed
sub edi, 0x20

loc_fffb8fed:  ; not directly referenced
mov eax, edi
movsx eax, al
add eax, 0x32

loc_fffb8ff5:  ; not directly referenced
add esp, 0x6c
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb8ffd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
push ebx
mov ebx, eax
sub esp, 0x8c
mov eax, dword [eax + 0x188b]
mov byte [ebp - 0x2a], 0
mov byte [ebp - 0x29], 0x3c
mov byte [ebp - 0x28], 0x78
cmp eax, 1
mov dword [ebp - 0x8c], eax
sbb eax, eax
mov dword [ebp - 0x88], eax
and word [ebp - 0x88], 0xfc19
add word [ebp - 0x88], 0x3e8
mov byte [ebp - 0x27], 0x28
mov byte [ebp - 0x26], 0x14
mov byte [ebp - 0x25], 0x1e
mov byte [ebp - 0x35], 0
mov byte [ebp - 0x34], 0x3c
mov byte [ebp - 0x33], 0x78
mov byte [ebp - 0x32], 0
mov byte [ebp - 0x31], 0x22
mov byte [ebp - 0x30], 0x28
mov byte [ebp - 0x2f], 0x30
mov byte [ebp - 0x2e], 0
mov byte [ebp - 0x2d], 0
mov byte [ebp - 0x2c], 0x78
mov byte [ebp - 0x2b], 0xf0
mov dword [ebp - 0x48], ebx
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x44], 0
mov dword [ebp - 0x50], 0
mov dword [ebp - 0x6c], 0
mov byte [ebp - 0x76], 0

loc_fffb909d:  ; not directly referenced
mov eax, dword [ebp - 0x48]
mov esi, edi
mov dword [ebp - 0x54], 0
mov word [ebp - 0x4a], 0
mov word [ebp - 0x56], 0
add eax, 0x3756
mov word [ebp - 0x4c], 0
mov dword [ebp - 0x70], 0
mov dword [ebp - 0x94], eax

loc_fffb90cd:  ; not directly referenced
mov ecx, dword [ebp - 0x48]
mov al, byte [ebp - 0x54]
mov edx, dword [ecx + 0x3816]
mov cl, al
mov dword [ebp - 0x90], edx
mov edx, 1
shl edx, cl
mov ecx, dword [ebp - 0x48]
test byte [ecx + 0x381a], dl
je loc_fffb93e9  ; je 0xfffb93e9
cmp dword [ebx + 0x2480], 3
jne short loc_fffb9140  ; jne 0xfffb9140
cmp al, 1
ja loc_fffb9474  ; ja 0xfffb9474
imul eax, dword [ebp - 0x54], 0x18
mov word [ebp - 0x40], 0x3fff
mov dx, word [ecx + eax + 0x49c7]
and edx, 3
mov cl, byte [ebp + edx - 0x32]
mov byte [ebp - 0x75], cl
mov ecx, dword [ebp - 0x48]
mov ax, word [ecx + eax + 0x49cf]
and eax, 3
movzx eax, byte [ebp + eax - 0x2e]
mov word [ebp - 0x68], ax
jmp near loc_fffb91c6  ; jmp 0xfffb91c6

loc_fffb9140:  ; not directly referenced
mov dl, al
and eax, 1
shr dl, 1
movzx edx, dl
imul edx, edx, 0x128
imul eax, eax, 0x18
add eax, edx
add eax, dword [ebp - 0x94]
mov cx, word [eax + 0x126d]
mov ax, word [eax + 0x126f]
mov word [ebp - 0x68], ax
mov eax, ecx
shr ax, 1
and eax, 1
add eax, 6
mov dword [ebp - 0x40], eax
mov eax, 0xf0
cdq
idiv dword [ebp - 0x40]
mov edx, ecx
shr dx, 6
and edx, 1
add edx, edx
shr word [ebp - 0x68], 9
mov byte [ebp - 0x75], al
mov eax, ecx
shr ax, 9
and eax, 1
shl eax, 2
shr cx, 2
or eax, edx
and ecx, 1
or eax, ecx
movzx eax, byte [ebp + eax - 0x2a]
mov word [ebp - 0x40], ax
mov eax, dword [ebp - 0x68]
and eax, 3
movzx eax, byte [ebp + eax - 0x35]
mov word [ebp - 0x68], ax

loc_fffb91c6:  ; not directly referenced
cmp dword [ebp - 0x70], 0
jne loc_fffb934b  ; jne 0xfffb934b
mov byte [ebp - 0x70], 0

loc_fffb91d4:  ; not directly referenced
movzx ecx, byte [ebx + 0x2488]
cmp byte [ebp - 0x70], cl
jae short loc_fffb9258  ; jae 0xfffb9258
push edx
movzx eax, byte [ebp - 0x70]
xor ecx, ecx
push edx
mov edx, dword [ebp - 0x3c]
push 0
push 1
push 0
push 0
push 0
push eax
mov dword [ebp - 0x74], eax
mov eax, ebx
call fcn_fffb887d  ; call 0xfffb887d
add esp, 0x18
mov edx, dword [ebp - 0x3c]
push 0
xor ecx, ecx
push 1
push 0
push 0
push 1
push dword [ebp - 0x74]
add word [ebp - 0x56], ax
mov eax, ebx
call fcn_fffb887d  ; call 0xfffb887d
add esp, 0x18
mov edx, dword [ebp - 0x3c]
push 0
xor ecx, ecx
push 1
push 0
push 0
push 6
push dword [ebp - 0x74]
add word [ebp - 0x4c], ax
mov eax, ebx
call fcn_fffb887d  ; call 0xfffb887d
xor edx, edx
add esp, 0x20
inc byte [ebp - 0x70]
div word [ebp - 0x88]
add word [ebp - 0x4a], ax
jmp near loc_fffb91d4  ; jmp 0xfffb91d4

loc_fffb9258:  ; not directly referenced
movzx eax, word [ebp - 0x56]
mov dword [ebp - 0x70], 1
cdq
idiv ecx
mov word [ebp - 0x56], ax
movzx eax, word [ebp - 0x4c]
cdq
idiv ecx
mov word [ebp - 0x4c], ax
movzx eax, word [ebp - 0x4a]
cdq
idiv ecx
cmp dword [ebp - 0x8c], 1
mov word [ebp - 0x4a], ax
jne loc_fffb934b  ; jne 0xfffb934b
push eax
mov edx, dword [ebp - 0x3c]
xor ecx, ecx
push eax
lea eax, [ebp - 0x24]
push eax
movzx eax, byte [ebx + 0x2488]
push 1
push 0
push 0
push 0xa
push eax
mov eax, ebx
mov dword [ebp - 0x24], 0
call fcn_fffb887d  ; call 0xfffb887d
mov eax, dword [ebp - 0x20]
add esp, 0x18
mov edx, dword [ebp - 0x3c]
xor ecx, ecx
mov dword [edi + 0x20], eax
mov eax, dword [ebp - 0x1c]
mov dword [edi + 0x24], eax
lea eax, [ebp - 0x24]
push eax
movzx eax, byte [ebx + 0x2488]
push 1
push 0
push 0
push 0xc
push eax
mov eax, ebx
mov dword [ebp - 0x24], 0
call fcn_fffb887d  ; call 0xfffb887d
mov eax, dword [ebp - 0x20]
add esp, 0x18
add dword [edi + 0x20], eax
xor ecx, ecx
mov eax, dword [ebp - 0x1c]
add dword [edi + 0x24], eax
lea eax, [ebp - 0x24]
mov edx, dword [ebp - 0x3c]
push eax
movzx eax, byte [ebx + 0x2488]
push 1
push 0
push 0
push 0xa
push eax
mov eax, ebx
mov dword [ebp - 0x24], 1
call fcn_fffb887d  ; call 0xfffb887d
mov eax, dword [ebp - 0x20]
add esp, 0x20
mov dword [edi + 0x28], eax
mov edx, dword [ebp - 0x1c]
add eax, edx
mov dword [ebp - 0x44], eax
mov eax, dword [edi + 0x20]
add dword [ebp - 0x44], eax
mov eax, dword [edi + 0x24]
add dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x8c]
mov dword [edi + 0x2c], edx
mov dword [ebp - 0x70], eax

loc_fffb934b:  ; not directly referenced
cmp dword [ebp - 0x90], 1
jne short loc_fffb936b  ; jne 0xfffb936b
mov eax, dword [ebp - 0x68]
test ax, ax
cmove ax, word [ebp - 0x40]
mov word [ebp - 0x40], 0x3fff
mov word [ebp - 0x68], ax
jmp short loc_fffb937d  ; jmp 0xfffb937d

loc_fffb936b:  ; not directly referenced
mov ecx, dword [ebp - 0x40]
mov eax, 0x3fff
test cx, cx
cmovne eax, ecx
mov word [ebp - 0x40], ax

loc_fffb937d:  ; not directly referenced
movzx eax, word [ebp - 0x68]
movzx edx, word [ebp - 0x40]
movzx ecx, word [ebp - 0x56]
test ax, ax
cmove eax, edx
push eax
movzx eax, dx
push eax
movzx eax, word [ebp - 0x4c]
mov edx, esi
push eax
movzx eax, byte [ebp - 0x75]
push eax
mov eax, ebx
call fcn_fffa6d61  ; call 0xfffa6d61
mov ax, word [ebp - 0x4a]
add esp, 0x10
add word [esi + 0x30], ax
add ax, word [esi + 0x34]
add eax, dword [ebp - 0x44]
inc byte [ebp - 0x76]
mov word [esi + 0x34], ax
mov eax, dword [esi]
add dword [ebp - 0x6c], eax
mov eax, dword [esi + 4]
add dword [ebp - 0x6c], eax
mov eax, dword [esi + 0x14]
add dword [ebp - 0x6c], eax
mov eax, dword [esi + 8]
add dword [ebp - 0x50], eax
mov eax, dword [esi + 0x10]
add dword [ebp - 0x50], eax
mov eax, dword [esi + 0xc]
add dword [ebp - 0x50], eax
mov eax, dword [esi + 0x18]
add dword [ebp - 0x50], eax

loc_fffb93e9:  ; not directly referenced
inc dword [ebp - 0x54]
add esi, 0x36
cmp dword [ebp - 0x54], 4
jne loc_fffb90cd  ; jne 0xfffb90cd
inc dword [ebp - 0x3c]
add edi, 0xd8
add dword [ebp - 0x48], 0x13c3
cmp dword [ebp - 0x3c], 2
jne loc_fffb909d  ; jne 0xfffb909d
movzx edi, byte [ebp - 0x76]
movzx esi, word [ebp - 0x4a]
mov eax, edi
test al, al
mov al, 1
cmove edi, eax
xor edx, edx
mov eax, edi
movzx ecx, al
mov eax, dword [ebp - 0x6c]
div ecx
xor edx, edx
add esi, eax
mov eax, dword [ebp - 0x50]
div ecx
cmp byte [ebx + 0x3690], 0
jne short loc_fffb945c  ; jne 0xfffb945c
mov word [ebx + 0x3693], ax
mov eax, dword [ebp - 0x44]
mov word [ebx + 0x3691], si
mov word [ebx + 0x3695], ax
jmp short loc_fffb9474  ; jmp 0xfffb9474

loc_fffb945c:  ; not directly referenced
mov word [ebx + 0x3699], ax
mov eax, dword [ebp - 0x44]
mov word [ebx + 0x3697], si
mov word [ebx + 0x369b], ax

loc_fffb9474:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb947c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c0
mov ebx, dword [ebp + 8]
lea esi, [ebp - 0x1c8]
mov eax, dword [ebx + 0x2443]
push 0
push 0x1b0
push esi
call dword [eax + 0x5c]  ; ucall
mov edx, esi
mov eax, ebx
call fcn_fffb8ffd  ; call 0xfffb8ffd
add esp, 0x10
cmp byte [ebx + 0x3690], 0
je loc_fffb954f  ; je 0xfffb954f
mov dx, word [ebx + 0x3691]
xor ecx, ecx
movzx eax, word [ebx + 0x3697]
cmp dx, ax
jbe short loc_fffb94e2  ; jbe 0xfffb94e2
movzx ecx, dx
xor edx, edx
mov edi, ecx
sub edi, eax
mov eax, edi
shl eax, 8
div ecx
mov cl, al

loc_fffb94e2:  ; not directly referenced
mov dx, word [ebx + 0x3693]
xor esi, esi
movzx eax, word [ebx + 0x3699]
cmp dx, ax
jbe short loc_fffb9509  ; jbe 0xfffb9509
movzx esi, dx
xor edx, edx
mov edi, esi
sub edi, eax
mov eax, edi
shl eax, 8
div esi
mov esi, eax

loc_fffb9509:  ; not directly referenced
movzx edi, word [ebx + 0x3695]
xor eax, eax
movzx edx, word [ebx + 0x369b]
cmp di, dx
jbe short loc_fffb9529  ; jbe 0xfffb9529
mov eax, edi
sub eax, edx
xor edx, edx
shl eax, 8
div edi

loc_fffb9529:  ; not directly referenced
xor edx, edx
mov dl, cl
mov ecx, esi
movzx eax, al
mov dh, cl
mov ecx, edx
mov edx, 0x59b8
shl eax, 0x10
and ecx, 0xff00ffff
or ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffb9556  ; jmp 0xfffb9556

loc_fffb954f:  ; not directly referenced
mov byte [ebx + 0x3690], 1

loc_fffb9556:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb9560:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
mov ebx, eax
sub esp, 0x34
mov dword [ebp - 0x1c], eax
mov eax, dword [eax + 0x18a7]
lea edi, [ebx + 0x3756]
mov byte [ebp - 0x1d], dl
mov edx, dword [ebx + 0x2480]
mov eax, dword [ebx + eax*4 + 0x3735]
push 0
push 1
push 0
push 0
push 1
push 0
mov dword [ebp - 0x30], eax
shr eax, 1
mov dword [ebp - 0x28], edx
xor edx, edx
mov dword [ebp - 0x2c], eax
mov eax, ebx
call fcn_fffb887d  ; call 0xfffb887d
add esp, 0x20
mov byte [ebp - 0x1e], 2
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x34], eax

loc_fffb95bf:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffb9676  ; jne 0xfffb9676
mov al, byte [edi + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x1f], al

loc_fffb95d3:  ; not directly referenced
mov eax, 1
shl eax, cl
test byte [ebp - 0x1f], al
je loc_fffb966a  ; je 0xfffb966a
mov al, cl
inc esi
shr al, 1
movzx eax, al
imul eax, eax, 0x128
cmp dword [ebp - 0x28], 3
lea eax, [edi + eax + 0x126b]
jne short loc_fffb961d  ; jne 0xfffb961d
cmp byte [ebp - 0x1d], 0
mov ebx, 7
je short loc_fffb965e  ; je 0xfffb965e
movzx eax, word [eax + 6]
dec eax
and eax, 0xf
sub ebx, eax
mov eax, 1
cmove ebx, eax
jmp short loc_fffb965e  ; jmp 0xfffb965e

loc_fffb961d:  ; not directly referenced
cmp dword [ebp - 0x28], 2
jne short loc_fffb9639  ; jne 0xfffb9639
cmp byte [ebp - 0x1d], 0
mov ebx, 7
je short loc_fffb965e  ; je 0xfffb965e
movzx eax, word [eax + 2]
and eax, 6
sub ebx, eax
jmp short loc_fffb965e  ; jmp 0xfffb965e

loc_fffb9639:  ; not directly referenced
cmp byte [ebp - 0x1d], 0
mov ebx, 6
je short loc_fffb965e  ; je 0xfffb965e
mov bx, word [eax + 2]
mov eax, ebx
shr ax, 5
and eax, 1
shr bx, 1
add eax, eax
and ebx, 1
or ebx, eax
add ebx, 6

loc_fffb965e:  ; not directly referenced
mov eax, 0xf0
xor edx, edx
div ebx
add dword [ebp - 0x24], eax

loc_fffb966a:  ; not directly referenced
add ecx, 2
cmp ecx, 4
jne loc_fffb95d3  ; jne 0xfffb95d3

loc_fffb9676:  ; not directly referenced
add edi, 0x13c3
dec byte [ebp - 0x1e]
jne loc_fffb95bf  ; jne 0xfffb95bf
mov eax, esi
mov edi, dword [ebp - 0x34]
mov ecx, 1
test al, al
mov al, 1
cmove esi, eax
xor edx, edx
mov eax, esi
movzx esi, al
mov eax, dword [ebp - 0x24]
div esi
test eax, eax
sete bl
test di, di
sete dl
movzx edi, di
test bl, dl
mov ebx, dword [ebp - 0x30]
cmovne eax, ecx
xor edx, edx
add edi, eax
add edi, edi
imul esi, ebx, 0xfa00
mov eax, esi
div edi
mov edx, dword [ebp - 0x1c]
movzx edi, word [edx + 0x2489]
xor edx, edx
imul edi, edi, 0xc0
mov esi, eax
imul eax, ebx, 0x7d00
div edi
mov edx, dword [ebp - 0x1c]
mov edi, 0x64
imul eax, eax, 0x3e8
lea ebx, [esi + eax]
movzx esi, word [edx + 0x1902]
xor edx, edx
sub esi, dword [ebp - 0x2c]
shr ebx, 5
imul eax, esi, 0x3e8
div edi
mov di, 0xc8
xor edx, edx
mov esi, eax
imul eax, dword [ebp - 0x2c], 0x3e8
div edi
test esi, esi
cmove esi, ecx
mov edi, ecx
mov edx, 0x3a28
test eax, eax
cmovne edi, eax
mov eax, dword [ebp - 0x1c]
call fcn_fffae52a  ; call 0xfffae52a
xor edx, edx
mov ecx, eax
mov eax, ebx
div edi
mov edi, 0xf
add eax, eax
cmp eax, 0xf
cmovbe edi, eax
mov eax, ebx
xor edx, edx
and edi, 0xf
div esi
and ecx, 0xfffe00ff
mov esi, dword [ebp - 0x1c]
mov edx, 0x1f
shl edi, 8
lea ebx, [eax + eax]
mov eax, esi
cmp ebx, 0x1f
cmovbe edx, ebx
or ecx, edi
and edx, 0x1f
shl edx, 0xc
or ecx, edx
mov edx, 0x3a28
and ecx, 0xff0fffff
or ecx, 0x800000
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x5f08
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
mov edx, 0xe1
pop esi
pop edi
pop ebp
jmp near fcn_fffa834b  ; jmp 0xfffa834b

fcn_fffb97c0:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov bl, cl
sub esp, 0xb0
mov esi, dword [ebp + 0x10]
mov cl, byte [ebp + 0x14]
mov dword [ebp - 0x74], eax
mov dword [ebp - 0x6c], esi
mov esi, dword [ebp + 0x20]
mov byte [ebp - 0x8a], cl
mov ecx, esi
mov byte [ebp - 0x9b], cl
mov cl, byte [ebp + 0x28]
mov dword [ebp - 0x94], esi
mov esi, dword [eax + 0x2443]
mov byte [ebp - 0x8c], cl
mov ecx, eax
movzx eax, dl
mov dword [ebp - 0x90], eax
imul eax, eax, 0x13c3
lea edi, [ecx + eax + 0x3756]
mov eax, dword [edi + 0xc0]
mov dword [ebp - 0x98], eax
mov eax, dword [ecx + 0x188b]
push 0
push 0x36
mov dword [ebp - 0x7c], eax
lea eax, [ebp - 0x4e]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x5e]
push eax
call dword [esi + 0x60]  ; ucall
add esp, 0xc
push 0xffff
push 4
lea eax, [ebp - 0x56]
push eax
call dword [esi + 0x60]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x7c], 1
mov dword [ebp - 0x88], 0
jne short loc_fffb9893  ; jne 0xfffb9893
cmp byte [edi + 0x1390], 5
mov al, byte [edi + 0x1268]
je short loc_fffb9889  ; je 0xfffb9889
cmp al, 5
sete al
movzx eax, al
mov dword [ebp - 0x88], eax
jmp short loc_fffb9893  ; jmp 0xfffb9893

loc_fffb9889:  ; not directly referenced
mov dword [ebp - 0x88], 1

loc_fffb9893:  ; not directly referenced
movzx eax, byte [ebp - 0x6c]
mov esi, dword [ebp + 0xc]
mov word [ebp - 0x6c], 0
mov byte [ebp - 0x8b], 0
mov edi, eax
mov dword [ebp - 0xa0], eax
movzx eax, byte [ebp - 0x94]
mov word [ebp - 0x6e], 0xffff
mov word [ebp - 0x70], 0
imul eax, edi
add edi, edi
mov dword [ebp - 0xa4], edi
lea eax, [esi + eax*2]
mov esi, dword [ebp - 0x90]
mov dword [ebp - 0x80], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x84], eax
mov eax, esi
add eax, esi
mov dword [ebp - 0xa8], eax
movzx eax, bl
mov dword [ebp - 0xac], eax

loc_fffb98f5:  ; not directly referenced
mov al, byte [ebp - 0x8a]
mov bl, byte [ebp - 0x8b]
cmp bl, al
je loc_fffb9ad4  ; je 0xfffb9ad4
movzx eax, bl
mov ebx, dword [ebp + 0xc]
xor ecx, ecx
lea ebx, [ebx + eax*2]
xor eax, eax

loc_fffb9916:  ; not directly referenced
cmp byte [ebp - 0x9b], al
jbe short loc_fffb9943  ; jbe 0xfffb9943
mov dx, word [ebx + ecx]
cmp word [ebp + eax*2 - 0x5e], dx
jae short loc_fffb992e  ; jae 0xfffb992e
mov word [ebp + eax*2 - 0x5e], dx

loc_fffb992e:  ; not directly referenced
cmp word [ebp + eax*2 - 0x56], dx
jbe short loc_fffb993a  ; jbe 0xfffb993a
mov word [ebp + eax*2 - 0x56], dx

loc_fffb993a:  ; not directly referenced
inc eax
add ecx, dword [ebp - 0xa4]
jmp short loc_fffb9916  ; jmp 0xfffb9916

loc_fffb9943:  ; not directly referenced
cmp dword [ebp + 0x24], 0
jne loc_fffb9a87  ; jne 0xfffb9a87
mov edi, dword [ebp - 0x84]
xor esi, esi
xor ebx, ebx
mov eax, dword [ebp - 0x74]
movsx edx, byte [edi + 8]
call fcn_fffa6cfe  ; call 0xfffa6cfe
add edi, dword [ebp - 0xa8]
mov byte [ebp - 0x89], 0
mov byte [ebp - 0x78], 0
mov word [ebp - 0x9a], ax

loc_fffb997b:  ; not directly referenced
mov eax, dword [ebp - 0xac]
bt eax, esi
jae short loc_fffb9a00  ; jae 0xfffb9a00
push eax
mov edx, dword [ebp - 0x90]
push eax
mov eax, dword [ebp - 0x74]
push 0
push 1
push 0
push 0
push 9
lea ecx, [esi + esi]
push 0
call fcn_fffb887d  ; call 0xfffb887d
movzx edx, byte [edi + esi + 4]
add esp, 0x20
add byte [ebp - 0x78], al
movzx ecx, byte [edx + ref_fffd58b8]  ; movzx ecx, byte [edx - 0x2a748]
movzx eax, byte [edi + esi]
cmp dword [ebp - 0x98], 1
mov word [ebp - 0x6c], cx
movzx eax, byte [eax + ref_fffd58b8]  ; movzx eax, byte [eax - 0x2a748]
jne short loc_fffb99e0  ; jne 0xfffb99e0
test cx, cx
cmovne eax, ecx
mov word [ebp - 0x6c], ax
mov eax, 0x3fff
jmp short loc_fffb99eb  ; jmp 0xfffb99eb

loc_fffb99e0:  ; not directly referenced
test ax, ax
mov edx, 0x3fff
cmove eax, edx

loc_fffb99eb:  ; not directly referenced
mov ecx, dword [ebp - 0x6c]
test cx, cx
cmove ecx, eax
add ebx, eax
inc byte [ebp - 0x89]
mov word [ebp - 0x6c], cx

loc_fffb9a00:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffb997b  ; jne 0xfffb997b
cmp byte [ebp - 0x89], 0
je short loc_fffb9a32  ; je 0xfffb9a32
movzx esi, byte [ebp - 0x89]
movzx eax, bx
cdq
mov ebx, esi
movzx ecx, bl
idiv ecx
mov ecx, esi
mov ebx, eax
movzx eax, byte [ebp - 0x78]
div cl
mov byte [ebp - 0x78], al

loc_fffb9a32:  ; not directly referenced
lea eax, [ebx - 0x79]
mov ecx, 0x1e
cmp ax, 0x3f85
mov eax, 0xf0
cmovbe ebx, eax
movzx eax, word [ebp - 0x6c]
movzx ebx, bx
lea edx, [ebp - 0x4e]
lea esi, [ebp - 0x4e]
push eax
movzx eax, word [ebp - 0x9a]
push ebx
push eax
movzx eax, byte [ebp - 0x78]
push eax
mov eax, dword [ebp - 0x74]
call fcn_fffa6d61  ; call 0xfffa6d61
mov ax, word [ebp - 0x1a]
mov ecx, 0x36
mov edi, dword [ebp - 0x80]
add esp, 0x10
mov word [edi], ax
mov eax, dword [ebp - 0x84]
lea edi, [eax + 0xd]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]

loc_fffb9a87:  ; not directly referenced
mov eax, dword [ebp - 0x80]
cmp byte [ebp - 0x8a], 1
mov ax, word [eax]
je short loc_fffb9ab1  ; je 0xfffb9ab1
mov edx, dword [ebp - 0x70]
mov bx, word [ebp - 0x6e]
cmp ax, dx
cmovae edx, eax
cmp bx, ax
cmovbe eax, ebx
mov word [ebp - 0x6e], ax
mov eax, edx
jmp short loc_fffb9ab7  ; jmp 0xfffb9ab7

loc_fffb9ab1:  ; not directly referenced
mov word [ebp - 0x6e], 0

loc_fffb9ab7:  ; not directly referenced
inc byte [ebp - 0x8b]
add dword [ebp - 0x80], 2
add dword [ebp - 0x84], 0x54e
mov word [ebp - 0x70], ax
jmp near loc_fffb98f5  ; jmp 0xfffb98f5

loc_fffb9ad4:  ; not directly referenced
mov edi, dword [ebp - 0x94]
mov al, 4
mov word [ebp - 0x6c], 0x7fff
mov word [ebp - 0x80], 0
mov ebx, edi
cmp bl, 4
cmovbe eax, edi
xor edi, edi
mov byte [ebp - 0x78], al
mov eax, dword [ebp - 0x88]
xor eax, 1
and eax, 1
mov byte [ebp - 0x89], al

loc_fffb9b07:  ; not directly referenced
mov eax, edi
cmp byte [ebp - 0x78], al
jbe loc_fffb9bd4  ; jbe 0xfffb9bd4
mov si, word [ebp + edi*2 - 0x5e]
add word [ebp - 0x80], si
cmp byte [ebp - 0x8c], 6
mov eax, dword [ebp + 0x18]
sete dl
cmp dword [ebp - 0x7c], 1
mov cl, byte [eax + edi]
sete al
xor ebx, ebx
test dl, al
je short loc_fffb9b43  ; je 0xfffb9b43
cmp cl, 1
mov eax, 0x28
cmove ebx, eax

loc_fffb9b43:  ; not directly referenced
cmp byte [ebp - 0x8c], 8
setne dl
cmp dword [ebp - 0x7c], 1
setne al
or dl, al
jne short loc_fffb9b6c  ; jne 0xfffb9b6c
cmp cl, 2
setne al
or al, byte [ebp - 0x89]
mov eax, 0x50
cmove ebx, eax

loc_fffb9b6c:  ; not directly referenced
movzx eax, si
mov esi, dword [ebp + 0x1c]
cdq
movzx esi, byte [esi + edi]
idiv esi
movzx esi, cl
mov edx, esi
xor ecx, ecx
mov dword [ebp - 0x84], esi
mov dword [ebp - 0x88], eax
mov eax, dword [ebp - 0x74]
call fcn_fffb13cf  ; call 0xfffb13cf
mov edx, dword [ebp - 0x84]
mov ecx, 1
movzx esi, ax
mov eax, dword [ebp - 0x74]
call fcn_fffb13cf  ; call 0xfffb13cf
mov edx, dword [ebp - 0x88]
sub edx, esi
imul edx, edx, 0x64
movzx eax, ax
add ebx, eax
sub ebx, esi
mov eax, edx
cdq
idiv ebx
mov ebx, dword [ebp - 0x6c]
cmp bx, ax
cmovle eax, ebx
inc edi
mov word [ebp - 0x6c], ax
jmp near loc_fffb9b07  ; jmp 0xfffb9b07

loc_fffb9bd4:  ; not directly referenced
movzx eax, word [ebp - 0x80]
mov ebx, 0x64
movzx ecx, byte [ebp - 0x78]
cdq
idiv ecx
mov dword [ebp - 0x74], eax
movsx eax, word [ebp - 0x6c]
imul eax, eax, 0x41
cdq
idiv ebx
xor bl, bl
movzx edi, ax
cmp ax, 0x64
jbe short loc_fffb9c04  ; jbe 0xfffb9c04
lea ebx, [eax - 0x64]
mov edi, 0x64

loc_fffb9c04:  ; not directly referenced
imul ecx, dword [ebp - 0xa0]
movzx ebx, bx
mov eax, dword [ebp + 0xc]
lea esi, [eax + ecx*2]
xor ecx, ecx
lea eax, [edi + ebx]
mov dword [ebp - 0x7c], eax
movzx eax, word [ebp - 0x6e]
mov dword [ebp - 0x80], eax
movzx eax, word [ebp - 0x70]
mov dword [ebp - 0x84], eax

loc_fffb9c2d:  ; not directly referenced
cmp byte [ebp - 0x8a], cl
jbe short loc_fffb9c93  ; jbe 0xfffb9c93
cmp word [ebp - 0x6c], 0
jns short loc_fffb9c44  ; jns 0xfffb9c44
mov word [esi + ecx*2], 1
jmp short loc_fffb9c90  ; jmp 0xfffb9c90

loc_fffb9c44:  ; not directly referenced
mov ax, word [ebp - 0x6e]
cmp word [ebp - 0x70], ax
je short loc_fffb9c68  ; je 0xfffb9c68
movzx eax, word [esi + ecx*2]
sub eax, dword [ebp - 0x80]
imul eax, eax, 0x64
cdq
idiv dword [ebp - 0x84]
mov edx, 0x64
sub edx, eax
jmp short loc_fffb9c6a  ; jmp 0xfffb9c6a

loc_fffb9c68:  ; not directly referenced
xor edx, edx

loc_fffb9c6a:  ; not directly referenced
movzx edx, dx
mov ebx, 0x64
imul edx, dword [ebp - 0x7c]
mov eax, ebx
sub eax, edi
mov dword [ebp - 0x78], eax
mov eax, edx
cdq
idiv ebx
add eax, dword [ebp - 0x78]
imul eax, dword [ebp - 0x74]
cdq
idiv ebx
mov word [esi + ecx*2], ax

loc_fffb9c90:  ; not directly referenced
inc ecx
jmp short loc_fffb9c2d  ; jmp 0xfffb9c2d

loc_fffb9c93:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffb9c9b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3d0
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x5edc]
mov dword [ebp - 0x344], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2443]
push 0x20
push 0x200
mov edi, eax
mov dword [ebp - 0x38c], eax
lea eax, [ebp - 0x218]
push eax
mov eax, edi
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0x10
mov al, byte [eax + 0x248d]
mov byte [ebp - 0x3c8], al
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x348], al
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 3
jne loc_fffbb0bf  ; jne 0xfffbb0bf
mov eax, dword [eax + 0x5edc]
lea edi, [ebp - 0x260]
mov esi, ref_fffd58c0  ; mov esi, 0xfffd58c0
mov ecx, 6
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea ebx, [ebp - 0x2a8]
mov esi, 1
mov dword [ebp - 0x33c], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2443]
push edi
push 0
push 0x10
push ebx
lea edi, [ebp - 0x298]
mov dword [ebp - 0x340], eax
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0xc
lea edx, [ebp - 0x2c8]
mov byte [ebp - 0x2a7], 1
mov eax, dword [eax + 0x2443]
push 0
push 0xc
push edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10

loc_fffb9d76:  ; not directly referenced
movzx eax, byte [ebx]
xor ecx, ecx
mov dword [ebp - 0x344], eax

loc_fffb9d81:  ; not directly referenced
mov eax, dword [ebp + ecx*4 - 0x2c8]
mov edx, eax
add eax, eax
and edx, 0x8000
movzx eax, ax
shr edx, 0xf
or eax, edx
mov edx, esi
shl edx, cl
and edx, dword [ebp - 0x344]
sar edx, cl
or eax, edx
mov dword [ebp + ecx*4 - 0x2c8], eax
inc ecx
cmp ecx, 3
jne short loc_fffb9d81  ; jne 0xfffb9d81
inc ebx
cmp ebx, edi
jne short loc_fffb9d76  ; jne 0xfffb9d76
lea eax, [ebp - 0x2c8]
lea ebx, [ebp - 0x2bc]

loc_fffb9dc6:  ; not directly referenced
mov edx, dword [eax]
add eax, 4
mov ecx, edx
add edx, edx
and ecx, 0x8000
movzx edx, dx
shr ecx, 0xf
or edx, ecx
mov dword [eax - 4], edx
cmp eax, ebx
jne short loc_fffb9dc6  ; jne 0xfffb9dc6
mov edi, dword [ebp - 0x33c]
xor ebx, ebx
add edi, 0x1c

loc_fffb9def:  ; not directly referenced
imul eax, ebx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + eax + 0x381a], 1
jne short loc_fffb9e21  ; jne 0xfffb9e21

loc_fffb9e02:  ; not directly referenced
inc ebx
add edi, 0xcc
cmp ebx, 2
jne short loc_fffb9def  ; jne 0xfffb9def
mov byte [ebp - 0x340], 0
mov byte [ebp - 0x33c], 0
jmp near loc_fffb9f6f  ; jmp 0xfffb9f6f

loc_fffb9e21:  ; not directly referenced
imul eax, ebx, 0x54a
push esi
mov esi, dword [ebp + 8]
push 0xff
push 0x40
lea eax, [esi + eax + 0x1e69]
push eax
mov eax, dword [ebp - 0x340]
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
mov byte [ebp - 0x33c], 0

loc_fffb9e4d:  ; not directly referenced
mov esi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [esi + 0x2488]
jae short loc_fffb9e8a  ; jae 0xfffb9e8a
movzx ecx, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov esi, dword [edi + ecx*4 + 0x28]
call fcn_fffa720e  ; call 0xfffa720e
or esi, 0x60
mov ecx, esi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x33c]
jmp short loc_fffb9e4d  ; jmp 0xfffb9e4d

loc_fffb9e8a:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
mov esi, dword [edi]
call fcn_fffa7288  ; call 0xfffa7288
or esi, 0x1000008
mov ecx, esi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
sub esp, 0xc
mov cl, bl
mov edx, 1
shl edx, cl
mov ecx, 1
push 0
call fcn_fffd2c53  ; call 0xfffd2c53
add esp, 0x10
test eax, eax
je loc_fffb9e02  ; je 0xfffb9e02
jmp near loc_fffbb9fc  ; jmp 0xfffbb9fc

loc_fffb9ed8:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
test byte [edi + eax + 0x381a], 1
je short loc_fffb9f26  ; je 0xfffb9f26
sub esp, 0xc
mov cl, bl
push dword [ebp - 0x2c0]
mov eax, 1
push dword [ebp - 0x2c4]
mov edx, ebx
push dword [ebp - 0x2c8]
shl eax, cl
xor ecx, ecx
or byte [ebp - 0x340], al
lea eax, [ebp - 0x260]
push 2
push eax
mov eax, edi
call fcn_fffd2b18  ; call 0xfffd2b18
add esp, 0x20

loc_fffb9f26:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffb9ed8  ; jne 0xfffb9ed8
movzx edx, byte [ebp - 0x340]
xor edi, edi
mov eax, dword [ebp + 8]
call fcn_fffd2a2c  ; call 0xfffd2a2c

loc_fffb9f3d:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp + 8]
mov dword [ebp - 0x348], eax
test byte [esi + eax + 0x381a], 1
jne short loc_fffb9fb2  ; jne 0xfffb9fb2

loc_fffb9f56:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffb9f3d  ; jne 0xfffb9f3d
inc byte [ebp - 0x33c]
cmp byte [ebp - 0x33c], 8
je loc_fffba085  ; je 0xfffba085

loc_fffb9f6f:  ; not directly referenced
mov dl, byte [ebp - 0x33c]
mov ebx, 1
mov eax, ebx
shr dl, 1
movzx ecx, dl
add ecx, 5
shl eax, cl
mov cl, dl
shl ebx, cl
mov cl, byte [ebp - 0x33c]
xor edx, edx
or eax, ebx
mov ebx, edx
and cl, 1
cmove ebx, eax
cmove eax, edx
mov dword [ebp - 0x254], ebx
xor ebx, ebx
mov dword [ebp - 0x250], eax
jmp near loc_fffb9ed8  ; jmp 0xfffb9ed8

loc_fffb9fb2:  ; not directly referenced
imul eax, edi, 0x54a
mov esi, dword [ebp + 8]
xor ebx, ebx
lea eax, [esi + eax + 0x196b]
mov dword [ebp - 0x344], eax

loc_fffb9fca:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2488]
jae short loc_fffba026  ; jae 0xfffba026
mov ecx, dword [ebp + 8]
movzx esi, bl
mov edx, dword [ebp - 0x348]
mov eax, dword [ebp - 0x344]
cmp byte [ecx + edx + 0x49ba], 0x20
mov al, byte [eax + esi + 0x4f6]
jne short loc_fffba006  ; jne 0xfffba006
test al, 2
je short loc_fffba006  ; je 0xfffba006
mov byte [ebp + esi - 0x2e8], 0
jmp short loc_fffba023  ; jmp 0xfffba023

loc_fffba006:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, esi
mov edx, edi
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
mov byte [ebp + esi - 0x2e8], al

loc_fffba023:  ; not directly referenced
inc ebx
jmp short loc_fffb9fca  ; jmp 0xfffb9fca

loc_fffba026:  ; not directly referenced
xor edx, edx

loc_fffba028:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dl, byte [eax + 0x2488]
jae loc_fffb9f56  ; jae 0xfffb9f56
movzx eax, dl
mov al, byte [ebp + eax - 0x2e8]
test al, al
je short loc_fffba082  ; je 0xfffba082
xor ebx, ebx
xor ecx, ecx
xor esi, esi

loc_fffba04b:  ; not directly referenced
test al, 1
je short loc_fffba05a  ; je 0xfffba05a
test esi, esi
jne short loc_fffba05f  ; jne 0xfffba05f
movzx ebx, cl
mov si, 1

loc_fffba05a:  ; not directly referenced
inc ecx
shr al, 1
jne short loc_fffba04b  ; jne 0xfffba04b

loc_fffba05f:  ; not directly referenced
mov esi, dword [ebp - 0x344]
movzx eax, dl
lea ecx, [esi + eax*8]
mov al, byte [esi + eax + 0x4f6]
mov esi, dword [ebp - 0x33c]
lea eax, [esi + eax*8]
mov byte [ebx + ecx + 0x4fe], al

loc_fffba082:  ; not directly referenced
inc edx
jmp short loc_fffba028  ; jmp 0xfffba028

loc_fffba085:  ; not directly referenced
mov eax, dword [ebp + 8]
test byte [eax + 0x381a], 1
jne short loc_fffba09f  ; jne 0xfffba09f

loc_fffba091:  ; not directly referenced
mov eax, dword [ebp + 8]
test byte [eax + 0x4bdd], 1
je short loc_fffba0e4  ; je 0xfffba0e4
jmp short loc_fffba0c2  ; jmp 0xfffba0c2

loc_fffba09f:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, 1
push 2
mov edx, 1
call fcn_fffd2c53  ; call 0xfffd2c53
add esp, 0x10
test eax, eax
je short loc_fffba091  ; je 0xfffba091
jmp near loc_fffbb9fc  ; jmp 0xfffbb9fc

loc_fffba0c2:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, 1
push 2
mov edx, 2
call fcn_fffd2c53  ; call 0xfffd2c53
add esp, 0x10
test eax, eax
jne loc_fffbb9fc  ; jne 0xfffbb9fc

loc_fffba0e4:  ; not directly referenced
mov eax, dword [ebp + 8]
mov esi, dword [eax + 0x5edc]
mov ebx, dword [eax + 0x2443]
mov al, byte [eax + 0x248d]
push ecx
push 0x7f
push 0x48
mov byte [ebp - 0x34c], al
lea eax, [ebp - 0x2a8]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x48
lea eax, [ebp - 0x260]
push eax
call dword [ebx + 0x5c]  ; ucall
lea eax, [esi + 0x1c]
add esp, 0x10
mov dword [ebp - 0x340], eax
mov esi, eax
xor ebx, ebx

loc_fffba12f:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffba1a9  ; jne 0xfffba1a9
mov byte [ebp - 0x33c], 0

loc_fffba149:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2488]
jae short loc_fffba186  ; jae 0xfffba186
movzx ecx, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov edi, dword [esi + ecx*4 + 0x28]
call fcn_fffa720e  ; call 0xfffa720e
or edi, 0x60
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x33c]
jmp short loc_fffba149  ; jmp 0xfffba149

loc_fffba186:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
mov edi, dword [esi]
call fcn_fffa7288  ; call 0xfffa7288
or edi, 0x1000008
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffba1a9:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne loc_fffba12f  ; jne 0xfffba12f
xor edi, edi

loc_fffba1bb:  ; not directly referenced
mov ebx, 1
mov ecx, edi
shl ebx, cl
test byte [ebp - 0x34c], bl
jne short loc_fffba1df  ; jne 0xfffba1df

loc_fffba1cc:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffba1bb  ; jne 0xfffba1bb
mov esi, dword [ebp - 0x340]
xor ebx, ebx
jmp near loc_fffba2d9  ; jmp 0xfffba2d9

loc_fffba1df:  ; not directly referenced
xor esi, esi

loc_fffba1e1:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov byte [ebp - 0x33c], bl
test byte [ecx + eax + 0x381a], bl
je short loc_fffba241  ; je 0xfffba241
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 0
call fcn_fffd2c53  ; call 0xfffd2c53
add esp, 0x10
test eax, eax
jne loc_fffba7d0  ; jne 0xfffba7d0
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, edi
push 0
mov edx, esi
push 0x4000
push 0x3000
push 4
push ref_fffd665c  ; push 0xfffd665c
call fcn_fffd2b18  ; call 0xfffd2b18
add esp, 0x20

loc_fffba241:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba1e1  ; jne 0xfffba1e1
push eax
mov ecx, 0x7f
push eax
mov edx, edi
lea eax, [ebp - 0x2a8]
xor si, si
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffd2f8e  ; call 0xfffd2f8e
xor ecx, ecx
pop eax
pop edx
mov edx, edi
lea eax, [ebp - 0x260]
push eax
mov eax, dword [ebp + 8]
push 0xfffffffffffffffe
call fcn_fffd2f8e  ; call 0xfffd2f8e
add esp, 0x10

loc_fffba27e:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov dl, byte [ebp - 0x33c]
test byte [ecx + eax + 0x381a], dl
jne short loc_fffba2a1  ; jne 0xfffba2a1

loc_fffba296:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba27e  ; jne 0xfffba27e
jmp near loc_fffba1cc  ; jmp 0xfffba1cc

loc_fffba2a1:  ; not directly referenced
push eax
push 1
push 0x40
push 1
push 3
push 4
push esi
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp + 8]
add esp, 0x14
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 2
call fcn_fffd2c53  ; call 0xfffd2c53
add esp, 0x10
test eax, eax
je short loc_fffba296  ; je 0xfffba296
jmp near loc_fffba7d0  ; jmp 0xfffba7d0

loc_fffba2d9:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3756], 2
je short loc_fffba369  ; je 0xfffba369

loc_fffba2ec:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne short loc_fffba2d9  ; jne 0xfffba2d9
mov eax, dword [ebp + 8]
lea esi, [ebp - 0x2e8]
lea ebx, [ebp - 0x2c8]
mov edi, dword [eax + 0x2443]
push ecx
push 0x7f
push 0x10
push esi
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
lea edx, [ebp - 0x308]
push 0x10
push edx
mov dword [ebp - 0x33c], edx
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x10
push ebx
call dword [edi + 0x5c]  ; ucall
mov edx, dword [ebp - 0x33c]
lea eax, [ebp - 0x260]
mov dword [ebp - 0x378], eax
lea eax, [ebp - 0x2a8]
add esp, 0x10
mov dword [ebp - 0x368], eax
xor edi, edi
mov dword [ebp - 0x3a8], esi
mov dword [ebp - 0x3b8], edx
jmp short loc_fffba3c9  ; jmp 0xfffba3c9

loc_fffba369:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [esi]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov byte [ebp - 0x33c], 0

loc_fffba38b:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2488]
jae loc_fffba2ec  ; jae 0xfffba2ec
movzx edi, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [esi + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x33c]
jmp short loc_fffba38b  ; jmp 0xfffba38b

loc_fffba3c9:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp + 8]
cmp dword [esi + eax + 0x3756], 2
jne loc_fffba5cf  ; jne 0xfffba5cf
imul edx, edi, 0x54a
mov dword [ebp - 0x344], 0
lea esi, [esi + edx + 0x196b]
mov dword [ebp - 0x358], esi
mov esi, dword [ebp + 8]
mov al, byte [esi + eax + 0x381a]
mov byte [ebp - 0x354], al
lea eax, [edi*4]
mov dword [ebp - 0x38c], eax
mov eax, dword [ebp - 0x368]
mov dword [ebp - 0x350], eax
mov eax, dword [ebp - 0x378]
mov dword [ebp - 0x348], eax

loc_fffba432:  ; not directly referenced
mov cl, byte [ebp - 0x344]
mov eax, 1
shl eax, cl
test byte [ebp - 0x354], al
je loc_fffba51a  ; je 0xfffba51a
mov eax, dword [ebp + 8]
mov dword [ebp - 0x33c], 0
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x388], al
mov eax, dword [ebp - 0x344]
add eax, dword [ebp - 0x38c]
add eax, eax
lea esi, [ebp + eax - 0x2c8]
mov dword [ebp - 0x390], esi
mov esi, dword [ebp - 0x3b8]
add esi, eax
mov dword [ebp - 0x340], esi
mov esi, dword [ebp - 0x3a8]
add esi, eax

loc_fffba495:  ; not directly referenced
xor eax, eax

loc_fffba497:  ; not directly referenced
cmp byte [ebp - 0x388], al
jbe short loc_fffba4df  ; jbe 0xfffba4df
mov edx, dword [ebp - 0x358]
mov ecx, dword [ebp - 0x33c]
movzx edx, byte [edx + ecx + 0x53e]
bt edx, eax
jae short loc_fffba4dc  ; jae 0xfffba4dc
mov edx, dword [ebp - 0x350]
mov dl, byte [edx + eax]
cmp byte [esi], dl
jbe short loc_fffba4c7  ; jbe 0xfffba4c7
mov byte [esi], dl

loc_fffba4c7:  ; not directly referenced
mov edx, dword [ebp - 0x348]
mov ecx, dword [ebp - 0x340]
mov dl, byte [edx + eax]
cmp byte [ecx], dl
jae short loc_fffba4dc  ; jae 0xfffba4dc
mov byte [ecx], dl

loc_fffba4dc:  ; not directly referenced
inc eax
jmp short loc_fffba497  ; jmp 0xfffba497

loc_fffba4df:  ; not directly referenced
movzx eax, byte [esi]
inc esi
mov ecx, dword [ebp - 0x33c]
inc dword [ebp - 0x33c]
mov edx, eax
mov eax, dword [ebp - 0x340]
inc dword [ebp - 0x340]
movzx eax, byte [eax]
add eax, edx
mov edx, dword [ebp - 0x390]
sar eax, 1
cmp dword [ebp - 0x33c], 2
mov byte [edx + ecx], al
jne loc_fffba495  ; jne 0xfffba495

loc_fffba51a:  ; not directly referenced
inc dword [ebp - 0x344]
add dword [ebp - 0x348], 9
add dword [ebp - 0x350], 9
cmp dword [ebp - 0x344], 4
jne loc_fffba432  ; jne 0xfffba432
xor ecx, ecx
xor edx, edx
mov esi, 1

loc_fffba544:  ; not directly referenced
mov eax, esi
shl eax, cl
test byte [ebp - 0x354], al
je short loc_fffba561  ; je 0xfffba561
mov al, byte [ebx + ecx*2 + 1]
inc edx
sub al, byte [ebx + ecx*2]
mov byte [ebp + ecx - 0x328], al
jmp short loc_fffba569  ; jmp 0xfffba569

loc_fffba561:  ; not directly referenced
mov byte [ebp + ecx - 0x328], 0

loc_fffba569:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffba544  ; jne 0xfffba544
xor ecx, ecx
test dl, dl
je short loc_fffba58d  ; je 0xfffba58d
movsx ecx, byte [ebp - 0x328]
movsx eax, byte [ebp - 0x327]
add eax, ecx
movzx ecx, dl
cdq
idiv ecx
mov cl, al

loc_fffba58d:  ; not directly referenced
mov dl, 2
movsx ax, cl
idiv dl
movzx edx, byte [ebx]
neg eax
add eax, 0x40
add ecx, eax
mov byte [ebp + edi*2 - 0x330], al
movzx eax, byte [ebx + 1]
mov byte [ebp + edi*2 - 0x32f], cl
add eax, edx
movzx edx, byte [ebx + 2]
sar eax, 1
mov byte [ebp + edi*2 - 0x338], al
movzx eax, byte [ebx + 3]
add eax, edx
sar eax, 1
mov byte [ebp + edi*2 - 0x337], al

loc_fffba5cf:  ; not directly referenced
inc edi
add ebx, 8
add dword [ebp - 0x378], 0x24
add dword [ebp - 0x368], 0x24
cmp edi, 2
jne loc_fffba3c9  ; jne 0xfffba3c9
mov eax, dword [ebp + 8]
xor ebx, ebx
mov dword [ebp - 0x344], 0
lea esi, [eax + 0x3756]
lea eax, [ebp - 0x330]
mov dword [ebp - 0x350], eax
mov eax, dword [ebp + 8]
add eax, 0x196b
mov dword [ebp - 0x340], eax
lea eax, [ebp - 0x338]
mov dword [ebp - 0x348], eax
movzx eax, byte [ebp - 0x34c]
mov dword [ebp - 0x33c], eax

loc_fffba632:  ; not directly referenced
cmp dword [esi], 2
jne loc_fffba78f  ; jne 0xfffba78f
xor edi, edi

loc_fffba63d:  ; not directly referenced
mov eax, 1
mov ecx, edi
shl eax, cl
test byte [esi + 0xc4], al
je short loc_fffba66d  ; je 0xfffba66d
mov ecx, dword [ebp - 0x348]
push edx
push 1
movzx edx, byte [ecx + edi]
push edx
push 1
push eax
push 4
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffba66d:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffba63d  ; jne 0xfffba63d
xor ecx, ecx

loc_fffba675:  ; not directly referenced
mov eax, dword [ebp - 0x350]
movzx edi, byte [eax + ecx]
movzx eax, byte [esi + ecx + 0x241]
sub edi, eax
je loc_fffba785  ; je 0xfffba785
push eax
mov eax, 1
push 1
push edi
shl eax, cl
push eax
push dword [ebp - 0x33c]
mov dword [ebp - 0x344], ecx
push 0
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
mov edx, dword [ebp - 0x340]
add esp, 0x20
mov ecx, dword [ebp - 0x344]
mov al, byte [edx + 0x542]
cmp byte [ecx + edx + 0x53e], al
jne short loc_fffba719  ; jne 0xfffba719
push eax
push 1
mov eax, dword [esi + 0x111]
add eax, edi
push eax
push 1
push dword [ebp - 0x33c]
push 2
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 1
mov eax, dword [esi + 0x109]
add eax, edi
push eax
push 1
push dword [ebp - 0x33c]
push 3
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
mov ecx, dword [ebp - 0x344]
add esp, 0x20

loc_fffba719:  ; not directly referenced
mov edx, dword [ebp - 0x340]
mov dword [ebp - 0x344], 1
mov al, byte [edx + 0x543]
cmp byte [ecx + edx + 0x53e], al
jne short loc_fffba785  ; jne 0xfffba785
push eax
push 1
mov eax, dword [esi + 0x115]
mov dword [ebp - 0x34c], ecx
add eax, edi
push eax
push 2
push dword [ebp - 0x33c]
push 2
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 1
add edi, dword [esi + 0x11d]
push edi
push 2
push dword [ebp - 0x33c]
push 1
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
mov ecx, dword [ebp - 0x34c]
add esp, 0x20

loc_fffba785:  ; not directly referenced
inc ecx
cmp ecx, 2
jne loc_fffba675  ; jne 0xfffba675

loc_fffba78f:  ; not directly referenced
inc ebx
add esi, 0x13c3
add dword [ebp - 0x350], 2
add dword [ebp - 0x340], 0x54a
add dword [ebp - 0x348], 2
cmp ebx, 2
jne loc_fffba632  ; jne 0xfffba632
cmp dword [ebp - 0x344], 0
je short loc_fffba7d8  ; je 0xfffba7d8
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
jmp short loc_fffba7d8  ; jmp 0xfffba7d8

loc_fffba7d0:  ; not directly referenced
test eax, eax
jne loc_fffbb9fc  ; jne 0xfffbb9fc

loc_fffba7d8:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x5edc]
mov esi, dword [eax + 0x2443]
mov al, byte [eax + 0x248d]
push ecx
push 0x7f
push 0x48
mov byte [ebp - 0x340], al
lea eax, [ebp - 0x2a8]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x48
lea eax, [ebp - 0x260]
push eax
call dword [esi + 0x5c]  ; ucall
lea eax, [ebx + 0x1c]
add esp, 0x10
mov dword [ebp - 0x348], eax
mov esi, eax
xor ebx, ebx

loc_fffba823:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffba89d  ; jne 0xfffba89d
mov byte [ebp - 0x33c], 0

loc_fffba83d:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2488]
jae short loc_fffba87a  ; jae 0xfffba87a
movzx ecx, byte [ebp - 0x33c]
mov edx, ebx
mov eax, dword [ebp + 8]
mov edi, dword [esi + ecx*4 + 0x28]
call fcn_fffa720e  ; call 0xfffa720e
or edi, 0x60
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x33c]
jmp short loc_fffba83d  ; jmp 0xfffba83d

loc_fffba87a:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
mov edi, dword [esi]
call fcn_fffa7288  ; call 0xfffa7288
or edi, 0x1000008
mov ecx, edi
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffba89d:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne loc_fffba823  ; jne 0xfffba823
xor edi, edi

loc_fffba8af:  ; not directly referenced
mov ebx, 1
mov ecx, edi
shl ebx, cl
test byte [ebp - 0x340], bl
jne short loc_fffba8d3  ; jne 0xfffba8d3

loc_fffba8c0:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffba8af  ; jne 0xfffba8af
mov ebx, dword [ebp - 0x348]
xor esi, esi
jmp near loc_fffbaa02  ; jmp 0xfffbaa02

loc_fffba8d3:  ; not directly referenced
xor esi, esi

loc_fffba8d5:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov byte [ebp - 0x33c], bl
test byte [ecx + eax + 0x381a], bl
je short loc_fffba93b  ; je 0xfffba93b
mov eax, dword [ebp + 8]
sub esp, 0xc
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 0
call fcn_fffd2c53  ; call 0xfffd2c53
add esp, 0x10
mov dword [ebp - 0x344], eax
test eax, eax
jne loc_fffbb0b4  ; jne 0xfffbb0b4
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, edi
push 0
mov edx, esi
push 0x4000
push 0x3000
push 4
push ref_fffd665c  ; push 0xfffd665c
call fcn_fffd2b18  ; call 0xfffd2b18
add esp, 0x20

loc_fffba93b:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba8d5  ; jne 0xfffba8d5
push eax
mov ecx, 0x7f
push eax
mov edx, edi
lea eax, [ebp - 0x2a8]
xor si, si
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffd2d89  ; call 0xfffd2d89
xor ecx, ecx
pop eax
pop edx
mov edx, edi
lea eax, [ebp - 0x260]
push eax
mov eax, dword [ebp + 8]
push 0xfffffffffffffffe
call fcn_fffd2d89  ; call 0xfffd2d89
add esp, 0x10

loc_fffba978:  ; not directly referenced
imul eax, esi, 0x13c3
mov ecx, dword [ebp + 8]
mov dl, byte [ebp - 0x33c]
test byte [ecx + eax + 0x381a], dl
jne short loc_fffba99b  ; jne 0xfffba99b

loc_fffba990:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffba978  ; jne 0xfffba978
jmp near loc_fffba8c0  ; jmp 0xfffba8c0

loc_fffba99b:  ; not directly referenced
push eax
push 1
push 0x60
push 3
push ebx
push 2
push esi
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 1
push 0x60
push 1
push ebx
push 3
push esi
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 1
push 0x60
push 2
push ebx
push 1
push esi
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp + 8]
add esp, 0x14
mov ecx, esi
mov edx, 1
shl edx, cl
mov ecx, ebx
push 2
call fcn_fffd2c53  ; call 0xfffd2c53
add esp, 0x10
mov dword [ebp - 0x344], eax
test eax, eax
je short loc_fffba990  ; je 0xfffba990
jmp near loc_fffbb0b4  ; jmp 0xfffbb0b4

loc_fffbaa02:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3756], 2
je short loc_fffbaa69  ; je 0xfffbaa69

loc_fffbaa15:  ; not directly referenced
inc esi
add ebx, 0xcc
cmp esi, 2
jne short loc_fffbaa02  ; jne 0xfffbaa02
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x2443]
lea eax, [ebp - 0x2c8]
push esi
xor esi, esi
push 0x7f
push 4
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x2e8]
push eax
call dword [ebx + 0x5c]  ; ucall
lea eax, [ebp - 0x2a8]
add esp, 0x10
mov dword [ebp - 0x34c], eax
lea eax, [ebp - 0x260]
mov dword [ebp - 0x348], eax
jmp short loc_fffbaac9  ; jmp 0xfffbaac9

loc_fffbaa69:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, esi
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebx]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov byte [ebp - 0x33c], 0

loc_fffbaa8b:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x33c]
cmp al, byte [edi + 0x2488]
jae loc_fffbaa15  ; jae 0xfffbaa15
movzx edi, byte [ebp - 0x33c]
mov edx, esi
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebx + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x33c]
jmp short loc_fffbaa8b  ; jmp 0xfffbaa8b

loc_fffbaac9:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3756], 2
jne loc_fffbabfc  ; jne 0xfffbabfc
mov al, byte [edi + eax + 0x381a]
lea ecx, [ebp - 0x18]
mov edi, dword [ebp - 0x348]
mov dword [ebp - 0x33c], 0
mov byte [ebp - 0x368], al
imul eax, esi, 0x54a
mov dword [ebp - 0x350], eax
mov eax, dword [ebp - 0x34c]
mov dword [ebp - 0x344], eax
lea eax, [esi + esi]
add eax, ecx
mov dword [ebp - 0x378], eax

loc_fffbab23:  ; not directly referenced
mov cl, byte [ebp - 0x33c]
mov eax, 1
shl eax, cl
test byte [ebp - 0x368], al
je short loc_fffbab4b  ; je 0xfffbab4b
mov eax, dword [ebp + 8]
xor ecx, ecx
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x354], al
jmp short loc_fffbab9c  ; jmp 0xfffbab9c

loc_fffbab4b:  ; not directly referenced
inc dword [ebp - 0x33c]
add edi, 9
add dword [ebp - 0x344], 9
cmp dword [ebp - 0x33c], 4
jne short loc_fffbab23  ; jne 0xfffbab23
movzx edx, byte [ebp + esi*2 - 0x2c8]
movzx eax, byte [ebp + esi*2 - 0x2e8]
add eax, edx
movzx edx, byte [ebp + esi*2 - 0x2c7]
sar eax, 1
mov byte [ebp + esi*2 - 0x308], al
movzx eax, byte [ebp + esi*2 - 0x2e7]
add eax, edx
sar eax, 1
mov byte [ebp + esi*2 - 0x307], al
jmp short loc_fffbabfc  ; jmp 0xfffbabfc

loc_fffbab9c:  ; not directly referenced
cmp byte [ebp - 0x354], cl
jbe short loc_fffbab4b  ; jbe 0xfffbab4b
mov edx, dword [ebp - 0x350]
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x344]
movzx eax, byte [eax + edx + 0x1ead]
mov dl, byte [ebx + ecx]
sar eax, cl
and eax, 1
xor eax, 1
add eax, dword [ebp - 0x378]
mov bl, byte [eax - 0x2b0]
cmp byte [eax - 0x2b0], dl
cmovbe edx, ebx
mov bl, byte [eax - 0x2d0]
mov byte [eax - 0x2b0], dl
mov dl, byte [edi + ecx]
cmp byte [eax - 0x2d0], dl
cmovae edx, ebx
inc ecx
mov byte [eax - 0x2d0], dl
jmp short loc_fffbab9c  ; jmp 0xfffbab9c

loc_fffbabfc:  ; not directly referenced
inc esi
add dword [ebp - 0x34c], 0x24
add dword [ebp - 0x348], 0x24
cmp esi, 2
jne loc_fffbaac9  ; jne 0xfffbaac9
movzx esi, byte [ebp - 0x340]
xor ebx, ebx

loc_fffbac1d:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffbac9f  ; jne 0xfffbac9f
movzx eax, byte [ebp + ebx*2 - 0x308]
push ecx
push 1
push eax
push 1
push esi
push 2
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
movzx eax, byte [ebp + ebx*2 - 0x308]
add esp, 0x1c
push 1
push eax
push 1
push esi
push 3
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
movzx eax, byte [ebp + ebx*2 - 0x307]
add esp, 0x1c
push 1
push eax
push 2
push esi
push 2
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
movzx eax, byte [ebp + ebx*2 - 0x307]
add esp, 0x1c
push 1
push eax
push 2
push esi
push 1
push ebx
push dword [ebp + 8]
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffbac9f:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffbac1d  ; jne 0xfffbac1d
mov eax, dword [ebp + 8]
mov dword [ebp - 0x344], 0
mov dword [ebp - 0x348], 0x4224
add eax, 0x3756
mov dword [ebp - 0x34c], eax
mov eax, dword [ebp + 8]
add eax, 0x196b
mov dword [ebp - 0x340], eax

loc_fffbacd9:  ; not directly referenced
mov eax, dword [ebp - 0x34c]
cmp dword [eax], 2
jne loc_fffbb079  ; jne 0xfffbb079
xor ebx, ebx
xor edi, edi
mov byte [ebp - 0x350], 0
xor ecx, ecx
xor eax, eax

loc_fffbacf7:  ; not directly referenced
mov esi, dword [ebp - 0x340]
mov dl, byte [esi + eax + 0x4f6]
cmp dl, 2
je short loc_fffbad29  ; je 0xfffbad29
ja short loc_fffbad17  ; ja 0xfffbad17
mov esi, eax
and esi, 7
test dl, dl
cmove ebx, esi
jmp short loc_fffbad3b  ; jmp 0xfffbad3b

loc_fffbad17:  ; not directly referenced
cmp dl, 4
je short loc_fffbad30  ; je 0xfffbad30
mov esi, eax
and esi, 7
cmp dl, 6
cmove ecx, esi
jmp short loc_fffbad3b  ; jmp 0xfffbad3b

loc_fffbad29:  ; not directly referenced
mov edi, eax
and edi, 7
jmp short loc_fffbad3b  ; jmp 0xfffbad3b

loc_fffbad30:  ; not directly referenced
mov dl, al
and edx, 7
mov byte [ebp - 0x350], dl

loc_fffbad3b:  ; not directly referenced
inc eax
cmp eax, 8
jne short loc_fffbacf7  ; jne 0xfffbacf7
mov eax, edi
mov edx, ebx
shl eax, 0x1c
xor esi, esi
mov dword [ebp - 0x33c], eax
movzx eax, cl
xor edi, edi
mov dword [ebp - 0x3cc], eax
shl eax, 0x1c
xor ebx, ebx
mov dword [ebp - 0x354], eax
mov eax, dword [ebp - 0x350]
shl edx, 0x18
or dword [ebp - 0x33c], edx
shr edx, 0x18
mov ecx, edx
shl eax, 0x18
or dword [ebp - 0x354], eax
shr eax, 0x18
mov dword [ebp - 0x388], eax
mov al, byte [ebp - 0x33c]
mov dword [ebp - 0x3d4], edx
mov edx, dword [ebp - 0x340]
mov byte [ebp - 0x378], 0
mov byte [ebp - 0x3a8], 0
and eax, 7
mov byte [ebp - 0x368], al
mov al, byte [ebp - 0x354]
lea ecx, [edx + ecx*8]
mov byte [ebp - 0x390], 0
mov byte [ebp - 0x38c], 0
mov byte [ebp - 0x358], 0
and eax, 7
mov byte [ebp - 0x350], al
mov eax, dword [ebp - 0x33c]
mov byte [ebp - 0x3c8], 0
mov byte [ebp - 0x3b8], 0
mov dword [ebp - 0x398], ecx
shr eax, 0x1c
lea eax, [edx + eax*8]
mov dword [ebp - 0x394], eax
movzx eax, byte [ebp - 0x388]
lea eax, [edx + eax*8]
mov dword [ebp - 0x3d0], eax
mov eax, dword [ebp - 0x3cc]
lea eax, [edx + eax*8]
xor edx, edx
mov dword [ebp - 0x3cc], eax
xor eax, eax

loc_fffbae25:  ; not directly referenced
mov ecx, dword [ebp - 0x398]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 1
je short loc_fffbae49  ; je 0xfffbae49
jb short loc_fffbae41  ; jb 0xfffbae41
cmp cl, 2
cmove esi, eax
jmp short loc_fffbae4f  ; jmp 0xfffbae4f

loc_fffbae41:  ; not directly referenced
mov byte [ebp - 0x368], al
jmp short loc_fffbae4f  ; jmp 0xfffbae4f

loc_fffbae49:  ; not directly referenced
mov byte [ebp - 0x378], al

loc_fffbae4f:  ; not directly referenced
mov ecx, dword [ebp - 0x394]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 0x11
je short loc_fffbae6e  ; je 0xfffbae6e
cmp cl, 0x12
je short loc_fffbae76  ; je 0xfffbae76
cmp cl, 0x10
cmove edi, eax
jmp short loc_fffbae7c  ; jmp 0xfffbae7c

loc_fffbae6e:  ; not directly referenced
mov byte [ebp - 0x3a8], al
jmp short loc_fffbae7c  ; jmp 0xfffbae7c

loc_fffbae76:  ; not directly referenced
mov byte [ebp - 0x390], al

loc_fffbae7c:  ; not directly referenced
mov ecx, dword [ebp - 0x3d0]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 0x21
je short loc_fffbaea7  ; je 0xfffbaea7
cmp cl, 0x22
je short loc_fffbaeaf  ; je 0xfffbaeaf
cmp cl, 0x20
mov cl, byte [ebp - 0x350]
cmove ecx, eax
mov byte [ebp - 0x350], cl
jmp short loc_fffbaeb5  ; jmp 0xfffbaeb5

loc_fffbaea7:  ; not directly referenced
mov byte [ebp - 0x38c], al
jmp short loc_fffbaeb5  ; jmp 0xfffbaeb5

loc_fffbaeaf:  ; not directly referenced
mov byte [ebp - 0x358], al

loc_fffbaeb5:  ; not directly referenced
mov ecx, dword [ebp - 0x3cc]
mov cl, byte [ecx + edx + 0x4fe]
cmp cl, 0x31
je short loc_fffbaed4  ; je 0xfffbaed4
cmp cl, 0x32
je short loc_fffbaedc  ; je 0xfffbaedc
cmp cl, 0x30
cmove ebx, eax
jmp short loc_fffbaee2  ; jmp 0xfffbaee2

loc_fffbaed4:  ; not directly referenced
mov byte [ebp - 0x3c8], al
jmp short loc_fffbaee2  ; jmp 0xfffbaee2

loc_fffbaedc:  ; not directly referenced
mov byte [ebp - 0x3b8], al

loc_fffbaee2:  ; not directly referenced
inc eax
inc edx
and eax, 7
cmp edx, 8
jne loc_fffbae25  ; jne 0xfffbae25
mov ecx, dword [ebp - 0x368]
and esi, 7
and edi, 7
mov eax, dword [ebp - 0x378]
shl esi, 8
shl edi, 0xc
mov edx, dword [ebp - 0x38c]
and ecx, 7
or ecx, dword [ebp - 0x33c]
and eax, 7
shl eax, 4
and edx, 7
shl edx, 4
or ecx, eax
mov eax, dword [ebp - 0x3a8]
or ecx, esi
mov esi, dword [ebp - 0x350]
and ecx, 0xfff88fff
or ecx, edi
and eax, 7
shl eax, 0x10
and esi, 7
or ecx, eax
mov eax, dword [ebp - 0x390]
and ecx, 0xff8fffff
or esi, dword [ebp - 0x354]
and eax, 7
shl eax, 0x14
or esi, edx
mov edx, dword [ebp - 0x3c8]
or ecx, eax
mov eax, dword [ebp - 0x358]
and edx, 7
and eax, 7
shl eax, 8
or esi, eax
mov eax, ebx
and eax, 7
and esi, 0xfff88fff
shl eax, 0xc
or esi, eax
mov eax, dword [ebp - 0x3b8]
shl edx, 0x10
or esi, edx
and esi, 0xff8fffff
and eax, 7
shl eax, 0x14
or esi, eax
mov eax, dword [ebp - 0x34c]
cmp byte [eax + 0x1264], 0x20
jne loc_fffbb03c  ; jne 0xfffbb03c
mov ebx, dword [ebp - 0x3d4]
and ecx, 0x8fffffff
and esi, 0x8fffffff
shl ebx, 0x1c
or ecx, ebx
mov eax, ecx
and ch, 0x8f
and eax, 7
shl eax, 0xc
or ecx, eax
mov eax, ecx
and ecx, 0xfff8ffff
shl eax, 0xc
and eax, 0x70000
or ecx, eax
mov eax, ecx
and ecx, 0xff8fffff
shl eax, 0xc
and eax, 0x700000
or ecx, eax
mov eax, dword [ebp - 0x388]
shl eax, 0x1c
or esi, eax
mov eax, esi
and esi, 0xffff8fff
and eax, 7
shl eax, 0xc
or esi, eax
mov eax, esi
and esi, 0xfff8ffff
shl eax, 0xc
and eax, 0x70000
or esi, eax
mov eax, esi
and esi, 0xff8fffff
shl eax, 0xc
and eax, 0x700000
or esi, eax

loc_fffbb03c:  ; not directly referenced
mov edi, dword [ebp - 0x348]
mov ebx, dword [ebp + 8]
mov eax, edi
sub eax, 4
cmp dword [ebx + 0x188b], 1
lea edx, [edi + 4]
cmovne edx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, edi
mov ecx, esi
lea edx, [edi + 8]
mov edi, dword [ebp + 8]
cmp dword [edi + 0x188b], 1
cmovne edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbb079:  ; not directly referenced
mov eax, dword [ebp - 0x348]
add dword [ebp - 0x34c], 0x13c3
add dword [ebp - 0x340], 0x54a
add eax, 0x400
cmp eax, 0x4a24
je short loc_fffbb0aa  ; je 0xfffbb0aa
mov dword [ebp - 0x348], eax
jmp near loc_fffbacd9  ; jmp 0xfffbacd9

loc_fffbb0aa:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [eax + 0x247c], 1

loc_fffbb0b4:  ; not directly referenced
mov eax, dword [ebp - 0x344]
jmp near loc_fffbb9fc  ; jmp 0xfffbb9fc

loc_fffbb0bf:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edi, dword [ebp - 0x344]
add eax, 0x3756
add edi, 0x70
mov ebx, eax
mov dword [ebp - 0x3d0], edi
mov esi, edi
xor edi, edi
mov dword [ebp - 0x3cc], eax

loc_fffbb0e2:  ; not directly referenced
cmp dword [ebx], 2
jne loc_fffbb17d  ; jne 0xfffbb17d
mov byte [ebp - 0x340], 0

loc_fffbb0f2:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x340]
movzx eax, byte [eax + 0x2488]
cmp cl, al
jae short loc_fffbb16c  ; jae 0xfffbb16c
movzx eax, cl
mov dword [ebp - 0x33c], 0
mov dword [ebp - 0x34c], eax

loc_fffbb119:  ; not directly referenced
mov cl, byte [ebp - 0x33c]
mov eax, 1
shl eax, cl
test byte [ebx + 0xc4], al
je short loc_fffbb155  ; je 0xfffbb155
mov eax, dword [ebp + 8]
cmp byte [eax + 0x18b2], 1
jne short loc_fffbb155  ; jne 0xfffbb155
push edx
mov ecx, dword [ebp - 0x33c]
mov edx, edi
push 0x20
push 5
push dword [ebp - 0x34c]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffbb155:  ; not directly referenced
inc dword [ebp - 0x33c]
cmp dword [ebp - 0x33c], 4
jne short loc_fffbb119  ; jne 0xfffbb119
inc byte [ebp - 0x340]
jmp short loc_fffbb0f2  ; jmp 0xfffbb0f2

loc_fffbb16c:  ; not directly referenced
push ecx
push 0
push eax
mov eax, dword [ebp - 0x38c]
push esi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbb17d:  ; not directly referenced
inc edi
add ebx, 0x13c3
add esi, 0xcc
cmp edi, 2
jne loc_fffbb0e2  ; jne 0xfffbb0e2
mov eax, dword [ebp + 8]
movzx edx, byte [ebp - 0x348]
call fcn_fffb27d5  ; call 0xfffb27d5
mov eax, dword [ebp - 0x344]
mov dword [ebp - 0x33c], 0
add eax, 0x1c
mov dword [ebp - 0x3b8], eax

loc_fffbb1bb:  ; not directly referenced
mov edi, dword [ebp - 0x33c]
mov eax, edi
mov byte [ebp - 0x388], al
cmp edi, 0x80
je loc_fffbb85b  ; je 0xfffbb85b
mov edi, dword [ebp - 0x33c]
mov eax, edi
and eax, 0x7f
mov ebx, eax
mov ecx, eax
mov edx, eax
shl ebx, 0xe
shl ecx, 0x15
shl edx, 7
or ecx, ebx
or ecx, edx
mov edx, 0x390c
or ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffc82f4  ; call 0xfffc82f4
mov eax, edi
add esp, 0x10
shr al, 1
movzx eax, al
lea eax, [ebp + eax*8 - 0x218]
mov dword [ebp - 0x378], eax
mov dword [ebp - 0x390], 0
mov dword [ebp - 0x358], 0

loc_fffbb238:  ; not directly referenced
mov cl, byte [ebp - 0x358]
mov dword [ebp - 0x340], 1
shl dword [ebp - 0x340], cl
mov al, byte [ebp - 0x340]
test byte [ebp - 0x3c8], al
jne short loc_fffbb284  ; jne 0xfffbb284

loc_fffbb25c:  ; not directly referenced
inc dword [ebp - 0x358]
inc dword [ebp - 0x378]
add dword [ebp - 0x390], 4
cmp dword [ebp - 0x358], 4
jne short loc_fffbb238  ; jne 0xfffbb238
add dword [ebp - 0x33c], 2
jmp near loc_fffbb1bb  ; jmp 0xfffbb1bb

loc_fffbb284:  ; not directly referenced
xor ebx, ebx

loc_fffbb286:  ; not directly referenced
mov edi, dword [ebp - 0x340]
mov edx, ebx
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffaac43  ; call 0xfffaac43
imul eax, ebx, 0x13c3
mov esi, dword [ebp + 8]
mov dword [ebp + ebx*4 - 0x338], 0
mov edx, edi
mov dword [ebp + ebx*4 - 0x330], 0
test byte [esi + eax + 0x381a], dl
je short loc_fffbb300  ; je 0xfffbb300
mov ecx, dword [ebp - 0x340]
mov eax, esi
mov esi, ebx
push edx
push edx
mov edx, ebx
push 4
push 3
call fcn_fffafd52  ; call 0xfffafd52
mov eax, dword [ebp + 8]
shl esi, 0xa
add esi, 0x4194
mov edx, esi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, esi
or eax, 0x80000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10

loc_fffbb300:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbb286  ; jne 0xfffbb286
mov al, byte [ebp - 0x340]
mov dword [ebp - 0x34c], 0xffffffe0
mov byte [ebp - 0x344], al
mov eax, dword [ebp + 8]
movzx ecx, byte [eax + 0x2488]
mov eax, 1
shl eax, cl
dec eax
mov dword [ebp - 0x348], eax

loc_fffbb334:  ; not directly referenced
push 1
mov edi, dword [ebp - 0x34c]
xor ebx, ebx
push 0
push 0
push 0
push 0
mov eax, edi
push 0
push 0
push 1
push 0
push edi
push 1
push dword [ebp + 8]
mov byte [ebp - 0x350], al
call fcn_fffcc900  ; call 0xfffcc900
mov edi, dword [ebp - 0x3b8]
add esp, 0x30

loc_fffbb36a:  ; not directly referenced
imul eax, ebx, 0x13c3
mov ecx, dword [ebp + 8]
xor esi, esi
mov dl, byte [ebp - 0x344]
test byte [ecx + eax + 0x381a], dl
je short loc_fffbb3e3  ; je 0xfffbb3e3

loc_fffbb384:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, esi
cmp al, byte [ecx + 0x2488]
jae short loc_fffbb3c2  ; jae 0xfffbb3c2
mov eax, esi
mov edx, ebx
movzx eax, al
inc esi
mov ecx, eax
mov dword [ebp - 0x354], eax
mov eax, dword [ebp + 8]
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebp - 0x354]
mov ecx, dword [edi + ecx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
or ecx, 0x60
call fcn_fffaeb7c  ; call 0xfffaeb7c
jmp short loc_fffbb384  ; jmp 0xfffbb384

loc_fffbb3c2:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [edi]
or ecx, 0x1000001
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbb3e3:  ; not directly referenced
inc ebx
add edi, 0xcc
cmp ebx, 2
jne loc_fffbb36a  ; jne 0xfffbb36a
mov eax, dword [ebp + 8]
xor bl, bl
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov eax, dword [ebp + 8]
mov ecx, 5
mov edx, 0x4800
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 2
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 8]
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov eax, dword [ebp + 8]
mov edx, 2
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 8]
mov ecx, 2
mov edx, 0x4800
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbb443:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
mov dl, byte [ebp - 0x344]
test byte [edi + eax + 0x381a], dl
je short loc_fffbb4c5  ; je 0xfffbb4c5
xor edi, edi

loc_fffbb45d:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2488]
jae short loc_fffbb4a2  ; jae 0xfffbb4a2
mov eax, edi
mov edx, ebx
movzx ecx, al
mov eax, dword [ebp + 8]
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 1
mov ecx, edi
shl edx, cl
dec eax
jne short loc_fffbb498  ; jne 0xfffbb498
or dword [ebp + ebx*4 - 0x338], edx
jmp short loc_fffbb49f  ; jmp 0xfffbb49f

loc_fffbb498:  ; not directly referenced
or dword [ebp + ebx*4 - 0x330], edx

loc_fffbb49f:  ; not directly referenced
inc edi
jmp short loc_fffbb45d  ; jmp 0xfffbb45d

loc_fffbb4a2:  ; not directly referenced
mov eax, dword [ebp - 0x348]
cmp dword [ebp + ebx*4 - 0x338], eax
jne short loc_fffbb4c5  ; jne 0xfffbb4c5
mov edi, dword [ebp - 0x378]
mov al, byte [ebp - 0x350]
cmp byte [edi + ebx*4], al
jle short loc_fffbb4c5  ; jle 0xfffbb4c5
mov byte [edi + ebx*4], al

loc_fffbb4c5:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffbb443  ; jne 0xfffbb443
mov ebx, dword [ebp - 0x3b8]
xor edi, edi

loc_fffbb4d7:  ; not directly referenced
imul eax, edi, 0x13c3
mov ecx, dword [ebp + 8]
xor esi, esi
mov dl, byte [ebp - 0x344]
test byte [ecx + eax + 0x381a], dl
je short loc_fffbb54e  ; je 0xfffbb54e

loc_fffbb4f1:  ; not directly referenced
mov edx, dword [ebp + 8]
mov eax, esi
cmp al, byte [edx + 0x2488]
jae short loc_fffbb52c  ; jae 0xfffbb52c
mov eax, esi
mov edx, edi
movzx eax, al
inc esi
mov ecx, eax
mov dword [ebp - 0x350], eax
mov eax, dword [ebp + 8]
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebp - 0x350]
mov ecx, dword [ebx + ecx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
jmp short loc_fffbb4f1  ; jmp 0xfffbb4f1

loc_fffbb52c:  ; not directly referenced
mov eax, edx
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, edi
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebx]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffbb54e:  ; not directly referenced
inc edi
add ebx, 0xcc
cmp edi, 2
jne loc_fffbb4d7  ; jne 0xfffbb4d7
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x344]
test byte [edi + 0x381a], al
je short loc_fffbb58d  ; je 0xfffbb58d
mov eax, dword [ebp - 0x348]
cmp dword [ebp - 0x338], eax
jne loc_fffbb9e3  ; jne 0xfffbb9e3
cmp dword [ebp - 0x330], eax
jne loc_fffbb9e3  ; jne 0xfffbb9e3

loc_fffbb58d:  ; not directly referenced
mov ebx, dword [ebp + 8]
mov al, byte [ebp - 0x344]
test byte [ebx + 0x4bdd], al
je short loc_fffbb5bc  ; je 0xfffbb5bc
mov eax, dword [ebp - 0x348]
cmp dword [ebp - 0x334], eax
jne loc_fffbb9e3  ; jne 0xfffbb9e3
cmp dword [ebp - 0x32c], eax
jne loc_fffbb9e3  ; jne 0xfffbb9e3

loc_fffbb5bc:  ; not directly referenced
mov eax, dword [ebp - 0x390]
mov edx, dword [ebp - 0x33c]
lea edi, [ebp + eax - 0x260]
lea ebx, [ebp + eax - 0x2a8]
mov dword [ebp - 0x350], edi
mov edi, eax
mov dword [ebp - 0x354], ebx
lea ebx, [ebp + edi - 0x2e8]
mov dword [ebp - 0x34c], ebx
mov ebx, edi
lea ebx, [ebp + ebx - 0x328]
lea ecx, [edx - 2]
mov dword [ebp - 0x368], ebx
lea eax, [ebp + eax - 0x2c8]
xor ebx, ebx
lea edi, [ebp + edi - 0x308]
mov dword [ebp - 0x3a8], ecx

loc_fffbb619:  ; not directly referenced
imul edx, ebx, 0x13c3
mov esi, dword [ebp + 8]
mov cl, byte [ebp - 0x344]
test byte [esi + edx + 0x381a], cl
je loc_fffbb7c4  ; je 0xfffbb7c4
mov esi, dword [ebp - 0x348]
xor ecx, ecx
cmp dword [ebp + ebx*4 - 0x338], esi
jne short loc_fffbb652  ; jne 0xfffbb652
xor ecx, ecx
cmp dword [ebp + ebx*4 - 0x330], esi
sete cl

loc_fffbb652:  ; not directly referenced
cmp byte [ebp - 0x388], 0
setne dl
test dl, cl
je short loc_fffbb67f  ; je 0xfffbb67f
mov ecx, dword [ebp - 0x378]
movsx edx, byte [ecx + ebx*4]
movsx ecx, byte [ecx + ebx*4 - 8]
sub edx, ecx
cmp edx, 0x10
setle dl
movzx edx, dl
jmp near loc_fffbb70e  ; jmp 0xfffbb70e

loc_fffbb67f:  ; not directly referenced
cmp byte [ebp - 0x388], 0
mov edx, ecx
jne loc_fffbb70e  ; jne 0xfffbb70e
mov esi, dword [ebp - 0x368]
test ecx, ecx
je short loc_fffbb6d3  ; je 0xfffbb6d3
mov dword [esi], 0
mov esi, dword [ebp - 0x34c]
mov dword [edi], 0
mov dword [eax], 0
mov dword [esi], 0
mov esi, dword [ebp - 0x354]
mov dword [esi], 0
mov esi, dword [ebp - 0x350]
mov dword [esi], 0
jmp near loc_fffbb7c4  ; jmp 0xfffbb7c4

loc_fffbb6d3:  ; not directly referenced
mov dword [esi], 0xfffffffe
mov esi, dword [ebp - 0x34c]
mov dword [edi], 0xfffffffe
mov dword [eax], 0xfffffffe
mov dword [esi], 0xfffffffe
mov esi, dword [ebp - 0x354]
mov dword [esi], 0xfffffffe
mov esi, dword [ebp - 0x350]
mov dword [esi], 0xfffffffe
jmp near loc_fffbb7c4  ; jmp 0xfffbb7c4

loc_fffbb70e:  ; not directly referenced
test edx, edx
je loc_fffbb7c4  ; je 0xfffbb7c4
mov esi, dword [ebp - 0x3a8]
cmp dword [edi], esi
jne short loc_fffbb728  ; jne 0xfffbb728
mov esi, dword [ebp - 0x33c]
mov dword [edi], esi

loc_fffbb728:  ; not directly referenced
mov esi, dword [ebp - 0x3a8]
cmp dword [eax], esi
jne short loc_fffbb73c  ; jne 0xfffbb73c
mov esi, dword [ebp - 0x33c]
mov dword [eax], esi
jmp short loc_fffbb74c  ; jmp 0xfffbb74c

loc_fffbb73c:  ; not directly referenced
mov ecx, dword [ebp - 0x33c]
mov esi, dword [ebp - 0x34c]
mov dword [eax], ecx
mov dword [esi], ecx

loc_fffbb74c:  ; not directly referenced
cmp byte [ebp - 0x388], 0x7e
jne short loc_fffbb772  ; jne 0xfffbb772
mov esi, dword [ebp - 0x368]
cmp dword [esi], 0
jne short loc_fffbb772  ; jne 0xfffbb772
mov edx, dword [edi]
mov ecx, dword [ebp - 0x33c]
cmp edx, ecx
je short loc_fffbb772  ; je 0xfffbb772
lea edx, [edx + ecx + 2]
mov dword [eax], edx

loc_fffbb772:  ; not directly referenced
mov edx, dword [ebp - 0x34c]
mov esi, dword [eax]
mov dword [ebp - 0x3d4], eax
mov ecx, dword [ebp - 0x354]
mov edx, dword [edx]
mov eax, esi
mov dword [ebp - 0x394], esi
sub eax, edx
mov dword [ebp - 0x398], edx
mov edx, dword [ebp - 0x350]
mov edx, dword [edx]
sub edx, dword [ecx]
cmp eax, edx
mov eax, dword [ebp - 0x3d4]
jle short loc_fffbb7c4  ; jle 0xfffbb7c4
mov esi, ecx
mov ecx, dword [ebp - 0x398]
mov dword [esi], ecx
mov esi, dword [ebp - 0x350]
mov ecx, dword [ebp - 0x394]
mov dword [esi], ecx

loc_fffbb7c4:  ; not directly referenced
inc ebx
add edi, 0x10
add dword [ebp - 0x368], 0x10
add eax, 0x10
add dword [ebp - 0x34c], 0x10
add dword [ebp - 0x354], 0x10
add dword [ebp - 0x350], 0x10
cmp ebx, 2
jne loc_fffbb619  ; jne 0xfffbb619
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x340]
test byte [edi + 0x381a], al
je short loc_fffbb821  ; je 0xfffbb821
mov edx, 0x4194
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x4194
and eax, 0x7fffffff
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbb821:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x340]
test byte [edi + 0x4bdd], al
je loc_fffbb25c  ; je 0xfffbb25c
mov edx, 0x4594
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x4594
and eax, 0x7fffffff
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffbb25c  ; jmp 0xfffbb25c

loc_fffbb85b:  ; not directly referenced
mov eax, dword [ebp - 0x3d0]
xor di, di
mov ebx, dword [ebp - 0x3cc]
mov dword [ebp - 0x340], eax

loc_fffbb870:  ; not directly referenced
cmp dword [ebx], 2
jne loc_fffbb992  ; jne 0xfffbb992
mov al, byte [ebx + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x350], 0
mov byte [ebp - 0x34c], 0
mov byte [ebp - 0x348], 0
mov byte [ebp - 0x354], al
lea eax, [ebp - 0x2a8]
add eax, edi
mov byte [ebp - 0x344], 0
mov dword [ebp - 0x368], eax

loc_fffbb8b1:  ; not directly referenced
mov edx, 1
mov al, cl
shl edx, cl
test byte [ebp - 0x354], dl
je short loc_fffbb926  ; je 0xfffbb926
mov esi, dword [ebp - 0x368]
lea edx, [ebp - 0x260]
add edx, edi
mov esi, dword [esi + ecx*4]
mov dword [ebp - 0x33c], esi
mov esi, dword [edx + ecx*4]
sub esi, dword [ebp - 0x33c]
je loc_fffbb9dc  ; je 0xfffbb9dc
mov dl, 0x40
cmp esi, 0x10
jle short loc_fffbb8f9  ; jle 0xfffbb8f9
mov dl, byte [ebp - 0x33c]
sar esi, 1
add edx, esi

loc_fffbb8f9:  ; not directly referenced
and edx, 0x7f
cmp al, 2
je short loc_fffbb918  ; je 0xfffbb918
cmp al, 3
je short loc_fffbb920  ; je 0xfffbb920
dec al
je short loc_fffbb910  ; je 0xfffbb910
mov byte [ebp - 0x344], dl
jmp short loc_fffbb926  ; jmp 0xfffbb926

loc_fffbb910:  ; not directly referenced
mov byte [ebp - 0x348], dl
jmp short loc_fffbb926  ; jmp 0xfffbb926

loc_fffbb918:  ; not directly referenced
mov byte [ebp - 0x34c], dl
jmp short loc_fffbb926  ; jmp 0xfffbb926

loc_fffbb920:  ; not directly referenced
mov byte [ebp - 0x350], dl

loc_fffbb926:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffbb8b1  ; jne 0xfffbb8b1
mov ecx, dword [ebp - 0x350]
mov eax, dword [ebp - 0x34c]
mov edx, dword [ebp - 0x348]
and ecx, 0x7f
and eax, 0x7f
shl eax, 0xe
and edx, 0x7f
shl ecx, 0x15
or ecx, eax
mov eax, dword [ebp - 0x344]
shl edx, 7
or ecx, edx
mov edx, edi
shl edx, 4
and eax, 0x7f
add edx, 0x180c
or ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
push eax
mov eax, dword [ebp + 8]
push 0
movzx eax, byte [eax + 0x2488]
push eax
mov eax, dword [ebp - 0x38c]
push dword [ebp - 0x340]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbb992:  ; not directly referenced
add edi, 0x10
add ebx, 0x13c3
add dword [ebp - 0x340], 0xcc
cmp edi, 0x20
jne loc_fffbb870  ; jne 0xfffbb870
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 1
push dword [ebp + 8]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x24
push dword [ebp + 8]
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
jmp short loc_fffbb9fc  ; jmp 0xfffbb9fc

loc_fffbb9dc:  ; not directly referenced
mov eax, 6
jmp short loc_fffbb9fc  ; jmp 0xfffbb9fc

loc_fffbb9e3:  ; not directly referenced
add dword [ebp - 0x34c], 8
cmp dword [ebp - 0x34c], 0x20
jne loc_fffbb334  ; jne 0xfffbb334
jmp near loc_fffbb5bc  ; jmp 0xfffbb5bc

loc_fffbb9fc:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbba04:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2bc
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x5edc]
mov dword [ebp - 0x294], eax
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248d]
mov byte [ebp - 0x2a0], al
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x1887]
mov dword [ebp - 0x284], eax
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x247b]
mov byte [ebp - 0x2a4], al
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x2480]
mov byte [eax + 0x247b], 0
xor eax, eax
cmp edx, 3
sete al
cmp eax, 1
mov dword [ebp - 0x27c], eax
sbb eax, eax
xor ebx, ebx
and eax, 0xfffffc00
add eax, 0x800
cmp edx, 2
sete bl
mov dword [ebp - 0x280], ebx
jne short loc_fffbba9d  ; jne 0xfffbba9d
mov esi, dword [ebp + 8]
mov dx, 0x800
cmp dword [esi + 0x36d7], 0x536
cmovae eax, edx

loc_fffbba9d:  ; not directly referenced
mov esi, dword [ebp + 8]
mov ecx, 0xf4240
xor edi, edi
movzx edx, word [esi + 0x2489]
imul eax, edx
xor edx, edx
add eax, 0xf423f
div ecx
mov dword [ebp - 0x274], eax
mov eax, dword [ebp - 0x294]
add eax, 0x1c
mov dword [ebp - 0x2ac], eax
mov esi, eax

loc_fffbbad1:  ; not directly referenced
imul eax, edi, 0x13c3
mov ecx, dword [ebp + 8]
cmp dword [ecx + eax + 0x3756], 2
je short loc_fffbbb0c  ; je 0xfffbbb0c

loc_fffbbae4:  ; not directly referenced
inc edi
add esi, 0xcc
cmp edi, 2
jne short loc_fffbbad1  ; jne 0xfffbbad1
imul eax, dword [ebp - 0x274], 0xf
mov dword [ebp - 0x270], 0
mov dword [ebp - 0x298], eax
jmp near loc_fffbbbae  ; jmp 0xfffbbbae

loc_fffbbb0c:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, edi
mov ebx, dword [esi]
call fcn_fffa7288  ; call 0xfffa7288
and ebx, 0xff0fffff
or ebx, 0x200000
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov byte [ebp - 0x270], 0

loc_fffbbb3c:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov al, byte [ebp - 0x270]
cmp al, byte [ecx + 0x2488]
jae short loc_fffbbae4  ; jae 0xfffbbae4
movzx ecx, byte [ebp - 0x270]
mov edx, dword [ebp - 0x27c]
mov ebx, dword [esi + ecx*4 + 0x28]
or ebx, 0x20
and ebx, 0xffffffbf
mov eax, ebx
or eax, 0x40000
test edx, edx
cmovne ebx, eax
cmp dword [ebp - 0x280], 0
je short loc_fffbbb90  ; je 0xfffbbb90
mov edx, dword [ebp + 8]
mov eax, ebx
or eax, 0x40000
cmp dword [edx + 0x36d7], 0x536
cmovae ebx, eax

loc_fffbbb90:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, edi
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x270]
jmp short loc_fffbbb3c  ; jmp 0xfffbbb3c

loc_fffbbbae:  ; not directly referenced
mov cl, byte [ebp - 0x270]
mov eax, 1
mov esi, eax
shl esi, cl
mov ebx, esi
mov dword [ebp - 0x278], esi
mov byte [ebp - 0x28c], bl
test byte [ebp - 0x2a0], bl
jne short loc_fffbbbef  ; jne 0xfffbbbef

loc_fffbbbd3:  ; not directly referenced
inc dword [ebp - 0x270]
cmp dword [ebp - 0x270], 4
jne short loc_fffbbbae  ; jne 0xfffbbbae
mov esi, dword [ebp - 0x2ac]
xor ebx, ebx
jmp near loc_fffbc378  ; jmp 0xfffbc378

loc_fffbbbef:  ; not directly referenced
mov esi, dword [ebp - 0x270]
lea ecx, [esi + 2]
mov edx, esi
and ecx, 2
shl eax, cl
or eax, dword [ebp - 0x278]
shr dl, 1
movzx edx, dl
mov byte [ebp - 0x29c], al
mov eax, dword [ebp + 8]
mov dword [ebp - 0x2a8], edx
add eax, 0x3816
mov dword [ebp - 0x274], eax
imul eax, edx, 0x128
mov edi, eax
mov dword [ebp - 0x2b0], eax
mov eax, esi
mov esi, dword [ebp + 8]
and eax, 1
imul eax, eax, 0x18
add eax, edi
lea edi, [esi + eax + 0x49c3]
xor esi, esi
mov dword [ebp - 0x2b4], eax

loc_fffbbc4e:  ; not directly referenced
mov ebx, dword [ebp - 0x278]
mov ecx, dword [ebp - 0x274]
mov byte [ebp - 0x290], bl
test byte [ecx + 4], bl
je loc_fffbbe21  ; je 0xfffbbe21
cmp dword [ebp - 0x27c], 0
je short loc_fffbbc96  ; je 0xfffbbc96
push ecx
mov ecx, dword [ebp - 0x270]
mov edx, esi
push 0
mov ax, word [edi + 2]
or al, 0x80
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffaa505  ; call 0xfffaa505
jmp near loc_fffbbda7  ; jmp 0xfffbbda7

loc_fffbbc96:  ; not directly referenced
cmp dword [ebp - 0x280], 0
je short loc_fffbbcfc  ; je 0xfffbbcfc
mov eax, dword [ebp + 8]
mov edx, esi
call fcn_fffa6c42  ; call 0xfffa6c42
test eax, eax
je loc_fffbccb7  ; je 0xfffbccb7
movzx ecx, byte [eax]
sub esp, 0xc
mov ax, word [edi + 8]
mov edx, dword [ebp + 8]
push eax
lea eax, [ebp - 0x26a]
call fcn_fffa6cab  ; call 0xfffa6cab
mov ebx, dword [ebp - 0x278]
pop eax
movzx eax, word [ebp - 0x26a]
pop edx
mov edx, esi
mov ecx, ebx
push eax
mov eax, dword [ebp + 8]
push 5
call fcn_fffafd52  ; call 0xfffafd52
mov ax, word [edi]
pop ecx
mov ecx, ebx
pop edx
or al, 0x80
movzx eax, ax
push eax
push 1
jmp near loc_fffbbd9d  ; jmp 0xfffbbd9d

loc_fffbbcfc:  ; not directly referenced
mov ecx, dword [ebp - 0x2a8]
mov edx, esi
mov eax, dword [ebp + 8]
mov bx, word [edi]
call fcn_fffa69ea  ; call 0xfffa69ea
or bl, 0x80
mov dword [ebp - 0x288], eax
test eax, eax
je loc_fffbccb7  ; je 0xfffbccb7
mov eax, dword [ebp - 0x284]
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
je short loc_fffbbd5f  ; je 0xfffbbd5f
mov eax, dword [ebp - 0x288]
sub esp, 0xc
mov edx, dword [ebp + 8]
movzx ecx, byte [eax]
lea eax, [ebp - 0x26a]
push ebx
call fcn_fffa6bd1  ; call 0xfffa6bd1
mov bx, word [ebp - 0x26a]
add esp, 0x10

loc_fffbbd5f:  ; not directly referenced
mov eax, dword [ebp - 0x274]
cmp dword [eax], 2
jne short loc_fffbbd8f  ; jne 0xfffbbd8f
mov eax, dword [ebp - 0x288]
sub esp, 0xc
mov edx, dword [ebp + 8]
movzx ecx, byte [eax]
lea eax, [ebp - 0x26a]
push ebx
call fcn_fffa6bd1  ; call 0xfffa6bd1
mov bx, word [ebp - 0x26a]
add esp, 0x10

loc_fffbbd8f:  ; not directly referenced
mov ecx, dword [ebp - 0x278]
movzx ebx, bx
push eax
push eax
push ebx
push 1

loc_fffbbd9d:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, esi
call fcn_fffafd52  ; call 0xfffafd52

loc_fffbbda7:  ; not directly referenced
mov eax, dword [ebp - 0x274]
add esp, 0x10
mov bl, byte [ebp - 0x28c]
cmp dword [eax], 2
mov al, byte [ebp - 0x29c]
cmove ebx, eax
xor ecx, ecx
cmp dword [ebp - 0x27c], 0
je short loc_fffbbdd4  ; je 0xfffbbdd4
mov ecx, 0x10001
jmp short loc_fffbbe05  ; jmp 0xfffbbe05

loc_fffbbdd4:  ; not directly referenced
mov eax, dword [ebp - 0x284]
cmp eax, 0x40660
sete dl
cmp eax, 0x306c0
sete al
or dl, al
jne short loc_fffbbdfa  ; jne 0xfffbbdfa
cmp dword [ebp - 0x284], 0x40670
jne short loc_fffbbe05  ; jne 0xfffbbe05

loc_fffbbdfa:  ; not directly referenced
mov ecx, ebx
and ecx, 0xf
shl ecx, 0x10
or ecx, 0xf

loc_fffbbe05:  ; not directly referenced
cmp dword [ebp - 0x280], 0
jne short loc_fffbbe21  ; jne 0xfffbbe21
mov eax, dword [ebp + 8]
mov edx, esi
shl edx, 0xa
add edx, 0x4194
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbbe21:  ; not directly referenced
inc esi
add edi, 0x13c3
add dword [ebp - 0x274], 0x13c3
cmp esi, 2
jne loc_fffbbc4e  ; jne 0xfffbbc4e
mov eax, dword [ebp - 0x270]
mov si, 0xc0
and eax, 3
mov dword [ebp - 0x29c], eax
shl dword [ebp - 0x29c], 0x16

loc_fffbbe55:  ; not directly referenced
mov dword [ebp - 0x274], 0

loc_fffbbe5f:  ; not directly referenced
imul eax, dword [ebp - 0x274], 0x13c3
mov edi, dword [ebp + 8]
mov bl, byte [ebp - 0x290]
test byte [edi + eax + 0x381a], bl
jne short loc_fffbbe8f  ; jne 0xfffbbe8f

loc_fffbbe7b:  ; not directly referenced
inc dword [ebp - 0x274]
cmp dword [ebp - 0x274], 2
jne short loc_fffbbe5f  ; jne 0xfffbbe5f
jmp near loc_fffbbf14  ; jmp 0xfffbbf14

loc_fffbbe8f:  ; not directly referenced
imul eax, dword [ebp - 0x274], 0xcc
mov edi, dword [ebp - 0x294]
mov byte [ebp - 0x288], 0
mov ebx, dword [edi + eax + 0x1c]
and ebx, 0xff0fff7d
or ebx, 0x200082
or ebx, dword [ebp - 0x29c]

loc_fffbbebc:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x288]
cmp al, byte [edi + 0x2488]
jae short loc_fffbbe7b  ; jae 0xfffbbe7b
movzx edi, byte [ebp - 0x288]
mov ecx, dword [ebp - 0x270]
push eax
mov edx, dword [ebp - 0x274]
mov eax, dword [ebp + 8]
push esi
push 1
push edi
call fcn_fffa73b0  ; call 0xfffa73b0
mov edx, dword [ebp - 0x274]
mov ecx, edi
mov eax, dword [ebp + 8]
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, ebx
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10
inc byte [ebp - 0x288]
jmp short loc_fffbbebc  ; jmp 0xfffbbebc

loc_fffbbf14:  ; not directly referenced
mov word [ebp - 0x2a8], si
cmp si, 0xc0
jne short loc_fffbbf30  ; jne 0xfffbbf30
mov edx, dword [ebp - 0x298]
mov eax, dword [ebp + 8]
call fcn_fffa834b  ; call 0xfffa834b

loc_fffbbf30:  ; not directly referenced
mov eax, dword [ebp + 8]
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov eax, dword [ebp + 8]
mov edx, dword [ebp - 0x298]
call fcn_fffa834b  ; call 0xfffa834b
lea eax, [esi - 2]
mov dword [ebp - 0x274], 0
mov dword [ebp - 0x28c], eax

loc_fffbbf59:  ; not directly referenced
imul eax, dword [ebp - 0x274], 0x13c3
mov edi, dword [ebp + 8]
mov bl, byte [ebp - 0x290]
test byte [edi + eax + 0x381a], bl
je loc_fffbc02a  ; je 0xfffbc02a
mov byte [ebp - 0x288], 0
imul edi, dword [ebp - 0x274], 9
jmp near loc_fffbc015  ; jmp 0xfffbc015

loc_fffbbf8c:  ; not directly referenced
movzx ebx, byte [ebp - 0x288]
mov edx, dword [ebp - 0x274]
mov eax, dword [ebp + 8]
mov ecx, ebx
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
and eax, 0x1ff
cmp eax, 0xf
setg al
cmp word [ebp - 0x2a8], 0xc0
movzx eax, al
jne loc_fffbc083  ; jne 0xfffbc083
add ebx, edi
test eax, eax
je short loc_fffbc042  ; je 0xfffbc042
mov dword [ebp + ebx*4 - 0x180], 0xc0
mov dword [ebp + ebx*4 - 0x1c8], 0xc0
mov dword [ebp + ebx*4 - 0xf0], 0xc0
mov dword [ebp + ebx*4 - 0x138], 0xc0
mov dword [ebp + ebx*4 - 0x60], 0xc0
mov dword [ebp + ebx*4 - 0xa8], 0xc0

loc_fffbc00f:  ; not directly referenced
inc byte [ebp - 0x288]

loc_fffbc015:  ; not directly referenced
mov ebx, dword [ebp + 8]
mov al, byte [ebp - 0x288]
cmp al, byte [ebx + 0x2488]
jb loc_fffbbf8c  ; jb 0xfffbbf8c

loc_fffbc02a:  ; not directly referenced
inc dword [ebp - 0x274]
cmp dword [ebp - 0x274], 2
jne loc_fffbbf59  ; jne 0xfffbbf59
jmp near loc_fffbc12e  ; jmp 0xfffbc12e

loc_fffbc042:  ; not directly referenced
mov dword [ebp + ebx*4 - 0x180], 0xfffffffe
mov dword [ebp + ebx*4 - 0x1c8], 0xfffffffe
mov dword [ebp + ebx*4 - 0xf0], 0xfffffffe
mov dword [ebp + ebx*4 - 0x138], 0xfffffffe
mov dword [ebp + ebx*4 - 0x60], 0xfffffffe
mov dword [ebp + ebx*4 - 0xa8], 0xfffffffe
jmp short loc_fffbc00f  ; jmp 0xfffbc00f

loc_fffbc083:  ; not directly referenced
test eax, eax
je short loc_fffbc00f  ; je 0xfffbc00f
lea eax, [edi + ebx]
mov ecx, dword [ebp - 0x28c]
cmp dword [ebp + eax*4 - 0x180], ecx
jne short loc_fffbc0a0  ; jne 0xfffbc0a0
mov dword [ebp + eax*4 - 0x180], esi

loc_fffbc0a0:  ; not directly referenced
lea eax, [edi + ebx]
mov ecx, dword [ebp - 0x28c]
cmp dword [ebp + eax*4 - 0xf0], ecx
mov dword [ebp + eax*4 - 0xf0], esi
je short loc_fffbc0c0  ; je 0xfffbc0c0
mov dword [ebp + eax*4 - 0x138], esi

loc_fffbc0c0:  ; not directly referenced
cmp esi, 0x13e
jne short loc_fffbc0ec  ; jne 0xfffbc0ec
lea eax, [edi + ebx]
cmp dword [ebp + eax*4 - 0x1c8], 0xc0
jne short loc_fffbc0ec  ; jne 0xfffbc0ec
mov ecx, dword [ebp + eax*4 - 0x180]
lea edx, [ecx + 0x80]
mov dword [ebp + eax*4 - 0xf0], edx

loc_fffbc0ec:  ; not directly referenced
lea ecx, [edi + ebx]
mov edx, dword [ebp + ecx*4 - 0xf0]
mov ebx, dword [ebp + ecx*4 - 0x138]
mov eax, edx
sub eax, ebx
mov dword [ebp - 0x2b8], eax
mov eax, dword [ebp + ecx*4 - 0x60]
sub eax, dword [ebp + ecx*4 - 0xa8]
cmp dword [ebp - 0x2b8], eax
jle loc_fffbc00f  ; jle 0xfffbc00f
mov dword [ebp + ecx*4 - 0xa8], ebx
mov dword [ebp + ecx*4 - 0x60], edx
jmp near loc_fffbc00f  ; jmp 0xfffbc00f

loc_fffbc12e:  ; not directly referenced
add esi, 2
cmp esi, 0x140
jne loc_fffbbe55  ; jne 0xfffbbe55
mov eax, dword [ebp + 8]
mov esi, dword [ebp - 0x2b4]
mov dword [ebp - 0x274], 0
add eax, 0x3756
mov dword [ebp - 0x28c], eax
mov eax, dword [ebp + 8]
lea eax, [eax + esi + 0x49cb]
mov dword [ebp - 0x288], eax
imul eax, dword [ebp - 0x270], 9
mov dword [ebp - 0x2a8], eax

loc_fffbc178:  ; not directly referenced
mov esi, dword [ebp - 0x28c]
mov al, byte [ebp - 0x290]
test byte [esi + 0xc4], al
jne short loc_fffbc1b5  ; jne 0xfffbc1b5

loc_fffbc18c:  ; not directly referenced
inc dword [ebp - 0x274]
add dword [ebp - 0x28c], 0x13c3
add dword [ebp - 0x288], 0x13c3
cmp dword [ebp - 0x274], 2
je loc_fffbbbd3  ; je 0xfffbbbd3
jmp short loc_fffbc178  ; jmp 0xfffbc178

loc_fffbc1b5:  ; not directly referenced
mov eax, dword [ebp - 0x28c]
xor ecx, ecx
mov esi, dword [ebp - 0x2b0]
mov edx, dword [ebp - 0x274]
mov al, byte [eax + esi + 0x1264]
shl edx, 0xa
add edx, 0x4194
mov byte [ebp - 0x29c], al
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x27c], 0
je short loc_fffbc216  ; je 0xfffbc216
push eax
mov eax, dword [ebp - 0x288]
push 0
mov ecx, dword [ebp - 0x270]
mov edx, dword [ebp - 0x274]
movzx eax, word [eax - 6]
push eax
mov eax, dword [ebp + 8]
push 2
call fcn_fffaa505  ; call 0xfffaa505
jmp short loc_fffbc239  ; jmp 0xfffbc239

loc_fffbc216:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0x278]
push eax
mov eax, dword [ebp - 0x288]
mov edx, dword [ebp - 0x274]
movzx eax, word [eax - 8]
push eax
mov eax, dword [ebp + 8]
push 1
call fcn_fffafd52  ; call 0xfffafd52

loc_fffbc239:  ; not directly referenced
add esp, 0x10
cmp dword [ebp - 0x280], 0
je short loc_fffbc26a  ; je 0xfffbc26a
push eax
mov ecx, dword [ebp - 0x278]
push eax
mov eax, dword [ebp - 0x288]
mov edx, dword [ebp - 0x274]
movzx eax, word [eax]
push eax
mov eax, dword [ebp + 8]
push 5
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10

loc_fffbc26a:  ; not directly referenced
imul esi, dword [ebp - 0x274], 9
xor ebx, ebx

loc_fffbc273:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2488]
jae loc_fffbc18c  ; jae 0xfffbc18c
movzx eax, bl
lea ecx, [esi + eax]
mov edx, dword [ebp + ecx*4 - 0xa8]
mov ecx, dword [ebp + ecx*4 - 0x60]
sub ecx, edx
sub ecx, 0x21
cmp ecx, 0x3e
jbe short loc_fffbc2ad  ; jbe 0xfffbc2ad
mov edi, dword [ebp + 8]
cmp byte [edi + 0x1965], 0
jne loc_fffbccc1  ; jne 0xfffbccc1

loc_fffbc2ad:  ; not directly referenced
cmp byte [ebp - 0x29c], 0x10
jne short loc_fffbc303  ; jne 0xfffbc303
test bl, 1
je short loc_fffbc303  ; je 0xfffbc303
lea ecx, [ebx - 1]
movzx ecx, cl
lea edi, [esi + ecx]
mov edi, dword [ebp + edi*4 - 0xa8]
add edi, 0x40
cmp edx, edi
jle short loc_fffbc2df  ; jle 0xfffbc2df
lea edi, [esi + eax]
add edx, 0xffffff80
mov dword [ebp + edi*4 - 0xa8], edx

loc_fffbc2df:  ; not directly referenced
add ecx, esi
lea edx, [esi + eax]
mov ecx, dword [ebp + ecx*4 - 0xa8]
mov edi, dword [ebp + edx*4 - 0xa8]
sub ecx, 0x40
cmp edi, ecx
jge short loc_fffbc303  ; jge 0xfffbc303
sub edi, 0xffffff80
mov dword [ebp + edx*4 - 0xa8], edi

loc_fffbc303:  ; not directly referenced
cmp dword [ebp - 0x284], 0x40650
jne short loc_fffbc31a  ; jne 0xfffbc31a
lea edx, [esi + eax]
add dword [ebp + edx*4 - 0xa8], 0x40

loc_fffbc31a:  ; not directly referenced
lea edx, [esi + eax]
mov ecx, dword [ebp + edx*4 - 0xa8]
movzx edx, bl
inc ebx
add edx, dword [ebp - 0x2a8]
add edx, edx
add edx, dword [ebp - 0x28c]
mov word [edx + 0x121], cx
add ecx, 0x20
mov word [edx + 0x169], cx
mov ecx, dword [ebp - 0x270]
push edi
mov edx, dword [ebp - 0x274]
push 0
push 0xff
push eax
mov eax, dword [ebp + 8]
call fcn_fffa73b0  ; call 0xfffa73b0
add esp, 0x10
jmp near loc_fffbc273  ; jmp 0xfffbc273

loc_fffbc36c:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
je short loc_fffbc3e7  ; je 0xfffbc3e7

loc_fffbc378:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffbc36c  ; jne 0xfffbc36c
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [esi]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov byte [ebp - 0x270], 0

loc_fffbc3ad:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x270]
cmp al, byte [edi + 0x2488]
jae short loc_fffbc36c  ; jae 0xfffbc36c
movzx edi, byte [ebp - 0x270]
mov edx, ebx
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [esi + edi*4 + 0x28]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x270]
jmp short loc_fffbc3ad  ; jmp 0xfffbc3ad

loc_fffbc3e7:  ; not directly referenced
cmp dword [ebp - 0x27c], 0
je loc_fffbc568  ; je 0xfffbc568

loc_fffbc3f4:  ; not directly referenced
mov esi, dword [ebp + 8]
lea edi, [ebp - 0x1f4]
mov ecx, 0xb
mov al, byte [ebp - 0x2a4]
mov byte [ebp - 0x25f], 0
mov byte [ebp - 0x25e], 1
mov byte [ebp - 0x25d], 0xff
mov byte [esi + 0x247b], al
xor eax, eax
mov esi, ref_fffd58d8  ; mov esi, 0xfffd58d8
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x25a]
mov eax, dword [ebp + 8]
mov word [ebp - 0x1e6], 0x3ff
mov word [ebp - 0x1ca], 1
mov byte [ebp - 0x25c], 2
mov ebx, dword [eax + 0x2443]
lea eax, [ebp - 0x243]
mov byte [ebp - 0x25b], 3
mov cl, 7
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea edi, [ebp - 0x253]
mov esi, ref_fffd58e0  ; mov esi, 0xfffd58e0
mov byte [ebp - 0x243], 0
mov byte [ebp - 0x242], 0
mov byte [ebp - 0x241], 1
mov byte [ebp - 0x240], 1
mov byte [ebp - 0x23f], 1
mov cl, 7
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea edi, [ebp - 0x220]
mov esi, ref_fffd58e8  ; mov esi, 0xfffd58e8
mov byte [ebp - 0x23e], 1
mov byte [ebp - 0x23d], 0
mov byte [ebp - 0x23c], 0
mov byte [ebp - 0x23b], 0
mov byte [ebp - 0x23a], 0xff
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x214]
mov esi, ref_fffd58f4  ; mov esi, 0xfffd58f4
mov byte [ebp - 0x239], 0xff
mov byte [ebp - 0x238], 0
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x233]
mov byte [ebp - 0x237], 0xc3
mov byte [ebp - 0x236], 0x3c
mov byte [ebp - 0x235], 0x3c
mov byte [ebp - 0x234], 0xc3
mov word [ebp - 0x22b], 1
push esi
push 8
push eax
push edi
lea esi, [ebp - 0x23b]
mov dword [ebp - 0x229], 0
mov dword [ebp - 0x225], 3
mov byte [ebp - 0x221], 0
call dword [ebx + 0x58]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0x24c]
push eax
call dword [ebx + 0x5c]  ; ucall
mov eax, dword [ebp + 8]
add esp, 0x10
cmp dword [eax + 0x2480], 3
sete al
xor ebx, ebx
movzx eax, al
mov dword [ebp - 0x2a4], eax
jmp short loc_fffbc58d  ; jmp 0xfffbc58d

loc_fffbc568:  ; not directly referenced
cmp dword [ebp - 0x280], 0
mov eax, dword [ebp + 8]
je short loc_fffbc57b  ; je 0xfffbc57b
call fcn_fffac67c  ; call 0xfffac67c
jmp short loc_fffbc580  ; jmp 0xfffbc580

loc_fffbc57b:  ; not directly referenced
call fcn_fffb1a87  ; call 0xfffb1a87

loc_fffbc580:  ; not directly referenced
test eax, eax
je loc_fffbc3f4  ; je 0xfffbc3f4
jmp near loc_fffbcdc5  ; jmp 0xfffbcdc5

loc_fffbc58d:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, esi
add esi, 2
push ecx
push ecx
mov ecx, edi
push ebx
inc ebx
push 8
call fcn_fffa81d3  ; call 0xfffa81d3
add esp, 0x10
cmp ebx, 4
jne short loc_fffbc58d  ; jne 0xfffbc58d
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x220]
call fcn_fffa665e  ; call 0xfffa665e
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248d]
mov byte [ebp - 0x2b8], al
mov eax, dword [ebp + 8]
movzx ecx, byte [eax + 0x2488]
mov eax, 1
shl eax, cl
xor ecx, ecx
dec eax
mov word [ebp - 0x2a8], ax
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248e]
lea eax, [ebp - 0x22b]
push 0
push 0
push 0
push eax
push 0
lea eax, [ebp - 0x1f4]
push eax
mov eax, dword [ebp + 8]
push 4
push 2
call fcn_fffb20e5  ; call 0xfffb20e5
mov eax, dword [ebp + 8]
add esp, 0x20
cmp dword [eax + 0x3756], 2
jne short loc_fffbc62c  ; jne 0xfffbc62c
mov ecx, 0x8049
mov edx, 0x4040
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbc62c:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
jne short loc_fffbc647  ; jne 0xfffbc647
mov ecx, 0x8049
mov edx, 0x4440
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbc647:  ; not directly referenced
mov eax, dword [ebp + 8]
lea esi, [ebp - 0x24c]
mov dword [ebp - 0x278], 0
add eax, 0x3756
mov dword [ebp - 0x2ac], eax
mov dword [ebp - 0x2b0], eax

loc_fffbc66b:  ; not directly referenced
mov cl, byte [ebp - 0x278]
xor edx, edx
mov dword [ebp - 0x27c], 1
mov eax, dword [ebp + 8]
shl dword [ebp - 0x27c], cl
mov edi, dword [ebp - 0x27c]
mov ecx, edi
call fcn_fffaac43  ; call 0xfffaac43
mov ecx, edi
mov edx, 1
mov byte [ebp - 0x266], 0
mov word [ebp - 0x264], 0
mov bl, al
mov eax, dword [ebp + 8]
call fcn_fffaac43  ; call 0xfffaac43
mov byte [ebp - 0x265], 0
mov word [ebp - 0x262], 0
or eax, ebx
mov ebx, edi
test byte [ebp - 0x2b8], bl
je loc_fffbc971  ; je 0xfffbc971
mov edx, dword [ebp - 0x278]
movzx eax, al
mov dword [ebp - 0x274], 3
mov dword [ebp - 0x290], 2
mov dword [ebp - 0x2bc], eax
mov edi, edx
add edi, edx
mov ecx, edi
mov dword [ebp - 0x2b4], edi
lea edi, [ebp - 0x25f]
mov dword [ebp - 0x284], edi
mov edi, edx
and edx, 1
imul ebx, edx, 0x18
mov edx, edi
shr dl, 1
movzx edx, dl
shl dword [ebp - 0x274], cl
not dword [ebp - 0x274]
shl dword [ebp - 0x290], cl
lea edi, [edi + edi*8]
mov dword [ebp - 0x29c], ebx
imul ebx, edx, 0x128
mov dword [ebp - 0x28c], edi
mov dword [ebp - 0x298], ebx

loc_fffbc74b:  ; not directly referenced
mov eax, dword [ebp - 0x2ac]
xor ebx, ebx
mov dword [ebp - 0x280], eax

loc_fffbc759:  ; not directly referenced
mov edi, dword [ebp - 0x280]
mov al, byte [ebp - 0x27c]
test byte [edi + 0xc4], al
jne loc_fffbc9df  ; jne 0xfffbc9df

loc_fffbc771:  ; not directly referenced
inc ebx
add dword [ebp - 0x280], 0x13c3
cmp ebx, 2
jne short loc_fffbc759  ; jne 0xfffbc759
mov al, byte [ebp - 0x27c]
cmp dword [ebp - 0x2a4], 0
mov byte [ebp - 0x294], al
jne short loc_fffbc800  ; jne 0xfffbc800
mov eax, dword [ebp + 8]
xor bl, bl
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov eax, dword [ebp + 8]
lea edi, [eax + 0x381a]

loc_fffbc7a9:  ; not directly referenced
mov al, byte [ebp - 0x294]
test byte [edi], al
je short loc_fffbc7e7  ; je 0xfffbc7e7
push eax
mov ecx, dword [ebp - 0x298]
mov edx, ebx
push eax
mov eax, dword [ebp - 0x29c]
add eax, edi
mov ax, word [eax + ecx + 0x11a7]
mov ecx, dword [ebp - 0x27c]
or ah, 1
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 0
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10

loc_fffbc7e7:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne short loc_fffbc7a9  ; jne 0xfffbc7a9
mov eax, dword [ebp + 8]
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b

loc_fffbc800:  ; not directly referenced
lea edi, [ebp - 0x253]

loc_fffbc806:  ; not directly referenced
push 0
xor ebx, ebx
push 0
push 0
push 0
push 0
push dword [ebp - 0x278]
push 0
push 1
push 0
movsx eax, byte [edi]
push eax
push 2
push dword [ebp + 8]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x2c
mov edx, dword [ebp - 0x2bc]
push 0
xor ecx, ecx
push 1
lea eax, [ebp - 0x25a]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb0f94  ; call 0xfffb0f94
lea eax, [ebp - 0x206]
add esp, 0x10
mov dword [ebp - 0x288], eax
mov dword [ebp - 0x280], 1

loc_fffbc863:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp + 8]
mov cl, byte [ebp - 0x294]
test byte [edx + eax + 0x381a], cl
je short loc_fffbc8e7  ; je 0xfffbc8e7
mov eax, dword [ebp + 8]
mov edx, ebx
shl edx, 0xa
add edx, 0x40ec
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp + 8]
and eax, dword [ebp - 0x2a8]
mov cl, byte [ecx + 0x2488]
mov word [ebp - 0x270], ax
mov ax, word [ebp + ebx*2 - 0x264]
or word [ebp - 0x270], ax
mov byte [ebp - 0x2a0], cl
xor ecx, ecx

loc_fffbc8bb:  ; not directly referenced
cmp byte [ebp - 0x2a0], cl
ja loc_fffbcb02  ; ja 0xfffbcb02
mov eax, dword [ebp - 0x2a8]
cmp word [ebp + ebx*2 - 0x264], ax
mov eax, 0
cmove eax, dword [ebp - 0x280]
mov dword [ebp - 0x280], eax

loc_fffbc8e7:  ; not directly referenced
inc ebx
add dword [ebp - 0x288], 9
cmp ebx, 2
jne loc_fffbc863  ; jne 0xfffbc863
cmp dword [ebp - 0x280], 1
jne loc_fffbcb38  ; jne 0xfffbcb38

loc_fffbc905:  ; not directly referenced
lea eax, [ebp - 0x206]
xor edi, edi
mov dword [ebp - 0x2a0], eax
mov eax, dword [ebp - 0x2b0]
mov dword [ebp - 0x28c], eax
mov eax, dword [ebp - 0x2ac]
mov dword [ebp - 0x288], eax
imul eax, dword [ebp - 0x278], 9
mov dword [ebp - 0x2c8], eax

loc_fffbc938:  ; not directly referenced
mov ebx, dword [ebp - 0x288]
mov al, byte [ebp - 0x294]
test byte [ebx + 0xc4], al
jne loc_fffbcb68  ; jne 0xfffbcb68

loc_fffbc950:  ; not directly referenced
inc edi
add dword [ebp - 0x288], 0x13c3
add dword [ebp - 0x28c], 0x13c3
add dword [ebp - 0x2a0], 9
cmp edi, 2
jne short loc_fffbc938  ; jne 0xfffbc938

loc_fffbc971:  ; not directly referenced
inc dword [ebp - 0x278]
add dword [ebp - 0x2b0], 0x12
cmp dword [ebp - 0x278], 4
jne loc_fffbc66b  ; jne 0xfffbc66b
push eax
mov ecx, 0x1010101
push eax
mov eax, dword [ebp + 8]
xor edx, edx
push 0
push 8
call fcn_fffa7fde  ; call 0xfffa7fde
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x214]
call fcn_fffa665e  ; call 0xfffa665e
mov eax, dword [ebp + 8]
add esp, 0x10
mov edx, 0x3670
cmp dword [eax + 0x188b], 1
mov eax, 0x367c
cmove edx, eax
mov eax, dword [ebp + 8]
xor ecx, ecx
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
call fcn_fffb0e8a  ; call 0xfffb0e8a
jmp near loc_fffbcdc5  ; jmp 0xfffbcdc5

loc_fffbc9df:  ; not directly referenced
mov eax, dword [ebp - 0x284]
movsx eax, byte [eax]
cmp al, 2
jle short loc_fffbca0d  ; jle 0xfffbca0d
mov edx, dword [ebp - 0x274]
sub eax, 2
and edx, dword [esi + ebx*4]
or edx, dword [ebp - 0x290]
shl eax, 7
mov word [ebp - 0x270], ax
mov dword [esi + ebx*4], edx
jmp short loc_fffbca4a  ; jmp 0xfffbca4a

loc_fffbca0d:  ; not directly referenced
test al, al
jns short loc_fffbca2b  ; jns 0xfffbca2b
mov edi, dword [ebp - 0x274]
mov word [ebp - 0x270], ax
and dword [esi + ebx*4], edi
shl word [ebp - 0x270], 7
jmp short loc_fffbca4a  ; jmp 0xfffbca4a

loc_fffbca2b:  ; not directly referenced
mov cl, byte [ebp - 0x2b4]
mov edx, dword [ebp - 0x274]
and edx, dword [esi + ebx*4]
mov word [ebp - 0x270], 0
shl eax, cl
or edx, eax
mov dword [esi + ebx*4], edx

loc_fffbca4a:  ; not directly referenced
mov eax, dword [ebp - 0x280]
add eax, dword [ebp - 0x28c]
mov byte [ebp - 0x288], 0
mov dword [ebp - 0x294], eax

loc_fffbca63:  ; not directly referenced
mov edi, dword [ebp + 8]
mov al, byte [ebp - 0x288]
cmp al, byte [edi + 0x2488]
jae short loc_fffbcae8  ; jae 0xfffbcae8
movzx ecx, byte [ebp - 0x288]
mov eax, dword [ebp - 0x28c]
mov edi, dword [ebp - 0x280]
mov edx, dword [ebp - 0x294]
lea eax, [ecx + eax + 0x90]
movzx edi, word [edi + eax*2 + 1]
movsx eax, word [ebp - 0x270]
movzx edx, byte [ecx + edx + 0x24d]
add edi, eax
lea eax, [edi + 0x20]
and edi, 0x1ff
and eax, 0x1ff
and edx, 0x3f
shl edi, 9
shl edx, 0x14
or eax, edi
or eax, edx
push edx
mov edx, ebx
push eax
mov eax, dword [ebp + 8]
push 3
push ecx
mov ecx, dword [ebp - 0x278]
call fcn_fffa73b0  ; call 0xfffa73b0
add esp, 0x10
inc byte [ebp - 0x288]
jmp near loc_fffbca63  ; jmp 0xfffbca63

loc_fffbcae8:  ; not directly referenced
mov ecx, dword [esi + ebx*4]
mov edx, ebx
mov eax, edi
shl edx, 0xa
add edx, 0x40d0
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffbc771  ; jmp 0xfffbc771

loc_fffbcb02:  ; not directly referenced
mov edx, 1
shl edx, cl
test word [ebp - 0x270], dx
jne short loc_fffbcb32  ; jne 0xfffbcb32
or word [ebp + ebx*2 - 0x264], dx
mov edx, dword [ebp - 0x284]
mov eax, dword [ebp - 0x288]
mov dl, byte [edx]
add byte [ebp + ebx - 0x266], dl
mov byte [eax + ecx], dl

loc_fffbcb32:  ; not directly referenced
inc ecx
jmp near loc_fffbc8bb  ; jmp 0xfffbc8bb

loc_fffbcb38:  ; not directly referenced
inc edi
cmp edi, esi
jne loc_fffbc806  ; jne 0xfffbc806
inc dword [ebp - 0x284]
lea eax, [ebp - 0x25a]
cmp dword [ebp - 0x284], eax
jne loc_fffbc74b  ; jne 0xfffbc74b
mov dword [ebp - 0x280], 0
jmp near loc_fffbc905  ; jmp 0xfffbc905

loc_fffbcb68:  ; not directly referenced
cmp dword [ebp - 0x280], 0
jne short loc_fffbcb81  ; jne 0xfffbcb81
mov eax, dword [ebp + 8]
cmp byte [eax + 0x1965], 0
jne loc_fffbccc1  ; jne 0xfffbccc1

loc_fffbcb81:  ; not directly referenced
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x2488]
mov bl, al
mov byte [ebp - 0x2bc], al
movsx eax, byte [ebp + edi - 0x266]
mov dl, bl
shr dl, 1
movsx ecx, bl
movzx edx, dl
xor ebx, ebx
add eax, edx
cdq
idiv ecx
mov byte [ebp - 0x270], al

loc_fffbcbb1:  ; not directly referenced
cmp byte [ebp - 0x270], 2
jle short loc_fffbcbe2  ; jle 0xfffbcbe2
mov eax, dword [ebp - 0x274]
and eax, dword [esi + edi*4]
or eax, dword [ebp - 0x290]
mov dword [esi + edi*4], eax
movsx eax, byte [ebp - 0x270]
sub eax, 2
shl eax, 7
mov word [ebp - 0x284], ax
jmp short loc_fffbcc33  ; jmp 0xfffbcc33

loc_fffbcbe2:  ; not directly referenced
cmp byte [ebp - 0x270], 0
jns short loc_fffbcc0d  ; jns 0xfffbcc0d
mov eax, dword [ebp - 0x274]
and dword [esi + edi*4], eax
movsx ax, byte [ebp - 0x270]
mov word [ebp - 0x284], ax
shl word [ebp - 0x284], 7
jmp short loc_fffbcc33  ; jmp 0xfffbcc33

loc_fffbcc0d:  ; not directly referenced
movsx eax, byte [ebp - 0x270]
mov cl, byte [ebp - 0x2b4]
mov edx, dword [ebp - 0x274]
and edx, dword [esi + edi*4]
mov word [ebp - 0x284], 0
shl eax, cl
or eax, edx
mov dword [esi + edi*4], eax

loc_fffbcc33:  ; not directly referenced
movsx ecx, word [ebp - 0x284]
xor eax, eax
movsx edx, byte [ebp - 0x270]
mov dword [ebp - 0x2c0], ecx
mov dword [ebp - 0x2c4], edx

loc_fffbcc4f:  ; not directly referenced
cmp byte [ebp - 0x2bc], al
jbe short loc_fffbcccb  ; jbe 0xfffbcccb
mov edx, dword [ebp - 0x2a0]
mov ecx, dword [ebp - 0x28c]
movsx edx, byte [edx + eax]
sub edx, dword [ebp - 0x2c4]
movzx ecx, word [ecx + eax*2 + 0x169]
shl edx, 7
add edx, dword [ebp - 0x2c0]
add ecx, edx
cmp ecx, 0x1bf
jle short loc_fffbcc91  ; jle 0xfffbcc91
inc ebx
inc byte [ebp - 0x270]
jmp short loc_fffbccae  ; jmp 0xfffbccae

loc_fffbcc91:  ; not directly referenced
mov ecx, dword [ebp - 0x28c]
movzx ecx, word [ecx + eax*2 + 0x121]
inc eax
add edx, ecx
cmp edx, 0x5f
jg short loc_fffbcc4f  ; jg 0xfffbcc4f
dec byte [ebp - 0x270]
inc ebx

loc_fffbccae:  ; not directly referenced
cmp bl, 3
jbe loc_fffbcbb1  ; jbe 0xfffbcbb1

loc_fffbccb7:  ; not directly referenced
mov eax, 1
jmp near loc_fffbcdc5  ; jmp 0xfffbcdc5

loc_fffbccc1:  ; not directly referenced
mov eax, 8
jmp near loc_fffbcdc5  ; jmp 0xfffbcdc5

loc_fffbcccb:  ; not directly referenced
cmp bl, 3
ja short loc_fffbccb7  ; ja 0xfffbccb7
lea eax, [edi + edi*8]
xor ebx, ebx
lea ecx, [ebp - 0x18]
add eax, ecx
mov dword [ebp - 0x2c0], eax

loc_fffbcce0:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2488]
jae short loc_fffbcd5b  ; jae 0xfffbcd5b
mov eax, dword [ebp - 0x2c8]
movzx ecx, bl
inc ebx
lea edx, [ecx + eax]
mov eax, dword [ebp - 0x2c0]
add edx, edx
add edx, dword [ebp - 0x288]
movsx eax, byte [ecx + eax - 0x1ee]
mov dword [ebp - 0x2bc], edx
movsx edx, byte [ebp - 0x270]
sub eax, edx
movsx edx, word [ebp - 0x284]
shl eax, 7
add eax, edx
mov edx, dword [ebp - 0x2bc]
add word [edx + 0x169], ax
add word [edx + 0x121], ax
mov edx, edi
push eax
mov eax, dword [ebp + 8]
push 0
push 0xff
push ecx
mov ecx, dword [ebp - 0x278]
call fcn_fffa73b0  ; call 0xfffa73b0
add esp, 0x10
jmp short loc_fffbcce0  ; jmp 0xfffbcce0

loc_fffbcd5b:  ; not directly referenced
mov ecx, dword [esi + edi*4]
mov edx, edi
shl edx, 0xa
add edx, 0x40d0
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x2a4], 0
jne loc_fffbc950  ; jne 0xfffbc950
mov eax, dword [ebp - 0x288]
mov ebx, dword [ebp - 0x298]
add eax, dword [ebp - 0x29c]
push edx
mov ecx, dword [ebp - 0x27c]
push edx
mov edx, edi
mov ax, word [eax + ebx + 0x126b]
or ah, 1
movzx eax, ax
push eax
mov eax, dword [ebp + 8]
push 0
call fcn_fffafd52  ; call 0xfffafd52
mov eax, dword [ebp + 8]
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b
add esp, 0x10
jmp near loc_fffbc950  ; jmp 0xfffbc950

loc_fffbcdc5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbcdcd:  ; not directly referenced
push ebp
mov ecx, 3
mov ebp, esp
push edi
push esi
mov esi, ref_fffd58e8  ; mov esi, 0xfffd58e8
push ebx
sub esp, 0x13c0
mov eax, dword [ebp + 8]
lea edi, [ebp - 0x1360]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0x1354]
mov esi, ref_fffd58f4  ; mov esi, 0xfffd58f4
mov byte [ebp - 0x1362], 0
mov eax, dword [eax + 0x5edc]
mov dword [ebp - 0x1384], eax
mov eax, dword [ebp + 8]
mov cl, 3
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov eax, dword [eax + 0x2443]
mov edi, eax
mov dword [ebp - 0x1394], eax
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x2480]
xor eax, eax
cmp edx, 1
sete al
mov dword [ebp - 0x1398], eax
xor eax, eax
cmp edx, 2
sete al
cmp edx, 3
mov dword [ebp - 0x1370], eax
mov dl, 0xaa
mov al, 0x55
cmovne eax, edx
xor ebx, ebx
mov byte [ebp - 0x1363], al
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
push 1
push 1
mov dword [ebp - 0x139c], eax
lea eax, [ebp - 0x1361]
push eax
mov eax, edi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10

loc_fffbce7a:  ; not directly referenced
push eax
push eax
mov eax, dword [ebp + 8]
push ebx
inc ebx
push 1
lea ecx, [ebp - 0x1362]
lea edx, [ebp - 0x1363]
call fcn_fffa81d3  ; call 0xfffa81d3
add esp, 0x10
cmp ebx, 4
jne short loc_fffbce7a  ; jne 0xfffbce7a
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x1360]
xor esi, esi
call fcn_fffa665e  ; call 0xfffa665e
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248e]
mov byte [ebp - 0x1374], al
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x248d]
mov byte [ebp - 0x1375], al
mov eax, dword [ebp + 8]
add eax, 0x3756
mov dword [ebp - 0x1388], eax
mov edi, eax

loc_fffbceda:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffbcfe7  ; jne 0xfffbcfe7
cmp dword [ebp - 0x139c], 1
jne short loc_fffbcf28  ; jne 0xfffbcf28
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, esi
call fcn_fffa7288  ; call 0xfffa7288
imul edx, esi, 0xcc
mov ecx, dword [ebp - 0x1384]
mov ecx, dword [ecx + edx + 0x1c]
mov edx, eax
mov eax, dword [ebp + 8]
or ecx, 0x40000000
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa834b  ; call 0xfffa834b

loc_fffbcf28:  ; not directly referenced
xor ebx, ebx

loc_fffbcf2a:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2488]
jae short loc_fffbcf8d  ; jae 0xfffbcf8d
movzx eax, bl
mov dword [ebp - 0x136c], 0
mov dword [ebp - 0x137c], eax

loc_fffbcf48:  ; not directly referenced
mov cl, byte [ebp - 0x136c]
mov eax, 1
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffbcf7b  ; je 0xfffbcf7b
push eax
mov ecx, dword [ebp - 0x136c]
mov edx, esi
push 0x20
mov eax, dword [ebp + 8]
push 5
push dword [ebp - 0x137c]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffbcf7b:  ; not directly referenced
inc dword [ebp - 0x136c]
cmp dword [ebp - 0x136c], 4
jne short loc_fffbcf48  ; jne 0xfffbcf48
inc ebx
jmp short loc_fffbcf2a  ; jmp 0xfffbcf2a

loc_fffbcf8d:  ; not directly referenced
cmp dword [ebp - 0x1370], 0
je short loc_fffbcfce  ; je 0xfffbcfce
mov eax, dword [ebp + 8]
lea ebx, [esi*8 + 0x4980]
mov edx, ebx
call fcn_fffae548  ; call 0xfffae548
mov dword [ebp + esi*8 - 0x1348], eax
push eax
push eax
mov eax, dword [ebp + 8]
push 0xfb73ea62
push 0xd951c840
mov dword [ebp + esi*8 - 0x1344], edx
mov edx, ebx
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10

loc_fffbcfce:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, esi
shl edx, 0xa
add edx, 0x4020
call fcn_fffae52a  ; call 0xfffae52a
mov dword [ebp - 0x138c], eax

loc_fffbcfe7:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne loc_fffbceda  ; jne 0xfffbceda
cmp dword [ebp - 0x1370], 0
je short loc_fffbd01d  ; je 0xfffbd01d
or dword [ebp - 0x138c], 0x80
mov edx, 0x4c20
mov ecx, dword [ebp - 0x138c]
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffbd01d:  ; not directly referenced
movzx eax, byte [ebp - 0x1374]
mov dword [ebp - 0x13a0], eax
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffb27d5  ; call 0xfffb27d5
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3756], 2
jne short loc_fffbd04f  ; jne 0xfffbd04f
mov ecx, 0x8049
mov edx, 0x4040
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbd04f:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
jne short loc_fffbd06a  ; jne 0xfffbd06a
mov ecx, 0x8049
mov edx, 0x4440
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbd06a:  ; not directly referenced
movzx eax, byte [ebp - 0x1375]
mov dword [ebp - 0x1374], 0
mov dword [ebp - 0x1380], 0
mov dword [ebp - 0x13c8], eax

loc_fffbd08b:  ; not directly referenced
mov edi, dword [ebp - 0x1374]
mov esi, dword [ebp - 0x13c8]
mov eax, edi
bt esi, edi
mov byte [ebp - 0x13b8], al
jae loc_fffbd61a  ; jae 0xfffbd61a
mov dword [ebp - 0x136c], 1
mov ecx, edi
xor ebx, ebx
shl dword [ebp - 0x136c], cl
mov al, byte [ebp - 0x136c]
mov byte [ebp - 0x1375], al
mov eax, edi
mov edi, dword [ebp - 0x1388]
shr al, 1
movzx eax, al
mov dword [ebp - 0x1390], eax
mov eax, dword [ebp - 0x13b8]
and eax, 1
mov dword [ebp - 0x137c], eax

loc_fffbd0ea:  ; not directly referenced
mov ecx, dword [ebp - 0x136c]
mov edx, ebx
mov eax, dword [ebp + 8]
call fcn_fffaac43  ; call 0xfffaac43
mov al, byte [ebp - 0x1375]
test byte [edi + 0xc4], al
je short loc_fffbd17f  ; je 0xfffbd17f
cmp dword [ebp - 0x1398], 0
je short loc_fffbd117  ; je 0xfffbd117
push ecx
push ecx
push 4
jmp short loc_fffbd144  ; jmp 0xfffbd144

loc_fffbd117:  ; not directly referenced
cmp dword [ebp - 0x1370], 0
je short loc_fffbd159  ; je 0xfffbd159
imul edx, dword [ebp - 0x137c], 0x18
imul eax, dword [ebp - 0x1390], 0x128
add eax, edx
mov ax, word [edi + eax + 0x1271]
push edx
push edx
or eax, 4
movzx eax, ax
push eax

loc_fffbd144:  ; not directly referenced
mov ecx, dword [ebp - 0x136c]
mov edx, ebx
mov eax, dword [ebp + 8]
push 3
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10

loc_fffbd159:  ; not directly referenced
mov esi, ebx
mov eax, dword [ebp + 8]
shl esi, 0xa
add esi, 0x4194
mov edx, esi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, esi
or eax, 0x80000000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbd17f:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne loc_fffbd0ea  ; jne 0xfffbd0ea
mov dword [ebp - 0x137c], 0

loc_fffbd199:  ; not directly referenced
push 1
mov eax, dword [ebp - 0x137c]
xor edi, edi
push 0
push 0
push 0
push 0
sub eax, 0x20
push 0
push 0
push 1
push 0
push eax
push 1
push dword [ebp + 8]
call fcn_fffcc900  ; call 0xfffcc900
mov eax, dword [ebp + 8]
add esp, 0x2c
mov edx, dword [ebp - 0x13a0]
movzx ecx, byte [eax + 0x248b]
lea eax, [ebp - 0x1361]
push 0
push 1
push eax
mov eax, dword [ebp + 8]
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10

loc_fffbd1ea:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp + 8]
mov bl, byte [ebp - 0x1375]
test byte [esi + eax + 0x381a], bl
je loc_fffbd2de  ; je 0xfffbd2de
mov ebx, edi
mov eax, esi
shl ebx, 0xa
lea edx, [ebx + 0x40e0]
call fcn_fffae548  ; call 0xfffae548
mov dword [ebp - 0x13a8], eax
lea eax, [ebx + 0x40e8]
xor ebx, ebx
mov dword [ebp - 0x13bc], eax
lea eax, [edi + edi*8]
mov dword [ebp - 0x13a4], edx
mov dword [ebp - 0x13c0], eax

loc_fffbd23b:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp bl, byte [eax + 0x2488]
jae loc_fffbd2de  ; jae 0xfffbd2de
cmp bl, 7
ja short loc_fffbd273  ; ja 0xfffbd273
push eax
movzx eax, bl
shl eax, 3
push eax
mov eax, dword [ebp - 0x1394]
push dword [ebp - 0x13a4]
push dword [ebp - 0x13a8]
call dword [eax + 0x6c]  ; ucall
add esp, 0x10
mov cl, al
jmp short loc_fffbd283  ; jmp 0xfffbd283

loc_fffbd273:  ; not directly referenced
mov edx, dword [ebp - 0x13bc]
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
mov cl, al

loc_fffbd283:  ; not directly referenced
movzx eax, cl
mov dword [ebp - 0x13c4], ecx
call fcn_fffaeba2  ; call 0xfffaeba2
mov ecx, dword [ebp - 0x13c4]
cmp dword [ebp - 0x1380], 0
jne short loc_fffbd2ad  ; jne 0xfffbd2ad
xor edx, edx
cmp al, 6
setbe dl
mov dword [ebp - 0x1380], edx

loc_fffbd2ad:  ; not directly referenced
movzx esi, bl
mov edx, 1
test cl, cl
je short loc_fffbd2c2  ; je 0xfffbd2c2
xor edx, edx
cmp al, 7
sete dl
add edx, edx

loc_fffbd2c2:  ; not directly referenced
add esi, dword [ebp - 0x13c0]
inc ebx
shl esi, 6
add esi, dword [ebp - 0x137c]
mov dword [ebp + esi*4 - 0x1218], edx
jmp near loc_fffbd23b  ; jmp 0xfffbd23b

loc_fffbd2de:  ; not directly referenced
inc edi
cmp edi, 2
jne loc_fffbd1ea  ; jne 0xfffbd1ea
mov eax, dword [ebp + 8]
call fcn_fffb0e8a  ; call 0xfffb0e8a
inc dword [ebp - 0x137c]
cmp dword [ebp - 0x137c], 0x40
jne loc_fffbd199  ; jne 0xfffbd199
mov eax, dword [ebp - 0x1384]
xor di, di
mov ebx, dword [ebp - 0x1388]
lea esi, [eax + 0x70]
mov eax, dword [ebp - 0x13b8]
and eax, 1
mov dword [ebp - 0x13b8], eax

loc_fffbd324:  ; not directly referenced
mov al, byte [ebp - 0x1375]
test byte [ebx + 0xc4], al
je loc_fffbd3cb  ; je 0xfffbd3cb
mov eax, edi
shl eax, 0xa
add eax, 0x4194
mov edx, eax
mov dword [ebp - 0x137c], eax
mov eax, dword [ebp + 8]
call fcn_fffae52a  ; call 0xfffae52a
mov edx, dword [ebp - 0x137c]
and eax, 0x7fffffff
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x1398], 0
je short loc_fffbd374  ; je 0xfffbd374
push eax
push eax
push 0
jmp short loc_fffbd39b  ; jmp 0xfffbd39b

loc_fffbd374:  ; not directly referenced
cmp dword [ebp - 0x1370], 0
je short loc_fffbd3b0  ; je 0xfffbd3b0
push eax
push eax
imul edx, dword [ebp - 0x13b8], 0x18
imul eax, dword [ebp - 0x1390], 0x128
add eax, edx
movzx eax, word [ebx + eax + 0x1271]
push eax

loc_fffbd39b:  ; not directly referenced
mov ecx, dword [ebp - 0x136c]
mov edx, edi
mov eax, dword [ebp + 8]
push 3
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10

loc_fffbd3b0:  ; not directly referenced
push eax
mov eax, dword [ebp + 8]
push 0
movzx eax, byte [eax + 0x2488]
push eax
mov eax, dword [ebp - 0x1394]
push esi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbd3cb:  ; not directly referenced
inc edi
add esi, 0xcc
add ebx, 0x13c3
cmp edi, 2
jne loc_fffbd324  ; jne 0xfffbd324
lea eax, [ebp - 0x1298]
mov edx, 0xffffffe0
mov dword [ebp - 0x13b8], eax

loc_fffbd3f2:  ; not directly referenced
mov eax, dword [ebp + 8]
lea ecx, [ebp - 0x12f0]
lea edi, [ebp - 0x12a8]
add eax, 0x381a
mov dword [ebp - 0x1390], eax
lea eax, [ebp - 0x1338]
mov dword [ebp - 0x136c], eax
lea eax, [ebp - 0x1260]
mov dword [ebp - 0x137c], eax
mov eax, dword [ebp - 0x13b8]
mov dword [ebp - 0x13a8], eax
lea eax, [edx - 1]
mov dword [ebp - 0x13c4], eax

loc_fffbd439:  ; not directly referenced
mov esi, dword [ebp - 0x1390]
mov al, byte [ebp - 0x1375]
test byte [esi], al
je short loc_fffbd4af  ; je 0xfffbd4af
mov eax, dword [ebp + 8]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x13bc], al
xor eax, eax
jmp short loc_fffbd4a7  ; jmp 0xfffbd4a7

loc_fffbd45c:  ; not directly referenced
mov ebx, eax
mov esi, eax
mov eax, dword [ebp - 0x13a8]
shl ebx, 8
mov ebx, dword [eax + ebx + 0x80]
mov eax, dword [ebp - 0x1380]
xor eax, 1
cmp ebx, 2
cmove ebx, eax
cmp dl, 0xe0
mov eax, esi
jne loc_fffbd514  ; jne 0xfffbd514
test ebx, ebx
je short loc_fffbd4ea  ; je 0xfffbd4ea
mov dword [ecx + esi*4], edx
mov esi, dword [ebp - 0x136c]
mov dword [edi + eax*4], edx
mov dword [esi + eax*4], edx
mov esi, dword [ebp - 0x137c]
mov dword [esi + eax*4], edx

loc_fffbd4a6:  ; not directly referenced
inc eax

loc_fffbd4a7:  ; not directly referenced
cmp byte [ebp - 0x13bc], al
ja short loc_fffbd45c  ; ja 0xfffbd45c

loc_fffbd4af:  ; not directly referenced
add ecx, 0x24
add edi, 0x24
lea eax, [ebp - 0x12a8]
add dword [ebp - 0x1390], 0x13c3
add dword [ebp - 0x136c], 0x24
add dword [ebp - 0x137c], 0x24
add dword [ebp - 0x13a8], 0x900
cmp ecx, eax
jne loc_fffbd439  ; jne 0xfffbd439
jmp near loc_fffbd56d  ; jmp 0xfffbd56d

loc_fffbd4ea:  ; not directly referenced
mov dword [ecx + esi*4], 0xffffffdf
mov esi, dword [ebp - 0x136c]
mov dword [edi + eax*4], 0xffffffdf
mov dword [esi + eax*4], 0xffffffdf
mov esi, dword [ebp - 0x137c]
mov dword [esi + eax*4], 0xffffffdf
jmp short loc_fffbd4a6  ; jmp 0xfffbd4a6

loc_fffbd514:  ; not directly referenced
test ebx, ebx
je short loc_fffbd4a6  ; je 0xfffbd4a6
mov ebx, dword [ebp - 0x13c4]
cmp dword [ecx + esi*4], ebx
mov dword [ecx + esi*4], edx
je short loc_fffbd52f  ; je 0xfffbd52f
mov esi, dword [ebp - 0x136c]
mov dword [esi + eax*4], edx

loc_fffbd52f:  ; not directly referenced
mov ebx, dword [ebp - 0x136c]
mov esi, edx
mov ebx, dword [ebx + eax*4]
mov dword [ebp - 0x13c0], ebx
sub esi, ebx
mov ebx, dword [ebp - 0x137c]
mov ebx, dword [ebx + eax*4]
sub ebx, dword [edi + eax*4]
cmp esi, ebx
jle loc_fffbd4a6  ; jle 0xfffbd4a6
mov esi, dword [ebp - 0x13c0]
mov ebx, dword [ebp - 0x137c]
mov dword [edi + eax*4], esi
mov dword [ebx + eax*4], edx
jmp near loc_fffbd4a6  ; jmp 0xfffbd4a6

loc_fffbd56d:  ; not directly referenced
inc edx
add dword [ebp - 0x13b8], 4
cmp edx, 0x20
jne loc_fffbd3f2  ; jne 0xfffbd3f2
imul ecx, dword [ebp - 0x1374], 9
xor edi, edi
mov eax, dword [ebp - 0x1388]
mov dword [ebp - 0x137c], ecx

loc_fffbd593:  ; not directly referenced
mov bl, byte [ebp - 0x1375]
test byte [eax + 0xc4], bl
jne short loc_fffbd5ae  ; jne 0xfffbd5ae

loc_fffbd5a1:  ; not directly referenced
inc edi
add eax, 0x13c3
cmp edi, 2
je short loc_fffbd61a  ; je 0xfffbd61a
jmp short loc_fffbd593  ; jmp 0xfffbd593

loc_fffbd5ae:  ; not directly referenced
mov ebx, dword [ebp - 0x137c]
xor edx, edx
lea ecx, [eax + ebx]
mov dword [ebp - 0x136c], ecx

loc_fffbd5bf:  ; not directly referenced
mov ecx, dword [ebp + 8]
cmp dl, byte [ecx + 0x2488]
jae short loc_fffbd5a1  ; jae 0xfffbd5a1
movzx ebx, dl
lea esi, [edi + edi*8]
add esi, ebx
mov ecx, dword [ebp + esi*4 - 0x12a8]
mov esi, dword [ebp + esi*4 - 0x1260]
sub esi, ecx
jne short loc_fffbd5f5  ; jne 0xfffbd5f5
mov esi, dword [ebp + 8]
cmp byte [esi + 0x1965], 0
je short loc_fffbd600  ; je 0xfffbd600
jmp near loc_fffbd79f  ; jmp 0xfffbd79f

loc_fffbd5f5:  ; not directly referenced
cmp esi, 0xc
jle short loc_fffbd600  ; jle 0xfffbd600
sar esi, 1
add esi, ecx
jmp short loc_fffbd602  ; jmp 0xfffbd602

loc_fffbd600:  ; not directly referenced
xor esi, esi

loc_fffbd602:  ; not directly referenced
add ebx, dword [ebp - 0x136c]
inc edx
lea ecx, [esi + 0x20]
mov byte [ebx + 0x104a], cl
mov byte [ebx + 0x106e], cl
jmp short loc_fffbd5bf  ; jmp 0xfffbd5bf

loc_fffbd61a:  ; not directly referenced
inc dword [ebp - 0x1374]
cmp dword [ebp - 0x1374], 4
jne loc_fffbd08b  ; jne 0xfffbd08b
cmp dword [ebp - 0x1370], 0
je short loc_fffbd69a  ; je 0xfffbd69a
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3756], 2
jne short loc_fffbd65d  ; jne 0xfffbd65d
push ebx
mov edx, 0x4980
push ebx
push dword [ebp - 0x1344]
push dword [ebp - 0x1348]
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10

loc_fffbd65d:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
jne short loc_fffbd684  ; jne 0xfffbd684
push ecx
mov edx, 0x4988
push ecx
push dword [ebp - 0x133c]
push dword [ebp - 0x1340]
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10

loc_fffbd684:  ; not directly referenced
mov ecx, dword [ebp - 0x138c]
mov edx, 0x4c20
mov eax, dword [ebp + 8]
and cl, 0x7f
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffbd69a:  ; not directly referenced
xor esi, esi

loc_fffbd69c:  ; not directly referenced
mov eax, 1
mov ecx, esi
shl eax, cl
xor ebx, ebx
mov dword [ebp - 0x136c], eax

loc_fffbd6ad:  ; not directly referenced
mov eax, esi
test al, al
sete dl
cmp dword [ebp - 0x139c], 1
sete al
test dl, al
je short loc_fffbd6f8  ; je 0xfffbd6f8
mov eax, dword [ebp + 8]
mov ecx, 0xff
mov edx, ebx
call fcn_fffa7288  ; call 0xfffa7288
imul edx, ebx, 0xcc
mov edi, dword [ebp - 0x1384]
mov ecx, dword [edi + edx + 0x1c]
mov edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa834b  ; call 0xfffa834b

loc_fffbd6f8:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edi, dword [ebp + 8]
mov cl, byte [ebp - 0x136c]
test byte [edi + eax + 0x381a], cl
jne short loc_fffbd718  ; jne 0xfffbd718

loc_fffbd710:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbd6ad  ; jne 0xfffbd6ad
jmp short loc_fffbd747  ; jmp 0xfffbd747

loc_fffbd718:  ; not directly referenced
xor edi, edi

loc_fffbd71a:  ; not directly referenced
mov ecx, dword [ebp + 8]
mov eax, edi
cmp al, byte [ecx + 0x2488]
jae short loc_fffbd710  ; jae 0xfffbd710
push edx
mov eax, edi
push 0
movzx eax, al
push 0xff
mov ecx, esi
push eax
mov eax, dword [ebp + 8]
mov edx, ebx
inc edi
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
jmp short loc_fffbd71a  ; jmp 0xfffbd71a

loc_fffbd747:  ; not directly referenced
inc esi
cmp esi, 4
jne loc_fffbd69c  ; jne 0xfffbd69c
push eax
mov ecx, 0x1010101
push eax
mov eax, dword [ebp + 8]
xor edx, edx
push 0
push 8
call fcn_fffa7fde  ; call 0xfffa7fde
mov eax, dword [ebp + 8]
lea edx, [ebp - 0x1354]
call fcn_fffa665e  ; call 0xfffa665e
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 1
push dword [ebp + 8]
call fcn_fffcc900  ; call 0xfffcc900
mov eax, dword [ebp + 8]
add esp, 0x40
call fcn_fffb0e8a  ; call 0xfffb0e8a
jmp short loc_fffbd7a4  ; jmp 0xfffbd7a4

loc_fffbd79f:  ; not directly referenced
mov eax, 6

loc_fffbd7a4:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbd7ac:  ; not directly referenced
push ebp
mov ecx, 2
mov ebp, esp
sub esp, 0x10
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248e]
push 0xa
push 1
call fcn_fffcd1ac  ; call 0xfffcd1ac
leave
ret

fcn_fffbd7cc:  ; not directly referenced
push ebp
mov ecx, 1
mov ebp, esp
sub esp, 0x10
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248e]
push 0xa
push 1
call fcn_fffcd1ac  ; call 0xfffcd1ac
leave
ret

fcn_fffbd7ec:  ; not directly referenced
push ebp
mov ecx, 0xb
mov ebp, esp
sub esp, 0x10
mov eax, dword [ebp + 8]
movzx edx, byte [eax + 0x248e]
push 0x11
push 0
call fcn_fffcd1ac  ; call 0xfffcd1ac
leave
ret

fcn_fffbd80c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov dword [ebp - 0x1c], eax
mov eax, dword [eax + 0x5edc]
mov dword [ebp - 0x20], edx
mov byte [ebp - 0x2a], cl
mov dword [ebp - 0x24], eax
lea eax, [ecx - 1]
cmp al, 1
jbe short loc_fffbd835  ; jbe 0xfffbd835

loc_fffbd82e:  ; not directly referenced
xor esi, esi
jmp near loc_fffbdae8  ; jmp 0xfffbdae8

loc_fffbd835:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
movzx ebx, cl
dec cl
mov edx, ebx
mov ecx, 1
movzx edi, byte [ebx + ref_fffd5f1c]  ; movzx edi, byte [ebx - 0x2a0e4]
sete byte [ebp - 0x28]
add byte [ebp - 0x28], 8
call fcn_fffb13cf  ; call 0xfffb13cf
mov edx, ebx
mov ebx, dword [ebp - 0x1c]
xor ecx, ecx
imul edi, edi, 0x240
movzx esi, ax
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
add edi, dword [ebp - 0x20]
mov dword [ebp - 0x38], edi
movzx eax, ax
add eax, esi
xor esi, esi
mov dword [ebp - 0x30], eax
mov eax, ebx
add eax, 0x3756
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x24]
sar dword [ebp - 0x30], 1
mov dword [ebp - 0x24], 0
add eax, 0x1c
mov dword [ebp - 0x40], eax
mov dword [ebp - 0x34], eax
movzx eax, byte [ebp - 0x28]
mov dword [ebp - 0x48], eax

loc_fffbd8a6:  ; not directly referenced
mov eax, dword [ebp - 0x20]
cmp dword [eax], 2
jne loc_fffbda64  ; jne 0xfffbda64
imul eax, dword [ebp - 0x24], 9
mov byte [ebp - 0x29], 0
mov dword [ebp - 0x44], eax

loc_fffbd8bd:  ; not directly referenced
mov ebx, dword [ebp - 0x1c]
mov al, byte [ebp - 0x29]
cmp al, byte [ebx + 0x2488]
jae loc_fffbda64  ; jae 0xfffbda64
mov edi, dword [ebp - 0x20]
xor ecx, ecx
mov dword [ebp - 0x28], 0xffffffff
mov bl, byte [edi + 0xc4]
mov edi, dword [ebp - 0x38]
mov byte [ebp - 0x3c], bl
movzx ebx, al
mov eax, dword [ebp - 0x44]
add eax, ebx
lea edx, [edi + eax*8 + 4]

loc_fffbd8f3:  ; not directly referenced
mov edi, 1
shl edi, cl
mov eax, edi
test byte [ebp - 0x3c], al
je short loc_fffbd911  ; je 0xfffbd911
mov eax, dword [ebp - 0x28]
mov edi, dword [edx]
add edi, dword [edx - 4]
cmp eax, edi
cmovbe edi, eax
mov dword [ebp - 0x28], edi

loc_fffbd911:  ; not directly referenced
inc ecx
add edx, 0x90
cmp ecx, 4
jne short loc_fffbd8f3  ; jne 0xfffbd8f3
mov eax, dword [ebp - 0x30]
cmp dword [ebp - 0x28], eax
jbe loc_fffbda5c  ; jbe 0xfffbda5c
movzx edi, byte [ebp - 0x29]
xor esi, esi

loc_fffbd92f:  ; not directly referenced
mov edx, dword [ebp - 0x20]
mov eax, 1
mov ecx, esi
shl eax, cl
test byte [edx + 0xc4], al
je short loc_fffbd964  ; je 0xfffbd964
push 0
push 0
push 1
push 0
push edi
push esi
push dword [ebp - 0x24]
push 0
push 0
push 0
push dword [ebp - 0x48]
push dword [ebp - 0x1c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30

loc_fffbd964:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffbd92f  ; jne 0xfffbd92f
mov eax, dword [ebp - 0x20]
movzx edi, byte [ebp - 0x29]
mov dword [ebp - 0x28], 0
lea esi, [eax + ebx + 0x104a]
lea ebx, [ebx + ebx + 0x121]
add ebx, eax
lea eax, [edi*4]
mov dword [ebp - 0x3c], eax

loc_fffbd992:  ; not directly referenced
mov cl, byte [ebp - 0x28]
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x20]
test byte [ecx + 0xc4], al
je loc_fffbda44  ; je 0xfffbda44
cmp byte [ebp - 0x2a], 1
jne short loc_fffbd9f0  ; jne 0xfffbd9f0
mov al, byte [esi + 0x24]
xor edx, edx
lea ecx, [eax - 9]
cmp al, 0xa
mov al, cl
cmovb eax, edx
mov byte [esi + 0x24], al
mov al, byte [esi]
cmp al, 0xa
lea ecx, [eax - 9]
mov eax, dword [ebp - 0x1c]
cmovae edx, ecx
mov ecx, dword [ebp - 0x28]
mov byte [esi], dl
push edx
mov edx, dword [ebp - 0x24]
push 0
push 0xff
push edi
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10
mov eax, 0x40000000
jmp short loc_fffbda3a  ; jmp 0xfffbda3a

loc_fffbd9f0:  ; not directly referenced
mov dx, word [ebx + 0x48]
mov eax, 0x1ff
lea ecx, [edx + 9]
cmp dx, 0x1f5
mov edx, ecx
cmova edx, eax
mov word [ebx + 0x48], dx
mov dx, word [ebx]
cmp dx, 0x1f5
lea ecx, [edx + 9]
mov edx, dword [ebp - 0x24]
cmovbe eax, ecx
mov ecx, dword [ebp - 0x28]
mov word [ebx], ax
push eax
mov eax, dword [ebp - 0x1c]
push 0
push 0xff
push edi
call fcn_fffa73b0  ; call 0xfffa73b0
add esp, 0x10
mov eax, 0x20000000

loc_fffbda3a:  ; not directly referenced
mov edx, dword [ebp - 0x34]
mov ecx, dword [ebp - 0x3c]
or dword [edx + ecx + 0x28], eax

loc_fffbda44:  ; not directly referenced
inc dword [ebp - 0x28]
add esi, 9
add ebx, 0x12
cmp dword [ebp - 0x28], 4
jne loc_fffbd992  ; jne 0xfffbd992
mov esi, 1

loc_fffbda5c:  ; not directly referenced
inc byte [ebp - 0x29]
jmp near loc_fffbd8bd  ; jmp 0xfffbd8bd

loc_fffbda64:  ; not directly referenced
inc dword [ebp - 0x24]
add dword [ebp - 0x20], 0x13c3
add dword [ebp - 0x34], 0xcc
cmp dword [ebp - 0x24], 2
jne loc_fffbd8a6  ; jne 0xfffbd8a6
test esi, esi
je loc_fffbd82e  ; je 0xfffbd82e
mov edi, dword [ebp - 0x40]
xor ebx, ebx

loc_fffbda8c:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp - 0x1c]
cmp dword [edx + eax + 0x3756], 2
je short loc_fffbdaad  ; je 0xfffbdaad

loc_fffbda9f:  ; not directly referenced
inc ebx
add edi, 0xcc
cmp ebx, 2
je short loc_fffbdae8  ; je 0xfffbdae8
jmp short loc_fffbda8c  ; jmp 0xfffbda8c

loc_fffbdaad:  ; not directly referenced
mov byte [ebp - 0x20], 0

loc_fffbdab1:  ; not directly referenced
mov ecx, dword [ebp - 0x1c]
mov al, byte [ebp - 0x20]
cmp al, byte [ecx + 0x2488]
jae short loc_fffbda9f  ; jae 0xfffbda9f
movzx eax, byte [ebp - 0x20]
mov edx, ebx
mov ecx, eax
mov dword [ebp - 0x24], eax
mov eax, dword [ebp - 0x1c]
call fcn_fffa720e  ; call 0xfffa720e
mov edx, dword [ebp - 0x24]
mov ecx, dword [edi + edx*4 + 0x28]
mov edx, eax
mov eax, dword [ebp - 0x1c]
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x20]
jmp short loc_fffbdab1  ; jmp 0xfffbdab1

loc_fffbdae8:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbdaf2:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd5900  ; mov esi, 0xfffd5900
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x67], 4
mov byte [ebp - 0x66], 1
mov eax, dword [ebx + 0x1887]
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
je loc_fffbdbdd  ; je 0xfffbdbdd
mov cl, 1
mov edx, 4
mov eax, ebx
mov esi, 4
call fcn_fffb13cf  ; call 0xfffb13cf
mov edx, dword [ebp - 0x60]
mov ecx, 1
cmp ax, dx
cmovae edx, eax
mov eax, ebx
mov word [ebp - 0x60], dx
mov edx, 1
call fcn_fffb13cf  ; call 0xfffb13cf
mov dx, word [ebp - 0x5e]
mov byte [ebp - 0x69], 1
cmp ax, dx
cmovae edx, eax
cmp dword [ebx + 0x188b], 1
mov word [ebp - 0x5e], dx
sete al
lea eax, [eax + eax*4 + 7]
movsx edi, al

loc_fffbdb9b:  ; not directly referenced
mov al, byte [ebp - 0x69]
test byte [ebx + 0x248d], al
je short loc_fffbdbd7  ; je 0xfffbdbd7
push eax
mov ecx, 3
push 0
push 0
push 0xf
push edi
push 0
lea eax, [ebp - 0x60]
push eax
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
movzx eax, byte [ebp - 0x69]
push 5
lea edx, [ebp - 0x56]
push eax
mov eax, ebx
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30

loc_fffbdbd7:  ; not directly referenced
shl byte [ebp - 0x69], 1
dec esi
jne short loc_fffbdb9b  ; jne 0xfffbdb9b

loc_fffbdbdd:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbdbe7:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x60
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x67], 4
lea esi, [ebp - 0x60]
mov byte [ebp - 0x66], 1
mov byte [ebp - 0x65], 1
mov edi, dword [ebx + 0x2443]
push 0
push 8
mov eax, dword [ebx + 0x5edc]
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
add eax, 0x1bc
push eax
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 5
push esi
call dword [edi + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
add esp, 0x10
cmp dword [ebx + 0x188b], 1
mov word [ebp - 0x5e], ax
jne short loc_fffbdc82  ; jne 0xfffbdc82
mov eax, ebx
call fcn_fffa9b8c  ; call 0xfffa9b8c
mov eax, 8
mov edx, 0x2f
add word [ebp - 0x5e], 0x28
jmp short loc_fffbdc89  ; jmp 0xfffbdc89

loc_fffbdc82:  ; not directly referenced
xor eax, eax
mov edx, 7

loc_fffbdc89:  ; not directly referenced
push ecx
mov ecx, 3
push 0
push 0
push 0xf
push edx
push eax
push esi
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, ebx
push 6
lea edx, [ebp - 0x56]
push 0xf
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x28
mov eax, ebx
push 0
mov ecx, 3
push 0xf
push 0
push 0
push 0
lea edx, [ebx + 0x2490]
push 1
call fcn_fffc0a2d  ; call 0xfffc0a2d
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbdcd9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x140
mov edi, dword [ebp + 8]
mov dword [ebp - 0xe4], 1
mov dword [ebp - 0xe0], 1
mov eax, dword [edi + 0x2443]
mov ebx, dword [edi + 0x5edc]
mov esi, eax
mov dword [ebp - 0x110], eax
mov eax, dword [edi + 0x1887]
mov dword [ebp - 0x108], eax
mov eax, dword [edi + 0x1883]
push 0
push 0x10
mov dword [ebp - 0x100], eax
lea eax, [ebp - 0xc8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 1
push 3
lea eax, [ebp - 0xee]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp dword [edi + 0x2480], 2
mov byte [ebp - 0xf1], 0xfc
mov byte [ebp - 0xf0], 4
mov byte [ebp - 0xef], 0
jne loc_fffbe4d2  ; jne 0xfffbe4d2
mov eax, dword [edi + 0x5edc]
mov dword [ebp - 0x100], eax
mov eax, dword [edi + 0x2443]
mov esi, eax
mov dword [ebp - 0x110], eax
push eax
push 0
push 0x10
lea eax, [ebp - 0xb8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 1
push 3
lea eax, [ebp - 0xe8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
xor eax, eax
mov byte [ebp - 0xeb], 0xfc
mov byte [ebp - 0xea], 4
mov byte [ebp - 0xe9], 0

loc_fffbddc8:  ; not directly referenced
mov byte [ebp + eax - 0xd4], al
inc eax
cmp eax, 9
jne short loc_fffbddc8  ; jne 0xfffbddc8
mov ecx, 1
mov edx, 5
mov eax, edi
call fcn_fffb13cf  ; call 0xfffb13cf
xor ecx, ecx
mov edx, 5
lea ebx, [edi + 0x2b50]
mov word [ebp - 0x138], ax
mov eax, edi
call fcn_fffb13cf  ; call 0xfffb13cf
sub esp, 0xc
mov ecx, 0x11
mov word [ebp - 0x13c], ax
movzx eax, byte [edi + 0x248e]
push 0
mov edx, eax
mov dword [ebp - 0x10c], eax
mov eax, edi
call fcn_fffb26ca  ; call 0xfffb26ca
mov al, byte [ebp - 0xe7]
mov ecx, 2
mov byte [ebp - 0x11c], al
mov al, byte [ebp - 0xe8]
add byte [ebp - 0x11c], al
mov al, byte [ebp - 0xe6]
add byte [ebp - 0x11c], al
lea eax, [edi + 0x2490]
mov dword [ebp - 0x140], eax
mov edx, eax
mov eax, edi
call fcn_fffa66dd  ; call 0xfffa66dd
add esp, 0x10
xor ecx, ecx

loc_fffbde6b:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
mov dword [ebp + ecx*4 - 0xdc], 0
bt eax, ecx
jae short loc_fffbdea3  ; jae 0xfffbdea3
mov eax, dword [ebx + 4]
mov esi, 0x14
xor edx, edx
add eax, dword [ebx]
div esi
mov si, 0xc
lea edx, [eax - 1]
cmp edx, 0xb
cmova eax, esi
mov dword [ebp + ecx*4 - 0xdc], eax

loc_fffbdea3:  ; not directly referenced
inc ecx
add ebx, 0x48
cmp ecx, 2
jne short loc_fffbde6b  ; jne 0xfffbde6b
push eax
push 0
push 0x80
lea eax, [ebp - 0x98]
push eax
mov eax, dword [ebp - 0x110]
call dword [eax + 0x5c]  ; ucall
mov eax, dword [ebp - 0x100]
add esp, 0x10
mov dword [ebp - 0xfc], 0
add eax, 0x70
mov dword [ebp - 0x134], eax

loc_fffbdee0:  ; not directly referenced
xor esi, esi

loc_fffbdee2:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
bt eax, esi
jb short loc_fffbdef7  ; jb 0xfffbdef7

loc_fffbdeed:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffbdee2  ; jne 0xfffbdee2
xor esi, esi
jmp short loc_fffbdf4c  ; jmp 0xfffbdf4c

loc_fffbdef7:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
mov ecx, 0xc
xor ebx, ebx
movsx eax, byte [ebp + eax - 0xeb]
imul eax, dword [ebp + esi*4 - 0xdc]
cdq
idiv ecx
mov dword [ebp - 0x100], eax

loc_fffbdf1d:  ; not directly referenced
cmp bl, byte [edi + 0x2488]
jae short loc_fffbdeed  ; jae 0xfffbdeed
push 1
movzx eax, bl
push 0
inc ebx
push 1
push 0
push eax
push 0
push esi
push 0
push 0
push dword [ebp - 0x100]
push 2
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
jmp short loc_fffbdf1d  ; jmp 0xfffbdf1d

loc_fffbdf4c:  ; not directly referenced
mov eax, dword [ebp - 0x134]
mov ecx, esi
xor ebx, ebx
mov dword [ebp - 0x100], 1
shl dword [ebp - 0x100], cl
mov dword [ebp - 0x108], eax
mov byte [ebp - 0x104], 0

loc_fffbdf73:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffbdfb5  ; jne 0xfffbdfb5
mov ecx, dword [ebp - 0x100]
mov edx, ebx
mov eax, edi
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0x104], al
push eax
push 0
movzx eax, byte [edi + 0x2488]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x108]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbdfb5:  ; not directly referenced
inc ebx
add dword [ebp - 0x108], 0xcc
cmp ebx, 2
jne short loc_fffbdf73  ; jne 0xfffbdf73
push ecx
mov edx, dword [ebp - 0x140]
push ecx
movzx ecx, byte [ebp - 0x104]
lea eax, [ebp - 0xb8]
push eax
push 0x25
lea eax, [ebp - 0xd4]
push eax
mov eax, edi
push 5
push 0
push esi
inc esi
call fcn_fffd13ed  ; call 0xfffd13ed
add esp, 0x20
cmp esi, 2
jne loc_fffbdf4c  ; jne 0xfffbdf4c
lea eax, [ebp - 0xa8]
xor esi, esi
mov dword [ebp - 0x130], eax
lea eax, [ebp - 0x98]
mov dword [ebp - 0x128], eax

loc_fffbe017:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
bt eax, esi
jb short loc_fffbe03b  ; jb 0xfffbe03b

loc_fffbe022:  ; not directly referenced
inc esi
add dword [ebp - 0x128], 0x40
add dword [ebp - 0x130], 8
cmp esi, 2
jne short loc_fffbe017  ; jne 0xfffbe017
jmp near loc_fffbe1ed  ; jmp 0xfffbe1ed

loc_fffbe03b:  ; not directly referenced
imul edx, esi, 0x13c3
mov ebx, dword [ebp - 0x130]
mov ecx, dword [ebp - 0x128]
mov dword [ebp - 0x108], 0
mov al, byte [edi + edx + 0x381a]
lea edx, [edi + edx + 0x49c1]
mov dword [ebp - 0x100], ebx
mov dword [ebp - 0x12c], ecx
mov dword [ebp - 0x120], edx
mov byte [ebp - 0x141], al
imul eax, esi, 0x48
add eax, edi

loc_fffbe082:  ; not directly referenced
mov cl, byte [ebp - 0x108]
mov edx, 1
shl edx, cl
test byte [ebp - 0x141], dl
jne short loc_fffbe0c5  ; jne 0xfffbe0c5

loc_fffbe097:  ; not directly referenced
inc dword [ebp - 0x108]
add eax, 0x90
add dword [ebp - 0x120], 0x18
add dword [ebp - 0x12c], 0x20
add dword [ebp - 0x100], 4
cmp dword [ebp - 0x108], 2
jne short loc_fffbe082  ; jne 0xfffbe082
jmp near loc_fffbe022  ; jmp 0xfffbe022

loc_fffbe0c5:  ; not directly referenced
cmp byte [ebp - 0xfc], 0
jne short loc_fffbe0da  ; jne 0xfffbe0da
mov ebx, dword [ebp - 0x100]
mov dword [ebx], 0xffffffff

loc_fffbe0da:  ; not directly referenced
mov dl, byte [edi + 0x2488]
mov byte [ebp - 0x124], dl
xor edx, edx

loc_fffbe0e8:  ; not directly referenced
cmp byte [ebp - 0x124], dl
jbe short loc_fffbe116  ; jbe 0xfffbe116
mov ebx, dword [ebp - 0x100]
mov ecx, dword [eax + edx*8 + 0x2914]
cmp dword [eax + edx*8 + 0x2910], ecx
cmovbe ecx, dword [eax + edx*8 + 0x2910]
cmp ecx, dword [ebx]
cmova ecx, dword [ebx]
inc edx
mov dword [ebx], ecx
jmp short loc_fffbe0e8  ; jmp 0xfffbe0e8

loc_fffbe116:  ; not directly referenced
xor edx, edx

loc_fffbe118:  ; not directly referenced
mov ecx, dword [ebp - 0x120]
movzx ecx, byte [ecx + edx + 0x10]
test cl, cl
je loc_fffbe097  ; je 0xfffbe097
mov dword [ebp - 0x104], 0
mov dword [ebp - 0x118], 0xffffffff
mov dword [ebp - 0x114], 0xffffffff

loc_fffbe149:  ; not directly referenced
mov bl, byte [ebp - 0x104]
cmp byte [ebp - 0x124], bl
jbe short loc_fffbe1ac  ; jbe 0xfffbe1ac
mov ebx, dword [ebp - 0x104]
bt ecx, ebx
jae short loc_fffbe1a4  ; jae 0xfffbe1a4
mov dword [ebp - 0x148], edx
mov edx, dword [ebp - 0x114]
cmp edx, dword [eax + ebx*8 + 0x2910]
cmova edx, dword [eax + ebx*8 + 0x2910]
mov dword [ebp - 0x114], edx
mov edx, dword [ebp - 0x118]
cmp edx, dword [eax + ebx*8 + 0x2914]
cmova edx, dword [eax + ebx*8 + 0x2914]
mov dword [ebp - 0x118], edx
mov edx, dword [ebp - 0x148]

loc_fffbe1a4:  ; not directly referenced
inc dword [ebp - 0x104]
jmp short loc_fffbe149  ; jmp 0xfffbe149

loc_fffbe1ac:  ; not directly referenced
mov ecx, dword [ebp - 0xfc]
movzx ebx, byte [ebp + ecx - 0xe8]
mov ecx, dword [ebp - 0x118]
sub ecx, dword [ebp - 0x114]
mov dword [ebp - 0x104], ebx
mov ebx, dword [ebp - 0x104]
imul ebx, ecx
mov ecx, dword [ebp - 0x12c]
add dword [ecx + edx*4], ebx
inc edx
cmp edx, 8
jne loc_fffbe118  ; jne 0xfffbe118
jmp near loc_fffbe097  ; jmp 0xfffbe097

loc_fffbe1ed:  ; not directly referenced
inc dword [ebp - 0xfc]
cmp dword [ebp - 0xfc], 3
jne loc_fffbdee0  ; jne 0xfffbdee0
movzx edx, word [ebp - 0x138]
movzx eax, word [ebp - 0x13c]
mov dword [ebp - 0x120], edi
mov dword [ebp - 0xfc], 0
add eax, edx
mov dword [ebp - 0x12c], eax
movsx eax, byte [ebp - 0x11c]
sar dword [ebp - 0x12c], 2
imul esi, eax, 0xa
imul eax, eax, 0x14
mov dword [ebp - 0x138], esi
mov dword [ebp - 0x13c], eax
mov eax, dword [ebp - 0x134]
mov dword [ebp - 0x130], eax
lea eax, [edi + 0x49c1]
mov dword [ebp - 0x114], eax
lea eax, [ebp - 0xa8]
mov dword [ebp - 0x11c], eax
lea eax, [ebp - 0x98]
mov dword [ebp - 0x124], eax

loc_fffbe276:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
mov esi, dword [ebp - 0xfc]
bt eax, esi
jae loc_fffbe491  ; jae 0xfffbe491
mov eax, dword [ebp - 0x114]
mov dword [ebp - 0x100], 0
lea esi, [eax - 0x126b]
mov dword [ebp - 0x134], esi
mov esi, dword [ebp - 0x120]
mov dword [ebp - 0x108], eax
mov dword [ebp - 0x128], esi
mov esi, dword [ebp - 0x124]

loc_fffbe2bf:  ; not directly referenced
mov ebx, dword [ebp - 0x114]
mov cl, byte [ebp - 0x100]
mov dword [ebp - 0x104], 1
shl dword [ebp - 0x104], cl
mov al, byte [ebp - 0x104]
test byte [ebx - 0x11a7], al
je loc_fffbe44d  ; je 0xfffbe44d
mov eax, dword [ebp - 0x108]
mov ebx, dword [ebp - 0x11c]
mov edx, dword [ebp - 0x100]
mov ecx, dword [ebp - 0x12c]
mov ax, word [eax + 0xc]
or al, 0x80
cmp dword [ebx + edx*4], ecx
jbe short loc_fffbe33b  ; jbe 0xfffbe33b
imul edx, edx, 0x70
mov ebx, dword [ebp - 0x134]
and eax, 0xffffff80
or eax, 0xd
mov word [ebx + edx + 0x109f], ax
mov ebx, dword [ebp - 0x108]
mov word [ebx + 0xc], ax
movzx eax, ax
push edx
push edx
push eax
push 6
jmp short loc_fffbe397  ; jmp 0xfffbe397

loc_fffbe33b:  ; not directly referenced
mov eax, dword [ebp - 0x108]
xor ebx, ebx
mov ecx, dword [ebp - 0x104]
mov edx, dword [ebp - 0xfc]
mov ax, word [eax + 6]
mov word [ebp - 0x118], ax
or word [ebp - 0x118], 0x10
push eax
push eax
movzx eax, word [ebp - 0x118]
push eax
mov eax, edi
push 3
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10

loc_fffbe378:  ; not directly referenced
mov eax, dword [ebp - 0x108]
movzx ecx, byte [eax + ebx + 0x10]
test cl, cl
jne short loc_fffbe3b2  ; jne 0xfffbe3b2

loc_fffbe387:  ; not directly referenced
mov eax, dword [ebp - 0x118]
push ebx
push ebx
and eax, 0xffef
push eax
push 3

loc_fffbe397:  ; not directly referenced
mov ecx, dword [ebp - 0x104]
mov eax, edi
mov edx, dword [ebp - 0xfc]
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10
jmp near loc_fffbe44d  ; jmp 0xfffbe44d

loc_fffbe3b2:  ; not directly referenced
mov edx, dword [esi + ebx*4]
mov dword [ebp - 0x140], ecx
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0x138]
add eax, edx
cdq
idiv dword [ebp - 0x13c]
mov dword [esi + ebx*4], eax
push 2
push 0
push 1
push 0
push ecx
push dword [ebp - 0x100]
push dword [ebp - 0xfc]
push 0
push 0
push eax
push 5
push edi
call fcn_fffcc900  ; call 0xfffcc900
mov al, byte [edi + 0x2488]
add esp, 0x30
mov byte [ebp - 0x141], al
xor eax, eax

loc_fffbe40c:  ; not directly referenced
cmp byte [ebp - 0x141], al
jbe short loc_fffbe43e  ; jbe 0xfffbe43e
mov edx, dword [ebp - 0x140]
bt edx, eax
jae short loc_fffbe43b  ; jae 0xfffbe43b
mov edx, dword [ebp - 0x128]
imul ecx, dword [esi + ebx*4], 0xa
add dword [edx + eax*8 + 0x2910], ecx
imul ecx, dword [esi + ebx*4], 0xfffffff6
add dword [edx + eax*8 + 0x2914], ecx

loc_fffbe43b:  ; not directly referenced
inc eax
jmp short loc_fffbe40c  ; jmp 0xfffbe40c

loc_fffbe43e:  ; not directly referenced
inc ebx
cmp ebx, 8
jne loc_fffbe378  ; jne 0xfffbe378
jmp near loc_fffbe387  ; jmp 0xfffbe387

loc_fffbe44d:  ; not directly referenced
inc dword [ebp - 0x100]
add esi, 0x20
add dword [ebp - 0x108], 0x18
add dword [ebp - 0x128], 0x90
cmp dword [ebp - 0x100], 2
jne loc_fffbe2bf  ; jne 0xfffbe2bf
push ecx
push 0
movzx eax, byte [edi + 0x2488]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x130]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbe491:  ; not directly referenced
inc dword [ebp - 0xfc]
add dword [ebp - 0x130], 0xcc
add dword [ebp - 0x114], 0x13c3
add dword [ebp - 0x124], 0x40
add dword [ebp - 0x120], 0x48
add dword [ebp - 0x11c], 8
cmp dword [ebp - 0xfc], 2
jne loc_fffbe276  ; jne 0xfffbe276
jmp near loc_fffbea01  ; jmp 0xfffbea01

loc_fffbe4d2:  ; not directly referenced
mov ecx, 1
mov edx, 5
mov eax, edi
call fcn_fffb13cf  ; call 0xfffb13cf
xor ecx, ecx
mov edx, 5
mov word [ebp - 0x118], ax
mov eax, edi
call fcn_fffb13cf  ; call 0xfffb13cf
mov word [ebp - 0x11c], ax
mov al, byte [ebx + 0x15]
shr al, 6
movzx edx, al
movzx eax, byte [ebx + 0x16]
and eax, 0x1f
shl eax, 2
or eax, edx
mov esi, eax
mov dl, al
or edx, 0xffffff80
shr esi, 6
cmove edx, eax
mov byte [ebp - 0xeb], dl
mov cl, byte [ebx + 0x14]
movsx dx, dl
movzx eax, byte [ebx + 0x15]
lea edx, [edx + edx*4]
shr cl, 7
and eax, 0x3f
movzx ecx, cl
add eax, eax
or eax, ecx
mov esi, eax
mov cl, al
or ecx, 0xffffff80
shr esi, 6
cmove ecx, eax
add edx, edx
mov byte [ebp - 0xea], cl
movsx cx, cl
sub esp, 0xc
mov word [ebp - 0xe8], dx
movzx edx, byte [edi + 0x248e]
lea ecx, [ecx + ecx*4]
add ecx, ecx
mov eax, edi
mov word [ebp - 0xe6], cx
mov ecx, 0x11
push 0
call fcn_fffb26ca  ; call 0xfffb26ca
mov al, byte [ebp - 0xed]
lea esi, [edi + 0x3756]
add esp, 0x10
mov byte [ebp - 0xfc], 0
mov byte [ebp - 0x10c], al
mov al, byte [ebp - 0xee]
add byte [ebp - 0x10c], al
mov al, byte [ebp - 0xec]
add byte [ebp - 0x10c], al
lea eax, [ebx + 0x70]
xor ebx, ebx
mov dword [ebp - 0x128], eax
mov dword [ebp - 0x104], eax

loc_fffbe5cb:  ; not directly referenced
cmp dword [esi], 2
jne short loc_fffbe603  ; jne 0xfffbe603
movzx ecx, byte [esi + 0xc4]
mov edx, ebx
mov eax, edi
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0xfc], al
push edx
push 0
movzx eax, byte [edi + 0x2488]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x104]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbe603:  ; not directly referenced
inc ebx
add esi, 0x13c3
add dword [ebp - 0x104], 0xcc
cmp ebx, 2
jne short loc_fffbe5cb  ; jne 0xfffbe5cb
lea eax, [edi + 0x2490]
mov ecx, 2
mov dword [ebp - 0x114], eax
mov edx, eax
mov eax, edi
call fcn_fffa66dd  ; call 0xfffa66dd
movzx eax, byte [ebp - 0xfc]
lea ebx, [edi + 0x2b50]
xor ecx, ecx
mov dword [ebp - 0xfc], eax

loc_fffbe648:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
mov dword [ebp + ecx*4 - 0xdc], 0
bt eax, ecx
jae short loc_fffbe680  ; jae 0xfffbe680
mov eax, dword [ebx + 4]
mov esi, 0x14
xor edx, edx
add eax, dword [ebx]
div esi
mov si, 0xc
lea edx, [eax - 1]
cmp edx, 0xb
cmovbe esi, eax
mov dword [ebp + ecx*4 - 0xdc], esi

loc_fffbe680:  ; not directly referenced
inc ecx
add ebx, 0x48
cmp ecx, 2
jne short loc_fffbe648  ; jne 0xfffbe648
mov edx, dword [ebp - 0x114]
mov cl, 5
mov eax, edi
call fcn_fffa66dd  ; call 0xfffa66dd
mov dword [ebp - 0xd4], 0
mov dword [ebp - 0xb8], 0x7fffffff
mov dword [ebp - 0xa8], 0x7fffffff
mov dword [ebp - 0xd0], 0
mov dword [ebp - 0xb4], 0x7fffffff
mov dword [ebp - 0xa4], 0x7fffffff
mov dword [ebp - 0x104], 0

loc_fffbe6de:  ; not directly referenced
xor esi, esi

loc_fffbe6e0:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
bt eax, esi
jb short loc_fffbe724  ; jb 0xfffbe724

loc_fffbe6eb:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffbe6e0  ; jne 0xfffbe6e0
push eax
mov edx, dword [ebp - 0x114]
push eax
mov ecx, dword [ebp - 0xfc]
push 0
lea eax, [ebp - 0xc8]
push eax
mov eax, edi
push 0x36
push 1
push 5
push 0
call fcn_fffc6051  ; call 0xfffc6051
lea edx, [edi + 0x2914]
add esp, 0x20
xor eax, eax
jmp short loc_fffbe782  ; jmp 0xfffbe782

loc_fffbe724:  ; not directly referenced
mov eax, dword [ebp - 0x104]
mov ecx, 0xc
xor ebx, ebx
movsx eax, byte [ebp + eax - 0xf1]
imul eax, dword [ebp + esi*4 - 0xdc]
cdq
idiv ecx
mov dword [ebp - 0x120], eax

loc_fffbe74a:  ; not directly referenced
cmp bl, byte [edi + 0x2488]
jae short loc_fffbe6eb  ; jae 0xfffbe6eb
push 1
movzx eax, bl
push 0
inc ebx
push 1
push 0
push eax
push 0
push esi
push 0
push 0
push dword [ebp - 0x120]
push 2
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
jmp short loc_fffbe74a  ; jmp 0xfffbe74a

loc_fffbe779:  ; not directly referenced
inc eax
add edx, 0x48
cmp eax, 2
je short loc_fffbe7d4  ; je 0xfffbe7d4

loc_fffbe782:  ; not directly referenced
mov esi, dword [ebp - 0xfc]
bt esi, eax
jae short loc_fffbe779  ; jae 0xfffbe779
mov ebx, dword [ebp - 0x104]
mov ecx, dword [edx - 4]
mov esi, dword [edx]
movzx ebx, byte [ebp + ebx - 0xee]
sub esi, ecx
imul ebx, esi
add dword [ebp + eax*4 - 0xd4], ebx
mov ebx, dword [ebp + eax*4 - 0xb8]
cmp ecx, ebx
cmovg ecx, ebx
mov dword [ebp + eax*4 - 0xb8], ecx
mov ecx, dword [ebp + eax*4 - 0xa8]
cmp dword [edx], ecx
cmovle ecx, dword [edx]
mov dword [ebp + eax*4 - 0xa8], ecx
jmp short loc_fffbe779  ; jmp 0xfffbe779

loc_fffbe7d4:  ; not directly referenced
inc dword [ebp - 0x104]
cmp dword [ebp - 0x104], 3
jne loc_fffbe6de  ; jne 0xfffbe6de
xor eax, eax
xor ebx, ebx

loc_fffbe7eb:  ; not directly referenced
movsx ecx, word [ebp + eax - 0xe8]
mov edx, dword [ebp + eax*2 - 0xb8]
sub edx, ecx
cmovs edx, ebx
add ecx, dword [ebp + eax*2 - 0xa8]
mov dword [ebp + eax*2 - 0xb8], edx
cmovs ecx, ebx
cmp ecx, edx
cmovle edx, ecx
mov dword [ebp + eax*2 - 0xa8], ecx
mov dword [ebp + eax*2 - 0x98], edx
add eax, 2
cmp eax, 4
jne short loc_fffbe7eb  ; jne 0xfffbe7eb
movsx eax, byte [ebp - 0x10c]
xor ebx, ebx
movzx edx, word [ebp - 0x118]
imul esi, eax, 0xa
imul eax, eax, 0x14
mov dword [ebp - 0x120], esi
mov dword [ebp - 0x124], eax
movzx eax, word [ebp - 0x11c]
add eax, edx
mov dword [ebp - 0x10c], eax
lea eax, [edi + 0x2910]
mov dword [ebp - 0x114], eax
mov eax, dword [ebp - 0x128]
sar dword [ebp - 0x10c], 2
mov dword [ebp - 0x104], eax

loc_fffbe87b:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
bt eax, ebx
jae loc_fffbe9e6  ; jae 0xfffbe9e6
mov edx, dword [ebp + ebx*4 - 0xd4]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0x120]
add eax, edx
cdq
idiv dword [ebp - 0x124]
cmp dword [ebp - 0x108], 0x306d0
sete dl
cmp dword [ebp - 0x100], 3
mov dword [ebp + ebx*4 - 0xd4], eax
seta al
test al, dl
jne short loc_fffbe8e9  ; jne 0xfffbe8e9
cmp dword [ebp - 0x100], 0
setne cl
cmp dword [ebp - 0x108], 0x40670
sete al
test cl, al
je short loc_fffbe914  ; je 0xfffbe914

loc_fffbe8e9:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
cmp dword [ebp + ebx*4 - 0x98], eax
jbe short loc_fffbe914  ; jbe 0xfffbe914
movsx eax, byte [ebp + ebx - 0xeb]
mov dword [ebp + ebx*4 - 0xe4], 0
neg eax
mov dword [ebp + ebx*4 - 0xd4], eax

loc_fffbe914:  ; not directly referenced
mov eax, dword [ebp + ebx*4 - 0xe4]
mov esi, dword [ebp - 0x104]
mov byte [edi + ebx + 0x369d], al
cmp byte [esi + 0x61], 0
jle short loc_fffbe98b  ; jle 0xfffbe98b
cmp dword [ebp - 0x100], 3
sete cl
test cl, dl
jne short loc_fffbe961  ; jne 0xfffbe961
cmp dword [ebp - 0x100], 0
sete cl
cmp dword [ebp - 0x108], 0x40670
sete byte [ebp - 0x118]
xor edx, edx
test byte [ebp - 0x118], cl
je short loc_fffbe96a  ; je 0xfffbe96a

loc_fffbe961:  ; not directly referenced
mov esi, dword [ebp - 0x104]
mov dl, byte [esi + 0x73]

loc_fffbe96a:  ; not directly referenced
sub dl, byte [ebp + ebx - 0xeb]
add edx, 3
movsx esi, dl
cmp dword [ebp + ebx*4 - 0xd4], esi
jle short loc_fffbe98b  ; jle 0xfffbe98b
test eax, eax
je short loc_fffbe98b  ; je 0xfffbe98b
mov dword [ebp + ebx*4 - 0xd4], esi

loc_fffbe98b:  ; not directly referenced
mov eax, dword [ebp - 0xfc]
lea ecx, [ebx + 1]
push 2
mov esi, dword [ebp + ebx*4 - 0xd4]
sar eax, cl
push eax
push 1
push 0
push 7
push 0
push ebx
push 0
push 0
push esi
push 5
push edi
call fcn_fffcc900  ; call 0xfffcc900
mov ecx, dword [ebp - 0x114]
imul eax, esi, 0xa
imul esi, esi, 0xfffffff6
add esp, 0x2c
add dword [ecx], eax
add dword [ecx + 4], esi
push 0
movzx eax, byte [edi + 0x2488]
push eax
mov eax, dword [ebp - 0x110]
push dword [ebp - 0x104]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbe9e6:  ; not directly referenced
inc ebx
add dword [ebp - 0x114], 0x48
add dword [ebp - 0x104], 0xcc
cmp ebx, 2
jne loc_fffbe87b  ; jne 0xfffbe87b

loc_fffbea01:  ; not directly referenced
push 2
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 2
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
mov byte [edi + 0x247a], 0
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbea2f:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x230
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x5edc]
mov dword [ebp - 0x1fc], eax
mov eax, dword [edi + 0x2443]
mov esi, eax
mov dword [ebp - 0x218], eax
mov eax, dword [edi + 0x188b]
push 0
push 0x10
mov dword [ebp - 0x21c], eax
lea eax, [ebp - 0x1d8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x1dc]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x1b0
lea eax, [ebp - 0x1c8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
mov al, byte [edi + 0x2441]
xor ecx, ecx
mov byte [ebp - 0x1d9], 0
mov byte [ebp - 0x1da], 0
mov byte [ebp - 0x21d], al
mov eax, dword [edi + 0x2480]
mov dword [esp], edi
cmp eax, 3
sete cl
cmp eax, 2
mov ebx, ecx
sete byte [ebp - 0x21e]
mov dword [ebp - 0x208], ebx
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
cmp ebx, 1
lea ecx, [edi + 0x2490]
mov dword [ebp - 0x1f4], edi
mov dword [ebp - 0x1f0], 0
mov dword [ebp - 0x214], ecx
mov dword [ebp - 0x200], eax
sbb eax, eax
and eax, 7
add eax, 0xa
movzx eax, al
mov dword [ebp - 0x22c], eax

loc_fffbeb18:  ; not directly referenced
mov eax, dword [ebp - 0x1fc]
xor ebx, ebx
mov cl, byte [ebp - 0x1f0]
mov dword [ebp - 0x1ec], 1
shl dword [ebp - 0x1ec], cl
add eax, 0x70
mov dword [ebp - 0x204], eax
mov byte [ebp - 0x1f8], 0

loc_fffbeb46:  ; not directly referenced
mov ecx, dword [ebp - 0x1ec]
mov edx, ebx
mov eax, edi
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0x1f8], al
movzx eax, byte [ebp - 0x1f8]
bt eax, ebx
mov esi, eax
jae short loc_fffbeb86  ; jae 0xfffbeb86
push ecx
push 0
movzx eax, byte [edi + 0x2488]
push eax
mov eax, dword [ebp - 0x218]
push dword [ebp - 0x204]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffbeb86:  ; not directly referenced
inc ebx
add dword [ebp - 0x204], 0xcc
cmp ebx, 2
jne short loc_fffbeb46  ; jne 0xfffbeb46
cmp byte [ebp - 0x1f8], 0
je loc_fffbf0bc  ; je 0xfffbf0bc
sub esp, 0xc
mov ecx, 0x11
push 0
mov edx, esi
mov eax, edi
xor bl, bl
call fcn_fffb26ca  ; call 0xfffb26ca
add esp, 0x10

loc_fffbebbb:  ; not directly referenced
mov dl, bl
cmp bl, 3
je short loc_fffbec24  ; je 0xfffbec24
cmp bl, 1
jne short loc_fffbebd0  ; jne 0xfffbebd0
mov byte [edi + 0x248b], 9
jmp short loc_fffbebdc  ; jmp 0xfffbebdc

loc_fffbebd0:  ; not directly referenced
cmp bl, 4
jne short loc_fffbebdc  ; jne 0xfffbebdc
mov byte [edi + 0x248b], 0

loc_fffbebdc:  ; not directly referenced
lea eax, [edx - 4]
cmp al, 2
sbb eax, eax
and eax, 0x17
add eax, 0x1f
cmp dl, 5
sete dl
test byte [ebp - 0x21e], dl
mov dl, 0x25
lea ecx, [ebp - 0x1d8]
cmovne eax, edx
push edx
movzx eax, al
push edx
mov edx, dword [ebp - 0x214]
push 0
push ecx
mov ecx, esi
push eax
mov eax, edi
push 1
push ebx
push dword [ebp - 0x1f0]
call fcn_fffc6051  ; call 0xfffc6051
add esp, 0x20

loc_fffbec24:  ; not directly referenced
inc ebx
cmp ebx, 7
jne short loc_fffbebbb  ; jne 0xfffbebbb
mov ecx, dword [ebp - 0x22c]
sub esp, 0xc
mov edx, esi
push 0
mov eax, edi
call fcn_fffb2759  ; call 0xfffb2759
add esp, 0x10
cmp dword [ebp - 0x208], 0
je short loc_fffbec72  ; je 0xfffbec72
push eax
mov ecx, esi
push 0
xor edx, edx
push 0
push 0x20
push 0
lea eax, [ebp - 0x1da]
push eax
mov eax, edi
push 0xff
push dword [ebp - 0x1ec]
call fcn_fffcfd43  ; call 0xfffcfd43
jmp short loc_fffbec95  ; jmp 0xfffbec95

loc_fffbec72:  ; not directly referenced
push 1
mov ecx, esi
push 1
xor edx, edx
lea eax, [ebp - 0x1dc]
push eax
mov eax, edi
push 1
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf3cd  ; call 0xfffcf3cd

loc_fffbec95:  ; not directly referenced
add esp, 0x20
cmp byte [ebp - 0x21d], 0
sete dl
cmp dword [ebp - 0x21c], 1
sete al
test dl, al
jne loc_fffbed6c  ; jne 0xfffbed6c

loc_fffbecb4:  ; not directly referenced
push edx
push 0
push 0
push 3
push 0xff
push 0
push 0
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 0
push 0
push 3
push 0xff
push 0
push 1
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x14
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
lea eax, [ebp - 0x1d8]
mov edx, dword [ebp - 0x214]
pop ecx
mov ecx, esi
pop ebx
mov ebx, dword [ebp - 0x1f0]
push 0
push eax
mov eax, edi
push 0x36
push 1
push 0xd
push ebx
call fcn_fffc6051  ; call 0xfffc6051
add esp, 0x14
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
lea edx, [ebp - 0x1c8]
mov dword [ebp - 0x200], eax
mov eax, edi
call fcn_fffb8ffd  ; call 0xfffb8ffd
imul eax, ebx, 0xd8
mov edx, ebx
add edx, ebx
add esp, 0x10
lea ecx, [edi + ebx*4]
add edx, edi
mov dword [ebp - 0x210], ecx
mov ecx, dword [ebp - 0x1f4]
add eax, 0x281
mov dword [ebp - 0x20c], edx
mov dword [ebp - 0x1f8], 0
mov dword [ebp - 0x228], eax
jmp near loc_fffbef33  ; jmp 0xfffbef33

loc_fffbed6c:  ; not directly referenced
xor ebx, ebx

loc_fffbed6e:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffbedcb  ; jne 0xfffbedcb
push eax
push 0
push 0
push 3
push 0xff
push 0
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
cmp byte [edi + 0x36c9], 2
jne short loc_fffbedcb  ; jne 0xfffbedcb
mov ecx, dword [ebp - 0x1fc]
imul eax, ebx, 0xcc
mov edx, ebx
push 0
push 1
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
push eax
mov eax, edi
push 1
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffbedcb:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbed6e  ; jne 0xfffbed6e
sub esp, 0xc
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
cmp dword [ebp - 0x208], 0
jne short loc_fffbee47  ; jne 0xfffbee47
mov ecx, dword [ebp - 0x1f4]
mov edx, 6
mov eax, dword [ecx + 0x3210]
mov dword [ecx + 0x3218], eax
mov eax, dword [ecx + 0x3214]
mov dword [ecx + 0x321c], eax
mov eax, dword [ecx + 0x3258]
mov dword [ecx + 0x3260], eax
mov eax, dword [ecx + 0x325c]
mov dword [ecx + 0x3264], eax
lea eax, [ebp - 0x1dc]
mov ecx, esi
push 1
push 1
push eax
mov eax, edi
push 0
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf3cd  ; call 0xfffcf3cd
add esp, 0x20
jmp short loc_fffbee56  ; jmp 0xfffbee56

loc_fffbee47:  ; not directly referenced
mov ecx, dword [ebp - 0x1ec]
mov edx, esi
mov eax, edi
call fcn_fffc93f9  ; call 0xfffc93f9

loc_fffbee56:  ; not directly referenced
mov ebx, dword [ebp - 0x1f4]
mov dword [ebp - 0x1f8], 0

loc_fffbee66:  ; not directly referenced
imul eax, dword [ebp - 0x1f8], 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffbeee7  ; jne 0xfffbeee7
mov eax, dword [ebx + 0x3218]
cmp dword [ebx + 0x3210], eax
cmovbe eax, dword [ebx + 0x3210]
mov dword [ebx + 0x3210], eax
mov eax, dword [ebx + 0x321c]
cmp dword [ebx + 0x3214], eax
cmovbe eax, dword [ebx + 0x3214]
mov dword [ebx + 0x3214], eax
cmp byte [edi + 0x36c9], 2
jne short loc_fffbeee7  ; jne 0xfffbeee7
mov edx, dword [ebp - 0x1f8]
mov ecx, dword [ebp - 0x1fc]
push 0
push 1
imul eax, edx, 0xcc
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
neg eax
push eax
mov eax, edi
push 1
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffbeee7:  ; not directly referenced
inc dword [ebp - 0x1f8]
add ebx, 0x48
cmp dword [ebp - 0x1f8], 2
jne loc_fffbee66  ; jne 0xfffbee66
jmp near loc_fffbecb4  ; jmp 0xfffbecb4

loc_fffbef02:  ; not directly referenced
add dword [ebp - 0x1f8], 0x13c3
add ecx, 0x48
add dword [ebp - 0x210], 0x13c3
add dword [ebp - 0x20c], 0x13c3
cmp dword [ebp - 0x1f8], 0x2786
je loc_fffbf0bc  ; je 0xfffbf0bc

loc_fffbef33:  ; not directly referenced
mov ebx, dword [ebp - 0x1f8]
mov al, byte [ebp - 0x1ec]
test byte [edi + ebx + 0x381a], al
je short loc_fffbef02  ; je 0xfffbef02
mov eax, dword [ebp - 0x1f8]
mov ebx, 0xa
xor edx, edx
mov esi, 0xa
mov byte [ebp - 0x204], 0
lea eax, [edi + eax + 0x3756]
mov dword [ebp - 0x224], eax
mov eax, dword [ecx + 0x3210]
div ebx
mov ebx, dword [ebp - 0x210]
xor edx, edx
mov byte [ebx + 0x39c7], al
mov eax, dword [ecx + 0x3214]
div esi
xor edx, edx
mov byte [ebx + 0x39c8], al
mov eax, dword [ecx + 0x3450]
div esi
xor edx, edx
mov byte [ebx + 0x39ca], al
mov eax, dword [ecx + 0x3454]
div esi
xor edx, edx
mov byte [ebx + 0x39c9], al
mov eax, dword [ecx + 0x2d90]
mov ebx, dword [ebp - 0x20c]
div esi
xor edx, edx
mov byte [ebx + 0x4757], al
mov eax, dword [ecx + 0x2d94]
div esi
xor edx, edx
mov byte [ebx + 0x4758], al
mov eax, dword [ecx + 0x2fd0]
div esi
xor edx, edx
mov byte [ebx + 0x475f], al
mov eax, dword [ecx + 0x2fd4]
div esi
mov byte [ebx + 0x4760], al

loc_fffbeff8:  ; not directly referenced
mov al, byte [ebp - 0x204]
cmp al, byte [edi + 0x2488]
jae loc_fffbef02  ; jae 0xfffbef02
movzx ebx, al
imul ebx, ebx, 0x18
add ebx, dword [ebp - 0x228]
add ebx, dword [ebp - 0x224]
mov byte [ebp - 0x21f], 8

loc_fffbf023:  ; not directly referenced
mov eax, dword [ecx + 0x26d0]
mov esi, 0xa
xor edx, edx
add ebx, 3
div esi
xor edx, edx
mov byte [ebx - 3], al
mov eax, dword [ecx + 0x26d4]
div esi
xor edx, edx
mov byte [ebx - 1], al
mov eax, dword [ecx + 0x2b50]
div esi
xor edx, edx
mov byte [ebx + 0x35d], al
mov eax, dword [ecx + 0x2b54]
div esi
xor edx, edx
mov byte [ebx + 0x35f], al
mov eax, dword [ecx + 0x2490]
div esi
xor edx, edx
mov byte [ebx + 0x6bf], al
mov eax, dword [ecx + 0x2494]
div esi
xor edx, edx
mov byte [ebx + 0x6bd], al
mov eax, dword [ecx + 0x2910]
div esi
xor edx, edx
mov byte [ebx + 0xa1f], al
mov eax, dword [ecx + 0x2914]
div esi
mov byte [ebx + 0xa1d], al
dec byte [ebp - 0x21f]
jne loc_fffbf023  ; jne 0xfffbf023
inc byte [ebp - 0x204]
jmp near loc_fffbeff8  ; jmp 0xfffbeff8

loc_fffbf0bc:  ; not directly referenced
inc dword [ebp - 0x1f0]
add dword [ebp - 0x1f4], 0x90
cmp dword [ebp - 0x1f0], 4
jne loc_fffbeb18  ; jne 0xfffbeb18
cmp dword [edi + 0x3756], 2
jne short loc_fffbf0f0  ; jne 0xfffbf0f0
xor ecx, ecx
mov edx, 0x4198
mov eax, edi
call fcn_fffae566  ; call 0xfffae566

loc_fffbf0f0:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
jne short loc_fffbf107  ; jne 0xfffbf107
xor ecx, ecx
mov edx, 0x4598
mov eax, edi
call fcn_fffae566  ; call 0xfffae566

loc_fffbf107:  ; not directly referenced
mov eax, dword [ebp - 0x200]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbf115:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
add esp, 0xffffff80
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x67], 5
mov byte [ebp - 0x66], 2
mov eax, dword [ebx + 0x5edc]
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov dword [ebp - 0x6c], eax
mov al, byte [ebx + 0x248e]
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
mov byte [ebp - 0x6d], al
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x74], eax
mov eax, dword [ebx + 0x2443]
push 0
push 5
push edi
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
add esp, 0x10
mov word [ebp - 0x5e], ax

loc_fffbf196:  ; not directly referenced
mov eax, 1
mov ecx, esi
shl eax, cl
test byte [ebx + 0x248d], al
je short loc_fffbf1d2  ; je 0xfffbf1d2
push edx
mov ecx, 3
push 2
push 0
push 0xf
push 0xb
push 0
push edi
lea edx, [ebp - 0x65]
push edx
push 2
lea edx, [ebp - 0x67]
push edx
push 4
push eax
mov eax, ebx
lea edx, [ebp - 0x56]
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30

loc_fffbf1d2:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffbf196  ; jne 0xfffbf196
push eax
mov ecx, 3
push eax
mov eax, ebx
push 0
push 0xf
push 0
push 0
push 0
push 2
lea edx, [ebx + 0x2490]
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20
cmp dword [ebp - 0x74], 1
jne loc_fffbf2df  ; jne 0xfffbf2df
lea eax, [ebx + 0x3756]
mov edi, dword [ebp - 0x6c]
mov dword [ebp - 0x78], eax
movzx eax, byte [ebp - 0x6d]
mov dword [ebp - 0x6c], 0
add edi, 0x1c
mov dword [ebp - 0x80], eax

loc_fffbf222:  ; not directly referenced
mov eax, dword [ebp - 0x80]
mov ecx, dword [ebp - 0x6c]
bt eax, ecx
jb short loc_fffbf248  ; jb 0xfffbf248

loc_fffbf22d:  ; not directly referenced
inc dword [ebp - 0x6c]
add edi, 0xcc
add dword [ebp - 0x78], 0x13c3
cmp dword [ebp - 0x6c], 2
jne short loc_fffbf222  ; jne 0xfffbf222
jmp near loc_fffbf2df  ; jmp 0xfffbf2df

loc_fffbf248:  ; not directly referenced
mov byte [ebp - 0x6d], 0

loc_fffbf24c:  ; not directly referenced
mov al, byte [ebp - 0x6d]
cmp al, byte [ebx + 0x2488]
jae short loc_fffbf22d  ; jae 0xfffbf22d
mov edx, dword [ebp - 0x78]
movzx esi, al
mov byte [ebp - 0x74], 0
mov cl, byte [edx + 0xc4]
add esi, edx
mov dword [ebp - 0x7c], esi
mov byte [ebp - 0x6e], cl
xor ecx, ecx

loc_fffbf271:  ; not directly referenced
mov eax, 1
shl eax, cl
test byte [ebp - 0x6e], al
je short loc_fffbf29d  ; je 0xfffbf29d
mov eax, dword [ebp - 0x7c]
lea esi, [ecx + ecx*8]
mov al, byte [eax + esi + 0x24d]
mov dl, al
and eax, 0xf
shr dl, 4
shl edx, 2
cmp dl, al
setne al
or byte [ebp - 0x74], al

loc_fffbf29d:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffbf271  ; jne 0xfffbf271
cmp byte [ebx + 0x240e], 1
je short loc_fffbf2b2  ; je 0xfffbf2b2
cmp byte [ebp - 0x74], 1
jne short loc_fffbf2d7  ; jne 0xfffbf2d7

loc_fffbf2b2:  ; not directly referenced
movzx esi, byte [ebp - 0x6d]
mov eax, ebx
mov edx, dword [ebp - 0x6c]
mov ecx, esi
add esi, 8
call fcn_fffa720e  ; call 0xfffa720e
or byte [edi + esi*4 + 0xb], 1
mov ecx, dword [edi + esi*4 + 8]
mov edx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffbf2d7:  ; not directly referenced
inc byte [ebp - 0x6d]
jmp near loc_fffbf24c  ; jmp 0xfffbf24c

loc_fffbf2df:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbf2e9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x540
mov esi, dword [ebp + 0xc]
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x4fa]
mov dword [ebp - 0x520], edx
mov edx, dword [ebp + 0x14]
mov dword [ebp - 0x51c], eax
mov dword [ebp - 0x52c], esi
mov esi, dword [ebp + 0x18]
mov dword [ebp - 0x524], ecx
mov ecx, 0xa
mov dword [ebp - 0x538], edx
mov dword [ebp - 0x528], ebx
mov ebx, dword [ebp + 0x10]
mov dword [ebp - 0x530], esi
mov esi, dword [ebp + 0x20]
mov byte [ebp - 0x507], 4
mov byte [ebp - 0x506], 1
mov byte [ebp - 0x505], 5
mov eax, esi
mov dword [ebp - 0x534], esi
mov esi, ref_fffd590c  ; mov esi, 0xfffd590c
mov byte [ebp - 0x541], al
lea eax, [ebp - 0x4f0]
mov byte [ebp - 0x504], 2
mov byte [ebp - 0x50b], 4
mov byte [ebp - 0x50a], 1
mov byte [ebp - 0x509], 5
mov byte [ebp - 0x508], 2
mov byte [ebp - 0x4ff], 1
mov byte [ebp - 0x4fe], 2
mov byte [ebp - 0x4fd], 0
mov byte [ebp - 0x4fc], 0
mov byte [ebp - 0x4fb], 0
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov edi, dword [ebp - 0x51c]
mov dword [ebp - 0x503], 0
mov esi, dword [edi + 0x2443]
push 0xff
push 0x4d8
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 0x54e
push dword [ebp - 0x520]
call dword [esi + 0x5c]  ; ucall
mov cl, byte [ebp - 0x524]
mov al, byte [ebp - 0x528]
and cl, byte [edi + 0x248e]
and al, byte [edi + 0x248d]
add esp, 0x10
mov byte [ebp - 0x50d], 0
mov edx, dword [ebp - 0x538]
movzx esi, cl
mov edi, eax
xor eax, eax
and cl, 1
je short loc_fffbf439  ; je 0xfffbf439
mov ecx, dword [ebp - 0x51c]
mov eax, edi
and al, byte [ecx + 0x381a]
test al, al
mov byte [ebp - 0x50d], al
setne al

loc_fffbf439:  ; not directly referenced
and esi, 2
mov byte [ebp - 0x50c], 0
je short loc_fffbf463  ; je 0xfffbf463
mov esi, dword [ebp - 0x51c]
mov ecx, edi
and cl, byte [esi + 0x4bdd]
mov esi, eax
or esi, 2
test cl, cl
mov byte [ebp - 0x50c], cl
cmovne eax, esi

loc_fffbf463:  ; not directly referenced
mov cl, byte [ebx]
movzx eax, al
mov esi, dword [ebp - 0x520]
mov dword [ebp - 0x524], eax
mov byte [esi], cl
mov cl, byte [edx]
mov byte [esi + 4], cl
mov cl, byte [ebx + 1]
mov byte [esi + 1], cl
mov cl, byte [edx + 1]
mov byte [esi + 5], cl
mov cl, byte [ebx + 2]
mov byte [esi + 2], cl
mov cl, byte [edx + 2]
mov byte [esi + 6], cl
mov cl, byte [ebx + 3]
mov bl, byte [ebp - 0x530]
mov byte [esi + 3], cl
mov dl, byte [edx + 3]
mov byte [esi + 8], bl
mov byte [esi + 7], dl
mov edx, eax
movzx eax, byte [ebp - 0x52c]
push ecx
push ecx
mov ecx, esi
push 1
push eax
mov eax, dword [ebp - 0x51c]
call fcn_fffb3a79  ; call 0xfffb3a79
add esp, 0x10
cmp dword [ebp + 0x24], 0
je short loc_fffbf50e  ; je 0xfffbf50e
mov esi, dword [ebp - 0x51c]
push ecx
mov ecx, dword [ebp - 0x524]
push 0
push 0
lea ebx, [esi + 0x2490]
mov eax, esi
push 0
mov edx, ebx
call fcn_fffc19af  ; call 0xfffc19af
mov ecx, dword [ebp - 0x524]
pop eax
mov eax, esi
pop edx
mov edx, ebx
push 0
push 0xf
push 0
push 0
push 0
push 1
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20

loc_fffbf50e:  ; not directly referenced
cmp dword [ebp + 0x28], 0
je short loc_fffbf547  ; je 0xfffbf547
mov ebx, dword [ebp - 0x51c]
sub esp, 0xc
push ebx
call fcn_fffbdcd9  ; call 0xfffbdcd9
mov ecx, dword [ebp - 0x524]
pop eax
mov eax, ebx
pop edx
lea edx, [ebx + 0x2490]
push 0
push 0xf
push 0
push 0
push 0
push 2
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20

loc_fffbf547:  ; not directly referenced
mov ebx, dword [ebp - 0x520]
mov edx, edi
xor ecx, ecx
mov al, byte [ebp - 0x534]
movzx edi, dl
mov dword [ebp - 0x52c], edi
mov byte [ebx + 0x539], al
lea eax, [ebx + 0x534]
mov dword [ebp - 0x538], eax
mov eax, dword [ebp + 0x1c]
lea ebx, [ebp - 0x507]
mov dword [ebp - 0x530], eax
xor eax, eax

loc_fffbf583:  ; not directly referenced
mov dl, byte [ebp - 0x530]
sub edx, dword [ebp + 0x1c]
cmp dl, byte [ebp - 0x541]
jae loc_fffbf9f9  ; jae 0xfffbf9f9
mov edi, dword [ebp - 0x530]
mov esi, dword [ebp - 0x538]
mov dl, byte [edi]
mov byte [esi], dl
cmp byte [edi], 6
ja loc_fffbf92d  ; ja 0xfffbf92d
movzx edx, byte [edi]
jmp dword [edx*4 + ref_fffd5918]  ; ujmp: jmp dword [edx*4 - 0x2a6e8]

loc_fffbf5bb:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0x524]
push 1
push 0
push 0xf
push 0xc
push 0xfffffffffffffff5
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
mov eax, dword [ebp - 0x51c]
push 2
lea ebx, [ebp - 0x509]
push ebx
push 0
push dword [ebp - 0x52c]
lea esi, [ebp - 0x3f8]
mov edx, esi
call fcn_fffca96e  ; call 0xfffca96e
mov eax, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edi, [eax + 0x14f]
mov eax, 1
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov cl, 2
jmp near loc_fffbf92d  ; jmp 0xfffbf92d

loc_fffbf620:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0x524]
push 0
push 9
push 0xf
push 6
push 0xfffffffffffffff6
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
mov eax, dword [ebp - 0x51c]
push 2
lea ebx, [ebp - 0x50b]
push ebx
push 1
push dword [ebp - 0x52c]
lea esi, [ebp - 0x110]
mov edx, esi
call fcn_fffca96e  ; call 0xfffca96e
mov eax, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edi, [eax + 0x437]
mov eax, 4
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov cl, 2
jmp near loc_fffbf92d  ; jmp 0xfffbf92d

loc_fffbf685:  ; not directly referenced
lea eax, [ebp - 0x208]
xor ebx, ebx
mov dword [ebp - 0x534], eax

loc_fffbf693:  ; not directly referenced
mov eax, dword [ebp - 0x52c]
bt eax, ebx
jb short loc_fffbf6bd  ; jb 0xfffbf6bd

loc_fffbf69e:  ; not directly referenced
inc ebx
add dword [ebp - 0x534], 0x3e
cmp ebx, 4
jne short loc_fffbf693  ; jne 0xfffbf693
mov cl, 2
mov eax, 3
lea ebx, [ebp - 0x509]
jmp near loc_fffbf92d  ; jmp 0xfffbf92d

loc_fffbf6bd:  ; not directly referenced
push edi
mov esi, dword [ebp - 0x534]
mov cl, bl
push 2
push 0
push 0xf
push 0xb
mov edx, esi
push 0
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
push 2
lea eax, [ebp - 0x509]
push eax
mov eax, dword [ebp - 0x51c]
push 4
mov dword [ebp - 0x528], 1
shl dword [ebp - 0x528], cl
push dword [ebp - 0x528]
mov ecx, dword [ebp - 0x524]
call fcn_fffca96e  ; call 0xfffca96e
imul eax, ebx, 0x3e
mov edi, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edx, [ebp - 0x4f0]
lea edi, [edi + eax + 0x33f]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea ecx, [ebp - 0x50d]
lea edi, [ebp - 0x50b]

loc_fffbf73e:  ; not directly referenced
movzx esi, byte [ecx]
test dword [ebp - 0x528], esi
je short loc_fffbf779  ; je 0xfffbf779
mov si, word [edx + eax + 0x30c]
cmp si, word [edx + 0x30c]
jae short loc_fffbf761  ; jae 0xfffbf761
mov word [edx + 0x30c], si

loc_fffbf761:  ; not directly referenced
mov si, word [edx + eax + 0x310]
cmp si, word [edx + 0x310]
jae short loc_fffbf779  ; jae 0xfffbf779
mov word [edx + 0x310], si

loc_fffbf779:  ; not directly referenced
inc ecx
add edx, 2
cmp ecx, edi
je loc_fffbf69e  ; je 0xfffbf69e
jmp short loc_fffbf73e  ; jmp 0xfffbf73e

loc_fffbf787:  ; not directly referenced
mov eax, dword [ebp - 0x51c]
lea ebx, [ebp - 0x300]
mov dword [ebp - 0x534], ebx
cmp dword [eax + 0x188b], 1
setne al
xor ebx, ebx
lea eax, [eax + eax + 0xc]
movsx eax, al
mov dword [ebp - 0x53c], eax

loc_fffbf7b2:  ; not directly referenced
mov eax, dword [ebp - 0x52c]
bt eax, ebx
jb short loc_fffbf7dc  ; jb 0xfffbf7dc

loc_fffbf7bd:  ; not directly referenced
inc ebx
add dword [ebp - 0x534], 0x3e
cmp ebx, 4
jne short loc_fffbf7b2  ; jne 0xfffbf7b2
mov cl, 2
mov eax, 2
lea ebx, [ebp - 0x50b]
jmp near loc_fffbf92d  ; jmp 0xfffbf92d

loc_fffbf7dc:  ; not directly referenced
push esi
mov cl, bl
mov esi, dword [ebp - 0x534]
push 0
push 9
push 0xf
push dword [ebp - 0x53c]
mov edx, esi
lea eax, [ebp - 0x4fa]
mov dword [ebp - 0x528], 1
shl dword [ebp - 0x528], cl
push 0
mov ecx, dword [ebp - 0x524]
push eax
lea eax, [ebp - 0x4ff]
push eax
push 2
lea eax, [ebp - 0x50b]
push eax
mov eax, dword [ebp - 0x51c]
push 5
push dword [ebp - 0x528]
call fcn_fffca96e  ; call 0xfffca96e
imul eax, ebx, 0x3e
mov edi, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edx, [ebp - 0x4f0]
lea edi, [edi + eax + 0x247]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea ecx, [ebp - 0x50d]

loc_fffbf85b:  ; not directly referenced
movzx esi, byte [ecx]
test dword [ebp - 0x528], esi
je short loc_fffbf896  ; je 0xfffbf896
mov si, word [edx + eax + 0x214]
cmp si, word [edx + 0x214]
jae short loc_fffbf87e  ; jae 0xfffbf87e
mov word [edx + 0x214], si

loc_fffbf87e:  ; not directly referenced
mov si, word [edx + eax + 0x218]
cmp si, word [edx + 0x218]
jae short loc_fffbf896  ; jae 0xfffbf896
mov word [edx + 0x218], si

loc_fffbf896:  ; not directly referenced
inc ecx
add edx, 2
lea edi, [ebp - 0x50b]
cmp ecx, edi
je loc_fffbf7bd  ; je 0xfffbf7bd
jmp short loc_fffbf85b  ; jmp 0xfffbf85b

loc_fffbf8aa:  ; not directly referenced
mov eax, dword [ebp - 0x51c]
cmp dword [eax + 0x188b], 1
jne short loc_fffbf8ca  ; jne 0xfffbf8ca
call fcn_fffa9b8c  ; call 0xfffa9b8c
mov edx, 0x2f
mov eax, 8
jmp short loc_fffbf8d1  ; jmp 0xfffbf8d1

loc_fffbf8ca:  ; not directly referenced
mov edx, 7
xor eax, eax

loc_fffbf8d1:  ; not directly referenced
push ecx
mov ecx, dword [ebp - 0x524]
push 0
push 9
push 0xf
push edx
push eax
lea eax, [ebp - 0x4fa]
push eax
lea eax, [ebp - 0x4ff]
push eax
mov eax, dword [ebp - 0x51c]
push 2
lea ebx, [ebp - 0x50b]
push ebx
push 6
push dword [ebp - 0x52c]
lea edx, [ebp - 0x4f0]
lea esi, [ebp - 0x4f0]
call fcn_fffca96e  ; call 0xfffca96e
mov eax, dword [ebp - 0x520]
mov ecx, 0x3e
add esp, 0x30
lea edi, [eax + 0x57]
xor eax, eax
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov cl, 2

loc_fffbf92d:  ; not directly referenced
imul edi, eax, 0x7c
mov dword [ebp - 0x528], 0
mov dword [ebp - 0x53c], edi

loc_fffbf940:  ; not directly referenced
mov edi, dword [ebp - 0x528]
cmp byte [ebp + edi - 0x50d], 0
je loc_fffbf9d5  ; je 0xfffbf9d5
mov edi, dword [ebp - 0x53c]
lea edx, [ebp - 0x4f0]
add edi, dword [ebp - 0x528]
add edi, edi
add edi, edx
mov dword [ebp - 0x540], edi
xor edi, edi
jmp short loc_fffbf9cf  ; jmp 0xfffbf9cf

loc_fffbf974:  ; not directly referenced
mov dl, byte [ebx + edi]
xor esi, esi
mov byte [ebp - 0x534], dl
cmp dl, 0x21
ja short loc_fffbf98e  ; ja 0xfffbf98e
movzx esi, dl
movzx esi, byte [esi + ref_fffd5f1c]  ; movzx esi, byte [esi - 0x2a0e4]

loc_fffbf98e:  ; not directly referenced
mov edx, esi
movzx esi, dl
mov dl, byte [ebp - 0x534]
mov dword [ebp - 0x548], eax
mov eax, dword [ebp - 0x520]
mov byte [ebp + esi - 0x503], dl
mov edx, dword [ebp - 0x528]
add esi, esi
lea edx, [edx + esi + 0x20]
mov esi, dword [ebp - 0x540]
mov si, word [esi + edi*4 + 0x24]
inc edi
mov word [eax + edx*2 + 3], si
mov eax, dword [ebp - 0x548]

loc_fffbf9cf:  ; not directly referenced
mov edx, edi
cmp cl, dl
ja short loc_fffbf974  ; ja 0xfffbf974

loc_fffbf9d5:  ; not directly referenced
inc dword [ebp - 0x528]
cmp dword [ebp - 0x528], 2
jne loc_fffbf940  ; jne 0xfffbf940
inc dword [ebp - 0x530]
inc dword [ebp - 0x538]
jmp near loc_fffbf583  ; jmp 0xfffbf583

loc_fffbf9f9:  ; not directly referenced
mov eax, dword [ebp - 0x520]
lea ebx, [ebp - 0x503]
mov dword [ebp - 0x524], ebx
mov byte [ebp - 0x52c], 0
mov byte [eax + 0x52f], 0
mov dword [ebp - 0x528], eax

loc_fffbfa1f:  ; not directly referenced
mov eax, dword [ebp - 0x524]
mov bl, byte [eax]
test bl, bl
je loc_fffbfad2  ; je 0xfffbfad2
mov ecx, dword [ebp - 0x520]
xor esi, esi
movzx eax, byte [ebp - 0x52c]
mov edi, dword [ebp - 0x51c]
mov byte [ecx + eax + 0x530], bl
lea eax, [ecx + eax*4]
inc byte [ecx + 0x52f]
add edi, 0x49be
mov dword [ebp - 0x530], eax
movzx eax, bl
mov dword [ebp - 0x534], eax

loc_fffbfa69:  ; not directly referenced
cmp byte [ebp + esi - 0x50d], 0
je short loc_fffbfac0  ; je 0xfffbfac0
mov edx, dword [ebp - 0x534]
mov ecx, 1
mov eax, dword [ebp - 0x51c]
call fcn_fffb13cf  ; call 0xfffb13cf
cmp bl, 2
jne short loc_fffbfaa1  ; jne 0xfffbfaa1
cmp byte [edi + 0x128], 5
mov dl, byte [edi]
je short loc_fffbfa9e  ; je 0xfffbfa9e
cmp dl, 5
jne short loc_fffbfaa1  ; jne 0xfffbfaa1

loc_fffbfa9e:  ; not directly referenced
add eax, 0x50

loc_fffbfaa1:  ; not directly referenced
mov ecx, dword [ebp - 0x528]
mov dx, word [ecx + esi*2 + 0x43]
mov ecx, dword [ebp - 0x530]
cmp dx, ax
cmovbe eax, edx
mov word [ecx + esi*2 + 0x53a], ax

loc_fffbfac0:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffbfa69  ; jne 0xfffbfa69
inc byte [ebp - 0x52c]

loc_fffbfad2:  ; not directly referenced
inc dword [ebp - 0x524]
add dword [ebp - 0x528], 4
lea eax, [ebp - 0x4ff]
cmp dword [ebp - 0x524], eax
jne loc_fffbfa1f  ; jne 0xfffbfa1f
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffbfaf9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x57c
mov ebx, dword [ebp + 0x10]
cmp byte [eax + 0x248b], 1
mov dword [ebp - 0x50c], eax
mov dword [ebp - 0x574], ecx
mov dword [ebp - 0x53c], ebx
mov byte [ebp - 0x566], dl
mov byte [ebp - 0x535], cl
mov byte [ebp - 0x50e], bl
jne short loc_fffbfb5b  ; jne 0xfffbfb5b
mov al, byte [eax + 0x248c]
lea edx, [eax + 4]
mov byte [ebp - 0x508], al
mov byte [ebp - 0x507], al
add eax, 2
mov byte [ebp - 0x506], dl
mov byte [ebp - 0x505], al
jmp short loc_fffbfb77  ; jmp 0xfffbfb77

loc_fffbfb5b:  ; not directly referenced
mov byte [ebp - 0x508], 1
mov byte [ebp - 0x507], 1
mov byte [ebp - 0x506], 1
mov byte [ebp - 0x505], 1

loc_fffbfb77:  ; not directly referenced
mov ebx, dword [ebp - 0x53c]
mov al, bl
shr al, 4
inc eax
mov byte [ebp - 0x520], al
cmp bl, 9
je short loc_fffbfbaa  ; je 0xfffbfbaa
cmp bl, 8
je short loc_fffbfbba  ; je 0xfffbfbba
cmp bl, 0xa
sete al
mov byte [ebp - 0x50d], al
shl eax, 2
mov byte [ebp - 0x50f], al
jmp short loc_fffbfbc8  ; jmp 0xfffbfbc8

loc_fffbfbaa:  ; not directly referenced
mov byte [ebp - 0x50d], 1
mov byte [ebp - 0x50f], 1
jmp short loc_fffbfbc8  ; jmp 0xfffbfbc8

loc_fffbfbba:  ; not directly referenced
mov byte [ebp - 0x50d], 1
mov byte [ebp - 0x50f], 2

loc_fffbfbc8:  ; not directly referenced
mov eax, dword [ebp - 0x53c]
cmp al, 0x21
sete dl
cmp al, 0x11
sete al
or dl, al
jne short loc_fffbfbef  ; jne 0xfffbfbef
cmp byte [ebp - 0x53c], 5
mov dword [ebp - 0x52c], 0
jne short loc_fffbfc01  ; jne 0xfffbfc01

loc_fffbfbef:  ; not directly referenced
mov al, byte [ebp - 0x50d]
xor eax, 1
movzx eax, al
mov dword [ebp - 0x52c], eax

loc_fffbfc01:  ; not directly referenced
lea eax, [ebp - 0x4e0]
xor edi, edi
mov dword [ebp - 0x51c], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x514], eax
movzx eax, byte [ebp - 0x566]
mov dword [ebp - 0x518], eax

loc_fffbfc25:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, edi
jb short loc_fffbfc90  ; jb 0xfffbfc90

loc_fffbfc30:  ; not directly referenced
inc edi
add dword [ebp - 0x514], 0x48
add dword [ebp - 0x51c], 0x24
cmp edi, 2
jne short loc_fffbfc25  ; jne 0xfffbfc25
mov eax, dword [ebp - 0x518]
mov byte [ebp - 0x510], 0
mov dword [ebp - 0x514], 0
sar eax, 1
mov dword [ebp - 0x564], eax
movzx eax, byte [ebp - 0x50d]
and dword [ebp - 0x564], 1
shl eax, 2
mov dword [ebp - 0x560], eax
movzx eax, byte [ebp - 0x520]
mov dword [ebp - 0x57c], eax
dec eax
mov dword [ebp - 0x580], eax
jmp short loc_fffbfcd3  ; jmp 0xfffbfcd3

loc_fffbfc90:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
xor ecx, ecx
mov esi, dword [ebp - 0x514]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x524], al

loc_fffbfcaa:  ; not directly referenced
cmp byte [ebp - 0x524], cl
jbe loc_fffbfc30  ; jbe 0xfffbfc30
mov eax, dword [esi + 4]
mov ebx, 0x14
xor edx, edx
add eax, dword [esi]
add esi, 8
div ebx
mov ebx, dword [ebp - 0x51c]
mov dword [ebx + ecx*4], eax
inc ecx
jmp short loc_fffbfcaa  ; jmp 0xfffbfcaa

loc_fffbfcd3:  ; not directly referenced
mov esi, dword [ebp - 0x514]
mov eax, esi
mov byte [ebp - 0x565], al
lea eax, [esi + esi - 1]
xor esi, esi
mov dword [ebp - 0x540], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x520], eax
movzx eax, byte [ebp - 0x535]
mov dword [ebp - 0x534], eax
movzx eax, byte [ebp - 0x50f]
mov dword [ebp - 0x558], eax

loc_fffbfd10:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, esi
jae loc_fffbfe95  ; jae 0xfffbfe95
lea eax, [esi + esi*8]
lea edi, [ebp - 0x18]
add edi, eax
mov dword [ebp - 0x528], eax
mov byte [ebp - 0x524], 0x7f
mov byte [ebp - 0x51c], 0
mov dword [ebp - 0x530], eax
mov dword [ebp - 0x55c], edi
jmp near loc_fffbfe7d  ; jmp 0xfffbfe7d

loc_fffbfd4c:  ; not directly referenced
movzx ebx, byte [ebp - 0x51c]
mov eax, dword [ebp - 0x55c]
movzx edi, byte [ebp - 0x50e]
add eax, ebx
mov byte [eax - 0x4da], 0
mov byte [eax - 0x4ec], 0
mov eax, dword [ebp - 0x530]
lea ecx, [eax + ebx]
mov eax, dword [ebp + ecx*4 - 0x4e0]
shl ecx, 5
lea edx, [eax - 2]
mov dword [ebp + ecx - 0x498], edx
lea ecx, [edi - 8]
cmp cl, 1
ja loc_fffbfeae  ; ja 0xfffbfeae
push 1
push 0
push 0
push 0
push ebx
push dword [ebp - 0x534]
imul edx, dword [ebp - 0x540]
push esi
push 0
push 0
push edx

loc_fffbfdb5:  ; not directly referenced
push dword [ebp - 0x558]
push dword [ebp - 0x50c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30

loc_fffbfdc9:  ; not directly referenced
cmp byte [ebp - 0x50d], 0
jne loc_fffbfedf  ; jne 0xfffbfedf

loc_fffbfdd6:  ; not directly referenced
cmp dword [ebp - 0x52c], 0
je short loc_fffbfe11  ; je 0xfffbfe11
add ebx, dword [ebp - 0x530]
mov edi, dword [ebp - 0x524]
shl ebx, 5
mov eax, dword [ebp + ebx - 0x498]
mov ecx, edi
movzx edx, cl
cmp eax, edx
cmovb edi, eax
mov eax, edi
mov byte [ebp - 0x524], al
movzx eax, al
mov dword [ebp + ebx - 0x498], eax

loc_fffbfe11:  ; not directly referenced
movzx eax, byte [ebp - 0x51c]
mov edi, dword [ebp - 0x528]
lea edx, [eax + edi]
shl edx, 5
lea ebx, [ebp + edx - 0x258]
mov dword [ebp - 0x544], ebx
mov ebx, dword [ebp - 0x520]
shl eax, 4
add eax, dword [ebp - 0x514]
lea edi, [ebp + edx - 0x498]
xor edx, edx
lea eax, [ebx + eax*4]
mov dword [ebp - 0x548], eax
xor eax, eax

loc_fffbfe54:  ; not directly referenced
mov ebx, dword [edi + edx]
mov ecx, dword [ebp - 0x544]
add edx, dword [ebp - 0x560]
mov dword [ecx + eax], ebx
mov ecx, dword [ebp - 0x548]
mov dword [ecx + eax*2], ebx
add eax, 4
cmp eax, 0x20
jne short loc_fffbfe54  ; jne 0xfffbfe54
inc byte [ebp - 0x51c]

loc_fffbfe7d:  ; not directly referenced
mov edi, dword [ebp - 0x50c]
mov al, byte [ebp - 0x51c]
cmp al, byte [edi + 0x2488]
jb loc_fffbfd4c  ; jb 0xfffbfd4c

loc_fffbfe95:  ; not directly referenced
inc esi
add dword [ebp - 0x520], 0x240
cmp esi, 2
jne loc_fffbfd10  ; jne 0xfffbfd10
jmp near loc_fffc0080  ; jmp 0xfffc0080

loc_fffbfeae:  ; not directly referenced
cmp byte [ebp - 0x50e], 0xa
jne loc_fffbfdc9  ; jne 0xfffbfdc9
push 1
add eax, 2
push 0
push 0
push 0
push ebx
push dword [ebp - 0x534]
imul eax, dword [ebp - 0x540]
push esi
push 0
push 0
push eax
jmp near loc_fffbfdb5  ; jmp 0xfffbfdb5

loc_fffbfedf:  ; not directly referenced
movzx eax, byte [ebp - 0x51c]
mov edi, dword [ebp - 0x520]
mov edx, eax
add eax, dword [ebp - 0x528]
shl edx, 4
add edx, dword [ebp - 0x514]
shl eax, 5
lea eax, [ebp + eax - 0x498]
mov dword [ebp - 0x544], eax
lea edi, [edi + edx*4]
xor eax, eax

loc_fffbff12:  ; not directly referenced
mov edx, dword [edi + eax*2]
mov ecx, 0xf
cmp edx, 0xf
cmova edx, ecx
mov ecx, dword [ebp - 0x544]
mov dword [ecx + eax], edx
add eax, 4
cmp eax, 0x20
jne short loc_fffbff12  ; jne 0xfffbff12
jmp near loc_fffbfdd6  ; jmp 0xfffbfdd6

loc_fffbff36:  ; not directly referenced
inc al
je loc_fffc0675  ; je 0xfffc0675
mov eax, dword [ebp - 0x50c]
mov ecx, 4
mov edx, 0x4800
call fcn_fffae566  ; call 0xfffae566
mov dword [ebp - 0x520], 0

loc_fffbff5d:  ; not directly referenced
mov eax, dword [ebp - 0x57c]
cmp dword [ebp - 0x520], eax
jae loc_fffc000b  ; jae 0xfffc000b
mov al, byte [ebp - 0x510]
xor ebx, ebx
and eax, 1
mov byte [ebp - 0x558], al

loc_fffbff80:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, ebx
jb loc_fffc00fb  ; jb 0xfffc00fb

loc_fffbff8f:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffbff80  ; jne 0xfffbff80
mov esi, dword [ebp - 0x50c]
xor eax, eax
mov edi, dword [ebp - 0x520]
push edx
mov edx, dword [ebp - 0x518]
movzx ecx, byte [esi + 0x248b]
test edi, edi
push 0
sete al
push eax
lea eax, [ebp - 0x508]
push eax
mov eax, esi
call fcn_fffb0f94  ; call 0xfffb0f94
mov eax, dword [ebp - 0x580]
add esp, 0x10
cmp edi, eax
jae loc_fffc0298  ; jae 0xfffc0298
mov eax, dword [ebp - 0x50c]
xor edi, edi
mov cl, 1
mov al, byte [eax + 0x3748]
mov byte [ebp - 0x51c], al

loc_fffbffee:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, edi
jb loc_fffc0222  ; jb 0xfffc0222

loc_fffbfffd:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffbffee  ; jne 0xfffbffee
test cl, cl
je loc_fffc0298  ; je 0xfffc0298

loc_fffc000b:  ; not directly referenced
lea eax, [ebp - 0x498]
mov dword [ebp - 0x530], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x534], 0
mov dword [ebp - 0x51c], 0
mov dword [ebp - 0x55c], eax
movzx eax, byte [ebp - 0x535]
mov dword [ebp - 0x578], eax

loc_fffc0041:  ; not directly referenced
mov eax, dword [ebp - 0x518]
mov esi, dword [ebp - 0x51c]
bt eax, esi
jb loc_fffc02a3  ; jb 0xfffc02a3

loc_fffc0056:  ; not directly referenced
inc dword [ebp - 0x51c]
add dword [ebp - 0x530], 0x120
add dword [ebp - 0x55c], 0x240
add dword [ebp - 0x534], 9
cmp dword [ebp - 0x51c], 2
jne short loc_fffc0041  ; jne 0xfffc0041

loc_fffc0080:  ; not directly referenced
mov al, 0xff
test byte [ebp - 0x566], 1
je short loc_fffc00b0  ; je 0xfffc00b0
mov esi, dword [ebp - 0x50c]
xor edx, edx
mov cl, byte [esi + 0x2488]

loc_fffc0099:  ; not directly referenced
cmp cl, dl
jbe short loc_fffc00b0  ; jbe 0xfffc00b0
mov bl, byte [ebp + edx - 0x504]
and bl, byte [ebp + edx - 0x4f2]
inc edx
and eax, ebx
jmp short loc_fffc0099  ; jmp 0xfffc0099

loc_fffc00b0:  ; not directly referenced
cmp dword [ebp - 0x564], 0
je loc_fffbff36  ; je 0xfffbff36
mov edi, dword [ebp - 0x50c]
lea esi, [ebp - 0x504]
mov cl, byte [edi + 0x2488]
lea edi, [ebp - 0x4f2]
mov edx, edi
mov byte [ebp - 0x51c], cl

loc_fffc00dd:  ; not directly referenced
mov bl, dl
mov ecx, edi
inc esi
sub ebx, ecx
cmp bl, byte [ebp - 0x51c]
jae loc_fffbff36  ; jae 0xfffbff36
mov bl, byte [edx + 9]
inc edx
and bl, byte [esi + 8]
and eax, ebx
jmp short loc_fffc00dd  ; jmp 0xfffc00dd

loc_fffc00fb:  ; not directly referenced
mov eax, dword [ebp - 0x518]
lea ecx, [ebx + 1]
mov byte [ebp - 0x51c], 0
sar eax, cl
mov dword [ebp - 0x528], eax
lea eax, [ebx + ebx*8]
mov dword [ebp - 0x530], eax

loc_fffc011c:  ; not directly referenced
mov esi, dword [ebp - 0x50c]
mov al, byte [ebp - 0x51c]
cmp al, byte [esi + 0x2488]
jae loc_fffbff8f  ; jae 0xfffbff8f
cmp byte [ebp - 0x50d], 0
movzx eax, byte [ebp - 0x51c]
je short loc_fffc01c3  ; je 0xfffc01c3
add eax, dword [ebp - 0x530]
xor ecx, ecx
mov dl, byte [ebp - 0x565]
shl eax, 5
lea eax, [ebp + eax - 0x498]
xor edx, 1
mov dword [ebp - 0x524], eax
xor eax, eax
mov byte [ebp - 0x534], dl

loc_fffc016d:  ; not directly referenced
cmp byte [ebp - 0x50e], 9
sete dl
test byte [ebp - 0x558], dl
jne short loc_fffc0191  ; jne 0xfffc0191
cmp byte [ebp - 0x50e], 9
setne dl
test byte [ebp - 0x534], dl
je short loc_fffc01a1  ; je 0xfffc01a1

loc_fffc0191:  ; not directly referenced
mov esi, dword [ebp - 0x524]
mov edi, 0xf
sub edi, dword [esi + ecx]
jmp short loc_fffc01aa  ; jmp 0xfffc01aa

loc_fffc01a1:  ; not directly referenced
mov edi, dword [ebp - 0x524]
mov edi, dword [edi + ecx]

loc_fffc01aa:  ; not directly referenced
cmp edi, 0xf
mov esi, 0xf
cmovbe esi, edi
shl esi, cl
add ecx, 4
or eax, esi
cmp ecx, 0x20
jne short loc_fffc016d  ; jne 0xfffc016d
jmp short loc_fffc01db  ; jmp 0xfffc01db

loc_fffc01c3:  ; not directly referenced
lea edx, [ebx + ebx*8]
mov esi, dword [ebp - 0x540]
add eax, edx
shl eax, 5
imul esi, dword [ebp + eax - 0x498]
mov eax, esi

loc_fffc01db:  ; not directly referenced
push 1
movzx edx, byte [ebp - 0x51c]
push dword [ebp - 0x528]
push 0
push 0
push edx
movzx edx, byte [ebp - 0x535]
push edx
push ebx
push 0
push dword [ebp - 0x520]
push eax
movzx eax, byte [ebp - 0x50e]
push eax
push dword [ebp - 0x50c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
inc byte [ebp - 0x51c]
jmp near loc_fffc011c  ; jmp 0xfffc011c

loc_fffc0222:  ; not directly referenced
mov ebx, dword [ebp - 0x50c]
mov esi, edi
shl esi, 0xa
lea edx, [esi + 0x40e0]
mov dword [ebp - 0x528], ecx
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
lea edx, [esi + 0x40e4]
mov dword [ebp - 0x524], eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x528]
inc eax
sete bl
cmp dword [ebp - 0x524], 0xffffffff
sete al
and ebx, eax
and ebx, ecx
mov ecx, 1
cmp byte [ebp - 0x51c], 0
je short loc_fffc0291  ; je 0xfffc0291
mov eax, dword [ebp - 0x50c]
lea edx, [esi + 0x40e8]
call fcn_fffae52a  ; call 0xfffae52a
xor ecx, ecx
inc al
sete cl

loc_fffc0291:  ; not directly referenced
and ecx, ebx
jmp near loc_fffbfffd  ; jmp 0xfffbfffd

loc_fffc0298:  ; not directly referenced
inc dword [ebp - 0x520]
jmp near loc_fffbff5d  ; jmp 0xfffbff5d

loc_fffc02a3:  ; not directly referenced
mov esi, dword [ebp - 0x51c]
mov edi, dword [ebp - 0x50c]
mov ebx, esi
shl ebx, 0xa
mov eax, edi
lea edx, [ebx + 0x40e0]
call fcn_fffae52a  ; call 0xfffae52a
lea edx, [ebx + 0x40e4]
mov dword [ebp - 0x56c], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
lea edx, [ebx + 0x40e8]
mov dword [ebp - 0x570], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov byte [ebp - 0x538], 0xff
mov byte [ebp - 0x537], 0xff
mov byte [ebp - 0x524], 0
mov byte [ebp - 0x567], al
lea eax, [esi + esi*8]
lea esi, [ebp - 0x18]
add esi, eax
mov dword [ebp - 0x548], eax
mov dword [ebp - 0x520], esi

loc_fffc0316:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
mov dl, byte [eax + 0x2488]
cmp byte [ebp - 0x524], dl
jae loc_fffc0602  ; jae 0xfffc0602
movzx eax, byte [ebp - 0x524]
cmp al, 3
ja short loc_fffc0350  ; ja 0xfffc0350
mov esi, dword [ebp - 0x56c]
lea ecx, [eax*8]
shr esi, cl
mov dword [ebp - 0x558], esi
jmp short loc_fffc037a  ; jmp 0xfffc037a

loc_fffc0350:  ; not directly referenced
mov bl, byte [ebp - 0x567]
cmp byte [ebp - 0x524], 7
mov byte [ebp - 0x558], bl
ja short loc_fffc037a  ; ja 0xfffc037a
mov edi, dword [ebp - 0x570]
lea ecx, [eax*8 - 0x20]
shr edi, cl
mov dword [ebp - 0x558], edi

loc_fffc037a:  ; not directly referenced
mov esi, dword [ebp - 0x534]
lea edi, [ebp - 0x498]
xor ecx, ecx
movzx ebx, byte [ebp - 0x524]
lea edx, [eax + esi]
shl edx, 5
lea esi, [edi + edx]
mov dword [ebp - 0x544], esi
mov esi, dword [ebp - 0x55c]
shl eax, 4
add eax, dword [ebp - 0x514]
lea edi, [esi + eax*4]
mov eax, dword [ebp - 0x520]
add eax, ebx

loc_fffc03b8:  ; not directly referenced
mov edx, 1
movzx esi, byte [eax - 0x4da]
shl edx, cl
mov dword [ebp - 0x528], edx
mov dl, byte [eax - 0x4ec]
mov byte [ebp - 0x536], dl
and edx, esi
test byte [ebp - 0x528], dl
jne short loc_fffc0443  ; jne 0xfffc0443
mov dl, byte [ebp - 0x528]
test byte [ebp - 0x558], dl
je short loc_fffc0421  ; je 0xfffc0421
or esi, edx
mov edx, esi
mov esi, dword [ebp - 0x544]
mov byte [eax - 0x4da], dl
mov esi, dword [esi]
cmp dword [edi + ecx*8], esi
jb short loc_fffc0443  ; jb 0xfffc0443
mov dl, byte [ebp - 0x528]
dec esi
mov dword [edi + ecx*8], esi
not edx
and dl, byte [ebp - 0x536]
mov byte [eax - 0x4ec], dl
jmp short loc_fffc0443  ; jmp 0xfffc0443

loc_fffc0421:  ; not directly referenced
mov dl, byte [ebp - 0x528]
mov esi, dword [ebp - 0x544]
or dl, byte [ebp - 0x536]
mov byte [eax - 0x4ec], dl
mov edx, dword [esi]
cmp dword [edi + ecx*8], edx
jae short loc_fffc0443  ; jae 0xfffc0443
mov dword [edi + ecx*8], edx

loc_fffc0443:  ; not directly referenced
mov esi, dword [ebp - 0x560]
inc ecx
add dword [ebp - 0x544], esi
cmp ecx, 8
jne loc_fffc03b8  ; jne 0xfffc03b8
cmp byte [ebp - 0x50e], 1
mov al, 0xf
jne short loc_fffc0488  ; jne 0xfffc0488
push eax
mov ecx, dword [ebp - 0x578]
push 0xf
mov edx, dword [ebp - 0x51c]
push dword [ebp - 0x514]
mov eax, dword [ebp - 0x50c]
push ebx
call fcn_fffaec68  ; call 0xfffaec68
add esp, 0x10

loc_fffc0488:  ; not directly referenced
cmp byte [ebp - 0x50d], 0
je short loc_fffc04e9  ; je 0xfffc04e9
mov edi, dword [ebp - 0x534]
lea esi, [ebp - 0x498]
xor ecx, ecx
add edi, ebx
shl edi, 5
add edi, esi
mov dword [ebp - 0x528], edi

loc_fffc04ac:  ; not directly referenced
mov edi, dword [ebp - 0x528]
mov edx, 1
shl edx, cl
mov esi, dword [edi + ecx*4]
movzx edi, al
cmp esi, edi
jb short loc_fffc04d0  ; jb 0xfffc04d0
mov edi, dword [ebp - 0x520]
or byte [ebx + edi - 0x4da], dl

loc_fffc04d0:  ; not directly referenced
test esi, esi
jne short loc_fffc04e1  ; jne 0xfffc04e1
mov edi, dword [ebp - 0x520]
or byte [ebx + edi - 0x4ec], dl

loc_fffc04e1:  ; not directly referenced
inc ecx
cmp ecx, 8
jne short loc_fffc04ac  ; jne 0xfffc04ac
jmp short loc_fffc0523  ; jmp 0xfffc0523

loc_fffc04e9:  ; not directly referenced
mov edi, dword [ebp - 0x548]
movzx eax, al
lea edx, [edi + ebx]
shl edx, 5
mov edx, dword [ebp + edx - 0x498]
cmp edx, eax
jb short loc_fffc0511  ; jb 0xfffc0511
mov eax, dword [ebp - 0x520]
mov byte [ebx + eax - 0x4da], 0xff

loc_fffc0511:  ; not directly referenced
test edx, edx
jne short loc_fffc0523  ; jne 0xfffc0523
mov eax, dword [ebp - 0x520]
mov byte [ebx + eax - 0x4ec], 0xff

loc_fffc0523:  ; not directly referenced
mov eax, dword [ebp - 0x520]
lea edx, [eax + ebx]
mov al, byte [edx - 0x4ec]
mov dl, byte [edx - 0x4da]
and byte [ebp - 0x537], al
and byte [ebp - 0x538], dl
cmp dword [ebp - 0x52c], 0
jne loc_fffc05f7  ; jne 0xfffc05f7
cmp byte [ebp - 0x50d], 0
je short loc_fffc05b0  ; je 0xfffc05b0
mov esi, dword [ebp - 0x534]
lea edi, [ebp - 0x498]
lea ecx, [ebx + esi]
mov bl, dl
shl ecx, 5
and ebx, eax
lea esi, [edi + ecx]
mov byte [ebp - 0x528], bl
lea edi, [ebp + ecx - 0x258]
xor ecx, ecx

loc_fffc0582:  ; not directly referenced
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x528], bl
jne short loc_fffc05a8  ; jne 0xfffc05a8
test dl, bl
jne short loc_fffc059a  ; jne 0xfffc059a
inc dword [esi + ecx*4]
jmp short loc_fffc05a8  ; jmp 0xfffc05a8

loc_fffc059a:  ; not directly referenced
test al, bl
jne short loc_fffc05a8  ; jne 0xfffc05a8
mov ebx, dword [edi + ecx*4]
dec ebx
mov dword [edi + ecx*4], ebx
mov dword [esi + ecx*4], ebx

loc_fffc05a8:  ; not directly referenced
inc ecx
cmp ecx, 8
jne short loc_fffc0582  ; jne 0xfffc0582
jmp short loc_fffc05f7  ; jmp 0xfffc05f7

loc_fffc05b0:  ; not directly referenced
mov cl, dl
and ecx, eax
inc cl
je short loc_fffc05f7  ; je 0xfffc05f7
inc dl
je short loc_fffc05d0  ; je 0xfffc05d0
mov eax, dword [ebp - 0x548]
add eax, ebx
shl eax, 5
inc dword [ebp + eax - 0x498]
jmp short loc_fffc05f7  ; jmp 0xfffc05f7

loc_fffc05d0:  ; not directly referenced
inc al
je short loc_fffc05f7  ; je 0xfffc05f7
mov eax, dword [ebp - 0x548]
add eax, ebx
shl eax, 5
mov esi, dword [ebp + eax - 0x258]
lea edx, [esi - 1]
mov dword [ebp + eax - 0x258], edx
mov dword [ebp + eax - 0x498], edx

loc_fffc05f7:  ; not directly referenced
inc byte [ebp - 0x524]
jmp near loc_fffc0316  ; jmp 0xfffc0316

loc_fffc0602:  ; not directly referenced
cmp dword [ebp - 0x52c], 1
jne loc_fffc0056  ; jne 0xfffc0056
mov al, byte [ebp - 0x537]
mov edi, dword [ebp - 0x538]
and eax, edi
inc al
je loc_fffc0056  ; je 0xfffc0056
mov eax, edi
inc al
je short loc_fffc0637  ; je 0xfffc0637
mov eax, dword [ebp - 0x530]
inc dword [eax]

loc_fffc0633:  ; not directly referenced
xor eax, eax
jmp short loc_fffc065a  ; jmp 0xfffc065a

loc_fffc0637:  ; not directly referenced
imul ecx, dword [ebp - 0x51c], 0x120
mov edi, dword [ebp - 0x530]
mov eax, dword [ebp + ecx - 0x258]
dec eax
mov dword [ebp + ecx - 0x258], eax
mov dword [edi], eax
jmp short loc_fffc0633  ; jmp 0xfffc0633

loc_fffc065a:  ; not directly referenced
cmp dl, al
jbe loc_fffc0056  ; jbe 0xfffc0056
mov esi, dword [ebp - 0x530]
mov ecx, eax
inc eax
shl ecx, 5
mov ebx, dword [esi]
mov dword [esi + ecx], ebx
jmp short loc_fffc065a  ; jmp 0xfffc065a

loc_fffc0675:  ; not directly referenced
cmp byte [ebp - 0x50d], 0
jne loc_fffc0726  ; jne 0xfffc0726
mov eax, dword [ebp + 8]
xor edi, edi
mov dword [ebp - 0x51c], eax
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x520], eax

loc_fffc0696:  ; not directly referenced
mov eax, dword [ebp - 0x518]
bt eax, edi
jb short loc_fffc06be  ; jb 0xfffc06be

loc_fffc06a1:  ; not directly referenced
inc edi
add dword [ebp - 0x520], 0x48
add dword [ebp - 0x51c], 0x240
cmp edi, 2
je loc_fffc07ef  ; je 0xfffc07ef
jmp short loc_fffc0696  ; jmp 0xfffc0696

loc_fffc06be:  ; not directly referenced
xor ebx, ebx

loc_fffc06c0:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
cmp bl, byte [eax + 0x2488]
jae short loc_fffc06a1  ; jae 0xfffc06a1
movzx ecx, bl
mov esi, dword [ebp - 0x51c]
xor edx, edx
mov eax, ecx
shl eax, 4
add eax, dword [ebp - 0x514]
mov dword [ebp - 0x524], ecx
lea esi, [esi + eax*4]
mov eax, 0x7f

loc_fffc06f2:  ; not directly referenced
movzx ecx, al
cmp ecx, dword [esi + edx]
movzx ecx, byte [esi + edx]
cmova eax, ecx
add edx, 8
cmp edx, 0x40
jne short loc_fffc06f2  ; jne 0xfffc06f2
mov esi, dword [ebp - 0x524]
imul eax, eax, 0xa
inc ebx
mov ecx, esi
add ecx, esi
mov esi, dword [ebp - 0x520]
add ecx, dword [ebp - 0x514]
mov dword [esi + ecx*4], eax
jmp short loc_fffc06c0  ; jmp 0xfffc06c0

loc_fffc0726:  ; not directly referenced
mov al, byte [ebp - 0x510]
xor edi, edi
mov esi, dword [ebp + 8]
and eax, 1
mov byte [ebp - 0x520], al

loc_fffc073a:  ; not directly referenced
mov eax, dword [ebp - 0x518]
xor edx, edx
bt eax, edi
jb short loc_fffc07b2  ; jb 0xfffc07b2

loc_fffc0747:  ; not directly referenced
inc edi
add esi, 0x240
cmp edi, 2
jne short loc_fffc073a  ; jne 0xfffc073a
push 2
movzx eax, byte [ebp - 0x535]
push 0
push 0
push 0
push 0
push eax
movzx eax, byte [ebp - 0x50f]
push 0
push 1
push 0
push 0
push eax
push dword [ebp - 0x50c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
jmp short loc_fffc07ef  ; jmp 0xfffc07ef

loc_fffc0785:  ; not directly referenced
cmp byte [ebp - 0x50e], 9
sete bl
test byte [ebp - 0x520], bl
jne short loc_fffc07e2  ; jne 0xfffc07e2
cmp byte [ebp - 0x50e], 9
setne bl
test byte [ebp - 0x51c], bl
jne short loc_fffc07e2  ; jne 0xfffc07e2

loc_fffc07a9:  ; not directly referenced
add eax, 8
cmp eax, 0x40
jne short loc_fffc0785  ; jne 0xfffc0785
inc edx

loc_fffc07b2:  ; not directly referenced
mov eax, dword [ebp - 0x50c]
cmp dl, byte [eax + 0x2488]
jae short loc_fffc0747  ; jae 0xfffc0747
mov bl, byte [ebp - 0x565]
movzx eax, dl
shl eax, 4
add eax, dword [ebp - 0x514]
xor ebx, 1
lea ecx, [esi + eax*4]
xor eax, eax
mov byte [ebp - 0x51c], bl
jmp short loc_fffc0785  ; jmp 0xfffc0785

loc_fffc07e2:  ; not directly referenced
mov ebx, 0xf
sub ebx, dword [ecx + eax]
mov dword [ecx + eax], ebx
jmp short loc_fffc07a9  ; jmp 0xfffc07a9

loc_fffc07ef:  ; not directly referenced
inc byte [ebp - 0x510]
inc dword [ebp - 0x514]
and byte [ebp - 0x510], 1
cmp dword [ebp - 0x514], 2
jne loc_fffbfcd3  ; jne 0xfffbfcd3
push 2
mov edx, 0
push 0
mov eax, 0x88888888
push 0
push 0
push 0
push dword [ebp - 0x574]
cmp byte [ebp - 0x50d], 1
push 0
cmovne eax, edx
push 1
push 0
push eax
movzx eax, byte [ebp - 0x53c]
push eax
push dword [ebp - 0x50c]
call fcn_fffcc900  ; call 0xfffcc900
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc0855:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, 0x36
push ebx
mov ebx, eax
sub esp, 0x3c
mov eax, dword [ebp + 8]
cmp dword [ebx + 0x2480], 2
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x24], eax
mov byte [ebp - 0x2a], al
mov eax, dword [ebx + 0x2443]
mov dword [ebp - 0x38], eax
jne short loc_fffc088c  ; jne 0xfffc088c
cmp byte [ebp - 0x24], 5
mov al, 0x25
cmove esi, eax

loc_fffc088c:  ; not directly referenced
movzx eax, byte [ebp - 0x24]
movzx edi, cl
push ecx
push ecx
mov ecx, edi
mov edx, eax
mov dword [ebp - 0x1c], eax
lea eax, [ebx + 0x2490]
mov dword [ebp - 0x20], eax
mov eax, 1
shl eax, cl
mov ecx, edx
mov edx, dword [ebp - 0x20]
movzx eax, al
push eax
mov eax, ebx
push edi
call fcn_fffa7e6c  ; call 0xfffa7e6c
add esp, 0x10
test eax, eax
jne loc_fffc0a25  ; jne 0xfffc0a25
movzx eax, byte [ebp - 0x28]
push edx
push edx
mov edx, dword [ebp - 0x20]
push dword [ebp + 0x18]
mov ecx, eax
mov dword [ebp - 0x3c], eax
mov eax, esi
movzx esi, al
mov eax, ebx
push esi
push dword [ebp + 0xc]
push dword [ebp - 0x1c]
push edi
push edi
call fcn_fffd13ed  ; call 0xfffd13ed
add esp, 0x20
test eax, eax
jne loc_fffc0a25  ; jne 0xfffc0a25
mov ecx, dword [ebp - 0x1c]
sub esp, 0xc
mov eax, ebx
mov edx, dword [ebp - 0x20]
push edi
call fcn_fffa7d98  ; call 0xfffa7d98
add esp, 0x10
test eax, eax
jne loc_fffc0a25  ; jne 0xfffc0a25
xor edx, edx
cmp byte [ebp - 0x24], 0x21
ja short loc_fffc0927  ; ja 0xfffc0927
mov eax, dword [ebp - 0x1c]
movzx edx, byte [eax + ref_fffd5f1c]  ; movzx edx, byte [eax - 0x2a0e4]

loc_fffc0927:  ; not directly referenced
imul esi, edx, 0x48
xor eax, eax
mov byte [ebp - 0x28], 0
mov dword [ebp - 0x44], esi

loc_fffc0933:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x28], 1
setbe dl
test cl, dl
je loc_fffc0a25  ; je 0xfffc0a25
mov al, byte [ebp - 0x28]
movzx esi, al
mov dword [ebp - 0x30], esi
mov esi, dword [ebp - 0x3c]
bt esi, eax
jb short loc_fffc095f  ; jb 0xfffc095f

loc_fffc0958:  ; not directly referenced
xor eax, eax
jmp near loc_fffc0a1d  ; jmp 0xfffc0a1d

loc_fffc095f:  ; not directly referenced
imul eax, dword [ebp - 0x30], 0x24
mov esi, dword [ebp + 0x14]
mov dword [ebp - 0x24], 0x18
mov byte [ebp - 0x29], 0
add esi, eax
add eax, dword [ebp + 0x10]
mov dword [ebp - 0x34], esi
mov dword [ebp - 0x40], eax

loc_fffc097c:  ; not directly referenced
mov al, byte [ebp - 0x29]
cmp al, byte [ebx + 0x2488]
jae short loc_fffc0958  ; jae 0xfffc0958
imul edx, edi, 0x12
movzx ecx, byte [ebp - 0x29]
imul eax, dword [ebp - 0x30], 9
add eax, edx
mov edx, dword [ebp - 0x44]
mov esi, eax
add eax, ecx
lea eax, [eax + edx + 8]
add edx, esi
mov eax, dword [ebx + eax*8 + 0x2454]
lea edx, [ecx + edx + 8]
mov esi, 0xa
add eax, dword [ebx + edx*8 + 0x2450]
xor edx, edx
div esi
mov edx, dword [ebp - 0x40]
mov dword [edx + ecx*4], eax
shr eax, 1
mov edx, 0x18
cmp eax, 0x18
cmovbe edx, eax
mov eax, dword [ebp - 0x34]
cmp dword [ebp - 0x24], edx
mov dword [eax + ecx*4], edx
mov ecx, dword [ebp - 0x1c]
mov eax, ebx
cmovbe edx, dword [ebp - 0x24]
sub esp, 0xc
push edi
mov dword [ebp - 0x24], edx
mov edx, dword [ebp - 0x20]
call fcn_fffa7d98  ; call 0xfffa7d98
add esp, 0x10
test eax, eax
jne short loc_fffc0a1d  ; jne 0xfffc0a1d
cmp byte [ebp - 0x2a], 5
jne short loc_fffc0a15  ; jne 0xfffc0a15
push eax
movzx eax, byte [ebx + 0x2488]
push dword [ebp - 0x24]
push eax
mov eax, dword [ebp - 0x38]
push dword [ebp - 0x34]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc0a15:  ; not directly referenced
inc byte [ebp - 0x29]
jmp near loc_fffc097c  ; jmp 0xfffc097c

loc_fffc0a1d:  ; not directly referenced
inc byte [ebp - 0x28]
jmp near loc_fffc0933  ; jmp 0xfffc0933

loc_fffc0a25:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc0a2d:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xcfc
mov edi, dword [ebp + 0x18]
mov dword [ebp - 0xcc0], edx
mov dl, byte [ebp + 0xc]
mov esi, dword [ebp + 0x10]
mov dword [ebp - 0xc88], ecx
mov ecx, 7
mov ebx, dword [ebp + 8]
mov dword [ebp - 0xca0], edi
mov edi, dword [ebp + 0x1c]
mov byte [ebp - 0xcee], dl
mov dl, byte [ebp + 0x14]
mov dword [ebp - 0xc98], esi
mov esi, ref_fffd5934  ; mov esi, 0xfffd5934
mov dword [ebp - 0xc7c], eax
mov dword [ebp - 0xca4], edi
mov byte [ebp - 0xcef], dl
mov edx, edi
lea edi, [ebp - 0xc58]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0xc3c]
mov esi, ref_fffd5950  ; mov esi, 0xfffd5950
mov byte [ebp - 0xc9a], bl
mov byte [ebp - 0xc99], dl
mov cl, 7
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
lea edi, [ebp - 0xc20]
mov esi, ref_fffd596c  ; mov esi, 0xfffd596c
mov cl, 7
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov esi, dword [eax + 0x5edc]
mov eax, dword [eax + 0x2443]
mov dword [ebp - 0xce8], esi
mov dword [ebp - 0xc84], eax
lea eax, [ebx - 1]
cmp al, 1
ja loc_fffc199b  ; ja 0xfffc199b
push esi
push 0
push 0x10
lea eax, [ebp - 0xc68]
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
xor eax, eax

loc_fffc0af6:  ; not directly referenced
mov byte [ebp + eax - 0xc71], al
inc eax
cmp eax, 9
jne short loc_fffc0af6  ; jne 0xfffc0af6
movzx eax, bl
mov cl, byte [ebp - 0xca0]
sub esp, 0xc
mov al, byte [eax + ref_fffd5f1c]  ; mov al, byte [eax - 0x2a0e4]
mov edi, dword [ebp - 0xc7c]
push 0
dec ecx
mov byte [ebp - 0xc80], al
movzx eax, byte [ebp - 0xc88]
movzx ecx, cl
mov dword [ebp - 0xcec], eax
mov edx, eax
mov eax, edi
call fcn_fffb26ca  ; call 0xfffb26ca
xor eax, eax
add esp, 0x10
mov byte [edi + 0x248b], 9
mov edi, dword [ebp - 0xc98]
cmp bl, 1
cmove eax, edi
mov byte [ebp - 0xc9c], al
inc eax
cmp byte [ebp - 0xca4], 0
mov byte [ebp - 0xced], al
jne short loc_fffc0b82  ; jne 0xfffc0b82
push ecx
push 0
lea eax, [ebp - 0xc04]
push 0x1c
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x5c]  ; ucall
jmp short loc_fffc0b9c  ; jmp 0xfffc0b9c

loc_fffc0b82:  ; not directly referenced
push edx
push 0x1c
lea eax, [ebp - 0xc20]
push eax
lea eax, [ebp - 0xc04]
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x58]  ; ucall

loc_fffc0b9c:  ; not directly referenced
add esp, 0x10
xor edx, edx
xor esi, esi
xor eax, eax
mov edi, 6

loc_fffc0baa:  ; not directly referenced
movzx ecx, al
add esi, dword [ebp + ecx*4 - 0xc58]
add edx, dword [ebp + ecx*4 - 0xc3c]
cmp byte [ebp - 0xc99], 0
mov dword [ebp - 0xcd8], esi
mov dword [ebp - 0xcdc], edx
cmove eax, edi
inc eax
cmp al, 7
jne short loc_fffc0baa  ; jne 0xfffc0baa
movzx eax, byte [ebp - 0xc80]
cmp bl, 1
sete byte [ebp - 0xc9b]
add byte [ebp - 0xc9b], 8
dec bl
setne byte [ebp - 0xca0]
imul eax, eax, 0x240
add eax, dword [ebp - 0xcc0]
add byte [ebp - 0xca0], 4
mov dword [ebp - 0xcbc], eax
movzx eax, byte [ebp - 0xc9a]
mov dword [ebp - 0xc80], 0
mov dword [ebp - 0xce4], eax
movzx eax, byte [ebp - 0xca0]
mov dword [ebp - 0xcb4], eax

loc_fffc0c34:  ; not directly referenced
mov eax, dword [ebp - 0xce8]
mov edi, 1
xor ebx, ebx
mov cl, byte [ebp - 0xc80]
mov byte [ebp - 0xc98], 0
add eax, 0x70
shl edi, cl
mov esi, eax
mov dword [ebp - 0xcc8], eax

loc_fffc0c5b:  ; not directly referenced
mov eax, dword [ebp - 0xcec]
bt eax, ebx
jae short loc_fffc0ca5  ; jae 0xfffc0ca5
mov eax, dword [ebp - 0xc7c]
mov ecx, edi
mov edx, ebx
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0xc98], al
movzx eax, byte [ebp - 0xc98]
bt eax, ebx
jae short loc_fffc0ca5  ; jae 0xfffc0ca5
push eax
mov eax, dword [ebp - 0xc7c]
push 0
movzx eax, byte [eax + 0x2488]
push eax
mov eax, dword [ebp - 0xc84]
push esi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc0ca5:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne short loc_fffc0c5b  ; jne 0xfffc0c5b
cmp byte [ebp - 0xc98], 0
jne short loc_fffc0d04  ; jne 0xfffc0d04

loc_fffc0cba:  ; not directly referenced
inc dword [ebp - 0xc80]
cmp dword [ebp - 0xc80], 4
jne loc_fffc0c34  ; jne 0xfffc0c34
mov edi, dword [ebp - 0xc7c]
movzx eax, byte [ebp - 0xca0]
mov byte [edi + 0x247a], 0
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push eax
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
jmp near loc_fffc19a7  ; jmp 0xfffc19a7

loc_fffc0d04:  ; not directly referenced
cmp byte [ebp - 0xcef], 1
jne short loc_fffc0d3e  ; jne 0xfffc0d3e
push 0
movzx eax, byte [ebp - 0xc9b]
push 0
push 1
push 0
push 0
push dword [ebp - 0xc80]
push 0
push 1
push 0
push 0x88888888
push eax
push dword [ebp - 0xc7c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30

loc_fffc0d3e:  ; not directly referenced
xor ebx, ebx
cmp byte [ebp - 0xc99], 0
je loc_fffc0e26  ; je 0xfffc0e26
sub esp, 0xc
movzx edx, byte [ebp - 0xc98]
lea eax, [ebp - 0xc68]
mov ecx, dword [ebp - 0xc80]
push eax
lea ebx, [ebp - 0xbe8]
push ebx
lea eax, [ebp - 0xba0]
push eax
lea eax, [ebp - 0xc71]
push eax
mov eax, dword [ebp - 0xc7c]
push dword [ebp - 0xcb4]
call fcn_fffc0855  ; call 0xfffc0855
add esp, 0x20
test eax, eax
jne short loc_fffc0de8  ; jne 0xfffc0de8

loc_fffc0d91:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0xce4]
push eax
mov edx, dword [ebp - 0xcc0]
push edi
mov edi, dword [ebp - 0xc80]
mov eax, dword [ebp - 0xc7c]
push edi
call fcn_fffa7e6c  ; call 0xfffa7e6c
mov al, byte [ebp - 0xc98]
add esp, 0x10
mov dword [ebp - 0xcac], 0
movzx ebx, al
and eax, 2
movzx eax, al
mov dword [ebp - 0xca8], eax
imul eax, edi, 0x12
mov dword [ebp - 0xc88], ebx
mov dword [ebp - 0xcc4], eax
jmp near loc_fffc0feb  ; jmp 0xfffc0feb

loc_fffc0de8:  ; not directly referenced
mov esi, dword [ebp - 0xc7c]
push eax
push 0x18
movzx eax, byte [esi + 0x2488]
push eax
push ebx
mov ebx, dword [ebp - 0xc84]
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0xc
push 0x18
movzx eax, byte [esi + 0x2488]
push eax
lea eax, [ebp - 0xbc4]
push eax
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0x10
jmp near loc_fffc0d91  ; jmp 0xfffc0d91

loc_fffc0e26:  ; not directly referenced
mov esi, dword [ebp - 0xc7c]
push eax
push 1
movzx eax, byte [esi + 0x2488]
push eax
lea eax, [ebp - 0xba0]
add eax, ebx
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x64]  ; ucall
add esp, 0xc
push 1
movzx eax, byte [esi + 0x2488]
lea esi, [ebp - 0xbe8]
push eax
lea eax, [esi + ebx]
add ebx, 0x24
push eax
mov eax, dword [ebp - 0xc84]
call dword [eax + 0x64]  ; ucall
add esp, 0x10
cmp ebx, 0x48
je loc_fffc0d91  ; je 0xfffc0d91
jmp short loc_fffc0e26  ; jmp 0xfffc0e26

loc_fffc0e7a:  ; not directly referenced
cmp byte [ebp - 0xc9c], 0
jne loc_fffc100a  ; jne 0xfffc100a

loc_fffc0e87:  ; not directly referenced
xor ebx, ebx

loc_fffc0e89:  ; not directly referenced
lea eax, [ebp - 0xbe8]
xor edi, edi
mov dword [ebp - 0xcb0], eax
movzx eax, bl
mov dword [ebp - 0xcd0], eax

loc_fffc0ea0:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, edi
jb loc_fffc1065  ; jb 0xfffc1065

loc_fffc0eaf:  ; not directly referenced
inc edi
add dword [ebp - 0xcb0], 0x24
cmp edi, 2
jne short loc_fffc0ea0  ; jne 0xfffc0ea0
push eax
mov ecx, dword [ebp - 0xc88]
push eax
mov edx, dword [ebp - 0xcc0]
lea eax, [ebp - 0xc68]
push eax
push 0x1f
lea eax, [ebp - 0xc71]
push eax
mov eax, dword [ebp - 0xc80]
push dword [ebp - 0xce4]
push eax
push eax
mov eax, dword [ebp - 0xc7c]
call fcn_fffd13ed  ; call 0xfffd13ed
movzx eax, bl
add esp, 0x20
mov dword [ebp - 0xce0], eax
imul eax, eax, 0x12
mov dword [ebp - 0xcb0], 0
mov dword [ebp - 0xcfc], eax

loc_fffc0f12:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
mov edi, dword [ebp - 0xcb0]
bt eax, edi
jb loc_fffc10f7  ; jb 0xfffc10f7

loc_fffc0f27:  ; not directly referenced
inc dword [ebp - 0xcb0]
cmp dword [ebp - 0xcb0], 2
jne short loc_fffc0f12  ; jne 0xfffc0f12
cmp byte [ebp - 0xc99], 0
mov al, 7
cmove ebx, eax
inc ebx
cmp bl, 6
jbe loc_fffc0e89  ; jbe 0xfffc0e89
mov eax, dword [ebp - 0xc7c]
xor esi, esi
add eax, 0x3756
mov dword [ebp - 0xcb0], eax
mov eax, dword [ebp - 0xcc8]
mov dword [ebp - 0xcb8], eax
imul eax, dword [ebp - 0xc80], 9
mov dword [ebp - 0xcd4], eax

loc_fffc0f78:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, esi
jae short loc_fffc0fcb  ; jae 0xfffc0fcb
mov eax, dword [ebp - 0xcb0]
add eax, dword [ebp - 0xcd4]
mov byte [ebp - 0xca4], 0
mov dword [ebp - 0xcd0], eax

loc_fffc0f9c:  ; not directly referenced
mov eax, dword [ebp - 0xc7c]
movzx eax, byte [eax + 0x2488]
cmp byte [ebp - 0xca4], al
jb loc_fffc1253  ; jb 0xfffc1253
push edx
push 0
push eax
mov eax, dword [ebp - 0xc84]
push dword [ebp - 0xcb8]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc0fcb:  ; not directly referenced
inc esi
add dword [ebp - 0xcb8], 0xcc
add dword [ebp - 0xcb0], 0x13c3
cmp esi, 2
jne short loc_fffc0f78  ; jne 0xfffc0f78
inc dword [ebp - 0xcac]

loc_fffc0feb:  ; not directly referenced
mov ebx, dword [ebp - 0xcac]
mov al, byte [ebp - 0xced]
mov byte [ebp - 0xccc], bl
cmp bl, al
jb loc_fffc0e7a  ; jb 0xfffc0e7a
jmp near loc_fffc13ab  ; jmp 0xfffc13ab

loc_fffc100a:  ; not directly referenced
test byte [ebp - 0xc98], 1
je short loc_fffc1033  ; je 0xfffc1033
mov cl, byte [ebp - 0xcac]
mov eax, 0x55
mov edx, 0x409a
shl eax, cl
movzx ecx, al
mov eax, dword [ebp - 0xc7c]
call fcn_fffae566  ; call 0xfffae566

loc_fffc1033:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je loc_fffc0e87  ; je 0xfffc0e87
mov cl, byte [ebp - 0xcac]
mov eax, 0x55
mov edx, 0x449a
shl eax, cl
movzx ecx, al
mov eax, dword [ebp - 0xc7c]
call fcn_fffae566  ; call 0xfffae566
jmp near loc_fffc0e87  ; jmp 0xfffc0e87

loc_fffc1065:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
lea ecx, [edi + 1]
mov byte [ebp - 0xca4], 1
sar eax, cl
cmp byte [ebp - 0xca0], 4
mov dword [ebp - 0xcb8], eax
jne short loc_fffc1098  ; jne 0xfffc1098
mov eax, dword [ebp - 0xc7c]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0xca4], al

loc_fffc1098:  ; not directly referenced
xor esi, esi

loc_fffc109a:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0xca4], al
jbe loc_fffc0eaf  ; jbe 0xfffc0eaf
push 0
mov eax, dword [ebp - 0xcb0]
push dword [ebp - 0xcb8]
mov ecx, dword [ebp - 0xcd0]
push 0
push 0
push esi
push dword [ebp - 0xc80]
push edi
push 0
push 0
mov eax, dword [eax + esi*4]
inc esi
imul eax, dword [ebp + ecx*4 - 0xc04]
mov ecx, 0x18
cdq
idiv ecx
push eax
push dword [ebp - 0xcb4]
push dword [ebp - 0xc7c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
jmp short loc_fffc109a  ; jmp 0xfffc109a

loc_fffc10f7:  ; not directly referenced
imul eax, dword [ebp - 0xcb0], 9
mov byte [ebp - 0xcb8], 0
mov dword [ebp - 0xca4], eax
mov eax, dword [ebp - 0xcfc]
add eax, dword [ebp - 0xca4]
mov dword [ebp - 0xcf8], eax

loc_fffc111d:  ; not directly referenced
mov edx, dword [ebp - 0xc7c]
mov al, byte [ebp - 0xcb8]
cmp al, byte [edx + 0x2488]
jae loc_fffc0f27  ; jae 0xfffc0f27
mov eax, dword [ebp - 0xcc4]
mov edi, dword [ebp - 0xca4]
movzx ecx, byte [ebp - 0xcb8]
mov esi, dword [ebp - 0xcbc]
lea edx, [eax + edi]
add edx, ecx
lea eax, [esi + edx*8]
mov esi, dword [esi + edx*8]
mov dword [ebp - 0xcd0], eax
mov eax, dword [eax + 4]
mov dword [ebp - 0xcd4], esi
mov edx, eax
sub edx, esi
mov dword [ebp - 0xcf4], edx
test bl, bl
jne short loc_fffc119a  ; jne 0xfffc119a
add eax, dword [ebp - 0xcd4]
xor edx, edx
lea esi, [edi + ecx]
mov edi, 0xa
mov dword [ebp + esi*4 - 0xb10], 0
div edi
mov dword [ebp + esi*4 - 0xb58], eax

loc_fffc119a:  ; not directly referenced
mov eax, dword [ebp - 0xca4]
lea esi, [eax + ecx]
mov eax, dword [ebp - 0xce0]
mov edi, esi
mov esi, dword [ebp + esi*4 - 0xb58]
mov edx, dword [ebp + edi*4 - 0xba0]
imul esi, dword [ebp + eax*4 - 0xc3c]
imul edx, dword [ebp + eax*4 - 0xc58]
add edx, esi
mov esi, dword [ebp - 0xcf8]
imul edx, dword [ebp - 0xcf4]
add dword [ebp + edi*4 - 0xb10], edx
cmp dword [ebp + eax*4 - 0xc04], 0
lea edx, [esi + ecx]
mov esi, dword [ebp - 0xcd4]
mov dword [ebp + edx*8 - 0x888], esi
mov esi, dword [ebp - 0xcd0]
mov esi, dword [esi + 4]
mov dword [ebp + edx*8 - 0x884], esi
jns short loc_fffc1248  ; jns 0xfffc1248
cmp bl, 6
je short loc_fffc1248  ; je 0xfffc1248
cmp dword [ebp + eax*4 - 0xc00], 0
jle short loc_fffc1248  ; jle 0xfffc1248
mov eax, dword [ebp - 0xcc4]
mov edx, dword [ebp - 0xca4]
mov esi, dword [ebp + edi*8 - 0x888]
add edx, eax
mov eax, dword [ebp - 0xcbc]
add ecx, edx
mov dword [eax + ecx*8], esi
mov ecx, dword [ebp - 0xcd0]
mov eax, dword [ebp + edi*8 - 0x884]
mov dword [ecx + 4], eax

loc_fffc1248:  ; not directly referenced
inc byte [ebp - 0xcb8]
jmp near loc_fffc111d  ; jmp 0xfffc111d

loc_fffc1253:  ; not directly referenced
movzx ebx, byte [ebp - 0xca4]
lea ecx, [esi + esi*8]
mov edi, dword [ebp - 0xcdc]
mov eax, dword [ebp - 0xcd8]
add ecx, ebx
imul edi, dword [ebp + ecx*4 - 0xb58]
imul eax, dword [ebp + ecx*4 - 0xba0]
add edi, eax
je loc_fffc19a2  ; je 0xfffc19a2
mov edx, dword [ebp + ecx*4 - 0xb10]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, edi
imul edi, edi, 0x14
imul eax, eax, 0xa
add eax, edx
cdq
idiv edi
cmp byte [ebp - 0xc9a], 1
mov edi, eax
mov dword [ebp + ecx*4 - 0xb10], eax
jne short loc_fffc1310  ; jne 0xfffc1310
cmp byte [ebp - 0xccc], 0
jne short loc_fffc12cb  ; jne 0xfffc12cb
mov ecx, dword [ebp - 0xcd0]
add byte [ebx + ecx + 0x104a], al

loc_fffc12cb:  ; not directly referenced
cmp byte [ebp - 0xccc], 1
sete dl
cmp byte [ebp - 0xc9c], 0
sete al
or dl, al
je short loc_fffc1345  ; je 0xfffc1345
mov edx, dword [ebp - 0xcd0]
mov eax, edi
mov ecx, dword [ebp - 0xc80]
add byte [ebx + edx + 0x106e], al
mov edx, esi
push eax
mov eax, dword [ebp - 0xc7c]
push 0
push 0xff
push ebx
call fcn_fffa7499  ; call 0xfffa7499
jmp short loc_fffc1342  ; jmp 0xfffc1342

loc_fffc1310:  ; not directly referenced
mov eax, dword [ebp - 0xcd4]
mov edx, esi
mov ecx, dword [ebp - 0xcb0]
add eax, ebx
add word [ecx + eax*2 + 0x169], di
mov eax, dword [ebp - 0xc7c]
push ecx
mov ecx, dword [ebp - 0xc80]
push 0
push 0xff
push ebx
call fcn_fffa73b0  ; call 0xfffa73b0

loc_fffc1342:  ; not directly referenced
add esp, 0x10

loc_fffc1345:  ; not directly referenced
imul edi, edi, 0xa
xor ecx, ecx
lea edx, [esi + esi*8]

loc_fffc134d:  ; not directly referenced
movzx eax, cl
imul eax, eax, 0x12
add eax, edx
add eax, ebx
add dword [ebp + eax*8 - 0x888], edi
sub dword [ebp + eax*8 - 0x884], edi
mov al, 7
cmp byte [ebp - 0xc99], 0
cmove ecx, eax
inc ecx
cmp cl, 6
jbe short loc_fffc134d  ; jbe 0xfffc134d
lea ecx, [esi + esi*8]
mov edi, dword [ebp - 0xcbc]
lea eax, [ecx + ebx]
mov edx, dword [ebp + eax*8 - 0x888]
add ecx, dword [ebp - 0xcc4]
inc byte [ebp - 0xca4]
add ebx, ecx
mov dword [edi + ebx*8], edx
mov eax, dword [ebp + eax*8 - 0x884]
mov dword [edi + ebx*8 + 4], eax
jmp near loc_fffc0f9c  ; jmp 0xfffc0f9c

loc_fffc13ab:  ; not directly referenced
cmp byte [ebp - 0xcee], 0
je loc_fffc0cba  ; je 0xfffc0cba
cmp byte [ebp - 0xc99], 0
jne short loc_fffc140e  ; jne 0xfffc140e

loc_fffc13c1:  ; not directly referenced
mov eax, dword [ebp - 0xc98]
and eax, 1
mov dword [ebp - 0xcb0], eax
je short loc_fffc13e7  ; je 0xfffc13e7
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4098
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc13e7:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je loc_fffc1493  ; je 0xfffc1493
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4498
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffc1493  ; jmp 0xfffc1493

loc_fffc140e:  ; not directly referenced
sub esp, 0xc
mov ecx, dword [ebp - 0xc80]
lea eax, [ebp - 0xc68]
mov edx, dword [ebp - 0xc88]
push eax
lea ebx, [ebp - 0xbe8]
push ebx
lea eax, [ebp - 0xba0]
push eax
lea eax, [ebp - 0xc71]
push eax
mov eax, dword [ebp - 0xc7c]
push dword [ebp - 0xcb4]
call fcn_fffc0855  ; call 0xfffc0855
add esp, 0x20
test eax, eax
je loc_fffc13c1  ; je 0xfffc13c1
push edi
mov edi, dword [ebp - 0xc7c]
push 0x18
movzx eax, byte [edi + 0x2488]
push eax
push ebx
mov ebx, dword [ebp - 0xc84]
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0xc
push 0x18
movzx eax, byte [edi + 0x2488]
push eax
lea eax, [ebp - 0xbc4]
push eax
mov eax, ebx
call dword [eax + 0x64]  ; ucall
add esp, 0x10
jmp near loc_fffc13c1  ; jmp 0xfffc13c1

loc_fffc1493:  ; not directly referenced
movzx eax, byte [ebp - 0xc9b]
mov byte [ebp - 0xc98], 0
mov dword [ebp - 0xcd0], eax

loc_fffc14a7:  ; not directly referenced
lea eax, [ebp - 0xbe8]
xor ebx, ebx
mov dword [ebp - 0xcac], eax
movzx eax, byte [ebp - 0xc98]
lea edi, [ebp - 0x498]
mov dword [ebp - 0xcc4], eax

loc_fffc14c8:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, ebx
jb loc_fffc1582  ; jb 0xfffc1582

loc_fffc14d7:  ; not directly referenced
mov eax, dword [ebp - 0xc84]
inc ebx
push esi
push 8
push 0x90
push edi
add edi, 0x240
call dword [eax + 0x64]  ; ucall
add esp, 0x10
add dword [ebp - 0xcac], 0x24
cmp ebx, 2
jne short loc_fffc14c8  ; jne 0xfffc14c8
movzx eax, byte [ebp - 0xc98]
mov ebx, dword [ebp - 0xc7c]
mov edx, dword [ebp - 0xc88]
mov dword [ebp - 0xcd4], eax
imul eax, eax, 0x90
mov byte [ebx + 0x248c], 1
push ecx
mov ecx, dword [ebp - 0xc80]
push dword [ebp - 0xcd0]
lea eax, [ebp + eax - 0x888]
push eax
lea eax, [ebp - 0x498]
push eax
mov eax, ebx
call fcn_fffbfaf9  ; call 0xfffbfaf9
lea eax, [ebp - 0xac8]
add esp, 0x10
mov dword [ebp - 0xcac], eax
lea eax, [ebp - 0xba0]
xor ebx, ebx
mov dword [ebp - 0xcc4], eax
lea eax, [ebp - 0xb58]
mov dword [ebp - 0xcb8], eax
lea eax, [ebp - 0x498]
mov dword [ebp - 0xccc], eax
jmp near loc_fffc1640  ; jmp 0xfffc1640

loc_fffc1582:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
lea ecx, [ebx + 1]
mov byte [ebp - 0xca4], 1
sar eax, cl
cmp byte [ebp - 0xca0], 4
mov dword [ebp - 0xcb8], eax
jne short loc_fffc15b5  ; jne 0xfffc15b5
mov eax, dword [ebp - 0xc7c]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0xca4], al

loc_fffc15b5:  ; not directly referenced
xor esi, esi

loc_fffc15b7:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0xca4], al
jbe loc_fffc14d7  ; jbe 0xfffc14d7
push 0
mov eax, dword [ebp - 0xcac]
mov ecx, 0x18
push dword [ebp - 0xcb8]
mov edx, dword [ebp - 0xcc4]
push 0
push 0
push esi
push dword [ebp - 0xc80]
push ebx
push 0
push 0
mov eax, dword [eax + esi*4]
inc esi
imul eax, dword [ebp + edx*4 - 0xc04]
cdq
idiv ecx
push eax
push dword [ebp - 0xcb4]
push dword [ebp - 0xc7c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
jmp short loc_fffc15b7  ; jmp 0xfffc15b7

loc_fffc1614:  ; not directly referenced
inc ebx
add dword [ebp - 0xcac], 0x120
add dword [ebp - 0xccc], 0x240
add dword [ebp - 0xcc4], 0x24
add dword [ebp - 0xcb8], 0x24
cmp ebx, 2
je loc_fffc16f0  ; je 0xfffc16f0

loc_fffc1640:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, ebx
jae short loc_fffc1614  ; jae 0xfffc1614
mov eax, dword [ebp - 0xc7c]
xor edx, edx
mov esi, dword [ebp - 0xccc]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0xce0], al
mov eax, dword [ebp - 0xcac]
mov dword [ebp - 0xca4], eax

loc_fffc1671:  ; not directly referenced
cmp byte [ebp - 0xce0], dl
jbe short loc_fffc1614  ; jbe 0xfffc1614
mov eax, dword [ebp - 0xcb8]
mov edi, dword [ebp - 0xcd4]
mov ecx, dword [eax + edx*4]
mov eax, dword [ebp - 0xcc4]
imul ecx, dword [ebp + edi*4 - 0xc3c]
mov eax, dword [eax + edx*4]
imul eax, dword [ebp + edi*4 - 0xc58]
add eax, ecx
mov dword [ebp - 0xcf4], eax
xor eax, eax

loc_fffc16ab:  ; not directly referenced
mov edi, dword [esi + eax*2 + 4]
add edi, dword [esi + eax*2]
sub edi, 0x10
cmp byte [ebp - 0xc98], 0
jne short loc_fffc16cb  ; jne 0xfffc16cb
mov ecx, dword [ebp - 0xca4]
mov dword [ecx + eax], 0

loc_fffc16cb:  ; not directly referenced
mov ecx, dword [ebp - 0xca4]
imul edi, dword [ebp - 0xcf4]
add dword [ecx + eax], edi
add eax, 4
cmp eax, 0x20
jne short loc_fffc16ab  ; jne 0xfffc16ab
inc edx
add esi, 0x40
add dword [ebp - 0xca4], 0x20
jmp short loc_fffc1671  ; jmp 0xfffc1671

loc_fffc16f0:  ; not directly referenced
mov bl, byte [ebp - 0xc98]
mov al, 7
cmp byte [ebp - 0xc99], 0
cmove ebx, eax
mov byte [ebp - 0xc98], bl
inc byte [ebp - 0xc98]
cmp byte [ebp - 0xc98], 6
jbe loc_fffc14a7  ; jbe 0xfffc14a7
mov eax, dword [ebp - 0xc7c]
xor edi, edi
mov ebx, dword [ebp - 0xcc8]
mov dword [ebp - 0xcac], 0
add eax, 0x3756
mov dword [ebp - 0xcb8], eax
imul eax, dword [ebp - 0xc80], 0xd8
mov dword [ebp - 0xcc4], ebx
add eax, 0x282
mov dword [ebp - 0xcf4], eax

loc_fffc1759:  ; not directly referenced
mov eax, dword [ebp - 0xc88]
bt eax, edi
jae loc_fffc18f5  ; jae 0xfffc18f5
mov eax, dword [ebp - 0xc7c]
mov edx, edi
mov ecx, 0xffff0001
shl edx, 0xa
add edx, 0x4098
call fcn_fffae58c  ; call 0xfffae58c
lea eax, [edi + edi*8]
mov byte [ebp - 0xc98], 0
mov dword [ebp - 0xce0], eax

loc_fffc1793:  ; not directly referenced
mov eax, dword [ebp - 0xc7c]
movzx eax, byte [eax + 0x2488]
cmp byte [ebp - 0xc98], al
jae loc_fffc18df  ; jae 0xfffc18df
movzx eax, byte [ebp - 0xc98]
mov edx, dword [ebp - 0xcdc]
mov ebx, dword [ebp - 0xcd8]
mov dword [ebp - 0xca4], 0
mov esi, eax
mov dword [ebp - 0xccc], eax
mov eax, dword [ebp - 0xce0]
add eax, esi
imul ebx, dword [ebp + eax*4 - 0xba0]
imul edx, dword [ebp + eax*4 - 0xb58]
mov eax, 1
add edx, ebx
cmovne eax, edx
xor ecx, ecx
mov ebx, eax
add ebx, eax
mov dword [ebp - 0xcd4], ebx
imul ebx, esi, 0x18
add esi, dword [ebp - 0xcac]
add ebx, dword [ebp - 0xcf4]
add ebx, dword [ebp - 0xcb8]
mov dword [ebp - 0xcc8], eax
shl esi, 5
lea eax, [ebp - 0xac8]
add esi, eax

loc_fffc1825:  ; not directly referenced
mov edx, dword [esi + ecx]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0xcc8]
add eax, edx
cdq
idiv dword [ebp - 0xcd4]
cmp byte [ebp - 0xc9a], 1
jne short loc_fffc1851  ; jne 0xfffc1851
movzx edx, byte [ebx]
jmp short loc_fffc1858  ; jmp 0xfffc1858

loc_fffc1851:  ; not directly referenced
movzx edx, byte [ebx + 0x360]

loc_fffc1858:  ; not directly referenced
add eax, edx
cmp eax, 0xf
jle short loc_fffc1868  ; jle 0xfffc1868
mov dword [esi + ecx], 0xf
jmp short loc_fffc1875  ; jmp 0xfffc1875

loc_fffc1868:  ; not directly referenced
test eax, eax
mov edx, 0
cmovs eax, edx
mov dword [esi + ecx], eax

loc_fffc1875:  ; not directly referenced
cmp byte [ebp - 0xc9a], 1
mov eax, dword [esi + ecx]
jne short loc_fffc1885  ; jne 0xfffc1885
mov byte [ebx], al
jmp short loc_fffc188b  ; jmp 0xfffc188b

loc_fffc1885:  ; not directly referenced
mov byte [ebx + 0x360], al

loc_fffc188b:  ; not directly referenced
mov eax, dword [esi + ecx]
add ebx, 3
shl eax, cl
add ecx, 4
or dword [ebp - 0xca4], eax
cmp ecx, 0x20
jne short loc_fffc1825  ; jne 0xfffc1825
push 0
push 0
push 0
push 0
push dword [ebp - 0xccc]
push dword [ebp - 0xc80]
push edi
push 0
push 0
push dword [ebp - 0xca4]
push dword [ebp - 0xcd0]
push dword [ebp - 0xc7c]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
inc byte [ebp - 0xc98]
jmp near loc_fffc1793  ; jmp 0xfffc1793

loc_fffc18df:  ; not directly referenced
push edx
push 0
push eax
mov eax, dword [ebp - 0xc84]
push dword [ebp - 0xcc4]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc18f5:  ; not directly referenced
inc edi
add dword [ebp - 0xcc4], 0xcc
add dword [ebp - 0xcac], 9
add dword [ebp - 0xcb8], 0x13c3
cmp edi, 2
jne loc_fffc1759  ; jne 0xfffc1759
cmp dword [ebp - 0xcb0], 0
je short loc_fffc1938  ; je 0xfffc1938
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4098
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc1938:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je short loc_fffc1956  ; je 0xfffc1956
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff3001
mov edx, 0x4498
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc1956:  ; not directly referenced
cmp dword [ebp - 0xcb0], 0
je short loc_fffc1974  ; je 0xfffc1974
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff0001
mov edx, 0x4098
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc1974:  ; not directly referenced
cmp dword [ebp - 0xca8], 0
je loc_fffc0cba  ; je 0xfffc0cba
mov eax, dword [ebp - 0xc7c]
mov ecx, 0xffff0001
mov edx, 0x4498
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffc0cba  ; jmp 0xfffc0cba

loc_fffc199b:  ; not directly referenced
mov eax, 2
jmp short loc_fffc19a7  ; jmp 0xfffc19a7

loc_fffc19a2:  ; not directly referenced
mov eax, 1

loc_fffc19a7:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc19af:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1040
mov edi, dword [eax + 0x5edc]
mov dword [ebp - 0x101c], edx
mov dl, byte [ebp + 0x10]
mov dword [ebp - 0xffc], eax
mov esi, dword [ebp + 8]
mov dword [ebp - 0x1000], ecx
mov ebx, dword [ebp + 0xc]
mov byte [ebp - 0xff7], 0
mov byte [ebp - 0x1008], dl
mov edx, dword [eax + 0x2443]
mov eax, dword [eax + 0x188b]
push 0
push 0x10
mov dword [ebp - 0x102c], eax
lea eax, [ebp - 0xfe8]
push eax
mov dword [ebp - 0x1038], esi
mov byte [ebp - 0xff6], 0xf8
mov byte [ebp - 0xff5], 8
mov byte [ebp - 0xff4], 1
mov byte [ebp - 0xff3], 1
mov byte [ebp - 0xff2], 1
mov dword [ebp - 0x1010], edx
call dword [edx + 0x5c]  ; ucall
mov ecx, dword [ebp - 0x1000]
add esp, 0x10
xor eax, eax

loc_fffc1a43:  ; not directly referenced
mov byte [ebp + eax - 0xff1], al
inc eax
cmp eax, 9
jne short loc_fffc1a43  ; jne 0xfffc1a43
mov eax, dword [ebp - 0xffc]
sub esp, 0xc
movzx edx, cl
push 2
mov ecx, 0xf
call fcn_fffb26ca  ; call 0xfffb26ca
add esp, 0x10
xor eax, eax
mov byte [ebp - 0x1004], 0
mov dl, 3

loc_fffc1a76:  ; not directly referenced
movzx ecx, al
mov cl, byte [ebp + ecx - 0xff4]
add byte [ebp - 0x1004], cl
cmp byte [ebp - 0x1008], 0
cmove eax, edx
inc eax
cmp al, 2
jbe short loc_fffc1a76  ; jbe 0xfffc1a76
mov esi, dword [ebp - 0x1004]
mov eax, esi
test al, al
mov al, 1
cmove esi, eax
dec bl
mov eax, esi
mov byte [ebp - 0x1004], al
jne short loc_fffc1ad7  ; jne 0xfffc1ad7
push 1
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0x88888888
push 0xa
push dword [ebp - 0xffc]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30

loc_fffc1ad7:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
xor ebx, ebx
mov byte [ebp - 0x1000], 0
lea esi, [eax + 0x381a]
lea eax, [edi + 0x70]
mov dword [ebp - 0x1028], eax
mov edi, eax

loc_fffc1af7:  ; not directly referenced
movzx ecx, byte [esi]
mov edx, ebx
mov eax, dword [ebp - 0xffc]
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0x1000], al
cmp dword [esi - 0xc4], 2
jne short loc_fffc1b34  ; jne 0xfffc1b34
mov eax, dword [ebp - 0xffc]
push ecx
push 0
movzx eax, byte [eax + 0x2488]
push eax
mov eax, dword [ebp - 0x1010]
push edi
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc1b34:  ; not directly referenced
inc ebx
add esi, 0x13c3
add edi, 0xcc
cmp ebx, 2
jne short loc_fffc1af7  ; jne 0xfffc1af7
mov eax, dword [ebp - 0xffc]
mov ecx, 1
push edx
push edx
push 0xf
lea edi, [eax + 0x2490]
push 0
mov edx, edi
mov dword [ebp - 0x1014], edi
call fcn_fffa7e6c  ; call 0xfffa7e6c
movzx eax, byte [ebp - 0x1000]
lea ecx, [ebp - 0xfd8]
mov esi, dword [ebp - 0x101c]
add esp, 0x10
mov dword [ebp - 0x100c], 0
mov dword [ebp - 0x1000], eax

loc_fffc1b90:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
mov edi, dword [ebp - 0x100c]
bt eax, edi
jae short loc_fffc1bf5  ; jae 0xfffc1bf5
mov eax, dword [ebp - 0xffc]
xor edi, edi
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x1018], al
jmp short loc_fffc1beb  ; jmp 0xfffc1beb

loc_fffc1bb7:  ; not directly referenced
cmp byte [ebp - 0x1008], 0
je short loc_fffc1c2d  ; je 0xfffc1c2d
mov eax, dword [esi + edi*8 + 0x244]
mov ebx, 0x14
xor edx, edx
add eax, dword [esi + edi*8 + 0x240]
div ebx
mov dword [ecx + edi*4], eax

loc_fffc1bda:  ; not directly referenced
mov eax, dword [ecx + edi*4]
dec eax
cmp eax, 0xb
jbe short loc_fffc1bea  ; jbe 0xfffc1bea
mov dword [ecx + edi*4], 0xc

loc_fffc1bea:  ; not directly referenced
inc edi

loc_fffc1beb:  ; not directly referenced
mov eax, edi
cmp byte [ebp - 0x1018], al
ja short loc_fffc1bb7  ; ja 0xfffc1bb7

loc_fffc1bf5:  ; not directly referenced
inc dword [ebp - 0x100c]
add ecx, 0x24
add esi, 0x48
cmp dword [ebp - 0x100c], 2
jne short loc_fffc1b90  ; jne 0xfffc1b90
push eax
mov edx, dword [ebp - 0x1014]
mov ecx, 4
push eax
mov eax, dword [ebp - 0xffc]
xor edi, edi
push 0xf
push 0
call fcn_fffa7e6c  ; call 0xfffa7e6c
add esp, 0x10
jmp short loc_fffc1c36  ; jmp 0xfffc1c36

loc_fffc1c2d:  ; not directly referenced
mov dword [ecx + edi*4], 1
jmp short loc_fffc1bda  ; jmp 0xfffc1bda

loc_fffc1c36:  ; not directly referenced
mov eax, edi
xor ebx, ebx
movzx esi, al

loc_fffc1c3d:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, ebx
jae short loc_fffc1c55  ; jae 0xfffc1c55
lea eax, [ebx + ebx*8]
xor ecx, ecx
mov dword [ebp - 0x100c], eax
jmp short loc_fffc1cc1  ; jmp 0xfffc1cc1

loc_fffc1c55:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc1c3d  ; jne 0xfffc1c3d
push eax
mov ecx, dword [ebp - 0x1000]
push eax
mov edx, dword [ebp - 0x1014]
lea eax, [ebp - 0xfe8]
push eax
push 0x36
lea eax, [ebp - 0xff1]
push eax
mov eax, dword [ebp - 0xffc]
push 4
push 0xff
push 0
call fcn_fffd13ed  ; call 0xfffd13ed
mov eax, edi
mov ebx, dword [ebp - 0x101c]
movzx eax, al
add esp, 0x20
imul ecx, eax, 0x90
lea edx, [ebp - 0xf90]
mov dword [ebp - 0x100c], ebx
xor ebx, ebx
mov dword [ebp - 0x1034], eax
lea esi, [ebp + ecx - 0xf48]
jmp near loc_fffc1d55  ; jmp 0xfffc1d55

loc_fffc1cc1:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
cmp cl, byte [eax + 0x2488]
jae short loc_fffc1c55  ; jae 0xfffc1c55
push 2
mov edx, dword [ebp - 0x100c]
movzx eax, cl
push 0
push 1
push 0
push eax
add edx, eax
movsx eax, byte [ebp + esi - 0xff7]
imul eax, dword [ebp + edx*4 - 0xfd8]
mov dword [ebp - 0x1018], ecx
mov ecx, 0xc
push 0
push ebx
cdq
idiv ecx
push 0
push 0
push eax
push 1
push dword [ebp - 0xffc]
call fcn_fffcc900  ; call 0xfffcc900
mov ecx, dword [ebp - 0x1018]
add esp, 0x30
inc ecx
jmp short loc_fffc1cc1  ; jmp 0xfffc1cc1

loc_fffc1d22:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x1030], al
xor eax, eax

loc_fffc1d36:  ; not directly referenced
cmp byte [ebp - 0x1030], al
ja short loc_fffc1d62  ; ja 0xfffc1d62

loc_fffc1d3e:  ; not directly referenced
inc ebx
add edx, 0x24
add esi, 0x48
add dword [ebp - 0x100c], 0x48
cmp ebx, 2
je loc_fffc1ddb  ; je 0xfffc1ddb

loc_fffc1d55:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, ebx
jb short loc_fffc1d22  ; jb 0xfffc1d22
jmp short loc_fffc1d3e  ; jmp 0xfffc1d3e

loc_fffc1d62:  ; not directly referenced
mov dword [ebp - 0x103c], edx
mov edx, dword [ebp - 0x100c]
mov ecx, dword [edx + eax*8 + 4]
mov edx, dword [edx + eax*8]
mov dword [ebp - 0x1018], ecx
sub ecx, edx
mov dword [ebp - 0x1024], ecx
mov ecx, edi
test cl, cl
mov dword [ebp - 0x1020], edx
mov edx, dword [ebp - 0x103c]
jne short loc_fffc1d9c  ; jne 0xfffc1d9c
mov dword [edx + eax*4], 0

loc_fffc1d9c:  ; not directly referenced
mov dword [ebp - 0x103c], eax
mov eax, dword [ebp - 0x1034]
movzx eax, byte [ebp + eax - 0xff4]
imul eax, dword [ebp - 0x1024]
mov ecx, eax
mov eax, dword [ebp - 0x103c]
add dword [edx + eax*4], ecx
mov ecx, dword [ebp - 0x1020]
mov dword [esi + eax*8], ecx
mov ecx, dword [ebp - 0x1018]
mov dword [esi + eax*8 + 4], ecx
inc eax
jmp near loc_fffc1d36  ; jmp 0xfffc1d36

loc_fffc1ddb:  ; not directly referenced
cmp byte [ebp - 0x1008], 0
mov al, 3
cmove edi, eax
inc edi
mov eax, edi
cmp al, 2
jbe loc_fffc1c36  ; jbe 0xfffc1c36
movsx eax, byte [ebp - 0x1004]
mov dword [ebp - 0x1004], 0
mov dword [ebp - 0x1018], eax
imul eax, eax, 0x14
mov dword [ebp - 0x1030], eax
mov eax, dword [ebp - 0xffc]
add eax, 0x3756
mov dword [ebp - 0x1034], eax
mov dword [ebp - 0x1014], eax
mov eax, dword [ebp - 0x1028]
mov dword [ebp - 0x1024], eax

loc_fffc1e35:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
mov ebx, dword [ebp - 0x1004]
bt eax, ebx
jae loc_fffc1f9d  ; jae 0xfffc1f9d
lea eax, [ebx + ebx*8]
mov byte [ebp - 0x100c], 0
mov dword [ebp - 0x1020], eax

loc_fffc1e5a:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
movzx eax, byte [eax + 0x2488]
cmp byte [ebp - 0x100c], al
jae loc_fffc1f62  ; jae 0xfffc1f62
movzx ebx, byte [ebp - 0x100c]
mov eax, dword [ebp - 0x1020]
lea ecx, [eax + ebx]
mov eax, dword [ebp + ecx*4 - 0xf90]
cdq
or edx, 1
movsx edi, dl
imul edi, dword [ebp - 0x1018]
imul esi, edi, 0xa
mov edi, dword [ebp - 0x1014]
add eax, esi
cdq
idiv dword [ebp - 0x1030]
mov dword [ebp + ecx*4 - 0xf90], eax
cdq
mov ecx, 2
mov esi, eax
idiv ecx
add byte [edi + ebx + 0x101d], al
xor edi, edi

loc_fffc1ec4:  ; not directly referenced
mov edx, dword [ebp - 0x1014]
mov eax, 1
mov ecx, edi
shl eax, cl
test byte [edx + 0xc4], al
je short loc_fffc1efa  ; je 0xfffc1efa
mov edx, dword [ebp - 0x1004]
mov ecx, edi
push eax
mov eax, dword [ebp - 0xffc]
push 0
push 0xff
push ebx
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffc1efa:  ; not directly referenced
inc edi
cmp edi, 4
jne short loc_fffc1ec4  ; jne 0xfffc1ec4
imul edi, esi, 0xa
xor ecx, ecx
imul esi, esi, 0xfffffff6
mov dl, 3

loc_fffc1f0a:  ; not directly referenced
movzx eax, cl
imul eax, eax, 0x12
add eax, dword [ebp - 0x1020]
add eax, ebx
add dword [ebp + eax*8 - 0xf48], edi
add dword [ebp + eax*8 - 0xf44], esi
cmp byte [ebp - 0x1008], 0
cmove ecx, edx
inc ecx
cmp cl, 2
jbe short loc_fffc1f0a  ; jbe 0xfffc1f0a
add ebx, dword [ebp - 0x1020]
mov edi, dword [ebp - 0x101c]
inc byte [ebp - 0x100c]
mov eax, dword [ebp + ebx*8 - 0xf48]
mov dword [edi + ebx*8], eax
mov eax, dword [ebp + ebx*8 - 0xf44]
mov dword [edi + ebx*8 + 4], eax
jmp near loc_fffc1e5a  ; jmp 0xfffc1e5a

loc_fffc1f62:  ; not directly referenced
push ebx
push 0
push eax
mov eax, dword [ebp - 0x1010]
push dword [ebp - 0x1024]
call dword [eax + 0x64]  ; ucall
mov edx, dword [ebp - 0x1004]
mov ecx, 1
mov dword [esp], 0
mov eax, dword [ebp - 0xffc]
push 1
push 0
push 2
push 0
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20

loc_fffc1f9d:  ; not directly referenced
inc dword [ebp - 0x1004]
add dword [ebp - 0x1024], 0xcc
add dword [ebp - 0x1014], 0x13c3
cmp dword [ebp - 0x1004], 2
jne loc_fffc1e35  ; jne 0xfffc1e35
cmp dword [ebp - 0x102c], 1
sete dl
cmp byte [ebp - 0x1038], 0
setne cl
mov al, cl
and eax, edx
xor eax, 1
test al, cl
je loc_fffc23fc  ; je 0xfffc23fc
cmp dl, 1
sbb eax, eax
mov dword [ebp - 0x100c], eax
and byte [ebp - 0x100c], 0xfd
add byte [ebp - 0x100c], 4
test byte [ebp - 0x1000], 1
je short loc_fffc201e  ; je 0xfffc201e
mov eax, dword [ebp - 0xffc]
mov ecx, 0xffff3001
mov edx, 0x4098
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc201e:  ; not directly referenced
test byte [ebp - 0x1000], 2
je short loc_fffc203c  ; je 0xfffc203c
mov eax, dword [ebp - 0xffc]
mov ecx, 0xffff3001
mov edx, 0x4498
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc203c:  ; not directly referenced
mov byte [ebp - 0x1004], 0

loc_fffc2043:  ; not directly referenced
movzx edi, byte [ebp - 0x1004]
xor ebx, ebx

loc_fffc204c:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, ebx
jb short loc_fffc208d  ; jb 0xfffc208d

loc_fffc2057:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc204c  ; jne 0xfffc204c
movzx eax, byte [ebp - 0x1004]
lea ebx, [ebp - 0xf48]
mov dword [ebp - 0x1014], 0
mov dword [ebp - 0x1030], eax
imul eax, eax, 0x90
add eax, ebx
mov dword [ebp - 0x1038], eax
jmp near loc_fffc215d  ; jmp 0xfffc215d

loc_fffc208d:  ; not directly referenced
lea eax, [ebx + ebx*8]
xor ecx, ecx
mov dword [ebp - 0x1014], eax
mov dword [ebp - 0x101c], eax

loc_fffc209e:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
cmp cl, byte [eax + 0x2488]
jae short loc_fffc2057  ; jae 0xfffc2057
mov eax, dword [ebp - 0x101c]
movzx esi, cl
mov dword [ebp - 0x1020], ecx
mov ecx, 0xc
push 1
push 0
lea edx, [eax + esi]
movsx eax, byte [ebp + edi - 0xff7]
imul eax, dword [ebp + edx*4 - 0xfd8]
push 1
push 0
push esi
cdq
idiv ecx
push 0
push ebx
push 0
push 0
push eax
push 1
push dword [ebp - 0xffc]
call fcn_fffcc900  ; call 0xfffcc900
mov ecx, dword [ebp - 0x1020]
lea eax, [ebp - 0xd98]
add esi, dword [ebp - 0x1014]
add esp, 0x30
shl esi, 6
add esi, eax
xor eax, eax

loc_fffc2110:  ; not directly referenced
mov dword [esi + eax + 4], 8
mov dword [esi + eax], 8
add eax, 8
cmp eax, 0x40
jne short loc_fffc2110  ; jne 0xfffc2110
inc ecx
jmp near loc_fffc209e  ; jmp 0xfffc209e

loc_fffc212d:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, edx
jb short loc_fffc219d  ; jb 0xfffc219d

loc_fffc2138:  ; not directly referenced
inc edx
add dword [ebp - 0x101c], 0x24
cmp edx, 2
jne short loc_fffc212d  ; jne 0xfffc212d
inc dword [ebp - 0x1014]
mov al, byte [ebp - 0x1014]
cmp byte [ebp - 0x100c], al
jbe loc_fffc2233  ; jbe 0xfffc2233

loc_fffc215d:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
lea esi, [ebp - 0xd98]
mov edx, dword [ebp - 0x1000]
mov byte [eax + 0x248c], 1
push ecx
push 0xa
push dword [ebp - 0x1038]
push esi
mov esi, dword [ebp - 0x1014]
mov ecx, esi
call fcn_fffbfaf9  ; call 0xfffbfaf9
lea eax, [esi + esi*8]
add esp, 0x10
mov dword [ebp - 0x101c], eax
xor edx, edx
jmp short loc_fffc212d  ; jmp 0xfffc212d

loc_fffc219d:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
xor ecx, ecx
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x102c], al
lea eax, [edx + edx*8]
mov dword [ebp - 0x1020], eax

loc_fffc21ba:  ; not directly referenced
cmp cl, byte [ebp - 0x102c]
je loc_fffc2138  ; je 0xfffc2138
mov eax, dword [ebp - 0x1030]
movzx ebx, cl
movzx eax, byte [ebp + eax - 0xff4]
mov dword [ebp - 0x1024], eax
mov eax, dword [ebp - 0x1020]
lea edi, [ebx + eax]
add ebx, dword [ebp - 0x101c]
lea eax, [ebp - 0xd98]
shl edi, 6
add edi, eax
shl ebx, 5
lea eax, [ebp - 0x918]
add ebx, eax
xor eax, eax

loc_fffc2204:  ; not directly referenced
mov esi, dword [edi + eax*2 + 4]
add esi, dword [edi + eax*2]
sub esi, 0x10
cmp byte [ebp - 0x1004], 0
jne short loc_fffc221e  ; jne 0xfffc221e
mov dword [ebx + eax], 0

loc_fffc221e:  ; not directly referenced
imul esi, dword [ebp - 0x1024]
add dword [ebx + eax], esi
add eax, 4
cmp eax, 0x20
jne short loc_fffc2204  ; jne 0xfffc2204
inc ecx
jmp short loc_fffc21ba  ; jmp 0xfffc21ba

loc_fffc2233:  ; not directly referenced
mov bl, byte [ebp - 0x1004]
mov al, 3
cmp byte [ebp - 0x1008], 0
cmove ebx, eax
mov byte [ebp - 0x1004], bl
inc byte [ebp - 0x1004]
cmp byte [ebp - 0x1004], 2
jbe loc_fffc2043  ; jbe 0xfffc2043
mov edi, dword [ebp - 0x1018]
mov eax, edi
add eax, edi
xor edi, edi
mov dword [ebp - 0x102c], eax
mov eax, dword [ebp - 0x1034]
mov dword [ebp - 0x1008], eax
mov eax, dword [ebp - 0x1028]
mov dword [ebp - 0x1024], eax

loc_fffc2288:  ; not directly referenced
mov eax, dword [ebp - 0x1000]
bt eax, edi
jae loc_fffc23de  ; jae 0xfffc23de
imul eax, edi, 0x24
mov dword [ebp - 0x1004], 0
mov dword [ebp - 0x1020], eax

loc_fffc22aa:  ; not directly referenced
imul eax, dword [ebp - 0x1004], 0xd8
mov byte [ebp - 0x1014], 0
add eax, 0x942
mov dword [ebp - 0x1030], eax

loc_fffc22c6:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
mov bl, byte [ebp - 0x1014]
movzx eax, byte [eax + 0x2488]
cmp bl, al
jae loc_fffc23a9  ; jae 0xfffc23a9
movzx eax, bl
mov ebx, dword [ebp - 0x1020]
xor ecx, ecx
imul esi, eax, 0x18
add esi, dword [ebp - 0x1030]
add esi, dword [ebp - 0x1008]
add ebx, eax
shl ebx, 5
lea edx, [ebp - 0x918]
add ebx, edx
mov dword [ebp - 0x101c], 0
mov dword [ebp - 0x1028], eax

loc_fffc2318:  ; not directly referenced
mov edx, dword [ebx + ecx]
mov eax, edx
sar eax, 0x1f
or eax, 1
movsx eax, al
imul eax, dword [ebp - 0x1018]
add eax, edx
cdq
idiv dword [ebp - 0x102c]
movzx edx, byte [esi]
add eax, edx
cmp eax, 0xf
jle short loc_fffc2349  ; jle 0xfffc2349
mov dword [ebx + ecx], 0xf
jmp short loc_fffc2356  ; jmp 0xfffc2356

loc_fffc2349:  ; not directly referenced
test eax, eax
mov edx, 0
cmovs eax, edx
mov dword [ebx + ecx], eax

loc_fffc2356:  ; not directly referenced
mov eax, dword [ebx + ecx]
add esi, 3
mov byte [esi - 3], al
shl eax, cl
add ecx, 4
or dword [ebp - 0x101c], eax
cmp ecx, 0x20
jne short loc_fffc2318  ; jne 0xfffc2318
push 2
push 0
push 0
push 0
push dword [ebp - 0x1028]
push dword [ebp - 0x1004]
push edi
push 0
push 0
push dword [ebp - 0x101c]
push 0xa
push dword [ebp - 0xffc]
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
inc byte [ebp - 0x1014]
jmp near loc_fffc22c6  ; jmp 0xfffc22c6

loc_fffc23a9:  ; not directly referenced
inc dword [ebp - 0x1004]
mov dl, byte [ebp - 0x1004]
add dword [ebp - 0x1020], 9
cmp byte [ebp - 0x100c], dl
ja loc_fffc22aa  ; ja 0xfffc22aa
push edx
push 0
push eax
mov eax, dword [ebp - 0x1010]
push dword [ebp - 0x1024]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc23de:  ; not directly referenced
inc edi
add dword [ebp - 0x1024], 0xcc
add dword [ebp - 0x1008], 0x13c3
cmp edi, 2
jne loc_fffc2288  ; jne 0xfffc2288

loc_fffc23fc:  ; not directly referenced
mov eax, dword [ebp - 0xffc]
mov byte [eax + 0x247a], 0
push 2
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 1
push eax
call fcn_fffcc900  ; call 0xfffcc900
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc242d:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
mov ebx, dword [ebp + 8]
push edx
movzx ecx, byte [ebx + 0x248e]
lea esi, [ebx + 0x2490]
mov eax, ebx
push 0
mov edx, esi
push 1
push 1
call fcn_fffc19af  ; call 0xfffc19af
add esp, 0x10
test eax, eax
jne short loc_fffc2473  ; jne 0xfffc2473
push eax
movzx ecx, byte [ebx + 0x248e]
mov edx, esi
push 1
mov eax, ebx
push 0
push 0
call fcn_fffc19af  ; call 0xfffc19af
add esp, 0x10

loc_fffc2473:  ; not directly referenced
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
ret

fcn_fffc247a:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x40
mov eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
add eax, 0x3756
mov dword [ebp - 0x2c], eax

loc_fffc2497:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc24cb  ; ja 0xfffc24cb
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffc24cb  ; jne 0xfffc24cb

loc_fffc24ab:  ; not directly referenced
inc ecx
add dword [ebp - 0x3c], 0x23
add dword [ebp - 0x2c], 8
cmp ecx, 4
jne short loc_fffc2497  ; jne 0xfffc2497
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48dd
jmp near loc_fffc2642  ; jmp 0xfffc2642

loc_fffc24cb:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
add eax, 0x49bf
mov dword [ebp - 0x40], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x2c]
mov dword [ebp - 0x30], eax
mov eax, dword [ebp - 0x3c]
lea esi, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x48], esi
mov dword [ebp - 0x4c], eax

loc_fffc2505:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x28]
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x24], 0
lea ebx, [eax + ebx + 0x1973]

loc_fffc251c:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffc2601  ; jne 0xfffc2601
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x24]
mov eax, dword [esi + eax - 0xf2]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x30]
mov edx, dword [eax + edi + 0xc9]
mov eax, dword [eax + edi + 0xcd]
mov dword [ebp - 0x34], edx
mov dword [ebp - 0x38], eax
cmp ecx, 1
je short loc_fffc25a1  ; je 0xfffc25a1
jb short loc_fffc25ad  ; jb 0xfffc25ad
cmp ecx, 3
ja short loc_fffc25ad  ; ja 0xfffc25ad
cmp ecx, 2
mov dl, byte [esi]
jne short loc_fffc256c  ; jne 0xfffc256c
and dl, 1
jne short loc_fffc2573  ; jne 0xfffc2573
xor eax, eax
jmp short loc_fffc25e9  ; jmp 0xfffc25e9

loc_fffc256c:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffc25e9  ; je 0xfffc25e9

loc_fffc2573:  ; not directly referenced
mov edx, dword [esi - 0x21]
mov eax, dword [ebp - 0x4c]
mov edi, dword [ebp - 0x48]
and edx, 0xfffffffd
add eax, ebx
add edi, ebx
dec edx
cmovne eax, edi
xor edi, edi
cmp byte [esi + 1], 0x13
movzx edx, byte [eax + 7]
jne short loc_fffc2597  ; jne 0xfffc2597
movsx edi, byte [eax + 0x1d]

loc_fffc2597:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffc25e9  ; je 0xfffc25e9
jmp short loc_fffc25d3  ; jmp 0xfffc25d3

loc_fffc25a1:  ; not directly referenced
movzx eax, word [ebx + 0x258]
test ax, ax
jne short loc_fffc25e9  ; jne 0xfffc25e9

loc_fffc25ad:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x20], 0
je short loc_fffc25e9  ; je 0xfffc25e9
mov eax, dword [esi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc25c8  ; jne 0xfffc25c8
movzx edx, byte [ebx + 0x5a]
movsx edi, byte [ebx + 0x6c]
jmp short loc_fffc25d3  ; jmp 0xfffc25d3

loc_fffc25c8:  ; not directly referenced
movzx edx, byte [ebx + 0x61]
movsx edi, byte [ebx + 0xc2]

loc_fffc25d3:  ; not directly referenced
imul edx, dword [ebp - 0x34]
mov eax, dword [ebp - 0x20]
imul edi, dword [ebp - 0x38]
lea eax, [eax + edx - 1]
xor edx, edx
add eax, edi
div dword [ebp - 0x20]

loc_fffc25e9:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x14
mov edi, 0x14
cmova eax, edi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc2601:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add esi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffc251c  ; jne 0xfffc251c
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x40], 0x13c3
add dword [ebp - 0x30], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffc2505  ; jne 0xfffc2505
jmp near loc_fffc24ab  ; jmp 0xfffc24ab

loc_fffc2642:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc2653  ; ja 0xfffc2653
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je short loc_fffc267d  ; je 0xfffc267d

loc_fffc2653:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc267d:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc2642  ; jne 0xfffc2642
add esp, 0x40
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2693:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x44
mov eax, dword [ebp + 8]
mov dword [ebp - 0x40], 0
add eax, 0x3756
mov dword [ebp - 0x30], eax

loc_fffc26b0:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc26e4  ; ja 0xfffc26e4
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffc26e4  ; jne 0xfffc26e4

loc_fffc26c4:  ; not directly referenced
inc ecx
add dword [ebp - 0x40], 0x23
add dword [ebp - 0x30], 8
cmp ecx, 4
jne short loc_fffc26b0  ; jne 0xfffc26b0
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48db
jmp near loc_fffc28c1  ; jmp 0xfffc28c1

loc_fffc26e4:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x28], 0
add eax, 0x49bf
mov dword [ebp - 0x44], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x48], eax
mov eax, dword [ebp - 0x30]
mov dword [ebp - 0x34], eax
mov eax, dword [ebp - 0x40]
lea ebx, [eax + 0x18b]
add eax, 0xbb
mov dword [ebp - 0x4c], ebx
mov dword [ebp - 0x50], eax

loc_fffc271e:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ebx, dword [ebp - 0x28]
mov dword [ebp - 0x2c], 0
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x44]
mov dword [ebp - 0x20], eax

loc_fffc2738:  ; not directly referenced
mov eax, dword [ebp - 0x20]
cmp dword [eax - 0xf6], 2
jne loc_fffc287f  ; jne 0xfffc287f
mov edi, dword [ebp - 0x48]
mov esi, dword [ebp - 0x2c]
mov edx, dword [eax + edi - 0xf2]
mov edi, dword [ebp - 0x34]
mov dword [ebp - 0x24], edx
mov edx, dword [edi + esi + 0xc9]
mov edi, dword [edi + esi + 0xcd]
mov dword [ebp - 0x38], edx
mov dword [ebp - 0x3c], edi
cmp ecx, 1
je loc_fffc27fd  ; je 0xfffc27fd
jb loc_fffc2809  ; jb 0xfffc2809
cmp ecx, 3
ja loc_fffc2809  ; ja 0xfffc2809
cmp ecx, 2
mov dl, byte [eax]
jne short loc_fffc279a  ; jne 0xfffc279a
and dl, 1
jne short loc_fffc27a5  ; jne 0xfffc27a5
xor eax, eax
jmp near loc_fffc2865  ; jmp 0xfffc2865

loc_fffc279a:  ; not directly referenced
xor eax, eax
and dl, 2
je loc_fffc2865  ; je 0xfffc2865

loc_fffc27a5:  ; not directly referenced
mov eax, dword [ebp - 0x20]
mov esi, dword [ebp - 0x50]
mov edx, dword [ebp - 0x4c]
mov eax, dword [eax - 0x21]
lea edi, [esi + ebx]
add edx, ebx
and eax, 0xfffffffd
dec eax
cmovne edi, edx
xor edx, edx
mov al, byte [edi + 9]
shr al, 4
movzx esi, al
movzx eax, byte [edi + 0xb]
shl esi, 8
or esi, eax
mov eax, dword [ebp - 0x20]
cmp byte [eax + 1], 0x13
jne short loc_fffc27de  ; jne 0xfffc27de
movsx edx, byte [edi + 0x1e]

loc_fffc27de:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x24], 0
je short loc_fffc2865  ; je 0xfffc2865
mov edi, dword [ebp - 0x24]
imul esi, dword [ebp - 0x38]
imul edx, dword [ebp - 0x3c]
lea eax, [edi + esi - 1]
add eax, edx
xor edx, edx
div edi
jmp short loc_fffc2865  ; jmp 0xfffc2865

loc_fffc27fd:  ; not directly referenced
movzx eax, word [ebx + 0x256]
test ax, ax
jne short loc_fffc2865  ; jne 0xfffc2865

loc_fffc2809:  ; not directly referenced
xor eax, eax
cmp dword [ebp - 0x24], 0
je short loc_fffc2865  ; je 0xfffc2865
mov eax, dword [ebp - 0x20]
mov eax, dword [eax - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc2835  ; jne 0xfffc2835
mov al, byte [ebx + 0x5d]
movsx edi, byte [ebx + 0x6e]
shr al, 4
movzx esi, al
movzx eax, byte [ebx + 0x5f]
shl esi, 8
or esi, eax
jmp short loc_fffc284e  ; jmp 0xfffc284e

loc_fffc2835:  ; not directly referenced
mov al, byte [ebx + 0x63]
movsx edi, byte [ebx + 0xc0]
shr al, 4
movzx esi, al
movzx eax, byte [ebx + 0x65]
shl esi, 8
or esi, eax

loc_fffc284e:  ; not directly referenced
mov eax, dword [ebp - 0x24]
xor edx, edx
imul esi, dword [ebp - 0x38]
imul edi, dword [ebp - 0x3c]
lea esi, [eax + esi - 1]
lea eax, [esi + edi]
div dword [ebp - 0x24]

loc_fffc2865:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0xfff
mov edi, 0xfff
cmova eax, edi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc287f:  ; not directly referenced
add dword [ebp - 0x2c], 0x20
add ebx, 0x277
add dword [ebp - 0x20], 0x128
cmp dword [ebp - 0x2c], 0x40
jne loc_fffc2738  ; jne 0xfffc2738
add dword [ebp - 0x28], 0x54a
add dword [ebp - 0x44], 0x13c3
add dword [ebp - 0x34], 0x13c3
cmp dword [ebp - 0x28], 0xa94
jne loc_fffc271e  ; jne 0xfffc271e
jmp near loc_fffc26c4  ; jmp 0xfffc26c4

loc_fffc28c1:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc28d2  ; ja 0xfffc28d2
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x3749], 0
je short loc_fffc28fc  ; je 0xfffc28fc

loc_fffc28d2:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc28fc:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc28c1  ; jne 0xfffc28c1
add esp, 0x44
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2912:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov dword [ebp - 0x28], 0

loc_fffc2924:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc2954  ; ja 0xfffc2954
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffc2954  ; jne 0xfffc2954

loc_fffc2938:  ; not directly referenced
inc ecx
add dword [ebp - 0x28], 0x23
cmp ecx, 4
jne short loc_fffc2924  ; jne 0xfffc2924
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48d9
jmp near loc_fffc2ac3  ; jmp 0xfffc2ac3

loc_fffc2954:  ; not directly referenced
mov eax, dword [ebp + 8]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
add eax, 0x49bf
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x3c], eax
lea eax, [ecx*8 - 0x1269]
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x28]
add eax, 0x18b
mov dword [ebp - 0x48], eax

loc_fffc2989:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov edi, dword [ebp - 0x30]
mov ebx, dword [ebp - 0x20]
mov dword [ebp - 0x24], 0
add eax, edi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]
mov eax, dword [ebp - 0x28]
add eax, 0xbb
mov dword [ebp - 0x40], eax

loc_fffc29b3:  ; not directly referenced
cmp dword [edi - 0xf6], 2
jne loc_fffc2a89  ; jne 0xfffc2a89
mov eax, dword [ebp - 0x3c]
mov edx, dword [ebp - 0x24]
mov esi, dword [edi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x2c], eax
cmp ecx, 1
je short loc_fffc2a2c  ; je 0xfffc2a2c
jb short loc_fffc2a38  ; jb 0xfffc2a38
cmp ecx, 3
ja short loc_fffc2a38  ; ja 0xfffc2a38
cmp ecx, 2
mov dl, byte [edi]
jne short loc_fffc29f6  ; jne 0xfffc29f6
and dl, 1
jne short loc_fffc29fd  ; jne 0xfffc29fd
xor eax, eax
jmp short loc_fffc2a71  ; jmp 0xfffc2a71

loc_fffc29f6:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffc2a71  ; je 0xfffc2a71

loc_fffc29fd:  ; not directly referenced
mov eax, dword [ebp - 0x40]
mov edx, dword [edi - 0x21]
add eax, ebx
mov dword [ebp - 0x38], eax
mov eax, dword [ebp - 0x48]
and edx, 0xfffffffd
add eax, ebx
dec edx
cmove eax, dword [ebp - 0x38]
mov dl, byte [eax + 9]
movzx eax, byte [eax + 0xa]
and edx, 0xf
shl edx, 8
or edx, eax
xor eax, eax
test esi, esi
je short loc_fffc2a71  ; je 0xfffc2a71
jmp short loc_fffc2a65  ; jmp 0xfffc2a65

loc_fffc2a2c:  ; not directly referenced
movzx eax, word [ebx + 0x254]
test ax, ax
jne short loc_fffc2a71  ; jne 0xfffc2a71

loc_fffc2a38:  ; not directly referenced
xor eax, eax
test esi, esi
je short loc_fffc2a71  ; je 0xfffc2a71
mov eax, dword [edi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc2a56  ; jne 0xfffc2a56
mov dl, byte [ebx + 0x5d]
movzx eax, byte [ebx + 0x5e]
and edx, 0xf
shl edx, 8
jmp short loc_fffc2a63  ; jmp 0xfffc2a63

loc_fffc2a56:  ; not directly referenced
mov dl, byte [ebx + 0x63]
movzx eax, byte [ebx + 0x64]
and edx, 0xf
shl edx, 8

loc_fffc2a63:  ; not directly referenced
or edx, eax

loc_fffc2a65:  ; not directly referenced
imul edx, dword [ebp - 0x2c]
lea eax, [esi + edx - 1]
xor edx, edx
div esi

loc_fffc2a71:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x28
mov esi, 0x28
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc2a89:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add edi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffc29b3  ; jne 0xfffc29b3
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x30], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffc2989  ; jne 0xfffc2989
jmp near loc_fffc2938  ; jmp 0xfffc2938

loc_fffc2ac3:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc2ad4  ; ja 0xfffc2ad4
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x3749], 0
je short loc_fffc2afe  ; je 0xfffc2afe

loc_fffc2ad4:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc2afe:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc2ac3  ; jne 0xfffc2ac3
add esp, 0x3c
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2b14:  ; not directly referenced
push ebp
xor ecx, ecx
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x30

loc_fffc2b1f:  ; not directly referenced
lea eax, [ecx - 2]
cmp eax, 1
ja short loc_fffc2b4b  ; ja 0xfffc2b4b
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffc2b4b  ; jne 0xfffc2b4b

loc_fffc2b33:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc2b1f  ; jne 0xfffc2b1f
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48d7
jmp near loc_fffc2ca4  ; jmp 0xfffc2ca4

loc_fffc2b4b:  ; not directly referenced
mov eax, dword [ebp + 8]
lea esi, [ecx*8 - 0x1269]
mov dword [ebp + ecx*4 - 0x1c], 0
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x38], esi
add eax, 0x49bf
mov dword [ebp - 0x2c], eax
imul eax, ecx, 0x2e
mov dword [ebp - 0x30], eax
imul eax, ecx, 0x23
add eax, 0xbb
mov dword [ebp - 0x3c], eax

loc_fffc2b80:  ; not directly referenced
mov eax, dword [ebp - 0x38]
mov edi, dword [ebp - 0x2c]
mov ebx, dword [ebp - 0x20]
mov dword [ebp - 0x24], 0
add eax, edi
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
lea ebx, [eax + ebx + 0x1973]

loc_fffc2b9f:  ; not directly referenced
cmp dword [edi - 0xf6], 2
jne loc_fffc2c6a  ; jne 0xfffc2c6a
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x24]
mov esi, dword [edi + eax - 0xf2]
mov eax, dword [ebp - 0x34]
mov eax, dword [eax + edx + 0xc9]
mov dword [ebp - 0x28], eax
cmp ecx, 1
je short loc_fffc2c0d  ; je 0xfffc2c0d
jb short loc_fffc2c19  ; jb 0xfffc2c19
cmp ecx, 3
ja short loc_fffc2c19  ; ja 0xfffc2c19
cmp ecx, 2
mov dl, byte [edi]
jne short loc_fffc2be2  ; jne 0xfffc2be2
and dl, 1
jne short loc_fffc2be9  ; jne 0xfffc2be9
xor eax, eax
jmp short loc_fffc2c52  ; jmp 0xfffc2c52

loc_fffc2be2:  ; not directly referenced
xor eax, eax
and dl, 2
je short loc_fffc2c52  ; je 0xfffc2c52

loc_fffc2be9:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
add eax, ebx
mov dl, byte [eax + 0x12]
movzx eax, byte [eax + 0x13]
and edx, 0xf
shl edx, 8
or edx, eax
xor eax, eax
test esi, esi
je short loc_fffc2c52  ; je 0xfffc2c52
imul edx, dword [ebp - 0x28]
lea eax, [esi + edx - 1]
jmp short loc_fffc2c4e  ; jmp 0xfffc2c4e

loc_fffc2c0d:  ; not directly referenced
movzx eax, word [ebx + 0x252]
test ax, ax
jne short loc_fffc2c52  ; jne 0xfffc2c52

loc_fffc2c19:  ; not directly referenced
xor eax, eax
test esi, esi
je short loc_fffc2c52  ; je 0xfffc2c52
mov eax, dword [edi - 0x21]
and eax, 0xfffffffd
dec eax
jne short loc_fffc2c37  ; jne 0xfffc2c37
mov al, byte [ebx + 0x64]
movzx edx, byte [ebx + 0x65]
and eax, 0xf
shl eax, 8
jmp short loc_fffc2c44  ; jmp 0xfffc2c44

loc_fffc2c37:  ; not directly referenced
mov al, byte [ebx + 0x6c]
movzx edx, byte [ebx + 0x6d]
and eax, 0xf
shl eax, 8

loc_fffc2c44:  ; not directly referenced
or eax, edx
imul eax, dword [ebp - 0x28]
lea eax, [esi + eax - 1]

loc_fffc2c4e:  ; not directly referenced
xor edx, edx
div esi

loc_fffc2c52:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x1c]
cmp eax, 0x36
mov esi, 0x36
cmova eax, esi
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ecx*4 - 0x1c], eax

loc_fffc2c6a:  ; not directly referenced
add dword [ebp - 0x24], 0x20
add edi, 0x128
add ebx, 0x277
cmp dword [ebp - 0x24], 0x40
jne loc_fffc2b9f  ; jne 0xfffc2b9f
add dword [ebp - 0x20], 0x54a
add dword [ebp - 0x2c], 0x13c3
cmp dword [ebp - 0x20], 0xa94
jne loc_fffc2b80  ; jne 0xfffc2b80
jmp near loc_fffc2b33  ; jmp 0xfffc2b33

loc_fffc2ca4:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc2cb5  ; ja 0xfffc2cb5
mov edi, dword [ebp + 8]
cmp byte [edi + 0x3749], 0
je short loc_fffc2cdf  ; je 0xfffc2cdf

loc_fffc2cb5:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc2cdf:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc2ca4  ; jne 0xfffc2ca4
add esp, 0x30
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2cf5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x34
mov dword [ebp - 0x20], 0xc

loc_fffc2d07:  ; not directly referenced
lea eax, [ebx - 2]
cmp eax, 1
ja short loc_fffc2d1f  ; ja 0xfffc2d1f
mov esi, dword [ebp + 8]
cmp byte [esi + 0x3749], 0
je loc_fffc2f1e  ; je 0xfffc2f1e

loc_fffc2d1f:  ; not directly referenced
imul esi, ebx, 0x2e
imul eax, eax, 0x23
lea edi, [ebx*8 + 0x3756]
mov dword [ebp + ebx*4 - 0x1c], 0
mov dword [ebp - 0x34], esi
mov dword [ebp - 0x24], 0
mov dword [ebp - 0x40], edi
mov dword [ebp - 0x30], eax

loc_fffc2d44:  ; not directly referenced
mov edi, dword [ebp - 0x24]
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x28], 0
imul eax, edi, 0x13c3
imul edx, edi, 0x54a
mov edi, dword [ebp + 8]
lea ecx, [esi + eax]
mov esi, dword [ebp + 8]
add ecx, dword [ebp + 8]
lea edi, [edi + edx + 0x1973]
mov dword [ebp - 0x3c], ecx
lea esi, [esi + eax + 0x49bf]

loc_fffc2d7a:  ; not directly referenced
cmp dword [esi - 0xf6], 2
jne loc_fffc2ef7  ; jne 0xfffc2ef7
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x28]
mov ecx, dword [esi + eax - 0xf2]
mov eax, dword [ebp - 0x3c]
mov eax, dword [eax + edx + 0xc9]
mov edx, dword [esi - 0x21]
mov dword [ebp - 0x38], eax
mov eax, 0x12
cmp edx, 2
cmovne eax, dword [ebp - 0x20]
mov dword [ebp - 0x20], eax
cmp ebx, 1
je short loc_fffc2e16  ; je 0xfffc2e16
jb short loc_fffc2e26  ; jb 0xfffc2e26
cmp ebx, 3
ja short loc_fffc2e26  ; ja 0xfffc2e26
mov al, byte [esi]
cmp ebx, 2
mov byte [ebp - 0x29], al
jne short loc_fffc2dd4  ; jne 0xfffc2dd4
test al, 1
jne short loc_fffc2de0  ; jne 0xfffc2de0
xor eax, eax
jmp near loc_fffc2ee2  ; jmp 0xfffc2ee2

loc_fffc2dd4:  ; not directly referenced
xor eax, eax
test byte [ebp - 0x29], 2
je loc_fffc2ee2  ; je 0xfffc2ee2

loc_fffc2de0:  ; not directly referenced
and edx, 0xfffffffd
mov eax, dword [ebp - 0x30]
dec edx
jne short loc_fffc2df3  ; jne 0xfffc2df3
movzx edx, byte [edi + eax + 0x106]
jmp short loc_fffc2dfb  ; jmp 0xfffc2dfb

loc_fffc2df3:  ; not directly referenced
movzx edx, byte [edi + eax + 0x1d6]

loc_fffc2dfb:  ; not directly referenced
xor eax, eax
test ecx, ecx
je loc_fffc2ee2  ; je 0xfffc2ee2
imul edx, dword [ebp - 0x38]
lea eax, [ecx + edx - 1]
xor edx, edx
div ecx
jmp near loc_fffc2ee2  ; jmp 0xfffc2ee2

loc_fffc2e16:  ; not directly referenced
movzx eax, word [edi + 0x250]
test ax, ax
jne loc_fffc2ee2  ; jne 0xfffc2ee2

loc_fffc2e26:  ; not directly referenced
cmp edx, 3
jne short loc_fffc2e65  ; jne 0xfffc2e65
mov eax, 9
cmp ecx, 0x105944
jbe loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 7
cmp ecx, 0x16e360
jbe loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 5
cmp ecx, 0x1c9c38
jbe loc_fffc2ee2  ; jbe 0xfffc2ee2
cmp ecx, 0x2625a1
sbb eax, eax
and eax, 4
jmp short loc_fffc2ee2  ; jmp 0xfffc2ee2

loc_fffc2e65:  ; not directly referenced
cmp edx, 2
jne short loc_fffc2ea2  ; jne 0xfffc2ea2
mov eax, 0x12
cmp ecx, 0xbbcce
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 0xc
cmp ecx, 0xcb735
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 0xb
cmp ecx, 0xe5010
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 0xa
cmp ecx, 0x105944
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
cmp ecx, 0x1312d1
sbb eax, eax
and eax, 9
jmp short loc_fffc2ee2  ; jmp 0xfffc2ee2

loc_fffc2ea2:  ; not directly referenced
mov eax, 0xa
cmp ecx, 0xe5010
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 9
cmp ecx, 0x105944
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 8
cmp ecx, 0x1312d0
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 7
cmp ecx, 0x16e360
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
mov al, 6
cmp ecx, 0x1c9c38
jbe short loc_fffc2ee2  ; jbe 0xfffc2ee2
cmp ecx, 0x2625a1
sbb eax, eax
and eax, 5

loc_fffc2ee2:  ; not directly referenced
mov edx, dword [ebp - 0x20]
cmp eax, edx
cmova eax, edx
mov edx, dword [ebp + ebx*4 - 0x1c]
cmp eax, edx
cmovb eax, edx
mov dword [ebp + ebx*4 - 0x1c], eax

loc_fffc2ef7:  ; not directly referenced
add dword [ebp - 0x28], 0x20
add esi, 0x128
add edi, 0x277
cmp dword [ebp - 0x28], 0x40
jne loc_fffc2d7a  ; jne 0xfffc2d7a
inc dword [ebp - 0x24]
cmp dword [ebp - 0x24], 2
jne loc_fffc2d44  ; jne 0xfffc2d44

loc_fffc2f1e:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffc2d07  ; jne 0xfffc2d07
mov eax, dword [ebp + 8]
mov ecx, 0xfffffffe
add eax, 0x48d5

loc_fffc2f35:  ; not directly referenced
cmp ecx, 1
ja short loc_fffc2f46  ; ja 0xfffc2f46
mov ebx, dword [ebp + 8]
cmp byte [ebx + 0x3749], 0
je short loc_fffc2f70  ; je 0xfffc2f70

loc_fffc2f46:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x14]
mov word [eax], dx
mov word [eax - 0x1173], dx
mov word [eax + 0x128], dx
mov word [eax + 0x13c3], dx
mov word [eax + 0x250], dx
mov word [eax + 0x14eb], dx

loc_fffc2f70:  ; not directly referenced
inc ecx
add eax, 0x2e
cmp ecx, 2
jne short loc_fffc2f35  ; jne 0xfffc2f35
add esp, 0x34
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc2f86:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
sub esp, 0x24

loc_fffc2f91:  ; not directly referenced
lea eax, [esi - 2]
cmp eax, 1
ja short loc_fffc2fb8  ; ja 0xfffc2fb8
mov eax, dword [ebp + 8]
cmp byte [eax + 0x3749], 0
jne short loc_fffc2fb8  ; jne 0xfffc2fb8

loc_fffc2fa5:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffc2f91  ; jne 0xfffc2f91
add esp, 0x24
mov eax, 1
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffc2fb8:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [ebp - 0x1f], 2
add eax, 0x1973
mov dword [ebp - 0x24], eax
mov eax, dword [ebp + 8]
add eax, 0x3756
mov dword [ebp - 0x14], eax
lea eax, [esi*8]
mov dword [ebp - 0x28], eax
lea eax, [esi + esi + 0xf8]
mov dword [ebp - 0x2c], eax
lea eax, [esi - 2]
mov dword [ebp - 0x30], eax

loc_fffc2fec:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, dword [ebp - 0x24]
mov edi, dword [ebp - 0x28]
mov dword [ebp - 0x10], 0
add eax, ecx
mov dword [ebp - 0x1c], eax
mov eax, dword [ebp - 0x14]
add edi, eax

loc_fffc3006:  ; not directly referenced
mov eax, dword [ebp - 0x14]
mov ebx, dword [ebp - 0x10]
cmp dword [eax + ebx + 0x1173], 2
jne loc_fffc317b  ; jne 0xfffc317b
cmp dword [ebp - 0x30], 1
ja loc_fffc30e8  ; ja 0xfffc30e8
cmp esi, 2
mov al, byte [eax + ebx + 0x1269]
jne short loc_fffc3034  ; jne 0xfffc3034
test al, 1
jmp short loc_fffc3036  ; jmp 0xfffc3036

loc_fffc3034:  ; not directly referenced
test al, 2

loc_fffc3036:  ; not directly referenced
je loc_fffc30cf  ; je 0xfffc30cf
mov eax, dword [ebp - 0x14]
mov ebx, dword [ebp - 0x10]
mov eax, dword [eax + ebx + 0x1248]
and eax, 0xfffffffd
dec eax
jne short loc_fffc3068  ; jne 0xfffc3068
mov al, byte [ecx + 0x100]
mov dl, al
and eax, 0xf
shr dl, 4
mov byte [ebp - 0x18], al
mov eax, dword [ebp - 0x1c]
mov byte [ebp - 0x1d], dl
jmp short loc_fffc3084  ; jmp 0xfffc3084

loc_fffc3068:  ; not directly referenced
mov al, byte [ecx + 0x1d0]
mov dl, al
and eax, 0xf
mov byte [ebp - 0x18], al
mov eax, dword [ebp - 0x1c]
shr dl, 4
mov byte [ebp - 0x1d], dl
add eax, 0xd0

loc_fffc3084:  ; not directly referenced
mov bl, byte [eax]
mov edx, dword [ebp - 0x10]
mov byte [ebp - 0x1e], bl
movzx ebx, byte [eax + 1]
mov eax, dword [ebp - 0x14]
cmp byte [eax + edx + 0x126a], 0x12
mov eax, 0
je short loc_fffc30bd  ; je 0xfffc30bd
cmp byte [ebp - 0x18], 0
je short loc_fffc30bd  ; je 0xfffc30bd
movzx edx, byte [ebp - 0x1d]
imul eax, edx, 0x3e8
movzx edx, byte [ebp - 0x18]
mov dword [ebp - 0x18], edx
cdq
idiv dword [ebp - 0x18]

loc_fffc30bd:  ; not directly referenced
mov dword [edi + 0xcd], eax
xor eax, eax
test bl, bl
je short loc_fffc3144  ; je 0xfffc3144
movzx eax, byte [ebp - 0x1e]
jmp short loc_fffc313b  ; jmp 0xfffc313b

loc_fffc30cf:  ; not directly referenced
mov dword [edi + 0xcd], 0
mov dword [edi + 0xc9], 0
jmp near loc_fffc317b  ; jmp 0xfffc317b

loc_fffc30e8:  ; not directly referenced
mov eax, dword [ebp - 0x14]
mov ebx, dword [ebp - 0x10]
mov eax, dword [eax + ebx + 0x1248]
and eax, 0xfffffffd
dec eax
jne short loc_fffc314c  ; jne 0xfffc314c
mov dl, byte [ecx + 0x51]
movzx ebx, byte [ecx + 0x53]
mov al, dl
shr al, 4
mov byte [ebp - 0x18], al
mov al, byte [ecx + 0x52]
mov byte [ebp - 0x1d], al
xor eax, eax
and dl, 0xf
je short loc_fffc312b  ; je 0xfffc312b
movzx eax, byte [ebp - 0x18]
movzx edx, dl
mov dword [ebp - 0x18], edx
imul eax, eax, 0x3e8
cdq
idiv dword [ebp - 0x18]

loc_fffc312b:  ; not directly referenced
mov dword [edi + 0xcd], eax
xor eax, eax
test bl, bl
je short loc_fffc3144  ; je 0xfffc3144
movzx eax, byte [ebp - 0x1d]

loc_fffc313b:  ; not directly referenced
imul eax, eax, 0xf4240
cdq
idiv ebx

loc_fffc3144:  ; not directly referenced
mov dword [edi + 0xc9], eax
jmp short loc_fffc317b  ; jmp 0xfffc317b

loc_fffc314c:  ; not directly referenced
mov al, byte [ecx + 0x59]
shr al, 2
and eax, 3
cmp eax, 1
sbb eax, eax
and eax, 0x1e848
mov dword [edi + 0xc9], eax
mov al, byte [ecx + 0x59]
and eax, 3
cmp eax, 1
sbb eax, eax
and eax, 0x3e8
mov dword [edi + 0xcd], eax

loc_fffc317b:  ; not directly referenced
add dword [ebp - 0x10], 0x128
add edi, 0x20
add ecx, 0x277
add dword [ebp - 0x1c], 0x277
cmp dword [ebp - 0x10], 0x250
jne loc_fffc3006  ; jne 0xfffc3006
add dword [ebp - 0x24], 0x54a
add dword [ebp - 0x14], 0x13c3
dec byte [ebp - 0x1f]
jne loc_fffc2fec  ; jne 0xfffc2fec
jmp near loc_fffc2fa5  ; jmp 0xfffc2fa5

fcn_fffc31bb:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov edx, dword [eax + 0xd5]
and edx, 0xfffffffd
dec edx
jne short loc_fffc31d5  ; jne 0xfffc31d5
mov dl, byte [ecx + 0x29]
jmp short loc_fffc31d8  ; jmp 0xfffc31d8

loc_fffc31d5:  ; not directly referenced
mov dl, byte [ecx + 7]

loc_fffc31d8:  ; not directly referenced
and edx, 0xf
cmp edx, 8
ja short loc_fffc3234  ; ja 0xfffc3234
jmp dword [edx*4 + ref_fffd5988]  ; ujmp: jmp dword [edx*4 - 0x2a678]

loc_fffc31e7:  ; not directly referenced
mov byte [eax + 0xf4], 0
jmp short loc_fffc31f7  ; jmp 0xfffc31f7

loc_fffc31f0:  ; not directly referenced
mov byte [eax + 0xf4], 2

loc_fffc31f7:  ; not directly referenced
mov eax, 1
jmp short loc_fffc323d  ; jmp 0xfffc323d

loc_fffc31fe:  ; not directly referenced
mov byte [eax + 0xf4], 3
jmp short loc_fffc31f7  ; jmp 0xfffc31f7

loc_fffc3207:  ; not directly referenced
mov byte [eax + 0xf4], 4
jmp short loc_fffc31f7  ; jmp 0xfffc31f7

loc_fffc3210:  ; not directly referenced
mov byte [eax + 0xf4], 5
jmp short loc_fffc31f7  ; jmp 0xfffc31f7

loc_fffc3219:  ; not directly referenced
mov byte [eax + 0xf4], 6
jmp short loc_fffc31f7  ; jmp 0xfffc31f7

loc_fffc3222:  ; not directly referenced
mov byte [eax + 0xf4], 7
jmp short loc_fffc31f7  ; jmp 0xfffc31f7

loc_fffc322b:  ; not directly referenced
mov byte [eax + 0xf4], 8
jmp short loc_fffc31f7  ; jmp 0xfffc31f7

loc_fffc3234:  ; not directly referenced
mov byte [eax + 0xf4], 0
xor eax, eax

loc_fffc323d:  ; not directly referenced
pop ebp
ret

fcn_fffc323f:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
push ebx
mov edx, dword [ebp + 0xc]
mov ebx, dword [ebp + 8]
mov ecx, dword [eax + 0xd5]
and ecx, 0xfffffffd
dec ecx
jne short loc_fffc32a9  ; jne 0xfffc32a9
mov cl, byte [edx + 0x1f]
shr cl, 7
mov byte [eax + 0xd1], cl
mov cl, byte [edx + 0x1f]
shr cl, 3
and ecx, 1
mov byte [eax + 0xd2], cl
xor ecx, ecx
test byte [edx + 0x1f], 4
je short loc_fffc3287  ; je 0xfffc3287
xor ecx, ecx
cmp byte [ebx + 0x18b7], 0
setne cl

loc_fffc3287:  ; not directly referenced
mov byte [eax + 0xd0], cl
mov cl, byte [edx + 0x1f]
shr cl, 1
and ecx, 1
mov byte [eax + 0xd4], cl
mov dl, byte [edx + 0x1f]
and edx, 1
mov byte [eax + 0xd3], dl
jmp short loc_fffc32cc  ; jmp 0xfffc32cc

loc_fffc32a9:  ; not directly referenced
mov byte [eax + 0xd1], 0
mov byte [eax + 0xd2], 0
mov byte [eax + 0xd0], 0
mov byte [eax + 0xd4], 0
mov byte [eax + 0xd3], 0

loc_fffc32cc:  ; not directly referenced
xor edx, edx
cmp byte [eax + 0xd0], 0
jne short loc_fffc32ec  ; jne 0xfffc32ec
cmp byte [eax + 0xd3], 0
je short loc_fffc32ec  ; je 0xfffc32ec
xor edx, edx
cmp byte [ebx + 0x18b8], 0
setne dl

loc_fffc32ec:  ; not directly referenced
mov byte [eax + 0xcf], dl
mov eax, 1
pop ebx
pop ebp
ret

fcn_fffc32fa:  ; not directly referenced
push ebp
mov ebp, esp
mov ecx, dword [ebp + 0x10]
push ebx
mov eax, dword [ebp + 0xc]
mov ebx, dword [ecx + 0xd5]
mov edx, ebx
and edx, 0xfffffffd
dec edx
jne short loc_fffc3317  ; jne 0xfffc3317
mov dl, byte [eax + 0x3f]
jmp short loc_fffc331d  ; jmp 0xfffc331d

loc_fffc3317:  ; not directly referenced
mov dl, byte [eax + 0x83]

loc_fffc331d:  ; not directly referenced
and edx, 1
mov eax, 1
mov byte [ecx + 0xce], dl
cmp ebx, 2
jne short loc_fffc3340  ; jne 0xfffc3340
dec dl
jne short loc_fffc3340  ; jne 0xfffc3340
xor eax, eax
cmp dword [ecx + 0xd9], 3
sete al

loc_fffc3340:  ; not directly referenced
pop ebx
pop ebp
ret

fcn_fffc3343:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov eax, dword [edx + 0xd5]
and eax, 0xfffffffd
dec eax
jne short loc_fffc336e  ; jne 0xfffc336e
mov eax, dword [ebp + 0xc]
mov al, byte [eax + 8]
shr al, 3
and eax, 3
dec al
jne short loc_fffc336e  ; jne 0xfffc336e
mov byte [edx + 0xcc], 1
jmp short loc_fffc3375  ; jmp 0xfffc3375

loc_fffc336e:  ; not directly referenced
mov byte [edx + 0xcc], 0

loc_fffc3375:  ; not directly referenced
mov eax, 1
pop ebp
ret

fcn_fffc337c:  ; not directly referenced
push ebp
mov ecx, 8
mov ebp, esp
push edi
push esi
mov esi, ref_fffd59ac  ; mov esi, 0xfffd59ac
push ebx
sub esp, 0x20
mov ebx, dword [ebp + 0x10]
lea edi, [ebp - 0x2c]
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov dl, byte [ebx + 0xf1]
test dl, dl
je short loc_fffc33e6  ; je 0xfffc33e6
mov al, byte [ebx + 0xf3]
cmp al, 7
ja short loc_fffc33e6  ; ja 0xfffc33e6
movzx ecx, al
movzx eax, byte [ebx + 0xf0]
imul eax, dword [ebp + ecx*4 - 0x2c]
movzx ecx, dl
xor edx, edx
div ecx
movzx edx, byte [ebx + 0xed]
imul eax, edx
lea edx, [eax - 0x200]
cmp edx, 0x3e00
ja short loc_fffc33e6  ; ja 0xfffc33e6
mov dword [ebx + 0xe1], eax
mov eax, 1
jmp short loc_fffc33f2  ; jmp 0xfffc33f2

loc_fffc33e6:  ; not directly referenced
mov dword [ebx + 0xe1], 0
xor eax, eax

loc_fffc33f2:  ; not directly referenced
add esp, 0x20
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc33fa:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov eax, dword [edx + 0xd5]
and eax, 0xfffffffd
dec eax
jne short loc_fffc3414  ; jne 0xfffc3414
mov al, byte [ecx + 7]
jmp short loc_fffc3417  ; jmp 0xfffc3417

loc_fffc3414:  ; not directly referenced
mov al, byte [ecx + 0xc]

loc_fffc3417:  ; not directly referenced
shr al, 3
and eax, 7
inc eax
cmp al, 2
ja short loc_fffc342f  ; ja 0xfffc342f
mov byte [edx + 0xed], al
mov eax, 1
jmp short loc_fffc3438  ; jmp 0xfffc3438

loc_fffc342f:  ; not directly referenced
mov byte [edx + 0xed], 0
xor eax, eax

loc_fffc3438:  ; not directly referenced
pop ebp
ret

fcn_fffc343a:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
push esi
mov eax, dword [ebp + 0xc]
push ebx
mov ecx, dword [edx + 0xd5]
and ecx, 0xfffffffd
dec ecx
mov cl, byte [eax + 4]
jne short loc_fffc3478  ; jne 0xfffc3478
and ecx, 0xf
mov byte [edx + 0xf3], cl
test byte [eax + 4], 0x70
jne short loc_fffc34c3  ; jne 0xfffc34c3
mov byte [edx + 0xee], 8
mov eax, 1
mov byte [edx + 0xef], 0
jmp short loc_fffc34c5  ; jmp 0xfffc34c5

loc_fffc3478:  ; not directly referenced
and ecx, 0xf
mov byte [edx + 0xf3], cl
mov al, byte [eax + 4]
mov cl, al
shr cl, 4
shr al, 6
and ecx, 3
mov esi, eax
xor eax, eax
cmp cl, 1
ja short loc_fffc34aa  ; ja 0xfffc34aa
mov eax, 4
shl eax, cl
mov byte [edx + 0xee], al
mov eax, 1

loc_fffc34aa:  ; not directly referenced
lea ecx, [esi - 1]
cmp cl, 1
ja short loc_fffc34c3  ; ja 0xfffc34c3
mov ebx, 1
mov ecx, esi
shl ebx, cl
mov byte [edx + 0xef], bl
jmp short loc_fffc34c5  ; jmp 0xfffc34c5

loc_fffc34c3:  ; not directly referenced
xor eax, eax

loc_fffc34c5:  ; not directly referenced
pop ebx
pop esi
pop ebp
ret

fcn_fffc34c9:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov eax, dword [edx + 0xd5]
and eax, 0xfffffffd
dec eax
jne short loc_fffc34e3  ; jne 0xfffc34e3
mov al, byte [ecx + 8]
jmp short loc_fffc34e6  ; jmp 0xfffc34e6

loc_fffc34e3:  ; not directly referenced
mov al, byte [ecx + 0xd]

loc_fffc34e6:  ; not directly referenced
and eax, 7
cmp al, 3
jne short loc_fffc34fb  ; jne 0xfffc34fb
mov byte [edx + 0xf0], 0x40
mov eax, 1
jmp short loc_fffc3504  ; jmp 0xfffc3504

loc_fffc34fb:  ; not directly referenced
mov byte [edx + 0xf0], 0
xor eax, eax

loc_fffc3504:  ; not directly referenced
pop ebp
ret

fcn_fffc3506:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0xc]
push ebx
mov eax, dword [ebp + 8]
mov ecx, dword [ebp + 0x10]
mov dl, byte [edx + 5]
mov eax, dword [eax + 0x1887]
and edx, 7
cmp dl, 2
je short loc_fffc3567  ; je 0xfffc3567
cmp dl, 3
je short loc_fffc3592  ; je 0xfffc3592
dec dl
jne short loc_fffc35a4  ; jne 0xfffc35a4
cmp eax, 0x40650
je short loc_fffc355c  ; je 0xfffc355c
cmp eax, 0x40660
sete bl
cmp eax, 0x306c0
sete dl
or bl, dl
jne short loc_fffc355c  ; jne 0xfffc355c
cmp eax, 0x40670
sete bl
cmp eax, 0x306d0
sete dl
or bl, dl
je short loc_fffc356e  ; je 0xfffc356e

loc_fffc355c:  ; not directly referenced
mov word [ecx + 0xe9], 0x400
jmp short loc_fffc358b  ; jmp 0xfffc358b

loc_fffc3567:  ; not directly referenced
cmp eax, 0x40650
je short loc_fffc3582  ; je 0xfffc3582

loc_fffc356e:  ; not directly referenced
cmp eax, 0x40670
sete dl
cmp eax, 0x306d0
sete al
or dl, al
je short loc_fffc35a4  ; je 0xfffc35a4

loc_fffc3582:  ; not directly referenced
mov word [ecx + 0xe9], 0x800

loc_fffc358b:  ; not directly referenced
mov eax, 1
jmp short loc_fffc35af  ; jmp 0xfffc35af

loc_fffc3592:  ; not directly referenced
cmp eax, 0x40650
jne short loc_fffc35a4  ; jne 0xfffc35a4
mov word [ecx + 0xe9], 0x1000
jmp short loc_fffc358b  ; jmp 0xfffc358b

loc_fffc35a4:  ; not directly referenced
mov word [ecx + 0xe9], 0
xor eax, eax

loc_fffc35af:  ; not directly referenced
pop ebx
pop ebp
ret

fcn_fffc35b2:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov edx, dword [ebp + 0x10]
mov al, byte [eax + 5]
shr al, 3
and eax, 7
cmp al, 4
ja short loc_fffc3613  ; ja 0xfffc3613
movzx eax, al
jmp dword [eax*4 + ref_fffd59cc]  ; ujmp: jmp dword [eax*4 - 0x2a634]

loc_fffc35d2:  ; not directly referenced
mov dword [edx + 0xe5], 0x1000
jmp short loc_fffc35e8  ; jmp 0xfffc35e8

loc_fffc35de:  ; not directly referenced
mov dword [edx + 0xe5], 0x2000

loc_fffc35e8:  ; not directly referenced
mov eax, 1
jmp short loc_fffc361f  ; jmp 0xfffc361f

loc_fffc35ef:  ; not directly referenced
mov dword [edx + 0xe5], 0x4000
jmp short loc_fffc35e8  ; jmp 0xfffc35e8

loc_fffc35fb:  ; not directly referenced
mov dword [edx + 0xe5], 0x8000
jmp short loc_fffc35e8  ; jmp 0xfffc35e8

loc_fffc3607:  ; not directly referenced
mov dword [edx + 0xe5], 0x10000
jmp short loc_fffc35e8  ; jmp 0xfffc35e8

loc_fffc3613:  ; not directly referenced
mov dword [edx + 0xe5], 0
xor eax, eax

loc_fffc361f:  ; not directly referenced
pop ebp
ret

fcn_fffc3621:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0xc]
mov edx, dword [eax + 0xd5]
and edx, 0xfffffffd
dec edx
jne short loc_fffc363b  ; jne 0xfffc363b
mov dl, byte [ecx + 7]
jmp short loc_fffc363e  ; jmp 0xfffc363e

loc_fffc363b:  ; not directly referenced
mov dl, byte [ecx + 0xc]

loc_fffc363e:  ; not directly referenced
and edx, 7
mov byte [eax + 0xf2], dl
mov dl, byte [eax + 0xf2]
cmp dl, 2
je short loc_fffc3664  ; je 0xfffc3664
cmp dl, 3
je short loc_fffc3672  ; je 0xfffc3672
dec dl
jne short loc_fffc367b  ; jne 0xfffc367b
mov byte [eax + 0xf1], 8
jmp short loc_fffc366b  ; jmp 0xfffc366b

loc_fffc3664:  ; not directly referenced
mov byte [eax + 0xf1], 0x10

loc_fffc366b:  ; not directly referenced
mov eax, 1
jmp short loc_fffc3684  ; jmp 0xfffc3684

loc_fffc3672:  ; not directly referenced
mov byte [eax + 0xf1], 0x20
jmp short loc_fffc366b  ; jmp 0xfffc366b

loc_fffc367b:  ; not directly referenced
mov byte [eax + 0xf1], 0
xor eax, eax

loc_fffc3684:  ; not directly referenced
pop ebp
ret

fcn_fffc3686:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 1
mov ebx, dword [ebp + 0xc]
mov esi, dword [ebp + 8]
mov edx, dword [ebp + 0x10]
mov cl, byte [ebx + 6]
mov eax, dword [esi + 0x1887]
mov edi, dword [esi + 0x188b]
mov byte [ebp - 0xd], cl
mov cl, byte [ebx + 2]
shr byte [ebp - 0xd], 1
and byte [ebp - 0xd], 1
cmp cl, 0xc
je loc_fffc3749  ; je 0xfffc3749
cmp cl, 0xf1
je short loc_fffc370a  ; je 0xfffc370a
cmp cl, 0xb
jne loc_fffc376a  ; jne 0xfffc376a
mov dword [edx + 0xd5], 1
mov cl, byte [ebx + 3]
add ebx, 0xb0
and ecx, 0xf
cmp eax, 0x306d0
mov dword [edx + 0xd9], ecx
sete cl
cmp eax, 0x40650
sete al
or cl, al
je loc_fffc3814  ; je 0xfffc3814
cmp byte [ebp - 0xd], 0
je short loc_fffc3780  ; je 0xfffc3780
jmp near loc_fffc3814  ; jmp 0xfffc3814

loc_fffc370a:  ; not directly referenced
cmp eax, 0x40650
je short loc_fffc3728  ; je 0xfffc3728
cmp eax, 0x40660
sete cl
cmp eax, 0x306c0
sete al
or cl, al
jne short loc_fffc3728  ; jne 0xfffc3728
dec edi
jne short loc_fffc3749  ; jne 0xfffc3749

loc_fffc3728:  ; not directly referenced
mov dword [edx + 0xd5], 3
mov al, byte [ebx + 3]
add ebx, 0xb0
and eax, 0xf
mov dword [edx + 0xd9], eax
jmp near loc_fffc3814  ; jmp 0xfffc3814

loc_fffc3749:  ; not directly referenced
mov dword [edx + 0xd5], 2
mov al, byte [ebx + 3]
add ebx, 0x180
and eax, 0xf
mov dword [edx + 0xd9], eax
jmp near loc_fffc3814  ; jmp 0xfffc3814

loc_fffc376a:  ; not directly referenced
mov dword [edx + 0xd5], 0
xor ebx, ebx
mov dword [edx + 0xd9], 0

loc_fffc3780:  ; not directly referenced
xor eax, eax

loc_fffc3782:  ; not directly referenced
mov byte [edx + 0xf6], 0
test eax, eax
je loc_fffc383c  ; je 0xfffc383c
cmp word [ebx], 0x4a0c
mov eax, dword [esi + 0x18a7]
jne short loc_fffc37bf  ; jne 0xfffc37bf
mov cl, byte [ebx + 3]
and ecx, 0xfffffffe
cmp cl, 0x12
jne short loc_fffc37bf  ; jne 0xfffc37bf
cmp eax, 2
jne short loc_fffc37b4  ; jne 0xfffc37b4
test byte [ebx + 2], 1
jmp short loc_fffc37bd  ; jmp 0xfffc37bd

loc_fffc37b4:  ; not directly referenced
cmp eax, 3
jne short loc_fffc37cd  ; jne 0xfffc37cd
test byte [ebx + 2], 2

loc_fffc37bd:  ; not directly referenced
jne short loc_fffc37cd  ; jne 0xfffc37cd

loc_fffc37bf:  ; not directly referenced
sub eax, 2
cmp eax, 1
seta al
movzx eax, al
jmp short loc_fffc37d9  ; jmp 0xfffc37d9

loc_fffc37cd:  ; not directly referenced
or byte [esi + 0x3749], 1
mov eax, 1

loc_fffc37d9:  ; not directly referenced
cmp word [ebx], 0x4a0c
jne short loc_fffc383c  ; jne 0xfffc383c
movzx edi, byte [ebx + 3]
mov esi, edi
and esi, 0xfffffffe
mov ecx, esi
cmp cl, 0x12
jne short loc_fffc37f8  ; jne 0xfffc37f8
mov ecx, edi
mov byte [edx + 0xf7], cl

loc_fffc37f8:  ; not directly referenced
test byte [ebx + 2], 1
je short loc_fffc3805  ; je 0xfffc3805
or byte [edx + 0xf6], 1

loc_fffc3805:  ; not directly referenced
test byte [ebx + 2], 2
je short loc_fffc383c  ; je 0xfffc383c
or byte [edx + 0xf6], 2
jmp short loc_fffc383c  ; jmp 0xfffc383c

loc_fffc3814:  ; not directly referenced
mov eax, dword [edx + 0xd9]
lea ecx, [eax - 2]
xor eax, eax
cmp ecx, 6
ja loc_fffc3782  ; ja 0xfffc3782
mov eax, 1
shl eax, cl
test al, 0x43
setne al
movzx eax, al
jmp near loc_fffc3782  ; jmp 0xfffc3782

loc_fffc383c:  ; not directly referenced
add esp, 1
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc3844:  ; not directly referenced
push ebp
mov ebp, esp
movzx eax, byte [ebp + 0x10]
movzx edx, byte [ebp + 0x14]
shl eax, 0xc
add edx, eax
movzx eax, byte [ebp + 0xc]
shl eax, 0xf
add edx, eax
movzx eax, byte [ebp + 8]
pop ebp
shl eax, 0x14
add eax, edx
ret

fcn_fffc3868:  ; not directly referenced
push ebp
mov ebp, esp
mov edx, dword [ebp + 0x10]
movzx eax, byte [ebp + 0x14]
and edx, 7
shl edx, 8
or eax, 0x80000000
or eax, edx
movzx edx, byte [ebp + 8]
shl edx, 0x10
or eax, edx
movzx edx, byte [ebp + 0xc]
pop ebp
shl edx, 0xb
movzx edx, dx
or eax, edx
ret

fcn_fffc3896:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x1c], 0
mov eax, dword [ebx + 0x2443]
lea edi, [ebx + 0xfb9]
mov dword [ebp - 0x20], eax
mov al, byte [ebx + 0xfb8]
mov byte [ebx + 0x3755], al
mov eax, dword [ebx + 0xfb4]
mov dword [ebx + 0x374e], eax

loc_fffc38d0:  ; not directly referenced
imul esi, dword [ebp - 0x1c], 0x13c3
xor edx, edx
mov eax, dword [edi + 4]
lea ecx, [ebx + esi + 0x3756]
mov dword [ebx + esi + 0x3816], eax
mov al, byte [edi + 8]
mov byte [ebx + esi + 0x381a], al
mov eax, dword [edi]
mov dword [ebx + esi + 0x3756], eax

loc_fffc38fd:  ; not directly referenced
push eax
push 0x2e
lea eax, [edi + edx + 9]
push eax
lea eax, [ecx + edx + 4]
push eax
mov eax, dword [ebp - 0x20]
mov dword [ebp - 0x28], edx
mov dword [ebp - 0x24], ecx
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x28]
add esp, 0x10
mov ecx, dword [ebp - 0x24]
add edx, 0x2e
cmp edx, 0xb8
jne short loc_fffc38fd  ; jne 0xfffc38fd
imul eax, dword [ebp - 0x1c], 0x54a
lea esi, [ebx + esi + 0x48c9]
mov dword [ebp - 0x24], esi
lea edx, [edi + 0x313]
mov byte [ebp - 0x29], 2
lea esi, [ebx + eax + 0x1afb]
lea eax, [edi + 0xc1]
mov dword [ebp - 0x28], eax

loc_fffc3955:  ; not directly referenced
mov eax, dword [ebp - 0x28]
mov eax, dword [eax]
lea ecx, [eax - 1]
cmp ecx, 1
ja short loc_fffc39d5  ; ja 0xfffc39d5
push eax
mov eax, dword [ebp - 0x20]
push 0x128
push dword [ebp - 0x28]
push dword [ebp - 0x24]
mov dword [ebp - 0x30], edx
call dword [eax + 0x58]  ; ucall
mov edx, dword [ebp - 0x30]
add esp, 0x10
cmp byte [esi - 0x13e], 0xc
jne short loc_fffc39a1  ; jne 0xfffc39a1
mov cl, byte [edx - 2]
mov eax, esi
mov byte [esi - 0x13d], cl
mov cl, byte [edx - 1]
mov byte [esi - 0x133], cl
mov ecx, 0x1d
jmp short loc_fffc39be  ; jmp 0xfffc39be

loc_fffc39a1:  ; not directly referenced
mov al, byte [edx - 2]
mov ecx, 0x1f
mov byte [esi - 0x13d], al
mov al, byte [edx - 1]
mov byte [esi - 0x138], al
lea eax, [esi - 0xcb]

loc_fffc39be:  ; not directly referenced
sub esp, 4
push ecx
push edx
push eax
mov eax, dword [ebp - 0x20]
mov dword [ebp - 0x30], edx
call dword [eax + 0x58]  ; ucall
add esp, 0x10
mov edx, dword [ebp - 0x30]
jmp short loc_fffc39da  ; jmp 0xfffc39da

loc_fffc39d5:  ; not directly referenced
mov ecx, dword [ebp - 0x24]
mov dword [ecx], eax

loc_fffc39da:  ; not directly referenced
add dword [ebp - 0x28], 0x128
add esi, 0x277
add edx, 0x21
add dword [ebp - 0x24], 0x128
dec byte [ebp - 0x29]
jne loc_fffc3955  ; jne 0xfffc3955
inc dword [ebp - 0x1c]
add edi, 0x433
cmp dword [ebp - 0x1c], 2
jne loc_fffc38d0  ; jne 0xfffc38d0
mov eax, dword [ebx + 0x182c]
xor ecx, ecx
mov dword [ebx + 0x3735], eax
mov eax, dword [ebx + 0x1830]
mov dword [ebx + 0x3739], eax
mov eax, dword [ebx + 0x1834]
mov dword [ebx + 0x373d], eax
mov eax, dword [ebx + 0x1838]
mov dword [ebx + 0x3741], eax
mov eax, dword [ebx + 0xfa4]
mov dword [ebx + 0x1887], eax
mov eax, dword [ebx + 0xfa0]
mov dword [ebx + 0x1883], eax
mov eax, dword [ebx + 0xfa8]
mov dword [ebx + 0x188b], eax
mov al, byte [ebx + 0x1842]
mov byte [ebx + 0x190d], al
mov eax, dword [ebx + 0x181f]
mov dword [ebx + 0x36d7], eax
mov eax, dword [ebx + 0x1823]
mov dword [ebx + 0x36df], eax
mov al, byte [ebx + 0x182b]
mov byte [ebx + 0x36e7], al
mov eax, dword [ebx + 0x1827]
mov dword [ebx + 0x36e3], eax
mov al, byte [ebx + 0x183c]
mov byte [ebx + 0x3748], al
mov eax, dword [ebx + 0x183d]
mov dword [ebx + 0x2480], eax
mov al, byte [ebx + 0x1841]
mov byte [ebx + 0x3749], al
mov al, byte [ebx + 0x184c]
mov byte [ebx + 0x36ca], al
mov eax, dword [ebx + 0x1843]
mov dword [ebx + 0x36cb], eax
mov eax, dword [ebx + 0x1847]
mov dword [ebx + 0x1912], eax
mov al, byte [ebx + 0x184b]
mov byte [ebx + 0x1916], al
mov al, byte [ebx + 0x184d]
mov byte [ebx + 0x36a8], al

loc_fffc3aff:  ; not directly referenced
mov eax, dword [ebx + ecx + 0x184e]
mov edx, dword [ebx + ecx + 0x1852]
mov dword [ebx + ecx + 0x36a9], eax
mov dword [ebx + ecx + 0x36ad], edx
add ecx, 8
cmp ecx, 0x20
jne short loc_fffc3aff  ; jne 0xfffc3aff
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc3b2d:  ; not directly referenced
push ebp
mov ebp, esp
push ebx
sub esp, 0x10
mov ebx, dword [ebp + 8]
mov al, byte [ebx + 0x18b1]
mov ecx, dword [ebx + 0x18cd]
mov byte [ebx + 0x2479], 0
mov byte [ebx + 0x3748], al
mov al, byte [ebx + 0x23ff]
lea edx, [ecx + 0x18]
mov byte [ebx + 0x3745], al
mov eax, dword [ebx + 0x2443]
push edx
call dword [eax + 0x20]  ; ucall
add esp, 0x10
mov edx, eax
shr edx, 0x10
test ax, ax
jne short loc_fffc3b80  ; jne 0xfffc3b80
cmp dx, 1
jbe short loc_fffc3b80  ; jbe 0xfffc3b80
mov al, dl
jmp short loc_fffc3b86  ; jmp 0xfffc3b86

loc_fffc3b80:  ; not directly referenced
mov al, byte [ebx + 0x2401]

loc_fffc3b86:  ; not directly referenced
mov ecx, dword [ebx + 0x18cd]
sub esp, 0xc
mov byte [ebx + 0x3747], al
mov eax, dword [ebx + 0x2443]
lea edx, [ecx + 0x28]
push edx
call dword [eax + 0x20]  ; ucall
add esp, 0x10
mov edx, eax
shr edx, 0x10
test ax, ax
jne short loc_fffc3bb9  ; jne 0xfffc3bb9
cmp dx, 1
jbe short loc_fffc3bb9  ; jbe 0xfffc3bb9
mov al, dl
jmp short loc_fffc3bbf  ; jmp 0xfffc3bbf

loc_fffc3bb9:  ; not directly referenced
mov al, byte [ebx + 0x2400]

loc_fffc3bbf:  ; not directly referenced
mov byte [ebx + 0x3746], al
xor eax, eax
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc3bcc:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffc3bd3:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
pop ebp
ret

fcn_fffc3bda:  ; not directly referenced
push ebp
and edx, 0xff00
mov ebp, esp
push ebx
xor ebx, ebx
sub esp, 8
push 0xe
push ebx
push edx
call dword [eax + 0x68]  ; ucall
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc3bf5:  ; not directly referenced
push ebp
movzx ecx, dl
mov ebp, esp
push ebx
xor ebx, ebx
sub esp, 8
push 0x16
push ebx
push ecx
call dword [eax + 0x68]  ; ucall
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc3c0d:
push ebp
mov ebp, esp
push esi
push ebx
mov esi, dword [eax + 0x2443]
lea ebx, [edx - 0xd]
mov ecx, dword [eax + 0x2480]
cmp ebx, 0x36
ja loc_fffc3dad  ; ja 0xfffc3dad
jmp dword [ebx*4 + ref_fffd59e0]  ; ujmp: jmp dword [ebx*4 - 0x2a620]

loc_fffc3c31:
cmp ecx, 3
je loc_fffc3dad  ; je 0xfffc3dad
mov bl, byte [eax + 0x2403]
jmp short loc_fffc3c98  ; jmp 0xfffc3c98

loc_fffc3c42:
mov bl, byte [eax + 0x2403]
jmp short loc_fffc3cc0  ; jmp 0xfffc3cc0

loc_fffc3c4a:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3d09  ; jmp 0xfffc3d09

loc_fffc3c55:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3d14  ; jmp 0xfffc3d14

loc_fffc3c60:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3d87  ; jmp 0xfffc3d87

loc_fffc3c6b:
mov bl, byte [eax + 0x2403]
jmp short loc_fffc3cdd  ; jmp 0xfffc3cdd

loc_fffc3c73:
mov bl, byte [eax + 0x2403]
jmp near loc_fffc3d1f  ; jmp 0xfffc3d1f

loc_fffc3c7e:
movsx ebx, byte [eax + 0x2403]
jmp near loc_fffc3d51  ; jmp 0xfffc3d51

loc_fffc3c8a:
cmp ecx, 2
jmp near loc_fffc3d7c  ; jmp 0xfffc3d7c

loc_fffc3c92:
mov bl, byte [eax + 0x2404]

loc_fffc3c98:
not ebx
jmp near loc_fffc3d25  ; jmp 0xfffc3d25

loc_fffc3c9f:
mov bl, byte [eax + 0x2406]
jmp short loc_fffc3cdd  ; jmp 0xfffc3cdd

loc_fffc3ca7:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3d87  ; jmp 0xfffc3d87

loc_fffc3cb2:
mov bl, byte [eax + 0x2406]
jmp short loc_fffc3d14  ; jmp 0xfffc3d14

loc_fffc3cba:
mov bl, byte [eax + 0x2404]

loc_fffc3cc0:
shr bl, 1
jmp short loc_fffc3d22  ; jmp 0xfffc3d22

loc_fffc3cc4:
mov bl, byte [eax + 0x2404]
jmp short loc_fffc3d09  ; jmp 0xfffc3d09

loc_fffc3ccc:
mov bl, byte [eax + 0x2404]
jmp near loc_fffc3d87  ; jmp 0xfffc3d87

loc_fffc3cd7:
mov bl, byte [eax + 0x2404]

loc_fffc3cdd:
shr bl, 5
jmp short loc_fffc3d22  ; jmp 0xfffc3d22

loc_fffc3ce2:
mov bl, byte [eax + 0x2404]
jmp short loc_fffc3d1f  ; jmp 0xfffc3d1f

loc_fffc3cea:
movsx ebx, byte [eax + 0x2404]
jmp short loc_fffc3d51  ; jmp 0xfffc3d51

loc_fffc3cf3:
mov bl, byte [eax + 0x2405]
jmp short loc_fffc3c98  ; jmp 0xfffc3c98

loc_fffc3cfb:
mov bl, byte [eax + 0x2405]
jmp short loc_fffc3cc0  ; jmp 0xfffc3cc0

loc_fffc3d03:
mov bl, byte [eax + 0x2405]

loc_fffc3d09:
shr bl, 2
jmp short loc_fffc3d22  ; jmp 0xfffc3d22

loc_fffc3d0e:
mov bl, byte [eax + 0x2405]

loc_fffc3d14:
shr bl, 3
jmp short loc_fffc3d22  ; jmp 0xfffc3d22

loc_fffc3d19:
mov bl, byte [eax + 0x2405]

loc_fffc3d1f:
shr bl, 6

loc_fffc3d22:
xor ebx, 1

loc_fffc3d25:
and ebx, 1
jmp near loc_fffc3daf  ; jmp 0xfffc3daf

loc_fffc3d2d:
mov ebx, 1
test byte [eax + 0x2405], 0x20
je short loc_fffc3daf  ; je 0xfffc3daf
cmp dword [eax + 0x188b], 0

loc_fffc3d42:
sete bl

loc_fffc3d45:
movzx ebx, bl
jmp short loc_fffc3daf  ; jmp 0xfffc3daf

loc_fffc3d4a:
movsx ebx, byte [eax + 0x2405]

loc_fffc3d51:
not ebx
shr ebx, 0x1f
jmp short loc_fffc3daf  ; jmp 0xfffc3daf

loc_fffc3d58:
mov ebx, 1
test byte [eax + 0x2406], 1
je short loc_fffc3daf  ; je 0xfffc3daf

loc_fffc3d66:
cmp ecx, 3
jmp short loc_fffc3d42  ; jmp 0xfffc3d42

loc_fffc3d6b:
mov ebx, 1
test byte [eax + 0x2404], 8
je short loc_fffc3daf  ; je 0xfffc3daf

loc_fffc3d79:
cmp ecx, 3

loc_fffc3d7c:
setne bl
jmp short loc_fffc3d45  ; jmp 0xfffc3d45

loc_fffc3d81:
mov bl, byte [eax + 0x2405]

loc_fffc3d87:
shr bl, 4
jmp short loc_fffc3d22  ; jmp 0xfffc3d22

loc_fffc3d8c:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3cc0  ; jmp 0xfffc3cc0

loc_fffc3d97:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3d09  ; jmp 0xfffc3d09

loc_fffc3da2:
mov bl, byte [eax + 0x2406]
jmp near loc_fffc3d1f  ; jmp 0xfffc3d1f

loc_fffc3dad:
xor ebx, ebx

loc_fffc3daf:
push ecx
push 0
push edx
push eax
call dword [esi + 0x90]  ; ucall
lea esp, [ebp - 8]
or eax, ebx
pop ebx
pop esi
pop ebp
ret

fcn_fffc3dc3:
push ebp
xor ecx, ecx
mov ebp, esp
push esi
push ebx
sub esp, 0x400

loc_fffc3dd0:
mov ebx, ecx
mov esi, 8

loc_fffc3dd7:
test bl, 1
je short loc_fffc3de6  ; je 0xfffc3de6
shr ebx, 1
xor ebx, 0xedb88320
jmp short loc_fffc3de8  ; jmp 0xfffc3de8

loc_fffc3de6:
shr ebx, 1

loc_fffc3de8:
dec esi
jne short loc_fffc3dd7  ; jne 0xfffc3dd7
mov dword [ebp + ecx*4 - 0x408], ebx
inc ecx
cmp ecx, 0x100
jne short loc_fffc3dd0  ; jne 0xfffc3dd0
or ecx, 0xffffffff
xor ebx, ebx

loc_fffc3e00:
cmp ebx, edx
je short loc_fffc3e1b  ; je 0xfffc3e1b
mov esi, ecx
xor cl, byte [eax + ebx]
inc ebx
shr esi, 8
movzx ecx, cl
xor esi, dword [ebp + ecx*4 - 0x408]
mov ecx, esi
jmp short loc_fffc3e00  ; jmp 0xfffc3e00

loc_fffc3e1b:
add esp, 0x400
mov eax, ecx
pop ebx
not eax
pop esi
pop ebp
ret

fcn_fffc3e29:
cmp dword [eax + 0x39], 1
jne loc_fffc3f07  ; jne 0xfffc3f07
push ebp
add eax, 0x369
mov ebp, esp
push edi
push esi
push ebx
sub esp, 5
mov ebx, dword [edx + 9]
mov dword [ebp - 0x10], eax
mov byte [ebp - 0x11], 2

loc_fffc3e4b:
mov ecx, dword [ebp - 0x10]
xor esi, esi

loc_fffc3e50:
movzx edi, byte [ebx + 0x10]
mov word [ecx - 0x18], di
mov di, word [ebx + 8]
mov word [ecx - 0x16], di
mov di, word [ebx + 0x20]
mov word [ecx - 0x14], di
mov di, word [ebx + 0x1e]
mov word [ecx - 0x12], di
mov di, word [ebx + 0xe]
mov word [ecx - 0x10], di
mov di, word [ebx + 0x1c]
mov word [ecx - 0xe], di
mov di, word [ebx + 0xa]
mov word [ecx - 0xc], di
mov di, word [ebx + 0x22]
mov word [ecx - 0xa], di
mov di, word [ebx + 0x14]
mov word [ecx - 8], di
mov di, word [ebx + 0xc]
mov word [ecx - 2], di
cmp byte [edx], 5
jbe short loc_fffc3eae  ; jbe 0xfffc3eae
mov di, word [ebx + 0x68]
mov word [ecx], di
jmp short loc_fffc3eb3  ; jmp 0xfffc3eb3

loc_fffc3eae:
mov word [ecx], 0

loc_fffc3eb3:
mov di, word [ebx + 0x16]
inc esi
add ecx, 0x277
mov eax, esi
mov word [ecx - 0x275], di
mov di, word [ebx + 0x1a]
mov word [ecx - 0x26f], di
mov di, word [ebx + 0x12]
mov word [ecx - 0x26d], di
mov di, word [ebx + 0x18]
mov word [ecx - 0x26b], di
cmp al, 2
jne loc_fffc3e50  ; jne 0xfffc3e50
add dword [ebp - 0x10], 0x54a
dec byte [ebp - 0x11]
jne loc_fffc3e4b  ; jne 0xfffc3e4b
add esp, 5
pop ebx
pop esi
pop edi
pop ebp

loc_fffc3f07:
ret

fcn_fffc3f08:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov ebx, dword [ebp + 8]
cmp dword [ebx + 0x1887], 0x306d0
je short loc_fffc3f54  ; je 0xfffc3f54

loc_fffc3f20:  ; not directly referenced
mov ecx, 0x14
mov edx, 0x5f08
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebx + 0x3756], 2
jne loc_fffc407f  ; jne 0xfffc407f
mov ecx, 0x3000
mov edx, 0x48a8
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffc407f  ; jmp 0xfffc407f

loc_fffc3f54:  ; not directly referenced
cmp byte [ebx + 0x18ed], 0
je short loc_fffc3f20  ; je 0xfffc3f20
mov eax, dword [ebx + 0x36e8]
sub eax, 2
cmp eax, 1
ja short loc_fffc3f20  ; ja 0xfffc3f20
mov dl, 0x10

loc_fffc3f6d:  ; not directly referenced
mov eax, ebx
mov dword [ebp - 0x2c], edx
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov edx, dword [ebp - 0x2c]
dec dl
jne short loc_fffc3f6d  ; jne 0xfffc3f6d
cmp dword [ebx + 0x36e8], 3
jne short loc_fffc3f20  ; jne 0xfffc3f20
mov eax, dword [ebx + 0x2443]
mov esi, dword [ebx + 0x5edc]
push edi
push 0
push 0x10
lea edi, [ebp - 0x28]
push edi
mov dword [ebp - 0x3c], eax
call dword [eax + 0x5c]  ; ucall
lea eax, [ebx + 0x3756]
add esp, 0x10
mov dword [ebp - 0x30], eax
lea eax, [esi + 0x70]
mov dword [ebp - 0x34], eax
lea eax, [ebx + 0x2490]
mov dword [ebp - 0x2c], 0
mov dword [ebp - 0x40], eax
mov dword [ebp - 0x44], edi

loc_fffc3fc7:  ; not directly referenced
mov eax, dword [ebp - 0x30]
cmp dword [eax], 2
je short loc_fffc3feb  ; je 0xfffc3feb

loc_fffc3fcf:  ; not directly referenced
inc dword [ebp - 0x2c]
add dword [ebp - 0x30], 0x13c3
add dword [ebp - 0x34], 0xcc
cmp dword [ebp - 0x2c], 2
jne short loc_fffc3fc7  ; jne 0xfffc3fc7
jmp near loc_fffc3f20  ; jmp 0xfffc3f20

loc_fffc3feb:  ; not directly referenced
mov cl, byte [ebp - 0x2c]
xor esi, esi
xor edx, edx
mov dword [ebp - 0x38], 1
shl dword [ebp - 0x38], cl

loc_fffc3ffc:  ; not directly referenced
mov edi, dword [ebp - 0x30]
mov eax, 1
mov ecx, esi
shl eax, cl
test byte [edi + 0xc4], al
je short loc_fffc4074  ; je 0xfffc4074
test edx, edx
jne short loc_fffc4074  ; jne 0xfffc4074
mov edx, dword [ebp - 0x2c]
mov ecx, eax
mov eax, ebx
call fcn_fffaac43  ; call 0xfffaac43
movzx edi, al
test dword [ebp - 0x38], edi
je short loc_fffc403f  ; je 0xfffc403f
push ecx
push 0
movzx eax, byte [ebx + 0x2488]
push eax
mov eax, dword [ebp - 0x3c]
push dword [ebp - 0x34]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffc403f:  ; not directly referenced
sub esp, 0xc
mov ecx, 0x11
push 0
mov edx, edi
mov eax, ebx
call fcn_fffb26ca  ; call 0xfffb26ca
mov ecx, edi
pop eax
mov eax, ebx
pop edx
mov edx, dword [ebp - 0x40]
push 0
push dword [ebp - 0x44]
push 1
push 1
push 2
push esi
call fcn_fffc6051  ; call 0xfffc6051
add esp, 0x20
mov edx, 1

loc_fffc4074:  ; not directly referenced
inc esi
cmp esi, 4
jne short loc_fffc3ffc  ; jne 0xfffc3ffc
jmp near loc_fffc3fcf  ; jmp 0xfffc3fcf

loc_fffc407f:  ; not directly referenced
cmp dword [ebx + 0x4b19], 2
jne short loc_fffc4099  ; jne 0xfffc4099
mov ecx, 0x3000
mov edx, 0x48b0
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc4099:  ; not directly referenced
mov eax, ebx
call fcn_fffae778  ; call 0xfffae778
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc40aa:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x60
mov edi, dword [ebp + 8]
mov eax, dword [edi + 0x5edc]
mov esi, dword [edi + 0x188b]
mov dword [ebp - 0x44], eax
mov eax, dword [edi + 0x2443]
mov ebx, eax
mov dword [ebp - 0x48], eax
mov eax, dword [edi + 0x1887]
mov dword [ebp - 0x4c], eax
mov eax, dword [edi + 0x1883]
mov dword [ebp - 0x50], eax
mov al, byte [edi + 0x248d]
push 0
push 0x10
mov byte [ebp - 0x5b], al
lea eax, [ebp - 0x28]
push eax
mov eax, ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp byte [edi + 0x36c9], 0
jne short loc_fffc410e  ; jne 0xfffc410e
xor ebx, ebx
test esi, esi
je loc_fffc4551  ; je 0xfffc4551

loc_fffc410e:  ; not directly referenced
cmp dword [edi + 0x2480], 3
mov ecx, 0xa
sete bl
jne short loc_fffc4156  ; jne 0xfffc4156
cmp dword [ebp - 0x50], 3
sete dl
cmp dword [ebp - 0x4c], 0x306d0
sete al
test dl, al
jne loc_fffc453a  ; jne 0xfffc453a
cmp dword [ebp - 0x50], 0
sete dl
cmp dword [ebp - 0x4c], 0x40670
sete al
test dl, al
jne loc_fffc453a  ; jne 0xfffc453a
mov ecx, 6

loc_fffc4156:  ; not directly referenced
mov dword [ebp - 0x58], 0

loc_fffc415d:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov al, byte [eax + 0x14]
and eax, 0x7f
mov dl, al
or edx, 0xffffff80
test al, 0x40
cmovne eax, edx
cbw
lea eax, [eax + eax*4]
add eax, eax
dec esi
mov word [ebp - 0x5a], ax
sete al
test al, bl
je loc_fffc428d  ; je 0xfffc428d
mov eax, dword [ebp - 0x44]
lea ebx, [ebp - 0x34]
mov dword [ebp - 0x40], 0
lea esi, [eax + 0x1c]

loc_fffc4197:  ; not directly referenced
cmp byte [esi + 0xb5], 0
je short loc_fffc41b9  ; je 0xfffc41b9

loc_fffc41a0:  ; not directly referenced
inc dword [ebp - 0x40]
add esi, 0xcc
cmp dword [ebp - 0x40], 2
jne short loc_fffc4197  ; jne 0xfffc4197
mov ecx, 0xa
jmp near loc_fffc428d  ; jmp 0xfffc428d

loc_fffc41b9:  ; not directly referenced
imul eax, dword [ebp - 0x40], 0x13c3
mov byte [esi + 0xb5], 0xff
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x60], eax

loc_fffc41d1:  ; not directly referenced
mov cl, byte [ebp - 0x3c]
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x60]
test byte [edi + ecx + 0x381a], al
jne short loc_fffc41f2  ; jne 0xfffc41f2

loc_fffc41e7:  ; not directly referenced
inc dword [ebp - 0x3c]
cmp dword [ebp - 0x3c], 4
jne short loc_fffc41d1  ; jne 0xfffc41d1
jmp short loc_fffc41a0  ; jmp 0xfffc41a0

loc_fffc41f2:  ; not directly referenced
mov ecx, dword [ebp - 0x3c]
mov edx, dword [ebp - 0x40]
movzx eax, cl
lea eax, [esi + eax*4 + 0xb6]
mov dword [ebp - 0x54], eax
push eax
push eax
mov eax, edi
push ebx
push 5
call fcn_fffa686d  ; call 0xfffa686d
mov ecx, dword [ebp - 0x3c]
pop eax
pop edx
mov edx, dword [ebp - 0x40]
lea eax, [ebp - 0x30]
push eax
mov eax, edi
push 6
call fcn_fffa686d  ; call 0xfffa686d
mov edx, dword [ebp - 0x40]
pop ecx
pop eax
mov ecx, dword [ebp - 0x3c]
lea eax, [ebp - 0x2c]
push eax
mov eax, edi
push 7
call fcn_fffa686d  ; call 0xfffa686d
add esp, 0x10
xor eax, eax

loc_fffc4240:  ; not directly referenced
mov dl, byte [eax + ebx]
mov ecx, dword [ebp - 0x54]
mov byte [ecx + eax], dl
mov dl, byte [eax + ebx]
cmp dl, 1
je short loc_fffc4258  ; je 0xfffc4258
cmp dl, 3
je short loc_fffc426d  ; je 0xfffc426d
jmp short loc_fffc4282  ; jmp 0xfffc4282

loc_fffc4258:  ; not directly referenced
cmp byte [eax + ebp - 0x30], 1
jne short loc_fffc426d  ; jne 0xfffc426d
cmp byte [ebp + eax - 0x2c], 0
jne short loc_fffc426d  ; jne 0xfffc426d
mov byte [esi + 0xb5], 1

loc_fffc426d:  ; not directly referenced
cmp byte [eax + ebp - 0x30], 0
jne short loc_fffc4282  ; jne 0xfffc4282
cmp byte [ebp + eax - 0x2c], 0
jne short loc_fffc4282  ; jne 0xfffc4282
mov byte [esi + 0xb5], 1

loc_fffc4282:  ; not directly referenced
inc eax
cmp eax, 4
jne short loc_fffc4240  ; jne 0xfffc4240
jmp near loc_fffc41e7  ; jmp 0xfffc41e7

loc_fffc428d:  ; not directly referenced
movzx edx, byte [edi + 0x248e]
sub esp, 0xc
mov eax, edi
push 0
xor ebx, ebx
call fcn_fffb2759  ; call 0xfffb2759
mov eax, dword [ebp - 0x44]
add esp, 0x10
mov byte [ebp - 0x3c], 0
lea esi, [eax + 0x70]

loc_fffc42af:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, ebx
movzx ecx, byte [edi + eax + 0x381a]
mov eax, edi
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0x3c], al
movzx ecx, byte [ebp - 0x3c]
bt ecx, ebx
jae short loc_fffc42ed  ; jae 0xfffc42ed
push edx
push 0
movzx eax, byte [edi + 0x2488]
mov dword [ebp - 0x40], ecx
push eax
mov eax, dword [ebp - 0x48]
push esi
call dword [eax + 0x64]  ; ucall
mov ecx, dword [ebp - 0x40]
add esp, 0x10

loc_fffc42ed:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne short loc_fffc42af  ; jne 0xfffc42af
push eax
push eax
push 0
lea eax, [ebp - 0x28]
push eax
mov eax, edi
push 0x36
push 0
push 0xd
lea edx, [edi + 0x2490]
push 0
call fcn_fffc6051  ; call 0xfffc6051
add esp, 0x14
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
mov eax, dword [ebp - 0x58]
add esp, 0x10
movsx edx, word [ebp - 0x5a]
xor ecx, ecx
mov dword [ebp - 0x48], 0x3e8
mov dword [ebp - 0x54], 0
add eax, 0x1e
mov dword [ebp - 0x40], 0x7fffffff
sub eax, edx
mov dword [ebp - 0x3c], 0x7fffffff

loc_fffc434c:  ; not directly referenced
imul edx, ecx, 0x13c3
cmp dword [edi + edx + 0x3756], 2
jne short loc_fffc43a9  ; jne 0xfffc43a9
imul edx, ecx, 0x48
mov esi, dword [ebp - 0x3c]
mov ebx, dword [edi + edx + 0x3450]
mov edx, dword [edi + edx + 0x3454]
cmp esi, ebx
cmovle ebx, esi
mov esi, dword [ebp - 0x40]
mov dword [ebp - 0x3c], ebx
mov ebx, dword [ebp - 0x44]
cmp esi, edx
cmovle edx, esi
mov esi, dword [ebp - 0x48]
mov dword [ebp - 0x40], edx
imul edx, ecx, 0xcc
cmp byte [ebx + edx + 0xd1], 0
mov edx, 1
cmovle edx, dword [ebp - 0x54]
cmovg esi, eax
mov dword [ebp - 0x48], esi
mov dword [ebp - 0x54], edx

loc_fffc43a9:  ; not directly referenced
inc ecx
cmp ecx, 2
jne short loc_fffc434c  ; jne 0xfffc434c
mov eax, dword [ebp - 0x40]
sub eax, dword [ebp - 0x3c]
cdq
idiv ecx
cmp dword [ebp - 0x50], 3
seta dl
cmp dword [ebp - 0x4c], 0x306d0
mov dword [ebp - 0x44], eax
sete al
test dl, al
jne short loc_fffc43ea  ; jne 0xfffc43ea
cmp dword [ebp - 0x50], 0
mov ebx, 1
setne dl
cmp dword [ebp - 0x4c], 0x40670
sete al
test dl, al
je short loc_fffc4449  ; je 0xfffc4449

loc_fffc43ea:  ; not directly referenced
cmp dword [edi + 0x2480], 2
mov ebx, 1
je short loc_fffc4449  ; je 0xfffc4449
movsx eax, word [ebp - 0x5a]
mov ecx, 1
mov edx, 0xd
mov esi, eax
mov dword [ebp - 0x4c], eax
mov eax, edi
call fcn_fffb13cf  ; call 0xfffb13cf
mov ecx, dword [ebp - 0x40]
mov edx, esi
add ecx, esi
mov esi, 0
cmovs ecx, esi
mov esi, dword [ebp - 0x3c]
sub esi, edx
mov edx, esi
mov esi, 0
cmovs edx, esi
cmp ecx, edx
cmovle edx, ecx
shr ax, 1
movzx eax, ax
cmp edx, eax
jbe short loc_fffc4449  ; jbe 0xfffc4449
mov eax, dword [ebp - 0x4c]
xor bl, bl
neg eax
mov dword [ebp - 0x44], eax

loc_fffc4449:  ; not directly referenced
mov eax, dword [ebp - 0x48]
cmp dword [ebp - 0x44], eax
mov byte [edi + 0x369f], bl
setg al
test byte [ebp - 0x54], al
je short loc_fffc4469  ; je 0xfffc4469
mov eax, dword [ebp - 0x48]
test ebx, ebx
cmove eax, dword [ebp - 0x44]
mov dword [ebp - 0x44], eax

loc_fffc4469:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov ecx, 0xa
push 0
push 0
push 0
cdq
idiv ecx
push 0
push eax
push 1
push 2
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x14
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
mov edx, 0xd
xor ecx, ecx
mov dword [ebp - 0x48], eax
mov eax, edi
call fcn_fffb13cf  ; call 0xfffb13cf
mov esi, dword [ebp - 0x40]
add esp, 0x10
mov ebx, dword [ebp - 0x3c]
lea edx, [esi + ebx]
shr ax, 1
movzx eax, ax
cmp edx, eax
jb short loc_fffc44d0  ; jb 0xfffc44d0

loc_fffc44b7:  ; not directly referenced
mov esi, dword [ebp - 0x44]
lea eax, [edi + 0x3450]
xor ecx, ecx
mov ebx, dword [ebp - 0x40]
mov edx, dword [ebp - 0x3c]
sub ebx, esi
add edx, esi
mov esi, ebx
jmp short loc_fffc44f4  ; jmp 0xfffc44f4

loc_fffc44d0:  ; not directly referenced
cmp byte [edi + 0x1965], 0
je short loc_fffc44b7  ; je 0xfffc44b7
cmp dword [edi + 0x188b], 1
mov ebx, 0xc
jne short loc_fffc44b7  ; jne 0xfffc44b7
jmp short loc_fffc4551  ; jmp 0xfffc4551

loc_fffc44e9:  ; not directly referenced
inc ecx
add eax, 0x90
cmp ecx, 4
je short loc_fffc4507  ; je 0xfffc4507

loc_fffc44f4:  ; not directly referenced
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x5b], bl
je short loc_fffc44e9  ; je 0xfffc44e9
mov dword [eax], edx
mov dword [eax + 4], esi
jmp short loc_fffc44e9  ; jmp 0xfffc44e9

loc_fffc4507:  ; not directly referenced
cmp dword [edi + 0x3756], 2
jne short loc_fffc451e  ; jne 0xfffc451e
xor cl, cl
mov edx, 0x4198
mov eax, edi
call fcn_fffae566  ; call 0xfffae566

loc_fffc451e:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
mov ebx, dword [ebp - 0x48]
jne short loc_fffc4551  ; jne 0xfffc4551
xor ecx, ecx
mov edx, 0x4598
mov eax, edi
call fcn_fffae566  ; call 0xfffae566
jmp short loc_fffc4551  ; jmp 0xfffc4551

loc_fffc453a:  ; not directly referenced
mov eax, dword [ebp - 0x44]
mov ecx, 6
imul eax, dword [eax + 0x1b4], 0xa
mov dword [ebp - 0x58], eax
jmp near loc_fffc415d  ; jmp 0xfffc415d

loc_fffc4551:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc455b:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 8
mov esi, dword [ebp + 8]
mov ebx, dword [ebp + 0x14]
mov dword [ebp - 0x10], esi
mov esi, dword [ebp + 0xc]
mov edi, ebx
shr edi, 0x1d
and edi, 1
mov dword [ebp - 0x14], esi
mov esi, dword [ebp + 0x10]
cmp ax, di
jne short loc_fffc45f0  ; jne 0xfffc45f0
test dword [ebp + 0x18], 0x800
jne short loc_fffc45d4  ; jne 0xfffc45d4
mov eax, ebx
shr eax, 0xc
and eax, 1
cmp dx, ax
jne short loc_fffc45f0  ; jne 0xfffc45f0
mov eax, ebx
shr eax, 0xb
and eax, 1
cmp cx, ax
jne short loc_fffc45f0  ; jne 0xfffc45f0
mov edx, ebx
shr edx, 8
and edx, 7

loc_fffc45ae:  ; not directly referenced
xor eax, eax
cmp word [ebp - 0x10], dx
jne short loc_fffc45f2  ; jne 0xfffc45f2
mov edx, ebx
shr edx, 0xd
cmp word [ebp - 0x14], dx
jne short loc_fffc45f2  ; jne 0xfffc45f2
movzx ebx, bl
and esi, 0xfffffff8
shl ebx, 3
xor eax, eax
cmp si, bx
sete al
jmp short loc_fffc45f2  ; jmp 0xfffc45f2

loc_fffc45d4:  ; not directly referenced
test dx, dx
jne short loc_fffc45f0  ; jne 0xfffc45f0
mov eax, ebx
shr eax, 0xc
and eax, 1
cmp cx, ax
jne short loc_fffc45f0  ; jne 0xfffc45f0
mov edx, ebx
shr edx, 8
and edx, 0xf
jmp short loc_fffc45ae  ; jmp 0xfffc45ae

loc_fffc45f0:  ; not directly referenced
xor eax, eax

loc_fffc45f2:  ; not directly referenced
pop edx
pop ecx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc45f9:  ; not directly referenced
push ebp
xor eax, eax
mov ebp, esp
mov ecx, 8
push edi
mov edx, 0xcf8
push esi
push ebx
lea edi, [ebp - 0xe8]
sub esp, 0x198
mov ebx, dword [ebp + 8]
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0xf8]
mov dword [ebp - 0xbc], fcn_fffaafc2  ; mov dword [ebp - 0xbc], 0xfffaafc2
mov dword [ebp - 0xb0], fcn_fffaafda  ; mov dword [ebp - 0xb0], 0xfffaafda
mov dword [ebp - 0x5c], fcn_fffab0f8  ; mov dword [ebp - 0x5c], 0xfffab0f8
mov dword [ebp - 0x58], fcn_fffab0ef  ; mov dword [ebp - 0x58], 0xfffab0ef
mov dword [ebp - 0xa4], fcn_fffb3d4e  ; mov dword [ebp - 0xa4], 0xfffb3d4e
mov cl, 4
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, 0x80000048
mov dword [ebp - 0xa0], fcn_fffb3dc0  ; mov dword [ebp - 0xa0], 0xfffb3dc0
mov dword [ebp - 0x7c], fcn_fffc3868  ; mov dword [ebp - 0x7c], 0xfffc3868
mov dword [ebp - 0x78], fcn_fffc3844  ; mov dword [ebp - 0x78], 0xfffc3844
out dx, eax
push 0xcfc
call fcn_fffaafc2  ; call 0xfffaafc2
add esp, 0x10
mov esi, eax
test al, 1
jne short loc_fffc468a  ; jne 0xfffc468a

loc_fffc4683:  ; not directly referenced
xor eax, eax
jmp near loc_fffc5449  ; jmp 0xfffc5449

loc_fffc468a:  ; not directly referenced
push 0x60
mov edi, dword [ebp - 0xb0]
push 0
push 0
push 0
call dword [ebp - 0x7c]  ; ucall
pop edx
pop ecx
push eax
push 0xcf8
call edi
mov dword [esp], 0xcfc
call dword [ebp - 0xbc]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffc4683  ; je 0xfffc4683
and eax, 0xfffffff8
mov edi, eax
call fcn_fffa6801  ; call 0xfffa6801
mov dword [ebp - 0x12c], 0
cmp eax, 0x40660
setne cl
cmp eax, 0x306c0
setne dl
test cl, dl
je short loc_fffc46f2  ; je 0xfffc46f2
cmp eax, 0x40650
setne al
movzx eax, al
mov dword [ebp - 0x12c], eax

loc_fffc46f2:  ; not directly referenced
push 0xbc
and esi, 0xfffffffe
push 0
push 0
push 0
call dword [ebp - 0x78]  ; ucall
add eax, edi
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
push 0x90
push 0
push 0
push 0
mov dword [ebp - 0x168], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add eax, edi
push eax
call dword [ebp - 0xa0]  ; ucall
push 0x98
push 0
push 0
push 0
mov dword [ebp - 0x184], edx
mov dword [ebp - 0x180], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add edi, eax
push edi
call dword [ebp - 0xa0]  ; ucall
mov dword [ebp - 0x188], eax
lea eax, [esi + 0x5024]
mov dword [ebp - 0x18c], edx
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x14c], eax
lea eax, [esi + 0x5014]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x150], eax
lea eax, [esi + 0x5000]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x114], eax
lea eax, [esi + 0x5004]
add esi, 0x5008
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [esp], esi
mov edi, eax
call dword [ebp - 0xa4]  ; ucall
mov cl, byte [ebx + 4]
add esp, 0x10
mov dx, word [ebx + 5]
mov dword [ebp - 0x104], edi
mov dword [ebp - 0xfc], 0
mov byte [ebp - 0x110], cl
mov cl, byte [ebx + 3]
mov word [ebp - 0x12e], dx
mov dx, word [ebx + 7]
mov dword [ebp - 0x100], eax
mov byte [ebp - 0x134], cl
mov cl, byte [ebx + 2]
mov word [ebp - 0x130], dx
mov dl, byte [ebx + 1]
mov al, cl
or eax, edx
mov byte [ebp - 0x151], cl
test al, 0xfe
je short loc_fffc481b  ; je 0xfffc481b

loc_fffc4814:  ; not directly referenced
xor eax, eax
jmp near loc_fffc5449  ; jmp 0xfffc5449

loc_fffc481b:  ; not directly referenced
movzx eax, dl
movzx edx, byte [ebp - 0x151]
mov esi, dword [ebp + eax*4 - 0x104]
mov dword [ebp - 0x140], eax
mov dword [ebp - 0x16c], 0
mov eax, esi
shr eax, 0x10
and eax, 1
xor eax, edx
mov edx, esi
movzx eax, ax
test eax, eax
mov dword [ebp - 0x148], eax
mov dword [ebp - 0x170], eax
lea eax, [ebp - 0xc4]
je short loc_fffc4868  ; je 0xfffc4868
call fcn_fffc3bda  ; call 0xfffc3bda
jmp short loc_fffc486d  ; jmp 0xfffc486d

loc_fffc4868:  ; not directly referenced
call fcn_fffc3bf5  ; call 0xfffc3bf5

loc_fffc486d:  ; not directly referenced
mov dword [ebp - 0x124], edx
mov edx, dword [ebp - 0x124]
mov dword [ebp - 0x128], eax
mov eax, dword [ebp - 0x128]
mov edi, edx
or edi, eax
je short loc_fffc4814  ; je 0xfffc4814
movzx eax, byte [ebp - 0x134]
mov dword [ebp - 0x144], eax
test al, 0xfe
jne loc_fffc4814  ; jne 0xfffc4814
cmp dword [ebp - 0x148], 0
mov ebx, esi
je short loc_fffc48b0  ; je 0xfffc48b0
shr ebx, 0x12
jmp short loc_fffc48b3  ; jmp 0xfffc48b3

loc_fffc48b0:  ; not directly referenced
shr ebx, 0x11

loc_fffc48b3:  ; not directly referenced
and ebx, 1
cmp byte [ebp - 0x134], 0
mov eax, ebx
setne cl
xor eax, 1
mov byte [ebp - 0x152], cl
test cl, al
jne loc_fffc4814  ; jne 0xfffc4814
cmp dword [ebp - 0x148], 0
mov ecx, esi
mov edx, dword [ebp - 0x114]
lea eax, [ebp - 0xc4]
je short loc_fffc48fe  ; je 0xfffc48fe
call fcn_fffb8408  ; call 0xfffb8408
test esi, 0x100000
mov word [ebp - 0x118], ax
jmp short loc_fffc4910  ; jmp 0xfffc4910

loc_fffc48fe:  ; not directly referenced
call fcn_fffb8396  ; call 0xfffb8396
test esi, 0x80000
mov word [ebp - 0x118], ax

loc_fffc4910:  ; not directly referenced
je short loc_fffc4919  ; je 0xfffc4919
mov eax, 0x10
jmp short loc_fffc4930  ; jmp 0xfffc4930

loc_fffc4919:  ; not directly referenced
mov eax, dword [ebp - 0x114]
shr eax, 0xa
and eax, 1
cmp eax, 1
sbb eax, eax
and eax, 0xffffffe8
add eax, 0x20

loc_fffc4930:  ; not directly referenced
mov edi, dword [ebp - 0x114]
shr edi, 0xb
mov dword [ebp - 0x13c], edi
movzx edi, byte [ebp - 0x110]
and dword [ebp - 0x13c], 1
cmp ax, 8
sete dl
mov byte [ebp - 0x120], dl
and edx, dword [ebp - 0x13c]
mov dword [ebp - 0x138], edi
movzx eax, dl
shl eax, 3
or eax, 7
not eax
test edi, eax
jne loc_fffc4814  ; jne 0xfffc4814
push eax
mov al, byte [ebp - 0x118]
add eax, ebx
add edx, eax
movzx edx, dl
push edx
push dword [ebp - 0x124]
push dword [ebp - 0x128]
call dword [ebp - 0x58]  ; ucall
movzx edi, word [ebp - 0x130]
add esp, 0x10
mov dword [ebp - 0x160], eax
neg eax
mov dword [ebp - 0x15c], edx
test eax, edi
jne loc_fffc4814  ; jne 0xfffc4814
movzx eax, word [ebp - 0x12e]
mov cl, byte [ebp - 0x118]
mov edx, eax
mov dword [ebp - 0x174], eax
mov eax, 1
shl eax, cl
dec eax
movzx eax, ax
not eax
test edx, eax
jne loc_fffc4814  ; jne 0xfffc4814
mov eax, esi
shr eax, 0x15
mov dword [ebp - 0x178], eax
and eax, 1
mov dword [ebp - 0x158], eax
mov eax, esi
shr eax, 0x1a
mov dword [ebp - 0x17c], eax
and eax, 1
mov dword [ebp - 0x164], eax
mov eax, esi
shr eax, 0x16
mov dword [ebp - 0x128], eax
and dword [ebp - 0x128], 1
cmp dword [ebp - 0x13c], 0
je loc_fffc4d7f  ; je 0xfffc4d7f
push eax
mov eax, dword [ebp - 0x110]
xor edx, edx
push 8
push edx
and eax, 3
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 2
mov dword [ebp - 0x190], eax
mov al, byte [ebp - 0x110]
mov dword [ebp - 0x194], edx
xor edx, edx
push edx
and eax, 4
movzx eax, al
push eax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x118], eax
mov eax, dword [ebp - 0x190]
or dword [ebp - 0x118], eax
mov eax, dword [ebp - 0x194]
mov dword [ebp - 0x13c], edx
mov edx, dword [ebp - 0x5c]
or dword [ebp - 0x13c], eax
test byte [ebp - 0x164], bl
je loc_fffc4b64  ; je 0xfffc4b64
mov ecx, esi
mov ebx, 1
shr ecx, 0x1b
and ecx, 7
add ecx, 4
shl ebx, cl
dec ebx
cmp byte [ebp - 0x120], 1
push esi
mov esi, dword [ebp - 0x144]
sbb eax, eax
add eax, 0xb
push eax
mov eax, dword [ebp - 0x130]
shl esi, cl
and eax, ebx
movzx ebx, bx
not ebx
movzx eax, ax
and ebx, edi
or eax, esi
add ebx, ebx
or eax, ebx
mov ebx, eax
sar ebx, 0x1f
push ebx
push eax
call edx
add esp, 0xc
push 7
mov esi, eax
mov al, byte [ebp - 0x110]
mov ebx, edx
xor edx, edx
push edx
and eax, 8
movzx eax, al
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
or eax, esi
or edx, ebx
or eax, dword [ebp - 0x118]
or edx, dword [ebp - 0x13c]
cmp dword [ebp - 0x128], 0
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
je loc_fffc4d3e  ; je 0xfffc4d3e
cmp byte [ebp - 0x120], 0
mov eax, dword [ebp - 0x58]
jne loc_fffc4cc9  ; jne 0xfffc4cc9
push ebx
push 3
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
mov edi, ebx
and eax, 0x300
xor eax, ecx
mov esi, eax
jmp near loc_fffc4d20  ; jmp 0xfffc4d20

loc_fffc4b64:  ; not directly referenced
cmp byte [ebp - 0x120], 1
sbb eax, eax
test byte [ebp - 0x158], bl
je loc_fffc4c25  ; je 0xfffc4c25
add eax, 0xc
xor ebx, ebx
push ecx
push eax
push ebx
push edi
call edx
add esp, 0xc
push 0xa
mov esi, eax
movzx eax, byte [ebp - 0x134]
mov ebx, edx
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 8
or esi, eax
mov al, byte [ebp - 0x110]
or ebx, edx
xor edx, edx
push edx
or esi, dword [ebp - 0x118]
and eax, 8
movzx eax, al
or ebx, dword [ebp - 0x13c]
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
or esi, eax
or ebx, edx
cmp dword [ebp - 0x128], 0
mov dword [ebp - 0x110], esi
mov dword [ebp - 0x10c], ebx
je loc_fffc4d3e  ; je 0xfffc4d3e
cmp byte [ebp - 0x120], 0
mov eax, dword [ebp - 0x58]
je loc_fffc4cc9  ; je 0xfffc4cc9
push esi
push 5
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
add esp, 0xc
push 0xc
mov edi, ebx
and eax, 0xf00
xor eax, ecx
mov esi, eax
jmp near loc_fffc4d25  ; jmp 0xfffc4d25

loc_fffc4c25:  ; not directly referenced
add eax, 0xb
push ebx
xor ebx, ebx
push eax
push ebx
push edi
call edx
add esp, 0xc
push 7
mov esi, eax
mov al, byte [ebp - 0x110]
mov ebx, edx
xor edx, edx
push edx
and eax, 8
movzx eax, al
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
or eax, esi
or edx, ebx
or eax, dword [ebp - 0x118]
or edx, dword [ebp - 0x13c]
cmp byte [ebp - 0x152], 0
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
je short loc_fffc4cb0  ; je 0xfffc4cb0
cmp byte [ebp - 0x120], 1
push ecx
sbb eax, eax
add eax, 0xb
push eax
push dword [ebp - 0x15c]
push dword [ebp - 0x160]
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
add esp, 0x10
or eax, ecx
or edx, ebx
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx

loc_fffc4cb0:  ; not directly referenced
cmp dword [ebp - 0x128], 0
je loc_fffc4d3e  ; je 0xfffc4d3e
cmp byte [ebp - 0x120], 0
mov eax, dword [ebp - 0x58]
je short loc_fffc4cf8  ; je 0xfffc4cf8

loc_fffc4cc9:  ; not directly referenced
push edx
push 4
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov ecx, dword [ebp - 0x110]
mov ebx, dword [ebp - 0x10c]
add esp, 0xc
push 0xb
mov edi, ebx
and eax, 0x700
xor eax, ecx
mov esi, eax
jmp short loc_fffc4d25  ; jmp 0xfffc4d25

loc_fffc4cf8:  ; not directly referenced
push edi
push 3
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
mov edx, dword [ebp - 0x110]
mov ecx, dword [ebp - 0x10c]
mov edi, ecx
and eax, 0x300
xor eax, edx
mov esi, eax

loc_fffc4d20:  ; not directly referenced
add esp, 0xc
push 0xa

loc_fffc4d25:  ; not directly referenced
push edi
push esi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x10c], edi
and eax, 1
xor eax, esi
mov dword [ebp - 0x110], eax

loc_fffc4d3e:  ; not directly referenced
mov cx, word [ebp - 0x12e]
mov ebx, dword [ebp - 0x10c]
shr cx, 2
and ecx, 0x3ffe
mov eax, ecx
cdq
mov eax, ecx
mov dword [ebp - 0x120], ecx
mov ecx, dword [ebp - 0x110]
mov dword [ebp - 0x11c], edx
or eax, ecx
mov esi, eax
mov eax, dword [ebp - 0x11c]
or eax, ebx
mov edi, eax
jmp near loc_fffc4f98  ; jmp 0xfffc4f98

loc_fffc4d7f:  ; not directly referenced
test byte [ebp - 0x164], bl
je short loc_fffc4de3  ; je 0xfffc4de3
mov ebx, esi
mov eax, 1
shr ebx, 0x1b
and ebx, 7
lea ecx, [ebx + 4]
shl eax, cl
mov ecx, eax
dec ecx
movzx eax, cx
and ecx, dword [ebp - 0x130]
not eax
and eax, edi
add eax, eax
movzx ecx, cx
push esi
or eax, ecx
push 0xa
cdq
push edx
push eax
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 0xe]
mov ebx, dword [ebp - 0x144]
shl ebx, cl
mov ecx, dword [ebp - 0x138]
shl ecx, 7
or ebx, ecx
mov edi, ebx
or eax, ebx
sar edi, 0x1f
mov dword [ebp - 0x110], eax
or edx, edi
jmp near loc_fffc4eec  ; jmp 0xfffc4eec

loc_fffc4de3:  ; not directly referenced
test byte [ebp - 0x158], bl
je loc_fffc4ea2  ; je 0xfffc4ea2
push ebx
xor edx, edx
push 0xb
push edx
push edi
xor edi, edi
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 9
mov dword [ebp - 0x110], eax
movzx eax, byte [ebp - 0x134]
mov dword [ebp - 0x120], edx
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov esi, dword [ebp - 0x138]
add esp, 0xc
push 8
push edi
push esi
mov dword [ebp - 0x134], eax
mov dword [ebp - 0x13c], edx
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 7
push edi
push esi
mov ebx, eax
call dword [ebp - 0x5c]  ; ucall
mov edi, dword [ebp - 0x134]
and ebx, 0x400
or edi, dword [ebp - 0x110]
add esp, 0x10
mov edx, edi
or edx, ebx
and eax, 0x180
mov edi, edx
or edi, eax
mov eax, dword [ebp - 0x13c]
or eax, dword [ebp - 0x120]
cmp dword [ebp - 0x128], 0
mov dword [ebp - 0x110], edi
mov dword [ebp - 0x10c], eax
je loc_fffc4f2f  ; je 0xfffc4f2f
mov ebx, dword [ebp - 0x110]
push ecx
mov esi, dword [ebp - 0x10c]
push 4
mov edi, ebx
and edi, 0x7800
jmp short loc_fffc4f15  ; jmp 0xfffc4f15

loc_fffc4ea2:  ; not directly referenced
mov ebx, dword [ebp - 0x138]
mov eax, edi
shl eax, 0xa
shl ebx, 7
or ebx, eax
mov eax, ebx
sar eax, 0x1f
cmp byte [ebp - 0x152], 0
mov dword [ebp - 0x110], ebx
mov dword [ebp - 0x10c], eax
je short loc_fffc4ef5  ; je 0xfffc4ef5
push edx
push 0xa
push dword [ebp - 0x15c]
push dword [ebp - 0x160]
call dword [ebp - 0x5c]  ; ucall
or edx, dword [ebp - 0x10c]
or ebx, eax
mov dword [ebp - 0x110], ebx

loc_fffc4eec:  ; not directly referenced
mov dword [ebp - 0x10c], edx
add esp, 0x10

loc_fffc4ef5:  ; not directly referenced
cmp dword [ebp - 0x128], 0
je short loc_fffc4f2f  ; je 0xfffc4f2f
mov ebx, dword [ebp - 0x110]
mov esi, dword [ebp - 0x10c]
push eax
push 3
mov edi, ebx
and edi, 0x1c00

loc_fffc4f15:  ; not directly referenced
xor edx, edx
push edx
push edi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
xor eax, ebx
xor edx, esi
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx

loc_fffc4f2f:  ; not directly referenced
cmp word [ebp - 0x118], 9
jne short loc_fffc4f4d  ; jne 0xfffc4f4d
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
jmp short loc_fffc4f69  ; jmp 0xfffc4f69

loc_fffc4f4d:  ; not directly referenced
cmp word [ebp - 0x118], 0xb
jne short loc_fffc4f78  ; jne 0xfffc4f78
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x5c]  ; ucall

loc_fffc4f69:  ; not directly referenced
mov dword [ebp - 0x110], eax
add esp, 0x10
mov dword [ebp - 0x10c], edx

loc_fffc4f78:  ; not directly referenced
mov ax, word [ebp - 0x12e]
mov edx, dword [ebp - 0x110]
mov ecx, dword [ebp - 0x10c]
shr ax, 3
movzx eax, ax
or eax, edx
mov edi, ecx
mov esi, eax

loc_fffc4f98:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov ebx, dword [ebp + eax*4 - 0x104]
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3bf5  ; call 0xfffc3bf5
mov dword [ebp - 0x110], eax
lea eax, [ebp - 0xc4]
mov dword [ebp - 0x10c], edx
mov edx, ebx
call fcn_fffc3bda  ; call 0xfffc3bda
mov ecx, dword [ebp - 0x17c]
or ecx, dword [ebp - 0x178]
and cl, 1
je short loc_fffc5033  ; je 0xfffc5033
cmp edi, edx
ja short loc_fffc502d  ; ja 0xfffc502d
jb short loc_fffc4fe6  ; jb 0xfffc4fe6
cmp esi, eax
jae short loc_fffc502d  ; jae 0xfffc502d

loc_fffc4fe6:  ; not directly referenced
push eax
push 1
push edi
push esi
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 9
push dword [ebp - 0x16c]
push dword [ebp - 0x170]
mov ebx, edx
mov dword [ebp - 0x110], eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
mov ecx, eax
mov eax, esi
and eax, 0x1ff
or edx, ebx
or ecx, eax
mov eax, dword [ebp - 0x110]
mov edi, edx
and eax, 0xfffffc00
or ecx, eax
mov esi, ecx
jmp short loc_fffc5048  ; jmp 0xfffc5048

loc_fffc502d:  ; not directly referenced
add esi, eax
adc edi, edx
jmp short loc_fffc5048  ; jmp 0xfffc5048

loc_fffc5033:  ; not directly referenced
cmp dword [ebp - 0x148], 0
je short loc_fffc5048  ; je 0xfffc5048
add esi, dword [ebp - 0x110]
adc edi, dword [ebp - 0x10c]

loc_fffc5048:  ; not directly referenced
mov ebx, dword [ebp - 0x114]
mov eax, ebx
and eax, 3
cmp eax, dword [ebp - 0x140]
push eax
movzx eax, byte [ebp - 0x150]
push 0x16
setne byte [ebp - 0x110]
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 2
mov dword [ebp - 0x128], eax
mov eax, dword [ebp - 0x150]
mov dword [ebp - 0x118], edx
xor edx, edx
push edx
and eax, 0xff000000
push eax
call dword [ebp - 0x5c]  ; ucall
mov ecx, ebx
add esp, 0x10
shr ecx, 6
mov dword [ebp - 0x120], ecx
and dword [ebp - 0x120], 1
cmp dword [ebp - 0x12c], 1
jne short loc_fffc50c0  ; jne 0xfffc50c0
mov ebx, dword [ebp - 0x128]
mov ecx, dword [ebp - 0x118]
jmp short loc_fffc50c4  ; jmp 0xfffc50c4

loc_fffc50c0:  ; not directly referenced
mov ebx, eax
mov ecx, edx

loc_fffc50c4:  ; not directly referenced
cmp dword [ebp - 0x120], 0
je short loc_fffc510b  ; je 0xfffc510b
mov ebx, dword [ebp - 0x114]
push eax
shr ebx, 7
and ebx, 7
push ebx
add ebx, 0x16
push 0
push 0x400000
call dword [ebp - 0x5c]  ; ucall
movzx eax, byte [ebp - 0x110]
add esp, 0xc
push ebx
xor edx, edx
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov ecx, eax
mov ebx, edx
or ecx, esi
or ebx, edi
mov eax, ecx
mov edx, ebx
jmp near loc_fffc51ca  ; jmp 0xfffc51ca

loc_fffc510b:  ; not directly referenced
cmp edi, ecx
ja loc_fffc51ea  ; ja 0xfffc51ea
jb short loc_fffc511d  ; jb 0xfffc511d
cmp esi, ebx
jae loc_fffc51ea  ; jae 0xfffc51ea

loc_fffc511d:  ; not directly referenced
push ebx
push 1
push edi
push esi
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
mov dword [ebp - 0x120], eax
mov dword [ebp - 0x11c], edx
test dword [ebp - 0x14c], 0x800000
je loc_fffc51cf  ; je 0xfffc51cf
mov edi, dword [ebp - 0x14c]
push ecx
mov esi, edi
shr esi, 0x15
and esi, 3
push esi
push edx
push eax
call dword [ebp - 0x58]  ; ucall
mov edx, dword [ebp - 0x11c]
add esp, 0xc
push esi
push 0
push 1
mov ebx, eax
mov eax, dword [ebp - 0x120]
and ebx, 1
mov dword [ebp - 0x120], edx
or ebx, eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
xor ecx, ecx
not eax
not edx
and dword [ebp - 0x120], edx
mov edx, edi
and ebx, eax
and dx, 0x3fff
and edx, ebx
xor eax, eax
movzx edx, dx

loc_fffc519c:  ; not directly referenced
mov edi, edx
sar edi, cl
inc ecx
xor eax, edi
cmp ecx, 0xe
jne short loc_fffc519c  ; jne 0xfffc519c
xor eax, dword [ebp - 0x110]
xor edx, edx
push edi
push esi
and eax, 1
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov esi, edx
mov ecx, eax
or esi, dword [ebp - 0x120]
or ecx, ebx
mov eax, ecx
mov edx, esi

loc_fffc51ca:  ; not directly referenced
add esp, 0x10
jmp short loc_fffc5203  ; jmp 0xfffc5203

loc_fffc51cf:  ; not directly referenced
movzx ecx, byte [ebp - 0x110]
mov ebx, dword [ebp - 0x120]
mov esi, dword [ebp - 0x11c]
or ecx, ebx
mov eax, ecx
mov edx, esi
jmp short loc_fffc5203  ; jmp 0xfffc5203

loc_fffc51ea:  ; not directly referenced
cmp dword [ebp - 0x12c], 1
jne short loc_fffc51ff  ; jne 0xfffc51ff
mov eax, dword [ebp - 0x128]
mov edx, dword [ebp - 0x118]

loc_fffc51ff:  ; not directly referenced
add eax, esi
adc edx, edi

loc_fffc5203:  ; not directly referenced
mov edi, dword [ebp - 0x180]
push ecx
push 6
push edx
and edi, 0xfff00000
mov dword [ebp - 0x110], edi
mov edi, dword [ebp - 0x184]
push eax
and edi, 0x7f
mov dword [ebp - 0x10c], edi
mov edi, dword [ebp - 0x188]
or edi, 0xfffff
mov dword [ebp - 0x120], edi
mov edi, dword [ebp - 0x18c]
and edi, 0x7f
mov dword [ebp - 0x11c], edi
mov edi, 1
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
cmp edx, dword [ebp - 0x10c]
ja short loc_fffc5269  ; ja 0xfffc5269
jb short loc_fffc5267  ; jb 0xfffc5267
cmp eax, dword [ebp - 0x110]
jae short loc_fffc5269  ; jae 0xfffc5269

loc_fffc5267:  ; not directly referenced
xor edi, edi

loc_fffc5269:  ; not directly referenced
mov esi, 1
cmp edx, dword [ebp - 0x11c]
jb short loc_fffc5282  ; jb 0xfffc5282
ja short loc_fffc5280  ; ja 0xfffc5280
cmp eax, dword [ebp - 0x120]
jbe short loc_fffc5282  ; jbe 0xfffc5282

loc_fffc5280:  ; not directly referenced
xor esi, esi

loc_fffc5282:  ; not directly referenced
mov ecx, dword [ebp + 0xc]
and edi, esi
mov ebx, edi
movzx edi, bl
mov dword [ecx], eax
mov dword [ecx + 4], edx
test edi, edi
jne loc_fffc5322  ; jne 0xfffc5322
mov esi, dword [ebp - 0x10c]
cmp dword [ebp - 0x11c], esi
jb short loc_fffc5322  ; jb 0xfffc5322
ja short loc_fffc52b7  ; ja 0xfffc52b7
mov esi, dword [ebp - 0x110]
cmp dword [ebp - 0x120], esi
jbe short loc_fffc5322  ; jbe 0xfffc5322

loc_fffc52b7:  ; not directly referenced
mov esi, dword [ebp - 0x168]
xor ebx, ebx
mov dword [ebp - 0x124], ebx
and esi, 0xfff00000
mov ecx, esi
add ecx, dword [ebp - 0x120]
adc ebx, dword [ebp - 0x11c]
sub ecx, dword [ebp - 0x110]
sbb ebx, dword [ebp - 0x10c]
mov dword [ebp - 0x128], esi
cmp edx, ebx
ja short loc_fffc5322  ; ja 0xfffc5322
jb short loc_fffc52f5  ; jb 0xfffc52f5
cmp eax, ecx
ja short loc_fffc5322  ; ja 0xfffc5322

loc_fffc52f5:  ; not directly referenced
cmp edx, 0
ja short loc_fffc52fe  ; ja 0xfffc52fe
cmp eax, esi
jb short loc_fffc5322  ; jb 0xfffc5322

loc_fffc52fe:  ; not directly referenced
mov ecx, dword [ebp - 0x110]
sub ecx, dword [ebp - 0x128]
mov ebx, dword [ebp - 0x10c]
sbb ebx, dword [ebp - 0x124]
add ecx, eax
mov eax, dword [ebp + 0xc]
adc ebx, edx
mov dword [eax], ecx
mov dword [eax + 4], ebx

loc_fffc5322:  ; not directly referenced
cmp dword [ebp - 0x12c], 1
jne loc_fffc541b  ; jne 0xfffc541b
lea ebx, [ebp - 0xe8]
lea esi, [ebp - 0xc8]

loc_fffc533b:  ; not directly referenced
push eax
mov eax, dword [ebp + 0xc]
mov edx, dword [eax + 4]
mov eax, dword [eax]
push dword [ebx + 4]
push dword [ebx]
mov ecx, edx
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
mov edx, eax
push edi
lea eax, [ebp - 0xc4]
call fcn_fffb726f  ; call 0xfffb726f
add esp, 0x10
test eax, eax
jne loc_fffc4814  ; jne 0xfffc4814
add ebx, 8
cmp ebx, esi
jne short loc_fffc533b  ; jne 0xfffc533b
movzx eax, byte [ebp - 0x151]
xor ebx, ebx
mov dword [ebp - 0x110], eax
movzx eax, word [ebp - 0x130]
mov dword [ebp - 0x120], eax

loc_fffc5393:  ; not directly referenced
mov edi, dword [ebp + ebx*2 - 0xe4]
mov esi, dword [ebp + ebx*2 - 0xe8]
push ecx
push 0x3f
push edi
push esi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffc540f  ; je 0xfffc540f
sub esp, 0xc
mov ecx, dword [ebp - 0x144]
push dword [ebp - 0x114]
push dword [ebp + ebx - 0xf8]
push dword [ebp - 0x174]
push dword [ebp - 0x120]
push dword [ebp - 0x138]
mov edx, dword [ebp - 0x110]
mov eax, dword [ebp - 0x140]
call fcn_fffc455b  ; call 0xfffc455b
add esp, 0x20
test eax, eax
je short loc_fffc540f  ; je 0xfffc540f
mov edx, dword [ebp + 0xc]
mov eax, esi
and eax, 0xffffffc0
mov dword [edx], eax
mov eax, edi
and eax, 0x7f
mov dword [edx + 4], eax
push edx
push 0x3e
push edi
push esi
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
jmp short loc_fffc541b  ; jmp 0xfffc541b

loc_fffc540f:  ; not directly referenced
add ebx, 4
cmp ebx, 0x10
jne loc_fffc5393  ; jne 0xfffc5393

loc_fffc541b:  ; not directly referenced
mov eax, dword [ebp + 0xc]
xor edx, edx
mov ebx, dword [eax]
mov esi, dword [eax + 4]
push eax
movzx eax, word [ebp - 0x12e]
push 3
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
mov edi, dword [ebp + 0xc]
add esp, 0x10
mov dword [edi + 4], esi
and eax, 0x3f
or eax, ebx
mov dword [edi], eax
mov eax, 1

loc_fffc5449:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc5451:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0xc]

loc_fffc545d:  ; not directly referenced
mov eax, dword [0xff7d0178]
mov esi, 0xff7d0004
xor edi, edi
mov dword [ebp - 0x1c], eax

loc_fffc546c:  ; not directly referenced
cmp edi, dword [ebp - 0x1c]
je short loc_fffc548b  ; je 0xfffc548b
push ecx
add esi, 0xc
push ecx
push dword [ebx + 4]
push dword [esi + 0x7c]
call fcn_fffb884e  ; call 0xfffb884e
add esp, 0x10
test al, al
jne short loc_fffc5498  ; jne 0xfffc5498
inc edi
jmp short loc_fffc546c  ; jmp 0xfffc546c

loc_fffc548b:  ; not directly referenced
cmp edi, 0x13
ja short loc_fffc54f2  ; ja 0xfffc54f2
lea eax, [edi + 1]
mov dword [0xff7d0178], eax

loc_fffc5498:  ; not directly referenced
imul edi, edi, 0xc
mov ecx, 3
mov esi, ebx
add edi, 0xff7d0088
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, 0xff7d017c
xor esi, esi

loc_fffc54b1:  ; not directly referenced
cmp esi, dword [0xff7d026c]
jae short loc_fffc54e1  ; jae 0xfffc54e1
push edx
push edx
push dword [ebx + 4]
push dword [edi + 4]
call fcn_fffb884e  ; call 0xfffb884e
add esp, 0x10
test al, al
je short loc_fffc54db  ; je 0xfffc54db
push eax
push dword [ebx + 8]
push edi
push dword [ebp + 8]
call dword [edi + 8]  ; ucall
add esp, 0x10

loc_fffc54db:  ; not directly referenced
inc esi
add edi, 0xc
jmp short loc_fffc54b1  ; jmp 0xfffc54b1

loc_fffc54e1:  ; not directly referenced
mov eax, dword [ebx]
add ebx, 0xc
test eax, eax
jns loc_fffc545d  ; jns 0xfffc545d
xor eax, eax
jmp short loc_fffc54f7  ; jmp 0xfffc54f7

loc_fffc54f2:  ; not directly referenced
mov eax, 0x80000009

loc_fffc54f7:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc54ff:  ; not directly referenced
push ebp
mov ebp, esp
push edi
xor edi, edi
push esi
push ebx
mov ebx, 0xff7d0088
sub esp, 0x1c
mov eax, dword [0xff7d0178]
mov dword [ebp - 0x1c], eax

loc_fffc5517:  ; not directly referenced
cmp edi, dword [ebp - 0x1c]
je short loc_fffc5544  ; je 0xfffc5544
push eax
mov esi, ebx
push eax
add ebx, 0xc
push dword [ebx - 8]
push dword [ebp + 0xc]
call fcn_fffb884e  ; call 0xfffb884e
add esp, 0x10
test al, al
je short loc_fffc5541  ; je 0xfffc5541
mov eax, dword [ebp + 0x18]
mov edx, dword [esi + 8]
mov dword [eax], edx
xor eax, eax
jmp short loc_fffc5549  ; jmp 0xfffc5549

loc_fffc5541:  ; not directly referenced
inc edi
jmp short loc_fffc5517  ; jmp 0xfffc5517

loc_fffc5544:  ; not directly referenced
mov eax, 0x8000000e

loc_fffc5549:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc5551:
push ebp
mov ebp, esp
push ebx
push edx
mov ebx, dword [ebp + 0xc]

loc_fffc5559:
mov ax, word [ebx]
cmp ax, 0xffff
je short loc_fffc5570  ; je 0xfffc5570
cmp ax, 4
je short loc_fffc5574  ; je 0xfffc5574

loc_fffc5568:
movzx eax, word [ebx + 2]
add ebx, eax
jmp short loc_fffc5559  ; jmp 0xfffc5559

loc_fffc5570:
xor eax, eax
jmp short loc_fffc558b  ; jmp 0xfffc558b

loc_fffc5574:
push eax
push eax
lea eax, [ebx + 8]
push eax
push dword [ebp + 8]
call fcn_fffb884e  ; call 0xfffb884e
add esp, 0x10
test al, al
je short loc_fffc5568  ; je 0xfffc5568
mov eax, ebx

loc_fffc558b:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffc5590:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2c
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x2c], eax
lea eax, [ebp - 0x20]
push eax
push 0
push 0
push ref_fffd60dc  ; push 0xfffd60dc
call fcn_fffab40f  ; call 0xfffab40f
lea eax, [ebp - 0x24]
push eax
push 0
push 0
push ref_fffd604c  ; push 0xfffd604c
call fcn_fffab40f  ; call 0xfffab40f
mov eax, dword [0xff7d0084]
add esp, 0x14
mov eax, dword [eax + 0x14]
lea ebx, [eax + 0xb0040]
push ebx
mov dword [ebp - 0x30], eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
mov edx, eax
shr edx, 0x10
and edx, 0xf
cmp dl, 2
je loc_fffc57da  ; je 0xfffc57da
movzx edx, ah
xor eax, eax
and dl, 0xf0
jne loc_fffc57dc  ; jne 0xfffc57dc
call fcn_fffb481e  ; call 0xfffb481e
cmp eax, 2
je loc_fffc5699  ; je 0xfffc5699

loc_fffc560d:  ; not directly referenced
mov eax, dword [0xff7d0084]
sub esp, 0xc
mov edi, dword [eax + 0x14]
lea eax, [edi + 0x70]
add edi, 0x74
push eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
mov dword [esp], edi
mov esi, eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
shr esi, 4
mov ecx, dword [ebp - 0x2c]
mov edi, dword [ebp - 0x30]
shl eax, 0x1c
add eax, esi
shr eax, 0x10
mov esi, eax
or eax, 0x10800000
or esi, 0x10000000
test cl, cl
cmovs esi, eax
mov eax, ecx
and eax, 0x7f
add edi, 0xb004c
shl eax, 0x18
mov dword [esp], edi
or esi, eax
call fcn_fffb3d4e  ; call 0xfffb3d4e
pop eax
pop edx
push esi
mov esi, 0x1389
push edi
call fcn_fffb3d84  ; call 0xfffb3d84
mov eax, dword [ebp - 0x24]
add esp, 0xc
push 0x44c
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov dword [esp], ebx
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10
jmp near loc_fffc57ba  ; jmp 0xfffc57ba

loc_fffc5699:  ; not directly referenced
mov eax, dword [0xfed70044]
test al, 1
je loc_fffc560d  ; je 0xfffc560d
mov eax, dword [ebp - 0x20]
cmp byte [eax + 1], 0
jne loc_fffc560d  ; jne 0xfffc560d
cmp byte [ebp - 0x2c], 1
je loc_fffc560d  ; je 0xfffc560d
lea eax, [ebp - 0x1c]
mov esi, ref_fffd668c  ; mov esi, 0xfffd668c
push ecx
push eax
push 0x20
push 4
call fcn_fffab5ba  ; call 0xfffab5ba
mov eax, dword [ebp - 0x1c]
mov ecx, 4
lea edi, [eax + 8]
add eax, 0x18
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
pop esi
pop edi
push 8
push eax
call fcn_fffac673  ; call 0xfffac673
call fcn_fffab5f3  ; call 0xfffab5f3
pop edx
pop ecx
push eax
push ref_fffd668c  ; push 0xfffd668c
call fcn_fffc5551  ; call 0xfffc5551
add esp, 0x10
mov edx, eax
test eax, eax
je loc_fffc560d  ; je 0xfffc560d
mov eax, dword [ebp + 0x14]
mov esi, 0x166
mov dword [edx + 0x1c], 0
mov dword [edx + 0x18], eax

loc_fffc571b:  ; not directly referenced
mov eax, dword [0xfed70044]
test al, 2
je short loc_fffc5756  ; je 0xfffc5756
mov esi, dword [edx + 0x18]
xor edi, edi
mov dword [0xfed70080], esi
mov dword [0xfed70084], edi
mov dword [0xfed7000c], 3
cmp dword [ebp + 0x18], 0x20
jne short loc_fffc574f  ; jne 0xfffc574f
mov dword [0xfed70040], 0

loc_fffc574f:  ; not directly referenced
mov esi, 0x48
jmp short loc_fffc578e  ; jmp 0xfffc578e

loc_fffc5756:  ; not directly referenced
mov eax, dword [ebp - 0x24]
mov dword [ebp - 0x34], edx
push edx
push 0x8c
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov edx, dword [ebp - 0x34]
add esp, 0x10
dec esi
jne short loc_fffc571b  ; jne 0xfffc571b
jmp short loc_fffc574f  ; jmp 0xfffc574f

loc_fffc5774:  ; not directly referenced
mov eax, dword [ebp - 0x24]
push edi
push 0x8c
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
add esp, 0x10
dec esi
je loc_fffc560d  ; je 0xfffc560d

loc_fffc578e:  ; not directly referenced
mov eax, dword [0xfed7000c]
test eax, eax
jne short loc_fffc5774  ; jne 0xfffc5774
jmp near loc_fffc560d  ; jmp 0xfffc560d

loc_fffc579c:  ; not directly referenced
dec esi
je short loc_fffc57c4  ; je 0xfffc57c4
mov eax, dword [ebp - 0x24]
push ecx
push 0x3e8
push eax
push dword [ebp + 8]
call dword [eax + 4]  ; ucall
mov dword [esp], ebx
call fcn_fffb3d4e  ; call 0xfffb3d4e
add esp, 0x10

loc_fffc57ba:  ; not directly referenced
mov edx, eax
shr edx, 0x18
and dl, 0xf0
je short loc_fffc579c  ; je 0xfffc579c

loc_fffc57c4:  ; not directly referenced
shr eax, 0x19
push edx
and eax, 7
push edx
push eax
push dword [ebp + 8]
call fcn_fffb8736  ; call 0xfffb8736
add esp, 0x10
jmp short loc_fffc57dc  ; jmp 0xfffc57dc

loc_fffc57da:  ; not directly referenced
xor eax, eax

loc_fffc57dc:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc57e4:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov edi, dword [ebp + 8]
mov dword [ebp - 0x40], 0
mov eax, dword [edi + 0x5edc]
mov esi, dword [edi + 0x18a7]
mov dword [ebp - 0x44], eax
mov eax, dword [edi + 0x188b]
mov dword [ebp - 0x34], eax
mov al, byte [edi + 0x36c9]
inc eax
cmp byte [edi + 0x1965], 1
mov byte [edi + 0x36c9], al
jne short loc_fffc5831  ; jne 0xfffc5831
xor ebx, ebx
cmp dword [ebp - 0x34], 1
sete bl
mov dword [ebp - 0x40], ebx

loc_fffc5831:  ; not directly referenced
cmp dword [edi + 0x2480], 3
sete bl
dec al
movzx ecx, bl
mov dword [ebp - 0x48], ecx
mov ecx, 0xa
jne short loc_fffc58c2  ; jne 0xfffc58c2
cmp dword [ebp - 0x34], 1
jne short loc_fffc58ac  ; jne 0xfffc58ac
cmp dword [edi + 0x3756], 2
jne short loc_fffc587e  ; jne 0xfffc587e
cmp byte [edi + 0x190c], 0
jne short loc_fffc587e  ; jne 0xfffc587e
mov eax, dword [ebp - 0x44]
mov edx, 0x4004
and byte [eax + 0xbf], 0xdf
mov ecx, dword [eax + 0xbc]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc587e:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
jne short loc_fffc58ac  ; jne 0xfffc58ac
cmp byte [edi + 0x190c], 0
jne short loc_fffc58ac  ; jne 0xfffc58ac
mov eax, dword [ebp - 0x44]
mov edx, 0x4404
and byte [eax + 0x18b], 0xdf
mov ecx, dword [eax + 0x188]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc58ac:  ; not directly referenced
cmp dword [ebp - 0x34], 0
sete dl
xor eax, eax
or dl, bl
jne loc_fffc6049  ; jne 0xfffc6049
mov ecx, 6

loc_fffc58c2:  ; not directly referenced
mov al, byte [edi + 0x248d]
sub esp, 0xc
mov byte [ebp - 0x35], al
movzx eax, byte [edi + 0x248e]
push 1
mov dword [ebp - 0x3c], eax
mov edx, eax
mov eax, edi
call fcn_fffb2759  ; call 0xfffb2759
add esp, 0x10
cmp dword [ebp - 0x48], 0
jne loc_fffc5bb3  ; jne 0xfffc5bb3
cmp dword [edi + 0x3756], 2
je short loc_fffc590b  ; je 0xfffc590b
cmp dword [edi + 0x4b19], 2
mov al, 0x40
jne short loc_fffc5928  ; jne 0xfffc5928
mov eax, 1
jmp short loc_fffc590d  ; jmp 0xfffc590d

loc_fffc590b:  ; not directly referenced
xor eax, eax

loc_fffc590d:  ; not directly referenced
imul eax, eax, 0x13c3
mov dl, 0x55
imul esi, esi, 0x2e
add esi, eax
mov al, 0x40
cmp word [edi + esi + 0x375e], 2
cmove eax, edx

loc_fffc5928:  ; not directly referenced
mov byte [ebp - 0x21], al
lea esi, [edi + 0x381a]
xor ebx, ebx
mov byte [ebp - 0x22], al
mov byte [ebp - 0x1f], 0x40
mov byte [ebp - 0x20], 0x40

loc_fffc593e:  ; not directly referenced
cmp dword [esi - 0xc4], 2
jne short loc_fffc59b4  ; jne 0xfffc59b4
push ecx
push 1
movzx eax, byte [esi + 0x17d]
neg eax
push eax
push 1
movzx eax, byte [esi]
push eax
push 0
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
movzx eax, byte [ebp + ebx - 0x22]
add esp, 0x1c
push 1
push eax
push 1
movzx eax, byte [esi]
push eax
push 2
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
movzx eax, byte [ebp + ebx - 0x22]
add esp, 0x1c
push 1
push eax
push 1
movzx eax, byte [esi]
push eax
push 1
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
movzx eax, byte [ebp + ebx - 0x20]
add esp, 0x1c
push 1
push eax
push 1
movzx eax, byte [esi]
push eax
push 4
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffc59b4:  ; not directly referenced
inc ebx
add esi, 0x13c3
cmp ebx, 2
jne loc_fffc593e  ; jne 0xfffc593e
movzx ebx, byte [ebp - 0x35]
mov eax, edi
push edx
push edx
xor edx, edx
push 0
push 1
mov ecx, ebx
call fcn_fffcf9c9  ; call 0xfffcf9c9
mov cl, byte [ebp - 0x40]
add esp, 0x10
and ecx, 1
mov byte [ebp - 0x2c], cl
test eax, eax
setne dl
test cl, dl
jne loc_fffc6049  ; jne 0xfffc6049
cmp byte [edi + 0x36c9], 2
je short loc_fffc5a0d  ; je 0xfffc5a0d

loc_fffc59fb:  ; not directly referenced
cmp byte [edi + 0x36c9], 2
jne loc_fffc5ac2  ; jne 0xfffc5ac2
jmp near loc_fffc5aa1  ; jmp 0xfffc5aa1

loc_fffc5a0d:  ; not directly referenced
push eax
mov edx, 2
push eax
mov ecx, ebx
lea esi, [ebp - 0x22]
mov eax, edi
push esi
push 1
call fcn_fffcf9c9  ; call 0xfffcf9c9
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x2c], dl
jne loc_fffc6049  ; jne 0xfffc6049
push eax
mov edx, 1
push eax
mov ecx, ebx
push esi
mov eax, edi
push 1
call fcn_fffcf9c9  ; call 0xfffcf9c9
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x2c], dl
jne loc_fffc6049  ; jne 0xfffc6049
xor ebx, ebx
lea esi, [ebp - 0x20]

loc_fffc5a5d:  ; not directly referenced
mov cl, bl
mov eax, 1
shl eax, cl
mov cl, 0xc
cmp bl, 2
cmovne ecx, eax
and cl, byte [ebp - 0x35]
jne short loc_fffc5a7b  ; jne 0xfffc5a7b

loc_fffc5a73:  ; not directly referenced
inc ebx
cmp ebx, 3
jne short loc_fffc5a5d  ; jne 0xfffc5a5d
jmp short loc_fffc59fb  ; jmp 0xfffc59fb

loc_fffc5a7b:  ; not directly referenced
push eax
mov edx, 4
push eax
movzx ecx, cl
push esi
mov eax, edi
push 1
call fcn_fffcf9c9  ; call 0xfffcf9c9
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x2c], dl
je short loc_fffc5a73  ; je 0xfffc5a73
jmp near loc_fffc6049  ; jmp 0xfffc6049

loc_fffc5aa1:  ; not directly referenced
lea ebx, [edi + 0x3756]
mov dword [ebp - 0x2c], 0

loc_fffc5aae:  ; not directly referenced
cmp dword [ebx], 2
je short loc_fffc5ae2  ; je 0xfffc5ae2

loc_fffc5ab3:  ; not directly referenced
inc dword [ebp - 0x2c]
add ebx, 0x13c3
cmp dword [ebp - 0x2c], 2
jne short loc_fffc5aae  ; jne 0xfffc5aae

loc_fffc5ac2:  ; not directly referenced
cmp dword [edi + 0x3756], 2
jne loc_fffc5b8b  ; jne 0xfffc5b8b
xor ecx, ecx
mov edx, 0x4198
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
jmp near loc_fffc5b8b  ; jmp 0xfffc5b8b

loc_fffc5ae2:  ; not directly referenced
mov eax, dword [ebx + 0x109]
cmp dword [ebx + 0x111], eax
cmovbe eax, dword [ebx + 0x111]
cmp dword [ebp - 0x48], 0
je short loc_fffc5b20  ; je 0xfffc5b20
mov esi, dword [ebx + 0x115]
cmp dword [ebx + 0x11d], esi
cmovbe esi, dword [ebx + 0x11d]
cmp esi, eax
cmova esi, eax

loc_fffc5b13:  ; not directly referenced
mov al, byte [ebx + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x30], al
jmp short loc_fffc5b2d  ; jmp 0xfffc5b2d

loc_fffc5b20:  ; not directly referenced
mov esi, dword [ebx + 0x119]
cmp eax, esi
cmovbe esi, eax
jmp short loc_fffc5b13  ; jmp 0xfffc5b13

loc_fffc5b2d:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x30], dl
je short loc_fffc5b53  ; je 0xfffc5b53
movzx eax, byte [ebx + ecx + 0x249]
movzx edx, byte [ebx + ecx + 0x245]
cmp eax, edx
cmovbe edx, eax
cmp esi, edx
cmova esi, edx

loc_fffc5b53:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc5b2d  ; jne 0xfffc5b2d
push 1
mov edx, dword [ebp - 0x2c]
mov eax, esi
push 1
neg eax
push eax
mov cl, 0xff
push 1
mov eax, edi
call fcn_fffb0cb4  ; call 0xfffb0cb4
mov edx, dword [ebp - 0x44]
mov ecx, esi
imul eax, dword [ebp - 0x2c], 0xcc
add esp, 0x10
mov byte [edx + eax + 0xe2], cl
jmp near loc_fffc5ab3  ; jmp 0xfffc5ab3

loc_fffc5b8b:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
jne short loc_fffc5ba2  ; jne 0xfffc5ba2
xor ecx, ecx
mov edx, 0x4598
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc5ba2:  ; not directly referenced
sub esp, 0xc
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
jmp near loc_fffc6049  ; jmp 0xfffc6049

loc_fffc5bb3:  ; not directly referenced
mov eax, dword [edi + 0x385f]
mov edx, 3
xor ebx, ebx
mov ecx, dword [ebp - 0x3c]
mov byte [ebp - 0x1e], al
mov eax, dword [edi + 0x3867]
mov byte [ebp - 0x1a], al
mov eax, dword [edi + 0x4c22]
mov byte [ebp - 0x1d], al
mov eax, dword [edi + 0x4c2a]
mov byte [ebp - 0x19], al
movzx eax, byte [ebp - 0x35]
mov esi, eax
mov dword [ebp - 0x30], eax
push eax
push 1
push 1
push 0x14
push 1
lea eax, [ebp - 0x1e]
push eax
mov eax, edi
push 1
push esi
call fcn_fffcfd43  ; call 0xfffcfd43
add esp, 0x20
mov dword [ebp - 0x2c], 0

loc_fffc5c0b:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffc5c89  ; jne 0xfffc5c89
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3210]
div esi
xor edx, edx
mov dword [ebp - 0x50], eax
mov eax, dword [edi + ecx + 0x3214]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x50]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x4c], eax
movsx eax, byte [ebp - 0x4c]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x4c]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
mov dword [ebp - 0x2c], edx
push edx
push 1
add al, byte [ebp + ebx - 0x1e]
mov byte [ebp + ebx - 0x1e], al
movzx eax, al
push eax
push 1
push dword [ebp - 0x30]
push 3
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffc5c89:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc5c0b  ; jne 0xfffc5c0b
mov al, byte [ebp - 0x40]
and eax, 1
mov bl, al
mov byte [ebp - 0x40], al
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test bl, dl
jne loc_fffc6049  ; jne 0xfffc6049
push eax
mov ecx, dword [ebp - 0x3c]
mov edx, 2
push 1
xor ebx, ebx
push 1
push 0x14
push 1
lea eax, [ebp - 0x1a]
push eax
mov eax, edi
push 1
push dword [ebp - 0x30]
call fcn_fffcfd43  ; call 0xfffcfd43
add esp, 0x20

loc_fffc5cd4:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffc5d52  ; jne 0xfffc5d52
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3210]
div esi
xor edx, edx
mov dword [ebp - 0x50], eax
mov eax, dword [edi + ecx + 0x3214]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x50]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x4c], eax
movsx eax, byte [ebp - 0x4c]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x4c]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
push esi
push 1
mov dword [ebp - 0x2c], edx
add al, byte [ebp + ebx - 0x1a]
mov byte [ebp + ebx - 0x1a], al
movzx eax, al
push eax
push 1
push dword [ebp - 0x30]
push 2
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffc5d52:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc5cd4  ; jne 0xfffc5cd4
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test byte [ebp - 0x40], dl
jne loc_fffc6049  ; jne 0xfffc6049
mov eax, dword [edi + 0x386b]
mov edx, 2
xor bl, bl
mov byte [ebp - 0x1a], al
mov eax, dword [edi + 0x3873]
mov byte [ebp - 0x1c], al
mov eax, dword [edi + 0x4c2e]
mov byte [ebp - 0x19], al
mov eax, dword [edi + 0x4c36]
push ecx
mov ecx, dword [ebp - 0x3c]
push 1
push 1
push 0x14
push 1
mov byte [ebp - 0x1b], al
lea eax, [ebp - 0x1a]
push eax
mov eax, edi
push 2
push dword [ebp - 0x30]
call fcn_fffcfd43  ; call 0xfffcfd43
add esp, 0x20

loc_fffc5db7:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffc5e35  ; jne 0xfffc5e35
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3210]
div esi
xor edx, edx
mov dword [ebp - 0x50], eax
mov eax, dword [edi + ecx + 0x3214]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x50]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x4c], eax
movsx eax, byte [ebp - 0x4c]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x4c]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
mov dword [ebp - 0x2c], edx
push edx
push 1
add al, byte [ebp + ebx - 0x1a]
mov byte [ebp + ebx - 0x1a], al
movzx eax, al
push eax
push 2
push dword [ebp - 0x30]
push 2
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffc5e35:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc5db7  ; jne 0xfffc5db7
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test byte [ebp - 0x40], dl
jne loc_fffc6049  ; jne 0xfffc6049
push eax
mov ecx, dword [ebp - 0x3c]
mov edx, 1
push 1
xor bl, bl
push 1
push 0x14
push 1
lea eax, [ebp - 0x1c]
push eax
mov eax, edi
push 2
push dword [ebp - 0x30]
call fcn_fffcfd43  ; call 0xfffcfd43
add esp, 0x20

loc_fffc5e76:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne short loc_fffc5ef4  ; jne 0xfffc5ef4
imul ecx, ebx, 0x48
mov esi, 0xa
xor edx, edx
mov eax, dword [edi + ecx + 0x3210]
div esi
xor edx, edx
mov dword [ebp - 0x4c], eax
mov eax, dword [edi + ecx + 0x3214]
mov ecx, 2
div esi
mov esi, dword [ebp - 0x4c]
mov edx, esi
movsx edx, dl
mov dword [ebp - 0x3c], eax
movsx eax, byte [ebp - 0x3c]
sub eax, edx
cdq
idiv ecx
mov cl, byte [ebp - 0x3c]
mov edx, 0xc
add ecx, esi
cmp cl, 0x11
cmova edx, dword [ebp - 0x2c]
push esi
push 1
mov dword [ebp - 0x2c], edx
add al, byte [ebp + ebx - 0x1c]
mov byte [ebp + ebx - 0x1c], al
movzx eax, al
push eax
push 2
push dword [ebp - 0x30]
push 1
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffc5ef4:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffc5e76  ; jne 0xfffc5e76
mov eax, dword [ebp - 0x2c]
test eax, eax
setne dl
test byte [ebp - 0x40], dl
jne loc_fffc6049  ; jne 0xfffc6049
lea eax, [edi + 0x3756]
mov bx, 0x4908
mov dword [ebp - 0x2c], eax

loc_fffc5f1c:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
cmp dword [eax], 2
jne loc_fffc5fc5  ; jne 0xfffc5fc5
xor ecx, ecx
mov edx, ebx
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
xor eax, eax
mov edx, 0x80080020
mov ecx, eax
or ecx, 0x80000
and ecx, 0xfffff807
or ecx, 8
mov eax, ecx
push ecx
push ecx
push edx
lea esi, [ebx + ebx - 0x4900]
push eax
mov edx, esi
mov eax, edi
call fcn_fffae7cf  ; call 0xfffae7cf
mov edx, ebx
mov ecx, 0x2c08
shl edx, 8
mov eax, edi
sub edx, 0x48c668
call fcn_fffae58c  ; call 0xfffae58c
lea edx, [ebx + 0x50]
mov ecx, 0xff
mov eax, edi
call fcn_fffae566  ; call 0xfffae566
add esp, 0x10
cmp dword [ebp - 0x34], 1
jne short loc_fffc5f9f  ; jne 0xfffc5f9f
lea edx, [ebx + 0x51]
mov ecx, 0xff
mov eax, edi
call fcn_fffae566  ; call 0xfffae566

loc_fffc5f9f:  ; not directly referenced
push ecx
mov eax, edi
push ecx
push 0
push 0
lea edx, [esi - 0x38]
call fcn_fffae7cf  ; call 0xfffae7cf
pop eax
mov eax, edi
pop edx
lea edx, [esi - 0x28]
push 0
push 0x3f8
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10

loc_fffc5fc5:  ; not directly referenced
add ebx, 4
add dword [ebp - 0x2c], 0x13c3
cmp ebx, 0x4910
jne loc_fffc5f1c  ; jne 0xfffc5f1c
xor bx, bx
lea esi, [ebp - 0x20]

loc_fffc5fe1:  ; not directly referenced
mov eax, 1
mov cl, bl
shl eax, cl
test byte [ebp - 0x35], al
jne short loc_fffc5ffa  ; jne 0xfffc5ffa

loc_fffc5fef:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffc5fe1  ; jne 0xfffc5fe1
jmp near loc_fffc59fb  ; jmp 0xfffc59fb

loc_fffc5ffa:  ; not directly referenced
test byte [edi + 0x381a], al
jne short loc_fffc6008  ; jne 0xfffc6008
mov byte [ebp - 0x20], 0
jmp short loc_fffc6012  ; jmp 0xfffc6012

loc_fffc6008:  ; not directly referenced
mov dl, byte [edi + ebx + 0x399b]
mov byte [ebp - 0x20], dl

loc_fffc6012:  ; not directly referenced
test byte [edi + 0x4bdd], al
je short loc_fffc6026  ; je 0xfffc6026
mov dl, byte [edi + ebx + 0x4d5e]
mov byte [ebp - 0x1f], dl
jmp short loc_fffc602a  ; jmp 0xfffc602a

loc_fffc6026:  ; not directly referenced
mov byte [ebp - 0x1f], 0

loc_fffc602a:  ; not directly referenced
push edx
mov ecx, eax
push edx
mov edx, 4
push esi
push eax
mov eax, edi
call fcn_fffcf9c9  ; call 0xfffcf9c9
add esp, 0x10
test eax, eax
setne dl
test byte [ebp - 0x40], dl
je short loc_fffc5fef  ; je 0xfffc5fef

loc_fffc6049:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc6051:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0xdc
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x4c], ecx
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x70], cl
mov cl, byte [ebp + 0x10]
mov dword [ebp - 0x50], edx
xor edx, edx
mov dword [ebp - 0x5c], eax
mov byte [ebp - 0xc8], bl
mov byte [ebp - 0xb1], cl
mov cl, byte [ebp + 0x14]
mov byte [ebp - 0x6d], al
mov byte [ebp - 0x6f], cl
mov ecx, dword [edi + 0x2443]
mov dword [ebp - 0xb8], ecx
cmp al, 0x21
ja short loc_fffc60a5  ; ja 0xfffc60a5
movzx eax, byte [ebp - 0x5c]
mov dl, byte [eax + ref_fffd5f1c]  ; mov dl, byte [eax - 0x2a0e4]

loc_fffc60a5:  ; not directly referenced
mov eax, dword [edi + 0x188b]
cmp byte [edi + 0x248b], 1
mov esi, dword [edi + 0x2480]
mov dword [ebp - 0x88], eax
jne short loc_fffc60da  ; jne 0xfffc60da
mov al, byte [edi + 0x248c]
lea ecx, [eax + 4]
mov byte [ebp - 0x24], al
mov byte [ebp - 0x23], al
add eax, 2
mov byte [ebp - 0x22], cl
mov byte [ebp - 0x21], al
jmp short loc_fffc60ea  ; jmp 0xfffc60ea

loc_fffc60da:  ; not directly referenced
mov byte [ebp - 0x24], 1
mov byte [ebp - 0x23], 1
mov byte [ebp - 0x22], 1
mov byte [ebp - 0x21], 1

loc_fffc60ea:  ; not directly referenced
mov eax, dword [ebp - 0x5c]
mov dword [ebp - 0x9c], 1
cmp al, 0x21
sete cl
cmp al, 0x11
sete al
or cl, al
jne short loc_fffc6114  ; jne 0xfffc6114
xor eax, eax
cmp byte [ebp - 0x5c], 5
sete al
mov dword [ebp - 0x9c], eax

loc_fffc6114:  ; not directly referenced
cmp byte [ebp - 0x5c], 0xd
mov dword [ebp - 0x74], 0
jne short loc_fffc613b  ; jne 0xfffc613b
movzx eax, byte [ebp - 0x4c]
mov dword [ebp - 0x54], edx
call fcn_fffaeba2  ; call 0xfffaeba2
mov edx, dword [ebp - 0x54]
cmp al, 1
seta al
movzx eax, al
mov dword [ebp - 0x74], eax

loc_fffc613b:  ; not directly referenced
mov eax, 2
cmp bl, 3
ja loc_fffc6e98  ; ja 0xfffc6e98
mov al, byte [ebp - 0x5c]
movzx edx, dl
mov dword [ebp - 0x68], 1
mov dword [ebp - 0x7c], 0
mov byte [ebp - 0x6e], 0
shr al, 4
inc eax
mov byte [ebp - 0xa1], al
xor eax, eax
cmp esi, 3
sete al
cmp esi, 2
mov dword [ebp - 0x8c], eax
movzx eax, bl
sete byte [ebp - 0xa2]
mov cl, al
imul edx, edx, 0x240
mov dword [ebp - 0x64], eax
imul eax, eax, 0x90
add edx, dword [ebp - 0x50]
shl dword [ebp - 0x68], cl
shr bl, 1
mov esi, eax
movzx ebx, bl
mov dword [ebp - 0xdc], eax
movzx eax, byte [ebp - 0x4c]
mov dword [ebp - 0x54], edx
add edx, esi
mov dword [ebp - 0xac], ebx
mov dword [ebp - 0x94], edx
mov dword [ebp - 0x6c], eax
sar eax, 1
mov dword [ebp - 0xa0], eax
mov eax, dword [ebp - 0xc8]
and dword [ebp - 0xa0], 1
mov dword [ebp - 0x4c], 0
and eax, 1
mov dword [ebp - 0x84], 0
mov byte [ebp - 0x58], 0
mov dword [ebp - 0xe0], eax

loc_fffc61f5:  ; not directly referenced
mov esi, dword [ebp - 0xb8]
mov ebx, dword [ebp - 0x4c]
push eax
push 0
push 4
lea eax, [ebp - 0x28]
push eax
mov eax, esi
mov byte [ebp - 0x80], bl
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x40]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
mov cl, byte [ebp - 0x6f]
add esp, 0x10
lea esi, [edi + 0x3756]
mov dword [ebp - 0xa8], esi
mov dword [ebp - 0x50], esi
mov al, cl
neg eax
test bl, bl
cmovne eax, ecx
xor ebx, ebx
mov byte [ebp - 0xb0], al
mov eax, dword [ebp - 0x7c]
add eax, dword [ebp - 0xdc]
add eax, dword [ebp - 0x54]
mov dword [ebp - 0x90], eax
mov dword [ebp - 0x60], eax
movzx eax, byte [ebp - 0x58]
imul eax, eax, 0x12
mov dword [ebp - 0xcc], eax

loc_fffc6267:  ; not directly referenced
mov al, byte [ebp - 0x6f]
mov byte [ebp + ebx - 0x3e], 0x7f
mov dword [ebp + ebx*4 - 0x20], 0
mov byte [ebp + ebx - 0x3a], 0
mov byte [ebp + ebx - 0x42], al
mov eax, dword [ebp - 0x6c]
mov byte [ebp + ebx - 0x3c], 0
bt eax, ebx
jb short loc_fffc629e  ; jb 0xfffc629e
mov word [ebp + ebx*2 - 0x28], 1
mov byte [ebp + ebx - 0x40], 1
jmp near loc_fffc64cc  ; jmp 0xfffc64cc

loc_fffc629e:  ; not directly referenced
cmp byte [ebp - 0x6d], 1
jne short loc_fffc62dd  ; jne 0xfffc62dd
mov al, byte [edi + 0x2488]
xor esi, esi
mov byte [ebp - 0x78], al

loc_fffc62af:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0x78], al
jbe loc_fffc646d  ; jbe 0xfffc646d
push eax
movzx eax, byte [ebp + ebx - 0x42]
mov ecx, 0xff
mov edx, ebx
push eax
mov eax, edi
push dword [ebp - 0x4c]
push esi
inc esi
call fcn_fffaec68  ; call 0xfffaec68
add esp, 0x10
mov byte [ebp + ebx - 0x42], al
jmp short loc_fffc62af  ; jmp 0xfffc62af

loc_fffc62dd:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xd
je short loc_fffc62f9  ; je 0xfffc62f9
cmp dword [ebp - 0x88], 1
sete al
test byte [ebp - 0x9c], al
je loc_fffc637d  ; je 0xfffc637d

loc_fffc62f9:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xd
mov edx, dword [edi + 0x5edc]
jne short loc_fffc630d  ; jne 0xfffc630d
mov al, byte [edx + 0x14]
and eax, 0x7f
jmp short loc_fffc6334  ; jmp 0xfffc6334

loc_fffc630d:  ; not directly referenced
test bl, bl
jne short loc_fffc6323  ; jne 0xfffc6323
mov al, byte [edx + 0x15]
movzx edx, byte [edx + 0x16]
shr al, 6
and edx, 0x1f
shl edx, 2
jmp short loc_fffc6332  ; jmp 0xfffc6332

loc_fffc6323:  ; not directly referenced
mov al, byte [edx + 0x14]
movzx edx, byte [edx + 0x15]
shr al, 7
and edx, 0x3f
add edx, edx

loc_fffc6332:  ; not directly referenced
or eax, edx

loc_fffc6334:  ; not directly referenced
mov esi, dword [ebp - 0xb0]
mov dl, al
or edx, 0xffffff80
test al, 0xc0
cmovne eax, edx
lea ecx, [eax + esi]
mov esi, dword [ebp - 0x80]
cmp cl, 0xca
mov byte [ebp - 0x78], cl
setl cl
xor esi, 1
mov edx, esi
test dl, cl
je short loc_fffc6361  ; je 0xfffc6361
lea edx, [eax + 0x36]
jmp short loc_fffc6374  ; jmp 0xfffc6374

loc_fffc6361:  ; not directly referenced
cmp byte [ebp - 0x78], 0x36
mov dl, byte [ebp - 0x6f]
setg cl
test byte [ebp - 0x4c], cl
je short loc_fffc6374  ; je 0xfffc6374
mov dl, 0x36
sub edx, eax

loc_fffc6374:  ; not directly referenced
mov byte [ebp + ebx - 0x42], dl
jmp near loc_fffc646d  ; jmp 0xfffc646d

loc_fffc637d:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xc
jne loc_fffc646d  ; jne 0xfffc646d
cmp dword [ebp - 0x8c], 1
mov ecx, dword [ebp - 0x50]
sbb eax, eax
mov dword [ebp - 0x78], eax
mov esi, dword [ecx + 0x11d]
mov eax, dword [ecx + 0x111]
mov cl, byte [ecx + 0xc4]
add byte [ebp - 0x78], 4
cmp byte [ebp - 0x80], 0
mov byte [ebp - 0x98], cl
jne short loc_fffc6409  ; jne 0xfffc6409
cmp eax, esi
cmovae eax, esi
xor ecx, ecx
mov esi, 1

loc_fffc63c4:  ; not directly referenced
mov edx, esi
shl edx, cl
test byte [ebp - 0x98], dl
je short loc_fffc63df  ; je 0xfffc63df
mov edx, dword [ebp - 0x50]
mov dl, byte [edx + ecx + 0x245]
cmp al, dl
cmova eax, edx

loc_fffc63df:  ; not directly referenced
inc ecx
cmp byte [ebp - 0x78], cl
ja short loc_fffc63c4  ; ja 0xfffc63c4
cmp dword [ebp - 0x8c], 0
je short loc_fffc645e  ; je 0xfffc645e
mov esi, dword [ebp - 0x50]
mov edx, dword [esi + 0x109]
cmp al, dl
cmovae eax, edx
mov edx, dword [esi + 0x115]
cmp al, dl
cmovae eax, edx
jmp short loc_fffc645e  ; jmp 0xfffc645e

loc_fffc6409:  ; not directly referenced
cmp eax, esi
mov dl, al
cmovbe edx, esi
xor ecx, ecx
mov esi, 1

loc_fffc6417:  ; not directly referenced
mov eax, esi
shl eax, cl
test byte [ebp - 0x98], al
je short loc_fffc6432  ; je 0xfffc6432
mov eax, dword [ebp - 0x50]
mov al, byte [eax + ecx + 0x245]
cmp dl, al
cmovb edx, eax

loc_fffc6432:  ; not directly referenced
inc ecx
cmp byte [ebp - 0x78], cl
ja short loc_fffc6417  ; ja 0xfffc6417
cmp dword [ebp - 0x8c], 0
je short loc_fffc645a  ; je 0xfffc645a
mov esi, dword [ebp - 0x50]
mov eax, dword [esi + 0x109]
cmp dl, al
cmovbe edx, eax
mov eax, dword [esi + 0x115]
cmp dl, al
cmovbe edx, eax

loc_fffc645a:  ; not directly referenced
mov al, 0x7f
sub eax, edx

loc_fffc645e:  ; not directly referenced
movzx esi, byte [ebp - 0x6f]
mov ecx, esi
cmp al, cl
cmova eax, esi
mov byte [ebp + ebx - 0x42], al

loc_fffc646d:  ; not directly referenced
mov esi, dword [ebp - 0x60]
mov ecx, 0xa
xor edx, edx
mov eax, dword [esi]
div ecx
mov dword [esi], eax
movzx edx, byte [ebp + ebx - 0x42]
cmp eax, edx
jbe short loc_fffc6488  ; jbe 0xfffc6488
mov dword [esi], edx

loc_fffc6488:  ; not directly referenced
cmp dword [ebp - 0x74], 0
je short loc_fffc64ab  ; je 0xfffc64ab
mov eax, dword [ebp - 0x60]
mov esi, dword [ebp - 0x54]
mov edx, dword [eax]
imul eax, dword [ebp - 0x64], 0x24
add eax, dword [ebp - 0xcc]
add eax, dword [ebp - 0x4c]
cmp dword [esi + eax*4], edx
jbe short loc_fffc64ab  ; jbe 0xfffc64ab
mov dword [esi + eax*4], edx

loc_fffc64ab:  ; not directly referenced
mov eax, dword [ebp - 0x60]
mov edx, ebx
xor ecx, ecx
shl edx, 0xa
add edx, 0x40f0
mov eax, dword [eax]
mov byte [ebp + ebx - 0x3a], al
mov byte [ebp + ebx - 0x3c], al
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc64cc:  ; not directly referenced
inc ebx
add dword [ebp - 0x60], 0x48
add dword [ebp - 0x50], 0x13c3
cmp ebx, 2
jne loc_fffc6267  ; jne 0xfffc6267
cmp dword [ebp - 0x74], 0
jne short loc_fffc64f9  ; jne 0xfffc64f9

loc_fffc64e7:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
lea eax, [eax + eax - 1]
mov dword [ebp - 0xd8], eax
jmp near loc_fffc66b2  ; jmp 0xfffc66b2

loc_fffc64f9:  ; not directly referenced
test byte [ebp - 0x70], 1
je short loc_fffc652a  ; je 0xfffc652a
movzx eax, byte [ebp - 0x58]
imul edx, dword [ebp - 0x64], 0x24
mov esi, dword [ebp - 0x54]
mov ebx, dword [ebp - 0x94]
imul eax, eax, 0x12
mov ecx, dword [ebp - 0x7c]
add eax, edx
add eax, dword [ebp - 0x4c]
mov edx, dword [esi + eax*4]
mov dword [ebx + ecx], edx
mov eax, dword [esi + eax*4]
mov byte [ebp - 0x3a], al
mov byte [ebp - 0x3c], al

loc_fffc652a:  ; not directly referenced
cmp dword [ebp - 0xa0], 0
je short loc_fffc64e7  ; je 0xfffc64e7
movzx eax, byte [ebp - 0x58]
imul edx, dword [ebp - 0x64], 0x24
mov esi, dword [ebp - 0x54]
mov ebx, dword [ebp - 0x94]
imul eax, eax, 0x12
mov ecx, dword [ebp - 0x7c]
add eax, edx
add eax, dword [ebp - 0x4c]
mov edx, dword [esi + eax*4]
mov dword [ebx + ecx + 0x48], edx
mov eax, dword [esi + eax*4]
mov byte [ebp - 0x39], al
mov byte [ebp - 0x3b], al
jmp short loc_fffc64e7  ; jmp 0xfffc64e7

loc_fffc6561:  ; not directly referenced
cmp byte [ebp - 0x6d], 0xc
jne loc_fffc67ac  ; jne 0xfffc67ac
mov eax, dword [ebp - 0x60]
cmp byte [ebp - 0x6e], 0
mov al, byte [eax + 0xc4]
setne dl
cmp dword [ebp + 0x1c], 0
mov byte [ebp - 0x78], al
setne al
test dl, al
jne loc_fffc66fa  ; jne 0xfffc66fa

loc_fffc658d:  ; not directly referenced
cmp dword [ebp - 0x88], 0
movzx ecx, byte [ebp - 0x78]
jne loc_fffc6795  ; jne 0xfffc6795
push esi
push 0
push dword [ebp - 0x50]
push 3
push ecx
push 0
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffc65b3:  ; not directly referenced
inc ebx
add dword [ebp - 0x60], 0x13c3
cmp ebx, 2
je loc_fffc6648  ; je 0xfffc6648

loc_fffc65c4:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
bt eax, ebx
jae short loc_fffc65b3  ; jae 0xfffc65b3
imul eax, ebx, 0x48
mov ecx, dword [ebp - 0x90]
mov esi, dword [ebp - 0xd8]
imul esi, dword [ecx + eax]
cmp byte [ebp - 0x6d], 0xd
mov dword [ebp - 0x50], esi
jne loc_fffc6561  ; jne 0xfffc6561
cmp byte [ebp - 0x6e], 0
setne dl
cmp dword [ebp + 0x1c], 0
setne al
test dl, al
je short loc_fffc661e  ; je 0xfffc661e
push 0
push 0
push 0
push 0
push 0
push 0
push 2
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x14
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10

loc_fffc661e:  ; not directly referenced
push 0
push 0
push 0
push 0
push dword [ebp - 0x50]
push 0
push 2
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x20
cmp dword [ebp + 0x1c], 0
jne short loc_fffc6648  ; jne 0xfffc6648
sub esp, 0xc
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10

loc_fffc6648:  ; not directly referenced
push eax
xor eax, eax
movzx ecx, byte [edi + 0x248b]
cmp dword [ebp - 0x80], 0
mov edx, dword [ebp - 0x6c]
push 0
sete al
push eax
lea eax, [ebp - 0x24]
push eax
mov eax, edi
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10
mov byte [ebp - 0x6e], al
movzx eax, al
or dword [ebp - 0xb0], eax
cmp byte [ebp - 0xb1], 0
jne loc_fffc689e  ; jne 0xfffc689e
movzx eax, byte [ebp - 0xa1]
dec eax
cmp dword [ebp - 0x80], eax
jae loc_fffc689e  ; jae 0xfffc689e
movzx eax, byte [ebp - 0x70]
cmp dword [ebp - 0xb0], eax
jne loc_fffc689e  ; jne 0xfffc689e

loc_fffc66a7:  ; not directly referenced
cmp word [ebp - 0x28], 0
jne loc_fffc6c97  ; jne 0xfffc6c97

loc_fffc66b2:  ; not directly referenced
mov ecx, 4
mov edx, 0x4800
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov dword [ebp - 0xb0], 0
mov dword [ebp - 0x80], 0

loc_fffc66d4:  ; not directly referenced
movzx eax, byte [ebp - 0xa1]
cmp dword [ebp - 0x80], eax
jae short loc_fffc66a7  ; jae 0xfffc66a7
mov eax, dword [ebp - 0xa8]
xor ebx, ebx
mov dword [ebp - 0x98], 0
mov dword [ebp - 0x60], eax
jmp near loc_fffc65c4  ; jmp 0xfffc65c4

loc_fffc66fa:  ; not directly referenced
cmp dword [ebp - 0x98], 0
jne loc_fffc658d  ; jne 0xfffc658d
cmp dword [ebp - 0x8c], 0
jne short loc_fffc672b  ; jne 0xfffc672b

loc_fffc6710:  ; not directly referenced
sub esp, 0xc
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
mov dword [ebp - 0x98], 1
jmp near loc_fffc658d  ; jmp 0xfffc658d

loc_fffc672b:  ; not directly referenced
movzx eax, byte [ebp - 0x6e]
xor esi, esi
mov dword [ebp - 0xcc], eax
movzx eax, byte [ebp - 0x78]
mov dword [ebp - 0x98], eax

loc_fffc6741:  ; not directly referenced
mov eax, dword [ebp - 0xcc]
bt eax, esi
jae short loc_fffc678a  ; jae 0xfffc678a
cmp dword [ebp - 0x88], 0
jne short loc_fffc6770  ; jne 0xfffc6770
push eax
push 0
push 0
push 3
push dword [ebp - 0x98]
push 0
push esi
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
jmp short loc_fffc678a  ; jmp 0xfffc678a

loc_fffc6770:  ; not directly referenced
push 0
mov ecx, dword [ebp - 0x98]
mov edx, ebx
push 0
mov eax, edi
push 0
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffc678a:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffc6741  ; jne 0xfffc6741
jmp near loc_fffc6710  ; jmp 0xfffc6710

loc_fffc6795:  ; not directly referenced
push 0
mov edx, ebx
push 0
mov eax, edi
push dword [ebp - 0x50]
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
jmp near loc_fffc6844  ; jmp 0xfffc6844

loc_fffc67ac:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
lea ecx, [ebx + 1]
sar eax, cl
mov cl, byte [ebp - 0x6d]
mov dword [ebp - 0x78], eax
cmp cl, 5
sete al
test byte [ebp - 0xa2], al
jne short loc_fffc67d2  ; jne 0xfffc67d2
xor edx, edx
movzx esi, cl
jmp near loc_fffc6891  ; jmp 0xfffc6891

loc_fffc67d2:  ; not directly referenced
imul edx, dword [ebp - 0xe0], 0x18
imul eax, dword [ebp - 0xac], 0x128
mov esi, dword [ebp - 0x60]
mov ecx, dword [ebp - 0x68]
add eax, edx
lea esi, [esi + eax + 0x1266]
mov ax, word [esi + 0xb]
push edx
push edx
mov edx, ebx
or eax, 0x10
movzx eax, ax
push eax
mov eax, edi
push 3
call fcn_fffafd52  ; call 0xfffafd52
push dword [ebp - 0x78]
push 1
push 0xff
push dword [ebp - 0x68]
push dword [ebp - 0x50]
push 0
push ebx
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
mov ax, word [esi + 0xb]
add esp, 0x28
mov ecx, dword [ebp - 0x68]
mov edx, ebx
and eax, 0xffef
push eax
mov eax, edi
push 3
call fcn_fffafd52  ; call 0xfffafd52
mov dword [ebp - 0x84], eax

loc_fffc6844:  ; not directly referenced
add esp, 0x10
jmp near loc_fffc65b3  ; jmp 0xfffc65b3

loc_fffc684c:  ; not directly referenced
push 1
movzx eax, dl
push dword [ebp - 0x78]
mov dword [ebp - 0xcc], edx
push 0
push 0
push eax
push 0xff
push ebx
push 0
push dword [ebp - 0x80]
push dword [ebp - 0x50]
push esi
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
cmp dword [ebp - 0x9c], 0
mov dword [ebp - 0x84], eax
jne loc_fffc65b3  ; jne 0xfffc65b3
mov edx, dword [ebp - 0xcc]
inc edx

loc_fffc6891:  ; not directly referenced
cmp dl, byte [edi + 0x2488]
jb short loc_fffc684c  ; jb 0xfffc684c
jmp near loc_fffc65b3  ; jmp 0xfffc65b3

loc_fffc689e:  ; not directly referenced
mov eax, dword [ebp - 0x90]
xor ebx, ebx
mov dword [ebp - 0x98], eax
jmp short loc_fffc68c6  ; jmp 0xfffc68c6

loc_fffc68ae:  ; not directly referenced
cmp byte [ebp + ebx - 0x40], 1
jne short loc_fffc68d0  ; jne 0xfffc68d0

loc_fffc68b5:  ; not directly referenced
inc ebx
add dword [ebp - 0x98], 0x48
cmp ebx, 2
je loc_fffc6bb5  ; je 0xfffc6bb5

loc_fffc68c6:  ; not directly referenced
cmp word [ebp + ebx*2 - 0x28], 1
mov al, bl
je short loc_fffc68ae  ; je 0xfffc68ae

loc_fffc68d0:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
bt esi, ebx
jae short loc_fffc68b5  ; jae 0xfffc68b5
xor esi, esi
mov edx, ebx
cmp dword [ebp - 0x74], 0
cmove esi, eax
mov eax, esi
shl edx, 0xa
add edx, 0x4114
mov byte [ebp - 0x58], al
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov esi, dword [ebp - 0x98]
mov dl, byte [ebp + ebx - 0x3e]
mov esi, dword [esi]
mov ecx, esi
sub ecx, edx
and eax, 0x7fffff
mov dword [ebp - 0x78], eax
movzx eax, byte [ebp - 0x58]
mov dword [ebp - 0x50], esi
mov byte [ebp - 0x60], cl
jne loc_fffc69cb  ; jne 0xfffc69cb
mov cl, byte [ebp - 0x50]
cmp cl, byte [ebp + eax - 0x3c]
jne short loc_fffc698c  ; jne 0xfffc698c
cmp byte [ebp - 0x60], 0
jns short loc_fffc6951  ; jns 0xfffc6951
cmp byte [ebp + eax - 0x3a], cl
jne short loc_fffc6941  ; jne 0xfffc6941

loc_fffc6935:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov byte [ebp + ebx - 0x3e], al
jmp near loc_fffc6b19  ; jmp 0xfffc6b19

loc_fffc6941:  ; not directly referenced
mov dword [ebp - 0x2c], 1

loc_fffc6948:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
test eax, eax
jne short loc_fffc6948  ; jne 0xfffc6948
jmp short loc_fffc6935  ; jmp 0xfffc6935

loc_fffc6951:  ; not directly referenced
cmp byte [ebp - 0x60], 1
jne short loc_fffc696d  ; jne 0xfffc696d
mov eax, dword [ebp + ebx*4 - 0x20]
shr eax, 8
xor ah, ah
mov dword [ebp + ebx*4 - 0x20], eax
mov al, byte [ebp - 0x50]
mov byte [ebx + ebp - 0x3e], al
jmp short loc_fffc69b3  ; jmp 0xfffc69b3

loc_fffc696d:  ; not directly referenced
xor eax, eax
cmp byte [ebp - 0x60], 2
je loc_fffc6a1d  ; je 0xfffc6a1d
mov dword [ebp - 0x30], 1

loc_fffc6980:  ; not directly referenced
mov eax, dword [ebp - 0x30]
test eax, eax
jne short loc_fffc6980  ; jne 0xfffc6980
jmp near loc_fffc6b19  ; jmp 0xfffc6b19

loc_fffc698c:  ; not directly referenced
mov cl, byte [ebp - 0x50]
cmp cl, byte [ebp + eax - 0x3a]
jne loc_fffc6b0b  ; jne 0xfffc6b0b
cmp word [ebp + ebx*2 - 0x28], 1
je loc_fffc68b5  ; je 0xfffc68b5
cmp byte [ebp - 0x60], 0xff
jne short loc_fffc69bf  ; jne 0xfffc69bf
and dword [ebp + ebx*4 - 0x20], 0xffffff00

loc_fffc69b3:  ; not directly referenced
mov word [ebp + ebx*2 - 0x28], 1
jmp near loc_fffc6b19  ; jmp 0xfffc6b19

loc_fffc69bf:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov byte [ebx + ebp - 0x3e], al
jmp near loc_fffc6b02  ; jmp 0xfffc6b02

loc_fffc69cb:  ; not directly referenced
mov cl, byte [ebp + eax - 0x3c]
mov byte [ebp - 0xcc], cl
cmp byte [ebp - 0x50], cl
jne short loc_fffc6a3f  ; jne 0xfffc6a3f
cmp byte [ebp - 0x60], 2
jle short loc_fffc69f3  ; jle 0xfffc69f3
mov dword [ebp - 0x34], 1

loc_fffc69e7:  ; not directly referenced
mov eax, dword [ebp - 0x34]
test eax, eax
jne short loc_fffc69e7  ; jne 0xfffc69e7
jmp near loc_fffc6b19  ; jmp 0xfffc6b19

loc_fffc69f3:  ; not directly referenced
mov eax, dword [ebp - 0x78]
je short loc_fffc6a1d  ; je 0xfffc6a1d
call fcn_fffaebf8  ; call 0xfffaebf8
mov edx, dword [ebp + ebx*4 - 0x20]
mov byte [ebp + ebx - 0x40], 0
and edx, 0xff00ffff
movzx eax, al
shl eax, 0x10
or eax, edx
mov dword [ebp + ebx*4 - 0x20], eax
jmp near loc_fffc6b19  ; jmp 0xfffc6b19

loc_fffc6a1d:  ; not directly referenced
call fcn_fffaebf8  ; call 0xfffaebf8
mov edx, dword [ebp + ebx*4 - 0x20]
mov byte [ebp + ebx - 0x40], 1
and edx, 0xffffff
shl eax, 0x18
or eax, edx
mov dword [ebp + ebx*4 - 0x20], eax
jmp near loc_fffc6b19  ; jmp 0xfffc6b19

loc_fffc6a3f:  ; not directly referenced
mov cl, byte [ebp - 0x50]
cmp cl, byte [ebp + eax - 0x3a]
jne loc_fffc6b0b  ; jne 0xfffc6b0b
inc dl
je short loc_fffc6ac9  ; je 0xfffc6ac9
cmp byte [ebp - 0x60], 0
jg short loc_fffc6ac9  ; jg 0xfffc6ac9
movsx eax, byte [ebp - 0x60]
mov esi, eax
mov eax, dword [ebp - 0x78]
call fcn_fffaebf8  ; call 0xfffaebf8
mov ecx, dword [ebp + ebx*4 - 0x20]
mov edx, 1
sub edx, esi
shl edx, 3
mov dword [ebp - 0xd4], ecx
lea ecx, [edx + 0x1f]
mov dword [ebp - 0xd0], eax
mov eax, esi
xor esi, esi
cmp cl, 0x3e
ja short loc_fffc6abb  ; ja 0xfffc6abb
mov esi, eax
mov eax, 0xff
lea ecx, [esi*8 + 8]
movzx esi, byte [ebp - 0xd0]
shl eax, cl
not eax
and eax, dword [ebp - 0xd4]
shl esi, cl
mov cl, dl
or esi, eax
test dl, dl
jle short loc_fffc6ab7  ; jle 0xfffc6ab7
shl esi, cl
jmp short loc_fffc6abb  ; jmp 0xfffc6abb

loc_fffc6ab7:  ; not directly referenced
neg ecx
shr esi, cl

loc_fffc6abb:  ; not directly referenced
mov al, byte [ebp - 0x50]
mov dword [ebp + ebx*4 - 0x20], esi
dec eax
mov byte [ebp + ebx - 0x3e], al
jmp short loc_fffc6aec  ; jmp 0xfffc6aec

loc_fffc6ac9:  ; not directly referenced
mov eax, dword [ebp - 0x78]
mov esi, dword [ebp + ebx*4 - 0x20]
call fcn_fffaebf8  ; call 0xfffaebf8
movzx edx, si
and esi, 0xff0000
shr esi, 8
add esi, eax
shl esi, 0x10
or esi, edx
mov dword [ebp + ebx*4 - 0x20], esi

loc_fffc6aec:  ; not directly referenced
mov al, byte [ebp - 0xcc]
cmp byte [ebp - 0x50], al
jae short loc_fffc6afc  ; jae 0xfffc6afc
mov byte [ebp + ebx - 0x40], 1

loc_fffc6afc:  ; not directly referenced
cmp byte [ebp - 0x60], 0
jg short loc_fffc6b19  ; jg 0xfffc6b19

loc_fffc6b02:  ; not directly referenced
mov word [ebp + ebx*2 - 0x28], 0
jmp short loc_fffc6b19  ; jmp 0xfffc6b19

loc_fffc6b0b:  ; not directly referenced
mov dword [ebp - 0x38], 1

loc_fffc6b12:  ; not directly referenced
mov eax, dword [ebp - 0x38]
test eax, eax
jne short loc_fffc6b12  ; jne 0xfffc6b12

loc_fffc6b19:  ; not directly referenced
mov al, byte [ebp + ebx - 0x42]
cmp byte [ebp - 0x50], al
jne short loc_fffc6b27  ; jne 0xfffc6b27
mov byte [ebp + ebx - 0x40], 1

loc_fffc6b27:  ; not directly referenced
cmp dword [ebp - 0x78], 0
jne short loc_fffc6b42  ; jne 0xfffc6b42
cmp al, byte [ebp + ebx - 0x3e]
jne short loc_fffc6b42  ; jne 0xfffc6b42
cmp word [ebp + ebx*2 - 0x28], 1
jne short loc_fffc6b42  ; jne 0xfffc6b42
mov word [ebp + ebx*4 - 0x1e], 0xfffe

loc_fffc6b42:  ; not directly referenced
cmp byte [ebp - 0x50], 0
jne short loc_fffc6b66  ; jne 0xfffc6b66
cmp dword [ebp - 0x78], 0
mov word [ebp + ebx*2 - 0x28], 1
je short loc_fffc6b66  ; je 0xfffc6b66
mov byte [ebp + ebx - 0x40], 1
mov byte [ebp + ebx - 0x3e], 0
mov word [ebp + ebx*4 - 0x1e], 0x707

loc_fffc6b66:  ; not directly referenced
cmp dword [ebp - 0x74], 0
jne loc_fffc68b5  ; jne 0xfffc68b5
cmp word [ebp + ebx*2 - 0x28], 1
jne short loc_fffc6b9c  ; jne 0xfffc6b9c
cmp byte [ebp + ebx - 0x40], 1
je loc_fffc68b5  ; je 0xfffc68b5
mov al, byte [ebp + ebx - 0x3c]
mov esi, dword [ebp - 0x98]
inc eax
mov byte [ebp + ebx - 0x3c], al
movzx eax, al
mov dword [esi], eax
jmp near loc_fffc68b5  ; jmp 0xfffc68b5

loc_fffc6b9c:  ; not directly referenced
mov al, byte [ebp + ebx - 0x3a]
mov ecx, dword [ebp - 0x98]
dec eax
mov byte [ebp + ebx - 0x3a], al
movzx eax, al
mov dword [ecx], eax
jmp near loc_fffc68b5  ; jmp 0xfffc68b5

loc_fffc6bb5:  ; not directly referenced
cmp dword [ebp - 0x74], 0
je loc_fffc6c8f  ; je 0xfffc6c8f
cmp word [ebp - 0x28], 1
jne loc_fffc6c7b  ; jne 0xfffc6c7b
cmp word [ebp - 0x26], 1
jne loc_fffc6c7b  ; jne 0xfffc6c7b
cmp byte [ebp - 0x40], 1
jne short loc_fffc6be5  ; jne 0xfffc6be5
cmp byte [ebp - 0x3f], 1
je loc_fffc6c8f  ; je 0xfffc6c8f

loc_fffc6be5:  ; not directly referenced
movzx eax, byte [ebp - 0x58]
mov bl, byte [ebp + eax - 0x3c]
lea edx, [ebx + 1]
mov byte [ebp + eax - 0x3c], dl

loc_fffc6bf4:  ; not directly referenced
imul ecx, dword [ebp - 0x64], 0x24
movzx edx, dl
imul eax, eax, 0x12
mov ebx, dword [ebp - 0x54]
add eax, ecx
add eax, dword [ebp - 0x4c]
mov dword [ebx + eax*4], edx
test byte [ebp - 0x70], 1
je short loc_fffc6c3f  ; je 0xfffc6c3f
movzx eax, byte [ebp - 0x58]
imul ecx, dword [ebp - 0x64], 0x24
mov ebx, dword [ebp - 0x54]
mov esi, dword [ebp - 0x7c]
imul edx, eax, 0x12
add edx, ecx
add edx, dword [ebp - 0x4c]
mov edx, dword [ebx + edx*4]
mov ebx, dword [ebp - 0x94]
mov dword [ebx + esi], edx
mov dl, byte [ebp + eax - 0x3a]
mov al, byte [ebp + eax - 0x3c]
mov byte [ebp - 0x3a], dl
mov byte [ebp - 0x3c], al

loc_fffc6c3f:  ; not directly referenced
cmp dword [ebp - 0xa0], 0
je short loc_fffc6c8f  ; je 0xfffc6c8f
movzx eax, byte [ebp - 0x58]
imul ecx, dword [ebp - 0x64], 0x24
mov ebx, dword [ebp - 0x94]
mov esi, dword [ebp - 0x7c]
imul edx, eax, 0x12
add edx, ecx
mov ecx, dword [ebp - 0x54]
add edx, dword [ebp - 0x4c]
mov edx, dword [ecx + edx*4]
mov dword [ebx + esi + 0x48], edx
mov dl, byte [ebp + eax - 0x3a]
mov al, byte [ebp + eax - 0x3c]
mov byte [ebp - 0x39], dl
mov byte [ebp - 0x3b], al
jmp short loc_fffc6c8f  ; jmp 0xfffc6c8f

loc_fffc6c7b:  ; not directly referenced
movzx eax, byte [ebp - 0x58]
mov bl, byte [ebp + eax - 0x3a]
lea edx, [ebx - 1]
mov byte [ebp + eax - 0x3a], dl
jmp near loc_fffc6bf4  ; jmp 0xfffc6bf4

loc_fffc6c8f:  ; not directly referenced
inc dword [ebp - 0x80]
jmp near loc_fffc66d4  ; jmp 0xfffc66d4

loc_fffc6c97:  ; not directly referenced
cmp byte [ebp - 0x40], 0
je loc_fffc66b2  ; je 0xfffc66b2
cmp word [ebp - 0x26], 0
je loc_fffc66b2  ; je 0xfffc66b2
cmp byte [ebp - 0x3f], 0
je loc_fffc66b2  ; je 0xfffc66b2
xor ebx, ebx

loc_fffc6cb8:  ; not directly referenced
mov eax, dword [ebp - 0x6c]
bt eax, ebx
jae short loc_fffc6d0d  ; jae 0xfffc6d0d
cmp byte [ebp - 0xb1], 0
je short loc_fffc6cf9  ; je 0xfffc6cf9
mov edx, dword [ebp + ebx*4 - 0x20]
sub esp, 0xc
movzx eax, byte [ebp + ebx - 0x3e]
push dword [ebp + 0x18]
mov ecx, edx
shr edx, 0x10
shr ecx, 0x18
movzx edx, dl
call fcn_fffaa348  ; call 0xfffaa348
imul edx, ebx, 0x48
mov ecx, dword [ebp - 0x90]
add esp, 0x10
mov dword [ecx + edx], eax
jmp short loc_fffc6d0d  ; jmp 0xfffc6d0d

loc_fffc6cf9:  ; not directly referenced
movzx edx, byte [ebp + ebx - 0x3e]
imul eax, ebx, 0x48
mov esi, dword [ebp - 0x90]
imul edx, edx, 0xa
mov dword [esi + eax], edx

loc_fffc6d0d:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc6cb8  ; jne 0xfffc6cb8
inc dword [ebp - 0x4c]
add dword [ebp - 0x7c], 4
cmp dword [ebp - 0x4c], 2
jne loc_fffc61f5  ; jne 0xfffc61f5
cmp byte [ebp - 0x5c], 0xd
jne short loc_fffc6d46  ; jne 0xfffc6d46
push 0
push 0
push 0
push 0
push 0
push 0
push 2
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x20
jmp near loc_fffc6e84  ; jmp 0xfffc6e84

loc_fffc6d46:  ; not directly referenced
cmp byte [ebp - 0x5c], 0xc
jne short loc_fffc6d9a  ; jne 0xfffc6d9a
xor ebx, ebx

loc_fffc6d4e:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [ebp - 0x88], 0
movzx ecx, byte [edi + eax + 0x381a]
jne short loc_fffc6d7b  ; jne 0xfffc6d7b
push esi
push 0
push 0
push 3
push ecx
push 0
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
jmp short loc_fffc6d8f  ; jmp 0xfffc6d8f

loc_fffc6d7b:  ; not directly referenced
push 0
mov edx, ebx
push 0
mov eax, edi
push 0
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffc6d8f:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc6d4e  ; jne 0xfffc6d4e
jmp near loc_fffc6e84  ; jmp 0xfffc6e84

loc_fffc6d9a:  ; not directly referenced
cmp byte [ebp - 0x5c], 5
sete al
test byte [ebp - 0xa2], al
je loc_fffc6e5c  ; je 0xfffc6e5c
mov edx, dword [ebp - 0xc8]
xor ebx, ebx
mov eax, dword [ebp - 0xa8]
and edx, 1
mov dword [ebp - 0x4c], eax
imul edx, edx, 0x18
imul eax, dword [ebp - 0xac], 0x128
add eax, edx
mov dword [ebp - 0x58], eax

loc_fffc6dd3:  ; not directly referenced
mov esi, dword [ebp - 0x6c]
lea eax, [ebx + 1]
mov cl, al
mov edx, dword [ebp - 0x58]
mov dword [ebp - 0x50], eax
sar esi, cl
mov ecx, dword [ebp - 0x4c]
mov dword [ebp - 0x54], esi
lea esi, [ecx + edx + 0x1266]
mov ecx, dword [ebp - 0x68]
mov ax, word [esi + 0xb]
push edx
push edx
mov edx, ebx
or eax, 0x10
movzx eax, ax
push eax
mov eax, edi
push 3
call fcn_fffafd52  ; call 0xfffafd52
push dword [ebp - 0x54]
push 1
push 0xff
push dword [ebp - 0x68]
push 0
push 0
push ebx
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
mov ax, word [esi + 0xb]
add esp, 0x28
mov ecx, dword [ebp - 0x68]
mov edx, ebx
and eax, 0xffef
push eax
mov eax, edi
push 3
call fcn_fffafd52  ; call 0xfffafd52
mov ebx, dword [ebp - 0x50]
add esp, 0x10
add dword [ebp - 0x4c], 0x13c3
mov dword [ebp - 0x84], eax
cmp ebx, 2
jne loc_fffc6dd3  ; jne 0xfffc6dd3
jmp short loc_fffc6e84  ; jmp 0xfffc6e84

loc_fffc6e5c:  ; not directly referenced
push 2
movzx eax, byte [ebp - 0x5c]
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push eax
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
mov dword [ebp - 0x84], eax

loc_fffc6e84:  ; not directly referenced
mov eax, edi
xor ecx, ecx
mov edx, 0x4cf0
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp - 0x84]

loc_fffc6e98:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc6ea0:  ; not directly referenced
push ebp
mov ecx, 8
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x178
mov eax, dword [ebp + 8]
lea edi, [ebp - 0xe8]
mov edx, dword [ebp + 0xc]
mov dword [ebp - 0xbc], fcn_fffaafc2  ; mov dword [ebp - 0xbc], 0xfffaafc2
mov dword [ebp - 0xb0], fcn_fffaafda  ; mov dword [ebp - 0xb0], 0xfffaafda
mov dword [ebp - 0x130], eax
xor eax, eax
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0xf8]
mov dword [ebp - 0x12c], edx
mov edx, 0xcf8
mov dword [ebp - 0x5c], fcn_fffab0f8  ; mov dword [ebp - 0x5c], 0xfffab0f8
mov dword [ebp - 0x58], fcn_fffab0ef  ; mov dword [ebp - 0x58], 0xfffab0ef
mov dword [ebp - 0xa4], fcn_fffb3d4e  ; mov dword [ebp - 0xa4], 0xfffb3d4e
mov dword [ebp - 0xa0], fcn_fffb3dc0  ; mov dword [ebp - 0xa0], 0xfffb3dc0
mov cl, 4
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, 0x80000048
mov dword [ebp - 0x7c], fcn_fffc3868  ; mov dword [ebp - 0x7c], 0xfffc3868
mov dword [ebp - 0x78], fcn_fffc3844  ; mov dword [ebp - 0x78], 0xfffc3844
out dx, eax
push 0xcfc
call fcn_fffaafc2  ; call 0xfffaafc2
add esp, 0x10
mov ebx, eax
test al, 1
jne short loc_fffc6f40  ; jne 0xfffc6f40

loc_fffc6f39:  ; not directly referenced
xor eax, eax
jmp near loc_fffc82ec  ; jmp 0xfffc82ec

loc_fffc6f40:  ; not directly referenced
push 0x60
mov esi, dword [ebp - 0xb0]
push 0
push 0
push 0
call dword [ebp - 0x7c]  ; ucall
pop edi
pop edx
push eax
push 0xcf8
call esi
mov dword [esp], 0xcfc
call dword [ebp - 0xbc]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffc6f39  ; je 0xfffc6f39
and eax, 0xfffffff8
mov esi, eax
call fcn_fffa6801  ; call 0xfffa6801
mov dword [ebp - 0x144], 0
cmp eax, 0x40660
setne cl
cmp eax, 0x306c0
setne dl
test cl, dl
je short loc_fffc6fa8  ; je 0xfffc6fa8
cmp eax, 0x40650
setne al
movzx eax, al
mov dword [ebp - 0x144], eax

loc_fffc6fa8:  ; not directly referenced
push 0xbc
and ebx, 0xfffffffe
push 0
push 0
push 0
call dword [ebp - 0x78]  ; ucall
add eax, esi
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
push 0x90
push 0
push 0
push 0
mov dword [ebp - 0x160], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add eax, esi
push eax
call dword [ebp - 0xa0]  ; ucall
push 0x98
push 0
push 0
push 0
mov dword [ebp - 0x150], edx
mov dword [ebp - 0x138], eax
call dword [ebp - 0x78]  ; ucall
add esp, 0x14
add esi, eax
push esi
call dword [ebp - 0xa0]  ; ucall
mov edi, eax
lea eax, [ebx + 0x5024]
or edi, 0xfffff
mov dword [ebp - 0x164], edx
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x154], eax
lea eax, [ebx + 0x5014]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x140], eax
lea eax, [ebx + 0x5000]
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [ebp - 0x148], eax
lea eax, [ebx + 0x5004]
add ebx, 0x5008
mov dword [esp], eax
call dword [ebp - 0xa4]  ; ucall
mov dword [esp], ebx
mov esi, eax
call dword [ebp - 0xa4]  ; ucall
mov ecx, dword [ebp - 0x138]
add esp, 0xc
mov ebx, dword [ebp - 0x140]
mov edx, dword [ebp - 0x164]
push 0x16
and ecx, 0xfff00000
mov dword [ebp - 0x110], ecx
mov ecx, dword [ebp - 0x150]
mov dword [ebp - 0x138], edi
xor edi, edi
and edx, 0x7f
push edi
and ecx, 0x7f
mov dword [ebp - 0x10c], ecx
movzx ecx, bl
push ecx
mov dword [ebp - 0x104], esi
mov esi, ecx
mov dword [ebp - 0x100], eax
mov dword [ebp - 0xfc], 0
mov dword [ebp - 0x134], edx
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 0x16
push edi
mov edi, ebx
push esi
mov dword [ebp - 0x150], eax
mov dword [ebp - 0x14c], edx
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
xor edx, edx
push 0xe
mov eax, ebx
and eax, 0xff00
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
mov eax, ebx
push 6
and eax, 0xff0000
xor edx, edx
and edi, 0xff000000
push edx
push eax
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 2
mov dword [ebp - 0x168], edx
xor edx, edx
push edx
push edi
mov dword [ebp - 0x164], eax
call dword [ebp - 0x5c]  ; ucall
mov dword [ebp - 0x140], eax
mov eax, dword [ebp - 0x148]
mov dword [ebp - 0x13c], edx
and eax, 1
mov ebx, dword [ebp + eax*4 - 0x104]
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3bf5  ; call 0xfffc3bf5
mov esi, eax
mov edi, edx
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3bda  ; call 0xfffc3bda
add eax, esi
adc edx, edi
add esp, 0x10
cmp dword [ebp - 0x144], 1
jne short loc_fffc718e  ; jne 0xfffc718e
add eax, dword [ebp - 0x150]
adc edx, dword [ebp - 0x14c]
jmp short loc_fffc719a  ; jmp 0xfffc719a

loc_fffc718e:  ; not directly referenced
add eax, dword [ebp - 0x140]
adc edx, dword [ebp - 0x13c]

loc_fffc719a:  ; not directly referenced
mov esi, eax
mov eax, dword [ebp - 0x10c]
mov edi, edx
cmp dword [ebp - 0x134], eax
jb loc_fffc729e  ; jb 0xfffc729e
ja short loc_fffc71c4  ; ja 0xfffc71c4
mov eax, dword [ebp - 0x110]
cmp dword [ebp - 0x138], eax
jbe loc_fffc729e  ; jbe 0xfffc729e

loc_fffc71c4:  ; not directly referenced
mov eax, dword [ebp - 0x160]
mov cl, 1
mov ebx, dword [ebp - 0x134]
mov dword [ebp - 0x15c], 0
and eax, 0xfff00000
mov edx, eax
mov dword [ebp - 0x160], eax
cmp dword [ebp - 0x12c], ebx
jb short loc_fffc7203  ; jb 0xfffc7203
ja short loc_fffc7201  ; ja 0xfffc7201
mov ebx, dword [ebp - 0x138]
cmp dword [ebp - 0x130], ebx
jbe short loc_fffc7203  ; jbe 0xfffc7203

loc_fffc7201:  ; not directly referenced
xor ecx, ecx

loc_fffc7203:  ; not directly referenced
mov eax, dword [ebp - 0x10c]
mov bl, 1
cmp dword [ebp - 0x12c], eax
ja short loc_fffc7225  ; ja 0xfffc7225
jb short loc_fffc7223  ; jb 0xfffc7223
mov eax, dword [ebp - 0x110]
cmp dword [ebp - 0x130], eax
jae short loc_fffc7225  ; jae 0xfffc7225

loc_fffc7223:  ; not directly referenced
xor ebx, ebx

loc_fffc7225:  ; not directly referenced
test cl, bl
je short loc_fffc724f  ; je 0xfffc724f
mov eax, dword [ebp - 0x160]
mov edx, dword [ebp - 0x15c]
sub eax, dword [ebp - 0x110]
sbb edx, dword [ebp - 0x10c]
add eax, dword [ebp - 0x130]
adc edx, dword [ebp - 0x12c]
jmp short loc_fffc72aa  ; jmp 0xfffc72aa

loc_fffc724f:  ; not directly referenced
cmp dword [ebp - 0x12c], 0
ja short loc_fffc7260  ; ja 0xfffc7260
cmp dword [ebp - 0x130], edx
jb short loc_fffc729e  ; jb 0xfffc729e

loc_fffc7260:  ; not directly referenced
mov eax, dword [ebp - 0x160]
mov edx, dword [ebp - 0x15c]
add eax, dword [ebp - 0x138]
adc edx, dword [ebp - 0x134]
sub eax, dword [ebp - 0x110]
sbb edx, dword [ebp - 0x10c]
cmp dword [ebp - 0x12c], edx
ja short loc_fffc729e  ; ja 0xfffc729e
jb loc_fffc826e  ; jb 0xfffc826e
cmp dword [ebp - 0x130], eax
jbe loc_fffc826e  ; jbe 0xfffc826e

loc_fffc729e:  ; not directly referenced
mov eax, dword [ebp - 0x130]
mov edx, dword [ebp - 0x12c]

loc_fffc72aa:  ; not directly referenced
push ecx
push 6
push edx
push eax
call dword [ebp - 0x58]  ; ucall
mov ebx, dword [ebp - 0x148]
add esp, 0x10
shr ebx, 6
and ebx, 1
cmp dword [ebp - 0x144], 1
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
jne short loc_fffc72f7  ; jne 0xfffc72f7
push edx
push 1
push dword [ebp - 0x14c]
push dword [ebp - 0x150]
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
mov dword [ebp - 0x164], eax
mov dword [ebp - 0x168], edx

loc_fffc72f7:  ; not directly referenced
test ebx, ebx
je short loc_fffc7360  ; je 0xfffc7360
cmp dword [ebp - 0x10c], edi
ja loc_fffc826e  ; ja 0xfffc826e
jb short loc_fffc7315  ; jb 0xfffc7315
cmp dword [ebp - 0x110], esi
jae loc_fffc826e  ; jae 0xfffc826e

loc_fffc7315:  ; not directly referenced
push eax
mov eax, dword [ebp - 0x148]
shr eax, 7
and eax, 7
push eax
push 0
push 0x400000
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x10c], edx
jb loc_fffc74a0  ; jb 0xfffc74a0
ja short loc_fffc734a  ; ja 0xfffc734a
cmp dword [ebp - 0x110], eax
jb loc_fffc74a0  ; jb 0xfffc74a0

loc_fffc734a:  ; not directly referenced
sub dword [ebp - 0x110], eax
mov edi, 1
sbb dword [ebp - 0x10c], edx
jmp near loc_fffc74a2  ; jmp 0xfffc74a2

loc_fffc7360:  ; not directly referenced
mov eax, dword [ebp - 0x168]
cmp dword [ebp - 0x10c], eax
ja loc_fffc744d  ; ja 0xfffc744d
jb short loc_fffc7386  ; jb 0xfffc7386
mov eax, dword [ebp - 0x164]
cmp dword [ebp - 0x110], eax
jae loc_fffc744d  ; jae 0xfffc744d

loc_fffc7386:  ; not directly referenced
test dword [ebp - 0x154], 0x800000
je loc_fffc7421  ; je 0xfffc7421
mov eax, dword [ebp - 0x154]
mov edx, 1
xor edi, edi
mov esi, eax
and ax, 0x3fff
shr esi, 0x15
and esi, 3
mov ecx, esi
shl edx, cl
xor ecx, ecx
or eax, edx
and eax, dword [ebp - 0x110]
movzx eax, ax

loc_fffc73c0:  ; not directly referenced
mov edx, eax
sar edx, cl
inc ecx
xor edi, edx
cmp ecx, 0xe
jne short loc_fffc73c0  ; jne 0xfffc73c0
push eax
and edi, 1
push esi
push 0
push 1
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push esi
mov ebx, eax
mov ecx, edx
mov eax, dword [ebp - 0x110]
mov edx, dword [ebp - 0x10c]
not ebx
not ecx
and ebx, eax
and ecx, edx
xor edx, edx
mov dword [ebp - 0x138], ecx
mov ecx, ebx
and ecx, 1
push edx
push ecx
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x138]
add esp, 0x10
or ebx, eax
or ecx, edx
mov dword [ebp - 0x110], ebx
mov dword [ebp - 0x10c], ecx
jmp short loc_fffc742a  ; jmp 0xfffc742a

loc_fffc7421:  ; not directly referenced
mov edi, dword [ebp - 0x110]
and edi, 1

loc_fffc742a:  ; not directly referenced
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
jmp short loc_fffc74a2  ; jmp 0xfffc74a2

loc_fffc744d:  ; not directly referenced
cmp dword [ebp - 0x10c], edi
ja loc_fffc826e  ; ja 0xfffc826e
jb short loc_fffc7467  ; jb 0xfffc7467
cmp dword [ebp - 0x110], esi
jae loc_fffc826e  ; jae 0xfffc826e

loc_fffc7467:  ; not directly referenced
cmp dword [ebp - 0x144], 1
jne short loc_fffc7488  ; jne 0xfffc7488
mov eax, dword [ebp - 0x150]
mov edx, dword [ebp - 0x14c]
mov dword [ebp - 0x140], eax
mov dword [ebp - 0x13c], edx

loc_fffc7488:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
sub dword [ebp - 0x110], eax
sbb dword [ebp - 0x10c], edx

loc_fffc74a0:  ; not directly referenced
xor edi, edi

loc_fffc74a2:  ; not directly referenced
mov eax, dword [ebp - 0x148]
movzx edi, di
lea ecx, [edi + edi]
shr eax, cl
and eax, 1
mov word [ebp - 0x158], ax
movzx eax, ax
mov ebx, dword [ebp + eax*4 - 0x104]
mov dword [ebp - 0x16c], eax
lea eax, [ebp - 0xc4]
mov edx, ebx
call fcn_fffc3bf5  ; call 0xfffc3bf5
mov dword [ebp - 0x138], eax
lea eax, [ebp - 0xc4]
mov dword [ebp - 0x134], edx
mov edx, ebx
call fcn_fffc3bda  ; call 0xfffc3bda
mov ecx, ebx
shr ecx, 0x16
mov dword [ebp - 0x150], ecx
and dword [ebp - 0x150], 1
mov dword [ebp - 0x140], eax
mov eax, ebx
shr eax, 0x15
mov edi, eax
mov dword [ebp - 0x13c], edx
mov edx, ebx
and edi, 1
shr edx, 0x1a
mov dword [ebp - 0x164], edi
mov edi, edx
or eax, edx
and edi, 1
mov dword [ebp - 0x168], edi
test al, 1
je loc_fffc75fd  ; je 0xfffc75fd
push eax
push 1
push dword [ebp - 0x13c]
push dword [ebp - 0x140]
call dword [ebp - 0x5c]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x10c], edx
ja short loc_fffc75b1  ; ja 0xfffc75b1
jb short loc_fffc755f  ; jb 0xfffc755f
cmp dword [ebp - 0x110], eax
jae short loc_fffc75b1  ; jae 0xfffc75b1

loc_fffc755f:  ; not directly referenced
push eax
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov esi, eax
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x110]
and esi, 1
add esp, 0x10
and ecx, 0x1ff
and eax, 0xfffffe00
or eax, ecx
mov dword [ebp - 0x110], eax
mov dword [ebp - 0x10c], edx
jmp near loc_fffc766e  ; jmp 0xfffc766e

loc_fffc75b1:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
add eax, dword [ebp - 0x138]
adc edx, dword [ebp - 0x134]
cmp dword [ebp - 0x10c], edx
ja loc_fffc826e  ; ja 0xfffc826e
jb short loc_fffc75e3  ; jb 0xfffc75e3
cmp dword [ebp - 0x110], eax
jae loc_fffc826e  ; jae 0xfffc826e

loc_fffc75e3:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
sub dword [ebp - 0x110], eax
sbb dword [ebp - 0x10c], edx
jmp short loc_fffc766c  ; jmp 0xfffc766c

loc_fffc75fd:  ; not directly referenced
mov eax, dword [ebp - 0x134]
cmp dword [ebp - 0x10c], eax
jb short loc_fffc766c  ; jb 0xfffc766c
ja short loc_fffc761b  ; ja 0xfffc761b
mov eax, dword [ebp - 0x138]
cmp dword [ebp - 0x110], eax
jb short loc_fffc766c  ; jb 0xfffc766c

loc_fffc761b:  ; not directly referenced
mov eax, dword [ebp - 0x140]
mov edx, dword [ebp - 0x13c]
add eax, dword [ebp - 0x138]
adc edx, dword [ebp - 0x134]
cmp dword [ebp - 0x10c], edx
ja loc_fffc826e  ; ja 0xfffc826e
jb short loc_fffc764d  ; jb 0xfffc764d
cmp dword [ebp - 0x110], eax
jae loc_fffc826e  ; jae 0xfffc826e

loc_fffc764d:  ; not directly referenced
mov eax, dword [ebp - 0x138]
mov esi, 1
mov edx, dword [ebp - 0x134]
sub dword [ebp - 0x110], eax
sbb dword [ebp - 0x10c], edx
jmp short loc_fffc766e  ; jmp 0xfffc766e

loc_fffc766c:  ; not directly referenced
xor esi, esi

loc_fffc766e:  ; not directly referenced
mov eax, dword [ebp - 0x148]
shr eax, 0xa
mov dword [ebp - 0x154], eax
mov eax, ebx
shr eax, 0x10
and eax, 1
mov word [ebp - 0x118], ax
and dword [ebp - 0x154], 1
xor word [ebp - 0x118], si
test si, si
je short loc_fffc76d9  ; je 0xfffc76d9
mov edx, dword [ebp - 0x148]
mov eax, ebx
mov ecx, ebx
shr eax, 0x12
mov edi, dword [ebp - 0x140]
mov dword [ebp - 0x138], eax
lea eax, [ebp - 0xc4]
and dword [ebp - 0x138], 1
call fcn_fffb8408  ; call 0xfffb8408
test ebx, 0x100000
mov word [ebp - 0x116], ax
jmp short loc_fffc7711  ; jmp 0xfffc7711

loc_fffc76d9:  ; not directly referenced
mov edx, dword [ebp - 0x148]
mov eax, ebx
mov ecx, ebx
shr eax, 0x11
mov edi, dword [ebp - 0x138]
mov dword [ebp - 0x138], eax
lea eax, [ebp - 0xc4]
and dword [ebp - 0x138], 1
call fcn_fffb8396  ; call 0xfffb8396
test ebx, 0x80000
mov word [ebp - 0x116], ax

loc_fffc7711:  ; not directly referenced
je short loc_fffc771a  ; je 0xfffc771a
mov esi, 0x10
jmp short loc_fffc7729  ; jmp 0xfffc7729

loc_fffc771a:  ; not directly referenced
cmp dword [ebp - 0x154], 1
sbb esi, esi
and esi, 0xffffffe8
add esi, 0x20

loc_fffc7729:  ; not directly referenced
mov eax, dword [ebp - 0x148]
shr eax, 0xb
mov dword [ebp - 0x140], eax
and dword [ebp - 0x140], 1
cmp dword [ebp - 0x144], 1
jne short loc_fffc7762  ; jne 0xfffc7762
mov eax, dword [ebp - 0x110]
mov edx, eax
shr dx, 1
cmp dword [ebp - 0x140], 0
cmovne eax, edx
shl eax, 3
jmp short loc_fffc779a  ; jmp 0xfffc779a

loc_fffc7762:  ; not directly referenced
push eax
push 3
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x5c]  ; ucall
add esp, 0xc
push 3
push dword [ebp - 0x12c]
push dword [ebp - 0x130]
mov dword [ebp - 0x160], eax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
or eax, dword [ebp - 0x160]

loc_fffc779a:  ; not directly referenced
mov cl, byte [ebp - 0x116]
mov edx, 1
shl edx, cl
lea ecx, [edx - 1]
mov word [ebp - 0x160], cx
and word [ebp - 0x160], ax
mov eax, dword [ebp - 0x160]
cmp dword [ebp - 0x140], 0
mov word [ebp - 0x156], ax
je loc_fffc7cd6  ; je 0xfffc7cd6
push ecx
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x110]
xor edx, edx
add esp, 0xc
push 2
and ecx, 1
push edx
push ecx
mov dword [ebp - 0x114], eax
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x114]
add esp, 0x10
and ecx, 3
mov word [ebp - 0x114], cx
or word [ebp - 0x114], ax
mov al, byte [ebp - 0x168]
test byte [ebp - 0x138], al
mov eax, dword [ebp - 0x58]
je loc_fffc7a04  ; je 0xfffc7a04
shr ebx, 0x1b
and ebx, 7
cmp si, 8
jne loc_fffc794a  ; jne 0xfffc794a
push edx
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
mov esi, eax
and esi, 8
or esi, dword [ebp - 0x114]
cmp dword [ebp - 0x150], 0
jne short loc_fffc786f  ; jne 0xfffc786f
mov word [ebp - 0x114], si
jmp short loc_fffc78dd  ; jmp 0xfffc78dd

loc_fffc786f:  ; not directly referenced
push eax
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov dword [ebp - 0x114], eax
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x114]
add esp, 0xc
push 0xb
push dword [ebp - 0x10c]
and ecx, 3
mov word [ebp - 0x114], cx
and eax, 4
push dword [ebp - 0x110]
xor word [ebp - 0x114], ax
xor word [ebp - 0x114], si
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 8
xor word [ebp - 0x114], ax

loc_fffc78dd:  ; not directly referenced
lea eax, [ebx + 0xf]
movzx ebx, bx
push ecx
movzx eax, al
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xb
push dword [ebp - 0x10c]
and eax, 1
push dword [ebp - 0x110]
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 4]
mov edx, 1
shl edx, cl
dec edx
mov ecx, edx
not ecx
mov esi, eax
and edx, eax
shr si, 1
mov eax, edi
mov word [ebp - 0x128], si
shr eax, 0xc
and word [ebp - 0x128], cx
or word [ebp - 0x128], dx
jmp near loc_fffc79f4  ; jmp 0xfffc79f4

loc_fffc794a:  ; not directly referenced
cmp dword [ebp - 0x150], 0
je short loc_fffc798c  ; je 0xfffc798c
push edx
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0xc
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov esi, eax
call dword [ebp - 0x58]  ; ucall
and esi, 3
add esp, 0x10
and eax, 4
xor esi, eax
xor word [ebp - 0x114], si

loc_fffc798c:  ; not directly referenced
lea eax, [ebx + 0xe]
movzx ebx, bx
push esi
movzx eax, al
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xa
push dword [ebp - 0x10c]
and eax, 1
push dword [ebp - 0x110]
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 4]
mov edx, 1
shl edx, cl
dec edx
mov ecx, edx
not ecx
mov esi, eax
and edx, eax
shr si, 1
mov eax, edi
mov word [ebp - 0x128], si
shr eax, 0xb
and word [ebp - 0x128], cx
or word [ebp - 0x128], dx

loc_fffc79f4:  ; not directly referenced
dec eax

loc_fffc79f5:  ; not directly referenced
and word [ebp - 0x128], ax

loc_fffc79fc:  ; not directly referenced
add esp, 0x10
jmp near loc_fffc8107  ; jmp 0xfffc8107

loc_fffc7a04:  ; not directly referenced
mov cl, byte [ebp - 0x164]
test byte [ebp - 0x138], cl
je loc_fffc7b71  ; je 0xfffc7b71
push ecx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
and eax, 1
cmp si, 8
mov word [ebp - 0x116], ax
mov eax, dword [ebp - 0x58]
jne loc_fffc7aed  ; jne 0xfffc7aed
push edx
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
and eax, 8
or word [ebp - 0x114], ax
cmp dword [ebp - 0x150], 0
je short loc_fffc7ad6  ; je 0xfffc7ad6
push eax
push 0xd
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
and ebx, 3
mov esi, dword [ebp - 0x10c]
add esp, 0xc
push 0xd
push esi
and eax, 4
xor ebx, eax
xor word [ebp - 0x114], bx
mov ebx, dword [ebp - 0x110]
push ebx
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 0xf
push esi
push ebx
and eax, 8
xor word [ebp - 0x114], ax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 1
xor word [ebp - 0x116], ax

loc_fffc7ad6:  ; not directly referenced
push esi
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
shr edi, 0xc
jmp short loc_fffc7b62  ; jmp 0xfffc7b62

loc_fffc7aed:  ; not directly referenced
cmp dword [ebp - 0x150], 0
je short loc_fffc7b4d  ; je 0xfffc7b4d
push ebx
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0xc
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
and ebx, 3
add esp, 0xc
push 0xe
push dword [ebp - 0x10c]
and eax, 4
push dword [ebp - 0x110]
xor ebx, eax
xor word [ebp - 0x114], bx
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 1
xor word [ebp - 0x116], ax

loc_fffc7b4d:  ; not directly referenced
push ecx
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
shr edi, 0xb

loc_fffc7b62:  ; not directly referenced
lea edi, [edi - 1]
mov word [ebp - 0x128], di
jmp near loc_fffc79f5  ; jmp 0xfffc79f5

loc_fffc7b71:  ; not directly referenced
mov edx, edi
shr edx, 1
test dword [ebp - 0x110], edx
setne dl
mov ecx, edx
and ecx, dword [ebp - 0x138]
mov word [ebp - 0x116], cx
cmp si, 8
jne loc_fffc7c68  ; jne 0xfffc7c68
push edx
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0x10
mov ebx, eax
and ebx, 8
or ebx, dword [ebp - 0x114]
cmp dword [ebp - 0x150], 0
jne short loc_fffc7bc8  ; jne 0xfffc7bc8
mov word [ebp - 0x114], bx
jmp short loc_fffc7c2c  ; jmp 0xfffc7c2c

loc_fffc7bc8:  ; not directly referenced
push eax
push 0xc
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 9
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov esi, eax
call dword [ebp - 0x58]  ; ucall
and esi, 3
mov word [ebp - 0x114], si
add esp, 0xc
push 0xb
push dword [ebp - 0x10c]
and eax, 4
push dword [ebp - 0x110]
xor word [ebp - 0x114], ax
xor word [ebp - 0x114], bx
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 8
xor word [ebp - 0x114], ax

loc_fffc7c2c:  ; not directly referenced
push esi
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
xor edx, edx
add esp, 0xc
mov ebx, eax
mov eax, dword [ebp - 0x138]
add eax, 0xb
push eax
push edx
push edi
call dword [ebp - 0x58]  ; ucall
dec eax
mov word [ebp - 0x128], ax
and word [ebp - 0x128], bx
jmp near loc_fffc79fc  ; jmp 0xfffc79fc

loc_fffc7c68:  ; not directly referenced
cmp dword [ebp - 0x150], 0
je short loc_fffc7caa  ; je 0xfffc7caa
push ebx
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call eax
add esp, 0xc
push 8
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
and ebx, 3
add esp, 0x10
and eax, 4
xor ebx, eax
xor word [ebp - 0x114], bx

loc_fffc7caa:  ; not directly referenced
push ecx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x138]
add ecx, 0xa
shr edi, cl
lea esi, [edi - 1]
mov word [ebp - 0x128], si
jmp near loc_fffc79f5  ; jmp 0xfffc79f5

loc_fffc7cd6:  ; not directly referenced
cmp word [ebp - 0x116], 9
jne short loc_fffc7d0d  ; jne 0xfffc7d0d
push edx
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x5c]  ; ucall
mov ecx, dword [ebp - 0x144]
add esp, 0x10
dec ecx
mov dword [ebp - 0x110], eax
lea eax, [edi + edi]
mov dword [ebp - 0x10c], edx
jmp short loc_fffc7d43  ; jmp 0xfffc7d43

loc_fffc7d0d:  ; not directly referenced
cmp word [ebp - 0x116], 0xb
jne short loc_fffc7d46  ; jne 0xfffc7d46
push eax
push 1
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x110], eax
mov eax, edi
shr eax, 1
cmp dword [ebp - 0x144], 1
mov dword [ebp - 0x10c], edx

loc_fffc7d43:  ; not directly referenced
cmove edi, eax

loc_fffc7d46:  ; not directly referenced
mov al, byte [ebp - 0x168]
test byte [ebp - 0x138], al
je loc_fffc7e1d  ; je 0xfffc7e1d
shr ebx, 0x1b
and ebx, 7
push eax
lea eax, [ebx + 0xe]
movzx eax, al
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 7
push dword [ebp - 0x10c]
and eax, 1
push dword [ebp - 0x110]
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
cmp dword [ebp - 0x150], 0
mov word [ebp - 0x114], ax
je short loc_fffc7dc8  ; je 0xfffc7dc8
push eax
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
xor word [ebp - 0x114], ax

loc_fffc7dc8:  ; not directly referenced
push eax
movzx ebx, bx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
lea ecx, [ebx + 4]
mov edx, 1
shl edx, cl
lea ecx, [edx - 1]
mov ebx, ecx
add esp, 0x10
not ebx
mov edx, eax
and eax, ecx
shr dx, 1
and edx, ebx
or edx, eax
mov al, byte [ebp - 0x144]
lea ecx, [eax + 0xa]
mov eax, edi
shr eax, cl
dec eax
mov word [ebp - 0x128], ax
and word [ebp - 0x128], dx
jmp near loc_fffc8107  ; jmp 0xfffc8107

loc_fffc7e1d:  ; not directly referenced
mov al, byte [ebp - 0x164]
test byte [ebp - 0x138], al
je loc_fffc7ef8  ; je 0xfffc7ef8
cmp dword [ebp - 0x150], 0
je short loc_fffc7e62  ; je 0xfffc7e62
mov esi, dword [ebp - 0x10c]
mov ebx, dword [ebp - 0x110]
push eax
push 4
push esi
push ebx
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
mov dword [ebp - 0x10c], esi
and eax, 0x780
xor eax, ebx
mov dword [ebp - 0x110], eax

loc_fffc7e62:  ; not directly referenced
mov esi, dword [ebp - 0x10c]
mov ebx, dword [ebp - 0x110]
push eax
push 9
push esi
push ebx
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 8
push esi
push ebx
mov dword [ebp - 0x110], ebx
and eax, 1
mov word [ebp - 0x116], ax
mov dword [ebp - 0x10c], esi
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
mov ebx, eax
call dword [ebp - 0x58]  ; ucall
add esp, 0xc
and ebx, 4
push 0xb
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
and eax, 3
mov word [ebp - 0x114], ax
or word [ebp - 0x114], bx
call dword [ebp - 0x58]  ; ucall
mov cl, byte [ebp - 0x144]
add esp, 0x10
add ecx, 0xa
shr edi, cl
lea edi, [edi - 1]
mov word [ebp - 0x128], di
and word [ebp - 0x128], ax
jmp near loc_fffc8107  ; jmp 0xfffc8107

loc_fffc7ef8:  ; not directly referenced
cmp dword [ebp - 0x144], 1
jne loc_fffc7f9a  ; jne 0xfffc7f9a
mov ecx, dword [ebp - 0x110]
mov eax, edi
shr eax, 1
mov ebx, dword [ebp - 0x10c]
push esi
push 7
test ecx, eax
setne al
and eax, dword [ebp - 0x138]
push ebx
push ecx
mov word [ebp - 0x116], ax
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
cmp dword [ebp - 0x150], 0
mov word [ebp - 0x114], ax
je short loc_fffc7f64  ; je 0xfffc7f64
push ebx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
xor word [ebp - 0x114], ax

loc_fffc7f64:  ; not directly referenced
push ecx
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
mov ecx, dword [ebp - 0x138]
add esp, 0x10
add ecx, 0xa
shr edi, cl
lea esi, [edi - 1]
mov word [ebp - 0x128], si
and word [ebp - 0x128], ax
jmp near loc_fffc8114  ; jmp 0xfffc8114

loc_fffc7f9a:  ; not directly referenced
cmp dword [ebp - 0x138], 0
je loc_fffc8089  ; je 0xfffc8089
mov al, byte [ebp - 0x154]
and eax, 1
cmp word [ebp - 0x116], 0xb
sete dl
test dl, al
je short loc_fffc7fdf  ; je 0xfffc7fdf
cmp edi, 0x4000000
je short loc_fffc7fda  ; je 0xfffc7fda
cmp edi, 0x8000000
jne loc_fffc8257  ; jne 0xfffc8257
mov edi, 0x4000000
jmp short loc_fffc7fdf  ; jmp 0xfffc7fdf

loc_fffc7fda:  ; not directly referenced
mov edi, 0x2000000

loc_fffc7fdf:  ; not directly referenced
cmp word [ebp - 0x116], 9
sete dl
test dl, al
je short loc_fffc7ffb  ; je 0xfffc7ffb
cmp edi, 0x1000000
je short loc_fffc805d  ; je 0xfffc805d
jmp near loc_fffc8257  ; jmp 0xfffc8257

loc_fffc7ffb:  ; not directly referenced
cmp edi, 0x2000000
je short loc_fffc805d  ; je 0xfffc805d
ja short loc_fffc8025  ; ja 0xfffc8025
cmp edi, 0x800000
je short loc_fffc8045  ; je 0xfffc8045
cmp edi, 0x1000000
jne loc_fffc8257  ; jne 0xfffc8257
mov eax, 0x17
mov esi, 0x7ffc00
jmp short loc_fffc8067  ; jmp 0xfffc8067

loc_fffc8025:  ; not directly referenced
cmp edi, 0x4000000
je short loc_fffc8051  ; je 0xfffc8051
cmp edi, 0x8000000
jne loc_fffc8257  ; jne 0xfffc8257
mov eax, 0x1a
mov esi, 0x3fffc00
jmp short loc_fffc8067  ; jmp 0xfffc8067

loc_fffc8045:  ; not directly referenced
mov eax, 0x16
mov esi, 0x3ffc00
jmp short loc_fffc8067  ; jmp 0xfffc8067

loc_fffc8051:  ; not directly referenced
mov eax, 0x19
mov esi, 0x1fffc00
jmp short loc_fffc8067  ; jmp 0xfffc8067

loc_fffc805d:  ; not directly referenced
mov eax, 0x18
mov esi, 0xfffc00

loc_fffc8067:  ; not directly referenced
push edx
xor ebx, ebx
push eax
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 1
mov word [ebp - 0x116], ax
jmp short loc_fffc809a  ; jmp 0xfffc809a

loc_fffc8089:  ; not directly referenced
mov word [ebp - 0x116], 0
mov esi, 0xfffffc00
or ebx, 0xffffffff

loc_fffc809a:  ; not directly referenced
push eax
push 7
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
cmp dword [ebp - 0x150], 0
mov word [ebp - 0x114], ax
je short loc_fffc80e1  ; je 0xfffc80e1
push edi
push 0xa
push dword [ebp - 0x10c]
push dword [ebp - 0x110]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
and eax, 7
xor word [ebp - 0x114], ax

loc_fffc80e1:  ; not directly referenced
mov edi, dword [ebp - 0x10c]
mov ecx, esi
mov esi, dword [ebp - 0x110]
and edi, ebx
push ebx
and ecx, esi
push 0xa
push edi
push ecx
call dword [ebp - 0x58]  ; ucall
mov word [ebp - 0x128], ax
jmp near loc_fffc8252  ; jmp 0xfffc8252

loc_fffc8107:  ; not directly referenced
cmp dword [ebp - 0x144], 1
jne loc_fffc8262  ; jne 0xfffc8262

loc_fffc8114:  ; not directly referenced
movzx esi, word [ebp - 0x116]
xor ebx, ebx
movzx edi, word [ebp - 0x118]

loc_fffc8124:  ; not directly referenced
push ecx
push 0x3f
push dword [ebp + ebx*2 - 0xe4]
push dword [ebp + ebx*2 - 0xe8]
call dword [ebp - 0x58]  ; ucall
add esp, 0x10
test al, 1
je short loc_fffc8181  ; je 0xfffc8181
sub esp, 0xc
movzx eax, word [ebp - 0x160]
mov ecx, esi
push dword [ebp - 0x148]
mov edx, edi
push dword [ebp + ebx - 0xf8]
push eax
movzx eax, word [ebp - 0x128]
push eax
movzx eax, word [ebp - 0x114]
push eax
mov eax, dword [ebp - 0x16c]
call fcn_fffc455b  ; call 0xfffc455b
add esp, 0x20
test eax, eax
jne loc_fffc826e  ; jne 0xfffc826e

loc_fffc8181:  ; not directly referenced
add ebx, 4
cmp ebx, 0x10
jne short loc_fffc8124  ; jne 0xfffc8124
xor bl, bl

loc_fffc818b:  ; not directly referenced
push edx
mov ecx, dword [ebp - 0x12c]
push dword [ebp + ebx*8 - 0xe4]
push dword [ebp + ebx*8 - 0xe8]
mov edx, dword [ebp - 0x130]
lea eax, [ebp - 0xc4]
push 0
call fcn_fffb726f  ; call 0xfffb726f
add esp, 0x10
test eax, eax
je short loc_fffc822c  ; je 0xfffc822c
mov eax, dword [ebp + ebx*4 - 0xf8]
mov edx, eax
shr edx, 0x1d
mov esi, edx
mov edx, eax
and esi, 1
shr edx, 0xc
cmp dword [ebp - 0x140], 0
mov word [ebp - 0x158], si
jne loc_fffc82c1  ; jne 0xfffc82c1
mov edi, edx
mov edx, eax
and edi, 1
shr edx, 0xb
mov word [ebp - 0x118], di
mov esi, edx
mov edi, eax
and esi, 1
shr edi, 8
mov word [ebp - 0x116], si
mov esi, edi
and esi, 7
mov word [ebp - 0x114], si

loc_fffc8212:  ; not directly referenced
mov edi, eax
movzx eax, al
shr edi, 0xd
shl eax, 3
mov dword [ebp - 0x128], edi
mov word [ebp - 0x156], ax
jmp short loc_fffc8236  ; jmp 0xfffc8236

loc_fffc822c:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffc818b  ; jne 0xfffc818b

loc_fffc8236:  ; not directly referenced
push eax
push 3
push dword [ebp - 0x12c]
push dword [ebp - 0x130]
call dword [ebp - 0x58]  ; ucall
and eax, 7
or word [ebp - 0x156], ax

loc_fffc8252:  ; not directly referenced
add esp, 0x10
jmp short loc_fffc8262  ; jmp 0xfffc8262

loc_fffc8257:  ; not directly referenced
mov word [ebp - 0x116], 0
jmp short loc_fffc8278  ; jmp 0xfffc8278

loc_fffc8262:  ; not directly referenced
mov dword [ebp - 0x140], 1
jmp short loc_fffc8278  ; jmp 0xfffc8278

loc_fffc826e:  ; not directly referenced
mov dword [ebp - 0x140], 0

loc_fffc8278:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp - 0x128]
mov si, word [ebp - 0x156]
mov byte [eax], 0
mov edi, eax
mov al, byte [ebp - 0x158]
mov word [edi + 7], cx
mov word [edi + 5], si
mov byte [edi + 1], al
mov al, byte [ebp - 0x118]
mov byte [edi + 2], al
mov al, byte [ebp - 0x116]
mov byte [edi + 3], al
mov al, byte [ebp - 0x114]
mov byte [edi + 4], al
mov al, byte [ebp - 0x140]
jmp short loc_fffc82ec  ; jmp 0xfffc82ec

loc_fffc82c1:  ; not directly referenced
mov esi, edx
mov edi, eax
and esi, 1
shr edi, 8
mov word [ebp - 0x116], si
mov esi, edi
and esi, 0xf
mov word [ebp - 0x114], si
mov word [ebp - 0x118], 0
jmp near loc_fffc8212  ; jmp 0xfffc8212

loc_fffc82ec:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc82f4:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 8]
call fcn_fffb0e8a  ; call 0xfffb0e8a
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
call fcn_fffa6828  ; call 0xfffa6828
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
mov ecx, 0xf
mov edx, 0x4d94
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 3
jne loc_fffc849f  ; jne 0xfffc849f
mov ecx, 0xf
mov edx, 0x4d90
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 0x5030
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5030
or eax, 0x400000
mov ecx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3756], 2
jne short loc_fffc839d  ; jne 0xfffc839d
movzx ecx, byte [eax + 0x47e8]
mov edx, 0x4192
call fcn_fffae566  ; call 0xfffae566

loc_fffc839d:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
jne short loc_fffc83ba  ; jne 0xfffc83ba
movzx ecx, byte [eax + 0x5bab]
mov edx, 0x4592
call fcn_fffae566  ; call 0xfffae566

loc_fffc83ba:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xbb8
xor ebx, ebx
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 8]
lea edi, [eax + 0x3756]

loc_fffc83d2:  ; not directly referenced
cmp dword [edi], 2
je short loc_fffc83f4  ; je 0xfffc83f4

loc_fffc83d7:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne short loc_fffc83d2  ; jne 0xfffc83d2
mov eax, dword [ebp + 8]
mov edx, 0x96
xor esi, esi
call fcn_fffa834b  ; call 0xfffa834b
jmp short loc_fffc8471  ; jmp 0xfffc8471

loc_fffc83f4:  ; not directly referenced
mov dword [ebp - 0x30], 0

loc_fffc83fb:  ; not directly referenced
mov cl, byte [ebp - 0x30]
mov eax, 1
shl eax, cl
test byte [edi + 0xc4], al
jne short loc_fffc8418  ; jne 0xfffc8418

loc_fffc840d:  ; not directly referenced
inc dword [ebp - 0x30]
cmp dword [ebp - 0x30], 4
jne short loc_fffc83fb  ; jne 0xfffc83fb
jmp short loc_fffc83d7  ; jmp 0xfffc83d7

loc_fffc8418:  ; not directly referenced
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247c], 0
je short loc_fffc8451  ; je 0xfffc8451
push 0
mov ecx, eax
mov eax, dword [ebp + 8]
lea esi, [ebp - 0x24]
mov edx, ebx
push esi
push 0
push 7
mov dword [ebp - 0x24], 0x8600
call fcn_fffafb06  ; call 0xfffafb06
mov eax, dword [ebp + 8]
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b
add esp, 0x10

loc_fffc8451:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, ebx
push ecx
mov ecx, dword [ebp - 0x30]
push 1
push 0xfc
push 0x3f
call fcn_fffaa505  ; call 0xfffaa505
add esp, 0x10
mov esi, eax
test eax, eax
je short loc_fffc840d  ; je 0xfffc840d

loc_fffc8471:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247c], 0
je short loc_fffc848b  ; je 0xfffc848b
sub esp, 0xc
push eax
call fcn_fffb1d2f  ; call 0xfffb1d2f
add esp, 0x10
mov esi, eax

loc_fffc848b:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x4d94
call fcn_fffaeb7c  ; call 0xfffaeb7c
jmp near loc_fffc9120  ; jmp 0xfffc9120

loc_fffc849f:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, dword [eax + 0x1887]
mov esi, dword [eax + 0x2443]
cmp edx, 0x306d0
sete al
cmp edx, 0x40650
sete dl
or eax, edx
movzx eax, al
mov dword [ebp - 0x34], eax
mov edi, eax
mov eax, dword [ebp + 8]
mov ebx, dword [eax + 0x18c1]
push 0xf0
push 0
push 0x1f
push 0
call dword [esi + 0x4c]  ; ucall
add ebx, eax
mov dword [esp], ebx
xor ebx, ebx
call dword [esi + 0x20]  ; ucall
add esp, 0x10
mov dword [ebp - 0x30], eax
and dword [ebp - 0x30], 0xfffffffe
test edi, edi
je short loc_fffc851b  ; je 0xfffc851b
mov eax, dword [ebp - 0x30]
sub esp, 0xc
lea edi, [eax + 0x333c]
push edi
call dword [esi + 0x20]  ; ucall
mov ebx, eax
pop eax
or ebx, 0x4000000
pop edx
push ebx
push edi
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffc851b:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, 0x102
mov edx, 0x5030
mov edi, 0x102
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov ecx, 0xf
mov edx, 0x4d90
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x34], 0
je short loc_fffc8564  ; je 0xfffc8564
push eax
and ebx, 0xfbffffff
push eax
mov eax, dword [ebp - 0x30]
push ebx
add eax, 0x333c
push eax
call dword [esi + 0x30]  ; ucall
add esp, 0x10
jmp short loc_fffc8585  ; jmp 0xfffc8585

loc_fffc8564:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x5030
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5030
mov edi, eax
mov eax, dword [ebp + 8]
and edi, 0xfffffffd
mov ecx, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc8585:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0xc8
mov ecx, dword [ebp + 8]
mov eax, dword [eax + 0x18a7]
mov ecx, dword [ecx + eax*4 + 0x3735]
test ecx, ecx
je loc_fffc8636  ; je 0xfffc8636
mov eax, dword [ebp + 8]
cmp byte [eax + 0x2479], 0
jne loc_fffc8636  ; jne 0xfffc8636
mov edx, dword [eax + 0x2443]
mov dword [ebp - 0x3c], ecx
push ecx
movzx eax, byte [eax + 0x187f]
mov dword [ebp - 0x38], edx
push eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x18b0]
push eax
mov eax, dword [ebp + 8]
push dword [eax + 0x18c1]
call dword [edx + 0x88]  ; ucall
mov ecx, dword [ebp - 0x3c]
add esp, 0x10
cmp ecx, eax
je short loc_fffc861a  ; je 0xfffc861a
mov eax, dword [ebp + 8]
push ecx
mov edx, dword [ebp - 0x38]
movzx eax, byte [eax + 0x187f]
push eax
mov eax, dword [ebp + 8]
movzx eax, byte [eax + 0x18b0]
push eax
mov eax, dword [ebp + 8]
push dword [eax + 0x18c1]
call dword [edx + 0x8c]  ; ucall
add esp, 0x10

loc_fffc861a:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x18ee]
mov dword [ebp - 0x38], eax
lea edx, [eax + 0xc8]
mov eax, dword [ebp + 8]
mov byte [eax + 0x2479], 1

loc_fffc8636:  ; not directly referenced
imul edx, edx, 0xf
mov eax, dword [ebp + 8]
call fcn_fffa834b  ; call 0xfffa834b
cmp dword [ebp - 0x34], 0
je short loc_fffc8661  ; je 0xfffc8661
push eax
or ebx, 0x4000000
push eax
mov eax, dword [ebp - 0x30]
push ebx
add eax, 0x333c
push eax
call dword [esi + 0x30]  ; ucall
add esp, 0x10
jmp short loc_fffc8673  ; jmp 0xfffc8673

loc_fffc8661:  ; not directly referenced
mov eax, dword [ebp + 8]
or edi, 2
mov edx, 0x5030
mov ecx, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc8673:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 0x1d4c
or edi, 0x400000
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 8]
mov ecx, edi
mov edx, 0x5030
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 8]
cmp dword [eax + 0x3756], 2
jne short loc_fffc86bf  ; jne 0xfffc86bf
movzx ecx, byte [eax + 0x381a]
mov edx, 0x4192
call fcn_fffae566  ; call 0xfffae566

loc_fffc86bf:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [eax + 0x4b19], 2
jne short loc_fffc86dc  ; jne 0xfffc86dc
movzx ecx, byte [eax + 0x4bdd]
mov edx, 0x4592
call fcn_fffae566  ; call 0xfffae566

loc_fffc86dc:  ; not directly referenced
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 8]
cmp dword [eax + 0x2480], 2
jne loc_fffc8ce3  ; jne 0xfffc8ce3
mov edi, dword [eax + 0x36d7]
xor eax, eax
cmp edi, 0x640
jbe short loc_fffc8714  ; jbe 0xfffc8714
cmp edi, 0x961
sbb eax, eax
add eax, 2

loc_fffc8714:  ; not directly referenced
mov esi, dword [ebp + 8]
cmp al, 3
mov bl, 3
cmovbe ebx, eax
xor eax, eax
and ebx, 3
shl ebx, 9
add esi, 0x374e
mov byte [ebp - 0x30], 0
mov dword [ebp - 0x34], esi

loc_fffc8733:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x30], 1
setbe dl
test cl, dl
je loc_fffc87f6  ; je 0xfffc87f6
movzx edx, byte [ebp - 0x30]
xor eax, eax
mov ecx, dword [ebp + 8]
imul esi, edx, 0x13c3
add ecx, esi
cmp dword [ecx + 0x3756], 2
jne loc_fffc87ee  ; jne 0xfffc87ee
mov eax, dword [ebp - 0x34]
lea eax, [eax + esi + 8]
test byte [ecx + 0x381a], 1
je short loc_fffc879e  ; je 0xfffc879e
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247b], 0
jne short loc_fffc8795  ; jne 0xfffc8795
mov word [eax + 0x1271], bx
mov word [eax + 0x1289], bx

loc_fffc878f:  ; not directly referenced
mov word [ebp - 0x24], bx
jmp short loc_fffc879e  ; jmp 0xfffc879e

loc_fffc8795:  ; not directly referenced
mov bx, word [eax + 0x1271]
jmp short loc_fffc878f  ; jmp 0xfffc878f

loc_fffc879e:  ; not directly referenced
imul ecx, edx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + ecx + 0x381a], 4
je short loc_fffc87d7  ; je 0xfffc87d7
cmp byte [esi + 0x247b], 0
jne short loc_fffc87ce  ; jne 0xfffc87ce
mov word [eax + 0x1399], bx
mov word [eax + 0x13b1], bx

loc_fffc87c8:  ; not directly referenced
mov word [ebp - 0x22], bx
jmp short loc_fffc87d7  ; jmp 0xfffc87d7

loc_fffc87ce:  ; not directly referenced
mov bx, word [eax + 0x1399]
jmp short loc_fffc87c8  ; jmp 0xfffc87c8

loc_fffc87d7:  ; not directly referenced
sub esp, 0xc
mov ecx, 3
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10

loc_fffc87ee:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffc8733  ; jmp 0xfffc8733

loc_fffc87f6:  ; not directly referenced
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
mov bl, 4
movzx eax, byte [eax + 0x247d]
mov dword [ebp - 0x34], eax
cmp edi, 0x535
jbe short loc_fffc882c  ; jbe 0xfffc882c
mov bl, 5
cmp edi, 0x74b
jbe short loc_fffc882c  ; jbe 0xfffc882c
cmp edi, 0x961
sbb ebx, ebx
add ebx, 7

loc_fffc882c:  ; not directly referenced
sub ebx, 4
mov al, 3
cmp bl, 3
cmova ebx, eax
mov eax, dword [ebp + 8]
xor esi, esi
and ebx, 7
shl ebx, 0xa
or bl, 0x8d
mov byte [ebp - 0x30], 0
lea edi, [eax + 0x374e]

loc_fffc884f:  ; not directly referenced
test esi, esi
sete dl
cmp byte [ebp - 0x30], 1
setbe al
test dl, al
je loc_fffc891d  ; je 0xfffc891d
movzx edx, byte [ebp - 0x30]
xor esi, esi
mov ecx, dword [ebp + 8]
imul eax, edx, 0x13c3
add ecx, eax
cmp dword [ecx + 0x3756], 2
jne loc_fffc8915  ; jne 0xfffc8915
lea eax, [edi + eax + 8]
test byte [ecx + 0x381a], 1
je short loc_fffc88bd  ; je 0xfffc88bd
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247b], 0
je short loc_fffc88a7  ; je 0xfffc88a7

loc_fffc889a:  ; not directly referenced
mov bx, word [eax + 0x1277]

loc_fffc88a1:  ; not directly referenced
mov word [ebp - 0x24], bx
jmp short loc_fffc88bd  ; jmp 0xfffc88bd

loc_fffc88a7:  ; not directly referenced
cmp dword [ebp - 0x34], 0
jne short loc_fffc889a  ; jne 0xfffc889a
mov word [eax + 0x1277], bx
mov word [eax + 0x128f], bx
jmp short loc_fffc88a1  ; jmp 0xfffc88a1

loc_fffc88bd:  ; not directly referenced
imul ecx, edx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + ecx + 0x381a], 4
je short loc_fffc88fc  ; je 0xfffc88fc
cmp byte [esi + 0x247b], 0
je short loc_fffc88e6  ; je 0xfffc88e6

loc_fffc88d9:  ; not directly referenced
mov bx, word [eax + 0x139f]

loc_fffc88e0:  ; not directly referenced
mov word [ebp - 0x22], bx
jmp short loc_fffc88fc  ; jmp 0xfffc88fc

loc_fffc88e6:  ; not directly referenced
cmp dword [ebp - 0x34], 0
jne short loc_fffc88d9  ; jne 0xfffc88d9
mov word [eax + 0x139f], bx
mov word [eax + 0x13b7], bx
jmp short loc_fffc88e0  ; jmp 0xfffc88e0

loc_fffc88fc:  ; not directly referenced
sub esp, 0xc
mov ecx, 6
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
mov esi, eax

loc_fffc8915:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffc884f  ; jmp 0xfffc884f

loc_fffc891d:  ; not directly referenced
mov dword [ebp - 0x38], esi
test esi, esi
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
mov ebx, 0x20
mov byte [ebp - 0x30], 0
add eax, 0x374e
mov dword [ebp - 0x40], eax

loc_fffc893c:  ; not directly referenced
test esi, esi
sete dl
cmp byte [ebp - 0x30], 1
setbe al
test dl, al
je loc_fffc8a13  ; je 0xfffc8a13
movzx eax, byte [ebp - 0x30]
imul edx, eax, 0x13c3
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
add eax, edx
cmp dword [eax + 0x3756], 2
jne loc_fffc8a08  ; jne 0xfffc8a08
mov edi, dword [ebp - 0x40]
mov dword [ebp - 0x3c], eax
lea esi, [edi + edx + 0x127d]
xor edi, edi

loc_fffc897e:  ; not directly referenced
mov ecx, edi
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x3c]
test byte [ecx + 0x381a], al
je short loc_fffc89dc  ; je 0xfffc89dc
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247b], 0
je short loc_fffc89a3  ; je 0xfffc89a3
mov bx, word [esi]
jmp short loc_fffc89d7  ; jmp 0xfffc89d7

loc_fffc89a3:  ; not directly referenced
mov edx, dword [ebp - 0x34]
mov eax, dword [ebp + 8]
call fcn_fffa6c42  ; call 0xfffa6c42
test eax, eax
je loc_fffc8ec5  ; je 0xfffc8ec5
movzx ecx, byte [eax + 2]
sub esp, 0xc
mov edx, dword [ebp + 8]
lea eax, [ebp - 0x2a]
push ebx
call fcn_fffa6cab  ; call 0xfffa6cab
mov bx, word [ebp - 0x2a]
add esp, 0x10
mov word [esi], bx
mov word [esi + 0x18], bx

loc_fffc89d7:  ; not directly referenced
mov word [ebp + edi - 0x24], bx

loc_fffc89dc:  ; not directly referenced
add edi, 2
add esi, 0x128
cmp edi, 4
jne short loc_fffc897e  ; jne 0xfffc897e
sub esp, 0xc
mov edx, dword [ebp - 0x34]
mov ecx, 5
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
mov esi, eax
jmp short loc_fffc8a0b  ; jmp 0xfffc8a0b

loc_fffc8a08:  ; not directly referenced
mov esi, dword [ebp - 0x38]

loc_fffc8a0b:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffc893c  ; jmp 0xfffc893c

loc_fffc8a13:  ; not directly referenced
test esi, esi
jne loc_fffc9116  ; jne 0xfffc9116
mov edi, dword [ebp + 8]
xor ebx, ebx
xor eax, eax
mov byte [ebp - 0x30], 0
add edi, 0x374e

loc_fffc8a2c:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x30], 1
setbe dl
test cl, dl
je loc_fffc8aec  ; je 0xfffc8aec
movzx edx, byte [ebp - 0x30]
xor eax, eax
mov ecx, dword [ebp + 8]
imul esi, edx, 0x13c3
add ecx, esi
cmp dword [ecx + 0x3756], 2
jne loc_fffc8ae4  ; jne 0xfffc8ae4
lea eax, [edi + esi + 8]
test byte [ecx + 0x381a], 1
je short loc_fffc8a94  ; je 0xfffc8a94
mov esi, dword [ebp + 8]
cmp byte [esi + 0x247b], 0
jne short loc_fffc8a8b  ; jne 0xfffc8a8b
mov word [eax + 0x1273], bx
mov word [eax + 0x128b], bx

loc_fffc8a85:  ; not directly referenced
mov word [ebp - 0x24], bx
jmp short loc_fffc8a94  ; jmp 0xfffc8a94

loc_fffc8a8b:  ; not directly referenced
mov bx, word [eax + 0x1273]
jmp short loc_fffc8a85  ; jmp 0xfffc8a85

loc_fffc8a94:  ; not directly referenced
imul ecx, edx, 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + ecx + 0x381a], 4
je short loc_fffc8acd  ; je 0xfffc8acd
cmp byte [esi + 0x247b], 0
jne short loc_fffc8ac4  ; jne 0xfffc8ac4
mov word [eax + 0x139b], bx
mov word [eax + 0x13b3], bx

loc_fffc8abe:  ; not directly referenced
mov word [ebp - 0x22], bx
jmp short loc_fffc8acd  ; jmp 0xfffc8acd

loc_fffc8ac4:  ; not directly referenced
mov bx, word [eax + 0x139b]
jmp short loc_fffc8abe  ; jmp 0xfffc8abe

loc_fffc8acd:  ; not directly referenced
sub esp, 0xc
mov ecx, 4
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10

loc_fffc8ae4:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffc8a2c  ; jmp 0xfffc8a2c

loc_fffc8aec:  ; not directly referenced
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
mov byte [ebp - 0x30], 0
add eax, 0x374e
mov dword [ebp - 0x48], eax
mov eax, dword [ebp + 8]
imul eax, dword [eax + 0x18a7], 0x2e
mov dword [ebp - 0x4c], eax

loc_fffc8b12:  ; not directly referenced
test esi, esi
sete dl
cmp byte [ebp - 0x30], 1
setbe al
test dl, al
je loc_fffc8c8a  ; je 0xfffc8c8a
movzx eax, byte [ebp - 0x30]
mov edi, dword [ebp + 8]
mov dword [ebp - 0x38], eax
imul eax, eax, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne loc_fffc8c80  ; jne 0xfffc8c80
mov edi, dword [ebp - 0x48]
lea edi, [edi + eax + 8]
mov eax, dword [ebp - 0x4c]
movzx eax, word [edi + eax + 0xc]
cmp ax, 0xc
ja short loc_fffc8b5e  ; ja 0xfffc8b5e
sub eax, 9
jmp short loc_fffc8b6c  ; jmp 0xfffc8b6c

loc_fffc8b5e:  ; not directly referenced
sub eax, 0xe
mov ecx, 2
cdq
idiv ecx
or eax, 4

loc_fffc8b6c:  ; not directly referenced
and eax, 7
lea ebx, [eax*8]
imul eax, dword [ebp - 0x38], 0x13c3
add eax, dword [ebp + 8]
mov dword [ebp - 0x3c], 0
mov dword [ebp - 0x40], eax
movzx eax, byte [ebp - 0x30]
mov dword [ebp - 0x44], eax

loc_fffc8b91:  ; not directly referenced
mov esi, dword [ebp - 0x3c]
mov eax, esi
mov ecx, esi
mov byte [ebp - 0x34], al
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x40]
test byte [ecx + 0x381a], al
je loc_fffc8c54  ; je 0xfffc8c54
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247b], 0
je short loc_fffc8bd4  ; je 0xfffc8bd4
mov eax, esi
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov bx, word [edi + eax + 0x126f]
jmp short loc_fffc8c47  ; jmp 0xfffc8c47

loc_fffc8bd4:  ; not directly referenced
mov edx, dword [ebp - 0x38]
mov eax, dword [ebp + 8]
call fcn_fffa6c42  ; call 0xfffa6c42
test eax, eax
je loc_fffc8ec5  ; je 0xfffc8ec5
mov dl, byte [eax]
cmp dl, 0x78
je short loc_fffc8c08  ; je 0xfffc8c08
ja short loc_fffc8bf7  ; ja 0xfffc8bf7
mov al, 4
cmp dl, 0x50
jmp short loc_fffc8c02  ; jmp 0xfffc8c02

loc_fffc8bf7:  ; not directly referenced
mov al, 2
cmp dl, 0xf0
je short loc_fffc8c0a  ; je 0xfffc8c0a
mov al, 3
inc dl

loc_fffc8c02:  ; not directly referenced
je short loc_fffc8c0a  ; je 0xfffc8c0a
xor eax, eax
jmp short loc_fffc8c0a  ; jmp 0xfffc8c0a

loc_fffc8c08:  ; not directly referenced
mov al, 1

loc_fffc8c0a:  ; not directly referenced
shl eax, 9
and bh, 0xf1
mov edx, dword [ebp - 0x44]
or ebx, eax
mov al, byte [ebp - 0x34]
sub esp, 0xc
shr al, 1
movzx esi, al
movzx eax, bx
mov ecx, esi
imul esi, esi, 0x128
push eax
mov eax, dword [ebp + 8]
add esi, edi
call fcn_fffa8733  ; call 0xfffa8733
add esp, 0x10
mov word [esi + 0x126f], bx
mov word [esi + 0x1287], bx

loc_fffc8c47:  ; not directly referenced
mov al, byte [ebp - 0x34]
shr al, 1
movzx eax, al
mov word [ebp + eax*2 - 0x24], bx

loc_fffc8c54:  ; not directly referenced
add dword [ebp - 0x3c], 2
cmp dword [ebp - 0x3c], 4
jne loc_fffc8b91  ; jne 0xfffc8b91
sub esp, 0xc
mov edx, dword [ebp - 0x38]
mov ecx, 2
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
mov esi, eax
jmp short loc_fffc8c82  ; jmp 0xfffc8c82

loc_fffc8c80:  ; not directly referenced
xor esi, esi

loc_fffc8c82:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffc8b12  ; jmp 0xfffc8b12

loc_fffc8c8a:  ; not directly referenced
test esi, esi
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
call fcn_fffac67c  ; call 0xfffac67c
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
mov edx, 1
call fcn_fffb14e1  ; call 0xfffb14e1
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 3
call fcn_fffb1bed  ; call 0xfffb1bed
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
mov byte [eax + 0x247d], 1
jmp near loc_fffc9116  ; jmp 0xfffc9116

loc_fffc8ce3:  ; not directly referenced
mov edi, dword [ebp + 8]
xor eax, eax
mov byte [ebp - 0x30], 0
add edi, 0x374e
mov dword [ebp - 0x4c], edi
mov edi, dword [ebp + 8]
imul edi, dword [edi + 0x18a7], 0x2e
mov dword [ebp - 0x50], edi

loc_fffc8d02:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x30], 1
setbe dl
test cl, dl
je loc_fffc8eb2  ; je 0xfffc8eb2
movzx eax, byte [ebp - 0x30]
imul edx, eax, 0x13c3
mov dword [ebp - 0x34], eax
mov eax, dword [ebp + 8]
add eax, edx
cmp dword [eax + 0x3756], 2
jne loc_fffc8ea8  ; jne 0xfffc8ea8
mov edi, dword [ebp - 0x4c]
mov dword [ebp - 0x44], eax
mov eax, dword [ebp - 0x34]
lea esi, [edi + edx + 8]
mov edi, dword [ebp - 0x50]
mov dword [ebp - 0x48], eax
mov di, word [esi + edi + 0xc]
mov word [ebp - 0x38], di
mov edi, dword [ebp - 0x38]
mov dword [ebp - 0x38], 0
lea ebx, [edi - 5]
and ebx, 7
shl ebx, 3

loc_fffc8d64:  ; not directly referenced
mov edi, dword [ebp - 0x38]
mov eax, edi
mov ecx, edi
mov edi, dword [ebp - 0x44]
mov byte [ebp - 0x3c], al
mov eax, 1
shl eax, cl
test byte [edi + 0x381a], al
je loc_fffc8e7e  ; je 0xfffc8e7e
mov eax, dword [ebp + 8]
cmp byte [eax + 0x247b], 0
je short loc_fffc8daa  ; je 0xfffc8daa
mov al, cl
shr al, 1
movzx eax, al
imul eax, eax, 0x128
mov bx, word [esi + eax + 0x126f]
jmp near loc_fffc8e71  ; jmp 0xfffc8e71

loc_fffc8daa:  ; not directly referenced
mov al, byte [ebp - 0x3c]
shr al, 1
movzx edi, al
mov byte [ebp - 0x40], al
imul eax, edi, 0x128
cmp byte [esi + eax + 0x1243], 1
jne short loc_fffc8de3  ; jne 0xfffc8de3
mov eax, dword [ebp + 8]
cmp byte [eax + 0x190d], 0
je short loc_fffc8df8  ; je 0xfffc8df8
cmp dword [eax + 0x36cb], 1
jne short loc_fffc8df8  ; jne 0xfffc8df8
cmp byte [eax + 0x247f], 1
je short loc_fffc8df8  ; je 0xfffc8df8

loc_fffc8de3:  ; not directly referenced
imul eax, edi, 0x128
cmp byte [esi + eax + 0x1242], 1
sete al
xor edx, edx
jmp short loc_fffc8dfc  ; jmp 0xfffc8dfc

loc_fffc8df8:  ; not directly referenced
xor eax, eax
mov dl, 1

loc_fffc8dfc:  ; not directly referenced
and edx, 1
and bl, 0x3f
shl edx, 6
and eax, 1
shl eax, 7
or ebx, edx
mov edx, dword [ebp - 0x34]
or ebx, eax
mov eax, dword [ebp + 8]
mov ecx, edi
call fcn_fffa69ea  ; call 0xfffa69ea
test eax, eax
je loc_fffc8ec5  ; je 0xfffc8ec5
movzx eax, byte [eax]
xor edx, edx
cmp al, 0x78
ja short loc_fffc8e37  ; ja 0xfffc8e37
mov cl, 0x3c
div cl
test ah, 0x3f
cmove edx, eax

loc_fffc8e37:  ; not directly referenced
and edx, 3
and bh, 0xf9
movzx ecx, byte [ebp - 0x40]
shl edx, 9
sub esp, 0xc
or ebx, edx
mov edx, dword [ebp - 0x48]
movzx eax, bx
imul edi, edi, 0x128
push eax
mov eax, dword [ebp + 8]
add edi, esi
call fcn_fffa8733  ; call 0xfffa8733
add esp, 0x10
mov word [edi + 0x126f], bx
mov word [edi + 0x1287], bx

loc_fffc8e71:  ; not directly referenced
mov al, byte [ebp - 0x3c]
shr al, 1
movzx eax, al
mov word [ebp + eax*2 - 0x24], bx

loc_fffc8e7e:  ; not directly referenced
add dword [ebp - 0x38], 2
cmp dword [ebp - 0x38], 4
jne loc_fffc8d64  ; jne 0xfffc8d64
sub esp, 0xc
mov edx, dword [ebp - 0x34]
mov ecx, 2
lea eax, [ebp - 0x24]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
jmp short loc_fffc8eaa  ; jmp 0xfffc8eaa

loc_fffc8ea8:  ; not directly referenced
xor eax, eax

loc_fffc8eaa:  ; not directly referenced
inc byte [ebp - 0x30]
jmp near loc_fffc8d02  ; jmp 0xfffc8d02

loc_fffc8eb2:  ; not directly referenced
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
xor eax, eax
xor ebx, ebx
lea edi, [ebp - 0x24]
jmp short loc_fffc8f07  ; jmp 0xfffc8f07

loc_fffc8ec5:  ; not directly referenced
mov esi, 1
jmp near loc_fffc9116  ; jmp 0xfffc9116

loc_fffc8ecf:  ; not directly referenced
movzx edx, bl
mov esi, dword [ebp + 8]
xor eax, eax
imul ecx, edx, 0x13c3
cmp dword [esi + ecx + 0x3756], 2
jne short loc_fffc8f06  ; jne 0xfffc8f06
sub esp, 0xc
mov ecx, 3
push edi
mov eax, esi
mov word [ebp - 0x24], 0
mov word [ebp - 0x22], 0
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10

loc_fffc8f06:  ; not directly referenced
inc ebx

loc_fffc8f07:  ; not directly referenced
test eax, eax
sete cl
cmp bl, 1
setbe dl
test cl, dl
jne short loc_fffc8ecf  ; jne 0xfffc8ecf
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
call fcn_fffb1a87  ; call 0xfffb1a87
mov esi, eax
test eax, eax
jne loc_fffc9116  ; jne 0xfffc9116
lea edi, [ebp - 0x24]
mov esi, ref_fffd5abc  ; mov esi, 0xfffd5abc
mov ecx, 3
mov ebx, 0x100
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [ebp + 8]
xor eax, eax
mov byte [ebp - 0x34], 0
add edi, 0x374e
mov dword [ebp - 0x3c], edi
mov edi, dword [ebp + 8]
imul edi, dword [edi + 0x18a7], 0x2e
mov dword [ebp - 0x40], edi

loc_fffc8f65:  ; not directly referenced
test eax, eax
sete cl
cmp byte [ebp - 0x34], 1
setbe dl
test cl, dl
je loc_fffc90e3  ; je 0xfffc90e3
movzx eax, byte [ebp - 0x34]
mov edi, dword [ebp + 8]
mov dword [ebp - 0x38], eax
imul eax, eax, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne loc_fffc90d9  ; jne 0xfffc90d9
mov edi, dword [ebp - 0x3c]
lea edi, [edi + eax + 8]
mov eax, dword [ebp - 0x40]
add eax, edi
mov cx, word [eax + 0xa]
movzx eax, word [eax + 0x2a]
mov word [ebp - 0x30], cx
cmp ax, 4
jbe loc_fffc90eb  ; jbe 0xfffc90eb
cmp ax, 0xa
setne cl
cmp ax, 8
seta dl
test cl, dl
je short loc_fffc8fe0  ; je 0xfffc8fe0
mov edx, eax
and edx, 0xfffffffd
cmp dx, 0xc
je short loc_fffc8fe0  ; je 0xfffc8fe0
cmp ax, 0x10
jne loc_fffc90eb  ; jne 0xfffc90eb

loc_fffc8fe0:  ; not directly referenced
mov esi, dword [ebp - 0x30]
movzx eax, byte [ebp + eax - 0x29]
cmp si, 0xc
sbb ecx, ecx
and ebx, 0xffffff8b
mov esi, ebx
mov bl, byte [ebp - 0x30]
mov edx, ecx
and edx, 0xfffffff8
and eax, 7
add edx, 0xc
lea ecx, [ecx*4 + 4]
sub ebx, edx
and ecx, 4
mov dl, bl
or esi, ecx
and edx, 7
shl edx, 4
or esi, edx
shl eax, 9
and si, 0xf1ff
or esi, eax
mov eax, dword [ebp + 8]
mov ebx, esi
mov al, byte [eax + 0x1906]
cmp al, 6
setne cl
cmp al, 1
seta dl
and bh, 0xef
test cl, dl
jne short loc_fffc904c  ; jne 0xfffc904c
cmp al, 1
setbe al
and eax, 1
shl eax, 0xc
or ebx, eax

loc_fffc904c:  ; not directly referenced
imul eax, dword [ebp - 0x38], 0x13c3
mov esi, dword [ebp + 8]
test byte [esi + eax + 0x381a], 1
je short loc_fffc9086  ; je 0xfffc9086
cmp byte [esi + 0x247b], 0
jne short loc_fffc907d  ; jne 0xfffc907d
mov word [edi + 0x126b], bx
mov word [edi + 0x1283], bx

loc_fffc9077:  ; not directly referenced
mov word [ebp - 0x28], bx
jmp short loc_fffc9086  ; jmp 0xfffc9086

loc_fffc907d:  ; not directly referenced
mov bx, word [edi + 0x126b]
jmp short loc_fffc9077  ; jmp 0xfffc9077

loc_fffc9086:  ; not directly referenced
imul eax, dword [ebp - 0x38], 0x13c3
mov ecx, dword [ebp + 8]
test byte [ecx + eax + 0x381a], 4
je short loc_fffc90c0  ; je 0xfffc90c0
cmp byte [ecx + 0x247b], 0
jne short loc_fffc90b7  ; jne 0xfffc90b7
mov word [edi + 0x1393], bx
mov word [edi + 0x13ab], bx

loc_fffc90b1:  ; not directly referenced
mov word [ebp - 0x26], bx
jmp short loc_fffc90c0  ; jmp 0xfffc90c0

loc_fffc90b7:  ; not directly referenced
mov bx, word [edi + 0x1393]
jmp short loc_fffc90b1  ; jmp 0xfffc90b1

loc_fffc90c0:  ; not directly referenced
sub esp, 0xc
mov edx, dword [ebp - 0x38]
xor ecx, ecx
lea eax, [ebp - 0x28]
push eax
mov eax, dword [ebp + 8]
call fcn_fffb14b3  ; call 0xfffb14b3
add esp, 0x10
jmp short loc_fffc90db  ; jmp 0xfffc90db

loc_fffc90d9:  ; not directly referenced
xor eax, eax

loc_fffc90db:  ; not directly referenced
inc byte [ebp - 0x34]
jmp near loc_fffc8f65  ; jmp 0xfffc8f65

loc_fffc90e3:  ; not directly referenced
mov esi, eax
test eax, eax
jne short loc_fffc9116  ; jne 0xfffc9116
jmp short loc_fffc90f2  ; jmp 0xfffc90f2

loc_fffc90eb:  ; not directly referenced
mov esi, 0xd
jmp short loc_fffc9116  ; jmp 0xfffc9116

loc_fffc90f2:  ; not directly referenced
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 3
call fcn_fffb1bed  ; call 0xfffb1bed
mov esi, eax
test eax, eax
jne short loc_fffc9116  ; jne 0xfffc9116
mov eax, dword [ebp + 8]
xor ecx, ecx
mov edx, 0x4d94
call fcn_fffae58c  ; call 0xfffae58c

loc_fffc9116:  ; not directly referenced
mov eax, dword [ebp + 8]
mov byte [eax + 0x247b], 1

loc_fffc9120:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc912a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, edx
push ebx
sub esp, 0x50
mov eax, dword [ebp + 8]
push 1
push 7
mov dword [ebp - 0x48], eax
mov eax, dword [edi + 0x2443]
mov byte [ebp - 0x49], dl
lea edx, [ebp - 0x27]
push edx
mov byte [ebp - 0x4b], cl
call dword [eax + 0x5c]  ; ucall
mov ecx, esi
add esp, 0x10
movzx esi, cl
xor eax, eax
lea edx, [edi + 0x3756]
mov dword [ebp - 0x40], esi

loc_fffc9167:  ; not directly referenced
mov esi, dword [ebp - 0x40]
bt esi, eax
jae loc_fffc9234  ; jae 0xfffc9234
mov esi, dword [edx + 0x109]
mov ecx, dword [edx + 0x111]
mov dword [ebp + eax*4 - 0x20], 0
mov dword [ebp - 0x3c], esi
mov ebx, esi
mov esi, dword [edx + 0x11d]
cmp byte [edx + 0x11d], bl
mov bl, byte [ebp - 0x3c]
cmovg esi, ebx
mov ebx, esi
cmp bl, cl
cmovg esi, ecx
mov ebx, esi
cmp bl, byte [edx + 0x115]
mov bl, byte [edx + 0x115]
cmovg esi, ebx
mov ebx, esi
mov esi, dword [edx + 0x11d]
mov byte [ebp + eax - 0x2f], bl
mov bl, byte [ebp - 0x3c]
cmp byte [edx + 0x11d], bl
cmovge ebx, esi
mov esi, dword [edx + 0x115]
cmp bl, cl
cmovl ebx, ecx
mov cl, byte [edx + 0xc4]
cmp bl, byte [edx + 0x115]
cmovl ebx, esi
mov byte [ebp - 0x44], cl
xor ecx, ecx
mov byte [ebp + eax - 0x2d], bl

loc_fffc91f1:  ; not directly referenced
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x44], bl
je short loc_fffc922c  ; je 0xfffc922c
mov bl, byte [edx + ecx + 0x245]
movzx esi, byte [ebp + eax - 0x2f]
cmp bl, byte [ebp + eax - 0x2f]
mov byte [ebp - 0x3c], bl
cmovle esi, ebx
mov ebx, esi
movzx esi, byte [ebp + eax - 0x2d]
mov byte [ebp + eax - 0x2f], bl
mov bl, byte [ebp - 0x3c]
cmp bl, byte [ebp + eax - 0x2d]
cmovl ebx, esi
mov byte [ebp + eax - 0x2d], bl

loc_fffc922c:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffc91f1  ; jne 0xfffc91f1
jmp short loc_fffc9246  ; jmp 0xfffc9246

loc_fffc9234:  ; not directly referenced
mov dword [ebp + eax*4 - 0x20], 1
mov byte [ebp + eax - 0x2f], 0
mov byte [ebp + eax - 0x2d], 0x7f

loc_fffc9246:  ; not directly referenced
inc eax
add edx, 0x13c3
cmp eax, 2
jne loc_fffc9167  ; jne 0xfffc9167
cmp byte [ebp - 0x48], 0
je short loc_fffc9281  ; je 0xfffc9281
mov dl, byte [ebp - 0x2d]
mov al, 0x5f
cmp byte [ebp - 0x2d], 0x5f
mov dword [ebp - 0x3c], 1
cmovl edx, eax
mov byte [ebp - 0x2b], dl
mov dl, byte [ebp - 0x2c]
cmp byte [ebp - 0x2c], 0x5f
cmovge eax, edx
mov byte [ebp - 0x2a], al
jmp short loc_fffc92a4  ; jmp 0xfffc92a4

loc_fffc9281:  ; not directly referenced
mov dl, byte [ebp - 0x2f]
mov al, 0x20
cmp byte [ebp - 0x2f], 0x20
mov dword [ebp - 0x3c], 0xffffffff
cmovg edx, eax
mov byte [ebp - 0x2b], dl
mov dl, byte [ebp - 0x2e]
cmp byte [ebp - 0x2e], 0x20
cmovle eax, edx
mov byte [ebp - 0x2a], al

loc_fffc92a4:  ; not directly referenced
mov al, byte [ebp - 0x2b]
mov dword [ebp - 0x44], 0
mov byte [ebp - 0x29], al
mov al, byte [ebp - 0x2a]
mov byte [ebp - 0x28], al
mov eax, dword [ebp - 0x40]
sar eax, 1
mov dword [ebp - 0x48], eax
mov al, byte [ebp - 0x49]
and dword [ebp - 0x48], 1
and eax, 1
mov byte [ebp - 0x4c], al

loc_fffc92cc:  ; not directly referenced
mov eax, dword [ebp - 0x3c]
xor ebx, ebx
add dword [ebp - 0x44], eax

loc_fffc92d4:  ; not directly referenced
mov eax, dword [ebp - 0x40]
bt eax, ebx
jae short loc_fffc930b  ; jae 0xfffc930b
mov al, byte [ebp - 0x3c]
mov edx, ebx
add byte [ebp + ebx - 0x2b], al
imul eax, ebx, 0x13c3
mov cl, byte [ebp - 0x4b]
and cl, byte [edi + eax + 0x381a]
mov eax, edi
push 0
push 0
push dword [ebp - 0x44]
movzx ecx, cl
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffc930b:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffc92d4  ; jne 0xfffc92d4
sub esp, 0xc
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0xc
movzx ecx, byte [edi + 0x248b]
mov edx, dword [ebp - 0x40]
lea eax, [ebp - 0x27]
push 0
push 1
push eax
mov eax, edi
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10
xor ecx, ecx
mov byte [ebp - 0x4a], al

loc_fffc933e:  ; not directly referenced
mov eax, 1
shl eax, cl
test byte [ebp - 0x49], al
je short loc_fffc93c0  ; je 0xfffc93c0
cmp dword [ebp + ecx*4 - 0x20], 0
jne short loc_fffc93c0  ; jne 0xfffc93c0
test byte [ebp - 0x4a], al
je short loc_fffc9389  ; je 0xfffc9389
mov bl, byte [ebp + ecx - 0x2b]
mov dl, byte [ebp + ecx - 0x29]
mov dword [ebp + ecx*4 - 0x20], 1
movsx eax, bl
sub eax, dword [ebp - 0x3c]
movsx esi, dl
cmp eax, esi
jns short loc_fffc937c  ; jns 0xfffc937c
mov al, byte [ebp - 0x3c]
add eax, edx
sub eax, ebx
jmp short loc_fffc9383  ; jmp 0xfffc9383

loc_fffc937c:  ; not directly referenced
mov al, bl
sub eax, dword [ebp - 0x3c]
sub eax, edx

loc_fffc9383:  ; not directly referenced
mov esi, dword [ebp + 0xc]
mov byte [esi + ecx], al

loc_fffc9389:  ; not directly referenced
mov al, byte [ebp + ecx - 0x2b]
cmp al, 0x7f
sete bl
test al, al
sete dl
or bl, dl
je short loc_fffc93c0  ; je 0xfffc93c0
mov bl, byte [ebp + ecx - 0x29]
movsx edx, al
movsx esi, byte [ebp + ecx - 0x29]
mov dword [ebp + ecx*4 - 0x20], 1
sub ebx, eax
sub al, byte [ebp + ecx - 0x29]
cmp edx, esi
cmovns ebx, eax
mov eax, dword [ebp + 0xc]
mov byte [eax + ecx], bl

loc_fffc93c0:  ; not directly referenced
inc ecx
cmp ecx, 2
jne loc_fffc933e  ; jne 0xfffc933e
cmp byte [ebp - 0x4c], 0
mov al, 1
je short loc_fffc93d9  ; je 0xfffc93d9
cmp dword [ebp - 0x20], 0
setne al

loc_fffc93d9:  ; not directly referenced
cmp dword [ebp - 0x48], 0
je short loc_fffc93e9  ; je 0xfffc93e9
cmp dword [ebp - 0x1c], 0
je loc_fffc92cc  ; je 0xfffc92cc

loc_fffc93e9:  ; not directly referenced
test al, al
je loc_fffc92cc  ; je 0xfffc92cc
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc93f9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x30
mov edi, dword [ebx + 0x2443]
movzx eax, cl
push 0
push 4
lea esi, [ebp - 0x1a]
push esi
mov byte [ebp - 0x31], dl
mov byte [ebp - 0x30], cl
mov dword [ebp - 0x2c], eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x1c]
push eax
call dword [edi + 0x5c]  ; ucall
mov ecx, dword [ebp - 0x2c]
xor edx, edx
mov eax, ebx
call fcn_fffaac43  ; call 0xfffaac43
mov ecx, dword [ebp - 0x2c]
mov edx, 1
mov edi, eax
mov eax, ebx
call fcn_fffaac43  ; call 0xfffaac43
pop ecx
mov ecx, dword [ebp - 0x2c]
or eax, edi
movzx edi, al
pop eax
mov edx, edi
mov eax, ebx
push esi
xor esi, esi
push 0
call fcn_fffc912a  ; call 0xfffc912a
add esp, 0x10

loc_fffc9467:  ; not directly referenced
bt edi, esi
jae short loc_fffc9493  ; jae 0xfffc9493
imul eax, esi, 0x13c3
mov cl, byte [ebp - 0x30]
mov edx, esi
and cl, byte [ebx + eax + 0x381a]
mov eax, ebx
push 0
push 0
push 0
movzx ecx, cl
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffc9493:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffc9467  ; jne 0xfffc9467
sub esp, 0xc
xor si, si
push ebx
call fcn_fffc82f4  ; call 0xfffc82f4
mov ecx, dword [ebp - 0x2c]
pop eax
pop edx
mov edx, edi
lea eax, [ebp - 0x1c]
push eax
mov eax, ebx
push 1
call fcn_fffc912a  ; call 0xfffc912a
add esp, 0x10

loc_fffc94bc:  ; not directly referenced
bt edi, esi
jae short loc_fffc94e8  ; jae 0xfffc94e8
imul eax, esi, 0x13c3
mov cl, byte [ebp - 0x30]
mov edx, esi
and cl, byte [ebx + eax + 0x381a]
mov eax, ebx
push 0
push 0
push 0
movzx ecx, cl
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffc94e8:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffc94bc  ; jne 0xfffc94bc
sub esp, 0xc
xor edi, edi
push ebx
call fcn_fffc82f4  ; call 0xfffc82f4
movzx eax, byte [ebp - 0x31]
lea esi, [ebx + 0x3218]
add esp, 0x10
mov dword [ebp - 0x30], eax

loc_fffc9509:  ; not directly referenced
mov eax, dword [ebp - 0x30]
bt eax, edi
jb short loc_fffc9522  ; jb 0xfffc9522

loc_fffc9511:  ; not directly referenced
inc edi
add esi, 0x48
cmp edi, 2
jne short loc_fffc9509  ; jne 0xfffc9509
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffc9522:  ; not directly referenced
push 0
mov ecx, dword [ebp - 0x2c]
mov edx, edi
push 0
mov eax, ebx
push 0
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
movzx edx, byte [ebp + edi - 0x1c]
add esp, 0x10
movzx eax, byte [ebp + edi - 0x1a]
imul edx, edx, 0xa
imul eax, eax, 0xa
mov dword [esi], edx
mov dword [esi + 4], eax
mov dword [esi + 0x90], edx
mov dword [esi + 0x94], eax
mov dword [esi + 0x120], edx
mov dword [esi + 0x124], eax
mov dword [esi + 0x1b0], edx
mov dword [esi + 0x1b4], eax
jmp short loc_fffc9511  ; jmp 0xfffc9511

fcn_fffc9574:  ; not directly referenced
push ebp
mov eax, 0x80000002
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x1c
mov ebx, dword [ebp + 0x20]
mov ecx, dword [ebp + 0x10]
mov esi, dword [ebp + 0x14]
mov edi, dword [ebp + 0x18]
test ebx, ebx
je loc_fffc964a  ; je 0xfffc964a
cmp ecx, 0xb
ja loc_fffc964a  ; ja 0xfffc964a
push eax
mov edx, ecx
push dword [ebp + 0x1c]
mov eax, 1
mov dword [ebp - 0x1c], ecx
push edi
push esi
call fcn_fffac5c7  ; call 0xfffac5c7
add esp, 0x10
mov ecx, dword [ebp - 0x1c]
test eax, eax
js loc_fffc964a  ; js 0xfffc964a
mov al, byte [ecx + ref_fffd5ac8]  ; mov al, byte [ecx - 0x2a538]
mov dword [ebp - 0x24], 0
mov byte [ebp - 0x1e], al
mov eax, ecx
and eax, 3
mov dword [ebp - 0x1c], eax
movzx eax, byte [eax + ref_fffd5ad4]  ; movzx eax, byte [eax - 0x2a52c]
dec eax
test ebx, eax
movzx eax, byte [ecx + ref_fffd5ad4]  ; movzx eax, byte [ecx - 0x2a52c]
sete byte [ebp - 0x1d]
mov dword [ebp - 0x28], eax

loc_fffc95f2:  ; not directly referenced
cmp dword [ebp + 0x1c], 0
je short loc_fffc9648  ; je 0xfffc9648
cmp dword [ebp - 0x1c], 0
jne short loc_fffc9604  ; jne 0xfffc9604
mov dl, byte [ebx]
mov byte [esi], dl
jmp short loc_fffc9637  ; jmp 0xfffc9637

loc_fffc9604:  ; not directly referenced
cmp dword [ebp - 0x1c], 1
jne short loc_fffc9618  ; jne 0xfffc9618
movzx eax, word [ebx]
push edx
push edx
push eax
push esi
call fcn_fffb3d20  ; call 0xfffb3d20
jmp short loc_fffc9628  ; jmp 0xfffc9628

loc_fffc9618:  ; not directly referenced
cmp dword [ebp - 0x1c], 2
jne short loc_fffc962d  ; jne 0xfffc962d
push eax
push eax
push dword [ebx]
push esi
call fcn_fffb3d84  ; call 0xfffb3d84

loc_fffc9628:  ; not directly referenced
add esp, 0x10
jmp short loc_fffc9637  ; jmp 0xfffc9637

loc_fffc962d:  ; not directly referenced
mov eax, dword [ebx]
mov edx, dword [ebx + 4]
mov dword [esi], eax
mov dword [esi + 4], edx

loc_fffc9637:  ; not directly referenced
movzx eax, byte [ebp - 0x1e]
add esi, dword [ebp - 0x28]
adc edi, dword [ebp - 0x24]
dec dword [ebp + 0x1c]
add ebx, eax
jmp short loc_fffc95f2  ; jmp 0xfffc95f2

loc_fffc9648:  ; not directly referenced
xor eax, eax

loc_fffc964a:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffc9652:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x2cc
mov edi, dword [ebp + 8]
mov dword [ebp - 0x264], 1
mov eax, dword [edi + 0x5edc]
mov edx, dword [edi + 0x2480]
mov dword [ebp - 0x260], eax
mov eax, dword [edi + 0x2443]
cmp edx, 3
mov dword [ebp - 0x2a8], eax
sete al
movzx ebx, al
mov dword [ebp - 0x28c], ebx
mov ebx, dword [edi + 0x1887]
mov esi, ebx
mov dword [ebp - 0x2b0], ebx
mov ebx, dword [edi + 0x1883]
mov ecx, ebx
mov dword [ebp - 0x290], ebx
mov ebx, dword [edi + 0x188b]
mov dword [ebp - 0x294], ebx
xor ebx, ebx
cmp edx, 2
sete bl
cmp esi, 0x306d0
mov dword [ebp - 0x2b4], ebx
sete bl
cmp ecx, 3
setbe dl
mov byte [ebp - 0x27b], bl
test bl, dl
jne short loc_fffc9703  ; jne 0xfffc9703
test ecx, ecx
sete dl
xor ebx, ebx
cmp esi, 0x40670
sete bl
mov dword [ebp - 0x264], ebx
and dword [ebp - 0x264], edx

loc_fffc9703:  ; not directly referenced
and al, byte [ebp - 0x27b]
cmp dword [ebp - 0x294], 1
movzx eax, al
mov dword [ebp - 0x2b8], eax
mov eax, dword [ebp - 0x260]
movzx eax, byte [eax + 0x1c5]
mov dword [ebp - 0x298], eax
movzx eax, byte [edi + 0x1965]
mov dword [ebp - 0x288], eax
jne short loc_fffc9780  ; jne 0xfffc9780
cmp dword [ebp - 0x290], 4
mov byte [ebp - 0x27a], 0x10
mov byte [ebp - 0x280], 0xf0
setbe al
test byte [ebp - 0x27b], al
mov byte [ebp - 0x279], 4
je short loc_fffc9795  ; je 0xfffc9795
cmp dword [edi + 0x36d7], 0x640
mov eax, 0
cmovbe eax, dword [ebp - 0x288]
mov dword [ebp - 0x288], eax
jmp short loc_fffc9795  ; jmp 0xfffc9795

loc_fffc9780:  ; not directly referenced
mov byte [ebp - 0x27a], 8
mov byte [ebp - 0x280], 0xf8
mov byte [ebp - 0x279], 1

loc_fffc9795:  ; not directly referenced
mov eax, dword [ebp - 0x260]
xor esi, esi
add eax, 0x1c
mov dword [ebp - 0x2a0], eax
mov dword [ebp - 0x268], eax

loc_fffc97ac:  ; not directly referenced
imul eax, esi, 0x13c3
cmp dword [edi + eax + 0x3756], 2
je short loc_fffc97ce  ; je 0xfffc97ce

loc_fffc97bc:  ; not directly referenced
inc esi
add dword [ebp - 0x268], 0xcc
cmp esi, 2
jne short loc_fffc97ac  ; jne 0xfffc97ac
jmp short loc_fffc9837  ; jmp 0xfffc9837

loc_fffc97ce:  ; not directly referenced
mov byte [ebp - 0x25c], 0

loc_fffc97d5:  ; not directly referenced
mov al, byte [ebp - 0x25c]
cmp al, byte [edi + 0x2488]
jae short loc_fffc97bc  ; jae 0xfffc97bc
movzx ecx, byte [ebp - 0x25c]
mov eax, dword [ebp - 0x268]
mov edx, dword [ebp - 0x298]
mov ebx, dword [eax + ecx*4 + 0x28]
or ebx, 0x60
mov eax, ebx
and eax, 0xffbfffff
test edx, edx
mov edx, dword [ebp - 0x2b4]
cmovne ebx, eax
mov eax, ebx
and eax, 0xffdfffff
test edx, edx
mov edx, esi
cmovne ebx, eax
mov eax, edi
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0x25c]
jmp short loc_fffc97d5  ; jmp 0xfffc97d5

loc_fffc9837:  ; not directly referenced
cmp dword [ebp - 0x298], 0
je short loc_fffc9894  ; je 0xfffc9894
mov edx, 0x3a28
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3a28
mov dword [ebp - 0x2ac], eax
mov eax, edi
and dword [ebp - 0x2ac], 0xfffffffd
mov ecx, dword [ebp - 0x2ac]
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x5f08
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x96
mov eax, edi
call fcn_fffa834b  ; call 0xfffa834b

loc_fffc9894:  ; not directly referenced
movzx eax, byte [ebp - 0x280]
mov dword [ebp - 0x278], 1
mov dword [ebp - 0x26c], 0
mov dword [ebp - 0x2c8], eax

loc_fffc98b5:  ; not directly referenced
mov ebx, dword [ebp - 0x278]
mov byte [ebp - 0x270], bl
test bl, bl
je short loc_fffc98db  ; je 0xfffc98db
cmp dword [ebp - 0x294], 0
sete al
or al, byte [ebp - 0x264]
jne loc_fffca060  ; jne 0xfffca060

loc_fffc98db:  ; not directly referenced
mov esi, dword [ebp - 0x2a8]
push eax
push 0
push 0x24
lea eax, [ebp - 0x1c8]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x24
lea eax, [ebp - 0x1ec]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push dword [ebp - 0x2c8]
lea eax, [ebp - 0x234]
push 0x12
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 0x12
lea eax, [ebp - 0x210]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x12
lea eax, [ebp - 0x222]
push eax
mov eax, esi
call dword [eax + 0x5c]  ; ucall
lea eax, [edi + 0x3756]
add esp, 0x10
mov dword [ebp - 0x274], eax
mov esi, eax
mov dword [ebp - 0x268], 0

loc_fffc9960:  ; not directly referenced
cmp dword [esi], 2
je short loc_fffc999c  ; je 0xfffc999c

loc_fffc9965:  ; not directly referenced
inc dword [ebp - 0x268]
add esi, 0x13c3
cmp dword [ebp - 0x268], 2
jne short loc_fffc9960  ; jne 0xfffc9960
mov al, byte [ebp - 0x280]
mov byte [ebp - 0x29c], 0
mov byte [ebp - 0x25c], al
imul eax, dword [ebp - 0x278], 0x12
mov dword [ebp - 0x2c0], eax
jmp short loc_fffc9a0c  ; jmp 0xfffc9a0c

loc_fffc999c:  ; not directly referenced
xor ebx, ebx

loc_fffc999e:  ; not directly referenced
cmp bl, byte [edi + 0x2488]
jae short loc_fffc9965  ; jae 0xfffc9965
movzx eax, bl
mov dword [ebp - 0x26c], eax
mov byte [esi + eax + 0x101d], 0
mov dword [ebp - 0x25c], 0

loc_fffc99c1:  ; not directly referenced
mov cl, byte [ebp - 0x25c]
mov eax, 1
shl eax, cl
test byte [esi + 0xc4], al
je short loc_fffc99fa  ; je 0xfffc99fa
push eax
mov ecx, dword [ebp - 0x25c]
mov eax, edi
push 0
mov edx, dword [ebp - 0x268]
push 0xff
push dword [ebp - 0x26c]
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffc99fa:  ; not directly referenced
inc dword [ebp - 0x25c]
cmp dword [ebp - 0x25c], 4
jne short loc_fffc99c1  ; jne 0xfffc99c1
inc ebx
jmp short loc_fffc999e  ; jmp 0xfffc999e

loc_fffc9a0c:  ; not directly referenced
cmp byte [ebp - 0x270], 0
jne short loc_fffc9a42  ; jne 0xfffc9a42
push 0
movsx eax, byte [ebp - 0x25c]
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push eax
push 4
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
mov dword [ebp - 0x26c], eax
jmp short loc_fffc9a96  ; jmp 0xfffc9a96

loc_fffc9a42:  ; not directly referenced
push 0
mov bl, byte [ebp - 0x25c]
push 0
push 0
push 0
push 0
and ebx, 1
push 0
movzx eax, bl
push 0
push 1
push 0
push eax
push 4
push edi
call fcn_fffcc900  ; call 0xfffcc900
mov esi, dword [ebp - 0x25c]
mov dl, 2
add esp, 0x30
mov dword [ebp - 0x26c], eax
mov eax, esi
cbw
idiv dl
mov edx, esi
shr dl, 7
mov byte [ebp - 0x29c], al
test bl, dl
je short loc_fffc9a96  ; je 0xfffc9a96
dec eax
mov byte [ebp - 0x29c], al

loc_fffc9a96:  ; not directly referenced
mov eax, edi
or edx, 0xffffffff
call fcn_fffaa226  ; call 0xfffaa226
mov eax, dword [ebp - 0x274]
mov dword [ebp - 0x268], 0
mov dword [ebp - 0x284], eax

loc_fffc9ab6:  ; not directly referenced
mov eax, dword [ebp - 0x284]
cmp dword [eax], 2
jne loc_fffc9c1d  ; jne 0xfffc9c1d
cmp byte [ebp - 0x270], 1
je short loc_fffc9b2c  ; je 0xfffc9b2c

loc_fffc9ace:  ; not directly referenced
mov esi, dword [ebp - 0x268]
mov ecx, 0xff
mov ebx, dword [ebp - 0x260]
imul eax, esi, 0xcc
mov edx, esi
mov ebx, dword [ebx + eax + 0x1c]
mov eax, edi
call fcn_fffa7288  ; call 0xfffa7288
and ebx, 0xfe0ffff7
or ebx, 0x1100008
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, edi
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b
lea eax, [esi + esi*8]
lea esi, [ebp - 0x18]
add eax, esi
mov byte [ebp - 0x2a4], 0
mov dword [ebp - 0x2bc], eax
jmp short loc_fffc9b9d  ; jmp 0xfffc9b9d

loc_fffc9b2c:  ; not directly referenced
mov byte [ebp - 0x2a4], 0

loc_fffc9b33:  ; not directly referenced
mov al, byte [ebp - 0x2a4]
cmp al, byte [edi + 0x2488]
jae short loc_fffc9ace  ; jae 0xfffc9ace
mov ebx, dword [ebp - 0x284]
movzx esi, byte [ebp - 0x2a4]
mov al, byte [ebp - 0x29c]
mov byte [ebx + esi + 0x101d], al
xor ebx, ebx

loc_fffc9b5d:  ; not directly referenced
mov cl, bl
mov eax, 1
shl eax, cl
mov ecx, dword [ebp - 0x284]
test byte [ecx + 0xc4], al
je short loc_fffc9b8f  ; je 0xfffc9b8f
mov edx, dword [ebp - 0x268]
mov ecx, ebx
push eax
mov eax, edi
push 0
push 0xff
push esi
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffc9b8f:  ; not directly referenced
inc ebx
cmp ebx, 4
jne short loc_fffc9b5d  ; jne 0xfffc9b5d
inc byte [ebp - 0x2a4]
jmp short loc_fffc9b33  ; jmp 0xfffc9b33

loc_fffc9b9d:  ; not directly referenced
mov al, byte [ebp - 0x2a4]
cmp al, byte [edi + 0x2488]
jae short loc_fffc9bfd  ; jae 0xfffc9bfd
movzx esi, byte [ebp - 0x2a4]
mov eax, edi
mov edx, dword [ebp - 0x268]
mov ecx, esi
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
movzx edx, al
movzx eax, dx
mov dword [ebp - 0x2c4], edx
call fcn_fffaeba2  ; call 0xfffaeba2
mov edx, dword [ebp - 0x2c4]
add esi, dword [ebp - 0x2bc]
inc byte [ebp - 0x2a4]
and byte [esi - 0x1f8], dl
neg eax
mov byte [esi - 0x22e], al
jmp short loc_fffc9b9d  ; jmp 0xfffc9b9d

loc_fffc9bfd:  ; not directly referenced
mov edx, dword [ebp - 0x268]
mov ecx, 0xff
mov eax, edi
and ebx, 0xfffffff7
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffc9c1d:  ; not directly referenced
inc dword [ebp - 0x268]
add dword [ebp - 0x284], 0x13c3
cmp dword [ebp - 0x268], 2
jne loc_fffc9ab6  ; jne 0xfffc9ab6
mov eax, edi
mov edx, 0x11111111
call fcn_fffaa226  ; call 0xfffaa226
mov eax, dword [ebp - 0x274]
xor esi, esi
mov dword [ebp - 0x2a4], eax

loc_fffc9c54:  ; not directly referenced
mov eax, dword [ebp - 0x2a4]
cmp dword [eax], 2
jne loc_fffc9dce  ; jne 0xfffc9dce
mov ebx, dword [ebp - 0x260]
imul eax, esi, 0xcc
mov ecx, 0xff
mov edx, esi
mov eax, dword [ebx + eax + 0x1c]
lea ebx, [ebp - 0x18]
mov dword [ebp - 0x268], eax
mov eax, edi
and dword [ebp - 0x268], 0xfe0ffff7
or dword [ebp - 0x268], 0x1100008
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [ebp - 0x268]
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, edi
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b
lea eax, [esi + esi*8]
add ebx, eax
mov byte [ebp - 0x284], 0
mov dword [ebp - 0x2bc], eax
mov dword [ebp - 0x2c4], ebx

loc_fffc9cd1:  ; not directly referenced
mov al, byte [ebp - 0x284]
cmp al, byte [edi + 0x2488]
jae loc_fffc9dac  ; jae 0xfffc9dac
movzx ebx, byte [ebp - 0x284]
mov edx, esi
mov eax, edi
mov ecx, ebx
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
movzx ecx, al
movzx eax, cx
mov dword [ebp - 0x2cc], ecx
call fcn_fffaeba2  ; call 0xfffaeba2
mov ecx, dword [ebp - 0x2c4]
lea edx, [ecx + ebx]
mov ecx, dword [ebp - 0x2cc]
or byte [edx - 0x20a], cl
add al, byte [edx - 0x22e]
mov byte [edx - 0x22e], al
cmp al, byte [edx - 0x21c]
jle short loc_fffc9d81  ; jle 0xfffc9d81
mov byte [edx - 0x21c], al
mov eax, dword [ebp - 0x2c0]
lea ecx, [ebp - 0x18]
add eax, dword [ebp - 0x2bc]
add eax, ecx
mov cl, byte [ebp - 0x25c]
add eax, ebx
cmp byte [ebp - 0x270], 0
mov byte [eax - 0x1b0], cl
mov byte [eax - 0x1d4], cl
jne short loc_fffc9da1  ; jne 0xfffc9da1
mov ecx, dword [ebp - 0x2a4]
mov al, byte [ebp - 0x25c]
mov byte [ecx + ebx + 0x101d], al
jmp short loc_fffc9da1  ; jmp 0xfffc9da1

loc_fffc9d81:  ; not directly referenced
jne short loc_fffc9da1  ; jne 0xfffc9da1
mov eax, dword [ebp - 0x2c0]
lea ecx, [ebp - 0x18]
add eax, dword [ebp - 0x2bc]
add eax, ecx
mov cl, byte [ebp - 0x25c]
mov byte [ebx + eax - 0x1b0], cl

loc_fffc9da1:  ; not directly referenced
inc byte [ebp - 0x284]
jmp near loc_fffc9cd1  ; jmp 0xfffc9cd1

loc_fffc9dac:  ; not directly referenced
mov ecx, 0xff
mov edx, esi
mov ebx, dword [ebp - 0x268]
mov eax, edi
call fcn_fffa7288  ; call 0xfffa7288
and ebx, 0xfffffff7
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffc9dce:  ; not directly referenced
inc esi
add dword [ebp - 0x2a4], 0x13c3
cmp esi, 2
jne loc_fffc9c54  ; jne 0xfffc9c54
inc byte [ebp - 0x25c]
mov al, byte [ebp - 0x27a]
cmp byte [ebp - 0x25c], al
jle loc_fffc9a0c  ; jle 0xfffc9a0c
push 0
xor ebx, ebx
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 4
push edi
call fcn_fffcc900  ; call 0xfffcc900
mov eax, dword [ebp - 0x274]
add esp, 0x30
mov dword [ebp - 0x25c], eax
imul eax, dword [ebp - 0x278], 0x12
mov dword [ebp - 0x2a4], eax

loc_fffc9e34:  ; not directly referenced
mov eax, dword [ebp - 0x25c]
mov dword [ebp + ebx*4 - 0x250], 0
cmp dword [eax], 2
je short loc_fffc9e5f  ; je 0xfffc9e5f

loc_fffc9e4a:  ; not directly referenced
inc ebx
add dword [ebp - 0x25c], 0x13c3
cmp ebx, 2
jne short loc_fffc9e34  ; jne 0xfffc9e34
jmp near loc_fffc9fa4  ; jmp 0xfffc9fa4

loc_fffc9e5f:  ; not directly referenced
lea eax, [ebx + ebx*8]
lea esi, [ebp - 0x18]
add esi, eax
mov byte [ebp - 0x284], 0
mov dword [ebp - 0x29c], eax
mov dword [ebp - 0x2bc], esi

loc_fffc9e7a:  ; not directly referenced
mov al, byte [ebp - 0x284]
cmp al, byte [edi + 0x2488]
jae short loc_fffc9e4a  ; jae 0xfffc9e4a
mov ecx, dword [ebp - 0x2a4]
lea eax, [ebp - 0x18]
add ecx, dword [ebp - 0x29c]
movzx esi, byte [ebp - 0x284]
add ecx, eax
add ecx, esi
mov dl, byte [ecx - 0x1d4]
mov al, byte [ecx - 0x1b0]
sub eax, edx
mov byte [ecx - 0x168], al
mov cl, 2
cbw
idiv cl
add eax, edx
cmp dword [ebp - 0x264], 0
mov dl, al
je short loc_fffc9efd  ; je 0xfffc9efd
mov ecx, dword [ebp - 0x2bc]
mov byte [esi + ecx - 0x1e6], al
movsx eax, al
push 0
push 0
push 0
push 0
push esi
push 0xff
push ebx
push 0
push 0
push eax
push 4
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
jmp near loc_fffc9f99  ; jmp 0xfffc9f99

loc_fffc9efd:  ; not directly referenced
cmp byte [ebp - 0x270], 0
jne short loc_fffc9f13  ; jne 0xfffc9f13
lea eax, [edx - 1]
test dl, dl
lea ecx, [edx + 1]
cmovns eax, ecx
mov dl, al

loc_fffc9f13:  ; not directly referenced
movsx eax, dl
mov cl, 2
add dword [ebp + ebx*4 - 0x250], eax
movsx ax, dl
idiv cl
mov ecx, dword [ebp - 0x25c]
mov edx, dword [ebp - 0x2a4]
add edx, dword [ebp - 0x29c]
mov dword [ebp - 0x268], 0
mov byte [ecx + esi + 0x101d], al
lea ecx, [ebp - 0x18]
add edx, ecx
mov byte [esi + edx - 0x18c], al

loc_fffc9f54:  ; not directly referenced
mov cl, byte [ebp - 0x268]
mov eax, 1
mov edx, dword [ebp - 0x25c]
shl eax, cl
test byte [edx + 0xc4], al
je short loc_fffc9f8a  ; je 0xfffc9f8a
push ecx
mov ecx, dword [ebp - 0x268]
mov edx, ebx
push 0
mov eax, edi
push 0xff
push esi
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffc9f8a:  ; not directly referenced
inc dword [ebp - 0x268]
cmp dword [ebp - 0x268], 4
jne short loc_fffc9f54  ; jne 0xfffc9f54

loc_fffc9f99:  ; not directly referenced
inc byte [ebp - 0x284]
jmp near loc_fffc9e7a  ; jmp 0xfffc9e7a

loc_fffc9fa4:  ; not directly referenced
cmp dword [ebp - 0x294], 0
sete al
or al, byte [ebp - 0x264]
jne loc_fffca060  ; jne 0xfffca060
cmp byte [ebp - 0x270], 1
je loc_fffca060  ; je 0xfffca060
lea edx, [ebp - 0x180]
lea ecx, [ebp - 0x1a4]

loc_fffc9fd3:  ; not directly referenced
mov eax, dword [ebp - 0x274]
cmp dword [eax], 2
jne short loc_fffca042  ; jne 0xfffca042
mov al, byte [edi + 0x2488]
mov byte [ebp - 0x25c], al
xor eax, eax

loc_fffc9fec:  ; not directly referenced
cmp byte [ebp - 0x25c], al
jbe short loc_fffca042  ; jbe 0xfffca042
cmp dword [ebp - 0x288], 0
je short loc_fffca03f  ; je 0xfffca03f
movsx esi, byte [edx + eax + 0x12]
movsx ebx, byte [edx + eax]
sub ebx, esi
mov esi, ebx
sar esi, 0x1f
xor ebx, esi
sub ebx, esi
cmp ebx, 4
jle short loc_fffca03f  ; jle 0xfffca03f
movsx esi, byte [ecx + eax + 0x12]
movsx ebx, byte [ecx + eax]
sub ebx, esi
mov esi, ebx
sar esi, 0x1f
xor ebx, esi
sub ebx, esi
mov esi, 5
cmp ebx, 3
cmovl esi, dword [ebp - 0x26c]
mov dword [ebp - 0x26c], esi

loc_fffca03f:  ; not directly referenced
inc eax
jmp short loc_fffc9fec  ; jmp 0xfffc9fec

loc_fffca042:  ; not directly referenced
add edx, 9
add ecx, 9
lea eax, [ebp - 0x16e]
add dword [ebp - 0x274], 0x13c3
cmp edx, eax
jne loc_fffc9fd3  ; jne 0xfffc9fd3

loc_fffca060:  ; not directly referenced
dec dword [ebp - 0x278]
cmp dword [ebp - 0x278], 0xffffffff
jne loc_fffc98b5  ; jne 0xfffc98b5
cmp dword [ebp - 0x294], 1
jne loc_fffca197  ; jne 0xfffca197
cmp dword [ebp - 0x26c], 5
mov eax, 5
sete cl
cmp dword [ebp - 0x288], 0
setne dl
test cl, dl
jne loc_fffca879  ; jne 0xfffca879
cmp dword [ebp - 0x290], 3
seta al
test byte [ebp - 0x27b], al
jne short loc_fffca0ce  ; jne 0xfffca0ce
cmp dword [ebp - 0x290], 0
setne dl
cmp dword [ebp - 0x2b0], 0x40670
sete al
test dl, al
je short loc_fffca140  ; je 0xfffca140

loc_fffca0ce:  ; not directly referenced
mov eax, dword [ebp - 0x250]
movzx ecx, byte [edi + 0x2488]
add eax, dword [ebp - 0x24c]
add ecx, ecx
cdq
idiv ecx
mov dword [ebp - 0x250], eax

loc_fffca0ec:  ; not directly referenced
cmp dword [edi + 0x3756], 2
mov eax, dword [ebp - 0x250]
jne short loc_fffca107  ; jne 0xfffca107
mov ebx, dword [ebp - 0x260]
mov dword [ebx + 0xe3], eax

loc_fffca107:  ; not directly referenced
cmp dword [edi + 0x4b19], 2
jne short loc_fffca11c  ; jne 0xfffca11c
mov ebx, dword [ebp - 0x260]
mov dword [ebx + 0x1af], eax

loc_fffca11c:  ; not directly referenced
mov ebx, dword [ebp - 0x260]
cmp dword [ebp - 0x28c], 0
mov dword [ebx + 0x1b4], eax
mov ebx, eax
je short loc_fffca14c  ; je 0xfffca14c
mov ebx, 3
cmp eax, 3
cmovle ebx, eax
jmp short loc_fffca14c  ; jmp 0xfffca14c

loc_fffca140:  ; not directly referenced
mov dword [ebp - 0x250], 0xfffffff0
jmp short loc_fffca0ec  ; jmp 0xfffca0ec

loc_fffca14c:  ; not directly referenced
push 1
push 0
push 0
push 0xff
push ebx
push 1
push 0
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x20
push 1
push 0
push 0
push 0xff
push ebx
push 1
push 1
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x20
push 0
push 0
push 0
push 0xff
push ebx
push 1
push 2
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x20

loc_fffca197:  ; not directly referenced
mov eax, dword [ebp - 0x2a8]
lea ebx, [ebp - 0x15c]
push edx
push 0
push 0xa2
push ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
mov eax, dword [ebp - 0x2a8]
push 0
push 0xa2
lea esi, [ebp - 0xba]
push esi
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
cmp dword [ebp - 0x28c], 1
mov dword [ebp - 0x260], 1
mov dword [ebp - 0x288], esi
sbb eax, eax
mov dword [ebp - 0x26c], eax
add byte [ebp - 0x26c], 9
mov dword [ebp - 0x290], ebx

loc_fffca1f8:  ; not directly referenced
mov al, byte [ebp - 0x260]
xor ecx, ecx
xor edx, edx
mov byte [ebp - 0x278], al

loc_fffca208:  ; not directly referenced
mov eax, dword [ebp - 0x260]
shl eax, cl
add ecx, 4
add edx, eax
cmp ecx, 0x20
jne short loc_fffca208  ; jne 0xfffca208
mov eax, edi
call fcn_fffaa226  ; call 0xfffaa226
mov eax, dword [ebp - 0x2a0]
mov dword [ebp - 0x25c], 0
mov dword [ebp - 0x270], eax
mov eax, dword [ebp - 0x260]
and eax, 0xf
mov dword [ebp - 0x280], eax
shl dword [ebp - 0x280], 9

loc_fffca24d:  ; not directly referenced
imul eax, dword [ebp - 0x25c], 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne loc_fffca428  ; jne 0xfffca428
cmp dword [ebp - 0x28c], 0
jne short loc_fffca2c2  ; jne 0xfffca2c2

loc_fffca26e:  ; not directly referenced
mov eax, dword [ebp - 0x270]
mov ecx, 0xff
mov esi, dword [ebp - 0x25c]
mov ebx, dword [eax]
mov eax, edi
mov edx, esi
call fcn_fffa7288  ; call 0xfffa7288
and ebx, 0xfe0ffff7
or ebx, 0x1100008
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, edi
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b
imul eax, esi, 0x51
mov byte [ebp - 0x268], 0
mov dword [ebp - 0x284], eax
jmp near loc_fffca39e  ; jmp 0xfffca39e

loc_fffca2c2:  ; not directly referenced
mov byte [ebp - 0x268], 0

loc_fffca2c9:  ; not directly referenced
mov al, byte [ebp - 0x268]
cmp al, byte [edi + 0x2488]
jae short loc_fffca26e  ; jae 0xfffca26e
movzx esi, byte [ebp - 0x268]
mov eax, dword [ebp - 0x270]
mov ecx, dword [ebp - 0x298]
mov edx, dword [ebp - 0x25c]
lea eax, [eax + esi*4]
mov dword [ebp - 0x274], eax
mov eax, dword [eax + 0x28]
and ah, 0xe1
or eax, dword [ebp - 0x280]
or eax, 0x60
mov ebx, eax
and eax, 0xfffffe7f
and ebx, 0xffbffe7f
test ecx, ecx
mov ecx, dword [ebp - 0x2b4]
cmove ebx, eax
mov eax, ebx
and eax, 0xffdfffff
test ecx, ecx
mov ecx, esi
cmovne ebx, eax
mov eax, edi
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x2b8], 0
je short loc_fffca370  ; je 0xfffca370
mov edx, dword [ebp - 0x25c]
mov ecx, esi
mov eax, edi
call fcn_fffa724b  ; call 0xfffa724b
mov esi, dword [ebp - 0x274]
mov ecx, dword [esi + 4]
mov edx, eax
mov eax, edi
and ecx, 0xc7ffffff
call fcn_fffae58c  ; call 0xfffae58c

loc_fffca370:  ; not directly referenced
inc byte [ebp - 0x268]
jmp near loc_fffca2c9  ; jmp 0xfffca2c9

loc_fffca37b:  ; not directly referenced
mov eax, dword [ebp - 0x274]
bt eax, edx
jae short loc_fffca3f7  ; jae 0xfffca3f7
mov al, byte [ebp - 0x278]
mov byte [ecx + edx], al

loc_fffca38f:  ; not directly referenced
inc edx
cmp byte [ebp - 0x26c], dl
ja short loc_fffca37b  ; ja 0xfffca37b
inc byte [ebp - 0x268]

loc_fffca39e:  ; not directly referenced
mov al, byte [ebp - 0x268]
cmp al, byte [edi + 0x2488]
jae short loc_fffca408  ; jae 0xfffca408
movzx esi, byte [ebp - 0x268]
mov eax, edi
mov edx, dword [ebp - 0x25c]
mov ecx, esi
call fcn_fffa7617  ; call 0xfffa7617
lea esi, [esi + esi*8]
mov edx, eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
xor edx, edx
add esi, dword [ebp - 0x284]
mov dword [ebp - 0x274], eax
mov eax, dword [ebp - 0x288]
and dword [ebp - 0x274], 0x1ff
lea ecx, [eax + esi]
add esi, dword [ebp - 0x290]
jmp short loc_fffca37b  ; jmp 0xfffca37b

loc_fffca3f7:  ; not directly referenced
cmp byte [esi + edx], 0
jne short loc_fffca38f  ; jne 0xfffca38f
mov al, byte [ebp - 0x278]
mov byte [esi + edx], al
jmp short loc_fffca38f  ; jmp 0xfffca38f

loc_fffca408:  ; not directly referenced
mov edx, dword [ebp - 0x25c]
mov ecx, 0xff
mov eax, edi
and ebx, 0xfffffff7
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, ebx
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffca428:  ; not directly referenced
inc dword [ebp - 0x25c]
add dword [ebp - 0x270], 0xcc
cmp dword [ebp - 0x25c], 2
jne loc_fffca24d  ; jne 0xfffca24d
inc dword [ebp - 0x260]
cmp dword [ebp - 0x260], 0x10
jne loc_fffca1f8  ; jne 0xfffca1f8
mov ebx, dword [ebp - 0x2a0]
lea eax, [edi + 0x3756]
mov dword [ebp - 0x280], eax
mov dword [ebp - 0x260], eax
mov dword [ebp - 0x25c], 0
mov dword [ebp - 0x278], ebx

loc_fffca480:  ; not directly referenced
mov eax, dword [ebp - 0x260]
cmp dword [eax], 2
je short loc_fffca4b3  ; je 0xfffca4b3

loc_fffca48b:  ; not directly referenced
inc dword [ebp - 0x25c]
add dword [ebp - 0x260], 0x13c3
add dword [ebp - 0x278], 0xcc
cmp dword [ebp - 0x25c], 2
jne short loc_fffca480  ; jne 0xfffca480
jmp near loc_fffca660  ; jmp 0xfffca660

loc_fffca4b3:  ; not directly referenced
mov esi, dword [ebp - 0x25c]
mov byte [ebp - 0x268], 0
mov eax, esi
imul esi, esi, 0x51
shl eax, 8
mov dword [ebp - 0x29c], eax
add eax, 0x4c
mov dword [ebp - 0x288], eax
mov dword [ebp - 0x284], esi

loc_fffca4dd:  ; not directly referenced
movzx eax, byte [ebp - 0x268]
cmp al, byte [edi + 0x2488]
jae short loc_fffca48b  ; jae 0xfffca48b
mov esi, eax
mov dword [ebp - 0x270], eax
lea eax, [eax + eax*8]
add eax, dword [ebp - 0x284]
lea ebx, [ebp - 0x15c]
lea edx, [ebp - 0xba]
add ebx, eax
add eax, edx
mov dword [ebp - 0x294], eax
imul eax, esi, 0x18
mov dword [ebp - 0x2a4], ebx
xor ebx, ebx
mov dword [ebp - 0x274], 0
mov dword [ebp - 0x290], eax

loc_fffca52e:  ; not directly referenced
mov eax, dword [ebp - 0x2a4]
mov dl, byte [eax + ebx]
mov eax, dword [ebp - 0x294]
movsx ecx, byte [eax + ebx]
mov al, 0xf
test dl, dl
je short loc_fffca55a  ; je 0xfffca55a
xor eax, eax
test cl, cl
je short loc_fffca55a  ; je 0xfffca55a
movsx eax, dl
mov esi, 2
add eax, ecx
cdq
idiv esi

loc_fffca55a:  ; not directly referenced
cmp dword [ebp - 0x28c], 0
je short loc_fffca5ba  ; je 0xfffca5ba
cmp bl, 8
jne short loc_fffca5ba  ; jne 0xfffca5ba
mov dl, 0xf
cmp al, 6
jg short loc_fffca574  ; jg 0xfffca574
lea edx, [eax + 8]
and edx, 0xf

loc_fffca574:  ; not directly referenced
mov eax, dword [ebp - 0x270]
and edx, 0xf
mov esi, dword [ebp - 0x278]
add edx, edx
lea ecx, [eax + 8]
mov al, byte [esi + ecx*4 + 9]
and eax, 0xffffffe1
or eax, edx
mov byte [esi + ecx*4 + 9], al

loc_fffca595:  ; not directly referenced
mov eax, dword [ebp - 0x270]
mov ebx, dword [ebp - 0x288]
mov esi, dword [ebp - 0x29c]
shl eax, 9
add ebx, eax
mov dword [ebp - 0x270], ebx
lea esi, [esi + eax + 0x50]
xor ebx, ebx
jmp short loc_fffca604  ; jmp 0xfffca604

loc_fffca5ba:  ; not directly referenced
mov edx, eax
lea esi, [ebx + ebx*2]
and edx, 0xf
add esi, dword [ebp - 0x290]
add esi, dword [ebp - 0x260]
lea ecx, [ebx*4]
shl edx, cl
add dword [ebp - 0x274], edx
xor edx, edx

loc_fffca5df:  ; not directly referenced
imul ecx, edx, 0xd8
inc edx
mov byte [esi + ecx + 0x942], al
cmp byte [ebp - 0x279], dl
ja short loc_fffca5df  ; ja 0xfffca5df
inc ebx
cmp byte [ebp - 0x26c], bl
ja loc_fffca52e  ; ja 0xfffca52e
jmp short loc_fffca595  ; jmp 0xfffca595

loc_fffca604:  ; not directly referenced
mov eax, dword [edi + 0x188b]
mov edx, dword [ebp - 0x270]
test eax, eax
je short loc_fffca61a  ; je 0xfffca61a
xor edx, edx
dec eax
cmove edx, esi

loc_fffca61a:  ; not directly referenced
mov ecx, dword [ebp - 0x274]
mov eax, edi
inc ebx
add esi, 4
call fcn_fffae58c  ; call 0xfffae58c
cmp bl, byte [ebp - 0x279]
jb short loc_fffca604  ; jb 0xfffca604
sub esp, 0xc
mov edx, dword [ebp - 0x25c]
mov ecx, 1
push 0
mov eax, edi
push 1
push 0
push 0
push 0
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
inc byte [ebp - 0x268]
jmp near loc_fffca4dd  ; jmp 0xfffca4dd

loc_fffca660:  ; not directly referenced
cmp dword [ebp - 0x264], 0
jne short loc_fffca6b9  ; jne 0xfffca6b9

loc_fffca669:  ; not directly referenced
cmp dword [ebp - 0x298], 0
je loc_fffca7b3  ; je 0xfffca7b3
mov ecx, dword [ebp - 0x2ac]
mov eax, edi
mov edx, 0x3a28
or ecx, 2
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x5f08
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x5f08
or ah, 1
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0xe1
mov eax, edi
call fcn_fffa834b  ; call 0xfffa834b
jmp near loc_fffca7b3  ; jmp 0xfffca7b3

loc_fffca6b9:  ; not directly referenced
push 0
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push 4
push edi
call fcn_fffcc900  ; call 0xfffcc900
mov ebx, dword [ebp - 0x280]
add esp, 0x30
mov dword [ebp - 0x260], 0

loc_fffca6e8:  ; not directly referenced
cmp dword [ebx], 2
je short loc_fffca708  ; je 0xfffca708

loc_fffca6ed:  ; not directly referenced
inc dword [ebp - 0x260]
add ebx, 0x13c3
cmp dword [ebp - 0x260], 2
je loc_fffca669  ; je 0xfffca669
jmp short loc_fffca6e8  ; jmp 0xfffca6e8

loc_fffca708:  ; not directly referenced
imul eax, dword [ebp - 0x260], 9
lea esi, [ebp - 0x18]
mov byte [ebp - 0x264], 0
add eax, esi
mov dword [ebp - 0x268], eax

loc_fffca721:  ; not directly referenced
mov al, byte [ebp - 0x264]
cmp al, byte [edi + 0x2488]
jae short loc_fffca6ed  ; jae 0xfffca6ed
movzx esi, byte [ebp - 0x264]
mov eax, dword [ebp - 0x268]
mov dword [ebp - 0x25c], 0
mov dl, byte [esi + eax - 0x1e6]
test dl, dl
lea eax, [edx - 1]
lea ecx, [edx + 1]
mov dl, 2
cmovns eax, ecx
cbw
idiv dl
mov byte [ebx + esi + 0x101d], al

loc_fffca765:  ; not directly referenced
mov cl, byte [ebp - 0x25c]
mov eax, 1
shl eax, cl
test byte [ebx + 0xc4], al
je short loc_fffca799  ; je 0xfffca799
mov ecx, dword [ebp - 0x25c]
push eax
mov edx, dword [ebp - 0x260]
mov eax, edi
push 0
push 0xff
push esi
call fcn_fffa7499  ; call 0xfffa7499
add esp, 0x10

loc_fffca799:  ; not directly referenced
inc dword [ebp - 0x25c]
cmp dword [ebp - 0x25c], 4
jne short loc_fffca765  ; jne 0xfffca765
inc byte [ebp - 0x264]
jmp near loc_fffca721  ; jmp 0xfffca721

loc_fffca7b3:  ; not directly referenced
mov esi, dword [ebp - 0x2a0]
xor ebx, ebx

loc_fffca7bb:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [edi + eax + 0x3756], 2
jne loc_fffca862  ; jne 0xfffca862
mov byte [ebp - 0x25c], 0

loc_fffca7d6:  ; not directly referenced
mov al, byte [ebp - 0x25c]
cmp al, byte [edi + 0x2488]
jae short loc_fffca849  ; jae 0xfffca849
movzx eax, byte [ebp - 0x25c]
mov edx, ebx
mov ecx, eax
mov dword [ebp - 0x260], eax
mov eax, edi
call fcn_fffa720e  ; call 0xfffa720e
mov ecx, dword [ebp - 0x260]
lea ecx, [esi + ecx*4]
mov dword [ebp - 0x264], ecx
mov ecx, dword [ecx + 0x28]
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x2b8], 0
je short loc_fffca841  ; je 0xfffca841
mov ecx, dword [ebp - 0x260]
mov edx, ebx
mov eax, edi
call fcn_fffa724b  ; call 0xfffa724b
mov ecx, dword [ebp - 0x264]
mov ecx, dword [ecx + 4]
mov edx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffca841:  ; not directly referenced
inc byte [ebp - 0x25c]
jmp short loc_fffca7d6  ; jmp 0xfffca7d6

loc_fffca849:  ; not directly referenced
mov ecx, 0xff
mov edx, ebx
mov eax, edi
call fcn_fffa7288  ; call 0xfffa7288
mov ecx, dword [esi]
mov edx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffca862:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne loc_fffca7bb  ; jne 0xfffca7bb
mov eax, edi
call fcn_fffb0e8a  ; call 0xfffb0e8a

loc_fffca879:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffca881:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
mov ebx, dword [ebp + 8]
push edx
push edx
movzx ecx, byte [ebx + 0x248e]
lea esi, [ebx + 0x2490]
mov eax, ebx
push 0
mov edx, esi
push 0xf
push 1
push 0
push 1
push 2
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20
test eax, eax
jne short loc_fffca8f5  ; jne 0xfffca8f5
cmp dword [ebx + 0x188b], 1
jne short loc_fffca8d4  ; jne 0xfffca8d4
cmp dword [ebx + 0x2480], 1
jne short loc_fffca8d4  ; jne 0xfffca8d4
mov ecx, 2
mov edx, esi
mov eax, ebx
call fcn_fffbd80c  ; call 0xfffbd80c

loc_fffca8d4:  ; not directly referenced
push eax
mov edx, esi
push eax
movzx ecx, byte [ebx + 0x248e]
mov eax, ebx
push 1
push 0xf
push 0
push 0
push 0
push 2
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20

loc_fffca8f5:  ; not directly referenced
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
ret

fcn_fffca8fc:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
mov ebx, dword [ebp + 8]
push edx
push edx
movzx ecx, byte [ebx + 0x248e]
lea esi, [ebx + 0x2490]
mov eax, ebx
push 0
mov edx, esi
push 0xf
push 1
push 0
push 1
push 1
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20
test eax, eax
jne short loc_fffca967  ; jne 0xfffca967
cmp dword [ebx + 0x188b], 1
jne short loc_fffca946  ; jne 0xfffca946
mov ecx, 1
mov edx, esi
mov eax, ebx
call fcn_fffbd80c  ; call 0xfffbd80c

loc_fffca946:  ; not directly referenced
push eax
mov edx, esi
push eax
movzx ecx, byte [ebx + 0x248e]
mov eax, ebx
push 1
push 0xf
push 0
push 1
push 0
push 1
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20

loc_fffca967:  ; not directly referenced
lea esp, [ebp - 8]
pop ebx
pop esi
pop ebp
ret

fcn_fffca96e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0xad10
mov esi, dword [ebp + 0x20]
mov ebx, dword [ebp + 0x24]
mov dword [ebp - 0xacb4], edx
mov dl, byte [ebp + 0x14]
mov dword [ebp - 0xac88], ecx
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0xacb0], esi
mov dword [ebp - 0xacac], ebx
mov ebx, dword [ebp + 0x28]
mov byte [ebp - 0xace6], dl
mov edx, esi
mov esi, dword [edi + 0x5edc]
mov byte [ebp - 0xac90], dl
mov dl, byte [ebp - 0xacac]
mov dword [ebp - 0xac98], eax
mov ecx, ebx
mov byte [ebp - 0xac8c], al
mov byte [ebp - 0xaca1], dl
mov dl, cl
mov ecx, dword [edi + 0x2480]
mov dword [ebp - 0xaca0], edx
mov dl, byte [ebp + 0x30]
mov dword [ebp - 0xac94], ebx
mov ebx, dword [ebp + 0x2c]
mov dword [ebp - 0xaca8], esi
mov esi, dword [edi + 0x2443]
mov dword [ebp - 0xacc4], ecx
mov byte [ebp - 0xad09], dl
mov edx, dword [edi + 0x188b]
mov dword [ebp - 0xacc0], edx
dec edx
sete dl
cmp al, 6
sete al
mov byte [ebp - 0xacbb], dl
mov byte [ebp - 0xace7], al
and eax, edx
movzx eax, al
mov dword [ebp - 0xacc8], eax
mov al, byte [ebp - 0xac88]
and al, byte [edi + 0x248e]
push 0
push 0x5ab4
mov byte [ebp - 0xac88], al
mov eax, dword [ebp + 8]
and al, byte [edi + 0x248d]
mov byte [ebp - 0xac9c], al
lea eax, [ebp - 0x5acc]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0xff
push 0x3e
push dword [ebp - 0xacb4]
call dword [esi + 0x5c]  ; ucall
lea eax, [ebp - 0xabcc]
add esp, 0xc
push 0
push 0x280
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x80
lea eax, [ebp - 0xac4c]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x680
lea eax, [ebp - 0xa94c]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xac75]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x10
lea eax, [ebp - 0xac5c]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xac73]
push eax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x4800
lea eax, [ebp - 0xa2cc]
push eax
call dword [esi + 0x5c]  ; ucall
mov edx, dword [ebp - 0xaca0]
add esp, 0x10
xor eax, eax

loc_fffcab02:  ; not directly referenced
mov byte [ebp + eax - 0xac71], al
inc eax
cmp eax, 9
jne short loc_fffcab02  ; jne 0xfffcab02
mov byte [edi + 0x247a], 0
cmp bl, 9
jne short loc_fffcab24  ; jne 0xfffcab24
mov dl, byte [ebp - 0xac94]
dec edx
jmp short loc_fffcab33  ; jmp 0xfffcab33

loc_fffcab24:  ; not directly referenced
mov al, byte [ebp - 0xac94]
sub eax, 3
cmp bl, 0xa
cmove edx, eax

loc_fffcab33:  ; not directly referenced
mov ecx, dword [ebp - 0xac98]
mov al, cl
sub eax, 0xa
cmp cl, 0xf
sete cl
cmp al, 2
mov byte [ebp - 0xacbc], al
setbe al
or al, cl
mov byte [ebp - 0xac94], cl
movzx ecx, dl
movzx edx, byte [ebp - 0xac88]
je short loc_fffcab7e  ; je 0xfffcab7e
sub esp, 0xc
mov eax, edi
push 0
call fcn_fffb2759  ; call 0xfffb2759
add esp, 0x10
mov dword [ebp - 0xacf0], 1
jmp short loc_fffcab97  ; jmp 0xfffcab97

loc_fffcab7e:  ; not directly referenced
sub esp, 0xc
mov eax, edi
push 0
call fcn_fffb26ca  ; call 0xfffb26ca
add esp, 0x10
mov dword [ebp - 0xacf0], 0

loc_fffcab97:  ; not directly referenced
test bl, bl
je short loc_fffcaba1  ; je 0xfffcaba1
mov byte [edi + 0x248b], bl

loc_fffcaba1:  ; not directly referenced
mov eax, dword [ebp - 0xaca8]
xor ebx, ebx
mov byte [ebp - 0xaca3], 0
add eax, 0x70
mov dword [ebp - 0xaca0], eax
movzx eax, byte [ebp - 0xac88]
mov dword [ebp - 0xac88], eax

loc_fffcabc6:  ; not directly referenced
mov eax, dword [ebp - 0xac88]
bt eax, ebx
jae short loc_fffcac14  ; jae 0xfffcac14
imul eax, ebx, 0x13c3
mov cl, byte [ebp - 0xac9c]
mov edx, ebx
and cl, byte [edi + eax + 0x381a]
mov eax, edi
mov byte [ebp + ebx - 0xac75], cl
movzx ecx, cl
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0xaca3], al
push eax
movzx eax, byte [edi + 0x2488]
push 0
push eax
push dword [ebp - 0xaca0]
call dword [esi + 0x5c]  ; ucall
add esp, 0x10

loc_fffcac14:  ; not directly referenced
inc ebx
add dword [ebp - 0xaca0], 0xcc
cmp ebx, 2
jne short loc_fffcabc6  ; jne 0xfffcabc6
cmp byte [ebp - 0xaca3], 0
je loc_fffcbd35  ; je 0xfffcbd35
movzx esi, byte [ebp - 0xac9c]
xor eax, eax
mov dword [ebp - 0xacec], esi

loc_fffcac40:  ; not directly referenced
mov esi, dword [ebp - 0xacec]
mov byte [ebp - 0xaca4], al
bt esi, eax
jb short loc_fffcac5e  ; jb 0xfffcac5e
inc eax
cmp eax, 4
jne short loc_fffcac40  ; jne 0xfffcac40
mov byte [ebp - 0xaca4], 0

loc_fffcac5e:  ; not directly referenced
mov ecx, dword [ebp - 0xac98]
mov al, byte [edi + 0x2488]
mov bl, al
mov al, cl
sub eax, 7
cmp al, 5
mov byte [ebp - 0xace8], al
setbe al
or al, byte [ebp - 0xac94]
mov al, 1
cmovne ebx, eax
mov eax, ecx
cmp cl, 3
sete cl
cmp al, 1
setbe dl
mov eax, 1
or cl, dl
mov byte [ebp - 0xaca2], bl
jne short loc_fffcacaf  ; jne 0xfffcacaf
xor eax, eax
cmp byte [ebp - 0xac98], 2
sete al

loc_fffcacaf:  ; not directly referenced
mov dword [ebp - 0xaccc], eax
xor eax, 1
test byte [ebp - 0xacbb], al
je short loc_fffcacd9  ; je 0xfffcacd9
cmp byte [ebp - 0xacbc], 1
setbe al
or eax, dword [ebp - 0xac94]
movzx eax, al
mov dword [ebp - 0xaccc], eax

loc_fffcacd9:  ; not directly referenced
cmp dword [ebp - 0xaccc], 0
mov byte [ebp - 0xac88], 0
je loc_fffcae2f  ; je 0xfffcae2f
xor esi, esi
xor ebx, ebx
cmp byte [ebp - 0xac98], 1
jne short loc_fffcad17  ; jne 0xfffcad17
mov edx, 0x3a04
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
cmp dword [ebp - 0xacc0], 0
mov esi, eax
je loc_fffcadb4  ; je 0xfffcadb4
jmp short loc_fffcad4e  ; jmp 0xfffcad4e

loc_fffcad17:  ; not directly referenced
mov edx, 0x3a00
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
cmp dword [ebp - 0xacc0], 0
mov ebx, eax
jne short loc_fffcad4e  ; jne 0xfffcad4e
mov ecx, dword [ebp - 0xac98]
cmp cl, 2
je short loc_fffcad44  ; je 0xfffcad44
cmp cl, 3
je short loc_fffcad49  ; je 0xfffcad49
test cl, cl
jne short loc_fffcadbd  ; jne 0xfffcadbd
jmp short loc_fffcadb4  ; jmp 0xfffcadb4

loc_fffcad44:  ; not directly referenced
shr eax, 0x1a
jmp short loc_fffcad93  ; jmp 0xfffcad93

loc_fffcad49:  ; not directly referenced
shr eax, 0x14
jmp short loc_fffcadb4  ; jmp 0xfffcadb4

loc_fffcad4e:  ; not directly referenced
mov edx, 0x3a08
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, 0x3a0c
mov dword [ebp - 0xac88], eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov eax, dword [ebp - 0xac98]
cmp al, 0xf
ja short loc_fffcadc1  ; ja 0xfffcadc1
movzx eax, al
mov ecx, dword [ebp - 0xac88]
jmp dword [eax*4 + ref_fffd5ae0]  ; ujmp: jmp dword [eax*4 - 0x2a520]

loc_fffcad86:  ; not directly referenced
mov al, bl
jmp short loc_fffcadb4  ; jmp 0xfffcadb4

loc_fffcad8a:  ; not directly referenced
mov eax, esi
jmp short loc_fffcadb4  ; jmp 0xfffcadb4

loc_fffcad8e:  ; not directly referenced
shr ebx, 0x14
mov al, bl

loc_fffcad93:  ; not directly referenced
and eax, 0x1f
mov byte [ebp - 0xac88], al
mov al, 0x1f
jmp short loc_fffcadca  ; jmp 0xfffcadca

loc_fffcada0:  ; not directly referenced
shr ebx, 0x1a
mov dword [ebp - 0xac88], ebx
jmp short loc_fffcadbd  ; jmp 0xfffcadbd

loc_fffcadab:  ; not directly referenced
mov eax, ecx
shr eax, 0xc
jmp short loc_fffcadb4  ; jmp 0xfffcadb4

loc_fffcadb2:  ; not directly referenced
mov al, cl

loc_fffcadb4:  ; not directly referenced
and eax, 0x3f
mov byte [ebp - 0xac88], al

loc_fffcadbd:  ; not directly referenced
mov al, 0x3f
jmp short loc_fffcadca  ; jmp 0xfffcadca

loc_fffcadc1:  ; not directly referenced
mov al, 0x3f
mov byte [ebp - 0xac88], 0

loc_fffcadca:  ; not directly referenced
cmp byte [ebp - 0xac98], 0xa
sete dl
or dl, byte [ebp - 0xac94]
jne short loc_fffcae01  ; jne 0xfffcae01
mov esi, dword [ebp - 0xacb0]
mov bl, byte [ebp - 0xac88]
mov ecx, esi
lea edx, [ebx + ecx - 3]
mov bl, byte [ebp - 0xac90]
sub ecx, edx
test dl, dl
cmovs ebx, ecx
mov byte [ebp - 0xac90], bl

loc_fffcae01:  ; not directly referenced
movzx esi, byte [ebp - 0xaca1]
sub eax, 3
sub eax, dword [ebp - 0xac88]
cmp al, byte [ebp - 0xacac]
cmovs esi, eax
mov eax, esi
mov esi, dword [ebp - 0xac90]
mov ebx, esi
cmp al, bl
cmovl eax, esi
mov byte [ebp - 0xaca1], al

loc_fffcae2f:  ; not directly referenced
mov eax, dword [ebp + 0x1c]
mov dword [ebp - 0xace4], eax
movzx eax, byte [ebp - 0xaca4]
imul esi, eax, 0x90
mov dword [ebp - 0xacd8], eax
mov dword [ebp - 0xad08], esi
add esi, 4
mov dword [ebp - 0xad00], esi
mov esi, dword [ebp + 0x10]
mov dword [ebp - 0xacb8], esi
movzx esi, byte [ebp - 0xace6]
mov word [ebp - 0xacba], si

loc_fffcae71:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov esi, dword [ebp - 0xacb8]
mov word [ebp - 0xad04], ax
sub esi, eax
cmp si, word [ebp - 0xacba]
jae loc_fffcb350  ; jae 0xfffcb350
mov eax, dword [ebp - 0xacb8]
mov al, byte [eax]
mov cl, al
mov byte [ebp - 0xac98], al
movzx eax, al
mov ebx, eax
mov dword [ebp - 0xacb0], eax
xor eax, eax
cmp cl, 0x21
ja short loc_fffcaeb9  ; ja 0xfffcaeb9
movzx eax, byte [ebx + ref_fffd5f1c]  ; movzx eax, byte [ebx - 0x2a0e4]

loc_fffcaeb9:  ; not directly referenced
cmp al, 8
mov ebx, 8
cmovbe ebx, eax
mov al, byte [ebp - 0xac98]
sub eax, 0xc
mov byte [ebp - 0xacdc], al
cmp al, 1
jbe short loc_fffcaefa  ; jbe 0xfffcaefa
push eax
mov ecx, dword [ebp - 0xacb0]
push eax
mov eax, edi
push dword [ebp - 0xacec]
push dword [ebp - 0xacd8]
lea edx, [edi + 0x2490]
call fcn_fffa7e6c  ; call 0xfffa7e6c
add esp, 0x10

loc_fffcaefa:  ; not directly referenced
cmp dword [ebp - 0xacc4], 2
jne short loc_fffcaf27  ; jne 0xfffcaf27
mov al, byte [ebp - 0xac98]
mov byte [ebp - 0xac9c], 0x25
cmp al, 0x11
sete dl
cmp al, 5
sete al
or dl, al
jne short loc_fffcaf83  ; jne 0xfffcaf83
cmp byte [ebp - 0xac98], 0x21
je short loc_fffcaf83  ; je 0xfffcaf83

loc_fffcaf27:  ; not directly referenced
mov al, byte [ebp - 0xac98]
mov byte [ebp - 0xac9c], 0x36
cmp al, 0x10
sete dl
cmp al, 4
sete al
or dl, al
jne short loc_fffcaf83  ; jne 0xfffcaf83
mov al, byte [ebp - 0xac98]
cmp al, 5
sete dl
cmp al, 0x20
sete al
or dl, al
jne short loc_fffcaf83  ; jne 0xfffcaf83
mov al, byte [ebp - 0xac98]
cmp al, 0x21
sete dl
cmp al, 0x11
sete al
or dl, al
jne short loc_fffcaf83  ; jne 0xfffcaf83
mov al, byte [ebp - 0xac98]
cmp al, 0xd
je short loc_fffcaf83  ; je 0xfffcaf83
cmp al, 0xc
mov cl, 0x1f
mov al, 0x40
cmove ecx, eax
mov byte [ebp - 0xac9c], cl

loc_fffcaf83:  ; not directly referenced
mov eax, dword [ebp - 0xace4]
mov ecx, 0x14
xor edx, edx
movzx esi, si
mov ax, word [eax]
div cx
mov cl, byte [ebp - 0xac9c]
movzx edx, cl
cmp dx, ax
cmova ecx, eax
imul ebx, ebx, 0x240
lea eax, [edi + 0x2490]
mov dword [ebp - 0xace0], eax
mov byte [ebp - 0xac9c], cl
add eax, ebx
add eax, dword [ebp - 0xad00]
add ebx, dword [ebp - 0xad08]
mov dword [ebp - 0xad04], eax
imul eax, esi, 0x1200
mov dword [ebp - 0xacf8], ebx
mov dword [ebp - 0xacfc], eax
movsx eax, byte [ebp - 0xac90]
mov byte [ebp - 0xaca0], al
mov dword [ebp - 0xad10], eax
movzx eax, byte [ebp - 0xaca3]
mov dword [ebp - 0xacac], eax

loc_fffcb006:  ; not directly referenced
mov al, byte [ebp - 0xaca0]
cmp byte [ebp - 0xaca1], al
jl loc_fffcb33e  ; jl 0xfffcb33e
movsx eax, byte [ebp - 0xaca0]
mov dword [ebp - 0xacd0], eax
mov eax, dword [ebp - 0xad10]
sub dword [ebp - 0xacd0], eax
cmp dword [ebp - 0xacc8], 0
jne short loc_fffcb04d  ; jne 0xfffcb04d

loc_fffcb03a:  ; not directly referenced
movsx ax, byte [ebp - 0xaca0]
xor ebx, ebx
mov word [ebp - 0xacf4], ax
jmp short loc_fffcb0a4  ; jmp 0xfffcb0a4

loc_fffcb04d:  ; not directly referenced
movsx ax, byte [ebp - 0xaca0]
mov dl, 8
mov esi, dword [ebp - 0xaca8]
idiv dl
movsx ecx, ah
mov dl, al
cmp cl, 1
movsx eax, al
setle bl
test dl, dl
mov al, byte [esi + eax + 0x1bc]
sete dl
test bl, dl
jne loc_fffcb333  ; jne 0xfffcb333
mov edx, 1
shl edx, cl
test al, dl
je short loc_fffcb03a  ; je 0xfffcb03a
jmp near loc_fffcb333  ; jmp 0xfffcb333

loc_fffcb091:  ; not directly referenced
cmp byte [ebp - 0xacbb], 0
jne short loc_fffcb113  ; jne 0xfffcb113

loc_fffcb09a:  ; not directly referenced
inc ebx
cmp ebx, 2
je loc_fffcb14a  ; je 0xfffcb14a

loc_fffcb0a4:  ; not directly referenced
mov eax, dword [ebp - 0xacac]
bt eax, ebx
jae short loc_fffcb09a  ; jae 0xfffcb09a
xor eax, eax
cmp byte [ebp - 0xac8c], 7
jne short loc_fffcb0d0  ; jne 0xfffcb0d0
imul edx, ebx, 0x13c3
cmp dword [edi + edx + 0x3816], 2
mov edx, 0x20
cmove eax, edx

loc_fffcb0d0:  ; not directly referenced
xor esi, esi
mov word [ebp - 0xacd4], ax

loc_fffcb0d9:  ; not directly referenced
mov eax, esi
cmp byte [ebp - 0xaca2], al
jbe short loc_fffcb091  ; jbe 0xfffcb091
mov eax, dword [ebp - 0xacf4]
mov edx, ebx
add eax, dword [ebp - 0xacd4]
push 0
movzx ecx, byte [ebp + ebx - 0xac75]
cwde
push eax
movzx eax, byte [ebp - 0xac8c]
push eax
mov eax, edi
push esi
inc esi
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x10
jmp short loc_fffcb0d9  ; jmp 0xfffcb0d9

loc_fffcb113:  ; not directly referenced
mov al, byte [ebp - 0xac8c]
and eax, 0xfffffff7
dec al
jne loc_fffcb09a  ; jne 0xfffcb09a
mov eax, dword [ebp - 0xaca8]
cmp byte [eax + 0x1c5], 0
je loc_fffcb09a  ; je 0xfffcb09a
xor ecx, ecx
mov edx, 1
mov eax, edi
call fcn_fffb9560  ; call 0xfffb9560
jmp near loc_fffcb09a  ; jmp 0xfffcb09a

loc_fffcb14a:  ; not directly referenced
cmp byte [ebp - 0xacdc], 1
ja loc_fffcb1ec  ; ja 0xfffcb1ec
cmp dword [ebp - 0xacc4], 3
je short loc_fffcb1a5  ; je 0xfffcb1a5

loc_fffcb160:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0xacac]
push eax
mov edx, dword [ebp - 0xace0]
push 1
lea eax, [ebp - 0xac5c]
push eax
movzx eax, byte [ebp - 0xac9c]
push eax
mov eax, edi
push 0
push dword [ebp - 0xacb0]
push dword [ebp - 0xacd8]
call fcn_fffc6051  ; call 0xfffc6051
add esp, 0x14
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
jmp near loc_fffcb228  ; jmp 0xfffcb228

loc_fffcb1a5:  ; not directly referenced
mov eax, dword [ebp - 0xad04]
xor edx, edx
xor ecx, ecx

loc_fffcb1af:  ; not directly referenced
cmp dword [edi + edx + 0x3756], 2
jne short loc_fffcb1d5  ; jne 0xfffcb1d5
mov ebx, dword [eax - 4]
cmp ebx, 0x29
lea esi, [ebx - 0x28]
mov ebx, dword [eax]
cmovb esi, ecx
mov dword [eax - 4], esi
cmp ebx, 0x29
lea esi, [ebx - 0x28]
cmovb esi, ecx
mov dword [eax], esi

loc_fffcb1d5:  ; not directly referenced
add edx, 0x13c3
add eax, 0x48
cmp edx, 0x2786
je loc_fffcb160  ; je 0xfffcb160
jmp short loc_fffcb1af  ; jmp 0xfffcb1af

loc_fffcb1ec:  ; not directly referenced
push eax
mov ecx, dword [ebp - 0xacac]
push eax
mov edx, dword [ebp - 0xace0]
lea eax, [ebp - 0xac5c]
push eax
movzx eax, byte [ebp - 0xac9c]
push eax
lea eax, [ebp - 0xac71]
push eax
mov eax, dword [ebp - 0xacd8]
push dword [ebp - 0xacb0]
push eax
push eax
mov eax, edi
call fcn_fffd13ed  ; call 0xfffd13ed
add esp, 0x20

loc_fffcb228:  ; not directly referenced
movsx eax, byte [ebp - 0xacd0]
xor ecx, ecx
mov esi, dword [ebp - 0xacfc]
imul eax, eax, 0x48
lea eax, [esi + eax + 4]
lea eax, [ebp + eax - 0xa2cc]
mov dword [ebp - 0xacd4], eax

loc_fffcb24b:  ; not directly referenced
mov eax, dword [ebp - 0xacac]
bt eax, ecx
jae loc_fffcb322  ; jae 0xfffcb322
imul esi, ecx, 0x48
mov eax, dword [ebp - 0xacd4]
add esi, dword [ebp - 0xacf8]
lea ebx, [eax - 4]
add esi, edi

loc_fffcb26e:  ; not directly referenced
mov al, byte [edi + 0x2488]
mov word [ebp - 0xacd0], 0xffff
mov byte [ebp - 0xacf4], al
xor eax, eax

loc_fffcb285:  ; not directly referenced
cmp byte [ebp - 0xacf4], al
jbe short loc_fffcb2c0  ; jbe 0xfffcb2c0
mov edx, dword [esi + eax*8 + 0x2490]
mov word [ebx + eax*4], dx
mov edx, dword [ebp - 0xacd0]
cmp dx, word [esi + eax*8 + 0x2490]
cmova dx, word [esi + eax*8 + 0x2490]
inc eax
cmp byte [ebp - 0xacdc], 1
mov word [ebp - 0xacd0], dx
ja short loc_fffcb285  ; ja 0xfffcb285

loc_fffcb2c0:  ; not directly referenced
cmp byte [ebp - 0xaca2], 1
jne short loc_fffcb2d2  ; jne 0xfffcb2d2
mov eax, dword [ebp - 0xacd0]
mov word [ebx], ax

loc_fffcb2d2:  ; not directly referenced
cmp byte [ebp - 0xac94], 0
je short loc_fffcb310  ; je 0xfffcb310
mov al, byte [ebp - 0xac98]
cmp al, 0xc
je short loc_fffcb2ee  ; je 0xfffcb2ee
cmp al, 0xd
jne short loc_fffcb310  ; jne 0xfffcb310
jmp near loc_fffcbd2b  ; jmp 0xfffcbd2b

loc_fffcb2ee:  ; not directly referenced
mov eax, 0x8c

loc_fffcb2f3:  ; not directly referenced
cmp word [ebx], ax
ja short loc_fffcb310  ; ja 0xfffcb310
sub esp, 0xc
push edi
mov dword [ebp - 0xacd0], ecx
call fcn_fffc82f4  ; call 0xfffc82f4
mov ecx, dword [ebp - 0xacd0]
add esp, 0x10

loc_fffcb310:  ; not directly referenced
add ebx, 2
add esi, 4
cmp ebx, dword [ebp - 0xacd4]
jne loc_fffcb26e  ; jne 0xfffcb26e

loc_fffcb322:  ; not directly referenced
inc ecx
add dword [ebp - 0xacd4], 0x24
cmp ecx, 2
jne loc_fffcb24b  ; jne 0xfffcb24b

loc_fffcb333:  ; not directly referenced
inc byte [ebp - 0xaca0]
jmp near loc_fffcb006  ; jmp 0xfffcb006

loc_fffcb33e:  ; not directly referenced
add dword [ebp - 0xace4], 2
inc dword [ebp - 0xacb8]
jmp near loc_fffcae71  ; jmp 0xfffcae71

loc_fffcb350:  ; not directly referenced
movsx esi, byte [ebp - 0xaca1]
movsx eax, byte [ebp - 0xac90]
mov dword [ebp - 0xac98], 0
mov dword [ebp - 0xacd4], esi
sub dword [ebp - 0xacd4], eax
mov esi, dword [ebp - 0xacd4]
mov dword [ebp - 0xacd0], eax
mov eax, esi
mov byte [ebp - 0xad00], al
inc eax
mov byte [ebp - 0xacac], al
lea eax, [ebp - 0x5acc]
mov dword [ebp - 0xacf8], eax
lea eax, [edi + 0x3756]
mov dword [ebp - 0xacb0], eax
mov eax, dword [ebp - 0xacb4]
mov dword [ebp - 0xace0], eax
movzx eax, byte [ebp - 0xace6]
mov dword [ebp - 0xad08], eax
shl eax, 6
mov dword [ebp - 0xacdc], eax

loc_fffcb3c9:  ; not directly referenced
movzx eax, byte [ebp - 0xaca3]
mov esi, dword [ebp - 0xac98]
mov dword [ebp - 0xace4], eax
bt eax, esi
jae loc_fffcbabc  ; jae 0xfffcbabc
mov eax, dword [ebp - 0xacf8]
mov dword [ebp - 0xac9c], 0
mov dword [ebp - 0xacec], eax

loc_fffcb3fb:  ; not directly referenced
mov al, byte [ebp - 0xac9c]
cmp byte [ebp - 0xaca2], al
jbe loc_fffcbabc  ; jbe 0xfffcbabc
imul eax, dword [ebp - 0xac98], 9
mov word [ebp - 0xacd8], 0
mov dword [ebp - 0xacfc], eax

loc_fffcb423:  ; not directly referenced
mov ax, word [ebp - 0xacba]
mov esi, dword [ebp - 0xacd8]
cmp si, ax
jae loc_fffcb5de  ; jae 0xfffcb5de
mov al, byte [ebp - 0xac90]
movzx ebx, si
mov byte [ebp - 0xaca0], al
mov eax, ebx
shl eax, 6
mov dword [ebp - 0xacb8], eax

loc_fffcb453:  ; not directly referenced
mov al, byte [ebp - 0xaca0]
cmp byte [ebp - 0xaca1], al
jl loc_fffcb5d2  ; jl 0xfffcb5d2
mov al, byte [ebp - 0xaca0]
sub eax, dword [ebp - 0xacd0]
movsx esi, al
mov eax, dword [ebp - 0xacb8]
add eax, esi
cmp dword [ebp - 0xacc8], 0
mov word [ebp + eax*2 - 0xabcc], 0
je short loc_fffcb4df  ; je 0xfffcb4df
movsx ax, byte [ebp - 0xaca0]
mov dl, 8
mov ecx, dword [ebp - 0xaca8]
idiv dl
mov byte [ebp - 0xace6], ah
mov dl, al
movsx eax, al
cmp byte [ebp - 0xace6], 1
mov al, byte [ecx + eax + 0x1bc]
setle cl
test dl, dl
sete dl
test cl, dl
jne loc_fffcb5c7  ; jne 0xfffcb5c7
mov cl, byte [ebp - 0xace6]
mov edx, 1
shl edx, cl
test al, dl
jne loc_fffcb5c7  ; jne 0xfffcb5c7

loc_fffcb4df:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov al, byte [eax + ebx]
lea edx, [eax - 4]
cmp dl, 1
setbe cl
cmp al, 0x21
sete dl
or cl, dl
jne short loc_fffcb503  ; jne 0xfffcb503
cmp al, 0x20
je short loc_fffcb503  ; je 0xfffcb503
cmp al, 0xd
jne loc_fffcb587  ; jne 0xfffcb587

loc_fffcb503:  ; not directly referenced
mov eax, dword [ebp + 0x18]
imul ecx, esi, 0x12
movzx edx, byte [eax + ebx]
imul eax, ebx, 0x480
add eax, ecx
mov ecx, edx
add eax, dword [ebp - 0xacfc]
add eax, dword [ebp - 0xac9c]
imul cx, word [ebp + eax*4 - 0xa2ca]
imul edx, dword [ebp + eax*4 - 0xa2cc]
mov word [ebp - 0xace6], dx
mov eax, edx
mov edx, ecx
sub dx, word [ebp - 0xace6]
add eax, ecx
add eax, eax
mov word [ebp - 0xacf4], dx
mov edx, eax
sub eax, dword [ebp - 0xacf4]
add edx, dword [ebp - 0xacf4]
cmp cx, word [ebp - 0xace6]
mov ecx, 2
cmovbe eax, edx
mov edx, eax
sar dx, 0xf
idiv cx
add esi, dword [ebp - 0xacb8]
mov word [ebp + esi*2 - 0xabcc], ax
jmp short loc_fffcb5c7  ; jmp 0xfffcb5c7

loc_fffcb587:  ; not directly referenced
mov ecx, dword [ebp + 0x18]
mov eax, dword [ebp - 0xacb8]
movzx edx, byte [ecx + ebx]
imul ecx, ebx, 0x480
add eax, esi
imul esi, esi, 0x12
add esi, ecx
add esi, dword [ebp - 0xacfc]
add esi, dword [ebp - 0xac9c]
movzx ecx, word [ebp + esi*4 - 0xa2ca]
add ecx, dword [ebp + esi*4 - 0xa2cc]
imul ecx, edx
mov word [ebp + eax*2 - 0xabcc], cx

loc_fffcb5c7:  ; not directly referenced
inc byte [ebp - 0xaca0]
jmp near loc_fffcb453  ; jmp 0xfffcb453

loc_fffcb5d2:  ; not directly referenced
inc word [ebp - 0xacd8]
jmp near loc_fffcb423  ; jmp 0xfffcb423

loc_fffcb5de:  ; not directly referenced
cmp byte [ebp - 0xac8c], 0xc
mov byte [ebp - 0xaca0], 1
sete bl
cmp byte [ebp - 0xace8], 2
mov byte [ebp - 0xace6], bl
setbe al
or al, bl
jne loc_fffcb73c  ; jne 0xfffcb73c
cmp byte [ebp - 0xace7], 0
je short loc_fffcb666  ; je 0xfffcb666
cmp byte [ebp - 0xacbb], 0
mov byte [ebp - 0xaca0], 3
je loc_fffcb73c  ; je 0xfffcb73c
mov al, byte [ebp - 0xaca1]
push ecx
push ecx
mov ecx, 8
push 3
lea ebx, [eax + 1]
sub ebx, dword [ebp - 0xac90]
push 0
lea eax, [ebp - 0xabcc]
movzx ebx, bl
mov edx, ebx
call fcn_fffa7047  ; call 0xfffa7047
mov ecx, 8
mov edx, ebx
pop esi
pop eax
lea eax, [ebp - 0xab4c]
push 3
push 0
jmp near loc_fffcb6eb  ; jmp 0xfffcb6eb

loc_fffcb666:  ; not directly referenced
cmp byte [ebp - 0xac8c], 5
jne loc_fffcb6fc  ; jne 0xfffcb6fc
cmp dword [ebp - 0xacc0], 0
je short loc_fffcb68e  ; je 0xfffcb68e
movzx eax, byte [ebp - 0xacd4]
mov ebx, 1
xor ecx, ecx
mov dl, 4
jmp short loc_fffcb69b  ; jmp 0xfffcb69b

loc_fffcb68e:  ; not directly referenced
movzx eax, byte [ebp - 0xacac]
xor ebx, ebx
mov cl, 2
mov dl, 5

loc_fffcb69b:  ; not directly referenced
movzx esi, cl
movzx ecx, dl
mov dword [ebp - 0xaca0], esi
mov edx, eax
push esi
push esi
push 1
push dword [ebp - 0xaca0]
lea esi, [ebp - 0xabcc]
lea eax, [ebx + ebx]
add eax, esi
mov esi, edx
mov dword [ebp - 0xacb8], ecx
call fcn_fffa7047  ; call 0xfffa7047
mov ecx, dword [ebp - 0xacb8]
pop eax
pop edx
mov edx, esi
lea eax, [ebp + ebx - 0xabcc]
lea eax, [eax + ebx + 0x80]
push 1
push dword [ebp - 0xaca0]

loc_fffcb6eb:  ; not directly referenced
call fcn_fffa7047  ; call 0xfffa7047
add esp, 0x10
mov byte [ebp - 0xaca0], 1
jmp short loc_fffcb73c  ; jmp 0xfffcb73c

loc_fffcb6fc:  ; not directly referenced
cmp byte [ebp - 0xac8c], 0xa
mov byte [ebp - 0xaca0], 5
sete al
or al, byte [ebp - 0xac94]
jne short loc_fffcb73c  ; jne 0xfffcb73c
cmp byte [ebp - 0xacac], 6
mov byte [ebp - 0xaca0], 7
jg short loc_fffcb73c  ; jg 0xfffcb73c
mov al, byte [ebp - 0xad00]
mov esi, dword [ebp - 0xacac]
test al, al
cmove eax, esi
mov byte [ebp - 0xaca0], al

loc_fffcb73c:  ; not directly referenced
mov dword [ebp - 0xacd8], 0

loc_fffcb746:  ; not directly referenced
movsx ebx, byte [ebp - 0xacd8]
movsx esi, byte [ebp - 0xacac]
movzx eax, byte [ebp - 0xac8c]
cmp ebx, esi
mov dword [ebp - 0xacb8], eax
jge loc_fffcb9c9  ; jge 0xfffcb9c9
movsx eax, byte [ebp - 0xac88]
push edx
push edx
mov edx, dword [ebp - 0xac98]
mov ecx, eax
mov dword [ebp - 0xacf4], eax
mov al, byte [ebp - 0xac90]
add eax, dword [ebp - 0xacd8]
mov dword [ebp - 0xac68], 0
movsx esi, al
lea eax, [ebp - 0xac68]
push eax
mov eax, edi
push 0
push ecx
xor ecx, ecx
push esi
push dword [ebp - 0xacb8]
push dword [ebp - 0xac9c]
call fcn_fffb887d  ; call 0xfffb887d
add esp, 0x20
cmp byte [ebp - 0xac8c], 0xa
mov word [ebp + ebx*2 - 0xac4c], ax
sete al
mov byte [ebp - 0xacfc], al
or al, byte [ebp - 0xace6]
jne short loc_fffcb7e5  ; jne 0xfffcb7e5
cmp byte [ebp - 0xac94], 0
je short loc_fffcb811  ; je 0xfffcb811

loc_fffcb7e5:  ; not directly referenced
imul eax, ebx, 0x1a
mov edx, dword [ebp - 0xac68]
lea ecx, [ebp - 0x18]
add eax, ecx
mov ecx, dword [ebp - 0xac64]
mov dword [eax - 0xa91e], edx
mov dword [eax - 0xa932], ecx
mov ecx, dword [ebp - 0xac60]
mov dword [eax - 0xa92e], ecx

loc_fffcb811:  ; not directly referenced
cmp byte [ebp - 0xacbc], 1
setbe al
or al, byte [ebp - 0xac94]
je short loc_fffcb8a0  ; je 0xfffcb8a0
push eax
mov edx, dword [ebp - 0xac98]
xor ecx, ecx
push eax
lea eax, [ebp - 0xac68]
push eax
mov eax, edi
push 0
push dword [ebp - 0xacf4]
mov dword [ebp - 0xac68], 1
push esi
push dword [ebp - 0xacb8]
push dword [ebp - 0xac9c]
imul esi, ebx, 0x1a
call fcn_fffb887d  ; call 0xfffb887d
add esp, 0x20
lea ecx, [ebp - 0x18]
lea edx, [ecx + esi]
mov word [ebp + esi - 0xa94c], ax
mov al, byte [ebp - 0xacfc]
or al, byte [ebp - 0xac94]
je short loc_fffcb8a0  ; je 0xfffcb8a0
mov eax, dword [ebp - 0xac64]
mov dword [edx - 0xa92a], eax
mov eax, dword [ebp - 0xac60]
mov dword [edx - 0xa926], eax
mov eax, dword [ebp - 0xac68]
mov dword [edx - 0xa922], eax

loc_fffcb8a0:  ; not directly referenced
imul edx, ebx, 0x1a
mov ax, word [ebp + ebx*2 - 0xac4c]
mov esi, dword [ebp - 0xacdc]
mov ecx, eax
add cx, word [ebp + edx - 0xa94c]
cmp dword [ebp - 0xacc8], 0
lea edx, [esi + ebx]
mov word [ebp + edx*2 - 0xabcc], cx
je short loc_fffcb8e1  ; je 0xfffcb8e1
mov esi, 0x3e8
xor edx, edx
div si
mov word [ebp + ebx*2 - 0xac4c], ax

loc_fffcb8e1:  ; not directly referenced
mov al, byte [ebp - 0xac8c]
test al, al
sete dl
cmp al, 9
sete al
or dl, al
jne short loc_fffcb8fe  ; jne 0xfffcb8fe
cmp byte [ebp - 0xac8c], 1
jne short loc_fffcb91a  ; jne 0xfffcb91a

loc_fffcb8fe:  ; not directly referenced
mov eax, dword [ebp - 0xacdc]
movzx ecx, cx
lea esi, [eax + ebx]
mov eax, 0xdb88
cdq
idiv ecx
mov word [ebp + esi*2 - 0xabcc], ax

loc_fffcb91a:  ; not directly referenced
cmp byte [ebp - 0xac8c], 4
jne loc_fffcb9be  ; jne 0xfffcb9be
mov eax, dword [ebp - 0xacb0]
cmp dword [eax + 0xc0], 1
jne loc_fffcb9be  ; jne 0xfffcb9be
movzx edx, byte [eax + 0xc4]
xor eax, eax

loc_fffcb943:  ; not directly referenced
bt edx, eax
jb short loc_fffcb950  ; jb 0xfffcb950
inc eax
cmp eax, 4
jne short loc_fffcb943  ; jne 0xfffcb943
jmp short loc_fffcb956  ; jmp 0xfffcb956

loc_fffcb950:  ; not directly referenced
mov byte [ebp - 0xaca4], al

loc_fffcb956:  ; not directly referenced
cmp dword [ebp - 0xacc4], 3
jne short loc_fffcb971  ; jne 0xfffcb971

loc_fffcb95f:  ; not directly referenced
add ebx, dword [ebp - 0xacdc]
mov word [ebp + ebx*2 - 0xabcc], 1
jmp short loc_fffcb9be  ; jmp 0xfffcb9be

loc_fffcb971:  ; not directly referenced
mov al, byte [ebp - 0xaca4]
mov esi, dword [ebp - 0xacb0]
mov edx, eax
shr al, 1
and edx, 1
movzx eax, al
imul edx, edx, 0x18
imul eax, eax, 0x128
add eax, edx
mov ax, word [esi + eax + 0x126d]
mov ecx, eax
mov edx, eax
shr cx, 9
shr dx, 6
and ecx, 1
and edx, 1
shl ecx, 2
add edx, edx
shr ax, 2
or edx, ecx
and eax, 1
or dl, al
je short loc_fffcb95f  ; je 0xfffcb95f

loc_fffcb9be:  ; not directly referenced
inc dword [ebp - 0xacd8]
jmp near loc_fffcb746  ; jmp 0xfffcb746

loc_fffcb9c9:  ; not directly referenced
sub esp, 0xc
mov edx, dword [ebp - 0xac98]
push dword [ebp - 0xacb8]
movzx eax, byte [ebp - 0xacac]
lea ebx, [ebp - 0xabcc]
movzx ecx, byte [ebp + edx - 0xac75]
push 1
push dword [ebp - 0xad08]
push dword [ebp + 0x18]
push dword [ebp + 0x10]
push eax
mov eax, edi
push 0x40
push ebx
push 0
call fcn_fffb97c0  ; call 0xfffb97c0
movsx eax, byte [ebp - 0xad09]
add esp, 0x2c
mov ecx, ebx
push eax
movzx eax, byte [ebp - 0xaca0]
push dword [ebp + 0x1c]
push dword [ebp - 0xacf0]
push eax
mov eax, edi
push dword [ebp + 0x18]
push esi
mov esi, dword [ebp - 0xacec]
push 0x40
mov edx, esi
call fcn_fffa5d2d  ; call 0xfffa5d2d
movsx bx, byte [esi + 2]
add esp, 0x20
add bx, word [esi]
xor edx, edx
cmp byte [ebp - 0xac8c], 7
jne short loc_fffcba66  ; jne 0xfffcba66
mov eax, dword [ebp - 0xacb0]
cmp dword [eax + 0xc0], 2
mov eax, 0x20
cmove edx, eax

loc_fffcba66:  ; not directly referenced
movsx ax, byte [ebp - 0xac90]
push 1
mov esi, dword [ebp - 0xac9c]
sub eax, edx
mov edx, dword [ebp - 0xac98]
add ebx, eax
movsx eax, bx
push eax
mov eax, edi
push dword [ebp - 0xacb8]
movzx ecx, byte [ebp + edx - 0xac75]
push esi
call fcn_fffafdb2  ; call 0xfffafdb2
mov ecx, dword [ebp - 0xace0]
add esp, 0x10
inc dword [ebp - 0xac9c]
add dword [ebp - 0xacec], 0x50a
mov word [ecx + esi*2], bx
jmp near loc_fffcb3fb  ; jmp 0xfffcb3fb

loc_fffcbabc:  ; not directly referenced
inc dword [ebp - 0xac98]
add dword [ebp - 0xacf8], 0x2d5a
add dword [ebp - 0xace0], 0x12
add dword [ebp - 0xacb0], 0x13c3
cmp dword [ebp - 0xac98], 2
jne loc_fffcb3c9  ; jne 0xfffcb3c9
cmp dword [ebp - 0xaccc], 0
je short loc_fffcbb0b  ; je 0xfffcbb0b
mov eax, dword [ebp - 0xaca8]
mov edx, 0x2008
mov ecx, dword [eax + 0x18]
mov eax, edi
or ecx, 0x20
call fcn_fffae58c  ; call 0xfffae58c

loc_fffcbb0b:  ; not directly referenced
lea eax, [edi + 0x2490]
xor esi, esi
mov dword [ebp - 0xac94], eax

loc_fffcbb19:  ; not directly referenced
mov eax, dword [ebp - 0xacb4]
cmp word [ebp - 0xacba], si
jbe loc_fffcbc10  ; jbe 0xfffcbc10
mov dword [ebp - 0xac88], eax
imul eax, esi, 0x480
xor edx, edx
mov dword [ebp - 0xac90], eax

loc_fffcbb40:  ; not directly referenced
mov eax, dword [ebp - 0xace4]
bt eax, edx
jb short loc_fffcbb77  ; jb 0xfffcbb77

loc_fffcbb4b:  ; not directly referenced
inc edx
add dword [ebp - 0xac88], 0x12
cmp edx, 2
jne short loc_fffcbb40  ; jne 0xfffcbb40
mov eax, dword [ebp + 0x10]
sub esp, 0xc
mov edx, dword [ebp - 0xac94]
movzx ecx, byte [eax + esi]
mov eax, edi
inc esi
push 0
call fcn_fffa7d98  ; call 0xfffa7d98
add esp, 0x10
jmp short loc_fffcbb19  ; jmp 0xfffcbb19

loc_fffcbb77:  ; not directly referenced
mov eax, dword [ebp + 0x10]
xor ebx, ebx
movzx eax, byte [eax + esi]
cmp al, 0x21
ja short loc_fffcbb8b  ; ja 0xfffcbb8b
movzx ebx, byte [eax + ref_fffd5f1c]  ; movzx ebx, byte [eax - 0x2a0e4]

loc_fffcbb8b:  ; not directly referenced
imul ebx, ebx, 0x240
imul eax, edx, 0x48
add eax, ebx
add eax, edi
lea ebx, [edx + edx*8]
mov ecx, eax
mov dword [ebp - 0xac8c], ebx
xor eax, eax

loc_fffcbba5:  ; not directly referenced
cmp byte [ebp - 0xaca2], al
jbe short loc_fffcbb4b  ; jbe 0xfffcbb4b
mov ebx, dword [ebp - 0xac88]
movsx ebx, word [ebx + eax*2]
sub ebx, dword [ebp - 0xacd0]
imul ebx, ebx, 0x12
add ebx, dword [ebp - 0xac90]
add ebx, dword [ebp - 0xac8c]
add ebx, eax
movzx ebx, word [ebp + ebx*4 - 0xa2cc]
mov dword [ecx + eax*8 + 0x2490], ebx
mov ebx, dword [ebp - 0xac88]
movsx ebx, word [ebx + eax*2]
sub ebx, dword [ebp - 0xacd0]
imul ebx, ebx, 0x12
add ebx, dword [ebp - 0xac90]
add ebx, dword [ebp - 0xac8c]
add ebx, eax
movzx ebx, word [ebp + ebx*4 - 0xa2ca]
mov dword [ecx + eax*8 + 0x2494], ebx
inc eax
jmp short loc_fffcbba5  ; jmp 0xfffcbba5

loc_fffcbc10:  ; not directly referenced
mov esi, dword [ebp + 0x10]
add eax, 0x24
mov byte [eax + 0x18], 4
mov dword [ebp - 0xac90], eax

loc_fffcbc20:  ; not directly referenced
mov ecx, esi
sub ecx, dword [ebp - 0xad04]
cmp cx, word [ebp - 0xacba]
jae loc_fffcbd22  ; jae 0xfffcbd22
movzx edx, byte [esi]
xor eax, eax
cmp dl, 0x21
ja short loc_fffcbc46  ; ja 0xfffcbc46
movzx eax, byte [edx + ref_fffd5f1c]  ; movzx eax, byte [edx - 0x2a0e4]

loc_fffcbc46:  ; not directly referenced
mov ebx, dword [ebp - 0xacb4]
movzx ecx, cx
imul eax, eax, 0x240
mov dword [ebp - 0xac88], 0
lea ebx, [ebx + ecx*2]
mov dword [ebp - 0xac94], ebx
mov ebx, dword [ebp - 0xac90]
add eax, edi
mov dword [ebp - 0xac8c], ebx

loc_fffcbc76:  ; not directly referenced
mov ecx, dword [ebp - 0xace4]
mov edx, dword [ebp - 0xac88]
bt ecx, edx
jae short loc_fffcbcf8  ; jae 0xfffcbcf8
xor edx, edx

loc_fffcbc89:  ; not directly referenced
cmp dl, byte [ebp - 0xaca2]
jae short loc_fffcbce6  ; jae 0xfffcbce6
test dl, dl
jne short loc_fffcbca3  ; jne 0xfffcbca3
mov ecx, dword [eax + 0x2490]
add ecx, dword [eax + 0x2494]
jmp short loc_fffcbcda  ; jmp 0xfffcbcda

loc_fffcbca3:  ; not directly referenced
mov ecx, dword [eax + edx*8 + 0x2494]
mov ebx, dword [eax + edx*8 + 0x2490]
mov dword [ebp - 0xac9c], eax
mov eax, dword [ebp - 0xac8c]
mov dword [ebp - 0xac98], ecx
add ecx, ebx
movzx eax, word [eax]
cmp eax, ecx
mov eax, dword [ebp - 0xac9c]
jbe short loc_fffcbce3  ; jbe 0xfffcbce3
mov ecx, ebx
add ecx, dword [ebp - 0xac98]

loc_fffcbcda:  ; not directly referenced
mov ebx, dword [ebp - 0xac8c]
mov word [ebx], cx

loc_fffcbce3:  ; not directly referenced
inc edx
jmp short loc_fffcbc89  ; jmp 0xfffcbc89

loc_fffcbce6:  ; not directly referenced
mov dl, byte [esi]
mov ecx, dword [ebp - 0xac94]
mov ebx, dword [ebp - 0xac88]
mov byte [ecx + ebx + 0x34], dl

loc_fffcbcf8:  ; not directly referenced
inc dword [ebp - 0xac88]
add eax, 0x48
add dword [ebp - 0xac8c], 2
cmp dword [ebp - 0xac88], 2
jne loc_fffcbc76  ; jne 0xfffcbc76
add dword [ebp - 0xac90], 4
inc esi
jmp near loc_fffcbc20  ; jmp 0xfffcbc20

loc_fffcbd22:  ; not directly referenced
mov byte [edi + 0x247a], 0
jmp short loc_fffcbd35  ; jmp 0xfffcbd35

loc_fffcbd2b:  ; not directly referenced
mov eax, 0xdc
jmp near loc_fffcb2f3  ; jmp 0xfffcb2f3

loc_fffcbd35:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcbd3d:  ; not directly referenced
push ebp
mov ebp, esp
push esi
push ebx
sub esp, 0x54
mov ebx, dword [ebp + 8]
lea esi, [ebp - 0x50]
mov byte [ebp - 0x57], 4
mov byte [ebp - 0x56], 1
mov eax, dword [ebx + 0x2443]
push 0
push 5
push esi
mov byte [ebp - 0x55], 1
mov byte [ebp - 0x54], 2
mov byte [ebp - 0x53], 1
mov byte [ebp - 0x52], 0
mov byte [ebp - 0x51], 0
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x57]
mov ecx, 1
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
movzx edx, byte [ebp - 0x56]
mov ecx, 1
mov word [ebp - 0x50], ax
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
add esp, 0x10
cmp dword [ebx + 0x2480], 3
mov word [ebp - 0x4e], ax
jne short loc_fffcbdd5  ; jne 0xfffcbdd5
push eax
mov ecx, 3
push 0
push 0
push 0xf
push 2
push 0
push esi
lea eax, [ebp - 0x55]
push eax
push 2
lea eax, [ebp - 0x57]
push eax
mov eax, ebx
push 9
push 0xf
lea edx, [ebp - 0x46]
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30

loc_fffcbdd5:  ; not directly referenced
lea esp, [ebp - 8]
xor eax, eax
pop ebx
pop esi
pop ebp
ret

fcn_fffcbdde:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
add esp, 0xffffff80
mov edi, dword [ebp + 8]
lea edx, [ebp - 0x60]
mov byte [ebp - 0x6f], 4
mov byte [ebp - 0x6e], 1
mov eax, dword [edi + 0x2443]
mov ebx, dword [edi + 0x1887]
mov esi, dword [edi + 0x5edc]
push 0
push 5
push edx
mov byte [ebp - 0x6a], 1
mov byte [ebp - 0x69], 2
mov byte [ebp - 0x68], 1
mov byte [ebp - 0x67], 0
mov byte [ebp - 0x66], 0
mov byte [ebp - 0x6d], 4
mov byte [ebp - 0x6c], 1
mov byte [ebp - 0x6b], 0xb
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 2
mov byte [ebp - 0x62], 1
mov byte [ebp - 0x61], 0
call dword [eax + 0x60]  ; ucall
mov edx, 0x3a04
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
add esp, 0x10
mov edx, dword [edi + 0x2480]
and eax, 0x3f
cmp ebx, 0x306d0
mov byte [ebp - 0x88], al
sete al
cmp ebx, 0x40650
sete cl
or al, cl
je short loc_fffcbe8f  ; je 0xfffcbe8f
cmp edx, 3
je short loc_fffcbeb2  ; je 0xfffcbeb2
mov byte [ebp - 0x85], 9
mov byte [ebp - 0x7e], 0x1e
mov word [ebp - 0x80], 0xe6
jmp short loc_fffcbea0  ; jmp 0xfffcbea0

loc_fffcbe8f:  ; not directly referenced
mov byte [ebp - 0x85], 9
mov byte [ebp - 0x7e], 0x1e
mov word [ebp - 0x80], 0xb4

loc_fffcbea0:  ; not directly referenced
lea eax, [ebp - 0x6a]
mov dword [ebp - 0x84], eax
lea eax, [ebp - 0x6f]
mov byte [ebp - 0x7d], 2
jmp short loc_fffcbed3  ; jmp 0xfffcbed3

loc_fffcbeb2:  ; not directly referenced
lea eax, [ebp - 0x65]
mov dword [ebp - 0x84], eax
lea eax, [ebp - 0x6d]
mov byte [ebp - 0x85], 0xa
mov byte [ebp - 0x7e], 0x50
mov word [ebp - 0x80], 0xe6
mov byte [ebp - 0x7d], 3

loc_fffcbed3:  ; not directly referenced
mov dword [ebp - 0x7c], eax
xor ebx, ebx

loc_fffcbed8:  ; not directly referenced
mov eax, dword [ebp - 0x7c]
mov ecx, 1
movzx edx, byte [eax + ebx]
mov eax, edi
call fcn_fffb13cf  ; call 0xfffb13cf
mov word [ebp + ebx*2 - 0x60], ax
inc ebx
cmp byte [ebp - 0x7d], bl
ja short loc_fffcbed8  ; ja 0xfffcbed8
mov ecx, dword [esi + 0xc]
mov esi, ecx
shr ecx, 0xf
mov al, cl
and eax, 0x1f
shr esi, 3
and esi, 1
and cl, 0x10
lea edx, [eax - 0x20]
cmove edx, eax
mov eax, edi
movsx edx, dl
call fcn_fffa6cfe  ; call 0xfffa6cfe
movzx ecx, byte [ebp - 0x88]
mov edx, esi
xor edx, 1
movzx esi, dl
shl esi, 4
mov ebx, eax
movzx eax, dl
shl eax, 4
xor edx, edx
add eax, ecx
imul ebx, eax
movzx eax, byte [ebp - 0x88]
mov word [ebp - 0x88], ax
mov eax, ebx
div word [ebp - 0x80]
mov ecx, eax
movzx eax, bx
movzx ebx, byte [ebp - 0x7e]
cdq
sub ecx, esi
sub ecx, dword [ebp - 0x88]
idiv ebx
mov dl, 0xf0
sub eax, esi
sub eax, dword [ebp - 0x88]
cmp cx, 0xfff1
cmovge edx, ecx
movsx ecx, dl
add edx, 0x17
movsx esi, al
lea ebx, [ecx + 0x17]
cmp esi, ebx
cmovg eax, edx
push edx
movzx edx, byte [ebp - 0x85]
cmp al, 0xf
push 0
push edx
mov dl, 0xf
cmovle edx, eax
push 0x11
movsx edx, dl
push edx
push ecx
mov ecx, 3
lea eax, [ebp - 0x60]
push eax
movzx eax, byte [ebp - 0x7d]
push dword [ebp - 0x84]
lea edx, [ebp - 0x56]
push eax
mov eax, edi
push dword [ebp - 0x7c]
push 1
push 0xf
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x28
mov eax, edi
push 0
mov ecx, 3
push 0x11
push 0
push 0
push 0
lea edx, [edi + 0x2490]
push 1
call fcn_fffc0a2d  ; call 0xfffc0a2d
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcbfee:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd5b20  ; mov esi, 0xfffd5b20
push ebx
sub esp, 0x7c
mov eax, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x6e], 4
lea ebx, [ebp - 0x60]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov byte [ebp - 0x6d], 1
lea esi, [eax + 0x3756]
mov byte [ebp - 0x6c], 5
mov byte [ebp - 0x6b], 2
mov byte [ebp - 0x70], 5
mov byte [ebp - 0x6f], 2
mov byte [ebp - 0x6a], 1
mov byte [ebp - 0x69], 2
mov byte [ebp - 0x68], 1
mov byte [ebp - 0x67], 2
mov byte [ebp - 0x66], 0
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 0
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
mov dword [ebp - 0x7c], 0

loc_fffcc059:  ; not directly referenced
cmp dword [esi], 2
jne loc_fffcc10d  ; jne 0xfffcc10d
mov cl, byte [ebp - 0x7c]
mov edi, 1
shl edi, cl
cmp dword [esi + 0xc0], 2
jne short loc_fffcc0e3  ; jne 0xfffcc0e3
push edx
mov ecx, edi
push 0
push 0
push 0xf
push 4
push 1
push ebx
lea eax, [ebp - 0x6a]
push eax
push 4
lea eax, [ebp - 0x6e]
push eax
mov eax, dword [ebp + 8]
push 7
push 0xf
lea edx, [ebp - 0x56]
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x2c
mov ecx, edi
push 0
push 0
push 0xf
push 2
push 1
push ebx
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x70]
push eax
mov eax, dword [ebp + 8]
push 8
push 3
lea edx, [ebp - 0x56]
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x2c
push 0
push 0
push 0xf
push 2
push 1
push ebx
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x70]
push eax
push 8
push 0xc
jmp short loc_fffcc0fd  ; jmp 0xfffcc0fd

loc_fffcc0e3:  ; not directly referenced
push eax
push 0
push 0
push 0xf
push 2
push 0
push ebx
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x70]
push eax
push 7
push 0xf

loc_fffcc0fd:  ; not directly referenced
mov eax, dword [ebp + 8]
mov ecx, edi
lea edx, [ebp - 0x56]
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30

loc_fffcc10d:  ; not directly referenced
inc dword [ebp - 0x7c]
add esi, 0x13c3
cmp dword [ebp - 0x7c], 2
jne loc_fffcc059  ; jne 0xfffcc059
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc12a:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd5b2c  ; mov esi, 0xfffd5b2c
push ebx
sub esp, 0x5c
mov ebx, dword [ebp + 8]
lea edi, [ebp - 0x60]
mov byte [ebp - 0x67], 5
mov byte [ebp - 0x66], 2
mov eax, dword [ebx + 0x1887]
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 0
cmp eax, 0x306d0
sete dl
cmp eax, 0x40650
sete al
or dl, al
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
je short loc_fffcc1e4  ; je 0xfffcc1e4
mov cl, 1
mov edx, 5
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
mov edx, dword [ebp - 0x60]
mov ecx, 1
cmp ax, dx
cmovae edx, eax
mov eax, ebx
mov word [ebp - 0x60], dx
mov edx, 2
call fcn_fffb13cf  ; call 0xfffb13cf
mov dx, word [ebp - 0x5e]
mov ecx, 3
cmp ax, dx
cmovae edx, eax
push eax
push 0
push 0
push 0xf
push 8
push 0xfffffffffffffff1
lea eax, [ebp - 0x60]
push eax
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, ebx
push 2
push 0xf
mov word [ebp - 0x5e], dx
lea edx, [ebp - 0x56]
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30

loc_fffcc1e4:  ; not directly referenced
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc1ee:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x67], 0xd
mov byte [ebp - 0x66], 0xc
mov byte [ebp - 0x65], 1
cmp dword [ebx + 0x188b], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
jne loc_fffcc2f7  ; jne 0xfffcc2f7
movzx esi, byte [ebx + 0x248e]
lea ecx, [ebp - 0x60]
movzx edi, byte [ebx + 0x248d]
push eax
mov eax, dword [ebx + 0x2443]
push 0
push 5
push ecx
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
add esp, 0xc
mov ecx, edi
push 0
push 0
push 0xf
push 0
push 0xfffffffffffffff8
lea edi, [ebp - 0x67]
mov word [ebp - 0x5e], ax
mov eax, esi
lea esi, [ebp - 0x60]
push esi
lea esi, [ebp - 0x65]
push esi
push 2
push edi
push 0xf
push ecx
lea edx, [ebp - 0x56]
mov dword [ebp - 0x6c], ecx
mov ecx, eax
mov dword [ebp - 0x70], eax
mov eax, ebx
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30
mov edx, 0x3a08
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, eax
shr edx, 0x12
shr eax, 0xc
and edx, 0x3f
and eax, 0x3f
cmp dl, al
push ecx
cmovle eax, edx
mov ecx, dword [ebp - 0x70]
mov dl, 5
push 0
sub edx, eax
push 0
cmp dl, 0xf8
mov al, 0xf8
push 0xf
cmovge eax, edx
push 0
movsx eax, al
push eax
mov eax, ebx
lea edx, [ebp - 0x60]
push edx
push esi
push 2
push edi
push 0xa
push dword [ebp - 0x6c]
lea edx, [ebp - 0x56]
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30

loc_fffcc2f7:  ; not directly referenced
sub esp, 0xc
push ebx
call fcn_fffc82f4  ; call 0xfffc82f4
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc30a:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x6c
mov ebx, dword [ebp + 8]
mov byte [ebp - 0x67], 0xd
mov byte [ebp - 0x66], 0xc
mov byte [ebp - 0x65], 1
cmp dword [ebx + 0x188b], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
jne short loc_fffcc3b3  ; jne 0xfffcc3b3
movzx eax, byte [ebx + 0x248d]
lea esi, [ebp - 0x60]
movzx edi, byte [ebx + 0x248e]
mov dword [ebp - 0x6c], eax
push eax
mov eax, dword [ebx + 0x2443]
push 0
push 5
push esi
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
add esp, 0xc
mov ecx, edi
push 0
push 0
push 0xf
push 3
push 0
push esi
lea edx, [ebp - 0x56]
mov word [ebp - 0x5e], ax
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, dword [ebp - 0x6c]
push 0xc
push eax
mov eax, ebx
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30

loc_fffcc3b3:  ; not directly referenced
sub esp, 0xc
push ebx
call fcn_fffc82f4  ; call 0xfffc82f4
lea esp, [ebp - 0xc]
xor eax, eax
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc3c6:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, ecx
push esi
push ebx
mov ebx, eax
sub esp, 0x70
mov eax, dword [eax + 0x2443]
push 0
push 5
lea esi, [ebp - 0x60]
push esi
mov dword [ebp - 0x6c], edx
mov byte [ebp - 0x67], 5
mov byte [ebp - 0x66], 2
mov byte [ebp - 0x65], 1
mov byte [ebp - 0x64], 2
mov byte [ebp - 0x63], 1
mov byte [ebp - 0x62], 0
mov byte [ebp - 0x61], 0
call dword [eax + 0x60]  ; ucall
movzx edx, byte [ebp - 0x67]
mov ecx, 1
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
movzx edx, byte [ebp - 0x66]
mov ecx, 1
mov word [ebp - 0x60], ax
mov eax, ebx
call fcn_fffb13cf  ; call 0xfffb13cf
add esp, 0xc
movzx ecx, byte [ebp - 0x6c]
cmp dword [ebx + 0x188b], 1
push 1
push 0
push 0xf
push 0xa
lea edx, [ebp - 0x56]
mov word [ebp - 0x5e], ax
sbb eax, eax
and eax, 4
sub eax, 0x11
movsx eax, al
push eax
push esi
lea eax, [ebp - 0x65]
push eax
push 2
lea eax, [ebp - 0x67]
push eax
mov eax, ebx
push 0
push 0xf
call fcn_fffca96e  ; call 0xfffca96e
add esp, 0x30
xor eax, eax
cmp dword [ebp + 8], 0
je short loc_fffcc493  ; je 0xfffcc493
push eax
mov ecx, 3
push eax
mov eax, ebx
push 0
push edi
push 0
push 0
push 0
push 2
lea edx, [ebx + 0x2490]
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20

loc_fffcc493:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc49b:  ; not directly referenced
push ebp
mov ecx, 0xf
mov ebp, esp
mov edx, 3
mov eax, dword [ebp + 8]
mov dword [ebp + 8], 1
pop ebp
jmp near fcn_fffcc3c6  ; jmp 0xfffcc3c6

fcn_fffcc4b8:  ; not directly referenced
push ebp
mov ebp, esp
mov ecx, dword [ebp + 0x10]
mov eax, dword [ebp + 0x18]
mov edx, dword [ebp + 0x1c]
mov dword [ecx], eax
mov dword [ecx + 4], edx
pop ebp
ret

fcn_fffcc4cb:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x3c
mov eax, dword [ebp + 0x14]
mov ebx, dword [ebp + 0xc]
mov edi, dword [ebp + 8]
mov edx, dword [ebp + 0x10]
mov dword [ebp - 0x2c], eax
mov eax, dword [ebp + 0x20]
mov dword [ebp - 0x24], ebx
mov byte [ebp - 0x32], bl
mov byte [ebp - 0x31], dl
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp + 0x24]
mov dword [ebp - 0x40], eax
mov al, byte [ebp + 0x18]
mov byte [ebp - 0x33], al
mov al, byte [ebp + 0x1c]
mov byte [ebp - 0x34], al
mov eax, dword [edi + 0x5edc]
cmp bl, 1
ja loc_fffcc70e  ; ja 0xfffcc70e
cmp dword [edi + 0x2480], 2
jne loc_fffcc70e  ; jne 0xfffcc70e
movzx eax, byte [ebp - 0x24]
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x38], eax
imul eax, eax, 0x13c3
lea ebx, [edi + eax + 0x3756]
add eax, edi
mov dword [ebp - 0x48], eax

loc_fffcc540:  ; not directly referenced
mov cl, byte [ebp - 0x1c]
mov edx, 1
shl edx, cl
test byte [ebp - 0x33], dl
je loc_fffcc6f7  ; je 0xfffcc6f7
mov eax, dword [ebp - 0x48]
test byte [eax + 0x381a], dl
je loc_fffcc6f7  ; je 0xfffcc6f7
mov esi, dword [ebp - 0x1c]
imul eax, esi, 0x18
mov dword [ebp - 0x30], eax
mov ax, word [ebx + eax + 0x1277]
mov word [ebp - 0x28], ax
or word [ebp - 0x28], 0x80
mov eax, dword [ebp - 0x28]
cmp dword [ebp - 0x3c], 0
mov word [ebp - 0x20], ax
je loc_fffcc666  ; je 0xfffcc666
movzx eax, byte [ebp - 0x34]
imul esi, esi, 0x70
mov dword [ebp - 0x28], 0
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x32]
add esi, ebx
mov dword [ebp - 0x44], eax

loc_fffcc5a8:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov edx, dword [ebp - 0x28]
bt eax, edx
jae loc_fffcc651  ; jae 0xfffcc651
mov cx, word [esi + 0x109f]
mov al, cl
and ecx, 0x3f
and eax, 0x7f
mov dl, al
or edx, 0xffffffc0
test al, 0x60
cmove edx, ecx
lea eax, [edx - 0xd]
cmp dl, 0xc
jg short loc_fffcc5e3  ; jg 0xfffcc5e3
xor eax, eax
cmp dl, 0xe4
lea ecx, [edx + 0x1b]
cmovle eax, ecx

loc_fffcc5e3:  ; not directly referenced
add eax, dword [ebp - 0x2c]
cmp al, 0x25
jg short loc_fffcc5f4  ; jg 0xfffcc5f4
cmp al, 0xdb
jl short loc_fffcc5fb  ; jl 0xfffcc5fb
test al, al
jns short loc_fffcc5f6  ; jns 0xfffcc5f6
jmp short loc_fffcc5fd  ; jmp 0xfffcc5fd

loc_fffcc5f4:  ; not directly referenced
mov al, 0x25

loc_fffcc5f6:  ; not directly referenced
add eax, 0xd
jmp short loc_fffcc600  ; jmp 0xfffcc600

loc_fffcc5fb:  ; not directly referenced
mov al, 0xdb

loc_fffcc5fd:  ; not directly referenced
sub eax, 0x1b

loc_fffcc600:  ; not directly referenced
and eax, 0x7f
mov cl, byte [ebp - 0x28]
mov dl, al
and eax, 0x3f
shr dl, 6
and word [ebp - 0x20], 0xff80
and edx, 1
shl edx, 6
or word [ebp - 0x20], dx
or word [ebp - 0x20], ax
mov eax, 1
push edx
mov edx, dword [ebp - 0x44]
shl eax, cl
mov ecx, dword [ebp - 0x1c]
push eax
movzx eax, word [ebp - 0x20]
push 6
push eax
mov eax, edi
call fcn_fffaa285  ; call 0xfffaa285
add esp, 0x10
cmp byte [ebp - 0x31], 0
je short loc_fffcc651  ; je 0xfffcc651
mov eax, dword [ebp - 0x20]
mov word [esi + 0x109f], ax

loc_fffcc651:  ; not directly referenced
inc dword [ebp - 0x28]
add esi, 0xe
cmp dword [ebp - 0x28], 8
jne loc_fffcc5a8  ; jne 0xfffcc5a8
jmp near loc_fffcc6f7  ; jmp 0xfffcc6f7

loc_fffcc666:  ; not directly referenced
mov eax, dword [ebp - 0x30]
mov si, word [ebx + eax + 0x1277]
mov ecx, esi
and esi, 0x3f
and ecx, 0x7f
mov al, cl
or eax, 0xffffffc0
and cl, 0x60
cmove eax, esi
lea ecx, [eax - 0xd]
cmp al, 0xc
jg short loc_fffcc695  ; jg 0xfffcc695
xor ecx, ecx
cmp al, 0xe4
lea esi, [eax + 0x1b]
cmovle ecx, esi

loc_fffcc695:  ; not directly referenced
add ecx, dword [ebp - 0x2c]
cmp cl, 0x25
jg short loc_fffcc6a8  ; jg 0xfffcc6a8
cmp cl, 0xdb
jl short loc_fffcc6af  ; jl 0xfffcc6af
test cl, cl
js short loc_fffcc6b1  ; js 0xfffcc6b1
jmp short loc_fffcc6aa  ; jmp 0xfffcc6aa

loc_fffcc6a8:  ; not directly referenced
mov cl, 0x25

loc_fffcc6aa:  ; not directly referenced
add ecx, 0xd
jmp short loc_fffcc6b4  ; jmp 0xfffcc6b4

loc_fffcc6af:  ; not directly referenced
mov cl, 0xdb

loc_fffcc6b1:  ; not directly referenced
sub ecx, 0x1b

loc_fffcc6b4:  ; not directly referenced
and ecx, 0x7f
mov esi, dword [ebp - 0x28]
mov al, cl
and ecx, 0x3f
shr al, 6
and eax, 1
shl eax, 6
and esi, 0xffffff80
or esi, eax
or esi, ecx
mov ecx, edx
mov edx, dword [ebp - 0x38]
push eax
push eax
movzx eax, si
push eax
mov eax, edi
push 6
call fcn_fffafd52  ; call 0xfffafd52
add esp, 0x10
cmp byte [ebp - 0x31], 0
je short loc_fffcc6f7  ; je 0xfffcc6f7
mov eax, dword [ebp - 0x30]
mov word [ebx + eax + 0x1277], si

loc_fffcc6f7:  ; not directly referenced
inc dword [ebp - 0x1c]
cmp dword [ebp - 0x1c], 2
jne loc_fffcc540  ; jne 0xfffcc540
mov ebx, 0x40000000
jmp near loc_fffcc866  ; jmp 0xfffcc866

loc_fffcc70e:  ; not directly referenced
mov ebx, dword [ebp - 0x24]
cmp bl, 1
je short loc_fffcc73b  ; je 0xfffcc73b
jb short loc_fffcc729  ; jb 0xfffcc729
cmp bl, 2
jne loc_fffcc8f8  ; jne 0xfffcc8f8
mov cl, byte [eax + 0x14]
and ecx, 0x7f
jmp short loc_fffcc74c  ; jmp 0xfffcc74c

loc_fffcc729:  ; not directly referenced
movzx ebx, byte [eax + 0x16]
mov cl, byte [eax + 0x15]
and ebx, 0x1f
shr cl, 6
shl ebx, 2
jmp short loc_fffcc74a  ; jmp 0xfffcc74a

loc_fffcc73b:  ; not directly referenced
movzx ebx, byte [eax + 0x15]
mov cl, byte [eax + 0x14]
and ebx, 0x3f
shr cl, 7
add ebx, ebx

loc_fffcc74a:  ; not directly referenced
or ecx, ebx

loc_fffcc74c:  ; not directly referenced
mov bl, cl
mov esi, 0xffffffca
or ebx, 0xffffff80
test cl, 0xc0
cmovne ecx, ebx
mov ebx, 0x36
movsx ecx, cl
add ecx, dword [ebp - 0x2c]
cmp ecx, 0xffffffca
cmovge esi, ecx
cmp esi, 0x36
cmovle ebx, esi
test dl, dl
je short loc_fffcc7e6  ; je 0xfffcc7e6
mov edx, dword [ebp - 0x24]
cmp dl, 1
je short loc_fffcc7c1  ; je 0xfffcc7c1
jb short loc_fffcc79c  ; jb 0xfffcc79c
cmp dl, 2
jne loc_fffcc8f8  ; jne 0xfffcc8f8
mov dl, byte [eax + 0x14]
mov cl, bl
and ecx, 0x7f
and edx, 0xffffff80
or edx, ecx
mov byte [eax + 0x14], dl
jmp short loc_fffcc7e6  ; jmp 0xfffcc7e6

loc_fffcc79c:  ; not directly referenced
mov dl, byte [eax + 0x15]
mov cl, bl
shl ecx, 6
and edx, 0x3f
or edx, ecx
mov ecx, ebx
mov byte [eax + 0x15], dl
mov dl, byte [eax + 0x16]
shr ecx, 2
and ecx, 0x1f
and edx, 0xffffffe0
or edx, ecx
mov byte [eax + 0x16], dl
jmp short loc_fffcc7e6  ; jmp 0xfffcc7e6

loc_fffcc7c1:  ; not directly referenced
mov dl, byte [eax + 0x14]
mov ecx, ebx
and ecx, 1
shl ecx, 7
and edx, 0x7f
or edx, ecx
mov ecx, ebx
mov byte [eax + 0x14], dl
mov dl, byte [eax + 0x15]
shr ecx, 1
and ecx, 0x3f
and edx, 0xffffffc0
or edx, ecx
mov byte [eax + 0x15], dl

loc_fffcc7e6:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov eax, 0xf84
mov edx, 0xf78
cmove edx, eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, dword [ebp - 0x24]
cmp dl, 1
je short loc_fffcc837  ; je 0xfffcc837
jb short loc_fffcc823  ; jb 0xfffcc823
cmp dl, 2
jne loc_fffcc8f8  ; jne 0xfffcc8f8
and ebx, 0x7f
and eax, 0xffffff80
or eax, ebx
mov ebx, 0x20000000
jmp short loc_fffcc849  ; jmp 0xfffcc849

loc_fffcc823:  ; not directly referenced
and ebx, 0x7f
and eax, 0xffe03fff
shl ebx, 0xe
or eax, ebx
mov ebx, 0x40000000
jmp short loc_fffcc849  ; jmp 0xfffcc849

loc_fffcc837:  ; not directly referenced
and ebx, 0x7f
and eax, 0xffffc07f
shl ebx, 7
or eax, ebx
mov ebx, 0x80000000

loc_fffcc849:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov ecx, 0xf84
mov edx, 0xf78
cmove edx, ecx
mov ecx, eax
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c

loc_fffcc866:  ; not directly referenced
cmp byte [ebp - 0x40], 0
jne loc_fffcc8f8  ; jne 0xfffcc8f8
cmp dword [edi + 0x2480], 2
jne short loc_fffcc884  ; jne 0xfffcc884
cmp byte [ebp - 0x24], 1
mov edx, 3
jbe short loc_fffcc8ce  ; jbe 0xfffcc8ce

loc_fffcc884:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov cl, 0x4b
mov byte [ebp - 0x1c], 0
sete al
mov esi, eax
mov al, 0x32
lea esi, [esi + esi*4 + 5]
cmovne ecx, eax

loc_fffcc89f:  ; not directly referenced
cmp dword [edi + 0x188b], 1
mov eax, 0xf84
mov edx, 0xf78
mov dword [ebp - 0x20], ecx
cmove edx, eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov ecx, dword [ebp - 0x20]
and eax, ebx
cmp eax, ebx
jne short loc_fffcc8dc  ; jne 0xfffcc8dc

loc_fffcc8c6:  ; not directly referenced
mov eax, esi
movzx esi, al
imul edx, esi, 0xf

loc_fffcc8ce:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, edi
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffa834b  ; jmp 0xfffa834b

loc_fffcc8dc:  ; not directly referenced
mov edx, 0xf
mov eax, edi
mov dword [ebp - 0x20], ecx
call fcn_fffa834b  ; call 0xfffa834b
mov ecx, dword [ebp - 0x20]
inc byte [ebp - 0x1c]
cmp byte [ebp - 0x1c], cl
jb short loc_fffcc89f  ; jb 0xfffcc89f
jmp short loc_fffcc8c6  ; jmp 0xfffcc8c6

loc_fffcc8f8:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcc900:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov eax, dword [ebp + 0x18]
mov esi, dword [ebp + 0x20]
mov edi, dword [ebp + 0x2c]
mov ecx, dword [ebp + 0xc]
mov dword [ebp - 0x30], eax
mov ebx, dword [ebp + 0x1c]
mov byte [ebp - 0x2b], al
mov eax, esi
mov edx, dword [ebp + 0x24]
mov byte [ebp - 0x48], al
mov eax, edi
mov byte [ebp - 0x29], al
mov al, byte [ebp + 0x30]
cmp cl, 6
mov dword [ebp - 0x40], ebx
mov byte [ebp - 0x2c], bl
sete bl
cmp cl, 3
mov dword [ebp - 0x20], esi
mov byte [ebp - 0x50], al
mov eax, dword [ebp + 8]
mov dword [ebp - 0x44], edx
mov dword [ebp - 0x34], edi
mov byte [ebp - 0x49], dl
mov eax, dword [eax + 0x5edc]
mov byte [ebp - 0x2a], bl
mov dword [ebp - 0x38], eax
setbe al
or al, bl
jne short loc_fffcc98e  ; jne 0xfffcc98e
lea eax, [ecx - 8]
cmp al, 2
jbe short loc_fffcc992  ; jbe 0xfffcc992
mov eax, dword [ebp + 8]
mov bl, 0x36
cmp dword [eax + 0x2480], 2
jne short loc_fffcc998  ; jne 0xfffcc998
cmp cl, 0x11
sete dl
cmp cl, 5
sete al
or dl, al
jne short loc_fffcc996  ; jne 0xfffcc996
cmp cl, 0x21
jne short loc_fffcc998  ; jne 0xfffcc998
jmp short loc_fffcc9a9  ; jmp 0xfffcc9a9

loc_fffcc98e:  ; not directly referenced
mov bl, 0x1f
jmp short loc_fffcc998  ; jmp 0xfffcc998

loc_fffcc992:  ; not directly referenced
mov bl, 0xff
jmp short loc_fffcc998  ; jmp 0xfffcc998

loc_fffcc996:  ; not directly referenced
mov bl, 0x25

loc_fffcc998:  ; not directly referenced
cmp cl, 0x1f
ja short loc_fffcc9ab  ; ja 0xfffcc9ab
mov eax, dword [ebp + 0x14]
lea esi, [eax + eax - 1]
mov eax, dword [ebp + 0x10]
jmp short loc_fffcc9d6  ; jmp 0xfffcc9d6

loc_fffcc9a9:  ; not directly referenced
mov bl, 0x25

loc_fffcc9ab:  ; not directly referenced
imul esi, dword [ebp + 0x14], 3
mov edi, 2
lea eax, [esi - 5]
imul eax, dword [ebp + 0x14]
cdq
idiv edi
cmp dword [ebp + 0x14], 0
mov esi, eax
mov eax, dword [ebp + 0x10]
mov dword [ebp - 0x1c], eax
jne short loc_fffcc9d9  ; jne 0xfffcc9d9
lea eax, [eax + eax*4]
mov di, 4
cdq
idiv edi

loc_fffcc9d6:  ; not directly referenced
mov dword [ebp - 0x1c], eax

loc_fffcc9d9:  ; not directly referenced
mov eax, dword [ebp + 0x10]
mov edi, 3
imul eax, esi
movzx esi, bl
cdq
idiv edi
cmp dword [ebp - 0x1c], esi
jg short loc_fffcc9f9  ; jg 0xfffcc9f9
mov edi, dword [ebp - 0x1c]
neg esi
cmp edi, esi
cmovge esi, edi

loc_fffcc9f9:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
cmp eax, 0xffffffe1
mov edx, 0xffffffe1
cmovge edx, eax
mov edi, 0x1f
cmp edx, 0x1f
cmovle edi, edx
xor eax, eax
mov edx, dword [ebp + 8]
cmp bl, 0xff
cmovne eax, ebx
mov byte [ebp - 0x24], al
movzx eax, byte [ebp - 0x40]
mov ebx, eax
mov dword [ebp - 0x20], eax
imul eax, eax, 0x13c3
lea eax, [edx + eax + 0x3756]
mov dword [ebp - 0x28], eax
movzx eax, byte [ebp - 0x44]
mov edx, eax
mov dword [ebp - 0x1c], eax
imul eax, ebx, 0xcc
mov ebx, dword [ebp - 0x38]
lea eax, [ebx + eax + 0x1c]
lea eax, [eax + edx*4]
mov dword [ebp - 0x3c], eax
mov ebx, dword [eax + 0x54]
cmp cl, 0x21
ja loc_fffccfba  ; ja 0xfffccfba
movzx eax, cl
jmp dword [eax*4 + ref_fffd5b38]  ; ujmp: jmp dword [eax*4 - 0x2a4c8]

loc_fffcca6b:  ; not directly referenced
and esi, 0x3f
and ebx, 0xffffffc0
jmp near loc_fffccc11  ; jmp 0xfffccc11

loc_fffcca76:  ; not directly referenced
and esi, 0x3f
and ebx, 0xfffff03f
shl esi, 6
jmp near loc_fffccc11  ; jmp 0xfffccc11

loc_fffcca87:  ; not directly referenced
and esi, 0x3f
and ebx, 0xfffc0fff
shl esi, 0xc
jmp near loc_fffccc11  ; jmp 0xfffccc11

loc_fffcca98:  ; not directly referenced
and esi, 0x3f
and ebx, 0xff03ffff
shl esi, 0x12
jmp near loc_fffccc11  ; jmp 0xfffccc11

loc_fffccaa9:  ; not directly referenced
and esi, 0x7f
and ebx, 0x80ffffff
shl esi, 0x18
jmp near loc_fffccc11  ; jmp 0xfffccc11

loc_fffccaba:  ; not directly referenced
mov ebx, dword [ebp - 0x20]
mov eax, dword [ebp + 8]
shl ebx, 0xa
add ebx, 0x4028
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a
cmp esi, 0
mov edi, eax
mov eax, dword [ebp - 0x28]
mov eax, dword [eax + 0x1019]
jle short loc_fffccae7  ; jle 0xfffccae7
lea esi, [esi + esi - 0x10]
dec eax
jmp short loc_fffccaee  ; jmp 0xfffccaee

loc_fffccae7:  ; not directly referenced
je short loc_fffccaee  ; je 0xfffccaee
lea esi, [esi + esi + 0x10]
inc eax

loc_fffccaee:  ; not directly referenced
movzx ecx, byte [ebp - 0x24]
and eax, 0x3f
and edi, 0xffc0ffff
mov edx, dword [ebp - 0x1c]
shl eax, 0x10
or edi, eax
lea eax, [ecx + ecx*8]
lea eax, [edx + eax + 0xd8]
mov edx, dword [ebp - 0x28]
movzx eax, word [edx + eax*2 + 1]
push edx
add esi, eax
mov eax, 0x1ff
cmp esi, 0x1ff
cmovle eax, esi
xor edx, edx
test eax, eax
cmovns edx, eax
mov eax, dword [ebp + 8]
push edx
mov edx, dword [ebp - 0x20]
push 0
push dword [ebp - 0x1c]
call fcn_fffa7499  ; call 0xfffa7499
mov eax, dword [ebp + 8]
mov ecx, edi
mov edx, ebx
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffccb52:  ; not directly referenced
movzx eax, byte [ebp - 0x50]
xor ebx, ebx
mov dword [ebp - 0x28], eax
movzx eax, byte [ebp - 0x48]
mov dword [ebp - 0x48], eax

loc_fffccb62:  ; not directly referenced
imul eax, ebx, 0x13c3
mov edx, dword [ebp + 8]
cmp dword [edx + eax + 0x3756], 2
jne short loc_fffccbb1  ; jne 0xfffccbb1
cmp byte [ebp - 0x2c], bl
sete dl
cmp byte [ebp - 0x2b], 1
sete al
or dl, al
je short loc_fffccbb1  ; je 0xfffccbb1
push dword [ebp - 0x28]
xor eax, eax
cmp byte [ebp - 0x49], 0
mov dword [ebp - 0x50], ecx
setne al
push eax
movzx eax, byte [ebp - 0x29]
push dword [ebp - 0x1c]
push dword [ebp - 0x48]
push esi
push eax
push ebx
push dword [ebp + 8]
call fcn_fffcc4cb  ; call 0xfffcc4cb
mov ecx, dword [ebp - 0x50]
add esp, 0x20

loc_fffccbb1:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffccb62  ; jne 0xfffccb62
cmp cl, 0x21
sete dl
cmp cl, 0x11
sete al
or dl, al
je loc_fffcd148  ; je 0xfffcd148
mov eax, dword [ebp - 0x3c]
mov ebx, dword [eax + 0x54]
mov eax, edi
and eax, 0x3f
shl eax, 0xc
and ebx, 0xfffc0fff
jmp short loc_fffccbf7  ; jmp 0xfffccbf7

loc_fffccbe1:  ; not directly referenced
and esi, 0x7f
mov eax, edi
shl esi, 0x18
and ebx, 0x80fff03f
and eax, 0x3f
or ebx, esi
shl eax, 6

loc_fffccbf7:  ; not directly referenced
or ebx, eax
jmp near loc_fffccfc4  ; jmp 0xfffccfc4

loc_fffccbfe:  ; not directly referenced
and esi, 0x3f
and ebx, 0xff000fff
mov eax, esi
shl eax, 0xc
shl esi, 0x12
or ebx, eax

loc_fffccc11:  ; not directly referenced
or ebx, esi
jmp near loc_fffccfc4  ; jmp 0xfffccfc4

loc_fffccc18:  ; not directly referenced
cmp byte [ebp - 0x30], 0
movzx ebx, byte [ebp - 0x24]
je loc_fffcccca  ; je 0xfffcccca
mov eax, dword [ebp + 8]
lea edx, [ebx*4 + 0x3630]
xor edi, edi
mov ecx, dword [ebp + 0x10]
call fcn_fffaeb7c  ; call 0xfffaeb7c
imul eax, ebx, 0xd8
mov dword [ebp - 0x20], eax

loc_fffccc43:  ; not directly referenced
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, 1
push 1
mov edx, edi
push 0
push 0
push dword [ebp + 0x34]
push ebx
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
cmp byte [ebp - 0x29], 0
jne short loc_fffccc73  ; jne 0xfffccc73

loc_fffccc68:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffccc43  ; jne 0xfffccc43
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffccc73:  ; not directly referenced
imul eax, edi, 0x13c3
add eax, dword [ebp - 0x20]
mov byte [ebp - 0x1c], 0
mov dword [ebp - 0x24], eax

loc_fffccc83:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [eax + 0x2488]
jae short loc_fffccc68  ; jae 0xfffccc68
movzx esi, cl
imul esi, esi, 0x18
add esi, dword [ebp - 0x24]
add esi, eax
xor eax, eax
mov dword [ebp - 0x28], esi

loc_fffccca1:  ; not directly referenced
mov esi, dword [ebp + 0x10]
lea ecx, [eax*4]
lea edx, [eax + eax*2]
inc eax
sar esi, cl
mov ecx, esi
mov esi, dword [ebp - 0x28]
and ecx, 0xf
mov byte [esi + edx + 0x3d38], cl
cmp eax, 8
jne short loc_fffccca1  ; jne 0xfffccca1
inc byte [ebp - 0x1c]
jmp short loc_fffccc83  ; jmp 0xfffccc83

loc_fffcccca:  ; not directly referenced
mov edi, dword [ebp - 0x1c]
mov esi, dword [ebp - 0x20]
mov ecx, dword [ebp + 0x10]
mov eax, edi
shl eax, 7
lea edx, [eax + ebx + 0xc]
mov eax, esi
shl eax, 6
add edx, eax
mov eax, dword [ebp + 8]
shl edx, 2
call fcn_fffae58c  ; call 0xfffae58c
sub esp, 0xc
mov eax, dword [ebp + 8]
push 1
xor ecx, ecx
push 0
mov edx, esi
push edi
push dword [ebp + 0x34]
push ebx
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
cmp byte [ebp - 0x34], 0
je loc_fffcd148  ; je 0xfffcd148
imul eax, dword [ebp - 0x1c], 0x18
xor ecx, ecx
imul ebx, ebx, 0xd8
add ebx, eax
xor eax, eax
add ebx, dword [ebp - 0x28]

loc_fffccd26:  ; not directly referenced
mov edx, dword [ebp + 0x10]
sar edx, cl
add ecx, 4
and edx, 0xf
mov byte [ebx + eax + 0x5e2], dl
add eax, 3
cmp ecx, 0x20
jne short loc_fffccd26  ; jne 0xfffccd26
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffccd45:  ; not directly referenced
cmp byte [ebp - 0x30], 0
movzx ebx, byte [ebp - 0x24]
je loc_fffccdf7  ; je 0xfffccdf7
mov eax, dword [ebp + 8]
lea edx, [ebx*4 + 0x3610]
xor edi, edi
mov ecx, dword [ebp + 0x10]
call fcn_fffaeb7c  ; call 0xfffaeb7c
imul eax, ebx, 0xd8
mov dword [ebp - 0x24], eax

loc_fffccd70:  ; not directly referenced
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, 1
push 0
mov edx, edi
push 1
push 0
push dword [ebp + 0x34]
push ebx
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
cmp byte [ebp - 0x29], 0
jne short loc_fffccda0  ; jne 0xfffccda0

loc_fffccd95:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffccd70  ; jne 0xfffccd70
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffccda0:  ; not directly referenced
imul eax, edi, 0x13c3
add eax, dword [ebp - 0x24]
mov byte [ebp - 0x1c], 0
mov dword [ebp - 0x20], eax

loc_fffccdb0:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [eax + 0x2488]
jae short loc_fffccd95  ; jae 0xfffccd95
movzx esi, cl
imul esi, esi, 0x18
add esi, dword [ebp - 0x20]
add esi, eax
xor eax, eax
mov dword [ebp - 0x28], esi

loc_fffccdce:  ; not directly referenced
mov esi, dword [ebp + 0x10]
lea ecx, [eax*4]
lea edx, [eax + eax*2]
inc eax
sar esi, cl
mov ecx, esi
mov esi, dword [ebp - 0x28]
and ecx, 0xf
mov byte [esi + edx + 0x39d8], cl
cmp eax, 8
jne short loc_fffccdce  ; jne 0xfffccdce
inc byte [ebp - 0x1c]
jmp short loc_fffccdb0  ; jmp 0xfffccdb0

loc_fffccdf7:  ; not directly referenced
mov edi, dword [ebp - 0x1c]
mov esi, dword [ebp - 0x20]
mov ecx, dword [ebp + 0x10]
mov eax, edi
shl eax, 7
lea edx, [eax + ebx + 4]
mov eax, esi
shl eax, 6
add edx, eax
mov eax, dword [ebp + 8]
shl edx, 2
call fcn_fffae58c  ; call 0xfffae58c
sub esp, 0xc
mov eax, dword [ebp + 8]
push 0
xor ecx, ecx
push 1
mov edx, esi
push edi
push dword [ebp + 0x34]
push ebx
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
cmp byte [ebp - 0x34], 0
je loc_fffcd148  ; je 0xfffcd148
imul eax, dword [ebp - 0x1c], 0x18
xor ecx, ecx
imul ebx, ebx, 0xd8
add ebx, eax
xor eax, eax
add ebx, dword [ebp - 0x28]

loc_fffcce53:  ; not directly referenced
mov edx, dword [ebp + 0x10]
sar edx, cl
add ecx, 4
and edx, 0xf
mov byte [ebx + eax + 0x282], dl
add eax, 3
cmp ecx, 0x20
jne short loc_fffcce53  ; jne 0xfffcce53
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffcce72:  ; not directly referenced
cmp byte [ebp - 0x30], 0
movzx edi, byte [ebp - 0x24]
je loc_fffccf1d  ; je 0xfffccf1d
mov eax, dword [ebp + 8]
xor ebx, ebx
mov edx, dword [ebp + 0x10]
call fcn_fffaa226  ; call 0xfffaa226
imul eax, edi, 0xd8
mov dword [ebp - 0x20], eax

loc_fffcce96:  ; not directly referenced
sub esp, 0xc
mov eax, dword [ebp + 8]
mov ecx, 1
push 0
mov edx, ebx
push 1
push 0
push dword [ebp + 0x34]
push edi
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
cmp byte [ebp - 0x29], 0
jne short loc_fffccec6  ; jne 0xfffccec6

loc_fffccebb:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcce96  ; jne 0xfffcce96
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffccec6:  ; not directly referenced
imul eax, ebx, 0x13c3
add eax, dword [ebp - 0x20]
mov byte [ebp - 0x1c], 0
mov dword [ebp - 0x24], eax

loc_fffcced6:  ; not directly referenced
mov eax, dword [ebp + 8]
mov cl, byte [ebp - 0x1c]
cmp cl, byte [eax + 0x2488]
jae short loc_fffccebb  ; jae 0xfffccebb
movzx esi, cl
imul esi, esi, 0x18
add esi, dword [ebp - 0x24]
add esi, eax
xor eax, eax
mov dword [ebp - 0x28], esi

loc_fffccef4:  ; not directly referenced
mov esi, dword [ebp + 0x10]
lea ecx, [eax*4]
lea edx, [eax + eax*2]
inc eax
sar esi, cl
mov ecx, esi
mov esi, dword [ebp - 0x28]
and ecx, 0xf
mov byte [esi + edx + 0x4098], cl
cmp eax, 8
jne short loc_fffccef4  ; jne 0xfffccef4
inc byte [ebp - 0x1c]
jmp short loc_fffcced6  ; jmp 0xfffcced6

loc_fffccf1d:  ; not directly referenced
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x188b]
test eax, eax
jne short loc_fffccf3c  ; jne 0xfffccf3c
mov edx, dword [ebp - 0x20]
mov eax, dword [ebp - 0x1c]
shl edx, 8
shl eax, 9
lea edx, [edx + eax + 0x4c]
jmp short loc_fffccf55  ; jmp 0xfffccf55

loc_fffccf3c:  ; not directly referenced
dec eax
jne short loc_fffccf53  ; jne 0xfffccf53
mov eax, dword [ebp - 0x20]
shl eax, 8
lea edx, [eax + edi*4 + 0x50]
mov eax, dword [ebp - 0x1c]
shl eax, 9
add edx, eax
jmp short loc_fffccf55  ; jmp 0xfffccf55

loc_fffccf53:  ; not directly referenced
xor edx, edx

loc_fffccf55:  ; not directly referenced
mov ecx, dword [ebp + 0x10]
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
sub esp, 0xc
mov edx, dword [ebp - 0x20]
push 0
mov eax, dword [ebp + 8]
xor ecx, ecx
push 1
push dword [ebp - 0x1c]
push dword [ebp + 0x34]
push edi
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
cmp byte [ebp - 0x34], 0
je loc_fffcd148  ; je 0xfffcd148
imul eax, dword [ebp - 0x1c], 0x18
xor ecx, ecx
imul edx, edi, 0xd8
add edx, eax
xor eax, eax
add edx, dword [ebp - 0x28]

loc_fffccf9b:  ; not directly referenced
mov ebx, dword [ebp + 0x10]
sar ebx, cl
add ecx, 4
and ebx, 0xf
mov byte [edx + eax + 0x942], bl
add eax, 3
cmp ecx, 0x20
jne short loc_fffccf9b  ; jne 0xfffccf9b
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffccfba:  ; not directly referenced
mov eax, 2
jmp near loc_fffcd14a  ; jmp 0xfffcd14a

loc_fffccfc4:  ; not directly referenced
test cl, cl
sete dl
cmp cl, 0xb
sete al
or dl, al
jne short loc_fffcd01d  ; jne 0xfffcd01d
cmp cl, 4
sete dl
cmp cl, 1
sete al
or dl, al
jne short loc_fffcd01d  ; jne 0xfffcd01d
cmp cl, 0x20
sete dl
cmp cl, 0x10
sete al
or dl, al
jne short loc_fffcd01d  ; jne 0xfffcd01d
mov dl, byte [ebp - 0x2a]
lea eax, [ecx - 2]
cmp al, 1
setbe al
or dl, al
jne short loc_fffcd014  ; jne 0xfffcd014
cmp cl, 0x21
sete al
cmp cl, 0x11
mov esi, eax
sete al
or esi, eax
jmp short loc_fffcd019  ; jmp 0xfffcd019

loc_fffcd014:  ; not directly referenced
mov esi, 1

loc_fffcd019:  ; not directly referenced
xor edi, edi
jmp short loc_fffcd024  ; jmp 0xfffcd024

loc_fffcd01d:  ; not directly referenced
xor esi, esi
mov edi, 1

loc_fffcd024:  ; not directly referenced
cmp byte [ebp - 0x30], 0
mov edx, 0x3670
je loc_fffcd0d4  ; je 0xfffcd0d4
mov eax, dword [ebp + 8]
mov ecx, ebx
cmp dword [eax + 0x188b], 1
mov eax, 0x367c
cmove edx, eax
mov eax, dword [ebp + 8]
call fcn_fffaeb7c  ; call 0xfffaeb7c
mov eax, dword [ebp - 0x38]
mov dword [ebp - 0x1c], 0
add eax, 0x1c
mov dword [ebp - 0x20], eax
mov eax, esi
movzx esi, al
mov eax, edi
movzx edi, al

loc_fffcd069:  ; not directly referenced
imul eax, dword [ebp - 0x1c], 0x13c3
mov ecx, dword [ebp + 8]
cmp dword [ecx + eax + 0x3756], 2
je short loc_fffcd092  ; je 0xfffcd092

loc_fffcd07d:  ; not directly referenced
inc dword [ebp - 0x1c]
add dword [ebp - 0x20], 0xcc
cmp dword [ebp - 0x1c], 2
jne short loc_fffcd069  ; jne 0xfffcd069
jmp near loc_fffcd148  ; jmp 0xfffcd148

loc_fffcd092:  ; not directly referenced
sub esp, 0xc
movzx eax, byte [ebp - 0x24]
mov ecx, 1
push esi
mov edx, dword [ebp - 0x1c]
push edi
push 0
push dword [ebp + 0x34]
push eax
mov eax, dword [ebp + 8]
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
xor eax, eax

loc_fffcd0b6:  ; not directly referenced
mov ecx, dword [ebp + 8]
cmp al, byte [ecx + 0x2488]
jae short loc_fffcd07d  ; jae 0xfffcd07d
cmp byte [ebp - 0x29], 0
je short loc_fffcd0d1  ; je 0xfffcd0d1
mov ecx, dword [ebp - 0x20]
movzx edx, al
mov dword [ecx + edx*4 + 0x54], ebx

loc_fffcd0d1:  ; not directly referenced
inc eax
jmp short loc_fffcd0b6  ; jmp 0xfffcd0b6

loc_fffcd0d4:  ; not directly referenced
cmp byte [ebp - 0x40], 1
ja short loc_fffcd0f8  ; ja 0xfffcd0f8
mov edx, dword [ebp - 0x20]
shl edx, 8
cmp byte [ebp - 0x44], 8
jbe short loc_fffcd0ee  ; jbe 0xfffcd0ee
add edx, 0x3070
jmp short loc_fffcd0f8  ; jmp 0xfffcd0f8

loc_fffcd0ee:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
shl eax, 9
lea edx, [edx + eax + 0x70]

loc_fffcd0f8:  ; not directly referenced
mov ecx, dword [ebp + 8]
lea eax, [edx + 0xc]
cmp dword [ecx + 0x188b], 1
mov ecx, ebx
cmove edx, eax
mov eax, dword [ebp + 8]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, esi
sub esp, 0xc
movzx esi, al
mov eax, edi
mov edx, dword [ebp - 0x20]
push esi
movzx edi, al
movzx eax, byte [ebp - 0x24]
push edi
xor ecx, ecx
push dword [ebp - 0x1c]
push dword [ebp + 0x34]
push eax
mov eax, dword [ebp + 8]
call fcn_fffa72c5  ; call 0xfffa72c5
add esp, 0x20
cmp byte [ebp - 0x34], 0
je short loc_fffcd148  ; je 0xfffcd148
mov eax, dword [ebp - 0x3c]
mov dword [eax + 0x54], ebx

loc_fffcd148:  ; not directly referenced
xor eax, eax

loc_fffcd14a:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcd152:
push ebp
mov ebp, esp
push ebx
sub esp, 0x14
mov eax, dword [ebp + 0xc]
lea ebx, [eax - 4]
cmp byte [ebx + 0x18], 1
je short loc_fffcd1a5  ; je 0xfffcd1a5
mov eax, dword [ebx + 0x14]
test eax, eax
jne short loc_fffcd17f  ; jne 0xfffcd17f

loc_fffcd16c:
mov eax, dword [ebx + 0x10]
mov ecx, ebx
mov edx, dword [ebp + 8]
mov byte [ebx + 0x18], 1
call fcn_fffa1e8f  ; call 0xfffa1e8f
jmp short loc_fffcd1a7  ; jmp 0xfffcd1a7

loc_fffcd17f:
test byte [eax + 1], 1
je short loc_fffcd16c  ; je 0xfffcd16c
lea eax, [ebp - 0xc]
push eax
push 0
push 0
push ref_fffd65ec  ; push 0xfffd65ec
call fcn_fffab40f  ; call 0xfffab40f
add esp, 0x10
test eax, eax
je short loc_fffcd16c  ; je 0xfffcd16c
mov eax, 0x80000006
jmp short loc_fffcd1a7  ; jmp 0xfffcd1a7

loc_fffcd1a5:
xor eax, eax

loc_fffcd1a7:
mov ebx, dword [ebp - 4]
leave
ret

fcn_fffcd1ac:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x190
mov ebx, dword [ebp + 8]
mov dword [ebp - 0x14c], edx
mov edx, dword [esi + 0x5edc]
lea eax, [ebp - 0x13f]
push 1
mov edi, dword [ebp + 0xc]
push 7
push eax
mov dword [ebp - 0x180], edx
mov edx, dword [esi + 0x2443]
mov dword [ebp - 0x16c], ecx
mov byte [ebp - 0x151], cl
mov dword [ebp - 0x184], edx
call dword [edx + 0x5c]  ; ucall
mov eax, dword [ebp - 0x16c]
add esp, 0x10
mov edx, dword [ebp - 0x14c]
cmp al, 0xb
setne cl
dec eax
cmp al, 1
seta al
test cl, al
mov byte [ebp - 0x152], cl
jne loc_fffcd946  ; jne 0xfffcd946
cmp byte [ebp - 0x16c], 0xb
movzx edx, dl
jne short loc_fffcd25f  ; jne 0xfffcd25f
sub esp, 0xc
mov eax, esi
lea ecx, [edi - 3]
push 0
movzx ecx, cl
call fcn_fffb26ca  ; call 0xfffb26ca
add esp, 0x10
dec bl
mov byte [esi + 0x248b], 0xa
je short loc_fffcd258  ; je 0xfffcd258

loc_fffcd24c:  ; not directly referenced
mov dword [ebp - 0x158], 0
jmp short loc_fffcd2ac  ; jmp 0xfffcd2ac

loc_fffcd258:  ; not directly referenced
mov eax, 8
jmp short loc_fffcd285  ; jmp 0xfffcd285

loc_fffcd25f:  ; not directly referenced
sub esp, 0xc
mov eax, edi
movzx ecx, al
mov eax, esi
push 0
call fcn_fffb26ca  ; call 0xfffb26ca
add esp, 0x10
dec bl
jne short loc_fffcd24c  ; jne 0xfffcd24c
cmp byte [ebp - 0x16c], 1
jne short loc_fffcd258  ; jne 0xfffcd258
mov eax, 9

loc_fffcd285:  ; not directly referenced
push 1
push 0
push 1
push 0
push 0
push 0
push 0
push 1
push 0
push 0x88888888
push eax
push esi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
mov dword [ebp - 0x158], eax

loc_fffcd2ac:  ; not directly referenced
lea eax, [esi + 0x3756]
mov dword [ebp - 0x178], eax
movzx eax, byte [ebp - 0x151]
mov dword [ebp - 0x150], 0
mov dword [ebp - 0x164], 0
mov dword [ebp - 0x17c], eax

loc_fffcd2d9:  ; not directly referenced
mov edi, dword [ebp - 0x180]
xor ebx, ebx
mov eax, dword [ebp - 0x150]
mov dword [ebp - 0x170], 1
mov byte [ebp - 0x15c], 0
add edi, 0x70
mov cl, al
mov dword [ebp - 0x160], edi
mov edi, dword [ebp - 0x178]
lea eax, [eax + eax*8]
shl dword [ebp - 0x170], cl
mov dword [ebp - 0x174], eax

loc_fffcd318:  ; not directly referenced
mov ecx, dword [ebp - 0x170]
mov edx, ebx
mov eax, esi
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0x15c], al
movzx eax, byte [ebp - 0x15c]
bt eax, ebx
mov dword [ebp - 0x168], eax
jae loc_fffcd434  ; jae 0xfffcd434
mov eax, dword [ebp - 0x174]
mov byte [ebp - 0x14c], 0
add eax, edi
mov dword [ebp - 0x188], eax

loc_fffcd358:  ; not directly referenced
movzx eax, byte [esi + 0x2488]
cmp byte [ebp - 0x14c], al
jb short loc_fffcd396  ; jb 0xfffcd396

loc_fffcd367:  ; not directly referenced
push edx
push 0
push eax
mov eax, dword [ebp - 0x184]
push dword [ebp - 0x160]
call dword [eax + 0x64]  ; ucall
mov edx, ebx
xor ecx, ecx
shl edx, 0xa
mov eax, esi
add edx, 0x40f0
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10
jmp near loc_fffcd434  ; jmp 0xfffcd434

loc_fffcd396:  ; not directly referenced
cmp byte [ebp - 0x152], 0
je short loc_fffcd367  ; je 0xfffcd367
cmp byte [ebp - 0x151], 1
jne short loc_fffcd3e0  ; jne 0xfffcd3e0
movzx eax, byte [ebp - 0x14c]
mov ecx, dword [ebp - 0x188]
lea edx, [ecx + eax]
mov ecx, dword [ebp - 0x150]
mov byte [edx + 0x104a], 0x20
mov byte [edx + 0x106e], 0x20
push edx
mov edx, ebx
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa7499  ; call 0xfffa7499
jmp short loc_fffcd426  ; jmp 0xfffcd426

loc_fffcd3e0:  ; not directly referenced
cmp byte [ebp - 0x151], 2
jne short loc_fffcd429  ; jne 0xfffcd429
movzx eax, byte [ebp - 0x14c]
mov ecx, dword [ebp - 0x174]
lea edx, [eax + ecx]
add edx, edx
add edx, edi
mov cx, word [edx + 0x121]
add ecx, 0x20
mov word [edx + 0x169], cx
mov edx, ebx
push ecx
mov ecx, dword [ebp - 0x150]
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa73b0  ; call 0xfffa73b0

loc_fffcd426:  ; not directly referenced
add esp, 0x10

loc_fffcd429:  ; not directly referenced
inc byte [ebp - 0x14c]
jmp near loc_fffcd358  ; jmp 0xfffcd358

loc_fffcd434:  ; not directly referenced
inc ebx
add edi, 0x13c3
add dword [ebp - 0x160], 0xcc
cmp ebx, 2
jne loc_fffcd318  ; jne 0xfffcd318
cmp byte [ebp - 0x15c], 0
je loc_fffcd91b  ; je 0xfffcd91b
mov edi, 0xffffffe1

loc_fffcd460:  ; not directly referenced
cmp byte [ebp - 0x151], 0xb
jne short loc_fffcd4ba  ; jne 0xfffcd4ba
xor ebx, ebx

loc_fffcd46b:  ; not directly referenced
mov eax, dword [ebp - 0x168]
bt eax, ebx
jb short loc_fffcd47e  ; jb 0xfffcd47e

loc_fffcd476:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcd46b  ; jne 0xfffcd46b
jmp short loc_fffcd4dc  ; jmp 0xfffcd4dc

loc_fffcd47e:  ; not directly referenced
xor edx, edx

loc_fffcd480:  ; not directly referenced
cmp dl, byte [esi + 0x2488]
jae short loc_fffcd476  ; jae 0xfffcd476
push 1
movzx eax, dl
push 0
push 0
push 0
push eax
push dword [ebp - 0x150]
mov dword [ebp - 0x14c], edx
push ebx
push 0
push 0
push edi
push 0xb
push esi
call fcn_fffcc900  ; call 0xfffcc900
mov edx, dword [ebp - 0x14c]
add esp, 0x30
inc edx
jmp short loc_fffcd480  ; jmp 0xfffcd480

loc_fffcd4ba:  ; not directly referenced
push 1
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push edi
push dword [ebp - 0x17c]
push esi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30

loc_fffcd4dc:  ; not directly referenced
movzx ecx, byte [esi + 0x248b]
lea eax, [ebp - 0x13f]
push ebx
mov edx, dword [ebp - 0x168]
push 0
push 1
push eax
mov eax, esi
call fcn_fffb0f94  ; call 0xfffb0f94
lea eax, [ebp - 0x60]
add esp, 0x10
mov dword [ebp - 0x14c], eax
lea eax, [ebp - 0xa8]
mov dword [ebp - 0x158], eax
lea eax, [ebp - 0x138]
mov dword [ebp - 0x15c], eax
lea eax, [edi - 1]
lea ebx, [ebp - 0xf0]
mov dword [ebp - 0x160], 0
mov dword [ebp - 0x190], eax

loc_fffcd539:  ; not directly referenced
mov eax, dword [ebp - 0x168]
mov ecx, dword [ebp - 0x160]
bt eax, ecx
jb short loc_fffcd576  ; jb 0xfffcd576

loc_fffcd54a:  ; not directly referenced
inc dword [ebp - 0x160]
add ebx, 0x24
add dword [ebp - 0x14c], 0x24
add dword [ebp - 0x158], 0x24
add dword [ebp - 0x15c], 0x24
cmp dword [ebp - 0x160], 2
jne short loc_fffcd539  ; jne 0xfffcd539
jmp near loc_fffcd689  ; jmp 0xfffcd689

loc_fffcd576:  ; not directly referenced
mov edx, dword [ebp - 0x160]
mov eax, esi
shl edx, 0xa
add edx, 0x40ec
call fcn_fffae52a  ; call 0xfffae52a
mov cl, byte [esi + 0x2488]
mov byte [ebp - 0x170], cl
xor ecx, ecx
movzx eax, ax
mov dword [ebp - 0x18c], eax

loc_fffcd5a3:  ; not directly referenced
cmp byte [ebp - 0x170], cl
jbe short loc_fffcd54a  ; jbe 0xfffcd54a
mov eax, dword [ebp - 0x18c]
sar eax, cl
and eax, 1
xor eax, 1
cmp edi, 0xffffffe1
jne short loc_fffcd61f  ; jne 0xfffcd61f
test eax, eax
mov eax, dword [ebp - 0x14c]
je short loc_fffcd5f5  ; je 0xfffcd5f5
mov dword [eax + ecx*4], 0xffffffe1
mov eax, dword [ebp - 0x158]
mov dword [ebx + ecx*4], 0xffffffe1
mov dword [eax + ecx*4], 0xffffffe1
mov eax, dword [ebp - 0x15c]
mov dword [eax + ecx*4], 0xffffffe1
jmp near loc_fffcd683  ; jmp 0xfffcd683

loc_fffcd5f5:  ; not directly referenced
mov dword [eax + ecx*4], 0xffffffdf
mov eax, dword [ebp - 0x158]
mov dword [ebx + ecx*4], 0xffffffdf
mov dword [eax + ecx*4], 0xffffffdf
mov eax, dword [ebp - 0x15c]
mov dword [eax + ecx*4], 0xffffffdf
jmp short loc_fffcd683  ; jmp 0xfffcd683

loc_fffcd61f:  ; not directly referenced
test eax, eax
je short loc_fffcd683  ; je 0xfffcd683
mov eax, dword [ebp - 0x190]
cmp dword [ebx + ecx*4], eax
je short loc_fffcd637  ; je 0xfffcd637
mov eax, dword [ebp - 0x15c]
mov dword [eax + ecx*4], edi

loc_fffcd637:  ; not directly referenced
mov eax, dword [ebp - 0x15c]
mov dword [ebx + ecx*4], edi
mov eax, dword [eax + ecx*4]
mov edx, eax
mov dword [ebp - 0x174], eax
mov eax, edi
sub eax, edx
mov edx, dword [ebp - 0x158]
mov dword [ebp - 0x188], eax
mov eax, dword [ebp - 0x14c]
mov eax, dword [eax + ecx*4]
sub eax, dword [edx + ecx*4]
cmp dword [ebp - 0x188], eax
jle short loc_fffcd683  ; jle 0xfffcd683
mov eax, edx
mov edx, dword [ebp - 0x174]
mov dword [eax + ecx*4], edx
mov eax, dword [ebp - 0x14c]
mov dword [eax + ecx*4], edi

loc_fffcd683:  ; not directly referenced
inc ecx
jmp near loc_fffcd5a3  ; jmp 0xfffcd5a3

loc_fffcd689:  ; not directly referenced
inc edi
cmp edi, 0x20
jne loc_fffcd460  ; jne 0xfffcd460
push 2
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push dword [ebp - 0x17c]
push esi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
mov dword [ebp - 0x14c], 0
mov dword [ebp - 0x158], eax
mov eax, dword [ebp - 0x178]
mov dword [ebp - 0x15c], eax
mov eax, dword [ebp - 0x150]
lea ebx, [eax + eax*8]
imul eax, eax, 0x12
mov dword [ebp - 0x170], ebx
mov dword [ebp - 0x174], eax

loc_fffcd6ea:  ; not directly referenced
mov eax, dword [ebp - 0x168]
mov ebx, dword [ebp - 0x14c]
bt eax, ebx
jae loc_fffcd8fe  ; jae 0xfffcd8fe
mov eax, dword [ebp - 0x170]
add eax, dword [ebp - 0x15c]
mov byte [ebp - 0x160], 0
mov dword [ebp - 0x188], eax

loc_fffcd718:  ; not directly referenced
mov al, byte [ebp - 0x160]
cmp al, byte [esi + 0x2488]
jae loc_fffcd8b8  ; jae 0xfffcd8b8
movzx eax, byte [ebp - 0x160]
imul edx, dword [ebp - 0x14c], 9
add edx, eax
mov ebx, dword [ebp + edx*4 - 0x60]
mov edx, dword [ebp + edx*4 - 0xa8]
mov ecx, ebx
sub ecx, edx
cmp ecx, 7
jg short loc_fffcd769  ; jg 0xfffcd769
cmp byte [esi + 0x1965], 0
mov ecx, 9
cmove ecx, dword [ebp - 0x158]
mov dword [ebp - 0x158], ecx
jmp short loc_fffcd773  ; jmp 0xfffcd773

loc_fffcd769:  ; not directly referenced
sar ecx, 1
add ecx, edx
mov dword [ebp - 0x164], ecx

loc_fffcd773:  ; not directly referenced
imul edi, edx, 0xfffffff6
imul ecx, edx, 0xa
test edx, edx
cmovs ecx, edi
imul edx, ebx, 0xa
imul edi, ebx, 0xfffffff6
test ebx, ebx
cmovs edx, edi
cmp byte [ebp - 0x151], 1
jne short loc_fffcd7d1  ; jne 0xfffcd7d1
imul ebx, dword [ebp - 0x14c], 9
add ebx, dword [ebp - 0x174]
mov edi, dword [ebp - 0x188]
lea ebx, [eax + ebx + 0x50]
mov dword [esi + ebx*8 + 0x2450], ecx
mov ecx, dword [ebp - 0x164]
mov dword [esi + ebx*8 + 0x2454], edx
lea edx, [edi + eax]
add byte [edx + 0x104a], cl
add byte [edx + 0x106e], cl
jmp near loc_fffcd88e  ; jmp 0xfffcd88e

loc_fffcd7d1:  ; not directly referenced
cmp byte [ebp - 0x151], 2
jne short loc_fffcd83d  ; jne 0xfffcd83d
imul ebx, dword [ebp - 0x14c], 9
add ebx, dword [ebp - 0x174]
mov edi, dword [ebp - 0x164]
lea ebx, [eax + ebx + 0xe0]
mov dword [esi + ebx*8 + 0x2454], edx
movzx edx, byte [ebp - 0x160]
mov dword [esi + ebx*8 + 0x2450], ecx
mov ebx, dword [ebp - 0x15c]
add edx, dword [ebp - 0x170]
add edx, edx
add word [ebx + edx + 0x169], di
push ecx
mov edx, dword [ebp - 0x14c]
mov ecx, dword [ebp - 0x150]
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa73b0  ; call 0xfffa73b0
jmp short loc_fffcd8aa  ; jmp 0xfffcd8aa

loc_fffcd83d:  ; not directly referenced
cmp byte [ebp - 0x151], 0xb
jne short loc_fffcd8ad  ; jne 0xfffcd8ad
imul ebx, dword [ebp - 0x14c], 9
add ebx, dword [ebp - 0x174]
mov edi, dword [ebp - 0x164]
lea ebx, [eax + ebx + 0x128]
mov dword [esi + ebx*8 + 0x2454], edx
movzx edx, byte [ebp - 0x160]
mov dword [esi + ebx*8 + 0x2450], ecx
lea ecx, [edi + edi]
mov edi, dword [ebp - 0x15c]
add edx, dword [ebp - 0x170]
add edx, edx
add word [edi + edx + 0x1b1], cx

loc_fffcd88e:  ; not directly referenced
mov ecx, dword [ebp - 0x150]
push edx
mov edx, dword [ebp - 0x14c]
push 0
push 0xff
push eax
mov eax, esi
call fcn_fffa7499  ; call 0xfffa7499

loc_fffcd8aa:  ; not directly referenced
add esp, 0x10

loc_fffcd8ad:  ; not directly referenced
inc byte [ebp - 0x160]
jmp near loc_fffcd718  ; jmp 0xfffcd718

loc_fffcd8b8:  ; not directly referenced
cmp byte [ebp - 0x151], 0xb
jne short loc_fffcd8fe  ; jne 0xfffcd8fe
mov ebx, dword [ebp - 0x14c]
mov eax, esi
shl ebx, 0xa
add ebx, 0x4028
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edi, dword [ebp - 0x15c]
movzx edx, byte [edi + 0x1019]
and eax, 0xffc0ffff
and edx, 0x3f
shl edx, 0x10
or eax, edx
mov edx, ebx
mov ecx, eax
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffcd8fe:  ; not directly referenced
inc dword [ebp - 0x14c]
add dword [ebp - 0x15c], 0x13c3
cmp dword [ebp - 0x14c], 2
jne loc_fffcd6ea  ; jne 0xfffcd6ea

loc_fffcd91b:  ; not directly referenced
inc dword [ebp - 0x150]
cmp dword [ebp - 0x150], 4
jne loc_fffcd2d9  ; jne 0xfffcd2d9
cmp byte [ebp - 0x16c], 0xb
mov ebx, dword [ebp - 0x158]
jne short loc_fffcd94b  ; jne 0xfffcd94b
mov eax, esi
call fcn_fffb0e8a  ; call 0xfffb0e8a
jmp short loc_fffcd94b  ; jmp 0xfffcd94b

loc_fffcd946:  ; not directly referenced
mov ebx, 2

loc_fffcd94b:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, ebx
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcd955:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
xor ebx, ebx
sub esp, 0x2c
mov eax, dword [eax + 0x2480]
mov dword [ebp - 0x2c], ecx
lea edi, [esi + 0x3756]
mov byte [ebp - 0x25], dl
mov dword [ebp - 0x24], eax

loc_fffcd977:  ; not directly referenced
cmp dword [edi], 2
jne loc_fffcda73  ; jne 0xfffcda73
mov dl, byte [ebp - 0x25]
and dl, byte [edi + 0xc4]
je loc_fffcda73  ; je 0xfffcda73
mov eax, dword [ebp - 0x2c]
movzx ecx, dl
mov dword [ebp - 0x20], ecx
movzx eax, byte [eax + ebx]
push edx
push 0
push eax
push 3
push ecx
push 0
push ebx
push esi
mov dword [ebp - 0x1c], eax
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
xor edx, edx

loc_fffcd9b4:  ; not directly referenced
mov eax, dword [ebp - 0x20]
bt eax, edx
jae short loc_fffcd9c9  ; jae 0xfffcd9c9
movzx edx, byte [edi + edx + 0x245]
add edx, dword [ebp - 0x1c]
jmp short loc_fffcd9d1  ; jmp 0xfffcd9d1

loc_fffcd9c9:  ; not directly referenced
inc edx
cmp edx, 4
jne short loc_fffcd9b4  ; jne 0xfffcd9b4
xor dl, dl

loc_fffcd9d1:  ; not directly referenced
push ecx
push 0
push edx
push 1
push dword [ebp - 0x20]
push 4
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
mov edx, dword [ebp - 0x1c]
push 0
add edx, dword [edi + 0x111]
push edx
push 1
push dword [ebp - 0x20]
push 2
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
mov edx, dword [ebp - 0x1c]
push 0
add edx, dword [edi + 0x119]
push edx
push 1
push dword [ebp - 0x20]
push 1
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
cmp dword [ebp - 0x24], 3
jne short loc_fffcda55  ; jne 0xfffcda55
mov eax, dword [ebp - 0x1c]
add dword [edi + 0x111], eax
push edx
push 0
mov edx, dword [edi + 0x115]
add edx, eax
push edx
push 2
push dword [ebp - 0x20]
push 2
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
mov edx, dword [ebp - 0x1c]
add esp, 0x20
sub dword [edi + 0x111], edx

loc_fffcda55:  ; not directly referenced
mov edx, dword [ebp - 0x1c]
push eax
push 0
add edx, dword [edi + 0x109]
push edx
push 1
push dword [ebp - 0x20]
push 3
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffcda73:  ; not directly referenced
inc ebx
add edi, 0x13c3
cmp ebx, 2
jne loc_fffcd977  ; jne 0xfffcd977
sub esp, 0xc
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcda94:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, edx
sub esp, 0x3d0
mov edi, dword [ebp + 0xc]
mov dword [ebp - 0x3cc], ecx
mov ecx, dword [ebp + 0x14]
mov byte [ebp - 0x38e], dl
mov dl, byte [ebp + 8]
mov esi, dword [ebp + 0x10]
mov dword [ebp - 0x34c], eax
xor eax, eax
cmp bl, 0xc
mov dword [ebp - 0x37c], ecx
mov ecx, dword [ebp + 0x24]
mov dword [ebp - 0x374], edi
mov byte [ebp - 0x3a4], dl
mov edx, edi
lea edi, [ebp - 0x2e0]
mov dword [ebp - 0x380], ecx
mov ecx, dword [ebp + 0x2c]
mov byte [ebp - 0x34d], dl
mov edx, esi
mov byte [ebp - 0x364], dl
mov dl, byte [ebp + 0x20]
mov dword [ebp - 0x378], esi
mov esi, ref_fffd5bc0  ; mov esi, 0xfffd5bc0
mov dword [ebp - 0x384], ecx
mov ecx, 0xb
rep stosd  ; rep stosd dword es:[edi], eax
lea edi, [ebp - 0x321]
mov byte [ebp - 0x38f], dl
mov dl, byte [ebp + 0x28]
mov word [ebp - 0x2d8], 7
mov word [ebp - 0x2d2], 0x3ff
mov word [ebp - 0x2bc], 1
mov byte [ebp - 0x34e], dl
mov cl, 0xd
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
lea edi, [ebp - 0x302]
mov esi, ref_fffd5bd0  ; mov esi, 0xfffd5bd0
mov word [ebp - 0x2b6], 1
mov cl, 4
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov eax, dword [ebp - 0x34c]
lea edi, [ebp - 0x288]
mov esi, ref_fffd5be0  ; mov esi, 0xfffd5be0
mov byte [ebp - 0x33e], 0
mov byte [ebp - 0x33d], 0
mov word [ebp - 0x32c], 0
mov dword [ebp - 0x32a], 0
mov cl, 0xc
rep movsd  ; rep movsd dword es:[edi], dword ptr [esi]
mov edi, dword [eax + 0x2443]
mov esi, 0xa
mov al, 0x14
cmovne esi, eax
push 0
mov eax, esi
push 2
mov byte [ebp - 0x3b6], al
lea eax, [ebp - 0x33a]
push eax
mov dword [ebp - 0x326], 7
mov byte [ebp - 0x322], 0
call dword [edi + 0x60]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x33c]
push eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x10
lea eax, [ebp - 0x314]
push eax
call dword [edi + 0x5c]  ; ucall
add esp, 0xc
push 0x2c
lea eax, [ebp - 0x2e0]
push eax
lea eax, [ebp - 0x2b4]
push eax
call dword [edi + 0x58]  ; ucall
add esp, 0x10
xor eax, eax

loc_fffcdc0a:  ; not directly referenced
mov byte [ebp + eax - 0x335], al
inc eax
cmp eax, 9
jne short loc_fffcdc0a  ; jne 0xfffcdc0a
cmp bl, 0xc
sete al
mov byte [ebp - 0x34f], al
movzx eax, al
mov dword [ebp - 0x354], eax
lea eax, [ebx - 8]
cmp al, 1
setbe dl
cmp bl, 0xb
sete al
or dl, al
mov dword [ebp - 0x35c], 1
jne short loc_fffcdc56  ; jne 0xfffcdc56
xor eax, eax
cmp bl, 0xa
sete al
mov dword [ebp - 0x35c], eax

loc_fffcdc56:  ; not directly referenced
mov al, byte [ebp - 0x33d]
mov esi, dword [ebp - 0x34c]
movzx ecx, byte [ebp - 0x38e]
mov dword [ebp - 0x358], 0
mov byte [ebp - 0x360], al
mov al, byte [ebp - 0x33e]
add esi, 0x381a
mov dword [ebp - 0x388], ecx

loc_fffcdc8b:  ; not directly referenced
mov cl, byte [esi]
test cl, cl
je loc_fffcdd4f  ; je 0xfffcdd4f
mov dl, cl
and edx, 0xc
cmp dl, 0xc
je short loc_fffcdcb5  ; je 0xfffcdcb5
mov dl, cl
and edx, 3
cmp dl, 3
sete dl
movzx edx, dl
mov dword [ebp - 0x370], edx
jmp short loc_fffcdcbf  ; jmp 0xfffcdcbf

loc_fffcdcb5:  ; not directly referenced
mov dword [ebp - 0x370], 1

loc_fffcdcbf:  ; not directly referenced
test byte [ebp - 0x34e], cl
je loc_fffcdd4f  ; je 0xfffcdd4f
mov cl, byte [ebp - 0x358]
mov edx, 1
shl edx, cl
mov ecx, dword [ebp - 0x388]
mov dword [ebp - 0x368], edx
mov cl, byte [ebp + ecx - 0x321]
mov byte [ebp - 0x36c], cl
and cl, 2
je short loc_fffcdd11  ; je 0xfffcdd11
mov cl, byte [ebp - 0x360]
mov dl, byte [ebp - 0x368]
or edx, ecx
cmp dword [esi - 4], 2
cmove ecx, edx
mov byte [ebp - 0x360], cl

loc_fffcdd11:  ; not directly referenced
test byte [ebp - 0x36c], 1
je short loc_fffcdd23  ; je 0xfffcdd23
cmp dword [ebp - 0x370], 0
jne short loc_fffcdd2c  ; jne 0xfffcdd2c

loc_fffcdd23:  ; not directly referenced
cmp dword [ebp - 0x354], 0
je short loc_fffcdd32  ; je 0xfffcdd32

loc_fffcdd2c:  ; not directly referenced
or eax, dword [ebp - 0x368]

loc_fffcdd32:  ; not directly referenced
cmp dword [ebp - 0x35c], 0
je short loc_fffcdd4f  ; je 0xfffcdd4f
mov edx, dword [ebp - 0x358]
movzx ecx, al
bt ecx, edx
jb short loc_fffcdd4f  ; jb 0xfffcdd4f
or eax, dword [ebp - 0x368]

loc_fffcdd4f:  ; not directly referenced
inc dword [ebp - 0x358]
add esi, 0x13c3
cmp dword [ebp - 0x358], 2
jne loc_fffcdc8b  ; jne 0xfffcdc8b
mov dl, byte [ebp - 0x360]
mov cl, byte [ebp - 0x374]
cmp byte [ebp - 0x378], cl
mov byte [ebp - 0x33e], al
mov byte [ebp - 0x33d], dl
setle cl
or al, dl
mov byte [ebp - 0x358], al
sete al
or cl, al
je short loc_fffcdda2  ; je 0xfffcdda2

loc_fffcdd98:  ; not directly referenced
mov eax, 1
jmp near loc_fffceaf5  ; jmp 0xfffceaf5

loc_fffcdda2:  ; not directly referenced
mov eax, dword [ebp - 0x34c]
mov byte [eax + 0x248b], 3
lea eax, [ebx - 6]
cmp al, 1
ja short loc_fffcddd1  ; ja 0xfffcddd1
mov eax, dword [ebp - 0x34c]
mov edx, 1
mov ecx, 4
mov byte [eax + 0x248b], 5
mov al, 0xd
jmp short loc_fffcddf3  ; jmp 0xfffcddf3

loc_fffcddd1:  ; not directly referenced
cmp dword [ebp - 0x35c], 0
je short loc_fffcddfa  ; je 0xfffcddfa
mov eax, dword [ebp - 0x34c]
mov edx, 1
mov ecx, 5
mov byte [eax + 0x248b], 6
mov al, 0xd

loc_fffcddf3:  ; not directly referenced
mov esi, 0x80
jmp short loc_fffcde1c  ; jmp 0xfffcde1c

loc_fffcddfa:  ; not directly referenced
cmp byte [ebp - 0x34f], 1
sbb eax, eax
xor edx, edx
and eax, 0xfffffffd
xor ecx, ecx
add eax, 0x10
cmp byte [ebp - 0x34f], 1
sbb esi, esi
and esi, 0x7c
add esi, 4

loc_fffcde1c:  ; not directly referenced
movzx eax, al
movzx esi, si
mov dword [ebp - 0x35c], ebx
mov ebx, dword [ebp - 0x34c]
mov word [ebp - 0x32c], ax
movzx eax, byte [ebp - 0x37c]
mov dword [ebp - 0x2a0], edx
mov dword [ebp - 0x294], edx
mov bl, byte [ebx + 0x248b]
mov edx, eax
movzx eax, byte [ebp - 0x358]
push 0
push 0
push 0
mov byte [ebp - 0x322], bl
mov ebx, eax
mov dword [ebp - 0x3a0], eax
lea eax, [ebp - 0x32c]
push eax
push 0
lea eax, [ebp - 0x2b4]
push eax
push edx
push esi
mov dword [ebp - 0x358], edx
mov edx, ebx
mov ebx, dword [ebp - 0x34c]
mov eax, ebx
call fcn_fffb20e5  ; call 0xfffb20e5
add esp, 0x20
lea eax, [esi - 1]
mov esi, ebx
call fcn_fffaec34  ; call 0xfffaec34
mov cl, byte [ebp - 0x358]
mov edx, 1
sub ecx, eax
mov eax, edx
shl eax, cl
mov ecx, eax
mov al, 1
test cl, cl
cmovg eax, ecx
mov byte [ebx + 0x248c], al
mov ebx, dword [ebp - 0x35c]
movzx ecx, byte [esi + 0x2488]
mov dword [ebp - 0x35c], 0
lea eax, [ebx - 0xa]
cmp al, 1
mov byte [ebp - 0x3b5], al
setbe al
movzx eax, al
shl edx, cl
cmp bl, 0xa
mov bl, byte [ebp - 0x364]
mov dword [ebp - 0x38c], eax
lea eax, [edx - 1]
mov dl, byte [ebp - 0x34d]
mov word [ebp - 0x3a2], ax
sete al
lea eax, [eax + eax - 1]
mov cl, al
mov byte [ebp - 0x358], al
mov al, byte [ebp - 0x378]
cmove eax, edx
mov dl, al
mov byte [ebp - 0x34d], al
mov al, byte [ebp - 0x374]
cmove eax, ebx
add esi, 0x3756
mov byte [ebp - 0x364], al
mov al, byte [ebp - 0x384]
imul eax, ecx
sub edx, eax
mov byte [ebp - 0x350], al
movzx eax, dl
mov dword [ebp - 0x36c], eax

loc_fffcdf57:  ; not directly referenced
cmp dword [esi], 2
je short loc_fffcdfce  ; je 0xfffcdfce

loc_fffcdf5c:  ; not directly referenced
add dword [ebp - 0x35c], 9
add esi, 0x13c3
cmp dword [ebp - 0x35c], 0x12
jne short loc_fffcdf57  ; jne 0xfffcdf57
movzx eax, byte [ebp - 0x380]
movzx edi, byte [ebp - 0x38e]
mov dword [ebp - 0x37c], 0
mov dword [ebp - 0x3b0], eax
imul eax, eax, 0x90
mov dword [ebp - 0x398], edi
movzx edi, byte [ebp - 0x34e]
mov dword [ebp - 0x3c4], eax
mov al, byte [ebp - 0x364]
mov dword [ebp - 0x39c], edi
mov byte [ebp - 0x36c], al
mov al, byte [ebp - 0x34d]
mov byte [ebp - 0x374], al
xor eax, eax
jmp near loc_fffce1f4  ; jmp 0xfffce1f4

loc_fffcdfce:  ; not directly referenced
mov ebx, dword [ebp - 0x34c]
push ecx
push dword [ebp - 0x36c]
movzx eax, byte [ebx + 0x2488]
push eax
mov eax, dword [ebp - 0x35c]
lea eax, [ebp + eax - 0x2f2]
push eax
call dword [edi + 0x5c]  ; ucall
mov al, byte [ebx + 0x2488]
add esp, 0x10
xor edx, edx
mov byte [ebp - 0x368], al

loc_fffce005:  ; not directly referenced
cmp dl, byte [ebp - 0x368]
je loc_fffcdf5c  ; je 0xfffcdf5c
movzx ecx, dl
add ecx, dword [ebp - 0x35c]
lea eax, [ebp - 0x258]
mov byte [ebp - 0x360], 0
add ecx, ecx
add ecx, eax
xor eax, eax

loc_fffce02d:  ; not directly referenced
mov bl, byte [ebp - 0x3a4]
cmp byte [ebp - 0x360], bl
je short loc_fffce07b  ; je 0xfffce07b
mov bl, byte [ebp - 0x38f]
test bl, bl
je short loc_fffce06e  ; je 0xfffce06e
mov word [ecx + eax], 0x500
cmp bl, 1
jbe short loc_fffce057  ; jbe 0xfffce057
mov word [ecx + eax + 0x24], 0x500

loc_fffce057:  ; not directly referenced
cmp byte [ebp - 0x38f], 1
mov word [ecx + eax + 0x48], 0x500
jbe short loc_fffce06e  ; jbe 0xfffce06e
mov word [ecx + eax + 0x6c], 0x500

loc_fffce06e:  ; not directly referenced
inc byte [ebp - 0x360]
add eax, 0x90
jmp short loc_fffce02d  ; jmp 0xfffce02d

loc_fffce07b:  ; not directly referenced
inc edx
jmp short loc_fffce005  ; jmp 0xfffce005

loc_fffce07e:  ; not directly referenced
test al, al
jne loc_fffce210  ; jne 0xfffce210
mov al, byte [ebp - 0x34d]
sub eax, dword [ebp - 0x374]
imul eax, dword [ebp - 0x358]
mov byte [ebp - 0x38d], al
dec al
sete al
test byte [ebp - 0x34f], al
je short loc_fffce0d0  ; je 0xfffce0d0
mov al, byte [ebp - 0x36c]
add ecx, dword [ebp - 0x374]
neg byte [ebp - 0x358]
mov byte [ebp - 0x374], dl
mov byte [ebp - 0x34d], al
mov byte [ebp - 0x36c], cl

loc_fffce0d0:  ; not directly referenced
movzx eax, byte [ebp - 0x34d]
xor esi, esi
mov edi, eax
shl edi, 0x18
mov dword [ebp - 0x360], edi
mov edi, 0x48dc
mov dword [ebp - 0x368], eax

loc_fffce0ef:  ; not directly referenced
imul eax, esi, 0x13c3
mov ebx, dword [ebp - 0x34c]
mov al, byte [ebx + eax + 0x381a]
mov ebx, dword [ebp - 0x3a0]
bt ebx, esi
jb loc_fffce23a  ; jb 0xfffce23a

loc_fffce111:  ; not directly referenced
inc esi
add edi, 8
cmp esi, 2
jne short loc_fffce0ef  ; jne 0xfffce0ef
mov al, byte [ebp - 0x34d]
sub eax, dword [ebp - 0x358]
mov dword [ebp - 0x3a8], 0
mov dword [ebp - 0x368], 0
mov byte [ebp - 0x390], al
mov al, byte [ebp - 0x350]
sub byte [ebp - 0x390], al

loc_fffce14c:  ; not directly referenced
mov eax, dword [ebp - 0x368]
movzx eax, byte [ebp + eax - 0x33e]
mov byte [ebp - 0x3a3], al
test al, al
je loc_fffce98f  ; je 0xfffce98f
mov dword [ebp - 0x35c], eax
xor esi, esi
imul eax, dword [ebp - 0x368], 6
mov dword [ebp - 0x364], eax

loc_fffce17d:  ; not directly referenced
mov eax, dword [ebp - 0x35c]
bt eax, esi
jb loc_fffce35a  ; jb 0xfffce35a

loc_fffce18c:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffce17d  ; jne 0xfffce17d
mov eax, dword [ebp - 0x35c]
mov byte [ebp - 0x360], 0
and eax, 2
mov dword [ebp - 0x3b4], eax
mov eax, dword [ebp + 0x1c]
mov dword [ebp - 0x394], eax

loc_fffce1b1:  ; not directly referenced
mov al, byte [ebp - 0x394]
sub eax, dword [ebp + 0x1c]
mov byte [ebp - 0x364], al
cmp al, byte [ebp - 0x38f]
jae short loc_fffce1d5  ; jae 0xfffce1d5
cmp byte [ebp - 0x360], 0
je loc_fffce40a  ; je 0xfffce40a

loc_fffce1d5:  ; not directly referenced
cmp dword [ebp - 0x368], 1
jne loc_fffce99b  ; jne 0xfffce99b

loc_fffce1e2:  ; not directly referenced
mov al, byte [ebp - 0x358]
add byte [ebp - 0x34d], al
mov al, byte [ebp - 0x360]

loc_fffce1f4:  ; not directly referenced
mov edi, dword [ebp - 0x358]
mov dl, byte [ebp - 0x36c]
mov ecx, edi
add edx, edi
cmp byte [ebp - 0x34d], dl
jne loc_fffce07e  ; jne 0xfffce07e

loc_fffce210:  ; not directly referenced
cmp dword [ebp - 0x354], 1
jne loc_fffce9be  ; jne 0xfffce9be
mov al, byte [ebp - 0x374]
add eax, dword [ebp - 0x358]
neg byte [ebp - 0x358]
mov byte [ebp - 0x36c], al
jmp near loc_fffce9be  ; jmp 0xfffce9be

loc_fffce23a:  ; not directly referenced
and al, byte [ebp - 0x34e]
mov byte [ebp - 0x364], al
je loc_fffce111  ; je 0xfffce111
mov ebx, dword [ebp - 0x34c]
mov edx, edi
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, edi
mov dword [ebp - 0x34c], ebx
xor al, al
or eax, dword [ebp - 0x398]
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x34c]
lea ebx, [edi - 4]
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, ebx
lea ebx, [edi + 0x10]
and eax, 0xffffff
or eax, dword [ebp - 0x360]
mov ecx, eax
mov eax, dword [ebp - 0x34c]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x34c]
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, ebx
lea ebx, [edi + 0xc]
xor al, al
or eax, dword [ebp - 0x398]
mov ecx, eax
mov eax, dword [ebp - 0x34c]
call fcn_fffae58c  ; call 0xfffae58c
mov eax, dword [ebp - 0x34c]
mov edx, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov edx, ebx
and eax, 0xffffff
or eax, dword [ebp - 0x360]
mov ecx, eax
mov eax, dword [ebp - 0x34c]
call fcn_fffae58c  ; call 0xfffae58c
cmp dword [ebp - 0x38c], 0
mov byte [ebp - 0x35c], 1
je short loc_fffce311  ; je 0xfffce311
mov eax, dword [ebp - 0x34c]
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x35c], al

loc_fffce311:  ; not directly referenced
movzx eax, byte [ebp - 0x364]
xor ebx, ebx
mov dword [ebp - 0x364], eax

loc_fffce320:  ; not directly referenced
cmp byte [ebp - 0x35c], bl
jbe loc_fffce111  ; jbe 0xfffce111
sub esp, 0xc
mov eax, dword [ebp - 0x34c]
mov ecx, ebx
push dword [ebp - 0x364]
mov edx, esi
inc ebx
push 0
push 0
push dword [ebp - 0x368]
push dword [ebp - 0x398]
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x20
jmp short loc_fffce320  ; jmp 0xfffce320

loc_fffce35a:  ; not directly referenced
imul eax, esi, 0x13c3
mov edi, dword [ebp - 0x34c]
mov dl, byte [ebp - 0x34e]
and dl, byte [edi + eax + 0x381a]
je loc_fffce18c  ; je 0xfffce18c
cmp dword [ebp - 0x354], 0
mov eax, 0x3210
jne short loc_fffce3a4  ; jne 0xfffce3a4
movzx ecx, dl
movzx ecx, byte [ebp + ecx - 0x302]
cmp cl, 0xf
je short loc_fffce3a4  ; je 0xfffce3a4
add ecx, dword [ebp - 0x364]
mov eax, dword [ebp + ecx*4 - 0x288]

loc_fffce3a4:  ; not directly referenced
mov dword [ebp - 0x360], 0
xor ebx, ebx
movzx edx, dl

loc_fffce3b3:  ; not directly referenced
test eax, eax
je short loc_fffce3d9  ; je 0xfffce3d9
mov cl, al
and ecx, 0xf
shr eax, 4
bt edx, ecx
movzx edi, cl
jae short loc_fffce3b3  ; jae 0xfffce3b3
lea ecx, [ebx*4]
inc ebx
shl edi, cl
or dword [ebp - 0x360], edi
jmp short loc_fffce3b3  ; jmp 0xfffce3b3

loc_fffce3d9:  ; not directly referenced
mov edi, dword [ebp - 0x34c]
lea edx, [esi*4 + 0x4930]
dec ebx
mov ecx, dword [ebp - 0x360]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
movzx ecx, bl
mov eax, edi
lea edx, [esi*8 + 0x48ef]
call fcn_fffae566  ; call 0xfffae566
jmp near loc_fffce18c  ; jmp 0xfffce18c

loc_fffce40a:  ; not directly referenced
mov eax, dword [ebp - 0x394]
cmp dword [ebp - 0x354], 0
mov bl, byte [eax]
je short loc_fffce45e  ; je 0xfffce45e
mov edi, dword [ebp - 0x360]
lea ecx, [ebp - 0x33c]
test byte [ebp - 0x3a3], 1
mov edx, dword [ebp - 0x39c]
mov eax, edi
cmovne eax, ebx
cmp dword [ebp - 0x3b4], 0
mov byte [ebp - 0x33c], al
mov eax, edi
cmovne eax, ebx
mov byte [ebp - 0x33b], al
mov eax, dword [ebp - 0x34c]
call fcn_fffcd955  ; call 0xfffcd955
jmp short loc_fffce4ce  ; jmp 0xfffce4ce

loc_fffce45e:  ; not directly referenced
cmp byte [ebp - 0x368], 1
movzx eax, bl
jne short loc_fffce497  ; jne 0xfffce497
mov esi, dword [ebp - 0x35c]
sub esp, 0xc
mov ecx, 3
mov edi, dword [ebp - 0x34c]
neg ebx
push eax
mov edx, esi
mov eax, edi
call fcn_fffcfce5  ; call 0xfffcfce5
movzx eax, bl
mov ecx, 0xc
mov dword [esp], eax
jmp short loc_fffce4c2  ; jmp 0xfffce4c2

loc_fffce497:  ; not directly referenced
mov esi, dword [ebp - 0x35c]
sub esp, 0xc
mov ecx, 5
mov edi, dword [ebp - 0x34c]
neg ebx
push eax
mov edx, esi
mov eax, edi
call fcn_fffcfce5  ; call 0xfffcfce5
movzx eax, bl
mov ecx, 0xa
mov dword [esp], eax

loc_fffce4c2:  ; not directly referenced
mov edx, esi
mov eax, edi
call fcn_fffcfce5  ; call 0xfffcfce5
add esp, 0x10

loc_fffce4ce:  ; not directly referenced
movzx ebx, byte [ebp - 0x364]
mov dword [ebp - 0x388], 0
imul ebx, ebx, 0x24
add ebx, dword [ebp - 0x3a8]
mov dword [ebp - 0x3c8], ebx

loc_fffce4ee:  ; not directly referenced
mov al, byte [ebp - 0x388]
cmp byte [ebp - 0x3a4], al
jbe loc_fffce935  ; jbe 0xfffce935
mov eax, dword [ebp - 0x3cc]
mov edi, dword [ebp - 0x388]
mov bl, byte [eax + edi]
test bl, bl
je loc_fffcdd98  ; je 0xfffcdd98
movzx eax, bl
mov dword [ebp - 0x378], eax
mov byte [ebp - 0x370], 0
cmp bl, 0x21
ja short loc_fffce538  ; ja 0xfffce538
mov al, byte [eax + ref_fffd5f1c]  ; mov al, byte [eax - 0x2a0e4]
mov byte [ebp - 0x370], al

loc_fffce538:  ; not directly referenced
mov esi, dword [ebp - 0x34c]
xor ecx, ecx
mov edx, dword [ebp - 0x378]
mov eax, esi
call fcn_fffb13cf  ; call 0xfffb13cf
cmp dword [esi + 0x2480], 2
mov word [ebp - 0x3b8], ax
jne short loc_fffce572  ; jne 0xfffce572
cmp bl, 0x11
sete dl
cmp bl, 5
sete al
or dl, al
jne short loc_fffce5ac  ; jne 0xfffce5ac
cmp bl, 0x21
je short loc_fffce5ac  ; je 0xfffce5ac

loc_fffce572:  ; not directly referenced
cmp bl, 0x10
sete dl
cmp bl, 4
sete al
or dl, al
jne short loc_fffce5b0  ; jne 0xfffce5b0
cmp bl, 5
sete dl
cmp bl, 0x20
sete al
or dl, al
jne short loc_fffce5b0  ; jne 0xfffce5b0
cmp bl, 0x21
sete al
cmp bl, 0x11
sete dl
or eax, edx
cmp al, 1
sbb ebx, ebx
and ebx, 0xffffffe9
add ebx, 0x36
jmp short loc_fffce5b2  ; jmp 0xfffce5b2

loc_fffce5ac:  ; not directly referenced
mov bl, 0x25
jmp short loc_fffce5b2  ; jmp 0xfffce5b2

loc_fffce5b0:  ; not directly referenced
mov bl, 0x36

loc_fffce5b2:  ; not directly referenced
xor eax, eax
mov dl, 1

loc_fffce5b6:  ; not directly referenced
mov esi, dword [ebp - 0x35c]
bt esi, eax
jae short loc_fffce60f  ; jae 0xfffce60f
imul esi, eax, 0x13c3
mov edi, dword [ebp - 0x34c]
mov cl, byte [ebp - 0x34e]
test byte [edi + esi + 0x381a], cl
je short loc_fffce60f  ; je 0xfffce60f
cmp byte [ebp - 0x3b5], 2
ja short loc_fffce5fe  ; ja 0xfffce5fe
mov di, word [ebp - 0x3a2]
cmp word [ebp + eax*2 - 0x33a], di
mov edi, 0
cmovne edx, edi
jmp short loc_fffce60f  ; jmp 0xfffce60f

loc_fffce5fe:  ; not directly referenced
cmp word [ebp + eax*2 - 0x33a], 0
mov edi, 0
cmove edx, edi

loc_fffce60f:  ; not directly referenced
inc eax
cmp eax, 2
jne short loc_fffce5b6  ; jne 0xfffce5b6
test dl, dl
jne loc_fffce92e  ; jne 0xfffce92e
mov edi, dword [ebp - 0x34c]
mov ecx, dword [ebp - 0x378]
push edx
push edx
mov eax, edi
add eax, 0x2490
push 0xf
mov edx, eax
push 0
mov esi, eax
mov dword [ebp - 0x3bc], eax
mov eax, edi
call fcn_fffa7e6c  ; call 0xfffa7e6c
add esp, 0x10
test eax, eax
jne loc_fffceaf5  ; jne 0xfffceaf5
push eax
movzx ebx, bl
mov ecx, dword [ebp - 0x35c]
push eax
mov edx, esi
lea eax, [ebp - 0x314]
push eax
push ebx
lea eax, [ebp - 0x335]
push eax
mov eax, edi
push dword [ebp - 0x378]
push 0xff
push dword [ebp - 0x3b0]
call fcn_fffd13ed  ; call 0xfffd13ed
add esp, 0x20
mov dword [ebp - 0x37c], eax
test eax, eax
jne loc_fffceaef  ; jne 0xfffceaef
imul eax, dword [ebp - 0x388], 0x90
mov esi, 0x64
add eax, dword [ebp - 0x3c8]
mov bl, byte [ebp - 0x370]
lea edi, [ebp - 0x2f2]
mov dword [ebp - 0x364], edi
lea eax, [ebp + eax - 0x258]
mov dword [ebp - 0x384], eax
movzx eax, byte [ebp - 0x3b6]
movzx edi, bl
imul edi, edi, 0x240
add edi, dword [ebp + 0x18]
add edi, dword [ebp - 0x3c4]
sub esi, eax
mov byte [ebp - 0x380], 1
mov dword [ebp - 0x3d4], esi
mov dword [ebp - 0x3ac], edi
xor edi, edi

loc_fffce6fb:  ; not directly referenced
imul eax, edi, 0x13c3
mov esi, dword [ebp - 0x34c]
mov al, byte [esi + eax + 0x381a]
mov esi, dword [ebp - 0x35c]
bt esi, edi
jae loc_fffce8d2  ; jae 0xfffce8d2
test byte [ebp - 0x34e], al
je loc_fffce8d2  ; je 0xfffce8d2
mov eax, dword [ebp - 0x34c]
xor ecx, ecx
mov al, byte [eax + 0x2488]
mov byte [ebp - 0x3bf], al

loc_fffce73d:  ; not directly referenced
cmp byte [ebp - 0x3bf], cl
jbe loc_fffce8d2  ; jbe 0xfffce8d2
mov eax, dword [ebp - 0x3ac]
mov dword [ebp - 0x370], 1
shl dword [ebp - 0x370], cl
movzx ebx, word [eax + ecx*8 + 4]
movzx edx, word [eax + ecx*8]
mov esi, ebx
lea eax, [ebx + edx]
sub esi, edx
add eax, eax
mov word [ebp - 0x3be], ax
sub eax, esi
add si, word [ebp - 0x3be]
cmp bx, dx
mov ebx, dword [ebp - 0x370]
cmovbe eax, esi
mov si, word [ebp + edi*2 - 0x33a]
and bx, si
mov word [ebp - 0x3be], bx
je short loc_fffce7ae  ; je 0xfffce7ae
cmp dword [ebp - 0x354], 0
je loc_fffce8cc  ; je 0xfffce8cc

loc_fffce7ae:  ; not directly referenced
mov edx, eax
mov ebx, 2
sar dx, 0xf
idiv bx
cmp ax, word [ebp - 0x3b8]
jae short loc_fffce806  ; jae 0xfffce806
cmp dword [ebp - 0x354], 1
jne loc_fffce862  ; jne 0xfffce862
cmp byte [ebp - 0x38d], 0
mov byte [ebp - 0x380], 0
jne loc_fffce8cc  ; jne 0xfffce8cc
mov ax, word [ebp - 0x3a2]
mov word [ebp + edi*2 - 0x33a], ax
mov al, byte [ebp - 0x38d]
mov byte [ebp - 0x380], al
jmp near loc_fffce8cc  ; jmp 0xfffce8cc

loc_fffce806:  ; not directly referenced
cmp byte [ebp - 0x38d], 0
jne short loc_fffce828  ; jne 0xfffce828
mov esi, dword [ebp - 0x384]
cmp word [esi + ecx*2], ax
jbe loc_fffce8cc  ; jbe 0xfffce8cc
mov word [esi + ecx*2], ax
jmp near loc_fffce8cc  ; jmp 0xfffce8cc

loc_fffce828:  ; not directly referenced
movzx eax, ax
mov ebx, 0x64
mov dword [ebp - 0x3d0], eax
mov eax, dword [ebp - 0x384]
movzx eax, word [eax + ecx*2]
imul eax, dword [ebp - 0x3d4]
cdq
idiv ebx
cmp dword [ebp - 0x3d0], eax
jge short loc_fffce87e  ; jge 0xfffce87e
cmp dword [ebp - 0x354], 0
mov byte [ebp - 0x380], 0
jne short loc_fffce8cc  ; jne 0xfffce8cc

loc_fffce862:  ; not directly referenced
or esi, dword [ebp - 0x370]
mov al, byte [ebp - 0x390]
mov word [ebp + edi*2 - 0x33a], si
mov esi, dword [ebp - 0x364]
jmp short loc_fffce8c9  ; jmp 0xfffce8c9

loc_fffce87e:  ; not directly referenced
cmp dword [ebp - 0x354], 1
jne short loc_fffce8b7  ; jne 0xfffce8b7
mov ebx, dword [ebp - 0x370]
cmp word [ebp - 0x3be], bx
je short loc_fffce8cc  ; je 0xfffce8cc
mov al, byte [ebp - 0x34d]
or esi, ebx
mov edx, dword [ebp - 0x364]
sub eax, dword [ebp - 0x350]
mov word [ebp + edi*2 - 0x33a], si
mov byte [edx + ecx], al
jmp short loc_fffce8cc  ; jmp 0xfffce8cc

loc_fffce8b7:  ; not directly referenced
mov al, byte [ebp - 0x34d]
mov esi, dword [ebp - 0x364]
sub eax, dword [ebp - 0x350]

loc_fffce8c9:  ; not directly referenced
mov byte [esi + ecx], al

loc_fffce8cc:  ; not directly referenced
inc ecx
jmp near loc_fffce73d  ; jmp 0xfffce73d

loc_fffce8d2:  ; not directly referenced
inc edi
add dword [ebp - 0x384], 0x12
add dword [ebp - 0x364], 9
add dword [ebp - 0x3ac], 0x48
cmp edi, 2
jne loc_fffce6fb  ; jne 0xfffce6fb
cmp byte [ebp - 0x380], 0
je short loc_fffce923  ; je 0xfffce923
sub esp, 0xc
mov ecx, dword [ebp - 0x378]
push dword [ebp - 0x3b0]
mov edx, dword [ebp - 0x3bc]
mov eax, dword [ebp - 0x34c]
call fcn_fffa7d98  ; call 0xfffa7d98
add esp, 0x10
mov dword [ebp - 0x37c], eax

loc_fffce923:  ; not directly referenced
inc dword [ebp - 0x388]
jmp near loc_fffce4ee  ; jmp 0xfffce4ee

loc_fffce92e:  ; not directly referenced
mov byte [ebp - 0x360], 1

loc_fffce935:  ; not directly referenced
cmp dword [ebp - 0x354], 0
je short loc_fffce965  ; je 0xfffce965
mov edx, dword [ebp - 0x39c]
lea ecx, [ebp - 0x33c]
mov eax, dword [ebp - 0x34c]
mov byte [ebp - 0x33c], 0
mov byte [ebp - 0x33b], 0
call fcn_fffcd955  ; call 0xfffcd955
jmp short loc_fffce984  ; jmp 0xfffce984

loc_fffce965:  ; not directly referenced
mov ecx, dword [ebp - 0x39c]
sub esp, 0xc
mov edx, dword [ebp - 0x35c]
mov eax, dword [ebp - 0x34c]
push 0
call fcn_fffcfce5  ; call 0xfffcfce5
add esp, 0x10

loc_fffce984:  ; not directly referenced
inc dword [ebp - 0x394]
jmp near loc_fffce1b1  ; jmp 0xfffce1b1

loc_fffce98f:  ; not directly referenced
mov byte [ebp - 0x360], 0
jmp near loc_fffce1d5  ; jmp 0xfffce1d5

loc_fffce99b:  ; not directly referenced
add dword [ebp - 0x3a8], 0x48
cmp byte [ebp - 0x360], 0
jne loc_fffce1e2  ; jne 0xfffce1e2
mov dword [ebp - 0x368], 1
jmp near loc_fffce14c  ; jmp 0xfffce14c

loc_fffce9be:  ; not directly referenced
movzx eax, byte [ebp - 0x38e]
xor esi, esi
mov dword [ebp - 0x35c], eax

loc_fffce9cd:  ; not directly referenced
mov eax, dword [ebp - 0x3a0]
bt eax, esi
jae loc_fffceae5  ; jae 0xfffceae5
imul eax, esi, 0x13c3
mov edi, dword [ebp - 0x34c]
mov bl, byte [ebp - 0x34e]
and bl, byte [edi + eax + 0x381a]
mov byte [ebp - 0x354], bl
je loc_fffceae5  ; je 0xfffceae5
movzx ebx, byte [ebp - 0x36c]
lea edi, [esi + esi*8]
lea eax, [ebp - 0x18]
mov byte [ebp - 0x34d], 0
add edi, eax

loc_fffcea17:  ; not directly referenced
mov ecx, dword [ebp - 0x34c]
mov al, byte [ebp - 0x34d]
cmp al, byte [ecx + 0x2488]
jae loc_fffceab4  ; jae 0xfffceab4
cmp byte [ebp - 0x358], 1
jne short loc_fffcea4e  ; jne 0xfffcea4e
movzx eax, byte [ebp - 0x34d]
movzx eax, byte [eax + edi - 0x2da]
cmp bl, al
cmovg ebx, eax
jmp short loc_fffcea6b  ; jmp 0xfffcea6b

loc_fffcea4e:  ; not directly referenced
cmp byte [ebp - 0x358], 0xff
jne short loc_fffcea6b  ; jne 0xfffcea6b
movzx eax, byte [ebp - 0x34d]
movzx eax, byte [eax + edi - 0x2da]
cmp bl, al
cmovl ebx, eax

loc_fffcea6b:  ; not directly referenced
cmp dword [ebp - 0x38c], 0
je short loc_fffceaa9  ; je 0xfffceaa9
movzx eax, byte [ebp - 0x354]
sub esp, 0xc
mov edx, esi
movzx ecx, byte [ebp - 0x34d]
push eax
push 1
push 1
movzx eax, byte [ecx + edi - 0x2da]
push eax
mov eax, dword [ebp - 0x34c]
push dword [ebp - 0x35c]
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x20

loc_fffceaa9:  ; not directly referenced
inc byte [ebp - 0x34d]
jmp near loc_fffcea17  ; jmp 0xfffcea17

loc_fffceab4:  ; not directly referenced
cmp dword [ebp - 0x38c], 0
jne short loc_fffceae5  ; jne 0xfffceae5
movzx eax, byte [ebp - 0x354]
sub esp, 0xc
xor ecx, ecx
mov edx, esi
push eax
mov eax, dword [ebp - 0x34c]
push 1
push 1
push ebx
push dword [ebp - 0x35c]
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x20

loc_fffceae5:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffce9cd  ; jne 0xfffce9cd

loc_fffceaef:  ; not directly referenced
mov eax, dword [ebp - 0x37c]

loc_fffceaf5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffceafd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x2c
mov eax, dword [ebp + 8]
mov byte [ebp - 0x1c], 4
mov byte [ebp - 0x1b], 1
mov byte [ebp - 0x1a], 5
mov eax, dword [eax + 0x5edc]
mov byte [ebp - 0x19], 2
mov byte [ebp - 0x22], 4
mov byte [ebp - 0x21], 1
lea edx, [eax + 0x1c]
xor eax, eax
mov byte [ebp - 0x20], 5
mov byte [ebp - 0x1f], 2
mov byte [ebp - 0x1e], 0xf9
mov byte [ebp - 0x1d], 7
mov dword [ebp - 0x30], 0
mov dword [ebp - 0x2c], 0

loc_fffceb4c:  ; not directly referenced
mov edi, dword [ebp + 8]
mov cl, byte [edi + eax + 0x381a]
test cl, cl
je short loc_fffcebb4  ; je 0xfffcebb4
cmp dword [ebp - 0x2c], 0
mov ebx, 1
jne short loc_fffceb72  ; jne 0xfffceb72
xor ebx, ebx
cmp dword [edi + eax + 0x3816], 2
sete bl

loc_fffceb72:  ; not directly referenced
cmp dword [ebp - 0x30], 0
mov edi, 1
mov dword [ebp - 0x2c], ebx
jne short loc_fffceb99  ; jne 0xfffceb99
mov esi, ecx
and esi, 0xc
mov ebx, esi
cmp bl, 0xc
je short loc_fffceb99  ; je 0xfffceb99
and ecx, 3
xor ebx, ebx
cmp cl, 3
sete bl
mov edi, ebx

loc_fffceb99:  ; not directly referenced
movzx ecx, byte [edx + 0xa5]
mov bl, byte [edx + 0xa4]
mov dword [ebp - 0x30], edi
and ecx, 3
shr bl, 6
shl ecx, 2
or ebx, ecx

loc_fffcebb4:  ; not directly referenced
add eax, 0x13c3
add edx, 0xcc
cmp eax, 0x2786
jne short loc_fffceb4c  ; jne 0xfffceb4c
mov eax, dword [ebp + 8]
mov edx, 1
lea edi, [ebp - 0x1e]
call fcn_fffb0b30  ; call 0xfffb0b30
mov eax, dword [ebp + 8]
mov edx, 0xa
lea esi, [eax + 0x2490]
push ecx
push ecx
push 1
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 3
push 0
push 2
lea ecx, [ebp - 0x22]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x28
mov eax, dword [ebp + 8]
push 1
mov edx, 0xb
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 0
push 0xfffffffffffffffe
push 2
lea ecx, [ebp - 0x22]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x30
cmp dword [ebp - 0x2c], 0
je short loc_fffceca9  ; je 0xfffceca9
push edx
mov eax, dword [ebp + 8]
push edx
mov edx, 1
push 0
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 7
push 6
push 2
lea ecx, [ebp - 0x22]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x28
mov eax, dword [ebp + 8]
push 0
mov edx, 3
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 8
push 7
push 2
lea ecx, [ebp - 0x20]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x28
mov edx, 7
push 0
push 0xf
push 0
push 2
push edi
push esi
lea eax, [ebx + 1]
push 0xc
movsx eax, al
push eax
lea eax, [ebx - 1]
movsx eax, al
push eax
mov eax, dword [ebp + 8]
push 4
lea ecx, [ebp - 0x1c]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x30

loc_fffceca9:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffced28  ; je 0xfffced28
push eax
xor edx, edx
push eax
mov eax, dword [ebp + 8]
push 0
push 0xf
push 0
push 2
lea edi, [ebp - 0x1e]
push edi
push esi
push 0xc
push 7
push 6
push 2
lea ecx, [ebp - 0x22]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x28
mov eax, dword [ebp + 8]
push 0
mov edx, 2
push 0xf
push 0
push 2
push edi
push esi
push 0xc
push 8
push 7
push 2
lea ecx, [ebp - 0x20]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x28
mov edx, 6
push 0
push 0xf
push 0
push 2
push edi
push esi
lea eax, [ebx + 1]
dec ebx
push 0xc
movsx eax, al
push eax
mov eax, dword [ebp + 8]
movsx ebx, bl
push ebx
push 4
lea ecx, [ebp - 0x1c]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x30

loc_fffced28:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffced30:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
xor ebx, ebx
sub esp, 0x3c
mov edi, dword [ebp + 8]
mov byte [ebp - 0x1a], 1
mov byte [ebp - 0x19], 0x19
mov dword [ebp - 0x38], 0
mov eax, dword [edi + 0x5edc]
mov dword [ebp - 0x30], eax

loc_fffced56:  ; not directly referenced
mov esi, 1
mov cl, bl
shl esi, cl
mov eax, esi
test byte [edi + 0x248d], al
je loc_fffcee06  ; je 0xfffcee06
test byte [edi + 0x381a], al
je short loc_fffced95  ; je 0xfffced95
mov cl, byte [edi + ebx + 0x4767]
mov dl, 0xf
movsx eax, byte [edi + ebx + 0x476b]
cmp cl, 0xf
cmovbe edx, ecx
mov cl, al
mov byte [ebp - 0x29], dl
sub ecx, edx
jmp short loc_fffced9d  ; jmp 0xfffced9d

loc_fffced95:  ; not directly referenced
mov byte [ebp - 0x29], 0xf
xor eax, eax
xor ecx, ecx

loc_fffced9d:  ; not directly referenced
mov edx, esi
test byte [edi + 0x4bdd], dl
je short loc_fffcedc7  ; je 0xfffcedc7
movsx ecx, byte [edi + ebx + 0x5b2e]
mov dl, byte [ebp - 0x29]
cmp al, cl
cmovb eax, ecx
mov cl, byte [edi + ebx + 0x5b2a]
cmp dl, cl
cmova edx, ecx
mov cl, al
sub ecx, edx

loc_fffcedc7:  ; not directly referenced
mov dl, 0
test cl, cl
cmovs ecx, edx
push edx
movzx ecx, cl
push edx
push 0
push esi
push ebx
push 1
lea esi, [ebp - 0x19]
push esi
lea edx, [edi + 0x2490]
push edx
mov edx, 0xc
push 0xa
push eax
mov eax, edi
push ecx
push 1
lea ecx, [ebp - 0x1a]
call fcn_fffcda94  ; call 0xfffcda94
add esp, 0x30
mov dword [ebp - 0x38], eax
dec eax
je loc_fffcef18  ; je 0xfffcef18

loc_fffcee06:  ; not directly referenced
inc ebx
cmp ebx, 4
jne loc_fffced56  ; jne 0xfffced56
mov esi, dword [ebp - 0x30]
lea ebx, [edi + 0x3756]
mov dword [ebp - 0x34], 0
add esi, 0x1c

loc_fffcee23:  ; not directly referenced
cmp dword [ebx], 2
je short loc_fffcee45  ; je 0xfffcee45

loc_fffcee28:  ; not directly referenced
inc dword [ebp - 0x34]
add ebx, 0x13c3
add esi, 0xcc
cmp dword [ebp - 0x34], 2
jne short loc_fffcee23  ; jne 0xfffcee23
mov eax, dword [ebp - 0x38]
jmp near loc_fffcef1d  ; jmp 0xfffcef1d

loc_fffcee45:  ; not directly referenced
mov al, byte [esi + 0xa1]
movzx edx, byte [esi + 0xa2]
mov byte [ebp - 0x29], 0
shr al, 7
and edx, 7
movzx eax, al
add edx, edx
or edx, eax
mov al, byte [esi + 0xa2]
shr al, 3
and eax, 0xf
cmp al, dl
cmovb eax, edx
xor edx, edx
lea eax, [eax + eax - 8]
test al, al
cmovns edx, eax
mov al, byte [ebx + 0xc4]
xor ecx, ecx
mov byte [ebp - 0x2a], dl
mov byte [ebp - 0x30], al

loc_fffcee8d:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x30], dl
je short loc_fffceeab  ; je 0xfffceeab
mov al, byte [ebp - 0x29]
mov dl, byte [ebx + ecx + 0x1015]
cmp al, dl
cmovb eax, edx
mov byte [ebp - 0x29], al

loc_fffceeab:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffcee8d  ; jne 0xfffcee8d
mov al, byte [ebp - 0x29]
sub al, byte [ebp - 0x2a]
mov dword [ebp - 0x30], 0
movzx eax, al
mov dword [ebp - 0x3c], eax

loc_fffceec4:  ; not directly referenced
mov cl, byte [ebp - 0x30]
mov eax, 1
shl eax, cl
test byte [ebx + 0xc4], al
je short loc_fffcef0a  ; je 0xfffcef0a
mov ecx, dword [ebp - 0x30]
mov dl, byte [ebp - 0x29]
sub dl, byte [ebx + ecx + 0x1015]
movsx ecx, byte [ebp - 0x2a]
movzx edx, dl
cmp edx, ecx
jle short loc_fffcef0a  ; jle 0xfffcef0a
sub esp, 0xc
mov edx, dword [ebp - 0x34]
xor ecx, ecx
push eax
mov eax, edi
push 0
push 1
push dword [ebp - 0x3c]
push 0xc
call fcn_fffb579d  ; call 0xfffb579d
add esp, 0x20

loc_fffcef0a:  ; not directly referenced
inc dword [ebp - 0x30]
cmp dword [ebp - 0x30], 4
jne short loc_fffceec4  ; jne 0xfffceec4
jmp near loc_fffcee28  ; jmp 0xfffcee28

loc_fffcef18:  ; not directly referenced
mov eax, 0x19

loc_fffcef1d:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcef25:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x40
mov al, byte [ebp + 8]
mov edi, dword [ebp + 0xc]
mov ebx, dword [ebp + 0x18]
mov byte [ebp - 0x41], dl
mov edx, dword [esi + 0x2443]
push 0
push 2
mov byte [ebp - 0x33], al
mov eax, edi
mov byte [ebp - 0x34], al
lea eax, [ebp - 0x23]
push eax
mov byte [ebp - 0x32], cl
mov dword [ebp - 0x30], ecx
mov dword [ebp - 0x2c], edx
mov byte [ebp - 0x42], bl
call dword [edx + 0x5c]  ; ucall
add esp, 0xc
mov edx, dword [ebp - 0x2c]
push 1
push 7
lea eax, [ebp - 0x1f]
push eax
call dword [edx + 0x5c]  ; ucall
add esp, 0x10
mov ecx, dword [ebp - 0x30]
cmp dword [esi + 0x188b], 1
mov dword [ebp - 0x2c], 0
jne short loc_fffcefbc  ; jne 0xfffcefbc
xor eax, eax
cmp dword [esi + 0x2480], 3
sete al
mov dword [ebp - 0x2c], eax
jne short loc_fffcefbc  ; jne 0xfffcefbc
test bl, bl
je short loc_fffcefa2  ; je 0xfffcefa2
mov eax, dword [ebp + 0x10]
jmp short loc_fffcefa5  ; jmp 0xfffcefa5

loc_fffcefa2:  ; not directly referenced
mov eax, dword [ebp + 0x14]

loc_fffcefa5:  ; not directly referenced
mov al, byte [eax]
mov byte [ebp - 0x21], al
test bl, bl
jne short loc_fffcefb3  ; jne 0xfffcefb3
mov eax, dword [ebp + 0x14]
jmp short loc_fffcefb6  ; jmp 0xfffcefb6

loc_fffcefb3:  ; not directly referenced
mov eax, dword [ebp + 0x10]

loc_fffcefb6:  ; not directly referenced
mov al, byte [eax + 1]
mov byte [ebp - 0x20], al

loc_fffcefbc:  ; not directly referenced
movzx eax, cl
mov dword [ebp - 0x38], eax
sar eax, 1
mov dword [ebp - 0x40], eax
movzx eax, byte [ebp - 0x42]
shr edi, 1
mov dword [ebp - 0x30], edi
and dword [ebp - 0x40], 1
and dword [ebp - 0x30], 1
mov dword [ebp - 0x48], eax
movzx eax, byte [ebp - 0x41]
mov dword [ebp - 0x3c], eax

loc_fffcefe2:  ; not directly referenced
xor edi, edi

loc_fffcefe4:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, edi
jb short loc_fffceff4  ; jb 0xfffceff4

loc_fffcefec:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcefe4  ; jne 0xfffcefe4
jmp short loc_fffcf061  ; jmp 0xfffcf061

loc_fffceff4:  ; not directly referenced
mov eax, dword [ebp + 0x14]
mov bl, byte [ebp - 0x33]
movzx edx, byte [eax + edi]
mov eax, dword [ebp + 0x10]
movzx eax, byte [eax + edi]
add eax, edx
imul edx, edi, 0x13c3
add eax, dword [ebp - 0x48]
sar eax, 1
mov byte [ebp + edi - 0x23], al
and bl, byte [esi + edx + 0x381a]
test byte [ebp - 0x34], 1
je short loc_fffcf03d  ; je 0xfffcf03d
push edx
movzx eax, al
push 0
push eax
movzx eax, bl
push 1
push eax
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffcf03d:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffcefec  ; je 0xfffcefec
push eax
movzx eax, byte [ebp + edi - 0x23]
movzx ebx, bl
push 0
push eax
push 2
push ebx
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
jmp short loc_fffcefec  ; jmp 0xfffcefec

loc_fffcf061:  ; not directly referenced
cmp dword [ebp - 0x2c], 0
jne short loc_fffcf073  ; jne 0xfffcf073
sub esp, 0xc
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10

loc_fffcf073:  ; not directly referenced
xor ebx, ebx
mov byte [ebp - 0x31], 0
lea edi, [ebp - 0x1f]

loc_fffcf07c:  ; not directly referenced
mov eax, dword [ebp + 0x1c]
push 0
push 0
push 0
push 0
movsx eax, byte [eax + ebx]
push eax
push 0
push 2
push esi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x1c
movzx ecx, byte [esi + 0x248b]
mov edx, dword [ebp - 0x38]
mov eax, esi
push 0
push 1
push edi
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10
or byte [ebp - 0x31], al
mov al, byte [ebp - 0x32]
cmp byte [ebp - 0x31], al
jne short loc_fffcf0da  ; jne 0xfffcf0da

loc_fffcf0bd:  ; not directly referenced
cmp byte [ebp - 0x31], 0
setne al
test byte [ebp - 0x2c], al
je loc_fffcf154  ; je 0xfffcf154
mov al, byte [ebp - 0x34]
xor edi, edi
and eax, 1
mov byte [ebp - 0x43], al
jmp short loc_fffcf0e2  ; jmp 0xfffcf0e2

loc_fffcf0da:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcf07c  ; jne 0xfffcf07c
jmp short loc_fffcf0bd  ; jmp 0xfffcf0bd

loc_fffcf0e2:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, edi
jb short loc_fffcf0fe  ; jb 0xfffcf0fe

loc_fffcf0ea:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcf0e2  ; jne 0xfffcf0e2
sub esp, 0xc
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
jmp short loc_fffcf154  ; jmp 0xfffcf154

loc_fffcf0fe:  ; not directly referenced
imul edx, edi, 0x13c3
mov bl, byte [ebp - 0x33]
and bl, byte [esi + edx + 0x381a]
cmp byte [ebp - 0x43], 0
je short loc_fffcf130  ; je 0xfffcf130
movzx edx, byte [ebp + edi - 0x21]
push eax
push 0
push edx
movzx edx, bl
push 1
push edx
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffcf130:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffcf0ea  ; je 0xfffcf0ea
movzx edx, byte [ebp + edi - 0x21]
movzx ebx, bl
push ecx
push 0
push edx
push 2
push ebx
push dword [ebp - 0x3c]
push edi
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
jmp short loc_fffcf0ea  ; jmp 0xfffcf0ea

loc_fffcf154:  ; not directly referenced
xor ecx, ecx
mov eax, 1

loc_fffcf15b:  ; not directly referenced
mov edx, eax
shl edx, cl
test byte [ebp - 0x32], dl
je short loc_fffcf1a4  ; je 0xfffcf1a4
mov ebx, dword [ebp + 0x10]
mov edi, dword [ebp + 0x14]
mov bl, byte [ebx + ecx]
cmp byte [edi + ecx], bl
jbe short loc_fffcf1a4  ; jbe 0xfffcf1a4
and dl, byte [ebp - 0x31]
cmp byte [ebp - 0x42], 0
je short loc_fffcf18d  ; je 0xfffcf18d
test dl, dl
mov dl, byte [ebp + ecx - 0x23]
je short loc_fffcf188  ; je 0xfffcf188
dec edx
mov ebx, edi
jmp short loc_fffcf1a1  ; jmp 0xfffcf1a1

loc_fffcf188:  ; not directly referenced
mov ebx, dword [ebp + 0x10]
jmp short loc_fffcf1a1  ; jmp 0xfffcf1a1

loc_fffcf18d:  ; not directly referenced
test dl, dl
mov dl, byte [ebp + ecx - 0x23]
je short loc_fffcf19e  ; je 0xfffcf19e
mov edi, dword [ebp + 0x10]
inc edx
mov byte [edi + ecx], dl
jmp short loc_fffcf1a4  ; jmp 0xfffcf1a4

loc_fffcf19e:  ; not directly referenced
mov ebx, dword [ebp + 0x14]

loc_fffcf1a1:  ; not directly referenced
mov byte [ebx + ecx], dl

loc_fffcf1a4:  ; not directly referenced
inc ecx
cmp ecx, 2
jne short loc_fffcf15b  ; jne 0xfffcf15b
mov al, 1
test byte [ebp - 0x32], 1
je short loc_fffcf1bf  ; je 0xfffcf1bf
mov eax, dword [ebp + 0x10]
mov ecx, dword [ebp + 0x14]
mov al, byte [eax]
cmp byte [ecx], al
setbe al

loc_fffcf1bf:  ; not directly referenced
cmp dword [ebp - 0x40], 0
je short loc_fffcf1d7  ; je 0xfffcf1d7
mov ecx, dword [ebp + 0x10]
mov edi, dword [ebp + 0x14]
mov cl, byte [ecx + 1]
cmp byte [edi + 1], cl
ja loc_fffcefe2  ; ja 0xfffcefe2

loc_fffcf1d7:  ; not directly referenced
test al, al
je loc_fffcefe2  ; je 0xfffcefe2
push 0
xor edi, edi
push 0
push 0
push 0
push 0
push 0
push 2
push esi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x20
cmp dword [ebp - 0x2c], 0
jne short loc_fffcf20f  ; jne 0xfffcf20f

loc_fffcf1fe:  ; not directly referenced
sub esp, 0xc
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffcf20f:  ; not directly referenced
mov al, byte [ebp - 0x34]
and eax, 1
mov byte [ebp - 0x31], al
movzx eax, byte [ebp - 0x41]
mov dword [ebp - 0x2c], eax

loc_fffcf21f:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, edi
jb short loc_fffcf22f  ; jb 0xfffcf22f

loc_fffcf227:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcf21f  ; jne 0xfffcf21f
jmp short loc_fffcf1fe  ; jmp 0xfffcf1fe

loc_fffcf22f:  ; not directly referenced
imul edx, edi, 0x13c3
mov bl, byte [ebp - 0x33]
and bl, byte [esi + edx + 0x381a]
cmp byte [ebp - 0x31], 0
je short loc_fffcf261  ; je 0xfffcf261
push edx
movzx edx, byte [ebp + edi - 0x21]
push 0
push edx
movzx edx, bl
push 1
push edx
push dword [ebp - 0x2c]
push edi
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffcf261:  ; not directly referenced
cmp dword [ebp - 0x30], 0
je short loc_fffcf227  ; je 0xfffcf227
movzx edx, byte [ebp + edi - 0x21]
movzx ebx, bl
push eax
push 0
push edx
push 2
push ebx
push dword [ebp - 0x2c]
push edi
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
jmp short loc_fffcf227  ; jmp 0xfffcf227

fcn_fffcf285:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
xor ebx, ebx
sub esp, 0x40
mov al, byte [ebp + 8]
push 1
movzx edi, byte [ebp + 0xc]
push 7
mov byte [ebp - 0x31], al
mov eax, dword [ebp + 0x14]
mov byte [ebp - 0x2a], dl
lea edx, [ebp - 0x27]
push edx
mov word [ebp - 0x2c], ax
mov eax, dword [ebp + 0x18]
mov byte [ebp - 0x29], cl
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x20], 0
mov word [ebp - 0x34], ax
mov eax, dword [esi + 0x2443]
call dword [eax + 0x5c]  ; ucall
movzx eax, byte [ebp - 0x29]
add esp, 0x10
mov dword [ebp - 0x3c], edi
mov dword [ebp - 0x30], eax

loc_fffcf2dc:  ; not directly referenced
movsx eax, bx
xor edi, edi
mov dword [ebp - 0x38], eax

loc_fffcf2e4:  ; not directly referenced
mov eax, dword [ebp - 0x30]
bt eax, edi
jae short loc_fffcf318  ; jae 0xfffcf318
cmp dword [ebp + edi*4 - 0x20], 0
jne short loc_fffcf318  ; jne 0xfffcf318
mov eax, dword [ebp + 0x10]
push edx
push 0
movzx edx, byte [eax + edi]
add edx, dword [ebp - 0x38]
push edx
movzx edx, byte [ebp - 0x31]
push dword [ebp - 0x3c]
push edx
movzx edx, byte [ebp - 0x2a]
push edx
push edi
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffcf318:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffcf2e4  ; jne 0xfffcf2e4
cmp dword [ebp + 0x20], 0
jne short loc_fffcf330  ; jne 0xfffcf330
sub esp, 0xc
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10

loc_fffcf330:  ; not directly referenced
mov edx, dword [ebp - 0x30]
push eax
movzx ecx, byte [esi + 0x248b]
push 0
push 1
lea eax, [ebp - 0x27]
push eax
mov eax, esi
call fcn_fffb0f94  ; call 0xfffb0f94
mov dl, bl
add esp, 0x10
neg edx
test bx, bx
cmovns edx, ebx
test byte [ebp - 0x29], 1
je short loc_fffcf375  ; je 0xfffcf375
cmp dword [ebp - 0x20], 0
jne short loc_fffcf375  ; jne 0xfffcf375
test al, 1
je short loc_fffcf370  ; je 0xfffcf370
mov dword [ebp - 0x20], 1
jmp short loc_fffcf375  ; jmp 0xfffcf375

loc_fffcf370:  ; not directly referenced
mov ecx, dword [ebp + 0x1c]
mov byte [ecx], dl

loc_fffcf375:  ; not directly referenced
test byte [ebp - 0x29], 2
je short loc_fffcf394  ; je 0xfffcf394
cmp dword [ebp - 0x1c], 0
jne short loc_fffcf394  ; jne 0xfffcf394
test al, 2
jne short loc_fffcf38d  ; jne 0xfffcf38d
mov eax, dword [ebp + 0x1c]
mov byte [eax + 1], dl
jmp short loc_fffcf394  ; jmp 0xfffcf394

loc_fffcf38d:  ; not directly referenced
mov dword [ebp - 0x1c], 1

loc_fffcf394:  ; not directly referenced
mov eax, dword [ebp - 0x34]
add ebx, eax
test ax, ax
jle short loc_fffcf3a7  ; jle 0xfffcf3a7
cmp bx, word [ebp - 0x2c]
setg al
jmp short loc_fffcf3ae  ; jmp 0xfffcf3ae

loc_fffcf3a7:  ; not directly referenced
cmp bx, word [ebp - 0x2c]
setl al

loc_fffcf3ae:  ; not directly referenced
cmp dword [ebp - 0x20], 0
movzx eax, al
je short loc_fffcf3bd  ; je 0xfffcf3bd
cmp dword [ebp - 0x1c], 0
jne short loc_fffcf3c5  ; jne 0xfffcf3c5

loc_fffcf3bd:  ; not directly referenced
test eax, eax
je loc_fffcf2dc  ; je 0xfffcf2dc

loc_fffcf3c5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcf3cd:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, edx
push ebx
sub esp, 0x90
mov eax, dword [ebp + 0x10]
push 1
push 7
mov ebx, eax
mov dword [ebp - 0x78], eax
mov al, byte [ebp + 8]
mov byte [ebp - 0x89], bl
mov ebx, dword [edi + 0x2443]
mov dword [ebp - 0x88], edx
mov byte [ebp - 0x69], dl
mov byte [ebp - 0x6a], al
mov al, byte [ebp + 0xc]
mov byte [ebp - 0x68], cl
mov byte [ebp - 0x74], al
mov al, byte [ebp + 0x14]
mov byte [ebp - 0x7c], al
mov al, byte [ebp + 0x18]
mov byte [ebp - 0x8a], al
lea eax, [ebp - 0x4f]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x53]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x51]
push eax
call dword [ebx + 0x5c]  ; ucall
xor eax, eax
add esp, 0x10
cmp dword [edi + 0x2480], 3
sete al
mov dword [ebp - 0x60], eax
mov eax, esi
cmp al, 6
je short loc_fffcf489  ; je 0xfffcf489

loc_fffcf457:  ; not directly referenced
cmp dword [ebp - 0x60], 1
sbb eax, eax
mov dword [ebp - 0x60], eax
movsx ax, byte [ebp - 0x78]
and byte [ebp - 0x60], 4
add byte [ebp - 0x60], 2
mov word [ebp - 0x6c], ax
mov word [ebp - 0x64], ax
mov al, byte [ebp - 0x7c]
sub eax, dword [ebp - 0x60]
movzx eax, al
mov dword [ebp - 0x94], eax
jmp near loc_fffcf604  ; jmp 0xfffcf604

loc_fffcf489:  ; not directly referenced
movzx esi, byte [ebp - 0x68]
lea eax, [edi + 0x3756]
mov dword [ebp - 0x5c], eax
xor eax, eax
mov dword [ebp - 0x70], esi

loc_fffcf49b:  ; not directly referenced
mov esi, dword [ebp - 0x70]
bt esi, eax
jae loc_fffcf567  ; jae 0xfffcf567
mov esi, dword [ebp - 0x5c]
mov ebx, dword [esi + 0x111]
mov ecx, dword [esi + 0x11d]
cmp bl, cl
mov esi, ecx
cmovl esi, ebx
cmp cl, bl
mov edx, esi
mov esi, dword [ebp - 0x5c]
cmovbe ecx, ebx
mov byte [ebp + eax - 0x53], dl
mov byte [ebp + eax - 0x51], cl
xor ecx, ecx
mov dl, byte [esi + 0xc4]
mov byte [ebp - 0x64], dl

loc_fffcf4da:  ; not directly referenced
mov ebx, 1
shl ebx, cl
test byte [ebp - 0x64], bl
je short loc_fffcf512  ; je 0xfffcf512
mov esi, dword [ebp - 0x5c]
mov bl, byte [esi + ecx + 0x245]
movzx esi, byte [ebp + eax - 0x53]
cmp bl, byte [ebp + eax - 0x53]
cmovle esi, ebx
mov edx, esi
movzx esi, byte [ebp + eax - 0x51]
cmp bl, byte [ebp + eax - 0x51]
mov byte [ebp + eax - 0x53], dl
cmovb ebx, esi
mov byte [ebp + eax - 0x51], bl

loc_fffcf512:  ; not directly referenced
inc ecx
cmp ecx, 4
jne short loc_fffcf4da  ; jne 0xfffcf4da
cmp dword [ebp - 0x60], 0
je short loc_fffcf559  ; je 0xfffcf559
mov ecx, dword [ebp - 0x5c]
mov esi, dword [ecx + 0x109]
mov ecx, dword [ecx + 0x115]
mov edx, esi
mov ebx, esi
cmp cl, dl
mov dl, byte [ebp + eax - 0x53]
cmovl ebx, ecx
cmp bl, byte [ebp + eax - 0x53]
cmovg ebx, edx
mov edx, esi
mov byte [ebp + eax - 0x53], bl
mov bl, byte [ebp + eax - 0x51]
cmp bl, dl
cmovbe ebx, esi
cmp bl, cl
cmovbe ebx, ecx
mov byte [ebp + eax - 0x51], bl

loc_fffcf559:  ; not directly referenced
mov cl, 0x7f
neg byte [ebp + eax - 0x53]
sub cl, byte [ebp + eax - 0x51]
mov byte [ebp + eax - 0x51], cl

loc_fffcf567:  ; not directly referenced
inc eax
add dword [ebp - 0x5c], 0x13c3
cmp eax, 2
jne loc_fffcf49b  ; jne 0xfffcf49b
jmp near loc_fffcf457  ; jmp 0xfffcf457

loc_fffcf57d:  ; not directly referenced
mov eax, dword [ebp - 0x70]
bt eax, ebx
jb loc_fffcf62c  ; jb 0xfffcf62c

loc_fffcf589:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcf57d  ; jne 0xfffcf57d
sub esp, 0xc
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
cmp dword [ebp + 0x24], 0
je loc_fffcf67f  ; je 0xfffcf67f
movzx ecx, byte [edi + 0x248b]
push eax
mov edx, dword [ebp - 0x70]
push 0
push 1
lea eax, [ebp - 0x4f]
push eax
mov eax, edi
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10
mov byte [ebp - 0x5c], al

loc_fffcf5c5:  ; not directly referenced
cmp byte [ebp - 0x69], 6
je loc_fffcf6d8  ; je 0xfffcf6d8

loc_fffcf5cf:  ; not directly referenced
movzx eax, byte [ebp - 0x60]
mov edx, esi
xor ecx, ecx
sub edx, eax
mov dword [ebp - 0x70], eax
movsx eax, byte [ebp - 0x89]
mov dword [ebp - 0x80], edx

loc_fffcf5e6:  ; not directly referenced
mov edx, 1
shl edx, cl
test byte [ebp - 0x68], dl
jne loc_fffcf712  ; jne 0xfffcf712

loc_fffcf5f6:  ; not directly referenced
inc ecx
cmp ecx, 2
jne short loc_fffcf5e6  ; jne 0xfffcf5e6
movzx eax, byte [ebp - 0x60]
add word [ebp - 0x64], ax

loc_fffcf604:  ; not directly referenced
movzx eax, byte [ebp - 0x7c]
movsx esi, word [ebp - 0x64]
mov dword [ebp - 0x5c], eax
cmp esi, eax
jg loc_fffcf7f0  ; jg 0xfffcf7f0
movzx eax, byte [ebp - 0x68]
xor ebx, ebx
mov dword [ebp - 0x70], eax
movzx eax, byte [ebp - 0x74]
mov dword [ebp - 0x5c], eax
jmp near loc_fffcf57d  ; jmp 0xfffcf57d

loc_fffcf62c:  ; not directly referenced
imul eax, ebx, 0x13c3
mov cl, byte [ebp - 0x6a]
and cl, byte [edi + eax + 0x381a]
movzx eax, byte [ebp - 0x69]
movzx ecx, cl
cmp al, 6
je short loc_fffcf65f  ; je 0xfffcf65f
push edx
push 0
push esi
push dword [ebp - 0x5c]
push ecx
push eax
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20
jmp near loc_fffcf589  ; jmp 0xfffcf589

loc_fffcf65f:  ; not directly referenced
xor eax, eax
mov edx, ebx
cmp dword [ebp + 0x20], 0
sete al
push eax
mov eax, edi
push 0
push esi
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10
jmp near loc_fffcf589  ; jmp 0xfffcf589

loc_fffcf67f:  ; not directly referenced
xor ebx, ebx
mov byte [ebp - 0x5c], 0

loc_fffcf685:  ; not directly referenced
mov eax, dword [ebp + 0x1c]
push 0
push 0
push 0
push 0
movsx eax, byte [eax + ebx]
push eax
push 0
push 2
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x1c
movzx ecx, byte [edi + 0x248b]
mov edx, dword [ebp - 0x70]
lea eax, [ebp - 0x4f]
push 0
push 1
push eax
mov eax, edi
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10
or byte [ebp - 0x5c], al
mov al, byte [ebp - 0x68]
cmp byte [ebp - 0x5c], al
je loc_fffcf5c5  ; je 0xfffcf5c5
inc ebx
cmp ebx, 2
jne short loc_fffcf685  ; jne 0xfffcf685
jmp near loc_fffcf5c5  ; jmp 0xfffcf5c5

loc_fffcf6d8:  ; not directly referenced
movsx ax, byte [ebp - 0x53]
cmp word [ebp - 0x64], ax
jge short loc_fffcf6e9  ; jge 0xfffcf6e9

loc_fffcf6e3:  ; not directly referenced
or byte [ebp - 0x5c], 1
jmp short loc_fffcf6f1  ; jmp 0xfffcf6f1

loc_fffcf6e9:  ; not directly referenced
movzx eax, byte [ebp - 0x51]
cmp esi, eax
jg short loc_fffcf6e3  ; jg 0xfffcf6e3

loc_fffcf6f1:  ; not directly referenced
movsx ax, byte [ebp - 0x52]
cmp word [ebp - 0x64], ax
jge short loc_fffcf705  ; jge 0xfffcf705

loc_fffcf6fc:  ; not directly referenced
or byte [ebp - 0x5c], 2
jmp near loc_fffcf5cf  ; jmp 0xfffcf5cf

loc_fffcf705:  ; not directly referenced
movzx eax, byte [ebp - 0x50]
cmp esi, eax
jg short loc_fffcf6fc  ; jg 0xfffcf6fc
jmp near loc_fffcf5cf  ; jmp 0xfffcf5cf

loc_fffcf712:  ; not directly referenced
test byte [ebp - 0x5c], dl
mov ebx, dword [ebp - 0x6c]
sete dl
movzx edx, dl
cmp word [ebp - 0x64], bx
jne short loc_fffcf767  ; jne 0xfffcf767
test edx, edx
je short loc_fffcf745  ; je 0xfffcf745
mov dword [ebp + ecx*4 - 0x20], eax
mov dword [ebp + ecx*4 - 0x28], eax
mov dword [ebp + ecx*4 - 0x30], eax
mov dword [ebp + ecx*4 - 0x38], eax
mov dword [ebp + ecx*4 - 0x40], eax
mov dword [ebp + ecx*4 - 0x48], eax
jmp near loc_fffcf5f6  ; jmp 0xfffcf5f6

loc_fffcf745:  ; not directly referenced
mov edx, eax
sub edx, dword [ebp - 0x70]
mov dword [ebp + ecx*4 - 0x20], edx
mov dword [ebp + ecx*4 - 0x28], edx
mov dword [ebp + ecx*4 - 0x30], edx
mov dword [ebp + ecx*4 - 0x38], edx
mov dword [ebp + ecx*4 - 0x40], edx
mov dword [ebp + ecx*4 - 0x48], edx
jmp near loc_fffcf5f6  ; jmp 0xfffcf5f6

loc_fffcf767:  ; not directly referenced
test edx, edx
je loc_fffcf5f6  ; je 0xfffcf5f6
mov ebx, dword [ebp - 0x80]
cmp dword [ebp + ecx*4 - 0x40], ebx
jne short loc_fffcf77c  ; jne 0xfffcf77c
mov dword [ebp + ecx*4 - 0x40], esi

loc_fffcf77c:  ; not directly referenced
mov ebx, dword [ebp - 0x80]
cmp dword [ebp + ecx*4 - 0x30], ebx
mov dword [ebp + ecx*4 - 0x30], esi
je short loc_fffcf78d  ; je 0xfffcf78d
mov dword [ebp + ecx*4 - 0x38], esi

loc_fffcf78d:  ; not directly referenced
cmp esi, dword [ebp - 0x94]
jl short loc_fffcf7b3  ; jl 0xfffcf7b3
cmp dword [ebp + ecx*4 - 0x48], eax
jne short loc_fffcf7b3  ; jne 0xfffcf7b3
cmp byte [ebp - 0x8a], 0
je short loc_fffcf7b3  ; je 0xfffcf7b3
mov edx, dword [ebp + ecx*4 - 0x40]
sub edx, eax
add edx, dword [ebp - 0x70]
add edx, esi
mov dword [ebp + ecx*4 - 0x30], edx

loc_fffcf7b3:  ; not directly referenced
mov edx, dword [ebp + ecx*4 - 0x30]
mov ebx, dword [ebp + ecx*4 - 0x38]
mov dword [ebp - 0x84], edx
sub edx, ebx
mov dword [ebp - 0x90], edx
mov edx, dword [ebp + ecx*4 - 0x20]
sub edx, dword [ebp + ecx*4 - 0x28]
cmp dword [ebp - 0x90], edx
jle loc_fffcf5f6  ; jle 0xfffcf5f6
mov dword [ebp + ecx*4 - 0x28], ebx
mov ebx, dword [ebp - 0x84]
mov dword [ebp + ecx*4 - 0x20], ebx
jmp near loc_fffcf5f6  ; jmp 0xfffcf5f6

loc_fffcf7f0:  ; not directly referenced
movzx eax, byte [ebp - 0x60]
mov ecx, 2
xor ebx, ebx
mov esi, dword [ebp - 0x5c]
lea eax, [eax + eax*2]
mov dword [ebp - 0x7c], eax
movsx eax, byte [ebp - 0x78]
add esi, eax
mov dword [ebp - 0x78], eax
mov eax, esi
cdq
idiv ecx
mov dword [ebp - 0x70], eax
movzx eax, byte [ebp - 0x68]
mov dword [ebp - 0x68], eax
movzx eax, byte [ebp - 0x74]
mov dword [ebp - 0x74], eax

loc_fffcf823:  ; not directly referenced
mov eax, dword [ebp - 0x68]
bt eax, ebx
jb short loc_fffcf837  ; jb 0xfffcf837

loc_fffcf82b:  ; not directly referenced
inc ebx
cmp ebx, 2
je loc_fffcf90e  ; je 0xfffcf90e
jmp short loc_fffcf823  ; jmp 0xfffcf823

loc_fffcf837:  ; not directly referenced
mov esi, dword [ebp + ebx*4 - 0x20]
mov eax, dword [ebp + ebx*4 - 0x28]
mov ecx, esi
mov dword [ebp - 0x60], eax
sub ecx, eax
cmp ecx, dword [ebp - 0x7c]
jl short loc_fffcf855  ; jl 0xfffcf855
mov edx, dword [ebp - 0x5c]
sub edx, dword [ebp - 0x78]
cmp ecx, edx
jl short loc_fffcf86c  ; jl 0xfffcf86c

loc_fffcf855:  ; not directly referenced
cmp byte [edi + 0x1965], 0
je short loc_fffcf87b  ; je 0xfffcf87b
cmp dword [edi + 0x188b], 1
jne short loc_fffcf87b  ; jne 0xfffcf87b
jmp near loc_fffcf9bc  ; jmp 0xfffcf9bc

loc_fffcf86c:  ; not directly referenced
mov eax, dword [ebp - 0x60]
mov ecx, 2
add eax, esi
cdq
idiv ecx
jmp short loc_fffcf87e  ; jmp 0xfffcf87e

loc_fffcf87b:  ; not directly referenced
mov eax, dword [ebp - 0x70]

loc_fffcf87e:  ; not directly referenced
imul edx, ebx, 0x13c3
mov cl, byte [ebp - 0x6a]
and cl, byte [edi + edx + 0x381a]
cmp dword [ebp + 0x20], 0
mov byte [ebp - 0x64], cl
jne short loc_fffcf8ba  ; jne 0xfffcf8ba
mov dl, byte [ebp - 0x69]
cmp dl, 6
je short loc_fffcf8ba  ; je 0xfffcf8ba
sub esp, 4
push 1
push eax
movzx eax, cl
push dword [ebp - 0x74]
push eax
movzx eax, dl
push eax
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffcf8ba:  ; not directly referenced
mov edx, dword [ebp - 0x60]
movzx ecx, byte [ebp - 0x64]
mov eax, edx
sar eax, 0x1f
xor edx, eax
sub edx, eax
imul eax, edx, 0xa
imul edx, ebx, 0x48
mov dword [ebp - 0x64], ecx
mov dword [ebp - 0x60], eax
mov eax, esi
sar eax, 0x1f
add edx, edi
xor esi, eax
sub esi, eax
xor eax, eax
imul esi, esi, 0xa

loc_fffcf8e6:  ; not directly referenced
mov ecx, dword [ebp - 0x64]
bt ecx, eax
jae short loc_fffcf8fd  ; jae 0xfffcf8fd
mov ecx, dword [ebp - 0x60]
mov dword [edx + 0x3214], esi
mov dword [edx + 0x3210], ecx

loc_fffcf8fd:  ; not directly referenced
inc eax
add edx, 0x90
cmp eax, 4
jne short loc_fffcf8e6  ; jne 0xfffcf8e6
jmp near loc_fffcf82b  ; jmp 0xfffcf82b

loc_fffcf90e:  ; not directly referenced
cmp dword [ebp + 0x24], 0
jne short loc_fffcf92b  ; jne 0xfffcf92b
push 0
push 0
push 0
push 0
push 0
push 0
push 2
push edi
call fcn_fffcc4cb  ; call 0xfffcc4cb
add esp, 0x20

loc_fffcf92b:  ; not directly referenced
cmp byte [ebp - 0x88], 6
je short loc_fffcf942  ; je 0xfffcf942

loc_fffcf934:  ; not directly referenced
sub esp, 0xc
push edi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
jmp short loc_fffcf9c1  ; jmp 0xfffcf9c1

loc_fffcf942:  ; not directly referenced
xor ebx, ebx

loc_fffcf944:  ; not directly referenced
mov eax, dword [ebp - 0x68]
bt eax, ebx
jb short loc_fffcf954  ; jb 0xfffcf954

loc_fffcf94c:  ; not directly referenced
inc ebx
cmp ebx, 2
je short loc_fffcf934  ; je 0xfffcf934
jmp short loc_fffcf944  ; jmp 0xfffcf944

loc_fffcf954:  ; not directly referenced
imul eax, ebx, 0x13c3
mov dl, byte [ebp - 0x6a]
and dl, byte [edi + eax + 0x381a]
xor eax, eax
cmp dword [ebp + 0x20], 0
movzx esi, dl
mov edx, ebx
sete al
mov ecx, esi
push eax
mov eax, edi
push 0
push 0
push 0
call fcn_fffb0cb4  ; call 0xfffb0cb4
imul eax, ebx, 0x48
add esp, 0x10
xor edx, edx
add eax, edi

loc_fffcf98c:  ; not directly referenced
bt esi, edx
jae short loc_fffcf9af  ; jae 0xfffcf9af
mov ecx, dword [eax + 0x3210]
mov dword [ebp - 0x5c], ecx
mov ecx, dword [eax + 0x3214]
mov dword [eax + 0x3210], ecx
mov ecx, dword [ebp - 0x5c]
mov dword [eax + 0x3214], ecx

loc_fffcf9af:  ; not directly referenced
inc edx
add eax, 0x90
cmp edx, 4
jne short loc_fffcf98c  ; jne 0xfffcf98c
jmp short loc_fffcf94c  ; jmp 0xfffcf94c

loc_fffcf9bc:  ; not directly referenced
mov eax, 0xc

loc_fffcf9c1:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcf9c9:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x40
mov edi, dword [ebp + 8]
mov dword [ebp - 0x2c], eax
mov dword [ebp - 0x44], ecx
mov byte [ebp - 0x3d], cl
mov esi, edi
mov ebx, esi
mov esi, eax
mov byte [ebp - 0x3e], bl
mov ebx, dword [eax + 0x2443]
lea eax, [ebp - 0x24]
push 0
push 2
push eax
mov dword [ebp - 0x3c], edx
mov dword [ebp - 0x38], edi
mov edi, dword [ebp + 0xc]
mov byte [ebp - 0x1a], 0xf8
mov byte [ebp - 0x19], 8
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x22]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
cmp byte [ebp - 0x3c], 0
setne cl
cmp dword [esi + 0x2480], 3
mov byte [ebp - 0x30], cl
sete al
test cl, al
je short loc_fffcfa69  ; je 0xfffcfa69
mov al, byte [edi]
xor ecx, ecx
lea edx, [eax - 0x20]
cmp al, 0x21
cmovb edx, ecx
cmp al, 0x5e
lea ebx, [eax + 0x20]
mov al, byte [edi + 1]
mov byte [ebp - 0x1e], dl
mov dl, 0x7f
cmova ebx, edx
mov byte [ebp - 0x1c], bl
cmp al, 0x21
lea ebx, [eax - 0x20]
cmovae ecx, ebx
cmp al, 0x5e
mov byte [ebp - 0x1d], cl
lea ecx, [eax + 0x20]
cmovbe edx, ecx
mov byte [ebp - 0x1b], dl
jmp short loc_fffcfa86  ; jmp 0xfffcfa86

loc_fffcfa69:  ; not directly referenced
push eax
push 0
push 2
lea eax, [ebp - 0x1e]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0x7f
push 2
lea eax, [ebp - 0x1c]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10

loc_fffcfa86:  ; not directly referenced
test edi, edi
mov eax, 1
sete dl
test byte [ebp - 0x30], dl
jne loc_fffcfcdd  ; jne 0xfffcfcdd
movzx esi, byte [ebp - 0x3d]
xor ebx, ebx
mov byte [ebp - 0x34], 0

loc_fffcfaa3:  ; not directly referenced
mov eax, dword [ebp - 0x2c]
mov ecx, esi
mov edx, ebx
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0x34], al
cmp byte [ebp - 0x30], 0
je short loc_fffcfabf  ; je 0xfffcfabf
mov al, byte [edi + ebx]
mov byte [ebp + ebx - 0x20], al

loc_fffcfabf:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcfaa3  ; jne 0xfffcfaa3
cmp byte [ebp - 0x3c], 0
jne loc_fffcfbe2  ; jne 0xfffcfbe2
mov eax, dword [ebp - 0x2c]
cmp dword [eax + 0x188b], 0
je short loc_fffcfae5  ; je 0xfffcfae5
mov al, byte [ebp - 0x44]
and eax, 5
cmp al, 5
je short loc_fffcfb15  ; je 0xfffcfb15

loc_fffcfae5:  ; not directly referenced
push 0
movzx ecx, byte [ebp - 0x34]
xor edx, edx
push 0
lea eax, [ebp - 0x1a]
push eax
movzx eax, byte [ebp - 0x1c]
push 1
push eax
movsx eax, byte [ebp - 0x1e]
push eax
movzx eax, byte [ebp - 0x38]
push eax
mov eax, dword [ebp - 0x2c]
push esi
call fcn_fffcf3cd  ; call 0xfffcf3cd
add esp, 0x20
jmp near loc_fffcfcdd  ; jmp 0xfffcfcdd

loc_fffcfb15:  ; not directly referenced
movzx edi, byte [ebp - 0x3e]
xor eax, eax
mov dword [ebp - 0x30], 0
mov dword [ebp - 0x38], edi

loc_fffcfb25:  ; not directly referenced
mov cl, byte [ebp - 0x30]
mov ebx, 3
xor esi, esi
mov edi, dword [ebp - 0x2c]
shl ebx, cl
mov byte [ebp - 0x34], bl
add edi, 0x3756

loc_fffcfb3d:  ; not directly referenced
cmp dword [edi], 2
jne short loc_fffcfb77  ; jne 0xfffcfb77
cmp byte [ebp - 0x34], 3
mov ecx, 0x40
mov dword [ebp - 0x3c], eax
mov edx, 0xffffffc0
push eax
push 1
cmove edx, ecx
push edx
push 1
mov dl, byte [edi + 0xc4]
and edx, 0xc
push edx
push 0
push esi
push dword [ebp - 0x2c]
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp - 0x3c]
add esp, 0x20

loc_fffcfb77:  ; not directly referenced
inc esi
add edi, 0x13c3
cmp esi, 2
jne short loc_fffcfb3d  ; jne 0xfffcfb3d
test byte [ebp - 0x3d], bl
je short loc_fffcfbcf  ; je 0xfffcfbcf
mov edi, dword [ebp - 0x2c]
mov ecx, ebx
xor edx, edx
mov eax, edi
call fcn_fffaac43  ; call 0xfffaac43
mov ecx, ebx
mov edx, 1
mov esi, eax
mov eax, edi
call fcn_fffaac43  ; call 0xfffaac43
xor edx, edx
push 0
push 0
or eax, esi
movzx ecx, al
lea eax, [ebp - 0x1a]
push eax
movzx eax, byte [ebp - 0x1c]
push 1
push eax
movsx eax, byte [ebp - 0x1e]
push eax
mov eax, edi
push dword [ebp - 0x38]
push ebx
call fcn_fffcf3cd  ; call 0xfffcf3cd
add esp, 0x20

loc_fffcfbcf:  ; not directly referenced
add dword [ebp - 0x30], 2
cmp dword [ebp - 0x30], 4
je loc_fffcfcdd  ; je 0xfffcfcdd
jmp near loc_fffcfb25  ; jmp 0xfffcfb25

loc_fffcfbe2:  ; not directly referenced
movzx eax, byte [ebp - 0x38]
push ebx
push ebx
lea ebx, [ebp - 0x1a]
mov edx, eax
mov dword [ebp - 0x30], eax
movzx eax, byte [ebp - 0x34]
push ebx
push 0
lea ebx, [ebp - 0x20]
mov ecx, eax
mov dword [ebp - 0x38], eax
movzx eax, byte [ebp - 0x3c]
push ebx
mov dword [ebp - 0x3c], eax
lea eax, [ebp - 0x1e]
push eax
mov eax, dword [ebp - 0x2c]
push edx
mov edx, dword [ebp - 0x3c]
push esi
call fcn_fffcef25  ; call 0xfffcef25
mov al, byte [ebp - 0x20]
add esp, 0x18
lea edx, [ebp - 0x1a]
mov ecx, dword [ebp - 0x38]
mov byte [ebp - 0x24], al
mov al, byte [ebp - 0x1f]
mov byte [ebp - 0x23], al
mov al, byte [edi]
mov byte [ebp - 0x20], al
mov al, byte [edi + 1]
push edx
mov edx, dword [ebp - 0x3c]
push 1
mov byte [ebp - 0x1f], al
lea eax, [ebp - 0x1c]
push eax
mov eax, dword [ebp - 0x2c]
push ebx
push dword [ebp - 0x30]
push esi
xor esi, esi
call fcn_fffcef25  ; call 0xfffcef25
mov al, byte [ebp - 0x20]
add esp, 0x20
mov dword [ebp - 0x34], 0
mov byte [ebp - 0x22], al
mov al, byte [ebp - 0x1f]
mov byte [ebp - 0x21], al

loc_fffcfc67:  ; not directly referenced
mov eax, dword [ebp - 0x38]
bt eax, esi
jae short loc_fffcfcd4  ; jae 0xfffcfcd4
mov ebx, dword [ebp - 0x2c]
imul eax, esi, 0x13c3
mov cl, byte [ebp - 0x3d]
movzx edx, byte [ebp + esi - 0x22]
and cl, byte [ebx + eax + 0x381a]
mov bl, dl
mov byte [ebp - 0x44], cl
movzx ecx, byte [ebp + esi - 0x24]
sub ebx, ecx
cmp dl, 0x7f
jne short loc_fffcfca1  ; jne 0xfffcfca1
test cl, cl
jne short loc_fffcfca1  ; jne 0xfffcfca1
mov al, byte [edi + esi]
jmp short loc_fffcfcb6  ; jmp 0xfffcfcb6

loc_fffcfca1:  ; not directly referenced
lea eax, [ecx + edx + 1]
mov edx, 0xc
shr eax, 1
cmp bl, 0x11
cmova edx, dword [ebp - 0x34]
mov dword [ebp - 0x34], edx

loc_fffcfcb6:  ; not directly referenced
push edx
movzx eax, al
push 1
push eax
movzx eax, byte [ebp - 0x44]
push dword [ebp - 0x30]
push eax
push dword [ebp - 0x3c]
push esi
push dword [ebp - 0x2c]
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffcfcd4:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffcfc67  ; jne 0xfffcfc67
mov eax, dword [ebp - 0x34]

loc_fffcfcdd:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffcfce5:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, edx
push esi
mov esi, eax
push ebx
xor ebx, ebx
sub esp, 0x1c
mov byte [ebp - 0x19], cl
movzx ecx, byte [ebp + 8]

loc_fffcfcfb:  ; not directly referenced
bt edi, ebx
jae short loc_fffcfd2e  ; jae 0xfffcfd2e
imul eax, ebx, 0x13c3
mov dl, byte [ebp - 0x19]
and dl, byte [esi + eax + 0x381a]
movzx eax, dl
je short loc_fffcfd2e  ; je 0xfffcfd2e
push edx
push 0
push ecx
push 3
push eax
push 0
push ebx
push esi
mov dword [ebp - 0x20], ecx
call fcn_fffa9178  ; call 0xfffa9178
mov ecx, dword [ebp - 0x20]
add esp, 0x20

loc_fffcfd2e:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffcfcfb  ; jne 0xfffcfcfb
mov dword [ebp + 8], esi
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
jmp near fcn_fffc82f4  ; jmp 0xfffc82f4

fcn_fffcfd43:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x3c
mov edi, dword [ebp + 0xc]
mov eax, dword [ebp + 8]
mov dword [ebp - 0x2c], ecx
mov esi, dword [ebx + 0x2443]
mov dword [ebp - 0x30], edx
mov edx, dword [ebp + 0x18]
mov ecx, edi
inc cl
mov dword [ebp - 0x3c], eax
mov eax, dword [ebp + 0x14]
je short loc_fffcfd80  ; je 0xfffcfd80
movsx cx, dl
movzx edx, dl
mov word [ebp - 0x34], cx
neg word [ebp - 0x34]
jmp short loc_fffcfd8b  ; jmp 0xfffcfd8b

loc_fffcfd80:  ; not directly referenced
mov edx, 0x20
mov word [ebp - 0x34], 0xffe0

loc_fffcfd8b:  ; not directly referenced
push ecx
movzx eax, al
push 0
inc eax
lea ecx, [ebp - 0x1c]
push 2
push ecx
mov dword [ebp - 0x44], edx
mov dword [ebp - 0x40], ecx
mov word [ebp - 0x36], ax
call dword [esi + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0x1a]
push eax
call dword [esi + 0x5c]  ; ucall
movzx ecx, byte [ebp - 0x2c]
add esp, 0xc
movzx edx, byte [ebp - 0x30]
mov eax, edi
push dword [ebp + 0x1c]
movzx edi, al
movzx eax, word [ebp - 0x36]
mov dword [ebp - 0x2c], ecx
mov ecx, dword [ebp - 0x40]
mov dword [ebp - 0x30], edx
mov edx, dword [ebp - 0x44]
movzx esi, byte [ebp - 0x3c]
push ecx
mov ecx, dword [ebp - 0x2c]
push eax
movsx edx, dx
push edx
mov edx, dword [ebp - 0x30]
mov eax, ebx
push dword [ebp + 0x10]
push edi
push esi
call fcn_fffcf285  ; call 0xfffcf285
add esp, 0x20
cmp dword [ebp + 0x1c], 0
je short loc_fffcfe37  ; je 0xfffcfe37
xor eax, eax

loc_fffcfdfd:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
bt ecx, eax
jae short loc_fffcfe25  ; jae 0xfffcfe25
mov ecx, dword [ebp + 0x10]
push edx
push 0
movzx edx, byte [ecx + eax]
mov dword [ebp - 0x3c], eax
push edx
push edi
push esi
push dword [ebp - 0x30]
push eax
push ebx
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp - 0x3c]
add esp, 0x20

loc_fffcfe25:  ; not directly referenced
inc eax
cmp eax, 2
jne short loc_fffcfdfd  ; jne 0xfffcfdfd
sub esp, 0xc
push ebx
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10

loc_fffcfe37:  ; not directly referenced
push ecx
mov edx, dword [ebp - 0x30]
push dword [ebp + 0x1c]
lea eax, [ebp - 0x1a]
mov ecx, dword [ebp - 0x2c]
push eax
mov ax, word [ebp - 0x36]
neg eax
cwde
push eax
movsx eax, word [ebp - 0x34]
push eax
mov eax, ebx
push dword [ebp + 0x10]
push edi
push esi
call fcn_fffcf285  ; call 0xfffcf285
add esp, 0x20
cmp dword [ebp + 0x1c], 0
je short loc_fffcfea3  ; je 0xfffcfea3
xor eax, eax

loc_fffcfe69:  ; not directly referenced
mov ecx, dword [ebp - 0x2c]
bt ecx, eax
jae short loc_fffcfe91  ; jae 0xfffcfe91
push edx
mov edx, dword [ebp + 0x10]
push 0
mov dword [ebp - 0x34], eax
movzx edx, byte [edx + eax]
push edx
push edi
push esi
push dword [ebp - 0x30]
push eax
push ebx
call fcn_fffa9178  ; call 0xfffa9178
mov eax, dword [ebp - 0x34]
add esp, 0x20

loc_fffcfe91:  ; not directly referenced
inc eax
cmp eax, 2
jne short loc_fffcfe69  ; jne 0xfffcfe69
sub esp, 0xc
push ebx
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10

loc_fffcfea3:  ; not directly referenced
xor eax, eax

loc_fffcfea5:  ; not directly referenced
mov edi, dword [ebp - 0x2c]
bt edi, eax
jb short loc_fffcfebe  ; jb 0xfffcfebe

loc_fffcfead:  ; not directly referenced
inc eax
add ebx, 0x48
cmp eax, 2
jne short loc_fffcfea5  ; jne 0xfffcfea5
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffcfebe:  ; not directly referenced
mov ecx, ebx
xor edx, edx

loc_fffcfec2:  ; not directly referenced
bt esi, edx
jae short loc_fffcfee3  ; jae 0xfffcfee3
movzx edi, byte [ebp + eax - 0x1a]
imul edi, edi, 0xa
mov dword [ecx + 0x3210], edi
movzx edi, byte [ebp + eax - 0x1c]
imul edi, edi, 0xa
mov dword [ecx + 0x3214], edi

loc_fffcfee3:  ; not directly referenced
inc edx
add ecx, 0x90
cmp edx, 4
jne short loc_fffcfec2  ; jne 0xfffcfec2
jmp short loc_fffcfead  ; jmp 0xfffcfead

fcn_fffcfef1:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0xfc
mov esi, dword [ebp + 8]
mov dword [ebp - 0xd4], 0
mov eax, dword [esi + 0x2443]
mov dword [ebp - 0xd8], eax
mov eax, dword [esi + 0x5edc]
mov dword [ebp - 0xdc], eax
lea eax, [esi + 0x2490]
mov dword [ebp - 0xe0], eax
mov eax, dword [esi + 0x188b]
mov dword [ebp - 0xe4], eax
mov al, byte [esi + 0x2441]
mov byte [ebp - 0xf9], al
test byte [esi + 0x2405], 0x20
je short loc_fffcff61  ; je 0xfffcff61
xor eax, eax
cmp dword [ebp - 0xe4], 1
sete al
mov dword [ebp - 0xd4], eax

loc_fffcff61:  ; not directly referenced
cmp dword [esi + 0x2480], 3
mov edi, dword [ebp - 0xd8]
push ebx
sete al
push 0
push 0x10
lea ebx, [ebp - 0xa8]
mov byte [ebp - 0xfa], al
movzx eax, al
mov dword [ebp - 0xcc], eax
mov eax, edi
push ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xb0]
push eax
mov eax, edi
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
mov eax, edi
push 0xff
lea edx, [ebp - 0x98]
push 0x80
push edx
mov dword [ebp - 0xbc], edx
call dword [eax + 0x5c]  ; ucall
add esp, 0x10
mov edx, dword [ebp - 0xbc]
cmp dword [ebp - 0xcc], 1
mov byte [ebp - 0xad], 0
mov byte [ebp - 0xae], 0
sbb eax, eax
and eax, 7
add eax, 0xa
cmp dword [ebp - 0xd4], 1
movzx eax, al
mov dword [ebp - 0xf8], edx
mov dword [ebp - 0xec], edx
sbb edi, edi
mov dword [ebp - 0xc8], edi
mov edi, esi
and dword [ebp - 0xc8], 0xfffffff8
add dword [ebp - 0xc8], 0xd
mov dword [ebp - 0xc4], 0
mov dword [ebp - 0xc0], 0
mov dword [ebp - 0xf4], ebx
mov dword [ebp - 0x100], eax

loc_fffd0037:  ; not directly referenced
mov eax, dword [ebp - 0xdc]
xor ebx, ebx
mov cl, byte [ebp - 0xc4]
mov dword [ebp - 0xd0], 1
shl dword [ebp - 0xd0], cl
add eax, 0x70
mov dword [ebp - 0xf0], eax
mov byte [ebp - 0xe8], 0

loc_fffd0065:  ; not directly referenced
mov ecx, dword [ebp - 0xd0]
mov edx, ebx
mov eax, esi
call fcn_fffaac43  ; call 0xfffaac43
or byte [ebp - 0xe8], al
movzx eax, byte [ebp - 0xe8]
bt eax, ebx
mov dword [ebp - 0xbc], eax
jae short loc_fffd00a9  ; jae 0xfffd00a9
push ecx
push 0
movzx eax, byte [esi + 0x2488]
push eax
mov eax, dword [ebp - 0xd8]
push dword [ebp - 0xf0]
call dword [eax + 0x64]  ; ucall
add esp, 0x10

loc_fffd00a9:  ; not directly referenced
inc ebx
add dword [ebp - 0xf0], 0xcc
cmp ebx, 2
jne short loc_fffd0065  ; jne 0xfffd0065
cmp byte [ebp - 0xe8], 0
je loc_fffd03c2  ; je 0xfffd03c2
mov edx, dword [ebp - 0xbc]
sub esp, 0xc
mov ecx, 0x11
push 0
mov eax, esi
mov bl, 1
call fcn_fffb26ca  ; call 0xfffb26ca
add esp, 0x10

loc_fffd00e2:  ; not directly referenced
cmp ebx, 3
je short loc_fffd0142  ; je 0xfffd0142
cmp ebx, 1
jne short loc_fffd00f5  ; jne 0xfffd00f5
mov byte [esi + 0x248b], 9
jmp short loc_fffd0101  ; jmp 0xfffd0101

loc_fffd00f5:  ; not directly referenced
cmp ebx, 4
jne short loc_fffd0101  ; jne 0xfffd0101
mov byte [esi + 0x248b], 0

loc_fffd0101:  ; not directly referenced
lea eax, [ebx - 4]
mov ecx, dword [ebp - 0xbc]
push edx
cmp eax, 2
push edx
sbb eax, eax
mov edx, dword [ebp - 0xe0]
push 0
and eax, 0x17
push dword [ebp - 0xf4]
add eax, 0x1f
movzx eax, al
push eax
mov eax, esi
push 1
push ebx
push dword [ebp - 0xc4]
call fcn_fffc6051  ; call 0xfffc6051
add esp, 0x20
mov dword [ebp - 0xc0], eax

loc_fffd0142:  ; not directly referenced
inc ebx
cmp ebx, 6
jne short loc_fffd00e2  ; jne 0xfffd00e2
cmp dword [ebp - 0xd4], 0
je loc_fffd03c2  ; je 0xfffd03c2
mov ecx, dword [ebp - 0x100]
sub esp, 0xc
mov eax, esi
mov edx, dword [ebp - 0xbc]
push 0
call fcn_fffb2759  ; call 0xfffb2759
add esp, 0x10
cmp dword [ebp - 0xcc], 0
je short loc_fffd01a5  ; je 0xfffd01a5
push eax
mov ecx, dword [ebp - 0xbc]
xor edx, edx
push 0
push 0
push 0x20
push 0
lea eax, [ebp - 0xae]
push eax
mov eax, esi
push 0xff
push dword [ebp - 0xd0]
call fcn_fffcfd43  ; call 0xfffcfd43
jmp short loc_fffd01f5  ; jmp 0xfffd01f5

loc_fffd01a5:  ; not directly referenced
push 1
mov ecx, dword [ebp - 0xbc]
xor edx, edx
push 1
lea eax, [ebp - 0xb0]
push eax
mov eax, esi
push 1
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf3cd  ; call 0xfffcf3cd
mov ebx, dword [ebp - 0xec]
mov eax, dword [edi + 0x3210]
mov dword [ebx], eax
mov eax, dword [edi + 0x3214]
mov dword [ebx + 4], eax
mov eax, dword [edi + 0x3258]
mov dword [ebx + 0x10], eax
mov eax, dword [edi + 0x325c]
mov dword [ebx + 0x14], eax

loc_fffd01f5:  ; not directly referenced
add esp, 0x20
cmp byte [ebp - 0xf9], 0
je short loc_fffd0278  ; je 0xfffd0278

loc_fffd0201:  ; not directly referenced
push ecx
push 0
push 0
push 3
push 0xff
push 0
push 0
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 0
push 0
push 3
push 0xff
push 0
push 1
push esi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x14
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
mov ecx, dword [ebp - 0xbc]
pop ebx
pop eax
mov eax, esi
mov edx, dword [ebp - 0xe0]
push 0
push dword [ebp - 0xf4]
push 0x36
push 0
push 0xd
push dword [ebp - 0xc4]
call fcn_fffc6051  ; call 0xfffc6051
add esp, 0x14
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
mov dword [ebp - 0xc0], eax
jmp near loc_fffd03c2  ; jmp 0xfffd03c2

loc_fffd0278:  ; not directly referenced
xor ebx, ebx

loc_fffd027a:  ; not directly referenced
imul eax, ebx, 0x13c3
cmp dword [esi + eax + 0x3756], 2
jne short loc_fffd02ce  ; jne 0xfffd02ce
push edx
push 0
push 0
push 3
push 0xff
push 0
push ebx
push esi
call fcn_fffa9178  ; call 0xfffa9178
mov ecx, dword [ebp - 0xdc]
imul eax, ebx, 0xcc
add esp, 0x20
mov edx, ebx
push 0
push 1
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
push eax
mov eax, esi
push 1
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10

loc_fffd02ce:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd027a  ; jne 0xfffd027a
sub esp, 0xc
push esi
call fcn_fffc82f4  ; call 0xfffc82f4
add esp, 0x10
cmp dword [ebp - 0xcc], 0
je short loc_fffd0316  ; je 0xfffd0316
mov ecx, dword [ebp - 0xd0]
mov eax, esi
mov edx, dword [ebp - 0xbc]
call fcn_fffc93f9  ; call 0xfffc93f9

loc_fffd02fc:  ; not directly referenced
mov eax, dword [ebp - 0xec]
mov ebx, edi
mov dword [ebp - 0xc0], 0
mov dword [ebp - 0xd0], eax
jmp short loc_fffd0362  ; jmp 0xfffd0362

loc_fffd0316:  ; not directly referenced
push 1
mov ecx, dword [ebp - 0xbc]
mov edx, 6
push 1
lea eax, [ebp - 0xb0]
push eax
mov eax, esi
push 0
push 0x40
push 0xffffffffffffffc0
push 3
push 0xff
call fcn_fffcf3cd  ; call 0xfffcf3cd
add esp, 0x20
jmp short loc_fffd02fc  ; jmp 0xfffd02fc

loc_fffd0345:  ; not directly referenced
inc dword [ebp - 0xc0]
add ebx, 0x48
add dword [ebp - 0xd0], 0x10
cmp dword [ebp - 0xc0], 2
je loc_fffd0201  ; je 0xfffd0201

loc_fffd0362:  ; not directly referenced
imul eax, dword [ebp - 0xc0], 0x13c3
cmp dword [esi + eax + 0x3756], 2
jne short loc_fffd0345  ; jne 0xfffd0345
mov eax, dword [ebx + 0x3210]
mov edx, dword [ebp - 0xd0]
mov ecx, dword [ebp - 0xdc]
mov dword [edx + 8], eax
mov eax, dword [ebx + 0x3214]
mov dword [edx + 0xc], eax
mov edx, dword [ebp - 0xc0]
push 0
push 1
imul eax, edx, 0xcc
movzx eax, byte [ecx + eax + 0xe2]
mov ecx, 0xff
neg eax
push eax
mov eax, esi
push 1
call fcn_fffb0cb4  ; call 0xfffb0cb4
add esp, 0x10
jmp short loc_fffd0345  ; jmp 0xfffd0345

loc_fffd03c2:  ; not directly referenced
inc dword [ebp - 0xc4]
add edi, 0x90
add dword [ebp - 0xec], 0x20
cmp dword [ebp - 0xc4], 4
jne loc_fffd0037  ; jne 0xfffd0037
cmp dword [ebp - 0xcc], 0
jne short loc_fffd0439  ; jne 0xfffd0439
mov eax, dword [ebp - 0xf8]
lea edx, [esi + 0x3210]
lea ebx, [ebp - 0x18]

loc_fffd03fa:  ; not directly referenced
mov ecx, dword [eax]
cmp dword [eax + 8], ecx
cmovbe ecx, dword [eax + 8]
mov dword [edx], ecx
mov ecx, dword [eax + 4]
cmp dword [eax + 0xc], ecx
cmovbe ecx, dword [eax + 0xc]
mov dword [edx + 4], ecx
mov ecx, dword [eax + 0x18]
cmp dword [eax + 0x10], ecx
cmovbe ecx, dword [eax + 0x10]
mov dword [edx + 0x48], ecx
mov ecx, dword [eax + 0x1c]
cmp dword [eax + 0x14], ecx
cmovbe ecx, dword [eax + 0x14]
add eax, 0x20
add edx, 0x90
mov dword [edx - 0x44], ecx
cmp eax, ebx
jne short loc_fffd03fa  ; jne 0xfffd03fa

loc_fffd0439:  ; not directly referenced
mov dword [ebp - 0xcc], 0
xor edi, edi
mov dword [ebp - 0xd0], 0
mov byte [ebp - 0xc4], 0

loc_fffd0456:  ; not directly referenced
mov byte [ebp - 0xbc], 0

loc_fffd045d:  ; not directly referenced
mov cl, byte [ebp - 0xc4]
mov eax, 1
movzx edx, byte [ebp - 0xbc]
movzx ebx, cl
shl eax, cl
imul ecx, edx, 0x13c3
test byte [esi + ecx + 0x381a], al
je loc_fffd0601  ; je 0xfffd0601
imul ebx, ebx, 0x90
imul edx, edx, 0x48
mov dword [ebp - 0xd4], edi
lea eax, [ebx + edx]
mov ebx, 1
mov dword [ebp - 0xe8], eax

loc_fffd04a4:  ; not directly referenced
lea eax, [ebx - 6]
cmp eax, 5
setbe dl
cmp ebx, 3
sete al
or dl, al
jne loc_fffd05de  ; jne 0xfffd05de
mov ecx, 2
mov edx, ebx
movzx edi, byte [ebx + ref_fffd5f1c]  ; movzx edi, byte [ebx - 0x2a0e4]
mov eax, esi
call fcn_fffb13cf  ; call 0xfffb13cf
mov ecx, 0xa
xor edx, edx
imul edi, edi, 0x240
div cx
mov word [ebp - 0xec], ax
push eax
push 0xffff
push 2
lea eax, [ebp - 0xac]
push eax
mov eax, dword [ebp - 0xd8]
call dword [eax + 0x60]  ; ucall
lea eax, [ebx - 0xc]
add esp, 0x10
add edi, dword [ebp - 0xe0]
xor ecx, ecx
add edi, dword [ebp - 0xe8]
mov dword [ebp - 0xf0], eax
mov dword [ebp - 0xdc], edi

loc_fffd051f:  ; not directly referenced
mov eax, dword [ebp - 0xdc]
xor edx, edx
mov edi, 0xa
mov eax, dword [eax + ecx*2]
div di
mov dx, word [ecx + ebp - 0xac]
cmp ax, dx
cmovbe edx, eax
mov word [ecx + ebp - 0xac], dx
cmp ax, word [ebp - 0xec]
ja short loc_fffd05ac  ; ja 0xfffd05ac
cmp ebx, 4
sete dl
cmp ebx, 1
sete al
or dl, al
jne short loc_fffd058c  ; jne 0xfffd058c
cmp ebx, 5
sete dl
cmp ebx, 2
sete al
or dl, al
jne short loc_fffd0598  ; jne 0xfffd0598
cmp dword [ebp - 0xf0], 1
mov eax, 1
cmova eax, dword [ebp - 0xcc]
mov dword [ebp - 0xcc], eax
jmp short loc_fffd05a2  ; jmp 0xfffd05a2

loc_fffd058c:  ; not directly referenced
mov dword [ebp - 0xd0], 1
jmp short loc_fffd05a2  ; jmp 0xfffd05a2

loc_fffd0598:  ; not directly referenced
mov dword [ebp - 0xd4], 1

loc_fffd05a2:  ; not directly referenced
mov dword [ebp - 0xc0], 0x1c

loc_fffd05ac:  ; not directly referenced
add ecx, 2
cmp ecx, 4
jne loc_fffd051f  ; jne 0xfffd051f
mov eax, dword [ebp - 0xd0]
mov edi, dword [ebp - 0xd4]
dec eax
jne short loc_fffd05de  ; jne 0xfffd05de
cmp edi, 1
jne short loc_fffd05de  ; jne 0xfffd05de
cmp dword [ebp - 0xcc], 1
je short loc_fffd05f3  ; je 0xfffd05f3
cmp dword [ebp - 0xe4], 0
je short loc_fffd05f3  ; je 0xfffd05f3

loc_fffd05de:  ; not directly referenced
inc ebx
cmp ebx, dword [ebp - 0xc8]
jbe loc_fffd04a4  ; jbe 0xfffd04a4
mov edi, dword [ebp - 0xd4]
jmp short loc_fffd0601  ; jmp 0xfffd0601

loc_fffd05f3:  ; not directly referenced
mov byte [ebp - 0xc4], 4
mov byte [ebp - 0xbc], 2

loc_fffd0601:  ; not directly referenced
inc byte [ebp - 0xbc]
cmp byte [ebp - 0xbc], 1
jbe loc_fffd045d  ; jbe 0xfffd045d
inc byte [ebp - 0xc4]
cmp byte [ebp - 0xc4], 3
jbe loc_fffd0456  ; jbe 0xfffd0456
cmp dword [ebp - 0xc0], 0x1c
jne loc_fffd079e  ; jne 0xfffd079e
mov dl, byte [ebp - 0xfa]
xor edx, 1
cmp dword [ebp - 0xe4], 1
sete al
test dl, al
jne short loc_fffd0655  ; jne 0xfffd0655

loc_fffd064b:  ; not directly referenced
mov eax, 1
jmp near loc_fffd06e5  ; jmp 0xfffd06e5

loc_fffd0655:  ; not directly referenced
lea eax, [esi + 0x3756]
mov ebx, 0x4020
mov dword [ebp - 0xc4], eax

loc_fffd0666:  ; not directly referenced
mov eax, dword [ebp - 0xc4]
cmp dword [eax], 2
jne short loc_fffd06ae  ; jne 0xfffd06ae
mov edx, ebx
mov eax, esi
call fcn_fffae52a  ; call 0xfffae52a
mov edx, ebx
mov dword [ebp - 0xbc], eax
mov eax, esi
or dword [ebp - 0xbc], 0x40000000
mov ecx, dword [ebp - 0xbc]
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp - 0xbc]
mov edx, ebx
mov eax, esi
and ecx, 0xbfffffff
call fcn_fffae58c  ; call 0xfffae58c

loc_fffd06ae:  ; not directly referenced
add ebx, 0x400
add dword [ebp - 0xc4], 0x13c3
cmp ebx, 0x4820
jne short loc_fffd0666  ; jne 0xfffd0666
jmp short loc_fffd064b  ; jmp 0xfffd064b

loc_fffd06c8:  ; not directly referenced
cmp eax, 4
sete cl
cmp eax, 1
sete dl
or cl, dl
je short loc_fffd06ee  ; je 0xfffd06ee

loc_fffd06d8:  ; not directly referenced
inc eax
cmp eax, dword [ebp - 0xc8]
ja loc_fffd079e  ; ja 0xfffd079e

loc_fffd06e5:  ; not directly referenced
cmp dword [ebp - 0xd0], 0
je short loc_fffd06c8  ; je 0xfffd06c8

loc_fffd06ee:  ; not directly referenced
test edi, edi
jne short loc_fffd0702  ; jne 0xfffd0702
cmp eax, 5
sete cl
cmp eax, 2
sete dl
or cl, dl
jne short loc_fffd06d8  ; jne 0xfffd06d8

loc_fffd0702:  ; not directly referenced
cmp dword [ebp - 0xcc], 0
jne short loc_fffd0713  ; jne 0xfffd0713
lea edx, [eax - 0xc]
cmp edx, 1
jbe short loc_fffd06d8  ; jbe 0xfffd06d8

loc_fffd0713:  ; not directly referenced
cmp eax, 3
je short loc_fffd06d8  ; je 0xfffd06d8
lea edx, [eax - 6]
cmp edx, 5
jbe short loc_fffd06d8  ; jbe 0xfffd06d8
mov dword [ebp - 0xbc], 0
mov byte [ebp - 0xd4], al

loc_fffd0730:  ; not directly referenced
mov ecx, dword [esi + 0x5edc]
mov ecx, dword [ecx + 4]
mov dword [ebp - 0xc4], ecx
mov ebx, ecx
xor ecx, ecx

loc_fffd0743:  ; not directly referenced
mov dl, byte [ebp - 0xd4]
cmp dl, byte [ebx]
jne short loc_fffd075a  ; jne 0xfffd075a
mov edx, dword [ebp - 0xbc]
movzx ebx, word [ebx + edx*2 + 1]
jmp short loc_fffd0765  ; jmp 0xfffd0765

loc_fffd075a:  ; not directly referenced
inc ecx
add ebx, 7
cmp ecx, 0xb
jne short loc_fffd0743  ; jne 0xfffd0743
xor ebx, ebx

loc_fffd0765:  ; not directly referenced
add ebx, 0x28
mov edx, 0xffff
imul ecx, ecx, 7
add ecx, dword [ebp - 0xc4]
cmp ebx, 0xffff
cmovg ebx, edx
mov edx, dword [ebp - 0xbc]
inc dword [ebp - 0xbc]
cmp dword [ebp - 0xbc], 2
mov word [ecx + edx*2 + 1], bx
jne short loc_fffd0730  ; jne 0xfffd0730
jmp near loc_fffd06d8  ; jmp 0xfffd06d8

loc_fffd079e:  ; not directly referenced
mov eax, dword [ebp - 0xc0]
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd07ac:  ; not directly referenced
push ebp
mov ecx, 0xa
mov ebp, esp
push edi
push esi
mov esi, ref_fffd5f40  ; mov esi, 0xfffd5f40
push ebx
sub esp, 0xe0f0
mov eax, dword [ebp + 8]
lea edi, [ebp - 0xe044]
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
mov byte [ebp - 0xe06e], 6
mov eax, dword [eax + 0x5edc]
mov byte [ebp - 0xe069], 0
mov byte [ebp - 0xe068], 4
mov byte [ebp - 0xe065], 6
mov edi, eax
mov dword [ebp - 0xe0e0], eax
mov eax, dword [ebp + 8]
mov byte [ebp - 0xe064], 0
mov byte [ebp - 0xe063], 4
mov byte [ebp - 0xe056], 1
mov ebx, dword [eax + 0x2443]
movzx eax, byte [eax + 0x2488]
mov byte [ebp - 0xe055], 1
mov byte [ebp - 0xe054], 1
mov byte [ebp - 0xe053], 1
mov dword [ebp - 0xe0d0], eax
mov eax, dword [ebp + 8]
mov byte [ebp - 0xe052], 1
mov byte [ebp - 0xe051], 1
mov byte [ebp - 0xe050], 1
mov esi, dword [eax + 0x1887]
mov eax, dword [eax + 0x188b]
mov byte [ebp - 0xe04f], 1
mov byte [ebp - 0xe04e], 0
mov byte [ebp - 0xe04d], 0
mov byte [ebp - 0xe067], 6
mov byte [ebp - 0xe066], 5
mov dword [ebp - 0xe088], eax
mov eax, dword [ebp + 8]
mov eax, dword [eax + 0x2480]
push 0
push 0x50a
mov dword [ebp - 0xe0e4], eax
lea eax, [ebp - 0xdea0]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0xd97e
lea eax, [ebp - 0xd996]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 0x19a
lea eax, [ebp - 0xe03a]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 2
lea eax, [ebp - 0xe06d]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0xc
push 0
push 8
lea eax, [ebp - 0xe04c]
push eax
call dword [ebx + 0x5c]  ; ucall
add esp, 0x10
cmp esi, 0x306d0
sete bl
cmp esi, 0x40650
sete al
or ebx, eax
mov al, bl
xor eax, 1
cmp byte [edi + 0x1c5], 1
mov byte [ebp - 0xe0ba], al
mov eax, edi
mov word [ebp - 0xe07a], 0
sbb edi, edi
not edi
and edi, 0x10
cmp byte [eax + 0x1c5], 1
mov eax, dword [ebp + 8]
mov byte [ebp - 0xe07c], 0
sbb esi, esi
mov dword [ebp - 0xe0b8], esi
mov al, byte [eax + 0x248e]
mov dword [ebp - 0xe098], esi
and byte [ebp - 0xe0b8], 0xe
and byte [ebp - 0xe098], 0xfc
add byte [ebp - 0xe0b8], 2
add byte [ebp - 0xe098], 6
mov byte [ebp - 0xe0b9], al
mov eax, dword [ebp + 8]
and byte [ebp - 0xe0b9], 3
movzx esi, byte [ebp - 0xe0b9]
mov dword [ebp - 0xe0a8], 0
mov al, byte [eax + 0x248d]
mov dword [ebp - 0xe0a0], 0
mov dword [ebp - 0xe080], esi
mov byte [ebp - 0xe0c0], al
mov eax, dword [ebp + 8]
and byte [ebp - 0xe0c0], 0xf
lea edx, [eax + 0x39b5]
xor eax, eax

loc_fffd09b9:  ; not directly referenced
mov esi, dword [ebp - 0xe080]
bt esi, eax
jae loc_fffd0a91  ; jae 0xfffd0a91
cmp dword [edx - 0x19f], 2
lea ecx, [eax*4]
jne short loc_fffd09f3  ; jne 0xfffd09f3
mov esi, 3
shl esi, cl
mov ecx, esi
mov dword [ebp - 0xe0a0], 1
or byte [ebp - 0xe07c], cl
jmp short loc_fffd0a0c  ; jmp 0xfffd0a0c

loc_fffd09f3:  ; not directly referenced
mov esi, 1
shl esi, cl
mov ecx, esi
or byte [ebp - 0xe07c], cl
mov dword [ebp - 0xe0a8], 1

loc_fffd0a0c:  ; not directly referenced
mov esi, dword [ebp + 8]
mov cl, byte [ebp - 0xe0c0]
and cl, byte [edx - 0x19b]
mov esi, dword [esi + 0x2480]
mov byte [ebp + eax - 0xe06d], cl
cmp esi, 3
setne cl
add ecx, ecx
cmp dword [ebp - 0xe088], 1
mov byte [ebp + eax*2 - 0xe062], cl
jne short loc_fffd0a5d  ; jne 0xfffd0a5d
mov cl, byte [edx - 0x12]
and ecx, 0x30
cmp cl, 0x30
mov ecx, 3
cmovne cx, word [ebp - 0xe07a]
mov word [ebp - 0xe07a], cx

loc_fffd0a5d:  ; not directly referenced
cmp esi, 3
setne cl
add ecx, ecx
cmp dword [ebp - 0xe088], 1
mov byte [ebp + eax*2 - 0xe061], cl
jne short loc_fffd0a91  ; jne 0xfffd0a91
mov cl, byte [edx]
mov esi, 3
and ecx, 0x30
cmp cl, 0x30
cmovne si, word [ebp - 0xe07a]
mov word [ebp - 0xe07a], si

loc_fffd0a91:  ; not directly referenced
inc eax
add edx, 0x13c3
cmp eax, 2
jne loc_fffd09b9  ; jne 0xfffd09b9
cmp dword [ebp - 0xe0a0], 0
jne short loc_fffd0ac8  ; jne 0xfffd0ac8
test bl, bl
je short loc_fffd0aea  ; je 0xfffd0aea
mov eax, dword [ebp + 8]
test byte [eax + 0x2404], 0x20
lea eax, [ebp - 0xe051]
mov dword [ebp - 0xe0a4], eax
jne short loc_fffd0b05  ; jne 0xfffd0b05
jmp short loc_fffd0af6  ; jmp 0xfffd0af6

loc_fffd0ac8:  ; not directly referenced
lea eax, [ebp - 0xe056]
mov dword [ebp - 0xe0a4], eax
lea esi, [ebp - 0xe065]
mov byte [ebp - 0xe09c], 3
mov byte [ebp - 0xe07b], 2
jmp short loc_fffd0b19  ; jmp 0xfffd0b19

loc_fffd0aea:  ; not directly referenced
lea eax, [ebp - 0xe051]
mov dword [ebp - 0xe0a4], eax

loc_fffd0af6:  ; not directly referenced
mov byte [ebp - 0xe09c], 1
lea esi, [ebp - 0xe06e]
jmp short loc_fffd0b12  ; jmp 0xfffd0b12

loc_fffd0b05:  ; not directly referenced
mov byte [ebp - 0xe09c], 2
lea esi, [ebp - 0xe067]

loc_fffd0b12:  ; not directly referenced
mov byte [ebp - 0xe07b], 1

loc_fffd0b19:  ; not directly referenced
cmp dword [ebp - 0xe088], 0
je short loc_fffd0b41  ; je 0xfffd0b41
mov dx, word [ebp - 0xe07a]
mov ebx, dword [ebp - 0xe088]
mov eax, edx
add eax, 0xc
dec ebx
cmovne eax, edx
mov word [ebp - 0xe07a], ax
jmp short loc_fffd0b4a  ; jmp 0xfffd0b4a

loc_fffd0b41:  ; not directly referenced
mov word [ebp - 0xe07a], 0xc

loc_fffd0b4a:  ; not directly referenced
lea eax, [edi - 0x10]
mov byte [ebp - 0xe0bc], al
movzx eax, byte [ebp - 0xe098]
mov byte [ebp - 0xe084], 0
mov byte [ebp - 0xe0c8], 0
mov dword [ebp - 0xe0f4], eax
movzx eax, byte [ebp - 0xe0ba]
mov dword [ebp - 0xe0dc], eax

loc_fffd0b7b:  ; not directly referenced
movsx eax, byte [ebp - 0xe0c8]
cmp eax, dword [ebp - 0xe0f4]
jge loc_fffd0d6d  ; jge 0xfffd0d6d
movzx eax, byte [ebp - 0xe07b]
xor edi, edi
add eax, dword [ebp - 0xe0dc]
mov dword [ebp - 0xe0d8], eax

loc_fffd0ba3:  ; not directly referenced
mov bl, byte [ebp - 0xe0ba]
mov al, bl
add eax, edi
mov dl, al
mov byte [ebp - 0xe0bb], al
movsx eax, al
cmp eax, dword [ebp - 0xe0d8]
jge loc_fffd0d56  ; jge 0xfffd0d56
mov al, dl
add eax, 2
mov byte [ebp - 0xe0e5], al
mov al, bl
lea eax, [eax + edi - 1]
mov byte [ebp - 0xe098], al
movsx eax, word [ebp - 0xe07a]
mov dword [ebp - 0xe0ec], eax
movzx eax, byte [ebp - 0xe09c]
mov dword [ebp - 0xe0f0], eax

loc_fffd0bf5:  ; not directly referenced
movsx eax, byte [ebp - 0xe098]
cmp eax, dword [ebp - 0xe0d8]
je loc_fffd0d38  ; je 0xfffd0d38
cmp eax, dword [ebp - 0xe0dc]
jl loc_fffd0d38  ; jl 0xfffd0d38
cmp byte [ebp - 0xe098], 1
mov dword [ebp - 0xe0cc], 0
sete dl
cmp byte [ebp - 0xe0bb], 1
sete al
or dl, al
je short loc_fffd0c42  ; je 0xfffd0c42
mov eax, dword [ebp - 0xe0a0]
mov dword [ebp - 0xe0cc], eax

loc_fffd0c42:  ; not directly referenced
xor ebx, ebx

loc_fffd0c44:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
bt eax, ebx
jb short loc_fffd0c57  ; jb 0xfffd0c57

loc_fffd0c4f:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd0c44  ; jne 0xfffd0c44
jmp short loc_fffd0cd2  ; jmp 0xfffd0cd2

loc_fffd0c57:  ; not directly referenced
mov al, byte [ebp - 0xe0bb]
mov byte [ebp - 0xe0c4], 0
mov byte [ebp + ebx*2 - 0xe05e], al
mov al, byte [ebp - 0xe098]
mov byte [ebp + ebx*2 - 0xe05d], al

loc_fffd0c78:  ; not directly referenced
movzx eax, byte [ebp - 0xe0c4]
mov dword [ebp - 0xe0d4], eax
cmp eax, dword [ebp - 0xe0d0]
jae short loc_fffd0c4f  ; jae 0xfffd0c4f
push 1
mov eax, dword [ebp + 8]
xor ecx, ecx
push 0
mov edx, ebx
push 0
push dword [ebp - 0xe0d4]
call fcn_fffafdb2  ; call 0xfffafdb2
movzx ecx, byte [ebp + ebx - 0xe06d]
mov edx, ebx
push 1
mov eax, dword [ebp + 8]
push dword [ebp - 0xe0ec]
push 4
push dword [ebp - 0xe0d4]
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x20
inc byte [ebp - 0xe0c4]
jmp short loc_fffd0c78  ; jmp 0xfffd0c78

loc_fffd0cd2:  ; not directly referenced
cmp byte [ebp - 0xe084], 0x28
ja short loc_fffd0d38  ; ja 0xfffd0d38
movzx eax, byte [ebp - 0xe084]
sub esp, 0xc
push 0
mov ecx, dword [ebp - 0xe080]
push dword [ebp - 0xe0cc]
push dword [ebp - 0xe0f0]
imul eax, eax, 0x54e
push esi
lea edx, [ebp + eax - 0xd996]
movsx eax, byte [ebp - 0xe0bc]
push eax
lea eax, [ebp - 0xe062]
push eax
lea eax, [ebp - 0xe05e]
push eax
movzx eax, byte [ebp - 0xe0c0]
push 0
push eax
mov eax, dword [ebp + 8]
call fcn_fffbf2e9  ; call 0xfffbf2e9
add esp, 0x30
inc byte [ebp - 0xe084]

loc_fffd0d38:  ; not directly referenced
inc byte [ebp - 0xe098]
mov al, byte [ebp - 0xe0e5]
cmp byte [ebp - 0xe098], al
jne loc_fffd0bf5  ; jne 0xfffd0bf5
inc edi
jmp near loc_fffd0ba3  ; jmp 0xfffd0ba3

loc_fffd0d56:  ; not directly referenced
mov al, byte [ebp - 0xe0b8]
inc byte [ebp - 0xe0c8]
add byte [ebp - 0xe0bc], al
jmp near loc_fffd0b7b  ; jmp 0xfffd0b7b

loc_fffd0d6d:  ; not directly referenced
movzx eax, byte [ebp - 0xe07c]
xor ebx, ebx
mov dword [ebp - 0xe09c], eax
movzx eax, byte [ebp - 0xe084]
mov dword [ebp - 0xe0b8], eax

loc_fffd0d89:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
mov byte [ebp + ebx - 0xe06b], 0
bt eax, ebx
jae loc_fffd0efc  ; jae 0xfffd0efc
mov al, byte [ebp - 0xd467]
mov byte [ebp - 0xe098], 0
mov byte [ebp - 0xe07b], al

loc_fffd0db3:  ; not directly referenced
mov edi, dword [ebp - 0xe098]
mov al, byte [ebp - 0xe084]
mov edx, edi
cmp dl, al
je short loc_fffd0e08  ; je 0xfffd0e08
movzx ecx, dl
imul esi, ecx, 0x2a7
add ecx, ecx
lea eax, [ebp - 0xd996]
add esi, ebx
add esi, esi
add esi, eax
lea eax, [ebp - 0xe03a]
add ecx, eax
xor eax, eax

loc_fffd0de6:  ; not directly referenced
cmp byte [ebp - 0xe07b], al
jbe short loc_fffd0e00  ; jbe 0xfffd0e00
imul edi, eax, 0x52
mov dx, word [esi + eax*4 + 0x53a]
inc eax
mov word [ecx + edi], dx
jmp short loc_fffd0de6  ; jmp 0xfffd0de6

loc_fffd0e00:  ; not directly referenced
inc byte [ebp - 0xe098]
jmp short loc_fffd0db3  ; jmp 0xfffd0db3

loc_fffd0e08:  ; not directly referenced
mov eax, dword [ebp - 0xe09c]
lea ecx, [ebx*4]
sub esp, 0xc
mov edi, dword [ebp - 0xe0a4]
lea esi, [ebp - 0xe03a]
mov edx, ebx
push 7
push 0
sar eax, cl
mov ecx, eax
movzx eax, byte [ebp - 0xd467]
push eax
push edi
lea eax, [ebp - 0xd466]
push eax
push dword [ebp - 0xe0b8]
lea eax, [ebp - 0xd996]
push 0x29
push esi
push eax
mov eax, dword [ebp + 8]
call fcn_fffb97c0  ; call 0xfffb97c0
add esp, 0x2c
mov ecx, esi
push 0
lea eax, [ebp - 0xe044]
push eax
movsx eax, byte [ebp - 0xe084]
push 1
push 1
push edi
push eax
mov eax, dword [ebp + 8]
push 0x29
lea edx, [ebp - 0xdea0]
call fcn_fffa5d2d  ; call 0xfffa5d2d
movsx di, byte [ebp - 0xde9e]
lea eax, [ebp - 0xd996]
add edi, dword [ebp - 0xdea0]
mov cl, bl
mov edx, 1
add esp, 0x18
shl edx, cl
movsx edi, di
imul esi, edi, 0x54e
imul edi, edi, 0x2a7
push 0
push 0
add eax, esi
mov ecx, eax
mov eax, dword [ebp + 8]
add edi, ebx
call fcn_fffb3a79  ; call 0xfffb3a79
mov al, byte [ebp + edi*2 - 0xd996]
add esp, 0x10
mov byte [ebp + ebx*2 - 0xe05a], al
mov al, byte [ebp + edi*2 - 0xd995]
mov byte [ebp + ebx*2 - 0xe059], al
lea eax, [ebp + esi - 0xd996]
mov dl, byte [eax + 8]
mov eax, dword [eax + 9]
mov byte [ebp + ebx - 0xe06b], dl
mov dword [ebp + ebx*4 - 0xe04c], eax

loc_fffd0efc:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffd0d89  ; jne 0xfffd0d89
test byte [ebp - 0xe080], 1
je short loc_fffd0f1f  ; je 0xfffd0f1f
mov al, byte [ebp - 0xe06b]
mov bl, 1
mov byte [ebp - 0xe084], al
jmp short loc_fffd0f28  ; jmp 0xfffd0f28

loc_fffd0f1f:  ; not directly referenced
mov byte [ebp - 0xe084], 0
xor ebx, ebx

loc_fffd0f28:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
shr eax, 1
je short loc_fffd0f41  ; je 0xfffd0f41
mov al, byte [ebp - 0xe06a]
inc ebx
add byte [ebp - 0xe084], al
jmp short loc_fffd0f47  ; jmp 0xfffd0f47

loc_fffd0f41:  ; not directly referenced
test bl, bl
je short loc_fffd0f5a  ; je 0xfffd0f5a
mov bl, 1

loc_fffd0f47:  ; not directly referenced
movsx eax, byte [ebp - 0xe084]
movzx ecx, bl
cdq
idiv ecx
mov byte [ebp - 0xe084], al

loc_fffd0f5a:  ; not directly referenced
movzx ecx, byte [ebp - 0xe084]
sub esp, 0xc
xor edx, edx
mov eax, dword [ebp + 8]
push 1
call fcn_fffa83c9  ; call 0xfffa83c9
add esp, 0x10
mov edi, eax
cmp bl, 2
je short loc_fffd0fd2  ; je 0xfffd0fd2

loc_fffd0f7a:  ; not directly referenced
mov eax, dword [ebp + 8]
mov esi, dword [ebp - 0xe080]
push edx
push 0
add eax, 0x2490
mov edx, eax
mov edi, eax
mov dword [ebp - 0xe0b8], eax
mov eax, dword [ebp + 8]
mov ecx, esi
push 0
push 0
call fcn_fffc19af  ; call 0xfffc19af
mov eax, dword [ebp + 8]
mov edx, edi
pop ecx
mov ecx, esi
pop ebx
push 0
push 0xf
push 0
push 0
push 0
push 1
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20
cmp dword [ebp - 0xe0e4], 3
jne loc_fffd105e  ; jne 0xfffd105e
jmp near loc_fffd110a  ; jmp 0xfffd110a

loc_fffd0fd2:  ; not directly referenced
mov esi, dword [ebp - 0xe0e0]
xor ebx, ebx
add esi, 0x1c

loc_fffd0fdd:  ; not directly referenced
mov eax, dword [ebp - 0xe080]
bt eax, ebx
jb short loc_fffd0ff6  ; jb 0xfffd0ff6

loc_fffd0fe8:  ; not directly referenced
inc ebx
add esi, 0xcc
cmp ebx, 2
jne short loc_fffd0fdd  ; jne 0xfffd0fdd
jmp short loc_fffd0f7a  ; jmp 0xfffd0f7a

loc_fffd0ff6:  ; not directly referenced
sub dword [ebp + ebx*4 - 0xe04c], edi
mov byte [ebp - 0xe098], 0

loc_fffd1004:  ; not directly referenced
mov edx, dword [ebp + 8]
mov al, byte [ebp - 0xe098]
cmp al, byte [edx + 0x2488]
jae short loc_fffd0fe8  ; jae 0xfffd0fe8
movzx edx, byte [ebp - 0xe098]
push 1
lea eax, [edx + 0x1c]
mov cl, byte [esi + eax*4 + 9]
movzx eax, byte [esi + eax*4 + 0xa]
shr cl, 4
and eax, 1
movzx ecx, cl
shl eax, 4
or eax, ecx
mov ecx, 0xf
add eax, dword [ebp + ebx*4 - 0xe04c]
cwde
push eax
mov eax, dword [ebp + 8]
push 1
push edx
mov edx, ebx
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x10
inc byte [ebp - 0xe098]
jmp short loc_fffd1004  ; jmp 0xfffd1004

loc_fffd105e:  ; not directly referenced
mov eax, dword [ebp + 8]
cmp dword [ebp - 0xe0a8], 0
mov byte [ebp - 0xe07b], 1
mov al, byte [eax + 0x2411]
sete dl
test byte [ebp - 0xe0a0], dl
jne short loc_fffd1092  ; jne 0xfffd1092
test al, al
mov edi, 1
cmove edi, eax
mov eax, edi
mov byte [ebp - 0xe07b], al

loc_fffd1092:  ; not directly referenced
lea eax, [ebp - 0xe062]
mov dword [ebp - 0xe09c], eax
movsx eax, byte [ebp - 0xe084]
mov dword [ebp - 0xe098], 0
mov dword [ebp - 0xe0c8], eax

loc_fffd10b5:  ; not directly referenced
mov eax, dword [ebp - 0xe098]
mov ebx, 3
mov ecx, eax
add ecx, eax
mov eax, dword [ebp + 8]
shl ebx, cl
test byte [eax + 0x248d], bl
jne short loc_fffd1143  ; jne 0xfffd1143

loc_fffd10d1:  ; not directly referenced
inc dword [ebp - 0xe098]
inc dword [ebp - 0xe09c]
cmp dword [ebp - 0xe098], 2
jne short loc_fffd10b5  ; jne 0xfffd10b5
movsx edi, word [ebp - 0xe07a]
xor ebx, ebx

loc_fffd10ef:  ; not directly referenced
mov eax, dword [ebp + 8]
xor esi, esi
movzx eax, byte [eax + 0x248e]
bt eax, ebx
jb loc_fffd1379  ; jb 0xfffd1379

loc_fffd1104:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd10ef  ; jne 0xfffd10ef

loc_fffd110a:  ; not directly referenced
mov eax, dword [ebp + 8]
sub esp, 0xc
xor ecx, ecx
movzx edx, byte [eax + 0x248e]
push 0
call fcn_fffcc3c6  ; call 0xfffcc3c6
add esp, 0x10
cmp dword [ebp - 0xe088], 0
jne loc_fffd13a8  ; jne 0xfffd13a8
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffbdcd9  ; call 0xfffbdcd9
add esp, 0x10
jmp near loc_fffd13a8  ; jmp 0xfffd13a8

loc_fffd1143:  ; not directly referenced
test byte [ebp - 0xe06d], bl
setne al
mov dl, al
or edx, 2
test byte [ebp - 0xe06c], bl
cmovne eax, edx
xor esi, esi
and al, byte [ebp - 0xe0b9]
lea edx, [ebp - 0xd996]
mov edi, edx
movzx eax, al
mov dword [ebp - 0xe0a4], eax

loc_fffd1173:  ; not directly referenced
mov al, byte [ebp - 0xe07b]
sub esp, 0xc
mov edx, dword [ebp - 0xe09c]
mov ecx, dword [ebp - 0xe0a4]
add eax, esi
test al, al
mov byte [edx], al
mov byte [edx + 2], al
sete al
mov edx, edi
and eax, dword [ebp - 0xe0a8]
add edi, 0x54e
push eax
push 0
push 2
lea eax, [ebp - 0xe069]
push eax
push dword [ebp - 0xe0c8]
lea eax, [ebp - 0xe062]
push eax
lea eax, [ebp - 0xe05a]
push eax
mov eax, dword [ebp + 8]
push 1
push ebx
call fcn_fffbf2e9  ; call 0xfffbf2e9
lea eax, [esi + 1]
inc esi
mov byte [ebp - 0xe0a0], al
mov al, byte [ebp - 0xe07b]
add esp, 0x30
add eax, esi
cmp al, 2
jbe short loc_fffd1173  ; jbe 0xfffd1173
movsx eax, byte [ebp - 0xe0a0]
mov cl, byte [ebp - 0xe098]
mov dword [ebp - 0xe084], 1
shl dword [ebp - 0xe084], cl
movzx ebx, al
mov dword [ebp - 0xe080], 0
mov dword [ebp - 0xe0c0], ebx
mov dword [ebp - 0xe0c4], eax

loc_fffd121c:  ; not directly referenced
mov eax, dword [ebp - 0xe0a4]
mov edx, dword [ebp - 0xe080]
bt eax, edx
jae loc_fffd1361  ; jae 0xfffd1361
mov al, byte [ebp - 0xd467]
xor edx, edx
mov byte [ebp - 0xe07c], al

loc_fffd123f:  ; not directly referenced
movzx ecx, dl
imul ebx, ecx, 0x2a7
add ecx, ecx
add ebx, dword [ebp - 0xe080]
lea eax, [ebp - 0xd996]
add ebx, ebx
add ebx, eax
lea eax, [ebp - 0xe03a]
add ecx, eax
xor eax, eax

loc_fffd1264:  ; not directly referenced
cmp byte [ebp - 0xe07c], al
jbe short loc_fffd127e  ; jbe 0xfffd127e
imul esi, eax, 0x52
mov di, word [ebx + eax*4 + 0x53a]
inc eax
mov word [ecx + esi], di
jmp short loc_fffd1264  ; jmp 0xfffd1264

loc_fffd127e:  ; not directly referenced
inc edx
cmp dl, byte [ebp - 0xe0a0]
jne short loc_fffd123f  ; jne 0xfffd123f
movzx eax, byte [ebp - 0xd467]
sub esp, 0xc
push 8
mov ecx, dword [ebp - 0xe084]
push 0
mov edx, dword [ebp - 0xe080]
lea ebx, [ebp - 0xe051]
push eax
push ebx
lea eax, [ebp - 0xd466]
push eax
push dword [ebp - 0xe0c0]
lea esi, [ebp - 0xe03a]
lea eax, [ebp - 0xd996]
lea edi, [ebp - 0xd996]
push 0x29
push esi
push eax
mov eax, dword [ebp + 8]
call fcn_fffb97c0  ; call 0xfffb97c0
add esp, 0x2c
mov ecx, esi
push 0
lea eax, [ebp - 0xe044]
push eax
mov eax, dword [ebp + 8]
push 1
push 1
push ebx
push dword [ebp - 0xe0c4]
lea edx, [ebp - 0xdea0]
push 0x29
call fcn_fffa5d2d  ; call 0xfffa5d2d
movsx si, byte [ebp - 0xde9e]
add esp, 0x18
add esi, dword [ebp - 0xdea0]
mov edx, 1
push 0
push 1
movsx esi, si
imul eax, esi, 0x54e
imul esi, esi, 0x2a7
lea ebx, [edi + eax]
mov edi, dword [ebp - 0xe080]
mov eax, dword [ebp + 8]
mov ecx, edi
add esi, edi
shl edx, cl
mov ecx, ebx
call fcn_fffb3a79  ; call 0xfffb3a79
add esi, esi
mov edx, edi
lea eax, [ebp - 0x18]
mov edi, dword [ebp - 0xe09c]
add esp, 0x10
add esi, eax
mov eax, dword [ebp - 0xe098]
mov al, byte [eax + esi - 0xd97a]
mov byte [edi + edx*2], al

loc_fffd1361:  ; not directly referenced
inc dword [ebp - 0xe080]
cmp dword [ebp - 0xe080], 2
jne loc_fffd121c  ; jne 0xfffd121c
jmp near loc_fffd10d1  ; jmp 0xfffd10d1

loc_fffd1379:  ; not directly referenced
mov eax, esi
movzx eax, al
cmp eax, dword [ebp - 0xe0d0]
jae loc_fffd1104  ; jae 0xfffd1104
push 1
movzx ecx, byte [ebp + ebx - 0xe06d]
mov edx, ebx
push edi
inc esi
push 4
push eax
mov eax, dword [ebp + 8]
call fcn_fffafdb2  ; call 0xfffafdb2
add esp, 0x10
jmp short loc_fffd1379  ; jmp 0xfffd1379

loc_fffd13a8:  ; not directly referenced
push eax
mov edx, dword [ebp - 0xe0b8]
push eax
mov eax, dword [ebp + 8]
movzx ecx, byte [eax + 0x248e]
push 0
push 0xf
push 0
push 0
push 0
push 2
call fcn_fffc0a2d  ; call 0xfffc0a2d
add esp, 0x20
cmp dword [ebp - 0xe088], 1
jne short loc_fffd13e5  ; jne 0xfffd13e5
sub esp, 0xc
push dword [ebp + 8]
call fcn_fffbdcd9  ; call 0xfffbdcd9
add esp, 0x10

loc_fffd13e5:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd13ed:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
push ebx
sub esp, 0x10c
mov eax, dword [ebp + 0x10]
mov byte [ebp - 0xfa], cl
mov cl, byte [ebp + 0xc]
mov ebx, dword [ebp + 8]
mov dword [ebp - 0xbc], edx
mov dword [ebp - 0xe4], eax
mov byte [ebp - 0xd4], cl
mov ecx, eax
mov byte [ebp - 0xeb], al
mov al, byte [ebp + 0x18]
mov byte [ebp - 0xec], bl
mov byte [ebp - 0xd3], al
mov eax, dword [edi + 0x2443]
mov dword [ebp - 0xf8], eax
mov al, cl
shr al, 4
inc eax
mov byte [ebp - 0xf9], al
xor eax, eax
cmp cl, 0x21
ja short loc_fffd1460  ; ja 0xfffd1460
movzx eax, byte [ebp - 0xe4]
movzx eax, byte [eax + ref_fffd5f1c]  ; movzx eax, byte [eax - 0x2a0e4]

loc_fffd1460:  ; not directly referenced
mov ecx, dword [ebp - 0xe4]
mov dword [ebp - 0xd8], 1
cmp cl, 0x21
sete dl
cmp cl, 0x11
sete cl
or dl, cl
jne short loc_fffd1492  ; jne 0xfffd1492
xor ecx, ecx
cmp byte [ebp - 0xe4], 5
sete cl
mov dword [ebp - 0xd8], ecx

loc_fffd1492:  ; not directly referenced
movzx ecx, byte [edi + 0x2488]
mov esi, 1
shl esi, cl
dec esi
cmp byte [edi + 0x248b], 1
mov word [ebp - 0xea], si
jne short loc_fffd151e  ; jne 0xfffd151e
mov cl, byte [edi + 0x248c]
lea esi, [ecx + 4]
mov byte [ebp - 0x9a], cl
mov edx, esi
mov byte [ebp - 0x99], cl
add ecx, 2
mov byte [ebp - 0x98], dl
mov byte [ebp - 0x97], cl

loc_fffd14d7:  ; not directly referenced
imul eax, eax, 0x240
movzx ebx, bl
add eax, dword [ebp - 0xbc]
mov dword [ebp - 0xc4], 0
mov byte [ebp - 0xd2], 0
mov dword [ebp - 0xc8], eax
imul eax, ebx, 0x24
mov dword [ebp - 0x110], eax
movzx eax, byte [ebp - 0xec]
mov dword [ebp - 0x118], eax
imul eax, eax, 0x12
mov dword [ebp - 0xd0], eax
jmp short loc_fffd1559  ; jmp 0xfffd1559

loc_fffd151e:  ; not directly referenced
mov byte [ebp - 0x9a], 1
mov byte [ebp - 0x99], 1
mov byte [ebp - 0x98], 1
mov byte [ebp - 0x97], 1
jmp short loc_fffd14d7  ; jmp 0xfffd14d7

loc_fffd153c:  ; not directly referenced
inc ebx
cmp ebx, 2
jne loc_fffd1f38  ; jne 0xfffd1f38
inc dword [ebp - 0xc4]
cmp dword [ebp - 0xc4], 2
je loc_fffd1fc4  ; je 0xfffd1fc4

loc_fffd1559:  ; not directly referenced
mov ebx, dword [ebp - 0xf8]
lea eax, [ebp - 0xa2]
xor esi, esi
push ecx
push 0
push 4
push eax
mov eax, ebx
call dword [eax + 0x5c]  ; ucall
add esp, 0xc
push 0
push 4
lea eax, [ebp - 0x9e]
push eax
mov eax, ebx
call dword [eax + 0x5c]  ; ucall
lea eax, [ebp - 0x72]
add esp, 0x10
mov dword [ebp - 0xbc], eax

loc_fffd1591:  ; not directly referenced
movzx eax, byte [ebp - 0xfa]
bt eax, esi
mov dword [ebp - 0xe0], eax
jb short loc_fffd15bf  ; jb 0xfffd15bf
mov ax, word [ebp - 0xea]
mov word [ebp + esi*2 - 0xa2], ax
mov word [ebp + esi*2 - 0x9e], ax
jmp near loc_fffd1766  ; jmp 0xfffd1766

loc_fffd15bf:  ; not directly referenced
mov eax, dword [ebp - 0xbc]
mov byte [ebp - 0xc0], 0
mov byte [eax], 0x7f
mov eax, esi
shl eax, 0xa
add eax, 0x40f0
mov dword [ebp - 0xf0], eax
lea eax, [esi + esi*8]
mov dword [ebp - 0xe8], eax

loc_fffd15e8:  ; not directly referenced
mov al, byte [ebp - 0xc0]
cmp al, byte [edi + 0x2488]
jae loc_fffd171e  ; jae 0xfffd171e
movzx eax, byte [ebp - 0xc0]
lea ecx, [ebp - 0x18]
mov ebx, eax
mov dword [ebp - 0xcc], eax
lea eax, [esi + esi*8]
lea edx, [ecx + eax]
add eax, ebx
mov dword [ebp + eax*4 - 0x60], 0
movzx eax, byte [ebp - 0xd3]
cmp byte [ebp - 0xeb], 1
mov byte [ebx + edx - 0x7e], 0x7f
mov byte [ebp - 0xd1], al
jne short loc_fffd1659  ; jne 0xfffd1659
push edx
movzx ecx, byte [ebp - 0xd4]
mov edx, esi
push eax
mov eax, edi
push dword [ebp - 0xc4]
push ebx
call fcn_fffaec68  ; call 0xfffaec68
add esp, 0x10
mov byte [ebp - 0xd1], al

loc_fffd1659:  ; not directly referenced
lea eax, [esi + esi*8]
xor edx, edx
mov dword [ebp - 0xdc], eax
mov eax, dword [ebp - 0xd0]
mov ecx, 0xa
mov ebx, dword [ebp - 0xdc]
add ebx, eax
mov eax, dword [ebp - 0xc8]
add ebx, dword [ebp - 0xcc]
add ebx, ebx
add ebx, dword [ebp - 0xc4]
mov eax, dword [eax + ebx*4]
div ecx
movzx edx, byte [ebp - 0xd1]
cmp eax, edx
cmova eax, edx
mov edx, dword [ebp - 0xc8]
cmp dword [ebp - 0xd8], 1
mov dword [edx + ebx*4], eax
jne short loc_fffd16d2  ; jne 0xfffd16d2
mov ebx, dword [ebp - 0xbc]
movzx edx, byte [ebx]
cmp eax, edx
jae short loc_fffd16e9  ; jae 0xfffd16e9
mov ebx, dword [ebp - 0xe8]
mov byte [ebp + ebx - 0x84], al
mov ebx, dword [ebp - 0xbc]
mov byte [ebx], al
jmp short loc_fffd16e9  ; jmp 0xfffd16e9

loc_fffd16d2:  ; not directly referenced
mov ecx, dword [ebp - 0xdc]
lea ebx, [ebp - 0x18]
add ecx, ebx
add ecx, dword [ebp - 0xcc]
mov byte [ecx - 0x6c], al
mov byte [ecx - 0x5a], al

loc_fffd16e9:  ; not directly referenced
movzx eax, byte [ebp - 0xc0]
mov ebx, dword [ebp + 0x14]
movzx ecx, byte [ebx + eax]
mov eax, dword [ebp - 0xf0]
mov ebx, dword [ebp - 0xcc]
and ecx, 0x7f
or ch, 1
lea edx, [eax + ebx*4]
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
inc byte [ebp - 0xc0]
jmp near loc_fffd15e8  ; jmp 0xfffd15e8

loc_fffd171e:  ; not directly referenced
cmp dword [ebp - 0xd8], 1
jne short loc_fffd1766  ; jne 0xfffd1766
lea edx, [esi + esi*8]
xor eax, eax
add edx, dword [ebp - 0xd0]
mov dword [ebp - 0xc0], edx

loc_fffd1738:  ; not directly referenced
cmp al, byte [edi + 0x2488]
jae short loc_fffd1766  ; jae 0xfffd1766
mov ebx, dword [ebp - 0xbc]
movzx ecx, al
inc eax
add ecx, dword [ebp - 0xc0]
mov edx, dword [ebp - 0xc8]
movzx ebx, byte [ebx]
add ecx, ecx
add ecx, dword [ebp - 0xc4]
mov dword [edx + ecx*4], ebx
jmp short loc_fffd1738  ; jmp 0xfffd1738

loc_fffd1766:  ; not directly referenced
inc esi
add dword [ebp - 0xbc], 9
cmp esi, 2
jne loc_fffd1591  ; jne 0xfffd1591
mov eax, dword [ebp - 0xc4]
lea esi, [eax + eax - 1]
mov dword [ebp - 0x114], esi
mov esi, dword [ebp - 0xc8]
add eax, dword [ebp - 0x110]
lea eax, [esi + eax*4]
mov dword [ebp - 0xf0], eax

loc_fffd179c:  ; not directly referenced
mov ecx, 4
mov edx, 0x4800
mov eax, edi
xor esi, esi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffd17af:  ; not directly referenced
movzx eax, byte [ebp - 0xf9]
cmp esi, eax
jae loc_fffd1883  ; jae 0xfffd1883
xor ebx, ebx

loc_fffd17c0:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, ebx
jb short loc_fffd17fd  ; jb 0xfffd17fd

loc_fffd17cb:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd17c0  ; jne 0xfffd17c0
xor eax, eax
mov edx, dword [ebp - 0xe0]
test esi, esi
push ecx
movzx ecx, byte [edi + 0x248b]
sete al
push 0
inc esi
push eax
lea eax, [ebp - 0x9a]
push eax
mov eax, edi
call fcn_fffb0f94  ; call 0xfffb0f94
add esp, 0x10
jmp short loc_fffd17af  ; jmp 0xfffd17af

loc_fffd17fd:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
lea ecx, [ebx + 1]
xor edx, edx
sar eax, cl
mov dword [ebp - 0xbc], eax

loc_fffd1810:  ; not directly referenced
cmp dl, byte [edi + 0x2488]
jae short loc_fffd17cb  ; jae 0xfffd17cb
push 1
movzx eax, dl
push dword [ebp - 0xbc]
lea ecx, [ebx + ebx*8]
add ecx, dword [ebp - 0xd0]
mov dword [ebp - 0xc0], edx
mov edx, dword [ebp - 0xc8]
push 0
push 0
push eax
add eax, ecx
mov ecx, dword [ebp - 0x114]
push dword [ebp - 0x118]
add eax, eax
add eax, dword [ebp - 0xc4]
push ebx
push 0
push esi
imul ecx, dword [edx + eax*4]
movzx eax, byte [ebp - 0xeb]
push ecx
push eax
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
mov edx, dword [ebp - 0xc0]
cmp dword [ebp - 0xd8], 0
jne loc_fffd17cb  ; jne 0xfffd17cb
inc edx
jmp short loc_fffd1810  ; jmp 0xfffd1810

loc_fffd1883:  ; not directly referenced
xor esi, esi

loc_fffd1885:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, esi
jae loc_fffd1edf  ; jae 0xfffd1edf
mov eax, esi
shl eax, 0xa
add eax, 0x4114
mov dword [ebp - 0x10c], eax
mov byte [ebp - 0xe8], 0

loc_fffd18ab:  ; not directly referenced
mov al, byte [ebp - 0xe8]
cmp al, byte [edi + 0x2488]
jae loc_fffd1e18  ; jae 0xfffd1e18
mov cl, byte [ebp - 0xe8]
movzx eax, cl
mov dword [ebp - 0xbc], eax
mov eax, 1
shl eax, cl
mov ebx, eax
mov dword [ebp - 0xc0], eax
mov ax, word [ebp + esi*2 - 0x9e]
and ax, word [ebp + esi*2 - 0xa2]
test bx, ax
jne loc_fffd1e0d  ; jne 0xfffd1e0d
xor eax, eax
mov bl, cl
mov edx, dword [ebp - 0x10c]
cmp dword [ebp - 0xd8], 1
cmovne eax, ebx
mov ebx, dword [ebp - 0xbc]
mov byte [ebp - 0xd2], al
mov eax, edi
lea edx, [edx + ebx*4]
call fcn_fffae52a  ; call 0xfffae52a
mov edx, dword [ebp - 0xd0]
lea ebx, [esi + esi*8]
mov ecx, dword [ebp - 0xbc]
add edx, ebx
add edx, ecx
mov dword [ebp - 0xdc], eax
mov eax, dword [ebp - 0xc8]
add edx, edx
add edx, dword [ebp - 0xc4]
mov edx, dword [eax + edx*4]
lea eax, [ebp - 0x18]
add eax, ebx
add ecx, eax
mov dword [ebp - 0xf4], eax
mov al, byte [ecx - 0x7e]
mov dword [ebp - 0xcc], edx
mov byte [ebp - 0x100], al
sub edx, eax
mov eax, dword [ebp - 0xdc]
mov byte [ebp - 0xd1], dl
mov edx, dword [ebp - 0xf4]
and eax, 0x7fffff
mov dword [ebp - 0xdc], eax
movzx eax, byte [ebp - 0xd2]
jne loc_fffd1abc  ; jne 0xfffd1abc
add edx, eax
mov al, byte [ebp - 0xcc]
cmp al, byte [edx - 0x6c]
jne loc_fffd1a4e  ; jne 0xfffd1a4e
cmp byte [ebp - 0xd1], 0
jns short loc_fffd19e2  ; jns 0xfffd19e2
cmp byte [edx - 0x5a], al
jne short loc_fffd19cc  ; jne 0xfffd19cc

loc_fffd19af:  ; not directly referenced
lea ebx, [ebp - 0x18]
mov ecx, dword [ebp - 0xbc]
lea eax, [esi + esi*8]
add eax, ebx
mov bl, byte [ebp - 0xcc]
mov byte [ecx + eax - 0x7e], bl
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd19cc:  ; not directly referenced
mov dword [ebp - 0xa8], 1

loc_fffd19d6:  ; not directly referenced
mov eax, dword [ebp - 0xa8]
test eax, eax
jne short loc_fffd19d6  ; jne 0xfffd19d6
jmp short loc_fffd19af  ; jmp 0xfffd19af

loc_fffd19e2:  ; not directly referenced
cmp byte [ebp - 0xd1], 1
jne short loc_fffd1a1a  ; jne 0xfffd1a1a
add ebx, dword [ebp - 0xbc]
mov eax, dword [ebp + ebx*4 - 0x60]
shr eax, 8
xor ah, ah
mov dword [ebp + ebx*4 - 0x60], eax
mov al, byte [ebp - 0xcc]
mov byte [ecx - 0x7e], al
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0xa2], ax
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1a1a:  ; not directly referenced
cmp byte [ebp - 0xd1], 2
jne short loc_fffd1a35  ; jne 0xfffd1a35
xor eax, eax
call fcn_fffaebf8  ; call 0xfffaebf8
add ebx, dword [ebp - 0xbc]
jmp near loc_fffd1b3b  ; jmp 0xfffd1b3b

loc_fffd1a35:  ; not directly referenced
mov dword [ebp - 0xac], 1

loc_fffd1a3f:  ; not directly referenced
mov eax, dword [ebp - 0xac]
test eax, eax
jne short loc_fffd1a3f  ; jne 0xfffd1a3f
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1a4e:  ; not directly referenced
mov al, byte [ebp - 0xcc]
cmp al, byte [edx - 0x5a]
jne loc_fffd1c91  ; jne 0xfffd1c91
mov ax, word [ebp + esi*2 - 0xa2]
test word [ebp - 0xc0], ax
jne loc_fffd1e0d  ; jne 0xfffd1e0d
cmp byte [ebp - 0xd1], 0xff
jne short loc_fffd1a9c  ; jne 0xfffd1a9c
add ebx, dword [ebp - 0xbc]
or eax, dword [ebp - 0xc0]
and dword [ebp + ebx*4 - 0x60], 0xffffff00
mov word [ebp + esi*2 - 0xa2], ax
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1a9c:  ; not directly referenced
mov edx, dword [ebp - 0xc0]
mov bl, byte [ebp - 0xcc]
not edx
and edx, eax
mov byte [ecx - 0x7e], bl
mov word [ebp + esi*2 - 0xa2], dx
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1abc:  ; not directly referenced
add edx, eax
mov al, byte [edx - 0x6c]
mov byte [ebp - 0xf4], al
cmp byte [ebp - 0xcc], al
jne loc_fffd1b61  ; jne 0xfffd1b61
cmp byte [ebp - 0xd1], 2
jle short loc_fffd1af5  ; jle 0xfffd1af5
mov dword [ebp - 0xb0], 1

loc_fffd1ae6:  ; not directly referenced
mov eax, dword [ebp - 0xb0]
test eax, eax
jne short loc_fffd1ae6  ; jne 0xfffd1ae6
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1af5:  ; not directly referenced
mov eax, dword [ebp - 0xbc]
lea ebx, [ebx + eax]
mov eax, dword [ebp - 0xdc]
je short loc_fffd1b36  ; je 0xfffd1b36
call fcn_fffaebf8  ; call 0xfffaebf8
mov edx, dword [ebp + ebx*4 - 0x60]
and edx, 0xff00ffff
movzx eax, al
shl eax, 0x10
or eax, edx
mov dword [ebp + ebx*4 - 0x60], eax
mov eax, dword [ebp - 0xc0]
not eax
and word [ebp + esi*2 - 0x9e], ax
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1b36:  ; not directly referenced
call fcn_fffaebf8  ; call 0xfffaebf8

loc_fffd1b3b:  ; not directly referenced
mov edx, dword [ebp + ebx*4 - 0x60]
shl eax, 0x18
and edx, 0xffffff
or eax, edx
mov dword [ebp + ebx*4 - 0x60], eax
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0x9e], ax
jmp near loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1b61:  ; not directly referenced
mov al, byte [ebp - 0xcc]
cmp al, byte [edx - 0x5a]
jne loc_fffd1c91  ; jne 0xfffd1c91
cmp byte [ebp - 0x100], 0xff
je loc_fffd1c27  ; je 0xfffd1c27
cmp byte [ebp - 0xd1], 0
jg loc_fffd1c27  ; jg 0xfffd1c27
movsx eax, byte [ebp - 0xd1]
mov dword [ebp - 0x100], eax
mov eax, dword [ebp - 0xdc]
call fcn_fffaebf8  ; call 0xfffaebf8
mov edx, 1
add ebx, dword [ebp - 0xbc]
mov ebx, dword [ebp + ebx*4 - 0x60]
mov dword [ebp - 0x104], eax
mov eax, dword [ebp - 0x100]
mov dword [ebp - 0x108], ebx
xor ebx, ebx
sub edx, eax
shl edx, 3
lea ecx, [edx + 0x1f]
cmp cl, 0x3e
ja short loc_fffd1c03  ; ja 0xfffd1c03
mov cl, al
movzx ebx, byte [ebp - 0x104]
mov eax, 0xff
lea ecx, [ecx*8 + 8]
shl eax, cl
not eax
and eax, dword [ebp - 0x108]
shl ebx, cl
mov cl, dl
or ebx, eax
test dl, dl
jle short loc_fffd1bff  ; jle 0xfffd1bff
shl ebx, cl
jmp short loc_fffd1c03  ; jmp 0xfffd1c03

loc_fffd1bff:  ; not directly referenced
neg ecx
shr ebx, cl

loc_fffd1c03:  ; not directly referenced
mov ecx, dword [ebp - 0xbc]
lea eax, [esi + esi*8]
lea edx, [eax + ecx]
mov dword [ebp + edx*4 - 0x60], ebx
lea ebx, [ebp - 0x18]
add eax, ebx
mov bl, byte [ebp - 0xcc]
lea edx, [ebx - 1]
mov byte [ecx + eax - 0x7e], dl
jmp short loc_fffd1c5a  ; jmp 0xfffd1c5a

loc_fffd1c27:  ; not directly referenced
mov ebx, dword [ebp - 0xbc]
lea eax, [esi + esi*8]
lea edx, [eax + ebx]
mov eax, dword [ebp - 0xdc]
mov ebx, dword [ebp + edx*4 - 0x60]
mov dword [ebp - 0x100], edx
call fcn_fffaebf8  ; call 0xfffaebf8
mov edx, dword [ebp - 0x100]
movzx ebx, bx
shl eax, 0x10
or eax, ebx
mov dword [ebp + edx*4 - 0x60], eax

loc_fffd1c5a:  ; not directly referenced
mov al, byte [ebp - 0xf4]
cmp byte [ebp - 0xcc], al
jae short loc_fffd1c76  ; jae 0xfffd1c76
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0x9e], ax

loc_fffd1c76:  ; not directly referenced
cmp byte [ebp - 0xd1], 0
jg short loc_fffd1ca5  ; jg 0xfffd1ca5
mov eax, dword [ebp - 0xc0]
not eax
and word [ebp + esi*2 - 0xa2], ax
jmp short loc_fffd1ca5  ; jmp 0xfffd1ca5

loc_fffd1c91:  ; not directly referenced
mov dword [ebp - 0xb4], 1

loc_fffd1c9b:  ; not directly referenced
mov eax, dword [ebp - 0xb4]
test eax, eax
jne short loc_fffd1c9b  ; jne 0xfffd1c9b

loc_fffd1ca5:  ; not directly referenced
cmp byte [ebp - 0xeb], 1
movzx eax, byte [ebp - 0xd3]
jne short loc_fffd1cd6  ; jne 0xfffd1cd6
push edx
movzx ecx, byte [ebp - 0xd4]
mov edx, esi
push eax
mov eax, edi
push dword [ebp - 0xc4]
push dword [ebp - 0xbc]
call fcn_fffaec68  ; call 0xfffaec68
add esp, 0x10

loc_fffd1cd6:  ; not directly referenced
cmp byte [ebp - 0xcc], al
jne short loc_fffd1cec  ; jne 0xfffd1cec
mov ebx, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0x9e], bx

loc_fffd1cec:  ; not directly referenced
cmp dword [ebp - 0xdc], 0
jne short loc_fffd1d23  ; jne 0xfffd1d23
lea ebx, [ebp - 0x18]
lea edx, [esi + esi*8]
lea ecx, [ebx + edx]
mov ebx, dword [ebp - 0xbc]
cmp al, byte [ebx + ecx - 0x7e]
jne short loc_fffd1d23  ; jne 0xfffd1d23
mov eax, dword [ebp - 0xc0]
test word [ebp + esi*2 - 0xa2], ax
je short loc_fffd1d23  ; je 0xfffd1d23
add edx, ebx
mov word [ebp + edx*4 - 0x5e], 0xfffe

loc_fffd1d23:  ; not directly referenced
cmp byte [ebp - 0xcc], 0
jne short loc_fffd1d68  ; jne 0xfffd1d68
mov eax, dword [ebp - 0xc0]
or word [ebp + esi*2 - 0xa2], ax
cmp dword [ebp - 0xdc], 0
je short loc_fffd1d68  ; je 0xfffd1d68
lea ebx, [ebp - 0x18]
or word [ebp + esi*2 - 0x9e], ax
lea eax, [esi + esi*8]
lea edx, [ebx + eax]
mov ebx, dword [ebp - 0xbc]
add eax, ebx
mov byte [ebx + edx - 0x7e], 0
mov word [ebp + eax*4 - 0x5e], 0x707

loc_fffd1d68:  ; not directly referenced
cmp dword [ebp - 0xd8], 0
jne loc_fffd1e0d  ; jne 0xfffd1e0d
mov cx, word [ebp + esi*2 - 0x9e]
mov dx, word [ebp + esi*2 - 0xa2]
mov eax, ecx
and eax, edx
test word [ebp - 0xc0], ax
jne short loc_fffd1e0d  ; jne 0xfffd1e0d
cmp dword [ebp - 0xdc], 0
movzx eax, byte [ebp - 0xd2]
jne short loc_fffd1dc1  ; jne 0xfffd1dc1
test word [ebp - 0xc0], cx
jne short loc_fffd1db6  ; jne 0xfffd1db6
lea ecx, [esi + esi*8]
lea ebx, [ebp - 0x18]
lea edx, [ebx + ecx]
jmp short loc_fffd1de0  ; jmp 0xfffd1de0

loc_fffd1db6:  ; not directly referenced
lea ecx, [esi + esi*8]
lea ebx, [ebp - 0x18]
lea edx, [ebx + ecx]
jmp short loc_fffd1dd3  ; jmp 0xfffd1dd3

loc_fffd1dc1:  ; not directly referenced
test word [ebp - 0xc0], dx
lea ecx, [esi + esi*8]
lea ebx, [ebp - 0x18]
lea edx, [ebx + ecx]
jne short loc_fffd1de0  ; jne 0xfffd1de0

loc_fffd1dd3:  ; not directly referenced
add eax, edx
mov bl, byte [eax - 0x5a]
lea edx, [ebx - 1]
mov byte [eax - 0x5a], dl
jmp short loc_fffd1deb  ; jmp 0xfffd1deb

loc_fffd1de0:  ; not directly referenced
add eax, edx
mov bl, byte [eax - 0x6c]
lea edx, [ebx + 1]
mov byte [eax - 0x6c], dl

loc_fffd1deb:  ; not directly referenced
mov eax, dword [ebp - 0xd0]
movzx edx, dl
add eax, ecx
mov ecx, dword [ebp - 0xc8]
add eax, dword [ebp - 0xbc]
add eax, eax
add eax, dword [ebp - 0xc4]
mov dword [ecx + eax*4], edx

loc_fffd1e0d:  ; not directly referenced
inc byte [ebp - 0xe8]
jmp near loc_fffd18ab  ; jmp 0xfffd18ab

loc_fffd1e18:  ; not directly referenced
cmp dword [ebp - 0xd8], 1
jne loc_fffd1edf  ; jne 0xfffd1edf
mov ax, word [ebp + esi*2 - 0xa2]
mov bx, word [ebp - 0xea]
mov edx, eax
and dx, word [ebp + esi*2 - 0x9e]
cmp dx, bx
je loc_fffd1edf  ; je 0xfffd1edf
lea edx, [esi + esi*8]
lea ecx, [ebp - 0x18]
add edx, ecx
cmp ax, bx
movzx eax, byte [ebp - 0xd2]
je short loc_fffd1e8f  ; je 0xfffd1e8f
add eax, edx
mov ebx, dword [ebp - 0xf0]
mov cl, byte [eax - 0x5a]
dec ecx
mov byte [eax - 0x5a], cl
imul eax, esi, 0x48
movzx ecx, cl
mov dword [ebx + eax], ecx

loc_fffd1e73:  ; not directly referenced
imul eax, esi, 0x48
lea ebx, [esi + esi*8]
add ebx, dword [ebp - 0xd0]
mov dword [ebp - 0xbc], eax
xor eax, eax
mov dword [ebp - 0xc0], ebx
jmp short loc_fffd1ea9  ; jmp 0xfffd1ea9

loc_fffd1e8f:  ; not directly referenced
add edx, eax
mov ecx, dword [ebp - 0xf0]
mov al, byte [edx - 0x6c]
inc eax
mov byte [edx - 0x6c], al
imul edx, esi, 0x48
movzx eax, al
mov dword [ecx + edx], eax
jmp short loc_fffd1e73  ; jmp 0xfffd1e73

loc_fffd1ea9:  ; not directly referenced
cmp al, byte [edi + 0x2488]
jae short loc_fffd1edf  ; jae 0xfffd1edf
mov ebx, dword [ebp - 0xbc]
mov edx, dword [ebp - 0xf0]
mov edx, dword [edx + ebx]
mov ebx, dword [ebp - 0xc8]
mov ecx, edx
movzx edx, al
add edx, dword [ebp - 0xc0]
inc eax
add edx, edx
add edx, dword [ebp - 0xc4]
mov dword [ebx + edx*4], ecx
jmp short loc_fffd1ea9  ; jmp 0xfffd1ea9

loc_fffd1edf:  ; not directly referenced
inc esi
cmp esi, 2
jne loc_fffd1885  ; jne 0xfffd1885
mov si, word [ebp - 0xea]
mov eax, esi
and ax, word [ebp - 0xa2]
cmp ax, si
jne loc_fffd179c  ; jne 0xfffd179c
mov eax, esi
and ax, word [ebp - 0x9e]
cmp ax, si
jne loc_fffd179c  ; jne 0xfffd179c
mov eax, esi
and eax, dword [ebp - 0xa0]
cmp ax, si
jne loc_fffd179c  ; jne 0xfffd179c
mov eax, esi
and eax, dword [ebp - 0x9c]
cmp ax, si
jne loc_fffd179c  ; jne 0xfffd179c
xor ebx, ebx

loc_fffd1f38:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, ebx
jae loc_fffd153c  ; jae 0xfffd153c
mov byte [ebp - 0xbc], 0

loc_fffd1f4e:  ; not directly referenced
mov al, byte [ebp - 0xbc]
cmp al, byte [edi + 0x2488]
jae loc_fffd153c  ; jae 0xfffd153c
movzx esi, byte [ebp - 0xbc]
lea eax, [ebx + ebx*8]
sub esp, 0xc
mov dword [ebp - 0xc0], eax
add eax, esi
mov edx, dword [ebp + eax*4 - 0x60]
lea eax, [ebp - 0x18]
add eax, dword [ebp - 0xc0]
movzx eax, byte [esi + eax - 0x7e]
mov ecx, edx
push dword [ebp + 0x1c]
shr edx, 0x10
shr ecx, 0x18
movzx edx, dl
call fcn_fffaa348  ; call 0xfffaa348
mov edx, dword [ebp - 0xc0]
add esp, 0x10
add edx, dword [ebp - 0xd0]
mov ecx, dword [ebp - 0xc8]
inc byte [ebp - 0xbc]
add esi, edx
add esi, esi
add esi, dword [ebp - 0xc4]
mov dword [ecx + esi*4], eax
jmp short loc_fffd1f4e  ; jmp 0xfffd1f4e

loc_fffd1fc4:  ; not directly referenced
cmp byte [ebp - 0xe4], 0xb
je short loc_fffd1ffb  ; je 0xfffd1ffb

loc_fffd1fcd:  ; not directly referenced
push 2
movzx eax, byte [ebp - 0xe4]
xor ebx, ebx
push 0
push 0
push 0
push 0
push 0
push 0
push 1
push 0
push 0
push eax
push edi
call fcn_fffcc900  ; call 0xfffcc900
add esp, 0x30
mov esi, eax
jmp near loc_fffd20a3  ; jmp 0xfffd20a3

loc_fffd1ffb:  ; not directly referenced
movzx eax, byte [ebp - 0xec]
xor ebx, ebx
mov dword [ebp - 0xc4], eax

loc_fffd200a:  ; not directly referenced
mov eax, dword [ebp - 0xe0]
bt eax, ebx
jb short loc_fffd201d  ; jb 0xfffd201d

loc_fffd2015:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd200a  ; jne 0xfffd200a
jmp short loc_fffd1fcd  ; jmp 0xfffd1fcd

loc_fffd201d:  ; not directly referenced
mov eax, ebx
imul esi, ebx, 0x13c3
shl eax, 0xa
add eax, 0x4028
mov dword [ebp - 0xc0], eax
mov byte [ebp - 0xbc], 0

loc_fffd203a:  ; not directly referenced
mov al, byte [ebp - 0xbc]
cmp al, byte [edi + 0x2488]
jae short loc_fffd2015  ; jae 0xfffd2015
push eax
movzx eax, byte [ebp - 0xbc]
mov edx, ebx
mov ecx, dword [ebp - 0xc4]
push 0
push 0xff
push eax
mov eax, edi
call fcn_fffa7499  ; call 0xfffa7499
mov edx, dword [ebp - 0xc0]
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
movzx edx, byte [edi + esi + 0x476f]
and edx, 0x3f
shl edx, 0x10
and eax, 0xffc0ffff
or eax, edx
mov edx, dword [ebp - 0xc0]
mov ecx, eax
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
add esp, 0x10
inc byte [ebp - 0xbc]
jmp short loc_fffd203a  ; jmp 0xfffd203a

loc_fffd20a3:  ; not directly referenced
cmp bl, byte [edi + 0x2488]
jae short loc_fffd20c1  ; jae 0xfffd20c1
movzx eax, bl
xor ecx, ecx
lea edx, [eax*4 + 0x4cf0]
mov eax, edi
call fcn_fffaeb7c  ; call 0xfffaeb7c
inc ebx
jmp short loc_fffd20a3  ; jmp 0xfffd20a3

loc_fffd20c1:  ; not directly referenced
lea esp, [ebp - 0xc]
mov eax, esi
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd20cb:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 0x4c
mov ebx, dword [ebp + 8]
mov eax, dword [ebx + 0x2443]
lea ecx, [ebx + 0x5f98]
movzx esi, byte [ebx + 0x18ed]
mov dword [ebx + 0x3711], 0
mov dword [ebp - 0x3c], eax
mov eax, dword [ebx + 0x188b]
mov dword [ebp - 0x40], eax
lea eax, [ebx + 0x3812]

loc_fffd2106:  ; not directly referenced
cmp dword [eax - 0xbc], 2
mov dword [eax], 0
jne short loc_fffd214a  ; jne 0xfffd214a
cmp dword [eax + 0x10b7], 2
jne short loc_fffd2126  ; jne 0xfffd2126
mov edx, dword [eax + 0x1198]
mov dword [eax], edx

loc_fffd2126:  ; not directly referenced
cmp dword [eax + 0x11df], 2
jne short loc_fffd2137  ; jne 0xfffd2137
mov edx, dword [eax + 0x12c0]
add dword [eax], edx

loc_fffd2137:  ; not directly referenced
mov edx, dword [ebx + 0x2484]
cmp dword [eax], edx
cmovbe edx, dword [eax]
mov dword [eax], edx
add dword [ebx + 0x3711], edx

loc_fffd214a:  ; not directly referenced
add eax, 0x13c3
cmp eax, ecx
jne short loc_fffd2106  ; jne 0xfffd2106
mov edi, dword [ebx + 0x3711]
mov eax, dword [ebx + 0x18d9]
mov ecx, edi
sub ecx, dword [ebx + 0x18d5]
cmp byte [ebx + 0x2402], 0
mov dword [ebx + 0x36ec], ecx
je short loc_fffd218c  ; je 0xfffd218c
cmp edi, 0x1000
ja short loc_fffd218c  ; ja 0xfffd218c
shr edi, 1
mov edx, 0x1000
sub edx, edi
cmp eax, edx
cmovb eax, edx

loc_fffd218c:  ; not directly referenced
mov edx, 0x1000
sub edx, eax
cmp edx, ecx
cmovbe ecx, edx
mov dword [ebx + 0x36f0], ecx
test esi, esi
je short loc_fffd21cc  ; je 0xfffd21cc
mov eax, dword [ebx + 0x3812]
mov edx, dword [ebx + 0x4bd5]
cmp eax, edx
je short loc_fffd21cc  ; je 0xfffd21cc
test eax, eax
je short loc_fffd21cc  ; je 0xfffd21cc
test edx, edx
je short loc_fffd21cc  ; je 0xfffd21cc
cmp edx, eax
cmova edx, eax
add edx, edx
cmp ecx, edx
cmovbe edx, ecx
mov dword [ebx + 0x36f0], edx

loc_fffd21cc:  ; not directly referenced
mov eax, dword [ebx + 0x36f0]
sub eax, dword [ebx + 0x246d]
mov edi, dword [ebx + 0x18c1]
mov dword [ebx + 0x36f4], eax
sub eax, dword [ebx + 0x2471]
mov dword [ebx + 0x36f8], eax
mov eax, dword [ebp - 0x3c]
push 0x50
push 0
push 0
push 0
call dword [eax + 0x4c]  ; ucall
add edi, eax
mov eax, dword [ebp - 0x3c]
mov dword [esp], edi
call dword [eax + 0x20]  ; ucall
add esp, 0x10
mov ecx, dword [ebx + 0x246d]
cmp dword [ebp - 0x40], 0
jne short loc_fffd2275  ; jne 0xfffd2275
xor edx, edx
cmp byte [ebx + 0x18b3], 1
sete dl
and ah, 0xbc
mov edi, edx
mov edx, 3
shl edi, 0xe
cmp dword [ebx + 0x2471], 3
cmovbe edx, dword [ebx + 0x2471]
or eax, edi
and edx, 3
shl edx, 8
or eax, edx
cmp ecx, 0x400
jne short loc_fffd2257  ; jne 0xfffd2257
and al, 7
or al, 0x88
jmp short loc_fffd22b9  ; jmp 0xfffd22b9

loc_fffd2257:  ; not directly referenced
mov dl, 0x1f
cmp ecx, 0x3ff
ja short loc_fffd2269  ; ja 0xfffd2269
shr ecx, 5
mov dl, cl
and edx, 0x1f

loc_fffd2269:  ; not directly referenced
and edx, 0x1f
and al, 7
shl edx, 3
or eax, edx
jmp short loc_fffd22b9  ; jmp 0xfffd22b9

loc_fffd2275:  ; not directly referenced
xor edx, edx
mov edi, dword [ebx + 0x2471]
cmp byte [ebx + 0x18b3], 1
sete dl
and eax, 0xfffffffb
shl edx, 2
or eax, edx
mov dl, 3
cmp edi, 7
ja short loc_fffd229d  ; ja 0xfffd229d
shr edi, 1
mov edx, edi
and edx, 3

loc_fffd229d:  ; not directly referenced
and edx, 3
and al, 0x3f
shl edx, 6
mov edi, ecx
or eax, edx
mov dl, 0xff
shr edi, 5
cmp ecx, 0x1fff
cmovbe edx, edi
mov ah, dl

loc_fffd22b9:  ; not directly referenced
mov ecx, dword [ebx + 0x36f8]
mov dword [ebx + 0x36fc], eax
mov eax, dword [ebx + 0x18dd]
mov edx, dword [ebx + 0x18e5]
mov dword [ebp - 0x40], ecx
sub dword [ebp - 0x40], eax
neg eax
and eax, dword [ebp - 0x40]
mov dword [ebx + 0x372d], edx
mov dword [ebx + 0x3700], eax
test esi, esi
jne short loc_fffd2312  ; jne 0xfffd2312

loc_fffd22ec:  ; not directly referenced
mov eax, dword [ebp - 0x40]
sub eax, dword [ebx + 0x3700]
je loc_fffd23fb  ; je 0xfffd23fb
sub dword [ebx + 0x36f8], eax
sub dword [ebx + 0x36f4], eax
sub dword [ebx + 0x36f0], eax
jmp near loc_fffd23fb  ; jmp 0xfffd23fb

loc_fffd2312:  ; not directly referenced
or edx, 0xffffffff
sub edx, dword [ebx + 0x18e9]
mov dword [ebp - 0x4c], 0
lea esi, [ebp - 0x2a]
mov dword [ebp - 0x48], 0
add eax, edx
shl eax, 0x14
mov dword [ebp - 0x50], eax

loc_fffd2334:  ; not directly referenced
mov ecx, dword [ebp - 0x48]
imul eax, ecx, 0x13c3
mov byte [ebp - 0x44], cl
cmp dword [ebx + eax + 0x3756], 2
jne loc_fffd23e6  ; jne 0xfffd23e6

loc_fffd234e:  ; not directly referenced
push eax
push esi
push dword [ebp - 0x4c]
push dword [ebp - 0x50]
call fcn_fffc6ea0  ; call 0xfffc6ea0
mov al, byte [ebp - 0x44]
add dword [ebp - 0x50], 0x40
adc dword [ebp - 0x4c], 0
add esp, 0x10
cmp byte [esi + 1], al
jne short loc_fffd234e  ; jne 0xfffd234e
mov ax, word [esi + 7]
movzx ecx, byte [esi + 5]
mov edx, eax
movzx edi, ah
movzx eax, byte [esi + 3]
shl edx, 0x18
shl ecx, 3
or ecx, edx
movzx edx, byte [esi + 4]
and eax, 7
shl eax, 0x18
and edx, 0xf
shl edx, 0x10
or edi, edx
or edi, eax
cmp byte [ebp - 0x44], 1
lea edx, [ebp - 0x30]
push edx
sbb eax, eax
not eax
and eax, 0x200
push ecx
or eax, 0x1e
push eax
mov eax, dword [ebp - 0x3c]
push 1
call dword [eax + 0x84]  ; ucall
add esp, 0x10
cmp byte [ebp - 0x44], 1
lea ecx, [ebp - 0x30]
push ecx
sbb eax, eax
and eax, 0xfffffe00
add eax, 0x300
push edi
or eax, 0x1e
push eax
mov eax, dword [ebp - 0x3c]
push 1
call dword [eax + 0x84]  ; ucall
add esp, 0x10

loc_fffd23e6:  ; not directly referenced
inc dword [ebp - 0x48]
add esi, 9
cmp dword [ebp - 0x48], 2
jne loc_fffd2334  ; jne 0xfffd2334
jmp near loc_fffd22ec  ; jmp 0xfffd22ec

loc_fffd23fb:  ; not directly referenced
cmp byte [ebx + 0x18b6], 0
mov eax, dword [ebx + 0x36ec]
je short loc_fffd2446  ; je 0xfffd2446
mov ecx, dword [ebx + 0x36f0]
cmp eax, ecx
jbe short loc_fffd2446  ; jbe 0xfffd2446
mov edx, 0x1000
cmp eax, 0x1000
mov esi, edx
cmovbe edx, eax
cmovae esi, eax
add edx, esi
sub edx, ecx
mov dword [ebx + 0x370d], edx
dec edx
mov byte [ebx + 0x3704], 1
mov dword [ebx + 0x3705], esi
mov dword [ebx + 0x3709], edx
jmp short loc_fffd2453  ; jmp 0xfffd2453

loc_fffd2446:  ; not directly referenced
mov byte [ebx + 0x3704], 0
mov dword [ebx + 0x370d], eax

loc_fffd2453:  ; not directly referenced
cmp byte [ebx + 0x3745], 0
je short loc_fffd24bf  ; je 0xfffd24bf
cmp byte [ebx + 0x2402], 0
je short loc_fffd247b  ; je 0xfffd247b
cmp dword [ebx + 0x3711], 0x1000
mov edx, eax
ja short loc_fffd2487  ; ja 0xfffd2487
mov edx, dword [ebx + 0x370d]
jmp short loc_fffd2487  ; jmp 0xfffd2487

loc_fffd247b:  ; not directly referenced
mov edx, dword [ebx + 0x3700]
sub edx, dword [ebx + 0x18e5]

loc_fffd2487:  ; not directly referenced
movzx ecx, byte [ebx + 0x3747]
shl ecx, 3
mov dword [ebx + 0x3721], ecx
not ecx
add edx, ecx
movzx ecx, byte [ebx + 0x3746]
and edx, 0xffffffc0
mov dword [ebx + 0x371d], edx
shl ecx, 3
sub edx, ecx
sub edx, 0x40
mov dword [ebx + 0x3729], ecx
mov dword [ebx + 0x3725], edx

loc_fffd24bf:  ; not directly referenced
mov dword [ebx + 0x3715], eax
mov eax, dword [ebx + 0x18d5]
mov edx, dword [ebx + 0x3711]
mov esi, dword [ebx + 0x2443]
mov dword [ebx + 0x3719], eax
mov eax, dword [ebx + 0x18cd]
mov dword [ebp - 0x40], eax
mov eax, dword [ebx + 0x18c1]
push 0xa0
push 0
push 0
mov edi, eax
mov dword [ebp - 0x3c], eax
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
push 0
mov dword [ebp - 0x48], edx
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
pop ecx
mov dword [ebp - 0x3c], edi
lea edi, [eax + edi]
pop eax
push dword [ebp - 0x44]
push edi
call dword [esi + 0x30]  ; ucall
lea ecx, [edi + 4]
pop eax
pop edx
mov edx, dword [ebp - 0x48]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
movzx edi, word [ebx + 0x36f0]
push 0xbc
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
shl edi, 0x14
add esp, 0x18
push edi
mov edi, dword [ebp - 0x3c]
add eax, edi
push eax
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x370d]
push 0xa8
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
mov dword [ebp - 0x48], edx
push 0
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
add esp, 0x18
push dword [ebp - 0x44]
lea edi, [eax + edi]
push edi
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebp - 0x48]
pop ecx
pop eax
lea ecx, [edi + 4]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
add esp, 0x10
cmp byte [ebx + 0x3704], 0
je loc_fffd2626  ; je 0xfffd2626
mov edx, dword [ebx + 0x3705]
push 0x90
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
push 0
mov dword [ebp - 0x48], edx
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
lea edi, [eax + ecx]
pop eax
pop edx
push dword [ebp - 0x44]
push edi
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebp - 0x48]
pop ecx
pop eax
lea ecx, [edi + 4]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x3709]
push 0x98
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
mov dword [ebp - 0x48], edx
push 0
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
add esp, 0x18
push dword [ebp - 0x44]
lea edi, [eax + ecx]
push edi
call dword [esi + 0x30]  ; ucall
lea ecx, [edi + 4]
pop eax
pop edx
mov edx, dword [ebp - 0x48]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffd2626:  ; not directly referenced
push 0xb8
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
movzx edx, word [ebx + 0x3700]
pop edi
pop ecx
add eax, dword [ebp - 0x3c]
shl edx, 0x14
push edx
push eax
call dword [esi + 0x30]  ; ucall
add esp, 0x10
cmp dword [ebx + 0x372d], 0
je short loc_fffd2689  ; je 0xfffd2689
push 0x5c
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
lea edi, [eax + ecx]
mov dword [esp], edi
call dword [esi + 0x20]  ; ucall
movzx edx, byte [ebx + 0x372d]
shl edx, 4
and eax, 0xfffff00f
or eax, edx
pop edx
or eax, 4
pop ecx
push eax
push edi
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffd2689:  ; not directly referenced
push 0xb0
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
movzx edx, word [ebx + 0x36f4]
pop ecx
pop edi
mov edi, dword [ebp - 0x3c]
shl edx, 0x14
push edx
add eax, edi
push eax
call dword [esi + 0x30]  ; ucall
push 0xb4
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
movzx edx, word [ebx + 0x36f8]
add esp, 0x18
shl edx, 0x14
push edx
add eax, edi
push eax
call dword [esi + 0x30]  ; ucall
mov eax, dword [ebx + 0x3719]
add esp, 0x10
test eax, eax
je loc_fffd2764  ; je 0xfffd2764
mov edi, 0x80000
sub edi, eax
push 0x78
mov edx, edi
push 0
shl edx, 0x14
push 0
or dh, 8
push 0
shr edi, 0xc
mov dword [ebp - 0x44], edx
and edi, 0x7f
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
add ecx, eax
pop eax
pop edx
mov edx, dword [ebp - 0x44]
mov dword [ebp - 0x44], ecx
push edx
push ecx
call dword [esi + 0x30]  ; ucall
pop ecx
mov ecx, dword [ebp - 0x44]
pop eax
add ecx, 4
push edi
push ecx
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x3715]
push 0x70
push 0
push 0
mov eax, edx
shr edx, 0xc
and edx, 0x7f
shl eax, 0x14
mov dword [ebp - 0x48], edx
push 0
mov dword [ebp - 0x44], eax
call dword [esi + 0x4c]  ; ucall
mov ecx, dword [ebp - 0x3c]
add esp, 0x18
push dword [ebp - 0x44]
lea edi, [eax + ecx]
push edi
call dword [esi + 0x30]  ; ucall
lea ecx, [edi + 4]
pop eax
pop edx
mov edx, dword [ebp - 0x48]
push edx
push ecx
call dword [esi + 0x30]  ; ucall
add esp, 0x10

loc_fffd2764:  ; not directly referenced
push 0x50
push 0
push 0
push 0
call dword [esi + 0x4c]  ; ucall
pop edx
pop ecx
push dword [ebx + 0x36fc]
add eax, dword [ebp - 0x3c]
push eax
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x371d]
pop edi
pop eax
mov eax, dword [ebx + 0x3721]
mov edi, dword [ebp - 0x40]
add eax, edx
shr eax, 3
shr edx, 3
shl eax, 0x10
or eax, edx
push eax
mov eax, edi
add eax, 0x18
push eax
call dword [esi + 0x30]  ; ucall
pop eax
mov eax, dword [ebx + 0x371d]
pop edx
shl eax, 0xe
push eax
mov eax, edi
add eax, 0x10
push eax
call dword [esi + 0x30]  ; ucall
pop ecx
pop eax
mov eax, dword [ebx + 0x371d]
and eax, 0x40000
shr eax, 0x12
push eax
mov eax, edi
add eax, 0x14
push eax
call dword [esi + 0x30]  ; ucall
mov edx, dword [ebx + 0x3725]
pop eax
mov eax, dword [ebx + 0x3729]
pop ecx
add eax, edx
shr eax, 3
shr edx, 3
shl eax, 0x10
or eax, edx
push eax
mov eax, edi
add eax, 0x28
push eax
call dword [esi + 0x30]  ; ucall
pop eax
mov eax, dword [ebx + 0x3725]
pop edx
shl eax, 0xe
push eax
mov eax, edi
add eax, 0x20
push eax
call dword [esi + 0x30]  ; ucall
pop ecx
pop eax
mov eax, dword [ebx + 0x3725]
and eax, 0x40000
shr eax, 0x12
or eax, 4
push eax
mov eax, edi
add eax, 0x24
push eax
call dword [esi + 0x30]  ; ucall
xor eax, eax
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffd2836:
push esi
push edi
mov esi, dword [esp + 0x10]
mov edi, dword [esp + 0xc]
mov edx, dword [esp + 0x14]
cmp edi, esi
je short loc_fffd2865  ; je 0xfffd2865
cmp edx, 0
je short loc_fffd2865  ; je 0xfffd2865
lea eax, [esi + edx - 1]
cmp esi, edi
jae short loc_fffd2860  ; jae 0xfffd2860
cmp eax, edi
jb short loc_fffd2860  ; jb 0xfffd2860
mov esi, eax
lea edi, [edi + edx - 1]
std

loc_fffd2860:
mov ecx, edx
rep movsb  ; rep movsb byte es:[edi], byte ptr [esi]
cld

loc_fffd2865:
mov eax, dword [esp + 0xc]
pop edi
pop esi
ret

loc_fffd286c:
push edi
xor eax, eax
mov edi, dword [esp + 8]
mov ecx, dword [esp + 0xc]
mov edx, ecx
shr ecx, 2
and edx, 3
push edi
rep stosd  ; rep stosd dword es:[edi], eax
mov ecx, edx
rep stosb  ; rep stosb byte es:[edi], al
pop eax
pop edi
ret

fcn_fffd2889:
mov eax, dword [esp + 8]
mov ecx, dword [esp + 0xc]
xor edx, edx
div ecx
mov eax, dword [esp + 4]
div ecx
mov eax, edx
ret

fcn_fffd289e:
mov eax, dword [esp + 8]
mov ecx, dword [esp + 0xc]
xor edx, edx
div ecx
push eax
mov eax, dword [esp + 8]
div ecx
pop edx
ret

fcn_fffd28b3:
mov ecx, dword [esp + 0xc]
mov eax, dword [esp + 8]
xor edx, edx
div ecx
push eax
mov eax, dword [esp + 8]
div ecx
mov ecx, dword [esp + 0x14]
jecxz loc_fffd28ce  ; jecxz 0xfffd28ce
mov dword [ecx], edx

loc_fffd28ce:
pop edx
ret

fcn_fffd28d0:
push ebx
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
cpuid
push ecx
mov ecx, dword [ebp + 0x10]
jecxz loc_fffd28e1  ; jecxz 0xfffd28e1
mov dword [ecx], eax

loc_fffd28e1:
mov ecx, dword [ebp + 0x14]
jecxz loc_fffd28e8  ; jecxz 0xfffd28e8
mov dword [ecx], ebx

loc_fffd28e8:
mov ecx, dword [ebp + 0x18]
jecxz loc_fffd28ef  ; jecxz 0xfffd28ef
pop dword [ecx]

loc_fffd28ef:
mov ecx, dword [ebp + 0x1c]
jecxz loc_fffd28f6  ; jecxz 0xfffd28f6
mov dword [ecx], edx

loc_fffd28f6:
mov eax, dword [ebp + 0xc]
leave
pop ebx
ret

loc_fffd28fc:  ; not directly referenced
mov cl, byte [esp + 0xc]
xor eax, eax
mov edx, dword [esp + 4]
test cl, 0x20
cmove eax, edx
cmove edx, dword [esp + 8]
shld edx, eax, cl
shl eax, cl
ret

loc_fffd2917:
mov cl, byte [esp + 0xc]
xor edx, edx
mov eax, dword [esp + 8]
test cl, 0x20
cmove edx, eax
cmove eax, dword [esp + 4]
shrd eax, edx, cl
shr edx, cl
ret

loc_fffd2932:
push edi
mov ecx, dword [esp + 0xc]
mov al, byte [esp + 0x10]
mov ah, al
shrd edx, eax, 0x10
shld eax, edx, 0x10
mov edx, ecx
mov edi, dword [esp + 8]
shr ecx, 2
rep stosd  ; rep stosd dword es:[edi], eax
mov ecx, edx
and ecx, 3
rep stosb  ; rep stosb byte es:[edi], al
mov eax, dword [esp + 8]
pop edi
ret

fcn_fffd295d:
push edi
mov eax, dword [esp + 0x10]
mov edi, dword [esp + 8]
mov ecx, dword [esp + 0xc]
rep stosd  ; rep stosd dword es:[edi], eax
mov eax, dword [esp + 8]
pop edi
ret

loc_fffd2972:  ; not directly referenced
mov ecx, dword [esp + 0xc]
mov eax, ecx
imul ecx, dword [esp + 8]
mul dword [esp + 4]
add edx, ecx
ret

loc_fffd2984:  ; not directly referenced
mov ecx, dword [esp + 0x10]
test ecx, ecx
jne short loc_fffd299f  ; jne 0xfffd299f
mov ecx, dword [esp + 0x14]
jecxz loc_fffd299a  ; jecxz 0xfffd299a
and dword [ecx + 4], 0
mov dword [esp + 0x10], ecx

loc_fffd299a:  ; not directly referenced
jmp near fcn_fffd28b3  ; jmp 0xfffd28b3

loc_fffd299f:  ; not directly referenced
push ebx
push esi
push edi
mov edx, dword [esp + 0x14]
mov eax, dword [esp + 0x10]
mov edi, edx
mov esi, eax
mov ebx, dword [esp + 0x18]

loc_fffd29b2:  ; not directly referenced
shr edx, 1
rcr eax, 1
shrd ebx, ecx, 1
shr ecx, 1
jne short loc_fffd29b2  ; jne 0xfffd29b2
div ebx
mov ebx, eax
mov ecx, dword [esp + 0x1c]
mul dword [esp + 0x18]
imul ecx, ebx
add edx, ecx
mov ecx, dword [esp + 0x20]
jb short loc_fffd29df  ; jb 0xfffd29df
cmp edi, edx
ja short loc_fffd29ea  ; ja 0xfffd29ea
jb short loc_fffd29df  ; jb 0xfffd29df
cmp esi, eax
jae short loc_fffd29ea  ; jae 0xfffd29ea

loc_fffd29df:  ; not directly referenced
dec ebx
jecxz loc_fffd29f5  ; jecxz 0xfffd29f5
sub eax, dword [esp + 0x18]
sbb edx, dword [esp + 0x1c]

loc_fffd29ea:  ; not directly referenced
jecxz loc_fffd29f5  ; jecxz 0xfffd29f5
sub esi, eax
sbb edi, edx
mov dword [ecx], esi
mov dword [ecx + 4], edi

loc_fffd29f5:  ; not directly referenced
mov eax, ebx
xor edx, edx
pop edi
pop esi
pop ebx
ret

loc_fffd29fd:
db 0x53

fcn_fffd29fe:  ; not directly referenced
push ebp
mov ebp, esp
mov eax, dword [ebp + 0xc]
mov ecx, dword [ebp + 0x10]
cpuid
push ecx
mov ecx, dword [ebp + 0x14]
jecxz loc_fffd2a11  ; jecxz 0xfffd2a11
mov dword [ecx], eax

loc_fffd2a11:  ; not directly referenced
mov ecx, dword [ebp + 0x18]
jecxz loc_fffd2a18  ; jecxz 0xfffd2a18
mov dword [ecx], ebx

loc_fffd2a18:  ; not directly referenced
mov ecx, dword [ebp + 0x20]
jecxz loc_fffd2a1f  ; jecxz 0xfffd2a1f
mov dword [ecx], edx

loc_fffd2a1f:  ; not directly referenced
mov ecx, dword [ebp + 0x1c]
jecxz loc_fffd2a26  ; jecxz 0xfffd2a26
pop dword [ecx]

loc_fffd2a26:  ; not directly referenced
mov eax, dword [ebp + 0xc]
leave
pop ebx
ret

fcn_fffd2a2c:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
xor esi, esi
push ebx
mov ebx, eax
sub esp, 0x1c
mov dword [ebp - 0x1c], edx

loc_fffd2a3c:  ; not directly referenced
lea eax, [esi*8 + 0x48a8]
mov dword [ebp - 0x20], eax
mov edx, eax
mov eax, ebx
call fcn_fffae548  ; call 0xfffae548
mov edi, dword [ebp - 0x1c]
bt edi, esi
mov ecx, eax
jae short loc_fffd2a61  ; jae 0xfffd2a61
and ch, 0xcf
or ch, 0x18
jmp short loc_fffd2a64  ; jmp 0xfffd2a64

loc_fffd2a61:  ; not directly referenced
and ch, 0xf7

loc_fffd2a64:  ; not directly referenced
push edi
mov eax, ebx
push edi
inc esi
push edx
mov edx, dword [ebp - 0x20]
push ecx
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10
cmp esi, 2
jne short loc_fffd2a3c  ; jne 0xfffd2a3c
mov ecx, 2
mov edx, 0x4d98
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, 1
mov edx, 0x4800
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x4800
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
xor ecx, ecx
mov edx, 0x4d98
mov esi, eax
mov eax, ebx
and esi, 0xfffffffe
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, esi
mov edx, 0x4800
or ecx, 2
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 0x4800
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
xor esi, esi

loc_fffd2adb:  ; not directly referenced
mov eax, dword [ebp - 0x1c]
bt eax, esi
jae short loc_fffd2b0a  ; jae 0xfffd2b0a
lea edi, [esi*8 + 0x48a8]
mov eax, ebx
mov edx, edi
call fcn_fffae548  ; call 0xfffae548
mov ecx, eax
and ch, 0xf7
mov eax, ecx
push ecx
push ecx
push edx
mov edx, edi
push eax
mov eax, ebx
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10

loc_fffd2b0a:  ; not directly referenced
inc esi
cmp esi, 2
jne short loc_fffd2adb  ; jne 0xfffd2adb
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd2b18:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, edx
shl esi, 0xa
push ebx
mov ebx, eax
lea edi, [esi + 0x41a0]
sub esp, 0x2c
mov edx, edi
mov byte [ebp - 0x29], cl
call fcn_fffae52a  ; call 0xfffae52a
mov edx, edi
and eax, 0xfffffccc
or eax, 0x111
mov ecx, eax
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp + 0x10]
lea edx, [esi + 0x41a4]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp + 0x14]
lea edx, [esi + 0x41a8]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, dword [ebp + 0x18]
lea edx, [esi + 0x41ac]
mov eax, ebx
call fcn_fffae58c  ; call 0xfffae58c
lea edx, [esi + 0x41bc]
mov eax, ebx
xor ecx, ecx
call fcn_fffae58c  ; call 0xfffae58c
lea eax, [esi + 0x41c0]
mov dword [ebp - 0x28], eax
mov eax, dword [ebp + 8]
mov dword [ebp - 0x20], 0
mov dword [ebp - 0x1c], 0
mov dword [ebp - 0x24], 0
lea esi, [eax + 4]

loc_fffd2bb0:  ; not directly referenced
mov eax, dword [ebp - 0x24]
cmp eax, dword [ebp + 0xc]
je loc_fffd2c4b  ; je 0xfffd2c4b
mov ecx, dword [esi - 4]
add esi, 0xc
movzx eax, byte [esi - 0xc]
mov edx, ecx
mov edi, ecx
and edx, 0x7c
or ah, 0x80
shl edx, 6
and edi, 1
or eax, edx
mov edx, ecx
and edx, 2
add edi, edi
shr edx, 1
and ecx, 0x380
or edx, edi
mov edi, dword [esi - 0xc]
shl ecx, 0x11
or edx, 4
shl edx, 8
and edi, 0x300
shl edi, 5
or eax, edi
mov word [ebp - 0x20], ax
mov eax, dword [ebp - 0x20]
and eax, 0xf0ffffff
or eax, ecx
mov cl, byte [ebp - 0x29]
mov dword [ebp - 0x20], eax
mov eax, dword [ebp - 0x1c]
and ah, 0xf0
or eax, edx
mov edx, dword [esi - 8]
and eax, 0xfffffff0
shl edx, cl
not edx
and edx, 0xf
or eax, edx
mov edx, dword [ebp - 0x28]
mov dword [ebp - 0x1c], eax
push eax
push eax
mov eax, ebx
push dword [ebp - 0x1c]
push dword [ebp - 0x20]
call fcn_fffae7cf  ; call 0xfffae7cf
add esp, 0x10
inc dword [ebp - 0x24]
jmp near loc_fffd2bb0  ; jmp 0xfffd2bb0

loc_fffd2c4b:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd2c53:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
mov esi, eax
push ebx
sub esp, 0x2c
cmp dword [ebp + 8], 1
je short loc_fffd2c90  ; je 0xfffd2c90
jb short loc_fffd2c80  ; jb 0xfffd2c80
cmp dword [ebp + 8], 2
jne loc_fffd2d7c  ; jne 0xfffd2d7c
mov dword [ebp - 0x24], 0xa8
mov dword [ebp - 0x20], 0x2a
jmp short loc_fffd2c9e  ; jmp 0xfffd2c9e

loc_fffd2c80:  ; not directly referenced
mov dword [ebp - 0x24], 0xa4
mov dword [ebp - 0x20], 0x29
jmp short loc_fffd2c9e  ; jmp 0xfffd2c9e

loc_fffd2c90:  ; not directly referenced
mov dword [ebp - 0x24], 0xc0
mov dword [ebp - 0x20], 0x30

loc_fffd2c9e:  ; not directly referenced
lea eax, [esi + 0x381a]
xor ebx, ebx
mov dword [ebp - 0x28], eax
movzx eax, dl
mov dword [ebp - 0x30], eax
movzx eax, cl
mov dword [ebp - 0x34], eax

loc_fffd2cb5:  ; not directly referenced
mov eax, dword [ebp - 0x30]
bt eax, ebx
jae loc_fffd2d67  ; jae 0xfffd2d67
mov eax, dword [ebp - 0x28]
movzx edi, byte [eax + 0xfce]
mov eax, ebx
shl eax, 0xa
add eax, 0x4190
mov edx, eax
and edi, 0xf
shl edi, 0x10
or edi, 0xf
mov dword [ebp - 0x2c], eax
mov ecx, edi
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c
mov edx, 1
mov eax, esi
call fcn_fffa834b  ; call 0xfffa834b
mov dword [ebp - 0x1c], 0

loc_fffd2cff:  ; not directly referenced
mov cl, byte [ebp - 0x1c]
mov eax, 1
mov edx, dword [ebp - 0x28]
shl eax, cl
test byte [edx], al
jne short loc_fffd2d1b  ; jne 0xfffd2d1b

loc_fffd2d10:  ; not directly referenced
inc dword [ebp - 0x1c]
cmp dword [ebp - 0x1c], 4
jne short loc_fffd2cff  ; jne 0xfffd2cff
jmp short loc_fffd2d43  ; jmp 0xfffd2d43

loc_fffd2d1b:  ; not directly referenced
mov eax, dword [ebp - 0x34]
mov edx, dword [ebp - 0x1c]
bt eax, edx
jae short loc_fffd2d10  ; jae 0xfffd2d10
push eax
mov ecx, edx
push 1
mov edx, ebx
push dword [ebp - 0x24]
mov eax, esi
push dword [ebp - 0x20]
call fcn_fffaa505  ; call 0xfffaa505
add esp, 0x10
test eax, eax
je short loc_fffd2d10  ; je 0xfffd2d10
jmp short loc_fffd2d81  ; jmp 0xfffd2d81

loc_fffd2d43:  ; not directly referenced
cmp dword [ebp + 8], 2
je short loc_fffd2d67  ; je 0xfffd2d67
mov edx, 1
mov eax, esi
call fcn_fffa834b  ; call 0xfffa834b
mov edx, dword [ebp - 0x2c]
and edi, 0xfff0ffff
mov ecx, edi
mov eax, esi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffd2d67:  ; not directly referenced
inc ebx
add dword [ebp - 0x28], 0x13c3
cmp ebx, 2
jne loc_fffd2cb5  ; jne 0xfffd2cb5
xor eax, eax
jmp short loc_fffd2d81  ; jmp 0xfffd2d81

loc_fffd2d7c:  ; not directly referenced
mov eax, 1

loc_fffd2d81:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd2d89:  ; not directly referenced
push ebp
mov ebp, esp
push edi
push esi
push ebx
mov ebx, eax
sub esp, 0x50
mov al, byte [ebp + 8]
push 0
push 2
mov byte [ebp - 0x34], al
mov eax, dword [ebx + 0x2443]
mov byte [ebp - 0x33], cl
lea ecx, [ebp - 0x1a]
push ecx
mov dword [ebp - 0x2c], edx
call dword [eax + 0x5c]  ; ucall
mov edx, dword [ebp - 0x2c]
add esp, 0x10
mov byte [ebp - 0x2c], 0x60
movzx eax, dl
mov edi, eax
mov ecx, edi
mov dword [ebp - 0x48], eax
mov eax, 1
shl eax, cl
test byte [ebx + 0x381a], al
mov byte [ebp - 0x32], al
setne dl
mov cl, dl
or ecx, 2
test byte [ebx + 0x4bdd], al
movzx eax, al
mov dword [ebp - 0x38], eax
cmovne edx, ecx
movzx eax, dl
mov dword [ebp - 0x50], eax

loc_fffd2df2:  ; not directly referenced
movzx esi, byte [ebp - 0x2c]
xor edi, edi

loc_fffd2df8:  ; not directly referenced
imul eax, edi, 0x13c3
mov cl, byte [ebp - 0x32]
test byte [ebx + eax + 0x381a], cl
je short loc_fffd2e47  ; je 0xfffd2e47
push eax
push 0
push esi
push 3
push dword [ebp - 0x38]
push 1
push edi
push ebx
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 0
push esi
push 3
push dword [ebp - 0x38]
push 2
push edi
push ebx
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x1c
push 0
push esi
push 3
push dword [ebp - 0x38]
push 3
push edi
push ebx
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffd2e47:  ; not directly referenced
inc edi
cmp edi, 2
jne short loc_fffd2df8  ; jne 0xfffd2df8
mov edx, dword [ebp - 0x50]
mov eax, ebx
xor esi, esi
call fcn_fffd2a2c  ; call 0xfffd2a2c
mov eax, ebx
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b
mov edi, dword [ebp + 0xc]
imul eax, dword [ebp - 0x48], 9
mov dword [ebp - 0x4c], eax

loc_fffd2e6f:  ; not directly referenced
imul eax, esi, 0x13c3
mov dword [ebp - 0x40], eax
mov ecx, eax
mov al, byte [ebp - 0x32]
test byte [ebx + ecx + 0x381a], al
jne short loc_fffd2e90  ; jne 0xfffd2e90
mov byte [ebp + esi - 0x1a], 0xff
jmp near loc_fffd2f40  ; jmp 0xfffd2f40

loc_fffd2e90:  ; not directly referenced
cmp byte [ebp + esi - 0x1a], 0xff
je loc_fffd2f40  ; je 0xfffd2f40
imul eax, esi, 0x54a
mov byte [ebp - 0x31], 0
lea eax, [ebx + eax + 0x196b]
mov dword [ebp - 0x44], eax

loc_fffd2eaf:  ; not directly referenced
mov al, byte [ebp - 0x31]
cmp al, byte [ebx + 0x2488]
jae loc_fffd2f40  ; jae 0xfffd2f40
mov cl, byte [ebp - 0x31]
mov edx, dword [ebp - 0x40]
mov dword [ebp - 0x30], 1
shl dword [ebp - 0x30], cl
movzx eax, cl
mov ecx, dword [ebp - 0x44]
cmp byte [ebx + edx + 0x49ba], 0x20
mov dword [ebp - 0x3c], eax
mov al, byte [ecx + eax + 0x4f6]
jne short loc_fffd2ef5  ; jne 0xfffd2ef5
test al, 2
je short loc_fffd2ef5  ; je 0xfffd2ef5
mov al, byte [ebp - 0x30]
or byte [ebp + esi - 0x1a], al
jmp short loc_fffd2f38  ; jmp 0xfffd2f38

loc_fffd2ef5:  ; not directly referenced
mov ecx, dword [ebp - 0x3c]
mov edx, esi
mov eax, ebx
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, ebx
call fcn_fffae52a  ; call 0xfffae52a
mov dl, byte [ebp + esi - 0x1a]
test byte [ebp - 0x30], dl
jne short loc_fffd2f38  ; jne 0xfffd2f38
movzx eax, al
mov dword [ebp - 0x54], edx
call fcn_fffaeba2  ; call 0xfffaeba2
cmp al, 4
je short loc_fffd2f38  ; je 0xfffd2f38
mov eax, dword [ebp - 0x3c]
mov cl, byte [ebp - 0x2c]
mov edx, dword [ebp - 0x54]
add eax, dword [ebp - 0x4c]
or edx, dword [ebp - 0x30]
mov byte [edi + eax], cl
mov byte [esi + ebp - 0x1a], dl

loc_fffd2f38:  ; not directly referenced
inc byte [ebp - 0x31]
jmp near loc_fffd2eaf  ; jmp 0xfffd2eaf

loc_fffd2f40:  ; not directly referenced
inc esi
add edi, 0x24
cmp esi, 2
jne loc_fffd2e6f  ; jne 0xfffd2e6f
cmp byte [ebp - 0x1a], 0xff
jne short loc_fffd2f59  ; jne 0xfffd2f59
cmp byte [ebp - 0x19], 0xff
je short loc_fffd2f86  ; je 0xfffd2f86

loc_fffd2f59:  ; not directly referenced
mov al, byte [ebp - 0x34]
add byte [ebp - 0x2c], al
test al, al
jle short loc_fffd2f6e  ; jle 0xfffd2f6e
mov al, byte [ebp - 0x33]
cmp byte [ebp - 0x2c], al
seta al
jmp short loc_fffd2f7b  ; jmp 0xfffd2f7b

loc_fffd2f6e:  ; not directly referenced
movzx eax, byte [ebp - 0x33]
movsx edx, byte [ebp - 0x2c]
cmp edx, eax
setl al

loc_fffd2f7b:  ; not directly referenced
movzx eax, al
test eax, eax
je loc_fffd2df2  ; je 0xfffd2df2

loc_fffd2f86:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

fcn_fffd2f8e:  ; not directly referenced
push ebp
mov ebp, esp
push edi
mov edi, eax
push esi
mov esi, ecx
push ebx
mov ebx, edx
sub esp, 0x70
mov al, byte [ebp + 8]
push 0
push 2
lea edx, [ebp - 0x2c]
mov byte [ebp - 0x53], al
mov eax, dword [edi + 0x2443]
mov byte [ebp - 0x52], cl
push edx
call dword [eax + 0x5c]  ; ucall
movzx ecx, bl
mov eax, 1
shl eax, cl
add esp, 0x10
mov byte [ebp - 0x3e], al
movzx eax, al
mov dword [ebp - 0x50], eax
lea eax, [ecx + ecx*8]
mov dword [ebp - 0x60], eax
mov eax, esi
movzx eax, al
mov byte [ebp - 0x40], 0
mov byte [ebp - 0x3d], 0x40
mov dword [ebp - 0x64], eax

loc_fffd2fe3:  ; not directly referenced
movzx esi, byte [ebp - 0x3d]
xor ebx, ebx

loc_fffd2fe9:  ; not directly referenced
imul eax, ebx, 0x13c3
mov dl, byte [ebp - 0x3e]
test byte [edi + eax + 0x381a], dl
je short loc_fffd3010  ; je 0xfffd3010
push eax
push 0
push esi
push 1
push dword [ebp - 0x50]
push 4
push ebx
push edi
call fcn_fffa9178  ; call 0xfffa9178
add esp, 0x20

loc_fffd3010:  ; not directly referenced
inc ebx
cmp ebx, 2
jne short loc_fffd2fe9  ; jne 0xfffd2fe9
mov dword [ebp - 0x3c], 0

loc_fffd301d:  ; not directly referenced
mov al, byte [ebp - 0x3e]
test byte [edi + 0x381a], al
je short loc_fffd3069  ; je 0xfffd3069
or byte [ebp - 0x40], 1
mov edx, 0x41a4
cmp dword [ebp - 0x3c], 1
mov eax, edi
sbb ecx, ecx
and ecx, 0xffffc000
add ecx, 0x7000
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, 0x4000
mov edx, 0x41a8
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
xor ecx, ecx
mov edx, 0x41ac
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffd3069:  ; not directly referenced
mov al, byte [ebp - 0x3e]
test byte [edi + 0x4bdd], al
je short loc_fffd30b5  ; je 0xfffd30b5
or byte [ebp - 0x40], 2
mov edx, 0x45a4
cmp dword [ebp - 0x3c], 1
mov eax, edi
sbb ecx, ecx
and ecx, 0xffffc000
add ecx, 0x7000
call fcn_fffae58c  ; call 0xfffae58c
mov ecx, 0x4000
mov edx, 0x45a8
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c
xor ecx, ecx
mov edx, 0x45ac
mov eax, edi
call fcn_fffae58c  ; call 0xfffae58c

loc_fffd30b5:  ; not directly referenced
movzx edx, byte [ebp - 0x40]
mov eax, edi
xor esi, esi
call fcn_fffd2a2c  ; call 0xfffd2a2c
mov eax, edi
mov edx, 0xf
call fcn_fffa834b  ; call 0xfffa834b
mov eax, dword [ebp + 0xc]
mov dword [ebp - 0x48], eax

loc_fffd30d4:  ; not directly referenced
imul eax, esi, 0x13c3
mov dword [ebp - 0x5c], eax
mov ebx, eax
mov al, byte [ebp - 0x3e]
test byte [edi + ebx + 0x381a], al
jne short loc_fffd30f5  ; jne 0xfffd30f5
mov byte [ebp + esi - 0x2c], 0xff
jmp near loc_fffd31d4  ; jmp 0xfffd31d4

loc_fffd30f5:  ; not directly referenced
cmp byte [ebp + esi - 0x2c], 0xff
je loc_fffd31d4  ; je 0xfffd31d4
imul eax, esi, 0x54a
lea ebx, [ebp - 0x18]
mov byte [ebp - 0x3f], 0
lea eax, [edi + eax + 0x196b]
mov dword [ebp - 0x58], eax
lea eax, [esi + esi*8]
add eax, ebx
mov dword [ebp - 0x4c], eax

loc_fffd311f:  ; not directly referenced
mov al, byte [ebp - 0x3f]
cmp al, byte [edi + 0x2488]
jae loc_fffd31d4  ; jae 0xfffd31d4
mov edx, dword [ebp - 0x5c]
mov cl, byte [ebp - 0x3f]
mov eax, dword [ebp - 0x58]
mov dword [ebp - 0x44], 1
shl dword [ebp - 0x44], cl
cmp byte [edi + edx + 0x49ba], 0x20
movzx ebx, cl
mov al, byte [eax + ebx + 0x4f6]
jne short loc_fffd3162  ; jne 0xfffd3162
test al, 2
je short loc_fffd3162  ; je 0xfffd3162
mov al, byte [ebp - 0x44]
or byte [ebp + esi - 0x2c], al
jmp short loc_fffd31cc  ; jmp 0xfffd31cc

loc_fffd3162:  ; not directly referenced
mov ecx, ebx
mov edx, esi
mov eax, edi
call fcn_fffa7617  ; call 0xfffa7617
mov edx, eax
mov eax, edi
call fcn_fffae52a  ; call 0xfffae52a
mov cl, byte [ebp + esi - 0x2c]
test byte [ebp - 0x44], cl
jne short loc_fffd31cc  ; jne 0xfffd31cc
cmp dword [ebp - 0x3c], 0
movzx edx, al
jne short loc_fffd3191  ; jne 0xfffd3191
mov eax, dword [ebp - 0x4c]
mov byte [ebx + eax - 0x12], dl
jmp short loc_fffd31cc  ; jmp 0xfffd31cc

loc_fffd3191:  ; not directly referenced
mov eax, dword [ebp - 0x4c]
mov dword [ebp - 0x6c], ecx
mov dword [ebp - 0x68], edx
mov al, byte [ebx + eax - 0x12]
mov byte [ebp - 0x51], al
mov eax, edx
call fcn_fffaeba2  ; call 0xfffaeba2
mov edx, dword [ebp - 0x68]
mov ecx, dword [ebp - 0x6c]
cmp al, 4
jne short loc_fffd31b7  ; jne 0xfffd31b7
cmp byte [ebp - 0x51], dl
jne short loc_fffd31cc  ; jne 0xfffd31cc

loc_fffd31b7:  ; not directly referenced
mov eax, dword [ebp - 0x60]
mov edx, dword [ebp - 0x48]
or ecx, dword [ebp - 0x44]
add eax, ebx
mov bl, byte [ebp - 0x3d]
mov byte [ebp + esi - 0x2c], cl
mov byte [edx + eax], bl

loc_fffd31cc:  ; not directly referenced
inc byte [ebp - 0x3f]
jmp near loc_fffd311f  ; jmp 0xfffd311f

loc_fffd31d4:  ; not directly referenced
inc esi
add dword [ebp - 0x48], 0x24
cmp esi, 2
jne loc_fffd30d4  ; jne 0xfffd30d4
inc dword [ebp - 0x3c]
cmp dword [ebp - 0x3c], 2
jne loc_fffd301d  ; jne 0xfffd301d
cmp byte [ebp - 0x2c], 0xff
jne short loc_fffd31fb  ; jne 0xfffd31fb
cmp byte [ebp - 0x2b], 0xff
je short loc_fffd3225  ; je 0xfffd3225

loc_fffd31fb:  ; not directly referenced
mov al, byte [ebp - 0x53]
add byte [ebp - 0x3d], al
test al, al
jle short loc_fffd3210  ; jle 0xfffd3210
mov al, byte [ebp - 0x52]
cmp byte [ebp - 0x3d], al
seta al
jmp short loc_fffd321a  ; jmp 0xfffd321a

loc_fffd3210:  ; not directly referenced
movsx eax, byte [ebp - 0x3d]
cmp eax, dword [ebp - 0x64]
setl al

loc_fffd321a:  ; not directly referenced
movzx eax, al
test eax, eax
je loc_fffd2fe3  ; je 0xfffd2fe3

loc_fffd3225:  ; not directly referenced
lea esp, [ebp - 0xc]
pop ebx
pop esi
pop edi
pop ebp
ret

loc_fffd322d:
db 0x66
db 0x90
db 0x90

ref_fffd3230:
dd 0x00000801
dd 0x01000402

ref_fffd3238:
dd 0x4000f001
dd 0x02005a01
dd 0x011800dc
dd 0x9004005a
dd 0xa0020801
dd 0x01900500
dd 0x00a00208
dd 0xe000f010
dd 0x11000001
dd 0x01e000f0
dd 0xc0200000
dd 0x00018000
dd 0x00c02100
dd 0x00000180
dd 0x2200be0b
dd 0x0c000001
dd 0x01900118
dd 0x080d008c
dd 0xbe028002
dd 0x00000000

ref_fffd3288:
dd 0x4443524d
dd 0x90906600

ref_fffd3290:
dd 0x05010400
dd 0x07030602
dd 0x00000008

ref_fffd329c:
dd 0xff830000
dd 0xffe1ffc2
dd 0x007d00fa
dd 0x001f003e

ref_fffd32ac:
dd 0x02030304
dd 0x02030404
dd 0x03030405
dd 0x03040405
dd 0x03040405
dd 0x02030304
dd 0x02030404
dd 0x03030405
dd 0x03040405
dd 0x03030404

ref_fffd32d4:
dd 0x05060605
dd 0x05060605
dd 0x06060604
dd 0x05060607
dd 0x05060607
dd 0x06060607

ref_fffd32ec:
dd loc_fffa6b75
dd loc_fffa6ab2
dd loc_fffa6ae7
dd loc_fffa6b47
dd loc_fffa6a85
dd loc_fffa6b75
dd loc_fffa6b75

ref_fffd3308:
dd loc_fffa83ff
dd loc_fffa840d
dd loc_fffa841d
dd loc_fffa850b
dd loc_fffa8432
dd loc_fffa843d
dd loc_fffa844a
dd loc_fffa847b
dd loc_fffa8498

ref_fffd332c:
dd loc_fffa8691
dd loc_fffa86c5
dd loc_fffa8702
dd loc_fffa86e1
dd loc_fffa8691
dd loc_fffa86c5
dd loc_fffa86e1
dd loc_fffa8636

ref_fffd334c:
dd 0x50f00050
dd 0x0000f000
dd 0x00000000

ref_fffd3358:
dd 0x50f00050
dd 0x0000f000
dd 0x00000000

ref_fffd3364:
dd 0x3c3c3c3c
dd 0x283c283c
dd 0x283c283c
dd 0x3c3c3c3c
dd 0x283c283c
dd 0x283c283c

ref_fffd337c:
dd 0x3c3c3c3c
dd 0x1e3c1e3c
dd 0x1e3c1e3c
dd 0x3c3c3c3c
dd 0x1e3c1e3c
dd 0x1e3c1e3c

ref_fffd3394:
dd 0x00780078
dd 0x00000000

ref_fffd339c:
dd 0x003c003c
dd 0x1e3c1e3c
dd 0x1e3c1e3c
dd 0x003c003c
dd 0x1e3c1e3c
dd 0x1e3c1e3c

ref_fffd33b4:
dd 0x28002800
dd 0x1e3c1e3c
dd 0x1e3c1e3c
dd 0x28002800
dd 0x1e3c1e3c
dd 0x1e3c1e3c

ref_fffd33cc:
dd 0x00780078
dd 0x00000000

ref_fffd33d4:
dd fcn_fffc3686
dd fcn_fffc3621
dd fcn_fffc34c9
dd fcn_fffc33fa
dd fcn_fffc343a
dd fcn_fffc337c
dd fcn_fffc35b2
dd fcn_fffc3506
dd fcn_fffc3343
dd fcn_fffc32fa
dd fcn_fffc323f
dd fcn_fffc31bb
dd fcn_fffac83c

ref_fffd3408:
dd fcn_fffc2f86
dd fcn_fffaeda5
dd fcn_fffa7852
dd fcn_fffc2cf5
dd fcn_fffc2912
dd fcn_fffc2693
dd fcn_fffc247a
dd fcn_fffae2eb
dd fcn_fffae11e
dd fcn_fffadc1a
dd fcn_fffada63
dd fcn_fffc2b14
dd fcn_fffad8ba
dd fcn_fffad37a
dd fcn_fffad193
dd fcn_fffacfea
dd fcn_fffadfa3
dd fcn_fffade28
dd fcn_fffad70d
dd fcn_fffad560
dd fcn_ffface9c
dd fcn_fffacd4e
dd fcn_fffacb8e
dd fcn_fffac879

ref_fffd3468:
dd 0x00000000
dd 0x00010105
dd 0x01050100

ref_fffd3474:
dd 0x00000000
dd 0x04000101
dd 0x01050000

ref_fffd3480:
dd 0x01000001
dd 0x04010101
dd 0x01050100

ref_fffd348c:
dd 0x00000000
dd 0x04000103
dd 0x01070000

ref_fffd3498:
dd 0x00000000
dd 0x04000003
dd 0x00070000

ref_fffd34a4:
dd 0x00010000
dd 0x04000103
dd 0x01070001

ref_fffd34b0:
dd 0xffffffff

ref_fffd34b4:
dd 0x7fffffff

ref_fffd34b8:
dd 0x2625a000
dd 0x00032000
dd 0x84800300
dd 0x03e8001e
dd 0x38020000
dd 0x2b001c9c
dd 0x01000004
dd 0x00196e6a
dd 0x000004b0
dd 0x16e36002
dd 0x00053500
dd 0xcc5b0100
dd 0x05780015
dd 0xd0020000
dd 0x40001312
dd 0x03000006
dd 0x0010f447
dd 0x00000708
dd 0x10594402
dd 0x00074b00
dd 0x42400100
dd 0x07d0000f
dd 0x10020000
dd 0x55000e50
dd 0x01000008
dd 0x000ddf22
dd 0x00000898
dd 0x0cb73502
dd 0x00096000
dd 0xbcce0300
dd 0x0a28000b
dd 0xb0020000
dd 0x6b000b71
dd 0x0100000a
dd 0x000ae62d
dd 0x00000af0
dd 0x0a675a02
dd 0x000b7500
dd 0x2c2a0100
dd 0x0bb8000a
dd 0x68020000
dd 0x80000989
dd 0x0300000c
dd 0x00000000
dd 0x00000000
dd 0x90906600

ref_fffd3570:
dd 0x86186186
dd 0x18618618
dd 0x30c30c30
dd 0xa28a28a2
dd 0x8a28a28a
dd 0x14514514
dd 0x28a28a28
dd 0x92492492
dd 0x24924924

ref_fffd3594:
dd 0x00a10ca1
dd 0x00ef0d08
dd 0x00ad0a1e

ref_fffd35a0:
dd 0x00010000
dd 0x02000201
dd 0x00030900
dd 0x7801001f
dd 0x01007d00
dd 0x01480140
dd 0x5c014909
dd 0x00200101
dd 0x7e010077
dd 0x0100ff00
dd 0x017f015d
dd 0x83018001
dd 0x01840101
dd 0x89010188
dd 0x0101a701
dd 0x01ca01ac
dd 0x00000001

ref_fffd35e4:
dd 0x00010000
dd 0x02000201
dd 0x00030900
dd 0x3c010029
dd 0x01003f00
dd 0x007f0075
dd 0x91008009
dd 0x00270100
dd 0x4001003b
dd 0x01007d00
dd 0x00b300b0
dd 0xb800b401
dd 0x00b90100
dd 0xdc0100d7
dd 0x0100fa00

ref_fffd3620:
dd 0x20445053
dd 0x90906600

ref_fffd3628:
dd 0x02010000
dd 0x06050403
dd 0x08080707
dd 0x0a090909
dd 0x00000a0a

ref_fffd363c:
dd 0x003c0000
dd 0x48004806
dd 0x004c0600
dd 0x5002004c
dd 0x04005000
dd 0x00540054
dd 0x58005806
dd 0x005c0400
dd 0x6006005c
dd 0x06006000
dd 0x00640064
dd 0x60006002
dd 0x00640700
dd 0x68030064
dd 0x06006800
dd 0x0070006c
dd 0x78007407
dd 0x00740600
dd 0x7c070074
dd 0x04008c00
dd 0x00800080
dd 0x3c010005
dd 0x01480601
dd 0x4c060148
dd 0x02014c01
dd 0x01500150
dd 0x54015404
dd 0x01580601
dd 0x5c040158
dd 0x06015c01
dd 0x01600160
dd 0x64016406
dd 0x01600201
dd 0x64070160
dd 0x03016401
dd 0x01680168
dd 0x70016c06
dd 0x01740701
dd 0x74060178
dd 0x07017401
dd 0x018c017c
dd 0x80018004
dd 0x02000501
dd 0x4806023c
dd 0x06024802
dd 0x024c024c
dd 0x50025002
dd 0x02540402
dd 0x58060254
dd 0x04025802
dd 0x025c025c
dd 0x60026006
dd 0x02640602
dd 0x60020264
dd 0x07026002
dd 0x02640264
dd 0x68026803
dd 0x026c0602
dd 0x74070270
dd 0x06027802
dd 0x02740274
dd 0x8c027c07
dd 0x02800402
dd 0x00050280
dd 0x06033c03
dd 0x03480348
dd 0x4c034c06
dd 0x03500203
dd 0x54040350
dd 0x06035403
dd 0x03580358
dd 0x5c035c04
dd 0x03600603
dd 0x64060360
dd 0x02036403
dd 0x03600360
dd 0x64036407
dd 0x03680303
dd 0x6c060368
dd 0x07037003
dd 0x03780374
dd 0x74037406
dd 0x037c0703
dd 0x8004038c
dd 0x05038003
dd 0x043c0400
dd 0x48044806
dd 0x044c0604
dd 0x5002044c
dd 0x04045004
dd 0x04540454
dd 0x58045806
dd 0x045c0404
dd 0x6006045c
dd 0x06046004
dd 0x04640464
dd 0x60046002
dd 0x04640704
dd 0x68030464
dd 0x06046804
dd 0x0470046c
dd 0x78047407
dd 0x04740604
dd 0x7c070474
dd 0x04048c04
dd 0x04800480
dd 0x3c050005
dd 0x05480605
dd 0x4c060548
dd 0x02054c05
dd 0x05500550
dd 0x54055404
dd 0x05580605
dd 0x5c040558
dd 0x06055c05
dd 0x05600560
dd 0x64056406
dd 0x05600205
dd 0x64070560
dd 0x03056405
dd 0x05680568
dd 0x70056c06
dd 0x05740705
dd 0x74060578
dd 0x07057405
dd 0x058c057c
dd 0x80058004
dd 0x06000505
dd 0x4806063c
dd 0x06064806
dd 0x064c064c
dd 0x50065002
dd 0x06540406
dd 0x58060654
dd 0x04065806
dd 0x065c065c
dd 0x60066006
dd 0x06640606
dd 0x60020664
dd 0x07066006
dd 0x06640664
dd 0x68066803
dd 0x066c0606
dd 0x74070670
dd 0x06067806
dd 0x06740674
dd 0x8c067c07
dd 0x06800406
dd 0x00050680
dd 0x06073c07
dd 0x07480748
dd 0x4c074c06
dd 0x07500207
dd 0x54040750
dd 0x06075407
dd 0x07580758
dd 0x5c075c04
dd 0x07600607
dd 0x64060760
dd 0x02076407
dd 0x07600760
dd 0x64076407
dd 0x07680307
dd 0x6c060768
dd 0x07077007
dd 0x07780774
dd 0x74077406
dd 0x077c0707
dd 0x8004078c
dd 0x05078007
dd 0x083c0800
dd 0x48084806
dd 0x084c0608
dd 0x5002084c
dd 0x04085008
dd 0x08540854
dd 0x58085806
dd 0x085c0408
dd 0x6006085c
dd 0x06086008
dd 0x08640864
dd 0x60086002
dd 0x08640708
dd 0x68030864
dd 0x06086808
dd 0x0870086c
dd 0x78087407
dd 0x08740608
dd 0x7c070874
dd 0x04088c08
dd 0x08800880
dd 0x3c090005
dd 0x09480609
dd 0x4c060948
dd 0x02094c09
dd 0x09500950
dd 0x54095404
dd 0x09580609
dd 0x5c040958
dd 0x06095c09
dd 0x09600960
dd 0x64096406
dd 0x09600209
dd 0x64070960
dd 0x03096409
dd 0x09680968
dd 0x70096c06
dd 0x09740709
dd 0x74060978
dd 0x07097409
dd 0x098c097c
dd 0x80098004
dd 0x0a000509
dd 0x48060a3c
dd 0x060a480a
dd 0x0a4c0a4c
dd 0x500a5002
dd 0x0a54040a
dd 0x58060a54
dd 0x040a580a
dd 0x0a5c0a5c
dd 0x600a6006
dd 0x0a64060a
dd 0x60020a64
dd 0x070a600a
dd 0x0a640a64
dd 0x680a6803
dd 0x0a6c060a
dd 0x74070a70
dd 0x060a780a
dd 0x0a740a74
dd 0x8c0a7c07
dd 0x0a80040a
dd 0x00050a80
dd 0x060b3c0b
dd 0x0b480b48
dd 0x4c0b4c06
dd 0x0b50020b
dd 0x54040b50
dd 0x060b540b
dd 0x0b580b58
dd 0x5c0b5c04
dd 0x0b60060b
dd 0x64060b60
dd 0x020b640b
dd 0x0b600b60
dd 0x640b6407
dd 0x0b68030b
dd 0x6c060b68
dd 0x070b700b
dd 0x0b780b74
dd 0x740b7406
dd 0x0b7c070b
dd 0x80040b8c
dd 0x050b800b
dd 0x0c3c0c00
dd 0x480c4806
dd 0x0c4c060c
dd 0x50020c4c
dd 0x040c500c
dd 0x0c540c54
dd 0x580c5806
dd 0x0c5c040c
dd 0x60060c5c
dd 0x060c600c
dd 0x0c640c64
dd 0x600c6002
dd 0x0c64070c
dd 0x68030c64
dd 0x060c680c
dd 0x0c700c6c
dd 0x780c7407
dd 0x0c74060c
dd 0x7c070c74
dd 0x040c8c0c
dd 0x0c800c80
dd 0x3c0d0005
dd 0x0d48060d
dd 0x4c060d48
dd 0x020d4c0d
dd 0x0d500d50
dd 0x540d5404
dd 0x0d58060d
dd 0x5c040d58
dd 0x060d5c0d
dd 0x0d600d60
dd 0x640d6406
dd 0x0d60020d
dd 0x64070d60
dd 0x030d640d
dd 0x0d680d68
dd 0x700d6c06
dd 0x0d74070d
dd 0x74060d78
dd 0x070d740d
dd 0x0d8c0d7c
dd 0x800d8004
dd 0x0e00050d
dd 0x48060e3c
dd 0x060e480e
dd 0x0e4c0e4c
dd 0x500e5002
dd 0x0e54040e
dd 0x58060e54
dd 0x040e580e
dd 0x0e5c0e5c
dd 0x600e6006
dd 0x0e64060e
dd 0x60020e64
dd 0x070e600e
dd 0x0e640e64
dd 0x680e6803
dd 0x0e6c060e
dd 0x74070e70
dd 0x060e780e
dd 0x0e740e74
dd 0x8c0e7c07
dd 0x0e80040e
dd 0x00050e80
dd 0x060f3c0f
dd 0x0f480f48
dd 0x4c0f4c06
dd 0x0f50020f
dd 0x54040f50
dd 0x060f540f
dd 0x0f580f58
dd 0x5c0f5c04
dd 0x0f60060f
dd 0x64060f60
dd 0x020f640f
dd 0x0f600f60
dd 0x640f6407
dd 0x0f68030f
dd 0x6c060f68
dd 0x070f700f
dd 0x0f780f74
dd 0x740f7406
dd 0x0f7c070f
dd 0x80040f8c
dd 0x050f800f
dd 0x0f840f84
dd 0x3c100005
dd 0x10480610
dd 0x4c061048
dd 0x02104c10
dd 0x10501050
dd 0x54105404
dd 0x10580610
dd 0x5c041058
dd 0x06105c10
dd 0x10601060
dd 0x64106406
dd 0x10600210
dd 0x64071060
dd 0x03106410
dd 0x10681068
dd 0x70106c06
dd 0x10740710
dd 0x74061078
dd 0x07107410
dd 0x108c107c
dd 0x80108004
dd 0x11000510
dd 0x4806113c
dd 0x06114811
dd 0x114c114c
dd 0x50115002
dd 0x11540411
dd 0x58061154
dd 0x04115811
dd 0x115c115c
dd 0x60116006
dd 0x11640611
dd 0x60021164
dd 0x07116011
dd 0x11641164
dd 0x68116803
dd 0x116c0611
dd 0x74071170
dd 0x06117811
dd 0x11741174
dd 0x8c117c07
dd 0x11800411
dd 0x04051180
dd 0x06120812
dd 0x121c1214
dd 0x20122006
dd 0x13040412
dd 0x14061308
dd 0x06131c13
dd 0x13201320
dd 0x0c140404
dd 0x15040614
dd 0x0006150c
dd 0x04180018
dd 0x18101808
dd 0x18181806
dd 0x18200418
dd 0x00041820
dd 0x04190019
dd 0x19101908
dd 0x18191806
dd 0x19200419
dd 0x04041920
dd 0x061a0c1a
dd 0x1b0c1b04
dd 0x1c1c1406
dd 0x1c20061c
dd 0x14041c20
dd 0x061d1c1d
dd 0x1d201d20
dd 0x04200004
dd 0x20080720
dd 0xb8062008
dd 0x022bb82b
dd 0x36783678
dd 0x283a0004
dd 0x3a2c063a
dd 0x30043a2c
dd 0x043a343a
dd 0x40044000
dd 0x04400406
dd 0x40080740
dd 0x1006400c
dd 0x07401440
dd 0x40184018
dd 0x20402005
dd 0x40240740
dd 0x2c064028
dd 0x04403840
dd 0x40ac40a4
dd 0xcc40b404
dd 0x40d00440
dd 0xd40640d0
dd 0x0440d440
dd 0x42104210
dd 0x24422004
dd 0x42280642
dd 0x8c044244
dd 0x04429042
dd 0x42944294
dd 0x98429806
dd 0x429c0442
dd 0xa006429c
dd 0x0742a042
dd 0x42ac42a4
dd 0xe842e405
dd 0x42ec0542
dd 0x280742fc
dd 0x07432843
dd 0x43744340
dd 0x90438c05
dd 0x44000643
dd 0x04064404
dd 0x07440444
dd 0x440c4408
dd 0x14441006
dd 0x44180744
dd 0x20054418
dd 0x07442044
dd 0x44284424
dd 0x38442c06
dd 0x44a40444
dd 0xb40444ac
dd 0x0444cc44
dd 0x44d044d0
dd 0xd444d406
dd 0x46100444
dd 0x20044610
dd 0x06462446
dd 0x46444628
dd 0x90468c04
dd 0x46940446
dd 0x98064694
dd 0x04469846
dd 0x469c469c
dd 0xa046a006
dd 0x46a40746
dd 0xe40546ac
dd 0x0546e846
dd 0x46fc46ec
dd 0x28472807
dd 0x47400747
dd 0x8c054774
dd 0x06479047
dd 0x48c048a8
dd 0xf448d802
dd 0x49080248
dd 0x6802491c
dd 0x04496849
dd 0x498c4980
dd 0x444e3802
dd 0x5000024e
dd 0x04065000
dd 0x07500850
dd 0x5018500c
dd 0x1c501c06
dd 0x50200750
dd 0x38065034
dd 0x02503c50
dd 0x50585040
dd 0x5c505c06
dd 0x50600250
dd 0x64075060
dd 0x02507c50
dd 0x50845080
dd 0x8c508806
dd 0x50900250
dd 0x98065094
dd 0x02509c50
dd 0x50a450a0
dd 0xac50a806
dd 0x50b00250
dd 0xd00650cc
dd 0x0250dc50
dd 0x58805880
dd 0x88588407
dd 0x588c0758
dd 0x9005588c
dd 0x07589c58
dd 0x58a458a4
dd 0xdc58d006
dd 0x58e00758
dd 0xb80758e4
dd 0x0759b859

ref_fffd3e70:
dd 0x02000100
dd 0x08000400
dd 0x20001000
dd 0x80004000

ref_fffd3e80:
dd 0x00100000
dd 0x00110001
dd 0x00800081

ref_fffd3e8c:
dd 0x00010000
dd 0x00030002
dd 0x00050004
dd 0x00070006

ref_fffd3e9c:
dd 0x00000000
dd 0x00000000
dd 0x00070000
dd 0x03ff07ff
dd 0x00000000
dd 0x00000020
dd 0x00000003
dd 0x00000003
dd 0x00000000
dd 0x00010001
dd 0x00350049

ref_fffd3ec8:
dd 0x00000401
dd 0x00000203

ref_fffd3ed0:
dd 0x00010001
dd 0x00000307

ref_fffd3ed8:
dd 0x00010000
dd 0x90660000

ref_fffd3ee0:
dd loc_fffb407d
dd loc_fffb40ab
dd loc_fffb40e5
dd loc_fffb415f
dd loc_fffb415f
dd loc_fffb415f
dd loc_fffb415f
dd loc_fffb415f
dd loc_fffb415f
dd loc_fffb415f
dd loc_fffb4103
dd loc_fffb4136

ref_fffd3f10:
dd loc_fffb4beb
dd loc_fffb4bdc
dd loc_fffb4bfa
dd loc_fffb4c84
dd loc_fffb4c84
dd loc_fffb4c84

ref_fffd3f28:
dd loc_fffb52b2
dd loc_fffb52ad
dd loc_fffb52d3
dd loc_fffb52c6
dd loc_fffb530f
dd loc_fffb52f1
dd loc_fffb5344
dd loc_fffb535a
dd loc_fffb53b3
dd loc_fffb5399
dd loc_fffb53cc
dd loc_fffb5414

ref_fffd3f58:
dd loc_fffb56de
dd loc_fffb561b
dd loc_fffb5559
dd loc_fffb561b
dd loc_fffb56a0
dd loc_fffb561b
dd loc_fffb5705
dd loc_fffb56ef
dd loc_fffb56a0
dd loc_fffb553a

ref_fffd3f80:
dd loc_fffb57eb
dd loc_fffb5802
dd loc_fffb5819
dd loc_fffb582d
dd loc_fffb5841
dd loc_fffb5858
dd loc_fffb586f
dd loc_fffb5883
dd loc_fffb58be
dd loc_fffb58d5
dd loc_fffb592a
dd loc_fffb599b
dd loc_fffb59fe
dd loc_fffb5b1f
dd loc_fffb5b53

ref_fffd3fbc:
db 'CbAllocatePool',0x00,0x00

ref_fffd3fcc:
dd 0x00000000
dd 0xe0566b04
dd 0x060a0302

ref_fffd3fd8:
dd 0x008a2601
dd 0xee84a905
dd 0x03060402
dd 0x008a1601
dd 0xee4c9105
dd 0x03050402
dd 0x008e2601
dd 0xe979a305
dd 0x04070302
dd 0x008e1601
dd 0xe94a8b05
dd 0x03060302
dd 0x008a2401
dd 0xe0566b04
dd 0x05090302
dd 0x008a1401
dd 0xe03d5f04
dd 0x04080302
dd 0x008e2401
dd 0xdb4f6704
dd 0x060a0302
dd 0x008e1401
dd 0xdb385b04
dd 0x05090302

ref_fffd4038:
dd 0x00000062
dd 0x44ab8703
dd 0x42220805
dd 0x03000000
dd 0x0544c19f
dd 0x00522008
dd 0xda030000
dd 0x09054df2
dd 0x0000631e
dd 0xefc50300
dd 0x341008cd
dd 0x00000043
dd 0x67877202
dd 0x53340804
dd 0x02000000
dd 0x0573a398
dd 0x00003109
dd 0x98020000
dd 0x090573a3
dd 0x00000034

ref_fffd4088:
dd 0x00669263
dd 0x82ca6a04
dd 0x63081009
dd 0x030066a2
dd 0x05408934
dd 0x92630b07
dd 0x78040086
dd 0x130b86d6
dd 0x86a26309
dd 0x8f3b0300
dd 0x0e090642
dd 0x00669463
dd 0x7cb05b04
dd 0x63070b05
dd 0x040066a4
dd 0x057af758
dd 0x94630909
dd 0x66040086
dd 0x0d0681b9
dd 0x86a46308
dd 0x80320300
dd 0x09050340
dd 0x00671263
dd 0x40ca9f03
dd 0x63110705
dd 0x03006722
dd 0x053fca9e
dd 0x12631807
dd 0xa6030087
dd 0x090642d0
dd 0x87226313
dd 0xd0a50300
dd 0x1a080641
dd 0x00671463
dd 0x3dbd9803
dd 0x630f0503
dd 0x03006724
dd 0x033dbd97
dd 0x14631204
dd 0x9d030087
dd 0x060340c2
dd 0x87246310
dd 0xc19c0300
dd 0x1405033f
dd 0x006a9263
dd 0x88b36604
dd 0x630a0e08
dd 0x04006aa2
dd 0x0886b164
dd 0x92630d0c
dd 0x7404008a
dd 0x110a8bbf
dd 0x8aa2630b
dd 0xbd720400
dd 0x0f0f0a89
dd 0x006a9463
dd 0x7c9a5704
dd 0x63080a04
dd 0x04006aa4
dd 0x047a9855
dd 0x94630a08
dd 0x6204008a
dd 0x0b0580a3
dd 0x8aa46309
dd 0xa1600400
dd 0x0b09057e
dd 0x006b1263
dd 0x43ab8803
dd 0x63140704
dd 0x03006b22
dd 0x0443aa87
dd 0x12631a06
dd 0x8f03008b
dd 0x080545b1
dd 0x8b226315
dd 0xb08f0300
dd 0x1d070544
dd 0x006b1463
dd 0x3d9e8103
dd 0x63100402
dd 0x03006b24
dd 0x023d9e80
dd 0x14631504
dd 0x8603008b
dd 0x05033fa3
dd 0x8b246311
dd 0xa2850300
dd 0x1504033f
dd 0x006e9263
dd 0x90fd7204
dd 0x630c0d07
dd 0x04006ea2
dd 0x078efb71
dd 0x92630f0b
dd 0x4003008e
dd 0x08054a85
dd 0x8ea2630e
dd 0x843f0300
dd 0x12070549
dd 0x006e9463
dd 0x7ee46204
dd 0x630a0904
dd 0x04006ea4
dd 0x047ce361
dd 0x94630c07
dd 0x6c04008e
dd 0x0a0582ed
dd 0x8ea4630b
dd 0xeb6b0400
dd 0x0d080580
dd 0x006f1263
dd 0x47ce8e03
dd 0x63170604
dd 0x03006f22
dd 0x0447cd8e
dd 0x12632006
dd 0x9503008f
dd 0x070549d4
dd 0x8f226319
dd 0xd3950300
dd 0x23070548
dd 0x006f1463
dd 0x3ec18603
dd 0x63130402
dd 0x03006f24
dd 0x023ec186
dd 0x14631603
dd 0x8c03008f
dd 0x040340c6
dd 0x8f246314
dd 0xc58b0300
dd 0x1a040340
dd 0x00729263
dd 0x9ce66f04
dd 0x630e0c07
dd 0x040072a2
dd 0x079be46d
dd 0x9263120b
dd 0x7c040092
dd 0x0e089ff1
dd 0x92a2630f
dd 0xf07b0400
dd 0x140d089d
dd 0x00729463
dd 0x83ce5f04
dd 0x630b0804
dd 0x040072a4
dd 0x0482cc5e
dd 0x94630d06
dd 0x69040092
dd 0x090587d6
dd 0x92a4630c
dd 0xd5680400
dd 0x0e070586
dd 0x00731263
dd 0x4eb78103
dd 0x631a0604
dd 0x03007322
dd 0x044db680
dd 0x12632105
dd 0x87030093
dd 0x07044fbd
dd 0x9322631c
dd 0xbc870300
dd 0x2506044f
dd 0x00731463
dd 0x41ab7903
dd 0x63150402
dd 0x03007324
dd 0x0241aa78
dd 0x14631903
dd 0x7e030093
dd 0x040343af
dd 0x93246316
dd 0xaf7d0300
dd 0x1d040343
dd 0x00769263
dd 0xa6d46c04
dd 0x630f0b06
dd 0x040076a2
dd 0x06a4d36b
dd 0x9263130a
dd 0x7a040096
dd 0x0d08a8e0
dd 0x96a26311
dd 0xde790400
dd 0x160c08a7
dd 0x00769463
dd 0x87bd5c04
dd 0x630c0703
dd 0x040076a4
dd 0x0385bb5b
dd 0x94630e06
dd 0x66040096
dd 0x08048ac5
dd 0x96a4630d
dd 0xc3650400
dd 0x10070489
dd 0x00771263
dd 0x52a67603
dd 0x631a0503
dd 0x03007722
dd 0x0352a576
dd 0x12632405
dd 0x7d030097
dd 0x060454ab
dd 0x9722631d
dd 0xab7d0300
dd 0x29060453
dd 0x00771463
dd 0x439a6e03
dd 0x63150302
dd 0x03007724
dd 0x02439a6e
dd 0x14631b03
dd 0x73030097
dd 0x0402459e
dd 0x97246318
dd 0x9d730300
dd 0x1c030244
dd 0x00669243
dd 0x82c97704
dd 0x43091009
dd 0x040066a2
dd 0x097fc775
dd 0x92430c0e
dd 0x85040086
dd 0x130b86d6
dd 0x86a2430a
dd 0xd3830400
dd 0x0d110b83
dd 0x00669443
dd 0x7cb06804
dd 0x43070b05
dd 0x040066a4
dd 0x057aae66
dd 0x94430909
dd 0x73040086
dd 0x0d0681b9
dd 0x86a44308
dd 0xb7710400
dd 0x0a0a067e
dd 0x00671243
dd 0x40e8bd03
dd 0x43130705
dd 0x03006722
dd 0x053fe8bd
dd 0x12431a07
dd 0xc4030087
dd 0x090642ef
dd 0x87224315
dd 0xeec30300
dd 0x1c080641
dd 0x00671443
dd 0x3ddcb603
dd 0x43110503
dd 0x03006724
dd 0x033ddbb5
dd 0x14431404
dd 0xbb030087
dd 0x060340e0
dd 0x87244312
dd 0xdfbb0300
dd 0x1605033f
dd 0x006a9243
dd 0x88b27104
dd 0x430a0e08
dd 0x04006aa2
dd 0x0886b16f
dd 0x92430d0c
dd 0x7f04008a
dd 0x110a8bbf
dd 0x8aa2430b
dd 0xbd7d0400
dd 0x0f0f0a89
dd 0x006a9443
dd 0x7c9a6204
dd 0x43080a04
dd 0x04006aa4
dd 0x047a9860
dd 0x94430a08
dd 0x6d04008a
dd 0x0b0580a3
dd 0x8aa44309
dd 0xa16b0400
dd 0x0b09057e
dd 0x006b1243
dd 0x43c3a003
dd 0x43150704
dd 0x03006b22
dd 0x0443c2a0
dd 0x12431c06
dd 0xa703008b
dd 0x080545c9
dd 0x8b224317
dd 0xc8a70300
dd 0x1f070544
dd 0x006b1443
dd 0x3db69903
dd 0x43110402
dd 0x03006b24
dd 0x023db698
dd 0x14431604
dd 0x9e03008b
dd 0x05033fbb
dd 0x8b244313
dd 0xba9e0300
dd 0x1704033f
dd 0x006e9243
dd 0x90d27904
dd 0x430c0d07
dd 0x04006ea2
dd 0x078ed077
dd 0x92430f0b
dd 0x8704008e
dd 0x0f0993de
dd 0x8ea2430d
dd 0xdc850400
dd 0x110d0991
dd 0x006e9443
dd 0x7eba6904
dd 0x430a0804
dd 0x04006ea4
dd 0x047cb867
dd 0x94430c07
dd 0x7304008e
dd 0x0a0581c2
dd 0x8ea4430b
dd 0xc0720400
dd 0x0d080580
dd 0x006f1243
dd 0x47ba8e03
dd 0x43170604
dd 0x03006f22
dd 0x0447ba8e
dd 0x12432006
dd 0x9503008f
dd 0x070549c0
dd 0x8f224319
dd 0xc0940300
dd 0x23070548
dd 0x006f1443
dd 0x3eae8603
dd 0x43130402
dd 0x03006f24
dd 0x023eae86
dd 0x14431603
dd 0x8b03008f
dd 0x040340b2
dd 0x8f244314
dd 0xb28b0300
dd 0x1a040340
dd 0x00729243
dd 0x9cc17504
dd 0x430e0c07
dd 0x040072a2
dd 0x079bbf73
dd 0x9243120b
dd 0x82040092
dd 0x0e089fcc
dd 0x92a2430f
dd 0xcb810400
dd 0x140c089d
dd 0x00729443
dd 0x83a96504
dd 0x430b0804
dd 0x040072a4
dd 0x0482a864
dd 0x94430d06
dd 0x6f040092
dd 0x090587b1
dd 0x92a4430c
dd 0xb06e0400
dd 0x0e070586
dd 0x00731243
dd 0x4ea68003
dd 0x431a0604
dd 0x03007322
dd 0x044da680
dd 0x12432105
dd 0x87030093
dd 0x07044fac
dd 0x9322431c
dd 0xab870300
dd 0x2506044f
dd 0x00731443
dd 0x419a7803
dd 0x43150402
dd 0x03007324
dd 0x02419a78
dd 0x14431903
dd 0x7d030093
dd 0x0403439e
dd 0x93244316
dd 0x9e7d0300
dd 0x1d040343
dd 0x00769243
dd 0xa5b47204
dd 0x430f0b06
dd 0x040076a2
dd 0x06a4b370
dd 0x9243140a
dd 0x7f040096
dd 0x0d08a8c0
dd 0x96a24311
dd 0xbe7e0400
dd 0x160c08a7
dd 0x00769443
dd 0x879d6104
dd 0x430c0703
dd 0x040076a4
dd 0x03859b60
dd 0x94430e06
dd 0x6b040096
dd 0x08048aa4
dd 0x96a4430d
dd 0xa36a0400
dd 0x10070489
dd 0x00771243
dd 0x52977603
dd 0x431a0503
dd 0x03007722
dd 0x03529776
dd 0x12432405
dd 0x7d030097
dd 0x0604549d
dd 0x9722431d
dd 0x9c7c0300
dd 0x29060453
dd 0x00771443
dd 0x438b6e03
dd 0x43150302
dd 0x03007724
dd 0x02438b6d
dd 0x14431b03
dd 0x73030097
dd 0x0402458f
dd 0x97244318
dd 0x8f720300
dd 0x1c030244
dd 0x00669253
dd 0x91e28504
dd 0x5308120a
dd 0x040066a2
dd 0x0a8fdf83
dd 0x92530b0f
dd 0x95040086
dd 0x150d96f0
dd 0x86a25309
dd 0xed920400
dd 0x0d130d93
dd 0x00669453
dd 0x9acf7e04
dd 0x53060c06
dd 0x040066a4
dd 0x0698cc7b
dd 0x9453080a
dd 0x8b040086
dd 0x0e07a0da
dd 0x86a45307
dd 0xd7890400
dd 0x0a0c079d
dd 0x00671253
dd 0x248c7702
dd 0x530f0403
dd 0x02006722
dd 0x03248c76
dd 0x12531704
dd 0x7b020087
dd 0x05042590
dd 0x87225311
dd 0x8f7a0200
dd 0x1b050425
dd 0x00671453
dd 0x26877502
dd 0x530d0302
dd 0x02006724
dd 0x02268774
dd 0x14531303
dd 0x78020087
dd 0x0302288a
dd 0x8724530d
dd 0x8a780200
dd 0x13030227
dd 0x006a9253
dd 0x98c87e04
dd 0x53091009
dd 0x04006aa2
dd 0x0996c67c
dd 0x92530d0e
dd 0x8e04008a
dd 0x120b9cd6
dd 0x8aa2530a
dd 0xd48c0400
dd 0x0e100b9a
dd 0x006a9453
dd 0x9ab67704
dd 0x53070b05
dd 0x04006aa4
dd 0x0598b475
dd 0x94530a09
dd 0x8404008a
dd 0x0c079fc0
dd 0x8aa45308
dd 0xbe820400
dd 0x0a0a079d
dd 0x006b1253
dd 0x26928302
dd 0x53130403
dd 0x02006b22
dd 0x03269282
dd 0x12531d04
dd 0x8702008b
dd 0x05032796
dd 0x8b225316
dd 0x95860200
dd 0x1d040327
dd 0x006b1453
dd 0x268e8102
dd 0x53110302
dd 0x02006b24
dd 0x02268d80
dd 0x14531302
dd 0x8402008b
dd 0x03022890
dd 0x8b245311
dd 0x90840200
dd 0x18030227
dd 0x006e9253
dd 0xa1b87a04
dd 0x530a0e08
dd 0x04006ea2
dd 0x08a0b679
dd 0x92530e0c
dd 0x8a04008e
dd 0x100aa5c5
dd 0x8ea2530b
dd 0xc4880400
dd 0x100f0aa3
dd 0x006e9453
dd 0x9ca67104
dd 0x53080a05
dd 0x04006ea4
dd 0x059aa470
dd 0x94530b08
dd 0x7e04008e
dd 0x0b06a1b0
dd 0x8ea45309
dd 0xae7c0400
dd 0x0c09069f
dd 0x006f1253
dd 0x50fce203
dd 0x53140704
dd 0x03006f22
dd 0x0450fbe1
dd 0x12531c06
dd 0x7502008f
dd 0x04032982
dd 0x8f225316
dd 0x81750200
dd 0x22040329
dd 0x006f1453
dd 0x4ef3dd03
dd 0x53100403
dd 0x03006f24
dd 0x034df2dd
dd 0x14531604
dd 0xe403008f
dd 0x050350f8
dd 0x8f245312
dd 0xf7e30300
dd 0x19050350
dd 0x00729253
dd 0xafac7704
dd 0x530b0d07
dd 0x040072a2
dd 0x07aeab76
dd 0x9253100c
dd 0x86040092
dd 0x0f09b2b9
dd 0x92a2530d
dd 0xb8850400
dd 0x120e09b1
dd 0x00729453
dd 0xa39a6f04
dd 0x53090904
dd 0x040072a4
dd 0x04a2996d
dd 0x94530c07
dd 0x7b040092
dd 0x0a05a8a5
dd 0x92a4530a
dd 0xa37a0400
dd 0x0e0905a7
dd 0x00731253
dd 0x57dfc903
dd 0x53150604
dd 0x03007322
dd 0x0457dfc8
dd 0x12532006
dd 0xd0030093
dd 0x070559e6
dd 0x93225317
dd 0xe5d00300
dd 0x24070558
dd 0x00731453
dd 0x51d6c503
dd 0x53120402
dd 0x03007324
dd 0x0251d6c4
dd 0x14531904
dd 0xcb030093
dd 0x050354db
dd 0x93245314
dd 0xdbcb0300
dd 0x19040353
dd 0x00769253
dd 0xbaa47504
dd 0x530d0c07
dd 0x040076a2
dd 0x07b9a274
dd 0x9253120b
dd 0x84040096
dd 0x0e09bcb0
dd 0x96a2530e
dd 0xaf830400
dd 0x140d09bb
dd 0x00769453
dd 0xa7926c04
dd 0x530a0804
dd 0x040076a4
dd 0x04a6916a
dd 0x94530d07
dd 0x78040096
dd 0x0905ac9c
dd 0x96a4530b
dd 0x9b770400
dd 0x0e0805ab
dd 0x00771253
dd 0x5dcab603
dd 0x53180604
dd 0x03007722
dd 0x045cc9b6
dd 0x12532406
dd 0xbe030097
dd 0x07055ed0
dd 0x9722531a
dd 0xd0bd0300
dd 0x2406055e
dd 0x00771453
dd 0x53c1b103
dd 0x53130402
dd 0x03007724
dd 0x0253c1b1
dd 0x14531703
dd 0xb8030097
dd 0x040356c6
dd 0x97245314
dd 0xc6b70300
dd 0x1c040355
dd 0x00669262
dd 0x69a35604
dd 0x62070d07
dd 0x040066a2
dd 0x0767dd54
dd 0x9262090b
dd 0x61040086
dd 0x10096cad
dd 0x86a26208
dd 0xe75f0400
dd 0x0b0e096a
dd 0x00669462
dd 0x658f4a04
dd 0x62060904
dd 0x040066a4
dd 0x0463c948
dd 0x94620707
dd 0x53040086
dd 0x0a056996
dd 0x86a46206
dd 0xd0510400
dd 0x08080567
dd 0x00671262
dd 0x34a48103
dd 0x620e0604
dd 0x03006722
dd 0x0433a380
dd 0x12621406
dd 0x87030087
dd 0x070536a9
dd 0x87226210
dd 0xa8860300
dd 0x16070535
dd 0x00671462
dd 0x329a7b03
dd 0x620c0402
dd 0x03006724
dd 0x0231997a
dd 0x14620e03
dd 0x7f030087
dd 0x0503349d
dd 0x8724620d
dd 0x9d7f0300
dd 0x10040333
dd 0x006a9262
dd 0x6e915304
dd 0x62080c06
dd 0x04006aa2
dd 0x066d8f51
dd 0x92620b0a
dd 0x5e04008a
dd 0x0e08719b
dd 0x8aa26209
dd 0x995c0400
dd 0x0c0c086f
dd 0x006a9462
dd 0xc9f98d05
dd 0x62060f07
dd 0x05006aa4
dd 0x07c5f68a
dd 0x9462080c
dd 0x4f04008a
dd 0x09046884
dd 0x8aa46207
dd 0x824e0400
dd 0x09070466
dd 0x006b1262
dd 0x378a6e03
dd 0x620f0503
dd 0x03006b22
dd 0x03368a6e
dd 0x12621605
dd 0x7403008b
dd 0x0604388f
dd 0x8b226211
dd 0x8f740300
dd 0x18060438
dd 0x006b1462
dd 0x32806803
dd 0x620e0402
dd 0x04006b24
dd 0x0462ffcf
dd 0x14621006
dd 0x6d03008b
dd 0x04023484
dd 0x8b24620e
dd 0x836c0300
dd 0x13040233
dd 0x006e9262
dd 0x75cd5d04
dd 0x620a0b06
dd 0x04006ea2
dd 0x0673cb5b
dd 0x92620d09
dd 0x6804008e
dd 0x0c0777d6
dd 0x8ea2620b
dd 0xd5660400
dd 0x0e0b0776
dd 0x006e9462
dd 0x66b95004
dd 0x62080703
dd 0x04006ea4
dd 0x0365b84e
dd 0x94620a06
dd 0x5804008e
dd 0x080469c0
dd 0x8ea46209
dd 0xbe570400
dd 0x0b070468
dd 0x006f1262
dd 0x3aa77303
dd 0x62130503
dd 0x03006f22
dd 0x033aa673
dd 0x12621a05
dd 0x7903008f
dd 0x06043bab
dd 0x8f226215
dd 0xab790300
dd 0x1b05043b
dd 0x006f1462
dd 0x339d6d03
dd 0x620f0302
dd 0x03006f24
dd 0x02329c6d
dd 0x14621403
dd 0x7103008f
dd 0x040234a0
dd 0x8f246211
dd 0xa0710300
dd 0x14030234
dd 0x00729262
dd 0x7fba5a04
dd 0x620b0a05
dd 0x040072a2
dd 0x057eb959
dd 0x92620f09
dd 0x65040092
dd 0x0b0781c3
dd 0x92a2620c
dd 0xc2640400
dd 0x100a0780
dd 0x00729462
dd 0x6ba74d04
dd 0x62090603
dd 0x040072a4
dd 0x0369a64c
dd 0x94620a05
dd 0x55040092
dd 0x07046ead
dd 0x92a46209
dd 0xac540400
dd 0x0c06046c
dd 0x00731262
dd 0x3f946803
dd 0x62150503
dd 0x03007322
dd 0x033f9468
dd 0x12621b04
dd 0x6e030093
dd 0x05044099
dd 0x93226216
dd 0x986d0300
dd 0x1e050440
dd 0x00731462
dd 0x358a6203
dd 0x62110302
dd 0x03007324
dd 0x02358a62
dd 0x14621603
dd 0x66030093
dd 0x0302378e
dd 0x93246211
dd 0x8d660300
dd 0x17030236
dd 0x00769262
dd 0x86ac5804
dd 0x620c0905
dd 0x040076a2
dd 0x0585ab57
dd 0x92621008
dd 0x63040096
dd 0x0b0688b5
dd 0x96a2620e
dd 0xb4620400
dd 0x120a0687
dd 0x00769462
dd 0x6d994a04
dd 0x620a0603
dd 0x040076a4
dd 0x036c9849
dd 0x94620c05
dd 0x53040096
dd 0x0704709f
dd 0x96a4620b
dd 0x9e520400
dd 0x0d06046f
dd 0x00771262
dd 0x43866003
dd 0x62160403
dd 0x03007722
dd 0x03438660
dd 0x12621d04
dd 0x65030097
dd 0x0503448b
dd 0x97226218
dd 0x8b650300
dd 0x22050344
dd 0x00771462
dd 0x6cf9b204
dd 0x62110503
dd 0x04007724
dd 0x036cf8b1
dd 0x14621605
dd 0xba040097
dd 0x06046fff
dd 0x97246213
dd 0xffb90400
dd 0x1705046f
dd 0x00669242
dd 0x69a36304
dd 0x42070d07
dd 0x040066a2
dd 0x0767a161
dd 0x9242090b
dd 0x6e040086
dd 0x10096cad
dd 0x86a24208
dd 0xab6c0400
dd 0x0b0e096a
dd 0x00669442
dd 0x658f5704
dd 0x42060904
dd 0x040066a4
dd 0x04638d55
dd 0x94420707
dd 0x5f040086
dd 0x0a056896
dd 0x86a44206
dd 0x945d0400
dd 0x08080567
dd 0x00671242
dd 0x34bc9903
dd 0x42100604
dd 0x03006722
dd 0x0433bc99
dd 0x12421606
dd 0x9f030087
dd 0x070536c1
dd 0x87224211
dd 0xc19e0300
dd 0x18070535
dd 0x00671442
dd 0x32b29303
dd 0x420d0402
dd 0x03006724
dd 0x0231b193
dd 0x14420f03
dd 0x98030087
dd 0x050334b6
dd 0x8724420f
dd 0xb5970300
dd 0x12040333
dd 0x006a9242
dd 0x6e915d04
dd 0x42080c06
dd 0x04006aa2
dd 0x066d8f5b
dd 0x92420b0a
dd 0x6804008a
dd 0x0e08719b
dd 0x8aa24209
dd 0x99670400
dd 0x0d0c086f
dd 0x006a9442
dd 0xc8f9a205
dd 0x42070f07
dd 0x05006aa4
dd 0x07c5f69e
dd 0x9442080c
dd 0x5a04008a
dd 0x09046884
dd 0x8aa44207
dd 0x82580400
dd 0x09070466
dd 0x006b1242
dd 0x379e8203
dd 0x42110503
dd 0x03006b22
dd 0x03369d81
dd 0x12421705
dd 0x8803008b
dd 0x060438a3
dd 0x8b224212
dd 0xa2870300
dd 0x1a060438
dd 0x006b1442
dd 0x32947c03
dd 0x420e0302
dd 0x03006b24
dd 0x0231937b
dd 0x14421203
dd 0x8003008b
dd 0x04023497
dd 0x8b24420f
dd 0x97800300
dd 0x14040233
dd 0x006e9242
dd 0x74aa6304
dd 0x420a0b06
dd 0x04006ea2
dd 0x0673a962
dd 0x92420d09
dd 0x6f04008e
dd 0x0c0777b4
dd 0x8ea2420b
dd 0xb26d0400
dd 0x0f0b0776
dd 0x006e9442
dd 0x66965604
dd 0x42080703
dd 0x04006ea4
dd 0x03649555
dd 0x94420a06
dd 0x5f04008e
dd 0x0804699d
dd 0x8ea44209
dd 0x9c5d0400
dd 0x0b070468
dd 0x006f1242
dd 0x3a977303
dd 0x42130503
dd 0x03006f22
dd 0x033a9673
dd 0x12421a05
dd 0x7903008f
dd 0x06043b9c
dd 0x8f224215
dd 0x9b780300
dd 0x1b05043b
dd 0x006f1442
dd 0x338d6d03
dd 0x420f0302
dd 0x03006f24
dd 0x02328d6c
dd 0x14421403
dd 0x7103008f
dd 0x04023490
dd 0x8f244211
dd 0x90700300
dd 0x14030234
dd 0x00729242
dd 0x7f9c6004
dd 0x420b0a05
dd 0x040072a2
dd 0x057e9b5f
dd 0x92420f09
dd 0x6b040092
dd 0x0b0781a6
dd 0x92a2420c
dd 0xa56a0400
dd 0x100a0780
dd 0x00729442
dd 0x6a895304
dd 0x42090603
dd 0x040072a4
dd 0x03698852
dd 0x94420b05
dd 0x5b040092
dd 0x07046d90
dd 0x92a4420a
dd 0x8f5a0400
dd 0x0c06046c
dd 0x00731242
dd 0x3f876803
dd 0x42150503
dd 0x03007322
dd 0x033f8668
dd 0x12421a04
dd 0x6d030093
dd 0x0504408b
dd 0x93224216
dd 0x8b6d0300
dd 0x1e050440
dd 0x00731442
dd 0x6af9c304
dd 0x42100503
dd 0x04007324
dd 0x0369f9c2
dd 0x14421405
dd 0x66030093
dd 0x03023780
dd 0x93244211
dd 0xffca0400
dd 0x1606046c
dd 0x00769242
dd 0x86925d04
dd 0x420c0905
dd 0x040076a2
dd 0x0585915c
dd 0x92421008
dd 0x68040096
dd 0x0b06889b
dd 0x96a2420e
dd 0x9a670400
dd 0x120a0687
dd 0x00769442
dd 0xdafd9f05
dd 0x420a0b05
dd 0x050076a4
dd 0x05d8fb9d
dd 0x94420b09
dd 0x58040096
dd 0x07047085
dd 0x96a4420b
dd 0x84570400
dd 0x0d06046f
dd 0x00771242
dd 0x85f4bf04
dd 0x42150805
dd 0x04007722
dd 0x0585f4be
dd 0x12421d08
dd 0xca040097
dd 0x0a0687fe
dd 0x97224218
dd 0xfdc90400
dd 0x20090687
dd 0x00771442
dd 0x6ce1b104
dd 0x42110503
dd 0x04007724
dd 0x036ce1b1
dd 0x14421605
dd 0xb9040097
dd 0x06046fe8
dd 0x97244213
dd 0xe7b90400
dd 0x1705046f
dd 0x00669252
dd 0x76b76e04
dd 0x52060e08
dd 0x040066a2
dd 0x0874b56c
dd 0x9252090c
dd 0x7b040086
dd 0x110a79c2
dd 0x86a25207
dd 0xc0790400
dd 0x0a0f0a77
dd 0x00669452
dd 0x7da76804
dd 0x52050a05
dd 0x040066a4
dd 0x057ba566
dd 0x94520708
dd 0x73040086
dd 0x0c0681b0
dd 0x86a45206
dd 0xaf710400
dd 0x080a067f
dd 0x00671252
dd 0x3ae3c003
dd 0x520d0704
dd 0x03006722
dd 0x043ae2bf
dd 0x12521206
dd 0xc6030087
dd 0x08053ce8
dd 0x8722520e
dd 0xe8c60300
dd 0x1407053b
dd 0x00671452
dd 0x3edbbd03
dd 0x520a0403
dd 0x03006724
dd 0x033ddabc
dd 0x14520e04
dd 0xc2030087
dd 0x050340df
dd 0x8724520b
dd 0xdfc20300
dd 0x10050340
dd 0x006a9252
dd 0x7ba26804
dd 0x52070d07
dd 0x04006aa2
dd 0x077aa166
dd 0x92520a0b
dd 0x7504008a
dd 0x0f097eae
dd 0x8aa25208
dd 0xac730400
dd 0x0c0d097d
dd 0x006a9452
dd 0x7d936204
dd 0x52060904
dd 0x04006aa4
dd 0x047b9261
dd 0x94520807
dd 0x6d04008a
dd 0x0a05819c
dd 0x8aa45207
dd 0x9a6b0400
dd 0x0908057f
dd 0x006b1252
dd 0x3dedd303
dd 0x520f0604
dd 0x03006b22
dd 0x043decd3
dd 0x12521405
dd 0xda03008b
dd 0x07053ff2
dd 0x8b225210
dd 0xf2d90300
dd 0x1907053e
dd 0x006b1452
dd 0x3ee5d003
dd 0x520d0402
dd 0x03006b24
dd 0x023de5d0
dd 0x14521104
dd 0xd603008b
dd 0x050340e9
dd 0x8b24520e
dd 0xe9d50300
dd 0x12040340
dd 0x006e9252
dd 0x83956404
dd 0x52080b06
dd 0x04006ea2
dd 0x06819463
dd 0x92520b0a
dd 0x7104008e
dd 0x0d0885a0
dd 0x8ea25209
dd 0x9f700400
dd 0x0d0c0884
dd 0x006e9452
dd 0x7e865d04
dd 0x52070804
dd 0x04006ea4
dd 0x047d855c
dd 0x94520907
dd 0x6804008e
dd 0x0905828f
dd 0x8ea45207
dd 0x8d660400
dd 0x0a080581
dd 0x006f1252
dd 0x41ccb703
dd 0x52100503
dd 0x03006f22
dd 0x0341ccb7
dd 0x12521705
dd 0xbd03008f
dd 0x060442d2
dd 0x8f225211
dd 0xd1bd0300
dd 0x1a060442
dd 0x006f1452
dd 0x3fc5b303
dd 0x520e0402
dd 0x03006f24
dd 0x023fc4b3
dd 0x14521103
dd 0xb903008f
dd 0x040341c9
dd 0x8f24520e
dd 0xc9b80300
dd 0x14040341
dd 0x00729252
dd 0x8e8c6204
dd 0x520a0b06
dd 0x040072a2
dd 0x068d8a61
dd 0x92520d0a
dd 0x6e040092
dd 0x0c089096
dd 0x92a2520a
dd 0x956d0400
dd 0x0f0b088f
dd 0x00729452
dd 0x847d5b04
dd 0x52080704
dd 0x040072a4
dd 0x04837c5a
dd 0x94520a06
dd 0x65040092
dd 0x08058885
dd 0x92a45208
dd 0x84640400
dd 0x0b070587
dd 0x00731252
dd 0x47b5a303
dd 0x52120503
dd 0x03007322
dd 0x0347b5a2
dd 0x12521a05
dd 0xa9030093
dd 0x060448ba
dd 0x93225214
dd 0xbaa90300
dd 0x1e060448
dd 0x00731452
dd 0x42ae9f03
dd 0x520e0302
dd 0x03007324
dd 0x0242ad9f
dd 0x14521303
dd 0xa4030093
dd 0x040344b2
dd 0x93245210
dd 0xb2a40300
dd 0x17040344
dd 0x00769252
dd 0x97856004
dd 0x520b0a06
dd 0x040076a2
dd 0x0696845f
dd 0x92520e09
dd 0x6c040096
dd 0x0c07998f
dd 0x96a2520c
dd 0x8e6b0400
dd 0x110b0798
dd 0x00769452
dd 0x88765804
dd 0x52090703
dd 0x040076a4
dd 0x03877557
dd 0x94520b06
dd 0x62040096
dd 0x08048b7e
dd 0x96a45209
dd 0x7d610400
dd 0x0c07048a
dd 0x00771252
dd 0x4ba49403
dd 0x52140503
dd 0x03007722
dd 0x034ba393
dd 0x12521e05
dd 0x9a030097
dd 0x06044ca9
dd 0x97225216
dd 0xa8990300
dd 0x1e05044c
dd 0x00771452
dd 0x449c9003
dd 0x520f0302
dd 0x03007724
dd 0x02439c8f
dd 0x14521503
dd 0x95030097
dd 0x040245a0
dd 0x97245211
dd 0xa0950300
dd 0x16030245
dd 0x0046a263
dd 0xccad5a03
dd 0x63170e08
dd 0x03004692
dd 0x08cd8a5b
dd 0x22631110
dd 0xc5030047
dd 0x0e08cbee
dd 0x4712632b
dd 0xefc50300
dd 0x1e0f08cc
dd 0x0046a243
dd 0xcc886103
dd 0x43170e08
dd 0x03004692
dd 0x08cd8a62
dd 0x22431110
dd 0x72020047
dd 0x07046686
dd 0x4712432c
dd 0x87720200
dd 0x20080466
dd 0x0046a253
dd 0xe5996d03
dd 0x53171009
dd 0x03004692
dd 0x09e69a6e
dd 0x22531011
dd 0x8c020047
dd 0x080573a0
dd 0x4712532b
dd 0xa18c0200
dd 0x1b080573
dd 0x0046a463
dd 0x62974003
dd 0x630e0805
dd 0x04004694
dd 0x09c5e783
dd 0x24630a12
dd 0xab030047
dd 0x080561d8
dd 0x4714631b
dd 0xd9ac0300
dd 0x14080562
dd 0x0046a443
dd 0xc3e48e04
dd 0x430e1009
dd 0x04004694
dd 0x09c5e690
dd 0x24430b12
dd 0xc9030047
dd 0x080561f6
dd 0x4714431d
dd 0xf7ca0300
dd 0x15080562
dd 0x0046a453
dd 0x7a885703
dd 0x530f0a06
dd 0x03004694
dd 0x067b8a58
dd 0x24530a0b
dd 0x81020047
dd 0x05033d98
dd 0x4714531c
dd 0x98810200
dd 0x1205033d
dd 0x004aa263
dd 0xa8765803
dd 0x631a0d08
dd 0x03004a92
dd 0x08a97759
dd 0x2263130e
dd 0xad03004b
dd 0x0c08a8c8
dd 0x4b12632e
dd 0xc8ad0300
dd 0x200d08a9
dd 0x004aa243
dd 0xa8765d03
dd 0x431a0d08
dd 0x03004a92
dd 0x08a9775e
dd 0x2243130e
dd 0xc503004b
dd 0x0c08a8e0
dd 0x4b12432f
dd 0xe0c50300
dd 0x220d08a9
dd 0x004aa253
dd 0xbd856803
dd 0x53190e08
dd 0x03004a92
dd 0x08be8669
dd 0x2253110f
dd 0x9702004b
dd 0x07045fa3
dd 0x4b125330
dd 0xa3980200
dd 0x1e07045f
dd 0x004aa463
dd 0xc7ca8304
dd 0x63100e08
dd 0x04004a94
dd 0x08c9cc85
dd 0x24630c10
dd 0x9703004b
dd 0x070463b6
dd 0x4b14631e
dd 0xb7970300
dd 0x16070464
dd 0x004aa443
dd 0xc7ca8e04
dd 0x43100e08
dd 0x04004a94
dd 0x08c9cb8f
dd 0x24430c10
dd 0xaf03004b
dd 0x070463cf
dd 0x4b144320
dd 0xcfb00300
dd 0x17070464
dd 0x004aa453
dd 0xf8f2ae04
dd 0x53101009
dd 0x04004a94
dd 0x09faf4b0
dd 0x24530c12
dd 0x8f02004b
dd 0x04033e9d
dd 0x4b14531f
dd 0x9d8f0200
dd 0x1705033f
dd 0x004ea263
dd 0x94975d03
dd 0x631c0b06
dd 0x03004e92
dd 0x0695985e
dd 0x2263150c
dd 0xb203004f
dd 0x0b0693e7
dd 0x4f126334
dd 0xe7b30300
dd 0x230b0694
dd 0x004ea243
dd 0x94826003
dd 0x431d0b06
dd 0x03004e92
dd 0x06958361
dd 0x2243150c
dd 0xb203004f
dd 0x0b0693d3
dd 0x4f124334
dd 0xd4b20300
dd 0x230b0694
dd 0x004ea253
dd 0xa6786503
dd 0x531a0c07
dd 0x03004e92
dd 0x07a77966
dd 0x2253120d
dd 0x8502004f
dd 0x0604538c
dd 0x4f125331
dd 0x8c860200
dd 0x1f060453
dd 0x004ea463
dd 0x60884703
dd 0x63120604
dd 0x03004e94
dd 0x04618948
dd 0x24630e07
dd 0x9c03004f
dd 0x060460d8
dd 0x4f146322
dd 0xd89d0300
dd 0x19060460
dd 0x004ea443
dd 0xc0e59404
dd 0x43120c07
dd 0x04004e94
dd 0x07c1e796
dd 0x24430e0e
dd 0x9c03004f
dd 0x060460c4
dd 0x4f144322
dd 0xc59c0300
dd 0x19060460
dd 0x004ea453
dd 0xefdda704
dd 0x53110e08
dd 0x04004e94
dd 0x08f0dea9
dd 0x24530d10
dd 0x7d02004f
dd 0x04023c88
dd 0x4f145324
dd 0x887d0200
dd 0x1804023c

ref_fffd5840:
db '0000000000000000',0x00,0x00,0x00,0x00

ref_fffd5854:
db '                ',0x00,0x00,0x00,0x00

ref_fffd5868:
db '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ',0x00,0x00,0x00,0x00

ref_fffd5890:
dd 0x00000001
dd 0x00000002
dd 0x00000004
dd 0x00000008
dd 0x00000010
dd 0x00000020
dd 0x00000040
dd 0x00000000

ref_fffd58b0:
db ' +-#0!^',0x00

ref_fffd58b8:
dd 0x283c7800
dd 0x9066141e

ref_fffd58c0:
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000001
dd 0x00000000
dd 0x00000001

ref_fffd58d8:
dd 0x01010101
dd 0x00010101

ref_fffd58e0:
dd 0xfb0af600
dd 0x000ff105

ref_fffd58e8:
dd 0x00aaaaaa
dd 0x00cccccc
dd 0x00f0f0f0

ref_fffd58f4:
dd 0x00a10ca1
dd 0x00ef0d08
dd 0x00ad0a1e

ref_fffd5900:
dd 0x05000500
dd 0x00000000
dd 0x00000000

ref_fffd590c:
dd 0x08c009b0
dd 0x00000000
dd 0x00000000

ref_fffd5918:
dd loc_fffbf5bb
dd loc_fffbf620
dd loc_fffbf92d
dd loc_fffbf92d
dd loc_fffbf685
dd loc_fffbf787
dd loc_fffbf8aa

ref_fffd5934:
dd 0x00000006
dd 0x00000002
dd 0x00000001
dd 0x00000000
dd 0x00000002
dd 0x00000001
dd 0x00000000

ref_fffd5950:
dd 0x00000000
dd 0x00000001
dd 0x00000002
dd 0x00000003
dd 0x00000001
dd 0x00000002
dd 0x00000003

ref_fffd596c:
dd 0x00000000
dd 0xfffffffa
dd 0xfffffff4
dd 0xffffffee
dd 0x00000006
dd 0x0000000c
dd 0x00000012

ref_fffd5988:
dd loc_fffc31e7
dd loc_fffc3222
dd loc_fffc3219
dd loc_fffc3210
dd loc_fffc3207
dd loc_fffc31fe
dd loc_fffc31f0
dd loc_fffc3234
dd loc_fffc322b

ref_fffd59ac:
dd 0x00000020
dd 0x00000040
dd 0x00000080
dd 0x00000100
dd 0x00000200
dd 0x00000400
dd 0x00000800
dd 0x00001000

ref_fffd59cc:
dd loc_fffc35d2
dd loc_fffc35de
dd loc_fffc35ef
dd loc_fffc35fb
dd loc_fffc3607

ref_fffd59e0:
dd loc_fffc3c31
dd loc_fffc3d79
dd loc_fffc3c42
dd loc_fffc3c4a
dd loc_fffc3c55
dd loc_fffc3c60
dd loc_fffc3c6b
dd loc_fffc3c73
dd loc_fffc3c7e
dd loc_fffc3c8a
dd loc_fffc3c9f
dd loc_fffc3c92
dd loc_fffc3cb2
dd loc_fffc3cba
dd loc_fffc3ca7
dd loc_fffc3cc4
dd loc_fffc3ccc
dd loc_fffc3cd7
dd loc_fffc3ce2
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3cea
dd loc_fffc3cf3
dd loc_fffc3cfb
dd loc_fffc3d03
dd loc_fffc3d0e
dd loc_fffc3d19
dd loc_fffc3d2d
dd loc_fffc3d2d
dd loc_fffc3d2d
dd loc_fffc3d2d
dd loc_fffc3d2d
dd loc_fffc3d4a
dd loc_fffc3d58
dd loc_fffc3d6b
dd loc_fffc3dad
dd loc_fffc3d8c
dd loc_fffc3d97
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3da2
dd loc_fffc3dad
dd loc_fffc3d66
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3dad
dd loc_fffc3d81

ref_fffd5abc:
dd 0x04030201
dd 0x06000500
dd 0x00000700

ref_fffd5ac8:
dd 0x08040201
dd 0x08040201
dd 0x00000000

ref_fffd5ad4:
dd 0x08040201
dd 0x00000000
dd 0x08040201

ref_fffd5ae0:
dd loc_fffcad86
dd loc_fffcad8a
dd loc_fffcad8e
dd loc_fffcada0
dd loc_fffcadc1
dd loc_fffcadc1
dd loc_fffcadc1
dd loc_fffcadc1
dd loc_fffcadc1
dd loc_fffcadc1
dd loc_fffcadab
dd loc_fffcadb2
dd loc_fffcadc1
dd loc_fffcadc1
dd loc_fffcadc1
dd loc_fffcadab

ref_fffd5b20:
dd 0x08c009b0
dd 0x08c009b0
dd 0x00000000

ref_fffd5b2c:
dd 0x08c009b0
dd 0x00000000
dd 0x90660000

ref_fffd5b38:
dd loc_fffcca6b
dd loc_fffcca76
dd loc_fffcca87
dd loc_fffcca98
dd loc_fffccaa9
dd loc_fffccb52
dd loc_fffccbfe
dd loc_fffccfba
dd loc_fffccc18
dd loc_fffccd45
dd loc_fffcce72
dd loc_fffccaba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccbe1
dd loc_fffccb52
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccfba
dd loc_fffccbe1
dd loc_fffccb52

ref_fffd5bc0:
dd 0x02010201
dd 0x02010201
dd 0x03030303
dd 0x00000000

ref_fffd5bd0:
dd 0x040f0f0f
dd 0x010f030f
dd 0x0f0f0f0f
dd 0x000f0205

ref_fffd5be0:
dd 0x32320101
dd 0x20101010
dd 0x23232320
dd 0x00000020
dd 0x00000010
dd 0x00000023
dd 0x21303120
dd 0x00002120
dd 0x00003020
dd 0x00000020
dd 0x00000000
dd 0x00000000

ref_fffd5c10:
dd fcn_fffb7458
dd 0x0000dd1b
dd 0xff320000
dd fcn_fffc3896
dd 0x0001dd1c
dd 0xff3e0000
dd fcn_fffc3bcc
dd 0x0004dd1e
dd 0xff3f0000
dd fcn_fffa95c3
dd 0x0005dd1f
dd 0xff3f0000
dd fcn_fffa97db
dd 0x0003dd20
dd 0xff310000
dd fcn_fffc3b2d
dd 0x0006dd21
dd 0xff3f0000
dd fcn_fffa87ee
dd 0x0007dd22
dd 0xff3f0000
dd fcn_fffa2b14
dd 0x0008dd23
dd 0xff3f0000
dd fcn_fffd20cb
dd 0x0009dd24
dd 0xff3f0000
dd fcn_fffc82f4
dd 0x000add26
dd 0xff310000
dd fcn_fffab126
dd 0x000bdd27
dd 0xff330000
dd fcn_fffc9652
dd 0x000fdd29
dd 0xff310000
dd fcn_fffb9c9b
dd 0x000ddd28
dd 0xff310000
dd fcn_fffb1d2f
dd 0x000edd25
dd 0xff310000
dd fcn_fffb28b2
dd 0x0011dd2b
dd 0xff310000
dd fcn_fffbcdcd
dd 0x0010dd2a
dd 0xff310000
dd fcn_fffbba04
dd 0x0012dd2c
dd 0xff310000
dd fcn_fffbd7ac
dd 0x0014dd2e
dd 0xff310000
dd fcn_fffbd7cc
dd 0x0015dd2f
dd 0xff310000
dd fcn_fffb16ef
dd 0x0016dd4a
dd 0xff310000
dd fcn_fffc40aa
dd 0x0024dd3a
dd 0xff310000
dd fcn_fffaf0ee
dd 0x0038dd3d
dd 0xff310000
dd fcn_fffc57e4
dd 0x0027dd3e
dd 0xff310000
dd fcn_fffb947c
dd 0x0021dd49
dd 0xff310000
dd fcn_fffcbd3d
dd 0x0017dd46
dd 0xff310000
dd fcn_fffd07ac
dd 0x0018dd30
dd 0xff310000
dd fcn_fffcbfee
dd 0x0019dd30
dd 0xff310000
dd fcn_fffcc49b
dd 0x001add32
dd 0xff310000
dd fcn_fffbf115
dd 0x001cdd33
dd 0xff310000
dd fcn_fffcbdde
dd 0x001ddd35
dd 0xff310000
dd fcn_fffcc12a
dd 0x001bdd45
dd 0xff310000
dd fcn_fffbdbe7
dd 0x001fdd37
dd 0xff310000
dd fcn_fffbdaf2
dd 0x001edd36
dd 0xff310000
dd fcn_fffcc1ee
dd 0x0028dd4b
dd 0xff310000
dd fcn_fffcc30a
dd 0x0029dd4c
dd 0xff310000
dd fcn_fffb4484
dd 0x0020dd41
dd 0xff310000
dd fcn_fffaf0ee
dd 0x0038dd3d
dd 0xff310000
dd fcn_fffc57e4
dd 0x0027dd3e
dd 0xff310000
dd fcn_fffc40aa
dd 0x0024dd3a
dd 0xff310000
dd fcn_fffbdcd9
dd 0x0025dd3b
dd 0xff310000
dd fcn_fffc242d
dd 0x0026dd3c
dd 0xff310000
dd fcn_fffca881
dd 0x0022dd38
dd 0xff310000
dd fcn_fffca8fc
dd 0x0023dd39
dd 0xff310000
dd fcn_fffbd7ec
dd 0x002fdd47
dd 0xff310000
dd fcn_fffced30
dd 0x002ddd3f
dd 0xff310000
dd fcn_fffceafd
dd 0x002edd40
dd 0xff310000
dd fcn_fffcfef1
dd 0x0043dd58
dd 0x01310000
dd fcn_fffbea2f
dd 0x0031dd44
dd 0xff310000
dd fcn_fffb947c
dd 0x0021dd49
dd 0xff310000
dd fcn_fffa7654
dd 0x0045dd48
dd 0xff310000
dd fcn_fffae645
dd 0x0030dd42
dd 0xff310000
dd fcn_fffa5ce0
dd 0x0044dd7f
dd 0xff310000
dd fcn_fffb5bed
dd 0x0039dd50
dd 0xff310000
dd fcn_fffa5d08
dd 0x0030dd42
dd 0xff310000
dd fcn_fffb847a
dd 0x0030dd42
dd 0xff310000
dd fcn_fffa5cb5
dd 0x0033dd43
dd 0xff3e0000
dd fcn_fffc82f4
dd 0x000add26
dd 0xff320000
dd fcn_fffa5ce0
dd 0x0044dd7f
dd 0xff360000
dd fcn_fffa5c93
dd 0x0033dd43
dd 0xff3e0000
dd fcn_fffaf601
dd 0x003add51
dd 0xff3f0000
dd fcn_fffb1ff0
dd 0x0034dd70
dd 0xff3c0000
dd fcn_fffc3f08
dd 0x0035dd71
dd 0xff3e0000
dd fcn_fffaf377
dd 0x0036dd5b
dd 0xff310000
dd fcn_fffaad1c
dd 0x0037dd5c
dd 0xff330000
dd fcn_fffae7f6
dd 0x003bdd5d
dd 0xff3f0000

ref_fffd5f1c:
dd 0x00030104
dd 0x00050200
dd 0x04000000
dd 0x00000706
dd 0x00000200
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x90660200

ref_fffd5f40:
dd 0x0bb80bb8
dd 0x00000000
db 0x00
db 0x00

ref_fffd5f4a:
db 'Invalid PEI data version, %d != %d',0x0a,0x00

ref_fffd5f6e:
db 'MRC: S3 Resume',0x0a,0x00

ref_fffd5f7e:
db 'Initializing Policy',0x0a,0x00

ref_fffd5f93:
db 'Installing common PPI',0x0a,0x00

ref_fffd5faa:
db 'Initializing Memory',0x0a,0x00

ref_fffd5fbf:
db 'MRC: Done.',0x0a,0x00

ref_fffd5fcb:
db 'MRC: Starting...',0x0a,0x00

ref_fffd5fdd:
db '%s:%d pool cookie corrupted...',0x0a,0x00

ref_fffd5ffd:
db '%s:%d failed to allocate %d bytes...',0x0a,0x00

ref_fffd6023:
db 'hljztL',0x00

ref_fffd602a:
db '(null)',0x00,0x00,0x00,0x00

ref_fffd6034:
dd 0xe6af1f7b
dd 0x46dafc3f
dd 0xb4a328a8
dd 0x8242a457

ref_fffd6044:
dd 0x00000000
dd fcn_fffb4a3c

ref_fffd604c:
dd 0x1f4c6f90
dd 0x48d8b06b
dd 0xe5ba01a2
dd 0x567dcdf1

ref_fffd605c:
db 0x01
dd fcn_fffb3f4b
dd fcn_fffb878b
dd fcn_fffc5590
dd fcn_fffb8736
db 0x00, 0x00, 0x00

ref_fffd6070:
dd 0x794a0deb
dd 0x4e7bc971
dd 0xbfd0f28a
dd 0x9826ca3c

ref_fffd6080:
dd 0x80000010
dd ref_fffd6034
dd 0x00000000

ref_fffd608c:
dd fcn_fffb7600
dd fcn_fffc9574
dd fcn_fffb6fd2
dd fcn_fffb6f06
dd fcn_fffab024
dd fcn_fffb3f19
dd fcn_fffaafcb
dd fcn_fffaafb4
dd fcn_fffab02d
dd fcn_fffb3f35
dd fcn_fffaafe6
dd fcn_fffaafbd
dd fcn_fffb3d44
dd fcn_fffb3d11
dd fcn_fffb3d75
dd fcn_fffb3dcd
dd fcn_fffb3da6
dd fcn_fffb3d2e
dd fcn_fffb3d91
dd fcn_fffcc4b8

ref_fffd60dc:
dd 0x98191174
dd 0x41060b26
dd 0x45d002af
dd 0x2b05e851

ref_fffd60ec:
dd 0xaf4a1998
dd 0x45454949
dd 0xe7c14c9c
dd 0x56e042c0

ref_fffd60fc:
dd 0x02353140
dd 0x20373144
dd 0x32103146
dd 0x32163148
dd 0x3250314c
dd 0x76543150

ref_fffd6114:
dd 0x00003100
dd 0x03203200
dd 0x00003108
dd 0x00000001
dd 0x0000310c
dd 0x43214321
dd 0x00003110
dd 0x00000001
dd 0x00003114
dd 0x00000001
dd 0x00003118
dd 0x00000001

ref_fffd6144:
dd 0x02353140
dd 0x20373144
dd 0x32103146
dd 0x32163148
dd 0x3250314c
dd 0x76543150
dd 0x00063158
dd 0x55443164
dd 0x00073168

ref_fffd6168:
dd 0x00003100
dd 0x03203200
dd 0x00003108
dd 0x00000001
dd 0x0000310c
dd 0x43214321
dd 0x00003110
dd 0x00000001
dd 0x00003118
dd 0x00000001

ref_fffd6190:
dd 0xa6a4a2a0

ref_fffd6194:
dd 0x422b8086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x422c8086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x42388086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x42398086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00828086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00858086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00838086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00848086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00868086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00878086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00888086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00898086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x008f8086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00908086
dd 0x02ffffff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08ae8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08af8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08968086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08978086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08858086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08868086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08948086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08958086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08928086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08938086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08908086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08918086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08878086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08888086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x088e8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x088f8086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08b58086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08b68086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x08b38086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b38086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b48086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b48086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b18086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b18086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b28086
dd 0x028002ff
dd 0x01540003
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b28086
dd 0x028002ff
dd 0x01580002
dd 0x00000003
dd 0x00000000
dd 0x00000000
dd 0x08b08086
dd 0x028002ff
dd 0x00000001
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x00000000

ref_fffd6584:
dd 0x50031131
dd 0x43ef4f24
dd 0x3773afb7
dd 0xac0ef794

ref_fffd6594:
dd 0x80000010
dd ref_fffd604c
dd ref_fffd6044

ref_fffd65a0:
dd 0x433e0f9f
dd 0x410a05ae
dd 0x29bfc3a0
dd 0xac25cb8e

ref_fffd65b0:
dd 0xf894643d
dd 0x42d1c449
dd 0xbd85a88e
dd 0xde5bc6d8

ref_fffd65c0:
dd 0xf8d5438e
dd 0x481d26e1
dd 0xd6303cb6
dd 0x20a4f4ef

ref_fffd65d0:
dd 0x4c10d934
dd 0x45a438e6
dd 0x792a249a
dd 0x7fcb3db9

ref_fffd65e0:
dd 0x80000010
dd ref_fffd6070
dd ref_fffd605c

ref_fffd65ec:
dd 0x3d0e663a
dd 0x4489dc72
dd 0x9ee4c587
dd 0x52a473e7

ref_fffd65fc:
dd 0x3e14d361
dd 0x42e4c7d7
dd 0xebb907ae
dd 0x2aed9648

ref_fffd660c:
dd 0x87f22dcb
dd 0x41057304
dd 0x71317cbb
dd 0x3bc2cc43

ref_fffd661c:
dd 0x573eaf99
dd 0x46b5f445
dd 0x4abcd5a5
dd 0xf3983593

ref_fffd662c:
dd 0x9ca93627
dd 0x4324b65b
dd 0xb4c002a2
dd 0x43457661

ref_fffd663c:
dd 0x17865dc0
dd 0x4da80b8b
dd 0x467c428b
dd 0x4dca5cb8

ref_fffd664c:
dd 0xf38d1338
dd 0x4fb6af7a
dd 0x9c1adb91
dd 0x0d578321

ref_fffd665c:
dd 0x00000000
dd 0x00000000
dd 0x00000000
dd 0x000003ff
dd 0x000003ff
dd 0x00000000
dd 0x000002aa
dd 0x000002aa
dd 0x00000001
dd 0x00000155
dd 0x00000155
dd 0x00000001

ref_fffd668c:
dd 0x1e94f097
dd 0x40895acd
dd 0xa5b9e3b2
dd 0x0ca779c8